{"version":3,"file":"WJBZI1Ghk-64.BSUIID0r.mjs","names":["o","n"],"sources":["https:/framerusercontent.com/modules/xkgOTPH3D819XQA1Lv94/Kcjcoin3g1OiIQQKhAhI/WJBZI1Ghk-64.js"],"sourcesContent":["import{jsx as e,jsxs as t}from\"react/jsx-runtime\";import{Link as o}from\"framer\";import{motion as n}from\"framer-motion\";import*as a from\"react\";export const richText=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What happened?\"}),/*#__PURE__*/t(\"p\",{children:[\"The FBI confirmed that on May 7th, the Colonial Pipeline networks were attacked by the \",/*#__PURE__*/e(o,{href:\"https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-compromise-of-colonial-pipeline-networks\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DarkSide ransomware\"})}),\" gang. After that, the company \",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/technology/fireeye-shares-jump-after-pipeline-cyberattack-2021-05-10/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"closed its complete network\"})}),\" for some days. In fact, until the date this post is published, \",/*#__PURE__*/e(o,{href:\"https://www.usatoday.com/story/news/nation/2021/05/12/colonial-pipeline-hack-shutdown-gas-outages-refuel/5065013001/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the main pipeline is still shut\"})}),\". However, \",/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it was known\"})}),\" that the company already paid $5 million in cryptocurrency \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/colonial-pipeline-paid-close-to-5-million-in-ransomware-blackmail-payment/?ftag=TRE-03-10aaa6b&bhid=29868913901264489308848757891800&mid=13366532&cid=2399622965\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"to decrypt locked systems\"})}),\". (Which seems insignificant compared to the \",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/business/energy/colonial-pipeline-has-cyber-insurance-policy-sources-2021-05-13/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"$15 million coverage that their cyber-security insurance can cover\"})}),\").\"]}),/*#__PURE__*/e(\"h2\",{children:\"Who is involved?\"}),/*#__PURE__*/t(\"p\",{children:[\"The Colonial Pipeline network \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/technology-57063636\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"transports almost half\"})}),\" of the East Coast’s fuel supply. This is why \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/colonial-pipeline-resumes-operations-cyberattack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"prices at the pumps increased\"})}),\" after the long-lasted cut. In total, \",/*#__PURE__*/e(o,{href:\"https://www.wsj.com/articles/why-the-colonial-pipeline-shutdown-is-causing-gasoline-shortages-11620898203\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the pipeline network is 5,500 miles long\"})}),\", which makes it the longest in the country (see image below).\"]}),/*#__PURE__*/e(\"img\",{alt:\"Colonial pipeline\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png\",srcSet:\"https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png?scale-down-to=512 512w,https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/Vb2LIkbxGlp1D6vaY6SsHppKo.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.wsj.com/articles/why-the-colonial-pipeline-shutdown-is-causing-gasoline-shortages-11620898203\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Colonial Pipeline\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"The pipeline’s primary source is in Texas, the state where, by far, stands the most significant number of refineries. While \",/*#__PURE__*/e(o,{href:\"https://www.wsj.com/articles/why-the-colonial-pipeline-shutdown-is-causing-gasoline-shortages-11620898203#:~:text=According%20to%20an%20Energy%20Department,a%20million%20barrels%20a%20day.\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Texas has more than 20 refineries with a total capacity less than a million barrels a day, the whole East Coast has only seven\"})}),\". Therefore, a disruption in the flow from that state has paralyzed operations in several sectors (\",/*#__PURE__*/e(o,{href:\"https://www.reuters.com/business/energy/us-govt-top-fuel-supplier-work-secure-pipelines-closure-enters-4th-day-2021-05-10/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"including seven of the largest airports in the country and five military bases\"})}),\"; see image below).\"]}),/*#__PURE__*/e(\"img\",{alt:\"Pipelines flow\",className:\"framer-image\",height:\"350\",src:\"https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png\",srcSet:\"https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png?scale-down-to=512 512w,https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/VfFsxkEXAOjlyxlERE2hgRUvQrI.png 1920w\",style:{aspectRatio:\"1920 / 700\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.reuters.com/business/energy/us-govt-top-fuel-supplier-work-secure-pipelines-closure-enters-4th-day-2021-05-10/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Pipelines flow\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Let’s talk about \",/*#__PURE__*/e(\"strong\",{children:\"DarkSide\"}),\". It looks like they became public \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"in August of 2020\"})}),\", and they were discovered \",/*#__PURE__*/e(o,{href:\"https://heimdalsecurity.com/blog/what-is-darkside-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"by MalwareHunterTeam\"})}),\" (see image below). DarkSide is perhaps \",/*#__PURE__*/e(o,{href:\"https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"one of the most important exponents of the rising Ransomware-as-a-Corporation\"})}),\" (RaaC) trend. They differ from other ransomware criminal groups in their victims' search method. An ordinary criminal uses spoofing, \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/smishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"smishing\"})}),\", or \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\", waiting for a victim to take the bait. Instead, DarkSide studies its potential victims carefully by determining its economic activity, income, and expenses. After that, they analyze the attack difficulty, its success probability and inquire about the company’s most vulnerable point to start their attack from there. Unlike well-known criminal groups such as DoppelPaymer, Sodinokibi, \",/*#__PURE__*/e(o,{href:\"https://statescoop.com/maze-ransomware-attackers-leak-data-stolen-from-suburban-washington-schools/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Maze\"})}),', and NetWalker, DarkSide is structured around a \"',/*#__PURE__*/e(o,{href:\"https://www.cnbc.com/2021/05/10/hacking-group-darkside-reportedly-responsible-for-colonial-pipeline-shutdown.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"business model\"})}),'.\" In addition, it is noticeable that ',/*#__PURE__*/e(o,{href:\"https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they have a code of ethics\"})}),\" that prohibits them from attacking hospitals, schools, and government agencies. \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/technology-54591761\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"It is also reported that\"})}),\" they look to obtain the most significant profit by attacking big companies. At the same time, \",/*#__PURE__*/e(o,{href:\"https://www.bbc.com/news/technology-54591761\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they make donations using some of the money received through ransomware\"})}),\". For example, they gave 10 thousand dollars to Children International and another 10 thousand dollars to the Water Project Receipt in October 2020. Both of them were rejected by the NGO’s.\"]}),/*#__PURE__*/e(\"img\",{alt:\"DarkSide leaks\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png\",srcSet:\"https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png?scale-down-to=512 512w,https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/3GDWoImYiDjNEgEVWp45dtKmIX0.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-05-12/darkside-hackers-mint-money-with-ransomware-franchise\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DarkSide leaks\"})}),\".\"]}),/*#__PURE__*/e(\"h2\",{children:\"How did it happen?\"}),/*#__PURE__*/t(\"p\",{children:[\"DarkSide infiltrated the Colonial Pipeline network by blocking data from their computers and servers. To unblock their data, the company must pay the money criminals asked for. Specifically, they \",/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"stole 100 gigabytes of data threatening to share it on the web\"})}),\". Besides, though details are not precise, \",/*#__PURE__*/e(o,{href:\"https://www.trendmicro.com/en_us/research/21/e/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"their modus operandi starts\"})}),\" with (but is not limited to) a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\" email that tricked an employee. Likewise, by using \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/importance-pentesting/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"penetration testing\"})}),\" tools, \",/*#__PURE__*/e(o,{href:\"https://www.csoonline.com/article/3618688/darkside-ransomware-explained-how-it-works-and-who-is-behind-it.html?upd=1620908660505\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they can perform lateral movements\"})}),\". In addition, \",/*#__PURE__*/e(o,{href:\"https://www.nytimes.com/2021/05/10/us/politics/pipeline-hack-darkside.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it can be assumed that\"})}),\" the attack was directed to the commercial area and not the operational one. Apparently, their goal was not to crash down the pipeline but to extort the company to make money (as has been done in \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/darkside-the-ransomware-group-responsible-for-colonial-pipeline-cyberattack-explained/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"previous cases\"})}),\"). In this sense, their main attack is not so different from the typical ransomware attack.\"]}),/*#__PURE__*/t(\"p\",{children:[\"DarkSide gets data from their victims' servers, encrypts them, uploads them to their leak-website (which can only be accessed by search engines that allow you to enter the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/dark-web/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"deep web\"})}),\" as Tor), and then asks for the money to decrypt them. The encryption is twofold; first, they use a \",/*#__PURE__*/e(o,{href:\"https://www.mcafee.com/enterprise/en-us/threat-center/threat-landscape-dashboard/ransomware-details.darkside-ransomware.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SALSA20 key\"})}),\", one of the fastest encryption on the market, and then use an RSA-1024 key. Then, \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/darkside-new-targeted-ransomware-demands-million-dollar-ransoms/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they withdraw\"})}),\" data servers and disable the \",/*#__PURE__*/e(o,{href:\"https://github.com/k-vitali/Malware-Misc-RE/blob/master/2020-08-21-crime_darkside_ransomware.vk.notes.raw\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"termination of specific processes\"})}),\". Finally, every file \",/*#__PURE__*/e(o,{href:\"https://heimdalsecurity.com/blog/what-is-darkside-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"extension changes to .DarkSide\"})}),\" and any of them open \",/*#__PURE__*/e(o,{href:\"https://www.pcrisk.com/removal-guides/18504-darkside-ransomware\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"an executable that redirects to .txt with the following text\"})}),\":\"]}),/*#__PURE__*/e(\"img\",{alt:\"Welcome to dark\",className:\"framer-image\",height:\"192\",src:\"https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png\",srcSet:\"https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png?scale-down-to=512 512w,https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/72OeBLzBWzWYe3tIaLw6oPAcDo.png 1920w\",style:{aspectRatio:\"1920 / 384\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:'\"Welcome to Dark.\"'}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://malwarewarrior.com/how-to-remove-darkside-ransomware-and-decrypt-darkside-files/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"The gang lists all types of stolen data and sends\"})}),' a \"personal website\" URL to their victim. Data is already loaded and expected to be published automatically if the company does not pay before the deadline. If that is not enough, they also threaten to delete that information from the victim’s network. In fact, in a press release posted on a Tor website in August 2020, ',/*#__PURE__*/e(o,{href:\"https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"they announce that\"})}),\".\"]}),/*#__PURE__*/e(\"img\",{alt:\"If you refuse to pay\",className:\"framer-image\",height:\"248\",src:\"https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png\",srcSet:\"https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png?scale-down-to=512 512w,https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/DQSReypJqSF46upWkap1oxwFbc.png 1918w\",style:{aspectRatio:\"1918 / 496\"},width:\"959\"}),/*#__PURE__*/e(\"h6\",{children:'\"If you refuse to pay.\"'}),/*#__PURE__*/e(\"h2\",{children:\"What have we learned?\"}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://edition.cnn.com/videos/politics/2021/05/10/colonial-pipeline-white-house-biden-sot-vpx.cnn/video/playlists/this-week-in-politics/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"President Biden himself said\"})}),\" he is now very interested in the cyberattack situation. In fact, on Wednesday, May 12th, \",/*#__PURE__*/e(o,{href:\"https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the White House released an Executive Order\"})}),' in which they declare that the Federal Government is going to: \"improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.\" The extensive document is clearly motivated by the DarkSide attack, but also by recent ones (surely the ',/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/exchange-server-hack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"hack to Microsoft Exchange Server\"})}),\", the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/solarwinds-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SolarWinds security fiasco\"})}),\", or the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/facebook-data-leak/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Facebook Data Leak\"})}),\").\"]}),/*#__PURE__*/t(\"p\",{children:[\"This means US law enforcement \",/*#__PURE__*/e(o,{href:\"https://grahamcluley.com/darkside-ransomware-gang-fear/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"are likely to be putting significant resources into uncovering\" their identity'})}),\". So, it should not be surprising that Congressman Jim Langevin (D-RI), chair of the House Armed Services Subcommittee on Cybersecurity, Innovative Technologies, and Information Systems \",/*#__PURE__*/e(o,{href:\"https://web.archive.org/web/20210514050555/https://langevin.house.gov/press-release/langevin-praises-sweeping-biden-executive-actions-cybersecurity\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"has said\"})}),': \"Cybersecurity is the most urgent national security challenge facing our nation, and I applaud President Biden for taking action early in his term to address and eliminate glaring vulnerabilities.\"']}),/*#__PURE__*/t(\"p\",{children:['For all this, it seems that DarkSide regrets the social harm caused by their criminal activity. We can assume that not only for their \"ethical code\" but also because they are now in the limelight. In this respect, what Nicole Perlroth, a New York Times cybercrime reporter, said last ',/*#__PURE__*/e(o,{href:\"https://twitter.com/nicoleperlroth/status/1391794316507418624?s=20\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Monday\"})}),\" turns very interesting:\"]}),/*#__PURE__*/e(\"img\",{alt:\"Nicole Perlroth\",className:\"framer-image\",height:\"175\",src:\"https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png\",srcSet:\"https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png?scale-down-to=512 512w,https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/OgNfZWJj8ElF1UZ6TSEeKav5uA.png 1920w\",style:{aspectRatio:\"1920 / 350\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://twitter.com/nicoleperlroth\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"@nicoleperlroth\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"We also learned that ransomware can jeopardize \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"companies and the infrastructure\"})}),\" of an entire country. This means, in turn, that companies and governments must reinforce their cybersecurity systems. Because \",/*#__PURE__*/e(o,{href:\"https://www.osti.gov/biblio/1602649\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"strong\",{children:\"they’re not paying enough attention to these risks\"})})}),': \"the ONG (Oil & Natural Gas) industry is unaware of potentially useful technologies that have been developed for ensuring cyber-security of other infrastructure systems, such as the electric grid.\"']}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.secureworldexpo.com/industry-news/colonial-pipeline-poor-cybersecurity\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Robert Smallwood was one of the consultants\"})}),' who delivered an 89-page report in January 2018 after conducting a six-month audit. He said last Wednesday that the deficiencies and vulnerabilities in the cybersecurity system were so high that \"',/*#__PURE__*/e(o,{href:\"https://apnews.com/article/va-state-wire-technology-business-1f06c091c492c1630471d29a9cf6529d\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"an eighth-grader could have hacked into that system\"})}),'.\" All of this resulted in a costly and embarrassing lesson: prevention in terms of cybersecurity risks is very important. Never take it lightly. Otherwise, there will be no guarantee that you will not be attacked by the DarkSide.']}),/*#__PURE__*/e(\"p\",{children:\"For now, we’ll just recommend you what they say throughout the Galaxy: may the force be with you.\"}),/*#__PURE__*/e(\"p\",{children:\"If you want to know more about how to protect yourself from cyberattacks, we invite you to review our page.\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we specialize in cybersecurity through \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/penetration-testing-as-a-service/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"pentesting\"})}),\" or ethical hacking. For more information, don’t hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us!\"})})]})]});export const richText1=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Las brechas de datos y los m\\xfaltiples ciberataques contra empresas de todo tipo y tama\\xf1o en el ahora predominante mundo digital siguen aumentando. (Consulta \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/cybersecurity-2020-21-i/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"aqu\\xed\"})}),\" informaci\\xf3n sobre tendencias cibercriminales del a\\xf1o pasado). Muchas de estas compa\\xf1\\xedas se han dado cuenta de la necesidad de utilizar pruebas de seguridad en sus sistemas para determinar si son vulnerables a posibles amenazas y llevar a cabo las mejoras necesarias lo antes posible. Sin embargo, es posible que algunas empresas solo se limiten a cumplir con los est\\xe1ndares de la industria y las regulaciones de protecci\\xf3n al consumidor como \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/compliance/hipaa/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"HIPAA\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/compliance/pci/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"PCI DSS\"})}),\", y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/compliance/gdpr/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GDPR\"})}),\". De una forma u otra, la soluci\\xf3n \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/pruebas-penetracion-servicio/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"pentesting\"})})}),\" ha ido ganando mayor valor y popularidad en la evaluaci\\xf3n de la seguridad a lo largo de los a\\xf1os entre organizaciones que van m\\xe1s all\\xe1 de las agencias gubernamentales y los bancos.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Por esta raz\\xf3n, el mercado de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" se ha vuelto mucho m\\xe1s amplio, con cada vez m\\xe1s proveedores de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" ofreciendo sus servicios, lo que hace cada vez m\\xe1s compleja la elecci\\xf3n para las empresas interesadas en su implementaci\\xf3n. Como manifest\\xf3 el \",/*#__PURE__*/e(\"em\",{children:\"pentester\"}),\" profesional \",/*#__PURE__*/e(o,{href:\"https://securityboulevard.com/2020/06/5-tips-for-selecting-a-penetration-testing-company-in-2020/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Elliot en Security Boulevard\"})}),\" el a\\xf1o pasado, seleccionar una empresa de pruebas de penetraci\\xf3n puede ser una tarea desalentadora; se trata de una industria plagada de t\\xe1cticas de venta enga\\xf1osas, certificaciones d\\xe9biles y, simplemente, profesionales no cualificados. Como consecuencia, diferentes empresas y personas relacionadas con la ciberseguridad han ido sugiriendo a trav\\xe9s de sus redes sociales algunos consejos para tener en cuenta a la hora de elegir proveedores de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Antes de pasar a estos consejos para entender mejor el mercado, familiaric\\xe9monos un poco m\\xe1s con el concepto. \",/*#__PURE__*/e(o,{href:\"https://resources.infosecinstitute.com/topic/the-history-of-penetration-testing/#gref\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"A finales de la d\\xe9cada de 1960\"})}),', empezaron a surgir los llamados \"equipos tigre\" para probar la capacidad de los sistemas gubernamentales y empresariales para resistir ciberataques. Entre los pioneros del desarrollo de las pruebas de penetraci\\xf3n se encuentra James P. Anderson, quien en los a\\xf1os 70 estableci\\xf3 los pasos finales de las pruebas para esos equipos tigre. Sin embargo, al parecer fue hace poco, en 2009, que se defini\\xf3 un est\\xe1ndar de ejecuci\\xf3n de penetraciones para probar los sistemas en busca de formas de vulnerarlos y obtener acceso a los datos. Este riguroso enfoque combina procedimientos manuales por parte de ',/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" y pruebas automatizadas mediante herramientas, con predominio de los primeros. En resumen, el \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" es una evaluaci\\xf3n de la seguridad con una simulaci\\xf3n de ataques aut\\xe9nticos para identificar las vulnerabilidades que los ciberdelincuentes podr\\xedan explotar en un entorno determinado.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Hace un a\\xf1o, \",/*#__PURE__*/e(o,{href:\"https://www.netspi.com/blog/executive/penetration-testing/the-penetration-testing-paradox-criteria-for-evaluating-providers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[\"Charles Horton public\\xf3 un \",/*#__PURE__*/e(\"em\",{children:\"post\"})]})}),\" para NetSPI en el que describe cuatro factores que puedes tener en cuenta a la hora de elegir un equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/gestion-vulnerabilidades/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"gesti\\xf3n de vulnerabilidades\"})}),\" adecuado para tu organizaci\\xf3n. Inicialmente, se refiere a la innegable importancia de contar con \",/*#__PURE__*/e(\"strong\",{children:\"un grupo talentoso\"}),\". Cada uno de los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" deber\\xeda tener la capacidad de ver los objetivos a trav\\xe9s de los ojos de los \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" maliciosos. Deber\\xedan ser \\xe1giles a la hora de adquirir conocimientos y mejorar las t\\xe9cnicas a emplear en funci\\xf3n de las necesidades de sus clientes y de las nuevas complejidades en su campo. Por supuesto, deber\\xedas verificar que se trate realmente de un equipo que vas a vincular a tu personal y no de un \\xfanico individuo sobre el que recaiga todo el peso y la responsabilidad.\"]}),/*#__PURE__*/t(\"p\",{children:[\"En relaci\\xf3n con el factor talento, podemos ver que otras fuentes (p. ej., \",/*#__PURE__*/e(o,{href:\"http://web.archive.org/web/20201210221420/https://resources.infosecinstitute.com/topic/top-10-things-look-avoid-choosing-pen-testing-vendor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20infosecResources%20%28InfoSec%20Resources%29\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Infosec\"})}),\" e \",/*#__PURE__*/e(o,{href:\"https://medium.com/intruder-io/how-to-choose-a-pentesting-company-5eddc82982d1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Intruder\"})}),\") tambi\\xe9n hablan de certificaciones y experiencia. Ellas recomiendan que busques equipos de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" cuyos miembros posean \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/certifications/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"certificaciones profesionales reconocidas en el sector\"})}),\", tales como CEH, CRTE, OSCE, OSCP, OSWE y OSWP. Estas credenciales pueden generar cierta confianza en relaci\\xf3n con la capacidad de los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\". Pero cuidado, \\xa1ellas no se deber\\xedan tomar como medida suficiente para elegir un equipo! Como dice Elliot, las certificaciones siguen estando muy por debajo de lo que se espera de un \",/*#__PURE__*/e(\"em\",{children:\"pentester\"}),\" experto. Y advierte que los organismos de certificaci\\xf3n inherentemente deben dirigirse a un grupo de personas lo suficientemente grande como para seguir siendo rentables. En su lugar, Elliot te invita a prestar mucha atenci\\xf3n a los repositorios Git de las compa\\xf1\\xedas, as\\xed como a sus investigaciones y publicaciones.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Como segundo factor, Horton destaca la capacidad del equipo para seguir procesos de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" estandarizados y, al mismo tiempo, personalizables. Mediante la \",/*#__PURE__*/e(\"strong\",{children:\"estandarizaci\\xf3n\"}),\" (como puede hacerse, por ejemplo, con los listados de control de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\"), una empresa especializada deber\\xeda garantizar resultados coherentes en diferentes proyectos de evaluaci\\xf3n. En cuanto a la \",/*#__PURE__*/e(\"strong\",{children:\"personalizaci\\xf3n\"}),\", deber\\xedan demostrar que puede reconocer las similitudes y diferencias entre las necesidades de sus clientes y que es capaz de ajustarse a ellas en sus pruebas de penetraci\\xf3n.\"]}),/*#__PURE__*/t(\"p\",{children:[\"La personalizaci\\xf3n est\\xe1 relacionada con la flexibilidad, una mentalidad abierta, una cualidad que debe poseer un \",/*#__PURE__*/e(\"em\",{children:\"pentester\"}),\". Los analistas que elijas para la evaluaci\\xf3n de la seguridad de tu organizaci\\xf3n deber\\xedan ser curiosos y creativos, estar siempre interesados en aprender sobre nuevas t\\xe9cnicas y ambientes en los que simular ataques. Por supuesto, para asegurarte de que los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" implicados se ajustan adecuadamente a tus necesidades, ten en cuenta las palabras de \",/*#__PURE__*/e(o,{href:\"https://medium.com/intruder-io/how-to-choose-a-pentesting-company-5eddc82982d1\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Andrew en Intruder\"})}),\": aseg\\xfarate de que tu proveedor potencial tenga experiencia relevante en los tipos de tecnolog\\xeda con los que trabajas.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Como tercer punto, Horton menciona que un excelente equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" para tu negocio deber\\xeda saber \",/*#__PURE__*/e(\"strong\",{children:\"c\\xf3mo gestionar y presentar los datos\"}),\" obtenidos del an\\xe1lisis. Todo ello de forma que facilite a tu personal la remediaci\\xf3n r\\xe1pida y eficaz de las vulnerabilidades. Con sus herramientas, el equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" deber\\xeda organizar reportes detallados y priorizar los hallazgos para ti, ahorr\\xe1ndote algunos dolores de cabeza administrativos. De acuerdo con \",/*#__PURE__*/e(o,{href:\"http://web.archive.org/web/20201210221420/https://resources.infosecinstitute.com/topic/top-10-things-look-avoid-choosing-pen-testing-vendor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20infosecResources%20%28InfoSec%20Resources%29\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Brecht de Infosec\"})}),\", los informes de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" pueden estar plagados de jerga t\\xe9cnica, lo que supondr\\xeda un problema. Es por esto que se valora mucho la capacidad de comunicar la complejidad en t\\xe9rminos comprensibles para ejecutivos no t\\xe9cnicos. As\\xed que, \\xa1solicita, revisa y compara informes de ejemplo de los proveedores!\"]}),/*#__PURE__*/t(\"p\",{children:[\"Tambi\\xe9n podemos a\\xf1adir a lo dicho que es rigurosamente necesario que la empresa proveedora del servicio permita establecer un pacto documentado de confidencialidad y seguridad de los datos. De antemano, debe existir un seguro de responsabilidad civil por parte del proveedor para proteger a tu empresa de cualquier da\\xf1o o p\\xe9rdida relacionado con tus sistemas y datos. Adem\\xe1s, debes saber qui\\xe9nes ser\\xe1n los \",/*#__PURE__*/e(\"em\",{children:\"pentesters\"}),\" encargados de realizar las pruebas y c\\xf3mo se gestionar\\xe1n los datos, solicitando informaci\\xf3n como nombres y curr\\xedculums.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Horton termina con un factor que hace \\xe9nfasis en la \",/*#__PURE__*/e(\"strong\",{children:\"calidad colaborativa\"}),\" del equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\". Desde el principio, los miembros de estos grupos de evaluaci\\xf3n deber\\xedan recibir formaci\\xf3n para tener una mentalidad colectiva. M\\xe1s all\\xe1 de compartir conocimiento internamente, la colaboraci\\xf3n consiste en ampliarlo, transmitirlo a otras personas fuera de los l\\xedmites corporativos y contribuir a una comunidad dedicada a la ciberseguridad. Podemos a\\xf1adir aqu\\xed que el equipo de \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" deber\\xeda ser capaz de mantener una comunicaci\\xf3n constante y clara con tu equipo. Siempre deber\\xedan proporcionar retroalimentaci\\xf3n sobre el progreso, las dificultades y los resultados, junto con valiosas recomendaciones para la acci\\xf3n.\"]}),/*#__PURE__*/t(\"p\",{children:[\"La selecci\\xf3n de un proveedor competente de pruebas de penetraci\\xf3n no es una tarea sencilla, pero es ideal para detectar vulnerabilidades en tus sistemas y mantener en buen estado tu organizaci\\xf3n. Si buscas un proveedor de servicios de pruebas de penetraci\\xf3n para una asociaci\\xf3n a largo plazo, podemos mostrarte c\\xf3mo en Fluid Attacks cumplimos con todos los factores enumerados aqu\\xed e incluso m\\xe1s. Somos una empresa que reconoce el valor fundamental del an\\xe1lisis manual en \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/pruebas-penetracion-servicio/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"pentesting\"})})}),\", de modo que empleamos herramientas automatizadas pero superamos sus defectos mediante la labor de \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" humanos. Estamos entre los que le ofrecen reataques para confirmar que las vulnerabilidades han sido remediadas con \\xe9xito. Adem\\xe1s, superamos el n\\xfamero t\\xedpico de dos o tres profesionales por proyecto, \\xa1alcanzando un promedio de 15 \",/*#__PURE__*/e(\"em\",{children:\"hackers\"}),\" \\xe9ticos!\"]}),/*#__PURE__*/t(\"p\",{children:[\"\\xbfQuieres saber m\\xe1s sobre nosotros? Puedes consulta \",/*#__PURE__*/e(o,{href:\"https://gitlab.com/fluidattacks/universe\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"aqu\\xed nuestro repositorio\"})}),\" y \",/*#__PURE__*/e(o,{href:\"https://clutch.co/profile/fluid-attacks\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"aqu\\xed las opiniones de nuestros clientes\"})}),\". Para m\\xe1s informaci\\xf3n, \\xa1no dudes en \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/contactanos/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contactarnos\"})}),\"!\"]})]});export const richText2=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we are very proud of the great goal we have recently achieved with our open-source tool, which we constantly develop and employ to detect some systems' vulnerabilities. This tool has reached \",/*#__PURE__*/e(\"strong\",{children:\"100% in True Positives and 0% in False Positives against the OWASP Benchmark\"}),\" version 1.2. Let's put this achievement in context.\"]})});export const richText3=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What is the OWASP?\"}),/*#__PURE__*/t(\"p\",{children:[\"Perhaps you've heard of the \",/*#__PURE__*/e(o,{href:\"https://owasp.org/www-project-top-ten/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP Top 10\"})}),\" list of vulnerabilities. The Open Web Application Security Project (\",/*#__PURE__*/e(o,{href:\"https://owasp.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP\"})}),\") is a non-profit foundation committed to helping improve software security through various means. The OWASP functions as an open, online community where anyone can contribute to the production of material in the field of web application security and benefit from the information available. Fluid Attacks is an active corporate member of The OWASP Foundation.\"]}),/*#__PURE__*/e(\"h2\",{children:\"What is the OWASP Benchmark?\"}),/*#__PURE__*/t(\"p\",{children:[\"The \",/*#__PURE__*/e(o,{href:\"https://owasp.org/www-project-benchmark/#\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP Benchmark Project\"})}),\" is a free Java test suite created in 2015 to assess the accuracy, speed, and coverage of automated software vulnerability detection tools. It helps determine the strengths and weaknesses of different application security testing (AST) machines and allows objective comparisons between them. So, we can put under evaluation static (SAST), dynamic (DAST), or interactive (IAST) tools. This benchmark is quite helpful for choosing a new tool on the market or finding out what needs to be improved in the machine you have been developing.\"]}),/*#__PURE__*/e(\"p\",{children:\"The most recent version of the OWASP Benchmark (v1.2), a fully executable open-source web app, contains 2,740 test cases (single Java servlets). Each case has either a genuine, exploitable vulnerability or a false vulnerability, all of them belonging to 11 categories and corresponding to specific CWEs. If we refer to all test cases, 51.6% have actual exposures (multiple variants of each category), and 48.4% contain false ones. In short, the best tools according to this benchmark should only report those real vulnerabilities.\"}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark test cases\",className:\"framer-image\",height:\"475\",src:\"https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png\",srcSet:\"https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png?scale-down-to=512 512w,https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/wmME22YNKnaooETba5Sq1Ij7I.png 1920w\",style:{aspectRatio:\"1920 / 950\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Figure 1. Test cases in OWASP Benchmark v1.2.\"}),/*#__PURE__*/e(\"p\",{children:\"Companies have long relied on SAST and DAST solutions to protect their applications and verify compliance requirements. However, it has been pretty usual for automated vulnerability detection processes to show errors in their reports. Thus, through this benchmark, for example, we can realize that a tool may fail to identify real vulnerabilities (it has False Negatives, which we have also referred to as omissions) and may fail to ignore false vulnerability alarms (it gives False Positives). On the other side, we can find that a tool may correctly identify real vulnerabilities (it gives True Positives) and ignore false alarms (it has True Negatives).\"}),/*#__PURE__*/e(\"p\",{children:\"Accordingly, referring to some extreme cases we don’t want to witness, there may be a tool that reports every line of code it reviews in an application as vulnerable. That would help us detect all the vulnerabilities present; however, we would also be full of false positives, and it would be worthless. The same quality would be valid for a tool with zero false positives but which cannot detect any vulnerability. Finally, it would be useless to have a tool that randomly has 50% true positives and 50% false positives. See the following chart:\"}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark interpretation guide\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png\",srcSet:\"https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png?scale-down-to=512 512w,https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/PwE2wyBT624G5roT3f0KivFJtrI.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Figure 2. \",/*#__PURE__*/e(o,{href:\"https://raw.githubusercontent.com/OWASP-Benchmark/BenchmarkJava/8df16196378048c54f68cd3a77531e9741a0c7ae/scorecard/content/benchmark_guide.png\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"OWASP Benchmark Results Interpretation Guide\"})}),\".\"]}),/*#__PURE__*/e(\"p\",{children:'True Positive Rate (TPR) is the percentage of true vulnerabilities that the tool identifies. False Positive Rate (FPR) is the percentage of false vulnerabilities that the tool reports as true ones. The ideal point is where we have a TPR of 100% and an FPR of 0%. Anyway, it will always be preferable to be above the red segmented line (\"Random Guess\"), with the first rate’s value always exceeding that of the second one; the farther away, the better. Be careful because it seems that some vendors may strive to display you 100% in TPR as if it were the sole relevant value when it comes to accuracy.'}),/*#__PURE__*/t(\"p\",{children:[\"This is where the Benchmark Accuracy Score comes in. It is essentially an individual score, a \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Youden%27s_J_statistic\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Youden’s index\"})}),\", that goes from 0 to 100 to summarize the accuracy of a set of tests. The equation is simple: we just need to subtract one (1) from the sum of the tool’s sensitivity (same as TPR) and specificity (same as 1-FPR) expressed as part of a whole number. See this example taken from the OWASP’s website:\"]}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark score example\",className:\"framer-image\",height:\"225\",src:\"https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png\",srcSet:\"https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png?scale-down-to=512 512w,https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/RwMWkCyHcFjrVD5GhF8HvybvE.png 1920w\",style:{aspectRatio:\"1920 / 450\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[\"Figure 3. Example of the Benchmark Score (\",/*#__PURE__*/e(o,{href:\"https://owasp.org/www-project-benchmark/#\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"here in 'Scoring'\"})}),\").\"]}),/*#__PURE__*/e(\"p\",{children:'Consequently, the Benchmark Score for a tool with insufficient accuracy equals 0, and for a tool with perfect accuracy equals 100 (Youden’s index equals 1). In Figure 4, the Benchmark Score, which can also be negative, corresponds to the line’s length from a given point down to the diagonal \"Random Guess\" line.'}),/*#__PURE__*/e(\"h2\",{children:\"What are Fluid Attacks' results?\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we decided to test our primary, customized tool. Only by applying the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/sast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SAST\"})}),\" technique (although it can also perform \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/product/dast/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DAST\"})}),\"), this tool can achieve the best possible outcome against the OWASP Benchmark with a TPR of 100% and an FPR of 0%. So, our Benchmark Score equals 100, the highest value! A few years ago, developers in the OWASP Benchmark project published a comparison chart for different open-source and commercial SAST tools. It is now in this chart that we include the results obtained by our tool.\"]}),/*#__PURE__*/e(\"img\",{alt:\"OWASP Benchmark results comparison\",className:\"framer-image\",height:\"540\",src:\"https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png\",srcSet:\"https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png?scale-down-to=512 512w,https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/bHLYkHdNCAAWrCl917yR6jz4B20.png 1920w\",style:{aspectRatio:\"1920 / 1080\"},width:\"960\"}),/*#__PURE__*/e(\"h6\",{children:\"Figure 4. OWASP Benchmark results comparison.\"}),/*#__PURE__*/e(\"h2\",{children:\"Issues we're aware of at Fluid Attacks\"}),/*#__PURE__*/e(\"p\",{children:\"The values obtained in this scenario are easy to determine accurately because the number of existing vulnerabilities is known from the beginning, contrary to what usually happens in real-world applications. You need to understand that this project does not include all vulnerability categories and possible cases. Nevertheless, looking ahead, OWASP hopes to have all types of vulnerabilities that belong to its Top 10 in its tests and offer code in other languages, not just Java.\"}),/*#__PURE__*/e(\"p\",{children:\"OWASP created these test cases from coding patterns observed in actual applications, but some of them may be of questionable relevance, and most are simpler than in reality. Companies that focus only on improving their machines and getting excellent scores, particularly in these types of benchmarks, could be severely limited when facing a greater variety of real-world code. So, it would help you keep in mind that a good result in this test is not enough to assume that a tool will do very well in detecting vulnerabilities in general: beware of false illusions of security!\"}),/*#__PURE__*/t(\"p\",{children:[\"At Fluid Attacks, we are proud to have achieved this goal with the OWASP Benchmark, but certainly, it is only one of the sources we use as a reference to improve our tool. We keep getting feedback from real applications and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/secure-code-review/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"their code\"})}),\". And while our customers can take advantage of our tool to look for vulnerabilities, we always recommend performing comprehensive security testing by adding our ethical hackers' invaluable manual work.\"]}),/*#__PURE__*/t(\"p\",{children:[\"To conclude, as anyone can use the OWASP Benchmark to evaluate any application security testing tool, if you are among the customers or stakeholders who want to prove for themselves that our results are authentic, \",/*#__PURE__*/e(o,{href:\"https://help.fluidattacks.com/portal/en/kb/articles/know-and-reproduce-the-scanner-s-owasp-benchmark-results\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"you can follow this guide\"})}),\". Additionally, if you want to learn more about our tool, don’t hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us\"})}),\"!\"]})]});export const richText4=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"p\",{children:\"A few days ago, someone published the phone numbers and other account information of hundreds of millions of Facebook users on a cybercrime forum. We're talking about information that is now 'free' but which had been circulating on the web months before and that even Facebook refers to as material extracted from its platform in 2019. This case comes in addition to several previous ones that have cast serious doubt on this widely used social network's security. Let's take a look!\"}),/*#__PURE__*/t(\"p\",{children:[\"If you were asked why you use Facebook, what would you answer (that is if you use it)? Perhaps your reason wouldn't be too far from the funny remark expressed by \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/new-poll-shows-facebooks-severe-trust-problem/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Gewirtz in ZDNet\"})}),\": \\\"We all use Facebook because it's the only way we can know what people we haven't talked to in years have eaten for dinner.\\\" But, whatever your reason for using it, have you been aware of its security and user data handling issues? One of the most mentioned incidents has been \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Facebook%E2%80%93Cambridge_Analytica_data_scandal\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the Cambridge Analytica scandal\"})}),\", where Facebook shared the data of millions of its users without their consent to that British company, mainly for political advertising. Apart from this, there have been cases of \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/facebook-harvested-1-5-million-user-email-contacts-without-permission/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"harvesting of user email contacts\"})}),\" without permission, \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/facebook-we-stored-hundreds-of-millions-of-passwords-in-plain-text/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"passwords stored in plain text\"})}),\", and, well, information leaks, our concern here.\"]}),/*#__PURE__*/t(\"p\",{children:[\"On this occasion, the information that has been made public corresponds to \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"533,313,128 Facebook users\"})}),\". Apparently, almost all the records include the user's ID (a long number linked to the account), name, gender and a piece of information that makes this situation more alarming: their phone number. We can also find data such as the user's email address, relationship status, date of birth, occupation, city, among others, in some records. These data are part of the user profiles, and the passwords have not been exposed. However, phone numbers, now public, are information that usually remains private within accounts.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Facebook founders data leak\",className:\"framer-image\",height:\"82\",src:\"https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png\",srcSet:\"https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/MhSdEYp98BHiObnAQttz6iJqpKQ.png 1917w\",style:{aspectRatio:\"1917 / 164\"},width:\"958\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Facebook's founders in data leak\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"In this database, the affected users are separated by country (although Africa is listed, perhaps referring to South Africa). The threat actor(s) registered 106 nations (\",/*#__PURE__*/e(o,{href:\"https://threadreaderapp.com/thread/1349671294808285184.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the list may show 107\"})}),\", but there's an error with Tunisia appearing twice) and specified the total number of users for each of them. For instance, in rounded figures, the U.S. has 32.3M records; Colombia, 18.0M; Mexico, 13.3M; Peru, 8.1M; Chile, 6.9M, and Panama, 1.5M.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Currently, those are 106 separate download packages in a public cybercrime forum. Nevertheless, \",/*#__PURE__*/e(o,{href:\"https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"as Cimpanu in The Record says\"})}),', \"While the forum is publicly accessible and anyone can register a profile, the download links for these packages are only available to users who bought forum credits.\" Specifically, ',/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it is said\"})}),\" that any person must pay eight credits to access the database, with each credit costing approximately $2.19. This is pretty cheap for the amount of information available; that's why people say it's \\\"free data\\\" in almost all the sources I checked.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Typically, these stolen data sets are initially sold privately at high prices. Later, they are sold at lower costs, and, in the end, they are given for free by their owners mostly to gain reputation within the hacker community. In this case, the stolen information corresponds, especially \",/*#__PURE__*/e(o,{href:\"https://about.fb.com/news/2021/04/facts-on-news-reports-about-facebook-data/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"according to Facebook itself\"})}),\", to the same data that malicious actors harvested from its platform in 2019. \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Abrams in BleepingComputer says\"})}),\" it was in mid-2020 when this stolen information came to light in a hacker community with one member selling it to other members. Later, in January 2021, Hudson Rock's CTO \",/*#__PURE__*/e(o,{href:\"https://twitter.com/UnderTheBreach/status/1349674272227266563\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Alon Gal tweeted that\"})}),' \"a user created a Telegram bot allowing users to query the database for a low fee, enabling people to find the phone numbers linked to a very large portion of Facebook accounts.\" Finally, at the beginning of this month, ',/*#__PURE__*/e(o,{href:\"https://twitter.com/UnderTheBreach/status/1378314424239460352\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Gal tweeted that\"})}),' those \"Facebook records were just leaked for free.\"']}),/*#__PURE__*/t(\"p\",{children:[\"But what happened to Facebook to have all that information from \",/*#__PURE__*/e(o,{href:\"https://therecord.media/phone-numbers-for-533-million-facebook-users-leaked-on-hacking-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"about a fifth\"'})}),\" of its complete user pool leaked? Several sources refer to a vulnerability in the 'Add Friend' feature on Facebook that hackers could have exploited. \",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"It is unknown if'})}),' this alleged vulnerability allowed the threat actor to retrieve all of the information in the leaked data or just the phone number, which was then combined with information scraped from public profiles,\" says Abrams. It was from there that criminals could have created the database of 533M users.']}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://about.fb.com/news/2021/04/facts-on-news-reports-about-facebook-data/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Facebook, on the other hand\"})}),\", does not mention vulnerability or hacking in its public statement. They believe that only the 'scraping' technique was used by criminals to extract user data before September 2019, employing their 'contact importer' feature. Facebook created this function for people to easily find their friends on the network (supposedly getting limited but public information from the profiles) using their contact lists (phone numbers). Apparently, after realizing how some individuals were using this characteristic, the company decided to change it and resolve the situation. \\\"We updated it to prevent malicious actors from using software to imitate our app and upload a large set of phone numbers to see which ones matched Facebook users,\\\" says Clark, Facebook's Product Management Director.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Interestingly, on September 4, 2019, \",/*#__PURE__*/e(o,{href:\"https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Whittaker in TechCrunch reported\"})}),\" many Facebook users' phone numbers (linked to IDs and other data) recently exposed online. Expressly, he referred to an exposed, unprotected server (\",/*#__PURE__*/e(o,{href:\"https://www.forbes.com/sites/daveywinder/2019/09/05/facebook-security-snafu-exposes-419-million-user-phone-numbers/?sh=2e0ad5901ab7\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"not a Facebook one\"'})}),\") with more than 419M records. On that occasion, the U.S. had 133M records, about four times more than in the 'most recent case.' At that time, Facebook said malicious actors scraped that data before they restricted access to users' phone numbers on their platform, i.e., \",/*#__PURE__*/e(\"em\",{children:\"more than a year ago\"}),\". \",/*#__PURE__*/e(o,{href:\"https://edition.cnn.com/2019/09/04/tech/facebook-phone-numbers-exposed\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"Until April 2018'})}),\", people could enter another person's phone number to find him or her on Facebook.\\\" But, wait a minute, didn't they say users could do this up until August 2019? That doesn't add up! And while there may be discussions about this inconsistency, nobody mentioned it in the posts I had the opportunity to review.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Bourgeois tweet\",className:\"framer-image\",height:\"407\",src:\"https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png\",srcSet:\"https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png?scale-down-to=512 512w,https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/5yAEvNPgcdik8ml05bNVUzUsQ.png 1920w\",style:{aspectRatio:\"1920 / 815\"},width:\"960\"}),/*#__PURE__*/t(\"h6\",{children:[/*#__PURE__*/e(o,{href:\"https://twitter.com/Liz_Shepherd/status/1378398417450377222\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Tweet by Liz Bourgeois\"})}),\", Director, Strategic Response Communications at Facebook.\"]}),/*#__PURE__*/t(\"p\",{children:['The thing now is that, for this 533M records situation, people are talking about \"old data\" from 2019, leaked from a problem that Facebook \"resolved\" in August of the same year. However, even if the data is around two years old, it can still be valuable to cybercriminals. Phone numbers and email addresses are often the same over many years. Threat actors can then engage in phishing (with email addresses), smishing (mobile text phishing), SIM swap attacks (',/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"steal multi-factor authentication'})}),' codes sent via SMS\"), and other scams or impersonation attacks. Therefore, if you use Facebook, you should beware of strange messages with requests for further information or enclosed links, possibly even associated with the pandemic.']}),/*#__PURE__*/t(\"p\",{children:[\"By the way, since Facebook seems not to have made it available, \",/*#__PURE__*/e(o,{href:\"https://haveibeenpwned.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"haveibeenpwned.com\"})}),\" allows you to check if you're part of the victims of this data leak. Initially, this page only allowed verification via email address. But this data is quite limited in quantity in this leak (\",/*#__PURE__*/e(o,{href:\"https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"only for 2.5M of the affected users\"})}),\"), so, a few days ago, \",/*#__PURE__*/e(o,{href:\"https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/#comment-5332905964\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the website enabled the search through phone numbers\"})}),\". Good luck!\"]})]});export const richText5=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Este art\\xedculo es el quinto de una serie basada en el libro \",/*#__PURE__*/e(o,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"Tribe of Hackers Red Team\"})})}),\" de Carey y Jin (2019). Como ya coment\\xe9 \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"en el primer art\\xedculo\"})}),\", en este libro encontramos las respuestas de 47 expertos en \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/ejercicio-red-teaming/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"red teaming\"})})}),\" a las mismas 21 preguntas. En las entradas anteriores, hice referencia a las opiniones de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-1/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(1.0) Carey\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-2/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(2.0) Donnelly\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-3/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(3.0) Weidman\"})}),\", y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/blog/tribu-de-hackers-4/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"(4.0) Secor\"})}),\". Para esta ocasi\\xf3n, decid\\xed centrarme en las respuestas de Carlos P\\xe9rez (\",/*#__PURE__*/e(o,{href:\"https://twitter.com/carlos_perez?lang=en\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Darkoperator\"})}),\"), el primer latinoamericano incluido en la serie, quien lleva m\\xe1s de veinte a\\xf1os en el mundo de la ciberseguridad.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Carlos trabaj\\xf3 para el gobierno de Puerto Rico, realizando \",/*#__PURE__*/e(\"em\",{children:\"pentesting\"}),\" y ayudando a proteger sus redes. M\\xe1s tarde, se uni\\xf3 a Compaq/HP como arquitecto s\\xe9nior de soluciones para las pr\\xe1cticas de consultor\\xeda de seguridad y redes para clientes en Sudam\\xe9rica, Centroam\\xe9rica y el Caribe. Tambi\\xe9n trabaj\\xf3 en Tenable como director de ingenier\\xeda inversa y, en el momento de la entrevista del libro, era el l\\xedder de pr\\xe1ctica para la investigaci\\xf3n en TrustedSec. Actualmente, Carlos es conocido por sus contribuciones a herramientas de seguridad de c\\xf3digo abierto como \",/*#__PURE__*/e(o,{href:\"https://github.com/darkoperator/dnsrecon\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DNSRecon\"})}),\" y \",/*#__PURE__*/e(o,{href:\"https://github.com/darkoperator/Metasploit-Plugins\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Metasploit\"})}),\".\"]})]});export const richText6=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"h2\",{children:[\"Para los que buscan ser diligentes en los \",/*#__PURE__*/e(\"em\",{children:\"red teams\"})]}),/*#__PURE__*/t(\"p\",{children:[\"Carlos comienza recomendando conocimientos espec\\xedficos, divididos en t\\xe9cnicos y no t\\xe9cnicos, que \\xe9l considera necesarios para quienes quieran formar parte de un \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\". \",/*#__PURE__*/e(\"strong\",{children:\"En el aspecto t\\xe9cnico\"}),\", inicia refiri\\xe9ndose a una base s\\xf3lida en l\\xf3gica de programaci\\xf3n, un conocimiento esencial para la correcta adaptaci\\xf3n a diversos lenguajes de programaci\\xf3n, as\\xed como para la producci\\xf3n y alteraci\\xf3n de herramientas. A continuaci\\xf3n, Carlos sugiere una buena comprensi\\xf3n de las redes porque, seg\\xfan dice, la mayor\\xeda de las acciones atravesar\\xe1n este tipo de ambiente. Adem\\xe1s, seg\\xfan Carlos, tendr\\xe1s que entender c\\xf3mo se configuran, se mantienen y se aseguran los sistemas. Y deber\\xedas mantener un m\\xe9todo de pr\\xe1ctica y aprendizaje constantes, siempre con el objetivo de evitar cualquier sesgo t\\xe9cnico.\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"En el aspecto no t\\xe9cnico\"}),\", Carlos comienza destacando la importancia de conocer acerca de las estructuras, la comunicaci\\xf3n y el trabajo en equipo de una organizaci\\xf3n. Precisamente, en cuanto al acto de expresar ideas, reconoce que muchos en este campo son introvertidos. Sin embargo, sin pelos en la lengua, Carlos advierte que si no eres capaz de transmitir informaci\\xf3n sobre riesgos, mitigaci\\xf3n y apoyo de una manera que los responsables de la toma de decisiones puedan utilizar y comprender, entonces habr\\xe1s fracasado. Por \\xfaltimo, \\xe9l a\\xf1ade la importancia de aprender sobre las nuevas tendencias y buenas pr\\xe1cticas en la industria de TI (que a veces son ignoradas por los profesionales), por ejemplo, Cloud y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/devsecops/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"DevOps\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"Al igual que otros expertos cuyas opiniones se han presentado en esta serie, Carlos nos recuerda que no es necesario participar en actividades ilegales para adquirir habilidades de \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\". La informaci\\xf3n, el entrenamiento y el material de referencia para aprender todos los aspectos est\\xe1n disponibles p\\xfablicamente, y todo puede simularse en un \\xe1mbito de prueba para ensayar y validar conceptos. No cometas el est\\xfapido error de jugar al chico/chica malo/a cuando probablemente puedas aprender las mismas habilidades en el proceso para convertirte en un \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/hacking-etico/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[/*#__PURE__*/e(\"em\",{children:\"hacker\"}),\" \\xe9tico\"]})}),\", siendo un \",/*#__PURE__*/e(\"em\",{children:\"hacker\"}),\" \\xe9tico.\"]}),/*#__PURE__*/t(\"h2\",{children:[\"Para los que ya sudan sangre en los \",/*#__PURE__*/e(\"em\",{children:\"red teams\"})]}),/*#__PURE__*/t(\"p\",{children:[\"Empecemos por el trabajo en equipo. De acuerdo con Carlos, cada miembro del \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" deber\\xeda tener un conocimiento claro del cliente y de los sistemas que se van a evaluar. La planificaci\\xf3n debe realizarse precisamente en grupo. Todos los miembros pueden compartir sus opiniones desde el principio, y el equipo puede discutirlas con la intenci\\xf3n de llegar a acuerdos. A medida que avance el proyecto, deben realizarse reuniones peri\\xf3dicas para revisar las acciones. Al final de un contrato, debe hacerse un intercambio de opiniones en el que los egos queden a un lado y se diga sinceramente lo que hay que mejorar.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Para Carlos, es falso decir que las nuevas t\\xe9cnicas y \",/*#__PURE__*/e(\"em\",{children:\"exploits\"}),\" deben mantenerse en secreto, incluso de los clientes, para evitar perder ventajas en otros contratos. \",/*#__PURE__*/e(\"em\",{children:\"Red teaming\"}),\" no consiste simplemente en emular, sino que tambi\\xe9n implica cultivar una relaci\\xf3n con el cliente, en la que el pensamiento cr\\xedtico puede ayudar a gestionar los riesgos potenciales y mejorar la ciberseguridad.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Cuando, por ejemplo, en un ejercicio de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/pruebas-penetracion-servicio/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:/*#__PURE__*/e(\"em\",{children:\"pentesting\"})})}),\" o de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-breach-attack-simulation/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"simulaci\\xf3n de ataque\"})}),\" los equipos de seguridad del cliente consiguen descubrirte, ten en cuenta algo que Carlos comparte desde su experiencia: No tiene por qu\\xe9 ser algo negativo con tu trabajo y tus capacidades; puede ser que en el lado del cliente ya hayan aprendido de proyectos anteriores y hayan aplicado las medidas necesarias. De acuerdo con sus palabras, puedes recordarte que tu tarea es ayudarles a poner a prueba su seguridad y hacer que sus sistemas sean m\\xe1s seguros.\"]}),/*#__PURE__*/e(\"img\",{alt:\"Frase de P\\xe9rez\",className:\"framer-image\",height:\"426\",src:\"https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png\",srcSet:\"https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png?scale-down-to=512 512w,https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png?scale-down-to=1024 1024w,https://framerusercontent.com/images/xOonFe5PPhYZpz1WEL0Er6Vac7c.png 1919w\",style:{aspectRatio:\"1919 / 853\"},width:\"959\"}),/*#__PURE__*/e(\"h6\",{children:\"La imagen original de Carlos fue tomada del libro de referencia.\"}),/*#__PURE__*/e(\"h2\",{children:\"Para empresas que aspiran estar a la vanguardia en seguridad\"}),/*#__PURE__*/t(\"p\",{children:[\"A la pregunta de cu\\xe1ndo introducir un \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" en el programa de seguridad de una organizaci\\xf3n, Carlos responde (en t\\xe9rminos de condiciones): En esa organizaci\\xf3n tiene que haber una cultura de involucrar a la seguridad desde el principio del proceso, cuando tenga sentido hacerlo, y una disposici\\xf3n a escuchar ideas cr\\xedticas alternadas de los planes cuando estos se expongan. Debe ser una empresa que reconozca la necesidad y est\\xe9 dispuesta a someter a evaluaci\\xf3n sus proyectos y sistemas para identificar debilidades y vulnerabilidades en ellos. Pero no solo eso, seg\\xfan Carlos, la organizaci\\xf3n debe estar dispuesta a asumir esfuerzos para eliminar y mitigar los riesgos se\\xf1alados por el \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"El criterio de Carlos es bastante valioso cuando sugiere que es mejor no implementar los servicios de un \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" dentro de una empresa, al menos no en ese momento, en el que su equipo de seguridad est\\xe1 algo aislado de los procesos generales de la toma de decisiones. Adem\\xe1s, para \\xe9l, no es buena idea convocar a los \",/*#__PURE__*/e(\"em\",{children:\"red teams\"}),\" cuando, m\\xe1s que una colaboraci\\xf3n, lo que hay entre los grupos de esa empresa es solo competencia y conflicto.\"]}),/*#__PURE__*/e(\"p\",{children:'Por otro lado, Carlos advierte a las compa\\xf1\\xedas interesadas en su seguridad que tengan cuidado con, desde su punto de vista, el \"control de seguridad de menor costo\" que en muchos lugares se puede ver implementado. Se refiere a herramientas sin m\\xe9tricas, objetivos y entrenamiento ajustados a las particularidades de la empresa cliente, las cuales acaban solo proporcionando un efecto placebo a los que firmaron el cheque.'}),/*#__PURE__*/t(\"p\",{children:[\"Adicionalmente, Carlos menciona un control de seguridad f\\xe1cil y sencillo que una empresa puede implementar ahora que el \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\" y el \",/*#__PURE__*/e(\"em\",{children:\"malware\"}),\" son tan empleados para comprometer redes o sistemas. Se trata de abordar primero las v\\xedas de entrada m\\xe1s comunes. Seg\\xfan Carlos, la mayor\\xeda de las compa\\xf1\\xedas no bloquean ni controlan la ejecuci\\xf3n de HTA, Windows Scripting Host o macros de Office. Despu\\xe9s de bloquear las rutas de entrada, el equipo de seguridad puede empezar a perfilar el comportamiento t\\xedpico dentro del entorno para construir un sistema de detecci\\xf3n autom\\xe1tica de comportamientos anormales.\"]}),/*#__PURE__*/e(\"h2\",{children:\"\\xa1Eso es todo, amigos!\"}),/*#__PURE__*/t(\"p\",{children:[\"No olvides que puedes acceder a la entrevista completa con Carlos P\\xe9rez en el \",/*#__PURE__*/e(o,{href:\"https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"libro de Carey y Jin\"})}),\". Por cierto, recuerda que si quieres formar parte del \",/*#__PURE__*/e(\"em\",{children:\"red team\"}),\" de Fluid Attacks, puedes consultar nuestra p\\xe1gina de \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/careers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Trabaja con nosotros\"})}),\". Y si necesitas informaci\\xf3n sobre nuestros \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/servicios/hacking-continuo/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"servicios\"})}),\" y \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/soluciones/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"soluciones\"})}),\" para tu organizaci\\xf3n, puedes hacer \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/es/contactanos/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"click aqu\\xed para contactarnos\"})}),\".\"]})]});export const richText7=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"This month, the FBI released the \",/*#__PURE__*/e(o,{href:\"https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"2020 Internet Crime Report\"})}),\", based on the activity of the Internet Crime Complaint Center (IC3). The IC3 serves worldwide citizens to obtain accurate and up-to-date information about cybercrime and as a reporting mechanism if they suspect they are victims in cyberspace. In cases where they are truly victims, they receive assistance from the FBI. This agency is also responsible for investigating, understanding and holding criminal actors accountable in order to prevent additional attacks. In this post, I want to share with you some highlights from the mentioned report.\"]})});export const richText8=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"A new record\"}),/*#__PURE__*/e(\"p\",{children:'It is now commonplace for cybersecurity reports concerning the past year to begin by referring to the opportunities the COVID-19 pandemic has brought to cybercriminals. For instance, a lot more people working remotely, many more companies turning to digital transformation, lots of overburdened healthcare workers, and, in general, almost everyone in substantial uncertainty about what the virus could represent. As mentioned by Paul Abbate, Deputy Director of the FBI, \"These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society.\"'}),/*#__PURE__*/t(\"p\",{children:[\"Last year the IC3 received \",/*#__PURE__*/e(\"strong\",{children:\"791,790\"}),\" complaints —a new record with a 69% increase over 2019— representing losses of more than \",/*#__PURE__*/e(\"strong\",{children:\"$4.2 billion\"}),\". Almost half of these losses (about $1.8 billion) were related to Business E-mail Compromise (BEC) schemes where the number of complaints was much lower (19,369) than for Phishing scams (241,342), for example. This last type of crime was the leader in the number of complaints, but even so, related losses were just close to $54 million. Additionally, according to the report, the number of ransomware incidents again showed growth, reaching a total of 2,474 with losses of over $29.1 million. (Read about \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-phishing/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"phishing\"})}),\" and \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/cybersecurity-essentials/what-is-ransomware/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ransomware\"})}),\".)\"]}),/*#__PURE__*/t(\"p\",{children:[\"It is relevant to highlight at this point a vulnerable population about which I had honestly heard little in this area and which has significantly been affected in recent times. I'm talking about people \",/*#__PURE__*/e(\"em\",{children:\"over the age of 60\"}),\". Astonishingly, 105,301 of the total complaints in 2020 were issued by people in that age group. But get the picture, that's only counting those who chose to report their age, so there could have been many more. Their losses were close to \",/*#__PURE__*/e(\"strong\",{children:\"one billion dollars\"}),\". That's why the FBI and the IC3 have invested a lot of time and effort in educating this population to protect themselves and not become victims.\"]}),/*#__PURE__*/e(\"h2\",{children:\"COVID-19 as a tool\"}),/*#__PURE__*/e(\"p\",{children:'The previous year, the IC3 received more than 28,500 complaints in direct relation to the COVID-19. \"Fraudsters targeted the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which included provisions to help small businesses during the pandemic\" and unemployment insurance benefits. Loan and grant fraud and phishing for Personally Identifiable Information (PII) made up the majority of the incidents people complained about in connection with the CARES Act. For example, in some U.S. states, there were complaints from citizens that when they wanted to claim their benefits, it turned out that criminals had already stolen their identities and demanded monetary assistance online.'}),/*#__PURE__*/e(\"p\",{children:\"According to the FBI, impersonating government personnel via emails, social media and phone calls has been one of the most frequently observed criminal strategies throughout the pandemic. Thus, when talking about COVID-19 vaccinations caught on, the malefactors knew how to exploit that situation. They started creating scams with fraudulent advertisements, asking people to pay out of pocket or provide personal information to join the waiting list or gain early access to the vaccine.\"}),/*#__PURE__*/e(\"h2\",{children:\"Business Email Compromise\"}),/*#__PURE__*/e(\"p\",{children:\"Based on the data I referenced above, Business Email Compromise (linked to the Email Account Compromise; EAC) is the costliest scheme of attack present in this FBI's report. Again, 19,369 complaints with losses above $1.8 billion. BEC/EAC corresponds to an advanced scam aimed at businesses and individuals making fund transfers. The fraudsters usually employ social engineering or any computer intrusion technique to compromise email accounts and use them to request unauthorized transfers of money to fraudulent locations. In the early days, chief executive/financial officers' email accounts were generally the hacking targets. \\\"Over the years, the scam evolved to include compromise of personal emails, compromise of vendor emails, spoofed lawyer email accounts, requests for W-2 information, the targeting of the real estate sector, and fraudulent requests for large amounts of gift cards.\\\"\"}),/*#__PURE__*/t(\"p\",{children:[\"On the positive side, the IC3's Recovery Asset Team (RAT) operations in response to the BEC/EAC schemes are noteworthy. This team was founded three years ago to facilitate communication with financial institutions and support the freezing of funds for victims of fraudulent transfers. In 2020, the RAT had an extraordinary \",/*#__PURE__*/e(\"strong\",{children:\"82%\"}),\" success rate, freezing more than $380 million of the nearly $463 million in reported losses corresponding to 1,303 incidents.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Tech Support Fraud\"}),/*#__PURE__*/t(\"p\",{children:[\"Another form of scam emphasized in the report is Tech Support Fraud, which apparently continues to grow. In this scheme, criminals pose as technical support representatives offering solutions to problems such as compromised email and bank accounts, software license renewals, and infected systems. It also seems that they impersonate representatives of financial and utility companies. All this to order the innocent victims to make transfers to fraudulent foreign accounts or acquire lots of prepaid cards. Statistics for this case reveal 15,421 complaints with losses above $146 million, of which approximately \",/*#__PURE__*/e(\"strong\",{children:\"84%\"}),\" corresponded to victims over 60 years of age.\"]}),/*#__PURE__*/e(\"p\",{children:\"Among additional data I would like to highlight from this FBI's report are the following:\"}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"In the last five years, IC3 received an average of approximately \",/*#__PURE__*/e(\"strong\",{children:\"440,000\"}),\" complaints per year.\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"The first five types of crime with the highest number of victims were: (\",/*#__PURE__*/e(\"strong\",{children:\"1\"}),\") Phishing/Vishing/Smishing/Pharming (241,342). (\",/*#__PURE__*/e(\"strong\",{children:\"2\"}),\") Non-Payment/Non-Delivery (108,869). (\",/*#__PURE__*/e(\"strong\",{children:\"3\"}),\") Extortion (76,741). (\",/*#__PURE__*/e(\"strong\",{children:\"4\"}),\") Personal Data Breach (45,330). (\",/*#__PURE__*/e(\"strong\",{children:\"5\"}),\") Identity Theft (43,330).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"California is the state with the highest number of reported victims in 2020, a total of \",/*#__PURE__*/e(\"strong\",{children:\"69,541\"}),\". The next four states on the list are Florida (53,793), Texas (38,640), New York (34,505) and Illinois (20,185).\"]})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[\"IC3 offers a top 20 countries, excluding the U.S., by the number of victims. The United Kingdom ranks first with \",/*#__PURE__*/e(\"strong\",{children:\"216,633\"}),\" victims, significantly above Canada, which ranks second with 5,399 victims. Mexico is ranked ninth (1,164), Brazil eleventh (951) and Colombia nineteenth (418).\"]})})]}),/*#__PURE__*/t(\"p\",{children:[\"For more details on the findings, examples of some incidents and even recommendations on certain types of scams, \",/*#__PURE__*/e(o,{href:\"https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"here's the link\"})}),\" to the referenced report.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Apropos of annual reports, just a week ago, Fluid Attacks released the 2021 \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.docsend.com/view/nrdygc2mik3kp5u5\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"State of Attacks\"})}),\" report. It will help you get ideas about practices you can implement within your company to prevent cyberattacks based on security vulnerabilities.\"]})]});export const richText9=/*#__PURE__*/e(a.Fragment,{children:/*#__PURE__*/t(\"p\",{children:[\"The attention of global media, U.S. federal agencies and other organizations is partly shifting from one world power to another this month. I mean, in the cybersecurity field, the Russians were in the limelight with the \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/solarwinds-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SolarWinds supply chain attack\"})}),\". Now, the Chinese have taken on the central role. \",/*#__PURE__*/e(o,{href:\"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Microsoft has attributed attacks\"})}),\" on its Exchange Server to a Chinese state-sponsored group. These cybercriminals took advantage of four zero-day vulnerabilities in that software and have exploited them to break into many organizations, primarily in the United States. In this post, we will examine several details that are known so far about this incident.\"]})});export const richText10=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"What is Microsoft Exchange Server?\"}),/*#__PURE__*/t(\"p\",{children:[\"Microsoft Exchange Server (MES) is a \",/*#__PURE__*/e(o,{href:\"https://services.dartmouth.edu/TDClient/1806/Portal/KB/ArticleDet?ID=64504\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"software that provides'})}),' the back end to an integrated system for email, calendaring, messaging, and tasks.\" (Outlook, instead, is the app installed on your desktop that, like other email clients, can be synchronized with MES and used to send and receive emails.) This program is employed worldwide within large organizations but also small and medium-sized companies.']}),/*#__PURE__*/t(\"p\",{children:[\"It turns out that in early January of this year, the cybersecurity company \",/*#__PURE__*/e(o,{href:\"https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Volexity started to note\"})}),\" abnormal activity in the MES servers of two of its clients. That activity involved large quantities of data sent to IP addresses apparently not linked to legitimate users. The Danish company \",/*#__PURE__*/e(o,{href:\"https://www.dubex.dk/aktuelt/nyheder/please-leave-an-exploit-after-the-beep\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Dubex also reported\"})}),\" part of the issue the same month. It was not until \",/*#__PURE__*/e(o,{href:\"https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"March 2\"})}),\" that the situation became public: \",/*#__PURE__*/e(o,{href:\"https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Microsoft released updates\"})}),\" to remediate \",/*#__PURE__*/e(\"strong\",{children:\"four zero-day\"}),\" (previously unknown) vulnerabilities identified in its software.\"]}),/*#__PURE__*/e(\"h2\",{children:\"What were the alerts?\"}),/*#__PURE__*/t(\"p\",{children:[\"According to Microsoft, these flaws started to be exploited by a Chinese state-sponsored APT (advanced persistent threat) group it dubbed \",/*#__PURE__*/e(\"strong\",{children:\"Hafnium\"}),\". \",/*#__PURE__*/e(o,{href:\"https://www.secureworldexpo.com/industry-news/microsoft-attacks-exchange-servers\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Based on the procedures\"})}),' and strategies observed, Microsoft said it is a modern and skilled team with a history of attacks against Office 365 users. Indeed, it is a Chinese group but \"primarily operates from leased virtual private servers (VPS) in the United States,\" ',/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"said Tung in ZDNet\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"These attackers could access users' mailboxes, extract content and install backdoors on compromised servers for persistent access and control through such security flaws in the software. Their first reported attacks impacted higher education and research institutions, law firms, policy think tanks, defense contractors and NGOs, mainly in the United States. The situation looked thornier when the investigation revealed attacks against the U.S. government agencies. Curiously, these critical vulnerabilities' exploitation could affect servers running MES 2013, 2016, and 2019 (on-premises products) \",/*#__PURE__*/e(\"em\",{children:\"but not\"}),\" Exchange Online (cloud-hosted service).\"]}),/*#__PURE__*/t(\"p\",{children:[\"Microsoft began to publicly request all companies that were making use of MES to apply the updates \",/*#__PURE__*/e(\"em\",{children:\"as soon as possible\"}),\". At the same time, \",/*#__PURE__*/e(o,{href:\"https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"it reflected concern\"})}),\" that other malicious hacker groups beyond Hafnium could also quickly target unpatched systems. (\",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"It seems\"})}),\" this has already happened.) On March 3, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued \",/*#__PURE__*/e(o,{href:\"https://cyber.dhs.gov/ed/21-02/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"an emergency directive\"})}),' regarding the matter. It asked all government agencies to comply with the installation of patches, especially if there were no indicators of compromise in their networks and systems. Otherwise, they should \"disconnect their Microsoft Exchange on-premises servers and report their findings to CISA for further investigation,\" ',/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/cisa-issues-emergency-directive-to-agencies-deal-with-microsoft-exchange-bugs-now/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"said Osborne in ZDNet\"})}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"The next day, \",/*#__PURE__*/e(o,{href:\"https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/update-alert-mitigating-microsoft-exchange-server-vulnerabilities\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CISA updated the alert\"})}),', reporting they were \"aware of threat actors using open source tools to search for vulnerable [MESs]\" and that agencies needed to look for signs of suspicious behavior from at least September 1, 2020. Then, ',/*#__PURE__*/e(o,{href:\"https://us-cert.cisa.gov/ncas/current-activity/2021/03/06/microsoft-ioc-detection-tool-exchange-server-vulnerabilities\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"on March 6, CISA recommended\"})}),\" that agencies urgently run the \",/*#__PURE__*/e(o,{href:\"https://github.com/microsoft/CSS-Exchange/tree/main/Security\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"script that Microsoft released\"})}),\" at that time to determine if their systems had been compromised. Around those days, Chris Krebs, who was director of CISA until \",/*#__PURE__*/e(o,{href:\"https://www.cnbc.com/2020/11/17/trump-says-us-cybersecurity-chief-chris-krebs-has-been-terminated.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Trump fired him\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://twitter.com/C_C_Krebs/status/1368004411545579525\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"posted on his Twitter account\"})}),' an intriguing question: \"Is this a flex in the early days of the Biden admin to test their resolve?\" In fact, if we go to CNN Politics, we can find a post titled: ',/*#__PURE__*/e(o,{href:\"https://edition.cnn.com/2021/03/06/politics/microsoft-hack-task-force/index.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"Biden administration expected'})}),' to form [a] task force to deal with Microsoft hack linked to China.\"']}),/*#__PURE__*/e(\"h2\",{children:\"What are the four flaws?\"}),/*#__PURE__*/t(\"p\",{children:[\"The four MES zero-day vulnerabilities involved in this case are officially tracked as \",/*#__PURE__*/e(o,{href:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-26855\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-26857\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-26858\"})}),\", and \",/*#__PURE__*/e(o,{href:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2021-27065\"})}),\". The discovery of the first one (also known as \",/*#__PURE__*/e(o,{href:\"https://proxylogon.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ProxyLogon\"})}),') and the last one is attributed to the researcher \"Orange Tsai\" of ',/*#__PURE__*/e(o,{href:\"https://devco.re/en/about/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Devcore\"})}),\", a team of professionals who in October 2020 started reviewing MES security.\"]}),/*#__PURE__*/t(\"ul\",{children:[/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"CVE-2021-26855\"}),\" (CVSS 9.1) is a Server-Side Request Forgery (SSRF) vulnerability that allows \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"the attacker to'})}),' send arbitrary HTTP requests and authenticate as the Exchange server.\"']})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"CVE-2021-26857\"}),' (CVSS 7.8) \"is an insecure deserialization vulnerability in the Unified Messaging service.\" It allows attackers to \"run code as SYSTEM on the Exchange server,\" only if they combine it with another flaw or use stolen credentials.']})}),/*#__PURE__*/e(\"li\",{\"data-preset-tag\":\"p\",children:/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"CVE-2021-26858\"}),\" (CVSS 7.8) and \",/*#__PURE__*/e(\"strong\",{children:\"CVE-2021-27065\"}),' (CVSS 7.8) are post-authentication arbitrary file write vulnerabilities. \"If Hafnium could authenticate with the Exchange server, then they could use [any of these vulnerabilities] to write a file to any path on the server.\"']})})]}),/*#__PURE__*/t(\"p\",{children:[\"According to several sources, attackers can carry out attacks using one or more of the above flaws. Therefore, they can write and deploy backdoor 'web shells' on the servers and have a foothold to execute further attacks. (Web shells are small, easy-to-use \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"scripts that provide'})}),' a basic interface for remote access to a compromised system.\") These can involve stealing credentials, installing malware (',/*#__PURE__*/e(o,{href:\"https://securelist.com/zero-day-vulnerabilities-in-microsoft-exchange-server/101096/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Kaspersky mentioned\"})}),\" the high risks of ransomware), stealing full email inboxes, adding rogue user accounts, among others.\"]}),/*#__PURE__*/e(\"h2\",{children:\"How worrying is the situation?\"}),/*#__PURE__*/t(\"p\",{children:[\"The incident with these vulnerabilities \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"seems to have no connection\"})}),\" with the SolarWinds supply chain attack that has affected around 18,000 organizations worldwide. In this new indiscriminate attack, it appears that the number of organizations impacted is approximately 30,000. More recently, some authors have \",/*#__PURE__*/e(o,{href:\"https://www.bloomberg.com/news/articles/2021-03-07/hackers-breach-thousands-of-microsoft-customers-around-the-world\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/t(n.a,{children:[\"even reported \",/*#__PURE__*/e(\"strong\",{children:\"60,000\"})]})}),\". In addition to the types of organizations previously mentioned as victims are \",/*#__PURE__*/e(o,{href:\"https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"banks, credit unions'})}),', non-profits, telecommunications providers, public utilities and police, fire and rescue units.\"']}),/*#__PURE__*/t(\"p\",{children:[\"It is currently quite worrying how slowly different companies and government agencies are patching their systems. Some even consider that there may be more severe results from this hack attributed to the Chinese than from the one related to SolarWinds. As the cybersecurity expert \",/*#__PURE__*/e(o,{href:\"https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Brian Krebs has said\"})}),', \"By all accounts, rooting out these intruders is going to require an unprecedented and urgent nationwide clean-up effort.\" But the longer it takes everyone to remove the backdoors and update their systems, the longer attackers will continue to prowl their networks and even expand their access, reach and damage.']}),/*#__PURE__*/t(\"p\",{children:[\"Let's keep the following in mind: \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/multiple-nation-state-groups-are-hacking-microsoft-exchange-servers/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Last year\"})}),\", Microsoft had already warned its MES customers to patch a different critical vulnerability (\",/*#__PURE__*/e(o,{href:\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CVE-2020-0688\"})}),\"). Nevertheless, months after the first attacks, \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/microsoft-exchange-zero-day-attacks-30000-servers-hit-already-says-report/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"tens of thousands\"'})}),\" of clients still had their systems not updated with the released patch. \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"Microsoft is concerned'})}),' it could see the same scenario play out again with this set of Exchange server vulnerabilities.\" We will see what happens. For now, Microsoft continues with investigations and offering guidance to its customers on risk mitigation.']})]});export const richText11=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"Almost exactly one month ago, I wrote a \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/solarwinds-attack/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"post reporting on the SolarWinds security fiasco\"})}),\" when they received a supply chain attack apparently performed by Russians. (If by any chance you don’t know about this case, I recommend you start with that post.) It was early last year when one SolarWinds Orion software update was infected with malware, and thousands of corporate customers and several U.S. federal agencies installed it on their systems. It took \",/*#__PURE__*/e(\"em\",{children:\"nine months\"}),\" or so for a cybersecurity company (\",/*#__PURE__*/e(o,{href:\"https://www.fireeye.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"FireEye\"})}),\"; among the victims) to realize that 'Russian spies' were already inside and that they were skulking around, paying attention to organizational processes and collecting private information.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Kevin Mandia, CEO of FireEye, recently explained to \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CBS News' 60 Minutes\"})}),' how everything started when a staff member noticed that something was wrong. Apparently, in the middle of their two-factor authentication process, one of the employees displayed two phones registered in his name when there usually is only one. \"Suspicious, FireEye turned its gaze inward and saw intruders impersonating its employees snooping around inside their network,\" according to CBS. They triggered the alarms from that internal investigation, especially when they discovered that the entry point could be the popular SolarWinds Orion software.']}),/*#__PURE__*/e(\"p\",{children:\"How did the attackers experience these FireEye alarms after so long? Even more curious, how much time would it have taken for U.S. federal agencies to discover this invasion if FireEye had not detected it? These are questions for which we have no answers. It is worth recalling that the affected agencies include the U.S. departments of Treasury, Commerce, State, and Justice, as well as the National Nuclear Security Administration and even the Pentagon. A tremendous amount of a nation’s critical data is what a group of 'Russian cyber soldiers' could and possibly still can access.\"}),/*#__PURE__*/t(\"p\",{children:['\"Spies,\" \"soldiers,\" these are not words I’m choosing on the spur of the moment. Media such as the one I’m using as a reference in this particular case (i.e., ',/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"CBS News\"})}),\") already make mention of a \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"cyber war between'})}),' the United States and Russia.\" Since the first reports on this event, experts have spoken of a highly sophisticated and unprecedented attack. (To me, this is one of the main clues that seem to lead many to conjecture that this is a government-sponsored assault.) Apart from expressing his astonishment at what has happened, Brad Smith, president of Microsoft (another affected firm), declared that more than ',/*#__PURE__*/e(\"strong\",{children:\"1,000\"}),\" Russian cyberattackers must be involved according to his company’s investigations. No doubt, by suggesting that number, he lends weight to the idea that this means \",/*#__PURE__*/e(\"em\",{children:\"war\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[\"A Russian intelligence agency is allegedly implicated in all of this. Perhaps it is the same agency credited with developing a similar tactic against multiple systems and networks in Ukraine in 2017, using the malware known as \",/*#__PURE__*/e(o,{href:\"https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"NotPetya\"})}),\". (Or maybe it is another one called \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/Foreign_Intelligence_Service_(Russia)\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"SVR\"})}),\".) The big difference was that on that occasion, \",/*#__PURE__*/e(o,{href:\"https://en.wikipedia.org/wiki/GRU_(G.U.)\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"GRU\"})}),\", this military agency, did not limit its activities to espionage but led lots of devices to self-destruction. As Brad Smith said, \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:'\"It literally damaged'})}),\" more than 10% of that nation’s computers in a single day.\\\" Now the questions are: will this U.S.-focused SolarWinds supply chain attack transcend to involve more than espionage? What implications may arise from the collection of mostly political and military data by the Russians? 'Nobody' knows.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Expert opinions\"}),/*#__PURE__*/t(\"p\",{children:[\"Jon Miller, Founder and CEO of \",/*#__PURE__*/e(o,{href:\"https://boldend.com/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Boldend\"})}),\", \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"referred to this case\"})}),' as a \"watershed style attack\" with which Russia has made us doubt the security of any software we use in our daily routine. For Miller, this malware deployed in a chain from SolarWinds could easily be modified by its creators to go beyond its current function and lead to the destruction of devices in networks.']}),/*#__PURE__*/t(\"p\",{children:[\"Chris Inglis is a member of the \",/*#__PURE__*/e(o,{href:\"https://www.solarium.gov/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"U.S. Cyberspace Solarium Commission\"})}),\", an intergovernmental body dedicated to devising defense strategies for the country against cyberattacks. Given the current state of affairs, he is among those who assume that in order for everyone to get rid of this infection entirely, they would have to get rid of all the hardware and software involved. (That reminds me of \",/*#__PURE__*/e(o,{href:\"https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Vaughan-Nichols’s words\"})}),\".) Inglis recognized that the U.S. has a significant problem with the absence of a common defense line for private enterprise and government. And \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/solarwinds-60-minutes-2021-02-14/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"he suggested\"})}),\" a greater collaboration between these parties for the identification and treatment of cyber threats.\"]}),/*#__PURE__*/t(\"p\",{children:[\"In the meantime, this incident is still ongoing, with new breached companies joining the victims. In line with what Miller said, this is one case where you discover the surreptitious attack, but even so, it doesn’t stop. Perhaps it is so because the U.S. is not completely sure who the attackers are. However, \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/solarwinds-60-minutes-2021-02-14/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Miller believes that\"})}),\" the government will succeed in identifying them, but still, as on other occasions, will not arrest them and will only deny them entrance to the U.S. For him, the nation needs to define limits that force it to respond with attacks if its rivals overstep them. It seems that the United States has no offensive action, does not intimidate, and therefore receives and receives attacks in cyberspace.\"]}),/*#__PURE__*/t(\"p\",{children:[\"James A. Lewis, Director at the \",/*#__PURE__*/e(o,{href:\"https://www.csis.org/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Center for Strategic and International Studies\"})}),\", expects the Biden administration to bring with it an offensive strategy in which the U.S. finally responds to countries such as Russia and China. \",/*#__PURE__*/e(o,{href:\"https://www.cbsnews.com/news/solarwinds-60-minutes-2021-02-14/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"While accepting it\"})}),' as risky with the possibility of generating a major conflict, he acknowledged it as a priority to begin experimenting with cyberattacks against the Russians. Lewis even listed trying to interfere with their media and financial activities as alternatives. \"The goal is to make them afraid,\" he said. It would be an essential step —following Lewis— to get the U.S. out of the current mess and to avoid further complications of this nature.']}),/*#__PURE__*/e(\"p\",{children:\"I’d like to know what Russians think when they read such suggestions in the media. Where might a United States counterattack lead us? How would the Russians react? Could a cyberwar consolidate as the bedrock of a new catastrophic human confrontation with destructive weapons? Am I going overboard with my inquiries?\"}),/*#__PURE__*/e(\"p\",{children:\"What do you think? Is it time for the U.S. to strike back?\"})]});export const richText12=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"A few days ago, I brought readers some highlights \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/iso-iec-29147/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"on the ISO/IEC 29147:2018 standard\"})}),\" that guides us in the vulnerability disclosure processes. (If you haven't read that post, I recommend that you do so before continuing with this one.) These processes mainly involve receiving security issues reports as a vendor and releasing repair advisories to all stakeholders. They're two points, beginning-ending, of a course of action between which it is necessary to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/what-is-vulnerability-management/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"address the vulnerabilities\"})}),\" in your systems. As a vendor, you have to verify that what the reporter informed you of is a real security issue and, if so, you need to come up with a solution asap. This is the topic covered by \",/*#__PURE__*/e(o,{href:\"https://www.iso.org/standard/69725.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the ISO/IEC 30111:2019 standard\"})}),\". And I'll talk about it in this post.\"]}),/*#__PURE__*/t(\"p\",{children:[\"'Information technology -Security techniques- Vulnerability handling processes' is the name of this standard. Like \",/*#__PURE__*/e(o,{href:\"https://www.iso.org/standard/72311.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"the ISO/IEC 29147\"})}),\", it’s in the ISO \",/*#__PURE__*/e(o,{href:\"https://www.iso.org/standards-catalogue/browse-by-ics.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"standards catalog\"})}),\" in group \",/*#__PURE__*/e(\"strong\",{children:\"35\"}),\" '\",/*#__PURE__*/e(o,{href:\"https://www.iso.org/ics/35/x/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Information technology\"})}),\",' subgroup \",/*#__PURE__*/e(\"strong\",{children:\"35.030\"}),\" '\",/*#__PURE__*/e(o,{href:\"https://www.iso.org/ics/35.030/x/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"IT Security (including encryption)\"})}),'.\\' As stated in its intro, it \"describes processes for vendors to handle reports of potential vulnerabilities in products and services.\" Thus, as may already be clear, everyone should use it in line with that one of vulnerability disclosure. Beyond the handling of reports, it also covers requirements and recommendations for the procedures of examination, triage, and repair of flaws.']})]});export const richText13=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/e(\"h2\",{children:\"Policies\"}),/*#__PURE__*/t(\"p\",{children:[\"As a prior step, vendors should create and maintain \",/*#__PURE__*/e(\"strong\",{children:\"vulnerability handling policies\"}),\" for a commitment to the security of their products or services. Of course, also for the benefit of their customers or users. ISO suggests that vendors make clear their plans to study and fix security issues to all interested parties. These policies should be continuously reviewed, updated, and improved by the managers of each organization. Part of the policies should be directed to vendors' staff. This, to give them basic guidelines, roles, and duties in handling reports and vulnerabilities. It’s of utmost importance that all concerned people also get caveats to ensure the privacy of data about flaws prior to repair.\"]}),/*#__PURE__*/e(\"h2\",{children:\"Organizational scheme\"}),/*#__PURE__*/t(\"p\",{children:[\"ISO recommends that vendors build their \",/*#__PURE__*/e(\"strong\",{children:\"vulnerability handling processes\"}),\". They should assess them very often to be always ready to deal with reports and security issues. Every firm should have a file where all these processes remain faithfully recorded for prospective replication and possible optimization. Besides, they should always ponder a proper union of these operations with their other procedures. They should ensure that the required means for the intended ends are available all the time.\"]}),/*#__PURE__*/e(\"p\",{children:\"Firms ready for handling vulnerabilities set authorities to be aware of the internal processes, goals, and frameworks and make decisions at the control level. It’s apt for these organizations to have points of contact for communications with internal departments and external parties concerned with the issues disclosure and handling processes. Not to mention being ready to get and respond to questions from customers and other interested people when info about security weaknesses has already been made public.\"}),/*#__PURE__*/e(\"p\",{children:\"At this point, those units mentioned by ISO as \\\"product security incident response teams\\\" (PSIRT) stand out. Apart from their activities as points of contact and supervisors of disclosure procedures, these teams may help with the vulnerability assessments of vendors' products and services. Their help should include tracking flaws found in third-party suppliers' software components that may impact the operations and assets of the vendors in consideration. In addition, PSIRT staff should understand the pertinence of maintaining confidentiality before flaw remediations are carried out and notifying 'product business divisions' for proper action.\"}),/*#__PURE__*/e(\"p\",{children:'Product business divisions, those that give products or services to vendors\\' clients, are also responsible parties in vulnerability handling processes. These divisions get flaw reports from PSIRT and should work with them in the development of remediations. After these are ready, the \"customer support divisions\" are in charge of sending corresponding advisories to customers and other stakeholders. A matter of vulnerability disclosure processes, which appears in ISO/IEC 29147.'}),/*#__PURE__*/e(\"h2\",{children:\"Vulnerability handling process\"}),/*#__PURE__*/e(\"p\",{children:\"Now, something that can serve as a guide for firms to establish their vulnerability handling processes. Let’s check what ISO shares for the phases of verification and repair of flaws.\"}),/*#__PURE__*/e(\"h3\",{children:\"Verification of vulnerabilities\"}),/*#__PURE__*/e(\"p\",{children:\"After receiving a report of a potential flaw, the vendor has to verify it. Here’s where the study begins to confirm the weakness. Also, to determine the affected product or service, the security issue’s severity, and the root cause. If it’s necessary, the vendor should demand further proof from the reporter. When verification shows that the flaw is a duplicate, has no security implications, or is in an obsolete or external product, the vulnerability handling process must be broken off. Of course, if other vendors are compromised, the issue should be prudently reported to them.\"}),/*#__PURE__*/e(\"p\",{children:'It’s useful ISO’s emphasis on the continuous change in the exploitability of flaws resulting from advances in attack techniques. Another vital aspect to consider in verifications, usually when various vulnerabilities have been reported, corresponds to triage. \"Vendors may consider several factors in determining the relative urgency of producing a remediation, such as potential impact, likelihood of exploitation, and the scope of affected users.\" Finally, after the flaw verification, reporters should gain data about the results.'}),/*#__PURE__*/e(\"h3\",{children:\"Repair of vulnerabilities\"}),/*#__PURE__*/e(\"p\",{children:\"Vendors need to establish either partial or total remediations to the vulnerabilities they’ve already verified. While the repair is expected to be generated fast, vendors should keep this in balance with the amount of testing required to ensure the product’s or service’s high quality. Quick and temporary remediations usually take place when the issues show critical or high-risk levels for users. (They should receive constant assistance.) In association with this, it may be necessary for vendors to disable at-risk apps for a period of time.\"}),/*#__PURE__*/e(\"p\",{children:\"As for the tests to be carried out with the repairs, vendors should ensure evaluation on the corresponding platforms. Plus, their results should be enough proof of the absence of new flaws and operational and quality obstacles in products or services. Repair that doesn’t work is one that needs to be rethought.\"}),/*#__PURE__*/e(\"p\",{children:\"After releasing the vulnerability remediations, vendors should keep updating them until it’s no longer required. On the other hand, vendors should check their software and make proper renewals based on the data gained during the study. All this is in order avoid similar security flaws in their products or services.\"}),/*#__PURE__*/t(\"p\",{children:[\"To finish, it's worth highlighting the \",/*#__PURE__*/e(\"strong\",{children:\"monitoring activity\"}),\" for the vulnerability handling processes suggested by ISO. Every firm or vendor should always keep track of (and be ready to improve) the speed at which they respond with verifications and repairs. They should also supervise that their remediations are full and that the results are as expected at the end of each case. All of this, it's hoped, should go hand in hand with a confidential treatment of vulnerability info and individuals' and organizations' sensitive data.\"]}),/*#__PURE__*/t(\"p\",{children:[\"Remember to check for security issues \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/services/continuous-hacking/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"constantly\"})}),\". Would you like to know how Fluid Attacks can help you in your \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/solutions/risk-based-vulnerability-management\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"vulnerability handling\"})}),\" processes? Don't hesitate to \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/contact-us/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"contact us!\"})})]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(\"strong\",{children:\"P.S.\"}),\" Several essential details are missing in this post. If you're really interested in vulnerability handling, we recommend that you read the entire \",/*#__PURE__*/e(o,{href:\"https://www.iso.org/standard/69725.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ISO/IEC 30111:2019\"})}),\" doc.\"]})]});export const richText14=/*#__PURE__*/t(a.Fragment,{children:[/*#__PURE__*/t(\"p\",{children:[\"If you go and look at \",/*#__PURE__*/e(o,{href:\"https://fluidattacks.com/blog/thoughtless-reporting/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!1,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"my last post\"})}),', you’ll see what happened not long ago to the Colombian Foreign Ministry and its digital visa platform. At that time, I referred to a \"thoughtless vulnerability reporting.\" This was attributed both to the user who identified the weakness in that platform and to the group of journalists who published it on social networks. However, before finding out the details of that event and reflecting on it, I was asked to review something else. I mean something I mentioned in brief in that post but judiciously posed to the reader as a possible forthcoming topic I would cover here: ',/*#__PURE__*/e(\"strong\",{children:\"ISO/IEC 29147:2018\"}),\".\"]}),/*#__PURE__*/t(\"p\",{children:[/*#__PURE__*/e(o,{href:\"https://www.iso.org/about-us.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"As shared on their site\"})}),\", \",/*#__PURE__*/e(\"strong\",{children:\"ISO\"}),' (the International Organization for Standardization) \"is an independent, non-governmental international organization.\" \"[It] brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.\" In ',/*#__PURE__*/e(o,{href:\"https://www.iso.org/standards-catalogue/browse-by-ics.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"their standards list\"})}),\", the number \",/*#__PURE__*/e(\"strong\",{children:\"35\"}),\" stands for the '\",/*#__PURE__*/e(o,{href:\"https://www.iso.org/ics/35/x/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"Information technology\"})}),\"' group. Among 15 different subgroups, \",/*#__PURE__*/e(\"strong\",{children:\"35.030\"}),\" corresponds to the '\",/*#__PURE__*/e(o,{href:\"https://www.iso.org/ics/35.030/x/\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"IT Security (including encryption)\"})}),\".' There, we find the \",/*#__PURE__*/e(o,{href:\"https://www.iso.org/standard/72311.html\",motionChild:!0,nodeId:\"WJBZI1Ghk\",openInNewTab:!0,relValues:[],scopeId:\"contentManagement\",smoothScroll:!1,children:/*#__PURE__*/e(n.a,{children:\"ISO/IEC 29147:2018\"})}),\", 'Information technology -Security techniques- Vulnerability disclosure.' In this post, I will introduce you to what the experts in this standard have to offer.\"]})]});\nexport const __FramerMetadata__ = {\"exports\":{\"richText14\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText8\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText1\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText12\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText10\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText5\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText3\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText2\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText4\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText11\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText7\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText6\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText9\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"richText13\":{\"type\":\"variable\",\"annotations\":{\"framerContractVersion\":\"1\"}},\"__FramerMetadata__\":{\"type\":\"variable\"}}}"],"mappings":"qWACa,AADb,GAAkD,IAA8B,IAAuC,IAAwB,CAAa,EAAsB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,gBAAiB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0FAAuG,EAAEA,EAAE,CAAC,KAAK,6GAA6G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,kCAA+C,EAAED,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,mEAAgF,EAAED,EAAE,CAAC,KAAK,uHAAuH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,cAA2B,EAAED,EAAE,CAAC,KAAK,+GAA+G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,+DAA4E,EAAED,EAAE,CAAC,KAAK,iMAAiM,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,gDAA6D,EAAED,EAAE,CAAC,KAAK,2GAA2G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oEAAqE,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,kBAAmB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,iDAA8D,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,4GAA4G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0CAA2C,EAAC,AAAC,EAAC,CAAC,gEAAiE,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,oBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,4GAA4G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+HAA4I,EAAED,EAAE,CAAC,KAAK,+LAA+L,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gIAAiI,EAAC,AAAC,EAAC,CAAC,sGAAmH,EAAED,EAAE,CAAC,KAAK,6HAA6H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gFAAiF,EAAC,AAAC,EAAC,CAAC,qBAAsB,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,6HAA6H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oBAAiC,EAAE,SAAS,CAAC,SAAS,UAAW,EAAC,CAAC,sCAAmD,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,8BAA2C,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,qHAAqH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+EAAgF,EAAC,AAAC,EAAC,CAAC,yIAAsJ,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,sYAAmZ,EAAED,EAAE,CAAC,KAAK,sGAAsG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,qDAAkE,EAAED,EAAE,CAAC,KAAK,oHAAoH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,oFAAiG,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,kGAA+G,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yEAA0E,EAAC,AAAC,EAAC,CAAC,+LAAgM,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,iBAAiB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,2GAA2G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uMAAoN,EAAED,EAAE,CAAC,KAAK,qHAAqH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gEAAiE,EAAC,AAAC,EAAC,CAAC,8CAA2D,EAAED,EAAE,CAAC,KAAK,uHAAuH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,uDAAoE,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,WAAwB,EAAED,EAAE,CAAC,KAAK,mIAAmI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,kBAA+B,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,uMAAoN,EAAED,EAAE,CAAC,KAAK,uHAAuH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,6FAA8F,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+KAA4L,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,uGAAoH,EAAED,EAAE,CAAC,KAAK,+HAA+H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,sFAAmG,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,4GAA4G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mCAAoC,EAAC,AAAC,EAAC,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8DAA+D,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,2FAA2F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mDAAoD,EAAC,AAAC,EAAC,CAAC,qUAAkV,EAAED,EAAE,CAAC,KAAK,qHAAqH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,uBAAuB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,yBAA0B,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uBAAwB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,4IAA4I,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,6FAA0G,EAAED,EAAE,CAAC,KAAK,6IAA6I,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6CAA8C,EAAC,AAAC,EAAC,CAAC,uRAAoS,EAAED,EAAE,CAAC,KAAK,sDAAsD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mCAAoC,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,YAAyB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iFAAkF,EAAC,AAAC,EAAC,CAAC,6LAA0M,EAAED,EAAE,CAAC,KAAK,sJAAsJ,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,yMAA0M,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+RAA4S,EAAED,EAAE,CAAC,KAAK,qEAAqE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,0BAA2B,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,sEAAsE,OAAO,oQAAoQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,qCAAqC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kDAA+D,EAAED,EAAE,CAAC,KAAK,iGAAiG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,kIAA+I,EAAED,EAAE,CAAC,KAAK,sCAAsC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,SAAS,CAAC,SAAS,oDAAqD,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,yMAA0M,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,qFAAqF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6CAA8C,EAAC,AAAC,EAAC,CAAC,wMAAqN,EAAED,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qDAAsD,EAAC,AAAC,EAAC,CAAC,wOAAyO,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mGAAoG,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6GAA8G,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4DAAyE,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,gEAA6E,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+JAAkL,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAU,EAAC,AAAC,EAAC,CAAC,8bAA6d,EAAED,EAAE,CAAC,KAAK,6CAA6C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,sCAAsD,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,uLAAoM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iCAAiD,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,mEAAsF,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,kJAA2K,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,CAAC,gBAA6B,EAAED,EAAE,CAAC,KAAK,oGAAoG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,icAAge,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iHAAoI,EAAED,EAAE,CAAC,KAAK,wFAAwF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAoC,EAAC,AAAC,EAAC,CAAC,ylBAAwnB,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,kGAA+G,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,yLAAsM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgC,EAAED,EAAE,CAAC,KAAK,+HAA+H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,6BAA6C,EAAE,KAAK,CAAC,SAAS,MAAO,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,+GAA4H,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,mEAAmE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAAiC,EAAC,AAAC,EAAC,CAAC,qGAAqH,EAAE,SAAS,CAAC,SAAS,oBAAqB,EAAC,CAAC,qBAAkC,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,gFAAmG,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,yXAA4Y,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6EAA6F,EAAED,EAAE,CAAC,KAAK,yPAAyP,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,+FAA+G,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,0BAAuC,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wDAAyD,EAAC,AAAC,EAAC,CAAC,2IAA2J,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,2LAA8M,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,CAAC,6TAA6U,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uFAAoG,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,oEAAiF,EAAE,SAAS,CAAC,SAAS,iBAAqB,EAAC,CAAC,qEAAkF,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,+HAAkJ,EAAE,SAAS,CAAC,SAAS,iBAAqB,EAAC,CAAC,iLAAwL,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oHAAuI,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,CAAC,oQAA6R,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,yFAAsG,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,wHAA+H,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iEAA8E,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,kCAAkD,EAAE,SAAS,CAAC,SAAS,sCAA0C,EAAC,CAAC,qKAA2L,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,mJAAsK,EAAED,EAAE,CAAC,KAAK,yPAAyP,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,qBAAkC,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,qRAAwS,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yZAA2b,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,0HAAuI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uDAAuE,EAAE,SAAS,CAAC,SAAS,sBAAuB,EAAC,CAAC,kBAA+B,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,4XAAoa,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,2OAA2P,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2dAAmgB,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,uGAAoH,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,0OAAsQ,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,UAAc,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sDAAyE,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA8B,EAAC,AAAC,EAAC,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yCAA6C,EAAC,AAAC,EAAC,CAAC,wCAA8D,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,oNAAiO,EAAE,SAAS,CAAC,SAAS,8EAA+E,EAAC,CAAC,sDAAuD,CAAC,EAAC,AAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+BAA4C,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,wEAAqF,EAAED,EAAE,CAAC,KAAK,qBAAqB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,OAAQ,EAAC,AAAC,EAAC,CAAC,yWAA0W,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8BAA+B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,yhBAA0hB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,ohBAAqhB,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,6BAA6B,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kpBAAmpB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,oiBAAqiB,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,uCAAuC,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,aAA0B,EAAED,EAAE,CAAC,KAAK,iJAAiJ,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8CAA+C,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0lBAA2lB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iGAA8G,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,4SAA6S,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,gCAAgC,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,6CAA0D,EAAED,EAAE,CAAC,KAAK,4CAA4C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0TAA2T,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,kCAAmC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2FAAwG,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,4CAAyD,EAAED,EAAE,CAAC,KAAK,yCAAyC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,MAAO,EAAC,AAAC,EAAC,CAAC,mYAAoY,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,qCAAqC,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,aAAc,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,+CAAgD,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,wCAAyC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,keAAme,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,mkBAAokB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mOAAgP,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,4MAA6M,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yNAAsO,EAAED,EAAE,CAAC,KAAK,+GAA+G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,CAAC,+EAA4F,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,qeAAse,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qKAAkL,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,0RAAyS,EAAED,EAAE,CAAC,KAAK,kFAAkF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,wLAAqM,EAAED,EAAE,CAAC,KAAK,uGAAuG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mCAAoC,EAAC,AAAC,EAAC,CAAC,wBAAqC,EAAED,EAAE,CAAC,KAAK,oGAAoG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,mDAAoD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8EAA2F,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,0gBAA2gB,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,8BAA8B,UAAU,eAAe,OAAO,KAAK,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6KAA0L,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,yPAA0P,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mGAAgH,EAAED,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,2LAAwM,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,yPAA4P,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oSAAiT,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,iFAA8F,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,+KAA4L,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,gOAA6O,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,sDAAuD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgF,EAAED,EAAE,CAAC,KAAK,gGAAgG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,0JAAuK,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,2SAA4S,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,+EAA+E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,ixBAAoxB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqD,EAAED,EAAE,CAAC,KAAK,oEAAoE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,yJAAsK,EAAED,EAAE,CAAC,KAAK,sIAAsI,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,mRAAgS,EAAE,KAAK,CAAC,SAAS,sBAAuB,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,uTAAyT,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,kBAAkB,UAAU,eAAe,OAAO,MAAM,IAAI,qEAAqE,OAAO,iQAAiQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,8DAA8D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,4DAA6D,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+cAA4d,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,6OAA8O,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mEAAgF,EAAED,EAAE,CAAC,KAAK,8BAA8B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,oMAAiN,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAC,0BAAuC,EAAED,EAAE,CAAC,KAAK,kHAAkH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sDAAuD,EAAC,AAAC,EAAC,CAAC,cAAe,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8DAA8E,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,2CAA2D,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAA2B,EAAC,AAAC,EAAC,CAAC,gEAA6E,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,8FAA2G,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,OAAoB,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,CAAC,4EAAkG,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,qHAA4H,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8DAA8E,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,CAAC,4eAAmiB,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,qDAAqD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,6CAA0D,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oKAA6L,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,KAAkB,EAAE,SAAS,CAAC,SAAS,uBAA2B,EAAC,CAAC,olBAAupB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,0BAA8B,EAAC,CAAC,irBAAytB,EAAED,EAAE,CAAC,KAAK,oDAAoD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,QAAS,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wLAAqM,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,gXAA4Y,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,QAAS,EAAC,CAAC,QAAY,CAAC,EAAC,AAAC,EAAC,CAAC,eAA4B,EAAE,KAAK,CAAC,SAAS,QAAS,EAAC,CAAC,SAAa,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAC,uCAAoD,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+EAA4F,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,ohBAAiiB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yDAAyE,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,0GAAuH,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAC,mNAA6N,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAA0B,EAAC,AAAC,EAAC,CAAC,2cAAkd,CAAC,EAAC,CAAc,EAAE,MAAM,CAAC,IAAI,iBAAoB,UAAU,eAAe,OAAO,MAAM,IAAI,uEAAuE,OAAO,uQAAuQ,MAAM,CAAC,YAAY,YAAa,EAAC,MAAM,KAAM,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,kEAAmE,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,8DAA+D,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yCAAyD,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,qoBAAgrB,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4GAAyH,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,+MAAqO,EAAE,KAAK,CAAC,SAAS,WAAY,EAAC,CAAC,gHAAuH,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uaAAib,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2HAA2I,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,6cAA+e,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uBAA2B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iFAAiG,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,0DAAuE,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAC,yDAAyE,EAAED,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,+CAA+D,EAAED,EAAE,CAAC,KAAK,0DAA0D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,MAAmB,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,uCAAuD,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAAkC,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,oCAAiD,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,qiBAAsiB,CAAC,EAAC,AAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,cAAe,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,umBAAwmB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8BAA2C,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,6FAA0G,EAAE,SAAS,CAAC,SAAS,cAAe,EAAC,CAAC,8fAA2gB,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,QAAqB,EAAED,EAAE,CAAC,KAAK,wEAAwE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,IAAK,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8MAA2N,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAC,mPAAgQ,EAAE,SAAS,CAAC,SAAS,qBAAsB,EAAC,CAAC,oJAAqJ,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0rBAA2rB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,weAAye,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,i4BAAo4B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sUAAmV,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,gIAAiI,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,oBAAqB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wmBAAqnB,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,gDAAiD,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,2FAA4F,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,oEAAiF,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,uBAAwB,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,2EAAwF,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAC,oDAAiE,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAC,0CAAuD,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAC,0BAAuC,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAC,qCAAkD,EAAE,SAAS,CAAC,SAAS,GAAI,EAAC,CAAC,4BAA6B,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,2FAAwG,EAAE,SAAS,CAAC,SAAS,QAAS,EAAC,CAAC,mHAAoH,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,oHAAiI,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,mKAAoK,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oHAAiI,EAAED,EAAE,CAAC,KAAK,gEAAgE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,4BAA6B,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,+EAA4F,EAAED,EAAE,CAAC,KAAK,yDAAyD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,sJAAuJ,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAuB,EAAA,EAAa,CAAC,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAC,+NAA4O,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,sDAAmE,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kCAAmC,EAAC,AAAC,EAAC,CAAC,sUAAuU,CAAC,EAAC,AAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,oCAAqC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,wCAAqD,EAAED,EAAE,CAAC,KAAK,6EAA6E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,0VAA2V,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,8EAA2F,EAAED,EAAE,CAAC,KAAK,+GAA+G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,0BAA2B,EAAC,AAAC,EAAC,CAAC,mMAAgN,EAAED,EAAE,CAAC,KAAK,8EAA8E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,uDAAoE,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,sCAAmD,EAAED,EAAE,CAAC,KAAK,8HAA8H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,4BAA6B,EAAC,AAAC,EAAC,CAAC,iBAA8B,EAAE,SAAS,CAAC,SAAS,eAAgB,EAAC,CAAC,mEAAoE,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uBAAwB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,6IAA0J,EAAE,SAAS,CAAC,SAAS,SAAU,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,uPAAoQ,EAAED,EAAE,CAAC,KAAK,sHAAsH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2lBAAwmB,EAAE,KAAK,CAAC,SAAS,SAAU,EAAC,CAAC,0CAA2C,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sGAAmH,EAAE,KAAK,CAAC,SAAS,qBAAsB,EAAC,CAAC,uBAAoC,EAAED,EAAE,CAAC,KAAK,sFAAsF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,oGAAiH,EAAED,EAAE,CAAC,KAAK,kGAAkG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,kHAA+H,EAAED,EAAE,CAAC,KAAK,kCAAkC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,yUAAsV,EAAED,EAAE,CAAC,KAAK,mHAAmH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,iBAA8B,EAAED,EAAE,CAAC,KAAK,8HAA8H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,mNAAgO,EAAED,EAAE,CAAC,KAAK,yHAAyH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,8BAA+B,EAAC,AAAC,EAAC,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,+DAA+D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,oIAAiJ,EAAED,EAAE,CAAC,KAAK,yGAAyG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iBAAkB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,2DAA2D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,+BAAgC,EAAC,AAAC,EAAC,CAAC,uKAAoL,EAAED,EAAE,CAAC,KAAK,mFAAmF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gCAAiC,EAAC,AAAC,EAAC,CAAC,uEAAwE,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,0BAA2B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yFAAsG,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,SAAsB,EAAED,EAAE,CAAC,KAAK,uEAAuE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gBAAiB,EAAC,AAAC,EAAC,CAAC,mDAAgE,EAAED,EAAE,CAAC,KAAK,0BAA0B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,uEAAoF,EAAED,EAAE,CAAC,KAAK,6BAA6B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,+EAAgF,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,iFAA8F,EAAED,EAAE,CAAC,KAAK,sHAAsH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kBAAmB,EAAC,AAAC,EAAC,CAAC,yEAA0E,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,uOAAwO,CAAC,EAAC,AAAC,EAAC,CAAc,EAAE,KAAK,CAAC,kBAAkB,IAAI,SAAsB,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,mBAAgC,EAAE,SAAS,CAAC,SAAS,gBAAiB,EAAC,CAAC,mOAAoO,CAAC,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,oQAAiR,EAAED,EAAE,CAAC,KAAK,sHAAsH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,+HAA4I,EAAED,EAAE,CAAC,KAAK,uFAAuF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,wGAAyG,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,gCAAiC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,kGAAkG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,uPAAoQ,EAAED,EAAE,CAAC,KAAK,sHAAsH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,CAAC,iBAA8B,EAAE,SAAS,CAAC,SAAS,QAAS,EAAC,AAAC,CAAC,EAAC,AAAC,EAAC,CAAC,mFAAgG,EAAED,EAAE,CAAC,KAAK,4HAA4H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,mGAAoG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,4RAAyS,EAAED,EAAE,CAAC,KAAK,4HAA4H,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,4TAA6T,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qCAAkD,EAAED,EAAE,CAAC,KAAK,qGAAqG,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,WAAY,EAAC,AAAC,EAAC,CAAC,iGAA8G,EAAED,EAAE,CAAC,KAAK,4EAA4E,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,eAAgB,EAAC,AAAC,EAAC,CAAC,oDAAiE,EAAED,EAAE,CAAC,KAAK,2GAA2G,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qBAAsB,EAAC,AAAC,EAAC,CAAC,4EAAyF,EAAED,EAAE,CAAC,KAAK,sHAAsH,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,yOAA0O,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwD,EAAED,EAAE,CAAC,KAAK,mDAAmD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,kDAAmD,EAAC,AAAC,EAAC,CAAC,kXAA+X,EAAE,KAAK,CAAC,SAAS,aAAc,EAAC,CAAC,uCAAoD,EAAED,EAAE,CAAC,KAAK,2BAA2B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,+LAAgM,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uDAAoE,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,0iBAA2iB,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,0kBAA2kB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kKAA+K,EAAED,EAAE,CAAC,KAAK,2BAA2B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,+BAA4C,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,4ZAAya,EAAE,SAAS,CAAC,SAAS,OAAQ,EAAC,CAAC,wKAAqL,EAAE,KAAK,CAAC,SAAS,KAAM,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sOAAmP,EAAED,EAAE,CAAC,KAAK,0FAA0F,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,UAAW,EAAC,AAAC,EAAC,CAAC,wCAAqD,EAAED,EAAE,CAAC,KAAK,sEAAsE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,oDAAiE,EAAED,EAAE,CAAC,KAAK,2CAA2C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,KAAM,EAAC,AAAC,EAAC,CAAC,sIAAmJ,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,2SAA6S,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,iBAAkB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,kCAA+C,EAAED,EAAE,CAAC,KAAK,uBAAuB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,SAAU,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,yFAAyF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,uBAAwB,EAAC,AAAC,EAAC,CAAC,0TAA2T,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,4BAA4B,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,qCAAsC,EAAC,AAAC,EAAC,CAAC,2UAAwV,EAAED,EAAE,CAAC,KAAK,iFAAiF,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,qJAAkK,EAAED,EAAE,CAAC,KAAK,iEAAiE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,uGAAwG,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yTAAsU,EAAED,EAAE,CAAC,KAAK,iEAAiE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,8YAA+Y,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,mCAAgD,EAAED,EAAE,CAAC,KAAK,wBAAwB,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,gDAAiD,EAAC,AAAC,EAAC,CAAC,uJAAoK,EAAED,EAAE,CAAC,KAAK,iEAAiE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,wbAAyb,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,6TAA8T,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4DAA6D,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,qDAAkE,EAAED,EAAE,CAAC,KAAK,+CAA+C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,0XAAuY,EAAED,EAAE,CAAC,KAAK,kEAAkE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,6BAA8B,EAAC,AAAC,EAAC,CAAC,wMAAqN,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,iCAAkC,EAAC,AAAC,EAAC,CAAC,wCAAyC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,sHAAmI,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,qBAAkC,EAAED,EAAE,CAAC,KAAK,6DAA6D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,mBAAoB,EAAC,AAAC,EAAC,CAAC,aAA0B,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,gCAAgC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,eAA4B,EAAE,SAAS,CAAC,SAAS,QAAS,EAAC,CAAC,KAAkB,EAAED,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,mYAAqY,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,KAAK,CAAC,SAAS,UAAW,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,uDAAoE,EAAE,SAAS,CAAC,SAAS,iCAAkC,EAAC,CAAC,mnBAAonB,CAAC,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,uBAAwB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,2CAAwD,EAAE,SAAS,CAAC,SAAS,kCAAmC,EAAC,CAAC,6aAA8a,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,kgBAAmgB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,4oBAA+oB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,keAAoe,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,gCAAiC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,yLAA0L,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,iCAAkC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,ykBAA0kB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,uhBAAwhB,EAAC,CAAc,EAAE,KAAK,CAAC,SAAS,2BAA4B,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,miBAAoiB,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,yTAA0T,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,8TAA+T,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,0CAAuD,EAAE,SAAS,CAAC,SAAS,qBAAsB,EAAC,CAAC,0dAA2d,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yCAAsD,EAAED,EAAE,CAAC,KAAK,wDAAwD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,YAAa,EAAC,AAAC,EAAC,CAAC,mEAAgF,EAAED,EAAE,CAAC,KAAK,yEAAyE,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,iCAA8C,EAAED,EAAE,CAAC,KAAK,uCAAuC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,aAAc,EAAC,AAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAE,SAAS,CAAC,SAAS,MAAO,EAAC,CAAC,qJAAkK,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,OAAQ,CAAC,EAAC,AAAC,CAAC,EAAC,CAAc,EAAwB,EAAA,EAAa,CAAC,SAAS,CAAc,EAAE,IAAI,CAAC,SAAS,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,uDAAuD,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,cAAe,EAAC,AAAC,EAAC,CAAC,qkBAAklB,EAAE,SAAS,CAAC,SAAS,oBAAqB,EAAC,CAAC,GAAI,CAAC,EAAC,CAAc,EAAE,IAAI,CAAC,SAAS,CAAc,EAAED,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,yBAA0B,EAAC,AAAC,EAAC,CAAC,KAAkB,EAAE,SAAS,CAAC,SAAS,KAAM,EAAC,CAAC,oUAAiV,EAAED,EAAE,CAAC,KAAK,6DAA6D,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,sBAAuB,EAAC,AAAC,EAAC,CAAC,gBAA6B,EAAE,SAAS,CAAC,SAAS,IAAK,EAAC,CAAC,oBAAiC,EAAED,EAAE,CAAC,KAAK,gCAAgC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,wBAAyB,EAAC,AAAC,EAAC,CAAC,0CAAuD,EAAE,SAAS,CAAC,SAAS,QAAS,EAAC,CAAC,wBAAqC,EAAED,EAAE,CAAC,KAAK,oCAAoC,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oCAAqC,EAAC,AAAC,EAAC,CAAC,yBAAsC,EAAED,EAAE,CAAC,KAAK,0CAA0C,aAAa,EAAE,OAAO,YAAY,cAAc,EAAE,UAAU,CAAE,EAAC,QAAQ,oBAAoB,cAAc,EAAE,SAAsB,EAAEC,EAAE,EAAE,CAAC,SAAS,oBAAqB,EAAC,AAAC,EAAC,CAAC,mKAAoK,CAAC,EAAC,AAAC,CAAC,EAAC,CACzosI,EAAqB,CAAC,QAAU,CAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,SAAW,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,UAAY,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,WAAa,CAAC,KAAO,WAAW,YAAc,CAAC,sBAAwB,GAAI,CAAC,EAAC,mBAAqB,CAAC,KAAO,UAAW,CAAC,CAAC"}