{"version":3,"file":"WJBZI1Ghk-59.CJ3oMBHg.mjs","names":["o","n"],"sources":["https:/framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/Kcjcoin3g1OiIQQKhAhI/WJBZI1Ghk-59.js"],"sourcesContent":["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as o}from\"framer\";import{motion as n}from\"framer-motion\";import*as a from\"react\";export const richText=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"One year ago, the U.S. President's \",/*#__PURE__*/e(o,{href:\"https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Executive Order 14028\"})}),\" on improving the nation's cybersecurity included enhancing software supply chain security as one of its items. The directive followed the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/solarwinds-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SolarWinds\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/exchange-server-hack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Microsoft Exchange Server\"})}),\" incidents. But the threat of supply chain attacks still holds to this day, mainly for managed service providers (MSP). These firms deliver, operate or manage information and communications technology (ICT) services to other firms. In fact, last week, the Cybersecurity and Infrastructure Security Agency (CISA), along with other cyber intelligence agencies of the U.S., Canada, the U.K., Australia and New Zealand, \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/news/2022/05/11/joint-cybersecurity-advisory-protect-msp-providers-and-customers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"posted\"})}),\" actions that MSPs should take to improve resilience of the global supply chain.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In the Executive Order, the National Institute of Standards and Technology (NIST) was asked to solicit input from different sectors, like government agencies, private firms and academia, to identify practices that could enhance the security of the software supply chain. What is more, it was responsible for issuing preliminary guidelines, which it did in November last year. And early this month, it issued an update on the \",/*#__PURE__*/e(\"em\",{children:\"Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations\"}),\" (\",/*#__PURE__*/e(o,{href:\"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"NIST Special Publication 800-161 Revision 1\"})})}),\").\"]}),/*#__PURE__*/e(\"p\",{children:\"Let's consider the supplier relationship: How one supplier gets components for their solution from other suppliers, and so on. We can tell that each acquiring organization loses visibility, understanding and control of its supply chain. As they rely more and more on third-party components to build their technology, they need to become aware of the risk and assess the security of each of their system components. So, in this blog post, we will give you some of the key takeaways from the NIST publication.\"}),/*#__PURE__*/e(\"img\",{alt:\"NIST - Organization's reduced visibility\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/8gmN26AmgeHKMWmGKzwG2dOda5s.png\",srcSet:\"https://framerusercontent.com/images/8gmN26AmgeHKMWmGKzwG2dOda5s.png?scale-down-to=512 512w,https://framerusercontent.com/images/8gmN26AmgeHKMWmGKzwG2dOda5s.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/8gmN26AmgeHKMWmGKzwG2dOda5s.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"The NIST's depiction of an organization's reduced visibility, understanding and control of its supply chain. Taken from \",/*#__PURE__*/e(o,{href:\"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"nvlpubs.nist.gov\"})}),\".\"]})]});export const richText1=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"A matter entwined with enterprise risk management\"}),/*#__PURE__*/e(\"p\",{children:\"One major step that every organization must take is to place cybersecurity on the boardroom agenda. This will make it possible for cybersecurity supply chain risk management (C-SCRM) to be effectively addressed. Indeed, one of the challenges is to put the issue, responsibilities and activities in terms that are understandable for everyone. The NIST aims to do this in the introduction by suggesting what sections personnel at the executive, management or practitioner level should read.\"}),/*#__PURE__*/e(\"p\",{children:\"The contribution of some personnel to C-SCRM is expected. For example, developers are responsible for identifying issues in software and fixing them at early stages, and engineers for designing products and understanding requirements for open-source components. But the publication recommends that everyone be aware of the supply chain risk and linked policies and receive C-SCRM-related training.\"}),/*#__PURE__*/t(\"p\",{children:[\"In addition to trying to reach out to a vast public, this publication acknowledges that C-SCRM is a big issue to solve which affects the entire enterprise. And that is why the NIST maps it to the overall enterprise risk management function. Then, the supply chain risk needs to be monitored, quantitatively measured and also be included in the firm's \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/incident-response-plan/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"incident response plan\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"And one more important piece of advice in this publication is for organizations to have policies on acquiring systems from the supply chain into their production environment. For this, they need to have steering committees for C-SCRM to decide what is acceptable. What different committees, who could be on them and what they would be responsible for can be defined drawing inspiration from Table 2-1 in the publication. It shows the generic stakeholders at each level and their activities.\"}),/*#__PURE__*/e(\"h2\",{children:\"NIST supply chain key practices\"}),/*#__PURE__*/e(\"p\",{children:\"Now, on to the actual key practices that the NIST describes in their publication. They are broken down into three categories and arranged in ascending order according to their level of maturity. Here, we summarize a few selected items that connect to the previously mentioned highlights. However, you can find all the practices in the publication in section 3.4.\"}),/*#__PURE__*/e(\"h3\",{children:\"Foundational practices\"}),/*#__PURE__*/e(\"p\",{children:\"At a base level, we have actions that aim towards building a C-SCRM practicing capability. They include the following:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Obtaining senior leadership support for establishing C-SCRM.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Implementing a risk management hierarchy and process.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Developing a process to measure the criticality of the organization's suppliers, products and services.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Integrating C-SCRM into products and services acquisition policies.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Using supplier risk-assessment processes and threat and vulnerability analyses.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Monitoring components of embedded software.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Implementing quality assurance and quality control processes.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Establishing internal checks to ensure compliance with security requirements.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Implementing an incident response plan.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Sustaining practices\"}),/*#__PURE__*/e(\"p\",{children:\"These are more advanced actions that revolve around how organizations can mature processes mentioned in the previous segment. The practices at this level include the following:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"Assessing the supplier's security capabilities and practices by looking at formal certifications (e.g., \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-compliance-iso27001\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ISO27001\"})}),\"), among other things.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Continuously monitoring changes to the risk profile of the supplied products and services and the supply chain itself.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Integrating C-SCRM requirements into contractual agreements with suppliers, developers, MSPs, etc.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Involving critical suppliers in the incident response plan.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Engaging with various agents, like suppliers and stakeholders, to improve their cybersecurity practices.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Collecting C-SCRM metrics.\"})})]}),/*#__PURE__*/e(\"h3\",{children:\"Enhancing practices\"}),/*#__PURE__*/e(\"p\",{children:\"These actions basically refer to the use of automation. They include the following:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Automating C-SCRM processes.\"})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/e(\"p\",{children:\"Analyzing risk quantitatively with probabilistic approaches to find out the likelihood and impact of cybersecurity issues throughout the supply chain.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"Know what's in your software\"}),/*#__PURE__*/t(\"p\",{children:[\"Additionally to the practices summarized above, our advice at Fluid Attacks is to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"search for vulnerabilities\"})}),\" in your software third-party components and your own code throughout the entire software development lifecycle. Our automated and manual \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/sca/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"software composition analysis\"})}),\" helps you identify issues that you can fix to prevent falling victim to supply chain attacks. Want to know more? \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Contact us\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"_____\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),\"⚠️ \",/*#__PURE__*/e(\"strong\",{children:\" \"}),/*#__PURE__*/t(\"em\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Caution:\"}),\" Many major details from the NIST publication are missing in this blog post. Having read this post in no way substitutes for careful reading of the NIST SP 800-161r1. For a thorough understanding of the guidelines, we recommend reading the \"]}),/*#__PURE__*/e(o,{href:\"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"original text\"})})}),/*#__PURE__*/t(\"em\",{children:[\".\",/*#__PURE__*/t(\"strong\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{})]})]}),\"_____\"]})]});export const richText2=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/ecb/history/html/index.es.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"En 1988\"})}),\", algunos pa\\xedses europeos decidieron crear una uni\\xf3n econ\\xf3mica que permitiera la libre circulaci\\xf3n de capitales entre ellos y tuviera una autoridad compartida y una pol\\xedtica monetaria \\xfanica. A\\xf1os m\\xe1s tarde, definieron y adoptaron una moneda com\\xfan, el euro, que surgi\\xf3 junto con la \",/*#__PURE__*/e(o,{href:\"https://es.wikipedia.org/wiki/Eurozona\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"eurozona\"})}),\", que ahora incluye a 19 de los 27 pa\\xedses miembros de la Uni\\xf3n Europea (UE). Hoy, la instituci\\xf3n que rige esa moneda es el Banco Central Europeo (BCE). Es sobre una iniciativa relacionada con la ciberseguridad dentro de esta organizaci\\xf3n de lo que hablaremos en este art\\xedculo del blog.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/ecb/html/index.es.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Adem\\xe1s de\"})}),\" ayudar a mantener estables los precios en la eurozona, el BCE realiza importantes esfuerzos para contribuir a la seguridad de la banca europea \",/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/ecb/educational/explainers/tell-me-more/html/anniversary.es.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Desde 2014\"})}),\", supervisa la solidez y resistencia de los bancos de la zona, exigi\\xe9ndoles que realicen ajustes siempre que aparezca alguna irregularidad. En el contexto digital, el BCE busca firmemente proteger el dinero de los usuarios frente a las ciberamenazas y act\\xfaa de forma preventiva con la comunidad financiera. En concreto, ponen a prueba la seguridad y la ciberresiliencia de sus entidades. \",/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/paym/cyber-resilience/html/index.en.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Como ellos dicen\"})}),\", la ciberresiliencia se refiere a la capacidad de proteger los datos y sistemas electr\\xf3nicos de los ciberataques, as\\xed como de reanudar r\\xe1pidamente las operaciones comerciales en caso de que un ataque tenga \\xe9xito. Esta ciberresiliencia la ponen a prueba con la ayuda de \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" o \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/que-es-hacking-etico/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" \\xe9ticos\"]})}),\", siguiendo procedimientos que se basan en el \",/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"TIBER-EU\"})}),\".\"]})]});export const richText3=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"\\xbfQu\\xe9 es TIBER-EU y c\\xf3mo funciona?\"}),/*#__PURE__*/t(\"p\",{children:[\"El TIBER-EU (Threat Intelligence-based Ethical Red Teaming) es un marco com\\xfan desarrollado por los bancos centrales nacionales de la UE y el BCE, publicado en 2018. Este, orienta a las autoridades, entidades y proveedores de inteligencia de amenazas (TI por sus iniciales en ingl\\xe9s) y \",/*#__PURE__*/e(\"em\",{children:\"red teaming\"}),\" (RT) en ciberataques controlados y en la mejora de la ciberresiliencia de las entidades. Siguiendo el enfoque de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/cybersecurity-essentials/que-es-red-teaming\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[\"un \",/*#__PURE__*/e(\"em\",{children:\"red team\"})]})}),\", como el de Fluid Attacks, sus pruebas buscan imitar las t\\xe1cticas, t\\xe9cnicas y procedimientos de los atacantes maliciosos. Pretenden \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-breach-attack-simulation/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"simular ataques reales\"})}),\" a los sistemas de sus entidades, especialmente a sus operaciones cr\\xedticas, para determinar sus debilidades y fortalezas e impulsar as\\xed el crecimiento de su nivel de madurez en ciberseguridad. (Esto nos recuerda al \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.docsend.com/view/4k524b3gviwqubri\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SAMM de OWASP\"})}),\", que puedes emplear, por ejemplo, para evaluar la madurez de tus pruebas de seguridad.)\"]}),/*#__PURE__*/t(\"p\",{children:[\"En las pruebas TIBER-EU participan varios equipos. Del lado de la entidad (generalmente del sector financiero) que va a ser evaluada est\\xe1n los equipos azul y blanco. El primero es el que desconoce que va a ser objeto de ataques simulados destinados a evaluar sus capacidades de prevenci\\xf3n, detecci\\xf3n y respuesta. El segundo es un grupo reducido de personas que conoce acerca del procedimiento y contribuye a su ejecuci\\xf3n. Por otro lado, est\\xe1n los proveedores de TI y RT. La primera empresa analiza el espectro de amenazas potenciales y realiza un reconocimiento de la entidad. La segunda empresa se encarga del \",/*#__PURE__*/e(\"em\",{children:\"hacking\"}),\" \\xe9tico o ataques deliberados contra los sistemas de la entidad y sus operaciones cr\\xedticas. Por \\xfaltimo, est\\xe1 el equipo cibern\\xe9tico TIBER. Este grupo pertenece a la autoridad y se encarga de la supervisi\\xf3n de la prueba para garantizar el cumplimiento de los requisitos del marco.\"]}),/*#__PURE__*/t(\"p\",{children:[\"El TIBER-EU tambi\\xe9n gestiona los requisitos para los proveedores de TI y RT. La entidad a ser examinada debe comprobar que esos requisitos se cumplen antes de trabajar con aquellas empresas. Se trata de \",/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/pub/pdf/other/ecb.1808tiber_eu_framework.en.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"est\\xe1ndares de selecci\\xf3n\"})}),\" de los que hablaremos en un pr\\xf3ximo art\\xedculo. De momento, conozcamos un poco el \",/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_framework.en.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"procedimiento de las pruebas\"})}),\". Las autoridades de los pa\\xedses europeos, en acuerdo con las entidades bajo su responsabilidad, determinan en qu\\xe9 casos y cu\\xe1ndo llevarlas a cabo. Para ser reconocido como prueba TIBER-EU, este proceso debe ser realizado por proveedores externos independientes y no por los equipos internos de las entidades. El marco estipula que esta prueba debe dividirse en tres fases: preparaci\\xf3n, prueba y cierre.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Fases de TIBER-EU\",className:\"framer-image\",height:\"215\",src:\"https://framerusercontent.com/images/GHSjbHifwashuJlXo76rBEF274.png\",srcSet:\"https://framerusercontent.com/images/GHSjbHifwashuJlXo76rBEF274.png?scale-down-to=512 512w,https://framerusercontent.com/images/GHSjbHifwashuJlXo76rBEF274.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/GHSjbHifwashuJlXo76rBEF274.png 1920w\",style:{aspectRatio:\"1920 / 430\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Imagen tomada de \",/*#__PURE__*/e(o,{href:\"https://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_framework.en.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ecb.europa.eu\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Antes de la fase de preparaci\\xf3n, TIBER-EU ofrece una fase opcional: el \",/*#__PURE__*/e(\"strong\",{children:\"panorama gen\\xe9rico de amenazas\"}),\". Este paso consiste en realizar una evaluaci\\xf3n gen\\xe9rica del panorama de amenazas del sector financiero nacional. Esto implica mapear el rol de la entidad e identificar a los actuales actores de amenazas de alto nivel para el sector junto con sus m\\xe9todos contra este tipo de entidades. En la \",/*#__PURE__*/e(\"strong\",{children:\"fase de preparaci\\xf3n\"}),\", se definen los equipos responsables de la prueba junto con el alcance de la misma. La autoridad valida lo anterior y la entidad contrata a los proveedores de TI y RT.\"]}),/*#__PURE__*/t(\"p\",{children:[\"En la \",/*#__PURE__*/e(\"strong\",{children:\"fase de prueba\"}),', la empresa de TI elabora un \"Informe de inteligencia sobre amenazas espec\\xedficas\", presentando escenarios de amenazas e informaci\\xf3n relevante sobre la entidad. (El panorama gen\\xe9rico de amenazas de la fase opcional servir\\xeda de base para esta etapa). La empresa de RT utiliza todo esto para desarrollar escenarios de ataque y ejecutar ataques controlados contra determinados sistemas cr\\xedticos de producci\\xf3n, personas y procesos que sustentan las funciones cr\\xedticas de la entidad.']}),/*#__PURE__*/t(\"p\",{children:[\"En la \",/*#__PURE__*/e(\"strong\",{children:\"fase de cierre\"}),', el proveedor de RT ofrece un \"informe de prueba del ',/*#__PURE__*/e(\"em\",{children:\"red team\"}),'\" con detalles de los m\\xe9todos empleados, as\\xed como las hallazgos y evidencias de la prueba. En funci\\xf3n de cada caso, este informe puede incluir recomendaciones para que la entidad sometida a prueba mejore en \\xe1reas como: pol\\xedticas, operaciones, controles o consciencia. Las personas interesadas revisan y debaten la prueba y los problemas descubiertos. Despu\\xe9s, la entidad, que recibe pruebas t\\xe9cnicas detalladas sobre sus puntos d\\xe9biles o vulnerabilidades, acuerda y completa un \"Plan de remediaci\\xf3n\".']}),/*#__PURE__*/e(\"p\",{children:\"Para todos los implicados, debe quedar claro que las pruebas TIBER-EU conllevan riesgos. Por ejemplo, las pruebas pueden dar lugar a p\\xe9rdida, alteraci\\xf3n y divulgaci\\xf3n de datos, ca\\xedda y da\\xf1os al sistema y casos de denegaci\\xf3n de servicio. Por eso el marco TIBER-EU es estricto y da prioridad al establecimiento de controles rigurosos de gesti\\xf3n de riesgos a ser empleados a lo largo de todo el proceso. El marco establece que, para que las pruebas sean seguras, deben definirse y comprenderse adecuadamente los roles y responsabilidades de todas las partes interesadas. Adem\\xe1s, de acuerdo con lo que hemos mencionado antes, y de lo que hablaremos m\\xe1s adelante, los proveedores de TI y RT deben cumplir requisitos espec\\xedficos. Y es que se espera garantizar que solo el personal mejor cualificado realice pruebas tan delicadas en funciones cr\\xedticas.\"}),/*#__PURE__*/t(\"p\",{children:[\"Algo fundamental que hace esta sofisticada y robusta iniciativa es contribuir a proporcionar un nivel de garant\\xeda adecuado de que los activos y sistemas clave de los servicios financieros est\\xe1n protegidos contra ataques de agresores t\\xe9cnicamente competentes, dotados de recursos y de car\\xe1cter persistente. Las autoridades europeas conf\\xedan en las metodolog\\xedas de los proveedores de TI y RT para evaluar la seguridad de sus entidades y reducir los riesgos. \\xbfPor qu\\xe9 ser\\xe1 que tantas organizaciones siguen enfrascadas en confiar \\xfanicamente en herramientas de escaneo automatizadas y poco precisas? Ya lo hemos dicho antes: Para ir un paso adelante de los \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" maliciosos, necesitas a alguien que piense como ellos. Necesitas \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" \\xe9ticos. \\xbfTe gustar\\xeda contar con la ayuda de los \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" \\xe9ticos de Fluid Attacks? \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/contactanos/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"\\xa1Cont\\xe1ctanos!\"})})]})]});export const richText4=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"In February, \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/google-analytics-illegal/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"we talked about\"})}),\" the case of Google Analytics being illegal in France and Austria. Both the CNIL (\",/*#__PURE__*/e(\"em\",{children:\"Commission Nationale de l'Informatique et des Libert\\xe9s\"}),\") and the DSB (\",/*#__PURE__*/e(\"em\",{children:\"Datenschutzbeh\\xf6rde\"}),\"), the data protection agencies in those countries, found that the web service was sending IP addresses and other identifiers from users in Europe to the U.S., thus breaching the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/compliance/gdpr/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GDPR\"})}),\" (General Data Protection Regulation).\"]}),/*#__PURE__*/t(\"p\",{children:[\"Something we did not mention at that time was that in January the CNIL \",/*#__PURE__*/e(o,{href:\"https://www.cnil.fr/en/cookies-cnil-fines-google-total-150-million-euros-and-facebook-60-million-euros-non-compliance\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"fined Google and Facebook\"})}),\" because they were making it way too cumbersome for users to reject cookies. (These are character strings placed in a browser's memory in response to a requested resource to be used on any subsequent visits or requests.) Google and Facebook's fines were €150 million ($170 million) and €60 million ($68 million) respectively. Last week, Google introduced a button in their cookie banner that lets users in France reject all cookies without any further screens, as easily as they can accept all cookies. Let's look at the details.\"]})]});export const richText5=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"CNIL to defend the freedom of consent\"}),/*#__PURE__*/t(\"p\",{children:[\"What \",/*#__PURE__*/e(o,{href:\"https://www.theverge.com/2022/4/21/23035289/google-reject-all-cookie-button-eu-privacy-data-laws\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"happened\"})}),\" is these companies' cookie banners were violating EU data privacy laws. The problem was simply something we users are all too familiar with. It's when there is a button that says \\\"Accept all,\\\" or any variation of that, but then there is no option that makes it equally easy to reject cookies. Instead, the user has to go through a lengthy process of configuration. And sometimes, for example in \",/*#__PURE__*/e(o,{href:\"https://www.dataprotectionreport.com/2022/02/rejecting-cookies-should-be-as-easy-as-accepting-cookies-new-sanctions-by-the-french-authority-cnil/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the case of Facebook\"})}),', users are presented with a button ambiguously labeled \"Accept cookies\" after they went through the whole process of configuring each cookie used individually, even disabling all of them.']}),/*#__PURE__*/t(\"p\",{children:[\"In its \",/*#__PURE__*/e(o,{href:\"https://www.cnil.fr/en/cookies-cnil-fines-google-total-150-million-euros-and-facebook-60-million-euros-non-compliance\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"article\"})}),\" announcing the fines, the CNIL backed its argument by appealing to a psychological phenomenon. Namely, because users are interested in quickly consulting a website, the asymmetry of steps required for accepting and rejecting cookies influences their choice in favor of consent. This simple strategy was found to infringe Article 82 of the French Data Protection Act.\"]}),/*#__PURE__*/e(\"p\",{children:\"The companies not only had to pay the fines, but they were also ordered by the CNIL to provide Internet users located in France with an option to reject all cookies as simple as that to accept them all. Cue Google's new cookie consent option.\"}),/*#__PURE__*/e(\"h2\",{children:\"Reject all cookies upon the first click\"}),/*#__PURE__*/t(\"p\",{children:['The introduction of the \"Reject all\" button was announced last week in a ',/*#__PURE__*/e(o,{href:\"https://blog.google/around-the-globe/google-europe/new-cookie-choices-in-europe/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"blog post\"})}),' by Google\\'s product manager Sammit Adhya. This button is presented next to the \"Accept all\" option and is designed to be equally weighted visually. This design choice is not negligible, as the companies are required to eliminate any variable that could make one option more salient than the other.']}),/*#__PURE__*/t(\"p\",{children:[\"Both Google Search and YouTube now show the button to users in France while signed out or in Incognito Mode. According to Adhya, this option will be available soon to users across the rest of the European Economic Area, as well as those in the U.K. and Switzerland. Of course, users in France that are signed in can adjust their preferences from their Google account's \",/*#__PURE__*/e(o,{href:\"https://myaccount.google.com/data-and-privacy\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"data and privacy\"})}),\" options.\"]}),/*#__PURE__*/e(\"img\",{alt:\"YouTube message\",className:\"framer-image\",height:\"539\",src:\"https://framerusercontent.com/images/4QYUzXcjk4qrv0z9cC7DaBaSfs.png\",srcSet:\"https://framerusercontent.com/images/4QYUzXcjk4qrv0z9cC7DaBaSfs.png?scale-down-to=512 512w,https://framerusercontent.com/images/4QYUzXcjk4qrv0z9cC7DaBaSfs.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/4QYUzXcjk4qrv0z9cC7DaBaSfs.png 1919w\",style:{aspectRatio:\"1919 / 1079\"},width:\"959\"}),/*#__PURE__*/e(\"h2\",{children:'noyb to end the \"cookie banner terror\"'}),/*#__PURE__*/t(\"p\",{children:[\"The use of unlawful cookie banners has, of course, got the attention of the European Center for Digital Rights, known shortly as noyb (the meaning of this acronym is none of your business). In a \",/*#__PURE__*/e(o,{href:\"https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-issues-more-500-gdpr-complaints\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"news article\"})}),\" they posted almost one year ago, they explained they developed a software that detects banners that make it more difficult to reject than to accept cookies and generates GDPR complaints.\"]}),/*#__PURE__*/e(\"p\",{children:\"Back then, noyb said they had sent complaint drafts to 560 websites from 33 countries. These drafts were more of a warning, giving companies one month to change their banner and software settings. What's more, they sent violators a guide showing every step to make the changes. But if the companies failed to comply, noyb officially notified the relevant authority.\"}),/*#__PURE__*/t(\"p\",{children:[\"noyb \",/*#__PURE__*/e(o,{href:\"https://noyb.eu/en/more-cookie-banners-go-second-wave-complaints-underway\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"announced\"})}),\" this year in March that they launched a second round, filing 270 draft complaints and extending the response deadline to two months. They also informed that 42% of all violations found last year were remedied within the deadline. But 82% of all companies failed to fully comply with the demand and were reported to the data protection authorities. Although most of the latter confirmed the receipt of complaints, what is next appears to be a lengthy process. Still, after Google's case, companies may feel encouraged to follow suit.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Just promote people's informed choice\"}),/*#__PURE__*/e(\"p\",{children:\"Up until this point, we talked about cookies like they are an unwanted thing. Still, websites normally tell you that they use cookies \\\"to provide you with a better user experience.\\\" We are not about to discuss whether this is always the case. You probably know that necessary cookies include those that detect errors, store your consent state or help the website know that you are not a bot. Other kinds track your surfing behavior, some of their purposes being user profiling and selling for further advertising. What's key here is that you know what you are agreeing to and know that you can complain when that's not made clear.\"}),/*#__PURE__*/t(\"p\",{children:[\"Finally, if you are in charge of engineering how cookies work on your company's website or deciding on the content of the banner, make sure that you comply with standards such as the \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-compliance-gdpr\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GDPR\"})}),\" and the \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-compliance-eprivacy/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ePrivacy directive\"})}),\", especially if you have users in Europe.\"]})]});export const richText6=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"Conti — the gang \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/timeline-new-cyberwar/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"we had said\"})}),\" is supporting Russia in cyberwar and had suffered a significant breach of its internal chats — attacked some computer systems of the government of Costa Rica last week. Being a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ransomware attack\"})}),\", Conti asked for 10M dollars. But the current president, Carlos Alvarado, said that the Costa Rican state would pay nothing! Now, from different fronts, the cyberattacks continue in a worrying expansion, even reaching private firms.\"]})});export const richText7=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Timeline of events to date\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1515792916140204041/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"On April 17\"})}),\", Conti began posting on its \",/*#__PURE__*/e(o,{href:\"https://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion.ly/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\".onion.ly News channel\"})}),\" about the hacking of Costa Rica's Ministerio de Hacienda. Apparently, these cybercriminals downloaded 1 TB from their portal \",/*#__PURE__*/e(o,{href:\"https://www.hacienda.go.cr/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"hacienda.go.cr\"})}),\" along with internal documents to be made public on the 23rd of this month. (At the time of writing this post, that governmental website is out of service.) \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1516111101703958538/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"The next day\"})}),\", they requested the aforementioned amount of money, suggesting the ministry pay it to keep their taxpayers' data. To make things worse, Conti later noted that they had additionally compromised the Ministerio de Ciencia, Innovaci\\xf3n, Tecnolog\\xeda y Telecomunicaciones (MICITT) website. (\",/*#__PURE__*/e(o,{href:\"https://www.micitt.go.cr/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"micitt.go.cr\"})}),\" is also out of service at the time of this writing. This and the previous deactivation \",/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/mas-instituciones-bajo-ataque-de-conti-que-aumenta/DDMQK5ZXKFHBXDGFB3MTX3GYR4/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"are said\"})}),' to have been preventive measures.) And in a section of that website, they left this message: \"We say hello from conti, look for us on your network.\"']}),/*#__PURE__*/e(\"img\",{alt:\"Attack against Costa Rica\",className:\"framer-image\",height:\"186\",src:\"https://framerusercontent.com/images/Z3aEBEaX9br133Tm1HDoTl03WLw.png\",srcSet:\"https://framerusercontent.com/images/Z3aEBEaX9br133Tm1HDoTl03WLw.png?scale-down-to=512 512w,https://framerusercontent.com/images/Z3aEBEaX9br133Tm1HDoTl03WLw.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Z3aEBEaX9br133Tm1HDoTl03WLw.png 1980w\",style:{aspectRatio:\"1980 / 373\"},width:\"990\"}),/*#__PURE__*/t(\"h6\",{children:[\"Image taken from \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1515792916140204041/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"BetterCyber's Twitter account\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1516344303525765124/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"On April 19\"})}),\", the gang threatened to continue attacking Costa Rican ministries until it received its money. \",/*#__PURE__*/e(o,{href:\"https://twitter.com/HaciendaCR/status/1516401226862284803/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"The same day\"})}),\", the Ministerio de Hacienda began to alert the citizens about the actions of unscrupulous people who were masquerading as ministry workers asking some of them to reset their passwords. It also provided telephone numbers that the citizens could use to inform authorities in case of receiving messages or calls of dubious origin. \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1516486086444396545/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Then\"})}),\", without waiting for the earlier imposed deadline, Conti allegedly began to publish internal Costa Rican government documents, \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1516568617269219339/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"offering four links\"})}),\" to .rar/.zip files. Moreover, materializing its threat, \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1516569937418113025/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Conti stated\"})}),\" having stolen information from the Instituto Meteorol\\xf3gico Nacional and the Radiogr\\xe1fica Costarricense's email servers. And concluded its message with an unsettling remark:\"]}),/*#__PURE__*/e(\"blockquote\",{children:/*#__PURE__*/e(\"p\",{children:\"The costa rica scenario is a beta version of a global cyber attack on an entire country.\"})}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1516934122878517248/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"On April 20\"})}),\", Conti continued with the publication of private data. It revealed a total of 15.08 GB, reaching 39.77 GB \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1517097783446192130/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the following day\"})}),\". \",/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/mas-instituciones-bajo-ataque-de-conti-que-aumenta/DDMQK5ZXKFHBXDGFB3MTX3GYR4/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"At that time\"})}),\", the Journalist Carlos Cordero for Costa Rica's El Financiero described the government's response to the situation as weak and erratic. Different sectors were already demanding clarity on the affected data and contingency plans. But the government was still hiding behind the investigation process. \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1517130809660121092/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"On April 21\"})}),\", Conti included the Fondo de Desarrollo Social y Asignaciones Familiares and the Ministerio de Trabajo y Seguridad Social to its list of victims. According to another \",/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/ataques-ciberneticos-aumentaron-contra-empresas-e/3UKWNFT67RABXOS6MLXBUDEGM4/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"report by Cordero\"})}),\", a year ago, Costa Rica's institutions suffered 819 attacks a week. Last week, after Conti's onslaught began, that number reached 1,468. Multiple attackers have targeted the websites of organizations in this country to exploit their vulnerabilities. In addition, as Cordero pointed out, they have taken advantage of the low IT security culture in Costa Rica.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/gobierno-emite-directriz-para-enfrentar-a-hackers/LQL2IWCVF5EMDAN7U3MO5D4TDM/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"The attacks\"})}),\", especially on the Ministerio de Hacienda, had already affected the declaration and payment of taxes, as well as Costa Rica's import and export operations. (Exporters' unions were already estimating losses of hundreds of millions \",/*#__PURE__*/e(o,{href:\"https://therecord.media/conti-ransomware-attack-was-aimed-at-destabilizing-government-transition-costa-rican-president-says/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"due to the bottlenecks'})}),' caused by [...] outages related to the disruption of the tax and customs platforms.\") The government, for its part, as Cordero communicated, presented a guideline with basic actions such as modifying passwords, updating systems, deactivating unnecessary services and ports, and monitoring computer networks. However, these are recommendations to follow from the beginning, from a preventive point of view, not primarily to put out fires. By April 21, the government showed no signs of wanting to pay Conti. From there, the criminals had to move on to offer a discount:']}),/*#__PURE__*/e(\"img\",{alt:\"For Costa Rica 9%\",className:\"framer-image\",height:\"567\",src:\"https://framerusercontent.com/images/sjGCmWQhsccZrndqsvO1uIcIo.png\",srcSet:\"https://framerusercontent.com/images/sjGCmWQhsccZrndqsvO1uIcIo.png?scale-down-to=512 512w,https://framerusercontent.com/images/sjGCmWQhsccZrndqsvO1uIcIo.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/sjGCmWQhsccZrndqsvO1uIcIo.png?scale-down-to=2048 2048w,https://framerusercontent.com/images/sjGCmWQhsccZrndqsvO1uIcIo.png 2394w\",style:{aspectRatio:\"2394 / 1134\"},width:\"1197\"}),/*#__PURE__*/t(\"h6\",{children:[\"Image taken from \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1517155508704010240/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"BetterCyber's Twitter account\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Nevertheless, President Alvarado —nearing the end of his term— was emphatic in \",/*#__PURE__*/e(o,{href:\"https://twitter.com/CarlosAlvQ/status/1517212653520891905?cxt=HHwWgsC53dW3nI4qAAAA\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"his Twitter video\"})}),\", saying they would not pay anything. According to his criteria, this attack is not a money issue, but seeks to threaten the country's stability at a transitional juncture. He asserted that the government was rigorously and thoughtfully dealing with this incident. They even \",/*#__PURE__*/e(o,{href:\"https://www.presidencia.go.cr/comunicados/2022/04/gobierno-firma-directriz-que-fortalece-las-medidas-de-ciberseguridad-del-sector-publico/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"signed a directive\"})}),\" supposedly to strengthen security measures in public sector institutions. \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1517207258563813376/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Meanwhile\"})}),', the total amount of shared data reached 43.89 GB. Although Conti spoke of compressed databases that, once unpacked, would correspond to 853 GB. They offered it to other malicious hackers (curiously their \"colleagues from Costa Rica\") as an ideal material for phishing and, consequently, to make a profit. Subsequently, as Cordero stated ',/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/casi-165000-intentos-de-hackeo-y-de-software/WGOXXWPPIVFPFACDBNI7ZCZ3V4/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"on April 22\"})}),\", at least in the 100 institutions that adopted security measures since the beginning of the week, almost 165,000 hacking attempts were detected. Worryingly, more than 200 institutions had yet to take cybersecurity measures at that time.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/casi-165000-intentos-de-hackeo-y-de-software/WGOXXWPPIVFPFACDBNI7ZCZ3V4/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"That same day\"})}),\", President-elect Rodrigo Chaves expressed his concern about cyberattacks and their consequences on the functioning of the institutions and the payment of salaries. The MICITT made it clear how right and necessary it is to prioritize and invest resources in cybersecurity across the country. And they insisted that they were in control of the situation, having blocked the attacks to prevent their spread in affected and unaffected institutions. However, what happened next doesn't seem to be faithful proof of that.\"]}),/*#__PURE__*/t(\"p\",{children:[\"On April 23, when \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1517865344429441024/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'Conti congratulated \"Chavez\"'})}),\" on his victory, flattered his country and people, and invited him for a private chat, the Junta Administrativa del Servicio El\\xe9ctrico de Cartago (JASEC) was \",/*#__PURE__*/e(o,{href:\"https://therecord.media/conti-ransomware-cripples-systems-of-electricity-manager-in-costa-rican-town/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"being a new victim\"})}),\" of \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1518155247788740608/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"theirs\"})}),\". It seems that the servers used to manage JASEC's website, email and administrative and revenue systems were encrypted. And although JASEC had to suspend the payment of bills temporarily, \",/*#__PURE__*/e(o,{href:\"https://www.facebook.com/photo/?fbid=358984659594201&set=a.256898136469521\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it reported\"})}),\" that electricity and Internet services for its thousands of users were operating normally. \",/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/detectan-otros-201000-intentos-de-hackeo-en-153/VTP447KOJZEGRBGMXOHZMVEDAI/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"On April 24\"})}),\", MICITT reported the detection of 201,000 hacking attempts in the last 24 hours. Then, on April 25, as the Costa Rican government's refusal to pay was further solidified, Conti began talking about lashing out at large companies in this nation that will be forced to pay:\"]}),/*#__PURE__*/e(\"img\",{alt:\"For Costa Rica 84%\",className:\"framer-image\",height:\"419\",src:\"https://framerusercontent.com/images/cr4Gs0M4szyV6cpss9VvUOXccc.png\",srcSet:\"https://framerusercontent.com/images/cr4Gs0M4szyV6cpss9VvUOXccc.png?scale-down-to=512 512w,https://framerusercontent.com/images/cr4Gs0M4szyV6cpss9VvUOXccc.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/cr4Gs0M4szyV6cpss9VvUOXccc.png 1796w\",style:{aspectRatio:\"1796 / 839\"},width:\"898\"}),/*#__PURE__*/t(\"h6\",{children:[\"Image taken from \",/*#__PURE__*/e(o,{href:\"https://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion.ly/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Conti's site\"})}),\" on April 26.\"]}),/*#__PURE__*/t(\"p\",{children:['\"We will show you all your vulnerabilities.\" The security vulnerabilities are something that these threat actors continue to ',/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/que-hackeo-conti-en-jasec-la-nueva-entidad-en/NPT74BALHVB7TDPRUIPFRB772Q/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"take advantage of\"})}),\". One firm affected \",/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/carlos-herrera-ceo-de-aeropost-ataque-expuso-datos/EXXFKHDNWVGAZAATW73ZGRBVMM/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a few days ago\"})}),\" was Aeropost. The data of approximately 5% of their clients in the region (i.e., not only in Costa Rica) were compromised. Yesterday, \",/*#__PURE__*/e(o,{href:\"https://www.elfinancierocr.com/tecnologia/conti-ataca-dos-instituciones-mas-inder-y-la-sede/FEND6DV4OVAETJ4X3RBMFO3L5Q/story/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"April 26\"})}),\", two more institutions were added to the list of Conti's victims: the \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1518998432651878400?cxt=HHwWgIC5idnByJQqAAAA\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Sede Interuniversitaria de Alajuela\"})}),\" and the Instituto de Desarrollo Rural. \",/*#__PURE__*/e(o,{href:\"https://twitter.com/_bettercyber_/status/1519303501456855040/photo/1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Today\"})}),\", to add insult to injury, Conti seems to have extended their assaults to Peru.\"]}),/*#__PURE__*/t(\"p\",{children:[\"How many more affected organizations will emerge in the coming days? We have no idea. What is clear to us at Fluid Attacks is that prevention is key. \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Contact\"})}),\" one of our consultants, and find out how our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ethical hackers\"})}),\" can stay ahead of malicious hackers, identify your security vulnerabilities before they do, and help you protect your systems.\"]})]});export const richText8=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"Are you sure you're using the latest version of Google Chrome? Make sure you are. So far this year, Chrome has received three strikes. Cybercriminals have exploited \",/*#__PURE__*/e(\"em\",{children:\"at least\"}),\" three zero-day vulnerabilities in this famed web browser.\"]})});export const richText9=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"First strike: CVE-2022-0609\"}),/*#__PURE__*/t(\"p\",{children:[\"Barely \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/google-we-stopped-these-hackers-who-were-targeting-job-hunters-and-crypto-firms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"beginning this year\"})}),\", a couple of North Korean hacking groups were already exploiting a Google Chrome zero-day vulnerability. A little over a month later, on \",/*#__PURE__*/e(o,{href:\"https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"February 10\"})}),\", Google's Threat Analysis Group (TAG) discovered it and, within days, managed to patch this high-severity bug: \",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2022-0609\"})}),\". (CVSS 3.1 base score: \",/*#__PURE__*/e(o,{href:\"https://nvd.nist.gov/vuln/detail/CVE-2022-0609\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"8.8\"})}),\".) Apparently, the cybercriminals were associated with the notorious and powerful North Korean \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/lazarus-malware-cyberattack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"criminal gang Lazarus\"})}),\". As \",/*#__PURE__*/e(o,{href:\"https://blog.google/threat-analysis-group/countering-threats-north-korea/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"reported by the researchers\"})}),\", these attackers used the same exploit kit, since they had a shared supply chain, but with different targets and techniques.\"]}),/*#__PURE__*/t(\"p\",{children:[\"One group (its activity is tracked as \",/*#__PURE__*/e(o,{href:\"https://www.clearskysec.com/operation-dream-job/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Operation Dream Job\"})}),\") targeted about ten news media and IT companies. Approximately 250 people from these firms received emails with sham job opportunities sent from Oracle, Google and Disney. These emails contained links \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/spoofing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"spoofing\"})}),\" genuine recruiting websites. Once the person clicked on it, they received a hidden \",/*#__PURE__*/e(o,{href:\"https://www.techtarget.com/whatis/definition/IFrame-Inline-Frame\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"iframe\"})}),\" that activated the exploit kit. The other group (its activity is tracked as \",/*#__PURE__*/e(o,{href:\"https://securelist.com/operation-applejeus/87553/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Operation AppleJeus\"})}),\") targeted more than 85 users in cryptocurrency and fintech companies. According to \",/*#__PURE__*/e(o,{href:\"https://blog.google/threat-analysis-group/countering-threats-north-korea/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the late March report\"})}),\", at least two websites were compromised, hosting hidden iframes to deliver the exploit kit to visitors. There were also fake websites directing visitors to the same kit.\"]}),/*#__PURE__*/t(\"p\",{children:[\"This exploit kit served a highly \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Obfuscation_(software)\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"obfuscated\"})}),\" JavaScript to fingerprint the victim's system. It then collected data such as user-agent and resolution and sent it to the exploit server. If a certain number of unknown requirements were met, the user received a Chrome remote code execution (\",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/criteria-vulnerabilities-004/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"RCE\"})}),\") exploit along with additional JavaScript. Then, if the RCE was successful, the JavaScript requested a new phase called SBX, an acronym for Sandbox Escape. In these cases, the \",/*#__PURE__*/e(o,{href:\"https://medium.com/ssd-secure-disclosure/ios-vulnerabilities-3-sandbox-escape-cves-5233c92ad875\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"attacker can execute'})}),' malicious code from a sandbox outside of an environment, forcing the device to run the code within it.\"']}),/*#__PURE__*/t(\"p\",{children:[\"In response to this first strike, Google updated its Stable channel to 98.0.4758.102 for Windows, Mac and Linux. Additionally, they included all identified websites and domains in their free \",/*#__PURE__*/e(o,{href:\"https://safebrowsing.google.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Safe Browsing\"})}),\" service \",/*#__PURE__*/e(o,{href:\"https://blog.google/threat-analysis-group/countering-threats-north-korea/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"to protect users'})}),' from further exploitation.\"']}),/*#__PURE__*/e(\"h2\",{children:\"Second strike: CVE-2022-1096\"}),/*#__PURE__*/t(\"p\",{children:[\"The news of the previous strike was still fresh when Google \",/*#__PURE__*/e(o,{href:\"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"reported\"})}),\" an urgent update due to a second zero-day vulnerability in Chrome. They were informed by an anonymous party about this bug (\",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1096\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2022-1096\"})}),\") on March 23. In the release update, only about two days later, they admitted being aware of the existence of an exploit in the wild (i.e., widely published) for this \\\"high\\\" severity vulnerability. (There's yet no official CVSS score for this vulnerability.) But additional information was kept by them to a minimum. At this time, unlike in the previous case, there is no dedicated post on Google's TAG's \",/*#__PURE__*/e(o,{href:\"https://blog.google/threat-analysis-group/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"official blog\"})}),\". As they pointed out, \",/*#__PURE__*/e(o,{href:\"https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"Access to bug'})}),' details and links may be kept restricted until a majority of users are updated with a fix.\"']}),/*#__PURE__*/t(\"p\",{children:[\"Based on their report and \",/*#__PURE__*/e(o,{href:\"https://therecord.media/google-releases-emergency-security-update-for-chrome-users-after-second-0-day-of-2022-discovered/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"what we've seen\"})}),\" \",/*#__PURE__*/e(o,{href:\"https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"on the web\"})}),\", we know this is a type-confusion vulnerability in the Chrome \",/*#__PURE__*/e(o,{href:\"https://v8.dev/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"V8\"})}),\" JavaScript and WebAssembly engine. In this bug, pieces of software code in the middle of data execution operations do not verify the types of inputs they receive and may incorrectly process them as other types. Threat actors can take advantage of the software's subsequent logical errors to execute malicious code on victims' systems.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The affected engine, V8, is an open-source component for processing JavaScript and WebAssembly code that Chrome and Chromium-based web browsers use. \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/pictures/all-the-chromium-based-browsers/5/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"The latter include\"})}),\", for example, Microsoft Edge, Samsung Internet, Opera and Vivaldi. (\",/*#__PURE__*/e(o,{href:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1096\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Microsoft also informed\"})}),\" its users about this vulnerability and the new version of Edge promptly). So here we prefer to extend our initial warning: Make sure you have any of your web browsers up to date. It's worth noting that \",/*#__PURE__*/e(o,{href:\"https://www.cybersecurity-help.cz/blog/2471.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"16 zero-day vulnerabilities\"})}),\" were detected in Chrome in 2021. Eight of these were also present in V8. And \",/*#__PURE__*/e(o,{href:\"https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"three of them\"})}),\", like the one described in this segment, were type-confusion vulnerabilities: \",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21224\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-21224\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30551\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-30551\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30563\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-30563\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"In response to this second strike, Google updated its Stable channel to 99.0.4844.84 for Windows, Mac and Linux.\"}),/*#__PURE__*/e(\"h2\",{children:\"Third strike: CVE-2022-1364\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/google-fixes-chrome-zero-day-being-used-in-exploits-in-the-wild/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"April\"})}),\" brought more confusion. On the 13th, \",/*#__PURE__*/e(o,{href:\"https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Google's TAG reported\"})}),' another \"high\" severity type-confusion vulnerability in V8: ',/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1364\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2022-1346\"})}),\". (There's yet no official CVSS score for this vulnerability either.) The patch was available for all \",/*#__PURE__*/e(o,{href:\"https://www.forbes.com/sites/daveywinder/2022/04/17/emergency-security-update-for-32-billion-google-chrome-users-attacks-underway/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"3.2 billion Chrome users\"})}),\" the next day. However, Google again warned about the exploit's existence in the wild. Was this another hacking onslaught orchestrated by North Koreans? As in the previous case, we have to wait for a majority of users to update the web browser to get more details about this vulnerability.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In response to this third strike, Google updated its Stable channel to \",/*#__PURE__*/e(\"strong\",{children:\"100.0.4896.127\"}),\" for Windows, Mac and Linux. (Read about Microsoft Edge's new version \",/*#__PURE__*/e(o,{href:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1364\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"here\"})}),'.) If you want to check that your Chrome is updated, open a new browser window and go to the top right corner. Click on the three dots to open the drop-down menu and select the Settings option. Then, click the About Chrome option at the bottom of the menu on the left. Verify that you see the message \"Chrome is up to date\" and that the version number matches the one we give you here.']}),/*#__PURE__*/e(\"img\",{alt:\"About Chrome\",className:\"framer-image\",height:\"162\",src:\"https://framerusercontent.com/images/uGxjRUxEhC7bmZQCr9WylAF6c.png\",srcSet:\"https://framerusercontent.com/images/uGxjRUxEhC7bmZQCr9WylAF6c.png?scale-down-to=512 512w,https://framerusercontent.com/images/uGxjRUxEhC7bmZQCr9WylAF6c.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/uGxjRUxEhC7bmZQCr9WylAF6c.png 1441w\",style:{aspectRatio:\"1441 / 324\"},width:\"720\"}),/*#__PURE__*/e(\"p\",{children:\"Already three strikes were received by Google Chrome in 2022. Could we now determine a strikeout? Not in this game. It's enough to look back at the history of this software to say that they are likely to receive more strikes this year. Maybe this latest version we presented you here will be obsolete in a few days. So stay tuned for updates!\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we are on the lookout for these and many, many other security vulnerabilities that may affect our clients. Thanks to our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Continuous Hacking\"})}),\" service, with our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/certifications/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"highly certified\"})}),\" team of pentesters, you can enhance your \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"vulnerability management\"})}),\" program and prevent your organization from receiving highly harmful impacts from cyberattacks. For more information, do not hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us\"})}),\".\"]})]});export const richText10=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Tons of vulnerabilities are found daily in all kinds of software. You can know this just by looking at the frequency with which the \",/*#__PURE__*/e(o,{href:\"https://twitter.com/cvenew/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE Program tweets\"})}),'. This program identifies, defines and catalogs publicly disclosed cybersecurity vulnerabilities. In fact, you probably see \"CVE-...\" constantly in your news feed.']}),/*#__PURE__*/t(\"p\",{children:[\"Behind the constant flux of common vulnerabilities and exposures, there are the people constantly probing software, gathering vulnerability exploitation evidence and reporting it through the right channels. The Fluid Attacks Research Team does this too, and as we at Fluid Attacks are proudly a \",/*#__PURE__*/e(o,{href:\"https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_1-1_cnas\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CNA\"})}),\" (CVE Numbering Authority), the team gets to assign CVE IDs to the zero-day vulnerabilities they discover. After contacting the vendor of the affected software, a team member creates an advisory draft on our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/advisories/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"dedicated webpage\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"In this blog post, we would like to share some information about our Advisories that may shed some light on how the Fluid Attacks Research Team works.\"})]});export const richText11=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What is in Fluid Attacks' Advisories?\"}),/*#__PURE__*/t(\"p\",{children:[\"Our Advisories are official documents that communicate information about the vulnerabilities discovered by our research team, such as their \",/*#__PURE__*/e(o,{href:\"https://www.first.org/cvss/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVSSv3 base score\"})}),\", type according to our own \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/criteria/vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"extensive list\"})}),\", and CVE ID.\"]}),/*#__PURE__*/e(\"p\",{children:\"The team also assigns each vulnerability a code name. Why this? Well, you can probably recognize a vulnerability more reliably by its nickname than by its CVE ID. Or do you wanna try to guess what CVE-2021-44228 and CVE-2022-22947 refer to? (Find the nicknames each of these were given at the end of this post. But we invite you to try and guess!)\"}),/*#__PURE__*/t(\"p\",{children:[\"Code names are assigned by the team member who discovered the vulnerability. They are last names of musicians and artists, much like names given randomly to our clients' organizations on our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/platform/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"platform\"})}),\" are city names. That's the bit of trivia we've brought you today!\"]}),/*#__PURE__*/t(\"p\",{children:[\"The information about which versions of the product are affected is readily available as well. But whether the entry includes the description of the vulnerability, a proof of concept and a custom exploit, depends on whether this information can be disclosed at the time, following our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/advisories/policy/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Disclosure Policy\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"Our policy describes the process of how we responsibly communicate third-party product vulnerabilities found by our offensive team or our research team. We update advisory drafts at each relevant event, such as when the vendor replies to the initial contact or releases patches, or when, either in coordinated vulnerability disclosure or lack of vendor response, we must release a proof of concept.\"}),/*#__PURE__*/e(\"p\",{children:\"Of course, our policy allows time for vendors to reply, acknowledging the vulnerability or agreeing to a coordinated disclosure along with a patch. These actions should lead to a positive outcome, which is improving software before its vulnerabilities are exploited by threat actors. If the vendor fails to act promptly, our research team proceeds with the responsible disclosure process. In any case, the idea of releasing these advisories is to reduce the risk for users through awareness. Figure 1 works as an example of the images we post on social media accompanying the invitation to read our Advisories. We also promote them in our weekly newsletter.\"}),/*#__PURE__*/e(\"img\",{alt:\"Advisory example\",className:\"framer-image\",height:\"431\",src:\"https://framerusercontent.com/images/tRGk0qgccnov64naQvb2O2rBbuw.png\",srcSet:\"https://framerusercontent.com/images/tRGk0qgccnov64naQvb2O2rBbuw.png?scale-down-to=512 512w,https://framerusercontent.com/images/tRGk0qgccnov64naQvb2O2rBbuw.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/tRGk0qgccnov64naQvb2O2rBbuw.png 1920w\",style:{aspectRatio:\"1920 / 862\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Figure 1. The image we shared on social media promoting the advisory of \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/advisories/spinetta/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a vulnerability\"})}),\" in Network Olympus v1.8.0.\"]}),/*#__PURE__*/e(\"p\",{children:\"Next, we would like to share how the Fluid Attacks Research Team decides what software to investigate.\"}),/*#__PURE__*/e(\"h2\",{children:\"Of what products does Fluid Attacks release Advisories?\"}),/*#__PURE__*/t(\"p\",{children:[\"Decidedly, there are too many products to choose from when deciding where to look for vulnerabilities. Our research team browses projects on sources like \",/*#__PURE__*/e(o,{href:\"https://github.com/search\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GitHub\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://sourceforge.net/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SourceForge\"})}),\", or even looks them up on Google. They focus on open-source software (OSS) and check especially whether it satisfies two criteria. Namely, that it has a security policy and that no other CNA has already called dibs on researching its vulnerabilities.\"]}),/*#__PURE__*/t(\"p\",{children:[\"We already emphasized the importance of the first criterion in our blog post about a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/iso-iec-29147/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"guideline for vulnerability disclosure\"})}),\" (ISO/IEC 29147). In short, vendors should specify the process and the required content that should be provided for vulnerability reporting. Regarding the second criterion, although \",/*#__PURE__*/e(o,{href:\"https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_7-3_cna_scope\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it's not mandated by the CVE Program\"})}),\", Fluid Attacks defines its scope as one that does not overlap with that of other CNAs (to put if briefly), thus avoiding discovering the same vulnerability at the same time as another CNA and having to negotiate who should assign the CVE ID.\"]}),/*#__PURE__*/e(\"p\",{children:\"There are some other attributes that help the team prioritize which OSS to research. For instance, they have noticed there's a big chance of finding vulnerabilities in web applications and OSS with web components. So those are promising targets. They also expect to have a better chance of finding issues in OSS in which vulnerabilities have previously been reported. Lastly, they also suspect OSS with few released versions to more likely have vulnerabilities. However, their primary two criteria are the ones mentioned in the above paragraph. Once the research team selects an OSS, they install the last version on their machines and start looking for vulnerabilities.\"}),/*#__PURE__*/e(\"h2\",{children:\"Does Fluid Attacks divulge issues found in your system?\"}),/*#__PURE__*/t(\"p\",{children:[\"Our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Continuous Hacking\"})}),\" \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/plans/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(Advanced plan)\"})}),\" service employs highly certified \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/ethical-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ethical hackers\"})}),\" to find vulnerabilities in our clients' systems. In their assessment, our pentesters may find zero-days in third-party software. When this happens, we notify the client first and then ask for their permission to proceed with our vulnerability disclosure process, that is, to send the report to the product vendor.\"]}),/*#__PURE__*/e(\"p\",{children:\"Of course, when it comes to our clients' software, reported vulnerabilities are covered by a Non-Disclosure Agreement. Unless they give us explicit permission to publicly disclose a vulnerability, they and limited Fluid Attacks staff are the only ones who know about it. But we do urge them constantly to remediate it!\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we are committed to research. \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/advisories/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Here\"})}),\" you can find a list of our Advisories. Follow us on social media and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/subscription/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"subscribe\"})}),\" to our newsletter to get our latest updates on zero-day vulnerabilities found by the Fluid Attacks Research Team.\"]}),/*#__PURE__*/t(\"p\",{children:[\"_____\",/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/t(\"em\",{children:[/*#__PURE__*/e(\"strong\",{children:\"Note:\"}),\" The nicknames given to the vulnerabilities mentioned in this post's proposed activity are, respectively, \"]}),/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/log4shell/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"Log4Shell\"})})}),/*#__PURE__*/t(\"em\",{children:[\" and Spring4Shell. How well did you do?\",/*#__PURE__*/t(\"strong\",{children:[/*#__PURE__*/e(\"br\",{}),/*#__PURE__*/e(\"br\",{})]})]}),\"_____\"]})]});export const richText12=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Last year's number of publicly reported data breaches in the U.S. \",/*#__PURE__*/e(o,{href:\"https://notified.idtheftcenter.org/s/2021-q3-data-breach-analysis\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"had already surpassed\"})}),\" 2020's count by the end of September. With at least 1,000 breaches annually, are there still folks who think there's no chance they're getting hacked?\"]}),/*#__PURE__*/t(\"p\",{children:[\"We said in a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/optimism-bias/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"previous post\"})}),\" that the optimism bias and overconfidence are tendencies that influence the mentality that an organization will not be subject to cyberattacks. We recommended everyone adopt a healthy level of skepticism. To sum up the idea, there's a saying you have probably heard time and again: \\\"It's not a matter of \",/*#__PURE__*/e(\"em\",{children:\"if\"}),\" you get attacked, but \",/*#__PURE__*/e(\"em\",{children:\"when\"}),'.\" And ',/*#__PURE__*/e(\"em\",{children:\"when\"}),\" it happens, you better be prepared.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Preparation often comes in the form of an incident response plan. It lays out how the organization expects to manage threatening events. As private businesses and some governmental entities in the U.S. are \",/*#__PURE__*/e(o,{href:\"https://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"required by law\"})}),\" to notify about security breaches, having a plan is a shared need. We will review some of the incident response plan essentials on this blog post.\"]})]});export const richText13=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Some essentials for your incident response plan\"}),/*#__PURE__*/t(\"p\",{children:[\"It has been \",/*#__PURE__*/e(o,{href:\"https://thehackernews.com/2022/03/the-golden-hour-of-incident-response.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"suggested\"})}),\" that one of the most crucial steps of incident response is handling the situation in the first hour following its discovery. Regardless of what you think would be your immediate response to a security incident, experts \",/*#__PURE__*/e(o,{href:\"https://www.csoonline.com/article/3646616/the-emotional-stages-of-a-data-breach-how-to-deal-with-panic-anger-and-guilt.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"would agree\"})}),\" that panic and anxiety are usual responses in the environment, which then becomes hectic. It appears that it doesn't even matter how prepared everyone is on your team; most people can't help these reactions. Granted that you probably won't be able to approach the incident with a cool head, the most helpful asset will be your incident response plan.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The first thing is to define a Computer Security Incident Response Team (CSIRT). As \",/*#__PURE__*/e(o,{href:\"https://csrc.nist.gov/glossary/term/computer_incident_response_team\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"has been described\"})}),\" in publications by NIST, these teams usually consist of security analysts. You will want to have the most capable people on it, who will then have to speculate on the causes of the incident. It has been \",/*#__PURE__*/e(o,{href:\"https://thehackernews.com/2022/03/the-golden-hour-of-incident-response.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"recommended\"})}),' that, to respond efficiently during the first hour since discovery, they \"assume the most likely cause and act accordingly.\"']}),/*#__PURE__*/t(\"p\",{children:[\"The CSIRT's work can be facilitated if your organization has generated thorough \",/*#__PURE__*/e(o,{href:\"https://www.techtarget.com/searchsecurity/post/5-steps-to-implement-threat-modeling-for-incident-response\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"threat models\"})}),\". These are the product of examining the entire attack surface and the possible attack vectors to establish the necessary security measures. Mind you, these models should be up to date with \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-trends-2021/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"trends\"})}),\" such as cloud security and remote working. (By the way, the latter had a substantial effect on last year's \",/*#__PURE__*/e(o,{href:\"https://www.ibm.com/security/data-breach\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"cost of data breaches\"})}),\", adding approximately $1M, as well as the time of their discovery, adding 58 days.)\"]}),/*#__PURE__*/t(\"p\",{children:[\"Someone like a chief information security officer (CISO) would rely on those entrusted to carry out the response to validate the state of the environment and, very importantly, to assess the impact. The latter can be defined using a framework such as the \",/*#__PURE__*/e(o,{href:\"https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"NIST Guide\"})}),\" for Conducting Risk Assessments. In this guide, an assessment scale suggests, for example, how a high impact equals the organization's incapability to fulfill its mission. In such a situation, assets may be severely damaged and even individuals could be harmed. As you might have guessed, this guide includes much more than attacks performed by malicious individuals, such as events involving technical malfunction, environmental disasters or legal compliance problems.\"]}),/*#__PURE__*/t(\"p\",{children:[\"On another important note, part of containing a cybersecurity incident is to have an incident response communication plan to send appropriate notifications to management and critical third parties. It may contemplate media statement templates according to the severity of the impact, expected or already experienced. Templates save time and allow consistency. Your organization should have established channels and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/iso-iec-29147/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"disclosure policies\"})}),\" that permit the confidentiality that is required while handling communication of the incident. For example, the CSIRT may choose to prepare canned email messages to alert stakeholders (e.g., clients, users) and press release templates to inform the broader community. A strong communication plan \",/*#__PURE__*/e(o,{href:\"https://www.secureworld.io/resources/youve-been-breached.-now-what\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"can help\"})}),\" reduce anxiety in the public and sustain public trust, ultimately limiting the reputational costs.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Another piece of advice that you may hear quite often is that an incident response plan should be tested. Broadly speaking, rehearsals may \",/*#__PURE__*/e(o,{href:\"https://stephen-semmelroth.medium.com/learning-from-equifax-why-businesses-must-rehearse-incident-response-plan-e92cf024ce5f\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"point to gaps\"})}),\" in policy and technical implementations. Maybe the CSIRT can also find out that reporting chains were unclear, or there may be a clash between members due to uncertainty about who's got the last word. These can be corrected to enhance the plan.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Finally, your organization should train employees to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/human-security-sensor/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"detect\"})}),\" strange events and identify tactics of \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/social-engineering/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"social engineering\"})}),\" in emails and websites. Indeed, these are among the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/protection-recommendation-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"suggestions\"})}),\" sent out recently by the U.S. government in the light of a heightened possibility to suffer cyberattacks conducted by Russian threat actors.\"]}),/*#__PURE__*/e(\"h2\",{children:\"A preventive approach to cybersecurity as a requirement\"}),/*#__PURE__*/t(\"p\",{children:[\"Up until this point, it should be crystal clear that an incident response plan is necessary for every organization. Now, we would like to raise the point of moving beyond a responsive mindset by adopting a preventive approach to cybersecurity. What we mean by this is simple: Stop waiting for a cyberattack to happen to finally identify and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/risk-based-vulnerability-management\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"address the vulnerabilities\"})}),\" in your system!\"]}),/*#__PURE__*/e(\"p\",{children:'A constant, thorough understanding of your system\\'s security status is more than a \"nice\" thing to have. It is actually something that should be in place, which involves implementing security testing from the early stages of the software development lifecycle and through its entirety.'}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we help you with the task of adopting this preventive approach. Our red team actively finds and exploits your system's vulnerabilities, getting to them before malicious attackers do. \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Contact us\"})}),\"!\"]})]});export const richText14=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"Before Russia's invasion of Ukraine, we had already witnessed cyberattacks that made us \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cyberwar-ukraine/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"suspect a cyberwar.\"})}),\" It was on February 24, with Russian troops entering its neighboring country, that cyberattacks from one side to the other and system disruptions \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/timeline-new-cyberwar-russia-ukraine/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"began to be reported.\"})}),\" In addition, the Ukrainians' recruitment of volunteer hackers and cybersecurity specialists and the hacking groups supporting one side or the other were public actions. We started to see news of assaults in European countries close to Ukraine and the United States a few days later. As a result, the reports discussed in this blog post appeared: warnings and advice for prevention and protection against potential cyberattacks.\"]})});export const richText15=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"CISA's Shields Up\"}),/*#__PURE__*/t(\"p\",{children:[\"In late February, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned of possible malicious cyber activity by Russians against organizations of all sizes in the U.S. and allied countries in its \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/shields-up\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Shields Up campaign.\"})}),\" It emphasized their need to be prepared for attacks and protect their critical assets and requested that they report any such incidents to CISA. Among the advised actions, it began with those linked to reducing the likelihood of damage.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Among those recommendations were the following: (a) Have multi-factor authentication for remote access, especially privileged access, to the organization's network. (b) Ensure that the software components are up to date, mainly concerning the CISA's \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"catalog of known exploited vulnerabilities,\"})}),\" with 570 entries at the time of writing this post. (c) Check that ports and protocols that are not essential to the organization are disabled. (d) Implement security controls to defend against attacks targeting cloud services, following \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/uscert/ncas/analysis-reports/ar21-013a\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a guide CISA provided\"})}),\" early last year. (We invite you \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-cloud-shared-responsibility-model/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"to read a post\"})}),\" where we point out how confusion with the cloud shared responsibility model can mean trouble for your firm.) And finally, (e) use the free \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/cyber-hygiene-services\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CISA cyber hygiene service\"})}),\" for vulnerability identification.\"]}),/*#__PURE__*/e(\"p\",{children:\"In terms of intrusion detection, CISA highlighted the need to have a cybersecurity staff alert to any strange behavior on the organization's network. This is facilitated by enabling logging. Furthermore, CISA recommended the use of up-to-date antivirus or antimalware software. And, if there is contact with any Ukrainian sector, it advised to pay more attention to the traffic from there. Regarding the response to intrusion, this agency suggested having a crisis response team with well-defined roles and duties. It must have permanent availability and the means to provide emergency support. Besides, it should carry out incident simulation exercises within the organization.\"}),/*#__PURE__*/t(\"p\",{children:[\"Likewise, CISA provided advice on resilience to cyberattacks. First of all, the ability to restore critical data. It is vital to ensure that backups are separated from network connections. Another item is that, if operational technology is used, manual control tests should be performed to ensure that critical functions are not affected in an impact on the network. Finally, CISA gave \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/sites/default/files/publications/Focus_Areas_for_CEOs.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"corporate leaders advice\"})}),\" on their roles in their organizations' posture and about \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/sites/default/files/publications/Ransomware_Response_Checklist_508.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"response processes\"})}),\" to \",/*#__PURE__*/e(o,{href:\"https://www.cisa.gov/stopransomware/ransomware-guide\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ransomware attacks.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"The White House's Fact Sheet\"}),/*#__PURE__*/t(\"p\",{children:[\"A week ago, the Biden-Harris Administration on the White House website \",/*#__PURE__*/e(o,{href:\"https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/fact-sheet-act-now-to-protect-against-potential-cyberattacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"sent a message\"})}),\" that added to previous warnings, such as the aforementioned by CISA. In this fact sheet, they were clear that ongoing investigations suggest possible cyberattacks from Russia on the U.S. Especially due to the economic sanctions that Putin's nation has received since the invasion of Ukraine. They talked about the current modernization of their government defenses. They also referred to action plans to reinforce cybersecurity in the water and electricity sectors. Likewise, they reported on a broad international alliance to detect and disrupt \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-cloud-shared-responsibility-model/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ransomware\"})}),\" threats.\"]}),/*#__PURE__*/e(\"p\",{children:\"As the U.S. Administration stated, their work has been accelerated since the end of 2021. They were sending several warnings to the country's firms to be aware of possible threats and to be able to defend themselves and respond to cyberattacks. In the fact sheet, they reminded us that much of the critical infrastructure in the U.S. is owned and operated by the private sector. And they emphasized specific steps to be followed by companies in terms of cybersecurity.\"}),/*#__PURE__*/t(\"p\",{children:[\"Similar to the CISA's report, the U.S. Administration began by stressing the value of multi-factor authentication. In general terms, they recommended deploying tools for threat identification and mitigation. They suggested keeping systems patched and protected against known vulnerabilities. Furthermore, they advised changing passwords, something we should all be doing \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-password-cracking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"frequently.\"})}),\" Additionally, they also recommended crucial offline backups and crisis simulation exercises.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Further on, they mentioned something quite relevant, different from what we saw in the previous report: encrypting data so that it cannot be used by criminals if stolen. Another of their suggested steps was to educate employees about attacker tactics in email and websites. (See \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-social-engineering/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"this post\"})}),\" to get an idea.) This, in addition to urging them to report difficulties and unusual behavior on their systems. (Look at \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/human-security-sensor/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"this post\"})}),\".) At the end of these first steps, the White House recommended that companies proactively engage in interaction with CISA and FBI offices and the resources they offer.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Lastly, in the interest of greater cybersecurity in the long term, the Administration offered some suggestions to technology and software firms. On the one hand, they invited companies to develop software in highly secure systems. On the other hand, as recommended by Fluid Attacks, they suggested the integration of security from the beginning of product development. (See the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-devsecops/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DevSecOps methodology\"})}),\".) Related to this, they recommended employing scanning tools for the early identification of known vulnerabilities. (Fluid Attacks' ethical hackers can complement such tools to report more complex vulnerabilities and reduce false positives and negatives.) The remediation process can be faster and less costly when feedback to developers occurs in phases prior to software deployment. Additionally, they underscored the need for developers to always know and record the origin of the components they use. Many of which are open-source code.\"]}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we recognize the value of these general recommendations, many of which we have shared on different occasions. From our end, we urge you to always resort to the preventive act and not wait to be the victim of a successful cyberattack. Looking for vulnerabilities with services such as our Continuous Hacking and remediating them asap can greatly protect the privacy and assets of your company and your clients or users. Don't hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us\"})}),\"!\"]})]});export const richText16=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"If you follow our blog, you probably know that we are all about keeping open-source libraries updated. Development teams use these libraries to develop software, so they don't need to start from scratch. Depending on the language in which it is written, most software uses dozens, hundreds or even thousands of open-source libraries. Our post about the newest \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/owasp-top-10-2021/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP Top 10\"})}),\" reported how using vulnerable and outdated components represents a bigger threat nowadays. What follows is that teams need to establish processes to manage their open-source libraries efficiently.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To no one's surprise, developers have found a way to make their work easier by using package managers. We are talking about systems or tools that help them automate processes related to managing third-party open-source libraries. These processes include installation, upgrade and configuration. What \",/*#__PURE__*/e(\"em\",{children:\"is\"}),\" surprising is that recently, and concurrently, \",/*#__PURE__*/e(\"strong\",{children:\"eight\"}),\" popular open-source package managers were reported to have vulnerabilities.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The recent \",/*#__PURE__*/e(o,{href:\"https://blog.sonarsource.com/securing-developer-tools-package-managers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"discovery\"})}),\" was made by researchers at code security solutions provider Sonar. On March 8, they listed the names, versions, CVE IDs and whether there's already a patch. The affected package managers are \",/*#__PURE__*/e(o,{href:\"https://getcomposer.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Composer\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://bundler.io/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Bundler\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://bower.io/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Bower\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://python-poetry.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Poetry\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://yarnpkg.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Yarn\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://pnpm.io/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"pnpm\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://pip.pypa.io/en/stable/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"pip\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://pipenv.pypa.io/en/latest/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Pipenv\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:\"PHP, Ruby, Python, JavaScript, HTML, CSS, you name it! Developers must examine libraries in these languages cautiously when intending to use them with their package managers.\"})]});export const richText17=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Those vulnerable to command or argument injections\"}),/*#__PURE__*/t(\"p\",{children:[\"The vulnerability in Composer, for libraries written in the PHP language, is quite critical, with a CVSS v3 score of \",/*#__PURE__*/e(o,{href:\"https://nvd.nist.gov/vuln/detail/CVE-2021-41116\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"9.8\"})}),\". This package manager's vulnerable versions fail to properly neutralize special elements used in a command. So, a threat actor can execute a command of their choosing by injecting malicious new items into an existing command. This is a \",/*#__PURE__*/e(o,{href:\"https://capec.mitre.org/data/definitions/248.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"command injection attack\"})}),\" that results in modifying the interpretation away from what the victim originally intended.\"]}),/*#__PURE__*/t(\"p\",{children:[\"The flaw (\",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41116\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-41116\"})}),\") is present in the \",/*#__PURE__*/e(\"code\",{children:\"browse\"}),\" command when running Composer on Windows machines. This command can open a package's source and documentation. Users need to type the name of the package as the argument, and the command will open the URL of that package's homepage. At least it seems. Because this URL can be corrupted by a threat actor to execute several other commands. This includes downloading payloads in the background. The attacker needs to phish the victim into using the package for all this to happen, though. The researchers \",/*#__PURE__*/e(o,{href:\"https://blog.sonarsource.com/securing-developer-tools-package-managers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"recommend\"})}),\" running commands with argument lists and using reliable escaping functions. This would restrict customization, reducing the risk of suffering an attack.\"]}),/*#__PURE__*/e(\"p\",{children:\"Moving on to a somewhat similar kind of attack: Vulnerable versions of Bundler, a package manager for application dependencies in Ruby, and Poetry, a manager for those written in Python, don't properly neutralize the argument delimiters in a command. Poetry fixed this issue in version 1.1.9, but the researchers shared little information about it and the CVE is pending. So, to understand what kind of attack could exploit vulnerabilities in both managers, we'll use the available information regarding Bundler's.\"}),/*#__PURE__*/t(\"p\",{children:[\"The severity of Bundler's vulnerability (\",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43809\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-43809\"})}),\") is high, with a CVSS v3 score of \",/*#__PURE__*/e(o,{href:\"https://nvd.nist.gov/vuln/detail/CVE-2021-43809\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"7.3\"})}),\". When victims invoke \",/*#__PURE__*/e(\"code\",{children:\"git\"}),\" commands, that allows interpreting several user-controlled arguments that could be maliciously crafted. What attackers could do is create a Gemfile (i.e., a file that describes the libraries —gems— used in a program) declaring a dependency that is located in a Git repository. But also \",/*#__PURE__*/e(o,{href:\"https://capec.mitre.org/data/definitions/6.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"injecting arguments\"})}),\" that would fool Bundler into executing malware. Again, attackers need to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phish\"})}),\" the victim; in this scenario, into using the malicious Gemfile. As it requires considerable user interaction, exploitation is not as easy as in the relatively straightforward command injection, making it less critical.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Most have an untrusted search path weakness\"}),/*#__PURE__*/t(\"p\",{children:[\"Imagine a person gives you the exact route to where they ask you to go. Now imagine another scenario: This person doesn't give you any clue other than the name of the destination, say, a Starbucks. When the destination could be any of many, there's confusion. Let's get back to package managers: If you don't specify the path to a file you want to run in the command, the operating system will have to look for it only by its name. Supposedly safe locations are stored in a variable called \",/*#__PURE__*/e(\"code\",{children:\"PATH\"}),\". Most operating systems will look for the file there, but Windows will look first at the current working directory and then \",/*#__PURE__*/e(\"code\",{children:\"PATH\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"What is considered an \",/*#__PURE__*/e(o,{href:\"https://cwe.mitre.org/data/definitions/426.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"untrusted search path\"})}),\" weakness is present in Yarn, which manages libraries written in JavaScript. The vulnerability in versions up to 1.22.13 allows fetching a file that is outside \",/*#__PURE__*/e(\"code\",{children:\"PATH\"}),'. If the working directory has an untrusted file with the same name referenced in the command, that means trouble. The researchers mention the possibility of a victim trying to fetch a library from a Git repository by typing only \"git\" without its path, and there being a malicious git.exe file in the working directory. This would cause Yarn to fetch the malicious file.']}),/*#__PURE__*/t(\"p\",{children:[\"The untrusted search path weakness was also discovered in Bower (\",/*#__PURE__*/e(o,{href:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43796\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-43796\"})}),\"; affecting libraries in HTML, CSS and JavaScript), pnpm (JavaScript), pip (Python) and Pipenv (Python). But also in Composer and Poetry.\"]}),/*#__PURE__*/t(\"p\",{children:[\"pip and Pipenv decided not to fix this issue. \",/*#__PURE__*/e(o,{href:\"https://blog.sonarsource.com/securing-developer-tools-package-managers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Reportedly\"})}),', because \"there are several other ways [...] an attacker could gain code execution in the same attack scenario.\" Composer didn\\'t have this scenario in their threat model, so they chose not to address it. But the rest did address it. Yarn, for example, now uses a command called ',/*#__PURE__*/e(\"code\",{children:\"where\"}),\" and allows the search to be done only in locations defined in \",/*#__PURE__*/e(\"code\",{children:\"PATH\"}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"Be wary of your library choices\"}),/*#__PURE__*/t(\"p\",{children:[\"What's most interesting about the vulnerabilities we addressed in this post is that developers have to be tricked into fetching malicious libraries. Attackers have to rely on \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/social-engineering/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"social engineering\"})}),\" or sneak malicious files into a trusted codebase. This could sound like a relief, but, in earnest, this whole situation highlights the importance of developers being aware of the libraries they're using and how they behave. It also wouldn't hurt to learn \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/choosing-open-source/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"some indicators\"})}),\" to have in mind when choosing open-source. All the while, let's remember what's key: Upgrade! Upgrade! Upgrade!\"]}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we help you ensure that the libraries you use in your software have no vulnerabilities. Have you heard about our \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"secure code review\"})}),\" \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"solution\"})}),\"? \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Contact us\"})}),\"!\"]})]});export const richText18=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"It has been a month since I made a particular reference to the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cyberwar-ukraine/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"conflict in Ukraine\"})}),\" on this blog. \",/*#__PURE__*/e(o,{href:\"https://www.cfr.org/global-conflict-tracker/conflict/conflict-ukraine\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"A conflict\"})}),\" that erupted back in 2014, and that at this time is increasingly worrisome. Although we had seen reports of new cyberattacks on Ukrainians attributed to the Russians this year, the invasion of troops was merely a contingency. However, it was on February 24 that, to the surprise of many, such an invasion, from different fronts and on a large scale, became a reality.\"]}),/*#__PURE__*/t(\"p\",{children:[\"As I write these words, it is said that \",/*#__PURE__*/e(o,{href:\"https://www.dw.com/en/ukraine-number-of-refugees-reaches-2-million-un-says/a-61048556\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"about 2 million people\"})}),\" have already fled Ukraine and that \",/*#__PURE__*/e(o,{href:\"https://www.cnbc.com/2022/03/10/russia-invasion-killed-549-civilians-in-ukraine-united-nations-says.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"at least 549 civilians\"})}),\" have been killed. Nonetheless, it appears that this figure may be considerably higher. Such events might \",/*#__PURE__*/e(o,{href:\"https://www.cnbc.com/2022/03/07/russia-ukraine-war-us-collecting-evidence-of-possible-war-crimes-nbc-reports.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"constitute war crimes\"})}),\" and human rights violations. Unfortunately, the bombardments continue, and the militaries of both sides are engaged in firefights. The Russian forces are indeed advancing \",/*#__PURE__*/e(o,{href:\"https://www.nytimes.com/2022/03/06/world/europe/russia-ukraine-invasion.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"at a slow pace.\"})}),\" But it seems that they will do \",/*#__PURE__*/e(o,{href:\"https://www.dw.com/en/ukraine-rejects-humanitarian-corridors-that-lead-to-russia-live-updates/a-61036513\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"everything in their power\"})}),\" to push into the capital, Kyiv, and take control of it.\"]}),/*#__PURE__*/e(\"p\",{children:\"As you may know, it is not within our purposes here to delve into this type of issue but instead in those that have to do with cybersecurity. In fact, in that previously mentioned post, I had pointed out cyberattacks that the Ukrainians had received a few years ago, apparently from the Russians. Then I emphasized one of the most recent attacks that occurred in mid-January. A destructive malware called WhisperGate, present in systems of Ukrainian organizations and governmental entities, came to light. Now, the question is, what has happened in terms of cybersecurity since late last month when the horror of the invasion began to materialize?\"})]});export const richText19=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"February 23\"}),/*#__PURE__*/t(\"p\",{children:[\"Shortly before the invasion of Russian troops began, there was a series of DDoS (distributed denial-of-service) attacks against websites of some Ukrainian \",/*#__PURE__*/e(o,{href:\"https://cip.gov.ua/en/news/chergova-kiberataka-na-saiti-derzhavnikh-organiv-ta-banki\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"government and banking institutions.\"})}),\" Hours later, \",/*#__PURE__*/e(o,{href:\"https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ESET's research team\"})}),\" reported the discovery of a new data wiper malware. This one, dubbed HermeticWiper, hit hundreds of computers of organizations in that country. (\",/*#__PURE__*/e(o,{href:\"https://therecord.media/second-data-wiper-attack-hits-ukraine-computer-networks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"It seems that\"})}),\" this malware behaves just like WhisperGate does. It damages both local data and the master boot record of the hard drive.) Then, \",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Reuters said that\"})}),\" the infections had already reached nations such as Latvia and Lithuania and that Russia denied the allegations of such attacks. As if that weren't enough, \",/*#__PURE__*/e(o,{href:\"https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Microsoft's Threat Intelligence Center\"})}),\" ended up detecting another malware package in operation against Ukraine called FoxBlade.\"]}),/*#__PURE__*/e(\"h2\",{children:\"February 24\"}),/*#__PURE__*/t(\"p\",{children:[\"Russia officially declared war on Ukraine. Mysteriously, hours after the invasion commenced, some of the Russian government websites became \",/*#__PURE__*/e(o,{href:\"https://www.vice.com/en/article/bvnpnv/russian-government-websites-are-currently-down\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"inaccessible to the public.\"})}),\" \",/*#__PURE__*/e(o,{href:\"https://edition.cnn.com/europe/live-news/ukraine-russia-news-02-24-22-intl/h_e0d16b404e39c4f6bbbb337fe2e4f1a1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"This was associated\"})}),\" with both possible attacks and preventive measures. As for the Ukrainian government, \",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/world/exclusive-ukraine-calls-hacker-underground-defend-against-russia-2022-02-24/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it reportedly began\"})}),\" calling for volunteer hackers and cybersecurity experts on forums. These would have the missions to help defend critical infrastructure (e.g., water systems and power plants) and conduct cyber espionage operations against Russian forces. All at once, \",/*#__PURE__*/e(o,{href:\"https://www.bitdefender.com/blog/hotforsecurity/ukraine-calls-for-volunteer-hackers-to-protect-its-critical-infrastructure-and-spy-on-russian-forces/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the doubt arose\"})}),\" that people supporting the Russian purpose would start to apply, seeing a new chance for an onslaught. Additionally, \",/*#__PURE__*/e(o,{href:\"https://therecord.media/russia-or-ukraine-hacking-groups-take-sides/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"hacking groups began\"})}),\" to make it known whether they were on the side of Ukraine or Russia.\"]}),/*#__PURE__*/e(\"h2\",{children:\"February 25\"}),/*#__PURE__*/t(\"p\",{children:[\"Members of the \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/anonymous-hacktivists-ransomware-groups-get-involved-in-ukraine-russia-conflict/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"hacktivist group Anonymous\"})}),\" (pro-Ukrainian in this war) \",/*#__PURE__*/e(o,{href:\"https://twitter.com/PucksReturn/status/1497203850717155341\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"defaced government websites\"})}),\" in Russia, posting messages from the Ukrainian president. Apparently, they claimed to be responsible for disabling other sites, including that of the Russian \",/*#__PURE__*/e(o,{href:\"https://twitter.com/RT_com/status/1497126724882030597\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"news outlet RT\"})}),\". On the other hand, the fact that the Conti gang, responsible for quite \",/*#__PURE__*/e(o,{href:\"https://www.csoonline.com/article/3638056/conti-ransomware-explained-and-why-its-one-of-the-most-aggressive-criminal-groups.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"hostile ransomware operations,\"})}),\" offered its support \",/*#__PURE__*/e(o,{href:\"https://www.csoonline.com/article/3651498/conti-gang-says-its-ready-to-hit-critical-infrastructure-in-support-of-russian-government.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"to the Russian government\"})}),\" stood out. In addition, a warning that phishing attacks have already occurred appeared \",/*#__PURE__*/e(o,{href:\"https://twitter.com/dsszzi/status/1497103078029291522\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"on the Twitter account\"})}),\" of the State Service of Special Communications and Information of Ukraine. Another attack of this type, especially against military personnel of this country, was reported \",/*#__PURE__*/e(o,{href:\"https://www.facebook.com/story.php?story_fbid=312939130865352&id=100064478028712\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"in another media.\"})})]}),/*#__PURE__*/e(\"h2\",{children:\"February 27-8\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://intelx.io/?did=51fbf19b-91f5-4d2d-b4e7-504477ebe916\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Internal chats\"})}),\" of the Conti gang from January 29, 2021, to this day were leaked, \",/*#__PURE__*/e(o,{href:\"https://therecord.media/conti-ransomware-gang-chats-leaked-by-pro-ukraine-member/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"apparently by\"})}),\" a member of the group. Allegedly, the stance and messages of the gang's leader on the present war upset its Ukrainian members. Hence, one of them hacked Conti's internal \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/XMPP\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Jabber/XMPP server.\"})}),\" (See a detailed analysis of these chats \",/*#__PURE__*/e(o,{href:\"https://krebsonsecurity.com/?s=conti+ransomware+group+diaries\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"here).\"})}),\" Curiously, \",/*#__PURE__*/e(o,{href:\"https://grahamcluley.com/play-for-ukraine-game-aims-to-knock-russian-websites-offline/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"these days\"})}),\" also in favor of Ukraine, \",/*#__PURE__*/e(o,{href:\"https://playforukraine.live/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"a website appeared\"})}),\" with the sliding tile puzzle \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/2048_(video_game)\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"2048.\"})}),\" According to its developers, simply by playing, users can contribute to overload and knock websites serving the Russian army offline. Meanwhile, \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/ukraine-security-agency-warns-of-ghostwriter-threat-group-activity-phishing-campaigns/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"warnings about phishing campaigns continued.\"})}),\" In this case, these were fake messages about evacuations for Ukrainians. Besides, another Russian news outlet, TASS, suffered a cyberattack that temporarily interrupted the activity of its website.\"]}),/*#__PURE__*/e(\"h2\",{children:\"March 1\"}),/*#__PURE__*/t(\"p\",{children:[\"By this time, there were already \",/*#__PURE__*/e(o,{href:\"https://www.csoonline.com/article/3651535/rash-of-hacktivism-incidents-accompany-russia-s-invasion-of-ukraine.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"about 200,000 users\"})}),\" in the newly created space of the \",/*#__PURE__*/e(o,{href:\"https://t.me/itarmyofukraine2022\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"IT ARMY of Ukraine.\"})}),\" In a continuous search for volunteers, this site was intended for the coordination of defense and attack operations. On this day, phishing attacks associated with a previous campaign (see February 25 on this post) \",/*#__PURE__*/e(o,{href:\"https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"were mentioned.\"})}),\" These attacks targeted European government personnel assisting refugees from this war. It seems that these attacks were carried out using a compromised Ukrainian military email account and may have been sponsored by the Belarusian government. For its part, the \",/*#__PURE__*/e(o,{href:\"https://nypost.com/2022/03/01/russian-cyber-attacks-against-us-banks-increasing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"New York Post reported that\"})}),\" Russia appeared to have officially declared cyberwar on the U.S. after the latter began to see a significant increase in cyberattacks against its banking sector.\"]}),/*#__PURE__*/e(\"h2\",{children:\"March 4-6\"}),/*#__PURE__*/t(\"p\",{children:[\"Microsoft, the giant corporation that in late February decided to enter the war to help protect Ukraine's cybersecurity, announced the \",/*#__PURE__*/e(o,{href:\"https://blogs.microsoft.com/on-the-issues/2022/03/04/microsoft-suspends-russia-sales-ukraine-conflict/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"suspension of sales\"})}),\" of its products and services in Russia. (Apple previously \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/apple-pauses-all-product-sales-in-russia-limits-apple-pay/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"suspended sales too.)\"})}),\" Meanwhile, the Russian communications agency Roskomnadzor informed \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/russia-blocks-access-to-facebook/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"blocking access to Facebook.\"})}),\" This would partly isolate Russian citizens and limit their opinion. The same \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/russia-bans-walkie-talkie-app-zello/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"agency then banned\"})}),\" the U.S. walkie-talkie communication app Zello. This decision was due to the alleged dissemination of false information about the invasion of Ukraine. On the other hand, the cryptocurrency firm Coinbase \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/coinbase-blocks-25000-russian-linked-accounts-and-promotes-crypto-over-fiat-for-sanctions/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"announced the blocking\"})}),\" of more than 25,000 accounts linked to Russia. Coinbase considered that these were carrying out illicit actions.\"]}),/*#__PURE__*/e(\"h2\",{children:\"March 7\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/phishing-attempts-from-fancybear-and-ghostwriter-stepping-up-says-google/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Google's Threat Analysis Group\"})}),\" published \",/*#__PURE__*/e(o,{href:\"https://blog.google/threat-analysis-group/update-threat-landscape-ukraine/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"An update on the threat landscape,\"'})}),\" in which they highlighted the criminal activities of several gangs. For example, they attributed phishing campaigns against a Ukrainian media firm to the apparently Russian group FancyBear. They said the Ghostwriter group attacked the government and armed forces of Poland and Ukraine. They also reported the Chinese group Mustang Panda partially shifted its focus to European targets. Finally, Google noted that Ukrainian government websites were still receiving DDoS attacks. They will continue providing their free protection service, with \",/*#__PURE__*/e(o,{href:\"https://projectshield.withgoogle.com/landing\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"their Project Shield,\"})}),\" against this type of threat.\"]}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we recognize that this cyberwar can lead to adverse outcomes in multiple corners of the globe. That's why we recommend you pay close attention to your organization's cybersecurity so that you are adequately prepared for any blow. Do not hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us\"})}),\" to discover our preventive \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"solutions\"})}),\".\"]})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText15\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText19\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText16\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText17\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText18\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],"mappings":"+WACa,AADb,GAAkD,IAA8B,IAAuC,IAAwB,CAAa,EAAsB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sCAAmD,EAAEA,EAAE,CAAC,KAAK,sGAAsG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,8IAA2J,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,maAAgb,EAAED,EAAE,CAAC,KAAK,wGAAwG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,kFAAmF,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4aAAyb,EAAE,KAAK,CAAC,SAAS,oFAAqF,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,6CAA8C,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6fAA8f,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,2CAA2C,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,2HAAwI,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,mDAAoD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0eAA2e,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+YAAgZ,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kWAA+W,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4eAA6e,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,iCAAkC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4WAA6W,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wBAAyB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wHAAyH,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,8DAA+D,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,uDAAwD,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,yGAA0G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,qEAAsE,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,iFAAkF,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,6CAA8C,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,+DAAgE,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,+EAAgF,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,yCAA0C,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,sBAAuB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kLAAmL,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,2GAAwH,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,wBAAyB,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,wHAAyH,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,oGAAqG,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,6DAA8D,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,0GAA2G,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,qBAAsB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,qFAAsF,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,wJAAyJ,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8BAA+B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qFAAkG,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,6IAA0J,EAAED,EAAE,CAAC,KAAK,wCAAwC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,qHAAkI,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,CAAC,MAAmB,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,UAAW,EAAC,CAAC,kPAAmP,CAAC,EAAC,CAAc,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,IAAiB,EAAE,SAAS,CAAC,SAAS,CAAc,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAC,OAAQ,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,4RAAuU,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,+RAA+S,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAe,EAAC,AAAC,EAAC,CAAC,mJAAgK,EAAED,EAAE,CAAC,KAAK,6FAA6F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,uYAA0Z,EAAED,EAAE,CAAC,KAAK,qEAAqE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,iRAA0S,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,SAAa,CAAC,EAAC,AAAC,EAAC,CAAC,iDAA8D,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,mCAA6C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gSAAmT,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAC,qHAAkI,EAAED,EAAE,CAAC,KAAK,0EAA0E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,MAAmB,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,wIAA2J,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,0NAA6O,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,0FAA2F,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,smBAAkoB,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,uRAA0S,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8MAA8N,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAAgC,EAAC,AAAC,EAAC,CAAC,oFAAuG,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,oZAAia,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0EAA0F,EAAE,SAAS,CAAC,SAAS,+BAAmC,EAAC,CAAC,uSAA6T,EAAE,SAAS,CAAC,SAAS,qBAAyB,EAAC,CAAC,0KAA2K,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,geAAsf,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,yDAAsE,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,sfAAkhB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+0BAAi3B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8oBAAyrB,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,qEAAkF,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,oDAA0E,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,6BAA6C,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAsB,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gBAA6B,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,qFAAkG,EAAE,KAAK,CAAC,SAAS,wDAA4D,EAAC,CAAC,kBAA+B,EAAE,KAAK,CAAC,SAAS,oBAAwB,EAAC,CAAC,sLAAmM,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,wCAAyC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0EAAuF,EAAED,EAAE,CAAC,KAAK,wHAAwH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,mhBAAohB,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,uCAAwC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,mGAAmG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,+YAA8Z,EAAED,EAAE,CAAC,KAAK,oJAAoJ,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,8LAA+L,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,UAAuB,EAAED,EAAE,CAAC,KAAK,wHAAwH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,iXAAkX,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oPAAqP,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yCAA0C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4EAAyF,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,4SAA8S,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oXAAiY,EAAED,EAAE,CAAC,KAAK,gDAAgD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,WAAY,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wCAAyC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sMAAmN,EAAED,EAAE,CAAC,KAAK,4FAA4F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,6LAA8L,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+WAAgX,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,uhBAAwhB,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uCAAwC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wnBAA2nB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0LAAuM,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,YAAyB,EAAED,EAAE,CAAC,KAAK,oFAAoF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,2CAA4C,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,qLAAkM,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,2OAA4O,CAAC,EAAC,AAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,4BAA6B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,gCAA6C,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,iIAA8I,EAAED,EAAE,CAAC,KAAK,8BAA8B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,gKAA6K,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,+RAAkT,EAAED,EAAE,CAAC,KAAK,4BAA4B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,2FAAwG,EAAED,EAAE,CAAC,KAAK,iIAAiI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,uJAAwJ,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,4BAA4B,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,mGAAgH,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,4UAAyV,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,mIAAgJ,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,4DAAyE,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,+KAAsL,CAAC,EAAC,CAAc,EAAE,aAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,0FAA2F,EAAC,AAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,8GAA2H,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,iIAAiI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,+SAA4T,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,2KAAwL,EAAED,EAAE,CAAC,KAAK,gIAAgI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,yWAA0W,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,gIAAgI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,0OAAuP,EAAED,EAAE,CAAC,KAAK,+HAA+H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,2jBAA4jB,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,6VAA6V,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,MAAO,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kFAA+F,EAAED,EAAE,CAAC,KAAK,qFAAqF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,sRAAmS,EAAED,EAAE,CAAC,KAAK,6IAA6I,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,8EAA2F,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,sVAAmW,EAAED,EAAE,CAAC,KAAK,2HAA2H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,+OAAgP,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,2HAA2H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,sgBAAugB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qBAAkC,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,iKAAiL,EAAED,EAAE,CAAC,KAAK,wGAAwG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,gMAA6M,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,+FAA4G,EAAED,EAAE,CAAC,KAAK,8HAA8H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,iRAAkR,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,qBAAqB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,eAAgB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gIAA6I,EAAED,EAAE,CAAC,KAAK,4HAA4H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,uBAAoC,EAAED,EAAE,CAAC,KAAK,iIAAiI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,0IAAuJ,EAAED,EAAE,CAAC,KAAK,gIAAgI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,0EAAuF,EAAED,EAAE,CAAC,KAAK,wFAAwF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,iFAAkF,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yJAAsK,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,iDAA8D,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,iIAAkI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,wKAAqL,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,4DAA6D,CAAC,EAAC,AAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,6BAA8B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,UAAuB,EAAED,EAAE,CAAC,KAAK,iHAAiH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,6IAA0J,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,mHAAgI,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,2BAAwC,EAAED,EAAE,CAAC,KAAK,iDAAiD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,kGAA+G,EAAED,EAAE,CAAC,KAAK,6DAA6D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,+HAAgI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,6MAA0N,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,uFAAoG,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,gFAA6F,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,uFAAoG,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,4KAA6K,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiD,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,uPAAoQ,EAAED,EAAE,CAAC,KAAK,oFAAoF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,oLAAiM,EAAED,EAAE,CAAC,KAAK,kGAAkG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,0GAA2G,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kMAA+M,EAAED,EAAE,CAAC,KAAK,mCAAmC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,YAAyB,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,8BAA+B,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8BAA+B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+DAA4E,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,gIAA6I,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,yZAAwa,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,0BAAuC,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,8FAA+F,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6BAA0C,EAAED,EAAE,CAAC,KAAK,4HAA4H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,kEAA+E,EAAED,EAAE,CAAC,KAAK,kBAAkB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,IAAK,EAAC,AAAC,EAAC,CAAC,iVAAkV,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wJAAqK,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,wEAAqF,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,8MAA2N,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,iFAA8F,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,kFAA+F,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kHAAmH,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,6BAA8B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,iGAAiG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,gEAA6E,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,yGAAsH,EAAED,EAAE,CAAC,KAAK,qIAAqI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,mSAAoS,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0EAAuF,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,yEAAsF,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,mYAAoY,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,eAAe,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wVAAyV,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8IAA2J,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,sBAAmC,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,6CAA0D,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,4IAAyJ,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uIAAoJ,EAAED,EAAE,CAAC,KAAK,8BAA8B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,qKAAsK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0SAAuT,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,mNAAgO,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wJAAyJ,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,uCAAwC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+IAA4J,EAAED,EAAE,CAAC,KAAK,8BAA8B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,+BAA4C,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,eAAgB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6VAA8V,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kMAA+M,EAAED,EAAE,CAAC,KAAK,qCAAqC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,oEAAqE,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gSAA6S,EAAED,EAAE,CAAC,KAAK,8CAA8C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gZAAiZ,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mpBAAopB,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,mBAAmB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,2EAAwF,EAAED,EAAE,CAAC,KAAK,gDAAgD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,6BAA8B,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wGAAyG,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yDAA0D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6JAA0K,EAAED,EAAE,CAAC,KAAK,4BAA4B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,2BAA2B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,6PAA8P,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wFAAqG,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wCAAyC,EAAC,AAAC,EAAC,CAAC,yLAAsM,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,oPAAqP,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gqBAAiqB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yDAA0D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,qCAAkD,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,4TAA6T,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gUAAiU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mDAAgE,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,yEAAsF,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,oHAAqH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,QAAqB,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,OAAQ,EAAC,CAAC,4GAA6G,CAAC,EAAC,CAAc,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,0CAAuD,EAAE,SAAS,CAAC,SAAS,CAAc,EAAE,KAAK,CAAE,EAAC,CAAc,EAAE,KAAK,CAAE,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAC,OAAQ,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qEAAkF,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,yJAA0J,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gBAA6B,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,oTAAkU,EAAE,KAAK,CAAC,SAAS,IAAK,EAAC,CAAC,0BAAuC,EAAE,KAAK,CAAC,SAAS,MAAO,EAAC,CAAC,UAAuB,EAAE,KAAK,CAAC,SAAS,MAAO,EAAC,CAAC,sCAAuC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iNAA8N,EAAED,EAAE,CAAC,KAAK,qHAAqH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,qJAAsJ,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,iDAAkD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,eAA4B,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,+NAA4O,EAAED,EAAE,CAAC,KAAK,8HAA8H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,iWAAkW,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uFAAoG,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,+MAA4N,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,+HAAgI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mFAAgG,EAAED,EAAE,CAAC,KAAK,4GAA4G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,iMAA8M,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,+GAA4H,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,sFAAuF,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kQAA+Q,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,wdAAyd,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kaAA+a,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,4SAAyT,EAAED,EAAE,CAAC,KAAK,qEAAqE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,qGAAsG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8IAA2J,EAAED,EAAE,CAAC,KAAK,+HAA+H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,uPAAwP,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wDAAqE,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,wDAAqE,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,+IAAgJ,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yDAA0D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wVAAqW,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,kBAAmB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,+RAAiS,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4MAAyN,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,2FAAwG,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,qJAAkK,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,8aAA+a,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,mBAAoB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uNAAoO,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,+OAAgP,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6PAA0Q,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6CAA8C,EAAC,AAAC,EAAC,CAAC,iPAA8P,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,oCAAiD,EAAED,EAAE,CAAC,KAAK,+FAA+F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,+IAA4J,EAAED,EAAE,CAAC,KAAK,8CAA8C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,oCAAqC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,wqBAAyqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qYAAkZ,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,6DAA0E,EAAED,EAAE,CAAC,KAAK,8FAA8F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8BAA+B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0EAAuF,EAAED,EAAE,CAAC,KAAK,wIAAwI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,siBAAmjB,EAAED,EAAE,CAAC,KAAK,+FAA+F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,WAAY,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,sdAAud,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sXAAmY,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,+FAAgG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0RAAuS,EAAED,EAAE,CAAC,KAAK,gFAAgF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,6HAA0I,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,0KAA2K,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6XAA0Y,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,+hBAAgiB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0cAAud,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2WAAwX,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,uMAAwM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+SAA4T,EAAE,KAAK,CAAC,SAAS,IAAK,EAAC,CAAC,mDAAgE,EAAE,SAAS,CAAC,SAAS,OAAQ,EAAC,CAAC,8EAA+E,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,cAA2B,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,mMAAgN,EAAED,EAAE,CAAC,KAAK,2BAA2B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,sBAAsB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,oBAAoB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,6BAA6B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,uBAAuB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,mBAAmB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,iCAAiC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,gLAAiL,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,oDAAqD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wHAAqI,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,gPAA6P,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,8FAA+F,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,aAA0B,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,uBAAoC,EAAE,OAAO,CAAC,SAAS,QAAS,EAAC,CAAC,2fAAwgB,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,2JAA4J,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,ogBAAqgB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4CAAyD,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,sCAAmD,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,yBAAsC,EAAE,OAAO,CAAC,SAAS,KAAM,EAAC,CAAC,kSAA+S,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,6EAA0F,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,6NAA8N,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,6CAA8C,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6eAA0f,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,gIAA6I,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,mKAAgL,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,qXAAsX,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oEAAiF,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,2IAA4I,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iDAA8D,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,0RAAwS,EAAE,OAAO,CAAC,SAAS,OAAQ,EAAC,CAAC,kEAA+E,EAAE,OAAO,CAAC,SAAS,MAAO,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,iCAAkC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kLAA+L,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,mQAAgR,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,kHAAmH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sIAAmJ,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kEAA+E,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,kBAA+B,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,kXAAmX,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,wFAAwF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,uCAAoD,EAAED,EAAE,CAAC,KAAK,2GAA2G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,6GAA0H,EAAED,EAAE,CAAC,KAAK,oHAAoH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,+KAA4L,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,2GAA2G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,0DAA2D,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,yoBAA0oB,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8JAA2K,EAAED,EAAE,CAAC,KAAK,uFAAuF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,qJAAkK,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,qIAAkJ,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,+JAA4K,EAAED,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wCAAyC,EAAC,AAAC,EAAC,CAAC,2FAA4F,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+IAA4J,EAAED,EAAE,CAAC,KAAK,wFAAwF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,IAAiB,EAAED,EAAE,CAAC,KAAK,gHAAgH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,yFAAsG,EAAED,EAAE,CAAC,KAAK,6GAA6G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,+PAA4Q,EAAED,EAAE,CAAC,KAAK,wJAAwJ,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,yHAAsI,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,uEAAwE,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kBAA+B,EAAED,EAAE,CAAC,KAAK,iHAAiH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,gCAA6C,EAAED,EAAE,CAAC,KAAK,6DAA6D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,kKAA+K,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,4EAAyF,EAAED,EAAE,CAAC,KAAK,mIAAmI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,wBAAqC,EAAED,EAAE,CAAC,KAAK,2IAA2I,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,2FAAwG,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,gLAA6L,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,eAAgB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,sEAAmF,EAAED,EAAE,CAAC,KAAK,oFAAoF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,8KAA2L,EAAED,EAAE,CAAC,KAAK,qCAAqC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,4CAAyD,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,eAA4B,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,8BAA2C,EAAED,EAAE,CAAC,KAAK,+BAA+B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,kDAAkD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,qJAAkK,EAAED,EAAE,CAAC,KAAK,uHAAuH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8CAA+C,EAAC,AAAC,EAAC,CAAC,wMAAyM,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiD,EAAED,EAAE,CAAC,KAAK,qHAAqH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,sCAAmD,EAAED,EAAE,CAAC,KAAK,mCAAmC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,0NAAuO,EAAED,EAAE,CAAC,KAAK,oIAAoI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,yQAAsR,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,oKAAqK,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0IAAuJ,EAAED,EAAE,CAAC,KAAK,yGAAyG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,8DAA2E,EAAED,EAAE,CAAC,KAAK,2FAA2F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,uEAAoF,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,iFAA8F,EAAED,EAAE,CAAC,KAAK,qEAAqE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,+MAA4N,EAAED,EAAE,CAAC,KAAK,2HAA2H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,mHAAoH,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,0GAA0G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,cAA2B,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sCAAuC,EAAC,AAAC,EAAC,CAAC,miBAAgjB,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,+BAAgC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8QAA2R,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,+BAA4C,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAChi1I,EAAqB,CAAC,QAAU,CAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,mBAAqB,CAAC,KAAO,UAAW,CAAC,CAAC"}